The pages hosting this Apache module seem to have gone dark, but I managed to grab a copy through archive.org. It's a very easy way to get rid of the ugly Basic Authentication prompt and replace it with a web page login form.

I created a new home for the module at http://modauthcookie.weebly.com/.

Hopefully, other people will find it useful too.

Since their concert in San Francisco a few months ago, I've been getting more and more into Justice. Stumbled across both of these sets -- a bit rough around the edges, but I've been listening to both non-stop for the past two weeks.

Update: and while I'm at it, here's two more Justice-themed tracks. The first is a remix of Justice's D.A.N.C.E., and the second is a remix by Justice of Love Stoned.

There's one thing I can guarantee any new startup is going to be worrying about when they launch: "Is my one (or less) web server enough?"

I've heard the question quite a few times. When we were in that stage, it was one of my biggest worries (so much so, that we initially launched a private beta). Seeing as it's a common worry, this post will address two related issues: how scalable is one web server? and should you launch a private beta?

How scalable is one web server?

More scalable than you think. I'm going to qualify that by saying that if you don't program with scalability in mind or are an idiot programmer, this might not apply.

Although we were lucky to have an awesome clustered infrastructure set up from the beginning (that I had spent a year developing for a separate venture), we actually ran Weebly off of one web server for a very long time. In fact, we can still run Weebly off of one server, total, if needs be. We currently have over 300,000 users, over 10 million page views a month, and are ranked about the top 6,000th site worldwide on the internet, and can still run off of one web server.

Plan for scalability, of course. Program with scalability in mind. But intelligently used, for most web apps, one web server can last you a long time.

Should I launch a private beta?

Short answer: no, launch public. Longer answer: probably not, launch public.

Everybody (including, initially, myself) thinks about launching a private beta when launching their product. But after seeing quite a few companies and advising another few, I think it's a bad idea.

Why? I understand the reasons for: You're scared that your product isn't ready -- or, you're positive that your product will be too popular. Opening in private beta will create an air of exclusivity. And you don't think you can scale. Et cetera...

1) Your product may or may not be ready, but it won't be that popular.
2) Your private beta won't be exclusive. In fact, nobody will know about it.
3) You can probably scale with a little effort, if things do actually go really well.
4) If you don't open up completely, you are losing users.

Think about things from your users point of view. You literally have about thirty seconds of their attention (if you're lucky). They want to like your product (they read about it, and it sounds cool). BUT, they can't try it out. It's not that they want to forget about it, but they have so many other things grabbing at their attention. Even if you ask them to submit their email address (most of them won't), you'll still convert less than 50% of those to users when you email them. It's not that they're idiots or trying to ignore you, it's just that you don't have their attention any more. The worst thing possible is if somebody wants to try your product, but can't immediately, while you still have their attention.

Basically, you're losing users. You can't afford to do that.

Even worse: if TechCrunch or any other large press source posts about you during this time, you've lost all their readers that might sign-up. And very likely, you might not get that coverage again.

There's only one reason I've ever advised anybody to try a private beta: if you (and other people around you) think that you aren't ready yet, and you need a small (read: 50 or less) group of people to try things out for you.

Occasionally, it seems to work out for some people, but I think this is more the exception than the rule -- and their product probably wasn't ready yet.

What can I do about it?

Ok, so you don't want to be like that new Yahoo! life casting thing that was down the entire couple days after it launched (even a worse way to lose your audience than a private beta, but not by much).

What can you do? Set the bar for a minimum level of service, and give that to as many people as possible, automatically. If you think your system can handle 2,000 signups, create a limit at 2,000 signups, and display a nice friendly error message after that. Make sure you'll be notified, and then put the rest on a waiting list. But don't set the limit too low. And make sure that if you hit the limit, you'll be working nonstop to increase that limit as fast as possible, to let as many people in when they want to get in as possible.

About a year ago we accepted Y Combinator funding -- one of the requirements was for us to relocate the company from State College, PA to San Francisco.

Since I had a car to bring out, I decided to drive the 3,000 or so odd miles with all of my belongings packed into my car. To make things interesting, I decided to stop every 40 miles and take a picture of myself in front of the car, in the same place.

I put this all together as a video:

This is still a first draft (I'm toying around with a couple songs I might want to use instead). Let me know what you think!

While everybody's been raving about Google's food recently -- seared scallops, salmon stuffed with crab salad, shrimp tempura and an entire cheese station -- it's sorely disappointing to notice the lack of commentary on Microsoft's fabulous cuisine.

As opposed to mere food, at Microsoft's headquarters, they serve up fresh lines of cocaine, mushroom salad, and "special" brownies, compliments of the house.

Seriously. There's just no other explanation for why Internet Explorer is so bad. I just spent an hour working on a ridiculous iframe hack so that select boxes didn't jump on top of my color chooser (or everything else on the page, for that matter).

I also debugged a choice piece of code that I was able to fix by noting that IE won't set the innerHTML property of tables. Absolutely spectacular.

The blue angels are in town for Fleet Week here in San Francisco. They've been practicing all week over Alcatraz and around the bay, and with our view, it's been awesome watching them perform some of their maneuvers. They've also been flying right over the building -- close enough to see in the cockpit. It's tons of fun, and the noise they make when flying that close shakes the windows and sets off car alarms.

We'll be BBQing on Sunday, and watching the planes from the roof. I'll upload some pictures then.

That's the state of affairs, at least, according to Alexa. The graph shows Google (yellow), Cnn.com (red) and Weebly (blue).

Of course, it is Alexa. Go to a graph one week, and come back the next: all of the historical data will have completely changed. I can see the most recent day's data changing as it gets updated -- but a week's worth?

I keep noticing startups (and larger companies, too) making some really basic mistakes that end up leading to a lot of downtime. Here's my list of 6 really easy things you can do to avoid major downtime.

1. Buy backup DNS service
This is so cheap it's a no-brainer. For about $15/year you can get a service that will constantly grab your DNS data and act as a backup if they happen to go down. Otherwise, when your DNS servers go haywire (it's happened to me and I've seen it happen to many others), you'll be stuck helpless for a few hours as people are unable to get to your site. [I've used No-IP Squared Backup, and Chris has used Nettica].

2. Buy a monitoring service
For $5/month, you can purchase a service that pings your servers every few minutes and sends you a text message if they go down. This is absolutely crucial, especially if things go to hell in the middle of the night, or any other time you might not normally be checking. Make sure to buy a service that monitors from at least 3 locations -- there's nothing worse than a few false alarms in the middle of the night, after which you won't get up for the real thing. [I've been happy with WebSitePulse -- their prices are a bit more expensive now, but you should be able to get them down to $5/month on the phone.]

3. Always make database backups before touching the database
It's one of those things you always consider and dismiss right before you bring the whole thing crashing down. Especially if you aren't making very regular backups (note: you should be), make sure to do so before you get your hands dirty. (Ever forget the WHERE clause? Not fun...)

4. Be VERY careful around power cords at Colos
Knocking out a power cord seems to happen consistently if you don't make a very concerted effort not to. It's extremely easy for a cord to jiggle a tiny bit, or for one moving server to pull on another cord in just the right way. Always plan out your server trajectories before you move them, or have someone to hold the power cords in. [Note: Why aren't snap-in power cords standard for rack mountable servers??]

5. Make your site functional in pieces
Even if your database is down, there's no reason your home page shouldn't still show, or any of your other static pages. There's a big difference from a user's point of view in between an otherwise seemingly functional site that shows a nice looking error message, and a site that spits out errors, is not accessible, or won't load at all. If Weebly's database goes down, users will see a polite "Sorry, something is wrong and we're fixing it right now" error message. Our site, blog, and all hosted user sites stay up, so a database crash just means that people can't edit their sites at the moment.

6. Use source management to roll out updates
We use darcs to manage our different source repositories, and it's a flexible and distributed system that works very well for us. Whatever you use, make sure you use some automated process to roll out updates (which doesn't include moving a directory and moving another in it's place, and, God forbid, manually diff'ing files -- there's always more to that than you anticipate). It's quite shameful to see pretty basic sites go down for hours (or days, or weeks) rolling out an update. If you're using Weebly while we push out an update, your session will automatically be refreshed without any loss of data, and you'll be up and running on the new version within seconds (with no downtime). [Darcs can be found at http://darcs.net/]

Those 6 items combined have probably caused over 80% of downtime I've been responsible for. What's your list?

One of my biggest frustrations with academia was the tendency to place emphasis on work. I've heard that this can be different at other institutions, but most people I've talked to generally agree that emphasis in college was placed on work.

Here's a recurring example: I'd often get a lower grade than other peers who "worked harder", even though my final grades or output were very clearly of a much higher quality. I generally didn't have much use for going to class, as I could learn what was presented much more efficiently on my own.

Not that I really cared about getting a B+ instead of an A -- if I did, I would have gone to every class. But it seems like the emphasis on work gives students the wrong priorities.

There seems to be two inputs to value: work and ability. If you have less ability, you can compensate by working harder than average. And if you have above average ability, you may tend to work less.

Note that ability doesn't necessarily directly translate to intelligence, and that I'm not downplaying hard work: those who both work hard and have ability will produce the most value.

But by putting emphasis squarely on work, academia is punishing those with above-average ability. My experience in college was that both the top 5% and bottom 5% of any given class did the least work, but doing less work was uniformly regarded as bad.

In the real world, though, value is most important. As an example, let's take two people who make pottery. One is a natural artist, and makes beautiful pottery. The other tries really, really hard, but the pottery isn't great. It may not be "fair" to the person who tried hard, but the beautiful pottery will be sold for much more money, as it's of higher value. What really matters to people is how much value you are providing them, not how much work you put into it.

I'm also not saying that ability can't be learned: in the above example, ability may represent both natural artistic abilities and learned skills.

It seems like a much better system would be to judge on value, and compare the final output. Those with less ability would be required to work harder to produce the same value -- they won't be taught that hard work without value is OK. And those with above average ability wouldn't be weighted down performing bullshit work; they'd have more time instead to focus on projects more interesting and useful to them.

I just realized this past week that there is currently no way to export your contact information out of Facebook. A few applications that built this functionality have been taken off-line by request for TOS violations.

Which got me thinking: What would happen if Facebook lost my information? Having gone to college in the Facebook age, would I even know who my college friends were, and how to get in touch with them? (Honestly, probably not)

I sent this question off to Facebook support. Jamie replied:
"Unfortunately, the feature you are requesting is not presently available. We will keep your suggestion in mind, however, as we continue to improve the site. Let me know if you have any further questions."

With all of this excitement over Platform -- even more data in -- how do we find it acceptable that we're unable to back-up any data, at all? In 20 years, will I ever be able to get access to all of the interactions and information that I put into Facebook?

And how do we find it acceptable that Facebook is actively working against us getting any information out?

Edit: Alex3917 on news.YC posts: "There used to be an option to export to CSV. Looks like they got rid of it. The fact that they are actually removing functionality says something."