<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_02_14_200259</id>
	<title>How To Replace FileVault With EncFS</title>
	<author>timothy</author>
	<datestamp>1266135240000</datestamp>
	<htmltext>agoston.horvath writes <i>"I've written a HOWTO on <a href="http://techieblurbs.blogspot.com/2010/02/howto-replace-filevault-with-encfs.html">replacing Mac OS X's built-in encryption</a> (<a href="http://en.wikipedia.org/wiki/Filevault">FileVault</a>) with the well-known FUSE-based <a href="http://www.arg0.net/encfs">EncFS</a>. It worked well for me, and most importantly: it is a lot handier than what Apple has put together. This is especially useful if you are using a backup solution like Time Machine. Includes Whys, Why Nots, and step-by-step instructions."</i></htmltext>
<tokenext>agoston.horvath writes " I 've written a HOWTO on replacing Mac OS X 's built-in encryption ( FileVault ) with the well-known FUSE-based EncFS .
It worked well for me , and most importantly : it is a lot handier than what Apple has put together .
This is especially useful if you are using a backup solution like Time Machine .
Includes Whys , Why Nots , and step-by-step instructions .
"</tokentext>
<sentencetext>agoston.horvath writes "I've written a HOWTO on replacing Mac OS X's built-in encryption (FileVault) with the well-known FUSE-based EncFS.
It worked well for me, and most importantly: it is a lot handier than what Apple has put together.
This is especially useful if you are using a backup solution like Time Machine.
Includes Whys, Why Nots, and step-by-step instructions.
"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138408</id>
	<title>Weak Encryption?</title>
	<author>cbreak</author>
	<datestamp>1266151320000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Weak encryption? What was that guy smoking? AES is state-of-the-art, it's security is widely considered sufficient: <a href="http://en.wikipedia.org/wiki/Advanced\_Encryption\_Standard#Security" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Advanced\_Encryption\_Standard#Security</a> [wikipedia.org]. While there exist attacks on AES 256 which make it a bit less secure, it's still almost as secure as AES 128 which is used in FileVault by default.</p></htmltext>
<tokenext>Weak encryption ?
What was that guy smoking ?
AES is state-of-the-art , it 's security is widely considered sufficient : http : //en.wikipedia.org/wiki/Advanced \ _Encryption \ _Standard # Security [ wikipedia.org ] .
While there exist attacks on AES 256 which make it a bit less secure , it 's still almost as secure as AES 128 which is used in FileVault by default .</tokentext>
<sentencetext>Weak encryption?
What was that guy smoking?
AES is state-of-the-art, it's security is widely considered sufficient: http://en.wikipedia.org/wiki/Advanced\_Encryption\_Standard#Security [wikipedia.org].
While there exist attacks on AES 256 which make it a bit less secure, it's still almost as secure as AES 128 which is used in FileVault by default.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140728</id>
	<title>Good idea, so-so choice of technologies</title>
	<author>Anonymous</author>
	<datestamp>1266169020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>1</modscore>
	<htmltext><p>The gist of the tip is to create an encrypted container, move your important stuff into that container and then create symlinks from/to the original locations. Be sure to mount/unencrypt the container at boot.</p><p>Why ENCFS? Why not a very strong encrypted disk image? Why not Truecrypt? The author doesn't say.</p></htmltext>
<tokenext>The gist of the tip is to create an encrypted container , move your important stuff into that container and then create symlinks from/to the original locations .
Be sure to mount/unencrypt the container at boot.Why ENCFS ?
Why not a very strong encrypted disk image ?
Why not Truecrypt ?
The author does n't say .</tokentext>
<sentencetext>The gist of the tip is to create an encrypted container, move your important stuff into that container and then create symlinks from/to the original locations.
Be sure to mount/unencrypt the container at boot.Why ENCFS?
Why not a very strong encrypted disk image?
Why not Truecrypt?
The author doesn't say.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31141348</id>
	<title>Re:Whoa - Big Fucking Limitation</title>
	<author>Hurricane78</author>
	<datestamp>1266177000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You mean 99\% of the OS X users!</p><p>I couldn&rsquo;t care less.</p></htmltext>
<tokenext>You mean 99 \ % of the OS X users ! I couldn    t care less .</tokentext>
<sentencetext>You mean 99\% of the OS X users!I couldn’t care less.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136898</id>
	<title>Re:[citation needed]</title>
	<author>Anonymous</author>
	<datestamp>1266141060000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p><div class="quote"><p>[citation needed]</p></div><p>The six year archive of schneier's blog?</p><p><a href="http://www.schneier.com/" title="schneier.com">http://www.schneier.com/</a> [schneier.com]</p><p>It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil.  After being burned a zillion times, it seems its all snake oil.</p></div>
	</htmltext>
<tokenext>[ citation needed ] The six year archive of schneier 's blog ? http : //www.schneier.com/ [ schneier.com ] It often seems that the closed source crypto marketplace in a binary state , either publicly known as snake oil , or not yet publicly known as snake oil .
After being burned a zillion times , it seems its all snake oil .</tokentext>
<sentencetext>[citation needed]The six year archive of schneier's blog?http://www.schneier.com/ [schneier.com]It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil.
After being burned a zillion times, it seems its all snake oil.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136904</id>
	<title>Headline story?</title>
	<author>syousef</author>
	<datestamp>1266141180000</datestamp>
	<modclass>Troll</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why is this a headline story on slashdot. It's a nice little achievement but hardly news. Anyway aren't Apple products suppose to "just work"? How dare this poster find a need for or better fit with something not specifically sanctioned by The Holy Jobs and his minions!<nobr> <wbr></nobr>;-)</p></htmltext>
<tokenext>Why is this a headline story on slashdot .
It 's a nice little achievement but hardly news .
Anyway are n't Apple products suppose to " just work " ?
How dare this poster find a need for or better fit with something not specifically sanctioned by The Holy Jobs and his minions !
; - )</tokentext>
<sentencetext>Why is this a headline story on slashdot.
It's a nice little achievement but hardly news.
Anyway aren't Apple products suppose to "just work"?
How dare this poster find a need for or better fit with something not specifically sanctioned by The Holy Jobs and his minions!
;-)</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142894</id>
	<title>Re:Question</title>
	<author>mlts</author>
	<datestamp>1266239820000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>On the Mac, I see five popular utilities for encryption:  FileVault/sparsebundle, PGP WDE, TrueCrypt, and EncFS.</p><p>PGP WDE of course is good against leakage.  Since everything is encrypted even the OS, there is nothing an attacker can figure out about the contents of the drive.</p><p>TrueCrypt also good against leakage.  One can't tell what filesystem is used inside a TC volume, much less actual contents unless they are able to find details outside the volume (most recently used history, etc.)</p><p>FileVault/sparse bundles are a great solution because they not just go a good way in hiding contents, but 8MB bands which get changed are a lot easier for a backup utility to back up than a full image.  The downside is that this is an Apple-only utility, so there is no cross platform compatibility.</p><p>EncFS is good because it takes no additional partitioning or volume storage, offers a good amount of choices for security, and has been around in some incarnation since Matt Blaze made CFS.  It also hasn't had any major weaknesses in security.</p><p>What I use:</p><p>PGP WDE for starters.  Not just data files are important.  I like protecting programs and license keys which cost a pretty penny, as well as data which is important but does not reside in the home directory, such as stuff that lands in<nobr> <wbr></nobr>/tmp.</p><p>FileVault.  It is transparant, and the version in SL seems to be robust enough that I don't have to worry about the glitches which bit people in previous OS versions.  I use this for separating various projects by users, so work stuff doesn't mingle with general home directory stuff.  The bad thing is that with FileVault, you can't ssh in via remote and have it automatically mount your files.  But on a laptop, this isn't really an issue.</p><p>Truecrypt is good for archiving files, because other platforms can read it, assuming one uses FAT32 or FAT.  NTFS is also an option, with a commercial utility.</p><p>EncFS is a good choice, and it is cross-platform, so another machine can read the files.  However, I just don't get around to using it because the sparse bundle functionality in Apple's Disk Image is so useful.  An attacker can't discern what is in the sparse image, but a backup program is easily able to back up changes.</p><p>All in all, I wish Apple would implement something like BitLocker.  It would take a TPM [1] to be present on Macs, but what it would give a user is completely transparent encryption in day to day use, but still keeping data out of the hands of an attacker, unless the blackhat both knows the user's password and is able to gain physical possession of the Mac.  It is not completely secure, but it is as good as one is going to get for most things.  If a blackhat is able to read the RAM of a machine, they would be able to do this with FileVault if a user is logged on.  A blackhat who has the cash to decap a TPM chip nondestructively usually has the cash for a rubber hose, and rubber hose decryption has a far higher success rate of working.  Another advantage of a BitLocker type encryption system is that the OS is protected too, keeping keyloggers and Trojans from being inserted.</p><p>[1]:  Shipped turned off and disabled as per spec, of course.  The user can enable it if/when he or she wants to.</p></htmltext>
<tokenext>On the Mac , I see five popular utilities for encryption : FileVault/sparsebundle , PGP WDE , TrueCrypt , and EncFS.PGP WDE of course is good against leakage .
Since everything is encrypted even the OS , there is nothing an attacker can figure out about the contents of the drive.TrueCrypt also good against leakage .
One ca n't tell what filesystem is used inside a TC volume , much less actual contents unless they are able to find details outside the volume ( most recently used history , etc .
) FileVault/sparse bundles are a great solution because they not just go a good way in hiding contents , but 8MB bands which get changed are a lot easier for a backup utility to back up than a full image .
The downside is that this is an Apple-only utility , so there is no cross platform compatibility.EncFS is good because it takes no additional partitioning or volume storage , offers a good amount of choices for security , and has been around in some incarnation since Matt Blaze made CFS .
It also has n't had any major weaknesses in security.What I use : PGP WDE for starters .
Not just data files are important .
I like protecting programs and license keys which cost a pretty penny , as well as data which is important but does not reside in the home directory , such as stuff that lands in /tmp.FileVault .
It is transparant , and the version in SL seems to be robust enough that I do n't have to worry about the glitches which bit people in previous OS versions .
I use this for separating various projects by users , so work stuff does n't mingle with general home directory stuff .
The bad thing is that with FileVault , you ca n't ssh in via remote and have it automatically mount your files .
But on a laptop , this is n't really an issue.Truecrypt is good for archiving files , because other platforms can read it , assuming one uses FAT32 or FAT .
NTFS is also an option , with a commercial utility.EncFS is a good choice , and it is cross-platform , so another machine can read the files .
However , I just do n't get around to using it because the sparse bundle functionality in Apple 's Disk Image is so useful .
An attacker ca n't discern what is in the sparse image , but a backup program is easily able to back up changes.All in all , I wish Apple would implement something like BitLocker .
It would take a TPM [ 1 ] to be present on Macs , but what it would give a user is completely transparent encryption in day to day use , but still keeping data out of the hands of an attacker , unless the blackhat both knows the user 's password and is able to gain physical possession of the Mac .
It is not completely secure , but it is as good as one is going to get for most things .
If a blackhat is able to read the RAM of a machine , they would be able to do this with FileVault if a user is logged on .
A blackhat who has the cash to decap a TPM chip nondestructively usually has the cash for a rubber hose , and rubber hose decryption has a far higher success rate of working .
Another advantage of a BitLocker type encryption system is that the OS is protected too , keeping keyloggers and Trojans from being inserted .
[ 1 ] : Shipped turned off and disabled as per spec , of course .
The user can enable it if/when he or she wants to .</tokentext>
<sentencetext>On the Mac, I see five popular utilities for encryption:  FileVault/sparsebundle, PGP WDE, TrueCrypt, and EncFS.PGP WDE of course is good against leakage.
Since everything is encrypted even the OS, there is nothing an attacker can figure out about the contents of the drive.TrueCrypt also good against leakage.
One can't tell what filesystem is used inside a TC volume, much less actual contents unless they are able to find details outside the volume (most recently used history, etc.
)FileVault/sparse bundles are a great solution because they not just go a good way in hiding contents, but 8MB bands which get changed are a lot easier for a backup utility to back up than a full image.
The downside is that this is an Apple-only utility, so there is no cross platform compatibility.EncFS is good because it takes no additional partitioning or volume storage, offers a good amount of choices for security, and has been around in some incarnation since Matt Blaze made CFS.
It also hasn't had any major weaknesses in security.What I use:PGP WDE for starters.
Not just data files are important.
I like protecting programs and license keys which cost a pretty penny, as well as data which is important but does not reside in the home directory, such as stuff that lands in /tmp.FileVault.
It is transparant, and the version in SL seems to be robust enough that I don't have to worry about the glitches which bit people in previous OS versions.
I use this for separating various projects by users, so work stuff doesn't mingle with general home directory stuff.
The bad thing is that with FileVault, you can't ssh in via remote and have it automatically mount your files.
But on a laptop, this isn't really an issue.Truecrypt is good for archiving files, because other platforms can read it, assuming one uses FAT32 or FAT.
NTFS is also an option, with a commercial utility.EncFS is a good choice, and it is cross-platform, so another machine can read the files.
However, I just don't get around to using it because the sparse bundle functionality in Apple's Disk Image is so useful.
An attacker can't discern what is in the sparse image, but a backup program is easily able to back up changes.All in all, I wish Apple would implement something like BitLocker.
It would take a TPM [1] to be present on Macs, but what it would give a user is completely transparent encryption in day to day use, but still keeping data out of the hands of an attacker, unless the blackhat both knows the user's password and is able to gain physical possession of the Mac.
It is not completely secure, but it is as good as one is going to get for most things.
If a blackhat is able to read the RAM of a machine, they would be able to do this with FileVault if a user is logged on.
A blackhat who has the cash to decap a TPM chip nondestructively usually has the cash for a rubber hose, and rubber hose decryption has a far higher success rate of working.
Another advantage of a BitLocker type encryption system is that the OS is protected too, keeping keyloggers and Trojans from being inserted.
[1]:  Shipped turned off and disabled as per spec, of course.
The user can enable it if/when he or she wants to.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137580</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640</id>
	<title>Re:Question</title>
	<author>Anonymous</author>
	<datestamp>1266139500000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext><p>Maybe you could skim the article next time?  Ah... who am I kidding.  You just wanted first post, after all.</p><p>FileVault:<br>- Long waiting times at logout<br>- No shrinking while logged in<br>- Doesn't work well with Time Vault<br>- Proprietary<br>- Weak encryption<br>+ Well worked out and tested</p><p>EncFS:<br>+Get your space back<br>+Get rid of the long waiting times at logout<br>+Back your data up while logged in<br>+Be safer by using open-source</p><p>I can't vouch for the claims.</p></htmltext>
<tokenext>Maybe you could skim the article next time ?
Ah... who am I kidding .
You just wanted first post , after all.FileVault : - Long waiting times at logout- No shrinking while logged in- Does n't work well with Time Vault- Proprietary- Weak encryption + Well worked out and testedEncFS : + Get your space back + Get rid of the long waiting times at logout + Back your data up while logged in + Be safer by using open-sourceI ca n't vouch for the claims .</tokentext>
<sentencetext>Maybe you could skim the article next time?
Ah... who am I kidding.
You just wanted first post, after all.FileVault:- Long waiting times at logout- No shrinking while logged in- Doesn't work well with Time Vault- Proprietary- Weak encryption+ Well worked out and testedEncFS:+Get your space back+Get rid of the long waiting times at logout+Back your data up while logged in+Be safer by using open-sourceI can't vouch for the claims.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566</id>
	<title>Question</title>
	<author>swehack</author>
	<datestamp>1266139140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>What are some flaws in FileVault that might make me prefer EncFS?

I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.</htmltext>
<tokenext>What are some flaws in FileVault that might make me prefer EncFS ?
I 've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD .</tokentext>
<sentencetext>What are some flaws in FileVault that might make me prefer EncFS?
I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137824</id>
	<title>PGP is proprietary</title>
	<author>Anonymous</author>
	<datestamp>1266147360000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p><div class="quote"><p>[citation needed]</p></div><p>The six year archive of schneier's blog?</p><p> <a href="http://www.schneier.com/" title="schneier.com" rel="nofollow">http://www.schneier.com/</a> [schneier.com] </p><p>It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil.  After being burned a zillion times, it seems its all snake oil.</p></div><p>PGP Inc.'s stuff is "a proprietary tool from a big and famous manufacturer". Has the source to their 'enterprise' products been released and inspected? Should we not trust PGP? (BTW, Schneier is on their "Technical Advisory Board".)</p><p>What about the encryption used in RIM's products to transfer e-mails to BlackBerrys? The SSL use in IE? S/MIME in Outlook? RSA's SecurID tokens? STU-III/STE phones?</p><p>Take off your tin foil hat and think rationally.</p></div>
	</htmltext>
<tokenext>[ citation needed ] The six year archive of schneier 's blog ?
http : //www.schneier.com/ [ schneier.com ] It often seems that the closed source crypto marketplace in a binary state , either publicly known as snake oil , or not yet publicly known as snake oil .
After being burned a zillion times , it seems its all snake oil.PGP Inc. 's stuff is " a proprietary tool from a big and famous manufacturer " .
Has the source to their 'enterprise ' products been released and inspected ?
Should we not trust PGP ?
( BTW , Schneier is on their " Technical Advisory Board " .
) What about the encryption used in RIM 's products to transfer e-mails to BlackBerrys ?
The SSL use in IE ?
S/MIME in Outlook ?
RSA 's SecurID tokens ?
STU-III/STE phones ? Take off your tin foil hat and think rationally .</tokentext>
<sentencetext>[citation needed]The six year archive of schneier's blog?
http://www.schneier.com/ [schneier.com] It often seems that the closed source crypto marketplace in a binary state, either publicly known as snake oil, or not yet publicly known as snake oil.
After being burned a zillion times, it seems its all snake oil.PGP Inc.'s stuff is "a proprietary tool from a big and famous manufacturer".
Has the source to their 'enterprise' products been released and inspected?
Should we not trust PGP?
(BTW, Schneier is on their "Technical Advisory Board".
)What about the encryption used in RIM's products to transfer e-mails to BlackBerrys?
The SSL use in IE?
S/MIME in Outlook?
RSA's SecurID tokens?
STU-III/STE phones?Take off your tin foil hat and think rationally.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136898</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154020</id>
	<title>Re:not actually solving non-existant problems.</title>
	<author>agoston.horvath</author>
	<datestamp>1266325440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)</p></div><p>... and keep that in sync with your primary account. Seems like a lot of work to me.</p><p><div class="quote"><p>And how often do you log out of your Mac?</p></div><p>If you are using time machine to make backups, you have to log out to back you your homedir. This means, you are forced to log out as often as you want to save your work.</p></div>
	</htmltext>
<tokenext>Create a second account , use it to shrink primary account ( useful regardless , for many other troubleshooting reasons. ) .. .
and keep that in sync with your primary account .
Seems like a lot of work to me.And how often do you log out of your Mac ? If you are using time machine to make backups , you have to log out to back you your homedir .
This means , you are forced to log out as often as you want to save your work .</tokentext>
<sentencetext>Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)...
and keep that in sync with your primary account.
Seems like a lot of work to me.And how often do you log out of your Mac?If you are using time machine to make backups, you have to log out to back you your homedir.
This means, you are forced to log out as often as you want to save your work.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154082</id>
	<title>Thanks for feedback</title>
	<author>agoston.horvath</author>
	<datestamp>1266326460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Wow, I was not expecting such a huge amount of comments.</p><p>I've updated the article based on this. Most importantly, removed the proprietary part - indeed, that has nothing to do with the howto.
This intended to be a howto, not a troll text. I just wanted to add some background to it, for better understanding.</p></htmltext>
<tokenext>Wow , I was not expecting such a huge amount of comments.I 've updated the article based on this .
Most importantly , removed the proprietary part - indeed , that has nothing to do with the howto .
This intended to be a howto , not a troll text .
I just wanted to add some background to it , for better understanding .</tokentext>
<sentencetext>Wow, I was not expecting such a huge amount of comments.I've updated the article based on this.
Most importantly, removed the proprietary part - indeed, that has nothing to do with the howto.
This intended to be a howto, not a troll text.
I just wanted to add some background to it, for better understanding.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137072</id>
	<title>Re:Question</title>
	<author>TheRaven64</author>
	<datestamp>1266142380000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>Having read the article, I'd recommend that no one else did.  It's written in a preachy patronising tone by someone who is clearly an idiot.  For example, he complains about weak encryption because it's 'only AES-128 and you can't change that', except that since 10.5 it's been AES-128 or AES-256, even AES-128 is more than secure enough, and the vulnerability with FileVault comes from how they store the key, not from the encryption used.</p><p>
He also mentions just as a throw-away 'Don't forget that encfs doesn't support fancy filesystem operations, so don't just throw your whole homedir in there - it won't work.'  So, in fact, this can't replace FileVault.   Looking at the EncFS web site, I can't see any evidence that it's been audited (even the design, let alone the code).  He recommends storing your decryption key in the keychain, which seems very odd; if you don't trust Apple's encryption of your home directory, why would you trust Apple's encryption of your passwords?</p><p>
He finishes with 'The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system'.  Given that the limitations of EncFS come from the fact that it isn't a proper filesystem, I'd have to disagree there.  FileVault does encryption at the block layer, just like most other encrypted filesystems.  If you bother to read any of the papers in this area, you will see that there are a number of good reasons for doing this.  </p><p>
Apple did two things wrong with FileVault.  They didn't let Time Machine sync mounted File Vault images with other encrypted images and they didn't provide an implementation of something like the TRIM command to let the low-level bits delete space when it was no longer needed.</p></htmltext>
<tokenext>Having read the article , I 'd recommend that no one else did .
It 's written in a preachy patronising tone by someone who is clearly an idiot .
For example , he complains about weak encryption because it 's 'only AES-128 and you ca n't change that ' , except that since 10.5 it 's been AES-128 or AES-256 , even AES-128 is more than secure enough , and the vulnerability with FileVault comes from how they store the key , not from the encryption used .
He also mentions just as a throw-away 'Do n't forget that encfs does n't support fancy filesystem operations , so do n't just throw your whole homedir in there - it wo n't work .
' So , in fact , this ca n't replace FileVault .
Looking at the EncFS web site , I ca n't see any evidence that it 's been audited ( even the design , let alone the code ) .
He recommends storing your decryption key in the keychain , which seems very odd ; if you do n't trust Apple 's encryption of your home directory , why would you trust Apple 's encryption of your passwords ?
He finishes with 'The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system' .
Given that the limitations of EncFS come from the fact that it is n't a proper filesystem , I 'd have to disagree there .
FileVault does encryption at the block layer , just like most other encrypted filesystems .
If you bother to read any of the papers in this area , you will see that there are a number of good reasons for doing this .
Apple did two things wrong with FileVault .
They did n't let Time Machine sync mounted File Vault images with other encrypted images and they did n't provide an implementation of something like the TRIM command to let the low-level bits delete space when it was no longer needed .</tokentext>
<sentencetext>Having read the article, I'd recommend that no one else did.
It's written in a preachy patronising tone by someone who is clearly an idiot.
For example, he complains about weak encryption because it's 'only AES-128 and you can't change that', except that since 10.5 it's been AES-128 or AES-256, even AES-128 is more than secure enough, and the vulnerability with FileVault comes from how they store the key, not from the encryption used.
He also mentions just as a throw-away 'Don't forget that encfs doesn't support fancy filesystem operations, so don't just throw your whole homedir in there - it won't work.
'  So, in fact, this can't replace FileVault.
Looking at the EncFS web site, I can't see any evidence that it's been audited (even the design, let alone the code).
He recommends storing your decryption key in the keychain, which seems very odd; if you don't trust Apple's encryption of your home directory, why would you trust Apple's encryption of your passwords?
He finishes with 'The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system'.
Given that the limitations of EncFS come from the fact that it isn't a proper filesystem, I'd have to disagree there.
FileVault does encryption at the block layer, just like most other encrypted filesystems.
If you bother to read any of the papers in this area, you will see that there are a number of good reasons for doing this.
Apple did two things wrong with FileVault.
They didn't let Time Machine sync mounted File Vault images with other encrypted images and they didn't provide an implementation of something like the TRIM command to let the low-level bits delete space when it was no longer needed.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566</id>
	<title>not actually solving non-existant problems.</title>
	<author>SuperBanana</author>
	<datestamp>1266145380000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext><p> <i>+Get your space back</i>

</p><p>Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.)

</p><p> <i>+Get rid of the long waiting times at logout</i>

</p><p>And how often do you log out of your Mac?  The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week.  That was only because of security updates.

</p><p> <i>+Be safer by using open-source</i>

</p><p>1)When is the last time you validated the checksum of a package or source?  2)When is the last time you reviewed (end to end) the code for an open-source program? 3)When is the last time you looked at ANY source, instead of just reading README and then typing "./configure"?  4)How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible, intentional or otherwise?

</p><p>The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be.  It's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break.  99.99999\% of your users a)can't be bothered b)aren't qualified.</p></htmltext>
<tokenext>+ Get your space back Create a second account , use it to shrink primary account ( useful regardless , for many other troubleshooting reasons .
) + Get rid of the long waiting times at logout And how often do you log out of your Mac ?
The only time I do that is when I reboot , and according to uptime , I have n't rebooted in more than a week .
That was only because of security updates .
+ Be safer by using open-source 1 ) When is the last time you validated the checksum of a package or source ?
2 ) When is the last time you reviewed ( end to end ) the code for an open-source program ?
3 ) When is the last time you looked at ANY source , instead of just reading README and then typing " ./configure " ?
4 ) How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible , intentional or otherwise ?
The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be .
It 's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break .
99.99999 \ % of your users a ) ca n't be bothered b ) are n't qualified .</tokentext>
<sentencetext> +Get your space back

Create a second account, use it to shrink primary account (useful regardless, for many other troubleshooting reasons.
)

 +Get rid of the long waiting times at logout

And how often do you log out of your Mac?
The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week.
That was only because of security updates.
+Be safer by using open-source

1)When is the last time you validated the checksum of a package or source?
2)When is the last time you reviewed (end to end) the code for an open-source program?
3)When is the last time you looked at ANY source, instead of just reading README and then typing "./configure"?
4)How many people out there are qualified to review source code enough to detect the myriad of security vulnerabilities possible, intentional or otherwise?
The open-source security mantra has been trotted out for a decade and it still rings as hollow as can be.
It's about as intelligent as handing blueprints to every car owner and wondering why people are still buying cars that break.
99.99999\% of your users a)can't be bothered b)aren't qualified.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138886</id>
	<title>Fun</title>
	<author>c4t3y3</author>
	<datestamp>1266154440000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><a href="http://techieblurbs.blogspot.com/2010/02/howto-replace-filevault-with-encfs.html" title="blogspot.com" rel="nofollow">http://techieblurbs.blogspot.com/2010/02/howto-replace-filevault-with-encfs.html</a> [blogspot.com]<blockquote><div><p>Be safer by using open-source. FileVault is a proprietary tool from a big and famous manufacturer. This means that you can be sure that there is a built-in backdoor for government bodies to use.</p></div></blockquote><p>
On the other side...</p><blockquote><div><p>There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...). This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.</p></div></blockquote><p>

So what is your priority? avoid file corruption or avoid the NSA?</p></div>
	</htmltext>
<tokenext>http : //techieblurbs.blogspot.com/2010/02/howto-replace-filevault-with-encfs.html [ blogspot.com ] Be safer by using open-source .
FileVault is a proprietary tool from a big and famous manufacturer .
This means that you can be sure that there is a built-in backdoor for government bodies to use .
On the other side...There are known problems with EncFS , as it only support basic POSIX operations ( no locking , extended attributes , etc... ) .
This works well for simple file storage or multiplatform applications , like MacPorts , Firefox , Thunderbird , etc... , but encrypting your whole homedir is known not to work .
So what is your priority ?
avoid file corruption or avoid the NSA ?</tokentext>
<sentencetext>http://techieblurbs.blogspot.com/2010/02/howto-replace-filevault-with-encfs.html [blogspot.com]Be safer by using open-source.
FileVault is a proprietary tool from a big and famous manufacturer.
This means that you can be sure that there is a built-in backdoor for government bodies to use.
On the other side...There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...).
This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.
So what is your priority?
avoid file corruption or avoid the NSA?
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137628</id>
	<title>Re:Question</title>
	<author>Anonymous</author>
	<datestamp>1266145800000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I'd argue that AES-128 is not typically considered "weak encryption", and that simply saying "proprietary == bad/unsafe, open source == good/safe" is a bit of a reach, but otherwise the claims are more or less accurate.</p><p>He failed to note an important weakness of EncFS in that summary though -- it only supports basic file attributes and operations, not the entire set of operations available on an HFS+ (or any other modern) file system, so it may not be appropriate for all uses.</p><p>He also makes an argument against disk images in general that I don't understand and he doesn't explain, but that's neither here nor there in terms of the +/- list above.</p></htmltext>
<tokenext>I 'd argue that AES-128 is not typically considered " weak encryption " , and that simply saying " proprietary = = bad/unsafe , open source = = good/safe " is a bit of a reach , but otherwise the claims are more or less accurate.He failed to note an important weakness of EncFS in that summary though -- it only supports basic file attributes and operations , not the entire set of operations available on an HFS + ( or any other modern ) file system , so it may not be appropriate for all uses.He also makes an argument against disk images in general that I do n't understand and he does n't explain , but that 's neither here nor there in terms of the + /- list above .</tokentext>
<sentencetext>I'd argue that AES-128 is not typically considered "weak encryption", and that simply saying "proprietary == bad/unsafe, open source == good/safe" is a bit of a reach, but otherwise the claims are more or less accurate.He failed to note an important weakness of EncFS in that summary though -- it only supports basic file attributes and operations, not the entire set of operations available on an HFS+ (or any other modern) file system, so it may not be appropriate for all uses.He also makes an argument against disk images in general that I don't understand and he doesn't explain, but that's neither here nor there in terms of the +/- list above.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138722</id>
	<title>EncFSVault</title>
	<author>Enahs</author>
	<datestamp>1266153360000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I wish this project was still alive and well, but it's not been updated since April 2008.<nobr> <wbr></nobr>:-(</p><p><a href="http://code.google.com/p/encfsvault/downloads/list" title="google.com">http://code.google.com/p/encfsvault/downloads/list</a> [google.com]</p><p>Basically it automates the process of setting up your home dir to use EncFS.  If someone could update it and add some features such as painless uninstall.  It's pretty easy to disable if you're comfortable with the command line but I wouldn't feel right recommending it.</p></htmltext>
<tokenext>I wish this project was still alive and well , but it 's not been updated since April 2008. : - ( http : //code.google.com/p/encfsvault/downloads/list [ google.com ] Basically it automates the process of setting up your home dir to use EncFS .
If someone could update it and add some features such as painless uninstall .
It 's pretty easy to disable if you 're comfortable with the command line but I would n't feel right recommending it .</tokentext>
<sentencetext>I wish this project was still alive and well, but it's not been updated since April 2008. :-(http://code.google.com/p/encfsvault/downloads/list [google.com]Basically it automates the process of setting up your home dir to use EncFS.
If someone could update it and add some features such as painless uninstall.
It's pretty easy to disable if you're comfortable with the command line but I wouldn't feel right recommending it.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136666</id>
	<title>Typical Linux Fag Bullshit</title>
	<author>Anonymous</author>
	<datestamp>1266139620000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>The whole article is stupid. If you believe any of this crap you're a fucking idiot. HURR DURR REPLACE A STABLE PIECE OF SOFTWARE WITH AN UNSTABLE ONE LOL</p></htmltext>
<tokenext>The whole article is stupid .
If you believe any of this crap you 're a fucking idiot .
HURR DURR REPLACE A STABLE PIECE OF SOFTWARE WITH AN UNSTABLE ONE LOL</tokentext>
<sentencetext>The whole article is stupid.
If you believe any of this crap you're a fucking idiot.
HURR DURR REPLACE A STABLE PIECE OF SOFTWARE WITH AN UNSTABLE ONE LOL</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140380</id>
	<title>Re:Whoa - Big Fucking Limitation</title>
	<author>argent</author>
	<datestamp>1266166080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.</i></p><p>Boo Hoo, you won't be able to use Spotlight on your encfs.</p><p>Any application that actually *depends on* extended attributes should be shot. File system metadata... even such commonplace metadata as the file name... is inherently fragile, and should only be used as a convenience and depended on as a last resort.</p></htmltext>
<tokenext>Mac OS X ( and increasingly third party software ) makes extensive use of that metadata in extended attributes.Boo Hoo , you wo n't be able to use Spotlight on your encfs.Any application that actually * depends on * extended attributes should be shot .
File system metadata... even such commonplace metadata as the file name... is inherently fragile , and should only be used as a convenience and depended on as a last resort .</tokentext>
<sentencetext>Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.Boo Hoo, you won't be able to use Spotlight on your encfs.Any application that actually *depends on* extended attributes should be shot.
File system metadata... even such commonplace metadata as the file name... is inherently fragile, and should only be used as a convenience and depended on as a last resort.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138300</id>
	<title>Re:Question</title>
	<author>Anonymous</author>
	<datestamp>1266150600000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>If you do decide to activate FileVault, don't forget to go into disk utility afterward, and in the "Erase" tab for the hard drive, click "Erase Free Space."  That'll hopefully clear any of the data that's already in a non-bad block (including stuff you emptied from the trash, but forgot to secure empty from trash) using  "zero-out", overkill, or super-overkill techniques.</p><p>Anything in a re-mapped block, of course, would still be present, but you might be able to quantify your risk by counting the number of bad blocks (if it's zero, then presumably you're safe?) somehow.  (the utility "badblocks" is not in snow leopard.)</p></htmltext>
<tokenext>If you do decide to activate FileVault , do n't forget to go into disk utility afterward , and in the " Erase " tab for the hard drive , click " Erase Free Space .
" That 'll hopefully clear any of the data that 's already in a non-bad block ( including stuff you emptied from the trash , but forgot to secure empty from trash ) using " zero-out " , overkill , or super-overkill techniques.Anything in a re-mapped block , of course , would still be present , but you might be able to quantify your risk by counting the number of bad blocks ( if it 's zero , then presumably you 're safe ?
) somehow .
( the utility " badblocks " is not in snow leopard .
)</tokentext>
<sentencetext>If you do decide to activate FileVault, don't forget to go into disk utility afterward, and in the "Erase" tab for the hard drive, click "Erase Free Space.
"  That'll hopefully clear any of the data that's already in a non-bad block (including stuff you emptied from the trash, but forgot to secure empty from trash) using  "zero-out", overkill, or super-overkill techniques.Anything in a re-mapped block, of course, would still be present, but you might be able to quantify your risk by counting the number of bad blocks (if it's zero, then presumably you're safe?
) somehow.
(the utility "badblocks" is not in snow leopard.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137248</id>
	<title>Re:Question</title>
	<author>blueg3</author>
	<datestamp>1266143340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>While the FileVault system is proprietary, all of the cryptography is just done through OpenSSL, and what cryptographic routines it uses are documented. (To be fair, they're not documented by Apple, they were reverse-engineered.)</p><p>I wouldn't call 128-bit AES "weak encryption", and FileVault supports 256-bit AES. The component that is weak is that you are required to use your login password as the FileVault password. FileVault only uses 1000-round PBKDF to generate a key from your password as it is, and elsewhere your password is hashed less securely, making a dictionary attack reasonable. There's also a second access key stored in the FileVault backup keychain.</p><p>The "get your space back" and "long waiting times at logout" seem to conflict. He claims that the long wait time is because unused space is recovered from the sparsebundle File Vault uses to back your home directory -- so you should have your space back. It seems unlikely that you need that space back *right now*, before you log out.</p><p>On the other hand, EncFS leaks a ton of metadata -- probably enough metadata for someone to get a very good idea of what your collection of files represent. (Granted, if you're not using full-disk encryption, you're leaking data into unencrypted space anyway.)</p></htmltext>
<tokenext>While the FileVault system is proprietary , all of the cryptography is just done through OpenSSL , and what cryptographic routines it uses are documented .
( To be fair , they 're not documented by Apple , they were reverse-engineered .
) I would n't call 128-bit AES " weak encryption " , and FileVault supports 256-bit AES .
The component that is weak is that you are required to use your login password as the FileVault password .
FileVault only uses 1000-round PBKDF to generate a key from your password as it is , and elsewhere your password is hashed less securely , making a dictionary attack reasonable .
There 's also a second access key stored in the FileVault backup keychain.The " get your space back " and " long waiting times at logout " seem to conflict .
He claims that the long wait time is because unused space is recovered from the sparsebundle File Vault uses to back your home directory -- so you should have your space back .
It seems unlikely that you need that space back * right now * , before you log out.On the other hand , EncFS leaks a ton of metadata -- probably enough metadata for someone to get a very good idea of what your collection of files represent .
( Granted , if you 're not using full-disk encryption , you 're leaking data into unencrypted space anyway .
)</tokentext>
<sentencetext>While the FileVault system is proprietary, all of the cryptography is just done through OpenSSL, and what cryptographic routines it uses are documented.
(To be fair, they're not documented by Apple, they were reverse-engineered.
)I wouldn't call 128-bit AES "weak encryption", and FileVault supports 256-bit AES.
The component that is weak is that you are required to use your login password as the FileVault password.
FileVault only uses 1000-round PBKDF to generate a key from your password as it is, and elsewhere your password is hashed less securely, making a dictionary attack reasonable.
There's also a second access key stored in the FileVault backup keychain.The "get your space back" and "long waiting times at logout" seem to conflict.
He claims that the long wait time is because unused space is recovered from the sparsebundle File Vault uses to back your home directory -- so you should have your space back.
It seems unlikely that you need that space back *right now*, before you log out.On the other hand, EncFS leaks a ton of metadata -- probably enough metadata for someone to get a very good idea of what your collection of files represent.
(Granted, if you're not using full-disk encryption, you're leaking data into unencrypted space anyway.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142906</id>
	<title>Re:Whoa - Big Fucking Limitation</title>
	<author>cerberusss</author>
	<datestamp>1266240000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>That is an absolute deal breaker. Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.</p> </div><p>If you just use it to hide your porn for your boss or your significant other, that's not a real objection.</p></div>
	</htmltext>
<tokenext>That is an absolute deal breaker .
Mac OS X ( and increasingly third party software ) makes extensive use of that metadata in extended attributes .
If you just use it to hide your porn for your boss or your significant other , that 's not a real objection .</tokentext>
<sentencetext>That is an absolute deal breaker.
Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.
If you just use it to hide your porn for your boss or your significant other, that's not a real objection.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136832</id>
	<title>and he thinks his ideas mean anything to macusers?</title>
	<author>peragrin</author>
	<datestamp>1266140760000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>If you actually read the article while he makes good points to do what he says you have to install macports, and then use the command line.</p><p>There is no easy way to setup his system.  Sure it has more options but the average user of any OS isn't able to understand all of them.  File vault and windows bit locker for all their faults and variations are easy to use encryption.  and until all encryption/decryption systems are built into the OS and are easy to implenment then encryption will only be used a handful of people.</p><p>I still want a cross platform easy to use encryption setup that only requires my key to work.  not for me to have to bring my own software that I may or may not be allowed to run to decrypt the drive.</p></htmltext>
<tokenext>If you actually read the article while he makes good points to do what he says you have to install macports , and then use the command line.There is no easy way to setup his system .
Sure it has more options but the average user of any OS is n't able to understand all of them .
File vault and windows bit locker for all their faults and variations are easy to use encryption .
and until all encryption/decryption systems are built into the OS and are easy to implenment then encryption will only be used a handful of people.I still want a cross platform easy to use encryption setup that only requires my key to work .
not for me to have to bring my own software that I may or may not be allowed to run to decrypt the drive .</tokentext>
<sentencetext>If you actually read the article while he makes good points to do what he says you have to install macports, and then use the command line.There is no easy way to setup his system.
Sure it has more options but the average user of any OS isn't able to understand all of them.
File vault and windows bit locker for all their faults and variations are easy to use encryption.
and until all encryption/decryption systems are built into the OS and are easy to implenment then encryption will only be used a handful of people.I still want a cross platform easy to use encryption setup that only requires my key to work.
not for me to have to bring my own software that I may or may not be allowed to run to decrypt the drive.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31139596</id>
	<title>4k sectors</title>
	<author>TD-Linux</author>
	<datestamp>1266159300000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Don't forget that the header of encfs causes it not to be 4k block aligned, which kills performance on 4k-sector drives, which should be arriving very soon (filesystems have used 4k or larger sector sizes for a long time, however).</htmltext>
<tokenext>Do n't forget that the header of encfs causes it not to be 4k block aligned , which kills performance on 4k-sector drives , which should be arriving very soon ( filesystems have used 4k or larger sector sizes for a long time , however ) .</tokentext>
<sentencetext>Don't forget that the header of encfs causes it not to be 4k block aligned, which kills performance on 4k-sector drives, which should be arriving very soon (filesystems have used 4k or larger sector sizes for a long time, however).</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198</id>
	<title>Whoa - Big Fucking Limitation</title>
	<author>diamondsw</author>
	<datestamp>1266143040000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>FTFA:</p><blockquote><div><p>There are known problems with EncFS, as <b>it only support basic POSIX operations (no locking, extended attributes, etc...)</b>. This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.</p></div></blockquote><p>That is an absolute deal breaker. Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes. Until it can preserve that same metadata, this solution is a no-go for, oh, 99\% of the population. And that last 1\% is going to be on thin ice, hoping nothing breaks. Sorry for it sounding a bit like FUD, but this does entail a fair amount of uncertainty and doubt, and that brings some fear into it.</p><p>It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.</p></div>
	</htmltext>
<tokenext>FTFA : There are known problems with EncFS , as it only support basic POSIX operations ( no locking , extended attributes , etc... ) .
This works well for simple file storage or multiplatform applications , like MacPorts , Firefox , Thunderbird , etc... , but encrypting your whole homedir is known not to work.That is an absolute deal breaker .
Mac OS X ( and increasingly third party software ) makes extensive use of that metadata in extended attributes .
Until it can preserve that same metadata , this solution is a no-go for , oh , 99 \ % of the population .
And that last 1 \ % is going to be on thin ice , hoping nothing breaks .
Sorry for it sounding a bit like FUD , but this does entail a fair amount of uncertainty and doubt , and that brings some fear into it.It 's a great idea , as FileVault is very limited in its approach , but this is far from a " replacement " for it .</tokentext>
<sentencetext>FTFA:There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...).
This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.That is an absolute deal breaker.
Mac OS X (and increasingly third party software) makes extensive use of that metadata in extended attributes.
Until it can preserve that same metadata, this solution is a no-go for, oh, 99\% of the population.
And that last 1\% is going to be on thin ice, hoping nothing breaks.
Sorry for it sounding a bit like FUD, but this does entail a fair amount of uncertainty and doubt, and that brings some fear into it.It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154002</id>
	<title>Re:Question</title>
	<author>agoston.horvath</author>
	<datestamp>1266325080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Theoretically, you are perfectly right, and I can't argue with you. I could have written this in a more precise and defendable way indeed.

Moving over to the practical side, though, there is still the problem outlined in the article. What would you recommend to people seeking a solution? Doesn't this method solve the problem for a lot of people? Sure, not for everybody. But for a lot of people, it does.

See, it is extremely hard to make something perfect. One always has to leverage in practice. Even writing a howto is no exception.</htmltext>
<tokenext>Theoretically , you are perfectly right , and I ca n't argue with you .
I could have written this in a more precise and defendable way indeed .
Moving over to the practical side , though , there is still the problem outlined in the article .
What would you recommend to people seeking a solution ?
Does n't this method solve the problem for a lot of people ?
Sure , not for everybody .
But for a lot of people , it does .
See , it is extremely hard to make something perfect .
One always has to leverage in practice .
Even writing a howto is no exception .</tokentext>
<sentencetext>Theoretically, you are perfectly right, and I can't argue with you.
I could have written this in a more precise and defendable way indeed.
Moving over to the practical side, though, there is still the problem outlined in the article.
What would you recommend to people seeking a solution?
Doesn't this method solve the problem for a lot of people?
Sure, not for everybody.
But for a lot of people, it does.
See, it is extremely hard to make something perfect.
One always has to leverage in practice.
Even writing a howto is no exception.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137072</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598</id>
	<title>[citation needed]</title>
	<author>Anonymous</author>
	<datestamp>1266139320000</datestamp>
	<modclass>Funny</modclass>
	<modscore>5</modscore>
	<htmltext><p>FTFA:</p><blockquote><div><p>FileVault is a proprietary tool from a big and famous manufacturer. This means that you can be sure that there is a built-in backdoor for government bodies to use, in case you would be a terrorist suspect or trying to seize control by a coup. These backdoors are usually found and used against you in practice.</p></div></blockquote><p>[citation needed]</p></div>
	</htmltext>
<tokenext>FTFA : FileVault is a proprietary tool from a big and famous manufacturer .
This means that you can be sure that there is a built-in backdoor for government bodies to use , in case you would be a terrorist suspect or trying to seize control by a coup .
These backdoors are usually found and used against you in practice .
[ citation needed ]</tokentext>
<sentencetext>FTFA:FileVault is a proprietary tool from a big and famous manufacturer.
This means that you can be sure that there is a built-in backdoor for government bodies to use, in case you would be a terrorist suspect or trying to seize control by a coup.
These backdoors are usually found and used against you in practice.
[citation needed]
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138090</id>
	<title>Re:[citation needed]</title>
	<author>noidentity</author>
	<datestamp>1266149280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><blockquote><div><p>FileVault is a proprietary tool from a big and famous manufacturer. This means that you can be sure that there is a built-in backdoor for government bodies to use, in case you would be a terrorist suspect or trying to seize control by a coup. These backdoors are usually found and used against you in practice.</p></div>
</blockquote><p>He simply mentions the above because his article is written for such people, terrorist suspects and people trying to seize control by a coup (but not by other means).</p></div>
	</htmltext>
<tokenext>FileVault is a proprietary tool from a big and famous manufacturer .
This means that you can be sure that there is a built-in backdoor for government bodies to use , in case you would be a terrorist suspect or trying to seize control by a coup .
These backdoors are usually found and used against you in practice .
He simply mentions the above because his article is written for such people , terrorist suspects and people trying to seize control by a coup ( but not by other means ) .</tokentext>
<sentencetext>FileVault is a proprietary tool from a big and famous manufacturer.
This means that you can be sure that there is a built-in backdoor for government bodies to use, in case you would be a terrorist suspect or trying to seize control by a coup.
These backdoors are usually found and used against you in practice.
He simply mentions the above because his article is written for such people, terrorist suspects and people trying to seize control by a coup (but not by other means).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137516</id>
	<title>Re:[citation needed]</title>
	<author>Vahokif</author>
	<datestamp>1266145140000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>You wouldn't doubt it for a second if it was Microsoft, right?</htmltext>
<tokenext>You would n't doubt it for a second if it was Microsoft , right ?</tokentext>
<sentencetext>You wouldn't doubt it for a second if it was Microsoft, right?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140408</id>
	<title>Re:not actually solving non-existant problems.</title>
	<author>Gr8Apes</author>
	<datestamp>1266166260000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>And how often do you log out of your Mac?  The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week.  That was only because of security updates.</p></div><p>One mac - 2 days after 21 days, because Parallels/Windows 2008 R2 along with safari ran me into 4GB of swap space it wouldn't release.<br>Mac two - 90 days. (No Parallels/Windows on this one - needs a reboot with new security patch.</p></div>
	</htmltext>
<tokenext>And how often do you log out of your Mac ?
The only time I do that is when I reboot , and according to uptime , I have n't rebooted in more than a week .
That was only because of security updates.One mac - 2 days after 21 days , because Parallels/Windows 2008 R2 along with safari ran me into 4GB of swap space it would n't release.Mac two - 90 days .
( No Parallels/Windows on this one - needs a reboot with new security patch .</tokentext>
<sentencetext>And how often do you log out of your Mac?
The only time I do that is when I reboot, and according to uptime, I haven't rebooted in more than a week.
That was only because of security updates.One mac - 2 days after 21 days, because Parallels/Windows 2008 R2 along with safari ran me into 4GB of swap space it wouldn't release.Mac two - 90 days.
(No Parallels/Windows on this one - needs a reboot with new security patch.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137016</id>
	<title>Plenty happy with FileVault</title>
	<author>WebManWalking</author>
	<datestamp>1266142020000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>2</modscore>
	<htmltext>Just turn it on and forget about it. <br>
<br>
NSA has VileFault (spoonerism, not typo) for brute force dictionary attacks on weak passwords. I don't think NSA would take that route if Apple gave them a back door.</htmltext>
<tokenext>Just turn it on and forget about it .
NSA has VileFault ( spoonerism , not typo ) for brute force dictionary attacks on weak passwords .
I do n't think NSA would take that route if Apple gave them a back door .</tokentext>
<sentencetext>Just turn it on and forget about it.
NSA has VileFault (spoonerism, not typo) for brute force dictionary attacks on weak passwords.
I don't think NSA would take that route if Apple gave them a back door.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145954</id>
	<title>Re:Answer</title>
	<author>bill\_mcgonigle</author>
	<datestamp>1266258600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.</i></p><p>It's almost like they shouldn't have ripped ZFS out last summer...</p></htmltext>
<tokenext>I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.It 's almost like they should n't have ripped ZFS out last summer.. .</tokentext>
<sentencetext>I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.It's almost like they shouldn't have ripped ZFS out last summer...</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624</id>
	<title>Answer</title>
	<author>lakeland</author>
	<datestamp>1266139440000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>4</modscore>
	<htmltext><p>I'm tempted to say RTFA but in the interest of saving you and no doubt others a bit of time:</p><p>"The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system. All of FileVault's drawbacks originate from this. The implementation is brilliant, free of bugs, fast and well thought over. But why they decided to have all the trouble with a filesystem in a filesystem remains a mystery."</p><p>Essentially, instead of mounting<nobr> <wbr></nobr>/Users/your\_username via FIleVault, Apple decided to add a sparse bundle file to your home directory with all of the contents.  The worst impact of this design flaw is it adds a lot of time overhead at log out.  If apple instead created a different partition for each user's home directory then there are no real flaws with FileVault.</p><p>I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.</p></htmltext>
<tokenext>I 'm tempted to say RTFA but in the interest of saving you and no doubt others a bit of time : " The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system .
All of FileVault 's drawbacks originate from this .
The implementation is brilliant , free of bugs , fast and well thought over .
But why they decided to have all the trouble with a filesystem in a filesystem remains a mystery .
" Essentially , instead of mounting /Users/your \ _username via FIleVault , Apple decided to add a sparse bundle file to your home directory with all of the contents .
The worst impact of this design flaw is it adds a lot of time overhead at log out .
If apple instead created a different partition for each user 's home directory then there are no real flaws with FileVault.I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary .</tokentext>
<sentencetext>I'm tempted to say RTFA but in the interest of saving you and no doubt others a bit of time:"The biggest mistake Apple did with FileVault is storing the encrypted home directory on a virtual file system.
All of FileVault's drawbacks originate from this.
The implementation is brilliant, free of bugs, fast and well thought over.
But why they decided to have all the trouble with a filesystem in a filesystem remains a mystery.
"Essentially, instead of mounting /Users/your\_username via FIleVault, Apple decided to add a sparse bundle file to your home directory with all of the contents.
The worst impact of this design flaw is it adds a lot of time overhead at log out.
If apple instead created a different partition for each user's home directory then there are no real flaws with FileVault.I can see why Apple did it they way they did - dynamically resizing partitions as the user adds data to their home directory sounds... scary.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145976</id>
	<title>Re:Whoa - Big Fucking Limitation</title>
	<author>bill\_mcgonigle</author>
	<datestamp>1266258780000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><i>It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.</i></p><p>So a reasonable thing to do would be to create an EncFS mountpoint and symlink in appropriate directories to your homedir, still on FileVault.</p><p>Except, I guess that's just ordinary and usable and doesn't garner a Slashdot headline.</p></htmltext>
<tokenext>It 's a great idea , as FileVault is very limited in its approach , but this is far from a " replacement " for it.So a reasonable thing to do would be to create an EncFS mountpoint and symlink in appropriate directories to your homedir , still on FileVault.Except , I guess that 's just ordinary and usable and does n't garner a Slashdot headline .</tokentext>
<sentencetext>It's a great idea, as FileVault is very limited in its approach, but this is far from a "replacement" for it.So a reasonable thing to do would be to create an EncFS mountpoint and symlink in appropriate directories to your homedir, still on FileVault.Except, I guess that's just ordinary and usable and doesn't garner a Slashdot headline.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138796</id>
	<title>Re:Answer</title>
	<author>ChiRaven</author>
	<datestamp>1266154020000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>"...free of bugs<nobr> <wbr></nobr>..."<br> <br>

Maybe now.  Back in about 2003 I used it, and one day when I logged on to my Mac, I got a message telling me that the file was not a valid FileVault file.  To make a VERY long story short, ALL attempts (yes, I had AppleCare) to recover the data in that vault failed utterly, so my data record today goes back no further than 2003 for most things (except a few old files that I've found on ancient floppy disks from waaaaaayyyy back when, before the advent of hard drives).  Among the things I lost were the "upgradeable" copies of Photoshop and Illustrator (which my late wife had used since they first came out), and the original boxes had been lost in an interstate move the year before.  So I no longer have those software packages.  Thanks a lot, Apple.</htmltext>
<tokenext>" ...free of bugs ... " Maybe now .
Back in about 2003 I used it , and one day when I logged on to my Mac , I got a message telling me that the file was not a valid FileVault file .
To make a VERY long story short , ALL attempts ( yes , I had AppleCare ) to recover the data in that vault failed utterly , so my data record today goes back no further than 2003 for most things ( except a few old files that I 've found on ancient floppy disks from waaaaaayyyy back when , before the advent of hard drives ) .
Among the things I lost were the " upgradeable " copies of Photoshop and Illustrator ( which my late wife had used since they first came out ) , and the original boxes had been lost in an interstate move the year before .
So I no longer have those software packages .
Thanks a lot , Apple .</tokentext>
<sentencetext>"...free of bugs ..." 

Maybe now.
Back in about 2003 I used it, and one day when I logged on to my Mac, I got a message telling me that the file was not a valid FileVault file.
To make a VERY long story short, ALL attempts (yes, I had AppleCare) to recover the data in that vault failed utterly, so my data record today goes back no further than 2003 for most things (except a few old files that I've found on ancient floppy disks from waaaaaayyyy back when, before the advent of hard drives).
Among the things I lost were the "upgradeable" copies of Photoshop and Illustrator (which my late wife had used since they first came out), and the original boxes had been lost in an interstate move the year before.
So I no longer have those software packages.
Thanks a lot, Apple.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138110</id>
	<title>PGP Whole Disk Encryption</title>
	<author>D H NG</author>
	<datestamp>1266149460000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I recently replaced FileVault on my MacBook Pro with PGP Whole Disk Encryption, and the results have been nothing but headache.  Now when I close the lid, the laptop doesn't go into hibernate mode, and the laptop doesn't recognize my iPod when I plugged it in.</htmltext>
<tokenext>I recently replaced FileVault on my MacBook Pro with PGP Whole Disk Encryption , and the results have been nothing but headache .
Now when I close the lid , the laptop does n't go into hibernate mode , and the laptop does n't recognize my iPod when I plugged it in .</tokentext>
<sentencetext>I recently replaced FileVault on my MacBook Pro with PGP Whole Disk Encryption, and the results have been nothing but headache.
Now when I close the lid, the laptop doesn't go into hibernate mode, and the laptop doesn't recognize my iPod when I plugged it in.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137580</id>
	<title>Re:Question</title>
	<author>node 3</author>
	<datestamp>1266145440000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>5</modscore>
	<htmltext><p><div class="quote"><p>What are some flaws in FileVault that might make me prefer EncFS?</p><p>I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.</p></div><p>The "flaws" in FileVault (really, just limitations, but whatever), are that they aren't backed up via Time Machine while you're logged in, and space isn't freed up until you log out.</p><p>He states that it takes a long time to log out, but that's not true as of Snow Leopard. Sparsebundles recover space <i>very</i> quickly, and you can cancel the logout clean up process without worry.</p><p>As for, why would you prefer EncFS? You wouldn't. It actually does work reliably. FTA:</p><blockquote><div><p> There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...). This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.</p></div></blockquote><p>In other words, not only can it not replace FileVault, but it can't even be used for the things a normal Mac user might want to encrypt (Mail folder, iPhoto library, etc.).</p></div>
	</htmltext>
<tokenext>What are some flaws in FileVault that might make me prefer EncFS ? I 've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.The " flaws " in FileVault ( really , just limitations , but whatever ) , are that they are n't backed up via Time Machine while you 're logged in , and space is n't freed up until you log out.He states that it takes a long time to log out , but that 's not true as of Snow Leopard .
Sparsebundles recover space very quickly , and you can cancel the logout clean up process without worry.As for , why would you prefer EncFS ?
You would n't .
It actually does work reliably .
FTA : There are known problems with EncFS , as it only support basic POSIX operations ( no locking , extended attributes , etc... ) .
This works well for simple file storage or multiplatform applications , like MacPorts , Firefox , Thunderbird , etc... , but encrypting your whole homedir is known not to work.In other words , not only can it not replace FileVault , but it ca n't even be used for the things a normal Mac user might want to encrypt ( Mail folder , iPhoto library , etc .
) .</tokentext>
<sentencetext>What are some flaws in FileVault that might make me prefer EncFS?I've only been thinking of activating FileVault lately and my only other experience has been with ELI in FBSD.The "flaws" in FileVault (really, just limitations, but whatever), are that they aren't backed up via Time Machine while you're logged in, and space isn't freed up until you log out.He states that it takes a long time to log out, but that's not true as of Snow Leopard.
Sparsebundles recover space very quickly, and you can cancel the logout clean up process without worry.As for, why would you prefer EncFS?
You wouldn't.
It actually does work reliably.
FTA: There are known problems with EncFS, as it only support basic POSIX operations (no locking, extended attributes, etc...).
This works well for simple file storage or multiplatform applications, like MacPorts, Firefox, Thunderbird, etc..., but encrypting your whole homedir is known not to work.In other words, not only can it not replace FileVault, but it can't even be used for the things a normal Mac user might want to encrypt (Mail folder, iPhoto library, etc.
).
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138300
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140380
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138796
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142894
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137580
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142906
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137516
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31141348
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137628
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138090
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145976
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140408
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137248
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145954
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154002
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137072
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137824
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136898
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_02_14_200259_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154020
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136598
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138090
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137516
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136898
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137824
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136566
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138300
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136624
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145954
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138796
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137580
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142894
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136640
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137628
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137566
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154020
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140408
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137072
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31154002
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137248
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31136832
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138886
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138408
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31138110
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_02_14_200259.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31137198
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31141348
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31145976
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31142906
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_02_14_200259.31140380
</commentlist>
</conversation>
