The Dillo Project Migrates from GitHub: Embracing Self-Hosting and Decentralization

The Dillo project is embarking on a migration away from GitHub to a new, self-hosted home designed to better suit its unique requirements and address persistent challenges. This decision stems from a critical evaluation of GitHub's current ecosystem and its compatibility with Dillo's principles.

Background: Lessons Learned from a Lost Domain

The original Dillo website, dillo.org, once served as the central hub for the project, hosting its Mercurial source code repository (hg.dillo.org), developer mail server, bug tracker, and mailing list archives. However, in 2022, the dillo.org domain was lost and subsequently acquired by a third party, who then launched a similar-looking site riddled with AI-generated advertisements. Although the original developers are no longer active, a copy of the Mercurial repository was fortunately preserved, and significant material was recovered from the old server with assistance (though some parts remain missing).

This incident underscored the critical importance of avoiding reliance on a single point of failure that could lead to the project's complete loss. Initially, Dillo's source code and website were uploaded to Git repositories on GitHub. However, this approach is now deemed unsuitable for the project's long-term sustainability.

The Challenges with GitHub

While GitHub has been instrumental in hosting Dillo's repositories and facilitating CI workflows for unsupported platforms (e.g., Windows, macOS, BSDs), it presents several significant problems that diminish its suitability for Dillo's continued development:

• Frontend Usability: GitHub's frontend is heavily dependent on JavaScript, rendering it largely dysfunctional when accessed without it. This prevents Dillo itself from opening issues, pull requests, source code, or CI logs, despite these often being plain HTML. This is a regression from GitHub's past behavior, where it gracefully degraded without enforcing JavaScript. Furthermore, the page's resource consumption is disproportionately high for primarily static text content.
• Single Point of Failure: Beyond technical reliability, GitHub represents a single entity that could unilaterally ban a repository or account, leading to a loss of the primary notification channel and potential data loss if local backups are not meticulously maintained.
• Performance and Development Model: The platform has become progressively slower, hindering the development process. It often necessitates a fast internet connection, which is not always available. Additionally, GitHub promotes a "push model" of notifications, whereas Dillo's development prefers a "pull model" for updates, allowing for better offline work and reduced cognitive load. This push model has unfortunately proliferated across alternative forges as well.
• Social and Moderation Issues: GitHub's existing tools are perceived as inadequate for moderating communities, particularly in projects with a high ratio of non-technical users to developers. This can lead to productive issue threads being overwhelmed by unsolicited comments from non-contributors, causing developer burnout.
• AI and Open Web Concerns: GitHub's increasing focus on Large Language Models (LLMs) and generative AI is seen as detrimental to the open web. This trend often results in websites implementing JavaScript walls or browser fingerprinting to deter aggressive LLM crawlers, inadvertently locking out Dillo users. While migrating Dillo won't significantly impede AI model training on its code, it ceases active participation in encouraging this trend.

Self-Hosting Dillo: A New Foundation

After evaluating various options, it became clear that no existing forge offered the necessary redundancy and solutions for GitHub's aforementioned issues. Consequently, the decision was made to self-host Dillo, centralizing all critical data in Git repositories and synchronizing them across multiple mirrors.

The new home for Dillo is dillo-browser.org, hosted on a small VPS. Despite initial skepticism, this setup has proven capable of handling current web traffic, much of which consists of AI bots masquerading as users. The Dillo website is accessible at: https://dillo-browser.org/

For the Git frontend, cgit was selected. Written in C, cgit is remarkably lightweight in terms of both RAM and CPU usage. Crucially, its web frontend does not require JavaScript, making it fully usable within Dillo (with minor CSS adjustments). The cgit instance is available at: https://git.dillo-browser.org/

The search for a suitable bug tracker revealed that most options were overly complex and relied on centralized databases prone to data loss – a situation reminiscent of the original Dillo bug tracker, from which entries remain unrecoverable. To circumvent this, a custom bug tracker named buggy was developed. Buggy is a simple C tool that parses plain Markdown files, generating a static HTML page for each bug. All bugs are stored in a Git repository, with a Git hook regenerating bug pages and the index upon each commit. This plaintext approach facilitates offline editing and remote synchronization. Since the output is a static HTML site, concerns about code vulnerabilities are minimized as the code only runs at build time. The live bug tracker, featuring exported GitHub issues, can be found at: https://bug.dillo-browser.org/

Mailing list archives are currently stored by three independent external services, with plans to potentially include a local copy in the future.

Establishing Redundant Mirrors

By storing all critical data in Git repositories, the project can be mirrored on any forge without reliance on proprietary issue formats or other custom data storage. This significantly reduces switching costs should a forge become unavailable or undesirable. Git mirrors are currently established on Codeberg and Sourcehut, synchronized with the primary Git server:

• Codeberg: https://codeberg.org/dillo/
• Sourcehut: https://git.sr.ht/~dillo/

However, a single point of failure remains: the DNS entry for dillo-browser.org. A loss of this DNS entry, similar to what occurred with dillo.org, would render all services unreachable. Mitigation strategies include relying on alternative communication channels like the mailing list, Fediverse, or IRC, and updating mirrors to reflect the new situation. While not ideal, this approach prevents catastrophic data loss, as all project data is now stored in Git and replicated across independent locations.

Ensuring Authority with OpenPGP Signatures

To lend authority to the website, the HTML file is signed with the project's GPG key (32E65EC501A1B6FDF8190D293EE6BA977EB2A253), which is also used for Dillo's official releases and listed on GitHub. The signature is available separately and linked to the page using a <link rel="signature"> tag. Further details on verification can be found in Dillo RFC-006.

OpenPGP signatures offer robust protection against DNS entry loss, as authority is derived from trust in the signature rather than the TLS certificate chain. This allows the site to be moved while retaining its verified ownership. Furthermore, by storing signatures within all Git mirrors, they contribute to overall data resilience.

Concluding Remarks

The migration process is multifaceted and will require time to stabilize. It is important to note that the GitHub repositories will not be immediately removed; they will continue to be updated until the migration is complete. Once finalized, Dillo's GitHub repositories will be archived, and an official announcement will be made on the new site. Preserving all commits and tarball releases is crucial to avoid breaking downstream builds that may still rely on GitHub URLs.

Ultimately, the ability to establish a fully independent, self-hosted site with relatively low expenses and minimal energy consumption (contributing positively to the environment) is a significant achievement. Based on current DNS and server costs, coupled with existing donations, the project anticipates covering expenses for at least the next three years. Support for Dillo's continued operation is welcomed via Liberapay.