The Cloudlet

I’m a cloud citizen. My personal data exists in opaque, centralized systems. Dropbox, Google and Google Apps, iCloud, GitHub. When revelations about our privacy and security online rattled the world, I grew concerned about my reliance on the cloud. I know I’m not alone.

In this article I take a cursory look at two alternatives to the cloud—the private cloud—in open source, and third-party form.

In This Corner

Alex Payne’s sovereign tries to consolidate everything an enterprising, tech-savvy hacker would need to create their personal cloud. It’s a damned good attempt.

Alex provides the philosophical underpinning. He is a previous Google Apps customer who came to the conclusion that Google has, allegedly, “a seriously questionable privacy track record”, “a dwindling commitment to open standards”, and “a lack of long-term commitment to products”.

sovereign is, at its core, a series of Ansible recipes. In this way, a hacker can spin up a Linode instance, execute a playbook, and be off to the races with a personal, secure, cloud.

The community has responded enthusiastically. The project has almost 2,500 stars on GitHub, and about 200 forks. It clearly makes an attempt to be inclusive—providing everything from an RSS reader for disillusioned Google Reader users to an IRC bouncer for nerrrrrds—and its contributors are busily navigating the subtleties of its security implications, configuration, and ease of use.

However, there are some rough edges. Its many pieces introduce complexity. Some components, such as ownCloud, are PHP. Prosody, sovereign’s XMPP server, runs on Lua. Solr, the text search for e-mail, is a Java server. There’s nothing inherently wrong with this, but it requires a user to wear many hats in order to fine-tune its configuration.

In addition, ownCloud seems to be plagued with issues: five-hundred, excluding feature requests, on its GitHub, and a cursory search reveals myriad breakages upgrading from version to version. This latter point is important: while sovereign will ostensibly make it easier to upgrade all the components of one’s personal cloud at once, components which break during version migrations will cause people to hold off, leaving them with insecure, older versions.

The Unexpected Contender

And what if you’re not an enterprising, tech-savvy hacker? What if you can’t be arsed to configure a dozen services of varying complexity? The other attempt I’ve seen—the potential of which might have even escaped its creator—shares much in form with sovereign. It’s a bundle of useful tools designed for administrating the various components one needs from a centralized server. But that’s where the similarity ends. What am I blathering about, you ask?

That’s right. Apple’s unassuming OS X Server.

Well, think about it. You sign up for a Mac Mini colo (no affiliation!), install OS X Server on it, and what are you getting, out of the box, without a second thought? WebDAV, CalDAV, an IMAP server, a wiki, git source control with continuous integration extensibility, Jabber messaging—whose federation you can control with a single setting, checkmate Google—automatic push e-mail for your iThings, and a handful more robust features. Not only that, but you own the hardware as well.

What appeals to me about this solution is the trade-off made. For the cost of a Mac Mini and average hosting costs, you get a robust, easily-configurable UNIX server, mirroring the machines most modern programmers have on their desks. Considering Apple’s vaunted track record with customer support, and developers’ love of their Macs, this is a reasonable proposition. In addition, many pieces of Server are built on open source software: the web hosting on Apache, the Chat Server on jabberd2, the anti-virus on ClamAV, the web interface on Rails, the IMAP server on Cyrus, and so on.

Still, every extension of your life into Apple’s ecosystem comes with the same basic set of rules. Bug reporting and security updates are hidden to the end-user until the eleventh hour. The OS is opinionated, and may fail in opaque ways. I honestly don’t know if being a Server customer makes a difference in the kind of support one gets. Its relative rarity-of-use will make it difficult to find solutions to pressing issues.

On top of the abstract disadvantages, OS X Server also has a few notable issues of its own. Apple’s SMB2 implementation seems to be causing countless headaches. Its VPN server seems to require tricky finagling to get working, and only after Apple patched its implementation after release (and until that point, users had to guess when their VPN connections would be usable).

The Missing Piece

Dropbox is going to be a pain in competitor’s asses for a long time. It is an indispensable part of my arsenal, and one of the few reasons I’m not attempting one of these experiments myself. My 1Password safe is in Dropbox. My research and PDFs are stored in Dropbox. This article is stored in Dropbox. If an iOS application I use doesn’t have Dropbox, that’s a demerit. Its position is unassailable because of the ecosystem that has been wrought around it.

sovereign purports to address this with ownCloud. OmniPresence might fill the gap for OS X Server. Neither of these have the mind-share to make a personal cloud worth the effort yet, in my opinion. My barometer is simple: is there a column for the sync service on iTextEditors? If not, not enough developers are paying attention to it.


The personal cloud is only a small part of the picture. With no way to know where our packets are being routed through, or how secure our encryption really is, or how we may bring mobile application developers onboard to support our offerings, everyone huddling in their own VPS or Mac Mini may not be a comprehensive solution.

I wish I had the time to perform a deep dive into this. This is probably some blue ocean opportunity for enterprising hackers. Either way, it’s something I plan to keep a close eye on.