
Show HN: arkOS - Securely self-hosting your data - jcook818
https://ark-os.org
======
jcook818
I've been quietly working on this project for awhile now, but with all of the
news about NSA in recent days, I thought it important to share a little about
my project.

I am working on a platform called arkOS. arkOS is an operating system that is
initially designed to run on the Raspberry Pi, and will eventually be expanded
to other architectures. It comes with a built-in graphical server management
system called Genesis, which will allow users to _easily_ and _securely_ host
websites, webapps (Wordpress/Drupal), email accounts, cloud services like
ownCloud, Dropbox clones and anything else. The coolest part of Genesis is
that it uses a plugin interface, so anyone who has a new project that they
want to manage only needs to whip up a quick script in Python and it can be
easily integrated into the rest of the application. Genesis was initially a
fork of another server management app called Ajenti, but now extends its
features and takes it in a more comprehensive direction.

arkOS is similar to two other projects that have been in the spotlight lately
- FreedomBox and Space Monkey. It differs from FreedomBox because it is not
focused on redoing existing networking systems. It is simply dedicated to
hosting your data and does not try to reinvent the wheel. It also puts a
premium on user experience - it is designed to require as little command-line
work as possible in order to maintain it (ideally zero). It differs from Space
Monkey because it allows you to actually _serve_ the content you put onto it,
rather than just serving as a media storage system. While both of these tools
are very exciting and important steps to "liberating" the cloud, I believe
that arkOS fills an important niche in between the two.

EDIT: Regarding how it can prevent against gov't/corporate spying like with
PRISM: The idea is that it would provide an easy alternative to the services
that are provided by these large companies, i.e. Google Talk (or whatever they
call it nowadays) replaced with an XMPP server, Gmail replaced with self-
hosted email, Dropbox replaced by your own self-hosted instance of ownCloud,
etc. The only part of PRISM that it might not provide a defence against would
be big social networks (Facebook et al), but you would still be able to host
your own StatusNet instance or Tent server on your arkOS server and have
alternatives that way. When services can be decentralized and brought back
under individual user control, a "direct link" into major web company's
servers is definitely made irrelevant.

If anyone is interested in this project or would like to stay apprised on its
status, I encourage you to check out the links below. I have many more things
in the works for arkOS, including a system that helps people get around port
blocking and dynamic DNS issues, something that prevents a large number of
people from self-hosting their data.

Thanks for reading :)

\--

Free The Cloud: [https://ark-os.org/cloud](https://ark-os.org/cloud)

Project Website: [https://ark-os.org](https://ark-os.org)

Github repo for Genesis, the server management GUI:
[https://github.com/cznweb/genesis](https://github.com/cznweb/genesis)

~~~
julianc
Looks nice and I like the whole privacy-focused ideology, however isn't this
just an operating system with a control panel that easily allows you to
install programs using a graphical interface vs. the command line? You know,
like webmin/virtualmin, cpanel, etc.?

I suppose it makes a lot more sense to install a os + control panel on a
device such as the rpi than a webserver (like using XBMC on a HTPC), so your
project may have a future :)

Good luck!

~~~
jcook818
It is an operating system with a control panel, but the control panel is/will
be a lot more comprehensive than Webmin or analogous server management apps.
Whereas Webmin gives you a web interface with which to manage your server, if
you don't understand how Apache/nginx/etc work then you still won't be able to
add your own website, for example. If you have no idea about mail relays,
virtual domains and so on, you probably will be way over your head if you try
to host your own email. Genesis grinds the learning curve down as much as
possible, by allowing websites (or other plugins like email/XMPP and so on) to
be added with wizards and non-complicated language. Closer to Zentyal's web
administration systems than that of Webmin. But it still represents a big
improvement over how Zentyal works when we are just talking about personal
use.

------
mwcampbell
Excellent project! We need to pull together and fund this so jcook818 can work
on it full time. jcook818, how can we contribute? Have you thought about
setting this up on Kickstarter or the like?

~~~
jcook818
Hi there -- I do have plans for a Kickstarter, with some very interesting
ideas on things that will be offered. Won't get into too much detail, but it
will be awesome I can assure you :) I need to find a helper / partner before I
can get to that stage though. Check my comment above for details.

If you are interested in donating NOW which really helps server fees and other
overhead, you are certainly welcome to do so and it is much appreciated.
[https://ark-os.org/donate](https://ark-os.org/donate)

------
ippisl
Jacob , It's great that you're working on this.

But isn't the biggest problem with security/privacy is that people don't care
about it and don't use privacy enhancing products?

Because if that's the case, the starting point should be a viable marketing
strategy - which will define the product.

Snapchat is is a good example of this. They wrap a viable user need with a
privacy preserving idea with great marketing. Have a look at their site.

~~~
jcook818
Hi there! Yes, I agree that apathy is a big problem. My hypothesis is that
apathy can be driven down once the investment in time/money/education required
for self-hosting services is reduced. If it can't be, then more educational
campaigns are needed. I'm not really a marketing-type of person, but I would
love to have someone on the project that can do this sort of thing, and be
more of a conduit for the community. I only have two hands on the project at
this point, but hopefully in the future that will change :)

~~~
ippisl
There are secure services for IM/VOIP and maybe email(npt sure how secure) and
of course TOR. Some are very easy to use like Redphone/textSecure which
integrate transparently with android calls/meessaging.

As far i can understand, they didn't grab much popularity. So i'm not sure
ease of alone is enough.

I'm not really a marketing person too, just interested in it, so i don't think
i could help much.

Anyway, best of luck with the project.

------
jaakl
It does not really resolve problem for the fully paranoid. Instead (and in
addition to) of service providers the backdoors could be installed to your
software, Raspberry Pi, or even to silicon. There is small number of providers
of any of these, so they are quite easy to be controlled by interested
parties. Solution: publish designs, so everyone will write your own software,
build your own hardware.

------
sciurus
"arkOS is designed for use on the Raspberry Pi"

What about this is specific to the Raspberry Pi, and why? Can Genesis run on
any Arch Linux installation?

~~~
jcook818
The operating system that Genesis runs on is packaged for installation on the
Raspberry Pi, and its software packages are compiled for armv6 at this time.
That being said, you can run Genesis on Arch Linux with little difficulty by
just cloning the Github repo.

arkOS is designed for use on the RPi at this time, because my goal is to
create the best user experience possible at the lowest possible entry price.
Lowering the barriers to self-host one's data and all that. Once Genesis is
closer to its 1.0 release (and hopefully once I have more volunteers to help
out), arkOS will be extended to more powerful platforms like the Beagleboard
Black (armv7) and ultimately x64/64 systems. Since I'm only one person at the
moment, I thought it prudent to start with a small focus then expand from
there.

~~~
StavrosK
Plus, you can sell pre-installed microSD cards for $10, which should bring
some revenue to help the project along.

------
so898
I find my Raspberry Pi and install this OS, feel cool. But I think I will keep
my ownCloud staffs, because I have two PCs and one Mac running three different
systems... If arkOS could support Mac and Win, I will have a try again. BTW,
the ownCloud really always delete my files when sync, which make me always
want to go back to Dropbox...

------
pinaceae
doesn't this just solve a piece of the mess? it is the communications channels
being monitored, so email, chats, voip, whatever messages would still be
easily tapped into.

they control the pipes, the endpoints do not matter much.

~~~
jcook818
Notwithstanding a MITM attack, the pipes are secure enough, provided you are
properly using encryption. If an app stores _any_ sort of data unencrypted on
a centralized server, that data is potentially accessible to others who can
compromise that server. This makes endpoints a piece of critical importance.
When you self-host your data, you can patch that hole in the armour so to
speak, because the endpoint falls under your control. Coupled with encryption,
it's a massive deterrent to eavesdropping.

In brief: it doesn't solve every Internet eavesdropping problem known to man,
no. But it solves a very substantial one that hasn't really been tackled to
date.

------
rohall
Does anyone know of anything similar to arkOS that I could throw on a netbook?
I'm thinking of installing Ubuntu and building it out myself, but if there's a
pre-made distro that would be helpful.

~~~
jcook818
Not that I'm aware of, sorry. Zentyal is an option, but I believe it is geared
towards small business, and is probably closer to Webmin than arkOS/Genesis.

I do have plans of making arkOS work on x86-based systems, but my first goal
is armv6 and armv7 (RPI, Beagleboard Black, etc)

------
__voidcast__
Chrome is giving me a Invalid Server Certificate error on the site(I had to
edit the https to http ).

This would definitely be a good way to use my ownCloud :-)

~~~
jcook818
Really? That's weird, it works just fine for me...

~~~
pseut
I'm getting the same thing with Konqueror

edit: same thing = same problem

------
ceejayoz
This defends against the Dropbox part of PRISM, but hardly the rest of it.

~~~
jcook818
The idea is that it would provide an easy alternative to the services that are
provided by these large companies, i.e. Google Talk (or whatever they call it
nowadays) replaced with an XMPP server, Gmail replaced with self-hosted email,
Dropbox replaced by your own self-hosted instance of ownCloud, etc. The only
part of PRISM that it might not provide a defence against would be big social
networks (Facebook et al), but you would still be able to host your own
StatusNet instance or Tent server on your arkOS server and have alternatives
that way. When services can be decentralized and brought back under individual
user control, a "direct link" into major web company's servers is definitely
made irrelevant.

~~~
ceejayoz
Self-hosted e-mail still has to get to its recipients. Most of us can't have a
"I won't e-mail anyone not on my own e-mail server" policy. Same for XMPP -
sure, internal traffic is safe, but as soon as you're contacting someone
outside your network it's entirely possible they're being watched by PRISM.

~~~
jcook818
This is true. I didn't mean to say that it would completely negate the effects
of PRISM (or similar programs/policies). And it obviously doesn't eliminate
the need for using encryption when you communicate with external services. But
it will still "defend" against it by allowing people to repatriate a
substantial amount of their data. The less personally identifiable data for
you that Google/Microsoft/et al have on their servers, the more that policies
like these become irrelevant.

------
runako
Your server's down.

~~~
jcook818
Ugh, wonderful timing. Thanks for letting me know

Edit: Fixed, for now

------
miaui
what license is this released under?

~~~
jcook818
The management interface (Genesis) is GPLv3.

------
captiva12
Any of the personal cloud solutions like Tonido or your own NAS will help as
well.

