Hello, welcome to the Tuesday, February 16th, 2021 edition of the Sandton Storm Center's

Stormcast. My name is Johannes Ulrich. And then I'm recording from Jacksonville, Florida.

Got another guest diary today from Yijing Talk, who is writing about shape limiters and buffer float.

Now, typically when we think about firewalls, we think about them as security devices,

but of course they are also plain important role when it comes to network performance.

And that is really what the diary is about, how to optimize the performance

of your firewall. The example used here is PFSense, of course, the popular open source

firewall, and it does have quite a few of tweaks that you can apply to traffic prioritization.

Now, buffer bloat comes up if you have more traffic than your internet provider is able to

accept. So you're trying to send traffic faster than it is actually being forwarded by your firewall.

And then the trick becomes, how are you prioritizing traffic?

By default, what often happens is that one connection can sort of dominate the bandwidth,

and other connections are either dropped or become pretty much unusable.

With traffic shapers, you're then able to essentially make sure that other connections

are getting some time as well, which may lead to a lower peak bandwidth that you have available,

but overall to a better user experience

by not having other connections timeout. And Apple is apparently tweaking some of the privacy

issues around access to Google's safe browsing system. Most browsers by default before you visit a website

will check with Google if this website is malicious. Now, to do so, a hash of the URL, or at least

prefix of the URL, is being sent to Google. And if that hash shows up

in Google's database of malicious websites, then you'll see that famous, usually red warning page.

But of course, the side effect is that Google will learn what websites, at least malicious websites, you

...