I have been trying to setup my own newsletter for ages.

All of the platforms that I researched asked for stupid amounts of money for the services they where offering.

20$/month for 500 subscribers is not fair pricing mailchimp.

So I looked around the web for selfhosted solutions. Finally I found Listmonk, it’s a selfhosted newsletter and mailing list manager, written in go and is extremely performant.

So I wrote an article on how to set that up!

I hope this helps some fellow selfhosters!

If you have any feedback please feel free to comment it bellow.

  • corsicanguppy
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    2
    ·
    edit-2
    4 months ago

    Oh my god.

    sh -c "$(curl -fsSL https://raw.githubusercontent.com/knadh/listmonk/master/
    

    We absolutely need to stop this. Sure, I saw the disclaimer, but we need to end the normalization of running ANY black-box crap off the net. “curl|sh” needs to be laughed into exile for all our safety.

    The easiest thing needs to be the right thing – common security saying

    Then it’s

    vim
    

    As if that’s actually user-friendly or a positive experience instead of the worst thing to ever survive from the last century, crawling along on its rotting flesh and drooling on the pavement like some toxic residue from the vietnam war that it is.

    In what asylum do you have the people willing to suffer vi and who also need a curl|sh ? Are they lazy or just misled as noobs into thinking vi is the only editor out the–

    You guys, I just realized how vi masochists actually reproduce. It’s like zombies, guys, eating brains until the victim raises up another zombie.

    And that curl|sh – does it invite supply-chain exploits? Ohhh, you bet it does! Best black-box script ever! Use this as a test for your security people – if they gauge this as a threat from within another threat, they pass. But, honestly, had it not been for the horrible spelling, I wouldn’t have thought to check further. \shrug. Mineshafts and canaries I guess.

    • GameGod
      link
      fedilink
      English
      arrow-up
      5
      ·
      edit-2
      4 months ago

      How are the alternatives any better? Download a DEB that executes arbitrary code, signed with some .asc that’s sitting in the same webserver? Download an EXE?

      Your comment is so rambley that I can’t understand whether you’re criticizing the distribution method or the packaging. Both of those are very different in terms of attack surface, if you’re talking about supply chain attacks.