Nice work - seems like more and more people are using Notion to publish their own little websites. There are a few custom solutions that attempt to fix the problems that the author outlined, such as custom URLs and styling:
I also built my own solution which takes a different approach: https://github.com/leoncvlt/loconotion - it caches the Notion page as a static site - admittedly you lose the capability of "syncing" sites instantly but is also makes the site snappier and more responsive as it removes a lot of bloat.
> I also built my own solution which takes a different approach: https://github.com/leoncvlt/loconotion - it caches the Notion page as a static site - admittedly you lose the capability of "syncing" sites instantly but is also makes the site snappier and more responsive as it removes a lot of bloat.
Nice work! Another benefit you didn't mention is that it also makes it a lot more secure - there's no injecting anything into static pages!
Hey thanks for posting this. I didn't know people do this. I think idea to use Notion for publishing is something that I would enjoy and will give it a try.
This looks fantastic! Thanks for sharing. In a quick test on Mobile Safari with the demo site, it doesn’t seem to render a “mobile friendly” version... and worse I can’t scroll left/right. I’ll check a different device to make sure and can an open an issue with more details.
In addition to the already highlighted security vulnerabilities (you have to stop any js injection capabilities), instant publish from your domain means you are about to be swarmed with spammers. From SEO back-link builders, to “download links” for viruses or illegal content, etc. If you enable that kind of spam, your domain’s signal to noise ratio goes down substantially for sharing legitimate content.
The first step is to distance the domain of your project from the domain you use for user-generated content.
Examples: github.com vs. github.io, wordpress.org vs. wordpress.com (note that these are not subdomains, but distinct domains).
Doing so allows you to keep the two separate as far as SEO is concerned, so that your main project isn't affected regardless of what users might upload.
Then it's about putting out the fires whenever they appear.
I'd also be careful about JavaScript, since a site hosted on example.com/a will have the same origin as a site hosted on example.com/b (and therefore access to cookies). This is where a separate subdomain for each user comes in handy (so a.example.com vs b.example.com), which shouldn't be much of an issue since DNS providers usually have an API that you can call, and DNS updates should be fast when you're creating entries (as opposed to modifying existing ones).
Re/ JavaScript — as of yesterday, we serve everything in an iframe with a different origin. This should make us more robust against screw-ups, and will be essential when we start allowing script blocks in pages.
Re/ SEO — we might banish all pages without subdomains to smth like `page.brick.do/...` as opposed to `brick.do/...`. Hopefully that will help with SEO somewhat.
Spam and abuse aren't exactly minor problems for publishing platforms, they're arguably the primary existential threat, the most important thing to address. Preventing them is capital-H Hard, and not the kind of thing that can be easily retrofitted to an architecture that hasn't been designed with them in mind from the beginning...
1) Mine, Heroku, we host your applications on the herokuapp.com zone not heroku.com. Putting customer sites on heroku.com would open that zone up for the kind of de-valuing the OP suggested.
2) Look at Github, githubusercontent.com is where your uploaded files are served from, not github.com. For the same reasons.
Author here — me and a friend have been working on Brick for the past several months.
It works like Notion as in "all your edits are instantly visible" — from experience, this feels very different from blogging on Wordpress or making a static site in a git repo.
I love static sites but I'm not going back to them. I can experiment much more easily with Brick.
You can do something similar with Notion, but Notion is aimed at management or personal knowledge-bases, and it shows. We have a different focus. E.g. Notion is unlikely to ever have email subscriptions or ways to let people pay for your writing, while we very well might in the future. Notion also doesn't support custom domains out of the box, or custom CSS.
Try it out! Brick is free and has no ads. The only thing is that you need a premium plan (less than $2/mo) for custom domains.
I use Notion to maintain a personal knowledge-base (which it works great for). I also maintain a newsletter, embedded into the knowledge-base, that links directly into a lot of the knowledge-base pages for when I need to reference things (which it works not so great for).
Are there plans to introduce some sort of Notion-Brick interop/synchronisation system? I'd love to use the Brick styling and custom domain features, but would like to keep Notion as my source of truth.
I think we won't have automatic page refresh because it gets complicated if the author e.g. decides to add a JS script to the page. But maybe not! Or maybe we'll add it for 99% of the users who don't embed JS into their pages.
Yeah. At least a month ago Roam was unusable for publishing. A page can take literally 5 min to load.
Roam also doesn't let you have several workspaces/databases, I think.
In my experience, I actually /want/ different things in my life (notes, diaries, public writing, etc) to be in different places. I even have several note-taking apps for different contexts, even though the feature sets are very similar.
I know that for some people, being able to have EVERYTHING in one place is an awesome feature. But for me and possibly others, it's the opposite.
I can't seem to read anything at all about pricing without signing up. I don't want to share my Google/Github account with you before seeing pricing information.
The "see Brick in action" video also doesn't play for me on Firefox.
Just logged in to have a look.
Pricing plans are: free up to 2 domains and “for the first 1000 users” $20/year for 20 domains or using your custom domain.
It wouldn't be much of a security risk if the authors had correctly isolated user content into its own origin, which would have made this a self-xss only. As it stands the app itself runs on the same origin, so this is a real XSS.
Thanks! Isolating user content is the next task on the list — we discussed it internally just yesterday. Unfortunately, we didn't think we'll need it /that/ soon.
Long-term, we definitely need more security-minded folks on the team.
Short-term, I will add an email address in the footer so that such issues can at least be reported privately.
We want to have a classic sign-up option as well, sure — if only because it's one less third-party point of vulnerability for users (will be relevant when encrypted pages are there).
Unfortunately it's harder than Google/GitHub login, so we focused on other bits for the MVP.
Is there any third-party service you /would/ use for auth? Perhaps it can be enabled quickly.
I purposely don’t tie my account credentials to a 3rd party.
(Which always seemed crazy to me that people would do. Especially business accounts)
EDIT: why am I getting downvotes for this comment? I’d rather you reply to this comment to create a health dialogue on this topic if you have an opinion - rather than just some random downvote without reason.
Seems to me you're being needlessly pedantic here. If you truly don't have a Google or a GitHub account, why not make a throwaway one for the purpose of signing in to things? No personal details are required to do so, and it'll take about 3 minutes if your time - pretty much exactly as long as it would take to sign up to this service using your email address, in fact.
Let’s say I do your suggestion over and over again ... well now this “throwaway” account just became my primary account credential.
Now what happens if Gmail or Github shutdowns my account. Now I’m locked out of all
of these services I used to signup for. Some of these services might be business critical.
That’s why I don’t like allowing a 3rd party to own my account creditials.
Your account might be linked to another account that did something malicious.
I'm not 100% sure but I've heard enough Google horror stories that I am migrating to Apple sign-in for everything. (Yeah, assuming that Apple won't start doing the same.)
Evaluating mail delivery services and integrating with one; going through all API handlers to check that they handle the extra "signed up but email still unconfirmed" status the right way; handlers for resending email confirmations; the password reset flow. A lot of papercuts.
Oh, and later on — having to debug email delivery issues, which always happen eventually.
This is why adding another third-party auth option is much easier than adding an email signup flow.
An alternative is the "modern" email flow where you just get a sign-in email every single time you want to login, but that's meh. I'd rather have a proper "classic" email signup flow.
All this said, I admit that email signup is one of the basic features, and we're missing it. I want to have email signup too. I just don't think it's as easy (or even /almost/ as easy) as third-party auth, and the rest is a question of priorities.
There is a reason entire companies exist to solve this. Properly implementing your own login creates a lot of wasted development time, especially when OAUTH2 is an industry standard.
I thought "freemium" nowadays referred more to practices like "we'll actively make your experience worse and annoy you unless you pay", but now I think I mistook that for "free-to-play" in the game industry. Alright then! It's freemium.
Right now, Notion will work just as well for you if you don't mind using a third-party service for custom domains, styling, etc.
In the future, Notion and Brick will drift away significantly. Notion is unlikely to have E2E encrypted pages. Notion is unlikely to have built-in support for newsletters, especially paid newsletters a la Substack. Notion is unlikely to get built-in analytics. Etc.
Notion is powerful enough that you can use it as a pretty good writing platform, but swimming against the flow is always harder. Notion's flow, the way it seems to me, is management and knowledge bases. Ie. it's primarily for co-workers, and it is good for writers insofar as co-workers have to be writers sometimes.
Yes, all pages are indexable once Google gets ahold of the links (so if you never share the link with anyone, it's /not/ going to end up in Google — that's important).
I can find my Brick sites when I search for my name, though they are low-rank at the moment.
The website doesn't work here, which is pretty unusual. win 10 with latest version of firefox. first time it wouldn't completely load (kept loading...), CTRL+R and it loads completely, but video won't play. I'm curious and will be back in a few days to check it out.
Nice site. With all the "focus" on micro-blogging and dislike for sites like Medium.com (I agree by the way). It might be a good show of faith, to let the users "export" their sites to MD or static HTML, if they want to host and have a copy of their website.
I still want to see some example pages that are done in Brick. Also want to see the pricing details before I sign up. Currently "Sign In" is the only option available there.
Should this worry me as a potential premium customer?
———————————————————————————-
I am Artyom Kazak, aka @availablegreen on Twitter. I was born in Belarus, a small Eastern European country, and lived there till 18.
...
I am turning 25 in October 2020, and that is when I plan to quit coding—as a birthday gift to myself.
neongreen, you should really test how it works on Firefox. For example sing in with Github bricked (pun intended ;) ) my tab with your site, even refresh button and address bar stopped working. I had to close it and open again to see the dashboard.
Steps:
- click on "get started"
- I choose option to sing in with google.
- it opens google api in separate modal window and this does not work if you have Firefox extension to keep google in container
- so I clicked github option, and authorized your app
- after that, brick.do page has been frozen completely
That RF article pushed me towards making an anonymous Twitter acc, in February, and it was the best decision of 2020 for me. Literally. Highest quality therapy I've had in my life.
Not a microblogging site — we are pretty heavily geared towards true "sites" (places where you write long-form content, organize it, edit often, etc) rather than tweeting into the void.
You don't publish! Every page you write is already available at the URL you see in your address bar. This said, it's not indexable or findable until you yourself share it somewhere. UUIDs are long enough to be unguessable.
The eye at the top switches the page into preview mode, which is currently very similar to the edit mode. You'll notice the difference if you use Twitter embeds.
All you can do right now is create pages and subpages of rich media, true. Surprisingly, this was already enough for me to start writing much more than I used to before Brick. But we have more features coming, of course (collaborative editing, etc — see the bottom of the landing page).
Currently we prioritize feature requests from paying users, and nobody asked for syntax highlighting yet. When somebody does, I think it'll appear pretty soon.
Do you have an example of a small service with excellent privacy/TOS rules? So that I know what to treat as a high-quality exemplar when designing privacy/TOS rules for Brick.
- https://super.so/
- https://fruitionsite.com/
- https://www.notion.so/Hosting-Potion-Fast-custom-domains-for...
I also built my own solution which takes a different approach: https://github.com/leoncvlt/loconotion - it caches the Notion page as a static site - admittedly you lose the capability of "syncing" sites instantly but is also makes the site snappier and more responsive as it removes a lot of bloat.