Hi all
I've spent a few hours in the last couple of days setting up wordpress and thought I'd gather together a couple of thoughts that might help someone else.
My base site is http://www.sushiguru.co.uk/
Firstly - I had a working blog (version 2.7 iirc) which I did the auto-update on 2 days ago.  That all went well, then ran foul of the changed permissions issue that Gabe has fixed for all (see http://community.plus.net/forum/index.php/topic,84349.0.html) typified by seeing server errors and 'premature header' errors for every page of the site.
Then I noticed that I wasn't able to login properly.  The culprit was the server returning the full url of my site in the redirect path, including the username part of the URL, so if I enter: http://www.sushiguru.co.uk/blog/wp-admin I get the redirect string as: http://www.sushiguru.co.uk/blog/wp-login.php?redirect_to=http%3A%2F%2Fwww.sushiguru.co.uk%2f~thebay%... which breaks wordpress and sends the login script into a loop - it appears you can just never login.  Drove me nuts for an hour, figuring out what was going on.  Anyhow, I did a bit of digging with wordpress, and it turns out that the function to check if a user is logged in is 'pluggable' - in WP's lingo this means that you can declare the function in a plugin first, and it will use that instead of the default in-built one.  So I wrote the plugin to fix my redirect:

<?php
/**
* @package Sushiguru's plugins
*/
/*
Plugin Name: Sushiguru
Plugin URI: http://www.sushiguru.co.uk/
Description: Override to pluggable functions to work on this site.
Version: 0.0.1
Author: Sushiguru
Author URI: http://www.sushiguru.co.uk/
License: GPLv2 or later
*/
/*
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
*/
if ( !function_exists('auth_redirect') ) :
/**
* Checks if a user is logged in, if not it redirects them to the login page.
*
* @since 1.5
*/
function auth_redirect() {
    // Checks if a user is logged in, if not redirects them to the login page
    
    $secure = ( is_ssl() || force_ssl_admin() );
    
    $secure = apply_filters('secure_auth_redirect', $secure);
    
    // If https is required and request is http, redirect
    if ( $secure && !is_ssl() && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
        if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
            wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
            exit();
        } else {
            wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
            exit();
        }
    }
    
    if ( is_user_admin() )
        $scheme = 'logged_in';
    else
        $scheme = apply_filters( 'auth_redirect_scheme', '' );
    
    if ( $user_id = wp_validate_auth_cookie( '',  $scheme) ) {
        do_action('auth_redirect', $user_id);
        
        // If the user wants ssl but the session is not ssl, redirect.
        if ( !$secure && get_user_option('use_ssl', $user_id) && false !== strpos($_SERVER['REQUEST_URI'], 'wp-admin') ) {
            if ( 0 === strpos($_SERVER['REQUEST_URI'], 'http') ) {
                wp_redirect(preg_replace('|^http://|', 'https://', $_SERVER['REQUEST_URI']));
                exit();
            } else {
                wp_redirect('https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
                exit();
            }
        }
    
    return;  // The cookie is good so we're done
    }
    
    // The cookie is no good so force login
    nocache_headers();
    
    if ( is_ssl() )
        $proto = 'https://';
    else
        $proto = 'http://';
    
    $redirect = ( strpos($_SERVER['REQUEST_URI'], '/options.php') && wp_get_referer() ) ? wp_get_referer() : $proto . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
    
    #sushiguru hack: replace ~thebay with your username
    $redirect = str_replace('/~thebay','',$redirect);
    $login_url = wp_login_url($redirect, true);
    wp_redirect($login_url);
    exit();
}
endif;

Place this in a folder of your naming in the /wp-content/plugins/ folder and go to your wp-admin page.  Select Plugins and your new plugin is listed there.  Activate it.  Log out and back in again, and the problem will be gone forever.  This is also future-proofed as, rather than hacking the base function it is extending it instead. Only one line of code, but makes all the difference to my blog now.
Hope this helps someone else out.
G.
ps - I still haven't figured how .htaccess should be modified in my root so that /~thebay/blog will be successfully redirected to /blog - any htaccess wiz's out there fancy helping out?

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#these appear to do nothing :(
#there must be a better way.  I'm just not great with mod_rewrite
RewriteRule http://www.sushiguru.co.uk/~thebay/blog http://www.sushiguru.co.uk/blog/ 
RewriteRule http://www.sushiguru.co.uk/~thebay/blog/ http://www.sushiguru.co.uk/blog/ 
RewriteRule http://www.sushiguru.co.uk/~thebay/blog/(.+) http://www.sushiguru.co.uk/blog/$1 
#required for CI
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php?/$1 [QSA,L]
</IfModule> 

Should point out that this .htaccess also has to cope with my site, which is codeigniter...