Share on Twitter.
Get the most dependable SMTP service for your business. You wished you got it sooner!
July 18, 2016
It looks like Intel has made good on a promise made three months ago on a project to
open-source a Linux driver for its new SGX technology.
SGX stands for 'Software Guard Extensions' and was first introduced in 2013, and gives
programmers and Linux developers lock up code and data inside various containers enforced
by the CPU.
The concept is to create a specific environment in assuring that people clouding their enterprise
systems that not even admins in the data centre can spy on what's going on.
The current implementation has just one distribution ready to run SGX-– Ubuntu 14.04-LTS 64 bit.
The hardware requirement is a Skylake system configured with SGX enabled.
Its Linux SGX implementation includes driver, SDK, and platform software. Intel notes that the
driver isn't yet incorporated into the Linux main tree.
To be sure, SGX is designed to get around this small issue that any encrypted data has to be
decrypted at some point, so programs can operate on it.
Homomorphic encryption gets around this, but at a huge performance hit. With SGX running, data
and runtime code are put in 'enclaves' that are invisible even to processors with root-level privilege.
It's good but like anything else, it isn't perfect. In February of this year, MIT's Victor Costan
and Srinivas Devadas pulled apart how Intel obtains its certificates on its SGX technology.
There's also been some criticism. For example, the recent discussion starting at the Linux Kernel Mailing
List about its status in the kernel.
But perhaps with the code under GPL 2, maybe developers will feel more comfortable with it. We'll keep
you posted as we always do.
In other Linux news
A snippet of new code can give Linux servers a boost by addressing an unnoticed bug in a
congestion control algorithm in the operating system's kernel.
The new code was provided by Google's transport networking team, with contributions from Jana
Iyengar, Neal Cardwell and a few others.
It repairs an old bug in a set of routines called TCP CUBIC designed to address the slow response
of TCP in long-distance networks, according to its creators.
Like any congestion control algorithm, TCP CUBIC makes network-level decisions based on traffic
If the network becomes very busy with sudden bursts of traffic, hosts are told to slow down.
As Mozilla developer Patrick McManus explains, the bug was simple-- TCP CUBIC interprets a lack of
congestion reports as an opportunity to send data at a faster rate. That's it. Nothing more.
But of course, that condition could arise merely because the system hasn't been getting any congestion
update reports in a while. That's something else, but nothing that can't be addressed.
What's supposed to happen in congestion control is that the operating system starts sending data
slowly, increases its transmission rate until the network says 'that's enough', and then backs off
a bit. The design is really simple but smart when you think of it.
The bug in TCP CUBIC fools the system into thinking it has a clear run at the network and
should transmit at the maximum possible rate, crashing into other traffic, and ruining the performance
and the efficiency of the system.
“The end result is that applications that toggle between transmitting lots of data and then laying
quiescent for a bit before returning to high rates of sending will transmit way too fast when returning
to the sending state,” McManus explained to us in an email.
However, that condition could be quite common, he notes. A server may have sent a short burst of
data over HTTP containing a web form for someone to fill out, and go quiet waiting for a response,
then assume there's no congestion, and burst out of the blocks at top-rate when it gets the user's
“A far more dangerous class of triggers is likely to be the various HTTP based adaptive streaming
media formats where a series of chunks of media are transferred over time on the same HTTP channel”,
That's why a fix for that old flaw could be important. Linux is used in many media servers, and
for the past ten years or more, an important slate of congestion control hasn't been working quite
efficiently in some cases.
The code snippet forces the Linux kernel to act a little more intelligently after an idle period.
A more technical description is included with the bug fix. The code snippet is available on Google's
In other Linux and open source news
The open source router OpenWrt version 15.05 has hit the streets and the new release is
One highlight of the new iteration is an upgrade to Version 3.18 of the Linux kernel, and security
has been beefed up with ed-25519 package signing support, and also support for jails and hardened
builds as well.
But the big news is a fully writable filesystem with package management, according to the project's
This, OpenWrt explains, offers users different options for the installation and the customisation
of the upgraded routing system.
Instead of having to use a vendor's application and selection framework, OpenWrt can now be configured
using developer-supplied applications, the group said.
“OpenWrt is a framework to build an application without having to build a complete firmware from
the ground up”, the announcement says, while users get “full customization to use the device in ways
never envisioned in the past”.
Of course, that almost sounds like a challenge to the FCC, which just a few weeks ago issued
a proposed new rule-making that would demand Wi-Fi lock down on several systems.
The proposed regulation specifically proposes requiring Wi-Fi vendors to lock down their
firmware and names OpenWrt as a potential issue.
As the rule states, router vendors selling new equipment in America would have to answer “What
prevents third parties from loading non-US versions of the software/firmware on the device? Describe
in detail how the device is protected from “flashing” and the installation of third-party firmware such
as DD-WRT,” the new ruling states.
The FCC's overall concerns are that third-party firmware could allow end users to mess around
with their wireless settings, and in careless or malicious hands, that could end up with a Wi-Fi
router operating outside its radio spectrum certification.
With OpenWrt's new upgrade, its device support has now passed 950 products from 159 vendors, with
new devices added from Marvell, Broadcom and Raspberry Pi.
In other Linux and open source news
The next Ubuntu: version 15.10, nicknamed Wily Werewolf, has begun to take shape but as before, the first beta code
out of the gate doesn’t belong to the main desktop.
Rather, that honor belongs to the familiar list of Ubuntu fellow travellers – Kubuntu, Xubuntu, Ubuntu GNOME, Ubuntu MATE
As could be expected, the amount of new features varies on Kubuntu, which offers some major updates for
the KDE platform that serves as its base, to Lubuntu, which consists primarily of a few bug fixes here and there.
The biggest news right now is that Kubuntu 15.10 uses the hot-off-the-presses KDE Plasma 5.4
desktop. Plasma 5.4 is a huge update for KDE, bringing everything from preliminary Wayland support
to smaller, but more noticeable changes like a nice new set of Plasma Widgets and improvements to
K-Runner, the revamped, extendible launcher in Plasma 5.
The KDE team has also been finishing up work on the new flat look of Plasma 5. In our initial review
of KDE 5, we said it was a bit rough around the edges, with some missing icons and the fact that the
search field in the Kickoff app launcher was hard to discover among a range of issues.
As of 5.4, all those elements have been fixed. There are some 1,400 new icons, all consistent with
the brighter, flatter design aesthetic the characterises Plasma 5.
The other area that is much improved in this release is KDE's support for HiDPI screens. In previous
Kubuntu releases, we had trouble getting the HiDPI support to work in virtual machines, but as of Kubuntu
15.10 that's no longer a problem.
The various features which KDE offers have also been improved. There's a new one for volume and a
slick new network app that offers a nice graphical view of your network traffic.
It also now supports SSH connections via a plugin. The Wily Werewolf release of Ubuntu MATE ships
with an interesting combination of MATE 1.8 and 1.10, depending on which component of the system you're
Somehow, it manages to do this without being too buggy, but it can make troubleshooting a little more
time-consuming, since you first need to know which version of any problem component you've actually got.
But among Ubuntu's MATE 1.10 elements is Caja, the default file manager. It gains an extension tool for
handling various plugins that means it's a lot easier to install and enable plugins since there's no need to
There's also the much-improved multi-monitor support we covered in our Mint 17.2 review a while back.
But there are plenty of MATE 1.8 elements still hanging around, nevertheless. Elements like
the main panel, the power manager, applets and the icon theme all remain at their 1.8 versions.
However, Ubuntu MATE was the least stable of the betas we tested. In fact, it would never really
run at all in a virtual machine and didn't fare any better on actual server hardware.
In other Linux and open source news
Yesterday, Debian said it has published over the weekend the second update to its Jessie stable
release and the 9th update for its older Wheezy flavor.
Debian Jessie version 8.2 mainly adds corrections for security issues to the stable release,
along with a few adjustments for serious problems, according to Debian's announcement of its new
So far, we have counted no less than 60 security fixes and 68 updated packages in the new release.
By our estimate, Wheezy 7.9, also revealed over the weekend, updated 60 packages and offers no less than
184 security patches.
Many of the bugs have already been addressed, so Debian advises that “Those who frequently install updates
from security.debian.org won't have to update many packages and most patches are already included in this update.”
Upgrading to the new releases doesn't need much more than a quick bit of sudo action to get things
Overall, the Wheezy release is arguably more serious because Debian's releases policy states that
“When a new stable version is released, the security team will usually cover the previous version
for a year or so.”
The last Wheezy update came out in January of this year, a rather slower release cadence than Jessie
which has had two updates since its April 2015 release.
The big new Wheezy update therefore represents one of the few remaining occasions on which
Debian's volunteer developers will give the OS their full attention.
In other Linux and open source news
After seeing several years of a constant drop in popularity, the Debian GNU/Linux Project has nixed its
support for the Sparc architecture, effective immediately.
"As Sparc isn't exactly the most 'alive' architecture anymore," Debian maintainer Joerg
Jaspert wrote in a mailing list last week, "not in Debian 8.x jessie and unlikely to be in Debian 9
stretch, I am going to remove it from the master archive this weekend."
To be sure, Japsert has scrubbed the Sparc code from the Debian "unstable," "experimental," and "jesse-upgrades" source
code trees for some time already, in addition to a couple of other trees that are used for internal
"The relevant parts of the distribution tree have been cleaned out already, removing the actual
files from the pool hierarchy will happen using the usual automated stuff, so starting in about
1 day and then spread out a bit over the following archive-update runs," Jaspert wrote.
Before the code's removal, Debian could be built to run on Sun-4u (UltraSparc) and Sun-4v (Niagara
processor) machines, using a 64-bit kernel with most userland applications running as 32-bit.
The decision puts lovers of aging Sun Microsystems hardware in a bit of a lurch, as Debian was
one of the few remaining Linux distributions to still support the older Sparc architecture.
Red Hat dropped Sparc support in version 7 of distributions in 2000 – back in the days before
it was calling it Red Hat Enterprise Linux.
For its part, Suse dropped support around 2002, and while Ubuntu had a Sparc version as recently
as 2010, it hasn't been actively maintained since.
The Sparc code won't be removed from already-released versions of Debian however, so those
versions should continue to power aging Sun servers, even as the code gathers dust.
Jaspert added that removing the old Sparc code "does not block it coming back as Sparc64," meaning
only the newer Sparc processors would be supported.
For that to happen, someone would have to step up to maintain it, and there doesn't seem to
be anyone who's interested for now.
In other Linux and open source news
Suse Linux has made a version of its enterprise Linux distribution available for hardware
vendors who want to deliver products to markets based on 64-bit ARM processors, in a new expansion
of its reseller program.
As a whole, Suse Linux Enterprise 12 now ships for the x86-64 platform, IBM's Power 8 and IBM System
z architectures, and more could be joining the bandwagon soon.
Yesterday saw the arrival of a new version of the operating system for ARM's Arch64 architecture,
albeit only for development and testing, for now anyway.
Suse engineering vice president Ralf Flaxa said in a statement-- "Suse's ARM partner program will provide ARM ecosystem partners access to Arch64-supported
Suse Linux Enterprise 12 software and expertise, establishing relationships that will result in
supported enterprise solutions on different hardware platforms to meet a variety of customer needs."
Suse's ARM partner program originally launched with seven members, including chipmakers AMD,
Applied Micro and Cavium, along with server vendors Dell, HP and Supermicro.
It's a small group, but it's not as if vendors are stampeding into the ARM server market,
as it's still relatively new.
Of the chipmakers, only Applied Micro has ARM server chips in production in the form of X-Gene.
Its products have popped up in low-volume server designs from HP and Mitac, albeit with limited sales
As for Cavium, it's been working with Gigabyte to get its ARM chips into actual servers, but
it's not clear when we can expect them to hit the market.
Even Qualcomm has said it wants part of the action. Some of the problem has been that subtle differences
in the various chip vendors' products have made it difficult for software developers to get their code
running on everyone's hardware, something that partner programs like Suse's can help with.
Suse isn't the first to jump into the fray, though. Its rival Red Hat launched its own ARM partner
program in June 2014.
Get the most reliable SMTP service for your business. You wished you got it sooner!
All logos, trade marks or service marks on this website are the property of their respective
companies or owners.
Linux News Today.org is read by over 450,000 people involved in the field of Linux application development,
professional Web hosting services, Linux
security, Linux Web development, etc.
Inquire about our reasonable advertising rates
on our news website. One of our advertising representatives will be in touch with you. Simply email us to learn
about our ad rates and how we can help drive relevant traffic to your website. Advertising space is limited.