diff --git a/checkin_notes b/checkin_notes
index 411978e325..a6e0c72a19 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -849,3 +849,11 @@ Rytis   19 Jan 2007
             util.inc
         user/
             sample_index.php
+
+David  19 Jan 2007
+    - lib: change retry logic for file system ops
+        so that it does does at least 5 retries
+        AND takes at least 5 seconds.
+
+    lib/
+        filesys.C
diff --git a/doc/boinc_news.php b/doc/boinc_news.php
index 265206adb6..b8bfd72396 100644
--- a/doc/boinc_news.php
+++ b/doc/boinc_news.php
@@ -1,6 +1,11 @@
 <?
 
 $project_news = array(
+array("January 18, 2007",
+    "The paper \"<a href=rosetta_ms.doc>Reporting@Home: Delivering Dynamic Graphical Feedback to Participants in Community Computing Projects</a>\"
+    describes how Rosetta@home delivers personalized
+    graphical progress reports to its volunteers."
+),
 array("January 17, 2007",
     "Linux users: check out
     <a href=http://kde-apps.org/content/show.php?content=44237>KBoincMgr</a>,
diff --git a/doc/gui_rpc_auth.php b/doc/gui_rpc_auth.php
index 96ad06fcdc..dd5bda412f 100644
--- a/doc/gui_rpc_auth.php
+++ b/doc/gui_rpc_auth.php
@@ -1,6 +1,6 @@
 <?php
 require_once("docutil.php");
-page_head("Authorizing remote control of BOINC");
+page_head("Controlling BOINC remotely");
 echo "
 <h2>Remote control of the BOINC client</h2>
 <p>
@@ -17,8 +17,8 @@ a core client on a different host:
 <br> <center>
 <img src=gui_auth2.png>
 <br> </center>
-And BOINCView (an add-on program developed by a third party) is
-able to control many BOINC clients at once:
+You can use <a href=addons.php>add-on programs</a>
+such as BOINCView to control many BOINC clients at once:
 <br> <center>
 <img src=gui_auth3.png>
 <br> </center>
@@ -30,42 +30,30 @@ Since GUI RPCs can control the BOINC client
 it is important to protect your BOINC client from unauthorized control.
 There are two levels of protection:
 <ul>
-<li> You can associate a password with the client.
-If a password is used,
-GUI RPCs must be authenticated with this password.
-<li> You can restrict RPCs to a limited set of hosts.
+<li>
+GUI RPCs are authenticated with a <b>GUI RPC password</b>.
+This is stored with the client in the file <b>gui_rpc_auth.cfg</b>.
+When BOINC first runs, it generates a long, random password.
+You can change it if you like.
+<li> You can specify a set of hosts from which RPCs are allowed.
+By default, RPCs are allowed only from the same host.
 </ul>
 A GUI RPC is handled only if it passes both levels of protection.
-<p>
-After a standard installation, BOINC is highly secure;
-it generates its own (long, random) password,
-and it doesn't allow access from other hosts.
 
-<h2>Password protection</h2>
-<p>
-If you place a password in a file <b>gui_rpc_auth.cfg</b>
-in your BOINC directory,
-GUI RPCs must be authenticated using the password.
-<p>
-If this file is not present, there is no password protection.
-
-<h2>Remote host restriction</h2>
+<h2>Allowing RPCs from remote hosts</h2>
 <p>
 By default the core client accepts GUI RPCs only from the same host.
-
-<p>
 You can allow remote hosts to control a core client in two ways:
 <ul>
 <li> If you run the client with the
--allow_remote_gui_rpc command line option,
-it will accept connections from any host.
-This is not recommended unless the host is behind a firewall
-that blocks the GUI RPC port (1043).
+<code>-allow_remote_gui_rpc</code> command line option,
+it will accept connections from any host
+(subject to password authentication).
 <li>
 You can create
 a file <b>remote_hosts.cfg</b> in your BOINC directory containing 
 a list of allowed DNS host names or IP addresses (one per line).
-Those hosts will be able to connect.
+These hosts will be able to connect.
 The remote_hosts.cfg file can have comment lines that start with either a # 
 or a ; character as well.
 </ul>
diff --git a/doc/papers.php b/doc/papers.php
index 63d695e4d2..d3f35762cc 100644
--- a/doc/papers.php
+++ b/doc/papers.php
@@ -22,7 +22,7 @@ Also available in
 by D. Carroll, C. Rahmlow, T. Psiaki, and G. Wojtaszczyk, July 2005.
 </ul>
 
-<h2>Computer science papers</h2>
+<h2>Technical papers about BOINC</h2>
 
 <ul>
 <li>
@@ -42,12 +42,6 @@ David P. Anderson and Gilles Fedak
 IEEE/ACM International Symposium on Cluster Computing and the Grid,
 Singapore, May 16-19, 2006.
 
-<li>
-<a href=http://www.climateprediction.net/science/pubs/cpdn-computing.pdf>The Challenge of Volunteer Computing With Lengthy Climate Model Simulations</a>.
-Carl Christensen, Tolu Aina and David Stainforth.
-First IEEE International Conference on e-Science and Grid Technologies.
-5-8 December 2005, Melbourne
-
 <li>
 <a href=server_perf.pdf>High-Performance Task Distribution for Volunteer Computing</a>.
 David P. Anderson, Eric Korpela, Rom Walton
@@ -77,6 +71,19 @@ November 8, 2004, Pittsburgh, USA.
 (Also available in
 <a href=http://boinc.oocp.org/grid_paper_04.html>Japanese</a>)
 
+</ul>
+<h2>Project-specific papers</h2>
+<ul>
+<li>
+<a href=http://www.climateprediction.net/science/pubs/cpdn-computing.pdf>The Challenge of Volunteer Computing With Lengthy Climate Model Simulations</a>.
+Carl Christensen, Tolu Aina and David Stainforth.
+First IEEE International Conference on e-Science and Grid Technologies.
+5-8 December 2005, Melbourne
+<li>
+<a href=rosetta_ms.doc>Reporting@Home:  Delivering Dynamic Graphical Feedback to Participants in Community Computing Projects</a>.
+Stuart Ozer, David E. Kim, David Baker
+(in preparation).
+
 </ul>
 <h2>Powerpoint</h2>
 <ul>
diff --git a/doc/participate.php b/doc/participate.php
index cc84fad82c..dd7601243a 100644
--- a/doc/participate.php
+++ b/doc/participate.php
@@ -47,7 +47,7 @@ or need help installing BOINC, you can
 <li> <a href=teams.php>Teams</a>
 <li> <a href=acct_mgrs.php>Account managers</a>
 <li> <a href=client_msgs.php>Core client configuration</a>
-<li> <a href=http://boinc.berkeley.edu/gui_rpc_auth.php>Authorizing remote control</a>
+<li> <a href=http://boinc.berkeley.edu/gui_rpc_auth.php>Controlling BOINC remotely</a>
 </ul>
 <h3>Advanced users</h3>
 <ul>
diff --git a/lib/filesys.C b/lib/filesys.C
index 2549bc408f..77b4a24d3a 100755
--- a/lib/filesys.C
+++ b/lib/filesys.C
@@ -71,6 +71,10 @@ typedef BOOL (CALLBACK* FreeFn)(LPCTSTR, PULARGE_INTEGER, PULARGE_INTEGER, PULAR
 #include "fcgi_stdio.h"
 #endif
 
+#define RETRY_INTERVAL 5
+    // On Windows, retry for this period of time, since some other program
+    // (virus scan, defrag, index) may have the file open.
+
 using std::string;
 
 char boinc_failed_file[256];
@@ -251,11 +255,12 @@ int boinc_delete_file(const char* path) {
         return 0;
     }
 #ifdef _WIN32
-    for (int i=0; i<5; i++) {
+    double start = dtime();
+    do {
         if (DeleteFile(path)) break;
         retval = GetLastError();
         boinc_sleep(drand());       // avoid lockstep
-    }
+    } while (dtime() < start + RETRY_INTERVAL);
 #else
     retval = unlink(path);
     if (retval && g_use_sandbox && (errno == EACCES)) {
@@ -384,11 +389,13 @@ FILE* boinc_fopen(const char* path, const char* mode) {
     // (since the file might be open by FastFind, Diskeeper etc.)
     //
     if (!f) {
-        for (int i=0; i<5; i++) {
-            boinc_sleep(drand());
+        double start = dtime();
+        do {
+            boinc_sleep(drand()*2);
             f = _fsopen(path, mode, _SH_DENYNO);
+                // _SH_DENYNO makes the file sharable while open
             if (f) break;
-        }
+        } while (dtime() < start + RETRY_INTERVAL);
     }
 #else
     // Unix - if call was interrupted, retry a few times
@@ -454,11 +461,12 @@ int boinc_rename(const char* old, const char* newf) {
 #ifdef _WIN32
     int retval=0;
     boinc_delete_file(newf);
-    for (int i=0; i<5; i++) {
+    double start = dtime();
+    do {
         if (MoveFile(old, newf)) break;
         retval = GetLastError();
-        boinc_sleep(drand());       // avoid lockstep
-    }
+        boinc_sleep(drand()*2);       // avoid lockstep
+    } while (dtime() < start + RETRY_INTERVAL);
     return retval;
 #else
     return rename(old, newf);