Steam-limiter 0.7.0.0 released

[Nigel Bree]

Available from the Google Code download page, with all the improvements to support for iiNet/Internode and friends from the 0.6.1.x test builds.

This should be every bit as leakproof as the 0.6 versions but more flexible, including better support for the new custom-named CDN servers used by iiNet (i.e. steam.cdn.on.net) and Vodafone NZ (the replacement for the TelstraClear server, steam.cdn.vodafone.co.nz which opened for HTTP downloading just in the last few days) via a new expanded piece of rule syntax which lets HTTP hosts be filtered as well as the existing filtering by URL.

The expanded filtering system used in 0.6 (which allowed steam-limiter to substitute HTTP responses to certain requests to the Valve servers) is still present, but it's no longer being used actively as it required Steam to be restarted whenever the filter changed. With the new filter design in 0.7, filters can be changed and filtering enabled or disabled at any time.

Thanks very much to all the people who helped to diagnose the situation with the iiNet/Internode servers since I am blocked by their configuration from accessing it myself, and all who kindly tested and submitted feedback on the various test builds leading up to this one.

- Nigel

[Thermal Ions]

Thanks Nigel. The updated GUI definitely does make it easier to see what's what with the filters.

Have rolled it out onto all the machines here. I'll blame Jig if anything leaks through given he said he's tested it, thoroughly if he's true to form ;)

That actually got me thinking, the group postings here can't be an indication of the approximate user base surely. Do you (can you) track the count of times the installer is downloaded, and are you inclined to share? Versions 6 and 7 are probably too new to be a good indication but I'd presume 4 / 5 are probably somewhat indicative.

Cheers.

[Bob Watson]

7.0.0 seems to have a pretty serious installer bug - running it and pointing it to C:\Program Files (x86)\LimitSteam seems to just delete everything in that folder and not install anything (gives me a js error): 

Also - installing to a user's local folders by default is kinda dodgy, it's the way Chrome / Dropbox / etc set themselves up to sneak onto corporate networks and avoid dealing with UAC.

--
You received this message because you are subscribed to the Google Groups "steam-limiter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to steam-limite...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Nigel Bree]

On Tue, Aug 6, 2013 at 7:32 PM, Thermal Ions <therma...@gmail.com> wrote:

That actually got me thinking, the group postings here can't be an indication of the approximate user base surely.

That depends on your point of view. The percentage of people who actually engage in something and make an effort to reach out at all is truly microscopic for just about any piece of software - there are all kinds of theories you can posit as to the why, but that's the way it is. Hence why the importance for most paid-for software these days for detailed in-app analytics (which is not even optional for most "free" software on mobile platforms) because no opt-in anything gets a significant response rate.

[ Note that the "Feedback" form linked off steam-limiter's About box logs to a database but also actually IMs me directly, with no indication as to the sender's identity, so it's anonymous and low-effort and immediate; I've gotten perhaps 4 items in the entire time steam-limiter has existed. ]

When I was the lead developer on Symantec Ghost and made my home e-mail available on the forums there, I was typically perhaps 2-3 e-mails a day - from a userbase of hundreds of millions of individual installs on perhaps ~50,000 customer sites, from people who were paying for the software and thus had reason to feel entitled to support.

And oddly, of those I got more e-mails from people who actually were pirating the software than legitimate customers, and the people who were violating the license agreement were more demanding and ... well, difficult, whereas the real paying customers who came direct to me for help were unfailingly polite and appreciative (part of that being that they perhaps understood how unusual it was for a lead dev on a corporate product to be easily accessible).

 

Do you (can you) track the count of times the installer is downloaded, and are you inclined to share?

In terms of raw download numbers all I know is what Google Code itself tracks, which anyone can see in the right-hand column.

Beyond that I know only a small amount from the App Engine service that supplies the ISP configuration to steam-limiter; just like any other webserver there's a request log, and App Engine retains those for 90 days (and I don't download or retain those logs longer than that).

That webservice gets hit but the "Autodetect" button, when people install or upgrade, or approximately every 30 days to check for updates (although I could make the code auto-update, I leave that manual - honestly the upgrade indication should be more obvious, but it's one of those things where you're damned if you do and damned if you don't).

However, I chose to make the request URLs all indistinguishable; the only thing my webservice sees (and that gets logged) about the origin of a config request is the source WAN IP and the version of steam-limiter making it. I've deliberately made it so I can't tell whether people have hit a button, done a reinstall, or it's a 30-day checkin. I couldn't tell if there were multiple installs behind a single WAN or any details like that, so at best any estimate of actual running copies I could derive from the webserver logs would at best be a wild-assed guess.

Basically, that's because I don't want to know these things (and I've never tried to perform any detailed log analysis to even get a rough estimate of the number of running copies). Once every couple months I look at the webservice error logs to get a sense of people using it from countries I know nothing about (which there are a few of; for whatever reason there are a handful of installs in the US, UK, Canada, and some other really odd places, even though no user from any of those places has got in touch with me) but that's the extent of it.

[ If anything I'm perhaps a little oversensitive about the possibility of even accidentally violating people's privacy, but that's because I used to work at Symantec where we worked really, really hard to the highest ethical standards - and despite that people who weren't customers thought nothing of making up the most outrageous, complete and total lies about anything we did. When you have a horde of people looking for ways to pull you down and turn even an obviously customer-positive move into some ginned-up fake scandal, it can make one excessively cautious. ]

- Nigel

[Nigel Bree]

On Tue, Aug 6, 2013 at 8:29 PM, Bob Watson <b...@nearimpossible.com> wrote:

7.0.0 seems to have a pretty serious installer bug - running it and pointing it to C:\Program Files (x86)\LimitSteam seems to just delete everything in that folder and not install anything (gives me a js error): 

Ah, bugger. That's my mistake, one of the consequences of moving the install location is that the installer script needs a step to removing an old machine-wide version. Unforunately I had a brain fade and it ended up after the steps that copy the new one. I shall whip up a hotfix once the missus goes to bed.

Also - installing to a user's local folders by default is kinda dodgy

I do think there's a legitimate reason for me long-term to be able to remove the need for any UAC elevation at install, and moving the install was also something I wanted to do to make the code more consistent and easier to maintain.

It actually takes a lot of extra work to make it not need elevation at any point; in particular, I'd like to be able to make it so that it's completely safe to have the update-check script be able to fetch and run a silent upgrade, because it's running without elevation and thus can't possibly harm the hosting system. If I don't plan to allow for auto-updating, I'm making it too hard for a lot of people to run the latest.

- Nigel

[Bob Watson]

I'm sure I'm not the only person uncomfortable with software just downloading and silently replacing itself. And hearing "because it's running without elevation and thus can't possibly harm the hosting system" bothers me - sure, all it has access to is hosing all of my stuff.

I would be very happy if it didn't *need* escalation, but that if it was installed someplace like Program Files if it would behave properly there (requesting elevation for install/upgrade) - that's where dropbox / chrome / etc. eventually went.

[Nigel Bree]

On Tue, Aug 6, 2013 at 8:58 PM, Bob Watson <b...@nearimpossible.com> wrote:

I'm sure I'm not the only person uncomfortable with software just downloading and silently replacing itself.

Sure. Look, I don't even have it auto-update the rules without an explicit opt in (which isn't very discoverable, which is another UX mistake I should really fix at some point). I wouldn't make any updater any other way than opt-in precisely because I'm so very familiar with all the false accusations I'd have to put up with. Given I'm just a guy who only made this because I wanted to download some games to play, the last thing I want is to create even the smallest excuse for people to give me grief.

But, part of the balance here is to be able to give the most people - the kind of people who benefit from the pre-built binaries and the fact it's just a couple clicks to install and Just Works - the best defaults that gives them the most actual benefit. Having the ability to manually opt in to an updater is an actual benefit, and although maybe not a huge one, having less things to check or remember to update really is something that would be of benefit for non-technical folks.

Anyway, I've uploaded 0.7.0.1 to Google Code (both the source here and a pre-built download) which should hopefully fix the minor install oops, and I appreciate the heads-up on that. I've tested the scenario of installing it over itself in %ProgramFiles% and it seems to work right, although if I've done anything else stupid or somehow got the fix wrong, by all means let the floggings commence.

- Nigel

[Bob Watson]

Sorry, I didn't mean to come off quite so surly - I just have a particular pet hate of apps that mess around to get past stuff like UAC, etc.; especially when the goal is to make stuff like auto-downloading work: didn't mean to suggest that the app was trying to be sneaky or subversive.

--

[Nigel Bree]

On Tue, Aug 6, 2013 at 7:32 PM, Thermal Ions <therma...@gmail.com> wrote:

That actually got me thinking, the group postings here can't be an indication of the approximate user base surely

By the way, just to speak some more to this, since I saw Whirlpool have a Steam ID page and various Steam groups, I have toyed with the idea of tossing up a Steam group for steam-limiter, just because well, why the hell not? And maybe it would be nice to actually, y'know, try and have some fun with it for a change.

In the end I decided not to put a Steam group into the About box for 0.7 (or linked off the download description) and given the reaction from the people at the gaming forums hosted by Vodafone maybe that's for the best. I mean seriously - the admins of a gaming forum that is actually paid for by my ISP, which just put up the only unmetered Steam server in NZ, collectively think that letting people get unmetered Steam downloads is an uninteresting yawn. Makes you wonder, that does.

- Nigel

[Stephen Foster]

Did you end up putting the shortcut under Steam for Steam-Limiter? Not a big deal, but I cannot find it on my Win7 64bit system.

[Nigel Bree]

On Wed, Aug 7, 2013 at 12:14 AM, Stephen Foster <stfoster.int...@gmail.com> wrote:

Did you end up putting the shortcut under Steam for Steam-Limiter? Not a big deal, but I cannot find it on my Win7 64bit system.

I did; it's there and nicely visible for me on both my Win7 x64 machine and my old WinXP box, and the NSIS installer script element to make it is here at line 230. In the NSIS script language, $SMPROGRAMS is a script-language build-in that expands to "%AppData%\Roaming\Microsoft\Windows\Start Menu\Programs" which is a regular folder in the filesystem that contains all the per-user Start Menu items.

Maybe there's something else some systems need.

- Nigel

[Thermal Ions]

On Tuesday, August 6, 2013 10:14:48 PM UTC+10, Stephen Foster wrote:

Did you end up putting the shortcut under Steam for Steam-Limiter? Not a big deal, but I cannot find it on my Win7 64bit system.

Showed up under Start --> All Programs --> Steam --> Start steam-limiter for me. Also on Win7 64 bit. (Beaten by Nigel)

On Tuesday, August 6, 2013 9:28:12 PM UTC+10, Nigel Bree wrote:

By the way, just to speak some more to this, since I saw Whirlpool have a Steam ID page and various Steam groups, I have toyed with the idea of tossing up a Steam group for steam-limiter, just because well, why the hell not? And maybe it would be nice to actually, y'know, try and have some fun with it for a change.

In the end I decided not to put a Steam group into the About box for 0.7 (or linked off the download description) and given the reaction from the people at the gaming forums hosted by Vodafone maybe that's for the best. I mean seriously - the admins of a gaming forum that is actually paid for by my ISP, which just put up the only unmetered Steam server in NZ, collectively think that letting people get unmetered Steam downloads is an uninteresting yawn. Makes you wonder, that does.

 

Maybe he gets a discount or bonus bandwidth. Sounds like his viewpoint isn't unanimous there though.

If you do ever change your mind and go "what the heck" one day, let us know here. I imagine there's a few that would join.

Cheers.

[Stephen Foster]

Turned off hidden/system files and went direct to directory for a look.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

 

Not showing up for some reason for me, only have two icons:

Steam Support Center and Steam

[Nigel Bree]

On Wed, Aug 7, 2013 at 12:57 AM, Stephen Foster <stfoster.int...@gmail.com> wrote:

Turned off hidden/system files and went direct to directory for a look.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

That's the system-wide Start menu; that's used for programs that are installed machine-wide, but there are two sets of physical folders. One is there, the other is in %AppData%\Microsoft\Windows\Start Menu\Programs and that second one should resolve to a user profile, like for me if I paste that into the Run dialog it opens up "C:\Users\nbree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs"

[ Note that I had an extra "Roaming" in the earlier message, I forgot that %AppData% includes the "Roaming" part where %LocalAppData% is the non-roaming version. ]

Now, in the system-wide Start menu I have the normal Steam stuff, but in the per-user one I have the "Start steam-limiter" shortcut.

The Windows start menu works by enumerating the content of both of these two sets of paths; one per-machine, and one per user. The content of the Start Menu is a blend of the two with the contents of them both merged, so the system-wide folder will contain just "Steam", but the per-user folder should contain the link to steam-limiter.

- Nigel

[Nigel Bree]

On Tue, Aug 6, 2013 at 11:27 PM, Bob Watson <b...@nearimpossible.com> wrote:

Sorry, I didn't mean to come off quite so surly - I just have a particular pet hate of apps that mess around to get past stuff like UAC, etc.; especially when the goal is to make stuff like auto-downloading work: didn't mean to suggest that the app was trying to be sneaky or subversive.

That's fine, and I don't mind having the conversation.

One of the reasons I posted the explanation upthread about what I can and can't see in the App Engine logs (which is easily to verify for the skeptical) is that I happen to think that the best approach is transparency, and I don't mind taking the time to explain my thinking.

Your preferences are what they are, and they are legitimate. The thing is that my part is to find solutions that really are best for everyone, and that includes you - but also includes feedback from people with very different preferences. I figure that if I at least explain what I'm thinking you'll at least get a sense that I'm genuinely trying to act in good faith, and maybe that'll be the catalyst for someone (I'm hoping you, 'cause my creativity levels are a bit low at the moment) coming up with a way we can satisfy both sets of preferences.

- Nigel

[Nigel Bree]

On Wed, Aug 7, 2013 at 12:35 AM, Thermal Ions <therma...@gmail.com> wrote:

If you do ever change your mind and go "what the heck" one day, let us know here. I imagine there's a few that would join.

http://steamcommunity.com/groups/unmetered

The honking great question mark for the group picture being the first order of business, since dearie me the steam-limiter icon irritates me no end. But god dammit Spock, I'm a programmer not an artist!

Also for the amusement of the peanut gallery, you can observe I've been 6 years on Steam and have a whole one steam friend! One! Given that my Steam ID is just my real name and my real name is search-engine-unique, and I use my real name as my email, on Whirlpool, basically everywhere, one of the lessons I think we can draw from this is that you can indeed be quite effectively anonymous by hiding in plain sight....

- Nigel

[Stephen Foster]

I pasted %AppData%\Microsoft\Windows\Start Menu\Programs and the roaming directory came up, but it did not have the Steam directory or Steam-Limiter shortcut.

 

C:\Users\ExampleName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ (no Steam)

 

I decided to manually create the Steam directory in the roaming version and test it out. I then re-installed Steam-Limiter again  and this time the Start steam-limiter icon was created and shows up fine now.

[Nigel Bree]

On Wed, Aug 7, 2013 at 2:04 AM, Stephen Foster <stfoster.int...@gmail.com> wrote:

I decided to manually create the Steam directory in the roaming version and test it out. I then re-installed Steam-Limiter again  and this time the Start steam-limiter icon was created and shows up fine now.

Huh. Well, there you go, I shall toss in an extra step to force the directory to be created as well.

- Nigel

[Stephen Foster]

Thanks mate, you do good work :) 

 

[jigok...@gmail.com]

I also did not have a Steam folder in Appdata\Roaming so no shortcut was originally installed with 0.7.0.0.  I thought you must have left it out of the release.  0.7.0.2 rectified that for me.  It's interesting that Steam is creating this directory for some users but not others.  It probably also explains why you were seeing Steam use this entry in the Start Menu for game shortcuts, while I was not.

[Nigel Bree]

On Thu, Aug 8, 2013 at 10:46 AM, <jigok...@gmail.com> wrote:

It probably also explains why you were seeing Steam use this entry in the Start Menu for game shortcuts, while I was not.

True dat.

It's probably also of those bits of cruft that the longer a particular machine has been sitting around running Steam - which itself is changing slowly over the time - the more likely it's ended up with such a folder. Always one of the traps with testing software is that there's one class of things that happen in brand-new environments and another class of things that tend to happy in crusty old ones (which tend to be your upgrade cases). Which of course tends to multiply out once you have N platforms, and then M different user options (like what path you install to), and hence why testing rapidly becomes a nightmare as the combinations grow exponentially.

Little mistakes like this are just inevitable in software. The professional stuff I work on we have vast sets of unit tests and regression tests and stuff just always slips through (usually pretty "Oh duh!" minor stuff like this, not major, but it's still a mistake) just because once you multiply out all the variations there are millions of combinations. Even if you do all the right stuff, exponential growth in combinations will beat you down every time.

So to err is human, and in professional development we build lots of process to catch them, but for small side non-work projects like steam-limiter - even though I shouldn't have made these stupid little mistakes - it's just hard to devote enough time to covering all the little side details.

Hence, yay for testers! I do appreciate all the heads-up on these things :-).

- Nigel

[Thermal Ions]

On Tuesday, August 6, 2013 11:58:58 PM UTC+10, Nigel Bree wrote:

The honking great question mark for the group picture being the first order of business, since dearie me the steam-limiter icon irritates me no end. But god dammit Spock, I'm a programmer not an artist!

Also for the amusement of the peanut gallery, you can observe I've been 6 years on Steam and have a whole one steam friend! One! Given that my Steam ID is just my real name and my real name is search-engine-unique, and I use my real name as my email, on Whirlpool, basically everywhere, one of the lessons I think we can draw from this is that you can indeed be quite effectively anonymous by hiding in plain sight....

- Nigel

No use looking this direction for artistic talent either.

Actually I did look you up on Steam just recently to check out your wishlist vs my inventory (given I couldn't find any paypal donate button around here), but as you don't have any blatant "friend me on facebook/follow me on twitter" figured you may not want random Steam Limiter users sending friend requests on Steam.

[Nigel Bree]

On Thu, Aug 8, 2013 at 12:09 PM, Thermal Ions <therma...@gmail.com> wrote:

No use looking this direction for artistic talent either.

No worries. But hey, doesn't hurt to run it up the flagpole.

Actually I did look you up on Steam just recently to check out your wishlist vs my inventory (given I couldn't find any paypal donate button around here)

Interesting. Well, the lack of a donate button is deliberate, for a lot of reasons. I've had a thing since my Symantec days of making a point of refusing donations - and I got a reasonable number of offers - during that time there for my efforts on behalf of folks doing things like data recovery or what have you. There it was right to refuse for a lot of reasons, some of which were as the saying goes "optical" but mostly about ... I guess the easiest way to describe it is the nature of giving. And so I kinda decided to keep that policy even now that I'm very much not financially comfortable.

Lots of people view the world, and just about every human interaction, in very transactional - often zero-sum - ways. Now, there's nothing at all wrong in my book with commerce, and I have lots of lengthy stories from my years in the software business about how the monetary exchange part of those things can sometimes be a great catalyst for actually helping to more deeply connect people and help give meaning to what we do. In fact, mostly I view paying for service or product as a great thing.

It's just that it's not the only thing, and it's nice sometimes to do things that are pure gifts, given with absolutely no expectation of any kind behind them. I probably don't do that enough, but then most people don't, just as we're not mindful of a whole lot of things we probably should be. Anyway, I decided that this would be one of those things.

Of course there are other things wrong with donations; a small part of the utility of steam-limiter in these days of the GFC where we're a little more financially embarrassed is to help everyone get a little more gaming fun for their dollar. When times are grim as they are for a lot of people, we actually need a few little luxuries now and then to stay sane. I wrote it for myself because I couldn't afford to pay for the bandwidth costs for games (especially given the tragic pricing of data here in NZ), and I give it away for people who are in the same boat. Asking for donations from precisely the people who are using it because they need to stretch their dollars further doesn't make a lot of sense.

But mostly, it's the giving thing. Just a reminder to not always fall into the trap of zero-sum, transactional thinking, and to be I guess a little more mindful of people, and alert to the opportunities we have to help them just because they can use our help, and we happen to be in a position to offer it. Not to say that also don't also sometimes need to stand up for ourselves and demand to get paid, it's just that it's a Question of Balance (why yes, I was a kid in the 1970s and my father was a hippie! how could you tell?).

but as you don't have any blatant "friend me on facebook/follow me on twitter" figured you may not want random Steam Limiter users sending friend requests on Steam.

Good instincts :-). Which is not that I don't want to get to know people, quite the opposite, I just don't like to force it, is all. I'm happy to get to know people, happy to hear what they got goin' on, etc. I actually really like the "getting to know you" part of meeting people, but for various reasons the FB/Twitter thing honestly just doesn't do it for me that way which is why I don't use those services at all.

I've been writing code since I was 12, and like a lot of software developers one of the attractions of it was that it tends to induce a deep state of Flow. One of the things with getting addicted to that state as a child is that you end up doing whatever it is you're doing intensely. So when I'm gaming, I'm in the game. Coding, doing that, with my mind totally shut off to the rest of the world. And when I'm in my social time, I'm completely there and giving my full attention. Sort of the opposite of ADD, it's hyper-focused hence why FB/Twitter and IM - and Steam friends with the game presence thing, alas - mess with my head because they interrupt that focus.

Oooo, book recommendation if you have any enjoying of science fiction at all: A Deepness in the Sky. It's awesome and chock full of great ideas, but also lots and lots of in-jokes about programming (the author is a CS professor in his day job, being a kickass writer is a side gig). One of the plot points is a thing called Focus, and it's totally a riff on software developers and their addiction to Flow. But don't read it for that, it's great on its own merits.

- Nigel

[jigok...@gmail.com]

Using the default Internode rules, 103.2.117.6 (steam01.qld.ix.asn.au) and 103.2.117.70 (steam01.vic.ix.asn.au) are being allowed through.  Neither of these addresses are actually unmetered at this time.

[Nigel Bree]

On Sun, Aug 18, 2013 at 9:26 AM, <jigok...@gmail.com> wrote:

Using the default Internode rules, 103.2.117.6 (steam01.qld.ix.asn.au) and 103.2.117.70 (steam01.vic.ix.asn.au) are being allowed through.  Neither of these addresses are actually unmetered at this time.

The default Internode rules don't list either of those two, quoted here from the web service source code:

    11: { 'name': 'Internode Australia', 'server': '0.0.0.0',
          'filter': '*:27030=49.143.234.14,files-oc-syd.games.on.net;' +
                    'content*.steampowered.com=49.143.234.14,files-oc-syd.games.on.net',
          'allow': '//steam.cdn.on.net=*' },

So, since neither of those servers is listed there, therefore the thing to do is debug whether you don't have the current rules, or whether steam-limiter is not working at all for you.

The thing to do is use SysInternals DebugView and capture the output trace from Steam-limiter running, which shows every outbound request that Steam makes to download anything over HTTP, and using that we'll figure out what's going on. If you quit Steam and load it again, there will be some debug trace which shows Steam itself loading and steam-limiter loading in with it, and then you can capture some of the URL activity Steam does.

- Nigel

[jigok...@gmail.com]

I have shared a TCPView image and DebugView log through Google Drive.

[jigok...@gmail.com]

I have also tried this as a filter:

*:27030=49.143.234.14,files-oc-syd.games.on.net;content*.steampowered.com=49.143.234.14,103.10.125.18,103.10.125.19,192.231.203.169

and with and without anything in the Hosts section.  The *.ix.asn.au servers keep on leaking through ...

[Nigel Bree]

So, just for comparison, below I've put the normal kind of DebugView output that you might see when you're starting a download, and the thing to observe here is that all the activity relating to the downloads are printed, starting with the "/serverlist" document and then on through to all the URL requests starting with "/depot" which are the actual game download.

When you compare this to your DebugView trace, your one shows that steam-limiter is printing the main HTTP requests coming from the Steam browser, so it's got the APIs hooked, and it shows that it's rewriting the DNS queries so it has those APIs hooked. But it's not printing anything at all related to the downloads. Nothing.

In your case, steam-limiter is seeing the outbound requests made by Steam's internal browser but none for the download system. That's not something I have any precedent for, since there's no obvious way for Steam to do this; the most obvious possibility would be that the outbound network writes Steam is making don't appear to be HTTP at all when steam-limiter inspects them in memory (or there's a bug in my code which is not recognising them as HTTP), or that Steam on your machine is calling different APIs that I'm not catching on your system, or that some third-party thing is interfering - but not being able to observe the behaviour myself means this is going to be hard to diagnose.

Pretty much what we need to get here is one of two options:

a) build a system that exhibits the same behaviour as yours somehow so that I can install Visual Studio onto it and inspect the contents of memory as Steam is running and making these API calls (which is tricky stuff), for instance by using the free tier of Amazon EC2 and setting up a Windows virtual machine where you install whatever you like onto that machine to see if you can build a system from scratch that exhibits the same kind of fault, with steam-limiter not showing the download URLs. Then once we have an isolated repro case I can RDP into it and do the debugging stuff I need to do, or 

b) I create some kind of debug-oriented ultra-logging version of steam-limiter that can capture more of the memory details of Steam's outbound send APIs to a file that you can install temporarily. Unfortunately I don't have one of those, so I'd need to write one (and I won't have time for that for a few days at best).

Other suggestions or ideas welcomed, but since this is something I haven't seen any examples of before it's going to be a puzzle.

So here's what you should be seeing which shows the normal kind of DebugView output from Steam when downloading with steam-limiter (Steam build Jul 26 2013 with steam.exe file version 1.84.85.72)

[4044] 103.10.125.18:80 GET //cs.steampowered.com/serverlist/59/20/ 

[4044] 208.111.148.7:80 GET //media.steampowered.com/steamcommunity/public/images/apps/21670/f8fc038c4a15da8e9b605ce0844e840431753c31.ico 
[4044] 103.10.125.18:80 POST //valve5.cs.steampowered.com/initsession/ 
[4044] Rejected URL 
[4044] saving roaming config store to 'sharedconfig.vdf'
[4044] roaming config store 2 saved successfully
[4044] 103.10.125.19:80 POST //valve6.cs.steampowered.com/initsession/ 
[4044] Rejected URL 
[4044] 49.143.234.14:80 POST //valve217.cs.steampowered.com/initsession/ 
[4044] Rejected URL 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/manifest/5379911778039151562/5? 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/chunk/c6779af7093701a73306a2931da6caa9524230ff? 
[4044] 208.111.148.7:80 GET //media.steampowered.com/steamcommunity/public/images/apps/21670/e6e7dd4fd7630a1650e31a960140f27272f28950.jpg 
[4044] lookup content3.steampowered.com as 203.167.129.4 
[4044] lookup content2.steampowered.com as 203.167.129.4 
[4044] lookup content7a.steampowered.com as 203.167.129.4 
[4044] 208.111.148.7:80 GET //media.steampowered.com/steamcommunity/public/images/apps/21670/e6e7dd4fd7630a1650e31a960140f27272f28950.jpg 
[4044] 203.167.129.4:80 GET //content3.steampowered.com/depot/21671/chunk/00b3e8dd900509ccfd7b42f66c52058b4dc74264?l=13&e=1377479923&h=49f803518bf54ef751ca14bbed7c27b7 
[4044] 203.167.129.4:80 GET //content2.steampowered.com/depot/21671/chunk/6a8f590ed977f43489c6efdabe9af02414f28e1d?etime=1377479923&h=0f3800855488c67837270 
[4044] 203.167.129.4:80 GET //content7a.steampowered.com/depot/21671/chunk/e45e74b9c3671bc5ec7f17cdc1402dc78dcb8843?token=exp=1377479923~acl=/depot/21671/*~hmac=05c8afa21539024c7fb5038130806a9fd8cbb60f 
[4044] 208.64.200.7:80 GET //208.64.200.7:80/depot/21671/chunk/00b3e8dd900509ccfd7b42f66c52058b4dc74264?l=13&e=1377479923&h=49f803518bf54ef751ca14bbed7c27b7&redirected=1 
[4044] Rejected host+url 
[4044] 208.64.200.7:80 GET //208.64.200.7:80/depot/21671/chunk/e45e74b9c3671bc5ec7f17cdc1402dc78dcb8843?token=exp=1377479923~acl=/depot/21671/*~hmac=05c8afa21539024c7fb5038130806a9fd8cbb60f&redirected=1 
[4044] Rejected host+url 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/chunk/a50ec15c336c1b23924fecf00fb598ce897ce8f8? 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/chunk/47e6a14c9e5a38a59b5f25715f0b7ce35c6eceb1? 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/chunk/d7e43b7dc8e3296a5167321ce823b17103aa895a? 
[4044] 203.167.129.4:80 GET //steam.cdn.vodafone.co.nz/depot/21671/chunk/7a4515e5e702f1894b1b1d2ce3ee97c01fa8a436? 

- Nigel

[jigok...@gmail.com]

You want simple?  I got simple ... Install the Steam beta client.

I reverted back to the standard release client (Steam build Jul 26 2013 with steam.exe file version 1.84.85.72) and HTTP download requests are only to servers on the allow list and DebugView output is as would be expected.

Sample:

00000473    196.05767822    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/ffd5b05c07ddad594f691d2c00b3bd0c31353ee3?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    
00000474    197.49465942    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/7153366ef2b4c9949ecaf0d6967becd59346ecc6?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    
00000475    198.50738525    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/3e0a7d3b403c3220412fb24bca0f9367e662a107?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    
00000476    199.52244568    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/2458022e5fb8d4fa9b85f7a5ff559576020d3b92?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    
00000477    200.53651428    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/b6c2f27e35c80eaf1d1e9c7d886335af8f2461c6?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    
00000478    202.06449890    [7144] 192.231.203.169:80 GET //steam.cdn.on.net/depot/108801/chunk/9410e814ebb568415a9b09bd071d198dc16ff944?etime=1377462239&hash=029bb47949c19c3b0596827c59afc5e8    

By reinstalling the current Steam beta client (Steam build Aug 17 2013 with steam.exe file version 1.87.27.5), the original issue returns.

[Nigel Bree]

On Mon, Aug 19, 2013 at 3:31 PM, <jigok...@gmail.com> wrote:

You want simple?  I got simple ... Install the Steam beta client.

OK, good to know. I'll do that and test it out later tonight.

- Nigel

[Nigel Bree]

OK, there's a new test version 0.7.0.3 in SkyDrive that works for me with the beta client.​

Basically, the production version of Steam calls the WSASend () API to send out HTTP requests when downloading, whereas the beta version uses send (). I used to hook both APIs but had stopped (I try to make steam-limiter do as little as possible to reduce the set of possible bad things that can happen), but since the beta version evidently needs it now I hook both again.

If you can try it and let me know it works for you, I'll put the build on Google Code (probably keep it as 0.7.0.3 rather than bumping to 0.7.1).

- Nigel

[jigok...@gmail.com]

New DebugView log shared.

Using this as a filter:
*:27030=valve5.cs.steampowered.com,valve6.cs.steampowered.com,valve217.cs.steampowered.com;content*.steampowered.com=valve5.cs.steampowered.com,valve6.cs.steampowered.com,valve217.cs.steampowered.com

and host //steam.cdn.on.net=*

Content will only deliver over steam.cdn.on.net and reject all other connections.

[jigok...@gmail.com]

So after some email back-and-forth I have settled on this as my custom Internode ruleset for now:

Filters: *:27030=103.10.125.18,103.10.125.19,49.143.234.14
Hosts: /initsession/=*;//steam.cdn.on.net=*;//content*.steampowered.com=

I was tempted to leave the Filter section blank because there is so little content using the old download system on 27030 but have left it there just in case I decide to download Left 4 Dead 1 for some reason ...

The three servers at the same addresses as in the 27030 rule don't respond well to be being rewritten as content*.steampowered.com anymore as they are using this /initsession/ thingy.  I don't know all the ins and outs, it's a bit beyond my current technical knowledge, but it looks like it has to authorise you to connect first; direct connect attempts fail.  That's my understanding anyway, it might be completely wrong ;)

The Hosts command MUST be inline for the moment.  Putting them on separate lines breaks it.