Movie subscription service MoviePass has been in the news this week. The service has been around for several years, and this week the company announced they are reducing the price of their subscription service to $9.95 per month.

We can argue all day about how exactly MoviePass is going to make money by selling $10 plans that allow subscribers to see a movie per day in a movie theater. We can debate if the service will scale, how they’ll make money by selling data, and so on. But this isn’t that kind of blog.

Hammer Brother Going after MoviePass' websiteWhat we can dig into is what’s happened to MoviePass’ website this week.

It’s gotten hammered.

It has been several days since the announcement, and the website is still suffering sluggish performance, intermittent outages, and  lots of broken images and icons. Let’s do a quick look at their infrastructure.

Quick fixes

I believe there both large and small things that MoviePass can/should have done to keep the site online and accepting new customers. After all, without customers, they won’t have a service very long.


MoviePass HostingIn looking at their IPs, it looks as if they’re hosted by eNOM. This may not be 100% true, as during a period of downtime earlier this week, it looked like the site might be hosted at Linode. So we’re unsure on this one, but whatever plan it was, it wasn’t enough.

If it were me, I would have a site like this live at a cloud provider like Amazon Web Services or Google, where I would be able to set up a load balanced arrangement and add servers as needed to meet demand, then scale them off when demand dropped. After this initial rush, you may not need 10 web servers, but for now, you probably do.

Content Delivery Network

All the images and the all the javascripts except for one are hosted in an Amazon S3 bucket. That’s very good – a nice way relieve traffic on  your application server. The good news is that s3 traffic is relatively cheap. Again, if it were me, I’d go a step further and serve those assets from Cloudfront, which will distribute them and serve them from the closest data center to the user. S3 will only serve content from the datacenter where the bucket was created. That means users in Seattle will have to pull data from Virginia, for example.

404s and API Errors

There are several 404 errors and some API errors from Google. Those will also slow down the site as the images are asked for, and the API returns errors instead of content. Tweaking those will increase page draw speed and reducing errors is always good.

MoviePass errors

Transactional Email

These 404 errors also carry over to the welcome email you get as a new customer. Yes, I totally signed up. I love movies and figured I’d try it out. These broken images doesn’t make for a very welcoming experience. See:

MoviePass email message

Kudos to MoviePass for using a 3rd party transactional email sending service like SendGrid. I’m a SendGrid customer, and the service is great, but with a bit of setup, you can get rid of the “via” message in the header. Most users probably don’t notice that, but I do and its easy to fix. I’ve written about outsourcing your transactional email before.

I’m excited to try the service out, and I hope MoviePass makes it. Guys, if you need any help with your site, hit me up. I’ll trade you for some free movie passes.

Password Security ImageA door made out of the strongest metal still wouldn’t offer any protection if it was secured with a twist-tie. Likewise, even the most sophisticated online security system can be bypassed in seconds if hackers acquire a user’s password. They’re easy to get when a website is storing passwords in plain text, but that’s a different story.

When people have weak passwords, there’s very little keeping their sensitive information safe. However, when it comes to passwords, many users still choose something that’s easy to remember over something that would be safer. That means hackers and thieves have much less work to do when they try to crack open users’ accounts, resulting in data breaches that put those users and others at risk. Although IT professionals continually stress the importance of choosing a password that is difficult to crack, many users don’t heed the advice.

On the other hand, the most secure passwords have the problem of being extremely difficult for people to remember easily. That’s why so many people use formulas for creating their passwords that make them easier to figure out for hackers. Some people believe that substituting numbers for letters in common words is enough to make a password difficult to guess. Yet substituting a zero for the “o” in “hello” is obvious enough to hackers that it’s practically the same as spelling the word the correct way.

Just this week, in fact, the man that told people to replace numbers for letters said this advice was wrong.

Personally, I use a password manager to handle all my passwords. I use 1Password, but LastPass and KeePass are also good tools. All I need to remember is a strong master password, and 1Password does the rest of the work in keeping my super strong passwords safe.

Having strong passwords for each of the important websites and Internet portals you use regularly is essential today. Use the following checklist when creating a password to help you avoid some of the most common mistakes that lead to weak passwords. This guide also tells you what steps you need to take if you believe your password may have been compromised to protect yourself and your data. A door is only as strong as the lock on it, and your Internet security is only as strong as the password you use to access it.

Presented by MNS Group

Recently, Facebook has made a change for fan/brand pages and page managers can no longer change the images, headlines, and excerpts show when including a link in a post. Instead, they rely on open graph tags.

On one hand, it’s annoying because if you were linking to a page you didn’t control, sometimes you would find yourself needing to adjust the description or excerpt if there wasn’t one. On the other, I think you can see where this editing power could lead people to create and/or propagate, wait for it, “fake  news.”

For those people that manage College and University pages, this is especially frustrating. Most of the time we are sharing links, it is to pages that we control and linking somewhere in our school’s network of websites. Even then, we can’t be sure people have correctly tagged their pages.

This is important because having clear, interesting copy and images on your posts not only affects us when we share our own content, other people share our content too. We want to make sure our content looks great when shown to others as well!

For several years, Facebook has been using “open graph” tags, similar to the meta tags of old, as a guide to use when sharing a post. These OG tags include a post title, URL, description, image, and more. Here’s an example:

<meta property="og:url" content="" />;
<meta property="og:type" content="article" />;
<meta property="og:title" content="When Great Minds Don’t Think Alike" />;
<meta property="og:description" content="How much does culture influence creative thinking?" />
<meta property="og:image" content="" />

You can set these open graph tags manually in your code. If you use WordPress, most of the SEO plugins including Yoast will set these tags for you and allow you to customize content for them.

One area where this gets tricky is with the featured image. Unless you specify a particular image in your code, the WordPress tools like Yoast use the default image you set in the plugin’s settings.

Facebook and Twitter want large images as your featured images, so make sure they’re at least 200px wide by 200px high. Facebook would love that to be higher. They say in their developer area:

Use images that are at least 1200 x 630 pixels for the best display on high resolution devices. At the minimum, you should use images that are 600 x 315 pixels to display link page posts with larger images. Images can be up to 8MB in size.

Time to test your content

Once you’ve got all your open graph tags ready, it’s time to test. Don’t wait to check until you’re ready to post your story or tweet that, um, tweet.

Facebook has a handy debugging tools that will show you what it sees when it scrapes your page and shares it.

When you enter a URL into Facebook’s sharing debugger, you get this back. These are the results for a previous post on this blog about Snapchat.

Example of Facebook Sharing Debugger Output

As you can see, it has a good post title and the correct description. I’m not crazy about that image, though. It’s just grabbed one from the post to share, as I don’t have a default image setup for this blog.

I’m using Yoast SEO on this site, so I can easily change that image. Before I do that, I need to clear Facebook’s cache of my post. To do that, I need to paste my URL into the Batch Invalidator. This will basically retcon Facebook and make them grab a fresh version of my page. You can enter URL’s one by one here, or paste many (hence, the batch in the name.)

I created a custom graphic, added it to Yoast, invalidated my URL, and re-scraped. Now, Facebook shows me this:

Open Graph Example

Yes, that’s an ugly graphic, but I only spent 2 minutes on it. Now, Facebook sees the graphic I intended as opposed to a random image Yoast and/or Facebook selected or my default image.