remove process.exit() from loadgen upon email addition failure.  loadgen shouldn't stop till it reaches the top.

disable http agent in http_forward - it has been capping us at five simul forwarded requests per backend process (dbwriter, keysigner)

(loadgen) optimization - re-use assertions to generate synthetic load without the client compute cost

fix regression in keysigner - ensure non-default VAR_PATH is relayed to compute processes - issue #213

remove the deep __heartbeat__ checks performed from browserid (the webhead), while dbwriter should ping the database to ensure health - closes #566

improve node.js version checking.  eliminate DRY violation, and use semver for robust version specification and matching.  nice yak, eh?

express our dependency on nodejs >= 0.6.3 in package.json and in code.  (note: I'm not sure package.json actually does anything useful, but it's a good place to document it)c

(loadgen) include-only activity properly returns errors accoring to new error conventions (undefined means success)

tests to reproduce and fixes for wildy invalid assertions posted to the verifier.  closes #598 and closes #605

certs issued by anyone other than the verifier should fail until primary support is implemented.  closes #645

better input validation on audience.  accept even more forms of input (domain:port) and do the best we can to validate.  closes #642

(loadgen) when generating assertions, calculate current server time in the same manner that the webclient does - namely add a delta from session creation time to now to server time - issue #504

(loadgen) add -u option that allows one to specify a numeric range which will make load testing with a large database possible - issue #504

on a hard connection error during http forwarding, don't end the client reqeust, instead let the client formulate the error code and message

(loadgen) rename prepare.js to common.js as it holds common processes used by multiple different activities - issue #504

workaround bug in node 0.4.x - res.getHeader() throws an exception when invoked after a response is set, even though you're not mutating the response.  instead use the _headers map.

rework the authenticate_user api - now it is read only (will run on webheads) and will call over to dbwriter if and when bcrypt password update is in play.  This shifts the majority of authentication compute cost over to webheads from secure webheads - closes #560

implement update_password api - prerequsite for frontend code of issue #114 and for moving the bulk of bcrypt compute work over to webheads which is issue #560

another unit test fix for json database - if database cannot be removed, it's not an error.  it can mean it was never created

for the JSON database 'engine', don't write database at close.  This was causing browserid to stomp changes made be dbwriter during tests where server restart occurs (like bcrypt password update test) - *really* closes issue #557

re-apply "bundle vepbundle along with everything else.  use the power of symlinks.  closes #606" (post-update hooks now npm install first, and compress resources second)

This reverts commit 62978433.