Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Brick, a free Notion-like tool for zero-hassle site making (brick.do)
187 points by neongreen 56 days ago | hide | past | favorite | 101 comments



Nice work - seems like more and more people are using Notion to publish their own little websites. There are a few custom solutions that attempt to fix the problems that the author outlined, such as custom URLs and styling:

- https://super.so/

- https://fruitionsite.com/

- https://www.notion.so/Hosting-Potion-Fast-custom-domains-for...

I also built my own solution which takes a different approach: https://github.com/leoncvlt/loconotion - it caches the Notion page as a static site - admittedly you lose the capability of "syncing" sites instantly but is also makes the site snappier and more responsive as it removes a lot of bloat.


> I also built my own solution which takes a different approach: https://github.com/leoncvlt/loconotion - it caches the Notion page as a static site - admittedly you lose the capability of "syncing" sites instantly but is also makes the site snappier and more responsive as it removes a lot of bloat.

Nice work! Another benefit you didn't mention is that it also makes it a lot more secure - there's no injecting anything into static pages!


Hey thanks for posting this. I didn't know people do this. I think idea to use Notion for publishing is something that I would enjoy and will give it a try.


This looks fantastic! Thanks for sharing. In a quick test on Mobile Safari with the demo site, it doesn’t seem to render a “mobile friendly” version... and worse I can’t scroll left/right. I’ll check a different device to make sure and can an open an issue with more details.


I am seeing this as well. I raised an issue on Github.


I've launched a similar product a while ago that turns documents into websites[0]. Perhaps that might also be interesting to you.

[0] https://magicdocs.co


Awesome work!


In addition to the already highlighted security vulnerabilities (you have to stop any js injection capabilities), instant publish from your domain means you are about to be swarmed with spammers. From SEO back-link builders, to “download links” for viruses or illegal content, etc. If you enable that kind of spam, your domain’s signal to noise ratio goes down substantially for sharing legitimate content.


Right — we'll solve that problem once we have it. Do you know how other platforms (Wordpress, Notion, etc) handle it?


The first step is to distance the domain of your project from the domain you use for user-generated content.

Examples: github.com vs. github.io, wordpress.org vs. wordpress.com (note that these are not subdomains, but distinct domains).

Doing so allows you to keep the two separate as far as SEO is concerned, so that your main project isn't affected regardless of what users might upload.

Then it's about putting out the fires whenever they appear.

I'd also be careful about JavaScript, since a site hosted on example.com/a will have the same origin as a site hosted on example.com/b (and therefore access to cookies). This is where a separate subdomain for each user comes in handy (so a.example.com vs b.example.com), which shouldn't be much of an issue since DNS providers usually have an API that you can call, and DNS updates should be fast when you're creating entries (as opposed to modifying existing ones).


Re/ JavaScript — as of yesterday, we serve everything in an iframe with a different origin. This should make us more robust against screw-ups, and will be essential when we start allowing script blocks in pages.

Re/ SEO — we might banish all pages without subdomains to smth like `page.brick.do/...` as opposed to `brick.do/...`. Hopefully that will help with SEO somewhat.


Are you sure that's wise?

Spam and abuse aren't exactly minor problems for publishing platforms, they're arguably the primary existential threat, the most important thing to address. Preventing them is capital-H Hard, and not the kind of thing that can be easily retrofitted to an architecture that hasn't been designed with them in mind from the beginning...


Start with separate subdomains using a wildcard DNS entry.


Two examples:

1) Mine, Heroku, we host your applications on the herokuapp.com zone not heroku.com. Putting customer sites on heroku.com would open that zone up for the kind of de-valuing the OP suggested.

2) Look at Github, githubusercontent.com is where your uploaded files are served from, not github.com. For the same reasons.


Author here — me and a friend have been working on Brick for the past several months.

It works like Notion as in "all your edits are instantly visible" — from experience, this feels very different from blogging on Wordpress or making a static site in a git repo.

I love static sites but I'm not going back to them. I can experiment much more easily with Brick.

You can do something similar with Notion, but Notion is aimed at management or personal knowledge-bases, and it shows. We have a different focus. E.g. Notion is unlikely to ever have email subscriptions or ways to let people pay for your writing, while we very well might in the future. Notion also doesn't support custom domains out of the box, or custom CSS.

Try it out! Brick is free and has no ads. The only thing is that you need a premium plan (less than $2/mo) for custom domains.


There is no info about pricing on the main page? I really don't want to sign in to see the pricing info and details of other features.


Added pricing!


Hey, this is an awesome product!

I use Notion to maintain a personal knowledge-base (which it works great for). I also maintain a newsletter, embedded into the knowledge-base, that links directly into a lot of the knowledge-base pages for when I need to reference things (which it works not so great for).

Are there plans to introduce some sort of Notion-Brick interop/synchronisation system? I'd love to use the Brick styling and custom domain features, but would like to keep Notion as my source of truth.


No plans to let you use Notion as the source of truth. Once Notion opens up their API, I expect something like that will appear very soon anyway.


Seems neat and easy! Is there any chance of equation support (like MathJax or something) in the future?


Definitely! There is a lot of low-hanging fruit in this area — what kind of widgets we support in the editor, what we can render, etc.

We prioritize feature requests from paying customers, so buying the $20/year plan is a good way to get MathJax significantly faster.


Looks good! How instant is instant? If I visit a site while he author is updating it will I see the text being added real time?


> will I see the text being added real time

No, only after a page refresh.

I think we won't have automatic page refresh because it gets complicated if the author e.g. decides to add a JS script to the page. But maybe not! Or maybe we'll add it for 99% of the users who don't embed JS into their pages.


I'm a DB guy not an HTMLer.

>> It works like Notion as in "all your edits are instantly visible"

but then

> No, only after a page refresh.

Which is pretty much what would happen with a static site, no? Edit, save, refresh, visible. Because even I've done that.

(BTW I fully respect your JS orientation but as someone who's going to have to start a blog soon but without JS I won't be able to use your stuff).


> Edit, save, refresh, visible.

Without the "save" step. This is I meant by saying "instant".


Nice work. Actually working on something quite similar. Have you played with Roam research much?


Yeah. At least a month ago Roam was unusable for publishing. A page can take literally 5 min to load.

Roam also doesn't let you have several workspaces/databases, I think.

In my experience, I actually /want/ different things in my life (notes, diaries, public writing, etc) to be in different places. I even have several note-taking apps for different contexts, even though the feature sets are very similar.

I know that for some people, being able to have EVERYTHING in one place is an awesome feature. But for me and possibly others, it's the opposite.


Just to let you know both of those issues have been solved with Roam, although page loads are still not super fast.

You can have multiple workspaces now too but they've started charging for that I believe.


I can't seem to read anything at all about pricing without signing up. I don't want to share my Google/Github account with you before seeing pricing information.

The "see Brick in action" video also doesn't play for me on Firefox.


Just logged in to have a look. Pricing plans are: free up to 2 domains and “for the first 1000 users” $20/year for 20 domains or using your custom domain.


>share my Google/Github account

sign in with google/github doesnt expose any info that you wouldnt through a traditional signup.

however, it's extremely frustrating that the pricing isn't up front or even indicated that'll be an issue


It does, in that it's much easier for me sign up with a throwaway username. It's also part of the reason HN doesn't require these SSO integrations.


I can add a script tag via the CSS. I suppose it's not much of a security risk. Might be wrong though: https://brick.do/c9878660-42ed-4b95-93b6-10a761488b5a


> I suppose it's not much of a security risk.

It wouldn't be much of a security risk if the authors had correctly isolated user content into its own origin, which would have made this a self-xss only. As it stands the app itself runs on the same origin, so this is a real XSS.


Thanks! Isolating user content is the next task on the list — we discussed it internally just yesterday. Unfortunately, we didn't think we'll need it /that/ soon.

Long-term, we definitely need more security-minded folks on the team.

Short-term, I will add an email address in the footer so that such issues can at least be reported privately.


Oof. Depending on how they store authentication data, it might be possible to get someone's session token. Let's hope the cookies are "HttpOnly".


Deployed a fix. Thanks!


Can we stop the requirement to use Gmail or Github just so I can use your service?

I want to signup for this service, but I can’t - because I use a non-gmail email service and use a non-github Git service.

What happened to thr “good old days” of just using my email address to signup for a service?


We want to have a classic sign-up option as well, sure — if only because it's one less third-party point of vulnerability for users (will be relevant when encrypted pages are there).

Unfortunately it's harder than Google/GitHub login, so we focused on other bits for the MVP.

Is there any third-party service you /would/ use for auth? Perhaps it can be enabled quickly.


No.

I purposely don’t tie my account credentials to a 3rd party.

(Which always seemed crazy to me that people would do. Especially business accounts)

EDIT: why am I getting downvotes for this comment? I’d rather you reply to this comment to create a health dialogue on this topic if you have an opinion - rather than just some random downvote without reason.


Seems to me you're being needlessly pedantic here. If you truly don't have a Google or a GitHub account, why not make a throwaway one for the purpose of signing in to things? No personal details are required to do so, and it'll take about 3 minutes if your time - pretty much exactly as long as it would take to sign up to this service using your email address, in fact.


Let’s say I do your suggestion over and over again ... well now this “throwaway” account just became my primary account credential.

Now what happens if Gmail or Github shutdowns my account. Now I’m locked out of all of these services I used to signup for. Some of these services might be business critical.

That’s why I don’t like allowing a 3rd party to own my account creditials.


Why would these companies shut down an account that you only use for credentials?


Your account might be linked to another account that did something malicious.

I'm not 100% sure but I've heard enough Google horror stories that I am migrating to Apple sign-in for everything. (Yeah, assuming that Apple won't start doing the same.)


Why would an account that you only use to sign in to things be linked to another account that did something malicious?

And what about GitHub? Have you heard of them closing accounts?


An email/password login is not difficult in the least.

And, frankly, there is zero chance I'm going to host a site with a provider who thinks it is.


Eh. It's not "hard", it's "harder".

Evaluating mail delivery services and integrating with one; going through all API handlers to check that they handle the extra "signed up but email still unconfirmed" status the right way; handlers for resending email confirmations; the password reset flow. A lot of papercuts.

Oh, and later on — having to debug email delivery issues, which always happen eventually.

This is why adding another third-party auth option is much easier than adding an email signup flow.

An alternative is the "modern" email flow where you just get a sign-in email every single time you want to login, but that's meh. I'd rather have a proper "classic" email signup flow.

All this said, I admit that email signup is one of the basic features, and we're missing it. I want to have email signup too. I just don't think it's as easy (or even /almost/ as easy) as third-party auth, and the rest is a question of priorities.


Not that difficult, except that you need:

* sign up / sign in routes.

* reset password flow

* multifactor enrollment and validation

* email verification and email templates

* rate limits to prevent brute force attacks

There is a reason entire companies exist to solve this. Properly implementing your own login creates a lot of wasted development time, especially when OAUTH2 is an industry standard.


Completely agree. I closed the tab as soon as I saw those were the only 2 signup options.


I expected "free" to mean free software. It means freemium here.

EDIT: NOTE: I mean nothing negative by freemium: I just mean there are both free and paid tiers. Not sure what the definition of freemium is.


We have paid features, right.

I thought "freemium" nowadays referred more to practices like "we'll actively make your experience worse and annoy you unless you pay", but now I think I mistook that for "free-to-play" in the game industry. Alright then! It's freemium.


I'm sorry if I've misunderstood the term. I mean absolutely no offense. I understand freemium as proprietary service with both free and paid tiers.


How is it better than Notion then?


Right now, Notion will work just as well for you if you don't mind using a third-party service for custom domains, styling, etc.

In the future, Notion and Brick will drift away significantly. Notion is unlikely to have E2E encrypted pages. Notion is unlikely to have built-in support for newsletters, especially paid newsletters a la Substack. Notion is unlikely to get built-in analytics. Etc.

Notion is powerful enough that you can use it as a pretty good writing platform, but swimming against the flow is always harder. Notion's flow, the way it seems to me, is management and knowledge bases. Ie. it's primarily for co-workers, and it is good for writers insofar as co-workers have to be writers sometimes.


For some reason, the 'See brick in action' video won't play (Chromium, Android 10). Do you have another link to the video that might work?


Other than that, the site looks pretty cool, and the idea is solid. I might give it a try ;)


Hey — the video should work now. Say if it still doesn't.


The only question I have is, If I make a personal website using this, will it show up on google when people search for my name?


Yes, all pages are indexable once Google gets ahold of the links (so if you never share the link with anyone, it's /not/ going to end up in Google — that's important).

I can find my Brick sites when I search for my name, though they are low-rank at the moment.


So looks mine is on the right track:) https://docxmanager.com


FYI on Firefox on iOS your site renders a bit oddly - the sign in button in particular has text bottom aligned within its box.


I'm also observing this behaviour[1] on the latest version of Safari as well.

[1] https://i.imgur.com/pDgXeJJ.png


Please take my advice if you want this thing to last.

Add payment/subscription support for writers. Take on substack directly.


This is planned!


The website doesn't work here, which is pretty unusual. win 10 with latest version of firefox. first time it wouldn't completely load (kept loading...), CTRL+R and it loads completely, but video won't play. I'm curious and will be back in a few days to check it out.


> first time it wouldn't completely load

Hey! Can't reproduce on vanilla Firefox. Do you have any extensions enabled? Try "Help -> Restart with Add-ons Disabled".

If it works (or if it doesn't even), can you write me at artyom@artyom.me and tell about the results? Perhaps this can be fixed from our side.

About the video — it plays for me, but poorly. Will take a look.


Nice site. With all the "focus" on micro-blogging and dislike for sites like Medium.com (I agree by the way). It might be a good show of faith, to let the users "export" their sites to MD or static HTML, if they want to host and have a copy of their website.


Exporting is on the roadmap. Currently you can `wget` your own site, but that's not a great solution.


Not sure if it's just me, but playing the 'See Brick in action' video in Firefox results in some strange behaviour: https://imgur.com/y0zJ0gB


Replaced with a better-encoded video (VLC meh, Handbrake yay). Give it another try.


Works perfectly now!


do you use webrender?



Thanks! Will be fixed.


I still want to see some example pages that are done in Brick. Also want to see the pricing details before I sign up. Currently "Sign In" is the only option available there.


Gotcha.

Sample pages:

* https://brick.do/55357459-86b9-4274-8ae4-85721987d73d — a friend wrote a post about webs of meaning

* https://brick.do/7c494481-f2e5-4a05-9a4d-19b22c76c729 — my own post detailing all my projects so far

* https://brick.do/ca51f14c-e600-4afe-b99d-71e46fbd150b — a technical post (Haskell-y) that I wrote

* https://nathanabram.com/ — this is how the default style looks like.


Should this worry me as a potential premium customer? ———————————————————————————-

I am Artyom Kazak, aka @availablegreen on Twitter. I was born in Belarus, a small Eastern European country, and lived there till 18. ... I am turning 25 in October 2020, and that is when I plan to quit coding—as a birthday gift to myself.


The opposite!

Less time coding = more time running businesses.

I'm not writing any code at Brick either.


FYI the third link (Haskell-y) has a "too many redirects" error on iOS 13 Safari.


Thanks, will look.


neongreen, you should really test how it works on Firefox. For example sing in with Github bricked (pun intended ;) ) my tab with your site, even refresh button and address bar stopped working. I had to close it and open again to see the dashboard.

Steps:

- click on "get started"

- I choose option to sing in with google.

- it opens google api in separate modal window and this does not work if you have Firefox extension to keep google in container

- so I clicked github option, and authorized your app

- after that, brick.do page has been frozen completely


Thanks! Yeah, definitely need to test on Firefox (as well as Safari).


Looks like a really good idea. Will be trying this week.


It's Notion-like, but did you build the blocks editor from scratch or is there any open-source option for Notion's block-based editor?


We are not using a block editor (I think blocks are worse for writing than the traditional model).

The only open-source block editor I know of is https://codex.so/editor.


Gutenberg is also open source and built by WordPress.


Noob question: if I share a brick URL, can it be traced back to my github, or my personal identity in any way by the people that I sent it to?


It's designed not to leak any info like that. Anonymity is super important (https://www.ribbonfarm.com/2020/01/23/being-your-selves-iden... is one of the inspirations for what I want Brick to enable.)

If you find any way to circumvent that, we'll treat it with the same priority as we treat security issues.


Note that if you share a page from a subtree, the reader will see its parents as well, but not siblings.

I.e.

    a
    b
     b2 <- if you share this, 'b' is visible, but 'a' isn't


Good to know, thanks!

Edit: Also thanks for sharing that RF article. Great read.


That RF article pushed me towards making an anonymous Twitter acc, in February, and it was the best decision of 2020 for me. Literally. Highest quality therapy I've had in my life.


Interesting. I don't have an anonymous Twitter, but I'll spout my experimental ideas in private message groups with trusted friends.

Is there something that an anon Twitter could do that the latter couldn't? Broader reach for ideas I suppose.


Hard to say. I have friends too (ha) and I'm not afraid to talk to them about my ideas, but alt Twitter still was different.


Is there a reason these types of sites are trendy now? I am seeing a new note taking/microblogging site every day now on Hacker News.


Not a microblogging site — we are pretty heavily geared towards true "sites" (places where you write long-form content, organize it, edit often, etc) rather than tweeting into the void.


lots of questions / comments:

- how do I publish? how do I see the published version?

- what does the eye at the top right do?

- Is all you can do right now just create pages and subpages of rich media?

Otherwise it's actually not a bad experience. Lots of bugs. not sure if I'll stick around or publish an article on it yet, hard to tell right now.


You don't publish! Every page you write is already available at the URL you see in your address bar. This said, it's not indexable or findable until you yourself share it somewhere. UUIDs are long enough to be unguessable.

The eye at the top switches the page into preview mode, which is currently very similar to the edit mode. You'll notice the difference if you use Twitter embeds.

All you can do right now is create pages and subpages of rich media, true. Surprisingly, this was already enough for me to start writing much more than I used to before Brick. But we have more features coming, of course (collaborative editing, etc — see the bottom of the landing page).


Looks nice! Any plans to add syntax highlighting to the code blocks?


Definitely!

Currently we prioritize feature requests from paying users, and nobody asked for syntax highlighting yet. When somebody does, I think it'll appear pretty soon.


No imprint, no privacy rules, no terms of service. Big no from me.


Gotcha.

Do you have an example of a small service with excellent privacy/TOS rules? So that I know what to treat as a high-quality exemplar when designing privacy/TOS rules for Brick.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: