added conformance tests.

tests should now pass
updated to jwcrypto that has proper callback delay guarantees and removed unnecessary setTimeouts

Updated all calls to jwcrypto to use the more intuitive API. Fixed a front-end test that was failing due to true asynchronicity of jwcrypto.

update to published v0.0.6 of node-client-sessions which is bitwise identical to what we were using before, just not hosted as a tgz on lloyd's github account - issue #1449

at authentication time, if the user has not confirmed ownership of a computer, set a shorter auth period.

rewrite compress scripts in javascript: better output, build of resources only when needed, uses multiple    cores, and leverages the same resource lists as cachify so we only express what dev resources go into what prod resources once #DRY.  closes #1009 closes #660

bump to connect-cachify@0.0.8 which re-adds ETag headers (removed due to lloyds wrong analysis and general idiocy), also moves permaurl hashes down to 10 chars).  issue #1141

See https://github.com/mozilla/connect-cachify/commit/b85c91d5ce7f6fc4e7682e1091c24d6fb19afe29

upgrade postprocess to 0.2.4, really unblocks issue #835 - this version of postprocess includes more extensive tests to verify that it's usage does not interfere with various supported semantics of express.

upgrade to postprocess 0.2.2 which doesn't use buffertools which monkey patches Buffer.equals() and conflicts with node-gettext.  closes #1080

fix char munging when postprocess is in play serving large files where unicode chars fall on chunk boundaries.  closes #1057

break common production config out into production.json, dev.json is dead now that dev is just an aws deployment

partial implementation of super-magic instadeploy of browserid to AWS instances.  next up?  security groups.  Then automatic git remote addition.  The addition of app user and a whole pile of tweaking on the template image.

updated to new version of client-sessions, renamed, and re-added connect-cookie-session for example primary

changed session over to benadida's node-cookie-session with encryption and signing of the cookie, closes #416, closes #832

implement a 'maximum request time' for bcrypt work.  server now fails more gracefully under backbreaking load, returning 503s to clients of the authenticate_user api.  update loadgen to be less dramatic about, but still display, 503 errors.  first part of issue #787 - a partial fix for #785 in dere too