upgrade postprocess to 0.2.4, really unblocks issue #835 - this version of postprocess includes more extensive tests to verify that it's usage does not interfere with various supported semantics of express.

upgrade to postprocess 0.2.2 which doesn't use buffertools which monkey patches Buffer.equals() and conflicts with node-gettext.  closes #1080

fix char munging when postprocess is in play serving large files where unicode chars fall on chunk boundaries.  closes #1057

break common production config out into production.json, dev.json is dead now that dev is just an aws deployment

partial implementation of super-magic instadeploy of browserid to AWS instances.  next up?  security groups.  Then automatic git remote addition.  The addition of app user and a whole pile of tweaking on the template image.

updated to new version of client-sessions, renamed, and re-added connect-cookie-session for example primary

changed session over to benadida's node-cookie-session with encryption and signing of the cookie, closes #416, closes #832

implement a 'maximum request time' for bcrypt work.  server now fails more gracefully under backbreaking load, returning 503s to clients of the authenticate_user api.  update loadgen to be less dramatic about, but still display, 503 errors.  first part of issue #787 - a partial fix for #785 in dere too

update to jwcrypto 0.1.1 - now the verifier supports 'new style' assertions which are JWS structures separated by tildes and don't double base64 encode.  assertion size down 33%.  we still generate only old style assertions.  issue #507

move to a manual tarball of statsd, as github dynamic tgz gen seems broken, prevents npm install from working

upgrade to a branch of statsd that lazily closes ephemeral UDP ports, so that we're not allocating one UDP socket per request when under load.  closes #680

fix regression in keysigner - ensure non-default VAR_PATH is relayed to compute processes - issue #213

improve node.js version checking.  eliminate DRY violation, and use semver for robust version specification and matching.  nice yak, eh?

express our dependency on nodejs >= 0.6.3 in package.json and in code.  (note: I'm not sure package.json actually does anything useful, but it's a good place to document it)c