I always remember in moments like these that Cloudfare is something like $50-200 a month. Wait, a quick look is $0/$20/$200 with $0 or $20 probably covering it. Hmmm.

Cloudflare doesn't cache your sql queries.

It's a static webpage. You shouldn't need to re-run SQL queries for each user.

Pages like this is literally what CDNs are great for.

That's what I was thinking. Only need to do SQL on actual registration process. That's if you use a SQL DB for it as opposed to in-memory, key-value store that persistently writes to disk. Alternatively, doing data at app layer (eg AllegroCache-style) with a partitioning scheme distributing among a number of inexpensive nodes. Quite a few things to do before we run into SQL's problems even if it involves data processing.

I'm building a CMS in the same vein as the others (WordPress, etc.) and made static page caching a first-class feature that bypasses the autoloader completely.

https://github.com/paragonie/airship/blob/e24ea5a4605336b171...

This is something that really ought to be baked-in in 2016.

Hey, while you're on, I have a quick question. I've avoided PHP in favor of more static, safe languages with small TCB's. Early on, I thought about reimplementing the runtime/libs in one or compiling it to one. Discovered Quercus PHP on Java system that claimed benefits of both. Had potential given Java gets constant bughunting and has many implementations.

What do you think of compiling PHP plus libs for app compatibility to something like Rust, Ada, or Cyclone where possible? And do you know if anyone has assessed quality/security of Quercus/Resin code in particular? Seems something like that compatible with WordPress or Airship could be quite a boost in defense of code injection at system level. Performance, too, as we saw with HipHop.

I think that would make for a very fun research project, especially if a memory-safe language like Rust were used.

In addition to your examples of Quercus and HHVM, someone is currently working on compiling PHP to .NET: http://www.peachpie.io

I'm not aware of any security audits on any of these efforts.

Well darn. I was hoping someone had reviewed them. Good to see positive feedback on the concept, though. Btw, there's also Phalanger for .NET:

https://en.wikipedia.org/wiki/Phalanger_%28compiler%29

Already runs WordPress, phpBB, etc. Anyone doing this sort of thing on .NET might consider starting with contributions to it. I'm trying to avoid CLR and JVM due to runtime complexity where possible. Aside from Rust, Go is another possible target for a simple runtime.

Cool stuff. Also libsodium by default as I expected. :) You got a summary page listing the features and advantages of the CMS for those that don't do PHP? Other than probably extra attention to quality/security. As usual, I'll pass the info along to people online that might benefit from it.

In fact, I do. It's still beta software (and the design used in the screenshot is out-of-date already).

https://paragonie.com/project/airship

Working on the PKI and plugin distribution system right now, so people can make/share themes and whatnot.

Alright. Bookmarked. So, it's a basic CMS for the niche of people/companies who need more security or uptime than feature bloat. Has better update policy and works hard to make some security features more usable. Am I reading it right?

Yep, that's about it in a nutshell.

Alright, I'll pass it along to PHP people starting new sites as I run into them.

True, but the post is about scaling Passport, not really scaling Wordpress. I haven't seen the site crash, so I seems like its just taking the server a while to server up the static content.

Your dismissive tone is concerning. Because your Wordpress site doesn't load, we can't learn about your "Passport" service, so you're wasting 10,000 prospective customers.