this post was submitted on 04 Sep 2024
41 points (88.7% liked)

Selfhosted

40465 readers
544 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
 

I have been trying to setup my own newsletter for ages.

All of the platforms that I researched asked for stupid amounts of money for the services they where offering.

20$/month for 500 subscribers is not fair pricing mailchimp.

So I looked around the web for selfhosted solutions. Finally I found Listmonk, it's a selfhosted newsletter and mailing list manager, written in go and is extremely performant.

So I wrote an article on how to set that up!

I hope this helps some fellow selfhosters!

If you have any feedback please feel free to comment it bellow.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 2 months ago* (last edited 2 months ago) (1 children)

Oh my god.

sh -c "$(curl -fsSL https://raw.githubusercontent.com/knadh/listmonk/master/

We absolutely need to stop this. Sure, I saw the disclaimer, but we need to end the normalization of running ANY black-box crap off the net. "curl|sh" needs to be laughed into exile for all our safety.

The easiest thing needs to be the right thing -- common security saying

Then it's

vim

As if that's actually user-friendly or a positive experience instead of the worst thing to ever survive from the last century, crawling along on its rotting flesh and drooling on the pavement like some toxic residue from the vietnam war that it is.

In what asylum do you have the people willing to suffer vi and who also need a curl|sh ? Are they lazy or just misled as noobs into thinking vi is the only editor out the--

You guys, I just realized how vi masochists actually reproduce. It's like zombies, guys, eating brains until the victim raises up another zombie.

And that curl|sh -- does it invite supply-chain exploits? Ohhh, you bet it does! Best black-box script ever! Use this as a test for your security people -- if they gauge this as a threat from within another threat, they pass. But, honestly, had it not been for the horrible spelling, I wouldn't have thought to check further. \shrug. Mineshafts and canaries I guess.

[–] [email protected] 5 points 2 months ago* (last edited 2 months ago)

How are the alternatives any better? Download a DEB that executes arbitrary code, signed with some .asc that's sitting in the same webserver? Download an EXE?

Your comment is so rambley that I can't understand whether you're criticizing the distribution method or the packaging. Both of those are very different in terms of attack surface, if you're talking about supply chain attacks.