Focal Fossa

Superadmin August 9, 2020
Is focused.

I dove headfirst into Ubuntu 20.04 (Nicknamed Focal Fossa) without really knowing anything about it. I had been running 16.04 for three and a half years when my main physical server’s motherboard started to get wonky. I remember looking at the system logs in the spring trying to figure out why my system restarted 4 times overnight and not really figuring it out. By the time the local lockdown left everyone stranded in their homes my server was restarting every minute or two, and I had no choice then to shell out for a complete rebuild.

My new server is based on a newer AMD motherboard, Ryzen 7 2400x 8core processer and 32Gb DDR4 RAM. Newer archetecture meant a lot more speed and I added a decent graphics card so of course I really wanted to see what Ubuntu could do on a really powerful system.

Here is where any of my professional friends might be scratching their heads at this point because I know that some are thinking “Why oh why would you start up a working webserver with an OS that came out within the last 12 months? There has not even been time to work through all of the bugfixes from the first release.” I subconciously know this of course having been enamored by Ubuntu for quite some time now. (since 12.04 was released actually) and I had such trust from the last decade of professional successes with this truly awesome OS that I was not really worried about a bad experience.

Thats when the real magick started to happen. I was pumped and I took an evening with nothing to do at all, made some nice coffee and set to work setting up the new system. First I was really impressed by the look and feel but what really was truly amazing was how well everything works.

My Stack:

I must at this time confess to all the people that I have advised on security matters professionally in the past. I run a publicly accessable web server on Ubuntu with the GUI installed. Yes, it’s true. Technically speaking I really don’t give a damn if X can be exploited at a system level. That might have been a concern back in 1998 but back then people also used to put Linux based servers on the network without a hardware firewall. Who does that now?

Also, Windows based servers all have GUIs installed. Frankly I am more concerned with flood attacks and Ddos than any of that old fashioned nonsense. If someone penetrates my ‘nets to the extent they can issue a server level command through X I am already compromised. It’s like debating the temperature of the fire rather than putting it out.

So, as a server admin I might do something like that that is a calculated risk but not really reccomended for security purposes. One thing that most Sys-Admins do along these lines is login as the root user. When any Ubuntu system is installed the root user is not enabled, meaning there is no account existing on the system with ultimate control over every aspect. This is one thing that makes Linux systems the choice for running ultra secure network applications. Sometimes on a complex box sys-admins need that kind of control to perform work so many front facing systems contain this security weakness, and in fact anyone who has spent any time reading webserver or firewall logs knows exactly what I am talking about: many hack attempts try to exploit the root user account if it exists.

Focal Fossa is the first Ubuntu where I as a sys-admin did not have to do that. No more SSH-ing in Nautilus with root credentials limited to local sub-nets! How is this miracle possible you ask? A small utility program called Nautilus-Admin lets a logged in user open folders and files with superuser permissions if they have them. At the command line type:

sudo apt install nautilus-admin

to install it, then in Nautilus when you right-click on a file or a folder there will be an option to “Open as Administrator”. This utility will work everywhere on the linux file system making it a true snap to set up config files for different services and programs, like webservers.

For power at the linux command line try

sudo -i

to get a temporary root session. With these two functional improvements to Ubuntu a whole new security paradigm has been reached.

I have to give a shoutout to a great source of documentation about building a LAMP stack on Ubuntu Focal Fossa, and thats Digital Ocean. I found their tutorials to be invaluable in bringing me up to date on new features in Ubuntu for developers. Focal Fossa is friendly and focused towards development. All the default software repos for this distribution are much more comprehensive than the ones for 16.04. I only needed to add one extra software repository source for APT, and that was for Firefox Developer Addition Web Browser which is my favorite browser. All the software works well together and is cross compatable.

Downsides? Ok I have to admit I am really, really pleased with my new Ubuntu 20.04 system in every way, but as a developer I had to bite the bullet on one big issue, which was MySql versions. 20.04 ships with MySql 8 and it installs and works pretty flawlessly, but Drupal 7 and Backdrop CMS as well as a couple of other software systems I will not mention here as of this writing have not been upgraded to use the new features of MySql 8 so this software will not run on my new server. I develop for the Backdrop project in my spare time ( unpaid volunteer of course ) so this meant that I ended up having to install MySql 5.7 on one of my more robust Windows 10 systems to fill in while the rest of the Net catches up to the bleeding edge that MySql 8 has defined. Sites made in WordPress are already upgraded so they can run on 20.04’s default LAMP stack, but sys-admins be forwarned! It’s quite a chore to install the older MySql 5.7 that is currently still widely used in Drupal or Backdrop on Focal Fossa. One reason for that is that MySQL 5.7 is not even included in the current software repositories that Focal Fossa ships with. A sysadmin would have to use a repo from 18.04 and build 5.7 from that. (I would not recomend it) and forget about 5.7 and 8 running at the same time on the same box — not gonna happen. If you have older sites and apps that you have to host and you don’t happen to have AWS or a spare database server sitting around, I would advise reconsidering before you upgrade your main server (regardless of how painful it may be after reading this blog post). Otherwise that is the only thing about this Distro that should make you pause. I strongly reccomend upgrading asap to this newest and best Linux OS to date!

Like the icing on a cake Focal Fossa has some extrordinary extras. 20.04 ships with the latest versions of Webmin. The new Webmin features a complete GUI makeover as a Javascript based web application. No troubles out of the box with any of the snap-ins that Webmin uses to accomplish it’s administrative magick. Again, the super secure scheme of Focal Fossa does not necessitate that the system have a root user account like in the older systems to make changes in Webmin. Webmin had always been hit-or-miss in terms of it’s administrative functionality when run under any user account bessides the root, mostly because file permissions needed to perform certian tasks on the system that Webmin provides a GUI for, require elevated permissions from the logged in user, and Webmin never really figured out how to handle the sudo process.

Those days are now over, thankfully. Users with sudo permissions can login to Webmin with their existing account and password and everything just works, with no glitches. Frankly, I like it that my system does not have a root account and that I don’t really need one. It’s perfect.

Another thing I have learned from this sytem build is that there is an issue between certain Asus Motherboard BIOS functions and this Linux based OS. I had to disable “Automatic C-State management” in the BIOS to keep this system from randomly crashing. Automatic C-State management is a power saving function on some system boards to improve efficiency, essentially turning off processes that have not been used in a while to make room for more pressing requests. On this system this Motherboard feature did not play well with MySql 8. When the MySql process was sidelined by the BIOS on my running system, (usually around 1 or 2 in the morning when I get the least amount of traffic on my webserver) my system would freeze due to the unavailability of the MySql service. After I turned this management system off Ubuntu assumed the role of process guardian and the system has run flawlessly ever since. I found the soluton here:

https://askubuntu.com/questions/1264092/how-to-find-out-why-ubuntu-20-04-freezes

That’s just a testament to the wealth of documentation that is available for your new Focal Fossa. There is really no reason to turn back. Focus on the future.

Update:

As of 08/12/20 an update to Focal Fossa has completely solved the Automatic C-State Management issue. If you had changed this setting, you can now safely go back to using Automatic C-State Management on your Asus Motherboard for an even smoother user experience. Where I noticed the biggest change after this update was in the way stuff loads on the desktop – smoothing effects are smoother and also image transitions for icons and apps in the desktop environment are smoother.