diff --git a/Gemfile.lock b/Gemfile.lock
index 39a139ddd..234b8c003 100644
--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -195,7 +195,7 @@ GEM
     gherkin (2.2.9)
       json (~> 1.4.6)
       term-ansicolor (~> 1.0.5)
-    haml (3.0.23)
+    haml (3.0.24)
     hashie (0.4.0)
     highline (1.6.1)
     http_connection (1.4.0)
@@ -244,7 +244,7 @@ GEM
     net-ssh (2.0.23)
     net-ssh-gateway (1.0.1)
       net-ssh (>= 1.99.1)
-    nokogiri (1.4.3.1)
+    nokogiri (1.4.4)
     oa-basic (0.1.6)
       multi_json (~> 0.0.2)
       nokogiri (~> 1.4.2)
@@ -353,7 +353,7 @@ GEM
       eventmachine (>= 0.12.6)
       rack (>= 1.0.0)
     thor (0.14.4)
-    treetop (1.4.8)
+    treetop (1.4.9)
       polyglot (>= 0.3.1)
     twitter (0.9.12)
       hashie (~> 0.4.0)
diff --git a/chef/cookbooks/common/recipes/daemontools.rb b/chef/cookbooks/common/recipes/daemontools.rb
index 15a1c4c34..88219a76b 100644
--- a/chef/cookbooks/common/recipes/daemontools.rb
+++ b/chef/cookbooks/common/recipes/daemontools.rb
@@ -37,6 +37,12 @@ end
   #command "mkdir -p /service/mongo_ssh_tunnel && echo '#!/bin/sh' > /service/mongo_ssh_tunnel/run && echo 'exec ssh -N -f -L 27017:localhost:27017 caesar@184.106.233.43' >> /service/websocket/run"
 #end
 
+execute "socketpolicy run" do
+  command "mkdir -p /service/socketpolicy && echo '#!/bin/sh' > /service/socketpolicy/run && echo 'exec /usr/local/app/diaspora/script/socketpolicy.pl > /dev/null &' >> /service/socketpolicy/run"
+end
+execute "executable" do
+  command "chmod -R 755 /service/socketpolicy"
+end
 execute "websocket run" do
   command "mkdir -p /service/websocket && echo '#!/bin/sh' > /service/websocket/run && echo 'cd /usr/local/app/diaspora && exec /usr/local/bin/ruby /usr/local/app/diaspora/script/websocket_server.rb' >> /service/websocket/run"
 end
diff --git a/script/server b/script/server
index d3948e7df..363a07a00 100755
--- a/script/server
+++ b/script/server
@@ -48,6 +48,11 @@ if [ ! -e public/source.tar.gz ]; then
     exit 65
 fi
 
+# Socket policy file listener
+# required to use FABridge with wss:// (firefox 3.6 websocket compatability)
+# must be run as root, need to figure out how to kill it properly
+sudo ./script/socketpolicy.pl > /dev/null &
+
 mkdir -p -v log/thin/
 bundle exec ruby ./script/websocket_server.rb&
 bundle exec magent start --log-path=log/ &
diff --git a/script/socketpolicy.pl b/script/socketpolicy.pl
new file mode 100755
index 000000000..3fc24c05e
--- /dev/null
+++ b/script/socketpolicy.pl
@@ -0,0 +1,79 @@
+#!/usr/bin/perl -wT
+#
+# Simple Flash Socket Policy Server
+# http://www.lightsphere.com/dev/articles/flash_socket_policy.html
+#
+# Copyright (C) 2008 Jacqueline Kira Hamilton
+#
+#    This program is free software: you can redistribute it and/or modify
+#    it under the terms of the GNU General Public License as published by
+#    the Free Software Foundation, either version 3 of the License, or
+#    (at your option) any later version.
+#
+#    This program is distributed in the hope that it will be useful,
+#    but WITHOUT ANY WARRANTY; without even the implied warranty of
+#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#    GNU General Public License for more details.
+#
+#    You should have received a copy of the GNU General Public License
+#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+
+use Socket;
+use IO::Handle;
+
+my $should_be_logging = 0;  # change to 0 to turn off logging.
+
+my $logfile = 'log';
+
+if ($should_be_logging) {
+    open(LOG, ">$logfile") or warn "Can't open $logfile: $!\n";
+    LOG->autoflush(1);
+}
+
+my $port = 843;
+my $proto = getprotobyname('tcp');
+
+# start the server:
+
+      &log("Starting server on port $port");
+    socket(Server, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
+setsockopt(Server, SOL_SOCKET, SO_REUSEADDR, 1 ) or die "setsockopt: $!";
+      bind(Server,sockaddr_in($port,INADDR_ANY)) or die "bind: $!";
+    listen(Server,SOMAXCONN) or die "listen: $!";
+
+    Server->autoflush( 1 );
+
+my $paddr;
+&log("Server started. Waiting for connections.");
+
+$/ = "\0";      # reset terminator to null char
+
+# listening loop.
+
+for ( ; $paddr = accept(Client,Server); close Client) {
+    Client->autoflush(1);
+    my($port,$iaddr) = sockaddr_in($paddr);
+    my $ip_address   = inet_ntoa($iaddr);
+    my $name         = gethostbyaddr($iaddr,AF_INET) || $ip_address;
+    &log( scalar localtime() . ": Connection from $name" );
+ 
+    my $line = <Client>;
+    &log("Input: $line");
+
+    if ($line =~ /.*policy\-file.*/i) {
+        print Client &xml_policy;
+    }
+}
+
+sub xml_policy {
+    my $str = qq(<cross-domain-policy><allow-access-from domain="*" to-ports="*" /></cross-domain-policy>\0);
+    return $str;
+}
+
+sub log {
+    my($msg) = @_;
+    if ($should_be_logging) {
+        print LOG $msg,"\n";
+    }
+}