tor-dev

tor-dev@lists.torproject.org

3581 discussions

Cupcake: browser extension for flash proxies
by Griffin Boyce 04 Jan '13

04 Jan '13

Hi all, Made this extension for Google Chrome to extend the concept of the Flash Proxy, and make it easy for users to create bridges. (and as a result cause a bunch of fairly robust bridges to be made). The concept could be used in addons for FireFox, Opera, or Safari as well, since they all allow processes to run in the background. Benefits: * Allows people to opt-in to becoming flash proxies, rather than current opt-out model * Works in Chrome OS * Takes all guesswork out of making a bridge * Flash proxies made with Cupcake have a substantially longer uptime than those using site visitors * Uses less memory than either Tor BB or Vidalia Source code: https://github.com/glamrock/cupcake Now that I've tested it and it seems to work well, I'd love to get input and suggestions on it. If it's useful, I'll submit it to the Chrome Web Store. Right now it uses the Stanford project site's embed page. If there's much interest in this, I'll switch to a dedicated site since it's maybe not fair to send that many requests to them ^_^; Input, ideas, and tomatoes welcome =) Best, Griffin Boyce -- "What do you think Indians are supposed to look like? What's the real difference between an eagle feather fan and a pink necktie? Not much." ~Sherman Alexie PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine

2 1

want to contribute to tor
by Debamitro Chakraborti 04 Jan '13

04 Jan '13

Hi, I am a C/C++ programmer wanting to dabble in the world of open source. I got to know of Tor and I felt the product is an important one for humanity. I have downloaded, built and run tor and also torsocks. Are there any coding tasks needed in tor at present? Do let me know. Regards, Debamitro Chakraborti -- http://about.me/debamitro

5 5

TorCtl Deprecation and Stem Plans
by Damian Johnson 01 Jan '13

01 Jan '13

Hi all. Just a friendly heads up concerning a couple things going on in our python controller space. The first is that Mike and I have decided to deprecate TorCtl [1] and make it a part of TorFlow (the framework used to support the Bandwidth Authorities and SoaT). The TorCtl codebase has largely been frozen for years out of concern for the stability of the Bandwidth Authorities (which lack any tests). If you're writing scripts or controller applications for Tor then you're encouraged to move to either... * Stem (https://stem.torproject.org/) Library with a similar design to TorCtl, but friendlier APIs and documentation. This has reached feature parity with TorCtl and is still being actively developed, so if there's something it can do to better suit your needs then please let me know! * Txtorcon (https://txtorcon.readthedocs.org/) Twisted controller library written by Meejah, and used in projects like Ooni Probe. Both of these libraries have extensive test suites and are being very actively maintained. ======================================== The second part are my plans regarding Stem. As of early December we've reached feature completion, covering just about everything in the control-spec and dir-spec. Next up is migrating our controllers. So far we've moved arm [2] (the largest python controller we have) and the consensus-tracker [3]. Other controllers we have queued up to move are TorBEL, Tor Weather, and the control interpretor. I've avoided making an initial release announcement for stem because until we have actual users of the library we won't be sure that we nailed a nice, intuitive API (and hence, can't promise that it'll be frozen). On reflection this is letting the perfect be the enemy of the good. Stem's API is unlikely to change substantially, and holding off on an initial release poses a chicken-and-egg situation. Users want a frozen API before using stem, but we need users before feeling confident enough to lock down the API. So here's what I propose. For the next couple months stem will have an open beta. If you'd like to have input on the future of our python controller space then please give Stem a try and tell me the following... * What pain points did you encounter? Is there anything that you'd like to see changed or that we're missing? * If your project is public then please tell me where I can find your code. I'll review it, both to suggest improvements and see how we can tweak stem to better suit your needs. In the unlikely event we make a backward incompatible change I'll check with the beta participants to be sure we don't break anyone (and submit fixes if we do). Thoughts? -Damian PS. Many thanks to Ravi, Sean, Eoin, Beck, Erik, Megan, Sathyanarayanan, and everyone else who has helped stem get to this point. Happy New Year! [1] https://gitweb.torproject.org/pytorctl.git [2] http://www.atagar.com/arm/ [3] https://gitweb.torproject.org/atagar/tor-utils.git/blob/HEAD:/consensusTrac…

3 3

Damian's Status Report - December 2012
by Damian Johnson 01 Jan '13

01 Jan '13

Hi all. Between the holidays and being oncall for work I didn't have very high hopes for December. However, by the time the dust settled it turned out to be a surprisingly productive month. Projects included... * Finishing stem support for event handling. This was the last major feature we were missing before having feature parity with TorCtl. * Ported arm and the consensus-tracker to stem [1][2]. The arm migration went surprisingly smoothly, but there's still a lot of cleanup work left to do here. Ideally arm will be a far simpler codebase now that it doesn't need a wrapper module around the controller. * Moved stem's site to "https://stem.torproject.org/". [3] * Smaller things include... * finally fixed the periodic freezes in arm [4] * uniform support for a default response in Controller getters [5] * vastly improved performance and memory usage for the ExitPolicy class * expansions for descriptor handling [6][7][8] * extend_circuit(), attach_stream(), and get_circuits() support (patches by Ravi) [9][10] * TAKEOWNERSHIP support (thanks to Lunar^ for the initial patch) [11] * fixed a bug where circuit/stream ids were sometimes ints (caught by Lunar^) [12] * added a post-authentication hook so event listeners can be reattached to Tor * several OPW discussions with Marina (we didn't get any substantial applications) * added flash proxy and txtorcon to the volunteer page, and made lots of general revisions [13][14][15] * discussed TorCtl deprecation with Mike and made the announcement [16] * Besides this, Sean Robinson has been submitting an absurd number of fixes, improvements, and code reviews of his own. Many thanks! * version pre-requirement checks for events and tests [17] * testing expansion for malformed events [18] * close_stream() method [19] * STREAM_BW event handling [20] * testing util expansion to make it easier to test client use cases [21] * get_socks_listeners() method and related mocking changes [22] * ... and many, many more [23][24][25][26][27][28][29][30][31][32][33][34][35] Cheers! -Damian [1] https://gitweb.torproject.org/arm.git/commitdiff/ca6026c?hp=d83f1ad [2] https://gitweb.torproject.org/atagar/tor-utils.git/commitdiff/2e42c5d [3] https://trac.torproject.org/7324 [4] https://trac.torproject.org/6439 [5] https://trac.torproject.org/7832 [6] https://trac.torproject.org/7354 [7] https://trac.torproject.org/7827 [8] https://trac.torproject.org/7828 [9] https://trac.torproject.org/7653 [10] https://trac.torproject.org/7152 [11] https://trac.torproject.org/7666 [12] https://gitweb.torproject.org/stem.git/commitdiff/6711458be83b2050b058b7528… [13] https://lists.torproject.org/pipermail/tor-commits/2012-December/049737.html [14] https://lists.torproject.org/pipermail/tor-commits/2012-December/050199.html [15] https://lists.torproject.org/pipermail/tor-commits/2012-December/051059.html [16] https://blog.torproject.org/blog/torctl-deprecation-and-stem-plans [17] https://trac.torproject.org/7674 [18] https://trac.torproject.org/7736 [19] https://trac.torproject.org/7687 [20] https://trac.torproject.org/7616 [21] https://trac.torproject.org/7693 [22] https://trac.torproject.org/7784 [23] https://trac.torproject.org/7617 [24] https://trac.torproject.org/7673 [25] https://trac.torproject.org/7672 [26] https://trac.torproject.org/7686 [27] https://trac.torproject.org/7688 [28] https://trac.torproject.org/7735 [29] https://trac.torproject.org/7741 [30] https://trac.torproject.org/7778 [31] https://trac.torproject.org/7779 [32] https://trac.torproject.org/7328 [33] https://lists.torproject.org/pipermail/tor-dev/2012-December/004240.html [34] https://lists.torproject.org/pipermail/tor-dev/2012-December/004271.html [35] https://lists.torproject.org/pipermail/tor-dev/2012-December/004306.html

1 0

Fwd: [Wikitech-l] Can we help Tor users make legitimate edits?
by Zack Weinberg 31 Dec '12

31 Dec '12

The author asked me to forward this message to tor-dev. I can vouch for their personal interest in making something happen here and their being in a position of ability to do so from Wikimedia's end. Replies should go to wikitech-l and/or the author as well as here. It looks like there was quite a bit of a thread there already: http://lists.wikimedia.org/pipermail/wikitech-l/2012-December/065345.html (note in particular that their primary concern seems to be "sockpuppets" rather than spammers). ---- Begin forwarded message: From: Sumana Harihareswara <sumanah(a)wikimedia.org> To: wikitech-l(a)lists.wikimedia.org Subject: [Wikitech-l] Can we help Tor users make legitimate edits? TL;DR: A few ideas follow on how we could possibly help legit editors contribute from behind Tor proxies. I am just conversant enough with the security problems to make unworkable suggestions ;-), so please correct me, critique & suggest solutions, and perhaps volunteer to help. The current situation: https://en.wikipedia.org/wiki/Wikipedia:Advice_to_users_using_Tor_to_bypass… We generally don't let anyone edit or upload from behind Tor; the TorBlock extension stops them. One exception: a person can create an account, accumulate lots of good edits, and then ask for an IP block exemption, and then use that account to edit from behind Tor. This is unappealing because then there's still a bunch of in-the-clear editing that has to happen first, and because then site functionaries know that the account is going to be making controversial edits (and could possibly connect it to IPs in the future, right?). And right now there's no way to truly *anonymously* contribute from behind Tor proxies; you have to log in. However, since JavaScript delivery is hard for Tor users, I'm not sure how much editing from Tor -- vandalism or legit -- is actually happening. (I hope for analytics on this and thus added it to https://www.mediawiki.org/wiki/Analytics/Dreams .) We know at least that there are legitimate editors who would prefer to use Tor and can't. People have been talking about how to improve the situation for some time -- see http://cryptome.info/wiki-no-tor.htm and https://lists.torproject.org/pipermail/tor-dev/2012-October/004116.html . It'd be nice if it could actually move forward. I've floated this problem past Tor and privacy people, and here are a few ideas: 1) Just use the existing mechanisms more leniently. Encourage the communities (Wikimedia & Tor) to use https://en.wikipedia.org/wiki/Wikipedia:Request_an_account (to get an account from behind Tor) and to let more people get IP block exemptions even before they've made any edits (< 30 people have gotten exemptions on en.wp in 2012). Add encouraging "get an exempt account" language to the "you're blocked because you're using Tor" messaging. Then if there's an uptick in vandalism from Tor then they can just tighten up again. 2) Encourage people with closed proxies to re-vitalize https://en.wikipedia.org/wiki/Wikipedia:WOCP . Problem: using closed proxies is okay for people with some threat models but not others. 3) Look at Nymble - http://freehaven.net/anonbib/#oakland11-formalizing and http://cgi.soic.indiana.edu/~kapadia/nymble/overview.php . It would allow Wikimedia to distance itself from knowing people's identities, but still allow admins to revoke permissions if people acted up. The user shows a real identity, gets a token, and exchanges that token over tor for an account. If the user abuses the site, Wikimedia site admins can blacklist the user without ever being able to learn who they were or what other edits they did. More: https://cs.uwaterloo.ca/~iang/ Ian Golberg's, Nick Hopper's, and Apu Kapadia's groups are all working on Nymble or its derivatives. It's not ready for production yet, I bet, but if someone wanted a Big Project.... 3a) A token authorization system (perhaps a MediaWiki extension) where the server blindly signs a token, and then the user can use that token to bypass the Tor blocks. (Tyler mentioned he saw this somewhere in a Bugzilla suggestion; I haven't found it.) 4) Allow more users the IP block exemption, possibly even automatically after a certain number of unreverted edits, but with some kind of FlaggedRevs integration; Tor users can edit but their changes have to be reviewed before going live. We could combine this with (3); Nymble administrators or token-issuers could pledge to review edits coming from Tor. But that latter idea sounds like a lot of social infrastructure to set up and maintain. Thoughts? Are any of you interested in working on this problem? #tor on the OFTC IRC server is full of people who'd be interested in talking about this. -- Sumana Harihareswara Engineering Community Manager Wikimedia Foundation

2 1

Xeronet's torrc
by Nathan Freitas 31 Dec '12

31 Dec '12

I was just made aware of this "advanced" torrc configuration below. Any comments on it, from a client-only/mobile device perspective? I can understand how it might deanonymize you, but it might be a trade-off that users seeking fast circumvention only may want to make. http://xeronet.primeoptic.net/tor/torrc.php *** Advanced Torrc Settings - Did You Edit The Config ? This is a working example of an advanced configuration for use with the Tor Browser Bundle. N.B. Vidalia will show the following 'warning' message if you use this Torrc file and specifically StrictNodes 1 : "You have asked to exclude certain relays from all positions in your circuits. Expect hidden services and other Tor features to be broken in unpredictable ways." If something is broken or you cannot connect, your should set StrictNodes to 0 again. If you don't want to see warning messages the you can always switch them off in Vidalia > Messages > Options. xeronet Torrc - v1.4 - 12/12/2012 - Download ... 'Save As'. This file can be used to replace the existing Torrc file in your Tor Browser Bundle > Data > Tor The idea is to make Tor faster and safer for regular internet browsing and it does work ! How does it work ? Well, Tor works just great 'out-of-the-box', however, by tweaking settings and controlling how Tor connects to its own network we can improve on privacy and security. (1) Block 'Bad' Exit Nodes using: ExcludeNodes 'Bad' Exit Nodes are flagged in red here: http://torstatus.blutmagie.de N.B. torstatus.blutmagie.de will probably load very slowly in your web browser and might even appear to 'freeze' ! It contains a lot of 'live' data. Be patient and it will load up OK. (2) Block 'problematic' internet countries using: ExcludeNodes 'problematic' internet countries can be found here: http://map.opennet.net and here: https://wikipedia.org/wiki/Internet_censorship_by_country N.B. The 'default' list of blocked Countries has been selected by including those Countries using Pervasive and Substantial blocking of Internet Tools and Political, Social, Conflict and/or Security website filtering... You have lots of Tor servers to choose from... Why should you use a Tor server in a country that heavily filters its own citizens or perhaps even worse... (Don't worry - In doing this you will not be preventing access to the Tor network from users in these Countries.) Recommended: 'problem' internet countries Block List: Afghanistan, Algeria, Armenia, Argentina, Azerbaijan, Bangladesh, Belarus, Burma, China, Colombia, Cuba, Egypt, Eritrea, Ethiopia, Gambia, Georgia, Ghana, Guatemala, India, Indonesia, Iraq, Iran, Israel, Jordan, Kazakhstan, Kuwait, Kyrgyzstan, Laos, Lebanon, Libya, Macau, Malawi, Mali, Malaysia, Mauritania, Mexico, Moldova, Mongolia, Morocco, Nepal, Nigeria, North Korea, Oman, Pakistan, Palestinian Territories, Paraguay, Peru, Philippines, Qatar, Russia, Rwanda, Saudi Arabia, Somalia, South Africa, South Korea, Sudan, Sri Lanka, Syria, Taiwan, Tajikistan, Thailand, Tunisia, Turkey, Turkmenistan, UAE, Uganda, Uzbekistan, Venezuela, Vietnam, Yemen, Zimbabwe. See: https://wikipedia.org/wiki/List_of_Internet_top-level_domains for Country Codes. N.B. You might also consider adding / blocking your own country or location, if it is not already included in the list. This will have obvious benefits in increasing both your privacy and anonymity. Additional: 'slow' internet countries (below 1000 kbps avg.) Avoid List: Angola, Benin, Bolivia, Botswana, Burkina Faso, Burundi, Cameroon, Central African Republic, Chad, Comoros, Republic of the Congo, Democratic Republic of the Congo, Côte d'Ivoire, Djibouti, Equatorial Guinea, Gabon, Guinea, Guinea-Bissau, Guyana, Liberia, Mozambique, Namibia, Niger, Rwanda, Sao Tome and Príncipe, Senegal, Sierra Leone, Swaziland, Tanzania, Uganda, Zambia. See: http://www.akamai.com/stateoftheinternet/ for avg. internet speeds. (3) Block potentially mis-configured servers using: ExcludeNodes Mis-configured nodes might include: default or Unnamed servers etc. (4) Select fast (high bandwidth) Entry servers using: EntryNodes (5) Select fast (high bandwidth) Exit servers using: ExitNodes Fast (high bandwidth) servers can be found here: http://torstatus.blutmagie.de N.B. Servers selected for this example Torrc have been chosen because they are run by individuals or non-profit organizations with an interest or involvement in supporting internet privacy and security, freedom of speech and / or the free software movements i.e. torservers.net, globenet.org, riseup.net, privacyfoundation.ch, privacyfoundation.de, tor.noisebridge.net, fsf.org, team-cymru.org, eff.org and others. (6) Use StrictNodes 1 to enforce the server selection. N.B. "If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a requirement to follow for all the circuits you generate, even if doing so will break functionality for you. If StrictNodes is set to 0, Tor will still try to avoid nodes in the ExcludeNodes list, but it will err on the side of avoiding unexpected errors. Specifically, StrictNodes 0 tells Tor that it is okay to use an excluded node when it is necessary to perform relay reachability self-tests, connect to a hidden service, provide a hidden service to a client, fulfill a .exit request, upload directory information, or download directory information. (Default: 0)" (7) Use FascistFirewall 1 to force port 80 (http) and port 443 (https) access. N.B. "If 1, Tor will only create outgoing connections to ORs running on ports that your firewall allows (defaults to 80 and 443; see FirewallPorts). This will allow you to run Tor as a client behind a firewall with restrictive policies, but will not allow you to run as a server behind such a firewall. If you prefer more fine-grained control, use ReachableAddresses instead." If you choose to do this then make sure that your selected Nodes use port 80 and/or port 443 (8) Use UseEntryGuards 1 for increased security. N.B. "If this option is set to 1, we pick a few long-term entry servers, and try to stick with them. This is desirable because constantly changing servers increases the odds that an adversary who owns some servers will observe a fraction of your paths. (Defaults to 1.)" (9) Use ClientOnly 1 for the Tor Browser Bundle. N.B. "If set to 1, Tor will under no circumstances run as a server or serve directory requests. The default is to run as a client unless ORPort is configured. (Usually, you don’t need to set this; Tor is pretty smart at figuring out whether you are reliable and high-bandwidth enough to be a useful server.) (Default: 0)" (10) Tips: Do add Authority servers to your EntryNodes list. Do add ExitNodes as EntryNodes. Don't add EntryNodes as ExitNodes ! Do block new 'bad' Nodes in ExcludeNodes. Do check the status of the nodes that you have selected on a regular basis. Do find and add new bridge nodes as EnrtyNodes if you require them for access. If you have problems connecting to Tor then changing FascistFirewall to 0 and/or StrictNodes to 0 will probably fix the issue. Do read the Tor Manual: https://www.torproject.org/docs/tor-manual.html > CLIENT OPTIONS Remember: You can view or edit your Torrc file using Notepad.exe or another text editor. This example Torrc file will be updated when necessary, So do check back here occasionally for a new version. Thank you and safe browsing.

2 1

Opt-in model for flash proxy
by David Fifield 28 Dec '12

28 Dec '12

Alexandre recently finished up work adding an opt-in option for flash proxies. Now, clicking on the badge will bring up this page with yes/no buttons: http://crypto.stanford.edu/flashproxy/options.html The default model is still opt-out, though this may change in the future. If you want to make the badge on your site opt-in-only, add the cookierequired query parameter to your iframe, and encourage your visitors to visit the options page. The options work by setting a cookie. <iframe src="//crypto.stanford.edu/flashproxy/embed.html?cookierequired" width="80" height="15" frameborder="0" scrolling="no"></iframe> To summarize, here is what happens if you use cookierequired or not. The only difference is when the user hasn't set a cookie at all. Without cookierequired: no cookie cookie=no cookie=yes Will I be a proxy? yes no yes With cookierequired: no cookie cookie=no cookie=yes Will I be a proxy? no no yes If we switch to opt-in by default in the future, we'll ignore the cookierequired parameter and always use the no/no/yes part of the table. It will also help us switch to opt-in-only if we can get lots of people to opt in in advance. David Fifield

1 0

Brainstorming a Tor censorship analysis tool
by Philipp Winter 26 Dec '12

26 Dec '12

Hi there, Deliverable 6 for sponsor Z says: > 6. Start a tool that a censored developer can run to discover why their Tor is > failing to connect: brainstorm a list of "things to check", and sort them by > how useful they'd be to check / how hard they'd be to build. (#7137) The deliverable is due on Feb. 28, 2013 so we should get started. Some background about the deliverable: The reason for this project is that debugging possible censorship events is tedious right now. We often have no access to machines in censoring countries and we are dependent on users creating packet dumps for us. This tool should speed up and automate this process to some extent. Censored users should run it and the tool should then collect data which should then somehow reach us. I created the following wiki page which should contain all the necessary information: https://censorshipwiki.torproject.org/TorCensorshipAnalyzer Please add/modify stuff and share your opinion. Since there is quite some overlap with OONI, it would be great if the OONI people could give feedback. Cheers, Philipp

5 5

Testing in Tor [was Re: Brainstorming a Tor censorship analysis tool]
by Nick Mathewson 23 Dec '12

23 Dec '12

On Wed, Dec 19, 2012 at 2:29 PM, Simon <simonhf(a)gmail.com> wrote: [...] > Maybe there is no automated testing for any Tor projects? At least a > quick search on the wiki only found [1] which lists possible ways to > test (but was created 7 months ago and apparently not updated since > and collecting dust) and [2] discussing a manual test procedure for > TBB. However, tor-0.2.3.25.tar.gz does reveal some test files but the > source code ratio of production code to test code is not inspiring at > first glance: [...] Be aware that we've also been using 'chutney' and 'experimentor' for integration testing. They supplement coverage a bit, though they need more tests, and each tends to hide certain classes of error. > Tor seems to have good planning compared to most open source projects. > So I would be interested in hearing why testing is apparently 'falling > between the cracks'. Why isn't there just 10 times more test LOC? Not because of any hatred or disapproval of tests--just because nobody's written that 100 kloc of testing code yet. I think that's for two main reasons: * We were in a hurry when we wrote lots of the stuff we wrote. * Large parts of the codebase have been written in a tightly coupled style that needs refactoring before it can be tested without a live Tor network at hand. * Until Tor 0.2.2, our testing framework didn't let us have tests that touched global state, which made our tests in general pretty fragile. > What > about implementing a new policy immediately: Any new production LOC > committed must be covered by tests, or peer reviewed and > democratically excluded? Goodness knows we need more review and testing. It doesn't seem fair to reject patches for lacking test coverage when they are patches to code that itself lacks coverage, though. If you write a 5-line patch to connection_ap_rewrite_and_attach, for instance, you probably shouldn't be on the hook for refactoring the whole function to make it testable, though you will be hard-pressed to write any tests for that monster without a complete refactor. It might be a reasonable goal to try to set a plan for increasing test coverage by a certain percentage with each release. If you like and you have time, it would be cool to stop by the tickets on trac.torproject.org for milestone "Tor: 0.2.4.x-final" in state "needs_review" and look to see whether you think any of them have code that would be amenable to new tests, or to look through currently untested functions and try to figure out how to make more of them tested and testable. yrs, -- Nick

5 20

Stem code review 2012-12-21
by Sean Robinson 22 Dec '12

22 Dec '12

Stem devs, This is a review of Stem commits from 2012-12-11 through 2012-12-21. Damian, you are very good at documentation, concise and informative. I tend to hit one or the other, but not both. I recognize when someone gets the right mix. Good work. I, too, have found logging.basicConfig[0] hides too much about how it works and, now, I roll my own logging handler early. Would GETINFO/GETCONF cache hit logging[1] benefit from log_once? Or even something between log and log_once (e.g. rate_limited_log)? Is there any particular reason for moving away from readthedocs.org? I'm curious if there was more than a desire to self-host as much as possible. Good work on the Controller.get_conf() clean-up[2]. This is easier to code against with the predictable return types. I have already written a new method with this and always getting a list (event empty) reduces the amount of error checking I had to do. The heartbeat time tracking is a good idea[3]. But, I wonder, should this bother with an accessor method? Could this work as just well as an (non-callable) attribute? [0]: https://gitweb.torproject.org/stem.git/commit/a7b275a3d64301da4d23137dbadd4… [1]: https://gitweb.torproject.org/stem.git/commit/9b5ff19be35ebbf8c75772a63406b… [2]: https://gitweb.torproject.org/stem.git/commit/5b45d3125c811067d7c3ba0a11e32… [3]: https://gitweb.torproject.org/stem.git/commit/6bc92816dc4356a204fdde0f160ee… -- Sean Robinson

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-dev