<article>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#article10_03_10_200256</id>
	<title>OpenSSH 5.4 Released</title>
	<author>timothy</author>
	<datestamp>1268210400000</datestamp>
	<htmltext>HipToday writes <i>"As posted on the <a href="http://undeadly.org/">OpenBSD Journal</a>, <a href="http://undeadly.org/cgi?action=article&amp;sid=20100309072751">OpenSSH 5.4 has been released</a>: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on <a href="http://www.openssh.com/">www.openssh.com</a>.'"</i></htmltext>
<tokenext>HipToday writes " As posted on the OpenBSD Journal , OpenSSH 5.4 has been released : 'Some highlights of this release are the disabling of protocol 1 by default , certificate authentication , a new " netcat mode , " many changes on the sftp front ( both client and server ) and a collection of assorted bugfixes .
The new release can already be found on a large number of mirrors and of course on www.openssh.com .
' "</tokentext>
<sentencetext>HipToday writes "As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes.
The new release can already be found on a large number of mirrors and of course on www.openssh.com.
'"</sentencetext>
</article>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435742</id>
	<title>Re:New, Problematic Protocol Introduced</title>
	<author>mccaffer</author>
	<datestamp>1268303160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>why does SSH continue this 'not invented here' crap with certs?? I don't care if the new certs are better. I don't have any new certs but I've got loads of x509 certs and I'm not going to throw them out.....</p></htmltext>
<tokenext>why does SSH continue this 'not invented here ' crap with certs ? ?
I do n't care if the new certs are better .
I do n't have any new certs but I 've got loads of x509 certs and I 'm not going to throw them out.... .</tokentext>
<sentencetext>why does SSH continue this 'not invented here' crap with certs??
I don't care if the new certs are better.
I don't have any new certs but I've got loads of x509 certs and I'm not going to throw them out.....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431022</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</id>
	<title>Thank you Open SSH devs</title>
	<author>overlordofmu</author>
	<datestamp>1268216100000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>5</modscore>
	<htmltext>I am reading this article and posting to it through a ssh tunnel using OpenSSH on a Gentoo Linux server at home and putty.exe on a work laptop running XP Pro at work.<br> <br>
Firefox sees it as a SOCKS 5 proxy at localhost.  The tricky part was setting the config key in Firefox called "network.proxy.socks\_remote\_dns"  to true.  (Navigate to about:config and filter for "proxy" to find this setting quickly).  The corporate network admins use bogus DNS resolution as a firewall.<br> <br>
I love you, OpenSSH devs.  I sincerely thank you.</htmltext>
<tokenext>I am reading this article and posting to it through a ssh tunnel using OpenSSH on a Gentoo Linux server at home and putty.exe on a work laptop running XP Pro at work .
Firefox sees it as a SOCKS 5 proxy at localhost .
The tricky part was setting the config key in Firefox called " network.proxy.socks \ _remote \ _dns " to true .
( Navigate to about : config and filter for " proxy " to find this setting quickly ) .
The corporate network admins use bogus DNS resolution as a firewall .
I love you , OpenSSH devs .
I sincerely thank you .</tokentext>
<sentencetext>I am reading this article and posting to it through a ssh tunnel using OpenSSH on a Gentoo Linux server at home and putty.exe on a work laptop running XP Pro at work.
Firefox sees it as a SOCKS 5 proxy at localhost.
The tricky part was setting the config key in Firefox called "network.proxy.socks\_remote\_dns"  to true.
(Navigate to about:config and filter for "proxy" to find this setting quickly).
The corporate network admins use bogus DNS resolution as a firewall.
I love you, OpenSSH devs.
I sincerely thank you.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434360</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>grangerg</author>
	<datestamp>1268240400000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p><nobr> <wbr></nobr></p><div class="quote"><p>...</p><p>SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.</p></div><p>No. SFTP isn't really "true" FTP at all---it's the SSH File Transfer Protocol. FTPS and FTPES, however are the encrypted forms of FTP; they're FTP over SSL.</p></div>
	</htmltext>
<tokenext>...SFTP is not FTP over SSH if you did not understand , it is a proper FTP that happens to run over a secured link.No .
SFTP is n't really " true " FTP at all---it 's the SSH File Transfer Protocol .
FTPS and FTPES , however are the encrypted forms of FTP ; they 're FTP over SSL .</tokentext>
<sentencetext> ...SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.No.
SFTP isn't really "true" FTP at all---it's the SSH File Transfer Protocol.
FTPS and FTPES, however are the encrypted forms of FTP; they're FTP over SSL.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435872</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>mzs</author>
	<datestamp>1268305080000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>They don't have to be random. Say you decide that will allow 20 simultaneous connections, so then you allocate a block of 40 (if it's not busy you can have less, but TIMEDWAIT after the connection is closed implies you should have some extras) below the ephemeral lower limit. Then in your firewall you open-up those 40 to the world or your organization. If nothing is listening on a port then there really is no harm having that port open. If you like you can block outgoing ICMP port unreachable messages. With the tcp windows pretty much the only things an adversary can get away with is possibly a RST attack. So you could configure your ftp server and firewall like that.</p><p>That said all the firewalls have very good mechanisms now for watching ftp connection and adding temporary rules for any secondary ports needed. You may have better luck reading the man pages and running the tools from the command line with -d and -v options, that way you will get more diagnostics.</p><p>Please don't get upset, there were a lot of people offering useful advice. Maybe you can use HTTP instead if the FTP is too troublesome for you? BTW most people do not read log files using tcpdump, but I guess there are those ubercool that read the raw syslog traffic over the wire instead of tailing some log files, that must be you.</p></htmltext>
<tokenext>They do n't have to be random .
Say you decide that will allow 20 simultaneous connections , so then you allocate a block of 40 ( if it 's not busy you can have less , but TIMEDWAIT after the connection is closed implies you should have some extras ) below the ephemeral lower limit .
Then in your firewall you open-up those 40 to the world or your organization .
If nothing is listening on a port then there really is no harm having that port open .
If you like you can block outgoing ICMP port unreachable messages .
With the tcp windows pretty much the only things an adversary can get away with is possibly a RST attack .
So you could configure your ftp server and firewall like that.That said all the firewalls have very good mechanisms now for watching ftp connection and adding temporary rules for any secondary ports needed .
You may have better luck reading the man pages and running the tools from the command line with -d and -v options , that way you will get more diagnostics.Please do n't get upset , there were a lot of people offering useful advice .
Maybe you can use HTTP instead if the FTP is too troublesome for you ?
BTW most people do not read log files using tcpdump , but I guess there are those ubercool that read the raw syslog traffic over the wire instead of tailing some log files , that must be you .</tokentext>
<sentencetext>They don't have to be random.
Say you decide that will allow 20 simultaneous connections, so then you allocate a block of 40 (if it's not busy you can have less, but TIMEDWAIT after the connection is closed implies you should have some extras) below the ephemeral lower limit.
Then in your firewall you open-up those 40 to the world or your organization.
If nothing is listening on a port then there really is no harm having that port open.
If you like you can block outgoing ICMP port unreachable messages.
With the tcp windows pretty much the only things an adversary can get away with is possibly a RST attack.
So you could configure your ftp server and firewall like that.That said all the firewalls have very good mechanisms now for watching ftp connection and adding temporary rules for any secondary ports needed.
You may have better luck reading the man pages and running the tools from the command line with -d and -v options, that way you will get more diagnostics.Please don't get upset, there were a lot of people offering useful advice.
Maybe you can use HTTP instead if the FTP is too troublesome for you?
BTW most people do not read log files using tcpdump, but I guess there are those ubercool that read the raw syslog traffic over the wire instead of tailing some log files, that must be you.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433874</id>
	<title>Re:Please note:</title>
	<author>tsalmark</author>
	<datestamp>1268235240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I send them a few bucks every time I upgrade server software.</htmltext>
<tokenext>I send them a few bucks every time I upgrade server software .</tokentext>
<sentencetext>I send them a few bucks every time I upgrade server software.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</id>
	<title>Please note:</title>
	<author>Anonymous</author>
	<datestamp>1268216700000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>5</modscore>
	<htmltext><p>A brief quote from the project's home page:<br>Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor. This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).</p><p>So go and DONATE, as i've just done.</p></div>
	</htmltext>
<tokenext>A brief quote from the project 's home page : Please take note of our Who uses it page , which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor .
This list specifically includes companies like Cisco , Juniper , Apple , Red Hat , and Novell ; but probably includes almost all router , switch or unix-like operating system vendors .
In the 10 years since the inception of the OpenSSH project , these companies have contributed not even a dime of thanks in support of the OpenSSH project ( despite numerous requests ) .So go and DONATE , as i 've just done .</tokentext>
<sentencetext>A brief quote from the project's home page:Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor.
This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors.
In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).So go and DONATE, as i've just done.
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434028</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>-Bacon-</author>
	<datestamp>1268236680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Encrypting the password.</p></htmltext>
<tokenext>Encrypting the password .</tokentext>
<sentencetext>Encrypting the password.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432060</id>
	<title>Re:SFTP improvements</title>
	<author>Anonymous</author>
	<datestamp>1268220780000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why scp -r when rsync over ssh is vastly superior?</p><p>I wish people would stop working on yet another file transfer mechanism, when they aren't aware of the strengths and weaknesses of the existing best practices. The next solution really ought to combine these features instead of continuing to polish one half while ignoring the other.</p><p>(And by vastly superior, I mean all of rsync's many features: exclude/include patterns, conditional transfer by many different comparison methods, differential-based transfer optimization, extremely good performance even on trees of tiny files over high-latency networks, and many options for link trees and other incremental backup scenarios.)</p></htmltext>
<tokenext>Why scp -r when rsync over ssh is vastly superior ? I wish people would stop working on yet another file transfer mechanism , when they are n't aware of the strengths and weaknesses of the existing best practices .
The next solution really ought to combine these features instead of continuing to polish one half while ignoring the other .
( And by vastly superior , I mean all of rsync 's many features : exclude/include patterns , conditional transfer by many different comparison methods , differential-based transfer optimization , extremely good performance even on trees of tiny files over high-latency networks , and many options for link trees and other incremental backup scenarios .
)</tokentext>
<sentencetext>Why scp -r when rsync over ssh is vastly superior?I wish people would stop working on yet another file transfer mechanism, when they aren't aware of the strengths and weaknesses of the existing best practices.
The next solution really ought to combine these features instead of continuing to polish one half while ignoring the other.
(And by vastly superior, I mean all of rsync's many features: exclude/include patterns, conditional transfer by many different comparison methods, differential-based transfer optimization, extremely good performance even on trees of tiny files over high-latency networks, and many options for link trees and other incremental backup scenarios.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431572</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434808</id>
	<title>Re:Please note:</title>
	<author>Abcd1234</author>
	<datestamp>1268246460000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>3</modscore>
	<htmltext><p><i>In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).</i></p><p>And they don't have to, either morally or legally.</p><p>OpenSSH is released under the BSD license, and the devs know full well that they may not be financially rewarded for their work.  To suddenly expect those users to donate cash just because they use the very code you freed is, to say, the least, hypocritical.  After all, if you wanted to be paid for the work you do, why are you releasing it for free to the world under one of the most liberal software licenses possible?  Why not a dual license that requires payment for commercial use?  Naturally because the BSDs are all about freedom, of course.</p><p>Well, unless they think they're getting screwed financially.</p></htmltext>
<tokenext>In the 10 years since the inception of the OpenSSH project , these companies have contributed not even a dime of thanks in support of the OpenSSH project ( despite numerous requests ) .And they do n't have to , either morally or legally.OpenSSH is released under the BSD license , and the devs know full well that they may not be financially rewarded for their work .
To suddenly expect those users to donate cash just because they use the very code you freed is , to say , the least , hypocritical .
After all , if you wanted to be paid for the work you do , why are you releasing it for free to the world under one of the most liberal software licenses possible ?
Why not a dual license that requires payment for commercial use ?
Naturally because the BSDs are all about freedom , of course.Well , unless they think they 're getting screwed financially .</tokentext>
<sentencetext>In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).And they don't have to, either morally or legally.OpenSSH is released under the BSD license, and the devs know full well that they may not be financially rewarded for their work.
To suddenly expect those users to donate cash just because they use the very code you freed is, to say, the least, hypocritical.
After all, if you wanted to be paid for the work you do, why are you releasing it for free to the world under one of the most liberal software licenses possible?
Why not a dual license that requires payment for commercial use?
Naturally because the BSDs are all about freedom, of course.Well, unless they think they're getting screwed financially.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432314</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>Anonymous</author>
	<datestamp>1268222280000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>My provider XS4ALL runs a ssh daemon on port 443 of their server. Using a HTTP (Netscape) proxy works just as well (another good reason to keep the ISP's proxy in the air). Thanks for the remote DNS hint, didn't think about that (DNS at our company is non-restricted).</p><p>Fortunately I did not have to use it for a while, nowadays the proxy settings of the company proxy are more reasonable. Before that I had trouble retrieving many web pages with "bad words". Including those necessary to do my work.</p></htmltext>
<tokenext>My provider XS4ALL runs a ssh daemon on port 443 of their server .
Using a HTTP ( Netscape ) proxy works just as well ( another good reason to keep the ISP 's proxy in the air ) .
Thanks for the remote DNS hint , did n't think about that ( DNS at our company is non-restricted ) .Fortunately I did not have to use it for a while , nowadays the proxy settings of the company proxy are more reasonable .
Before that I had trouble retrieving many web pages with " bad words " .
Including those necessary to do my work .</tokentext>
<sentencetext>My provider XS4ALL runs a ssh daemon on port 443 of their server.
Using a HTTP (Netscape) proxy works just as well (another good reason to keep the ISP's proxy in the air).
Thanks for the remote DNS hint, didn't think about that (DNS at our company is non-restricted).Fortunately I did not have to use it for a while, nowadays the proxy settings of the company proxy are more reasonable.
Before that I had trouble retrieving many web pages with "bad words".
Including those necessary to do my work.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431640</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>Hatta</author>
	<datestamp>1268218680000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I do the same thing frequently.  I've noticed a weird thing with my configuration.  When I'm working through the tunnel, with DNS requests forwarded through the tunnel, and I go to a non-existent domain my ISP (cox) hijacks my NXDOMAIN and serves up a search page (with ads, obv).  When I'm at home, I get NXDOMAIN just fine.  Can't figure that one out.</p></htmltext>
<tokenext>I do the same thing frequently .
I 've noticed a weird thing with my configuration .
When I 'm working through the tunnel , with DNS requests forwarded through the tunnel , and I go to a non-existent domain my ISP ( cox ) hijacks my NXDOMAIN and serves up a search page ( with ads , obv ) .
When I 'm at home , I get NXDOMAIN just fine .
Ca n't figure that one out .</tokentext>
<sentencetext>I do the same thing frequently.
I've noticed a weird thing with my configuration.
When I'm working through the tunnel, with DNS requests forwarded through the tunnel, and I go to a non-existent domain my ISP (cox) hijacks my NXDOMAIN and serves up a search page (with ads, obv).
When I'm at home, I get NXDOMAIN just fine.
Can't figure that one out.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433556</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>Spit</author>
	<datestamp>1268232000000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You're obviously not running OpenBSD firewalls.<nobr> <wbr></nobr>;)</p></htmltext>
<tokenext>You 're obviously not running OpenBSD firewalls .
; )</tokentext>
<sentencetext>You're obviously not running OpenBSD firewalls.
;)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432678</id>
	<title>Re:No X.509 certificateds?</title>
	<author>Anonymous</author>
	<datestamp>1268224860000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>You might want to read those release notes again, and notice PKCS#11 support as item #2</p></htmltext>
<tokenext>You might want to read those release notes again , and notice PKCS # 11 support as item # 2</tokentext>
<sentencetext>You might want to read those release notes again, and notice PKCS#11 support as item #2</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435234</id>
	<title>Re:No X.509 certificateds?</title>
	<author>mzs</author>
	<datestamp>1268339340000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>client X.509 certs with TLS is vulnerable to renegotiation attacks. telnet would be vulnerable to some timing attacks with TLS if it were not configured carefully as well. Sometimes simple is better.</p></htmltext>
<tokenext>client X.509 certs with TLS is vulnerable to renegotiation attacks .
telnet would be vulnerable to some timing attacks with TLS if it were not configured carefully as well .
Sometimes simple is better .</tokentext>
<sentencetext>client X.509 certs with TLS is vulnerable to renegotiation attacks.
telnet would be vulnerable to some timing attacks with TLS if it were not configured carefully as well.
Sometimes simple is better.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434998</id>
	<title>Re:SFTP improvements</title>
	<author>mzs</author>
	<datestamp>1268249160000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>This scripts has served me well over the years. There hasn't been a unix-alike where it has failed me in a very long time now. It also makes the target directory hierarchy for you automatically if needed.</p><p>$ cat bin/stjput<br>#!/bin/sh<br># e.g. copy all non-hidden files and dirs from your home dir using protocol 2<br># $ cd &amp;&amp; stjput '-24 remuser@host' . *</p><p>IFS='<br>'</p><p>case $# in<br>
&nbsp; &nbsp; [012])<br>
&nbsp; &nbsp; &nbsp; &nbsp; echo 'Usage: stjput sshopts remdir file|dir [file|dir<nobr> <wbr></nobr>...]' &gt;&amp;2<br>
&nbsp; &nbsp; &nbsp; &nbsp; exit 2<nobr> <wbr></nobr>;;<br>esac</p><p># some defaults, may not work with very old versions of ssh<br>#sshopts='-24 -o PermitLocalCommand=no -qaxT '"$1"; shift<br>sshopts='-qaxT '"$1"; shift</p><p>remdir="$1"; shift</p><p># protect sh from stripping trailing whitespace, eg newline(s)<br>case "$remdir" in<br>
&nbsp; &nbsp; '')<br>
&nbsp; &nbsp; &nbsp; &nbsp; # someone used '' instead of . for CWD!<br>
&nbsp; &nbsp; &nbsp; &nbsp; remdir=.<nobr> <wbr></nobr>;;<br>
&nbsp; &nbsp; */)<nobr> <wbr></nobr>;;<br>
&nbsp; &nbsp; *)<br>
&nbsp; &nbsp; &nbsp; &nbsp; # It does not matter to have the trailing / for a dir<br>
&nbsp; &nbsp; &nbsp; &nbsp; remdir="$remdir"/<nobr> <wbr></nobr>;;<br>esac</p><p># need to prevent cd and mkdir thinking it is some option<br>case "$remdir" in<nobr> <wbr></nobr>/* |<nobr> <wbr></nobr>.*)<nobr> <wbr></nobr>;;<br>
&nbsp; &nbsp; *)<br>
&nbsp; &nbsp; &nbsp; &nbsp; remdir=./"$remdir"<nobr> <wbr></nobr>;;<br>esac</p><p>foo() {<br>
&nbsp; &nbsp; &nbsp; &nbsp; n=$2<br>}</p><p># lots of testing shows that this works on many shells,<br># don't use $() or "``" and make sure that closing tick is all by itsewlf on the<br># last line<br>n=`cksum<nobr> <wbr></nobr>/dev/null`" &amp;&amp; mkdir -p "$n" &amp;&amp; cd "$n" &amp;&amp; bunzip2 -c - | tar xvf -'\'''</p></htmltext>
<tokenext>This scripts has served me well over the years .
There has n't been a unix-alike where it has failed me in a very long time now .
It also makes the target directory hierarchy for you automatically if needed. $ cat bin/stjput # ! /bin/sh # e.g .
copy all non-hidden files and dirs from your home dir using protocol 2 # $ cd &amp;&amp; stjput '-24 remuser @ host ' .
* IFS = ''case $ # in     [ 012 ] )         echo 'Usage : stjput sshopts remdir file | dir [ file | dir ... ] ' &gt; &amp;2         exit 2 ; ; esac # some defaults , may not work with very old versions of ssh # sshopts = '-24 -o PermitLocalCommand = no -qaxT ' " $ 1 " ; shiftsshopts = '-qaxT ' " $ 1 " ; shiftremdir = " $ 1 " ; shift # protect sh from stripping trailing whitespace , eg newline ( s ) case " $ remdir " in     ' ' )         # someone used ' ' instead of .
for CWD !
        remdir = .
; ;     * / ) ; ;     * )         # It does not matter to have the trailing / for a dir         remdir = " $ remdir " / ; ; esac # need to prevent cd and mkdir thinking it is some optioncase " $ remdir " in / * | .
* ) ; ;     * )         remdir = ./ " $ remdir " ; ; esacfoo ( ) {         n = $ 2 } # lots of testing shows that this works on many shells , # do n't use $ ( ) or " ` ` " and make sure that closing tick is all by itsewlf on the # last linen = ` cksum /dev/null ` " &amp;&amp; mkdir -p " $ n " &amp;&amp; cd " $ n " &amp;&amp; bunzip2 -c - | tar xvf - ' \ '''</tokentext>
<sentencetext>This scripts has served me well over the years.
There hasn't been a unix-alike where it has failed me in a very long time now.
It also makes the target directory hierarchy for you automatically if needed.$ cat bin/stjput#!/bin/sh# e.g.
copy all non-hidden files and dirs from your home dir using protocol 2# $ cd &amp;&amp; stjput '-24 remuser@host' .
*IFS=''case $# in
    [012])
        echo 'Usage: stjput sshopts remdir file|dir [file|dir ...]' &gt;&amp;2
        exit 2 ;;esac# some defaults, may not work with very old versions of ssh#sshopts='-24 -o PermitLocalCommand=no -qaxT '"$1"; shiftsshopts='-qaxT '"$1"; shiftremdir="$1"; shift# protect sh from stripping trailing whitespace, eg newline(s)case "$remdir" in
    '')
        # someone used '' instead of .
for CWD!
        remdir=.
;;
    */) ;;
    *)
        # It does not matter to have the trailing / for a dir
        remdir="$remdir"/ ;;esac# need to prevent cd and mkdir thinking it is some optioncase "$remdir" in /* | .
*) ;;
    *)
        remdir=./"$remdir" ;;esacfoo() {
        n=$2}# lots of testing shows that this works on many shells,# don't use $() or "``" and make sure that closing tick is all by itsewlf on the# last linen=`cksum /dev/null`" &amp;&amp; mkdir -p "$n" &amp;&amp; cd "$n" &amp;&amp; bunzip2 -c - | tar xvf -'\'''</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430786</id>
	<title>Some interesting features...</title>
	<author>Anonymous</author>
	<datestamp>1268214780000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p>I'm interested to see how the certificates and netcat features get used in the real world with SSH. I regenerated all of my SSH keys because they are defaulted to AES-128 bit encrypted and the public exponent is changed to 65537.</p><p>johnny stoops.</p></htmltext>
<tokenext>I 'm interested to see how the certificates and netcat features get used in the real world with SSH .
I regenerated all of my SSH keys because they are defaulted to AES-128 bit encrypted and the public exponent is changed to 65537.johnny stoops .</tokentext>
<sentencetext>I'm interested to see how the certificates and netcat features get used in the real world with SSH.
I regenerated all of my SSH keys because they are defaulted to AES-128 bit encrypted and the public exponent is changed to 65537.johnny stoops.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374</id>
	<title>No X.509 certificateds?</title>
	<author>Anonymous</author>
	<datestamp>1268222580000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why can't they use X.509 certificates like everybody else does? Are they too complex for SSH? Why no smart card support for those really secure connections?</p><p>Maybe we should just use OpenSSL &amp; telnet or something similar, at least OpenSSL has PKCS#11 support nowadays. The only other thing required is a way to multiplex multiple protocols over SSL, but that certainly sounds doable.</p></htmltext>
<tokenext>Why ca n't they use X.509 certificates like everybody else does ?
Are they too complex for SSH ?
Why no smart card support for those really secure connections ? Maybe we should just use OpenSSL &amp; telnet or something similar , at least OpenSSL has PKCS # 11 support nowadays .
The only other thing required is a way to multiplex multiple protocols over SSL , but that certainly sounds doable .</tokentext>
<sentencetext>Why can't they use X.509 certificates like everybody else does?
Are they too complex for SSH?
Why no smart card support for those really secure connections?Maybe we should just use OpenSSL &amp; telnet or something similar, at least OpenSSL has PKCS#11 support nowadays.
The only other thing required is a way to multiplex multiple protocols over SSL, but that certainly sounds doable.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31436604</id>
	<title>Bullshit.</title>
	<author>Anonymous</author>
	<datestamp>1268316960000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>I am getting really tired of people that can't read the licenses of the software they are producing or using.</p><p>If you are wrtiitng software and will take issue if you are not paid, then you are using thw wrong licensing cheme.</p><p>If you are using software from people that has decided to make it Open, then it is not up to you to go in fits of moral outrage on their behalf: they are grown up people, they know what they are doing<nobr> <wbr></nobr>....</p></htmltext>
<tokenext>I am getting really tired of people that ca n't read the licenses of the software they are producing or using.If you are wrtiitng software and will take issue if you are not paid , then you are using thw wrong licensing cheme.If you are using software from people that has decided to make it Open , then it is not up to you to go in fits of moral outrage on their behalf : they are grown up people , they know what they are doing ... .</tokentext>
<sentencetext>I am getting really tired of people that can't read the licenses of the software they are producing or using.If you are wrtiitng software and will take issue if you are not paid, then you are using thw wrong licensing cheme.If you are using software from people that has decided to make it Open, then it is not up to you to go in fits of moral outrage on their behalf: they are grown up people, they know what they are doing ....</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432652</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>ilikejam</author>
	<datestamp>1268224620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I recently discovered that Thunderbird can also use SOCKS. No need for mutt in a putty session any more!</p></htmltext>
<tokenext>I recently discovered that Thunderbird can also use SOCKS .
No need for mutt in a putty session any more !</tokentext>
<sentencetext>I recently discovered that Thunderbird can also use SOCKS.
No need for mutt in a putty session any more!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431658</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>Sancho</author>
	<datestamp>1268218800000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>2</modscore>
	<htmltext><p>Arguably, running one less service would be nice.  Also, OpenSSH's chrooting is pretty painless for sftp (though arguably, proper chrooting mostly precludes the need for read-only service--having your server read-only does add another layer of security.)</p></htmltext>
<tokenext>Arguably , running one less service would be nice .
Also , OpenSSH 's chrooting is pretty painless for sftp ( though arguably , proper chrooting mostly precludes the need for read-only service--having your server read-only does add another layer of security .
)</tokentext>
<sentencetext>Arguably, running one less service would be nice.
Also, OpenSSH's chrooting is pretty painless for sftp (though arguably, proper chrooting mostly precludes the need for read-only service--having your server read-only does add another layer of security.
)</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</id>
	<title>SFTP improvements</title>
	<author>Anonymous</author>
	<datestamp>1268214660000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>FTFA:<br> <br>

* Many improvements to the sftp(1) client, many of which were
   implemented by Carlos Silva through the Google Summer of Code
   program:...
<br> <br>...
   - Add recursive transfer support for get/put and on the commandline
<br>(Alas!!)<br> <br>
Whole host of other improvements and bugfixes; give it read if SSH is pertinent to your environment....</htmltext>
<tokenext>FTFA : * Many improvements to the sftp ( 1 ) client , many of which were implemented by Carlos Silva through the Google Summer of Code program : .. . .. . - Add recursive transfer support for get/put and on the commandline ( Alas ! !
) Whole host of other improvements and bugfixes ; give it read if SSH is pertinent to your environment... .</tokentext>
<sentencetext>FTFA: 

* Many improvements to the sftp(1) client, many of which were
   implemented by Carlos Silva through the Google Summer of Code
   program:...
 ...
   - Add recursive transfer support for get/put and on the commandline
(Alas!!
) 
Whole host of other improvements and bugfixes; give it read if SSH is pertinent to your environment....</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432150</id>
	<title>Re:Please note:</title>
	<author>Anonymous</author>
	<datestamp>1268221260000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext><p>They have donated by giving credibility to the project by choosing to use it; this in turn increases the number of eyes testing and contributing towards bug fixes and improvements. This is precisely the way that BSD-derived licenses work: the only thing you can expect is acknowledgement, and the only thing you can hope for is patches. To release under a licence which makes no accommodation whatever for financial compensation then write what comes down to a complaint that people aren't paying you is quite unreasonable.</p><p>If it bothers you that Apple, Red Hat, Cisco, Juniper, and Novell aren't sending you a check in the mail, how about you change your license to make them pay: if it is cheaper for them than forking your code, they'll do it.</p><p>I, for one, would much prefer to contribute toward effort on security at the lower levels rather than a single big tunnel. ssh it is almost as obnoxious as nat in this respect. I also got a bad taste from openssh ever since they disabled the "none" encryption - the amateur radio bands do not allow message encryption, but authentication/signing remains acceptable and useful.</p></htmltext>
<tokenext>They have donated by giving credibility to the project by choosing to use it ; this in turn increases the number of eyes testing and contributing towards bug fixes and improvements .
This is precisely the way that BSD-derived licenses work : the only thing you can expect is acknowledgement , and the only thing you can hope for is patches .
To release under a licence which makes no accommodation whatever for financial compensation then write what comes down to a complaint that people are n't paying you is quite unreasonable.If it bothers you that Apple , Red Hat , Cisco , Juniper , and Novell are n't sending you a check in the mail , how about you change your license to make them pay : if it is cheaper for them than forking your code , they 'll do it.I , for one , would much prefer to contribute toward effort on security at the lower levels rather than a single big tunnel .
ssh it is almost as obnoxious as nat in this respect .
I also got a bad taste from openssh ever since they disabled the " none " encryption - the amateur radio bands do not allow message encryption , but authentication/signing remains acceptable and useful .</tokentext>
<sentencetext>They have donated by giving credibility to the project by choosing to use it; this in turn increases the number of eyes testing and contributing towards bug fixes and improvements.
This is precisely the way that BSD-derived licenses work: the only thing you can expect is acknowledgement, and the only thing you can hope for is patches.
To release under a licence which makes no accommodation whatever for financial compensation then write what comes down to a complaint that people aren't paying you is quite unreasonable.If it bothers you that Apple, Red Hat, Cisco, Juniper, and Novell aren't sending you a check in the mail, how about you change your license to make them pay: if it is cheaper for them than forking your code, they'll do it.I, for one, would much prefer to contribute toward effort on security at the lower levels rather than a single big tunnel.
ssh it is almost as obnoxious as nat in this respect.
I also got a bad taste from openssh ever since they disabled the "none" encryption - the amateur radio bands do not allow message encryption, but authentication/signing remains acceptable and useful.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433604</id>
	<title>Re:No X.509 certificateds?</title>
	<author>Anonymous</author>
	<datestamp>1268232540000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p><div class="quote"><p>Why can't they use X.509 certificates like everybody else does? Are they too complex for SSH? Why no smart card support for those really secure connections?</p></div><p>Because X.509 is a huge complicated mess, and the OpenSSH (and OpenBSD) devs like simple things that can be easily checked for bugs and holes.</p><p>There are third-party patches if you're interested though:</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; http://www.roumenpetrov.info/openssh/</p><p>Some PKCS#11 patches as well:</p><p>
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; http://sites.google.com/site/alonbarlev/openssh-pkcs11</p><p>Generally the Open... folks are developing to scratch their own itch, and probably feel that these features are overkill (and IMHO they probably are for most people). Of course they use the BSD license, so you're free to fork and patch to your heart's content.</p></div>
	</htmltext>
<tokenext>Why ca n't they use X.509 certificates like everybody else does ?
Are they too complex for SSH ?
Why no smart card support for those really secure connections ? Because X.509 is a huge complicated mess , and the OpenSSH ( and OpenBSD ) devs like simple things that can be easily checked for bugs and holes.There are third-party patches if you 're interested though :                 http : //www.roumenpetrov.info/openssh/Some PKCS # 11 patches as well :                 http : //sites.google.com/site/alonbarlev/openssh-pkcs11Generally the Open... folks are developing to scratch their own itch , and probably feel that these features are overkill ( and IMHO they probably are for most people ) .
Of course they use the BSD license , so you 're free to fork and patch to your heart 's content .</tokentext>
<sentencetext>Why can't they use X.509 certificates like everybody else does?
Are they too complex for SSH?
Why no smart card support for those really secure connections?Because X.509 is a huge complicated mess, and the OpenSSH (and OpenBSD) devs like simple things that can be easily checked for bugs and holes.There are third-party patches if you're interested though:
                http://www.roumenpetrov.info/openssh/Some PKCS#11 patches as well:
                http://sites.google.com/site/alonbarlev/openssh-pkcs11Generally the Open... folks are developing to scratch their own itch, and probably feel that these features are overkill (and IMHO they probably are for most people).
Of course they use the BSD license, so you're free to fork and patch to your heart's content.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431374</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>Ponga</author>
	<datestamp>1268217600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Hmm. I too use SSH tunnel for port redirection to a remote http proxy, but I've never had to set the FF flag you mention as my FF DNS queries go through the proxy "out of the box" - that's my understanding of how a SOCKS compatible proxy should work. Am I wrong here?</htmltext>
<tokenext>Hmm .
I too use SSH tunnel for port redirection to a remote http proxy , but I 've never had to set the FF flag you mention as my FF DNS queries go through the proxy " out of the box " - that 's my understanding of how a SOCKS compatible proxy should work .
Am I wrong here ?</tokentext>
<sentencetext>Hmm.
I too use SSH tunnel for port redirection to a remote http proxy, but I've never had to set the FF flag you mention as my FF DNS queries go through the proxy "out of the box" - that's my understanding of how a SOCKS compatible proxy should work.
Am I wrong here?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433412</id>
	<title>Re:SFTP improvements</title>
	<author>beav007</author>
	<datestamp>1268230620000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Sounds great, but I think I'll wait for the Debian-approved version.</htmltext>
<tokenext>Sounds great , but I think I 'll wait for the Debian-approved version .</tokentext>
<sentencetext>Sounds great, but I think I'll wait for the Debian-approved version.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31438080</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>pnutjam</author>
	<datestamp>1268325180000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Thank you, that is very is very good to know.  I didn't know you could get around the DNS issue for a SOCKS proxy.<br> <br>
I went ahead and set up my home server for NX (nomachine) and I run a firefox window on my desktop that is really on my server.  Bonus is I can disconnect it and reconnect it.  It will still be where I left it.  The firewall here blocks most ports other then the standards, 22 is open and NX has no problems</htmltext>
<tokenext>Thank you , that is very is very good to know .
I did n't know you could get around the DNS issue for a SOCKS proxy .
I went ahead and set up my home server for NX ( nomachine ) and I run a firefox window on my desktop that is really on my server .
Bonus is I can disconnect it and reconnect it .
It will still be where I left it .
The firewall here blocks most ports other then the standards , 22 is open and NX has no problems</tokentext>
<sentencetext>Thank you, that is very is very good to know.
I didn't know you could get around the DNS issue for a SOCKS proxy.
I went ahead and set up my home server for NX (nomachine) and I run a firefox window on my desktop that is really on my server.
Bonus is I can disconnect it and reconnect it.
It will still be where I left it.
The firewall here blocks most ports other then the standards, 22 is open and NX has no problems</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431318</id>
	<title>Re:SFTP improvements</title>
	<author>Torrance</author>
	<datestamp>1268217300000</datestamp>
	<modclass>Funny</modclass>
	<modscore>2</modscore>
	<htmltext><p> <em>- Implement tab-completion of commands, local and remote filenames</em> </p><p>Well thank frak.</p></htmltext>
<tokenext>- Implement tab-completion of commands , local and remote filenames Well thank frak .</tokentext>
<sentencetext> - Implement tab-completion of commands, local and remote filenames Well thank frak.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434418</id>
	<title>SFTP and FTPS are different</title>
	<author>Anonymous</author>
	<datestamp>1268241120000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>1</modscore>
	<htmltext><p><div class="quote"><p>SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.</p></div><p>FTP over a secured link is <b>FTPS</b> (FTP over SSL/TLS), which is distinct from <b>SFTP</b> (SSH file transfer protocol).</p><p><a href="http://en.wikipedia.org/wiki/Ftps" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/Ftps</a> [wikipedia.org]<br><a href="http://en.wikipedia.org/wiki/SSH\_file\_transfer\_protocol" title="wikipedia.org" rel="nofollow">http://en.wikipedia.org/wiki/SSH\_file\_transfer\_protocol</a> [wikipedia.org]</p><p>Performance note:</p><p>FTPS can stream files at full TCP speeds, while most SFTP implementations suffer from the SSH and SFTP protocol performance problems caused by having small application-level window and packet sizes (often 32 to 64KB) and requiring a fixed set of packets to be acknowledged before the next bunch is sent.</p><p>For details, see section 6.2, "The SSHv2 and SFTP Performance Handbrake" in <a href="http://www.cs.auckland.ac.nz/~pgut001/pubs/app\_sec.pdf" title="auckland.ac.nz" rel="nofollow">http://www.cs.auckland.ac.nz/~pgut001/pubs/app\_sec.pdf</a> [auckland.ac.nz]<br>and pages 27 to 30 in <a href="http://fasterdata.es.net/talks/Tierney-tutorial.pdf" title="es.net" rel="nofollow">http://fasterdata.es.net/talks/Tierney-tutorial.pdf</a> [es.net].</p></div>
	</htmltext>
<tokenext>SFTP is not FTP over SSH if you did not understand , it is a proper FTP that happens to run over a secured link.FTP over a secured link is FTPS ( FTP over SSL/TLS ) , which is distinct from SFTP ( SSH file transfer protocol ) .http : //en.wikipedia.org/wiki/Ftps [ wikipedia.org ] http : //en.wikipedia.org/wiki/SSH \ _file \ _transfer \ _protocol [ wikipedia.org ] Performance note : FTPS can stream files at full TCP speeds , while most SFTP implementations suffer from the SSH and SFTP protocol performance problems caused by having small application-level window and packet sizes ( often 32 to 64KB ) and requiring a fixed set of packets to be acknowledged before the next bunch is sent.For details , see section 6.2 , " The SSHv2 and SFTP Performance Handbrake " in http : //www.cs.auckland.ac.nz/ ~ pgut001/pubs/app \ _sec.pdf [ auckland.ac.nz ] and pages 27 to 30 in http : //fasterdata.es.net/talks/Tierney-tutorial.pdf [ es.net ] .</tokentext>
<sentencetext>SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.FTP over a secured link is FTPS (FTP over SSL/TLS), which is distinct from SFTP (SSH file transfer protocol).http://en.wikipedia.org/wiki/Ftps [wikipedia.org]http://en.wikipedia.org/wiki/SSH\_file\_transfer\_protocol [wikipedia.org]Performance note:FTPS can stream files at full TCP speeds, while most SFTP implementations suffer from the SSH and SFTP protocol performance problems caused by having small application-level window and packet sizes (often 32 to 64KB) and requiring a fixed set of packets to be acknowledged before the next bunch is sent.For details, see section 6.2, "The SSHv2 and SFTP Performance Handbrake" in http://www.cs.auckland.ac.nz/~pgut001/pubs/app\_sec.pdf [auckland.ac.nz]and pages 27 to 30 in http://fasterdata.es.net/talks/Tierney-tutorial.pdf [es.net].
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432614</id>
	<title>Huh..</title>
	<author>Anonymous</author>
	<datestamp>1268224320000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>This morning on Amiga.org: http://www.amiga.org/forums/showthread.php?t=51842</p></htmltext>
<tokenext>This morning on Amiga.org : http : //www.amiga.org/forums/showthread.php ? t = 51842</tokentext>
<sentencetext>This morning on Amiga.org: http://www.amiga.org/forums/showthread.php?t=51842</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435410</id>
	<title>Re:SFTP improvements</title>
	<author>mzs</author>
	<datestamp>1268298120000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>I can't believe how badly slash code munged the script. Here is a link:</p><p><a href="http://home.fnal.gov/~mzs/tips/unix/ssh/stjput" title="fnal.gov">http://home.fnal.gov/~mzs/tips/unix/ssh/stjput</a> [fnal.gov]</p></htmltext>
<tokenext>I ca n't believe how badly slash code munged the script .
Here is a link : http : //home.fnal.gov/ ~ mzs/tips/unix/ssh/stjput [ fnal.gov ]</tokentext>
<sentencetext>I can't believe how badly slash code munged the script.
Here is a link:http://home.fnal.gov/~mzs/tips/unix/ssh/stjput [fnal.gov]</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434998</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430656</id>
	<title>open anus</title>
	<author>Anonymous</author>
	<datestamp>1268214120000</datestamp>
	<modclass>None</modclass>
	<modscore>-1</modscore>
	<htmltext><p>First post</p></htmltext>
<tokenext>First post</tokentext>
<sentencetext>First post</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>Korin43</author>
	<datestamp>1268217600000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>Anonymous SFTP? Maybe I'm missing something, but what's the point of encrypting data when it's all public?</htmltext>
<tokenext>Anonymous SFTP ?
Maybe I 'm missing something , but what 's the point of encrypting data when it 's all public ?</tokentext>
<sentencetext>Anonymous SFTP?
Maybe I'm missing something, but what's the point of encrypting data when it's all public?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431514</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>neiko</author>
	<datestamp>1268218200000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext>I use the same setup here at my work in conjunction with FoxyProxy to conditionally load internal sites without using the SSH tunnel. Very handy stuff!</htmltext>
<tokenext>I use the same setup here at my work in conjunction with FoxyProxy to conditionally load internal sites without using the SSH tunnel .
Very handy stuff !</tokentext>
<sentencetext>I use the same setup here at my work in conjunction with FoxyProxy to conditionally load internal sites without using the SSH tunnel.
Very handy stuff!</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430778</id>
	<title>New, Problematic Protocol Introduced</title>
	<author>jfjfjdk</author>
	<datestamp>1268214720000</datestamp>
	<modclass>Troll</modclass>
	<modscore>-1</modscore>
	<htmltext>Available <a href="http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/PROTOCOL.agent?rev=1.5;content-type=text\%2Fplain" title="openbsd.org" rel="nofollow">here</a> [openbsd.org].

What's missing from this PROTOCOL.agent document?

<ul> <li>Any sign it's been reviewed by competent cryptographers.</li>
<li> Any discussion of weaknesses, implementation errors to avoid, etc.</li>
<li> Any plausible arguments that the extra lines of code needed for X.509 really outweigh the benefits of 22 years of review and practice.</li>
</ul><p>


Use at your own risk.</p></htmltext>
<tokenext>Available here [ openbsd.org ] .
What 's missing from this PROTOCOL.agent document ?
Any sign it 's been reviewed by competent cryptographers .
Any discussion of weaknesses , implementation errors to avoid , etc .
Any plausible arguments that the extra lines of code needed for X.509 really outweigh the benefits of 22 years of review and practice .
Use at your own risk .</tokentext>
<sentencetext>Available here [openbsd.org].
What's missing from this PROTOCOL.agent document?
Any sign it's been reviewed by competent cryptographers.
Any discussion of weaknesses, implementation errors to avoid, etc.
Any plausible arguments that the extra lines of code needed for X.509 really outweigh the benefits of 22 years of review and practice.
Use at your own risk.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431094</id>
	<title>PLEASE NOTE:</title>
	<author>Anonymous</author>
	<datestamp>1268216220000</datestamp>
	<modclass>Redundant</modclass>
	<modscore>-1</modscore>
	<htmltext><p>A brief quote from the home page of the project:</p><p>&gt;</p></div>
	</htmltext>
<tokenext>A brief quote from the home page of the project : &gt;</tokentext>
<sentencetext>A brief quote from the home page of the project:&gt;
	</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654</id>
	<title>Re:Cygwin's package was updated, too</title>
	<author>Anonymous</author>
	<datestamp>1268218800000</datestamp>
	<modclass>Insightful</modclass>
	<modscore>4</modscore>
	<htmltext><p>Yes, you are missing the point.</p><p>FTP is a fucking mess, I hate it, I wish I could kill it today everywhere.  It is a disaster to manage with a firewall.  The horrendous idea of using separate random ports for data connection vs control connections, the active/passive methods, it's is pure evil.</p><p>SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.</p></htmltext>
<tokenext>Yes , you are missing the point.FTP is a fucking mess , I hate it , I wish I could kill it today everywhere .
It is a disaster to manage with a firewall .
The horrendous idea of using separate random ports for data connection vs control connections , the active/passive methods , it 's is pure evil.SFTP is not FTP over SSH if you did not understand , it is a proper FTP that happens to run over a secured link .</tokentext>
<sentencetext>Yes, you are missing the point.FTP is a fucking mess, I hate it, I wish I could kill it today everywhere.
It is a disaster to manage with a firewall.
The horrendous idea of using separate random ports for data connection vs control connections, the active/passive methods, it's is pure evil.SFTP is not FTP over SSH if you did not understand, it is a proper FTP that happens to run over a secured link.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431572</id>
	<title>Re:SFTP improvements</title>
	<author>Hatta</author>
	<datestamp>1268218380000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>Why sftp when you can scp?  scp -r has worked fine for recursive transfers, and Bash has been tab completing remote filenames for a while now.</p></htmltext>
<tokenext>Why sftp when you can scp ?
scp -r has worked fine for recursive transfers , and Bash has been tab completing remote filenames for a while now .</tokentext>
<sentencetext>Why sftp when you can scp?
scp -r has worked fine for recursive transfers, and Bash has been tab completing remote filenames for a while now.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31448814</id>
	<title>Re:SFTP improvements</title>
	<author>Anonymous</author>
	<datestamp>1268331900000</datestamp>
	<modclass>None</modclass>
	<modscore>0</modscore>
	<htmltext><p>Why use sftp when you can use rsync?</p></htmltext>
<tokenext>Why use sftp when you can use rsync ?</tokentext>
<sentencetext>Why use sftp when you can use rsync?</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434666</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>sam0737</author>
	<datestamp>1268244240000</datestamp>
	<modclass>None</modclass>
	<modscore>1</modscore>
	<htmltext><p>You know what, that's the same thing I did for getting over the Great Firewall of China with a server outside of the mainland.</p></htmltext>
<tokenext>You know what , that 's the same thing I did for getting over the Great Firewall of China with a server outside of the mainland .</tokentext>
<sentencetext>You know what, that's the same thing I did for getting over the Great Firewall of China with a server outside of the mainland.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938</id>
	<title>Cygwin's package was updated, too</title>
	<author>klui</author>
	<datestamp>1268215560000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>4</modscore>
	<htmltext>The read-only feature of sftp makes it almost a replacement for anonymous ftp. Too bad it appears to be a global setting.</htmltext>
<tokenext>The read-only feature of sftp makes it almost a replacement for anonymous ftp .
Too bad it appears to be a global setting .</tokentext>
<sentencetext>The read-only feature of sftp makes it almost a replacement for anonymous ftp.
Too bad it appears to be a global setting.</sentencetext>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431022</id>
	<title>Re:New, Problematic Protocol Introduced</title>
	<author>Anonymous</author>
	<datestamp>1268215860000</datestamp>
	<modclass>Informativ</modclass>
	<modscore>3</modscore>
	<htmltext>No X.509 certificates are used. Please study the changes before you comment based on false assumptions.

Also, the agent protocol exists for quite a while now, it is not new.</htmltext>
<tokenext>No X.509 certificates are used .
Please study the changes before you comment based on false assumptions .
Also , the agent protocol exists for quite a while now , it is not new .</tokentext>
<sentencetext>No X.509 certificates are used.
Please study the changes before you comment based on false assumptions.
Also, the agent protocol exists for quite a while now, it is not new.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430778</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432052</id>
	<title>Re:Thank you Open SSH devs</title>
	<author>overlordofmu</author>
	<datestamp>1268220720000</datestamp>
	<modclass>Interestin</modclass>
	<modscore>3</modscore>
	<htmltext>In my case, they block YouTube with a bogus DNS resolution.  Internal DNS gives a intranet IP address (which gives a default intranet page) and my home server DNS gives the correct IP address(es).  I tested this again, just now, and YouTube only works for me with that setting ("network.proxy.socks\_remote\_dns" as true) and is blocked if it is changed to false (which I believe is the default).<br> <br>
I am using Firefox version 3.5.8, 32-bit, for x86.<br> <br>
It seems, within Firefox itself, that your DNS queries with SOCKS 5 proxies still use the system default DNS and not the proxy DNS, but I could not say for sure without testing your machine.  In my case, I am certain that Firefox is using the system DNS unless I change this setting from its default in Firefox.  (I am certain because I just tested it 5 minutes ago.) Also, YouTube works without a proxy if I use the OpenDNS.org DNS servers in my Windows TCP/IP settings.  (But then no intranet DNS queries work because OpenDNS knows nothing of our 10.*.*.* intranet.)<br> <br>
Again, I am only speculating, but please consider than your DNS queries are not being proxied and are evidence of where you surf even if your traffic is SSHed.<br> <br>
A final note, when I am really feeling paranoid about my surfing there is the AES 256-bit loopback block device that hold a Linux install on the work laptop.  That way, there is no browser history to be searched by corporate.  Hell, there is no Linux to be found; it looks like a whole partition of garbage without the decryption keys.  It won't boot without them.  However, I am developing for Windows on Windows, so the Linux boots are a rarity these days.</htmltext>
<tokenext>In my case , they block YouTube with a bogus DNS resolution .
Internal DNS gives a intranet IP address ( which gives a default intranet page ) and my home server DNS gives the correct IP address ( es ) .
I tested this again , just now , and YouTube only works for me with that setting ( " network.proxy.socks \ _remote \ _dns " as true ) and is blocked if it is changed to false ( which I believe is the default ) .
I am using Firefox version 3.5.8 , 32-bit , for x86 .
It seems , within Firefox itself , that your DNS queries with SOCKS 5 proxies still use the system default DNS and not the proxy DNS , but I could not say for sure without testing your machine .
In my case , I am certain that Firefox is using the system DNS unless I change this setting from its default in Firefox .
( I am certain because I just tested it 5 minutes ago .
) Also , YouTube works without a proxy if I use the OpenDNS.org DNS servers in my Windows TCP/IP settings .
( But then no intranet DNS queries work because OpenDNS knows nothing of our 10. * . * .
* intranet .
) Again , I am only speculating , but please consider than your DNS queries are not being proxied and are evidence of where you surf even if your traffic is SSHed .
A final note , when I am really feeling paranoid about my surfing there is the AES 256-bit loopback block device that hold a Linux install on the work laptop .
That way , there is no browser history to be searched by corporate .
Hell , there is no Linux to be found ; it looks like a whole partition of garbage without the decryption keys .
It wo n't boot without them .
However , I am developing for Windows on Windows , so the Linux boots are a rarity these days .</tokentext>
<sentencetext>In my case, they block YouTube with a bogus DNS resolution.
Internal DNS gives a intranet IP address (which gives a default intranet page) and my home server DNS gives the correct IP address(es).
I tested this again, just now, and YouTube only works for me with that setting ("network.proxy.socks\_remote\_dns" as true) and is blocked if it is changed to false (which I believe is the default).
I am using Firefox version 3.5.8, 32-bit, for x86.
It seems, within Firefox itself, that your DNS queries with SOCKS 5 proxies still use the system default DNS and not the proxy DNS, but I could not say for sure without testing your machine.
In my case, I am certain that Firefox is using the system DNS unless I change this setting from its default in Firefox.
(I am certain because I just tested it 5 minutes ago.
) Also, YouTube works without a proxy if I use the OpenDNS.org DNS servers in my Windows TCP/IP settings.
(But then no intranet DNS queries work because OpenDNS knows nothing of our 10.*.*.
* intranet.
) 
Again, I am only speculating, but please consider than your DNS queries are not being proxied and are evidence of where you surf even if your traffic is SSHed.
A final note, when I am really feeling paranoid about my surfing there is the AES 256-bit loopback block device that hold a Linux install on the work laptop.
That way, there is no browser history to be searched by corporate.
Hell, there is no Linux to be found; it looks like a whole partition of garbage without the decryption keys.
It won't boot without them.
However, I am developing for Windows on Windows, so the Linux boots are a rarity these days.</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431374</parent>
</comment>
<comment>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434078</id>
	<title>Re:Please note:</title>
	<author>Anonymous</author>
	<datestamp>1268237340000</datestamp>
	<modclass>Funny</modclass>
	<modscore>3</modscore>
	<htmltext><p><div class="quote"><p>A brief quote from the project's home page:<br>Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor. This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors. In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).</p><p>So go and DONATE, as i've just done.</p></div><p>Okay, we get it Theo.</p></div>
	</htmltext>
<tokenext>A brief quote from the project 's home page : Please take note of our Who uses it page , which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor .
This list specifically includes companies like Cisco , Juniper , Apple , Red Hat , and Novell ; but probably includes almost all router , switch or unix-like operating system vendors .
In the 10 years since the inception of the OpenSSH project , these companies have contributed not even a dime of thanks in support of the OpenSSH project ( despite numerous requests ) .So go and DONATE , as i 've just done.Okay , we get it Theo .</tokentext>
<sentencetext>A brief quote from the project's home page:Please take note of our Who uses it page, which list just some of the vendors who incorporate OpenSSH into their own products -- as a critically important security / access feature -- instead of writing their own SSH implementation or purchasing one from another vendor.
This list specifically includes companies like Cisco, Juniper, Apple, Red Hat, and Novell; but probably includes almost all router, switch or unix-like operating system vendors.
In the 10 years since the inception of the OpenSSH project, these companies have contributed not even a dime of thanks in support of the OpenSSH project (despite numerous requests).So go and DONATE, as i've just done.Okay, we get it Theo.
	</sentencetext>
	<parent>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190</parent>
</comment>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_20</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432314
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_23</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435410
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434998
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431514
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_11</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432652
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_24</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434808
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435742
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431022
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430778
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_21</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432060
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431572
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_15</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434078
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434418
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434360
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_25</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433412
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_19</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31436604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432678
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431318
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_13</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435234
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_12</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432150
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431658
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_8</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433604
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_17</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433874
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_16</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31438080
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434028
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_9</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31448814
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_10</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433556
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_14</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431640
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_18</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434666
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_22</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435872
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
</commentlist>
</thread>
<thread>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#thread_10_03_10_200256_26</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432052
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431374
http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
</commentlist>
</thread>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.6</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430758
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431572
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432060
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434998
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435410
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431318
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433412
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31448814
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.0</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432374
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435234
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432678
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.7</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430938
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431382
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431654
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434360
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433556
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434418
---http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435872
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431658
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434028
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.4</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431190
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31433874
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31436604
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432150
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434078
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434808
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.5</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430778
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431022
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31435742
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.2</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31430786
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.3</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431078
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432652
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31438080
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431640
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432314
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431374
--http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31432052
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431514
-http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31434666
</commentlist>
</conversation>
<conversation>
	<id>http://www.semanticweb.org/ontologies/ConversationInstances.owl#conversation10_03_10_200256.1</id>
	<commentlist>http://www.semanticweb.org/ontologies/ConversationInstances.owl#comment10_03_10_200256.31431094
</commentlist>
</conversation>
