Sad DNS Explained

Meta, because I know Cloudflare people come by here often:<p>Your blog loads its CSS by JavaScript, which means that, although the content is all there in the HTML, the page’s appearance is rather wonky when the JavaScript doesn’t load (either by deliberate blocking or just because it fails for whatever reason, which isn’t quite as uncommon as most imagine), especially (once you’re past the header) as regards images, which end up inordinately large (e.g. 2000px wide regardless of screen size).<p>It’d be nice if this could be fixed so that the CSS was loaded normally rather than by JavaScript.<p>This has been bothering me for a while, this is just the first time that I’ve mentioned it.

The article explains the novelty as: “[T]he researchers found a very clever trick: they leverage ICMP rate limits as a side channel to reveal whether a given port is open or not. ICMP rate limiting was introduced (somewhat ironically, given this attack) as a security feature to prevent a server from being used as an unwitting participant in a reflection attack.“ The suggested mitigation is Linux kernel upgrade to roll out unpredictable ICPM rate limiting.

GitHub pulled the SADDNS.<p>Must be that bad.