From c4a459a2337c00ad3ffa60568cef53e473b4756c Mon Sep 17 00:00:00 2001
From: Sebastian Florek <Sebastian.Florek@loodse.com>
Date: Thu, 14 May 2020 16:26:22 +0200
Subject: [PATCH] Detect insecure login (#5124)

* Detect insecure login and update documentation

* Regenerate translation files

* Fix travis
---
 docs/user/access-control/README.md            |  73 ++---------
 .../access-control/creating-sample-user.md    |  11 +-
 .../accessing-dashboard/1.6.x-and-below.md    |  90 -------------
 .../accessing-dashboard/1.7.x-and-above.md    | 106 ---------------
 docs/user/accessing-dashboard/README.md       | 123 +++++++++++++++++-
 docs/user/images/dashboard-login-disabled.png | Bin 0 -> 53924 bytes
 docs/user/installation.md                     |   4 -
 i18n/de/messages.de.xlf                       |  22 +++-
 i18n/fr/messages.fr.xlf                       |  22 +++-
 i18n/ja/messages.ja.xlf                       |  22 +++-
 i18n/ko/messages.ko.xlf                       |  22 +++-
 i18n/messages.xlf                             |  16 ++-
 i18n/zh-Hans/messages.zh-Hans.xlf             |  22 +++-
 i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf       |  22 +++-
 i18n/zh-Hant/messages.zh-Hant.xlf             |  22 +++-
 .../common/services/global/authentication.ts  |   8 ++
 src/app/frontend/login/component.spec.ts      |   8 ++
 src/app/frontend/login/component.ts           |   6 +
 src/app/frontend/login/template.html          |  23 ++--
 19 files changed, 327 insertions(+), 295 deletions(-)
 delete mode 100644 docs/user/accessing-dashboard/1.6.x-and-below.md
 delete mode 100644 docs/user/accessing-dashboard/1.7.x-and-above.md
 create mode 100644 docs/user/images/dashboard-login-disabled.png

diff --git a/docs/user/access-control/README.md b/docs/user/access-control/README.md
index 476e1f7f678..5ebbbd878f3 100644
--- a/docs/user/access-control/README.md
+++ b/docs/user/access-control/README.md
@@ -1,48 +1,33 @@
 # Access control
 
-Once Dashboard is installed and accessible we can focus on configuring access control to the cluster resources for users. As of release 1.7 Dashboard no longer has full admin privileges granted by default. All the privileges are revoked and only [minimal privileges granted](#default-dashboard-privileges), that are required to make Dashboard work.
-
-**IMPORTANT:** This note is only directed to people using Dashboard 1.7 and above. In case Dashboard is accessible only by trusted set of people, all with full admin privileges you may want to grant it [admin privileges](#admin-privileges). Note that other applications should not access Dashboard directly as it may cause privileges escalation. Make sure that in-cluster traffic is restricted to namespaces or just revoke access to Dashboard for other applications inside the cluster.
+Once Dashboard is installed and accessible we can focus on configuring access control to the cluster resources for users.
 
 ## Introduction
 
-Kubernetes supports few ways of authenticating and authorizing users. You can read about them [here](https://kubernetes.io/docs/reference/access-authn-authz/authentication/) and [here](https://kubernetes.io/docs/reference/access-authn-authz/authorization/). Authorization is handled by Kubernetes API server. Dashboard only acts as a proxy and passes all auth information to it. In case of forbidden access corresponding warnings will be displayed in Dashboard.
+Kubernetes supports few ways of authenticating and authorizing users.
+You can read about them [here](https://kubernetes.io/docs/reference/access-authn-authz/authentication/) and
+[here](https://kubernetes.io/docs/reference/access-authn-authz/authorization/). Authorization is handled by Kubernetes API server.
+Dashboard only acts as a proxy and passes all auth information to it. In case of forbidden access corresponding warnings will be displayed in Dashboard.
 
 ## Default Dashboard privileges
 
-### v1.7
-
-* `create` and `watch` permissions for secrets in `kube-system` namespace required to create and watch for changes of `kubernetes-dashboard-key-holder` secret.
-* `get`, `update` and `delete` permissions for secrets named `kubernetes-dashboard-key-holder` and `kubernetes-dashboard-certs` in `kube-system` namespace.
-* `proxy` permission to `heapster` service in `kube-system` namespace required to allow getting metrics from heapster.
-
-### v1.8
-
-* `create` permission for secrets in `kube-system` namespace required to create `kubernetes-dashboard-key-holder` secret.
-* `get`, `update` and `delete` permissions for secrets named `kubernetes-dashboard-key-holder` and `kubernetes-dashboard-certs` in `kube-system` namespace.
-* `get` and `update` permissions for config map named `kubernetes-dashboard-settings` in `kube-system` namespace.
-* `proxy` permission to `heapster` service in `kube-system` namespace required to allow getting metrics from heapster.
-
-### v1.10
-
-_T.B.D._
-
-### v2.0
-
-_T.B.D._
+* `get`, `update` and `delete` permissions for Secrets named `kubernetes-dashboard-key-holder`, `kubernetes-dashboard-certs` and `kubernetes-dashboard-csrf` in `kubernetes-dashboard` namespace.
+* `get` and `update` permissions for the Config Map named `kubernetes-dashboard-settings` in `kubernetes-dashboard` namespace.
+* `get` permission for `services/proxy` in order to allow `heapster` and `dashboard-metrics-scraper` services in `kubernetes-dashboard` namespace required to gather metrics.
+* `get`, `list` and `watch` permissions for `metrics.k8s.io` API in order to allow `dashboard-metrics-scraper` to gather metrics from the `metrics-server`.
 
 ## Authentication
 
-As of release 1.7 Dashboard supports user authentication based on:
+Kubernetes Dashboard supports a few different ways of authenticating users:
 
-* [`Authorization: Bearer <token>`](#authorization-header) header passed in every request to Dashboard. Supported from release 1.6. Has the highest priority. If present, login view will not be shown.
+* [Authorization header](#authorization-header) passed in every request to Dashboard. Supported from release 1.6. Has the highest priority. If present, login view will be skipped.
 * [Bearer Token](#bearer-token) that can be used on Dashboard [login view](#login-view).
 * [Username/password](#basic) that can be used on Dashboard [login view](#login-view).
 * [Kubeconfig](#kubeconfig) file that can be used on Dashboard [login view](#login-view).
 
 ### Login view
 
-Login view has been introduced in release 1.7. In case you are using the latest recommended installation then login functionality will be enabled by default. In any other case and if you prefer to configure certificates manually you need to pass `--tls-cert-file` and `--tls-cert-key` flags to Dashboard. HTTPS endpoint will be exposed on port `8443` of Dashboard container. You can change it by providing `--port` flag.
+In case you are using the latest recommended installation then login functionality will be enabled by default. In any other case and if you prefer to configure certificates manually you need to pass `--tls-cert-file` and `--tls-cert-key` flags to Dashboard. HTTPS endpoint will be exposed on port `8443` of Dashboard container. You can change it by providing `--port` flag.
 
 Using `Skip` option will make Dashboard use privileges of Service Account used by Dashboard. `Skip` button is disabled by default since 1.10.1. Use `--enable-skip-login` dashboard flag to display it.
 
@@ -68,42 +53,8 @@ Recommended lecture to find out how to create Service Account and grant it privi
 * [Role and ClusterRole](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole)
 * [Service Account Permissions](https://kubernetes.io/docs/reference/access-authn-authz/rbac/#service-account-permissions)
 
-#### Sample Bearer Token
-
 To create sample user and to get its token, see [Creating sample user](./creating-sample-user.md) guide.
 
-#### Getting token with `kubectl`
-
-There are many Service Accounts created in Kubernetes by default. All with different access permissions. In order to find any token, that can be used to login we'll use `kubectl`:
-
-```
-# Check existing secrets in kubernetes-dashboard namespace
-$ kubectl -n kubernetes-dashboard get secret
-NAME                               TYPE                                  DATA   AGE
-default-token-2pjhm                kubernetes.io/service-account-token   3      81m
-kubernetes-dashboard-certs         Opaque                                0      81m
-kubernetes-dashboard-csrf          Opaque                                1      81m
-kubernetes-dashboard-key-holder    Opaque                                2      81m
-kubernetes-dashboard-token-x9nd8   kubernetes.io/service-account-token   3      81m
-
-$ kubectl -n kubernetes-dashboard describe secrets kubernetes-dashboard-token-x9nd8
-Name:         kubernetes-dashboard-token-x9nd8
-Namespace:    kubernetes-dashboard
-Labels:       <none>
-Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
-              kubernetes.io/service-account.uid: 2140a425-447f-437f-9966-24ab4e57217a
-
-Type:  kubernetes.io/service-account-token
-
-Data
-====
-token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi14OW5kOCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjIxNDBhNDI1LTQ0N2YtNDM3Zi05OTY2LTI0YWI0ZTU3MjE3YSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.oSOjJZpQq-yiAIQWM12gFpVA6jiJz8-zApC0Wbet9iwzflmCVFlT1lWjEEduKMnJOF-viJ4fwLixA3INfCxDgWIBmxEvoA-R6ExQNkmFi4ljGdBX98fI2B4WFuqWIPoEjqf1l3eXHKmXgqbiMYA-UH_Ih4m2-aKKO3dfkmc5HmPP1ZjotCQKGpcq60c1y-SASqbC_FC3LHvp0l5N9bfhAOraNC_34ZlL3zkQ6cAL6mZG8Ci1MuXMHTH9g04QaVZb14f6BAY-K2X-Z5yDpMr4Zs5h6DOc_18sysf4uOVyo0wMXfI9gLsda-e3zX_5W39piBj-PwfBwBGslC_JztTCSQ
-ca.crt:     1066 bytes
-namespace:  20 bytes
-```
-
-We can now use printed `token` to login to Dashboard. To find out more about how to configure and use Bearer Tokens, please read [Introduction](#introduction) section.
-
 ### Basic
 Basic authentication is disabled by default. The reason is that Kubernetes API server needs to be configured with authorization mode ABAC and `--basic-auth-file` flag provided. Without that API server automatically falls back to [anonymous user](https://kubernetes.io/docs/reference/access-authn-authz/authentication/#anonymous-requests) and there is no way to check if provided credentials are valid.
 
diff --git a/docs/user/access-control/creating-sample-user.md b/docs/user/access-control/creating-sample-user.md
index 64a3ac8295c..bfffe9f9565 100644
--- a/docs/user/access-control/creating-sample-user.md
+++ b/docs/user/access-control/creating-sample-user.md
@@ -6,7 +6,7 @@ In this guide, we will find out how to create a new user using Service Account m
 
 For each of the following snippets for `ServiceAccount` and `ClusterRoleBinding`, you should copy them to new manifest files like `dashboard-adminuser.yaml` and use `kubectl apply -f dashboard-adminuser.yaml` to create them.
 
-## Create Service Account
+## Creating a Service Account
 
 We are creating Service Account with name `admin-user` in namespace `kubernetes-dashboard` first.
 
@@ -18,9 +18,10 @@ metadata:
   namespace: kubernetes-dashboard
 ```
 
-## Create ClusterRoleBinding
+## Creating a ClusterRoleBinding
 
-In most cases after provisioning our cluster using `kops` or `kubeadm` or any other popular tool, the `ClusterRole` `cluster-admin` already exists in the cluster. We can use it and create only `ClusterRoleBinding` for our `ServiceAccount`.
+In most cases after provisioning cluster using `kops`, `kubeadm` or any other popular tool, the `ClusterRole` `cluster-admin` already exists in the cluster. We can use it and create only `ClusterRoleBinding` for our `ServiceAccount`.
+If it does not exist then you need to create this role first and grant required privileges manually.
 
 **NOTE:** `apiVersion` of `ClusterRoleBinding` resource may differ between Kubernetes versions. Prior to Kubernetes `v1.8` the `apiVersion` was `rbac.authorization.k8s.io/v1beta1`.
 
@@ -39,7 +40,7 @@ subjects:
   namespace: kubernetes-dashboard
 ```
 
-## Bearer Token
+## Getting a Bearer Token
 
 Now we need to find token we can use to log in. Execute following command:
 
@@ -72,7 +73,7 @@ namespace:  20 bytes
 token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ
 ```
 
-Now copy the token and paste it into `Enter token` field on login screen.
+Now copy the token and paste it into `Enter token` field on the login screen.
 
 ![Sing in](../../images/signin.png)
 
diff --git a/docs/user/accessing-dashboard/1.6.x-and-below.md b/docs/user/accessing-dashboard/1.6.x-and-below.md
deleted file mode 100644
index 37c7702a0cb..00000000000
--- a/docs/user/accessing-dashboard/1.6.x-and-below.md
+++ /dev/null
@@ -1,90 +0,0 @@
-# Accessing Dashboard 1.6.x and below
-
-## `kubectl proxy`
-
-`kubectl proxy` creates proxy server between your machine and Kubernetes API server. By default it is only accessible locally (from the machine that started it).
-
-First let's check if `kubectl` is properly configured and has access to the cluster. In case of error follow [this guide](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to install and set up `kubectl`.
-
-```
-$ kubectl cluster-info
-# Example output
-Kubernetes master is running at https://192.168.30.148:6443
-Heapster is running at https://192.168.30.148:6443/api/v1/namespaces/kube-system/services/heapster/proxy
-KubeDNS is running at https://192.168.30.148:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
-
-To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
-```
-
-Start local proxy server.
-
-```
-$ kubectl proxy
-Starting to serve on 127.0.0.1:8001
-```
-
-Once proxy server is started you should be able to access Dashboard from your browser at: `http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/`.
-
-## NodePort
-
-This way of accessing Dashboard is only recommended for development environments in a single node setup.
-
-Edit `kubernetes-dashboard` service.
-
-```
-$ kubectl -n kube-system edit service kubernetes-dashboard
-```
-
-You should see `yaml` representation of the service. Change `type: ClusterIP` to `type: NodePort` and save file. If it's already changed go to next step.
-
-```
-# Please edit the object below. Lines beginning with a '#' will be ignored,
-# and an empty file will abort the edit. If an error occurs while saving this file will be
-# reopened with the relevant failures.
-#
-apiVersion: v1
-kind: Service
-metadata:
-  creationTimestamp: 2017-09-11T08:00:46Z
-  labels:
-    k8s-app: kubernetes-dashboard
-  name: kubernetes-dashboard
-  namespace: kube-system
-  resourceVersion: "1300"
-  selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
-  uid: 51392867-96c7-11e7-87e0-901b0e532516
-spec:
-  clusterIP: 10.103.169.125
-  externalTrafficPolicy: Cluster
-  ports:
-  - port: 80
-    protocol: TCP
-    targetPort: 9090
-  selector:
-    k8s-app: kubernetes-dashboard
-  sessionAffinity: None
-  type: ClusterIP
-status:
-  loadBalancer: {}
-```
-
-Next we need to check port on which Dashboard was exposed.
-
-```
-$ kubectl -n kube-system get service kubernetes-dashboard
-NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
-kubernetes-dashboard   10.103.169.125   <nodes>       80:32703/TCP   1d
-```
-
-Dashboard has been exposed on a port `32703`. Now you can access it from your browser at: `http://<master-ip>:32703`. `master-ip` can be found by executing `kubectl cluster-info`. Usually it is either `127.0.0.1` or IP of your machine, assuming that you cluster is running directly on the machine, on which these commands are executed.
-
-## API Server
-
-In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: `http(s)://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/`.
-
-## Ingress
-
-Dashboard can be also exposed using Ingress resource. For more information check: https://kubernetes.io/docs/concepts/services-networking/ingress.
-
-----
-_Copyright 2019 [The Kubernetes Dashboard Authors](https://github.com/kubernetes/dashboard/graphs/contributors)_
diff --git a/docs/user/accessing-dashboard/1.7.x-and-above.md b/docs/user/accessing-dashboard/1.7.x-and-above.md
deleted file mode 100644
index 468708798d7..00000000000
--- a/docs/user/accessing-dashboard/1.7.x-and-above.md
+++ /dev/null
@@ -1,106 +0,0 @@
-# Accessing Dashboard 1.7.x and above
-
-**IMPORTANT:** HTTPS endpoints are only available if you used [Recommended Setup](../installation.md#recommended-setup), followed [Getting Started](../../../README.md#getting-started) guide to deploy Dashboard or manually provided `--tls-key-file` and `--tls-cert-file` flags. In case you did not and you access Dashboard over HTTP, then Dashboard can be accessed the same way as [older versions](./1.6.x-and-below.md).
-
-**NOTE:** Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
-
-## `kubectl proxy`
-
-`kubectl proxy` creates proxy server between your machine and Kubernetes API server. By default it is only accessible locally (from the machine that started it).
-
-First let's check if `kubectl` is properly configured and has access to the cluster. In case of error follow [this guide](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to install and set up `kubectl`.
-
-```
-$ kubectl cluster-info
-# Example output
-Kubernetes master is running at https://192.168.30.148:6443
-KubeDNS is running at https://192.168.30.148:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
-
-To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
-```
-
-Start local proxy server.
-
-```
-$ kubectl proxy
-Starting to serve on 127.0.0.1:8001
-```
-
-Once the proxy server is started you should be able to access Dashboard from your browser.
-
-To access the HTTPS endpoint of dashboard go to: `http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/`
-
-NOTE: Dashboard should not be exposed publicly using `kubectl proxy` command as it only allows HTTP connection. For domains other than `localhost` and `127.0.0.1` it will not be possible to sign in. Nothing will happen after clicking `Sign in` button on login page.
-
-## `kubectl port-forward`
-
-Instead of `kubectl proxy`, you can use `kubectl port-forward` and access dashboard with simpler URL than using `kubectl proxy`.
-
-```
-kube@minikube:~$ kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 10443:443
-Forwarding from 127.0.0.1:10443 -> 8443
-```
-
-## NodePort
-
-This way of accessing Dashboard is only recommended for development environments in a single node setup.
-
-Edit `kubernetes-dashboard` service.
-
-```
-$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
-```
-
-You should see `yaml` representation of the service. Change `type: ClusterIP` to `type: NodePort` and save file. If it's already changed go to next step.
-
-```
-# Please edit the object below. Lines beginning with a '#' will be ignored,
-# and an empty file will abort the edit. If an error occurs while saving this file will be
-# reopened with the relevant failures.
-#
-apiVersion: v1
-...
-  name: kubernetes-dashboard
-  namespace: kubernetes-dashboard
-  resourceVersion: "343478"
-  selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
-  uid: 8e48f478-993d-11e7-87e0-901b0e532516
-spec:
-  clusterIP: 10.100.124.90
-  externalTrafficPolicy: Cluster
-  ports:
-  - port: 443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    k8s-app: kubernetes-dashboard
-  sessionAffinity: None
-  type: ClusterIP
-status:
-  loadBalancer: {}
-```
-
-Next we need to check port on which Dashboard was exposed.
-
-```
-$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard
-NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
-kubernetes-dashboard   NodePort   10.100.124.90   <nodes>       443:31707/TCP   21h
-```
-
-Dashboard has been exposed on port `31707 (HTTPS)`. Now you can access it from your browser at: `https://<master-ip>:31707`. `master-ip` can be found by executing `kubectl cluster-info`. Usually it is either `127.0.0.1` or IP of your machine, assuming that your cluster is running directly on the machine, on which these commands are executed.
-
-In case you are trying to expose Dashboard using `NodePort` on a multi-node cluster, then you have to find out IP of the node on which Dashboard is running to access it. Instead of accessing `https://<master-ip>:<nodePort>` you should access `https://<node-ip>:<nodePort>`.
-
-## API Server
-
-In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: `https://<master-ip>:<apiserver-port>/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/`
-
-**Note:** This way of accessing Dashboard is only possible if you choose to install your user certificates in the browser. In example certificates used by kubeconfig file to contact API Server can be used.
-
-## Ingress
-
-Dashboard can be also exposed using Ingress resource. For more information check: https://kubernetes.io/docs/concepts/services-networking/ingress.
-
-----
-_Copyright 2019 [The Kubernetes Dashboard Authors](https://github.com/kubernetes/dashboard/graphs/contributors)_
diff --git a/docs/user/accessing-dashboard/README.md b/docs/user/accessing-dashboard/README.md
index f534cfc42c1..afca827c1aa 100644
--- a/docs/user/accessing-dashboard/README.md
+++ b/docs/user/accessing-dashboard/README.md
@@ -1,11 +1,126 @@
 # Accessing Dashboard
 
-Once Dashboard is installed on your cluster it can be accessed in a few different ways. Note that this document does not describe all possible ways of accessing cluster applications. In case of any error while trying to access Dashboard, please first read our [FAQ](../../common/faq.md) and check [closed issues](https://github.com/kubernetes/dashboard/issues?q=is%3Aissue+is%3Aclosed). In most cases errors are caused by cluster configuration issues.
+Once Dashboard has been installed in your cluster it can be accessed in a few different ways. Note that this document does not describe all possible ways of accessing cluster applications.
+In case of any error while trying to access Dashboard, please first read our [FAQ](../../common/faq.md) and check [closed issues](https://github.com/kubernetes/dashboard/issues?q=is%3Aissue+is%3Aclosed).
+In most cases errors are caused by cluster configuration issues.
 
-Choose version of Dashboard you are using to get information about how to access it:
+## Introduction
+This document only describes the basic ways of accessing Kubernetes Dashboard [Recommended Setup](../installation.md#recommended-setup) deployment. It will also work if you have used recommended setup
+with your custom certificates. If you have decided to follow the [Alternative Setup](../installation.md#alternative-setup) path, then the only difference is that instead of exposing Dashboard over HTTPS, it is exposed over HTTP by default.
+As the alternative setup is recommended for advanced users only, we'll not describe in detail how to use it here.
 
-* [1.7.x and above](1.7.x-and-above.md)
-* [1.6.x and below](1.6.x-and-below.md)
+## `kubectl proxy`
+
+`kubectl proxy` creates a proxy server between your machine and Kubernetes API server. By default, it is only accessible locally (from the machine that started it).
+
+First let's check if `kubectl` is properly configured and has access to the cluster. In case of error follow [this guide](https://kubernetes.io/docs/tasks/tools/install-kubectl/) to install and set up `kubectl`.
+
+```
+$ kubectl cluster-info
+# Example output
+Kubernetes master is running at https://192.168.30.148:6443
+KubeDNS is running at https://192.168.30.148:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
+
+To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
+```
+
+Start local proxy server.
+
+```
+$ kubectl proxy
+Starting to serve on 127.0.0.1:8001
+```
+
+Once the proxy server has been started you should be able to access Dashboard from your browser.
+
+To access the HTTPS endpoint of dashboard go to:
+```bash
+http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
+```
+
+## `kubectl port-forward`
+
+Instead of `kubectl proxy`, you can use `kubectl port-forward` and access dashboard with simpler URL than using `kubectl proxy`.
+
+```bash
+$ kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 8080:443
+```
+
+To access Kubernetes Dashboard go to:
+```bash
+https://localhost:8080
+```
+
+## NodePort
+
+This way of accessing Dashboard is only recommended for development environments in a single node setup.
+
+Edit `kubernetes-dashboard` service.
+
+```
+$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
+```
+
+You should see `yaml` representation of the service. Change `type: ClusterIP` to `type: NodePort` and save file. If it's already changed go to next step.
+
+```
+# Please edit the object below. Lines beginning with a '#' will be ignored,
+# and an empty file will abort the edit. If an error occurs while saving this file will be
+# reopened with the relevant failures.
+#
+apiVersion: v1
+...
+  name: kubernetes-dashboard
+  namespace: kubernetes-dashboard
+  resourceVersion: "343478"
+  selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
+  uid: 8e48f478-993d-11e7-87e0-901b0e532516
+spec:
+  clusterIP: 10.100.124.90
+  externalTrafficPolicy: Cluster
+  ports:
+  - port: 443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    k8s-app: kubernetes-dashboard
+  sessionAffinity: None
+  type: ClusterIP
+status:
+  loadBalancer: {}
+```
+
+Next we need to check port on which Dashboard was exposed.
+
+```
+$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard
+NAME                   TYPE       CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
+kubernetes-dashboard   NodePort   10.100.124.90   <nodes>       443:31707/TCP   21h
+```
+
+Dashboard has been exposed on port `31707 (HTTPS)`. Now you can access it from your browser at: `https://<master-ip>:31707`. `master-ip` can be found by executing `kubectl cluster-info`. Usually it is either `127.0.0.1` or IP of your machine, assuming that your cluster is running directly on the machine, on which these commands are executed.
+
+In case you are trying to expose Dashboard using `NodePort` on a multi-node cluster, then you have to find out IP of the node on which Dashboard is running to access it. Instead of accessing `https://<master-ip>:<nodePort>` you should access `https://<node-ip>:<nodePort>`.
+
+## API Server
+
+In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: `https://<master-ip>:<apiserver-port>/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/`
+
+**Note:** This way of accessing Dashboard is only possible if you choose to install your user certificates in the browser. In example, certificates used by the kubeconfig file to contact API Server can be used.
+
+## Ingress
+
+Dashboard can be also exposed using Ingress resource. For more information check: https://kubernetes.io/docs/concepts/services-networking/ingress.
+
+## Login not available
+If your login view displays below error, this means that you are trying to log in over HTTP and it has been disabled for the security reasons.
+
+Logging in is available only if URL used to access Dashboard starts with:
+  - `http://localhost/...`
+  - `http://127.0.0.1/...`
+  - `https://<domain_name>/...`
+
+![Login disabled](../images/dashboard-login-disabled.png "Login disabled")
 
 ----
 _Copyright 2019 [The Kubernetes Dashboard Authors](https://github.com/kubernetes/dashboard/graphs/contributors)_
diff --git a/docs/user/images/dashboard-login-disabled.png b/docs/user/images/dashboard-login-disabled.png
new file mode 100644
index 0000000000000000000000000000000000000000..a331406ad82082e39d5e283dae6e9d8ce0289c3b
GIT binary patch
literal 53924
zcmc$_WmFtZ*EUK7hmZsd9>Lw6A-KD{Gq}43cL?t8?(Tu$Fu1$B+YAhR<azJh&v*X4
z>-;!pX07S&>0Q-T+v}>`A+pjUs7Sa-FfcHvVxofbFfeal&R=;Tz`gt<yr-t}a(HXc
zFQ$m_^6@}041T%BaS&2<P_Q<3aMrUkf&p4tTN=^W8`v2cS=pOdJDk1g1iTQD{~;2v
zGtzS~wYK`KXliK$W8mgY{h5LJv!$NdXGVHP`ac((3>=&cEOVEY+AuJmVZ;Ra6kXDe
zSDZbh_K3PJK%;Gl(Mb&7rh|XJrxFq%uNOHfucz>unJp@J7|&^#H8Y<p2$u7ePYqrq
z78WfdHe3#O2c1QwE-#n4qa$*5oXt^H&b9-&_qdPJ&OFEL6=iz9Vfer2NBHueADA$<
zbeR7+eYt-0R85A+%NbVr{3W=s&XzA8p^c@K%_0xopaZY{ZRmgREcy<kNRhHfM?LVn
zPY(IxhfknB0b6d5udiPJ?QnCgMD+`1I_~0SWRO&gt`F?K-&@XfY2UYhd+GJ=>LEkI
zL;IaQbuh^zrHg=JQm>Bq@t?u@zkmLKmbq{6Dj5#xBRcw;=&yeVeql^ZN@|Qx4l{n>
zP|3shw?BUud&W>$)jZFse`oOJ36C)pQ8h_b`@g+1yo@-U{O=sUJZZc%8VLS(*!-VF
zv%ddJ4fpZCl>R<%k^UWno^JdSp2cG6r(AQ5nzKas5%zS5XLy1WYxpPSBxPF4F(Q{=
z^C!3;YpYL`J;RtLk!MF;2WplW!JET1RW-)fdt=NL`uJq>E*IR<r7AfKb<eQCU)mt>
zsC34Y!qwU@@zJ?8j6N#PK%c41k7?%x3dH|BI(hi!JD)Li8TG+<DNMO0b+h{^g+eV3
z@x8O0T&@+s40FbAfG*UW!J3jl{WYDL3kDjcIc7kbWzpe@;OL?2LdPw`6=;B<{2vB9
z&b1YM_X&lZAYEh!p?+}wn%u;hf?Wyh_g27ansdsU(g=A=5VEU2k_vI;j<!6?*d&U-
z6r*VL2tV2qT{;bLd7_TXeCF$1M*c_c1I=@cB7E@>*!#K;ngo#k{bj%C=`h-ix5ixs
z00>FJ7F1W8>WFv)R<h<4`YSr^LKQ$xmLR4`U*o7BCu`)waE9Hf>*3iF8g;h_A(BL=
z=K!RYqEma%aj<_AlxEX}CEXuDC(l!$yP-Rr<pnm8T@C!odQMOMu5;~|+La0<2xqws
z|6pPM9Y~*5HGAi2^po;g@b-Ww^brwDnKhh9<t>pTKC&~(x%L)!6Q(Z>FSp@NEjRV2
z*vz(9p!>%-SRz)CACSSE8oloAnn!mVDyTVO*9EC*{)+F)W17NT$m=Mt4jfSX<#V)P
z7PM>AV>{Yo(ee{dGe&NRL0_-Pao9LfXT2ZliN;=Tb1N=T1T&@Z0-yIO&FH}ZkqzRr
z#@b1f{-1j^W3JTW+%m-HL&(afF444F3m@z#ke-8FP45zT&M@4%$NDL_JWIs^Eo^m#
zC8aE2%XRS7+p)AT!;4eZ44iZ?WGV@dRE~-Iz!doa>WSYbuJ1n%2NHb1N0`lDDjZr3
ze78bivQ=DQNQfC7wK?BPmbL@@ILVU}bMvSoSF8+hyFa{IBP2lM-<)^<Ou{R#Dqq;~
zCVjObS5waXc;bSXI?}UK<Z?LKrKjfhH-RcWDKBh=NX>CH%Zhmsg+4lH&w$95Q#+H4
zsLnah78dVPqsQ+(s>WTfKJ;?ouPdmWp(2o5m*qx7ciYabqKrN{%Bb1Xwn8yz%u~wz
zRp(Uwc|Rd=i!X#dzG|z-OX!m<$<4;JsaldXuS1@?b^y~}&Ut5=s81t)5_=o{XlTJx
z@$zJM<OeMRo8Ztrlke1XU*#uLIyC{t9{a&zw9)p722HV9zecA*4%+c;=of`UC?h?d
zJALblOuA2~7>-fLvxX}Rti6GN^4v}(6n4VFsHIH%)9Tm6m;F9AUh_}B!xIqb!fvC%
zp(qe;Ru297bHbX8puI?Sf!Y!O$e~dbCr7(eLpY&!Fq+xIM@O~<9<rP!48;1jtE-h~
zB>4pZ*&cheM0dy!meUG~y<%~wuLtjVNMl$@lN%uPL?pK<T30NWGyq)TF22|m!`hC_
z)L}|^X}Sr9_99C!&&k(mYWGFj6lf&Z^<Yq&PL|VqQfZ(&N%T}7A*y04PZhiCxy4C!
zTFhSR2(>!}B(E%eID4d|)ehIU{sEU?mC^wXW6Y0^kc%6Maq>iFYF7YgTGr$9g45E0
z2Cf@f1tOWh0^68&*LMf{9W6p!vNraGP@~1gGaM=k`WPuQcxlaDOiV|AJi!(jQVB5q
z<9D7>DlG(khQ=a6ki9~FZOpkSZiB&q<&+lL-(jgA!qp(l=LiDH>ah0}D%$FecDfHb
z(cJP~6C^|esf*d%!JD<NAQW`CgiFe<JEGlu>m}~{=l4Qwdaa!AtWmZ~zaa{D5*|I9
zZ@~0>BO2YBLf@4WOiSWxCAC;DD119Ze$2gQ3xT$5=c?*+*J5!qz7@K}XxKZFLAtbJ
z5^>7#{Iw%7vD{)9A{F1JNLRLXUrl}s5PK)CI$jftz8c_otnm<x<9&Ds)VuM`Cc@r;
zs!P{hMHxZ00_0~d<r}L==AwA@?_0J*zR;M=G$MR!KR!@riU|?Xeo7PJo_o!TL9Gkh
zYoKS;<9=fy=7BZrY)@!U%}DWES<ZuXG5M~9Ll)>x9rP7*I^e`qVJ2{&D>^(WAB6Tp
z8~~fVK!J9~RtGeYt(%~OP*V5gerh03%gXb(G*e5eOj(dy(-=)zsxD3#6@S|E9`@OY
zm{#Qu)f-tR3yh|AMOtET6#TMkrSxMrv1cBqL{~?1)ZK^%vHfHBz;6)hffDxYIW*}t
zv&GM#c(Si3nQzDuFQ_w#`dYH$(99bhdK;^}YQ|)|LZxw`**TC_*yP1o!r{a*)PF3~
z#Z!AC_%*VJI@WsnFUV-85(yoq{WWr9wcw+-ceGiCU)B_e!$CzP<KwLh*O7N~xi%<c
zlaeOr@vD5h()ubG8{fU?o3|R*vV}Zg?ssqXmLNp$6y~BaN7aqfC<u{`S+l87$jCB8
z;uZ8MjcPADAvd%YJEL~ZWLxlh>ywj~bXUy})SF3YOh$^O7t5Ja)z>e?De+|Tw}ldt
zx?$eb7pfatV$Vkn_3=n}p8?7Y;<b?iTs>g783m_hY2G$ou1)<|LO=SvFBuCuyz5X3
z3clAGT$r~`oW7a+*LyixPxe$?n6s3!A2GuVbDO+KW2}{V^e!@OO>Yx|*TxV8e!{E^
z>*C8`#Jt8VPJ9u-T!p!eUVNmV*G4g+bBGuIFxrE@SXD!IKokuO16mFa=NEs%FnQm%
zuE&b1rghw*uwfpv7&1&npEs;fG$MT8zQh*h%PKyxU?6ntQ?7_01}%Q%rd^vP62<>m
z(LK<`=o`}XE#)bku+0!D9Rbzil`E(X1<XLHvg(wTmx{s=-O2yawX+U$C$!}Av~LYb
z8B9Qq5<ZSx_dTgpKv)D4vb%&hM@iGCjCd$TZvmJZaB#XzdVrGPSl_1&n*g3cIk8AJ
zQ!C`B?25^ORs6oo7XFUJf?O~6YxiPGMS7aNComb5A_$9=Sk)Kma;hD=%a6=e(yoz2
z6xM&<|64UuYu4t-79XB4m6z1s;^dlbxmcziDM}r@zcBvpE{1i!Fw~tG*B437*?`?)
z$%oLIqsFC<Mr7=_&0|ZTg!4xZC(bRoccxd0iA6uNen?>@NM$}J#5p&-{>bkA&9jSm
zTNxkC@fL$l&kq+B_u8J4*=kpC3D;~0t46Y3M+>g9Qt@M)A|FY7Jthghl1UGG6GYMX
z_5Y*^!QK@rSmX#Vs^1$ALR9GAVr-$W=SjP7lE$BU@?fdt78R9+!DOA))id&mCHO(Y
z(oRs6yn#!3IsZxx0mD#;kPEsWA|H=W9zV#)I*avvxAR(~n5IhJN9qIDB3AXVO|qal
zbj4NEg*w)lH%H{kgSjjv5fFbl2_MjZXRuJklvbWt&%uG8cB%Fni7wojylkrGeQe6Y
z2lS7_w=^=%w~7*9*H@Z8mk$?+lkh&j7Zzm_;he3?6~N=-gsBE?&O3khC5r0H9+W$r
zlt_JcePQm^22PusJYFfutEy^cy~5WK`a*YnLigjNF&Zj4s<xjaA3%;jFbP`s`k9co
ztjeY#CkM<S+q#5ef9-cmTQ2K+|L-X|$i@aDZpYerTJsx%;<XBxQD4Fh?39PjrbF*n
zD#0@2&$tBG$m0C?Q)B@fMDbuZtY!x|{f~}6BG(dlb;kk{@op<6TFB4<Pf2`7`b-`u
zzf`Zc*u5Ti7<hAj<=3Ikl<w_#TDt=dtp&1)2y3nvhckfYZJOmj1ZkHgywLp!(s4_w
zJ+MaiYBTIs$X6Arl!e*0LXKA;aqSw}x*zaLS{5dj=X@H{!(=A`;S=s#Q{}Pf#aB8K
ziqt=Kgb49Ik5*8hP~YT!`H1lmlU$L6?o6d_a|2u$uKK|eL0?sMVUjpHJcuPPy2$7L
zEo^)~?CrMtqu4)bx^}AyWY*76FENAZIV(`mT_ezI-M@6=YV{%nk}4S#?)@F~lX8Xl
zT3OMq;dR|I%1o!!=lf)=7ah~y(FS4I-T9)2^!rlATj+2?F1d+)f;h?L7872R7BW?3
zNqdUG)sMwG&|;phh8Qf(7D}!XO8M4fTC1pZI&g}+a>!OD!A>~mfWJ|LEm3AM8st7)
zk!LIw!vz$fMClN_mx^n{H9Bvf<bhvj07CcHqeV$+-|a<82NbFhif^xz!0cY>3`bN6
zD$dTjsEB7ildRU{|3vZ?*bIS1!l?cw28-sqH5K7dHMS|H`0*n`q+->GwN!{^YLvj=
z$#>3uB!>y$^+pEH5zx4bZyQN+arH<Y=K@21U@B4KbXJV{x}hGEXKak-VRoEx%1-VZ
zS4)<AFgsL#<|Gb`6=Q4YkLo{Ht<IA(Co9=w(q4<{BS2=XFV`wj!P`|F$p7>@2Sa?$
zE(iE~y0D&~hRpb#O;-2@oIC?cJjmKXq1Y9_C;KzaEXgHfPPSAD9`rTstp`IJ3}6hR
zGZxmoFa>UZye>(GR4j~%cb?q~{yq-&4{uVmHPqbWW+x@BG3rO|$@4&@`xqkE)!|RT
zg0DcNu}2AsBVFs#*jAZp$o}>wwE)oH;FJIndsnZ{=yJ>(R+I2t82M++>*>bQiVQ>E
zOOIxd4q%WY|LY)`zGwtNp1BWbaW_@D!Pz5flSS#@Sgwp|a<U~P*G+V}v2Gh2JjfhZ
zG3^x;#)P$_$p7n_?J@H5UjokpXhZQn?{oao9&kLK9ZP%C_CS%DZM8aos5Ky2gF4~o
zCrlDe%i?{LXs2G6%Y*?9P9h1?dD}1KAJY9;w0A74BqR-ctm#l{XL(y8X(S@k;if->
zaJDQtT!jP#eM4h*rd=><)+>7$ws$QM5$W{RF3mA??i{lAvh=50vcK#%zY_s!m?czy
z*_F<lAok$&?fKX}nlR>xBzK|xm8;R;{<JxP#{5??XU=EGRcGUX#K5rZkRk$$BIVTt
z4_n-Kr7#$`&$nr$Mo8;RE6MWO)tc@(JrzGtS5F&MUxM_3$s!xFVQ=W}36iXWoUEFf
z{K!Izcz#*6w5Z`-Wt5sH&rY;&lMO1@n@ya9d}Bz{rY1sU|77<c8c|W0GMa%@=EvvT
z<h^6>{)B{jq?$TaLTPvsT|J;sytosFis{0h^`r8S<018@pf$JdM?W*tw$vaF150*S
zj!01n<Pyc2TtmWu+D;yWDJ|$PJ#QiV`)D4iA&!e4L#_({L-K8lVT}MqL9!q9^`YFe
zdG7vS%4^-fUEERoTbF+I(BV$$X+*c7%r1~abx%|LS*!N#pA>cT#>LX-_4u<s02r2X
z=C+e>dFPv!e32B3mIFQ{lL)LI4GVH7q$D*#M2g&5Di5hU+w-??DJQNm6nje>aXHZx
zLjZfM#N9zO4EeK)OuSfzL3&ChyttMIxUtstPchNm?z?=#>hEI#fe-w>_}iE9<v(};
z(xO3I_gSt0vxM6IQMe4=h`pp|g@n^!(h+h-TPN$csiC`tQbH{CGq(8k6KjSdypej7
z7BmFve^!Pxqgpd28RpG|pSnZSL5LnDI?uoTOoTymlZCE;!-U3MTM}dkhLE@L9lAFe
z2u~xE-0u^nugA>UbwHV<?`;@;r5<!_NU2XCoKDY|Z?)MciUU&)Po22Ear-lLdN^`w
zfP$WQ76jC<2o~pEcD<g1vy{OmrxgX&Q3SJyoP_?pHTqg_@m^~imkHFA?LAjpMuCZm
ziHMl%`fJ^^%f>Hz$x#Q3$NTyith)_zxVR>=d}->h4qV>n=ymsr)+t?0ozevG3n{)g
zgru1nY$b6#BStN9P3FBgJ=d;SAnqd@AphJQeBsI?)BTUX5{xX$;6_%dQ>S5IV7Puz
z);=QrM|}K`D%3>zzgAZXB_t#iDWTt{DorE*i_1Ks|L=gA&p!Wc^S{J${$Di7a=WC~
zoG`2J?d{Eycd+K<`3q(EyGUWg!`|NBs;aB!$QQ#@F=}Ty986jh>;0Dk>U*{-ahJ^P
z_WAGB5#AtT{0ln$`u-aBUt;>7-~S6|p%Bad|JtPM(D8WN<U2|u|Hmd9fu56}E-*t0
zRoUvUEIZ=rSCNI#BhkQrk+l(*d>>!DJM^S#2m{}jkb@57HXM=lQFfT2xGH@~(62Z;
zQz&KZU*qLRVA590(%q>*P=4Tn@2YRYJabu8C~r%-%(r;eWJ?!`%*Om^%Mh6LQxFd1
zB3ii{=`sH6LW$&W65#*d`2SL@rk1#&_y}Bh#6^~Y;qypXMlDuKWxbsWn+Af&*Sa?D
zWSlG`iBt#wj#Y5?MI=3cRS)wVNf=|fDN`5WqvU}OLS{+99?^h#p}tH1YelL`<DnWd
z>V=Pd^_Na+E+}7qGDx*lL$x9OxG-sLBGpHQUKol-4Nu>&?!2RZ9Hy!=)}<wTBL0O!
zo>7|#$?uJ448HTmbg_%tJhcR7-U$|@j8w_ki?mS|y*e*8lWB!>U2tL##VIAKwXm>d
za=+A_JbZ%^G6NHBkvbd1<63ytGe8M5&&837@L#y}>$hfHa(3MJ0_T2$nqeCGZp&Tw
za{h)sY+LshPv6{Fhx>zQ(qZnajJ#-<$KPYb3{3p^RGa(Zk{z1_4F(rUqr}FBHng<V
z+=?*fFIz4$^`leqT3vN`)w}K;gZ3)TCt(r8%WvJsz(=^>pFi<mwhS%};h>T!N8}jv
z95yw(PPKqk(p<8JZNx0MiNY<^{8n|+zW_{EVmk}UmQ2ULR`ij>^k!u6qpnSq>F|Cz
zc!2X@cg2>8*A%V!_n~k*W?Ad}lSl7L<5lng52iAC3pe43V%lu38XUGpTm2|npM+EC
z*f!3dzpY3-4F;o;;aS})yuCaT`PQs#hi?z43_-PVpX&Fh`5Ku~%W6Mh4Y>I@$6&Ed
zt4&;<@~OqoF=&Y1c*2+!IvyB2I;HACzXksI*ARofLp4z`mZfoFe?B4!Zh<5bk;K$U
zUA4AA+R~qo5;AsICTb6~8mWcCl=GJobtYsRQ+K>%A`*}dPR{j?MfZp9!nlY>&EF4z
zc;P2KrswKPwFC7l>Twtg@X}WKbmf2Y<yU}`7CeiUicyqsuL~X1*?lWu_vlCe8hmeR
z{821U2MUSbmj@ir1cJq2yk!^F7-P&UJkLWuOSS+<6~9;5Fw)ld7|-+p8OZPoUnnec
zBHD&;)`4lyMR27GmNT*AReAo!_=CX2$7Y%a%5f8B4vD&d`5XAc-z*C;Jld7;t-f~l
zo+XqRUZzIv8oayBNzVjyGe?LDkx9hq-qt4N_%xfp6jNumK{}mHt%}b__$GRj3H_F4
zJei`Rg70$3buv>{a)15Sz4O3~2wF+}6fdjIhVW4OJ^U!aXa%rM@{g9dsU=A7Q0N>3
zfUh%fJaGq#OE2O|cg^m5TknW>X~7u{tV>DPqYRs|vyOw_neN%F7&PkB`=F3zM4i9=
zzxS4T(QxuaW~6mhT@<-$$QOt<=Jd5i0^OA3i+Te;dA`RiwV|dbooUd{fY)+&x3O7e
z_u|18G%<nEAob|>@yEJ0Qy#C1bDXTn^ycs{8r@2Erp7(bk~mAbAAR%(x6+~G;*Nyq
z1Wwf)@e>ZDqW)Ei$FLWcbrqKIRQxVSKoT>2@gqHZL=6s`ts6o`@?%);^+@jZp_Dro
zU@Mmo0E+`dRjU^gU;dA_G*$sJN)O>q(KM$#do@`i0A<g`k2-5UWo>)E%P`m0O*5Zt
z-`4NR7DPGhB-&=$lL}|MJ-bpr4+MCw-FD4266ic-WNyR;%5p<X{?(Aqz{9~>8==yf
zmwgexQi)=G>+?S7+ZV5h&=vO-P~*|#&HOo#VmJe)%21MFD6wwLR{ifx5TcvcTkonG
z8~Z0GKgNqc54%)ElEaYeOfH@mb;lXWs8(?-pMT;P&e6xjvUtb#7V%~A67%`r0CW-9
z7BlyalvlcH@r*+Qs`Dae>NA(!mjIwK6hAE^?{ejZk8RakeP@Ufm0|kI^JkVq&&VFr
zU)B54TN-~9Mfj=Jme=P6i6On`%Ng8x@l^~BDtb6#|3<bpVH_T}b8%q|Vk(`<l$}iM
z7mOE$?X2H^!x+EutpAN{LmukP(1LtLo>YaT=0ExSd;Z`w_m_ZU2v9m9`SfpJk8idi
zhJk-s=YPK!^Z!XWy%&K;s{5d^zbl8x#@5K}Z8>ivao0DA>12k})54Ndl8VQITW2&d
z*XokB{p7V-QJE#M0yy?MFNsv@vCch|FCG4+67$6N<@Oq*#5H0w=Jd?*`-SuEmC)L)
zi%O}#dp+DWWX(dlt;WNX$Jgmyci{@ZFB3<&!CL*+2_QAtJHHsgP!c*M`ONdd)746R
zZxG0+1?lQ_W5$7sz^yIoI+1}CPbA9=Jd+x3m#L(mhhNBJDRJt;Af1g5)O*Fro8C^{
z50zi6C*66BHfQ9SJEul-DR|SSIu7y-CG_Xj7gY{M5|*0RPM24ilMXF)gm^y=Y|lm{
zJ-ItrS<jax<r+jBDzO~0ob*h`14n1e%NVt=39E}#lmaW7GP$_i5!GnuIwMMwO*OWa
zO+S;>E%4~!N|)gZm2#doH8*ceIWddajjI^1?uKDlH?%>uDwkI4L|!2uEVR*DSy@e+
zj0gPg*YW1MKZLzhGDj1(3~`%61cM+iY`;!BU~<Ry^70Do^nBvIeA2Mq9cRYg8;ANS
z&9fwr3G?zQgHA-Ax+tz6brmYKz7yBl7Qdh_TDEi$vq+^0e1oZM1nsxSJNr~kE*>n`
zYz~=ao|gsaF-D=g%()MqBd$U3sI@v%wT|{C1`gl9X^q&>A2~Yv^n73Q;YI|1;KE7V
zr2(j$$%)bUqf?}#=;C-f_SAB?;~LBCPCI>i%))@LQ~q9tXlR7ZCRRTMK317XRD2H(
zZcag=<-j@c*0z876hpE7fcbDoS<PK(3Ed5n<*~$u`va7OOyhQwo!`15QI>keI>@h;
z>DmfCztRA;*`B>`u>IT)_ndI#3FTG0LZp}j4nL>}X|-UR-x6z;5~Or5B`lbSzv!9n
z<6Pl6Zb$gd(HxV#p}VH`1dHt0BLSq%JG67J8S>EJ4g<WmoBvvuky+yfbxRoCmpIX<
zn|g<&mok$o{e5gfKC6hTq9VbX^9xMcLUYu<`kUlyJuQ4im<q`ZyG*PTW!rTp_m*va
z7=irTECHe@%_VL14H54xvyey!y8Zr+_QnIox@D@RId8S&gVB3l%ihq1l?%xh6H2Bd
zstVSFKFUr8kEM=rJn4<$YKj$q?ff+dN_qR@734(xvdl&kIZZ8z*XxIzJ{|B*)u-o}
zE{(>g#Po^VwzT4eFw7VYiW}>i7%D1rY^mg5?9#ujra!bzK(U=^B1!|0R8-hXS}=1}
zh7ZcPSAT*IcU=7rAP-dz4t+Cn&(DiFPO3%e<hzIB7l|m!q^s@STVHPuX6k7%pCT__
zebM&otvcckB^PP+Ia4@6h0;?#;XT#oQ!!XrwutHu6m%<Eb5WU+*9FFQM*hu){$xC)
zP&fDER;TGh#*_=swS2RDpZhg!>98S7Ft{=<I}c(siMFA%!0#bwQUbE1x?cY&mi|(E
z@ISQx{f<l~nzLUiEJeUM))Hn)lV~~_^$$*yF^~-{ttYl*FPf4or_3FTly!;R5AflE
zL~x7+VyL9Yp<hoSU)2>)N4tTcdQgF@pox;m#Em4{phDtpxh^|Mr%qyt)r`rc5i=KU
zYG{nv`O*cM6)NY{GZgo+-r2q7%l6!@XCm{lSZBNCo&n05={LHX?J2^07p0sUXN5oy
zXzK*W1R8-P;I90^!-#q0iPqjtc_+4>LSUI0yE8lC!Dh@fK2NXRGP(AY3}9Bd<~#+c
zZ9bP2<0P`YXQ0nm(P@j-dxFUlyxa>!6nn7l3W{~k7t^?OJ^)Q!nWx^@xlbC9bhLx*
zhIb@Ey7R?G*WR69lvXBp?ae6bk%Z6(S7f((-RRA_apBmgP1xy<3U6|4C&7;<x7CXM
z32NGZQp|d@b{wt-u6jyWriZc)6rd*7b<g!frCV37XOE5j(dfngG}-yQ^Qfueb=Zkt
zy1@B0H0DUGko<*nxGHB6-gWw)tneLX1Utx`=jm&C0ow6Jn=1)}8c*WRUL!L`LiXu5
zQ;>-~>HIvq&SlxesYUKKPJ&Kx*Xz%hIZxb8%}TkBnG5)6Vgoij3J$nib;in#QiV+J
z;5hK*f}SS8bMf6~;ueTe?ec?p5L;Ivh`-hnczi%HeNHe6xk;X>G$b8L31N%|b1>^T
zbvv{g(t6i8X%22SdAb02QjeCR8-({nK@OhMSnd$}l1`op+0M@~m~Yzl8}|#oSic)3
z(v36r)JPgpboFnwNS{R`sucg@HH*#POc?$QTuOyg0H4^V$u#wCC!9JkO=sc-8rW3M
z#_`3n0U=3p>U{?#6IsYxDrr(Iy@1P2J4k&|>NM|&@l(@m@nSkgUli8C!;agV#M+ak
zCuY`(0>f36wnv6nsvM0uA_B-x*7sBA$;DpZC*CsN<-VIP*$#BCFF*lvN+mN+0RnZF
zvOA@1?RyGOf)zch4!mxS7IVwu6BG3+xQV%1*FDWpmIOTZg%_Jz8O(;!Gfs$1_x&Wb
zh=_-^Q!`y%Wtm&|ccURK=f}PkZ7V=jnTq62tPmcafR>JLsx{jR>NB?e?doq{w3G|Y
z?+)*>PI=0w41k^f`}$Fu4NWIdhEVJ!%3LRTQmizyI1=ceF2aw*H>x;ST;nk~t|Yj6
z7ep)zHKz2<q4`L<Rl?;q5Jzc`SGnFV37@2BpVqk-R1QkTyDNA`?rtg`-h1hZYCu20
z#}L9Y0>=Junkm1dBFVfdk};l$E^g$|dl%}}QZ}Tg<EFPoE|C6-8O&xS4D|3FC3son
zdg|apHb}Le`YVNRD2^PrI!|=)$gAwEBx4)T>`bif`b0K6&$u&CQ#Q?BHL`h*kWp>!
zbC@#)J?<*d*%I^!pE6=pV842$%KVfN;chJ3Xn~H~3U9k@BRkn(WplZ0X~triVufH`
zE)6Yq@#Y|Mz#DB5NQ`aR8_-Z%iAg{;<nLtgR|5Oj!$Z{`#Z2Exe@ZUNdUj+ChC`n{
zKMFssJ6uLNIUvv!cZ-y<zkmT|&SnKzLv*OdXg_ritWocG+8_r#dgVnsA^QQehZTf)
zHLVAJ5-8$U{b+x}yU*JdD0r9t5{-2h2i6wAh2Kz9m47vRQ4RSYZ=J`-F$-%yraT!$
zZnAjbJiU-#r`vSkFeWfDAe{$i^5S(>${g014D&fX&J)c{OoVHfbq+MwTo?q>qU4Sy
zrk>wDN1u{B8}<gpGFduIwvGkfB$~3=a<sB~_&mg7O6u5QEg=akK<6s2i}eL+C*axJ
zvvmRm$}mSiG(ZxKMsh|iAlaxNQVXl^v!3{wO!h<p>QBLAFU!Tv-pcT61mnp84lx40
z&pPiOQV^m{kFW25g9DTJY4pTB!04^Bvh^M`Hu;=6>f6k7;DX4Q1=NCiiGPyK#i_n!
zs=N=A)baTT$5ABu$5LLj07~VZ@<+<gF>Au8x;vvSBchy{Em}Rv4VPY6m#;BKDNYw0
zbiuPXC`DGLIn;`JebKel`-<VdH=SFXGde}7WH*Rqt6g}bzk9^kXmOvGoipyoV;_?h
zSu-@-L=C}kF7t(DKn;c~j}Z17s=`YrAb7T%djD*s;esjrwT@fCQB9y0I(*H!u~CPb
zdzyj!p29ab#7s$!1lJ3(oCxl&egUkU3w%%?&r;GfAP}8QCrOJ=ZN6Bjj7PzLSF0@s
zz@XGPTF7(+j<fAB7FoU#x+Z9g)=xLCo?DBu=9)h@ct(@27jVP%$^`u2m}^hw1)3x*
zj`fZclyNDN_CVr)eVeLDa80Ine8;q=jihiA1AZJ_e8Dxh_CtUk_cO*$mPsKGvA>1)
z1{^%cB9~H0FBXh3iD({qDCim(J+^oAph>6ZFDf_MtA&W7+7uwg>%reGQP`Z$*H&!N
zPolZZ^?~jvG+gZg`>1c`?bikFHr^}R_TSU>@C%)K+`p~81fIWi;tcT_V~m>i-9089
z<p*9)@p-e3Sn!WuK7~smy(60&Zc^V`Xac^8UF=`qbB-Mub5NIwdi-_f+EP0pm>OfN
zb8*>kSSI=VvJIiN@6B&b-YmVj-VKW=v)<5^pn0&p_vUSs@%3hEpk=Z-(HpePuKGP^
zi=_sijve15=1X${*+B>1ROl^v=?+QjNIbj&OQ7Y>dLwEz#bSu%UWFm!BJI}En*poT
z=gXZhrE^~=vPIazRUdRJS4QcWaBYA$^y;2fp*aMdMy+dbfy#)xt)N6=EpI~-9z9J2
z+L0uo)}*OMMz!WuNn^;O2;J4??I9?>_=r^jnw)Py<3Y)@E!kC@XB1_3?1fTzn<3gl
z(b-*GiZyMr9&hH|JaL-bLJAUZ29<&2+@*Ju)=ZYmDH&adb?}qt*jGBD=sx}4euEVV
zIdrig+e5Ee{h43>ybFP1a2!dnV0Y@xZ-=>{>Wns6UYR7`VF8KSGzHL|Jz>9z5N2PV
z&)h#)ug9i<?v3~N#OC_cD)F9OWikS&^rAA!`J7KFpP558QsXO>mg7P(sR|%ROjNRR
z7(&hUwm;<yuNZeiq~#o{;o|@-i{!jo;))nMIgG_hT1JaL<UI|{b6AvTZm6=6LI-iY
z9hRjocdJF*bNR<dlam$VqhrW%@6&UL{VU{FE0@I<+;md)T0Zhek=u(jsF<}VDN-tV
z%HTZCSc{8JHt;*4D7P(9(?4p+>Bmd;w8fv+zQz<nRKU8uR)o;D>DAST4ej?i##uj$
zDq;x9jg43rP7^gLgh+_n+uvyqoyj;tc0AhRE;`%k#rvg==HYcHUrlftJ-^k-U+JAH
zZaj*uS*iQ;5Hl92G~y&>XpSIxDg3l@i&t`62Vk_g(OFCFdIEl^q&6gUcac9o+MUiw
zMRW-4>a;D9|Gd8zx7QLj)Jr-O4`St&whtf7T#+-rJ69C0Xa?T1vaXxw8|Ui{EeNLP
zgz;oKluv$7b|xiR0q#1>wYgVH4^<uwl|>Q`4Y2er$$YRktC6oS0c75MjoX2i;*7cK
z3s%`d`NH*Fx9ror)~dz3RxO7vmJWt}Xjv7Tv976a7$7bbQ}2iklW4V$S&WWGvWHq{
z{z%K5iU6Kgag1l&nvK?_{?hAa+hex%kKAhi$ZgC)yEiSROtHLx*LiRxJ|K4rj}p*x
z2aJ*S<WculC?y{v8d?`_kN@C@OCgZ3_J^%bUdm)j&@0Bcn`>}RC9pK&aN$*cl*nNl
z3t%<;s3wOSv7>}LRE(qJq4?Ha4(DXciv27#(3OH9X2^CRvO8474{?Yk_jrl7By!Sa
zdIBX<GxMp=QYvTy9_4^d>re943XYq&#0gVUMk_LA-!<goEzNCX)9?HUtXm!f;gXNW
zMnXp(okE?@W`;6((PZ1&+$p%MNivD2EDM_<@yd%e#ubuDW9Cyva}KR>0gr>5wno#!
zzu`Q}r%R_LI56^=6fza8sdlGTe-AG;g%_+^FJ8sJ$IY@>aZ`4!U{WEZqs+xqkyaww
z@>QWaQ#sAE=!oy&nYybVywR51^i8B1T~T-{=j|Mh-#x{tv|h&AKU%p~yg7a9;}f5`
zyUtu$V<-1)Pg^f#9--G!m^(YJqcB~{J0?`Pj%E<gFUh3vS)5LGGT-`~f9MYBm~!CF
zIy;M9k`R)MtNKAOWZf@NV?%vViFtjpxg>Vd)a=FDdLnl_Bw=h-aTr_DK^Y3Z{5d=2
zNmQu5dcU??fmSoMn@WY&GQSpAp(GE<u6r1otQRe@F9RuTvGTI&HcSriG_TMn5<;u#
zI8tK>?LA`{6y^ZCLrdlyDx`~RW!J#7i19|E#DrVrMHKwJx=JQ-#OXtjIWparC0=?g
ze*K?JYBb*6zQ3#!O-xMU(EI49)E3J2w5sW4sQ4^(^I*D@N4El2Bgo&d*=lPmlC+Rl
z16y1nlax~vh?ID)$i1^z%3ThfFe<frOnkf2T<Xu`mBa0dRl$uKC7Tf_LjLT_f%FFr
z;8<CX^_EkJ?O(uw!OkR&dot!CBk~eW*LY}F$^j@)s{KFl)8W{0df2@@?*&{TmSHwi
z{^Bzz`;9I_{S!C8$xgvN2FT@mV0<mwH{%ET$I@2(l?x_`-N>Bb83fkHX}>J<Zb3~h
z!Cdhxg>r>9)3>sMojUc4`*>*T51fqVXRd%!75|=~v#l#1I@a%L6Y_uXT~s<DE;jdE
zhdTYIA>}SDV;#?-_^ym5XbNX}d5^wNn`z|dkDUZ$E~Q?)nlv!@rt>YF_SnZekogqF
zs;2&%Aci>eeX}}g*Fb7j#P8QWc-*v_DR#o>C_8sJ{qjW6ZF)Asggmw1kHwMI4XM9c
zO1lH?byH|qg<W%%mtLoof#NFch%@!Zur(}{vL^QXqck`<FSh4GBv<UxB+v|CP;o6S
zH!)%3TL^pLo9S!3ze&$n2Uc1uEY_Q+>RoH(JN4b3zJ~MY2n$mo{1^lm0q16%K<o&+
z7@;oODi^KE*_MuJzc+CNMW$YWzL`0Lv*UnZ2plPk*GEcC$a5>5ri_HmPr;bwUO6U)
zEl?txPN~I0w6oI?U4)nRbC+qsgjcOvhUcN^+)(;Jg;x#J`|5++tn#%iB|x+323tes
z_sq2|D6(A~8JUGQz^e=UWn>juW?X72xA&DWq#1swEm+|K0SRJ8+#DPw)0k8di|r~`
zLe9`i)s1YCWL_(bT&zm{!SNyE!-ixBQUdRUt765)o!TupA3ixnD;-q49-!HB`wD^<
zX4jh?0vK&gX!J(mucCQ#mhu?FRK_`{*Q7@(vxeHF+N_md4i<JL7fE1#Yd#qsHOV*1
z&F1rv8@UE^b#t2WGAU&a&I-oXbKdlugNW7ZmV#cGn8IQ%-0B1i(`1sveMsa;=~Jm8
z&SjB328l#J)84G`BhxmLAIrB4P<O%5?ArNEa58KRP`$YQZO*QE{PPfe$)Ayd(dO;@
z@Byiz+u5dQoKmS>u~g}O^31eRxzymO0V5XPhp_tC4y%+?_|S2$@7PYB%VD#xZZ2*t
z#jl*oO_JBxi6n`_F6w>7wFp6s6U&`f?=5%mj3EpB3uaLmqbvCF*a{=@K}fJQt(ha0
z|9FKnY>;scqv3MkQjW65`o3XWVZ;3EmZq|Te%6`U(HpToNv(%Zw~1n|64UL0_VK0<
z<{iAHnro>|qh!q$SL@q@?{Pip(N;D$@Hs1UyZolO??ic!7?~DKze(!E_7E8lc~Zpo
zTd3Q4dV*$}o|Xz)3K{6~EmBVIh6`4!78*#VwpxZGf+m_+?3jimWS2^UN2MoY=VuPP
zvr;^9ZmqZuSuBNXjipQ{8*o^=sx77?o?E>6vOZr8qLin3nryPfzIoy!SCQVF)CE*v
zWhrgKV8hX<OR_n;=dw&=kehWMpxo*!v@if>cI~#$U2~uyh4O<U6xw}ef6Z1n+Kjj=
zg>3m&+0H9LvsTPJqdA><?`A6N-#)Q-<jS5?jHWdLJQ5<nb=yD@)mq0lzn&WtyRs%9
zZI{A8FZC;*sSeRJd$3m|@*vbv_7J?D-l{jpyxAL%6E7yO{}{m(L>r#Z?>O}!XOzt%
z544HS9vy4%rLuFqdHz&gjIc%v_+hQ)zIj%brG@;QXFW4baEsi}snrWQd+*ih)tA$}
zlT_`57%}xW;t%Y3w#9o;rOSbQgw-GTy^r}IVFQqR`u2Rh;Pp<}!mCI{)A7^=)Map!
zEzztMa<-dmm7QDEf;n&hR1s6HESG%m=8m>X+)T~SjBl%}MhiCguYuN?>*a9i<Y!uO
zlUv>!+hEnF&`Vv9`epANiWfVKE+d%8)KU7D)M<ocy`%D>#+1HX#mIAsbr+jKlqWfx
zYU|-iI!I}$3DCqCI@kiWI~ZZkWc2PaNHE;-<-<eFkUFxlospca*C<5mOEKlDm$6Tv
zow7@qD_F`;OUykUXafMPxmfcxs_&hNo;Y2T1iY4#mpw_1+-ZQ_WGo|b{VOm<mQ1Tw
zShwK;oX|pCSp1O+^DrZ<+thToWG*{9NebVJm9Fk)?B7be4?a0J{TE9Y8EHJnQJHIY
zfHbzmirQJm8aY06_kos?hlNC{Gddk@$w7730Vy>qjb;TxJDJ-lgBDcL(d&Ad(?S}y
z<Rj2@2B3*#WNSJA{n4wGGjpz3a2fo|qw$X0=vSre!o!r}9+`c!Yg%Q;vc~r8?dbJG
z@lG3^63`}6=a0|k5)TRsT5vX@JL=dUDEmrOt#8z6G4n@bPw-*ggw8Dwf17r?S^%tu
z-KB0i*Ht;=`$?WXPXiWZ>rCWwdCAZTf{`s#Ty6CqxLGqD^ZEQ3aj5O1bo%b}Cx@od
zm(@796nYuoN#Vy8tEMDzb(4<?DV(%cY3-KBE!L8(D#NR?8(_<rH)I>P0Ig%A4hVfz
z6lBPoEc!SrjzVQyig?)kh~%?O4xz@=?5jL2nN+{IYV4viC(Oy%&O4o%?=88|;&S*I
z+^w_`Sk;d{xO=CCJX;bZjO~zv@831{C=gmrX)gDc#REfZsb#?Wcc`GS16aF5Gwz*|
z=GTXL`}*R+Iw9^_AKs$wMZJ~HHpTWBKExByGR)iP54`6RQLEYh92M#^Sps@itvV%h
zOW+=Cu{<FA-t5WnW8hNiK(o+AJ~>n%c5p-nTRAFkZl1<8<HoLcVen(RuwQ;HGA-Td
zxuOEG(kiBHO^>E_USfOA&*(<8xxlbeRXdcnb}hML^T~OhV4XdJbvZCZad7vjqK0&<
z1%-{>@r#dedn@Va-p?DI%3(zZ63AG+g_N?fn|r~blhai4mB)~#D`nH}&S5~QaHeUK
z$K_Y)d@5YyZ_by519xlQpl#)7j|cFb=3KkQQnH3Npz>Ah$s{rfa7mhOY(G&=v<ZE{
zvve}fsh(aTbE@VyCvA)iMvoIq%J#K6JNSsZA-%Dn#u+bAN_#BQbreDMhAFWwbnvq1
z#q)H`qg%c0964jw-I4c+iK?_6EV}H~;vJ0u=98b9L27c!3aLPq>C7ova=eX$TfZ<V
z4)VlH5?>W}fXYrrq&PSV3`6u%)$Bz@avL0B?4ez#tYZ%$Ka%99Ef!M|?OB;xgJAKz
z0C77UA2!2>igKE}e`j%H&}pGakl8~mZin2Zhr=j#hXkyKq*JXsxQnWlgmT1KaJzeL
z>hRr?FOzSMq^9Noflwp))z#zXA#rbISfV>!C(x3(>I;vnWaXMW*fvCVYoB6pD;t?w
zGGyquTy-HSk247m+Yq+{^`?nJ+g_XqtRZPH!^$;~n9d<TSl_kDi-mcnFu8E#+IE?z
zK9tBwryv;k#_j2h%1fIUb<e(Z-ktA3{!af{>Dl)?AO438X9QGK7DyO9ih%QlDgWTr
z13PfWA1*#dgurDy-&yL>*z4EhN+KdE>TWMxkLiNr7c@zS@%+@bpevoiCY1^R0Oy?m
zwagsgrm4;We`=O+&&`Iu@wIf#df0DGidFx>8ET5v60#fWMtb9I+}D1DcD%Yo3hs5f
zErZV0?&FIp5uMMN9*g(Jc6_INdt;dMT-NyRW4!BnHZYyx&vBV_N90BFQ+D6672yl6
z4sr~ZT|N!v_aN_26rr^e<()7PZ8Sn<DA`W<(-|w8T1cOj@-3GRmw9T^k2qOq;On*q
z$4p1WIlZ4G$mm^vdmg7N&MWVW_P5L>T@4Q987y}<QLNc;C`b4W`Bk*@u(Mm^cV-}e
zWoG_CgWj?Jogdkag$e<qd#aqBtl@d2nu<@exysMfo-u`<geh{KL*3@;mzWjz$f-~S
z?i`X3*!&D+!Q~uqMdoF+9LM5sa?>M3Gabd=W`VCmH=Eg`@#=w{z>u$cQfSJuSoI*s
z#+Hlsgrh$mIY{mD0OJ-gYdo(zdpI4tnb={_8#k)ihAU`e1GBU@YB;Q8#e7cVXBiNA
zU4%Wf4B`cXz@G`>;H#`W`t#IWr1pe_`%NmS=Q%h(I_?nz{RoZk*@G6R;2V3H-ulnw
zNRvo(eOS9&=CIv-&4SyOE(RVE>)1EaObnB4aroNmt@*1MS%tlQOM{da5I~De5Ni*8
z=OSde`H*?dgvyJgIu`1;K{^)_f*@gL;0r$5W_+O&%7>FG*7ZqlNndd=E*vw~+0ssz
zB}nSqrrC4B_%Jl6Lv}e@!G8_O%ASyKm@mOM<*?+u$yGU@xdXZ`G%zvk4yl{%g0hQG
zlC2W8JMfLD!&!7Bjb5f@1$%68I4w0lcP6>QP04h_!D5b$Hbk1CzaX=R@UCNML#Lqn
zR`N37XG(7?d@`dG(u=x$X1>OChgyG7$zz69q-5He@N2LfvS05{ekrsOm{>OIf4tEg
zGwl10T>q`1gnlf&?N_@EZ0aPz{sMV8tU~9W#kc@}1;IvYaaf2q5Qb(1WrA)tkFH~J
z)Punhn~gBg?rNJ+c$7mdcU7xcH(Ha9?doP)>n$9tz1xGs?lIEnrD332VvCepvq9)K
zpA9*hU!|?_nLM0RYVQ_q?x#sn-b0WBukLVrZY|CoSpCHcKH8lS!;kTHbKrG%#ddmh
zPx|d4zI(S`c(G<rYi+PNUHx|Cu6BXyY<GA#{hI{%K=&4i%BDhSr{J{cVZXzd@6=tp
z$>j9Z7SWZZJ4UG8RpvMs-thAZK*x13C^}ooCZ+R0JY3e+eqe9Z!E3*L0*PmL-h8Vq
zbu&k92I^Cs$=Km<f=4Yi;>NKVTjWug+pcU`J~}#DZQfG#enjF^k*U#LMxrG<<TAYi
zM|-)eo!!~bCbFK+1P-J#skxrwWNrMalmJ7G`_Q72x!wgeb*eIWAt9q_lQJ{MF}XvV
z3mv-`7Brv9!=cEpVfD%$i(orCI)uF~)smUf+r9c6SmIMzrEWCUZ=SAHpQ4c;I!=5l
zt+_fLd3bxsP#M5hI#hekCYwfnK)-@yT9twuePz!z|Elz<{pm8C@`vzU2Yuv(vd1(e
ztStG?o@GoX8}I7Cj8VKv<8l6sIXuuaZn9TemhllBMnh@(#?rf(nNO@yrseu->~##N
zsS)d0Mr;YRr_y|wMLZ%k`eHI)Z=-S?1$5v%9aCD+J930lzFfVO64X9>$Q?cuc#kc=
zK=PD=1V(4BG-jY`>QuSZt1I`-qov5o=K)X?=9+Bl4<vH_%(H~ansqBkgNbOZ&#;`w
z?j`i+5KPlu+ORJnSoOwK!ow53<}w4jR@uYgQ=kTL9=ndpB|Q6#t?({sblz<`M>fIF
zL&&AmS)&dfkb5>?ztG`Y%w<7J6xaGYk!KaSzO5B^$o#{3<s<}2p~~*GYkB95Y@~Fa
zfq>59yJfLzLgY_VU!gytkAO@j`ywXyzPqfgtjZ?k8ZJ+~=GgZ*307)LNS<KR73?_A
zw&bXm`Yg3t05z96sE9=(W_OjG|IT&zlO~COC8S|}#p&BT!Hn-9(HsnYEcQV%6*6J@
z!$y2nGGK-Ds=qc|S{L(B#XigMq#*F!=t3djR2lQ)k~U#5c~q_AyRqX!KvYMXzx$)Q
zoAXIu6HAmSPZpIGcq{nVwKO#W-W7E7scoJaMyAp1I>j@nCZm9;fcwHADvz}QM@#s)
zw|b^=1ky&TTVVy{O;;<gr4u;ei1{71^uEUI)6JSyAJ9C5$!6grU}XISk<yW-VC;0T
z-DvB6BkeYSacm@s&b)6VQ($U|X@<7lgJVb)cCmqKAjOuzWWnfbBJz#V>D(D9?1bbT
z&_H>N;1kneP^yIcM41{9RyvJ<XJwqMW;<w?0i0eqLI|Pl=+IKNt^K$*f)iqn1xdl}
zF=i~-wG^%|3m5U*z#mh<xsxOmRxCbZ$a02#Cw<gCAHN49(&E_~w@L!Kw0#g}KDZ=7
z8;aQJKhsEQA5<zfXRrsOh_7jg_6K%2;IwBlLK7Hj&osW<wLc<+O`#u5w-M-ARCl$e
z^ia7-Gg_v`K@BENBk6O51aMi+hkq`3uP+~nuu>oBx=>Fz@UH&~hDE-pUzS|MLN$Ha
zsb)h))$7}KQv<xtZ0LAf`4rwT+ETS?j8j0DVrCL6_2N<J&I*RZ0wo^Us;wS&%0QTL
zy_zps`-1t^XnfG+b?QBDT7|b*;qJ+&)_q#-)xJ3?j<c(p#Ek12`*zdAMKZPBos-dw
z(ihx{<mJ73e<MrW4z14z=x8ZzT1j8)@qRA+$WCi;FQ^#Qacr(+upm{y>#sV`y{#i)
zPAyb2lbdC9mF#SO6s0?YdW}Kk>-SW5qo_uAqgK1y)fJ2hr~-k>BkJB${n2Ycq$@yW
zSGFn7#m&u5>`v5v!@Bume3i?Ad-e0znONXPsB$R@DJh&vB7IZ^#@|{1`IjPNZ+qZ<
z(}ly~V^sjHH56H&`lYa`cP%B5<;_vmj3Y&A-;Bpp$OrylZ~W2U9CgP|85bhn1#%5!
z2$;{9-Oguv*49z^`6QI_9ccqAR#-gk=v}j>Ozavt=n=K-57mFlv}&X$9=k<Ocy$lD
zhXeI`sh-IBV~w?URj~LGx|@wW_gRgZeE2r}HMxE*Hy;I8E(EHBNkl)_?CG4(`ptd$
z>DmLa9nblIzUMGJdsO<T>MWXt@`fw?lZUVM-W{+z9=J_&A~ko0#YFDcum5sCPo;jU
zkU8yw=i8FZx{tg+E-GB@_0hX#dYqd3%4iX^zlCeT&*ZMx|9vl?6q@@6b}^X7;i||#
zHC1C$hb6@UOjHWuVd}gz$Eq={lH;6u`m^yrJA&o4_eMs?iydgy+!^#|-@E-}xSjFj
z>|2cA+D)NYy7>LI+EXJ}!u*s%(Jo7<M9Z>7QcRW}#NQo76EA+t()7tqyfj+xZErgS
zy^z@C-tN%TIAiEEZOPhcsWK{XO_(MBYWuo!9sNH=W?##_9kRZIk^!~O8+&{G8J4_E
zbwdgrM-L3}qa9{PH<YVpa6ylc=T}z-4{c)@HRp!E7J2T$;A)UJ*PCtdaA*4bl>MjL
z#}A{V6?)+5Te=$vn*oDJ|K<T#^id02t(UUkO6Z1U-mevjYR$1()Q(@(j$a(WUl^Av
z``vIBvE@*}#Qycp*FH=yuQy3~TupwSn%jTmX@Iuu`xRL(*ibcB{acbW;qafb<Y4bW
z@3DC60t*V+X-pLrXoOR82+>w&En5)C-1Pc%ZSP#sOeD0K^L3VM29ZX5%4S7H(~!CN
zQ$xlIqL4=RD}ody&^1r%GcD&>M(FRs;SByc7JTH%&C}bvVu1oRxmKSkUYi$INt|dm
zwH*llr<^m`+uwWdB&r;#TsZa`4VBEBK&U@(#@7C-U@A*UGeQiU&wM=12<cq=S@Kft
zWwsck*7^)u^$ZfSy?%xNOh}%FYv2hh_O<B4D=P9Yp|Bdq!8A@0p}3e4^IW%t?qRUG
zeZm$K^O){YuvPlmMHmLJkO^;Ad4Hf|R3P-3cxCQwh_$t+rzgLB(^D7POBbB%67V7|
z0~t#+2q@=ow<U9M5sbEaPp9h}^TQQ9A!C3+gZhRuyv+nsi`LMagPr<-bxALt$lFW-
z19)sw0=KlwkXsjyJI%q{<o`4(Q($Uq(EdNHy=7D!-PX2CAV7i!2yO`kcXtmG+}+*X
zJ-E9&!QEXtxVyW%G}gGB&ffcZ_8#Zm?>J|C<NMQps;gGjs#<f+HRm<&H5ULn-8Y75
zsFH%l#ieX<G`^a*;52Xtw>8%mVI-1`!M?mKTVkB<=yq2aFt{UmIFBW|(sZp>0cZH9
z@iP5%`zYl?E>X5SnL-00*s*EU>~Ol7fDE_R8Tm4#smcuamv(M5`MxNmx+;i^NgI;$
zu`>CtLL$&Ig3&<3E&?Az3#*d|;n)3rdz{53dfOM`ilag5XGM)ij?GB}E;|&!j=4&#
z8X4LKT$TJ7Ys6J&%og2M>RB{r+Dy7gQ35c{5wx603r-@^5g*^H-fAiA9Ht}#Pd{gH
zmWiWbviMjb<$->YkC`0bCnMlEM(?p{Gdkb%^k<3hP9>V++=g#1Iy4vq%8Cf4oD9i9
z+`z3G(lo$KFWt8L=N{6vB5#1~vUH^3#M=8WZcBo7v9ZtI_crbk;sBeA8nI5?hk)Pr
z-<8MRV`?P@`xduyM_UtOQ0-Bh#(BC7R(Yfrxq$r^+m3W&cIh60HTRD8>L7THOxpDg
znF!sn#6`BNBL<)Q@6*dn2_iy-^q|8sNn>^H-3vbgv*A}u+M-m%f{OKTz!QOZ%G<QY
zvt<Pq7q&OCR2xxyidRzY$TL&6Jvu3DbCx~Ow12&o4#>De)!`TvN26u+&k~3GdM|w_
zXi8~1o&L*vPUhk`Sl_mESo%q>q$oa{t&4SNb~4M~Jr0-?bDuD`r4}jy*TO~F9Jc!(
zs2<a5tS)RD`CPr2K&unTd96$jUK5UZ5!sgqF$CqUT8T#*UQ0EjnfY2TDb2^;q#JC8
zjr`0Sk1b4Z;y?PU?)H8c%Bikq1$hAZ++O=5Z8Qfl-0!r7D58ZUDiuD2%wty#49we-
z%Xnbetn>@IFf~S}Wz}*M`wkH(gi^A_W{O5t&(5H3Om%?VF}e)^xVvY~G1m)pJ3NDN
zR{pTnTk0ZD(DbcO^h6^_h8;kZB!v22mwK|YDpE*F=g6a>Un@o_jjx}{?r3tRM+y+|
zTu^-%`E9s)qU8!VZ16a0Lw_b_(^pJ<cny;~Nj$$HYQcNv3!+)?%dj>ILA)t+0pc&-
zst$G%r(>ydWL$c+H^=1{E|cpxM^^qgpXOQgzT~W1!JLncYU+_G+w%+0P@jy!d(hZ%
zxJ32OjFc-IXDZ!+fCL=(RCS6jGUpKpP_1EizMkEi)bshOJ4INDiql(OVz9n#i_a#7
zQeR3<?rIqyjSOC=GiWjm|6s8|>vWR6+TE9^JZX6Top6Z;(2dArfVSc_8L(tB&u{k^
z&HOa*YSDjlX4U^J?dIzJfDO=+?$nF+`80N+qoXg^1~JkRHrZi_DxtzX&pq>H%Z<9N
z5_{%k;O0qvj=X!E;h|>OOtR@62DRnek_LmjJ#knpuD0B9o8U8N<%jcvIclB9fOt9c
zZ9;B?n=8!EmD;{@@nPGb%#X01S+-xOe^gcL1bt_+eSp7GqWNu4=K!-nZ@e-rTHY3)
zvVYHz!7$VppeKx_y_OQclE;2~bJpJ8=0@$`M1I(IC@cO{AL*T?A%EO{d*!UB=fnNR
z-0d}`j0DsYIqR*s!Ku#jq)FZe*dW|;NHAHxD6vMAKhN74Kw-|D4Qx;>KbqX)FO7^Q
zky1OneU(z1pEv%ewU${UqnG_OoN;T!jLdZUSVxE$gp{W)0R8Fr@!UIRJVtc3;O);1
zk3s7_%Uuun?|X}f%;r;C+E^Jo1EGYk(iOTI(8dF89QOK8e)>I2^I$EHzq2TV{B%XO
z-f4`GJ`*Y47cO5bXc2Vt8WjI@Yv$c2_2h*HC69tx8<^Pn@L)D<n_(4xC47W~aCaOz
z6v~44!5u$4px6N6gefq96Fw!@o(ZQ&rQMyez{RS(!qWC=3g#&zR})cOu)<x;^t(2t
z_Z>~&=$M@)YZ!+EtbC{Mxj@tem8Z;IDTZ$xTxH(jzGpPwowm=3haMNELvJ%w9`}iC
zX)y<wR?km&`1W+C1)HFFc^_CI!Be8x4iQKV$c@(^A+ml%DGbU#l<l@xm#-_N+21cP
zV>e`E5@r6CBM5LTG7%Zb4w75zWEZ}oV()aO`QbD`UmPnWz9>|Z?ikWh6o0Kzq6n^r
zdOH>$SlI&nC}Hjs3ngv8fLcEdwdqo=>QA6BA779@AH8wxb^#qDWD8yFze2znA&N|#
z2jyAW4bM9knI)?FS;IgbO6s`($lxve^?RYEhD9l+$&vOnZu_DmDW=P1qj1pd`*?<K
zf{?&?hS_#<Pe7Iyoa_UYf+aq0(YT5&8#{s6_C+q{E_r<Py3)05d39Xt7`*IPiYVfr
zp`5o$x@jXH(D-A8Vg-04c6X<+c*|12|8r2NkBMugftzeiNy`cO76HF&e8bP=U78Ae
z?a5Jc_>8?LiPr4S_anMGp55*OI$?aoSKW<Vc`?Ao93$UDZP9^QgvsKIPR#_?;;Dn>
zSfZj$O!BnI$M?dWJRukacmmQRX|pv=ImL5qu99lKIr~EsD3jXjkQbL9^MAZiP*`a|
zyGs)A3+H_zXqPw0pu>b{xi->_My7s?3^*3TnpuD6;6T-R#vQ*EnO$QBG8=PYwD_l#
zNpBI*K+U&25L?T*DnB!mA&2N{Ra`{sxSvkB&5jORT=xQv7F5w|b974~^F1F&_#=~~
z5azT&FYR+xFj_cVA{=L@-TRq@PG><=hz0GeJQ<}G#}%njfVhi+`6E&^zSxHjLDTiC
zMNA(aX9M#yu@*u27L0`N;iwQ(<>~Y>WGH*8?el65Xn8vAk~6&$q0`JsuKc-<g*sLG
zuB{9EnvpQg&9ehz71)6Y(n7rD6{8O<?2zQ?))JFry1%Rm3LDS-9J4iMqaky0)bPs4
zTI=>^h0l4E@{~*HX|<x*S$6GD`KyN4E{b=89A03UO=Yv)$8dBZdk@9#R?O(7uHSO+
zH(W<SzEO+!`ESZIgDSsQ0N+l;MISGm+D?4p+Y2<nY*%xo?ZegQR-d3JIrDOmn|B})
zVfKOei|7@Ha)}~VT4z2MI;=H`Ty7*|i{_r<w)}8NL$YG;(gCyS<Voa*II@EiA8;wr
z_RbtX<k!3S4{$zyCj|=%>pN&U%kkgH%dK>@P@B<83RTDIFIfxXgWZPTaC4hc`WBrS
zG(*L{ecfvYO_80tR*DwaJkKYrrp*{gF3EGaI)6(NJ>K<X87}!Elg2&xv9}L^juln0
zR<psBBx3z!XICQQ4})myK=r{FkaU%V1&Wz0(%CYO*SK~=sw1UVoqO;5y+S6TU6_9o
zez?9kh14fukz?so&3rVyQ$xZ8qxIik2pSf-*c-hNRaxi_82l~3mD%BC#2^=`>XR@v
zN#+{k6^Bd1&ArMNx_eh-)?!N%UaGDu2+?!gFymg2_W&@seMCv{@k;iMWh4}i*aT7+
z^t>nDTgfh+jkyB>exGt3f9CEzy$rU^&`3_eURMiAjw>awU|(9!?(jgaTQH#yKkyp6
z0ZEit=p6>cFCy?M4G4M{eJ#(NS4Go-*zq*xXFhpq+sQke@T;IASL5&UALE;Lv^s7Q
zpYrIlQ-35hdfW1{OqmSJ4!`O1P;v=76l>x&ztJ2BxYfyjqK;l#@qgbsvsJe7Zib<6
zvAPD@|0un)h)oCOLVk<{X!|O8-C|dX^{nj~WYDh`M?yCz+bALsv>?rgkUMGt*;I?w
zoRl2W8z{o0Z-oGA`>byXP11r+Ng6rdbW56jpTXH#K!-L$O3k5|S!NP#?+PSzZO9e~
zm8Mc-ua3LD!f2zB81PE&lKe+a<mJZYM}*JqQs`wtnz|W)&wX&K2igH2_Z!AG9@klX
z_<l*u9XwHDPyovNz~!_vt0_e$mdX+O6L*)YO7E{xm!3F#@cPOhu7DkyAEmonzh7xt
zTW-2p^E`x=riq@XPgx&Yy6<aAwK?adcCKXoh=ezy(6;+JaJh~aZBez%d?cSms+Go6
zWT3!m36NOh)xrHFe?_;bvjoVT=#$Vub@+nSkjk-dv-W#qdv(v%e8Nm(C}9tYa?GFn
z>&>eAEqCenDiM|=)lSkgZ`(qHhSbxxXDB|yBhSxW)7)%6Fu@9w?Qz<G6bp%9^~6iw
z<pgq@zPdn@kCLTjsY(}v8`*$2l{7jg)mB|Bq3Pto5{D{s#aoBM)(!$$g@J(@+buLC
zo$!In^o*2U*_^20_be&o{P;2$+JUB$L)~!WypmsZx+a(b;{*L<dTD6uU%6%m1;7Uy
zVFu7tW|&FNF7cKh5QGDtJ?$ifJyA%;D9MK^Ae`FMl0TaBm`LsZp4aSJj$zlI9Zqm1
zv)@zZ&Q7JEDEFoB*eTgApJ42kXxZ7{6~`u1X`LgGu6QkLxr+C{b&oIm^O}e^MG&mS
zNu#&Fi9FSrA1Rq5n2G+V7@!Gkm@~m^_k>z58YhsoJ1ggVpwZCF_5IQ@^Uta*Ug7ND
zOmO<4?l^+qzrRO8VdFSqf&rox&X(ICC*(;T44-B)#6Y)Ip`f6Qrn0=4t~#UWnUkBF
zA-(!soMeS-0z4B6{QGNwz+OkTQnOU`reFRJ@2^E7bSDbFbo;+7(w8Rgmu#!)=`Y1a
zH4v+@d(&e2b-USKW6ku_eXUeS#z}PbN|XGoYrYowBMW_z$L@Wn%&b~ia_rStQI!b8
z<GA=$xaiHO4exPSY?1@Scamo6QB!S9+C>CT&WPYb$!|nNDKjHvHOE!c&8&4ECmtA5
zoZFV|iF#QlA3nexbZ&U}yO{Ro3(@@~QdK9d_E?f1*XkU9z-Pj)+r|4qaqz|FRH<Dw
z(jXSdLPSJ#Z?S=LPJ+=hDjC~%ottkL%}S0Wtv|WFTd%{>8iUl(R?S7d<FvRulbbHr
zshJ`YWP5J^X+qIFZ2lxjVjF`rVxzC(;)8XzR#yy%Ny%D^RqNh|)U#}@BMHw+eV-hh
zgHpF@W~QlUHLuik;AupQBX1B^gC8BWlx$#c^*Ru}>rUtL>CqH&CgSt%m{D)pAp0}0
z4<*k51HjO5y#Mue-+}b?GJ`96yLsy^;pYw!$A#=2r)yx1A70ou>$Rvo?VEIqw@ACn
z)O5_`JT-gDpo@VTyp@Ll;Q=)Im(`GNXot89*}lgax{nCnL#2r_&G)F=sI%??R^J<1
z-Nah2GK2@TQD51k97MBgAH)2B$NLPnp+Rv0vO4{UgacU;df&gV8g9gL^<vcI=LqKJ
zwI}X80V|f+e7<?m2BHw04y4KXt9sFd3Wn{fu@r`h(PnjwcOVe_Qf*SO_zX+7-2fs&
z&Ld(!VG1&9gPS=DR(J2?-d(i!28}(_ko_ZMv%PZ*wm{!&OKpfXH8pMR%=&*PBAd|<
zrRO@useIsSo-i@m&_B&ydWVV0MoLJ@52)#=k>&q+Oq?<`5W$njIa#{!+1h(4%evt#
zBsywzS5?@Q&j*?>$?JE5b!73*eD)e0&K66KJZnBN;h8aQ(RDH=*5of%(6S`y>B$y#
zdb;<r9c5b-+9mnHz_$q+Ze@T+yM0Q7;rcK^addR95)Eb=X!XYw5<K=i`Gd-^Y2uGU
z<nJRIT`=)z@n-5}?+5_GGq(pE^%M`zvGU|)3=<xl&Jzn$HF`9f9yHsj*W})%nXu#{
z8$$*);Tkdrjb~Ub=Qe4#rr}aQRkd>p`9XH0gnDCJq4;)oc6yt`!Sx#K=uLDHgU1iD
zNq4;-W}?545OU3EFx{m%Wag$6OcRFU;LnaG4_wcVWLYA9oUPQJ3ZlXl5Hl%D4_vJi
zsn6Nxj!i;+26p;kuQ9&z+>gD~QF)=fqiZp+6l6JJBg4YJtniOJXj0PjE-8$8Ik;(5
zskQ)Z+@!t*_<C|s<ht4BLbjE<QN-Sa)xc-j@~YptzfFkmn>a^LxH@r!@$L{~)d&j<
zH$l$M8mxuLS(8+Bj&-%1MW=KE=QLK}mv>FXxk#FB`F`y*i(%;e%p!oc8?VZV@!}1d
zAM6U<Al#{84{Hm&nw+JD4Xuj1f#Zrc@-B256I#41dZwrKQyV}voi3o~OJMf&OS;~C
za8>dcJ>_)*e;59DRvLw4m%YPcE^cMJ4B4Sl+BL;8TIMW=-~>EZ5}ldMSK+HVQFq72
zeiwb%psLpUdAr0t9<|!uL|6-+;!7(im?{sE33Q30<D7|6JaiQ#OXD8Gg<AT&e+I>#
z(<ume+)AY-CBgcpFlG8WUWfM~KCz3x`|6*!V0Mtk^X$)W{GrKAS{TT4hzFFLhP(aG
z{|b<Ligo4Q4Q6t&_4oIae;&H?%HCyy`|kV@h7`Zj&LZ|#LG1Pn2^2JuLgBoWnaNA8
z!C$fj+u7fsptm#Gk=Mslk@5dlD_A;5b4|(pyL`7c9O2(86@o%A|CU3|{R;JO$%@IC
z|B&D?9sG}iTV})m&{oA^{0}h;MC|_%S`GTY+6>2QsJ~{1dt!Ap{rP%_gsLhQ1O^61
z0=XO{JUskx0>!n=_rJuH0zPrJFZ}ca|I^dcli452Y^}v1n9JoHV#pt6!{?0$d>)XA
z^B-2@&(Ea5<>8QmlfFI?Sj$8e{fTk~lGk<<0u~7mVsaEmEK>l&)EFy&oE4&2rHTM_
zJU7zF{&z7uk;8w!FStz}#LxNo--?wha4IV+Q@!uz%2e>!ZGF+mq#-tskHs6z=W0m^
z{%(0tQv?cn>6N|*e5+$$1d?gB>XA?(c83$;Ra8`39giS?N8xiZYL>>t_7+#vQ>kR@
z(2^EDFn<OTuoN#FqjddPzEdefGOB(91cotL1W)FN;j^-`D%!9n80c}L{-rf5Xeif+
z{Q3U=9%6{;BZ8ZlUMiyzGt)=;9{P;1__`o^w#gtf2X_My3Sj0d>two|!i3(24KyyB
zwPBD6d|0Ya??=>s-SMT|;CwK4A+OEv?ry;YNxz8MG8LI?<A5@iDx7E5fSk-8tm-Rt
zFQ4nepuPbwh0IUx;ehbj9EFuqRiD)#D1TiAWoTYwa+U-N_}JQ`*<x>YJLmEsK$-Za
z|A@pV0b&S0QlgL<F3KG}QvLb!1X%R2&Wv~VXvZLzdG&+ZC7Lz|97MIWq?|5a(6{a_
zX4#Ml;T{jLj<l<9=&JF?^j`O38<Qincl`+~Rk~<ku=D*yJG|xg2GkjQpuD->j)87z
zS-f73X(7!sWy!@cf_RWcwZuD<*?QZU;A9@OFkc3tsk)dUPT&y|evhxhg&Sn))f*3$
zmEe*psVo2JN)o)5P2%t*&obux_psA4JmD8OK0%U5Aio^f%Rf)YN#flma^5~_30ajg
zW~g{ch9O{x+cC+SbQ;ERwo3cCmPg|1dcNI)^Tl^+Ef_`3`OAq{bhTj)NoO99nitDM
zDhwvZ?ZCAR@hYa(-o?7ntn{jQ)w>h7@*uDoaeTUT32S^!^%A{htSk69vg$K=3V(6G
zh=a6eHnDBBqIziEe=9e0>Gi8HZh+O(WWKw%on?hi+r&7$+oqQzVJ{EH;Y$rtc+;8Q
z(*5!KQ@&w%C<WTTEKoaz1}t26PtQB%Dt=GQlBdF;0uAyL(uhs4APEt%puF`3qMk@w
zuJ&vVo%9gg#@624yE!{T+TP-iD=jI+{rFgWYQgftV<nnC-_|mSmjFP{PrlJIU!)#o
zy2f(Zg)1m04Xz+4aRM(k6VsqZe28-&KlRtU{9auRv*DUBblowrRQFPM*agRzQm5Nk
z=apHTZ%qBY#$_vENMt_BQYQMM5*KV&U=0M~86KE9aQ7qqUTS1-MAu*%QqZRQmq6nu
zq7&ZGIiQ_!#e-2IY#`mJ;T6n_3DGyEzHeh4uF@m+o<?{-#B5Oo*!)9VTYQ%rSr-=<
zbqy3^<zRn(Kn^8hIL6480sP94vL5T?7)`6zof8{A=#=`i-egzm{a&XOni-FX!uIk(
z0l?c>vJG-BFr&V7?`8kW97B(0G5pyF-)^R90PU|X{orqO(t{9=K~w66r8g8uvOy6s
zYk~%r#!#H#89n5j4^K;sc-XiAnDQBLYXDvnF-U58VSYsgK1&O!a#b+6&8&vt9x(YY
zTB(EQ1GaOx0!ZSSJIv018T631O3O^S7*2NEyK^o4jZw|x&PQbC_AC_L1v|(Wd>clK
z-nayvv&0li{(`VMPYwJscY`<8?P+S25af@W-bfPE6%pjx%W)|&y0ganDd~XMCmmYo
z{s#%U^4~m=*1e{;QW3W%eK&~jNfW!5kD07BJ7f3RDJwHUWB?;G>RR>?UCsQ@%5;Lw
zI5(Wzlym7vf0>J~2+0*t&?OU?&F&z|D(wzN*Ef|aZ9A|Db=1Qy#L6T??7O-pBBgGD
z`<&Yz32pMKIyQ77pb2RA4|Q<vxWw}po0r0x$dV9Py<C~Nzf2#}+VLpem(!ifCm!$D
zz}|0(^3Ab5e>yYq3>J~(yg?-&xZBXEvw0P})r2GFUW{hRgQ<B`M-BWe`@eaSz?jM#
zN$T{;eDMze$&~cC$_?zgd)K5M^uJ7Wty4~pWGbVos_G{UjQ*ccun6mKzkfmn1P1Eq
z>0ORjsgCN+$5HGY+v#<EP}Y&k4;y&D3YVELa~<SJ&<H(aAN5)KF1(XvY!$A?+E4<g
z3A?AEdo6{n0g2RCP%YAJeWu2vGb#$vVr$s~Wg<iLQsHcOflm1<Wulj~N_Dn~wgKm6
zV4)d*B)PsQ1~TEldm*~d(nsP|AGC~Vdi(A_d8M)C7cB^gb8;97HUIS(uP0z74{jwg
zQqn(SBT6+@wRpPV8Pwrm96CoLnbv*dLI*sxf+s5|dfnf?)EyjKfWvVczDegIVjs)X
z^t}SazpsSrCj^Y;a<PtxjFcmfvmvc}selDfsIz6s&!wH<E7Un0NLP$}((Z8Y8_(oo
z@qZ7V2pPq4W`x>3>J3BgC<KYK><55s{q9dYs(_yee=8pi##v^|#T<h>H*F8LMB<}(
z5_O4Nx`3-IyUY3N*700f8XJCdYpZ;PdV^(nPtmE`rgWi<M)&KCiyO$z?6?7cIN;s*
z(fasbE|Q>W{8WVB9jh$F(8#AhegM?F)SBw*%_krrIrZP_^?Zkfgydq0oEDqlyA22q
zhWdl!g4<3lfW?IS+rY1RRsV-G^!)TpjLh`;uP*5wkof=aL-BOkNc_bD{B?o<6Mt$a
zkAPe(Vp+V+z7cG@OkXMIEPKd-@Z2h7J_qOfgm$KlA@rc&NDJo>L`}&&#>`8vs|m9G
zU23+@v)a^V>R`tZ!r``yk-qQ#cb-n(c<5)rwj@Uzu8c|<YFq)NN~hH|HM#C}xp?pr
z?#O!3^yMPhr1;{4_7QJu4<*?$UlHHRAqtsk24X7ccpbm53y|ZAIOVr?(6F*fGoLg>
zZMszGZ+AQt9q$IW6C9KI>Vbv}PqOo0o*GBQ32^a1r{z$D4jLB|50eWirzaj>;;*<1
zegT7^dh#b84WM^(ua@fKGycei5Qa-BKOyi5_*Gf$Zqfz?A6I#9m5r7IbR{Huq(e0j
z9K}DMI%RaLzr3^uqsZO*K&Bwl%Jdz?CGq6>l1qF?=M=tFp<xebp#vwQyo1lSrD}ez
zN2Iw&mFB6?57Dw!{ZjnQ;?rc;e2PF-k+ReC;4CT4`Xt@Ui5v8xj*B}t`c8vQMzV5j
za4;4xU59O@XS|dP5NUMvl^Eu&Ju3_v{kw1pMgIL{&EvgM1A!0R+3zQcyFIL@6#;jE
z{JSa3?8QKyY^iO`iCT!=aT{aXhZogje*IZxPGz0Qm0K(DVlNgW%x4h5QuR6pdNe43
z-QGB+BlVyrtvP<rDoqorj{YM~tr8i(#HT_=H|KYP-+n<&EhEhD;o+cEAD!HXu(|iI
z?3W5+IrksF1*~raiC7M28_kpGN|&&cK4pjHq<{VVZ2XyTw()IJ4n>g8ZFF=9$~Wu{
zn`+R)I4Uu5jw_hViT^_hERh8&5tJJih{c*GUExxPnf=ZN^kaV#bI*!CGGceCETS+h
zu+~oB<#>5TzQ2Um%OrbN@=c)(a*4f$3sm||#>9Nhf`m<9JNWW{WXjFDmF(tCK2(@<
z<e#>I>rl;%RM?lNA#EMr$`eXh&`TDK$yez5@+B7>jnw$@+Q<}pYNQ^IqSc$qgcg~5
zGLQdu%iIS@n5JGGOiwqv^M#`2%ABVvHJOxkygI12y1N@aSBx@^DLx*HA-yoB{P}*%
zRO8nbkPEn^1$XU89W5gADiEVUZ5P+)ZE04aQ?Jzcvp<h1>^vPd1|6tuZM4JT{y5I_
z;Vea2rj3~ydqEBpiI&+%(rawfK6-i%ly0YAX}4W8&n&TOK`1gvuJY?fj6Z)I?Ihwk
z`y`E?Nz5^?=oG2As2&}uXgA(C{LUS?O|Ye6JTVj}D9hvMFmoJ!WjQ)-ppwceX0Ky)
z(y+%~wxjvs;YvYZ`5JpgYcSo*;fA9gyri<uDN`~MC|}gr!N~_1Y%_C?8|i}V(Ms2u
zDF@T;fP)lOB7F7=J0n>FudCW29<dJEu3+y}OIpAA)AKG?`6V+Y8%qC)6-dXw276Q4
z*=Q%i+4O$=Lc0rr*4prUYF<PkIjgK;PU_5P^9m@$3@S)o$X@kMl@k!xp5E?cjR=0?
zsjfL1ElD2IGcCh>-0wMYxa7=|YLncGF#aKB|8U6VLB;f#zwajF-FA=aI*57~=K4&K
zh03PFy7psx6U)T>j<5J5&$1868m^MmM-Ntb5!N|NK8~`l<2-MYXvy)<vg?7+n5ZlR
z*4OcvYq%Vyg#ozsuQU5oD;r*eThIi|CHhqyd<$8HfJ(zGljY^PU_9+f;xUjpYck8s
zMT3<GO`Usrh4*nC;Fhzb<GHAa2Pl8!04|C2VZ_HRY=q+5a=0W}9`-V}8!eXxP`w-{
zpL1RuKeJP|AQ<iRk6vp58ow;HHBS8xV4$k0o0nrG@>t9G`lNXG#O@)@Dy8)aDc1zk
z?2#JOCiz3fxM9Eq51q={`2OOSeVLQtNsuV$roa*Of^g(w=%P(RsH3q#b?wZue{Wk_
z*n%_==sHs@xm<Gk?pd*8SYrV=dff1J0rKpn0@;OTat^=_UWN>?3SrMxAfa1&*ptdd
zetprfT7a~A88pnbOkeyn3KUD1f-X;>WR2|c&K8(u%OF!0nn<F+o~u&146p>a3{wP(
z0lk>ZcZ?AE#XAnX+dLY>A972bzFYIAAk}h5><Io*P{uP@PNVn`T@*I*UMjO}>P>eT
zHQLy+H9kLdp)nL+CmR;%R!^1e{Nyu2#v%I&4SPsp#?$k4UNX+~6>r*Ksi}<7tBj5-
zsU^O?j1Wy_4Oa0KXC_{_X@uVDg+lsVgTEkI0-OEZaJciG<ZX($VoT^Lw|ziCR?>ac
zd4-yVkIOX#jQha!<pB-edK<(+03vu1<nHBP7OS;oDgpofNv6+h(eCuAVskK73Ze8i
z!K@<~?ZU{$SqGFWp@xQoz%%$DwKgNQ#Mp2ie{@^yz?<<@&O_B?Wsuv3y&@_lqefWD
zLz@~3za$7;w;<oE37K+&JL0Z_FrVXyTD8?3F4ejpbs#an)+MzO<B^8QYeOckJ>{Q&
zBG4P+m+%zzD0CzstaZ0V_9Rd;vJ=Nc9|&f2{9#XwkK3GL&G#xjHP2TE9Mm>$WY$Z4
zLO$ZmijJ<>lFhoM_9lKw<Zj&Js>2}NuUG=34@?^E93<TTbEPFNLM7xBoS4<QSMWcW
z2!*R_td*z)-NkJh%h$fdVj48H?eyno|D4RM8?A>JpwD`DDig1361;Kw0iItxBQjm0
z+ZvGk`kwuXmgGQ3fA(XP4r@_mIF0$7n}`!0|E7x9{oLJ$bmLiK(*mxZ1;C1Wql=VK
z!#wB*H^84NbSSmpif=G*AklO;4))B5qNDfF|9RF5u4))j|9XqK97hfZ442GkQWO7w
zp&#<|zhUT?4Br3L0U31w&2DK<dS_?|BsX5zXIe`t5Q?9Rwzl@7y#O1FonE}w*=t*Z
zsv;Ax6azN~n5v7d<bmd+-EaLkV9)+giSA}B_ymBQGx1AIlgws+FxII4?TY!O&As3x
zhETgMR#S@f>M2X=h625}{Rn_sNGk|LH%XbR|03L(9{3iCZzDA&6~Q~`yB;3mgx3f3
zU}b0&M)0^>?~fsK)8xVZJ~nl7k-DBG2=_AKqZz`c)%H4$nd!a%JC(Tn(4xPwt7qx;
zON)Zte`PKP%(dJKJG46f&1np~ZHVxJW4$UC8%fF{pv9QS2imi++pFxX#&)LfmN{%$
zSp(!VK(;8nrQYAeGAZ*W?|u3b#`0HB!VDfcUn*~^bXrd!_yv2BSn+7H^g2&AFk%W=
zTfdhT+yimJi{5Dj4WC3rVk(pS4#33ujzEDx`D$b2k(A^jdo>AuVZfx`u=t;FLQgni
zM253G@V;2-pxI<PE^&o*x~FT=w=<!#GyB$ifG<`h^{%77sjLOB%;2FrTS8#SYU<_s
zpgA3^&B&w&(F;Rxa64kJSdr36ZKPO**n)9*Z1b{G1wHZdOkc_szi}ry&~=}>{-U9^
z06ExB_|aBxOSb<stZ3j@h2^W!m%z%5gUYSwYoZp(yPasvhRb!Yl+3cVP#*e(T!}bX
zAp|r3nIJb)dF1`~oHe@AgylEw9tiC2FlAA7;7<Z=trJPV{9ragAkC#M_<>5KLM3wq
zY^Rd$ws+Ta7x%~`!9f{pS~ji*+Yj2Xk<15QH-<7b!`_;B;SXM(c46SQ1*4c8js(g(
zErJ?iw<E25w$Cj3t2x$+72C;4sOpWyfHv$cHiXf0;-#+7-SY)mij>;Ef=L^bLlvn1
zSjGFRgLBLw?TXLm8eysFJByZ|9rls(J>UIrWK27QUnbaO$%KdbkG$pB&M+XD8wR(y
znc>{viYE_GwAc}Ul+`bVATD5x*Bo{A@Gg3lJkr9opu*L3ukYeDAy@H_bL=JAA^!Fq
z-#|5+;@hm+Zv-e#^)O8k7E>F~o>iDa<Ng;I7n-q4zPM<#Mh6Db2rl~JI;4WIG=-K|
zu~rVzTAvLkeJHlNb44>4nKP-D1a@hHDb&0e-K?^$-&Y%A#k>IwXZZANP1`HuOxWx9
z*y+mIU`HSeyO5B-L=jRvBEg0(Asn7#aC~OpH3Hwa&dSb`s?j*kq(gG1n5O*ZhK_D%
zD@{NDy-}Ji`Y=vJ)*7Pd%63A<k@O5@&HFV3m>ku}Ez4E<Xdr%AJRg9?snexvyOYo*
zZ#Fe3d6?Y?KTXlCuf!`EB81b<mkWc%w$fDc{+-QjZ<B7hiox(_mIDhi7h`wMtu}Wj
z(mK+5j|FD(5w`u6iP!Es$t!^>0xpsEJgUTN^7^C#wm`ha2%Rk?1nijSwJVS)L#YPC
zc~S4X(Zl;0`qCB5A~A31frUzvl5;E=7W?0;?aYY52nE*DUvIOdA;qU0=8cmg%7jXO
zLEqO3imG#xH@mZvgQz>@*cy_5`dhf@%Cog-YG^3sY{g`oDpS`%tBEIwL-&i5kWyqH
zD$w1G1VgY=^T}l9)*Wd!yx-qPH)V5!Ylw5Mvj-YTVQn}PNB~5TRMnJnv?e$|+4_fk
zYaq4eaK&$`CqlB^7aZ@80GUg+Y%8;~;zpVnIQS=JaX1l39F#VGW|}aXe3<y}h?NNH
zUs1Ck9DL}93~mtUk%F!l;uS0tjtym7T`0Tt<v;K};KS6t{09<*5zMtACp*t7>Rv^7
zSnIuUmMcx^-ptG<xP-n52css<#HF!VDMWFkrV``G$-cu*^jNc#)G69X{0fp#!S~(u
zBux6zi93y9*bvD&p8QNDb?%vZAmv>|aAR}s+mMKe`1s=65$gB&QZzZao)m}P+0)@h
z@`}{*BSjr>Pi{YF5TgP=yz-f>syoIa@3vFNd@&Wo^_to~+zc!z(^4YGFOg&L13YIz
zOl7S5z#cp*HMav1Cg%Pm&Q12r<!SF$2E6OEapjd8?wVd-7XAY+)8&6terou_ayt4L
z`|kePE)e)QQRtwg5w^lUWn!svx^DJz!vqc~$d?OBNxjOXb46m@w!9Ns-c+p7)SSuw
z>a*WtF~m%XF$)-TIOa|wXgH&=R`^Lsiu`-4Prx}tdUTp6Li_AzQX_rCo1tNv94F-c
zPITGq+Y!j^B4rw}4exC&Sl1I$;$A3qrW3(|`Au2Absxew+QGXF<;Mra&E*k?n-cT%
za|g8RD%bKLd1Jfsti$mn1<aN^#Ypvn?q)}h?b#ez&Y3C|2JSTrhe{DBP0iz-{rLz%
zI5F^^F7)>wlOL70n;gF;lM%@yl1w}2)P9OuH~UCJ&mB}{p;oXYAGQv!a+H{t%CzUy
zA^(dxl0@4?b8z!3)4w^S+q3KZOw@ShttI7ZqRS>-g0d}Ode`?gZb_>Z=%d@}V#37s
z^EaO)&&>T?U+B_kLpLX1jrZ?6awNmU%(j2^jt>QeG<XM;l$l8ZXg}uu3`kW~D7-%j
zF<Ior9*nV1rVw6EWg9wD0Ap@g2O|^2*$fdI?qO7048Cwm+iblhbH0_;*K%bgP}dmv
zB(|<<kkOBFwZ<;xk(&W;QdddVspk*yfg{O9lP^rG(el@cSw|D@IKxx3B!qmxwqD%>
zB0L`V>|?%WUC8%l6cRRYZP;SoBg#i2i)HTAMU*+p&`^bDo%msIkpr5@har(NkG5$d
zoshhF)kMBWYq0i*>Yt`4Stt|3ssI!0N9rT|-|4?@(bbe##aBjANTIh6vp2IHR$^k9
zh5c;w1jkH<D=z5FWLx>uE=DdRBhwJs{C?_#m*?4hW6lbap>ro@BVAozcN?tZ&KJcC
zAb)|xO|Pb=5h8HxU(v<?2So-MD%bSE>k-|WwS{G4LT^3*x-1RCR!}0V4^OAELCeYV
zEb1kzhS`24I$XjFhuPFOT|<EXiB;?TxHx<M(GiuYBEEIRhf>Q8vrNT2ZtuTQUxxN)
zQ|JS`%to1dAPGA4tCysARzE8lb!~AoLuXHN1WS4q^~5`$&7Q=?Q5BZ$Ube4WZFCPC
zYI2e~32g!pkDl<6-(vra#aJvS3DGw7R2xbRlc%YXVq6M#$AP5rk&~M88EHs;^{d@e
z#PUp-coh>4rt)(06B{pt1xQydR>Y$X^EQlp2?>}3`3g7^=52UQOYMX3bHZ>&g#Zkm
z<!TFlvb4v!-+cwVh-+z+&AyO-2H=DZb>2pcn7GShBq<5PlNZOClTt3V@WVD;3n8ks
z;B?zYPsU=NXy(i`-7G1H+tVbm(KF3hBKySv1Wx3qfTKF%;HZv3iKMq{Orr>$=qoU#
z!~6Z-OhgV2#kE{7d79J9+NIo$N!L7j0(H)2*FK?HD=SDtywtsX%h1B-_MB%_JG+ZI
z>yBk+fv!OLTr~%)1B32|+f(<67hET({?P?l6u;O;{q<oX){r1MqO$_B4p^*k@u_Zr
zu-ndBi-%URwZz~nVCK`jv_%FjHyGF=e_bwh+PGW#K%M{>QJbgpK-%ziZ`^jl`ziD_
zJ)GWQNI+A3mz1^_w@F0wW__bv1Wi0jr+-KyvDtIqL36)=*LCpo&Rr}a_GDtvu$0Bs
zO_A68_iFarl|24hafCdD71Tz-I6Mmsxi6SUydws;*kD&a2$U+W9}aD)r4}j(ckdu(
zlw^z%GtYPtA<SQh7JL)41|rH^A`5M;T61TzoMdna%J4~i!)rxmml_GAQd69RM1#aq
zuF`7k6|!hEUkV@zE_DE%${_(?psH?}$fwLm;9-@!zpt=nih8|)nCh<HUK4)Zh3(Ye
z@D0EAJT21aqVr)Mh2NE)r%LCJF-HYO$R1wExbT8(;9px<)%jrh2XZV7z%jqums$>M
z;Lk?q2Fb{<-Z!_T854cC3nN5I^tYf^XC@BseFO$J`%9^|ZFl^hnA+0Goe{#328bKr
zhVeiHf2x$xP<y}FEB9P1yl8Z_3sAguJX>@ndtpb7%dPFJm90K=LX{5mTLaVLX5&w1
z=YDMO30a^w^7ZS<s>e~CPd@L@0@%XO%uU_H!*~u3Xa4W|jr+)NxdR4DiBi(jEndTR
zC!kmV!G5_|OAJ8{{mjSr3WMhupDyU+rv5{ZdFyWl=^WkfseuWyaJyIe&s4VA9w?+o
z-7IVqZ^{OVfBd}>6;;f!v9pmbvs>4}P9rAvD}wa_@RAdoA#ZJRX*7%VQ#=|NP~&oH
zO+{4@W-fKauVM2rDrL@lwq2vcGLWExqsVbJlh7CRlS@x63Lkj0r=VwjN~3#2+B%<E
zI8u4A**{RibgiWQ17EE+dlIkN{VUDV<1^>xZx<`C+VNq_eDWmZgsHZKNfT-~d`nT2
zb3fSWg|#_B?A(+@SQK|wlyzJsk`xKWGV_hfXRk!MB5VjV8FjD1)%n`8)hspo`Q_os
zr{IAR07*|`V##cmzpp|~IoFn;v1TTlWD}tf<xic~89tC0pN#K&TYEzqK0W_E@V>w!
z`g-gI{vKqj3S&p<SKwxC4GYHNxV;wL&_Ch2`T@F!rz^vShUw5Lf8{ah<QI1!e9lvx
z;(os#BGwfBdN5h-o=Za*ah?22aq5XeL019V_FM!{N2Pw6OC*&-dpRumtM}1x0_B)O
zPJ%c|Xbt5UoxC|dXd>p?2dq$dC=Yt*3=<ab2%p2_dUys?YyBs|^dw+pP5%)FGTw1F
zb>3O2Pc8ew5|9wjC|&95T46Zw40B(hHJ13@YQ<4zX+evxPSE2)MnYx1py*{8#od|)
zaM~#nd&P2eKl54HCL?62ui>;ULvC%FFG}s&yNc@wdmiK2!K&UHfhImk3%B9!CC+Fa
zcpu|dAk$V#t%HApd7yTC@^N_fEvX%jsk1^2a)Sk6yJg3bL3QkatE;LuH@^`!bf;GZ
z9h8ME^w_jq3EfJb&_}LxgVN*&N(UCbq&bIg9K40;jH)PBZlq2*G}5>EqogYn?zb#o
z+|mFPWcJ51!&Tx<jiXY^hBUk?%WBMc70Rr)2oqr8M}Dcb2D@c16whAU?(NUimwdSe
zJcanl=;iSH6wX&1ZsK*dqYy7TP=s9Q^07vkCtl?*{a2DLa8>LfCXY&l(P`+1b)cy2
zfDPY)f5abB@4sVwvBr@arKfPB9_k6q=Ue@GnP?9jBpJjbqC0zD*{cue{Ji#iOxw46
zb*pd_#d6aPYcb7+qu<{Z&ab8Hs{LF;6Wx6J9x136aaE9A?ErFy^z&=6b^OX_)0}F}
z2P%V-#A_ya!xhj3V{>X{*76-{UT_q@fBg{6h-_jUb-;fou(f&z&ITeyrZ^swfFIOU
z2}J4uQz^dG=pVaNXm^$v*A7>_Qo<7Ek9N829vdu&k^#c*sn-fTx)GwuJOb};So=|`
zG~i++pe3W7pcga(U^2eEqz<+ab9+ZWoD4rR_-R}VX*+d1JQ<Y=?693{jNOJWv^e$$
z$L`EueqnH<%=F&c%lm18E;x~uYa02OW~MKE;?zT82anbd+*Wpd-!xIFJD5>7d%lWc
zK|H8djz@wzUbDRr{vLK?^Dr&6{Ov@`yMHD#Xm<}*JPNNx+DQddicDTZ%{|_zLs`+a
zJ~h=r1{DXTD>09cNxwIn`;9wq3055E&eVT<^BW9}v^7*Eo|ahfveqJg(syYIi_T%E
zEGNMIw#yEq&nR#pZl`Km({iIceR+g`O}g?sFr%w9Tm}L?*(=H6(0L!;*nV$hAUvi{
z^8*|iQqOVVttYwY%J|+zCLg#iP2l_Y`x>X4_elM0zZ9Te2n<Uj)gqG?0gK(Umu+A!
za{rkyKBbOI@EW2F6<s{<>RRut<mCO@#m<790|#2N8$SK+GiC!b>>J;`(}ZxP4)5@^
zz|P{Gi~jJK2uJ7JdYad@XzhVK)>fByIW|kk+(I0A{$!R(>+=2of(ouQHgU<>%o}Kd
z6c%2W&FJ2a%qH6E9ksZw`nCH!X4x?ww26s``~bK3TiW^zqoZ+9;yUMup~U>mCiCMa
zRoXI$GC(hFmv!ExS1SSK6;om(UP<&=O>U1&5A61WZrPxuA3c?k%TL}p9UGT=*W%gE
z4XATxg6s~3^wQE85DCxwxDjuhBQv!u>+VU(q}n#K7DB_Nx3BZT9T-^40Q!8NvKRFn
z368Xur0vaG?2L~Rf)#K^1AdX3BfAt4%T;EDt6aS4vBdLepFWTKr<-uN9-$cT@9!#M
zEq9Uxo0JZU?u5n{Urwh}IM5xU1RI(xNb0r#N&Nidn{=MbX)Bc?>Ku^`Ts?F{cCV{#
z*2P$}TBRo=>!|UL#u@_N&c(WX%yS^XieRsB-qcUN6l*wg0~LI2I?UY`{3JP8US!dI
zwAMVCD~$%btpKy-JQ`MLeYc-!c*ZoTO|`JcI|imoBZ0;|F7ov~f<Y|eS*1IhyxECf
z;Wa+Su$r2yDW1g;Fa5XP7Wph~-BVc@vPp#FVMiObW&)yrj=KMXAnqu-loEiJ4cO02
zk9D=BUkj?5xacnNYSXiu>aX1S&OQ9VFysIqJy&qZyH9onD_!U$#1=${)VEIY@>syV
zzah7A%S_zHy8o2z90!;a>~DHPg$S(0xo$5qxbwuv$DQwPSRl&ch~6$*cJn22Ol`>M
z4|JZXkfXu5(F|>U<leufjgQmGqE_1;_HQ7Vy>EQyzrd4s5LV#mG#EvpEPTjl@s+ke
z_;9BED^CZK{PYk7ZZ}JQyKk+h2d5&Uf&5b=bz4rGg2tQy44<c0@DP65%!~!5PQ$qX
ze%orhn45MG?-qKw269`*{;b8tqu0Ry!bplk4mlYvE*`IHuZO}QwpQN@+L<o`R`5P*
znfZc8`r8OdYIp@ney6yCy1*o(iuSr4Huu>AK}t*Wkh3pa9W8mXO1|GnRBas%Sb!hO
zNgq(ypn1r$$E_qPlN%d|(*J<N<YZ3u>lIHBw+XDGtPrTJRVJs3l6h5s-gHvf$e2UT
zmjO*ovozg=<BWcCeLeImfiCMItj=Dl&43UPNPE`Ke)-)>wqr68*%|+!rn={#9Df!I
zGdZig)nsB~eP&vU%TuNQ;h53ohfc(JbT0Tcky^5Jm*{JcEw@6>!EVn@2Pmzj&*YED
zJ_Bs~U+YGrEe0RxWWC-qJ*L!{D8j0P(z?g!R%R+1@h_)hAr${R#2~1WWoDz22|F=R
zwrpU0SK=Qof!l7g!e|vmrYy4D)NwTCUS8&XysQHTpWdXFuV{JB7NQ{M1{iz-Sc1u%
zd;9tVe^L=nTW=|@c8c*Di|lD{unUrVc(T^K*^4lRI3DypwVk)SQNOJCl{Zeo6)^E|
zYV2^;K=r6-joPmw(!}cyHpqEwAUlG%crCS$tW^>fAI3ix6rf4>#g9~#I62`-?EW6w
zTah#&>{P2lq$*o}(jdH2*L8gpe0!~^wD?Jz$Zbqtex((}Oe@rq_QIZ4Bw2{eH0v!z
zCGr*+Zp*MP*d)?W49;pc!QUCTCNt@(;$|cX9u3|v;kPvDe*<Vr&YrZYccj910fHgg
z8UJDd5DV4(SzR}1$MgGk6s-3*UI_NJmZ5~ez1Vf%%0PX*;%D4peBE45OcGI79du1x
z<a)DP!pXo8o05W69%i&aY##7wdG+B8cKO_KH#*X*&MoW+5I*dKH0B+q*Oe=`L_bXx
z(5YB{q84bSJhGHAL^S}$lRS@i)xXq=?C}NnpV2ZL-<zA`Ui1e?%h?|C*dL5X*3>YB
zC18h4J7I2jc!an_Cm~$&3Y+#SoZr9ntJ?VBov_^pz<yL*z2q8hchjI)u1`fk4Y?Dq
z;1t-v;HzG}OEXq4zY8TgGOh&!llS#Q4g7|4edt=IY?kov1Z4ie{MY+dUn*;<qM&(~
zklK_P^Y}x2e%JlZl+11ncqsy29bZq+T5u(NgvzLU*iwBXu={#qx}uK}n#hyV^zE7~
z96nad`aHXDlthEW=jCIz8t2q48Qmib<z;RjNx-LV!fy+ZvFPAzZ+QkUW;RdJM+MAW
z`7zpvv}N>kOI4g}o8+ko$p1iAU-Jx){@x|$YyIOPEF3CPG*hmI0VS9ZQ>o#7!O)qs
zY-@WE#Y;1KE^R)oEy#wdsBee4FaSp>=&NibGANa2AH{o+_x?#*s9jgimy3fD{<Y%|
zorE~zJQE&{*-sxfCMDMeu90Rh?JRZhr5z?@k8j#U?^>ciy7^S4c#|PV@#X(CVHeGN
z)u{6P;rZ%E=mS@<G&=B{DKL$e4amRyEt@9om9Nr<^7bX|7OICMWyqppoACQ}Pqi%)
z_iPbFF%}nhf?D!=1@$rILe~J1U1p9>>ub0^REL?G(hAkDe}HMPT)bC5A<=y#ak|%&
z$4A$zV?ltZ-U@N>ju0i$<9+A`YEDn^{T0i<Bi37W%!(yOFSin0u!T0cZkxbJgjD1!
zY#m;7#J9fU6xJsjXTC9k4Z`qhPg%WV%n&egIFK<~n7+TcBctYwzU)LX>L(C*B+rBS
z@Tw${j>>+cLVfx1^8V3i;bMeOcx(s}+4Ne%F$pG0JD`*u`_=hfhszPP3zK(4vv!u2
zx8zPNa!Xc%W>N%v%5<wWf%u*e0D3c<e4(n3!R3mlpJ4i6ZSqaqrjd!X56^6)jK+DN
z@WJRGJ6aLp8ommiMR)U9!vK0)EM$%sF<&QRA4~&-S9c_e<e2N5=3e%qS1V@ZGJY@{
zxdR0kQ%N`4)f!bkaqro%5_ktXT(7Ee`=!M^ecYvaz_vzrAOqwrQicl{*Y%Py;B}Zt
z_SkIBwqX4-Pr1qh8oVie?icwy9zU2{N4Ywk33QFhip<j$Al5dTsfn<sGSdXU0DSIV
zl22r^1=XUGw1&M7P5;3XKT~=3@@3*}2VYf|x1djq$Ig)h8B>4f{|mB-W?Ut9O7;6U
z!@wDB|Nqt>z^!;P;}X#vd`IdifmHM_y@P9JzT34`zSJm0{OXz#u@2ThNpYjJ7@<Gp
zhSQl9%M<VTW^lL4!GK(izDW?WO>|xbS{>at$p4{3@NE;LP9xdmVjOez_9!GWk}CcD
zo7n?zu~M+9%6Oo+b{05YFAC-trty6w_+ateEy@1DOHhIlh^tHDiHhGHZZzOgB-^1z
zH=p4iCvg4`sAzQ|=+YJd%gUO`0b(SHJ^sWxW?Ka2h>SARwi-a@X)lUk?_ID=9cgiq
zeX8{j@N0NOWzKCv+pjQ7+O%&B#~(YBK#F)R+bVlZ7OKg4A5uvyWVY!RJ?=ng$IUH=
z)_<IOhjrt@437~o)ytHyuZ?2afs6dD+IZZHG)v~60tZig9(VZo!VR#t&s-}mGf*FC
z5+<RKzR16?`5NN4_wzH#r>tLoa74;s<bJ9YzrIMxy|?^AL@p0qK;Du39?az5)OxwB
z6Mjq&_|_J>-E;Mn5$~XDvcC={&Yz9<&pYZuJ-x=q`lC?~uLTO}0PtjtuJ+w(I?M1F
zS$8x|gpvhMOhc#F+LVBF5}RzJUKM4X^|zNzA{lA+9-fDu1Eu8nD!w1ve=-nHOrh<~
z+-<#jpyZ4t1LBUb)Ym3x6#Mo5#&BVP+MVG_>f08_`M3-)l|(IY+M(`z#PE?XUWHA_
zq`*FBl5IYVnaV~Qph$P%3N%RvroTnZEVZ+<#8wiI+YVeGxO&uqRgL1UOkSS?uSdU4
zxjjfPV&9#r^;@+m0)AMIE5A$3@4=4nBKZkEVbVh$l@Q-HLHiwfy_NYl@1};qgikKD
ziJ*gq`nJNHH)b13L89!ePRD1ZTQ9FHkHP|ln{ao!4bPb0YuENQCM#~wp>^#YD_%>p
z0qr|?i_eN#neHX!nD^(3M+%5=z=fBp#73|hlv8fn&C2-IE8u(t{$?V(pWacKvW=;|
z8I|dXi!szDPO;HDb2PI`E3JD=Z=%r8q0qLinox4D(qx>;t;_A)`<S}!woO6`@GZGe
zq@jh>#(n8xp_AtG({uKdnke7FQP-N;eD&7~YrGV~Xo)DMC<EYB$0h%Kk=F8SGu=L`
z`FdjTfR8}?oqVcyzD;~qdxzoI=(U-wAjI?;P*>ApJn1#(A8UF!alv*@-kb`}l{8h9
zm36)|Ut_Za|IWM2i;s?%ISGCtYI_ERo61v4dZObQCJf8-$_n|#35X&HGirFS#WPB%
z6<?L*9Y+!@zC5l&@Z<)%JYZLTVc^wzW3o8l=6}SDW^!_(jA7%uEh%E1aqZP-wbmRi
zo;Q<pyWwzFQ~DCGWDr!d`Q4+?yCo~pA!z%>`F%Xbw**z~xlaGOAdl3$ITHknl0G|2
z-k#v9-84NWwKhA7JoRjo?Yte1&5DuYJuX*}GJFH@F~&<&dAca7f8sIO+K;Z9j5n+X
z=ryt;go8Qsw2lp^u@Yf(+<MbnvT1W`^~V^fxx=~|v@d-=kedI0*n7*UxW1)t5JG?i
zO(3`h2<}eMU?I3BxI+lqxI;rAkl^m_PH=a3*M@Gqad+u{`+uM3KKEVoWoE6JFEeYt
zoU_i^`)sXURePVR`q}IE)_G%(kq8wBwE%kN#yhz$#lIF$?PK3i-2c9j@Wd4(5l*b8
zZKAsDcnD3AVmZIY)bJI!DiQ<6s$EiGd0b-hm#0Xe-{MgM4?r{-oSq`-<3Y^xS4qB=
zQ+q96C{N9iH6!hmH-4QOxSSG=|0H5@QV9xMv@EJ&D0<)hEbKhpfMd41$9Ph*`5nBe
zI8h=*>CwhK$-Ag}zM}fA<7<N9*LoR+=#0@a=URt3oSh1_>F^&#e;tkP2U-TRTxL78
z-koCM(8@br9?KHx_^AypsU;+TWPLZ7=>pa@T5;cGUwA&qmr&sO%B-`e-QSz|97!`O
zet$+IzDw-kXiM-N2lH26iXu#iNcH}@EUc|nwg4`bpnYbGy5ec4n4Z=x!w0;34CkHr
z`g(Vbh?!>t2SuDs#q3@Vw{&!3teM1o{?$hNc|ywSXjenkjJ8W3w#S{l4l~4pELpGt
zgC_)aOE7wv3}V=UOHZ#{I-p=zC(Vy#v7?u;_bxZuTPRM=+4+?XRrl(7f@e!yV%2WJ
z+3@hp<S{85YoE}O5AbLvuyG{E?wgZM^1kNIEmqakl-ZZBi8yt}ykwr2_0}Tux!cHk
zj_39##M*xdG|JA5l{k3B6}O`E?obL@xZ*5{cGa&7U+qRl?dAv>g5jJA?fnaE3a#u}
zcjH!V?FtrMv<ce0EiaTP_zew`<?QEG2^Ieo+Q|Gm^pZKhpN)}bdeiwa;m@Jy6SP}?
zj4ET1-SGLt>|)Ahb+ceuJ*SB#?=$J1yi(^K>uX_12k%dUj{;o4YqSm>-gkqzlV@W`
z`2KKbNL+IyL$Kn&f;n#%U}@+ll=LsGe`D;fUaiEj@DsgJIPu68ifi)SzL%f&!;7yf
ziY9w!Uw>_ma3%V={ifs?-vSkI%raVtRkguc{$+j(e+k@*e4(mn{IagFOUirF_mYyV
z{@HV*B&|fNfV-kqY%&^$=+5tW!ygpPe>g66T=s%Kb?y3vlu)|GeCj6Xelm{|?z`pu
zU8O0->nqJ~D}H}(J!bM%N_2mLODyOW-~Q@7DYKUSr$(+S?&IbYY36m2_R#x77OtCP
z>blSh$&BxCld-eIr4~24KY1AME-S(*fw)R!19-VziBaMM-lGcPCtz;zW6P%gM_L=d
zn-}!q^w^|vOn_vOfCcp8K7WP*C#f*)Tm|A<dv22H<Sz3Oy_??E{w4r%ufnsgdb1N-
zC6!==<>`>=er}dRu^m2r+|LG8Poy4Dr1`~JTCq_XwE)hc6y`Gt&VXmYGplZ0mc5xF
z0$xqKbgm_G!|btVBH@U`L^EKvBDWV3m>p;V5w>!c{Qz%XkWRq(?sXHEU9s3L&`CHJ
zS_Kgbmj$7!u?#4llCd%FQ%(qKzH3Lzqx?ku#YiM8U$i-WE|qwiA^!7xM4c7c@cQnG
z>EZoslL2viT3U&kT8QxS$VDJ2nz(kr!hFPBB~g!=K?FJ2gw0Vi0Fk5utzVt$L)vT3
ziRl<>sg!21nXul6aKwH~xc(>aQl^B*?Aiz6<MO4G&0xy6E&$_vc{<F%2iYmrEow2X
zou^FJ1{V6y5F+`EP_$G7A_)i@vz}jlUW<tSUnbtBg(JP28GqHvdL$1yrAzga!j!^)
z6+CbmNZVXsc<!ZkMSA5mwfFAI3-#<`wuSu1o1Qp>pT%m^U9K6lo_o4?_Hp%dx5R=<
z^!8;{f9+aDffVRAH!W6v8K||7x4tapdwj%K7@^ADKbS=8_^qi%u)kg<vwF3x5y?x1
z1Y!@epU$1tYz&gSMD!Aa#eS0#D6KlVzZ`E<<|ou^WIb*X(NvFJBc=_n3*%Gg8|X0$
zWad2cLdiC+`N6sODe9+M6_Q(`ox{vYWSg5BBE8F7QdN0nISJBSxEC%m#}NO0K0=!K
zsQ}o_I`N@EBTvUNb$hUb=~QtelaTO5#$yriF1?-Lk!N?f&11Fh5VMUlAMLg578BdV
z-NEG*(U>091b$prK`-Ce;)QJd$w;cmjiRVK>dN;xH&nNzYr6VU8Q<NxvO)D9$VGJ}
z(F^|ZPw9h9LY^p4Er{HCGsE-9n)XvkWW=gg`0~=3eyMeSvmhK`KweCw#l<H`cvkfN
z@lKpFly<h#v=LMS5(ZE>r@=&4y<SB@R>N=%0MHvytCP(nhzn_f=ka5FYoIKM$T!44
z$H`UwYq9FleOFNT?J~&?h1|{=44GH|n@fc-$CCg0Xajbg*tY9r{Ji7M;Lg-t=I$^1
zAthdGP;`FOt&{Tcmw9ec2r(1!SGyi_m-QDSDVBnSSpz47y46iX4@z<^*^<Y(f5==g
z*yTIpZu6V})LJ(+f9o#E*~8{7t2}ef4O4iu$C!VoTbV7}Pj+T;%?#yes@AMk9X)%b
zI;h+IX;(4K9;?p|_PA#S=#TVc%l{5mB*+al&vP;@iWp<0wadL2F=~uR`Ag-z<ONo!
zDkZfgGB8hd>HEgI^j9+M3)l`hvyL1uL)X4iQ&nJP=skS|&I`?kOt(1i>G5baOAIF$
zsk?eg-o*D0u5%X$PnhI(Kk|JwFa_!{=!81eR^7bc*bwDkbnTO`@bNiolo_8CYbW|C
z5{1NRS{nlTHd$&CZ4UQ`R`%Y@U^C_TmI$tq3f1#*!SnQSgnt&t8Cz&o1~8-@s0k!c
zgIJ`^rZq(I*gqJ7Jyz3|&+y#EB3j*u6lWcqbIf$lsUHGXT<;lqPv3pcSS!KGG%mWX
z|88$>vr&0CPFHz6?B>ioJ~~V%S8k+!);wB4S23mG-0cx^kxw-)+WT;J9Ea-w1uL(5
zm}#|KA9Pc^#mF36^PBWNoi+<vY>U$Um8$kQ2%YJ`;#(JU_UEBivU;nB@Kf+3OVvys
z&JpBr*Fxn~zvJak3HN^veHIG)7Xi*+RqZpXQoI4XVNt0x2S!T@xUc+`@1(7dg^E9p
zO4Xm5ALUhTG+Uw>P1wkwqJE388h`AlKj3=mWm|0p;6nh~qp?Y+TjP6!$(`%exyS~0
zc5T=D&b(|Mq>^SBv@PLgl0wh7_=YE16+@O13GAmI7<(UJg?>pr9t9nHtbY!Wtk2H8
zYxhCLXK!rqWBS2{l?7hJwrp2jSy`_b{6>w#di%O;n9j*QBOxMekioJBuyt!=xKw1O
z{(kA^(_~!WPcL8Iq7fb*ex`K}V_nuf>h~*Pxp#c~i7r?9jRtzqJFg$;GDWC$b*-%!
zS#CAwqkd#*0!5eS0?Xl^%&BB~yqZ>c!<$+^mpdRMyAUT2FC~5h^l#?UVV^S8JxL72
z_BvQ4NnbivY|x0GxW@YR1m~E%st6=_(b>E$ubvZ6g4fKf4`Pb71Te4AC{ZUhPIVo7
zIke71>B_lGOSFk~4^8*-`z>3V4G8P_EU?Eeo?x;&*>b4Wk)C*E)7;K8uI|0-q2Y^$
z4bD`p?t6Z-Ltw(C@z;DG7eP}2COtx);$zsJvmS*<>Iai}vYAY>Qw@Gai^o^~7x(Ce
zcpXT1_VE}0xpon;E*R0Q)ITG#U_aHc1q+<a+k9o$qKq^XuRdI@zw-TS0egicoRWg7
z^2*Z9XAHdz_w8C84@ze8Snedf+J0k{PU~P`gF3dgc^3UVrNM`_y|bFtCs~c!nqT<m
z&_Ct+b^6qFCtjY5xcQXVHmJ_#lQEK6%OC4}sW$k?;vIP<_UksTi{Hj{Eq{=Tsrgn(
zZrFp;nb{C=l`d|&<q_ivR_=JB4}rvL)=>+U>a?YYbKC`Mxqe*s{#Nk00&*#+n=F}7
zDs)7oPuEt=0mNq8Q+0e0qSH+G`^=o2=MuEMmhNs{qTU@1FQVnv)Ut(VSlS+andiK#
z{;}Js{SjV;SGAfC-G;RhJ*MPcA+mqSe;3bj>%xCpF;2&#Ez1`evPFb}u|3>SYi@-$
zNTFJhilbM9F8dp-l{k_kMAKW>6z7~$OB0s<g{N_ic$md3Z=c}Ev|q(dGbu2^sIZnn
zOQp48Bb>tU7Zk)|yJF5_GV!qEqOYN|F=xeq%A+JgE_g!I6q_09w~~}A;H2fu25Pjp
z*fHcdUP%s{Psv5i$Teki!P3`q_|eP&8Xs0He&_3%Rgow}KoA?Z79>OJb4@~0N}H?Q
zi?dqE0qx9aUan@!I8`p;wI%JzMxGuc#_JolYbIyTS+iCY%EdBdFH|eWKKO$*pRiP-
z+Hn<C>+>LaqgyuHa`?&6=MfWpP-U{8i>=*@*vow-n`79zGK65hLXPwk5Bx<ok)T;j
z<HC1<?|jaPj$wBs*buj6HD982Xym;7kLOlj=ThfxWRZ0gvdfg;@KTYO32@aD@5XPk
z54PsHGpPUmbP>-`-{1mYXW%9(`DO?3fv*4Za#c(FZyB=twXJ5Q$Q9qA##&pPikS8!
znATgH%lBn%<C4SDrC*pxpJVhrhobSqgVYB)x@w!_&l6tOswJ^Mt6{!Zr_p__lcIy}
zty_Xrok?^YtFn;c){(zZ`V-;>bc;2Xa6bUc;3R{i@vPzl<m!FdWWrVA`9-BsI{jGq
zd5@Lb(I48;N~cj2xP*?tpK~MFXQ$72prrP`cmT^qS2jDHJpc!j7JB987a?pEY|^H*
z$McuZ#*nH%d_Lrhd?++2>a)Y(bFH9O4~oGvyGh;LisyB&OGE$iAC<q=wrZqg&eyAu
zek|g96(W?*awW@qWMQbrarqr@Mpir8iT&3V?ZBF{)epbXl*vxn$2X^R(1ja|s*P17
zLSoogzQluuOR<~NJB%%#aY=k!3$GY7eEBd%554bg)iA`#T^(RQBP_z$&$eUJM-P-O
z;8pzPYV<AqoNBeP)bPnKX*h&5+~l^RhZ08PJ;(E+tWUfdzH;n%Th1P?5@>@JZ%jCy
zAlF_E<?@!Ueui0ou_H;AnmyPU^Ljy3ie{E8JuZGqPO-#Uz446`mlHS)p~@Dwg^J(H
zhjz_F!{S0JjwUoqROP~QwVE70gfu4Y?0B+wk2DD4cIT|%QSnNRAtZ15k?>((sr8<R
z!W%Hk^4LoH=)EQb0;r^R&%ej6@nwRL(1$3=*+W(j<>ilseA5Mf=g8kk!y<)ZnDrKS
z90Z5EJB)aepTo-PB#?-evX@rLMNZyV^cjKuQPOyHQjCD3;^XV)(SO*lIe=7wiR_Ip
zH-u8h^9h#I6&;<-jfC>(_18nTH=!o$ZU*six594MiGd@PnY;7&z{?Uhzx(k&c)4`)
zRY;^XY|$Po-NWyQ*xO?sg-Dm``6HTzE7Db5&t_ZRQF`&z4^_#(E1gH$Cn`~!u=fmu
zW<AC~J3{3|S~6T)HHtNxxv4|p&Yimzx6`aU&V}u@2|RLg<V#odlcJ5GM^kNT=CIB1
zoZWV;ru`Q@3?02y|N1tC3Ey(-NHF}Q9>s|N>!TlGXKQ}Ek<q_A`|l1P7ZpWS6)8O3
zVVd;HK2gYP^f}moPe}nBoEwGjk+_f1dV1tx4_x^=Qdr{cBN-gzePnA0a_>;e66yyK
zKJVmwJz1|`ygBQM=ekPCE7DmE@$~pRaxkY@^YwR=$&1-6?_XANXq;PZ2^f5!8Nja1
zRcRq|?!LgYlzv<xr{@=U_4yyVu71(y9CggI9cigz{ZF^oZFe`sC+V4qNjG6}`-b(~
zWQh2HWj8h3i&3!SkW2Z_N4eC-h$3N;{-b3y!^{i8jLb&7`D`}$^O-MN1M5AVAHo>+
zH(}Y}xiMr`(db#COMs@1Tqwiy-~+wN;bi$G^Yse2|F>hW0(nJtbux)SE=_GxA&;FG
z&PT?%VyoT#!QTC7xak0zfR=H3YWHInJ<nib<J0on4PIQ>mNR1=wL}}|Tz_AGO88QW
zT)hw>>Ad=qua#&1FE!C)MHqiXjt#*9U)>bV=bUY-r<YT+-e2Bj?vS+I!cd*2RI74+
z6+IZiqL0=GeeDk#use_1QM1DurmE!$K@FgNEuP;nsXPZ@?7&?K)N!xA&K7^-vi)Kr
zuCP7VqbF_PrzepIs6e&K<jq#dP7#Ue#;=VSML27mW7TeUYJDAIhqA|yRu>v@-n-iN
zEJGLtOO9M9FZlZSiV~3I?h+!R9#Gy-A|lR*j!t^OhqZYR?xqvjW8t-?k~|i*3QyZG
zIl4^P)8|QN3M2p<#!O^Swg<_O?VTITP?qBhwvkwC?`boo(O$DZ*RAj1x_zcR!tX&0
zgb2)<UhQi{T}7Fh0#g+~*WBwuEmtzC4q(hBO4->LmvdL^xw-1C!*}25JYI!zb36Tz
zj>+O{`_QB;2*3_(>=;^~ruxbn<JEE-n(h4hG6G?jgn0>>;H~SdqQPZTfCk=jL|X@z
z@`a1=@usJeB2hGgf0&F9ri9D6@?7p?@E)thSkAi;`XuyNF00lD|Dk@SDJ}`vq^4DU
zkg*Pn;j!GvyyKT@QK4DX{_`y(gvZqf{e4$6l^f>i#H8_NUs99v#78VX5VymO?dQ6Y
zFyW-Z6daig?7Y*uW<ds}?P2fT*wTgd;LJ&G=yIEtMF1t-favCYe#XMXeqX6~V8>gh
z<X_5<Q9x{LVx^Y|W%)OjdTY(jm7Qj0@<H$xSVA`W?}>q~(G9`wf`Av77aWP7qlKfZ
zF-|f*;y_)^2a?`$@3iaL5fN@|*f|3sp@zNIXH8A)gV7UsZrxn8^ZZu??%(1HPbsz9
ztb}#CY@xBY=@(TbYU@U>51lJT+6)12v{DzXcbXfyn+t7-4Qvh(EHjLbfzPFr?o7q!
zzdfV-;DIjhkOm&yXBuJi?7!{=rnD8Y4(%-$4tNvw&rJW!IqP*|Tmcx1a{uWN;)h(7
zL?Pw>#7=>$(<zDGEj}Im=a<`yxX2g(cDk0l`y%_F6rcRO|HKU!n^F58H}6+e`~O?a
znJAb4gtqCC75YzTn+;lu|Ae+Vi~0Yn`M)`6dzEg;uw?UvF^`alKj2X@f$5rCVy{N5
z7UlxxRz>~^-=tYrs;zEz0@!xj(bL7bOO24oxLth#@XLSCzw|I{mjV@u-c%SjTcve~
zCQG+xbVe?EES2OmZq=F>1!R<>{EL<aVk~1XFmPk%BQw*AXG`KXwn48*|BDsrNRZ2<
zX=LZ$p(f53FLC!6k({*!H#Ro3T8V*bmfFJZ$b(mWuew8pEt$}hDDotW-eTEOk$5=&
zo5JAC@ZXU?XNqskeC{5st=GIniQH^ArCTDh<rk*`sshXw&qKne<+L)Wcns$UU}2K`
zFX)o*gb|yIUI8*3$La4MN+tBXu3KWPzoSC;zbYC=D_-u}<DAOn&39R1U~h@{&MZPK
z-BXF~lA%!xmU~OxbNs@g`C2*Od0K8;GKAjB|Jix=nZTPl5baWXADr}WTYz=@dam_O
zR*gi#=Ht&4o%So^GHEdf<0rZ9RiA_2$+e)h4}{Zso(haTkD(24o&fJi4y2RePbmLh
z6Pp025vR`ci_Ryf$nWmh+ka$FauRJAjO+zNDreY4o>v%GzSd9eRa$zOcpy5|^w;cT
zmYuV+?`e$4y}8jrt6R;{p_JgIhQ_g_U{ymQoEF#FET$R8w|6-vhzNuJMY<L}nbYJ|
z{Wu1Z8|(Lt2XfsT%HcQ_oXrOehC7!Htq&`6qa!I}rBPzE)CbBBYldVf0i&D4OM_L8
z1kIP-F<6HnJWxl1t)S2SBPkMj`U;Wkyt05g?IRYE-2jWh@V|Hk;sT?FAyc5b;Z&qg
z1ii-h0ai_b<r_{vii9_adQX37z<8UGHnW?GVV)6rD{4zd;IDu?G5mBf`jHg85cjS6
zZBWQ!zQSUnN7OMLHN4x9YraTtGI6e$T&;&37<X#qIXZE6StyOjoaXjVX05_;15tz{
z?c_r5H%Loq>hO(4*b>xgyz5bKH|iCmnT}U|-shcHrF?sR^<OjezsPfZV^-Pa!qKbR
zsRRLvY!;2(08x)?^=$tg_GL5c7!j{L`)(AAj~<^IqxgPQsZi2}>=L%6+U>Bs2b}i{
z*bc|SOKP70{1S6l|HG;$;g<x^B1OD^X~U?*LPWW16o^)>+wj2xsT(PMxjMWFE8!ao
zApfU&M@_OK>MyR8cWpS{)lNTpS2*uBp5VM>T?lk=md^j;wFvl#EZ`^E?gXEd9EuRq
z@#}V~?T6A|=z7V2gIJ=UAJy5OIDv9t6kkKx04eM|xl7xdN&~5~rPh+~-(YqB7;OAk
zIj|>`LQ4IQp(S`~yR5N1??pt~rXZ(}OcMQ?e~1+b&(9Ymvobe+q=zu`u{?^E%r^)i
zFw?}9>e02Eci&Bj=llb1@vow!b)IO2Fl<vu%+23D*Ah_$7`>pS$ImwsRB{T&F7Ccw
z)Y_T5RX|`9ija_yq%U=(@1It2Tuq?B6~E(8<j<xnO?Js)ueeqY#GGoK+2{+AkjNbw
zH2=&4)4MbcY=Y<k%u?7Vd$W{>9Xqxn7VR_^|Bg3BJ#vVch%V*T!jFo}ns+?-i!K!1
zU2Xvl*m)LE!lxE<66ZL3i)~tp;^lqhhw4~>)|g400bPv~kNt@!Ej305(fbFD=N9EY
z%7;)?D)T9Cb0bni0sqHimV38-myT-avxq4?1TdLps2Y!0U#p9Bkuswlg(vvFCC})i
zH2*!0lJQCZM{)i?4eW!<{qK_a*NwR8|0WbGvHl;Ga4uS{NWi{wo!UybxBqV2E2`RM
zMM#G)SK7E%D`RKc|FxFpB5_~;M=1aL|FF3JM^uT&ayPLxP=Lz}-l%<UCi@(H(HB%^
z5DqcnV4~HFX{Bygv;nzIQeQ8p$&swa#><|5FgwA}gccMC%aM5EFH~44lpWQ4$#P>M
zIkju;*(Xe>y)jXjoqW+na!bf0g|;E5g)D3p2a4soogDA{08XFJ$2tk!+A|U$j5h?p
zmfgfvMxv(+*f~^mEjSL>Su%IwfegM(MCkm(@KN#G?`$2Wk8k(1&Dq=H>XMQSW7_<(
zF8WJ4bC13T`ap*v5(DLF@*=wpYxrMCxL*M(Gp?-cFzZKiflN}cu;=wv^&}(mrJ%82
zj{&s#k@kizAh;Wy*@9_XGwOW{UI(3>>13PD<T`tPCl{)F%`sey+G0CAO<@FxzM<SP
z!}Xnk32t`}Z02BH{f5#X3}-l0$qQ?U>o)k3Ch}HmGiw$HCU)z}PN*b2I%@;-f(E_;
zer+i;K%$m6d$!_Tp!>``k@^%edy&sU=R0RAIaty6rc6IzCSk(yiqEMC7*!1wRIIRB
zA6`;8*<{LBsmA|UiK~jaWru5AOoXt}!RcQr5f9CoAW&{(lzMLcRB}<YtG4=9T^6@%
z$(5kH@heOm>T98&;q@qr=LmB_nm_Jtxa@&cb`aRfuu4I*t4g}#9ElH!PNT&(-o(T)
z<h^cLDZqz|(MyK-1qdu6`@60Y>$j%i@$Uva?NINTDgI!9y!1a<QCJwQGH!8a8rUW6
z^5>_)_>Jze2k;2Xw&z23Fj@_8J$K;-&;8R@a5|g0GG#~uEG{V01~)(Y@qW}?vF*$D
zAplme(#d`x6u!osgAI4C8iZr*bi$Zg+=4oI31x7>s~X#WHy9~Z!o{3++@TvP?3D<s
zHYtQ&+tg!w$e;a(MDj}&JJO!nLAIx0W_c3Pmi$pfhweLSQ8YM{r``(AgT@To*c)&3
z;3aX<G+=tCLVI%@urEy;*H;#If=#^34)-N^kE7qe!Ia{Pi}Z@im2;s=VWkOu=;4a8
zC#1e(<rh9&a^*L1-CIxiLJ*0Xi`t%9sN3FwndBwhRSb}}*T%2UT2U;tXJ)+%&_Iva
zAz#)Y+zLO85I(p0+sN=VjebFec9;z`eNmz!_S4m7#;9~w1%EX>x;4$<*z_szm+|lR
zxq*XhvJ|O@Vy2~AZ7w6r=2AL*$tT~ZJRuBjBJdxmj|wjV{}${XX|K$r<&^Iypp_6w
z<pGD=Qf0vV32QHJs@^mHFS_@GmzG^C)Yzbnm~T8leIM;7x=PPd7nc9l9-b2sFi2qI
zMG$YF&#m;&mN^vVm<L;`a0+pTCfV^P7y4*n+Jw+cOJmTpNOSFEj?MSpc9xjzm^7}&
zsk`wqPQZjo4WZIN`|bNC)*lDBG(Ov^5CN3TD++VpJG4wGhEG(#I-WIxuv<idhtk|c
z9icXZ0OQ%55=hiv+2Fj0p~G%>hALW{8$FM$ICfA`+w-{288z5>pOG4y>)NMd>{>gS
z!IvjxwrD*<Me@&)e}fyEYIkGXHn%2&os*@AY&nuXc~j(ikze<!<W}QY!Eu%Aq4CkE
z-?$C!R+?#(6}3sAF0zh!RjR+)bpzhPpz_2Dv>I6bR^Mb#*B#lNge=!kqMklm=zRVU
z^$oIQX1gdH6qk|zbZhc6_@u`t18v?jbgX%D1MEu9T20()5VaLH9@Jig=UeZbF9yOi
z=(Rjc*Ym&izzeFQ-mWeoCes(A=~iCZp7@aqruWf)Y-_m9L76r1I%47fIUZhl9Tz0N
zP^%rov+E)=?iKsHs1@0>cl)@kO!a*2^(XMzO}X6T@AT^ERqQ|q`yW!j1gKcder;2v
zeR|xGzY93>1VAbD6j%%GC-GPF2qu~uhsZmTkU*Pyj^)6g7#hKe(INPQ69Pk-*L3D(
zKMusTcW(?e375<0x3t^e@(qR+S~EyeW(H9&D4qnrT@u4(;vMN%eyGz^{b`7x$D4cT
zwR#)TtXdD5=|0a}g^)Ip8m$CFK){6a7do4B4M73Gh)vY-AfDLKjp;tp{jrtEi2?eh
zS&w!P+M4FT*2{(pNKVN@M)nDF%2r2jh6s{@OLwDR!C=p)^C6?~`nc8&K3k&-nensS
z5-(8++_vx%$0m-+nN79#p*hq8>}=Il`l#Ek@0t)y)f-ISc5bOqoQEKq$ie#K#x^sx
zDs+?H!H1Q%=5g%@2w(t#L?7km$Y_`{K*U?cpN{a-R|BKIcGOh4Lhm)n1J;AJXEnq~
z_-wbF-mZ_=r6O$;+=}Y^C=-NTs#Pht(@FU}D0Qd;Ffq8HFc-dzS_>m43)&jLPpx}<
z85+JYqU*zPqS5}F{1zz%^R&-5A34+y7u>fZJ&_zpKV)QhHxegSAzb=sMU!=yU?gr7
z$G?gF^Rr)6v&?h|#k^<GSaa3xJcZg`s;KnRUoaz@FiCAo-pat;CfU)4o$0sQ55SND
zDe02xoNXb1dgAw6pxN(sH0@vpDb)5C`J2P4zR+^hACh~?xYNN&B0rDS$JA$M)M!A)
zBxl^agb7IUAKg$vx{cxyu9*R$&g}iYVfpQI6b8L2ua1qVfY6x&8~MI8Ow}t$48JLV
z;p1ud`SXi5qT?SnV5z0zpO+JU#yB6H#U{dz>%Fpr?2vD_enndCKON_FHW+w-Vokjq
zVP=7Fr+9s>%<#rhkLODjGBq;ERS)hOBnAIN>HWn|uY8QOw0C=i&(lx*@ow~Dl8d#!
z89$q&S_h-pjSIgb<C}0VS7;>~D(j6sDRCZoqk^#%XV>;oGy~hw{wfEJ(&O)o+qngl
z?3VO$?Zg3w*7WUze~#cr@Na*;DQME>W&2Z+L(dAeOMi{A8Cb-kI&HA>up=fd`9$|T
z4pCE0hn_L~`1$ab--;_(Ic7=Rn-=J2O{ha9hEfT7l~(t2JtolM)Gy^|XVAax-l@5^
zvwLofqNj*mTJMo{d6pqZs5`DB^+*6Bp$C24Q&idK<1T7TB^vo`yuACd<i@wFJt$Hy
zsHA!TU?^h|^U+%noIem0p(nMJKU|!0Ih5Wi2K1y!0f_#wZl7*csf5r+Ul03rDev~Y
zZE~}D?Ptqn5(j<>O){U*#_|`iL?@|Il-6@Lhl$Pi-Apr*%eEI!WSDn8vabknyg46`
zAG@9J>oAvw!5*pxbMc0K4s{$F>9&_Gw9)DYeXpVcR{Iv5Z_cmiSpxymubbmAYA=Pf
zo)VTJu;43?tg~S=)w=puz9zDM49MH%6oFglTCj(>?&kQhTP-AGkSOY-B|6s{U)Yo*
zAm?Sqr*S5b{z&#opjvHG9RG=xEeLm)YLPJ<n>0c2isx{)$dQU0pZCH{GK=!h;bMJp
zX0B&*gKu!jB}-6bT14RmlM|tjdSOlRGMNMHThbI)ma*sFx7F4{6Oaj8LuQT+i-@Bh
zd%`Pd6}sxI`$qUEO9;YiCVnpx=&@&Q^|&#<EV+BgkyCQVxuKzj$6Lp8lMoeKd%zpK
zq^9Ws;7Vnr-36EZ_G#Wu`!FB(^Y9Z|H!cVL_HvS{#_nTe5xhY|b7F-{utS02uDV~k
zqxF^Db)0$oB@WUq|612WEkJm_8Gq6dWx#Fxa^i5`$oPOOV#r;~v?Y&w!E<s`9&672
zMFupx<#t2PN^Z}2^fGd5;(WVY$Ust;XxQV{q>U*9vp)!`pwsxF$iZGbAjgj3ii<)m
zH_8m+IM6r;WW6GadK%QWTpe5zdq7pl@|13?er0!zx!v}N2iAYlmsc~rSc=-<A+pb0
z>dcT*r6Q?u{uV)A)E?&I`k+i&cPTuik2Xeq^%@F8djy`2-8U2|Jc$HCgsl$89M9<&
z>EPd$3l2T>Yy%z&sJ2uQ7a6k4WuG_i*dww{!d_<y;nUfoBT5~~GBXTzTbJujdnY%v
zXYum39Kp~CiYZb0r4HM&xFDiwXC;`^e2Vms<4K`o5x0Zh_Ts?}aj(4Z33w%7m&|WM
zs}1zp9K|0ls!x|+JTxSe8o?s=WM&{9FDI8<g2WnsPC+vVoNw%AAWx*6Cbp2*lhyMb
zHsxD;LJk7`b0RdxwoPplaBC3~rcZ*Tn8|t~{&*C!1AVY<pH8k$up+UkUUmd00cgST
zN(rH%22_u-1gRKA=7eRg?n^n6vk5k`i@WW--P312;Eg=R#pCth&*2aW6L9{xoCS3~
z^PbU)<ME|zK~upOvVS|E%rD|SnOK4qa5HTLVh1SR5|O<~$g68%KD_351DKE*TF7~g
zK{w^v1L5PG@->hXVGzg$T)i`iBh0fY?7f*rvK@_m1v`BV>fpqgf52W=;NMQFz4Asj
z5;byDF=+5mUtdBN-sLwLBd6#W{kl4)mp=TFpliI5%E0_yhQdtttLg4vRdVkcPaEIv
z`!~QDrAI@xHXgxnM!K^H$)~mFEg_6LzK}O7aJMV2h*yZ93v;tg6D6Pc!E^d9u7FQe
z8WgkjzOVhRP_H5s{WDexvT|)M$t4VQbHh4<|4OI?wxB*ruq;%Js!Dpj<==C2ndW-w
z>WSkEm2cX@8_}efSq%7V($3YlAi;GvS;mOc?F*rOTDF`Xl+KIV56Uq^X|u#dSr69>
z6{sf6=?!_j8J>Z=i4dve2;FY2B>pbA9Ze=(l%bkUoZ5&AID7}z|9hMslH1uiBxZF`
zU;@8?UwTQiG)AmvbgK8A<N-0A$OqMoT0QO__{?ua%*hAPT)7(e!tPIg=5)eFvWXQL
zAKI$6_#_Jb4<8{$_^I#Bz}1}k%uvH42qkl!AHz@dn?7$JKCr&<jqBkQzhCS+<uPYp
z!+YDQAMxB11#^R|DoafzKbX_sTP{53i>+SQB#{s{;4enbCVMG&ujX<EFHHpDQ2owj
zOHInTe920oYx>(RtXU6zZkx6sUn@S>M(J)ShuHMccwZ1pDI8_-eDio=u8CIrc1wQD
zJNkltK^im_V0QYtEAsK|^_9{}q80p^$xggnk0{Vd*reAhH!QMyb+a@1#4hMLqz$0X
z+dc5~GQ41-O0$mOwbwd<V#J}T?G(zWKcz<$km7GUQCS$_<Qp-VD<UB`q6tmmmhAl_
zW2Os%l7lSob@~zzjP3ut?w;LAsbPlMQfwa-`Iwx|&NltI@6BpG#~z*ox=%nn{F3~_
z^vhiy?l#pRl*=Ww`+OF+U)_n$Cj{!i*YjCyTUb1zk&o4JEw%}7A&-8s%f$dYn?Jb0
zHO%&qgYY3tHo&x;ffgq|H91va!sv#y&>MjI>P^(hXD(u7hEmLTQYeyH4?%xT)}~}+
z%~~38Q+3yc95Ik4@89vpP;l`VM~W5V=g=0KwB>xxG24Kr&n%3kx#dS$Ne``UP4|5;
z0bP;(#UDJNy@z@kxJ-|~2D-dxS}+5}NT;j>G|(hI8uct?v#-1wAt-uU%<J?>{&U<)
zbrH2ze?JKI<gK4^97sC;<+#!!_3C6A$5+wCzb(|>(i)7t6tR^}@ONwJnr!8>`@1mY
z${+%dsE{{8rsTm(2gIfTy6p{W#3+ZesP)g?;Y=N$8<-u71Elal6iTY=OR9AfVMb6S
z5r#r1N8?c%;70&3KzBjyM`xS>lyf;uEO^R|*p!bk_`7tQAeC>L!%<e$2UidD8AI=?
z_#~2*>dL2)ML(Bm*H`;oBzAeW<&ftiy|TS(maI=ubv1&&SRN#^^$}eBP3XO@^=FyG
zHjfPyqY^+K1dW*fu8>kqf==<X+>;$$9GfLV8Vtb6hF-R>^cP_VrL2qMKusu94dM6;
z1zE*$HsmUNSY<%K$)S91g>cY1Xe9?RvOhY}kvSpG``Wi%Q`MB2Jf7zQQ|+G&MTt6!
z*u6!X^ZgDvDeZ`)D~Ng80d?8=-hx}IjtqJ_eyY9e=qyt$Eio(Ck{;z{F}=d&`eUbL
z)~oE{;PLUf;$oKBf3cmsLQ14;j^DYS0wI-8=%v=lryVGVk5Y2NGlagQdVg1!MBzO^
zjMHV?HX<s9f+<YUS6mMsau4M!35^1k97V+-><30Tq-aEyQ7UKMZvtSbdUvuI#J?)D
z(1Y$kC4$3G@Ha=g0l6!K7<X4!CKy$3MY(H+aCKOrn;@dny4yj@;A%};xrGdA@!X@0
z$UT<Z!!U=tNtKmo`lY)x<et{42olilNQ6~k-#@bfe)2ujijrx@i}LS)S#aR83W~u-
zRPlg^-rVdDYeth6xbvA;8pR|e+Tv{_havCes|Yi%q}xhxuoeZFtH~{LqM8$ab2V;`
zf0Q{H_$ByF`NOj!VN6`;#O+N!gMS6hL+UR;Pk8@~#!pF1ScSlg$fuCZPjs)DuGpgA
zx?q%!s@bwBIgs&kRjmtpAiK{I^2V%jt|5$tN{v)o_0Ic9INbsIi3Yc2b<Yl2f{}$z
zRWy%g#gLbeGrk@(Um;J1a4g1OG^sh?c%0_592v@XtZiEMRBJjBo627HA-5Oonks=$
z1v$w=^*uN9x1U(ZL2fxVBFOznp*b`sqCCT}b=f&gt9wwu0fweM9NG+kV9ZBU8nRA|
z_nSqrI8v2*Q|;&J5<JXd=hVL-c!2~OI91JUy*CXl86OwyxX01jl-es}@-xf1F1l0S
zQp+Z`+2?$tHy$GAeW2_z-eP78Wa&0I9Wfd;5@9Br-$%k?^zv6Vrr58F=t)a{$*wB;
zjrTsM*J<<(H!w~9VDEY_bv3;C((a`zlaC*oVA0ht%x~CA*Iz`Slbdqx{%jah?eZN3
zp*gQpi3t|}yxdc7wmt4z9GFaCQN9m54A{&`J@~ZP;+8W<ig*81Fl}Wq0v-eylE|D^
z@^w>8FU*=iZZHdXsXZc_Uz57{R`VL1KYoI|^sWEdVENk)rv=xMVP#6o=4WL!$>5|n
zXJc`=HxOgjTL@}L#>xLKf`x8+fn0v5*C5PiR|H1c5T!AyO1rZ$0NYtx>SVo>#&^Zf
zQHi|Hz)fAZc|~?bY26vN<mMB0T!uU3;fVWIL%hkB(M<&WK^U>2#PB5yJxSFS6d*?%
z5i=;^4VWzG!TQ09diz#B8hJ>#YPD!G=MR%e`*cvQ*2vUb{2x?h4|X6`#9G(=XRYs)
zm33*}-s+Ptal?V^@zFOy;XbdG-YntXbt>PrqM@}^VScEZm5Nf|)6Nr+^uxk-;c#H;
zR2W6+$5&E4kJQlk(e0ieYA6vEx`@4CP9(=p1ZeX~6kspdLZg$G`tG-&>n!0Fu#mKm
zzL~Y2wWzipQgHlIF#_Eb)chJ+d7odEE;B_-WikQJopYE~{MkZue7q1W8@&(IoIh39
zHIy;<ur<D6Osw2j<~;p5c}Pc?c<?r0cCwZF=JNf%`t*Wl{M3dF^drkd==RzZFu3&*
z$5xo%#ORTxVe$}94Cd=H9h&7;t||GspUP|WTku6?XAc}kxFtRPjczYSXU`1N-HCWg
z2D)~S*7A{6hcGgaVS2Fc6aLH8^_8G24-%<%&Kg65@U0)faBPf)Z&yjXF^0!1^6y&E
zzB(L(B7|Lt9uR&ye3kyLU~ck3+jaZ!YH-#^Bsr)}txST+lC(~IUWEma4{vawG)U|k
zJ9x<<-O+hCwXVByb?(WnoN9c4q>=1aO+X?r4P{;Mfq&t?^_ABh%9x!^v;giy4EMW}
z+bk&Eagpi4r==!Kb{h?9i>13)m1_*=hCWeYC=iyKzK+Y657t1RC08p)6)x#FAN|-O
z^Yk2!^kq+eA}@82%l9crsbS^#ZK>%rZAJw&Gq1ct1xygu6t+j4H!QyPtE33+Mx2jK
zbhut~xod1hL@v1l2C8lNbT}qILGJB((CXp6k48caosAUnqRI(|QK4WX5yeN}R!wH0
zC)1KUk>O%cwT5>&RYk8O>&w+e6Klg6RXovnVsVUu*$&ZWD!(Wmc0#_^*M+<Hi+Y{a
zCcfwS^0`&2M>|0$Vbom-CyY}jO;$pQdd$dZyb@|MLi+}<y;ZTQ_i}qxvDCDMaC&?U
zDAcoj@IVVZ9k+}G=L{Xl@Pl*(y1R_WyGJvx`%%Y&!_u=V%I)Ww&jeW2_w6~zmG}Xb
z0e+{4u)h~z%)2OtolUfg<)P#vnjhNR+E&HcYRkHn*P}`Gh+}AYYGJuhRCK+ESSd?l
zHhbV7;!BbiH)Fllx5dBJyMGJNkr=pypQ?}<zU@a^N##4sglK$dU&WsNYbV}Y;9t^$
ziOvPY6+rAb4j926xVxaoM|(8Qvb9D{tqQ`W&9En&YQzC#O(*Q*X+Pg?Skoqt&#1`0
z@KACq@%-zR)UW6CS(0RibyzE}@GFC;h91nZTlNkS(mWVLV>dVGDcBD52kBZnzC%~a
zVbJJCco@}ns|t(mywNZFnJw{~v>j*BdUJ8-k)Sln*J(}8O|dv_(~nQWvJ>eh+dl2^
znkQ3)hG7cv|MAnTJN?h)9V*1q6XFMhlYr_5@Nc;?^GL(T4|XHCiwQ%n!>FeET%I(5
z>T+5Fgp<q1GLZ?FOMaY-9M`|3`w1$HET0Tjt#iY^jZ81pI2;TA>5vhJC?y;yGSvjr
zH_@i*E^o8mBZ;v2Toz=6+~i2Rk9Ov~oVP-E*BPLC5TEpY{8ntQAEJ^Yy|C-lVm;qQ
z5OomBG*`)zi;at^jbXWJJ$EG(6mIbOZhNOgyjQ8-!G73V_nHXvxj*ld<7A63bu*c=
zv8@A34oV>&mm@1UNX3Et_8~&nB1b4{{mxIkWmoj#fc>1|uaVSL#qkBG4u9UOWbB_~
z(crBnN@tMwYoIM<qO5&ay{BAC;ls9tsz<+co8|1(w-Q6f&jezNw_8dMd1X3jHT8i#
zBSb|{^Jdu|#s7?{n#W588l5nPolfs=r0r}W%t-I)LlZT`oKLLgk~R5tx47`Ed~S><
z4!NqYL<UXMI1gqxdS84_+394QK`4Ey0&%tG34j&kc({;Dy;V<HPE<*tSfN)n_iiPz
z%tCmAjF<+N8sqnZATxDLB@29Dlg1Jf(%Tj}X$j3rsb8J1hkJbQUZyhln<>b>3q&4b
zcd-}5^ac5$P89gGq}HF&A2ZcuP|SZ#Tq6BJ_1t(2p_(1li)7K#LcQ?2Mr_VPru-%Y
zY_LC;MWF;#;=`)`QR866h?Nm9ka=eoIrH|ryEC|?Kps^JmK8aqYVgNbWXHhhcV`|@
z389p8uCF{(rkrvNBsdUSuDXd7)l6xIzmTk6okyAM7C=xe%E|W2auDSG_5Mav+*ei#
zue|R-h25TO&r!eBaJyll_;tqY7b^#E1shqrNZj!r130SL*Vc<ZAjYqhSw0^fG;-@m
zE-HNztmWwA{$@S{)t?%n-CLiVk7tIkY_LY=8O8Eg3R&B8PQ83~{aVdV7P7UcqyHK-
zoc{a*e90V&%u0dg-;x-<PXz_EhSoW{o2{irntthRJ|Qr=w{2a_DYTjj`ii9*C9`kV
zl2bycaw9u>zPsYc02t_S%K|iaaw9QHeE!>SChqY9V4r>cd|H)@i#+2<DgK*b4X3Vq
zs)O<-A@8rf=x^cs56ecP$}3Ge{;y}*8rQ+s^bKo7su?=l<r!hAYIpQkdNrNw`+@>}
z9(pY4hnWnP^Jx07863&iq!&V{B!58hIuZcEIlg>HECXgB-#3=4^fgdl%_ECoIBxJ#
z<hqc*H6TU2oD;*hOk0FO#q@`cPt$3F`93F-z766)j;3>byc^a}9o~2|X+-<7KX+ZI
zj>6sP`yZ>~%y&-E&fm}LugPV#Obprx?ebcuU!vOEph`|_{^_dsrfyh6uRb=EoJdb7
zw)f5<TUS-gNZtHcLtxkb^L}QfbY7LC{Jnecq+lfM(?F|+>aoTC-8nE5rTC=6ToF!e
zxhjX4;jVhNw_8e$1Pa4%K<G*pnl+Y@-F{~;D}zMyJ7<%|WIVT?6#$LKpgLr_7Co5A
zq)><WC|kSg?818ZB^BoLU>=g=WIYvVaO-li|D~;PgTFeeLHwowWy07WhMf;5+i^>7
zK#7O^5Vf_8*UeQFNG*H8*(Y?~_oU>qjdArJyqR$gZ6Qcl9usynmJ=VyWhXb4#loEz
z<zAKO?nZJ??%$gO+mW?;s1Zu*Z-E@{-3hh;equmG|INLJZL7+<GFWPNbvS$VcY)Ln
zcYR>)i@}nfe{J=MLz_VrP3|4LdWrQOFDA0$rh}mosp>Sf)qa;BD}&;+fnF$!{6LP$
zt0XPC9s9tBm{6z-bKy;fg1#)(EWXm3W(_1Ol;?zXqKRq<W-ONafO}s^%NR_*M|yZh
z{xRbG;it<8B^m62b?tFeDOqly+(K|mc@u#kz1uTfywAtQU*^5MLeJ{H7GQa*>C^$o
zc6WM#_@S}>@m;{q1leeOR);Q+!!f<(_2m8WGhZ82<X!=O*X;7=z9rL><2J4Jg;tN8
zlR#UrB|zu1&C3;8xZUIJ;MGMUt*QY*Crqbtvb*KlBgIJz%Z?LXgdI6QdzKHcYH!7j
zZLK^-f`QjS-a|W?uiX2Bl99U2zmNwhyS`%%lp*=6K?Or9^JiR<cO`$xf?Cf=_{Ep~
zy=K2Ig&y<#{?bhpO~%9$$y+^XAxVWzM%?NTK_aUL?6=Xapku0}M+v843TkxskA_t#
zir?LUou_^`jozKl$KIW|*Cb*Lg>bC&{g#t2<34N-*}cM9ibX9xYT%1dT^LLc<UBbL
zW9w<n=<a)1qVEXplE{lrX%J6ee6?GaG&L27KkIlMd<Ai|c@VoV_&`xo?rpRJ5#_?E
z@_gni@y$-nX{{WsY(-Z;5aA1Bf4b_ZRDc#8mv&(JTm~OK-1;gY&N3HxtJ3ZYa*s2z
zzCehoR3NVKRCVYIZ@D;|83@N<_$sO%IBrMv@WTyw-Eajt6JX--_D!Aewz+}1oOTr4
zCKhdta1_BK$!2edL9quHnnvzYD-gbFAC19+#(a)Ni(4XaY`9x~%}H*Zk)K*@{*0^g
z3VeHu<nFLag*+;8$4X?&OvmN3RxIZ1!$t>|-|b}W;fVngABW184%v*Cn^tV4Rn!*j
zpL($OTRo-R^gE~vCNyUMes>+XVT<PU#ZDmx|GkhRxqB+GYJUo`^1QwRsoeT73_vNf
zHiS7w@8TK@wq_vmk1~z<;sW2#034(1s-invlX4)cb^*B=r<JVlN5_lbCy${PlRspc
z4=2EY*uU**Fecht*5S>|$xNr|+Pl?G#pde;tmjcno~P%cSeJaCi{|~OyLt5XPu8vL
z&ijY0^xpOzf;ujerJcTB)=}_-DL^*Smy+|jc&++^)%!7`sa>shYFY>+X23Nh)!*7J
zo(QfiRQYV~2HaxVZ}&2l%P+j_OmApZc5^q%+;yHDUKbF{fKjMGlP483?wd7r5(apL
zdCum;=)b%B_4n^L`IzpPr+{rH7hn^Ug}1vl+-C)08VCAmy8=e3F;p<w0e8{bZSBi4
zgd4~>ZvK6_<%@Wks%D`)xVKVp$8)#usFFeY$jWI!hoyJyKD|yd>{LWf-p(?==Bncg
za#dhnCp=$kKe8!6am1&SIZ<Y>0-+EvU%w<W-#op{t?P8oeLTp4G{Q5c(K8ii$-sgI
z{Riikg)XaXBoEV4`%Nw_&Kp<Iy!{DpY|%xFw%Y;3+}0fJuL(OM9Jy~OPWLBdHRcB!
zEhn`gnWA#?<D=>ycVb-(?!lXj#qx`wn!Oryo;&xfk-aEVb)DNx%}H`OUk7*kV1u>v
zjw+RO*@Ir}l5!ujm8vGw)I|U=p&t7Es2VhT8|bSLU~tiIDgpq3?3JC&ZhW45%!}!E
zz5)~n5lr{?@Mi2Z5M|sY)2kskb3bZJ5!$;#CvfcTYmF$*cSZc+kME$1oi5}ugye38
zXx96<Pu)5}Ls|Y=^?m>=itnp)s^Q~GIDGPiS4rpCSlwMn+{gRjq>24`5kdC0rzKQ!
zj|G6Ws*K&*iJ_%Q7zbOG-)=k4TJwej)F{~|f}u_P7})Ru#T}diI~4d(Qt0z!Q*&23
zNx@m@BRQLD!wn0t4nAq2k%EvYH$T?Z`K_~{8<gG~lX`(;cio?Odm(V+&whUy6I?r!
zE^0<PyrZ4~R_X<ZPpq&r0QXsa+KjgyTS6Q-{i3vg(h8E2x#e<t3<WBSKM56ze?#|!
z8AQiq`EZaNrhG3Mc&^WUj=_TXnz%vk<6L0phlS7S$uJ&=hr<?HzRUV9%@B976lFf5
zwnpJC_*5DQc2I(qpB}f!J|YXAPaO!X6c%2)d0uu-u6jErTW~DwK0i1($RjA2{FTFq
zYw@~E0X#I2R`bZgUwDWK5ec`yMZ%mt0X_wWKOe-p_+GU&v;XqU5f>KsRUR3&SAaei
zWjRv$LwBng_${Y%WlA)enG)zbfNkc%lwCga@C<kJ#iY}bJwSuSY2K~*q&w{6&R6K`
z*ZxU$D_zoyTQT05@|UNSK1;}$Mt19vnyu1X^SvT`sW`L~n5K1<Yr)R7YzH1LQpgP+
zsTb0v#$j5OBD~RF4suO)gN?v~qDV3lyo^M`T$%#<(n~?W@dM8GUq-D$NZq<5wG4f}
z>w<5xNZJlB<}$$ow)?(~Vo+*4BoXmoN+cwtE`|6U^ndPkFHsS<PZFw#E7H6FcRrAQ
zZ|%;>$+^0{wLAs4m&{w&u05%h=(86g;$R&gA6r>jr5rjTy0;$vosW^2lys!Q4)nct
z7&YfxnFRu;thcv!e}DfiAtDDSVEkYzu%n}6+16gdDID=8dGeocC@3<<cL_fXzCuFs
zzqkDs_`(@)Y>ev#5|Xi4?Ex|(o9df)h$|AR#Q({|kL1G_IK154v4d1Vk>}@UL}PW@
zJRHAO>ZdF$EX*BVKRrRkRova(zm;oql|?;DHee%)l@0Tp&olP%5y2IIa`5u@c0Q^e
z{JuX^KtfJFCWR{+kFcGNmoMPu=P%T)n0PSjjJ88TOzpI(;Wgvl@$vZCnS-*>em=ST
zs-s*i0@m$mlc;lOp+c|LdcL&Ws1t_j{X|q_hp0!8bgV2p`&${E+|9|F-YTL+iPwjV
zMY<J*-^zA69#0fhR8+oI8D@M~uD8*m^u3x!fXVG7n?()}4ShiX-#Q(X6n&p9RN6m1
zovg7Kz1WUZDKxCIL^KqgLf63<6jIB9sD$<1rS)ESES<v4>T3FUnt<ijK*av>u~KYZ
zV`EW4fyKy;_wC8}Km?ga)#7DMQafv2Uf%xUVOq`j%`vFfWq$_I&+nJJ<IA;{lg_2k
zFE<DR_RpJcJ5W<)Ppb8Met3FV?3_TL!qu7$M)C>>K!fm=zi4SK#veD@ff98q5)oi`
zMR|F&au;1FxJQjjC7L5Gu7~O+nlp&*hEVwlqM)Ey+1X`OXVNYcA=(@H`La}2BKDtJ
zk5}qHK3~n&n)ZkO)AJZv%Hfl>)*@SB5s`HB+`;aA`2uc>)?pAmoQjGHIB`ur+<_>-
zp)N&BLIMZ`HUJ=*AFQmcM?wi$oJN?6{@0cO1LyX(T=u)mL$sELXziVm3QSQ4noQR>
zH7%cCXEoa__tb#{4u!X$6t%K*Ge<>51+Bk+`TqU*JI}=Hf#z2Hdv;ZZ_4G8|)4<zi
zKb=tSU$T3*_0u9t>#{c<Ku>KvE@z$kd)~ZxIrsKh?*H>t|MKO_lN%cwdHDHfI|H>d
z%v%mjRST9bRb5~6RQoc}^SQUTr2>rumSd5d)6Uj?7VudWwi?Lv^;#OVE$8N>tgW-2
zJ$q)kLI$W=tnJdbxw~IIe*74e2v<#CZ?Wi@T>YPqky@{JN&}bp1_uXES^`Wp|9-#s
zcXxNcwkGoPqU)bx)&lR1T?f2KkD<Zl+mUC$Gb=QvdM%asWWT;mPG;T3ix+KvJZO&G
zl;Rl`9SyvY@EkCdmo8tPzRnw%o*Ncl+9Op}uw&KLEI*r%M|gO6o^-0uJ8|PigrD8d
zCncq&XG=4I1{Z`_t*RDL@dW0fUAuQb-^BwIixB90B?l_!4!jY<nNMe2U9cc#n)R6@
zkbFJ+YW~`*S*2#PqbJBH1GPTe9LdXNWo4DNc_-^hn34sc;Ip;0&CJWYcJyE5si#G=
zX3qwN^R#KxcItr&SiY5s+oW?cGe4$E0C{~ub>BduTus23W>}!00VL_b31DGe8kDK`
z8f05s3j1lMZ?6Ll%*?(m5(S1U!<o6xsSHnpR!%ut-`w1+Ula)xI}jrQjMmM@jh?Rk
zO+`EBsBh1iIr$M#qCx!n<mhcnV&++uCR)yvn0(>Fg$W;{Z0+}bzn61&m#MO{vVPS>
zkOAE3DJd$^+w;!$zu#;Acx#oEl+>~_!51d@u&_?`Qk^?@uB5c|>A&{BBg@{tI{V^A
z#;dQu>~Q|1Fi<Z;-<=~LnwH!O@C^@758G3dYGrK=yu@G`&=<11t6raUkqB6Q)yU3n
z-o%L$d;0sA1B>xbc0g?pUYJO-O*#EEL~E*vsp-<7l}lpu<oCEAeBw7*8Yrg11Pb&B
y4>jk;X5S=>l@AZd&f7b20Z@!Vtgo4snf+J2$qtcn(a!c>keH{dpUXO@geCyH;=OqQ

literal 0
HcmV?d00001

diff --git a/docs/user/installation.md b/docs/user/installation.md
index fb64896db24..d747900c14d 100644
--- a/docs/user/installation.md
+++ b/docs/user/installation.md
@@ -1,9 +1,5 @@
-# Installation
-
 ## Official release
 
-**IMPORTANT:** Before upgrading from older version of Dashboard to 1.7+ make sure to delete Cluster Role Binding for `kubernetes-dashboard` Service Account, otherwise Dashboard will have full admin access to the cluster.
-
 ### Quick setup
 
 The fastest way of deploying Dashboard has been described in our [README](../../README.md). It is destined for people that are new to Kubernetes and want to quickly start using Dashboard. Other possible setups for more experienced users, that want to know more about our deployment procedure can be found below.
diff --git a/i18n/de/messages.de.xlf b/i18n/de/messages.de.xlf
index 6ab47301fe7..78940f2cadc 100644
--- a/i18n/de/messages.de.xlf
+++ b/i18n/de/messages.de.xlf
@@ -3117,6 +3117,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -3126,7 +3144,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -3138,7 +3156,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="7db62a1ccd31f1bb55e3532b0f58984a492296a8" datatype="html">
diff --git a/i18n/fr/messages.fr.xlf b/i18n/fr/messages.fr.xlf
index cae594cfb23..d35864cbe25 100644
--- a/i18n/fr/messages.fr.xlf
+++ b/i18n/fr/messages.fr.xlf
@@ -3127,6 +3127,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -3136,7 +3154,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -3148,7 +3166,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="7db62a1ccd31f1bb55e3532b0f58984a492296a8" datatype="html">
diff --git a/i18n/ja/messages.ja.xlf b/i18n/ja/messages.ja.xlf
index 4f3da486c35..ac0fb12186e 100644
--- a/i18n/ja/messages.ja.xlf
+++ b/i18n/ja/messages.ja.xlf
@@ -2890,6 +2890,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -2897,7 +2915,7 @@
         <target>サインイン</target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -2907,7 +2925,7 @@
         <target>スキップ</target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="004b222ff9ef9dd4771b777950ca1d0e4cd4348a" datatype="html">
diff --git a/i18n/ko/messages.ko.xlf b/i18n/ko/messages.ko.xlf
index ecc01bf45ca..be09a5a5e08 100644
--- a/i18n/ko/messages.ko.xlf
+++ b/i18n/ko/messages.ko.xlf
@@ -2948,6 +2948,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -2957,7 +2975,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -2969,7 +2987,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="004b222ff9ef9dd4771b777950ca1d0e4cd4348a" datatype="html">
diff --git a/i18n/messages.xlf b/i18n/messages.xlf
index ed9b4646df2..4f7a21d12ff 100644
--- a/i18n/messages.xlf
+++ b/i18n/messages.xlf
@@ -4570,13 +4570,25 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a&gt;"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a&gt;"/>.
+          </source>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
           </source>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -4585,7 +4597,7 @@
           </source>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
     </body>
diff --git a/i18n/zh-Hans/messages.zh-Hans.xlf b/i18n/zh-Hans/messages.zh-Hans.xlf
index ca36737c09a..238277f8d0d 100644
--- a/i18n/zh-Hans/messages.zh-Hans.xlf
+++ b/i18n/zh-Hans/messages.zh-Hans.xlf
@@ -2948,6 +2948,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -2957,7 +2975,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -2969,7 +2987,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="004b222ff9ef9dd4771b777950ca1d0e4cd4348a" datatype="html">
diff --git a/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf b/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf
index 7418b3239e0..75c3d4f26d2 100644
--- a/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf
+++ b/i18n/zh-Hant-HK/messages.zh-Hant-HK.xlf
@@ -2952,6 +2952,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -2961,7 +2979,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -2973,7 +2991,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="004b222ff9ef9dd4771b777950ca1d0e4cd4348a" datatype="html">
diff --git a/i18n/zh-Hant/messages.zh-Hant.xlf b/i18n/zh-Hant/messages.zh-Hant.xlf
index 67f48a3efde..4fe57043122 100644
--- a/i18n/zh-Hant/messages.zh-Hant.xlf
+++ b/i18n/zh-Hant/messages.zh-Hant.xlf
@@ -2952,6 +2952,24 @@
           <context context-type="linenumber">99</context>
         </context-group>
       </trans-unit>
+      <trans-unit id="e09a3f8198fa5e84e6259c2a9b9f8c0dbafab5ad" datatype="html">
+        <source>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </source>
+        <target state="new">
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <x id="START_LINK" ctype="x-a" equiv-text="&lt;a>"/>
+              here
+            <x id="CLOSE_LINK" ctype="x-a" equiv-text="&lt;/a>"/>.
+          </target>
+        <context-group purpose="location">
+          <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
+          <context context-type="linenumber">109</context>
+        </context-group>
+      </trans-unit>
       <trans-unit id="6ad17443c5d0be7954254eb2455fe0b32ee2ff05" datatype="html">
         <source>
             Sign in
@@ -2961,7 +2979,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">120</context>
+          <context context-type="linenumber">125</context>
         </context-group>
       </trans-unit>
       <trans-unit id="89c689a203570b2848d633426d19bd73f51a34f8" datatype="html">
@@ -2973,7 +2991,7 @@
           </target>
         <context-group purpose="location">
           <context context-type="sourcefile">../src/app/frontend/login/template.html</context>
-          <context context-type="linenumber">129</context>
+          <context context-type="linenumber">134</context>
         </context-group>
       </trans-unit>
       <trans-unit id="004b222ff9ef9dd4771b777950ca1d0e4cd4348a" datatype="html">
diff --git a/src/app/frontend/common/services/global/authentication.ts b/src/app/frontend/common/services/global/authentication.ts
index f59a5f68c0b..21d54d2e000 100644
--- a/src/app/frontend/common/services/global/authentication.ts
+++ b/src/app/frontend/common/services/global/authentication.ts
@@ -34,6 +34,14 @@ import {KdStateService} from './state';
 export class AuthService {
   private readonly _config = CONFIG;
 
+  get allowedProtocol(): string {
+    return 'https';
+  }
+
+  get domainWhitelist(): string[] {
+    return ['localhost', '127.0.0.1'];
+  }
+
   constructor(
     private readonly cookies_: CookieService,
     private readonly router_: Router,
diff --git a/src/app/frontend/login/component.spec.ts b/src/app/frontend/login/component.spec.ts
index 82b03933b76..f90b0c3ff55 100644
--- a/src/app/frontend/login/component.spec.ts
+++ b/src/app/frontend/login/component.spec.ts
@@ -64,6 +64,14 @@ class MockAuthService {
   }
 
   skipLoginPage(): void {}
+
+  get allowedProtocol(): string {
+    return 'https';
+  }
+
+  get domainWhitelist(): string[] {
+    return ['localhost', '127.0.0.1'];
+  }
 }
 
 class MockRouter {
diff --git a/src/app/frontend/login/component.ts b/src/app/frontend/login/component.ts
index 5ce2cf6e0e5..5f98f22cbc8 100644
--- a/src/app/frontend/login/component.ts
+++ b/src/app/frontend/login/component.ts
@@ -116,6 +116,12 @@ export class LoginComponent implements OnInit {
     return this.isLoginSkippable_;
   }
 
+  isLoginEnabled(): boolean {
+    return this.authService_.domainWhitelist.indexOf(location.hostname) > -1
+      ? true
+      : location.protocol === this.authService_.allowedProtocol;
+  }
+
   onChange(event: Event & KdFile): void {
     switch (this.selectedAuthenticationMode) {
       case LoginModes.Kubeconfig:
diff --git a/src/app/frontend/login/template.html b/src/app/frontend/login/template.html
index 77eb5db4b19..47122760d7d 100644
--- a/src/app/frontend/login/template.html
+++ b/src/app/frontend/login/template.html
@@ -100,15 +100,19 @@
                             i18n-label
                             (onLoad)="onChange($event)"></kd-upload-file>
           </div>
-          <ng-template ngFor
-                       let-error
-                       [ngForOf]="errors"
-                       ngProjectAs="mat-error"
-                       class="kd-login-input">
-            <mat-error class="kd-login-input kd-error kd-error-text">
-              {{error.status}} ({{error.code}}): {{error.message}}
-            </mat-error>
-          </ng-template>
+          <mat-error *ngFor="let error of errors"
+                     class="kd-login-input kd-error kd-error-text">
+            {{error.status}} ({{error.code}}): {{error.message}}
+          </mat-error>
+          <mat-error *ngIf="!isLoginEnabled()"
+                     class="kd-login-input kd-error kd-error-text"
+                     i18n>
+            Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost. Read more
+            <a href="https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md#login-not-available"
+               target="_blank">
+              here
+            </a>.
+          </mat-error>
         </ng-container>
 
         <div fxFlex="none"
@@ -117,6 +121,7 @@
                   color="primary"
                   type="submit"
                   class="kd-login-button"
+                  [disabled]="!isLoginEnabled()"
                   i18n>
             Sign in
           </button>