If you run your own Ghost site, now is a great time to upgrade to version 6.19.1 or later. More info can be found in the Ghost Forum post below:

Security update available for Ghost 6.x

We’ve been made aware of a security vulnerability in Ghost versions up to v6.19.0. This is patched in v6.19.1, which has been released and rolled out on Ghost(Pro). Self-hosters should update to v6.19.1 as soon as possible. Details: A SQL injection vulnerability existed in Ghost’s Content API that allowed unauthenticated attackers to read arbitrary data from the database. Docker Image: The Docker image for v6.19.1 is available on Docker Hub here. We’re actively working on improving when and…

Ghost Forum

I just so happened to be looking at the Ghost forum today when I came across the security disclosure. Had I not been on the forum, my RSS reader would have at least picked up the release note here (See also Feed URL: https://github.com/TryGhost/Ghost/releases.atom).

If you have a better way to keep up with GitHub security advisories for projects, leave a comment to let me know. 🙏

Imagine my horror when I see the IP address of the vps the site is hosted on with an elevated risk score. Most cloud hosting IPs have been abused by everyone from script kiddies to folks in the major leagues. This means it's harder to end up with a clean IP address for your VPS or cloud server. It also means that folks who opt-in to multiyear hosting agreements, like I do for a discounted rate, it can be difficult or expensive to get a new IP allocated.

Luckily, there is a way to avoid this. To the forums!

Missing documentation for mail config options – Mailgun API support

I ran into some issues trying to set up transactional email with Ghost, and I think there’s a gap in the documentation that could use some clarification. I wanted to use Mailgun for sending transactional emails and followed the instructions here: I tried configuring SMTP as described, but it consistently timed out after 60 seconds (without any errors). I double-checked the ports, authentication details, and tried multiple variations without success. When I couldn’t get it working, I started…

Ghost Forumquentin-binder

This recent forum post helped confirm my suspicion. You can avoid leaking your IP by exclusively using the Mailgun API transport. You'll need to change the Ghost mail transport option for transactional emails like registrations, from smtp to mailgun. Note that it is the SMTP transport option that exposes the host IP address when sending things like registration emails. This is often the first touch point with subscribers. So let's avoid doing that.

If you're using docker, here are the env vars to set:

mail__transport: mailgun
mail__options__auth__api_key: ${MAILGUN_API}
mail__options__auth__domain: ${MAILGUN_DOMAIN}
mail__from: ${MAILGUN_FROM}
# mail__host: api.mailgun.net # us based
# mail__host: api.eu.mailgun.net # eu based

Hopefully this helps improve your subscriber confirmations.

Also worth noting is an easy to miss issue with your dmarc configuration. As you start sending your newsletter(s) to a larger audience, make sure your dmarc policy is set to something other than none. Read more about these sending requirements here:

💌 New email requirements in 2024: What you need to know

Beginning in February 2024, Google and Yahoo are introducing new requirements to make email more secure and less spammy. This doc discusses how these changes affect Ghost users. 💡 Ghost(Pro) has already implemented changes to comply with these requirements. See our help docs or reach out to support to learn more. Who does this affect? The new email requirements only affect Ghost publications which send newsletters to at least 5,000 recipients per day. If your publication falls under thi…

Ghost ForumRyanF

Last thing, this is my first post with a self-hosted ActivityPub service connected to my self-hosted Ghost site. Check out the feed over at https://mastodon.social/@[email protected] to see what this new integration looks like on the fediverse.

✌

April 1st

0:00

/292.56

1×

On the work side, I've been shooting photos, building out documentation for running hybrid meetings to better support in-person and online organizing, and, of course, working through the rest of my side quest backlog. Right now, I'm wrapping up an email project and slowly pushing along some Ghost site migrations.

Speaking of surprises, one of them I found when migrating a site to Ghost was this tiny issue with alt-text images having a hard limit on the length of characters you can save. Not a huge deal, but it's something to think about if you're tasked with content parity during a site migration. I'm also trying to put together a list of platform fees across Substack, Patreon, and other services to compare what an alternative looks like and the trade-offs to consider.

But even with the work that keeps me busy, I know you can't post your way out of fascism. 404 Media's take on this deluge of news is worth the read.

...the point of this deluge is not to persuade, but to overwhelm and paralyze our capacity to act. More recently, researchers have found that the viral outrage disseminated on social media in response to these ridiculous claims actually reduces the effectiveness of collective action. The result is a media environment that keeps us in a state of debilitating fear and anger, endlessly reacting to our oppressors instead of organizing against them.

If 404 Media has been working to cover what corporate media would probably call political uncertainty at the national level, what do we have at the local level?

I'm based in San Francisco, and I turn to the following people and organizations to better understand what's going on.

The Phoenix Project

We rise from the ashes of buried truth, awoken to challenge and expose the covert corruption eating away at the pillars of our society.

48 Hills | Independent daily San Francisco news + culture

SF Bay Area News, Arts, Culture, Life. Nonprofit daily site, locally published & completely independent.

48 hillsD.A. Mission

El Tecolote - Latinx news, arts and culture in San Francisco

El Tecolote is the voice of San Francisco’s “pueblo.” We answer questions and report on news that shape the lives of Latinx people who live or work in the city. Located in the heart of Mission District, we document and amplify the community’s vibrant role in the city’s political, art and cultural scene.

El TecoloteMariana Duran

Get more from Sad Francisco on Patreon

a podcast

PatreonSad Francisco

Get more from Doomloop Dispatch on Patreon

The show covering the worst parts of the San Francisco Bay Area.

PatreonDoomloop Dispatch

I still review the billionaire-owned blogs to see how the narrative is being shaped there, but there's no need to share those links here. Please let me know if I missed an outlet or group I should follow.

I'll end with a roundup of posts where my work has been featured in 2025 so far:

After Newsom abandons trans people, a fairly tepid response at SF City Hall - 48 hills

When Gov. Gavin Newsom threw the trans community under the bus last week, LGBTQ+ leaders in the state Legislature and statewide activist groups—many of them very politically moderate and cautious—were very quick to respond. Newsom introduced his new podcast by inviting Charlie Kirk, a right-wing provocateur, to chat with him. It’s hard to understand why […]

48 hillsTim Redmond

Note to Matt Dorsey: UCSF doctors support harm reduction - 48 hills

Plus: SFPD still seems to have problems with illegal searches. That’s The Agenda for March 31-April 6

48 hillsTim Redmond

Another War on Drugs measure passes, with only two dissenting votes - 48 hills

Fielder and Chan oppose plan that has serious flaws and could lead to more deaths. 9-2 votes are becoming a pattern.

48 hillsTim Redmond

Part 1: SF Rules Committee & BOS Meeting: What a fucking week!

Mandelman Reveals His Trumpian Self with Sunshine Task Force. Lead up to Dorsey’s associates and policy advisors targeting and harassing me again, the worst I’ve felt since 2023.

LeftyLea’s SubstackLeftyLea in SF

Supes vote 9-2 to let Lurie fire one of the best members of the Police Commission - 48 hills

The mayor wins a decisive victory, giving him the power to replace the police chief and choose the next person for the job.

48 hillsTim Redmond

For You

The Apple News algorithm provides a couple of news lists for me. That seems cool in theory, but what I can only describe as a trending investor news slate appears in front of me in my For You section.

That's not the content for me. I'm looking for something more along the lines of For Workers.

What does For Workers look like?

I'm not usually intrigued by puzzles but as I explore the Ghost platform, for workers, I'd like to start identifying the gaps that are currently distracting the work I should be doing. This morning started great, but as I looked for a recent healthcare article from 48 Hills on Apple News, I came across plenty of junk that isn't for workers.

We desperately need a kaleidoscope of art and consciousness when creating and consuming content for workers, abolitionists, and the community. And with that, I'm back to it. ✌

Ghost empowers workers to create their own alliances through their built-in growth strategy called "Recommendations", as well as their public "Explore" feature for catapulting new projects to the community. A simple way to say, if you like that, you'll love this. Here's what it looks like in practice:

Sure, Ghost is a blog like this one, powered by free and open-source software. But it's software built by a foundation with a mission to democratize publishing. Ghost is an alternative way to support the labor of content creation for the movement, not moments.

Community over commodity. There is no billionaire behind Ghost, just an organization that exists for purpose rather than for profit.

For a cardboard box company that might not mean much — but for a school, hospital, local news org, or open source project, it means a great deal.

Hi, it's me, your local news worker, open-source contributor, and organizer. As billionaires continue towards subscription models to help their dependent blogs blend in, a need rises for a worker owned alternative. I first started tracking Ghost while working on open-source projects and email reporting dashboards at Mailgun, currently the only bulk email sender for Ghost-based newsletters. Fast forward a decade later, I started exploring Ghost again as a digital organizing tool to replace mailchimp after their pricing changes for the Tech Workers Coalition Newsletter. I went with ActionNetwork.org at the time, but I won't ever make that choice again.

🫡

I see the potential behind Ghost, as a platform and ecosystem to build collective power. I see it as a creative outlet for artists, writers, photographers, organizers, community groups and of course, independent news. I'm not not saying to abandon your current platforms. But consider the social labor involved, what cut your current platform takes, and consider an open alternative for the people, not the powerful.

What are the next steps?

I'm going to start building out prototypes to share with the first groups I've already reached out to.

Don't despair, you can try the managed hosted version of Ghost here. It's currently the least painful way to get started, or you can find a Ghost expert to help run this on Open Source Application Hosting for $1.90 or be on the look out for worker-owned platforms that support this work.

And you'd want go through all that because it's worth the following at the end of the day:

• Own Your Content
• Memberships & Monetization
• Email Newsletters & List-Building
• Scalable & Adaptable

Ghost isn’t a new kid on the block that's a response to anything current, but it represents an exit to private capitalist owned platforms and the media barons behind the curtain. Just as open-source redefined how we build software, Ghost and similar models can redefine how we build communities, tell stories, and support local journalism and organizing.

I'll be writing and documenting my journey from here on out with Ghost, to provide digital organizing signals. If this interests you, let's connect. If you'd like to get D.O.S. content like this in your inbox, subscribe below:

D.O.S.

Digital Organizing Signals is a new media project by Eddy Hernandez, an abolitionist, artist, and worker focused on creating content and tools that are for communities not corporations.

Plug In

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Changelog: 
- 12/10/24 docs(explore): added changelog and platform exploration notes
- 12/13/24 docs(ghost): more screenshots of ghost