diff --git a/.mailmap b/.mailmap
index b50bae079a..42f74158ab 100644
--- a/.mailmap
+++ b/.mailmap
@@ -8,7 +8,10 @@
 # For any emails that show up in the shortlog that aren't in one of
 # these lists, figure out their GitHub username and add them.
 
+GITHUB: aldeed <eric@dairystatedesigns.com>
 GITHUB: AlexeyMK <alexey@alexeymk.com>
+GITHUB: apendua <apendua@gmail.com>
+GITHUB: arbesfeld <arbesfeld@gmail.com>
 GITHUB: DenisGorbachev <Denis.Gorbachev@faster-than-wind.ru>
 GITHUB: EOT <eot@gmx.at>
 GITHUB: FooBarWidget <honglilai@gmail.com>
@@ -20,10 +23,12 @@ GITHUB: awwx <andrew.wilcox@gmail.com>
 GITHUB: cmather <mather.chris@gmail.com>
 GITHUB: codeinthehole <david.winterbottom@gmail.com>
 GITHUB: dandv <ddascalescu+github@gmail.com>
+GITHUB: davegonzalez <gonzalez.dalex@gmail.com>
 GITHUB: emgee3 <hello@gravitronic.com>
 GITHUB: icellan <icellan@icellan.com>
 GITHUB: jacott <geoffjacobsen@gmail.com>
 GITHUB: jfhamlin <jfhamlin@gmail.com>
+GITHUB: justinsb <justin@fathomdb.com>
 GITHUB: marcandre <github@marc-andre.ca>
 GITHUB: mart-jansink <m.jansink@gmail.com>
 GITHUB: meawoppl <meawoppl@gmail.com>
@@ -33,7 +38,9 @@ GITHUB: mitar <mitar.github@tnode.com>
 GITHUB: mizzao <mizzao@gmail.com>
 GITHUB: mquandalle <maxime.quandalle@gmail.com>
 GITHUB: nathan-muir <ndmuir@gmail.com>
+GITHUB: Neftedollar <oildollar@gmail.com>
 GITHUB: paulswartz <paulswartz@gmail.com>
+GITHUB: Pent <jon@empire5design.com>
 GITHUB: queso <joshua.owens@gmail.com>
 GITHUB: rdickert <robert.dickert@gmail.com>
 GITHUB: rgould <rwgould@gmail.com>
@@ -50,6 +57,7 @@ METEOR: dgreensp <dgreenspan@alum.mit.edu>
 METEOR: estark37 <emily@meteor.com>
 METEOR: estark37 <estark37@gmail.com>
 METEOR: glasser <glasser@meteor.com>
+METEOR: glasser <glasser@davidglasser.net>
 METEOR: gschmidt <geoff@geoffschmidt.com>
 METEOR: karayu <lele.yu@gmail.com>
 METEOR: n1mmy <nim@meteor.com>
@@ -57,3 +65,4 @@ METEOR: sixolet <naomi@meteor.com>
 METEOR: Slava <slava@meteor.com>
 METEOR: stubailo <sashko@mit.edu>
 METEOR: ekatek <ekate@meteor.com>
+
diff --git a/History.md b/History.md
index 2fc9926153..ec6b87b515 100644
--- a/History.md
+++ b/History.md
@@ -1,5 +1,130 @@
 ## v.NEXT
 
+#### Meteor Accounts
+
+* Fix a security flaw in OAuth1 and OAuth2 implementations. If you are
+  using any OAuth accounts packages (such as `accounts-google` or
+  `accounts-twitter`), we recommend that you update immediately and log
+  out your users' current sessions with the following MongoDB command:
+
+    $ db.users.update({}, { $set: { 'services.resume.loginTokens': [] } }, { multi: true });
+
+* OAuth redirect URLs are now required to be on the same origin as your app.
+
+* Log out a user's other sessions when they change their password.
+
+* Store pending OAuth login results in the database instead of
+  in-memory, so that an OAuth flow succeeds even if different requests
+  go to different server processes.
+
+* When validateLoginAttempt callbacks return false, don't override a more
+  specific error message.
+
+* Add `Random.secret()` for generating security-critical secrets like
+  login tokens.
+
+* `Meteor.logoutOtherClients` now calls the user callback when other
+  login tokens have actually been removed from the database, not when
+  they have been marked for eventual removal.  #1915
+
+* Rename `Oauth` to `OAuth`.  `Oauth` is now an alias for backwards
+  compatibility.
+
+* Add `oauth-encryption` package for encrypting sensitive account
+  credentials in the database.
+
+* A validate login hook can now override the exception thrown from
+  `beginPasswordExchange` like it can for other login methods.
+
+* Remove an expensive observe over all users in the `accounts-base`
+  package.
+
+
+#### Blaze
+
+* Disallow `javascript:` URLs in URL attribute values by default, to
+  help prevent cross-site scripting bugs. Call
+  `UI._allowJavascriptUrls()` to allow them.
+
+* Fix `UI.toHTML` on templates containing `{{#with}}`.
+
+* Fix `{{#with}}` over a data context that is mutated.  #2046
+
+* Clean up autoruns when calling `UI.toHTML`.
+
+* Add support for `{{!-- block comments --}}` in Spacebars. Block comments may
+  contain `}}`, so they are more useful than `{{! normal comments}}` for
+  commenting out sections of Spacebars templates.
+
+* Don't dynamically insert `<tbody>` tags in reactive tables
+
+* When handling a custom jQuery event, additional arguments are
+  no longer lost -- they now come after the template instance
+  argument.  #1988
+
+
+#### DDP and MongoDB
+
+* Extend latency compensation to support an arbitrary sequence of
+  inserts in methods.  Previously, documents created inside a method
+  stub on the client would eventually be replaced by new documents
+  from the server, causing the screen to flicker.  Calling `insert`
+  inside a method body now generates the same ID on the client (inside
+  the method stub) and on the server.  A sequence of inserts also
+  generates the same sequence of IDs.  Code that wants a random stream
+  that is consistent between method stub and real method execution can
+  get one with `DDP.randomStream`.
+  https://trello.com/c/moiiS2rP/57-pattern-for-creating-multiple-database-records-from-a-method
+
+* DDP now has an implementation of bidirectional heartbeats which is consistent
+  across SockJS and websocket transports. This enables connection keepalive and
+  allows servers and clients to more consistently and efficiently detect
+  disconnection.
+
+* The DDP protocol version number has been incremented to "pre2" (adding
+  randomSeed and heartbeats).
+
+* The oplog observe driver handles errors communicating with MongoDB
+  better and knows to re-poll all queries after a MongoDB failover.
+
+* Fix bugs involving mutating DDP method arguments.
+
+
+#### meteor command-line tool
+
+* Move boilerplate HTML from tools to webapp.  Change internal
+  `Webapp.addHtmlAttributeHook` API.
+
+* Add `meteor list-sites` command for listing the sites that you have
+  deployed to meteor.com with your Meteor developer account.
+
+* Third-party template languages can request that their generated source loads
+  before other JavaScript files, just like *.html files, by passing the
+  isTemplate option to Plugin.registerSourceHandler.
+
+* You can specify a particular interface for the dev mode runner to bind to with
+  `meteor -p host:port`.
+
+* Don't include proprietary tar tags in bundle tarballs.
+
+* Convert relative URLs to absolute URLs when merging CSS files.
+
+
+#### Upgraded dependencies
+
+* Node.js from 0.10.25 to 0.10.26.
+* MongoDB driver from 1.3.19 to 1.4.1
+* stylus: 0.42.3 (from 0.42.2)
+* showdown: 0.3.1
+* css-parse: an unreleased version (from 1.7.0)
+* css-stringify: an unreleased version (from 1.4.1)
+
+
+Patches contributed by GitHub users aldeed, apendua, arbesfeld, awwx, dandv,
+davegonzalez, emgee3, justinsb, mquandalle, Neftedollar, Pent, sdarnell,
+and timhaines.
+
+
 ## v0.8.0.1
 
 * Fix security flaw in OAuth1 implementation. Clients can no longer
diff --git a/LICENSE.txt b/LICENSE.txt
index afa98ec4df..448afeb0e4 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -561,6 +561,65 @@ html5: https://github.com/aredridel/html5
 Copyright (c) 2010 Aria Stewart <aredridel@nbtsc.org>
 
 
+----------
+node-aes-gcm: https://github.com/xorbit/node-aes-gcm
+----------
+
+Copyright (c) 2013 Patrick Van Oosterwijck
+
+
+----------
+nan: https://github.com/rvagg/nan
+----------
+
+Copyright 2013, NAN contributors:
+  - Rod Vagg <https://github.com/rvagg>
+  - Benjamin Byholm <https://github.com/kkoopa>
+  - Trevor Norris <https://github.com/trevnorris>
+  - Nathan Rajlich <https://github.com/TooTallNate>
+  - Brett Lawson <https://github.com/brett19>
+  - Ben Noordhuis <https://github.com/bnoordhuis>
+(the "Original Author")
+All rights reserved.
+
+MIT +no-false-attribs License
+
+Permission is hereby granted, free of charge, to any person
+obtaining a copy of this software and associated documentation
+files (the "Software"), to deal in the Software without
+restriction, including without limitation the rights to use,
+copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following
+conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+Distributions of all or part of the Software intended to be used
+by the recipients as they would use the unmodified Software,
+containing modifications that substantially alter, remove, or
+disable functionality of the Software, outside of the documented
+configuration mechanisms provided by the Software, shall be
+modified such that the Original Author's bug reporting email
+addresses and urls are either replaced with the contact information
+of the parties responsible for the changes, or removed entirely.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+
+Except where noted, this license applies to any and all software
+programs and associated documentation files created by the
+Original Author, when distributed with the Software.
+
+
 
 ==============
 Apache License
@@ -1509,6 +1568,39 @@ OTHER DEALINGS IN THE SOFTWARE.
 For more information, please refer to <http://unlicense.org/>
 
 
+----------
+npm-install-checks: https://github.com/npm/npm-install-checks
+----------
+
+Copyright (c) Robert Kowalski and Isaac Z. Schlueter ("Authors")
+All rights reserved.
+
+The BSD License
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS
+BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
+BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
+OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
 ----------
 tough-cookie: https://github.com/goinstant/tough-cookie
 ----------
diff --git a/docs/.meteor/release b/docs/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/docs/.meteor/release
+++ b/docs/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/docs/client/api.html b/docs/client/api.html
index 41c88d2f72..ff1f70e001 100644
--- a/docs/client/api.html
+++ b/docs/client/api.html
@@ -1710,6 +1710,11 @@ example, to support GitHub login, run `$ meteor add accounts-github` and use the
         Session.set('errorMessage', err.reason || 'Unknown error');
     });
 
+Login service configuration is sent from the server to the client over DDP when
+your app starts up; you may not call the login function until the configuration
+is loaded. The function `Accounts.loginServicesConfigured()` is a reactive data
+source that will return true once the login service is configured; you should
+not make login buttons visible or active until it is true.
 
 
 {{> api_box currentUser}}
@@ -1848,10 +1853,18 @@ proceed.  If the callback returns a falsy value or throws an
 exception, the login is aborted.  Throwing a `Meteor.Error` will
 report the error reason to the user.
 
-All registered validate login callbacks are called, even if one of the
-callbacks aborts the login.  The later callbacks will see the
-`allowed` field set to `false` since the login will now not be
-successful.
+All registered validate login callbacks are called, even if one of the callbacks
+aborts the login.  The later callbacks will see the `allowed` field set to
+`false` since the login will now not be successful.  This allows later callbacks
+to override an error from a previous callback; for example, you could override
+the "Incorrect password" error with a different message.
+
+Validate login callbacks that aren't explicitly trying to override a previous
+error generally have no need to run if the attempt has already been determined
+to fail, and should start with
+
+    if (!attempt.allowed)
+      return false;
 
 
 {{> api_box accounts_onLogin}}
diff --git a/docs/client/api.js b/docs/client/api.js
index 4d83217bb5..4bffbeb556 100644
--- a/docs/client/api.js
+++ b/docs/client/api.js
@@ -58,12 +58,18 @@ Template.api.settings = {
   id: "meteor_settings",
   name: "Meteor.settings",
   locus: "Anywhere",
-  descr: ["`Meteor.settings` contains deployment-specific configuration options. " +
-          "You can initialize settings by passing the `--settings` option (which takes a file containing JSON data) to " +
-          "`meteor run` or `meteor deploy`, " +
-          "or by setting your server process's `METEOR_SETTINGS` environment variable to a JSON string. " +
-          "If you don't provide any settings, `Meteor.settings` will be an empty object.  If the settings object contains a key named `public`, then " +
-          "`Meteor.settings.public` will be available on the client as well as the server.  All other properties of `Meteor.settings` are only defined on the server."]
+  descr: ["`Meteor.settings` contains deployment-specific configuration " +
+          "options. You can initialize settings by passing the `--settings` " +
+          "option (which takes the name of a file containing JSON data) to " +
+          "`meteor run` or `meteor deploy`. When running your server " +
+          "directly (e.g. from a bundle), you instead specify settings by " +
+          "putting the JSON directly into the `METEOR_SETTINGS` environment " +
+          "variable. " +
+          "If you don't provide any settings, `Meteor.settings` will be an " +
+          "empty object.  If the settings object contains a key named " +
+          "`public`, then `Meteor.settings.public` will be available on the " +
+          "client as well as the server.  All other properties of " +
+          "`Meteor.settings` are only defined on the server."]
 };
 
 Template.api.release = {
@@ -1158,6 +1164,11 @@ Template.api.accounts_config = {
       name: "loginExpirationInDays",
       type: "Number",
       descr: "The number of days from when a user logs in until their token expires and they are logged out. Defaults to 90. Set to `null` to disable login expiration."
+    },
+    {
+      name: "oauthSecretKey",
+      type: "String",
+      descr: "When using the `oauth-encryption` package, the 16 byte key using to encrypt sensitive account credentials in the database, encoded in base64.  This option may only be specifed on the server.  See packages/oauth-encryption/README.md for details."
     }
   ]
 };
@@ -1678,7 +1689,7 @@ Template.api.httpcall = {
   args: [
     {name: "method",
      type: "String",
-     descr: 'The HTTP method to use: "`GET`", "`POST`", "`PUT`", or "`DELETE`".'},
+     descr: 'The [HTTP method](http://en.wikipedia.org/wiki/HTTP_method) to use, such as "`GET`", "`POST`", or "`HEAD`".'},
     {name: "url",
      type: "String",
      descr: 'The URL to retrieve.'},
@@ -1713,7 +1724,7 @@ Template.api.httpcall = {
      descr: "Maximum time in milliseconds to wait for the request before failing.  There is no timeout by default."},
     {name: "followRedirects",
      type: "Boolean",
-     descr: "If true, transparently follow HTTP redirects.  Cannot be set to false on the client."}
+     descr: "If `true`, transparently follow HTTP redirects. Cannot be set to `false` on the client. Default `true`."}
   ]
 };
 
diff --git a/docs/client/concepts.html b/docs/client/concepts.html
index 30df284a68..6edef8e354 100644
--- a/docs/client/concepts.html
+++ b/docs/client/concepts.html
@@ -741,7 +741,7 @@ To get started, run
 This command will generate a fully-contained Node.js application in the form of
 a tarball.  To run this application, you need to provide Node.js 0.10 and a
 MongoDB server.  (The current release of Meteor has been tested with Node
-0.10.25; older versions contain a serious bug that can cause production servers
+0.10.26; older versions contain a serious bug that can cause production servers
 to stall.) You can then run the application by invoking node, specifying the
 HTTP port for the application to listen on, and the MongoDB endpoint.  If
 you don't already have a MongoDB server, we can recommend our friends at
diff --git a/docs/client/docs.css b/docs/client/docs.css
index 70afcfd9cd..5240351084 100644
--- a/docs/client/docs.css
+++ b/docs/client/docs.css
@@ -173,7 +173,7 @@ a:hover {
 /** Main pane **/
 
 #main {
-    margin: 10px;
+    margin: 10px 10px 10px 60px;
     line-height: 1.3;
     color: #333333;
 }
@@ -407,10 +407,34 @@ dl.callbacks {
 
 /** layout control **/
 
-/* default to no sidebar */
-#nav {
+#menu-ico {
+    font-size: 30px;
+    float: right;
+    position: fixed;
+    top: 3px;
+    left: 6px;
+}
+
+#menu-ico.hidden {
     display: none;
 }
+
+/* default to no sidebar */
+#nav {
+    display: block;
+    background: #FFF;
+    position: fixed;
+    width: 260px;
+    height: 100%;
+    top: 0;
+    left: -220px;
+}
+
+#nav.show {
+    left: 0;
+    overflow: auto;
+}
+
 .github-ribbon {
     display: none;
 }
@@ -419,37 +443,44 @@ pre {
 }
 
 @media (min-width: 768px) {
-/* ipad portrait or better */
-#main {
-    width: 440px;
-    height: 100%;
-    margin-left: 260px; /* nav width + padding */
-    padding: 30px;
-}
-#nav {
-    display: block;
-    width: 200px;
-    position: fixed;
-    overflow: auto;
-    height: 100%;
-    top: 0;
-    left: 0;
-}
-.main-headline {
-    display: none;
-}
+    /* ipad portrait or better */
+    #main {
+        width: 440px;
+        height: 100%;
+        margin-left: 260px; /* nav width + padding */
+        padding: 30px;
+    }
+    #nav {
+        display: block;
+        width: 200px;
+        position: fixed;
+        overflow: auto;
+        height: 100%;
+        top: 0;
+        left: 0;
+    }
+    .main-headline {
+        display: none;
+    }
+
+    #menu-ico {
+        display: none;
+    }
 }
 
 @media (min-width: 1024px) {
-/* ipad landscape and desktop */
-#main {
-    width: 610px;
-    margin-left: 330px; /* nav width + padding */
-}
-#nav {
-    width: 270px;
-}
-.github-ribbon {
-    display: block;
-}
+    /* ipad landscape and desktop */
+    #main {
+        width: 610px;
+        margin-left: 330px; /* nav width + padding */
+    }
+    #nav {
+        width: 270px;
+    }
+    .github-ribbon {
+        display: block;
+    }
+    #menu-ico {
+        display: none;
+    }
 }
diff --git a/docs/client/docs.html b/docs/client/docs.html
index c67d0b6139..b2bcfe2f78 100644
--- a/docs/client/docs.html
+++ b/docs/client/docs.html
@@ -8,7 +8,7 @@
 </head>
 
 <body>
-  <div id="nav">
+  <div id="nav" class="hide">
     {{> nav }}
   </div>
   <div id="main">
@@ -23,6 +23,7 @@
 </body>
 
 <template name="nav">
+  <div id="menu-ico"><a href="#">&#9776;</a></div>
   <div id="nav-inner">
     {{#each sections}}
       {{#if type "spacer"}}
diff --git a/docs/client/docs.js b/docs/client/docs.js
index 3c004adca7..5873bc04b7 100644
--- a/docs/client/docs.js
+++ b/docs/client/docs.js
@@ -88,8 +88,18 @@ Meteor.startup(function () {
 
   // Make external links open in a new tab.
   $('a:not([href^="#"])').attr('target', '_blank');
+
+  // Hide menu by tapping on background
+  $('#main').on('click', function () {
+    hideMenu();
+  });
 });
 
+var hideMenu = function () {
+  $('#nav').removeClass('show');
+  $('#menu-ico').removeClass('hidden');
+};
+
 var toc = [
   {name: "Meteor " + Template.headline.release(), id: "top"}, [
     "Quick start",
@@ -348,6 +358,7 @@ var toc = [
     "force-ssl",
     "jquery",
     "less",
+    "oauth-encryption",
     "random",
     "spiderable",
     "stylus",
@@ -405,7 +416,7 @@ Template.nav.sections = function () {
 
 Template.nav.type = function (what) {
   return this.type === what;
-}
+};
 
 Template.nav.maybe_current = function () {
   return Session.equals("section", this.id) ? "current" : "";
@@ -415,6 +426,18 @@ Template.nav_section.depthIs = function (n) {
   return this.depth === n;
 };
 
+// Show hidden TOC when menu icon is tapped
+Template.nav.events({
+  'click #menu-ico' : function () {
+    $('#nav').addClass('show');
+    $('#menu-ico').addClass('hidden');
+  },
+  // Hide TOC when selecting an item
+  'click a' : function () {
+    hideMenu();
+  }
+});
+
 UI.registerHelper('dstache', function() {
   return '{{';
 });
diff --git a/docs/client/packages.html b/docs/client/packages.html
index e1b79538e7..a638d180aa 100644
--- a/docs/client/packages.html
+++ b/docs/client/packages.html
@@ -28,6 +28,7 @@ and removed with:
 {{> pkg_force_ssl}}
 {{> pkg_jquery}}
 {{> pkg_less}}
+{{> pkg_oauth_encryption}}
 {{> pkg_random}}
 {{> pkg_spiderable}}
 {{> pkg_stylus}}
diff --git a/docs/client/packages/oauth-encryption.html b/docs/client/packages/oauth-encryption.html
new file mode 100644
index 0000000000..1678bebf93
--- /dev/null
+++ b/docs/client/packages/oauth-encryption.html
@@ -0,0 +1,9 @@
+<template name="pkg_oauth_encryption">
+{{#markdown}}
+## `oauth-encryption`
+
+Encrypts sensitive account credential information stored in the
+database.  See packages/oauth-encryption/README.md for details.
+
+{{/markdown}}
+</template>
diff --git a/docs/client/packages/random.html b/docs/client/packages/random.html
index a9684035f4..1b85ccd4bf 100644
--- a/docs/client/packages/random.html
+++ b/docs/client/packages/random.html
@@ -10,9 +10,18 @@ servers that don't have enough entropy to seed the cryptographically strong
 generator).
 
 <dl class="callbacks">
-{{#dtdd "Random.id()"}}
-Returns a unique identifier, such as `"Jjwjg6gouWLXhMGKW"`, that is likely to
-be unique in the whole world.
+{{#dtdd "Random.id([n])"}}
+Returns a unique identifier, such as `"Jjwjg6gouWLXhMGKW"`, that is
+likely to be unique in the whole world. The optional argument `n`
+specifies the length of the identifier in characters and defaults to 17.
+{{/dtdd}}
+
+{{#dtdd "Random.secret([n])"}}
+Returns a random string of printable characters with 6 bits of
+entropy per character. The optional argument `n` specifies the length of
+the secret string and defaults to 43 characters, or 256 bits of
+entropy. Use `Random.secret` for security-critical secrets that are
+intended for machine, rather than human, consumption.
 {{/dtdd}}
 
 {{#dtdd "Random.fraction()"}}
diff --git a/docs/client/packages/spiderable.html b/docs/client/packages/spiderable.html
index 9afade0eac..d3adbd6339 100644
--- a/docs/client/packages/spiderable.html
+++ b/docs/client/packages/spiderable.html
@@ -33,6 +33,14 @@ If you deploy your application with `meteor bundle`, you must install
 `$PATH`. If you use `meteor deploy` this is already taken care of.
 {{/warning}}
 
+{{#warning}}
+When running your page, `spiderable` will wait for all publications
+to be ready. Make sure that all of your [`publish functions`](#meteor_publish)
+either return a cursor (or an array of cursors), or eventually call
+[`this.ready()`](#publish_ready). Otherwise, the `phantomjs` executions
+will fail.
+{{/warning}}
+
 
 {{/markdown}}
 </template>
diff --git a/docs/lib/release-override.js b/docs/lib/release-override.js
index 6ca2e658be..092a327c3b 100644
--- a/docs/lib/release-override.js
+++ b/docs/lib/release-override.js
@@ -1,5 +1,5 @@
 // While galaxy apps are on their own special meteor releases, override
 // Meteor.release here.
 if (Meteor.isClient) {
-  Meteor.release = Meteor.release ? "0.8.0.1" : undefined;
+  Meteor.release = Meteor.release ? "0.8.1" : undefined;
 }
diff --git a/examples/clock/.meteor/release b/examples/clock/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/examples/clock/.meteor/release
+++ b/examples/clock/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/examples/leaderboard/.meteor/release b/examples/leaderboard/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/examples/leaderboard/.meteor/release
+++ b/examples/leaderboard/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/examples/parties/.meteor/release b/examples/parties/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/examples/parties/.meteor/release
+++ b/examples/parties/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/examples/todos/.meteor/release b/examples/todos/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/examples/todos/.meteor/release
+++ b/examples/todos/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/examples/wordplay/.meteor/release b/examples/wordplay/.meteor/release
index 4b324f2d8f..6f4eebdf6f 100644
--- a/examples/wordplay/.meteor/release
+++ b/examples/wordplay/.meteor/release
@@ -1 +1 @@
-0.8.0.1
+0.8.1
diff --git a/meteor b/meteor
index 29fe3a330c..a89420b584 100755
--- a/meteor
+++ b/meteor
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-BUNDLE_VERSION=0.3.33
+BUNDLE_VERSION=0.3.34
 
 # OS Check. Put here because here is where we download the precompiled
 # bundles that are arch specific.
diff --git a/packages/accounts-base/accounts_client.js b/packages/accounts-base/accounts_client.js
index 18c8ed82db..140cdf1069 100644
--- a/packages/accounts-base/accounts_client.js
+++ b/packages/accounts-base/accounts_client.js
@@ -215,38 +215,40 @@ Meteor.logout = function (callback) {
 };
 
 Meteor.logoutOtherClients = function (callback) {
-  // Call the `logoutOtherClients` method. Store the login token that we get
-  // back and use it to log in again. The server is not supposed to close
-  // connections on the old token for 10 seconds, so we should have time to
-  // store our new token and log in with it before being disconnected. If we get
-  // disconnected, then we'll immediately reconnect with the new token. If for
-  // some reason we get disconnected before storing the new token, then the
-  // worst that will happen is that we'll have a flicker from trying to log in
-  // with the old token before storing and logging in with the new one.
-  Accounts.connection.apply('logoutOtherClients', [], { wait: true },
-               function (error, result) {
-                 if (error) {
-                   callback && callback(error);
-                 } else {
-                   var userId = Meteor.userId();
-                   storeLoginToken(userId, result.token, result.tokenExpires);
-                   // If the server hasn't disconnected us yet by deleting our
-                   // old token, then logging in now with the new valid token
-                   // will prevent us from getting disconnected. If the server
-                   // has already disconnected us due to our old invalid token,
-                   // then we would have already tried and failed to login with
-                   // the old token on reconnect, and we have to make sure a
-                   // login method gets sent here with the new token.
-                   Meteor.loginWithToken(result.token, function (err) {
-                     if (err &&
-                         storedLoginToken() &&
-                         storedLoginToken().token === result.token) {
-                       makeClientLoggedOut();
-                     }
-                     callback && callback(err);
-                   });
-                 }
-               });
+  // We need to make two method calls: one to replace our current token,
+  // and another to remove all tokens except the current one. We want to
+  // call these two methods one after the other, without any other
+  // methods running between them. For example, we don't want `logout`
+  // to be called in between our two method calls (otherwise the second
+  // method call would return an error). Another example: we don't want
+  // logout to be called before the callback for `getNewToken`;
+  // otherwise we would momentarily log the user out and then write a
+  // new token to localStorage.
+  //
+  // To accomplish this, we make both calls as wait methods, and queue
+  // them one after the other, without spinning off the event loop in
+  // between. Even though we queue `removeOtherTokens` before
+  // `getNewToken`, we won't actually send the `removeOtherTokens` call
+  // until the `getNewToken` callback has finished running, because they
+  // are both wait methods.
+  Accounts.connection.apply(
+    'getNewToken',
+    [],
+    { wait: true },
+    function (err, result) {
+      if (! err) {
+        storeLoginToken(Meteor.userId(), result.token, result.tokenExpires);
+      }
+    }
+  );
+  Accounts.connection.apply(
+    'removeOtherTokens',
+    [],
+    { wait: true },
+    function (err) {
+      callback && callback(err);
+    }
+  );
 };
 
 
diff --git a/packages/accounts-base/accounts_common.js b/packages/accounts-base/accounts_common.js
index 34a83982f4..5fbc104e0a 100644
--- a/packages/accounts-base/accounts_common.js
+++ b/packages/accounts-base/accounts_common.js
@@ -53,6 +53,18 @@ Accounts.config = function(options) {
                   "server; some configuration options may not take effect.");
   }
 
+  // We need to validate the oauthSecretKey option at the time
+  // Accounts.config is called. We also deliberately don't store the
+  // oauthSecretKey in Accounts._options.
+  if (_.has(options, "oauthSecretKey")) {
+    if (Meteor.isClient)
+      throw new Error("The oauthSecretKey option may only be specified on the server");
+    if (! Package["oauth-encryption"])
+      throw new Error("The oauth-encryption package must be loaded to set oauthSecretKey");
+    Package["oauth-encryption"].OAuthEncryption.loadKey(options.oauthSecretKey);
+    options = _.omit(options, "oauthSecretKey");
+  }
+
   // validate option keys
   var VALID_KEYS = ["sendVerificationEmail", "forbidClientAccountCreation",
                     "restrictCreationByEmailDomain", "loginExpirationInDays"];
diff --git a/packages/accounts-base/accounts_server.js b/packages/accounts-base/accounts_server.js
index e421cc0e9a..4bb346a578 100644
--- a/packages/accounts-base/accounts_server.js
+++ b/packages/accounts-base/accounts_server.js
@@ -73,12 +73,19 @@ var validateLogin = function (connection, attempt) {
     }
     catch (e) {
       attempt.allowed = false;
+      // XXX this means the last thrown error overrides previous error
+      // messages. Maybe this is surprising to users and we should make
+      // overriding errors more explicit. (see
+      // https://github.com/meteor/meteor/issues/1960)
       attempt.error = e;
       return true;
     }
     if (! ret) {
       attempt.allowed = false;
-      attempt.error = new Meteor.Error(403, "Login forbidden");
+      // don't override a specific error provided by a previous
+      // validator or the initial attempt (eg "incorrect password").
+      if (!attempt.error)
+        attempt.error = new Meteor.Error(403, "Login forbidden");
     }
     return true;
   });
@@ -227,6 +234,9 @@ var attemptLogin = function (methodInvocation, methodName, methodArgs, result) {
   if (!result)
     throw new Error("result is required");
 
+  // XXX A programming error in a login handler can lead to this occuring, and
+  // then we don't call onLogin or onLoginFailure callbacks. Should
+  // tryLoginMethod catch this case and turn it into an error?
   if (!result.userId && !result.error)
     throw new Error("A login method must specify a userId or an error");
 
@@ -245,6 +255,9 @@ var attemptLogin = function (methodInvocation, methodName, methodArgs, result) {
   if (user)
     attempt.user = user;
 
+  // validateLogin may mutate `attempt` by adding an error and changing allowed
+  // to false, but that's the only change it can make (and the user's callbacks
+  // only get a clone of `attempt`).
   validateLogin(methodInvocation.connection, attempt);
 
   if (attempt.allowed) {
@@ -296,6 +309,9 @@ Accounts._reportLoginFailure = function (methodInvocation, methodName, methodArg
 
   validateLogin(methodInvocation.connection, attempt);
   failedLogin(methodInvocation.connection, attempt);
+  // validateLogin may mutate attempt to set a new error message. Return
+  // the modified version.
+  return attempt;
 };
 
 
@@ -418,6 +434,17 @@ Meteor.methods({
   // use. Tests set Accounts._noConnectionCloseDelayForTest to delete tokens
   // immediately instead of using a delay.
   //
+  // XXX COMPAT WITH 0.7.2
+  // This single `logoutOtherClients` method has been replaced with two
+  // methods, one that you call to get a new token, and another that you
+  // call to remove all tokens except your own. The new design allows
+  // clients to know when other clients have actually been logged
+  // out. (The `logoutOtherClients` method guarantees the caller that
+  // the other clients will be logged out at some point, but makes no
+  // guarantees about when.) This method is left in for backwards
+  // compatibility, especially since application code might be calling
+  // this method directly.
+  //
   // @returns {Object} Object with token and tokenExpires keys.
   logoutOtherClients: function () {
     var self = this;
@@ -435,7 +462,7 @@ Meteor.methods({
       var tokens = user.services.resume.loginTokens;
       var newToken = Accounts._generateStampedLoginToken();
       var userId = self.userId;
-      Meteor.users.update(self.userId, {
+      Meteor.users.update(userId, {
         $set: {
           "services.resume.loginTokensToDelete": tokens,
           "services.resume.haveLoginTokensToDelete": true
@@ -456,8 +483,60 @@ Meteor.methods({
         tokenExpires: Accounts._tokenExpiration(newToken.when)
       };
     } else {
-      throw new Error("You are not logged in.");
+      throw new Meteor.Error("You are not logged in.");
     }
+  },
+
+  // Generates a new login token with the same expiration as the
+  // connection's current token and saves it to the database. Associates
+  // the connection with this new token and returns it. Throws an error
+  // if called on a connection that isn't logged in.
+  //
+  // @returns Object
+  //   If successful, returns { token: <new token>, id: <user id>,
+  //   tokenExpires: <expiration date> }.
+  getNewToken: function () {
+    var self = this;
+    var user = Meteor.users.findOne(self.userId, {
+      fields: { "services.resume.loginTokens": 1 }
+    });
+    if (! self.userId || ! user) {
+      throw new Meteor.Error("You are not logged in.");
+    }
+    // Be careful not to generate a new token that has a later
+    // expiration than the curren token. Otherwise, a bad guy with a
+    // stolen token could use this method to stop his stolen token from
+    // ever expiring.
+    var currentHashedToken = Accounts._getLoginToken(self.connection.id);
+    var currentStampedToken = _.find(
+      user.services.resume.loginTokens,
+      function (stampedToken) {
+        return stampedToken.hashedToken === currentHashedToken;
+      }
+    );
+    if (! currentStampedToken) { // safety belt: this should never happen
+      throw new Meteor.Error("Invalid login token");
+    }
+    var newStampedToken = Accounts._generateStampedLoginToken();
+    newStampedToken.when = currentStampedToken.when;
+    Accounts._insertLoginToken(self.userId, newStampedToken);
+    return loginUser(self, self.userId, newStampedToken);
+  },
+
+  // Removes all tokens except the token associated with the current
+  // connection. Throws an error if the connection is not logged
+  // in. Returns nothing on success.
+  removeOtherTokens: function () {
+    var self = this;
+    if (! self.userId) {
+      throw new Meteor.Error("You are not logged in.");
+    }
+    var currentToken = Accounts._getLoginToken(self.connection.id);
+    Meteor.users.update(self.userId, {
+      $pull: {
+        "services.resume.loginTokens": { hashedToken: { $ne: currentToken } }
+      }
+    });
   }
 });
 
@@ -492,7 +571,7 @@ Accounts._setAccountData = function (connectionId, field, value) {
 Meteor.server.onConnection(function (connection) {
   accountData[connection.id] = {connection: connection};
   connection.onClose(function () {
-    removeConnectionFromToken(connection.id);
+    removeTokenFromConnection(connection.id);
     delete accountData[connection.id];
   });
 });
@@ -551,26 +630,32 @@ Accounts._clearAllLoginTokens = function (userId) {
   );
 };
 
-
-// hashed token -> list of connection ids
-var connectionsByLoginToken = {};
+// connection id -> observe handle for the login token that this
+// connection is currently associated with, or null. Null indicates that
+// we are in the process of setting up the observe.
+var userObservesForConnections = {};
 
 // test hook
-Accounts._getTokenConnections = function (token) {
-  return connectionsByLoginToken[token];
+Accounts._getUserObserve = function (connectionId) {
+  return userObservesForConnections[connectionId];
 };
 
-// Remove the connection from the list of open connections for the connection's
-// token.
-var removeConnectionFromToken = function (connectionId) {
-  var token = Accounts._getLoginToken(connectionId);
-  if (token) {
-    connectionsByLoginToken[token] = _.without(
-      connectionsByLoginToken[token],
-      connectionId
-    );
-    if (_.isEmpty(connectionsByLoginToken[token]))
-      delete connectionsByLoginToken[token];
+// Clean up this connection's association with the token: that is, stop
+// the observe that we started when we associated the connection with
+// this token.
+var removeTokenFromConnection = function (connectionId) {
+  if (_.has(userObservesForConnections, connectionId)) {
+    var observe = userObservesForConnections[connectionId];
+    if (observe === null) {
+      // We're in the process of setting up an observe for this
+      // connection. We can't clean up that observe yet, but if we
+      // delete the null placeholder for this connection, then the
+      // observe will get cleaned up as soon as it has been set up.
+      delete userObservesForConnections[connectionId];
+    } else {
+      delete userObservesForConnections[connectionId];
+      observe.stop();
+    }
   }
 };
 
@@ -580,62 +665,76 @@ Accounts._getLoginToken = function (connectionId) {
 
 // newToken is a hashed token.
 Accounts._setLoginToken = function (userId, connection, newToken) {
-  removeConnectionFromToken(connection.id);
+  removeTokenFromConnection(connection.id);
   Accounts._setAccountData(connection.id, 'loginToken', newToken);
 
   if (newToken) {
-    if (! _.has(connectionsByLoginToken, newToken))
-      connectionsByLoginToken[newToken] = [];
-    connectionsByLoginToken[newToken].push(connection.id);
-
-    // Now that we've added the connection to the
-    // connectionsByLoginToken map for the token, the connection will
-    // be closed if the token is removed from the database.  However
-    // at this point the token might have already been deleted, which
-    // wouldn't have closed the connection because it wasn't in the
-    // map yet.
+    // Set up an observe for this token. If the token goes away, we need
+    // to close the connection.  We defer the observe because there's
+    // no need for it to be on the critical path for login; we just need
+    // to ensure that the connection will get closed at some point if
+    // the token gets deleted.
     //
-    // We also did need to first add the connection to the map above
-    // (and now remove it here if the token was deleted), because we
-    // could be getting a response from the database that the token
-    // still exists, but then it could be deleted in another fiber
-    // before our `findOne` call returns... and then that other fiber
-    // would need for the connection to be in the map for it to close
-    // the connection.
-    //
-    // We defer this check because there's no need for it to be on the critical
-    // path for login; we just need to ensure that the connection will get
-    // closed at some point if the token has been deleted.
+    // Initially, we set the observe for this connection to null; this
+    // signifies to other code (which might run while we yield) that we
+    // are in the process of setting up an observe for this
+    // connection. Once the observe is ready to go, we replace null with
+    // the real observe handle (unless the placeholder has been deleted,
+    // signifying that the connection was closed already -- in this case
+    // we just clean up the observe that we started).
+    userObservesForConnections[connection.id] = null;
     Meteor.defer(function () {
-      if (! Meteor.users.findOne({
+      var foundMatchingUser;
+      // Because we upgrade unhashed login tokens to hashed tokens at
+      // login time, sessions will only be logged in with a hashed
+      // token. Thus we only need to observe hashed tokens here.
+      var observe = Meteor.users.find({
         _id: userId,
-        "services.resume.loginTokens.hashedToken": newToken
-      })) {
-        removeConnectionFromToken(connection.id);
+        'services.resume.loginTokens.hashedToken': newToken
+      }, { fields: { _id: 1 } }).observeChanges({
+        added: function () {
+          foundMatchingUser = true;
+        },
+        removed: function () {
+          connection.close();
+          // The onClose callback for the connection takes care of
+          // cleaning up the observe handle and any other state we have
+          // lying around.
+        }
+      });
+
+      // If the user ran another login or logout command we were waiting for
+      // the defer or added to fire, then we let the later one win (start an
+      // observe, etc) and just stop our observe now.
+      //
+      // Similarly, if the connection was already closed, then the onClose
+      // callback would have called removeTokenFromConnection and there won't be
+      // an entry in userObservesForConnections. We can stop the observe.
+      if (Accounts._getAccountData(connection.id, 'loginToken') !== newToken ||
+          !_.has(userObservesForConnections, connection.id)) {
+        observe.stop();
+        return;
+      }
+
+      if (userObservesForConnections[connection.id] !== null) {
+        throw new Error("Non-null user observe for connection " +
+                        connection.id + " while observe was being set up?");
+      }
+
+      userObservesForConnections[connection.id] = observe;
+
+      if (! foundMatchingUser) {
+        // We've set up an observe on the user associated with `newToken`,
+        // so if the new token is removed from the database, we'll close
+        // the connection. But the token might have already been deleted
+        // before we set up the observe, which wouldn't have closed the
+        // connection because the observe wasn't running yet.
         connection.close();
       }
     });
   }
 };
 
-// Close all open connections associated with any of the tokens in
-// `tokens`.
-var closeConnectionsForTokens = function (tokens) {
-  _.each(tokens, function (token) {
-    if (_.has(connectionsByLoginToken, token)) {
-      // safety belt. close should defer potentially yielding callbacks.
-      Meteor._noYieldsAllowed(function () {
-        _.each(connectionsByLoginToken[token], function (connectionId) {
-          var connection = Accounts._getAccountData(connectionId, 'connection');
-          if (connection)
-            connection.close();
-        });
-      });
-    }
-  });
-};
-
-
 // Login handler for resume tokens.
 Accounts.registerLoginHandler("resume", function(options) {
   if (!options.resume)
@@ -735,7 +834,7 @@ Accounts.registerLoginHandler("resume", function(options) {
 // (Also used by Meteor Accounts server and tests).
 //
 Accounts._generateStampedLoginToken = function () {
-  return {token: Random.id(), when: (new Date)};
+  return {token: Random.secret(), when: (new Date)};
 };
 
 ///
@@ -797,6 +896,67 @@ maybeStopExpireTokensInterval = function () {
 expireTokenInterval = Meteor.setInterval(expireTokens,
                                          EXPIRE_TOKENS_INTERVAL_MS);
 
+
+///
+/// OAuth Encryption Support
+///
+
+var OAuthEncryption = Package["oauth-encryption"] && Package["oauth-encryption"].OAuthEncryption;
+
+
+var usingOAuthEncryption = function () {
+  return OAuthEncryption && OAuthEncryption.keyIsLoaded();
+};
+
+
+// OAuth service data is temporarily stored in the pending credentials
+// collection during the oauth authentication process.  Sensitive data
+// such as access tokens are encrypted without the user id because
+// we don't know the user id yet.  We re-encrypt these fields with the
+// user id included when storing the service data permanently in
+// the users collection.
+//
+var pinEncryptedFieldsToUser = function (serviceData, userId) {
+  _.each(_.keys(serviceData), function (key) {
+    var value = serviceData[key];
+    if (OAuthEncryption && OAuthEncryption.isSealed(value))
+      value = OAuthEncryption.seal(OAuthEncryption.open(value), userId);
+    serviceData[key] = value;
+  });
+};
+
+
+// Encrypt unencrypted login service secrets when oauth-encryption is
+// added.
+//
+// XXX For the oauthSecretKey to be available here at startup, the
+// developer must call Accounts.config({oauthSecretKey: ...}) at load
+// time, instead of in a Meteor.startup block, because the startup
+// block in the app code will run after this accounts-base startup
+// block.  Perhaps we need a post-startup callback?
+
+Meteor.startup(function () {
+  if (!usingOAuthEncryption())
+    return;
+
+  var ServiceConfiguration =
+    Package['service-configuration'].ServiceConfiguration;
+
+  ServiceConfiguration.configurations.find( {$and: [
+      { secret: {$exists: true} },
+      { "secret.algorithm": {$exists: false} }
+    ] } ).
+    forEach(function (config) {
+      ServiceConfiguration.configurations.update(
+        config._id,
+        { $set: {
+          secret: OAuthEncryption.seal(config.secret)
+        } }
+      );
+    });
+});
+
+
 ///
 /// CREATE USER HOOKS
 ///
@@ -833,6 +993,11 @@ Accounts.insertUserDoc = function (options, user) {
   // collections)
   user = _.extend({createdAt: new Date(), _id: Random.id()}, user);
 
+  if (user.services)
+    _.each(user.services, function (serviceData) {
+      pinEncryptedFieldsToUser(serviceData, user._id);
+    });
+
   var fullUser;
   if (onCreateUserHook) {
     fullUser = onCreateUserHook(options, user);
@@ -968,6 +1133,8 @@ Accounts.updateOrCreateUserFromExternalService = function(
   var user = Meteor.users.findOne(selector);
 
   if (user) {
+    pinEncryptedFieldsToUser(serviceData, user._id);
+
     // We *don't* process options (eg, profile) for update, but we do replace
     // the serviceData (eg, so that we keep an unexpired access token and
     // don't cache old email addresses in serviceData.email).
@@ -1104,6 +1271,10 @@ Meteor.methods({
       Package['service-configuration'].ServiceConfiguration;
     if (ServiceConfiguration.configurations.findOne({service: options.service}))
       throw new Meteor.Error(403, "Service " + options.service + " already configured");
+
+    if (_.has(options, "secret") && usingOAuthEncryption())
+      options.secret = OAuthEncryption.seal(options.secret);
+
     ServiceConfiguration.configurations.insert(options);
   }
 });
@@ -1180,44 +1351,3 @@ Meteor.startup(function () {
     deleteSavedTokens(user._id, user.services.resume.loginTokensToDelete);
   });
 });
-
-///
-/// LOGGING OUT DELETED USERS
-///
-
-// When login tokens are removed from the database, close any sessions
-// logged in with those tokens.
-//
-// Because we upgrade unhashed login tokens to hashed tokens at login
-// time, sessions will only be logged in with a hashed token.  Thus we
-// only need to pull out hashed tokens here.
-var closeTokensForUser = function (userTokens) {
-  closeConnectionsForTokens(_.compact(_.pluck(userTokens, "hashedToken")));
-};
-
-// Like _.difference, but uses EJSON.equals to compute which values to return.
-var differenceObj = function (array1, array2) {
-  return _.filter(array1, function (array1Value) {
-    return ! _.some(array2, function (array2Value) {
-      return EJSON.equals(array1Value, array2Value);
-    });
-  });
-};
-
-Meteor.users.find({}, { fields: { "services.resume": 1 }}).observe({
-  changed: function (newUser, oldUser) {
-    var removedTokens = [];
-    if (newUser.services && newUser.services.resume &&
-        oldUser.services && oldUser.services.resume) {
-      removedTokens = differenceObj(oldUser.services.resume.loginTokens || [],
-                                    newUser.services.resume.loginTokens || []);
-    } else if (oldUser.services && oldUser.services.resume) {
-      removedTokens = oldUser.services.resume.loginTokens || [];
-    }
-    closeTokensForUser(removedTokens);
-  },
-  removed: function (oldUser) {
-    if (oldUser.services && oldUser.services.resume)
-      closeTokensForUser(oldUser.services.resume.loginTokens || []);
-  }
-});
diff --git a/packages/accounts-base/accounts_tests.js b/packages/accounts-base/accounts_tests.js
index e3eeaecd0c..1e49fd31f2 100644
--- a/packages/accounts-base/accounts_tests.js
+++ b/packages/accounts-base/accounts_tests.js
@@ -1,3 +1,9 @@
+Meteor.methods({
+  getCurrentLoginToken: function () {
+    return Accounts._getLoginToken(this.connection.id);
+  }
+});
+
 // XXX it'd be cool to also test that the right thing happens if options
 // *are* validated, but Accounts._options is global state which makes this hard
 // (impossible?)
@@ -297,3 +303,73 @@ Tinytest.addAsync(
     );
   }
 );
+
+Tinytest.add(
+  'accounts - get new token',
+  function (test) {
+    // Test that the `getNewToken` method returns us a valid token, with
+    // the same expiration as our original token.
+    var userId = Accounts.insertUserDoc({}, { username: Random.id() });
+    var stampedToken = Accounts._generateStampedLoginToken();
+    Accounts._insertLoginToken(userId, stampedToken);
+    var conn = DDP.connect(Meteor.absoluteUrl());
+    conn.call('login', { resume: stampedToken.token });
+    test.equal(conn.call('getCurrentLoginToken'),
+               Accounts._hashLoginToken(stampedToken.token));
+
+    var newTokenResult = conn.call('getNewToken');
+    test.equal(newTokenResult.tokenExpires,
+               Accounts._tokenExpiration(stampedToken.when));
+    test.equal(conn.call('getCurrentLoginToken'),
+               Accounts._hashLoginToken(newTokenResult.token));
+    conn.disconnect();
+
+    // A second connection should be able to log in with the new token
+    // we got.
+    var secondConn = DDP.connect(Meteor.absoluteUrl());
+    secondConn.call('login', { resume: newTokenResult.token });
+    secondConn.disconnect();
+  }
+);
+
+Tinytest.addAsync(
+  'accounts - remove other tokens',
+  function (test, onComplete) {
+    // Test that the `removeOtherTokens` method removes all tokens other
+    // than the caller's token, thereby logging out and closing other
+    // connections.
+    var userId = Accounts.insertUserDoc({}, { username: Random.id() });
+    var stampedTokens = [];
+    var conns = [];
+
+    _.times(2, function (i) {
+      stampedTokens.push(Accounts._generateStampedLoginToken());
+      Accounts._insertLoginToken(userId, stampedTokens[i]);
+      var conn = DDP.connect(Meteor.absoluteUrl());
+      conn.call('login', { resume: stampedTokens[i].token });
+      test.equal(conn.call('getCurrentLoginToken'),
+                 Accounts._hashLoginToken(stampedTokens[i].token));
+      conns.push(conn);
+    });
+
+    conns[0].call('removeOtherTokens');
+    simplePoll(
+      function () {
+        var tokens = _.map(conns, function (conn) {
+          return conn.call('getCurrentLoginToken');
+        });
+        return ! tokens[1] &&
+          tokens[0] === Accounts._hashLoginToken(stampedTokens[0].token);
+      },
+      function () { // success
+        _.each(conns, function (conn) {
+          conn.disconnect();
+        });
+        onComplete();
+      },
+      function () { // timed out
+        throw new Error("accounts - remove other tokens timed out");
+      }
+    );
+  }
+);
diff --git a/packages/accounts-base/package.js b/packages/accounts-base/package.js
index 1fe9f6f60a..75b251d089 100644
--- a/packages/accounts-base/package.js
+++ b/packages/accounts-base/package.js
@@ -30,6 +30,8 @@ Package.on_use(function (api) {
   // it's loaded.
   api.use('autopublish', 'server', {weak: true});
 
+  api.use('oauth-encryption', 'server', {weak: true});
+
   api.export('Accounts');
 
   api.add_files('accounts_common.js', ['client', 'server']);
@@ -50,5 +52,6 @@ Package.on_test(function (api) {
   api.use('tinytest');
   api.use('random');
   api.use('test-helpers');
+  api.use('oauth-encryption');
   api.add_files('accounts_tests.js', 'server');
 });
diff --git a/packages/accounts-oauth/oauth_client.js b/packages/accounts-oauth/oauth_client.js
index f3d161e8c0..5b8406c616 100644
--- a/packages/accounts-oauth/oauth_client.js
+++ b/packages/accounts-oauth/oauth_client.js
@@ -2,14 +2,18 @@
 // access in the popup this should log the user in, otherwise
 // nothing should happen.
 Accounts.oauth.tryLoginAfterPopupClosed = function(credentialToken, callback) {
+  var credentialSecret = OAuth._retrieveCredentialSecret(credentialToken) || null;
   Accounts.callLoginMethod({
-    methodArguments: [{oauth: {credentialToken: credentialToken}}],
+    methodArguments: [{oauth: {
+      credentialToken: credentialToken,
+      credentialSecret: credentialSecret
+    }}],
     userCallback: callback && function (err) {
       // Allow server to specify a specify subclass of errors. We should come
       // up with a more generic way to do this!
       if (err && err instanceof Meteor.Error &&
           err.error === Accounts.LoginCancelledError.numericError) {
-        callback(new Accounts.LoginCancelledError(err.details));
+        callback(new Accounts.LoginCancelledError(err.reason));
       } else {
         callback(err);
       }
diff --git a/packages/accounts-oauth/oauth_server.js b/packages/accounts-oauth/oauth_server.js
index 39884ae843..cfbdad9e81 100644
--- a/packages/accounts-oauth/oauth_server.js
+++ b/packages/accounts-oauth/oauth_server.js
@@ -4,9 +4,19 @@ Accounts.registerLoginHandler(function (options) {
   if (!options.oauth)
     return undefined; // don't handle
 
-  check(options.oauth, {credentialToken: String});
+  check(options.oauth, {
+    credentialToken: String,
+    // When an error occurs while retrieving the access token, we store
+    // the error in the pending credentials table, with a secret of
+    // null. The client can call the login method with a secret of null
+    // to retrieve the error.
+    credentialSecret: Match.OneOf(null, String)
+  });
 
-  if (!Oauth.hasCredential(options.oauth.credentialToken)) {
+  var result = OAuth.retrieveCredential(options.oauth.credentialToken,
+                                        options.oauth.credentialSecret);
+
+  if (!result) {
     // OAuth credentialToken is not recognized, which could be either
     // because the popup was closed by the user before completion, or
     // some sort of error where the oauth provider didn't talk to our
@@ -23,9 +33,10 @@ Accounts.registerLoginHandler(function (options) {
     // XXX we want `type` to be the service name such as "facebook"
     return { type: "oauth",
              error: new Meteor.Error(
-               Accounts.LoginCancelledError.numericError, "Login canceled") };
+               Accounts.LoginCancelledError.numericError,
+               "No matching login attempt found") };
   }
-  var result = Oauth.retrieveCredential(options.oauth.credentialToken);
+
   if (result instanceof Error)
     // We tried to login, but there was a fatal error. Report it back
     // to the user.
diff --git a/packages/accounts-oauth/package.js b/packages/accounts-oauth/package.js
index 1c1d949896..3b3a1d8dc4 100644
--- a/packages/accounts-oauth/package.js
+++ b/packages/accounts-oauth/package.js
@@ -11,7 +11,7 @@ Package.on_use(function (api) {
   api.use('accounts-base', ['client', 'server']);
   // Export Accounts (etc) to packages using this one.
   api.imply('accounts-base', ['client', 'server']);
-  api.use('oauth', 'server');
+  api.use('oauth');
 
   api.add_files('oauth_common.js');
   api.add_files('oauth_client.js', 'client');
diff --git a/packages/accounts-password/password_server.js b/packages/accounts-password/password_server.js
index c011f81d27..a758da4a1c 100644
--- a/packages/accounts-password/password_server.js
+++ b/packages/accounts-password/password_server.js
@@ -73,12 +73,13 @@ Meteor.methods({beginPasswordExchange: function (request) {
     // the second step method ('login') is called. If a user calls
     // 'beginPasswordExchange' but then never calls the second step
     // 'login' method, no login hook will fire.
-    Accounts._reportLoginFailure(self, 'beginPasswordExchange', arguments, {
+    // The validate login hooks can mutate the exception to be thrown.
+    var attempt = Accounts._reportLoginFailure(self, 'beginPasswordExchange', arguments, {
       type: 'password',
       error: err,
       userId: user && user._id
     });
-    throw err;
+    throw attempt.error;
   }
 
   // Save results so we can verify them later.
@@ -198,10 +199,20 @@ Meteor.methods({changePassword: function (options) {
   if (!verifier)
     throw new Meteor.Error(400, "Invalid verifier");
 
-  // XXX this should invalidate all login tokens other than the current one
-  // (or it should assign a new login token, replacing existing ones)
-  Meteor.users.update({_id: this.userId},
-                      {$set: {'services.password.srp': verifier}});
+  // It would be better if this removed ALL existing tokens and replaced
+  // the token for the current connection with a new one, but that would
+  // be tricky, so we'll settle for just replacing all tokens other than
+  // the one for the current connection.
+  var currentToken = Accounts._getLoginToken(this.connection.id);
+  Meteor.users.update(
+    { _id: this.userId },
+    {
+      $set: { 'services.password.srp': verifier },
+      $pull: {
+        'services.resume.loginTokens': { hashedToken: { $ne: currentToken } }
+      }
+    }
+  );
 
   var ret = {passwordChanged: true};
   if (serialized)
@@ -253,7 +264,7 @@ Accounts.sendResetPasswordEmail = function (userId, email) {
   if (!email || !_.contains(_.pluck(user.emails || [], 'address'), email))
     throw new Error("No such email for user.");
 
-  var token = Random.id();
+  var token = Random.secret();
   var when = new Date();
   Meteor.users.update(userId, {$set: {
     "services.password.reset": {
@@ -302,7 +313,7 @@ Accounts.sendEnrollmentEmail = function (userId, email) {
     throw new Error("No such email for user.");
 
 
-  var token = Random.id();
+  var token = Random.secret();
   var when = new Date();
   Meteor.users.update(userId, {$set: {
     "services.password.reset": {
@@ -313,14 +324,14 @@ Accounts.sendEnrollmentEmail = function (userId, email) {
   }});
 
   var enrollAccountUrl = Accounts.urls.enrollAccount(token);
-  
+
   var options = {
     to: email,
     from: Accounts.emailTemplates.from,
     subject: Accounts.emailTemplates.enrollAccount.subject(user),
     text: Accounts.emailTemplates.enrollAccount.text(user, enrollAccountUrl)
   };
-  
+
   if (typeof Accounts.emailTemplates.enrollAccount.html === 'function')
     options.html =
       Accounts.emailTemplates.enrollAccount.html(user, enrollAccountUrl);
@@ -425,7 +436,7 @@ Accounts.sendVerificationEmail = function (userId, address) {
 
 
   var tokenRecord = {
-    token: Random.id(),
+    token: Random.secret(),
     address: address,
     when: new Date()};
   Meteor.users.update(
@@ -433,14 +444,14 @@ Accounts.sendVerificationEmail = function (userId, address) {
     {$push: {'services.email.verificationTokens': tokenRecord}});
 
   var verifyEmailUrl = Accounts.urls.verifyEmail(tokenRecord.token);
-  
+
   var options = {
     to: address,
     from: Accounts.emailTemplates.from,
     subject: Accounts.emailTemplates.verifyEmail.subject(user),
     text: Accounts.emailTemplates.verifyEmail.text(user, verifyEmailUrl)
   };
-  
+
   if (typeof Accounts.emailTemplates.verifyEmail.html === 'function')
     options.html =
       Accounts.emailTemplates.verifyEmail.html(user, verifyEmailUrl);
diff --git a/packages/accounts-password/password_tests.js b/packages/accounts-password/password_tests.js
index 0d7e7139fc..bd1ce9a6d1 100644
--- a/packages/accounts-password/password_tests.js
+++ b/packages/accounts-password/password_tests.js
@@ -33,7 +33,12 @@ if (Meteor.isClient) (function () {
     }, 10 * 1000, 100);
   };
   var invalidateLoginsStep = function (test, expect) {
-    Meteor.call("testInvalidateLogins", true, expect(function (error) {
+    Meteor.call("testInvalidateLogins", 'fail', expect(function (error) {
+      test.isFalse(error);
+    }));
+  };
+  var hideActualLoginErrorStep = function (test, expect) {
+    Meteor.call("testInvalidateLogins", 'hide', expect(function (error) {
       test.isFalse(error);
     }));
   };
@@ -191,6 +196,56 @@ if (Meteor.isClient) (function () {
     logoutStep
   ]);
 
+  testAsyncMulti("passwords - changing password logs out other clients", [
+    function (test, expect) {
+      this.username = Random.id();
+      this.email = Random.id() + '-intercept@example.com';
+      this.password = 'password';
+      this.password2 = 'password2';
+      Accounts.createUser(
+        { username: this.username, email: this.email, password: this.password },
+        loggedInAs(this.username, test, expect));
+    },
+    // Log in a second connection as this user.
+    function (test, expect) {
+      var self = this;
+
+      self.secondConn = DDP.connect(Meteor.absoluteUrl());
+      self.secondConn.call('login',
+                { user: { username: self.username }, password: self.password },
+                expect(function (err, result) {
+                  test.isFalse(err);
+                  self.secondConn.setUserId(result.id);
+                  test.isTrue(self.secondConn.userId());
+
+                  self.secondConn.onReconnect = function () {
+                    self.secondConn.apply(
+                      'login',
+                      [{ resume: result.token }],
+                      { wait: true },
+                      function (err, result) {
+                        self.secondConn.setUserId(result && result.id || null);
+                      }
+                    );
+                  };
+                }));
+    },
+    function (test, expect) {
+      var self = this;
+      Accounts.changePassword(self.password, self.password2, expect(function (err) {
+        test.isFalse(err);
+      }));
+    },
+    // Now that we've changed the password, wait until the second
+    // connection gets logged out.
+    function (test, expect) {
+      var self = this;
+      pollUntil(expect, function () {
+        return self.secondConn.userId() === null;
+      }, 10 * 1000, 100);
+    }
+  ]);
+
 
   testAsyncMulti("passwords - new user hooks", [
     function (test, expect) {
@@ -418,23 +473,60 @@ if (Meteor.isClient) (function () {
         test.equal(Meteor.userId(), null);
       }));
     },
+    logoutStep,
     function (test, expect) {
       var self = this;
+      // Test that Meteor.logoutOtherClients logs out a second
+      // authentcated connection while leaving Accounts.connection
+      // logged in.
+      var secondConn = DDP.connect(Meteor.absoluteUrl());
+      var token;
 
-      // copied from livedata/client_convenience.js
-      self.ddpUrl = '/';
-      if (typeof __meteor_runtime_config__ !== "undefined") {
-        if (__meteor_runtime_config__.DDP_DEFAULT_CONNECTION_URL)
-          self.ddpUrl = __meteor_runtime_config__.DDP_DEFAULT_CONNECTION_URL;
-      }
-      // XXX can we get the url from the existing connection somehow
-      // instead?
+      var expectSecondConnLoggedOut = expect(function (err, result) {
+        test.isTrue(err);
+      });
+
+      var expectAccountsConnLoggedIn = expect(function (err, result) {
+        test.isFalse(err);
+      });
+
+      var expectSecondConnLoggedIn = expect(function (err, result) {
+        test.equal(result.token, token);
+        test.isFalse(err);
+        Meteor.logoutOtherClients(function (err) {
+          test.isFalse(err);
+          secondConn.call('login', { resume: token },
+                          expectSecondConnLoggedOut);
+          Accounts.connection.call('login', {
+            resume: Accounts._storedLoginToken()
+          }, expectAccountsConnLoggedIn);
+        });
+      });
+
+      Meteor.loginWithPassword(
+        self.username,
+        self.password,
+        expect(function (err) {
+          test.isFalse(err);
+          token = Accounts._storedLoginToken();
+          test.isTrue(token);
+          secondConn.call('login', { resume: token },
+                          expectSecondConnLoggedIn);
+        })
+      );
+    },
+    logoutStep,
+
+    // The tests below this point are for the deprecated
+    // `logoutOtherClients` method.
+
+    function (test, expect) {
+      var self = this;
 
       // Test that Meteor.logoutOtherClients logs out a second authenticated
       // connection while leaving Accounts.connection logged in.
       var token;
-      var userId;
-      self.secondConn = DDP.connect(self.ddpUrl);
+      self.secondConn = DDP.connect(Meteor.absoluteUrl());
 
       var expectLoginError = expect(function (err) {
         test.isTrue(err);
@@ -461,7 +553,6 @@ if (Meteor.isClient) (function () {
         token = Accounts._storedLoginToken();
         self.beforeLogoutOthersToken = token;
         test.isTrue(token);
-        userId = Meteor.userId();
         self.secondConn.call("login", { resume: token },
                              expectSecondConnLoggedIn);
       }));
@@ -495,41 +586,9 @@ if (Meteor.isClient) (function () {
       );
     },
     logoutStep,
-    function (test, expect) {
-      var self = this;
-      // Test that, when we call logoutOtherClients, if the server disconnects
-      // us before the logoutOtherClients callback runs, then we still end up
-      // logged in.
-      var expectServerLoggedIn = expect(function (err, result) {
-        test.isFalse(err);
-        test.isTrue(Meteor.userId());
-        test.equal(result, Meteor.userId());
-      });
 
-      Meteor.loginWithPassword(
-        self.username,
-        self.password,
-        expect(function (err) {
-          test.isFalse(err);
-          test.isTrue(Meteor.userId());
 
-          // The test is only useful if things interleave in the following order:
-          // - logoutOtherClients runs on the server
-          // - onReconnect fires and sends a login method with the old token,
-          //   which results in an error
-          // - logoutOtherClients callback runs and stores the new token and
-          //   logs in with it
-          // In practice they seem to interleave this way, but I'm not sure how
-          // to make sure that they do.
 
-          Meteor.logoutOtherClients(function (err) {
-            test.isFalse(err);
-            Meteor.call("getUserId", expectServerLoggedIn);
-          });
-        })
-      );
-    },
-    logoutStep,
     function (test, expect) {
       var self = this;
       // Test that deleting a user logs out that user's connections.
@@ -562,6 +621,28 @@ if (Meteor.isClient) (function () {
         })
       );
     },
+    validateLoginsStep,
+    function (test, expect) {
+      Meteor.loginWithPassword(
+        "no such user",
+        "some password",
+        expect(function (error) {
+          test.isTrue(error);
+          test.equal(error.reason, 'User not found');
+        })
+      );
+    },
+    hideActualLoginErrorStep,
+    function (test, expect) {
+      Meteor.loginWithPassword(
+        "no such user",
+        "some password",
+        expect(function (error) {
+          test.isTrue(error);
+          test.equal(error.reason, 'hide actual error');
+        })
+      );
+    },
     validateLoginsStep
   ]);
 
@@ -725,7 +806,7 @@ if (Meteor.isServer) (function () {
   // XXX would be nice to test Accounts.config({forbidClientAccountCreation: true})
 
   Tinytest.addAsync(
-    'passwords - login tokens cleaned up',
+    'passwords - login token observes get cleaned up',
     function (test, onComplete) {
       var username = Random.id();
       Accounts.createUser({
@@ -737,8 +818,7 @@ if (Meteor.isServer) (function () {
         test,
         function (clientConn, serverConn) {
           serverConn.onClose(function () {
-            test.isFalse(_.contains(
-              Accounts._getTokenConnections(token), serverConn.id));
+            test.isFalse(Accounts._getUserObserve(serverConn.id));
             onComplete();
           });
           var result = clientConn.call('login', {
@@ -748,9 +828,25 @@ if (Meteor.isServer) (function () {
           test.isTrue(result);
           var token = Accounts._getAccountData(serverConn.id, 'loginToken');
           test.isTrue(token);
-          test.isTrue(_.contains(
-            Accounts._getTokenConnections(token), serverConn.id));
-          clientConn.disconnect();
+
+          // We poll here, instead of just checking `_getUserObserve`
+          // once, because the login method defers the creation of the
+          // observe, and setting up the observe yields, so we could end
+          // up here before the observe has been set up.
+          simplePoll(
+            function () {
+              return !! Accounts._getUserObserve(serverConn.id);
+            },
+            function () {
+              test.isTrue(Accounts._getUserObserve(serverConn.id));
+              clientConn.disconnect();
+            },
+            function () {
+              test.fail("timed out waiting for user observe for connection " +
+                        serverConn.id);
+              onComplete();
+            }
+          );
         },
         onComplete
       );
diff --git a/packages/accounts-password/password_tests_setup.js b/packages/accounts-password/password_tests_setup.js
index 8f420321f1..e9d110c936 100644
--- a/packages/accounts-password/password_tests_setup.js
+++ b/packages/accounts-password/password_tests_setup.js
@@ -15,14 +15,14 @@ Accounts.onCreateUser(function (options, user) {
 });
 
 
-// connection id -> true
+// connection id -> action
 var invalidateLogins = {};
 
 
 Meteor.methods({
-  testInvalidateLogins: function (flag) {
-    if (flag)
-      invalidateLogins[this.connection.id] = true;
+  testInvalidateLogins: function (action) {
+    if (action)
+      invalidateLogins[this.connection.id] = action;
     else
       delete invalidateLogins[this.connection.id];
   }
@@ -30,9 +30,19 @@ Meteor.methods({
 
 
 Accounts.validateLoginAttempt(function (attempt) {
-  return ! (attempt &&
-            attempt.connection &&
-            invalidateLogins[attempt.connection.id]);
+  var action =
+    attempt &&
+    attempt.connection &&
+    invalidateLogins[attempt.connection.id];
+
+  if (! action)
+    return true;
+  else if (action === 'fail')
+    return false;
+  else if (action === 'hide')
+    throw new Meteor.Error(403, 'hide actual error');
+  else
+    throw new Error('unknown action: ' + action);
 });
 
 
diff --git a/packages/appcache/appcache-server.js b/packages/appcache/appcache-server.js
index ce579583d2..3d4bec1c4c 100644
--- a/packages/appcache/appcache-server.js
+++ b/packages/appcache/appcache-server.js
@@ -57,7 +57,7 @@ var browserEnabled = function(request) {
 
 WebApp.addHtmlAttributeHook(function (request) {
   if (browserEnabled(request))
-    return 'manifest="/app.manifest"';
+    return { manifest: "/app.manifest" };
   else
     return null;
 });
diff --git a/packages/deps/deps.js b/packages/deps/deps.js
index 2b4df9bb61..d05ad80052 100644
--- a/packages/deps/deps.js
+++ b/packages/deps/deps.js
@@ -15,10 +15,23 @@ var setCurrentComputation = function (c) {
   Deps.active = !! c;
 };
 
+// _assign is like _.extend or the upcoming Object.assign.
+// Copy src's own, enumerable properties onto tgt and return
+// tgt.
+var _hasOwnProperty = Object.prototype.hasOwnProperty;
+var _assign = function (tgt, src) {
+  for (var k in src) {
+    if (_hasOwnProperty.call(src, k))
+      tgt[k] = src[k];
+  }
+  return tgt;
+};
+
 var _debugFunc = function () {
   // lazy evaluation because `Meteor` does not exist right away
   return (typeof Meteor !== "undefined" ? Meteor._debug :
-          ((typeof console !== "undefined") && console.log ? console.log :
+          ((typeof console !== "undefined") && console.log ?
+           function () { console.log.apply(console, arguments); } :
            function () {}));
 };
 
@@ -36,7 +49,7 @@ var _throwOrLog = function (from, e) {
 // where `_noYieldsAllowed` is a no-op.  `f` may be a computation
 // function or an onInvalidate callback.
 var callWithNoYieldsAllowed = function (f, comp) {
-  if (Meteor.isClient) {
+  if ((typeof Meteor === 'undefined') || Meteor.isClient) {
     f(comp);
   } else {
     Meteor._noYieldsAllowed(function () {
@@ -60,7 +73,7 @@ var inCompute = false;
 // `true` if the `_throwFirstError` option was passed in to the call
 // to Deps.flush that we are in. When set, throw rather than log the
 // first error encountered while flushing. Before throwing the error,
-// finish flushing (from a catch block), logging any subsequent
+// finish flushing (from a finally block), logging any subsequent
 // errors.
 var throwFirstError = false;
 
@@ -116,7 +129,7 @@ Deps.Computation = function (f, parent) {
   }
 };
 
-_.extend(Deps.Computation.prototype, {
+_assign(Deps.Computation.prototype, {
 
   // http://docs.meteor.com/#computation_oninvalidate
   onInvalidate: function (f) {
@@ -213,7 +226,7 @@ Deps.Dependency = function () {
   this._dependentsById = {};
 };
 
-_.extend(Deps.Dependency.prototype, {
+_assign(Deps.Dependency.prototype, {
   // http://docs.meteor.com/#dependency_depend
   //
   // Adds `computation` to this set if it is not already
@@ -255,7 +268,7 @@ _.extend(Deps.Dependency.prototype, {
   }
 });
 
-_.extend(Deps, {
+_assign(Deps, {
   // http://docs.meteor.com/#deps_flush
   flush: function (_opts) {
     // XXX What part of the comment below is still true? (We no longer
@@ -279,6 +292,7 @@ _.extend(Deps, {
     willFlush = true;
     throwFirstError = !! (_opts && _opts._throwFirstError);
 
+    var finishedTry = false;
     try {
       while (pendingComputations.length ||
              afterFlushCallbacks.length) {
@@ -300,11 +314,13 @@ _.extend(Deps, {
           }
         }
       }
-    } catch (e) {
-      inFlush = false; // needed before calling `Deps.flush()` again
-      Deps.flush({_throwFirstError: false}); // finish flushing
-      throw e;
+      finishedTry = true;
     } finally {
+      if (! finishedTry) {
+        // we're erroring
+        inFlush = false; // needed before calling `Deps.flush()` again
+        Deps.flush({_throwFirstError: false}); // finish flushing
+      }
       willFlush = false;
       inFlush = false;
     }
diff --git a/packages/ejson/ejson.js b/packages/ejson/ejson.js
index 1b8f7b704b..ec846156f9 100644
--- a/packages/ejson/ejson.js
+++ b/packages/ejson/ejson.js
@@ -114,6 +114,8 @@ var builtinConverters = [
     },
     fromJSONValue: function (obj) {
       var typeName = obj.$type;
+      if (!_.has(customTypes, typeName))
+        throw new Error("Custom EJSON type " + typeName + " is not defined");
       var converter = customTypes[typeName];
       return converter(obj.$value);
     }
diff --git a/packages/facebook/facebook_client.js b/packages/facebook/facebook_client.js
index 7eb09fe52a..f49e352e37 100644
--- a/packages/facebook/facebook_client.js
+++ b/packages/facebook/facebook_client.js
@@ -15,12 +15,13 @@ Facebook.requestCredential = function (options, credentialRequestCompleteCallbac
 
   var config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.id();
-  var mobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry/i.test(navigator.userAgent);
+  var credentialToken = Random.secret();
+  var mobile = /Android|webOS|iPhone|iPad|iPod|BlackBerry|Windows Phone/i.test(navigator.userAgent);
   var display = mobile ? 'touch' : 'popup';
 
   var scope = "email";
@@ -32,7 +33,7 @@ Facebook.requestCredential = function (options, credentialRequestCompleteCallbac
         '&redirect_uri=' + Meteor.absoluteUrl('_oauth/facebook?close') +
         '&display=' + display + '&scope=' + scope + '&state=' + credentialToken;
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken)
   );
diff --git a/packages/facebook/facebook_server.js b/packages/facebook/facebook_server.js
index f9f7c1d696..6f6b0c48a8 100644
--- a/packages/facebook/facebook_server.js
+++ b/packages/facebook/facebook_server.js
@@ -3,7 +3,7 @@ Facebook = {};
 var querystring = Npm.require('querystring');
 
 
-Oauth.registerService('facebook', 2, null, function(query) {
+OAuth.registerService('facebook', 2, null, function(query) {
 
   var response = getTokenResponse(query);
   var accessToken = response.accessToken;
@@ -44,7 +44,7 @@ var isJSON = function (str) {
 var getTokenResponse = function (query) {
   var config = ServiceConfiguration.configurations.findOne({service: 'facebook'});
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var responseContent;
   try {
@@ -54,7 +54,7 @@ var getTokenResponse = function (query) {
         params: {
           client_id: config.appId,
           redirect_uri: Meteor.absoluteUrl("_oauth/facebook?close"),
-          client_secret: config.secret,
+          client_secret: OAuth.openSecret(config.secret),
           code: query.code
         }
       }).content;
@@ -96,5 +96,5 @@ var getIdentity = function (accessToken) {
 };
 
 Facebook.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/github/github_client.js b/packages/github/github_client.js
index d335702b6e..11b43eab87 100644
--- a/packages/github/github_client.js
+++ b/packages/github/github_client.js
@@ -14,10 +14,11 @@ Github.requestCredential = function (options, credentialRequestCompleteCallback)
 
   var config = ServiceConfiguration.configurations.findOne({service: 'github'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
-  var credentialToken = Random.id();
+  var credentialToken = Random.secret();
 
   var scope = (options && options.requestPermissions) || [];
   var flatScope = _.map(scope, encodeURIComponent).join('+');
@@ -29,8 +30,7 @@ Github.requestCredential = function (options, credentialRequestCompleteCallback)
         '&redirect_uri=' + Meteor.absoluteUrl('_oauth/github?close') +
         '&state=' + credentialToken;
 
-
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken),
     {width: 900, height: 450}
diff --git a/packages/github/github_server.js b/packages/github/github_server.js
index 78e342f421..c46fd787a5 100644
--- a/packages/github/github_server.js
+++ b/packages/github/github_server.js
@@ -1,6 +1,6 @@
 Github = {};
 
-Oauth.registerService('github', 2, null, function(query) {
+OAuth.registerService('github', 2, null, function(query) {
 
   var accessToken = getAccessToken(query);
   var identity = getIdentity(accessToken);
@@ -8,7 +8,7 @@ Oauth.registerService('github', 2, null, function(query) {
   return {
     serviceData: {
       id: identity.id,
-      accessToken: accessToken,
+      accessToken: OAuth.sealSecret(accessToken),
       email: identity.email,
       username: identity.login
     },
@@ -24,7 +24,7 @@ if (Meteor.release)
 var getAccessToken = function (query) {
   var config = ServiceConfiguration.configurations.findOne({service: 'github'});
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var response;
   try {
@@ -37,7 +37,7 @@ var getAccessToken = function (query) {
         params: {
           code: query.code,
           client_id: config.clientId,
-          client_secret: config.secret,
+          client_secret: OAuth.openSecret(config.secret),
           redirect_uri: Meteor.absoluteUrl("_oauth/github?close"),
           state: query.state
         }
@@ -68,5 +68,5 @@ var getIdentity = function (accessToken) {
 
 
 Github.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/google/google_client.js b/packages/google/google_client.js
index a828571fd6..864fa4a90a 100644
--- a/packages/google/google_client.js
+++ b/packages/google/google_client.js
@@ -16,11 +16,12 @@ Google.requestCredential = function (options, credentialRequestCompleteCallback)
 
   var config = ServiceConfiguration.configurations.findOne({service: 'google'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.id();
+  var credentialToken = Random.secret();
 
   // always need this to get user id from google.
   var requiredScope = ['profile'];
@@ -53,7 +54,7 @@ Google.requestCredential = function (options, credentialRequestCompleteCallback)
     loginUrl += '&hd=' + encodeURIComponent(Accounts._options.restrictCreationByEmailDomain);
   }
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken),
     { height: 406 }
diff --git a/packages/google/google_server.js b/packages/google/google_server.js
index 27c98321bb..2a4f3bc986 100644
--- a/packages/google/google_server.js
+++ b/packages/google/google_server.js
@@ -5,7 +5,7 @@ Google.whitelistedFields = ['id', 'email', 'verified_email', 'name', 'given_name
                    'family_name', 'picture', 'locale', 'timezone', 'gender'];
 
 
-Oauth.registerService('google', 2, null, function(query) {
+OAuth.registerService('google', 2, null, function(query) {
 
   var response = getTokens(query);
   var accessToken = response.accessToken;
@@ -38,7 +38,7 @@ Oauth.registerService('google', 2, null, function(query) {
 var getTokens = function (query) {
   var config = ServiceConfiguration.configurations.findOne({service: 'google'});
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var response;
   try {
@@ -46,7 +46,7 @@ var getTokens = function (query) {
       "https://accounts.google.com/o/oauth2/token", {params: {
         code: query.code,
         client_id: config.clientId,
-        client_secret: config.secret,
+        client_secret: OAuth.openSecret(config.secret),
         redirect_uri: Meteor.absoluteUrl("_oauth/google?close"),
         grant_type: 'authorization_code'
       }});
@@ -79,5 +79,5 @@ var getIdentity = function (accessToken) {
 
 
 Google.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/html-tools/package.js b/packages/html-tools/package.js
index 7203e10b9c..ffad07546a 100644
--- a/packages/html-tools/package.js
+++ b/packages/html-tools/package.js
@@ -1,6 +1,7 @@
 
 Package.describe({
-  summary: "Standards-compliant HTML tools"
+  summary: "Standards-compliant HTML tools",
+  internal: true
 });
 
 Package.on_use(function (api) {
diff --git a/packages/html5-tokenizer/README.md b/packages/html5-tokenizer/README.md
deleted file mode 100644
index b53a532b6c..0000000000
--- a/packages/html5-tokenizer/README.md
+++ /dev/null
@@ -1,3 +0,0 @@
-
-Code comes from https://github.com/aredridel/html5 a.k.a. `npm html5`, but
-just the tokenizer, no parsing and no `jsdom` dependency.
diff --git a/packages/html5-tokenizer/buffer.js b/packages/html5-tokenizer/buffer.js
deleted file mode 100644
index 238f1048c2..0000000000
--- a/packages/html5-tokenizer/buffer.js
+++ /dev/null
@@ -1,90 +0,0 @@
-var Buffer = HTML5.Buffer = function Buffer() {
-  this.data = '';
-  this.start = 0;
-  this.committed = 0;
-  this.eof = false;
-};
-
-Buffer.prototype = {
-  slice: function() {
-    if(this.start >= this.data.length) {
-      if(!this.eof) throw HTML5.DRAIN;
-      return HTML5.EOF;
-    }
-    return this.data.slice(this.start, this.data.length);
-  },
-  char: function() {
-    if(!this.eof && this.start >= this.data.length - 1) throw HTML5.DRAIN;
-    if(this.start >= this.data.length) {
-      return HTML5.EOF;
-    }
-    return this.data[this.start++];
-  },
-  advance: function(amount) {
-    this.start += amount;
-    if(this.start >= this.data.length) {
-      if(!this.eof) throw HTML5.DRAIN;
-      return HTML5.EOF;
-    } else {
-      if(this.committed > this.data.length / 2) {
-	// Sliiiide
-	this.data = this.data.slice(this.committed);
-	this.start = this.start - this.committed;
-	this.committed = 0;
-      }
-    }
-  },
-  matchWhile: function(re) {
-    if(this.eof && this.start >= this.data.length ) return '';
-    var r = new RegExp("^"+re+"+");
-    var m = r.exec(this.slice());
-    if(m) {
-      if(!this.eof && m[0].length == this.data.length - this.start) throw HTML5.DRAIN;
-      this.advance(m[0].length);
-      return m[0];
-    } else {
-      return '';
-    }
-  },
-  matchUntil: function(re) {
-    var m, s;
-    s = this.slice();
-    if(s === HTML5.EOF) {
-      return '';
-    } else if(m = new RegExp(re + (this.eof ? "|\0|$" : "|\0")).exec(this.slice())) {
-      var t = this.data.slice(this.start, this.start + m.index);
-      this.advance(m.index);
-      return t.toString();
-    } else {
-      throw HTML5.DRAIN;
-    }
-  },
-  append: function(data) {
-    this.data += data;
-  },
-  shift: function(n) {
-    if(!this.eof && this.start + n >= this.data.length) throw HTML5.DRAIN;
-    if(this.eof && this.start >= this.data.length) return HTML5.EOF;
-    var d = this.data.slice(this.start, this.start + n).toString();
-    this.advance(Math.min(n, this.data.length - this.start));
-    return d;
-  },
-  peek: function(n) {
-    if(!this.eof && this.start + n >= this.data.length) throw HTML5.DRAIN;
-    if(this.eof && this.start >= this.data.length) return HTML5.EOF;
-    return this.data.slice(this.start, Math.min(this.start + n, this.data.length)).toString();
-  },
-  length: function() {
-    return this.data.length - this.start - 1;
-  },
-  unget: function(d) {
-    if(d === HTML5.EOF) return;
-    this.start -= (d.length);
-  },
-  undo: function() {
-    this.start = this.committed;
-  },
-  commit: function() {
-    this.committed = this.start;
-  }
-};
diff --git a/packages/html5-tokenizer/constants.js b/packages/html5-tokenizer/constants.js
deleted file mode 100644
index 7991fc4fbd..0000000000
--- a/packages/html5-tokenizer/constants.js
+++ /dev/null
@@ -1,759 +0,0 @@
-HTML5 = (typeof HTML5 === 'undefined' ? {} : HTML5);
-
-HTML5.CONTENT_MODEL_FLAGS = [
-  'PCDATA',
-  'RCDATA',
-  'CDATA',
-  'SCRIPT_CDATA',
-  'PLAINTEXT'
-];
-
-HTML5.Marker = {type: 'Marker', data: 'this is a marker token'};
-
-
-(function() {
-  function EOF() {
-  }
-
-  EOF.prototype = {
-    toString: function() { throw new Error("EOF added as string"); }
-  };
-  HTML5.EOF = new EOF();
-})();
-
-
-HTML5.EOF_TOK = {type: 'EOF', data: 'End of File' };
-HTML5.DRAIN = -2;
-
-HTML5.SCOPING_ELEMENTS = [
-  'applet', 'caption', 'html', 'table', 'td', 'th',
-  'marquee', 'object', 'math:mi', 'math:mo', 'math:mn', 'math:ms', 'math:mtext',
-  'math:annotation-xml', 'svg:foreignObject', 'svg:desc', 'svg:title'
-];
-
-HTML5.LIST_SCOPING_ELEMENTS = [
-  'ol', 'ul',
-  'applet', 'caption', 'html', 'table', 'td', 'th',
-  'marquee', 'object', 'math:mi', 'math:mo', 'math:mn', 'math:ms', 'math:mtext',
-  'math:annotation-xml', 'svg:foreignObject', 'svg:desc', 'svg:title'
-];
-HTML5.BUTTON_SCOPING_ELEMENTS = [
-  'button',
-  'applet', 'caption', 'html', 'table', 'td', 'th',
-  'marquee', 'object', 'math:mi', 'math:mo', 'math:mn', 'math:ms', 'math:mtext',
-  'math:annotation-xml', 'svg:foreignObject', 'svg:desc', 'svg:title'
-];
-HTML5.TABLE_SCOPING_ELEMENTS = [
-  'table', 'html'
-];
-HTML5.SELECT_SCOPING_ELEMENTS = [
-  'option', 'optgroup'
-];
-HTML5.FORMATTING_ELEMENTS = [
-  'a',
-  'b',
-  'big',
-  'code',
-  'em',
-  'font',
-  'i',
-  'nobr',
-  's',
-  'small',
-  'strike',
-  'strong',
-  'tt',
-  'u'
-];
-HTML5.SPECIAL_ELEMENTS = [
-  'address',
-  'area',
-  'base',
-  'basefont',
-  'bgsound',
-  'blockquote',
-  'body',
-  'br',
-  'center',
-  'col',
-  'colgroup',
-  'dd',
-  'dir',
-  'div',
-  'dl',
-  'dt',
-  'embed',
-  'fieldset',
-  'form',
-  'frame',
-  'frameset',
-  'h1',
-  'h2',
-  'h3',
-  'h4',
-  'h5',
-  'h6',
-  'head',
-  'hr',
-  'iframe',
-  'image',
-  'img',
-  'input',
-  'isindex',
-  'li',
-  'link',
-  'listing',
-  'menu',
-  'meta',
-  'noembed',
-  'noframes',
-  'noscript',
-  'ol',
-  'optgroup',
-  'option',
-  'p',
-  'param',
-  'plaintext',
-  'pre',
-  'script',
-  'select',
-  'spacer',
-  'style',
-  'tbody',
-  'textarea',
-  'tfoot',
-  'thead',
-  'title',
-  'tr',
-  'ul',
-  'wbr'
-];
-HTML5.SPACE_CHARACTERS_IN = "\t\n\x0B\x0C\x20\u0012\r";
-HTML5.SPACE_CHARACTERS = "[\t\n\x0B\x0C\x20\r]";
-HTML5.SPACE_CHARACTERS_R = /^[\t\n\x0B\x0C \r]/;
-
-HTML5.TABLE_INSERT_MODE_ELEMENTS = [
-  'table',
-  'tbody',
-  'tfoot',
-  'thead',
-  'tr'
-];
-
-HTML5.ASCII_LOWERCASE = 'abcdefghijklmnopqrstuvwxyz';
-HTML5.ASCII_UPPERCASE = HTML5.ASCII_LOWERCASE.toUpperCase();
-HTML5.ASCII_LETTERS = "[a-zA-Z]";
-HTML5.ASCII_LETTERS_R = /^[a-zA-Z]/;
-HTML5.DIGITS = '0123456789';
-HTML5.DIGITS_R = new RegExp('^[0123456789]');
-HTML5.HEX_DIGITS = HTML5.DIGITS + 'abcdefABCDEF';
-HTML5.HEX_DIGITS_R = new RegExp('^[' + HTML5.DIGITS + 'abcdefABCDEF' +']' );
-
-// Heading elements need to be ordered
-HTML5.HEADING_ELEMENTS = [
-  'h1',
-  'h2',
-  'h3',
-  'h4',
-  'h5',
-  'h6'
-];
-
-HTML5.VOID_ELEMENTS = [
-  'base',
-  'link',
-  'meta',
-  'hr',
-  'br',
-  'img',
-  'embed',
-  'param',
-  'area',
-  'col',
-  'input'
-];
-
-HTML5.CDATA_ELEMENTS = [
-  'title',
-  'textarea'
-];
-
-HTML5.RCDATA_ELEMENTS = [
-  'style',
-  'script',
-  'xmp',
-  'iframe',
-  'noembed',
-  'noframes',
-  'noscript'
-];
-
-HTML5.BOOLEAN_ATTRIBUTES = {
-  '_global': ['irrelevant'],
-  // Fixme?
-  'style': ['scoped'],
-  'img': ['ismap'],
-  'audio': ['autoplay', 'controls'],
-  'video': ['autoplay', 'controls'],
-  'script': ['defer', 'async'],
-  'details': ['open'],
-  'datagrid': ['multiple', 'disabled'],
-  'command': ['hidden', 'disabled', 'checked', 'default'],
-  'menu': ['autosubmit'],
-  'fieldset': ['disabled', 'readonly'],
-  'option': ['disabled', 'readonly', 'selected'],
-  'optgroup': ['disabled', 'readonly'],
-  'button': ['disabled', 'autofocus'],
-  'input': ['disabled', 'readonly', 'required', 'autofocus', 'checked', 'ismap'],
-  'select': ['disabled', 'readonly', 'autofocus', 'multiple'],
-  'output': ['disabled', 'readonly']
-};
-
-HTML5.ENCODINGS = [
-  'ansi_x3.4-1968',
-  'iso-ir-6',
-  'ansi_x3.4-1986',
-  'iso_646.irv:1991',
-  'ascii',
-  'iso646-us',
-  'us-ascii',
-  'us',
-  'ibm367',
-  'cp367',
-  'csascii',
-  'ks_c_5601-1987',
-  'korean',
-  'iso-2022-kr',
-  'csiso2022kr',
-  'euc-kr',
-  'iso-2022-jp',
-  'csiso2022jp',
-  'iso-2022-jp-2',
-  '',
-  'iso-ir-58',
-  'chinese',
-  'csiso58gb231280',
-  'iso_8859-1:1987',
-  'iso-ir-100',
-  'iso_8859-1',
-  'iso-8859-1',
-  'latin1',
-  'l1',
-  'ibm819',
-  'cp819',
-  'csisolatin1',
-  'iso_8859-2:1987',
-  'iso-ir-101',
-  'iso_8859-2',
-  'iso-8859-2',
-  'latin2',
-  'l2',
-  'csisolatin2',
-  'iso_8859-3:1988',
-  'iso-ir-109',
-  'iso_8859-3',
-  'iso-8859-3',
-  'latin3',
-  'l3',
-  'csisolatin3',
-  'iso_8859-4:1988',
-  'iso-ir-110',
-  'iso_8859-4',
-  'iso-8859-4',
-  'latin4',
-  'l4',
-  'csisolatin4',
-  'iso_8859-6:1987',
-  'iso-ir-127',
-  'iso_8859-6',
-  'iso-8859-6',
-  'ecma-114',
-  'asmo-708',
-  'arabic',
-  'csisolatinarabic',
-  'iso_8859-7:1987',
-  'iso-ir-126',
-  'iso_8859-7',
-  'iso-8859-7',
-  'elot_928',
-  'ecma-118',
-  'greek',
-  'greek8',
-  'csisolatingreek',
-  'iso_8859-8:1988',
-  'iso-ir-138',
-  'iso_8859-8',
-  'iso-8859-8',
-  'hebrew',
-  'csisolatinhebrew',
-  'iso_8859-5:1988',
-  'iso-ir-144',
-  'iso_8859-5',
-  'iso-8859-5',
-  'cyrillic',
-  'csisolatincyrillic',
-  'iso_8859-9:1989',
-  'iso-ir-148',
-  'iso_8859-9',
-  'iso-8859-9',
-  'latin5',
-  'l5',
-  'csisolatin5',
-  'iso-8859-10',
-  'iso-ir-157',
-  'l6',
-  'iso_8859-10:1992',
-  'csisolatin6',
-  'latin6',
-  'hp-roman8',
-  'roman8',
-  'r8',
-  'ibm037',
-  'cp037',
-  'csibm037',
-  'ibm424',
-  'cp424',
-  'csibm424',
-  'ibm437',
-  'cp437',
-  '437',
-  'cspc8codepage437',
-  'ibm500',
-  'cp500',
-  'csibm500',
-  'ibm775',
-  'cp775',
-  'cspc775baltic',
-  'ibm850',
-  'cp850',
-  '850',
-  'cspc850multilingual',
-  'ibm852',
-  'cp852',
-  '852',
-  'cspcp852',
-  'ibm855',
-  'cp855',
-  '855',
-  'csibm855',
-  'ibm857',
-  'cp857',
-  '857',
-  'csibm857',
-  'ibm860',
-  'cp860',
-  '860',
-  'csibm860',
-  'ibm861',
-  'cp861',
-  '861',
-  'cp-is',
-  'csibm861',
-  'ibm862',
-  'cp862',
-  '862',
-  'cspc862latinhebrew',
-  'ibm863',
-  'cp863',
-  '863',
-  'csibm863',
-  'ibm864',
-  'cp864',
-  'csibm864',
-  'ibm865',
-  'cp865',
-  '865',
-  'csibm865',
-  'ibm866',
-  'cp866',
-  '866',
-  'csibm866',
-  'ibm869',
-  'cp869',
-  '869',
-  'cp-gr',
-  'csibm869',
-  'ibm1026',
-  'cp1026',
-  'csibm1026',
-  'koi8-r',
-  'cskoi8r',
-  'koi8-u',
-  'big5-hkscs',
-  'ptcp154',
-  'csptcp154',
-  'pt154',
-  'cp154',
-  'utf-7',
-  'utf-16be',
-  'utf-16le',
-  'utf-16',
-  'utf-8',
-  'iso-8859-13',
-  'iso-8859-14',
-  'iso-ir-199',
-  'iso_8859-14:1998',
-  'iso_8859-14',
-  'latin8',
-  'iso-celtic',
-  'l8',
-  'iso-8859-15',
-  'iso_8859-15',
-  'iso-8859-16',
-  'iso-ir-226',
-  'iso_8859-16:2001',
-  'iso_8859-16',
-  'latin10',
-  'l10',
-  'gbk',
-  'cp936',
-  'ms936',
-  'gb18030',
-  'shift_jis',
-  'ms_kanji',
-  'csshiftjis',
-  'euc-jp',
-  'gb2312',
-  'big5',
-  'csbig5',
-  'windows-1250',
-  'windows-1251',
-  'windows-1252',
-  'windows-1253',
-  'windows-1254',
-  'windows-1255',
-  'windows-1256',
-  'windows-1257',
-  'windows-1258',
-  'tis-620',
-  'hz-gb-2312'
-];
-
-HTML5.E = {
-  "null-character":
-  "Null character in input stream, replaced with U+FFFD.",
-  "incorrectly-placed-solidus":
-  "Solidus (/) incorrectly placed in tag.",
-  "incorrect-cr-newline-entity":
-  "Incorrect CR newline entity, replaced with LF.",
-  "illegal-windows-1252-entity":
-  "Entity used with illegal number (windows-1252 reference).",
-  "cant-convert-numeric-entity":
-  "Numeric entity couldn't be converted to character " +
-    "(codepoint U+%(charAsInt)08x).",
-  "illegal-codepoint-for-numeric-entity":
-  "Numeric entity represents an illegal codepoint=> " +
-    "U+%(charAsInt)08x.",
-  "numeric-entity-without-semicolon":
-  "Numeric entity didn't end with ';'.",
-  "expected-numeric-entity-but-got-eof":
-  "Numeric entity expected. Got end of file instead.",
-  "expected-numeric-entity":
-  "Numeric entity expected but none found.",
-  "named-entity-without-semicolon":
-  "Named entity didn't end with ';'.",
-  "expected-named-entity":
-  "Named entity expected. Got none.",
-  "attributes-in-end-tag":
-  "End tag contains unexpected attributes.",
-  "expected-tag-name-but-got-right-bracket":
-  "Expected tag name. Got '>' instead.",
-  "expected-tag-name-but-got-question-mark":
-  "Expected tag name. Got '?' instead. (HTML doesn't " +
-    "support processing instructions.)",
-  "expected-tag-name":
-  "Expected tag name. Got something else instead",
-  "expected-closing-tag-but-got-right-bracket":
-  "Expected closing tag. Got '>' instead. Ignoring '</>'.",
-  "expected-closing-tag-but-got-eof":
-  "Expected closing tag. Unexpected end of file.",
-  "expected-closing-tag-but-got-char":
-  "Expected closing tag. Unexpected character '%(data)' found.",
-  "eof-in-tag-name":
-  "Unexpected end of file in the tag name.",
-  "expected-attribute-name-but-got-eof":
-  "Unexpected end of file. Expected attribute name instead.",
-  "eof-in-attribute-name":
-  "Unexpected end of file in attribute name.",
-  "duplicate-attribute":
-  "Dropped duplicate attribute on tag.",
-  "expected-end-of-tag-name-but-got-eof":
-  "Unexpected end of file. Expected = or end of tag.",
-  "expected-attribute-value-but-got-eof":
-  "Unexpected end of file. Expected attribute value.",
-  "eof-in-attribute-value-double-quote":
-  "Unexpected end of file in attribute value (\").",
-  "eof-in-attribute-value-single-quote":
-  "Unexpected end of file in attribute value (').",
-  "eof-in-attribute-value-no-quotes":
-  "Unexpected end of file in attribute value.",
-  "expected-dashes-or-doctype":
-  "Expected '--' or 'DOCTYPE'. Not found.",
-  "incorrect-comment":
-  "Incorrect comment.",
-  "eof-in-comment":
-  "Unexpected end of file in comment.",
-  "eof-in-comment-end-dash":
-  "Unexpected end of file in comment (-)",
-  "unexpected-dash-after-double-dash-in-comment":
-  "Unexpected '-' after '--' found in comment.",
-  "eof-in-comment-double-dash":
-  "Unexpected end of file in comment (--).",
-  "unexpected-char-in-comment":
-  "Unexpected character in comment found.",
-  "need-space-after-doctype":
-  "No space after literal string 'DOCTYPE'.",
-  "expected-doctype-name-but-got-right-bracket":
-  "Unexpected > character. Expected DOCTYPE name.",
-  "expected-doctype-name-but-got-eof":
-  "Unexpected end of file. Expected DOCTYPE name.",
-  "eof-in-doctype-name":
-  "Unexpected end of file in DOCTYPE name.",
-  "eof-in-doctype":
-  "Unexpected end of file in DOCTYPE.",
-  "expected-space-or-right-bracket-in-doctype":
-  "Expected space or '>'. Got '%(data)'",
-  "unexpected-end-of-doctype":
-  "Unexpected end of DOCTYPE.",
-  "unexpected-char-in-doctype":
-  "Unexpected character in DOCTYPE.",
-  "eof-in-bogus-doctype":
-  "Unexpected end of file in bogus doctype.",
-  "eof-in-innerhtml":
-  "Unexpected EOF in inner html mode.",
-  "unexpected-doctype":
-  "Unexpected DOCTYPE. Ignored.",
-  "non-html-root":
-  "html needs to be the first start tag.",
-  "expected-doctype-but-got-eof":
-  "Unexpected End of file. Expected DOCTYPE.",
-  "unknown-doctype":
-  "Erroneous DOCTYPE.",
-  "expected-doctype-but-got-chars":
-  "Unexpected non-space characters. Expected DOCTYPE.",
-  "expected-doctype-but-got-start-tag":
-  "Unexpected start tag (%(name)). Expected DOCTYPE.",
-  "expected-doctype-but-got-end-tag":
-  "Unexpected end tag (%(name)). Expected DOCTYPE.",
-  "end-tag-after-implied-root":
-  "Unexpected end tag (%(name)) after the (implied) root element.",
-  "expected-named-closing-tag-but-got-eof":
-  "Unexpected end of file. Expected end tag (%(name)).",
-  "two-heads-are-not-better-than-one":
-  "Unexpected start tag head in existing head. Ignored.",
-  "unexpected-end-tag":
-  "Unexpected end tag (%(name)). Ignored.",
-  "unexpected-start-tag-out-of-my-head":
-  "Unexpected start tag (%(name)) that can be in head. Moved.",
-  "unexpected-start-tag":
-  "Unexpected start tag (%(name)).",
-  "missing-end-tag":
-  "Missing end tag (%(name)).",
-  "missing-end-tags":
-  "Missing end tags (%(name)).",
-  "unexpected-start-tag-implies-end-tag":
-  "Unexpected start tag (%(startName)) " +
-    "implies end tag (%(endName)).",
-  "unexpected-start-tag-treated-as":
-  "Unexpected start tag (%(originalName)). Treated as %(newName).",
-  "deprecated-tag":
-  "Unexpected start tag %(name). Don't use it!",
-  "unexpected-start-tag-ignored":
-  "Unexpected start tag %(name). Ignored.",
-  "expected-one-end-tag-but-got-another":
-  "Unexpected end tag (%(gotName). " +
-    "Missing end tag (%(expectedName)).",
-  "end-tag-too-early":
-  "End tag (%(name)) seen too early. Expected other end tag.",
-  "end-tag-too-early-named":
-  "Unexpected end tag (%(gotName)). Expected end tag (%(expectedName).",
-  "end-tag-too-early-ignored":
-  "End tag (%(name)) seen too early. Ignored.",
-  "adoption-agency-1.1":
-  "End tag (%(name) violates step 1, " +
-    "paragraph 1 of the adoption agency algorithm.",
-  "adoption-agency-1.2":
-  "End tag (%(name) violates step 1, " +
-    "paragraph 2 of the adoption agency algorithm.",
-  "adoption-agency-1.3":
-  "End tag (%(name) violates step 1, " +
-    "paragraph 3 of the adoption agency algorithm.",
-  "unexpected-end-tag-treated-as":
-  "Unexpected end tag (%(originalName)). Treated as %(newName).",
-  "no-end-tag":
-  "This element (%(name)) has no end tag.",
-  "unexpected-implied-end-tag-in-table":
-  "Unexpected implied end tag (%(name)) in the table phase.",
-  "unexpected-implied-end-tag-in-table-body":
-  "Unexpected implied end tag (%(name)) in the table body phase.",
-  "unexpected-char-implies-table-voodoo":
-  "Unexpected non-space characters in " +
-    "table context caused voodoo mode.",
-  "unpexted-hidden-input-in-table":
-  "Unexpected input with type hidden in table context.",
-  "unexpected-start-tag-implies-table-voodoo":
-  "Unexpected start tag (%(name)) in " +
-    "table context caused voodoo mode.",
-  "unexpected-end-tag-implies-table-voodoo":
-  "Unexpected end tag (%(name)) in " +
-    "table context caused voodoo mode.",
-  "unexpected-cell-in-table-body":
-  "Unexpected table cell start tag (%(name)) " +
-    "in the table body phase.",
-  "unexpected-cell-end-tag":
-  "Got table cell end tag (%(name)) " +
-    "while required end tags are missing.",
-  "unexpected-end-tag-in-table-body":
-  "Unexpected end tag (%(name)) in the table body phase. Ignored.",
-  "unexpected-implied-end-tag-in-table-row":
-  "Unexpected implied end tag (%(name)) in the table row phase.",
-  "unexpected-end-tag-in-table-row":
-  "Unexpected end tag (%(name)) in the table row phase. Ignored.",
-  "unexpected-select-in-select":
-  "Unexpected select start tag in the select phase " +
-    "treated as select end tag.",
-  "unexpected-input-in-select":
-  "Unexpected input start tag in the select phase.",
-  "unexpected-start-tag-in-select":
-  "Unexpected start tag token (%(name)) in the select phase. " +
-    "Ignored.",
-  "unexpected-end-tag-in-select":
-  "Unexpected end tag (%(name)) in the select phase. Ignored.",
-  "unexpected-table-element-start-tag-in-select-in-table":
-  "Unexpected table element start tag (%(name))s in the select in table phase.",
-  "unexpected-table-element-end-tag-in-select-in-table":
-  "Unexpected table element end tag (%(name))s in the select in table phase.",
-  "unexpected-char-after-body":
-  "Unexpected non-space characters in the after body phase.",
-  "unexpected-start-tag-after-body":
-  "Unexpected start tag token (%(name))" +
-    "in the after body phase.",
-  "unexpected-end-tag-after-body":
-  "Unexpected end tag token (%(name))" +
-    " in the after body phase.",
-  "unexpected-char-in-frameset":
-  "Unepxected characters in the frameset phase. Characters ignored.",
-  "unexpected-start-tag-in-frameset":
-  "Unexpected start tag token (%(name))" +
-    " in the frameset phase. Ignored.",
-  "unexpected-frameset-in-frameset-innerhtml":
-  "Unexpected end tag token (frameset " +
-    "in the frameset phase (innerHTML).",
-  "unexpected-end-tag-in-frameset":
-  "Unexpected end tag token (%(name))" +
-    " in the frameset phase. Ignored.",
-  "unexpected-char-after-frameset":
-  "Unexpected non-space characters in the " +
-    "after frameset phase. Ignored.",
-  "unexpected-start-tag-after-frameset":
-  "Unexpected start tag (%(name))" +
-    " in the after frameset phase. Ignored.",
-  "unexpected-end-tag-after-frameset":
-  "Unexpected end tag (%(name))" +
-    " in the after frameset phase. Ignored.",
-  "expected-eof-but-got-char":
-  "Unexpected non-space characters. Expected end of file.",
-  "expected-eof-but-got-start-tag":
-  "Unexpected start tag (%(name))" +
-    ". Expected end of file.",
-  "expected-eof-but-got-end-tag":
-  "Unexpected end tag (%(name))" +
-    ". Expected end of file.",
-  "unexpected-end-table-in-caption":
-  "Unexpected end table tag in caption. Generates implied end caption.",
-  "end-html-in-innerhtml":
-  "Unexpected html end tag in inner html mode.",
-  "expected-self-closing-tag":
-  "Expected a > after the /.",
-  "self-closing-end-tag":
-  "Self closing end tag.",
-  "eof-in-table":
-  "Unexpected end of file. Expected table content.",
-  "html-in-foreign-content":
-  "HTML start tag \"%(name)\" in a foreign namespace context.",
-  "unexpected-start-tag-in-table":
-  "Unexpected %(name). Expected table content."
-};
-
-HTML5.Models = {PCDATA: 'PCDATA', RCDATA: 'RCDATA', CDATA: 'CDATA', SCRIPT_CDATA: 'SCRIPT_CDATA'};
-
-HTML5.TAGMODES = {
-  select: 'inSelect',
-  td: 'inCell',
-  th: 'inCell',
-  tr: 'inRow',
-  tbody: 'inTableBody',
-  thead: 'inTableBody',
-  tfoot: 'inTableBody',
-  caption: 'inCaption',
-  colgroup: 'inColumnGroup',
-  table: 'inTable',
-  head: 'inBody',
-  body: 'inBody',
-  frameset: 'inFrameset'
-};
-
-HTML5.SVGAttributeMap = {
-  attributename:	'attributeName',
-  attributetype:	'attributeType',
-  basefrequency:	'baseFrequency',
-  baseprofile:	'baseProfile',
-  calcmode:	'calcMode',
-  clippathunits:	'clipPathUnits',
-  contentscripttype:	'contentScriptType',
-  contentstyletype:	'contentStyleType',
-  diffuseconstant:	'diffuseConstant',
-  edgemode:	'edgeMode',
-  externalresourcesrequired:	'externalResourcesRequired',
-  filterres:	'filterRes',
-  filterunits:	'filterUnits',
-  glyphref:	'glyphRef',
-  gradienttransform:	'gradientTransform',
-  gradientunits:	'gradientUnits',
-  kernelmatrix:	'kernelMatrix',
-  kernelunitlength:	'kernelUnitLength',
-  keypoints:	'keyPoints',
-  keysplines:	'keySplines',
-  keytimes:	'keyTimes',
-  lengthadjust:	'lengthAdjust',
-  limitingconeangle:	'limitingConeAngle',
-  markerheight:	'markerHeight',
-  markerunits:	'markerUnits',
-  markerwidth:	'markerWidth',
-  maskcontentunits:	'maskContentUnits',
-  maskunits:	'maskUnits',
-  numoctaves:	'numOctaves',
-  pathlength:	'pathLength',
-  patterncontentunits:	'patternContentUnits',
-  patterntransform:	'patternTransform',
-  patternunits:	'patternUnits',
-  pointsatx:	'pointsAtX',
-  pointsaty:	'pointsAtY',
-  pointsatz:	'pointsAtZ',
-  preservealpha:	'preserveAlpha',
-  preserveaspectratio:	'preserveAspectRatio',
-  primitiveunits:	'primitiveUnits',
-  refx:	'refX',
-  refy:	'refY',
-  repeatcount:	'repeatCount',
-  repeatdur:	'repeatDur',
-  requiredextensions:	'requiredExtensions',
-  requiredfeatures:	'requiredFeatures',
-  specularconstant:	'specularConstant',
-  specularexponent:	'specularExponent',
-  spreadmethod:	'spreadMethod',
-  startoffset:	'startOffset',
-  stddeviation:	'stdDeviation',
-  stitchtiles:	'stitchTiles',
-  surfacescale:	'surfaceScale',
-  systemlanguage:	'systemLanguage',
-  tablevalues:	'tableValues',
-  targetx:	'targetX',
-  targety:	'targetY',
-  textlength:	'textLength',
-  viewbox:	'viewBox',
-  viewtarget:	'viewTarget',
-  xchannelselector:	'xChannelSelector',
-  ychannelselector:	'yChannelSelector',
-  zoomandpan:	'zoomAndPan'
-};
diff --git a/packages/html5-tokenizer/entities.js b/packages/html5-tokenizer/entities.js
deleted file mode 100644
index 87bc80fa2a..0000000000
--- a/packages/html5-tokenizer/entities.js
+++ /dev/null
@@ -1,2235 +0,0 @@
-HTML5 = (typeof HTML5 === 'undefined' ? {} : HTML5);
-
-HTML5.ENTITIES = {
-  "AElig": "\u00C6",
-  "AElig;": "\u00C6",
-  "AMP": "&",
-  "AMP;": "&",
-  "Aacute": "\u00C1",
-  "Aacute;": "\u00C1",
-  "Abreve;": "\u0102",
-  "Acirc": "\u00C2",
-  "Acirc;": "\u00C2",
-  "Acy;": "\u0410",
-  "Afr;": "\u1D504",
-  "Agrave": "\u00C0",
-  "Agrave;": "\u00C0",
-  "Alpha;": "\u0391",
-  "Amacr;": "\u0100",
-  "And;": "\u2A53",
-  "Aogon;": "\u0104",
-  "Aopf;": "\u1D538",
-  "ApplyFunction;": "\u2061",
-  "Aring": "\u00C5",
-  "Aring;": "\u00C5",
-  "Ascr;": "\u1D49C",
-  "Assign;": "\u2254",
-  "Atilde": "\u00C3",
-  "Atilde;": "\u00C3",
-  "Auml": "\u00C4",
-  "Auml;": "\u00C4",
-  "Backslash;": "\u2216",
-  "Barv;": "\u2AE7",
-  "Barwed;": "\u2306",
-  "Bcy;": "\u0411",
-  "Because;": "\u2235",
-  "Bernoullis;": "\u212C",
-  "Beta;": "\u0392",
-  "Bfr;": "\u1D505",
-  "Bopf;": "\u1D539",
-  "Breve;": "\u02D8",
-  "Bscr;": "\u212C",
-  "Bumpeq;": "\u224E",
-  "CHcy;": "\u0427",
-  "COPY": "\u00A9",
-  "COPY;": "\u00A9",
-  "Cacute;": "\u0106",
-  "Cap;": "\u22D2",
-  "CapitalDifferentialD;": "\u2145",
-  "Cayleys;": "\u212D",
-  "Ccaron;": "\u010C",
-  "Ccedil": "\u00C7",
-  "Ccedil;": "\u00C7",
-  "Ccirc;": "\u0108",
-  "Cconint;": "\u2230",
-  "Cdot;": "\u010A",
-  "Cedilla;": "\u00B8",
-  "CenterDot;": "\u00B7",
-  "Cfr;": "\u212D",
-  "Chi;": "\u03A7",
-  "CircleDot;": "\u2299",
-  "CircleMinus;": "\u2296",
-  "CirclePlus;": "\u2295",
-  "CircleTimes;": "\u2297",
-  "ClockwiseContourIntegral;": "\u2232",
-  "CloseCurlyDoubleQuote;": "\u201D",
-  "CloseCurlyQuote;": "\u2019",
-  "Colon;": "\u2237",
-  "Colone;": "\u2A74",
-  "Congruent;": "\u2261",
-  "Conint;": "\u222F",
-  "ContourIntegral;": "\u222E",
-  "Copf;": "\u2102",
-  "Coproduct;": "\u2210",
-  "CounterClockwiseContourIntegral;": "\u2233",
-  "Cross;": "\u2A2F",
-  "Cscr;": "\u1D49E",
-  "Cup;": "\u22D3",
-  "CupCap;": "\u224D",
-  "DD;": "\u2145",
-  "DDotrahd;": "\u2911",
-  "DJcy;": "\u0402",
-  "DScy;": "\u0405",
-  "DZcy;": "\u040F",
-  "Dagger;": "\u2021",
-  "Darr;": "\u21A1",
-  "Dashv;": "\u2AE4",
-  "Dcaron;": "\u010E",
-  "Dcy;": "\u0414",
-  "Del;": "\u2207",
-  "Delta;": "\u0394",
-  "Dfr;": "\u1D507",
-  "DiacriticalAcute;": "\u00B4",
-  "DiacriticalDot;": "\u02D9",
-  "DiacriticalDoubleAcute;": "\u02DD",
-  "DiacriticalGrave;": "`",
-  "DiacriticalTilde;": "\u02DC",
-  "Diamond;": "\u22C4",
-  "DifferentialD;": "\u2146",
-  "Dopf;": "\u1D53B",
-  "Dot;": "\u00A8",
-  "DotDot;": "\u20DC",
-  "DotEqual;": "\u2250",
-  "DoubleContourIntegral;": "\u222F",
-  "DoubleDot;": "\u00A8",
-  "DoubleDownArrow;": "\u21D3",
-  "DoubleLeftArrow;": "\u21D0",
-  "DoubleLeftRightArrow;": "\u21D4",
-  "DoubleLeftTee;": "\u2AE4",
-  "DoubleLongLeftArrow;": "\u27F8",
-  "DoubleLongLeftRightArrow;": "\u27FA",
-  "DoubleLongRightArrow;": "\u27F9",
-  "DoubleRightArrow;": "\u21D2",
-  "DoubleRightTee;": "\u22A8",
-  "DoubleUpArrow;": "\u21D1",
-  "DoubleUpDownArrow;": "\u21D5",
-  "DoubleVerticalBar;": "\u2225",
-  "DownArrow;": "\u2193",
-  "DownArrowBar;": "\u2913",
-  "DownArrowUpArrow;": "\u21F5",
-  "DownBreve;": "\u0311",
-  "DownLeftRightVector;": "\u2950",
-  "DownLeftTeeVector;": "\u295E",
-  "DownLeftVector;": "\u21BD",
-  "DownLeftVectorBar;": "\u2956",
-  "DownRightTeeVector;": "\u295F",
-  "DownRightVector;": "\u21C1",
-  "DownRightVectorBar;": "\u2957",
-  "DownTee;": "\u22A4",
-  "DownTeeArrow;": "\u21A7",
-  "Downarrow;": "\u21D3",
-  "Dscr;": "\u1D49F",
-  "Dstrok;": "\u0110",
-  "ENG;": "\u014A",
-  "ETH": "\u00D0",
-  "ETH;": "\u00D0",
-  "Eacute": "\u00C9",
-  "Eacute;": "\u00C9",
-  "Ecaron;": "\u011A",
-  "Ecirc": "\u00CA",
-  "Ecirc;": "\u00CA",
-  "Ecy;": "\u042D",
-  "Edot;": "\u0116",
-  "Efr;": "\u1D508",
-  "Egrave": "\u00C8",
-  "Egrave;": "\u00C8",
-  "Element;": "\u2208",
-  "Emacr;": "\u0112",
-  "EmptySmallSquare;": "\u25FB",
-  "EmptyVerySmallSquare;": "\u25AB",
-  "Eogon;": "\u0118",
-  "Eopf;": "\u1D53C",
-  "Epsilon;": "\u0395",
-  "Equal;": "\u2A75",
-  "EqualTilde;": "\u2242",
-  "Equilibrium;": "\u21CC",
-  "Escr;": "\u2130",
-  "Esim;": "\u2A73",
-  "Eta;": "\u0397",
-  "Euml": "\u00CB",
-  "Euml;": "\u00CB",
-  "Exists;": "\u2203",
-  "ExponentialE;": "\u2147",
-  "Fcy;": "\u0424",
-  "Ffr;": "\u1D509",
-  "FilledSmallSquare;": "\u25FC",
-  "FilledVerySmallSquare;": "\u25AA",
-  "Fopf;": "\u1D53D",
-  "ForAll;": "\u2200",
-  "Fouriertrf;": "\u2131",
-  "Fscr;": "\u2131",
-  "GJcy;": "\u0403",
-  "GT": ">",
-  "GT;": ">",
-  "Gamma;": "\u0393",
-  "Gammad;": "\u03DC",
-  "Gbreve;": "\u011E",
-  "Gcedil;": "\u0122",
-  "Gcirc;": "\u011C",
-  "Gcy;": "\u0413",
-  "Gdot;": "\u0120",
-  "Gfr;": "\u1D50A",
-  "Gg;": "\u22D9",
-  "Gopf;": "\u1D53E",
-  "GreaterEqual;": "\u2265",
-  "GreaterEqualLess;": "\u22DB",
-  "GreaterFullEqual;": "\u2267",
-  "GreaterGreater;": "\u2AA2",
-  "GreaterLess;": "\u2277",
-  "GreaterSlantEqual;": "\u2A7E",
-  "GreaterTilde;": "\u2273",
-  "Gscr;": "\u1D4A2",
-  "Gt;": "\u226B",
-  "HARDcy;": "\u042A",
-  "Hacek;": "\u02C7",
-  "Hat;": "^",
-  "Hcirc;": "\u0124",
-  "Hfr;": "\u210C",
-  "HilbertSpace;": "\u210B",
-  "Hopf;": "\u210D",
-  "HorizontalLine;": "\u2500",
-  "Hscr;": "\u210B",
-  "Hstrok;": "\u0126",
-  "HumpDownHump;": "\u224E",
-  "HumpEqual;": "\u224F",
-  "IEcy;": "\u0415",
-  "IJlig;": "\u0132",
-  "IOcy;": "\u0401",
-  "Iacute": "\u00CD",
-  "Iacute;": "\u00CD",
-  "Icirc": "\u00CE",
-  "Icirc;": "\u00CE",
-  "Icy;": "\u0418",
-  "Idot;": "\u0130",
-  "Ifr;": "\u2111",
-  "Igrave": "\u00CC",
-  "Igrave;": "\u00CC",
-  "Im;": "\u2111",
-  "Imacr;": "\u012A",
-  "ImaginaryI;": "\u2148",
-  "Implies;": "\u21D2",
-  "Int;": "\u222C",
-  "Integral;": "\u222B",
-  "Intersection;": "\u22C2",
-  "InvisibleComma;": "\u2063",
-  "InvisibleTimes;": "\u2062",
-  "Iogon;": "\u012E",
-  "Iopf;": "\u1D540",
-  "Iota;": "\u0399",
-  "Iscr;": "\u2110",
-  "Itilde;": "\u0128",
-  "Iukcy;": "\u0406",
-  "Iuml": "\u00CF",
-  "Iuml;": "\u00CF",
-  "Jcirc;": "\u0134",
-  "Jcy;": "\u0419",
-  "Jfr;": "\u1D50D",
-  "Jopf;": "\u1D541",
-  "Jscr;": "\u1D4A5",
-  "Jsercy;": "\u0408",
-  "Jukcy;": "\u0404",
-  "KHcy;": "\u0425",
-  "KJcy;": "\u040C",
-  "Kappa;": "\u039A",
-  "Kcedil;": "\u0136",
-  "Kcy;": "\u041A",
-  "Kfr;": "\u1D50E",
-  "Kopf;": "\u1D542",
-  "Kscr;": "\u1D4A6",
-  "LJcy;": "\u0409",
-  "LT": "<",
-  "LT;": "<",
-  "Lacute;": "\u0139",
-  "Lambda;": "\u039B",
-  "Lang;": "\u27EA",
-  "Laplacetrf;": "\u2112",
-  "Larr;": "\u219E",
-  "Lcaron;": "\u013D",
-  "Lcedil;": "\u013B",
-  "Lcy;": "\u041B",
-  "LeftAngleBracket;": "\u27E8",
-  "LeftArrow;": "\u2190",
-  "LeftArrowBar;": "\u21E4",
-  "LeftArrowRightArrow;": "\u21C6",
-  "LeftCeiling;": "\u2308",
-  "LeftDoubleBracket;": "\u27E6",
-  "LeftDownTeeVector;": "\u2961",
-  "LeftDownVector;": "\u21C3",
-  "LeftDownVectorBar;": "\u2959",
-  "LeftFloor;": "\u230A",
-  "LeftRightArrow;": "\u2194",
-  "LeftRightVector;": "\u294E",
-  "LeftTee;": "\u22A3",
-  "LeftTeeArrow;": "\u21A4",
-  "LeftTeeVector;": "\u295A",
-  "LeftTriangle;": "\u22B2",
-  "LeftTriangleBar;": "\u29CF",
-  "LeftTriangleEqual;": "\u22B4",
-  "LeftUpDownVector;": "\u2951",
-  "LeftUpTeeVector;": "\u2960",
-  "LeftUpVector;": "\u21BF",
-  "LeftUpVectorBar;": "\u2958",
-  "LeftVector;": "\u21BC",
-  "LeftVectorBar;": "\u2952",
-  "Leftarrow;": "\u21D0",
-  "Leftrightarrow;": "\u21D4",
-  "LessEqualGreater;": "\u22DA",
-  "LessFullEqual;": "\u2266",
-  "LessGreater;": "\u2276",
-  "LessLess;": "\u2AA1",
-  "LessSlantEqual;": "\u2A7D",
-  "LessTilde;": "\u2272",
-  "Lfr;": "\u1D50F",
-  "Ll;": "\u22D8",
-  "Lleftarrow;": "\u21DA",
-  "Lmidot;": "\u013F",
-  "LongLeftArrow;": "\u27F5",
-  "LongLeftRightArrow;": "\u27F7",
-  "LongRightArrow;": "\u27F6",
-  "Longleftarrow;": "\u27F8",
-  "Longleftrightarrow;": "\u27FA",
-  "Longrightarrow;": "\u27F9",
-  "Lopf;": "\u1D543",
-  "LowerLeftArrow;": "\u2199",
-  "LowerRightArrow;": "\u2198",
-  "Lscr;": "\u2112",
-  "Lsh;": "\u21B0",
-  "Lstrok;": "\u0141",
-  "Lt;": "\u226A",
-  "Map;": "\u2905",
-  "Mcy;": "\u041C",
-  "MediumSpace;": "\u205F",
-  "Mellintrf;": "\u2133",
-  "Mfr;": "\u1D510",
-  "MinusPlus;": "\u2213",
-  "Mopf;": "\u1D544",
-  "Mscr;": "\u2133",
-  "Mu;": "\u039C",
-  "NJcy;": "\u040A",
-  "Nacute;": "\u0143",
-  "Ncaron;": "\u0147",
-  "Ncedil;": "\u0145",
-  "Ncy;": "\u041D",
-  "NegativeMediumSpace;": "\u200B",
-  "NegativeThickSpace;": "\u200B",
-  "NegativeThinSpace;": "\u200B",
-  "NegativeVeryThinSpace;": "\u200B",
-  "NestedGreaterGreater;": "\u226B",
-  "NestedLessLess;": "\u226A",
-  "NewLine;": "\u000A",
-  "Nfr;": "\u1D511",
-  "NoBreak;": "\u2060",
-  "NonBreakingSpace;": "\u00A0",
-  "Nopf;": "\u2115",
-  "Not;": "\u2AEC",
-  "NotCongruent;": "\u2262",
-  "NotCupCap;": "\u226D",
-  "NotDoubleVerticalBar;": "\u2226",
-  "NotElement;": "\u2209",
-  "NotEqual;": "\u2260",
-  "NotEqualTilde;": "\u2242\u0338",
-  "NotExists;": "\u2204",
-  "NotGreater;": "\u226F",
-  "NotGreaterEqual;": "\u2271",
-  "NotGreaterFullEqual;": "\u2267\u0338",
-  "NotGreaterGreater;": "\u226B\u0338",
-  "NotGreaterLess;": "\u2279",
-  "NotGreaterSlantEqual;": "\u2A7E\u0338",
-  "NotGreaterTilde;": "\u2275",
-  "NotHumpDownHump;": "\u224E\u0338",
-  "NotHumpEqual;": "\u224F\u0338",
-  "NotLeftTriangle;": "\u22EA",
-  "NotLeftTriangleBar;": "\u29CF\u0338",
-  "NotLeftTriangleEqual;": "\u22EC",
-  "NotLess;": "\u226E",
-  "NotLessEqual;": "\u2270",
-  "NotLessGreater;": "\u2278",
-  "NotLessLess;": "\u226A\u0338",
-  "NotLessSlantEqual;": "\u2A7D\u0338",
-  "NotLessTilde;": "\u2274",
-  "NotNestedGreaterGreater;": "\u2AA2\u0338",
-  "NotNestedLessLess;": "\u2AA1\u0338",
-  "NotPrecedes;": "\u2280",
-  "NotPrecedesEqual;": "\u2AAF\u0338",
-  "NotPrecedesSlantEqual;": "\u22E0",
-  "NotReverseElement;": "\u220C",
-  "NotRightTriangle;": "\u22EB",
-  "NotRightTriangleBar;": "\u29D0\u0338",
-  "NotRightTriangleEqual;": "\u22ED",
-  "NotSquareSubset;": "\u228F\u0338",
-  "NotSquareSubsetEqual;": "\u22E2",
-  "NotSquareSuperset;": "\u2290\u0338",
-  "NotSquareSupersetEqual;": "\u22E3",
-  "NotSubset;": "\u2282\u20D2",
-  "NotSubsetEqual;": "\u2288",
-  "NotSucceeds;": "\u2281",
-  "NotSucceedsEqual;": "\u2AB0\u0338",
-  "NotSucceedsSlantEqual;": "\u22E1",
-  "NotSucceedsTilde;": "\u227F\u0338",
-  "NotSuperset;": "\u2283\u20D2",
-  "NotSupersetEqual;": "\u2289",
-  "NotTilde;": "\u2241",
-  "NotTildeEqual;": "\u2244",
-  "NotTildeFullEqual;": "\u2247",
-  "NotTildeTilde;": "\u2249",
-  "NotVerticalBar;": "\u2224",
-  "Nscr;": "\u1D4A9",
-  "Ntilde": "\u00D1",
-  "Ntilde;": "\u00D1",
-  "Nu;": "\u039D",
-  "OElig;": "\u0152",
-  "Oacute": "\u00D3",
-  "Oacute;": "\u00D3",
-  "Ocirc": "\u00D4",
-  "Ocirc;": "\u00D4",
-  "Ocy;": "\u041E",
-  "Odblac;": "\u0150",
-  "Ofr;": "\u1D512",
-  "Ograve": "\u00D2",
-  "Ograve;": "\u00D2",
-  "Omacr;": "\u014C",
-  "Omega;": "\u03A9",
-  "Omicron;": "\u039F",
-  "Oopf;": "\u1D546",
-  "OpenCurlyDoubleQuote;": "\u201C",
-  "OpenCurlyQuote;": "\u2018",
-  "Or;": "\u2A54",
-  "Oscr;": "\u1D4AA",
-  "Oslash": "\u00D8",
-  "Oslash;": "\u00D8",
-  "Otilde": "\u00D5",
-  "Otilde;": "\u00D5",
-  "Otimes;": "\u2A37",
-  "Ouml": "\u00D6",
-  "Ouml;": "\u00D6",
-  "OverBar;": "\u203E",
-  "OverBrace;": "\u23DE",
-  "OverBracket;": "\u23B4",
-  "OverParenthesis;": "\u23DC",
-  "PartialD;": "\u2202",
-  "Pcy;": "\u041F",
-  "Pfr;": "\u1D513",
-  "Phi;": "\u03A6",
-  "Pi;": "\u03A0",
-  "PlusMinus;": "\u00B1",
-  "Poincareplane;": "\u210C",
-  "Popf;": "\u2119",
-  "Pr;": "\u2ABB",
-  "Precedes;": "\u227A",
-  "PrecedesEqual;": "\u2AAF",
-  "PrecedesSlantEqual;": "\u227C",
-  "PrecedesTilde;": "\u227E",
-  "Prime;": "\u2033",
-  "Product;": "\u220F",
-  "Proportion;": "\u2237",
-  "Proportional;": "\u221D",
-  "Pscr;": "\u1D4AB",
-  "Psi;": "\u03A8",
-  "QUOT": "\u0022",
-  "QUOT;": "\u0022",
-  "Qfr;": "\u1D514",
-  "Qopf;": "\u211A",
-  "Qscr;": "\u1D4AC",
-  "RBarr;": "\u2910",
-  "REG": "\u00AE",
-  "REG;": "\u00AE",
-  "Racute;": "\u0154",
-  "Rang;": "\u27EB",
-  "Rarr;": "\u21A0",
-  "Rarrtl;": "\u2916",
-  "Rcaron;": "\u0158",
-  "Rcedil;": "\u0156",
-  "Rcy;": "\u0420",
-  "Re;": "\u211C",
-  "ReverseElement;": "\u220B",
-  "ReverseEquilibrium;": "\u21CB",
-  "ReverseUpEquilibrium;": "\u296F",
-  "Rfr;": "\u211C",
-  "Rho;": "\u03A1",
-  "RightAngleBracket;": "\u27E9",
-  "RightArrow;": "\u2192",
-  "RightArrowBar;": "\u21E5",
-  "RightArrowLeftArrow;": "\u21C4",
-  "RightCeiling;": "\u2309",
-  "RightDoubleBracket;": "\u27E7",
-  "RightDownTeeVector;": "\u295D",
-  "RightDownVector;": "\u21C2",
-  "RightDownVectorBar;": "\u2955",
-  "RightFloor;": "\u230B",
-  "RightTee;": "\u22A2",
-  "RightTeeArrow;": "\u21A6",
-  "RightTeeVector;": "\u295B",
-  "RightTriangle;": "\u22B3",
-  "RightTriangleBar;": "\u29D0",
-  "RightTriangleEqual;": "\u22B5",
-  "RightUpDownVector;": "\u294F",
-  "RightUpTeeVector;": "\u295C",
-  "RightUpVector;": "\u21BE",
-  "RightUpVectorBar;": "\u2954",
-  "RightVector;": "\u21C0",
-  "RightVectorBar;": "\u2953",
-  "Rightarrow;": "\u21D2",
-  "Ropf;": "\u211D",
-  "RoundImplies;": "\u2970",
-  "Rrightarrow;": "\u21DB",
-  "Rscr;": "\u211B",
-  "Rsh;": "\u21B1",
-  "RuleDelayed;": "\u29F4",
-  "SHCHcy;": "\u0429",
-  "SHcy;": "\u0428",
-  "SOFTcy;": "\u042C",
-  "Sacute;": "\u015A",
-  "Sc;": "\u2ABC",
-  "Scaron;": "\u0160",
-  "Scedil;": "\u015E",
-  "Scirc;": "\u015C",
-  "Scy;": "\u0421",
-  "Sfr;": "\u1D516",
-  "ShortDownArrow;": "\u2193",
-  "ShortLeftArrow;": "\u2190",
-  "ShortRightArrow;": "\u2192",
-  "ShortUpArrow;": "\u2191",
-  "Sigma;": "\u03A3",
-  "SmallCircle;": "\u2218",
-  "Sopf;": "\u1D54A",
-  "Sqrt;": "\u221A",
-  "Square;": "\u25A1",
-  "SquareIntersection;": "\u2293",
-  "SquareSubset;": "\u228F",
-  "SquareSubsetEqual;": "\u2291",
-  "SquareSuperset;": "\u2290",
-  "SquareSupersetEqual;": "\u2292",
-  "SquareUnion;": "\u2294",
-  "Sscr;": "\u1D4AE",
-  "Star;": "\u22C6",
-  "Sub;": "\u22D0",
-  "Subset;": "\u22D0",
-  "SubsetEqual;": "\u2286",
-  "Succeeds;": "\u227B",
-  "SucceedsEqual;": "\u2AB0",
-  "SucceedsSlantEqual;": "\u227D",
-  "SucceedsTilde;": "\u227F",
-  "SuchThat;": "\u220B",
-  "Sum;": "\u2211",
-  "Sup;": "\u22D1",
-  "Superset;": "\u2283",
-  "SupersetEqual;": "\u2287",
-  "Supset;": "\u22D1",
-  "THORN": "\u00DE",
-  "THORN;": "\u00DE",
-  "TRADE;": "\u2122",
-  "TSHcy;": "\u040B",
-  "TScy;": "\u0426",
-  "Tab;": "\u0009",
-  "Tau;": "\u03A4",
-  "Tcaron;": "\u0164",
-  "Tcedil;": "\u0162",
-  "Tcy;": "\u0422",
-  "Tfr;": "\u1D517",
-  "Therefore;": "\u2234",
-  "Theta;": "\u0398",
-  "ThickSpace;": "\u205F\u200A",
-  "ThinSpace;": "\u2009",
-  "Tilde;": "\u223C",
-  "TildeEqual;": "\u2243",
-  "TildeFullEqual;": "\u2245",
-  "TildeTilde;": "\u2248",
-  "Topf;": "\u1D54B",
-  "TripleDot;": "\u20DB",
-  "Tscr;": "\u1D4AF",
-  "Tstrok;": "\u0166",
-  "Uacute": "\u00DA",
-  "Uacute;": "\u00DA",
-  "Uarr;": "\u219F",
-  "Uarrocir;": "\u2949",
-  "Ubrcy;": "\u040E",
-  "Ubreve;": "\u016C",
-  "Ucirc": "\u00DB",
-  "Ucirc;": "\u00DB",
-  "Ucy;": "\u0423",
-  "Udblac;": "\u0170",
-  "Ufr;": "\u1D518",
-  "Ugrave": "\u00D9",
-  "Ugrave;": "\u00D9",
-  "Umacr;": "\u016A",
-  "UnderBar;": "_",
-  "UnderBrace;": "\u23DF",
-  "UnderBracket;": "\u23B5",
-  "UnderParenthesis;": "\u23DD",
-  "Union;": "\u22C3",
-  "UnionPlus;": "\u228E",
-  "Uogon;": "\u0172",
-  "Uopf;": "\u1D54C",
-  "UpArrow;": "\u2191",
-  "UpArrowBar;": "\u2912",
-  "UpArrowDownArrow;": "\u21C5",
-  "UpDownArrow;": "\u2195",
-  "UpEquilibrium;": "\u296E",
-  "UpTee;": "\u22A5",
-  "UpTeeArrow;": "\u21A5",
-  "Uparrow;": "\u21D1",
-  "Updownarrow;": "\u21D5",
-  "UpperLeftArrow;": "\u2196",
-  "UpperRightArrow;": "\u2197",
-  "Upsi;": "\u03D2",
-  "Upsilon;": "\u03A5",
-  "Uring;": "\u016E",
-  "Uscr;": "\u1D4B0",
-  "Utilde;": "\u0168",
-  "Uuml": "\u00DC",
-  "Uuml;": "\u00DC",
-  "VDash;": "\u22AB",
-  "Vbar;": "\u2AEB",
-  "Vcy;": "\u0412",
-  "Vdash;": "\u22A9",
-  "Vdashl;": "\u2AE6",
-  "Vee;": "\u22C1",
-  "Verbar;": "\u2016",
-  "Vert;": "\u2016",
-  "VerticalBar;": "\u2223",
-  "VerticalLine;": "|",
-  "VerticalSeparator;": "\u2758",
-  "VerticalTilde;": "\u2240",
-  "VeryThinSpace;": "\u200A",
-  "Vfr;": "\u1D519",
-  "Vopf;": "\u1D54D",
-  "Vscr;": "\u1D4B1",
-  "Vvdash;": "\u22AA",
-  "Wcirc;": "\u0174",
-  "Wedge;": "\u22C0",
-  "Wfr;": "\u1D51A",
-  "Wopf;": "\u1D54E",
-  "Wscr;": "\u1D4B2",
-  "Xfr;": "\u1D51B",
-  "Xi;": "\u039E",
-  "Xopf;": "\u1D54F",
-  "Xscr;": "\u1D4B3",
-  "YAcy;": "\u042F",
-  "YIcy;": "\u0407",
-  "YUcy;": "\u042E",
-  "Yacute": "\u00DD",
-  "Yacute;": "\u00DD",
-  "Ycirc;": "\u0176",
-  "Ycy;": "\u042B",
-  "Yfr;": "\u1D51C",
-  "Yopf;": "\u1D550",
-  "Yscr;": "\u1D4B4",
-  "Yuml;": "\u0178",
-  "ZHcy;": "\u0416",
-  "Zacute;": "\u0179",
-  "Zcaron;": "\u017D",
-  "Zcy;": "\u0417",
-  "Zdot;": "\u017B",
-  "ZeroWidthSpace;": "\u200B",
-  "Zeta;": "\u0396",
-  "Zfr;": "\u2128",
-  "Zopf;": "\u2124",
-  "Zscr;": "\u1D4B5",
-  "aacute": "\u00E1",
-  "aacute;": "\u00E1",
-  "abreve;": "\u0103",
-  "ac;": "\u223E",
-  "acE;": "\u223E\u0333",
-  "acd;": "\u223F",
-  "acirc": "\u00E2",
-  "acirc;": "\u00E2",
-  "acute": "\u00B4",
-  "acute;": "\u00B4",
-  "acy;": "\u0430",
-  "aelig": "\u00E6",
-  "aelig;": "\u00E6",
-  "af;": "\u2061",
-  "afr;": "\u1D51E",
-  "agrave": "\u00E0",
-  "agrave;": "\u00E0",
-  "alefsym;": "\u2135",
-  "aleph;": "\u2135",
-  "alpha;": "\u03B1",
-  "amacr;": "\u0101",
-  "amalg;": "\u2A3F",
-  "amp": "&",
-  "amp;": "&",
-  "and;": "\u2227",
-  "andand;": "\u2A55",
-  "andd;": "\u2A5C",
-  "andslope;": "\u2A58",
-  "andv;": "\u2A5A",
-  "ang;": "\u2220",
-  "ange;": "\u29A4",
-  "angle;": "\u2220",
-  "angmsd;": "\u2221",
-  "angmsdaa;": "\u29A8",
-  "angmsdab;": "\u29A9",
-  "angmsdac;": "\u29AA",
-  "angmsdad;": "\u29AB",
-  "angmsdae;": "\u29AC",
-  "angmsdaf;": "\u29AD",
-  "angmsdag;": "\u29AE",
-  "angmsdah;": "\u29AF",
-  "angrt;": "\u221F",
-  "angrtvb;": "\u22BE",
-  "angrtvbd;": "\u299D",
-  "angsph;": "\u2222",
-  "angst;": "\u00C5",
-  "angzarr;": "\u237C",
-  "aogon;": "\u0105",
-  "aopf;": "\u1D552",
-  "ap;": "\u2248",
-  "apE;": "\u2A70",
-  "apacir;": "\u2A6F",
-  "ape;": "\u224A",
-  "apid;": "\u224B",
-  "apos;": "\u0027",
-  "approx;": "\u2248",
-  "approxeq;": "\u224A",
-  "aring": "\u00E5",
-  "aring;": "\u00E5",
-  "ascr;": "\u1D4B6",
-  "ast;": "*",
-  "asymp;": "\u2248",
-  "asympeq;": "\u224D",
-  "atilde": "\u00E3",
-  "atilde;": "\u00E3",
-  "auml": "\u00E4",
-  "auml;": "\u00E4",
-  "awconint;": "\u2233",
-  "awint;": "\u2A11",
-  "bNot;": "\u2AED",
-  "backcong;": "\u224C",
-  "backepsilon;": "\u03F6",
-  "backprime;": "\u2035",
-  "backsim;": "\u223D",
-  "backsimeq;": "\u22CD",
-  "barvee;": "\u22BD",
-  "barwed;": "\u2305",
-  "barwedge;": "\u2305",
-  "bbrk;": "\u23B5",
-  "bbrktbrk;": "\u23B6",
-  "bcong;": "\u224C",
-  "bcy;": "\u0431",
-  "bdquo;": "\u201E",
-  "becaus;": "\u2235",
-  "because;": "\u2235",
-  "bemptyv;": "\u29B0",
-  "bepsi;": "\u03F6",
-  "bernou;": "\u212C",
-  "beta;": "\u03B2",
-  "beth;": "\u2136",
-  "between;": "\u226C",
-  "bfr;": "\u1D51F",
-  "bigcap;": "\u22C2",
-  "bigcirc;": "\u25EF",
-  "bigcup;": "\u22C3",
-  "bigodot;": "\u2A00",
-  "bigoplus;": "\u2A01",
-  "bigotimes;": "\u2A02",
-  "bigsqcup;": "\u2A06",
-  "bigstar;": "\u2605",
-  "bigtriangledown;": "\u25BD",
-  "bigtriangleup;": "\u25B3",
-  "biguplus;": "\u2A04",
-  "bigvee;": "\u22C1",
-  "bigwedge;": "\u22C0",
-  "bkarow;": "\u290D",
-  "blacklozenge;": "\u29EB",
-  "blacksquare;": "\u25AA",
-  "blacktriangle;": "\u25B4",
-  "blacktriangledown;": "\u25BE",
-  "blacktriangleleft;": "\u25C2",
-  "blacktriangleright;": "\u25B8",
-  "blank;": "\u2423",
-  "blk12;": "\u2592",
-  "blk14;": "\u2591",
-  "blk34;": "\u2593",
-  "block;": "\u2588",
-  "bne;": "\u003D\u20E5",
-  "bnequiv;": "\u2261\u20E5",
-  "bnot;": "\u2310",
-  "bopf;": "\u1D553",
-  "bot;": "\u22A5",
-  "bottom;": "\u22A5",
-  "bowtie;": "\u22C8",
-  "boxDL;": "\u2557",
-  "boxDR;": "\u2554",
-  "boxDl;": "\u2556",
-  "boxDr;": "\u2553",
-  "boxH;": "\u2550",
-  "boxHD;": "\u2566",
-  "boxHU;": "\u2569",
-  "boxHd;": "\u2564",
-  "boxHu;": "\u2567",
-  "boxUL;": "\u255D",
-  "boxUR;": "\u255A",
-  "boxUl;": "\u255C",
-  "boxUr;": "\u2559",
-  "boxV;": "\u2551",
-  "boxVH;": "\u256C",
-  "boxVL;": "\u2563",
-  "boxVR;": "\u2560",
-  "boxVh;": "\u256B",
-  "boxVl;": "\u2562",
-  "boxVr;": "\u255F",
-  "boxbox;": "\u29C9",
-  "boxdL;": "\u2555",
-  "boxdR;": "\u2552",
-  "boxdl;": "\u2510",
-  "boxdr;": "\u250C",
-  "boxh;": "\u2500",
-  "boxhD;": "\u2565",
-  "boxhU;": "\u2568",
-  "boxhd;": "\u252C",
-  "boxhu;": "\u2534",
-  "boxminus;": "\u229F",
-  "boxplus;": "\u229E",
-  "boxtimes;": "\u22A0",
-  "boxuL;": "\u255B",
-  "boxuR;": "\u2558",
-  "boxul;": "\u2518",
-  "boxur;": "\u2514",
-  "boxv;": "\u2502",
-  "boxvH;": "\u256A",
-  "boxvL;": "\u2561",
-  "boxvR;": "\u255E",
-  "boxvh;": "\u253C",
-  "boxvl;": "\u2524",
-  "boxvr;": "\u251C",
-  "bprime;": "\u2035",
-  "breve;": "\u02D8",
-  "brvbar": "\u00A6",
-  "brvbar;": "\u00A6",
-  "bscr;": "\u1D4B7",
-  "bsemi;": "\u204F",
-  "bsim;": "\u223D",
-  "bsime;": "\u22CD",
-  "bsol;": "\u005C",
-  "bsolb;": "\u29C5",
-  "bsolhsub;": "\u27C8",
-  "bull;": "\u2022",
-  "bullet;": "\u2022",
-  "bump;": "\u224E",
-  "bumpE;": "\u2AAE",
-  "bumpe;": "\u224F",
-  "bumpeq;": "\u224F",
-  "cacute;": "\u0107",
-  "cap;": "\u2229",
-  "capand;": "\u2A44",
-  "capbrcup;": "\u2A49",
-  "capcap;": "\u2A4B",
-  "capcup;": "\u2A47",
-  "capdot;": "\u2A40",
-  "caps;": "\u2229\uFE00",
-  "caret;": "\u2041",
-  "caron;": "\u02C7",
-  "ccaps;": "\u2A4D",
-  "ccaron;": "\u010D",
-  "ccedil": "\u00E7",
-  "ccedil;": "\u00E7",
-  "ccirc;": "\u0109",
-  "ccups;": "\u2A4C",
-  "ccupssm;": "\u2A50",
-  "cdot;": "\u010B",
-  "cedil": "\u00B8",
-  "cedil;": "\u00B8",
-  "cemptyv;": "\u29B2",
-  "cent": "\u00A2",
-  "cent;": "\u00A2",
-  "centerdot;": "\u00B7",
-  "cfr;": "\u1D520",
-  "chcy;": "\u0447",
-  "check;": "\u2713",
-  "checkmark;": "\u2713",
-  "chi;": "\u03C7",
-  "cir;": "\u25CB",
-  "cirE;": "\u29C3",
-  "circ;": "\u02C6",
-  "circeq;": "\u2257",
-  "circlearrowleft;": "\u21BA",
-  "circlearrowright;": "\u21BB",
-  "circledR;": "\u00AE",
-  "circledS;": "\u24C8",
-  "circledast;": "\u229B",
-  "circledcirc;": "\u229A",
-  "circleddash;": "\u229D",
-  "cire;": "\u2257",
-  "cirfnint;": "\u2A10",
-  "cirmid;": "\u2AEF",
-  "cirscir;": "\u29C2",
-  "clubs;": "\u2663",
-  "clubsuit;": "\u2663",
-  "colon;": ":",
-  "colone;": "\u2254",
-  "coloneq;": "\u2254",
-  "comma;": ",",
-  "commat;": "@",
-  "comp;": "\u2201",
-  "compfn;": "\u2218",
-  "complement;": "\u2201",
-  "complexes;": "\u2102",
-  "cong;": "\u2245",
-  "congdot;": "\u2A6D",
-  "conint;": "\u222E",
-  "copf;": "\u1D554",
-  "coprod;": "\u2210",
-  "copy": "\u00A9",
-  "copy;": "\u00A9",
-  "copysr;": "\u2117",
-  "crarr;": "\u21B5",
-  "cross;": "\u2717",
-  "cscr;": "\u1D4B8",
-  "csub;": "\u2ACF",
-  "csube;": "\u2AD1",
-  "csup;": "\u2AD0",
-  "csupe;": "\u2AD2",
-  "ctdot;": "\u22EF",
-  "cudarrl;": "\u2938",
-  "cudarrr;": "\u2935",
-  "cuepr;": "\u22DE",
-  "cuesc;": "\u22DF",
-  "cularr;": "\u21B6",
-  "cularrp;": "\u293D",
-  "cup;": "\u222A",
-  "cupbrcap;": "\u2A48",
-  "cupcap;": "\u2A46",
-  "cupcup;": "\u2A4A",
-  "cupdot;": "\u228D",
-  "cupor;": "\u2A45",
-  "cups;": "\u222A\uFE00",
-  "curarr;": "\u21B7",
-  "curarrm;": "\u293C",
-  "curlyeqprec;": "\u22DE",
-  "curlyeqsucc;": "\u22DF",
-  "curlyvee;": "\u22CE",
-  "curlywedge;": "\u22CF",
-  "curren": "\u00A4",
-  "curren;": "\u00A4",
-  "curvearrowleft;": "\u21B6",
-  "curvearrowright;": "\u21B7",
-  "cuvee;": "\u22CE",
-  "cuwed;": "\u22CF",
-  "cwconint;": "\u2232",
-  "cwint;": "\u2231",
-  "cylcty;": "\u232D",
-  "dArr;": "\u21D3",
-  "dHar;": "\u2965",
-  "dagger;": "\u2020",
-  "daleth;": "\u2138",
-  "darr;": "\u2193",
-  "dash;": "\u2010",
-  "dashv;": "\u22A3",
-  "dbkarow;": "\u290F",
-  "dblac;": "\u02DD",
-  "dcaron;": "\u010F",
-  "dcy;": "\u0434",
-  "dd;": "\u2146",
-  "ddagger;": "\u2021",
-  "ddarr;": "\u21CA",
-  "ddotseq;": "\u2A77",
-  "deg": "\u00B0",
-  "deg;": "\u00B0",
-  "delta;": "\u03B4",
-  "demptyv;": "\u29B1",
-  "dfisht;": "\u297F",
-  "dfr;": "\u1D521",
-  "dharl;": "\u21C3",
-  "dharr;": "\u21C2",
-  "diam;": "\u22C4",
-  "diamond;": "\u22C4",
-  "diamondsuit;": "\u2666",
-  "diams;": "\u2666",
-  "die;": "\u00A8",
-  "digamma;": "\u03DD",
-  "disin;": "\u22F2",
-  "div;": "\u00F7",
-  "divide": "\u00F7",
-  "divide;": "\u00F7",
-  "divideontimes;": "\u22C7",
-  "divonx;": "\u22C7",
-  "djcy;": "\u0452",
-  "dlcorn;": "\u231E",
-  "dlcrop;": "\u230D",
-  "dollar;": "$",
-  "dopf;": "\u1D555",
-  "dot;": "\u02D9",
-  "doteq;": "\u2250",
-  "doteqdot;": "\u2251",
-  "dotminus;": "\u2238",
-  "dotplus;": "\u2214",
-  "dotsquare;": "\u22A1",
-  "doublebarwedge;": "\u2306",
-  "downarrow;": "\u2193",
-  "downdownarrows;": "\u21CA",
-  "downharpoonleft;": "\u21C3",
-  "downharpoonright;": "\u21C2",
-  "drbkarow;": "\u2910",
-  "drcorn;": "\u231F",
-  "drcrop;": "\u230C",
-  "dscr;": "\u1D4B9",
-  "dscy;": "\u0455",
-  "dsol;": "\u29F6",
-  "dstrok;": "\u0111",
-  "dtdot;": "\u22F1",
-  "dtri;": "\u25BF",
-  "dtrif;": "\u25BE",
-  "duarr;": "\u21F5",
-  "duhar;": "\u296F",
-  "dwangle;": "\u29A6",
-  "dzcy;": "\u045F",
-  "dzigrarr;": "\u27FF",
-  "eDDot;": "\u2A77",
-  "eDot;": "\u2251",
-  "eacute": "\u00E9",
-  "eacute;": "\u00E9",
-  "easter;": "\u2A6E",
-  "ecaron;": "\u011B",
-  "ecir;": "\u2256",
-  "ecirc": "\u00EA",
-  "ecirc;": "\u00EA",
-  "ecolon;": "\u2255",
-  "ecy;": "\u044D",
-  "edot;": "\u0117",
-  "ee;": "\u2147",
-  "efDot;": "\u2252",
-  "efr;": "\u1D522",
-  "eg;": "\u2A9A",
-  "egrave": "\u00E8",
-  "egrave;": "\u00E8",
-  "egs;": "\u2A96",
-  "egsdot;": "\u2A98",
-  "el;": "\u2A99",
-  "elinters;": "\u23E7",
-  "ell;": "\u2113",
-  "els;": "\u2A95",
-  "elsdot;": "\u2A97",
-  "emacr;": "\u0113",
-  "empty;": "\u2205",
-  "emptyset;": "\u2205",
-  "emptyv;": "\u2205",
-  "emsp13;": "\u2004",
-  "emsp14;": "\u2005",
-  "emsp;": "\u2003",
-  "eng;": "\u014B",
-  "ensp;": "\u2002",
-  "eogon;": "\u0119",
-  "eopf;": "\u1D556",
-  "epar;": "\u22D5",
-  "eparsl;": "\u29E3",
-  "eplus;": "\u2A71",
-  "epsi;": "\u03B5",
-  "epsilon;": "\u03B5",
-  "epsiv;": "\u03F5",
-  "eqcirc;": "\u2256",
-  "eqcolon;": "\u2255",
-  "eqsim;": "\u2242",
-  "eqslantgtr;": "\u2A96",
-  "eqslantless;": "\u2A95",
-  "equals;": "=",
-  "equest;": "\u225F",
-  "equiv;": "\u2261",
-  "equivDD;": "\u2A78",
-  "eqvparsl;": "\u29E5",
-  "erDot;": "\u2253",
-  "erarr;": "\u2971",
-  "escr;": "\u212F",
-  "esdot;": "\u2250",
-  "esim;": "\u2242",
-  "eta;": "\u03B7",
-  "eth": "\u00F0",
-  "eth;": "\u00F0",
-  "euml": "\u00EB",
-  "euml;": "\u00EB",
-  "euro;": "\u20AC",
-  "excl;": "!",
-  "exist;": "\u2203",
-  "expectation;": "\u2130",
-  "exponentiale;": "\u2147",
-  "fallingdotseq;": "\u2252",
-  "fcy;": "\u0444",
-  "female;": "\u2640",
-  "ffilig;": "\uFB03",
-  "fflig;": "\uFB00",
-  "ffllig;": "\uFB04",
-  "ffr;": "\u1D523",
-  "filig;": "\uFB01",
-  "fjlig;": "\u0066",
-  "flat;": "\u266D",
-  "fllig;": "\uFB02",
-  "fltns;": "\u25B1",
-  "fnof;": "\u0192",
-  "fopf;": "\u1D557",
-  "forall;": "\u2200",
-  "fork;": "\u22D4",
-  "forkv;": "\u2AD9",
-  "fpartint;": "\u2A0D",
-  "frac12": "\u00BD",
-  "frac12;": "\u00BD",
-  "frac13;": "\u2153",
-  "frac14": "\u00BC",
-  "frac14;": "\u00BC",
-  "frac15;": "\u2155",
-  "frac16;": "\u2159",
-  "frac18;": "\u215B",
-  "frac23;": "\u2154",
-  "frac25;": "\u2156",
-  "frac34": "\u00BE",
-  "frac34;": "\u00BE",
-  "frac35;": "\u2157",
-  "frac38;": "\u215C",
-  "frac45;": "\u2158",
-  "frac56;": "\u215A",
-  "frac58;": "\u215D",
-  "frac78;": "\u215E",
-  "frasl;": "\u2044",
-  "frown;": "\u2322",
-  "fscr;": "\u1D4BB",
-  "gE;": "\u2267",
-  "gEl;": "\u2A8C",
-  "gacute;": "\u01F5",
-  "gamma;": "\u03B3",
-  "gammad;": "\u03DD",
-  "gap;": "\u2A86",
-  "gbreve;": "\u011F",
-  "gcirc;": "\u011D",
-  "gcy;": "\u0433",
-  "gdot;": "\u0121",
-  "ge;": "\u2265",
-  "gel;": "\u22DB",
-  "geq;": "\u2265",
-  "geqq;": "\u2267",
-  "geqslant;": "\u2A7E",
-  "ges;": "\u2A7E",
-  "gescc;": "\u2AA9",
-  "gesdot;": "\u2A80",
-  "gesdoto;": "\u2A82",
-  "gesdotol;": "\u2A84",
-  "gesl;": "\u22DB\uFE00",
-  "gesles;": "\u2A94",
-  "gfr;": "\u1D524",
-  "gg;": "\u226B",
-  "ggg;": "\u22D9",
-  "gimel;": "\u2137",
-  "gjcy;": "\u0453",
-  "gl;": "\u2277",
-  "glE;": "\u2A92",
-  "gla;": "\u2AA5",
-  "glj;": "\u2AA4",
-  "gnE;": "\u2269",
-  "gnap;": "\u2A8A",
-  "gnapprox;": "\u2A8A",
-  "gne;": "\u2A88",
-  "gneq;": "\u2A88",
-  "gneqq;": "\u2269",
-  "gnsim;": "\u22E7",
-  "gopf;": "\u1D558",
-  "grave;": "`",
-  "gscr;": "\u210A",
-  "gsim;": "\u2273",
-  "gsime;": "\u2A8E",
-  "gsiml;": "\u2A90",
-  "gt": ">",
-  "gt;": ">",
-  "gtcc;": "\u2AA7",
-  "gtcir;": "\u2A7A",
-  "gtdot;": "\u22D7",
-  "gtlPar;": "\u2995",
-  "gtquest;": "\u2A7C",
-  "gtrapprox;": "\u2A86",
-  "gtrarr;": "\u2978",
-  "gtrdot;": "\u22D7",
-  "gtreqless;": "\u22DB",
-  "gtreqqless;": "\u2A8C",
-  "gtrless;": "\u2277",
-  "gtrsim;": "\u2273",
-  "gvertneqq;": "\u2269\uFE00",
-  "gvnE;": "\u2269\uFE00",
-  "hArr;": "\u21D4",
-  "hairsp;": "\u200A",
-  "half;": "\u00BD",
-  "hamilt;": "\u210B",
-  "hardcy;": "\u044A",
-  "harr;": "\u2194",
-  "harrcir;": "\u2948",
-  "harrw;": "\u21AD",
-  "hbar;": "\u210F",
-  "hcirc;": "\u0125",
-  "hearts;": "\u2665",
-  "heartsuit;": "\u2665",
-  "hellip;": "\u2026",
-  "hercon;": "\u22B9",
-  "hfr;": "\u1D525",
-  "hksearow;": "\u2925",
-  "hkswarow;": "\u2926",
-  "hoarr;": "\u21FF",
-  "homtht;": "\u223B",
-  "hookleftarrow;": "\u21A9",
-  "hookrightarrow;": "\u21AA",
-  "hopf;": "\u1D559",
-  "horbar;": "\u2015",
-  "hscr;": "\u1D4BD",
-  "hslash;": "\u210F",
-  "hstrok;": "\u0127",
-  "hybull;": "\u2043",
-  "hyphen;": "\u2010",
-  "iacute": "\u00ED",
-  "iacute;": "\u00ED",
-  "ic;": "\u2063",
-  "icirc": "\u00EE",
-  "icirc;": "\u00EE",
-  "icy;": "\u0438",
-  "iecy;": "\u0435",
-  "iexcl": "\u00A1",
-  "iexcl;": "\u00A1",
-  "iff;": "\u21D4",
-  "ifr;": "\u1D526",
-  "igrave": "\u00EC",
-  "igrave;": "\u00EC",
-  "ii;": "\u2148",
-  "iiiint;": "\u2A0C",
-  "iiint;": "\u222D",
-  "iinfin;": "\u29DC",
-  "iiota;": "\u2129",
-  "ijlig;": "\u0133",
-  "imacr;": "\u012B",
-  "image;": "\u2111",
-  "imagline;": "\u2110",
-  "imagpart;": "\u2111",
-  "imath;": "\u0131",
-  "imof;": "\u22B7",
-  "imped;": "\u01B5",
-  "in;": "\u2208",
-  "incare;": "\u2105",
-  "infin;": "\u221E",
-  "infintie;": "\u29DD",
-  "inodot;": "\u0131",
-  "int;": "\u222B",
-  "intcal;": "\u22BA",
-  "integers;": "\u2124",
-  "intercal;": "\u22BA",
-  "intlarhk;": "\u2A17",
-  "intprod;": "\u2A3C",
-  "iocy;": "\u0451",
-  "iogon;": "\u012F",
-  "iopf;": "\u1D55A",
-  "iota;": "\u03B9",
-  "iprod;": "\u2A3C",
-  "iquest": "\u00BF",
-  "iquest;": "\u00BF",
-  "iscr;": "\u1D4BE",
-  "isin;": "\u2208",
-  "isinE;": "\u22F9",
-  "isindot;": "\u22F5",
-  "isins;": "\u22F4",
-  "isinsv;": "\u22F3",
-  "isinv;": "\u2208",
-  "it;": "\u2062",
-  "itilde;": "\u0129",
-  "iukcy;": "\u0456",
-  "iuml": "\u00EF",
-  "iuml;": "\u00EF",
-  "jcirc;": "\u0135",
-  "jcy;": "\u0439",
-  "jfr;": "\u1D527",
-  "jmath;": "\u0237",
-  "jopf;": "\u1D55B",
-  "jscr;": "\u1D4BF",
-  "jsercy;": "\u0458",
-  "jukcy;": "\u0454",
-  "kappa;": "\u03BA",
-  "kappav;": "\u03F0",
-  "kcedil;": "\u0137",
-  "kcy;": "\u043A",
-  "kfr;": "\u1D528",
-  "kgreen;": "\u0138",
-  "khcy;": "\u0445",
-  "kjcy;": "\u045C",
-  "kopf;": "\u1D55C",
-  "kscr;": "\u1D4C0",
-  "lAarr;": "\u21DA",
-  "lArr;": "\u21D0",
-  "lAtail;": "\u291B",
-  "lBarr;": "\u290E",
-  "lE;": "\u2266",
-  "lEg;": "\u2A8B",
-  "lHar;": "\u2962",
-  "lacute;": "\u013A",
-  "laemptyv;": "\u29B4",
-  "lagran;": "\u2112",
-  "lambda;": "\u03BB",
-  "lang;": "\u27E8",
-  "langd;": "\u2991",
-  "langle;": "\u27E8",
-  "lap;": "\u2A85",
-  "laquo": "\u00AB",
-  "laquo;": "\u00AB",
-  "larr;": "\u2190",
-  "larrb;": "\u21E4",
-  "larrbfs;": "\u291F",
-  "larrfs;": "\u291D",
-  "larrhk;": "\u21A9",
-  "larrlp;": "\u21AB",
-  "larrpl;": "\u2939",
-  "larrsim;": "\u2973",
-  "larrtl;": "\u21A2",
-  "lat;": "\u2AAB",
-  "latail;": "\u2919",
-  "late;": "\u2AAD",
-  "lates;": "\u2AAD\uFE00",
-  "lbarr;": "\u290C",
-  "lbbrk;": "\u2772",
-  "lbrace;": "{",
-  "lbrack;": "[",
-  "lbrke;": "\u298B",
-  "lbrksld;": "\u298F",
-  "lbrkslu;": "\u298D",
-  "lcaron;": "\u013E",
-  "lcedil;": "\u013C",
-  "lceil;": "\u2308",
-  "lcub;": "{",
-  "lcy;": "\u043B",
-  "ldca;": "\u2936",
-  "ldquo;": "\u201C",
-  "ldquor;": "\u201E",
-  "ldrdhar;": "\u2967",
-  "ldrushar;": "\u294B",
-  "ldsh;": "\u21B2",
-  "le;": "\u2264",
-  "leftarrow;": "\u2190",
-  "leftarrowtail;": "\u21A2",
-  "leftharpoondown;": "\u21BD",
-  "leftharpoonup;": "\u21BC",
-  "leftleftarrows;": "\u21C7",
-  "leftrightarrow;": "\u2194",
-  "leftrightarrows;": "\u21C6",
-  "leftrightharpoons;": "\u21CB",
-  "leftrightsquigarrow;": "\u21AD",
-  "leftthreetimes;": "\u22CB",
-  "leg;": "\u22DA",
-  "leq;": "\u2264",
-  "leqq;": "\u2266",
-  "leqslant;": "\u2A7D",
-  "les;": "\u2A7D",
-  "lescc;": "\u2AA8",
-  "lesdot;": "\u2A7F",
-  "lesdoto;": "\u2A81",
-  "lesdotor;": "\u2A83",
-  "lesg;": "\u22DA\uFE00",
-  "lesges;": "\u2A93",
-  "lessapprox;": "\u2A85",
-  "lessdot;": "\u22D6",
-  "lesseqgtr;": "\u22DA",
-  "lesseqqgtr;": "\u2A8B",
-  "lessgtr;": "\u2276",
-  "lesssim;": "\u2272",
-  "lfisht;": "\u297C",
-  "lfloor;": "\u230A",
-  "lfr;": "\u1D529",
-  "lg;": "\u2276",
-  "lgE;": "\u2A91",
-  "lhard;": "\u21BD",
-  "lharu;": "\u21BC",
-  "lharul;": "\u296A",
-  "lhblk;": "\u2584",
-  "ljcy;": "\u0459",
-  "ll;": "\u226A",
-  "llarr;": "\u21C7",
-  "llcorner;": "\u231E",
-  "llhard;": "\u296B",
-  "lltri;": "\u25FA",
-  "lmidot;": "\u0140",
-  "lmoust;": "\u23B0",
-  "lmoustache;": "\u23B0",
-  "lnE;": "\u2268",
-  "lnap;": "\u2A89",
-  "lnapprox;": "\u2A89",
-  "lne;": "\u2A87",
-  "lneq;": "\u2A87",
-  "lneqq;": "\u2268",
-  "lnsim;": "\u22E6",
-  "loang;": "\u27EC",
-  "loarr;": "\u21FD",
-  "lobrk;": "\u27E6",
-  "longleftarrow;": "\u27F5",
-  "longleftrightarrow;": "\u27F7",
-  "longmapsto;": "\u27FC",
-  "longrightarrow;": "\u27F6",
-  "looparrowleft;": "\u21AB",
-  "looparrowright;": "\u21AC",
-  "lopar;": "\u2985",
-  "lopf;": "\u1D55D",
-  "loplus;": "\u2A2D",
-  "lotimes;": "\u2A34",
-  "lowast;": "\u2217",
-  "lowbar;": "_",
-  "loz;": "\u25CA",
-  "lozenge;": "\u25CA",
-  "lozf;": "\u29EB",
-  "lpar;": "(",
-  "lparlt;": "\u2993",
-  "lrarr;": "\u21C6",
-  "lrcorner;": "\u231F",
-  "lrhar;": "\u21CB",
-  "lrhard;": "\u296D",
-  "lrm;": "\u200E",
-  "lrtri;": "\u22BF",
-  "lsaquo;": "\u2039",
-  "lscr;": "\u1D4C1",
-  "lsh;": "\u21B0",
-  "lsim;": "\u2272",
-  "lsime;": "\u2A8D",
-  "lsimg;": "\u2A8F",
-  "lsqb;": "[",
-  "lsquo;": "\u2018",
-  "lsquor;": "\u201A",
-  "lstrok;": "\u0142",
-  "lt": "<",
-  "lt;": "<",
-  "ltcc;": "\u2AA6",
-  "ltcir;": "\u2A79",
-  "ltdot;": "\u22D6",
-  "lthree;": "\u22CB",
-  "ltimes;": "\u22C9",
-  "ltlarr;": "\u2976",
-  "ltquest;": "\u2A7B",
-  "ltrPar;": "\u2996",
-  "ltri;": "\u25C3",
-  "ltrie;": "\u22B4",
-  "ltrif;": "\u25C2",
-  "lurdshar;": "\u294A",
-  "luruhar;": "\u2966",
-  "lvertneqq;": "\u2268\uFE00",
-  "lvnE;": "\u2268\uFE00",
-  "mDDot;": "\u223A",
-  "macr": "\u00AF",
-  "macr;": "\u00AF",
-  "male;": "\u2642",
-  "malt;": "\u2720",
-  "maltese;": "\u2720",
-  "map;": "\u21A6",
-  "mapsto;": "\u21A6",
-  "mapstodown;": "\u21A7",
-  "mapstoleft;": "\u21A4",
-  "mapstoup;": "\u21A5",
-  "marker;": "\u25AE",
-  "mcomma;": "\u2A29",
-  "mcy;": "\u043C",
-  "mdash;": "\u2014",
-  "measuredangle;": "\u2221",
-  "mfr;": "\u1D52A",
-  "mho;": "\u2127",
-  "micro": "\u00B5",
-  "micro;": "\u00B5",
-  "mid;": "\u2223",
-  "midast;": "*",
-  "midcir;": "\u2AF0",
-  "middot": "\u00B7",
-  "middot;": "\u00B7",
-  "minus;": "\u2212",
-  "minusb;": "\u229F",
-  "minusd;": "\u2238",
-  "minusdu;": "\u2A2A",
-  "mlcp;": "\u2ADB",
-  "mldr;": "\u2026",
-  "mnplus;": "\u2213",
-  "models;": "\u22A7",
-  "mopf;": "\u1D55E",
-  "mp;": "\u2213",
-  "mscr;": "\u1D4C2",
-  "mstpos;": "\u223E",
-  "mu;": "\u03BC",
-  "multimap;": "\u22B8",
-  "mumap;": "\u22B8",
-  "nGg;": "\u22D9\u0338",
-  "nGt;": "\u226B\u20D2",
-  "nGtv;": "\u226B\u0338",
-  "nLeftarrow;": "\u21CD",
-  "nLeftrightarrow;": "\u21CE",
-  "nLl;": "\u22D8\u0338",
-  "nLt;": "\u226A\u20D2",
-  "nLtv;": "\u226A\u0338",
-  "nRightarrow;": "\u21CF",
-  "nVDash;": "\u22AF",
-  "nVdash;": "\u22AE",
-  "nabla;": "\u2207",
-  "nacute;": "\u0144",
-  "nang;": "\u2220\u20D2",
-  "nap;": "\u2249",
-  "napE;": "\u2A70\u0338",
-  "napid;": "\u224B\u0338",
-  "napos;": "\u0149",
-  "napprox;": "\u2249",
-  "natur;": "\u266E",
-  "natural;": "\u266E",
-  "naturals;": "\u2115",
-  "nbsp": "\u00A0",
-  "nbsp;": "\u00A0",
-  "nbump;": "\u224E\u0338",
-  "nbumpe;": "\u224F\u0338",
-  "ncap;": "\u2A43",
-  "ncaron;": "\u0148",
-  "ncedil;": "\u0146",
-  "ncong;": "\u2247\u0338",
-  "ncongdot;": "\u2A6D",
-  "ncup;": "\u2A42",
-  "ncy;": "\u043D",
-  "ndash;": "\u2013",
-  "ne;": "\u2260",
-  "neArr;": "\u21D7",
-  "nearhk;": "\u2924",
-  "nearr;": "\u2197",
-  "nearrow;": "\u2197",
-  "nedot;": "\u2250\u0338",
-  "nequiv;": "\u2262",
-  "nesear;": "\u2928",
-  "nesim;": "\u2242\u0338",
-  "nexist;": "\u2204",
-  "nexists;": "\u2204",
-  "nfr;": "\u1D52B",
-  "ngE;": "\u2267\u0338",
-  "nge;": "\u2271",
-  "ngeq;": "\u2271",
-  "ngeqq;": "\u2267\u0338",
-  "ngeqslant;": "\u2A7E\u0338",
-  "nges;": "\u2A7E\u0338",
-  "ngsim;": "\u2275",
-  "ngt;": "\u226F",
-  "ngtr;": "\u226F",
-  "nhArr;": "\u21CE",
-  "nharr;": "\u21AE",
-  "nhpar;": "\u2AF2",
-  "ni;": "\u220B",
-  "nis;": "\u22FC",
-  "nisd;": "\u22FA",
-  "niv;": "\u220B",
-  "njcy;": "\u045A",
-  "nlArr;": "\u21CD",
-  "nlE;": "\u2266\u0338",
-  "nlarr;": "\u219A",
-  "nldr;": "\u2025",
-  "nle;": "\u2270",
-  "nleftarrow;": "\u219A",
-  "nleftrightarrow;": "\u21AE",
-  "nleq;": "\u2270",
-  "nleqq;": "\u2266\u0338",
-  "nleqslant;": "\u2A7D\u0338",
-  "nles;": "\u2A7D\u0338",
-  "nless;": "\u226E",
-  "nlsim;": "\u2274",
-  "nlt;": "\u226E",
-  "nltri;": "\u22EA",
-  "nltrie;": "\u22EC",
-  "nmid;": "\u2224",
-  "nopf;": "\u1D55F",
-  "not": "\u00AC",
-  "not;": "\u00AC",
-  "notin;": "\u2209",
-  "notinE;": "\u22F9\u0338",
-  "notindot;": "\u22F5\u0338",
-  "notinva;": "\u2209",
-  "notinvb;": "\u22F7",
-  "notinvc;": "\u22F6",
-  "notni;": "\u220C",
-  "notniva;": "\u220C",
-  "notnivb;": "\u22FE",
-  "notnivc;": "\u22FD",
-  "npar;": "\u2226",
-  "nparallel;": "\u2226",
-  "nparsl;": "\u2AFD\u20E5",
-  "npart;": "\u2202\u0338",
-  "npolint;": "\u2A14",
-  "npr;": "\u2280",
-  "nprcue;": "\u22E0",
-  "npre;": "\u2AAF",
-  "nprec;": "\u2280",
-  "npreceq;": "\u2AAF",
-  "nrArr;": "\u21CF",
-  "nrarr;": "\u219B",
-  "nrarrc;": "\u2933\u0338",
-  "nrarrw;": "\u219D\u0338",
-  "nrightarrow;": "\u219B",
-  "nrtri;": "\u22EB",
-  "nrtrie;": "\u22ED",
-  "nsc;": "\u2281",
-  "nsccue;": "\u22E1",
-  "nsce;": "\u2AB0\u0338",
-  "nscr;": "\u1D4C3",
-  "nshortmid;": "\u2224",
-  "nshortparallel;": "\u2226",
-  "nsim;": "\u2241",
-  "nsime;": "\u2244",
-  "nsimeq;": "\u2244",
-  "nsmid;": "\u2224",
-  "nspar;": "\u2226",
-  "nsqsube;": "\u22E2",
-  "nsqsupe;": "\u22E3",
-  "nsub;": "\u2284",
-  "nsubE;": "\u2AC5\u0338",
-  "nsube;": "\u2288",
-  "nsubset;": "\u2282\u0338",
-  "nsubseteq;": "\u2288",
-  "nsubseteqq;": "\u2AC5\u0338",
-  "nsucc;": "\u2281",
-  "nsucceq;": "\u2AB0\u0338",
-  "nsup;": "\u2285",
-  "nsupE;": "\u2AC6",
-  "nsupe;": "\u2289",
-  "nsupset;": "\u2283\u0338",
-  "nsupseteq;": "\u2289",
-  "nsupseteqq;": "\u2AC6\u0338",
-  "ntgl;": "\u2279",
-  "ntilde": "\u00F1",
-  "ntilde;": "\u00F1",
-  "ntlg;": "\u2278",
-  "ntriangleleft;": "\u22EA",
-  "ntrianglelefteq;": "\u22EC",
-  "ntriangleright;": "\u22EB",
-  "ntrianglerighteq;": "\u22ED",
-  "nu;": "\u03BD",
-  "num;": "#",
-  "numero;": "\u2116",
-  "numsp;": "\u2007",
-  "nvDash;": "\u22AD",
-  "nvHarr;": "\u2904",
-  "nvap;": "\u224D\u20D2",
-  "nvdash;": "\u22AC",
-  "nvge;": "\u2265\u20D2",
-  "nvgt;": "\u003E\u20D2",
-  "nvinfin;": "\u29DE",
-  "nvlArr;": "\u2902",
-  "nvle;": "\u2264\u20D2",
-  "nvlt;": "\u003C\u20D2",
-  "nvltrie;": "\u22B4\u20D2",
-  "nvrArr;": "\u2903",
-  "nvrtrie;": "\u22B5\u20D2",
-  "nvsim;": "\u223C\u20D2",
-  "nwArr;": "\u21D6",
-  "nwarhk;": "\u2923",
-  "nwarr;": "\u2196",
-  "nwarrow;": "\u2196",
-  "nwnear;": "\u2927",
-  "oS;": "\u24C8",
-  "oacute": "\u00F3",
-  "oacute;": "\u00F3",
-  "oast;": "\u229B",
-  "ocir;": "\u229A",
-  "ocirc": "\u00F4",
-  "ocirc;": "\u00F4",
-  "ocy;": "\u043E",
-  "odash;": "\u229D",
-  "odblac;": "\u0151",
-  "odiv;": "\u2A38",
-  "odot;": "\u2299",
-  "odsold;": "\u29BC",
-  "oelig;": "\u0153",
-  "ofcir;": "\u29BF",
-  "ofr;": "\u1D52C",
-  "ogon;": "\u02DB",
-  "ograve": "\u00F2",
-  "ograve;": "\u00F2",
-  "ogt;": "\u29C1",
-  "ohbar;": "\u29B5",
-  "ohm;": "\u03A9",
-  "oint;": "\u222E",
-  "olarr;": "\u21BA",
-  "olcir;": "\u29BE",
-  "olcross;": "\u29BB",
-  "oline;": "\u203E",
-  "olt;": "\u29C0",
-  "omacr;": "\u014D",
-  "omega;": "\u03C9",
-  "omicron;": "\u03BF",
-  "omid;": "\u29B6",
-  "ominus;": "\u2296",
-  "oopf;": "\u1D560",
-  "opar;": "\u29B7",
-  "operp;": "\u29B9",
-  "oplus;": "\u2295",
-  "or;": "\u2228",
-  "orarr;": "\u21BB",
-  "ord;": "\u2A5D",
-  "order;": "\u2134",
-  "orderof;": "\u2134",
-  "ordf": "\u00AA",
-  "ordf;": "\u00AA",
-  "ordm": "\u00BA",
-  "ordm;": "\u00BA",
-  "origof;": "\u22B6",
-  "oror;": "\u2A56",
-  "orslope;": "\u2A57",
-  "orv;": "\u2A5B",
-  "oscr;": "\u2134",
-  "oslash": "\u00F8",
-  "oslash;": "\u00F8",
-  "osol;": "\u2298",
-  "otilde": "\u00F5",
-  "otilde;": "\u00F5",
-  "otimes;": "\u2297",
-  "otimesas;": "\u2A36",
-  "ouml": "\u00F6",
-  "ouml;": "\u00F6",
-  "ovbar;": "\u233D",
-  "par;": "\u2225",
-  "para": "\u00B6",
-  "para;": "\u00B6",
-  "parallel;": "\u2225",
-  "parsim;": "\u2AF3",
-  "parsl;": "\u2AFD",
-  "part;": "\u2202",
-  "pcy;": "\u043F",
-  "percnt;": "%",
-  "period;": ".",
-  "permil;": "\u2030",
-  "perp;": "\u22A5",
-  "pertenk;": "\u2031",
-  "pfr;": "\u1D52D",
-  "phi;": "\u03C6",
-  "phiv;": "\u03D5",
-  "phmmat;": "\u2133",
-  "phone;": "\u260E",
-  "pi;": "\u03C0",
-  "pitchfork;": "\u22D4",
-  "piv;": "\u03D6",
-  "planck;": "\u210F",
-  "planckh;": "\u210E",
-  "plankv;": "\u210F",
-  "plus;": "+",
-  "plusacir;": "\u2A23",
-  "plusb;": "\u229E",
-  "pluscir;": "\u2A22",
-  "plusdo;": "\u2214",
-  "plusdu;": "\u2A25",
-  "pluse;": "\u2A72",
-  "plusmn": "\u00B1",
-  "plusmn;": "\u00B1",
-  "plussim;": "\u2A26",
-  "plustwo;": "\u2A27",
-  "pm;": "\u00B1",
-  "pointint;": "\u2A15",
-  "popf;": "\u1D561",
-  "pound": "\u00A3",
-  "pound;": "\u00A3",
-  "pr;": "\u227A",
-  "prE;": "\u2AB3",
-  "prap;": "\u2AB7",
-  "prcue;": "\u227C",
-  "pre;": "\u2AAF",
-  "prec;": "\u227A",
-  "precapprox;": "\u2AB7",
-  "preccurlyeq;": "\u227C",
-  "preceq;": "\u2AAF",
-  "precnapprox;": "\u2AB9",
-  "precneqq;": "\u2AB5",
-  "precnsim;": "\u22E8",
-  "precsim;": "\u227E",
-  "prime;": "\u2032",
-  "primes;": "\u2119",
-  "prnE;": "\u2AB5",
-  "prnap;": "\u2AB9",
-  "prnsim;": "\u22E8",
-  "prod;": "\u220F",
-  "profalar;": "\u232E",
-  "profline;": "\u2312",
-  "profsurf;": "\u2313",
-  "prop;": "\u221D",
-  "propto;": "\u221D",
-  "prsim;": "\u227E",
-  "prurel;": "\u22B0",
-  "pscr;": "\u1D4C5",
-  "psi;": "\u03C8",
-  "puncsp;": "\u2008",
-  "qfr;": "\u1D52E",
-  "qint;": "\u2A0C",
-  "qopf;": "\u1D562",
-  "qprime;": "\u2057",
-  "qscr;": "\u1D4C6",
-  "quaternions;": "\u210D",
-  "quatint;": "\u2A16",
-  "quest;": "?",
-  "questeq;": "\u225F",
-  "quot": "\u0022",
-  "quot;": "\u0022",
-  "rAarr;": "\u21DB",
-  "rArr;": "\u21D2",
-  "rAtail;": "\u291C",
-  "rBarr;": "\u290F",
-  "rHar;": "\u2964",
-  "race;": "\u223D\u0331",
-  "racute;": "\u0155",
-  "radic;": "\u221A",
-  "raemptyv;": "\u29B3",
-  "rang;": "\u27E9",
-  "rangd;": "\u2992",
-  "range;": "\u29A5",
-  "rangle;": "\u27E9",
-  "raquo": "\u00BB",
-  "raquo;": "\u00BB",
-  "rarr;": "\u2192",
-  "rarrap;": "\u2975",
-  "rarrb;": "\u21E5",
-  "rarrbfs;": "\u2920",
-  "rarrc;": "\u2933",
-  "rarrfs;": "\u291E",
-  "rarrhk;": "\u21AA",
-  "rarrlp;": "\u21AC",
-  "rarrpl;": "\u2945",
-  "rarrsim;": "\u2974",
-  "rarrtl;": "\u21A3",
-  "rarrw;": "\u219D",
-  "ratail;": "\u291A",
-  "ratio;": "\u2236",
-  "rationals;": "\u211A",
-  "rbarr;": "\u290D",
-  "rbbrk;": "\u2773",
-  "rbrace;": "}",
-  "rbrack;": "]",
-  "rbrke;": "\u298C",
-  "rbrksld;": "\u298E",
-  "rbrkslu;": "\u2990",
-  "rcaron;": "\u0159",
-  "rcedil;": "\u0157",
-  "rceil;": "\u2309",
-  "rcub;": "}",
-  "rcy;": "\u0440",
-  "rdca;": "\u2937",
-  "rdldhar;": "\u2969",
-  "rdquo;": "\u201D",
-  "rdquor;": "\u201D",
-  "rdsh;": "\u21B3",
-  "real;": "\u211C",
-  "realine;": "\u211B",
-  "realpart;": "\u211C",
-  "reals;": "\u211D",
-  "rect;": "\u25AD",
-  "reg": "\u00AE",
-  "reg;": "\u00AE",
-  "rfisht;": "\u297D",
-  "rfloor;": "\u230B",
-  "rfr;": "\u1D52F",
-  "rhard;": "\u21C1",
-  "rharu;": "\u21C0",
-  "rharul;": "\u296C",
-  "rho;": "\u03C1",
-  "rhov;": "\u03F1",
-  "rightarrow;": "\u2192",
-  "rightarrowtail;": "\u21A3",
-  "rightharpoondown;": "\u21C1",
-  "rightharpoonup;": "\u21C0",
-  "rightleftarrows;": "\u21C4",
-  "rightleftharpoons;": "\u21CC",
-  "rightrightarrows;": "\u21C9",
-  "rightsquigarrow;": "\u219D",
-  "rightthreetimes;": "\u22CC",
-  "ring;": "\u02DA",
-  "risingdotseq;": "\u2253",
-  "rlarr;": "\u21C4",
-  "rlhar;": "\u21CC",
-  "rlm;": "\u200F",
-  "rmoust;": "\u23B1",
-  "rmoustache;": "\u23B1",
-  "rnmid;": "\u2AEE",
-  "roang;": "\u27ED",
-  "roarr;": "\u21FE",
-  "robrk;": "\u27E7",
-  "ropar;": "\u2986",
-  "ropf;": "\u1D563",
-  "roplus;": "\u2A2E",
-  "rotimes;": "\u2A35",
-  "rpar;": ")",
-  "rpargt;": "\u2994",
-  "rppolint;": "\u2A12",
-  "rrarr;": "\u21C9",
-  "rsaquo;": "\u203A",
-  "rscr;": "\u1D4C7",
-  "rsh;": "\u21B1",
-  "rsqb;": "]",
-  "rsquo;": "\u2019",
-  "rsquor;": "\u2019",
-  "rthree;": "\u22CC",
-  "rtimes;": "\u22CA",
-  "rtri;": "\u25B9",
-  "rtrie;": "\u22B5",
-  "rtrif;": "\u25B8",
-  "rtriltri;": "\u29CE",
-  "ruluhar;": "\u2968",
-  "rx;": "\u211E",
-  "sacute;": "\u015B",
-  "sbquo;": "\u201A",
-  "sc;": "\u227B",
-  "scE;": "\u2AB4",
-  "scap;": "\u2AB8",
-  "scaron;": "\u0161",
-  "sccue;": "\u227D",
-  "sce;": "\u2AB0",
-  "scedil;": "\u015F",
-  "scirc;": "\u015D",
-  "scnE;": "\u2AB6",
-  "scnap;": "\u2ABA",
-  "scnsim;": "\u22E9",
-  "scpolint;": "\u2A13",
-  "scsim;": "\u227F",
-  "scy;": "\u0441",
-  "sdot;": "\u22C5",
-  "sdotb;": "\u22A1",
-  "sdote;": "\u2A66",
-  "seArr;": "\u21D8",
-  "searhk;": "\u2925",
-  "searr;": "\u2198",
-  "searrow;": "\u2198",
-  "sect": "\u00A7",
-  "sect;": "\u00A7",
-  "semi;": ";",
-  "seswar;": "\u2929",
-  "setminus;": "\u2216",
-  "setmn;": "\u2216",
-  "sext;": "\u2736",
-  "sfr;": "\u1D530",
-  "sfrown;": "\u2322",
-  "sharp;": "\u266F",
-  "shchcy;": "\u0449",
-  "shcy;": "\u0448",
-  "shortmid;": "\u2223",
-  "shortparallel;": "\u2225",
-  "shy": "\u00AD",
-  "shy;": "\u00AD",
-  "sigma;": "\u03C3",
-  "sigmaf;": "\u03C2",
-  "sigmav;": "\u03C2",
-  "sim;": "\u223C",
-  "simdot;": "\u2A6A",
-  "sime;": "\u2243",
-  "simeq;": "\u2243",
-  "simg;": "\u2A9E",
-  "simgE;": "\u2AA0",
-  "siml;": "\u2A9D",
-  "simlE;": "\u2A9F",
-  "simne;": "\u2246",
-  "simplus;": "\u2A24",
-  "simrarr;": "\u2972",
-  "slarr;": "\u2190",
-  "smallsetminus;": "\u2216",
-  "smashp;": "\u2A33",
-  "smeparsl;": "\u29E4",
-  "smid;": "\u2223",
-  "smile;": "\u2323",
-  "smt;": "\u2AAA",
-  "smte;": "\u2AAC",
-  "smtes;": "\u2AAC\uFE00",
-  "softcy;": "\u044C",
-  "sol;": "/",
-  "solb;": "\u29C4",
-  "solbar;": "\u233F",
-  "sopf;": "\u1D564",
-  "spades;": "\u2660",
-  "spadesuit;": "\u2660",
-  "spar;": "\u2225",
-  "sqcap;": "\u2293",
-  "sqcaps;": "\u2293\uFE00",
-  "sqcup;": "\u2294",
-  "sqcups;": "\u2294\uFE00",
-  "sqsub;": "\u228F",
-  "sqsube;": "\u2291",
-  "sqsubset;": "\u228F",
-  "sqsubseteq;": "\u2291",
-  "sqsup;": "\u2290",
-  "sqsupe;": "\u2292",
-  "sqsupset;": "\u2290",
-  "sqsupseteq;": "\u2292",
-  "squ;": "\u25A1",
-  "square;": "\u25A1",
-  "squarf;": "\u25AA",
-  "squf;": "\u25AA",
-  "srarr;": "\u2192",
-  "sscr;": "\u1D4C8",
-  "ssetmn;": "\u2216",
-  "ssmile;": "\u2323",
-  "sstarf;": "\u22C6",
-  "star;": "\u2606",
-  "starf;": "\u2605",
-  "straightepsilon;": "\u03F5",
-  "straightphi;": "\u03D5",
-  "strns;": "\u00AF",
-  "sub;": "\u2282",
-  "subE;": "\u2AC5",
-  "subdot;": "\u2ABD",
-  "sube;": "\u2286",
-  "subedot;": "\u2AC3",
-  "submult;": "\u2AC1",
-  "subnE;": "\u2ACB",
-  "subne;": "\u228A",
-  "subplus;": "\u2ABF",
-  "subrarr;": "\u2979",
-  "subset;": "\u2282",
-  "subseteq;": "\u2286",
-  "subseteqq;": "\u2AC5",
-  "subsetneq;": "\u228A",
-  "subsetneqq;": "\u2ACB",
-  "subsim;": "\u2AC7",
-  "subsub;": "\u2AD5",
-  "subsup;": "\u2AD3",
-  "succ;": "\u227B",
-  "succapprox;": "\u2AB8",
-  "succcurlyeq;": "\u227D",
-  "succeq;": "\u2AB0",
-  "succnapprox;": "\u2ABA",
-  "succneqq;": "\u2AB6",
-  "succnsim;": "\u22E9",
-  "succsim;": "\u227F",
-  "sum;": "\u2211",
-  "sung;": "\u266A",
-  "sup1": "\u00B9",
-  "sup1;": "\u00B9",
-  "sup2": "\u00B2",
-  "sup2;": "\u00B2",
-  "sup3": "\u00B3",
-  "sup3;": "\u00B3",
-  "sup;": "\u2283",
-  "supE;": "\u2AC6",
-  "supdot;": "\u2ABE",
-  "supdsub;": "\u2AD8",
-  "supe;": "\u2287",
-  "supedot;": "\u2AC4",
-  "suphsol;": "\u27C9",
-  "suphsub;": "\u2AD7",
-  "suplarr;": "\u297B",
-  "supmult;": "\u2AC2",
-  "supnE;": "\u2ACC",
-  "supne;": "\u228B",
-  "supplus;": "\u2AC0",
-  "supset;": "\u2283",
-  "supseteq;": "\u2287",
-  "supseteqq;": "\u2AC6",
-  "supsetneq;": "\u228B",
-  "supsetneqq;": "\u2ACC",
-  "supsim;": "\u2AC8",
-  "supsub;": "\u2AD4",
-  "supsup;": "\u2AD6",
-  "swArr;": "\u21D9",
-  "swarhk;": "\u2926",
-  "swarr;": "\u2199",
-  "swarrow;": "\u2199",
-  "swnwar;": "\u292A",
-  "szlig": "\u00DF",
-  "szlig;": "\u00DF",
-  "target;": "\u2316",
-  "tau;": "\u03C4",
-  "tbrk;": "\u23B4",
-  "tcaron;": "\u0165",
-  "tcedil;": "\u0163",
-  "tcy;": "\u0442",
-  "tdot;": "\u20DB",
-  "telrec;": "\u2315",
-  "tfr;": "\u1D531",
-  "there4;": "\u2234",
-  "therefore;": "\u2234",
-  "theta;": "\u03B8",
-  "thetasym;": "\u03D1",
-  "thetav;": "\u03D1",
-  "thickapprox;": "\u2248",
-  "thicksim;": "\u223C",
-  "thinsp;": "\u2009",
-  "thkap;": "\u2248",
-  "thksim;": "\u223C",
-  "thorn": "\u00FE",
-  "thorn;": "\u00FE",
-  "tilde;": "\u02DC",
-  "times": "\u00D7",
-  "times;": "\u00D7",
-  "timesb;": "\u22A0",
-  "timesbar;": "\u2A31",
-  "timesd;": "\u2A30",
-  "tint;": "\u222D",
-  "toea;": "\u2928",
-  "top;": "\u22A4",
-  "topbot;": "\u2336",
-  "topcir;": "\u2AF1",
-  "topf;": "\u1D565",
-  "topfork;": "\u2ADA",
-  "tosa;": "\u2929",
-  "tprime;": "\u2034",
-  "trade;": "\u2122",
-  "triangle;": "\u25B5",
-  "triangledown;": "\u25BF",
-  "triangleleft;": "\u25C3",
-  "trianglelefteq;": "\u22B4",
-  "triangleq;": "\u225C",
-  "triangleright;": "\u25B9",
-  "trianglerighteq;": "\u22B5",
-  "tridot;": "\u25EC",
-  "trie;": "\u225C",
-  "triminus;": "\u2A3A",
-  "triplus;": "\u2A39",
-  "trisb;": "\u29CD",
-  "tritime;": "\u2A3B",
-  "trpezium;": "\u23E2",
-  "tscr;": "\u1D4C9",
-  "tscy;": "\u0446",
-  "tshcy;": "\u045B",
-  "tstrok;": "\u0167",
-  "twixt;": "\u226C",
-  "twoheadleftarrow;": "\u219E",
-  "twoheadrightarrow;": "\u21A0",
-  "uArr;": "\u21D1",
-  "uHar;": "\u2963",
-  "uacute": "\u00FA",
-  "uacute;": "\u00FA",
-  "uarr;": "\u2191",
-  "ubrcy;": "\u045E",
-  "ubreve;": "\u016D",
-  "ucirc": "\u00FB",
-  "ucirc;": "\u00FB",
-  "ucy;": "\u0443",
-  "udarr;": "\u21C5",
-  "udblac;": "\u0171",
-  "udhar;": "\u296E",
-  "ufisht;": "\u297E",
-  "ufr;": "\u1D532",
-  "ugrave": "\u00F9",
-  "ugrave;": "\u00F9",
-  "uharl;": "\u21BF",
-  "uharr;": "\u21BE",
-  "uhblk;": "\u2580",
-  "ulcorn;": "\u231C",
-  "ulcorner;": "\u231C",
-  "ulcrop;": "\u230F",
-  "ultri;": "\u25F8",
-  "umacr;": "\u016B",
-  "uml": "\u00A8",
-  "uml;": "\u00A8",
-  "uogon;": "\u0173",
-  "uopf;": "\u1D566",
-  "uparrow;": "\u2191",
-  "updownarrow;": "\u2195",
-  "upharpoonleft;": "\u21BF",
-  "upharpoonright;": "\u21BE",
-  "uplus;": "\u228E",
-  "upsi;": "\u03C5",
-  "upsih;": "\u03D2",
-  "upsilon;": "\u03C5",
-  "upuparrows;": "\u21C8",
-  "urcorn;": "\u231D",
-  "urcorner;": "\u231D",
-  "urcrop;": "\u230E",
-  "uring;": "\u016F",
-  "urtri;": "\u25F9",
-  "uscr;": "\u1D4CA",
-  "utdot;": "\u22F0",
-  "utilde;": "\u0169",
-  "utri;": "\u25B5",
-  "utrif;": "\u25B4",
-  "uuarr;": "\u21C8",
-  "uuml": "\u00FC",
-  "uuml;": "\u00FC",
-  "uwangle;": "\u29A7",
-  "vArr;": "\u21D5",
-  "vBar;": "\u2AE8",
-  "vBarv;": "\u2AE9",
-  "vDash;": "\u22A8",
-  "vangrt;": "\u299C",
-  "varepsilon;": "\u03F5",
-  "varkappa;": "\u03F0",
-  "varnothing;": "\u2205",
-  "varphi;": "\u03D5",
-  "varpi;": "\u03D6",
-  "varpropto;": "\u221D",
-  "varr;": "\u2195",
-  "varrho;": "\u03F1",
-  "varsigma;": "\u03C2",
-  "varsubsetneq;": "\u228A\uFE00",
-  "varsubsetneqq;": "\u2ACB\uFE00",
-  "varsupsetneq;": "\u228B\uFE00",
-  "varsupsetneqq;": "\u2ACC\uFE00",
-  "vartheta;": "\u03D1",
-  "vartriangleleft;": "\u22B2",
-  "vartriangleright;": "\u22B3",
-  "vcy;": "\u0432",
-  "vdash;": "\u22A2",
-  "vee;": "\u2228",
-  "veebar;": "\u22BB",
-  "veeeq;": "\u225A",
-  "vellip;": "\u22EE",
-  "verbar;": "|",
-  "vert;": "|",
-  "vfr;": "\u1D533",
-  "vltri;": "\u22B2",
-  "vnsub;": "\u2282\u20D2",
-  "vnsup;": "\u2283\u20D2",
-  "vopf;": "\u1D567",
-  "vprop;": "\u221D",
-  "vrtri;": "\u22B3",
-  "vscr;": "\u1D4CB",
-  "vsubnE;": "\u2ACB\uFE00",
-  "vsubne;": "\u228A\uFE00",
-  "vsupnE;": "\u2ACC\uFE00",
-  "vsupne;": "\u228B\uFE00",
-  "vzigzag;": "\u299A",
-  "wcirc;": "\u0175",
-  "wedbar;": "\u2A5F",
-  "wedge;": "\u2227",
-  "wedgeq;": "\u2259",
-  "weierp;": "\u2118",
-  "wfr;": "\u1D534",
-  "wopf;": "\u1D568",
-  "wp;": "\u2118",
-  "wr;": "\u2240",
-  "wreath;": "\u2240",
-  "wscr;": "\u1D4CC",
-  "xcap;": "\u22C2",
-  "xcirc;": "\u25EF",
-  "xcup;": "\u22C3",
-  "xdtri;": "\u25BD",
-  "xfr;": "\u1D535",
-  "xhArr;": "\u27FA",
-  "xharr;": "\u27F7",
-  "xi;": "\u03BE",
-  "xlArr;": "\u27F8",
-  "xlarr;": "\u27F5",
-  "xmap;": "\u27FC",
-  "xnis;": "\u22FB",
-  "xodot;": "\u2A00",
-  "xopf;": "\u1D569",
-  "xoplus;": "\u2A01",
-  "xotime;": "\u2A02",
-  "xrArr;": "\u27F9",
-  "xrarr;": "\u27F6",
-  "xscr;": "\u1D4CD",
-  "xsqcup;": "\u2A06",
-  "xuplus;": "\u2A04",
-  "xutri;": "\u25B3",
-  "xvee;": "\u22C1",
-  "xwedge;": "\u22C0",
-  "yacute": "\u00FD",
-  "yacute;": "\u00FD",
-  "yacy;": "\u044F",
-  "ycirc;": "\u0177",
-  "ycy;": "\u044B",
-  "yen": "\u00A5",
-  "yen;": "\u00A5",
-  "yfr;": "\u1D536",
-  "yicy;": "\u0457",
-  "yopf;": "\u1D56A",
-  "yscr;": "\u1D4CE",
-  "yucy;": "\u044E",
-  "yuml": "\u00FF",
-  "yuml;": "\u00FF",
-  "zacute;": "\u017A",
-  "zcaron;": "\u017E",
-  "zcy;": "\u0437",
-  "zdot;": "\u017C",
-  "zeetrf;": "\u2128",
-  "zeta;": "\u03B6",
-  "zfr;": "\u1D537",
-  "zhcy;": "\u0436",
-  "zigrarr;": "\u21DD",
-  "zopf;": "\u1D56B",
-  "zscr;": "\u1D4CF",
-  "zwj;": "\u200D",
-  "zwnj;": "\u200C"
-};
diff --git a/packages/html5-tokenizer/events.js b/packages/html5-tokenizer/events.js
deleted file mode 100644
index c36adf7842..0000000000
--- a/packages/html5-tokenizer/events.js
+++ /dev/null
@@ -1,23 +0,0 @@
-// dgreenspan's minimal implementation of events.EventEmitter
-
-toyevents = {
-  EventEmitter: function EventEmitter() {
-    this._listeners = {};
-  }
-};
-
-toyevents.EventEmitter.prototype.addListener = function (type, f) {
-  if (! f)
-    return;
-  this._listeners[type] = this._listeners[type] || [];
-  this._listeners[type].push(f);
-};
-
-toyevents.EventEmitter.prototype.emit = function (type, data) {
-  var funcs = this._listeners[type];
-  if (! funcs)
-    return;
-
-  for (var i = 0, f; f = funcs[i]; i++)
-    f(data);
-};
diff --git a/packages/html5-tokenizer/html5_tokenizer.js b/packages/html5-tokenizer/html5_tokenizer.js
deleted file mode 100644
index b63944d6df..0000000000
--- a/packages/html5-tokenizer/html5_tokenizer.js
+++ /dev/null
@@ -1,28 +0,0 @@
-HTML5Tokenizer = {
-  tokenize: function (inputString) {
-    var tokens = [];
-    var tokenizer = new HTML5.Tokenizer(inputString);
-    tokenizer.addListener('token', function (tok) {
-      tokens.push(tok);
-    });
-    tokenizer.tokenize();
-    return tokens;
-  }
-  // Incremental tokenization turns out not to be useful
-  // for inspecting intermediate tokenizer state, just
-  // for async streaming.
-  //
-  // tokenizeIncremental: function (tokenFunc) {
-  //   var emitter = new toyevents.EventEmitter();
-  //   var tokenizer = new HTML5.Tokenizer(emitter);
-  //   tokenizer.addListener('token', tokenFunc);
-  //   return {
-  //     add: function (str) {
-  //       emitter.emit('data', str);
-  //     },
-  //     finish: function () {
-  //       emitter.emit('end');
-  //     }
-  //   };
-  // }
-};
diff --git a/packages/html5-tokenizer/package.js b/packages/html5-tokenizer/package.js
deleted file mode 100644
index d3d690f12b..0000000000
--- a/packages/html5-tokenizer/package.js
+++ /dev/null
@@ -1,16 +0,0 @@
-Package.describe({
-  summary: "HTML5 tokenizer"
-});
-
-Package.on_use(function (api) {
-  api.export('HTML5Tokenizer');
-  api.add_files(['entities.js', 'constants.js', 'buffer.js',
-                 'events.js', 'tokenizer.js',
-                 'html5_tokenizer.js']);
-});
-
-Package.on_test(function (api) {
-  api.use('html5-tokenizer');
-  api.use('tinytest');
-  api.add_files('tokenizer_tests.js', ['server']);
-});
diff --git a/packages/html5-tokenizer/tokenizer.js b/packages/html5-tokenizer/tokenizer.js
deleted file mode 100644
index 64d2668b35..0000000000
--- a/packages/html5-tokenizer/tokenizer.js
+++ /dev/null
@@ -1,965 +0,0 @@
-var Models = HTML5.Models;
-var events = toyevents;
-
-function keys(h) {
-  var r = [];
-  for(var k in h) {
-    r.push(k);
-  }
-  return r;
-}
-
-var last = function (array) {
-  return array[array.length - 1];
-};
-
-HTML5.debug = function () {};
-
-var ENTITY_KEYS = keys(HTML5.ENTITIES);
-
-var t = HTML5.Tokenizer = function HTML5Tokenizer(input, document, tree) {
-  var state;
-  var buffer = new HTML5.Buffer();
-  var escapeFlag = false;
-  var lastFourChars = '';
-  var current_token = null;
-  var script_buffer = null;
-  var content_model = Models.PCDATA;
-  var source;
-
-  tree = tree || {open_elements: []};
-
-  function data_state(buffer) {
-    var c = buffer.char();
-    if (c !== HTML5.EOF && (content_model == Models.CDATA || content_model == Models.RCDATA || content_model == Models.SCRIPT_CDATA)) {
-      lastFourChars += c;
-      if (lastFourChars.length >= 4) {
-	lastFourChars = lastFourChars.substr(-4);
-      }
-    }
-
-    if (content_model == Models.SCRIPT_CDATA) {
-      if (script_buffer === null) {
-	script_buffer = '';
-      }
-    }
-
-    if (c === HTML5.EOF) {
-      emitToken(HTML5.EOF_TOK);
-      buffer.commit();
-      return false;
-    } else if (c === '\0' && (content_model == Models.SCRIPT_CDATA || content_model == Models.PLAINTEXT || content_model == Models.RAWTEXT || content_model == Models.RCDATA)) {
-      emitToken({type: 'Characters', data: "\ufffd"});
-      buffer.commit();
-    } else if (c == '&' && (content_model == Models.PCDATA || content_model == Models.RCDATA) && !escapeFlag) {
-      newState(entity_data_state);
-    } else if (c == '-' && (content_model == Models.CDATA || content_model == Models.RCDATA || content_model == Models.SCRIPT_CDATA) && !escapeFlag && lastFourChars == '<!--') {
-      escapeFlag = true;
-      emitToken({type: 'Characters', data: c});
-      buffer.commit();
-    } else if (c == '<' && !escapeFlag && (content_model == Models.PCDATA || content_model == Models.RCDATA || content_model == Models.CDATA || content_model == Models.SCRIPT_CDATA)) {
-      newState(tag_open_state);
-    } else if (c == '>' && escapeFlag && (content_model == Models.CDATA || content_model == Models.RCDATA || content_model == Models.SCRIPT_CDATA) && lastFourChars.match(/-->$/)) {
-      escapeFlag = false;
-      emitToken({type: 'Characters', data: c});
-      buffer.commit();
-    } else if (HTML5.SPACE_CHARACTERS_R.test(c)) {
-      emitToken({type: 'SpaceCharacters', data: c + buffer.matchWhile(HTML5.SPACE_CHARACTERS)});
-      buffer.commit();
-    } else {
-      var o = buffer.matchUntil("[&<>-]");
-      if (o !== HTML5.EOF) {
-	c = c + o;
-      }
-      emitToken({type: 'Characters', data: c});
-      lastFourChars += c;
-      lastFourChars = lastFourChars.slice(-4);
-      buffer.commit();
-    }
-    return true;
-  }
-
-  var entity_data_state = function entity_data_state(buffer) {
-    var entity = consume_entity(buffer);
-    if (entity) {
-      emitToken({type: 'Characters', data: entity});
-    } else {
-      emitToken({type: 'Characters', data: '&'});
-    }
-    newState(data_state);
-    return true;
-  };
-
-  this.tokenize = function() {
-    if (this.pump) this.pump();
-  };
-
-  var emitToken = function emitToken(tok) {
-    tok = normalize_token(tok);
-    if (content_model == Models.SCRIPT_CDATA && (tok.type == 'Characters' || tok.type == 'SpaceCharacters') && !buffer.eof) {
-      HTML5.debug('tokenizer.addScriptData', tok);
-      script_buffer += tok.data;
-    } else {
-      HTML5.debug('tokenizer.token', tok);
-      this.emit('token', tok);
-    }
-  }.bind(this);
-
-  function consume_entity(buffer, from_attr) {
-    var char = null;
-    var chars = buffer.char();
-    var c;
-    if (chars === HTML5.EOF) return false;
-    if (chars.match(HTML5.SPACE_CHARACTERS) || chars == '<' || chars == '&') {
-      buffer.unget(chars);
-    } else if (chars[0] == '#') { // Maybe a numeric entity
-      c = buffer.shift(2);
-      if (c === HTML5.EOF) {
-	buffer.unget(chars);
-	return false;
-      }
-      chars += c;
-      if (chars[1] && chars[1].toLowerCase() == 'x' && HTML5.HEX_DIGITS_R.test(chars[2])) {
-	// Hex entity
-	buffer.unget(chars[2]);
-	char = consume_numeric_entity(buffer, true);
-      } else if (chars[1] && HTML5.DIGITS_R.test(chars[1])) {
-	// Decimal entity
-	buffer.unget(chars.slice(1));
-	char = consume_numeric_entity(buffer, false);
-      } else {
-	// Not numeric
-	buffer.unget(chars);
-	parse_error("expected-numeric-entity");
-      }
-    } else {
-      var filteredEntityList = ENTITY_KEYS.filter(function(e) {
-	return e[0] == chars[0];
-      });
-      var entityName = null;
-      var matches = function(e) {
-	return e.indexOf(chars) === 0;
-      };
-      while(true) {
-	if (filteredEntityList.some(matches)) {
-	  filteredEntityList = filteredEntityList.filter(matches);
-	  c = buffer.char();
-	  if (c !== HTML5.EOF) {
-	    chars += c;
-	  } else {
-	    break;
-	  }
-	} else {
-	  break;
-	}
-
-	if (HTML5.ENTITIES[chars]) {
-	  entityName = chars;
-	  if (entityName[entityName.length - 1] == ';') break;
-	}
-      }
-
-      if (entityName) {
-	char = HTML5.ENTITIES[entityName];
-
-	if (entityName[entityName.length - 1] != ';' && this.from_attribute && (HTML5.ASCII_LETTERS_R.test(chars.substr(entityName.length, 1) || HTML5.DIGITS.test(chars.substr(entityName.length, 1))))) {
-	  buffer.unget(chars);
-	  char = '&';
-	} else {
-	  buffer.unget(chars.slice(entityName.length));
-	}
-      } else {
-	parse_error("expected-named-entity");
-	buffer.unget(chars);
-      }
-    }
-
-    return char;
-  }
-
-  function replaceEntityNumbers(c) {
-    switch(c) {
-    case 0x00: return 0xFFFD; // REPLACEMENT CHARACTER
-    case 0x13: return 0x0010; // Carriage return
-    case 0x80: return 0x20AC; // EURO SIGN
-    case 0x81: return 0x0081; // <control>
-    case 0x82: return 0x201A; // SINGLE LOW-9 QUOTATION MARK
-    case 0x83: return 0x0192; // LATIN SMALL LETTER F WITH HOOK
-    case 0x84: return 0x201E; // DOUBLE LOW-9 QUOTATION MARK
-    case 0x85: return 0x2026; // HORIZONTAL ELLIPSIS
-    case 0x86: return 0x2020; // DAGGER
-    case 0x87: return 0x2021; // DOUBLE DAGGER
-    case 0x88: return 0x02C6; // MODIFIER LETTER CIRCUMFLEX ACCENT
-    case 0x89: return 0x2030; // PER MILLE SIGN
-    case 0x8A: return 0x0160; // LATIN CAPITAL LETTER S WITH CARON
-    case 0x8B: return 0x2039; // SINGLE LEFT-POINTING ANGLE QUOTATION MARK
-    case 0x8C: return 0x0152; // LATIN CAPITAL LIGATURE OE
-    case 0x8D: return 0x008D; // <control>
-    case 0x8E: return 0x017D; // LATIN CAPITAL LETTER Z WITH CARON
-    case 0x8F: return 0x008F; // <control>
-    case 0x90: return 0x0090; // <control>
-    case 0x91: return 0x2018; // LEFT SINGLE QUOTATION MARK
-    case 0x92: return 0x2019; // RIGHT SINGLE QUOTATION MARK
-    case 0x93: return 0x201C; // LEFT DOUBLE QUOTATION MARK
-    case 0x94: return 0x201D; // RIGHT DOUBLE QUOTATION MARK
-    case 0x95: return 0x2022; // BULLET
-    case 0x96: return 0x2013; // EN DASH
-    case 0x97: return 0x2014; // EM DASH
-    case 0x98: return 0x02DC; // SMALL TILDE
-    case 0x99: return 0x2122; // TRADE MARK SIGN
-    case 0x9A: return 0x0161; // LATIN SMALL LETTER S WITH CARON
-    case 0x9B: return 0x203A; // SINGLE RIGHT-POINTING ANGLE QUOTATION MARK
-    case 0x9C: return 0x0153; // LATIN SMALL LIGATURE OE
-    case 0x9D: return 0x009D; // <control>
-    case 0x9E: return 0x017E; // LATIN SMALL LETTER Z WITH CARON
-    case 0x9F: return 0x0178; // LATIN CAPITAL LETTER Y WITH DIAERESIS
-    default:
-      if ((c >= 0xD800 && c <= 0xDFFF) || c >= 0x10FFFF) { /// @todo. The spec says > 0x10FFFF, not >=. Section 8.2.4.69.
-	return 0xFFFD;
-      } else if ((c >= 0x0001 && c <= 0x0008) || (c >= 0x000E && c <= 0x001F) ||
-		 (c >= 0x007F && c <= 0x009F) || (c >= 0xFDD0 && c <= 0xFDEF) ||
-		 c == 0x000B || c == 0xFFFE || c == 0x1FFFE || c == 0x2FFFFE ||
-		 c == 0x2FFFF || c == 0x3FFFE || c == 0x3FFFF || c == 0x4FFFE ||
-		 c == 0x4FFFF || c == 0x5FFFE || c == 0x5FFFF || c == 0x6FFFE ||
-		 c == 0x6FFFF || c == 0x7FFFE || c == 0x7FFFF || c == 0x8FFFE ||
-		 c == 0x8FFFF || c == 0x9FFFE || c == 0x9FFFF || c == 0xAFFFE ||
-		 c == 0xAFFFF || c == 0xBFFFE || c == 0xBFFFF || c == 0xCFFFE ||
-		 c == 0xCFFFF || c == 0xDFFFE || c == 0xDFFFF || c == 0xEFFFE ||
-		 c == 0xEFFFF || c == 0xFFFFE || c == 0xFFFFF || c == 0x10FFFE ||
-		 c == 0x10FFFF) {
-	return c;
-      }
-    }
-  }
-
-  function consume_numeric_entity(buffer, hex) {
-    var allowed, radix;
-    if (hex) {
-      allowed = HTML5.HEX_DIGITS_R;
-      radix = 16;
-    } else {
-      allowed = HTML5.DIGITS_R;
-      radix = 10;
-    }
-
-    var chars = '';
-
-    var c = buffer.char();
-    while(c !== HTML5.EOF && allowed.test(c)) {
-      chars = chars + c;
-      c = buffer.char();
-    }
-
-    var charAsInt = parseInt(chars, radix);
-
-    var replacement = replaceEntityNumbers(charAsInt);
-    if (replacement) {
-      parse_error("invalid-numeric-entity-replaced", {old: charAsInt, 'new': replacement});
-      charAsInt = replacement;
-    }
-
-    var char = String.fromCharCode(charAsInt);
-    /*if (charAsInt <= 0x10FFFF && !(charAsInt >= 0xD800 && charAsInt <= 0xDFFF)) {
-     } else {
-     char = String.fromCharCode(0xFFFD);
-     parse_error("cant-convert-numeric-entity");
-     } */
-
-    if (c !== ';') {
-      parse_error("numeric-entity-without-semicolon");
-      buffer.unget(c);
-    }
-
-    return char;
-  }
-
-  function process_entity_in_attribute(buffer) {
-    var entity = consume_entity(buffer);
-    if (entity) {
-      last(current_token.data).nodeValue += entity;
-    } else {
-      last(current_token.data).nodeValue += '&';
-    }
-  }
-
-  function process_solidus_in_tag(buffer) {
-    var data = buffer.peek(1);
-    if (current_token.type == 'StartTag' && data == '>') {
-      current_token.type = 'EmptyTag';
-      return true;
-    } else {
-      parse_error("incorrectly-placed-solidus");
-      return false;
-    }
-  }
-
-  function tag_open_state(buffer) {
-    var data = buffer.char();
-    if (content_model == Models.PCDATA) {
-      if (data === HTML5.EOF) {
-	parse_error("bare-less-than-sign-at-eof");
-	emitToken({type: 'Characters', data: '<'});
-	newState(data_state);
-      } else if (data !== HTML5.EOF && HTML5.ASCII_LETTERS_R.test(data)) {
-	current_token = {type: 'StartTag', name: data, data: []};
-	newState(tag_name_state);
-      } else if (data == '!') {
-	newState(markup_declaration_open_state);
-      } else if (data == '/') {
-	newState(close_tag_open_state);
-      } else if (data == '>') {
-	// XXX In theory it could be something besides a tag name. But
-	// do we really care?
-	parse_error("expected-tag-name-but-got-right-bracket");
-	emitToken({type: 'Characters', data: "<>"});
-	newState(data_state);
-      } else if (data == '?') {
-	// XXX In theory it could be something besides a tag name. But
-	// do we really care?
-	parse_error("expected-tag-name-but-got-question-mark");
-	buffer.unget(data);
-	newState(bogus_comment_state);
-      } else {
-	// XXX
-	parse_error("expected-tag-name");
-	emitToken({type: 'Characters', data: "<"});
-	buffer.unget(data);
-	newState(data_state);
-      }
-    } else {
-      // We know the content model flag is set to either RCDATA or CDATA or SCRIPT_CDATA
-      // now because this state can never be entered with the PLAINTEXT
-      // flag.
-      if (data === '/') {
-	newState(close_tag_open_state);
-      } else {
-	emitToken({type: 'Characters', data: "<"});
-	buffer.unget(data);
-	newState(data_state);
-      }
-    }
-    return true;
-  }
-
-  function close_tag_open_state(buffer) {
-    if (content_model == Models.RCDATA || content_model == Models.CDATA || content_model == Models.SCRIPT_CDATA) {
-      var chars = '';
-      if (current_token) {
-	for(var i = 0; i <= current_token.name.length; i++) {
-	  var c = buffer.char();
-	  if (c === HTML5.EOF) break;
-	  chars += c;
-	}
-	buffer.unget(chars);
-      }
-
-      if (current_token &&
-	  current_token.name.toLowerCase() == chars.slice(0, current_token.name.length).toLowerCase() &&
-	  (chars.length > current_token.name.length ? new RegExp('[' + HTML5.SPACE_CHARACTERS_IN + '></\0]').test(chars.substr(-1)) : true)
-	 ) {
-	   content_model = Models.PCDATA;
-	 } else {
-	   emitToken({type: 'Characters', data: '</'});
-	   newState(data_state);
-	   return true;
-	 }
-    }
-
-    var data = buffer.char();
-    if (data === HTML5.EOF) {
-      parse_error("expected-closing-tag-but-got-eof");
-      emitToken({type: 'Characters', data: '</'});
-      buffer.unget(data);
-      newState(data_state);
-    } else if (HTML5.ASCII_LETTERS_R.test(data)) {
-      current_token = {type: 'EndTag', name: data, data: []};
-      newState(tag_name_state);
-    } else if (data == '>') {
-      parse_error("expected-closing-tag-but-got-right-bracket");
-      newState(data_state);
-    } else {
-      parse_error("expected-closing-tag-but-got-char", {data: data}); // param 1 is datavars:
-      buffer.unget(data);
-      newState(bogus_comment_state);
-    }
-    return true;
-  }
-
-  function tag_name_state(buffer) {
-    var data = buffer.char();
-    if (data === HTML5.EOF) {
-      parse_error('eof-in-tag-name');
-      emit_current_token();
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(before_attribute_name_state);
-    } else if (HTML5.ASCII_LETTERS_R.test(data)) {
-      var c = buffer.matchWhile(HTML5.ASCII_LETTERS);
-      if (c !== HTML5.EOF) {
-	current_token.name += data + c;
-      } else {
-	current_token.name += data;
-	buffer.unget(c);
-	newState(data_state);
-      }
-    } else if (data == '>') {
-      emit_current_token();
-    } else if (data == '/') {
-      process_solidus_in_tag(buffer);
-      newState(self_closing_tag_state);
-    } else {
-      current_token.name += data;
-    }
-    buffer.commit();
-
-    return true;
-  }
-
-  function before_attribute_name_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("expected-attribute-name-but-got-eof");
-      emit_current_token();
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      buffer.matchWhile(HTML5.SPACE_CHARACTERS);
-    } else if (HTML5.ASCII_LETTERS_R.test(data)) {
-      current_token.data.push({nodeName: data, nodeValue: ""});
-      newState(attribute_name_state);
-    } else if (data == '>') {
-      emit_current_token();
-    } else if (data == '/') {
-      newState(self_closing_tag_state);
-    } else if (data == "'" || data == '"' || data == '=') {
-      parse_error("invalid-character-in-attribute-name");
-      current_token.data.push({nodeName: data, nodeValue: ""});
-      newState(attribute_name_state);
-    } else {
-      current_token.data.push({nodeName: data, nodeValue: ""});
-      newState(attribute_name_state);
-    }
-    return true;
-  }
-
-  function attribute_name_state(buffer) {
-    var data = buffer.shift(1);
-    var leavingThisState = true;
-    var emitToken = false;
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-attribute-name");
-      newState(data_state);
-      emitToken = true;
-    } else if (data == '=') {
-      newState(before_attribute_value_state);
-    } else if (HTML5.ASCII_LETTERS_R.test(data)) {
-      last(current_token.data).nodeName += data + buffer.matchWhile(HTML5.ASCII_LETTERS);
-      leavingThisState = false;
-    } else if (data == '>') {
-      // XXX If we emit here the attributes are converted to a dict
-      // without being checked and when the code below runs we error
-      // because data is a dict not a list
-      emitToken = true;
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(after_attribute_name_state);
-    } else if (data == '/') {
-      if (!process_solidus_in_tag(buffer)) {
-	newState(before_attribute_name_state);
-      }
-    } else if (data == "'" || data == '"') {
-      parse_error("invalid-character-in-attribute-name");
-      last(current_token.data).nodeName += data;
-      leavingThisState = false;
-    } else {
-      last(current_token.data).nodeName += data;
-      leavingThisState = false;
-    }
-
-    if (leavingThisState) {
-      // Attributes are not dropped at this stage. That happens when the
-      // start tag token is emitted so values can still be safely appended
-      // to attributes, but we do want to report the parse error in time.
-      if (this.lowercase_attr_name) {
-	last(current_token.data).nodeName = last(current_token.data).nodeName.toLowerCase();
-      }
-      for (var k in current_token.data.slice(0, -1)) {
-	// FIXME this is a fucking mess.
-	if (current_token.data.slice(-1)[0] == current_token.data.slice(0, -1)[k].name) {
-	  parse_error("duplicate-attribute");
-	  break; // Don't emit more than one of these errors
-	}
-      }
-      if (emitToken) emit_current_token();
-    } else {
-      buffer.commit();
-    }
-    return true;
-  }
-
-  function after_attribute_name_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("expected-end-of-tag-but-got-eof");
-      emit_current_token();
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      buffer.matchWhile(HTML5.SPACE_CHARACTERS);
-    } else if (data == '=') {
-      newState(before_attribute_value_state);
-    } else if (data == '>') {
-      emit_current_token();
-    } else if (HTML5.ASCII_LETTERS_R.test(data)) {
-      current_token.data.push({nodeName: data, nodeValue: ""});
-      newState(attribute_name_state);
-    } else if (data == '/') {
-      newState(self_closing_tag_state);
-    } else {
-      current_token.data.push({nodeName: data, nodeValue: ""});
-      newState(attribute_name_state);
-    }
-    return true;
-  }
-
-  function before_attribute_value_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("expected-attribute-value-but-got-eof");
-      emit_current_token();
-      newState(attribute_value_unquoted_state);
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      buffer.matchWhile(HTML5.SPACE_CHARACTERS);
-    } else if (data == '"') {
-      newState(attribute_value_double_quoted_state);
-    } else if (data == '&') {
-      newState(attribute_value_unquoted_state);
-      buffer.unget(data);
-    } else if (data == "'") {
-      newState(attribute_value_single_quoted_state);
-    } else if (data == '>') {
-      emit_current_token();
-    } else if (data == '=') {
-      parse_error("equals-in-unquoted-attribute-value");
-      last(current_token.data).nodeValue += data;
-      newState(attribute_value_unquoted_state);
-    } else {
-      last(current_token.data).nodeValue += data;
-      newState(attribute_value_unquoted_state);
-    }
-
-    return true;
-  }
-
-  function attribute_value_double_quoted_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-attribute-value-double-quote");
-      newState(data_state);
-    } else if (data == '"') {
-      newState(after_attribute_value_state);
-    } else if (data == '&') {
-      process_entity_in_attribute(buffer);
-    } else {
-      var s = buffer.matchUntil('["&]');
-      if (s !== HTML5.EOF) data = data + s;
-      last(current_token.data).nodeValue += data;
-    }
-    return true;
-  }
-
-  function attribute_value_single_quoted_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-attribute-value-single-quote");
-      emit_current_token();
-    } else if (data == "'") {
-      newState(after_attribute_value_state);
-    } else if (data == '&') {
-      process_entity_in_attribute(buffer);
-    } else {
-      last(current_token.data).nodeValue += data + buffer.matchUntil("['&]");
-    }
-    return true;
-  }
-
-  function attribute_value_unquoted_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-attribute-value-no-quotes");
-      buffer.commit();
-      emit_current_token();
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(before_attribute_name_state);
-    } else if (data == '&') {
-      process_entity_in_attribute(buffer);
-    } else if (data == '>') {
-      emit_current_token();
-    } else if (data == '"' || data == "'" || data == '=') {
-      parse_error("unexpected-character-in-unquoted-attribute-value");
-      last(current_token.data).nodeValue += data;
-    } else {
-      var o = buffer.matchUntil("["+ HTML5.SPACE_CHARACTERS_IN + '&<>' +"]");
-      if (o === HTML5.EOF) {
-	parse_error("eof-in-attribute-value-no-quotes");
-	emit_current_token();
-      }
-      // Commit here since this state is re-enterable and its outcome won't change with more data.
-      buffer.commit();
-      last(current_token.data).nodeValue += data + o;
-    }
-    return true;
-  }
-
-  function after_attribute_value_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error( "unexpected-EOF-after-attribute-value");
-      emit_current_token();
-      buffer.unget(data);
-      newState(data_state);
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(before_attribute_name_state);
-    } else if (data == '>') {
-      emit_current_token();
-      newState(data_state);
-    } else if (data == '/') {
-      newState(self_closing_tag_state);
-    } else {
-      emitToken({type: 'ParseError', data: "unexpected-character-after-attribute-value"});
-      buffer.unget(data);
-      newState(before_attribute_name_state);
-    }
-    return true;
-  }
-
-  function self_closing_tag_state(buffer) {
-    var c = buffer.shift(1);
-    if (c === HTML5.EOF) {
-      parse_error("eof-in-tag-name");
-      buffer.unget(c);
-      newState(data_state);
-    } else if (c == '>') {
-      current_token.self_closing = true;
-      emit_current_token();
-      newState(data_state);
-    } else {
-      parse_error("expected-self-closing-tag");
-      buffer.unget(c);
-      newState(before_attribute_name_state);
-    }
-    return true;
-  }
-
-  function bogus_comment_state(buffer) {
-    var s = buffer.matchUntil('>');
-    if (s === HTML5.EOF) {
-      s = '';
-    }
-    var tok = {type: 'Comment', data: s};
-    buffer.char();
-    emitToken(tok);
-    newState(data_state);
-    return true;
-  }
-
-  function markup_declaration_open_state(buffer) {
-    var chars = buffer.shift(2);
-    if (chars === '--') {
-      current_token = {type: 'Comment', data: ''};
-      newState(comment_start_state);
-    } else {
-      var newchars = buffer.shift(5);
-      if (newchars === HTML5.EOF || chars === HTML5.EOF) {
-	parse_error("expected-dashes-or-doctype");
-	newState(bogus_comment_state);
-	buffer.unget(chars);
-	return true;
-      }
-
-      chars += newchars;
-      if (chars.toUpperCase() == 'DOCTYPE') {
-	current_token = {type: 'Doctype', name: '', publicId: null, systemId: null, correct: true};
-	newState(doctype_state);
-      } else if (last(tree.open_elements) && last(tree.open_elements).namespace && chars == '[CDATA[') {
-	newState(cdata_section_state);
-      } else {
-	parse_error("expected-dashes-or-doctype");
-	buffer.unget(chars);
-	newState(bogus_comment_state);
-      }
-    }
-    return true;
-  }
-
-  function cdata_section_state(buffer) {
-    var data = buffer.matchUntil(/\]\]>/);
-    var slice;
-    if (/\]\]>$/.match(data)) {
-      slice = 4;
-    } else {
-      slice = 0;
-    }
-
-    emitToken({type: 'Characters', data: data.slice(0, data.length - slice)});
-    newState(data_state);
-  }
-
-  function comment_start_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-comment");
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '-') {
-      newState(comment_start_dash_state);
-    } else if (data == '>') {
-      parse_error("incorrect comment");
-      emitToken(current_token);
-      newState(data_state);
-    } else {
-      current_token.data += data + buffer.matchUntil('-');
-      newState(comment_state);
-    }
-    return true;
-  }
-
-  function comment_start_dash_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-comment");
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '-') {
-      newState(comment_end_state);
-    } else if (data == '>') {
-      parse_error("incorrect-comment");
-      emitToken(current_token);
-      newState(data_state);
-    } else {
-      var s = buffer.matchUntil('-');
-      if (s !== HTML5.EOF) data = data + s;
-      current_token.data += '-' + data;
-      newState(comment_state);
-    }
-    return true;
-  }
-
-  function comment_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-comment");
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '-') {
-      newState(comment_end_dash_state);
-    } else {
-      current_token.data += data + buffer.matchUntil('-');
-    }
-    return true;
-  }
-
-  function comment_end_dash_state(buffer) {
-    var data = buffer.char();
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-comment-end-dash");
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '-') {
-      newState(comment_end_state);
-    } else {
-      current_token.data += '-' + data + buffer.matchUntil('-');
-      // Consume the next character which is either a "-" or an :EOF as
-      // well so if there's a "-" directly after the "-" we go nicely to
-      // the "comment end state" without emitting a ParseError there.
-      buffer.char();
-    }
-    return true;
-  }
-
-  function comment_end_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("eof-in-comment-double-dash");
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '>') {
-      emitToken(current_token);
-      newState(data_state);
-    } else if (data == '-') {
-      parse_error("unexpected-dash-after-double-dash-in-comment");
-      current_token.data += data;
-    } else {
-      // XXX
-      parse_error("unexpected-char-in-comment");
-      current_token.data += '--' + data;
-      newState(comment_state);
-    }
-    return true;
-  }
-
-  function doctype_state(buffer) {
-    var data = buffer.shift(1);
-    if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(before_doctype_name_state);
-    } else {
-      parse_error("need-space-after-doctype");
-      buffer.unget(data);
-      newState(before_doctype_name_state);
-    }
-    return true;
-  }
-
-  function before_doctype_name_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      parse_error("expected-doctype-name-but-got-eof");
-      current_token.correct = false;
-      emit_current_token();
-      newState(data_state);
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-    } else if (data == '>') {
-      parse_error("expected-doctype-name-but-got-right-bracket");
-      current_token.correct = false;
-      emit_current_token();
-      newState(data_state);
-    } else {
-      current_token.name = data.toLowerCase();
-      newState(doctype_name_state);
-    }
-    return true;
-  }
-
-  function doctype_name_state(buffer) {
-    var data = buffer.shift(1);
-    if (data === HTML5.EOF) {
-      current_token.correct = false;
-      buffer.unget(data);
-      parse_error("eof-in-doctype");
-      emit_current_token();
-      newState(data_state);
-    } else if (HTML5.SPACE_CHARACTERS_R.test(data)) {
-      newState(bogus_doctype_state);
-    } else if (data == '>') {
-      emit_current_token();
-      newState(data_state);
-    } else {
-      current_token.name += data.toLowerCase();
-    }
-    buffer.commit();
-    return true;
-  }
-
-  function bogus_doctype_state(buffer) {
-    var data = buffer.shift(1);
-    current_token.correct = false;
-    if (data === HTML5.EOF) {
-      throw(new Error("Unimplemented!"));
-    } else if (data == '>') {
-      emit_current_token();
-      newState(data_state);
-    }
-    return true;
-  }
-
-  function parse_error(message, context) {
-    emitToken({type: 'ParseError', data: message});
-    HTML5.debug('tokenizer.parseError', message, context);
-  }
-
-  function emit_current_token() {
-    var tok = current_token;
-    switch(tok.type) {
-    case 'StartTag':
-    case 'EndTag':
-    case 'EmptyTag':
-      if (tok.type == 'EndTag' && tok.self_closing) {
-	parse_error('self-closing-end-tag');
-      }
-      break;
-    }
-    if (current_token.name.toLowerCase() == "script" && tok.type == 'EndTag' && script_buffer) {
-      emitToken({ type: 'Characters', data: script_buffer });
-      script_buffer = null;
-    }
-    emitToken(tok);
-    newState(data_state);
-  }
-
-  function normalize_token(token) {
-    if (token.type == 'EmptyTag') {
-      if (HTML5.VOID_ELEMENTS.indexOf(token.name) == -1) {
-	parse_error('incorrectly-placed-solidus');
-      }
-      token.type = 'StartTag';
-    }
-
-    if (token.type == 'StartTag') {
-      token.name = token.name.toLowerCase();
-      if (token.data.length !== 0) {
-	var data = {};
-	// the first value for each key wins
-	token.data.reverse();
-	token.data.forEach(function(e) {
-	  data[e.nodeName.toLowerCase()] = e.nodeValue;
-	});
-	token.data = [];
-	for(var k in data) {
-	  token.data.push({nodeName: k, nodeValue: data[k]});
-	}
-	// restore original attribute order
-	token.data.reverse();
-      }
-    } else if (token.type == 'EndTag') {
-      if (token.data.length !== 0) parse_error('attributes-in-end-tag');
-      token.name = token.name.toLowerCase();
-    }
-
-    return token;
-  }
-
-  if (typeof input === 'undefined') throw(new Error("No input given"));
-  this.document = document;
-  this.__defineSetter__('content_model', function(model) {
-    HTML5.debug('tokenizer.content_model=', model);
-    content_model = model;
-  });
-  this.__defineGetter__('content_model', function() {
-    return content_model;
-  });
-  function newState(newstate) {
-    HTML5.debug('tokenizer.state=', newstate.name);
-    state = newstate;
-    buffer.commit();
-  }
-
-  newState(data_state);
-
-  if (input instanceof events.EventEmitter) {
-    source = input;
-    this.pump = null;
-  } else {
-    source = new events.EventEmitter();
-    this.pump = function() {
-      source.emit('data', input);
-      source.emit('end');
-    };
-  }
-
-  source.addListener('data', function(data) {
-    if (typeof data !== 'string') data = data.toString();
-    buffer.append(data);
-    try {
-      while(state(buffer));
-    } catch(e) {
-      if (e != HTML5.DRAIN) {
-	throw(e);
-      } else {
-	HTML5.debug('tokenizer.drain', 'Drain');
-	buffer.undo();
-      }
-    }
-  });
-  source.addListener('end', function() {
-    buffer.eof = true;
-    while(state(buffer));
-    this.emit('end');
-  }.bind(this));
-
-};
-
-t.prototype = new events.EventEmitter();
diff --git a/packages/html5-tokenizer/tokenizer_tests.js b/packages/html5-tokenizer/tokenizer_tests.js
deleted file mode 100644
index d71d5b3edd..0000000000
--- a/packages/html5-tokenizer/tokenizer_tests.js
+++ /dev/null
@@ -1,36 +0,0 @@
-Tinytest.add("html5-tokenizer - basic", function (test) {
-
-  var run = function (input, expectedTokens) {
-    test.equal(HTML5Tokenizer.tokenize(input),
-               expectedTokens);
-  };
-
-  run('<p>foo',
-      [ { type: 'StartTag', name: 'p', data: [] },
-        { type: 'Characters', data: 'foo' },
-        { type: 'EOF', data: 'End of File' } ]);
-
-  run('<!DOCTYPE html>',
-      [ { type: 'Doctype', name: 'html', correct: true,
-          publicId: null, systemId: null },
-        { type: 'EOF', data: 'End of File' } ]);
-
-  run('<a b c=d> </a>',
-      [ { type: 'StartTag', name: 'a',
-          data: [{nodeName: 'b', nodeValue: ''},
-                 {nodeName: 'c', nodeValue: 'd'}] },
-        { type: 'SpaceCharacters', data: ' ' },
-        { type: 'EndTag', name: 'a', data: [] },
-        { type: 'EOF', data: 'End of File' } ]);
-
-  run('<3',
-      [{ type: 'ParseError', data: 'expected-tag-name' },
-       { type: 'Characters', data: '<' },
-       { type: 'Characters', data: '3' },
-       { type: 'EOF', data: 'End of File' } ]);
-
-  run('<!--foo-->',
-      [{ type: 'Comment', data: 'foo' },
-       { type: 'EOF', data: 'End of File' } ]);
-
-});
\ No newline at end of file
diff --git a/packages/htmljs/html.js b/packages/htmljs/html.js
index 71c2feb551..f8348d6793 100644
--- a/packages/htmljs/html.js
+++ b/packages/htmljs/html.js
@@ -178,10 +178,14 @@ callReactiveFunction = function (func) {
 
 stopWithLater = function (instance) {
   if (instance.materialized && instance.materialized.isWith) {
-    if (Deps.active)
+    if (Deps.active) {
       instance.materialized();
-    else
-      instance.data.stop();
+    } else {
+      if (instance.data) // `UI.With`
+        instance.data.stop();
+      else if (instance.v) // `Spacebars.With`
+        instance.v.stop();
+    }
   }
 };
 
diff --git a/packages/htmljs/package.js b/packages/htmljs/package.js
index 9bd3ce0289..04bcb4b0f8 100644
--- a/packages/htmljs/package.js
+++ b/packages/htmljs/package.js
@@ -1,5 +1,6 @@
 Package.describe({
-  summary: "Small library for expressing HTML trees"
+  summary: "Small library for expressing HTML trees",
+  internal: true
 });
 
 Package.on_use(function (api) {
diff --git a/packages/http/httpcall_common.js b/packages/http/httpcall_common.js
index a2fe4bdd2b..5b6c4f9b66 100644
--- a/packages/http/httpcall_common.js
+++ b/packages/http/httpcall_common.js
@@ -1,5 +1,5 @@
 makeErrorByStatus = function(statusCode, content) {
-  var MAX_LENGTH = 160; // if you change this, also change the appropriate test
+  var MAX_LENGTH = 500; // if you change this, also change the appropriate test
 
   var truncate = function(str, length) {
     return str.length > length ? str.slice(0, length) + '...' : str;
diff --git a/packages/http/httpcall_tests.js b/packages/http/httpcall_tests.js
index c05ad92482..0849254408 100644
--- a/packages/http/httpcall_tests.js
+++ b/packages/http/httpcall_tests.js
@@ -116,8 +116,8 @@ testAsyncMulti("httpcall - errors", [
       // in test_responder.js we make a very long response body, to make sure
       // that we truncate messages. first of all, make sure we didn't make that
       // message too short, so that we can be sure we're verifying that we truncate.
-      test.isTrue(error.response.content.length > 180);
-      test.isTrue(error.message.length < 180); // make sure we truncate.
+      test.isTrue(error.response.content.length > 520);
+      test.isTrue(error.message.length < 520); // make sure we truncate.
     };
     HTTP.call("GET", url_prefix()+"/fail", expect(error500Callback));
 
diff --git a/packages/http/test_responder.js b/packages/http/test_responder.js
index 90940c1b53..47239e6672 100644
--- a/packages/http/test_responder.js
+++ b/packages/http/test_responder.js
@@ -10,8 +10,10 @@ var respond = function(req, res) {
     return;
   } else if (req.url === "/fail") {
     res.statusCode = 500;
-    res.end("SOME SORT OF SERVER ERROR. " +
-            "MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. MAKE THIS VERY LONG TO MAKE SURE WE TRUNCATE. ");
+    res.end("SOME SORT OF SERVER ERROR. foo" +
+            _.times(100, function () {
+              return "MAKE THIS LONG TO TEST THAT WE TRUNCATE";
+            }).join(' '));
     return;
   } else if (req.url === "/redirect") {
     res.statusCode = 301;
diff --git a/packages/js-analyze/.npm/package/npm-shrinkwrap.json b/packages/js-analyze/.npm/package/npm-shrinkwrap.json
index a084b12ea5..d0887e7f77 100644
--- a/packages/js-analyze/.npm/package/npm-shrinkwrap.json
+++ b/packages/js-analyze/.npm/package/npm-shrinkwrap.json
@@ -1,8 +1,5 @@
 {
   "dependencies": {
-    "esprima": {
-      "version": "https://github.com/ariya/esprima/tarball/2a41dbf0ddadade0b09a9a7cc9a0c8df9c434018"
-    },
     "escope": {
       "version": "1.0.0",
       "dependencies": {
@@ -10,6 +7,9 @@
           "version": "1.3.1"
         }
       }
+    },
+    "esprima": {
+      "version": "https://github.com/ariya/esprima/tarball/2a41dbf0ddadade0b09a9a7cc9a0c8df9c434018"
     }
   }
 }
diff --git a/packages/less/plugin/compile-less.js b/packages/less/plugin/compile-less.js
index a1e15445b5..5b00d99293 100644
--- a/packages/less/plugin/compile-less.js
+++ b/packages/less/plugin/compile-less.js
@@ -15,6 +15,7 @@ Plugin.registerSourceHandler("less", function (compileStep) {
 
   var source = compileStep.read().toString('utf8');
   var options = {
+    filename: compileStep.inputPath,
     // Use fs.readFileSync to process @imports. This is the bundler, so
     // that's not going to cause concurrency issues, and it means that (a)
     // we don't have to use Futures and (b) errors thrown by bugs in less
diff --git a/packages/livedata/.npm/package/npm-shrinkwrap.json b/packages/livedata/.npm/package/npm-shrinkwrap.json
index 92d8fd541c..e846e2ff4d 100644
--- a/packages/livedata/.npm/package/npm-shrinkwrap.json
+++ b/packages/livedata/.npm/package/npm-shrinkwrap.json
@@ -1,5 +1,13 @@
 {
   "dependencies": {
+    "faye-websocket": {
+      "version": "0.7.2",
+      "dependencies": {
+        "websocket-driver": {
+          "version": "0.3.2"
+        }
+      }
+    },
     "sockjs": {
       "version": "0.3.8",
       "dependencies": {
@@ -15,14 +23,6 @@
           }
         }
       }
-    },
-    "faye-websocket": {
-      "version": "0.7.2",
-      "dependencies": {
-        "websocket-driver": {
-          "version": "0.3.2"
-        }
-      }
     }
   }
 }
diff --git a/packages/livedata/DDP.md b/packages/livedata/DDP.md
index 655f1ca105..0cb9d137f9 100644
--- a/packages/livedata/DDP.md
+++ b/packages/livedata/DDP.md
@@ -7,7 +7,7 @@ DDP is a protocol between a client and a server that supports two operations:
    client informed about the contents of those documents as they change over
    time.
 
-This document specifies the version "pre1" of DDP. It's a rough description of
+This document specifies the version "pre2" of DDP. It's a rough description of
 the protocol and not intended to be entirely definitive.
 
 ## General Message Structure:
@@ -71,6 +71,23 @@ connections. The client can rely on the server sending a `failed`
 message if a better version is possible as a result of the client or
 the server having been upgraded.
 
+## Heartbeats
+
+### Messages:
+
+ * `ping`
+   - `id`: optional string (identifier used to correlate with response)
+ * `pong`
+   - `id`: optional string (same as received in the `ping` message)
+
+### Procedure:
+
+At any time after the connection is established either side may send a `ping`
+message. The sender may chose to include an `id` field in the `ping`
+message. When the other side receives a `ping` it must immediately respond with
+a `pong` message. If the received `ping` message includes an `id` field, the
+`pong` message must include the same `id` field.
+
 ## Managing Data:
 
 ### Messages:
@@ -170,6 +187,8 @@ the server having been upgraded.
    - `method`: string (method name)
    - `params`: optional array of EJSON items (parameters to the method)
    - `id`: string (an arbitrary client-determined identifier for this method call)
+   - `randomSeed`: optional JSON value (an arbitrary client-determined seed
+     for pseudo-random generators)
  * `result` (server -> client):
    - `id`: string (the id passed to 'method')
    - `error`: optional Error (an error thrown by the method (or method-not-found)
@@ -193,6 +212,19 @@ the server having been upgraded.
  * There is no particular required ordering between `result` and `updated`
    messages for a method call.
 
+ * The client may provide a randomSeed JSON value.  If provided, this value is
+   used to seed pseudo-random number generation.  By using the same seed with
+   the same algorithm, the same pseudo-random values can be generated on the
+   client and the server.  In particular, this is used for generating ids for
+   newly created documents.  If randomSeed is not provided, then values
+   generated on the server and the client will not be identical.
+
+ * Currently randomSeed is expected to be a string, and the algorithm by which
+   values are produced from this is not yet documented.  It will likely be
+   formally specified in future when we are confident that the complete
+   requirements are known, or when a compatible implementation requires this
+   to be specified.
+
 ## Errors:
 
 Errors appear in `result` and `nosub` messages in an optional error field. An
@@ -260,3 +292,35 @@ of EJSON should not rely on key order, if possible.
 
 > MongoDB relies on key order.  When using EJSON with MongoDB, the
 > implementation of EJSON must preserve key order.
+
+
+## Appendix 2: randomSeed backward/forward compatibility
+
+randomSeed was added into DDP pre2, but it does not break backward or forward
+compatibility.
+
+If the client stub and the server produce documents that are different in any
+way, Meteor will reconcile this difference. This may cause 'flicker' in the UI
+as the values change on the client to reflect what happened on the server, but
+the final result will be correct: the server and the client will agree.
+
+Consistent id generation / randomSeed does not alter the syncing process, and
+thus will (at worst) be the same:
+
+* If neither the server nor the client support randomSeed, we will get the
+classical/flicker behavior.
+
+* If the client supports randomSeed, but the server does not, the server will
+ignore randomSeed, as it ignores any unknown properties in a DDP method call.
+Different ids will be generated, but this will be fixed by syncing.
+
+* If the server supports randomSeed, but the client does not, the server will
+generate unseeded random values (providing a randomSeed is optional); different
+ids will be generated; and again this will be fixed by syncing.
+
+* If both client and server support randomSeed, but different ids are
+generated, either because the generation procedure is buggy, or the stub
+behaves differently to the server, then syncing will fix this.
+
+* If both client and server support randomSeed, in the normal case the ids
+generated will be the same, and syncing will be a no-op.
diff --git a/packages/livedata/heartbeat.js b/packages/livedata/heartbeat.js
new file mode 100644
index 0000000000..0eaafd9cdc
--- /dev/null
+++ b/packages/livedata/heartbeat.js
@@ -0,0 +1,102 @@
+// Heartbeat options:
+//   heartbeatInterval: interval to send pings, in milliseconds.
+//   heartbeatTimeout: timeout to close the connection if a reply isn't
+//     received, in milliseconds.
+//   sendPing: function to call to send a ping on the connection.
+//   onTimeout: function to call to close the connection.
+
+Heartbeat = function (options) {
+  var self = this;
+
+  self.heartbeatInterval = options.heartbeatInterval;
+  self.heartbeatTimeout = options.heartbeatTimeout;
+  self._sendPing = options.sendPing;
+  self._onTimeout = options.onTimeout;
+
+  self._heartbeatIntervalHandle = null;
+  self._heartbeatTimeoutHandle = null;
+};
+
+_.extend(Heartbeat.prototype, {
+  stop: function () {
+    var self = this;
+    self._clearHeartbeatIntervalTimer();
+    self._clearHeartbeatTimeoutTimer();
+  },
+
+  start: function () {
+    var self = this;
+    self.stop();
+    self._startHeartbeatIntervalTimer();
+  },
+
+  _startHeartbeatIntervalTimer: function () {
+    var self = this;
+    self._heartbeatIntervalHandle = Meteor.setTimeout(
+      _.bind(self._heartbeatIntervalFired, self),
+      self.heartbeatInterval
+    );
+  },
+
+  _startHeartbeatTimeoutTimer: function () {
+    var self = this;
+    self._heartbeatTimeoutHandle = Meteor.setTimeout(
+      _.bind(self._heartbeatTimeoutFired, self),
+      self.heartbeatTimeout
+    );
+  },
+
+  _clearHeartbeatIntervalTimer: function () {
+    var self = this;
+    if (self._heartbeatIntervalHandle) {
+      Meteor.clearTimeout(self._heartbeatIntervalHandle);
+      self._heartbeatIntervalHandle = null;
+    }
+  },
+
+  _clearHeartbeatTimeoutTimer: function () {
+    var self = this;
+    if (self._heartbeatTimeoutHandle) {
+      Meteor.clearTimeout(self._heartbeatTimeoutHandle);
+      self._heartbeatTimeoutHandle = null;
+    }
+  },
+
+  // The heartbeat interval timer is fired when we should send a ping.
+  _heartbeatIntervalFired: function () {
+    var self = this;
+    self._heartbeatIntervalHandle = null;
+    self._sendPing();
+    // Wait for a pong.
+    self._startHeartbeatTimeoutTimer();
+  },
+
+  // The heartbeat timeout timer is fired when we sent a ping, but we
+  // timed out waiting for the pong.
+  _heartbeatTimeoutFired: function () {
+    var self = this;
+    self._heartbeatTimeoutHandle = null;
+    self._onTimeout();
+  },
+
+  pingReceived: function () {
+    var self = this;
+    // We know the connection is alive if we receive a ping, so we
+    // don't need to send a ping ourselves.  Reset the interval timer.
+    if (self._heartbeatIntervalHandle) {
+      self._clearHeartbeatIntervalTimer();
+      self._startHeartbeatIntervalTimer();
+    }
+  },
+
+  pongReceived: function () {
+    var self = this;
+
+    // Receiving a pong means we won't timeout, so clear the timeout
+    // timer and start the interval again.
+    if (self._heartbeatTimeoutHandle) {
+      self._clearHeartbeatTimeoutTimer();
+      self._startHeartbeatIntervalTimer();
+    }
+  }
+});
diff --git a/packages/livedata/livedata_common.js b/packages/livedata/livedata_common.js
index f9a873c6f7..7bacf467c4 100644
--- a/packages/livedata/livedata_common.js
+++ b/packages/livedata/livedata_common.js
@@ -1,6 +1,6 @@
 DDP = {};
 
-SUPPORTED_DDP_VERSIONS = [ 'pre1' ];
+SUPPORTED_DDP_VERSIONS = [ 'pre2', 'pre1' ];
 
 LivedataTest.SUPPORTED_DDP_VERSIONS = SUPPORTED_DDP_VERSIONS;
 
@@ -31,6 +31,12 @@ MethodInvocation = function (options) {
 
   // On the server, the connection this method call came in on.
   this.connection = options.connection;
+
+  // The seed for randomStream value generation
+  this.randomSeed = options.randomSeed;
+
+  // This is set by RandomStream.get; and holds the random stream state
+  this.randomStream = null;
 };
 
 _.extend(MethodInvocation.prototype, {
diff --git a/packages/livedata/livedata_connection.js b/packages/livedata/livedata_connection.js
index be5b79e15c..abb717f0a5 100644
--- a/packages/livedata/livedata_connection.js
+++ b/packages/livedata/livedata_connection.js
@@ -31,10 +31,13 @@ var Connection = function (url, options) {
     onDDPVersionNegotiationFailure: function (description) {
       Meteor._debug(description);
     },
+    heartbeatInterval: 35000,
+    heartbeatTimeout: 15000,
     // These options are only for testing.
     reloadWithOutstanding: false,
     supportedDDPVersions: SUPPORTED_DDP_VERSIONS,
-    retry: true
+    retry: true,
+    respondToPings: true
   }, options);
 
   // If set, called when we reconnect, queuing method calls _before_ the
@@ -64,6 +67,9 @@ var Connection = function (url, options) {
   self._nextMethodId = 1;
   self._supportedDDPVersions = options.supportedDDPVersions;
 
+  self._heartbeatInterval = options.heartbeatInterval;
+  self._heartbeatTimeout = options.heartbeatTimeout;
+
   // Tracks methods which the user has tried to call but which have not yet
   // called their user callback (ie, they are waiting on their result or for all
   // of their writes to be written to the local cache). Map from method ID to
@@ -224,6 +230,17 @@ var Connection = function (url, options) {
         options.onDDPVersionNegotiationFailure(description);
       }
     }
+    else if (msg.msg === 'ping') {
+      if (options.respondToPings)
+        self._send({msg: "pong", id: msg.id});
+      if (self._heartbeat)
+        self._heartbeat.pingReceived();
+    }
+    else if (msg.msg === 'pong') {
+      if (self._heartbeat) {
+        self._heartbeat.pongReceived();
+      }
+    }
     else if (_.include(['added', 'changed', 'removed', 'ready', 'updated'], msg.msg))
       self._livedata_data(msg);
     else if (msg.msg === 'nosub')
@@ -291,12 +308,21 @@ var Connection = function (url, options) {
     });
   };
 
+  var onDisconnect = function () {
+    if (self._heartbeat) {
+      self._heartbeat.stop()
+      self._heartbeat = null;
+    }
+  };
+
   if (Meteor.isServer) {
     self._stream.on('message', Meteor.bindEnvironment(onMessage, Meteor._debug));
     self._stream.on('reset', Meteor.bindEnvironment(onReset, Meteor._debug));
+    self._stream.on('disconnect', Meteor.bindEnvironment(onDisconnect, Meteor._debug));
   } else {
     self._stream.on('message', onMessage);
     self._stream.on('reset', onReset);
+    self._stream.on('disconnect', onDisconnect);
   }
 };
 
@@ -493,7 +519,7 @@ _.extend(Connection.prototype, {
       self._subscriptions[id] = {
         id: id,
         name: name,
-        params: params,
+        params: EJSON.clone(params),
         inactive: false,
         ready: false,
         readyDeps: (typeof Deps !== "undefined") && new Deps.Dependency,
@@ -596,6 +622,17 @@ _.extend(Connection.prototype, {
   //   onResultReceived: Function - a callback to call as soon as the method
   //                                result is received. the data written by
   //                                the method may not yet be in the cache!
+  //   returnStubValue: Boolean - If true then in cases where we would have
+  //                              otherwise discarded the stub's return value
+  //                              and returned undefined, instead we go ahead
+  //                              and return it.  Specifically, this is any
+  //                              time other than when (a) we are already
+  //                              inside a stub or (b) we are in Node and no
+  //                              callback was provided.  Currently we require
+  //                              this flag to be explicitly passed to reduce
+  //                              the likelihood that stub return values will
+  //                              be confused with server return values; we
+  //                              may improve this in future.
   // @param callback {Optional Function}
   apply: function (name, args, options, callback) {
     var self = this;
@@ -618,6 +655,10 @@ _.extend(Connection.prototype, {
       );
     }
 
+    // Keep our args safe from mutation (eg if we don't send the message for a
+    // while because of a wait method).
+    args = EJSON.clone(args);
+
     // Lazily allocate method ID once we know that it'll be needed.
     var methodId = (function () {
       var id;
@@ -628,6 +669,27 @@ _.extend(Connection.prototype, {
       };
     })();
 
+    var enclosing = DDP._CurrentInvocation.get();
+    var alreadyInSimulation = enclosing && enclosing.isSimulation;
+
+    // Lazily generate a randomSeed, only if it is requested by the stub.
+    // The random streams only have utility if they're used on both the client
+    // and the server; if the client doesn't generate any 'random' values
+    // then we don't expect the server to generate any either.
+    // Less commonly, the server may perform different actions from the client,
+    // and may in fact generate values where the client did not, but we don't
+    // have any client-side values to match, so even here we may as well just
+    // use a random seed on the server.  In that case, we don't pass the
+    // randomSeed to save bandwidth, and we don't even generate it to save a
+    // bit of CPU and to avoid consuming entropy.
+    var randomSeed = null;
+    var randomSeedGenerator = function () {
+      if (randomSeed === null) {
+        randomSeed = makeRpcSeed(enclosing, name);
+      }
+      return randomSeed;
+    };
+
     // Run the stub, if we have one. The stub is supposed to make some
     // temporary writes to the database to give the user a smooth experience
     // until the actual result of executing the method comes back from the
@@ -640,18 +702,17 @@ _.extend(Connection.prototype, {
     // to do a RPC, so we use the return value of the stub as our return
     // value.
 
-    var enclosing = DDP._CurrentInvocation.get();
-    var alreadyInSimulation = enclosing && enclosing.isSimulation;
-
     var stub = self._methodHandlers[name];
     if (stub) {
       var setUserId = function(userId) {
         self.setUserId(userId);
       };
+
       var invocation = new MethodInvocation({
         isSimulation: true,
         userId: self.userId(),
-        setUserId: setUserId
+        setUserId: setUserId,
+        randomSeed: function () { return randomSeedGenerator(); }
       });
 
       if (!alreadyInSimulation)
@@ -660,11 +721,12 @@ _.extend(Connection.prototype, {
       try {
         // Note that unlike in the corresponding server code, we never audit
         // that stubs check() their arguments.
-        var ret = DDP._CurrentInvocation.withValue(invocation, function () {
+        var stubReturnValue = DDP._CurrentInvocation.withValue(invocation, function () {
           if (Meteor.isServer) {
             // Because saveOriginals and retrieveOriginals aren't reentrant,
             // don't allow stubs to yield.
             return Meteor._noYieldsAllowed(function () {
+              // re-clone, so that the stub can't affect our caller's values
               return stub.apply(invocation, EJSON.clone(args));
             });
           } else {
@@ -685,12 +747,12 @@ _.extend(Connection.prototype, {
     // we'll end up returning undefined.
     if (alreadyInSimulation) {
       if (callback) {
-        callback(exception, ret);
+        callback(exception, stubReturnValue);
         return undefined;
       }
       if (exception)
         throw exception;
-      return ret;
+      return stubReturnValue;
     }
 
     // If an exception occurred in a stub, and we're ignoring it
@@ -725,18 +787,25 @@ _.extend(Connection.prototype, {
     // Send the RPC. Note that on the client, it is important that the
     // stub have finished before we send the RPC, so that we know we have
     // a complete list of which local documents the stub wrote.
+    var message = {
+      msg: 'method',
+      method: name,
+      params: args,
+      id: methodId()
+    };
+
+    // Send the randomSeed only if we used it
+    if (randomSeed !== null) {
+      message.randomSeed = randomSeed;
+    }
+
     var methodInvoker = new MethodInvoker({
       methodId: methodId(),
       callback: callback,
       connection: self,
       onResultReceived: options.onResultReceived,
       wait: !!options.wait,
-      message: {
-        msg: 'method',
-        method: name,
-        params: args,
-        id: methodId()
-      }
+      message: message
     });
 
     if (options.wait) {
@@ -761,7 +830,7 @@ _.extend(Connection.prototype, {
     if (future) {
       return future.wait();
     }
-    return undefined;
+    return options.returnStubValue ? stubReturnValue : undefined;
   },
 
   // Before calling a method stub, prepare all stores to track changes and allow
@@ -834,6 +903,14 @@ _.extend(Connection.prototype, {
     self._stream.send(stringifyDDP(obj));
   },
 
+  // We detected via DDP-level heartbeats that we've lost the
+  // connection.  Unlike `disconnect` or `close`, a lost connection
+  // will be automatically retried.
+  _lostConnection: function () {
+    var self = this;
+    self._stream._lostConnection();
+  },
+
   status: function (/*passthrough args*/) {
     var self = this;
     return self._stream.status.apply(self._stream, arguments);
@@ -893,6 +970,28 @@ _.extend(Connection.prototype, {
   _livedata_connected: function (msg) {
     var self = this;
 
+    if (self._version !== 'pre1' && self._heartbeatInterval !== 0) {
+      self._heartbeat = new Heartbeat({
+        heartbeatInterval: self._heartbeatInterval,
+        heartbeatTimeout: self._heartbeatTimeout,
+        onTimeout: function () {
+          if (Meteor.isClient) {
+            // only print on the client. this message is useful on the
+            // browser console to see that we've lost connection. on the
+            // server (eg when doing server-to-server DDP), it gets
+            // kinda annoying. also this matches the behavior with
+            // sockjs timeouts.
+            Meteor._debug("Connection timeout. No DDP heartbeat received.");
+          }
+          self._lostConnection();
+        },
+        sendPing: function () {
+          self._send({msg: 'ping'});
+        }
+      });
+      self._heartbeat.start();
+    }
+
     // If this is a reconnect, we'll have to reset all stores.
     if (self._lastSessionId)
       self._resetStores = true;
diff --git a/packages/livedata/livedata_connection_tests.js b/packages/livedata/livedata_connection_tests.js
index b37e3d97a7..1c404669b6 100644
--- a/packages/livedata/livedata_connection_tests.js
+++ b/packages/livedata/livedata_connection_tests.js
@@ -17,12 +17,16 @@ var makeConnectMessage = function (session) {
   return msg;
 }
 
+// Tests that stream got a message that matches expected.
+// Expected is normally an object, and allows a wildcard value of '*',
+// which will then match any value.
+// Returns the message (parsed as a JSON object if expected is an object);
+// which is particularly handy if you want to extract a value that was
+// matched as a wildcard.
 var testGotMessage = function (test, stream, expected) {
-  var retVal = undefined;
-
   if (stream.sent.length === 0) {
     test.fail({error: 'no message received', expected: expected});
-    return retVal;
+    return undefined;
   }
 
   var got = stream.sent.shift();
@@ -42,17 +46,10 @@ var testGotMessage = function (test, stream, expected) {
     _.each(keysWithStarValues, function (k) {
       expected[k] = got[k];
     });
-    if (keysWithStarValues.length === 1) {
-      retVal = got[keysWithStarValues[0]];
-    } else {
-      retVal = _.map(keysWithStarValues, function (k) {
-        return got[k];
-      });
-    }
   }
 
   test.equal(got, expected);
-  return retVal;
+  return got;
 };
 
 var startAndConnect = function(test, stream) {
@@ -275,6 +272,7 @@ Tinytest.add("livedata stub - this", function (test) {
   conn.call('test_this', _.identity);
   // satisfy method, quiesce connection
   var message = JSON.parse(stream.sent.shift());
+  test.isUndefined(message.randomSeed);
   test.equal(message, {msg: 'method', method: 'test_this',
                        params: [], id:message.id});
   test.length(stream.sent, 0);
@@ -322,9 +320,11 @@ if (Meteor.isClient) {
     test.equal(counts, {added: 1, removed: 0, changed: 0, moved: 0});
 
     // get response from server
-    var message = JSON.parse(stream.sent.shift());
-    test.equal(message, {msg: 'method', method: 'do_something',
-                         params: ['friday!'], id:message.id});
+    var message = testGotMessage(test, stream, {msg: 'method',
+                                                method: 'do_something',
+                                                params: ['friday!'],
+                                                id: '*',
+                                                randomSeed: '*'});
 
     test.equal(coll.find({}).count(), 1);
     test.equal(coll.find({value: 'friday!'}).count(), 1);
@@ -357,6 +357,7 @@ if (Meteor.isClient) {
 
     // test we still send a method request to server
     var message2 = JSON.parse(stream.sent.shift());
+    test.isUndefined(message2.randomSeed);
     test.equal(message2, {msg: 'method', method: 'do_something_else',
                           params: ['monday'], id: message2.id});
 
@@ -401,6 +402,7 @@ Tinytest.add("livedata stub - mutating method args", function (test) {
 
   // Method should be called with original arg, not mutated arg.
   var message = JSON.parse(stream.sent.shift());
+  test.isUndefined(message.randomSeed);
   test.equal(message, {msg: 'method', method: 'mutateArgs',
                        params: [{foo: 50}], id: message.id});
   test.length(stream.sent, 0);
@@ -453,9 +455,11 @@ if (Meteor.isClient) {
     conn.call('do_something', _.identity);
 
     // see we only send message for outer methods
-    var message = JSON.parse(stream.sent.shift());
-    test.equal(message, {msg: 'method', method: 'do_something',
-                         params: [], id:message.id});
+    var message = testGotMessage(test, stream, {msg: 'method',
+                                                method: 'do_something',
+                                                params: [],
+                                                id: '*',
+                                                randomSeed: '*'});
     test.length(stream.sent, 0);
 
     // but inner method runs locally.
@@ -566,6 +570,7 @@ Tinytest.add("livedata stub - reconnect", function (test) {
 
   // The non-wait method should send, but not the wait method.
   var methodMessage = JSON.parse(stream.sent.shift());
+  test.isUndefined(methodMessage.randomSeed);
   test.equal(methodMessage, {msg: 'method', method: 'do_something',
                              params: [], id:methodMessage.id});
   test.equal(stream.sent.length, 0);
@@ -623,6 +628,7 @@ Tinytest.add("livedata stub - reconnect", function (test) {
   o.expectCallbacks({added: 1, changed: 1});
 
   var waitMethodMessage = JSON.parse(stream.sent.shift());
+  test.isUndefined(waitMethodMessage.randomSeed);
   test.equal(waitMethodMessage, {msg: 'method', method: 'do_something_else',
                                  params: [], id: waitMethodMessage.id});
   test.equal(stream.sent.length, 0);
@@ -633,6 +639,7 @@ Tinytest.add("livedata stub - reconnect", function (test) {
   // wait method done means we can send the third method
   test.equal(stream.sent.length, 1);
   var laterMethodMessage = JSON.parse(stream.sent.shift());
+  test.isUndefined(laterMethodMessage.randomSeed);
   test.equal(laterMethodMessage, {msg: 'method', method: 'do_something_later',
                                   params: [], id: laterMethodMessage.id});
 
@@ -677,7 +684,7 @@ if (Meteor.isClient) {
     // Method sent.
     var methodId = testGotMessage(
       test, stream, {msg: 'method', method: 'writeSomething',
-                     params: [], id: '*'});
+                     params: [], id: '*', randomSeed: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // Get some data.
@@ -744,7 +751,7 @@ if (Meteor.isClient) {
     // Method sent.
     var methodId2 = testGotMessage(
       test, stream, {msg: 'method', method: 'writeSomething',
-                     params: [], id: '*'});
+                     params: [], id: '*', randomSeed: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // Get some data.
@@ -777,7 +784,7 @@ if (Meteor.isClient) {
     testGotMessage(test, stream, makeConnectMessage(SESSION_ID + 1));
     var slowMethodId = testGotMessage(
       test, stream,
-      {msg: 'method', method: 'slowMethod', params: [], id: '*'});
+      {msg: 'method', method: 'slowMethod', params: [], id: '*'}).id;
     // Still holding out hope for session resumption, so nothing updated yet.
     test.equal(coll.find().count(), 2);
     test.equal(coll.findOne(stubWrittenId2), {_id: stubWrittenId2, foo: 'bar'});
@@ -840,7 +847,7 @@ Tinytest.add("livedata stub - reconnect method which only got data", function (t
   // Method sent.
   var methodId = testGotMessage(
     test, stream, {msg: 'method', method: 'doLittle',
-                   params: [], id: '*'});
+                   params: [], id: '*'}).id;
   test.equal(stream.sent.length, 0);
 
   // Get some data.
@@ -930,7 +937,7 @@ if (Meteor.isClient) {
     // Method sent.
     var insertMethodId = testGotMessage(
       test, stream, {msg: 'method', method: 'insertSomething',
-                     params: [], id: '*'});
+                     params: [], id: '*', randomSeed: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // Call update method.
@@ -943,7 +950,7 @@ if (Meteor.isClient) {
     // Method sent.
     var updateMethodId = testGotMessage(
       test, stream, {msg: 'method', method: 'updateIt',
-                     params: [stubWrittenId], id: '*'});
+                     params: [stubWrittenId], id: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // Get some data... slightly different than what we wrote.
@@ -1019,7 +1026,7 @@ if (Meteor.isClient) {
     // first method sent
     var firstMethodId = testGotMessage(
       test, stream, {msg: 'method', method: 'no-op',
-                     params: [], id: '*'});
+                     params: [], id: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // ack the first method
@@ -1029,7 +1036,7 @@ if (Meteor.isClient) {
     // Wait method sent.
     var waitMethodId = testGotMessage(
       test, stream, {msg: 'method', method: 'no-op',
-                     params: [], id: '*'});
+                     params: [], id: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // ack the wait method
@@ -1039,7 +1046,7 @@ if (Meteor.isClient) {
     // insert method sent.
     var insertMethodId = testGotMessage(
       test, stream, {msg: 'method', method: 'insertSomething',
-                     params: [], id: '*'});
+                     params: [], id: '*', randomSeed: '*'}).id;
     test.equal(stream.sent.length, 0);
 
     // ack the insert method
@@ -1285,6 +1292,25 @@ Tinytest.add("livedata connection - onReconnect prepends messages correctly with
   ]);
 });
 
+Tinytest.add("livedata connection - ping without id", function (test) {
+  var stream = new StubStream();
+  var conn = newConnection(stream);
+  startAndConnect(test, stream);
+
+  stream.receive({msg: 'ping'});
+  testGotMessage(test, stream, {msg: 'pong'});
+});
+
+Tinytest.add("livedata connection - ping with id", function (test) {
+  var stream = new StubStream();
+  var conn = newConnection(stream);
+  startAndConnect(test, stream);
+
+  var id = Random.id();
+  stream.receive({msg: 'ping', id: id});
+  testGotMessage(test, stream, {msg: 'pong', id: id});
+});
+
 var getSelfConnectionUrl = function () {
   if (Meteor.isClient) {
     return Meteor._relativeToSiteRootUrl("/");
@@ -1429,7 +1455,7 @@ Tinytest.add("livedata connection - onReconnect with sent messages", function(te
   // Test that we sent just the login message.
   var loginId = testGotMessage(
     test, stream, {msg: 'method', method: 'do_something',
-                   params: ['login'], id: '*'});
+                   params: ['login'], id: '*'}).id;
 
   // we connect.
   stream.receive({msg: 'connected', session: Random.id()});
@@ -1444,7 +1470,7 @@ Tinytest.add("livedata connection - onReconnect with sent messages", function(te
 
   testGotMessage(
     test, stream, {msg: 'method', method: 'do_something',
-                   params: ['one'], id: '*'});
+                   params: ['one'], id: '*'}).id;
 });
 
 
@@ -1469,7 +1495,7 @@ Tinytest.add("livedata stub - reconnect double wait method", function (test) {
   // Method sent.
   var halfwayId = testGotMessage(
     test, stream, {msg: 'method', method: 'halfwayMethod',
-                   params: [], id: '*'});
+                   params: [], id: '*'}).id;
   test.equal(stream.sent.length, 0);
 
   // Get the result. This means it will not be resent.
@@ -1483,7 +1509,7 @@ Tinytest.add("livedata stub - reconnect double wait method", function (test) {
   testGotMessage(test, stream, makeConnectMessage(SESSION_ID));
   var reconnectId = testGotMessage(
     test, stream, {msg: 'method', method: 'reconnectMethod',
-                   params: [], id: '*'});
+                   params: [], id: '*'}).id;
   test.length(stream.sent, 0);
   // Still holding out hope for session resumption, so no callbacks yet.
   test.equal(output, []);
@@ -1574,6 +1600,7 @@ if (Meteor.isClient) {
     test.equal(coll.findOne(), {_id: "foo", bar: 42});
     // It also sends the method message.
     var methodMessage = JSON.parse(stream.sent.shift());
+    test.isUndefined(methodMessage.randomSeed);
     test.equal(methodMessage, {msg: 'method', method: '/' + collName + '/insert',
                                params: [{_id: "foo", bar: 42}],
                                id: methodMessage.id});
diff --git a/packages/livedata/livedata_server.js b/packages/livedata/livedata_server.js
index cbdd29ae63..fff6114866 100644
--- a/packages/livedata/livedata_server.js
+++ b/packages/livedata/livedata_server.js
@@ -216,7 +216,7 @@ _.extend(SessionCollectionView.prototype, {
 /* Session                                                                    */
 /******************************************************************************/
 
-var Session = function (server, version, socket) {
+var Session = function (server, version, socket, options) {
   var self = this;
   self.id = Random.id();
 
@@ -262,13 +262,16 @@ var Session = function (server, version, socket) {
   // temporary and will go away in the near future.
   self._socketUrl = socket.url;
 
+  // Allow tests to disable responding to pings.
+  self._respondToPings = options.respondToPings;
+
   // This object is the public interface to the session. In the public
   // API, it is called the `connection` object.  Internally we call it
   // a `connectionHandle` to avoid ambiguity.
   self.connectionHandle = {
     id: self.id,
     close: function () {
-      self.server._closeSession(self);
+      self.close();
     },
     onClose: function (fn) {
       var cb = Meteor.bindEnvironment(fn, "connection onClose callback");
@@ -290,6 +293,20 @@ var Session = function (server, version, socket) {
     self.startUniversalSubs();
   }).run();
 
+  if (version !== 'pre1' && options.heartbeatInterval !== 0) {
+    self.heartbeat = new Heartbeat({
+      heartbeatInterval: options.heartbeatInterval,
+      heartbeatTimeout: options.heartbeatTimeout,
+      onTimeout: function () {
+        self.destroy();
+      },
+      sendPing: function () {
+        self.send({msg: 'ping'});
+      }
+    });
+    self.heartbeat.start();
+  }
+
   Package.facts && Package.facts.Facts.incrementServerFact(
     "livedata", "sessions", 1);
 };
@@ -391,6 +408,15 @@ _.extend(Session.prototype, {
   destroy: function () {
     var self = this;
 
+    // Already destroyed.
+    if (!self.inQueue)
+      return;
+
+    if (self.heartbeat) {
+      self.heartbeat.stop();
+      self.heartbeat = null;
+    }
+
     if (self.socket) {
       self.socket.close();
       self.socket._meteorSession = null;
@@ -417,6 +443,19 @@ _.extend(Session.prototype, {
     });
   },
 
+  // Destroy this session and unregister it at the server.
+  close: function () {
+    var self = this;
+
+    // Unconditionally destroy this session, even if it's not
+    // registered at the server.
+    self.destroy();
+
+    // Unregister the session.  This will also call `destroy`, but
+    // that's OK because `destroy` is idempotent.
+    self.server._closeSession(self);
+  },
+
   // Send a message (doing nothing if no socket is connected right now.)
   // It should be a JSON object (it will be stringified.)
   send: function (msg) {
@@ -457,6 +496,32 @@ _.extend(Session.prototype, {
     if (!self.inQueue) // we have been destroyed.
       return;
 
+    // Respond to ping and pong messages immediately without queuing.
+    // If the negotiated DDP version is "pre1" which didn't support
+    // pings, preserve the "pre1" behavior of responding with a "bad
+    // request" for the unknown messages.
+    //
+    // Fibers are needed because heartbeat uses Meteor.setTimeout, which
+    // needs a Fiber. We could actually use regular setTimeout and avoid
+    // these new fibers, but it is easier to just make everything use
+    // Meteor.setTimeout and not think too hard.
+    if (self.version !== 'pre1' && msg_in.msg === 'ping') {
+      if (self._respondToPings)
+        self.send({msg: "pong", id: msg_in.id});
+      if (self.heartbeat)
+        Fiber(function () {
+          self.heartbeat.pingReceived();
+        }).run();
+      return;
+    }
+    if (self.version !== 'pre1' && msg_in.msg === 'pong') {
+      if (self.heartbeat)
+        Fiber(function () {
+          self.heartbeat.pongReceived();
+        }).run();
+      return;
+    }
+
     self.inQueue.push(msg_in);
     if (self.workerRunning)
       return;
@@ -530,14 +595,18 @@ _.extend(Session.prototype, {
       var self = this;
 
       // reject malformed messages
-      // XXX should also reject messages with unknown attributes?
+      // For now, we silently ignore unknown attributes,
+      // for forwards compatibility.
       if (typeof (msg.id) !== "string" ||
           typeof (msg.method) !== "string" ||
-          (('params' in msg) && !(msg.params instanceof Array))) {
+          (('params' in msg) && !(msg.params instanceof Array)) ||
+          (('randomSeed' in msg) && (typeof msg.randomSeed !== "string"))) {
         self.sendError("Malformed method invocation", msg);
         return;
       }
 
+      var randomSeed = msg.randomSeed || null;
+
       // set up to mark the method as satisfied once all observers
       // (and subscriptions) have reacted to any writes that were
       // done.
@@ -572,7 +641,8 @@ _.extend(Session.prototype, {
         userId: self.userId,
         setUserId: setUserId,
         unblock: unblock,
-        connection: self.connectionHandle
+        connection: self.connectionHandle,
+        randomSeed: randomSeed
       });
       try {
         var result = DDPServer._CurrentWriteFence.withValue(fence, function () {
@@ -1047,9 +1117,20 @@ _.extend(Subscription.prototype, {
 /* Server                                                                     */
 /******************************************************************************/
 
-Server = function () {
+Server = function (options) {
   var self = this;
 
+  // The default heartbeat interval is 30 seconds on the server and 35
+  // seconds on the client.  Since the client doesn't need to send a
+  // ping as long as it is receiving pings, this means that pings
+  // normally go from the server to the client.
+  self.options = _.defaults(options || {}, {
+    heartbeatInterval: 30000,
+    heartbeatTimeout: 15000,
+    // For testing, allow responding to pings to be disabled.
+    respondToPings: true
+  });
+
   // Map of callbacks to call when a new connection comes in to the
   // server and completes DDP version negotiation. Use an object instead
   // of an array so we can safely remove one from the list while
@@ -1120,7 +1201,7 @@ Server = function () {
     socket.on('close', function () {
       if (socket._meteorSession) {
         Fiber(function () {
-          self._closeSession(socket._meteorSession);
+          socket._meteorSession.close();
         }).run();
       }
     });
@@ -1142,7 +1223,7 @@ _.extend(Server.prototype, {
 
     if (msg.version === version) {
       // Creating a new session
-      socket._meteorSession = new Session(self, version, socket);
+      socket._meteorSession = new Session(self, version, socket, self.options);
       self.sessions[socket._meteorSession.id] = socket._meteorSession;
       self.onConnectionHook.each(function (callback) {
         if (socket._meteorSession)
@@ -1318,12 +1399,14 @@ _.extend(Server.prototype, {
         isSimulation: false,
         userId: userId,
         setUserId: setUserId,
-        connection: connection
+        connection: connection,
+        randomSeed: makeRpcSeed(currentInvocation, name)
       });
       try {
         var result = DDP._CurrentInvocation.withValue(invocation, function () {
           return maybeAuditArgumentChecks(
-            handler, invocation, args, "internal call to '" + name + "'");
+            handler, invocation, EJSON.clone(args), "internal call to '" +
+              name + "'");
         });
       } catch (e) {
         exception = e;
diff --git a/packages/livedata/package.js b/packages/livedata/package.js
index b3c5f33cb3..8eaa60f32b 100644
--- a/packages/livedata/package.js
+++ b/packages/livedata/package.js
@@ -49,6 +49,7 @@ Package.on_use(function (api) {
   // _idParse, _idStringify.
   api.use('minimongo', ['client', 'server']);
 
+  api.add_files('heartbeat.js', ['client', 'server']);
 
   api.add_files('livedata_server.js', 'server');
 
@@ -56,6 +57,7 @@ Package.on_use(function (api) {
   api.add_files('crossbar.js', 'server');
 
   api.add_files('livedata_common.js', ['client', 'server']);
+  api.add_files('random_stream.js', ['client', 'server']);
 
   api.add_files('livedata_connection.js', ['client', 'server']);
 
@@ -77,6 +79,7 @@ Package.on_test(function (api) {
   api.add_files('livedata_test_service.js', ['client', 'server']);
   api.add_files('session_view_tests.js', ['server']);
   api.add_files('crossbar_tests.js', ['server']);
+  api.add_files('random_stream_tests.js', ['client', 'server']);
 
   api.use('http', 'client');
   api.add_files(['stream_tests.js'], 'client');
diff --git a/packages/livedata/random_stream.js b/packages/livedata/random_stream.js
new file mode 100644
index 0000000000..b09a6eda2e
--- /dev/null
+++ b/packages/livedata/random_stream.js
@@ -0,0 +1,103 @@
+// RandomStream allows for generation of pseudo-random values, from a seed.
+//
+// We use this for consistent 'random' numbers across the client and server.
+// We want to generate probably-unique IDs on the client, and we ideally want
+// the server to generate the same IDs when it executes the method.
+//
+// For generated values to be the same, we must seed ourselves the same way,
+// and we must keep track of the current state of our pseudo-random generators.
+// We call this state the scope. By default, we use the current DDP method
+// invocation as our scope.  DDP now allows the client to specify a randomSeed.
+// If a randomSeed is provided it will be used to seed our random sequences.
+// In this way, client and server method calls will generate the same values.
+//
+// We expose multiple named streams; each stream is independent
+// and is seeded differently (but predictably from the name).
+// By using multiple streams, we support reordering of requests,
+// as long as they occur on different streams.
+//
+// @param options {Optional Object}
+//   seed: Array or value - Seed value(s) for the generator.
+//                          If an array, will be used as-is
+//                          If a value, will be converted to a single-value array
+//                          If omitted, a random array will be used as the seed.
+RandomStream = function (options) {
+  var self = this;
+
+  this.seed = [].concat(options.seed || randomToken());
+
+  this.sequences = {};
+};
+
+// Returns a random string of sufficient length for a random seed.
+// This is a placeholder function; a similar function is planned
+// for Random itself; when that is added we should remove this function,
+// and call Random's randomToken instead.
+function randomToken() {
+  return Random.hexString(20);
+};
+
+// Returns the random stream with the specified name, in the specified scope.
+// If scope is null (or otherwise falsey) then we will use Random, which will
+// give us as random numbers as possible, but won't produce the same
+// values across client and server.
+// However, scope will normally be the current DDP method invocation, so
+// we'll use the stream with the specified name, and we should get consistent
+// values on the client and server sides of a method call.
+RandomStream.get = function (scope, name) {
+  if (!name) {
+    name = "default";
+  }
+  if (!scope) {
+    // There was no scope passed in;
+    // the sequence won't actually be reproducible.
+    return Random;
+  }
+  var randomStream = scope.randomStream;
+  if (!randomStream) {
+    scope.randomStream = randomStream = new RandomStream({
+      seed: scope.randomSeed
+    });
+  }
+  return randomStream._sequence(name);
+};
+
+// Returns the named sequence of pseudo-random values.
+// The scope will be DDP._CurrentInvocation.get(), so the stream will produce
+// consistent values for method calls on the client and server.
+DDP.randomStream = function (name) {
+  var scope = DDP._CurrentInvocation.get();
+  return RandomStream.get(scope, name);
+};
+
+// Creates a randomSeed for passing to a method call.
+// Note that we take enclosing as an argument,
+// though we expect it to be DDP._CurrentInvocation.get()
+// However, we often evaluate makeRpcSeed lazily, and thus the relevant
+// invocation may not be the one currently in scope.
+// If enclosing is null, we'll use Random and values won't be repeatable.
+makeRpcSeed = function (enclosing, methodName) {
+  var stream = RandomStream.get(enclosing, '/rpc/' + methodName);
+  return stream.hexString(20);
+};
+
+_.extend(RandomStream.prototype, {
+  // Get a random sequence with the specified name, creating it if does not exist.
+  // New sequences are seeded with the seed concatenated with the name.
+  // By passing a seed into Random.create, we use the Alea generator.
+  _sequence: function (name) {
+    var self = this;
+
+    var sequence = self.sequences[name] || null;
+    if (sequence === null) {
+      var sequenceSeed = self.seed.concat(name);
+      for (var i = 0; i < sequenceSeed.length; i++) {
+        if (_.isFunction(sequenceSeed[i])) {
+          sequenceSeed[i] = sequenceSeed[i]();
+        }
+      }
+      self.sequences[name] = sequence = Random.createWithSeeds.apply(null, sequenceSeed);
+    }
+    return sequence;
+  }
+});
diff --git a/packages/livedata/random_stream_tests.js b/packages/livedata/random_stream_tests.js
new file mode 100644
index 0000000000..67f95f1e8e
--- /dev/null
+++ b/packages/livedata/random_stream_tests.js
@@ -0,0 +1,44 @@
+Tinytest.add("livedata - DDP.randomStream", function (test) {
+  var randomSeed = Random.id();
+  var context = { randomSeed: randomSeed };
+
+  var sequence = DDP._CurrentInvocation.withValue(context, function () {
+    return DDP.randomStream('1');
+  });
+
+  var seeds = sequence.alea.args;
+
+  test.equal(seeds.length, 2);
+  test.equal(seeds[0], randomSeed);
+  test.equal(seeds[1], '1');
+
+  var id1 = sequence.id();
+
+  // Clone the sequence by building it the same way RandomStream.get does
+  var sequenceClone = Random.createWithSeeds.apply(null, seeds);
+  var id1Cloned = sequenceClone.id();
+  var id2Cloned = sequenceClone.id();
+  test.equal(id1, id1Cloned);
+
+  // We should get the same sequence when we use the same key
+  sequence = DDP._CurrentInvocation.withValue(context, function () {
+    return DDP.randomStream('1');
+  });
+  seeds = sequence.alea.args;
+  test.equal(seeds.length, 2);
+  test.equal(seeds[0], randomSeed);
+  test.equal(seeds[1], '1');
+
+  // But we should be at the 'next' position in the stream
+  var id2 = sequence.id();
+
+  // Technically these could be equal, but likely to be a bug if hit
+  // http://search.dilbert.com/comic/Random%20Number%20Generator
+  test.notEqual(id1, id2);
+
+  test.equal(id2, id2Cloned);
+});
+
+Tinytest.add("livedata - DDP.randomStream with no-args", function (test) {
+  DDP.randomStream().id();
+});
diff --git a/packages/livedata/stream_client_common.js b/packages/livedata/stream_client_common.js
index 6f551ca424..cdc9092811 100644
--- a/packages/livedata/stream_client_common.js
+++ b/packages/livedata/stream_client_common.js
@@ -87,7 +87,7 @@ _.extend(LivedataTest.ClientStream.prototype, {
   on: function (name, callback) {
     var self = this;
 
-    if (name !== 'message' && name !== 'reset')
+    if (name !== 'message' && name !== 'reset' && name !== 'disconnect')
       throw new Error("unknown event type: " + name);
 
     if (!self.eventCallbacks[name])
diff --git a/packages/livedata/stream_client_nodejs.js b/packages/livedata/stream_client_nodejs.js
index a3bc996d27..718ee3fe41 100644
--- a/packages/livedata/stream_client_nodejs.js
+++ b/packages/livedata/stream_client_nodejs.js
@@ -96,6 +96,8 @@ _.extend(LivedataTest.ClientStream.prototype, {
       self.client = null;
       client.close();
     }
+
+    _.each(self.eventCallbacks.disconnect, function (callback) { callback(); });
   },
 
   _clearConnectionTimer: function () {
diff --git a/packages/livedata/stream_client_sockjs.js b/packages/livedata/stream_client_sockjs.js
index 3f42a76371..b7e39a13a4 100644
--- a/packages/livedata/stream_client_sockjs.js
+++ b/packages/livedata/stream_client_sockjs.js
@@ -12,13 +12,15 @@ LivedataTest.ClientStream = function (url, options) {
 
 
   // how long between hearing heartbeat from the server until we declare
-  // the connection dead. heartbeats come every 25s (stream_server.js)
+  // the connection dead. heartbeats come every 45s (stream_server.js)
   //
-  // NOTE: this is a workaround until sockjs detects heartbeats on the
-  // client automatically.
-  // https://github.com/sockjs/sockjs-client/issues/67
-  // https://github.com/sockjs/sockjs-node/issues/68
-  self.HEARTBEAT_TIMEOUT = 60000;
+  // NOTE: this is a older timeout mechanism. We now send heartbeats at
+  // the DDP level (https://github.com/meteor/meteor/pull/1865), and
+  // expect those timeouts to kill a non-responsive connection before
+  // this timeout fires. This is kept around for compatibility (when
+  // talking to a server that doesn't support DDP heartbeats) and can be
+  // removed later.
+  self.HEARTBEAT_TIMEOUT = 100*1000;
 
   self.rawUrl = url;
   self.socket = null;
@@ -88,6 +90,8 @@ _.extend(LivedataTest.ClientStream.prototype, {
       self.socket.close();
       self.socket = null;
     }
+
+    _.each(self.eventCallbacks.disconnect, function (callback) { callback(); });
   },
 
   _clearConnectionAndHeartbeatTimers: function () {
@@ -104,7 +108,7 @@ _.extend(LivedataTest.ClientStream.prototype, {
 
   _heartbeat_timeout: function () {
     var self = this;
-    Meteor._debug("Connection timeout. No heartbeat received.");
+    Meteor._debug("Connection timeout. No sockjs heartbeat received.");
     self._lostConnection();
   },
 
diff --git a/packages/livedata/stream_server.js b/packages/livedata/stream_server.js
index f344085380..83dffadb59 100644
--- a/packages/livedata/stream_server.js
+++ b/packages/livedata/stream_server.js
@@ -23,7 +23,7 @@ StreamServer = function () {
     log: function() {},
     // this is the default, but we code it explicitly because we depend
     // on it in stream_client:HEARTBEAT_TIMEOUT
-    heartbeat_delay: 25000,
+    heartbeat_delay: 45000,
     // The default disconnect_delay is 5 seconds, but if the server ends up CPU
     // bound for that much time, SockJS might not notice that the user has
     // reconnected because the timer (of disconnect_delay ms) can fire before
diff --git a/packages/livedata/stub_stream.js b/packages/livedata/stub_stream.js
index 1442024819..54e75c8367 100644
--- a/packages/livedata/stub_stream.js
+++ b/packages/livedata/stub_stream.js
@@ -30,6 +30,9 @@ _.extend(StubStream.prototype, {
     // no-op
   },
 
+  _lostConnection: function () {
+    // no-op
+  },
 
   // Methods for tests
   receive: function (data) {
diff --git a/packages/meetup/meetup_client.js b/packages/meetup/meetup_client.js
index ee495a7598..843b6ce428 100644
--- a/packages/meetup/meetup_client.js
+++ b/packages/meetup/meetup_client.js
@@ -13,9 +13,15 @@ Meetup.requestCredential = function (options, credentialRequestCompleteCallback)
 
   var config = ServiceConfiguration.configurations.findOne({service: 'meetup'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
+
+  // For some reason, meetup converts underscores to spaces in the state
+  // parameter when redirecting back to the client, so we use
+  // `Random.id()` here (alphanumerics) instead of `Random.secret()`
+  // (base 64 characters).
   var credentialToken = Random.id();
 
   var scope = (options && options.requestPermissions) || [];
@@ -34,7 +40,7 @@ Meetup.requestCredential = function (options, credentialRequestCompleteCallback)
   if (_.without(scope, 'basic').length)
     height += 130;
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken),
     {width: 900, height: height}
diff --git a/packages/meetup/meetup_server.js b/packages/meetup/meetup_server.js
index fe4aa80e8e..38b4154df0 100644
--- a/packages/meetup/meetup_server.js
+++ b/packages/meetup/meetup_server.js
@@ -1,6 +1,6 @@
 Meetup = {};
 
-Oauth.registerService('meetup', 2, null, function(query) {
+OAuth.registerService('meetup', 2, null, function(query) {
 
   var accessToken = getAccessToken(query);
   var identity = getIdentity(accessToken);
@@ -17,7 +17,7 @@ Oauth.registerService('meetup', 2, null, function(query) {
 var getAccessToken = function (query) {
   var config = ServiceConfiguration.configurations.findOne({service: 'meetup'});
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var response;
   try {
@@ -25,7 +25,7 @@ var getAccessToken = function (query) {
       "https://secure.meetup.com/oauth2/access", {headers: {Accept: 'application/json'}, params: {
         code: query.code,
         client_id: config.clientId,
-        client_secret: config.secret,
+        client_secret: OAuth.openSecret(config.secret),
         grant_type: 'authorization_code',
         redirect_uri: Meteor.absoluteUrl("_oauth/meetup?close"),
         state: query.state
@@ -56,5 +56,5 @@ var getIdentity = function (accessToken) {
 
 
 Meetup.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/meteor-developer/meteor_developer_client.js b/packages/meteor-developer/meteor_developer_client.js
index 8f3ad1a9dd..239afec978 100644
--- a/packages/meteor-developer/meteor_developer_client.js
+++ b/packages/meteor-developer/meteor_developer_client.js
@@ -10,13 +10,11 @@ var requestCredential = function (credentialRequestCompleteCallback) {
   });
   if (!config) {
     credentialRequestCompleteCallback &&
-      credentialRequestCompleteCallback(
-        new ServiceConfiguration.ConfigError("Service not configured")
-      );
+      credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.id();
+  var credentialToken = Random.secret();
 
   var loginUrl =
         METEOR_DEVELOPER_URL + "/oauth2/authorize?" +
@@ -25,7 +23,7 @@ var requestCredential = function (credentialRequestCompleteCallback) {
         "client_id=" + config.clientId +
         "&redirect_uri=" + Meteor.absoluteUrl("_oauth/meteor-developer?close");
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken),
     {
diff --git a/packages/meteor-developer/meteor_developer_server.js b/packages/meteor-developer/meteor_developer_server.js
index 0a04d8a050..47c17363c4 100644
--- a/packages/meteor-developer/meteor_developer_server.js
+++ b/packages/meteor-developer/meteor_developer_server.js
@@ -1,12 +1,12 @@
 MeteorDeveloperAccounts = {};
 
-Oauth.registerService("meteor-developer", 2, null, function (query) {
+OAuth.registerService("meteor-developer", 2, null, function (query) {
   var response = getTokens(query);
   var accessToken = response.accessToken;
   var identity = getIdentity(accessToken);
 
   var serviceData = {
-    accessToken: accessToken,
+    accessToken: OAuth.sealSecret(accessToken),
     expiresAt: (+new Date) + (1000 * response.expiresIn)
   };
 
@@ -16,7 +16,7 @@ Oauth.registerService("meteor-developer", 2, null, function (query) {
   // that we don't lose old ones (since we only get this on the first
   // log in attempt)
   if (response.refreshToken)
-    serviceData.refreshToken = response.refreshToken;
+    serviceData.refreshToken = OAuth.sealSecret(response.refreshToken);
 
   return {
     serviceData: serviceData,
@@ -35,7 +35,7 @@ var getTokens = function (query) {
     service: 'meteor-developer'
   });
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var response;
   try {
@@ -45,7 +45,7 @@ var getTokens = function (query) {
           grant_type: "authorization_code",
           code: query.code,
           client_id: config.clientId,
-          client_secret: config.secret,
+          client_secret: OAuth.openSecret(config.secret),
           redirect_uri: Meteor.absoluteUrl("_oauth/meteor-developer?close")
         }
       }
@@ -94,5 +94,5 @@ var getIdentity = function (accessToken) {
 };
 
 MeteorDeveloperAccounts.retrieveCredential = function (credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/meteor/url_server.js b/packages/meteor/url_server.js
index 81b55e776f..9eee42f0c3 100644
--- a/packages/meteor/url_server.js
+++ b/packages/meteor/url_server.js
@@ -1,6 +1,15 @@
 if (process.env.ROOT_URL &&
     typeof __meteor_runtime_config__ === "object") {
   __meteor_runtime_config__.ROOT_URL = process.env.ROOT_URL;
-  var pathPrefix = Npm.require('url').parse(__meteor_runtime_config__.ROOT_URL).pathname;
-  __meteor_runtime_config__.ROOT_URL_PATH_PREFIX = pathPrefix === "/" ? "" : pathPrefix;
+  if (__meteor_runtime_config__.ROOT_URL) {
+    var parsedUrl = Npm.require('url').parse(__meteor_runtime_config__.ROOT_URL);
+    // Sometimes users try to pass, eg, ROOT_URL=mydomain.com.
+    if (!parsedUrl.host) {
+      throw Error("$ROOT_URL, if specified, must be an URL");
+    }
+    var pathPrefix = parsedUrl.pathname;
+    __meteor_runtime_config__.ROOT_URL_PATH_PREFIX = pathPrefix === "/" ? "" : pathPrefix;
+  } else {
+    __meteor_runtime_config__.ROOT_URL_PATH_PREFIX = "";
+  }
 }
diff --git a/packages/minifiers/.npm/package/npm-shrinkwrap.json b/packages/minifiers/.npm/package/npm-shrinkwrap.json
index 0b7c29a8b4..4b424c691b 100644
--- a/packages/minifiers/.npm/package/npm-shrinkwrap.json
+++ b/packages/minifiers/.npm/package/npm-shrinkwrap.json
@@ -1,5 +1,21 @@
 {
   "dependencies": {
+    "css-parse": {
+      "version": "https://github.com/reworkcss/css-parse/tarball/aa7e23285375ca621dd20250bac0266c6d8683a5"
+    },
+    "css-stringify": {
+      "version": "https://github.com/reworkcss/css-stringify/tarball/a7fe6de82e055d41d1c5923ec2ccef06f2a45efa",
+      "dependencies": {
+        "source-map": {
+          "version": "0.1.33",
+          "dependencies": {
+            "amdefine": {
+              "version": "0.1.0"
+            }
+          }
+        }
+      }
+    },
     "uglify-js": {
       "version": "2.4.7",
       "dependencies": {
@@ -26,22 +42,6 @@
           "version": "1.0.1"
         }
       }
-    },
-    "css-parse": {
-      "version": "1.7.0"
-    },
-    "css-stringify": {
-      "version": "1.4.1",
-      "dependencies": {
-        "source-map": {
-          "version": "0.1.31",
-          "dependencies": {
-            "amdefine": {
-              "version": "0.1.0"
-            }
-          }
-        }
-      }
     }
   }
 }
diff --git a/packages/minifiers/beautify_tests.js b/packages/minifiers/beautify-tests.js
similarity index 100%
rename from packages/minifiers/beautify_tests.js
rename to packages/minifiers/beautify-tests.js
diff --git a/packages/minifiers/minification.js b/packages/minifiers/minification.js
index 567b8af8c9..1637b51670 100644
--- a/packages/minifiers/minification.js
+++ b/packages/minifiers/minification.js
@@ -95,6 +95,13 @@ traverse.page = function(node) {
     + emit('}');
 };
 
+traverse['font-face'] = function(node){
+  return emit('@font-face', node.position, true)
+    + emit('{')
+    + mapVisit(node.declarations)
+    + emit('}');
+};
+
 traverse.rule = function(node) {
   var decls = node.declarations;
   if (!decls.length) return '';
diff --git a/packages/minifiers/minifiers-tests.js b/packages/minifiers/minifiers-tests.js
index 282517b430..4f62599fb6 100644
--- a/packages/minifiers/minifiers-tests.js
+++ b/packages/minifiers/minifiers-tests.js
@@ -1,3 +1,4 @@
+
 Tinytest.add("minifiers - simple css minification", function (test) {
   var t = function (css, expected, desc) {
     test.equal(CssTools.minifyCss(css), expected, desc);
@@ -18,4 +19,3 @@ Tinytest.add("minifiers - simple css minification", function (test) {
   'a{font:12px Helvetica,Arial,Nautica;background:url("/some/nice/picture.png")}',  'removing quotes in font and url (if possible)');
   t('/* no comments */ a { color: red; }', 'a{color:red}', 'remove comments');
 });
-
diff --git a/packages/minifiers/minifiers.js b/packages/minifiers/minifiers.js
index 133cf3610c..3d4496c803 100644
--- a/packages/minifiers/minifiers.js
+++ b/packages/minifiers/minifiers.js
@@ -2,6 +2,8 @@ UglifyJSMinify = Npm.require('uglify-js').minify;
 
 var cssParse = Npm.require('css-parse');
 var cssStringify = Npm.require('css-stringify');
+var path = Npm.require('path');
+var url = Npm.require('url');
 
 CssTools = {
   parseCss: cssParse,
@@ -52,6 +54,8 @@ CssTools = {
           break;
         }
 
+      CssTools.rewriteCssUrls(ast);
+
       var imports = ast.stylesheet.rules.splice(0, importCount);
       newAst.stylesheet.rules = newAst.stylesheet.rules.concat(imports);
 
@@ -71,6 +75,50 @@ CssTools = {
     });
 
     return newAst;
+  },
+
+  // We are looking for all relative urls defined with the `url()` functional
+  // notation and rewriting them to the equivalent absolute url using the
+  // `position.source` path provided by css-parse
+  // For performance reasons this function acts by side effect by modifying the
+  // given AST without doing a deep copy.
+  rewriteCssUrls: function (ast) {
+
+    var isRelative = function(path) {
+      return path.charAt(0) !== '/';
+    };
+
+    _.each(ast.stylesheet.rules, function(rule, ruleIndex) {
+      var basePath = path.dirname(rule.position.source);
+
+      _.each(rule.declarations, function(declaration, declarationIndex) {
+        var parts, resource, absolutePath, quotes, oldCssUrl, newCssUrl;
+        var value = declaration.value;
+
+        // Match css values containing some functional calls to `url(URI)` where
+        // URI is optionally quoted.
+        // Note that a css value can contains other elements, for instance:
+        //   background: top center url("background.png") black;
+        // or even multiple url(), for instance for multiple backgrounds.
+        var cssUrlRegex = /url\s*\(\s*(['"]?)(.+?)\1\s*\)/gi;
+        while (parts = cssUrlRegex.exec(value)) {
+          oldCssUrl = parts[0];
+          quotes = parts[1];
+          resource = url.parse(parts[2]);
+
+          // Rewrite relative paths to absolute paths.
+          // We don't rewrite urls starting with a protocol definition such as
+          // http, https, or data.
+          if (isRelative(resource.path) && resource.protocol === null) {
+            absolutePath = path.join(basePath, resource.path);
+            newCssUrl = "url(" + quotes + absolutePath + quotes + ")";
+            value = value.replace(oldCssUrl, newCssUrl);
+          }
+        }
+
+        declaration.value = value;
+      });
+    });
   }
 };
 
diff --git a/packages/minifiers/package.js b/packages/minifiers/package.js
index 14d2ddf802..0815ea3fa4 100644
--- a/packages/minifiers/package.js
+++ b/packages/minifiers/package.js
@@ -5,8 +5,8 @@ Package.describe({
 
 Npm.depends({
   "uglify-js": "2.4.7",
-  "css-parse": "1.7.0",
-  "css-stringify": "1.4.1"
+  "css-parse": "https://github.com/reworkcss/css-parse/tarball/aa7e23285375ca621dd20250bac0266c6d8683a5",
+  "css-stringify": "https://github.com/reworkcss/css-stringify/tarball/a7fe6de82e055d41d1c5923ec2ccef06f2a45efa"
 });
 
 Package.on_use(function (api) {
@@ -19,5 +19,9 @@ Package.on_test(function (api) {
   api.use('minifiers', 'server');
   api.use('tinytest');
 
-  api.add_files('beautify_tests.js', 'server');
+  api.add_files([
+    'beautify-tests.js',
+    'minifiers-tests.js',
+    'urlrewriting-tests.js'
+  ], 'server');
 });
diff --git a/packages/minifiers/urlrewriting-tests.js b/packages/minifiers/urlrewriting-tests.js
new file mode 100644
index 0000000000..6314f619c7
--- /dev/null
+++ b/packages/minifiers/urlrewriting-tests.js
@@ -0,0 +1,32 @@
+
+Tinytest.add("minifiers - url rewriting when merging", function (test) {
+  var stylesheet = function(backgroundPath) {
+    return "body { color: green; background: top center url(" + backgroundPath + ") black, bottom center url(" + backgroundPath + "); }"
+  };
+
+  var filename = 'dir/subdir/style.css';
+  var parseOptions = { source: filename, position: true };
+
+  var t = function(relativeUrl, absoluteUrl, desc) {
+    var ast1 = CssTools.parseCss(stylesheet(relativeUrl), parseOptions);
+    var ast2 = CssTools.parseCss(stylesheet(absoluteUrl), parseOptions);
+    CssTools.rewriteCssUrls(ast1);
+
+    test.equal(CssTools.stringifyCss(ast1), CssTools.stringifyCss(ast2), desc);
+  };
+
+  t('../image.png', 'dir/image.png', 'parent directory');
+  t('./../image.png', 'dir/image.png', 'parent directory');
+  t('../subdir2/image.png', 'dir/subdir2/image.png', 'cousin directory');
+  t('../../image.png', 'image.png', 'grand parent directory');
+  t('./image.png', 'dir/subdir/image.png', 'current directory');
+  t('./child/image.png', 'dir/subdir/child/image.png', 'child directory');
+  t('child/image.png', 'dir/subdir/child/image.png', 'child directory');
+  t('/image.png', '/image.png', 'absolute url');
+  t('"/image.png"', '"/image.png"', 'double quoted url');
+  t("'/image.png'", "'/image.png'", 'single quoted url');
+  t('"./../image.png"', '"dir/image.png"', 'quoted parent directory');
+  t('http://i.imgur.com/fBcdJIh.gif', 'http://i.imgur.com/fBcdJIh.gif', 'complete URL');
+  t('"http://i.imgur.com/fBcdJIh.gif"', '"http://i.imgur.com/fBcdJIh.gif"', 'complete quoted URL');
+  t('data:image/png;base64,iVBORw0K=', 'data:image/png;base64,iVBORw0K=', 'data URI');
+});
diff --git a/packages/mongo-livedata/.npm/package/npm-shrinkwrap.json b/packages/mongo-livedata/.npm/package/npm-shrinkwrap.json
index 6b4a386b67..ea17322d4e 100644
--- a/packages/mongo-livedata/.npm/package/npm-shrinkwrap.json
+++ b/packages/mongo-livedata/.npm/package/npm-shrinkwrap.json
@@ -1,10 +1,15 @@
 {
   "dependencies": {
     "mongodb": {
-      "version": "https://github.com/meteor/node-mongodb-native/tarball/779bbac916a751f305d84c727a6cc7dfddab7924",
+      "version": "1.4.1",
       "dependencies": {
         "bson": {
-          "version": "0.2.2"
+          "version": "0.2.7",
+          "dependencies": {
+            "nan": {
+              "version": "0.8.0"
+            }
+          }
         },
         "kerberos": {
           "version": "0.0.3"
diff --git a/packages/mongo-livedata/allow_tests.js b/packages/mongo-livedata/allow_tests.js
index ea2fb5b58d..e3f6c9e35e 100644
--- a/packages/mongo-livedata/allow_tests.js
+++ b/packages/mongo-livedata/allow_tests.js
@@ -132,7 +132,8 @@ if (Meteor.isServer) {
         }
       }, {
         insert: function(userId, doc) {
-          return doc.cantInsert2;
+          // Don't allow explicit ID to be set by the client.
+          return _.has(doc, '_id');
         },
         update: function(userId, doc, fields, modifier) {
           return -1 !== _.indexOf(fields, 'verySecret');
@@ -560,7 +561,7 @@ if (Meteor.isClient) {
           // insert with one allow and other deny. denied.
           function (test, expect) {
             collection.insert(
-              {canInsert: true, cantInsert2: true},
+              {canInsert: true, _id: Random.id()},
               expect(function (err, res) {
                 test.equal(err.error, 403);
                 test.equal(collection.find().count(), 0);
diff --git a/packages/mongo-livedata/collection.js b/packages/mongo-livedata/collection.js
index e05ca18a00..f7a0626ce3 100644
--- a/packages/mongo-livedata/collection.js
+++ b/packages/mongo-livedata/collection.js
@@ -40,13 +40,15 @@ Meteor.Collection = function (name, options) {
   switch (options.idGeneration) {
   case 'MONGO':
     self._makeNewID = function () {
-      return new Meteor.Collection.ObjectID();
+      var src = name ? DDP.randomStream('/collection/' + name) : Random;
+      return new Meteor.Collection.ObjectID(src.hexString(24));
     };
     break;
   case 'STRING':
   default:
     self._makeNewID = function () {
-      return Random.id();
+      var src = name ? DDP.randomStream('/collection/' + name) : Random;
+      return src.id();
     };
     break;
   }
@@ -207,6 +209,13 @@ _.extend(Meteor.Collection.prototype, {
     if (args.length < 2) {
       return { transform: self._transform };
     } else {
+      check(args[1], Match.Optional(Match.ObjectIncluding({
+        fields: Match.Optional(Object),
+        sort: Match.Optional(Match.OneOf(Object, Array)),
+        limit: Match.Optional(Number),
+        skip: Match.Optional(Number)
+      })));
+
       return _.extend({
         transform: self._transform
       }, args[1]);
@@ -367,7 +376,19 @@ _.each(["insert", "update", "remove"], function (name) {
               || insertId instanceof Meteor.Collection.ObjectID))
           throw new Error("Meteor requires document _id fields to be non-empty strings or ObjectIDs");
       } else {
-        insertId = args[0]._id = self._makeNewID();
+        var generateId = true;
+        // Don't generate the id if we're the client and the 'outermost' call
+        // This optimization saves us passing both the randomSeed and the id
+        // Passing both is redundant.
+        if (self._connection && self._connection !== Meteor.server) {
+          var enclosing = DDP._CurrentInvocation.get();
+          if (!enclosing) {
+            generateId = false;
+          }
+        }
+        if (generateId) {
+          insertId = args[0]._id = self._makeNewID();
+        }
       }
     } else {
       args[0] = Meteor.Collection._rewriteSelector(args[0]);
@@ -394,10 +415,14 @@ _.each(["insert", "update", "remove"], function (name) {
     // On inserts, always return the id that we generated; on all other
     // operations, just return the result from the collection.
     var chooseReturnValueFromCollectionResult = function (result) {
-      if (name === "insert")
+      if (name === "insert") {
+        if (!insertId && result) {
+          insertId = result;
+        }
         return insertId;
-      else
+      } else {
         return result;
+      }
     };
 
     var wrappedCallback;
@@ -437,7 +462,7 @@ _.each(["insert", "update", "remove"], function (name) {
       }
 
       ret = chooseReturnValueFromCollectionResult(
-        self._connection.apply(self._prefix + name, args, wrappedCallback)
+        self._connection.apply(self._prefix + name, args, {returnStubValue: true}, wrappedCallback)
       );
 
     } else {
@@ -630,13 +655,31 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
       m[self._prefix + method] = function (/* ... */) {
         // All the methods do their own validation, instead of using check().
         check(arguments, [Match.Any]);
+        var args = _.toArray(arguments);
         try {
-          if (this.isSimulation) {
+          // For an insert, if the client didn't specify an _id, generate one
+          // now; because this uses DDP.randomStream, it will be consistent with
+          // what the client generated. We generate it now rather than later so
+          // that if (eg) an allow/deny rule does an insert to the same
+          // collection (not that it really should), the generated _id will
+          // still be the first use of the stream and will be consistent.
+          //
+          // However, we don't actually stick the _id onto the document yet,
+          // because we want allow/deny rules to be able to differentiate
+          // between arbitrary client-specified _id fields and merely
+          // client-controlled-via-randomSeed fields.
+          var generatedId = null;
+          if (method === "insert" && !_.has(args[0], '_id')) {
+            generatedId = self._makeNewID();
+          }
 
+          if (this.isSimulation) {
             // In a client simulation, you can do any mutation (even with a
             // complex selector).
+            if (generatedId !== null)
+              args[0]._id = generatedId;
             return self._collection[method].apply(
-              self._collection, _.toArray(arguments));
+              self._collection, args);
           }
 
           // This is the server receiving a method call from the client.
@@ -644,7 +687,7 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
           // We don't allow arbitrary selectors in mutations from the client: only
           // single-ID selectors.
           if (method !== 'insert')
-            throwIfSelectorIsNotId(arguments[0], method);
+            throwIfSelectorIsNotId(args[0], method);
 
           if (self._restricted) {
             // short circuit if there is no way it will pass.
@@ -656,12 +699,14 @@ Meteor.Collection.prototype._defineMutationMethods = function() {
 
             var validatedMethodName =
                   '_validated' + method.charAt(0).toUpperCase() + method.slice(1);
-            var argsWithUserId = [this.userId].concat(_.toArray(arguments));
-            return self[validatedMethodName].apply(self, argsWithUserId);
+            args.unshift(this.userId);
+            generatedId !== null && args.push(generatedId);
+            return self[validatedMethodName].apply(self, args);
           } else if (self._isInsecure()) {
+            if (generatedId !== null)
+              args[0]._id = generatedId;
             // In insecure mode, allow any mutation (with a simple selector).
-            return self._collection[method].apply(self._collection,
-                                                  _.toArray(arguments));
+            return self._collection[method].apply(self._collection, args);
           } else {
             // In secure mode, if we haven't called allow or deny, then nothing
             // is permitted.
@@ -706,30 +751,46 @@ Meteor.Collection.prototype._isInsecure = function () {
   return self._insecure;
 };
 
-var docToValidate = function (validator, doc) {
+var docToValidate = function (validator, doc, generatedId) {
   var ret = doc;
-  if (validator.transform)
-    ret = validator.transform(EJSON.clone(doc));
+  if (validator.transform) {
+    ret = EJSON.clone(doc);
+    // If you set a server-side transform on your collection, then you don't get
+    // to tell the difference between "client specified the ID" and "server
+    // generated the ID", because transforms expect to get _id.  If you want to
+    // do that check, you can do it with a specific
+    // `C.allow({insert: f, transform: null})` validator.
+    if (generatedId !== null) {
+      ret._id = generatedId;
+    }
+    ret = validator.transform(ret);
+  }
   return ret;
 };
 
-Meteor.Collection.prototype._validatedInsert = function(userId, doc) {
+Meteor.Collection.prototype._validatedInsert = function (userId, doc,
+                                                         generatedId) {
   var self = this;
 
   // call user validators.
   // Any deny returns true means denied.
   if (_.any(self._validators.insert.deny, function(validator) {
-    return validator(userId, docToValidate(validator, doc));
+    return validator(userId, docToValidate(validator, doc, generatedId));
   })) {
     throw new Meteor.Error(403, "Access denied");
   }
   // Any allow returns true means proceed. Throw error if they all fail.
   if (_.all(self._validators.insert.allow, function(validator) {
-    return !validator(userId, docToValidate(validator, doc));
+    return !validator(userId, docToValidate(validator, doc, generatedId));
   })) {
     throw new Meteor.Error(403, "Access denied");
   }
 
+  // If we generated an ID above, insert it now: after the validation, but
+  // before actually inserting.
+  if (generatedId !== null)
+    doc._id = generatedId;
+
   self._collection.insert.call(self._collection, doc);
 };
 
diff --git a/packages/mongo-livedata/mongo_driver.js b/packages/mongo-livedata/mongo_driver.js
index e43e00d68c..a7e9535888 100644
--- a/packages/mongo-livedata/mongo_driver.js
+++ b/packages/mongo-livedata/mongo_driver.js
@@ -113,6 +113,7 @@ MongoConnection = function (url, options) {
   options = options || {};
   self._connectCallbacks = [];
   self._observeMultiplexers = {};
+  self._onFailoverHook = new Hook;
 
   var mongoOptions = {db: {safe: true}, server: {}, replSet: {}};
 
@@ -144,18 +145,42 @@ MongoConnection = function (url, options) {
     mongoOptions.replSet.poolSize = options.poolSize;
   }
 
-  MongoDB.connect(url, mongoOptions, function(err, db) {
+  MongoDB.connect(url, mongoOptions, Meteor.bindEnvironment(function(err, db) {
     if (err)
       throw err;
     self.db = db;
+    // We keep track of the ReplSet's primary, so that we can trigger hooks when
+    // it changes.  The Node driver's joined callback seems to fire way too
+    // often, which is why we need to track it ourselves.
+    self._primary = null;
+    // First, figure out what the current primary is, if any.
+    if (self.db.serverConfig._state.master)
+      self._primary = self.db.serverConfig._state.master.name;
+    self.db.serverConfig.on(
+      'joined', Meteor.bindEnvironment(function (kind, doc) {
+        if (kind === 'primary') {
+          if (doc.primary !== self._primary) {
+            self._primary = doc.primary;
+            self._onFailoverHook.each(function (callback) {
+              callback();
+              return true;
+            });
+          }
+        } else if (doc.me === self._primary) {
+          // The thing we thought was primary is now something other than
+          // primary.  Forget that we thought it was primary.  (This means that
+          // if a server stops being primary and then starts being primary again
+          // without another server becoming primary in the middle, we'll
+          // correctly count it as a failover.)
+          self._primary = null;
+        }
+    }));
 
-    Fiber(function () {
-      // drain queue of pending callbacks
-      _.each(self._connectCallbacks, function (c) {
-        c(db);
-      });
-    }).run();
-  });
+    // drain queue of pending callbacks
+    _.each(self._connectCallbacks, function (c) {
+      c(db);
+    });
+  }));
 
   self._docFetcher = new DocFetcher(self);
   self._oplogHandle = null;
@@ -229,6 +254,12 @@ MongoConnection.prototype._maybeBeginWrite = function () {
     return {committed: function () {}};
 };
 
+// Internal interface: adds a callback which is called when the Mongo primary
+// changes. Returns a stop handle.
+MongoConnection.prototype._onFailover = function (callback) {
+  return this._onFailoverHook.register(callback);
+};
+
 
 //////////// Public API //////////
 
diff --git a/packages/mongo-livedata/mongo_livedata_tests.js b/packages/mongo-livedata/mongo_livedata_tests.js
index 20f2126886..ff86e576a9 100644
--- a/packages/mongo-livedata/mongo_livedata_tests.js
+++ b/packages/mongo-livedata/mongo_livedata_tests.js
@@ -2,6 +2,10 @@
 // the selector (or inserted document) contains fail: true.
 
 var TRANSFORMS = {};
+
+// We keep track of the collections, so we can refer to them by name
+var COLLECTIONS = {};
+
 if (Meteor.isServer) {
   Meteor.methods({
     createInsecureCollection: function (name, options) {
@@ -15,6 +19,7 @@ if (Meteor.isServer) {
         options.transform = TRANSFORMS[options.transformName];
       }
       var c = new Meteor.Collection(name, options);
+      COLLECTIONS[name] = c;
       c._insecure = true;
       Meteor.publish('c-' + name, function () {
         return c.find();
@@ -23,6 +28,32 @@ if (Meteor.isServer) {
   });
 }
 
+// We store the generated id, keyed by collection, for each insert
+// This is so we can test the stub and the server generate the same id
+var INSERTED_IDS = {};
+
+Meteor.methods({
+  insertObjects: function (collectionName, doc, count) {
+    var c = COLLECTIONS[collectionName];
+    var ids = [];
+    for (var i = 0; i < count; i++) {
+      var id = c.insert(doc);
+      INSERTED_IDS[collectionName] = (INSERTED_IDS[collectionName] || []).concat([id]);
+      ids.push(id);
+    }
+    return ids;
+  },
+  upsertObject: function (collectionName, selector, modifier) {
+    var c = COLLECTIONS[collectionName];
+    return c.upsert(selector, modifier);
+  },
+  doMeteorCall: function (name /*, arguments */) {
+    var args = Array.prototype.slice.call(arguments);
+
+    return Meteor.call.apply(null, args);
+  }
+});
+
 var runInFence = function (f) {
   if (Meteor.isClient) {
     f();
@@ -1216,13 +1247,13 @@ if (Meteor.isServer) {
 
 testAsyncMulti('mongo-livedata - empty documents, ' + idGeneration, [
   function (test, expect) {
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
-
-    var coll = new Meteor.Collection(collectionName, collectionOptions);
+  }, function (test, expect) {
+    var coll = new Meteor.Collection(this.collectionName, collectionOptions);
 
     coll.insert({}, expect(function (err, id) {
       test.isFalse(err);
@@ -1236,28 +1267,29 @@ testAsyncMulti('mongo-livedata - empty documents, ' + idGeneration, [
 // See https://github.com/meteor/meteor/issues/594.
 testAsyncMulti('mongo-livedata - document with length, ' + idGeneration, [
   function (test, expect) {
-    var self = this;
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
+  }, function (test, expect) {
+    var self = this;
+    var coll = self.coll = new Meteor.Collection(self.collectionName, collectionOptions);
 
-    self.coll = new Meteor.Collection(collectionName, collectionOptions);
-
-    self.coll.insert({foo: 'x', length: 0}, expect(function (err, id) {
+    coll.insert({foo: 'x', length: 0}, expect(function (err, id) {
       test.isFalse(err);
       test.isTrue(id);
       self.docId = id;
-      test.equal(self.coll.findOne(self.docId),
+      test.equal(coll.findOne(self.docId),
                  {_id: self.docId, foo: 'x', length: 0});
     }));
   },
   function (test, expect) {
     var self = this;
-    self.coll.update(self.docId, {$set: {length: 5}}, expect(function (err) {
+    var coll = self.coll;
+    coll.update(self.docId, {$set: {length: 5}}, expect(function (err) {
       test.isFalse(err);
-      test.equal(self.coll.findOne(self.docId),
+      test.equal(coll.findOne(self.docId),
                  {_id: self.docId, foo: 'x', length: 5});
     }));
   }
@@ -1265,13 +1297,14 @@ testAsyncMulti('mongo-livedata - document with length, ' + idGeneration, [
 
 testAsyncMulti('mongo-livedata - document with a date, ' + idGeneration, [
   function (test, expect) {
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName, collectionOptions);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
+  }, function (test, expect) {
 
-    var coll = new Meteor.Collection(collectionName, collectionOptions);
+    var coll = new Meteor.Collection(this.collectionName, collectionOptions);
     var docId;
     coll.insert({d: new Date(1356152390004)}, expect(function (err, id) {
       test.isFalse(err);
@@ -1292,23 +1325,24 @@ testAsyncMulti('mongo-livedata - document goes through a transform, ' + idGenera
       return doc;
     };
     TRANSFORMS["seconds"] = seconds;
-    var collectionOptions = {
+    self.collectionOptions = {
       idGeneration: idGeneration,
       transform: seconds,
       transformName: "seconds"
     };
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName, collectionOptions);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
-
-    self.coll = new Meteor.Collection(collectionName, collectionOptions);
+  }, function (test, expect) {
+    var self = this;
+    self.coll = new Meteor.Collection(self.collectionName, self.collectionOptions);
     var obs;
     var expectAdd = expect(function (doc) {
       test.equal(doc.seconds(), 50);
     });
-    var expectRemove = expect (function (doc) {
+    var expectRemove = expect(function (doc) {
       test.equal(doc.seconds(), 50);
       obs.stop();
     });
@@ -1357,12 +1391,14 @@ testAsyncMulti('mongo-livedata - transform sets _id if not present, ' + idGenera
       transform: justId,
       transformName: "justId"
     };
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName, collectionOptions);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
-    self.coll = new Meteor.Collection(collectionName, collectionOptions);
+  }, function (test, expect) {
+    var self = this;
+    self.coll = new Meteor.Collection(this.collectionName, collectionOptions);
     self.coll.insert({}, expect(function (err, id) {
       test.isFalse(err);
       test.isTrue(id);
@@ -1371,24 +1407,25 @@ testAsyncMulti('mongo-livedata - transform sets _id if not present, ' + idGenera
   }
 ]);
 
+var bin = EJSONTest.base64Decode(
+  "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyBy" +
+    "ZWFzb24sIGJ1dCBieSB0aGlzIHNpbmd1bGFyIHBhc3Npb24gZnJv" +
+    "bSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2YgdGhl" +
+    "IG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdo" +
+    "dCBpbiB0aGUgY29udGludWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdl" +
+    "bmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRoZSBzaG9y" +
+    "dCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=");
+
 testAsyncMulti('mongo-livedata - document with binary data, ' + idGeneration, [
   function (test, expect) {
     // XXX probably shouldn't use EJSON's private test symbols
-    var bin = EJSONTest.base64Decode(
-      "TWFuIGlzIGRpc3Rpbmd1aXNoZWQsIG5vdCBvbmx5IGJ5IGhpcyBy" +
-        "ZWFzb24sIGJ1dCBieSB0aGlzIHNpbmd1bGFyIHBhc3Npb24gZnJv" +
-        "bSBvdGhlciBhbmltYWxzLCB3aGljaCBpcyBhIGx1c3Qgb2YgdGhl" +
-        "IG1pbmQsIHRoYXQgYnkgYSBwZXJzZXZlcmFuY2Ugb2YgZGVsaWdo" +
-        "dCBpbiB0aGUgY29udGludWVkIGFuZCBpbmRlZmF0aWdhYmxlIGdl" +
-        "bmVyYXRpb24gb2Yga25vd2xlZGdlLCBleGNlZWRzIHRoZSBzaG9y" +
-        "dCB2ZWhlbWVuY2Ugb2YgYW55IGNhcm5hbCBwbGVhc3VyZS4=");
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName, collectionOptions);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
-
-    var coll = new Meteor.Collection(collectionName, collectionOptions);
+  }, function (test, expect) {
+    var coll = new Meteor.Collection(this.collectionName, collectionOptions);
     var docId;
     coll.insert({b: bin}, expect(function (err, id) {
       test.isFalse(err);
@@ -1405,13 +1442,13 @@ testAsyncMulti('mongo-livedata - document with binary data, ' + idGeneration, [
 
 testAsyncMulti('mongo-livedata - document with a custom type, ' + idGeneration, [
   function (test, expect) {
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName, collectionOptions);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName, collectionOptions);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
-
-    var coll = new Meteor.Collection(collectionName, collectionOptions);
+  }, function (test, expect) {
+    var coll = new Meteor.Collection(this.collectionName, collectionOptions);
     var docId;
     // Dog is implemented at the top of the file, outside of the idGeneration
     // loop (so that we only call EJSON.addType once).
@@ -1727,6 +1764,8 @@ var asyncUpsertTestName = function (useNetwork, useDirectCollection,
 // collections, and run the tests for both the Meteor.Collection and the
 // LocalCollection. On the server, we test mongo-backed collections, for both
 // the Meteor.Collection and the MongoConnection.
+//
+// XXX Rewrite with testAsyncMulti, that would simplify things a lot!
 _.each(Meteor.isServer ? [false] : [true, false], function (useNetwork) {
   _.each(useNetwork ? [false] : [true, false], function (useDirectCollection) {
     _.each([true, false], function (useUpdate) {
@@ -1737,10 +1776,16 @@ _.each(Meteor.isServer ? [false] : [true, false], function (useNetwork) {
               (useUpdate ? "_update_" : "") +
               (useNetwork ? "_network_" : "") +
               (useDirectCollection ? "_direct_" : "");
+
+        var next0 = function () {
+          // Test starts here.
+          upsert(coll, useUpdate, {_id: 'foo'}, {_id: 'foo', foo: 'bar'}, next1);
+        };
+
         if (useNetwork) {
           Meteor.call("createInsecureCollection", collName, collectionOptions);
           coll = new Meteor.Collection(collName, collectionOptions);
-          Meteor.subscribe("c-" + collName);
+          Meteor.subscribe("c-" + collName, next0);
         } else {
           var opts = _.clone(collectionOptions);
           if (Meteor.isClient)
@@ -1762,8 +1807,9 @@ _.each(Meteor.isServer ? [false] : [true, false], function (useNetwork) {
           upsert(coll, useUpdate, {_id: 'foo'}, {foo: 'baz'}, next2);
         };
 
-        // Test starts here.
-        upsert(coll, useUpdate, {_id: 'foo'}, {_id: 'foo', foo: 'bar'}, next1);
+        if (! useNetwork) {
+          next0();
+        }
 
         var t1, t2, result2;
         var next2 = function (err, result) {
@@ -1904,24 +1950,24 @@ if (Meteor.isClient) {
     var collName = "livedata_upsert_collection_"+run;
     Meteor.call("createInsecureCollection", collName, collectionOptions);
     coll = new Meteor.Collection(collName, collectionOptions);
-    Meteor.subscribe("c-" + collName);
-
-    coll.insert({ _id: "foo" });
-    coll.insert({ _id: "bar" });
-    coll.update({ _id: "foo" }, { $set: { foo: 1 } }, { multi: true }, function (err, result) {
-      test.isFalse(err);
-      test.equal(result, 1);
-      coll.update({ _id: "foo" }, { _id: "foo", foo: 2 }, function (err, result) {
+    Meteor.subscribe("c-" + collName, function () {
+      coll.insert({ _id: "foo" });
+      coll.insert({ _id: "bar" });
+      coll.update({ _id: "foo" }, { $set: { foo: 1 } }, { multi: true }, function (err, result) {
         test.isFalse(err);
         test.equal(result, 1);
-        coll.update({ _id: "baz" }, { $set: { foo: 1 } }, function (err, result) {
+        coll.update({ _id: "foo" }, { _id: "foo", foo: 2 }, function (err, result) {
           test.isFalse(err);
-          test.equal(result, 0);
-          coll.remove({ _id: "foo" }, function (err, result) {
-            test.equal(result, 1);
-            coll.remove({ _id: "baz" }, function (err, result) {
-              test.equal(result, 0);
-              onComplete();
+          test.equal(result, 1);
+          coll.update({ _id: "baz" }, { $set: { foo: 1 } }, function (err, result) {
+            test.isFalse(err);
+            test.equal(result, 0);
+            coll.remove({ _id: "foo" }, function (err, result) {
+              test.equal(result, 1);
+              coll.remove({ _id: "baz" }, function (err, result) {
+                test.equal(result, 0);
+                onComplete();
+              });
             });
           });
         });
@@ -2104,17 +2150,18 @@ Tinytest.add('mongo-livedata - rewrite selector', function (test) {
 
 testAsyncMulti('mongo-livedata - specified _id', [
   function (test, expect) {
-    var collectionName = Random.id();
+    this.collectionName = Random.id();
     if (Meteor.isClient) {
-      Meteor.call('createInsecureCollection', collectionName);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.call('createInsecureCollection', this.collectionName);
+      Meteor.subscribe('c-' + this.collectionName, expect());
     }
+  }, function (test, expect) {
     var expectError = expect(function (err, result) {
       test.isTrue(err);
       var doc = coll.findOne();
       test.equal(doc.name, "foo");
     });
-    var coll = new Meteor.Collection(collectionName);
+    var coll = new Meteor.Collection(this.collectionName);
     coll.insert({_id: "foo", name: "foo"}, expect(function (err1, id) {
       test.equal(id, "foo");
       var doc = coll.findOne();
@@ -2125,13 +2172,197 @@ testAsyncMulti('mongo-livedata - specified _id', [
   }
 ]);
 
+
+// Consistent id generation tests
+function collectionInsert (test, expect, coll, index) {
+  var clientSideId = coll.insert({name: "foo"}, expect(function (err1, id) {
+    test.equal(id, clientSideId);
+    var o = coll.findOne(id);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function collectionUpsert (test, expect, coll, index) {
+  var upsertId = '123456' + index;
+
+  coll.upsert(upsertId, {$set: {name: "foo"}}, expect(function (err1, result) {
+    test.equal(result.insertedId, upsertId);
+    test.equal(result.numberAffected, 1);
+
+    var o = coll.findOne(upsertId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function collectionUpsertExisting (test, expect, coll, index) {
+  var clientSideId = coll.insert({name: "foo"}, expect(function (err1, id) {
+    test.equal(id, clientSideId);
+
+    var o = coll.findOne(id);
+    test.isTrue(_.isObject(o));
+    // We're not testing sequencing/visibility rules here, so skip this check
+    // test.equal(o.name, 'foo');
+  }));
+
+  coll.upsert(clientSideId, {$set: {name: "bar"}}, expect(function (err1, result) {
+    test.equal(result.insertedId, clientSideId);
+    test.equal(result.numberAffected, 1);
+
+    var o = coll.findOne(clientSideId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'bar');
+  }));
+};
+
+function functionCallsInsert (test, expect, coll, index) {
+  Meteor.call("insertObjects", coll._name, {name: "foo"}, 1, expect(function (err1, ids) {
+    test.notEqual((INSERTED_IDS[coll._name] || []).length, 0);
+    var stubId = INSERTED_IDS[coll._name][index];
+
+    test.equal(ids.length, 1);
+    test.equal(ids[0], stubId);
+
+    var o = coll.findOne(stubId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function functionCallsUpsert (test, expect, coll, index) {
+  var upsertId = '123456' + index;
+  Meteor.call("upsertObject", coll._name, upsertId, {$set:{name: "foo"}}, expect(function (err1, result) {
+    test.equal(result.insertedId, upsertId);
+    test.equal(result.numberAffected, 1);
+
+    var o = coll.findOne(upsertId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function functionCallsUpsertExisting (test, expect, coll, index) {
+  var id = coll.insert({name: "foo"});
+
+  var o = coll.findOne(id);
+  test.notEqual(null, o);
+  test.equal(o.name, 'foo');
+
+  Meteor.call("upsertObject", coll._name, id, {$set:{name: "bar"}}, expect(function (err1, result) {
+    test.equal(result.numberAffected, 1);
+    test.equal(result.insertedId, undefined);
+
+    var o = coll.findOne(id);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'bar');
+  }));
+};
+
+function functionCalls3Inserts (test, expect, coll, index) {
+  Meteor.call("insertObjects", coll._name, {name: "foo"}, 3, expect(function (err1, ids) {
+    test.notEqual((INSERTED_IDS[coll._name] || []).length, 0);
+    test.equal(ids.length, 3);
+
+    for (var i = 0; i < 3; i++) {
+      var stubId = INSERTED_IDS[coll._name][(3 * index) + i];
+      test.equal(ids[i], stubId);
+
+      var o = coll.findOne(stubId);
+      test.isTrue(_.isObject(o));
+      test.equal(o.name, 'foo');
+    }
+  }));
+};
+
+function functionChainInsert (test, expect, coll, index) {
+  Meteor.call("doMeteorCall", "insertObjects", coll._name, {name: "foo"}, 1, expect(function (err1, ids) {
+    test.notEqual((INSERTED_IDS[coll._name] || []).length, 0);
+    var stubId = INSERTED_IDS[coll._name][index];
+
+    test.equal(ids.length, 1);
+    test.equal(ids[0], stubId);
+
+    var o = coll.findOne(stubId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function functionChain2Insert (test, expect, coll, index) {
+  Meteor.call("doMeteorCall", "doMeteorCall", "insertObjects", coll._name, {name: "foo"}, 1, expect(function (err1, ids) {
+    test.notEqual((INSERTED_IDS[coll._name] || []).length, 0);
+    var stubId = INSERTED_IDS[coll._name][index];
+
+    test.equal(ids.length, 1);
+    test.equal(ids[0], stubId);
+
+    var o = coll.findOne(stubId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+function functionChain2Upsert (test, expect, coll, index) {
+  var upsertId = '123456' + index;
+  Meteor.call("doMeteorCall", "doMeteorCall", "upsertObject", coll._name, upsertId, {$set:{name: "foo"}}, expect(function (err1, result) {
+    test.equal(result.insertedId, upsertId);
+    test.equal(result.numberAffected, 1);
+
+    var o = coll.findOne(upsertId);
+    test.isTrue(_.isObject(o));
+    test.equal(o.name, 'foo');
+  }));
+};
+
+_.each( {collectionInsert: collectionInsert,
+         collectionUpsert: collectionUpsert,
+         functionCallsInsert: functionCallsInsert,
+         functionCallsUpsert: functionCallsUpsert,
+         functionCallsUpsertExisting: functionCallsUpsertExisting,
+         functionCalls3Insert: functionCalls3Inserts,
+         functionChainInsert: functionChainInsert,
+         functionChain2Insert: functionChain2Insert,
+         functionChain2Upsert: functionChain2Upsert}, function (fn, name) {
+_.each( [1, 3], function (repetitions) {
+_.each( [1, 3], function (collectionCount) {
+_.each( ['STRING', 'MONGO'], function (idGeneration) {
+
+  testAsyncMulti('mongo-livedata - consistent _id generation ' + name + ', ' + repetitions + ' repetitions on ' + collectionCount + ' collections, idGeneration=' + idGeneration, [ function (test, expect) {
+    var collectionOptions = { idGeneration: idGeneration };
+
+    this.collections = _.times(collectionCount, function () {
+      var collectionName = "consistentid_" + Random.id();
+      if (Meteor.isClient) {
+        Meteor.call('createInsecureCollection', collectionName, collectionOptions);
+        Meteor.subscribe('c-' + collectionName, expect());
+      }
+
+      return (COLLECTIONS[collectionName] = new Meteor.Collection(collectionName, collectionOptions));
+    });
+  }, function (test, expect) {
+    // now run the actual test
+    for (var i = 0; i < repetitions; i++) {
+      for (var j = 0; j < collectionCount; j++) {
+        fn(test, expect, this.collections[j], i);
+      }
+    }
+  }]);
+
+});
+});
+});
+});
+
+
+
 testAsyncMulti('mongo-livedata - empty string _id', [
   function (test, expect) {
     var self = this;
     self.collectionName = Random.id();
     if (Meteor.isClient) {
       Meteor.call('createInsecureCollection', self.collectionName);
-      Meteor.subscribe('c-' + self.collectionName);
+      Meteor.subscribe('c-' + self.collectionName, expect());
     }
     self.coll = new Meteor.Collection(self.collectionName);
     try {
@@ -2326,7 +2557,7 @@ testAsyncMulti("mongo-livedata - update handles $push with $each correctly", [
     var collectionName = Random.id();
     if (Meteor.isClient) {
       Meteor.call('createInsecureCollection', collectionName);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.subscribe('c-' + collectionName, expect());
     }
 
     self.collection = new Meteor.Collection(collectionName);
@@ -2579,7 +2810,7 @@ testAsyncMulti("mongo-livedata - oplog - update EJSON", [
     var collectionName = "ejson" + Random.id();
     if (Meteor.isClient) {
       Meteor.call('createInsecureCollection', collectionName);
-      Meteor.subscribe('c-' + collectionName);
+      Meteor.subscribe('c-' + collectionName, expect());
     }
 
     self.collection = new Meteor.Collection(collectionName);
@@ -2676,3 +2907,21 @@ var waitUntilOplogCaughtUp = function () {
     oplogHandle.waitUntilCaughtUp();
 };
 
+
+Meteor.isServer && Tinytest.add("mongo-livedata - cursor dedup stop", function (test) {
+  var coll = new Meteor.Collection(Random.id());
+  _.times(100, function () {
+    coll.insert({foo: 'baz'});
+  });
+  var handler = coll.find({}).observeChanges({
+    added: function (id) {
+      coll.update(id, {$set: {foo: 'bar'}});
+    }
+  });
+  handler.stop();
+  // Previously, this would print
+  //    Exception in queued task: TypeError: Object.keys called on non-object
+  // Unfortunately, this test didn't fail before the bugfix, but it at least
+  // would print the error and no longer does.
+  // See https://github.com/meteor/meteor/issues/2070
+});
diff --git a/packages/mongo-livedata/observe_multiplex.js b/packages/mongo-livedata/observe_multiplex.js
index 8aa41ac6eb..f95e0388db 100644
--- a/packages/mongo-livedata/observe_multiplex.js
+++ b/packages/mongo-livedata/observe_multiplex.js
@@ -131,6 +131,10 @@ _.extend(ObserveMultiplexer.prototype, {
   _applyCallback: function (callbackName, args) {
     var self = this;
     self._queue.queueTask(function () {
+      // If we stopped in the meantime, do nothing.
+      if (!self._handles)
+        return;
+
       // First, apply the change to the cache.
       // XXX We could make applyChange callbacks promise not to hang on to any
       // state from their arguments (assuming that their supplied callbacks
@@ -151,7 +155,7 @@ _.extend(ObserveMultiplexer.prototype, {
       // use a handle that got removed, because removeHandle does not use the
       // queue; thus, we iterate over an array of keys that we control.)
       _.each(_.keys(self._handles), function (handleId) {
-        var handle = self._handles[handleId];
+        var handle = self._handles && self._handles[handleId];
         if (!handle)
           return;
         var callback = handle['_' + callbackName];
diff --git a/packages/mongo-livedata/oplog_observe_driver.js b/packages/mongo-livedata/oplog_observe_driver.js
index 425d7f8a10..dd1bb94c1b 100644
--- a/packages/mongo-livedata/oplog_observe_driver.js
+++ b/packages/mongo-livedata/oplog_observe_driver.js
@@ -151,6 +151,13 @@ OplogObserveDriver = function (options) {
     }
   ));
 
+  // When Mongo fails over, we need to repoll the query, in case we processed an
+  // oplog entry that got rolled back.
+  self._stopHandles.push(self._mongoHandle._onFailover(finishIfNeedToPollQuery(
+    function () {
+      self._needToPollQuery();
+    })));
+
   // Give _observeChanges a chance to add the new ObserveHandle to our
   // multiplexer, so that the added calls get streamed.
   Meteor.defer(finishIfNeedToPollQuery(function () {
@@ -424,7 +431,6 @@ _.extend(OplogObserveDriver.prototype, {
         var thisGeneration = ++self._fetchGeneration;
         self._needToFetch = new LocalCollection._IdMap;
         var waiting = 0;
-        var anyError = null;
         var fut = new Future;
         // This loop is safe, because _currentlyFetching will not be updated
         // during this loop (in fact, it is never mutated).
@@ -435,8 +441,15 @@ _.extend(OplogObserveDriver.prototype, {
             finishIfNeedToPollQuery(function (err, doc) {
               try {
                 if (err) {
-                  if (!anyError)
-                    anyError = err;
+                  Meteor._debug("Got exception while fetching documents: " +
+                                err);
+                  // If we get an error from the fetcher (eg, trouble connecting
+                  // to Mongo), let's just abandon the fetch phase altogether
+                  // and fall back to polling. It's not like we're getting live
+                  // updates anyway.
+                  if (self._phase !== PHASE.QUERYING) {
+                    self._needToPollQuery();
+                  }
                 } else if (!self._stopped && self._phase === PHASE.FETCHING
                            && self._fetchGeneration === thisGeneration) {
                   // We re-check the generation in case we've had an explicit
@@ -456,15 +469,15 @@ _.extend(OplogObserveDriver.prototype, {
             }));
         });
         fut.wait();
-        // XXX do this even if we've switched to PHASE.QUERYING?
-        if (anyError)
-          throw anyError;
         // Exit now if we've had a _pollQuery call (here or in another fiber).
         if (self._phase === PHASE.QUERYING)
           return;
         self._currentlyFetching = null;
       }
-      self._beSteady();
+      // We're done fetching, so we can be steady, unless we've had a _pollQuery
+      // call (here or in another fiber).
+      if (self._phase !== PHASE.QUERYING)
+        self._beSteady();
     }));
   },
   _beSteady: function () {
@@ -599,22 +612,40 @@ _.extend(OplogObserveDriver.prototype, {
 
   _runQuery: function () {
     var self = this;
-    var newResults = new LocalCollection._IdMap;
-    var newBuffer = new LocalCollection._IdMap;
+    var newResults, newBuffer;
 
-    // Query 2x documents as the half excluded from the original query will go
-    // into unpublished buffer to reduce additional Mongo lookups in cases when
-    // documents are removed from the published set and need a replacement.
-    // XXX needs more thought on non-zero skip
-    // XXX 2 is a "magic number" meaning there is an extra chunk of docs for
-    // buffer if such is needed.
-    var cursor = self._cursorForQuery({ limit: self._limit * 2 });
-    cursor.forEach(function (doc, i) {
-      if (!self._limit || i < self._limit)
-        newResults.set(doc._id, doc);
-      else
-        newBuffer.set(doc._id, doc);
-    });
+    // This while loop is just to retry failures.
+    while (true) {
+      // If we've been stopped, we don't have to run anything any more.
+      if (self._stopped)
+        return;
+
+      newResults = new LocalCollection._IdMap;
+      newBuffer = new LocalCollection._IdMap;
+
+      // Query 2x documents as the half excluded from the original query will go
+      // into unpublished buffer to reduce additional Mongo lookups in cases
+      // when documents are removed from the published set and need a
+      // replacement.
+      // XXX needs more thought on non-zero skip
+      // XXX 2 is a "magic number" meaning there is an extra chunk of docs for
+      // buffer if such is needed.
+      var cursor = self._cursorForQuery({ limit: self._limit * 2 });
+      try {
+        cursor.forEach(function (doc, i) {
+          if (!self._limit || i < self._limit)
+            newResults.set(doc._id, doc);
+          else
+            newBuffer.set(doc._id, doc);
+        });
+        break;
+      } catch (e) {
+        // During failover (eg) if we get an exception we should log and retry
+        // instead of crashing.
+        Meteor._debug("Got exception while polling query: " + e);
+        Meteor._sleepForMs(100);
+      }
+    }
 
     self._publishNewResults(newResults, newBuffer);
   },
@@ -846,4 +877,4 @@ var modifierCanBeDirectlyApplied = function (modifier) {
   });
 };
 
-MongoTest.OplogObserveDriver = OplogObserveDriver;
+MongoInternals.OplogObserveDriver = OplogObserveDriver;
diff --git a/packages/mongo-livedata/oplog_tailing.js b/packages/mongo-livedata/oplog_tailing.js
index b203bfa412..0d1cacc187 100644
--- a/packages/mongo-livedata/oplog_tailing.js
+++ b/packages/mongo-livedata/oplog_tailing.js
@@ -101,12 +101,25 @@ _.extend(OplogHandle.prototype, {
     // be ready.
     self._readyFuture.wait();
 
-    // We need to make the selector at least as restrictive as the actual
-    // tailing selector (ie, we need to specify the DB name) or else we might
-    // find a TS that won't show up in the actual tail stream.
-    var lastEntry = self._oplogLastEntryConnection.findOne(
-      OPLOG_COLLECTION, self._baseOplogSelector,
-      {fields: {ts: 1}, sort: {$natural: -1}});
+    while (!self._stopped) {
+      // We need to make the selector at least as restrictive as the actual
+      // tailing selector (ie, we need to specify the DB name) or else we might
+      // find a TS that won't show up in the actual tail stream.
+      try {
+        var lastEntry = self._oplogLastEntryConnection.findOne(
+          OPLOG_COLLECTION, self._baseOplogSelector,
+          {fields: {ts: 1}, sort: {$natural: -1}});
+        break;
+      } catch (e) {
+        // During failover (eg) if we get an exception we should log and retry
+        // instead of crashing.
+        Meteor._debug("Got exception while reading last entry: " + e);
+        Meteor._sleepForMs(100);
+      }
+    }
+
+    if (self._stopped)
+      return;
 
     if (!lastEntry) {
       // Really, nothing in the oplog? Well, we've processed everything.
@@ -166,7 +179,7 @@ _.extend(OplogHandle.prototype, {
 
     // Find the last oplog entry.
     var lastOplogEntry = self._oplogLastEntryConnection.findOne(
-      OPLOG_COLLECTION, {}, {sort: {$natural: -1}});
+      OPLOG_COLLECTION, {}, {sort: {$natural: -1}, fields: {ts: 1}});
 
     var oplogSelector = _.clone(self._baseOplogSelector);
     if (lastOplogEntry) {
diff --git a/packages/mongo-livedata/package.js b/packages/mongo-livedata/package.js
index 4f1dfa8866..67f6581b59 100644
--- a/packages/mongo-livedata/package.js
+++ b/packages/mongo-livedata/package.js
@@ -13,9 +13,7 @@ Package.describe({
 });
 
 Npm.depends({
-  // 1.3.19, plus a patch to add oplogReplay flag:
-  // https://github.com/mongodb/node-mongodb-native/pull/1108
-  mongodb: "https://github.com/meteor/node-mongodb-native/tarball/779bbac916a751f305d84c727a6cc7dfddab7924"
+  mongodb: "1.4.1"
 });
 
 Package.on_use(function (api) {
@@ -46,6 +44,8 @@ Package.on_use(function (api) {
   // If the facts package is loaded, publish some statistics.
   api.use('facts', 'server', {weak: true});
 
+  api.use('callback-hook', 'server');
+
   // Stuff that should be exposed via a real API, but we haven't yet.
   api.export('MongoInternals', 'server');
   // For tests only.
diff --git a/packages/html5-tokenizer/.gitignore b/packages/oauth-encryption/.gitignore
similarity index 100%
rename from packages/html5-tokenizer/.gitignore
rename to packages/oauth-encryption/.gitignore
diff --git a/packages/oauth-encryption/README.md b/packages/oauth-encryption/README.md
new file mode 100644
index 0000000000..852bd9237c
--- /dev/null
+++ b/packages/oauth-encryption/README.md
@@ -0,0 +1,74 @@
+# oauth-encryption
+
+Encrypts sensitive login secrets stored in the database such as a
+login service's application secret key and users' access tokens.
+
+
+## Generating a Key
+
+The encryption key is 16 bytes, encoded in base64.
+
+To generate a key:
+
+    $ ~/.meteor/tools/latest/bin/node -e 'console.log(require("crypto").randomBytes(16).toString("base64"))'
+
+
+## Using oauth-encryption with accounts
+
+On the server only, use the `oauthSecretKey` option to `Accounts.config`:
+
+    Accounts.config({oauthSecretKey: "onsqJ+1e4iGFlV0nhZYobg=="});
+
+This call to `Accounts.config` should be made at load time (place at
+the top level of your source file), not called from inside of a
+`Meteor.startup` block.
+
+To avoid storing the secret key in your application's source code, you
+can use [`Meteor.settings`](http://docs.meteor.com/#meteor_settings):
+
+    Accounts.config({oauthSecretKey: Meteor.settings.oauthSecretKey});
+
+
+## Migrating unencrypted user tokens
+
+This example for Twitter shows how existing unencrypted user tokens
+can be encrypted.  The query finds user documents which have a Twitter
+access token but not the `algorithm` field which is created when the
+token is encrypted.  The relevant fields in the service data are then
+encrypted.
+
+    Meteor.users.find({ $and: [
+        { 'services.twitter.accessToken': {$exists: true} },
+        { 'services.twitter.accessToken.algorithm': {$exists: false} }
+      ] }).
+    forEach(function (userDoc) {
+      var set = {};
+      _.each(['accessToken', 'accessTokenSecret', 'refreshToken'], function (field) {
+        var plaintext = userDoc.services.twitter[field];
+        if (!_.isString(plaintext))
+          return;
+        set['services.twitter.' + field] = OAuthEncryption.seal(
+          userDoc.services.twitter[field],
+          userDoc._id
+        );
+      });
+      Meteor.users.update(userDoc._id, {$set: set});
+    });
+
+## Using oauth-encryption without accounts
+
+If you're using the oauth packages directly instead of through the
+Meteor accounts packages, you can load the OAuth encryption key
+directly using `OAuthEncryption.loadKey`:
+
+    OAuthEncryption.loadKey("onsqJ+1e4iGFlV0nhZYobg==");
+
+If you call `retrieveCredential` (such as
+`Twitter.retrieveCredential`) as part of your process, you'll find
+when using oauth-encryption that the sensitive service data fields
+will be encrypted.
+
+You can decrypt them using `OAuth.openSecrets`:
+
+    var credentials = Twitter.retrieveCredential(token);
+    var serviceData = OAuth.openSecrets(credentials.serviceData);
diff --git a/packages/oauth-encryption/encrypt.js b/packages/oauth-encryption/encrypt.js
new file mode 100644
index 0000000000..5ea6f04db6
--- /dev/null
+++ b/packages/oauth-encryption/encrypt.js
@@ -0,0 +1,146 @@
+var crypto = Npm.require("crypto");
+// XXX We hope to be able to use the `crypto` module exclusively when
+// Node supports GCM in version 0.11.
+var gcm = Npm.require("node-aes-gcm");
+
+OAuthEncryption = {};
+
+var gcmKey = null;
+
+
+// Node leniently ignores non-base64 characters when parsing a base64
+// string, but we want to provide a more informative error message if
+// the developer doesn't use base64 encoding.
+//
+// Note that an empty string is valid base64 (denoting 0 bytes).
+//
+// Exported for the convenience of tests.
+//
+OAuthEncryption._isBase64 = function (str) {
+  return _.isString(str) && /^[A-Za-z0-9\+\/]*\={0,2}$/.test(str);
+};
+
+
+// Loads the OAuth secret key, which must be 16 bytes in length
+// encoded in base64.
+//
+// The key may be `null` which reverts to having no key (mainly used
+// by tests).
+//
+OAuthEncryption.loadKey = function (key) {
+  if (key === null) {
+    gcmKey = null;
+    return;
+  }
+
+  if (! OAuthEncryption._isBase64(key))
+    throw new Error("The OAuth encryption key must be encoded in base64");
+
+  var buf = new Buffer(key, "base64");
+
+  if (buf.length !== 16)
+    throw new Error("The OAuth encryption AES-128-GCM key must be 16 bytes in length");
+
+  gcmKey = buf;
+};
+
+
+// Encrypt `data`, which may be any EJSON-compatible object, using the
+// previously loaded OAuth secret key.
+//
+// The `userId` argument is optional. The data is encrypted as { data:
+// *, userId: * }. When the result of `seal` is passed to `open`, the
+// same user id must be supplied, which prevents user specific
+// credentials such as access tokens from being used by a different
+// user.
+//
+// We would actually like the user id to be AAD (additional
+// authenticated data), but the node crypto API does not currently have
+// support for specifying AAD.
+//
+OAuthEncryption.seal = function (data, userId) {
+  if (! gcmKey) {
+    throw new Error("No OAuth encryption key loaded");
+  }
+
+  var plaintext = new Buffer(EJSON.stringify({
+    data: data,
+    userId: userId
+  }));
+  var iv = crypto.randomBytes(12);
+  var result = gcm.encrypt(gcmKey, iv, plaintext, new Buffer([]) /* aad */);
+  return {
+    iv: iv.toString("base64"),
+    ciphertext: result.ciphertext.toString("base64"),
+    algorithm: "aes-128-gcm",
+    authTag: result.auth_tag.toString("base64")
+  };
+};
+
+// Decrypt the passed ciphertext (as returned from `seal`) using the
+// previously loaded OAuth secret key.
+//
+// `userId` must match the user id passed to `seal`: if the user id
+// wasn't specified, it must not be specified here, if it was
+// specified, it must be the same user id.
+//
+// To prevent an attacker from breaking the encryption key by
+// observing the result of sending manipulated ciphertexts, `open`
+// throws "decryption unsuccessful" on any error.
+OAuthEncryption.open = function (ciphertext, userId) {
+  if (! gcmKey)
+    throw new Error("No OAuth encryption key loaded");
+
+  try {
+    if (ciphertext.algorithm !== "aes-128-gcm") {
+      throw new Error();
+    }
+
+    var result = gcm.decrypt(
+      gcmKey,
+      new Buffer(ciphertext.iv, "base64"),
+      new Buffer(ciphertext.ciphertext, "base64"),
+      new Buffer([]), /* aad */
+      new Buffer(ciphertext.authTag, "base64")
+    );
+
+    if (! result.auth_ok) {
+      throw new Error();
+    }
+
+    var err;
+    var data;
+
+    try {
+      data = EJSON.parse(result.plaintext.toString());
+    } catch (e) {
+      err = new Error();
+    }
+
+    if (data.userId !== userId) {
+      err = new Error();
+    }
+
+    if (err) {
+      throw err;
+    } else {
+      return data.data;
+    }
+  } catch (e) {
+    throw new Error("decryption failed");
+  }
+};
+
+
+OAuthEncryption.isSealed = function (maybeCipherText) {
+  return maybeCipherText &&
+    OAuthEncryption._isBase64(maybeCipherText.iv) &&
+    OAuthEncryption._isBase64(maybeCipherText.ciphertext) &&
+    OAuthEncryption._isBase64(maybeCipherText.authTag) &&
+    _.isString(maybeCipherText.algorithm);
+};
+
+
+OAuthEncryption.keyIsLoaded = function () {
+  return !! gcmKey;
+};
diff --git a/packages/oauth-encryption/encrypt_tests.js b/packages/oauth-encryption/encrypt_tests.js
new file mode 100644
index 0000000000..a41d15897a
--- /dev/null
+++ b/packages/oauth-encryption/encrypt_tests.js
@@ -0,0 +1,150 @@
+Tinytest.add("oauth-encryption - loadKey", function (test) {
+  test.throws(
+    function () {
+      OAuthEncryption.loadKey("my encryption key");
+    },
+    "The OAuth encryption key must be encoded in base64"
+  );
+
+  test.throws(
+    function () {
+      OAuthEncryption.loadKey(new Buffer([1, 2, 3, 4, 5]).toString("base64"));
+    },
+    "The OAuth encryption AES-128-GCM key must be 16 bytes in length"
+  );
+
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - seal", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2});
+  test.isTrue(new Buffer(ciphertext.iv, "base64").length === 12);
+  test.isTrue(OAuthEncryption._isBase64(ciphertext.ciphertext));
+  test.isTrue(ciphertext.algorithm === "aes-128-gcm");
+  test.isTrue(OAuthEncryption._isBase64(ciphertext.authTag));
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - open successful", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var userId = "rH6rNSWd2hBTfkwcc";
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2}, userId);
+
+  var decrypted = OAuthEncryption.open(ciphertext, userId);
+  test.equal(decrypted, {a: 1, b: 2});
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - open with wrong key", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var userId = "rH6rNSWd2hBTfkwcc";
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2}, userId);
+
+  OAuthEncryption.loadKey(
+    new Buffer([9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9]).
+    toString("base64")
+  );
+  test.throws(
+    function () {
+      OAuthEncryption.open(ciphertext, userId);
+    },
+    "decryption failed"
+  );
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - open with wrong userId", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var userId = "rH6rNSWd2hBTfkwcc";
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2}, userId);
+
+  var differentUser = "3FPxY2mBNeBpigm86";
+  test.throws(
+    function () {
+      OAuthEncryption.open(ciphertext, differentUser);
+    },
+    "decryption failed"
+  );
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - seal and open with no userId", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2});
+  var decrypted = OAuthEncryption.open(ciphertext);
+  test.equal(decrypted, {a: 1, b: 2});
+});
+
+Tinytest.add("oauth-encryption - open modified ciphertext", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2});
+
+  var b = new Buffer(ciphertext.ciphertext, "base64");
+  b[0] = b[0] ^ 1;
+  ciphertext.ciphertext = b.toString("base64");
+
+  test.throws(
+    function () {
+      OAuthEncryption.open(ciphertext);
+    },
+    "decryption failed"
+  );
+});
+
+
+Tinytest.add("oauth-encryption - isSealed", function (test) {
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  var userId = "rH6rNSWd2hBTfkwcc";
+  var ciphertext = OAuthEncryption.seal({a: 1, b: 2}, userId);
+  test.isTrue(OAuthEncryption.isSealed(ciphertext));
+
+  test.isFalse(OAuthEncryption.isSealed("abcdef"));
+  test.isFalse(OAuthEncryption.isSealed({a: 1, b: 2}));
+
+  OAuthEncryption.loadKey(null);
+});
+
+Tinytest.add("oauth-encryption - keyIsLoaded", function (test) {
+  OAuthEncryption.loadKey(null);
+  test.isFalse(OAuthEncryption.keyIsLoaded());
+
+  OAuthEncryption.loadKey(
+    new Buffer([1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16]).
+    toString("base64")
+  );
+  test.isTrue(OAuthEncryption.keyIsLoaded());
+
+  OAuthEncryption.loadKey(null);
+});
diff --git a/packages/oauth-encryption/package.js b/packages/oauth-encryption/package.js
new file mode 100644
index 0000000000..598ffccb43
--- /dev/null
+++ b/packages/oauth-encryption/package.js
@@ -0,0 +1,17 @@
+// Uses the node-aes-gcm NPM module from the dev bundle (because
+// binary modules aren't working yet).
+
+Package.describe({
+  summary: "Encrypt account secrets stored in the database"
+});
+
+Package.on_use(function (api) {
+  api.export("OAuthEncryption", ["server"]);
+  api.add_files("encrypt.js", ["server"]);
+});
+
+Package.on_test(function (api) {
+  api.use("tinytest");
+  api.use("oauth-encryption");
+  api.add_files("encrypt_tests.js", ["server"]);
+});
diff --git a/packages/oauth/deprecated.js b/packages/oauth/deprecated.js
new file mode 100644
index 0000000000..180859d505
--- /dev/null
+++ b/packages/oauth/deprecated.js
@@ -0,0 +1,3 @@
+// XXX COMPAT WITH 0.8.0
+
+Oauth = OAuth;
diff --git a/packages/oauth/oauth_client.js b/packages/oauth/oauth_client.js
index dad37006a3..ed91f1f674 100644
--- a/packages/oauth/oauth_client.js
+++ b/packages/oauth/oauth_client.js
@@ -1,4 +1,9 @@
-Oauth = {};
+// credentialToken -> credentialSecret. You must provide both the
+// credentialToken and the credentialSecret to retrieve an access token from
+// the _pendingCredentials collection.
+var credentialSecrets = {};
+
+OAuth = {};
 
 // Open a popup window, centered on the screen, and call a callback when it
 // closes.
@@ -8,7 +13,7 @@ Oauth = {};
 //   arguments.
 // @param dimensions {optional Object(width, height)} The dimensions of
 //   the popup. If not passed defaults to something sane.
-Oauth.showPopup = function (url, callback, dimensions) {
+OAuth.showPopup = function (url, callback, dimensions) {
   // default dimensions that worked well for facebook and google
   var popup = openCenteredPopup(
     url,
@@ -64,10 +69,30 @@ var openCenteredPopup = function(url, width, height) {
 
 // XXX COMPAT WITH 0.7.0.1
 // Private interface but probably used by many oauth clients in atmosphere.
-Oauth.initiateLogin = function (credentialToken, url, callback, dimensions) {
-  Oauth.showPopup(
+OAuth.initiateLogin = function (credentialToken, url, callback, dimensions) {
+  OAuth.showPopup(
     url,
     _.bind(callback, null, credentialToken),
     dimensions
   );
 };
+
+// Called by the popup when the OAuth flow is completed, right before
+// the popup closes.
+OAuth._handleCredentialSecret = function (credentialToken, secret) {
+  check(credentialToken, String);
+  check(secret, String);
+  if (! _.has(credentialSecrets,credentialToken)) {
+    credentialSecrets[credentialToken] = secret;
+  } else {
+    throw new Error("Duplicate credential token from OAuth login");
+  }
+};
+
+// Used by accounts-oauth, which needs both a credentialToken and the
+// corresponding to credential secret to call the `login` method over DDP.
+OAuth._retrieveCredentialSecret = function (credentialToken) {
+  var secret = credentialSecrets[credentialToken];
+  delete credentialSecrets[credentialToken];
+  return secret;
+};
diff --git a/packages/oauth/oauth_server.js b/packages/oauth/oauth_server.js
index 736748e8ee..0accb7cf4c 100644
--- a/packages/oauth/oauth_server.js
+++ b/packages/oauth/oauth_server.js
@@ -1,8 +1,8 @@
 var Fiber = Npm.require('fibers');
 var url = Npm.require('url');
 
-Oauth = {};
-OauthTest = {};
+OAuth = {};
+OAuthTest = {};
 
 RoutePolicy.declare('/_oauth/', 'network');
 
@@ -12,7 +12,7 @@ var registeredServices = {};
 // 'oauth1' and 'oauth2' packages manipulate this directly to register
 // for callbacks.
 //
-Oauth._requestHandlers = {};
+OAuth._requestHandlers = {};
 
 
 // Register a handler for an OAuth service. The handler will be called
@@ -31,7 +31,7 @@ Oauth._requestHandlers = {};
 //       up in the user's services[name] field
 //     - `null` if the user declined to give permissions
 //
-Oauth.registerService = function (name, version, urls, handleOauthRequest) {
+OAuth.registerService = function (name, version, urls, handleOauthRequest) {
   if (registeredServices[name])
     throw new Error("Already registered the " + name + " OAuth service");
 
@@ -44,32 +44,15 @@ Oauth.registerService = function (name, version, urls, handleOauthRequest) {
 };
 
 // For test cleanup.
-OauthTest.unregisterService = function (name) {
+OAuthTest.unregisterService = function (name) {
   delete registeredServices[name];
 };
 
 
-// When we get an incoming OAuth http request we complete the oauth
-// handshake, account and token setup before responding.  The
-// results are stored in this map which is then read when the login
-// method is called. Maps credentialToken --> return value of `login`
-//
-// NB: the oauth1 and oauth2 packages manipulate this directly. might
-// be nice for them to have a setter instead
-//
-// XXX we should periodically clear old entries
-//
-Oauth._loginResultForCredentialToken = {};
+OAuth.retrieveCredential = function(credentialToken, credentialSecret) {
+  return OAuth._retrievePendingCredential(credentialToken, credentialSecret);
+};
 
-Oauth.hasCredential = function(credentialToken) {
-  return _.has(Oauth._loginResultForCredentialToken, credentialToken);
-}
-
-Oauth.retrieveCredential = function(credentialToken) {
-  var result = Oauth._loginResultForCredentialToken[credentialToken];
-  delete Oauth._loginResultForCredentialToken[credentialToken];
-  return result;
-}
 
 // Listen to incoming OAuth http requests
 WebApp.connectHandlers.use(function(req, res, next) {
@@ -100,20 +83,28 @@ middleware = function (req, res, next) {
     // Make sure we're configured
     ensureConfigured(serviceName);
 
-    var handler = Oauth._requestHandlers[service.version];
+    var handler = OAuth._requestHandlers[service.version];
     if (!handler)
       throw new Error("Unexpected OAuth version " + service.version);
     handler(service, req.query, res);
   } catch (err) {
     // if we got thrown an error, save it off, it will get passed to
-    // the approporiate login call (if any) and reported there.
+    // the appropriate login call (if any) and reported there.
     //
     // The other option would be to display it in the popup tab that
     // is still open at this point, ignoring the 'close' or 'redirect'
     // we were passed. But then the developer wouldn't be able to
     // style the error or react to it in any way.
-    if (req.query.state && err instanceof Error)
-      Oauth._loginResultForCredentialToken[req.query.state] = err;
+    if (req.query.state && err instanceof Error) {
+      try { // catch any exceptions to avoid crashing runner
+        OAuth._storePendingCredential(req.query.state, err);
+      } catch (err) {
+        // Ignore the error and just give up. If we failed to store the
+        // error, then the login will just fail with a generic error.
+        Log.warn("Error in OAuth Server while storing pending login result.\n" +
+                 err.stack || err.message);
+      }
+    }
 
     // XXX the following is actually wrong. if someone wants to
     // redirect rather than close once we are done with the OAuth
@@ -130,7 +121,7 @@ middleware = function (req, res, next) {
   }
 };
 
-OauthTest.middleware = middleware;
+OAuthTest.middleware = middleware;
 
 // Handle /_oauth/* paths and extract the service name.
 //
@@ -154,22 +145,30 @@ var oauthServiceName = function (req) {
 // Make sure we're configured
 var ensureConfigured = function(serviceName) {
   if (!ServiceConfiguration.configurations.findOne({service: serviceName})) {
-    throw new ServiceConfiguration.ConfigError("Service not configured");
-  };
+    throw new ServiceConfiguration.ConfigError();
+  }
 };
 
 // Internal: used by the oauth1 and oauth2 packages
-Oauth._renderOauthResults = function(res, query) {
-  // We support ?close and ?redirect=URL. Any other query should
-  // just serve a blank page
-  if (query.error) {
-    Log.warn("Error in Oauth Server: " + query.error);
+OAuth._renderOauthResults = function(res, query, credentialSecret) {
+  // We support ?close and ?redirect=URL. Any other query should just
+  // serve a blank page. For tests, we support the
+  // `only_credential_secret_for_test` parameter, which just returns the
+  // credential secret without any surrounding HTML. (The test needs to
+  // be able to easily grab the secret and use it to log in.)
+  if (query.only_credential_secret_for_test) {
+    res.writeHead(200, {'Content-Type': 'text/html'});
+    res.end(credentialSecret, 'utf-8');
+  } else if (query.error) {
+    Log.warn("Error in OAuth Server: " + query.error);
     closePopup(res);
   } else if ('close' in query) { // check with 'in' because we don't set a value
-    closePopup(res);
+    closePopup(res, query.state, credentialSecret);
   } else if (query.redirect) {
     // Only redirect to URLs on the same domain as this app.
     // XXX No code in core uses this code path right now.
+    // XXX In order for the redirect flow to be fully supported, we'd
+    // have to communicate the credentialSecret back to the app somehow.
     var redirectHostname = url.parse(query.redirect).hostname;
     var appHostname = url.parse(Meteor.absoluteUrl()).hostname;
     if (appHostname === redirectHostname) {
@@ -186,9 +185,76 @@ Oauth._renderOauthResults = function(res, query) {
   }
 };
 
-var closePopup = function(res) {
+var closePopup = function(res, state, credentialSecret) {
+
+  var isSafe = function (value) {
+    // This matches strings generated by `Random.secret` and
+    // `Random.id`.
+    return typeof value === "string" &&
+      /^[a-zA-Z0-9\-_]+$/.test(value);
+  };
+
   res.writeHead(200, {'Content-Type': 'text/html'});
+  // If we have a credentialSecret, report it back to the parent window, with
+  // the corresponding state (which we sanitize because it came from a
+  // query parameter). The parent window uses the state and credential secret
+  // to log in over DDP.
+  var setCredentialSecret = '';
+  if (state && credentialSecret && isSafe(state) && isSafe(credentialSecret)) {
+    setCredentialSecret = 'window.opener && ' +
+      'window.opener.Package.oauth.OAuth._handleCredentialSecret(' +
+      JSON.stringify(state) + ', ' + JSON.stringify(credentialSecret) + ');';
+  }
   var content =
-        '<html><head><script>window.close()</script></head></html>';
+        '<html><head><script>' +
+        setCredentialSecret +
+        'window.close()</script></head></html>';
   res.end(content, 'utf-8');
 };
+
+
+var OAuthEncryption = Package["oauth-encryption"] && Package["oauth-encryption"].OAuthEncryption;
+
+var usingOAuthEncryption = function () {
+  return OAuthEncryption && OAuthEncryption.keyIsLoaded();
+};
+
+// Encrypt sensitive service data such as access tokens if the
+// "oauth-encryption" package is loaded and the oauth secret key has
+// been specified.  Returns the unencrypted plaintext otherwise.
+//
+// The user id is not specified because the user isn't known yet at
+// this point in the oauth authentication process.  After the oauth
+// authentication process completes the encrypted service data fields
+// will be re-encrypted with the user id included before inserting the
+// service data into the user document.
+//
+OAuth.sealSecret = function (plaintext) {
+  if (usingOAuthEncryption())
+    return OAuthEncryption.seal(plaintext);
+  else
+    return plaintext;
+}
+
+// Unencrypt a service data field, if the "oauth-encryption"
+// package is loaded and the field is encrypted.
+//
+// Throws an error if the "oauth-encryption" package is loaded and the
+// field is encrypted, but the oauth secret key hasn't been specified.
+//
+OAuth.openSecret = function (maybeSecret, userId) {
+  if (!Package["oauth-encryption"] || !OAuthEncryption.isSealed(maybeSecret))
+    return maybeSecret;
+
+  return OAuthEncryption.open(maybeSecret, userId);
+};
+
+// Unencrypt fields in the service data object.
+//
+OAuth.openSecrets = function (serviceData, userId) {
+  var result = {};
+  _.each(_.keys(serviceData), function (key) {
+    result[key] = OAuth.openSecret(serviceData[key], userId);
+  });
+  return result;
+};
diff --git a/packages/oauth/oauth_tests.js b/packages/oauth/oauth_tests.js
new file mode 100644
index 0000000000..dcca94ea18
--- /dev/null
+++ b/packages/oauth/oauth_tests.js
@@ -0,0 +1,61 @@
+Tinytest.add("oauth - pendingCredential handles Errors", function (test) {
+  var credentialToken = Random.id();
+
+  var testError = new Error("This is a test error");
+  testError.stack = 'test stack';
+  OAuth._storePendingCredential(credentialToken, testError);
+
+  // Test that the result for the token is the expected error
+  var result = OAuth._retrievePendingCredential(credentialToken);
+  test.instanceOf(result, Error);
+  test.equal(result.message, testError.message);
+  test.equal(result.stack, testError.stack);
+});
+
+Tinytest.add("oauth - pendingCredential handles Meteor.Errors", function (test) {
+  var credentialToken = Random.id();
+
+  var testError = new Meteor.Error(401, "This is a test error");
+  testError.stack = 'test stack';
+  OAuth._storePendingCredential(credentialToken, testError);
+
+  // Test that the result for the token is the expected error
+  var result = OAuth._retrievePendingCredential(credentialToken);
+  test.instanceOf(result, Meteor.Error);
+  test.equal(result.error, testError.error);
+  test.equal(result.message, testError.message);
+  test.equal(result.reason, testError.reason);
+  test.equal(result.stack, testError.stack);
+  test.isUndefined(result.meteorError);
+});
+
+Tinytest.add("oauth - null, undefined key for pendingCredential", function (test) {
+  var cred = Random.id();
+  test.throws(function () {
+    OAuth._storePendingCredential(null, cred);
+  });
+  test.throws(function () {
+    OAuth._storePendingCredential(undefined, cred);
+  });
+});
+
+Tinytest.add("oauth - pendingCredential handles duplicate key", function (test) {
+  var key = Random.id();
+  var cred = Random.id();
+  OAuth._storePendingCredential(key, cred);
+  var newCred = Random.id();
+  OAuth._storePendingCredential(key, newCred);
+  test.equal(OAuth._retrievePendingCredential(key), newCred);
+});
+
+Tinytest.add(
+  "oauth - pendingCredential requires credential secret",
+  function (test) {
+    var key = Random.id();
+    var cred = Random.id();
+    var secret = Random.id();
+    OAuth._storePendingCredential(key, cred, secret);
+    test.equal(OAuth._retrievePendingCredential(key), undefined);
+    test.equal(OAuth._retrievePendingCredential(key, secret), cred);
+  }
+);
diff --git a/packages/oauth/package.js b/packages/oauth/package.js
index 4c2fdd115d..51f7eb5ec3 100644
--- a/packages/oauth/package.js
+++ b/packages/oauth/package.js
@@ -6,11 +6,29 @@ Package.describe({
 Package.on_use(function (api) {
   api.use('routepolicy', 'server');
   api.use('webapp', 'server');
+  api.use('mongo-livedata', 'server');
+
   api.use(['underscore', 'service-configuration', 'logging'], 'server');
 
-  api.export('Oauth');
-  api.export('OauthTest', 'server', {testOnly: true});
+  api.use('oauth-encryption', 'server', {weak: true});
+
+  api.export('OAuth');
+  api.export('OAuthTest', 'server', {testOnly: true});
 
   api.add_files('oauth_client.js', 'client');
   api.add_files('oauth_server.js', 'server');
+  api.add_files('pending_credentials.js', 'server');
+
+  // XXX COMPAT WITH 0.8.0
+  api.export('Oauth');
+  api.add_files('deprecated.js', ['client', 'server']);
+});
+
+
+Package.on_test(function (api) {
+  api.use('tinytest');
+  api.use('random');
+  api.use('service-configuration', 'server');
+  api.use('oauth', 'server');
+  api.add_files("oauth_tests.js", 'server');
 });
diff --git a/packages/oauth/pending_credentials.js b/packages/oauth/pending_credentials.js
new file mode 100644
index 0000000000..54c24f0572
--- /dev/null
+++ b/packages/oauth/pending_credentials.js
@@ -0,0 +1,124 @@
+//
+// When an oauth request is made, Meteor receives oauth credentials
+// in one browser tab, and temporarily persists them while that
+// tab is closed, then retrieves them in the browser tab that
+// initiated the credential request.
+//
+// _pendingCredentials is the storage mechanism used to share the
+// credential between the 2 tabs
+//
+
+
+// Collection containing pending credentials of oauth credential requests
+// Has key, credential, and createdAt fields.
+OAuth._pendingCredentials = new Meteor.Collection(
+  "meteor_oauth_pendingCredentials", {
+    _preventAutopublish: true
+  });
+
+OAuth._pendingCredentials._ensureIndex('key', {unique: 1});
+OAuth._pendingCredentials._ensureIndex('credentialSecret');
+OAuth._pendingCredentials._ensureIndex('createdAt');
+
+
+
+// Periodically clear old entries that were never retrieved
+var _cleanStaleResults = function() {
+  // Remove credentials older than 1 minute
+  var timeCutoff = new Date();
+  timeCutoff.setMinutes(timeCutoff.getMinutes() - 1);
+  OAuth._pendingCredentials.remove({ createdAt: { $lt: timeCutoff } });
+};
+var _cleanupHandle = Meteor.setInterval(_cleanStaleResults, 60 * 1000);
+
+
+// Stores the key and credential in the _pendingCredentials collection.
+// Will throw an exception if `key` is not a string.
+//
+// @param key {string}
+// @param credential {Object}   The credential to store
+// @param credentialSecret {string} A secret that must be presented in
+//   addition to the `key` to retrieve the credential
+//
+OAuth._storePendingCredential = function (key, credential, credentialSecret) {
+  check(key, String);
+  check(credentialSecret, Match.Optional(String));
+
+  if (credential instanceof Error) {
+    credential = storableError(credential);
+  } else {
+    credential = OAuth.sealSecret(credential);
+  }
+
+  // We do an upsert here instead of an insert in case the user happens
+  // to somehow send the same `state` parameter twice during an OAuth
+  // login; we don't want a duplicate key error.
+  OAuth._pendingCredentials.upsert({
+    key: key
+  }, {
+    key: key,
+    credential: credential,
+    credentialSecret: credentialSecret || null,
+    createdAt: new Date()
+  });
+};
+
+
+// Retrieves and removes a credential from the _pendingCredentials collection
+//
+// @param key {string}
+// @param credentialSecret {string}
+//
+OAuth._retrievePendingCredential = function (key, credentialSecret) {
+  check(key, String);
+
+  var pendingCredential = OAuth._pendingCredentials.findOne({
+    key: key,
+    credentialSecret: credentialSecret || null
+  });
+  if (pendingCredential) {
+    OAuth._pendingCredentials.remove({ _id: pendingCredential._id });
+    if (pendingCredential.credential.error)
+      return recreateError(pendingCredential.credential.error);
+    else
+      return OAuth.openSecret(pendingCredential.credential);
+  } else {
+    return undefined;
+  }
+};
+
+
+// Convert an Error into an object that can be stored in mongo
+// Note: A Meteor.Error is reconstructed as a Meteor.Error
+// All other error classes are reconstructed as a plain Error.
+var storableError = function(error) {
+  var plainObject = {};
+  Object.getOwnPropertyNames(error).forEach(function(key) {
+    plainObject[key] = error[key];
+  });
+
+  // Keep track of whether it's a Meteor.Error
+  if(error instanceof Meteor.Error) {
+    plainObject['meteorError'] = true;
+  }
+
+  return { error: plainObject };
+};
+
+// Create an error from the error format stored in mongo
+var recreateError = function(errorDoc) {
+  var error;
+
+  if (errorDoc.meteorError) {
+    error = new Meteor.Error();
+    delete errorDoc.meteorError;
+  } else {
+    error = new Error();
+  }
+
+  Object.getOwnPropertyNames(errorDoc).forEach(function(key) {
+    error[key] = errorDoc[key];
+  });
+
+  return error;
+};
diff --git a/packages/oauth1/oauth1_binding.js b/packages/oauth1/oauth1_binding.js
index 43e63a111b..839f2529f3 100644
--- a/packages/oauth1/oauth1_binding.js
+++ b/packages/oauth1/oauth1_binding.js
@@ -85,7 +85,7 @@ OAuth1Binding.prototype._buildHeader = function(headers) {
   var self = this;
   return _.extend({
     oauth_consumer_key: self._config.consumerKey,
-    oauth_nonce: Random.id().replace(/\W/g, ''),
+    oauth_nonce: Random.secret().replace(/\W/g, ''),
     oauth_signature_method: 'HMAC-SHA1',
     oauth_timestamp: (new Date().valueOf()/1000).toFixed().toString(),
     oauth_version: '1.0'
@@ -106,7 +106,9 @@ OAuth1Binding.prototype._getSignature = function(method, url, rawHeaders, access
     self._encodeString(parameters)
   ].join('&');
 
-  var signingKey = self._encodeString(self._config.secret) + '&';
+  var secret = OAuth.openSecret(self._config.secret);
+
+  var signingKey = self._encodeString(secret) + '&';
   if (accessTokenSecret)
     signingKey += self._encodeString(accessTokenSecret);
 
diff --git a/packages/oauth1/oauth1_pending_request_tokens.js b/packages/oauth1/oauth1_pending_request_tokens.js
new file mode 100644
index 0000000000..ff025a577f
--- /dev/null
+++ b/packages/oauth1/oauth1_pending_request_tokens.js
@@ -0,0 +1,86 @@
+//
+// _pendingRequestTokens are request tokens that have been received
+// but not yet fully authorized (processed).
+//
+// During the oauth1 authorization process, the Meteor App opens
+// a pop-up, requests a request token from the oauth1 service, and
+// redirects the browser to the oauth1 service for the user
+// to grant authorization.  The user is then returned to the
+// Meteor Apps' callback url and the request token is verified.
+//
+// When Meteor Apps run on multiple servers, it's possible that
+// 2 different servers may be used to generate the request token
+// and to verify it in the callback once the user has authorized.
+//
+// For this reason, the _pendingRequestTokens are stored in the database
+// so they can be shared across Meteor App servers.
+//
+// XXX This code is fairly similar to oauth/pending_credentials.js --
+// maybe we can combine them somehow.
+
+// Collection containing pending request tokens
+// Has key, requestToken, requestTokenSecret, and createdAt fields.
+OAuth._pendingRequestTokens = new Meteor.Collection(
+  "meteor_oauth_pendingRequestTokens", {
+    _preventAutopublish: true
+  });
+
+OAuth._pendingRequestTokens._ensureIndex('key', {unique: 1});
+OAuth._pendingRequestTokens._ensureIndex('createdAt');
+
+
+
+// Periodically clear old entries that never got completed
+var _cleanStaleResults = function() {
+  // Remove request tokens older than 5 minute
+  var timeCutoff = new Date();
+  timeCutoff.setMinutes(timeCutoff.getMinutes() - 5);
+  OAuth._pendingRequestTokens.remove({ createdAt: { $lt: timeCutoff } });
+};
+var _cleanupHandle = Meteor.setInterval(_cleanStaleResults, 60 * 1000);
+
+
+// Stores the key and request token in the _pendingRequestTokens collection.
+// Will throw an exception if `key` is not a string.
+//
+// @param key {string}
+// @param requestToken {string}
+// @param requestTokenSecret {string}
+//
+OAuth._storeRequestToken = function (key, requestToken, requestTokenSecret) {
+  check(key, String);
+
+  // We do an upsert here instead of an insert in case the user happens
+  // to somehow send the same `state` parameter twice during an OAuth
+  // login; we don't want a duplicate key error.
+  OAuth._pendingRequestTokens.upsert({
+    key: key
+  }, {
+    key: key,
+    requestToken: OAuth.sealSecret(requestToken),
+    requestTokenSecret: OAuth.sealSecret(requestTokenSecret),
+    createdAt: new Date()
+  });
+};
+
+
+// Retrieves and removes a request token from the _pendingRequestTokens collection
+// Returns an object containing requestToken and requestTokenSecret properties
+//
+// @param key {string}
+//
+OAuth._retrieveRequestToken = function (key) {
+  check(key, String);
+
+  var pendingRequestToken = OAuth._pendingRequestTokens.findOne({ key: key });
+  if (pendingRequestToken) {
+    OAuth._pendingRequestTokens.remove({ _id: pendingRequestToken._id });
+    return {
+      requestToken: OAuth.openSecret(pendingRequestToken.requestToken),
+      requestTokenSecret: OAuth.openSecret(
+        pendingRequestToken.requestTokenSecret)
+    };
+  } else {
+    return undefined;
+  }
+};
diff --git a/packages/oauth1/oauth1_server.js b/packages/oauth1/oauth1_server.js
index c01b32a654..c4ba5784ce 100644
--- a/packages/oauth1/oauth1_server.js
+++ b/packages/oauth1/oauth1_server.js
@@ -1,14 +1,9 @@
-// A place to store request tokens pending verification
-var requestTokens = {};
-
-OAuth1Test = {requestTokens: requestTokens};
-
 // connect middleware
-Oauth._requestHandlers['1'] = function (service, query, res) {
+OAuth._requestHandlers['1'] = function (service, query, res) {
 
   var config = ServiceConfiguration.configurations.findOne({service: service.serviceName});
   if (!config) {
-    throw new ServiceConfiguration.ConfigError("Service " + service.serviceName + " not configured");
+    throw new ServiceConfiguration.ConfigError(service.serviceName);
   }
 
   var urls = service.urls;
@@ -23,10 +18,10 @@ Oauth._requestHandlers['1'] = function (service, query, res) {
     oauthBinding.prepareRequestToken(callbackUrl);
 
     // Keep track of request token so we can verify it on the next step
-    requestTokens[query.state] = {
-      requestToken: oauthBinding.requestToken,
-      requestTokenSecret: oauthBinding.requestTokenSecret
-    };
+    OAuth._storeRequestToken(query.state,
+      oauthBinding.requestToken,
+      oauthBinding.requestTokenSecret
+    );
 
     // support for scope/name parameters
     var redirectUrl = undefined;
@@ -40,38 +35,38 @@ Oauth._requestHandlers['1'] = function (service, query, res) {
     res.writeHead(302, {'Location': redirectUrl});
     res.end();
   } else {
-    // step 2, redirected from provider login - complete the login
-    // process: if the user authorized permissions, get an access
-    // token and access token secret and log in as user
+    // step 2, redirected from provider login - store the result
+    // and close the window to allow the login handler to proceed
 
     // Get the user's request token so we can verify it and clear it
-    var requestToken = requestTokens[query.state].requestToken;
-    var requestTokenSecret = requestTokens[query.state].requestTokenSecret;
-    delete requestTokens[query.state];
+    var requestTokenInfo = OAuth._retrieveRequestToken(query.state);
 
     // Verify user authorized access and the oauth_token matches
     // the requestToken from previous step
-    if (query.oauth_token && query.oauth_token === requestToken) {
+    if (query.oauth_token && query.oauth_token === requestTokenInfo.requestToken) {
 
       // Prepare the login results before returning.  This way the
       // subsequent call to the `login` method will be immediate.
 
       // Get the access token for signing requests
-      oauthBinding.prepareAccessToken(query, requestTokenSecret);
+      oauthBinding.prepareAccessToken(query, requestTokenInfo.requestTokenSecret);
 
       // Run service-specific handler.
       var oauthResult = service.handleOauthRequest(oauthBinding);
 
-      // Add the login result to the result map
-      Oauth._loginResultForCredentialToken[query.state] = {
+      var credentialSecret = Random.secret();
+
+      // Store the login result so it can be retrieved in another
+      // browser tab by the result handler
+      OAuth._storePendingCredential(query.state, {
         serviceName: service.serviceName,
         serviceData: oauthResult.serviceData,
         options: oauthResult.options
-      };
+      }, credentialSecret);
     }
 
     // Either close the window, redirect, or render nothing
     // if all else fails
-    Oauth._renderOauthResults(res, query);
+    OAuth._renderOauthResults(res, query, credentialSecret);
   }
 };
diff --git a/packages/oauth1/oauth1_tests.js b/packages/oauth1/oauth1_tests.js
index 272e0cb123..a26ee2e15b 100644
--- a/packages/oauth1/oauth1_tests.js
+++ b/packages/oauth1/oauth1_tests.js
@@ -1,4 +1,4 @@
-Tinytest.add("oauth1 - loginResultForCredentialToken is stored", function (test) {
+var testPendingCredential = function (test) {
   var http = Npm.require('http');
   var twitterfooId = Random.id();
   var twitterfooName = 'nickname' + Random.id();
@@ -25,13 +25,13 @@ Tinytest.add("oauth1 - loginResultForCredentialToken is stored", function (test)
 
   try {
     // register a fake login service
-    Oauth.registerService(serviceName, 1, urls, function (query) {
+    OAuth.registerService(serviceName, 1, urls, function (query) {
       return {
         serviceData: {
           id: twitterfooId,
           screenName: twitterfooName,
-          accessToken: twitterfooAccessToken,
-          accessTokenSecret: twitterfooAccessTokenSecret
+          accessToken: OAuth.sealSecret(twitterfooAccessToken),
+          accessTokenSecret: OAuth.sealSecret(twitterfooAccessTokenSecret)
         },
         options: {
           option1: twitterOption1
@@ -40,36 +40,87 @@ Tinytest.add("oauth1 - loginResultForCredentialToken is stored", function (test)
     });
 
     // simulate logging in using twitterfoo
-    OAuth1Test.requestTokens[credentialToken] = {
-      requestToken: twitterfooAccessToken
-    };
+    Oauth._storeRequestToken(credentialToken, twitterfooAccessToken);
 
     var req = {
       method: "POST",
       url: "/_oauth/" + serviceName + "?close",
       query: {
         state: credentialToken,
-        oauth_token: twitterfooAccessToken
+        oauth_token: twitterfooAccessToken,
+        close: 1,
+        only_credential_secret_for_test: 1
       }
     };
-    OauthTest.middleware(req, new http.ServerResponse(req));
+    var res = new http.ServerResponse(req);
+    var write = res.write;
+    var end = res.write;
+    var respData = "";
+    res.write = function (data, encoding, callback) {
+      respData += data;
+      return write.apply(this, arguments);
+    };
+    res.end = function (data) {
+      respData += data;
+      return end.apply(this, arguments);
+    };
+    OAuthTest.middleware(req, res);
+    var credentialSecret = respData;
 
-    // Test that right data is placed on the loginResult map
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceName, serviceName);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceData.id, twitterfooId);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceData.screenName, twitterfooName);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceData.accessToken, twitterfooAccessToken);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceData.accessTokenSecret, twitterfooAccessTokenSecret);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].options.option1, twitterOption1);
+    // Test that the result for the token is available
+    var result = OAuth._retrievePendingCredential(credentialToken,
+                                                  credentialSecret);
+    var serviceData = OAuth.openSecrets(result.serviceData);
+    test.equal(result.serviceName, serviceName);
+    test.equal(serviceData.id, twitterfooId);
+    test.equal(serviceData.screenName, twitterfooName);
+    test.equal(serviceData.accessToken, twitterfooAccessToken);
+    test.equal(serviceData.accessTokenSecret, twitterfooAccessTokenSecret);
+    test.equal(result.options.option1, twitterOption1);
+
+    // Test that pending credential is removed after being retrieved
+    result = OAuth._retrievePendingCredential(credentialToken);
+    test.isUndefined(result);
 
   } finally {
-    OauthTest.unregisterService(serviceName);
+    OAuthTest.unregisterService(serviceName);
+  }
+};
+
+Tinytest.add("oauth1 - pendingCredential is stored and can be retrieved (without oauth encryption)", function (test) {
+  OAuthEncryption.loadKey(null);
+  testPendingCredential(test);
+});
+
+Tinytest.add("oauth1 - pendingCredential is stored and can be retrieved (with oauth encryption)", function (test) {
+  try {
+    OAuthEncryption.loadKey(new Buffer([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]).toString("base64"));
+    testPendingCredential(test);
+  } finally {
+    OAuthEncryption.loadKey(null);
   }
 });
 
+Tinytest.add("oauth1 - duplicate key for request token", function (test) {
+  var key = Random.id();
+  var token = Random.id();
+  var secret = Random.id();
+  OAuth._storeRequestToken(key, token, secret);
+  var newToken = Random.id();
+  var newSecret = Random.id();
+  OAuth._storeRequestToken(key, newToken, newSecret);
+  var result = OAuth._retrieveRequestToken(key);
+  test.equal(result.requestToken, newToken);
+  test.equal(result.requestTokenSecret, newSecret);
+});
+
+Tinytest.add("oauth1 - null, undefined key for request token", function (test) {
+  var token = Random.id();
+  var secret = Random.id();
+  test.throws(function () {
+    OAuth._storeRequestToken(null, token, secret);
+  });
+  test.throws(function () {
+    OAuth._storeRequestToken(undefined, token, secret);
+  });
+});
diff --git a/packages/oauth1/package.js b/packages/oauth1/package.js
index c57d98f515..86b9814cdb 100644
--- a/packages/oauth1/package.js
+++ b/packages/oauth1/package.js
@@ -15,12 +15,14 @@ Package.on_use(function (api) {
 
   api.add_files('oauth1_binding.js', 'server');
   api.add_files('oauth1_server.js', 'server');
+  api.add_files('oauth1_pending_request_tokens.js', 'server');
 });
 
 Package.on_test(function (api) {
   api.use('tinytest');
   api.use('random');
   api.use('service-configuration', 'server');
+  api.use('oauth-encryption', 'server');
   api.use('oauth1', 'server');
   api.use('oauth', 'server');
   api.add_files("oauth1_tests.js", 'server');
diff --git a/packages/oauth2/oauth2_server.js b/packages/oauth2/oauth2_server.js
index f788727799..047be0c2d9 100644
--- a/packages/oauth2/oauth2_server.js
+++ b/packages/oauth2/oauth2_server.js
@@ -1,22 +1,23 @@
 // connect middleware
-Oauth._requestHandlers['2'] = function (service, query, res) {
+OAuth._requestHandlers['2'] = function (service, query, res) {
   // check if user authorized access
   if (!query.error) {
-    // Prepare the login results before returning.  This way the
-    // subsequent call to the `login` method will be immediate.
+    // Prepare the login results before returning.
 
     // Run service-specific handler.
     var oauthResult = service.handleOauthRequest(query);
+    var credentialSecret = Random.secret();
 
-    // Add the login result to the result map
-    Oauth._loginResultForCredentialToken[query.state] = {
-          serviceName: service.serviceName,
-          serviceData: oauthResult.serviceData,
-          options: oauthResult.options
-        };
+    // Store the login result so it can be retrieved in another
+    // browser tab by the result handler
+    OAuth._storePendingCredential(query.state, {
+      serviceName: service.serviceName,
+      serviceData: oauthResult.serviceData,
+      options: oauthResult.options
+    }, credentialSecret);
   }
 
   // Either close the window, redirect, or render nothing
   // if all else fails
-  Oauth._renderOauthResults(res, query);
+  OAuth._renderOauthResults(res, query, credentialSecret);
 };
diff --git a/packages/oauth2/oauth2_tests.js b/packages/oauth2/oauth2_tests.js
index 00cd88e7d3..d83bf516b0 100644
--- a/packages/oauth2/oauth2_tests.js
+++ b/packages/oauth2/oauth2_tests.js
@@ -1,4 +1,4 @@
-Tinytest.add("oauth2 - loginResultForCredentialToken is stored", function (test) {
+var testPendingCredential = function (test) {
   var http = Npm.require('http');
   var foobookId = Random.id();
   var foobookOption1 = Random.id();
@@ -9,9 +9,12 @@ Tinytest.add("oauth2 - loginResultForCredentialToken is stored", function (test)
 
   try {
     // register a fake login service
-    Oauth.registerService(serviceName, 2, null, function (query) {
+    OAuth.registerService(serviceName, 2, null, function (query) {
       return {
-        serviceData: {id: foobookId},
+        serviceData: {
+          id: foobookId,
+          secretStuff: OAuth.sealSecret("confidential")
+        },
         options: {option1: foobookOption1}
       };
     });
@@ -19,18 +22,55 @@ Tinytest.add("oauth2 - loginResultForCredentialToken is stored", function (test)
     // simulate logging in using foobook
     var req = {method: "POST",
                url: "/_oauth/" + serviceName + "?close",
-               query: {state: credentialToken}};
-    OauthTest.middleware(req, new http.ServerResponse(req));
+               query: {
+                 state: credentialToken,
+                 close: 1,
+                 only_credential_secret_for_test: 1
+               }};
+    var res = new http.ServerResponse(req);
+    var write = res.write;
+    var end = res.write;
+    var respData = "";
+    res.write = function (data, encoding, callback) {
+      respData += data;
+      return write.apply(this, arguments);
+    };
+    res.end = function (data) {
+      respData += data;
+      return end.apply(this, arguments);
+    };
 
-    // Test that the login result for that user is prepared
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceName, serviceName);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].serviceData.id, foobookId);
-    test.equal(
-      Oauth._loginResultForCredentialToken[credentialToken].options.option1, foobookOption1);
+    OAuthTest.middleware(req, res);
+    var credentialSecret = respData;
+
+    // Test that the result for the token is available
+    var result = OAuth._retrievePendingCredential(credentialToken,
+                                                  credentialSecret);
+    var serviceData = OAuth.openSecrets(result.serviceData);
+    test.equal(result.serviceName, serviceName);
+    test.equal(serviceData.id, foobookId);
+    test.equal(serviceData.secretStuff, 'confidential');
+    test.equal(result.options.option1, foobookOption1);
+
+    // Test that pending credential is removed after being retrieved
+    result = OAuth._retrievePendingCredential(credentialToken);
+    test.isUndefined(result);
 
   } finally {
-    OauthTest.unregisterService(serviceName);
+    OAuthTest.unregisterService(serviceName);
+  }
+};
+
+Tinytest.add("oauth2 - pendingCredential is stored and can be retrieved (without oauth encryption)", function (test) {
+  OAuthEncryption.loadKey(null);
+  testPendingCredential(test);
+});
+
+Tinytest.add("oauth2 - pendingCredential is stored and can be retrieved (with oauth encryption)", function (test) {
+  try {
+    OAuthEncryption.loadKey(new Buffer([1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16]).toString("base64"));
+    testPendingCredential(test);
+  } finally {
+    OAuthEncryption.loadKey(null);
   }
 });
diff --git a/packages/oauth2/package.js b/packages/oauth2/package.js
index c2b6f6dccf..6b94c0199c 100644
--- a/packages/oauth2/package.js
+++ b/packages/oauth2/package.js
@@ -11,7 +11,7 @@ Package.on_use(function (api) {
 });
 
 Package.on_test(function (api) {
-  api.use(['tinytest', 'random', 'oauth2', 'oauth', 'service-configuration'],
+  api.use(['tinytest', 'random', 'oauth2', 'oauth', 'service-configuration', 'oauth-encryption'],
           'server');
   api.add_files("oauth2_tests.js", 'server');
 });
diff --git a/packages/observe-sequence/observe_sequence.js b/packages/observe-sequence/observe_sequence.js
index 7e37b4541b..7af183f084 100644
--- a/packages/observe-sequence/observe_sequence.js
+++ b/packages/observe-sequence/observe_sequence.js
@@ -31,8 +31,8 @@ ObserveSequence = {
   //     _id fields.  Specifically:
   //
   //     * addedAt(id, item, atIndex, beforeId)
-  //     * changed(id, newItem, oldItem)
-  //     * removed(id, oldItem)
+  //     * changedAt(id, newItem, oldItem, atIndex)
+  //     * removedAt(id, oldItem, atIndex)
   //     * movedTo(id, item, fromIndex, toIndex, beforeId)
   //
   // @returns {Object(stop: Function)} call 'stop' on the return value
@@ -41,9 +41,9 @@ ObserveSequence = {
   // We don't make any assumptions about our ability to compare sequence
   // elements (ie, we don't assume EJSON.equals works; maybe there is extra
   // state/random methods on the objects) so unlike cursor.observe, we may
-  // sometimes call changed() when nothing actually changed.
+  // sometimes call changedAt() when nothing actually changed.
   // XXX consider if we *can* make the stronger assumption and avoid
-  //     no-op changed calls (in some cases?)
+  //     no-op changedAt calls (in some cases?)
   //
   // XXX currently only supports the callbacks used by our
   // implementation of {{#each}}, but this can be expanded.
@@ -99,6 +99,7 @@ ObserveSequence = {
         } else if (seq instanceof Array) {
           var idsUsed = {};
           seqArray = _.map(seq, function (item, index) {
+            var id;
             if (typeof item === 'string') {
               // ensure not empty, since other layers (eg DomRange) assume this as well
               id = "-" + item;
@@ -142,11 +143,12 @@ ObserveSequence = {
                 callbacks.addedAt(document._id, document, atIndex, before);
               }
             },
-            changed: function (newDocument, oldDocument) {
-              callbacks.changed(newDocument._id, newDocument, oldDocument);
+            changedAt: function (newDocument, oldDocument, atIndex) {
+              callbacks.changedAt(newDocument._id, newDocument, oldDocument,
+                                  atIndex);
             },
-            removed: function (oldDocument) {
-              callbacks.removed(oldDocument._id, oldDocument);
+            removedAt: function (oldDocument, atIndex) {
+              callbacks.removedAt(oldDocument._id, oldDocument, atIndex);
             },
             movedTo: function (document, fromIndex, toIndex, before) {
               callbacks.movedTo(
@@ -212,40 +214,76 @@ var diffArray = function (lastSeqArray, seqArray, callbacks) {
   var newIdObjects = [];
   var posOld = {}; // maps from idStringify'd ids
   var posNew = {}; // ditto
+  var posCur = {};
+  var lengthCur = lastSeqArray.length;
 
   _.each(seqArray, function (doc, i) {
-    newIdObjects.push(_.pick(doc, '_id'));
+    newIdObjects.push({_id: doc._id});
     posNew[idStringify(doc._id)] = i;
   });
   _.each(lastSeqArray, function (doc, i) {
-    oldIdObjects.push(_.pick(doc, '_id'));
+    oldIdObjects.push({_id: doc._id});
     posOld[idStringify(doc._id)] = i;
+    posCur[idStringify(doc._id)] = i;
   });
 
   // Arrays can contain arbitrary objects. We don't diff the
-  // objects. Instead we always fire 'changed' callback on every
+  // objects. Instead we always fire 'changedAt' callback on every
   // object. The consumer of `observe-sequence` should deal with
   // it appropriately.
   diffFn(oldIdObjects, newIdObjects, {
     addedBefore: function (id, doc, before) {
-        callbacks.addedAt(
-          id,
-          seqArray[posNew[idStringify(id)]].item,
-          posNew[idStringify(id)],
-          before);
+      var position = before ? posCur[idStringify(before)] : lengthCur;
+
+      _.each(posCur, function (pos, id) {
+        if (pos >= position)
+          posCur[id]++;
+      });
+
+      lengthCur++;
+      posCur[idStringify(id)] = position;
+
+      callbacks.addedAt(
+        id,
+        seqArray[posNew[idStringify(id)]].item,
+        position,
+        before);
     },
     movedBefore: function (id, before) {
-        callbacks.movedTo(
-          id,
-          seqArray[posNew[idStringify(id)]].item,
-          posOld[idStringify(id)],
-          posNew[idStringify(id)],
-          before);
+      var prevPosition = posCur[idStringify(id)];
+      var position = before ? posCur[idStringify(before)] : lengthCur - 1;
+
+      _.each(posCur, function (pos, id) {
+        if (pos >= prevPosition && pos <= position)
+          posCur[id]--;
+        else if (pos <= prevPosition && pos >= position)
+          posCur[id]++;
+      });
+
+      posCur[idStringify(id)] = position;
+
+      callbacks.movedTo(
+        id,
+        seqArray[posNew[idStringify(id)]].item,
+        prevPosition,
+        position,
+        before);
     },
     removed: function (id) {
-        callbacks.removed(
-          id,
-          lastSeqArray[posOld[idStringify(id)]].item);
+      var prevPosition = posCur[idStringify(id)];
+
+      _.each(posCur, function (pos, id) {
+        if (pos >= prevPosition)
+          posCur[id]--;
+      });
+
+      delete posCur[idStringify(id)];
+      lengthCur--;
+
+      callbacks.removedAt(
+        id,
+        lastSeqArray[posOld[idStringify(id)]].item,
+        prevPosition);
     }
   });
 
@@ -253,7 +291,7 @@ var diffArray = function (lastSeqArray, seqArray, callbacks) {
     var id = idParse(idString);
     if (_.has(posOld, idString)) {
       // specifically for primitive types, compare equality before
-      // firing the changed callback. otherwise, always fire it
+      // firing the 'changedAt' callback. otherwise, always fire it
       // because doing a deep EJSON comparison is not guaranteed to
       // work (an array can contain arbitrary objects, and 'transform'
       // can be used on cursors). also, deep diffing is not
@@ -263,7 +301,7 @@ var diffArray = function (lastSeqArray, seqArray, callbacks) {
       var oldItem = lastSeqArray[posOld[idString]].item;
 
       if (typeof newItem === 'object' || newItem !== oldItem)
-          callbacks.changed(id, newItem, oldItem);
+          callbacks.changedAt(id, newItem, oldItem, pos);
       }
   });
 };
diff --git a/packages/observe-sequence/observe_sequence_tests.js b/packages/observe-sequence/observe_sequence_tests.js
index 0bcc77b44d..f950c1492c 100644
--- a/packages/observe-sequence/observe_sequence_tests.js
+++ b/packages/observe-sequence/observe_sequence_tests.js
@@ -23,19 +23,19 @@ runOneObserveSequenceTestCase = function (test, sequenceFunc,
     addedAt: function () {
       firedCallbacks.push({addedAt: _.toArray(arguments)});
     },
-    changed: function () {
-      var obj = {changed: _.toArray(arguments)};
+    changedAt: function () {
+      var obj = {changedAt: _.toArray(arguments)};
 
-      // Browsers are inconsistent about the order in which 'changed'
+      // Browsers are inconsistent about the order in which 'changedAt'
       // callbacks fire. To ensure consistent behavior of these tests,
       // we can't simply push `obj` at the end of `firedCallbacks` as
       // we do for the other callbacks. Instead, we use insertion sort
       // to place `obj` in a canonical position within the chunk of
-      // contiguously recently fired 'changed' callbacks.
+      // contiguously recently fired 'changedAt' callbacks.
       for (var i = firedCallbacks.length; i > 0; i--) {
 
         var compareTo = firedCallbacks[i - 1];
-        if (!compareTo.changed)
+        if (!compareTo.changedAt)
           break;
 
         if (EJSON.stringify(compareTo, {canonical: true}) <
@@ -45,8 +45,8 @@ runOneObserveSequenceTestCase = function (test, sequenceFunc,
 
       firedCallbacks.splice(i, 0, obj);
     },
-    removed: function () {
-      firedCallbacks.push({removed: _.toArray(arguments)});
+    removedAt: function () {
+      firedCallbacks.push({removedAt: _.toArray(arguments)});
     },
     movedTo: function () {
       firedCallbacks.push({movedTo: _.toArray(arguments)});
@@ -84,8 +84,13 @@ runOneObserveSequenceTestCase = function (test, sequenceFunc,
     });
   }
 
-  test.equal(EJSON.stringify(firedCallbacks, {canonical: true}),
-             EJSON.stringify(expectedCallbacks, {canonical: true}));
+  var compress = function (str) {
+    return str.replace(/\[\n\s*/gm, "[").replace(/\{\n\s*/gm, "{").
+      replace(/\n\s*\]/gm, "]").replace(/\n\s*\}/gm, "}");
+  };
+
+  test.equal(compress(EJSON.stringify(firedCallbacks, {canonical: true, indent: true})),
+             compress(EJSON.stringify(expectedCallbacks, {canonical: true, indent: true})));
 };
 
 Tinytest.add('observe sequence - initial data for all sequence types', function (test) {
@@ -148,9 +153,9 @@ Tinytest.add('observe sequence - array to other array', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["37", {_id: "37", bar: 2}]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2}, 1, null]},
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]}
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 0]}
   ]);
 });
 
@@ -167,7 +172,7 @@ Tinytest.add('observe sequence - array to other array, strings', function (test)
   }, [
     {addedAt: ["-A", "A", 0, null]},
     {addedAt: ["-B", "B", 1, null]},
-    {removed: ["-A", "A"]},
+    {removedAt: ["-A", "A", 0]},
     {addedAt: ["-C", "C", 1, null]}
   ]);
 });
@@ -185,8 +190,8 @@ Tinytest.add('observe sequence - array to other array, objects without ids', fun
   }, [
     {addedAt: [0, {foo: 1}, 0, null]},
     {addedAt: [1, {bar: 2}, 1, null]},
-    {removed: [1, {bar: 2}]},
-    {changed: [0, {foo: 2}, {foo: 1}]}
+    {removedAt: [1, {bar: 2}, 1]},
+    {changedAt: [0, {foo: 2}, {foo: 1}, 0]}
   ]);
 });
 
@@ -204,34 +209,38 @@ Tinytest.add('observe sequence - array to other array, changes', function (test)
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
     {addedAt: ["42", {_id: "42", baz: 42}, 2, null]},
-    {removed: ["37", {_id: "37", bar: 2}]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2}, 1, "42"]},
     // change fires for all elements, because we don't diff the actual
     // objects.
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]},
-    {changed: ["42", {_id: "42", baz: 43}, {_id: "42", baz: 42}]}
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 0]},
+    {changedAt: ["42", {_id: "42", baz: 43}, {_id: "42", baz: 42}, 2]}
   ]);
 });
 
 Tinytest.add('observe sequence - array to other array, movedTo', function (test) {
   var dep = new Deps.Dependency;
-  var seq = [{_id: "13", foo: 1}, {_id: "37", bar: 2}, {_id: "42", baz: 42}];
+  var seq = [{_id: "13", foo: 1}, {_id: "37", bar: 2}, {_id: "42", baz: 42}, {_id: "43", baz: 43}];
 
   runOneObserveSequenceTestCase(test, function () {
     dep.depend();
     return seq;
   }, function () {
-    seq = [{_id: "37", bar: 2}, {_id: "13", foo: 1}, {_id: "42", baz: 42}];
+    seq = [{_id: "43", baz: 43}, {_id: "37", bar: 2}, {_id: "42", baz: 42}, {_id: "13", foo: 1}];
     dep.changed();
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
     {addedAt: ["42", {_id: "42", baz: 42}, 2, null]},
-    // XXX it could have been the "13" moving but it's a detail of implementation
-    {movedTo: ["37", {_id: "37", bar: 2}, 1, 0, "13"]},
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]},
-    {changed: ["37", {_id: "37", bar: 2}, {_id: "37", bar: 2}]},
-    {changed: ["42", {_id: "42", baz: 42}, {_id: "42", baz: 42}]}
+    {addedAt: ["43", {_id: "43", baz: 43}, 3, null]},
+
+    {movedTo: ["43", {_id: "43", baz: 43}, 3, 1, "37"]},
+    {movedTo: ["13", {_id: "13", foo: 1}, 0, 3, null]},
+
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 3]},
+    {changedAt: ["37", {_id: "37", bar: 2}, {_id: "37", bar: 2}, 1]},
+    {changedAt: ["42", {_id: "42", baz: 42}, {_id: "42", baz: 42}, 2]},
+    {changedAt: ["43", {_id: "43", baz: 43}, {_id: "43", baz: 43}, 0]}
   ]);
 });
 
@@ -248,8 +257,8 @@ Tinytest.add('observe sequence - array to null', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["13", {_id: "13", foo: 1}]},
-    {removed: ["37", {_id: "37", bar: 2}]}
+    {removedAt: ["13", {_id: "13", foo: 1}, 0]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 0]}
   ]);
 });
 
@@ -270,9 +279,9 @@ Tinytest.add('observe sequence - array to cursor', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["37", {_id: "37", bar: 2}]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2}, 1, null]},
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]}
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 0]}
   ]);
 });
 
@@ -294,8 +303,8 @@ Tinytest.add('observe sequence - cursor to null', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["13", {_id: "13", foo: 1}]},
-    {removed: ["37", {_id: "37", bar: 2}]}
+    {removedAt: ["13", {_id: "13", foo: 1}, 0]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 0]}
   ]);
 });
 
@@ -316,9 +325,9 @@ Tinytest.add('observe sequence - cursor to array', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["37", {_id: "37", bar: 2}]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2}, 1, null]},
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]}
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 0]}
   ]);
 });
 
@@ -333,21 +342,21 @@ Tinytest.add('observe sequence - cursor', function (test) {
   }, function () {
     coll.insert({_id: "37", rank: 2});
     coll.insert({_id: "77", rank: 3});
-    coll.remove({_id: "37"});                           // should fire a 'remove' callback
-    coll.insert({_id: "11", rank: 0});                  // should fire an 'insert' callback
-    coll.update({_id: "13"}, {$set: {updated: true}});  // should fire an 'changed' callback
-    coll.update({_id: "77"}, {$set: {rank: -1}});       // should fire 'changed' and 'move' callback
+    coll.remove({_id: "37"});                           // should fire a 'removedAt' callback
+    coll.insert({_id: "11", rank: 0});                  // should fire an 'addedAt' callback
+    coll.update({_id: "13"}, {$set: {updated: true}});  // should fire an 'changedAt' callback
+    coll.update({_id: "77"}, {$set: {rank: -1}});       // should fire 'changedAt' and 'movedTo' callback
   }, [
     // this case must not fire spurious calls as the array to array
     // case does. otherwise, the entire power of cursors is lost in
-    // meteor ui.
+    // blaze.
     {addedAt: ["13", {_id: "13", rank: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", rank: 2}, 1, null]},
     {addedAt: ["77", {_id: "77", rank: 3}, 2, null]},
-    {removed: ["37", {_id: "37", rank: 2}]},
+    {removedAt: ["37", {_id: "37", rank: 2}, 1]},
     {addedAt: ["11", {_id: "11", rank: 0}, 0, "13"]},
-    {changed: ["13", {_id: "13", rank: 1, updated: true}, {_id: "13", rank: 1}]},
-    {changed: ["77", {_id: "77", rank: -1}, {_id: "77", rank: 3}]},
+    {changedAt: ["13", {_id: "13", rank: 1, updated: true}, {_id: "13", rank: 1}, 1]},
+    {changedAt: ["77", {_id: "77", rank: -1}, {_id: "77", rank: 3}, 2]},
     {movedTo: ["77", {_id: "77", rank: -1}, 2, 0, "11"]}
   ]);
 });
@@ -374,9 +383,9 @@ Tinytest.add('observe sequence - cursor to other cursor', function (test) {
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2}, 1, null]},
-    {removed: ["37", {_id: "37", bar: 2}]},
+    {removedAt: ["37", {_id: "37", bar: 2}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2}, 1, null]},
-    {changed: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}]}
+    {changedAt: ["13", {_id: "13", foo: 1}, {_id: "13", foo: 1}, 0]}
   ]);
 });
 
@@ -406,9 +415,9 @@ Tinytest.add('observe sequence - cursor to other cursor with transform', functio
   }, [
     {addedAt: ["13", {_id: "13", foo: 1, idCopy: "13"}, 0, null]},
     {addedAt: ["37", {_id: "37", bar: 2, idCopy: "37"}, 1, null]},
-    {removed: ["37", {_id: "37", bar: 2, idCopy: "37"}]},
+    {removedAt: ["37", {_id: "37", bar: 2, idCopy: "37"}, 1]},
     {addedAt: ["38", {_id: "38", bar: 2, idCopy: "38"}, 1, null]},
-    {changed: ["13", {_id: "13", foo: 1, idCopy: "13"}, {_id: "13", foo: 1, idCopy: "13"}]}
+    {changedAt: ["13", {_id: "13", foo: 1, idCopy: "13"}, {_id: "13", foo: 1, idCopy: "13"}, 0]}
   ]);
 });
 
@@ -432,9 +441,9 @@ Tinytest.add('observe sequence - cursor to same cursor', function (test) {
     {addedAt: ["24", {_id: "24", rank: 2}, 1, null]},
     // even if the cursor changes to the same cursor, we diff to see if we
     // missed anything during the invalidation, which leads to these
-    // "changed" events.
-    {changed: ["13", {_id: "13", rank: 1}, {_id: "13", rank: 1}]},
-    {changed: ["24", {_id: "24", rank: 2}, {_id: "24", rank: 2}]},
+    // 'changedAt' events.
+    {changedAt: ["13", {_id: "13", rank: 1}, {_id: "13", rank: 1}, 0]},
+    {changedAt: ["24", {_id: "24", rank: 2}, {_id: "24", rank: 2}, 1]},
     {addedAt: ["78", {_id: "78", rank: 3}, 2, null]}
   ]);
 });
@@ -452,7 +461,7 @@ Tinytest.add('observe sequence - string arrays', function (test) {
   }, [
     {addedAt: ['-A', 'A', 0, null]},
     {addedAt: ['-B', 'B', 1, null]},
-    {removed: ['-A', 'A']},
+    {removedAt: ['-A', 'A', 0]},
     {addedAt: ['-C', 'C', 1, null]}
   ]);
 });
@@ -471,7 +480,7 @@ Tinytest.add('observe sequence - number arrays', function (test) {
     {addedAt: [1, 1, 0, null]},
     {addedAt: [{NOT: 1}, 1, 1, null]},
     {addedAt: [2, 2, 2, null]},
-    {removed: [{NOT: 1}, 1]},
+    {removedAt: [{NOT: 1}, 1, 1]},
     {addedAt: [3, 3, 1, 2]},
     {addedAt: [{NOT: 3}, 3, 3, null]}
   ], /*numExpectedWarnings = */2);
@@ -497,7 +506,7 @@ Tinytest.add('observe sequence - cursor to other cursor, same collection', funct
     coll.insert({_id: "39", foo: 2});
   }, [
     {addedAt: ["13", {_id: "13", foo: 1}, 0, null]},
-    {removed: ["13", {_id: "13", foo: 1}]},
+    {removedAt: ["13", {_id: "13", foo: 1}, 0]},
     {addedAt: ["37", {_id: "37", foo: 2}, 0, null]},
     {addedAt: ["39", {_id: "39", foo: 2}, 1, null]}
   ]);
diff --git a/packages/observe-sequence/package.js b/packages/observe-sequence/package.js
index 30be5f0ca5..5009db78d2 100644
--- a/packages/observe-sequence/package.js
+++ b/packages/observe-sequence/package.js
@@ -7,9 +7,7 @@ Package.on_use(function (api) {
   api.use('deps');
   api.use('minimongo');  // for idStringify
   api.export('ObserveSequence');
-  // XXX this does also run on the server but as long as deps is not
-  // documented to run there let's not try
-  api.add_files(['observe_sequence.js'], 'client');
+  api.add_files(['observe_sequence.js']);
 });
 
 Package.on_test(function (api) {
diff --git a/packages/random/random.js b/packages/random/random.js
index e0bc11d5a6..f0d22f2eb5 100644
--- a/packages/random/random.js
+++ b/packages/random/random.js
@@ -86,6 +86,8 @@ var Alea = function () {
 };
 
 var UNMISTAKABLE_CHARS = "23456789ABCDEFGHJKLMNPQRSTWXYZabcdefghijkmnopqrstuvwxyz";
+var BASE64_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" +
+  "0123456789-_";
 
 // If seeds are provided, then the alea PRNG will be used, since cryptographic
 // PRNGs (Node crypto and window.crypto.getRandomValues) don't allow us to
@@ -109,6 +111,8 @@ RandomGenerator.prototype.fraction = function () {
     var array = new Uint32Array(1);
     window.crypto.getRandomValues(array);
     return array[0] * 2.3283064365386963e-10; // 2^-32
+  } else {
+    throw new Error('No random generator available');
   }
 };
 
@@ -137,17 +141,36 @@ RandomGenerator.prototype.hexString = function (digits) {
     return hexDigits.join('');
   }
 };
-RandomGenerator.prototype.id = function () {
-  var digits = [];
+
+RandomGenerator.prototype._randomString = function (charsCount,
+                                                    alphabet) {
   var self = this;
-  // Length of 17 preserves around 96 bits of entropy, which is the
-  // amount of state in the Alea PRNG.
-  for (var i = 0; i < 17; i++) {
-    digits[i] = self.choice(UNMISTAKABLE_CHARS);
+  var digits = [];
+  for (var i = 0; i < charsCount; i++) {
+    digits[i] = self.choice(alphabet);
   }
   return digits.join("");
 };
 
+RandomGenerator.prototype.id = function (charsCount) {
+  var self = this;
+  // 17 characters is around 96 bits of entropy, which is the amount of
+  // state in the Alea PRNG.
+  if (charsCount === undefined)
+    charsCount = 17;
+
+  return self._randomString(charsCount, UNMISTAKABLE_CHARS);
+};
+
+RandomGenerator.prototype.secret = function (charsCount) {
+  var self = this;
+  // Default to 256 bits of entropy, or 43 characters at 6 bits per
+  // character.
+  if (charsCount === undefined)
+    charsCount = 43;
+  return self._randomString(charsCount, BASE64_CHARS);
+};
+
 RandomGenerator.prototype.choice = function (arrayOrString) {
   var index = Math.floor(this.fraction() * arrayOrString.length);
   if (typeof arrayOrString === "string")
@@ -187,6 +210,9 @@ if (nodeCrypto ||
 else
   Random = new RandomGenerator([new Date(), height, width, agent, Math.random()]);
 
-Random.create = function () {
+Random.createWithSeeds = function () {
+  if (arguments.length === 0) {
+    throw new Error('No seeds were provided');
+  }
   return new RandomGenerator(arguments);
 };
diff --git a/packages/random/random_tests.js b/packages/random/random_tests.js
index 940afbb640..c586e5ff8c 100644
--- a/packages/random/random_tests.js
+++ b/packages/random/random_tests.js
@@ -7,7 +7,7 @@ Tinytest.add('random', function (test) {
   // algorithm being used and it starts generating a different
   // sequence for a seed, as long as the sequence is consistent for
   // a particular release.
-  var random = Random.create(0);
+  var random = Random.createWithSeeds(0);
   test.equal(random.id(), "cp9hWvhg8GSvuZ9os");
   test.equal(random.id(), "3f3k6Xo7rrHCifQhR");
   test.equal(random.id(), "shxDnjWWmnKPEoLhM");
@@ -19,6 +19,7 @@ Tinytest.add('random', function (test) {
 Tinytest.add('random - format', function (test) {
   var idLen = 17;
   test.equal(Random.id().length, idLen);
+  test.equal(Random.id(29).length, 29);
   var numDigits = 9;
   var hexStr = Random.hexString(numDigits);
   test.equal(hexStr.length, numDigits);
@@ -26,4 +27,24 @@ Tinytest.add('random - format', function (test) {
   var frac = Random.fraction();
   test.isTrue(frac < 1.0);
   test.isTrue(frac >= 0.0);
+
+  test.equal(Random.secret().length, 43);
+  test.equal(Random.secret(13).length, 13);
+});
+
+Tinytest.add('random - Alea is last resort', function (test) {
+  if (Meteor.isServer) {
+    test.isTrue(Random.alea === undefined);
+  }
+  if (Meteor.isClient) {
+    var useGetRandomValues = !!(typeof window !== "undefined" &&
+        window.crypto && window.crypto.getRandomValues);
+    test.equal(Random.alea === undefined, useGetRandomValues);
+  }
+});
+
+Tinytest.add('random - createWithSeeds requires parameters', function (test) {
+  test.throws(function () {
+    Random.createWithSeeds();
+  });
 });
diff --git a/packages/service-configuration/service_configuration_common.js b/packages/service-configuration/service_configuration_common.js
index 93e1db0800..a9f6cb64fe 100644
--- a/packages/service-configuration/service_configuration_common.js
+++ b/packages/service-configuration/service_configuration_common.js
@@ -18,8 +18,14 @@ ServiceConfiguration.configurations = new Meteor.Collection(
 
 
 // Thrown when trying to use a login service which is not configured
-ServiceConfiguration.ConfigError = function(description) {
-  this.message = description;
+ServiceConfiguration.ConfigError = function (serviceName) {
+  if (Meteor.isClient && !Accounts.loginServicesConfigured()) {
+    this.message = "Login service configuration not yet loaded";
+  } else if (serviceName) {
+    this.message = "Service " + serviceName + " not configured";
+  } else {
+    this.message = "Service not configured";
+  }
 };
 ServiceConfiguration.ConfigError.prototype = new Error();
 ServiceConfiguration.ConfigError.prototype.name = 'ServiceConfiguration.ConfigError';
diff --git a/packages/showdown/showdown.js b/packages/showdown/showdown.js
index 198acc5df7..f5590cb861 100644
--- a/packages/showdown/showdown.js
+++ b/packages/showdown/showdown.js
@@ -65,7 +65,28 @@
 // Showdown namespace
 //
 // METEOR CHANGE: remove "var" so that this isn't file-local.
-Showdown = {};
+Showdown = { extensions: {} };
+
+//
+// forEach
+//
+var forEach = Showdown.forEach = function(obj, callback) {
+	if (typeof obj.forEach === 'function') {
+		obj.forEach(callback);
+	} else {
+		var i, len = obj.length;
+		for (i = 0; i < len; i++) {
+			callback(obj[i], i, obj);
+		}
+	}
+};
+
+//
+// Standard extension naming
+//
+var stdExtName = function(s) {
+	return s.replace(/[_-]||\s/g, '').toLowerCase();
+};
 
 //
 // converter
@@ -73,7 +94,7 @@ Showdown = {};
 // Wraps all "globals" so that the only thing
 // exposed is makeHtml().
 //
-Showdown.converter = function() {
+Showdown.converter = function(converter_options) {
 
 //
 // Globals:
@@ -88,6 +109,32 @@ var g_html_blocks;
 // (see _ProcessListItems() for details):
 var g_list_level = 0;
 
+// Global extensions
+var g_lang_extensions = [];
+var g_output_modifiers = [];
+
+
+//
+// Automatic Extension Loading (node only):
+//
+
+if (typeof module !== 'undefind' && typeof exports !== 'undefined' && typeof require !== 'undefind') {
+	var fs = require('fs');
+
+	if (fs) {
+		// Search extensions folder
+		var extensions = fs.readdirSync((__dirname || '.')+'/extensions').filter(function(file){
+			return ~file.indexOf('.js');
+		}).map(function(file){
+			return file.replace(/\.js$/, '');
+		});
+		// Load extensions into Showdown namespace
+		Showdown.forEach(extensions, function(ext){
+			var name = stdExtName(ext);
+			Showdown.extensions[name] = require('./extensions/' + ext);
+		});
+	}
+}
 
 this.makeHtml = function(text) {
 //
@@ -101,14 +148,14 @@ this.makeHtml = function(text) {
 	// from other articles when generating a page which contains more than
 	// one article (e.g. an index page that shows the N most recent
 	// articles):
-	g_urls = new Array();
-	g_titles = new Array();
-	g_html_blocks = new Array();
+	g_urls = {};
+	g_titles = {};
+	g_html_blocks = [];
 
 	// attacklab: Replace ~ with ~T
 	// This lets us use tilde as an escape char to avoid md5 hashes
 	// The choice of character is arbitray; anything that isn't
-    // magic in Markdown will work.
+	// magic in Markdown will work.
 	text = text.replace(/~/g,"~T");
 
 	// attacklab: Replace $ with ~D
@@ -132,6 +179,15 @@ this.makeHtml = function(text) {
 	// contorted like /[ \t]*\n+/ .
 	text = text.replace(/^[ \t]+$/mg,"");
 
+	// Run language extensions
+	Showdown.forEach(g_lang_extensions, function(x){
+		text = _ExecuteExtension(x, text);
+	});
+
+	// Handle github codeblocks prior to running HashHTML so that
+	// HTML contained within the codeblock gets escaped propertly
+	text = _DoGithubCodeBlocks(text);
+
 	// Turn block-level HTML blocks into hash entries
 	text = _HashHTMLBlocks(text);
 
@@ -148,10 +204,61 @@ this.makeHtml = function(text) {
 	// attacklab: Restore tildes
 	text = text.replace(/~T/g,"~");
 
+	// Run output modifiers
+	Showdown.forEach(g_output_modifiers, function(x){
+		text = _ExecuteExtension(x, text);
+	});
+
 	return text;
+};
+//
+// Options:
+//
+
+// Parse extensions options into separate arrays
+if (converter_options && converter_options.extensions) {
+
+  var self = this;
+
+	// Iterate over each plugin
+	Showdown.forEach(converter_options.extensions, function(plugin){
+
+		// Assume it's a bundled plugin if a string is given
+		if (typeof plugin === 'string') {
+			plugin = Showdown.extensions[stdExtName(plugin)];
+		}
+
+		if (typeof plugin === 'function') {
+			// Iterate over each extension within that plugin
+			Showdown.forEach(plugin(self), function(ext){
+				// Sort extensions by type
+				if (ext.type) {
+					if (ext.type === 'language' || ext.type === 'lang') {
+						g_lang_extensions.push(ext);
+					} else if (ext.type === 'output' || ext.type === 'html') {
+						g_output_modifiers.push(ext);
+					}
+				} else {
+					// Assume language extension
+					g_output_modifiers.push(ext);
+				}
+			});
+		} else {
+			throw "Extension '" + plugin + "' could not be loaded.  It was either not found or is not a valid extension.";
+		}
+	});
 }
 
 
+var _ExecuteExtension = function(ext, text) {
+	if (ext.regex) {
+		var re = new RegExp(ext.regex, 'g');
+		return text.replace(re, ext.replace);
+	} else if (ext.filter) {
+		return ext.filter(text);
+	}
+};
+
 var _StripLinkDefinitions = function(text) {
 //
 // Strips link definitions from text, stores the URLs and titles in
@@ -181,7 +288,11 @@ var _StripLinkDefinitions = function(text) {
 			  /gm,
 			  function(){...});
 	*/
-	var text = text.replace(/^[ ]{0,3}\[(.+)\]:[ \t]*\n?[ \t]*<?(\S+?)>?[ \t]*\n?[ \t]*(?:(\n*)["(](.+?)[")][ \t]*)?(?:\n+|\Z)/gm,
+
+	// attacklab: sentinel workarounds for lack of \A and \Z, safari\khtml bug
+	text += "~0";
+
+	text = text.replace(/^[ ]{0,3}\[(.+)\]:[ \t]*\n?[ \t]*<?(\S+?)>?[ \t]*\n?[ \t]*(?:(\n*)["(](.+?)[")][ \t]*)?(?:\n+|(?=~0))/gm,
 		function (wholeMatch,m1,m2,m3,m4) {
 			m1 = m1.toLowerCase();
 			g_urls[m1] = _EncodeAmpsAndAngles(m2);  // Link IDs are case-insensitive
@@ -192,12 +303,15 @@ var _StripLinkDefinitions = function(text) {
 			} else if (m4) {
 				g_titles[m1] = m4.replace(/"/g,"&quot;");
 			}
-			
+
 			// Completely remove the definition from the text
 			return "";
 		}
 	);
 
+	// attacklab: strip sentinel
+	text = text.replace(/~0/,"");
+
 	return text;
 }
 
@@ -212,8 +326,8 @@ var _HashHTMLBlocks = function(text) {
 	// "paragraphs" that are wrapped in non-block-level tags, such as anchors,
 	// phrase emphasis, and spans. The list of tags we're looking for is
 	// hard-coded:
-	var block_tags_a = "p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math|ins|del"
-	var block_tags_b = "p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math"
+	var block_tags_a = "p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math|ins|del|style|section|header|footer|nav|article|aside";
+	var block_tags_b = "p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math|style|section|header|footer|nav|article|aside";
 
 	// First, look for nested blocks, e.g.:
 	//   <div>
@@ -256,16 +370,16 @@ var _HashHTMLBlocks = function(text) {
 			\b					// word break
 								// attacklab: hack around khtml/pcre bug...
 			[^\r]*?				// any number of lines, minimally matching
-			.*</\2>				// the matching end tag
+			</\2>				// the matching end tag
 			[ \t]*				// trailing spaces/tabs
 			(?=\n+)				// followed by a newline
 		)						// attacklab: there are sentinel newlines at end of document
 		/gm,function(){...}};
 	*/
-	text = text.replace(/^(<(p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math)\b[^\r]*?.*<\/\2>[ \t]*(?=\n+)\n)/gm,hashElement);
+	text = text.replace(/^(<(p|div|h[1-6]|blockquote|pre|table|dl|ol|ul|script|noscript|form|fieldset|iframe|math|style|section|header|footer|nav|article|aside)\b[^\r]*?<\/\2>[ \t]*(?=\n+)\n)/gm,hashElement);
 
 	// Special case just for <hr />. It was easier to make a special case than
-	// to make the other regex more complicated.  
+	// to make the other regex more complicated.
 
 	/*
 		text = text.replace(/
@@ -274,7 +388,7 @@ var _HashHTMLBlocks = function(text) {
 			[ ]{0,3}
 			(<(hr)				// start tag = $2
 			\b					// word break
-			([^<>])*?			// 
+			([^<>])*?			//
 			\/?>)				// the matching end tag
 			[ \t]*
 			(?=\n{2,})			// followed by a blank line
@@ -332,13 +446,13 @@ var hashElement = function(wholeMatch,m1) {
 	// Undo double lines
 	blockText = blockText.replace(/\n\n/g,"\n");
 	blockText = blockText.replace(/^\n/,"");
-	
+
 	// strip trailing blank lines
 	blockText = blockText.replace(/\n+$/g,"");
-	
+
 	// Replace the element text with a marker ("~KxK" where x is its key)
 	blockText = "\n\n~K" + (g_html_blocks.push(blockText)-1) + "K\n\n";
-	
+
 	return blockText;
 };
 
@@ -367,7 +481,7 @@ var _RunBlockGamut = function(text) {
 	text = _FormParagraphs(text);
 
 	return text;
-}
+};
 
 
 var _RunSpanGamut = function(text) {
@@ -404,7 +518,7 @@ var _EscapeSpecialCharsWithinTagAttributes = function(text) {
 // don't conflict with their use in Markdown for code, italics and strong.
 //
 
-	// Build a regex to find HTML tags and comments.  See Friedl's 
+	// Build a regex to find HTML tags and comments.  See Friedl's
 	// "Mastering Regular Expressions", 2nd Ed., pp. 200-201.
 	var regex = /(<[a-z\/!$]("[^"]*"|'[^']*'|[^'">])*>|<!(--.*?--\s*)+>)/gi;
 
@@ -480,7 +594,7 @@ var _DoAnchors = function(text) {
 		)
 		/g,writeAnchorTag);
 	*/
-	text = text.replace(/(\[((?:\[[^\]]*\]|[^\[\]])*)\]\([ \t]*()<?(.*?)>?[ \t]*((['"])(.*?)\6[ \t]*)?\))/g,writeAnchorTag);
+	text = text.replace(/(\[((?:\[[^\]]*\]|[^\[\]])*)\]\([ \t]*()<?(.*?(?:\(.*?\).*?)?)>?[ \t]*((['"])(.*?)\6[ \t]*)?\))/g,writeAnchorTag);
 
 	//
 	// Last, handle reference-style shortcuts: [link text]
@@ -509,14 +623,14 @@ var writeAnchorTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
 	var link_id	 = m3.toLowerCase();
 	var url		= m4;
 	var title	= m7;
-	
+
 	if (url == "") {
 		if (link_id == "") {
 			// lower-case and turn embedded newlines into spaces
 			link_id = link_text.toLowerCase().replace(/ ?\n/g," ");
 		}
 		url = "#"+link_id;
-		
+
 		if (g_urls[link_id] != undefined) {
 			url = g_urls[link_id];
 			if (g_titles[link_id] != undefined) {
@@ -531,19 +645,19 @@ var writeAnchorTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
 				return whole_match;
 			}
 		}
-	}	
-	
+	}
+
 	url = escapeCharacters(url,"*_");
 	var result = "<a href=\"" + url + "\"";
-	
+
 	if (title != "") {
 		title = title.replace(/"/g,"&quot;");
 		title = escapeCharacters(title,"*_");
 		result +=  " title=\"" + title + "\"";
 	}
-	
+
 	result += ">" + link_text + "</a>";
-	
+
 	return result;
 }
 
@@ -614,14 +728,14 @@ var writeImageTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
 	var title	= m7;
 
 	if (!title) title = "";
-	
+
 	if (url == "") {
 		if (link_id == "") {
 			// lower-case and turn embedded newlines into spaces
 			link_id = alt_text.toLowerCase().replace(/ ?\n/g," ");
 		}
 		url = "#"+link_id;
-		
+
 		if (g_urls[link_id] != undefined) {
 			url = g_urls[link_id];
 			if (g_titles[link_id] != undefined) {
@@ -631,8 +745,8 @@ var writeImageTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
 		else {
 			return whole_match;
 		}
-	}	
-	
+	}
+
 	alt_text = alt_text.replace(/"/g,"&quot;");
 	url = escapeCharacters(url,"*_");
 	var result = "<img src=\"" + url + "\" alt=\"" + alt_text + "\"";
@@ -645,9 +759,9 @@ var writeImageTag = function(wholeMatch,m1,m2,m3,m4,m5,m6,m7) {
 		title = escapeCharacters(title,"*_");
 		result +=  " title=\"" + title + "\"";
 	//}
-	
+
 	result += " />";
-	
+
 	return result;
 }
 
@@ -657,7 +771,7 @@ var _DoHeaders = function(text) {
 	// Setext-style headers:
 	//	Header 1
 	//	========
-	//  
+	//
 	//	Header 2
 	//	--------
 	//
@@ -744,7 +858,7 @@ var _DoLists = function(text) {
 			// paragraph for the last item in a list, if necessary:
 			list = list.replace(/\n{2,}/g,"\n\n\n");;
 			var result = _ProcessListItems(list);
-	
+
 			// Trim any trailing whitespace, to put the closing `</$list_type>`
 			// up on the preceding line, to get it past the current stupid
 			// HTML block parser. This is a hack to work around the terrible
@@ -764,7 +878,7 @@ var _DoLists = function(text) {
 			// paragraph for the last item in a list, if necessary:
 			var list = list.replace(/\n{2,}/g,"\n\n\n");;
 			var result = _ProcessListItems(list);
-			result = runup + "<"+list_type+">\n" + result + "</"+list_type+">\n";	
+			result = runup + "<"+list_type+">\n" + result + "</"+list_type+">\n";
 			return result;
 		});
 	}
@@ -850,7 +964,7 @@ _ProcessListItems = function(list_str) {
 var _DoCodeBlocks = function(text) {
 //
 //  Process Markdown `<pre><code>` blocks.
-//  
+//
 
 	/*
 		text = text.replace(text,
@@ -867,12 +981,12 @@ var _DoCodeBlocks = function(text) {
 
 	// attacklab: sentinel workarounds for lack of \A and \Z, safari\khtml bug
 	text += "~0";
-	
+
 	text = text.replace(/(?:\n\n|^)((?:(?:[ ]{4}|\t).*\n+)+)(\n*[ ]{0,3}[^ \t\n]|(?=~0))/g,
 		function(wholeMatch,m1,m2) {
 			var codeblock = m1;
 			var nextChar = m2;
-		
+
 			codeblock = _EncodeCode( _Outdent(codeblock));
 			codeblock = _Detab(codeblock);
 			codeblock = codeblock.replace(/^\n+/g,""); // trim leading newlines
@@ -887,6 +1001,43 @@ var _DoCodeBlocks = function(text) {
 	// attacklab: strip sentinel
 	text = text.replace(/~0/,"");
 
+	return text;
+};
+
+var _DoGithubCodeBlocks = function(text) {
+//
+//  Process Github-style code blocks
+//  Example:
+//  ```ruby
+//  def hello_world(x)
+//    puts "Hello, #{x}"
+//  end
+//  ```
+//
+
+
+	// attacklab: sentinel workarounds for lack of \A and \Z, safari\khtml bug
+	text += "~0";
+
+	text = text.replace(/(?:^|\n)```(.*)\n([\s\S]*?)\n```/g,
+		function(wholeMatch,m1,m2) {
+			var language = m1;
+			var codeblock = m2;
+
+			codeblock = _EncodeCode(codeblock);
+			codeblock = _Detab(codeblock);
+			codeblock = codeblock.replace(/^\n+/g,""); // trim leading newlines
+			codeblock = codeblock.replace(/\n+$/g,""); // trim trailing whitespace
+
+			codeblock = "<pre><code" + (language ? " class=\"" + language + '"' : "") + ">" + codeblock + "\n</code></pre>";
+
+			return hashBlock(codeblock);
+		}
+	);
+
+	// attacklab: strip sentinel
+	text = text.replace(/~0/,"");
+
 	return text;
 }
 
@@ -895,30 +1046,29 @@ var hashBlock = function(text) {
 	return "\n\n~K" + (g_html_blocks.push(text)-1) + "K\n\n";
 }
 
-
 var _DoCodeSpans = function(text) {
 //
 //   *  Backtick quotes are used for <code></code> spans.
-// 
+//
 //   *  You can use multiple backticks as the delimiters if you want to
 //	 include literal backticks in the code span. So, this input:
-//	 
+//
 //		 Just type ``foo `bar` baz`` at the prompt.
-//	 
+//
 //	   Will translate to:
-//	 
+//
 //		 <p>Just type <code>foo `bar` baz</code> at the prompt.</p>
-//	 
+//
 //	There's no arbitrary limit to the number of backticks you
 //	can use as delimters. If you need three consecutive backticks
 //	in your code, use four for delimiters, etc.
 //
 //  *  You can use spaces to get literal backticks at the edges:
-//	 
+//
 //		 ... type `` `bar` `` ...
-//	 
+//
 //	   Turns to:
-//	 
+//
 //		 ... type <code>`bar`</code> ...
 //
 
@@ -947,7 +1097,6 @@ var _DoCodeSpans = function(text) {
 	return text;
 }
 
-
 var _EncodeCode = function(text) {
 //
 // Encode/escape certain characters inside Markdown code runs.
@@ -1021,7 +1170,7 @@ var _DoBlockQuotes = function(text) {
 
 			bq = bq.replace(/^[ \t]+$/gm,"");		// trim whitespace-only lines
 			bq = _RunBlockGamut(bq);				// recurse
-			
+
 			bq = bq.replace(/(^|\n)/g,"$1  ");
 			// These leading spaces screw with <pre> content, so we need to fix that:
 			bq = bq.replace(
@@ -1033,7 +1182,7 @@ var _DoBlockQuotes = function(text) {
 					pre = pre.replace(/~0/g,"");
 					return pre;
 				});
-			
+
 			return hashBlock("<blockquote>\n" + bq + "\n</blockquote>");
 		});
 	return text;
@@ -1051,7 +1200,7 @@ var _FormParagraphs = function(text) {
 	text = text.replace(/\n+$/g,"");
 
 	var grafs = text.split(/\n{2,}/g);
-	var grafsOut = new Array();
+	var grafsOut = [];
 
 	//
 	// Wrap <p> tags.
@@ -1092,14 +1241,14 @@ var _FormParagraphs = function(text) {
 
 var _EncodeAmpsAndAngles = function(text) {
 // Smart processing for ampersands and angle brackets that need to be encoded.
-	
+
 	// Ampersand-encoding based entirely on Nat Irons's Amputator MT plugin:
 	//   http://bumppo.net/projects/amputator/
 	text = text.replace(/&(?!#?[xX]?(?:[0-9a-fA-F]+|\w+);)/g,"&amp;");
-	
+
 	// Encode naked <'s
 	text = text.replace(/<(?![a-z\/?\$!])/gi,"&lt;");
-	
+
 	return text;
 }
 
@@ -1170,16 +1319,9 @@ var _EncodeEmailAddress = function(addr) {
 //  mailing list: <http://tinyurl.com/yu7ue>
 //
 
-	// attacklab: why can't javascript speak hex?
-	function char2hex(ch) {
-		var hexDigits = '0123456789ABCDEF';
-		var dec = ch.charCodeAt(0);
-		return(hexDigits.charAt(dec>>4) + hexDigits.charAt(dec&15));
-	}
-
 	var encode = [
 		function(ch){return "&#"+ch.charCodeAt(0)+";";},
-		function(ch){return "&#x"+char2hex(ch)+";";},
+		function(ch){return "&#x"+ch.charCodeAt(0).toString(16)+";";},
 		function(ch){return ch;}
 	];
 
@@ -1299,5 +1441,15 @@ var escapeCharacters_callback = function(wholeMatch,m1) {
 
 } // end of Showdown.converter
 
+
 // export
-if (typeof exports != 'undefined') exports.Showdown = Showdown;
\ No newline at end of file
+if (typeof module !== 'undefined') module.exports = Showdown;
+
+// stolen from AMD branch of underscore
+// AMD define happens at the end for compatibility with AMD loaders
+// that don't enforce next-turn semantics on modules.
+if (typeof define === 'function' && define.amd) {
+    define('showdown', function() {
+        return Showdown;
+    });
+}
diff --git a/packages/spacebars-compiler/spacebars-compiler.js b/packages/spacebars-compiler/spacebars-compiler.js
index b72989492e..b4d6158ec4 100644
--- a/packages/spacebars-compiler/spacebars-compiler.js
+++ b/packages/spacebars-compiler/spacebars-compiler.js
@@ -29,6 +29,10 @@ var optimize = function (tree) {
     return (html.indexOf('&') < 0 && html.indexOf('<') < 0);
   };
 
+  // Returns `null` if no specials are found in the array, so that the
+  // parent can perform the actual optimization.  Otherwise, returns
+  // an array of parts which have been optimized as much as possible.
+  // `forceOptimize` forces the latter case.
   var optimizeArrayParts = function (array, optimizePartsFunc, forceOptimize) {
     var result = null;
     if (forceOptimize)
@@ -102,7 +106,14 @@ var optimize = function (tree) {
 
       var mustOptimize = false;
 
-      if (node.attrs) {
+      // Avoid ever producing HTML containing `<table><tr>...`, because the
+      // browser will insert a TBODY.  If we just `createElement("table")` and
+      // `createElement("tr")`, on the other hand, no TBODY is necessary
+      // (assuming IE 8+).
+      if (tagName === 'table')
+        mustOptimize = true;
+
+      if (node.attrs && ! mustOptimize) {
         var attrs = node.attrs;
         for (var k in attrs) {
           if (doesAttributeValueHaveSpecials(attrs[k])) {
diff --git a/packages/spacebars-compiler/spacebars_tests.js b/packages/spacebars-compiler/spacebars_tests.js
index 5e809eb3cf..2ef521d014 100644
--- a/packages/spacebars-compiler/spacebars_tests.js
+++ b/packages/spacebars-compiler/spacebars_tests.js
@@ -32,6 +32,12 @@ Tinytest.add("spacebars - stache tags", function (test) {
   run('{{! asdf }}', {type: 'COMMENT', value: ' asdf '});
   run('{{ ! asdf }}', {type: 'COMMENT', value: ' asdf '});
   run('{{ ! asdf }asdf', "Unclosed");
+  run('{{!-- asdf --}}', {type: 'BLOCKCOMMENT', value: ' asdf '});
+  run('{{ !-- asdf -- }}', {type: 'BLOCKCOMMENT', value: ' asdf '});
+  run('{{ !-- {{asdf}} -- }}', {type: 'BLOCKCOMMENT', value: ' {{asdf}} '});
+  run('{{ !-- {{as--df}} --}}', {type: 'BLOCKCOMMENT', value: ' {{as--df}} '});
+  run('{{ !-- asdf }asdf', "Unclosed");
+  run('{{ !-- asdf --}asdf', "Unclosed");
   run('{{else}}', {type: 'ELSE'});
   run('{{ else }}', {type: 'ELSE'});
   run('{{else x}}', "Expected");
@@ -225,6 +231,9 @@ Tinytest.add("spacebars - parse", function (test) {
   test.equal(HTML.toJS(Spacebars.parse('{{!foo}}')), 'null');
   test.equal(HTML.toJS(Spacebars.parse('x{{!foo}}y')), '"xy"');
 
+  test.equal(HTML.toJS(Spacebars.parse('{{!--foo--}}')), 'null');
+  test.equal(HTML.toJS(Spacebars.parse('x{{!--foo--}}y')), '"xy"');
+
   test.equal(HTML.toJS(Spacebars.parse('{{#foo}}x{{/foo}}')),
              'HTMLTools.Special({type: "BLOCKOPEN", path: ["foo"], content: "x"})');
 
@@ -254,7 +263,10 @@ Tinytest.add("spacebars - parse", function (test) {
     Spacebars.parse('<a {{> x}}></a>');
   });
 
-  test.equal(HTML.toJS(Spacebars.parse('<a {{! x}} b=c{{! x}} {{! x}}></a>')),
+  test.equal(HTML.toJS(Spacebars.parse('<a {{! x--}} b=c{{! x}} {{! x}}></a>')),
+             'HTML.A({b: "c"})');
+
+  test.equal(HTML.toJS(Spacebars.parse('<a {{!-- x--}} b=c{{ !-- x --}} {{!-- x -- }}></a>')),
              'HTML.A({b: "c"})');
 
   // currently, if there are only comments, the attribute is truthy.  This is
@@ -264,5 +276,9 @@ Tinytest.add("spacebars - parse", function (test) {
              'HTML.INPUT({selected: ""})');
   test.equal(HTML.toJS(Spacebars.parse('<input selected={{!foo}}{{!bar}}>')),
              'HTML.INPUT({selected: ""})');
+  test.equal(HTML.toJS(Spacebars.parse('<input selected={{!--foo--}}>')),
+    'HTML.INPUT({selected: ""})');
+  test.equal(HTML.toJS(Spacebars.parse('<input selected={{!--foo--}}{{!--bar--}}>')),
+    'HTML.INPUT({selected: ""})');
 
 });
diff --git a/packages/spacebars-compiler/templatetag.js b/packages/spacebars-compiler/templatetag.js
index 5a50fde13e..4616f37970 100644
--- a/packages/spacebars-compiler/templatetag.js
+++ b/packages/spacebars-compiler/templatetag.js
@@ -48,6 +48,7 @@ var starts = {
   ELSE: makeStacheTagStartRegex(/^\{\{\s*else(?=[\s}])/i),
   DOUBLE: makeStacheTagStartRegex(/^\{\{\s*(?!\s)/),
   TRIPLE: makeStacheTagStartRegex(/^\{\{\{\s*(?!\s)/),
+  BLOCKCOMMENT: makeStacheTagStartRegex(/^\{\{\s*!--/),
   COMMENT: makeStacheTagStartRegex(/^\{\{\s*!/),
   INCLUSION: makeStacheTagStartRegex(/^\{\{\s*>\s*(?!\s)/),
   BLOCKOPEN: makeStacheTagStartRegex(/^\{\{\s*#\s*(?!\s)/),
@@ -226,6 +227,7 @@ TemplateTag.parse = function (scannerOrString) {
   if (run(starts.ELSE)) type = 'ELSE';
   else if (run(starts.DOUBLE)) type = 'DOUBLE';
   else if (run(starts.TRIPLE)) type = 'TRIPLE';
+  else if (run(starts.BLOCKCOMMENT)) type = 'BLOCKCOMMENT';
   else if (run(starts.COMMENT)) type = 'COMMENT';
   else if (run(starts.INCLUSION)) type = 'INCLUSION';
   else if (run(starts.BLOCKOPEN)) type = 'BLOCKOPEN';
@@ -236,7 +238,12 @@ TemplateTag.parse = function (scannerOrString) {
   var tag = new TemplateTag;
   tag.type = type;
 
-  if (type === 'COMMENT') {
+  if (type === 'BLOCKCOMMENT') {
+    var result = run(/^[\s\S]*?--\s*?\}\}/);
+    if (! result)
+      error("Unclosed block comment");
+    tag.value = result.slice(0, result.lastIndexOf('--'));
+  } else if (type === 'COMMENT') {
     var result = run(/^[\s\S]*?\}\}/);
     if (! result)
       error("Unclosed comment");
@@ -320,6 +327,9 @@ TemplateTag.parseCompleteTag = function (scannerOrString, position) {
   if (! result)
     return result;
 
+  if (result.type === 'BLOCKCOMMENT')
+    return null;
+
   if (result.type === 'COMMENT')
     return null;
 
diff --git a/packages/spacebars-tests/package.js b/packages/spacebars-tests/package.js
index 741cbc8710..3a4628d47b 100644
--- a/packages/spacebars-tests/package.js
+++ b/packages/spacebars-tests/package.js
@@ -1,5 +1,6 @@
 Package.describe({
-  summary: "Additional tests for Spacebars"
+  summary: "Additional tests for Spacebars",
+  internal: true
 });
 
 // These tests are in a separate package to avoid a circular dependency
diff --git a/packages/spacebars-tests/template_tests.html b/packages/spacebars-tests/template_tests.html
index 2a49eb661e..0f2e733dcd 100644
--- a/packages/spacebars-tests/template_tests.html
+++ b/packages/spacebars-tests/template_tests.html
@@ -663,3 +663,66 @@ Hi there!
 <template name="spacebars_test_event_returns_false">
   <a href="#bad-url" id="spacebars_test_event_returns_false_link">click me</a>
 </template>
+
+<template name="spacebars_test_tables1">
+  <table><tr><td>Foo</td></tr></table>
+</template>
+
+<template name="spacebars_test_tables2">
+  <table><tr><td>{{foo}}</td></tr></table>
+</template>
+
+<template name="spacebars_test_jquery_events">
+  <button type="button">button</button>
+</template>
+
+<template name="spacebars_test_tohtml_basic">
+  {{foo}}
+</template>
+
+<template name="spacebars_test_tohtml_if">
+  {{#if true}}
+    {{foo}}
+  {{/if}}
+</template>
+
+<template name="spacebars_test_tohtml_with">
+  {{#with foo}}
+    {{.}}
+  {{/with}}
+</template>
+
+<template name="spacebars_test_tohtml_each">
+  {{#each foos}}
+    {{.}}
+  {{/each}}
+</template>
+
+<template name="spacebars_test_tohtml_include_with">
+  {{> spacebars_test_tohtml_with}}
+</template>
+
+<template name="spacebars_test_tohtml_include_each">
+  {{> spacebars_test_tohtml_each}}
+</template>
+
+<template name="spacebars_test_block_comment">
+  {{!-- foo --}}
+  {{!--
+    {{bar}}
+  --}}
+</template>
+
+<template name="spacebars_test_with_mutated_data_context">
+  {{#with foo}}
+    {{value}}
+  {{/with}}
+</template>
+
+<template name="spacebars_test_url_attribute">
+  <a href="{{foo}}"></a>
+  <a hReF="{{foo}}"></a>
+  <form action="{{foo}}"></form>
+  <img src="{{foo}}" />
+  <input value="{{foo}}" />
+</template>
diff --git a/packages/spacebars-tests/template_tests.js b/packages/spacebars-tests/template_tests.js
index 8f10f85f9c..93c82cbc2c 100644
--- a/packages/spacebars-tests/template_tests.js
+++ b/packages/spacebars-tests/template_tests.js
@@ -1832,3 +1832,182 @@ Tinytest.add(
     document.body.removeChild(div);
   }
 );
+
+Tinytest.add("spacebars - template - tables", function (test) {
+  var tmpl1 = Template.spacebars_test_tables1;
+
+  var div = renderToDiv(tmpl1);
+  test.equal(_.pluck(div.querySelectorAll('*'), 'tagName'),
+             ['TABLE', 'TR', 'TD']);
+  divRendersTo(test, div, '<table><tr><td>Foo</td></tr></table>');
+
+  var tmpl2 = Template.spacebars_test_tables2;
+  tmpl2.foo = 'Foo';
+  div = renderToDiv(tmpl2);
+  test.equal(_.pluck(div.querySelectorAll('*'), 'tagName'),
+             ['TABLE', 'TR', 'TD']);
+  divRendersTo(test, div, '<table><tr><td>Foo</td></tr></table>');
+});
+
+Tinytest.add(
+  "spacebars - template - jQuery.trigger extraParameters are passed to the event callback",
+  function (test) {
+    var tmpl = Template.spacebars_test_jquery_events;
+    var captured = false;
+    var args = ["param1", "param2", {option: 1}, 1, 2, 3];
+
+    tmpl.events({
+      'someCustomEvent': function (event, template) {
+        var i;
+        for (i=0; i<args.length; i++) {
+          // expect the arguments to be just after template
+          test.equal(arguments[i+2], args[i]);
+        }
+        captured = true;
+      }
+    });
+
+    tmpl.rendered = function () {
+      $(this.find('button')).trigger('someCustomEvent', args);
+    };
+
+    renderToDiv(tmpl);
+    Deps.flush();
+    test.equal(captured, true);
+  }
+);
+
+Tinytest.add("spacebars - template - UI.toHTML", function (test) {
+  // run once, verifying that autoruns are stopped
+  var once = function (tmplToRender, tmplForHelper, helper, val) {
+    var count = 0;
+    var R = new ReactiveVar;
+    var getR = function () {
+      count++;
+      return R.get();
+    };
+
+    R.set(val);
+    tmplForHelper[helper] = getR;
+    test.equal(canonicalizeHtml(UI.toHTML(tmplToRender)), "bar");
+    test.equal(count, 1);
+    R.set("");
+    Deps.flush();
+    test.equal(count, 1); // all autoruns stopped
+  };
+
+  once(Template.spacebars_test_tohtml_basic,
+       Template.spacebars_test_tohtml_basic, "foo", "bar");
+  once(Template.spacebars_test_tohtml_if,
+       Template.spacebars_test_tohtml_if, "foo", "bar");
+  once(Template.spacebars_test_tohtml_with,
+       Template.spacebars_test_tohtml_with, "foo", "bar");
+  once(Template.spacebars_test_tohtml_each,
+       Template.spacebars_test_tohtml_each, "foos", ["bar"]);
+
+  once(Template.spacebars_test_tohtml_include_with,
+       Template.spacebars_test_tohtml_with, "foo", "bar");
+  once(Template.spacebars_test_tohtml_include_each,
+       Template.spacebars_test_tohtml_each, "foos", ["bar"]);
+});
+
+Tinytest.add(
+  "spacebars - template - block comments should not be displayed",
+  function (test) {
+    var tmpl = Template.spacebars_test_block_comment;
+    var div = renderToDiv(tmpl);
+    test.equal(canonicalizeHtml(div.innerHTML), '');
+  }
+);
+
+// Originally reported at https://github.com/meteor/meteor/issues/2046
+Tinytest.add(
+  "spacebars - template - {{#with}} with mutated data context",
+  function (test) {
+    var tmpl = Template.spacebars_test_with_mutated_data_context;
+    var foo = {value: 0};
+    var dep = new Deps.Dependency;
+    tmpl.foo = function () {
+      dep.depend();
+      return foo;
+    };
+
+    var div = renderToDiv(tmpl);
+    test.equal(canonicalizeHtml(div.innerHTML), '0');
+
+    foo.value = 1;
+    dep.changed();
+    Deps.flush();
+    test.equal(canonicalizeHtml(div.innerHTML), '1');
+  });
+
+Tinytest.add(
+  "spacebars - template - javascript scheme urls",
+  function (test) {
+    var tmpl = Template.spacebars_test_url_attribute;
+    var sessionKey = "foo-" + Random.id();
+    tmpl.foo = function () {
+      return Session.get(sessionKey);
+    };
+
+    var numUrlAttrs = 4;
+    var div = renderToDiv(tmpl);
+
+    // [tag name, attr name, is a url attribute]
+    var attrsList = [["A", "href", true], ["FORM", "action", true],
+                     ["IMG", "src", true], ["INPUT", "value", false]];
+
+    var checkAttrs = function (url, isJavascriptProtocol) {
+      if (isJavascriptProtocol) {
+        Meteor._suppress_log(numUrlAttrs);
+      }
+      Session.set(sessionKey, url);
+      Deps.flush();
+      _.each(
+        attrsList,
+        function (attrInfo) {
+          var normalizedUrl;
+          var elem = document.createElement(attrInfo[0]);
+          try {
+            elem[attrInfo[1]] = url;
+          } catch (err) {
+            // IE throws an exception if you set an img src to a
+            // javascript: URL. Blaze can't override this behavior;
+            // whether you've called UI._javascriptUrlsAllowed() or not,
+            // you won't be able to set a javascript: URL in an img
+            // src. So we only test img tags in other browsers.
+            if (attrInfo[0] === "IMG") {
+              return;
+            }
+            throw err;
+          }
+          document.body.appendChild(elem);
+          normalizedUrl = elem[attrInfo[1]];
+          document.body.removeChild(elem);
+
+          _.each(
+            div.getElementsByTagName(attrInfo[0]),
+            function (elem) {
+              test.equal(
+                elem[attrInfo[1]],
+                isJavascriptProtocol && attrInfo[2] ? "" : normalizedUrl
+              );
+            }
+          );
+        }
+      );
+    };
+
+    test.equal(UI._javascriptUrlsAllowed(), false);
+    checkAttrs("http://www.meteor.com", false);
+    checkAttrs("javascript:alert(1)", true);
+    checkAttrs("jAvAsCrIpT:alert(1)", true);
+    checkAttrs("    javascript:alert(1)", true);
+    UI._allowJavascriptUrls();
+    test.equal(UI._javascriptUrlsAllowed(), true);
+    checkAttrs("http://www.meteor.com", false);
+    checkAttrs("javascript:alert(1)", false);
+    checkAttrs("jAvAsCrIpT:alert(1)", false);
+    checkAttrs("    javascript:alert(1)", false);
+  }
+);
diff --git a/packages/spacebars/README.md b/packages/spacebars/README.md
index c3bcfa5e31..9bdeca4a91 100644
--- a/packages/spacebars/README.md
+++ b/packages/spacebars/README.md
@@ -262,9 +262,13 @@ context) if there are zero items in the sequence at any time.
 
 When the argument to `#each` changes, the DOM is always updated to reflect the new sequence, but it's sometimes significant exactly how that is achieved.  When the argument is a Meteor live cursor, the `#each` has access to fine-grained updates to the sequence -- add, remove, move, and change callbacks -- and the items are all documents identified by unique ids.  As long as the cursor itself remains constant (i.e. the query doesn't change), it is very easy to reason about how the DOM will be updated as the contents of the cursor change.  The rendered content for each document persists as long as the document is in the cursor, and when documents are re-ordered, the DOM is re-ordered.
 
-Things are more complicated if the argument to the `#each` reactively changes between different cursor objects, or between arrays of plain JavaScript objects that may not be identified clearly.  The implementation of `#each` tries to be intelligent without doing too much expensive work.
+Things are more complicated if the argument to the `#each` reactively changes between different cursor objects, or between arrays of plain JavaScript objects that may not be identified clearly.  The implementation of `#each` tries to be intelligent without doing too much expensive work. Specifically, it tries to identify items between the old and new array or cursor with the following strategy:
 
-XXX explain more
+1. For objects with an `_id` field, use that field as the identification key
+2. For objects with no `_id` field, use the array index as the identification key. In this case, appends are fast but prepends are slower.
+3. For numbers or strings, use their value as the identification key.
+
+Regardless of the strategy used, keys are deduplicated so that arrays with repeating items work fine.
 
 ## Custom Block Helpers
 
@@ -332,6 +336,15 @@ appear in the compiled template code or the generated HTML.
 </div>
 ```
 
+Comment tags also come in a "block comment" form.  Block comments may contain `{{` and `}}`:
+
+```
+{{!-- This is a block comment.
+We can write {{foo}} and it doesn't matter.
+{{#with x}}This code is commented out.{{/with}}
+--}}
+```
+
 Comment tags can be used wherever other template tags are allowed.
 
 ## HTML Dialect
diff --git a/packages/spacebars/package.js b/packages/spacebars/package.js
index bc67d956f5..93c2f50dc5 100644
--- a/packages/spacebars/package.js
+++ b/packages/spacebars/package.js
@@ -1,5 +1,6 @@
 Package.describe({
-  summary: "Handlebars-like template language for Meteor"
+  summary: "Handlebars-like template language for Meteor",
+  internal: true
 });
 
 // For more, see package `spacebars-compiler`, which is used by
diff --git a/packages/spacebars/spacebars-runtime.js b/packages/spacebars/spacebars-runtime.js
index 120356753b..59c2f37a47 100644
--- a/packages/spacebars/spacebars-runtime.js
+++ b/packages/spacebars/spacebars-runtime.js
@@ -216,7 +216,7 @@ Spacebars.dot = function (value, id1/*, id2, ...*/) {
 Spacebars.With = function (argFunc, contentBlock, elseContentBlock) {
   return UI.Component.extend({
     init: function () {
-      this.v = UI.emboxValue(argFunc);
+      this.v = UI.emboxValue(argFunc, UI.safeEquals);
     },
     render: function () {
       return UI.If(this.v, UI.With(this.v, contentBlock), elseContentBlock);
diff --git a/packages/srp/srp.js b/packages/srp/srp.js
index e04860d577..231a1b59b7 100644
--- a/packages/srp/srp.js
+++ b/packages/srp/srp.js
@@ -15,8 +15,8 @@ SRP = {};
 SRP.generateVerifier = function (password, options) {
   var params = paramsFromOptions(options);
 
-  var identity = (options && options.identity) || Random.id();
-  var salt = (options && options.salt) || Random.id();
+  var identity = (options && options.identity) || Random.secret();
+  var salt = (options && options.salt) || Random.secret();
 
   var x = params.hash(salt + params.hash(identity + ":" + password));
   var xi = new BigInteger(x, 16);
diff --git a/packages/star-translate/translator.js b/packages/star-translate/translator.js
index 77d08756de..bff404d034 100644
--- a/packages/star-translate/translator.js
+++ b/packages/star-translate/translator.js
@@ -101,6 +101,9 @@ StarTranslator._writeClientProg = function (bundlePath, clientProgPath) {
   var clientManifest = {
     "format": "browser-program-pre1",
     "manifest": origClientManifest.manifest,
+    // XXX Haven't updated this for the app.html -> head/body change, but
+    //     surely we don't need to because code in pre-star apps doesn't
+    //     even read this file?
     "page": "app.html",
     "static": "static",
     "staticCacheable": "static_cacheable"
diff --git a/packages/stylus/.npm/plugin/compileStylus/npm-shrinkwrap.json b/packages/stylus/.npm/plugin/compileStylus/npm-shrinkwrap.json
index d55ecb4c42..f1651f24a7 100644
--- a/packages/stylus/.npm/plugin/compileStylus/npm-shrinkwrap.json
+++ b/packages/stylus/.npm/plugin/compileStylus/npm-shrinkwrap.json
@@ -1,41 +1,5 @@
 {
   "dependencies": {
-    "stylus": {
-      "version": "0.42.2",
-      "dependencies": {
-        "css-parse": {
-          "version": "1.7.0"
-        },
-        "mkdirp": {
-          "version": "0.3.5"
-        },
-        "debug": {
-          "version": "0.7.4"
-        },
-        "sax": {
-          "version": "0.5.8"
-        },
-        "glob": {
-          "version": "3.2.8",
-          "dependencies": {
-            "minimatch": {
-              "version": "0.2.14",
-              "dependencies": {
-                "lru-cache": {
-                  "version": "2.5.0"
-                },
-                "sigmund": {
-                  "version": "1.0.0"
-                }
-              }
-            },
-            "inherits": {
-              "version": "2.0.1"
-            }
-          }
-        }
-      }
-    },
     "nib": {
       "version": "1.0.2",
       "dependencies": {
@@ -57,6 +21,42 @@
           }
         }
       }
+    },
+    "stylus": {
+      "version": "0.42.3",
+      "dependencies": {
+        "css-parse": {
+          "version": "1.7.0"
+        },
+        "mkdirp": {
+          "version": "0.3.5"
+        },
+        "debug": {
+          "version": "0.7.4"
+        },
+        "sax": {
+          "version": "0.5.8"
+        },
+        "glob": {
+          "version": "3.2.9",
+          "dependencies": {
+            "minimatch": {
+              "version": "0.2.14",
+              "dependencies": {
+                "lru-cache": {
+                  "version": "2.5.0"
+                },
+                "sigmund": {
+                  "version": "1.0.0"
+                }
+              }
+            },
+            "inherits": {
+              "version": "2.0.1"
+            }
+          }
+        }
+      }
     }
   }
 }
diff --git a/packages/stylus/package.js b/packages/stylus/package.js
index f0e8f08e74..c3b995389c 100644
--- a/packages/stylus/package.js
+++ b/packages/stylus/package.js
@@ -8,7 +8,7 @@ Package._transitional_registerBuildPlugin({
   sources: [
     'plugin/compile-stylus.js'
   ],
-  npmDependencies: { stylus: "0.42.2", nib: "1.0.2" }
+  npmDependencies: { stylus: "0.42.3", nib: "1.0.2" }
 });
 
 Package.on_test(function (api) {
diff --git a/packages/templating/plugin/compile-templates.js b/packages/templating/plugin/compile-templates.js
index 3af214a363..b364737c2e 100644
--- a/packages/templating/plugin/compile-templates.js
+++ b/packages/templating/plugin/compile-templates.js
@@ -53,6 +53,9 @@ var doHTMLScanning = function (compileStep, htmlScanner) {
   }
 };
 
-Plugin.registerSourceHandler("html", function (compileStep) {
-  doHTMLScanning(compileStep, html_scanner);
-});
+Plugin.registerSourceHandler(
+  "html", {isTemplate: true},
+  function (compileStep) {
+    doHTMLScanning(compileStep, html_scanner);
+  }
+);
diff --git a/packages/templating/templating_tests.html b/packages/templating/templating_tests.html
index ffa60f92be..b046ece7aa 100644
--- a/packages/templating/templating_tests.html
+++ b/packages/templating/templating_tests.html
@@ -30,30 +30,6 @@
 
 
 
-<template name="test_table_a0">
-  <table>
-    {{> test_table_a1}}
-    {{> test_table_a1}}
-    {{> test_table_a1}}
-  </table>
-</template>
-
-<template name="test_table_a1">
-  <tr>
-    {{> test_table_a2}}
-  </tr>
-</template>
-
-<template name="test_table_a2">
-  <td>
-    {{> test_table_a3}}
-  </td>
-</template>
-
-<template name="test_table_a3">
-  Foo.
-</template>
-
 <template name="test_table_b0">
   <table>
     <tbody>
@@ -83,9 +59,11 @@
 
 <template name="test_table_each">
   <table>
-    {{#each foo}}
-      <tr><td>{{bar}}</td></tr>
-    {{/each}}
+    <tbody>
+      {{#each foo}}
+        <tr><td>{{bar}}</td></tr>
+      {{/each}}
+    </tbody>
   </table>
 </template>
 
diff --git a/packages/templating/templating_tests.js b/packages/templating/templating_tests.js
index c12d0ed37f..bd19264199 100644
--- a/packages/templating/templating_tests.js
+++ b/packages/templating/templating_tests.js
@@ -53,16 +53,9 @@ Tinytest.add("templating - table assembly", function(test) {
     });
   };
 
-  var table;
-  table = childWithTag(renderToDiv(Template.test_table_a0), "TABLE");
-
-  // table.rows is a great test, as it fails not only when TR/TD tags are
-  // stripped due to improper html-to-fragment, but also when they are present
-  // but don't show up because we didn't create a TBODY for IE.
-  test.equal(table.rows.length, 3);
-
-  // this time with an explicit TBODY
-  table = childWithTag(renderToDiv(Template.test_table_b0), "TABLE");
+  // The table.rows test would fail when TR/TD tags are stripped due
+  // to improper html-to-fragment
+  var table = childWithTag(renderToDiv(Template.test_table_b0), "TABLE");
   test.equal(table.rows.length, 3);
 
   var c = new LocalCollection();
diff --git a/packages/test-helpers/async_multi.js b/packages/test-helpers/async_multi.js
index fbbb34db35..1f5d001e25 100644
--- a/packages/test-helpers/async_multi.js
+++ b/packages/test-helpers/async_multi.js
@@ -116,11 +116,14 @@ testAsyncMulti = function (name, funcs) {
   Tinytest.addAsync(name, function (test, onComplete) {
     var remaining = _.clone(funcs);
     var context = {};
+    var i = 0;
 
     var runNext = function () {
       var func = remaining.shift();
-      if (!func)
+      if (!func) {
+        delete test.extraDetails.asyncBlock;
         onComplete();
+      }
       else {
         var em = new ExpectationManager(test, function () {
           Meteor.clearTimeout(timer);
@@ -135,6 +138,7 @@ testAsyncMulti = function (name, funcs) {
           return;
         }, timeout);
 
+        test.extraDetails.asyncBlock = i++;
         try {
           func.apply(context, [test, _.bind(em.expect, em)]);
         } catch (exception) {
diff --git a/packages/test-helpers/seeded_random.js b/packages/test-helpers/seeded_random.js
index a950ef59a5..6f52568781 100644
--- a/packages/test-helpers/seeded_random.js
+++ b/packages/test-helpers/seeded_random.js
@@ -3,7 +3,7 @@ SeededRandom = function(seed) { // seed may be a string or any type
     return new SeededRandom(seed);
 
   seed = seed || "seed";
-  this.gen = Random.create(seed).alea; // from random.js
+  this.gen = Random.createWithSeeds(seed).alea; // from random.js
 };
 SeededRandom.prototype.next = function() {
   return this.gen();
diff --git a/packages/tinytest/tinytest.js b/packages/tinytest/tinytest.js
index 3e937fbec6..21498996a6 100644
--- a/packages/tinytest/tinytest.js
+++ b/packages/tinytest/tinytest.js
@@ -11,6 +11,7 @@ TestCaseResults = function (test_case, onEvent, onException, stop_at_offset) {
   self.stop_at_offset = stop_at_offset;
   self.onException = onException;
   self.id = Random.id();
+  self.extraDetails = {};
 };
 
 _.extend(TestCaseResults.prototype, {
@@ -41,6 +42,8 @@ _.extend(TestCaseResults.prototype, {
       doc = { type: "fail", message: doc };
     }
 
+    doc = _.extend({}, doc, self.extraDetails);
+
     if (self.stop_at_offset === 0) {
       if (Meteor.isClient) {
         // Only supported on the browser for now..
@@ -168,16 +171,23 @@ _.extend(TestCaseResults.prototype, {
                  actual: actual, regexp: regexp.toString()});
   },
 
-  // XXX nodejs assert.throws can take an expected error, as a class,
-  // regular expression, or predicate function.  However, with its
-  // implementation if a constructor (class) is passed in and `actual`
-  // fails the instanceof test, the constructor is then treated as
-  // a predicate and called with `actual` (!)
-  //
   // expected can be:
   //  undefined: accept any exception.
-  //  regexp: accept an exception with message passing the regexp.
+  //  string: pass if the string is a substring of the exception message.
+  //  regexp: pass if the exception message passes the regexp.
   //  function: call the function as a predicate with the exception.
+  //
+  // Note: Node's assert.throws also accepts a constructor to test
+  // whether the error is of the expected class.  But since
+  // JavaScript can't distinguish between constructors and plain
+  // functions and Node's assert.throws also accepts a predicate
+  // function, if the error fails the instanceof test with the
+  // constructor then the constructor is then treated as a predicate
+  // and called (!)
+  //
+  // The upshot is, if you want to test whether an error is of a
+  // particular class, use a predicate function.
+  //
   throws: function (f, expected) {
     var actual, predicate;
 
@@ -185,6 +195,11 @@ _.extend(TestCaseResults.prototype, {
       predicate = function (actual) {
         return true;
       };
+    else if (_.isString(expected))
+      predicate = function (actual) {
+        return _.isString(actual.message) &&
+               actual.message.indexOf(expected) !== -1;
+      };
     else if (expected instanceof RegExp)
       predicate = function (actual) {
         return expected.test(actual.message)
@@ -192,7 +207,7 @@ _.extend(TestCaseResults.prototype, {
     else if (typeof expected === 'function')
       predicate = expected;
     else
-      throw new Error('expected should be a predicate function or regexp');
+      throw new Error('expected should be a string, regexp, or predicate function');
 
     try {
       f();
@@ -201,9 +216,14 @@ _.extend(TestCaseResults.prototype, {
     }
 
     if (actual && predicate(actual))
-      this.ok({message: actual.message});
+      this.ok();
     else
-      this.fail({type: "throws"});
+      this.fail({
+        type: "throws",
+        message: actual ?
+          "wrong error thrown: " + actual.message :
+          "did not throw an error as expected"
+      });
   },
 
   isTrue: function (v, msg) {
diff --git a/packages/twitter/twitter_client.js b/packages/twitter/twitter_client.js
index d2d919a51b..8ff7fa6138 100644
--- a/packages/twitter/twitter_client.js
+++ b/packages/twitter/twitter_client.js
@@ -14,11 +14,12 @@ Twitter.requestCredential = function (options, credentialRequestCompleteCallback
 
   var config = ServiceConfiguration.configurations.findOne({service: 'twitter'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.id();
+  var credentialToken = Random.secret();
   // We need to keep credentialToken across the next two 'steps' so we're adding
   // a credentialToken parameter to the url and the callback url that we'll be returned
   // to by oauth provider
@@ -28,7 +29,7 @@ Twitter.requestCredential = function (options, credentialRequestCompleteCallback
   var loginUrl = '/_oauth/twitter/?requestTokenAndRedirect=true'
         + '&state=' + credentialToken;
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken)
   );
diff --git a/packages/twitter/twitter_configure.html b/packages/twitter/twitter_configure.html
index 67195547db..32820e4505 100644
--- a/packages/twitter/twitter_configure.html
+++ b/packages/twitter/twitter_configure.html
@@ -9,5 +9,15 @@
     <li>
       Set Callback URL to: <span class="url">{{siteUrl}}_oauth/twitter?close</span>
     </li>
+    <li>
+      Select "Create your Twitter application".
+    </li>
+    <li>
+      On the Settings tab, enable "Allow this application to be used to Sign in with Twitter" and click
+      "Update settings".
+    </li>
+    <li>
+      Switch to the API Keys tab.
+    </li>
   </ol>
 </template>
diff --git a/packages/twitter/twitter_configure.js b/packages/twitter/twitter_configure.js
index e41329cbde..c40ca0808d 100644
--- a/packages/twitter/twitter_configure.js
+++ b/packages/twitter/twitter_configure.js
@@ -5,7 +5,7 @@ Template.configureLoginServiceDialogForTwitter.siteUrl = function () {
 
 Template.configureLoginServiceDialogForTwitter.fields = function () {
   return [
-    {property: 'consumerKey', label: 'Consumer key'},
-    {property: 'secret', label: 'Consumer secret'}
+    {property: 'consumerKey', label: 'API key'},
+    {property: 'secret', label: 'API secret'}
   ];
-};
\ No newline at end of file
+};
diff --git a/packages/twitter/twitter_server.js b/packages/twitter/twitter_server.js
index ce05ea0119..f7b6c0dcb0 100644
--- a/packages/twitter/twitter_server.js
+++ b/packages/twitter/twitter_server.js
@@ -11,14 +11,14 @@ var urls = {
 // https://dev.twitter.com/docs/api/1.1/get/account/verify_credentials
 Twitter.whitelistedFields = ['profile_image_url', 'profile_image_url_https', 'lang'];
 
-Oauth.registerService('twitter', 1, urls, function(oauthBinding) {
+OAuth.registerService('twitter', 1, urls, function(oauthBinding) {
   var identity = oauthBinding.get('https://api.twitter.com/1.1/account/verify_credentials.json').data;
 
   var serviceData = {
     id: identity.id_str,
     screenName: identity.screen_name,
-    accessToken: oauthBinding.accessToken,
-    accessTokenSecret: oauthBinding.accessTokenSecret
+    accessToken: OAuth.sealSecret(oauthBinding.accessToken),
+    accessTokenSecret: OAuth.sealSecret(oauthBinding.accessTokenSecret)
   };
 
   // include helpful fields from twitter
@@ -37,5 +37,5 @@ Oauth.registerService('twitter', 1, urls, function(oauthBinding) {
 
 
 Twitter.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/packages/ui/attrs.js b/packages/ui/attrs.js
index 54ead8197e..c87392b2b2 100644
--- a/packages/ui/attrs.js
+++ b/packages/ui/attrs.js
@@ -27,16 +27,14 @@ AttributeHandler = function (name, value) {
   this.value = value;
 };
 
-_.extend(AttributeHandler.prototype, {
-  update: function (element, oldValue, value) {
-    if (value === null) {
-      if (oldValue !== null)
-        element.removeAttribute(this.name);
-    } else {
-      element.setAttribute(this.name, this.value);
-    }
+AttributeHandler.prototype.update = function (element, oldValue, value) {
+  if (value === null) {
+    if (oldValue !== null)
+      element.removeAttribute(this.name);
+  } else {
+    element.setAttribute(this.name, value);
   }
-});
+};
 
 AttributeHandler.extend = function (options) {
   var curType = this;
@@ -63,15 +61,17 @@ var BaseClassHandler = AttributeHandler.extend({
     var classes = _.compact(this.getCurrentValue(element).split(' '));
 
     // optimize this later (to be asymptotically faster) if necessary
-    _.each(oldClasses, function (c) {
-      if (_.indexOf(newClasses, c) < 0)
+    for (var i = 0; i < oldClasses.length; i++) {
+      var c = oldClasses[i];
+      if (! _.contains(newClasses, c))
         classes = _.without(classes, c);
-    });
-    _.each(newClasses, function (c) {
-      if (_.indexOf(oldClasses, c) < 0 &&
-          _.indexOf(classes, c) < 0)
+    }
+    for (var i = 0; i < newClasses.length; i++) {
+      var c = newClasses[i];
+      if ((! _.contains(oldClasses, c)) &&
+          (! _.contains(classes, c)))
         classes.push(c);
-    });
+    }
 
     this.setValue(element, classes.join(' '));
   }
@@ -160,6 +160,93 @@ var isSVGElement = function (elem) {
   return 'ownerSVGElement' in elem;
 };
 
+var isUrlAttribute = function (tagName, attrName) {
+  // Compiled from http://www.w3.org/TR/REC-html40/index/attributes.html
+  // and
+  // http://www.w3.org/html/wg/drafts/html/master/index.html#attributes-1
+  var urlAttrs = {
+    FORM: ['action'],
+    BODY: ['background'],
+    BLOCKQUOTE: ['cite'],
+    Q: ['cite'],
+    DEL: ['cite'],
+    INS: ['cite'],
+    OBJECT: ['classid', 'codebase', 'data', 'usemap'],
+    APPLET: ['codebase'],
+    A: ['href'],
+    AREA: ['href'],
+    LINK: ['href'],
+    BASE: ['href'],
+    IMG: ['longdesc', 'src', 'usemap'],
+    FRAME: ['longdesc', 'src'],
+    IFRAME: ['longdesc', 'src'],
+    HEAD: ['profile'],
+    SCRIPT: ['src'],
+    INPUT: ['src', 'usemap', 'formaction'],
+    BUTTON: ['formaction'],
+    BASE: ['href'],
+    MENUITEM: ['icon'],
+    HTML: ['manifest'],
+    VIDEO: ['poster']
+  };
+
+  if (attrName === 'itemid') {
+    return true;
+  }
+
+  var urlAttrNames = urlAttrs[tagName] || [];
+  return _.contains(urlAttrNames, attrName);
+};
+
+// To get the protocol for a URL, we let the browser normalize it for
+// us, by setting it as the href for an anchor tag and then reading out
+// the 'protocol' property.
+if (Meteor.isClient) {
+  var anchorForNormalization = document.createElement('A');
+}
+
+var normalizeUrl = function (url) {
+  if (Meteor.isClient) {
+    anchorForNormalization.href = url;
+    return anchorForNormalization.href;
+  } else {
+    throw new Error('normalizeUrl not implemented on the server');
+  }
+};
+
+// UrlHandler is an attribute handler for all HTML attributes that take
+// URL values. It disallows javascript: URLs, unless
+// UI._allowJavascriptUrls() has been called. To detect javascript:
+// urls, we set the attribute and then reads the attribute out of the
+// DOM, in order to avoid writing our own URL normalization code. (We
+// don't want to be fooled by ' javascript:alert(1)' or
+// 'jAvAsCrIpT:alert(1)'.) In future, when the URL interface is more
+// widely supported, we can use that, which will be
+// cleaner.  https://developer.mozilla.org/en-US/docs/Web/API/URL
+var origUpdate = AttributeHandler.prototype.update;
+var UrlHandler = AttributeHandler.extend({
+  update: function (element, oldValue, value) {
+    var self = this;
+    var args = arguments;
+
+    if (UI._javascriptUrlsAllowed()) {
+      origUpdate.apply(self, args);
+    } else {
+      var isJavascriptProtocol =
+            (normalizeUrl(value).indexOf('javascript:') === 0);
+      if (isJavascriptProtocol) {
+        Meteor._debug("URLs that use the 'javascript:' protocol are not " +
+                      "allowed in URL attribute values. " +
+                      "Call UI._allowJavascriptUrls() " +
+                      "to enable them.");
+        origUpdate.apply(self, [element, oldValue, null]);
+      } else {
+        origUpdate.apply(self, args);
+      }
+    }
+  }
+});
+
 // XXX make it possible for users to register attribute handlers!
 makeAttributeHandler = function (elem, name, value) {
   // generally, use setAttribute but certain attributes need to be set
@@ -180,6 +267,8 @@ makeAttributeHandler = function (elem, name, value) {
     return new ValueHandler(name, value);
   } else if (name.substring(0,6) === 'xlink:') {
     return new XlinkHandler(name.substring(6), value);
+  } else if (isUrlAttribute(elem.tagName, name)) {
+    return new UrlHandler(name, value);
   } else {
     return new AttributeHandler(name, value);
   }
@@ -187,3 +276,54 @@ makeAttributeHandler = function (elem, name, value) {
   // XXX will need one for 'style' on IE, though modern browsers
   // seem to handle setAttribute ok.
 };
+
+
+ElementAttributesUpdater = function (elem) {
+  this.elem = elem;
+  this.handlers = {};
+};
+
+// Update attributes on `elem` to the dictionary `attrs`, whose
+// values are strings.
+ElementAttributesUpdater.prototype.update = function(newAttrs) {
+  var elem = this.elem;
+  var handlers = this.handlers;
+
+  for (var k in handlers) {
+    if (! newAttrs.hasOwnProperty(k)) {
+      // remove attributes (and handlers) for attribute names
+      // that don't exist as keys of `newAttrs` and so won't
+      // be visited when traversing it.  (Attributes that
+      // exist in the `newAttrs` object but are `null`
+      // are handled later.)
+      var handler = handlers[k];
+      var oldValue = handler.value;
+      handler.value = null;
+      handler.update(elem, oldValue, null);
+      delete handlers[k];
+    }
+  }
+
+  for (var k in newAttrs) {
+    var handler = null;
+    var oldValue;
+    var value = newAttrs[k];
+    if (! handlers.hasOwnProperty(k)) {
+      if (value !== null) {
+        // make new handler
+        handler = makeAttributeHandler(elem, k, value);
+        handlers[k] = handler;
+        oldValue = null;
+      }
+    } else {
+      handler = handlers[k];
+      oldValue = handler.value;
+    }
+    if (oldValue !== value) {
+      handler.value = value;
+      handler.update(elem, oldValue, value);
+      if (value === null)
+        delete handlers[k];
+    }
+  }
+};
diff --git a/packages/ui/base.js b/packages/ui/base.js
index c285d16e49..4f4d3f0bea 100644
--- a/packages/ui/base.js
+++ b/packages/ui/base.js
@@ -303,16 +303,18 @@ UI.Component.notifyParented = function () {
       var wrappedHandler = function (event) {
         var comp = UI.DomRange.getContainingComponent(event.currentTarget);
         var data = comp && getComponentData(comp);
+        var args = _.toArray(arguments);
         updateTemplateInstance(self);
         return Deps.nonreactive(function () {
+          // put self.templateInstance as the second argument
+          args.splice(1, 0, self.templateInstance);
           // Don't want to be in a deps context, even if we were somehow
           // triggered synchronously in an existing deps context
           // (the `blur` event can do this).
           // XXX we should probably do what Spark did and block all
           // event handling during our DOM manip.  Many apps had weird
           // unanticipated bugs until we did that.
-          return esh.handler.call(data === null ? {} : data,
-                                  event, self.templateInstance);
+          return esh.handler.apply(data === null ? {} : data, args);
         });
       };
 
@@ -342,3 +344,11 @@ UI.getElementData = function (el) {
   var comp = UI.DomRange.getContainingComponent(el);
   return comp && getComponentData(comp);
 };
+
+var jsUrlsAllowed = false;
+UI._allowJavascriptUrls = function () {
+  jsUrlsAllowed = true;
+};
+UI._javascriptUrlsAllowed = function () {
+  return jsUrlsAllowed;
+};
diff --git a/packages/ui/builtins.js b/packages/ui/builtins.js
index a97bead067..2ba0da6f48 100644
--- a/packages/ui/builtins.js
+++ b/packages/ui/builtins.js
@@ -38,7 +38,7 @@ UI.Unless = function (argFunc, contentBlock, elseContentBlock) {
 // (Because then, they may be equal references to an object that was mutated,
 // and we'll never know.  We save only a reference to the old object; we don't
 // do any deep-copying or diffing.)
-var safeEquals = function (a, b) {
+UI.safeEquals = function (a, b) {
   if (a !== b)
     return false;
   else
@@ -67,7 +67,7 @@ UI.With = function (argFunc, contentBlock) {
   };
 
   block.init = function () {
-    this.data = UI.emboxValue(argFunc, safeEquals);
+    this.data = UI.emboxValue(argFunc, UI.safeEquals);
   };
 
   block.materialized = function () {
diff --git a/packages/ui/domrange.js b/packages/ui/domrange.js
index 39edbc31a1..cc0460cd41 100644
--- a/packages/ui/domrange.js
+++ b/packages/ui/domrange.js
@@ -3,7 +3,6 @@
 // - UI hooks (expose, test)
 // - Quick remove/add (mark "leaving" members; needs UI hooks)
 // - Event removal on removal
-// - Event moving on TBODY move
 
 var DomBackend = UI.DomBackend;
 
@@ -98,9 +97,6 @@ var rangeParented = function (range) {
       // element.  This is really just for IE 9+
       // TextNode GC issues, but we can't do reliable
       // feature detection (i.e. bug detection).
-      // Note that because we keep a direct pointer to
-      // `parentNode.$_uiranges`, it doesn't matter
-      // if we are reparented (e.g. wrapped in a TBODY).
       var parentNode = range.parentNode();
       var rangeDict = (
         parentNode.$_uiranges ||
@@ -306,11 +302,6 @@ _extend(DomRange.prototype, {
       range.owner = this;
       var nodes = range.getNodes();
 
-      if (tbodyFixNeeded(nodes, parentNode))
-        // may cause a refresh(); important that the
-        // member isn't added yet
-        parentNode = moveWithOwnersIntoTbody(this);
-
       members[id] = newMember;
       for (var i = 0; i < nodes.length; i++)
         insertNode(nodes[i], parentNode, nextNode);
@@ -327,11 +318,6 @@ _extend(DomRange.prototype, {
       if (node.nodeType !== 3)
         node.$ui = this;
 
-      if (tbodyFixNeeded(node, parentNode))
-        // may cause a refresh(); important that the
-        // member isn't added yet
-        parentNode = moveWithOwnersIntoTbody(this);
-
       members[id] = newMember;
       insertNode(node, parentNode, nextNode);
     }
@@ -720,8 +706,6 @@ DomRange.getComponents = function (element) {
 // `parentNode` must be an ELEMENT, not a fragment
 DomRange.insert = function (range, parentNode, nextNode) {
   var nodes = range.getNodes();
-  if (tbodyFixNeeded(nodes, parentNode))
-    parentNode = makeOrFindTbody(parentNode, nextNode);
   for (var i = 0; i < nodes.length; i++)
     insertNode(nodes[i], parentNode, nextNode);
   rangeParented(range);
@@ -741,65 +725,6 @@ DomRange.getContainingComponent = function (element) {
   return null;
 };
 
-///// TBODY FIX for compatibility with jQuery.
-//
-// Because people might use jQuery from UI hooks, and
-// jQuery is unable to do $(myTable).append(myTR) without
-// adding a TBODY (for historical reasons), we move any DomRange
-// that gains a TR, and its immediately enclosing DomRanges,
-// into a TBODY.
-//
-// See http://www.quora.com/David-Greenspan/Posts/The-Great-TBODY-Debacle
-var tbodyFixNeeded = function (childOrChildren, parent) {
-  if (parent.nodeName !== 'TABLE')
-    return false;
-
-  if (isArray(childOrChildren)) {
-    var foundTR = false;
-    for (var i = 0, N = childOrChildren.length; i < N; i++) {
-      var n = childOrChildren[i];
-      if (n.nodeType === 1 && n.nodeName === 'TR') {
-        foundTR = true;
-        break;
-      }
-    }
-    if (! foundTR)
-      return false;
-  } else {
-    var n = childOrChildren;
-    if (! (n.nodeType === 1 && n.nodeName === 'TR'))
-      return false;
-  }
-
-  return true;
-};
-
-var makeOrFindTbody = function (parent, next) {
-  // we have a TABLE > TR situation
-  var tbody = parent.getElementsByTagName('tbody')[0];
-  if (! tbody) {
-    tbody = parent.ownerDocument.createElement("tbody");
-    parent.insertBefore(tbody, next || null);
-  }
-  return tbody;
-};
-
-var moveWithOwnersIntoTbody = function (range) {
-  while (range.owner)
-    range = range.owner;
-
-  var nodes = range.getNodes(); // causes refresh
-  var tbody = makeOrFindTbody(range.parentNode(),
-                              range.end.nextSibling);
-  for (var i = 0; i < nodes.length; i++)
-    tbody.appendChild(nodes[i]);
-
-  // XXX complete the reparenting by moving event
-  // HandlerRecs of `range`.
-
-  return tbody;
-};
-
 ///// FIND BY SELECTOR
 
 DomRange.prototype.contains = function (compOrNode) {
@@ -947,7 +872,7 @@ var HandlerRec = function (elem, type, selector, handler, $ui) {
         return;
       if (! h.$ui.contains(evt.currentTarget))
         return;
-      return h.handler.call(h.$ui, evt);
+      return h.handler.apply(h.$ui, arguments);
     };
   })(this);
 
diff --git a/packages/ui/domrange_tests.js b/packages/ui/domrange_tests.js
index 7ef3d94d94..fb042f2dea 100644
--- a/packages/ui/domrange_tests.js
+++ b/packages/ui/domrange_tests.js
@@ -489,133 +489,6 @@ Tinytest.add("ui - DomRange - external moves", function (test) {
              strip('-------------- (aXb ghiWjkl)'));
 });
 
-Tinytest.add("ui - DomRange - tables", function (test) {
-  var range = function (x) {
-    // create a range x.dom containing an element x.el,
-    // inside that element, the range x.content.dom
-    x.dom = new DomRange;
-    if (x.el) {
-      x.dom.add(x.el);
-      if (x.content)
-        DomRange.insert(x.content.dom, x.el);
-    }
-    return x;
-  };
-  var tr, td;
-  var table = range({
-    el: document.createElement('table'),
-    content: tr = range({
-      el: document.createElement('tr'),
-      content: td = range({
-        el: document.createElement('td')
-      })
-    })
-  });
-
-  // TBODY got inserted automatically.
-  // This tests DomRange.insert.
-  test.equal(table.el.childNodes.length, 1);
-  test.equal(table.el.firstChild.nodeName, 'TBODY');
-  // TBODY contains [start, TR, end]
-  test.equal(table.el.firstChild.childNodes.length, 3);
-  test.equal(table.el.firstChild.childNodes[1], tr.el);
-  test.equal(tr.el.childNodes.length, 3);
-  test.equal(tr.el.childNodes[1], td.el);
-
-  // start over
-  $(table.el).empty();
-  test.equal(table.el.childNodes.length, 0);
-
-  table.content = range({});
-  DomRange.insert(table.content.dom, table.el);
-  // table has two children (start/end markers), no elements
-  test.equal(table.el.childNodes.length, 2);
-  test.notEqual(table.el.firstChild.nodeType, 1);
-  test.notEqual(table.el.lastChild.nodeType, 1);
-
-  // shazam, adding a TR should move the whole range
-  // into a TBODY.  This tests range.add(node).
-  table.content.dom.add(document.createElement('tr'));
-
-  test.equal(table.el.childNodes.length, 1);
-  test.equal(table.el.firstChild.nodeName, 'TBODY');
-  test.equal(table.el.firstChild.childNodes.length, 3);
-  test.equal(table.el.firstChild.childNodes[1].nodeName, 'TR');
-
-  // start over.
-  $(table.el).empty();
-  test.equal(table.el.childNodes.length, 0);
-
-  table.content = range({});
-  DomRange.insert(table.content.dom, table.el);
-  var a1 = range({});
-  var a2 = range({});
-  a1.dom.add(a2.dom);
-  table.content.dom.add(a1.dom);
-  // 6 marker nodes in table, no elements
-  test.equal(table.el.childNodes.length, 6);
-  test.equal($(table.el).find("*").length, 0);
-  // shazam, adding a TR to the innermost range
-  // should move all the ranges into a TBODY.
-  a2.dom.add(document.createElement('tr'));
-  test.equal(table.el.childNodes.length, 1);
-  test.equal(table.el.firstChild.nodeName, 'TBODY');
-  test.equal(table.el.firstChild.childNodes.length, 7);
-  test.equal(table.el.firstChild.childNodes[3].nodeName, 'TR');
-
-  // start over.  this time test adding a range containing
-  // a TR.
-  $(table.el).empty();
-  test.equal(table.el.childNodes.length, 0);
-
-  table.content = range({});
-  DomRange.insert(table.content.dom, table.el);
-  var b1 = range({});
-  var b2 = range({});
-  table.content.dom.add(b1.dom);
-  b2.dom.add(document.createElement('tr'));
-  // 4 marker nodes in table, no elements
-  test.equal(table.el.childNodes.length, 4);
-  test.equal($(table.el).find("*").length, 0);
-  // shazam, adding b2, which contains a TR,
-  // should move all the ranges into a TBODY.
-  b1.dom.add(b2.dom);
-  test.equal(table.el.childNodes.length, 1);
-  test.equal(table.el.firstChild.nodeName, 'TBODY');
-  test.equal(table.el.firstChild.childNodes.length, 7);
-  test.equal(table.el.firstChild.childNodes[3].nodeName, 'TR');
-
-  test.equal(b2.dom.parentNode().nodeName, 'TBODY');
-  test.equal(b1.dom.parentNode().nodeName, 'TBODY');
-  test.equal(table.content.dom.parentNode().nodeName, 'TBODY');
-
-
-  // start over.  now test two TR ranges.
-  $(table.el).empty();
-  test.equal(table.el.childNodes.length, 0);
-
-  var c1 = range({});
-  var c2 = range({});
-  DomRange.insert(c1.dom, table.el);
-  DomRange.insert(c2.dom, table.el);
-  test.equal(table.el.childNodes.length, 4);
-  test.equal($(table.el).find("*").length, 0);
-  c2.dom.add(document.createElement('tr'));
-  test.equal(table.el.childNodes.length, 3);
-  test.equal($(table.el).find("> *").length, 1);
-  test.equal($(table.el).find("> tbody").length, 1);
-  c1.dom.add(document.createElement('tr'));
-  // now there should be a single TBODY with two
-  // ranges in it containing TRs
-  test.equal(table.el.childNodes.length, 1);
-  test.equal(table.el.firstChild.nodeName, 'TBODY');
-  var tbody = table.el.firstChild;
-  test.equal(tbody.childNodes.length, 6);
-  test.equal($(tbody).find("> *").length, 2); // 2 elements
-  test.equal(tbody.childNodes[1].nodeName, 'TR');
-  test.equal(tbody.childNodes[4].nodeName, 'TR');
-});
-
 Tinytest.add("ui - DomRange - basic events", function (test) {
   // test.equal doesn't work on arrays of DOM nodes, so
   // we need this.  It's `===` that descends recursively
diff --git a/packages/ui/each.js b/packages/ui/each.js
index a0584aa6e6..6a93a73a42 100644
--- a/packages/ui/each.js
+++ b/packages/ui/each.js
@@ -95,7 +95,7 @@ UI.EachImpl = Component.extend({
         var renderedItem = UI.render(content.extend({data: dataFunc}), self);
         range.add(id, renderedItem.dom, beforeId);
       },
-      removed: function (id, item) {
+      removedAt: function (id, item) {
         addToCount(-1);
         range.remove(LocalCollection._idStringify(id));
       },
@@ -104,7 +104,7 @@ UI.EachImpl = Component.extend({
           LocalCollection._idStringify(id),
           beforeId && LocalCollection._idStringify(beforeId));
       },
-      changed: function (id, newItem) {
+      changedAt: function (id, newItem, atIndex) {
         range.get(LocalCollection._idStringify(id)).component.data.$set(newItem);
       }
     });
diff --git a/packages/ui/package.js b/packages/ui/package.js
index 4eb1c37f17..11d0c040ce 100644
--- a/packages/ui/package.js
+++ b/packages/ui/package.js
@@ -1,5 +1,6 @@
 Package.describe({
-  summary: "Meteor UI Components framework"
+  summary: "Meteor UI Components framework",
+  internal: true
 });
 
 Package.on_use(function (api) {
diff --git a/packages/ui/render.js b/packages/ui/render.js
index 63ad432141..5c38868eaa 100644
--- a/packages/ui/render.js
+++ b/packages/ui/render.js
@@ -198,56 +198,6 @@ var insert = function (nodeOrRange, parent, before) {
   }
 };
 
-// Update attributes on `elem` to the dictionary `attrs`, using the
-// dictionary of existing `handlers` if provided.
-//
-// Values in the `attrs` dictionary are in pseudo-DOM form -- a string,
-// CharRef, or array of strings and CharRefs -- but they are passed to
-// the AttributeHandler in string form.
-var updateAttributes = function(elem, newAttrs, handlers) {
-
-  if (handlers) {
-    for (var k in handlers) {
-      if (! newAttrs.hasOwnProperty(k)) {
-        // remove attributes (and handlers) for attribute names
-        // that don't exist as keys of `newAttrs` and so won't
-        // be visited when traversing it.  (Attributes that
-        // exist in the `newAttrs` object but are `null`
-        // are handled later.)
-        var handler = handlers[k];
-        var oldValue = handler.value;
-        handler.value = null;
-        handler.update(elem, oldValue, null);
-        delete handlers[k];
-      }
-    }
-  }
-
-  for (var k in newAttrs) {
-    var handler = null;
-    var oldValue;
-    var value = newAttrs[k];
-    if ((! handlers) || (! handlers.hasOwnProperty(k))) {
-      if (value !== null) {
-        // make new handler
-        handler = makeAttributeHandler(elem, k, value);
-        if (handlers)
-          handlers[k] = handler;
-        oldValue = null;
-      }
-    } else {
-      handler = handlers[k];
-      oldValue = handler.value;
-    }
-    if (handler && oldValue !== value) {
-      handler.value = value;
-      handler.update(elem, oldValue, value);
-      if (value === null)
-        delete handlers[k];
-    }
-  }
-};
-
 UI.render = function (kind, parentComponent) {
   if (kind.isInited)
     throw new Error("Can't render component instance, only component kind");
@@ -394,9 +344,11 @@ var materialize = function (node, parent, before, parentComponent) {
     };
 
     if (rawAttrs) {
-      var attrUpdater = Deps.autorun(function (c) {
-        if (! c.handlers)
-          c.handlers = {};
+      var attrComp = Deps.autorun(function (c) {
+        var attrUpdater = c.updater;
+        if (! attrUpdater) {
+          attrUpdater = c.updater = new ElementAttributesUpdater(elem);
+        }
 
         try {
           var attrs = HTML.evaluateAttributes(rawAttrs, parentComponent);
@@ -406,14 +358,14 @@ var materialize = function (node, parent, before, parentComponent) {
               stringAttrs[k] = HTML.toText(attrs[k], HTML.TEXTMODE.STRING,
                                            parentComponent);
             }
-            updateAttributes(elem, stringAttrs, c.handlers);
+            attrUpdater.update(stringAttrs);
           }
         } catch (e) {
           reportUIException(e);
         }
       });
       UI.DomBackend.onRemoveElement(elem, function () {
-        attrUpdater.stop();
+        attrComp.stop();
       });
     }
     materialize(children, elem, null, parentComponent);
diff --git a/packages/webapp/boilerplate.html b/packages/webapp/boilerplate.html
new file mode 100644
index 0000000000..a4fb29f8fb
--- /dev/null
+++ b/packages/webapp/boilerplate.html
@@ -0,0 +1,22 @@
+<html {{htmlAttributes}}>
+<head>
+{{#each css}}  <link rel="stylesheet" href="{{bundledJsCssPrefix}}{{url}}">{{/each}}
+
+{{#if inlineScriptsAllowed}}
+<script type='text/javascript'>__meteor_runtime_config__ = {{meteorRuntimeConfig}};</script>
+{{else}}
+<script type='text/javascript' src='{{rootUrlPathPrefix}}/meteor_runtime_config.js'></script>
+{{/if}}
+{{#each js}}  <script type="text/javascript" src="{{bundledJsCssPrefix}}{{url}}"></script>
+{{/each}}
+{{#if inlineScriptsAllowed}}
+<script type='text/javascript'>{{{reloadSafetyBelt}}}</script>
+{{else}}
+<script type='text/javascript' src='{{rootUrlPathPrefix}}/meteor_reload_safetybelt.js'></script>
+{{/if}}
+{{{head}}}
+</head>
+<body>
+{{{body}}}
+</body>
+</html>
diff --git a/packages/webapp/package.js b/packages/webapp/package.js
index fab6a96434..64a05ee60b 100644
--- a/packages/webapp/package.js
+++ b/packages/webapp/package.js
@@ -8,7 +8,9 @@ Npm.depends({connect: "2.9.0",
              useragent: "2.0.7"});
 
 Package.on_use(function (api) {
-  api.use(['logging', 'underscore', 'routepolicy'], 'server');
+  api.use(['logging', 'underscore', 'routepolicy', 'spacebars-compiler',
+           'spacebars', 'htmljs', 'ui'],
+          'server');
   api.use(['underscore'], 'client');
   api.use(['application-configuration', 'follower-livedata'], {
     unordered: true
@@ -21,5 +23,10 @@ Package.on_use(function (api) {
   api.export(['WebApp', 'main', 'WebAppInternals'], 'server');
   api.export(['WebApp'], 'client');
   api.add_files('webapp_server.js', 'server');
+  // This is a spacebars template, but we process it manually with the spacebars
+  // compiler rather than letting the 'templating' package (which isn't fully
+  // supported on the server yet) handle it. That also means that it doesn't
+  // contain the outer "<template>" tag.
+  api.add_files('boilerplate.html', 'server', {isAsset: true});
   api.add_files('webapp_client.js', 'client');
 });
diff --git a/packages/webapp/webapp_server.js b/packages/webapp/webapp_server.js
index ad3fe4e1cb..ab22ce2414 100644
--- a/packages/webapp/webapp_server.js
+++ b/packages/webapp/webapp_server.js
@@ -25,10 +25,10 @@ var bundledJsCssPrefix;
 // CSS.  This prevents you from displaying the page in that case, and instead
 // reloads it, presumably all on the new version now.
 var RELOAD_SAFETYBELT = "\n" +
-      "if (typeof Package === 'undefined' || \n" +
-      "    ! Package.webapp || \n" +
-      "    ! Package.webapp.WebApp || \n" +
-      "    ! Package.webapp.WebApp._isCssLoaded()) \n" +
+      "if (typeof Package === 'undefined' ||\n" +
+      "    ! Package.webapp ||\n" +
+      "    ! Package.webapp.WebApp ||\n" +
+      "    ! Package.webapp.WebApp._isCssLoaded())\n" +
       "  document.location.reload(); \n";
 
 // Keepalives so that when the outer server dies unceremoniously and
@@ -131,14 +131,17 @@ WebApp.categorizeRequest = function (req) {
 // be added to the '<html>' tag. Each function is passed a 'request' object (see
 // #BrowserIdentification) and should return a string,
 var htmlAttributeHooks = [];
-var htmlAttributes = function (template, request) {
-  var attributes = '';
+var getHtmlAttributes = function (request) {
+  var combinedAttributes  = {};
   _.each(htmlAttributeHooks || [], function (hook) {
-    var attribute = hook(request);
-    if (attribute !== null && attribute !== undefined && attribute !== '')
-      attributes += ' ' + attribute;
+    var attributes = hook(request);
+    if (attributes === null)
+      return;
+    if (typeof attributes !== 'object')
+      throw Error("HTML attribute hook must return null or object");
+    _.extend(combinedAttributes, attributes);
   });
-  return template.replace('##HTML_ATTRIBUTES##', attributes);
+  return combinedAttributes;
 };
 WebApp.addHtmlAttributeHook = function (hook) {
   htmlAttributeHooks.push(hook);
@@ -432,13 +435,17 @@ var runWebAppServer = function () {
   });
 
   // Will be updated by main before we listen.
-  var boilerplateHtml = null;
+  var boilerplateTemplate = null;
+  var boilerplateBaseData = null;
+  var boilerplateByAttributes = {};
   app.use(function (req, res, next) {
     if (! appUrl(req.url))
       return next();
 
-    if (!boilerplateHtml)
-      throw new Error("boilerplateHtml should be set before listening!");
+    if (!boilerplateTemplate)
+      throw new Error("boilerplateTemplate should be set before listening!");
+    if (!boilerplateBaseData)
+      throw new Error("boilerplateBaseData should be set before listening!");
 
 
     var headers = {
@@ -459,9 +466,32 @@ var runWebAppServer = function () {
       res.end();
       return undefined;
     }
+
+    var htmlAttributes = getHtmlAttributes(request);
+
+    // The only thing that changes from request to request (for now) are the
+    // HTML attributes (used by, eg, appcache), so we can memoize based on that.
+    var attributeKey = JSON.stringify(htmlAttributes);
+    if (!_.has(boilerplateByAttributes, attributeKey)) {
+      try {
+        var boilerplateData = _.extend({htmlAttributes: htmlAttributes},
+                                       boilerplateBaseData);
+        var boilerplateInstance = boilerplateTemplate.extend({
+          data: boilerplateData
+        });
+        var boilerplateHtmlJs = boilerplateInstance.render();
+        boilerplateByAttributes[attributeKey] = "<!DOCTYPE html>\n" +
+              HTML.toHTML(boilerplateHtmlJs, boilerplateInstance);
+      } catch (e) {
+        Log.error("Error running template: " + e);
+        res.writeHead(500, headers);
+        res.end();
+        return undefined;
+      }
+    }
+
     res.writeHead(200, headers);
-    var requestSpecificHtml = htmlAttributes(boilerplateHtml, request);
-    res.write(requestSpecificHtml);
+    res.write(boilerplateByAttributes[attributeKey]);
     res.end();
     return undefined;
   });
@@ -559,37 +589,48 @@ var runWebAppServer = function () {
     // '--keepalive' is a use of the option.
     var expectKeepalives = _.contains(argv, '--keepalive');
 
-    var boilerplateHtmlPath = path.join(clientDir, clientJson.page);
-    boilerplateHtml = fs.readFileSync(boilerplateHtmlPath, 'utf8');
+    boilerplateBaseData = {
+      css: [],
+      js: [],
+      head: '',
+      body: '',
+      inlineScriptsAllowed: WebAppInternals.inlineScriptsAllowed(),
+      meteorRuntimeConfig: JSON.stringify(__meteor_runtime_config__),
+      reloadSafetyBelt: RELOAD_SAFETYBELT,
+      rootUrlPathPrefix: __meteor_runtime_config__.ROOT_URL_PATH_PREFIX || '',
+      bundledJsCssPrefix: bundledJsCssPrefix ||
+        __meteor_runtime_config__.ROOT_URL_PATH_PREFIX || ''
+    };
 
-    // Include __meteor_runtime_config__ in the app html, as an inline script if
-    // it's not forbidden by CSP.
-    if (WebAppInternals.inlineScriptsAllowed()) {
-      boilerplateHtml = boilerplateHtml.replace(
-          /##RUNTIME_CONFIG##/,
-        "<script type='text/javascript'>__meteor_runtime_config__ = " +
-          JSON.stringify(__meteor_runtime_config__) + ";</script>");
-      boilerplateHtml = boilerplateHtml.replace(
-          /##RELOAD_SAFETYBELT##/,
-        "<script type='text/javascript'>"+RELOAD_SAFETYBELT+"</script>");
-    } else {
-      boilerplateHtml = boilerplateHtml.replace(
-        /##RUNTIME_CONFIG##/,
-        "<script type='text/javascript' src='##ROOT_URL_PATH_PREFIX##/meteor_runtime_config.js'></script>"
-      );
-      boilerplateHtml = boilerplateHtml.replace(
-          /##RELOAD_SAFETYBELT##/,
-        "<script type='text/javascript' src='##ROOT_URL_PATH_PREFIX##/meteor_reload_safetybelt.js'></script>");
+    _.each(WebApp.clientProgram.manifest, function (item) {
+      if (item.type === 'css' && item.where === 'client') {
+        boilerplateBaseData.css.push({url: item.url});
+      }
+      if (item.type === 'js' && item.where === 'client') {
+        boilerplateBaseData.js.push({url: item.url});
+      }
+      if (item.type === 'head') {
+        boilerplateBaseData.head = fs.readFileSync(
+          path.join(clientDir, item.path), 'utf8');
+      }
+      if (item.type === 'body') {
+        boilerplateBaseData.body = fs.readFileSync(
+          path.join(clientDir, item.path), 'utf8');
+      }
+    });
 
-    }
-    boilerplateHtml = boilerplateHtml.replace(
-        /##ROOT_URL_PATH_PREFIX##/g,
-      __meteor_runtime_config__.ROOT_URL_PATH_PREFIX || "");
+    var boilerplateTemplateSource = Assets.getText("boilerplate.html");
+    var boilerplateRenderCode = Spacebars.compile(
+      boilerplateTemplateSource, { isBody: true });
 
-    boilerplateHtml = boilerplateHtml.replace(
-        /##BUNDLED_JS_CSS_PREFIX##/g,
-      bundledJsCssPrefix ||
-        __meteor_runtime_config__.ROOT_URL_PATH_PREFIX || "");
+    // Note that we are actually depending on eval's local environment capture
+    // so that UI and HTML are visible to the eval'd code.
+    var boilerplateRender = eval(boilerplateRenderCode);
+
+    boilerplateTemplate = UI.Component.extend({
+      kind: "MainPage",
+      render: boilerplateRender
+    });
 
     // only start listening after all the startup code has run.
     var localPort = parseInt(process.env.PORT) || 0;
diff --git a/packages/weibo/weibo_client.js b/packages/weibo/weibo_client.js
index 32b95f292c..e7a56742cf 100644
--- a/packages/weibo/weibo_client.js
+++ b/packages/weibo/weibo_client.js
@@ -14,11 +14,12 @@ Weibo.requestCredential = function (options, credentialRequestCompleteCallback)
 
   var config = ServiceConfiguration.configurations.findOne({service: 'weibo'});
   if (!config) {
-    credentialRequestCompleteCallback && credentialRequestCompleteCallback(new ServiceConfiguration.ConfigError("Service not configured"));
+    credentialRequestCompleteCallback && credentialRequestCompleteCallback(
+      new ServiceConfiguration.ConfigError());
     return;
   }
 
-  var credentialToken = Random.id();
+  var credentialToken = Random.secret();
   // XXX need to support configuring access_type and scope
   var loginUrl =
         'https://api.weibo.com/oauth2/authorize' +
@@ -27,7 +28,7 @@ Weibo.requestCredential = function (options, credentialRequestCompleteCallback)
         '&redirect_uri=' + Meteor.absoluteUrl('_oauth/weibo?close', {replaceLocalhost: true}) +
         '&state=' + credentialToken;
 
-  Oauth.showPopup(
+  OAuth.showPopup(
     loginUrl,
     _.bind(credentialRequestCompleteCallback, null, credentialToken)
   );
diff --git a/packages/weibo/weibo_server.js b/packages/weibo/weibo_server.js
index 1d2f525638..8da78bb22b 100644
--- a/packages/weibo/weibo_server.js
+++ b/packages/weibo/weibo_server.js
@@ -1,6 +1,6 @@
 Weibo = {};
 
-Oauth.registerService('weibo', 2, null, function(query) {
+OAuth.registerService('weibo', 2, null, function(query) {
 
   var response = getTokenResponse(query);
   var uid = parseInt(response.uid, 10);
@@ -33,7 +33,7 @@ Oauth.registerService('weibo', 2, null, function(query) {
 var getTokenResponse = function (query) {
   var config = ServiceConfiguration.configurations.findOne({service: 'weibo'});
   if (!config)
-    throw new ServiceConfiguration.ConfigError("Service not configured");
+    throw new ServiceConfiguration.ConfigError();
 
   var response;
   try {
@@ -41,7 +41,7 @@ var getTokenResponse = function (query) {
       "https://api.weibo.com/oauth2/access_token", {params: {
         code: query.code,
         client_id: config.clientId,
-        client_secret: config.secret,
+        client_secret: OAuth.openSecret(config.secret),
         redirect_uri: Meteor.absoluteUrl("_oauth/weibo?close", {replaceLocalhost: true}),
         grant_type: 'authorization_code'
       }});
@@ -73,5 +73,5 @@ var getIdentity = function (accessToken, userId) {
 };
 
 Weibo.retrieveCredential = function(credentialToken) {
-  return Oauth.retrieveCredential(credentialToken);
+  return OAuth.retrieveCredential(credentialToken);
 };
diff --git a/scripts/admin/banner.txt b/scripts/admin/banner.txt
index 92f42a493e..1b4b53e449 100644
--- a/scripts/admin/banner.txt
+++ b/scripts/admin/banner.txt
@@ -1,4 +1,7 @@
-=> Meteor 0.8.0.1: Fix security problem in Twitter OAuth flow.
+=> Meteor 0.8.1: OAuth security fix, bug fixes and new features for
+   Blaze, improved latency compensation, and more.
 
    This release is being downloaded in the background. Update your
-   project to Meteor 0.8.0.1 by running 'meteor update'.
+   project to Meteor 0.8.1 by running 'meteor update'. If you haven't
+   yet upgraded to 0.8.x, we've backported the security fix to a new
+   0.7.2.2 release as well.
diff --git a/scripts/admin/notices.json b/scripts/admin/notices.json
index 3d232543db..74668bc795 100644
--- a/scripts/admin/notices.json
+++ b/scripts/admin/notices.json
@@ -117,6 +117,18 @@
   {
     "release": "0.8.0.1"
   },
+  {
+    "release": "0.8.1",
+    "notices": [
+      "We closed a security hole in our OAuth client. If you are using",
+      "OAuth-based accounts (such as the `accounts-google` or",
+      "`accounts-twitter` packages), we recommend that you log out",
+      "all your users by running this command from a MongoDB shell:",
+      "",
+      "  $ db.users.update({}, { $set: { 'services.resume.loginTokens':",
+      "    [] } }, { multi: true });"
+    ]
+  },
   {
     "release": "NEXT"
   }
diff --git a/scripts/generate-dev-bundle.sh b/scripts/generate-dev-bundle.sh
index 942a092caf..d9b5c7690e 100755
--- a/scripts/generate-dev-bundle.sh
+++ b/scripts/generate-dev-bundle.sh
@@ -76,7 +76,7 @@ cd node
 # When upgrading node versions, also update the values of MIN_NODE_VERSION at
 # the top of tools/meteor.js and tools/server/boot.js, and the text in
 # docs/client/concepts.html and the README in tools/bundler.js.
-git checkout v0.10.25
+git checkout v0.10.26
 
 ./configure --prefix="$DIR"
 make -j4
@@ -107,6 +107,7 @@ npm install kexec@0.2.0
 npm install source-map@0.1.32
 npm install source-map-support@0.2.5
 npm install bcrypt@0.7.7
+npm install node-aes-gcm@0.1.3
 npm install heapdump@0.2.5
 
 # Fork of 1.0.2 with https://github.com/nodejitsu/node-http-proxy/pull/592
@@ -141,7 +142,7 @@ cd ../..
 # particular version of openssl on the host system.
 
 cd "$DIR/build"
-OPENSSL="openssl-1.0.1f"
+OPENSSL="openssl-1.0.1g"
 OPENSSL_URL="http://www.openssl.org/source/$OPENSSL.tar.gz"
 wget $OPENSSL_URL || curl -O $OPENSSL_URL
 tar xzf $OPENSSL.tar.gz
diff --git a/scripts/generate-mongo-ssl-binaries.sh b/scripts/generate-mongo-ssl-binaries.sh
deleted file mode 100755
index d4561aa5a9..0000000000
--- a/scripts/generate-mongo-ssl-binaries.sh
+++ /dev/null
@@ -1,118 +0,0 @@
-#!/bin/bash
-# Run this script on linux box to generate mongodb binaries (most of them, not
-# only mongod and mongo) with ssl support and statically linked openssl.
-# Optional argument: build directory
-
-set -e
-set -u
-
-UNAME=$(uname)
-ARCH=$(uname -m)
-
-if [ "$UNAME" == "Linux" ] ; then
-    if [ "$ARCH" != "i686" -a "$ARCH" != "x86_64" ] ; then
-        echo "Unsupported architecture: $ARCH"
-        echo "Meteor only supports i686 and x86_64 for now."
-        exit 1
-    fi
-
-    MONGO_OS="linux"
-
-    stripBinary() {
-        strip --remove-section=.comment --remove-section=.note $1
-    }
-else
-    echo "This script is meant to be run on linux boxes."
-    exit 1
-fi
-
-PLATFORM="${UNAME}_${ARCH}"
-
-# save off meteor checkout dir as final target
-cd `dirname $0`/..
-TARGET_DIR=`pwd`
-
-# If optional argument, build directory, is passed, build there.
-# Otherwise build in a temporary directory.
-if [ $# -eq 0 ]; then
-    DIR=`mktemp -d -t generate-dev-bundle-XXXXXXXX`
-else
-    DIR="$1/`mktemp generate-mongo-ssl-XXXXXXXX`"
-    mkdir -p $DIR
-fi
-#trap 'rm -rf "$DIR" >/dev/null 2>&1' 0
-
-echo BUILDING IN "$DIR"
-
-cd "$DIR"
-chmod 755 .
-umask 022
-mkdir build
-cd build
-
-# Checkout and build mongodb.
-# We want to build a binary that includes SSL support but does not depend on a
-# particular version of openssl on the host system.
-
-cd "$DIR/build"
-OPENSSL="openssl-1.0.1e"
-OPENSSL_URL="http://www.openssl.org/source/$OPENSSL.tar.gz"
-wget $OPENSSL_URL || curl -O $OPENSSL_URL
-tar xzf $OPENSSL.tar.gz
-
-cd $OPENSSL
-./config --prefix="$DIR/build/openssl-out" no-shared
-make install
-
-# To see the mongo changelog, go to http://www.mongodb.org/downloads,
-# click 'changelog' under the current version, then 'release notes' in
-# the upper right.
-cd "$DIR/build"
-MONGO_VERSION="2.4.4"
-
-git clone git://github.com/meteor/mongo.git
-cd mongo
-git checkout ssl-r$MONGO_VERSION
-
-# Compile
-
-MONGO_FLAGS="--ssl --release "
-MONGO_FLAGS+="--cpppath $DIR/build/openssl-out/include --libpath $DIR/build/openssl-out/lib "
-
-MONGO_FLAGS+="-j2 --no-glibc-check --prefix=$DIR "
-if [ "$ARCH" == "x86_64" ]; then
-    MONGO_FLAGS+="--64"
-fi
-scons $MONGO_FLAGS all || true # It fails on 'all' target but produces the binaries we need
-
-OUT_DIR=mongodb-linux-$ARCH-$MONGOVERSION
-mkdir -p $OUTDIR/bin
-mv bsondump\
-   mongo\
-   mongobridge\
-   mongod\
-   mongodump\
-   mongoexport\
-   mongofiles\
-   mongoimport\
-   mongooplog\
-   mongoperf\
-   mongorestore\
-   mongos\
-   mongostat\
-   mongotop $OUTDIR/bin
-
-# stripBinary $OUTDIR/bin/* # uncomment this if you want to strip all output binaries
-
-echo BUNDLING
-
-tar -czf $OUTDIR.tar.gz $OUTDIR
-mv $OUTDIR.tar.gz $DIR
-
-cd "$DIR"
-
-cd "$DIR"
-rm -rf build
-
-echo DONE
-
diff --git a/tools/bundler.js b/tools/bundler.js
index 0468cfb6d2..98b95f0767 100644
--- a/tools/bundler.js
+++ b/tools/bundler.js
@@ -59,11 +59,6 @@
 //
 //  - format: "browser-program-pre1" for this version
 //
-//  - page: path to the template for the HTML to serve when a browser
-//    loads a page that is part of the application. In the file,
-//    some strings of the format ##FOO## will be replaced with
-//    appropriate values at runtime by the webapp package.
-//
 //  - manifest: array of resources to serve with HTTP, each an object:
 //    - path: path of file relative to program.json
 //    - where: "client"
@@ -74,15 +69,11 @@
 //    - size: size of file in bytes
 //    - hash: sha1 hash of the file contents
 //    - sourceMap: optional path to source map file (relative to program.json)
-//    Additionally there will be an entry with where equal to
-//    "internal", path equal to page (above), and hash equal to the
-//    sha1 of page (before replacements). Currently this is used to
-//    trigger HTML5 appcache reloads at the right time (if the
-//    'appcache' package is being used).
 //
-// Convention:
-//
-// page is 'app.html'.
+//    Additionally there may be a manifest entry with where equal to
+//    "internal", type "head" or "body", and a path and hash. These contain
+//    chunks of HTML which should be inserted in the boilerplate HTML page's
+//    <head> or <body> respectively.
 //
 //
 // == Format of a program when arch is "os.*" ==
@@ -175,7 +166,7 @@ var release = require('./release.js');
 var Fiber = require('fibers');
 var Future = require(path.join('fibers', 'future'));
 var sourcemap = require('source-map');
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 
 
 // files to ignore when bundling. node has no globs, so use regexps
@@ -876,42 +867,6 @@ _.extend(ClientTarget.prototype, {
     self.css[0].setUrlToHash(".css", "?meteor_css_resource=true");
   },
 
-  // XXX Instead of packaging the boilerplate in the client program, the
-  // template should be part of WebApp, and we should make sure that all
-  // information that it needs is in the manifest (ie, make sure to include head
-  // and body).  Then it will just need to do one level of templating instead
-  // of two.  Alternatively, use spacebars with unipackage.load here.
-  generateHtmlBoilerplate: function () {
-    var self = this;
-
-    var html = [];
-    html.push('<!DOCTYPE html>\n' +
-              '<html##HTML_ATTRIBUTES##>\n' +
-              '<head>\n');
-    _.each(self.css, function (css) {
-      html.push('  <link rel="stylesheet" href="##BUNDLED_JS_CSS_PREFIX##');
-      html.push(_.escape(css.url));
-      html.push('">\n');
-    });
-    html.push('\n\n##RUNTIME_CONFIG##\n\n');
-    _.each(self.js, function (js) {
-      html.push('  <script type="text/javascript" src="##BUNDLED_JS_CSS_PREFIX##');
-      html.push(_.escape(js.url));
-      html.push('"></script>\n');
-    });
-    html.push('\n\n##RELOAD_SAFETYBELT##');
-    html.push('\n\n');
-    html.push(self.head.join('\n'));  // unescaped!
-    html.push('\n' +
-              '</head>\n' +
-              '<body>\n');
-    html.push(self.body.join('\n'));  // unescaped!
-    html.push('\n' +
-              '</body>\n' +
-              '</html>\n');
-    return new Buffer(html.join(''), 'utf8');
-  },
-
   // Output the finished target to disk
   //
   // Returns the path (relative to 'builder') of the control file for
@@ -920,7 +875,6 @@ _.extend(ClientTarget.prototype, {
     var self = this;
 
     builder.reserve("program.json");
-    builder.reserve("app.html");
 
     // Helper to iterate over all resources that we serve over HTTP.
     var eachResource = function (f) {
@@ -988,20 +942,24 @@ _.extend(ClientTarget.prototype, {
       manifest.push(manifestItem);
     });
 
-    // HTML boilerplate (the HTML served to make the client load the
-    // JS and CSS files and start the app)
-    var htmlBoilerplate = self.generateHtmlBoilerplate();
-    builder.write('app.html', { data: htmlBoilerplate });
-    manifest.push({
-      path: 'app.html',
-      where: 'internal',
-      hash: Builder.sha1(htmlBoilerplate)
+    _.each(['head', 'body'], function (type) {
+      var data = self[type].join('\n');
+      if (data) {
+        var dataBuffer = new Buffer(data, 'utf8');
+        var dataFile = builder.writeToGeneratedFilename(
+          type + '.html', { data: dataBuffer });
+        manifest.push({
+          path: dataFile,
+          where: 'internal',
+          type: type,
+          hash: Builder.sha1(dataBuffer)
+        });
+      }
     });
 
     // Control file
     builder.writeJson('program.json', {
       format: "browser-program-pre1",
-      page: 'app.html',
       manifest: manifest
     });
     return "program.json";
@@ -1579,7 +1537,7 @@ var writeSiteArchive = function (targets, outputPath, options) {
 
       builder.write('README', { data: new Buffer(
 "This is a Meteor application bundle. It has only one dependency:\n" +
-"Node.js 0.10.25 or newer, plus the 'fibers' module. To run the application:\n" +
+"Node.js 0.10.26 or newer, plus the 'fibers' module. To run the application:\n" +
 "\n" +
 "  $ rm -r programs/server/node_modules/fibers\n" +
 "  $ npm install fibers@1.0.1\n" +
diff --git a/tools/commands.js b/tools/commands.js
index 3a003dd6c5..f5b3ccbee9 100644
--- a/tools/commands.js
+++ b/tools/commands.js
@@ -13,7 +13,7 @@ var auth = require('./auth.js');
 var config = require('./config.js');
 var release = require('./release.js');
 var Future = require('fibers/future');
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 
 // Given a site name passed on the command line (eg, 'mysite'), return
 // a fully-qualified hostname ('mysite.meteor.com').
@@ -153,8 +153,8 @@ main.registerCommand({
   name: 'run',
   requiresApp: true,
   options: {
-    port: { type: Number, short: "p", default: 3000 },
-    'app-port': { type: Number },
+    port: { type: String, short: "p", default: '3000' },
+    'app-port': { type: String },
     production: { type: Boolean },
     'raw-logs': { type: Boolean },
     settings: { type: String },
@@ -166,6 +166,32 @@ main.registerCommand({
     once: { type: Boolean }
   }
 }, function (options) {
+  // XXX factor this out into a {type: host/port}?
+  var portMatch = options.port.match(/^(?:(.+):)?([0-9]+)$/);
+  if (!portMatch) {
+    process.stderr.write(
+"run: --port (-p) must be a number or be of the form 'host:port' where\n" +
+"port is a number. Try 'meteor help run' for help.\n");
+    return 1;
+  }
+  var proxyHost = portMatch[1] || null;
+  var proxyPort = parseInt(portMatch[2]);
+
+  var appHost, appPort;
+  if (options['app-port']) {
+    var appPortMatch = options['app-port'].match(/^(?:(.+):)?([0-9]+)?$/);
+    if (!appPortMatch) {
+      process.stderr.write(
+"run: --app-port must be a number or be of the form 'host:port' where\n" +
+"port is a number. Try 'meteor help run' for help.\n");
+      return 1;
+    }
+    appHost = appPortMatch[1] || null;
+    // It's legit to specify `--app-port host:` and still let the port be
+    // randomized.
+    appPort = appPortMatch[2] ? parseInt(appPortMatch[2]) : null;
+  }
+
   if (release.forced) {
     var appRelease = project.getMeteorReleaseVersion(options.appDir);
     if (release.current.name !== appRelease) {
@@ -182,8 +208,10 @@ main.registerCommand({
 
   var runAll = require('./run-all.js');
   return runAll.run(options.appDir, {
-    port: options.port,
-    appPort: options['app-port'],
+    proxyPort: proxyPort,
+    proxyHost: proxyHost,
+    appPort: appPort,
+    appHost: appHost,
     settingsFile: options.settings,
     program: options.program || undefined,
     buildOptions: {
@@ -1076,7 +1104,7 @@ main.registerCommand({
       // sure the user doesn't 'meteor update' in the app, requiring
       // a switch to a different release
       appDirForVersionCheck: options.appDir,
-      port: options.port,
+      proxyPort: options.port,
       disableOplog: options['disable-oplog'],
       settingsFile: options.settings,
       banner: "Tests",
@@ -1295,6 +1323,26 @@ main.registerCommand({
 });
 
 
+///////////////////////////////////////////////////////////////////////////////
+// list-sites
+///////////////////////////////////////////////////////////////////////////////
+
+main.registerCommand({
+  name: 'list-sites',
+  minArgs: 0,
+  maxArgs: 0
+}, function (options) {
+  auth.pollForRegistrationCompletion();
+  if (! auth.isLoggedIn()) {
+    process.stderr.write(
+      "You must be logged in for that. Try 'meteor login'.\n");
+    return 1;
+  }
+
+  return deploy.listSites();
+});
+
+
 ///////////////////////////////////////////////////////////////////////////////
 // dummy
 ///////////////////////////////////////////////////////////////////////////////
diff --git a/tools/deploy.js b/tools/deploy.js
index 84e82db94d..d5061b3b91 100644
--- a/tools/deploy.js
+++ b/tools/deploy.js
@@ -33,7 +33,7 @@ var Future = require('fibers/future');
 //
 // Options include:
 // - method: GET, POST, or DELETE. default GET
-// - operation: "info", "logs", "mongo", "deploy"
+// - operation: "info", "logs", "mongo", "deploy", "authorized-apps"
 // - site: site name
 // - expectPayload: an array of key names. if present, then we expect
 //   the server to return JSON content on success and to return an
@@ -67,7 +67,8 @@ var deployRpc = function (options) {
 
   try {
     var result = httpHelpers.request(_.extend(options, {
-      url: config.getDeployUrl() + '/' + options.operation + '/' + options.site,
+      url: config.getDeployUrl() + '/' + options.operation +
+        (options.site ? ('/' + options.site) : ''),
       method: options.method || 'GET',
       bodyStream: options.bodyStream,
       useAuthHeader: true,
@@ -708,6 +709,32 @@ site + ": " + "successfully transferred to your account.\n" +
   return 0;
 };
 
+var listSites = function () {
+  var result = deployRpc({
+    method: "GET",
+    operation: "authorized-apps",
+    promptIfAuthFails: true,
+    expectPayload: ["sites"]
+  });
+
+  if (result.errorMessage) {
+    process.stderr.write("Couldn't list sites: " +
+                         result.errorMessage + "\n");
+    return 1;
+  }
+
+  if (! result.payload ||
+      ! result.payload.sites ||
+      ! result.payload.sites.length) {
+    process.stdout.write("You don't have any sites yet.\n");
+  } else {
+    _.each(result.payload.sites, function (site) {
+      process.stdout.write(site + "\n");
+    });
+  }
+  return 0;
+};
+
 
 exports.bundleAndDeploy = bundleAndDeploy;
 exports.deleteApp = deleteApp;
@@ -716,3 +743,4 @@ exports.logs = logs;
 exports.listAuthorized = listAuthorized;
 exports.changeAuthorized = changeAuthorized;
 exports.claim = claim;
+exports.listSites = listSites;
diff --git a/tools/fiber-helpers.js b/tools/fiber-helpers.js
index 35716b1df6..9cc396d547 100644
--- a/tools/fiber-helpers.js
+++ b/tools/fiber-helpers.js
@@ -46,3 +46,33 @@ exports.firstTimeResolver = function (fut) {
     resolver(err, val);
   };
 };
+
+// Waits for one future given as an argument to be resolved. Throws if it threw,
+// otherwise returns whichever one returns first.  (Because of this, you
+// probably want at most one of the futures to be capable of returning, and have
+// the other be throw-only.)
+exports.waitForOne = function (/* futures */) {
+  var fiber = Fiber.current;
+  if (!fiber)
+    throw Error("Can't waitForOne without a fiber");
+  if (arguments.length === 0)
+    throw Error("Must wait for at least one future");
+
+  var combinedFuture = new Future;
+  for (var i = 0; i < arguments.length; ++i) {
+    var f = arguments[i];
+    if (f.isResolved()) {
+      // Move its value into combinedFuture.
+      f.resolve(combinedFuture.resolver());
+      break;
+    }
+    // Otherwise, this function will be invoked when the future is resolved.
+    f.resolve(function (err, result) {
+      if (!combinedFuture.isResolved()) {
+        combinedFuture.resolver()(err, result);
+      }
+    });
+  }
+
+  return combinedFuture.wait();
+};
diff --git a/tools/files.js b/tools/files.js
index 71dd92956e..b90f293fec 100644
--- a/tools/files.js
+++ b/tools/files.js
@@ -409,7 +409,7 @@ files.createTarGzStream = function (dirPath) {
   var fstream = require('fstream');
   var zlib = require("zlib");
   return fstream.Reader({ path: dirPath, type: 'Directory' }).pipe(
-    tar.Pack()).pipe(zlib.createGzip());
+    tar.Pack({ noProprietary: true })).pipe(zlib.createGzip());
 };
 
 // Tar-gzips a directory into a tarball on disk, synchronously.
diff --git a/tools/help.txt b/tools/help.txt
index 43316989ed..ab8e9fdfe0 100644
--- a/tools/help.txt
+++ b/tools/help.txt
@@ -34,6 +34,7 @@ the .meteor directory in the root of the project.
 Options:
   --port, -p    Port to listen on (instead of the default 3000). Also
                 uses port N+1 and a port specified by --app-port.
+                Specify as --port=host:port to bind to a specific interface.
   --production  Simulate production mode. Minify and bundle CSS and JS files.
   --raw-logs    Run without parsing logs from stdout and stderr.
   --settings    Set optional data for Meteor.settings on the server
@@ -308,29 +309,6 @@ This command is for temporary, internal use, until we have a more mature
 system for building standalone command-line programs with Meteor.
 
 
->>> login
-Log in to your Meteor account
-Usage: meteor login [--email] [--galaxy <galaxy.example.com>]
-
-Prompts for your username and password and logs you in to your
-Meteor account. Pass --email to log in by email address instead of
-username. Pass --galaxy to specify a galaxy to log in to.
-
-Builds the provided directory as a package, then loads the package and
-calls the main() function inside the package. The function will receive
-any remaining arguments. The exit status will be the return value of
-main() (which is called inside a fiber).
-
-The arguments will be parsed by Meteor's option parser, which means that
---release will be effective (but not passed to the command), and that it will be
-an error to pass any unknown options. If you want to pass options to your tool,
-place them after a '--' argument (which turns off option parsing for the rest of
-the arguments).
-
-This command is for temporary, internal use, until we have a more mature
-system for building standalone command-line programs with Meteor.
-
-
 >>> self-test
 Run tests of the 'meteor' tool.
 Usage: meteor self-test [pattern] [--changed] [--slow]
@@ -387,3 +365,12 @@ Grant a permission on an official service
 Usage: meteor admin grant [XXX]
 
 Not yet implemented
+
+
+>>> list-sites
+List sites for which you are authorized.
+Usage: meteor list-sites
+
+List the sites that you have deployed with 'meteor deploy', and sites
+for which other users have authorized you with the 'meteor authorized'
+command.
diff --git a/tools/main.js b/tools/main.js
index 6261287e57..4521e2b9f5 100644
--- a/tools/main.js
+++ b/tools/main.js
@@ -330,13 +330,24 @@ Fiber(function () {
 
   // Check required Node version.
   // This code is duplicated in tools/server/boot.js.
-  var MIN_NODE_VERSION = 'v0.10.25';
+  var MIN_NODE_VERSION = 'v0.10.26';
   if (require('semver').lt(process.version, MIN_NODE_VERSION)) {
     process.stderr.write(
       'Meteor requires Node ' + MIN_NODE_VERSION + ' or later.\n');
     process.exit(1);
   }
 
+  // This is a bit of a hack, but: if we don't check this in the tool, then the
+  // first time we do a unipackage.load, it will fail due to the check in the
+  // meteor package, and that'll look a lot uglier.
+  if (process.env.ROOT_URL) {
+    var parsedUrl = require('url').parse(process.env.ROOT_URL);
+    if (!parsedUrl.host) {
+      process.stderr.write('$ROOT_URL, if specified, must be an URL.\n');
+      process.exit(1);
+    }
+  }
+
   // Parse the arguments.
   //
   // We must first identify which options are boolean and which take
@@ -811,8 +822,7 @@ commandName + ": can only take one " + helpfulOptionName + " option.\n" +
       var value = values[0];
       if (value === null) {
         // This option requires a value and they didn't give it one
-        // (it was the last word on the command line, or it was
-        // a short option immediately followed by a non-number).
+        // (it was the last word on the command line).
         process.stderr.write(
 commandName + ": the " + helpfulOptionName + " option needs a value.\n" +
 "Try 'meteor help " + commandName + "' for help.\n");
diff --git a/tools/meteor-npm.js b/tools/meteor-npm.js
index a137888836..d4a9f670f7 100644
--- a/tools/meteor-npm.js
+++ b/tools/meteor-npm.js
@@ -13,7 +13,7 @@ var files = require(path.join(__dirname, 'files.js'));
 var httpHelpers = require('./http-helpers.js');
 var buildmessage = require('./buildmessage.js');
 var utils = require('./utils.js');
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 var _ = require('underscore');
 
 var meteorNpm = exports;
diff --git a/tools/packages.js b/tools/packages.js
index bca0e56012..8118226445 100644
--- a/tools/packages.js
+++ b/tools/packages.js
@@ -49,47 +49,56 @@ var parseSpec = function (spec) {
   return ret;
 };
 
-// A sort comparator to order files into load order.
-var loadOrderSort = function (a, b) {
-  // XXX HUGE HACK --
-  // push html (template) files ahead of everything else. this is
-  // important because the user wants to be able to say
-  // Template.foo.events = { ... }
-  //
-  // maybe all of the templates should go in one file? packages should
-  // probably have a way to request this treatment (load order
-  // dependency tags?) .. who knows.
-  var ishtml_a = path.extname(a) === '.html';
-  var ishtml_b = path.extname(b) === '.html';
-  if (ishtml_a !== ishtml_b) {
-    return (ishtml_a ? -1 : 1);
-  }
+// Returns a sort comparator to order files into load order.
+// templateExtensions should be a list of extensions like 'html'
+// which should be loaded before other extensions.
+var loadOrderSort = function (templateExtensions) {
+  var templateExtnames = {};
+  _.each(templateExtensions, function (extension) {
+    templateExtnames['.' + extension] = true;
+  });
 
-  // main.* loaded last
-  var ismain_a = (path.basename(a).indexOf('main.') === 0);
-  var ismain_b = (path.basename(b).indexOf('main.') === 0);
-  if (ismain_a !== ismain_b) {
-    return (ismain_a ? 1 : -1);
-  }
+  return function (a, b) {
+    // XXX MODERATELY SIZED HACK --
+    // push template files ahead of everything else. this is
+    // important because the user wants to be able to say
+    //   Template.foo.events = { ... }
+    // in a JS file and not have to worry about ordering it
+    // before the corresponding .html file.
+    //
+    // maybe all of the templates should go in one file?
+    var isTemplate_a = _.has(templateExtnames, path.extname(a));
+    var isTemplate_b = _.has(templateExtnames, path.extname(b));
+    if (isTemplate_a !== isTemplate_b) {
+      return (isTemplate_a ? -1 : 1);
+    }
 
-  // /lib/ loaded first
-  var islib_a = (a.indexOf(path.sep + 'lib' + path.sep) !== -1 ||
-                 a.indexOf('lib' + path.sep) === 0);
-  var islib_b = (b.indexOf(path.sep + 'lib' + path.sep) !== -1 ||
-                 b.indexOf('lib' + path.sep) === 0);
-  if (islib_a !== islib_b) {
-    return (islib_a ? -1 : 1);
-  }
+    // main.* loaded last
+    var ismain_a = (path.basename(a).indexOf('main.') === 0);
+    var ismain_b = (path.basename(b).indexOf('main.') === 0);
+    if (ismain_a !== ismain_b) {
+      return (ismain_a ? 1 : -1);
+    }
 
-  // deeper paths loaded first.
-  var len_a = a.split(path.sep).length;
-  var len_b = b.split(path.sep).length;
-  if (len_a !== len_b) {
-    return (len_a < len_b ? 1 : -1);
-  }
+    // /lib/ loaded first
+    var islib_a = (a.indexOf(path.sep + 'lib' + path.sep) !== -1 ||
+                   a.indexOf('lib' + path.sep) === 0);
+    var islib_b = (b.indexOf(path.sep + 'lib' + path.sep) !== -1 ||
+                   b.indexOf('lib' + path.sep) === 0);
+    if (islib_a !== islib_b) {
+      return (islib_a ? -1 : 1);
+    }
 
-  // otherwise alphabetical
-  return (a < b ? -1 : 1);
+    // deeper paths loaded first.
+    var len_a = a.split(path.sep).length;
+    var len_b = b.split(path.sep).length;
+    if (len_a !== len_b) {
+      return (len_a < len_b ? 1 : -1);
+    }
+
+    // otherwise alphabetical
+    return (a < b ? -1 : 1);
+  };
 };
 
 ///////////////////////////////////////////////////////////////////////////////
@@ -729,15 +738,18 @@ _.extend(Slice.prototype, {
     // We provide a hardcoded handler for *.js files.. since plugins
     // are written in JavaScript we have to start somewhere.
     _.extend(ret, {
-      js: function (compileStep) {
-        compileStep.addJavaScript({
-          data: compileStep.read().toString('utf8'),
-          path: compileStep.inputPath,
-          sourcePath: compileStep.inputPath,
-          // XXX eventually get rid of backward-compatibility "raw" name
-          // XXX COMPAT WITH 0.6.4
-          bare: compileStep.fileOptions.bare || compileStep.fileOptions.raw
-        });
+      js: {
+        handler: function (compileStep) {
+          compileStep.addJavaScript({
+            data: compileStep.read().toString('utf8'),
+            path: compileStep.inputPath,
+            sourcePath: compileStep.inputPath,
+            // XXX eventually get rid of backward-compatibility "raw" name
+            // XXX COMPAT WITH 0.6.4
+            bare: compileStep.fileOptions.bare || compileStep.fileOptions.raw
+          });
+        },
+        isTemplate: false
       }
     });
 
@@ -768,6 +780,20 @@ _.extend(Slice.prototype, {
     return _.keys(self._allHandlers());
   },
 
+  // Return a list of all of the extensions that indicate *template* source
+  // files for this slice, not including leading dots. Computed based on
+  // this.uses, so should only be called once that has been set.
+  registeredTemplateExtensions: function () {
+    var self = this;
+    var ret = [];
+    _.each(self._allHandlers(), function (handler, extension) {
+      if (handler.isTemplate) {
+        ret.push(extension);
+      }
+    });
+    return ret;
+  },
+
   // Find the function that should be used to handle a source file for
   // this slice, or return null if there isn't one. We'll use handlers
   // that are defined in this package and in its immediate dependencies.
@@ -778,7 +804,7 @@ _.extend(Slice.prototype, {
     for (var i = 0; i < parts.length; i++) {
       var extension = parts.slice(i).join('.');
       if (_.has(handlers, extension))
-        return handlers[extension];
+        return handlers[extension].handler;
     }
     return null;
   }
@@ -1001,9 +1027,18 @@ _.extend(Package.prototype, {
       // 'extension' is a file extension without the separation dot
       // (eg 'js', 'coffee', 'coffee.md')
       //
+      // 'options' can be elided. The only known option is 'isTemplate', which
+      // is a bit of a hack meaning "in an app, these files should be loaded
+      // before non-templates".
+      //
       // 'handler' is a function that takes a single argument, a
       // CompileStep (#CompileStep)
-      registerSourceHandler: function (extension, handler) {
+      registerSourceHandler: function (extension, options, handler) {
+        if (!handler) {
+          handler = options;
+          options = {};
+        }
+
         if (_.has(self.sourceHandlers, extension)) {
           buildmessage.error("duplicate handler for '*." +
                              extension + "'; may only have one per Plugin",
@@ -1012,7 +1047,10 @@ _.extend(Package.prototype, {
           return;
         }
 
-        self.sourceHandlers[extension] = handler;
+        self.sourceHandlers[extension] = {
+          handler: handler,
+          isTemplate: !!options.isTemplate
+        };
       }
     };
 
@@ -1795,7 +1833,8 @@ _.extend(Package.prototype, {
         }
 
         // We've found all the source files. Sort them!
-        sources.sort(loadOrderSort);
+        var templateExtensions = slice.registeredTemplateExtensions();
+        sources.sort(loadOrderSort(templateExtensions));
 
         // Convert into relPath/fileOptions objects.
         sources = _.map(sources, function (relPath) {
diff --git a/tools/run-all.js b/tools/run-all.js
index bb67e82b4d..0f00937549 100644
--- a/tools/run-all.js
+++ b/tools/run-all.js
@@ -5,23 +5,24 @@ var files = require('./files.js');
 var inFiber = require('./fiber-helpers.js').inFiber;
 var release = require('./release.js');
 
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 var Proxy = require('./run-proxy.js').Proxy;
 var AppRunner = require('./run-app.js').AppRunner;
 var MongoRunner = require('./run-mongo.js').MongoRunner;
 var Updater = require('./run-updater.js').Updater;
 
-// options: port, buildOptions, settingsFile, banner, program,
-// onRunEnd, onFailure, watchForChanges, quiet, rootUrl, mongoUrl,
-// oplogUrl, disableOplog, appDirForVersionCheck
+// options: proxyPort, proxyHost, appPort, appHost, buildOptions,
+// settingsFile, banner, program, onRunEnd, onFailure, watchForChanges,
+// quiet, rootUrl, mongoUrl, oplogUrl, disableOplog,
+// appDirForVersionCheck
 var Runner = function (appDir, options) {
   var self = this;
   self.appDir = appDir;
 
-  if (! _.has(options, 'port'))
-    throw new Error("no port?");
+  if (! _.has(options, 'proxyPort'))
+    throw new Error("no proxyPort?");
 
-  var listenPort = options.port;
+  var listenPort = options.proxyPort;
   var mongoPort = listenPort + 1;
   self.specifiedAppPort = options.appPort;
   self.regenerateAppPort();
@@ -29,11 +30,19 @@ var Runner = function (appDir, options) {
   self.stopped = false;
   self.quiet = options.quiet;
   self.banner = options.banner || files.prettyPath(self.appDir);
-  self.rootUrl = options.rootUrl || ('http://localhost:' + listenPort + '/');
+  if (options.rootUrl) {
+    self.rootUrl = options.rootUrl;
+  } else if (options.proxyHost) {
+    self.rootUrl = 'http://' + options.proxyHost + ':' + listenPort + '/';
+  } else {
+    self.rootUrl = 'http://localhost:' + listenPort + '/';
+  }
 
   self.proxy = new Proxy({
     listenPort: listenPort,
+    listenHost: options.proxyHost,
     proxyToPort: self.appPort,
+    proxyToHost: options.appHost,
     onFailure: options.onFailure
   });
 
@@ -46,12 +55,14 @@ var Runner = function (appDir, options) {
     self.mongoRunner = new MongoRunner({
       appDir: self.appDir,
       port: mongoPort,
-      onFailure: options.onFailure
+      onFailure: options.onFailure,
+      // For testing mongod failover, run with 3 mongod if the env var is
+      // set. Note that data is not preserved from one run to the next.
+      multiple: !!process.env.METEOR_TEST_MULTIPLE_MONGOD_REPLSET
     });
 
-    mongoUrl = "mongodb://127.0.0.1:" + mongoPort + "/meteor";
-    oplogUrl = (options.disableOplog ? null :
-                "mongodb://127.0.0.1:" + mongoPort + "/local");
+    mongoUrl = self.mongoRunner.mongoUrl();
+    oplogUrl = options.disableOplog ? null : self.mongoRunner.oplogUrl();
   }
 
   self.updater = new Updater;
@@ -59,6 +70,7 @@ var Runner = function (appDir, options) {
   self.appRunner = new AppRunner(appDir, {
     appDirForVersionCheck: options.appDirForVersionCheck,
     port: self.appPort,
+    listenHost: options.appHost,
     mongoUrl: mongoUrl,
     oplogUrl: oplogUrl,
     buildOptions: options.buildOptions,
@@ -199,7 +211,7 @@ _.extend(Runner.prototype, {
 //
 // Options:
 //
-// - port: the port to connect to to access the application (we will
+// - proxyPort: the port to connect to to access the application (we will
 //   run a proxy here that proxies to the actual app process). required
 // - buildOptions: 'buildOptions' argument to bundler.bundle()
 // - settingsFile: path to file containing deploy-time settings
@@ -242,8 +254,11 @@ exports.run = function (appDir, options) {
           result.outcome === "wrong-release" ||
           (result.outcome === "terminated" &&
            result.signal === undefined && result.code === undefined)) {
-        runner.stop();
-        fut.isResolved() || fut['return'](result);
+        // Allow run() to continue (and call runner.stop()) only once the
+        // AppRunner has processed our "return false"; otherwise we deadlock.
+        process.nextTick(function () {
+          fut.isResolved() || fut['return'](result);
+        });
         return false;  // stop restarting
       }
       runner.regenerateAppPort();
diff --git a/tools/run-app.js b/tools/run-app.js
index 390636783c..5003e6cff3 100644
--- a/tools/run-app.js
+++ b/tools/run-app.js
@@ -10,7 +10,7 @@ var bundler = require('./bundler.js');
 var release = require('./release.js');
 var buildmessage = require('./buildmessage.js');
 var inFiber = require('./fiber-helpers.js').inFiber;
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 
 // Parse out s as if it were a bash command line.
 var bashParse = function (s) {
@@ -51,6 +51,7 @@ var AppProcess = function (options) {
 
   self.bundlePath = options.bundlePath;
   self.port = options.port;
+  self.listenHost = options.listenHost;
   self.rootUrl = options.rootUrl;
   self.mongoUrl = options.mongoUrl;
   self.oplogUrl = options.oplogUrl;
@@ -168,12 +169,19 @@ _.extend(AppProcess.prototype, {
     env.PORT = self.port;
     env.ROOT_URL = self.rootUrl;
     env.MONGO_URL = self.mongoUrl;
-    if (self.oplogUrl)
+    if (self.oplogUrl) {
       env.MONGO_OPLOG_URL = self.oplogUrl;
-    if (self.settings)
+    }
+    if (self.settings) {
       env.METEOR_SETTINGS = self.settings;
-    else
+    } else {
       delete env.METEOR_SETTINGS;
+    }
+    if (self.listenHost) {
+      env.BIND_IP = self.listenHost;
+    } else {
+      delete env.BIND_IP;
+    }
 
     // Display errors from (eg) the NPM connect module over the network.
     env.NODE_ENV = 'development';
@@ -266,11 +274,9 @@ _.extend(AppProcess.prototype, {
 //   mongoUrl, oplogUrl, buildOptions, rootUrl, settingsFile, program,
 //   proxy
 //
-// To use, construct an instance of AppRunner, and then call start()
-// to start it running. Call stop() at any time to shut it down and
-// clean it up. You should call stop() to clean up even if you return
-// false from onRunEnd(); this stops the restarting but doesn't
-// destroy the AppRunner instance.
+// To use, construct an instance of AppRunner, and then call start() to start it
+// running. To stop it, either return false from onRunEnd, or call stop().  (But
+// don't call stop() from inside onRunEnd: that causes a deadlock.)
 //
 // The 'result' argument to onRunEnd is an object with keys:
 //
@@ -308,6 +314,7 @@ var AppRunner = function (appDir, options) {
   self.appDirForVersionCheck = options.appDirForVersionCheck || self.appDir;
   // note: run-all.js updates port directly
   self.port = options.port;
+  self.listenHost = options.listenHost;
   self.mongoUrl = options.mongoUrl;
   self.oplogUrl = options.oplogUrl;
   self.buildOptions = options.buildOptions;
@@ -324,6 +331,7 @@ var AppRunner = function (appDir, options) {
   self.startFuture = null;
   self.runFuture = null;
   self.exitFuture = null;
+  self.watchFuture = null;
 };
 
 _.extend(AppRunner.prototype, {
@@ -338,7 +346,8 @@ _.extend(AppRunner.prototype, {
     self.startFuture = new Future;
     self.fiber = new Fiber(function () {
       self._fiber();
-    }).run();
+    });
+    self.fiber.run();
     self.startFuture.wait();
     self.startFuture = null;
   },
@@ -360,6 +369,7 @@ _.extend(AppRunner.prototype, {
     self.exitFuture = new Future;
 
     self._runFutureReturn({ outcome: 'stopped' });
+    self._watchFutureReturn();
 
     self.exitFuture.wait();
     self.exitFuture = null;
@@ -443,6 +453,7 @@ _.extend(AppRunner.prototype, {
     var appProcess = new AppProcess({
       bundlePath: bundlePath,
       port: self.port,
+      listenHost: self.listenHost,
       rootUrl: self.rootUrl,
       mongoUrl: self.mongoUrl,
       oplogUrl: self.oplogUrl,
@@ -505,6 +516,15 @@ _.extend(AppRunner.prototype, {
     runFuture['return'](value);
   },
 
+  _watchFutureReturn: function () {
+    var self = this;
+    if (!self.watchFuture)
+      return;
+    var watchFuture = self.watchFuture;
+    self.watchFuture = null;
+    watchFuture.return();
+  },
+
   _fiber: function () {
     var self = this;
 
@@ -574,13 +594,20 @@ _.extend(AppRunner.prototype, {
       }
 
       if (self.watchForChanges) {
-        var fut = new Future;
+        self.watchFuture = new Future;
         var watcher = new watch.Watcher({
           watchSet: runResult.bundleResult.watchSet,
-          onChange: function () { fut['return'](); }
+          onChange: function () {
+            self._watchFutureReturn();
+          }
         });
         self.proxy.setMode("errorpage");
-        fut.wait();
+        // If onChange wasn't called synchronously (clearing watchFuture), wait
+        // on it.
+        self.watchFuture && self.watchFuture.wait();
+        // While we were waiting, did somebody stop() us?
+        if (self.exitFuture)
+          break;
         runLog.log("=> Modified -- restarting.");
         continue;
       }
diff --git a/tools/run-log.js b/tools/run-log.js
index 5a56a11516..f70062b1d7 100644
--- a/tools/run-log.js
+++ b/tools/run-log.js
@@ -173,5 +173,12 @@ _.extend(RunLog.prototype, {
   }
 });
 
-// Export a singleton instance of RunLog.
-exports.runLog = new RunLog;
+// Create a singleton instance of RunLog. Expose its public methods on the
+// object you get with require('./run-log.js').
+var runLogInstance = new RunLog;
+_.each(
+  ['log', 'logTemporary', 'logRestart', 'logAppOutput', 'setRawLogs',
+   'finish', 'clearLog', 'getLog'],
+  function (method) {
+    exports[method] = _.bind(runLogInstance[method], runLogInstance);
+  });
diff --git a/tools/run-mongo.js b/tools/run-mongo.js
index c933c9f4dd..faf2b6d511 100644
--- a/tools/run-mongo.js
+++ b/tools/run-mongo.js
@@ -5,8 +5,9 @@ var files = require('./files.js');
 var utils = require('./utils.js');
 var release = require('./release.js');
 var mongoExitCodes = require('./mongo-exit-codes.js');
-var inFiber = require('./fiber-helpers.js').inFiber;
-var runLog = require('./run-log.js').runLog;
+var fiberHelpers = require('./fiber-helpers.js');
+var inFiber = fiberHelpers.inFiber;
+var runLog = require('./run-log.js');
 
 var _ = require('underscore');
 var unipackage = require('./unipackage.js');
@@ -60,7 +61,7 @@ var findMongoPids = function (appDir, port) {
         // Matches mongos we start. Note that this matches
         // 'fake-mongod' (our mongod stub for automated tests) as well
         // as 'mongod'.
-        var m = line.match(/^\s*(\d+).+mongod .+--port (\d+) --dbpath (.+)(?:\/|\\)\.meteor(?:\/|\\)local(?:\/|\\)db(?: |$)/);
+        var m = line.match(/^\s*(\d+).+mongod .+--port (\d+) --dbpath (.+)(?:\/|\\)\.meteor(?:\/|\\)local(?:\/|\\)db/);
         if (m && m.length === 4) {
           var foundPid =  parseInt(m[1]);
           var foundPort = parseInt(m[2]);
@@ -148,20 +149,37 @@ var findMongoAndKillItDead = function (port) {
   });
 };
 
-// Starts a single instance of mongod, and configures it properly. Does not
-// yield.
+var StoppedDuringLaunch = function () {};
+
+// Starts a single instance of mongod, and configures it properly as a singleton
+// replica set. Yields.  Returns once the mongod is successfully listening (or
+// the process exited).
+//
+// Takes an onExit handler, which will be invoked when the process exits (which
+// may be before or after this function returns depending on whether or not it
+// ever successfully started).
+//
+// If the 'multiple' option is set, it actually sets up three mongod instances
+// (launching the second and third on the next two ports after the specified
+// port). In this case, if any of the three instances exit for any reason, all
+// are killed (and onExit is then invoked). Also, the entirety of all three
+// databases is deleted before starting up.  This is mode intended for testing
+// mongo failover, not for normal development or production use.
 var launchMongo = function (options) {
-  var onListen = options.onListen || function () {};
   var onExit = options.onExit || function () {};
 
   var noOplog = false;
   var mongod_path = path.join(
     files.getDevBundle(), 'mongodb', 'bin', 'mongod');
+  var replSetName = 'meteor';
 
   // Automated testing: If this is set, instead of starting mongod, we
   // start our stub (fake-mongod) which can then be remote-controlled
   // by the test.
   if (process.env.METEOR_TEST_FAKE_MONGOD_CONTROL_PORT) {
+    if (options.multiple)
+      throw Error("Can't specify multiple with fake mongod");
+
     mongod_path = path.join(files.getCurrentToolsDir(),
                             'tools', 'tests', 'fake-mongod', 'fake-mongod');
 
@@ -170,81 +188,98 @@ var launchMongo = function (options) {
     noOplog = true;
   }
 
-  // store data in appDir
-  var dbPath = path.join(options.appDir, '.meteor', 'local', 'db');
-  files.mkdir_p(dbPath, 0755);
   // add .gitignore if needed.
   files.addToGitignore(path.join(options.appDir, '.meteor'), 'local');
 
-  var proc = null;
-  var cancelStartup = false;
-  var callOnExit;
+  var subHandles = [];
+  var stopped = false;
+  var stopFuture = new Future;
+
+  // Like Future.wrap and _.bind in one.
+  var yieldingMethod = function (/* object, methodName, args */) {
+    var args = _.toArray(arguments);
+    var object = args.shift();
+    var methodName = args.shift();
+    var f = new Future;
+    args.push(f.resolver());
+    object[methodName].apply(object, args);
+    return fiberHelpers.waitForOne(stopFuture, f);
+  };
 
   var handle = {
     stop: function () {
-      if (! proc)
-        cancelStartup = true;
-      else {
-        proc.removeListener('exit', callOnExit);
-        proc.kill('SIGINT');
-      }
+      if (stopped)
+        return;
+      stopped = true;
+      _.each(subHandles, function (handle) {
+        handle.stop();
+      });
+
+      stopFuture.throw(new StoppedDuringLaunch);
     }
   };
 
-  Fiber(function () {
-    findMongoAndKillItDead(options.port);
+  var launchOneMongoAndWaitForReadyForInitiate = function (dbPath, port,
+                                                           portFile) {
+    files.mkdir_p(dbPath, 0755);
 
-    var portFile = path.join(dbPath, 'METEOR-PORT');
-    var portFileExists = false;
-    var createReplSet = true;
-    try {
-      createReplSet = +(fs.readFileSync(portFile)) !== options.port;
-      portFileExists = true;
-    } catch (e) {
-      if (!e || e.code !== 'ENOENT')
-        throw e;
-    }
+    var proc = null;
+    var procExitHandler;
 
-    if (noOplog)
-      createReplSet = false;
-
-    // If this is the first time we're using this DB, or we changed
-    // port since the last time, then we want to destroy any
-    // existing replSet configuration and create a new one. First we
-    // delete the "local" database if it exists. (It's a pain and slow
-    // to change the port in an existing replSet configuration. It's
-    // also a little slow to initiate a new replSet, thus the attempt
-    // to not do it unless the port changes.)
-    if (createReplSet) {
-      // Delete the port file, so we don't mistakenly believe that the DB is
-      // still configured.
-      if (portFileExists)
-        fs.unlinkSync(portFile);
+    findMongoAndKillItDead(port);
 
+    if (options.multiple) {
+      // This is only for testing, so we're OK with incurring the replset
+      // setup on each startup.
+      files.rm_recursive(dbPath);
+      files.mkdir_p(dbPath, 0755);
+    } else if (portFile) {
+      var portFileExists = false;
+      var matchingPortFileExists = false;
       try {
-        var dbFiles = fs.readdirSync(dbPath);
+        matchingPortFileExists = +(fs.readFileSync(portFile)) === port;
+        portFileExists = true;
       } catch (e) {
         if (!e || e.code !== 'ENOENT')
           throw e;
       }
-      _.each(dbFiles, function (dbFile) {
-        if (/^local\./.test(dbFile))
-          fs.unlinkSync(path.join(dbPath, dbFile));
-      });
 
-      // Load mongo-livedata so we'll be able to talk to it.
-      var mongoNpmModule = unipackage.load({
-        library: release.current.library,
-        packages: [ 'mongo-livedata' ],
-        release: release.current.name
-      })['mongo-livedata'].MongoInternals.NpmModule;
+      // If this is the first time we're using this DB, or we changed port since
+      // the last time, then we want to destroy any existing replSet
+      // configuration and create a new one. First we delete the "local"
+      // database if it exists. (It's a pain and slow to change the port in an
+      // existing replSet configuration. It's also a little slow to initiate a
+      // new replSet, thus the attempt to not do it unless the port changes.)
+      //
+      // In the "multiple" case, we just wipe out the entire database and incur
+      // the cost, because this won't affect normal users running meteor.
+      if (!matchingPortFileExists) {
+        // Delete the port file if it exists, so we don't mistakenly believe
+        // that the DB is still configured.
+        if (portFileExists)
+          fs.unlinkSync(portFile);
+
+        try {
+          var dbFiles = fs.readdirSync(dbPath);
+        } catch (e) {
+          if (!e || e.code !== 'ENOENT')
+            throw e;
+        }
+        _.each(dbFiles, function (dbFile) {
+          if (/^local\./.test(dbFile)) {
+            fs.unlinkSync(path.join(dbPath, dbFile));
+          }
+        });
+      }
     }
 
-    // Start mongod with a dummy replSet and wait for it to
-    // listen.
+    // Start mongod with a dummy replSet and wait for it to listen.
     var child_process = require('child_process');
-    var replSetName = 'meteor';
-    if (cancelStartup)
+
+    // Let's not actually start a process if we yielded (eg during
+    // findMongoAndKillItDead) and we decided to stop in the middle (eg, because
+    // we're in multiple mode and another process exited).
+    if (stopped)
       return;
     proc = child_process.spawn(mongod_path, [
       // nb: cli-test.sh and findMongoPids make strong assumptions about the
@@ -252,13 +287,72 @@ var launchMongo = function (options) {
       '--bind_ip', '127.0.0.1',
       '--smallfiles',
       '--nohttpinterface',
-      '--port', options.port,
+      '--port', port,
       '--dbpath', dbPath,
       // Use an 8MB oplog rather than 256MB. Uses less space on disk and
       // initializes faster. (Not recommended for production!)
       '--oplogSize', '8',
       '--replSet', replSetName
     ]);
+    subHandles.push({
+      stop: function () {
+        if (proc) {
+          proc.removeListener('exit', procExitHandler);
+          proc.kill('SIGINT');
+          proc = null;
+        }
+      }
+    });
+
+    procExitHandler = inFiber(function (code, signal) {
+      // Defang subHandle.stop().
+      proc = null;
+
+      // Kill any other processes too. This will also remove
+      // procExitHandler from the other processes, so onExit will only be called
+      // once.
+      handle.stop();
+
+      // Invoke the outer onExit callback.
+      onExit(code, signal, stderrOutput);
+    });
+    proc.on('exit', procExitHandler);
+
+    var listening = false;
+    var replSetReadyToBeInitiated = false;
+    var replSetReady = false;
+
+    var readyToTalkFuture = new Future;
+
+    var maybeReadyToTalk = function () {
+      if (readyToTalkFuture.isResolved())
+        return;
+      if (listening && (noOplog || replSetReadyToBeInitiated || replSetReady)) {
+        proc.stdout.removeListener('data', stdoutOnData);
+        readyToTalkFuture.return();
+      }
+    };
+
+    var stdoutOnData = inFiber(function (data) {
+      // note: don't use "else ifs" in this, because 'data' can have multiple
+      // lines
+      if (/config from self or any seed \(EMPTYCONFIG\)/.test(data)) {
+        replSetReadyToBeInitiated = true;
+        maybeReadyToTalk();
+      }
+
+      if (/ \[initandlisten\] waiting for connections on port/.test(data)) {
+        listening = true;
+        maybeReadyToTalk();
+      }
+
+      if (/ \[rsMgr\] replSet (PRIMARY|SECONDARY)/.test(data)) {
+        replSetReady = true;
+        maybeReadyToTalk();
+      }
+    });
+    proc.stdout.setEncoding('utf8');
+    proc.stdout.on('data', stdoutOnData);
 
     var stderrOutput = '';
     proc.stderr.setEncoding('utf8');
@@ -266,97 +360,165 @@ var launchMongo = function (options) {
       stderrOutput += data;
     });
 
-    callOnExit = function (code, signal) {
-      onExit(code, signal, stderrOutput);
-    };
-    proc.on('exit', callOnExit);
+    fiberHelpers.waitForOne(stopFuture, readyToTalkFuture);
+  };
 
-    proc.stdout.setEncoding('utf8');
-    var listening = false;
-    var replSetReady = false;
-    var replSetReadyToBeInitiated = false;
-    var alreadyInitiatedReplSet = false;
-    var alreadyCalledOnListen = false;
-    var maybeCallOnListen = function () {
-      if (listening && (replSetReady || noOplog) && !alreadyCalledOnListen) {
-        if (createReplSet)
-          fs.writeFileSync(portFile, options.port);
-        alreadyCalledOnListen = true;
-        onListen();
-      }
-    };
 
-    var maybeInitiateReplset = function () {
-      // We need to want to create a replset, be confident that the server is
-      // listening, be confident that the server's replset implementation is
-      // ready to be initiated, and have not already done it.
-      if (!(createReplSet && listening && replSetReadyToBeInitiated
-            && !alreadyInitiatedReplSet)) {
-        return;
-      }
+  var initiateReplSetAndWaitForReady = function () {
+    try {
+      // Load mongo-livedata so we'll be able to talk to it.
+      var mongoNpmModule = unipackage.load({
+        library: release.current.library,
+        packages: [ 'mongo-livedata' ],
+        release: release.current.name
+      })['mongo-livedata'].MongoInternals.NpmModule;
 
-      alreadyInitiatedReplSet = true;
-
-      // Connect to it and start a replset.
+      // Connect to the intended primary and start a replset.
       var db = new mongoNpmModule.Db(
-        'meteor', new mongoNpmModule.Server('127.0.0.1', options.port),
+        'meteor',
+        new mongoNpmModule.Server('127.0.0.1', options.port, {poolSize: 1}),
         {safe: true});
-      db.open(function(err, db) {
-        if (err)
-          throw err;
-        db.admin().command({
-          replSetInitiate: {
-            _id: replSetName,
-            members: [{_id : 0, host: '127.0.0.1:' + options.port}]
-          }
-        }, function (err, result) {
-          if (err)
-              throw err;
-          // why this isn't in the error is unclear.
-          if (result && result.documents && result.documents[0]
-              && result.documents[0].errmsg) {
-            throw result.document[0].errmsg;
-          }
-          db.close(true);
+      yieldingMethod(db, 'open');
+      if (stopped)
+        return;
+      var configuration = {
+        _id: replSetName,
+        members: [{_id: 0, host: '127.0.0.1:' + options.port, priority: 100}]
+      };
+      if (options.multiple) {
+        // Add two more members: one of which should start as secondary but
+        // could in theory become primary, and one of which can never be
+        // primary.
+        configuration.members.push({
+          _id: 1, host: '127.0.0.1:' + (options.port + 1), priority: 5
         });
+        configuration.members.push({
+          _id: 2, host: '127.0.0.1:' + (options.port + 2), priority: 0
+        });
+      }
+
+      var initiateResult = yieldingMethod(
+        db.admin(), 'command', {replSetInitiate: configuration});
+      if (stopped)
+        return;
+      // why this isn't in the error is unclear.
+      if (initiateResult && initiateResult.documents
+          && initiateResult.documents[0]
+          && initiateResult.documents[0].errmsg) {
+        var err = initiateResult.documents[0].errmsg;
+        if (err !== "already initialized") {
+          throw Error("rs.initiate error: " +
+                      initiateResult.documents[0].errmsg);
+        }
+      }
+      // XXX timeout eventually?
+      while (!stopped) {
+        var status = yieldingMethod(db.admin(), 'command',
+                                    {replSetGetStatus: 1});
+        if (!(status && status.documents && status.documents[0]))
+          throw status;
+        status = status.documents[0];
+        if (!status.ok) {
+          if (status.startupStatus === 6) {  // "SOON"
+            utils.sleepMs(20);
+            continue;
+          }
+          throw status.errmsg;
+        }
+        // See http://docs.mongodb.org/manual/reference/replica-states/
+        // for information about the various states.
+
+        // Are any of the members starting up or recovering?
+        if (_.any(status.members, function (member) {
+          return member.stateStr === 'STARTUP' ||
+            member.stateStr === 'STARTUP2' ||
+            member.stateStr === 'RECOVERING';
+        })) {
+          utils.sleepMs(20);
+          continue;
+        }
+
+        // Is the intended primary currently a secondary? (It passes through
+        // that phase briefly.)
+
+        if (status.members[0].stateStr === 'SECONDARY') {
+          utils.sleepMs(20);
+          continue;
+        }
+
+        // Anything else for the intended primary is probably an error.
+        if (status.members[0].stateStr !== 'PRIMARY') {
+          throw Error("Unexpected Mongo status: " + JSON.stringify(status));
+        }
+
+        // Anything but secondary for the other members is probably an error.
+        for (var i = 1; i < status.members.length; ++i) {
+          if (status.members[i].stateStr !== 'SECONDARY') {
+            throw Error("Unexpected Mongo secondary status: " +
+                        JSON.stringify(status));
+          }
+        }
+
+        break;
+      }
+
+      db.close(true /* means "the app is closing the connection" */);
+    } catch (e) {
+      // If the process has exited, we're doing another form of error
+      // handling. No need to throw random low-level errors farther.
+      if (!stopped || (e instanceof StoppedDuringLaunch))
+        throw e;
+    }
+  };
+
+  try {
+    if (options.multiple) {
+      var dbBasePath = path.join(options.appDir, '.meteor', 'local', 'dbs');
+      _.each(_.range(3), function (i) {
+        // Did we get stopped (eg, by one of the processes exiting) by now? Then
+        // don't start anything new.
+        if (stopped)
+          return;
+        var dbPath = path.join(options.appDir, '.meteor', 'local', 'dbs', ''+i);
+        launchOneMongoAndWaitForReadyForInitiate(dbPath, options.port + i);
       });
-    };
-
-    proc.stdout.on('data', function (data) {
-      // note: don't use "else ifs" in this, because 'data' can have multiple
-      // lines
-      if (/config from self or any seed \(EMPTYCONFIG\)/.test(data)) {
-        replSetReadyToBeInitiated = true;
-        maybeInitiateReplset();
+      if (!stopped) {
+        initiateReplSetAndWaitForReady();
       }
-
-      if (/ \[initandlisten\] waiting for connections on port/.test(data)) {
-        listening = true;
-        maybeInitiateReplset();
-        maybeCallOnListen();
+    } else {
+      var dbPath = path.join(options.appDir, '.meteor', 'local', 'db');
+      var portFile = !noOplog && path.join(dbPath, 'METEOR-PORT');
+      launchOneMongoAndWaitForReadyForInitiate(dbPath, options.port, portFile);
+      if (!stopped && !noOplog) {
+        initiateReplSetAndWaitForReady();
+        if (!stopped) {
+          // Write down that we configured the database properly.
+          fs.writeFileSync(portFile, options.port);
+        }
       }
+    }
+  } catch (e) {
+    if (!(e instanceof StoppedDuringLaunch))
+      throw e;
+  }
 
-      if (/ \[rsMgr\] replSet PRIMARY/.test(data)) {
-        replSetReady = true;
-        maybeCallOnListen();
-      }
-    });
-  }).run();
+  if (stopped)
+    return null;
 
   return handle;
 };
 
-
 // This runs a Mongo process and restarts it whenever it fails. If it
 // restarts too often, we give up on restarting it, diagnostics are
 // logged, and onFailure is called.
 //
-// options: appDir, port, onFailure
+// options: appDir, port, onFailure, multiple
 var MongoRunner = function (options) {
   var self = this;
   self.appDir = options.appDir;
   self.port = options.port;
   self.onFailure = options.onFailure;
+  self.multiple = options.multiple;
 
   self.handle = null;
   self.shuttingDown = false;
@@ -381,11 +543,34 @@ _.extend(MongoRunner.prototype, {
     if (self.handle)
       throw new Error("already running?");
 
-    self.startupFuture = new Future;
     self._startOrRestart();
-    return self.startupFuture.wait();
+
+    // Did we properly start up? Great!
+    if (self.handle)
+      return;
+
+    // Are we shutting down? OK.
+    if (self.shuttingDown)
+      return;
+
+    // Otherwise, wait for a successful _startOrRestart, or a failure.
+    if (!self.startupFuture) {
+      self.startupFuture = new Future;
+      self.startupFuture.wait();
+    }
   },
 
+  // Tries to launch Mongo once.  It returns when either (a) Mongo is listening
+  // or (b) mongod exited before it got to the point of listening.
+  //
+  // (To be specific: in non-multiple mode, this means that the single mongod is
+  // listening and the primary, or that the single mongod died. In multiple
+  // mode, it means that the first mongod is listening and is primary and the
+  // other mongods are listening and are secondary, or that any mongod died (and
+  // it tried to kill the others).)
+  //
+  // In case (a), self.handle will be the handle returned from launchMongo; in
+  // case (b) self.handle will be null.
   _startOrRestart: function () {
     var self = this;
 
@@ -395,22 +580,18 @@ _.extend(MongoRunner.prototype, {
     self.handle = launchMongo({
       appDir: self.appDir,
       port: self.port,
-      onExit: _.bind(self._exited, self),
-      onListen: function () {
-        if (self.startupFuture) {
-          // It's come up successfully for the first time. Make
-          // start() return.
-          self.startupFuture['return'](true);
-          self.startupFuture = null;
-        }
-      }
+      multiple: self.multiple,
+      onExit: _.bind(self._exited, self)
     });
+    if (self.handle) {
+      self._allowStartupToReturn();
+    }
   },
 
   _exited: function (code, signal, stderr) {
     var self = this;
+
     self.handle = null;
-    self.restartTimer = null;
 
     // If Mongo exited because (or rather, anytime after) we told it
     // to exit, great, nothing to do. Otherwise, we'll print an error
@@ -421,7 +602,15 @@ _.extend(MongoRunner.prototype, {
     // Print the last 20 lines of stderr.
     runLog.log(
       stderr.split('\n').slice(-20).join('\n') +
-      "Unexpected mongo exit code " + code + ". Restarting.");
+      "Unexpected mongo exit code " + code +
+        (self.multiple ? "." : ". Restarting."));
+
+    // If we're in multiple mode, we never try to restart. That's to keep the
+    // test-only multiple code simple.
+    if (self.multiple) {
+      self._fail();
+      return;
+    }
 
     // We'll restart it up to 3 times in a row. The counter is reset
     // when 5 seconds goes without a restart. (Note that by using a
@@ -431,12 +620,14 @@ _.extend(MongoRunner.prototype, {
     if (self.errorTimer)
       clearTimeout(self.errorTimer);
     self.errorTimer = setTimeout(function () {
+      self.errorTimer = null;
       self.errorCount = 0;
     }, 5000);
 
     if (self.errorCount < 3) {
       // Wait a second, then restart.
       self.restartTimer = setTimeout(inFiber(function () {
+        self.restartTimer = null;
         self._startOrRestart();
       }), 1000);
       return;
@@ -464,13 +655,7 @@ _.extend(MongoRunner.prototype, {
     }
 
     runLog.log(message);
-    self.onFailure && self.onFailure();
-
-    if (self.startupFuture) {
-      // start() is still blocking.. make it return
-      self.startupFuture['return'](false);
-      self.startupFuture = null;
-    }
+    self._fail();
   },
 
   // Idempotent
@@ -489,6 +674,43 @@ _.extend(MongoRunner.prototype, {
       self.handle.stop();
       self.handle = null;
     }
+  },
+
+  _allowStartupToReturn: function () {
+    var self = this;
+    if (self.startupFuture) {
+      var startupFuture = self.startupFuture;
+      self.startupFuture = null;
+      startupFuture.return();
+    }
+  },
+
+  _fail: function () {
+    var self = this;
+    self.stop();
+    self.onFailure && self.onFailure();
+    self._allowStartupToReturn();
+  },
+
+  _mongoHosts: function () {
+    var self = this;
+    var ports = [self.port];
+    if (self.multiple) {
+      ports.push(self.port + 1, self.port + 2);
+    }
+    return _.map(ports, function (port) {
+      return "127.0.0.1:" + port;
+    }).join(",");
+  },
+
+  mongoUrl: function () {
+    var self = this;
+    return "mongodb://" + self._mongoHosts() + "/meteor";
+  },
+
+  oplogUrl: function () {
+    var self = this;
+    return "mongodb://" + self._mongoHosts() + "/local";
   }
 });
 
diff --git a/tools/run-proxy.js b/tools/run-proxy.js
index 18ae901e95..c263c16432 100644
--- a/tools/run-proxy.js
+++ b/tools/run-proxy.js
@@ -1,14 +1,16 @@
 var _ = require('underscore');
 var Future = require('fibers/future');
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 
-// options: listenPort, proxyToPort, onFailure
+// options: listenPort, proxyToPort, proxyToHost, onFailure
 var Proxy = function (options) {
   var self = this;
 
   self.listenPort = options.listenPort;
+  self.listenHost = options.listenHost;
   // note: run-all.js updates proxyToPort directly
   self.proxyToPort = options.proxyToPort;
+  self.proxyToHost = options.proxyToHost || '127.0.0.1';
   self.onFailure = options.onFailure || function () {};
 
   self.mode = "hold";
@@ -56,7 +58,7 @@ _.extend(Proxy.prototype, {
 
     var fut = new Future;
     self.server.on('error', function (err) {
-      if (err.code == 'EADDRINUSE') {
+      if (err.code === 'EADDRINUSE') {
         var port = self.listenPort;
         runLog.log(
 "Can't listen on port " + port + ". Perhaps another Meteor is running?\n" +
@@ -64,6 +66,15 @@ _.extend(Proxy.prototype, {
 "Running two copies of Meteor in the same application directory\n" +
 "will not work. If something else is using port " + port + ", you can\n" +
 "specify an alternative port with --port <port>.");
+      } else if (self.listenHost &&
+                 (err.code === 'ENOTFOUND' || err.code === 'EADDRNOTAVAIL')) {
+        // This handles the case of "entered a DNS name that's unknown"
+        // (ENOTFOUND from getaddrinfo) and "entered some random IP that we
+        // can't bind to" (EADDRNOTAVAIL from listen).
+        runLog.log(
+"Can't listen on host " + self.listenHost + " (" + err.code + " from " +
+            err.syscall + ").");
+
       } else {
         runLog.log('' + err);
       }
@@ -91,7 +102,7 @@ _.extend(Proxy.prototype, {
       }
     });
 
-    self.server.listen(self.listenPort, function () {
+    self.server.listen(self.listenPort, self.listenHost || '0.0.0.0', function () {
       if (self.server) {
         self.started = true;
       } else {
@@ -167,7 +178,7 @@ _.extend(Proxy.prototype, {
         c.res.end();
       } else {
         self.proxy.web(c.req, c.res, {
-          target: 'http://127.0.0.1:' + self.proxyToPort
+          target: 'http://' + self.proxyToHost + ':' + self.proxyToPort
         });
       }
     }
@@ -178,7 +189,7 @@ _.extend(Proxy.prototype, {
 
       var c = self.websocketQueue.shift();
       self.proxy.ws(c.req, c.socket, c.head, {
-        target: 'http://127.0.0.1:' + self.proxyToPort
+        target: 'http://' + self.proxyToHost + ':' + self.proxyToPort
       });
     }
   },
diff --git a/tools/selftest.js b/tools/selftest.js
index 075be81072..494fe53ea2 100644
--- a/tools/selftest.js
+++ b/tools/selftest.js
@@ -891,6 +891,12 @@ _.extend(Run.prototype, {
     }
 
     self.fakeMongoConnection.write(JSON.stringify(command) + "\n");
+    // If we told it to exit, then we should close our end and connect again if
+    // asked to send more.
+    if (command.exit) {
+      self.fakeMongoConnection.end();
+      self.fakeMongoConnection = null;
+    }
   })
 });
 
diff --git a/tools/server/boot.js b/tools/server/boot.js
index aa4df6c439..6f401f4140 100644
--- a/tools/server/boot.js
+++ b/tools/server/boot.js
@@ -5,8 +5,8 @@ var Future = require(path.join("fibers", "future"));
 var _ = require('underscore');
 var sourcemap_support = require('source-map-support');
 
-// This code is duplicated in tools/meteor.js.
-var MIN_NODE_VERSION = 'v0.10.25';
+// This code is duplicated in tools/main.js.
+var MIN_NODE_VERSION = 'v0.10.26';
 
 if (require('semver').lt(process.version, MIN_NODE_VERSION)) {
   process.stderr.write(
diff --git a/tools/test-utils.js b/tools/test-utils.js
index 6df7c33486..c9840ff65b 100644
--- a/tools/test-utils.js
+++ b/tools/test-utils.js
@@ -75,7 +75,7 @@ exports.cleanUpLegacyApp = function (sandbox, name, password) {
     run.matchErr('Password:');
     run.write(password + '\n');
   }
-  run.waitSecs(20);
+  run.waitSecs(60);
   run.match('Deleted');
   // XXX same as above, we should be waiting for exit code 0, but the
   // process appears to never exit.
diff --git a/tools/tests/apps/ddp-heartbeat/.meteor/.gitignore b/tools/tests/apps/ddp-heartbeat/.meteor/.gitignore
new file mode 100644
index 0000000000..4083037423
--- /dev/null
+++ b/tools/tests/apps/ddp-heartbeat/.meteor/.gitignore
@@ -0,0 +1 @@
+local
diff --git a/tools/tests/apps/ddp-heartbeat/.meteor/packages b/tools/tests/apps/ddp-heartbeat/.meteor/packages
new file mode 100644
index 0000000000..60221cd338
--- /dev/null
+++ b/tools/tests/apps/ddp-heartbeat/.meteor/packages
@@ -0,0 +1,7 @@
+# Meteor packages used by this project, one per line.
+#
+# 'meteor add' and 'meteor remove' will edit this file for you,
+# but you can also edit it by hand.
+
+standard-app-packages
+underscore
diff --git a/tools/tests/apps/ddp-heartbeat/.meteor/release b/tools/tests/apps/ddp-heartbeat/.meteor/release
new file mode 100644
index 0000000000..621e94f0ec
--- /dev/null
+++ b/tools/tests/apps/ddp-heartbeat/.meteor/release
@@ -0,0 +1 @@
+none
diff --git a/tools/tests/apps/ddp-heartbeat/server/heartbeat_test.js b/tools/tests/apps/ddp-heartbeat/server/heartbeat_test.js
new file mode 100644
index 0000000000..f6e7bb49a7
--- /dev/null
+++ b/tools/tests/apps/ddp-heartbeat/server/heartbeat_test.js
@@ -0,0 +1,96 @@
+var Fiber = Npm.require("fibers");
+var Future = Npm.require("fibers/future");
+
+// XXX Deps isn't supported on the server... but we need a way to
+// capture client connection status transitions.
+
+var waitReactive = function (fn) {
+  var future = new Future();
+  var timeoutHandle = Meteor.setTimeout(
+    function () {
+      future.throw(new Error("timeout"));
+    },
+    60000
+  );
+  Deps.autorun(function (c) {
+    var ret = fn();
+    if (ret) {
+      c.stop();
+      Meteor.clearTimeout(timeoutHandle);
+
+      // We need to run in a fiber for `defer`.
+      Fiber(function () {
+        // Use `defer` because yields are blocked inside of autorun.
+        Meteor.defer(function () {
+          future.return(ret);
+        })
+      }).run();
+    }
+  });
+  return future.wait();
+};
+
+var waitForClientConnectionStatus = function (connection, status) {
+  waitReactive(function () {
+    return connection.status().status === status;
+  });
+};
+
+
+// Expect to connect, and then to reconnect (presumably because of a
+// timeout).
+
+var expectConnectAndReconnect = function (clientConnection) {
+  console.log("client is connecting");
+  waitForClientConnectionStatus(clientConnection, "connected");
+
+  console.log("client is connected, expecting ping timeout and reconnect");
+  waitForClientConnectionStatus(clientConnection, "connecting");
+
+  console.log("client is reconnecting");
+};
+
+
+var testClientTimeout = function () {
+  console.log("Test client timeout");
+
+  var savedServerOptions = _.clone(Meteor.server.options);
+  Meteor.server.options.heartbeatInterval = 0;
+  Meteor.server.options.respondToPings = false;
+
+  var clientConnection = DDP.connect(Meteor.absoluteUrl());
+
+  expectConnectAndReconnect(clientConnection);
+
+  clientConnection.close();
+
+  Meteor.server.options = savedServerOptions;
+
+  console.log("test successful\n");
+};
+
+
+var testServerTimeout = function () {
+  console.log("Test server timeout");
+
+  var clientConnection = DDP.connect(
+    Meteor.absoluteUrl(),
+    {
+      heartbeatInterval: 0,
+      respondToPings: false
+    }
+  );
+
+  expectConnectAndReconnect(clientConnection);
+
+  clientConnection.close();
+  console.log("test successful\n");
+};
+
+Fiber(function () {
+  Meteor._printReceivedDDP = true;
+  Meteor._printSentDDP = true;
+  testClientTimeout();
+  testServerTimeout();
+  process.exit(0);
+}).run();
diff --git a/tools/tests/apps/failover-test/.meteor/.gitignore b/tools/tests/apps/failover-test/.meteor/.gitignore
new file mode 100644
index 0000000000..4083037423
--- /dev/null
+++ b/tools/tests/apps/failover-test/.meteor/.gitignore
@@ -0,0 +1 @@
+local
diff --git a/tools/tests/apps/failover-test/.meteor/packages b/tools/tests/apps/failover-test/.meteor/packages
new file mode 100644
index 0000000000..2334f880ed
--- /dev/null
+++ b/tools/tests/apps/failover-test/.meteor/packages
@@ -0,0 +1,9 @@
+# Meteor packages used by this project, one per line.
+#
+# 'meteor add' and 'meteor remove' will edit this file for you,
+# but you can also edit it by hand.
+
+meteor
+mongo-livedata
+underscore
+random
diff --git a/tools/tests/apps/failover-test/.meteor/release b/tools/tests/apps/failover-test/.meteor/release
new file mode 100644
index 0000000000..621e94f0ec
--- /dev/null
+++ b/tools/tests/apps/failover-test/.meteor/release
@@ -0,0 +1 @@
+none
diff --git a/tools/tests/apps/failover-test/server/failover-test.js b/tools/tests/apps/failover-test/server/failover-test.js
new file mode 100644
index 0000000000..1b704d1e12
--- /dev/null
+++ b/tools/tests/apps/failover-test/server/failover-test.js
@@ -0,0 +1,91 @@
+// Tests that an observeChanges created before a failover continues to work
+// after the failover. Doesn't test anything in particular about writes that
+// occur immediately before the failover, but does ensure that a write after the
+// failover is observed.
+//
+// Prints various things. On success, prints SUCCESS and exits 0. On failure,
+// exits non-0.
+
+var C = new Meteor.Collection(Random.id());
+
+var steps = {};
+var nextStepTimeout = null;
+
+var setNextStepTimeout = function () {
+  nextStepTimeout = Meteor.setTimeout(function () {
+    console.log('Waited too long and no next step happened.');
+    process.exit(1);
+  }, 30*1000);
+};
+
+var originalMasterName = null;
+
+steps.initialized = function () {
+  // Great, we got the first thing. Let's get another thing.
+  C.insert({step: 'next'});
+  var db = MongoInternals.defaultRemoteCollectionDriver().mongo.db;
+  var master = db.serverConfig._state.master;
+  if (!master) {
+    console.log("No master in initialized?");
+    process.exit(1);
+  }
+  originalMasterName = master.name;
+  console.log("Master starts as", originalMasterName);
+};
+
+steps.next = function () {
+  // Great, we can continue to add things. Now trigger a failover.
+  var db = MongoInternals.defaultRemoteCollectionDriver().mongo.db;
+  db.admin().command({replSetStepDown: 60, force: true});
+  while (true) {
+    try {
+      console.log("trying to insert");
+      C.insert({step: 'steppedDown'});
+      console.log("inserted");
+      return;
+    } catch (e) {
+      console.log("failed to insert", e);
+    }
+  }
+};
+
+steps.steppedDown = function () {
+  console.log("Write succeeded after stepdown.");
+  var db = MongoInternals.defaultRemoteCollectionDriver().mongo.db;
+  var master = db.serverConfig._state.master;
+  if (!master) {
+    console.log("No master in steppedDown?");
+    process.exit(1);
+  }
+  if (master.name === originalMasterName) {
+    console.log("Master didn't change?");
+    process.exit(1);
+  }
+  console.log("Master ended as", master.name);
+  console.log("SUCCESS");
+  process.exit(0);
+};
+
+C.find().observeChanges({
+  added: function (id, fields) {
+    if (nextStepTimeout) {
+      Meteor.clearTimeout(nextStepTimeout);
+      nextStepTimeout = null;
+    }
+    if (!fields.step && _.has(steps, fields.step)) {
+      console.log('Unexpected step:', fields.step);
+      process.exit(1);
+    }
+    console.log("Step", fields.step);
+    steps[fields.step]();
+    setNextStepTimeout();
+  }
+});
+
+setNextStepTimeout();
+
+C.insert({step: 'initialized'});
+
+main = function (argv) {
+  return 'DAEMON';
+};
diff --git a/tools/tests/ddp-heartbeat.js b/tools/tests/ddp-heartbeat.js
new file mode 100644
index 0000000000..643947ae7d
--- /dev/null
+++ b/tools/tests/ddp-heartbeat.js
@@ -0,0 +1,18 @@
+var selftest = require('../selftest.js');
+var Sandbox = selftest.Sandbox;
+
+var MONGO_LISTENING =
+  { stdout: " [initandlisten] waiting for connections on port" };
+
+selftest.define("ddp-heartbeat", ["slow"], function () {
+  var s = new Sandbox({ fakeMongo: true });
+  var run;
+
+  s.createApp("ddpapp", "ddp-heartbeat");
+  s.cd("ddpapp");
+
+  var run = s.run("--once", "--raw-logs");
+  run.tellMongo(MONGO_LISTENING);
+  run.waitSecs(120);
+  run.expectExit(0);
+});
diff --git a/tools/tests/list-sites.js b/tools/tests/list-sites.js
new file mode 100644
index 0000000000..48025566fc
--- /dev/null
+++ b/tools/tests/list-sites.js
@@ -0,0 +1,23 @@
+var _ = require('underscore');
+var selftest = require('../selftest.js');
+var testUtils = require('../test-utils.js');
+var files = require('../files.js');
+var Sandbox = selftest.Sandbox;
+var httpHelpers = require('../http-helpers.js');
+
+var commandTimeoutSecs = testUtils.accountsCommandTimeoutSecs;
+
+selftest.define('list-sites - basic', ['net', 'slow'], function () {
+  var s = new Sandbox;
+  var email = testUtils.randomUserEmail();
+  var appName1 = testUtils.randomAppName();
+  var appName2 = testUtils.randomAppName();
+  testUtils.deployWithNewEmail(s, email, appName1);
+  testUtils.createAndDeployApp(s, { appName: appName2 });
+  var run = s.run('list-sites');
+  run.waitSecs(commandTimeoutSecs);
+  run.read(appName1 + '.meteor.com' + '\n' + appName2 + '.meteor.com');
+  testUtils.cleanUpApp(s, appName1);
+  testUtils.cleanUpApp(s, appName2);
+  testUtils.logout(s);
+});
diff --git a/tools/tests/mongo.js b/tools/tests/mongo.js
new file mode 100644
index 0000000000..bfbf14d99c
--- /dev/null
+++ b/tools/tests/mongo.js
@@ -0,0 +1,21 @@
+var selftest = require('../selftest.js');
+var Sandbox = selftest.Sandbox;
+var utils = require('../utils.js');
+var net = require('net');
+var Future = require('fibers/future');
+var _ = require('underscore');
+var files = require('../files.js');
+
+// Tests that observeChanges continues to work even over a mongo failover.
+selftest.define("mongo failover", ["slow"], function () {
+  var s = new Sandbox();
+  s.set('METEOR_TEST_MULTIPLE_MONGOD_REPLSET', 't');
+  s.createApp("failover-test", "failover-test");
+  s.cd("failover-test");
+
+  var run = s.run("--once", "--raw-logs");
+  run.waitSecs(120);
+  run.match("SUCCESS\n");
+  run.expectEnd();
+  run.expectExit(0);
+});
diff --git a/tools/tests/old/test-bundler-options.js b/tools/tests/old/test-bundler-options.js
index 1304dad392..d82ab956cc 100644
--- a/tools/tests/old/test-bundler-options.js
+++ b/tools/tests/old/test-bundler-options.js
@@ -15,6 +15,12 @@ var tmpDir = function () {
 };
 
 var runTest = function () {
+  var readManifest = function (tmpOutputDir) {
+    return JSON.parse(fs.readFileSync(
+      path.join(tmpOutputDir, "programs", "client", "program.json"),
+      "utf8")).manifest;
+  };
+
   console.log("nodeModules: 'skip'");
   assert.doesNotThrow(function () {
     var tmpOutputDir = tmpDir();
@@ -38,10 +44,13 @@ var runTest = function () {
            .isDirectory());
 
     // verify that contents are minified
-    var appHtml = fs.readFileSync(path.join(tmpOutputDir, "programs",
-                                            "client", "app.html"), 'utf8');
-    assert(/src=\"##BUNDLED_JS_CSS_PREFIX##\/[0-9a-f]{40,40}.js\"/.test(appHtml));
-    assert(!(/src=\"##BUNDLED_JS_CSS_PREFIX##\/packages/.test(appHtml)));
+    var manifest = readManifest(tmpOutputDir);
+    _.each(manifest, function (item) {
+      if (item.type !== 'js')
+        return;
+      // Just a hash, and no "packages/".
+      assert(/^[0-9a-f]{40,40}\.js$/.test(item.path));
+    });
   });
 
   console.log("nodeModules: 'skip', no minify");
@@ -58,14 +67,25 @@ var runTest = function () {
     // sanity check -- main.js has expected contents.
     assert.strictEqual(fs.readFileSync(path.join(tmpOutputDir, "main.js"), "utf8"),
                        bundler._mainJsContents);
+
     // verify that contents are not minified
-    var appHtml = fs.readFileSync(path.join(tmpOutputDir, "programs",
-                                            "client", "app.html"), 'utf8');
-    assert(!(/src=\"##BUNDLED_JS_CSS_PREFIX##\/[0-9a-f]{40,40}.js\"/.test(appHtml)));
-    assert(/src=\"##BUNDLED_JS_CSS_PREFIX##\/packages\/meteor/.test(appHtml));
-    assert(/src=\"##BUNDLED_JS_CSS_PREFIX##\/packages\/deps/.test(appHtml));
-    // verify that tests aren't included
-    assert(!(/src=\"##BUNDLED_JS_CSS_PREFIX##\/package-tests\/meteor/.test(appHtml)));
+    var manifest = readManifest(tmpOutputDir);
+    var foundMeteor = false;
+    var foundDeps = false;
+    _.each(manifest, function (item) {
+      if (item.type !== 'js')
+        return;
+      // No minified hash.
+      assert(!/^[0-9a-f]{40,40}\.js$/.test(item.path));
+      // No tests.
+      assert(!/:tests/.test(item.path));
+      if (item.path === 'packages/meteor.js')
+        foundMeteor = true;
+      if (item.path === 'packages/deps.js')
+        foundDeps = true;
+    });
+    assert(foundMeteor);
+    assert(foundDeps);
   });
 
   console.log("nodeModules: 'skip', no minify, testPackages: ['meteor']");
@@ -82,10 +102,12 @@ var runTest = function () {
     // sanity check -- main.js has expected contents.
     assert.strictEqual(fs.readFileSync(path.join(tmpOutputDir, "main.js"), "utf8"),
                        bundler._mainJsContents);
+
     // verify that tests for the meteor package are included
-    var appHtml = fs.readFileSync(path.join(tmpOutputDir, "programs",
-                                            "client", "app.html"));
-    assert(/src=\"##BUNDLED_JS_CSS_PREFIX##\/packages\/meteor:tests\.js/.test(appHtml));
+    var manifest = readManifest(tmpOutputDir);
+    assert(_.find(manifest, function (item) {
+      return item.type === 'js' && item.path === 'packages/meteor:tests.js';
+    }));
   });
 
   console.log("nodeModules: 'copy'");
diff --git a/tools/tests/run.js b/tools/tests/run.js
index 45883021c1..80e4544544 100644
--- a/tools/tests/run.js
+++ b/tools/tests/run.js
@@ -12,7 +12,7 @@ var MONGO_LISTENING =
 var SIMPLE_WAREHOUSE = {
   v1: { tools: 'tools1' },
   v2: { tools: 'tools1', latest: true },
-  v3: { tools: 'tools1' },
+  v3: { tools: 'tools1' }
 };
 
 selftest.define("run", function () {
@@ -49,7 +49,9 @@ selftest.define("run", function () {
   run.waitSecs(5);
   run.match("is crashing");
   s.unlink("crash.js");
+  run.waitSecs(5);
   run.match("Modified");
+  run.waitSecs(5);
   run.match("restarted");
   s.write("empty.js", "");
   run.waitSecs(5);
@@ -63,6 +65,7 @@ selftest.define("run", function () {
   // Bundle failure
   s.unlink("crash.js");
   s.write("junk.js", "]");
+  run.waitSecs(5);
   run.match("Modified");
   run.match("prevented startup");
   run.match("Unexpected token");
@@ -70,6 +73,7 @@ selftest.define("run", function () {
 
   // Back to working
   s.unlink("junk.js");
+  run.waitSecs(5);
   run.match("restarted");
 
   // Crash just once, then restart successfully
@@ -85,6 +89,7 @@ selftest.define("run", function () {
 "}\n");
   run.waitSecs(5);
   run.match("with code: 137");
+  run.waitSecs(5);
   run.match("restarted");
   run.stop();
 
@@ -98,6 +103,7 @@ selftest.define("run", function () {
   run.match("Unexpected token");
   run.match("file change");
   s.unlink("junk.js");
+  run.waitSecs(5);
   run.match("restarted");
   run.stop();
 
@@ -287,3 +293,46 @@ selftest.define("update during run", ["checkout"], function () {
   run.stop();
   run.forbidAll("updated");
 });
+
+selftest.define("run with mongo crash", ["checkout"], function () {
+  var s = new Sandbox({ fakeMongo: true });
+  var run;
+
+  s.createApp("myapp", "standard-app");
+  s.cd("myapp");
+
+  // Kill mongod three times.  See that it gives up and quits.
+  run = s.run();
+  run.tellMongo(MONGO_LISTENING);
+  run.waitSecs(2);
+  run.match('localhost:3000/\n');
+  run.tellMongo({exit: 23});
+  run.read('Unexpected mongo exit code 23. Restarting.\n');
+  run.tellMongo({exit: 46});
+  run.read('Unexpected mongo exit code 46. Restarting.\n');
+  run.tellMongo({exit: 47});
+  run.read('Unexpected mongo exit code 47. Restarting.\n');
+  run.read("Can't start Mongo server.\n");
+  run.read("MongoDB exited due to excess clock skew\n");
+  run.expectEnd();
+  run.expectExit(254);
+
+  // Now create a build failure. Make sure that killing mongod three times
+  // *also* successfully quits even if we're waiting on file change.
+  s.write('bad.js', ']');
+  run = s.run();
+  run.tellMongo(MONGO_LISTENING);
+  run.waitSecs(2);
+  run.match("prevented startup");
+  run.match("file change.\n");
+  run.tellMongo({exit: 23});
+  run.read('Unexpected mongo exit code 23. Restarting.\n');
+  run.tellMongo({exit: 46});
+  run.read('Unexpected mongo exit code 46. Restarting.\n');
+  run.tellMongo({exit: 47});
+  run.read('Unexpected mongo exit code 47. Restarting.\n');
+  run.read("Can't start Mongo server.\n");
+  run.read("MongoDB exited due to excess clock skew\n");
+  run.expectEnd();
+  run.expectExit(254);
+});
diff --git a/tools/updater.js b/tools/updater.js
index e449bb5f3b..f0a0dd6245 100644
--- a/tools/updater.js
+++ b/tools/updater.js
@@ -4,7 +4,7 @@ var warehouse = require('./warehouse.js');
 var httpHelpers = require('./http-helpers.js');
 var config = require('./config.js');
 var release = require('./release.js');
-var runLog = require('./run-log.js').runLog;
+var runLog = require('./run-log.js');
 
 /**
  * Downloads the current manifest file and returns it. Throws