diff --git a/Gemfile.lock b/Gemfile.lock
index 5ae63f097..44d386e33 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -116,6 +116,7 @@ GEM
       rack (>= 1.0.0)
       rack-test (>= 0.5.4)
       selenium-webdriver (>= 0.0.3)
+    columnize (0.3.1)
     crack (0.1.8)
     cucumber (0.9.0)
       builder (~> 2.1.2)
@@ -151,6 +152,7 @@ GEM
     i18n (0.4.1)
     json (1.4.6)
     json_pure (1.4.6)
+    linecache (0.43)
     mail (2.2.6.1)
       activesupport (>= 2.3.6)
       mime-types
@@ -199,6 +201,7 @@ GEM
       rake (>= 0.8.4)
       thor (~> 0.14.0)
     rake (0.8.7)
+    redgreen (1.2.2)
     rest-client (1.6.1)
       mime-types (>= 1.16)
     rspec (2.0.0.beta.22)
@@ -214,6 +217,11 @@ GEM
     rspec-rails (2.0.0.beta.17)
       rspec (>= 2.0.0.beta.14)
       webrat (>= 0.7.0)
+    ruby-debug (0.10.3)
+      columnize (>= 0.1)
+      ruby-debug-base (~> 0.10.3.0)
+    ruby-debug-base (0.10.3)
+      linecache (>= 0.3)
     rubyzip (0.9.4)
     selenium-webdriver (0.0.28)
       ffi (>= 0.6.1)
@@ -270,9 +278,11 @@ DEPENDENCIES
   pubsubhubbub
   rails (= 3.0.0)
   redfinger!
+  redgreen
   roxml!
   rspec (>= 2.0.0.beta.17)
   rspec-rails (= 2.0.0.beta.17)
+  ruby-debug
   sprinkle!
   thin
   webmock
diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 2cac200e2..ab8939b87 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -21,12 +21,25 @@ class UsersController < ApplicationController
 
   def update
     @user = current_user
-
     data = clean_hash params[:user]
     prep_image_url(data)
 
+
+    params[:user].delete(:password) if params[:user][:password].blank?
+    params[:user].delete(:password_confirmation) if params[:user][:password].blank? and params[:user][:password_confirmation].blank?
+    
+    if params[:user][:password] && params[:user][:password_confirmation]
+      if @user.update_attributes(:password => params[:user][:password], :password_confirmation => params[:user][:password_confirmation])
+        flash[:notice] = "Password Changed"
+      else
+        flash[:error] = "Password Change Failed"
+      end
+      
+    end
+    
     @user.update_profile data
-    respond_with(@user, :location => root_url)
+    redirect_to edit_user_path(@user)
+
   end
 
   def public
diff --git a/app/views/publics/hcard.erb b/app/views/publics/hcard.erb
index 17b0ebdb7..6b8ab3209 100644
--- a/app/views/publics/hcard.erb
+++ b/app/views/publics/hcard.erb
@@ -36,7 +36,7 @@
       <dl class="entity_photo">
         <dt>Photo</dt>
         <dd>
-        <span class="photo"><%= @person.profile.image_url%></span>
+        <img class="photo avatar" src="<%= @person.profile.image_url%>" width="100" height="100"/>
         </dd>
       </dl>
       <dl class="entity_note">
diff --git a/app/views/publics/webfinger.erb b/app/views/publics/webfinger.erb
index b689f2a54..8c6d08657 100644
--- a/app/views/publics/webfinger.erb
+++ b/app/views/publics/webfinger.erb
@@ -6,7 +6,7 @@
   <Link rel="http://joindiaspora.com/seed_location" type = 'text/html' href="<%=@person.url%>"/>
   <Link rel="http://joindiaspora.com/guid" type = 'text/html' href="<%=@person.id%>"/>
 
-  <Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="<%=@person.public_url%>"/>
+  <Link rel="http://schemas.google.com/g/2010#updates-from" type="application/atom+xml" href="<%=@person.public_url%>.atom"/>
 
   <Link rel="diaspora-public-key" type = 'RSA' href="<%=Base64.encode64(@person.exported_key)%>"/>
 </XRD>
diff --git a/app/views/users/_profile.haml b/app/views/users/_profile.haml
index 774f3a094..8cffa53cb 100644
--- a/app/views/users/_profile.haml
+++ b/app/views/users/_profile.haml
@@ -47,6 +47,13 @@
     %p
       = p.label :last_name
       = p.text_field :last_name, :value => @profile.last_name
+  %p
+    = f.label :password
+    = f.text_field :password
+  %p
+    = f.label :password_confirmation
+    = f.text_field :password_confirmation
+
 
   #submit_block
     = link_to t('.cancel'), root_path
diff --git a/lib/diaspora/ostatus_builder.rb b/lib/diaspora/ostatus_builder.rb
index f75495ad2..92e12122a 100644
--- a/lib/diaspora/ostatus_builder.rb
+++ b/lib/diaspora/ostatus_builder.rb
@@ -30,7 +30,7 @@ module Diaspora
 <generator uri="http://joindiaspora.com/">Diaspora</generator>
 <id>#{@user.public_url}.atom</id>
 <title>#{@user.real_name}'s Public Feed</title>
-<subtitle>its a stream</subtitle>
+<subtitle>Posts from Diaspora</subtitle>
 <updated>#{Time.now.xmlschema}</updated>
 <author>
   <name>#{@user.real_name}</name>
@@ -53,6 +53,7 @@ module Diaspora
   <id>#{@user.public_url}</id>
   <title>#{@user.real_name}</title>
   <link rel="alternative" type="text/html" href="#{@user.public_url}"/>
+  <link rel="avatar" type="image/jpeg" media:width="100" media:height="100" href="#{@user.profile.image_url}"/>
 </activity:subject>
       XML
     end
diff --git a/lib/hcard.rb b/lib/hcard.rb
index e6baa49fd..d43326b56 100644
--- a/lib/hcard.rb
+++ b/lib/hcard.rb
@@ -8,6 +8,6 @@ module HCard
     {:given_name => doc.css(".given_name").text,
     :family_name => doc.css(".family_name").text,
     :url => doc.css("#pod_location").text,
-    :photo => doc.css(".photo")}
+    :photo => doc.css(".photo").src}
   end
 end
diff --git a/lib/message_handler.rb b/lib/message_handler.rb
index 351ca99d6..e3890d94f 100644
--- a/lib/message_handler.rb
+++ b/lib/message_handler.rb
@@ -34,8 +34,8 @@ class MessageHandler
         http = EventMachine::HttpRequest.new(query.destination).get :timeout => TIMEOUT
         http.callback {process}
       when :hub_publish
-        http = EventMachine::PubSubHubbub.new(query.destination).publish :timeout => TIMEOUT
-        http.callback {process; Rails.logger.debug(http.response)}
+        http = EventMachine::PubSubHubbub.new(query.destination).publish query.body, :timeout => TIMEOUT
+        http.callback {process}
       else
         raise "message is not a type I know!"
       end
diff --git a/spec/controllers/users_controller_spec.rb b/spec/controllers/users_controller_spec.rb
index a050738e1..272775771 100644
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@@ -27,7 +27,42 @@ describe UsersController do
         
         @user.person.profile.image_url.should == image_url
       end
+    end
 
+    context 'should allow the user to update their password' do
+      it 'should change a users password ' do
+        old_password = @user.encrypted_password
+
+        put("update", :id => @user.id, "user"=> {"password" => "foobaz", 'password_confirmation' => "foobaz","profile"=> 
+            {"image_url"   => "",
+            "last_name"  => @user.person.profile.last_name,
+            "first_name" => @user.person.profile.first_name}}) 
+
+        @user.reload
+        @user.encrypted_password.should_not == old_password
+      end
+
+      it 'should not change a password if they do not match' do 
+        old_password = @user.encrypted_password 
+        put("update", :id => @user.id, "user"=> {"password" => "foobarz", 'password_confirmation' => "not_the_same","profile"=> 
+            {"image_url"   => "",
+            "last_name"  => @user.person.profile.last_name,
+            "first_name" => @user.person.profile.first_name}}) 
+          @user.reload
+          @user.encrypted_password.should == old_password
+      end
+  
+
+      it 'should not update if the password fields are left blank' do 
+        
+          old_password = @user.encrypted_password 
+          put("update", :id => @user.id, "user"=> {"password" => "", 'password_confirmation' => "","profile"=> 
+              {"image_url"   => "",
+              "last_name"  => @user.person.profile.last_name,
+              "first_name" => @user.person.profile.first_name}}) 
+            @user.reload
+            @user.encrypted_password.should == old_password
+      end
     end
   end
 end
