Problems With Other Browsers?

Thanks to Eric TF Bat who dropped me a comment:

There’s an issue with this blog on standards-compliant browsers; the right-hand navbar seems to be making the central text area go haywire. Check it out in Firefox to see the effect. It’s probably a side-effect of only testing the site in a non-standard browser, tho that’s just a wild guess. Drop me a line at [removed] if you’d like some help figuring it out; it’s what I do, and I don’t want you thinking all IE-haters are useless…

Looks like it’s just Firefox/Moz; IE works fine, and Opera renders it correctly. I didn’t actually test the layout in anything other than IE (Maxthon to be precise, but it’s all the same…).

Ta for the note, I’ll play with it later (time permitting).

Thanksgiving Tech Support: Thanks, HP.

HP claimed the first victim of the holidays – a teary mother.

I’d given her an HP PSC 1315 as an early Christmas present, and it’s really, really good so far.

With one fairly significant blow: it doesn’t like printing Avery labels properly.

Mum likes to print off about 250 christmas card labels each year. Each year we have a new printer, there’s some type of drama. And this year, we had another new printer.

As soon as the Avery sheet is inserted, the text is bumped up the page by about 1.5cm, which is too high for the labels we’re trying to print.

What’s so utterly annoying is that every time you put a normal sheet of paper into the printer on a test run, it works fine. It’s only when the avery labels are inserted that there’s a problem – only when you really need it to work!

After hitting the problem, a quick Google tells me we’re not alone.

Not being a word processing sort of person, I’d have instinctively blamed Word, but as it turns out, it affects good old Notepad too, so Word’s in the clear on this one.

Print with Notepad on plain paper – starts 1.5cm down. Print on labels, prints from the very top of the sheet.

Interestingly, printing on photo paper (which is about the same amount shorter than an A4 label sheet as where the printing starts) also leaves a margin. So for some reason, the printer is deciding that a margin wouldn’t be appropriate at the top of the page, thank you very much. I haven’t been able to find a collection of printer settings that actually get it working in software ( I’ve tried everything that looks relevant ).

So far, one solution has been to cut the top part off the label sheet (artificially moving it up by about half an inch), but that’s not why I buy “named” labels. I expect them to work.

I’m slightly annoyed*. Hours have been wasted on something that shouldn’t be an issue in the first place, and that turns out to be what looks like a “smart” device doing something dumb, despite all attempts to get it not to!

If anyone can suggest a fix that doesn’t involve fiddling with stuff within the document or carving up “standard” Avery A4 sheets to fix the printer’s flaws, I’d appreciate it. In the meantime, I’m going to have to call HP on Monday and try to find out why it happens, and how to make it not happen…

Half Life 2: Done.

Somewhat controversially, I don’t think it’s the best game ever. It’s good, but it’s not all that, girlfriend. I was playing through it wondering if there was something I was missing that all the other reviewers knew.

It’s a good first person shooter with some interesting things, and if I were to go back and replay it (which I’m not itching to do, but probably will sometime), I’d probably enjoy it more the second time, now that the plot is a bit clearer.

And the ending… don’t get me started on the ending.

It was nice when the actual main plotline eventually showed up, about 9 chapters in. Maybe I’m too used to being spoon fed plot in carefully marked cutscenes, rather than being forced to “do things” in the game for no apparent reason.

Highlights: Dog. Robert Culp’s excellent offhand voice acting of Breen (I only wanted to scream “I lost the instruction manual!” at him once or twice). The Gravity Gun (capitals used, wink wink) (not during most of the game). The bit while waiting for the cart from Father Grigoriy. The stink grenade. Most of the bits towards the end.

Lowlights: Tunnel, do something, tunnel, loading. AI wasn’t all it was cracked up to be (“Hey! You shot me! In the head! Hey! You shot me again! Hey!”). Lack of actual coherent plot until late in the game (and then the ending is just a cop-out). Total linearity. Obvious physics puzzle setups with only one right answer.

Would I recommend it? Sure. Despite its flaws, there’s enough fun to be had to justify the purchase price. If this had come out 18 months ago, I’d have been floored. As it is, I’m fairly impressed, but it’s not getting my Game of the Year award at this stage: Far Cry is prettier, and has better AI. Doom 3 was prettier, and had a more satisfying ending (more frustrating gameplay though). Max Payne 2 had a better story, similar physics engine, but less interaction with the environment (who cares!? Bullet Time 2.0!). Prince of Persia had better puzzles. Star Wars KOTOR had better sound. GTA: Vice City had more to do. Halo 2 has a more compelling story.

Maybe I’ll change my mind by Dec 31, for the inaugural EBTDF Game of the Year Award*, but maybe not.

Routed Networks in ISA 2004

I was having an argument with a friend from elsewhere in the Aussie support organization about ISA’s (new in 2004) network templates and their default routing layouts. I like arguments – I learn a good 57.3% of what I know from (friendly) arguments with people.

The short version is this: The Front Firewall template assumes you’re using routable IPs for the perimeter network (eg, that ISA will be used essentially as a router to get to the actual internet IPs of the servers in the perimeter network) – so it’s configured with a Route relationship by default. Generally, you pair this with the Back Firewall template to provide NAT for the actual internal network.

Likewise, the three-leg perimeter network is roughly analogous to ISA 2000’s three-network layout, in which the perimeter needed to be routable (with ISA 2000, you publish from the internal network, and packet filter the perimeter and local host).

You can always adjust the relationships later – and if your perimeter network (aka screened subnet or DMZ) uses private IPs and is connected to the Internet, you don’t have any real options other than switching to a NAT relationship for that network.

That leads to another discussion about Server Publishing vs Access Rules for routed networks that I’ll expand on another time – for now:

The technique I’m using at the moment (because I have no time to test the alternative) is to always assume you don’t use a Server Publishing rule on a Routed network, only an Access Rule. In a Route relationship, the clients don’t connect to a published port in the classical sense (eg, no listener will necessarily be created), they connect directly to the IP of the target.

This doesn’t apply for Web Publishing rules because they’re special, but it applies to basically everything else. ISA 2004, unlike 2000, does its content inspection magic regardless (even with a Route relationship).

And if you’re NATting, you need to publish – the client can’t see the IPs behind the NAT relationship, so there’s no way it can connect directly.

Mental notes: cover NAT (or link to a good quick overview), more on Server Publishing on a routed network.

Wow. Busy. Work. And Half Life 2. And comment spam.

First, my sincerest thanks to the jerk currently at for comment spamming me; moderation’s enabled for the time being. Hope we can get a nice CAPTCHA thingy implemented here soon.

While it might *look* to the casual observer like Halo 2 came out and I stopped blogging, it’s more like Halo 2 came out, and then Half Life 2 came out, and I wasn’t blogging because between my extended work hours (busy at work), and my extended home hours (avec loud sound effects), there’s no time for anything, really. I refuse to apologize, cos blogging apologies are possibly the least useful of the wide range of useless blog posts.

Back to something I care about: I really wanted to say that HL2 rocks, but something’s stopping me from saying that. I can’t yet articulate what my problem with HL2 is, but there’s something not quite right about it. As a technical accomplishment, it’s pretty darn amazing – graphics on a par with Doom 3 in some ways (I think Far Cry still looks most appealing of that set). As a game that you play, I don’t know… it just feels like work for a lot of the time.

Aha – I think I’ve got it – what am I fighting for? Where’s the story!? I’m at least halfway through and haven’t a clue why I’m here, where I am, what’s going on, or who I’m fighting against from the game itself. I feel like I’m going through the motions because it’s asked of me, and the game is basically on rails. Shoot this, Gordon. Do that, Gordon. Travel sixty eight miles for no obvious reason, Gordon. Solve this puzzle using the ridiculously conveniently placed items we put here just to slow you down, Gordon.

My desire to see what happens next is overriding my lack of interest in the story so far… hope it gets clearer from here.

Halo 2 Multiplayer on Live: First Impressions

Ah haaaaaa haaaaaaaa ha hahahaha haaaaa hahahahaha haaaa hahahahahahahahahahahahahahahahahahahahaha!

(every single one of those was typed. Individually. In time with me cackling insanely after coming down from a slaughter high).

Bedtime. But seriously, haaaaa hahahahaha! Haaa!

I quickly hunted through the options for the one I thought would interest me most, and am happy to report that the option is there for you to play Co-op on Live! W00t! (now I need to try it). Well, as it turns out, Co-Op is still splitscreen only. Bummer.

As it turns out, regular garden-variety Rumble Pit was plenty fun. Melee attacks. Humiliation. Mmm. Chortle.

Being able to hear people nearby yelling at you was a lot of fun. Mmm. Sweet trash talk.

Tristank’s Top Tip: If you see someone running at you with an energy sword… Run.

It’s Halo 2 Night!

No self-respecting Xbox gamer would have missed that tonight’s the night!

Aussies – by virtue of our timezone being 17 hours ahead of Redmond – and Kiwis (2 more hours ahead of us) get their first crack at Halo 2 tonight.

Expectations aren’t so much high as stratospheric nay, lunar! Can it live up to the hype?

So far:

So, in just under one short hour, the folk queueing outside EB will be walking away with a little piece of gaming history in their hands.

I’ll be firing up the Xbox for a game of Live sometime after midnight, to see how it plays. It had better be good!

Back On The PC – In The Land Of The High Res Monitor, there are also some treats just arrived or coming:

  • Half-Life 2 is almost here (with a metacritic score only slightly lower than Halo 2 at the moment), Steam subscribers get it the instant the clock ticks over* (don’t know how the time zone stuff shakes out though…)
  • the Joint Operations expansion pack Escalation is due at about the same time (plus going to the store to buy it)
  • Tribes:Vengeance is already out there (and I’m really tempted to go get it)…

It looks like it’s shaking out to be a really good year’s end for games!

Happy sigh.

Getting Help With ISA Server – Helping Us Help You!

Usability strides in ISA 2004 aside, ISA Server is a powerful product that’s still  quite easy to misconfigure. With great flexibility comes great potential complexity…

Most of the time, there’s a straightforward explanation for unintended results, it’s just a matter of working out what that reason is.

When Asking For Help, It Helps To Include This Information

A few tips when asking for help with ISA Server – fairly generic, this is how we (PSS) break down problems when trying to solve them – that make it a lot easier to suggest how to fix them:

  • What are you trying to do? (What’s the goal?)
  • What’s the problem you’re experiencing?

    • Is there an associated error message? (if so, what?)
    • What do the logs say about the attempt? (check the logs!)

  • What have you tried?

    • What was the outcome of each thing you tried, if it made a difference?

  • What’s the current setup like? (this is where ISAInfo comes in, if it’s needed).


I’ll take a moment to describe ISAInfo – where possible, try to have ISAINFO output ready to send to the person working with you. ISAInfo is a script that exports your ISA configuration to a text file (TXT for ISA2000, XML for ISA2004) and nine times out of ten, something somewhere in there will be enough for someone to explain why you’re getting something unexpected. It’s like support gold!

For more complex issues (more often, possible issues with the underlying platform), we also have the MPSReports reporting suite, which does funky things like dump the event logs and collect other useful information (depending on the edition), output in a CAB file.

I wouldn’t suggest posting ISAInfo output to a newsgroup or other public forum with every question:

  • Most importantly, it contains potentially sensitive information that could be used by someone to attack your network
  • Some people dislike posting of attachments to non-binaries groups

For these reasons, it’s normally preferred to email ISAInfo output directly to the person you’re working with, or arrange a secure private transfer.

How To Find Help

As for how to get help:

  • Quickest, widest and easiest, Google for it. Don’t forget to hit the Groups tab if a Web search comes up without anything useful matching your question – this searches Newsgroup posts that Google have archived.
  • Next, hit – try searching the Microsoft Knowledge Base directly if a wider Web/Newsgroup search comes up blank.
  • If you don’t find an answer and you don’t need a response in a particular hurry, try the ISA Server newsgroups (link is at the top of the ISA Server Community page). Don’t forget to check back for a response; posts are typically made back to the group so that everyone can benefit from them, not emailed directly.
  • I’d imagine the same applies for the forums at
  • Finally, the fastest way to fix a problem is probably to call your local Product Support Services number, and speak to a Support Professional. This is a paid service (except for hotfix requests and problems that turn out to be product bugs – see current terms and conditions, etc, etc), but you’ll be able to work with someone interactively until the issue is resolved.

Good hunting!

I Hate Glass

Forget circles. Forget copper. I mean, sure, I get that I’m not supposed to use or pick up copper, but glass just completely freaks me out.

I’m more scared of glass than I am of spiders. And I’m really scared of spiders, so scared I couldn’t even use this “World Wide Web” until I’d sprayed the monitor with insect repellent.

Why do I harbour an obviously irrational fear of something so common in everyday life?

Let’s break down the reasons I live in morbid fear of glass:

  • It’s not a solid, it just pretends to be one. Someone in the depths of my memory claimed that glass is actually a super-cooled liquid, and I believe them. You can see old windows thicker at their base than at the top, as the glass slowly melts downwards, slowly plotting our demise over aeons.
  • Glass is everywhere. Glasses. Windows.
  • It breaks into millions of billions of tiny little shards. Sure, shards might be triangles, but I think the glass really wants to be round. Like mercury.
  • If any one of the aforementioned tiny shards ends up in your bloodstream, it can kill you.
  • A big shard can damage you as well. There is no upside to a glass shard.
  • The little tiny shards are so hard to see.
  • The little tiny shards are currently coating my bedroom floor.

Okay, so there’s a fairly immediate reason to fear glass in my case – my girlfriend broke a large mirror on the bedroom floor, next to the walk-in closet that my clothes sometimes end up in.

I spent from 1:00am to about 1:45am last night trying to vaccuum up all the glinting bits on the carpet, but I know I’ve missed some. I know it’s going to show up by piercing my foot at some point in the future maybe not today, maybe not tomorrow, maybe not for the next three or four years.

Glass has time. As H.G. Wells once said about another alien menace: “Slowly, and surely, they drew their plans against us”.

So what to do about the glass threat?

The answer may already be among us. We know from Star Trek IV that Scotty gave the formula for transparent aluminium to a scientist somewhere in America during the late 80’s, while we were busy hunting the whales to extinction. We also know that the dynamics alone for such a thing might take years to work out, but that when they are finally worked out, that bloke will be a rich man.

Well, soon-to-be-rich man that invents transparent aluminium, it’s been years. You’ve had the time, and I am queuing up to give you my money for a new, unshatterable mirror. If you can’t deliver, please give the formula to someone that can.

What’s a Private IP Address?

Private IP addresses are defined in RFC 1918 (a very readable RFC, for my money, and quite short to boot).

The RFC defines three ranges: ->  ( – an A class network in oldspeak) -> ( ->  ( – a B class network)

There’s another common group of IP addresses that could be considered private, and they’re used by IP autoconfiguration – the 169.254 series of “Link Local” addresses (RFC 3330 mentions them – essentially, what you end up with when a DHCP client cannot find a DHCP server, on Windows OSs since Win98).

So what makes an IP address private? Most importantly, that the Internet won’t route those IP addresses.

That doesn’t mean that you can’t route them within your own environment; you’re quite welcome to configure routers to do whatever you’d like them to do internally.

But by RFC-driven convention, if an IP packet with a source or destination address from one of the above ranges actually ends up on the Internet trying to traverse Internet routers, odds are good that the packet will either get discarded or lost:

  • discarded – because that’s what Internet routers are meant to do
  • lost – because the router might have its own personal idea of where those ranges live – and chances are, it’s not your network!

On the Internet, every routable IP address needs to be unique, and it also needs to belong somewhere.

Private IP address ranges belong to nobody (or if you’re a crazy liberal type, perhaps “everybody”), so the routing tables on the backbone and ISP routers that work to push all the other real IP addresses around the Net don’t know where to push private addresses. It’s possible that every single network on the Internet also uses private addresses internally! So, they get upset and ignore them.

This is where NAT comes in to the equation for most people, but that’s another topic for another day. The real short version: NAT hacks all the packets from internal clients so that they appear to originate on the “public” network, using a “real” IP address that is routable, and maintains the mapping between internal and external clients.