
The quick website launch checklist - shabda
http://newsletter.agiliq.com/the-quick-website-launch-checklist
======
DanWaterworth
> 9\. Has a robots.txt

> You may have a lot of things you do not want the world to know about. (Eg
> user uploaded media). Use robots.txt to hide them from search engines.

That's not what a robots.txt file is for. It doesn't hide files, if anything
it makes files that you don't want the world to know about easier to find.

~~~
shabda
True, what I want to say is.

If you have a ton of user uploaded media (and such), you probably want to not
want SE to index everything. (For example to save bandwidth).

I should probably re-word that line, but I dont want to get too technical.

~~~
ceejayoz
> If you have a ton of user uploaded media (and such), you probably want to
> not want SE to index everything. (For example to save bandwidth).

Bandwidth is cheap. Ranking poorly in search engines is not.

If you've got a ton of user uploaded media, you've potentially got a ton of
content for Google to pick up on and rank you for.

~~~
jimmyjim
For something like an image hosting or pastebin site, isn't that possible a
privacy concern?

I'm curious, what is the standard practice for the storage of static media -
where are the static files (text/images) stored on the server, and how are the
appropriate config files that concern that media set up?

~~~
mtogo
If you don't want the world to see your files, actually stop them from being
accessed instead of politely asking robots to not index them.

------
rottencupcakes
I feel like this is a checklist that makes you feel like you're accomplishing
something (checking off items on the list) while never actually launching your
website.

In a way, it gives you a bunch of excuses to put off your public launch - "I
just need to fix some CSS bugs in Firefox 2" or "I just need to test the
backup restore process one more time to make sure it works". Most of us aren't
building bank software here, and if you're building anything consumer based
(think Facebook), the advantage of having a site up and getting feedback on it
over having all these things checked off is astronomical.

~~~
jsrampton
I agree with you on this but for a beginner I think it's a great list to start
with. I think a lot of people miss a lot of things on this website and don't
have a good launch because of it.

------
trotsky
Hmm, 13 drawn out items and none of them include a SQLi XSS or CSRF audit?
Odds are there are plenty. Once your db and CEO's sexting logs end up on
pastebin you'll probably be thinking that the robots.txt was pretty minor.

~~~
Pewpewarrows
Regarding 2: If you haven't done proper index/join stress tests with hundreds
of thousands to millions of rows of data pre-launch, then I really don't know
what else to say besides you're doing it wrong. Finding out two days after
launch that your schema is complete garbage or improperly indexed is an
amateur move. Placing javascript (that's not a shiv or script loader) in your
<head> to try and disguise this isn't a good start.

~~~
trotsky
Hmm, sorry, thought I was being funny. Didn't work out that way I guess.

~~~
biot
Given that the reply seemingly has nothing to do with your post, I think this
is a case of someone replying to a comment that is higher up on the page
rather than starting their own thread.

~~~
Pewpewarrows
Nope. Trotsky edited his post, one of which's points I was refuting. I don't
have the original, but it was edited long after I replied.

------
brackin
In my opinion you don't need all of this if we're talking a quick MVP launch.

------
shabda
[https://docs.google.com/a/agiliq.com/spreadsheet/ccc?key=0Aq...](https://docs.google.com/a/agiliq.com/spreadsheet/ccc?key=0Aqqb8SO5JnsvdFJFS3NTMXVzMkE4MGpkU0FQak9sZVE#gid=0)

I few folks have emailed me with some great apps to do these things. I am
tracking these here, and will publish these.

------
fuzzythinker
Similar but more detailed & technical version:
[http://programmers.stackexchange.com/questions/46716/what-
sh...](http://programmers.stackexchange.com/questions/46716/what-should-a-
developer-know-before-building-a-public-web-site)

My abridged version of it:
[https://docs.google.com/document/d/1jJGUFN6CxQUXQX49mRsJYv1H...](https://docs.google.com/document/d/1jJGUFN6CxQUXQX49mRsJYv1HfF5tSUDgLH4MTt2t7ac/edit?hl=en_US)

------
icebraining
I know the text says "... or equivalent software," but is there any great
advantage between using Google Analytics or a hosted component on your own
server? I feel it's impolite to subject your users to be tracked by Google and
other huge companies just because they visited your website. Is there at least
any tracking service that respects Mozilla's DNT[1]?

[1]: <http://dnt.mozilla.org/>

~~~
jbrkr
Piwik [1] is a great alternative to Google Analytics. It is free, open source
software, and it is typically self-hosted.

While I do not think it supports Do-Not-Track at this time, Piwik does have
configuration options to respect emerging laws on data protection and user
privacy.

[1] [http://piwik.org/blog/2011/03/piwik-can-be-used-in-
complianc...](http://piwik.org/blog/2011/03/piwik-can-be-used-in-compliance-
with-data-protection-laws/)

------
robin_reala
pingdom store passwords in plaintext:
<http://news.ycombinator.com/item?id=2865206>

~~~
wisty
That's ugly. But who cares? A sophisticated user (read, anyone using Pingdom)
won't be using the same password for their Pingdom account and their email.
Though the consequences if they did would be ugly.

~~~
rawsyntax
Generally, I use a different password for every site (using 1passwords
generate feature). That helps guard against any site storing in plaintext

~~~
mtogo
I don't understand how people get by without a password manager and a seperate
password for every site these days.

~~~
corin_
Good memory works for me.

~~~
mtogo
Ah, i'm jealous of you. I can't keep more than a few in my head at a time.

~~~
icebraining
Same here, although I don't use a password manager, I generate them based on a
fixed seed and the website's domain, using a simple algorithm. One less backup
to depend on ;)

------
tingletech
Sending an email on an error might be a bad idea. We had this set up on a
server that powers an API (along with our main site). During a network problem
in the data center where the server could not get to the mysql, we had about
10,000 requests on the sever = 10,000 emails = the outlook guys having to
reboot the exchange server because of some odd interaction with their spam
filtering appliance.

~~~
troels
I have a log that will mail me first time an error occurs. If it happens
again, it will still be logged, but I don't get an email. Once I mark the
error as resolved - if it happens again, I get an email.

~~~
rtg
Would you mind sharing how you set this up? That would actually make a great
blog post.

~~~
troels
I'm afraid I'm too busy to blog at the moment, but the code is here:
<https://github.com/troelskn/fejlvarp>

------
shabda
Wow, top of hackernews, never expected this. :)

Here is the spreadsheet I was using to think this post.

[https://spreadsheets.google.com/spreadsheet/ccc?key=0Aqqb8SO...](https://spreadsheets.google.com/spreadsheet/ccc?key=0Aqqb8SO5JnsvdHRrN3ZsTjBUMDRWV0gtOHVkY2d4cVE&hl=en_US)

If you have something, add this here, I will do a follow up post, with
additions or update this post.

------
dbuizert
Good list, but what about security?

SQLInjections etc? You need to have that covered more than the rest in my
opinion.

~~~
bigfudge
How would you 'check' it, in the sense it could be on a checklist. Are there
tools to automate this type of thing?

~~~
dbuizert
Good question. I did a quick Google search and here is a solution.
<http://sqlmap.sourceforge.net/>

You could also let a program like Nessus run on your website. But that goes
globally and will detect it.

------
anncaryn
Is there a service that alerts you when there are broken links to pictures/css
on your site?

~~~
rmc
Google Webmaster Tools?

~~~
anncaryn
Any good posts of best workflow using the webmaster tools dashboard you would
recommend?

------
lean
Similar: <http://lite.launchlist.net/>

