From 474986c8ed75065eb2cba0d299d23ec713005943 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Fri, 4 Oct 2019 12:25:02 +0200 Subject: [PATCH 01/18] initial niew network docs --- docs/network_new/README.md | 88 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 docs/network_new/README.md diff --git a/docs/network_new/README.md b/docs/network_new/README.md new file mode 100644 index 000000000..1e8ad632a --- /dev/null +++ b/docs/network_new/README.md @@ -0,0 +1,88 @@ +# zos networking + +## Boot and initial setup + +At boot, be it from an usb stick or PXE, ZOS starts up the kernel, with a few +necessary parameters like farmerid and/or possible network parameters, but +basically once the kernel has started, zinit among other things, starts the +network initializer. + +In short, that process loops over the available network interfaces and tries to +obtain an IP address that also provides for a default gateway. That means: it +tries to get Internet connectivity. Without it, ZOS stops there, as not being able +to register itself, nor start other processes, there wouldn't be any use for it +to be started anyway. + +Once it has obtained Internet connectivity, ZOS can then proceed to make itself +known to the Grid, and acknowledge it's existence. It will then regularly poll +the Grid for tasks. + +Once initialized, with the network daemon running (a process that will handle +all things related to networking), ZOS will set up some basic services so that +workloads can themselves use that network. + +## networkd functionality + +The network daemon is in itself responsible for a few tasks, and working +together with the provision daemon it mainly sets up the local infrastructure to +get the user network resources, together with the wireguard configurations for +the user's mesh network. + +The Wireguard mesh is an overlay network. That means that traffic of that network +is encrypted and encapsulated in a new traffic frame that the gets transferred +over the underlay network, here in essence the network that has been set up +during boot of the node. + +For users or workloads that run on top of the mesh, the mesh network looks and +behaves like any other directly connected workload, and as such that workload +can reach other workloads or services in that mesh with the added advantage +that that traffic is encrypted, protecting services and communications over +that mesh from too curious eyes. + +That also means that workloads between nodes in a local network of a farmer is +even protected from the farmer himself, in essence protecting the user from the +farmer in case that farmer could become too curious. + +As the nodes do not have any way to be accessed, be it over the underlaying +network or even the local console of the node, a user can be sure that his +workload cannot be snooped upon. + +## Techie talk + +- **boot and initial setup** +For ZOS to work at all (the network is the computer), it needs an internet +connection. That is: it needs to be able the BCDB over the internet. +So ZOS starts with that: with the `internet` process, that tries go get the node to receive an IP address. That process will have set-up a bridge (`zos`), connected to an interface that is on an Internet-capable network. That bridge will have an IP address that has Internet access. +Also, that bridge is there for future public interfaces into workloads. +Once ZOS can reach the Internet, the rest of the system can be started, where ultimately, the `networkd` daemon is started. +- **networkd initial setup** +`networkd` starts with recensing the available Network interfaces, and registers them to the BCDB (grid database), so that farmers can specify non-standard configs like for multi-nic machines. Once that is done, `networkd` registers itself to the zbus, so it can receive tasks to execute from the provsioning daemon (`provisiond`). +These tasks are mostly setting up network resources for users, where a network resource is a subnet in the user's wireguard mesh. + +- multi-nic setups +- registering and configurations +- farmer considerations + +## wireguard explanations + +- wireguard as pointopoint links and what that means +- wireguard underlay usage +- wireguard port management +- wireguard and hidden nodes + +## caveats + +- hidden nodes +- local underlay network reachability +- IPv6 and IPv4 considerations + +## future + +- CNI +- automated provisioning +- fully routable IPv6 to your mesh +- + + + + From 1ed3ca20e8de4bef7f26737161e59c71e8d19724 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Tue, 8 Oct 2019 14:02:34 +0200 Subject: [PATCH 02/18] docs --- docs/network_new/README.md | 73 ++++++++++++++++---------------------- 1 file changed, 31 insertions(+), 42 deletions(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 1e8ad632a..830341cda 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -2,56 +2,30 @@ ## Boot and initial setup -At boot, be it from an usb stick or PXE, ZOS starts up the kernel, with a few -necessary parameters like farmerid and/or possible network parameters, but -basically once the kernel has started, zinit among other things, starts the -network initializer. +At boot, be it from an usb stick or PXE, ZOS starts up the kernel, with a few necessary parameters like farmerid and/or possible network parameters, but basically once the kernel has started, zinit among other things, starts the network initializer. -In short, that process loops over the available network interfaces and tries to -obtain an IP address that also provides for a default gateway. That means: it -tries to get Internet connectivity. Without it, ZOS stops there, as not being able -to register itself, nor start other processes, there wouldn't be any use for it -to be started anyway. +In short, that process loops over the available network interfaces and tries to obtain an IP address that also provides for a default gateway. That means: it tries to get Internet connectivity. Without it, ZOS stops there, as not being able to register itself, nor start other processes, there wouldn't be any use for it to be started anyway. -Once it has obtained Internet connectivity, ZOS can then proceed to make itself -known to the Grid, and acknowledge it's existence. It will then regularly poll -the Grid for tasks. +Once it has obtained Internet connectivity, ZOS can then proceed to make itself known to the Grid, and acknowledge it's existence. It will then regularly poll the Grid for tasks. -Once initialized, with the network daemon running (a process that will handle -all things related to networking), ZOS will set up some basic services so that -workloads can themselves use that network. +Once initialized, with the network daemon running (a process that will handle all things related to networking), ZOS will set up some basic services so that workloads can themselves use that network. ## networkd functionality -The network daemon is in itself responsible for a few tasks, and working -together with the provision daemon it mainly sets up the local infrastructure to -get the user network resources, together with the wireguard configurations for -the user's mesh network. +The network daemon is in itself responsible for a few tasks, and working together with the provision daemon it mainly sets up the local infrastructure to get the user network resources, together with the wireguard configurations for the user's mesh network. -The Wireguard mesh is an overlay network. That means that traffic of that network -is encrypted and encapsulated in a new traffic frame that the gets transferred -over the underlay network, here in essence the network that has been set up -during boot of the node. +The Wireguard mesh is an overlay network. That means that traffic of that network is encrypted and encapsulated in a new traffic frame that the gets transferred over the underlay network, here in essence the network that has been set up during boot of the node. -For users or workloads that run on top of the mesh, the mesh network looks and -behaves like any other directly connected workload, and as such that workload -can reach other workloads or services in that mesh with the added advantage -that that traffic is encrypted, protecting services and communications over -that mesh from too curious eyes. +For users or workloads that run on top of the mesh, the mesh network looks and behaves like any other directly connected workload, and as such that workload can reach other workloads or services in that mesh with the added advantage that that traffic is encrypted, protecting services and communications over that mesh from too curious eyes. -That also means that workloads between nodes in a local network of a farmer is -even protected from the farmer himself, in essence protecting the user from the -farmer in case that farmer could become too curious. +That also means that workloads between nodes in a local network of a farmer is even protected from the farmer himself, in essence protecting the user from the farmer in case that farmer could become too curious. -As the nodes do not have any way to be accessed, be it over the underlaying -network or even the local console of the node, a user can be sure that his -workload cannot be snooped upon. +As the nodes do not have any way to be accessed, be it over the underlaying network or even the local console of the node, a user can be sure that his workload cannot be snooped upon. ## Techie talk - **boot and initial setup** -For ZOS to work at all (the network is the computer), it needs an internet -connection. That is: it needs to be able the BCDB over the internet. +For ZOS to work at all (the network is the computer), it needs an internet connection. That is: it needs to be able the BCDB over the internet. So ZOS starts with that: with the `internet` process, that tries go get the node to receive an IP address. That process will have set-up a bridge (`zos`), connected to an interface that is on an Internet-capable network. That bridge will have an IP address that has Internet access. Also, that bridge is there for future public interfaces into workloads. Once ZOS can reach the Internet, the rest of the system can be started, where ultimately, the `networkd` daemon is started. @@ -60,29 +34,44 @@ Once ZOS can reach the Internet, the rest of the system can be started, where u These tasks are mostly setting up network resources for users, where a network resource is a subnet in the user's wireguard mesh. - multi-nic setups +When someone is a farmer, exploiting nodes somewhere in a datacentre, where the nodes have multiple NICs, it is advisable (though not necessary) to differentiate OOB traffic (like initial boot setup) from user traffic (as well the overlay network as the outgoing NAT for nodes for IPv4) to be on a different NIC. With these parameters, a user will have to make sure their switches are properly configured, more in docs later. - registering and configurations +Once a node has booted and properly initialized, registering and configuring the node to be able to accept workloads and their associated network configs, is a two-step process. +First, the node registers it's live network setup to the BCDB. That is : all NICs with their associated IP addresses and routes are registered so a farm admin can in a second phase configure eventual separate NICs to handle different kinds of workloads. +In that secondary phase, a farm admin can then set-up the NICs and their associated IP's manually, so that workloads can start using them. - farmer considerations ## wireguard explanations - wireguard as pointopoint links and what that means -- wireguard underlay usage +Wireguard is a special type of VPN, where every instance is as well server for multiple peers as client towards multiple peers. That way you can create fanning-out connections als receive connections from multiple peers, creating effectively a mesh of connections Like this : +![like so](https://github.com/threefoldtech/zos/blob/master/specs/network/HIDDEN-PUBLIC.png) + - wireguard port management +Every wireguard point (a network resource point) needs a destination/port combo when it's publicly reachable. The destination is a public ip, but the port is the differentiator. So we need to make sure every nwetwork wireguard listening port is unique in the node wehere it runs, and can be reapplied in case of a node's reboot. +ZOS registers the ports **already in use** to the BCDB, so a user can the pick a port that is not yet used. + - wireguard and hidden nodes +Hidden nodes are nodes that are in essence hidden behind a firewall, and unreachable from the Internet to an internal net, be it as an IPv4 NATed host or an IPv6 host that is firewalled in any way, where it's impossible to have connection initiations form the Internet to the node. +As such, these nodes can only partake in a network as client-only towards publicly reachable peers, and can only initiate the connections themselves. (ref previous drawing). +To make sure connectivity stays up, the clients (all) have a keepalive towards all their peers so that communications towards network resources in hidden nodes can be established. ## caveats - hidden nodes +Hidden nodes live (mostly) behind firewalls that keep state about connections and these states have a lifetime. We try at best to keep these communications going, but depending of the firewall your mileage may vary (YMMV ;-)) - local underlay network reachability +When multiple nodes live in a same hidden network, at the moment we don't try to have the nodes establish connectivity between themselves, so all nodes in that hidden network can only reach each other through the intermediary of a node that is publicly reachable. So to get some performance, a farmer will have to have real routable nodes available in the vicinity. +So for now, a farmer is better off to have his nodes really reachable over a public network. - IPv6 and IPv4 considerations +While the mesh can work over IPv4 __and__ IPv6 at the same time, the peers can only be reached through one protocol at the same time. That is a peer is IPv4 __or__ IPv6, not both. Hence if a peer is reachable over IPv4, the client towards that peer needs to reach it over IPv4 too and thus needs an IPv4 address. +We advise strongly to have all nodes properly set-up on a routable unfirewalled IPv6 network, so that these problems have no reason to exist. ## future - CNI +ZOS and it's Wireguard mesh per user is a quite novel way to do things, but there are many overlay networks that are built to solve other network requirements in very different ways, and these solutions could be intagrated in a later phase, through the use of `CNI`, a common way to request a network for a user, or for a specific workload. - automated provisioning -- fully routable IPv6 to your mesh -- - - - +As it is now, user networks must be completely provisioned by the user. That is: a user has to manage the subnets allocated to the network resources in the network themselves, give it an IP and also give an IP address to the containers hosting the workloads. +- fully routable IPv6 to your mesh From df8d8cde3a4d356abe28b7433fe2cae487c67fe0 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Wed, 9 Oct 2019 20:25:54 +0200 Subject: [PATCH 03/18] docs --- docs/network_new/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 830341cda..f03b1d394 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -75,3 +75,4 @@ ZOS and it's Wireguard mesh per user is a quite novel way to do things, but ther As it is now, user networks must be completely provisioned by the user. That is: a user has to manage the subnets allocated to the network resources in the network themselves, give it an IP and also give an IP address to the containers hosting the workloads. - fully routable IPv6 to your mesh +In a next phase, your private network can host a dual stacked network, incorporating a fully routable IPv6 network per network resource, where a user can choose the farmer that will provide transit. From eed10a59b20b092fa9d80020af018d9fb829dcbd Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Fri, 18 Oct 2019 08:58:32 +0200 Subject: [PATCH 04/18] docs, continued --- docs/network_new/HIDDEN-PUBLIC.png | Bin 0 -> 65812 bytes docs/network_new/MESH.md | 47 ++++++++ docs/network_new/NR_layout.dia | Bin 0 -> 2692 bytes docs/network_new/NR_layout.png | Bin 0 -> 36202 bytes docs/network_new/README.md | 38 ++++--- docs/network_new/setup/nftables.conf | 56 ++++++++++ docs/network_new/setup/setupwgtest.sh | 150 ++++++++++++++++++++++++++ docs/network_new/setup/vrftests.sh | 49 +++++++++ docs/network_new/setup/wg1.conf | 32 ++++++ docs/network_new/setup/wg1.priv | 1 + docs/network_new/setup/wg1.pub | 1 + docs/network_new/setup/wg2.conf | 32 ++++++ docs/network_new/setup/wg2.priv | 1 + docs/network_new/setup/wg2.pub | 1 + docs/network_new/setup/wg3.conf | 32 ++++++ docs/network_new/setup/wg3.priv | 1 + docs/network_new/setup/wg3.pub | 1 + docs/network_new/setup/wg4.conf | 32 ++++++ docs/network_new/setup/wg4.priv | 1 + docs/network_new/setup/wg4.pub | 1 + docs/network_new/setup/wg5.conf | 32 ++++++ docs/network_new/setup/wg5.priv | 1 + docs/network_new/setup/wg5.pub | 1 + 23 files changed, 494 insertions(+), 16 deletions(-) create mode 100644 docs/network_new/HIDDEN-PUBLIC.png create mode 100644 docs/network_new/MESH.md create mode 100644 docs/network_new/NR_layout.dia create mode 100644 docs/network_new/NR_layout.png create mode 100644 docs/network_new/setup/nftables.conf create mode 100644 docs/network_new/setup/setupwgtest.sh create mode 100644 docs/network_new/setup/vrftests.sh create mode 100644 docs/network_new/setup/wg1.conf create mode 100644 docs/network_new/setup/wg1.priv create mode 100644 docs/network_new/setup/wg1.pub create mode 100644 docs/network_new/setup/wg2.conf create mode 100644 docs/network_new/setup/wg2.priv create mode 100644 docs/network_new/setup/wg2.pub create mode 100644 docs/network_new/setup/wg3.conf create mode 100644 docs/network_new/setup/wg3.priv create mode 100644 docs/network_new/setup/wg3.pub create mode 100644 docs/network_new/setup/wg4.conf create mode 100644 docs/network_new/setup/wg4.priv create mode 100644 docs/network_new/setup/wg4.pub create mode 100644 docs/network_new/setup/wg5.conf create mode 100644 docs/network_new/setup/wg5.priv create mode 100644 docs/network_new/setup/wg5.pub diff --git a/docs/network_new/HIDDEN-PUBLIC.png b/docs/network_new/HIDDEN-PUBLIC.png new file mode 100644 index 0000000000000000000000000000000000000000..8f274592378ea05aa4e5f9d7c8d7ae4f3e409ac3 GIT binary patch literal 65812 zcmeFZbySq^`Y${t2vQ0tA|gsi3rNQxiU=s(-AH%C3`z+S(hY)imo$u|^hkGicMmh? z=IeLw{X6gZt@oV0*E;{a>m8R%#(AE5uIIk$b6?lz!e2&83=ii44g>wE_uY&)1H8nN}{<*0qDfSwIx%~63E;Aegc?=PM{Zhd>VPn$8{hc!A=Pm~=kwNJD zJ9=L<&1oWVe$c3St4U;s5&P#9NT1J`2!@oUM@{!D>7)MvB$Q(=)r5E6Am9+9a>#F9QAur5AmS349Tm2_=Ce z7vD^`1=Z_ruOO>>lbL;Bk?}XrNsci<_A(z70R$qf-uCaj5sg2c{$Vw~o-|;M>J=%6 za%5K(EPtvI!KRW5hQB%93uAI&z!??XB2U-!FcTVv&sjz9MetXj4SX22YV`e5<&@3s zSV+jdWY4UwyE1lO6+(BxnG+>+l4}qfe+8TB{<;nY*xzs6C~0h}wZO4Zv`XJfwU7Dw zpvyp6mNA84F1dN`mRQa0n@#zp>X|o^(Pd%-jqB18nTg}P-}_H*3Hq_th8jbWXjzY~ zU%v|8!8Hs)?iHqki4+QnEbo6bu#(n?9; z?e6dI+wPk3a_;{)K^J<=|%WlEya zkJ9}*l7S9IH(SNsGAB`mt_G;7hx|f#FcppR!?qN>;BEftRWGM_-qEs8LnSWzOW(zC z3SgZR%mGG57WUC2h9P0o4%>hePo48 z+QzvPWli*%LjwJyCLj|qs?(T zT3Q^cwZYtB1RSoeEYW$Nj^sU^cn184K2a+3uE>afcmA&zwDH_lkGL%p*fu+ht!EpR zwLJ!D4@0p$nj$#$L=qNXCcIxH5ATlW784UA@2`J|OUiVg$NF1>10zeT_~P#w9&vQ$ zohtnji}7-4p;LnTzN!r10f*yDrjT+ky(ed%A_4Hr)9qhh+y7*xr ztM_DgelcJ6R=a@IgYY|^=WvFG5PQpmpoteJPWh&U#`3K(Ky~}e>9H%yRVLO6)EN0& z`tR=Cy^C9g8Ln~K1`D^#Cj&8GW3yRK@VH1tFV|k){kMR3!yC6T?Yt9_G4ET&6Qzvb zC9eK+nI+8VQLRKqgUx%+&!zO>-L^~QJFodP$6>f^F_*W6~|)VQu^JKv&&JJot~?1$vLcU|E(f+?Xw{QTp-KT57et&(H?8nSb?@In2+N=o}! zEQQ@$pjq=io@=rFD%n=vXB)X2)cgjH-K9<;7BdRQBPH@CWXk1luxeZhR2)mG7yH^d z`;A&L)pi|U8l4uD_Q{QW8}-BZaWyKfQ@Yo`&+Mz^SUo(cEP&0};+D0!4^@&L@w<-P zYdJ8kAzP;w??}ACqEaMW9uNtcr=Cy4qpvXXdCs4qK6T)*!na(#D>{@BT941#^`80V z=_}tBj|eEOL|B=_`q0;}U&nr!85^j zRdi=Xs$S~DSMO~9)e-xUcvu;*tfHbKa5MSsn`EYn?1ABd;aq9$NI2{ExKp}Xe@0TP z^4YglX~Srno+$VZ{w8vT}A4eP_f9+<}6r;M``qt z@OT;DkiXdeRee1@sU!iD_3AAA`80+P>=;RD>3fTv(eQ)5!AZ^Js3;|r?fC%MW!J;C z(P~l&!`}K{`{w2y;b^(wDT`Lv(b{BXVr5;3G5> zxgC;bOkS{gl9w+TNff`W_U$8$PLNqj89GBLU=c!*4I0jkCquMh-*~DN|cC zB?RK>8;ZFCfqcL{y?j&t_5bV*&q(!E8e${o^ijEb@2`ugXaHQuY6?j0=g*h zzVMYFzQ||bNvbhG>JfO@yTBhK4 zv|k&@mP?m-ANOK)vc?I6z92i!%lSOKySLa09DWky6I|BXolaJS%6HmJvwgZn6BQE^ z6OQ>|H9hr7%<}iQhS?@RA3`lHEwI{cJUqNxw{Br$7tPS;1tpt0hzU>Td(oR|+rZ(N zFZWoN5;~ijz5~z$Lc{tr0zTgwly5H=FTaQEO%il-J>E)8NZ8okMwpM5L@}$Y%`-^^ zd!7^)!pE6SQ|K=hC`)w^VNP_KIE%c{EizdTU(Y5{iW54p-ecIOAdS`#%Y^-ec3v2yIp*GaY%8GIDB`n~ASFK3r zrGkQjk&#h6mqiqd=GyYIar#|)uB)UeJ42zENSU5)=+n-rtF<=sz93tHz1sIsE*$2z zni6<%`8udtPO`JNFB@=Semi@ib#pD)vsxWXo?XL+fFJ~9C?SW^2b`v;qj9Uj9K}+t z_Xgj8CV$V%%PZFZ1$7_ zVzf5P%H+nz1{8gwk2=})!Xii#@^E!@EWaU*2jSY?s@W#3|5#JwW^aGsf0u3`6h;4g zFjpCvf`H4O0UcfD$jAr)erlYjUKTc(Lh8K<6i3Mh^Ur+s3Ly+?|FnK_W`>ZIl$3FeG(eLBOk1jZMwY9Awl*tJRweF{TESlBNxK6Km z&M_$F49qlmz3)h9xEV$VBn}lORtNguHKP<| zVl8fKYZIUuF4X3}e>;*vv1CRSB1~0(w#L{WsSP__jQ;uaC&<;~X%acnk&&E6T`@1c zZWd@QLnXuanh>(BI#`3b#T}Pj>FAWRWKuM$Y)N^y0d6z{Ko5;_0sb?wNJd5m)Gqz@?K9;9 z4R?2U6_prKDPwvZ?c=xq^my%EfELK0Mrvj1EPf;nqBFt&#@a> z7XQ^XONw{x@Rs2`)qdc!?$dlQlyk09zMQnRD8n+Wei;w2i>9cxP!N z(8+N0>fD^(x&%qQfNbPxXnjj+8O%@>$BN=KS(VtzQtSXg-Bab};+ zyqDSqGo=5se1x3?@a^eL>EwfhgWtb@8+JxjRacLd3w8Jh=KsAB^hW{XhxWo|Vu~N{ zqW5IX5hd6_njRT~F>-q(71OJp zN1Gr6nW}ei!{h3gTs+d}a@TOG$29Rrnta$55c*`Lh~u4sG8ldV`HK!-0ueNqt!1@ zo?_(5Sy>B#ZTR^3Ojg=_w_EN3sj|F)2-5b^@5cUHZDO#qIK2G)g(}5*Cp)uFTNA6J zrJ1|uHjrDHuQiKHYmlmGM7CBGO8P=i;P?Pb zP&{1|VMtth@Zc5IS%N4LbS5(s9=34lhKGZ&(uvm%a0mY79ZdX*_-)=$m50+9&M%FK zNqL@J7Q7F`p~cvL=Y@9|xQ682Rz1D`p>@}gZ(kai}3O>#v@Ak9y6j|K3ae~ ze@?%0|#m1;F} zdwKXVcNIx4_2qEP_{YF;5Yug(AX#Sh^1J}$6UKz<^TA+W*Vz#|BwxiY)6h=RaIN^LeO~K4N9;(uxj5;*FH)r zOp(V&@tl#d^MsNX)j->Zk%~>zei4JkXzic`=fNa$kNd zTz%-`Lv(}ATmA~WH<|l)UGcS@=Xccy*A!1398rgUg?-U2EXTRplI64z2K{s(H6w}) zg9PStYY!>_?5X3;vdYjRkujae*`BH-dt-etnT(}F*IcIy*C0O+PlQ9^=;`Fgmt^AN zew2v$DdP_#1*5n(T^)U_2(&Gds_>MqwTnM=nv2XYntH=2OTFSvK?%F2?;(`iZHtPkIoqWe z%N2ipl~&s43TNrSnrD^rNvXkwr`{9HtI(ns-)>96MjOskTIXSbUq)AU*VZ)??2+}4 z9#!&l9TjTq3h{C_Baz7Qmb!)!$!qh=Z~8o{v<&$&nLehi$)F=R-ZJsX6;L zJkE&iYWkx~uD1|MAOSp2{-?u04KI#7a!%^L-zj zsmm9$5I?mXX=`5f{s+mr(&*%5xNzx|Hq%+#X3gx~u#zMJxuDOwc!*>|b;Fh4zP8*~ zWe{^xSPP-`GLQG5#OfbDth5G^d$_v~fpm~9pBWKBtUmnKVvD+&Ny6mtw5KV=66?_z zckZ&+A{$f#S(9F{)V5n_EOq|jD4nj85kGjc#B%>r7NjcY_6Nz{KhJRYlv3h}vB}T0 zv^0Q=D4?(jV4mRvCozWALKx>7)y0PnPu}3|YEp7QM-B8dzZO$+PoIsRG}lNI^JA6a z+$w0{hC*^(*6f8Jt>V(mpHc!JTbmkk1i0&wpz8)O_s&i;0P;bK?s1Wv4<#}U`Rgd4 zu`9B0UNn;`&=;MR!+-VfL<(~-{2ChCi-2Riy{`joO(PlQ?c+n%=^ywfxDqSZTDv?V zMRjo?i5ElbUn_$6{3omLWPb<6f)n{gm`agWA+o0j zw)WJ+KL@P%k9e;v6;3Dph{Gt5P!9mIyL3`aia8O#9SsI1xi1ssT)@2+P`Lxzb=#d2 zrSh(+IS0EhASj4Cn)J8u(-=>~1=RLbT@711%A+rYeUzBI?0y$K&G>V&m0{a* zd;7!e-jZo=ynD&+or{s_tGw#d=PsW!r83Qg#Cys|9)jgrkbRyvy&8r%uX^f%s*NcS zlTJEmV_|`qoSffosS6wv?|B^m0T}%!-e~|bo}8bn=VzEI84m;>h_SpQAn^@ivstdK zEt%7YNx0c|R#R@W-@k3L?AWtn4--Mo;#vv7a@Fb>5Iw;N^p4_L$;cw?(5!vvx(`TT z51%}F0s!m$+8UqLR4qU?i%f*r5XY32yJ(zfH@IAq}n~D*;5S-DS7{DU7$`Vj)h(|Id*GVD`8W;?wA{Szv*{$99c{hAdJR}U0}ki z1hyfS$ak3(-DD?j!F@Vo@jtk?+Y57OXcCu}9CQ{UChXeG(Ee=uQVSLDTW4u*ol~q0 z<%j0xy^GepKz1j&y~VaM)!O)&)Z|*-F0Xro3ghJ-D0yutTb_=d-XCP&XWIUBD3Tr? zir**jjBBKwm%R(*R5~u0FNU^>c@D~jFd>h2X?Z2|# zRZmnbFMv;%r^{1>4c}t|T$X^f&|No5wc*+0k;y@v0JtX+I() zLpW`3r7`brVj)`!{V3rHXv@rr~BnV&bLi>8Uz`vx*8uk->iub@P}O;6->*H?Mya zR*C}{MhT0l{@;kS>2+4H`@1OZ(r2hu7?;99TUR_cD+5D^&hyu=Uw6fEcJ}u6p8W{- zsy_F1h^W&@Ejoh%mV9g(Br%BGBWB~MX3=Wc+nVEjRzAWnHU4w&z z9sjyrt#S?=zAwvQwzegp##3V0nRgajC|fV9S@uEJ+1Xi1DGFe3PP3t}RIl2UAkvQ zI!ajHhQJD60)uy49|{82t`cv~h>BF%^1A^rDAN}dLC4(21}F(g09EKH+Jaz;4{nP5 zig{^s31ttTSpyx%;A5N3oFhOwt8g=KdlFi_o_=NUPd(U02igp0l8C4Yq%lN+G zoGDU)THg}pceE1+zNF(I9C069bPHVM%nRbw)*3I(AkNJcfk`aC_2vfX^3c13)Tam3JAoM1bIy~>LI zTyq(*C5m1={zmccgz-tnwbaK8aGA*7?_$VA{^8zUo4tj0Po6A4;_0AK! zvx8Mo^aCpjJbpYAtqlWkA~?ZVS>$@2*yXPC7M_5H#kH$fx2EdcPWKG8wYBwim6V1+ zR0WBT$@_CaKpdAv9FEZbk9K4)a8Z8ym7Vi#1TNLua3N+n8D3pk*{1q&;!jOw0^?;0 z;-XGSJ^E}N^v!Un&?oZ*`nT?)nLe+2J_nl|cloh)Uw^;dkk#2f5_;n6KrJ1 zqwI(PGB^(8+W9zzn-&)x&kqpLu+L!o#EP&V{WE^j>*<24+K&|zG*$2VP zqHXqN6%0uNs*<3Y%jb5Kx0@aw-Vge_-T}0r(BPf?bX*Ec;qswp^Fi^x>=W=+AN5*i z8>u}y?@FibBoJSCY@PsN{8l~VS}uUq3Di_jwY)I`MMPEv%GTA@6<}fznSi$P?Vq%~ z`T67$uZ7J9NQMo7#x1A`FVV9q<|u%s9q1Mwf*P&b_6AoPc zQEt@9;h$B0DP?QFcIz1x;hYD1MfHfI!axgGojRJA(?=pig@gp*_sGADT z*Spd#%XPPvYe9Jq;6)a9ax5&rE7xwi?{{-=ZEX$Z`kND<*irA>3*UJ2^V5HE!M&$; z{|(eG-`I_$ykd8WDh)Ro(Z49+Wu}7+(-k>N`D1&bM%{6djLJO{4qub?;K2Z{>1r@E zbaz{TgdIfAUEb$UOn&9dKXJ9$D@UT(z`#IdEf+&@(&_2xk&I%ZN0nyIm3+aDh`CHP zL-lhWX9uUNnaP0|Cp){#N?&Ibb24cAg1*Js>8a{!8dv5*@>7?LYYez`Cs(l3&xv zpCEhD7w3R?5FZt_w7KbVxTa{9ATmqzJiJleIQlf%loq3wU|W!pe(Jc_NtX@^O%Kzu4Q}10mWi4H z@*3sOYlaJ)N6}8}D?!>#Hj1x>h?a z;jVWt@%tC){Fw%Mr?e$LwYp-r_tK%cG7_Ug9tIT|g94qrylz-8)_4s1a>AYR#^1ID z+sNUS#bRzzy`BtlB)jdaZd@USD|BHJlI1g;{7m}46dRr*VM!O?&n7}bG-J_~ZAJ7( z=+obA4TB3g{CQvMuW-_5L7@)O=O)YL9{qbiSGK+n8@^b+fRB2DpD?b*J z)z<`$Quld>Z5Bezpp?IJEJeAO_Y~voJ=}%@;80_&iwj+YlGq*34(Xu8!eF?xNHgv#dhuLdZ~ zj*tLWPWmKjdtrbO3Wc)XD~yuo(2j@NWli5*{1;?qN7xjaEEHvkmo7gd7Ws^eYgD)& z@_A$Cnf9Qr;Q?Nj_{)nb!e6v623PIVC29uUsovbiEO|wpJxN>zl#j;g>FKVsMxp0Y zWBh=Eas`0q<1K#JspFfysMQOz_2g&MiDfkCi=X@c>OBTa2s>wkOvG}lrQ2hvuGqT6 zSly<$J*z+DLP!^{SrL=Zr`7daqBEV2_V)J=ZQIYe{ia4ckx1w_)ooT% zkAo-`J8 zKRO&eyUV?0kdY*na55YCg=)6WPACTyk4s8Qwv5vrYV9JDgQKk`D%a+nwx&J0z9yb$ zr6-*`pRFHf9^;)O`!q8PC##}uPJfTFV%6QRd)1TS59;bpE5B1fdk&PaL0R9<+WPC^ zfiviH&$eN3W{KI4=9ko=aUzD(F<5!c%S)i z`wi?J<&181J1DjmXcH@*_SXCovf5f%Sy36vb!>}idMQ67wXS&7tNs@WNhP|9JDDd> zI%E`XeqY{hc)89i2jFrG&KV3o*Zos9`Pc`BT`17+PL7Fr=A8xF44|WJ$j80cz?1!f zZ+s$-J7jm=;7G-8T~_U#xguqH%gbANM0e+y2Petx{R zn5S;TCdJ@)^OyJ@G*U+G-TmQ+S6=gRms}key%L}v@o-uiYU+j2Jjcy3KLSdn6F)>? zct=Wuja)C390FNjoOXlpg3j*?fbm_-6hy#@#WpGU@V;*I#a|1a)F|=(Pwb!01g>m? z3kGhy;P3@FLrPi9R}4M)e$K(iJsGxoawiuEfRI4qeLECKGEJB4{>1w}AU`G00XJ$L zh`l6a{zKL_%s*xA!jw+$GsJ?AhTvBqBe^p(GoUjJ=vC!b(?U+C0Kv@7&s!+a|HS|B z-;sO70e@p?h1~7ekgflTXzAqH#;eXP0eu2JjVxs1b)bnfeX*h2k+cx5iw;zrF z%vXF^~2+82evHd2IfuOb7Sv`_gC&;_N9&28M25j`8s>( zcb+Ss!=-~>WYG;mXXQFAe7AO7OQWL)w6S5b^iPp zg*6)|t_y>Td$B7%Rl_}aveu9!c>eGKH$D^01t8h21Ob9HSb^?$>t~I~i<7x=wzK%tML2o&ULH@#@tXY|l^u zua%QH+4hV>Kaumf6uZheq@JKS{&Ko|?`crf%6nHz&%i)E?cR^f;(yT35ac(K!ausO9%6#lwdk zt^=!QvoqfUHEV)N9q#=qdE`)yzpc95n(`_-PfHx)dGQo;En?}Yp(U4q2ei^kv-sco z9`vv4DJSNPmOIdxDcy#AyMtd|0P*y@B&9A(Ztw=eybfZI8wd2X|Q= zsw43A!($-W5NC!xs4)FOj}{D8uf-Bv)p0dP`5v8gg0qJ8-U2-lA>qzKQhJB;;5u8X z^5H8+xDbt`;uVNv5Q;#C9jQg6J8TqkW`5yM?!+!HO(%u2Zf*IxGsWAFO4|S@?7VX_ zdOu~Idfh6n{1B`+H;TuRRB=AU99o_e8}cJFDQj0nnb?w0sz|7}om zxNBJ_x~<%jOCc&&*LEJmxmY0zYrYO4{(^*my!xI<{%UiRm_?d@nTwv5ac@;g7Anbk zTY5LsM>@)Z0i7uIL!dLtCU-(_W+1IBGje%*X2cc0Fu%xp5CUNU9X8@N(aPokl|*N~ z#JJA6z2Uj_s8mA=S>uHJPVXL;HfKNDI9*8J(KdTG8fiPf5LUE+vGHi`aVom&kGNM{M zc7ly&I!p#UDzGHU;od%W(UU09pM>7wPBU}}+0(j`@7MgO>v@eO1o8t!ByYkeifNDT z_;G#4D{anW(|ZT)Ev)*mMI}({JsdLk>(kL5;iLU#0o(<6^zmkmT)v6C^gN@7j7)gm z#W}$}4HjyTMN4@YZ(Nw;{K#HP?DPT5X|!AHR|nc;DbCT3KnvlxaegltF>P^B?zS|9 z5BbKv06&@=tJrjS^B>G1>DqBO2MOvSrROpWo0Yc%oZLP?3KE^)ORde^F@N^JH{kcI z-iZO5OSVe2`bIsyW%aF!o2f6eQ82k`e@m>E25TbAkEZFFnO^`U7wWpYwpAc4Dalx= z!6P_s^)}vfFPIMtneh~TcdOWDJ}JSAlY)&+;CFh&cc=K`O!%jFY@cnq&+M!G_g~5fvYjw7f(^6A>hBC;crrcyr!QULmf7L{4F=`tf*_vn7 zLQL%D0kLo)`@R{|5^fRN>?en*mCoWCe9ThID1I8LNn-B($@;)&^5P0PRHh4PWm$zh zYKHDRrM_QgtGHQMJEV!^Q(s54#e``v1sB|#n~0D4N__p7ahS%&IOehYX&;S2yTKf%dFv){S)|3^lfXU(UCNU8g)xJL zk6ukcXefz{l6i&b+%(?}{_YGZlKIkXOg*I@0&#nTHkSTxLVJYqWIarCSm!lLI`q_# z=lxSZ&O~DV;~D68@_;`To40E-&x{wpv?;l0y(A6rA!xov^_siaA|qy%6~%0;ayLEh z!q{*kKZ_tDpmavAC*`2-Nsak! ztCOS9vb~R!2o=Fa7rJ!?GKfxvGurQ67mTzK3h3A4^#<)k&X={p*FPXcGMWn9Xhe0^7QMj!-fpfciPfOGnC64b3<7@ zc8oR(S-H;d+yb4%I?kh&>!2&B%QK01Ii}_#EiM08TOJXAP`0>j68{E zcj&w}W-mR&2vGxb77cgObbE6MUr!J9(v+))bN*yap0t>$KZ!nxj@}8|glQF@U?>03 z%g;Bv0`c?-#bgJ{w~d6v51*O4>zy1N(ON}q5tD6kpChsh;p6JO)7TWOt>e`=H{=x9 zaUh=Q&oR=pT|VsT88KPe%uyomAi~AYm-D9oZ!-u*Xj~n(R;${pkZ;x#m{LmB%(>}R zh0aoQvWgDon^Ny3+|+o%IR(~+*=X?+Os*wHn+4I=$XO<6+=)UZ7g(X}bBk=-BuczD z+>XQGr-tKxltK=jc}ylJJL>Y8Qh50IJ=tE-(ZkQ?OG*i|g0PkUT2tJag*J+kX{C~3@$ zP$x6Q4+AqWbUvdc9z>YKXp| z9}2tpMbVTPHi!ap8-tDuVB$V~@&u5yZNV*J6j+eQbbC;K8<**N#=$r)j}spD|4kNp zPlZG8$NaW$F_FKbcE2a*p0>b4ayM2^MeNz}RG(Gf?CfknlHUdupq7A0u|Vr8*TWlB z&HG3Mx`_Y^7|SguQC>|=tF@q)c2BeuBhcY$AUUdifmWQ~en6Kb&h!%3-NOTZwwg%^ zJ89_bTnCLflaZp?Jk?SO>xU4}1fa&(fX>yVy$(h?H6|wy0XO|dG;XHxIiAT~nJL-j znNj;@c%vYf<;2t1REu9DXOA}LzmU?{Z==VHbeFj;BT7o`ruNz+F_Tqx#;bklpi_6e zzmH2mApKT_QQXewzK;9xW(8sku=ByE`wweZPLtipoaW(D=}Bw%hj)X#x%;*v4X&C@ z*Lx69@D1cD7pjACR7#-)@{hm-7vPSKgM*yMtOp12+@+Hf6F4mQMl+RA=aI|ggLz6- z5TWY#r*`eeO7*ge z_l@W7DOfTFr)I8@J-#~OT`4i;H0T8MHu}^bzAnrXJ=}LrZ@f_&PN=r)<+`gUg!lbXt?vki~G^D;A{9v(E=jBuo zZU<&!a#D168?#t`u+!&@F*})`rA&6cE`vNI($|CS?cum`|M+kDcDJ1bnG!*_zZl zb}aU&8A+mNx8t%S4hEo0hv*^or%$hC3~t-#|APzg4SV1gzm^g2d|!G56jK`(5fK() zKfW+EVoxPhcuuQr7drqEK8jVF#oKwe6yQuNt2pkA=U$#-=U2b|fSQ!G2gAdc_*U{R3yVvq6(DYbP`0#mG@$M& zRzPtp;gQM-7pH(}mxsyL{$LWTd+8@YL$PoEOav^SRl6P)K`)=0nkwN4f&rjkw|k?I z3Pk#0EPcoR9AwfSAelqI^*ozPO9htg1 z%{&VWUw)1!VN|NLZ?Am$Q<7Ei_;i_f{9Y1@?BX!mc`3Hmhv1QbwY_}=b-T`UFft?J zh;To*ZDD0tVzHs$WJe66au#!4BX)P5t

PSfXETRuW-DBwnHE?(RY5X}TVW+c$E;oNuBN7DYMNuiqVsagXp)&fC2tp#WGF~} z$~ES0v_Folzjz;Q#ng8+aVbs5%RkaA{d(P=OsrjLJq!BI8X*1$Q}72`9PI311ylk3w-eU{IBov)Va>Y%GJ%*&~G za(YYr&Rx0yIC@_f=j3#GP8-v)yaCb?VE9ge8Lk}gqqAVA)H65k^#VdYSmEhQ60fA# z-L7k^4cbSFJeas$6Z>u)lQ4X|1fR1bl#mOq&Qm7q^c44<#?{n>!+|yQ1P@Y1{ST_I%>lCT(9)+?FFn zDTI0;uuJD#w_ucrds90*#?=%P%E2vfm?7>99B*_6MIlld+3*8T&1DPQoBt75|2=rNQgASnxFkf0~YEb5{2iciQ}YQhg9S*iR-+~9pjF^AEMV|$@ zrwp$HBFl3CH2@9vL2|PmwV|<<>wFLZC=rFK9QLz~eFX(oA$EGZdLFUtyg=SX_Y=3( zupL*0nh_Nu3g$gc?JBShP%ys-nx;*SjW|{!I|(xl?{5+iJV=sf*B=ffGJB)ItbN$l z_H^-KrywUbO>3a=0{C?i0WmQl_v89j?I#qY{MqKp3w%mOp3@q^gm(@y+sj*g!88938SvBmeW1P z=YYh4O-0J2BGbkelwqE{2j=@GXhsQ2yo_%8f7o4Jl1{F!i3PobiFMhb@pQ>(Kqyi@ z50qhV6_;;rc5nV2F|)5dx^wJDzu27iIhmN-Unpi`rF$wC+1+|x|%omhQd za@DoSD`PNAw{c#JPM!$fy`fOk#pFG_JNq_I3Ey;(-Hq`2$IgI?*fkxu$k*u-sd7%e znhVF`#cZ6Qmn|pq;?7(FVN$AuMC6sho3D?8yIf?%UiMgw6j`k)r1bwd+b9jAfoEqw zVUy+I3y9WYSYr`|UoSENEFbKGI}?R35ht&9^|=C7Co+GNU^Axxg9Ro=!KT+7K*H!t zKv}QX5&*a%Y)=Uxd49{74hdsB3x{e}b4@=na}UnF<;M>ne7@<`G83z}MBoRzFKA<* zuFT+n?5)DkOhVOxOZ23f$HwxkivD|sfcE++EOi=`a4hu31#OTAAGq-;#(0ea4`yEW z!%^SWh6`wN`$`Pw&>p?n{qwPKX~hFj+QMw2w2j44xH3TWU~JFIh=k66!%-DO2v z7q9K*Y@53oulwiUYxYsp8{}bQdF>rRV#w+*DcRC@-0Wr{s;)dcrtt!d9ZH(>%vS*VY!8VvPK6OV-U4=XkXI`chVaZKXR7_(Kxf2{V|G~swRteD=Rigfu z**=jaJFU8kOmVMW z%d{_4WqEJav(|sZW52>0z-UqtdoXnEToZe;yA$$6%~|TG)-jW3HIoM9t84&ZS{WOa zy*NKj_h)?eKmD9S|0LCjAPvh#E+KP)o_dyvS2~Q=P+YZzPoz3ROE%{jH4$rzdUhCB z#Qrz@IxVY*6djR_(cote0!xieLs{!Dw~V2;Lq$3y4DF^L*hf6{O8e%N<}{a9>DAZJ z*uUPBNJEu2TKYx#BgiV)RG+-Ox=nqHuTDFW_Rei4Pjg{pXnqC>zn?uW`{(8i-CBJu zmi?V=e1+CQGAc~cF(J0^9hEBPemsOhL~X}5Dr1#m2XP?b}9njQMJ*}$YE-Sop< z00GzvMl=d0ny}OWa00)W0_5njvKP2XD;sBrUmkF2jC^Z|khTqeF*5HQ- zqo$#w!==hm$ktQRe-t{K@>9AcNSL{(ZF}{v$t=fZm~O>zzvC}yb-S*U25i76Q%%zz z{A)O?(r$hvjzBHK24CHJvwd$M9D!c1D(TV1Em$5~oJRl}jf&9k?y6&gDj0HNnx}Di z)u+l9neB45PQt?RE&qeJc;3|ZVU}NCti&07ME{T-dqzFWP^A@x<0kCGz9^8@)Y8(z zbA3S|>nWJeoy)9&?dZ76{BHdDv#I5@_UMznZe*Eh!V8wyIP`Rpor$<>e1&&KaANDS zo+T46JMJ&Nr}B=ESN9(a9S-UupOUW?EmLuHjupjMVV}TO5bQ)Hp-&10(g}LH3HFc3 zcfQ+P=Z6;7RA6$UnvrP}#~2taH>c+Nvt>=-Nv4B0S=*m~zY`^jHWtD?&Xw%{@zbYI8B&R^V7`Vi@!-e@w{xr< zSn0_*0;4(SwSZ2m+zL`kJrJCA*4Ef}U88GpF);ogY`tYzm2KB8ybzEM>5!I`Zs`_9 zx;qppDd}7^N{2|dba#V*bV_%3NO!F7^nRZEefQqS$1i`VTxZWY#+YN8#WShD%^Np0 z#kUN3bBjj~&@%UAw=kKYKDc!GFw%x}! zWprBAhB*}1l~u{_gA;*|*0Koqg)|>{UR>H82`xt2_P)D2_jg8m*#2^2T<0=b_u|@n z4|mQKCmV%R_*Ome#q$@z;0W8ueNXK9zW&AWm-6Qcxm)-#xB>FnN>GX#ZjoMAW~(qq zNJPXBO3^`mk^-vZ(sn6(KDjh^eOw|q51SpW@s1T>9r3Ib+zt-BSHxu=FH30wFotldTzt{o z3yc^PIw)83kabx~;rm|;}upL%$}I&HVP85lZDkn6G)ikDS-#ODmW z8ffBNTma{C4=EUvz5lDlGB8X^0oC z8I+V2)nwJ`e5z5C+y8;u1s9<+A)urjG!=rVtfWVYnng_%R{Ub*uBXQ0LqOC5`tgnT zy=2l8;Ttk+*Jn-_Qry2T_NPJmHw#kYw>HZ_NL5qbsKzY9G2t3n(TYnlCR5O{^OZqjT-k3K|% zy&i#iu=n4#$031oGieyva>jidxD&$Ar6*Z!S&BVN1(?4K4S3ua*Ectw1YgBqu^!A1 zT09bGF35e>{jFGwZZYBR-5l_t^w02a4XY}~`x)O`=mn9?QVy}jQ(!Ms?AI)p>MD_z zfa`#rLP^hE_g3F{K?I2E66dGEGY|Z?x_Wx7#?fUCH+_}Ct{7bx5?{vDMClNhtHdgF*p?er` zTK?dx;{-Q`u{i^7a<8Zjw53SzINDzjAv~eZrxa+F<_s4A)m)4Ycc5;LsIF{IhKwYq za1QO|g!*MeQj!TD;H8FgMCpFDOzeKCI=y>TiqMFQR&ct3&6ywpmU!Lq&o zs(O8_?d@ZBwS)vR+*I;f(JlqJray||cOiZyQhXJ)DJdy$!v&aGSk%oY+Nt~VTk?Y}D@QoVqhGhQ zxWn%}8_%ASwNL$MfM16yzEhDCtX1fr`c%nM?5+(>KI77(pb%yz^1#g)k~%rOu%0(R zNMCz>kP`9HW}l0xH~Eo*F+`WAK3iQC&Ebq=m3dpKNL+qeYUvDqWn)8%4`%5XHxh^Q zNI~^V6pOt&*{SqLqw0@%f*SZF1(94rlSYi~(v$CYae9Z+?i|Z&BEN#W>eFHl=Bx(4~2iShYJLu6L)NWHeCKaG(=oimXh-p4Ie}G&7m~0+IO$-JtHGnKW*C{aw~5g zYj(;R*)tyvhs$@C(?4Rid&Kx)cw(ZO>Y189mME#I6Px7($Nu2G%6Tbw z8~aG9rSRR#oeD8rK#F=X)S)8lQU$m0;=bfp7%>+lASg(KMAN{lF;}(%Gx^E*ovS*@ z7>|YQQ6S4k8A|N7=Hy*oA~Ym3y{HhvuCyN=n}r{-e$71CFH;MLzGb|mQ*7-=*U0%1 zp0~ckiH7$n^(Y)>@ra>{3JxhL>9c3R9whqo^fLrFa)1I@5fKpp-0|}8n0iU$=eypV z-XF~7ARykHvLql-Qz+Ygjp7GsXHWYfE9(e=#9Gx7t@!D#*_sFg*4ey}8 z{(yDq85T+NtZypC)YKGIcZ5VlhD^pkd)}Y)u;^49Sy5e3;q)~S zbCJ{2Cf3=Ca&uNbn`gB!ruy_r4EgkQv^a6^tQcgcH>aCGKz{?=EaHTu(N9UJay+Nk5CzSs|K2peFvTlFuyW~aM|U8>oz zke&WP)k0Vsl_RJ+5#U|Av1-Tf2vdZ9l{se~bPqD?W`9IAWa*$LcWvZFh4?+Y7xZ2Z zZK+}(ICP3D2$6je100BeEaE%-7#hV!0K+n_p{)nD;S;;#GiF%3{n4n6)S_Nt3cLtp&hM0D)L_IS2r~QL?`3T z5na|m76*NIz)kRlIE5rp;d^U>N|B!J-(PBdMIOf(@fL9i3G<9#N7<1gdvkGtJ>^0D z0LO8(_A|&Dhj8b(|A}dm>{Ftnu%aYRc;i@xul;rN!z*OHuU7g+uZi)v_v$^aSofzY zzXVMfY$#WqYIcJo^7QA(NF+u!azUYp{*z)PKOaXYs}K|_#a>*@)fwEow!URl%xssE zLhc_{V^K?Jy1jn4wHmnGK4O(Jc=JL1pG z+giU277JYoOHD2l5+}!l8D-}>VAVA0osH=A&worm-5J_uIt*24R>UkaMb_m`X_E2U#&@HQb+M3}+f$FM zNy5gp*Brw~Xn#?k`yMD-C~$BIVnPi9Dn*zF)ww2l z5ldCmO=h)U_ddI!5&rU8q_3=6Px91hCW}fRw`Mu?#mxX~P=qSh5`M_(y8ptv?Y+u7_bgj@*bnUH1ftyPqwx`ek==Q3Tw+X zIU*9if)Sa+47>h2TSDnIO>|dITn%hg zma-Ib8T>*+sOn{w=ml_jf(#jFouVR%Q@;QI74l>%Wm{GJ{Z>4Dd^mP4uJ>k*Nd>B^ zD-tTMF)4bIQ?9tSFHLBV4(*Y9z7VO0kZHa}`Xt+msS9>>)*p|)`GcTK*u?@)5QhI@ z$FIgnn4H%Mj0mg}CnqPjwW61lt%#QaHQ8Owp6-Lhl$PKzsJSK#wI0wX*CfIb|E>r zh{-QxZLCQ5;M_@r4P)s`Z9vX3#t*QtvVMP?Q$tbmv}90+#aS2KsQoJ<4z;ppIU;kA z@l5lsIy)*mWKa2Kr9u#pIkLj58k#}jw z=YdD6LKi+gqSy4u;x$amd!)3qwBV>4-gwi_Qb&LOvE4F!<|@>E2bCm60LO%%r=#B+)M_$F{d$Ipg^JLJ;?JgB~s}uEZCD)=`2c78|SI zyqos@5k-P~jwW)|&wZbXBMW?uJz8x^!kiBqlH@o?Nz1opggEMW=VWEAb@^Wp*<5Kr ziHNi_4j4B(QUc_Uey|W%Y@+7E@2bmoJO3MDN)J z1d^&kIz9UQ38~Yh*x7d9#Pjm>eGQk#K!FQhZ~Q2K_Ggi&@xV1${CLAfKnu!E%dRY*2ZOF!ZjqQOBs`K0`};7%@fcJqaa-&WC3w%>6t z`Qn5Fm+K3%r_YrmMr;>)-}m64HqAI5*~F#BoVr6bK)rvVc%6-3W27p>Y58qK|FHM* zEi|UM_&Khi;G(eI4&CX!MvR2YZIlS7TYOgL{hLCDfE(P!L{LUf$GUEQy$a16@49!_!7zQAi>}tq{%l(TOhA zEGF^y3mrP@{7e1)-H%v~?x_i?DYf;3nG%YYTh%6+SfE`JG8+|7lz?dv$8QVx)F3)q_n4L))_(~zdDB((gXa(3CD+J4D=gBxu)6)_sU@v; zAH8Spj}!Lak+-(AQ9OI)m6b8VTx!-6$};@|QJ9pYy6t-cnLIUw#0MIW{lIq$9$3O6 z^3sN#d@mt*!ku z)>~h5SKN|lB4K#}+h9LxSV=Hobl`mf^9j6C@itptXg_2LLzmaNyqv#IC)XwGNq;>3 z$SV=+BRa_`=R`7gq^bGu%Ti(GBEPq9WIQ*qN(L)o6o|dcNN2Lfe!V6Ttw6bgV?&98 zhch%4RVl4c>hy1z97Q-uu4Fix1RlS?135lDeS(dP+j-i|!?k_=9KrbbPy1VPm|yeG zI{{r>E77&O)K6`ae;7p4@L^@0elyL@JtHBT&<0I{n)Y(*5f~}<;Uk0>4X2k>Hz+2? zjQI6OC#$i|(1F{k--}WA{(m27KLgy0%;|C_2)ZRQnyOX?cA#8^qhKv=l+8{p#{5#d zU?XoK0m$p0k&%%R6T58>lYRWv-fj$nUEl;K>~X1Pm&NAE_ukVTguX9;$PAn>^G<61h(3}OP*u5uSbfv%Sa``wbNgOQl`8I!QonoaO?)i=% zt4_K6)3P^Qq@??NJ#)1d{*raJ@Lq;k3k?p0*243xZg|uA+S^!W5jJOM?dvXWe^k>? zof+{^H|5PAf^)yfIGQ;w1z88Nf7sAJpS>CA??=VNbpHJLv$L}S0C>Qa2ymV*5Kcj1 zkCCE}`7<}~XM8Z8+wq#b=dG+Us-hdsoeM>u`um;BFe}Rm$Ds@!2tk_Ob>W(NNsnNs z_Q0?qhE_z{#>1!WHJ&_MQK-6#E1S(?7E6QV6OkBeDDGD+W`g+8v>&j?v&?sAHj6s@ zV>+mT63T>)upW`fV{^={`-o+@`c5y>TBo2iOU})W4M6NN2nYb1-Du*9>gwkrp7p?h z01zh)3ys3$=hB9v*N5$Cn_A>wWie)ow5tm)sj*aV_ILX}ZnF7b0x7+3%M%y9#psmy z=GCHIq_f$7m(=kDbr%LtFjQV0|4-`wHER&y9 zJ!!F0|2HQ5ce`br7!ouDSskq{?j{(7nb^7-_FRY|eE#{nMjxiErPb@WUS3g=DB|UA zVnRKhPs7B-Br2L7Cqq^;Y6(Yx9VM+LB{oy3H!jp>zrHq>BgN!&bHIhf#%9f0(y+qj zSPet^IkYrX7i#;p{)5GV3JaTjrV<05X~rW3+P5rjWO1+2?LjTn@BeB6*zPBBSg_WN z&`l1E@~oN+R6$ZlMmALM^&hvxIG#P%(~URp-i1X*DgxuT866wq@3S43IIPk%NhPm% zLKyh?Y_{Inzj<@V@jgZ5L2aPON&-X%r9ch5jCI$F($?3ye>ZHFKK;0d_jgC2U%)14 z$xm4Av;)=g^O2=i^yeU1u-;3RMpCtDi2`Uo4zRuvMyilpiaK(Yba2z(j?(Fh~Rh36(GYXIKx{rh(Sfz*iP78(ElCp_E+ zSQ###<=O34K&2&;rTJ$WkH0ttfJ-92e96xrO}82QR)_39?ds1R^HB_)seyU($Gz@p z2^9x|FH4267^eAhIT98**rece^tC=o=CR@h-j?Heiu;-K^y?^YU`fR7{8C11SjyaP zc7BVyT*>;bjD_Gg)<`*2j+}zIhGSr6o;cu~q?+$c7P9)B%|=RvJhTXK>ExFM9JBe# zG!709z?J}z^ASWGCR>AvqW8!CbFIUH+EY&rj1dR1)*PxzFqU97O6{)NV?mL(ujaH8 z5_ny9HqV9{JZIkpYSs-sAIqu9DJU@APZJTeEj0e-t^|v80*<3SdXs?pwlM$toyD{T zv3=DJz!~Jnukx;mh_# zqf}vPs&lx=I8M6@RE`eV7n|NBt-Wv;TV_<1Bis7*H~$K`k%zg@c!&5vZLI% zTt7kUjGytr3O0Q0A-y>k;#VZkjGk_0{cbV@TBu7bM< zs~84Ln^;uX!1D8NDssN@-pFVafF93iWB>{W?7-9{pDHo@9p&na6#GZ9QNL;iYU#6H zA=XvD44Pfn?v;e^ZD!n@J_46&Zuzht*2*DKd0RNnP3@Yo zQhh-T;Wp)^&*l$DRsqH$&6QSdj{Cstl zu}KPTi_zD@gr^?#5ZGXZd@wa7b~%`-Ou}clNCl!0^;_jyvR+oeLzh)+&@wYK1D!{? zNf#<>JX4MGOz92Wf6RO)*BicZtm_P zDMZuymJ6q^J6yPU=_#p*+Lu>IQ)e=;EZI0wQSJVuJT*<-dbkuFeETMGZjLJUPu9dI3TLF;>AF;_=mkA`*iLW5v@snN zKdp>tvBibh+1a^X^rQ;?)Zjbv&!PhO0Qf14Fz-OT-zzEu6ttXNkwpxEOX`4K2rzi5 zYGnvKrD$C8nLsOz2DL7)bD&4DS6pv$g9z|LyMQ@u8ozzkZkva)9&5bCM09$(;oZ$e zNL#Pr^9~Mb8Eq*fUvw`ekLciwl`=nu5>7ri{L^DKnr&%?Slc8@WP5G zQ^HOK-{2$swthvuLz}6EBe7_|6WwLUO|01y&_jlaoGfjWgs3VWTcWqqy7Qf`J1pwk z-CJrFuNY_ESDF~v6aGtm+COwe6&>phXZ3yFE8)ir*q8I0xKRuLlmq5>?^wv(BhZ?1zANvEJ&4xkf4iZN461}k zQ%5uR>5>DNWneliUo4y1yAoArK*E6&jms{6!hvZw^Cg^OmBxvnut2#d00no$G=-E2 z>!ci4ATHwt`H78P(E|c6_U2aFbJ5o7jEsi_j-z6Ol2mDYRV9e7E~IzBBl|Ep==2zP zB~}5&ca7CFFaUcOYb&SywkyX^sr@1APPe)4-4RbqX&%=wYl~H%WEl!jRC4F59BX!i zTMXYdc#r+_MlUd5_rGb&$;l}zI|5!We_w1se!1*V$>WBqF#OboP4qh686cx=L4tHJ+^nJ#z$I)c`9rQ8tF~5bK-NQBA z^D`#p)Rd-rSx(6S`4Xt`hGW*Ql(Mp|(!l&dA%@ND&ywC!Sapp7g6Tj5T#fw6mhn*n zBO9C2gAw2&`4|ud7^aV^Q9bL26Uq6AIjbkN)6n9MLZJ;f^PrEl<<@~3wdFOzEi9i7 zjm(gmzMETMSYhrh@UeqyiHXS)DCa=S2NRit!$V-`c(}ek4tlSAUzQOzCjR~qV#v0t z!ky){TJ*c-i&PA-%vb)H>jpe3lKC9s#-D58ZeAWMJn0>QF^a-ea>i#1tE2L!ZVeA5 zLFjglt<7iyVrDw|B+wCq7Xmgauy!|@AmUa-{sdyry}iFwIAri1I4;=(g}c7KJ{lTY z-n+!ls~v$LEU0K@4LqHylXON*dlKox#G@sZw98;ejbFa{#YXUyq#BvQcu33 z>5WAZgspUG6=$lCx%_!ITOV!q;oLw=3m{Ybj-@ge$Ib^ot1XVtf2BhUPcHX5fCU&Z zh+f^?bUK*fU|}hE?f^@<8{bTST1V#D4GTLpQ#QBg zmkGzC^#liq!$5b2Hsx#?lDZo5&je=6ogTUDE#dQ1CHupaYGl(N75QZwJPxf4@C2Com$J43xAvk6x|3R_NEz z`0v;E0d-TFh}YiAaS)wbjV6zvU=s+EySuxK=k34~2)y<|HE1E*;cOK>C8ZcM!I^6_ z5Zieb)_5T0WJ*4?S>|7O->!9q0uxOz{pmt(F>WTn_mhP4!Ci+!k5Fy8HB< z9QXVYBOS#`0hNMhXQX^4@K1ix(t_SoW_6zmbi3ByPN>}!DJP7^R8=|X=p=pru9n22 zSvx4iTUFz>A2v(e?U~c6T2Q8n?=H{nds(&zdOrZIpTVJAVq)Su0ZJbqA4n3WtTEyq zOkGkQdQ&Mw2Etpb@dF1xq-kcGMlX-Y@{Vc}fkEmSAF5+RPL8U`-^1AwK2RS(| za<#B(xwyplip}jJWAf$GVx=v- zy?r%si^yl#YR2Wlt7w52d{Swbt*yBD00b<+tfUQ;oY~uRKv?7FLB9+NuqdLUAi~g} z)3HqqpA}s z4!$dU>to6;?;DOD#<}%@VH{6uxi#(r?(c+n8>s&s{WCCn__KJnXxW&Un5^vVzZuH; zuId)8uh`1b-yd5mIZ|k0m#WaAm;mytj#sa@k4H`?!^Y;cw8NQLtPS+SKr^f9(!;}C zS}%*u-*1iyebksX&u#*+E3}H!^*4Gbh}vM?k0->C63%|4cyLKNB$H2PWX> z{id$Awy@i205Le_#J~j)IIA&jBCF!5f*Toz?C0y4AxK%e<+zz$O`_sq{45m#N(>0x zKndVFp9$>UYo|5*f;)m!p?l1Q*j@4=XLiR*p6u#Mg(&V=W`r#lFtKqsMrLua^^6`* zLHG@Va4#<}dikUYP&K1Znv<8WE;o-{59jDJ3mZI$m@RmoqYeOEtDP6u1Eb(j0{XwW zn7PHvUE9n1qQ5>)_>;RHN^{5hG2ZjOd+W~-_s&9umf)&TkvnL{t`8n>#-kw*JM;zw zUfjKC7)3c!RF==XwcGc2ZIZ>~o+Rl^8l1!FBSMKAoe$lCH(;G+G_53A99z>slKz%Q-|CCN^lVc_A;DPLSx?f^1neF&;#pRhe$SNmNtFfG zO@Crc z(m-!LGIw1gIfr3ky`+N}%YYXL+J+c{subWs2>26l{exRBM?nd8R3hd;ZUA=SWHA%K z2}|u3zl8fDJBpD#`Ifb?P@l-vMN50w6J|el)MVhu4Y|JF`RMcjJUp(OMfd&hX&5;e zX>4m(WUU^>KJ(MK{HcasEegmhAP=XAn=_c0P)0YCt1a}r6cTFA$}*YASLWsA4WVC7 zuGQ3{Lk~l_KZ_N$aHp0Y82#9e7pJ@o^SB)UN#HOt5b3BLYyU7na<*C7dboHw<`=U} zPXy=E`sX)?sYRFX$pnTvq1WXx-Z-Jx!%7{J$M^ScFR0^$iX>hLhAo2039@`bTy^mx=l&oeXY z-KtLILLNl7ydCMh-GP^1SvhvX_;xSELihpJMtr0+fmn&cEV=RT#oMl z8)DqJKiH319}`~mz;LUv-yI1*hD6%Fv%K+Qj0b|B_<-Hb=F!l zFc)vBdw5h^>#jEdpFJSA0n?k7mKLIUb2w*P34?m?odKZdHv_x$9T73HezR-z8>GSB z-twxd>|LL4I>tS)^^_c=-|8WBhBPmQ#uBScm!zyDx)cp5jd(0+Dwz)R5)y&Cf? zFoDT7db@9okK-zigK^Q1I*Pqb9aUS2 z8@F5oq@OU|yP2i4`a9z`H{x|zy+Gqla*t>E&EWP4ndX~htFbjW@lJ< zwrCi18A3&iEebsxN z5sR9+H<{*7{@w}X&dfsGOySX_MKKDuv zBFhiXBcWqQkr;J+XBd)0u_j5Qw)AM+`@f`J_|n^lzU;FVwmpAXyvvcnM#?JXwTE#pvK{!vJ?qN};&F!O@|xt4}@uuddaFS07B(Mc(`?*u<}z88g81(iHH z>f~_?m?+5ZTY`&+8!-*9m#`>iv-;iK4-WyX_Tl5lzuF%VMIs_1N=r)vMi@XCHEF%u zXW+#e8X5wK+eb6A=|c6FKnn;O4*;xsW_H%1{nQ;5s~J0>Irs`7xp2tkK{fY97qS2{ z7D0e!mOWBLzs=St^CrNb{MHE<9BXC1Q}J<#zB3r!9OK&gWN6rJk+H0&BXEmMAiuW% z_F|@$ES$7+ny|^Gja;q#CLTmf2?^#VCY;U(T3uY}tsb|#MR}90j(dL?|Bmqa-w~n< zg5UBj{`>dGJKUa(=uEh}gSSyfnjJUWilvqp+XH{npB^Z@A}})C^_}VO4stk}V&Q1q zF@Cbr5r}5x{`JqQ#g}%X1H`g*{#KGA$!AQYWv>Aqvm<#-=)Ma}MMZ16?8IWp8Owb> z%!S!w-yIgYJs2&za%a4JmnI1Rv)rmj0hbPZe5RyUE&6lJjt+Js$mM~!G-Adm3}iJl z0bvxPOVzcFS(g57oaSH)VS!^B@?_?uiL=cs@1(9WeK0Sb6?My#*QV;G@ugt{(Ua_2 zskGf!{YQ5$Ymd`6;fV6x%qSr#yfaKc-rX*3y+)#A8Vmm|0AyL_3-ug}o#ULO<*VEZ zwp~++3A^ZK6MO(jKc~7z6F!3_P-6*ZmeW$c_+{4{rM(Qb9nDwH>C{QAAvxr1<)(7> z7%5hMu2MJ32BCaK{P-C4w!&MuI}*tUOY~Q}zu3@YI$)c>eDT4lgl3`sj@Esh0MjMX zt{1HDSqMp7G^;gzKhQFLwdCggT8l2_wr3(1S78iXM0I~JA{OkB=jTZ~-~WR!6P~Sa zP8QK1`oY`SbYYS2OqC0q91yRbp`o+OIhG0Xmw=Z8UjoX7=Q4XWWL4~Gq@7CA3 z3>ficXL8g+DnPfrVp{ z1eEIIGr~CHD8R>-IE~vV&XJ?hgqBAe_lSsmG_#!U&cg61&SKu0bU9c;IYD>3p6#@m z;$Bb7V!H>H=Ae7*)2B~C4sm9Y*E|FO<}8(~kYa>MgKHHp)7SFZXr zdVMetYti7Vh(*D-N%EQIzJPAM2JkJwK;mRysOG*)HMZJ;i)~ik8IJlOt!o+UC#Z9L#=IRB3^=2W*BMcExz9U9GW@mlLS}mUj9L( z(V8ZhBz{17wu%h z9;(9DQ0Z)Kpb}#|o(n`q5ATp}+sp8B-o29b5?}Uf8!dYoO1=x$>duLNiUMt!hN@?qwNqut7d2rvH}yYnJPis|;hyWT}EO zHFXaZnR1S>D-&C494G74${pQf!lZMULSUfv&XPV3*^uLDIcVqhd$PzY2+Pa`pEdYy z9ZB@_Pi?|B*1IlJ5e<1uwtn1y!;2-50LHO6mfJxVVc8Rs<^n785hSR7gdep@T?6si zMZb&;)$+Q+rX}#Z4OJ^#(2LD_ij1Rf^S$I53XfOLcZG+CqxBmwx%#6`M$J| zi_uYYyMTKDs}$VO02&`u@|*Q1a_#HugNqmNVTAN~8=*NevsYPW< zqKF|pQPIj@QIkGDTBd+Gd#fhScvJxTq>Oy;oy2d7r4Cy-Ix=iXWY2tqLtg1nrup-l zD;RlR?v`MEy%wkFiTlMKYpXL$%b)dcb;-aULQk*pn`{niy4TjqCM|4?lesGJkXA25 zrn+=cm0TG8(eLm_+U?BlmKz*l3aA*5X)?H!fBlle z#f`0aKgq!&R?M3~&=i=Xu-}w` zMf&;aE*w1DAUh_T*GaD1vUkM_#CrJye{WDSa|at-3L2TUFf%}^z-mp83sJQ(Yu{^OIY3^Aw@hKj7$`VyAJYj!guWS9%&*lFSgVrf4K6iE zngS7%Nd-SO^^^X-N5-JH5EYWA++@dx;?}T{e~FJR`rXN*f~Sj(D0?CXBhfh4E>o67 zy+tkcwo8L0;$Hqp2FMZ+&+xLd=rVoMeIM_qQ1FR)sbHw=ob0zYGcJ(YMSWHtCMEep z>F$&D9+0zvPCOfhm1vAe7;vg2=xSug)?yF0hINd-sU~guw|5Wmw2CpU+Rs=|5_#t& z0`0|AltIP31{LCqP1vKNEh8(N!r&Y92SILjy7HsTR*$ly$r|Yk9JiWy8B};Xe~uY6 zgDwVx@JSu6veF&1V?xVoD6{jaQRq_ldy-9b8krG9F3o}rAa6M<;dR;WXETVhSwz-ZSn=%IE?Ltb zXv;lS1JB^r*$sGx-Q3)YXKL3DP!Wtb8{&!wWqz|Tdvft2gT5din${H*6u=AISo@`e zRZ%8;p-~zbZa7wa5@%gj#m{GC}@N@ z5(`shWopMoKC=lAT;7*{(;Uyo^WB)r-y`M9`{&U=-m6aMs;vST8eC{D&dv&e(z-B; zR;u?{66zd?Cw1UQa5XXIq2pE?aPyv|Cg>bM%Ttu3^qJ>#sLOlgu0LGidNfl@K5RN_ z1zibF@|CjzygnG>CJ38-brD$rw+QbXKG)SBfJfHhi8g9069l{nY-TGFeG(J3LAMjY z95`A(3q&-B)sZw@AFusbrnj!Ir@A!wBtM)Eb%7lPdzYDZl0Z-=4DfIRC>;_gdQM{b z3tpY6N!t3iK>(eYA$6~*7$RgTVQ@%0qgs&r6LqG>if|_XK1zJO?OPD4JkqBqpfi!l zy+|S0#5L{ZD&B?IzCKE&`166*VW&i*VlLD~Cj)UD?GKkHU62;n(?Y)`jYm#~SXiE@ zH2I_oC^1O{|EVlk3(%6aqT=NI{KJ669!!~potvzDRs2Cz+H>Rl_laUeGOylq>qvBLzHU!@-2XN*uH};l zemp)!KR+H3t~qFKawmVdot~h`hgc*H;*GBBjylm>(e_v)gevp2{vEgDcwhTFAcRSv zaGLLvbgQi5@Z^`GewU~+djr4n@n~zlt4>OO^1*)>CQ;3D`uRnYcmzK4tR6d8l3qE6GH7GvfooY~)yCmH{2LVU!( z4ZRXiOqlI7>NUf!UofX@2Q-Bwfl15>cW8R!5HP_ z#=oD$uHV)D8M(ifI)8CwN`402r<;0Qe8~39N@MY+o5y1=VEEcX*tGKNNia52BVz(C zX)+1U6U-i`p`@+FrXo>e!}AM&L&mp>pRpISM&jByiC}EbBjjGJ;7gdhXDaHQF`mF- zQpjY>Oj2kRFxr)jgO1j8baY7x31MV{-}U`Z%3$&OKkm$MfM9FX@#ifjs51jzVqJYG z^eqCdQ!n4RrKs#e$b(;l70Rjvr^)ZxC-n7}ndC20wOeYw?$7QKe?AL^+c=!fu9GH@ zi_-L{C|7d)0V*A{>Y_JU~XMXl&R)U6k4FnCjmztS+R6D8m5eW(yt-GZGxs+%)F@|WNqlw+v z>+8N`UgC-BoLnR|6%XYw@EcFL2CQQCK46D-J$v@dNc~cgoCKEB90-QxjyhRd^b9f1 zFd(X{BGkcPbq=%Rb4IRT<0I?_C6~Mpt^(PbVqbn0(R}Q8IYk~A5LDHw z-vSNN^{Qk*INXsbd3*v#HB*JO-t*F9>aMK?y7#A`!E4**)<{*p2UJc`0G{bDxdKiV z-8aD_f~CXq0)PJo$tgePDf&EfTpgIMCMOryfA~*01Ox>3+dVw5pj#-9%D$nuqkDCv zSXT-gO7ssQg|7|x4qz~o%|(@mMb7f`Zi4QScF$M;tdxqmHyTi?dT>}x+svd1@8R7u z8Ijh?_ng<7Cr3Ea5LuX@ApVy*%9Std>RYfBOEHB%hvQ zl<);R;s4=6r!6CiLFxqh54PU@`OCOfy#JG|Ci{{Ex=19}7f}5?IpzcUqsDw+w!=u8QWj#0 zjdJm27Lhnw`}xv1tyJa8FF#AHUeK}ua5=ud?La`FRbC@-t>+ESBo4J3gJ*swEyF)) z&J^3Z0IZCiX8ra%OQOfsl%tO?+><9OtG*i_a_G1@Ip;tNmYSLi0E(rirUEmDuA~yn zQA#evS#=L($Y0b8a!q2mO=IYQrXJd={>Zemk@*gde=#cz%%BFA$^;(&KUjYUV0XK_ zW%PBef^s1$Ku9D2RC{F)ZDs`pkeKO`0XfZQ5{k=Zn+6 zl8(+m_0-f9=*^9cg2KVhK2vQG3wlC=Uf8oWdR}`+xf!4+4evkoGF?;q^`)u!nSAYr zw1RFs4Y0gsFmy{x)Rg}-u`De?&BXD+L(K={&LF>rLYSno(13_l$V+Dz63j>H-Rk*u zbKrLcO-E-YKQwY+b2wcT2EaM%x$2w!vNkD@9%;gXzaLLvCm<$I5ew@%gQy83HaZFxpZS6ouLN>fc+v7Ps1?6IhQGZiGK~Ye zM<5gG`SlBuz;C|>#2{he;ghxc>pNyQ<)A7E?+i~-Fl!yHnco-pXx&SmE$^&2}eD*M!5z?0Lj`7;#8f%72vtp!+9KI$6)=;}sTwAmiTm4A73Rt{KPSexiSdT}~{_gP8 z_i++GPubu2rV32P;PtNBZH=U-fBUwvv*QYSjDU{>gEW47AJ?h9Kus4-kN-B2&`I?Z_aB^pa_eR?;D4Cv!OgwL zc14DOCc#qu&Y!;gZYo_MIl@mk*d9KmEEtRu!&Jrm~u^Qa8D8sKtME& znf{GUfBo`v`l5x-#+D+2;S2ft)e`@nX~n3!y+ZkY_*&T8^|zq>xUpp{HmjTHc;Dw5 z>BJ0v7}JtVR`BINI)xl5$&DW~%@u8O)gb{Ctz@jOlx zF+o9Q!-!+M6y8oz30do9mPJPRlXmKizXPO2Kyi zhtkyyQOSKC;8aa>SF95qY;yhsAwaq&UWd4k?5jz}tFU>?veI;b7%+rn?)tds$i^U z*#yrzfNagDiisgWp#>a03I$UQPOmrD7a5zpvOJkvYs5fa-MvhNg+hVznejyvLsKs9 zfMKf;ucg`#F>F$7N=CNn+@YEn$(l)qgECMyq%6)v8 zJE*n$X>`q5uXUMltdj*U0N5WY=z`~XszjW61hbGm%%KAlwNY_>SivZ!S&zm66>oV;4CSZh~ z*}AVqhAH|$x8W3MDgkSvLU}#hwR!qG`xC1eG8O1D{*T2%_w8VRRGf5i35r;Eg8w3eKLK*}Fr6eV#8$_hL1wp#IHVA@%2#9nENOyNjNq0$u zNOy1ceitY1bMF6he|x?7zy~jWwbop7jydKSFmGZrvu5uLCEsu2k7wtK=2C%Bm|=6F zr?-|CcXTNUs@aFIFkp;L2yt>czPX-pW;`J+Q}cdu{^N(!Q!ks{PK*`yPhZb3%)ly@ zJTLB!uwf&N+nVhnoB4Y_Ty8p1^#L%g!^0!5cQFxcp=xlxbUHTUc^emiQ3d$qmgc^w zjqYOgF0>F*zQ`{z78c3?t%pEihryCen^jfB?@F&=mMn$3tc(D)In+4(@#HFoSWKC6 z3t^G)`7?gPY*2Kxs)IvWF^lEJZxh&5hDkS_tLqW%-L9@!{d(MxZ)D2mUv<esGwU@dr>v-aP7wK7vjn23BxL2P_m~xhY>2vvCSMgcVS6@R zcdOp_pQv<@pl2O^k%_my>`(j-7h<@&?Y&kY@+d5(W$Sjy>R&=to?G zod2GcDpXK~FcJ`g@^$vx!UYsaRzP|*XAyV6ei6RLQen(ika~e3U^aek=CDOwa`w!* zP1AG2ryeV50!+jvzo`c|L{eE<83GK@-UP&eXCna6 z3q!ux1X7iB(;-6VWT%&#ok8|x0dB|_k+4$+b_qbliH?p2iKmu|O1V)RGGL(j43AGR z5YmiX&Q!ci6RP+VSS@!D+7vGI19dtY^l7z0aD7sh%XQX7a*u0YB?7Pg@~qO&pdah;RG;{js3ntxzJUt!&I+%2SlJz$- z97`gB| zGvA112?d)d&6?@E)$a0VmdqxE;@n4jS`F-+dyl6|FA$4?dlY?*_+&>K-(#0 zu*s9KxHwYQei`}aPcCBvdHMde-spRnn1w|}9UUFP*yPz!rj;)htgYMI-v{E>oNhmC zY}86n6@Sbap=xZ~NiiVk$-SRnC?eC4z1#S(Nrvx}y_-Gn8fkfX>_^8hZeno)wH1WA zckr~P#_nMnS>1zpc*qe#zl2IIA8!Dj57|G!tCfc@cT`HseD*7HFs6Zq!$tCrI1Hd% z3MubI{k}`?62jmO_0w%_kH8Vg$e3r?;yXbZ4d-g=j-^zgY2v@Jha-%yv*Xt4E!)u$GC zA7~1s2&x6-sQ_?d>^BqVTYNt*JB7WUBft44oYs2qASwJVpXIVJ?Tgr-_?yMi3aOD73Z38%)}l1vpZanE$l1^VB3>{+0w? z?(8EI!1(Qlzk2m&bJHoD2Q?d?odB~z$wkyPPw~(Y;(>v&k*#RAkl9_@BTJ|-B~B2( z4C?3ybn@;O2kBrm1=LMIU5vXn{%$UAh=O9g(w78_`JADzyK@CB7ZVhh8L((K1xm0W zt`;^kMyJ~OyS!K3b{9`wPblX-oI!b!Kj2Lor@w58-jP(h2|;@@q(XO*1aznJ*qTcp zU?QPoa8NvZvvR&@rPi;_{U>cySs73DUO#K_{kCqjKgtSmC{SAJea<$@K3S=|h`elM28jou!xJhcNu7)UcvI%8VVu6D2x^9ou4@&;v_nnP zTt<5(Oi5}KA2`MwS+emvz#%|;UsFvDj37>J!I02*2&en1rviv^c=UdL#W2Z5p?;r% zk;_l5JI;wv{g@a+L$V+%NL5-+*Z8A(1GnUDaEpCrRm zbZylG&0w&oq$TkEW@bo)DQNJr<=YVO?!BKbOH+nWDVK8SM8;-zs~U2o_z14r!^nru z$xtmfH4UUMQOWWb-tFu7F+XJ0v{+|GM({*IktiW9URm~ytTgK^I6a=sXUGf{qh=uNpkwA?Ex6hO? zT0LJ0-S~RXeckfgQW`o#d{v=ck~3$)gzY@DJ|i(q>&aDp&Egv2Jd5Rwv2BUl7aIocg~+0<*mCm8JmT8ng2RdRYkHR zVbw}Bc2;&mV?lKg`%EAeC8Zqo`c1<66soK72qw`(gk42j7Ijbmq218*bo< zcnJu+c;wtzx)aA!1$GLwvuo){6+;NVk~5Vj!omhjF;^ECU^w-+C+o{s{+;3uUVUeB z8T~B1ruJH)8J1uBkWR-gjzmZ_P)kFj-uh1fW;FnsM4W!fzZbtfZbU>{-n~Pn)o<{1 zOxQX3NV+a1&*4vsH8bHN*MyS?wQ5C|aHKEm84mlL|&e&conyKo~Lp~Jx@ z=||kB0J?D!)S}K@2JpEg&aGZU7B}DV;n8pFiFj5JZ-GI@d#+|5K#$>Wmpb4P+bIWdP!Sb3A{lcu zjNdXbWhUxWB6HP}nwzm(b*qNtse3rNU38i}2YaKFYaBRHR4=Kh@|)CpfBcYBP>7X% z490Or?E-Q1MJPsWzDJkSzf|D3Z1DR9B`}qDe*RT~%oP6Ch_IC@xgWUz_3qv5oE$Jv z0Mx*T!F&vWJ{;?Q=HfMePqSnz%s)>5x&>v*wJ+X%-aQYbM^mqsgV&oD`+HmoFbGnL z6nKhXQIfHLMjU>deHjxUPa-a>q!jsxMQp06Nr9QbuC8|7@{tLrOeG4n6e(%Z{oE$$ z1O!Jpic)yAwh^~5S6Bny!<(svri@sYVCx0u&FPUI&5iF*aZu?uaJ-&jA%BqhP@sWX zFK_o?AxCB*U;RAwiYX*SH>U;ev>v#aljiu4j}vPM@l6HgZbm6?bMtih`?{W!EF}iu z+KTE!4=t#za=5-YjfjzaPH%BvB7FqFf%kt7`2EcV=tQcgPOt3RE-BA zlA!6(a&wjx5YPd98TOW!!NiJPWdUy}cpv2zrE_DR5!{9A^J_`Mb0>AjJCTMB%+I%n zWkxc@v-nl6=pYR^ql)XP9F5oPiX`!f!yNEpz^r3qqu|@OZ`lHfA3a+jh#y3#5NQ5( zY`x1p35&>k;xfJEHS>41y{6MO4|}mO&2t=f5=sP z7#CZ7y3OI3=`leU(aD&%Up;>>>w+qvkErFCQFT7}vNaMGAu?f*59nHd^`XGvXB1L` z4d&0@`e<3|A1u8w1-07qFO>%<^zY}2nG7IE^pJDAmYGWvMXBSttu*B1LP1$3E!_o} z`#@2;wd;MNRu!>Cu7F3Rk4P0Od+)A6nd#VSo<+`hlHj-yRH93lW6meu$#VnRm=D4L z503_G94J$#=jJ${QCGb3x4;k$T>%%X|s+QwW;HaD=6XkSH~qW9dvc%aqa zqd;TkDZ!IKH7xSjgJ}Ju;dWWc44s*cC|bitgQUcF;VbE1!^5$ihY;@SyIJ*MFt>dv zg^JtV?SyhwI9p!1dg%hWLnc$Tm7o*N`MJ@ z1bZHkxfPIQ<^W~ZC)@aSmRVDCvLKY*WvzDvr0c0jE}9Cgl9O~lhV^Ab;T7LO6B*X3pD2b;4oL`~9VEnO#v!sc;ToH_2ke zr!R6~xf7tH$YrVYsqQU2adkzZe)Om?D7yjxVi1sL#Kd6nYBeBsnmaM?NiG33!Mpdl zms?RJsed_Q(fTV(k4=kEz~-vGA8ZnSaY!nk`*GK3oqf?u7|gyT6+M=d2+DW@VGI=kyFk-E#gFVUBOl-30L%W*=Xbm1 zUp+DAz{AAI%-qUrZ1e{6`CH-PKsRA%XlTkS*Q@)}?%oXN;QY-VTMIkM>&&kzOy{fy zFlceHgRL$2u@V%71GxCCZ!h}#*LOXo@ma}2{ID0wQNmLz2#Gde;(%Q1b#5C_@};l$ z10D*st?k;TDs5nP!04z77_^1}BC_>ILprwY^5%OqrKc+z5?vv3Vd5xs50k$u>3xaf z@*k3syL0L&3enKe00rAJKZPyV$_CWP6YQf6FaH9Qd~H3a;k8#a^ zuPsA@XX0PoZ!U?v2NcbGv3)NQN=nx()PkVU`}dhv$|0=!%761pBy{CbJq2#KCjyP6 z2wCeP)XaYZ%bIA)x}a%%VU0tG<&_hC#L!{gCj1b>AHj3-Dy#0AJ$Np-svqGFJ{JG! zzLgm`l3Ha|jS>;c1R^6_e#l2hVs0ki+~Kfp|2r6uG6&O$b+y>}9CgSV8^5Zp^pm=K zaq^YIzsRivjX>aRQmn?b=)M{bWPpIVK~`JE+OwIm!_}~g@|~-5s8jbRv+`wL5di_; z!DJ2SjVTSTTCUnN&8Zgxu3DCdqWgy?(^aaB>CXMj8}JuBD{47Ry3B2f+$`3Az`hWSX%us#R(q61fk&dlX;vAe+Y7Mu#WNN@K#H za&awPOnqhpl~(^|neDwZV{AEry^FLjL+&HQsuOsYkdP3-aROq82GW}n#_oSE8w8+L z0h!YYkXz)b1qBB?J^Z9>-*7W+4`PAh{z8M-X+ATHsfjmSEwGpc{J-8_48R(i0Uizo z(7a1EuNR2jnh67gt#(#jeSH(*Yk33Z^hKqKKH;~Yv~hGqnb+)cf`sf zTsQ5MltV49q%N1e9aPK-P4U<{D|3{p^QA4(tHT!s>M!A|-olizQsTvn_j0G-XFPt+R3K(+N4`njySZCva5jU=`WjtTobMB7y=;;;@J>R|5iPqrf9*OBjL+~q-at#m-~fy*cp3~^n-aI9I8P$EF;`56C& zwRK^=_D=x0|6X2p*o!kv^sXYl!|O4g=Q^~AE~(YQj~DVn)|k%LhoeEIbPyJ?0nXL$ zU0pxck3iGU%gf8eU@9`Z)fuj-sVBm+LR<_bdxbV7^1@eatOqfz3l7zerdDn>?y#q| zZfqWtg-00~)g>(ph(5NuPhlP(t&eiY+5#f`l$&;($Sbu!yodZUE=I<@)BP5O76;X8 z1B!Nk>3HZ7E;T=yw6~uvuj=pBBILEOnH@K2sl48s$+#E>ECUT!) zqWaPJw{Au&auGXC_RiU@{#KTh$@H{T4v}-KU2HG1ndTu>O{gcTa4uqW2h)XZ0chaa z(*)e^i&`=TVfo7kO%!<4FV_H$S11q-X==IwO)HZ9%Ytz5utM&yGa+uRrm#6ih=M{1~FF=|$RX(tQZVF2Mz`SCa$*i}9%D2gyg$ zKrx&{cKj$TgQzF7g#>zO&6J{t6)V!pyIG;~bYT$@XzT#FEjAu*_;X8#+9k@uyU*}N zxfk|Oo1rlGt9ln)^u|~gtNEM=kf??{peJH8U?#xiwf*^fbrtB(JS;XDCnX10RQ1`g zv#~1EfV9iiO1-}#EbVGJOI1r12elutarDQz{Kx;GS9|*m;aL-fQT3uaT zS!sVwa>b3BeMu#y>^&xV)WUOfh4D(B(y)Opu6MctQ{=7xHlSk2RPe!#?4o5-wvu2) z&mec+;pu&HJavtf&gqh9D+z+4BFUms8lL-kj2P1D37KeHaJ4g^uCdXB^`&)w#$Tq? zxV{ow@P76zL}df|yfggQA`XERx5ul;2+nr!xXlB|eMd(IYF?L10kabZmb_t4S0#qY zH~^MGPeunVkfa%<_~lhfPulnb=91&fQ2XZh=h$owh{bCi!ILl-o?R;PitAEeaAtgt zj(&pQ3z(0!pQO^VTW>3pKb}j3#1x#`;A~xgHnT~}`6Db8oNfDv2~C&gY>@T<=ZL8p z=1(}&3v0?$1JNy(_wD1uXHecy{!+IowfT0RLe!&<+s|(D3%uI?eN+R^Ha#6(5H3Ce z!Q&{|+E1v%P2d9}vKYVz6u%*^f;nv{_`)2vn|)-ycb54SRdTs|h~<4x;5;}pyS8+p zm0QnK6z)}gQMNVf@_lcfg_(uBMVN(!g^!Q#>C?Xce(Q;R^$N3rX9~%)Jwt<^(l~P_ z4510=D1=Ng{Sz*upB`El9vAE$np9e$K`t*7QxQlEQh5)OkD^*|uDgsr;u)KC^jWes z`E7%&WfM?IPfLh?U`E?MdDzSE$b7Bk;8Awx#L~x)O2X!sqdjpFn#C)Hb zX<}etASd?&NM?jniKa9+oXl4mX1kQ{eR)nhre|Gz*;$jeu-9DHkXf}lKjRjTuWur? z?L7Y11}q90hbnUpf-frEk8G$@_e|tTXQlenMHXE$dAJg^g3p%J2`r+@1ekiXD84^B zF5C7{9Hi5>oAY+RBb3Pbysj-sG;TzHhb6b zUv&rBp&6{}>u-cNswE5aZap@ZjtfmomqVH9T(R9pZ3n@UD@N9^QGa?4xS5T(Z&9Hz zWu0J4Lyy-({o0v+?tydlv0lW-YEY)mX)onlvPtmR#X9fg0)?QYPW@VY{|P>B_9ME8 zD|60E-6trInufRU?^%DB*2pxLIJIP>q;%PUs!wkV7owdGMhp)torxK=r68b`i)X2n;pN=zT3l1k zx$6d>q<&{EGT;X-qN{ixGRn$^U`ifQ;4X=?HAdYc)ya8Nz@{|~2nYC9o zHZ+x#TCI~$mo0BUd>V)z1QLJeC8T5>W`o~HGR^17f^j;!vOf{E&MvK`8-asVj}-?U zed#Ty#4eC{hYkIfE7^ZhOXupctFc_!>w zRrh;Tp3?egOM}GW>rk#o|4v`H2MPQ7LK*~+WZi2yST%u6hGGC(cU_&nR^^8%B;Z&1 z#>(nm>);?OBV$Mu$9A;a_1RTx>%P7|DEf@`^d`~n5{Y>CY!Q-k8KWS{I#=4hHT@^K zQP9H*`}i2b!AZL@)WU~PNqOH0pyEL|#Y&8<>-sw0j%6D>ieiDlvKBGrA~BWFGAQVJ ztyP!tGx88{1(ASe;jShP|yFv?;pIxYKj$}W= z)t;W6nQ1Z`X>W`kIuX(i1)obNUUc;BtYXdjgn|Qnc$WB^$L|6V!h=R| z&4;T`Q6~gM0Ku2pY!7>gj|D8RO8~5Zw>mdBBWKzCR+6at?CfFv$+gk$-g^yQ5d#Nh z<*6B)uAp#ln1tGBU2Y1gL_6I%yLhWw=J4%KWkGNrfrv-DgF0C?8>Wz-*y-|n*uTxp zVS?8~5c%<=N68>Hi%<}NTA2s%Y#G=)acKJUBdVQB@@HSlqQj5VG@HMxz%}1T1;2Zi zz$`3G*$QfNt5Ba;QXVN1LjnP5Gi zoo$~p2&G((6nLEc9s$#BIldbhgznom$~H|u&?)CUU!N(IQuiulPu;+E_FblJR+S65xb z;>|iSU3XD1fJk`5?kw%?`R*p#>QcDZ_GT&wxZ?UP{=5b^cCoQu;4ACI&sRgdO_ytmu?@a)V$4SNtwE8H&-yV2Zr{ zc+U%U+V=5>JQRy7%Xd5#v1ImN+nCGUEarbJ(RHI``XR(zIJ7g<)o3e)Dku~c<$qxB zeZ$RZBHY`Kd7*>ku4JJW{?LX!<{=KC>w9WtQ~_kW`uLj9-RP> zueXCntUdxD{nKqrL53-y9cqWmexoWA_9Cw0b|ElKWaQu(H}tn%OSHy3EQuV5=cSurr%)<)_-}rLcd=cNHJ%Y#=Z5KOYD3>C;19 z=k*^+b2T-bFvjFhBnhZ=|4+8~(e7g61wf>Li6W4p0zRRDR@(xkpVF1kmwtpikZHNd zka&UNhc7O_=xNo?yBJ?--u60I$Jp{nlZCi$(4JLdMmza5sBF=0A}iat2e;>qR#W}2 zphYq@rWh?|xP}lts7*gGGQFl&9|a9-VOBL zVZk`Rg*Yghf~&Y^U=anNBnlcrHq@)$DQWV0rCa6cHAMNM`;$CcZUq<$0infiwlW0w z84x9?>WfR$D$DpgtyK?+9$U+0unl`|717qa$Yi(_7NfO^T0-y*z4ev$P%=g1;a$vo zc=+#fbAt@+fYz*vii)0IVKHjQQvlw>0Y3pWG&t=R8uJ5AiwMTy>C`t^x#4!_fp&)n zNKN!Xndha|bV&$@S`?*$NbRNm_;}zO9;#DKLG%Dj2~fErk9UI^;+&vB_gpoqY8xw7 zf+HwMSK?D(>QDcbS!0>3TE1fH{3=%KN!Z*hEBB5E=QS9(b4I{#!0J^@bKPE z)T3K{3~72Qz9`}==rhlcj$+Ukd&qQ2%cQQYGaF|!D_>f}ON?34_hv&+&+O(*cU2B< zq&2f~B}*Lwd|*(uls-Aq1y8;c_gBueKV{O>cR2W}(Mx3z>jxwx&3O6dJO6?j{H{KW zln$E*TJjUroDWb;-f&mMYTUo+E^5)r*mnrc{}g_%ewDHJxfj7HeR674Qjb+rn~$s| z6%jfdQDV5bu}Qk|%axWtabVcl)e&g%HF*_mKQD1}N;+QfqKQIpCAVt?42c03XMXm^ z9VZ_G$&s)VWU|oQ%7+ju=-GB0gkZB@wZ$3aV4L;Qs zzV)zKA_xlz6+-u$&VkGek6C{_fDdA0VjLbic1*|rS03)@uk)Wir*l&le5=Ftp3zON zSM#e>L2YZ%Hrg^JnArv|?P6#n|E^_QBeKi+a;lA2#)mplMqj2{$E@Lzj#ci{G|ALd z9|Fyih2a~%ql|Yx#2bwjEKh1``Sw?!Ij8I8ckgs^cP(hnY)eP*@07yC#T;CX&ClFM zo+oqWKg{MB%}#Fm)@P$%44Y(W4ooVrkL@(8NcwHF^c zNuGZ$dRf@1!|{EtbeCVNg)lEKo)3?SkcO5!=BfY(=U5~`o`{MH#|Sj`<-@hBR1Rjj zIs{S(ZqiCbi{5AH*Z7MSD6CEKu~u8porZHf{j{Mj(rK#9fAF|#vG7$-Nz6nyZQO<% zu}8`38SPh#D7mcM>dg7kE@?Ftm5l4d9ja>BkWbsEx`l`Rf#PG;O$$3y3)733owV{z zCANDZHyv-`yi~3hjMg)ZMgy>#@SE_){N7(sx?jIa>KYzom4l3}gZ=8X<7b^x9xhqv z6=kIUzl-czmQxwEd>=f#k(=w6gK4}E(2wL_rD&9-y8V*(NfJasZUay%2%R8U0dJMN zSR_C=@Gfn4VN(Fwqd1dk_O2hz*Qp#XKrs zt&QbBn=uFIk%58zU}!HpT(`yd2FQTW%f~BeXz+j&AE5LH_L_`ZsjwmdLRe}2;n2mb zFU}-oM2(5Lv>nExdqNQye3|BXf{S0&ftk%~=>@sq8Mzcf=g>1)cz85;A zmWL7BjSCJ5Qd<|Qi;ph^v*CPsBDu?Y{dSsU63#tJF#|N+dFX|1@~#x~D=VMUHF-5` z`u-dlIlL^=z5MC@fMB2fw0R3GSqHJUzC@IxckjBZSWVR^ScJHO{?l$;=a2L}M_v?g zwRRgyb=cc;gI>PR97fNBMh6!+1BJg3N#w5}m)UTck7#{%<_e!AdO;($B>i(ua`0lw z@i{5SJIMEm7(t(W1YZ)b-Q9y;`ZRXpL^0ciMn+t8AVRFhWV(re7t!TaX@Q>HQY(-C zNYZn64o_o+w`P5c&mggEVd%%3gIKgG#YYxt0{74gn+xC_(ff-QGp@6CS9VUXQ5J~3|-p=!SQ zNJhKRSYqolZ}`l7qUxEr>}8sjH;d>wqFj^1J7HA9TyI*zQ+c|(L%=8@Pz2FnijjYBNv#2Z5n!KEAH7F?Kp$fF zHy2=9x|&0{))#<`*UQ0F5EL{tPJ+1f_KprDKtV2d!;n4_iF#iI7=BhnEd2tP@{7?~ z?x(dy?=c?xWZyXJ8ti__hef>kpY=5e{p`4k>qSjz*t=$9qiUn@(8YU}9%s!qUfU2RI2O4!@o*H@Uf zgG~0Ozu!FJ>_63xc1Ou%;sSW+m$I@DAjCK%sTcIQZyorfqeXuH+`gbr(u=4c5>8Ds zRC-)gxb1H1x~1rJce;M?s_5Hn9DESb)3Lu`Ibt!X{iIiCR%WS=sn5?SzOClxyMHn) z9v?4EL_k_YPUfXWZG3z%8y$T;0k>|3#(fXyJ$rVYc4g-L-zg&ASTNS=6T!f z{Jo-T-^P`UjN*#9kJ#jw7s0vToRkGPg92aey$`o~zB zgT}7Z{wvCQOe`#UMMWw>cYC1tn3lE(!s43a^Ht4}&v;<>R1;aD;(CYKIkk%V2p=lD4^i-Wk>(Nb~So;kp9sGRR>vh}dSqHl&Qc!2+UYn{_fL&pDx_s>{!{2jn8vHuCV9|4ZY zl2Q=pQG|T9!}S1t_ur#-S7TPhc!OO7VLF?e|*ZJAbB}6bLjM| z@@kvyf&W+WEG7rXL<&On%y`ZMg*0IyU?T&RO|^7&LFsK$>F}VeJ7T2xA!KcX{1ilJ zy*2)hIxN$-4wK}b@X{<5EV94?&E@T|Z;wGCB5w`U6M$1MKv@?Bv&B-A_k-%pM_{W+;S-DjnWFQDE=V*%t8e2^0c`h62UY)tJ=t)IMV8$AMz= z9l{h4WHJ(Cv(pfVZ!ngkKYl#EM}!;m!({L0b7i>B8R{hYT#}%3CzvKt0N|4Mr=hv@ zc~rgWh#SvjVJEszlv3N1va){R*wOwN@5MtT#nHi;kKK~U4TcKg2a>w zCVq0=z#?#7LQFk8aq$ zLS!WNd`kycqh+F?%;jl+e`KVe?R(%qa@y!{H}#J$amiQUsi*+1XMjXz_8+Tr)=?bt@1Y^Knz|?3@Kps_%-O` z=@b%505_CkiLox?JOY1z1_r+pwrcCwypL^KWP(U6IUO8({=%{Zo zn;iX-j;K8)et9C0T4kp&Y{ZL3?&LJ5;B#kVA5k!Rv4{a)wthtqf=?S+OMSP~YNi}a zXpEni=W8#0K%ej0*r3DFFPjA|spuAUy(Ro0_9tJK(M$HZcL3YwLCvM1ygb&U#|#Xz zG*R~WetT*bFQpaaw(74&JLqf9?yh;SBYOScUQw{s8qU7$s?MC+UsRmCF6&(|LUcmy zFKrGn+~$=oKW(SUuY$&TL{4I#PaSNx2C!;2wJ0L6qAPO=*BV|0iun;Zz&`=VLNFCfkA3TMFsIoucR3z`*peWOyKdm zB@!Yibj?s~(3F0Cs42+j#M6+O^Hw+0hZyV+NMbLH?PD!U>7XSWwxvB$ZItcNaER>V z&<`Ijc54-9-{R%&zOz`OIPiws;1yg02rbW#+}ySOPMv+_K&u8~cgNqy$?%8R znwMFl#OGKLBMTE+CPv1Qn~Oy`s3B}Q?wsCQ_q&gk90*TIzdj>K-(q|XvSdqC-$jN0 zN=o$dC%*`(Nx6uC9-q8x?I5oz`IA_cIL(o%K~j*;)*-@q;orJF0o zZWHcB77K^6Q9$!JUuFA}Yn=VpA{VrdV)yK@9i$zQju{d=ulibd%0XuGVx{Ns-O3TkbIACMf z;u|qKc1oW9XX?|Rw#dcn@tcX8y9y)?5P(HZmKc`YgwRUk`k9xV2a&f#FQQ5gf3ECj zXqs!_Mfy;}#sQBw2Qufk>I324`kI=WfUix(bL4^z56}4nPY^scsy^{}eWXHF0PqB& zZ70}rN!n@kmhfTs&W5Qap(Ej)#Wdl>xg3a;vU=jkqIaEqb&lKqe3PeoZ0s}Pizbt9 z*Yh3HjXmGlwd8Px7cY8&T)}vn3NXg;y{epq_v*OU z9@kWty@}2owdLnZy5^7nE^6fbx5kJ4HHSj33vt3*mOzK6Q z0!-6SiizJCo*rMEw^Yp>=%)P%F~4@quPgm58h@U+D>GNkHR0mR9}*s(!eJr}^zH$) zeZDi3=`m)mM$q2Av=M9w<<{}z?~}5PlY9HVwx55=dP~}F)%v375g1OqWg!T-HoEPn zjA7YFq(z830xuyhMQ18GTS`mMcwKJ0t<=;!1sv_r2Ywj{c&`0+IOK~Ki#nWp} z3_9%@mR1IrY4d(a5IHJABm4g3@86FyXs)5KOvFm3CypZxk497PYPyoSfYqePc{gEh zvgJOi?cgo7fSI}Q=Gnp?tY{Am-Ij>dFj~3kJH8eki3-EY)O`xi~Z zIQgjx*#9o8mMaO-b{fpM)A8}_!aKlH)G0kZ!P)%!On7qgU7SeNe|VvqA~dNW9z+%u zu|R;PJs1llGn_9AfP5c{h#szV+{7;{rG{uXC4&Bm=rEvZ(V8ZsWERT+T+=$a51Wh& zy%oUW;ZAjAHABD@zEa%u((GjE6TkBpnH zk$F9UGXqdc2Kf{#GxN#uF%Soc)nhHWVj7}{TB&(qh{>{@)CUNVmqkUpe|(Ob3{dOj zWacPY>2NaBz&?;ADwEkKBOFrTM=wtWGSg|e)D0{6QWfEHS?E}jVo2UTK$aWwfm$cx z^bgYfR{Wq@6927m8&7)`h^Xj~#Kgq#L%yTOfjl^a%iLfHK}Ng_?n}ajCv4Se=Iwjr zOzGt<_1gNCB{4M@Ys%1c_(7a_J;BRxs+f^f1S3HxaEm~SH*US_5t_je%E*OS<>tRv zs2y(R5Jqf>W=Icx`&Y{t1EaLeWBnx{ykSU23CpG_tiH2+sz|1~QF9_Ne0Ff3x~ zH?w^J=*(4_kFc^0X;UllJvViHsP?Kr(_~vCKHn2H>ng66^d>`|rK~868;_Bwy;!n=;fkV#Ouk7fS z3zosL2m6g?KN1&_!SDm!96rT2tZg)qzYm+p)28sU)btuD{1;=Yl#&XPxd#1rmb;@b zMLw%(tddLM6#a_^m*+JPjwz0I!NqstpKv{JYbfB>u)&uU3ojo6R7Dd-AHcgL|Idl? zc^zWNE)LIGxa0u($3OxD)TC-U+E;DOIL$(cqLAS?ox_AS{d4vY@uZXqj=>F@4{I-7 zjccFHjE_45X%!I!tfHuB7sxq){+H9qZ{^JQ-+)1z*?&k;&kLo_d8_{o@iFVa)1FbR zXv%23zbI&JW#;AFKC*d}=>*>V zUu^2)h5PM1)yFM9*JnV$01U+v6BEa>wtZc@?!A+VW+wQ)lT4dA#$FizG^wH6=T#^Qe6cLcGa!S4Ua_-K8o$!Wd&9Pbv!fSO)|xad;)GoET5GM$yT1xv+pSn^nxXn z2}}h6FWNA!)Ms;3vm8^-^!ZyJv{T$BN5RvT1RtlLj*2ODy5|z9tkLa3^E0F_3h!Ht zGltHvu}{qfI}bL&oCi;I3(ysQr(I!|_3ayA696wWlU6^ZAl|UC60iXup>Mu7aI**c zYtPvAgg^x@N%JUBHfuD?=e5bE}`1X+7`NihzEQ<0r1-G?ATNqm)LE7jq^esh5XO4wo3VjE|3F zJfLGAWmed?WF!0Mz|vwi=ouv_t=};;H)jw@`ZzLA37CjZ;Q|P&$gguB*AYx}mF)a2 z#U(n;BHXgI(5~+YVQ)6(`0K83{Fz?<+#n$KkB&YA?%4-s4nd&Qwq^*r>M+FIRADxC z{Hd9DEMn&Mg!tdnGHtI(#oWA<2&B?`H=ur-x?#=kH#_C)IX|{9jQ<~yhO{_g2zi_1 zQa8zeUEMw;H;&YY%IP;Ft#=jHpjj5J`-?liR8M(x@I_^EY6PGVqyzu{IMx=_o zrDcH6{+Vw0rvpCxEhQ^8573O<#l-x1-s;y&GBcx#YLu8!2VKe2kBKcQ!nDa27Z<5S z#l?{WOzP|Fk@>tY*aJ++KHYwm(EQQ0Gz7QLfGg2-WbY!`i8)cX5!kmhxUaFdB_Gp0 z3JE_Xg~H>2>kII}w6oja*ytXQ56Wy10%vD_CZO0%3BL6wO@I}NU7IGY*F(8=Zqv*fwmD39n>nfMEhqV zx3xO>=2%@=?O%i4NkU}JWXyOFKtGq>k5M(7{aNCp@-#CqDUXNE9@CTkXTJk8$F3DO z_-Q~cLz#YQI5y&K=C7RyD@u3So(#VK5HMBds;o3Y19_^X1#lO_z?rBUR)vh-+*$Ly z=e51o-T#IdI%GIe=63;{l%-8Oh_LPQ-9g}Jdfkg^g^xK+w0x~?vinuKSCUXw>G)g3 z_C_jv%=GmBC?7W%!#lfu01)d2laZJvf_h|8&?2@r6I1=(k2zy4&CEKJpdpmk*NPp7);{DLx~)-h3AGSGMOr)@yib8xh&@ z=#Q8F#Vni;vHc6NInF_Auy202wY>KGA#X6t2iVtwERQ*{uvkTc-9=xeo7ei@9^EI) zLJw_<3auXsb$|ak&Mr$kx%SpS956Oh)Iyhx`pV0-h>0bVI!Sww?pJUm`So`QBDeR% z%dbQK8H4CbBSRDY<3Tqw@Bo|b>HqC$LL!L?cN+LMQfwH30=ow>LZGPRNsdE#p2ZL{ zxeZ{Gdsf9AZ(v&zb$=K-^bn|Q@Vj?i*0QW=<(~&r)IVbb(DA%_R6V*6af<;!V_$@Y#efs`*575o>%_eNxgqu| z7ozE&=$2a+XQnnqg*fi$y{5gTL1}9)Z?3iF)w2|F`zP z%g4_z+~V>yZEmU3k(U3;Kt*MyBlzy8vB%)4o?m(`LAXE!ZPun(mBcOT_WWZA2Kb5s z&tv?MKwO#_xl_u(=yK?v*MOtTkkr;^lmp0(>nyGGdaVYa$VYNd9tAR}64xd1D+m;(l)M2{gU-b7Axtipf6;o>KVs%Yr139MT`y4r=+%x;pUlkmT9g zPV#eTSC??JuYT4zeepkBIrmZu1|}LXq6UV_@V2MwokO&=aQ%QU;if6(dt;y*1K19J zadDcit~}dOO>2rUG4>RBUhmx7$+Mo`-jV&2|IFsa1fgX2#40?IpDHFB0oq@Roe<(9(EtvHKq?DPary54!e3IM4GEztlIWl`qD(EeE%9$ z%;2u=}cK;#QM{Q*! zMa4I7jNsmq&wf7dpI-1Kmx-X^Co5Fol*=OFLI+IdDdHC|%tyovZfQioci?kmB*dsa z5M!>|hLe-ighLL}iq${;js<>zKy4v;HuzO60L%dlB|irf4w>6^&k_njO{tQ{1%ws& zgrL#;^w84%fZ+0Ag=z(iHVo%BF#GU@(j4AROSbpILwRI%dx|P6OGxgeS8`N(eqrI& zXYC}OExpoLExtv1`l#)RR{Ue5OY5jv_-_YW=aMG&{iGtOGW7)@JwtCDj)TSh-4;7X zGVNWY5!k*>W6?R^e)F|0 zD4@l~#R2!Pc%utAg$D*+TwDN(jPyR_|Lf~3prTsecSjHlDJcU46iE>YX&exc?vxsl zmhNUmR3u~&X`~L)-ObQFba$t8!^HhO=Xd`1ckjCE?!{Vr%^GIUx4%96+t2&H&-*;i zmD4LRmPmyh4Xyf_?QNgb(*XiFK;suF$EptkqVn|I_Kvsbw+O{l4Y5aU-=w2Cp>m2o z5s8K;>jQPaetF5tLKJ#XdV<0g8)F6FL~KMwTce`ftEdII@1&&2$m3rk(sWX0&$rgv zcY5bQ7S;JLTdK9CC2|Uii0|LI-Zp#y868yIi{J#AE6GHYPg|PoKlQavvsb?RYZqoN zA=hx%W-TC`1$nj|+_5YJQ5VgyJ(*Jg>Z%k{8{a?^9T{dPkZ-7kuMT$VQ6Q0;NWj;$ zyc_o-21;jU27FjUiI9^&m9X~LcEVcaOvb>6l z&rlxAvv$$d5}F}Y-twAb(0bb{eYP&|eeV-JyUqsJ*V#VYzZsBRCO8Nz z@lUUUSg!Cz$qdvC%CV~eu(rSj8X+B1$NVBakUhtzdQ4EU$6QtQ2BCivoi8Rba$jAY z%jAX$cdp?#(D+wmR8m|FVvlFA`lnREKv3;$L>qQoL*M0E=)HHEC6E`OBgpOsh> zSk<(-Y^OwATdSf1U<@fOYHyyBk`mYi&y`w|Gnkz1EdV-AaY>2s+5HB(vt~lW^ye6I zxKLA3o3^IP%@T(ojXQ0*2>)>A#_zf}A3HzTKi?gh6X__q+s2&#rY?T?` z3K(p_$ou0&&h3T|Z?EpQ?R?g`8&J6k^ZX=@oR98|$z5>9tipk59pq0f|2z6`Y_FR8 z7ijWs5jZtz#FKp8l)CVY{9i6W>q@KPTdXp93IDm3Oc}Mo%Ia$91O6S5Jbsn3H>3>3 ztj5~`N6a5fkH_xynz9H7m&~5k^z;Rs_0#Ui7ilzCNr%#S0Dct^4}+geO$mJj=7As= z%J^v-35OvQk<^FJPVDB8y`29H#Ci$4L2PRB;sP(e)OsQv2CWDSW6&!Pk(0ftAa}pg z(e!j6HLu1+T?CF@KUjG%Fpy#1b2cz_8QstTee`IDMu^dCuOa42$=Kmo*n7@uM|*pq zTiODwFA4A(fiKG+w@HwTWoi%jw+K4l3T1dl<^{Pfr}EdizGx!uUkV@u6Apz0D?P0~ zUe?-P`oB^js&QzLqAK!RT7zrYygm!GctbWB_ScYtQNeE>b+9nFfcy$r&_vz$0Ef;K zs9L1P%3I5;ZeGpsUfyl4=eqkNc-nAXGh~tUlO%&&b0BzpYy($!AO-fv_hhAPdU_gY z5RuTmM9+HdZjfz$ljird1wC2ZW{z{6BZ#3t0hwx>_#t$bt5^9~8%W$$#xa>$9-KB@ z33*8Lij+EF{w2*u%Ez!Z)N%OrJHb#ojI^tSltnx=N~%hes3AnBky1B=9d;H|QEW zMVCo2P{NQ+8w3uWAd{4Ur={oNxU?5;i1K=R&v>FoSpvA1+S!25%rx%`sU82Hq#BI)*EE>RL94NNsT7d?qN?`(Zr9~4T&UL?sZ#o7=WPpY!;L#=l z=$oa^j4C(+U*xtk4HDzb%89u?VVWoUb37**MVfG4>Ud~0G^0i|b5-$tzNI2KY8!n# zxSb)Fqx8`38_v76=|leg=+Rl-*$U|kymN&3MP5YZ>% z4w0*&S#RdAZ3rp$oGtGjZH!k_=IJdp5jbzPHGJsd{`H3D%7h;+m=t+c-OHTq{%0f} zankD}Ib(ooSYTK;nWN2#60ZgZDmpsLYinEJW@Yc%I=zn6h7L}o1ECd(x^2%buKQ9& z%YYEQy1Lp{rPZjs1f%n+wrg>NDIYmdQ0s@l4m#1Py|~l%1y+O2IVQ`uSZ2jwTz&E` zFP!;%z3NuLD%|^3rWvQmPe@DaXA!vVFZQnPu7~OAW|C3~aeOwo20u`s)x>RkVUAOm z+6)Y9Tv4^qD~oIGJ(Su7O#ieg@$k?;_)lhF_C6G_vVm4kf>IyTghU4^>F`-!xDKCt zKB((`0PG?Q-#6~=0v|w|TLNBAxFeK+EEAJtAGn99+fAxNLW`*z$&qut+CBW{n&M@@}6}wt_|(uJr5+ugJaKVJ}o|4{Q%V0ItFzTXY)wr z*E?*FKao0a6PgcP23IH@_|zeQ3|^vf1CQI zYgv$%LmH>iHEff1|23$cMMRUkx#5MKA6DHI^Thd{^g(g;?)%?QXLIDPddY@g;m+y% zGDpqXi#=Z(oYt>v$89h_qPXMt;rA@+?Xb1rf7f^z6M8ktM)-S_4zp5m{;1CsuI7}3AJ5O&8Ma#uDTiGgKwn{XN3YZEd`F_2U^#~TE=f`L1^REW z^W(qAP>P1Nzfbt_^;~a;)~Px&}Z#Vfg+=c63JSLz{yz`2U8;K35>icpT z*Or@KzrXdMWYQ(+x93>Ti^XcspItDC$(Xm1+P>NAVw0?wq&(vI#L>n1F!u zJwZn?$(EV`61e@vQ5Y&-_$sQy8~a5j*`9sQ%?gJ-B&2?LpKCF>V7IEu$!=%znDMcH zriLzYVq8!ld5RhXceuYA-1EkN@vs(zcWZg9MxR#c=dV=Z-AI48DW(4#fz->%O7;w0 zi&Gv>Cy@D{lD$$ldCoLv6;6FsIS%Gjakhit_nr2!;ZNC8W61|-s1OL+XDBC~9RJxw zeRPMIJTU;#q)4Ei^aIjc`;P#U$VuXZwOP8sFTIG{>lSRhHn`C)TRorkU$YucD^pIp2v?qZu@>WU;3;Pmx_&;DBlQZM|S?*}megW!c zw<+vq8^9o;tD_e!>gmkM%6hz2fa5po!Sc@vfc}+>in*5pE^^QEK=N0K7!QyBhfxs{V{JB#xK^1mbAJWm?^IC@a;H0*i)qgrUJLgU=|LVoNPITWHedh3mbEw+IN+feaorjZ?ByX~G zz|&zC6ci1eoW0+uH|DBm@NMF{QK(4g?TbYcQkU(?ED`>S%#-uKM)P2{UqML5{zH!P z81W_{eShozAtlEgQM}5zM9)pZ#NP

3tZ3Auj_Lo32Tur%~q}8o`etwY;( zHxrS@FYjb;wbC=!-;1OzCd78Twe5Y*ogYhYBU{>bjKLztD{_1#vl<>^;#K< zB1wBNb&1qKzfL6c-S-DV(!mA&O zy-puC(m-fvXygzxta!Tk9}apGF4KvL^U4Tw>$!4xOuWUGd0e`z@Qp)1A<3LdVI8=t z_g)WMN%NVLSs%*&qn6WI<)r^b_1`wUzdT{;C+n&^oj;<-@XYz@0S;V!SJTLL#7t)iu!H{+dEq09aNRJ>@iz@5vyT(biAe%Zz<}RrZ zFM_B zF(V`VzM{tUjs~x8RF$|UOU>0k36*(lJ`CS`!KRNhVIj81qz@5E)JRaABBYh>FHVo@Kjrhvn`%Hj zBA&~4KYy{3kd%Hd;I_NHB5XapsEM1K^=W_Mfp&o4zA(}Y-)5kXBw~AZHJdUgbN-b> ziVLOwTd66vsp`COAkDF(dG!?iCNgMBNH>C*%ppZbOeMQgMNCY#>G1M#a>!M@dyZP#5Oex7jYlm%nSrF_fpc*V+yAyC%}1h@Az2L=Le&w??#6yPtrr; zivk{m(gT6t2Qd+Fv&w9vSk1bw>AT~;Qt?n*4qHSS9b3Q|38TuHkDn>?nkbwTmTo(f znfW#9Szi6TcF`$Ql$5wxdSWDHM*c&|Ty^q`tHa{1uI0hO@|J112eJn3=tP>hL3VGL zR{dAw>Dr~Q1Xl37Cd{W8RHUle6KUp{+jALn3-L43kE`#q7V3wQEkeVR$;|y$V$rDH zbfp9q{^&MD#`w4pcejV#yEh`r@|RAlJ+@Y3qlP!$CB*eJClhBAVY8-U=st*$;`~g$ zaT7l6TedS|aM^e@mj4|=k{}{Gd3+8ns|Q0RQ`d5Bn9>XG#<-7Ur|;|x7Bh@y-Solx zmVYpxBzz${jN?bN=GSLH|2~iYN?_9pgheVr9nYwodRF@@E}1VIFu?YfcZ*GV zeS|hP2PaB~lZA)6vabxaC>I!t0{@tJ>rp!R?>g%@WquMZLN8L3lO2Gq)7HjFs7qX3H8zWg2FI7JaGBFy)BxrrSWDp#>K?*AMRU1 zZQ|y76Hs2KQ858zfzPB~8(v^9xl>ejZYAX(8wFZE&=vCKeYZamASrpIT}hOK8-{I&Eh~cv=wNH`t!L;79wE2TO8xr+ zD(PsLw>U82tP*T(?=BljQWKStaW6TPH~r0|_!NpRRMgQyjE^@Uaki%`(Lq^=)>V6f zYNltH`kMzVa&pxiTdev9c7VEJ;Wq0qpjCaS2=cIP`Y!)^wH&@eJSJ?7a zqxnx-U~A>K!>i2iiZ9GKaRu3d zhzw9S4wfn^>YCY9ewcQCj#Q3qT6H|Huct~(1b-sb(Q#8R*|jd@V7|Ad_YTh4OG1q+ z+Lh+VeB>ryxsATsmslcRs6p;zPE+AQK3s^QuOHJV66_2I`l7$%;Zc-O>6~=Vbw{(Z zeC_J8*iehKJ=TV`A|ATvRrGc=ibqCH2K<(f8Hlrb``&EN%>H}#O1K!kdwf=DX+)*n zH9CVe{VLjt#4bb88mG+~b%K;j@{IB^V%H%DOzJG`VM3l3*v`)hyc zfm06j&7Qu#1`V2wOm8lvuOgQMP4>Mmfi?|yxjXgg=;(HFLFpkc8JXn^E-SL<9)&X~ z7{Zhk0}a_c$kl&rVC0o~38}R7#myeTL~ZpJA%DAzLQ9 z!N&(qdiHHCtQj8Q_hv>4ly+Lv6-|s(u{xc8Z{Hkz^lN0Mjbak*m7kk}Ue@>~(e@N@ z&_W=*wBYDzg@wuM>zjdHH?MNG*~)DRI(3p>mkbEcgQKiZV?*^wR%7DdJiSor*tgCb?2jYvv;Xy&+ zHF489+H@1uHSs}+@rMt$KaJ(5$th=C=X&h3YJQ3lUi=JoPl80Bx@C&fzu%4$Z-U^`8_q*lNBr#8>K!wrE)_A<0Q|BI2MCB8Ht!`FCZM z#>BshsHjS^9lF^r&mP^bAG_0XV)#98F*?N>?~19}pdC`xnHTj_wmINO{DX~+0Y7{- zWy{&0N=fM+hs*gjg@s|DLx7!_$V0>x&<~D|dJ?vjD^b(DsG8XPsHjk>_#N8Z?vhGn zLz?L>v0$rN(;bpjLz^jA!=3UgVg|F`QN@+lsFY^K*~yclp+6{BI`5YrMt*WqTNSz& zBC6_@cp;0h?z=V3o-3fCQ54CVs$d}ie)#-j6S8=I^f<$&`@226_^;eVbHWYnaed!J zov4W8O4$o0J<=b)3W(YXJ}=v|37?-%-xl;`5HHVuU$c1gs`DB#t?=s{t%2dJ;S3T% z!S9I=1%<#3qZlVCAJvb=M8wJ6mN+?SF_ULm9#Y2>C#lE@ae=pY#G-jh#7jgY0Rb`26 z90)P`h%h~~Vhy5Qz7{w=K2?14!g^fg(IrzyDhum|>xgrraRH~a7llD}gf2#;4$F`l zvS@trGGB%z5HVrEEnrd^o2~nd&N9_AKOcaJg@saET7XCH-D9K(kEA@mP_tl>k{ZBa zrDbI`RK!$O8SiMa{%B845VpK@^%Ul2X7;UdrJ7)6U6HtE+S#csXfstFo@i@jrS~%t ztMW>AV&b%mF0i7@bp8>d&~btC z8f`CrX6C+u`21*6GS!Ww?f_TUGHx#3_wUyPy$85&L(jE92+Acl!~~vp7pEh_z`J8<}xDo{A6ua zvDzu%Q#dxDy!a76zoWhTHQbo@mx%*wzH9<C&m*hd#e5d>fI@4!|Z>xHdz0Ys|D5++ja`1GFr9r7) zbx5KSY|7PXRETXl+Cd2jJf|U+(7*(s%xGw04C`W8)nh2xV;)P#l=7|~TfJdtV|#aW z+#NhPVycyI(#2TkN>EEKKXmFl+x&e@vb|x_Y54$tuqDIUEw4*GSZB(U=$DdZ6QInO z!FAioCzM^-eqgkSZt~!^qP6ff%uh8I?H|kj%FO*VR@ItVCB7X}-y?@}9ye;Q{s!77 zARw!FtXJY~e9)EDG54@xfaIki2g#qqoadrA`XZ`I@pGoW1Qo}iQFS`?T%32Aj01&z zN;i@3^Uh8KTzQ?9TQl6tva_}>f*e1YGx6JSA84z3xYY5Ba>5@SUusnwhYq{D;1t{} zgw7R?xy6azqDeN*=!!XwUR&k+WyM~pc|h}B4tv&#cRP^<>JK9a*#JT_CWm6RM`RPyP! zD{Cd4o0R2lJS9gIu9p~T4(dwJQr#g#-J1O?R}1fh3Aj+xq1MW#1&K3)$1}{$HGQJd zcQ!Ovwgj1(+j}}Yf1x`%CMLoY<=6skY;4|OpR=NK39%!*ZkR z770!F*CWR~v<6^&8|wG^DE^X=Wb8osFs*FGAFtB=24(1y>Q6Ayhx*%U#K<}Sx)V!I76>Hp3yh78pJ6mbLLNdzdJoU`IYh0Gbeuh+O4g7e zN7MZlg;;!w4=Vys9Q8ZnCW^wTD8m+#`^j`KGp^eBh|rt-`pD^HRXI~*xvhJPgc%NZ zbWjDJ9{LJyyK3(qp%TB%lR)0Leg*8x!qRnz_tO{tZXtjkVaOp7{5`1}SMJ*SOukGolEfcBUnW{vWCNPg9H{ueXy zlb?vfP?Bx5Utmg=K?WE5GZD7OkKXe+>{bbC1u(n6dGJ8bivZ_c7WVb_m)@_>Cq|l^ zKD850s~)dHLl=-O*C{!7ZS1<-NUHi>j{{eH%kmbSZtC$MJK1*m5^8Hs&}g-c4=2Z) zw^Z&?HNSm(;=_csZnCT5cG)6#u|f!mC0RWE{7Ied3sl3M`fo(4Lj5%jqJe*i`~yzo z2=)P!mHVh6dpXW8tf}CepSzTA z@SOMz40UQ$1b+WEwjLRMYf~m#ml%9DlL`d3`0cf*&Hmtko7@e8X@NPNTvtX`u z<{v0bG8hdDXqaFFgs#4^jQDuuUA1K&69)W@tsI5kw*vM>3N|y z+*4V@DgTi9+0P0C-lrzd3!^k KGXK@vkN*oXs1B|G literal 0 HcmV?d00001 diff --git a/docs/network_new/MESH.md b/docs/network_new/MESH.md new file mode 100644 index 000000000..217da9325 --- /dev/null +++ b/docs/network_new/MESH.md @@ -0,0 +1,47 @@ +# Zero-Mesh + +## What is it + +When a user wants to deploy a workload, whatever that may be, that workload needs connectivity. +If there is just one service to be run, things can be simple, but in general there are more than one services that need to interact to provide a full stack. Sometimes these services can live on one node, but mostly these service will be deployed over multiple nodes, in different containers. +The Mesh is created for that, where containers can communicate over an encrypted path, and that network can be specified in terms of IP addresses by the user. + +## Overlay Network + +Zero-Mesh is an overlay network. That requires that nodes need a proper working network with existing access to the Internet in the first place, being full-blown public access, or behind a firewall/home router that provides for Private IP NAT to the internet. + +Right now Zero-Mesh has support for both, where nodes behind a firewall are HIDDEN nodes, and nodes that are directly connected, be it over IPv6 or IPv4 as 'normal' nodes. +Hidden nodes can thus only be participating as client nodes for a specific user Mesh, and all publicly reachable nodes can act as aggregators for hidden clients in that user Mesh. + +Also, a Mesh is static: once it is configured, and thus during the lifetime of the network, there is one node containing the aggregator for Mesh clients that live on hidden nodes. So if then an aggregator node has died or is not reachable any more, the mesh needs to be reapplied, with __some__ publicly reachable node as aggregator node. + +So it goes a bit like ![this](HIDDEN-PUBLIC.png) +The Exit labeled NR in that graph is the poing where Network Resources in Hidden Nodes connect to. These Exit NRs are then the transfer nodes between Hidden NRs. + +## ZOS networkd + +The networkd daemon receives tasks from the provisioning daemon, so that it can create the necessary resources for a Mesh participator in the User Network (A network Resource - NR). + +A network is defined as a whole by the User, using the tools in the 3bot to generate a proper configuration that can be used by the network daemon. + +What networkd takes care of, is the establishment of the mesh itself, in accordance with the configuration a farmer has given to his nodes. What is configured on top of the Mesh is user defined, and applied as such by the networkd. + +## Internet reachability per Network Resource + +Every node that participates in a User mesh, will also provide for Internet access for every network resource. +that means that every NR has the same Internet access as the node itself. Which also means, in terms of security, that a firewall in the node takes care of blocking all types of entry to the NR, effectively being an Internet access diode, for outgoing and related traffic only. +In a later phase a user will be able to define some network resource as __sole__ outgoing Internet Access point, but for now that is not yet defined. + +## Interworkings + +So How is that set up ? + +Every node participating in a User Network, sets up a Network Resource. +Basically, it's a Linux Network Namespace (sort of a network virtual machine), that contains a wireguard interface that has a list of other Network resources it needs to route encrypted packets toward. + +As a User Network has a range typically a `/16` (like `10.1.0.0/16`), that is user defined. The User then picks a subnet from that range (like e.g. `10.1.1.0/24`) to assign that to every new NR he wants to participate in that Network. + +Workloads that are then provisioned are started in a newly created Container, and that container gets a User assigned IP __in__ that subnet of the Network Resource. + +The Network resource itself then handles the routing and firewalling for the containers that are connected to it. Also, the Network Resource takes care of internet connectivity, so that the container can reach out to other services on the Internet. + diff --git a/docs/network_new/NR_layout.dia b/docs/network_new/NR_layout.dia new file mode 100644 index 0000000000000000000000000000000000000000..d17b7b17991f73681cc9dbc401dc6fef56655135 GIT binary patch literal 2692 zcmV-~3VZb*iwFP!000021MOYkbEC)+e&4@>(!L~BIy66lIh}pAyQy3rl1u9Ll6!O^ z3Cm;=xDc|}dC1?M8Ne$e0Y(fXi%Vn|)dbsU zVg>OsS%vZXYVyxt|NNad`SJSQ53A7sUjD38e`Coj;;s60HMz^O`|oG7$HzxIdfNI~ zlG;(Yv$w(QzkU??Gg)XhxqfF^FDqF2nXkSpzxA^$4HvsCuws7`Tum1K^2<6+cJXRb zlq$XCxahp%(({T7w>S4mnx%f29gAEfNfh{TAvH^PL4P^hr60*5*48bJ zUfhORmb}vbTR+-%=|J)IH)}i9a@T3NYB$_UiH2Gp!&P>7^VN{LirSwH)&3A}!$lO- zwLXlq!K!~6ruxIXlcV?ka?R0D)Yj-8R$jmZe!6>D@4{8EePx(c%QVzOUX5t08Cq-FIV_ioxMZ*Yk?mcPuxhv!c(bdoIo9W1l5v!63RUisT2?LR8`ht_he-f2amLMpL`oqVv5;e?~k#gsqV$%u@i8dsByX5){IN6J1#MrV$a~f6t-ZF>rJsU$F9ve zB~vVH%9-dVbeY8QO%Sj0E}YP@ngX&pvWVT&N+cZ#ZmRg)K;Ti&vAo!AZ|)>6ML}yn zvD9sAKZ#9{U{l#&%s6f>N@WpsvxH4BX)ns;O(aCsN<3Gz7Ueb($T`06HANkp3652* zjG~U?QVj_?=%ih2kM6|tU#vor%C%crA`OR6to>iFChVwHHP@2zS}dv;<72mW(4rws zo#>i65n2PjletS7j5$=9J9TZ!^1IFmcMMy5P2Y|SQKvW7U5d3+WOKynu~ut}VriKu zw|nZKR%50_79lLRdyllDCY2CDT_?AD?2^`^OcoLO2*6ad+Pxerm{)LYFoQ>>(Kr9vW$zjsyfT=vJ9rx*CX`l@BS;rl zU*3=|u3n);M^{foXIFnT0-9aD@)%}az1wK{291{u;;s9S-jlqwy0a3@=hTt6Z7RKi z%g^DjtG%oB*M0Hp()_hFh_3!xs-~;I&M)caughE9#b3)>U-j3g4wPOl+tYB_1XVBg z2DbWN64}Mn`uwz6B+(1|$EE#qZRf2xmOP_3qn95rPmi8JDgr}dpO+60+Dd1YpF z6)rQA6H*!q>oOxnOioB?fZQw1Mm9#(7uH17oiRwg4Wp=oi0XRln@-`i>1vxjMZuwf zAl_}t8*_wawW}v5=`RZJZ|;&b{7({Re$?8zgXOG~#Yn)*!lgMO+ucH~`2~~SN*Wf= z9c@16nZSLmzH^Y3y#3P7L~mNRAzcYt7EXk zIP4?jaQ(8A1Lz~jkHU4l3F_};1BA8(#@EGmpJo;hd6SyaoSp@YFd71lgjqC_l(K?G zVoYd60FBOuMgq`i+-Rg9?2pZIBNdBYawE(}$c-qV(OJ;wU>pJ(jS-E=5NPC?MI+)? z(a0MU8Zkhlv!Rg(Xmr77v|k4JoF%Eh4(jkoJ6(c0c@m1rfNLdUD#1vt0l2nMSu`#i z?-GEX#=5KmVB3Xt09XgO>~(;9f3>PQbW?-joE!v*hw(`nH&1kS9Ow7NKJfY22Q0z$ z=Te^};IHbK6dNKo&geXos((&|e7+lZJRCB}oTx$K)D8jJkkg;PEAs&s-(I6?GTkOj%)`L)7tv>H1y)tF=1uA-S>jc;I$?nqsue%_R83y0w%v&o@meIs%yRl^){ zB<6!i?(Q6$q}BS-mkkAbd;@#*F4!J_3gRG@H}Y>u9A;7_fA}rT?yNlI>W_6cs+|)f zY~fL4IJQ9w;hqx0Y~k`bCenT3JjB66t~cI!dR^spN_MmnrCu%vdCX-Tq8?!K9wzT$ z^8WW3ZmD+WrHsP7J2x{{xpfccFz_(zxiA&sVf@r5ysv~fWZqZKE19hIn zL?qTT^&C2qB&J_vHv%h9WkNQZVF$Ri`M{XUXoOUz5hhj={ezy^lrXagN8}Pvj!OA| zolzhX0FZG2IvjccL1%>^oh1_^CuVfOJN?8>+WF|Peh=JKk*?=Wb{vP~`>c;@&o6=i z`;4b^(SwsX0r|#9zVvgS3_lR!{R5%=U4RiE*Csm{0~i@!Wq~Kb@q-Z`fEiI{mKjl6 zWk!^ZYyUwE%;+4#Bp!eS^ahMs>h^b~}5^$)K$i|{H4 zzeIR-mde->UPE1g@PP1u@PP0qBD{9m7k14CIjVzf6~a@TpMIzio;oAu@UGDSM?iQ$ zctChvgzvAx%L8~Zz$U^@Br`t@Ll$1rD%Z3cj}nko0U3q zEP>s#3BjYDcJHgGE{JY21&JulBjgg{xh}zu06Ygghm3Cs3V)+mB-iF1V$&j7l|b4z zq`%8Ay~+GBFMn1{(r~xnuUA@HfsDCo!MT;p zWHxOVKfj-{L-@q_nVLw;*hJ;epP!%qv*hM%gUW{Y(#%D3bMy4_moHvy zqNVlOSX;Pp;|7^b@87O!MiADz-I@GpY-EIC^X9|8tMYd~sxsWKvo$d>adL8EVq#(s zId$^n{U?;y*M8?(TNh{NsSpmaQ>Radg!2&k@8l9bQPHqxJbzwYU%zD|y!sxm``Yq+ zXJ=>DtF2sIS(c?|wX|r3WJn{8B_&6ugBbm_)yxP3RHKIM(s5t=D}zMHj#sZHDtZ0* zwQOc)rV+@j#t;`5=d(Da#>_@7$ZyEy-yRwA;{I*^)z#UCY|GNzf&v2_9Udi5Qp7kb z{}K7ahi_JpH($JX(bv~EGc(hMft?`jkCURCFLsLS!wC(b0bZsB;LM! zsdN1JW-HTk=gyg$K1xiqGBq{DO)xPD+OQRksyll0==0~#6A}`Xm6h>t_4S>EIo4=e zLH((ufKMUe;YS(jpB&C(?OI-3l$Vzu{QWyY#jou7bJ1OtSAc%{!h4}Oy#xifF|3`K z-lN8#U(|w(xNdp1KZXO$ys~@u?fWzICAO!h2PY*eTHV{5Sbu4Df2vW&yLaz!C-IYp zj=Ays_o~D*zn$ezpFUkxRkh!;L|aeK@yZo72A{S0wwefmn&M$9)xF|Os!x(`h?_|< zfBEu7gW<5e{G9bHPKG@sH95I|a&mHLXlRu3I(+_vKfm1T>}(aUe-mXsE8m_RHa>as z`rjTU_K?;f0)fbdulh>)Dn>>|x-C4m_V%F>%HQd64|H^N@H?M&*@FjNR~M(hfB&AG zoIL&`bKIOjV4%gyT#97b{G+FbUqE1Er0E$V_3quf4YvV%*4VXDK0K3^(I*(NSMs8 zDDXxX^XD%xghXNa!P$ zbi~yEE`oU{eX7RwS1(_l&9^)0?R_LflaZPEXQ@{~SQt~2+8Qgi1-Y@<{ckYKrdoL{ zK#HmY=c}TkqUm2XmoHzAfAq+r_(pwOTkJ@%GF75L(9vgXd<>BnaWhkIk;KouGRgk- z?Hg`ccu2_o_WS#pnVE^|hYlUmq^Gvsj&-?mp22DQ=KR=cgxSM~XEZg*pC0;=iE(;I z8LS(JxPzJTo?C)^p$(bl1w?g+AFp$AbA=TiPPVqSiI8Ou9SXr&QSLCcngVB{Nw%dB zd3AL)m?f1SJBlG$?G7E~Y|L;rn{JcDm6_>igi_PfkC6nG-n;+hSGW86NSbmcT>s}N z5y{Cy>Mv4L$s?*oQ86)YzpA$|2ISf`38!43I>7XqI#M-~rRwshU^a&2M~}EuXqH~% zX#2|+Q%XyfkO?rm^z958wf2V$ev;2fyy*SLdjBvOKs*YCkWO-CuGo{~8E z>o(`k@u}BhgY@?LeY{P(_^65y%!3QQ9{jDw<#JESO$H$jj;QzV<=2OHu!xC>+^Osj zKKN*2!V!s=99dA{e&ND1dDblieB>nV1aDZ?V+A(}^pBD0z^|CiO-Z}pLw*XL^l`~=Bd`z`fO5vZuB7?L9+i7BXMSS2Dge`PEu zIpS%#_mT_QkVKL>Nk#C-24FyHHhS^mg&_It*|WingufG(XU-fwMIiLy)YVlLqB)Ul zR2hZ_2j~1u+}zv{W;n0Ef6g!nxw*}+(-Tzvu=&XTB=OyWEPOg?Mzb@N*K*-2KE)e* z&EI|f`qdFhp&>zu!}*n>`=lVbq@-l|CW)}T`7^cPrc{mNYRQINdrkd`3LaDERopK+ zIE0mJYin~W-gqsz?Y8^ho~H_Kj6(VL-(ULj^ZEPU&Lsq^k*xTqHnwit=5XbT5E(V6 zGjZ)xO^pcUtN;D!N`Ln3j$f0=vG5Y-{tB_0^Li&v96ESVgCWzhv`D3fR@D?&HhqUA zZuTufDU4`jXejT!=$uHOQIUSxyxD#vOB%z3S5^@A>a0ix&MT zsYrXXc!!IN%k}F`EiL0kzQ>N$%JSixs0iS*#Xyquirs8@#- z6&oH&U-D0TPfGt>i=e&l=6sEqV)HzdV2-L@QbjD^G zQK&0e=m`~ABVqLlskq2vbk&7k)Ab^ayW4f{v-zcRQ-QlPlM4FY463U zEGB7YueIev@%2X;PKtB7yDzNI9U!PmP`;8{NjJ@uM4D^OFn;>v3F`Rg&!OSr2}f=o zXi}q6C5SU6ZHQ0t>U7q}9i%Vcq!)J}V8oOl$R15g7(9FF(r-%f3a2Iv0EMkh8+<1| z)=Sg3u=x2YgabF()zy_v{SH0rx4OEJurOW~-y=w>f@ci5R8{&jQycS6o$Us85|VN1 zIkNg^q9gAn6IJ9MC2l%F5b9`CkJAg9{ga<>nqZu-$ir z(1A3^Kr8c5=he3TmeH}XtlUx`y1SqHExoa>q+{7(YG#Itq?=+x14Oi!AcT_WGbNe? zP;i4!T}VobsK(0{$%~64swqSt;129Ac4uAdiZ9{twl+28&iAE>qkMmCYr2NQQ=~}I zgv`aE;bA#BIVPV1CC~Y>@2G9q`$v?Nir2pbY<>RxGCyDD@L{u5>sl$it+||Y>sESJ ze(#NSAL*K@<#~sktKYY9g;n)xX)&j}XX9R1?3y2SMoDy^{Mlc6_3G6vEG$3T+T2}S zu*mGrdwh`$QQ=ORn7F&U8)$1U4k|dxdSNdkz1;qL#R?VWZaW92RB268f# zm-p(Tw3L+d^gtE1xQ*g6&QfuUiqGoebyPU4Xk`#9Q`uI7h=AKipPhIt6QYy0yu4iI zw~lpXc85jEwF4{FdhC#eN&U5;2{~R9BvA1hL%o@)Ds0 z&7Qt%0kzfDbV75hOS27`{wfX^uU@Sma?#=mdF|rnR_eWU;P2IA$AVH)Z1nW*a^L+o-7cI$?`c+#XijoyGU^f%aD-ED0q zxQ52Ysg=LwHM%F!b494EkBp7I%*Yu1{rh2DTnN$L!C__WRW^>Lq@?6N(VpYnuTCZg zRdy7+XUD|EynQ<#xP^DBZfOw_fcvTy#x=eF2(WyS+xQMXKKd;@`PP+z2QPnP$fewE z;eGouU%aqu%Q^=%+g0GSfB*jB`Rcv9cjx5iYbGj`b~ye6#x+Pdas@f0ua6S0B@&{t zxbKa}uPe+gELaua*tgEab}YRm{_$gvJI3;girY9j=iYBE&oEB!DRd30ve_jj_P4vZ zt*grm*zoBOvqG1l&bJOYSK8jpH+?5gqmoVjJ}JQ-BIEj7ujg|TD@xwuc*^V5t5*wu zx`qb^4geF78$-A5IdbHPoy^%&r&>GmE*l#eP0dFLsQ8XHr_Ic`I5>>2tt^O;Z~W=h zN^hB+oi%u>P^EhwJxG6lKXB#oCP-;OupS?eGF)+RXc?VTo}hQ~L6_Hxu3YN)*u%hH+9g{R1>Z$R z3VSkzkg#N z6`uciyR-8wx$*le6Rc1=s=Uo7h7$W=ViB;;yQ^J}j*fTl-DBlbAoW+!s@=}W%KFjV zTw%4)A3d34IQ2KtFCaKLc>BRi-q#A=zJ2Q`yD~rCR`=g7Km;$&w^?~@HC4ezP!}^E zH8e3PNJ|T-?C)~|rUmv}c_V-*1C=1V z^oj6gC zRWdnqrg?M@$6uNq4hjtXJv@9&Q}fZ|$1`WfTk}qW%fM=-rf%{xKYKQ`TuN3JIn?+1 ze=ko@Pc(R;p*j)L?HwKc3nC{I^+%DPaKsxoWMjW*F<5gyjEcH&`7(}i$=-gsjz7Mn zAtgEaWAPfAfjzaC*(l97r>z8^k$7}cQW6b4OP}0E%Cl#&lIKE+DNS~4Y;4_*j~+a@ z?JnSqgo#i9%p4yd-)~j+X;1^UO@7TmZYL_wP4#b}koY-oAbN-(+`JV`Jol2QK43_8rOIYw_Os%fo%xd3*Qo zXJuq$f8#d&Wqu+@b4yE2k zPUWXfOqljWTYfBNC7tsHQ*-*&88dV9@v$+>;u~9>(nG_-x=L;y{Ht$ZlCJ;M=0M!S z-`<7!c^vI)IGA@yxtp_>EUQkgf*p!Q#=%bVoU>E=A%MOk zIoTTQ(xpq!qoSf-R7P2IGG0UmE4bF(Nl95KDG6z_zw5h@Spn!(7Tk6m@t7LVF6T$M z0&A?#CT{eJ$WGvk5#T_Fph!@TRoup+1*yJ1Ra`)}Le(91Dg5~HqX%pA=g*%HyZ)ZK zv^XB>7r@V?rK$O8X6Oqg|BZ|+E>2%y58>qH^+K|kq*3&o8+m-l0rX31R@QpGTrc>& z%`?}RSwG)C^~1E#}*ZoO#N$AMKD9vcgFuL2>G84^H!NKU5 zn5`Tfc>7K&IebIhfs3J0Q7wSAnmoKCV_5dA7cbRoJvWtpdwsf;cS27OnLjr#4^6%n zkI)Fx3`*@590-IKSevDv2WOHBlJ;uHf+LvdEl>P1B(Zz<($W$w9bGuDTzK1P5vwvz z({E$J4-oHOXsErD6Vi{$>Qp6|xaI9)U){wIO<599y*W!(MabfuI;yIK+sba5Nk$p5 z`>iDR?$y)NBU^}T8gix9e!N3ZDGe`PyuUg78>b7*iENm!Qb-iCy>g|HG}=5hHIAB6UxpvPS@YsBs3-2h@FnrUh81BRGctrXx2xs((Lw4 z#JZ`mu`f-d5Dj-^LP9ukc@YRBLSW@h5LOe(rbjuO4!l{e;JK+`mZI?bJ(?ao96!hh zEA)a?Ip^l*jg5_q&8*wsSTiI~wl%f2ZF4at1oK7HUg6~CUc_E-?0Q$<*k~ABoYpcb zBqWq>kjOQlEX1dyz{mIWTJ`4vHd{VID!893pZcAV_@@y%`iLg98>kv@-@Tih?LiJn zRQB;)nCu=I89`0p585@h^}lXZbLdZ30VSH|_LC#A!}9WG`##>8rr*cBWebWMNWJ4b z*<*CH7^JzGC1bzX9@w*I50Egn8z6CBZZ48R4eyL07*({%EC2p*4CH%8vY^=w{@j?X z@wd0!3Pcqb*FONt@{RRkwDD*j4jjm3^=fHrs}ZP7lygdG>?#%FqbB%sCbf(r)PN}~ zx?egK|Jesra|m%}mPc3l1`GN6^Q2HVSA36#-TKAUED03qLh@5#^3&Z2AGMS#+HtALW{oGa@=Qs+yPJr?D@ zYg7G|IA3=pk1bo~=jJpSKnnEr^+iW>%E=WlZIdKD6)g4I$$q6V2@K?xvF~RFs3Q7l z2>zPIuESVtSB3g*r4DUbh(KWWM8EZ$>#IxW1WHy0&)m+QqU-@&%3+s5Z8f!zh>*)) zAKg+pCU^PU6M$!~ty@o^WY>(wrZG_%fk-=CB?$agpQGs%FQCswWcReRty{PL>3pk;h6=X?O!#7}M=lkQE)_vF z1@xW>+2+E9o4O+;Ph(>aC(r$tFArxuBe`{B9UMDy1LW8#HO_qsHgzk3J}+>imCU6`gD-uBN62Bziu_6qvB7sYy3hQj2nXff=vK>K#8mS~jbT+-Pkr zq&|XsgCqw!J_|40hLam)r9ir3Tr7AsJD%ntU{&E!#?j4BBh5 zr_{mLmW1ky%n>%3>@m&p+dGJfYcFwhlK~Ly2dgh#-a*}!1~p|qcL)^rgFEiEg9RzOeC$W)fZ&<-vyd(zSd z0E##l{v2&dFZWsD+A!A9`JAE^M&=d67kn_N9d!nm3wk2t-o3R!tFX{e1a$t}w}*GI z^fZR)m!99>(j#Bn73NI|o6KgVDnN=*hjP>-SIe`4UU{%A{hL-?=jHCD&K@8CTHh-s>Ya z_5#-u+zL>5<8M#>f3*Orp)z*J9+Rv_yZrTuy!Y=H0l^Ml`U>Jk<>t&zblC+?Rw}MS z5w#9MNO7QG1f*>?t)D?nI&mViMPc8*egCy3D8{mKa02up_9pfORAT#swVnaXB-YF3iO0<#Uwvddivps_skkhGCgTup@ zFJ3J5S_pUNIDz`HJU5DDh2%Zv7r7WG5>8s|ucQZ;L)DhvWQPw$vMjN!oZ4(*;qUx$ zX>ZWWSFb87Do}!F0Nud!{=2CHY6H?`l<0}aC@RRFZz?#96(Gp?dU`5sJU}tVI=_Ga z{_B&&vr+Mse>^^TMilz2u<41~V2yxiH*0p$_Rbw_7s=)fwQvBHFej0_3+W4tXJ3!K`{BJq7Hd#pK4 z*G73V*2*`eZ-$Dz<=bV!U|zXvdm+w2yRos`%V})#I13$dQ~6T)hK{Z-mQ8*~xZyuK zL^pe1Lv~whYw(|7qeK=TAD=DE%qZspxpLcoG_af_XmiRZUgY<6c%vf6;}zylGKHK= zj%5jmx43xP%&Y^+rmM3PG9N)GvS79l)CkB0G`6A&#GHy2p;i{!0Bi0$9|iAgBfQso z&BKJRLf!nI7ohi3b+xFNm}{X$3N=yF!@~nn0WGoV7C~^+%nfB!o3-g00U%CIdf_vT zrk#oi6-QZfW8)}wwi!ED>H%kYBpUw1E~z^k-kdyh=HcVVp+s=JmvT&@sHv9M_Al*S z_k6Gu{Wy3C@Pb#NJ~XhUDe|%R7(oT_x8{z~i5Vnu^Ye!PoaW~72otox8w;X8^&n` zSDJwEA()^oH54ybCkT=UpETH9`y?_L{6MvuSNGyxK6Xo`t&z8HQ>!ynPg3RHnwmvC znnQT|cs{?NAZ$3e(NuyC5`-dws-HDQRg6cFmq8^FNUmo)aYJn{-Ao)y@{RWK(#>g6 z_I}intE3mNU*9F#U%mP#e-$NP%phTPs-K2UjjHk3183#1!zy)`FYNxQxYN<8ncLqV zd5TRPsSv`CN)g%G6gV6#cp5TE0CfTM^TQO?7E5^Dmx0qE-% zyL_P8)rw>YE~%-hFeM1z=Vqo;XQ+G=9Ua};+R7$!R4-n3%LCy^J$5%7oG;Yxh{JJz zKipLN=^ZT1$t3#5Ej~VL$UplmOH4l$uW<*KdQ1<%TL7&coh+A|2VpKW^=X4m*8AGQ z(n|C~%Nvk^PFh-i^U_UkVN(Z$7zjzXqTH+gdyBUrbTKBb3QI9}>;X5szQf{N!ITbQ~cH=Pk;cg<^EBIyk_K(8P8(BV%`} zMn5{Qu)B8$l_IL1LI2|5c$Snj1>*|@d6Y9>*j*qqq9|3-&tu07uZ1m2?yx;TMYEO4 zKPqL`?CV>N&7(Rk7kpT(Zd-ACwH|T@iSzi;BhoqXv4((gFNMJ^bWKpiunsupFHuyq z#X??ob{AybN!N6^5f;3n$Q@4^COXfaIm5-zpMdRZ-TwaiFNHNEY~Zc0A3hNLWW(xg zg~>RLCHnUjz}zb%TX!FEm25>!!Y{k3kR)1D@dA21oJ7 zFG=7)Zr}Co@+mboGmERgO#Gq`z!-O9>JGWJzUN-p{+2&l+1=yUtZGnRJm-W_tphM;WV*>G7sa33_u?99xn z7NNnz$s7(1Mis7N5r!_8mDuE1aOn{{4zq9DwvCUkzBu?UpQ5aklpz?}Dx0?j1#+^o zpv}nv0Z>06w%34B9%)S06E*&Do65gk`|r};BGO{vk)Q@z8TUyG+4y}P3C3X3a!f(o zKpt?3AKs+-b?40O$km@6t*vCD@O^DG=L1L5z%8Voh?ljlAfwD-_5L%)klo8FirKl* z`S9|h-z~_`M}QoN`>KCchoH@}TPbm6%A&+@%ys+r?TbuQh{5H?zIdacRHsxs^RA4bTVP=I8hQ zawiD(r%rlTADg}g4%f+P*jaw9!S#r`QvtRHeq$@etsZyrOkkb1!o*g~$%&B>Rfc_L zxhOrqUH9m!$6uB6`hf3@&FgSHbm%Q)IPVERLh5bo?(VkXsm~8#?oj5@kC>Xt0&aZP zL?V%%8zf35+|Wga08If>Sv#mZs)kf+y#GVJO5K&bKU<+9zkJ!*)I?P;qDsfG=FMfJ z!bx|h>D97@uWwmtX=z#6I%w#C88gq+>};!3r%o9gA9U_ho!)U$r_M=X(4`R6qMj(z z_1ZfvaZOe`3S1kVYV}tJi4t&UM|kVA)L% zdP(i=?X^QL8K)#p)`vj<0>Z-GY)(Diz480c_x%I#6;L|lxVwpK=veIR>_BQb0~9%Z zA_PBeY#4@xgB*$70G}3Kw{B5I)#<@Ura-cDc7B830QcaR>*}b*j|Aw1D3~Su_HA_y z4Vw7+YO!mahc<6-Iy!^v*y$|{1mnqEi6tXe)Y;6b}|!_%XW6+fg|D z6DMBM`{xtqm-K2E4-6a;20nqMjjjdBa%ju#BUd|RUhq(7h>p#g{r(TU{O^y;3-oUx zqNN9l5>oGLH(bWGqd|eCE&hUP>!+WEoc2M~4|=m?a-Xu?RC$qXk6ZJi;j)raDOe-~ zh_^D~WaVsB`%8yN%Hbm4ki^HbGM&E=YuWE7Gyqkig9Z^Ya6HK7S}C|PLG7SiGeym{ zb-pz~RBJ72)s6mPSAe6_r(=Nooy87C|5>Ftl7#Q0W=S#Mv3^-3^mjBeGGtz? zJ=?_iF14UN$RvYAZomCz{C0h@CXOnMDd`2j+ow|uTyu0vU%|Kil^Nf1*yV(sH&h^d4&Kd4nZob4OZnu zt)(yk;X4k)<)N~^2;Y+U?%j}m#6?Aqj=1*wK6tdpU{Sn>JFwrtJme#qkEjO^MD-pC zCR85ZefUHWLo!5i&11(n4iy_8J9f;~^pIWSsK5bLWo16M3P~5V~Ta z^{fPVUwCC5xuZowW*Xiuy1GBQ6^u>@x)CdnjQIZj5hJFa|K>)Gd$>O{Bp;6w#j=BL zW8cOWd4@X>cCUcIKv1fWHgYwD@1vuEyddMVOqxE1C`twNNKS5QZQZ&4jHY63_71Zj z&8Xp5`5pS`8UR!a3lBHtFxa-fI0@y@LUNm*BFY?EqPa(GiEv$jh;BMYpQ;LY3`&qy zKp6_l3E}%5Z97mShFru>JSGi&24l^UQUTCnonwmHW_Te=!$Tpu*DL4~*w0271|M1k z6FYM*(C^x=3o5s5OmgT;-G4e>K`J*rb;OjleVv4_14F$$eTI%mAx116b2xJ6$idD}kl*~04^kI=71NI2ONSd0 z1r$iy?^mL?>}1a{rezc2+_p{5XL$~Mx&EFFxOAa%R5rW;ne)-EZzk}|5Dx2%)kAl; z0$4VkK92JSD!i|aXz`l;y=72cP-v$x-{jB2S+H^?1y~>`A=p^@`uf0J)Yq#1LQX(F zMpl4B6%y__li+*z+-}_X@%{T+gWr0~&!1n-*TF;j`x7K%i+xsZpj0D^f|vm1x_%XW zEBwmanU7|xq({etHUDsnMseOJA|e98$QV^OxbN`wflr{EJWf-|#`{dPOJA>HWT-eV zh4i2K`ZaFGg9i^9)6XVMSsskwS7O|$(zC9x?4Y*sV_RJ9(o)f5|M~;-h>btSN1~)PkSU*~Yr&(Yt+1S+5Tgn#) z!XQV^t`GkG8)4lJVj0XM2tP0aIB^v9Z|2F+@~Wz6*H%)=C5N#nVhxEWpB+VNw&n(U z+dSv=g(f05*QISgTkRuMD!1_;{riR!y)21V%23PDKBWBGrHYV13@v7#1=(8wBP59g z2QnCNF6UR4nNuwWDv-I6Bin!cc$bvqU$FWryG&yLesGxo{{4ggD~-b)JgBR$|GW3! z`r3+%OJ-CsX%T7A%5Uv^M@QVkIT!gIV4Yy&S-pDxJjirLO(4j%j z(axd0IKq7ZGIrgHI_imx6y88Nh?m$R$Ymkh% z13|=3XP2*6m}u+jwlp?=u=*8Iw)(Hj33qyBc$;~ISk5CTwy!cWPKs|Z$3DxAJTnOC}S>=c1*VK?W)KEawMn(AXH6nbmnY3yX=-yLBCU z+UD>ZcL!l75+Zd9;*6?t1e@#>=-!E|5{{roC{zYhLm=1z{RzNS2j|6r}xA;i5O2f#L9eiM*l&g!(}bl=bvV-#Mw$(mWUU< z@E>uOe**u}uY>yDGao~;rdlpQBf_ghfxhputu1_H72^%?Rs{9Za!v|)L|uB*F@ej& zPUX2*{px`*8O~d8^e}5{_|^Y#+QQX(t<^cLp5$ zV3YG8Dhfue|BrzpBKYsvm}h@Q0Jc(FTbosxH{7kf0!{~^#l3lhk_!R_oeAz4SC|`2 z0aan!K!nbwR{{(8fqDS^IlZCIFui5ek#uCVT1174XZj`uD&JEl8%g*&aWZ z`1xTc57mO?5^0RHrMa1%lhfAGk-|oUI3HlzZ}DC=&8WD;zV5*;l+908R)sEA9UW%p z&UItjM_@O1r4%fqJYbwTQ1fZlS?oB{ z_3I%K5h~t`Z@~H7`H1|7mG*FNX}Ic!WCkJ8Ew2LLfrFi0iuuBUIJB0q*M~+#xVyTp zEDa}0Gcz$W+vb=qJ_aKW*ipQcjUb!-d&W1*jXj#>mdx2wPq#LU7bvbOMWlZdW*BnG z2#1>UXJSHr2TN1VowE0+2McDAdT5UZ1$-B&{9HDZ0$BMg$_HWCzjf;tRLXugX&5P` zH}bxnD^PIm`+yUILJeF~QXs?gC*G+n4zes%N#rIp^h$m0Jw3{kekT%+#Q7C4(_O#- zlAdT@V&d7Eele-LW{k@(-oNK=xVmVLelaVHpO^Pby!H$>6EXuBi>IFEKMP$iV>b=3 zY-7-Hc9wDykIK^C`JlLX1w3u=iy~*76|VpFZs#eyk_W3`6CelYY0NZ+8lf6u*A`8WT1)++g+V zto9EAMHC|Sy1x{GH{e9v0WH$4LozZTA{$5NfPf(EfD^LZcLtCdeJ;wIK+NY)pEP>{ z>nGCD1%a!?zBRCvnewUz^@2DVh}hy^c5Bq{77;qbK}pF;gm1USy29JX59(|M1QPXG z@BG^y`(>Y`RzJCL)7t}%(guM zp+P}O=^V7+Cnu>IFGsT6BBnlneuG4!6xfyTNIu* zf$Kp-U~ez6;cdhq1cx<{5&V3ukYgdrVwI1e()TBRC)axskRe%23{Ks^F{n>!jzzK&(S4nBgSSSVgW^7G0WYwrkL9XDWWF*yeEv;r-^h=~m4fMB00S^Lw*&2EjLue@NJm*kyriY4(O06-L6KN=0bT@j zfYapEwec_v?w!TF#P#brf_tL0cY-iS8k(+lqgJ(9YY?&ibYz@rupwrT$&~a{Hg(9i zurg!EU|eWbgoKrZ(hhgZQB6(C*x|lT>~1K~sE`131NYJA)<0F0g9iF#D0CllMNY>A z!1iu&afU^1<@GgKYt{e(HEUQ@8`g*Cb}4WR9=q0464F~I5>>Z)Ar|!pxem^cfCb$X z=H`mx;v@farEa3TYt0>BA08acz`)SA#dZjVU}5syP3=$$0K4qTW*dF>h!xZ)C%~ip z{OFN(Dk4LwhUz15p8eaU<>k36-{4Ha;=m-@cljB%1U8`n`sU6~9a8F3&=`F3&i-u# zc??J5Gj&t)im-xWfw_*bAv@0jHkOR4Q$;eu7;-<$s$5?*3Q#9pK;_#PNmOMtY>Tz` z9zZ+)1FaJiA|5BEkz6$CciAGDAS;#}Svb5grzUt`RR0M#8=Da8_ltsF2)Ek-Wb)KY zK9F8$Ode+0!*h;S=?Q#Q39JwITj{5_z^WyWNTy@v7Swh#Ja^6q--a5j8N{sGivbLB zzq35nta|tk(CFocgqWVQS}=kF9Zn@*1tL!K`HXHY9G32r;?dV60u~dIJ#a;kNsp0g z33F{KC-_Q8?Q8qh2;_h|+i!6P;nsYtDeSZIrvRw{A=g{zD%Ny;UKgGZxavTl5!J)E z_9^`56y$1Bo9DTA)I8U=4z577Ph#1d7hNzTfi7tO+5F(P90o!L9qU;FHNaG#Mm#KK zn1HletXN$1*gSElg&reIX!|u8kQ0FPh*|h2m0p?(z$QjH@mZSL)pVa) z(01d=a0y9#V1kJNB^EL%BoNpw?}mi*yX}hE1!o7M)nje>ZEo(2fZwV#_~sOmvF&$0 zngZ$pvloRQy0ag%IuxsR+0t)bkLUcgJGo=%g15%k|65py2no6F;^H|o2oIWc6I%#l zSXC#K1IX=lwk~#dBXYgo8YInb%Iq9ucQ~HYhdhd3AVDKUk-%{o!NDwq>;Bb7f@eI= zNWo?cWUjz<9qf^mWi`bCP1>7C!EBcs_`Mld^xJ4XoT+PL{PcY-6*x_J=w`$vC9i=* zMb1JoSR2d_J}?TvVC6G^8Y~b_0IMI&GVF&IAAn;K0Heh6AkN_N<4(*n$vU?8jf`lM z?qaS(<{`B-$PGzJNw^MCdpnEV_B8bee+P)=+IN;rgd-Rwc&EY>KMSCCc&)07_b2;t zBx7Re<>^;HGR@Opz0##jh-^*O5EKQ4+g|9J9u}r+Z~t<~jd~Sq5lnL7dNCj1aQX5v zM=5}H=<_9*TwLeM=7G<_9s~nm$3Q*fW`B!YB!*A7>TE%xKuxNysR3on&c`B+?qwN6 zaf{2#)m2rS53HvLV@`~omKF`uFQ?s{pW&G*TbV58zwAV(`mR6CC~5R8VI&XGr}f7V z975+B3^U^J>eSYX3kmh3;UI5n#OflM0U!?)Vjk7CyT}cF6E|ZQCX$DoQyy5`Bf#>!PB^`srX1PMDLyU^DF}HIb5~FTM58*;pV=NzR8SzQqs`mFLNAp1>{(^G99(2u{(GUYiHL}R zv;v663rGMZm4=3<$%ly1YJ(t`wrr~4761S?by$R45}4T3Z4Vq46cofv1Z0m%KLtn@ z`(bKCmm1`U)ipVFsxO3S;P^Bewe;ab-)li7Cy+XqV%Co4nKd1PLg)~K@_;&25M&<dAFl8(xcl5pe3 zKXhR_$%e3k;UmC`!bC_z!VSxEeUa&jJ-JY<1QfJ?~!J)v)*(#Vmt+C zZy3dLXb4-JbT&#;*v!gs z8q$Q#^rOUJVpvskQxmcfxTbEo_jM(x2!6S~uQM{P!1Lhb^tZ3?ypt1r--19Z9r5xh zNZLrGD5PL97=*y!!n0bpWGtuJj9V%^2Vf7LYzv=)3spo{?oVyK|6 zt^wuh>({#@ji1s>OV{vS$HI4j7tvw>B3XcU6H%jCLrYKx-qhw(@%09a4Qvipjkzg@ zaQx$?JU=K4m@GROr-#lMhGz`Ru=8;eq_la7yS$k(`RATOL&Z*3PxfBuc1H<@2MOBN zBW0guNbbQbjQ)OM8Io?T+s-#yzOscn_|>h5eLKGA)Bxr@SDp;U}Eu6b&35 zE89=`O}EW*Y_#m{$B-_{Fw6^kZbj`Oe{tu(08uE0Vq#)&%)WW^CO>};fOC;~^Evvh zm7^mgkbO@)l2ZG6o%+hB^HLaPLO+j2Yuk<;dL((($q%kUNs3@v5QxaBP*XcPIuhe~ zwGrDGM$R~e6o=^Ov5SM78Wr>ou9aJZ&S)=2*FZqQLyO2?jdCOi!Uv*u8TB3JaPVyC zW1h|=0vmuNz^CvN@D2L}qjq?q!#&wVZFbxG(W_Su@N^(C-no4{n1#M}8{EP|WH3C~ z$Jvl|z!e~M%sfN@c>$!OR(g5@8Ids8(kve-6DbUq0!{W1<}o2IsFU`pmSN`F0W1-e zg%Y%&*lOnHyk$^SDAqfS9;01}#;qdR69!rv8_zpBe!Y|j=>voZ<@ju?XX%x6hnRvY zA(|>6i@>glZcIH`PZUhHf}r4e$oDAPkZ` z$HaL6)3&LbH^ezVUCQ#rUoxW3T)DasS>kdsGB0&Fl zH8eumWy@nK8%vaD3SgvkN(HV^90;qv=yZWb(BAp4;Xf!Flc0T()poEPJ9&~ar3l!G z&}kHA+{qDWjpf2JK%kW36(;g>=bd^8J`v*6&#J1S-}UiOgE13<1(kE^*@4Mbs0umg zhSSr<)Wr`Uj>GdEe&QJn4)CE;3RGX8^Jw#~ix-E$Oi`Xa02=}3+6D0p6;D~n6=Xv^ z!vdjQNOSIrtq%BQq=IRyAD9AxB^55|T?*m^&yRI=n}wp|<8?`bs*{+2y>Y~QvGL27 zJ+QSwn*=xjEfUFes}+Qq1_QD@5l>%GY>YX|h1M7J5GG5QE8n0GgUg;R(PtYWqvd~M z)br;*e*Q$=P_C#D@_gu`yE4y)je;EG_|*pAsYBniPy zs3i=^Xep6NW@w9=wR5oZdeI-EEs~I6bP3PkHY>f z3X2&zu(BUAuj)h}IZ9^-3x(psNGg<4BtD7-jhvC3OeK^G@)v7XhRe&C8&342qoqY9 zym=4|BM@a0xF*kCO+z5q3XdCtR+38=$Bx4<* zl@$_$x2I~1;wbTRb0kavW7d(4kBOlEkTO)*d09WS5`ihf)fB?S71=eJv<50e|w9=4h-oA~&1UKeTt zcr*$O?5Y6Pkydc4MFa(5utc$u~E z+zNc+Qed4pAMz3i1cKonnN5T_tT&>{O=^ zZu&c<0L)ra_KU48#y7BEBGr&Ej~z>g-oe~pbPz<&qt39@ug2?vrUmJiGoWN_4G zmvWlWW* z+yrYXY{1`JTJn&Rpd;qzf6CrZ(58hqL}d5wD;4C;031j zAz_ZMmE~eR`on==ztAE*OG&Xfcg~tlTu>Mv#qffzjmq$m%pZlOiF+ihASoFCzd;E!0hi97cg9j&|5eS#$3`fnQPRC= zarP{F@bRg`Y?$?)L+=P~L>uucu6Q}G1C zhfon3nKouEh;+8Ca225InR1HLNdpnJj@4Z2um+0}VvQ z*oO~ixZn=#(>Q1jv*e>kh8d?;*+HsdD$N9DNxX3J7@%MH3<(p)S1_JC5?vJa7G@ z>5b0f+4s-0O8okU0}n9>sYZ6w(#jEk66J_#nZd%6tv@oqpL{jH{m<{a@6I}WFLKB% z*Uua<$}}GT@$!3-poFA5#N^4(Mx`3;t`pr{?DJp|u`Ck4KpT$7GO-O5(FAHP>A`cP_51U}!QE zPm6)S!y<^LktbDSB)Yxb6v+U}05XIBxTz`!(q$=zG1x-}tu~h1VBjxgq3?SuwPy>7 z(Ur!ir;0OaGp4aXmEBJfU-B0qoCqW_@O?_vfLk|WmD2c?Vv_ARF+h62_Ydhi5M3?COfK2 zNfa)m?G_=Qd6cM73me$??{6WA;!!HNAxt~P#5mMZLUDfoeI7aDo(TDgqI)>Lok_|^ z2Ue!9|L4fz@pzb(&>#jbK2lrr8CzLpi*1k)C`%omqPG*aka0x|)x1tH$5Ngofudkh zli~v})gXMFmoCX-Iv-5}WoR^LSY{D34yf5d%-fqW)RuMOe;57)4M5)Oao9E9hik2@ zqA5b_jm1WPh4XkKbHxbrQ|Kkvknl%MWAO9|%5WDs5}uUnd`ur4u;S^Ir%3(yAuAy< zh75o+xcEph8-vThY?Qrxz&6-)?>eeSbvPeoU;()by0J6gGkf3)85NaYJoyU%hH`hg zc#@uh?o(99cGtam^Ke^^9Y@9~1w27Py%z92ZXZ%JD%a?bOy1dyRPoQfy&EWyHaU;F z3>7cHtwAQA&?_m`(BOG%fiVVHxn;ZSF0W`+x~!fo%_ z3%GuABxZUG3e)vOF&qX7C>dN_Nx)?wDbzeXV1b`0St0|P@Kg65A@Y<*382k&J{Hw3 zG~e@&*5^32GS3yC5skXe7ydj-Ck>(kITEQ&!tWG{58M|R1KnNTZFl~>6ihw1E<98* zWB=KU7)zyelVl>8B{+y;y3P}#5xn*wYAqq&sn?=kMKAxJ<=8W@GEazjn8uHsN_5S> zpkpv)0pfG%av^jAfQt7w{y>^Ic{M+iLZIP;kGN6K!L7N%ghgVG6O+jA0}>A*(!#)D-j!J4Ol{{L5+(G{_V zf3Ui;t7{53VT=w>SSj$Fx4*QsZ;Afr|5ezTKx4VKeg7_sCdrmY6-gSDkc1>dNr*80}B-u1n$y;{5CcHh@^ zUdMSH|LJ5#WX%Fu=^+zkxU0EnTIx;O6A$>981KRd58NR3!8oF)Ylt3ptk+n4LaN6W zv&Wh@D4;@;9~!D>&-|aKICr+>PXAnAe|6vP4QwE^*!%ua>qzai=Fj@Phh>F&h`@vg z2$%RM=DQH&a)IeT!00j%T{t6f2;zg&F!UX&T?|oMSjfMuAz#3JdxsCoK6MR^($Z40 zB-$yzz$DQB)o1AZRB?Nuzi9ce^~mzgx{C5!13`B#EKIHDQAA@u0Z7l)oD!5Mkj2{hef-t+YeKF*W?LBOZ5pN-# zJB;s9Si}qS$V_tix1SQ;W&A|z9ma~Y&CQ+GTzB71f5h^E4JXWEhKlSLo*jzK*qdhL z8D6~T>F79A;U4#nyG45I{En{>3m{``M6~U~wNMU0Yb3edkV|vG^z`28Gen1=SSnE7 za>H8K{~4U_t?t)zI|EYho;?Rsh&7}de1Orl{>_mY7o$H_iK+)Z0xrZ?(eSaW5xKX4 z4T)v2GV49dS745ciw&#~@$}f($kweDc^K-5?;~2~I}i<(%E8cZ>&8>pu5Bo-pbYm!Md3zuxk|Uaj|UM9{Sn$z#EaVPQ4kYed928E=tOkl!jtztp=&k0b!# zKV-T;5vQ0I0Dsy2A|&YOZ3<>v;IQc>-Zj|ZmUoz}q&UeR=ALm+#{yit1J?t%-;`x4I~1;$br!F;Hi^S}BH# z2h} zM|M@=0VqtPA|t0L)-0@PqDG!?9XU=j++2Bxh6@Pnm3FaxdnAj8hD%K<6n8sLy`b(L zZ|&asG-Sw@cu2NBiigdPqWV}_HnzH! zwqw8q#|Iv!FOpe>NbapxcPvvs851*HU2%(|=8>)Oi5D-%fUychljO4dVWX9lsMc%c zk3Pj520#jzFuy&b$zKmOBOjpo^Yie#&qSKUD9qSKwGsje^R@%E#p6WV;g~369-bta zudGZX%>~UX?djy0Pq9}~oBMQ^jO_<=vVmLgdHvgcke(_B{a>F`(WtH;cyJ#qc@fX? zvEId}-31tkVeW$KJ#Gxo+t8`&jBhA(UE62xnOm39G_y44>+hZtmfQ6GJIf~9_WZ&) zlc=BS&Q`Kz+)dtSTIQpfc(IW!qJtCfI%D2E#6N#IeCv8ig4eh~kOExLC}m~!xnp*z zYia3wy%%2>mrvOTBc0-|J}RVGlc=P34Gl3!g(`t@h6V+7g698acyIZntjWP^jC8~w zwIf70HFIzNg9rP|?cAa|(8n?nKlE6dmH+D1COX~1nk%a&jU-HphOtAaCrd)(Yabq+ zh~$1}+0HHtLhjFdd!K2XplI-~xR!c7lpmzfFj`A8EEuV3@_Bzij z%AcH|jZ=3CSO;%NpJrJ3s#Ug;fq{XsvH0ecEfa3vFnW6*?i(vfapk9o_*y|*I3OjK z;;X6^DP!msWjS{)u}dD42B_;&DdD8gO*a>%$N5U0e*qgAI()OKwN3cN4|Avg_NG)j znw;^pcUSlLE6RMvPjWJ!rPD&7^!etmm*e>0!?(5{^+N^>a9z1Ff7$9bWs>rcKPn!$ zl44)^$x3!ITM-@q$vjzaF&Oh{nidxsSLskK>bA?8Aaae?_Ud|dzYxK|4ExDof)Y1P zzF)t~c-;@r>UK+EuW2ZtWMQseQf=Z>qAvYNw>mp*wCR}=AmvFOaTYHW+@iprGhh{F z#nqnF$x+TZ8&5?-f2ufwI9iu$$2PiW zkVcfZjl(rx4Z8ZysUeNOjzz;{}>Bu zq2HsWCs#^M+Wkc}65`@2>4%ZuGu|Tp6qqBF1?VdI)-_Fu zLSD;HpheoI$w9(+MWtaUOixRDb!nNAzrR05J%vgh7@DJy{b1Y(ZO?+#paer~@tYyA zDwmAhKqju}fQM~_j%%u^VbD04V>c7C(o^^vCU3=W>rWJduZlIxz{ zkFQ_tnv(+ls|85JhVk$rvo|r(N=hNpLhLS3;3QpR6BB5tJpmip`cZ&fTy!mcg{SRB zqT=@r(x~Q&UwrxQRG5BGDJd5XCAWSi)^tg<%NrJjCuL;(1df|nGH>Q-_bgx>`cF6Y zZt}7HeoC=t_D8LRAY6Sea|4~*OP}sh@xpKoHv8k_;}1SZ@dy>H*mV*fE@BSvV(%c0 z9nvMNd;J*5kDKI0(OlyHik1eiMsIbHE>Q5vOuCXOBMx4)X29g{57dn0zRS1C_S0*lRP^`GlZj zaB#@@)SGvAgN#dJFW=;kqHs1v#JgW!z!3q906EE-nR}P!hFD>k7&KU5g$f}XzuuOh zLV8|q?k@|(y%$=OAc`DEmEj9-*EBs3>$BJun%nb6^O5D@W5RpU_eA!6OMVwrYJ|cl#so=L>6=mQjLR(oAYuUqp;yK#bRmXmLTV1WZ z#2RK1uJ1`+UM-#k`rhSQtg*>($wViy{0~g*>c@T|dk z{M&PhD~mY0bzR^tm0eM4%eI;;f6$rd_MA!q#g7oZ&Sa+)) zg%+Wp%!ocv`XKS^1S*QyD|jd4E*(C_=lg5$;1`tzyK0L;D6>29Ng`yRBPO$-fY-m5 zEFmz@rdmj&RUYmG=$W%#Q9gZVZRQiR362g( z0x$ z`4~r<3n~`^o7N2(Xt06ieQb~IcNo`%TsU@>!mC%^qmtooO-&6xgxLOi`KIHk5*N4` zk^RG2eZ|}eT;6IgNK2>>mCYu*Yu(z)?3U1y?t4{ipo;bbO4PjL*MJ0-{M_6cXeP>4 zVd(vNR;L(FuauM@N}BokMOv?`R<6W&?2kI zr@ZP8&!(}l@rVI+m)LI_US@%$z0Mnhyvq`>mNp1A#(CAb4!h;V>k@(~I3#nRZ z8+WL1>~U_FF9+v-K#f;{re>jyjQ2B?1wk$EBn%}}FBJ&5%o3xSMFPA56wsI;@Sbw2 zq&`vd7{6>ARZOUP?0sE>$+G?pcfKauh=52wJJg9#+Obcy{$T%OUVPw`B2e^MSxl`6 zX^1_^S<#7{jN(p`#h0H+WeXxl_4jsU&JN36<+ZV!i8V?P_It-%$@wfX zT35V`nJH%SDmnLBeN7W<=3*}FU2)C8Dz?OfuJ@Rm*`&ON^v!75xY@v9OF}}zMj}>p z*_}a|vwZ7$rz8UUvmUj==6V16;c>w9JJ|HgXU_;S8mFfAl^J4}?$Bw0Pl}2>L55*N z7<&LwJ>A?moxuOw)`hcvfHY&fsDqZGbL01*-)%mvm+8<1ec{>H*|x~A$`-Ii@>llP zowcc&keCk!%aehcYUFCozHfQ;y`C=nOdJolBL;qKJ zN|uMfr{iK;U-qzHVSITq^-V$JLeQ5jkZtMR^OjN0s z69&H4jhh*)K~XRkr!#&Sn$DgLvN#7i9eH3ytzVJ_BugsHz-3M&k{dlHTHQIHs6Y2* z%WiMBiJhw7(ei=)PsR|Oj)^XhxLl;hhECzZy78SKlW}w@lx%#akc{^bmgT8<4SN_gT92OFnQ)@x;e>wu1 zRPqgpQe)8~|JHnSyRgvWb;6YYr5AYf2n*4dS;IFOTg#Rvj+E^g*}CIacx-5F zDCPOqKiN@{LR*wFabnHg2*T14#J2fZQxF>euiO0bmEe-Jo<(-C{;xPN;^f?Ea}G$Q ziRRq=XYr}Sx1z$%FFlb=4ZjdHq*(oUxdt<)g^UA1$aF@~?qNEb^RP8l!IFo($pgjK~xJyO5|X`k7$(3%FD^-J{*vQ$SZG}l(4CPs&mk} zr{rNDTX^{3lR6*gQ`fI=WM@LRu(NXDpWH!XV3Y>la z5NY`9=;>v!Z%|AT9g+q2DgcKNpe(H^>K&`p|A^}aa*l*Vcrvm6^NK2RyV1|~cU`bF z(q`Ql~fLAADDdL0=Bc!VS8zoJ{jsn%MQ|5&z+0i7jF-!W%$a95QX z+p88jsNH=RxvX!j{)=d-sh(q;XI26VTUdq`>|bnX>g;^x{hsD}tm~5)5E|bk*CENL zAf+Q=Is0DRYRB39^{zk;#M>WDdpd`AG%U={-u~>n3s&rrR@cPb!rK!xKY%vMcg(nf zCki!mwV2?|M+Nla*|S7tGf`FIB|X3H8e!(^)~V|rg|tE-ddTbyd(US_>*)&eEB!S-tMorSfcF%IvW_rJpn@0ApJ^4PV+d?6SKdot~P1U4uv0Mw_9N3 zu<44f{JIl+wfn~UAgW`~85sgBCU_lQ`Ms&X)h0uJ2kry_amA2!5}}=3mUUkmW0s$4 zrk2qIFx0zcSD@*&pbzVLjf*G7{u7xpD?7#h8l$j+vht3TiF8LCf1~`-JixXG{60Ba z@GIod_$KeXKTmFi@VU*FcR%TUzVtTxS%BVRfBzP?>9cj2BAt^ORSQR{>{@=L&Uv$R zs;G8t#|dzcn?j zm}t8t{m-|Lu9Z$RN;A}X@RudeyJ1%0-Q;0Q8Y#!$PZ`&Z*FKnvqZvXRNqv@VBdX z0<_-iiDvE&l8lO<-r2q$g#r}}I*;^EY*^v(wHO+iJV=w+brMDgHM_#}dygKipyx{aOQqd1| zPPA@$|Mr_djUdvQv`d$kcGhn>F@IKo?fk^??ck4hNXAfqQhU zi0hv}+Ol<&ecn-?Bpw@l0d$VX&z~D{*o*^5A9 z(y%aNZq$GC=#g+v9Q9Ifm?!NMq~)%Jb>7}|-RIsX?9Tmwg7nxE`x9lMRds_kc28+C zd6Asd^wJ?_)uN^b1k$r4Btol)kQ}M+T&Hqu(U?J84AsXcjz#yj-Ec%JFPi;dOu-2z z6j-d#Z;j`T)J1>KJzV)neZrcdfH^AwYUoREuB+PBKIa}92eP3^BI8^?7HCRJ2_k8r zefmAroL`Xye*Z4K<*wa}hrVz)QFc^n$=>@WJM( z{6M()T_@MP$u4XhTg8H-d7$G5uV1}5uRVx=++1*nCN+^!QhMeoH-C9 zd)mjW@<`vcM6s~Jv%IW~n}TLqt;tX1rhQ>tQNj4vNQ}7<^OCMK1z1{E)gR&0^H-o| zAQFEyWWL%j^>W7c+DnTnuck5sNvpd)8Vb2rUVpxaNBV{1!L2gx**7jXY)3 z59;#j7VpM)ZkHVs9yU3lFntl}eYDfSnGXv`it1t;8_yr~orB5RQCVFTb%V|_r)%=~mS;AQh}ZF=nq6ZYkPm~>_>$T52| z@!{XTe*L)mp6LAifB;J~GsTdvtsB|+`9&MVZV03{cWx2zIx{g5vE1t(|FL1$Lrn_=eo5)mN}oRupxigQ?+ap&r>h?` zKR)rRjOe^IKhfNL^}LvCoN-6UJknS?x1W!8oD-*Y15$+GL?lUzCYSu+Z&iy=U*y-N zw|hpuzF2WCUWDi7=FOY$<#0|*c@}r|-jV<3!bDy1NLljF>!PWb4{ zuXE5f)>(Z_%5|iLeLfdfJ!B9M;c+0|N4IpTTNYeR$8?!j}K zGsf**BQc_L#@@3EA4U8W4mhf)s6f*0GEL;OqBVZ79m~q)+f1D&&yz1?I!k65U#MEB zBm?IMYnmD^wJ=%B>#$VX8aYqRBXz4qhH=t=8x;>)salj39fOfeW!G5d&20OWEcfzy zBVs7q^h(4;1G8S0l|Fc2IzpN{t1>m?Y)^MP9pe>APsP<>Reg4d-5R@hY?02JvQn~B zu+2p;ynd``oVwG4{rjTpa6!ReMDH_Qc)Uz%^0IjY`LK8E#)#Csv(F{?mX&1QSy(S< zS25FkK7aJ3VxQTe`QowJazWL8Lx1_n8pNb6eyu$wJZn?K{_t@eR>uJy67sr~sl@E; zcVAw)mF;+<{HSCZ$~(KGE^gKwrfA>>L6UucfNpm6Mth(JKQm{5CCTAaE$t_waw28;`Rq_fzV*18!v0Sx zht4F_?$7te6K* z>P#wQX3X%s^7Hk(&R;>l%4E%t2?q;2AYHA{NAlLBNAP|kQSs13;phN+Oi!yCUJt*z z&v2n|u0gCEA9~p2{ES7R=273%qqe&LB_y0DZohFO`k2GSrZ?(JZ+;sN_wRZhYI}*o4XuW&Qi~O6F{wGb};>s$M zUP7k5=uaMgb8&Ki)j$6Sib8briZT4iyd8aB`hKZ+=p&mC0WK1yVO4&o6XN^lU;ppd zf@$5e*TPs4^G8AUrdJNniR(U{nF&{=J!MK*+SjN*FWUdZH~$b=Sv^D3nKP9YDp@&e zj8^{p>7F@w?)~)YTIfMt)=Mri6G=>uKWlU?9J^z&khp_{rb~W zs|JLs)~x! z^h+oy>eLaj<99`PgpdaRditkluz`$8oY%!aP2MgMDCs=!A|_j+5z<=@1_vuBoKCj9 zv&Q(s44o%l?EO2#!us~^EdaFFq#Q3Ty$wP_9{3a4fge>5&HjDhsNGUm*Pl-vR41;S zQEIH1v|{RMTdRW3$C`y6Lt~Zy-G4ZBHovHd!fe}^h@*DHhF>V5!9vJ5J3HC1c#2AR z*4~pUh7S_0M}B#|_jRi4s!zT2Foj||&}uMCU3$B-;>M6osFQs+|5lrH$~W-?^3-X1 zddS2C*?#pg&#?hEPEH(7!ugP+v;7RJxHP%pqkCLv7;&II;j-rRo3Vw_WqqiDU3?rZX723D+eC3I`CzQ@F_%^q-6!JcC^hxx>b=d?EpGU+F z_#?1Qam!u?c_rBdeyNyRZO}YRqKyk!vv=rJ^So(vONE8k)WWtKK5T64nbxh$R>^VE zzy%-Py?acj#U~~r7QI5+)lM2h__bf(Yc+6Q$lVc}7NVZiBsXEB=es*UU#vIost|J5 z(e%>E?I)H-MPM$tQ1GZ=4PZlh;EJxlcc}M>>OO5w^Bwq1XhSDg*P|T%#PKTmC(yT% zl+N+0*kkF`&znfLb$6a;H|d5ZXVy8nTBi8c$LEsakt%Cb^z!93_y>j!qFFek#?!fo zcL!YPa$a-QyWnA55|3U3Iu?2Tn2arC&Ya-J(Df+=f0e{#M{p<^7!5H?rEPY7ON08# z%WdhV60URJZlYaI|7e6o6Bg^4NCtH1{cdgYcG;bgQ4_5@32Z4u+S79`fh4+q9qS)( zPRaW85wd-&aS*|cSCA|vk9sgVjwv;~FF45r7K*C{C{sEr)eRqXfOJMq$n zygE)8{_Cg-lGD(IoE|%B6scFi0UR3PAp6oT@-7CoJePuxW~U}1_9_8iMb7c@V|hn4 zz4>D3UbLw=9PYWSj*YQW_IW+Tvjr0WN{dWtWw)lAgS*yRg%OLrw>_ga$)sS8AhO)+ zEb=kpa^Qh0=O#?aQN$|A_bJmZK?+hht%g%*HFS3)6*wCxjdfHEvQM%WXCrq$B zZoK=%nLs5iEiB>X+!ze1tw(!VlnSumP6iyH zYOf^o4+I)Qp!1d1yTDb!Gf-C%4pcNfL+`2^(j?*?sPdm@qm21Z>5WwZ)M7+N$|AG+OFZPvS( z8DLI;mRA@)000t>9fDg^p5n%=E6|O@hfjP%!t_zHe|_uijg0OB`ZPRGC5j~Q-cC8& zm<3ti!x3Ui-E_u9BsKiyGSkpDGPQBu!U&(3x_;)jbF;DorNTnHi!JS+?{tiFSb8V` z2mVJRut49U2wLV?!j0-#V;X<{yczJh=fb~5qTUU&jc3?2DK}-3y-)f^&aVCzKNep1 zpQPXfMbs#0&LMjW6qT4A>|eo^q-pc?yCRaqOe zleU{2mFmpRTgrLoH`o>iGVr1iC232|VHlE5^hb3dd!|+K)9mr>2X|^_xkm#$_Ekmzjp0f2#0m+8n<@qbx1FtfF~lu zBh7Zi*HUfE7iFZU+m27J`x+EN19IN2L~Fb4n72doovv|e1~|AMLkHwIOgGq5Bw@XR z#i9w~>B7(!{If1**D)qCf}?&-faT#l0e&&NNv{K#&RN#qf_?Sb^XHq$Z6i1dC>ePK ziib5`MJXw}wr;&6)mfet6m7ZOHOi(~8en44HQ!MoM6@ESIV7zp^N--t*w^d(02Tvc zZ$YfuS_)?YltN-J2z@6kQo((EsBu=$@~xrj5fq6n)d^fv|Pfl8KAK~TXu<)r44X=}V%n=RG{JQ ze7mhLKzXjupKioQOvCj~rdLPwP`7>qehv)3(q#ytpu%Z{t=|0$3Py;AvNeo)p4)ovCqJ>^m^ye@u&Z?)| z#EZjU(7y5ezrRL=NE^C0^zK?55HVavvroR#+HOCEul)1n|L^zUZ05WEoLuzpSwa6E zL;XMhfdB6oOHQiP5iJ$`04S)4_p-EMYIU5|C#$!!jHY}aorKIxe}Qg%Bk%`;qJVVM zsD>XrL)azBy_YfMKx43$XMOvB7tdF6(?4yri2Ux!c;*dFnZof!zNqK~-y(BPq;L;m z4Dio*W1(-6xzaW8NL>^R4tXL!YD-D25f1tA-~fB9DL)$ofgvhn6_rFzf!ID`#>H6k zt+t@e(etdW-+lfJWlDBKVf!$AkvQZ0K~^^eyORcV40CIb$Y{){?d1NA+hI?Pftyq z|4p~cqG0tNFS?4UdgBJNlT?6+lh?+C{upqUI5eT;G3=4(1$nlO{aULpN)$4^TPnln zV&r@i{AueNqeyX&;1_Y0SajS-JV30A_IE=VyueC|9qRk{GpPpG{5;VtFv=>k6`l&Pdvj0HZ9DVB;M|h{U*}*o(8!4sj}$p((_)?%K=++itu167>gv8MmhRJ+4qN8Rz|a-L;_f0&*Z=)}ewIV)s4ROBm8{^}W zy?V_tH6=W2CQ*pxmql}UCZ@oP2*+bAOm#7tIdh)uWK?P#u~mY6?^A3?Um{@)O$`mZ z;++$|+Lf=~%P2!j4+=X~TU+qSj~KD#(@y(a=O2c%x%!N_)&0=y;!&od_AB7GF|DCi zyiTU`{YRP0R;`*N3DRG!BfV5CU+JTa`MV49$Vgx~QCHzxzIgeKZiw`-uvwCEj~6ZM z%ct7MOeS@+qivi*<=wv1IUrQG{PLA};YgX~5aT{0VtrM@V^{2#N;3kvS5V@Fuuldr zaIBb0dinWbX5<|8*~ODgLtn%Jx=8c0?)r@I;Oxus3iqfY*!$}FRJnYrP;>z@hJ-?2 zl{!5+2sr>3VY!R@>>Q`x&BzEBsr;VU{8LnK;+?7r71Q3v>qV zxY$cOCN&80XUKl&qP7412h-53TVP+(n1t{CEixbd3#=r$tH@%TdJlWfkQg9vTha%Q zAFpVgPsSw{9!;vyjamH+g+R(yPKaZXK4p=1BRs({PK~Ex)TlGz32oSF-fU=?#z4Ze z0yI4);0fBG9tu>P=<7Nkdkb$$_}Ls_{>Rvd9&bvt-rv-*NC`sbzyADbSKUiUP{YeU z@{fS?zu%_s__L}@8C)Q(SIB-Uv2V2=wIxKF2vByF7mQhBl+c(XP51Qrl8ZQ4XX?~` zhKQd_B0p{YG9yyFeyew)?q+I{A!6Lya4fodQ{_^}SHLQxTuV%}YVXRx(+ejw{Stx- z3aad|VS*B0W6mJ)?%jzoNc{e4%LEpMDlavkJ;vNxR>6r~kz2>9Z27|-tgO@^0}OXw zy^0j4sOqKQ9Biud5l>^KSnqS5(cw+LpCN(NL_{^H0<=9iU-{AP|@tJ z7#uHJEFtWyC2>-`wdq80_hrS>JLc45iDgSeLjWE2}@R>1O?P5m?6#$Mhp)!faZlzD>% z4H5tm!0%dGT1;;|DH@X|z0=Vto<;St?wD>IF!k-ipAQU$hHJKorE#+1(yjjovqQ@3 literal 0 HcmV?d00001 diff --git a/docs/network_new/README.md b/docs/network_new/README.md index f03b1d394..5b20d804f 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -24,55 +24,61 @@ As the nodes do not have any way to be accessed, be it over the underlaying netw ## Techie talk -- **boot and initial setup** +- **boot and initial setup** For ZOS to work at all (the network is the computer), it needs an internet connection. That is: it needs to be able the BCDB over the internet. So ZOS starts with that: with the `internet` process, that tries go get the node to receive an IP address. That process will have set-up a bridge (`zos`), connected to an interface that is on an Internet-capable network. That bridge will have an IP address that has Internet access. Also, that bridge is there for future public interfaces into workloads. Once ZOS can reach the Internet, the rest of the system can be started, where ultimately, the `networkd` daemon is started. -- **networkd initial setup** + +- **networkd initial setup** `networkd` starts with recensing the available Network interfaces, and registers them to the BCDB (grid database), so that farmers can specify non-standard configs like for multi-nic machines. Once that is done, `networkd` registers itself to the zbus, so it can receive tasks to execute from the provsioning daemon (`provisiond`). These tasks are mostly setting up network resources for users, where a network resource is a subnet in the user's wireguard mesh. -- multi-nic setups +- **multi-nic setups** When someone is a farmer, exploiting nodes somewhere in a datacentre, where the nodes have multiple NICs, it is advisable (though not necessary) to differentiate OOB traffic (like initial boot setup) from user traffic (as well the overlay network as the outgoing NAT for nodes for IPv4) to be on a different NIC. With these parameters, a user will have to make sure their switches are properly configured, more in docs later. -- registering and configurations + +- **registering and configurations** Once a node has booted and properly initialized, registering and configuring the node to be able to accept workloads and their associated network configs, is a two-step process. First, the node registers it's live network setup to the BCDB. That is : all NICs with their associated IP addresses and routes are registered so a farm admin can in a second phase configure eventual separate NICs to handle different kinds of workloads. In that secondary phase, a farm admin can then set-up the NICs and their associated IP's manually, so that workloads can start using them. -- farmer considerations +- **farmer considerations** + ## wireguard explanations -- wireguard as pointopoint links and what that means +- **wireguard as pointopoint links and what that means** Wireguard is a special type of VPN, where every instance is as well server for multiple peers as client towards multiple peers. That way you can create fanning-out connections als receive connections from multiple peers, creating effectively a mesh of connections Like this : ![like so](https://github.com/threefoldtech/zos/blob/master/specs/network/HIDDEN-PUBLIC.png) -- wireguard port management +- **wireguard port management** Every wireguard point (a network resource point) needs a destination/port combo when it's publicly reachable. The destination is a public ip, but the port is the differentiator. So we need to make sure every nwetwork wireguard listening port is unique in the node wehere it runs, and can be reapplied in case of a node's reboot. ZOS registers the ports **already in use** to the BCDB, so a user can the pick a port that is not yet used. -- wireguard and hidden nodes -Hidden nodes are nodes that are in essence hidden behind a firewall, and unreachable from the Internet to an internal net, be it as an IPv4 NATed host or an IPv6 host that is firewalled in any way, where it's impossible to have connection initiations form the Internet to the node. -As such, these nodes can only partake in a network as client-only towards publicly reachable peers, and can only initiate the connections themselves. (ref previous drawing). +- **wireguard and hidden nodes** +Hidden nodes are nodes that are in essence hidden behind a firewall, and unreachable from the Internet to an internal net, be it as an IPv4 NATed host or an IPv6 host that is firewalled in any way, where it's impossible to have connection initiations form the Internet to the node. +As such, these nodes can only partake in a network as client-only towards publicly reachable peers, and can only initiate the connections themselves. (ref previous drawing). To make sure connectivity stays up, the clients (all) have a keepalive towards all their peers so that communications towards network resources in hidden nodes can be established. ## caveats -- hidden nodes +- **hidden nodes** Hidden nodes live (mostly) behind firewalls that keep state about connections and these states have a lifetime. We try at best to keep these communications going, but depending of the firewall your mileage may vary (YMMV ;-)) -- local underlay network reachability + +- **local underlay network reachability** When multiple nodes live in a same hidden network, at the moment we don't try to have the nodes establish connectivity between themselves, so all nodes in that hidden network can only reach each other through the intermediary of a node that is publicly reachable. So to get some performance, a farmer will have to have real routable nodes available in the vicinity. So for now, a farmer is better off to have his nodes really reachable over a public network. -- IPv6 and IPv4 considerations + +- **IPv6 and IPv4 considerations** While the mesh can work over IPv4 __and__ IPv6 at the same time, the peers can only be reached through one protocol at the same time. That is a peer is IPv4 __or__ IPv6, not both. Hence if a peer is reachable over IPv4, the client towards that peer needs to reach it over IPv4 too and thus needs an IPv4 address. We advise strongly to have all nodes properly set-up on a routable unfirewalled IPv6 network, so that these problems have no reason to exist. ## future -- CNI +- **CNI** ZOS and it's Wireguard mesh per user is a quite novel way to do things, but there are many overlay networks that are built to solve other network requirements in very different ways, and these solutions could be intagrated in a later phase, through the use of `CNI`, a common way to request a network for a user, or for a specific workload. -- automated provisioning + +- **automated provisioning** As it is now, user networks must be completely provisioned by the user. That is: a user has to manage the subnets allocated to the network resources in the network themselves, give it an IP and also give an IP address to the containers hosting the workloads. -- fully routable IPv6 to your mesh +- **fully routable IPv6 to your mesh** In a next phase, your private network can host a dual stacked network, incorporating a fully routable IPv6 network per network resource, where a user can choose the farmer that will provide transit. diff --git a/docs/network_new/setup/nftables.conf b/docs/network_new/setup/nftables.conf new file mode 100644 index 000000000..31e3b7d8f --- /dev/null +++ b/docs/network_new/setup/nftables.conf @@ -0,0 +1,56 @@ +table inet filter { + chain input { + type filter hook input priority 0; policy accept; + } + + chain forward { + type filter hook forward priority 0; policy accept; + } + + chain output { + type filter hook output priority 0; policy accept; + } +} +table ip nat { + chain prerouting { + type nat hook prerouting priority -100; policy accept; + } + + chain input { + type nat hook input priority 100; policy accept; + } + + chain output { + type nat hook output priority -100; policy accept; + } + + chain postrouting { + type nat hook postrouting priority 100; policy accept; + } +} +table ip raw { + chain prerouting { + type filter hook prerouting priority -300; policy accept; + iif "oz1" ct zone set 1 + iif "oz2" ct zone set 2 + iif "oz3" ct zone set 3 + iif "oz4" ct zone set 4 + iif "oz5" ct zone set 5 + iif "ivrf" ct zone set 65535 + } + + chain output { + type filter hook output priority -300; policy accept; + oif "oz1" ct zone set 1 + oif "oz2" ct zone set 2 + oif "oz3" ct zone set 3 + oif "oz4" ct zone set 4 + oif "oz5" ct zone set 5 + oif "ivrf" ct zone set 65535 + } +} +table ip mangle { + chain output { + type route hook output priority -150; policy accept; + } +} diff --git a/docs/network_new/setup/setupwgtest.sh b/docs/network_new/setup/setupwgtest.sh new file mode 100644 index 000000000..f63ff78b4 --- /dev/null +++ b/docs/network_new/setup/setupwgtest.sh @@ -0,0 +1,150 @@ +#!/usr/bin/bash + +# setup NUM network namespaces that are connecte via a circular mesh: +# i.e. every namespace has an encrypted tunnel to the other, with the +# associated route + +NUM=5 +# setup 2 network namespaces, generate keys for 2 wg's + +function genkeys() { + for i in $(seq 1 $NUM); do + wg genkey | tee wg${i}.priv | wg pubkey >wg${i}.pub + done +} + +function genconf() { + for i in $(seq 1 $NUM); do + echo -n "${i}.." + PRIV=$(cat wg${i}.priv) + h=$(printf '%x' $i) + port=$((16000 + $i)) + cat <wg${i}.conf +# WG${i} +[Interface] +ListenPort = ${port} +PrivateKey = $PRIV +EOF + for wg in $(seq 1 $NUM); do + if [ "$wg" -ne "$i" ]; then + port=$((16000 + $wg)) + PUB=$(cat wg${wg}.pub) + h=$(printf '%x' $wg) + cat <>wg${i}.conf + +# Config for --- WG${wg} --- +[Peer] +PublicKey = $PUB +Endpoint = 127.0.0.1:${port} +AllowedIPs = fe80::${h},192.168.255.${wg},2001:1:1:${h}::/64 +PersistentKeepalive = 20 +EEOF + if [ "$wg" -eq "1" ]; then + cat <>wg${i}.conf +AllowedIPs = fe80::${h},192.168.255.${wg},2001:1:1:${h}::/64,::/0,0.0.0.0/0 +EEEOF + else + cat <>wg${i}.conf +AllowedIPs = fe80::${h},192.168.255.${wg},2001:1:1:${h}::/64 +EEEOF + fi + cat <>wg${i}.conf +PersistentKeepalive = 20 +EEEOF + fi + done + done + echo +} + +function ns() { + for i in $(seq 1 $NUM); do + echo -n "${i}.." + h=$(printf '%x' $i) + ip netns add wg${i} + + ip link add wg${i} type wireguard + ip link set wg${i} netns wg${i} + + ip -n wg${i} link set lo up + ip -n wg${i} link set wg${i} up + + ip netns exec wg${i} wg setconf wg${i} wg${i}.conf + # enable forwarding in the NS (not on by default) + ip netns exec wg${i} sysctl -w net.ipv6.conf.all.forwarding=1 + + + ip -n wg${i} addr add fe80::${h}/64 dev wg${i} + ip -n wg${i} addr add 192.168.255.${i}/24 dev wg${i} + + # create an ethernet pair and send it int another NS so we can test all allowed + ip netns add cont${i} + ip -n cont${i} link set lo up + ip link add br-${i} type bridge + ip link set br-${i} up + ip link add wg2br${i} type veth peer name br2wg${i} + ip link add cont2br${i} type veth peer name br2cont${i} + ip link set br2wg${i} master br-${i} + ip link set br2cont${i} master br-${i} + ip link set br2wg${i} up + ip link set br2cont${i} up + ip link set wg2br${i} netns wg${i} + ip link set cont2br${i} netns cont${i} + ip -n wg${i} link set wg2br${i} up + ip -n cont${i} link set cont2br${i} up + ip -n wg${i} addr add 2001:1:1:${h}::1/64 dev wg2br${i} + ip -n cont${i} addr add 2001:1:1:${h}::200/64 dev cont2br${i} + ip -n cont${i} route add default via 2001:1:1:${h}::1 + + + done + echo +} + +function addroutes() { + for i in $(seq 1 $NUM); do + echo -n "${i}.." + for wg in $(seq 1 $NUM); do + if [ "$wg" -ne "$i" ]; then + h=$(printf '%x' $wg) + # echo ip -n wg${i} route add 2001:1:1:${h}::/64 via fe80::${h} dev wg${i} + ip -n wg${i} route add 2001:1:1:${h}::/64 via fe80::${h} dev wg${i} + fi + done + # default route is via wg1 for all except wg1 itself + [ "$i" -ne "1" ] && ip -n wg${i} route add default via fe80::1 dev wg${i} + done +} + +function exitNR() { + # the first is the exit NR + ip link add exit1 type veth peer name exit1tobr + ip link set exit1 netns wg1 + ip -n wg1 link set exit1 up + ip link set exit1tobr up + ip netns exec wg1 setconf wg1 wg1.conf +} +function deleteall() { + for i in $(seq 1 $NUM); do + ip -n wg${i} link del wg2br${i} + ip -n cont${i} link del cont2br${i} + ip link del br-${i} + ip netns del wg${i} + ip netns del cont${i} + done + rm -f wg* + +} + +function main() { + genkeys + echo + genconf + echo + ns + echo + addroutes + echo +} + +# main diff --git a/docs/network_new/setup/vrftests.sh b/docs/network_new/setup/vrftests.sh new file mode 100644 index 000000000..80f72ac3f --- /dev/null +++ b/docs/network_new/setup/vrftests.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash + +# setup connection namespaces with a dummy and add an ip +NUM=5 + +function prepare(){ + for i in $(seq 1 $NUM) ; do + # ExitPoint and their IPv4 + ip netns add z${i} + ip -n z${i} link set lo up + ip -n z${i} link add zone${i} type dummy + ip -n z${i} link set zone${i} up + ip -n z${i} addr add 10.10.0.1/24 dev zone${i} + done + + # a public IPv4 in a Nat container + # + ip netns add vrf + + ip link add ivrf type veth peer name ovrf + ip link set ivrf netns vrf + ip -n vrf link set ivrf up + ip -n vrf link set lo up + ip -n vrf addr add 172.18.0.254/24 dev ivrf + ip -n vrf link add cvrf type dummy + + for i in $(seq 1 $NUM) ; do + ip link add oz${i} type veth peer name iz${i} + ip link set iz${i} netns z${i} + ip -n z${i} link set iz${i} up + ip -n z${i} addr add 172.16.0.1/24 dev iz${i} + ip -n z${i} route add default via 172.16.0.254 + ip link set oz${i} netns vrf + ip -n vrf link set oz${i} up + done + + ip link set ovrf up +} + +function delete(){ + for i in $(seq 1 $NUM) ; do + ip netns del z${i} + ip link del oz${i} + done + ip netns del vrf + ip link del ovrf + +} + diff --git a/docs/network_new/setup/wg1.conf b/docs/network_new/setup/wg1.conf new file mode 100644 index 000000000..c553dea9d --- /dev/null +++ b/docs/network_new/setup/wg1.conf @@ -0,0 +1,32 @@ +# WG1 +[Interface] +ListenPort = 16001 +PrivateKey = ECyTpsjBKXKHF9OmmuBA8v/ic1xKgFOUZA65a4rb83c= + +# Config for --- WG2 --- +[Peer] +PublicKey = sYUXTbxtrXPEy5/xB+yWjL+lvIvpiIYTY7gzObNtvRE= +Endpoint = 127.0.0.1:16002 +AllowedIPs = fe80::2,192.168.255.2,2001:1:1:2::/64 +PersistentKeepalive = 20 + +# Config for --- WG3 --- +[Peer] +PublicKey = tPt7YzziTIV5Q9EYH4Yu9mGtSHJPUbRQZXIEI1LCV3s= +Endpoint = 127.0.0.1:16003 +AllowedIPs = fe80::3,192.168.255.3,2001:1:1:3::/64 +PersistentKeepalive = 20 + +# Config for --- WG4 --- +[Peer] +PublicKey = hGaw31Qjj/eJ7LVvhtpXVCXEA9LDamw0S0XT+yoIHgM= +Endpoint = 127.0.0.1:16004 +AllowedIPs = fe80::4,192.168.255.4,2001:1:1:4::/64 +PersistentKeepalive = 20 + +# Config for --- WG5 --- +[Peer] +PublicKey = EaoN8h1qAbQP4YoV1TpSHp5nQpWx3t8FVT4v/ECu0AA= +Endpoint = 127.0.0.1:16005 +AllowedIPs = fe80::5,192.168.255.5,2001:1:1:5::/64 +PersistentKeepalive = 20 diff --git a/docs/network_new/setup/wg1.priv b/docs/network_new/setup/wg1.priv new file mode 100644 index 000000000..deff1e4b8 --- /dev/null +++ b/docs/network_new/setup/wg1.priv @@ -0,0 +1 @@ +ECyTpsjBKXKHF9OmmuBA8v/ic1xKgFOUZA65a4rb83c= diff --git a/docs/network_new/setup/wg1.pub b/docs/network_new/setup/wg1.pub new file mode 100644 index 000000000..0b1b56a2c --- /dev/null +++ b/docs/network_new/setup/wg1.pub @@ -0,0 +1 @@ +Fugz7M+CdxIfe+FgMpvrqMvztiDVsZ59mOi2wYU4QkQ= diff --git a/docs/network_new/setup/wg2.conf b/docs/network_new/setup/wg2.conf new file mode 100644 index 000000000..8a5ac9f8d --- /dev/null +++ b/docs/network_new/setup/wg2.conf @@ -0,0 +1,32 @@ +# WG2 +[Interface] +ListenPort = 16002 +PrivateKey = 4N8UnDx0f/h4+VpxDJ6/uwcS/wZl9MafBMlApy7//H4= + +# Config for --- WG1 --- +[Peer] +PublicKey = XQD2K4pcSjkwxvjSZjYqksTQaD8ANBZoufJ6AKShImw= +Endpoint = 127.0.0.1:16001 +AllowedIPs = fe80::1,192.168.255.1,2001:1:1:1::/64,::/0,0.0.0.0/0 +PersistentKeepalive = 20 + +# Config for --- WG3 --- +[Peer] +PublicKey = hB3qTy67wAPe9NTrM8JpZ/9yFX2hws3bRlqEeQiTs3c= +Endpoint = 127.0.0.1:16003 +AllowedIPs = fe80::3,192.168.255.3,2001:1:1:3::/64 +PersistentKeepalive = 20 + +# Config for --- WG4 --- +[Peer] +PublicKey = Wkj5433521OMxELS0Pj/jxYIiNTto36FvjQZuEqcIlU= +Endpoint = 127.0.0.1:16004 +AllowedIPs = fe80::4,192.168.255.4,2001:1:1:4::/64 +PersistentKeepalive = 20 + +# Config for --- WG5 --- +[Peer] +PublicKey = KwjGRCcuxm1x/iHRlT1C6HBQqdhkespBXhCKj6XPjAA= +Endpoint = 127.0.0.1:16005 +AllowedIPs = fe80::5,192.168.255.5,2001:1:1:5::/64 +PersistentKeepalive = 20 diff --git a/docs/network_new/setup/wg2.priv b/docs/network_new/setup/wg2.priv new file mode 100644 index 000000000..172e43527 --- /dev/null +++ b/docs/network_new/setup/wg2.priv @@ -0,0 +1 @@ +4N8UnDx0f/h4+VpxDJ6/uwcS/wZl9MafBMlApy7//H4= diff --git a/docs/network_new/setup/wg2.pub b/docs/network_new/setup/wg2.pub new file mode 100644 index 000000000..9fd84141c --- /dev/null +++ b/docs/network_new/setup/wg2.pub @@ -0,0 +1 @@ +ZV3Ej3srYb0pcmxIYOp+LupX/Q/hTWGvtWADXgOfXFU= diff --git a/docs/network_new/setup/wg3.conf b/docs/network_new/setup/wg3.conf new file mode 100644 index 000000000..28273bb8c --- /dev/null +++ b/docs/network_new/setup/wg3.conf @@ -0,0 +1,32 @@ +# WG3 +[Interface] +ListenPort = 16003 +PrivateKey = 6NDgyX1auPlCdbpSdMIGiUh36om3j2X1L+a7XBDbDGo= + +# Config for --- WG1 --- +[Peer] +PublicKey = XQD2K4pcSjkwxvjSZjYqksTQaD8ANBZoufJ6AKShImw= +Endpoint = 127.0.0.1:16001 +AllowedIPs = fe80::1,192.168.255.1,2001:1:1:1::/64,::/0,0.0.0.0/0 +PersistentKeepalive = 20 + +# Config for --- WG2 --- +[Peer] +PublicKey = ZV3Ej3srYb0pcmxIYOp+LupX/Q/hTWGvtWADXgOfXFU= +Endpoint = 127.0.0.1:16002 +AllowedIPs = fe80::2,192.168.255.2,2001:1:1:2::/64 +PersistentKeepalive = 20 + +# Config for --- WG4 --- +[Peer] +PublicKey = Wkj5433521OMxELS0Pj/jxYIiNTto36FvjQZuEqcIlU= +Endpoint = 127.0.0.1:16004 +AllowedIPs = fe80::4,192.168.255.4,2001:1:1:4::/64 +PersistentKeepalive = 20 + +# Config for --- WG5 --- +[Peer] +PublicKey = KwjGRCcuxm1x/iHRlT1C6HBQqdhkespBXhCKj6XPjAA= +Endpoint = 127.0.0.1:16005 +AllowedIPs = fe80::5,192.168.255.5,2001:1:1:5::/64 +PersistentKeepalive = 20 diff --git a/docs/network_new/setup/wg3.priv b/docs/network_new/setup/wg3.priv new file mode 100644 index 000000000..f7b915e30 --- /dev/null +++ b/docs/network_new/setup/wg3.priv @@ -0,0 +1 @@ +6NDgyX1auPlCdbpSdMIGiUh36om3j2X1L+a7XBDbDGo= diff --git a/docs/network_new/setup/wg3.pub b/docs/network_new/setup/wg3.pub new file mode 100644 index 000000000..efd31ea88 --- /dev/null +++ b/docs/network_new/setup/wg3.pub @@ -0,0 +1 @@ +hB3qTy67wAPe9NTrM8JpZ/9yFX2hws3bRlqEeQiTs3c= diff --git a/docs/network_new/setup/wg4.conf b/docs/network_new/setup/wg4.conf new file mode 100644 index 000000000..8a4424d35 --- /dev/null +++ b/docs/network_new/setup/wg4.conf @@ -0,0 +1,32 @@ +# WG4 +[Interface] +ListenPort = 16004 +PrivateKey = oJ0CkMSuOO1TDMUk36LEEx0W8fmj0CLX1YA5ljQeWHk= + +# Config for --- WG1 --- +[Peer] +PublicKey = XQD2K4pcSjkwxvjSZjYqksTQaD8ANBZoufJ6AKShImw= +Endpoint = 127.0.0.1:16001 +AllowedIPs = fe80::1,192.168.255.1,2001:1:1:1::/64,::/0,0.0.0.0/0 +PersistentKeepalive = 20 + +# Config for --- WG2 --- +[Peer] +PublicKey = ZV3Ej3srYb0pcmxIYOp+LupX/Q/hTWGvtWADXgOfXFU= +Endpoint = 127.0.0.1:16002 +AllowedIPs = fe80::2,192.168.255.2,2001:1:1:2::/64 +PersistentKeepalive = 20 + +# Config for --- WG3 --- +[Peer] +PublicKey = hB3qTy67wAPe9NTrM8JpZ/9yFX2hws3bRlqEeQiTs3c= +Endpoint = 127.0.0.1:16003 +AllowedIPs = fe80::3,192.168.255.3,2001:1:1:3::/64 +PersistentKeepalive = 20 + +# Config for --- WG5 --- +[Peer] +PublicKey = KwjGRCcuxm1x/iHRlT1C6HBQqdhkespBXhCKj6XPjAA= +Endpoint = 127.0.0.1:16005 +AllowedIPs = fe80::5,192.168.255.5,2001:1:1:5::/64 +PersistentKeepalive = 20 diff --git a/docs/network_new/setup/wg4.priv b/docs/network_new/setup/wg4.priv new file mode 100644 index 000000000..ece3698f1 --- /dev/null +++ b/docs/network_new/setup/wg4.priv @@ -0,0 +1 @@ +oJ0CkMSuOO1TDMUk36LEEx0W8fmj0CLX1YA5ljQeWHk= diff --git a/docs/network_new/setup/wg4.pub b/docs/network_new/setup/wg4.pub new file mode 100644 index 000000000..7d8f69653 --- /dev/null +++ b/docs/network_new/setup/wg4.pub @@ -0,0 +1 @@ +Wkj5433521OMxELS0Pj/jxYIiNTto36FvjQZuEqcIlU= diff --git a/docs/network_new/setup/wg5.conf b/docs/network_new/setup/wg5.conf new file mode 100644 index 000000000..fcfa8b341 --- /dev/null +++ b/docs/network_new/setup/wg5.conf @@ -0,0 +1,32 @@ +# WG5 +[Interface] +ListenPort = 16005 +PrivateKey = UL6+x20KAsty+iDNLXLS4E4XqB4lay9is44QTcln8Es= + +# Config for --- WG1 --- +[Peer] +PublicKey = XQD2K4pcSjkwxvjSZjYqksTQaD8ANBZoufJ6AKShImw= +Endpoint = 127.0.0.1:16001 +AllowedIPs = fe80::1,192.168.255.1,2001:1:1:1::/64,::/0,0.0.0.0/0 +PersistentKeepalive = 20 + +# Config for --- WG2 --- +[Peer] +PublicKey = ZV3Ej3srYb0pcmxIYOp+LupX/Q/hTWGvtWADXgOfXFU= +Endpoint = 127.0.0.1:16002 +AllowedIPs = fe80::2,192.168.255.2,2001:1:1:2::/64 +PersistentKeepalive = 20 + +# Config for --- WG3 --- +[Peer] +PublicKey = hB3qTy67wAPe9NTrM8JpZ/9yFX2hws3bRlqEeQiTs3c= +Endpoint = 127.0.0.1:16003 +AllowedIPs = fe80::3,192.168.255.3,2001:1:1:3::/64 +PersistentKeepalive = 20 + +# Config for --- WG4 --- +[Peer] +PublicKey = Wkj5433521OMxELS0Pj/jxYIiNTto36FvjQZuEqcIlU= +Endpoint = 127.0.0.1:16004 +AllowedIPs = fe80::4,192.168.255.4,2001:1:1:4::/64 +PersistentKeepalive = 20 diff --git a/docs/network_new/setup/wg5.priv b/docs/network_new/setup/wg5.priv new file mode 100644 index 000000000..b3ec381bb --- /dev/null +++ b/docs/network_new/setup/wg5.priv @@ -0,0 +1 @@ +UL6+x20KAsty+iDNLXLS4E4XqB4lay9is44QTcln8Es= diff --git a/docs/network_new/setup/wg5.pub b/docs/network_new/setup/wg5.pub new file mode 100644 index 000000000..149dbf475 --- /dev/null +++ b/docs/network_new/setup/wg5.pub @@ -0,0 +1 @@ +KwjGRCcuxm1x/iHRlT1C6HBQqdhkespBXhCKj6XPjAA= From b09752746eebe32eb12966fce457d428fc40bbaf Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Fri, 18 Oct 2019 12:36:32 +0200 Subject: [PATCH 05/18] docsdocs... --- docs/network_new/MESH.md | 75 ++++++++++++++++++++++++ docs/network_new/NR_layout.dia | Bin 2692 -> 2885 bytes docs/network_new/NR_layout.png | Bin 36202 -> 39589 bytes docs/network_new/network_module.md | 89 +++++++++++++++++++++++++++++ 4 files changed, 164 insertions(+) create mode 100644 docs/network_new/network_module.md diff --git a/docs/network_new/MESH.md b/docs/network_new/MESH.md index 217da9325..34f010b7e 100644 --- a/docs/network_new/MESH.md +++ b/docs/network_new/MESH.md @@ -45,3 +45,78 @@ Workloads that are then provisioned are started in a newly created Container, an The Network resource itself then handles the routing and firewalling for the containers that are connected to it. Also, the Network Resource takes care of internet connectivity, so that the container can reach out to other services on the Internet. +![like this](NR_layout.png) + +Also in a later phase, a User will be able to add IPv6 prefixes to his Network Resources, so that containers are reachable over IPv6. + +Fully-routed IPv6 will then be available, where an Exit NR will be the entrypoint towards that network. + +## Network Resource Internals + +Each NR is basically a router for the User Network, but to allow NRs to access the Internet through the Node's local connection, there are some other internal routers to be added. + +Internally it looks like this : + +```text ++------------------------------------------------------------------------------+ +| |wg mesh | +| +-------------+ +-----+-------+ | +| | | | NR cust1 | 100.64.0.1/16 | +| | container +----------+ 10.3.1.0/24 +----------------------+ | +| | cust1 | veth| | public | | +| +-------------+ +-------------+ | | +| | | +| +-------------+ +-------------+ | | +| | | | NR cust200 | 100.64.0.200/24 | | +| | container +----------+ 10.3.1.0/24 +----------------------+ | +| | cust200 | veth| | public | | +| +-------------+ +------+------+ | | +| |wg mesh | | +| 10.101.123.34/16 | | +| +------------+ |tonrs | +| | | +------------------+ | +| | zos +------+ | 100.64.0.1/16 | | +| | | | 10.101.12.231/16| ndmz | | +| +---+--------+ NIC +-----------------------------+ | | +| | | public +------------------+ | +| +--------+------+ | +| | | +| | | ++------------------------------------------------------------------------------+ + | + | + | + | 10.101.0.0/16 10.101.0.1 + +------------------+------------------------------------------------------------ + + NAT + -------- + rules NR custA + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + rules NR custB + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + rules ndmz + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + + Routing + + if NR only needs to get out: + ip route add default via 100.64.0.1 dev public + + if an NR wants to use another NR as exitpoint + ip route add default via destnr + with for AllowedIPs 0.0.0.0/0 on that wg peer + +``` + +During startup of the Node, the ndmz is put in place, following the configuration if it has a single internet connection , or that with a dual-nic setup, a separate nic is used for internet access. + diff --git a/docs/network_new/NR_layout.dia b/docs/network_new/NR_layout.dia index d17b7b17991f73681cc9dbc401dc6fef56655135..b8e304ff5e7867cffb548a800028a6590fad82b2 100644 GIT binary patch literal 2885 zcmV-L3%c|liwFP!000021MOYkbKAHPe$QXQQC`{^9fY4GaXRNFNvG{Y@7lRsdygJU zVq`WH>7gh)?!*1<1xPwJB~qpcLJ@PTOq{U-Vu1zr+mFC5@WYRvH?eaUX4@!Dt|kQG zi4!KvbQLA*tI5BA{p)xB~W~$I^^5&J}Jg;CC=(narwcX0>{b)O{PQ!$lSbpW3U&>LX>Js&B(=zuL`hx{Xwk z{NeVXNJ~BX=d&_ZsjVuMtlzwT%U_pGs=j!ttEr)_Lh?*qV4ro3-Js^zY;Xm#9hYb9E0xsO))&GlzX>MCo0uvGh9w2c;V z*wp$c$p@?cVVLUoN2fsVr^gLvLs?s^dsz9Q2*v5{VZDo1;r4}TRxi_1(@j-u_LA23 z%XL*u`PH7YE=0t^Lzq?7zk71iPBp+4;yA%FkM16Sd#00g@!xQnSDpQk2gxePR?c_M zyY%zqiGwHx60NQ#|HO4=?RQUArf~2;Tes<#DJ7?b?f3o=JKE}AEcUC;RO5qW9fxK0 zK9XWesQNi)5@9iALjCL~FpR^^^)k(pLw+zwhl=_O3_0x7BYrS!Q1?w3t#9)7$|>zv z`6A6$VfIqfF(SD95H2wxF6k+5dz0Q@HxSSc-l-W1W>53J%@BSL^ZPXWr0rn0ZLkAk zY6k>QiEq&mB$C|q{3&tg#6v%-;e?Jg6j04kMNm(xRP-mj zuKRTFcOddNQGqboEqrcJ&7{pxxDLk73u^Z{V^iu0QM#Z1umSs*9QP;bF5#<7f6yD*G44&RcUVi?*+zS}#$# zdWlLAXDl>N>$^m?3G-m`!b* z4kGINyY|-b>N{j7>uQ@n#NobxFxhRYfjL04#@(8e^cP3B*EeYv{Vz@OAU0m0JSIi~ zULGy&3EA!zdXF)j^j6Zac+#i6STgCH|pO<)E^7E17xq-p}&jHT?&;NjU z{w%KZ*YI=RfaB5>#~Gbco15Nc0GnWp&zV3(W4f|=kMVvobFGFKkbJL9+Xxm(AGLCO z`5{C#RQ>E+p-$P|?CbT{WJIupALiYDBJ2`+pf`T|&C!4T&BwHZ#SRj5=Ect0>aaS~{ z9nINUz=+@>&`8=vBSk4|Xe7skMikKKY-l6_jmC{e=E45NE;rJ#=oL32e1zPH0UDhJ zjrQgtpwSr7hz@~9zFjn;ULB46F`*F$G&&m^`G7_jj7Cq}03Y%+3)W#19vP=gFt;u3)z-8|P+y<*v-J#o>4Cmw^Ks>B3 z%6LVhv+KIw7W*LQV;`^u*PlzhSAf52Vp4pF*f^`}OuGI#mFoR&-0^VOB6DIEiIaB@ z;$(PS%O8(88DI}ECtyw^VosDIpZj7;8FGCofj$9!Iy-&(?d{LbKceJQ6N56({`C>& zvIsT8T-ZFRZcox&{p(VlFpiOOy|&K*Xzgc1(IFc45^1{B(+0jUjlm@J%E<3?YS!a1 z9O|{g>Ny<8?9n`XQy>?!DJ6({jM@wnF9j9$AjO>e$fNp*9TUObPvvOoWmE8X*{-Uc zV2oeE7>^j#%hu?AJ!ABSa*kB0NhswRoFjFS@VPrzzK5C$KG`=ONNX_1s$FF>!5Y7U zHF_g;jpm6{9+EC6Wonbl?D|IRF{Y~2O8)d)l;1c-%+;TpY}7a@Mk47mY&p0=2@$>)!jbgEoKWSyND<@UW6vM& zLcOW-I%PW|%$Q%u!9Mr6fUpM$dw|7zSiJu><1O{kyo@tgw}*B6v#;B~b>2nmJiQMy z=U?v|*cLTU`qO8q+KeJCjs{}53L~Y&^`?v?A;ug@+FNDa!bpkx{NvjUj$laC0hI&a z0=@;uOLCaSQW>-W%+WHJ4sx)C}>E)zz0MqJ?5_5)*T zvk`KcMwnSi&2M_*Q_5{(64#MeB_?T6Bf%qpAM5Z_pLhU2XN4b=?Gh{3Wpuzg^Q=wQ z`QEU8FWXELuE!I0T$dJytdHuzFNy*AtmksEy=yoD`Nl`Q%oCq1zYLP6mqGP!2}WXE zC+rXcU}SxV1>OS34@P1DX2iH%X2e*X88JSt!v_g4qjNAL2JeKI3`XyxY`Keag+>3V zmi?W-MCq#OlpX30ajzk@d~XWFQVG%b5o1@9-q%Q7%B_af-o_|Kvi$grG2ay);TCsB z1#E=EMks8Ao_{0s6omK8Z?3kB@Hzm$LU?_V%GeR!KwW_Ffbf9ufbb_Gym87G@$3dT z>RW6z!ZT7_eW($hxg+NAp4H$+KzKlSKzLJx@2|nj19&;WWr$V*Ugy$Q08i!k0p37e z0Pq0t0Pq0tT@Getc!0%s=Gr}&mAP}GfZa!wl2I?a_f=FEM7NoKM78EI_Neqdj}lh` zo&%mkwl{=?f2CL?4+$UhX_=@>A>|uVzAuMRnP>lbb_rEc|D55`6Dk8m0igmy1%wI+ z6%eY&@CP7NK&UR0P?=u}E2hNi)j_)cIq|22j(mlxzoLLp0igmy1%wI+)nl|#L8u4; zLIs5C!Uz=`Ae6%@p(^U1GctNYWuPb^R6wYJPywL=LRDq70HFdxb(sf#G7g990j$E| zdT@}!w|}@E8{isR%ZD}ink1B1N06)6v?-FKz`HorDHuvqp?a^(Uj@r$xZMH>T3@WI z&qx5l5gu*Dj1Q41mYZxIZH1Baix(I{JU(Z<#3qI?7JyBFO`T>XVAB|}$^3R=X*tJ6 z)n6S*Olg5j%mvN_xO9Xw)n_E&(im~c_|Og=L~b=yT^5{4V^hJIScy#@a3;W}Bb*5X jHeC)jmA}WqLzumJRsN#>uCrkC=GFfJ5N5BX4&VR)Zyc!g literal 2692 zcmV-~3VZb*iwFP!000021MOYkbEC)+e&4@>(!L~BIy66lIh}pAyQy3rl1u9Ll6!O^ z3Cm;=xDc|}dC1?M8Ne$e0Y(fXi%Vn|)dbsU zVg>OsS%vZXYVyxt|NNad`SJSQ53A7sUjD38e`Coj;;s60HMz^O`|oG7$HzxIdfNI~ zlG;(Yv$w(QzkU??Gg)XhxqfF^FDqF2nXkSpzxA^$4HvsCuws7`Tum1K^2<6+cJXRb zlq$XCxahp%(({T7w>S4mnx%f29gAEfNfh{TAvH^PL4P^hr60*5*48bJ zUfhORmb}vbTR+-%=|J)IH)}i9a@T3NYB$_UiH2Gp!&P>7^VN{LirSwH)&3A}!$lO- zwLXlq!K!~6ruxIXlcV?ka?R0D)Yj-8R$jmZe!6>D@4{8EePx(c%QVzOUX5t08Cq-FIV_ioxMZ*Yk?mcPuxhv!c(bdoIo9W1l5v!63RUisT2?LR8`ht_he-f2amLMpL`oqVv5;e?~k#gsqV$%u@i8dsByX5){IN6J1#MrV$a~f6t-ZF>rJsU$F9ve zB~vVH%9-dVbeY8QO%Sj0E}YP@ngX&pvWVT&N+cZ#ZmRg)K;Ti&vAo!AZ|)>6ML}yn zvD9sAKZ#9{U{l#&%s6f>N@WpsvxH4BX)ns;O(aCsN<3Gz7Ueb($T`06HANkp3652* zjG~U?QVj_?=%ih2kM6|tU#vor%C%crA`OR6to>iFChVwHHP@2zS}dv;<72mW(4rws zo#>i65n2PjletS7j5$=9J9TZ!^1IFmcMMy5P2Y|SQKvW7U5d3+WOKynu~ut}VriKu zw|nZKR%50_79lLRdyllDCY2CDT_?AD?2^`^OcoLO2*6ad+Pxerm{)LYFoQ>>(Kr9vW$zjsyfT=vJ9rx*CX`l@BS;rl zU*3=|u3n);M^{foXIFnT0-9aD@)%}az1wK{291{u;;s9S-jlqwy0a3@=hTt6Z7RKi z%g^DjtG%oB*M0Hp()_hFh_3!xs-~;I&M)caughE9#b3)>U-j3g4wPOl+tYB_1XVBg z2DbWN64}Mn`uwz6B+(1|$EE#qZRf2xmOP_3qn95rPmi8JDgr}dpO+60+Dd1YpF z6)rQA6H*!q>oOxnOioB?fZQw1Mm9#(7uH17oiRwg4Wp=oi0XRln@-`i>1vxjMZuwf zAl_}t8*_wawW}v5=`RZJZ|;&b{7({Re$?8zgXOG~#Yn)*!lgMO+ucH~`2~~SN*Wf= z9c@16nZSLmzH^Y3y#3P7L~mNRAzcYt7EXk zIP4?jaQ(8A1Lz~jkHU4l3F_};1BA8(#@EGmpJo;hd6SyaoSp@YFd71lgjqC_l(K?G zVoYd60FBOuMgq`i+-Rg9?2pZIBNdBYawE(}$c-qV(OJ;wU>pJ(jS-E=5NPC?MI+)? z(a0MU8Zkhlv!Rg(Xmr77v|k4JoF%Eh4(jkoJ6(c0c@m1rfNLdUD#1vt0l2nMSu`#i z?-GEX#=5KmVB3Xt09XgO>~(;9f3>PQbW?-joE!v*hw(`nH&1kS9Ow7NKJfY22Q0z$ z=Te^};IHbK6dNKo&geXos((&|e7+lZJRCB}oTx$K)D8jJkkg;PEAs&s-(I6?GTkOj%)`L)7tv>H1y)tF=1uA-S>jc;I$?nqsue%_R83y0w%v&o@meIs%yRl^){ zB<6!i?(Q6$q}BS-mkkAbd;@#*F4!J_3gRG@H}Y>u9A;7_fA}rT?yNlI>W_6cs+|)f zY~fL4IJQ9w;hqx0Y~k`bCenT3JjB66t~cI!dR^spN_MmnrCu%vdCX-Tq8?!K9wzT$ z^8WW3ZmD+WrHsP7J2x{{xpfccFz_(zxiA&sVf@r5ysv~fWZqZKE19hIn zL?qTT^&C2qB&J_vHv%h9WkNQZVF$Ri`M{XUXoOUz5hhj={ezy^lrXagN8}Pvj!OA| zolzhX0FZG2IvjccL1%>^oh1_^CuVfOJN?8>+WF|Peh=JKk*?=Wb{vP~`>c;@&o6=i z`;4b^(SwsX0r|#9zVvgS3_lR!{R5%=U4RiE*Csm{0~i@!Wq~Kb@q-Z`fEiI{mKjl6 zWk!^ZYyUwE%;+4#Bp!eS^ahMs>h^b~}5^$)K$i|{H4 zzeIR-mde->UPE1g@PP1u@PP0qBD{9m7k14CIjVzf6~a@TpMIzio;oAu@UGDSM?iQ$ zctChvgzvAx%L8~Zz$U^@Br`t@Ll$1rD%Z3cj}nko0U3q zEP>s#3BjYDcJHgGE{JY21&JulBjgg{xh}zu06Ygghm3Cs3V)+mB-iF1V$&j7l|b4z zqpRk9`7BrChJ6Dl*2qOw9p$;y^dXh{f3q9PR)Wn^TJY$9bv zX4&rR^!a}7-|v3hf86K&_;|lRI-Tw3N-3=NKKqvfC_5D43}wKR!p4)^f34JljAwB3uC?>&%GL0XnvA2cROpU5cP7a0=sZE6;CZun#3K*|99>C zYo9sFV1l;u=eebHedj4}-oL$jMta>Fd2HB119%-A9eo$Zk6*ZO;n*=o_3Da>43~it zzQZ?~+S>&bWC(V&wG?qww9T6Wh%z!VmLIMx{4U+_TbdOJD?dMzef##;vJg7|)tMuB zsh4e5J(ns%$mUg>G<4p7;K1*$f|2RLauF6f9!ccSNwxcZYL zvAelc{1ViH3Dr~yl-$yGycaT3H*Y2G@?KjmjE`^4Ir%)4fvbOT`P%Y)L~JaV^f|p_ z$8M&iSf4qQP9L;Il?vx|FYs!ZTUe#7nVDI8M@Ome64Qp2$m8zrZkzJZ5B?i|jSmm* zJm8#g>VLjNH;(wDA#vZypY=&26B8?=&FKx!E5Eu52Ft@*9bV<&DX}q$H&>( z+0)Y#Kh@OKjvwE#9)C|yFexd?!rYw5CULs+h0V{OKbh7A2_6hMa^30Fklu)xn8Vci z$qI#ZJ;a@|bzNQZ($aG{;T=16(ENMp2^N%ZtFfD{h}d4bvA!aC=CjA(TY}bR@&_0y zCMd40{5`6pb7g7v$G1<{72i4O>D?$TRf(D8NG-nm3zI=I1LqkJfKbNlO@#DuayAKw>f3GAXmCXp zQd0xe13z!(Ry1TGe4_UKd8{%qF>!6WoI!>|f4(s-J$?JGT@T{pHBO(#jiF9^=k=S3 zZL{HC#HLa}iqe*Eb4yooA_evgepUVD;O; zfB#2kHt7%%pj>gpv$@ZnIrhKziQRpW_ofzZx5XRhh3RQ-g(n+>V`CAdD;w(vn*#{~ zTX6|?XoX1~KYo1wmHE;6c@H|eDBU|^OUuhloX2)fFI{4zr@|Z0QsIp|@y0^mrCGeo z%j@smyKF_AOJ!|s%seK?j;VQYtKL&HBg|5TPTx-Mcy1jQ62i{Lrm3k}?X+}+`euz? zFp0`4Ca_J_jNnGylJ?8;o#!^5SGJY378Vwd&YVAb`SN~sEoc+;{QB{Sw`}ZSB<9+WA;Ak=_aWp(yVfp2@FG=d3KY!NT+7gH}$#=chh|6SoS93el+&Ki$pDpPT*hB~2r&yQjzA-rmc})TYMv zr77;eyPKPojLhovpoX2@aJF&QTg$1BftyhVo~5U2cm(`AoZ0YiYC|S8DUDSr<7?kz zRl;K^%OxDwmKQ_~sP^wKbSYU1t+Zw2x)9!=hx_{5_r%A7lP zTpp^RS!_Mq;D-+f)rGjZRX>MO36nz%e~+fAxA(o*?^8}rlV1}T_8LE~ zR(^;?*}i>ya1+AytiMNUEw1p=roTiQV^kX!mfLslnp#>q+Smlzbf);Pvy(_9cJ{q1 zr=15%IGLF-s1t)XW?<)do4LDkQL)o10UoA@Ltkd{lhLx?{&R=Ma2_yn+G; z2L}}u6$=Z?5Z(8oA*F){vrWbqXTHzP%`vJY|LIsnB&4O&jj{s+15++q*4EbImZ?%( z6?>eY>McUP%5c(Qx^R6>C>BhM@szGil08cu)ey4kVmOQH{4pXG*lUN z^nskD-|C`E>Duf1gWSPJ#>Pitc4?iLpgxRTW<_4)zc$Izfwr41GB-FYl;_!YS@M;?`5& zzhAd8Ra4uPs1tqThMm;C0pGd$&X;E-=~o8BxDH2iEFex}xm1W8G7bYJ*VsZuOH z^J{uE-n)0tLxHpW1v*5Mo?wc+`{V5F^T-=~$s(~ zb1mLT(67vX5x=@HzOcIFzB{(#=k88N*<=G1zg2I9-DJ-jeSLkDLQOBaVU`3+A-doI z4pI!JAJt-T@UcPim2V$6 z(Ti=0MCMVQ4Ww=|6&4p_u6-cyPEtqNpZb}HemKpFOSoI!Z5VAlMfqCyy5R4DQk5(7 zLh4%HOAfeA)c*W*JQ+DTx>>DsbaWw&=XrwZ>FG-rhv%iHX;;s=K>5`Je>bji8{QhZ{bBr#R7> z_pqrVRH$ny7`ZuXZ*JQu%f`lLiFW+FbbY+RZ+T%NjKm@5`Ync2k$&5@8M?sO*hb{n z#fuj$o~I-v43CUd4Z7Y&xJ*v={Zzg>KN>hdRHMEm_W(ddS63IuY}5D(SVlidcE%d+P*Q^b5x?5Ia^OpF0Kq96IS-kNokVV7KhKfl7f`^3Sf zv3aD!&y77&QcSR+nLJ=*Qp@Id}Li9^YI z8Z`pV%#X)=W~j2m+TY2>M)GWJ0;FkVNFoIH8br7K@ROe{t{&E(`s<7^X@^EWO7 zp&=prWo11lEx3cnCnlU69eexwkg-*WwYIi4M!v&J{_BN8tsmIXK z`*)l!=wcPKWIK38ra!VJ=<(y93@WQl_@*miWh(+~p&_B6=v&6wZO8*wX6A2n zf0~n{=r&vpEQMU>4OK)emPJO=4zAt$@#PLc zC9C);W)>DyIHPP6UEMFqie5u0eoH^@0C!hd`#Uo|EUTL2KPtgH?yDcy*Uws=0!+q;Sa93CEy zn~5xRxOfqeVrgaN&8dPHFQySK+S=MnOG`?-8!<`vZ>*ze9=tLixBP}8b?zUA_7EaB z;t)DkbhnwQKE>uAD90yGoG=kS4$Pse8&zY+!pw}*pykTiMo+JV!C*R1nGi|tZ)A)g z^XW9A=35_9bD;F7zP{7kx{7*rU*EOa;hNUR`sFJ`LaHymDLcsHiIxQY83{JjE=SpS zX=#D==Kum@*`=u%6&~#%~TG03QQh8UG z*^wjm-#!K|#@p@PyBF}VwY|OY&6`rUAGC}EOaU=!W`=HCqC+?HAAagz_4KLm<;x2f zJM!Aw+AQC?s+~M}r*UL%$@jp4H`abjnNOdNH>zy3wYFY#baZqtdGockp#AID3l0vw zMebQopX$8rMuNyXb(GAtWbO_8cWJ}FfN6K|srTV(d{ACwMpE9%9S;|-SE zW#H@kJ|u)vIg2CI27N?KT-@b92anc+_~SZwC85%GX35u=S;xiYw}9?#-{pClatUG> zU*>O$gxv|0O`J`pwB6~CAA2s%o;`A;YSU&aYKt(yI?Q+>eB6!6iXDi71z#5@gT`}q zcFc^7jJtO`+t>_#{|-2EomA|*;%ET00`^{HFq12X_t zuV24Dbm$OU=*uq0U{YAQ&&*H=8nr6-#}0YdZ>pZ2f2R80jWnjjirc(2#qPRJ&s+8o*vb9j-Q02%RZtgw3a~CcMhuWZ- z0qY0|2r$#i1Z-}{^y#s^jku#{V{KqV@}AzFJy|8!R*La@`_{z7MCsac!suH<+Ts*^Q9mB&WCr)6(l(s#yS@kw9qjsRj zlepluQB78ZB-w3hI~ffnF_L7cp2;3!q~7xN>(|Q4%7};vj4s>7j_T=Q+9o6$hzkqz z#t()O4gK(5O}zKfm6@SKmo8mG*ZT0`!=XEWQAAHZKb4u8DQ;cDFD#2O9w&fX9=X+p z;=a85xe1#mKp~`8jGGcSpBP;r;+Qb3FEBJi7y}k;-pGepI zE*%q48rQCUsPO7Z!`SJ+JYUn@eFgJ>t_r7|Yie#T`n(MakV(0rEn+!i<4I1=Ut|F? zUMgk~2`km}l+#k|2R?Q*oW9U32B{`P6J zSg2$rf?t~W)**s3Ij%NLxT^A_JFCU}~Mk<|H_Xu89Te*^L(Me#x# zM7_GN;_qi>cCRjG9e0tX{3t4UXG22+4j6!W$VH&dChfEY+xO4W>CFzvOZ+iO%zt%p z23Rn}#o|FfTj*qW;g?UJKDD)ZpatbW4@RgN1@29K@!|zOF2s4aw;@Cj%Yzk zHg@*&XU@bweE2Xi@vMuB|H>byORt&QZPG?No)3J@wU}`SfuZr%w=!}E&~}Bg`;`r# z`!k=hBItFC_W<_*fFA&1I(#tw?Gx+1{_8Vvxlbd@DZw+O=!I0{8+l(tFQLxpgb~7;#F= z%gYEKq!Tp{F>G$3!x{yC8=J(ptQ5cdie6&s;f*7pGy9Mp4Gqq?ON+z4kF@x26&5Z4 z<7%>ExN!r4gfjc#>fclEJSV|MRdne*DObM<>gdj$H)p@F0B->l?_g!6yLtx5q_eX# z^|gV^?pQAX(YUxckWF%milvy`o=4WugJ8Qv`+&H%wgyroVne+`@?KqWvBKat=BcSE zd3kwGXMqcVZ3motzqu97%*+74aw&O}DGl6mkFgf;gvuH~Q8ep-lJoD`*trsRbV*i7TFj}IYEiQ*Ka4CCDSzfyI zGC8>qkrhem&Ob{RUsKo6pnPTii9{fzY z!^XfM=FT0~_2PQt;`-cR1rcVP0Vt2fVFo*?B3#!+TKw3t`^~}_LhgjM^#)S$>eZ|J z_T^k#`7<^#;k7EhPac(_Vy~-$WA6L+mSBnHasVvPO5L;SWawY^m>+F6D>!E}+a|iL zl&hxBS4z)qqC;&txaIoukBtA9k4=YIf%dH(L#Pj7zp>ec-GJdn!F z0x;OOA3rjmKUcADcu-rb6Wml8#p?B|)5g|T%C4I9{z5oO!To35=jff2lapf}%gCw5 z2l9Ld5N_TKL1krSS=m3eiTkQz zI44X__iaHPd|;HRfxrOApqvt0ikRImB{g2=2XKZyWNB&n{_L0AAUL&TKIdIU!l4FX znvRVx+>6ruC9KPmq+yP3o$M( zSLZ4AZ{Bh1)-BB{pYxxZnn*kzqfI=3UiS7QhoV>x9X{+S{9+2cX@**MOB#;v;loo` zt|+X_?%&_u-2Bq`svJg;`};3WcOXz=Vqy>?OfmU6!75>jyE0Pr1iw3JHf7}{%`Yr; zJTo&kH?Osm%6a8Lu2xVG#VYDP&w7wS7AmWv z%D)$4N<>6YS2w4e4Yc#j%FQRbSsq~_WzEf!2M=0tlemK==)Y7~yLxz_Zsxyw3Mw*cgqAKL~THBLj)MTRNYwYoA(oBU1kB>*Oh>}ZaPEL-rl$5%L2JX9PL&r^Ozz`0hzOF?~BjV!XcT9wmgS@yL zKCEJD`*K^fpr8P6FZLK?>Nh|Ed*j@vFqr)CE6DTOa|KA<$%%=ps75J%%VXtX3@Cvm zmnUw=$8T46=*mBfakw~{xOJj|GD}DWP)R$bmNY-Uqo!@i^~&Vk;_C7 zpD$lZa&vz}Hyzp{fiy+kqUVs&;wEj`y7l`(Ex-##iDeiWM?N`P#Cayu7xH-XG_B zhr!X&(cxkKD_o~!(Egm-XnY**^c~nyORGgAQ|pPj){WD<;(hjzY!7a2b>?=O{%D<(7P+~sl9yx zcg-kz+p9nI2L{l|9w_
1^vZ2S$LVKJQ}btP3q=r))}0J;8mUPn7qzMuy6^>O+q zd@U=Bt6Z|{V}%$xhiv`2DqrYS_?D&;tXHOcG{4k-@i-GR1u*( zOl_qZGqk}qmRD2+^tf~THtp3qukfnxI6WX|5XtY}zSY{V-lVRtU*BDLG3DUZ!&$8- zpP9}S*$=A$To{TVdREZGDJcR`aUi}K8a9Di4o=Q{_YD|h%~iUMzw!>hTG#*v?(y#CO;rES5taAW@M zNAwgIFN0xWMm1hH%KF7^;G`{3*Jq-`JUc? zewkf*m_E*dIC+1R)96EY8Uo7AEk8Os8suq~tcbYy#{5`(SlCu256T4SZIrg>&Yd`Q z$`8yrS?L-hd9ymWyU(?>v`qcl`kd1<$NoGW0^af9$juCLO>0flsi~>aHZV9$4Ji`n z@u*d&hMSuk#4!7mlbcohF+hqex^K;``kBbB6s>)sj9vS&2KP4PC(!@ov!+si|6s$F ziMx02YRQQZ?1;5Nynwjog%{e<{_5-M_}^Lx#uuS}0GsK$ra+`jPD`^u=%RP;0Oz;*HI*=(|HzFg)%lh^7^row( z?d$Ig%y_zxN6A#eUA=Se?(PuT_}?Ax@a!>zUWlq-`qGv%)CS!K#YrKua8e*?0cNGvclBZ54JC5kzjNmRt|Kwa`h*C1%vQ}i{|~cA z{$a$eEG6W0J3vlo`KwlJ2?A^W5wn!?b$oNKDQR%MI$aC zkeQub)7}o8)Y9I*!`eVF9#<+UK3>|cI!?@ge-T9?NH;?=B2!RMDDya!X>?ETu^odA zz#lYdQZW!E27cUBAU=yzr^FP}Q)FUvxu1}4O^~FN6u2;mvWxDcg@uLQu^~bZ9{d2&bk*s?g{Ku;ZAFEJ!M-epGx9NQ z-#%j*PIB|`&^vmRm3j*`4}H0mlvKibg6Y2iI}LdN?cZy%yYhz{ObqGi>8zsW!6aJ= zHZ-S6$GdTHO@1SH04aKVErXjN_=B+J+O^9PqY7{`1hd{=C9qeh0|WjWfH)82E|q=! zNS69QQ|Rn3-gk?keJw1lz54QeGcyT)Ie!z@(!}b_PhUJ zu%Ws-#kyg7Q_=w!k~$6pNeWC+ipGo{neo@~{V#2|l5%p=uEFXMJd)}I)$i*kUb?f>Rw{!vG9c3kDw`F7ffh%H`1I^gVdu2O-);lD@3 z#4Y~m1DVc|+Ds0M|C2;5_W2#BC-~g5$jBpNo{HN+k~vN)dM9N20M|Z_jBVu-&D&6L zA#sUYzHKTrByuW1909OICje!RYaPNRdg{HLq~tL9BAgM-C}=w8xmJjMkVj-yq$DH&u}>HqCrO?O zRpq9pruK$Fvwlony$mBI|IR)5``kKZW3Cu&Fy@6vM?1~6LV+cQX=EC~?$X~BDQ^GL z6vtyCocQGjZI3y$ml;;vYTVM>jt|IJt`hs4N>`HUS%RPULpKy_AkT-{RF^ zC-wJNmpgb1)I(%bu61dN;??+O->`vef0Gyd8&Xs@irVp0+;Z~W?~-^=6Y`;qW0LMJ zzPvA`Q3XtVVq!bSOWdT7rzMID8dq0W(Or)|RO+g&73Sv;ZXEgD`7%AJ$WUv%u)N59 z1V=z*m)hc=^Zfbq^z>HSWVCfm!>bGM@Sr7xY#+Ez{3LEma5ZEZZX$~s&V5(@PFd}a z4HJKvpYP`7^_xsBzyks%qOK0&6R6z?%}31+)I2Ov0wn5AM^6-Uv>S*HNECDPZhT0{ zf#$aM_RSO&D1U?Fge2qAFuTy@z%xti+yKj#jj1&z>kTbm$WIk(jWss604A zNbHRkn~P~_X%Gdh3eM?kX@%DjpEgaawByR!`St?w^1byXXkVXW5C4wo6v!w^+CGM! zgYIlw;^RV4*z?xwze~!>$P$rqiug@(cE)X8oSQ(?lTv(CmZf2BZH;k%b=5cGmwv?M z0u5Gz8)buiX4nA7uZHN)4IntlriPkKjT*s|XW_^4fZqpk?7>aY3V52_2s#sUiTN96 z&gQ^s=7+>IPa!e-a#Il&+#{pxz5$Dl3h?JuRdib@9#N2vfUdBz>O+)=6Soj(3=8M( zl@G20?!l9zxs}(r$+TM@y;y1YQTR>NZ%#Y7+X9H-u5l@NJW*Ud;qKjVQe;fb zPq!k?u+6G(o_t#pS-Emc30^g*AjaGu8xszb&Rgv-dacHA&fXeMGh3P*=_ZA-W zaB~j%AM=%X=*+9MlktE4GEU1-ZA+xCL4$qQn^RBEUCq8xTKLSR2uh@z+%6|4CsEPd zso(nf$tLeq8(Mkpd}(iO-MRk)yi12M7oa0m+vShXS8dig?AKtg-U43603{8Han{qY zY_E?(g5x^(zi(RsF#gwyq-14dA|mc7dgW>Qg%DJ!m*i8<_J$v+X8aL&>%eVcGX?(l zSA+#I@C1`?^leVqJUAkqsDqIhl?k(YzC5qY?OMoSl|)s&#p^;%5mZ83%Np&OB7(iB zD*Q=b0xmq(c*5y<#f51sqdS=}tilNff|sn4Scs5qPg+{lxNi~Ev;ktb!sg6AFKO@J zsXN%uV{_HGf>4o>mls1Cax1cvGMjG}pf3l(hp~G3?{5_-zu?nItbBwa{Jnc|9@K>z zWFfC})2pLLk2XRVfBW|Cr_;fqp+l@hTvf~@xOz+x6=cT|Tc`j(Kfjd(@K%3tPsyU)ABc5zsK(MY3|8@OZaXXj_C41hx6yz zBdc0km|D{8@HT`6O-dD0%h#{C{l|=r6#+A@Tq(YJvpH5}{Vk@>ty{PH8Zv+-AN0Rj z9dcby@N_CK!IjoS`O8~Rp*>dT6`nN?>Q2+02{RudVhn~k=PO<2+6PywqhV#AxS<-N z)Z!JEgfAW(nZo(yS(oEa{9R@x-fa)GvOq7#2nD7|k{)4f5_J@q48POU*PpR3 zfLBC4TqiS<=o%s|DLM1^Z`IbtIPGtQS89Vu53fwdm?6>V=Z|}R4D|4&=#!YOayJ-z zc+$;lBUpUZcgQ4AXw=uumVEuJtdb$&gPj+N-FId1;~nS;tz#a6s;X&* z=mz-yg@uKk92~C-3+wCa;XOjHM^fFna}qYH(L51RQOIapBS<7IwMKjPlO5B?-p|nO z^>dI^d$`@&>sR%UzUcR9WvG0p0Be7BT)DY$M5BohWEBMXat#Sr1h z%qz3i(8R<(5;a&#uq#=p;TTv!2n?2HA3E>gpmorepnUXFqrG~lXf7z#XU{5Hd4}a9 z;?Fl4mAPldX}a0(XFNcJ@c-xc02g!(PEOJH;Wu{4O9=^S>FdKBMrP^0el@qSz*q!z zvGK0tndxtzFqApUTGRz?3aAsBS`zu-u~?)O)<`Mi{!?#v>>j^|t!-_?Zbjh9no`w- zlSV2u>-cAf;x>BCPM!=S!IKC&G5*J1Ky~@^Eg6_bDk>`vdQYb!VKsRNlb=uLZShb@ z#ymGZE-NDg5R>2ai^WNYP|ZMjFy-B}<$KL>cWB*m`Pvm=V7PI39TR@5Pu11buq*q%ozAW6c044`o4c~lT@Fkjzyg);Dv>b! zpe(s@QK%pH5T(gixpc+HKx=67HfV7CN`yt1x1df~Qb0Q_nYS((HA`BB5jW{uy^cf`k0AwST}OZ2E{4y!rhMHbt;?-sh^xw-+U%gY ze-9?112Qs(LJ60?e=giedShG~PEL$lx2o-={QmszF3iC_00u^U^+mH0?!_-IJ$U#q zhJ@;Xl16^*-+#8C3kT=s?oLM}l79m^X8-<5Yw%oJvtPJ_NpMh_7#rtgXAjPJFIGgi z2=3wQu2yN+4+}nOXKiH_ZF3h0#jZyh&Q`yb$peEDRbErQ%}q^rrOrlfVL%vat@;|k zrEx6f>h!n3l$4ar%pX9oJ$+`M< zglNyFGzQ-g=ljB^K53{IM@*F9glTS&yBhj>&{G~mhZg0OL}kwZ{fCb>{0u>?zHxA% zP-WC!@cjxT*4769S(!XlhW_VdUEmtQ_DP-e-Z8_)>l{x*RcW+Vd~vNH8<7)tWOJOX zl1k09VyZFn*U{*PwM=!>zM&74x;efCjnW8uz_DXINghJqzv^m**`l94DAZ`19B78# zmSDn9@Zj=O?r3jE&F|{z(e*Ua_|b3_!08_{q%D_Vd;FC1=|dvTz3Njk1d6#!D+>E7 zg$OMt%*~gFYqmog1C1VG-J19=CkupZVBn^x%AjNKd$PvI3r@R#walFA-)Ix{KGTOT=OCVa-2-22Y0l>`WAd9h>)6)P?EE!SDAS$ zMBgWzwiRZun}H33mz9#8QA;Pxp7Z)AQ=mWP*CmK_Z|}ETj*iJ{7)@Ob3*L2%QBA=l zz(Xq)5IRmPV|sd;>_z>REs~m#Mheu}2Fv~Rtqhoy_X z^W`6b--W9M71YjMjxzHRId{-zbUZz?8jQj{K*Y*iTlNTU!l%H+M~g$!z)){$+6fgA zbHE1NWU#Mn+ZK%h_;W>tmakZ^Y|Y!*;Mk#P8@BaViS)Z*B!ct>&gEwPAag?GV~yY@ zT&_py=@Iw)vcbHTlsr^V8yz2KVhUJA!Uj$@#r|Jm{3uE+lI&(%E zY&QnQA-WZCe{pdyAimZp>o*e}K5WrCd-e9Mn&H6BTbbBY_4T(2hIA!oeCp}B3b6;d z1_#HXLzGlh5aKj)=tdtuc<=yD)ns6hmoFK`DHr{(U%wu^OP)76f~tpSCGR0ZcpS#V z1iqr#--V0rUUvh@1e&6}`~s|0`}ReRnkxK3Pz3aqjry*e%aRgRGa@jh1bk9w#vWvufdMwmi zKxV&l9R#ODd2A39+ohu3&z}!Jd6~_v#QAjUgN7{xTufL(I%1mCYxAu~%fP}to!oWoj(Z0?9z1vP&>9<9n9e&fdc%*+_{4{$!wDpq^$)798XMQEC1r3S~s z!%88~!#d`QDGsawsRYhMdQ@ad$xD|nUqj`*YY|cGGxs* znsTvPE|XRz(P!v|EB8S)-W169`8nh}H<_q}#V2=jPVizEoH{xT6;&A()}| zN55Avj|uAC{dle*L>CYy-*4@T&GCS$@0cE@D-A`R2918NpBGFOQofjl@Ea1;-m|1F~Cfqfm+Z{Dljz*ZC*};**nc zQ!c#!vFhGPH}nPiD*RRk9`Cm}I6Lo_K6hjE_yjN>T0I(o42KhhGFxXbot{&@+L=Zu z0pGuUi;Iuvvs}k;3+RTi1Jh$C2Jx1bd>9=d`#||rZ3^U|%JtzpprEl=WBk+7GD0HirH8eIyXx7%(@30yKIao%2=hm%9IXOLT zZNWCCAmgE_NYYQh)Ikog=hJ^CEifAmz6QI~hh3d?-Yl()mSR|)%CC>=!%PWtQL6&$ z5bBzy$1hd$^`()NfPesEN~%D74S?IE<=4a>*h9uV6x6lmtxv<{q_V!q7ixnt0$2f& zV#rZoofg>)105wLC0pnkI49UW7u^C?No;K4Hl6V8Ki0cfMz%4oV`l-o5y3qytgJBa zJgF`;5NqLaCi@yn&uVMaL}O=5%i7fY%RVD%sae&)zbW4n5teE1%L| zltf)^H;ds?l3o#o2hsb_<5@;~7IZt#YPthe72=n;nAnM%#u@s+;?5(tI)3iIsmTjR zLe8(!yZJ+|a`5Di_PqH$vOXp1ef26NK_<@qHp+ghckkau9d z$OJF$^TxXE#5Diym$S2OSgoS{F)--%#6&p0=2w{?QbpFWlS~(qoe&#It6#o+3DHO# zI(cE0L|*%VBT&8i>(>(&7VjW20idI|sknY4s6PQk29E^5W?NI!XalQ>2UdhC_jEYV z89&PvtA(i1-p&a(LT%b6_PwH_JCx;a-n<#uJ$Ya3*M98G=z_;$58Z2x3JWD;pMsXu zdUm#cL&>*^Ek_;4??RoxA`7 z7DN>=j133;n%Oxy7vbpwGMFCh#g%@ID~tTe^FNT8nv)YX;56BG0s{p`tlX7Uiproy zIl$qyFXE-&&NO)~ralA;fzs&U@Fa30#t~zc0pRfB7b6Z%a$nOtvZJY`rHtX`g9jqr zX$PdGTN@k2_wAd&V5~}=nUS#yecij=Ftgf90mOMnYb#n<)c`^rdW7c%1{4Y0pKa^i z=n!y6RH{0_5`n(8IC0|!J@^~&7T8o6Xl!J#X4}498alQ{7_slYkMUv#nIr{=r^|bD z`lZ)-nQlmE@0LY(^gy77eyg~@8#YAD?$G2CPnoD*S@d0p(O`ysPq(k@qy4M%=vhdy z&=(DxG~pfu;-_A52QN41wMpPA^>KtSI}($UqDW--90YjWH2Avntls@>OnIK2z4t!xfK&H8 zR;q}*|MAK3x&1~x39Q40SREZX?3Eo=WFk)4lI z8!*CqDD;(;sdpMhl4xmYiqPgz6R|5`VbgOL@-8H_*RVc-`w4DBwnhAAR_ueGZ07y<~+Q{?}lyMy&>e0>g!G#%cO;&^*Bt zM-Ck-DlW#73;FugpM&cc9eCRY%)r@)8nq!8H-D#XP2=C7Vb+HUF6rnE?A~!izlI|N z@ZsFnHusSRMoz`iNE|t26-j$bz&w9XPuXUkFX=2Nb73H4V2DNYfT5tVrR5gclk#V% zlJ5Pxv60usu7hQezPrtAfF7WGeU`XUf6l_pY_jj&-{$lq7(uap`B6edNGSZvkD-g? zl!SUY?hochtk|Nx=xfa}g)Na}zg4b#8s>-f(H4X#$f_s>-g|nU9v;JUOPW>0;vq21 zllE#-WH*cd`jY)>jX)EJvUm9CEnHM8N=m4a>YbJIxT=pD72fn;K+Hppa<&fv2B960 zV!LrX=LD|GBxG&2Q1Udw?t>XNX6|7A#TwFSH5CCiT_3h;B@8XZtKdX_b(Y z5<4Qh3b*dp_I40KI}G@J02dHK2oRPJqGZh!z0oX;j-N+P&QvZz`yxM6O;67XGDx%j z={D7l>gKzds*DRzK9B?(4-ebr!{%gZ`Cv4o7LH9ck}3(kS0T}Qg6P9Z0j`1k!NI}s z;riv(Fqgl`$lzyNU=(wbCv@T=F7%s<-_=0zVP@cg`rcSYl z6<>phc!nFFo4ezy?SAa2{v#@9j%7o%HgW2#bH=h9hm;+4Y}LiNM}Y&4lg7V2zI(Q2W?espB44_us)aJWOWB?zhuW+J?>MuNE+^!@5hIZ3Dt zgKMwRFJYfk!7_|+qVUbmgmw^gWd5n~nvP&R*d$P`3-j}K>^lfnRAVG9Ra;wIsE~0y z8r{~DDBrjuk1kiB5J55Z7!3DSR^j90Q&uL|BlI-TZ@DQ`m{belE5Zw!D5hXIE&A)x zQgL@M!NN!lFaTv;^x+!!O)b<&G~*QL$r%07zF31yoB<<~54fCKVU5O8!N)U?Rgb}# zE_E5V2c?R(G2Bkd2lOp^m8~C0dIhb@KM1uz~jxLYt}tQt$*Q^MjgARu;ek+L(T&+^FdT%`hu`_Aio3Q+ubM$!!I?mFFG2IjO@`@36PPlQ*9$}TS4Ckx9cEt zf6MjZ8E^2BXwUCpE(1E3-$g9xt*rc!^Ss3TmBY>2udHBV4uTxP{kn8Q@TQiDFxjM2 zb}5+f)Oc6@oj#dBH3otx2MRt`P z(bP;xOso;<1{H>KjifL$Hy^r*38e0UytIOXIX9_VguV>>Tri8G5=AVrDX;&<>Z+XQ zFSh2Fo10#4$X|;fQay=7@gDM;1tB`xDS(?UCFO?kw9NW~i7>WFLNLS#i;4C>sM-1{(8;rcvPH-e2|>jOFokoXjJ#9a7>>{a zBI)RWnnU(7tL#J^{%lCT3gm>_^oY+X`^ggrRE#nzRX9Gtm+qaBQ$#Fh8D$UcQOB?1 z_Z+3oqNBtPfWj6{?2e!eeZ{HxF20a>hlGW+IK+3LR+<w66@8=gGrHP(`eWY7$wSM5+!*b+QAw}g?meB?S36|PT{Uh_j5 z8sz{m(`inaK$x%9#$c%u{nJP&!BaS7@yP4fuMs7=PoMHC*b#~+1|Ab_6dX71a1(Bo zohyLbjggZRPe~}jf*ZsFf2eLK?3z{WqM%7|9DdW^HmN&c0}dz*h83)j8(_@|OK0Be ztMWk7bN2(p|Ni-Ns^DBbrn6wqD1xEGbSfpcDyRnKS0FZ)5O^~o@KW3=KP7GDij@E$ zu;94s*EL`wXdd)vK)%Co-TiC-b#W}uVKww8N?k+@Gl6F1uM+EHjlK5P1X5Hb2lf^r z{D4429SOG5PJ}9o#XjH^U!KUb^ucBOdZzxHE~tmn_2mh) zgHO^6s(U{@kx_jNTD7#)AO7{69P)I9v7?z$o9@n+HNZ0TH26i(7fj zP~C{D1CE`l9&%D-lO&cad4e$w!o(L&9I*y|U;UZnGCid`TB-@;apym{7lrrH<}Ip^ zkwNTT_+<26EaAbLa{R@`b@B%~b!Vif&w=)VPto=|G;2#3J>ln@e&gK^Z-YI)3CjrE z8)#_)bl}ml!}?oKR~MGM;Qp@e=(scL8vYWtH{6IX9UTY6#0(zHsALWUFVL}yiHM1P z9zd|d>x1dhi?gAhKESP9H`BDWkkE7%VfWZrcX^fxHiar9Nt!)S@CE zBm%rk{j zWWmz`@L&S}Kfmr_xSuCtF81+}hlv-2f~e>=28L4i5p0D_G^dB5X@EmWs?U4=+`ga- zU<50IMMdm95OhC}U>h9e1=SFE=X?tN-a zt6jKA$oD`V1vkO0a$E^46gtc4)2A_%s%)&bu6cBVe=;+iLCY#Lz0kbQDQDLuPHgAae=;}e_>bmKh50th5~_^F++n}6f_GjF9nZ`|GMv^ zGdJnbil})6v zc+K&#v1SJu>@Kbrg2m6v6H|UpO)P(L|2{{v6~y2Is9eGzsnBMzO%2e3goD5Y-4*GM zIW1H74oTfk3bKa}rdP0Oa|;V0ZPd(kATCr8F<@)kOa zIN7gZAsF2kKnUF)&R2APFg|!8_OLSss`5Yn_?^4$w$N^x;-om=1r`De(&V}d;(&>h zZss8@;K+AkSp4nVp$v;gSOdCuZ*QG1e!|@VJSQrPL--|H*5BX%_3LW@@RX}T1tle? zuwOhrkR=Me3ARg^-@rPc3=YkBQ}cisQ&B0!9n_8&WL%7+AxsA3$*2}X%vb{Qh3jv5 zWo0`j-A(9AFlqVXnGU;S?VX$sVi5yZ1ke%Z#d7hM7C)$4rAfGHzl+1LvSX&?pltl1hVIKR8%vd=xGz=iQxw^_>HzZQ!^5)@fxQmCxPraX>nYrZduB)xh zqreh`?cmivJuXnAO@!OKy4a8U;nT3-%dH^O1^NsXs0B9*@y4hQA0a&r&C6G>_!Yzm zB$(PV#xc07tWK8$(c#$$Y91o0r>4E%5BRN+DKtmfq{Hb}MQ&$dNY~s-NuY0`%An!e zT-no;golsp!UIA;WLX_P{27$P#S0fGC@9D-F%Lt+Djh%@tr8~~7bZ^XI7KkkgM))G z?J`qu!RJ~Oxd}8gZVDiwW}N@#D!0hj3E5CWR&enF-cy&NQVPuv1q~*BuCMAK%OZ2lK#_#< zY^KB#wk%W(uo%NXenc4LZwjCX&Jz7GJPZ#HI>so7aM9TmxOPzuP-O5ERyzQGTui)f z-)1@1OmQ~I<}UouIy$wmQ-EUA@{m(4#K%zcptgCzs0vvTSRNID<_>n=u`o=(OU@Nr zfv76rB}^&;GXg2(fwEgNbz$r#KXC+4&v{DOlBSabisQx&H2rgWdh}uCpIEVk5RIe7 zx*7I!5QI(Ho2rcb|!lk1+yEej$EA{PX#~$gjfSfkE6!ZWC$C40s@ug z<>lSo=JT?$gchp5#KZycdgynYEG%e1pzc5b-xjmNLkj3bAE_$au$^;sgeBR^#AHhW z55>JeN!>&b@d%hl5p%V7^-t^{kW;=AaIti!0tgk$5}DdRv=7vkXwMBdc~=E>*?95~ZH?qEA>CtPeT3%+jK%3z|a)cSV9+22L2D77W7*7^XGf;EFfX*@!rCs z9LOhl-iRUUOJLM76EGy74Nz}wZa(kmNS0|C2RFqD-5;lCvZ)8Hl4j^wk2;hXwQ};zv zK$sao;NvMV5E;2yDKY~G-UYIo1l;&UlSP&>K43qPDZ&H$@1TSpm2XnDUG!B(sk0** z$c0pl%wfCX)Atz^p#$ez_{o2M3vijF4(BJX?S;UHnY3egoEmvo2ph5R>BPhk5p>*= zFu_5{*W|raWC>`3zbL%vv&iw&*nH5WcEWRc+;|M7P>PtSw;*rh=mKv*Y*hlQrEg&H zxOHsf`G=L5i{rgqTi5yPB-8_5gi!=N(mQ5Jf9wM14z)x3hMt+{{?*ATJZYYL`S&%8 z+;9CBmX`^_kra`UhH*UHS2eV_`FZ3^RT`Z9mMGK%`1gFD^IN#=;^y{w&n$n6Qlrmd zQ&Y^31a9niou}q`%Sp6jXh|DFEmI>umFzeUebkf?C*k|qih+UQ(dJFUTk*%*Iy&mq z*!YPVRVBo|$Ek1!qip^+CcM%2z=UJl#_r-pT@Mk0mJyse!1Q=n1uPG!FSszrH(8x$ zK8_?;uLgW3f6fc!q754~3>gI4AH?8k%n{&hf$bpDDzFgvBPwkngrQxlT>Vp5RTYNn zO&i#qrrrV`_v_c6Gu~)C%j1Q5O$2W|jV2VSDOzR8Lqz;>^&@G{T&=;X}E?EO;IIx5sz3|t-)HnjDCsd3Wmqf5uR`gzr~~eAcn(Q^vt^SA@0heh+sUn zF>AoyY~30LEhV|?d;P7Go00qH#R##dYPkfCgHAri8i%v97K*hUvsXLONz}$>hn3J6T;N--KCkSDH$K;2B2yZ&V=O**1&^lnC5RN+LfE1~>wQ*(y2_f-9jF6|n>xO1`=Jm`t#Uj9wB< zDrth_^*_Yi>%ziGYzUCotk)<4)B|9mh4TVW(CNVw!Z1&PiDd*#F~H+dupRRjOM>dv zJw1xT!n7&+y9tN39@I^<!XA@>yP93F3$RFtn=gjGT;y>c}vRt?wb{qHgKvM8Zc0 zTFBUVd-J7D-0X&mCc803gEMo1V2TA}kn&K z{s<}v5v~v~gw+bd!Ktj=584kf5|2%ILBSlybnV(2w3LGwdEiUO z=V)reXxq9vI@nREh5kZKZCZHYI1E~N9K;W@8xsf~yZ34E0FtXd9_?sm#*RO0a&Izy z8Vm;=Z1HoDmEDRg(KkR!kRJnxi;YiDFa`|^&;gVTLztL#i4w%YM|>2iSIM18S6|-> zOGPDukMIOZ%(-yYAgcJ?W--AaCSP{_!rezt(;a@GdI=jwXfw6Ro`}yL_Ydz2B`F!sCJ>58|sscokr!5EL!7mKj zDmvA z+u42{VJeR4Yo-3V;b64x?nBaaM1B~3jQYS~Ab6pkggr_xx^Y7(=E!9#IS!y9UE8;) z{O#(>M};;mxP6-(!>tGrO8WWR8B9Ae#P!|nP|Aj54#&~7!mB#0PO)r@vJe~p`8lUp zx*!hMruEiG&vn93HJ1kvHY5rho}O80r}X}G5MhL}Y?Es3+q0%E1Y1AN5xlbAe&r2` z^3x%=I`)}*>g34?jsjL&flJkOwTi9@<9rq6$5I^98*t$%{eS}~9$#8rNK2!@<_p0M z@+=A~y0-EA2lVSl`-~{?WOA~;p|^f^@xzDgZbsVoXSxgJ2*&f?Acy@`k?ak z=56s8JyICxZfAvH zQJoQ%oFCqu62?6k*O2V3?b{*m9N3oZ0o5>)TVfE&Co)qUgAGSwRr^UPk9^9JSm~8^ zs<+mXB6qSjtE2*KXuo7hPkw*CL{n2H*%KH@@gy>XT=*slwH;46{ESmeVg+)^Ica%Q zUw4OI>bY}c#Uu~XuGu4UQ4`03iBl%TE)lK>*1^`)i-{yg4g$;8mwArX;}<*_Bzztk zA`HLS)ME;T3Q<(MU9jc+*Gm^aeR}EACAJ-0ssMknB1i#=6)WI>{zP=Q!OK*w3=Ir+ zaYf{>HHKh7J}exP+FXhaQmIrNC#*(!=P|kO*3YVl*_T`P#v-EDRDtwIckyPyeU)MA!zxCwh*LWoa(x?jGL#TH*tKj z5nRstX1u5I!iRp5d)K6P9W@GJ}v4ZJ!3epljjD~rP#o|1%>;dbrZU6!}`d*s5e2Y*>wbIfS zT5qVoXZBm(BC!)ojY5ya#8AbE+-rPdMmU@G(r>Gfc&+m5R&Q@k8WiA!ER1s>v8UqS z8sk{e3V5NM3u6`KuTumG^7lW#H+nyp;KO61yhq6cjO3Eq<3iPf%j@5@d#~-6VPhJ}wgc8{Uc83?)=&(`m@%v>lv$}PQz)DTp z%JZAg71-6#bXto)Jv+CPx}xfCOF^KuvVvv_+b*=nks~ia=63HJe?VYQ-2iP zyT^tNFIFS#{)}D%7jR~Bvdv%4n_hyy*6pdG(i0vOV>(=oi+?{gmXU@kko&xjGYm{e zsXLsO@lS9Fz%Y1q1Wl5Qwf}S-`T@2N2*p%9%Z_b_&Tyzz00iXgOh8#t72B4+m#5EW zjooR`!${cON7U~ttmLunAuGxD8Q461)v!j0J^&WYk~OGvf!$u8TQYIkvSZ)kwI;Hg z(HcmsfP5fsdJNMR0j1SusSj{0$7QTOAG(czOa6+&*#fdh3c z_#ew@fvC0;Bd~J4yvgKILgjAqXBE{dc zDPim~4R6Zt?AV{ky4xXr8(sK`XSx7WUQ!=Oq0)kUr7#m~as;Q`;M1mp%+!k`9v463rbJ-MkD*IY;qMQPi zVq^Hq-q2t>f#!y8rvr}|Z!&41y0U+6!L3`@+^+Q9!*zvBfsmqZEn1Pri;>YWyL`4Q zx6Rz!ll(6s@VtU60W4bH{rI3OZ6wf z?NNO1>u%9ZzvJC5a6$w*q$mK$8r!))w^0Yak?X_GvIn56mqd(Ycr)|}(qcXoT^)D_ z*=F~s5*;$iS-B|Oa^BVvOT=>n0r#j(R0T?5nSva~kv)#8f{TCry?0a$Od`~Fl31pY8Jr8?56s?s%ws{`M0qVkT1KWhcTnQ zicg#M5E+qd7}Oad`jw3z|DrIovf5Fl+utY@YCt&e>6^O-{y@cp0?BwmdeAldQPbzo z@7BG0cOo7-cP1WmqW96OSO0L0(fyQOa&vqxD|+$5jH;V*=8eakIl0i6x60i=@hYOT?|l|%{TWKQp+kir9hfRgTUHZD z{^}n*90H3&Q4BN4!_OBGEBAyyBDcQ(;rV2iJ^DtzczjupP*1|!Aik%{$(%UAfBRDu zwnEkLY+oPR5CPSzy$K7#8O%ZoQkSbDBrR4%zC8#Y)i(M%OG``S6D()&cLa&G$^v$C zZ_?@&D_4@#NyLW7{sf2PY}lS|1!_Ml*I(w8z3xO`OiBslxIr)|?M{!2t9%4uG3{rr z@*r|5|D6$#j@O>IxMj->L(Sb+zm^DVn=X^5vu^(|7i*E39H3VwZxrn};g3WAe)8t; zrD>F@>?ZU~bT;S>xefh{j8HJw1vUiiE1`j;Mmt9X30;M*gRk@FzoNyj@M`$Q2Ou-G z&S1v3X%oF>{;iGqf+ndm^?qnpHG+rD{7uU;;caCy5Ds_4a1Tpt<~z3)D{ z=kH&?#!gVQ)PzCsy8doGy~&p9;@&ce`8FKuuW^r7rE5m>e!hO)B3Q|9M%o$BvW?mL z`_cXT`>yeOlnKhLut8`O(sxEJlqteVV9%g-z2)6ZA9LX9s`QnJxfg6854WA!`2)~5 zv5UTFy&SvEB6ge3j^68pE&ULE-8u?I#a#(5*d+-OdOu8I$RJh0b^v)^+2!1oE8dva zIa5Q{&=|JwI$7>I%a|RcPh>tJ&zTt+v~PxaN3>KDwho-3v)dZZaLey+uKpiaAteD& zH{+bOO@ybLH+OD<(ISzHGOtm`AwZIJDDqK@-Un>Bm~{WL1%~UmxP&sSK4Pbi`%+6& zv!St(V2_I<6A&krmRg{mmFBsa#?9|&zXqj+b2D5%j}Sj7{@9PyJS1*_|9MKsPSJ)@ z=|0&uHB)Wy;_>72xnZ<b4T4j3{;cI^W_;1}E2^#=Ej3G>}fB#ccj5R-#kB;uX zoyA;VQwBo#YI7-cEVg+^oL!=tJ2iTA+spP!aGPeUOvj6zwGYL_fUei7ZIEV-V|R6T zPy3duX!#^|li20Mtph!wv~&f*#>OivAD>{G>!=laqB@}gsx4A;HJar~D z>I&mt!38iT*#9v88JG;46&w@urMx_c;IFv@>NnW*D(0$j0*I#^vm9x;q;HU}YVKcj zrvd}`-3k$9T--V+>RW!M%iP>x!td*mcq7^6%##kU8R|JxB(X6rb_Ne>95l_r?8F9Y zHURLjnvrrbg;ZCAN;4pdzh`8T{-c>Q}QpIuK6P4{4p^9#tm`=DFp68#Q_ea z|6$)oM$X+NDx{<&dcsk5E=avSdSpWTu*)g!EDH2U&KaR|pND9_?x-haCp#M0fu|h* zXPo>9;P`J<(^dS6mpNsPFi{1Tn49X-_SJGZ+nsORJ>f>!ST0p3qrA+3Uxsj9n7Ij+ z%K7+stH`4-U<;SBPd9$zAfQWonYwf`f8-Gq+=||Pd-hyHpf4ap2A7Zf#UX~sqsm1` zM{POuG!V(_Z6}R@oVUX5aRL5r(ICa-VKwKFZ{svY9=4ZPw|MN2up>1@u=Ug>i}V$* zR|i?eDJm)kTnt6sM`{SjT=Wflh?E*bO_W@23OLtUegXA$Or~O}ZGLx> zh$wZNG^iOUro?d+>h^}3#$lP*b15(IQM8lNmuJFdQ&{HK6fgV@4$6h3UNCDq#8XJM zIRE0R16!S9$AJ^G<4p4pe#Ak1^TrM1`4?-DfZ*NB{ilI`SQu@ z$pC3iJ9n;#sJ{8j8<6qQVbh+L7W77G)~uatVi3&Km6?u?;K~E-a(S1?Mb0{APX*xo z@q<{X#!r`okh7HUS^@abzt`3EMa6E?S!Lp1e2nKemCTnH9PBNGMz09&8{LkTR@dPT zexLhf{5VhOb-)Gy`bOt0k>$DqlR^a;12`a;ZUKZ;|;;Nf$3b7s6vYt;Ycd6j%jJ zIQj>?`l?rwZ8gswARv01mIYr_Rdab<-oAft@b;QzW$hv%NiJvAaH4<^kfh_#}d$V^TYCFL; zYbC21iN-);MR$I1bEEBB7`#tm4?8lVMvy8?!~y#>g)~BymdWjP$-eL1#GTfCqONX5 zyArhSn#e|m*O{`EkAcyjjC|ZUFB@)DRjnX3x?nm*Ir^d1_xm4FqZRaPEY0*Nq~^SP zcNJHK#KAl7cFAOK24a&N)_o(QkD?7$W;K$Mb;pAj*cb!@rK4v;jpu#HQePXOouz3u zu!Jk;7Nb6?*FokeHSg^x%CFBh?QiEFb9$uwgHR#wW!{AofAU@tf2y&|nT5^tf@H)1 z{c{z{`wbjOi%R%amG>o%R&o=Q|AcHgIw5c~TTO=>-xVzN51-exnXqKZTbQBoJ}w)@ zKJ27$@@IJL4@{@ErGLw~>nDzb1k)R}NwqQir#cDFKv`T;p_VC@2NCQPY730MfQF!Q zP2UUC7cDX;T`V9#Om62Fz&lBaf$m4EF5ZC%}~RM%aU+PFxKj6S?{%N9zEU4_#cVYkNaR8rUNEQ-4BlS>bz zaVRXTl2x|s{3xA+(+q;y8sTfSnJ&@z%vV*10ZC{vJslB8*L?mQ9T|BlE^aKp(7O{g zM*$>4`*!V+Nj5Jq1~Q`h_gj#hcc}kdNGSCyn+zpls_=GGj#*JEfas-;{NG9iEnWJ6 zN#KTCIs5$s+jDE4J!|0EZ-_r=xqHCe)Cx8XvDDi+9N24C`mTTW%%{Z##_*d)Dg%!! z-2iek1giO?ZD-D#2g2Ar)OO?g^~ArfYSdl4WC==4aC@QKeDtW-t8Lul*jRlmXT%)4 zxlKD-gnxp^WBmR28zfR8^%BUBpX@K78#~)$fTDMPwurVz7eCISt z3Fs)!oLNH%V3isd1X(w`1^)xiwmTp|lEn;#UaGl*IUXz1zXC6k;lX-s)5j6rn3*}s zA@H3_t%J&iar#}@a0tduKHB&I#I>NHn#E`$7ijy7!r8A2&isuuA9**%^;hxJkVw#9 z7`^Ht5wk#`2VCf)d8gN|U85*=_XO;#I^O?0Tc*-K-Rqht4MYe1Q8?XrRNG*$fWyjz1*jN8DnwGvZ_ zgW`WfS42~Ebz9gTMIidqTuGcw@wt<1lkCFlIVy1;-Z3}Qx7gND=Fd^7FQfD%o@y+} zZVq+8<;&rPm2am3sZb(hY&poufu5hdNP%%QGCFZj$C9I%OX%~DvvzO+dD=wCl2Xw5 zSQ#stWrZfDPw(Dkp?3h+HWB2_-MhMZi;6I{A{3a33dLhY>SEAnXe^<5=w+fm8$tH& z<$2ii;Wu{y-0nd02r{^K*;5Q{P1~Xyfaxjy00^MOFhxDvri{|qIi>_ioimA$XQab_ zBYbMOL1l{Q@H5kaP!r|6>_X!}-7{vlbxya9D~5D6FAX}OpW)cSekS^d4H2obpZ(!Y z{Ves_?e!gNx38fZwN|z|{N{~Qk$L?8$GP54HJ4kzl+xb8!J)20r@a8TRO8rl2C4Sz z+c(bPIIQ(5SJ$@f+RdkL+2zcE%cEM8^jjJ{0)3*a}-Mx2@!`+hr3hyP*qJa}WRwPq4@Sat3 zUwCYMPM+~DXRdY5A8`Cil7f~k8^)GJeDJ&V$m(mu(ig0W*rEej75{YB1$S|9T3=t| z*|rBy6ov)@hJZ^I7dsSfbX2zzoQ79C&()MG?3rMGXR!TJ&+wUj%vANy{8(}@;q=$O z7qc5bX9`h7?B1uCzCq0ZscmC1B(}EV^k{|H+G>1D)(}fXJ|CJDoCq_5!f0$mh@Ao5 z5Ti-n;+X7ZVk8n(4f6Xkx2r_rL`a3by`{T;{h5>$dxs=g^p>C5Ed#E6B%^~1w`9o@ z{OREboV=7oNxXbkmY&pw5F2;>^{3O)+&RMNe6Ct(nWx4dKi)QbDMbqBJcQ`X)#iOH z_1hj=?iWNOjQK?%rmHMNA{Qr(Q_V%AyxSU5MBiu^sz88gwLX1vEBqqHe;Lc&#k_99MNwUQKc=Xb*2dVxHoLFK->r0YKjKgq>S#T z;yq%td5xUSe%@rxeA_zpk<0{)eke6h=q!Eo?3tn2lC2&Hn0cs<`edBwKmo}A0^}du z(^0g}=EUfq6A%q>$}N4e8G#y59%(rhSF~)45a!f~GI}-j4FuEJw%^Bo;QWiH7#-DO zDa^v5p99K1xLZS1$GiBcWWL|-ufGnhGA3tvnUfQ=8o;#6hVhS?jdxC=>R@fskbMO% zKWdbP`CfiK`#~ds@J@=e@71w~XmRjNug|^78nfDRT-ESLdM>GZiq*AWN9gQ}jxM3= z8ai|+NI?~fA%oy854r<)II&qby#12Z_!(|b_l%>Q@61Vj7CmXTfSDdUru5{&A-(*m z{<7sga}=r|E}j6ts|#cP;K3t@{{2^nCt=Vb6b?(y%@N17G*wzO^uH^*6>WX{y!D$) zZBaXiHtaF7Ip_1XV|1YSZ1kSCF{u;NQ|Db0TG+mQcU$+MDC)Le8l-%+Z=r@W9;3Lp z>rN*0*Q?Hm0~1Y|26s+D($QR!xI9X2m|F=K7ES<1Nbl-&QPu8}kmb8EoHaOHZRoJL z3lql_ZU?DtNs*12ivFQ;=^jLm1x$i$lEQ!qzNiP}l(A{Uzgf_wkYzGw?%WF&KREt4E>ibu`JVZ9 zZ1iLmX|-gfzeAhWTLhXE4Ydka$;=yo+uDK17uthFtN2;qN0{!{!;$NmC*W>O5UuZEpKhZE5W6>L5t$zy@onkP#<3lWU>4%bA_{JPFH$w&2&; zwCN&w?Yo?*f9||Xozq`qH(rI5EkDuKzYCk#(q)Nm$}^eiq$?rz1P2y zW$0R6s9bz7hgLG)fwyD@lIvLTxell4V$7k~=kyf9;`u>UbOBaj^2|hD~ zBB8kjwG|%jj;|g5`pY2F?mqgZkt4&O9nOFH)!i^sHJ<7e^#NaZ#^p_m)#71U-er`bmc9bgNu0|Dklc*VMZ!I3|M1 zU)AIlq%C)ic;$uDP4<9Rh(r<+bU!~Cl{xEsh|T9yeade*6Ai%u(go6qDHCO30omCt zSa4ZIBXrcD6jrSQR6#bN!qgWK9rj#U~BbTD$z zWiL1a>j&aWssRZdg)XL(dTF3|X>sq(hRGMwN#;I)GPsodj}WLKxm-+X8kkMtp8Nk|rQ zKI+|J{c>&Egr*i_=)$V~hBUzuri zb6A5W9Q|Id>(MPCcTJF!SxqPB&)8SRakaH;nP*k_segyn7o#HOS~OgZw|AGnwg#t>61F_ITBF&EL=mI@{UNKGKAb%3@^H$bG?8#E~ z*Y~2hr0lX}u3-0w>IKX_dAp_W@P6v)20EgHJ+9Y}UhzO*{^bC5^^FGc%hINw3U`-m zueOgo5*tnd|sodL}CU^Ov)KB3Qm8kbLrf%?N#1SVJhmTFIhUnHm zd3QF@7DW7h#adznij%ABuP;6=nU~7;Y_~ID5DpeD79mjb?KgX@9~WzWCV=x!%afB$ zx34;=_)a)VR?glv1TglgRT?0=Dy`R*xlyLtMj_Cr#lhCK+(4cyOI#HR$NRPe9o-RgscsJ9B|bm*)lNk#LLhLmlY(< zvAalWljqk^VBqH9d}-J$DmHiKdvO?5xjt z*Z_?@plE&mI4T4Am}tG#jnF>N3(Gl**K}Esc(qNtoH3&pWNx&v&htsovsIP_4fjdoA4V46(@%$){&?!RfBgmv z4PC!(`k8FmKrmB?Xb0)NJqYN6%)WP+W|4z0AT!PE;?9bz~kMs zeQ=dw9^AC>Ppl`LsrhWu)cohFZ~_0@0KFRy{9}jsIsN7lM8^O63fc1%vZu5LKmqc< zNXPguo-_U~ghF^jVe~lbiBhmgzMT+%?AW0yNroI0EPrhMo(O=B&!y3?Upvf+X0JyK zTCbce5_L72WIcAKMfTcjqNJ%m2%n(6g;~b<8aCH+b?a}@cV>r_0;%nj7#SK`i+dYn z^%|C73|Pnoa(3J{lBme6#h+_xUOD10aKH2Jj$;3I|9(W-7*9z{&D{9Iqe`!CNp!T> zQZxYOT!x#!va-_S@_g#PK4+O@N{3==Y#3V{Yj;A-mMbJRtXR32#G16yv8~S*(i5=W zuT|(n?ZY{`RlArb+<9$QN)(ZD)@G*Jh0pAJbYkO>;pZ8C^sqTGYwK!Vof;r1$GLNR zH(sNMu@C3=WMpPi7(Pchd-$;X$7fVV@$o%y;DAr`^;4cH37Hh?Fnczt{MTiZQJaY4 z4t3hMs^`0*Neb@YgJJxIB<-7Xi}W~sx*kg(afw6^|QdUNkQ zC++gJ^IUWs`q(tIFa&6oj-@R=Ca8C}6)WaUpB_if&HL%hIz>^Bd$wP{zoD}o0wu{^ z4TEn7TKAC3V9gI4Zm7SuT{miAZAInqxYX1WTW25fYu6IWw=qJd{`$W2rs{=py({ti zmY3suu7gWJA-CIWCWJAuwipY%zle74G(B!sa&__-Z)LSgpFjpzgf9Hte>LfrrA%Z% zgLh_Ora|-ULaOLmg~TqM?HAe`%z`^yp8x9W>&$Nf0WIQ~eO-rInW=A7DvqlcN+h(Q zxDY@VvrnG%_|ut~E?Vz~?Zx}ml6x2i+qzZUid*~{soceCD-?K zGLm;&jF0}rh*57d?;RdAE@P0~W2L1Ux4Ko$J)wcHva-6`m6<8?=AD2}EQprhevR1Y zD_5ETc$lGPy7%9!tMVn$tMdN4l1P`=83Wu(k1;q>-wS}BqpY^{BrffwXFt~7AoOMY_?AvlTZMD`xO@HjBKPrqC7+_|v8=$9mrZA?@xjFr1LH_T9SgQui$#fV2`v@47aD69{lb z!mwmoY2ax5R`Y6)Tb@~Pxj4(K3AwHKn2nOD^3v4FwCn_QZbr*dbpsfQapW|~Li!$q z#fb4L*XfN6dBT1@T@4LTwOVMJ0ShyRFaYJA`KV1bsFv>CzOC_k1eX9v9n+Swl9JK$ z7^SY0XWap0r;$-<*ADp`s=ywvg!lx+@qn$wN_W(5UBj7(@^Q|Am;24f-az7+xAzs| z*H9qJD=6TsMh5%**YtQ0at18`6tXnM3CH>b(+Gr!!gna4T!s9aoY_&Kx9o z9ug-6rjoU$-qUQ(*2T|LL!tJ^Y`cTrZH)Ovr28i@J8J6acvn3Th7#=F_FX)?P#PR} zU35z`q`(-&zpYfWTep7ykqP)c{06viVcM2Y`!(Ku`GR`9W79f57{3#1L1%WQp5`+vyEiVUM=Jzxu(0pc`dtU%GV;UaM<8*Wvs6V>@bp1l|d2Dg0+g z%3&RSNl3xx6KBpmDJoJw6S&mL$$r+X$EODa6}_daKFCc(&xSZ>BG(O%e#%7`CLWAJG-Y?F7+~eCyoU((UgaCHa~*qVBj0 zQ}1ry{{3p>^Hsxw3qI8Oh{t}C+_H|i*mp&!ylkiG^8p-tnDm&`*3Lf{d7&3}w^m4w z)r^q(LxqsnSvI5mHCZ8j`cyJK2*iXFnJ>CIDX8t3B4@4D#2-e4hYKky^4s6=RO9Qv zc{3?@%*T&iLPKYbX+Ar<#q4UY2v>*gk-&R^JmbX-QOove(UV#yJ@mqwu}~bE` zm9#RCoFtYgA^b@XtC42F*MEAOSNP;?%vLvtgGouF4*t?CF_{#xM=%`%I%EKx$sTZw z34sovy_k~iUD@Lm%$MgJ9@KnQXT^adzdISYDx{jMevt+*q>^;<+Hxg1UrT;ycMr8R z-xqQ9AJ=LQ-sLPf^;WMQFUG<|-E9@ ziOnK*qsmc&b~GlYt*CmtY1<5|YnJU=OSE39-B%Rt?I?NR)V8%il$9wA*z7&x?pzh> zy)NWkRK9!nvtg}wtRJ@B*5V7s{_4ocAg`BFT_X!`jXi2*Gm1P?6-33Nr4H5CE!)L9 z)qc*eeX3lqa62LX<62L1_i|>dOK(ZZMh$jqEcaQ`?1zLMHWQ=(M4pQK%XB zYU(C*B?@78KGl!bQA?WtRO@S+Wt*|#Gv#@S{!LI5B>jLmsH&(40>9xm^7FksJ;^lr zr`zx|v9TgSzSE6a$aea_FYm15-}G>GnycfL2DTB8LuH-kDTuo;hf zFeYZ;=6U+8@;EyUA!i}@-t0nX6*iDPZU9#t{va_gz)q)(or8?E##Vi;uzmqmm z%%+g7TvDfnTfY;YTK~(tX%79hw{p{{_|#N~g$u7HBq)}qqv2$q!>R4l+~o7;qhrGj zwZgSr6k%rkz|J~4uyV$#S({ztZ}$qB6rX%2%UosV6x`)DHsa8Eep+Y4CGxY-n1OC6Ltmjz#V!oV zf|^ngKe17O+|P>)etYNb##?CKCQj@#aNsmrcIiy$pW@;j*)q3Zuev}RVjzSe+iP*} z)-98vL$yAhmTx1sR3lA!p{wsB-VaI3RcwWJ1{;vnV8s@asfi8ZTir){+5`4Nb)w+g zxbZv1SnHI^3shT+@OIx@_Ol_LN|s%S6BAk2niVS`>d_%jwzJc$dGqPJijO8MsIW@y(dC`*tcAGT zBAupzKU6*N-Lu2AZAJT6qh>CHa{we6joASP#P5=!jL9CAcf-$PVr*J&ATkxvQ4GLR z-bZi$C3Jnj9p%HdA#xbl#34tKg}ja057D))tqNYk-~#L!CB%gJSxL=S#@>y!llPif zGopijdyYJoRYR#@PD7_hSGhWy0dys(CPAgtt!R**KYyOuK`U8o7;M=L7&eSV{q8}+ zC8Vt|{@Fr@rQE)&OlXI>Ou?$H^>HtI@q_a-pVz#&&=1p(@O(^~#Fn`5Gugh^;6l;; z!YLvGjT`>w7M_BTNwJbQC2d)kkh3xzF(O_0CI){YHV-lfe1z-769JLK&NeGdnb3PA8H{{e zk6?XFy0QHldxPyc`oG`z4(i44ls(|SZCP8xf`3ss!tQ9%F0cRsXeg)=dp03x`j=HG zqM<{M^_?mjL(SBQ6O~K7D0vui@-33&16;iXvLG@M!dZq>Oz$UP!Zs0r0NJ&qRJ%1G zeQKgZc0+kP?{`OF-&0adD0JaVc-QTwJGT8%Zb~uflWHllSS(6KLG zyhCC}Omr5Cm2$^L1oI;R1qnHX15A^VbKV1nbE3ppFvR2awy4W$VSdcV60#vZYxQ?t zXOtqwjocLYO{Tr2KvL(X@K5!!J@nfPXN8eOdqvze0)M$ZE#J@j1ZoemVw)}~fb(H= z_0I+wM3sAJ_!@4|NCG6RRRW}udrd`#_{6UmpAa)x(#20ZYL=%O*5B>NIwZi z0AUm$4|PhNkX?)Z5ZjCp1eE1>-3b-!dwL2?Iyo!HvfOcCVF-dfZq=CYCa#_tlq*+m zCW3MQ&5mM4OkUV%cpS9k+`3tY%S?|q2=OEh-k8QBgtg3&ecoM-Atfhq*h0jOTPC82Mr<1@1)VGR7zqH-Q(d&^k zErH__#?5nL^)!nY6jpwcuEW>p>~f~3X2Ko4AU3+upt^udY$k(Lg_I^{=CDVS3fml^ zo121$n$3iKIfBmK4xYt=Q*6_wi?%k^#F`grZA(`p+TgI|VdNiCZeKI0VVx1F%3vB! zKYsO=-Ci$^RD~s;D3@ESHG%T%>{&N32##bvFB@9GzGMXy4CEMXTEG7G{rd)3@Heu< zm~MA&P+3A{ftra!k+l-?vdi$=ecr4)Jm5l+W^b_ei~S%B{EnQVwuvPf8z-;H_K;Y4 z{v5qxy?q;Ay`8{2EgtVia~>w-k5j)~zFdFO+1G`mbNntF*q=*5ATREOjeN5^Lq+ z@a&f6MzrH>31|SVZ_5AItK`DAORO3+?d$vY>9ZW8C24rz8;Dj&0{Qo+Og`HWy5ju{ zh2{ZvLzeEC=$z?0v{i3V57L%VQ4j)glhUI5n9U)%WpsV)vUAd}sM#;(1E)$ibrR_t z;M)=m1ZL|i#6{>xS9zlL$FXpl02T+$}*w~E9oN_r8`Be za#^;F)!bP+1hWjB^4vvTZ*|}wxpIwr;jKWGCzfjLMoO80KLXt)_D$`UwpVBXyWH%# zpyOv!b`RDiZjbck-C;~_!%S~dzNg07znJ|E4PK8%PcFPL%Ag9yHZ|KUNSRN)-gk?? z3IOM4>fQdo>!DMt((RA5WH-{sUndk8-tMilk5FjWCvj;$3>y=kd|+ij;r z!?KYsq~T-nZW%ot&wu{aJL;l;4o%C-u;tI^g!-^m@EjzBEYLEQ>x z^XGeB)D!Af;CSqzGy-|;3P7$<Q-!# zRFGA56>}O=*J5M1X7bN+K0;I7&>}Arq44V z-z(i>Rk?!W<<1uyMxa|Xo|h(eJo@U|H77j(lms3eSRNh>cwUojvH#{|8=G`05>5%I z4P-0yiw0AUJla+WIzW+&G^>-QCMZC0^*2Z^0c3SMEdOSMaEoAh+O8WB$)U|!ZQv=4 ze@X1qsne$k)-}}JgS(kBiC@O>i?BQS9%2=h7d)Ki3Z^0rMQT?I*2$@qlv+AK_Cqwa zg^Y#A8@(1~!6l?({xX@Tmsi0EtJszNw#z7vX3>t3ayEPR&Bf*SWgu{ngf>T#W i&nl9eCA@BEi*nfLvs3L?BxDFp{-p6!t`%8Ay~+GBFMn1{(r~xnuUA@HfsDCo!MT;p zWHxOVKfj-{L-@q_nVLw;*hJ;epP!%qv*hM%gUW{Y(#%D3bMy4_moHvy zqNVlOSX;Pp;|7^b@87O!MiADz-I@GpY-EIC^X9|8tMYd~sxsWKvo$d>adL8EVq#(s zId$^n{U?;y*M8?(TNh{NsSpmaQ>Radg!2&k@8l9bQPHqxJbzwYU%zD|y!sxm``Yq+ zXJ=>DtF2sIS(c?|wX|r3WJn{8B_&6ugBbm_)yxP3RHKIM(s5t=D}zMHj#sZHDtZ0* zwQOc)rV+@j#t;`5=d(Da#>_@7$ZyEy-yRwA;{I*^)z#UCY|GNzf&v2_9Udi5Qp7kb z{}K7ahi_JpH($JX(bv~EGc(hMft?`jkCURCFLsLS!wC(b0bZsB;LM! zsdN1JW-HTk=gyg$K1xiqGBq{DO)xPD+OQRksyll0==0~#6A}`Xm6h>t_4S>EIo4=e zLH((ufKMUe;YS(jpB&C(?OI-3l$Vzu{QWyY#jou7bJ1OtSAc%{!h4}Oy#xifF|3`K z-lN8#U(|w(xNdp1KZXO$ys~@u?fWzICAO!h2PY*eTHV{5Sbu4Df2vW&yLaz!C-IYp zj=Ays_o~D*zn$ezpFUkxRkh!;L|aeK@yZo72A{S0wwefmn&M$9)xF|Os!x(`h?_|< zfBEu7gW<5e{G9bHPKG@sH95I|a&mHLXlRu3I(+_vKfm1T>}(aUe-mXsE8m_RHa>as z`rjTU_K?;f0)fbdulh>)Dn>>|x-C4m_V%F>%HQd64|H^N@H?M&*@FjNR~M(hfB&AG zoIL&`bKIOjV4%gyT#97b{G+FbUqE1Er0E$V_3quf4YvV%*4VXDK0K3^(I*(NSMs8 zDDXxX^XD%xghXNa!P$ zbi~yEE`oU{eX7RwS1(_l&9^)0?R_LflaZPEXQ@{~SQt~2+8Qgi1-Y@<{ckYKrdoL{ zK#HmY=c}TkqUm2XmoHzAfAq+r_(pwOTkJ@%GF75L(9vgXd<>BnaWhkIk;KouGRgk- z?Hg`ccu2_o_WS#pnVE^|hYlUmq^Gvsj&-?mp22DQ=KR=cgxSM~XEZg*pC0;=iE(;I z8LS(JxPzJTo?C)^p$(bl1w?g+AFp$AbA=TiPPVqSiI8Ou9SXr&QSLCcngVB{Nw%dB zd3AL)m?f1SJBlG$?G7E~Y|L;rn{JcDm6_>igi_PfkC6nG-n;+hSGW86NSbmcT>s}N z5y{Cy>Mv4L$s?*oQ86)YzpA$|2ISf`38!43I>7XqI#M-~rRwshU^a&2M~}EuXqH~% zX#2|+Q%XyfkO?rm^z958wf2V$ev;2fyy*SLdjBvOKs*YCkWO-CuGo{~8E z>o(`k@u}BhgY@?LeY{P(_^65y%!3QQ9{jDw<#JESO$H$jj;QzV<=2OHu!xC>+^Osj zKKN*2!V!s=99dA{e&ND1dDblieB>nV1aDZ?V+A(}^pBD0z^|CiO-Z}pLw*XL^l`~=Bd`z`fO5vZuB7?L9+i7BXMSS2Dge`PEu zIpS%#_mT_QkVKL>Nk#C-24FyHHhS^mg&_It*|WingufG(XU-fwMIiLy)YVlLqB)Ul zR2hZ_2j~1u+}zv{W;n0Ef6g!nxw*}+(-Tzvu=&XTB=OyWEPOg?Mzb@N*K*-2KE)e* z&EI|f`qdFhp&>zu!}*n>`=lVbq@-l|CW)}T`7^cPrc{mNYRQINdrkd`3LaDERopK+ zIE0mJYin~W-gqsz?Y8^ho~H_Kj6(VL-(ULj^ZEPU&Lsq^k*xTqHnwit=5XbT5E(V6 zGjZ)xO^pcUtN;D!N`Ln3j$f0=vG5Y-{tB_0^Li&v96ESVgCWzhv`D3fR@D?&HhqUA zZuTufDU4`jXejT!=$uHOQIUSxyxD#vOB%z3S5^@A>a0ix&MT zsYrXXc!!IN%k}F`EiL0kzQ>N$%JSixs0iS*#Xyquirs8@#- z6&oH&U-D0TPfGt>i=e&l=6sEqV)HzdV2-L@QbjD^G zQK&0e=m`~ABVqLlskq2vbk&7k)Ab^ayW4f{v-zcRQ-QlPlM4FY463U zEGB7YueIev@%2X;PKtB7yDzNI9U!PmP`;8{NjJ@uM4D^OFn;>v3F`Rg&!OSr2}f=o zXi}q6C5SU6ZHQ0t>U7q}9i%Vcq!)J}V8oOl$R15g7(9FF(r-%f3a2Iv0EMkh8+<1| z)=Sg3u=x2YgabF()zy_v{SH0rx4OEJurOW~-y=w>f@ci5R8{&jQycS6o$Us85|VN1 zIkNg^q9gAn6IJ9MC2l%F5b9`CkJAg9{ga<>nqZu-$ir z(1A3^Kr8c5=he3TmeH}XtlUx`y1SqHExoa>q+{7(YG#Itq?=+x14Oi!AcT_WGbNe? zP;i4!T}VobsK(0{$%~64swqSt;129Ac4uAdiZ9{twl+28&iAE>qkMmCYr2NQQ=~}I zgv`aE;bA#BIVPV1CC~Y>@2G9q`$v?Nir2pbY<>RxGCyDD@L{u5>sl$it+||Y>sESJ ze(#NSAL*K@<#~sktKYY9g;n)xX)&j}XX9R1?3y2SMoDy^{Mlc6_3G6vEG$3T+T2}S zu*mGrdwh`$QQ=ORn7F&U8)$1U4k|dxdSNdkz1;qL#R?VWZaW92RB268f# zm-p(Tw3L+d^gtE1xQ*g6&QfuUiqGoebyPU4Xk`#9Q`uI7h=AKipPhIt6QYy0yu4iI zw~lpXc85jEwF4{FdhC#eN&U5;2{~R9BvA1hL%o@)Ds0 z&7Qt%0kzfDbV75hOS27`{wfX^uU@Sma?#=mdF|rnR_eWU;P2IA$AVH)Z1nW*a^L+o-7cI$?`c+#XijoyGU^f%aD-ED0q zxQ52Ysg=LwHM%F!b494EkBp7I%*Yu1{rh2DTnN$L!C__WRW^>Lq@?6N(VpYnuTCZg zRdy7+XUD|EynQ<#xP^DBZfOw_fcvTy#x=eF2(WyS+xQMXKKd;@`PP+z2QPnP$fewE z;eGouU%aqu%Q^=%+g0GSfB*jB`Rcv9cjx5iYbGj`b~ye6#x+Pdas@f0ua6S0B@&{t zxbKa}uPe+gELaua*tgEab}YRm{_$gvJI3;girY9j=iYBE&oEB!DRd30ve_jj_P4vZ zt*grm*zoBOvqG1l&bJOYSK8jpH+?5gqmoVjJ}JQ-BIEj7ujg|TD@xwuc*^V5t5*wu zx`qb^4geF78$-A5IdbHPoy^%&r&>GmE*l#eP0dFLsQ8XHr_Ic`I5>>2tt^O;Z~W=h zN^hB+oi%u>P^EhwJxG6lKXB#oCP-;OupS?eGF)+RXc?VTo}hQ~L6_Hxu3YN)*u%hH+9g{R1>Z$R z3VSkzkg#N z6`uciyR-8wx$*le6Rc1=s=Uo7h7$W=ViB;;yQ^J}j*fTl-DBlbAoW+!s@=}W%KFjV zTw%4)A3d34IQ2KtFCaKLc>BRi-q#A=zJ2Q`yD~rCR`=g7Km;$&w^?~@HC4ezP!}^E zH8e3PNJ|T-?C)~|rUmv}c_V-*1C=1V z^oj6gC zRWdnqrg?M@$6uNq4hjtXJv@9&Q}fZ|$1`WfTk}qW%fM=-rf%{xKYKQ`TuN3JIn?+1 ze=ko@Pc(R;p*j)L?HwKc3nC{I^+%DPaKsxoWMjW*F<5gyjEcH&`7(}i$=-gsjz7Mn zAtgEaWAPfAfjzaC*(l97r>z8^k$7}cQW6b4OP}0E%Cl#&lIKE+DNS~4Y;4_*j~+a@ z?JnSqgo#i9%p4yd-)~j+X;1^UO@7TmZYL_wP4#b}koY-oAbN-(+`JV`Jol2QK43_8rOIYw_Os%fo%xd3*Qo zXJuq$f8#d&Wqu+@b4yE2k zPUWXfOqljWTYfBNC7tsHQ*-*&88dV9@v$+>;u~9>(nG_-x=L;y{Ht$ZlCJ;M=0M!S z-`<7!c^vI)IGA@yxtp_>EUQkgf*p!Q#=%bVoU>E=A%MOk zIoTTQ(xpq!qoSf-R7P2IGG0UmE4bF(Nl95KDG6z_zw5h@Spn!(7Tk6m@t7LVF6T$M z0&A?#CT{eJ$WGvk5#T_Fph!@TRoup+1*yJ1Ra`)}Le(91Dg5~HqX%pA=g*%HyZ)ZK zv^XB>7r@V?rK$O8X6Oqg|BZ|+E>2%y58>qH^+K|kq*3&o8+m-l0rX31R@QpGTrc>& z%`?}RSwG)C^~1E#}*ZoO#N$AMKD9vcgFuL2>G84^H!NKU5 zn5`Tfc>7K&IebIhfs3J0Q7wSAnmoKCV_5dA7cbRoJvWtpdwsf;cS27OnLjr#4^6%n zkI)Fx3`*@590-IKSevDv2WOHBlJ;uHf+LvdEl>P1B(Zz<($W$w9bGuDTzK1P5vwvz z({E$J4-oHOXsErD6Vi{$>Qp6|xaI9)U){wIO<599y*W!(MabfuI;yIK+sba5Nk$p5 z`>iDR?$y)NBU^}T8gix9e!N3ZDGe`PyuUg78>b7*iENm!Qb-iCy>g|HG}=5hHIAB6UxpvPS@YsBs3-2h@FnrUh81BRGctrXx2xs((Lw4 z#JZ`mu`f-d5Dj-^LP9ukc@YRBLSW@h5LOe(rbjuO4!l{e;JK+`mZI?bJ(?ao96!hh zEA)a?Ip^l*jg5_q&8*wsSTiI~wl%f2ZF4at1oK7HUg6~CUc_E-?0Q$<*k~ABoYpcb zBqWq>kjOQlEX1dyz{mIWTJ`4vHd{VID!893pZcAV_@@y%`iLg98>kv@-@Tih?LiJn zRQB;)nCu=I89`0p585@h^}lXZbLdZ30VSH|_LC#A!}9WG`##>8rr*cBWebWMNWJ4b z*<*CH7^JzGC1bzX9@w*I50Egn8z6CBZZ48R4eyL07*({%EC2p*4CH%8vY^=w{@j?X z@wd0!3Pcqb*FONt@{RRkwDD*j4jjm3^=fHrs}ZP7lygdG>?#%FqbB%sCbf(r)PN}~ zx?egK|Jesra|m%}mPc3l1`GN6^Q2HVSA36#-TKAUED03qLh@5#^3&Z2AGMS#+HtALW{oGa@=Qs+yPJr?D@ zYg7G|IA3=pk1bo~=jJpSKnnEr^+iW>%E=WlZIdKD6)g4I$$q6V2@K?xvF~RFs3Q7l z2>zPIuESVtSB3g*r4DUbh(KWWM8EZ$>#IxW1WHy0&)m+QqU-@&%3+s5Z8f!zh>*)) zAKg+pCU^PU6M$!~ty@o^WY>(wrZG_%fk-=CB?$agpQGs%FQCswWcReRty{PL>3pk;h6=X?O!#7}M=lkQE)_vF z1@xW>+2+E9o4O+;Ph(>aC(r$tFArxuBe`{B9UMDy1LW8#HO_qsHgzk3J}+>imCU6`gD-uBN62Bziu_6qvB7sYy3hQj2nXff=vK>K#8mS~jbT+-Pkr zq&|XsgCqw!J_|40hLam)r9ir3Tr7AsJD%ntU{&E!#?j4BBh5 zr_{mLmW1ky%n>%3>@m&p+dGJfYcFwhlK~Ly2dgh#-a*}!1~p|qcL)^rgFEiEg9RzOeC$W)fZ&<-vyd(zSd z0E##l{v2&dFZWsD+A!A9`JAE^M&=d67kn_N9d!nm3wk2t-o3R!tFX{e1a$t}w}*GI z^fZR)m!99>(j#Bn73NI|o6KgVDnN=*hjP>-SIe`4UU{%A{hL-?=jHCD&K@8CTHh-s>Ya z_5#-u+zL>5<8M#>f3*Orp)z*J9+Rv_yZrTuy!Y=H0l^Ml`U>Jk<>t&zblC+?Rw}MS z5w#9MNO7QG1f*>?t)D?nI&mViMPc8*egCy3D8{mKa02up_9pfORAT#swVnaXB-YF3iO0<#Uwvddivps_skkhGCgTup@ zFJ3J5S_pUNIDz`HJU5DDh2%Zv7r7WG5>8s|ucQZ;L)DhvWQPw$vMjN!oZ4(*;qUx$ zX>ZWWSFb87Do}!F0Nud!{=2CHY6H?`l<0}aC@RRFZz?#96(Gp?dU`5sJU}tVI=_Ga z{_B&&vr+Mse>^^TMilz2u<41~V2yxiH*0p$_Rbw_7s=)fwQvBHFej0_3+W4tXJ3!K`{BJq7Hd#pK4 z*G73V*2*`eZ-$Dz<=bV!U|zXvdm+w2yRos`%V})#I13$dQ~6T)hK{Z-mQ8*~xZyuK zL^pe1Lv~whYw(|7qeK=TAD=DE%qZspxpLcoG_af_XmiRZUgY<6c%vf6;}zylGKHK= zj%5jmx43xP%&Y^+rmM3PG9N)GvS79l)CkB0G`6A&#GHy2p;i{!0Bi0$9|iAgBfQso z&BKJRLf!nI7ohi3b+xFNm}{X$3N=yF!@~nn0WGoV7C~^+%nfB!o3-g00U%CIdf_vT zrk#oi6-QZfW8)}wwi!ED>H%kYBpUw1E~z^k-kdyh=HcVVp+s=JmvT&@sHv9M_Al*S z_k6Gu{Wy3C@Pb#NJ~XhUDe|%R7(oT_x8{z~i5Vnu^Ye!PoaW~72otox8w;X8^&n` zSDJwEA()^oH54ybCkT=UpETH9`y?_L{6MvuSNGyxK6Xo`t&z8HQ>!ynPg3RHnwmvC znnQT|cs{?NAZ$3e(NuyC5`-dws-HDQRg6cFmq8^FNUmo)aYJn{-Ao)y@{RWK(#>g6 z_I}intE3mNU*9F#U%mP#e-$NP%phTPs-K2UjjHk3183#1!zy)`FYNxQxYN<8ncLqV zd5TRPsSv`CN)g%G6gV6#cp5TE0CfTM^TQO?7E5^Dmx0qE-% zyL_P8)rw>YE~%-hFeM1z=Vqo;XQ+G=9Ua};+R7$!R4-n3%LCy^J$5%7oG;Yxh{JJz zKipLN=^ZT1$t3#5Ej~VL$UplmOH4l$uW<*KdQ1<%TL7&coh+A|2VpKW^=X4m*8AGQ z(n|C~%Nvk^PFh-i^U_UkVN(Z$7zjzXqTH+gdyBUrbTKBb3QI9}>;X5szQf{N!ITbQ~cH=Pk;cg<^EBIyk_K(8P8(BV%`} zMn5{Qu)B8$l_IL1LI2|5c$Snj1>*|@d6Y9>*j*qqq9|3-&tu07uZ1m2?yx;TMYEO4 zKPqL`?CV>N&7(Rk7kpT(Zd-ACwH|T@iSzi;BhoqXv4((gFNMJ^bWKpiunsupFHuyq z#X??ob{AybN!N6^5f;3n$Q@4^COXfaIm5-zpMdRZ-TwaiFNHNEY~Zc0A3hNLWW(xg zg~>RLCHnUjz}zb%TX!FEm25>!!Y{k3kR)1D@dA21oJ7 zFG=7)Zr}Co@+mboGmERgO#Gq`z!-O9>JGWJzUN-p{+2&l+1=yUtZGnRJm-W_tphM;WV*>G7sa33_u?99xn z7NNnz$s7(1Mis7N5r!_8mDuE1aOn{{4zq9DwvCUkzBu?UpQ5aklpz?}Dx0?j1#+^o zpv}nv0Z>06w%34B9%)S06E*&Do65gk`|r};BGO{vk)Q@z8TUyG+4y}P3C3X3a!f(o zKpt?3AKs+-b?40O$km@6t*vCD@O^DG=L1L5z%8Voh?ljlAfwD-_5L%)klo8FirKl* z`S9|h-z~_`M}QoN`>KCchoH@}TPbm6%A&+@%ys+r?TbuQh{5H?zIdacRHsxs^RA4bTVP=I8hQ zawiD(r%rlTADg}g4%f+P*jaw9!S#r`QvtRHeq$@etsZyrOkkb1!o*g~$%&B>Rfc_L zxhOrqUH9m!$6uB6`hf3@&FgSHbm%Q)IPVERLh5bo?(VkXsm~8#?oj5@kC>Xt0&aZP zL?V%%8zf35+|Wga08If>Sv#mZs)kf+y#GVJO5K&bKU<+9zkJ!*)I?P;qDsfG=FMfJ z!bx|h>D97@uWwmtX=z#6I%w#C88gq+>};!3r%o9gA9U_ho!)U$r_M=X(4`R6qMj(z z_1ZfvaZOe`3S1kVYV}tJi4t&UM|kVA)L% zdP(i=?X^QL8K)#p)`vj<0>Z-GY)(Diz480c_x%I#6;L|lxVwpK=veIR>_BQb0~9%Z zA_PBeY#4@xgB*$70G}3Kw{B5I)#<@Ura-cDc7B830QcaR>*}b*j|Aw1D3~Su_HA_y z4Vw7+YO!mahc<6-Iy!^v*y$|{1mnqEi6tXe)Y;6b}|!_%XW6+fg|D z6DMBM`{xtqm-K2E4-6a;20nqMjjjdBa%ju#BUd|RUhq(7h>p#g{r(TU{O^y;3-oUx zqNN9l5>oGLH(bWGqd|eCE&hUP>!+WEoc2M~4|=m?a-Xu?RC$qXk6ZJi;j)raDOe-~ zh_^D~WaVsB`%8yN%Hbm4ki^HbGM&E=YuWE7Gyqkig9Z^Ya6HK7S}C|PLG7SiGeym{ zb-pz~RBJ72)s6mPSAe6_r(=Nooy87C|5>Ftl7#Q0W=S#Mv3^-3^mjBeGGtz? zJ=?_iF14UN$RvYAZomCz{C0h@CXOnMDd`2j+ow|uTyu0vU%|Kil^Nf1*yV(sH&h^d4&Kd4nZob4OZnu zt)(yk;X4k)<)N~^2;Y+U?%j}m#6?Aqj=1*wK6tdpU{Sn>JFwrtJme#qkEjO^MD-pC zCR85ZefUHWLo!5i&11(n4iy_8J9f;~^pIWSsK5bLWo16M3P~5V~Ta z^{fPVUwCC5xuZowW*Xiuy1GBQ6^u>@x)CdnjQIZj5hJFa|K>)Gd$>O{Bp;6w#j=BL zW8cOWd4@X>cCUcIKv1fWHgYwD@1vuEyddMVOqxE1C`twNNKS5QZQZ&4jHY63_71Zj z&8Xp5`5pS`8UR!a3lBHtFxa-fI0@y@LUNm*BFY?EqPa(GiEv$jh;BMYpQ;LY3`&qy zKp6_l3E}%5Z97mShFru>JSGi&24l^UQUTCnonwmHW_Te=!$Tpu*DL4~*w0271|M1k z6FYM*(C^x=3o5s5OmgT;-G4e>K`J*rb;OjleVv4_14F$$eTI%mAx116b2xJ6$idD}kl*~04^kI=71NI2ONSd0 z1r$iy?^mL?>}1a{rezc2+_p{5XL$~Mx&EFFxOAa%R5rW;ne)-EZzk}|5Dx2%)kAl; z0$4VkK92JSD!i|aXz`l;y=72cP-v$x-{jB2S+H^?1y~>`A=p^@`uf0J)Yq#1LQX(F zMpl4B6%y__li+*z+-}_X@%{T+gWr0~&!1n-*TF;j`x7K%i+xsZpj0D^f|vm1x_%XW zEBwmanU7|xq({etHUDsnMseOJA|e98$QV^OxbN`wflr{EJWf-|#`{dPOJA>HWT-eV zh4i2K`ZaFGg9i^9)6XVMSsskwS7O|$(zC9x?4Y*sV_RJ9(o)f5|M~;-h>btSN1~)PkSU*~Yr&(Yt+1S+5Tgn#) z!XQV^t`GkG8)4lJVj0XM2tP0aIB^v9Z|2F+@~Wz6*H%)=C5N#nVhxEWpB+VNw&n(U z+dSv=g(f05*QISgTkRuMD!1_;{riR!y)21V%23PDKBWBGrHYV13@v7#1=(8wBP59g z2QnCNF6UR4nNuwWDv-I6Bin!cc$bvqU$FWryG&yLesGxo{{4ggD~-b)JgBR$|GW3! z`r3+%OJ-CsX%T7A%5Uv^M@QVkIT!gIV4Yy&S-pDxJjirLO(4j%j z(axd0IKq7ZGIrgHI_imx6y88Nh?m$R$Ymkh% z13|=3XP2*6m}u+jwlp?=u=*8Iw)(Hj33qyBc$;~ISk5CTwy!cWPKs|Z$3DxAJTnOC}S>=c1*VK?W)KEawMn(AXH6nbmnY3yX=-yLBCU z+UD>ZcL!l75+Zd9;*6?t1e@#>=-!E|5{{roC{zYhLm=1z{RzNS2j|6r}xA;i5O2f#L9eiM*l&g!(}bl=bvV-#Mw$(mWUU< z@E>uOe**u}uY>yDGao~;rdlpQBf_ghfxhputu1_H72^%?Rs{9Za!v|)L|uB*F@ej& zPUX2*{px`*8O~d8^e}5{_|^Y#+QQX(t<^cLp5$ zV3YG8Dhfue|BrzpBKYsvm}h@Q0Jc(FTbosxH{7kf0!{~^#l3lhk_!R_oeAz4SC|`2 z0aan!K!nbwR{{(8fqDS^IlZCIFui5ek#uCVT1174XZj`uD&JEl8%g*&aWZ z`1xTc57mO?5^0RHrMa1%lhfAGk-|oUI3HlzZ}DC=&8WD;zV5*;l+908R)sEA9UW%p z&UItjM_@O1r4%fqJYbwTQ1fZlS?oB{ z_3I%K5h~t`Z@~H7`H1|7mG*FNX}Ic!WCkJ8Ew2LLfrFi0iuuBUIJB0q*M~+#xVyTp zEDa}0Gcz$W+vb=qJ_aKW*ipQcjUb!-d&W1*jXj#>mdx2wPq#LU7bvbOMWlZdW*BnG z2#1>UXJSHr2TN1VowE0+2McDAdT5UZ1$-B&{9HDZ0$BMg$_HWCzjf;tRLXugX&5P` zH}bxnD^PIm`+yUILJeF~QXs?gC*G+n4zes%N#rIp^h$m0Jw3{kekT%+#Q7C4(_O#- zlAdT@V&d7Eele-LW{k@(-oNK=xVmVLelaVHpO^Pby!H$>6EXuBi>IFEKMP$iV>b=3 zY-7-Hc9wDykIK^C`JlLX1w3u=iy~*76|VpFZs#eyk_W3`6CelYY0NZ+8lf6u*A`8WT1)++g+V zto9EAMHC|Sy1x{GH{e9v0WH$4LozZTA{$5NfPf(EfD^LZcLtCdeJ;wIK+NY)pEP>{ z>nGCD1%a!?zBRCvnewUz^@2DVh}hy^c5Bq{77;qbK}pF;gm1USy29JX59(|M1QPXG z@BG^y`(>Y`RzJCL)7t}%(guM zp+P}O=^V7+Cnu>IFGsT6BBnlneuG4!6xfyTNIu* zf$Kp-U~ez6;cdhq1cx<{5&V3ukYgdrVwI1e()TBRC)axskRe%23{Ks^F{n>!jzzK&(S4nBgSSSVgW^7G0WYwrkL9XDWWF*yeEv;r-^h=~m4fMB00S^Lw*&2EjLue@NJm*kyriY4(O06-L6KN=0bT@j zfYapEwec_v?w!TF#P#brf_tL0cY-iS8k(+lqgJ(9YY?&ibYz@rupwrT$&~a{Hg(9i zurg!EU|eWbgoKrZ(hhgZQB6(C*x|lT>~1K~sE`131NYJA)<0F0g9iF#D0CllMNY>A z!1iu&afU^1<@GgKYt{e(HEUQ@8`g*Cb}4WR9=q0464F~I5>>Z)Ar|!pxem^cfCb$X z=H`mx;v@farEa3TYt0>BA08acz`)SA#dZjVU}5syP3=$$0K4qTW*dF>h!xZ)C%~ip z{OFN(Dk4LwhUz15p8eaU<>k36-{4Ha;=m-@cljB%1U8`n`sU6~9a8F3&=`F3&i-u# zc??J5Gj&t)im-xWfw_*bAv@0jHkOR4Q$;eu7;-<$s$5?*3Q#9pK;_#PNmOMtY>Tz` z9zZ+)1FaJiA|5BEkz6$CciAGDAS;#}Svb5grzUt`RR0M#8=Da8_ltsF2)Ek-Wb)KY zK9F8$Ode+0!*h;S=?Q#Q39JwITj{5_z^WyWNTy@v7Swh#Ja^6q--a5j8N{sGivbLB zzq35nta|tk(CFocgqWVQS}=kF9Zn@*1tL!K`HXHY9G32r;?dV60u~dIJ#a;kNsp0g z33F{KC-_Q8?Q8qh2;_h|+i!6P;nsYtDeSZIrvRw{A=g{zD%Ny;UKgGZxavTl5!J)E z_9^`56y$1Bo9DTA)I8U=4z577Ph#1d7hNzTfi7tO+5F(P90o!L9qU;FHNaG#Mm#KK zn1HletXN$1*gSElg&reIX!|u8kQ0FPh*|h2m0p?(z$QjH@mZSL)pVa) z(01d=a0y9#V1kJNB^EL%BoNpw?}mi*yX}hE1!o7M)nje>ZEo(2fZwV#_~sOmvF&$0 zngZ$pvloRQy0ag%IuxsR+0t)bkLUcgJGo=%g15%k|65py2no6F;^H|o2oIWc6I%#l zSXC#K1IX=lwk~#dBXYgo8YInb%Iq9ucQ~HYhdhd3AVDKUk-%{o!NDwq>;Bb7f@eI= zNWo?cWUjz<9qf^mWi`bCP1>7C!EBcs_`Mld^xJ4XoT+PL{PcY-6*x_J=w`$vC9i=* zMb1JoSR2d_J}?TvVC6G^8Y~b_0IMI&GVF&IAAn;K0Heh6AkN_N<4(*n$vU?8jf`lM z?qaS(<{`B-$PGzJNw^MCdpnEV_B8bee+P)=+IN;rgd-Rwc&EY>KMSCCc&)07_b2;t zBx7Re<>^;HGR@Opz0##jh-^*O5EKQ4+g|9J9u}r+Z~t<~jd~Sq5lnL7dNCj1aQX5v zM=5}H=<_9*TwLeM=7G<_9s~nm$3Q*fW`B!YB!*A7>TE%xKuxNysR3on&c`B+?qwN6 zaf{2#)m2rS53HvLV@`~omKF`uFQ?s{pW&G*TbV58zwAV(`mR6CC~5R8VI&XGr}f7V z975+B3^U^J>eSYX3kmh3;UI5n#OflM0U!?)Vjk7CyT}cF6E|ZQCX$DoQyy5`Bf#>!PB^`srX1PMDLyU^DF}HIb5~FTM58*;pV=NzR8SzQqs`mFLNAp1>{(^G99(2u{(GUYiHL}R zv;v663rGMZm4=3<$%ly1YJ(t`wrr~4761S?by$R45}4T3Z4Vq46cofv1Z0m%KLtn@ z`(bKCmm1`U)ipVFsxO3S;P^Bewe;ab-)li7Cy+XqV%Co4nKd1PLg)~K@_;&25M&<dAFl8(xcl5pe3 zKXhR_$%e3k;UmC`!bC_z!VSxEeUa&jJ-JY<1QfJ?~!J)v)*(#Vmt+C zZy3dLXb4-JbT&#;*v!gs z8q$Q#^rOUJVpvskQxmcfxTbEo_jM(x2!6S~uQM{P!1Lhb^tZ3?ypt1r--19Z9r5xh zNZLrGD5PL97=*y!!n0bpWGtuJj9V%^2Vf7LYzv=)3spo{?oVyK|6 zt^wuh>({#@ji1s>OV{vS$HI4j7tvw>B3XcU6H%jCLrYKx-qhw(@%09a4Qvipjkzg@ zaQx$?JU=K4m@GROr-#lMhGz`Ru=8;eq_la7yS$k(`RATOL&Z*3PxfBuc1H<@2MOBN zBW0guNbbQbjQ)OM8Io?T+s-#yzOscn_|>h5eLKGA)Bxr@SDp;U}Eu6b&35 zE89=`O}EW*Y_#m{$B-_{Fw6^kZbj`Oe{tu(08uE0Vq#)&%)WW^CO>};fOC;~^Evvh zm7^mgkbO@)l2ZG6o%+hB^HLaPLO+j2Yuk<;dL((($q%kUNs3@v5QxaBP*XcPIuhe~ zwGrDGM$R~e6o=^Ov5SM78Wr>ou9aJZ&S)=2*FZqQLyO2?jdCOi!Uv*u8TB3JaPVyC zW1h|=0vmuNz^CvN@D2L}qjq?q!#&wVZFbxG(W_Su@N^(C-no4{n1#M}8{EP|WH3C~ z$Jvl|z!e~M%sfN@c>$!OR(g5@8Ids8(kve-6DbUq0!{W1<}o2IsFU`pmSN`F0W1-e zg%Y%&*lOnHyk$^SDAqfS9;01}#;qdR69!rv8_zpBe!Y|j=>voZ<@ju?XX%x6hnRvY zA(|>6i@>glZcIH`PZUhHf}r4e$oDAPkZ` z$HaL6)3&LbH^ezVUCQ#rUoxW3T)DasS>kdsGB0&Fl zH8eumWy@nK8%vaD3SgvkN(HV^90;qv=yZWb(BAp4;Xf!Flc0T()poEPJ9&~ar3l!G z&}kHA+{qDWjpf2JK%kW36(;g>=bd^8J`v*6&#J1S-}UiOgE13<1(kE^*@4Mbs0umg zhSSr<)Wr`Uj>GdEe&QJn4)CE;3RGX8^Jw#~ix-E$Oi`Xa02=}3+6D0p6;D~n6=Xv^ z!vdjQNOSIrtq%BQq=IRyAD9AxB^55|T?*m^&yRI=n}wp|<8?`bs*{+2y>Y~QvGL27 zJ+QSwn*=xjEfUFes}+Qq1_QD@5l>%GY>YX|h1M7J5GG5QE8n0GgUg;R(PtYWqvd~M z)br;*e*Q$=P_C#D@_gu`yE4y)je;EG_|*pAsYBniPy zs3i=^Xep6NW@w9=wR5oZdeI-EEs~I6bP3PkHY>f z3X2&zu(BUAuj)h}IZ9^-3x(psNGg<4BtD7-jhvC3OeK^G@)v7XhRe&C8&342qoqY9 zym=4|BM@a0xF*kCO+z5q3XdCtR+38=$Bx4<* zl@$_$x2I~1;wbTRb0kavW7d(4kBOlEkTO)*d09WS5`ihf)fB?S71=eJv<50e|w9=4h-oA~&1UKeTt zcr*$O?5Y6Pkydc4MFa(5utc$u~E z+zNc+Qed4pAMz3i1cKonnN5T_tT&>{O=^ zZu&c<0L)ra_KU48#y7BEBGr&Ej~z>g-oe~pbPz<&qt39@ug2?vrUmJiGoWN_4G zmvWlWW* z+yrYXY{1`JTJn&Rpd;qzf6CrZ(58hqL}d5wD;4C;031j zAz_ZMmE~eR`on==ztAE*OG&Xfcg~tlTu>Mv#qffzjmq$m%pZlOiF+ihASoFCzd;E!0hi97cg9j&|5eS#$3`fnQPRC= zarP{F@bRg`Y?$?)L+=P~L>uucu6Q}G1C zhfon3nKouEh;+8Ca225InR1HLNdpnJj@4Z2um+0}VvQ z*oO~ixZn=#(>Q1jv*e>kh8d?;*+HsdD$N9DNxX3J7@%MH3<(p)S1_JC5?vJa7G@ z>5b0f+4s-0O8okU0}n9>sYZ6w(#jEk66J_#nZd%6tv@oqpL{jH{m<{a@6I}WFLKB% z*Uua<$}}GT@$!3-poFA5#N^4(Mx`3;t`pr{?DJp|u`Ck4KpT$7GO-O5(FAHP>A`cP_51U}!QE zPm6)S!y<^LktbDSB)Yxb6v+U}05XIBxTz`!(q$=zG1x-}tu~h1VBjxgq3?SuwPy>7 z(Ur!ir;0OaGp4aXmEBJfU-B0qoCqW_@O?_vfLk|WmD2c?Vv_ARF+h62_Ydhi5M3?COfK2 zNfa)m?G_=Qd6cM73me$??{6WA;!!HNAxt~P#5mMZLUDfoeI7aDo(TDgqI)>Lok_|^ z2Ue!9|L4fz@pzb(&>#jbK2lrr8CzLpi*1k)C`%omqPG*aka0x|)x1tH$5Ngofudkh zli~v})gXMFmoCX-Iv-5}WoR^LSY{D34yf5d%-fqW)RuMOe;57)4M5)Oao9E9hik2@ zqA5b_jm1WPh4XkKbHxbrQ|Kkvknl%MWAO9|%5WDs5}uUnd`ur4u;S^Ir%3(yAuAy< zh75o+xcEph8-vThY?Qrxz&6-)?>eeSbvPeoU;()by0J6gGkf3)85NaYJoyU%hH`hg zc#@uh?o(99cGtam^Ke^^9Y@9~1w27Py%z92ZXZ%JD%a?bOy1dyRPoQfy&EWyHaU;F z3>7cHtwAQA&?_m`(BOG%fiVVHxn;ZSF0W`+x~!fo%_ z3%GuABxZUG3e)vOF&qX7C>dN_Nx)?wDbzeXV1b`0St0|P@Kg65A@Y<*382k&J{Hw3 zG~e@&*5^32GS3yC5skXe7ydj-Ck>(kITEQ&!tWG{58M|R1KnNTZFl~>6ihw1E<98* zWB=KU7)zyelVl>8B{+y;y3P}#5xn*wYAqq&sn?=kMKAxJ<=8W@GEazjn8uHsN_5S> zpkpv)0pfG%av^jAfQt7w{y>^Ic{M+iLZIP;kGN6K!L7N%ghgVG6O+jA0}>A*(!#)D-j!J4Ol{{L5+(G{_V zf3Ui;t7{53VT=w>SSj$Fx4*QsZ;Afr|5ezTKx4VKeg7_sCdrmY6-gSDkc1>dNr*80}B-u1n$y;{5CcHh@^ zUdMSH|LJ5#WX%Fu=^+zkxU0EnTIx;O6A$>981KRd58NR3!8oF)Ylt3ptk+n4LaN6W zv&Wh@D4;@;9~!D>&-|aKICr+>PXAnAe|6vP4QwE^*!%ua>qzai=Fj@Phh>F&h`@vg z2$%RM=DQH&a)IeT!00j%T{t6f2;zg&F!UX&T?|oMSjfMuAz#3JdxsCoK6MR^($Z40 zB-$yzz$DQB)o1AZRB?Nuzi9ce^~mzgx{C5!13`B#EKIHDQAA@u0Z7l)oD!5Mkj2{hef-t+YeKF*W?LBOZ5pN-# zJB;s9Si}qS$V_tix1SQ;W&A|z9ma~Y&CQ+GTzB71f5h^E4JXWEhKlSLo*jzK*qdhL z8D6~T>F79A;U4#nyG45I{En{>3m{``M6~U~wNMU0Yb3edkV|vG^z`28Gen1=SSnE7 za>H8K{~4U_t?t)zI|EYho;?Rsh&7}de1Orl{>_mY7o$H_iK+)Z0xrZ?(eSaW5xKX4 z4T)v2GV49dS745ciw&#~@$}f($kweDc^K-5?;~2~I}i<(%E8cZ>&8>pu5Bo-pbYm!Md3zuxk|Uaj|UM9{Sn$z#EaVPQ4kYed928E=tOkl!jtztp=&k0b!# zKV-T;5vQ0I0Dsy2A|&YOZ3<>v;IQc>-Zj|ZmUoz}q&UeR=ALm+#{yit1J?t%-;`x4I~1;$br!F;Hi^S}BH# z2h} zM|M@=0VqtPA|t0L)-0@PqDG!?9XU=j++2Bxh6@Pnm3FaxdnAj8hD%K<6n8sLy`b(L zZ|&asG-Sw@cu2NBiigdPqWV}_HnzH! zwqw8q#|Iv!FOpe>NbapxcPvvs851*HU2%(|=8>)Oi5D-%fUychljO4dVWX9lsMc%c zk3Pj520#jzFuy&b$zKmOBOjpo^Yie#&qSKUD9qSKwGsje^R@%E#p6WV;g~369-bta zudGZX%>~UX?djy0Pq9}~oBMQ^jO_<=vVmLgdHvgcke(_B{a>F`(WtH;cyJ#qc@fX? zvEId}-31tkVeW$KJ#Gxo+t8`&jBhA(UE62xnOm39G_y44>+hZtmfQ6GJIf~9_WZ&) zlc=BS&Q`Kz+)dtSTIQpfc(IW!qJtCfI%D2E#6N#IeCv8ig4eh~kOExLC}m~!xnp*z zYia3wy%%2>mrvOTBc0-|J}RVGlc=P34Gl3!g(`t@h6V+7g698acyIZntjWP^jC8~w zwIf70HFIzNg9rP|?cAa|(8n?nKlE6dmH+D1COX~1nk%a&jU-HphOtAaCrd)(Yabq+ zh~$1}+0HHtLhjFdd!K2XplI-~xR!c7lpmzfFj`A8EEuV3@_Bzij z%AcH|jZ=3CSO;%NpJrJ3s#Ug;fq{XsvH0ecEfa3vFnW6*?i(vfapk9o_*y|*I3OjK z;;X6^DP!msWjS{)u}dD42B_;&DdD8gO*a>%$N5U0e*qgAI()OKwN3cN4|Avg_NG)j znw;^pcUSlLE6RMvPjWJ!rPD&7^!etmm*e>0!?(5{^+N^>a9z1Ff7$9bWs>rcKPn!$ zl44)^$x3!ITM-@q$vjzaF&Oh{nidxsSLskK>bA?8Aaae?_Ud|dzYxK|4ExDof)Y1P zzF)t~c-;@r>UK+EuW2ZtWMQseQf=Z>qAvYNw>mp*wCR}=AmvFOaTYHW+@iprGhh{F z#nqnF$x+TZ8&5?-f2ufwI9iu$$2PiW zkVcfZjl(rx4Z8ZysUeNOjzz;{}>Bu zq2HsWCs#^M+Wkc}65`@2>4%ZuGu|Tp6qqBF1?VdI)-_Fu zLSD;HpheoI$w9(+MWtaUOixRDb!nNAzrR05J%vgh7@DJy{b1Y(ZO?+#paer~@tYyA zDwmAhKqju}fQM~_j%%u^VbD04V>c7C(o^^vCU3=W>rWJduZlIxz{ zkFQ_tnv(+ls|85JhVk$rvo|r(N=hNpLhLS3;3QpR6BB5tJpmip`cZ&fTy!mcg{SRB zqT=@r(x~Q&UwrxQRG5BGDJd5XCAWSi)^tg<%NrJjCuL;(1df|nGH>Q-_bgx>`cF6Y zZt}7HeoC=t_D8LRAY6Sea|4~*OP}sh@xpKoHv8k_;}1SZ@dy>H*mV*fE@BSvV(%c0 z9nvMNd;J*5kDKI0(OlyHik1eiMsIbHE>Q5vOuCXOBMx4)X29g{57dn0zRS1C_S0*lRP^`GlZj zaB#@@)SGvAgN#dJFW=;kqHs1v#JgW!z!3q906EE-nR}P!hFD>k7&KU5g$f}XzuuOh zLV8|q?k@|(y%$=OAc`DEmEj9-*EBs3>$BJun%nb6^O5D@W5RpU_eA!6OMVwrYJ|cl#so=L>6=mQjLR(oAYuUqp;yK#bRmXmLTV1WZ z#2RK1uJ1`+UM-#k`rhSQtg*>($wViy{0~g*>c@T|dk z{M&PhD~mY0bzR^tm0eM4%eI;;f6$rd_MA!q#g7oZ&Sa+)) zg%+Wp%!ocv`XKS^1S*QyD|jd4E*(C_=lg5$;1`tzyK0L;D6>29Ng`yRBPO$-fY-m5 zEFmz@rdmj&RUYmG=$W%#Q9gZVZRQiR362g( z0x$ z`4~r<3n~`^o7N2(Xt06ieQb~IcNo`%TsU@>!mC%^qmtooO-&6xgxLOi`KIHk5*N4` zk^RG2eZ|}eT;6IgNK2>>mCYu*Yu(z)?3U1y?t4{ipo;bbO4PjL*MJ0-{M_6cXeP>4 zVd(vNR;L(FuauM@N}BokMOv?`R<6W&?2kI zr@ZP8&!(}l@rVI+m)LI_US@%$z0Mnhyvq`>mNp1A#(CAb4!h;V>k@(~I3#nRZ z8+WL1>~U_FF9+v-K#f;{re>jyjQ2B?1wk$EBn%}}FBJ&5%o3xSMFPA56wsI;@Sbw2 zq&`vd7{6>ARZOUP?0sE>$+G?pcfKauh=52wJJg9#+Obcy{$T%OUVPw`B2e^MSxl`6 zX^1_^S<#7{jN(p`#h0H+WeXxl_4jsU&JN36<+ZV!i8V?P_It-%$@wfX zT35V`nJH%SDmnLBeN7W<=3*}FU2)C8Dz?OfuJ@Rm*`&ON^v!75xY@v9OF}}zMj}>p z*_}a|vwZ7$rz8UUvmUj==6V16;c>w9JJ|HgXU_;S8mFfAl^J4}?$Bw0Pl}2>L55*N z7<&LwJ>A?moxuOw)`hcvfHY&fsDqZGbL01*-)%mvm+8<1ec{>H*|x~A$`-Ii@>llP zowcc&keCk!%aehcYUFCozHfQ;y`C=nOdJolBL;qKJ zN|uMfr{iK;U-qzHVSITq^-V$JLeQ5jkZtMR^OjN0s z69&H4jhh*)K~XRkr!#&Sn$DgLvN#7i9eH3ytzVJ_BugsHz-3M&k{dlHTHQIHs6Y2* z%WiMBiJhw7(ei=)PsR|Oj)^XhxLl;hhECzZy78SKlW}w@lx%#akc{^bmgT8<4SN_gT92OFnQ)@x;e>wu1 zRPqgpQe)8~|JHnSyRgvWb;6YYr5AYf2n*4dS;IFOTg#Rvj+E^g*}CIacx-5F zDCPOqKiN@{LR*wFabnHg2*T14#J2fZQxF>euiO0bmEe-Jo<(-C{;xPN;^f?Ea}G$Q ziRRq=XYr}Sx1z$%FFlb=4ZjdHq*(oUxdt<)g^UA1$aF@~?qNEb^RP8l!IFo($pgjK~xJyO5|X`k7$(3%FD^-J{*vQ$SZG}l(4CPs&mk} zr{rNDTX^{3lR6*gQ`fI=WM@LRu(NXDpWH!XV3Y>la z5NY`9=;>v!Z%|AT9g+q2DgcKNpe(H^>K&`p|A^}aa*l*Vcrvm6^NK2RyV1|~cU`bF z(q`Ql~fLAADDdL0=Bc!VS8zoJ{jsn%MQ|5&z+0i7jF-!W%$a95QX z+p88jsNH=RxvX!j{)=d-sh(q;XI26VTUdq`>|bnX>g;^x{hsD}tm~5)5E|bk*CENL zAf+Q=Is0DRYRB39^{zk;#M>WDdpd`AG%U={-u~>n3s&rrR@cPb!rK!xKY%vMcg(nf zCki!mwV2?|M+Nla*|S7tGf`FIB|X3H8e!(^)~V|rg|tE-ddTbyd(US_>*)&eEB!S-tMorSfcF%IvW_rJpn@0ApJ^4PV+d?6SKdot~P1U4uv0Mw_9N3 zu<44f{JIl+wfn~UAgW`~85sgBCU_lQ`Ms&X)h0uJ2kry_amA2!5}}=3mUUkmW0s$4 zrk2qIFx0zcSD@*&pbzVLjf*G7{u7xpD?7#h8l$j+vht3TiF8LCf1~`-JixXG{60Ba z@GIod_$KeXKTmFi@VU*FcR%TUzVtTxS%BVRfBzP?>9cj2BAt^ORSQR{>{@=L&Uv$R zs;G8t#|dzcn?j zm}t8t{m-|Lu9Z$RN;A}X@RudeyJ1%0-Q;0Q8Y#!$PZ`&Z*FKnvqZvXRNqv@VBdX z0<_-iiDvE&l8lO<-r2q$g#r}}I*;^EY*^v(wHO+iJV=w+brMDgHM_#}dygKipyx{aOQqd1| zPPA@$|Mr_djUdvQv`d$kcGhn>F@IKo?fk^??ck4hNXAfqQhU zi0hv}+Ol<&ecn-?Bpw@l0d$VX&z~D{*o*^5A9 z(y%aNZq$GC=#g+v9Q9Ifm?!NMq~)%Jb>7}|-RIsX?9Tmwg7nxE`x9lMRds_kc28+C zd6Asd^wJ?_)uN^b1k$r4Btol)kQ}M+T&Hqu(U?J84AsXcjz#yj-Ec%JFPi;dOu-2z z6j-d#Z;j`T)J1>KJzV)neZrcdfH^AwYUoREuB+PBKIa}92eP3^BI8^?7HCRJ2_k8r zefmAroL`Xye*Z4K<*wa}hrVz)QFc^n$=>@WJM( z{6M()T_@MP$u4XhTg8H-d7$G5uV1}5uRVx=++1*nCN+^!QhMeoH-C9 zd)mjW@<`vcM6s~Jv%IW~n}TLqt;tX1rhQ>tQNj4vNQ}7<^OCMK1z1{E)gR&0^H-o| zAQFEyWWL%j^>W7c+DnTnuck5sNvpd)8Vb2rUVpxaNBV{1!L2gx**7jXY)3 z59;#j7VpM)ZkHVs9yU3lFntl}eYDfSnGXv`it1t;8_yr~orB5RQCVFTb%V|_r)%=~mS;AQh}ZF=nq6ZYkPm~>_>$T52| z@!{XTe*L)mp6LAifB;J~GsTdvtsB|+`9&MVZV03{cWx2zIx{g5vE1t(|FL1$Lrn_=eo5)mN}oRupxigQ?+ap&r>h?` zKR)rRjOe^IKhfNL^}LvCoN-6UJknS?x1W!8oD-*Y15$+GL?lUzCYSu+Z&iy=U*y-N zw|hpuzF2WCUWDi7=FOY$<#0|*c@}r|-jV<3!bDy1NLljF>!PWb4{ zuXE5f)>(Z_%5|iLeLfdfJ!B9M;c+0|N4IpTTNYeR$8?!j}K zGsf**BQc_L#@@3EA4U8W4mhf)s6f*0GEL;OqBVZ79m~q)+f1D&&yz1?I!k65U#MEB zBm?IMYnmD^wJ=%B>#$VX8aYqRBXz4qhH=t=8x;>)salj39fOfeW!G5d&20OWEcfzy zBVs7q^h(4;1G8S0l|Fc2IzpN{t1>m?Y)^MP9pe>APsP<>Reg4d-5R@hY?02JvQn~B zu+2p;ynd``oVwG4{rjTpa6!ReMDH_Qc)Uz%^0IjY`LK8E#)#Csv(F{?mX&1QSy(S< zS25FkK7aJ3VxQTe`QowJazWL8Lx1_n8pNb6eyu$wJZn?K{_t@eR>uJy67sr~sl@E; zcVAw)mF;+<{HSCZ$~(KGE^gKwrfA>>L6UucfNpm6Mth(JKQm{5CCTAaE$t_waw28;`Rq_fzV*18!v0Sx zht4F_?$7te6K* z>P#wQX3X%s^7Hk(&R;>l%4E%t2?q;2AYHA{NAlLBNAP|kQSs13;phN+Oi!yCUJt*z z&v2n|u0gCEA9~p2{ES7R=273%qqe&LB_y0DZohFO`k2GSrZ?(JZ+;sN_wRZhYI}*o4XuW&Qi~O6F{wGb};>s$M zUP7k5=uaMgb8&Ki)j$6Sib8briZT4iyd8aB`hKZ+=p&mC0WK1yVO4&o6XN^lU;ppd zf@$5e*TPs4^G8AUrdJNniR(U{nF&{=J!MK*+SjN*FWUdZH~$b=Sv^D3nKP9YDp@&e zj8^{p>7F@w?)~)YTIfMt)=Mri6G=>uKWlU?9J^z&khp_{rb~W zs|JLs)~x! z^h+oy>eLaj<99`PgpdaRditkluz`$8oY%!aP2MgMDCs=!A|_j+5z<=@1_vuBoKCj9 zv&Q(s44o%l?EO2#!us~^EdaFFq#Q3Ty$wP_9{3a4fge>5&HjDhsNGUm*Pl-vR41;S zQEIH1v|{RMTdRW3$C`y6Lt~Zy-G4ZBHovHd!fe}^h@*DHhF>V5!9vJ5J3HC1c#2AR z*4~pUh7S_0M}B#|_jRi4s!zT2Foj||&}uMCU3$B-;>M6osFQs+|5lrH$~W-?^3-X1 zddS2C*?#pg&#?hEPEH(7!ugP+v;7RJxHP%pqkCLv7;&II;j-rRo3Vw_WqqiDU3?rZX723D+eC3I`CzQ@F_%^q-6!JcC^hxx>b=d?EpGU+F z_#?1Qam!u?c_rBdeyNyRZO}YRqKyk!vv=rJ^So(vONE8k)WWtKK5T64nbxh$R>^VE zzy%-Py?acj#U~~r7QI5+)lM2h__bf(Yc+6Q$lVc}7NVZiBsXEB=es*UU#vIost|J5 z(e%>E?I)H-MPM$tQ1GZ=4PZlh;EJxlcc}M>>OO5w^Bwq1XhSDg*P|T%#PKTmC(yT% zl+N+0*kkF`&znfLb$6a;H|d5ZXVy8nTBi8c$LEsakt%Cb^z!93_y>j!qFFek#?!fo zcL!YPa$a-QyWnA55|3U3Iu?2Tn2arC&Ya-J(Df+=f0e{#M{p<^7!5H?rEPY7ON08# z%WdhV60URJZlYaI|7e6o6Bg^4NCtH1{cdgYcG;bgQ4_5@32Z4u+S79`fh4+q9qS)( zPRaW85wd-&aS*|cSCA|vk9sgVjwv;~FF45r7K*C{C{sEr)eRqXfOJMq$n zygE)8{_Cg-lGD(IoE|%B6scFi0UR3PAp6oT@-7CoJePuxW~U}1_9_8iMb7c@V|hn4 zz4>D3UbLw=9PYWSj*YQW_IW+Tvjr0WN{dWtWw)lAgS*yRg%OLrw>_ga$)sS8AhO)+ zEb=kpa^Qh0=O#?aQN$|A_bJmZK?+hht%g%*HFS3)6*wCxjdfHEvQM%WXCrq$B zZoK=%nLs5iEiB>X+!ze1tw(!VlnSumP6iyH zYOf^o4+I)Qp!1d1yTDb!Gf-C%4pcNfL+`2^(j?*?sPdm@qm21Z>5WwZ)M7+N$|AG+OFZPvS( z8DLI;mRA@)000t>9fDg^p5n%=E6|O@hfjP%!t_zHe|_uijg0OB`ZPRGC5j~Q-cC8& zm<3ti!x3Ui-E_u9BsKiyGSkpDGPQBu!U&(3x_;)jbF;DorNTnHi!JS+?{tiFSb8V` z2mVJRut49U2wLV?!j0-#V;X<{yczJh=fb~5qTUU&jc3?2DK}-3y-)f^&aVCzKNep1 zpQPXfMbs#0&LMjW6qT4A>|eo^q-pc?yCRaqOe zleU{2mFmpRTgrLoH`o>iGVr1iC232|VHlE5^hb3dd!|+K)9mr>2X|^_xkm#$_Ekmzjp0f2#0m+8n<@qbx1FtfF~lu zBh7Zi*HUfE7iFZU+m27J`x+EN19IN2L~Fb4n72doovv|e1~|AMLkHwIOgGq5Bw@XR z#i9w~>B7(!{If1**D)qCf}?&-faT#l0e&&NNv{K#&RN#qf_?Sb^XHq$Z6i1dC>ePK ziib5`MJXw}wr;&6)mfet6m7ZOHOi(~8en44HQ!MoM6@ESIV7zp^N--t*w^d(02Tvc zZ$YfuS_)?YltN-J2z@6kQo((EsBu=$@~xrj5fq6n)d^fv|Pfl8KAK~TXu<)r44X=}V%n=RG{JQ ze7mhLKzXjupKioQOvCj~rdLPwP`7>qehv)3(q#ytpu%Z{t=|0$3Py;AvNeo)p4)ovCqJ>^m^ye@u&Z?)| z#EZjU(7y5ezrRL=NE^C0^zK?55HVavvroR#+HOCEul)1n|L^zUZ05WEoLuzpSwa6E zL;XMhfdB6oOHQiP5iJ$`04S)4_p-EMYIU5|C#$!!jHY}aorKIxe}Qg%Bk%`;qJVVM zsD>XrL)azBy_YfMKx43$XMOvB7tdF6(?4yri2Ux!c;*dFnZof!zNqK~-y(BPq;L;m z4Dio*W1(-6xzaW8NL>^R4tXL!YD-D25f1tA-~fB9DL)$ofgvhn6_rFzf!ID`#>H6k zt+t@e(etdW-+lfJWlDBKVf!$AkvQZ0K~^^eyORcV40CIb$Y{){?d1NA+hI?Pftyq z|4p~cqG0tNFS?4UdgBJNlT?6+lh?+C{upqUI5eT;G3=4(1$nlO{aULpN)$4^TPnln zV&r@i{AueNqeyX&;1_Y0SajS-JV30A_IE=VyueC|9qRk{GpPpG{5;VtFv=>k6`l&Pdvj0HZ9DVB;M|h{U*}*o(8!4sj}$p((_)?%K=++itu167>gv8MmhRJ+4qN8Rz|a-L;_f0&*Z=)}ewIV)s4ROBm8{^}W zy?V_tH6=W2CQ*pxmql}UCZ@oP2*+bAOm#7tIdh)uWK?P#u~mY6?^A3?Um{@)O$`mZ z;++$|+Lf=~%P2!j4+=X~TU+qSj~KD#(@y(a=O2c%x%!N_)&0=y;!&od_AB7GF|DCi zyiTU`{YRP0R;`*N3DRG!BfV5CU+JTa`MV49$Vgx~QCHzxzIgeKZiw`-uvwCEj~6ZM z%ct7MOeS@+qivi*<=wv1IUrQG{PLA};YgX~5aT{0VtrM@V^{2#N;3kvS5V@Fuuldr zaIBb0dinWbX5<|8*~ODgLtn%Jx=8c0?)r@I;Oxus3iqfY*!$}FRJnYrP;>z@hJ-?2 zl{!5+2sr>3VY!R@>>Q`x&BzEBsr;VU{8LnK;+?7r71Q3v>qV zxY$cOCN&80XUKl&qP7412h-53TVP+(n1t{CEixbd3#=r$tH@%TdJlWfkQg9vTha%Q zAFpVgPsSw{9!;vyjamH+g+R(yPKaZXK4p=1BRs({PK~Ex)TlGz32oSF-fU=?#z4Ze z0yI4);0fBG9tu>P=<7Nkdkb$$_}Ls_{>Rvd9&bvt-rv-*NC`sbzyADbSKUiUP{YeU z@{fS?zu%_s__L}@8C)Q(SIB-Uv2V2=wIxKF2vByF7mQhBl+c(XP51Qrl8ZQ4XX?~` zhKQd_B0p{YG9yyFeyew)?q+I{A!6Lya4fodQ{_^}SHLQxTuV%}YVXRx(+ejw{Stx- z3aad|VS*B0W6mJ)?%jzoNc{e4%LEpMDlavkJ;vNxR>6r~kz2>9Z27|-tgO@^0}OXw zy^0j4sOqKQ9Biud5l>^KSnqS5(cw+LpCN(NL_{^H0<=9iU-{AP|@tJ z7#uHJEFtWyC2>-`wdq80_hrS>JLc45iDgSeLjWE2}@R>1O?P5m?6#$Mhp)!faZlzD>% z4H5tm!0%dGT1;;|DH@X|z0=Vto<;St?wD>IF!k-ipAQU$hHJKorE#+1(yjjovqQ@3 diff --git a/docs/network_new/network_module.md b/docs/network_new/network_module.md new file mode 100644 index 000000000..671214306 --- /dev/null +++ b/docs/network_new/network_module.md @@ -0,0 +1,89 @@ +# Network module + +## ZBus + +Network module is available on zbus over the following channel + +| module | object | version | +|--------|--------|---------| +| network|[network](#interface)| 0.0.1| + +## Home Directory + +network keeps some data in the following locations +| directory | path| +|----|---| +| root| `/var/cache/modules/network`| + +## Interface + +```go +//Networker is the interface for the network module +type Networker interface { + ApplyNetResource(Network) (string, error) + DeleteNetResource(Network) error + Namespace(NetID) (string, error) +} +``` + +## Zero-OS networking + +### Some First Explanations + +Zero-OS is meant to provide services in the Threefold grid, and with grid, we naturally understand that the nodes (or their hosted services) need to be reachable for external users or for each other. So networking in 0-OS is a big thing, even when you assume that 'the network' is ubiquitous and always there, many things need to happen correctly before having a netWORK. +For this, apart from all the other absolutely wonderful services in 0-OS, there is the network daemon. If it doesn't succeed it's bootstrap, nothing else will, and 0-OS will stop there. + +So it (the network daemon, that is) + +- Configures the Node's initial network configuration, so that the Node can register itself. For now we assume that the Node is connected to a network (ethernet segment) that provides IP addresses over DHCP, be it IPv4 or IPv6, or that there is a Routing Avertisement (RA) daemon for IPv6 running on that network. +Only once it has received an IP Address, most other internal services will be able to start. ([John Gage](https://www.networkcomputing.com/cloud-infrastructure/network-computer-again) from Sun said that `The Network is the Computer`, here that is absolutely true) + +- Notifies [zinit](https://github.com/threefoldtech/zinit/blob/master/docs/readme.md) (the services orchestrator in 0-OS) that it can register the dhcp client as a permanent process on the intitially discovered NIC (Network Interface Card) and that zinit can start other processes, one of which takes care of registering the node to the grid. (more elaborate explanation about that in [identity service](../identity/readme.md). + +- Listens in on the zbus for new or updated Network Resources (NR) that get sent by the provision daemon and applies them. + +[Here some thought dumps from where we started working this out](../../specs/network/Requirements.md) + +### Jargon + +So. Let's have some abbreviations settled first: + + - #### Node : simple + TL;DR: Computer. + A Node is a computer with CPU, Memory, Disks (or SSD's, NVMe) connected to _A_ network that has Internet access. (i.e. it can reach www.google.com, just like you on your phone, at home) + That Node will, once it has received an IP address (IPv4 or IPv6), register itself when it's new, or confirm it's identity and it's online-ness (for lack of a better word). + + - #### TNo : Tenant Network object. [The gory details here](https://github.com/threefoldtech/zos/blob/master/pkg/network.go) + TL;DR: The Network Description. + We named it so, because it is a datastructure that describes the __whole__ network a user can request (or setup). + That network is a virtualized overlay network. + Basically that means that transfer of data in that network *always* is encrypted, protected from prying eyes, and __resources in that network can only communicate with each other__ **unless** there is a special rule that allows access. Be it by allowing accesss through firewall rules, *and/or* through a proxy (a service that forwards requests on behalf of, and ships replies back to the client). + + - #### A Tno has an ExitPoint (for IPv6) + TL;DR: Any network needs to get out *somewhere*. [Some more explanation](exitpoints.md) + A Node that happens to live in an Internet Network (to differentiate from a Tenant network), more explictly, a network that is directly routable and accessible (unlike a home network), can be specified as an Exit Node. + That Node can then host Exitpoints for Tenant Networks. + Let's explain that. + Entities in a Tenant Network, where a TN being an overlay network, can only communicate with peers that are part of that network. At a certain point there is a gateway needed for this network to communicate with the 'external' world (BBI): that is an ExitPoint. ExitPoints can only live in Nodes designated for that purpose, namely Exit Nodes. Exit Nodes can only live in networks that are bidirectionally reachable for THE Internet (BBI). + An ExitPoint is *always* a part of a Network Resource (see below). + + - #### Network Resource: (NR) + TL;DR: the Node-local part of a TNo. + The main building block of a TNo; i.e. each service of a user in a Node lives in an NR. + Each Node hosts User services, whatever type of service that is. Every service in that specific node will always be solely part of the Tenant's Network. (read that twice). + So: A Network Resource is the thing that interconnects all other network resources of the TN (Tenant Network), and provides routing/firewalling for these interconnects, including the default route to the BBI (Big Bad Internet), aka ExitPoint. + All User services that run in a Node are in some way or another connected to the Network Resource (NR), which will provide ip packet forwarding and firewalling to all other network resources (including the Exitpoint) of the TN (Tenant Network) of the user. (read that three times, and the last time, read it slowly and out loud) + + - #### IPAM IP Adress management + TL;DR Give IP Adresses to containers attached to the NR's bridge. + When the provisioner wants to start a container that doesn't attach itself to the NR's network namespace (cool that you can do that), but instead needs to create a veth pair and attach it to the NR's preconfigured bridge, the veth end in the container needs to get an IP address in the NR's Prefix (IPv6) and subnet (IPv4). + The NR has a deterministic IPv4 subnet definition that is coupled to the 7-8th byte of the IPv6 Prefix, where it then can use an IPv4 in the /24 CIDR that is assigned to the NR. + As for the IPv6 address, you can choose to have a mac address derived IPv6 address, or/and a fixed address based on the same IPv4 address you gave to the container's interface. + Note: + - a veth pair is a concept in linux that creates 2 virtual network interfaces that are interconnected with a virtual cable. what goes in on one end of the pair, gets out on the other end, and vice-versa. + - a bridge in linux is a concept of a virtual switch that can contain virtual interfaces. When you attach an interface to a bridge, it is a virtual switch with one port. You can add as many interfaces to that virtual switch as you like. + + + + + From ce118030dfd272ff45277fc7510e9922530a90f5 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Fri, 18 Oct 2019 13:54:42 +0200 Subject: [PATCH 06/18] docsdocsdocs --- docs/network_new/HIDDEN-PUBLIC.dia | Bin 0 -> 4182 bytes docs/network_new/HIDDEN-PUBLIC.png | Bin 65812 -> 62117 bytes docs/network_new/network_module.md | 27 +++++++-------------------- 3 files changed, 7 insertions(+), 20 deletions(-) create mode 100644 docs/network_new/HIDDEN-PUBLIC.dia diff --git a/docs/network_new/HIDDEN-PUBLIC.dia b/docs/network_new/HIDDEN-PUBLIC.dia new file mode 100644 index 0000000000000000000000000000000000000000..7e89354691f2d08c8f66c84c9bea6179c5e019cf GIT binary patch literal 4182 zcmV-c5UKAUiwFP!000021MOW|Z{tQ1exF|T^BcJX1i)*7A%jJxo>3bAG&fn0=m4^UVul zw!5Zgr|a#q^OxRwb={#aru?X)tSyN}c9*ZW+kbjg)1&Plc#AlrY*Ng>-2e3CovbeZ zn@@@@v;Qu#mDenq=4tID3)%;4bO+qzvnh!o?=dt7CI zA3W+dzr3vOy*5vuEoX~-yFW`ckVp|9b85aPn3(U)DCUd&=3=s1FZV5kc383mER5{4 zbq^uRW9#dDKD#dJ_r|o@=9}x)*9(VD__D%tAI|efNo*{d*jF?uO-M-5qy$8hAoG1p zWh%^n)0BmjOb?C@kxZ6y{q#%ffTBuL%66!U*CV>bS9FO=C<`dMM1ts2YDJfT=u#0@ zbUiqVqT8Y9Qg75{3DF@@ms-?SR&l7##UQi^2J9Uh zQ$bkcA*kqja1=$iL(%2lq6;t>Qgp2wMy;)jwME^)wyp<9QFMcd?jQNL;)(3yt?UYK zV;841F+znU4{7pRDk_yovGF}g%2Y!kF5qRn5HqW+sr#eaB*V_SNzu@q+S2jcJF z=7n(}5RQsFwBoJ^VN}_t>_Gf7U*@iQ8}EV}qPOOJNC(0wP_BdoIz$QMLl}C33R`<) zK4?Z643mp|Ikn6j%cA2rfRaa`gUz!wd>Q7iKe??wiK~*cbt?{&T{BMXvFi9`y!~a} zk_iY(`gVtxBdf>AOC_HB^6dC?8#$BBYjXDly2d9KHZLq}NdpG^&`20-PS$NBw$7c? zQas95Y(&wa0*|m5k1o)!wHiH|0rq9Sq4h{x5puOtBoIo-6;wWyp=b?uBveD}*pWx~ z*EsFO7p=)-?8$0K`p-`gk-n@oD4(@P4mT>j&B`Xv;WRCeH!hoy-ZwB0kkV$PTxRBh zhGr9Tb;jmP=H~Net=r^0x?`kjc0Ol#9)V@$Cr=c3BWPo76e5z4g@|T5N_A`y&&gVC-S zMlc#882Oi5>Lh4@4)$kTFhbTYGUm~c?4rqKgreY?{#_xAP&CAZf%NatO_?Cf_RumN zv}+8fNT@P&Pmvl^NNHjT9vs4&1kM`N^66NLQ%t3>5nzPy;Bp7G;s2LY2i3eo>*XVL za_nC^C+y!9LYhpdkS%18ir36m&|wX2WHLpFOB+n35{J%y)$!?A3jJ*e!&0R%=~0gN z1{WDAxTq=*hvK-pLJfVkO_8mOi)_7KeXYmnrm?9fn_n#QSFclqYS zRKtr>5&r@^o-$6c?YwB5syMK|CB=%`xD;iKLXitWL_*OEM88ABNgbb#r6R=)0%*!3 zq17v#C=}sj&~QR~f)n0CGFWpYY$Y3_frH+hVGW(ELI^&lEJYa7vxc(ZJbW_P&8OSM zW)PicsbYe@DL65&G8C9RY#k0t9!c~HBy@moj_@!1PYFl1ZJlZzwA9T|lG<7ZlxV;a zN)S{wrHF*i#n*D_aB>(l#0e5nhSVEJ2$yiev3^UbgucXBw_sx{N(cy3 zU@?Y)7|J;7K#52RMz%)88ncKr&C?%aWxM%wR&GlnRe7rp*3nsy&U$ywdQYYE)W1Xx z8EwQwW#UbMrZi)!3R3oeU;!Qbf>UKP2v`M25hs(*OaoVt`G<>QV)7uG)t#5j_mn-L zxP|G}T0tldg?7_{60w9RB{0iKC`7F}!XypdfK$h%b5fna5R9ZlO+_}ZY>4Ja&|%J} zYmWF|yvfUYAft&D)geod4JB@aXgnoUn>RoVkVI%>B-pYB9eN^eEuXFteyJdu zY)uk5v_PL8pcs1>`9T@DqO{B%hZSP5pREuhp~r?U=fr9qBgDbgp_@ymv|}u!#{~{i z6GlxqqZI#`JJOvUPK9-^3no#l=75Wqwzy^XOA#U)gBa^r^|ck#xLzHj`Xsudw82^HamoY< z@Nvmq1fNp?AKx$rYv-P3-a#0HuqR;*-B}pJkGB}c=sk?VT9I(kK^VgjxesHI?ac21 z1~Tri&5U=E_mP$mF_7_wvl5KAq|Q}G>Rj471FOw3>PVfdsLlth&P7Y=Tz8?)RYjfa z;i~g#ROh{@a~;+B+g0bXr6L2>QISEZ&QW*j+>f`Y&U;tqs-+?W-9?dsdQxOCaCJV3 z>b#dSgQ(75UztHoTM_fWZCAnNvW@SSJ@m=}O%(w$fNMh7;)C!*efL?bS#(NsJz`@| zdmYER_U_sPZYHXkKhuC>oghzI3lXWCWfThgOuV^(x2>*yM7?qADBlb|EI=|e^xD8*W~Sj*;;yI9Ni z8fw{iE46G?c2LU(-NyH|Yz%i+%jU;hjF$HuE$6M&vQgDREt?_opm}v{$&0b_V`Jr2 zDUGr6H6d^0?fL4n7~yU!!W~CNyuJvxZpkTD z9XZ8T!*bkRJ-8ol(JAiRDHf(dRSl>cF zAR17L)iTkSaLHZtB?dTlPI#B1LYauwsvI zhMpr+$EIVcu{1Om@SFw_=n0+kg%N^_YJ$d@oVmJ+NYdXBH|c>SnDm1r616dxk!g`o zlxiL{A8sfSsWF^TqmRYdoLEXINhmfJ1MXl(qmxZ1k`RuVeNL_U;E*KaBqLcwlKyOx zAp(hiK_5zqIo}DTaKb`*9s~eHTa$z`IR?TCDKHWmEB?dt*mYbwaKt>GBzTJ>gUe@= zAxd!z7m^xpF)?;0)gowps_~u?XO@!Df@7cyBThkxv6P{u*v+L=+@&mqo#LTMF!qq( zz6992jEG?)Lt(={nuA0L3PB&1VvH^JQV~Arv&)-f0c*^B4Dp=)++E4qI2|JV>EN~- zAIdrnx$pz%D_ptHh3Mm4v{Udc{YzMQU{th_2>m8wrczCTob5R|{X*|wKNmCeqGqGj za&Z?czJphM^NJ3O#omK!K#`&iJQ9KNh(F*FQ=o>10Y{(a)A_oztg}Ugqb}e`L^wJT gI4XZ$WOw=c||q5uE@ literal 0 HcmV?d00001 diff --git a/docs/network_new/HIDDEN-PUBLIC.png b/docs/network_new/HIDDEN-PUBLIC.png index 8f274592378ea05aa4e5f9d7c8d7ae4f3e409ac3..72fbe35544054366da7a7f2d6b4c7e7a88174ee1 100644 GIT binary patch literal 62117 zcmeFZby(Hm);72i0|`M95D<_S>8=eZ3W%tHbazX4qkpBd)@cF_D7kQ5;&M7m<95Lde_Yj-l6Zo+K>a7NHX{^)xQCE@@<`q(c5T90U4H+(ZJQN4m8$yQ zy)5nIx9L&3@9A_CRVtHaL#{d#lyR(wXPrIkV@eq_jm|Q8WlG237aX2$gX5@%L!>VA zQ~3#=K707?$?x%no-0qnIBgA`g(%M1Z5O&@d--?g1uc8s7F}~`ByS-Q4TZV6xdSX{ z#|C*0XmDAE?c(cjm4)hVG5Y!N6kpI41R@d1L5M(j?X)YyZ*)@Y!7ttq3ix0B1Zf#o zC8?sKqG^P7Dvji;>dRmHcr1L%b^MHbD@0u_Fh&RS?oa0b^MXQ=LA1Xw*sK0{eq4}DHE68(b190S%G9I-C)&1mRv?nO%1j>x%}MbW`Q|@ zg@uKztgMfZkLZVdjcU_~vC+}1moL-M(RE5+$HMaW_ZPI8`w$rTeK1F_x&(orDRTj;fJ2!7`&xJ}G8X1`-5Zt-*D_bEaPp!f< z;;w*QW?`Y#bims$^?tcURc05^r|ldrZd5 zIF8qWGQQ(Hv2k&(2W!M+WVMc)n$BP2;^M|t;ih%<^cWvJ@HpF7nxOx5m)~Z0;rnQ{ zq@*PJRqVow3SRx~hum;a*N!`m3&#T#yAQJ9U!|3NdUm|OqHv8{Oak@5qFh^BJ3id3x0(@kJ_=)yOMf0kHC0|z#P6^cDV~yb zFy7wY4%-n(Cdk9Uu-qp>VejC;qdoJG8SWN$FLYn$>ta!Mpls!0yzAWj&kX5{{b4P7 z>G;=rdhuvn+}!(f9igU5Is-hff8CP|p^*{fHto;>kxG`p5v@~iIUkBMdcGkteui`J?yBPB*%pKCHRpRTLk zK4`)f@%Hg~5zW=n+bg}U`aI^{yQaP6pC!e`Ha0fdLIY)H!-UMLxoQ;~4R6pN``%DU zLnaD$R~F!lrlzIgkZ>9Ir%IZSl`B*eVu^_`F!Aes2@fY+z0bgKQvP%3 z#I$jAausf9fz<+XS&CG|6Zb8&I;_wU~e3+cMw9Ur|^az8nE@!|!6=%165AQJ9p z>&e}3-~hWHP8<#@X$`vF=it~GEi*Gbl_HKL#9Cf$o?6bfoT}SFULq5)yCdXMIx42Z zbu7s!ciQXs<;xemZ?_qT6QbK_xVh~oYn*LL`&Hp$eiiBAXvCuR@tDp=MzTy+N1F=K zWo2a*6%~y#MC+Rk=ezH8(Br6##l2cROVb!k4bsy!Fc53yz^`hX^QG{J6!AQVbd#O; zdvVcmw)y(*d2(>MEPh+F-S*_5{CXrTf9?K|T1Q96pyKZCu9UPi?+zXl=O*> z{b-r;U!JYakrbwbi@f@YZo$_f&3_Z~!rvovdK+O5xmL zjkaFQZnmJVDOHHhKB0}{4Qb& zu-q@E`DfOj^~PO3HbKFY7|S|qJ3Gi*BD9jD<>qQRih2D%e@e#*45q(`X>NYvJYO;C zk^@Ir^h1K@`PVnqDIcnWK3bq6D2@_~lWlOUHGr5C@-k^1H73VIyV)KtO<8 z$VFb0o{DPrJMUB&4FeK+8s|9qnFwl3rRT-@&iZ^;1glCh6b`!d{>`T$rLed^e#nT3 z)cg5iHpv?}Wmg0ea~eL6;aUGkA8%!6hmDPmv|EyS?3mTquADBlf4~%Fs6{W?k1KMD zM^3)6xJbWQXU)+UASR-6FqAz;5k6Xa7`UcLcG1h)6(%a>4JBUm)%>;)V* zVn2VTEEtEhV~XX2$Ii~)D}3@gMLcle*Sl((pr5K=ZPFZAWdf zD<`Kvfuy_xzX%#^P6W0O`SQLnDv|6e#nSnC6rVG(>&-7Lz}=f}3h?vK&&|y(ER2qf zn0R_qvF4T+J0wYB-MF#wBkA3!!W{;&(bizf$5(O5A+MjV){~!g@4_R1b0a^FKv=t_QEJtO{dd#;AjkA+Uq2ObiUfA|5pv8AcBuHk6x>l`^ubmbSOGWxx#- z)StVQ4JS>p^ZYZMqB!Pfd?_5Ptd<6IhAr#QhJtl(Kl+akW1B$5Pw()Ys(|5JJ*wY) z1I_I08a0mGQ9s#dR0Ue!nJoi2jl}-%BUKdcblu6#efXjjClY^@bMK9V0V1{yP_RtA zq-MbnCvR_W49bJGk(6mOay~2V(NYrtZ18{rQdY!1V;hL*ey3SrRRM=bg2KI2%%4!B z%I@Qb52zyHv*#-AG0^}>`ZKk}`BoDypeTrV-_iL~TY$v25fH@oEUrXY7 zvIX>dlts?}=skJT3^}N#wwBj?bnnMw+$@dH%anTDPoF+*pR9HD!Gp_IIFKI#IJ5N) zi&b9j7wpWBA3q8U3q8(``2__TEBO(bF?By1Rt9q}wu3wej)MaO17Q<~^ED`3*NWQP zpYrnZ3Jq#IiN_QT=aKu;48o2Ent*|4g2c0D2%dK0wTCa&7p+mo^DHs_J&<>o>@`ti*N zE5T(YD@`f_FyVtr6NF3)fSOg!#*qL%o+@SC0Azpqc#d#bCeLxK@L+xrRG z55JJ)!>+Pp%BUn$RB=Wz9F*Y<=>%1Z;-aGKxVS+dKN7QPdzEoB5PMA$PX|Z=-2a*W z!c53>bAA2nc(p(T-sO0#>OsH?k`TS{cAKM*qom+1sfgK>;!^6VvS@Cz16X(@{1&rn zsf^WQgbZ&}>YI*G`U2&mb(kl#@OVIQDbZKd6XUFCW?`1@5Lr>4fb{oa; zq`kd;9ESmbd&@f?IU?5hs3w!+;mGX@Xw)?9cEhR&S^3>=P#`}%AAhB>f#JQTXk+D^z z*EXkx>*VT6fpn6|*l^r)?tVH_6EIH0>Ak z) zU!-Stc6Q)ccf@@9`0=arZu%Rn!n^vpg7}1lJRYZi0s^qtLrgs>p_Dm6*K!T}PU5uq zlEPg?<-V`r2qQQ-fHoi?=N|MS!VGBKHMpUjJcIVy8}HMn zPjLEHA*YTKOc0~r9ULDYmrW60A1TRzKcE{ugBVJxH%}trP<%`*U0-6m*fZ1QOGH2b z!EQcUDj6@1g}AMQg!iNqLP||Zd_hxQp@QX*-4~SjbQcmxZ%4;6Y^se-v9GW1C;=K9 zzWCs+Y{X>QqKHX{p;QFeX3h@Iv=24BWHevv4 zg@xn&No}r+{(jWT!3ZBcQt#<0Bl80w`MbAo`}_L`@-Yy5`B3Vw-MBkF`~IyI9tkl= z_*avm+!5GDB64yMI0NTrC-n66IT|++cfJ)Hbj|sb5)u*$|CxRV=vuLw>hTGr0d#cK zG5@{39v2-A$7JwxQMU}Fyo%Q&9L_s)At512k9|AqtI-f8Mjb@FbGN+3KLi-WbCG^YL;<1hd*uz2}9=&-9Kd0&;$v z=ElaP+}!7yw%w5^axN=7JDS%rzM!BWE>1&Rdm0jAx#g5Fv=z`J9IduMGQW21nxLSd z@B8=Z>FFyLuznZNTYR=`YiSXC@?^<=c<-qwdgKpwBtS8U6K}k_x;o$yJtNzKowh+=qpUL+?|l`$R%RSRdsYQk{}Ng&6^x7}TM(P9=#lLg?yY$*4u^>1-m z**<_Ss^zbbx;cBFhTJA2a|g-=@*5m|H|Sm=Ji}=^+S=&(`Bg$vLqcx3x}HpVUbv5y zo5Nu{ft;8Rqz$|l`!1hMNGh#VcmOHy%aBxP%bi?YJWjXU;M@S6v9YlMNnFr&Apn3V zjU=o`6m)Fr;(!F|j#n7n*AnZl_voqINbk9%9o7BXDV)-%!SB9l$GRjR&O${+h<^8M9-PQL78RYQey=B|eKilv@z~EI?RdwQTo28|u z@(Bu}+Oft)ouwa1Ks5oz3q9!5X?jmfOAF;4)r$^f$<55nxQsq>r`A)!LtRBtx1Lk@ z8>5ENLY;SR&(bR^`PkWIPg3f`nbj24Z0FiP+dLSpwEit8Ekx^`nVs!2|3%5o&F$N_ zZ@{X(GC%9??uKk~biTfr;F+J9`9qlG&K+YjGgr6*K%A71-~SpJS+-@}hohttDS+kG z!m&T2(#nY*zCp~S0^Mm0k9ieDB0yzDati`dQZ*SFE4Ve-IiQ;IMvvp;;{hKoUI4r+ zHyz$32lfcA?AEPY;z8tj!|r{I9N{fGD@+K&t|vyl93Q3dpbZngINgO8!I2dGaC+(n zDO62u3}9A^KT$+@cxMg)5fK(8x##J2lP_+8Ms+z<3fN~{p}ika4(zqee--L%Z*MR5 zCQtxEnmH6>&}YJG8Bjqmg?8Zda(wyw8Sw)4&(4!&Ft(wwg1>imb(#IyngQ0U9x|I* zLG2J=Ew~8?=*q8O%_pktw`W_v$M7aVZ8+XvJv%+M)5?=h5GEiXfQzUA2&rcorqjY7 z@V>CP_?Bqo2K)F|+r_P!CVxLaSZip%=BB3;;XDR>&N{R&Q?2)KhhASy%tt&$rASw- zY%?1>QCMQXjlwhF!-q>+ssJbZ^y!CDpK)4%>kxlje|J8>(tu$0dxF;@%?4kke z)H?>-w$sJRs#)`EbhK0sbBciH!$_=1Z&w#7(rF8FvWA96Xh?|5{tD`a0Ut*8>?=6z zSLBZzhyJ5Lq4Bunq(sNW2tt1ctHWhFV7%O)b{wCG=JL(a=MOIGQab{S4w%q;y{^CK3s;)s^>{fr8sAfikCbJ3R8^SCPwAz6ILu5Z`0qZl~|v-MCRAq52CbAzk7s%N_i z7vnX~C8(~LgU}SP)4$D~pD2BeqK*-{5YP(MlbogP%9&(xMreilS4rayO3@1!dg8{C z#jqqK+90mmiK+mK1q24d=9UEo^#Zp6yeiN|hd@YlM{}52U)HH`BUd8P z*ANFlal;9O;5MJCI|FJCr(W)=cX)t}?zjj4K(`}dblk9L8rH!(3mm7@1488a$72&SWQ z>l+OZ0Dfj>qGGAK+7()(T$K`UyabQqWq>YYr6#|Zmye(*xxSaJON;YuY}(zP)jRhhLO5t*x!0!{mc(iATlB zx!XddwFiCT{yuP%ned@1Dp3av_;k;$98r%cNKhM6%jd$i_NzlAf#P)&04tzXY`W)~ zLc&34AssJZ))~ft3Iz@ZZlsjsRVLb1IaNc$g~UhiP#M~vh}Ff}8MRO-=DxSNxfw1w z0mwY=)_q2 z$$iF?glj|beGjS)+1{Fo@&=D+(U&PgsR6CV z3Gk`1@-Ik4&`JT0^YTzJ)Kc>O&!9W$(-&0ae)#YKi--l9Crdz}f{)&%kqv@6RJYqB z2w+yO8V`LY`bQ-xYKOlKdO8tC+$+`BXBx*rWr!IIL8QMFp5jjcaaGcPqA2PZU*ky$ z{#1LRsW~~_`0j9XYI9{JIxK7;M~StJ@lqlY;pFh3`N}}nPC*_S8QCGU$6sxYD4$qZ zY-Gx&0Lc3Ze?Z$kB=87bVz5RZW;i+zo%ihR zb9j)eZ?2JN+9MRX?<(wyx0>ER7xl&iP~R(bI1VTh6)#LG$!9G%h>}NIj%rXNHUN>k z+3N?2%c-c0{AC}!1?ni~GNXB0YaXM)ts(&3RzvI|vkVOk(n?Bp;n=@$L4+qHBn)1t z*13Hh6^pvVK^VpkNC$K~00jR>c=)-%5L1a0mV-mx%~tvLBRE1l*X)&mH;$|ho?`s;0z9yn#j?URn%JT zLpj5di_E&G_ec`8CH(`jXi{1Jq$Eke9|K(HwwxUA=rDowwDYIr&!0aZ@#*V;s{vZ1 z-tEW+v=sUm(Li7hKy-wKg&8Hd4>dKVKuH9M^QzkIF}2HxK?atVtlsTVY1wtXq5J?u1DUJTto-%J zE7vhlC;R$j>-ut4IMvkDj>;RmlqiU?j{8eZe!@jQkKzEds1Fcr2icC$UfI~Y<-Nd# zG+X;s1cV@nh@h)UL*r4}HLoR?47qjh1C*u6(CWI&NzT~4w?yX_7X|tGO}L_=957H) zCY6@Tulog%5M#Nt0Zi&{aOl(J`j;2L{F?S)-oh4BtwOd06xKk0|J}Vkx83i&L`=$C zkkjBpAFn3|5DoX6;N^SEc>YJ`Fg9L-*qF0iMT@+AT!oU5g(L3e;;y&g%vXoI$$uvu z?te35oY4bCbT}nQxD!75c}v`lhU^$9Hg3bIzD7wFv2CV!=a!BcJqaQgzx0CQgxyDB z&mo(vk5wqaR#zAmxod#zJ&G&t~qalamu@98jb}Lqmm-NJ!}oo>A^v6@YmoBO{?% z2Sxyj&YkI#N7kz;F3_g{fwi!>h((#4oII4PqUWWX$mgMip?CAn9mq+I@H(iod%&U! z+pmN{wkgEO#%{Jz(bxFoe+V*J_mRGTn=!z2?dzl=r;U+p8@85I8c(fU#RtdX1rGWDkTiL$aKcy4i%p2I8g}%)@ z{IEmvMpxbAfHN9g-}v;P#3%}Lq3!K;Z2+M-IyUHqE3I2h_@b@<_=#hiu~CC5hG8!U zfj(2@Rd}&gMt~>mrS<{SZ;95o9jKS>8^N1#UoJ5s=I0=MejQL~B{L@}#K3zaVondG zU-t~R)JXB6De4fhfjVng1V~K_g_g#I=zp{cHus~8Y7=+8NEh5xs7^K+y^ch z9CQq`KQu>#%m4lD58>*0I1m%^a8Ml= zfLOyKWXjy9ysAAx_TDJ#ZNL@I+yB9x0y%Oj(Q&ijUcl zU0adwN*_Jf)fD!(KR-PJc6tro4~T`a3QIVUweXts&R};9MaA%f0!t|N@D~T&ng7h% zM>QV4%XWJUx#2$(b&m6iltTq|_?Iu&DQ}Po(6H(t!r$JBH+Twb!wGBi zTndV-!^Rir{ji{sy4F;J{SIyivZvQ|m9I7iP!!xwek8%V^i#l&BjA90Z!6Q$u&`M4 z#PWyGz&SVTOBUO4y_P79{d4$BL_~%8*uiXz|IP&X1tw~ouNc7LKy$hZtTV^1|DA6fUexmxwY4<2MECyS=^ z!QCCowXiZxA{*=B*j52JrKpD9uU2C(OqGh{&Xj?U==pf)YNoh_1CXo z(25yCyWP{%bDYzx9k7L31P~3l!)~7YB*y>yyscfcH!%!-$J06s>lb;dWiCsWxWa!D zfmx0>WkaT%U5@9>^H_$*8QH}BF;$)IAFcJFRQMOblF>)o6{E*ti~bb z!6xB)3K^X`ZL`h-XaQL6a7#e}fvZ=q3WJyh8P91c$rmXkv|lPaNW4pr(Nse633W%O zL~oA))klJ`oRQ#xDr~S|##|(@0|B2kPpW{W4FuXHCg=3*EH96FmUmP9{QAynLA~%! zJ2fy+fLj3Zm`3QiJm=Pn`tBvs5;a?$#WdQQ_k-v8&GjS2?i8V%FGa>m70GL^ji)Go znTt+}1Dazm@|+^&_PJKFe|eIBxz37lZe!1#d(@Z8WxE4&_yB|{(BJG2ENeKQfWvcDDfVS2_6+Q^LJn%7wF~=3Tms}j!>Sn zv9Ym}KYzdlkpaYHy(aE&~iKC~gfJ+N{NLO=t>uC!O>_&jhmj7~}$=KhJwT&r2Q+ zHYxXkC2QXB-?6hhHo%EOTLBMfydjDq_h@;ZDI9);5I~U^2Nthh^?RYAudT1+s370U&)OJB#pxC1IT$ZxA9Nzmxlfn^BVa4-~r+szR~Q;it{UiT~J)sZLa< z2h1-tSwlwifT6BINMF8e9DxL?9jqVbEAF-4%ZLuYF_UTFxv;RHS?@6c_JxJ$o#1F-{>Bfu zA3uJKOOE^lt&~XwwC#MfwDZva%O%bVhJ}ao82?BF7fqS@*wB`mZ(_o2Q4Cbd5dS_h z0$Ro~Fg==@nuFwi0Rgc>t`0IX!Ej_Bls(b_A3|wHyvqX~9>tVC@AvODs~yZ?b3x!V z1IFxh3ED@91Rp%e{BWG16vG4Faz_$t-5==0Nsz}!tHC`2adQfeJ)lK^TK)rEOj~pF z^H{zjs9x{K%LWDpe*IEDGO~dCE-RYRd&#{Q8rzob|8GrjW*7s3W0|Ah36xI!(9n^GLP6HVq)}kCZ zH=yR$pyuL~%RzSr&Oj&(U(gldwZKiA7v`nV9ZTkzYIVe12GUhlkL``m@5pw(8{F2< zpA&6ryeK2bpRiRzIiLP3``lf8;D3x~=@|hn<2YXA5FZQk^H~~Kw9A15 zMy(oX)nG(W`iB`#?rH-@l(mRS5-}quCns1^!P7uPGY9#$kSJ zv;LwEw6p5!6R;}4`5-M7c{Xh;pYAe-!Udd0pTNQbE@PBM#&%s$`wqC6I`mJffDfib zBFDk`I_dsfKbhDc%wh#5AEyWm_4Vym1|-R`Ow7$EfE@{dV;UO^-56>)R_!*%`KhTN zYkq|&93%v{^srPo(+FrSjqk3Z$}U(Aw9+)*d?T6U31`uW4i4U0ub2Xwnhls1fO%;e zXiQZFp=~C4z%oPLHXYWrKv~K%J#CZdVeeplN2{S>1R)as1v>mFMN&IfPF}9YA7B}4 z!CVMOD9lo;(yH;t3F6GyX$+OOYMgfgXEJ#^9ZopTlX^W^S_M!z$kK=n#WR7{kO|st zkp0#tzI_u_LOq5-x&?FKQGdqHH&aG4BF!qhEa2C7zComcr*iV2Z(V6K{|xqd-Um<~ z+ujX?z&~xvMzBhqyXo=@3fC!VBn7Nzy@6T-O}n<%9b8N`JzxX}xn}N55QT`Qc@mhk zffStcfuytxLbLoYoTW!iW3AxB%sKn=9Y~6#Z^8)Al)vulNi+iqCt~p?#?4I@oH_w1?&akLr_@AA6Kn}V zLDFDs(eymCca~I87=(Zw$yQ)AGFk+3Z=%vVg|g-Tx7g#j_cFESphb1Z3ypPkEiu zlK$g%|JRSQ{P#_W|NkpsL;fEdE&6|Fb$d~xRJPinJvdw!e-=VhCWS!QTao`gso*cY z-Na9-5j%#iJ@bES$m-4&PfyRBdZ-R!Vqye@gqW1$6BG3p=dKgn8tUpWDB*(#z-lz3 zva%Ao`t-!ahjA-t2=3q_gkF*9U^XE0Q^?J8bD%1;wYE+kFhGY8k`NLe?g0IllBToR zg~27niVxUoTa%%0fm$T`0Vqjv35kr<)bRrbAmKkJ%>G0E0)I-a(se{81stf>ry;38 z6dV^^fNBcufe9qlW5(+UD~WbxucG^q$yr$HAP<5RgsKF>?#J+EoQB=OZF*(KeaVT5 z+Q9H%%>=_Mg+5b*@)HRO=t%|n_%2_&217#TGv9nF-2IT`If;qWJM&#Y2w>pga6gPg zcpYma3ALHP<-i7Vcyt%7WYwU?x)T#UeFiiJK;P4W0sH4qxv8{E2n+vRWiMI4ErZ~d zDszOMsz9rLQ??8o zsvdiwS_94%{Q!j&{2y9>9}25i5U1COyB-34Gr-dLRN;gQdk_itN)osLz}bD{>mqE` zH5`&s?Z!*%Dd4>UP73UMLqi9E87}}mbCU$Rv|K`*clk;4HQm#j@N+JGcyz`cM6g{t7 zzkiqdNwYG0dBRf0&A~+p8Fwwz5C)VoK(tv34_{Z=%kbA1K00SKGl-SLSlEZe#6;k8eBQsmK_RTJ z`3GDh8g*{`LPBR+7staOK0?C3Jwk|RK(s4A)F8*h#U^SpbHD#sp9v33;KPj~s`58# zFq-uXBxz08b#A~x5FzScZRVj_0y!G=J~zN~Ks|wM)d1FL7(aN9@i`&_I=)KSa1d~C z$dP;^B3d4wL9pA}vVs_cp^Cf0xmzYYh=w@b8?QpG!T$qhs3Qm1Ug(i5&CD3R`CuIE zfTID-$AHfgGBPsU4nf(rx3)Hc<{#iQ%r)hmm;z)s1G^chVmOu8#F@3`v~DV$-}a2h zUo5@o@hiEKocPJ;D@Md&%ZV(NXlU0K~ZQZ%D)ZyuXM5KJvK3i z)0Q@6GbmKYVBr8CpIRLjLgor_S6FjPOCZdAVaS3j1f=6(O;>XuBSb%3!6F3fX~!yv zQb4v!$MVU>WP)c42+AVoUBjc6Lb1L%p%?5$lU7UP%9U;8Zv6#ui%sgd~`Supx^ z^h8N##xq3+{4J#wfSd2sTtR>W5S0qv>L6myg`d(Qc}G9+rIDzaPOu=Da)#qk!H^o< zUcX^3ydlbjnJ}K7FCV6e^~y0W&7$lhYfD6xBLUJqZT@f9tEr#>b_!<6eo&Ml`y-J^ zpu~Ru{0Xg-2W2yAZj%&LU^2+Y&;Xdfer?zjo8|r)#eP_V{R%aAf~kmssFc%ZlCwYF zGnufACd-e<@HGF*hpH=o|6ZGY#gDXkCJi+09*-PpYik=E zw1?hfXROL@xgSa=&@}}>-+=_d@^jfocE+6}($drJ*vdymOw! zNu9CPgrOYJpTXL$j-g{@Gz_*;u))8C0SY*zK+T>rgS&nPOk@WztO&IEbBvo{+a)1+ z;3@V8iiqV%F)hrE05>@;!iLVhLXz)w)Srd@0e4} z{C=RmuR8Z`wsCj%^knwT_@+jiX}5_c{y)nNLzJLnK60Tp8gjQ;Ta6{$9;me7xeX+} z=xx~te*wzC3e!>$hA@0Wl01HVpNREigq>$`#^&xT$GKF#WlChZUmmkh%NYV6@#CRB zlPx|8i3|8+z+Y{;%TfAzWC!-ZWwZ7WtoJDYyQ1^p8STOc{_jsX-^E2#QGXZPUDvH1 zRe*Nq7ID`&mq~vr^nfr2!M#`q6q?&|TEu%C(xFsIdBueJDDWVk_tldoobl;O01H1>#<+Ez%KP z=hX7Wg5C3O6Rogs>}daISnVq*qNP2h1`UB1+r~i|6%_?L1VRdcFrat85QT?_zk~@} zFyI6K1@xCpg(ytc!>lJUwRivqCMGoQ>Y&?$adF47+%)3U)xPmtP>93{V+{-=2l^-=MfA^mvVEN4ZQ}v3CQ(W z*g8DatY6LgYWFC=ndQRd`+-xKPQ;`HJ3X8OxmC>UT3Qg%-`f>r)?X!G2TLz#24N8q zQX%pxD$5%ib)FaJz!QLi15b6XK6&z_odQLQqv*GZi3u7Pazk6YjovA$T`LF#u3N`k|+#?fCvU zB$ao{O%4NP%Nescq)@v^iYjo{X~SyqB$(2e2ZeFxO1lqUkkG*|;1f1B>=6y8K+|#Q z|C=iKZy1~Zp$e{5OnG#HQw-(_@n)e(SAhcy9wAnZssXr9C<-rHCK^4Tz8ZRiegU)O zscqy^7kfWrj*dhzf*Km48G%X!5^V9^Rh*rjD#sQ1lkssh(GSAz@snU(0Xg+FcpT}C z_ZK;XL2Sz5gyn_$gS5^=+`1`emBrd9*G*kqNQ69K9S1-RFmN51Zio)B5LEgPqak*i zA{~DQ$Hc5IEoIiO&dr5^^b!+eW@MCc(h&{g9o~`rwuUh34#Uu3wON~;4M|8~^+u5# zu$I7R!1x&0NWmT^q2O@2c!!j?hn_Z0v%YTY^vD#Kd$>ax2xMT@L76y0+2l|zyQDtj zIy~Kg)1^`qicfcByZnbm^!Rxl!YyOJi;S_>X+5uqtZ15acs-|lSYk@TZ=;_e?4JHI zE;=%j4<-S?7zmhR5)=u?V*!NrOBe@j{AcM?>XFRP&xa3$Bm@@3>VK8JJ(zp}r~-`C z5d&baf|{L9kfESHKy1p7_^Ynp7CiG#2-=bb4;w>gH?rD!H_F?){@laNZp7JTbjlSZ z=Ml)E__uDsI>L*Xynh&TJ$e)r7EvHuE|~zA`6ySJL#lupyFB(j zL0!)`{^#B;e!t9h)#BUbs+s12=8SMyKlb?MZ9X%zoTE5MQs|ARkf$mHmAYBhP%=Pp*VI&Ep zxZi+wLDD{lm4Q(@2FfQM9(53d;K^FfNB}1}YMj6a)&tB5a4bPQ3n$9%72CrH zS8YIV2!H^@a!$}|h%}vapt=D-p8{hT2L}h}#TT0w=ayiQ1y3f7tyaAfbRx0~>L9S5 zkK}WBepd?L#DpqO{*?F9DCSsCvMp<0PR!EK3p*@4G{tY;8OKZjJ7SxBOM>op@Y~FZ z2ihW~d@xA)Z2)lZoG^N4=HBk>OEzq{CF zw=2pzPZ~bZ2C;4%ugD&*4m=PPR3lHK^>$h-YP*vJCc@w%?9>_JuG8_ANcj(baRc z-pN4iXkI&YDRllolB2FC8Lr10z8^#=Nb>XjW3f{ziF{9gPb2@=6B4!FN|t?UpVZ$_ z6@E5OZSy0g6B2TVJVwg%nh!kgP9=tVNMxta{jD9Fi(P5wD^rw@$vt*otRLH7V;Yeb z`3OeQy29-2&Y>Yi6xU#Lbck0GVo%+*s=+!zdvN&6Q+RDx@nxPmNp&TcwYA0E_!ib> zYf&sO11ddY4C0*hYC$@>!#r4AB7lI9IG`t)qdlvsy_i{J^2YG<-^IWlCm~c+kfroq z`f8;UQ@^-7aFt0-t*@$VYZu>q%r8!`r6crP=Ssa^6_3SjYKfs@S!e-a+5l!IoL>*+ zg(-w_JEwef8!P*`dPaVjVVM4MmEC;1p~Y{ln&qW2S|OJ{6FQ~d;J}uiZuis!%{sRu za3Z{X`t(=5XMIf&^jYAIy$SR4AU+bLrDS@W2}l`Qg)^@CjFXtDf?q{{Na;%v%7o~>jFv@wqudN0&oR@! zx%b!Mrs9e}qZXpUrMy1jsTnf-)MV~j|Fx4;cY{|^Z^s6~Nkc?IK|xNQA4gga0u*GQ z=g*#10ZkCt6~QaC(_ZD}^{${c-Tm26(&N=jm&%dH#uEiKHfc28d%yHR2kr`&R8$PX z16*BJFrFnxPua{`e`+)Kwsvy+R*~-X=$oC1#X9Gg&3+!+XDb!ej*rhflJLHPPxfeM z{&)-zk?Ak(j#|{zO+6cxs#qG@@1YAm&yrrG(p5QkDHgBO*}H1G2y6O@u#gpmWRq0p zy?uL$UloM5&XYkn>W~P*Y744v`|7EJd>Dt_5?ru`tn3%hv$T`Fu%ySh1I|&Rk|D>3 z5#GUydB?pP{Dwk1PuCf{hW*YD>tW!j^DN?zAd5|n(^<0Hq3SYsMa9IE++SgJ%jLbb zX6o~JUbNG4QxDsfxruio!=&ch(tdBhatpYPfA5O2)KJyuE=e2AFQSW*yCJEmIsJpj z^{-*J0QwC0CV=&|wYiBtV=nNRg2Nar2E!U9*~zmfAMuB;T&BS#u`4Mo99@motUq5{ z_-_AtX_R|8-jzm8Z8`g;J)_dI$;q;Uzg7)O$b$}J8W^esdmVk!b`ea1#m}4l6gMlX zR0J;Mj)xwWYq9dH^=8j=s*u#z&J_K#Vzy9zY6Et#EQ`d~1(}rggZY zV7IONT>|AxC@EgKuYBk)s*&JEb><$u<_V;uI7SiJ6a_Tp4je|u6cjFONeYUyi^p~> zs1%u=YFLeB@CI*O&jV4>1`a2`PIvViwuM@{-~4p@r+K==+4)yausRgS0yRMriB)lGW`=%8v8XL*q(9oM5r#>p=K!>%j>Io+G zi{8n&w!zplPlV?LA#?wW`+bIsox<3mOnPP^26VLI?2m79>J#hMd4x3Tn+HFN{9N?K z;J$dXcXPM0sQ+i$ywR|jvE&V*dJ$m|M8n6{CwnLOdfQHA6Hbm|ZL3=MH<&gLL6-t< z5ULL2*~^b#5d_rLr2R>J-6?_yXZHzdF_ z0!(NDcr%>i+HM$3JCE-w@32c>>!r4M#c5YG2T2WJ3Jf4Utx*G?%WJNjve zQJ&$`D8Dsd%%ISF&&(6)6bqLhtDiO|w=IK4$=}Xja6xy-B zj~CiC1%G;soZd$F_#oj%`@pQ?fP?=?{2}7z$73c{8ZECY)6LgwoZsD~*2gLQ5n23W ze}v0LPVOvSBJ`7{vq#!YHNgL8YcCes2e$8Hizs=X z_q;XGk7620@_zCwVQ&$y=Y@^j73zV@00N=6gW$x!ST`OiPAe$b1S-sQ4b$kUNRF|J zX}P;@?_=a-(Q^KgrOiCKLL5CN=^n5eh)9^HA3wV#+L_Zi=2QCkp6OkrJetegzZS;& zE6uRK6Z^#qF4en`ry*;-`S%zfvIS$yBi+O3;CmD>uV066lex{R1$cM7t7{d2CjjT- z3TkJ?q8Ik7UMdd0PBl2c1@7$H6Lff~PJI+z1|kpvfQM_NNcB_3U5R_$@4jPok>Jl3 zQG(qX==Sae3?ZARvSB>Q>_dW5Po7+B2Y1HpGjsB6kTd$w|Or4 zPM+FY)WLdCAHJUq{&I!Xh=cpC!&*I$-p9AZGG?jdU;4l?g~lf!@L*4m4V{mV;EQ}<{+M7h*&+Sv$m)X|-x9-(89XFE;rj$! z!zJH?5tPQp8BpT=&iSq|JY&}Vbq}?^_s!Eb?gi=G@ zweiTs>t5vL5^m8l&?s_PDFy2lhwR1l!CvsIaYp8FW7(*8$T4V*SjH1OCqyqP7;oqF z$QA)yF6J5Ah0LRyO;`J_GehXyh--7n7;nI#_(MY-h2F#Ud<|5;<6Yh|>z)GoGQ616IQS>uIDI(%f zrAGPSop%Va41Tc8dyZ|XSazazA6e={vhCyIY>MOUhTjjo2mXYUn_FSdI7!)B z%zAM>4yy}O+9~!=?wFAu?|q8Do8XWHJ1vT6B*`7|ej$n>nAl{oM*imJYi?mez22E| z^==%o`)cM7zR28%)>Ir?Yd!p8M$zC<{NKwevho9s-`ATG?;VkRR#&Kb<#w?-r1X%l zy-d`f>Zyi8?jxF8%d4ySqVU}|&7?iIi&lqN>PtMz)yD>$vs#Z^;Tm|OZ^y%KJkrZ` zY*dMj^Z!cR{^Q-GdbftJ{fowLbyP*ZPQUPl#PDdT`p|ALm3Omzei{}Wj7LoD3^NZk zHOK|3pf+3hN~4_}@Oi!4smg~MksP7aks=X(c7ltG^|NnSspfmF>&)+WxN-g&r-UA4 z!v(XZMJ7u?6K!rObfQzoRzxToDuV09# z($Yp|$Zg{7*oU9`9L1MubIYAV=`|^H8g&t>eUc=r|WZclI)J8aD>$( ztN2(YP1e8`Z$68b7a7Y0-c@(d9XL5X7zL3ylv_0pEXol`~wr89`3(NS%8ER6Iy4H?*P6Ss}*~lO3ox4oEY|eyV_R-Q-zx zaR}Vs14#pk{+pMpKe`MVKs1}t=)*V8L{L)-`s;TL+@m;p7360Sx`wMRjQAm#?f5Ro zFVNK4e%$nO@?rkuAQf#-%#cJDpxEe@3#R*irg#&(`7btR^KsoQe)Aw4D>s{8GSGL0 zQC_+k%06<5(BvtnPnM~G`_Ybpo!uTJ4OXo>rduBoR$s@VgNI}Tc9PYSqH6V?HyvNH z{x`1PGN8(B`yNJ=kP?vY2I&+91f-;;1r&)*x0JL>cZYyTN_R?kBhrWnNJ)pZBJfT; z_ulvX{(L$gj(b0QJ!{Q1=a^%R`H;vVmnxng4(wHV4ZXTpu{3sl)NvtAjVF5&ZlC4f zZ#&EiG|XGyM`PxC;i@ztF4lKP{`z{p2U473zY38b4U>SRN7cN)UKY3fQODlv9vAD# zN1oh1Q%1#VXE8BRUI3jfYGiKE_4WlH929bL?Si|C?SC%X>t<%ZuCpUO<0NhcG~h6O zigLCgt3j~wT3qHK)ea9Wv7;6bQF(cg$@>^@Exgwm?-#m9$eE=TbzfL?G0bHX$%HT& z#9j|)W*GSxo5@cUUS5S1o3e5L{pLeE(I1uXVd?K84#cs(`EWGvRr^wIZYL%tLU$N= zOM8Hf15S0#0E`Jh2)VO!0T94ltI4n?7-G)i8+@-g?sn=PKgTr zB1vKQk*WDz5??gL9x}UlF;-q(Z@82(1KqVX$rfgJ-k%A^s2a7lwpqeq&3nu38y_cT zM5l9xS>P6))8p?RHFxVhL!GDSe2COEB8+87{r&n8js+5`Vq09ty+&j8FsjYh^iTJ~ zB=wvLllC@keDMoIE(L#Fde0x74Yj!ZK0Gk|5VVkXT6ydDnxqX|3xTw15uA-5AyUiF z205fMc)~7kUDn=EaB7oix9viqKYjAY{l=poMkPx#V^$7E_!U=}4LCU|^3&iHGd+I) z4VnxI0fRYDHz%89Wx37gJk8C`Z!-=SmRG2tCn4D7!nHN6{d1`K3IE)&7v8Oz_jr{G zTRJAiC1aS2`VEsV_Fm zY;Pto&^+wMaF5AmFg`gxww-T&Fe7QI)Zgr7@hEbGj0^`l<>lq7GQ>r|DlZ`^L|rco z@mWA-pxxFkpQYfx`x67a(@v&^Iu;cF|SDYTH=-vvvCV?`K{MA{ny!7nLDl z&)1x(Pp}O?Vm9O;+*41u&l=Wq6BvHKSBdM+JkTa%zzY`LtMh+~^lgDEWLRrB-Agt` z(EvZFb^0yk>(@U??9e6GPkY|I{KCkm~{WhqTxx)_In0=;C>ZEMh=o4H~VSC zh@x#^mw{_Nh>&Y5V%^!T6Q( zH|W?6Xs0PtEAzvfnF&6WL#*|F5p>{hM>cwxE=cSMVdtje_yd-t|C62kJOb_ls5K$? zVq#$6zVuB>Ndd{|B!K;3HS**Mz01x($;Q!U==0}{kyJXzyJ8~jVMo4xM(msf$k16X z0}qe#^1j|)1BBDjzQ~Rn`>(gTzN>h(^ws*sURveNSb4J}O?*O_v;-|*iEJK!?+iRu z@$~P$T|IK*m&uZ1*Tlf(70ji+kWIXP#QaNrmfn(|coEsB&X|)nyR2*vn)MKZ z2_CDwsC$+(2~ers_ye{3!3Bj}pOT$}dP1oLOJY7hvD6PQR%OwXle>weuCDHqT&SNF zLP8X~NP=G(Q1pVags4-ZqW4yyJyvkWG9fMren(p0=fxhv%khn`)rF^HrNEU2Rx@N( zbbipH;)OQizA_*wK=zR61&w-V#MRc;er20ukwr-& z>--}BfHfy83t?m=fxd9?YpY7T1`JMie_Zdzf6@h5l`)Zx95oeOPkrL*OcF>) zZc2$xt0@*uZ|)eKR{U9k+b`Vf7;ET8M#NaM-pIr)@93aG$vM4mM}cDG^uY7-7pHNBiWAV` z_KuD~EYi{M^q>}^z=16SD0U7=lcAqi6y^st_Pcswws}mGY->WD504KY4kuJSkXFw3 zkg9-Z1)WNY*sEs$u9in@|D>z$Mcn9`i(@og7$_f>rEF;}nNRNv37`4Jj=`4v(H~#1 z{&PiPH2dbr6tlm-^wKd*^N_O&V<*D?Sg7f4|4?pWojzkX$fTS~{5W zL{-BW{I4$K*)+%Ud5JJGzPhm^HEK0ZQxDGlT*bLOxJYc|>f1-B{uBJx{66iW`4>-7eX8?=M?p1k$j0wbHQV1;+4isBKEmSe{ctANs@$1M2AGqbnepx5Jfx-W&ivUJ}5dbBo@ zRb3h?l?jCQ16L6+gaSh&z@))Fh=)t=2hGIP6uhlnxIG9-uQ#kQ-VMb z)y~qzqf_&{riq#3ge7vaqgCTrKr4hM0CYt_^K-PN=BN1jzg&RnN@&K|0#^VW5b^MU zm)6smUHS!w!AkqABkeVN8$NRJo%EdFir7Z|Pg(qgCNW4O?nY3}KIktTxNdY^XkFEqn9bu8}qA3I2w559fjr;dsczaK*tWbXYR`2!eLx_i&GC>4M+kUV_ zK)n$=Qi_b7Wx@QR`REAS=hD39mypXUi6hvh^*X9W*DA>h3sqJy=L20&N%`r}oTQ~u z)Q59`X#|~CAYw>l43CVw04l+vt{@W=Q_+bPa;*3bWOQ+H6jp7!G(AhG2j%3LF-R@L z%8QhW6NNZYzQ3B&m-Q>4MuMOD^#%G!G76=Vx=)OWc6YX^{cA~*c2uMEdNh;_l`BOQ zs1=}toqR_lH!BO;e>C8h0~V$V3JRKG*V;wb4v=p7;58B`Xbxw22Ejjgcb^L%|0AVP z7|2~s&~A2xgpSk;pg*)NQTtI2An;w|UR)qaoSwQKKedyUc1GcfJ1JV8<^;I@?33vS zB~vuo^YIv|zpveisu1S}!*$Zp-C&8h>lDWZkyM8XhSN6RwCr9p;s-A-EnVsSz{UYc zE|g$z^m&!<<}|gK_h4goG7{!%PA5rRRYpy zFmMr|;R%&?T|0v@@KrwxJ8xu{sCtD(>V0>>S@pps2vKpymJEsWIvb6knh@ZpAS1Ih zLS!ZIusCPnBB^8O>hTa=+%a-p=<}a=QCRC$p`_Q5&Jv=AS+AvioB9vr5SaR=>d_3y z_yJ{%+G-(coF5Cze_MGLXXVtje!V%py}b=#R1DD_1{}dW6IlU~&W`tMcYIjzf|Fw{ zW1|06M-Wmo5U{cO#1kT!a1bE7{=LwXKuku~Q55GBH`m}E8nm|auHgZ@d+(_RWc@}) zi@@msmL}-WzIO$yEmdnz7)j z(>Fb>vvaH&Swg7xxAYJw?(BcI{DUU9`-p+zSL-U1Ewa7;X5{Gz*<=Cr9HattbaVuY zy(MIDkE4kSmphUsq;}~z-&)nbG_}-j)YiL3^jbYvMYGF0TtW^Qz+>Pc!@)rqETxD- zGErC>v~b1Lg!lgL9ng4|4i683Ck326;FP`*Z)LDhA9V%!DnGDTfw6ZEI$RJi10fDc ztK?Y{up(n(9N_MPo4sM4 z#=ZL`zu!zK_s)S$7ZYuRY<94PGU+ddG=+~e_Z|-wda&Cy4GoDdEIS4DGyq@5{ZVG) zcvg&}lF~H-NPTNluB@718Uhf{RzmCa`G4u(zLEJsU4b)^4S`bwPikNH3kODTHVY__ZHyhRW4U3(zoUsF+(?x^GT${CE${+pxYceQoViK#giG zC;G?7ouF?H2#vAr7bvU2Y3Z zPJvnt3mZE{z{(Wf3edm+DF?5FE4I>X!&L1Yc&|!GqrOW>_yNvzxw$=u;Qet@RaFJe zGMJojyfG14mkXRRX#XKimg=Xarh+`uMj|LM@DW%-fhP(ak!E=7d3h}K^jVPhfsfh| zC{Q(xWg$uJFb_K_)!!Q+Z2Xk?*7w~L*P~abEtFqqee!M#ZFlc1kd!1x!z%;tR%scT z_mBnF*OR@DjvfiZqX(a6X2rLyM$IaOdx5V=+SQ^esL#9>3cI6mGq~sGTb4)YZ3A(X zXKFX|1SB-uBxrpHRv>%tZ=zOcBW!w=mB)KfG+Lx)yFR=kY37{F$QYsqIs;@=qsX=u z2bfO)QgLW(CABJe;gyC z)MenunENnUmAmjVm3GQMb}euqDhmK8W~D$t-Iu{6jfKF9+v~cOs)nSa>J(q8@b=5! zm3?Vw-IQfZU(5H$1QP1%+$=2ePoIjWU0Idd+CJCPVj{o*U*s<0Yv3KqplN+PLosNFY)I#LJz!!ptk6b$jnBB zkWeXz65*2DcWwtsh{ZR8^FdrpO#3?|8b6TxyKId20k5I66R_zI5crUwnevtks9HiM z{c-c&XG)JB?*iq`P#0Vi`v(V&o0Sz60qPF`1)r`rQAj2~b$B___iI#Jtr1_RQZn=R zYjA^aS6o7j9Ne7*qY9RaD!r~ zRlrL3qH8B_k68yb&Pvq~v5ADv`Gx3$AW%#d;0LQ1`- zfCnHpBcH;}1=%JL=Adr@8VesFQm7n>p-8LhN`{|p3-|>E1w_%(^Ft)QAEHbjSnA8K%W@^jwWC#d3nD3 z3ffe_M2Z;o?yoP7cp5H#I5*LttHIH8mA5_syF#caz;DXQ!2wuH2u|q31JM;EC&@ia zaBz8uvobS*y3N7P4x!cQd+Rkv$Ahbv%7720;ShLO!Bzz64djVh#@t2ee+w&f95sse z42!o+=TyR9Y}$xWLLW>eMtQ;i22xUuY?I}t3U@JZy-`qfBLLP zyw)&jzxgTov&1bKQ^ZD{gNX{T1aCTmoq+fLa^F>{G^vy-?W!?IHhHn9ALy)5#&GQ> z1qx6Age zvI0;!zUmcOu7z;sbhuU}j>)DCuqcMs-Li5Y&8Jm1p*1$c-S`O(H*Nqz0`p7YNSs6d zmjt6{?t&LrKFEdvxYW7esp@oKzq~0n+xbaW%Dq)G-z%R{-PhVtl?Q2m-(`7aw&>?a z-ec+fT6U*Yb392vsc*ZJX?jUxqave--wgo_TqVwr;V0YvrzVhPyc2R}1&Tf(FoW?h zLI(^@;Wb+57L!l#y^*6qHbb}|A$KDhX|dv`5@UD;SQ;~@lkVFd4Q0Uy(D?IS`S zC??$#8_#Rgb`s+l&aB5E1p&PUv|nC2J0I=ulku5`xiA_(!PZ*~pfSE7;~BV{gQ#a@ z*V)Z%Q^aN+sMks9ht`aRX&4HPx$E#qc2;7Vo@kQ$ex)r&DpLka$f%;7?@cm2tlEG`B$e_Gu|6MpXO3#F9(eUvh!Na&9DYSdNBNC~O zszM(=gns&@IqkS$VDQIrzHK!g!LE=dX5G7w^b?Fs*(F;!?SCB;u;-3o~D z!wz39oapuM%;C)c`r2+YE%2IvI6+5G&v?7y78(CqDrAVf2i$hdF7>S|>_d}ol87gV zSk6vb(=#({|i>(YIXu-++eBSzkmBh zZERQq=X=7Lo$vF~`<|FcHzC)4wa%#j!ne>@+GzDO)zQ`lyF0!oz^nwz)B6zAgoQPy zzK&U94@!GU;$meZHND;tqDu6V-Ypfdf{H=_S|fwe^p;$|o-xDM@%~M){?nXwp6Bgd zG;^LE(Ntj!O2L~l!0R{>ISVE@wd`>uI;{;6(1} zcYXLZ+}@uat-??FQ}Ql0R+9Ke#clB_xYp#Rgpkvqt09EgZh*N z?Ny}#wE)V+WM!>>F1I2+-jOz>ZEX55o0ORN z@_0)JCy);c-E|u(Z+q9-YG?YH$f}jE{X7g13=P>kwZUG-{m*Inay-byz*%Xc`2dKx zU_TAskR^+$YT=oUECp~}F?O=&!aiN+vB#`AZJ)vk|FXmMua@VeQv9PMvd7_={=)$z zn6J;?)}<|{Du>Cx+bbh{q;Yu}MKR>(b!IL4J5M$IwvR$0E?Gz(3%b7@7Y;eob~KRr zfPDbTKnl0jJ&ojJ6i-HV5o%O-!m0Jvc~^ zTEFKrQ?|BdXKPX)-eQrjzed81qK>n)hf#FTPm)(ulM(k>l3;0OUT+16BG^pii?cbU zrBBaau5C&#mIldNNQa>q956ri5Zg`tqE&XW`!Jr=IahG=E?nO&56VF4Yxt0PcA zKZXi%4v7juQy*&A}A*^s*u1at;gkbKr{91MA;67(6l(s1; z%#i2YX-I)d)Av&8>(KPkPu2(i>`H}qKi zjyts%=>iOG+t)`@Wp#DK$v=Vv=%3$Kq)$B#(a%m0pQ#9lr+yZMV?*2HWZKWq51d7z z@P*#D!tP4qSxZpMb5FycYdBf!Ay7;j^?!}j)YCg}L!*Xa4#to}fRpvr;2uZ}z=#+q z=Ls<}yr6CZeI!&hU{0+lcYRo9*PeheRiNm6p#^6%!9Wff|DL%)+X^tm>Tcdd{giSG z8{1~ID9IA_j^Gg|frJNOM-WIa?osnBFFLAOYcDZUK4^NlIkibfB5U`MrE`4@)^fK+ zvVZ>VLdORIcp=_Mpj{hIBx}Ac5g~H=az>;j=5l47i_2Xvn=ODqn&(S!IV4OBzqUbf z3OD7|$R2R^0OKNXGrj~0E{q>C_)!8b{N4-gS0dLF?pAlZtUOeXp8d4FF{N)|QrT$P zluM%_0Ipf;|6SD+kY0ed$Hkunq!8@F6y2A$`=|M*nrLETj#Q;>G9}NYo%r8Bh$S+3 zxFL}tP6I~0NZg?ITlZo#W)xxj^*Qj%2eZWEx!KLJsob^~Y6M53D*fK<08}DD)d#Md zu)(wLQCy9f&{>x~7-5kYW#Yam_1$_9N4(WFOi=2R1(uAd^;T09uKm61Q$-fjg^3|( zchIW22qegjioWGOzU6fkFYWIB6el+(2*1Ah*9Q;xvWq~D%lisr?QIzik&15y_7?0` z^LTl2i3300`*R^YI%YM;#Mm7Y6vV>8;q2gG$;~#mfadI3#8FpftQg4S)CF8B77wvW z9~8{Hpos-W{ez~L%yKuvGvkbzOm|u%&|J%~XA+Dow#lm?dt$hHm`ViuwX|0T7oNUi zm)0E%xH!z8+uJ$#s~jsAz0OiI(|QKQ6_A9KlChpOBxKFl+p5Xc)a)Gx)Czif;Sr%y zQU*y~HZz#;5ml<3g7>McU5mU1VG@PTnNUm2?(G%Fi-Uu|kF^pYdhOaZ2*4NM-3{f= zSH-21Pvf}w`1^naLsJv(YslE47y_m`sO$Jo)4@EcyqqU-zy@pq!Q}+}`9L&v_rbd#hF*?aZ=EhZ!VCA))&8F25vGL0xz0{jwO$qF7tlibsXlN zR)e)q;MY=`h)s@5gi25E>I!D&wZtD3jX;922I(PS zn*zsT<1Rn@x_l~pg!Jq8mXY-!AH%Tj(gv4ljDO~0FVH~3@gD7 zn90g_ncfdq=|a;EwDCtxQmdJ9%Lvac|&;bG;RTl248 zZBE{$Q+342jp|qzF&i2$ZH{R)99vVOYSBkF7|v2pv>037Tv?W5*T=y@gV@lEOCcIo zz$$JTRt-l?A_$Chd|Pf$)~T?_Ji)pXg8Y;x0eB+IwNR`zfshF-eLOYuv&ZV)Q=>L;{MAqrY2p|BLI5EwwHA9sL3YWbx@l_h-beZp$MiWTqqh~M-pGYN ze5<~?u-xlI?rjAHLyhiyn?HQ!iK^zt-9K+X2&cR+t-6a}Um$JqPW*;L8)V8nK_exK*fDSY z+wthfL0OFbwg-Rjm$2F3z15AcKYlstT^%~3E5>W8$h6|dQ^bhB;L7IiwW5zznR$(P zx92=XyCWYxrwYLC7)rf-PAv*k1Z4-py0%=>1gx}tV;=`nQ{3g_pAj>>oX$6!xoc%* zXL^gKi6PbPsH28D;9j6HNB@RJeunhNJ0WV=WC&HVTteOARt%&D1hK^v*o0)jcu9w} z000Eglhgg|6Vjxm8!2yXO+&-sKilM@zdAqZ2LafauP$e`0u-Or2L#y8ev^4ga{ff+3d9l6_c|wIWGt&GS!x4ci7RLb7`I?>7&9lWqnT9R z42cq}YCMqskoqs5l$2%(oT0$#-4%+Iw#Y1a*FNoS3eWWFqh`%{#T)fQGFe9=3{uwT zoQ*Gk?RP))#SpZ!rN{qyGoOOTXeU+J;fD5UZcs)P`uXQGL04GF)1Qw>NNHIMBA{mw zEH`_N$e0ruJ6+~Ain#ux7NyF&5_E%$W&)@8U{P*ey|BQ(@z-<@m0vZbvZbNYYhRHr zKIyO+=dpM9!>tt?I?zNHicdeDlTwS>yp(r{@L2^8;@19 zjU624wl`R+k7`19^4fUD3C#Bgxes|JAu=<>TC46d_bFmW%)G+gKw#F0^f)?47UJA&};v?5eM;;~|E* zeg6RS6%Zl;`D=0gi7XBrC;+GS0KA25VF6_QE8@PRBa9LOivvr`f<@nqD&1{G>^Ahf z0YC95>LNBbs8WmgZ8C8C|Az9Gx+h$Q#tgCLv)?}3^`#1*_e7Y~5>rMD-Aen@dd=*- z`slO%Ideolm%8tkF&8q2e`*rtnh24!>g5OXFlXoxfR8@RxfuQS4eUQxfVKq|7f|E@ zWDVk5K=w{yB$iAB#V_z4xb_7=YM6NelTIhW?*G-ROOV({TVw-#4^(U*v#1^BW>o2z zT3f^OPL>@9ie1z3VZ5PhKdOG67$f5yNoZI2c7=Tv7+UVAJ_lD0a++qA2kO3I#_Y%( zlzMF0ECqL^5k*y1{4nGQ#H&aUBW4?3LN9IrhG%kcY#)6Vi@i!D0S~j?0q7_^6bS~f zt-_R9=s|xsVA($Umo&k6b&>AZr~`Yg&&1!Xtv-NR82cH^jTxQ<-n%seMsV9H9i>ny z3AwNQBK*<+=hsJ9JdUS}gQUHQ@e=StM@L9PGxNR@gqK6j3|)?{d55~I_6xw-0Om98 z;p-Q@s63^UzWFc3!GyBE$^YM-9OrKC9&YuQC?iJPv4b%2f4Y;{rj}9uThi$tDp$U4 zI5<_F>S$)NN`K8@+0e^04>JLfSyz|!BH{BY@WbFQ5!{gdCHg`IY>D)<=NuJt0zxwB z27nV*`b=l_0Uu8#n!89xrOlU|#RY*7Q%(Y(a1sR+@)?uz@fQ}tl`g?t_^aD9Y%gKq^Q($_c#HFtZ)dE@^5Qp{OgKO{(rR%jnrBdl+HddA|{&XZsX%iFH<*?ws)9O+m@ zhnAN;26o?-*9y4o11!#~vcs)}tOo(102SW%wd<(by1D@Y0U=VESDp>f-~k4qySqDd z=YTT+vmBvF5(9P-G$*cs1tBqLpui0R{y;+y`e!C`F(3E1<~vRA-5wm4s?4*@Uo*TO z!9b~c5>ypqoD;yLMr87N=H*|- z3G|Su!ukyS6I{}BU2lV-|1Y5U!ZbDL4z>F=9`+q!iAia@ap_2>Ld<6+23JomR0nOK3!h9{gbEmh<@_b+>+xF&SUb4 zp>dj7Q|soS(1!AvTi!VKDsAZG(gW2@MfIepo{oPuG({=@*ucn-00(cyMb!R&By19 z#Y2P_Oy}c+K~Ib?pE>#a##I7LViIezAH(dQUR*;#8F@7?e6%{`DbzlAZn2^2_r!17rFSf?M z$QynLLCa~n;;yHP{SnSYV5l7<#5Ox(Q@Y=?7=u%TBA9AbRmI&$e&&m6YhAjqEH@52 zqbVrEDTMeGG~&Ns+fpY!tmR>`%qwi19w$0R6nQ5Aov%EwGr`J(|VBP*~iyjXRULi zw+H?K-R|5m{82@+7{2YETvgr_FjLFp#Bu}K`in~C^1=V5o__87k}ggIT_jcx4w$E| znJr^zQ}fh@?^n`eVi6m&$%rmf;7+Ll-NEp@==bbfw=BtnOXCX*-C|A2Cr6bV zPjq$Md5^N~;z~bhrQpm6vEOTX4d%si$BNjaZmkGz)Kz*hk~Vgn$F^k6D!m30h0q26 z@$|^lI&t=3l|+~b`I_la5vf7Od%6H@qYvm#scQ}ZQpCU;i9P-_qkq0w;M>*m3wfvM z|qhXo08k% z<-p1Uou5v%#pI8##8ape45OT}C5#WsE1h!+haY=) zKnrh8XoNtAKw2)7M~nU~X>ylh=!^BkyHnzep`B!cYYtB9%UU*9l!K}~RXEF-GG#nr zk>7irpP3aZ-8b)&phZ%47I^&)ASoAw2X;&n+2COI>>W;{EAA$0ib)}?=HF1lFhWxJ zBJ3#q)zKek-OmfSKZD3nRPbJRcLf0e;~vOcE7$vKgqk8~=r zFuoH#)$T)`Nnf&K!L%R493EiBZ zJmcM*Mn`0-lbCx$-6(FKv;1Bh3uPpD{Pu5xI$A^cfNbnzf)KtM@)!5c938m`iA#UYUtZLjhS&E@ypCmF*ujyo zKeeZq7mfU7GU(4t+)TB1RP(rI;w4xfn=vWA1=sCFK-^7?YdqBcWG~f3xIAlcx^$W( z&t;L{940Azj{T!DNHN%HwXY8Ck*ptFyIB_zA>IUD%qJ19WI0|3$0ezHJ{GuZHq^| zY4gRQY>%YYhgKqZ-%UIavdD(z=lnqP0faAfboIikwqDX$klnfh=6+Rd=v4TnE?hi` z&+A_krbk-2WSg2Y{3VD1GPMYt5rg)E0*{#*xjMrmONZ|u=`^+}YixX%ue`mnp{t@o zbN&N$UbyZ$dn2`QZD$f$!1lNNY$VK9#lfvNRG;^($v0A)RH)$AFXBUZOf`Fr^i~WP zFkgkue`uFP_!*aOmqK<1PyyKd7W!?IT#bisNF=5pr>8>jL7LxPOzVZEL}7wqe(-v_v&Q)cW_pg?H`6Cgm{uDlFVQ-Ou0qWR&DKi6DRAIBto z`w5Sz%NvC|^1is)Tg?m>R>ZRx zUxn*FWJ4&l={EIR+wI1G#Cql^X zx!c2s;pAHvPt&)KtctYXD5v65;jEwK14RYgtL%?9G+|yRcp_iTkAk+SHBRb-uL5<9 zfW)T=KOz0^<&P%;tWu51{IA3qg*^J*8nHvoZbqc$s0$lR>w}XqcWUBeTfn*ZSq-PH^EZvChe268^k5&%yMg z84Qhq&VmFk8gwg~sa@E{jz({5D?-uE)9h4nlTNqFI)j@7f9yL6Te%jI zGY<1=e|#s$Q-;zBZO*t(>(PzT4{wxoDR9i%d{A!Qya}>DFc+eNk#tZ*ruX)0DoVQ8 z<}<-=xY*kbint>?9eLirqridbU-vle0)`UBg>S2YUg2Sf5xX=5;U`%^8T%pPQ>Fve z6Dw<`KPwBQk{#X#WU@Gqe5-B;Z3haBJ^iHyoND3o1L4wAuJ-neg93jPp_eiZE@icW zsgzsWhIY5eQvx2dHhG`B18S<659kaNbbXTURQ%E^)_A8PYBJvpzrhI``_a~XsgJLp zniP!@FVoXjI&6y^ZcR0=0)3VuT=aHg_F*Mi?nQg_C_BRiA~N08=EC1WQgmKkUJ|m- z&eahSzhBiY9xN>Tot^MllfXQ15m^@L|4}SA-WOh1pdUY0G&|Hr0iuFyd@j!0LA-CEFwQXPk+jR}>Wpj#B3Avrm%p|SI8^%`@RQMLqHtq2F?l{xl$C4!`&l*I|_wCOX3f7}xuV!E9 zn{8_R*`vK}5NvhM&m$nfEoj!vBw_exu?xgF3oTau3W=E>FGW0qCJI+}zrsWhaPtG* z5y+3Id5vYET9##qX}RyLemul+#T&KdyX)9G?Zfdoqv+s(^(jjj4DBuU`aRzJg;W2v z|En6~__(+-AsM$aP(KP?N%giKX?`nty+39o_cx{*nM0yA7bg80q*ZHc>zX%jEWrR+ zz|hl=HieavjEuknezSA{6QlD^#n+my5JL1@fz6_KZ99)P_fO`aFa*<$!8Ea!`g(Bc znE?JB^paE#AB`dv?S4}O)bL;F(0k_sxd*KC-7f3=#xug9Nn~XF56zI}-z0F`=GGsy z^GgG?Vb`a-@wj?1k^O$>66MC+1GnAh60(DFcR&^Y?$ou1ur1 z8gTE$@dhvN8r8%y-}*D-sz8U)}C+aiZK?7VfX!RKVBqnZisGgM;CvWs$+Lr z{EqptM0cdvaPbT+mEEhUk{Pk{IDPG2`2hg+kzkNZzr5A{{TDuKYq&Up6!$Yjc9^)| z?3sIden)5?K0>E8-c4;n?>tl=)10K2R!x>uUoGF69Rn6_qY0+n4@D%R^Rw%{mz!LD z9$=~!#=%isWMCfD>_y9YQ132)$rca>z!M`A6Ame_)OF0=GU?_%j%u@iXK#%t;T%92 zhtqgGnCv_>Q9ZHLqsCh^ptOCUE#E(`Lj3~I{NUE7O*W%EET>}V0R=F1Yp?wJ1z6oNCwKc=BdT!ULn{~1Fw^l|Jl3V$@~Ee>x&MLvG&uaAQ5nbSpfj-kUez`Bn56HdkW@(R%FDgCB=V!tNT`rB;nb0p8@8&bMl8uX=1W zuaRzOq-T&N@T$vfsJaN&C}eb#gnsS;s?9)0ncd};J}Nk=dl{gxn)uaYJdUIX}aLc0feusfjT0DDT1b8xb$ckOn< zUF=|Wt!Mh+4dXTMt;B`>#7G%Ug(5>H(_`^SGuImInJ<>Hv;Gn$*4BvfAIG-nuUqOS0y$(uU$&UakxQ$?zkmC^*i{faSvTXYE|p!e)Y<+}QUrjIqIT+enR zq+BC5KO=xlI-Syn;z7Mf+>=DKPSm{gm-WwNRSBwCx??IB3q`j|NO-H7_9EyQ_yofC zFU7(O613AIf0koDlUF74qv?8zFv(DvCZGABq7e3>9~!C1Z(i#R0}H?Y)Cg)C`73c+ zX1X*_!Xbywk)c;t)Ci0s0J~X`gn-8o_+o-!(n{j_qYnl6=p|ReA8qr0gg;$V0@=Em z1S#b@)V~|bg>Qx^3$cDw$xDVyFHf{v$PIrW(YK@R;#|d~%TFj&e2T>=Z~WTuRqgaJ z)QElkX~jlX7_3WhupESbi1vz#iV@Uea{!S7LA7G~4O2AqGAnNP4-~W2|89MRzQD__ zo=u5DjG5Tg3seL$I!V1cZig?ZxxgI z^Sc!S+ylrT+1=RNUa<@94~-Kn1RY z-_{F-mgSL6>79yQdp&d4IRzn-TBApKMxN91k67#cq&*sLMhY2{;Ez$ z`6e~mC1^&ZRgv!bmAylG>Q*q&A90IJ3O&hbDZqOyC*1vbh!TqeJp=biY5R!kovZQN zzyEP`W9Q)L=;(NK87rrsmi8IMuz>a)%eBH&Zgyl1lo1jv8-GD$zmS#S94pfb4?zbU}ec`m>j0!z23i!-`q6UBD@ijsUef{qkMTL zrb}fbgm!6`t?}SrfODtTYZL(`TY-nM)!LW_j9U9`c3VpoTm%JPhz0^6Nvm9lOajVm z|8N498T<+p!KxU_$u~#4<*U_;pDqk)qR@%E*)>MF|5n@Sprlxy{m)nFu{P2tKYJSnJ*p4y(AjV}unF-u7!@ zU9KxzVeA@%Wk2T4Yk_?BpOO<`e5%JiXLU~ptNRI0+cubNW#}r}b}YFFEKea*(vB=I zDCDug-*pN!C2RmWNxpK?zx_>9n$<|R%bhRb<>T)`R53(1 z%&Vq`C;7K_+zu^I-%DT*2zi1NZ#i5shSLsv$g)kqfZF!#?ECShIu3G8_m zT~RzRBnJCVW7d6m_XR_J93yUcQbDyrwZhLFSGB%@)%BF4>%O|Mo^o~5`tH|i2>x0| z?AQPpGhJc%H4)PVrCBWprKzB?trXzCTBSKhT~b7O1!HJN0$f^51al)_6tVjc()x-? z>*$|HAff%vI_eUxtskSczCBB?Z%1@sO6J~~PQZ2R#F*cB5K*jQL#>m37{@~a+A?qlj7)^V2R(m*Ayu(ou| zUcux1s7YA>eRnT6;>)C#>Ze|x>Yq5r%7gRckv&Y@X6!c6(`?ku3{c_j9(@PfyMo|N z0^TOU-p7fr5O!P@+1{)AiS#+ALiZ5;%OB_puDk^^-||CiUs) zq;%ZEG)y|6U{!o;h>W>E5az|>rhxr=xegMAM?wM`xy!ibCfWkky3=-yuRq6%auphVKcNXO zN6(BNn<5F#k6}+H;tSx9K-*pO$VEj}<<&_c{4jEDh+Z(M4|68*LpDyO7?|2K01ib>F6l=UHz%R5A^<2873=YT)w4ujn8tJwA-2>t``GT~_^fX@}hF%f7LzRB3D_r@{nxZ@)dV z9TOgA+>@NTmFlPb%u}Hts?QiQ%1oAEsrFU2qsK*C){U2<`v-XVKB>afbLkk+&%9zJ zudSVKP4mT@65M5}Wtcj;tP3gZB+h+yXtkN!rxqLecrK;+;(y;Fs8tiQ`8+;gq!##mdJw@lg zeS4S55-poO_^W<0KSSs!K%C9DjW!@#n&=_Fsrw%a%+~2hG0u9&-1*~ej^BrdmY=Hl zT|FdOyH*AaY&8WmwX`^&eY6LgbOLE?ihJCgoXXqvvF{F6OFb`u{^OOINj4Me7pLgr z+7*)75m@Xhg2bh$_(!XxXjX-vxQ=q9{7-z6YA7<5E0?}RxZC~uOM7s%1HXHq}h>Z(>wA1JXjDnG(Q#CcsA>+d!*PzX}pI^MlKJBY9oH1<@ zRM>Vlvg=ZQ{PrSvmDxjP+tBtUEDsti4@%C}E`8NgCX@r~^FtZi$*|$D7mtmqG^j^? zxV%X~H;^_=NK{^}>+Jh=XJq!Zjt-8MfjQ?gb>DYPlIihn=&XhTch>3bBV50C-eNsQjS30xu6|85+Ac+gRpsUsy08EXr?uVi&!s4>pDC~QJZhA_ zGFcmWderaP7q+cx3(e#|jEJTk?jQCHqP2+r&q5pIGKA(>kxJ?wwFy6b_%H-*_uI3| zA13l4!SV5zlf_EOf~yW`-?EG=B=PXdAGp8OZ(`m3a`CIQMX0WUtp%O3+FNLntd+H> z|BLM)&CqLOP_o1f-ObP&%Z$yS}m9_m1cNIQ9>Z zdn;>QG3OlP9B1^~5y>&?AxYwxZ2Gh{M^@Owy=Wv;W@t{}Re1QWPBffWKAI)Ti<{H< zC1!clT`Cg=Ju?EC&zVQOB<{?Q?@q!;tWwqwDv0pcdz`z@bw;{~pA~2+DrTx2)|z%) zZ@Lh08e}nb`s}+}C~r6`f^sM0{p}Wp#mWNYLz)-Eq^2vcveAXx-`(esZlw>fwrC7am$pm_%ZCny<`L3Jv|VR2^9zisJK9j)CH!F-*Yw4r*kD+TMk8rKdFm(Fs^YG< zwnoe5|2lN7PrDa&3}lW?k?xVP!5sTQhQ8;9vvM)&SC8)a`{}c%p-<;$wKvGtMtC`& z;LzZel+0wbD|*_%!Wt0tZM0;uaNgc*RvwMlto`R%xOj6?xEq$vvvd4x5Z#=FU|-#; z@Gw!H)bs+IqnYLwa75S9equH41%z6vEBzE(QtxwK+l$xoL8$i$B9{29<6b-IH~|g| zl4${w;j2@xkSdyO*T8qYfr&whDw83P^A0CYAwBUFU`#k5A)W_G;eme&?Kcw{*_GuG zzgO$q!(0bCpwiBK!A2KEv!Q8MzH_n>mi9w~RctQPU#7H34iz-GifRwWupO6{^LKrbdzR#s~n+DOP;Z7p2wD{*XsZRPI=w1{Jm>sK}< zySU4*-dHGN;3~yT|HLI>#)NQ7~_OAOT zoRzShikyWT_nz!kHJzzW<)#5^0vscCD{aVA`lcal6Ff%&Kq_yLk1bIjd6KefNA!y% z%!0;s`p>w{a?jck7R`%|-U-|px8}XW293eN*>%0lAITK+BQ(f`Oa}pEQDh->6t_@< zN_01(n6p2Sw~C1J=kU79yAc=u^q30qdbj{7cpFXM&gMbiL!Dj10fv8mw-775hkEU5fKN{+Q^-Yp znaoW)oJoFVI8rVZ>S&`AeiJ|AIGZIEr+MVW#)#Z2kKhC)AtW2({Jx~cgyV?@{ z5m!|GF)rs5$R;5>2q;mY@{t>NS2zD>Ba43fO?M^(HZoE2R`!zPM-~>c>XFi*_iwzc z?RBuinOcFov1DHt$7|#M8wctiSu-l+)_DBXQ%Rn_J#V{r&uN{Eo!t+q@v+hAkEmg) zhsv6G=5Qiqtit2qKs*lo*Mj{|p49BFWv7feZ-`h-i&t*N#-ZEUDP&fAkb9mMdsfw| zKU!&fT=pa@L)USc$KvV|U0yspGZPI1L&A0YD-fF?x&;pMx#ub0T~Cg8X8RFx{KC$z77D;NKYCy_o=Y&vnd(Q>=JV0&8p%12#ruuUak!FlUKWg z(=hNzHLt81g(Oyt2f8qB_1zQKF;G{bz5D+ZL=#(&86wLe;U0W}LHGzBVt>3)oK7zn zkIEkQI1`FI3wWM%y_+ZnLWMuO2sVssj~rT#Xs9~F8KcVcaY=U~2HtIYQ&)$cB$$n{ zXlq~UR|$|kO}lIs9cz1L?4BH>NHoxGO!F2KX%@5SJ{pF*>Bo8vUtj6TIY*&{xE%Cw z*!dJQ=>t@yZZUpRf1&syRwcq{ml;z^E8wQ7y>^uB;EQ&(soZ9}A0&GMwlVd2@MZw- ztEBcJn$T^Vq6oeqsTzDgN4ce2uBF#M=uQ$-=DApH@8*dD+GVGgPEk#ZT!<43Z!*ba z)Sp7+s-b8%luJ{GU2v=&t<(-)oy;V|mH``wAOnLGOLR%eL$qqds`Q1G@)Y$m?g-LT zV(kUSl*t}mrT;k+-o>w@GLW9F3%2dfR1?k@wPszG%%-~L+2~p| z)ztCvIH1&AE=v$e%i;qITA-@ExW>W$kkiIC z@;#FBkJ=6?K?M%Hs&am)u)pK+GVwx9D1}aJYX3M&c23ANr&_~T2|!4YSh)WAcAb*) z1B9#C^SEZqbsV<1Oyf2>2JM7zu&cAFvyz5cTtnpztih)Clr9U%VYL}Y*U(^M`IGGO zrnX%wKe+6jz8)2FVdyWCLej&>m~`tZ2{BRZLeYQw3&cf*E0=z?ZC6WF#m%GOHTec^ zIioc78lQ_V{KI-MDomfz@(#qAND>CToYkO7V0F+8_Shs-fb2|IO)FJRy}Arl=>>h zB*TH&0l3u_%6zHs>6nWzD$^M|8ihu>SYcjojyJkoQs!*aeHAJ;G2jo6{HE0RjlF|ijz`J}SyreB^A-?eTZ^?baclmxlJ zh07M7vmQu{R49j$UXRt$)PyLIa)?Sqg5bO0pdc9BX_+RAlHUG!F@2>M8-v7}#u|MM zg~f9(jAZSLl}6)%h3C|tLJTnwrQ(=8H(@CoAN;6*N=uuO-8xOHsK_rbo+9S<3UcPb zuH>H6Dv`N<)T4oMx2l_0Dq<%yW@A6@y49WE(56N(}$y1vKMXrjS1>nvbYp7*JA2K4;CL# z-|AOahKYdC^w{*S(whcC>nuXlKTD5;$ z`oMpS*Z{cA`6Wqdg}hIDsbIC~>l@S^9)eqZiQqp35X9)q{;C_l%_%m1UKbAfoEU3-wD4`|QR0g^zW#rPpK2U6KCYF`m3Z=QY z{2r@fqlN}b2?*C3t#jdi17bCB^_(0SDDAz&mbkthOf35jPk+Z1=}AJuaiKx3sFO~G ziws?&(Zp^Uj^su#J3<=xI&PrW!G^7 z-H1t35g4Z6Y6_Mmz~8t*C8Xy5bfS&cTSdQVN}b`F8fH1(b#h+sMgiwM=)!qT(UFn2 z_xf-O1g_mYG`;FLcBQQjU$GW-#xd>iNiVjW_I|=tkOpcCkUO@t_%xKdJkZqEsswDB zr>Wm5axEpxTR^ualZg;Kw8U@vJdM59u8Y*`b#DI?DDahbcFnFAZqj63WRL#uf$Y@| z-?R%luJ#C8&_Hp$y-fy$A6Kig-yu;7RYBQOjBmEJstmM2$ImtfMiueft_zRn1w5=4(fq}9@g`R3vmN@RSIJ2lqV{fK3XF2EKgC7e6g+7 z>NqU_Rmk2D`*id@R)qK|U}J82V~<4Z6vM-xdt4fp90%vG)f;*JEJDIgs-P*15bkEg zzeYzjOPurcl_j$R6WJZ~m6ewctvho{XrOb!wY0bAt^1&n%qN{H{2@*OA2scIt4BCm zVVv2|p-wWZd<|(|E22vCroG;*!R*XOD`5EG4Z=Gp2dv$Fznd_sD@04Jq7_MO%QG>M zn$Slp3uZK{;yUf_>?o?Lf}dR}a9%#tX(ZOwxx@37l4^l;Hm%y?=6Cx0-|kCa+&fKyB*DG}G`6rOh6782sHsPO&AH2FO}7vuui;0v~f*V@J^!U+|x%W8RTOD-4c zPqQ%bh`YX{OzLLU?8cO%EWY-y4!Sk}H#a-hcxCetQBV*&s_s+okKwQHk|T400BHMJ zv;V`}oa<%9Wu8l=d3-0WTqC6=&wS_tUz6K}X2v%A^RuS#77&JT`v+(f5eviWoLegr z9yLS(psgMPNkvmUf8}LlJYwPSIGUVMj?a2ACetLmytL#33=z=JTpj#20t5g$ireOP zbOH_|3Pj%ziy@e*SF&+I9+}o+SZA0am}c|$grvNTI5RE;2z2R z&p|@bQ5UJmtZ~TIox5m-Slj4_;!u2En^{<3mbi_NIWaj2I%`!UK8RNZ&laG6kWo^S z5?|DzB&r}Rk>sz$=`p2n(J4(W8<;@0bp6jCI{c>>ubF;}a*)JmzGmhuIBrG>xk2qA zX!lE-gR=&!#1+``*(fL*G~##v>^vD6@puW^jFY4T~?;|5IUT4q@esi;$U?@S^HnzFdnK?RG4W z2n*x7ecKC)co6V#8&u;H5J=KagAbKG;s@dXDF-cwaf{#ixi_sj%xzl%YZDiL;x!Kv zPq4d`4!|)s(*d-M#W$=Zw5Pk^o)~Lx`SPJH*9+;y(Age-YiJ%4bRVDCP3BE%>jJFD z%D_-5kGGev^T4g1l!fKCx;pl4qc26p$sKdxS;)=I3^suaAXJ5E9oSbfcDQTPxCcoI z>s0rC#bL_`DGn@jM?xwsBOt>pA)}|qEpN$-xY4c)nO-D8G9Y|~NVc&lz zme90tN2{E&V#CZxA&4J@2L{S3-0OJOmB1pXb4FKY5N1KT~ z-`yDg-cCeXnQsLSIiSh`N+eJ-p&+-Dk?~VuG4<$Mouz{t6j1E4^8%gE*_d=Lq%S$7 z%-q;I1{VzP3*^&D!!D7{H}YQD z+t&bJ3xv|lgk8W!hDsj@vk7BmEY;8w{x6s^^W6&0jR)B#oIx_BE?ZBQrPD#;;|sRx zM9d^1uoHm!f-LQHnK_Wpx>%YNq6xJhOY3Z1dGSPQ5`c4dSG}b^F zCJk$=f!s8KUxHZ!9{lsE#=AZL!_7PCKaWm%}w?ZV}x2E}7y4r1u zpJLmMZB^i0=E09E3a^s}FNxs>X!{*&H>w-U%FE~XPMo|d;c`KsgGj<1j3!@2m9%L2 zYRWkYx1GxIwJ7AFKe{4<9H)<*rH>rt5rs8 zG+JvpVhupS2zDCaq(F-054!}}58L9_sn8bm1%@g{k+{$2g6F?5tS(JLWVUxCUyGby zM8;%XLd6Vbbo!7UsHm}s-P$aOMh>x0&b1qEcn9HO*l}lfA z_8r6IA@dTMl}~1ivzDdHcDOd7fB7#9>Hr?BA!N?f)LtV~6(_5l9;h7qmO^A03Y*Sq zz_xW+xl=M7_;H!q11UQ=?Z)8kuQWNGt>}J z*o(gP@(R4W7kMJ?qrQ3Rr;{p`X-&R9q;?CoArmvqyYMAm@ST$>uNju+eRBes;(2%) z1)vf-#2vmauwnw7M{9xZ^QN4%%d+gtJ<)i%j&&iax{(gQ=hWa<% zG4`(S6BQg#%R-BLQE9^qHQ?cOisv{^g>Wxz@TPwHL+^e!9S#2*-QsN`;}S@{wVKU0HC!HTO>eENSiX2M1!p0o2I?PJ`U@~P6=Eu9LxKkWDW3ONTa!C?1 zB_l{1JFR^@@`YU+#<5cAYQ4l??(j%stpF{1i|PpMKsH90#oAG#4K{u@<|7tSelXB%6MbBoSJn^X6O8qUOBjzUL9&>yNk$V5dB?#upS zpl-D@-gHj5u+h*r=?Q;bK(Na2>d0FwHa2NfcN~P1fPG`Xfipi@^azduirc!HGS^XK z?%xL+<5EdyoI6gRc-#fh)G8~7THhJ0n}ekV5;%glw)I@*gCP!BFCamO zAXJwd;QeQ^-fi&vclfX1$D6BZWo{l1Io7dC;3@ZFs$MbW&g*@P(>+;BG z>pyD*NhMLQFV~3d@fsm3h82|p04%^I-Z9WY-w!Jvbf>`hNB_FC2eGfErKPYJfeXTt z1YTYpa1LT)WmDD{7PRJOU}IQtYXv7%*pi{aR>YpZE{Sho$;nG%&ivTP*~&uAmt6WD z7XZp|kjcm(;sXcZr~~R8PzR}n(^aQclT?|p7FzHRZ%_5yZ@;~s=k?JSCX1H5?TD`e ztaZrH-c5lE^YQV4L|Slp7TJ!XEwC>=Pld{;qJsa;Tt@^3Dk^yE<${ZWfj1?pA0jMWfsJZyy;fSvm#e9F@iZ)Y0ppsPxj7hwS-_l9KAb91+*71#`WjrWHC(RH zN>pYl^fs&AWE666kMF`gMs$aCs3%{uk)4#41%RPcMADu z*VjKrMoPMnrLlsA^&q%pHa9mJBrxXuw(tP@ zW<)01E7~U(G!MaXzO%2d4~!ar{}$xn2ocxS))ufFU;-ad&=Lbic+v%H%l7w|WS|Lt zkL6flgkqilGDvxfg9)>>{qyCC?Ju&AVEdac>T+s3J>~NgrQbyuB}! zKCi7&4yU-{G9d7dJc41T^7yEr~Y*{SX32m;GKtJh2M-kgjY%09Jem!;n!~y+xH*kZ&aI3^+i{?jM zZbPSkwNPzw!<)XUM8U0A#)bxw1lGD!q_xTt> z&UCueO<3F>;zmq_yy9%7;(yQKu#n2A7`>C{XkwohB$92&=FKfF+kfBHOP+!_Kef)Y zB^|T>pq{oDgey7V>_u$HN`+vyLL@)H0jZcsf;B4&q(ZG0GVcTKkeRd z<45-2-=8njs6vM}G11%6f$YbK zqcn`tGBD_FZrHc~Tbi&?=-i9*QuhisX4G7op*DPRk3I5fHyMD=J-8ha(&EOY5~p}= zY6LPI#Xe_-_S%OK&IYYD_R}PE?kPejPe=((SIW_s$OK;Tqi=EQJCoL)%FRyH0D4+k zsi5MQx!~PM^zU)S@Ytwzco~^8?K?zeV-fgGS0u~~hmwi5elSB34pxy}S3=Tw65EALSYJrf=1 z*f0|KY+YBwkY;3LpuT~g z>b&|s-Afl2$VL(J>_SBMFf!UrR2$pa7-(uT87Z+u3kwN><|VnrUWtLc^>k?T_0YF( zW)Ob>YS!YC5@GQ6$j?*QlY@TfoUg!)feNhtt_yk+N7OO`Ld=~4e{$8UiIa5iqj0qNy+`JP@H zx@$OT+YY?|B2_E6^%|YA8kyMfy4d(gcnO&PX2?sYMmt2gw;k5%xc0TRGcz+~8r6A? zO%X`qpFU_ZEqLCO1P&hvFu`t%O(P3ZCnLpQJbw?sXk*HD$Wf0_zBSEr-_xTP6<2Wl@ zTCHOm()a0eaa`A6G4a&# z`O-9a&6l*H5EKWM*KE)GR8~pj`=$NdTG9n}L`D-X5K7LE?KwC&PLDs`b6=hV;1OU2 zfUn||GWoyYVqu9mEUG}=4R|)Z=fcxKzW#y3$R&w=Be)P#+>*WOQgkJ>c=d55Rf+ zjq?i&!vIo%m!TnmOhY;9dZV9M6x#9gn6Rvu!C=zLYBfVKnvA^uvvW2&+JBFx;*p7v zOvkkFe}4DNuK&kPM; zlZ&6;tO3DvdT)tUzML63f{mGtyde$p1NMpQJ~N@S9lD@J*{a{`1wEFPHybPKGOYB| zU9hhR6En?`OD`4x=Ap$Dyg&bjhbNwSIU%i!bqwUv_YX&6x%kitWfn^DY)lyn<{l+- z>cRLjpF>N#y*l^DIoNErz_lRSv*~|8`3z9`?@xOQrnR9qeZy zG$jvgkK;AtQP-9B^>rD62IzlJqy)o{qkj*@XvCc=5Ba8xp0553XHvv{A9`RTUAW3Zx5^lixBefF}>J9QmFn z@IHSt;q^WHncg1FYsRLo>swf8>)|1G&((ZussVQLk>c4Gu0kP*9Z>ErUcKFptw1Tc zL0mJLvP;1Izu(F6?No=Zk>|niLx~HfD@!-G69_GbtR;v&aa`;sZv!vxDA)rKF=Pw( zUS&s`;fyN7mp9$+T}nBM=@O8GLLlKl|M#!|plzSnaN2c6_)uT}E;P(&Nv6XzOzq(P z1;768^X>$YYimnXJFX1C1%Nkr0nFwAvxkLpU`RtwzOuIVAu+M*QnhA~j4y!dU&~`W z=w@zKR`i=!bnET7Vdz^H41|%-c|_l!bUj_yiO&TZVO3FPXC|JjLXfn z1T0O&Ws_5aA-W5?l#*8qN+9*8hZzJJ&zmnd098E$@#4n%x`^X4J~j1&6q{$y`0fA5 zKuq4o`X_$$6yA9jb=_nIznPiEg$4UBUy^Q2{Zz9qzadSAW_683EtTwXG<<`#f8L&2 zxd_t&1T7dh;MDy#rNTog%BduI~s!N~+QH3|cD~g$A}qm7cP<4{YLF zJepO-_q#DLN0wjtuQuIuuIXxrod^pOCXm)g%K(h|J~cH3%4dj9fwEt3l4T7?$h6Zl zy%=6;$oU5Iap=r+7$P~18pY`7=p-akJ{KY({g=q(zlhC8Xlm(#c^9#yqy)(|L!a5& zf@?ENtkOzKTucneS>gWbagzL?bvZdZ(|O2E!7klH_Ua>R0U**8zAg#GKJR;%&ru%= z7)LMW1H8F?;sHGHt~E_3<@mw;OV@IS#mZ8-(*%Wr7O0h572H%wFan<3N_^pU4ss~I{^kPSP|5|PzQa7!}lXWsK8T{H(I)}cn?z2cTPND z?iQR55XxAHMJ5-?-wXI{X-&qj;X=!AH57nLIWLh6N@sw}0krx8SyINvJNqjd!Rg?a zdOG`#7R<$0p`ZaJ0>Y*+#m>^w4FX7ds+uv8vOF#?dy}E(-*Rw~SX??9UrL#d2yu5h z`l7I7>?wQkW?ze1704^qlKPibg6nBPIn<{Gk4;$Q#KJu?^9!)P@UDnC0%%{A4 zh9j&@^xT}02j7G@>p^S05xYoPbF=7rkX$*E581bgHbdO_fnuhRGy49&ORwSUXV&La zNIEC&Vl+s$lZJxB$0|w=4%iwR*mjfbD#~YTKR^;alEd4(d0 zo)Vy@l|cs}P2|A>#1p_Mxm1)nRFvJFwmz+I=%2)^Y^*Q4{(!H`At*@Gv{=^lABDp5 z;Je|iH?l=f(qyrbTu-9fmUIcPgL&v^*-Hm$rC^{xumwZYI+!jS0^lg1dl2L?lB;p6 zQUD8yRVMAu$Ey}2^Ow(g(DNI5AxsknGRX-EWMpJHs}(>afuQ@HzbvKFF-o;r=PKtO zasIQy{f!wHbXp4cz`tMoheCw-MgP#R%Gf4v4sUOysNi5ha&rHw7sOdvBvXwKvWZfd znXmB(+$mcf`3aX$_hNFr&V}@@UAQ-2KxAZsIJKo^|KOK=$8;XLH7wOz5Lf;)d0Q=w38#FY)B)`5VFhJl75oljo}hHe6djgZ0j;B7dGaLY3{2Km2gy^ zva@b3>8kf6pP>~N+NDx{mvfZJ8vUqzefQJWw)X2}-g!FpYOi}FxBYV2ZX5Jl%$F%J zVd3ItV*CiD7IlV~H!iQ;TFL!?Inb+IeC~(qAXM;zBG6$mM|)&{rWr*?=Qnf>K;nuT zCil;@Q@%y@;r+I`5AU?A=~uZ&Z=j@pLU)Bf@F^%>gZTx_=&6KWzRA3P z=P#HU(OR9UD?&5Jm8$A(Sdn6Cf9G%W#dssM8v2{|p+$v$f&r5lI!sT=Po^vQ&n2QM z*xIUwFVPF{Waj*E-u(8Drl+jb%ZmN{oQ{N%J?|~)b*)`!7+`1#BXwmud~g<@2T$(B zvYTV4Ek{^iKv*-ZTiCt;{j*`ISr@!iP(Nm$YY_%zfRY7FBNP-BSBCTBDUP(z|89ET zfCs!QK23~STx_iWRC}?ee;8|7s50cCtgf&70M>QuIHj9gf&gww2@dy@$B%1ZpaxS? z4I+LZCcrd6L`aCo18>IVd=uC1X2L|rMWu!QTs~jtF;*R}-DEBQ-Mfweu7hW^#%0$3 zGJ#l>?_m9{s9uN7V^L!7{VGh>ue$L;Aq{xOy5(~t&U4(-BP@>Jnvk5|Lm7m zSXr#VJ~g1v|K|ioe*>i{{e%b0>}+7DU;f(k7TKzoQe=Zn8Vl&WVn2Kk1!e+7dhDH? zL$203BK@b*)cp1L^5qs3SoXI zU^}Kp6dN7=8OC~)+%NVmMnCs*|1E@ZP~#sgtd9PG2B!9Odu{P3y!a~q+eLimhFK?t!3Vx-H$s1#$tZQ1@ z8*>p)Bz8ysyu}=m88dKwCAo2M9jZ^&AAKc(V?xKo>ZKgHEMX55Tb`_`XNmCVfTfP| zO%@f`%X6@^o&aWp?jpJY#4w`W=HA)Gzkx>2N?McrvxcmV9upi8v2Lq8e0a3KzYeo0 zP(r57HvpFf#stuc2jJ0uY1h7kbw|W@quhG_3!7oKri3b@*Wh7-f?RmwJQz4h0t)(U zvT=m|9pT37x@ts+8`3X%qB%Hx8=6JOOD;4##%MOSW~bzjm(9;{o>H|_f0IPhd1h{2 z1@An7;DAwREZznx4Y;}3J34wCt|z`G?|b;rtM;Cgd!SBdFToYM_uqpE<#PpDNdIlz zB{DufWp#3!diBmn+32xqSJa4sFFhU}UJn?Z{^dS(ScHlPnC>^DV^Bbf@xMl~td9?2 zI=w$KG6G2oFiFoV>H57;l-%e*s1qbQ=2(9<>iHf~)#DHal~8bJEs~YSKQd!f@3aC= zG|&~pXeGosIDUXv8ZavPIzgTrP};N|kIBIM%_OjBcFg5C9D~Nc$=mu!c3QbQ!-6_d zg$`ehh&fV$Vtpp_1b>;osqkdl|LWSz+xRNFK9#2|MK7oEi|Nbdb11A47$Y5_DZf?T za~#TVHcF8@GHL%qi?tZ=OMJ#Z9(C&L!m1`(vWM+K@1xLcIoZ!eoEsbu;kVEZ1Ki_C zi-C5R3fYi3f3>(o`i0`{i@`$asuwjS{`)U)QPjZHLrz8pXnBL3ojK5Fa%dMUk5zD# zRUxK-7Z(>`Wzw}?>I80}2r3ZR)e2X~hcohOf6g*)FP5apB1(Kf^lCI$QVaS~a4dy; z0uxLPr|n)1vE%?t$ZR-OeHpNaBBoX!_&fIaw>V0Wl?cPlb5?nVLz!WPxOuZ5g-0rJD=WbTZL7ZZt55fU+4c=I zD-36kx7FDGYgnky)j*TbH$eJ3j+559TD*yT*Zz^!D-+e1NnP*npasL$U z=o&lSn?zAL@T7QVrDWLfz1znI!qpN)U2b1|-}qO*tyz1{doU8Qi{ejl#h;xd=xPhJ zVkCn`kHZrJUzYm7+FRLs$Tq?52pigl|wL z3p=zoH%l@^YDyp~QgCa7t#le90ssoyodX9S7)vAK(Rv_y%f?0ktTG`(n~>1t*|UQw z_bsj`^{y~m-cN)V%j;;;1!gZm2l@oDGU`JYXGg%4XA3?BniRxeUO@#8BS_e5sl+`J z8s}jO4Tup$SYnfKzI1XzxSWL*{(5o;m^(n?g%`89stOnv0P*Z6B3K~+wSeyfc+x1J zcEZwyeilZ*WLHQ|R6!+y=(SO=QhVF8lY64CS$$fP>!D1cxu>*qLKGptG2J)wWt5PX z7Hl(6zBV`0v#}{=T7wQTAei@acV36CM=*D0Mlg3q86gBsV)f?c>o#FX>I+puY?_UzXt9DuLaZld}=@BMiFYhT|M5N*~cpS1?yLVR_;=Q*TOPM4U< zCnFq1AntRt#^IK%I$R)`xQ8paPb(<}XJ#@}n=&&o!ORRixGn&j0mf4LIJQni2{2xu zdxPm--SZv_aEped)4e@#3PuomP7kb4cXY$Z@_YHA4Lb3-9Lm+;U}wMmq`q@*2Q&$} z-X;Y=G6J5)=`MHUvB}~3Xn}`MZ5ZeZWz{vU*qQOwJj9(Ag5z8sJ<&}#TPq^fvEf}* z4t3SyrFQ@E`HQKSSCi-E$whUwj?32f3|v&)SAuqrdXm(Uh>6=)+Y@78U{_^lgybRa z4XO|TFtt{8-G>@zG$U4x;{plU8kvNI$i4zMJZI)3Op}mcg~W83v2VOPTrV(IU~_TsLJ}Y6_33`Dm{!M=jDty+>4UB5ro$bmOT8i36SrL#yn~>&OK%c^ z2t<)~3Yc>Mmv7k@_8S%!7HB4iO*!4&-E%dS)FJNl6XaaTs_R2qvhXV=Pem^;uZ@51 z)3u2@mk9CA)z#Mv--%aK$U?j*u<<_wsCsMYaB7qpFYl zNde*TnYN*`05S?aiRswg!itth(g48&m$KMql#eE&3R+)ygT>u;Wlnxf&VKTV(b648 z^}fOdUad5%Ac=_p z9@{ix4^B_s-rlsdDX=5naVLeEIW!a}QAPVARfeIfyL*3kH_x8$VES|gnC9T^ed5jz z|1i^g8x|eF_Wcqsz*gn+XGUtAF2HGiE_`Zl_ZCctVm#4<8o(4l+J99$d0GQ{QC(Lz z*s+lR6BW4`IvGgsh3viCu}Y9DOK~ZLbHj39{@nKD)km=)_al6Q=I^2b?82{5k$l>B zR-WKtUY9JaB0_YC^-kC&B?k?e|E&qfD=l~G)ZhJOG|0d@02|Vm8)N+3+}yF~TV$=r z-p59C$P&%BTwZ4P>K(6AgqFZsfGN7Ijg1(9ISWnLHKlo_)Rv;lw0mwIE}|~9w`k#i zMz@S^8Kck_3lKj_h%vvYJ2gB5>;eQ69T1T0Img38nA82L(fXKavDzf-oPFk3Zc&p|i{@@x`fV#G8<;_BQ1C>fBvn|8+07#jN$;@WKXJyrAdXSHVi;JS$^1_-C@yS`nQNoa}-dUsuMW@iVC9yNPmI7 zund+qVk98&*u4iG{87>&Sb(j_!_H5^oAZyv$fi;r4z7Mg+~VS8G2emqAFkieExA4v z3n@pkh3ym65_YDjhQ0T?aDFOamlFWM7=*jWeu;t38FG8tbc{SR+eP3lhE^S{Yw_Q} z#0Z*0@Xd#ZY}wcf_e?}sn9HcqU@vo@0B%&0(3+Cotsead8qt6fQ%UuaDm>a7X4Y{G zzROLTonXb*X)d)K2*9l)bmSEg;Aeb`fx+bKn`;wxxwSBbYy#~R?69|PnRmXY2d-F@ zPHH{~Q#;z)n8n2#A-or0Wi4O=L-%xdLLY_zKpb*ESarHMbvk(dfdYxpl)&k!M|j%q z-H+-CNmvpRfo*}oc_$3?Wo1OM>bu7!k3&e>aXo#QKIMdYu=w5X?Co{7w|CRun10^> z)?8;8m_0z4HmrHo2Jz^Cm~ek4^!Lm!U3C;2mO8Pe{hKvzuQq9=rRkUEpPD0DSz;VxL4&z`L`HrmJjMf`4g7 zq)3Nc12Y->zF^*yGT}^rq1Q!b6~#&vG&ASB?|6L1$aei8^d#>?9{h8eE;ISF{aI|( zMoPi4VJjy_`9DEpa62sw58mmD9IOZTGcvU^thRZ!tARH9-|iC=@1u~Fl@E@-+9>S| zd=&2EHvA)KIp8o_dgHU)u-lD)X=&1&_N6%q4GEIycuCZ`H}3>k-NIVxZmzT~u4t>U zc3q-osmd@`;$;+oQ*nAg!VB0yG|KV2RtfT+^$aFJ-&3HV)3M6nJ0%QMGIUm<9Fi;Nfk|26?y} z*FHYO8CE9J-WtNE>KLGSX&{Nc$u0phSRxdJAP_AYVxzO;T-cHNf16dSk=g& z2>l?-i)7X8&wZ;LqjLDW^_{<^rGJ$jX;x-XibTA35DW=ytn{=_Q|#Y9@RLfhYjQeY zN~HWhzoQi)bA;cKtAP?vltHxMDklfE<~kKwFY`DO5+S;xjHD(N4$GhGP%Q%JJ}6OH zQbG>JDZslx^n>~q5V>PWaqH|WFD(_Z|KpdEf{+YBxuie~`xFi)=18UOhfEf3Y@T2! zktE5G3J)q-_7$pLBuLQmk!L-WuP7jm1`h=-V)5hqqe#mCuwZh;g5k!ZJRMnxCJC zdYBtbtRs{00qwmDt48T@BNYuzwKuKO`D9@@qdd~nb=^$WI0c^PI0J*Tive>TTGsw; zncer?Ke4c|3(funz}057rSt#QI52q2WxmPHW%CSzUT6oxk3A|o8GHZ7fKQA6$ zNdv0-2FQ0IySLQaHd`#A242|43Fzr-X>6dKS%P}+H*9C{SMU*k#cePPK*@TqFvGfP%*s!|K7BcJA6j0o zi&L1a28!!Gc_MDwjsp}Qh>(HKI3Si1@l_5GA75cX_rw-9I_`U+V~?1a45rJQqA|2;~Mh3SDEn2$1K|m@$qhJ$Qh~H3onV zGWo!j4g4cQU~u={tQ4B20!S@_6lpkp;WtAxk>DF(4#Rmp)Z6<7YCEV=_OZYW918~r zC^VpsLUf$`llX9Rt|9hb--(F{*DGL|UqHeUusM++T)Zm+8x<%?yt^F6g(7LgGO0i3m8mapR>TM+IA3;QokzqBGcYXALAwW@xl?GU8@q zBj+>2>^NJxuSHBF(SEWw(nt+qrC2`iFuJ>6?prj(3klCo2y+_dtrTKoW5ek&FF}mu z57!91X;4Qx&M-@0K7|rYU0ofzQW(F&-kr@&CH!hWkbn_9K$}iiIp7rn;*~}1Egw2f z;1M@L8PoLozzX&+z(qhD#q$P&)B$q&?Gp5-NWkLq`~=ueDE+Vo`}@@@e$x{%mN^Cn z@Izt>D-kjb4?poe1E-wqyI&ezy z6Uk}~Ye|1w+CwmgwI#^@azP866&Wf|oM$s;NN~FUZP$ z2Fc4&&fXx)pu_&hq`@otwsIz9Hd3s@i94~yujn&V%L{Ub9z8OO%4N++%j6E?L0dSG z-&U|hVJsQSLM66kKO&DG+Pkc75^Qp_%It~Bn#SAfm~g0a*b_5$%j``M_c=m5=8BS(KI zs$h9Z{_K=QD}}kFstVZUDT#@|YAUX*{FI!W83Q6%$d&**5qOk-KNg&woYa*dRttJN z3Gd7E^AiVK+YJc!2D%<(l*1ojGl4?^VLGg$()ozI=46PgDK zsddik4txG{L?N<0JuAJ*cj@0QF8r(&8JkkQb&Ir)F)}bO_rgwt>c+(!o`~q#@M-5O z8RWN5p=Sh>a}W^1>QYJ5z*LVb9VYv=MBXu&={r ze6YO@o8Jf|jlm&jmK#)0XWBd_d1)H~bH<^msm;a3IE0|$0SM6)Bqh`8>OMRcl92HB zY6p)PvqjL7XlrTl_UY^Cfuxo-6EGYA1D|36-4#k~1=8=jVl+j$xj~QDp-hC`^6%}0 zxdn^V!O>CKsEyJJ{4>x~v1Wo$!O6+V4}UR)obQ*1MFiS3LPJ7G$k$X~P{0WUcYH`? zNlH#`fSJ^%Pc&KA-pjyxgoO>pfws1`2;oiM4#WD?gGGEnNJ!S;F^T+q%Q4N($R4-F-fnh(;rwI zfTO#;{rM$HR(7_8$1&aGZg}sqv){RG{`u2#7cFu>&A3DtDmmEBH9$sORu+9Qqr-2; z`5pxqHw?Iz`}>Y*YMo1andad01GEH95NQYs7Uif@N=XOBk(87(X={J`9-NRw`0SbR z)}Kwo^a7RMlv~-Vkyk7ak>2>1=yI++;RJRQP^v&b1b^_uSKLo5!`hQEGJ?2+v7VkV zd_F$DfuBFq($ia(_LvKK;Q1we_yDu_MVq%h&-YyGVQK8Sib*Nx=)}K$d+m<0q@;0g zOGQNmjIkhY3oHd0B6ITclny^XDSTgYU;I~*QBh6~ykcUvObMiXe0?<@JpwH36Rb=0ZCF|V(R} zPUfolbk_(P3z&8N`0-=Z#@WE&V^-F4C~0J5WaQ)m;^Rr*wZiIt<>F#a^8ApMfQIH% zQqpVKlmViGKGN=dokvJ02QG5Ev=D9d^z@A?4Dn~Y%VY7+wxeMG=1{`(-ju7qKwF|iU?dO~8$KL_lIKX>2ffvjb18*Mz9(?=x^X<*){cDyd zObuG_*~;`l)}cMXC1>8zna@*}UQJg$U>UjjiBM#n;h%+vu0PoB#J~`tIUzj3^k9A~ z0}y;_?_mW}3iT%zQ1StQu_8>+iKwDh1-GSe83~Y6crWUz6BNg!1Mv^I%Q{M zBy5ZT4*3F?egTbXnE-6m0^2RX0fDNYd`Yg(>7@(}p`6z@KClMfNDkaL4VS}841a8%vH*enh_3O89{|+3HyqPl- z)!g0OfN5~XCtwOd$V>Jg4-OB{&(2O(i;j*4_U^dIJO{V!VH@@LM1lAfolpUXO@geCwb CJYGWp literal 65812 zcmeFZbySq^`Y${t2vQ0tA|gsi3rNQxiU=s(-AH%C3`z+S(hY)imo$u|^hkGicMmh? z=IeLw{X6gZt@oV0*E;{a>m8R%#(AE5uIIk$b6?lz!e2&83=ii44g>wE_uY&)1H8nN}{<*0qDfSwIx%~63E;Aegc?=PM{Zhd>VPn$8{hc!A=Pm~=kwNJD zJ9=L<&1oWVe$c3St4U;s5&P#9NT1J`2!@oUM@{!D>7)MvB$Q(=)r5E6Am9+9a>#F9QAur5AmS349Tm2_=Ce z7vD^`1=Z_ruOO>>lbL;Bk?}XrNsci<_A(z70R$qf-uCaj5sg2c{$Vw~o-|;M>J=%6 za%5K(EPtvI!KRW5hQB%93uAI&z!??XB2U-!FcTVv&sjz9MetXj4SX22YV`e5<&@3s zSV+jdWY4UwyE1lO6+(BxnG+>+l4}qfe+8TB{<;nY*xzs6C~0h}wZO4Zv`XJfwU7Dw zpvyp6mNA84F1dN`mRQa0n@#zp>X|o^(Pd%-jqB18nTg}P-}_H*3Hq_th8jbWXjzY~ zU%v|8!8Hs)?iHqki4+QnEbo6bu#(n?9; z?e6dI+wPk3a_;{)K^J<=|%WlEya zkJ9}*l7S9IH(SNsGAB`mt_G;7hx|f#FcppR!?qN>;BEftRWGM_-qEs8LnSWzOW(zC z3SgZR%mGG57WUC2h9P0o4%>hePo48 z+QzvPWli*%LjwJyCLj|qs?(T zT3Q^cwZYtB1RSoeEYW$Nj^sU^cn184K2a+3uE>afcmA&zwDH_lkGL%p*fu+ht!EpR zwLJ!D4@0p$nj$#$L=qNXCcIxH5ATlW784UA@2`J|OUiVg$NF1>10zeT_~P#w9&vQ$ zohtnji}7-4p;LnTzN!r10f*yDrjT+ky(ed%A_4Hr)9qhh+y7*xr ztM_DgelcJ6R=a@IgYY|^=WvFG5PQpmpoteJPWh&U#`3K(Ky~}e>9H%yRVLO6)EN0& z`tR=Cy^C9g8Ln~K1`D^#Cj&8GW3yRK@VH1tFV|k){kMR3!yC6T?Yt9_G4ET&6Qzvb zC9eK+nI+8VQLRKqgUx%+&!zO>-L^~QJFodP$6>f^F_*W6~|)VQu^JKv&&JJot~?1$vLcU|E(f+?Xw{QTp-KT57et&(H?8nSb?@In2+N=o}! zEQQ@$pjq=io@=rFD%n=vXB)X2)cgjH-K9<;7BdRQBPH@CWXk1luxeZhR2)mG7yH^d z`;A&L)pi|U8l4uD_Q{QW8}-BZaWyKfQ@Yo`&+Mz^SUo(cEP&0};+D0!4^@&L@w<-P zYdJ8kAzP;w??}ACqEaMW9uNtcr=Cy4qpvXXdCs4qK6T)*!na(#D>{@BT941#^`80V z=_}tBj|eEOL|B=_`q0;}U&nr!85^j zRdi=Xs$S~DSMO~9)e-xUcvu;*tfHbKa5MSsn`EYn?1ABd;aq9$NI2{ExKp}Xe@0TP z^4YglX~Srno+$VZ{w8vT}A4eP_f9+<}6r;M``qt z@OT;DkiXdeRee1@sU!iD_3AAA`80+P>=;RD>3fTv(eQ)5!AZ^Js3;|r?fC%MW!J;C z(P~l&!`}K{`{w2y;b^(wDT`Lv(b{BXVr5;3G5> zxgC;bOkS{gl9w+TNff`W_U$8$PLNqj89GBLU=c!*4I0jkCquMh-*~DN|cC zB?RK>8;ZFCfqcL{y?j&t_5bV*&q(!E8e${o^ijEb@2`ugXaHQuY6?j0=g*h zzVMYFzQ||bNvbhG>JfO@yTBhK4 zv|k&@mP?m-ANOK)vc?I6z92i!%lSOKySLa09DWky6I|BXolaJS%6HmJvwgZn6BQE^ z6OQ>|H9hr7%<}iQhS?@RA3`lHEwI{cJUqNxw{Br$7tPS;1tpt0hzU>Td(oR|+rZ(N zFZWoN5;~ijz5~z$Lc{tr0zTgwly5H=FTaQEO%il-J>E)8NZ8okMwpM5L@}$Y%`-^^ zd!7^)!pE6SQ|K=hC`)w^VNP_KIE%c{EizdTU(Y5{iW54p-ecIOAdS`#%Y^-ec3v2yIp*GaY%8GIDB`n~ASFK3r zrGkQjk&#h6mqiqd=GyYIar#|)uB)UeJ42zENSU5)=+n-rtF<=sz93tHz1sIsE*$2z zni6<%`8udtPO`JNFB@=Semi@ib#pD)vsxWXo?XL+fFJ~9C?SW^2b`v;qj9Uj9K}+t z_Xgj8CV$V%%PZFZ1$7_ zVzf5P%H+nz1{8gwk2=})!Xii#@^E!@EWaU*2jSY?s@W#3|5#JwW^aGsf0u3`6h;4g zFjpCvf`H4O0UcfD$jAr)erlYjUKTc(Lh8K<6i3Mh^Ur+s3Ly+?|FnK_W`>ZIl$3FeG(eLBOk1jZMwY9Awl*tJRweF{TESlBNxK6Km z&M_$F49qlmz3)h9xEV$VBn}lORtNguHKP<| zVl8fKYZIUuF4X3}e>;*vv1CRSB1~0(w#L{WsSP__jQ;uaC&<;~X%acnk&&E6T`@1c zZWd@QLnXuanh>(BI#`3b#T}Pj>FAWRWKuM$Y)N^y0d6z{Ko5;_0sb?wNJd5m)Gqz@?K9;9 z4R?2U6_prKDPwvZ?c=xq^my%EfELK0Mrvj1EPf;nqBFt&#@a> z7XQ^XONw{x@Rs2`)qdc!?$dlQlyk09zMQnRD8n+Wei;w2i>9cxP!N z(8+N0>fD^(x&%qQfNbPxXnjj+8O%@>$BN=KS(VtzQtSXg-Bab};+ zyqDSqGo=5se1x3?@a^eL>EwfhgWtb@8+JxjRacLd3w8Jh=KsAB^hW{XhxWo|Vu~N{ zqW5IX5hd6_njRT~F>-q(71OJp zN1Gr6nW}ei!{h3gTs+d}a@TOG$29Rrnta$55c*`Lh~u4sG8ldV`HK!-0ueNqt!1@ zo?_(5Sy>B#ZTR^3Ojg=_w_EN3sj|F)2-5b^@5cUHZDO#qIK2G)g(}5*Cp)uFTNA6J zrJ1|uHjrDHuQiKHYmlmGM7CBGO8P=i;P?Pb zP&{1|VMtth@Zc5IS%N4LbS5(s9=34lhKGZ&(uvm%a0mY79ZdX*_-)=$m50+9&M%FK zNqL@J7Q7F`p~cvL=Y@9|xQ682Rz1D`p>@}gZ(kai}3O>#v@Ak9y6j|K3ae~ ze@?%0|#m1;F} zdwKXVcNIx4_2qEP_{YF;5Yug(AX#Sh^1J}$6UKz<^TA+W*Vz#|BwxiY)6h=RaIN^LeO~K4N9;(uxj5;*FH)r zOp(V&@tl#d^MsNX)j->Zk%~>zei4JkXzic`=fNa$kNd zTz%-`Lv(}ATmA~WH<|l)UGcS@=Xccy*A!1398rgUg?-U2EXTRplI64z2K{s(H6w}) zg9PStYY!>_?5X3;vdYjRkujae*`BH-dt-etnT(}F*IcIy*C0O+PlQ9^=;`Fgmt^AN zew2v$DdP_#1*5n(T^)U_2(&Gds_>MqwTnM=nv2XYntH=2OTFSvK?%F2?;(`iZHtPkIoqWe z%N2ipl~&s43TNrSnrD^rNvXkwr`{9HtI(ns-)>96MjOskTIXSbUq)AU*VZ)??2+}4 z9#!&l9TjTq3h{C_Baz7Qmb!)!$!qh=Z~8o{v<&$&nLehi$)F=R-ZJsX6;L zJkE&iYWkx~uD1|MAOSp2{-?u04KI#7a!%^L-zj zsmm9$5I?mXX=`5f{s+mr(&*%5xNzx|Hq%+#X3gx~u#zMJxuDOwc!*>|b;Fh4zP8*~ zWe{^xSPP-`GLQG5#OfbDth5G^d$_v~fpm~9pBWKBtUmnKVvD+&Ny6mtw5KV=66?_z zckZ&+A{$f#S(9F{)V5n_EOq|jD4nj85kGjc#B%>r7NjcY_6Nz{KhJRYlv3h}vB}T0 zv^0Q=D4?(jV4mRvCozWALKx>7)y0PnPu}3|YEp7QM-B8dzZO$+PoIsRG}lNI^JA6a z+$w0{hC*^(*6f8Jt>V(mpHc!JTbmkk1i0&wpz8)O_s&i;0P;bK?s1Wv4<#}U`Rgd4 zu`9B0UNn;`&=;MR!+-VfL<(~-{2ChCi-2Riy{`joO(PlQ?c+n%=^ywfxDqSZTDv?V zMRjo?i5ElbUn_$6{3omLWPb<6f)n{gm`agWA+o0j zw)WJ+KL@P%k9e;v6;3Dph{Gt5P!9mIyL3`aia8O#9SsI1xi1ssT)@2+P`Lxzb=#d2 zrSh(+IS0EhASj4Cn)J8u(-=>~1=RLbT@711%A+rYeUzBI?0y$K&G>V&m0{a* zd;7!e-jZo=ynD&+or{s_tGw#d=PsW!r83Qg#Cys|9)jgrkbRyvy&8r%uX^f%s*NcS zlTJEmV_|`qoSffosS6wv?|B^m0T}%!-e~|bo}8bn=VzEI84m;>h_SpQAn^@ivstdK zEt%7YNx0c|R#R@W-@k3L?AWtn4--Mo;#vv7a@Fb>5Iw;N^p4_L$;cw?(5!vvx(`TT z51%}F0s!m$+8UqLR4qU?i%f*r5XY32yJ(zfH@IAq}n~D*;5S-DS7{DU7$`Vj)h(|Id*GVD`8W;?wA{Szv*{$99c{hAdJR}U0}ki z1hyfS$ak3(-DD?j!F@Vo@jtk?+Y57OXcCu}9CQ{UChXeG(Ee=uQVSLDTW4u*ol~q0 z<%j0xy^GepKz1j&y~VaM)!O)&)Z|*-F0Xro3ghJ-D0yutTb_=d-XCP&XWIUBD3Tr? zir**jjBBKwm%R(*R5~u0FNU^>c@D~jFd>h2X?Z2|# zRZmnbFMv;%r^{1>4c}t|T$X^f&|No5wc*+0k;y@v0JtX+I() zLpW`3r7`brVj)`!{V3rHXv@rr~BnV&bLi>8Uz`vx*8uk->iub@P}O;6->*H?Mya zR*C}{MhT0l{@;kS>2+4H`@1OZ(r2hu7?;99TUR_cD+5D^&hyu=Uw6fEcJ}u6p8W{- zsy_F1h^W&@Ejoh%mV9g(Br%BGBWB~MX3=Wc+nVEjRzAWnHU4w&z z9sjyrt#S?=zAwvQwzegp##3V0nRgajC|fV9S@uEJ+1Xi1DGFe3PP3t}RIl2UAkvQ zI!ajHhQJD60)uy49|{82t`cv~h>BF%^1A^rDAN}dLC4(21}F(g09EKH+Jaz;4{nP5 zig{^s31ttTSpyx%;A5N3oFhOwt8g=KdlFi_o_=NUPd(U02igp0l8C4Yq%lN+G zoGDU)THg}pceE1+zNF(I9C069bPHVM%nRbw)*3I(AkNJcfk`aC_2vfX^3c13)Tam3JAoM1bIy~>LI zTyq(*C5m1={zmccgz-tnwbaK8aGA*7?_$VA{^8zUo4tj0Po6A4;_0AK! zvx8Mo^aCpjJbpYAtqlWkA~?ZVS>$@2*yXPC7M_5H#kH$fx2EdcPWKG8wYBwim6V1+ zR0WBT$@_CaKpdAv9FEZbk9K4)a8Z8ym7Vi#1TNLua3N+n8D3pk*{1q&;!jOw0^?;0 z;-XGSJ^E}N^v!Un&?oZ*`nT?)nLe+2J_nl|cloh)Uw^;dkk#2f5_;n6KrJ1 zqwI(PGB^(8+W9zzn-&)x&kqpLu+L!o#EP&V{WE^j>*<24+K&|zG*$2VP zqHXqN6%0uNs*<3Y%jb5Kx0@aw-Vge_-T}0r(BPf?bX*Ec;qswp^Fi^x>=W=+AN5*i z8>u}y?@FibBoJSCY@PsN{8l~VS}uUq3Di_jwY)I`MMPEv%GTA@6<}fznSi$P?Vq%~ z`T67$uZ7J9NQMo7#x1A`FVV9q<|u%s9q1Mwf*P&b_6AoPc zQEt@9;h$B0DP?QFcIz1x;hYD1MfHfI!axgGojRJA(?=pig@gp*_sGADT z*Spd#%XPPvYe9Jq;6)a9ax5&rE7xwi?{{-=ZEX$Z`kND<*irA>3*UJ2^V5HE!M&$; z{|(eG-`I_$ykd8WDh)Ro(Z49+Wu}7+(-k>N`D1&bM%{6djLJO{4qub?;K2Z{>1r@E zbaz{TgdIfAUEb$UOn&9dKXJ9$D@UT(z`#IdEf+&@(&_2xk&I%ZN0nyIm3+aDh`CHP zL-lhWX9uUNnaP0|Cp){#N?&Ibb24cAg1*Js>8a{!8dv5*@>7?LYYez`Cs(l3&xv zpCEhD7w3R?5FZt_w7KbVxTa{9ATmqzJiJleIQlf%loq3wU|W!pe(Jc_NtX@^O%Kzu4Q}10mWi4H z@*3sOYlaJ)N6}8}D?!>#Hj1x>h?a z;jVWt@%tC){Fw%Mr?e$LwYp-r_tK%cG7_Ug9tIT|g94qrylz-8)_4s1a>AYR#^1ID z+sNUS#bRzzy`BtlB)jdaZd@USD|BHJlI1g;{7m}46dRr*VM!O?&n7}bG-J_~ZAJ7( z=+obA4TB3g{CQvMuW-_5L7@)O=O)YL9{qbiSGK+n8@^b+fRB2DpD?b*J z)z<`$Quld>Z5Bezpp?IJEJeAO_Y~voJ=}%@;80_&iwj+YlGq*34(Xu8!eF?xNHgv#dhuLdZ~ zj*tLWPWmKjdtrbO3Wc)XD~yuo(2j@NWli5*{1;?qN7xjaEEHvkmo7gd7Ws^eYgD)& z@_A$Cnf9Qr;Q?Nj_{)nb!e6v623PIVC29uUsovbiEO|wpJxN>zl#j;g>FKVsMxp0Y zWBh=Eas`0q<1K#JspFfysMQOz_2g&MiDfkCi=X@c>OBTa2s>wkOvG}lrQ2hvuGqT6 zSly<$J*z+DLP!^{SrL=Zr`7daqBEV2_V)J=ZQIYe{ia4ckx1w_)ooT% zkAo-`J8 zKRO&eyUV?0kdY*na55YCg=)6WPACTyk4s8Qwv5vrYV9JDgQKk`D%a+nwx&J0z9yb$ zr6-*`pRFHf9^;)O`!q8PC##}uPJfTFV%6QRd)1TS59;bpE5B1fdk&PaL0R9<+WPC^ zfiviH&$eN3W{KI4=9ko=aUzD(F<5!c%S)i z`wi?J<&181J1DjmXcH@*_SXCovf5f%Sy36vb!>}idMQ67wXS&7tNs@WNhP|9JDDd> zI%E`XeqY{hc)89i2jFrG&KV3o*Zos9`Pc`BT`17+PL7Fr=A8xF44|WJ$j80cz?1!f zZ+s$-J7jm=;7G-8T~_U#xguqH%gbANM0e+y2Petx{R zn5S;TCdJ@)^OyJ@G*U+G-TmQ+S6=gRms}key%L}v@o-uiYU+j2Jjcy3KLSdn6F)>? zct=Wuja)C390FNjoOXlpg3j*?fbm_-6hy#@#WpGU@V;*I#a|1a)F|=(Pwb!01g>m? z3kGhy;P3@FLrPi9R}4M)e$K(iJsGxoawiuEfRI4qeLECKGEJB4{>1w}AU`G00XJ$L zh`l6a{zKL_%s*xA!jw+$GsJ?AhTvBqBe^p(GoUjJ=vC!b(?U+C0Kv@7&s!+a|HS|B z-;sO70e@p?h1~7ekgflTXzAqH#;eXP0eu2JjVxs1b)bnfeX*h2k+cx5iw;zrF z%vXF^~2+82evHd2IfuOb7Sv`_gC&;_N9&28M25j`8s>( zcb+Ss!=-~>WYG;mXXQFAe7AO7OQWL)w6S5b^iPp zg*6)|t_y>Td$B7%Rl_}aveu9!c>eGKH$D^01t8h21Ob9HSb^?$>t~I~i<7x=wzK%tML2o&ULH@#@tXY|l^u zua%QH+4hV>Kaumf6uZheq@JKS{&Ko|?`crf%6nHz&%i)E?cR^f;(yT35ac(K!ausO9%6#lwdk zt^=!QvoqfUHEV)N9q#=qdE`)yzpc95n(`_-PfHx)dGQo;En?}Yp(U4q2ei^kv-sco z9`vv4DJSNPmOIdxDcy#AyMtd|0P*y@B&9A(Ztw=eybfZI8wd2X|Q= zsw43A!($-W5NC!xs4)FOj}{D8uf-Bv)p0dP`5v8gg0qJ8-U2-lA>qzKQhJB;;5u8X z^5H8+xDbt`;uVNv5Q;#C9jQg6J8TqkW`5yM?!+!HO(%u2Zf*IxGsWAFO4|S@?7VX_ zdOu~Idfh6n{1B`+H;TuRRB=AU99o_e8}cJFDQj0nnb?w0sz|7}om zxNBJ_x~<%jOCc&&*LEJmxmY0zYrYO4{(^*my!xI<{%UiRm_?d@nTwv5ac@;g7Anbk zTY5LsM>@)Z0i7uIL!dLtCU-(_W+1IBGje%*X2cc0Fu%xp5CUNU9X8@N(aPokl|*N~ z#JJA6z2Uj_s8mA=S>uHJPVXL;HfKNDI9*8J(KdTG8fiPf5LUE+vGHi`aVom&kGNM{M zc7ly&I!p#UDzGHU;od%W(UU09pM>7wPBU}}+0(j`@7MgO>v@eO1o8t!ByYkeifNDT z_;G#4D{anW(|ZT)Ev)*mMI}({JsdLk>(kL5;iLU#0o(<6^zmkmT)v6C^gN@7j7)gm z#W}$}4HjyTMN4@YZ(Nw;{K#HP?DPT5X|!AHR|nc;DbCT3KnvlxaegltF>P^B?zS|9 z5BbKv06&@=tJrjS^B>G1>DqBO2MOvSrROpWo0Yc%oZLP?3KE^)ORde^F@N^JH{kcI z-iZO5OSVe2`bIsyW%aF!o2f6eQ82k`e@m>E25TbAkEZFFnO^`U7wWpYwpAc4Dalx= z!6P_s^)}vfFPIMtneh~TcdOWDJ}JSAlY)&+;CFh&cc=K`O!%jFY@cnq&+M!G_g~5fvYjw7f(^6A>hBC;crrcyr!QULmf7L{4F=`tf*_vn7 zLQL%D0kLo)`@R{|5^fRN>?en*mCoWCe9ThID1I8LNn-B($@;)&^5P0PRHh4PWm$zh zYKHDRrM_QgtGHQMJEV!^Q(s54#e``v1sB|#n~0D4N__p7ahS%&IOehYX&;S2yTKf%dFv){S)|3^lfXU(UCNU8g)xJL zk6ukcXefz{l6i&b+%(?}{_YGZlKIkXOg*I@0&#nTHkSTxLVJYqWIarCSm!lLI`q_# z=lxSZ&O~DV;~D68@_;`To40E-&x{wpv?;l0y(A6rA!xov^_siaA|qy%6~%0;ayLEh z!q{*kKZ_tDpmavAC*`2-Nsak! ztCOS9vb~R!2o=Fa7rJ!?GKfxvGurQ67mTzK3h3A4^#<)k&X={p*FPXcGMWn9Xhe0^7QMj!-fpfciPfOGnC64b3<7@ zc8oR(S-H;d+yb4%I?kh&>!2&B%QK01Ii}_#EiM08TOJXAP`0>j68{E zcj&w}W-mR&2vGxb77cgObbE6MUr!J9(v+))bN*yap0t>$KZ!nxj@}8|glQF@U?>03 z%g;Bv0`c?-#bgJ{w~d6v51*O4>zy1N(ON}q5tD6kpChsh;p6JO)7TWOt>e`=H{=x9 zaUh=Q&oR=pT|VsT88KPe%uyomAi~AYm-D9oZ!-u*Xj~n(R;${pkZ;x#m{LmB%(>}R zh0aoQvWgDon^Ny3+|+o%IR(~+*=X?+Os*wHn+4I=$XO<6+=)UZ7g(X}bBk=-BuczD z+>XQGr-tKxltK=jc}ylJJL>Y8Qh50IJ=tE-(ZkQ?OG*i|g0PkUT2tJag*J+kX{C~3@$ zP$x6Q4+AqWbUvdc9z>YKXp| z9}2tpMbVTPHi!ap8-tDuVB$V~@&u5yZNV*J6j+eQbbC;K8<**N#=$r)j}spD|4kNp zPlZG8$NaW$F_FKbcE2a*p0>b4ayM2^MeNz}RG(Gf?CfknlHUdupq7A0u|Vr8*TWlB z&HG3Mx`_Y^7|SguQC>|=tF@q)c2BeuBhcY$AUUdifmWQ~en6Kb&h!%3-NOTZwwg%^ zJ89_bTnCLflaZp?Jk?SO>xU4}1fa&(fX>yVy$(h?H6|wy0XO|dG;XHxIiAT~nJL-j znNj;@c%vYf<;2t1REu9DXOA}LzmU?{Z==VHbeFj;BT7o`ruNz+F_Tqx#;bklpi_6e zzmH2mApKT_QQXewzK;9xW(8sku=ByE`wweZPLtipoaW(D=}Bw%hj)X#x%;*v4X&C@ z*Lx69@D1cD7pjACR7#-)@{hm-7vPSKgM*yMtOp12+@+Hf6F4mQMl+RA=aI|ggLz6- z5TWY#r*`eeO7*ge z_l@W7DOfTFr)I8@J-#~OT`4i;H0T8MHu}^bzAnrXJ=}LrZ@f_&PN=r)<+`gUg!lbXt?vki~G^D;A{9v(E=jBuo zZU<&!a#D168?#t`u+!&@F*})`rA&6cE`vNI($|CS?cum`|M+kDcDJ1bnG!*_zZl zb}aU&8A+mNx8t%S4hEo0hv*^or%$hC3~t-#|APzg4SV1gzm^g2d|!G56jK`(5fK() zKfW+EVoxPhcuuQr7drqEK8jVF#oKwe6yQuNt2pkA=U$#-=U2b|fSQ!G2gAdc_*U{R3yVvq6(DYbP`0#mG@$M& zRzPtp;gQM-7pH(}mxsyL{$LWTd+8@YL$PoEOav^SRl6P)K`)=0nkwN4f&rjkw|k?I z3Pk#0EPcoR9AwfSAelqI^*ozPO9htg1 z%{&VWUw)1!VN|NLZ?Am$Q<7Ei_;i_f{9Y1@?BX!mc`3Hmhv1QbwY_}=b-T`UFft?J zh;To*ZDD0tVzHs$WJe66au#!4BX)P5t

PSfXETRuW-DBwnHE?(RY5X}TVW+c$E;oNuBN7DYMNuiqVsagXp)&fC2tp#WGF~} z$~ES0v_Folzjz;Q#ng8+aVbs5%RkaA{d(P=OsrjLJq!BI8X*1$Q}72`9PI311ylk3w-eU{IBov)Va>Y%GJ%*&~G za(YYr&Rx0yIC@_f=j3#GP8-v)yaCb?VE9ge8Lk}gqqAVA)H65k^#VdYSmEhQ60fA# z-L7k^4cbSFJeas$6Z>u)lQ4X|1fR1bl#mOq&Qm7q^c44<#?{n>!+|yQ1P@Y1{ST_I%>lCT(9)+?FFn zDTI0;uuJD#w_ucrds90*#?=%P%E2vfm?7>99B*_6MIlld+3*8T&1DPQoBt75|2=rNQgASnxFkf0~YEb5{2iciQ}YQhg9S*iR-+~9pjF^AEMV|$@ zrwp$HBFl3CH2@9vL2|PmwV|<<>wFLZC=rFK9QLz~eFX(oA$EGZdLFUtyg=SX_Y=3( zupL*0nh_Nu3g$gc?JBShP%ys-nx;*SjW|{!I|(xl?{5+iJV=sf*B=ffGJB)ItbN$l z_H^-KrywUbO>3a=0{C?i0WmQl_v89j?I#qY{MqKp3w%mOp3@q^gm(@y+sj*g!88938SvBmeW1P z=YYh4O-0J2BGbkelwqE{2j=@GXhsQ2yo_%8f7o4Jl1{F!i3PobiFMhb@pQ>(Kqyi@ z50qhV6_;;rc5nV2F|)5dx^wJDzu27iIhmN-Unpi`rF$wC+1+|x|%omhQd za@DoSD`PNAw{c#JPM!$fy`fOk#pFG_JNq_I3Ey;(-Hq`2$IgI?*fkxu$k*u-sd7%e znhVF`#cZ6Qmn|pq;?7(FVN$AuMC6sho3D?8yIf?%UiMgw6j`k)r1bwd+b9jAfoEqw zVUy+I3y9WYSYr`|UoSENEFbKGI}?R35ht&9^|=C7Co+GNU^Axxg9Ro=!KT+7K*H!t zKv}QX5&*a%Y)=Uxd49{74hdsB3x{e}b4@=na}UnF<;M>ne7@<`G83z}MBoRzFKA<* zuFT+n?5)DkOhVOxOZ23f$HwxkivD|sfcE++EOi=`a4hu31#OTAAGq-;#(0ea4`yEW z!%^SWh6`wN`$`Pw&>p?n{qwPKX~hFj+QMw2w2j44xH3TWU~JFIh=k66!%-DO2v z7q9K*Y@53oulwiUYxYsp8{}bQdF>rRV#w+*DcRC@-0Wr{s;)dcrtt!d9ZH(>%vS*VY!8VvPK6OV-U4=XkXI`chVaZKXR7_(Kxf2{V|G~swRteD=Rigfu z**=jaJFU8kOmVMW z%d{_4WqEJav(|sZW52>0z-UqtdoXnEToZe;yA$$6%~|TG)-jW3HIoM9t84&ZS{WOa zy*NKj_h)?eKmD9S|0LCjAPvh#E+KP)o_dyvS2~Q=P+YZzPoz3ROE%{jH4$rzdUhCB z#Qrz@IxVY*6djR_(cote0!xieLs{!Dw~V2;Lq$3y4DF^L*hf6{O8e%N<}{a9>DAZJ z*uUPBNJEu2TKYx#BgiV)RG+-Ox=nqHuTDFW_Rei4Pjg{pXnqC>zn?uW`{(8i-CBJu zmi?V=e1+CQGAc~cF(J0^9hEBPemsOhL~X}5Dr1#m2XP?b}9njQMJ*}$YE-Sop< z00GzvMl=d0ny}OWa00)W0_5njvKP2XD;sBrUmkF2jC^Z|khTqeF*5HQ- zqo$#w!==hm$ktQRe-t{K@>9AcNSL{(ZF}{v$t=fZm~O>zzvC}yb-S*U25i76Q%%zz z{A)O?(r$hvjzBHK24CHJvwd$M9D!c1D(TV1Em$5~oJRl}jf&9k?y6&gDj0HNnx}Di z)u+l9neB45PQt?RE&qeJc;3|ZVU}NCti&07ME{T-dqzFWP^A@x<0kCGz9^8@)Y8(z zbA3S|>nWJeoy)9&?dZ76{BHdDv#I5@_UMznZe*Eh!V8wyIP`Rpor$<>e1&&KaANDS zo+T46JMJ&Nr}B=ESN9(a9S-UupOUW?EmLuHjupjMVV}TO5bQ)Hp-&10(g}LH3HFc3 zcfQ+P=Z6;7RA6$UnvrP}#~2taH>c+Nvt>=-Nv4B0S=*m~zY`^jHWtD?&Xw%{@zbYI8B&R^V7`Vi@!-e@w{xr< zSn0_*0;4(SwSZ2m+zL`kJrJCA*4Ef}U88GpF);ogY`tYzm2KB8ybzEM>5!I`Zs`_9 zx;qppDd}7^N{2|dba#V*bV_%3NO!F7^nRZEefQqS$1i`VTxZWY#+YN8#WShD%^Np0 z#kUN3bBjj~&@%UAw=kKYKDc!GFw%x}! zWprBAhB*}1l~u{_gA;*|*0Koqg)|>{UR>H82`xt2_P)D2_jg8m*#2^2T<0=b_u|@n z4|mQKCmV%R_*Ome#q$@z;0W8ueNXK9zW&AWm-6Qcxm)-#xB>FnN>GX#ZjoMAW~(qq zNJPXBO3^`mk^-vZ(sn6(KDjh^eOw|q51SpW@s1T>9r3Ib+zt-BSHxu=FH30wFotldTzt{o z3yc^PIw)83kabx~;rm|;}upL%$}I&HVP85lZDkn6G)ikDS-#ODmW z8ffBNTma{C4=EUvz5lDlGB8X^0oC z8I+V2)nwJ`e5z5C+y8;u1s9<+A)urjG!=rVtfWVYnng_%R{Ub*uBXQ0LqOC5`tgnT zy=2l8;Ttk+*Jn-_Qry2T_NPJmHw#kYw>HZ_NL5qbsKzY9G2t3n(TYnlCR5O{^OZqjT-k3K|% zy&i#iu=n4#$031oGieyva>jidxD&$Ar6*Z!S&BVN1(?4K4S3ua*Ectw1YgBqu^!A1 zT09bGF35e>{jFGwZZYBR-5l_t^w02a4XY}~`x)O`=mn9?QVy}jQ(!Ms?AI)p>MD_z zfa`#rLP^hE_g3F{K?I2E66dGEGY|Z?x_Wx7#?fUCH+_}Ct{7bx5?{vDMClNhtHdgF*p?er` zTK?dx;{-Q`u{i^7a<8Zjw53SzINDzjAv~eZrxa+F<_s4A)m)4Ycc5;LsIF{IhKwYq za1QO|g!*MeQj!TD;H8FgMCpFDOzeKCI=y>TiqMFQR&ct3&6ywpmU!Lq&o zs(O8_?d@ZBwS)vR+*I;f(JlqJray||cOiZyQhXJ)DJdy$!v&aGSk%oY+Nt~VTk?Y}D@QoVqhGhQ zxWn%}8_%ASwNL$MfM16yzEhDCtX1fr`c%nM?5+(>KI77(pb%yz^1#g)k~%rOu%0(R zNMCz>kP`9HW}l0xH~Eo*F+`WAK3iQC&Ebq=m3dpKNL+qeYUvDqWn)8%4`%5XHxh^Q zNI~^V6pOt&*{SqLqw0@%f*SZF1(94rlSYi~(v$CYae9Z+?i|Z&BEN#W>eFHl=Bx(4~2iShYJLu6L)NWHeCKaG(=oimXh-p4Ie}G&7m~0+IO$-JtHGnKW*C{aw~5g zYj(;R*)tyvhs$@C(?4Rid&Kx)cw(ZO>Y189mME#I6Px7($Nu2G%6Tbw z8~aG9rSRR#oeD8rK#F=X)S)8lQU$m0;=bfp7%>+lASg(KMAN{lF;}(%Gx^E*ovS*@ z7>|YQQ6S4k8A|N7=Hy*oA~Ym3y{HhvuCyN=n}r{-e$71CFH;MLzGb|mQ*7-=*U0%1 zp0~ckiH7$n^(Y)>@ra>{3JxhL>9c3R9whqo^fLrFa)1I@5fKpp-0|}8n0iU$=eypV z-XF~7ARykHvLql-Qz+Ygjp7GsXHWYfE9(e=#9Gx7t@!D#*_sFg*4ey}8 z{(yDq85T+NtZypC)YKGIcZ5VlhD^pkd)}Y)u;^49Sy5e3;q)~S zbCJ{2Cf3=Ca&uNbn`gB!ruy_r4EgkQv^a6^tQcgcH>aCGKz{?=EaHTu(N9UJay+Nk5CzSs|K2peFvTlFuyW~aM|U8>oz zke&WP)k0Vsl_RJ+5#U|Av1-Tf2vdZ9l{se~bPqD?W`9IAWa*$LcWvZFh4?+Y7xZ2Z zZK+}(ICP3D2$6je100BeEaE%-7#hV!0K+n_p{)nD;S;;#GiF%3{n4n6)S_Nt3cLtp&hM0D)L_IS2r~QL?`3T z5na|m76*NIz)kRlIE5rp;d^U>N|B!J-(PBdMIOf(@fL9i3G<9#N7<1gdvkGtJ>^0D z0LO8(_A|&Dhj8b(|A}dm>{Ftnu%aYRc;i@xul;rN!z*OHuU7g+uZi)v_v$^aSofzY zzXVMfY$#WqYIcJo^7QA(NF+u!azUYp{*z)PKOaXYs}K|_#a>*@)fwEow!URl%xssE zLhc_{V^K?Jy1jn4wHmnGK4O(Jc=JL1pG z+giU277JYoOHD2l5+}!l8D-}>VAVA0osH=A&worm-5J_uIt*24R>UkaMb_m`X_E2U#&@HQb+M3}+f$FM zNy5gp*Brw~Xn#?k`yMD-C~$BIVnPi9Dn*zF)ww2l z5ldCmO=h)U_ddI!5&rU8q_3=6Px91hCW}fRw`Mu?#mxX~P=qSh5`M_(y8ptv?Y+u7_bgj@*bnUH1ftyPqwx`ek==Q3Tw+X zIU*9if)Sa+47>h2TSDnIO>|dITn%hg zma-Ib8T>*+sOn{w=ml_jf(#jFouVR%Q@;QI74l>%Wm{GJ{Z>4Dd^mP4uJ>k*Nd>B^ zD-tTMF)4bIQ?9tSFHLBV4(*Y9z7VO0kZHa}`Xt+msS9>>)*p|)`GcTK*u?@)5QhI@ z$FIgnn4H%Mj0mg}CnqPjwW61lt%#QaHQ8Owp6-Lhl$PKzsJSK#wI0wX*CfIb|E>r zh{-QxZLCQ5;M_@r4P)s`Z9vX3#t*QtvVMP?Q$tbmv}90+#aS2KsQoJ<4z;ppIU;kA z@l5lsIy)*mWKa2Kr9u#pIkLj58k#}jw z=YdD6LKi+gqSy4u;x$amd!)3qwBV>4-gwi_Qb&LOvE4F!<|@>E2bCm60LO%%r=#B+)M_$F{d$Ipg^JLJ;?JgB~s}uEZCD)=`2c78|SI zyqos@5k-P~jwW)|&wZbXBMW?uJz8x^!kiBqlH@o?Nz1opggEMW=VWEAb@^Wp*<5Kr ziHNi_4j4B(QUc_Uey|W%Y@+7E@2bmoJO3MDN)J z1d^&kIz9UQ38~Yh*x7d9#Pjm>eGQk#K!FQhZ~Q2K_Ggi&@xV1${CLAfKnu!E%dRY*2ZOF!ZjqQOBs`K0`};7%@fcJqaa-&WC3w%>6t z`Qn5Fm+K3%r_YrmMr;>)-}m64HqAI5*~F#BoVr6bK)rvVc%6-3W27p>Y58qK|FHM* zEi|UM_&Khi;G(eI4&CX!MvR2YZIlS7TYOgL{hLCDfE(P!L{LUf$GUEQy$a16@49!_!7zQAi>}tq{%l(TOhA zEGF^y3mrP@{7e1)-H%v~?x_i?DYf;3nG%YYTh%6+SfE`JG8+|7lz?dv$8QVx)F3)q_n4L))_(~zdDB((gXa(3CD+J4D=gBxu)6)_sU@v; zAH8Spj}!Lak+-(AQ9OI)m6b8VTx!-6$};@|QJ9pYy6t-cnLIUw#0MIW{lIq$9$3O6 z^3sN#d@mt*!ku z)>~h5SKN|lB4K#}+h9LxSV=Hobl`mf^9j6C@itptXg_2LLzmaNyqv#IC)XwGNq;>3 z$SV=+BRa_`=R`7gq^bGu%Ti(GBEPq9WIQ*qN(L)o6o|dcNN2Lfe!V6Ttw6bgV?&98 zhch%4RVl4c>hy1z97Q-uu4Fix1RlS?135lDeS(dP+j-i|!?k_=9KrbbPy1VPm|yeG zI{{r>E77&O)K6`ae;7p4@L^@0elyL@JtHBT&<0I{n)Y(*5f~}<;Uk0>4X2k>Hz+2? zjQI6OC#$i|(1F{k--}WA{(m27KLgy0%;|C_2)ZRQnyOX?cA#8^qhKv=l+8{p#{5#d zU?XoK0m$p0k&%%R6T58>lYRWv-fj$nUEl;K>~X1Pm&NAE_ukVTguX9;$PAn>^G<61h(3}OP*u5uSbfv%Sa``wbNgOQl`8I!QonoaO?)i=% zt4_K6)3P^Qq@??NJ#)1d{*raJ@Lq;k3k?p0*243xZg|uA+S^!W5jJOM?dvXWe^k>? zof+{^H|5PAf^)yfIGQ;w1z88Nf7sAJpS>CA??=VNbpHJLv$L}S0C>Qa2ymV*5Kcj1 zkCCE}`7<}~XM8Z8+wq#b=dG+Us-hdsoeM>u`um;BFe}Rm$Ds@!2tk_Ob>W(NNsnNs z_Q0?qhE_z{#>1!WHJ&_MQK-6#E1S(?7E6QV6OkBeDDGD+W`g+8v>&j?v&?sAHj6s@ zV>+mT63T>)upW`fV{^={`-o+@`c5y>TBo2iOU})W4M6NN2nYb1-Du*9>gwkrp7p?h z01zh)3ys3$=hB9v*N5$Cn_A>wWie)ow5tm)sj*aV_ILX}ZnF7b0x7+3%M%y9#psmy z=GCHIq_f$7m(=kDbr%LtFjQV0|4-`wHER&y9 zJ!!F0|2HQ5ce`br7!ouDSskq{?j{(7nb^7-_FRY|eE#{nMjxiErPb@WUS3g=DB|UA zVnRKhPs7B-Br2L7Cqq^;Y6(Yx9VM+LB{oy3H!jp>zrHq>BgN!&bHIhf#%9f0(y+qj zSPet^IkYrX7i#;p{)5GV3JaTjrV<05X~rW3+P5rjWO1+2?LjTn@BeB6*zPBBSg_WN z&`l1E@~oN+R6$ZlMmALM^&hvxIG#P%(~URp-i1X*DgxuT866wq@3S43IIPk%NhPm% zLKyh?Y_{Inzj<@V@jgZ5L2aPON&-X%r9ch5jCI$F($?3ye>ZHFKK;0d_jgC2U%)14 z$xm4Av;)=g^O2=i^yeU1u-;3RMpCtDi2`Uo4zRuvMyilpiaK(Yba2z(j?(Fh~Rh36(GYXIKx{rh(Sfz*iP78(ElCp_E+ zSQ###<=O34K&2&;rTJ$WkH0ttfJ-92e96xrO}82QR)_39?ds1R^HB_)seyU($Gz@p z2^9x|FH4267^eAhIT98**rece^tC=o=CR@h-j?Heiu;-K^y?^YU`fR7{8C11SjyaP zc7BVyT*>;bjD_Gg)<`*2j+}zIhGSr6o;cu~q?+$c7P9)B%|=RvJhTXK>ExFM9JBe# zG!709z?J}z^ASWGCR>AvqW8!CbFIUH+EY&rj1dR1)*PxzFqU97O6{)NV?mL(ujaH8 z5_ny9HqV9{JZIkpYSs-sAIqu9DJU@APZJTeEj0e-t^|v80*<3SdXs?pwlM$toyD{T zv3=DJz!~Jnukx;mh_# zqf}vPs&lx=I8M6@RE`eV7n|NBt-Wv;TV_<1Bis7*H~$K`k%zg@c!&5vZLI% zTt7kUjGytr3O0Q0A-y>k;#VZkjGk_0{cbV@TBu7bM< zs~84Ln^;uX!1D8NDssN@-pFVafF93iWB>{W?7-9{pDHo@9p&na6#GZ9QNL;iYU#6H zA=XvD44Pfn?v;e^ZD!n@J_46&Zuzht*2*DKd0RNnP3@Yo zQhh-T;Wp)^&*l$DRsqH$&6QSdj{Cstl zu}KPTi_zD@gr^?#5ZGXZd@wa7b~%`-Ou}clNCl!0^;_jyvR+oeLzh)+&@wYK1D!{? zNf#<>JX4MGOz92Wf6RO)*BicZtm_P zDMZuymJ6q^J6yPU=_#p*+Lu>IQ)e=;EZI0wQSJVuJT*<-dbkuFeETMGZjLJUPu9dI3TLF;>AF;_=mkA`*iLW5v@snN zKdp>tvBibh+1a^X^rQ;?)Zjbv&!PhO0Qf14Fz-OT-zzEu6ttXNkwpxEOX`4K2rzi5 zYGnvKrD$C8nLsOz2DL7)bD&4DS6pv$g9z|LyMQ@u8ozzkZkva)9&5bCM09$(;oZ$e zNL#Pr^9~Mb8Eq*fUvw`ekLciwl`=nu5>7ri{L^DKnr&%?Slc8@WP5G zQ^HOK-{2$swthvuLz}6EBe7_|6WwLUO|01y&_jlaoGfjWgs3VWTcWqqy7Qf`J1pwk z-CJrFuNY_ESDF~v6aGtm+COwe6&>phXZ3yFE8)ir*q8I0xKRuLlmq5>?^wv(BhZ?1zANvEJ&4xkf4iZN461}k zQ%5uR>5>DNWneliUo4y1yAoArK*E6&jms{6!hvZw^Cg^OmBxvnut2#d00no$G=-E2 z>!ci4ATHwt`H78P(E|c6_U2aFbJ5o7jEsi_j-z6Ol2mDYRV9e7E~IzBBl|Ep==2zP zB~}5&ca7CFFaUcOYb&SywkyX^sr@1APPe)4-4RbqX&%=wYl~H%WEl!jRC4F59BX!i zTMXYdc#r+_MlUd5_rGb&$;l}zI|5!We_w1se!1*V$>WBqF#OboP4qh686cx=L4tHJ+^nJ#z$I)c`9rQ8tF~5bK-NQBA z^D`#p)Rd-rSx(6S`4Xt`hGW*Ql(Mp|(!l&dA%@ND&ywC!Sapp7g6Tj5T#fw6mhn*n zBO9C2gAw2&`4|ud7^aV^Q9bL26Uq6AIjbkN)6n9MLZJ;f^PrEl<<@~3wdFOzEi9i7 zjm(gmzMETMSYhrh@UeqyiHXS)DCa=S2NRit!$V-`c(}ek4tlSAUzQOzCjR~qV#v0t z!ky){TJ*c-i&PA-%vb)H>jpe3lKC9s#-D58ZeAWMJn0>QF^a-ea>i#1tE2L!ZVeA5 zLFjglt<7iyVrDw|B+wCq7Xmgauy!|@AmUa-{sdyry}iFwIAri1I4;=(g}c7KJ{lTY z-n+!ls~v$LEU0K@4LqHylXON*dlKox#G@sZw98;ejbFa{#YXUyq#BvQcu33 z>5WAZgspUG6=$lCx%_!ITOV!q;oLw=3m{Ybj-@ge$Ib^ot1XVtf2BhUPcHX5fCU&Z zh+f^?bUK*fU|}hE?f^@<8{bTST1V#D4GTLpQ#QBg zmkGzC^#liq!$5b2Hsx#?lDZo5&je=6ogTUDE#dQ1CHupaYGl(N75QZwJPxf4@C2Com$J43xAvk6x|3R_NEz z`0v;E0d-TFh}YiAaS)wbjV6zvU=s+EySuxK=k34~2)y<|HE1E*;cOK>C8ZcM!I^6_ z5Zieb)_5T0WJ*4?S>|7O->!9q0uxOz{pmt(F>WTn_mhP4!Ci+!k5Fy8HB< z9QXVYBOS#`0hNMhXQX^4@K1ix(t_SoW_6zmbi3ByPN>}!DJP7^R8=|X=p=pru9n22 zSvx4iTUFz>A2v(e?U~c6T2Q8n?=H{nds(&zdOrZIpTVJAVq)Su0ZJbqA4n3WtTEyq zOkGkQdQ&Mw2Etpb@dF1xq-kcGMlX-Y@{Vc}fkEmSAF5+RPL8U`-^1AwK2RS(| za<#B(xwyplip}jJWAf$GVx=v- zy?r%si^yl#YR2Wlt7w52d{Swbt*yBD00b<+tfUQ;oY~uRKv?7FLB9+NuqdLUAi~g} z)3HqqpA}s z4!$dU>to6;?;DOD#<}%@VH{6uxi#(r?(c+n8>s&s{WCCn__KJnXxW&Un5^vVzZuH; zuId)8uh`1b-yd5mIZ|k0m#WaAm;mytj#sa@k4H`?!^Y;cw8NQLtPS+SKr^f9(!;}C zS}%*u-*1iyebksX&u#*+E3}H!^*4Gbh}vM?k0->C63%|4cyLKNB$H2PWX> z{id$Awy@i205Le_#J~j)IIA&jBCF!5f*Toz?C0y4AxK%e<+zz$O`_sq{45m#N(>0x zKndVFp9$>UYo|5*f;)m!p?l1Q*j@4=XLiR*p6u#Mg(&V=W`r#lFtKqsMrLua^^6`* zLHG@Va4#<}dikUYP&K1Znv<8WE;o-{59jDJ3mZI$m@RmoqYeOEtDP6u1Eb(j0{XwW zn7PHvUE9n1qQ5>)_>;RHN^{5hG2ZjOd+W~-_s&9umf)&TkvnL{t`8n>#-kw*JM;zw zUfjKC7)3c!RF==XwcGc2ZIZ>~o+Rl^8l1!FBSMKAoe$lCH(;G+G_53A99z>slKz%Q-|CCN^lVc_A;DPLSx?f^1neF&;#pRhe$SNmNtFfG zO@Crc z(m-!LGIw1gIfr3ky`+N}%YYXL+J+c{subWs2>26l{exRBM?nd8R3hd;ZUA=SWHA%K z2}|u3zl8fDJBpD#`Ifb?P@l-vMN50w6J|el)MVhu4Y|JF`RMcjJUp(OMfd&hX&5;e zX>4m(WUU^>KJ(MK{HcasEegmhAP=XAn=_c0P)0YCt1a}r6cTFA$}*YASLWsA4WVC7 zuGQ3{Lk~l_KZ_N$aHp0Y82#9e7pJ@o^SB)UN#HOt5b3BLYyU7na<*C7dboHw<`=U} zPXy=E`sX)?sYRFX$pnTvq1WXx-Z-Jx!%7{J$M^ScFR0^$iX>hLhAo2039@`bTy^mx=l&oeXY z-KtLILLNl7ydCMh-GP^1SvhvX_;xSELihpJMtr0+fmn&cEV=RT#oMl z8)DqJKiH319}`~mz;LUv-yI1*hD6%Fv%K+Qj0b|B_<-Hb=F!l zFc)vBdw5h^>#jEdpFJSA0n?k7mKLIUb2w*P34?m?odKZdHv_x$9T73HezR-z8>GSB z-twxd>|LL4I>tS)^^_c=-|8WBhBPmQ#uBScm!zyDx)cp5jd(0+Dwz)R5)y&Cf? zFoDT7db@9okK-zigK^Q1I*Pqb9aUS2 z8@F5oq@OU|yP2i4`a9z`H{x|zy+Gqla*t>E&EWP4ndX~htFbjW@lJ< zwrCi18A3&iEebsxN z5sR9+H<{*7{@w}X&dfsGOySX_MKKDuv zBFhiXBcWqQkr;J+XBd)0u_j5Qw)AM+`@f`J_|n^lzU;FVwmpAXyvvcnM#?JXwTE#pvK{!vJ?qN};&F!O@|xt4}@uuddaFS07B(Mc(`?*u<}z88g81(iHH z>f~_?m?+5ZTY`&+8!-*9m#`>iv-;iK4-WyX_Tl5lzuF%VMIs_1N=r)vMi@XCHEF%u zXW+#e8X5wK+eb6A=|c6FKnn;O4*;xsW_H%1{nQ;5s~J0>Irs`7xp2tkK{fY97qS2{ z7D0e!mOWBLzs=St^CrNb{MHE<9BXC1Q}J<#zB3r!9OK&gWN6rJk+H0&BXEmMAiuW% z_F|@$ES$7+ny|^Gja;q#CLTmf2?^#VCY;U(T3uY}tsb|#MR}90j(dL?|Bmqa-w~n< zg5UBj{`>dGJKUa(=uEh}gSSyfnjJUWilvqp+XH{npB^Z@A}})C^_}VO4stk}V&Q1q zF@Cbr5r}5x{`JqQ#g}%X1H`g*{#KGA$!AQYWv>Aqvm<#-=)Ma}MMZ16?8IWp8Owb> z%!S!w-yIgYJs2&za%a4JmnI1Rv)rmj0hbPZe5RyUE&6lJjt+Js$mM~!G-Adm3}iJl z0bvxPOVzcFS(g57oaSH)VS!^B@?_?uiL=cs@1(9WeK0Sb6?My#*QV;G@ugt{(Ua_2 zskGf!{YQ5$Ymd`6;fV6x%qSr#yfaKc-rX*3y+)#A8Vmm|0AyL_3-ug}o#ULO<*VEZ zwp~++3A^ZK6MO(jKc~7z6F!3_P-6*ZmeW$c_+{4{rM(Qb9nDwH>C{QAAvxr1<)(7> z7%5hMu2MJ32BCaK{P-C4w!&MuI}*tUOY~Q}zu3@YI$)c>eDT4lgl3`sj@Esh0MjMX zt{1HDSqMp7G^;gzKhQFLwdCggT8l2_wr3(1S78iXM0I~JA{OkB=jTZ~-~WR!6P~Sa zP8QK1`oY`SbYYS2OqC0q91yRbp`o+OIhG0Xmw=Z8UjoX7=Q4XWWL4~Gq@7CA3 z3>ficXL8g+DnPfrVp{ z1eEIIGr~CHD8R>-IE~vV&XJ?hgqBAe_lSsmG_#!U&cg61&SKu0bU9c;IYD>3p6#@m z;$Bb7V!H>H=Ae7*)2B~C4sm9Y*E|FO<}8(~kYa>MgKHHp)7SFZXr zdVMetYti7Vh(*D-N%EQIzJPAM2JkJwK;mRysOG*)HMZJ;i)~ik8IJlOt!o+UC#Z9L#=IRB3^=2W*BMcExz9U9GW@mlLS}mUj9L( z(V8ZhBz{17wu%h z9;(9DQ0Z)Kpb}#|o(n`q5ATp}+sp8B-o29b5?}Uf8!dYoO1=x$>duLNiUMt!hN@?qwNqut7d2rvH}yYnJPis|;hyWT}EO zHFXaZnR1S>D-&C494G74${pQf!lZMULSUfv&XPV3*^uLDIcVqhd$PzY2+Pa`pEdYy z9ZB@_Pi?|B*1IlJ5e<1uwtn1y!;2-50LHO6mfJxVVc8Rs<^n785hSR7gdep@T?6si zMZb&;)$+Q+rX}#Z4OJ^#(2LD_ij1Rf^S$I53XfOLcZG+CqxBmwx%#6`M$J| zi_uYYyMTKDs}$VO02&`u@|*Q1a_#HugNqmNVTAN~8=*NevsYPW< zqKF|pQPIj@QIkGDTBd+Gd#fhScvJxTq>Oy;oy2d7r4Cy-Ix=iXWY2tqLtg1nrup-l zD;RlR?v`MEy%wkFiTlMKYpXL$%b)dcb;-aULQk*pn`{niy4TjqCM|4?lesGJkXA25 zrn+=cm0TG8(eLm_+U?BlmKz*l3aA*5X)?H!fBlle z#f`0aKgq!&R?M3~&=i=Xu-}w` zMf&;aE*w1DAUh_T*GaD1vUkM_#CrJye{WDSa|at-3L2TUFf%}^z-mp83sJQ(Yu{^OIY3^Aw@hKj7$`VyAJYj!guWS9%&*lFSgVrf4K6iE zngS7%Nd-SO^^^X-N5-JH5EYWA++@dx;?}T{e~FJR`rXN*f~Sj(D0?CXBhfh4E>o67 zy+tkcwo8L0;$Hqp2FMZ+&+xLd=rVoMeIM_qQ1FR)sbHw=ob0zYGcJ(YMSWHtCMEep z>F$&D9+0zvPCOfhm1vAe7;vg2=xSug)?yF0hINd-sU~guw|5Wmw2CpU+Rs=|5_#t& z0`0|AltIP31{LCqP1vKNEh8(N!r&Y92SILjy7HsTR*$ly$r|Yk9JiWy8B};Xe~uY6 zgDwVx@JSu6veF&1V?xVoD6{jaQRq_ldy-9b8krG9F3o}rAa6M<;dR;WXETVhSwz-ZSn=%IE?Ltb zXv;lS1JB^r*$sGx-Q3)YXKL3DP!Wtb8{&!wWqz|Tdvft2gT5din${H*6u=AISo@`e zRZ%8;p-~zbZa7wa5@%gj#m{GC}@N@ z5(`shWopMoKC=lAT;7*{(;Uyo^WB)r-y`M9`{&U=-m6aMs;vST8eC{D&dv&e(z-B; zR;u?{66zd?Cw1UQa5XXIq2pE?aPyv|Cg>bM%Ttu3^qJ>#sLOlgu0LGidNfl@K5RN_ z1zibF@|CjzygnG>CJ38-brD$rw+QbXKG)SBfJfHhi8g9069l{nY-TGFeG(J3LAMjY z95`A(3q&-B)sZw@AFusbrnj!Ir@A!wBtM)Eb%7lPdzYDZl0Z-=4DfIRC>;_gdQM{b z3tpY6N!t3iK>(eYA$6~*7$RgTVQ@%0qgs&r6LqG>if|_XK1zJO?OPD4JkqBqpfi!l zy+|S0#5L{ZD&B?IzCKE&`166*VW&i*VlLD~Cj)UD?GKkHU62;n(?Y)`jYm#~SXiE@ zH2I_oC^1O{|EVlk3(%6aqT=NI{KJ669!!~potvzDRs2Cz+H>Rl_laUeGOylq>qvBLzHU!@-2XN*uH};l zemp)!KR+H3t~qFKawmVdot~h`hgc*H;*GBBjylm>(e_v)gevp2{vEgDcwhTFAcRSv zaGLLvbgQi5@Z^`GewU~+djr4n@n~zlt4>OO^1*)>CQ;3D`uRnYcmzK4tR6d8l3qE6GH7GvfooY~)yCmH{2LVU!( z4ZRXiOqlI7>NUf!UofX@2Q-Bwfl15>cW8R!5HP_ z#=oD$uHV)D8M(ifI)8CwN`402r<;0Qe8~39N@MY+o5y1=VEEcX*tGKNNia52BVz(C zX)+1U6U-i`p`@+FrXo>e!}AM&L&mp>pRpISM&jByiC}EbBjjGJ;7gdhXDaHQF`mF- zQpjY>Oj2kRFxr)jgO1j8baY7x31MV{-}U`Z%3$&OKkm$MfM9FX@#ifjs51jzVqJYG z^eqCdQ!n4RrKs#e$b(;l70Rjvr^)ZxC-n7}ndC20wOeYw?$7QKe?AL^+c=!fu9GH@ zi_-L{C|7d)0V*A{>Y_JU~XMXl&R)U6k4FnCjmztS+R6D8m5eW(yt-GZGxs+%)F@|WNqlw+v z>+8N`UgC-BoLnR|6%XYw@EcFL2CQQCK46D-J$v@dNc~cgoCKEB90-QxjyhRd^b9f1 zFd(X{BGkcPbq=%Rb4IRT<0I?_C6~Mpt^(PbVqbn0(R}Q8IYk~A5LDHw z-vSNN^{Qk*INXsbd3*v#HB*JO-t*F9>aMK?y7#A`!E4**)<{*p2UJc`0G{bDxdKiV z-8aD_f~CXq0)PJo$tgePDf&EfTpgIMCMOryfA~*01Ox>3+dVw5pj#-9%D$nuqkDCv zSXT-gO7ssQg|7|x4qz~o%|(@mMb7f`Zi4QScF$M;tdxqmHyTi?dT>}x+svd1@8R7u z8Ijh?_ng<7Cr3Ea5LuX@ApVy*%9Std>RYfBOEHB%hvQ zl<);R;s4=6r!6CiLFxqh54PU@`OCOfy#JG|Ci{{Ex=19}7f}5?IpzcUqsDw+w!=u8QWj#0 zjdJm27Lhnw`}xv1tyJa8FF#AHUeK}ua5=ud?La`FRbC@-t>+ESBo4J3gJ*swEyF)) z&J^3Z0IZCiX8ra%OQOfsl%tO?+><9OtG*i_a_G1@Ip;tNmYSLi0E(rirUEmDuA~yn zQA#evS#=L($Y0b8a!q2mO=IYQrXJd={>Zemk@*gde=#cz%%BFA$^;(&KUjYUV0XK_ zW%PBef^s1$Ku9D2RC{F)ZDs`pkeKO`0XfZQ5{k=Zn+6 zl8(+m_0-f9=*^9cg2KVhK2vQG3wlC=Uf8oWdR}`+xf!4+4evkoGF?;q^`)u!nSAYr zw1RFs4Y0gsFmy{x)Rg}-u`De?&BXD+L(K={&LF>rLYSno(13_l$V+Dz63j>H-Rk*u zbKrLcO-E-YKQwY+b2wcT2EaM%x$2w!vNkD@9%;gXzaLLvCm<$I5ew@%gQy83HaZFxpZS6ouLN>fc+v7Ps1?6IhQGZiGK~Ye zM<5gG`SlBuz;C|>#2{he;ghxc>pNyQ<)A7E?+i~-Fl!yHnco-pXx&SmE$^&2}eD*M!5z?0Lj`7;#8f%72vtp!+9KI$6)=;}sTwAmiTm4A73Rt{KPSexiSdT}~{_gP8 z_i++GPubu2rV32P;PtNBZH=U-fBUwvv*QYSjDU{>gEW47AJ?h9Kus4-kN-B2&`I?Z_aB^pa_eR?;D4Cv!OgwL zc14DOCc#qu&Y!;gZYo_MIl@mk*d9KmEEtRu!&Jrm~u^Qa8D8sKtME& znf{GUfBo`v`l5x-#+D+2;S2ft)e`@nX~n3!y+ZkY_*&T8^|zq>xUpp{HmjTHc;Dw5 z>BJ0v7}JtVR`BINI)xl5$&DW~%@u8O)gb{Ctz@jOlx zF+o9Q!-!+M6y8oz30do9mPJPRlXmKizXPO2Kyi zhtkyyQOSKC;8aa>SF95qY;yhsAwaq&UWd4k?5jz}tFU>?veI;b7%+rn?)tds$i^U z*#yrzfNagDiisgWp#>a03I$UQPOmrD7a5zpvOJkvYs5fa-MvhNg+hVznejyvLsKs9 zfMKf;ucg`#F>F$7N=CNn+@YEn$(l)qgECMyq%6)v8 zJE*n$X>`q5uXUMltdj*U0N5WY=z`~XszjW61hbGm%%KAlwNY_>SivZ!S&zm66>oV;4CSZh~ z*}AVqhAH|$x8W3MDgkSvLU}#hwR!qG`xC1eG8O1D{*T2%_w8VRRGf5i35r;Eg8w3eKLK*}Fr6eV#8$_hL1wp#IHVA@%2#9nENOyNjNq0$u zNOy1ceitY1bMF6he|x?7zy~jWwbop7jydKSFmGZrvu5uLCEsu2k7wtK=2C%Bm|=6F zr?-|CcXTNUs@aFIFkp;L2yt>czPX-pW;`J+Q}cdu{^N(!Q!ks{PK*`yPhZb3%)ly@ zJTLB!uwf&N+nVhnoB4Y_Ty8p1^#L%g!^0!5cQFxcp=xlxbUHTUc^emiQ3d$qmgc^w zjqYOgF0>F*zQ`{z78c3?t%pEihryCen^jfB?@F&=mMn$3tc(D)In+4(@#HFoSWKC6 z3t^G)`7?gPY*2Kxs)IvWF^lEJZxh&5hDkS_tLqW%-L9@!{d(MxZ)D2mUv<esGwU@dr>v-aP7wK7vjn23BxL2P_m~xhY>2vvCSMgcVS6@R zcdOp_pQv<@pl2O^k%_my>`(j-7h<@&?Y&kY@+d5(W$Sjy>R&=to?G zod2GcDpXK~FcJ`g@^$vx!UYsaRzP|*XAyV6ei6RLQen(ika~e3U^aek=CDOwa`w!* zP1AG2ryeV50!+jvzo`c|L{eE<83GK@-UP&eXCna6 z3q!ux1X7iB(;-6VWT%&#ok8|x0dB|_k+4$+b_qbliH?p2iKmu|O1V)RGGL(j43AGR z5YmiX&Q!ci6RP+VSS@!D+7vGI19dtY^l7z0aD7sh%XQX7a*u0YB?7Pg@~qO&pdah;RG;{js3ntxzJUt!&I+%2SlJz$- z97`gB| zGvA112?d)d&6?@E)$a0VmdqxE;@n4jS`F-+dyl6|FA$4?dlY?*_+&>K-(#0 zu*s9KxHwYQei`}aPcCBvdHMde-spRnn1w|}9UUFP*yPz!rj;)htgYMI-v{E>oNhmC zY}86n6@Sbap=xZ~NiiVk$-SRnC?eC4z1#S(Nrvx}y_-Gn8fkfX>_^8hZeno)wH1WA zckr~P#_nMnS>1zpc*qe#zl2IIA8!Dj57|G!tCfc@cT`HseD*7HFs6Zq!$tCrI1Hd% z3MubI{k}`?62jmO_0w%_kH8Vg$e3r?;yXbZ4d-g=j-^zgY2v@Jha-%yv*Xt4E!)u$GC zA7~1s2&x6-sQ_?d>^BqVTYNt*JB7WUBft44oYs2qASwJVpXIVJ?Tgr-_?yMi3aOD73Z38%)}l1vpZanE$l1^VB3>{+0w? z?(8EI!1(Qlzk2m&bJHoD2Q?d?odB~z$wkyPPw~(Y;(>v&k*#RAkl9_@BTJ|-B~B2( z4C?3ybn@;O2kBrm1=LMIU5vXn{%$UAh=O9g(w78_`JADzyK@CB7ZVhh8L((K1xm0W zt`;^kMyJ~OyS!K3b{9`wPblX-oI!b!Kj2Lor@w58-jP(h2|;@@q(XO*1aznJ*qTcp zU?QPoa8NvZvvR&@rPi;_{U>cySs73DUO#K_{kCqjKgtSmC{SAJea<$@K3S=|h`elM28jou!xJhcNu7)UcvI%8VVu6D2x^9ou4@&;v_nnP zTt<5(Oi5}KA2`MwS+emvz#%|;UsFvDj37>J!I02*2&en1rviv^c=UdL#W2Z5p?;r% zk;_l5JI;wv{g@a+L$V+%NL5-+*Z8A(1GnUDaEpCrRm zbZylG&0w&oq$TkEW@bo)DQNJr<=YVO?!BKbOH+nWDVK8SM8;-zs~U2o_z14r!^nru z$xtmfH4UUMQOWWb-tFu7F+XJ0v{+|GM({*IktiW9URm~ytTgK^I6a=sXUGf{qh=uNpkwA?Ex6hO? zT0LJ0-S~RXeckfgQW`o#d{v=ck~3$)gzY@DJ|i(q>&aDp&Egv2Jd5Rwv2BUl7aIocg~+0<*mCm8JmT8ng2RdRYkHR zVbw}Bc2;&mV?lKg`%EAeC8Zqo`c1<66soK72qw`(gk42j7Ijbmq218*bo< zcnJu+c;wtzx)aA!1$GLwvuo){6+;NVk~5Vj!omhjF;^ECU^w-+C+o{s{+;3uUVUeB z8T~B1ruJH)8J1uBkWR-gjzmZ_P)kFj-uh1fW;FnsM4W!fzZbtfZbU>{-n~Pn)o<{1 zOxQX3NV+a1&*4vsH8bHN*MyS?wQ5C|aHKEm84mlL|&e&conyKo~Lp~Jx@ z=||kB0J?D!)S}K@2JpEg&aGZU7B}DV;n8pFiFj5JZ-GI@d#+|5K#$>Wmpb4P+bIWdP!Sb3A{lcu zjNdXbWhUxWB6HP}nwzm(b*qNtse3rNU38i}2YaKFYaBRHR4=Kh@|)CpfBcYBP>7X% z490Or?E-Q1MJPsWzDJkSzf|D3Z1DR9B`}qDe*RT~%oP6Ch_IC@xgWUz_3qv5oE$Jv z0Mx*T!F&vWJ{;?Q=HfMePqSnz%s)>5x&>v*wJ+X%-aQYbM^mqsgV&oD`+HmoFbGnL z6nKhXQIfHLMjU>deHjxUPa-a>q!jsxMQp06Nr9QbuC8|7@{tLrOeG4n6e(%Z{oE$$ z1O!Jpic)yAwh^~5S6Bny!<(svri@sYVCx0u&FPUI&5iF*aZu?uaJ-&jA%BqhP@sWX zFK_o?AxCB*U;RAwiYX*SH>U;ev>v#aljiu4j}vPM@l6HgZbm6?bMtih`?{W!EF}iu z+KTE!4=t#za=5-YjfjzaPH%BvB7FqFf%kt7`2EcV=tQcgPOt3RE-BA zlA!6(a&wjx5YPd98TOW!!NiJPWdUy}cpv2zrE_DR5!{9A^J_`Mb0>AjJCTMB%+I%n zWkxc@v-nl6=pYR^ql)XP9F5oPiX`!f!yNEpz^r3qqu|@OZ`lHfA3a+jh#y3#5NQ5( zY`x1p35&>k;xfJEHS>41y{6MO4|}mO&2t=f5=sP z7#CZ7y3OI3=`leU(aD&%Up;>>>w+qvkErFCQFT7}vNaMGAu?f*59nHd^`XGvXB1L` z4d&0@`e<3|A1u8w1-07qFO>%<^zY}2nG7IE^pJDAmYGWvMXBSttu*B1LP1$3E!_o} z`#@2;wd;MNRu!>Cu7F3Rk4P0Od+)A6nd#VSo<+`hlHj-yRH93lW6meu$#VnRm=D4L z503_G94J$#=jJ${QCGb3x4;k$T>%%X|s+QwW;HaD=6XkSH~qW9dvc%aqa zqd;TkDZ!IKH7xSjgJ}Ju;dWWc44s*cC|bitgQUcF;VbE1!^5$ihY;@SyIJ*MFt>dv zg^JtV?SyhwI9p!1dg%hWLnc$Tm7o*N`MJ@ z1bZHkxfPIQ<^W~ZC)@aSmRVDCvLKY*WvzDvr0c0jE}9Cgl9O~lhV^Ab;T7LO6B*X3pD2b;4oL`~9VEnO#v!sc;ToH_2ke zr!R6~xf7tH$YrVYsqQU2adkzZe)Om?D7yjxVi1sL#Kd6nYBeBsnmaM?NiG33!Mpdl zms?RJsed_Q(fTV(k4=kEz~-vGA8ZnSaY!nk`*GK3oqf?u7|gyT6+M=d2+DW@VGI=kyFk-E#gFVUBOl-30L%W*=Xbm1 zUp+DAz{AAI%-qUrZ1e{6`CH-PKsRA%XlTkS*Q@)}?%oXN;QY-VTMIkM>&&kzOy{fy zFlceHgRL$2u@V%71GxCCZ!h}#*LOXo@ma}2{ID0wQNmLz2#Gde;(%Q1b#5C_@};l$ z10D*st?k;TDs5nP!04z77_^1}BC_>ILprwY^5%OqrKc+z5?vv3Vd5xs50k$u>3xaf z@*k3syL0L&3enKe00rAJKZPyV$_CWP6YQf6FaH9Qd~H3a;k8#a^ zuPsA@XX0PoZ!U?v2NcbGv3)NQN=nx()PkVU`}dhv$|0=!%761pBy{CbJq2#KCjyP6 z2wCeP)XaYZ%bIA)x}a%%VU0tG<&_hC#L!{gCj1b>AHj3-Dy#0AJ$Np-svqGFJ{JG! zzLgm`l3Ha|jS>;c1R^6_e#l2hVs0ki+~Kfp|2r6uG6&O$b+y>}9CgSV8^5Zp^pm=K zaq^YIzsRivjX>aRQmn?b=)M{bWPpIVK~`JE+OwIm!_}~g@|~-5s8jbRv+`wL5di_; z!DJ2SjVTSTTCUnN&8Zgxu3DCdqWgy?(^aaB>CXMj8}JuBD{47Ry3B2f+$`3Az`hWSX%us#R(q61fk&dlX;vAe+Y7Mu#WNN@K#H za&awPOnqhpl~(^|neDwZV{AEry^FLjL+&HQsuOsYkdP3-aROq82GW}n#_oSE8w8+L z0h!YYkXz)b1qBB?J^Z9>-*7W+4`PAh{z8M-X+ATHsfjmSEwGpc{J-8_48R(i0Uizo z(7a1EuNR2jnh67gt#(#jeSH(*Yk33Z^hKqKKH;~Yv~hGqnb+)cf`sf zTsQ5MltV49q%N1e9aPK-P4U<{D|3{p^QA4(tHT!s>M!A|-olizQsTvn_j0G-XFPt+R3K(+N4`njySZCva5jU=`WjtTobMB7y=;;;@J>R|5iPqrf9*OBjL+~q-at#m-~fy*cp3~^n-aI9I8P$EF;`56C& zwRK^=_D=x0|6X2p*o!kv^sXYl!|O4g=Q^~AE~(YQj~DVn)|k%LhoeEIbPyJ?0nXL$ zU0pxck3iGU%gf8eU@9`Z)fuj-sVBm+LR<_bdxbV7^1@eatOqfz3l7zerdDn>?y#q| zZfqWtg-00~)g>(ph(5NuPhlP(t&eiY+5#f`l$&;($Sbu!yodZUE=I<@)BP5O76;X8 z1B!Nk>3HZ7E;T=yw6~uvuj=pBBILEOnH@K2sl48s$+#E>ECUT!) zqWaPJw{Au&auGXC_RiU@{#KTh$@H{T4v}-KU2HG1ndTu>O{gcTa4uqW2h)XZ0chaa z(*)e^i&`=TVfo7kO%!<4FV_H$S11q-X==IwO)HZ9%Ytz5utM&yGa+uRrm#6ih=M{1~FF=|$RX(tQZVF2Mz`SCa$*i}9%D2gyg$ zKrx&{cKj$TgQzF7g#>zO&6J{t6)V!pyIG;~bYT$@XzT#FEjAu*_;X8#+9k@uyU*}N zxfk|Oo1rlGt9ln)^u|~gtNEM=kf??{peJH8U?#xiwf*^fbrtB(JS;XDCnX10RQ1`g zv#~1EfV9iiO1-}#EbVGJOI1r12elutarDQz{Kx;GS9|*m;aL-fQT3uaT zS!sVwa>b3BeMu#y>^&xV)WUOfh4D(B(y)Opu6MctQ{=7xHlSk2RPe!#?4o5-wvu2) z&mec+;pu&HJavtf&gqh9D+z+4BFUms8lL-kj2P1D37KeHaJ4g^uCdXB^`&)w#$Tq? zxV{ow@P76zL}df|yfggQA`XERx5ul;2+nr!xXlB|eMd(IYF?L10kabZmb_t4S0#qY zH~^MGPeunVkfa%<_~lhfPulnb=91&fQ2XZh=h$owh{bCi!ILl-o?R;PitAEeaAtgt zj(&pQ3z(0!pQO^VTW>3pKb}j3#1x#`;A~xgHnT~}`6Db8oNfDv2~C&gY>@T<=ZL8p z=1(}&3v0?$1JNy(_wD1uXHecy{!+IowfT0RLe!&<+s|(D3%uI?eN+R^Ha#6(5H3Ce z!Q&{|+E1v%P2d9}vKYVz6u%*^f;nv{_`)2vn|)-ycb54SRdTs|h~<4x;5;}pyS8+p zm0QnK6z)}gQMNVf@_lcfg_(uBMVN(!g^!Q#>C?Xce(Q;R^$N3rX9~%)Jwt<^(l~P_ z4510=D1=Ng{Sz*upB`El9vAE$np9e$K`t*7QxQlEQh5)OkD^*|uDgsr;u)KC^jWes z`E7%&WfM?IPfLh?U`E?MdDzSE$b7Bk;8Awx#L~x)O2X!sqdjpFn#C)Hb zX<}etASd?&NM?jniKa9+oXl4mX1kQ{eR)nhre|Gz*;$jeu-9DHkXf}lKjRjTuWur? z?L7Y11}q90hbnUpf-frEk8G$@_e|tTXQlenMHXE$dAJg^g3p%J2`r+@1ekiXD84^B zF5C7{9Hi5>oAY+RBb3Pbysj-sG;TzHhb6b zUv&rBp&6{}>u-cNswE5aZap@ZjtfmomqVH9T(R9pZ3n@UD@N9^QGa?4xS5T(Z&9Hz zWu0J4Lyy-({o0v+?tydlv0lW-YEY)mX)onlvPtmR#X9fg0)?QYPW@VY{|P>B_9ME8 zD|60E-6trInufRU?^%DB*2pxLIJIP>q;%PUs!wkV7owdGMhp)torxK=r68b`i)X2n;pN=zT3l1k zx$6d>q<&{EGT;X-qN{ixGRn$^U`ifQ;4X=?HAdYc)ya8Nz@{|~2nYC9o zHZ+x#TCI~$mo0BUd>V)z1QLJeC8T5>W`o~HGR^17f^j;!vOf{E&MvK`8-asVj}-?U zed#Ty#4eC{hYkIfE7^ZhOXupctFc_!>w zRrh;Tp3?egOM}GW>rk#o|4v`H2MPQ7LK*~+WZi2yST%u6hGGC(cU_&nR^^8%B;Z&1 z#>(nm>);?OBV$Mu$9A;a_1RTx>%P7|DEf@`^d`~n5{Y>CY!Q-k8KWS{I#=4hHT@^K zQP9H*`}i2b!AZL@)WU~PNqOH0pyEL|#Y&8<>-sw0j%6D>ieiDlvKBGrA~BWFGAQVJ ztyP!tGx88{1(ASe;jShP|yFv?;pIxYKj$}W= z)t;W6nQ1Z`X>W`kIuX(i1)obNUUc;BtYXdjgn|Qnc$WB^$L|6V!h=R| z&4;T`Q6~gM0Ku2pY!7>gj|D8RO8~5Zw>mdBBWKzCR+6at?CfFv$+gk$-g^yQ5d#Nh z<*6B)uAp#ln1tGBU2Y1gL_6I%yLhWw=J4%KWkGNrfrv-DgF0C?8>Wz-*y-|n*uTxp zVS?8~5c%<=N68>Hi%<}NTA2s%Y#G=)acKJUBdVQB@@HSlqQj5VG@HMxz%}1T1;2Zi zz$`3G*$QfNt5Ba;QXVN1LjnP5Gi zoo$~p2&G((6nLEc9s$#BIldbhgznom$~H|u&?)CUU!N(IQuiulPu;+E_FblJR+S65xb z;>|iSU3XD1fJk`5?kw%?`R*p#>QcDZ_GT&wxZ?UP{=5b^cCoQu;4ACI&sRgdO_ytmu?@a)V$4SNtwE8H&-yV2Zr{ zc+U%U+V=5>JQRy7%Xd5#v1ImN+nCGUEarbJ(RHI``XR(zIJ7g<)o3e)Dku~c<$qxB zeZ$RZBHY`Kd7*>ku4JJW{?LX!<{=KC>w9WtQ~_kW`uLj9-RP> zueXCntUdxD{nKqrL53-y9cqWmexoWA_9Cw0b|ElKWaQu(H}tn%OSHy3EQuV5=cSurr%)<)_-}rLcd=cNHJ%Y#=Z5KOYD3>C;19 z=k*^+b2T-bFvjFhBnhZ=|4+8~(e7g61wf>Li6W4p0zRRDR@(xkpVF1kmwtpikZHNd zka&UNhc7O_=xNo?yBJ?--u60I$Jp{nlZCi$(4JLdMmza5sBF=0A}iat2e;>qR#W}2 zphYq@rWh?|xP}lts7*gGGQFl&9|a9-VOBL zVZk`Rg*Yghf~&Y^U=anNBnlcrHq@)$DQWV0rCa6cHAMNM`;$CcZUq<$0infiwlW0w z84x9?>WfR$D$DpgtyK?+9$U+0unl`|717qa$Yi(_7NfO^T0-y*z4ev$P%=g1;a$vo zc=+#fbAt@+fYz*vii)0IVKHjQQvlw>0Y3pWG&t=R8uJ5AiwMTy>C`t^x#4!_fp&)n zNKN!Xndha|bV&$@S`?*$NbRNm_;}zO9;#DKLG%Dj2~fErk9UI^;+&vB_gpoqY8xw7 zf+HwMSK?D(>QDcbS!0>3TE1fH{3=%KN!Z*hEBB5E=QS9(b4I{#!0J^@bKPE z)T3K{3~72Qz9`}==rhlcj$+Ukd&qQ2%cQQYGaF|!D_>f}ON?34_hv&+&+O(*cU2B< zq&2f~B}*Lwd|*(uls-Aq1y8;c_gBueKV{O>cR2W}(Mx3z>jxwx&3O6dJO6?j{H{KW zln$E*TJjUroDWb;-f&mMYTUo+E^5)r*mnrc{}g_%ewDHJxfj7HeR674Qjb+rn~$s| z6%jfdQDV5bu}Qk|%axWtabVcl)e&g%HF*_mKQD1}N;+QfqKQIpCAVt?42c03XMXm^ z9VZ_G$&s)VWU|oQ%7+ju=-GB0gkZB@wZ$3aV4L;Qs zzV)zKA_xlz6+-u$&VkGek6C{_fDdA0VjLbic1*|rS03)@uk)Wir*l&le5=Ftp3zON zSM#e>L2YZ%Hrg^JnArv|?P6#n|E^_QBeKi+a;lA2#)mplMqj2{$E@Lzj#ci{G|ALd z9|Fyih2a~%ql|Yx#2bwjEKh1``Sw?!Ij8I8ckgs^cP(hnY)eP*@07yC#T;CX&ClFM zo+oqWKg{MB%}#Fm)@P$%44Y(W4ooVrkL@(8NcwHF^c zNuGZ$dRf@1!|{EtbeCVNg)lEKo)3?SkcO5!=BfY(=U5~`o`{MH#|Sj`<-@hBR1Rjj zIs{S(ZqiCbi{5AH*Z7MSD6CEKu~u8porZHf{j{Mj(rK#9fAF|#vG7$-Nz6nyZQO<% zu}8`38SPh#D7mcM>dg7kE@?Ftm5l4d9ja>BkWbsEx`l`Rf#PG;O$$3y3)733owV{z zCANDZHyv-`yi~3hjMg)ZMgy>#@SE_){N7(sx?jIa>KYzom4l3}gZ=8X<7b^x9xhqv z6=kIUzl-czmQxwEd>=f#k(=w6gK4}E(2wL_rD&9-y8V*(NfJasZUay%2%R8U0dJMN zSR_C=@Gfn4VN(Fwqd1dk_O2hz*Qp#XKrs zt&QbBn=uFIk%58zU}!HpT(`yd2FQTW%f~BeXz+j&AE5LH_L_`ZsjwmdLRe}2;n2mb zFU}-oM2(5Lv>nExdqNQye3|BXf{S0&ftk%~=>@sq8Mzcf=g>1)cz85;A zmWL7BjSCJ5Qd<|Qi;ph^v*CPsBDu?Y{dSsU63#tJF#|N+dFX|1@~#x~D=VMUHF-5` z`u-dlIlL^=z5MC@fMB2fw0R3GSqHJUzC@IxckjBZSWVR^ScJHO{?l$;=a2L}M_v?g zwRRgyb=cc;gI>PR97fNBMh6!+1BJg3N#w5}m)UTck7#{%<_e!AdO;($B>i(ua`0lw z@i{5SJIMEm7(t(W1YZ)b-Q9y;`ZRXpL^0ciMn+t8AVRFhWV(re7t!TaX@Q>HQY(-C zNYZn64o_o+w`P5c&mggEVd%%3gIKgG#YYxt0{74gn+xC_(ff-QGp@6CS9VUXQ5J~3|-p=!SQ zNJhKRSYqolZ}`l7qUxEr>}8sjH;d>wqFj^1J7HA9TyI*zQ+c|(L%=8@Pz2FnijjYBNv#2Z5n!KEAH7F?Kp$fF zHy2=9x|&0{))#<`*UQ0F5EL{tPJ+1f_KprDKtV2d!;n4_iF#iI7=BhnEd2tP@{7?~ z?x(dy?=c?xWZyXJ8ti__hef>kpY=5e{p`4k>qSjz*t=$9qiUn@(8YU}9%s!qUfU2RI2O4!@o*H@Uf zgG~0Ozu!FJ>_63xc1Ou%;sSW+m$I@DAjCK%sTcIQZyorfqeXuH+`gbr(u=4c5>8Ds zRC-)gxb1H1x~1rJce;M?s_5Hn9DESb)3Lu`Ibt!X{iIiCR%WS=sn5?SzOClxyMHn) z9v?4EL_k_YPUfXWZG3z%8y$T;0k>|3#(fXyJ$rVYc4g-L-zg&ASTNS=6T!f z{Jo-T-^P`UjN*#9kJ#jw7s0vToRkGPg92aey$`o~zB zgT}7Z{wvCQOe`#UMMWw>cYC1tn3lE(!s43a^Ht4}&v;<>R1;aD;(CYKIkk%V2p=lD4^i-Wk>(Nb~So;kp9sGRR>vh}dSqHl&Qc!2+UYn{_fL&pDx_s>{!{2jn8vHuCV9|4ZY zl2Q=pQG|T9!}S1t_ur#-S7TPhc!OO7VLF?e|*ZJAbB}6bLjM| z@@kvyf&W+WEG7rXL<&On%y`ZMg*0IyU?T&RO|^7&LFsK$>F}VeJ7T2xA!KcX{1ilJ zy*2)hIxN$-4wK}b@X{<5EV94?&E@T|Z;wGCB5w`U6M$1MKv@?Bv&B-A_k-%pM_{W+;S-DjnWFQDE=V*%t8e2^0c`h62UY)tJ=t)IMV8$AMz= z9l{h4WHJ(Cv(pfVZ!ngkKYl#EM}!;m!({L0b7i>B8R{hYT#}%3CzvKt0N|4Mr=hv@ zc~rgWh#SvjVJEszlv3N1va){R*wOwN@5MtT#nHi;kKK~U4TcKg2a>w zCVq0=z#?#7LQFk8aq$ zLS!WNd`kycqh+F?%;jl+e`KVe?R(%qa@y!{H}#J$amiQUsi*+1XMjXz_8+Tr)=?bt@1Y^Knz|?3@Kps_%-O` z=@b%505_CkiLox?JOY1z1_r+pwrcCwypL^KWP(U6IUO8({=%{Zo zn;iX-j;K8)et9C0T4kp&Y{ZL3?&LJ5;B#kVA5k!Rv4{a)wthtqf=?S+OMSP~YNi}a zXpEni=W8#0K%ej0*r3DFFPjA|spuAUy(Ro0_9tJK(M$HZcL3YwLCvM1ygb&U#|#Xz zG*R~WetT*bFQpaaw(74&JLqf9?yh;SBYOScUQw{s8qU7$s?MC+UsRmCF6&(|LUcmy zFKrGn+~$=oKW(SUuY$&TL{4I#PaSNx2C!;2wJ0L6qAPO=*BV|0iun;Zz&`=VLNFCfkA3TMFsIoucR3z`*peWOyKdm zB@!Yibj?s~(3F0Cs42+j#M6+O^Hw+0hZyV+NMbLH?PD!U>7XSWwxvB$ZItcNaER>V z&<`Ijc54-9-{R%&zOz`OIPiws;1yg02rbW#+}ySOPMv+_K&u8~cgNqy$?%8R znwMFl#OGKLBMTE+CPv1Qn~Oy`s3B}Q?wsCQ_q&gk90*TIzdj>K-(q|XvSdqC-$jN0 zN=o$dC%*`(Nx6uC9-q8x?I5oz`IA_cIL(o%K~j*;)*-@q;orJF0o zZWHcB77K^6Q9$!JUuFA}Yn=VpA{VrdV)yK@9i$zQju{d=ulibd%0XuGVx{Ns-O3TkbIACMf z;u|qKc1oW9XX?|Rw#dcn@tcX8y9y)?5P(HZmKc`YgwRUk`k9xV2a&f#FQQ5gf3ECj zXqs!_Mfy;}#sQBw2Qufk>I324`kI=WfUix(bL4^z56}4nPY^scsy^{}eWXHF0PqB& zZ70}rN!n@kmhfTs&W5Qap(Ej)#Wdl>xg3a;vU=jkqIaEqb&lKqe3PeoZ0s}Pizbt9 z*Yh3HjXmGlwd8Px7cY8&T)}vn3NXg;y{epq_v*OU z9@kWty@}2owdLnZy5^7nE^6fbx5kJ4HHSj33vt3*mOzK6Q z0!-6SiizJCo*rMEw^Yp>=%)P%F~4@quPgm58h@U+D>GNkHR0mR9}*s(!eJr}^zH$) zeZDi3=`m)mM$q2Av=M9w<<{}z?~}5PlY9HVwx55=dP~}F)%v375g1OqWg!T-HoEPn zjA7YFq(z830xuyhMQ18GTS`mMcwKJ0t<=;!1sv_r2Ywj{c&`0+IOK~Ki#nWp} z3_9%@mR1IrY4d(a5IHJABm4g3@86FyXs)5KOvFm3CypZxk497PYPyoSfYqePc{gEh zvgJOi?cgo7fSI}Q=Gnp?tY{Am-Ij>dFj~3kJH8eki3-EY)O`xi~Z zIQgjx*#9o8mMaO-b{fpM)A8}_!aKlH)G0kZ!P)%!On7qgU7SeNe|VvqA~dNW9z+%u zu|R;PJs1llGn_9AfP5c{h#szV+{7;{rG{uXC4&Bm=rEvZ(V8ZsWERT+T+=$a51Wh& zy%oUW;ZAjAHABD@zEa%u((GjE6TkBpnH zk$F9UGXqdc2Kf{#GxN#uF%Soc)nhHWVj7}{TB&(qh{>{@)CUNVmqkUpe|(Ob3{dOj zWacPY>2NaBz&?;ADwEkKBOFrTM=wtWGSg|e)D0{6QWfEHS?E}jVo2UTK$aWwfm$cx z^bgYfR{Wq@6927m8&7)`h^Xj~#Kgq#L%yTOfjl^a%iLfHK}Ng_?n}ajCv4Se=Iwjr zOzGt<_1gNCB{4M@Ys%1c_(7a_J;BRxs+f^f1S3HxaEm~SH*US_5t_je%E*OS<>tRv zs2y(R5Jqf>W=Icx`&Y{t1EaLeWBnx{ykSU23CpG_tiH2+sz|1~QF9_Ne0Ff3x~ zH?w^J=*(4_kFc^0X;UllJvViHsP?Kr(_~vCKHn2H>ng66^d>`|rK~868;_Bwy;!n=;fkV#Ouk7fS z3zosL2m6g?KN1&_!SDm!96rT2tZg)qzYm+p)28sU)btuD{1;=Yl#&XPxd#1rmb;@b zMLw%(tddLM6#a_^m*+JPjwz0I!NqstpKv{JYbfB>u)&uU3ojo6R7Dd-AHcgL|Idl? zc^zWNE)LIGxa0u($3OxD)TC-U+E;DOIL$(cqLAS?ox_AS{d4vY@uZXqj=>F@4{I-7 zjccFHjE_45X%!I!tfHuB7sxq){+H9qZ{^JQ-+)1z*?&k;&kLo_d8_{o@iFVa)1FbR zXv%23zbI&JW#;AFKC*d}=>*>V zUu^2)h5PM1)yFM9*JnV$01U+v6BEa>wtZc@?!A+VW+wQ)lT4dA#$FizG^wH6=T#^Qe6cLcGa!S4Ua_-K8o$!Wd&9Pbv!fSO)|xad;)GoET5GM$yT1xv+pSn^nxXn z2}}h6FWNA!)Ms;3vm8^-^!ZyJv{T$BN5RvT1RtlLj*2ODy5|z9tkLa3^E0F_3h!Ht zGltHvu}{qfI}bL&oCi;I3(ysQr(I!|_3ayA696wWlU6^ZAl|UC60iXup>Mu7aI**c zYtPvAgg^x@N%JUBHfuD?=e5bE}`1X+7`NihzEQ<0r1-G?ATNqm)LE7jq^esh5XO4wo3VjE|3F zJfLGAWmed?WF!0Mz|vwi=ouv_t=};;H)jw@`ZzLA37CjZ;Q|P&$gguB*AYx}mF)a2 z#U(n;BHXgI(5~+YVQ)6(`0K83{Fz?<+#n$KkB&YA?%4-s4nd&Qwq^*r>M+FIRADxC z{Hd9DEMn&Mg!tdnGHtI(#oWA<2&B?`H=ur-x?#=kH#_C)IX|{9jQ<~yhO{_g2zi_1 zQa8zeUEMw;H;&YY%IP;Ft#=jHpjj5J`-?liR8M(x@I_^EY6PGVqyzu{IMx=_o zrDcH6{+Vw0rvpCxEhQ^8573O<#l-x1-s;y&GBcx#YLu8!2VKe2kBKcQ!nDa27Z<5S z#l?{WOzP|Fk@>tY*aJ++KHYwm(EQQ0Gz7QLfGg2-WbY!`i8)cX5!kmhxUaFdB_Gp0 z3JE_Xg~H>2>kII}w6oja*ytXQ56Wy10%vD_CZO0%3BL6wO@I}NU7IGY*F(8=Zqv*fwmD39n>nfMEhqV zx3xO>=2%@=?O%i4NkU}JWXyOFKtGq>k5M(7{aNCp@-#CqDUXNE9@CTkXTJk8$F3DO z_-Q~cLz#YQI5y&K=C7RyD@u3So(#VK5HMBds;o3Y19_^X1#lO_z?rBUR)vh-+*$Ly z=e51o-T#IdI%GIe=63;{l%-8Oh_LPQ-9g}Jdfkg^g^xK+w0x~?vinuKSCUXw>G)g3 z_C_jv%=GmBC?7W%!#lfu01)d2laZJvf_h|8&?2@r6I1=(k2zy4&CEKJpdpmk*NPp7);{DLx~)-h3AGSGMOr)@yib8xh&@ z=#Q8F#Vni;vHc6NInF_Auy202wY>KGA#X6t2iVtwERQ*{uvkTc-9=xeo7ei@9^EI) zLJw_<3auXsb$|ak&Mr$kx%SpS956Oh)Iyhx`pV0-h>0bVI!Sww?pJUm`So`QBDeR% z%dbQK8H4CbBSRDY<3Tqw@Bo|b>HqC$LL!L?cN+LMQfwH30=ow>LZGPRNsdE#p2ZL{ zxeZ{Gdsf9AZ(v&zb$=K-^bn|Q@Vj?i*0QW=<(~&r)IVbb(DA%_R6V*6af<;!V_$@Y#efs`*575o>%_eNxgqu| z7ozE&=$2a+XQnnqg*fi$y{5gTL1}9)Z?3iF)w2|F`zP z%g4_z+~V>yZEmU3k(U3;Kt*MyBlzy8vB%)4o?m(`LAXE!ZPun(mBcOT_WWZA2Kb5s z&tv?MKwO#_xl_u(=yK?v*MOtTkkr;^lmp0(>nyGGdaVYa$VYNd9tAR}64xd1D+m;(l)M2{gU-b7Axtipf6;o>KVs%Yr139MT`y4r=+%x;pUlkmT9g zPV#eTSC??JuYT4zeepkBIrmZu1|}LXq6UV_@V2MwokO&=aQ%QU;if6(dt;y*1K19J zadDcit~}dOO>2rUG4>RBUhmx7$+Mo`-jV&2|IFsa1fgX2#40?IpDHFB0oq@Roe<(9(EtvHKq?DPary54!e3IM4GEztlIWl`qD(EeE%9$ z%;2u=}cK;#QM{Q*! zMa4I7jNsmq&wf7dpI-1Kmx-X^Co5Fol*=OFLI+IdDdHC|%tyovZfQioci?kmB*dsa z5M!>|hLe-ighLL}iq${;js<>zKy4v;HuzO60L%dlB|irf4w>6^&k_njO{tQ{1%ws& zgrL#;^w84%fZ+0Ag=z(iHVo%BF#GU@(j4AROSbpILwRI%dx|P6OGxgeS8`N(eqrI& zXYC}OExpoLExtv1`l#)RR{Ue5OY5jv_-_YW=aMG&{iGtOGW7)@JwtCDj)TSh-4;7X zGVNWY5!k*>W6?R^e)F|0 zD4@l~#R2!Pc%utAg$D*+TwDN(jPyR_|Lf~3prTsecSjHlDJcU46iE>YX&exc?vxsl zmhNUmR3u~&X`~L)-ObQFba$t8!^HhO=Xd`1ckjCE?!{Vr%^GIUx4%96+t2&H&-*;i zmD4LRmPmyh4Xyf_?QNgb(*XiFK;suF$EptkqVn|I_Kvsbw+O{l4Y5aU-=w2Cp>m2o z5s8K;>jQPaetF5tLKJ#XdV<0g8)F6FL~KMwTce`ftEdII@1&&2$m3rk(sWX0&$rgv zcY5bQ7S;JLTdK9CC2|Uii0|LI-Zp#y868yIi{J#AE6GHYPg|PoKlQavvsb?RYZqoN zA=hx%W-TC`1$nj|+_5YJQ5VgyJ(*Jg>Z%k{8{a?^9T{dPkZ-7kuMT$VQ6Q0;NWj;$ zyc_o-21;jU27FjUiI9^&m9X~LcEVcaOvb>6l z&rlxAvv$$d5}F}Y-twAb(0bb{eYP&|eeV-JyUqsJ*V#VYzZsBRCO8Nz z@lUUUSg!Cz$qdvC%CV~eu(rSj8X+B1$NVBakUhtzdQ4EU$6QtQ2BCivoi8Rba$jAY z%jAX$cdp?#(D+wmR8m|FVvlFA`lnREKv3;$L>qQoL*M0E=)HHEC6E`OBgpOsh> zSk<(-Y^OwATdSf1U<@fOYHyyBk`mYi&y`w|Gnkz1EdV-AaY>2s+5HB(vt~lW^ye6I zxKLA3o3^IP%@T(ojXQ0*2>)>A#_zf}A3HzTKi?gh6X__q+s2&#rY?T?` z3K(p_$ou0&&h3T|Z?EpQ?R?g`8&J6k^ZX=@oR98|$z5>9tipk59pq0f|2z6`Y_FR8 z7ijWs5jZtz#FKp8l)CVY{9i6W>q@KPTdXp93IDm3Oc}Mo%Ia$91O6S5Jbsn3H>3>3 ztj5~`N6a5fkH_xynz9H7m&~5k^z;Rs_0#Ui7ilzCNr%#S0Dct^4}+geO$mJj=7As= z%J^v-35OvQk<^FJPVDB8y`29H#Ci$4L2PRB;sP(e)OsQv2CWDSW6&!Pk(0ftAa}pg z(e!j6HLu1+T?CF@KUjG%Fpy#1b2cz_8QstTee`IDMu^dCuOa42$=Kmo*n7@uM|*pq zTiODwFA4A(fiKG+w@HwTWoi%jw+K4l3T1dl<^{Pfr}EdizGx!uUkV@u6Apz0D?P0~ zUe?-P`oB^js&QzLqAK!RT7zrYygm!GctbWB_ScYtQNeE>b+9nFfcy$r&_vz$0Ef;K zs9L1P%3I5;ZeGpsUfyl4=eqkNc-nAXGh~tUlO%&&b0BzpYy($!AO-fv_hhAPdU_gY z5RuTmM9+HdZjfz$ljird1wC2ZW{z{6BZ#3t0hwx>_#t$bt5^9~8%W$$#xa>$9-KB@ z33*8Lij+EF{w2*u%Ez!Z)N%OrJHb#ojI^tSltnx=N~%hes3AnBky1B=9d;H|QEW zMVCo2P{NQ+8w3uWAd{4Ur={oNxU?5;i1K=R&v>FoSpvA1+S!25%rx%`sU82Hq#BI)*EE>RL94NNsT7d?qN?`(Zr9~4T&UL?sZ#o7=WPpY!;L#=l z=$oa^j4C(+U*xtk4HDzb%89u?VVWoUb37**MVfG4>Ud~0G^0i|b5-$tzNI2KY8!n# zxSb)Fqx8`38_v76=|leg=+Rl-*$U|kymN&3MP5YZ>% z4w0*&S#RdAZ3rp$oGtGjZH!k_=IJdp5jbzPHGJsd{`H3D%7h;+m=t+c-OHTq{%0f} zankD}Ib(ooSYTK;nWN2#60ZgZDmpsLYinEJW@Yc%I=zn6h7L}o1ECd(x^2%buKQ9& z%YYEQy1Lp{rPZjs1f%n+wrg>NDIYmdQ0s@l4m#1Py|~l%1y+O2IVQ`uSZ2jwTz&E` zFP!;%z3NuLD%|^3rWvQmPe@DaXA!vVFZQnPu7~OAW|C3~aeOwo20u`s)x>RkVUAOm z+6)Y9Tv4^qD~oIGJ(Su7O#ieg@$k?;_)lhF_C6G_vVm4kf>IyTghU4^>F`-!xDKCt zKB((`0PG?Q-#6~=0v|w|TLNBAxFeK+EEAJtAGn99+fAxNLW`*z$&qut+CBW{n&M@@}6}wt_|(uJr5+ugJaKVJ}o|4{Q%V0ItFzTXY)wr z*E?*FKao0a6PgcP23IH@_|zeQ3|^vf1CQI zYgv$%LmH>iHEff1|23$cMMRUkx#5MKA6DHI^Thd{^g(g;?)%?QXLIDPddY@g;m+y% zGDpqXi#=Z(oYt>v$89h_qPXMt;rA@+?Xb1rf7f^z6M8ktM)-S_4zp5m{;1CsuI7}3AJ5O&8Ma#uDTiGgKwn{XN3YZEd`F_2U^#~TE=f`L1^REW z^W(qAP>P1Nzfbt_^;~a;)~Px&}Z#Vfg+=c63JSLz{yz`2U8;K35>icpT z*Or@KzrXdMWYQ(+x93>Ti^XcspItDC$(Xm1+P>NAVw0?wq&(vI#L>n1F!u zJwZn?$(EV`61e@vQ5Y&-_$sQy8~a5j*`9sQ%?gJ-B&2?LpKCF>V7IEu$!=%znDMcH zriLzYVq8!ld5RhXceuYA-1EkN@vs(zcWZg9MxR#c=dV=Z-AI48DW(4#fz->%O7;w0 zi&Gv>Cy@D{lD$$ldCoLv6;6FsIS%Gjakhit_nr2!;ZNC8W61|-s1OL+XDBC~9RJxw zeRPMIJTU;#q)4Ei^aIjc`;P#U$VuXZwOP8sFTIG{>lSRhHn`C)TRorkU$YucD^pIp2v?qZu@>WU;3;Pmx_&;DBlQZM|S?*}megW!c zw<+vq8^9o;tD_e!>gmkM%6hz2fa5po!Sc@vfc}+>in*5pE^^QEK=N0K7!QyBhfxs{V{JB#xK^1mbAJWm?^IC@a;H0*i)qgrUJLgU=|LVoNPITWHedh3mbEw+IN+feaorjZ?ByX~G zz|&zC6ci1eoW0+uH|DBm@NMF{QK(4g?TbYcQkU(?ED`>S%#-uKM)P2{UqML5{zH!P z81W_{eShozAtlEgQM}5zM9)pZ#NP

3tZ3Auj_Lo32Tur%~q}8o`etwY;( zHxrS@FYjb;wbC=!-;1OzCd78Twe5Y*ogYhYBU{>bjKLztD{_1#vl<>^;#K< zB1wBNb&1qKzfL6c-S-DV(!mA&O zy-puC(m-fvXygzxta!Tk9}apGF4KvL^U4Tw>$!4xOuWUGd0e`z@Qp)1A<3LdVI8=t z_g)WMN%NVLSs%*&qn6WI<)r^b_1`wUzdT{;C+n&^oj;<-@XYz@0S;V!SJTLL#7t)iu!H{+dEq09aNRJ>@iz@5vyT(biAe%Zz<}RrZ zFM_B zF(V`VzM{tUjs~x8RF$|UOU>0k36*(lJ`CS`!KRNhVIj81qz@5E)JRaABBYh>FHVo@Kjrhvn`%Hj zBA&~4KYy{3kd%Hd;I_NHB5XapsEM1K^=W_Mfp&o4zA(}Y-)5kXBw~AZHJdUgbN-b> ziVLOwTd66vsp`COAkDF(dG!?iCNgMBNH>C*%ppZbOeMQgMNCY#>G1M#a>!M@dyZP#5Oex7jYlm%nSrF_fpc*V+yAyC%}1h@Az2L=Le&w??#6yPtrr; zivk{m(gT6t2Qd+Fv&w9vSk1bw>AT~;Qt?n*4qHSS9b3Q|38TuHkDn>?nkbwTmTo(f znfW#9Szi6TcF`$Ql$5wxdSWDHM*c&|Ty^q`tHa{1uI0hO@|J112eJn3=tP>hL3VGL zR{dAw>Dr~Q1Xl37Cd{W8RHUle6KUp{+jALn3-L43kE`#q7V3wQEkeVR$;|y$V$rDH zbfp9q{^&MD#`w4pcejV#yEh`r@|RAlJ+@Y3qlP!$CB*eJClhBAVY8-U=st*$;`~g$ zaT7l6TedS|aM^e@mj4|=k{}{Gd3+8ns|Q0RQ`d5Bn9>XG#<-7Ur|;|x7Bh@y-Solx zmVYpxBzz${jN?bN=GSLH|2~iYN?_9pgheVr9nYwodRF@@E}1VIFu?YfcZ*GV zeS|hP2PaB~lZA)6vabxaC>I!t0{@tJ>rp!R?>g%@WquMZLN8L3lO2Gq)7HjFs7qX3H8zWg2FI7JaGBFy)BxrrSWDp#>K?*AMRU1 zZQ|y76Hs2KQ858zfzPB~8(v^9xl>ejZYAX(8wFZE&=vCKeYZamASrpIT}hOK8-{I&Eh~cv=wNH`t!L;79wE2TO8xr+ zD(PsLw>U82tP*T(?=BljQWKStaW6TPH~r0|_!NpRRMgQyjE^@Uaki%`(Lq^=)>V6f zYNltH`kMzVa&pxiTdev9c7VEJ;Wq0qpjCaS2=cIP`Y!)^wH&@eJSJ?7a zqxnx-U~A>K!>i2iiZ9GKaRu3d zhzw9S4wfn^>YCY9ewcQCj#Q3qT6H|Huct~(1b-sb(Q#8R*|jd@V7|Ad_YTh4OG1q+ z+Lh+VeB>ryxsATsmslcRs6p;zPE+AQK3s^QuOHJV66_2I`l7$%;Zc-O>6~=Vbw{(Z zeC_J8*iehKJ=TV`A|ATvRrGc=ibqCH2K<(f8Hlrb``&EN%>H}#O1K!kdwf=DX+)*n zH9CVe{VLjt#4bb88mG+~b%K;j@{IB^V%H%DOzJG`VM3l3*v`)hyc zfm06j&7Qu#1`V2wOm8lvuOgQMP4>Mmfi?|yxjXgg=;(HFLFpkc8JXn^E-SL<9)&X~ z7{Zhk0}a_c$kl&rVC0o~38}R7#myeTL~ZpJA%DAzLQ9 z!N&(qdiHHCtQj8Q_hv>4ly+Lv6-|s(u{xc8Z{Hkz^lN0Mjbak*m7kk}Ue@>~(e@N@ z&_W=*wBYDzg@wuM>zjdHH?MNG*~)DRI(3p>mkbEcgQKiZV?*^wR%7DdJiSor*tgCb?2jYvv;Xy&+ zHF489+H@1uHSs}+@rMt$KaJ(5$th=C=X&h3YJQ3lUi=JoPl80Bx@C&fzu%4$Z-U^`8_q*lNBr#8>K!wrE)_A<0Q|BI2MCB8Ht!`FCZM z#>BshsHjS^9lF^r&mP^bAG_0XV)#98F*?N>?~19}pdC`xnHTj_wmINO{DX~+0Y7{- zWy{&0N=fM+hs*gjg@s|DLx7!_$V0>x&<~D|dJ?vjD^b(DsG8XPsHjk>_#N8Z?vhGn zLz?L>v0$rN(;bpjLz^jA!=3UgVg|F`QN@+lsFY^K*~yclp+6{BI`5YrMt*WqTNSz& zBC6_@cp;0h?z=V3o-3fCQ54CVs$d}ie)#-j6S8=I^f<$&`@226_^;eVbHWYnaed!J zov4W8O4$o0J<=b)3W(YXJ}=v|37?-%-xl;`5HHVuU$c1gs`DB#t?=s{t%2dJ;S3T% z!S9I=1%<#3qZlVCAJvb=M8wJ6mN+?SF_ULm9#Y2>C#lE@ae=pY#G-jh#7jgY0Rb`26 z90)P`h%h~~Vhy5Qz7{w=K2?14!g^fg(IrzyDhum|>xgrraRH~a7llD}gf2#;4$F`l zvS@trGGB%z5HVrEEnrd^o2~nd&N9_AKOcaJg@saET7XCH-D9K(kEA@mP_tl>k{ZBa zrDbI`RK!$O8SiMa{%B845VpK@^%Ul2X7;UdrJ7)6U6HtE+S#csXfstFo@i@jrS~%t ztMW>AV&b%mF0i7@bp8>d&~btC z8f`CrX6C+u`21*6GS!Ww?f_TUGHx#3_wUyPy$85&L(jE92+Acl!~~vp7pEh_z`J8<}xDo{A6ua zvDzu%Q#dxDy!a76zoWhTHQbo@mx%*wzH9<C&m*hd#e5d>fI@4!|Z>xHdz0Ys|D5++ja`1GFr9r7) zbx5KSY|7PXRETXl+Cd2jJf|U+(7*(s%xGw04C`W8)nh2xV;)P#l=7|~TfJdtV|#aW z+#NhPVycyI(#2TkN>EEKKXmFl+x&e@vb|x_Y54$tuqDIUEw4*GSZB(U=$DdZ6QInO z!FAioCzM^-eqgkSZt~!^qP6ff%uh8I?H|kj%FO*VR@ItVCB7X}-y?@}9ye;Q{s!77 zARw!FtXJY~e9)EDG54@xfaIki2g#qqoadrA`XZ`I@pGoW1Qo}iQFS`?T%32Aj01&z zN;i@3^Uh8KTzQ?9TQl6tva_}>f*e1YGx6JSA84z3xYY5Ba>5@SUusnwhYq{D;1t{} zgw7R?xy6azqDeN*=!!XwUR&k+WyM~pc|h}B4tv&#cRP^<>JK9a*#JT_CWm6RM`RPyP! zD{Cd4o0R2lJS9gIu9p~T4(dwJQr#g#-J1O?R}1fh3Aj+xq1MW#1&K3)$1}{$HGQJd zcQ!Ovwgj1(+j}}Yf1x`%CMLoY<=6skY;4|OpR=NK39%!*ZkR z770!F*CWR~v<6^&8|wG^DE^X=Wb8osFs*FGAFtB=24(1y>Q6Ayhx*%U#K<}Sx)V!I76>Hp3yh78pJ6mbLLNdzdJoU`IYh0Gbeuh+O4g7e zN7MZlg;;!w4=Vys9Q8ZnCW^wTD8m+#`^j`KGp^eBh|rt-`pD^HRXI~*xvhJPgc%NZ zbWjDJ9{LJyyK3(qp%TB%lR)0Leg*8x!qRnz_tO{tZXtjkVaOp7{5`1}SMJ*SOukGolEfcBUnW{vWCNPg9H{ueXy zlb?vfP?Bx5Utmg=K?WE5GZD7OkKXe+>{bbC1u(n6dGJ8bivZ_c7WVb_m)@_>Cq|l^ zKD850s~)dHLl=-O*C{!7ZS1<-NUHi>j{{eH%kmbSZtC$MJK1*m5^8Hs&}g-c4=2Z) zw^Z&?HNSm(;=_csZnCT5cG)6#u|f!mC0RWE{7Ied3sl3M`fo(4Lj5%jqJe*i`~yzo z2=)P!mHVh6dpXW8tf}CepSzTA z@SOMz40UQ$1b+WEwjLRMYf~m#ml%9DlL`d3`0cf*&Hmtko7@e8X@NPNTvtX`u z<{v0bG8hdDXqaFFgs#4^jQDuuUA1K&69)W@tsI5kw*vM>3N|y z+*4V@DgTi9+0P0C-lrzd3!^k KGXK@vkN*oXs1B|G diff --git a/docs/network_new/network_module.md b/docs/network_new/network_module.md index 671214306..96d4653a8 100644 --- a/docs/network_new/network_module.md +++ b/docs/network_new/network_module.md @@ -48,18 +48,19 @@ Only once it has received an IP Address, most other internal services will be ab So. Let's have some abbreviations settled first: - - #### Node : simple +- #### Node : simple + TL;DR: Computer. A Node is a computer with CPU, Memory, Disks (or SSD's, NVMe) connected to _A_ network that has Internet access. (i.e. it can reach www.google.com, just like you on your phone, at home) That Node will, once it has received an IP address (IPv4 or IPv6), register itself when it's new, or confirm it's identity and it's online-ness (for lack of a better word). - - #### TNo : Tenant Network object. [The gory details here](https://github.com/threefoldtech/zos/blob/master/pkg/network.go) +- #### TNo : Tenant Network object. [The gory details here](https://github.com/threefoldtech/zos/blob/master/pkg/network.go) TL;DR: The Network Description. We named it so, because it is a datastructure that describes the __whole__ network a user can request (or setup). That network is a virtualized overlay network. Basically that means that transfer of data in that network *always* is encrypted, protected from prying eyes, and __resources in that network can only communicate with each other__ **unless** there is a special rule that allows access. Be it by allowing accesss through firewall rules, *and/or* through a proxy (a service that forwards requests on behalf of, and ships replies back to the client). - - #### A Tno has an ExitPoint (for IPv6) +- #### A Tno has an ExitPoint (for IPv6) TL;DR: Any network needs to get out *somewhere*. [Some more explanation](exitpoints.md) A Node that happens to live in an Internet Network (to differentiate from a Tenant network), more explictly, a network that is directly routable and accessible (unlike a home network), can be specified as an Exit Node. That Node can then host Exitpoints for Tenant Networks. @@ -67,23 +68,9 @@ So. Let's have some abbreviations settled first: Entities in a Tenant Network, where a TN being an overlay network, can only communicate with peers that are part of that network. At a certain point there is a gateway needed for this network to communicate with the 'external' world (BBI): that is an ExitPoint. ExitPoints can only live in Nodes designated for that purpose, namely Exit Nodes. Exit Nodes can only live in networks that are bidirectionally reachable for THE Internet (BBI). An ExitPoint is *always* a part of a Network Resource (see below). - - #### Network Resource: (NR) +- #### Network Resource: (NR) TL;DR: the Node-local part of a TNo. The main building block of a TNo; i.e. each service of a user in a Node lives in an NR. Each Node hosts User services, whatever type of service that is. Every service in that specific node will always be solely part of the Tenant's Network. (read that twice). - So: A Network Resource is the thing that interconnects all other network resources of the TN (Tenant Network), and provides routing/firewalling for these interconnects, including the default route to the BBI (Big Bad Internet), aka ExitPoint. - All User services that run in a Node are in some way or another connected to the Network Resource (NR), which will provide ip packet forwarding and firewalling to all other network resources (including the Exitpoint) of the TN (Tenant Network) of the user. (read that three times, and the last time, read it slowly and out loud) - - - #### IPAM IP Adress management - TL;DR Give IP Adresses to containers attached to the NR's bridge. - When the provisioner wants to start a container that doesn't attach itself to the NR's network namespace (cool that you can do that), but instead needs to create a veth pair and attach it to the NR's preconfigured bridge, the veth end in the container needs to get an IP address in the NR's Prefix (IPv6) and subnet (IPv4). - The NR has a deterministic IPv4 subnet definition that is coupled to the 7-8th byte of the IPv6 Prefix, where it then can use an IPv4 in the /24 CIDR that is assigned to the NR. - As for the IPv6 address, you can choose to have a mac address derived IPv6 address, or/and a fixed address based on the same IPv4 address you gave to the container's interface. - Note: - - a veth pair is a concept in linux that creates 2 virtual network interfaces that are interconnected with a virtual cable. what goes in on one end of the pair, gets out on the other end, and vice-versa. - - a bridge in linux is a concept of a virtual switch that can contain virtual interfaces. When you attach an interface to a bridge, it is a virtual switch with one port. You can add as many interfaces to that virtual switch as you like. - - - - - + So: A Network Resource is the thing that interconnects all other network resources of the TN (Tenant Network), and provides routing/firewalling for these interconnects, including the default route to the BBI (Big Bad Internet). + \ No newline at end of file From 43c393bf566f6d066f3a88507f27503d0e084e6b Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Fri, 18 Oct 2019 17:52:44 +0200 Subject: [PATCH 07/18] added config for 8-blade server --- docs/network_new/zostst.dhcp | 54 ++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 docs/network_new/zostst.dhcp diff --git a/docs/network_new/zostst.dhcp b/docs/network_new/zostst.dhcp new file mode 100644 index 000000000..0ac53be0d --- /dev/null +++ b/docs/network_new/zostst.dhcp @@ -0,0 +1,54 @@ +#!/usr/bin/bash + +mgmtnic=( +0c:c4:7a:51:e3:6a +0c:c4:7a:51:e9:e6 +0c:c4:7a:51:ea:18 +0c:c4:7a:51:e3:78 +0c:c4:7a:51:e7:f8 +0c:c4:7a:51:e8:ba +0c:c4:7a:51:e8:0c +0c:c4:7a:51:e7:fa +) + +ipminic=( +0c:c4:7a:4c:f3:b6 +0c:c4:7a:4d:02:8c +0c:c4:7a:4d:02:91 +0c:c4:7a:4d:02:62 +0c:c4:7a:4c:f3:7e +0c:c4:7a:4d:02:98 +0c:c4:7a:4d:02:19 +0c:c4:7a:4c:f2:e0 +) +cnt=1 +for i in ${mgmtnic[*]} ; do +cat << EOF +config host + option name 'zosv2tst-${cnt}' + option dns '1' + option mac '${i}' + option ip '10.5.0.$((${cnt} + 10))' + +EOF +let cnt++ +done + + + +cnt=1 +for i in ${ipminic[*]} ; do +cat << EOF +config host + option name 'ipmiv2tst-${cnt}' + option dns '1' + option mac '${i}' + option ip '10.5.0.$((${cnt} + 100))' + +EOF +let cnt++ +done + +for i in ${mgmtnic[*]} ; do + echo ln -s zoststconf 01-$(echo $i | sed s/:/-/g) +done From 672a2372a5979ef98387a18ade8065965c407dd7 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Tue, 22 Oct 2019 17:33:06 +0200 Subject: [PATCH 08/18] NETWORK --- docs/network_new/SETUP_NETWORK_FARM.md | 97 ++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 docs/network_new/SETUP_NETWORK_FARM.md diff --git a/docs/network_new/SETUP_NETWORK_FARM.md b/docs/network_new/SETUP_NETWORK_FARM.md new file mode 100644 index 000000000..d6b2aa527 --- /dev/null +++ b/docs/network_new/SETUP_NETWORK_FARM.md @@ -0,0 +1,97 @@ +# ZOSv2 network considerations + +Running ZOS on a node is just a matter of booting it with a USB stick, or with a dhcp/bootp/tftp server with the right configuration so that the node can start the OS. +Once it starts booting, the OS detects the NICs, and starts the network configuration. A Node can only continue it's boot process till the end when it effectively has received an IP address and a route to the Internet. Without that, the Node will retry indefinitely to obtain Internet access and not finish it's startup. + +So a Node needs to be connected to a __wired__ network, providing a dhcp server and a default gateway to the Internet, be it NATed or plainly on the public network, where any route to the Internet, be it IPv4 or IPv6 or both is sufficient. + +For a node to have that ability to host ueser networks, we **strongly** advise to have a working IPv6 setup, as that is the primary IP stack we're using for the User Network's Mesh to function. + +## Running ZOS (v2) at home + +Running a ZOS Node at home is plain simple. Connect it to your router, plug it in the network, insert the preconfigured USB stick containing the bootloader and the `farmer_id`, power it on. +You will then see it appear in the Cockpit, under your farm. + +## Runnig ZOS (v2) in a multi-node farm in a DC + +Multi-Node Farms, where a farmer wants to host the nodes in a Datacentre, have basically the same simplicity, but the nodes can boot from a 0-Boot server that provides for DHCP, and also delivers the iPXE image to load, without the need for a USB stick in every Node. + +A 0-Boot server is not really necessary, but it helps ;-). That server has a list of the MAC addresses of the nodes, and delivers the bootloader over PXE. The farmer is responsible to set-up the network, and configure the 0-Boot server. + +### Necessities + +The Farmer needs to: + +- Obtain an IPv4 subnet from the provider. At least one IPv4 address per node is needed, where all IP addresses are publicly reachable. +- Obtain an IPv6 prefix allocation from the provider. A `/64` will do, that is publicly reachable, but a `/48` is advisable if the farmer wants to provide IPv6 transit for User Networks +- Have the Nodes connected on that public network with a switch so that all Nodes are publicly reachable. +- In case of multiple NICS, also make sure his farm is properly registered in BCDB, so that the Node's public IP Addresses are registered. +- Properly recense the MAC addresses of the Nodes, and configure the DHCP server to provide for an IP address, and in case of multiple NICs also provide for private IP addresses over DHCP per Node. +- Make sure that after first boot, the Nodes are reachable. + +### IPv6 + +IPv6, although already a real protocol since '98, has seen reluctant adoption over the time it exists. That mostly because ISPs and Carriers were reluctant to deploy it, and not seeing the need since the advent of NAT and private IP space, giving the false impression of security. +But this month (10/2019), RIPE sent a mail to all it's LIRs that the last consecutive /22 in IPv4 has been allocated. Needless to say, but that makes the transition to IPv6 in 2019 of utmost importance and necessity. +Hence, ZOS starts with IPv6, and IPv4 is merely an afterthought ;-) +So in a nutshell: we require Farmers to have IPv6 on the Node's network. + +### Routing/firewalling + +Basically, the Nodes are self-protecting, in the sense that they provid no means at all to be accessed through listening processes at all. No service is active on the node itself, and User Networks function solely on an overlay. +That also means that there is no need for a Farm admin to protect the Nodes from exterior acces, albeit some DDoS protection might be a good idea. +In the first pahse we will still allow the Host OS (ZOS) to reply on ICMP ping requests, but that 'feature' might as well be blocked in the future, as once a Node is able to register itself, there is no real need to ever want to try to reach it. + +### Multi-NIC Nodes + +Nodes that Farmers deploy are typically multi-NIC Nodes, where one (typically a 1GBit NIC) can be used for getting a proper DHCP server running from where the Nodes can boot, and one other NIC (1Gbit or even 10GBit), that then is used for transfers of User Data, so that ther is a clean separation, and possible injections bogus data is not possible. + +That means that there would be two networks, either by different physical switches, or by port-based VLANs in the switch (if there is only one). + +- Management NICs + The Management NIC will be used by ZOS to boot, and register itself to the GRID. Also, all communications from the Node to the Grid happens from there. +- Public NICs + +### Farmers and the grid + +A Node, being part of the Grid, has no concept of 'Farmer'. The only relationship for a Node with a Farmer is the fact that that is registered 'somewhere (TM)', and that a such workloads on a Node will be remunerated with Tokens. For the rest, a Node is a wholly stand-alone thing that participates in the Grid. + +```+----------------------------------------------------------------------------------------------------------------------------+ + + 172.16.1.0/24 + 2a02:1807:1100:10::/64 + + +------------------------------------------------------------------------------------+ + | | +-----------------------+ + | | | | + | | | 1GBit switch | + | | | | + | | | | + | | | | + | | +-----------------------+ + | | +-----------+ + | | | | + | | | ROUTER | + | | | | + | | | | + | | | | + | | | | + | | | | + | | +-----------+ + | | + | | + | | +----------------------------+ + | | | 10GBit Switch | + | | | | + | | | | + | | | | + | | | | + | | +----------------------------+ + +------------------------------------------------------------------------------------+ + + + 185.69.167.128/26 + 2a02:1807:1100:0::/64 + ++----------------------------------------------------------------------------------------------------------------------------+ +``` From f0a1b08dadf77da8ce40ecebb2ec615354cfdbda Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Tue, 22 Oct 2019 14:17:36 +0200 Subject: [PATCH 09/18] Update docs/network_new/README.md Co-Authored-By: Christophe de Carvalho --- docs/network_new/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 5b20d804f..5e7e1aca8 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -2,7 +2,7 @@ ## Boot and initial setup -At boot, be it from an usb stick or PXE, ZOS starts up the kernel, with a few necessary parameters like farmerid and/or possible network parameters, but basically once the kernel has started, zinit among other things, starts the network initializer. +At boot, be it from an usb stick or PXE, ZOS starts up the kernel, with a few necessary parameters like farm ID and/or possible network parameters, but basically once the kernel has started, [zinit](https://github.com/threefoldtech/zinit) among other things, starts the network initializer. In short, that process loops over the available network interfaces and tries to obtain an IP address that also provides for a default gateway. That means: it tries to get Internet connectivity. Without it, ZOS stops there, as not being able to register itself, nor start other processes, there wouldn't be any use for it to be started anyway. From 8733368042c632d838a42369fc3fb6d9aa9d8be6 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Tue, 22 Oct 2019 14:17:47 +0200 Subject: [PATCH 10/18] Update docs/network_new/README.md Co-Authored-By: Christophe de Carvalho --- docs/network_new/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 5e7e1aca8..6b3c3d90e 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -12,7 +12,7 @@ Once initialized, with the network daemon running (a process that will handle al ## networkd functionality -The network daemon is in itself responsible for a few tasks, and working together with the provision daemon it mainly sets up the local infrastructure to get the user network resources, together with the wireguard configurations for the user's mesh network. +The network daemon is in itself responsible for a few tasks, and working together with the [provision daemon](../provision) it mainly sets up the local infrastructure to get the user network resources, together with the wireguard configurations for the user's mesh network. The Wireguard mesh is an overlay network. That means that traffic of that network is encrypted and encapsulated in a new traffic frame that the gets transferred over the underlay network, here in essence the network that has been set up during boot of the node. From c8417202a3314d6c300a52214931aa5ff0e0f6bc Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Tue, 22 Oct 2019 14:18:44 +0200 Subject: [PATCH 11/18] Update docs/network_new/README.md Co-Authored-By: Christophe de Carvalho --- docs/network_new/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 6b3c3d90e..f435ce929 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -51,7 +51,7 @@ Wireguard is a special type of VPN, where every instance is as well server for m ![like so](https://github.com/threefoldtech/zos/blob/master/specs/network/HIDDEN-PUBLIC.png) - **wireguard port management** -Every wireguard point (a network resource point) needs a destination/port combo when it's publicly reachable. The destination is a public ip, but the port is the differentiator. So we need to make sure every nwetwork wireguard listening port is unique in the node wehere it runs, and can be reapplied in case of a node's reboot. +Every wireguard point (a network resource point) needs a destination/port combo when it's publicly reachable. The destination is a public ip, but the port is the differentiator. So we need to make sure every network wireguard listening port is unique in the node where it runs, and can be reapplied in case of a node's reboot. ZOS registers the ports **already in use** to the BCDB, so a user can the pick a port that is not yet used. - **wireguard and hidden nodes** From 2af4e3fea82c0978a4dbd5d3fac9d5a13fa84711 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Wed, 23 Oct 2019 13:55:44 +0200 Subject: [PATCH 12/18] farmer --- docs/network_new/HIDDEN-PUBLIC.dia | Bin 4182 -> 4201 bytes docs/network_new/MESH.md | 7 +- docs/network_new/NR_layout.dia | Bin 2885 -> 2884 bytes docs/network_new/SETUP_NETWORK_FARM.md | 85 ++++++++++++++----------- 4 files changed, 51 insertions(+), 41 deletions(-) diff --git a/docs/network_new/HIDDEN-PUBLIC.dia b/docs/network_new/HIDDEN-PUBLIC.dia index 7e89354691f2d08c8f66c84c9bea6179c5e019cf..139cffae3d6da27cef08a9bea73518b07f237f2d 100644 GIT binary patch literal 4201 zcmV-v5SH&BiwFP!000021MOW~Z{s!=exF}qWL`B2@0YqW#m-`jEl{AvZo996;wX-{ zjvd%aX7aMXeR(M7Vwp;8QIxEN0VZf%hDS#^{LcOG$Dh7m&qsIpYCT&nKA+$eos9Cu zWO*@LOh2Fe`Nz+n)X7g@KKytw%YHEbrmO6FWPW3@hMzv4TouL552vT!zI{vQ_v@@! zuG0DJHeKhZ|I6m{?9?neJ^AusG^Xv3#V>2Tyys9<-K7ah zbk>t>Zba-Qwmi7FoE63LmFK_A=IebJC_jEYZHJ!R>1uZI^16ovt>^PG5WL)ph&6nDV2FvbH4V*?qp+Z2$F1O^-Hz;0@x8vPm(!d-&^YioS-YfI;*d{qbUPGX<}12bCs+j(T?|5-V8Gt7 zF%^V09)gOl2S-tKI}}~+ExG`MAw}1^Vbt2XSXCy^FP_OR-pH=- zHg<7J6C+eu@{lI4rJ_=a6dON~q)asw;sRdAD>1Xmnz}!#O)_k)tK=hUvJo$Y@ap2h z%SGWL1fP#Cv+LRX-aJpXSf7m6#XZED3_z8?`p>CWo6n|;>)ieK%on%Un|HY<6=&G;uoH1-AE|mKo*re- z(9~qPSeTP*AZERDydM6~=*oc7Mm&q9HT_0U|JM;>+u5`o=#$>ihm6#P1U&?h$0@at z$C%_GK|9L3;Cm%$V4U4VgELRiqqAEdRd3xSQ)5<_hu4#Ypc z&kEx}ARHBUXvJL-!l<&3*@5_Vw#Z%eHr@p{L~qRbkPd`Vpj-(FbchnhhcNU66}I-q ze9(+C7$#@=;=(d>D2tBc07@Q#4mQu$@MW04{^X|mB(6%%)~z^9w#_)P!>Z$#@#dFx zOC}&F>6Wk(*| zU*ohBU$rI=u_vn`=|8_hMEbnepnTC9+25%2HY=Mvhtsq?+_-E)de^|*LrR;Ga+#TX z8k$YW)fttD`pFC6Gji8OSQHV%F79yJcaS3RYr&N^@ zo?)ccN*tR+$2hcOToJ>5q(?d4 z8C+zf;H;`V9E#)e5;gSM)$S;?kO+<_wO;Il4FW#hs^Hmx3y-sQUw zQw=XlMf?lwc*;1%w)3KKs$$RjmJ};$<5H9{3Pmmi5eY>v5d97fCv|)}mWmWJ2%ssC zgjTO`qELjBLBk2{2~Kzm$zaWqu$63x1`c|2hBb7u3L*HIvJ_!R&l<{t^YF=FH=k}3 zn?ZD*rHTpquHeMH%1~hPxOF%vc_Ps(kkA3TIl{m2KP4R5wsop?&{8);Nos2uP@(}x zC_zx!lp+#37hlVz!^vUL5GSB4&mhkbQ)uAkM5|=TR*CEhO{D*1-Bch!?Z}p}UJi`c zphy8FO3P6(h%*Km3WQN;v!s?!S2#S?no8SaFhnmW<0KphjuQ~we* zWV8_zm5Db2n$nD^DoEM?fdzEz3r>~IAYc_7MVw4JGYwop<{vJKiOGX#R(D=9-&6L0 z;ufY?YXzY=6xvM(O2iVPl)x+_p%As^2$M8)15O>6&PjCwLokvKH5J*svLTuyL5DdX zuQ}p>@g^_pfs7_rREI1*Hk7yxqVbeajmJjkBY~K0mghXQMN-SBYf4~QO$EjYM(SN< z4 zyU^%SFa z!N(*8CEfpE4j*1LQb&k4I=YG6Jb>6!=S1lD8=q`#3)UzUkfvfXL zROh{v8ANsd_R0)u+KQO}ZMzCCmu-Bv?7mkHXsQU10bCQp79WHk>buKY&7xzP>k%7! z+Uq#hwRhLlbv6gUZ5Rm0msNhGY z%ARA5ajkt`LOdu(JJYT*-;y3Q8?&NISx47sbN^a4ngkuuO&>GrKq=O;#acF(+{Ie9 zw@}N*Td8HEvV&SS=r(?+Wn;LrS~fr4Vzj*PXgP1CmW`?oYS|2tN6o8aOJ0nX9~vvK zN@5rrb)n4JGiA=ZQ|2rx^I&@4Ib{ry6pKX6b+1YPHh+-mX?VD1Piz*X{A+RMZEk>4RzQ0LcLg`k+j7t#W=% zH3#g@=Kj~Hh8+z-pGHG4loCxGRcOZ=*8cs^ufP8C_m`{BVuZV`2zMM6@%AFzx+SMr zb>tLV4a;$N_27QIMW?uLr&yqtoMPRDQ>-dZacu93PVs?GajXY_H)H37cLf~PVSNkz zh-g45R?9?R!X;*w35t?!#OS?*I$`hU{&Ib|USk3OT zBA?%XSm(v3+nWzRXRGUoPoeS2C7KbXjv1wDngj&(H<4^#S@T|!JuRh_aNE9yFw{3u z8|u(HbX$#+yP9P_9Y+0KWy`70g-^1d3*?0NWwsD5V_F4oaADBOqS#Y|3lP?pa0e|e zHC#FtLdX!2*y{2YTV1%%6_GFCL)atETd<#{P$GQiCqt<*p0Vxx)QXG^VMUcLJ3n#o zGhV}{W2FHhidpRZe4D3S5Al?Xc*^4`kEi^NpK{rjxvo1h*AY~0)6sGaCNYMr!iNJWoAMuDOP(#Cj zqp!1z*{Zaxvw4K0F5pN+I64wIDu145_xb9}hw=yWZ@S8^zkK*Vm#xOl@-6`YT^BcJX1i)*7A%jJxo>3bAG&fn0=m4^UVul zw!5Zgr|a#q^OxRwb={#aru?X)tSyN}c9*ZW+kbjg)1&Plc#AlrY*Ng>-2e3CovbeZ zn@@@@v;Qu#mDenq=4tID3)%;4bO+qzvnh!o?=dt7CI zA3W+dzr3vOy*5vuEoX~-yFW`ckVp|9b85aPn3(U)DCUd&=3=s1FZV5kc383mER5{4 zbq^uRW9#dDKD#dJ_r|o@=9}x)*9(VD__D%tAI|efNo*{d*jF?uO-M-5qy$8hAoG1p zWh%^n)0BmjOb?C@kxZ6y{q#%ffTBuL%66!U*CV>bS9FO=C<`dMM1ts2YDJfT=u#0@ zbUiqVqT8Y9Qg75{3DF@@ms-?SR&l7##UQi^2J9Uh zQ$bkcA*kqja1=$iL(%2lq6;t>Qgp2wMy;)jwME^)wyp<9QFMcd?jQNL;)(3yt?UYK zV;841F+znU4{7pRDk_yovGF}g%2Y!kF5qRn5HqW+sr#eaB*V_SNzu@q+S2jcJF z=7n(}5RQsFwBoJ^VN}_t>_Gf7U*@iQ8}EV}qPOOJNC(0wP_BdoIz$QMLl}C33R`<) zK4?Z643mp|Ikn6j%cA2rfRaa`gUz!wd>Q7iKe??wiK~*cbt?{&T{BMXvFi9`y!~a} zk_iY(`gVtxBdf>AOC_HB^6dC?8#$BBYjXDly2d9KHZLq}NdpG^&`20-PS$NBw$7c? zQas95Y(&wa0*|m5k1o)!wHiH|0rq9Sq4h{x5puOtBoIo-6;wWyp=b?uBveD}*pWx~ z*EsFO7p=)-?8$0K`p-`gk-n@oD4(@P4mT>j&B`Xv;WRCeH!hoy-ZwB0kkV$PTxRBh zhGr9Tb;jmP=H~Net=r^0x?`kjc0Ol#9)V@$Cr=c3BWPo76e5z4g@|T5N_A`y&&gVC-S zMlc#882Oi5>Lh4@4)$kTFhbTYGUm~c?4rqKgreY?{#_xAP&CAZf%NatO_?Cf_RumN zv}+8fNT@P&Pmvl^NNHjT9vs4&1kM`N^66NLQ%t3>5nzPy;Bp7G;s2LY2i3eo>*XVL za_nC^C+y!9LYhpdkS%18ir36m&|wX2WHLpFOB+n35{J%y)$!?A3jJ*e!&0R%=~0gN z1{WDAxTq=*hvK-pLJfVkO_8mOi)_7KeXYmnrm?9fn_n#QSFclqYS zRKtr>5&r@^o-$6c?YwB5syMK|CB=%`xD;iKLXitWL_*OEM88ABNgbb#r6R=)0%*!3 zq17v#C=}sj&~QR~f)n0CGFWpYY$Y3_frH+hVGW(ELI^&lEJYa7vxc(ZJbW_P&8OSM zW)PicsbYe@DL65&G8C9RY#k0t9!c~HBy@moj_@!1PYFl1ZJlZzwA9T|lG<7ZlxV;a zN)S{wrHF*i#n*D_aB>(l#0e5nhSVEJ2$yiev3^UbgucXBw_sx{N(cy3 zU@?Y)7|J;7K#52RMz%)88ncKr&C?%aWxM%wR&GlnRe7rp*3nsy&U$ywdQYYE)W1Xx z8EwQwW#UbMrZi)!3R3oeU;!Qbf>UKP2v`M25hs(*OaoVt`G<>QV)7uG)t#5j_mn-L zxP|G}T0tldg?7_{60w9RB{0iKC`7F}!XypdfK$h%b5fna5R9ZlO+_}ZY>4Ja&|%J} zYmWF|yvfUYAft&D)geod4JB@aXgnoUn>RoVkVI%>B-pYB9eN^eEuXFteyJdu zY)uk5v_PL8pcs1>`9T@DqO{B%hZSP5pREuhp~r?U=fr9qBgDbgp_@ymv|}u!#{~{i z6GlxqqZI#`JJOvUPK9-^3no#l=75Wqwzy^XOA#U)gBa^r^|ck#xLzHj`Xsudw82^HamoY< z@Nvmq1fNp?AKx$rYv-P3-a#0HuqR;*-B}pJkGB}c=sk?VT9I(kK^VgjxesHI?ac21 z1~Tri&5U=E_mP$mF_7_wvl5KAq|Q}G>Rj471FOw3>PVfdsLlth&P7Y=Tz8?)RYjfa z;i~g#ROh{@a~;+B+g0bXr6L2>QISEZ&QW*j+>f`Y&U;tqs-+?W-9?dsdQxOCaCJV3 z>b#dSgQ(75UztHoTM_fWZCAnNvW@SSJ@m=}O%(w$fNMh7;)C!*efL?bS#(NsJz`@| zdmYER_U_sPZYHXkKhuC>oghzI3lXWCWfThgOuV^(x2>*yM7?qADBlb|EI=|e^xD8*W~Sj*;;yI9Ni z8fw{iE46G?c2LU(-NyH|Yz%i+%jU;hjF$HuE$6M&vQgDREt?_opm}v{$&0b_V`Jr2 zDUGr6H6d^0?fL4n7~yU!!W~CNyuJvxZpkTD z9XZ8T!*bkRJ-8ol(JAiRDHf(dRSl>cF zAR17L)iTkSaLHZtB?dTlPI#B1LYauwsvI zhMpr+$EIVcu{1Om@SFw_=n0+kg%N^_YJ$d@oVmJ+NYdXBH|c>SnDm1r616dxk!g`o zlxiL{A8sfSsWF^TqmRYdoLEXINhmfJ1MXl(qmxZ1k`RuVeNL_U;E*KaBqLcwlKyOx zAp(hiK_5zqIo}DTaKb`*9s~eHTa$z`IR?TCDKHWmEB?dt*mYbwaKt>GBzTJ>gUe@= zAxd!z7m^xpF)?;0)gowps_~u?XO@!Df@7cyBThkxv6P{u*v+L=+@&mqo#LTMF!qq( zz6992jEG?)Lt(={nuA0L3PB&1VvH^JQV~Arv&)-f0c*^B4Dp=)++E4qI2|JV>EN~- zAIdrnx$pz%D_ptHh3Mm4v{Udc{YzMQU{th_2>m8wrczCTob5R|{X*|wKNmCeqGqGj za&Z?czJphM^NJ3O#omK!K#`&iJQ9KNh(F*FQ=o>10Y{(a)A_oztg}Ugqb}e`L^wJT gI4XZ$WOw=c||q5uE@ diff --git a/docs/network_new/MESH.md b/docs/network_new/MESH.md index 34f010b7e..6854f01ce 100644 --- a/docs/network_new/MESH.md +++ b/docs/network_new/MESH.md @@ -16,7 +16,7 @@ Hidden nodes can thus only be participating as client nodes for a specific user Also, a Mesh is static: once it is configured, and thus during the lifetime of the network, there is one node containing the aggregator for Mesh clients that live on hidden nodes. So if then an aggregator node has died or is not reachable any more, the mesh needs to be reapplied, with __some__ publicly reachable node as aggregator node. So it goes a bit like ![this](HIDDEN-PUBLIC.png) -The Exit labeled NR in that graph is the poing where Network Resources in Hidden Nodes connect to. These Exit NRs are then the transfer nodes between Hidden NRs. +The Exit labeled NR in that graph is the point where Network Resources in Hidden Nodes connect to. These Exit NRs are then the transfer nodes between Hidden NRs. ## ZOS networkd @@ -61,13 +61,13 @@ Internally it looks like this : +------------------------------------------------------------------------------+ | |wg mesh | | +-------------+ +-----+-------+ | -| | | | NR cust1 | 100.64.0.1/16 | +| | | | NR cust1 | 100.64.0.123/16 | | | container +----------+ 10.3.1.0/24 +----------------------+ | | | cust1 | veth| | public | | | +-------------+ +-------------+ | | | | | | +-------------+ +-------------+ | | -| | | | NR cust200 | 100.64.0.200/24 | | +| | | | NR cust200 | 100.64.4.200/16 | | | | container +----------+ 10.3.1.0/24 +----------------------+ | | | cust200 | veth| | public | | | +-------------+ +------+------+ | | @@ -120,3 +120,4 @@ Internally it looks like this : During startup of the Node, the ndmz is put in place, following the configuration if it has a single internet connection , or that with a dual-nic setup, a separate nic is used for internet access. +The ndmz network has the carrier-grade nat allocation assigned, so we don'tinterfere with RFC1918 private IPv4 address space, so users can use any of them (and not any of `100.64.0.0/10`, of course) diff --git a/docs/network_new/NR_layout.dia b/docs/network_new/NR_layout.dia index b8e304ff5e7867cffb548a800028a6590fad82b2..a9f59e20a694c6e926af162ec1df94203e01d4f6 100644 GIT binary patch literal 2884 zcmV-K3%m3miwFP!000021MOYibKAHPfA?R(QC`{^9fU7_;B?MSl1|%)-nDbN_8vWy zM9XX_(nC>p+=u(y3y@T7N+eAYgd*lvnK)ww!~zTKZ+`@KfggVSyos!bAl-&Zd_5ru zPplwbCaW-BUr+x1>tDa~CO^Kt`e7CN-^;)2)ZbY0iFm7iyPn)-+5Pvk+2i9Qik`N9 zmZT^OcW4{Te)prupUFbA$=fT-dRf8B&wTY=`K_O2X}H*Bfff6k;Ciy~m!H;YvWr)f zqEuOKnM6ryJ^0b}c02a!6FU(Pt8?h`4OT|)%QVqSncLM*@m)6 z_H=(#q@f=5^F^7m)K(UX*Kgmv<8O*4m0vv9RoBo)A=$=H*I|4tN9raj6hVEagW6&IaXTzXz{;r8Y}Nwd@svtyBqB#8n)E~IAZF6b|3yYwSD#oD^1 z(Tm$K%aT{xf9prvE*&Vo{$g#XTJAaxSM7#dDbY~NW4OxhZay1QS5f$|MEa!UJE zzDUwlkiOP*j0i41gbPfFLwbta-X)JWH3YPScdCbi+4H<_GK8Ol>@i6{DLdG0YwUpN z+5y2+;u$mqfdqG4Z%Ujwagl8^Iwb-zn~Q!zmq{Go1o0~G!U-L#DIl98i=duXDd|se zQ}qW8FATV+?JRcNn>&evQPA2?B6Zu^Pl_lOd@B1(xJ_D%GFe0omOzxy_M%)4BBiQU z>bat|sEw$=&hfa{6m<|6Hc_>5hC9wnH6`SvlXkH^8j1b?ScM`Lm9Vlz8jd}&p8xlH z!jD>2^DHf&C8GK;Id-E5EgHhqsjjJ0p*7(6>G6@mPb#l8WE^RH!Wf76j z0K!D8-OIT`>yL*FY)raX>44w_(+xzmilYF~0KIK`yICwep&g0-; z_O8LfD}x!kgGU&1p|pw}LA$v6azMJcdW8}lT|E_@UH#DvXm<6=W0-aIZlmQJG+sW4 zx9&fCPx97kWF?r-nIng7D!qYgpTl2QdspkP`{LK7`D-NKhn)#mqXme zU&~rw_1C9PlwK~|({R}oS0DBUw)$TZ*~QfQ__SFh(F^-0rTyF5&RcOTgSIcBS}jpI zYKck`XKX8;)^~|&6J-A6m6h04xXes0fN3bK%L*7Zxd5gCa-CPd_8+2&s5@hjdK*Sj z2NBi%U2|)A)g7{vb+yf&qToA89X8wuzB| zmxW7nLbkhw+G7kRy_Ga9o;%un&NGYW)P2Tt$vVc5=NbwFJO?}nJO?~)!E<*2eolpP zeonn-ey$dP#?8X(*z zdJB%gz800e161aELaTGI!#wOGO{$jh?pwK4wYkuY)=~(oUCPPM(Bf zGT>T?m`X5GdjKvHDvQSD?xRK+;_P>rj<2j*)b|rq2Or>}O5UAsY4?X}Z+Y2EH(j!6fv`$nSG%*8Ug{ z`C4K09F8`7)X(0uk%QTk5=31_O@@gVf^vHh_MCdirRsUEXZDcccY#=Kk(_PEP!2z!9A2Uxs^#rtnF-clXS%Q%B|dsw$W`?~!*>wUP+lE)ym z{`H}TZBhNCKXrzx$tcqNXds5mFj7h!cgi@j?J-A^_EuT9FjC^Y{CFmVBN(!)fXaby z0pEh-CNA-~396k_sqVlrdPX}{FVuM!6O~xc)qChjvY396-3Y8amkA?0BMxwD^MNsy z*$BBzBh0L%`ZqoCDdi?HiL1z~0+W=ek>C-)k8${^PCS60v%-(gc8QVeGCE+Le%2=I zd~aC4mu;p9*ZzbZ$D#Ql>!UjGi()`NG0(AG!VT_> z+OQD{8= zsBW=U2+v4<^`Sy|=8TxbyGDZ>0pS7R0pWEKzP|=958%ZBmmwMjc$G_A0z4Jt2Y3y2 z0l)*m1Hc2ocR84q;Q2#PywL=LIs2h2vwQU0)z?()ny*|$v7OY2e1l< z>%l<^-~QoxY=CQM4IkFvDUwiN9YKy-)22v_0`H-+1@gTzyYiRIV7mnnG`?6@ zosj^7BRtxQX&)k!FE^Py+6p7#RGpE4OJl?(?L#|M5V_G%b&+!>g-tnUVg)w2z?lG>S~wF1 iY`Pq5Dt?drryzZMRs16Vu2X;W_UivNBa)X6-~a%aONLwk literal 2885 zcmV-L3%c|liwFP!000021MOYkbKAHPe$QXQQC`{^9fY4GaXRNFNvG{Y@7lRsdygJU zVq`WH>7gh)?!*1<1xPwJB~qpcLJ@PTOq{U-Vu1zr+mFC5@WYRvH?eaUX4@!Dt|kQG zi4!KvbQLA*tI5BA{p)xB~W~$I^^5&J}Jg;CC=(narwcX0>{b)O{PQ!$lSbpW3U&>LX>Js&B(=zuL`hx{Xwk z{NeVXNJ~BX=d&_ZsjVuMtlzwT%U_pGs=j!ttEr)_Lh?*qV4ro3-Js^zY;Xm#9hYb9E0xsO))&GlzX>MCo0uvGh9w2c;V z*wp$c$p@?cVVLUoN2fsVr^gLvLs?s^dsz9Q2*v5{VZDo1;r4}TRxi_1(@j-u_LA23 z%XL*u`PH7YE=0t^Lzq?7zk71iPBp+4;yA%FkM16Sd#00g@!xQnSDpQk2gxePR?c_M zyY%zqiGwHx60NQ#|HO4=?RQUArf~2;Tes<#DJ7?b?f3o=JKE}AEcUC;RO5qW9fxK0 zK9XWesQNi)5@9iALjCL~FpR^^^)k(pLw+zwhl=_O3_0x7BYrS!Q1?w3t#9)7$|>zv z`6A6$VfIqfF(SD95H2wxF6k+5dz0Q@HxSSc-l-W1W>53J%@BSL^ZPXWr0rn0ZLkAk zY6k>QiEq&mB$C|q{3&tg#6v%-;e?Jg6j04kMNm(xRP-mj zuKRTFcOddNQGqboEqrcJ&7{pxxDLk73u^Z{V^iu0QM#Z1umSs*9QP;bF5#<7f6yD*G44&RcUVi?*+zS}#$# zdWlLAXDl>N>$^m?3G-m`!b* z4kGINyY|-b>N{j7>uQ@n#NobxFxhRYfjL04#@(8e^cP3B*EeYv{Vz@OAU0m0JSIi~ zULGy&3EA!zdXF)j^j6Zac+#i6STgCH|pO<)E^7E17xq-p}&jHT?&;NjU z{w%KZ*YI=RfaB5>#~Gbco15Nc0GnWp&zV3(W4f|=kMVvobFGFKkbJL9+Xxm(AGLCO z`5{C#RQ>E+p-$P|?CbT{WJIupALiYDBJ2`+pf`T|&C!4T&BwHZ#SRj5=Ect0>aaS~{ z9nINUz=+@>&`8=vBSk4|Xe7skMikKKY-l6_jmC{e=E45NE;rJ#=oL32e1zPH0UDhJ zjrQgtpwSr7hz@~9zFjn;ULB46F`*F$G&&m^`G7_jj7Cq}03Y%+3)W#19vP=gFt;u3)z-8|P+y<*v-J#o>4Cmw^Ks>B3 z%6LVhv+KIw7W*LQV;`^u*PlzhSAf52Vp4pF*f^`}OuGI#mFoR&-0^VOB6DIEiIaB@ z;$(PS%O8(88DI}ECtyw^VosDIpZj7;8FGCofj$9!Iy-&(?d{LbKceJQ6N56({`C>& zvIsT8T-ZFRZcox&{p(VlFpiOOy|&K*Xzgc1(IFc45^1{B(+0jUjlm@J%E<3?YS!a1 z9O|{g>Ny<8?9n`XQy>?!DJ6({jM@wnF9j9$AjO>e$fNp*9TUObPvvOoWmE8X*{-Uc zV2oeE7>^j#%hu?AJ!ABSa*kB0NhswRoFjFS@VPrzzK5C$KG`=ONNX_1s$FF>!5Y7U zHF_g;jpm6{9+EC6Wonbl?D|IRF{Y~2O8)d)l;1c-%+;TpY}7a@Mk47mY&p0=2@$>)!jbgEoKWSyND<@UW6vM& zLcOW-I%PW|%$Q%u!9Mr6fUpM$dw|7zSiJu><1O{kyo@tgw}*B6v#;B~b>2nmJiQMy z=U?v|*cLTU`qO8q+KeJCjs{}53L~Y&^`?v?A;ug@+FNDa!bpkx{NvjUj$laC0hI&a z0=@;uOLCaSQW>-W%+WHJ4sx)C}>E)zz0MqJ?5_5)*T zvk`KcMwnSi&2M_*Q_5{(64#MeB_?T6Bf%qpAM5Z_pLhU2XN4b=?Gh{3Wpuzg^Q=wQ z`QEU8FWXELuE!I0T$dJytdHuzFNy*AtmksEy=yoD`Nl`Q%oCq1zYLP6mqGP!2}WXE zC+rXcU}SxV1>OS34@P1DX2iH%X2e*X88JSt!v_g4qjNAL2JeKI3`XyxY`Keag+>3V zmi?W-MCq#OlpX30ajzk@d~XWFQVG%b5o1@9-q%Q7%B_af-o_|Kvi$grG2ay);TCsB z1#E=EMks8Ao_{0s6omK8Z?3kB@Hzm$LU?_V%GeR!KwW_Ffbf9ufbb_Gym87G@$3dT z>RW6z!ZT7_eW($hxg+NAp4H$+KzKlSKzLJx@2|nj19&;WWr$V*Ugy$Q08i!k0p37e z0Pq0t0Pq0tT@Getc!0%s=Gr}&mAP}GfZa!wl2I?a_f=FEM7NoKM78EI_Neqdj}lh` zo&%mkwl{=?f2CL?4+$UhX_=@>A>|uVzAuMRnP>lbb_rEc|D55`6Dk8m0igmy1%wI+ z6%eY&@CP7NK&UR0P?=u}E2hNi)j_)cIq|22j(mlxzoLLp0igmy1%wI+)nl|#L8u4; zLIs5C!Uz=`Ae6%@p(^U1GctNYWuPb^R6wYJPywL=LRDq70HFdxb(sf#G7g990j$E| zdT@}!w|}@E8{isR%ZD}ink1B1N06)6v?-FKz`HorDHuvqp?a^(Uj@r$xZMH>T3@WI z&qx5l5gu*Dj1Q41mYZxIZH1Baix(I{JU(Z<#3qI?7JyBFO`T>XVAB|}$^3R=X*tJ6 z)n6S*Olg5j%mvN_xO9Xw)n_E&(im~c_|Og=L~b=yT^5{4V^hJIScy#@a3;W}Bb*5X jHeC)jmA}WqLzumJRsN#>uCrkC=GFfJ5N5BX4&VR)Zyc!g diff --git a/docs/network_new/SETUP_NETWORK_FARM.md b/docs/network_new/SETUP_NETWORK_FARM.md index d6b2aa527..111c09c02 100644 --- a/docs/network_new/SETUP_NETWORK_FARM.md +++ b/docs/network_new/SETUP_NETWORK_FARM.md @@ -56,42 +56,51 @@ That means that there would be two networks, either by different physical switch A Node, being part of the Grid, has no concept of 'Farmer'. The only relationship for a Node with a Farmer is the fact that that is registered 'somewhere (TM)', and that a such workloads on a Node will be remunerated with Tokens. For the rest, a Node is a wholly stand-alone thing that participates in the Grid. -```+----------------------------------------------------------------------------------------------------------------------------+ - - 172.16.1.0/24 - 2a02:1807:1100:10::/64 - - +------------------------------------------------------------------------------------+ - | | +-----------------------+ - | | | | - | | | 1GBit switch | - | | | | - | | | | - | | | | - | | +-----------------------+ - | | +-----------+ - | | | | - | | | ROUTER | - | | | | - | | | | - | | | | - | | | | - | | | | - | | +-----------+ - | | - | | - | | +----------------------------+ - | | | 10GBit Switch | - | | | | - | | | | - | | | | - | | | | - | | +----------------------------+ - +------------------------------------------------------------------------------------+ - - - 185.69.167.128/26 - 2a02:1807:1100:0::/64 - -+----------------------------------------------------------------------------------------------------------------------------+ +```text + 172.16.1.0/24 + 2a02:1807:1100:10::/64 ++--------------------------------------+ +| +--------------+ | +-----------------------+ +| |Node ZOS | +-------+ | | +| | +-------------+1GBit +--------------------+ 1GBit switch | +| | | br-zos +-------+ | | +| | | | | | +| | | | | | +| | | | +------------------+----+ +| +--------------+ | | +-----------+ +| | OOB Network | | | +| | +----------+ ROUTER | +| | | | +| | | | +| | | | +| +------------+ | +----------+ | +| | Public | | | | | +| | container | | | +-----+-----+ +| | | | | | +| | | | | | +| +---+--------+ | +-------------------+--------+ | +| | | | 10GBit Switch | | +| br-pub| +-------+ | | | +| +-----+10GBit +-------------------+ | +----------> +| +-------+ | | Internet +| | | | +| | +----------------------------+ ++--------------------------------------+ + 185.69.167.128/26 Public network + 2a02:1807:1100:0::/64 + ``` + +Where the underlay part of the wireguard interfaces get instantiated in the Public container (namespace), and once created these wireuard interfacesget sent into the User Network (Network Resource), where a user can then configure the interface a he sees fit. + +The router of the farmer fulfills 2 roles: + +- NAT everything in the OOB network to the outside, so that nodes can start and register themselves, as well get tasks to execute from the BCDB. +- Route the assigned IPv4 subnet and IPv6 public prefix on the public segment, to which the public container is connected. + +As such, in case that the farmer wants to provide IPv4 public access for grid proxies, the node will need at least one (1) IPv4 address. It's free to the farmer to assign IPv4 addresses to only a part of the Nodes. +OTOH, it is quite important to have a proper IPv6 setup, because things will work out better. + +It's the Farmer's task to set up the Router and the switches. + +In a simpler setup (small number of nodes for instance), the farmer could setup a single switch and make 2 port-based VLANs to separate OOB and Public, or even wit single-nic nodes, just put them directly on the public segment, but then he will have to provide a DHCP server on the Public network. From 5125509e3e2a8b45837fcdc12e15bf54db5dc4a3 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Wed, 23 Oct 2019 14:04:25 +0200 Subject: [PATCH 13/18] Update README.md --- docs/network_new/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index f435ce929..ad3821b6e 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -25,7 +25,7 @@ As the nodes do not have any way to be accessed, be it over the underlaying netw ## Techie talk - **boot and initial setup** -For ZOS to work at all (the network is the computer), it needs an internet connection. That is: it needs to be able the BCDB over the internet. +For ZOS to work at all (the network is the computer), it needs an internet connection. That is: it needs to be able to communicate with the BCDB over the internet. So ZOS starts with that: with the `internet` process, that tries go get the node to receive an IP address. That process will have set-up a bridge (`zos`), connected to an interface that is on an Internet-capable network. That bridge will have an IP address that has Internet access. Also, that bridge is there for future public interfaces into workloads. Once ZOS can reach the Internet, the rest of the system can be started, where ultimately, the `networkd` daemon is started. From a4bb684899539368d32d01e29c82d73c944f84c4 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Wed, 23 Oct 2019 14:05:49 +0200 Subject: [PATCH 14/18] Update README.md --- docs/network_new/README.md | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index ad3821b6e..111ec023e 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -35,13 +35,14 @@ Once ZOS can reach the Internet, the rest of the system can be started, where u These tasks are mostly setting up network resources for users, where a network resource is a subnet in the user's wireguard mesh. - **multi-nic setups** + When someone is a farmer, exploiting nodes somewhere in a datacentre, where the nodes have multiple NICs, it is advisable (though not necessary) to differentiate OOB traffic (like initial boot setup) from user traffic (as well the overlay network as the outgoing NAT for nodes for IPv4) to be on a different NIC. With these parameters, a user will have to make sure their switches are properly configured, more in docs later. - **registering and configurations** + Once a node has booted and properly initialized, registering and configuring the node to be able to accept workloads and their associated network configs, is a two-step process. First, the node registers it's live network setup to the BCDB. That is : all NICs with their associated IP addresses and routes are registered so a farm admin can in a second phase configure eventual separate NICs to handle different kinds of workloads. In that secondary phase, a farm admin can then set-up the NICs and their associated IP's manually, so that workloads can start using them. -- **farmer considerations** ## wireguard explanations @@ -72,13 +73,3 @@ So for now, a farmer is better off to have his nodes really reachable over a pub While the mesh can work over IPv4 __and__ IPv6 at the same time, the peers can only be reached through one protocol at the same time. That is a peer is IPv4 __or__ IPv6, not both. Hence if a peer is reachable over IPv4, the client towards that peer needs to reach it over IPv4 too and thus needs an IPv4 address. We advise strongly to have all nodes properly set-up on a routable unfirewalled IPv6 network, so that these problems have no reason to exist. -## future - -- **CNI** -ZOS and it's Wireguard mesh per user is a quite novel way to do things, but there are many overlay networks that are built to solve other network requirements in very different ways, and these solutions could be intagrated in a later phase, through the use of `CNI`, a common way to request a network for a user, or for a specific workload. - -- **automated provisioning** -As it is now, user networks must be completely provisioned by the user. That is: a user has to manage the subnets allocated to the network resources in the network themselves, give it an IP and also give an IP address to the containers hosting the workloads. - -- **fully routable IPv6 to your mesh** -In a next phase, your private network can host a dual stacked network, incorporating a fully routable IPv6 network per network resource, where a user can choose the farmer that will provide transit. From 5a5ff5c5366e57d366da62e5a08e5c5b2b931b89 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Wed, 23 Oct 2019 14:06:18 +0200 Subject: [PATCH 15/18] Update docs/network_new/README.md Co-Authored-By: Christophe de Carvalho --- docs/network_new/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/network_new/README.md b/docs/network_new/README.md index 111ec023e..d6c6a7154 100644 --- a/docs/network_new/README.md +++ b/docs/network_new/README.md @@ -56,7 +56,7 @@ Every wireguard point (a network resource point) needs a destination/port combo ZOS registers the ports **already in use** to the BCDB, so a user can the pick a port that is not yet used. - **wireguard and hidden nodes** -Hidden nodes are nodes that are in essence hidden behind a firewall, and unreachable from the Internet to an internal net, be it as an IPv4 NATed host or an IPv6 host that is firewalled in any way, where it's impossible to have connection initiations form the Internet to the node. +Hidden nodes are nodes that are in essence hidden behind a firewall, and unreachable from the Internet to an internal network, be it as an IPv4 NATed host or an IPv6 host that is firewalled in any way, where it's impossible to have connection initiations form the Internet to the node. As such, these nodes can only partake in a network as client-only towards publicly reachable peers, and can only initiate the connections themselves. (ref previous drawing). To make sure connectivity stays up, the clients (all) have a keepalive towards all their peers so that communications towards network resources in hidden nodes can be established. From 391aa2f5769b71ff25f321a153a1a803427d8162 Mon Sep 17 00:00:00 2001 From: Jan De Landtsheer Date: Mon, 28 Oct 2019 11:50:55 +0100 Subject: [PATCH 16/18] network docs restructure --- docs/network/HIDDEN-PUBLIC.dia | Bin 0 -> 4201 bytes docs/network/HIDDEN-PUBLIC.png | Bin 0 -> 62117 bytes docs/network/MESH.md | 123 +++++++++++++++++++++++++ docs/network/NR_layout.dia | Bin 0 -> 2884 bytes docs/network/NR_layout.png | Bin 0 -> 39589 bytes docs/network/README.md | 75 +++++++++++++++ docs/network/SETUP_NETWORK_FARM.md | 106 +++++++++++++++++++++ docs/network/{ => attic}/exitpoints.md | 0 docs/network/{ => attic}/tools.md | 0 docs/network/attic/zostst.dhcp | 54 +++++++++++ docs/network/{readme.md => jargon.md} | 0 docs/network/network_module.md | 80 ++++++++++++++++ 12 files changed, 438 insertions(+) create mode 100644 docs/network/HIDDEN-PUBLIC.dia create mode 100644 docs/network/HIDDEN-PUBLIC.png create mode 100644 docs/network/MESH.md create mode 100644 docs/network/NR_layout.dia create mode 100644 docs/network/NR_layout.png create mode 100644 docs/network/README.md create mode 100644 docs/network/SETUP_NETWORK_FARM.md rename docs/network/{ => attic}/exitpoints.md (100%) rename docs/network/{ => attic}/tools.md (100%) create mode 100644 docs/network/attic/zostst.dhcp rename docs/network/{readme.md => jargon.md} (100%) create mode 100644 docs/network/network_module.md diff --git a/docs/network/HIDDEN-PUBLIC.dia b/docs/network/HIDDEN-PUBLIC.dia new file mode 100644 index 0000000000000000000000000000000000000000..139cffae3d6da27cef08a9bea73518b07f237f2d GIT binary patch literal 4201 zcmV-v5SH&BiwFP!000021MOW~Z{s!=exF}qWL`B2@0YqW#m-`jEl{AvZo996;wX-{ zjvd%aX7aMXeR(M7Vwp;8QIxEN0VZf%hDS#^{LcOG$Dh7m&qsIpYCT&nKA+$eos9Cu zWO*@LOh2Fe`Nz+n)X7g@KKytw%YHEbrmO6FWPW3@hMzv4TouL552vT!zI{vQ_v@@! zuG0DJHeKhZ|I6m{?9?neJ^AusG^Xv3#V>2Tyys9<-K7ah zbk>t>Zba-Qwmi7FoE63LmFK_A=IebJC_jEYZHJ!R>1uZI^16ovt>^PG5WL)ph&6nDV2FvbH4V*?qp+Z2$F1O^-Hz;0@x8vPm(!d-&^YioS-YfI;*d{qbUPGX<}12bCs+j(T?|5-V8Gt7 zF%^V09)gOl2S-tKI}}~+ExG`MAw}1^Vbt2XSXCy^FP_OR-pH=- zHg<7J6C+eu@{lI4rJ_=a6dON~q)asw;sRdAD>1Xmnz}!#O)_k)tK=hUvJo$Y@ap2h z%SGWL1fP#Cv+LRX-aJpXSf7m6#XZED3_z8?`p>CWo6n|;>)ieK%on%Un|HY<6=&G;uoH1-AE|mKo*re- z(9~qPSeTP*AZERDydM6~=*oc7Mm&q9HT_0U|JM;>+u5`o=#$>ihm6#P1U&?h$0@at z$C%_GK|9L3;Cm%$V4U4VgELRiqqAEdRd3xSQ)5<_hu4#Ypc z&kEx}ARHBUXvJL-!l<&3*@5_Vw#Z%eHr@p{L~qRbkPd`Vpj-(FbchnhhcNU66}I-q ze9(+C7$#@=;=(d>D2tBc07@Q#4mQu$@MW04{^X|mB(6%%)~z^9w#_)P!>Z$#@#dFx zOC}&F>6Wk(*| zU*ohBU$rI=u_vn`=|8_hMEbnepnTC9+25%2HY=Mvhtsq?+_-E)de^|*LrR;Ga+#TX z8k$YW)fttD`pFC6Gji8OSQHV%F79yJcaS3RYr&N^@ zo?)ccN*tR+$2hcOToJ>5q(?d4 z8C+zf;H;`V9E#)e5;gSM)$S;?kO+<_wO;Il4FW#hs^Hmx3y-sQUw zQw=XlMf?lwc*;1%w)3KKs$$RjmJ};$<5H9{3Pmmi5eY>v5d97fCv|)}mWmWJ2%ssC zgjTO`qELjBLBk2{2~Kzm$zaWqu$63x1`c|2hBb7u3L*HIvJ_!R&l<{t^YF=FH=k}3 zn?ZD*rHTpquHeMH%1~hPxOF%vc_Ps(kkA3TIl{m2KP4R5wsop?&{8);Nos2uP@(}x zC_zx!lp+#37hlVz!^vUL5GSB4&mhkbQ)uAkM5|=TR*CEhO{D*1-Bch!?Z}p}UJi`c zphy8FO3P6(h%*Km3WQN;v!s?!S2#S?no8SaFhnmW<0KphjuQ~we* zWV8_zm5Db2n$nD^DoEM?fdzEz3r>~IAYc_7MVw4JGYwop<{vJKiOGX#R(D=9-&6L0 z;ufY?YXzY=6xvM(O2iVPl)x+_p%As^2$M8)15O>6&PjCwLokvKH5J*svLTuyL5DdX zuQ}p>@g^_pfs7_rREI1*Hk7yxqVbeajmJjkBY~K0mghXQMN-SBYf4~QO$EjYM(SN< z4 zyU^%SFa z!N(*8CEfpE4j*1LQb&k4I=YG6Jb>6!=S1lD8=q`#3)UzUkfvfXL zROh{v8ANsd_R0)u+KQO}ZMzCCmu-Bv?7mkHXsQU10bCQp79WHk>buKY&7xzP>k%7! z+Uq#hwRhLlbv6gUZ5Rm0msNhGY z%ARA5ajkt`LOdu(JJYT*-;y3Q8?&NISx47sbN^a4ngkuuO&>GrKq=O;#acF(+{Ie9 zw@}N*Td8HEvV&SS=r(?+Wn;LrS~fr4Vzj*PXgP1CmW`?oYS|2tN6o8aOJ0nX9~vvK zN@5rrb)n4JGiA=ZQ|2rx^I&@4Ib{ry6pKX6b+1YPHh+-mX?VD1Piz*X{A+RMZEk>4RzQ0LcLg`k+j7t#W=% zH3#g@=Kj~Hh8+z-pGHG4loCxGRcOZ=*8cs^ufP8C_m`{BVuZV`2zMM6@%AFzx+SMr zb>tLV4a;$N_27QIMW?uLr&yqtoMPRDQ>-dZacu93PVs?GajXY_H)H37cLf~PVSNkz zh-g45R?9?R!X;*w35t?!#OS?*I$`hU{&Ib|USk3OT zBA?%XSm(v3+nWzRXRGUoPoeS2C7KbXjv1wDngj&(H<4^#S@T|!JuRh_aNE9yFw{3u z8|u(HbX$#+yP9P_9Y+0KWy`70g-^1d3*?0NWwsD5V_F4oaADBOqS#Y|3lP?pa0e|e zHC#FtLdX!2*y{2YTV1%%6_GFCL)atETd<#{P$GQiCqt<*p0Vxx)QXG^VMUcLJ3n#o zGhV}{W2FHhidpRZe4D3S5Al?Xc*^4`kEi^NpK{rjxvo1h*AY~0)6sGaCNYMr!iNJWoAMuDOP(#Cj zqp!1z*{Zaxvw4K0F5pN+I64wIDu145_xb9}hw=yWZ@S8^zkK*Vm#xOl@-6`Y8=eZ3W%tHbazX4qkpBd)@cF_D7kQ5;&M7m<95Lde_Yj-l6Zo+K>a7NHX{^)xQCE@@<`q(c5T90U4H+(ZJQN4m8$yQ zy)5nIx9L&3@9A_CRVtHaL#{d#lyR(wXPrIkV@eq_jm|Q8WlG237aX2$gX5@%L!>VA zQ~3#=K707?$?x%no-0qnIBgA`g(%M1Z5O&@d--?g1uc8s7F}~`ByS-Q4TZV6xdSX{ z#|C*0XmDAE?c(cjm4)hVG5Y!N6kpI41R@d1L5M(j?X)YyZ*)@Y!7ttq3ix0B1Zf#o zC8?sKqG^P7Dvji;>dRmHcr1L%b^MHbD@0u_Fh&RS?oa0b^MXQ=LA1Xw*sK0{eq4}DHE68(b190S%G9I-C)&1mRv?nO%1j>x%}MbW`Q|@ zg@uKztgMfZkLZVdjcU_~vC+}1moL-M(RE5+$HMaW_ZPI8`w$rTeK1F_x&(orDRTj;fJ2!7`&xJ}G8X1`-5Zt-*D_bEaPp!f< z;;w*QW?`Y#bims$^?tcURc05^r|ldrZd5 zIF8qWGQQ(Hv2k&(2W!M+WVMc)n$BP2;^M|t;ih%<^cWvJ@HpF7nxOx5m)~Z0;rnQ{ zq@*PJRqVow3SRx~hum;a*N!`m3&#T#yAQJ9U!|3NdUm|OqHv8{Oak@5qFh^BJ3id3x0(@kJ_=)yOMf0kHC0|z#P6^cDV~yb zFy7wY4%-n(Cdk9Uu-qp>VejC;qdoJG8SWN$FLYn$>ta!Mpls!0yzAWj&kX5{{b4P7 z>G;=rdhuvn+}!(f9igU5Is-hff8CP|p^*{fHto;>kxG`p5v@~iIUkBMdcGkteui`J?yBPB*%pKCHRpRTLk zK4`)f@%Hg~5zW=n+bg}U`aI^{yQaP6pC!e`Ha0fdLIY)H!-UMLxoQ;~4R6pN``%DU zLnaD$R~F!lrlzIgkZ>9Ir%IZSl`B*eVu^_`F!Aes2@fY+z0bgKQvP%3 z#I$jAausf9fz<+XS&CG|6Zb8&I;_wU~e3+cMw9Ur|^az8nE@!|!6=%165AQJ9p z>&e}3-~hWHP8<#@X$`vF=it~GEi*Gbl_HKL#9Cf$o?6bfoT}SFULq5)yCdXMIx42Z zbu7s!ciQXs<;xemZ?_qT6QbK_xVh~oYn*LL`&Hp$eiiBAXvCuR@tDp=MzTy+N1F=K zWo2a*6%~y#MC+Rk=ezH8(Br6##l2cROVb!k4bsy!Fc53yz^`hX^QG{J6!AQVbd#O; zdvVcmw)y(*d2(>MEPh+F-S*_5{CXrTf9?K|T1Q96pyKZCu9UPi?+zXl=O*> z{b-r;U!JYakrbwbi@f@YZo$_f&3_Z~!rvovdK+O5xmL zjkaFQZnmJVDOHHhKB0}{4Qb& zu-q@E`DfOj^~PO3HbKFY7|S|qJ3Gi*BD9jD<>qQRih2D%e@e#*45q(`X>NYvJYO;C zk^@Ir^h1K@`PVnqDIcnWK3bq6D2@_~lWlOUHGr5C@-k^1H73VIyV)KtO<8 z$VFb0o{DPrJMUB&4FeK+8s|9qnFwl3rRT-@&iZ^;1glCh6b`!d{>`T$rLed^e#nT3 z)cg5iHpv?}Wmg0ea~eL6;aUGkA8%!6hmDPmv|EyS?3mTquADBlf4~%Fs6{W?k1KMD zM^3)6xJbWQXU)+UASR-6FqAz;5k6Xa7`UcLcG1h)6(%a>4JBUm)%>;)V* zVn2VTEEtEhV~XX2$Ii~)D}3@gMLcle*Sl((pr5K=ZPFZAWdf zD<`Kvfuy_xzX%#^P6W0O`SQLnDv|6e#nSnC6rVG(>&-7Lz}=f}3h?vK&&|y(ER2qf zn0R_qvF4T+J0wYB-MF#wBkA3!!W{;&(bizf$5(O5A+MjV){~!g@4_R1b0a^FKv=t_QEJtO{dd#;AjkA+Uq2ObiUfA|5pv8AcBuHk6x>l`^ubmbSOGWxx#- z)StVQ4JS>p^ZYZMqB!Pfd?_5Ptd<6IhAr#QhJtl(Kl+akW1B$5Pw()Ys(|5JJ*wY) z1I_I08a0mGQ9s#dR0Ue!nJoi2jl}-%BUKdcblu6#efXjjClY^@bMK9V0V1{yP_RtA zq-MbnCvR_W49bJGk(6mOay~2V(NYrtZ18{rQdY!1V;hL*ey3SrRRM=bg2KI2%%4!B z%I@Qb52zyHv*#-AG0^}>`ZKk}`BoDypeTrV-_iL~TY$v25fH@oEUrXY7 zvIX>dlts?}=skJT3^}N#wwBj?bnnMw+$@dH%anTDPoF+*pR9HD!Gp_IIFKI#IJ5N) zi&b9j7wpWBA3q8U3q8(``2__TEBO(bF?By1Rt9q}wu3wej)MaO17Q<~^ED`3*NWQP zpYrnZ3Jq#IiN_QT=aKu;48o2Ent*|4g2c0D2%dK0wTCa&7p+mo^DHs_J&<>o>@`ti*N zE5T(YD@`f_FyVtr6NF3)fSOg!#*qL%o+@SC0Azpqc#d#bCeLxK@L+xrRG z55JJ)!>+Pp%BUn$RB=Wz9F*Y<=>%1Z;-aGKxVS+dKN7QPdzEoB5PMA$PX|Z=-2a*W z!c53>bAA2nc(p(T-sO0#>OsH?k`TS{cAKM*qom+1sfgK>;!^6VvS@Cz16X(@{1&rn zsf^WQgbZ&}>YI*G`U2&mb(kl#@OVIQDbZKd6XUFCW?`1@5Lr>4fb{oa; zq`kd;9ESmbd&@f?IU?5hs3w!+;mGX@Xw)?9cEhR&S^3>=P#`}%AAhB>f#JQTXk+D^z z*EXkx>*VT6fpn6|*l^r)?tVH_6EIH0>Ak z) zU!-Stc6Q)ccf@@9`0=arZu%Rn!n^vpg7}1lJRYZi0s^qtLrgs>p_Dm6*K!T}PU5uq zlEPg?<-V`r2qQQ-fHoi?=N|MS!VGBKHMpUjJcIVy8}HMn zPjLEHA*YTKOc0~r9ULDYmrW60A1TRzKcE{ugBVJxH%}trP<%`*U0-6m*fZ1QOGH2b z!EQcUDj6@1g}AMQg!iNqLP||Zd_hxQp@QX*-4~SjbQcmxZ%4;6Y^se-v9GW1C;=K9 zzWCs+Y{X>QqKHX{p;QFeX3h@Iv=24BWHevv4 zg@xn&No}r+{(jWT!3ZBcQt#<0Bl80w`MbAo`}_L`@-Yy5`B3Vw-MBkF`~IyI9tkl= z_*avm+!5GDB64yMI0NTrC-n66IT|++cfJ)Hbj|sb5)u*$|CxRV=vuLw>hTGr0d#cK zG5@{39v2-A$7JwxQMU}Fyo%Q&9L_s)At512k9|AqtI-f8Mjb@FbGN+3KLi-WbCG^YL;<1hd*uz2}9=&-9Kd0&;$v z=ElaP+}!7yw%w5^axN=7JDS%rzM!BWE>1&Rdm0jAx#g5Fv=z`J9IduMGQW21nxLSd z@B8=Z>FFyLuznZNTYR=`YiSXC@?^<=c<-qwdgKpwBtS8U6K}k_x;o$yJtNzKowh+=qpUL+?|l`$R%RSRdsYQk{}Ng&6^x7}TM(P9=#lLg?yY$*4u^>1-m z**<_Ss^zbbx;cBFhTJA2a|g-=@*5m|H|Sm=Ji}=^+S=&(`Bg$vLqcx3x}HpVUbv5y zo5Nu{ft;8Rqz$|l`!1hMNGh#VcmOHy%aBxP%bi?YJWjXU;M@S6v9YlMNnFr&Apn3V zjU=o`6m)Fr;(!F|j#n7n*AnZl_voqINbk9%9o7BXDV)-%!SB9l$GRjR&O${+h<^8M9-PQL78RYQey=B|eKilv@z~EI?RdwQTo28|u z@(Bu}+Oft)ouwa1Ks5oz3q9!5X?jmfOAF;4)r$^f$<55nxQsq>r`A)!LtRBtx1Lk@ z8>5ENLY;SR&(bR^`PkWIPg3f`nbj24Z0FiP+dLSpwEit8Ekx^`nVs!2|3%5o&F$N_ zZ@{X(GC%9??uKk~biTfr;F+J9`9qlG&K+YjGgr6*K%A71-~SpJS+-@}hohttDS+kG z!m&T2(#nY*zCp~S0^Mm0k9ieDB0yzDati`dQZ*SFE4Ve-IiQ;IMvvp;;{hKoUI4r+ zHyz$32lfcA?AEPY;z8tj!|r{I9N{fGD@+K&t|vyl93Q3dpbZngINgO8!I2dGaC+(n zDO62u3}9A^KT$+@cxMg)5fK(8x##J2lP_+8Ms+z<3fN~{p}ika4(zqee--L%Z*MR5 zCQtxEnmH6>&}YJG8Bjqmg?8Zda(wyw8Sw)4&(4!&Ft(wwg1>imb(#IyngQ0U9x|I* zLG2J=Ew~8?=*q8O%_pktw`W_v$M7aVZ8+XvJv%+M)5?=h5GEiXfQzUA2&rcorqjY7 z@V>CP_?Bqo2K)F|+r_P!CVxLaSZip%=BB3;;XDR>&N{R&Q?2)KhhASy%tt&$rASw- zY%?1>QCMQXjlwhF!-q>+ssJbZ^y!CDpK)4%>kxlje|J8>(tu$0dxF;@%?4kke z)H?>-w$sJRs#)`EbhK0sbBciH!$_=1Z&w#7(rF8FvWA96Xh?|5{tD`a0Ut*8>?=6z zSLBZzhyJ5Lq4Bunq(sNW2tt1ctHWhFV7%O)b{wCG=JL(a=MOIGQab{S4w%q;y{^CK3s;)s^>{fr8sAfikCbJ3R8^SCPwAz6ILu5Z`0qZl~|v-MCRAq52CbAzk7s%N_i z7vnX~C8(~LgU}SP)4$D~pD2BeqK*-{5YP(MlbogP%9&(xMreilS4rayO3@1!dg8{C z#jqqK+90mmiK+mK1q24d=9UEo^#Zp6yeiN|hd@YlM{}52U)HH`BUd8P z*ANFlal;9O;5MJCI|FJCr(W)=cX)t}?zjj4K(`}dblk9L8rH!(3mm7@1488a$72&SWQ z>l+OZ0Dfj>qGGAK+7()(T$K`UyabQqWq>YYr6#|Zmye(*xxSaJON;YuY}(zP)jRhhLO5t*x!0!{mc(iATlB zx!XddwFiCT{yuP%ned@1Dp3av_;k;$98r%cNKhM6%jd$i_NzlAf#P)&04tzXY`W)~ zLc&34AssJZ))~ft3Iz@ZZlsjsRVLb1IaNc$g~UhiP#M~vh}Ff}8MRO-=DxSNxfw1w z0mwY=)_q2 z$$iF?glj|beGjS)+1{Fo@&=D+(U&PgsR6CV z3Gk`1@-Ik4&`JT0^YTzJ)Kc>O&!9W$(-&0ae)#YKi--l9Crdz}f{)&%kqv@6RJYqB z2w+yO8V`LY`bQ-xYKOlKdO8tC+$+`BXBx*rWr!IIL8QMFp5jjcaaGcPqA2PZU*ky$ z{#1LRsW~~_`0j9XYI9{JIxK7;M~StJ@lqlY;pFh3`N}}nPC*_S8QCGU$6sxYD4$qZ zY-Gx&0Lc3Ze?Z$kB=87bVz5RZW;i+zo%ihR zb9j)eZ?2JN+9MRX?<(wyx0>ER7xl&iP~R(bI1VTh6)#LG$!9G%h>}NIj%rXNHUN>k z+3N?2%c-c0{AC}!1?ni~GNXB0YaXM)ts(&3RzvI|vkVOk(n?Bp;n=@$L4+qHBn)1t z*13Hh6^pvVK^VpkNC$K~00jR>c=)-%5L1a0mV-mx%~tvLBRE1l*X)&mH;$|ho?`s;0z9yn#j?URn%JT zLpj5di_E&G_ec`8CH(`jXi{1Jq$Eke9|K(HwwxUA=rDowwDYIr&!0aZ@#*V;s{vZ1 z-tEW+v=sUm(Li7hKy-wKg&8Hd4>dKVKuH9M^QzkIF}2HxK?atVtlsTVY1wtXq5J?u1DUJTto-%J zE7vhlC;R$j>-ut4IMvkDj>;RmlqiU?j{8eZe!@jQkKzEds1Fcr2icC$UfI~Y<-Nd# zG+X;s1cV@nh@h)UL*r4}HLoR?47qjh1C*u6(CWI&NzT~4w?yX_7X|tGO}L_=957H) zCY6@Tulog%5M#Nt0Zi&{aOl(J`j;2L{F?S)-oh4BtwOd06xKk0|J}Vkx83i&L`=$C zkkjBpAFn3|5DoX6;N^SEc>YJ`Fg9L-*qF0iMT@+AT!oU5g(L3e;;y&g%vXoI$$uvu z?te35oY4bCbT}nQxD!75c}v`lhU^$9Hg3bIzD7wFv2CV!=a!BcJqaQgzx0CQgxyDB z&mo(vk5wqaR#zAmxod#zJ&G&t~qalamu@98jb}Lqmm-NJ!}oo>A^v6@YmoBO{?% z2Sxyj&YkI#N7kz;F3_g{fwi!>h((#4oII4PqUWWX$mgMip?CAn9mq+I@H(iod%&U! z+pmN{wkgEO#%{Jz(bxFoe+V*J_mRGTn=!z2?dzl=r;U+p8@85I8c(fU#RtdX1rGWDkTiL$aKcy4i%p2I8g}%)@ z{IEmvMpxbAfHN9g-}v;P#3%}Lq3!K;Z2+M-IyUHqE3I2h_@b@<_=#hiu~CC5hG8!U zfj(2@Rd}&gMt~>mrS<{SZ;95o9jKS>8^N1#UoJ5s=I0=MejQL~B{L@}#K3zaVondG zU-t~R)JXB6De4fhfjVng1V~K_g_g#I=zp{cHus~8Y7=+8NEh5xs7^K+y^ch z9CQq`KQu>#%m4lD58>*0I1m%^a8Ml= zfLOyKWXjy9ysAAx_TDJ#ZNL@I+yB9x0y%Oj(Q&ijUcl zU0adwN*_Jf)fD!(KR-PJc6tro4~T`a3QIVUweXts&R};9MaA%f0!t|N@D~T&ng7h% zM>QV4%XWJUx#2$(b&m6iltTq|_?Iu&DQ}Po(6H(t!r$JBH+Twb!wGBi zTndV-!^Rir{ji{sy4F;J{SIyivZvQ|m9I7iP!!xwek8%V^i#l&BjA90Z!6Q$u&`M4 z#PWyGz&SVTOBUO4y_P79{d4$BL_~%8*uiXz|IP&X1tw~ouNc7LKy$hZtTV^1|DA6fUexmxwY4<2MECyS=^ z!QCCowXiZxA{*=B*j52JrKpD9uU2C(OqGh{&Xj?U==pf)YNoh_1CXo z(25yCyWP{%bDYzx9k7L31P~3l!)~7YB*y>yyscfcH!%!-$J06s>lb;dWiCsWxWa!D zfmx0>WkaT%U5@9>^H_$*8QH}BF;$)IAFcJFRQMOblF>)o6{E*ti~bb z!6xB)3K^X`ZL`h-XaQL6a7#e}fvZ=q3WJyh8P91c$rmXkv|lPaNW4pr(Nse633W%O zL~oA))klJ`oRQ#xDr~S|##|(@0|B2kPpW{W4FuXHCg=3*EH96FmUmP9{QAynLA~%! zJ2fy+fLj3Zm`3QiJm=Pn`tBvs5;a?$#WdQQ_k-v8&GjS2?i8V%FGa>m70GL^ji)Go znTt+}1Dazm@|+^&_PJKFe|eIBxz37lZe!1#d(@Z8WxE4&_yB|{(BJG2ENeKQfWvcDDfVS2_6+Q^LJn%7wF~=3Tms}j!>Sn zv9Ym}KYzdlkpaYHy(aE&~iKC~gfJ+N{NLO=t>uC!O>_&jhmj7~}$=KhJwT&r2Q+ zHYxXkC2QXB-?6hhHo%EOTLBMfydjDq_h@;ZDI9);5I~U^2Nthh^?RYAudT1+s370U&)OJB#pxC1IT$ZxA9Nzmxlfn^BVa4-~r+szR~Q;it{UiT~J)sZLa< z2h1-tSwlwifT6BINMF8e9DxL?9jqVbEAF-4%ZLuYF_UTFxv;RHS?@6c_JxJ$o#1F-{>Bfu zA3uJKOOE^lt&~XwwC#MfwDZva%O%bVhJ}ao82?BF7fqS@*wB`mZ(_o2Q4Cbd5dS_h z0$Ro~Fg==@nuFwi0Rgc>t`0IX!Ej_Bls(b_A3|wHyvqX~9>tVC@AvODs~yZ?b3x!V z1IFxh3ED@91Rp%e{BWG16vG4Faz_$t-5==0Nsz}!tHC`2adQfeJ)lK^TK)rEOj~pF z^H{zjs9x{K%LWDpe*IEDGO~dCE-RYRd&#{Q8rzob|8GrjW*7s3W0|Ah36xI!(9n^GLP6HVq)}kCZ zH=yR$pyuL~%RzSr&Oj&(U(gldwZKiA7v`nV9ZTkzYIVe12GUhlkL``m@5pw(8{F2< zpA&6ryeK2bpRiRzIiLP3``lf8;D3x~=@|hn<2YXA5FZQk^H~~Kw9A15 zMy(oX)nG(W`iB`#?rH-@l(mRS5-}quCns1^!P7uPGY9#$kSJ zv;LwEw6p5!6R;}4`5-M7c{Xh;pYAe-!Udd0pTNQbE@PBM#&%s$`wqC6I`mJffDfib zBFDk`I_dsfKbhDc%wh#5AEyWm_4Vym1|-R`Ow7$EfE@{dV;UO^-56>)R_!*%`KhTN zYkq|&93%v{^srPo(+FrSjqk3Z$}U(Aw9+)*d?T6U31`uW4i4U0ub2Xwnhls1fO%;e zXiQZFp=~C4z%oPLHXYWrKv~K%J#CZdVeeplN2{S>1R)as1v>mFMN&IfPF}9YA7B}4 z!CVMOD9lo;(yH;t3F6GyX$+OOYMgfgXEJ#^9ZopTlX^W^S_M!z$kK=n#WR7{kO|st zkp0#tzI_u_LOq5-x&?FKQGdqHH&aG4BF!qhEa2C7zComcr*iV2Z(V6K{|xqd-Um<~ z+ujX?z&~xvMzBhqyXo=@3fC!VBn7Nzy@6T-O}n<%9b8N`JzxX}xn}N55QT`Qc@mhk zffStcfuytxLbLoYoTW!iW3AxB%sKn=9Y~6#Z^8)Al)vulNi+iqCt~p?#?4I@oH_w1?&akLr_@AA6Kn}V zLDFDs(eymCca~I87=(Zw$yQ)AGFk+3Z=%vVg|g-Tx7g#j_cFESphb1Z3ypPkEiu zlK$g%|JRSQ{P#_W|NkpsL;fEdE&6|Fb$d~xRJPinJvdw!e-=VhCWS!QTao`gso*cY z-Na9-5j%#iJ@bES$m-4&PfyRBdZ-R!Vqye@gqW1$6BG3p=dKgn8tUpWDB*(#z-lz3 zva%Ao`t-!ahjA-t2=3q_gkF*9U^XE0Q^?J8bD%1;wYE+kFhGY8k`NLe?g0IllBToR zg~27niVxUoTa%%0fm$T`0Vqjv35kr<)bRrbAmKkJ%>G0E0)I-a(se{81stf>ry;38 z6dV^^fNBcufe9qlW5(+UD~WbxucG^q$yr$HAP<5RgsKF>?#J+EoQB=OZF*(KeaVT5 z+Q9H%%>=_Mg+5b*@)HRO=t%|n_%2_&217#TGv9nF-2IT`If;qWJM&#Y2w>pga6gPg zcpYma3ALHP<-i7Vcyt%7WYwU?x)T#UeFiiJK;P4W0sH4qxv8{E2n+vRWiMI4ErZ~d zDszOMsz9rLQ??8o zsvdiwS_94%{Q!j&{2y9>9}25i5U1COyB-34Gr-dLRN;gQdk_itN)osLz}bD{>mqE` zH5`&s?Z!*%Dd4>UP73UMLqi9E87}}mbCU$Rv|K`*clk;4HQm#j@N+JGcyz`cM6g{t7 zzkiqdNwYG0dBRf0&A~+p8Fwwz5C)VoK(tv34_{Z=%kbA1K00SKGl-SLSlEZe#6;k8eBQsmK_RTJ z`3GDh8g*{`LPBR+7staOK0?C3Jwk|RK(s4A)F8*h#U^SpbHD#sp9v33;KPj~s`58# zFq-uXBxz08b#A~x5FzScZRVj_0y!G=J~zN~Ks|wM)d1FL7(aN9@i`&_I=)KSa1d~C z$dP;^B3d4wL9pA}vVs_cp^Cf0xmzYYh=w@b8?QpG!T$qhs3Qm1Ug(i5&CD3R`CuIE zfTID-$AHfgGBPsU4nf(rx3)Hc<{#iQ%r)hmm;z)s1G^chVmOu8#F@3`v~DV$-}a2h zUo5@o@hiEKocPJ;D@Md&%ZV(NXlU0K~ZQZ%D)ZyuXM5KJvK3i z)0Q@6GbmKYVBr8CpIRLjLgor_S6FjPOCZdAVaS3j1f=6(O;>XuBSb%3!6F3fX~!yv zQb4v!$MVU>WP)c42+AVoUBjc6Lb1L%p%?5$lU7UP%9U;8Zv6#ui%sgd~`Supx^ z^h8N##xq3+{4J#wfSd2sTtR>W5S0qv>L6myg`d(Qc}G9+rIDzaPOu=Da)#qk!H^o< zUcX^3ydlbjnJ}K7FCV6e^~y0W&7$lhYfD6xBLUJqZT@f9tEr#>b_!<6eo&Ml`y-J^ zpu~Ru{0Xg-2W2yAZj%&LU^2+Y&;Xdfer?zjo8|r)#eP_V{R%aAf~kmssFc%ZlCwYF zGnufACd-e<@HGF*hpH=o|6ZGY#gDXkCJi+09*-PpYik=E zw1?hfXROL@xgSa=&@}}>-+=_d@^jfocE+6}($drJ*vdymOw! zNu9CPgrOYJpTXL$j-g{@Gz_*;u))8C0SY*zK+T>rgS&nPOk@WztO&IEbBvo{+a)1+ z;3@V8iiqV%F)hrE05>@;!iLVhLXz)w)Srd@0e4} z{C=RmuR8Z`wsCj%^knwT_@+jiX}5_c{y)nNLzJLnK60Tp8gjQ;Ta6{$9;me7xeX+} z=xx~te*wzC3e!>$hA@0Wl01HVpNREigq>$`#^&xT$GKF#WlChZUmmkh%NYV6@#CRB zlPx|8i3|8+z+Y{;%TfAzWC!-ZWwZ7WtoJDYyQ1^p8STOc{_jsX-^E2#QGXZPUDvH1 zRe*Nq7ID`&mq~vr^nfr2!M#`q6q?&|TEu%C(xFsIdBueJDDWVk_tldoobl;O01H1>#<+Ez%KP z=hX7Wg5C3O6Rogs>}daISnVq*qNP2h1`UB1+r~i|6%_?L1VRdcFrat85QT?_zk~@} zFyI6K1@xCpg(ytc!>lJUwRivqCMGoQ>Y&?$adF47+%)3U)xPmtP>93{V+{-=2l^-=MfA^mvVEN4ZQ}v3CQ(W z*g8DatY6LgYWFC=ndQRd`+-xKPQ;`HJ3X8OxmC>UT3Qg%-`f>r)?X!G2TLz#24N8q zQX%pxD$5%ib)FaJz!QLi15b6XK6&z_odQLQqv*GZi3u7Pazk6YjovA$T`LF#u3N`k|+#?fCvU zB$ao{O%4NP%Nescq)@v^iYjo{X~SyqB$(2e2ZeFxO1lqUkkG*|;1f1B>=6y8K+|#Q z|C=iKZy1~Zp$e{5OnG#HQw-(_@n)e(SAhcy9wAnZssXr9C<-rHCK^4Tz8ZRiegU)O zscqy^7kfWrj*dhzf*Km48G%X!5^V9^Rh*rjD#sQ1lkssh(GSAz@snU(0Xg+FcpT}C z_ZK;XL2Sz5gyn_$gS5^=+`1`emBrd9*G*kqNQ69K9S1-RFmN51Zio)B5LEgPqak*i zA{~DQ$Hc5IEoIiO&dr5^^b!+eW@MCc(h&{g9o~`rwuUh34#Uu3wON~;4M|8~^+u5# zu$I7R!1x&0NWmT^q2O@2c!!j?hn_Z0v%YTY^vD#Kd$>ax2xMT@L76y0+2l|zyQDtj zIy~Kg)1^`qicfcByZnbm^!Rxl!YyOJi;S_>X+5uqtZ15acs-|lSYk@TZ=;_e?4JHI zE;=%j4<-S?7zmhR5)=u?V*!NrOBe@j{AcM?>XFRP&xa3$Bm@@3>VK8JJ(zp}r~-`C z5d&baf|{L9kfESHKy1p7_^Ynp7CiG#2-=bb4;w>gH?rD!H_F?){@laNZp7JTbjlSZ z=Ml)E__uDsI>L*Xynh&TJ$e)r7EvHuE|~zA`6ySJL#lupyFB(j zL0!)`{^#B;e!t9h)#BUbs+s12=8SMyKlb?MZ9X%zoTE5MQs|ARkf$mHmAYBhP%=Pp*VI&Ep zxZi+wLDD{lm4Q(@2FfQM9(53d;K^FfNB}1}YMj6a)&tB5a4bPQ3n$9%72CrH zS8YIV2!H^@a!$}|h%}vapt=D-p8{hT2L}h}#TT0w=ayiQ1y3f7tyaAfbRx0~>L9S5 zkK}WBepd?L#DpqO{*?F9DCSsCvMp<0PR!EK3p*@4G{tY;8OKZjJ7SxBOM>op@Y~FZ z2ihW~d@xA)Z2)lZoG^N4=HBk>OEzq{CF zw=2pzPZ~bZ2C;4%ugD&*4m=PPR3lHK^>$h-YP*vJCc@w%?9>_JuG8_ANcj(baRc z-pN4iXkI&YDRllolB2FC8Lr10z8^#=Nb>XjW3f{ziF{9gPb2@=6B4!FN|t?UpVZ$_ z6@E5OZSy0g6B2TVJVwg%nh!kgP9=tVNMxta{jD9Fi(P5wD^rw@$vt*otRLH7V;Yeb z`3OeQy29-2&Y>Yi6xU#Lbck0GVo%+*s=+!zdvN&6Q+RDx@nxPmNp&TcwYA0E_!ib> zYf&sO11ddY4C0*hYC$@>!#r4AB7lI9IG`t)qdlvsy_i{J^2YG<-^IWlCm~c+kfroq z`f8;UQ@^-7aFt0-t*@$VYZu>q%r8!`r6crP=Ssa^6_3SjYKfs@S!e-a+5l!IoL>*+ zg(-w_JEwef8!P*`dPaVjVVM4MmEC;1p~Y{ln&qW2S|OJ{6FQ~d;J}uiZuis!%{sRu za3Z{X`t(=5XMIf&^jYAIy$SR4AU+bLrDS@W2}l`Qg)^@CjFXtDf?q{{Na;%v%7o~>jFv@wqudN0&oR@! zx%b!Mrs9e}qZXpUrMy1jsTnf-)MV~j|Fx4;cY{|^Z^s6~Nkc?IK|xNQA4gga0u*GQ z=g*#10ZkCt6~QaC(_ZD}^{${c-Tm26(&N=jm&%dH#uEiKHfc28d%yHR2kr`&R8$PX z16*BJFrFnxPua{`e`+)Kwsvy+R*~-X=$oC1#X9Gg&3+!+XDb!ej*rhflJLHPPxfeM z{&)-zk?Ak(j#|{zO+6cxs#qG@@1YAm&yrrG(p5QkDHgBO*}H1G2y6O@u#gpmWRq0p zy?uL$UloM5&XYkn>W~P*Y744v`|7EJd>Dt_5?ru`tn3%hv$T`Fu%ySh1I|&Rk|D>3 z5#GUydB?pP{Dwk1PuCf{hW*YD>tW!j^DN?zAd5|n(^<0Hq3SYsMa9IE++SgJ%jLbb zX6o~JUbNG4QxDsfxruio!=&ch(tdBhatpYPfA5O2)KJyuE=e2AFQSW*yCJEmIsJpj z^{-*J0QwC0CV=&|wYiBtV=nNRg2Nar2E!U9*~zmfAMuB;T&BS#u`4Mo99@motUq5{ z_-_AtX_R|8-jzm8Z8`g;J)_dI$;q;Uzg7)O$b$}J8W^esdmVk!b`ea1#m}4l6gMlX zR0J;Mj)xwWYq9dH^=8j=s*u#z&J_K#Vzy9zY6Et#EQ`d~1(}rggZY zV7IONT>|AxC@EgKuYBk)s*&JEb><$u<_V;uI7SiJ6a_Tp4je|u6cjFONeYUyi^p~> zs1%u=YFLeB@CI*O&jV4>1`a2`PIvViwuM@{-~4p@r+K==+4)yausRgS0yRMriB)lGW`=%8v8XL*q(9oM5r#>p=K!>%j>Io+G zi{8n&w!zplPlV?LA#?wW`+bIsox<3mOnPP^26VLI?2m79>J#hMd4x3Tn+HFN{9N?K z;J$dXcXPM0sQ+i$ywR|jvE&V*dJ$m|M8n6{CwnLOdfQHA6Hbm|ZL3=MH<&gLL6-t< z5ULL2*~^b#5d_rLr2R>J-6?_yXZHzdF_ z0!(NDcr%>i+HM$3JCE-w@32c>>!r4M#c5YG2T2WJ3Jf4Utx*G?%WJNjve zQJ&$`D8Dsd%%ISF&&(6)6bqLhtDiO|w=IK4$=}Xja6xy-B zj~CiC1%G;soZd$F_#oj%`@pQ?fP?=?{2}7z$73c{8ZECY)6LgwoZsD~*2gLQ5n23W ze}v0LPVOvSBJ`7{vq#!YHNgL8YcCes2e$8Hizs=X z_q;XGk7620@_zCwVQ&$y=Y@^j73zV@00N=6gW$x!ST`OiPAe$b1S-sQ4b$kUNRF|J zX}P;@?_=a-(Q^KgrOiCKLL5CN=^n5eh)9^HA3wV#+L_Zi=2QCkp6OkrJetegzZS;& zE6uRK6Z^#qF4en`ry*;-`S%zfvIS$yBi+O3;CmD>uV066lex{R1$cM7t7{d2CjjT- z3TkJ?q8Ik7UMdd0PBl2c1@7$H6Lff~PJI+z1|kpvfQM_NNcB_3U5R_$@4jPok>Jl3 zQG(qX==Sae3?ZARvSB>Q>_dW5Po7+B2Y1HpGjsB6kTd$w|Or4 zPM+FY)WLdCAHJUq{&I!Xh=cpC!&*I$-p9AZGG?jdU;4l?g~lf!@L*4m4V{mV;EQ}<{+M7h*&+Sv$m)X|-x9-(89XFE;rj$! z!zJH?5tPQp8BpT=&iSq|JY&}Vbq}?^_s!Eb?gi=G@ zweiTs>t5vL5^m8l&?s_PDFy2lhwR1l!CvsIaYp8FW7(*8$T4V*SjH1OCqyqP7;oqF z$QA)yF6J5Ah0LRyO;`J_GehXyh--7n7;nI#_(MY-h2F#Ud<|5;<6Yh|>z)GoGQ616IQS>uIDI(%f zrAGPSop%Va41Tc8dyZ|XSazazA6e={vhCyIY>MOUhTjjo2mXYUn_FSdI7!)B z%zAM>4yy}O+9~!=?wFAu?|q8Do8XWHJ1vT6B*`7|ej$n>nAl{oM*imJYi?mez22E| z^==%o`)cM7zR28%)>Ir?Yd!p8M$zC<{NKwevho9s-`ATG?;VkRR#&Kb<#w?-r1X%l zy-d`f>Zyi8?jxF8%d4ySqVU}|&7?iIi&lqN>PtMz)yD>$vs#Z^;Tm|OZ^y%KJkrZ` zY*dMj^Z!cR{^Q-GdbftJ{fowLbyP*ZPQUPl#PDdT`p|ALm3Omzei{}Wj7LoD3^NZk zHOK|3pf+3hN~4_}@Oi!4smg~MksP7aks=X(c7ltG^|NnSspfmF>&)+WxN-g&r-UA4 z!v(XZMJ7u?6K!rObfQzoRzxToDuV09# z($Yp|$Zg{7*oU9`9L1MubIYAV=`|^H8g&t>eUc=r|WZclI)J8aD>$( ztN2(YP1e8`Z$68b7a7Y0-c@(d9XL5X7zL3ylv_0pEXol`~wr89`3(NS%8ER6Iy4H?*P6Ss}*~lO3ox4oEY|eyV_R-Q-zx zaR}Vs14#pk{+pMpKe`MVKs1}t=)*V8L{L)-`s;TL+@m;p7360Sx`wMRjQAm#?f5Ro zFVNK4e%$nO@?rkuAQf#-%#cJDpxEe@3#R*irg#&(`7btR^KsoQe)Aw4D>s{8GSGL0 zQC_+k%06<5(BvtnPnM~G`_Ybpo!uTJ4OXo>rduBoR$s@VgNI}Tc9PYSqH6V?HyvNH z{x`1PGN8(B`yNJ=kP?vY2I&+91f-;;1r&)*x0JL>cZYyTN_R?kBhrWnNJ)pZBJfT; z_ulvX{(L$gj(b0QJ!{Q1=a^%R`H;vVmnxng4(wHV4ZXTpu{3sl)NvtAjVF5&ZlC4f zZ#&EiG|XGyM`PxC;i@ztF4lKP{`z{p2U473zY38b4U>SRN7cN)UKY3fQODlv9vAD# zN1oh1Q%1#VXE8BRUI3jfYGiKE_4WlH929bL?Si|C?SC%X>t<%ZuCpUO<0NhcG~h6O zigLCgt3j~wT3qHK)ea9Wv7;6bQF(cg$@>^@Exgwm?-#m9$eE=TbzfL?G0bHX$%HT& z#9j|)W*GSxo5@cUUS5S1o3e5L{pLeE(I1uXVd?K84#cs(`EWGvRr^wIZYL%tLU$N= zOM8Hf15S0#0E`Jh2)VO!0T94ltI4n?7-G)i8+@-g?sn=PKgTr zB1vKQk*WDz5??gL9x}UlF;-q(Z@82(1KqVX$rfgJ-k%A^s2a7lwpqeq&3nu38y_cT zM5l9xS>P6))8p?RHFxVhL!GDSe2COEB8+87{r&n8js+5`Vq09ty+&j8FsjYh^iTJ~ zB=wvLllC@keDMoIE(L#Fde0x74Yj!ZK0Gk|5VVkXT6ydDnxqX|3xTw15uA-5AyUiF z205fMc)~7kUDn=EaB7oix9viqKYjAY{l=poMkPx#V^$7E_!U=}4LCU|^3&iHGd+I) z4VnxI0fRYDHz%89Wx37gJk8C`Z!-=SmRG2tCn4D7!nHN6{d1`K3IE)&7v8Oz_jr{G zTRJAiC1aS2`VEsV_Fm zY;Pto&^+wMaF5AmFg`gxww-T&Fe7QI)Zgr7@hEbGj0^`l<>lq7GQ>r|DlZ`^L|rco z@mWA-pxxFkpQYfx`x67a(@v&^Iu;cF|SDYTH=-vvvCV?`K{MA{ny!7nLDl z&)1x(Pp}O?Vm9O;+*41u&l=Wq6BvHKSBdM+JkTa%zzY`LtMh+~^lgDEWLRrB-Agt` z(EvZFb^0yk>(@U??9e6GPkY|I{KCkm~{WhqTxx)_In0=;C>ZEMh=o4H~VSC zh@x#^mw{_Nh>&Y5V%^!T6Q( zH|W?6Xs0PtEAzvfnF&6WL#*|F5p>{hM>cwxE=cSMVdtje_yd-t|C62kJOb_ls5K$? zVq#$6zVuB>Ndd{|B!K;3HS**Mz01x($;Q!U==0}{kyJXzyJ8~jVMo4xM(msf$k16X z0}qe#^1j|)1BBDjzQ~Rn`>(gTzN>h(^ws*sURveNSb4J}O?*O_v;-|*iEJK!?+iRu z@$~P$T|IK*m&uZ1*Tlf(70ji+kWIXP#QaNrmfn(|coEsB&X|)nyR2*vn)MKZ z2_CDwsC$+(2~ers_ye{3!3Bj}pOT$}dP1oLOJY7hvD6PQR%OwXle>weuCDHqT&SNF zLP8X~NP=G(Q1pVags4-ZqW4yyJyvkWG9fMren(p0=fxhv%khn`)rF^HrNEU2Rx@N( zbbipH;)OQizA_*wK=zR61&w-V#MRc;er20ukwr-& z>--}BfHfy83t?m=fxd9?YpY7T1`JMie_Zdzf6@h5l`)Zx95oeOPkrL*OcF>) zZc2$xt0@*uZ|)eKR{U9k+b`Vf7;ET8M#NaM-pIr)@93aG$vM4mM}cDG^uY7-7pHNBiWAV` z_KuD~EYi{M^q>}^z=16SD0U7=lcAqi6y^st_Pcswws}mGY->WD504KY4kuJSkXFw3 zkg9-Z1)WNY*sEs$u9in@|D>z$Mcn9`i(@og7$_f>rEF;}nNRNv37`4Jj=`4v(H~#1 z{&PiPH2dbr6tlm-^wKd*^N_O&V<*D?Sg7f4|4?pWojzkX$fTS~{5W zL{-BW{I4$K*)+%Ud5JJGzPhm^HEK0ZQxDGlT*bLOxJYc|>f1-B{uBJx{66iW`4>-7eX8?=M?p1k$j0wbHQV1;+4isBKEmSe{ctANs@$1M2AGqbnepx5Jfx-W&ivUJ}5dbBo@ zRb3h?l?jCQ16L6+gaSh&z@))Fh=)t=2hGIP6uhlnxIG9-uQ#kQ-VMb z)y~qzqf_&{riq#3ge7vaqgCTrKr4hM0CYt_^K-PN=BN1jzg&RnN@&K|0#^VW5b^MU zm)6smUHS!w!AkqABkeVN8$NRJo%EdFir7Z|Pg(qgCNW4O?nY3}KIktTxNdY^XkFEqn9bu8}qA3I2w559fjr;dsczaK*tWbXYR`2!eLx_i&GC>4M+kUV_ zK)n$=Qi_b7Wx@QR`REAS=hD39mypXUi6hvh^*X9W*DA>h3sqJy=L20&N%`r}oTQ~u z)Q59`X#|~CAYw>l43CVw04l+vt{@W=Q_+bPa;*3bWOQ+H6jp7!G(AhG2j%3LF-R@L z%8QhW6NNZYzQ3B&m-Q>4MuMOD^#%G!G76=Vx=)OWc6YX^{cA~*c2uMEdNh;_l`BOQ zs1=}toqR_lH!BO;e>C8h0~V$V3JRKG*V;wb4v=p7;58B`Xbxw22Ejjgcb^L%|0AVP z7|2~s&~A2xgpSk;pg*)NQTtI2An;w|UR)qaoSwQKKedyUc1GcfJ1JV8<^;I@?33vS zB~vuo^YIv|zpveisu1S}!*$Zp-C&8h>lDWZkyM8XhSN6RwCr9p;s-A-EnVsSz{UYc zE|g$z^m&!<<}|gK_h4goG7{!%PA5rRRYpy zFmMr|;R%&?T|0v@@KrwxJ8xu{sCtD(>V0>>S@pps2vKpymJEsWIvb6knh@ZpAS1Ih zLS!ZIusCPnBB^8O>hTa=+%a-p=<}a=QCRC$p`_Q5&Jv=AS+AvioB9vr5SaR=>d_3y z_yJ{%+G-(coF5Cze_MGLXXVtje!V%py}b=#R1DD_1{}dW6IlU~&W`tMcYIjzf|Fw{ zW1|06M-Wmo5U{cO#1kT!a1bE7{=LwXKuku~Q55GBH`m}E8nm|auHgZ@d+(_RWc@}) zi@@msmL}-WzIO$yEmdnz7)j z(>Fb>vvaH&Swg7xxAYJw?(BcI{DUU9`-p+zSL-U1Ewa7;X5{Gz*<=Cr9HattbaVuY zy(MIDkE4kSmphUsq;}~z-&)nbG_}-j)YiL3^jbYvMYGF0TtW^Qz+>Pc!@)rqETxD- zGErC>v~b1Lg!lgL9ng4|4i683Ck326;FP`*Z)LDhA9V%!DnGDTfw6ZEI$RJi10fDc ztK?Y{up(n(9N_MPo4sM4 z#=ZL`zu!zK_s)S$7ZYuRY<94PGU+ddG=+~e_Z|-wda&Cy4GoDdEIS4DGyq@5{ZVG) zcvg&}lF~H-NPTNluB@718Uhf{RzmCa`G4u(zLEJsU4b)^4S`bwPikNH3kODTHVY__ZHyhRW4U3(zoUsF+(?x^GT${CE${+pxYceQoViK#giG zC;G?7ouF?H2#vAr7bvU2Y3Z zPJvnt3mZE{z{(Wf3edm+DF?5FE4I>X!&L1Yc&|!GqrOW>_yNvzxw$=u;Qet@RaFJe zGMJojyfG14mkXRRX#XKimg=Xarh+`uMj|LM@DW%-fhP(ak!E=7d3h}K^jVPhfsfh| zC{Q(xWg$uJFb_K_)!!Q+Z2Xk?*7w~L*P~abEtFqqee!M#ZFlc1kd!1x!z%;tR%scT z_mBnF*OR@DjvfiZqX(a6X2rLyM$IaOdx5V=+SQ^esL#9>3cI6mGq~sGTb4)YZ3A(X zXKFX|1SB-uBxrpHRv>%tZ=zOcBW!w=mB)KfG+Lx)yFR=kY37{F$QYsqIs;@=qsX=u z2bfO)QgLW(CABJe;gyC z)MenunENnUmAmjVm3GQMb}euqDhmK8W~D$t-Iu{6jfKF9+v~cOs)nSa>J(q8@b=5! zm3?Vw-IQfZU(5H$1QP1%+$=2ePoIjWU0Idd+CJCPVj{o*U*s<0Yv3KqplN+PLosNFY)I#LJz!!ptk6b$jnBB zkWeXz65*2DcWwtsh{ZR8^FdrpO#3?|8b6TxyKId20k5I66R_zI5crUwnevtks9HiM z{c-c&XG)JB?*iq`P#0Vi`v(V&o0Sz60qPF`1)r`rQAj2~b$B___iI#Jtr1_RQZn=R zYjA^aS6o7j9Ne7*qY9RaD!r~ zRlrL3qH8B_k68yb&Pvq~v5ADv`Gx3$AW%#d;0LQ1`- zfCnHpBcH;}1=%JL=Adr@8VesFQm7n>p-8LhN`{|p3-|>E1w_%(^Ft)QAEHbjSnA8K%W@^jwWC#d3nD3 z3ffe_M2Z;o?yoP7cp5H#I5*LttHIH8mA5_syF#caz;DXQ!2wuH2u|q31JM;EC&@ia zaBz8uvobS*y3N7P4x!cQd+Rkv$Ahbv%7720;ShLO!Bzz64djVh#@t2ee+w&f95sse z42!o+=TyR9Y}$xWLLW>eMtQ;i22xUuY?I}t3U@JZy-`qfBLLP zyw)&jzxgTov&1bKQ^ZD{gNX{T1aCTmoq+fLa^F>{G^vy-?W!?IHhHn9ALy)5#&GQ> z1qx6Age zvI0;!zUmcOu7z;sbhuU}j>)DCuqcMs-Li5Y&8Jm1p*1$c-S`O(H*Nqz0`p7YNSs6d zmjt6{?t&LrKFEdvxYW7esp@oKzq~0n+xbaW%Dq)G-z%R{-PhVtl?Q2m-(`7aw&>?a z-ec+fT6U*Yb392vsc*ZJX?jUxqave--wgo_TqVwr;V0YvrzVhPyc2R}1&Tf(FoW?h zLI(^@;Wb+57L!l#y^*6qHbb}|A$KDhX|dv`5@UD;SQ;~@lkVFd4Q0Uy(D?IS`S zC??$#8_#Rgb`s+l&aB5E1p&PUv|nC2J0I=ulku5`xiA_(!PZ*~pfSE7;~BV{gQ#a@ z*V)Z%Q^aN+sMks9ht`aRX&4HPx$E#qc2;7Vo@kQ$ex)r&DpLka$f%;7?@cm2tlEG`B$e_Gu|6MpXO3#F9(eUvh!Na&9DYSdNBNC~O zszM(=gns&@IqkS$VDQIrzHK!g!LE=dX5G7w^b?Fs*(F;!?SCB;u;-3o~D z!wz39oapuM%;C)c`r2+YE%2IvI6+5G&v?7y78(CqDrAVf2i$hdF7>S|>_d}ol87gV zSk6vb(=#({|i>(YIXu-++eBSzkmBh zZERQq=X=7Lo$vF~`<|FcHzC)4wa%#j!ne>@+GzDO)zQ`lyF0!oz^nwz)B6zAgoQPy zzK&U94@!GU;$meZHND;tqDu6V-Ypfdf{H=_S|fwe^p;$|o-xDM@%~M){?nXwp6Bgd zG;^LE(Ntj!O2L~l!0R{>ISVE@wd`>uI;{;6(1} zcYXLZ+}@uat-??FQ}Ql0R+9Ke#clB_xYp#Rgpkvqt09EgZh*N z?Ny}#wE)V+WM!>>F1I2+-jOz>ZEX55o0ORN z@_0)JCy);c-E|u(Z+q9-YG?YH$f}jE{X7g13=P>kwZUG-{m*Inay-byz*%Xc`2dKx zU_TAskR^+$YT=oUECp~}F?O=&!aiN+vB#`AZJ)vk|FXmMua@VeQv9PMvd7_={=)$z zn6J;?)}<|{Du>Cx+bbh{q;Yu}MKR>(b!IL4J5M$IwvR$0E?Gz(3%b7@7Y;eob~KRr zfPDbTKnl0jJ&ojJ6i-HV5o%O-!m0Jvc~^ zTEFKrQ?|BdXKPX)-eQrjzed81qK>n)hf#FTPm)(ulM(k>l3;0OUT+16BG^pii?cbU zrBBaau5C&#mIldNNQa>q956ri5Zg`tqE&XW`!Jr=IahG=E?nO&56VF4Yxt0PcA zKZXi%4v7juQy*&A}A*^s*u1at;gkbKr{91MA;67(6l(s1; z%#i2YX-I)d)Av&8>(KPkPu2(i>`H}qKi zjyts%=>iOG+t)`@Wp#DK$v=Vv=%3$Kq)$B#(a%m0pQ#9lr+yZMV?*2HWZKWq51d7z z@P*#D!tP4qSxZpMb5FycYdBf!Ay7;j^?!}j)YCg}L!*Xa4#to}fRpvr;2uZ}z=#+q z=Ls<}yr6CZeI!&hU{0+lcYRo9*PeheRiNm6p#^6%!9Wff|DL%)+X^tm>Tcdd{giSG z8{1~ID9IA_j^Gg|frJNOM-WIa?osnBFFLAOYcDZUK4^NlIkibfB5U`MrE`4@)^fK+ zvVZ>VLdORIcp=_Mpj{hIBx}Ac5g~H=az>;j=5l47i_2Xvn=ODqn&(S!IV4OBzqUbf z3OD7|$R2R^0OKNXGrj~0E{q>C_)!8b{N4-gS0dLF?pAlZtUOeXp8d4FF{N)|QrT$P zluM%_0Ipf;|6SD+kY0ed$Hkunq!8@F6y2A$`=|M*nrLETj#Q;>G9}NYo%r8Bh$S+3 zxFL}tP6I~0NZg?ITlZo#W)xxj^*Qj%2eZWEx!KLJsob^~Y6M53D*fK<08}DD)d#Md zu)(wLQCy9f&{>x~7-5kYW#Yam_1$_9N4(WFOi=2R1(uAd^;T09uKm61Q$-fjg^3|( zchIW22qegjioWGOzU6fkFYWIB6el+(2*1Ah*9Q;xvWq~D%lisr?QIzik&15y_7?0` z^LTl2i3300`*R^YI%YM;#Mm7Y6vV>8;q2gG$;~#mfadI3#8FpftQg4S)CF8B77wvW z9~8{Hpos-W{ez~L%yKuvGvkbzOm|u%&|J%~XA+Dow#lm?dt$hHm`ViuwX|0T7oNUi zm)0E%xH!z8+uJ$#s~jsAz0OiI(|QKQ6_A9KlChpOBxKFl+p5Xc)a)Gx)Czif;Sr%y zQU*y~HZz#;5ml<3g7>McU5mU1VG@PTnNUm2?(G%Fi-Uu|kF^pYdhOaZ2*4NM-3{f= zSH-21Pvf}w`1^naLsJv(YslE47y_m`sO$Jo)4@EcyqqU-zy@pq!Q}+}`9L&v_rbd#hF*?aZ=EhZ!VCA))&8F25vGL0xz0{jwO$qF7tlibsXlN zR)e)q;MY=`h)s@5gi25E>I!D&wZtD3jX;922I(PS zn*zsT<1Rn@x_l~pg!Jq8mXY-!AH%Tj(gv4ljDO~0FVH~3@gD7 zn90g_ncfdq=|a;EwDCtxQmdJ9%Lvac|&;bG;RTl248 zZBE{$Q+342jp|qzF&i2$ZH{R)99vVOYSBkF7|v2pv>037Tv?W5*T=y@gV@lEOCcIo zz$$JTRt-l?A_$Chd|Pf$)~T?_Ji)pXg8Y;x0eB+IwNR`zfshF-eLOYuv&ZV)Q=>L;{MAqrY2p|BLI5EwwHA9sL3YWbx@l_h-beZp$MiWTqqh~M-pGYN ze5<~?u-xlI?rjAHLyhiyn?HQ!iK^zt-9K+X2&cR+t-6a}Um$JqPW*;L8)V8nK_exK*fDSY z+wthfL0OFbwg-Rjm$2F3z15AcKYlstT^%~3E5>W8$h6|dQ^bhB;L7IiwW5zznR$(P zx92=XyCWYxrwYLC7)rf-PAv*k1Z4-py0%=>1gx}tV;=`nQ{3g_pAj>>oX$6!xoc%* zXL^gKi6PbPsH28D;9j6HNB@RJeunhNJ0WV=WC&HVTteOARt%&D1hK^v*o0)jcu9w} z000Eglhgg|6Vjxm8!2yXO+&-sKilM@zdAqZ2LafauP$e`0u-Or2L#y8ev^4ga{ff+3d9l6_c|wIWGt&GS!x4ci7RLb7`I?>7&9lWqnT9R z42cq}YCMqskoqs5l$2%(oT0$#-4%+Iw#Y1a*FNoS3eWWFqh`%{#T)fQGFe9=3{uwT zoQ*Gk?RP))#SpZ!rN{qyGoOOTXeU+J;fD5UZcs)P`uXQGL04GF)1Qw>NNHIMBA{mw zEH`_N$e0ruJ6+~Ain#ux7NyF&5_E%$W&)@8U{P*ey|BQ(@z-<@m0vZbvZbNYYhRHr zKIyO+=dpM9!>tt?I?zNHicdeDlTwS>yp(r{@L2^8;@19 zjU624wl`R+k7`19^4fUD3C#Bgxes|JAu=<>TC46d_bFmW%)G+gKw#F0^f)?47UJA&};v?5eM;;~|E* zeg6RS6%Zl;`D=0gi7XBrC;+GS0KA25VF6_QE8@PRBa9LOivvr`f<@nqD&1{G>^Ahf z0YC95>LNBbs8WmgZ8C8C|Az9Gx+h$Q#tgCLv)?}3^`#1*_e7Y~5>rMD-Aen@dd=*- z`slO%Ideolm%8tkF&8q2e`*rtnh24!>g5OXFlXoxfR8@RxfuQS4eUQxfVKq|7f|E@ zWDVk5K=w{yB$iAB#V_z4xb_7=YM6NelTIhW?*G-ROOV({TVw-#4^(U*v#1^BW>o2z zT3f^OPL>@9ie1z3VZ5PhKdOG67$f5yNoZI2c7=Tv7+UVAJ_lD0a++qA2kO3I#_Y%( zlzMF0ECqL^5k*y1{4nGQ#H&aUBW4?3LN9IrhG%kcY#)6Vi@i!D0S~j?0q7_^6bS~f zt-_R9=s|xsVA($Umo&k6b&>AZr~`Yg&&1!Xtv-NR82cH^jTxQ<-n%seMsV9H9i>ny z3AwNQBK*<+=hsJ9JdUS}gQUHQ@e=StM@L9PGxNR@gqK6j3|)?{d55~I_6xw-0Om98 z;p-Q@s63^UzWFc3!GyBE$^YM-9OrKC9&YuQC?iJPv4b%2f4Y;{rj}9uThi$tDp$U4 zI5<_F>S$)NN`K8@+0e^04>JLfSyz|!BH{BY@WbFQ5!{gdCHg`IY>D)<=NuJt0zxwB z27nV*`b=l_0Uu8#n!89xrOlU|#RY*7Q%(Y(a1sR+@)?uz@fQ}tl`g?t_^aD9Y%gKq^Q($_c#HFtZ)dE@^5Qp{OgKO{(rR%jnrBdl+HddA|{&XZsX%iFH<*?ws)9O+m@ zhnAN;26o?-*9y4o11!#~vcs)}tOo(102SW%wd<(by1D@Y0U=VESDp>f-~k4qySqDd z=YTT+vmBvF5(9P-G$*cs1tBqLpui0R{y;+y`e!C`F(3E1<~vRA-5wm4s?4*@Uo*TO z!9b~c5>ypqoD;yLMr87N=H*|- z3G|Su!ukyS6I{}BU2lV-|1Y5U!ZbDL4z>F=9`+q!iAia@ap_2>Ld<6+23JomR0nOK3!h9{gbEmh<@_b+>+xF&SUb4 zp>dj7Q|soS(1!AvTi!VKDsAZG(gW2@MfIepo{oPuG({=@*ucn-00(cyMb!R&By19 z#Y2P_Oy}c+K~Ib?pE>#a##I7LViIezAH(dQUR*;#8F@7?e6%{`DbzlAZn2^2_r!17rFSf?M z$QynLLCa~n;;yHP{SnSYV5l7<#5Ox(Q@Y=?7=u%TBA9AbRmI&$e&&m6YhAjqEH@52 zqbVrEDTMeGG~&Ns+fpY!tmR>`%qwi19w$0R6nQ5Aov%EwGr`J(|VBP*~iyjXRULi zw+H?K-R|5m{82@+7{2YETvgr_FjLFp#Bu}K`in~C^1=V5o__87k}ggIT_jcx4w$E| znJr^zQ}fh@?^n`eVi6m&$%rmf;7+Ll-NEp@==bbfw=BtnOXCX*-C|A2Cr6bV zPjq$Md5^N~;z~bhrQpm6vEOTX4d%si$BNjaZmkGz)Kz*hk~Vgn$F^k6D!m30h0q26 z@$|^lI&t=3l|+~b`I_la5vf7Od%6H@qYvm#scQ}ZQpCU;i9P-_qkq0w;M>*m3wfvM z|qhXo08k% z<-p1Uou5v%#pI8##8ape45OT}C5#WsE1h!+haY=) zKnrh8XoNtAKw2)7M~nU~X>ylh=!^BkyHnzep`B!cYYtB9%UU*9l!K}~RXEF-GG#nr zk>7irpP3aZ-8b)&phZ%47I^&)ASoAw2X;&n+2COI>>W;{EAA$0ib)}?=HF1lFhWxJ zBJ3#q)zKek-OmfSKZD3nRPbJRcLf0e;~vOcE7$vKgqk8~=r zFuoH#)$T)`Nnf&K!L%R493EiBZ zJmcM*Mn`0-lbCx$-6(FKv;1Bh3uPpD{Pu5xI$A^cfNbnzf)KtM@)!5c938m`iA#UYUtZLjhS&E@ypCmF*ujyo zKeeZq7mfU7GU(4t+)TB1RP(rI;w4xfn=vWA1=sCFK-^7?YdqBcWG~f3xIAlcx^$W( z&t;L{940Azj{T!DNHN%HwXY8Ck*ptFyIB_zA>IUD%qJ19WI0|3$0ezHJ{GuZHq^| zY4gRQY>%YYhgKqZ-%UIavdD(z=lnqP0faAfboIikwqDX$klnfh=6+Rd=v4TnE?hi` z&+A_krbk-2WSg2Y{3VD1GPMYt5rg)E0*{#*xjMrmONZ|u=`^+}YixX%ue`mnp{t@o zbN&N$UbyZ$dn2`QZD$f$!1lNNY$VK9#lfvNRG;^($v0A)RH)$AFXBUZOf`Fr^i~WP zFkgkue`uFP_!*aOmqK<1PyyKd7W!?IT#bisNF=5pr>8>jL7LxPOzVZEL}7wqe(-v_v&Q)cW_pg?H`6Cgm{uDlFVQ-Ou0qWR&DKi6DRAIBto z`w5Sz%NvC|^1is)Tg?m>R>ZRx zUxn*FWJ4&l={EIR+wI1G#Cql^X zx!c2s;pAHvPt&)KtctYXD5v65;jEwK14RYgtL%?9G+|yRcp_iTkAk+SHBRb-uL5<9 zfW)T=KOz0^<&P%;tWu51{IA3qg*^J*8nHvoZbqc$s0$lR>w}XqcWUBeTfn*ZSq-PH^EZvChe268^k5&%yMg z84Qhq&VmFk8gwg~sa@E{jz({5D?-uE)9h4nlTNqFI)j@7f9yL6Te%jI zGY<1=e|#s$Q-;zBZO*t(>(PzT4{wxoDR9i%d{A!Qya}>DFc+eNk#tZ*ruX)0DoVQ8 z<}<-=xY*kbint>?9eLirqridbU-vle0)`UBg>S2YUg2Sf5xX=5;U`%^8T%pPQ>Fve z6Dw<`KPwBQk{#X#WU@Gqe5-B;Z3haBJ^iHyoND3o1L4wAuJ-neg93jPp_eiZE@icW zsgzsWhIY5eQvx2dHhG`B18S<659kaNbbXTURQ%E^)_A8PYBJvpzrhI``_a~XsgJLp zniP!@FVoXjI&6y^ZcR0=0)3VuT=aHg_F*Mi?nQg_C_BRiA~N08=EC1WQgmKkUJ|m- z&eahSzhBiY9xN>Tot^MllfXQ15m^@L|4}SA-WOh1pdUY0G&|Hr0iuFyd@j!0LA-CEFwQXPk+jR}>Wpj#B3Avrm%p|SI8^%`@RQMLqHtq2F?l{xl$C4!`&l*I|_wCOX3f7}xuV!E9 zn{8_R*`vK}5NvhM&m$nfEoj!vBw_exu?xgF3oTau3W=E>FGW0qCJI+}zrsWhaPtG* z5y+3Id5vYET9##qX}RyLemul+#T&KdyX)9G?Zfdoqv+s(^(jjj4DBuU`aRzJg;W2v z|En6~__(+-AsM$aP(KP?N%giKX?`nty+39o_cx{*nM0yA7bg80q*ZHc>zX%jEWrR+ zz|hl=HieavjEuknezSA{6QlD^#n+my5JL1@fz6_KZ99)P_fO`aFa*<$!8Ea!`g(Bc znE?JB^paE#AB`dv?S4}O)bL;F(0k_sxd*KC-7f3=#xug9Nn~XF56zI}-z0F`=GGsy z^GgG?Vb`a-@wj?1k^O$>66MC+1GnAh60(DFcR&^Y?$ou1ur1 z8gTE$@dhvN8r8%y-}*D-sz8U)}C+aiZK?7VfX!RKVBqnZisGgM;CvWs$+Lr z{EqptM0cdvaPbT+mEEhUk{Pk{IDPG2`2hg+kzkNZzr5A{{TDuKYq&Up6!$Yjc9^)| z?3sIden)5?K0>E8-c4;n?>tl=)10K2R!x>uUoGF69Rn6_qY0+n4@D%R^Rw%{mz!LD z9$=~!#=%isWMCfD>_y9YQ132)$rca>z!M`A6Ame_)OF0=GU?_%j%u@iXK#%t;T%92 zhtqgGnCv_>Q9ZHLqsCh^ptOCUE#E(`Lj3~I{NUE7O*W%EET>}V0R=F1Yp?wJ1z6oNCwKc=BdT!ULn{~1Fw^l|Jl3V$@~Ee>x&MLvG&uaAQ5nbSpfj-kUez`Bn56HdkW@(R%FDgCB=V!tNT`rB;nb0p8@8&bMl8uX=1W zuaRzOq-T&N@T$vfsJaN&C}eb#gnsS;s?9)0ncd};J}Nk=dl{gxn)uaYJdUIX}aLc0feusfjT0DDT1b8xb$ckOn< zUF=|Wt!Mh+4dXTMt;B`>#7G%Ug(5>H(_`^SGuImInJ<>Hv;Gn$*4BvfAIG-nuUqOS0y$(uU$&UakxQ$?zkmC^*i{faSvTXYE|p!e)Y<+}QUrjIqIT+enR zq+BC5KO=xlI-Syn;z7Mf+>=DKPSm{gm-WwNRSBwCx??IB3q`j|NO-H7_9EyQ_yofC zFU7(O613AIf0koDlUF74qv?8zFv(DvCZGABq7e3>9~!C1Z(i#R0}H?Y)Cg)C`73c+ zX1X*_!Xbywk)c;t)Ci0s0J~X`gn-8o_+o-!(n{j_qYnl6=p|ReA8qr0gg;$V0@=Em z1S#b@)V~|bg>Qx^3$cDw$xDVyFHf{v$PIrW(YK@R;#|d~%TFj&e2T>=Z~WTuRqgaJ z)QElkX~jlX7_3WhupESbi1vz#iV@Uea{!S7LA7G~4O2AqGAnNP4-~W2|89MRzQD__ zo=u5DjG5Tg3seL$I!V1cZig?ZxxgI z^Sc!S+ylrT+1=RNUa<@94~-Kn1RY z-_{F-mgSL6>79yQdp&d4IRzn-TBApKMxN91k67#cq&*sLMhY2{;Ez$ z`6e~mC1^&ZRgv!bmAylG>Q*q&A90IJ3O&hbDZqOyC*1vbh!TqeJp=biY5R!kovZQN zzyEP`W9Q)L=;(NK87rrsmi8IMuz>a)%eBH&Zgyl1lo1jv8-GD$zmS#S94pfb4?zbU}ec`m>j0!z23i!-`q6UBD@ijsUef{qkMTL zrb}fbgm!6`t?}SrfODtTYZL(`TY-nM)!LW_j9U9`c3VpoTm%JPhz0^6Nvm9lOajVm z|8N498T<+p!KxU_$u~#4<*U_;pDqk)qR@%E*)>MF|5n@Sprlxy{m)nFu{P2tKYJSnJ*p4y(AjV}unF-u7!@ zU9KxzVeA@%Wk2T4Yk_?BpOO<`e5%JiXLU~ptNRI0+cubNW#}r}b}YFFEKea*(vB=I zDCDug-*pN!C2RmWNxpK?zx_>9n$<|R%bhRb<>T)`R53(1 z%&Vq`C;7K_+zu^I-%DT*2zi1NZ#i5shSLsv$g)kqfZF!#?ECShIu3G8_m zT~RzRBnJCVW7d6m_XR_J93yUcQbDyrwZhLFSGB%@)%BF4>%O|Mo^o~5`tH|i2>x0| z?AQPpGhJc%H4)PVrCBWprKzB?trXzCTBSKhT~b7O1!HJN0$f^51al)_6tVjc()x-? z>*$|HAff%vI_eUxtskSczCBB?Z%1@sO6J~~PQZ2R#F*cB5K*jQL#>m37{@~a+A?qlj7)^V2R(m*Ayu(ou| zUcux1s7YA>eRnT6;>)C#>Ze|x>Yq5r%7gRckv&Y@X6!c6(`?ku3{c_j9(@PfyMo|N z0^TOU-p7fr5O!P@+1{)AiS#+ALiZ5;%OB_puDk^^-||CiUs) zq;%ZEG)y|6U{!o;h>W>E5az|>rhxr=xegMAM?wM`xy!ibCfWkky3=-yuRq6%auphVKcNXO zN6(BNn<5F#k6}+H;tSx9K-*pO$VEj}<<&_c{4jEDh+Z(M4|68*LpDyO7?|2K01ib>F6l=UHz%R5A^<2873=YT)w4ujn8tJwA-2>t``GT~_^fX@}hF%f7LzRB3D_r@{nxZ@)dV z9TOgA+>@NTmFlPb%u}Hts?QiQ%1oAEsrFU2qsK*C){U2<`v-XVKB>afbLkk+&%9zJ zudSVKP4mT@65M5}Wtcj;tP3gZB+h+yXtkN!rxqLecrK;+;(y;Fs8tiQ`8+;gq!##mdJw@lg zeS4S55-poO_^W<0KSSs!K%C9DjW!@#n&=_Fsrw%a%+~2hG0u9&-1*~ej^BrdmY=Hl zT|FdOyH*AaY&8WmwX`^&eY6LgbOLE?ihJCgoXXqvvF{F6OFb`u{^OOINj4Me7pLgr z+7*)75m@Xhg2bh$_(!XxXjX-vxQ=q9{7-z6YA7<5E0?}RxZC~uOM7s%1HXHq}h>Z(>wA1JXjDnG(Q#CcsA>+d!*PzX}pI^MlKJBY9oH1<@ zRM>Vlvg=ZQ{PrSvmDxjP+tBtUEDsti4@%C}E`8NgCX@r~^FtZi$*|$D7mtmqG^j^? zxV%X~H;^_=NK{^}>+Jh=XJq!Zjt-8MfjQ?gb>DYPlIihn=&XhTch>3bBV50C-eNsQjS30xu6|85+Ac+gRpsUsy08EXr?uVi&!s4>pDC~QJZhA_ zGFcmWderaP7q+cx3(e#|jEJTk?jQCHqP2+r&q5pIGKA(>kxJ?wwFy6b_%H-*_uI3| zA13l4!SV5zlf_EOf~yW`-?EG=B=PXdAGp8OZ(`m3a`CIQMX0WUtp%O3+FNLntd+H> z|BLM)&CqLOP_o1f-ObP&%Z$yS}m9_m1cNIQ9>Z zdn;>QG3OlP9B1^~5y>&?AxYwxZ2Gh{M^@Owy=Wv;W@t{}Re1QWPBffWKAI)Ti<{H< zC1!clT`Cg=Ju?EC&zVQOB<{?Q?@q!;tWwqwDv0pcdz`z@bw;{~pA~2+DrTx2)|z%) zZ@Lh08e}nb`s}+}C~r6`f^sM0{p}Wp#mWNYLz)-Eq^2vcveAXx-`(esZlw>fwrC7am$pm_%ZCny<`L3Jv|VR2^9zisJK9j)CH!F-*Yw4r*kD+TMk8rKdFm(Fs^YG< zwnoe5|2lN7PrDa&3}lW?k?xVP!5sTQhQ8;9vvM)&SC8)a`{}c%p-<;$wKvGtMtC`& z;LzZel+0wbD|*_%!Wt0tZM0;uaNgc*RvwMlto`R%xOj6?xEq$vvvd4x5Z#=FU|-#; z@Gw!H)bs+IqnYLwa75S9equH41%z6vEBzE(QtxwK+l$xoL8$i$B9{29<6b-IH~|g| zl4${w;j2@xkSdyO*T8qYfr&whDw83P^A0CYAwBUFU`#k5A)W_G;eme&?Kcw{*_GuG zzgO$q!(0bCpwiBK!A2KEv!Q8MzH_n>mi9w~RctQPU#7H34iz-GifRwWupO6{^LKrbdzR#s~n+DOP;Z7p2wD{*XsZRPI=w1{Jm>sK}< zySU4*-dHGN;3~yT|HLI>#)NQ7~_OAOT zoRzShikyWT_nz!kHJzzW<)#5^0vscCD{aVA`lcal6Ff%&Kq_yLk1bIjd6KefNA!y% z%!0;s`p>w{a?jck7R`%|-U-|px8}XW293eN*>%0lAITK+BQ(f`Oa}pEQDh->6t_@< zN_01(n6p2Sw~C1J=kU79yAc=u^q30qdbj{7cpFXM&gMbiL!Dj10fv8mw-775hkEU5fKN{+Q^-Yp znaoW)oJoFVI8rVZ>S&`AeiJ|AIGZIEr+MVW#)#Z2kKhC)AtW2({Jx~cgyV?@{ z5m!|GF)rs5$R;5>2q;mY@{t>NS2zD>Ba43fO?M^(HZoE2R`!zPM-~>c>XFi*_iwzc z?RBuinOcFov1DHt$7|#M8wctiSu-l+)_DBXQ%Rn_J#V{r&uN{Eo!t+q@v+hAkEmg) zhsv6G=5Qiqtit2qKs*lo*Mj{|p49BFWv7feZ-`h-i&t*N#-ZEUDP&fAkb9mMdsfw| zKU!&fT=pa@L)USc$KvV|U0yspGZPI1L&A0YD-fF?x&;pMx#ub0T~Cg8X8RFx{KC$z77D;NKYCy_o=Y&vnd(Q>=JV0&8p%12#ruuUak!FlUKWg z(=hNzHLt81g(Oyt2f8qB_1zQKF;G{bz5D+ZL=#(&86wLe;U0W}LHGzBVt>3)oK7zn zkIEkQI1`FI3wWM%y_+ZnLWMuO2sVssj~rT#Xs9~F8KcVcaY=U~2HtIYQ&)$cB$$n{ zXlq~UR|$|kO}lIs9cz1L?4BH>NHoxGO!F2KX%@5SJ{pF*>Bo8vUtj6TIY*&{xE%Cw z*!dJQ=>t@yZZUpRf1&syRwcq{ml;z^E8wQ7y>^uB;EQ&(soZ9}A0&GMwlVd2@MZw- ztEBcJn$T^Vq6oeqsTzDgN4ce2uBF#M=uQ$-=DApH@8*dD+GVGgPEk#ZT!<43Z!*ba z)Sp7+s-b8%luJ{GU2v=&t<(-)oy;V|mH``wAOnLGOLR%eL$qqds`Q1G@)Y$m?g-LT zV(kUSl*t}mrT;k+-o>w@GLW9F3%2dfR1?k@wPszG%%-~L+2~p| z)ztCvIH1&AE=v$e%i;qITA-@ExW>W$kkiIC z@;#FBkJ=6?K?M%Hs&am)u)pK+GVwx9D1}aJYX3M&c23ANr&_~T2|!4YSh)WAcAb*) z1B9#C^SEZqbsV<1Oyf2>2JM7zu&cAFvyz5cTtnpztih)Clr9U%VYL}Y*U(^M`IGGO zrnX%wKe+6jz8)2FVdyWCLej&>m~`tZ2{BRZLeYQw3&cf*E0=z?ZC6WF#m%GOHTec^ zIioc78lQ_V{KI-MDomfz@(#qAND>CToYkO7V0F+8_Shs-fb2|IO)FJRy}Arl=>>h zB*TH&0l3u_%6zHs>6nWzD$^M|8ihu>SYcjojyJkoQs!*aeHAJ;G2jo6{HE0RjlF|ijz`J}SyreB^A-?eTZ^?baclmxlJ zh07M7vmQu{R49j$UXRt$)PyLIa)?Sqg5bO0pdc9BX_+RAlHUG!F@2>M8-v7}#u|MM zg~f9(jAZSLl}6)%h3C|tLJTnwrQ(=8H(@CoAN;6*N=uuO-8xOHsK_rbo+9S<3UcPb zuH>H6Dv`N<)T4oMx2l_0Dq<%yW@A6@y49WE(56N(}$y1vKMXrjS1>nvbYp7*JA2K4;CL# z-|AOahKYdC^w{*S(whcC>nuXlKTD5;$ z`oMpS*Z{cA`6Wqdg}hIDsbIC~>l@S^9)eqZiQqp35X9)q{;C_l%_%m1UKbAfoEU3-wD4`|QR0g^zW#rPpK2U6KCYF`m3Z=QY z{2r@fqlN}b2?*C3t#jdi17bCB^_(0SDDAz&mbkthOf35jPk+Z1=}AJuaiKx3sFO~G ziws?&(Zp^Uj^su#J3<=xI&PrW!G^7 z-H1t35g4Z6Y6_Mmz~8t*C8Xy5bfS&cTSdQVN}b`F8fH1(b#h+sMgiwM=)!qT(UFn2 z_xf-O1g_mYG`;FLcBQQjU$GW-#xd>iNiVjW_I|=tkOpcCkUO@t_%xKdJkZqEsswDB zr>Wm5axEpxTR^ualZg;Kw8U@vJdM59u8Y*`b#DI?DDahbcFnFAZqj63WRL#uf$Y@| z-?R%luJ#C8&_Hp$y-fy$A6Kig-yu;7RYBQOjBmEJstmM2$ImtfMiueft_zRn1w5=4(fq}9@g`R3vmN@RSIJ2lqV{fK3XF2EKgC7e6g+7 z>NqU_Rmk2D`*id@R)qK|U}J82V~<4Z6vM-xdt4fp90%vG)f;*JEJDIgs-P*15bkEg zzeYzjOPurcl_j$R6WJZ~m6ewctvho{XrOb!wY0bAt^1&n%qN{H{2@*OA2scIt4BCm zVVv2|p-wWZd<|(|E22vCroG;*!R*XOD`5EG4Z=Gp2dv$Fznd_sD@04Jq7_MO%QG>M zn$Slp3uZK{;yUf_>?o?Lf}dR}a9%#tX(ZOwxx@37l4^l;Hm%y?=6Cx0-|kCa+&fKyB*DG}G`6rOh6782sHsPO&AH2FO}7vuui;0v~f*V@J^!U+|x%W8RTOD-4c zPqQ%bh`YX{OzLLU?8cO%EWY-y4!Sk}H#a-hcxCetQBV*&s_s+okKwQHk|T400BHMJ zv;V`}oa<%9Wu8l=d3-0WTqC6=&wS_tUz6K}X2v%A^RuS#77&JT`v+(f5eviWoLegr z9yLS(psgMPNkvmUf8}LlJYwPSIGUVMj?a2ACetLmytL#33=z=JTpj#20t5g$ireOP zbOH_|3Pj%ziy@e*SF&+I9+}o+SZA0am}c|$grvNTI5RE;2z2R z&p|@bQ5UJmtZ~TIox5m-Slj4_;!u2En^{<3mbi_NIWaj2I%`!UK8RNZ&laG6kWo^S z5?|DzB&r}Rk>sz$=`p2n(J4(W8<;@0bp6jCI{c>>ubF;}a*)JmzGmhuIBrG>xk2qA zX!lE-gR=&!#1+``*(fL*G~##v>^vD6@puW^jFY4T~?;|5IUT4q@esi;$U?@S^HnzFdnK?RG4W z2n*x7ecKC)co6V#8&u;H5J=KagAbKG;s@dXDF-cwaf{#ixi_sj%xzl%YZDiL;x!Kv zPq4d`4!|)s(*d-M#W$=Zw5Pk^o)~Lx`SPJH*9+;y(Age-YiJ%4bRVDCP3BE%>jJFD z%D_-5kGGev^T4g1l!fKCx;pl4qc26p$sKdxS;)=I3^suaAXJ5E9oSbfcDQTPxCcoI z>s0rC#bL_`DGn@jM?xwsBOt>pA)}|qEpN$-xY4c)nO-D8G9Y|~NVc&lz zme90tN2{E&V#CZxA&4J@2L{S3-0OJOmB1pXb4FKY5N1KT~ z-`yDg-cCeXnQsLSIiSh`N+eJ-p&+-Dk?~VuG4<$Mouz{t6j1E4^8%gE*_d=Lq%S$7 z%-q;I1{VzP3*^&D!!D7{H}YQD z+t&bJ3xv|lgk8W!hDsj@vk7BmEY;8w{x6s^^W6&0jR)B#oIx_BE?ZBQrPD#;;|sRx zM9d^1uoHm!f-LQHnK_Wpx>%YNq6xJhOY3Z1dGSPQ5`c4dSG}b^F zCJk$=f!s8KUxHZ!9{lsE#=AZL!_7PCKaWm%}w?ZV}x2E}7y4r1u zpJLmMZB^i0=E09E3a^s}FNxs>X!{*&H>w-U%FE~XPMo|d;c`KsgGj<1j3!@2m9%L2 zYRWkYx1GxIwJ7AFKe{4<9H)<*rH>rt5rs8 zG+JvpVhupS2zDCaq(F-054!}}58L9_sn8bm1%@g{k+{$2g6F?5tS(JLWVUxCUyGby zM8;%XLd6Vbbo!7UsHm}s-P$aOMh>x0&b1qEcn9HO*l}lfA z_8r6IA@dTMl}~1ivzDdHcDOd7fB7#9>Hr?BA!N?f)LtV~6(_5l9;h7qmO^A03Y*Sq zz_xW+xl=M7_;H!q11UQ=?Z)8kuQWNGt>}J z*o(gP@(R4W7kMJ?qrQ3Rr;{p`X-&R9q;?CoArmvqyYMAm@ST$>uNju+eRBes;(2%) z1)vf-#2vmauwnw7M{9xZ^QN4%%d+gtJ<)i%j&&iax{(gQ=hWa<% zG4`(S6BQg#%R-BLQE9^qHQ?cOisv{^g>Wxz@TPwHL+^e!9S#2*-QsN`;}S@{wVKU0HC!HTO>eENSiX2M1!p0o2I?PJ`U@~P6=Eu9LxKkWDW3ONTa!C?1 zB_l{1JFR^@@`YU+#<5cAYQ4l??(j%stpF{1i|PpMKsH90#oAG#4K{u@<|7tSelXB%6MbBoSJn^X6O8qUOBjzUL9&>yNk$V5dB?#upS zpl-D@-gHj5u+h*r=?Q;bK(Na2>d0FwHa2NfcN~P1fPG`Xfipi@^azduirc!HGS^XK z?%xL+<5EdyoI6gRc-#fh)G8~7THhJ0n}ekV5;%glw)I@*gCP!BFCamO zAXJwd;QeQ^-fi&vclfX1$D6BZWo{l1Io7dC;3@ZFs$MbW&g*@P(>+;BG z>pyD*NhMLQFV~3d@fsm3h82|p04%^I-Z9WY-w!Jvbf>`hNB_FC2eGfErKPYJfeXTt z1YTYpa1LT)WmDD{7PRJOU}IQtYXv7%*pi{aR>YpZE{Sho$;nG%&ivTP*~&uAmt6WD z7XZp|kjcm(;sXcZr~~R8PzR}n(^aQclT?|p7FzHRZ%_5yZ@;~s=k?JSCX1H5?TD`e ztaZrH-c5lE^YQV4L|Slp7TJ!XEwC>=Pld{;qJsa;Tt@^3Dk^yE<${ZWfj1?pA0jMWfsJZyy;fSvm#e9F@iZ)Y0ppsPxj7hwS-_l9KAb91+*71#`WjrWHC(RH zN>pYl^fs&AWE666kMF`gMs$aCs3%{uk)4#41%RPcMADu z*VjKrMoPMnrLlsA^&q%pHa9mJBrxXuw(tP@ zW<)01E7~U(G!MaXzO%2d4~!ar{}$xn2ocxS))ufFU;-ad&=Lbic+v%H%l7w|WS|Lt zkL6flgkqilGDvxfg9)>>{qyCC?Ju&AVEdac>T+s3J>~NgrQbyuB}! zKCi7&4yU-{G9d7dJc41T^7yEr~Y*{SX32m;GKtJh2M-kgjY%09Jem!;n!~y+xH*kZ&aI3^+i{?jM zZbPSkwNPzw!<)XUM8U0A#)bxw1lGD!q_xTt> z&UCueO<3F>;zmq_yy9%7;(yQKu#n2A7`>C{XkwohB$92&=FKfF+kfBHOP+!_Kef)Y zB^|T>pq{oDgey7V>_u$HN`+vyLL@)H0jZcsf;B4&q(ZG0GVcTKkeRd z<45-2-=8njs6vM}G11%6f$YbK zqcn`tGBD_FZrHc~Tbi&?=-i9*QuhisX4G7op*DPRk3I5fHyMD=J-8ha(&EOY5~p}= zY6LPI#Xe_-_S%OK&IYYD_R}PE?kPejPe=((SIW_s$OK;Tqi=EQJCoL)%FRyH0D4+k zsi5MQx!~PM^zU)S@Ytwzco~^8?K?zeV-fgGS0u~~hmwi5elSB34pxy}S3=Tw65EALSYJrf=1 z*f0|KY+YBwkY;3LpuT~g z>b&|s-Afl2$VL(J>_SBMFf!UrR2$pa7-(uT87Z+u3kwN><|VnrUWtLc^>k?T_0YF( zW)Ob>YS!YC5@GQ6$j?*QlY@TfoUg!)feNhtt_yk+N7OO`Ld=~4e{$8UiIa5iqj0qNy+`JP@H zx@$OT+YY?|B2_E6^%|YA8kyMfy4d(gcnO&PX2?sYMmt2gw;k5%xc0TRGcz+~8r6A? zO%X`qpFU_ZEqLCO1P&hvFu`t%O(P3ZCnLpQJbw?sXk*HD$Wf0_zBSEr-_xTP6<2Wl@ zTCHOm()a0eaa`A6G4a&# z`O-9a&6l*H5EKWM*KE)GR8~pj`=$NdTG9n}L`D-X5K7LE?KwC&PLDs`b6=hV;1OU2 zfUn||GWoyYVqu9mEUG}=4R|)Z=fcxKzW#y3$R&w=Be)P#+>*WOQgkJ>c=d55Rf+ zjq?i&!vIo%m!TnmOhY;9dZV9M6x#9gn6Rvu!C=zLYBfVKnvA^uvvW2&+JBFx;*p7v zOvkkFe}4DNuK&kPM; zlZ&6;tO3DvdT)tUzML63f{mGtyde$p1NMpQJ~N@S9lD@J*{a{`1wEFPHybPKGOYB| zU9hhR6En?`OD`4x=Ap$Dyg&bjhbNwSIU%i!bqwUv_YX&6x%kitWfn^DY)lyn<{l+- z>cRLjpF>N#y*l^DIoNErz_lRSv*~|8`3z9`?@xOQrnR9qeZy zG$jvgkK;AtQP-9B^>rD62IzlJqy)o{qkj*@XvCc=5Ba8xp0553XHvv{A9`RTUAW3Zx5^lixBefF}>J9QmFn z@IHSt;q^WHncg1FYsRLo>swf8>)|1G&((ZussVQLk>c4Gu0kP*9Z>ErUcKFptw1Tc zL0mJLvP;1Izu(F6?No=Zk>|niLx~HfD@!-G69_GbtR;v&aa`;sZv!vxDA)rKF=Pw( zUS&s`;fyN7mp9$+T}nBM=@O8GLLlKl|M#!|plzSnaN2c6_)uT}E;P(&Nv6XzOzq(P z1;768^X>$YYimnXJFX1C1%Nkr0nFwAvxkLpU`RtwzOuIVAu+M*QnhA~j4y!dU&~`W z=w@zKR`i=!bnET7Vdz^H41|%-c|_l!bUj_yiO&TZVO3FPXC|JjLXfn z1T0O&Ws_5aA-W5?l#*8qN+9*8hZzJJ&zmnd098E$@#4n%x`^X4J~j1&6q{$y`0fA5 zKuq4o`X_$$6yA9jb=_nIznPiEg$4UBUy^Q2{Zz9qzadSAW_683EtTwXG<<`#f8L&2 zxd_t&1T7dh;MDy#rNTog%BduI~s!N~+QH3|cD~g$A}qm7cP<4{YLF zJepO-_q#DLN0wjtuQuIuuIXxrod^pOCXm)g%K(h|J~cH3%4dj9fwEt3l4T7?$h6Zl zy%=6;$oU5Iap=r+7$P~18pY`7=p-akJ{KY({g=q(zlhC8Xlm(#c^9#yqy)(|L!a5& zf@?ENtkOzKTucneS>gWbagzL?bvZdZ(|O2E!7klH_Ua>R0U**8zAg#GKJR;%&ru%= z7)LMW1H8F?;sHGHt~E_3<@mw;OV@IS#mZ8-(*%Wr7O0h572H%wFan<3N_^pU4ss~I{^kPSP|5|PzQa7!}lXWsK8T{H(I)}cn?z2cTPND z?iQR55XxAHMJ5-?-wXI{X-&qj;X=!AH57nLIWLh6N@sw}0krx8SyINvJNqjd!Rg?a zdOG`#7R<$0p`ZaJ0>Y*+#m>^w4FX7ds+uv8vOF#?dy}E(-*Rw~SX??9UrL#d2yu5h z`l7I7>?wQkW?ze1704^qlKPibg6nBPIn<{Gk4;$Q#KJu?^9!)P@UDnC0%%{A4 zh9j&@^xT}02j7G@>p^S05xYoPbF=7rkX$*E581bgHbdO_fnuhRGy49&ORwSUXV&La zNIEC&Vl+s$lZJxB$0|w=4%iwR*mjfbD#~YTKR^;alEd4(d0 zo)Vy@l|cs}P2|A>#1p_Mxm1)nRFvJFwmz+I=%2)^Y^*Q4{(!H`At*@Gv{=^lABDp5 z;Je|iH?l=f(qyrbTu-9fmUIcPgL&v^*-Hm$rC^{xumwZYI+!jS0^lg1dl2L?lB;p6 zQUD8yRVMAu$Ey}2^Ow(g(DNI5AxsknGRX-EWMpJHs}(>afuQ@HzbvKFF-o;r=PKtO zasIQy{f!wHbXp4cz`tMoheCw-MgP#R%Gf4v4sUOysNi5ha&rHw7sOdvBvXwKvWZfd znXmB(+$mcf`3aX$_hNFr&V}@@UAQ-2KxAZsIJKo^|KOK=$8;XLH7wOz5Lf;)d0Q=w38#FY)B)`5VFhJl75oljo}hHe6djgZ0j;B7dGaLY3{2Km2gy^ zva@b3>8kf6pP>~N+NDx{mvfZJ8vUqzefQJWw)X2}-g!FpYOi}FxBYV2ZX5Jl%$F%J zVd3ItV*CiD7IlV~H!iQ;TFL!?Inb+IeC~(qAXM;zBG6$mM|)&{rWr*?=Qnf>K;nuT zCil;@Q@%y@;r+I`5AU?A=~uZ&Z=j@pLU)Bf@F^%>gZTx_=&6KWzRA3P z=P#HU(OR9UD?&5Jm8$A(Sdn6Cf9G%W#dssM8v2{|p+$v$f&r5lI!sT=Po^vQ&n2QM z*xIUwFVPF{Waj*E-u(8Drl+jb%ZmN{oQ{N%J?|~)b*)`!7+`1#BXwmud~g<@2T$(B zvYTV4Ek{^iKv*-ZTiCt;{j*`ISr@!iP(Nm$YY_%zfRY7FBNP-BSBCTBDUP(z|89ET zfCs!QK23~STx_iWRC}?ee;8|7s50cCtgf&70M>QuIHj9gf&gww2@dy@$B%1ZpaxS? z4I+LZCcrd6L`aCo18>IVd=uC1X2L|rMWu!QTs~jtF;*R}-DEBQ-Mfweu7hW^#%0$3 zGJ#l>?_m9{s9uN7V^L!7{VGh>ue$L;Aq{xOy5(~t&U4(-BP@>Jnvk5|Lm7m zSXr#VJ~g1v|K|ioe*>i{{e%b0>}+7DU;f(k7TKzoQe=Zn8Vl&WVn2Kk1!e+7dhDH? zL$203BK@b*)cp1L^5qs3SoXI zU^}Kp6dN7=8OC~)+%NVmMnCs*|1E@ZP~#sgtd9PG2B!9Odu{P3y!a~q+eLimhFK?t!3Vx-H$s1#$tZQ1@ z8*>p)Bz8ysyu}=m88dKwCAo2M9jZ^&AAKc(V?xKo>ZKgHEMX55Tb`_`XNmCVfTfP| zO%@f`%X6@^o&aWp?jpJY#4w`W=HA)Gzkx>2N?McrvxcmV9upi8v2Lq8e0a3KzYeo0 zP(r57HvpFf#stuc2jJ0uY1h7kbw|W@quhG_3!7oKri3b@*Wh7-f?RmwJQz4h0t)(U zvT=m|9pT37x@ts+8`3X%qB%Hx8=6JOOD;4##%MOSW~bzjm(9;{o>H|_f0IPhd1h{2 z1@An7;DAwREZznx4Y;}3J34wCt|z`G?|b;rtM;Cgd!SBdFToYM_uqpE<#PpDNdIlz zB{DufWp#3!diBmn+32xqSJa4sFFhU}UJn?Z{^dS(ScHlPnC>^DV^Bbf@xMl~td9?2 zI=w$KG6G2oFiFoV>H57;l-%e*s1qbQ=2(9<>iHf~)#DHal~8bJEs~YSKQd!f@3aC= zG|&~pXeGosIDUXv8ZavPIzgTrP};N|kIBIM%_OjBcFg5C9D~Nc$=mu!c3QbQ!-6_d zg$`ehh&fV$Vtpp_1b>;osqkdl|LWSz+xRNFK9#2|MK7oEi|Nbdb11A47$Y5_DZf?T za~#TVHcF8@GHL%qi?tZ=OMJ#Z9(C&L!m1`(vWM+K@1xLcIoZ!eoEsbu;kVEZ1Ki_C zi-C5R3fYi3f3>(o`i0`{i@`$asuwjS{`)U)QPjZHLrz8pXnBL3ojK5Fa%dMUk5zD# zRUxK-7Z(>`Wzw}?>I80}2r3ZR)e2X~hcohOf6g*)FP5apB1(Kf^lCI$QVaS~a4dy; z0uxLPr|n)1vE%?t$ZR-OeHpNaBBoX!_&fIaw>V0Wl?cPlb5?nVLz!WPxOuZ5g-0rJD=WbTZL7ZZt55fU+4c=I zD-36kx7FDGYgnky)j*TbH$eJ3j+559TD*yT*Zz^!D-+e1NnP*npasL$U z=o&lSn?zAL@T7QVrDWLfz1znI!qpN)U2b1|-}qO*tyz1{doU8Qi{ejl#h;xd=xPhJ zVkCn`kHZrJUzYm7+FRLs$Tq?52pigl|wL z3p=zoH%l@^YDyp~QgCa7t#le90ssoyodX9S7)vAK(Rv_y%f?0ktTG`(n~>1t*|UQw z_bsj`^{y~m-cN)V%j;;;1!gZm2l@oDGU`JYXGg%4XA3?BniRxeUO@#8BS_e5sl+`J z8s}jO4Tup$SYnfKzI1XzxSWL*{(5o;m^(n?g%`89stOnv0P*Z6B3K~+wSeyfc+x1J zcEZwyeilZ*WLHQ|R6!+y=(SO=QhVF8lY64CS$$fP>!D1cxu>*qLKGptG2J)wWt5PX z7Hl(6zBV`0v#}{=T7wQTAei@acV36CM=*D0Mlg3q86gBsV)f?c>o#FX>I+puY?_UzXt9DuLaZld}=@BMiFYhT|M5N*~cpS1?yLVR_;=Q*TOPM4U< zCnFq1AntRt#^IK%I$R)`xQ8paPb(<}XJ#@}n=&&o!ORRixGn&j0mf4LIJQni2{2xu zdxPm--SZv_aEped)4e@#3PuomP7kb4cXY$Z@_YHA4Lb3-9Lm+;U}wMmq`q@*2Q&$} z-X;Y=G6J5)=`MHUvB}~3Xn}`MZ5ZeZWz{vU*qQOwJj9(Ag5z8sJ<&}#TPq^fvEf}* z4t3SyrFQ@E`HQKSSCi-E$whUwj?32f3|v&)SAuqrdXm(Uh>6=)+Y@78U{_^lgybRa z4XO|TFtt{8-G>@zG$U4x;{plU8kvNI$i4zMJZI)3Op}mcg~W83v2VOPTrV(IU~_TsLJ}Y6_33`Dm{!M=jDty+>4UB5ro$bmOT8i36SrL#yn~>&OK%c^ z2t<)~3Yc>Mmv7k@_8S%!7HB4iO*!4&-E%dS)FJNl6XaaTs_R2qvhXV=Pem^;uZ@51 z)3u2@mk9CA)z#Mv--%aK$U?j*u<<_wsCsMYaB7qpFYl zNde*TnYN*`05S?aiRswg!itth(g48&m$KMql#eE&3R+)ygT>u;Wlnxf&VKTV(b648 z^}fOdUad5%Ac=_p z9@{ix4^B_s-rlsdDX=5naVLeEIW!a}QAPVARfeIfyL*3kH_x8$VES|gnC9T^ed5jz z|1i^g8x|eF_Wcqsz*gn+XGUtAF2HGiE_`Zl_ZCctVm#4<8o(4l+J99$d0GQ{QC(Lz z*s+lR6BW4`IvGgsh3viCu}Y9DOK~ZLbHj39{@nKD)km=)_al6Q=I^2b?82{5k$l>B zR-WKtUY9JaB0_YC^-kC&B?k?e|E&qfD=l~G)ZhJOG|0d@02|Vm8)N+3+}yF~TV$=r z-p59C$P&%BTwZ4P>K(6AgqFZsfGN7Ijg1(9ISWnLHKlo_)Rv;lw0mwIE}|~9w`k#i zMz@S^8Kck_3lKj_h%vvYJ2gB5>;eQ69T1T0Img38nA82L(fXKavDzf-oPFk3Zc&p|i{@@x`fV#G8<;_BQ1C>fBvn|8+07#jN$;@WKXJyrAdXSHVi;JS$^1_-C@yS`nQNoa}-dUsuMW@iVC9yNPmI7 zund+qVk98&*u4iG{87>&Sb(j_!_H5^oAZyv$fi;r4z7Mg+~VS8G2emqAFkieExA4v z3n@pkh3ym65_YDjhQ0T?aDFOamlFWM7=*jWeu;t38FG8tbc{SR+eP3lhE^S{Yw_Q} z#0Z*0@Xd#ZY}wcf_e?}sn9HcqU@vo@0B%&0(3+Cotsead8qt6fQ%UuaDm>a7X4Y{G zzROLTonXb*X)d)K2*9l)bmSEg;Aeb`fx+bKn`;wxxwSBbYy#~R?69|PnRmXY2d-F@ zPHH{~Q#;z)n8n2#A-or0Wi4O=L-%xdLLY_zKpb*ESarHMbvk(dfdYxpl)&k!M|j%q z-H+-CNmvpRfo*}oc_$3?Wo1OM>bu7!k3&e>aXo#QKIMdYu=w5X?Co{7w|CRun10^> z)?8;8m_0z4HmrHo2Jz^Cm~ek4^!Lm!U3C;2mO8Pe{hKvzuQq9=rRkUEpPD0DSz;VxL4&z`L`HrmJjMf`4g7 zq)3Nc12Y->zF^*yGT}^rq1Q!b6~#&vG&ASB?|6L1$aei8^d#>?9{h8eE;ISF{aI|( zMoPi4VJjy_`9DEpa62sw58mmD9IOZTGcvU^thRZ!tARH9-|iC=@1u~Fl@E@-+9>S| zd=&2EHvA)KIp8o_dgHU)u-lD)X=&1&_N6%q4GEIycuCZ`H}3>k-NIVxZmzT~u4t>U zc3q-osmd@`;$;+oQ*nAg!VB0yG|KV2RtfT+^$aFJ-&3HV)3M6nJ0%QMGIUm<9Fi;Nfk|26?y} z*FHYO8CE9J-WtNE>KLGSX&{Nc$u0phSRxdJAP_AYVxzO;T-cHNf16dSk=g& z2>l?-i)7X8&wZ;LqjLDW^_{<^rGJ$jX;x-XibTA35DW=ytn{=_Q|#Y9@RLfhYjQeY zN~HWhzoQi)bA;cKtAP?vltHxMDklfE<~kKwFY`DO5+S;xjHD(N4$GhGP%Q%JJ}6OH zQbG>JDZslx^n>~q5V>PWaqH|WFD(_Z|KpdEf{+YBxuie~`xFi)=18UOhfEf3Y@T2! zktE5G3J)q-_7$pLBuLQmk!L-WuP7jm1`h=-V)5hqqe#mCuwZh;g5k!ZJRMnxCJC zdYBtbtRs{00qwmDt48T@BNYuzwKuKO`D9@@qdd~nb=^$WI0c^PI0J*Tive>TTGsw; zncer?Ke4c|3(funz}057rSt#QI52q2WxmPHW%CSzUT6oxk3A|o8GHZ7fKQA6$ zNdv0-2FQ0IySLQaHd`#A242|43Fzr-X>6dKS%P}+H*9C{SMU*k#cePPK*@TqFvGfP%*s!|K7BcJA6j0o zi&L1a28!!Gc_MDwjsp}Qh>(HKI3Si1@l_5GA75cX_rw-9I_`U+V~?1a45rJQqA|2;~Mh3SDEn2$1K|m@$qhJ$Qh~H3onV zGWo!j4g4cQU~u={tQ4B20!S@_6lpkp;WtAxk>DF(4#Rmp)Z6<7YCEV=_OZYW918~r zC^VpsLUf$`llX9Rt|9hb--(F{*DGL|UqHeUusM++T)Zm+8x<%?yt^F6g(7LgGO0i3m8mapR>TM+IA3;QokzqBGcYXALAwW@xl?GU8@q zBj+>2>^NJxuSHBF(SEWw(nt+qrC2`iFuJ>6?prj(3klCo2y+_dtrTKoW5ek&FF}mu z57!91X;4Qx&M-@0K7|rYU0ofzQW(F&-kr@&CH!hWkbn_9K$}iiIp7rn;*~}1Egw2f z;1M@L8PoLozzX&+z(qhD#q$P&)B$q&?Gp5-NWkLq`~=ueDE+Vo`}@@@e$x{%mN^Cn z@Izt>D-kjb4?poe1E-wqyI&ezy z6Uk}~Ye|1w+CwmgwI#^@azP866&Wf|oM$s;NN~FUZP$ z2Fc4&&fXx)pu_&hq`@otwsIz9Hd3s@i94~yujn&V%L{Ub9z8OO%4N++%j6E?L0dSG z-&U|hVJsQSLM66kKO&DG+Pkc75^Qp_%It~Bn#SAfm~g0a*b_5$%j``M_c=m5=8BS(KI zs$h9Z{_K=QD}}kFstVZUDT#@|YAUX*{FI!W83Q6%$d&**5qOk-KNg&woYa*dRttJN z3Gd7E^AiVK+YJc!2D%<(l*1ojGl4?^VLGg$()ozI=46PgDK zsddik4txG{L?N<0JuAJ*cj@0QF8r(&8JkkQb&Ir)F)}bO_rgwt>c+(!o`~q#@M-5O z8RWN5p=Sh>a}W^1>QYJ5z*LVb9VYv=MBXu&={r ze6YO@o8Jf|jlm&jmK#)0XWBd_d1)H~bH<^msm;a3IE0|$0SM6)Bqh`8>OMRcl92HB zY6p)PvqjL7XlrTl_UY^Cfuxo-6EGYA1D|36-4#k~1=8=jVl+j$xj~QDp-hC`^6%}0 zxdn^V!O>CKsEyJJ{4>x~v1Wo$!O6+V4}UR)obQ*1MFiS3LPJ7G$k$X~P{0WUcYH`? zNlH#`fSJ^%Pc&KA-pjyxgoO>pfws1`2;oiM4#WD?gGGEnNJ!S;F^T+q%Q4N($R4-F-fnh(;rwI zfTO#;{rM$HR(7_8$1&aGZg}sqv){RG{`u2#7cFu>&A3DtDmmEBH9$sORu+9Qqr-2; z`5pxqHw?Iz`}>Y*YMo1andad01GEH95NQYs7Uif@N=XOBk(87(X={J`9-NRw`0SbR z)}Kwo^a7RMlv~-Vkyk7ak>2>1=yI++;RJRQP^v&b1b^_uSKLo5!`hQEGJ?2+v7VkV zd_F$DfuBFq($ia(_LvKK;Q1we_yDu_MVq%h&-YyGVQK8Sib*Nx=)}K$d+m<0q@;0g zOGQNmjIkhY3oHd0B6ITclny^XDSTgYU;I~*QBh6~ykcUvObMiXe0?<@JpwH36Rb=0ZCF|V(R} zPUfolbk_(P3z&8N`0-=Z#@WE&V^-F4C~0J5WaQ)m;^Rr*wZiIt<>F#a^8ApMfQIH% zQqpVKlmViGKGN=dokvJ02QG5Ev=D9d^z@A?4Dn~Y%VY7+wxeMG=1{`(-ju7qKwF|iU?dO~8$KL_lIKX>2ffvjb18*Mz9(?=x^X<*){cDyd zObuG_*~;`l)}cMXC1>8zna@*}UQJg$U>UjjiBM#n;h%+vu0PoB#J~`tIUzj3^k9A~ z0}y;_?_mW}3iT%zQ1StQu_8>+iKwDh1-GSe83~Y6crWUz6BNg!1Mv^I%Q{M zBy5ZT4*3F?egTbXnE-6m0^2RX0fDNYd`Yg(>7@(}p`6z@KClMfNDkaL4VS}841a8%vH*enh_3O89{|+3HyqPl- z)!g0OfN5~XCtwOd$V>Jg4-OB{&(2O(i;j*4_U^dIJO{V!VH@@LM1lAfolpUXO@geCwb CJYGWp literal 0 HcmV?d00001 diff --git a/docs/network/MESH.md b/docs/network/MESH.md new file mode 100644 index 000000000..6854f01ce --- /dev/null +++ b/docs/network/MESH.md @@ -0,0 +1,123 @@ +# Zero-Mesh + +## What is it + +When a user wants to deploy a workload, whatever that may be, that workload needs connectivity. +If there is just one service to be run, things can be simple, but in general there are more than one services that need to interact to provide a full stack. Sometimes these services can live on one node, but mostly these service will be deployed over multiple nodes, in different containers. +The Mesh is created for that, where containers can communicate over an encrypted path, and that network can be specified in terms of IP addresses by the user. + +## Overlay Network + +Zero-Mesh is an overlay network. That requires that nodes need a proper working network with existing access to the Internet in the first place, being full-blown public access, or behind a firewall/home router that provides for Private IP NAT to the internet. + +Right now Zero-Mesh has support for both, where nodes behind a firewall are HIDDEN nodes, and nodes that are directly connected, be it over IPv6 or IPv4 as 'normal' nodes. +Hidden nodes can thus only be participating as client nodes for a specific user Mesh, and all publicly reachable nodes can act as aggregators for hidden clients in that user Mesh. + +Also, a Mesh is static: once it is configured, and thus during the lifetime of the network, there is one node containing the aggregator for Mesh clients that live on hidden nodes. So if then an aggregator node has died or is not reachable any more, the mesh needs to be reapplied, with __some__ publicly reachable node as aggregator node. + +So it goes a bit like ![this](HIDDEN-PUBLIC.png) +The Exit labeled NR in that graph is the point where Network Resources in Hidden Nodes connect to. These Exit NRs are then the transfer nodes between Hidden NRs. + +## ZOS networkd + +The networkd daemon receives tasks from the provisioning daemon, so that it can create the necessary resources for a Mesh participator in the User Network (A network Resource - NR). + +A network is defined as a whole by the User, using the tools in the 3bot to generate a proper configuration that can be used by the network daemon. + +What networkd takes care of, is the establishment of the mesh itself, in accordance with the configuration a farmer has given to his nodes. What is configured on top of the Mesh is user defined, and applied as such by the networkd. + +## Internet reachability per Network Resource + +Every node that participates in a User mesh, will also provide for Internet access for every network resource. +that means that every NR has the same Internet access as the node itself. Which also means, in terms of security, that a firewall in the node takes care of blocking all types of entry to the NR, effectively being an Internet access diode, for outgoing and related traffic only. +In a later phase a user will be able to define some network resource as __sole__ outgoing Internet Access point, but for now that is not yet defined. + +## Interworkings + +So How is that set up ? + +Every node participating in a User Network, sets up a Network Resource. +Basically, it's a Linux Network Namespace (sort of a network virtual machine), that contains a wireguard interface that has a list of other Network resources it needs to route encrypted packets toward. + +As a User Network has a range typically a `/16` (like `10.1.0.0/16`), that is user defined. The User then picks a subnet from that range (like e.g. `10.1.1.0/24`) to assign that to every new NR he wants to participate in that Network. + +Workloads that are then provisioned are started in a newly created Container, and that container gets a User assigned IP __in__ that subnet of the Network Resource. + +The Network resource itself then handles the routing and firewalling for the containers that are connected to it. Also, the Network Resource takes care of internet connectivity, so that the container can reach out to other services on the Internet. + +![like this](NR_layout.png) + +Also in a later phase, a User will be able to add IPv6 prefixes to his Network Resources, so that containers are reachable over IPv6. + +Fully-routed IPv6 will then be available, where an Exit NR will be the entrypoint towards that network. + +## Network Resource Internals + +Each NR is basically a router for the User Network, but to allow NRs to access the Internet through the Node's local connection, there are some other internal routers to be added. + +Internally it looks like this : + +```text ++------------------------------------------------------------------------------+ +| |wg mesh | +| +-------------+ +-----+-------+ | +| | | | NR cust1 | 100.64.0.123/16 | +| | container +----------+ 10.3.1.0/24 +----------------------+ | +| | cust1 | veth| | public | | +| +-------------+ +-------------+ | | +| | | +| +-------------+ +-------------+ | | +| | | | NR cust200 | 100.64.4.200/16 | | +| | container +----------+ 10.3.1.0/24 +----------------------+ | +| | cust200 | veth| | public | | +| +-------------+ +------+------+ | | +| |wg mesh | | +| 10.101.123.34/16 | | +| +------------+ |tonrs | +| | | +------------------+ | +| | zos +------+ | 100.64.0.1/16 | | +| | | | 10.101.12.231/16| ndmz | | +| +---+--------+ NIC +-----------------------------+ | | +| | | public +------------------+ | +| +--------+------+ | +| | | +| | | ++------------------------------------------------------------------------------+ + | + | + | + | 10.101.0.0/16 10.101.0.1 + +------------------+------------------------------------------------------------ + + NAT + -------- + rules NR custA + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + rules NR custB + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + rules ndmz + nft add rule inet nat postrouting oifname public masquerade + nft add rule inet filter input iifname public ct state { established, related } accept + nft add rule inet filter input iifname public drop + + + Routing + + if NR only needs to get out: + ip route add default via 100.64.0.1 dev public + + if an NR wants to use another NR as exitpoint + ip route add default via destnr + with for AllowedIPs 0.0.0.0/0 on that wg peer + +``` + +During startup of the Node, the ndmz is put in place, following the configuration if it has a single internet connection , or that with a dual-nic setup, a separate nic is used for internet access. + +The ndmz network has the carrier-grade nat allocation assigned, so we don'tinterfere with RFC1918 private IPv4 address space, so users can use any of them (and not any of `100.64.0.0/10`, of course) diff --git a/docs/network/NR_layout.dia b/docs/network/NR_layout.dia new file mode 100644 index 0000000000000000000000000000000000000000..a9f59e20a694c6e926af162ec1df94203e01d4f6 GIT binary patch literal 2884 zcmV-K3%m3miwFP!000021MOYibKAHPfA?R(QC`{^9fU7_;B?MSl1|%)-nDbN_8vWy zM9XX_(nC>p+=u(y3y@T7N+eAYgd*lvnK)ww!~zTKZ+`@KfggVSyos!bAl-&Zd_5ru zPplwbCaW-BUr+x1>tDa~CO^Kt`e7CN-^;)2)ZbY0iFm7iyPn)-+5Pvk+2i9Qik`N9 zmZT^OcW4{Te)prupUFbA$=fT-dRf8B&wTY=`K_O2X}H*Bfff6k;Ciy~m!H;YvWr)f zqEuOKnM6ryJ^0b}c02a!6FU(Pt8?h`4OT|)%QVqSncLM*@m)6 z_H=(#q@f=5^F^7m)K(UX*Kgmv<8O*4m0vv9RoBo)A=$=H*I|4tN9raj6hVEagW6&IaXTzXz{;r8Y}Nwd@svtyBqB#8n)E~IAZF6b|3yYwSD#oD^1 z(Tm$K%aT{xf9prvE*&Vo{$g#XTJAaxSM7#dDbY~NW4OxhZay1QS5f$|MEa!UJE zzDUwlkiOP*j0i41gbPfFLwbta-X)JWH3YPScdCbi+4H<_GK8Ol>@i6{DLdG0YwUpN z+5y2+;u$mqfdqG4Z%Ujwagl8^Iwb-zn~Q!zmq{Go1o0~G!U-L#DIl98i=duXDd|se zQ}qW8FATV+?JRcNn>&evQPA2?B6Zu^Pl_lOd@B1(xJ_D%GFe0omOzxy_M%)4BBiQU z>bat|sEw$=&hfa{6m<|6Hc_>5hC9wnH6`SvlXkH^8j1b?ScM`Lm9Vlz8jd}&p8xlH z!jD>2^DHf&C8GK;Id-E5EgHhqsjjJ0p*7(6>G6@mPb#l8WE^RH!Wf76j z0K!D8-OIT`>yL*FY)raX>44w_(+xzmilYF~0KIK`yICwep&g0-; z_O8LfD}x!kgGU&1p|pw}LA$v6azMJcdW8}lT|E_@UH#DvXm<6=W0-aIZlmQJG+sW4 zx9&fCPx97kWF?r-nIng7D!qYgpTl2QdspkP`{LK7`D-NKhn)#mqXme zU&~rw_1C9PlwK~|({R}oS0DBUw)$TZ*~QfQ__SFh(F^-0rTyF5&RcOTgSIcBS}jpI zYKck`XKX8;)^~|&6J-A6m6h04xXes0fN3bK%L*7Zxd5gCa-CPd_8+2&s5@hjdK*Sj z2NBi%U2|)A)g7{vb+yf&qToA89X8wuzB| zmxW7nLbkhw+G7kRy_Ga9o;%un&NGYW)P2Tt$vVc5=NbwFJO?}nJO?~)!E<*2eolpP zeonn-ey$dP#?8X(*z zdJB%gz800e161aELaTGI!#wOGO{$jh?pwK4wYkuY)=~(oUCPPM(Bf zGT>T?m`X5GdjKvHDvQSD?xRK+;_P>rj<2j*)b|rq2Or>}O5UAsY4?X}Z+Y2EH(j!6fv`$nSG%*8Ug{ z`C4K09F8`7)X(0uk%QTk5=31_O@@gVf^vHh_MCdirRsUEXZDcccY#=Kk(_PEP!2z!9A2Uxs^#rtnF-clXS%Q%B|dsw$W`?~!*>wUP+lE)ym z{`H}TZBhNCKXrzx$tcqNXds5mFj7h!cgi@j?J-A^_EuT9FjC^Y{CFmVBN(!)fXaby z0pEh-CNA-~396k_sqVlrdPX}{FVuM!6O~xc)qChjvY396-3Y8amkA?0BMxwD^MNsy z*$BBzBh0L%`ZqoCDdi?HiL1z~0+W=ek>C-)k8${^PCS60v%-(gc8QVeGCE+Le%2=I zd~aC4mu;p9*ZzbZ$D#Ql>!UjGi()`NG0(AG!VT_> z+OQD{8= zsBW=U2+v4<^`Sy|=8TxbyGDZ>0pS7R0pWEKzP|=958%ZBmmwMjc$G_A0z4Jt2Y3y2 z0l)*m1Hc2ocR84q;Q2#PywL=LIs2h2vwQU0)z?()ny*|$v7OY2e1l< z>%l<^-~QoxY=CQM4IkFvDUwiN9YKy-)22v_0`H-+1@gTzyYiRIV7mnnG`?6@ zosj^7BRtxQX&)k!FE^Py+6p7#RGpE4OJl?(?L#|M5V_G%b&+!>g-tnUVg)w2z?lG>S~wF1 iY`Pq5Dt?drryzZMRs16Vu2X;W_UivNBa)X6-~a%aONLwk literal 0 HcmV?d00001 diff --git a/docs/network/NR_layout.png b/docs/network/NR_layout.png new file mode 100644 index 0000000000000000000000000000000000000000..2336642790f35972eaac4814fa2547c9be1ec708 GIT binary patch literal 39589 zcmagGcRbaP|2BS7WOW>pRk9`7BrChJ6Dl*2qOw9p$;y^dXh{f3q9PR)Wn^TJY$9bv zX4&rR^!a}7-|v3hf86K&_;|lRI-Tw3N-3=NKKqvfC_5D43}wKR!p4)^f34JljAwB3uC?>&%GL0XnvA2cROpU5cP7a0=sZE6;CZun#3K*|99>C zYo9sFV1l;u=eebHedj4}-oL$jMta>Fd2HB119%-A9eo$Zk6*ZO;n*=o_3Da>43~it zzQZ?~+S>&bWC(V&wG?qww9T6Wh%z!VmLIMx{4U+_TbdOJD?dMzef##;vJg7|)tMuB zsh4e5J(ns%$mUg>G<4p7;K1*$f|2RLauF6f9!ccSNwxcZYL zvAelc{1ViH3Dr~yl-$yGycaT3H*Y2G@?KjmjE`^4Ir%)4fvbOT`P%Y)L~JaV^f|p_ z$8M&iSf4qQP9L;Il?vx|FYs!ZTUe#7nVDI8M@Ome64Qp2$m8zrZkzJZ5B?i|jSmm* zJm8#g>VLjNH;(wDA#vZypY=&26B8?=&FKx!E5Eu52Ft@*9bV<&DX}q$H&>( z+0)Y#Kh@OKjvwE#9)C|yFexd?!rYw5CULs+h0V{OKbh7A2_6hMa^30Fklu)xn8Vci z$qI#ZJ;a@|bzNQZ($aG{;T=16(ENMp2^N%ZtFfD{h}d4bvA!aC=CjA(TY}bR@&_0y zCMd40{5`6pb7g7v$G1<{72i4O>D?$TRf(D8NG-nm3zI=I1LqkJfKbNlO@#DuayAKw>f3GAXmCXp zQd0xe13z!(Ry1TGe4_UKd8{%qF>!6WoI!>|f4(s-J$?JGT@T{pHBO(#jiF9^=k=S3 zZL{HC#HLa}iqe*Eb4yooA_evgepUVD;O; zfB#2kHt7%%pj>gpv$@ZnIrhKziQRpW_ofzZx5XRhh3RQ-g(n+>V`CAdD;w(vn*#{~ zTX6|?XoX1~KYo1wmHE;6c@H|eDBU|^OUuhloX2)fFI{4zr@|Z0QsIp|@y0^mrCGeo z%j@smyKF_AOJ!|s%seK?j;VQYtKL&HBg|5TPTx-Mcy1jQ62i{Lrm3k}?X+}+`euz? zFp0`4Ca_J_jNnGylJ?8;o#!^5SGJY378Vwd&YVAb`SN~sEoc+;{QB{Sw`}ZSB<9+WA;Ak=_aWp(yVfp2@FG=d3KY!NT+7gH}$#=chh|6SoS93el+&Ki$pDpPT*hB~2r&yQjzA-rmc})TYMv zr77;eyPKPojLhovpoX2@aJF&QTg$1BftyhVo~5U2cm(`AoZ0YiYC|S8DUDSr<7?kz zRl;K^%OxDwmKQ_~sP^wKbSYU1t+Zw2x)9!=hx_{5_r%A7lP zTpp^RS!_Mq;D-+f)rGjZRX>MO36nz%e~+fAxA(o*?^8}rlV1}T_8LE~ zR(^;?*}i>ya1+AytiMNUEw1p=roTiQV^kX!mfLslnp#>q+Smlzbf);Pvy(_9cJ{q1 zr=15%IGLF-s1t)XW?<)do4LDkQL)o10UoA@Ltkd{lhLx?{&R=Ma2_yn+G; z2L}}u6$=Z?5Z(8oA*F){vrWbqXTHzP%`vJY|LIsnB&4O&jj{s+15++q*4EbImZ?%( z6?>eY>McUP%5c(Qx^R6>C>BhM@szGil08cu)ey4kVmOQH{4pXG*lUN z^nskD-|C`E>Duf1gWSPJ#>Pitc4?iLpgxRTW<_4)zc$Izfwr41GB-FYl;_!YS@M;?`5& zzhAd8Ra4uPs1tqThMm;C0pGd$&X;E-=~o8BxDH2iEFex}xm1W8G7bYJ*VsZuOH z^J{uE-n)0tLxHpW1v*5Mo?wc+`{V5F^T-=~$s(~ zb1mLT(67vX5x=@HzOcIFzB{(#=k88N*<=G1zg2I9-DJ-jeSLkDLQOBaVU`3+A-doI z4pI!JAJt-T@UcPim2V$6 z(Ti=0MCMVQ4Ww=|6&4p_u6-cyPEtqNpZb}HemKpFOSoI!Z5VAlMfqCyy5R4DQk5(7 zLh4%HOAfeA)c*W*JQ+DTx>>DsbaWw&=XrwZ>FG-rhv%iHX;;s=K>5`Je>bji8{QhZ{bBr#R7> z_pqrVRH$ny7`ZuXZ*JQu%f`lLiFW+FbbY+RZ+T%NjKm@5`Ync2k$&5@8M?sO*hb{n z#fuj$o~I-v43CUd4Z7Y&xJ*v={Zzg>KN>hdRHMEm_W(ddS63IuY}5D(SVlidcE%d+P*Q^b5x?5Ia^OpF0Kq96IS-kNokVV7KhKfl7f`^3Sf zv3aD!&y77&QcSR+nLJ=*Qp@Id}Li9^YI z8Z`pV%#X)=W~j2m+TY2>M)GWJ0;FkVNFoIH8br7K@ROe{t{&E(`s<7^X@^EWO7 zp&=prWo11lEx3cnCnlU69eexwkg-*WwYIi4M!v&J{_BN8tsmIXK z`*)l!=wcPKWIK38ra!VJ=<(y93@WQl_@*miWh(+~p&_B6=v&6wZO8*wX6A2n zf0~n{=r&vpEQMU>4OK)emPJO=4zAt$@#PLc zC9C);W)>DyIHPP6UEMFqie5u0eoH^@0C!hd`#Uo|EUTL2KPtgH?yDcy*Uws=0!+q;Sa93CEy zn~5xRxOfqeVrgaN&8dPHFQySK+S=MnOG`?-8!<`vZ>*ze9=tLixBP}8b?zUA_7EaB z;t)DkbhnwQKE>uAD90yGoG=kS4$Pse8&zY+!pw}*pykTiMo+JV!C*R1nGi|tZ)A)g z^XW9A=35_9bD;F7zP{7kx{7*rU*EOa;hNUR`sFJ`LaHymDLcsHiIxQY83{JjE=SpS zX=#D==Kum@*`=u%6&~#%~TG03QQh8UG z*^wjm-#!K|#@p@PyBF}VwY|OY&6`rUAGC}EOaU=!W`=HCqC+?HAAagz_4KLm<;x2f zJM!Aw+AQC?s+~M}r*UL%$@jp4H`abjnNOdNH>zy3wYFY#baZqtdGockp#AID3l0vw zMebQopX$8rMuNyXb(GAtWbO_8cWJ}FfN6K|srTV(d{ACwMpE9%9S;|-SE zW#H@kJ|u)vIg2CI27N?KT-@b92anc+_~SZwC85%GX35u=S;xiYw}9?#-{pClatUG> zU*>O$gxv|0O`J`pwB6~CAA2s%o;`A;YSU&aYKt(yI?Q+>eB6!6iXDi71z#5@gT`}q zcFc^7jJtO`+t>_#{|-2EomA|*;%ET00`^{HFq12X_t zuV24Dbm$OU=*uq0U{YAQ&&*H=8nr6-#}0YdZ>pZ2f2R80jWnjjirc(2#qPRJ&s+8o*vb9j-Q02%RZtgw3a~CcMhuWZ- z0qY0|2r$#i1Z-}{^y#s^jku#{V{KqV@}AzFJy|8!R*La@`_{z7MCsac!suH<+Ts*^Q9mB&WCr)6(l(s#yS@kw9qjsRj zlepluQB78ZB-w3hI~ffnF_L7cp2;3!q~7xN>(|Q4%7};vj4s>7j_T=Q+9o6$hzkqz z#t()O4gK(5O}zKfm6@SKmo8mG*ZT0`!=XEWQAAHZKb4u8DQ;cDFD#2O9w&fX9=X+p z;=a85xe1#mKp~`8jGGcSpBP;r;+Qb3FEBJi7y}k;-pGepI zE*%q48rQCUsPO7Z!`SJ+JYUn@eFgJ>t_r7|Yie#T`n(MakV(0rEn+!i<4I1=Ut|F? zUMgk~2`km}l+#k|2R?Q*oW9U32B{`P6J zSg2$rf?t~W)**s3Ij%NLxT^A_JFCU}~Mk<|H_Xu89Te*^L(Me#x# zM7_GN;_qi>cCRjG9e0tX{3t4UXG22+4j6!W$VH&dChfEY+xO4W>CFzvOZ+iO%zt%p z23Rn}#o|FfTj*qW;g?UJKDD)ZpatbW4@RgN1@29K@!|zOF2s4aw;@Cj%Yzk zHg@*&XU@bweE2Xi@vMuB|H>byORt&QZPG?No)3J@wU}`SfuZr%w=!}E&~}Bg`;`r# z`!k=hBItFC_W<_*fFA&1I(#tw?Gx+1{_8Vvxlbd@DZw+O=!I0{8+l(tFQLxpgb~7;#F= z%gYEKq!Tp{F>G$3!x{yC8=J(ptQ5cdie6&s;f*7pGy9Mp4Gqq?ON+z4kF@x26&5Z4 z<7%>ExN!r4gfjc#>fclEJSV|MRdne*DObM<>gdj$H)p@F0B->l?_g!6yLtx5q_eX# z^|gV^?pQAX(YUxckWF%milvy`o=4WugJ8Qv`+&H%wgyroVne+`@?KqWvBKat=BcSE zd3kwGXMqcVZ3motzqu97%*+74aw&O}DGl6mkFgf;gvuH~Q8ep-lJoD`*trsRbV*i7TFj}IYEiQ*Ka4CCDSzfyI zGC8>qkrhem&Ob{RUsKo6pnPTii9{fzY z!^XfM=FT0~_2PQt;`-cR1rcVP0Vt2fVFo*?B3#!+TKw3t`^~}_LhgjM^#)S$>eZ|J z_T^k#`7<^#;k7EhPac(_Vy~-$WA6L+mSBnHasVvPO5L;SWawY^m>+F6D>!E}+a|iL zl&hxBS4z)qqC;&txaIoukBtA9k4=YIf%dH(L#Pj7zp>ec-GJdn!F z0x;OOA3rjmKUcADcu-rb6Wml8#p?B|)5g|T%C4I9{z5oO!To35=jff2lapf}%gCw5 z2l9Ld5N_TKL1krSS=m3eiTkQz zI44X__iaHPd|;HRfxrOApqvt0ikRImB{g2=2XKZyWNB&n{_L0AAUL&TKIdIU!l4FX znvRVx+>6ruC9KPmq+yP3o$M( zSLZ4AZ{Bh1)-BB{pYxxZnn*kzqfI=3UiS7QhoV>x9X{+S{9+2cX@**MOB#;v;loo` zt|+X_?%&_u-2Bq`svJg;`};3WcOXz=Vqy>?OfmU6!75>jyE0Pr1iw3JHf7}{%`Yr; zJTo&kH?Osm%6a8Lu2xVG#VYDP&w7wS7AmWv z%D)$4N<>6YS2w4e4Yc#j%FQRbSsq~_WzEf!2M=0tlemK==)Y7~yLxz_Zsxyw3Mw*cgqAKL~THBLj)MTRNYwYoA(oBU1kB>*Oh>}ZaPEL-rl$5%L2JX9PL&r^Ozz`0hzOF?~BjV!XcT9wmgS@yL zKCEJD`*K^fpr8P6FZLK?>Nh|Ed*j@vFqr)CE6DTOa|KA<$%%=ps75J%%VXtX3@Cvm zmnUw=$8T46=*mBfakw~{xOJj|GD}DWP)R$bmNY-Uqo!@i^~&Vk;_C7 zpD$lZa&vz}Hyzp{fiy+kqUVs&;wEj`y7l`(Ex-##iDeiWM?N`P#Cayu7xH-XG_B zhr!X&(cxkKD_o~!(Egm-XnY**^c~nyORGgAQ|pPj){WD<;(hjzY!7a2b>?=O{%D<(7P+~sl9yx zcg-kz+p9nI2L{l|9w_
1^vZ2S$LVKJQ}btP3q=r))}0J;8mUPn7qzMuy6^>O+q zd@U=Bt6Z|{V}%$xhiv`2DqrYS_?D&;tXHOcG{4k-@i-GR1u*( zOl_qZGqk}qmRD2+^tf~THtp3qukfnxI6WX|5XtY}zSY{V-lVRtU*BDLG3DUZ!&$8- zpP9}S*$=A$To{TVdREZGDJcR`aUi}K8a9Di4o=Q{_YD|h%~iUMzw!>hTG#*v?(y#CO;rES5taAW@M zNAwgIFN0xWMm1hH%KF7^;G`{3*Jq-`JUc? zewkf*m_E*dIC+1R)96EY8Uo7AEk8Os8suq~tcbYy#{5`(SlCu256T4SZIrg>&Yd`Q z$`8yrS?L-hd9ymWyU(?>v`qcl`kd1<$NoGW0^af9$juCLO>0flsi~>aHZV9$4Ji`n z@u*d&hMSuk#4!7mlbcohF+hqex^K;``kBbB6s>)sj9vS&2KP4PC(!@ov!+si|6s$F ziMx02YRQQZ?1;5Nynwjog%{e<{_5-M_}^Lx#uuS}0GsK$ra+`jPD`^u=%RP;0Oz;*HI*=(|HzFg)%lh^7^row( z?d$Ig%y_zxN6A#eUA=Se?(PuT_}?Ax@a!>zUWlq-`qGv%)CS!K#YrKua8e*?0cNGvclBZ54JC5kzjNmRt|Kwa`h*C1%vQ}i{|~cA z{$a$eEG6W0J3vlo`KwlJ2?A^W5wn!?b$oNKDQR%MI$aC zkeQub)7}o8)Y9I*!`eVF9#<+UK3>|cI!?@ge-T9?NH;?=B2!RMDDya!X>?ETu^odA zz#lYdQZW!E27cUBAU=yzr^FP}Q)FUvxu1}4O^~FN6u2;mvWxDcg@uLQu^~bZ9{d2&bk*s?g{Ku;ZAFEJ!M-epGx9NQ z-#%j*PIB|`&^vmRm3j*`4}H0mlvKibg6Y2iI}LdN?cZy%yYhz{ObqGi>8zsW!6aJ= zHZ-S6$GdTHO@1SH04aKVErXjN_=B+J+O^9PqY7{`1hd{=C9qeh0|WjWfH)82E|q=! zNS69QQ|Rn3-gk?keJw1lz54QeGcyT)Ie!z@(!}b_PhUJ zu%Ws-#kyg7Q_=w!k~$6pNeWC+ipGo{neo@~{V#2|l5%p=uEFXMJd)}I)$i*kUb?f>Rw{!vG9c3kDw`F7ffh%H`1I^gVdu2O-);lD@3 z#4Y~m1DVc|+Ds0M|C2;5_W2#BC-~g5$jBpNo{HN+k~vN)dM9N20M|Z_jBVu-&D&6L zA#sUYzHKTrByuW1909OICje!RYaPNRdg{HLq~tL9BAgM-C}=w8xmJjMkVj-yq$DH&u}>HqCrO?O zRpq9pruK$Fvwlony$mBI|IR)5``kKZW3Cu&Fy@6vM?1~6LV+cQX=EC~?$X~BDQ^GL z6vtyCocQGjZI3y$ml;;vYTVM>jt|IJt`hs4N>`HUS%RPULpKy_AkT-{RF^ zC-wJNmpgb1)I(%bu61dN;??+O->`vef0Gyd8&Xs@irVp0+;Z~W?~-^=6Y`;qW0LMJ zzPvA`Q3XtVVq!bSOWdT7rzMID8dq0W(Or)|RO+g&73Sv;ZXEgD`7%AJ$WUv%u)N59 z1V=z*m)hc=^Zfbq^z>HSWVCfm!>bGM@Sr7xY#+Ez{3LEma5ZEZZX$~s&V5(@PFd}a z4HJKvpYP`7^_xsBzyks%qOK0&6R6z?%}31+)I2Ov0wn5AM^6-Uv>S*HNECDPZhT0{ zf#$aM_RSO&D1U?Fge2qAFuTy@z%xti+yKj#jj1&z>kTbm$WIk(jWss604A zNbHRkn~P~_X%Gdh3eM?kX@%DjpEgaawByR!`St?w^1byXXkVXW5C4wo6v!w^+CGM! zgYIlw;^RV4*z?xwze~!>$P$rqiug@(cE)X8oSQ(?lTv(CmZf2BZH;k%b=5cGmwv?M z0u5Gz8)buiX4nA7uZHN)4IntlriPkKjT*s|XW_^4fZqpk?7>aY3V52_2s#sUiTN96 z&gQ^s=7+>IPa!e-a#Il&+#{pxz5$Dl3h?JuRdib@9#N2vfUdBz>O+)=6Soj(3=8M( zl@G20?!l9zxs}(r$+TM@y;y1YQTR>NZ%#Y7+X9H-u5l@NJW*Ud;qKjVQe;fb zPq!k?u+6G(o_t#pS-Emc30^g*AjaGu8xszb&Rgv-dacHA&fXeMGh3P*=_ZA-W zaB~j%AM=%X=*+9MlktE4GEU1-ZA+xCL4$qQn^RBEUCq8xTKLSR2uh@z+%6|4CsEPd zso(nf$tLeq8(Mkpd}(iO-MRk)yi12M7oa0m+vShXS8dig?AKtg-U43603{8Han{qY zY_E?(g5x^(zi(RsF#gwyq-14dA|mc7dgW>Qg%DJ!m*i8<_J$v+X8aL&>%eVcGX?(l zSA+#I@C1`?^leVqJUAkqsDqIhl?k(YzC5qY?OMoSl|)s&#p^;%5mZ83%Np&OB7(iB zD*Q=b0xmq(c*5y<#f51sqdS=}tilNff|sn4Scs5qPg+{lxNi~Ev;ktb!sg6AFKO@J zsXN%uV{_HGf>4o>mls1Cax1cvGMjG}pf3l(hp~G3?{5_-zu?nItbBwa{Jnc|9@K>z zWFfC})2pLLk2XRVfBW|Cr_;fqp+l@hTvf~@xOz+x6=cT|Tc`j(Kfjd(@K%3tPsyU)ABc5zsK(MY3|8@OZaXXj_C41hx6yz zBdc0km|D{8@HT`6O-dD0%h#{C{l|=r6#+A@Tq(YJvpH5}{Vk@>ty{PH8Zv+-AN0Rj z9dcby@N_CK!IjoS`O8~Rp*>dT6`nN?>Q2+02{RudVhn~k=PO<2+6PywqhV#AxS<-N z)Z!JEgfAW(nZo(yS(oEa{9R@x-fa)GvOq7#2nD7|k{)4f5_J@q48POU*PpR3 zfLBC4TqiS<=o%s|DLM1^Z`IbtIPGtQS89Vu53fwdm?6>V=Z|}R4D|4&=#!YOayJ-z zc+$;lBUpUZcgQ4AXw=uumVEuJtdb$&gPj+N-FId1;~nS;tz#a6s;X&* z=mz-yg@uKk92~C-3+wCa;XOjHM^fFna}qYH(L51RQOIapBS<7IwMKjPlO5B?-p|nO z^>dI^d$`@&>sR%UzUcR9WvG0p0Be7BT)DY$M5BohWEBMXat#Sr1h z%qz3i(8R<(5;a&#uq#=p;TTv!2n?2HA3E>gpmorepnUXFqrG~lXf7z#XU{5Hd4}a9 z;?Fl4mAPldX}a0(XFNcJ@c-xc02g!(PEOJH;Wu{4O9=^S>FdKBMrP^0el@qSz*q!z zvGK0tndxtzFqApUTGRz?3aAsBS`zu-u~?)O)<`Mi{!?#v>>j^|t!-_?Zbjh9no`w- zlSV2u>-cAf;x>BCPM!=S!IKC&G5*J1Ky~@^Eg6_bDk>`vdQYb!VKsRNlb=uLZShb@ z#ymGZE-NDg5R>2ai^WNYP|ZMjFy-B}<$KL>cWB*m`Pvm=V7PI39TR@5Pu11buq*q%ozAW6c044`o4c~lT@Fkjzyg);Dv>b! zpe(s@QK%pH5T(gixpc+HKx=67HfV7CN`yt1x1df~Qb0Q_nYS((HA`BB5jW{uy^cf`k0AwST}OZ2E{4y!rhMHbt;?-sh^xw-+U%gY ze-9?112Qs(LJ60?e=giedShG~PEL$lx2o-={QmszF3iC_00u^U^+mH0?!_-IJ$U#q zhJ@;Xl16^*-+#8C3kT=s?oLM}l79m^X8-<5Yw%oJvtPJ_NpMh_7#rtgXAjPJFIGgi z2=3wQu2yN+4+}nOXKiH_ZF3h0#jZyh&Q`yb$peEDRbErQ%}q^rrOrlfVL%vat@;|k zrEx6f>h!n3l$4ar%pX9oJ$+`M< zglNyFGzQ-g=ljB^K53{IM@*F9glTS&yBhj>&{G~mhZg0OL}kwZ{fCb>{0u>?zHxA% zP-WC!@cjxT*4769S(!XlhW_VdUEmtQ_DP-e-Z8_)>l{x*RcW+Vd~vNH8<7)tWOJOX zl1k09VyZFn*U{*PwM=!>zM&74x;efCjnW8uz_DXINghJqzv^m**`l94DAZ`19B78# zmSDn9@Zj=O?r3jE&F|{z(e*Ua_|b3_!08_{q%D_Vd;FC1=|dvTz3Njk1d6#!D+>E7 zg$OMt%*~gFYqmog1C1VG-J19=CkupZVBn^x%AjNKd$PvI3r@R#walFA-)Ix{KGTOT=OCVa-2-22Y0l>`WAd9h>)6)P?EE!SDAS$ zMBgWzwiRZun}H33mz9#8QA;Pxp7Z)AQ=mWP*CmK_Z|}ETj*iJ{7)@Ob3*L2%QBA=l zz(Xq)5IRmPV|sd;>_z>REs~m#Mheu}2Fv~Rtqhoy_X z^W`6b--W9M71YjMjxzHRId{-zbUZz?8jQj{K*Y*iTlNTU!l%H+M~g$!z)){$+6fgA zbHE1NWU#Mn+ZK%h_;W>tmakZ^Y|Y!*;Mk#P8@BaViS)Z*B!ct>&gEwPAag?GV~yY@ zT&_py=@Iw)vcbHTlsr^V8yz2KVhUJA!Uj$@#r|Jm{3uE+lI&(%E zY&QnQA-WZCe{pdyAimZp>o*e}K5WrCd-e9Mn&H6BTbbBY_4T(2hIA!oeCp}B3b6;d z1_#HXLzGlh5aKj)=tdtuc<=yD)ns6hmoFK`DHr{(U%wu^OP)76f~tpSCGR0ZcpS#V z1iqr#--V0rUUvh@1e&6}`~s|0`}ReRnkxK3Pz3aqjry*e%aRgRGa@jh1bk9w#vWvufdMwmi zKxV&l9R#ODd2A39+ohu3&z}!Jd6~_v#QAjUgN7{xTufL(I%1mCYxAu~%fP}to!oWoj(Z0?9z1vP&>9<9n9e&fdc%*+_{4{$!wDpq^$)798XMQEC1r3S~s z!%88~!#d`QDGsawsRYhMdQ@ad$xD|nUqj`*YY|cGGxs* znsTvPE|XRz(P!v|EB8S)-W169`8nh}H<_q}#V2=jPVizEoH{xT6;&A()}| zN55Avj|uAC{dle*L>CYy-*4@T&GCS$@0cE@D-A`R2918NpBGFOQofjl@Ea1;-m|1F~Cfqfm+Z{Dljz*ZC*};**nc zQ!c#!vFhGPH}nPiD*RRk9`Cm}I6Lo_K6hjE_yjN>T0I(o42KhhGFxXbot{&@+L=Zu z0pGuUi;Iuvvs}k;3+RTi1Jh$C2Jx1bd>9=d`#||rZ3^U|%JtzpprEl=WBk+7GD0HirH8eIyXx7%(@30yKIao%2=hm%9IXOLT zZNWCCAmgE_NYYQh)Ikog=hJ^CEifAmz6QI~hh3d?-Yl()mSR|)%CC>=!%PWtQL6&$ z5bBzy$1hd$^`()NfPesEN~%D74S?IE<=4a>*h9uV6x6lmtxv<{q_V!q7ixnt0$2f& zV#rZoofg>)105wLC0pnkI49UW7u^C?No;K4Hl6V8Ki0cfMz%4oV`l-o5y3qytgJBa zJgF`;5NqLaCi@yn&uVMaL}O=5%i7fY%RVD%sae&)zbW4n5teE1%L| zltf)^H;ds?l3o#o2hsb_<5@;~7IZt#YPthe72=n;nAnM%#u@s+;?5(tI)3iIsmTjR zLe8(!yZJ+|a`5Di_PqH$vOXp1ef26NK_<@qHp+ghckkau9d z$OJF$^TxXE#5Diym$S2OSgoS{F)--%#6&p0=2w{?QbpFWlS~(qoe&#It6#o+3DHO# zI(cE0L|*%VBT&8i>(>(&7VjW20idI|sknY4s6PQk29E^5W?NI!XalQ>2UdhC_jEYV z89&PvtA(i1-p&a(LT%b6_PwH_JCx;a-n<#uJ$Ya3*M98G=z_;$58Z2x3JWD;pMsXu zdUm#cL&>*^Ek_;4??RoxA`7 z7DN>=j133;n%Oxy7vbpwGMFCh#g%@ID~tTe^FNT8nv)YX;56BG0s{p`tlX7Uiproy zIl$qyFXE-&&NO)~ralA;fzs&U@Fa30#t~zc0pRfB7b6Z%a$nOtvZJY`rHtX`g9jqr zX$PdGTN@k2_wAd&V5~}=nUS#yecij=Ftgf90mOMnYb#n<)c`^rdW7c%1{4Y0pKa^i z=n!y6RH{0_5`n(8IC0|!J@^~&7T8o6Xl!J#X4}498alQ{7_slYkMUv#nIr{=r^|bD z`lZ)-nQlmE@0LY(^gy77eyg~@8#YAD?$G2CPnoD*S@d0p(O`ysPq(k@qy4M%=vhdy z&=(DxG~pfu;-_A52QN41wMpPA^>KtSI}($UqDW--90YjWH2Avntls@>OnIK2z4t!xfK&H8 zR;q}*|MAK3x&1~x39Q40SREZX?3Eo=WFk)4lI z8!*CqDD;(;sdpMhl4xmYiqPgz6R|5`VbgOL@-8H_*RVc-`w4DBwnhAAR_ueGZ07y<~+Q{?}lyMy&>e0>g!G#%cO;&^*Bt zM-Ck-DlW#73;FugpM&cc9eCRY%)r@)8nq!8H-D#XP2=C7Vb+HUF6rnE?A~!izlI|N z@ZsFnHusSRMoz`iNE|t26-j$bz&w9XPuXUkFX=2Nb73H4V2DNYfT5tVrR5gclk#V% zlJ5Pxv60usu7hQezPrtAfF7WGeU`XUf6l_pY_jj&-{$lq7(uap`B6edNGSZvkD-g? zl!SUY?hochtk|Nx=xfa}g)Na}zg4b#8s>-f(H4X#$f_s>-g|nU9v;JUOPW>0;vq21 zllE#-WH*cd`jY)>jX)EJvUm9CEnHM8N=m4a>YbJIxT=pD72fn;K+Hppa<&fv2B960 zV!LrX=LD|GBxG&2Q1Udw?t>XNX6|7A#TwFSH5CCiT_3h;B@8XZtKdX_b(Y z5<4Qh3b*dp_I40KI}G@J02dHK2oRPJqGZh!z0oX;j-N+P&QvZz`yxM6O;67XGDx%j z={D7l>gKzds*DRzK9B?(4-ebr!{%gZ`Cv4o7LH9ck}3(kS0T}Qg6P9Z0j`1k!NI}s z;riv(Fqgl`$lzyNU=(wbCv@T=F7%s<-_=0zVP@cg`rcSYl z6<>phc!nFFo4ezy?SAa2{v#@9j%7o%HgW2#bH=h9hm;+4Y}LiNM}Y&4lg7V2zI(Q2W?espB44_us)aJWOWB?zhuW+J?>MuNE+^!@5hIZ3Dt zgKMwRFJYfk!7_|+qVUbmgmw^gWd5n~nvP&R*d$P`3-j}K>^lfnRAVG9Ra;wIsE~0y z8r{~DDBrjuk1kiB5J55Z7!3DSR^j90Q&uL|BlI-TZ@DQ`m{belE5Zw!D5hXIE&A)x zQgL@M!NN!lFaTv;^x+!!O)b<&G~*QL$r%07zF31yoB<<~54fCKVU5O8!N)U?Rgb}# zE_E5V2c?R(G2Bkd2lOp^m8~C0dIhb@KM1uz~jxLYt}tQt$*Q^MjgARu;ek+L(T&+^FdT%`hu`_Aio3Q+ubM$!!I?mFFG2IjO@`@36PPlQ*9$}TS4Ckx9cEt zf6MjZ8E^2BXwUCpE(1E3-$g9xt*rc!^Ss3TmBY>2udHBV4uTxP{kn8Q@TQiDFxjM2 zb}5+f)Oc6@oj#dBH3otx2MRt`P z(bP;xOso;<1{H>KjifL$Hy^r*38e0UytIOXIX9_VguV>>Tri8G5=AVrDX;&<>Z+XQ zFSh2Fo10#4$X|;fQay=7@gDM;1tB`xDS(?UCFO?kw9NW~i7>WFLNLS#i;4C>sM-1{(8;rcvPH-e2|>jOFokoXjJ#9a7>>{a zBI)RWnnU(7tL#J^{%lCT3gm>_^oY+X`^ggrRE#nzRX9Gtm+qaBQ$#Fh8D$UcQOB?1 z_Z+3oqNBtPfWj6{?2e!eeZ{HxF20a>hlGW+IK+3LR+<w66@8=gGrHP(`eWY7$wSM5+!*b+QAw}g?meB?S36|PT{Uh_j5 z8sz{m(`inaK$x%9#$c%u{nJP&!BaS7@yP4fuMs7=PoMHC*b#~+1|Ab_6dX71a1(Bo zohyLbjggZRPe~}jf*ZsFf2eLK?3z{WqM%7|9DdW^HmN&c0}dz*h83)j8(_@|OK0Be ztMWk7bN2(p|Ni-Ns^DBbrn6wqD1xEGbSfpcDyRnKS0FZ)5O^~o@KW3=KP7GDij@E$ zu;94s*EL`wXdd)vK)%Co-TiC-b#W}uVKww8N?k+@Gl6F1uM+EHjlK5P1X5Hb2lf^r z{D4429SOG5PJ}9o#XjH^U!KUb^ucBOdZzxHE~tmn_2mh) zgHO^6s(U{@kx_jNTD7#)AO7{69P)I9v7?z$o9@n+HNZ0TH26i(7fj zP~C{D1CE`l9&%D-lO&cad4e$w!o(L&9I*y|U;UZnGCid`TB-@;apym{7lrrH<}Ip^ zkwNTT_+<26EaAbLa{R@`b@B%~b!Vif&w=)VPto=|G;2#3J>ln@e&gK^Z-YI)3CjrE z8)#_)bl}ml!}?oKR~MGM;Qp@e=(scL8vYWtH{6IX9UTY6#0(zHsALWUFVL}yiHM1P z9zd|d>x1dhi?gAhKESP9H`BDWkkE7%VfWZrcX^fxHiar9Nt!)S@CE zBm%rk{j zWWmz`@L&S}Kfmr_xSuCtF81+}hlv-2f~e>=28L4i5p0D_G^dB5X@EmWs?U4=+`ga- zU<50IMMdm95OhC}U>h9e1=SFE=X?tN-a zt6jKA$oD`V1vkO0a$E^46gtc4)2A_%s%)&bu6cBVe=;+iLCY#Lz0kbQDQDLuPHgAae=;}e_>bmKh50th5~_^F++n}6f_GjF9nZ`|GMv^ zGdJnbil})6v zc+K&#v1SJu>@Kbrg2m6v6H|UpO)P(L|2{{v6~y2Is9eGzsnBMzO%2e3goD5Y-4*GM zIW1H74oTfk3bKa}rdP0Oa|;V0ZPd(kATCr8F<@)kOa zIN7gZAsF2kKnUF)&R2APFg|!8_OLSss`5Yn_?^4$w$N^x;-om=1r`De(&V}d;(&>h zZss8@;K+AkSp4nVp$v;gSOdCuZ*QG1e!|@VJSQrPL--|H*5BX%_3LW@@RX}T1tle? zuwOhrkR=Me3ARg^-@rPc3=YkBQ}cisQ&B0!9n_8&WL%7+AxsA3$*2}X%vb{Qh3jv5 zWo0`j-A(9AFlqVXnGU;S?VX$sVi5yZ1ke%Z#d7hM7C)$4rAfGHzl+1LvSX&?pltl1hVIKR8%vd=xGz=iQxw^_>HzZQ!^5)@fxQmCxPraX>nYrZduB)xh zqreh`?cmivJuXnAO@!OKy4a8U;nT3-%dH^O1^NsXs0B9*@y4hQA0a&r&C6G>_!Yzm zB$(PV#xc07tWK8$(c#$$Y91o0r>4E%5BRN+DKtmfq{Hb}MQ&$dNY~s-NuY0`%An!e zT-no;golsp!UIA;WLX_P{27$P#S0fGC@9D-F%Lt+Djh%@tr8~~7bZ^XI7KkkgM))G z?J`qu!RJ~Oxd}8gZVDiwW}N@#D!0hj3E5CWR&enF-cy&NQVPuv1q~*BuCMAK%OZ2lK#_#< zY^KB#wk%W(uo%NXenc4LZwjCX&Jz7GJPZ#HI>so7aM9TmxOPzuP-O5ERyzQGTui)f z-)1@1OmQ~I<}UouIy$wmQ-EUA@{m(4#K%zcptgCzs0vvTSRNID<_>n=u`o=(OU@Nr zfv76rB}^&;GXg2(fwEgNbz$r#KXC+4&v{DOlBSabisQx&H2rgWdh}uCpIEVk5RIe7 zx*7I!5QI(Ho2rcb|!lk1+yEej$EA{PX#~$gjfSfkE6!ZWC$C40s@ug z<>lSo=JT?$gchp5#KZycdgynYEG%e1pzc5b-xjmNLkj3bAE_$au$^;sgeBR^#AHhW z55>JeN!>&b@d%hl5p%V7^-t^{kW;=AaIti!0tgk$5}DdRv=7vkXwMBdc~=E>*?95~ZH?qEA>CtPeT3%+jK%3z|a)cSV9+22L2D77W7*7^XGf;EFfX*@!rCs z9LOhl-iRUUOJLM76EGy74Nz}wZa(kmNS0|C2RFqD-5;lCvZ)8Hl4j^wk2;hXwQ};zv zK$sao;NvMV5E;2yDKY~G-UYIo1l;&UlSP&>K43qPDZ&H$@1TSpm2XnDUG!B(sk0** z$c0pl%wfCX)Atz^p#$ez_{o2M3vijF4(BJX?S;UHnY3egoEmvo2ph5R>BPhk5p>*= zFu_5{*W|raWC>`3zbL%vv&iw&*nH5WcEWRc+;|M7P>PtSw;*rh=mKv*Y*hlQrEg&H zxOHsf`G=L5i{rgqTi5yPB-8_5gi!=N(mQ5Jf9wM14z)x3hMt+{{?*ATJZYYL`S&%8 z+;9CBmX`^_kra`UhH*UHS2eV_`FZ3^RT`Z9mMGK%`1gFD^IN#=;^y{w&n$n6Qlrmd zQ&Y^31a9niou}q`%Sp6jXh|DFEmI>umFzeUebkf?C*k|qih+UQ(dJFUTk*%*Iy&mq z*!YPVRVBo|$Ek1!qip^+CcM%2z=UJl#_r-pT@Mk0mJyse!1Q=n1uPG!FSszrH(8x$ zK8_?;uLgW3f6fc!q754~3>gI4AH?8k%n{&hf$bpDDzFgvBPwkngrQxlT>Vp5RTYNn zO&i#qrrrV`_v_c6Gu~)C%j1Q5O$2W|jV2VSDOzR8Lqz;>^&@G{T&=;X}E?EO;IIx5sz3|t-)HnjDCsd3Wmqf5uR`gzr~~eAcn(Q^vt^SA@0heh+sUn zF>AoyY~30LEhV|?d;P7Go00qH#R##dYPkfCgHAri8i%v97K*hUvsXLONz}$>hn3J6T;N--KCkSDH$K;2B2yZ&V=O**1&^lnC5RN+LfE1~>wQ*(y2_f-9jF6|n>xO1`=Jm`t#Uj9wB< zDrth_^*_Yi>%ziGYzUCotk)<4)B|9mh4TVW(CNVw!Z1&PiDd*#F~H+dupRRjOM>dv zJw1xT!n7&+y9tN39@I^<!XA@>yP93F3$RFtn=gjGT;y>c}vRt?wb{qHgKvM8Zc0 zTFBUVd-J7D-0X&mCc803gEMo1V2TA}kn&K z{s<}v5v~v~gw+bd!Ktj=584kf5|2%ILBSlybnV(2w3LGwdEiUO z=V)reXxq9vI@nREh5kZKZCZHYI1E~N9K;W@8xsf~yZ34E0FtXd9_?sm#*RO0a&Izy z8Vm;=Z1HoDmEDRg(KkR!kRJnxi;YiDFa`|^&;gVTLztL#i4w%YM|>2iSIM18S6|-> zOGPDukMIOZ%(-yYAgcJ?W--AaCSP{_!rezt(;a@GdI=jwXfw6Ro`}yL_Ydz2B`F!sCJ>58|sscokr!5EL!7mKj zDmvA z+u42{VJeR4Yo-3V;b64x?nBaaM1B~3jQYS~Ab6pkggr_xx^Y7(=E!9#IS!y9UE8;) z{O#(>M};;mxP6-(!>tGrO8WWR8B9Ae#P!|nP|Aj54#&~7!mB#0PO)r@vJe~p`8lUp zx*!hMruEiG&vn93HJ1kvHY5rho}O80r}X}G5MhL}Y?Es3+q0%E1Y1AN5xlbAe&r2` z^3x%=I`)}*>g34?jsjL&flJkOwTi9@<9rq6$5I^98*t$%{eS}~9$#8rNK2!@<_p0M z@+=A~y0-EA2lVSl`-~{?WOA~;p|^f^@xzDgZbsVoXSxgJ2*&f?Acy@`k?ak z=56s8JyICxZfAvH zQJoQ%oFCqu62?6k*O2V3?b{*m9N3oZ0o5>)TVfE&Co)qUgAGSwRr^UPk9^9JSm~8^ zs<+mXB6qSjtE2*KXuo7hPkw*CL{n2H*%KH@@gy>XT=*slwH;46{ESmeVg+)^Ica%Q zUw4OI>bY}c#Uu~XuGu4UQ4`03iBl%TE)lK>*1^`)i-{yg4g$;8mwArX;}<*_Bzztk zA`HLS)ME;T3Q<(MU9jc+*Gm^aeR}EACAJ-0ssMknB1i#=6)WI>{zP=Q!OK*w3=Ir+ zaYf{>HHKh7J}exP+FXhaQmIrNC#*(!=P|kO*3YVl*_T`P#v-EDRDtwIckyPyeU)MA!zxCwh*LWoa(x?jGL#TH*tKj z5nRstX1u5I!iRp5d)K6P9W@GJ}v4ZJ!3epljjD~rP#o|1%>;dbrZU6!}`d*s5e2Y*>wbIfS zT5qVoXZBm(BC!)ojY5ya#8AbE+-rPdMmU@G(r>Gfc&+m5R&Q@k8WiA!ER1s>v8UqS z8sk{e3V5NM3u6`KuTumG^7lW#H+nyp;KO61yhq6cjO3Eq<3iPf%j@5@d#~-6VPhJ}wgc8{Uc83?)=&(`m@%v>lv$}PQz)DTp z%JZAg71-6#bXto)Jv+CPx}xfCOF^KuvVvv_+b*=nks~ia=63HJe?VYQ-2iP zyT^tNFIFS#{)}D%7jR~Bvdv%4n_hyy*6pdG(i0vOV>(=oi+?{gmXU@kko&xjGYm{e zsXLsO@lS9Fz%Y1q1Wl5Qwf}S-`T@2N2*p%9%Z_b_&Tyzz00iXgOh8#t72B4+m#5EW zjooR`!${cON7U~ttmLunAuGxD8Q461)v!j0J^&WYk~OGvf!$u8TQYIkvSZ)kwI;Hg z(HcmsfP5fsdJNMR0j1SusSj{0$7QTOAG(czOa6+&*#fdh3c z_#ew@fvC0;Bd~J4yvgKILgjAqXBE{dc zDPim~4R6Zt?AV{ky4xXr8(sK`XSx7WUQ!=Oq0)kUr7#m~as;Q`;M1mp%+!k`9v463rbJ-MkD*IY;qMQPi zVq^Hq-q2t>f#!y8rvr}|Z!&41y0U+6!L3`@+^+Q9!*zvBfsmqZEn1Pri;>YWyL`4Q zx6Rz!ll(6s@VtU60W4bH{rI3OZ6wf z?NNO1>u%9ZzvJC5a6$w*q$mK$8r!))w^0Yak?X_GvIn56mqd(Ycr)|}(qcXoT^)D_ z*=F~s5*;$iS-B|Oa^BVvOT=>n0r#j(R0T?5nSva~kv)#8f{TCry?0a$Od`~Fl31pY8Jr8?56s?s%ws{`M0qVkT1KWhcTnQ zicg#M5E+qd7}Oad`jw3z|DrIovf5Fl+utY@YCt&e>6^O-{y@cp0?BwmdeAldQPbzo z@7BG0cOo7-cP1WmqW96OSO0L0(fyQOa&vqxD|+$5jH;V*=8eakIl0i6x60i=@hYOT?|l|%{TWKQp+kir9hfRgTUHZD z{^}n*90H3&Q4BN4!_OBGEBAyyBDcQ(;rV2iJ^DtzczjupP*1|!Aik%{$(%UAfBRDu zwnEkLY+oPR5CPSzy$K7#8O%ZoQkSbDBrR4%zC8#Y)i(M%OG``S6D()&cLa&G$^v$C zZ_?@&D_4@#NyLW7{sf2PY}lS|1!_Ml*I(w8z3xO`OiBslxIr)|?M{!2t9%4uG3{rr z@*r|5|D6$#j@O>IxMj->L(Sb+zm^DVn=X^5vu^(|7i*E39H3VwZxrn};g3WAe)8t; zrD>F@>?ZU~bT;S>xefh{j8HJw1vUiiE1`j;Mmt9X30;M*gRk@FzoNyj@M`$Q2Ou-G z&S1v3X%oF>{;iGqf+ndm^?qnpHG+rD{7uU;;caCy5Ds_4a1Tpt<~z3)D{ z=kH&?#!gVQ)PzCsy8doGy~&p9;@&ce`8FKuuW^r7rE5m>e!hO)B3Q|9M%o$BvW?mL z`_cXT`>yeOlnKhLut8`O(sxEJlqteVV9%g-z2)6ZA9LX9s`QnJxfg6854WA!`2)~5 zv5UTFy&SvEB6ge3j^68pE&ULE-8u?I#a#(5*d+-OdOu8I$RJh0b^v)^+2!1oE8dva zIa5Q{&=|JwI$7>I%a|RcPh>tJ&zTt+v~PxaN3>KDwho-3v)dZZaLey+uKpiaAteD& zH{+bOO@ybLH+OD<(ISzHGOtm`AwZIJDDqK@-Un>Bm~{WL1%~UmxP&sSK4Pbi`%+6& zv!St(V2_I<6A&krmRg{mmFBsa#?9|&zXqj+b2D5%j}Sj7{@9PyJS1*_|9MKsPSJ)@ z=|0&uHB)Wy;_>72xnZ<b4T4j3{;cI^W_;1}E2^#=Ej3G>}fB#ccj5R-#kB;uX zoyA;VQwBo#YI7-cEVg+^oL!=tJ2iTA+spP!aGPeUOvj6zwGYL_fUei7ZIEV-V|R6T zPy3duX!#^|li20Mtph!wv~&f*#>OivAD>{G>!=laqB@}gsx4A;HJar~D z>I&mt!38iT*#9v88JG;46&w@urMx_c;IFv@>NnW*D(0$j0*I#^vm9x;q;HU}YVKcj zrvd}`-3k$9T--V+>RW!M%iP>x!td*mcq7^6%##kU8R|JxB(X6rb_Ne>95l_r?8F9Y zHURLjnvrrbg;ZCAN;4pdzh`8T{-c>Q}QpIuK6P4{4p^9#tm`=DFp68#Q_ea z|6$)oM$X+NDx{<&dcsk5E=avSdSpWTu*)g!EDH2U&KaR|pND9_?x-haCp#M0fu|h* zXPo>9;P`J<(^dS6mpNsPFi{1Tn49X-_SJGZ+nsORJ>f>!ST0p3qrA+3Uxsj9n7Ij+ z%K7+stH`4-U<;SBPd9$zAfQWonYwf`f8-Gq+=||Pd-hyHpf4ap2A7Zf#UX~sqsm1` zM{POuG!V(_Z6}R@oVUX5aRL5r(ICa-VKwKFZ{svY9=4ZPw|MN2up>1@u=Ug>i}V$* zR|i?eDJm)kTnt6sM`{SjT=Wflh?E*bO_W@23OLtUegXA$Or~O}ZGLx> zh$wZNG^iOUro?d+>h^}3#$lP*b15(IQM8lNmuJFdQ&{HK6fgV@4$6h3UNCDq#8XJM zIRE0R16!S9$AJ^G<4p4pe#Ak1^TrM1`4?-DfZ*NB{ilI`SQu@ z$pC3iJ9n;#sJ{8j8<6qQVbh+L7W77G)~uatVi3&Km6?u?;K~E-a(S1?Mb0{APX*xo z@q<{X#!r`okh7HUS^@abzt`3EMa6E?S!Lp1e2nKemCTnH9PBNGMz09&8{LkTR@dPT zexLhf{5VhOb-)Gy`bOt0k>$DqlR^a;12`a;ZUKZ;|;;Nf$3b7s6vYt;Ycd6j%jJ zIQj>?`l?rwZ8gswARv01mIYr_Rdab<-oAft@b;QzW$hv%NiJvAaH4<^kfh_#}d$V^TYCFL; zYbC21iN-);MR$I1bEEBB7`#tm4?8lVMvy8?!~y#>g)~BymdWjP$-eL1#GTfCqONX5 zyArhSn#e|m*O{`EkAcyjjC|ZUFB@)DRjnX3x?nm*Ir^d1_xm4FqZRaPEY0*Nq~^SP zcNJHK#KAl7cFAOK24a&N)_o(QkD?7$W;K$Mb;pAj*cb!@rK4v;jpu#HQePXOouz3u zu!Jk;7Nb6?*FokeHSg^x%CFBh?QiEFb9$uwgHR#wW!{AofAU@tf2y&|nT5^tf@H)1 z{c{z{`wbjOi%R%amG>o%R&o=Q|AcHgIw5c~TTO=>-xVzN51-exnXqKZTbQBoJ}w)@ zKJ27$@@IJL4@{@ErGLw~>nDzb1k)R}NwqQir#cDFKv`T;p_VC@2NCQPY730MfQF!Q zP2UUC7cDX;T`V9#Om62Fz&lBaf$m4EF5ZC%}~RM%aU+PFxKj6S?{%N9zEU4_#cVYkNaR8rUNEQ-4BlS>bz zaVRXTl2x|s{3xA+(+q;y8sTfSnJ&@z%vV*10ZC{vJslB8*L?mQ9T|BlE^aKp(7O{g zM*$>4`*!V+Nj5Jq1~Q`h_gj#hcc}kdNGSCyn+zpls_=GGj#*JEfas-;{NG9iEnWJ6 zN#KTCIs5$s+jDE4J!|0EZ-_r=xqHCe)Cx8XvDDi+9N24C`mTTW%%{Z##_*d)Dg%!! z-2iek1giO?ZD-D#2g2Ar)OO?g^~ArfYSdl4WC==4aC@QKeDtW-t8Lul*jRlmXT%)4 zxlKD-gnxp^WBmR28zfR8^%BUBpX@K78#~)$fTDMPwurVz7eCISt z3Fs)!oLNH%V3isd1X(w`1^)xiwmTp|lEn;#UaGl*IUXz1zXC6k;lX-s)5j6rn3*}s zA@H3_t%J&iar#}@a0tduKHB&I#I>NHn#E`$7ijy7!r8A2&isuuA9**%^;hxJkVw#9 z7`^Ht5wk#`2VCf)d8gN|U85*=_XO;#I^O?0Tc*-K-Rqht4MYe1Q8?XrRNG*$fWyjz1*jN8DnwGvZ_ zgW`WfS42~Ebz9gTMIidqTuGcw@wt<1lkCFlIVy1;-Z3}Qx7gND=Fd^7FQfD%o@y+} zZVq+8<;&rPm2am3sZb(hY&poufu5hdNP%%QGCFZj$C9I%OX%~DvvzO+dD=wCl2Xw5 zSQ#stWrZfDPw(Dkp?3h+HWB2_-MhMZi;6I{A{3a33dLhY>SEAnXe^<5=w+fm8$tH& z<$2ii;Wu{y-0nd02r{^K*;5Q{P1~Xyfaxjy00^MOFhxDvri{|qIi>_ioimA$XQab_ zBYbMOL1l{Q@H5kaP!r|6>_X!}-7{vlbxya9D~5D6FAX}OpW)cSekS^d4H2obpZ(!Y z{Ves_?e!gNx38fZwN|z|{N{~Qk$L?8$GP54HJ4kzl+xb8!J)20r@a8TRO8rl2C4Sz z+c(bPIIQ(5SJ$@f+RdkL+2zcE%cEM8^jjJ{0)3*a}-Mx2@!`+hr3hyP*qJa}WRwPq4@Sat3 zUwCYMPM+~DXRdY5A8`Cil7f~k8^)GJeDJ&V$m(mu(ig0W*rEej75{YB1$S|9T3=t| z*|rBy6ov)@hJZ^I7dsSfbX2zzoQ79C&()MG?3rMGXR!TJ&+wUj%vANy{8(}@;q=$O z7qc5bX9`h7?B1uCzCq0ZscmC1B(}EV^k{|H+G>1D)(}fXJ|CJDoCq_5!f0$mh@Ao5 z5Ti-n;+X7ZVk8n(4f6Xkx2r_rL`a3by`{T;{h5>$dxs=g^p>C5Ed#E6B%^~1w`9o@ z{OREboV=7oNxXbkmY&pw5F2;>^{3O)+&RMNe6Ct(nWx4dKi)QbDMbqBJcQ`X)#iOH z_1hj=?iWNOjQK?%rmHMNA{Qr(Q_V%AyxSU5MBiu^sz88gwLX1vEBqqHe;Lc&#k_99MNwUQKc=Xb*2dVxHoLFK->r0YKjKgq>S#T z;yq%td5xUSe%@rxeA_zpk<0{)eke6h=q!Eo?3tn2lC2&Hn0cs<`edBwKmo}A0^}du z(^0g}=EUfq6A%q>$}N4e8G#y59%(rhSF~)45a!f~GI}-j4FuEJw%^Bo;QWiH7#-DO zDa^v5p99K1xLZS1$GiBcWWL|-ufGnhGA3tvnUfQ=8o;#6hVhS?jdxC=>R@fskbMO% zKWdbP`CfiK`#~ds@J@=e@71w~XmRjNug|^78nfDRT-ESLdM>GZiq*AWN9gQ}jxM3= z8ai|+NI?~fA%oy854r<)II&qby#12Z_!(|b_l%>Q@61Vj7CmXTfSDdUru5{&A-(*m z{<7sga}=r|E}j6ts|#cP;K3t@{{2^nCt=Vb6b?(y%@N17G*wzO^uH^*6>WX{y!D$) zZBaXiHtaF7Ip_1XV|1YSZ1kSCF{u;NQ|Db0TG+mQcU$+MDC)Le8l-%+Z=r@W9;3Lp z>rN*0*Q?Hm0~1Y|26s+D($QR!xI9X2m|F=K7ES<1Nbl-&QPu8}kmb8EoHaOHZRoJL z3lql_ZU?DtNs*12ivFQ;=^jLm1x$i$lEQ!qzNiP}l(A{Uzgf_wkYzGw?%WF&KREt4E>ibu`JVZ9 zZ1iLmX|-gfzeAhWTLhXE4Ydka$;=yo+uDK17uthFtN2;qN0{!{!;$NmC*W>O5UuZEpKhZE5W6>L5t$zy@onkP#<3lWU>4%bA_{JPFH$w&2&; zwCN&w?Yo?*f9||Xozq`qH(rI5EkDuKzYCk#(q)Nm$}^eiq$?rz1P2y zW$0R6s9bz7hgLG)fwyD@lIvLTxell4V$7k~=kyf9;`u>UbOBaj^2|hD~ zBB8kjwG|%jj;|g5`pY2F?mqgZkt4&O9nOFH)!i^sHJ<7e^#NaZ#^p_m)#71U-er`bmc9bgNu0|Dklc*VMZ!I3|M1 zU)AIlq%C)ic;$uDP4<9Rh(r<+bU!~Cl{xEsh|T9yeade*6Ai%u(go6qDHCO30omCt zSa4ZIBXrcD6jrSQR6#bN!qgWK9rj#U~BbTD$z zWiL1a>j&aWssRZdg)XL(dTF3|X>sq(hRGMwN#;I)GPsodj}WLKxm-+X8kkMtp8Nk|rQ zKI+|J{c>&Egr*i_=)$V~hBUzuri zb6A5W9Q|Id>(MPCcTJF!SxqPB&)8SRakaH;nP*k_segyn7o#HOS~OgZw|AGnwg#t>61F_ITBF&EL=mI@{UNKGKAb%3@^H$bG?8#E~ z*Y~2hr0lX}u3-0w>IKX_dAp_W@P6v)20EgHJ+9Y}UhzO*{^bC5^^FGc%hINw3U`-m zueOgo5*tnd|sodL}CU^Ov)KB3Qm8kbLrf%?N#1SVJhmTFIhUnHm zd3QF@7DW7h#adznij%ABuP;6=nU~7;Y_~ID5DpeD79mjb?KgX@9~WzWCV=x!%afB$ zx34;=_)a)VR?glv1TglgRT?0=Dy`R*xlyLtMj_Cr#lhCK+(4cyOI#HR$NRPe9o-RgscsJ9B|bm*)lNk#LLhLmlY(< zvAalWljqk^VBqH9d}-J$DmHiKdvO?5xjt z*Z_?@plE&mI4T4Am}tG#jnF>N3(Gl**K}Esc(qNtoH3&pWNx&v&htsovsIP_4fjdoA4V46(@%$){&?!RfBgmv z4PC!(`k8FmKrmB?Xb0)NJqYN6%)WP+W|4z0AT!PE;?9bz~kMs zeQ=dw9^AC>Ppl`LsrhWu)cohFZ~_0@0KFRy{9}jsIsN7lM8^O63fc1%vZu5LKmqc< zNXPguo-_U~ghF^jVe~lbiBhmgzMT+%?AW0yNroI0EPrhMo(O=B&!y3?Upvf+X0JyK zTCbce5_L72WIcAKMfTcjqNJ%m2%n(6g;~b<8aCH+b?a}@cV>r_0;%nj7#SK`i+dYn z^%|C73|Pnoa(3J{lBme6#h+_xUOD10aKH2Jj$;3I|9(W-7*9z{&D{9Iqe`!CNp!T> zQZxYOT!x#!va-_S@_g#PK4+O@N{3==Y#3V{Yj;A-mMbJRtXR32#G16yv8~S*(i5=W zuT|(n?ZY{`RlArb+<9$QN)(ZD)@G*Jh0pAJbYkO>;pZ8C^sqTGYwK!Vof;r1$GLNR zH(sNMu@C3=WMpPi7(Pchd-$;X$7fVV@$o%y;DAr`^;4cH37Hh?Fnczt{MTiZQJaY4 z4t3hMs^`0*Neb@YgJJxIB<-7Xi}W~sx*kg(afw6^|QdUNkQ zC++gJ^IUWs`q(tIFa&6oj-@R=Ca8C}6)WaUpB_if&HL%hIz>^Bd$wP{zoD}o0wu{^ z4TEn7TKAC3V9gI4Zm7SuT{miAZAInqxYX1WTW25fYu6IWw=qJd{`$W2rs{=py({ti zmY3suu7gWJA-CIWCWJAuwipY%zle74G(B!sa&__-Z)LSgpFjpzgf9Hte>LfrrA%Z% zgLh_Ora|-ULaOLmg~TqM?HAe`%z`^yp8x9W>&$Nf0WIQ~eO-rInW=A7DvqlcN+h(Q zxDY@VvrnG%_|ut~E?Vz~?Zx}ml6x2i+qzZUid*~{soceCD-?K zGLm;&jF0}rh*57d?;RdAE@P0~W2L1Ux4Ko$J)wcHva-6`m6<8?=AD2}EQprhevR1Y zD_5ETc$lGPy7%9!tMVn$tMdN4l1P`=83Wu(k1;q>-wS}BqpY^{BrffwXFt~7AoOMY_?AvlTZMD`xO@HjBKPrqC7+_|v8=$9mrZA?@xjFr1LH_T9SgQui$#fV2`v@47aD69{lb z!mwmoY2ax5R`Y6)Tb@~Pxj4(K3AwHKn2nOD^3v4FwCn_QZbr*dbpsfQapW|~Li!$q z#fb4L*XfN6dBT1@T@4LTwOVMJ0ShyRFaYJA`KV1bsFv>CzOC_k1eX9v9n+Swl9JK$ z7^SY0XWap0r;$-<*ADp`s=ywvg!lx+@qn$wN_W(5UBj7(@^Q|Am;24f-az7+xAzs| z*H9qJD=6TsMh5%**YtQ0at18`6tXnM3CH>b(+Gr!!gna4T!s9aoY_&Kx9o z9ug-6rjoU$-qUQ(*2T|LL!tJ^Y`cTrZH)Ovr28i@J8J6acvn3Th7#=F_FX)?P#PR} zU35z`q`(-&zpYfWTep7ykqP)c{06viVcM2Y`!(Ku`GR`9W79f57{3#1L1%WQp5`+vyEiVUM=Jzxu(0pc`dtU%GV;UaM<8*Wvs6V>@bp1l|d2Dg0+g z%3&RSNl3xx6KBpmDJoJw6S&mL$$r+X$EODa6}_daKFCc(&xSZ>BG(O%e#%7`CLWAJG-Y?F7+~eCyoU((UgaCHa~*qVBj0 zQ}1ry{{3p>^Hsxw3qI8Oh{t}C+_H|i*mp&!ylkiG^8p-tnDm&`*3Lf{d7&3}w^m4w z)r^q(LxqsnSvI5mHCZ8j`cyJK2*iXFnJ>CIDX8t3B4@4D#2-e4hYKky^4s6=RO9Qv zc{3?@%*T&iLPKYbX+Ar<#q4UY2v>*gk-&R^JmbX-QOove(UV#yJ@mqwu}~bE` zm9#RCoFtYgA^b@XtC42F*MEAOSNP;?%vLvtgGouF4*t?CF_{#xM=%`%I%EKx$sTZw z34sovy_k~iUD@Lm%$MgJ9@KnQXT^adzdISYDx{jMevt+*q>^;<+Hxg1UrT;ycMr8R z-xqQ9AJ=LQ-sLPf^;WMQFUG<|-E9@ ziOnK*qsmc&b~GlYt*CmtY1<5|YnJU=OSE39-B%Rt?I?NR)V8%il$9wA*z7&x?pzh> zy)NWkRK9!nvtg}wtRJ@B*5V7s{_4ocAg`BFT_X!`jXi2*Gm1P?6-33Nr4H5CE!)L9 z)qc*eeX3lqa62LX<62L1_i|>dOK(ZZMh$jqEcaQ`?1zLMHWQ=(M4pQK%XB zYU(C*B?@78KGl!bQA?WtRO@S+Wt*|#Gv#@S{!LI5B>jLmsH&(40>9xm^7FksJ;^lr zr`zx|v9TgSzSE6a$aea_FYm15-}G>GnycfL2DTB8LuH-kDTuo;hf zFeYZ;=6U+8@;EyUA!i}@-t0nX6*iDPZU9#t{va_gz)q)(or8?E##Vi;uzmqmm z%%+g7TvDfnTfY;YTK~(tX%79hw{p{{_|#N~g$u7HBq)}qqv2$q!>R4l+~o7;qhrGj zwZgSr6k%rkz|J~4uyV$#S({ztZ}$qB6rX%2%UosV6x`)DHsa8Eep+Y4CGxY-n1OC6Ltmjz#V!oV zf|^ngKe17O+|P>)etYNb##?CKCQj@#aNsmrcIiy$pW@;j*)q3Zuev}RVjzSe+iP*} z)-98vL$yAhmTx1sR3lA!p{wsB-VaI3RcwWJ1{;vnV8s@asfi8ZTir){+5`4Nb)w+g zxbZv1SnHI^3shT+@OIx@_Ol_LN|s%S6BAk2niVS`>d_%jwzJc$dGqPJijO8MsIW@y(dC`*tcAGT zBAupzKU6*N-Lu2AZAJT6qh>CHa{we6joASP#P5=!jL9CAcf-$PVr*J&ATkxvQ4GLR z-bZi$C3Jnj9p%HdA#xbl#34tKg}ja057D))tqNYk-~#L!CB%gJSxL=S#@>y!llPif zGopijdyYJoRYR#@PD7_hSGhWy0dys(CPAgtt!R**KYyOuK`U8o7;M=L7&eSV{q8}+ zC8Vt|{@Fr@rQE)&OlXI>Ou?$H^>HtI@q_a-pVz#&&=1p(@O(^~#Fn`5Gugh^;6l;; z!YLvGjT`>w7M_BTNwJbQC2d)kkh3xzF(O_0CI){YHV-lfe1z-769JLK&NeGdnb3PA8H{{e zk6?XFy0QHldxPyc`oG`z4(i44ls(|SZCP8xf`3ss!tQ9%F0cRsXeg)=dp03x`j=HG zqM<{M^_?mjL(SBQ6O~K7D0vui@-33&16;iXvLG@M!dZq>Oz$UP!Zs0r0NJ&qRJ%1G zeQKgZc0+kP?{`OF-&0adD0JaVc-QTwJGT8%Zb~uflWHllSS(6KLG zyhCC}Omr5Cm2$^L1oI;R1qnHX15A^VbKV1nbE3ppFvR2awy4W$VSdcV60#vZYxQ?t zXOtqwjocLYO{Tr2KvL(X@K5!!J@nfPXN8eOdqvze0)M$ZE#J@j1ZoemVw)}~fb(H= z_0I+wM3sAJ_!@4|NCG6RRRW}udrd`#_{6UmpAa)x(#20ZYL=%O*5B>NIwZi z0AUm$4|PhNkX?)Z5ZjCp1eE1>-3b-!dwL2?Iyo!HvfOcCVF-dfZq=CYCa#_tlq*+m zCW3MQ&5mM4OkUV%cpS9k+`3tY%S?|q2=OEh-k8QBgtg3&ecoM-Atfhq*h0jOTPC82Mr<1@1)VGR7zqH-Q(d&^k zErH__#?5nL^)!nY6jpwcuEW>p>~f~3X2Ko4AU3+upt^udY$k(Lg_I^{=CDVS3fml^ zo121$n$3iKIfBmK4xYt=Q*6_wi?%k^#F`grZA(`p+TgI|VdNiCZeKI0VVx1F%3vB! zKYsO=-Ci$^RD~s;D3@ESHG%T%>{&N32##bvFB@9GzGMXy4CEMXTEG7G{rd)3@Heu< zm~MA&P+3A{ftra!k+l-?vdi$=ecr4)Jm5l+W^b_ei~S%B{EnQVwuvPf8z-;H_K;Y4 z{v5qxy?q;Ay`8{2EgtVia~>w-k5j)~zFdFO+1G`mbNntF*q=*5ATREOjeN5^Lq+ z@a&f6MzrH>31|SVZ_5AItK`DAORO3+?d$vY>9ZW8C24rz8;Dj&0{Qo+Og`HWy5ju{ zh2{ZvLzeEC=$z?0v{i3V57L%VQ4j)glhUI5n9U)%WpsV)vUAd}sM#;(1E)$ibrR_t z;M)=m1ZL|i#6{>xS9zlL$FXpl02T+$}*w~E9oN_r8`Be za#^;F)!bP+1hWjB^4vvTZ*|}wxpIwr;jKWGCzfjLMoO80KLXt)_D$`UwpVBXyWH%# zpyOv!b`RDiZjbck-C;~_!%S~dzNg07znJ|E4PK8%PcFPL%Ag9yHZ|KUNSRN)-gk?? z3IOM4>fQdo>!DMt((RA5WH-{sUndk8-tMilk5FjWCvj;$3>y=kd|+ij;r z!?KYsq~T-nZW%ot&wu{aJL;l;4o%C-u;tI^g!-^m@EjzBEYLEQ>x z^XGeB)D!Af;CSqzGy-|;3P7$<Q-!# zRFGA56>}O=*J5M1X7bN+K0;I7&>}Arq44V z-z(i>Rk?!W<<1uyMxa|Xo|h(eJo@U|H77j(lms3eSRNh>cwUojvH#{|8=G`05>5%I z4P-0yiw0AUJla+WIzW+&G^>-QCMZC0^*2Z^0c3SMEdOSMaEoAh+O8WB$)U|!ZQv=4 ze@X1qsne$k)-}}JgS(kBiC@O>i?BQS9%2=h7d)Ki3Z^0rMQT?I*2$@qlv+AK_Cqwa zg^Y#A8@(1~!6l?({xX@Tmsi0EtJszNw#z7vX3>t3ayEPR&Bf*SWgu{ngf>T#W i&nl9eCA@BEi*nfLvs3L?BxDFp{-p6!tKq^Q($_c#HFtZ)dE@^5Qp{OgKO{(rR%jnrBdl+HddA|{&XZsX%iFH<*?ws)9O+m@ zhnAN;26o?-*9y4o11!#~vcs)}tOo(102SW%wd<(by1D@Y0U=VESDp>f-~k4qySqDd z=YTT+vmBvF5(9P-G$*cs1tBqLpui0R{y;+y`e!C`F(3E1<~vRA-5wm4s?4*@Uo*TO z!9b~c5>ypqoD;yLMr87N=H*|- z3G|Su!ukyS6I{}BU2lV-|1Y5U!ZbDL4z>F=9`+q!iAia@ap_2>Ld<6+23JomR0nOK3!h9{gbEmh<@_b+>+xF&SUb4 zp>dj7Q|soS(1!AvTi!VKDsAZG(gW2@MfIepo{oPuG({=@*ucn-00(cyMb!R&By19 z#Y2P_Oy}c+K~Ib?pE>#a##I7LViIezAH(dQUR*;#8F@7?e6%{`DbzlAZn2^2_r!17rFSf?M z$QynLLCa~n;;yHP{SnSYV5l7<#5Ox(Q@Y=?7=u%TBA9AbRmI&$e&&m6YhAjqEH@52 zqbVrEDTMeGG~&Ns+fpY!tmR>`%qwi19w$0R6nQ5Aov%EwGr`J(|VBP*~iyjXRULi zw+H?K-R|5m{82@+7{2YETvgr_FjLFp#Bu}K`in~C^1=V5o__87k}ggIT_jcx4w$E| znJr^zQ}fh@?^n`eVi6m&$%rmf;7+Ll-NEp@==bbfw=BtnOXCX*-C|A2Cr6bV zPjq$Md5^N~;z~bhrQpm6vEOTX4d%si$BNjaZmkGz)Kz*hk~Vgn$F^k6D!m30h0q26 z@$|^lI&t=3l|+~b`I_la5vf7Od%6H@qYvm#scQ}ZQpCU;i9P-_qkq0w;M>*m3wfvM z|qhXo08k% z<-p1Uou5v%#pI8##8ape45OT}C5#WsE1h!+haY=) zKnrh8XoNtAKw2)7M~nU~X>ylh=!^BkyHnzep`B!cYYtB9%UU*9l!K}~RXEF-GG#nr zk>7irpP3aZ-8b)&phZ%47I^&)ASoAw2X;&n+2COI>>W;{EAA$0ib)}?=HF1lFhWxJ zBJ3#q)zKek-OmfSKZD3nRPbJRcLf0e;~vOcE7$vKgqk8~=r zFuoH#)$T)`Nnf&K!L%R493EiBZ zJmcM*Mn`0-lbCx$-6(FKv;1Bh3uPpD{Pu5xI$A^cfNbnzf)KtM@)!5c938m`iA#UYUtZLjhS&E@ypCmF*ujyo zKeeZq7mfU7GU(4t+)TB1RP(rI;w4xfn=vWA1=sCFK-^7?YdqBcWG~f3xIAlcx^$W( z&t;L{940Azj{T!DNHN%HwXY8Ck*ptFyIB_zA>IUD%qJ19WI0|3$0ezHJ{GuZHq^| zY4gRQY>%YYhgKqZ-%UIavdD(z=lnqP0faAfboIikwqDX$klnfh=6+Rd=v4TnE?hi` z&+A_krbk-2WSg2Y{3VD1GPMYt5rg)E0*{#*xjMrmONZ|u=`^+}YixX%ue`mnp{t@o zbN&N$UbyZ$dn2`QZD$f$!1lNNY$VK9#lfvNRG;^($v0A)RH)$AFXBUZOf`Fr^i~WP zFkgkue`uFP_!*aOmqK<1PyyKd7W!?IT#bisNF=5pr>8>jL7LxPOzVZEL}7wqe(-v_v&Q)cW_pg?H`6Cgm{uDlFVQ-Ou0qWR&DKi6DRAIBto z`w5Sz%NvC|^1is)Tg?m>R>ZRx zUxn*FWJ4&l={EIR+wI1G#Cql^X zx!c2s;pAHvPt&)KtctYXD5v65;jEwK14RYgtL%?9G+|yRcp_iTkAk+SHBRb-uL5<9 zfW)T=KOz0^<&P%;tWu51{IA3qg*^J*8nHvoZbqc$s0$lR>w}XqcWUBeTfn*ZSq-PH^EZvChe268^k5&%yMg z84Qhq&VmFk8gwg~sa@E{jz({5D?-uE)9h4nlTNqFI)j@7f9yL6Te%jI zGY<1=e|#s$Q-;zBZO*t(>(PzT4{wxoDR9i%d{A!Qya}>DFc+eNk#tZ*ruX)0DoVQ8 z<}<-=xY*kbint>?9eLirqridbU-vle0)`UBg>S2YUg2Sf5xX=5;U`%^8T%pPQ>Fve z6Dw<`KPwBQk{#X#WU@Gqe5-B;Z3haBJ^iHyoND3o1L4wAuJ-neg93jPp_eiZE@icW zsgzsWhIY5eQvx2dHhG`B18S<659kaNbbXTURQ%E^)_A8PYBJvpzrhI``_a~XsgJLp zniP!@FVoXjI&6y^ZcR0=0)3VuT=aHg_F*Mi?nQg_C_BRiA~N08=EC1WQgmKkUJ|m- z&eahSzhBiY9xN>Tot^MllfXQ15m^@L|4}SA-WOh1pdUY0G&|Hr0iuFyd@j!0LA-CEFwQXPk+jR}>Wpj#B3Avrm%p|SI8^%`@RQMLqHtq2F?l{xl$C4!`&l*I|_wCOX3f7}xuV!E9 zn{8_R*`vK}5NvhM&m$nfEoj!vBw_exu?xgF3oTau3W=E>FGW0qCJI+}zrsWhaPtG* z5y+3Id5vYET9##qX}RyLemul+#T&KdyX)9G?Zfdoqv+s(^(jjj4DBuU`aRzJg;W2v z|En6~__(+-AsM$aP(KP?N%giKX?`nty+39o_cx{*nM0yA7bg80q*ZHc>zX%jEWrR+ zz|hl=HieavjEuknezSA{6QlD^#n+my5JL1@fz6_KZ99)P_fO`aFa*<$!8Ea!`g(Bc znE?JB^paE#AB`dv?S4}O)bL;F(0k_sxd*KC-7f3=#xug9Nn~XF56zI}-z0F`=GGsy z^GgG?Vb`a-@wj?1k^O$>66MC+1GnAh60(DFcR&^Y?$ou1ur1 z8gTE$@dhvN8r8%y-}*D-sz8U)}C+aiZK?7VfX!RKVBqnZisGgM;CvWs$+Lr z{EqptM0cdvaPbT+mEEhUk{Pk{IDPG2`2hg+kzkNZzr5A{{TDuKYq&Up6!$Yjc9^)| z?3sIden)5?K0>E8-c4;n?>tl=)10K2R!x>uUoGF69Rn6_qY0+n4@D%R^Rw%{mz!LD z9$=~!#=%isWMCfD>_y9YQ132)$rca>z!M`A6Ame_)OF0=GU?_%j%u@iXK#%t;T%92 zhtqgGnCv_>Q9ZHLqsCh^ptOCUE#E(`Lj3~I{NUE7O*W%EET>}V0R=F1Yp?wJ1z6oNCwKc=BdT!ULn{~1Fw^l|Jl3V$@~Ee>x&MLvG&uaAQ5nbSpfj-kUez`Bn56HdkW@(R%FDgCB=V!tNT`rB;nb0p8@8&bMl8uX=1W zuaRzOq-T&N@T$vfsJaN&C}eb#gnsS;s?9)0ncd};J}Nk=dl{gxn)uaYJdUIX}aLc0feusfjT0DDT1b8xb$ckOn< zUF=|Wt!Mh+4dXTMt;B`>#7G%Ug(5>H(_`^SGuImInJ<>Hv;Gn$*4BvfAIG-nuUqOS0y$(uU$&UakxQ$?zkmC^*i{faSvTXYE|p!e)Y<+}QUrjIqIT+enR zq+BC5KO=xlI-Syn;z7Mf+>=DKPSm{gm-WwNRSBwCx??IB3q`j|NO-H7_9EyQ_yofC zFU7(O613AIf0koDlUF74qv?8zFv(DvCZGABq7e3>9~!C1Z(i#R0}H?Y)Cg)C`73c+ zX1X*_!Xbywk)c;t)Ci0s0J~X`gn-8o_+o-!(n{j_qYnl6=p|ReA8qr0gg;$V0@=Em z1S#b@)V~|bg>Qx^3$cDw$xDVyFHf{v$PIrW(YK@R;#|d~%TFj&e2T>=Z~WTuRqgaJ z)QElkX~jlX7_3WhupESbi1vz#iV@Uea{!S7LA7G~4O2AqGAnNP4-~W2|89MRzQD__ zo=u5DjG5Tg3seL$I!V1cZig?ZxxgI z^Sc!S+ylrT+1=RNUa<@94~-Kn1RY z-_{F-mgSL6>79yQdp&d4IRzn-TBApKMxN91k67#cq&*sLMhY2{;Ez$ z`6e~mC1^&ZRgv!bmAylG>Q*q&A90IJ3O&hbDZqOyC*1vbh!TqeJp=biY5R!kovZQN zzyEP`W9Q)L=;(NK87rrsmi8IMuz>a)%eBH&Zgyl1lo1jv8-GD$zmS#S94pfb4?zbU}ec`m>j0!z23i!-`q6UBD@ijsUef{qkMTL zrb}fbgm!6`t?}SrfODtTYZL(`TY-nM)!LW_j9U9`c3VpoTm%JPhz0^6Nvm9lOajVm z|8N498T<+p!KxU_$u~#4<*U_;pDqk)qR@%E*)>MF|5n@Sprlxy{m)nFu{P2tKYJSnJ*p4y(AjV}unF-u7!@ zU9KxzVeA@%Wk2T4Yk_?BpOO<`e5%JiXLU~ptNRI0+cubNW#}r}b}YFFEKea*(vB=I zDCDug-*pN!C2RmWNxpK?zx_>9n$<|R%bhRb<>T)`R53(1 z%&Vq`C;7K_+zu^I-%DT*2zi1NZ#i5shSLsv$g)kqfZF!#?ECShIu3G8_m zT~RzRBnJCVW7d6m_XR_J93yUcQbDyrwZhLFSGB%@)%BF4>%O|Mo^o~5`tH|i2>x0| z?AQPpGhJc%H4)PVrCBWprKzB?trXzCTBSKhT~b7O1!HJN0$f^51al)_6tVjc()x-? z>*$|HAff%vI_eUxtskSczCBB?Z%1@sO6J~~PQZ2R#F*cB5K*jQL#>m37{@~a+A?qlj7)^V2R(m*Ayu(ou| zUcux1s7YA>eRnT6;>)C#>Ze|x>Yq5r%7gRckv&Y@X6!c6(`?ku3{c_j9(@PfyMo|N z0^TOU-p7fr5O!P@+1{)AiS#+ALiZ5;%OB_puDk^^-||CiUs) zq;%ZEG)y|6U{!o;h>W>E5az|>rhxr=xegMAM?wM`xy!ibCfWkky3=-yuRq6%auphVKcNXO zN6(BNn<5F#k6}+H;tSx9K-*pO$VEj}<<&_c{4jEDh+Z(M4|68*LpDyO7?|2K01ib>F6l=UHz%R5A^<2873=YT)w4ujn8tJwA-2>t``GT~_^fX@}hF%f7LzRB3D_r@{nxZ@)dV z9TOgA+>@NTmFlPb%u}Hts?QiQ%1oAEsrFU2qsK*C){U2<`v-XVKB>afbLkk+&%9zJ zudSVKP4mT@65M5}Wtcj;tP3gZB+h+yXtkN!rxqLecrK;+;(y;Fs8tiQ`8+;gq!##mdJw@lg zeS4S55-poO_^W<0KSSs!K%C9DjW!@#n&=_Fsrw%a%+~2hG0u9&-1*~ej^BrdmY=Hl zT|FdOyH*AaY&8WmwX`^&eY6LgbOLE?ihJCgoXXqvvF{F6OFb`u{^OOINj4Me7pLgr z+7*)75m@Xhg2bh$_(!XxXjX-vxQ=q9{7-z6YA7<5E0?}RxZC~uOM7s%1HXHq}h>Z(>wA1JXjDnG(Q#CcsA>+d!*PzX}pI^MlKJBY9oH1<@ zRM>Vlvg=ZQ{PrSvmDxjP+tBtUEDsti4@%C}E`8NgCX@r~^FtZi$*|$D7mtmqG^j^? zxV%X~H;^_=NK{^}>+Jh=XJq!Zjt-8MfjQ?gb>DYPlIihn=&XhTch>3bBV50C-eNsQjS30xu6|85+Ac+gRpsUsy08EXr?uVi&!s4>pDC~QJZhA_ zGFcmWderaP7q+cx3(e#|jEJTk?jQCHqP2+r&q5pIGKA(>kxJ?wwFy6b_%H-*_uI3| zA13l4!SV5zlf_EOf~yW`-?EG=B=PXdAGp8OZ(`m3a`CIQMX0WUtp%O3+FNLntd+H> z|BLM)&CqLOP_o1f-ObP&%Z$yS}m9_m1cNIQ9>Z zdn;>QG3OlP9B1^~5y>&?AxYwxZ2Gh{M^@Owy=Wv;W@t{}Re1QWPBffWKAI)Ti<{H< zC1!clT`Cg=Ju?EC&zVQOB<{?Q?@q!;tWwqwDv0pcdz`z@bw;{~pA~2+DrTx2)|z%) zZ@Lh08e}nb`s}+}C~r6`f^sM0{p}Wp#mWNYLz)-Eq^2vcveAXx-`(esZlw>fwrC7am$pm_%ZCny<`L3Jv|VR2^9zisJK9j)CH!F-*Yw4r*kD+TMk8rKdFm(Fs^YG< zwnoe5|2lN7PrDa&3}lW?k?xVP!5sTQhQ8;9vvM)&SC8)a`{}c%p-<;$wKvGtMtC`& z;LzZel+0wbD|*_%!Wt0tZM0;uaNgc*RvwMlto`R%xOj6?xEq$vvvd4x5Z#=FU|-#; z@Gw!H)bs+IqnYLwa75S9equH41%z6vEBzE(QtxwK+l$xoL8$i$B9{29<6b-IH~|g| zl4${w;j2@xkSdyO*T8qYfr&whDw83P^A0CYAwBUFU`#k5A)W_G;eme&?Kcw{*_GuG zzgO$q!(0bCpwiBK!A2KEv!Q8MzH_n>mi9w~RctQPU#7H34iz-GifRwWupO6{^LKrbdzR#s~n+DOP;Z7p2wD{*XsZRPI=w1{Jm>sK}< zySU4*-dHGN;3~yT|HLI>#)NQ7~_OAOT zoRzShikyWT_nz!kHJzzW<)#5^0vscCD{aVA`lcal6Ff%&Kq_yLk1bIjd6KefNA!y% z%!0;s`p>w{a?jck7R`%|-U-|px8}XW293eN*>%0lAITK+BQ(f`Oa}pEQDh->6t_@< zN_01(n6p2Sw~C1J=kU79yAc=u^q30qdbj{7cpFXM&gMbiL!Dj10fv8mw-775hkEU5fKN{+Q^-Yp znaoW)oJoFVI8rVZ>S&`AeiJ|AIGZIEr+MVW#)#Z2kKhC)AtW2({Jx~cgyV?@{ z5m!|GF)rs5$R;5>2q;mY@{t>NS2zD>Ba43fO?M^(HZoE2R`!zPM-~>c>XFi*_iwzc z?RBuinOcFov1DHt$7|#M8wctiSu-l+)_DBXQ%Rn_J#V{r&uN{Eo!t+q@v+hAkEmg) zhsv6G=5Qiqtit2qKs*lo*Mj{|p49BFWv7feZ-`h-i&t*N#-ZEUDP&fAkb9mMdsfw| zKU!&fT=pa@L)USc$KvV|U0yspGZPI1L&A0YD-fF?x&;pMx#ub0T~Cg8X8RFx{KC$z77D;NKYCy_o=Y&vnd(Q>=JV0&8p%12#ruuUak!FlUKWg z(=hNzHLt81g(Oyt2f8qB_1zQKF;G{bz5D+ZL=#(&86wLe;U0W}LHGzBVt>3)oK7zn zkIEkQI1`FI3wWM%y_+ZnLWMuO2sVssj~rT#Xs9~F8KcVcaY=U~2HtIYQ&)$cB$$n{ zXlq~UR|$|kO}lIs9cz1L?4BH>NHoxGO!F2KX%@5SJ{pF*>Bo8vUtj6TIY*&{xE%Cw z*!dJQ=>t@yZZUpRf1&syRwcq{ml;z^E8wQ7y>^uB;EQ&(soZ9}A0&GMwlVd2@MZw- ztEBcJn$T^Vq6oeqsTzDgN4ce2uBF#M=uQ$-=DApH@8*dD+GVGgPEk#ZT!<43Z!*ba z)Sp7+s-b8%luJ{GU2v=&t<(-)oy;V|mH``wAOnLGOLR%eL$qqds`Q1G@)Y$m?g-LT zV(kUSl*t}mrT;k+-o>w@GLW9F3%2dfR1?k@wPszG%%-~L+2~p| z)ztCvIH1&AE=v$e%i;qITA-@ExW>W$kkiIC z@;#FBkJ=6?K?M%Hs&am)u)pK+GVwx9D1}aJYX3M&c23ANr&_~T2|!4YSh)WAcAb*) z1B9#C^SEZqbsV<1Oyf2>2JM7zu&cAFvyz5cTtnpztih)Clr9U%VYL}Y*U(^M`IGGO zrnX%wKe+6jz8)2FVdyWCLej&>m~`tZ2{BRZLeYQw3&cf*E0=z?ZC6WF#m%GOHTec^ zIioc78lQ_V{KI-MDomfz@(#qAND>CToYkO7V0F+8_Shs-fb2|IO)FJRy}Arl=>>h zB*TH&0l3u_%6zHs>6nWzD$^M|8ihu>SYcjojyJkoQs!*aeHAJ;G2jo6{HE0RjlF|ijz`J}SyreB^A-?eTZ^?baclmxlJ zh07M7vmQu{R49j$UXRt$)PyLIa)?Sqg5bO0pdc9BX_+RAlHUG!F@2>M8-v7}#u|MM zg~f9(jAZSLl}6)%h3C|tLJTnwrQ(=8H(@CoAN;6*N=uuO-8xOHsK_rbo+9S<3UcPb zuH>H6Dv`N<)T4oMx2l_0Dq<%yW@A6@y49WE(56N(}$y1vKMXrjS1>nvbYp7*JA2K4;CL# z-|AOahKYdC^w{*S(whcC>nuXlKTD5;$ z`oMpS*Z{cA`6Wqdg}hIDsbIC~>l@S^9)eqZiQqp35X9)q{;C_l%_%m1UKbAfoEU3-wD4`|QR0g^zW#rPpK2U6KCYF`m3Z=QY z{2r@fqlN}b2?*C3t#jdi17bCB^_(0SDDAz&mbkthOf35jPk+Z1=}AJuaiKx3sFO~G ziws?&(Zp^Uj^su#J3<=xI&PrW!G^7 z-H1t35g4Z6Y6_Mmz~8t*C8Xy5bfS&cTSdQVN}b`F8fH1(b#h+sMgiwM=)!qT(UFn2 z_xf-O1g_mYG`;FLcBQQjU$GW-#xd>iNiVjW_I|=tkOpcCkUO@t_%xKdJkZqEsswDB zr>Wm5axEpxTR^ualZg;Kw8U@vJdM59u8Y*`b#DI?DDahbcFnFAZqj63WRL#uf$Y@| z-?R%luJ#C8&_Hp$y-fy$A6Kig-yu;7RYBQOjBmEJstmM2$ImtfMiueft_zRn1w5=4(fq}9@g`R3vmN@RSIJ2lqV{fK3XF2EKgC7e6g+7 z>NqU_Rmk2D`*id@R)qK|U}J82V~<4Z6vM-xdt4fp90%vG)f;*JEJDIgs-P*15bkEg zzeYzjOPurcl_j$R6WJZ~m6ewctvho{XrOb!wY0bAt^1&n%qN{H{2@*OA2scIt4BCm zVVv2|p-wWZd<|(|E22vCroG;*!R*XOD`5EG4Z=Gp2dv$Fznd_sD@04Jq7_MO%QG>M zn$Slp3uZK{;yUf_>?o?Lf}dR}a9%#tX(ZOwxx@37l4^l;Hm%y?=6Cx0-|kCa+&fKyB*DG}G`6rOh6782sHsPO&AH2FO}7vuui;0v~f*V@J^!U+|x%W8RTOD-4c zPqQ%bh`YX{OzLLU?8cO%EWY-y4!Sk}H#a-hcxCetQBV*&s_s+okKwQHk|T400BHMJ zv;V`}oa<%9Wu8l=d3-0WTqC6=&wS_tUz6K}X2v%A^RuS#77&JT`v+(f5eviWoLegr z9yLS(psgMPNkvmUf8}LlJYwPSIGUVMj?a2ACetLmytL#33=z=JTpj#20t5g$ireOP zbOH_|3Pj%ziy@e*SF&+I9+}o+SZA0am}c|$grvNTI5RE;2z2R z&p|@bQ5UJmtZ~TIox5m-Slj4_;!u2En^{<3mbi_NIWaj2I%`!UK8RNZ&laG6kWo^S z5?|DzB&r}Rk>sz$=`p2n(J4(W8<;@0bp6jCI{c>>ubF;}a*)JmzGmhuIBrG>xk2qA zX!lE-gR=&!#1+``*(fL*G~##v>^vD6@puW^jFY4T~?;|5IUT4q@esi;$U?@S^HnzFdnK?RG4W z2n*x7ecKC)co6V#8&u;H5J=KagAbKG;s@dXDF-cwaf{#ixi_sj%xzl%YZDiL;x!Kv zPq4d`4!|)s(*d-M#W$=Zw5Pk^o)~Lx`SPJH*9+;y(Age-YiJ%4bRVDCP3BE%>jJFD z%D_-5kGGev^T4g1l!fKCx;pl4qc26p$sKdxS;)=I3^suaAXJ5E9oSbfcDQTPxCcoI z>s0rC#bL_`DGn@jM?xwsBOt>pA)}|qEpN$-xY4c)nO-D8G9Y|~NVc&lz zme90tN2{E&V#CZxA&4J@2L{S3-0OJOmB1pXb4FKY5N1KT~ z-`yDg-cCeXnQsLSIiSh`N+eJ-p&+-Dk?~VuG4<$Mouz{t6j1E4^8%gE*_d=Lq%S$7 z%-q;I1{VzP3*^&D!!D7{H}YQD z+t&bJ3xv|lgk8W!hDsj@vk7BmEY;8w{x6s^^W6&0jR)B#oIx_BE?ZBQrPD#;;|sRx zM9d^1uoHm!f-LQHnK_Wpx>%YNq6xJhOY3Z1dGSPQ5`c4dSG}b^F zCJk$=f!s8KUxHZ!9{lsE#=AZL!_7PCKaWm%}w?ZV}x2E}7y4r1u zpJLmMZB^i0=E09E3a^s}FNxs>X!{*&H>w-U%FE~XPMo|d;c`KsgGj<1j3!@2m9%L2 zYRWkYx1GxIwJ7AFKe{4<9H)<*rH>rt5rs8 zG+JvpVhupS2zDCaq(F-054!}}58L9_sn8bm1%@g{k+{$2g6F?5tS(JLWVUxCUyGby zM8;%XLd6Vbbo!7UsHm}s-P$aOMh>x0&b1qEcn9HO*l}lfA z_8r6IA@dTMl}~1ivzDdHcDOd7fB7#9>Hr?BA!N?f)LtV~6(_5l9;h7qmO^A03Y*Sq zz_xW+xl=M7_;H!q11UQ=?Z)8kuQWNGt>}J z*o(gP@(R4W7kMJ?qrQ3Rr;{p`X-&R9q;?CoArmvqyYMAm@ST$>uNju+eRBes;(2%) z1)vf-#2vmauwnw7M{9xZ^QN4%%d+gtJ<)i%j&&iax{(gQ=hWa<% zG4`(S6BQg#%R-BLQE9^qHQ?cOisv{^g>Wxz@TPwHL+^e!9S#2*-QsN`;}S@{wVKU0HC!HTO>eENSiX2M1!p0o2I?PJ`U@~P6=Eu9LxKkWDW3ONTa!C?1 zB_l{1JFR^@@`YU+#<5cAYQ4l??(j%stpF{1i|PpMKsH90#oAG#4K{u@<|7tSelXB%6MbBoSJn^X6O8qUOBjzUL9&>yNk$V5dB?#upS zpl-D@-gHj5u+h*r=?Q;bK(Na2>d0FwHa2NfcN~P1fPG`Xfipi@^azduirc!HGS^XK z?%xL+<5EdyoI6gRc-#fh)G8~7THhJ0n}ekV5;%glw)I@*gCP!BFCamO zAXJwd;QeQ^-fi&vclfX1$D6BZWo{l1Io7dC;3@ZFs$MbW&g*@P(>+;BG z>pyD*NhMLQFV~3d@fsm3h82|p04%^I-Z9WY-w!Jvbf>`hNB_FC2eGfErKPYJfeXTt z1YTYpa1LT)WmDD{7PRJOU}IQtYXv7%*pi{aR>YpZE{Sho$;nG%&ivTP*~&uAmt6WD z7XZp|kjcm(;sXcZr~~R8PzR}n(^aQclT?|p7FzHRZ%_5yZ@;~s=k?JSCX1H5?TD`e ztaZrH-c5lE^YQV4L|Slp7TJ!XEwC>=Pld{;qJsa;Tt@^3Dk^yE<${ZWfj1?pA0jMWfsJZyy;fSvm#e9F@iZ)Y0ppsPxj7hwS-_l9KAb91+*71#`WjrWHC(RH zN>pYl^fs&AWE666kMF`gMs$aCs3%{uk)4#41%RPcMADu z*VjKrMoPMnrLlsA^&q%pHa9mJBrxXuw(tP@ zW<)01E7~U(G!MaXzO%2d4~!ar{}$xn2ocxS))ufFU;-ad&=Lbic+v%H%l7w|WS|Lt zkL6flgkqilGDvxfg9)>>{qyCC?Ju&AVEdac>T+s3J>~NgrQbyuB}! zKCi7&4yU-{G9d7dJc41T^7yEr~Y*{SX32m;GKtJh2M-kgjY%09Jem!;n!~y+xH*kZ&aI3^+i{?jM zZbPSkwNPzw!<)XUM8U0A#)bxw1lGD!q_xTt> z&UCueO<3F>;zmq_yy9%7;(yQKu#n2A7`>C{XkwohB$92&=FKfF+kfBHOP+!_Kef)Y zB^|T>pq{oDgey7V>_u$HN`+vyLL@)H0jZcsf;B4&q(ZG0GVcTKkeRd z<45-2-=8njs6vM}G11%6f$YbK zqcn`tGBD_FZrHc~Tbi&?=-i9*QuhisX4G7op*DPRk3I5fHyMD=J-8ha(&EOY5~p}= zY6LPI#Xe_-_S%OK&IYYD_R}PE?kPejPe=((SIW_s$OK;Tqi=EQJCoL)%FRyH0D4+k zsi5MQx!~PM^zU)S@Ytwzco~^8?K?zeV-fgGS0u~~hmwi5elSB34pxy}S3=Tw65EALSYJrf=1 z*f0|KY+YBwkY;3LpuT~g z>b&|s-Afl2$VL(J>_SBMFf!UrR2$pa7-(uT87Z+u3kwN><|VnrUWtLc^>k?T_0YF( zW)Ob>YS!YC5@GQ6$j?*QlY@TfoUg!)feNhtt_yk+N7OO`Ld=~4e{$8UiIa5iqj0qNy+`JP@H zx@$OT+YY?|B2_E6^%|YA8kyMfy4d(gcnO&PX2?sYMmt2gw;k5%xc0TRGcz+~8r6A? zO%X`qpFU_ZEqLCO1P&hvFu`t%O(P3ZCnLpQJbw?sXk*HD$Wf0_zBSEr-_xTP6<2Wl@ zTCHOm()a0eaa`A6G4a&# z`O-9a&6l*H5EKWM*KE)GR8~pj`=$NdTG9n}L`D-X5K7LE?KwC&PLDs`b6=hV;1OU2 zfUn||GWoyYVqu9mEUG}=4R|)Z=fcxKzW#y3$R&w=Be)P#+>*WOQgkJ>c=d55Rf+ zjq?i&!vIo%m!TnmOhY;9dZV9M6x#9gn6Rvu!C=zLYBfVKnvA^uvvW2&+JBFx;*p7v zOvkkFe}4DNuK&kPM; zlZ&6;tO3DvdT)tUzML63f{mGtyde$p1NMpQJ~N@S9lD@J*{a{`1wEFPHybPKGOYB| zU9hhR6En?`OD`4x=Ap$Dyg&bjhbNwSIU%i!bqwUv_YX&6x%kitWfn^DY)lyn<{l+- z>cRLjpF>N#y*l^DIoNErz_lRSv*~|8`3z9`?@xOQrnR9qeZy zG$jvgkK;AtQP-9B^>rD62IzlJqy)o{qkj*@XvCc=5Ba8xp0553XHvv{A9`RTUAW3Zx5^lixBefF}>J9QmFn z@IHSt;q^WHncg1FYsRLo>swf8>)|1G&((ZussVQLk>c4Gu0kP*9Z>ErUcKFptw1Tc zL0mJLvP;1Izu(F6?No=Zk>|niLx~HfD@!-G69_GbtR;v&aa`;sZv!vxDA)rKF=Pw( zUS&s`;fyN7mp9$+T}nBM=@O8GLLlKl|M#!|plzSnaN2c6_)uT}E;P(&Nv6XzOzq(P z1;768^X>$YYimnXJFX1C1%Nkr0nFwAvxkLpU`RtwzOuIVAu+M*QnhA~j4y!dU&~`W z=w@zKR`i=!bnET7Vdz^H41|%-c|_l!bUj_yiO&TZVO3FPXC|JjLXfn z1T0O&Ws_5aA-W5?l#*8qN+9*8hZzJJ&zmnd098E$@#4n%x`^X4J~j1&6q{$y`0fA5 zKuq4o`X_$$6yA9jb=_nIznPiEg$4UBUy^Q2{Zz9qzadSAW_683EtTwXG<<`#f8L&2 zxd_t&1T7dh;MDy#rNTog%BduI~s!N~+QH3|cD~g$A}qm7cP<4{YLF zJepO-_q#DLN0wjtuQuIuuIXxrod^pOCXm)g%K(h|J~cH3%4dj9fwEt3l4T7?$h6Zl zy%=6;$oU5Iap=r+7$P~18pY`7=p-akJ{KY({g=q(zlhC8Xlm(#c^9#yqy)(|L!a5& zf@?ENtkOzKTucneS>gWbagzL?bvZdZ(|O2E!7klH_Ua>R0U**8zAg#GKJR;%&ru%= z7)LMW1H8F?;sHGHt~E_3<@mw;OV@IS#mZ8-(*%Wr7O0h572H%wFan<3N_^pU4ss~I{^kPSP|5|PzQa7!}lXWsK8T{H(I)}cn?z2cTPND z?iQR55XxAHMJ5-?-wXI{X-&qj;X=!AH57nLIWLh6N@sw}0krx8SyINvJNqjd!Rg?a zdOG`#7R<$0p`ZaJ0>Y*+#m>^w4FX7ds+uv8vOF#?dy}E(-*Rw~SX??9UrL#d2yu5h z`l7I7>?wQkW?ze1704^qlKPibg6nBPIn<{Gk4;$Q#KJu?^9!)P@UDnC0%%{A4 zh9j&@^xT}02j7G@>p^S05xYoPbF=7rkX$*E581bgHbdO_fnuhRGy49&ORwSUXV&La zNIEC&Vl+s$lZJxB$0|w=4%iwR*mjfbD#~YTKR^;alEd4(d0 zo)Vy@l|cs}P2|A>#1p_Mxm1)nRFvJFwmz+I=%2)^Y^*Q4{(!H`At*@Gv{=^lABDp5 z;Je|iH?l=f(qyrbTu-9fmUIcPgL&v^*-Hm$rC^{xumwZYI+!jS0^lg1dl2L?lB;p6 zQUD8yRVMAu$Ey}2^Ow(g(DNI5AxsknGRX-EWMpJHs}(>afuQ@HzbvKFF-o;r=PKtO zasIQy{f!wHbXp4cz`tMoheCw-MgP#R%Gf4v4sUOysNi5ha&rHw7sOdvBvXwKvWZfd znXmB(+$mcf`3aX$_hNFr&V}@@UAQ-2KxAZsIJKo^|KOK=$8;XLH7wOz5Lf;)d0Q=w38#FY)B)`5VFhJl75oljo}hHe6djgZ0j;B7dGaLY3{2Km2gy^ zva@b3>8kf6pP>~N+NDx{mvfZJ8vUqzefQJWw)X2}-g!FpYOi}FxBYV2ZX5Jl%$F%J zVd3ItV*CiD7IlV~H!iQ;TFL!?Inb+IeC~(qAXM;zBG6$mM|)&{rWr*?=Qnf>K;nuT zCil;@Q@%y@;r+I`5AU?A=~uZ&Z=j@pLU)Bf@F^%>gZTx_=&6KWzRA3P z=P#HU(OR9UD?&5Jm8$A(Sdn6Cf9G%W#dssM8v2{|p+$v$f&r5lI!sT=Po^vQ&n2QM z*xIUwFVPF{Waj*E-u(8Drl+jb%ZmN{oQ{N%J?|~)b*)`!7+`1#BXwmud~g<@2T$(B zvYTV4Ek{^iKv*-ZTiCt;{j*`ISr@!iP(Nm$YY_%zfRY7FBNP-BSBCTBDUP(z|89ET zfCs!QK23~STx_iWRC}?ee;8|7s50cCtgf&70M>QuIHj9gf&gww2@dy@$B%1ZpaxS? z4I+LZCcrd6L`aCo18>IVd=uC1X2L|rMWu!QTs~jtF;*R}-DEBQ-Mfweu7hW^#%0$3 zGJ#l>?_m9{s9uN7V^L!7{VGh>ue$L;Aq{xOy5(~t&U4(-BP@>Jnvk5|Lm7m zSXr#VJ~g1v|K|ioe*>i{{e%b0>}+7DU;f(k7TKzoQe=Zn8Vl&WVn2Kk1!e+7dhDH? zL$203BK@b*)cp1L^5qs3SoXI zU^}Kp6dN7=8OC~)+%NVmMnCs*|1E@ZP~#sgtd9PG2B!9Odu{P3y!a~q+eLimhFK?t!3Vx-H$s1#$tZQ1@ z8*>p)Bz8ysyu}=m88dKwCAo2M9jZ^&AAKc(V?xKo>ZKgHEMX55Tb`_`XNmCVfTfP| zO%@f`%X6@^o&aWp?jpJY#4w`W=HA)Gzkx>2N?McrvxcmV9upi8v2Lq8e0a3KzYeo0 zP(r57HvpFf#stuc2jJ0uY1h7kbw|W@quhG_3!7oKri3b@*Wh7-f?RmwJQz4h0t)(U zvT=m|9pT37x@ts+8`3X%qB%Hx8=6JOOD;4##%MOSW~bzjm(9;{o>H|_f0IPhd1h{2 z1@An7;DAwREZznx4Y;}3J34wCt|z`G?|b;rtM;Cgd!SBdFToYM_uqpE<#PpDNdIlz zB{DufWp#3!diBmn+32xqSJa4sFFhU}UJn?Z{^dS(ScHlPnC>^DV^Bbf@xMl~td9?2 zI=w$KG6G2oFiFoV>H57;l-%e*s1qbQ=2(9<>iHf~)#DHal~8bJEs~YSKQd!f@3aC= zG|&~pXeGosIDUXv8ZavPIzgTrP};N|kIBIM%_OjBcFg5C9D~Nc$=mu!c3QbQ!-6_d zg$`ehh&fV$Vtpp_1b>;osqkdl|LWSz+xRNFK9#2|MK7oEi|Nbdb11A47$Y5_DZf?T za~#TVHcF8@GHL%qi?tZ=OMJ#Z9(C&L!m1`(vWM+K@1xLcIoZ!eoEsbu;kVEZ1Ki_C zi-C5R3fYi3f3>(o`i0`{i@`$asuwjS{`)U)QPjZHLrz8pXnBL3ojK5Fa%dMUk5zD# zRUxK-7Z(>`Wzw}?>I80}2r3ZR)e2X~hcohOf6g*)FP5apB1(Kf^lCI$QVaS~a4dy; z0uxLPr|n)1vE%?t$ZR-OeHpNaBBoX!_&fIaw>V0Wl?cPlb5?nVLz!WPxOuZ5g-0rJD=WbTZL7ZZt55fU+4c=I zD-36kx7FDGYgnky)j*TbH$eJ3j+559TD*yT*Zz^!D-+e1NnP*npasL$U z=o&lSn?zAL@T7QVrDWLfz1znI!qpN)U2b1|-}qO*tyz1{doU8Qi{ejl#h;xd=xPhJ zVkCn`kHZrJUzYm7+FRLs$Tq?52pigl|wL z3p=zoH%l@^YDyp~QgCa7t#le90ssoyodX9S7)vAK(Rv_y%f?0ktTG`(n~>1t*|UQw z_bsj`^{y~m-cN)V%j;;;1!gZm2l@oDGU`JYXGg%4XA3?BniRxeUO@#8BS_e5sl+`J z8s}jO4Tup$SYnfKzI1XzxSWL*{(5o;m^(n?g%`89stOnv0P*Z6B3K~+wSeyfc+x1J zcEZwyeilZ*WLHQ|R6!+y=(SO=QhVF8lY64CS$$fP>!D1cxu>*qLKGptG2J)wWt5PX z7Hl(6zBV`0v#}{=T7wQTAei@acV36CM=*D0Mlg3q86gBsV)f?c>o#FX>I+puY?_UzXt9DuLaZld}=@BMiFYhT|M5N*~cpS1?yLVR_;=Q*TOPM4U< zCnFq1AntRt#^IK%I$R)`xQ8paPb(<}XJ#@}n=&&o!ORRixGn&j0mf4LIJQni2{2xu zdxPm--SZv_aEped)4e@#3PuomP7kb4cXY$Z@_YHA4Lb3-9Lm+;U}wMmq`q@*2Q&$} z-X;Y=G6J5)=`MHUvB}~3Xn}`MZ5ZeZWz{vU*qQOwJj9(Ag5z8sJ<&}#TPq^fvEf}* z4t3SyrFQ@E`HQKSSCi-E$whUwj?32f3|v&)SAuqrdXm(Uh>6=)+Y@78U{_^lgybRa z4XO|TFtt{8-G>@zG$U4x;{plU8kvNI$i4zMJZI)3Op}mcg~W83v2VOPTrV(IU~_TsLJ}Y6_33`Dm{!M=jDty+>4UB5ro$bmOT8i36SrL#yn~>&OK%c^ z2t<)~3Yc>Mmv7k@_8S%!7HB4iO*!4&-E%dS)FJNl6XaaTs_R2qvhXV=Pem^;uZ@51 z)3u2@mk9CA)z#Mv--%aK$U?j*u<<_wsCsMYaB7qpFYl zNde*TnYN*`05S?aiRswg!itth(g48&m$KMql#eE&3R+)ygT>u;Wlnxf&VKTV(b648 z^}fOdUad5%Ac=_p z9@{ix4^B_s-rlsdDX=5naVLeEIW!a}QAPVARfeIfyL*3kH_x8$VES|gnC9T^ed5jz z|1i^g8x|eF_Wcqsz*gn+XGUtAF2HGiE_`Zl_ZCctVm#4<8o(4l+J99$d0GQ{QC(Lz z*s+lR6BW4`IvGgsh3viCu}Y9DOK~ZLbHj39{@nKD)km=)_al6Q=I^2b?82{5k$l>B zR-WKtUY9JaB0_YC^-kC&B?k?e|E&qfD=l~G)ZhJOG|0d@02|Vm8)N+3+}yF~TV$=r z-p59C$P&%BTwZ4P>K(6AgqFZsfGN7Ijg1(9ISWnLHKlo_)Rv;lw0mwIE}|~9w`k#i zMz@S^8Kck_3lKj_h%vvYJ2gB5>;eQ69T1T0Img38nA82L(fXKavDzf-oPFk3Zc&p|i{@@x`fV#G8<;_BQ1C>fBvn|8+07#jN$;@WKXJyrAdXSHVi;JS$^1_-C@yS`nQNoa}-dUsuMW@iVC9yNPmI7 zund+qVk98&*u4iG{87>&Sb(j_!_H5^oAZyv$fi;r4z7Mg+~VS8G2emqAFkieExA4v z3n@pkh3ym65_YDjhQ0T?aDFOamlFWM7=*jWeu;t38FG8tbc{SR+eP3lhE^S{Yw_Q} z#0Z*0@Xd#ZY}wcf_e?}sn9HcqU@vo@0B%&0(3+Cotsead8qt6fQ%UuaDm>a7X4Y{G zzROLTonXb*X)d)K2*9l)bmSEg;Aeb`fx+bKn`;wxxwSBbYy#~R?69|PnRmXY2d-F@ zPHH{~Q#;z)n8n2#A-or0Wi4O=L-%xdLLY_zKpb*ESarHMbvk(dfdYxpl)&k!M|j%q z-H+-CNmvpRfo*}oc_$3?Wo1OM>bu7!k3&e>aXo#QKIMdYu=w5X?Co{7w|CRun10^> z)?8;8m_0z4HmrHo2Jz^Cm~ek4^!Lm!U3C;2mO8Pe{hKvzuQq9=rRkUEpPD0DSz;VxL4&z`L`HrmJjMf`4g7 zq)3Nc12Y->zF^*yGT}^rq1Q!b6~#&vG&ASB?|6L1$aei8^d#>?9{h8eE;ISF{aI|( zMoPi4VJjy_`9DEpa62sw58mmD9IOZTGcvU^thRZ!tARH9-|iC=@1u~Fl@E@-+9>S| zd=&2EHvA)KIp8o_dgHU)u-lD)X=&1&_N6%q4GEIycuCZ`H}3>k-NIVxZmzT~u4t>U zc3q-osmd@`;$;+oQ*nAg!VB0yG|KV2RtfT+^$aFJ-&3HV)3M6nJ0%QMGIUm<9Fi;Nfk|26?y} z*FHYO8CE9J-WtNE>KLGSX&{Nc$u0phSRxdJAP_AYVxzO;T-cHNf16dSk=g& z2>l?-i)7X8&wZ;LqjLDW^_{<^rGJ$jX;x-XibTA35DW=ytn{=_Q|#Y9@RLfhYjQeY zN~HWhzoQi)bA;cKtAP?vltHxMDklfE<~kKwFY`DO5+S;xjHD(N4$GhGP%Q%JJ}6OH zQbG>JDZslx^n>~q5V>PWaqH|WFD(_Z|KpdEf{+YBxuie~`xFi)=18UOhfEf3Y@T2! zktE5G3J)q-_7$pLBuLQmk!L-WuP7jm1`h=-V)5hqqe#mCuwZh;g5k!ZJRMnxCJC zdYBtbtRs{00qwmDt48T@BNYuzwKuKO`D9@@qdd~nb=^$WI0c^PI0J*Tive>TTGsw; zncer?Ke4c|3(funz}057rSt#QI52q2WxmPHW%CSzUT6oxk3A|o8GHZ7fKQA6$ zNdv0-2FQ0IySLQaHd`#A242|43Fzr-X>6dKS%P}+H*9C{SMU*k#cePPK*@TqFvGfP%*s!|K7BcJA6j0o zi&L1a28!!Gc_MDwjsp}Qh>(HKI3Si1@l_5GA75cX_rw-9I_`U+V~?1a45rJQqA|2;~Mh3SDEn2$1K|m@$qhJ$Qh~H3onV zGWo!j4g4cQU~u={tQ4B20!S@_6lpkp;WtAxk>DF(4#Rmp)Z6<7YCEV=_OZYW918~r zC^VpsLUf$`llX9Rt|9hb--(F{*DGL|UqHeUusM++T)Zm+8x<%?yt^F6g(7LgGO0i3m8mapR>TM+IA3;QokzqBGcYXALAwW@xl?GU8@q zBj+>2>^NJxuSHBF(SEWw(nt+qrC2`iFuJ>6?prj(3klCo2y+_dtrTKoW5ek&FF}mu z57!91X;4Qx&M-@0K7|rYU0ofzQW(F&-kr@&CH!hWkbn_9K$}iiIp7rn;*~}1Egw2f z;1M@L8PoLozzX&+z(qhD#q$P&)B$q&?Gp5-NWkLq`~=ueDE+Vo`}@@@e$x{%mN^Cn z@Izt>D-kjb4?poe1E-wqyI&ezy z6Uk}~Ye|1w+CwmgwI#^@azP866&Wf|oM$s;NN~FUZP$ z2Fc4&&fXx)pu_&hq`@otwsIz9Hd3s@i94~yujn&V%L{Ub9z8OO%4N++%j6E?L0dSG z-&U|hVJsQSLM66kKO&DG+Pkc75^Qp_%It~Bn#SAfm~g0a*b_5$%j``M_c=m5=8BS(KI zs$h9Z{_K=QD}}kFstVZUDT#@|YAUX*{FI!W83Q6%$d&**5qOk-KNg&woYa*dRttJN z3Gd7E^AiVK+YJc!2D%<(l*1ojGl4?^VLGg$()ozI=46PgDK zsddik4txG{L?N<0JuAJ*cj@0QF8r(&8JkkQb&Ir)F)}bO_rgwt>c+(!o`~q#@M-5O z8RWN5p=Sh>a}W^1>QYJ5z*LVb9VYv=MBXu&={r ze6YO@o8Jf|jlm&jmK#)0XWBd_d1)H~bH<^msm;a3IE0|$0SM6)Bqh`8>OMRcl92HB zY6p)PvqjL7XlrTl_UY^Cfuxo-6EGYA1D|36-4#k~1=8=jVl+j$xj~QDp-hC`^6%}0 zxdn^V!O>CKsEyJJ{4>x~v1Wo$!O6+V4}UR)obQ*1MFiS3LPJ7G$k$X~P{0WUcYH`? zNlH#`fSJ^%Pc&KA-pjyxgoO>pfws1`2;oiM4#WD?gGGEnNJ!S;F^T+q%Q4N($R4-F-fnh(;rwI zfTO#;{rM$HR(7_8$1&aGZg}sqv){RG{`u2#7cFu>&A3DtDmmEBH9$sORu+9Qqr-2; z`5pxqHw?Iz`}>Y*YMo1andad01GEH95NQYs7Uif@N=XOBk(87(X={J`9-NRw`0SbR z)}Kwo^a7RMlv~-Vkyk7ak>2>1=yI++;RJRQP^v&b1b^_uSKLo5!`hQEGJ?2+v7VkV zd_F$DfuBFq($ia(_LvKK;Q1we_yDu_MVq%h&-YyGVQK8Sib*Nx=)}K$d+m<0q@;0g zOGQNmjIkhY3oHd0B6ITclny^XDSTgYU;I~*QBh6~ykcUvObMiXe0?<@JpwH36Rb=0ZCF|V(R} zPUfolbk_(P3z&8N`0-=Z#@WE&V^-F4C~0J5WaQ)m;^Rr*wZiIt<>F#a^8ApMfQIH% zQqpVKlmViGKGN=dokvJ02QG5Ev=D9d^z@A?4Dn~Y%VY7+wxeMG=1{`(-ju7qKwF|iU?dO~8$KL_lIKX>2ffvjb18*Mz9(?=x^X<*){cDyd zObuG_*~;`l)}cMXC1>8zna@*}UQJg$U>UjjiBM#n;h%+vu0PoB#J~`tIUzj3^k9A~ z0}y;_?_mW}3iT%zQ1StQu_8>+iKwDh1-GSe83~Y6crWUz6BNg!1Mv^I%Q{M zBy5ZT4*3F?egTbXnE-6m0^2RX0fDNYd`Yg(>7@(}p`6z@KClMfNDkaL4VS}841a8%vH*enh_3O89{|+3HyqPl- z)!g0OfN5~XCtwOd$V>Jg4-OB{&(2O(i;j*4_U^dIJO{V!VH@@LM1lAfolpUXO@geCwb CJYGWp diff --git a/docs/network_new/MESH.md b/docs/network_new/MESH.md deleted file mode 100644 index 6854f01ce..000000000 --- a/docs/network_new/MESH.md +++ /dev/null @@ -1,123 +0,0 @@ -# Zero-Mesh - -## What is it - -When a user wants to deploy a workload, whatever that may be, that workload needs connectivity. -If there is just one service to be run, things can be simple, but in general there are more than one services that need to interact to provide a full stack. Sometimes these services can live on one node, but mostly these service will be deployed over multiple nodes, in different containers. -The Mesh is created for that, where containers can communicate over an encrypted path, and that network can be specified in terms of IP addresses by the user. - -## Overlay Network - -Zero-Mesh is an overlay network. That requires that nodes need a proper working network with existing access to the Internet in the first place, being full-blown public access, or behind a firewall/home router that provides for Private IP NAT to the internet. - -Right now Zero-Mesh has support for both, where nodes behind a firewall are HIDDEN nodes, and nodes that are directly connected, be it over IPv6 or IPv4 as 'normal' nodes. -Hidden nodes can thus only be participating as client nodes for a specific user Mesh, and all publicly reachable nodes can act as aggregators for hidden clients in that user Mesh. - -Also, a Mesh is static: once it is configured, and thus during the lifetime of the network, there is one node containing the aggregator for Mesh clients that live on hidden nodes. So if then an aggregator node has died or is not reachable any more, the mesh needs to be reapplied, with __some__ publicly reachable node as aggregator node. - -So it goes a bit like ![this](HIDDEN-PUBLIC.png) -The Exit labeled NR in that graph is the point where Network Resources in Hidden Nodes connect to. These Exit NRs are then the transfer nodes between Hidden NRs. - -## ZOS networkd - -The networkd daemon receives tasks from the provisioning daemon, so that it can create the necessary resources for a Mesh participator in the User Network (A network Resource - NR). - -A network is defined as a whole by the User, using the tools in the 3bot to generate a proper configuration that can be used by the network daemon. - -What networkd takes care of, is the establishment of the mesh itself, in accordance with the configuration a farmer has given to his nodes. What is configured on top of the Mesh is user defined, and applied as such by the networkd. - -## Internet reachability per Network Resource - -Every node that participates in a User mesh, will also provide for Internet access for every network resource. -that means that every NR has the same Internet access as the node itself. Which also means, in terms of security, that a firewall in the node takes care of blocking all types of entry to the NR, effectively being an Internet access diode, for outgoing and related traffic only. -In a later phase a user will be able to define some network resource as __sole__ outgoing Internet Access point, but for now that is not yet defined. - -## Interworkings - -So How is that set up ? - -Every node participating in a User Network, sets up a Network Resource. -Basically, it's a Linux Network Namespace (sort of a network virtual machine), that contains a wireguard interface that has a list of other Network resources it needs to route encrypted packets toward. - -As a User Network has a range typically a `/16` (like `10.1.0.0/16`), that is user defined. The User then picks a subnet from that range (like e.g. `10.1.1.0/24`) to assign that to every new NR he wants to participate in that Network. - -Workloads that are then provisioned are started in a newly created Container, and that container gets a User assigned IP __in__ that subnet of the Network Resource. - -The Network resource itself then handles the routing and firewalling for the containers that are connected to it. Also, the Network Resource takes care of internet connectivity, so that the container can reach out to other services on the Internet. - -![like this](NR_layout.png) - -Also in a later phase, a User will be able to add IPv6 prefixes to his Network Resources, so that containers are reachable over IPv6. - -Fully-routed IPv6 will then be available, where an Exit NR will be the entrypoint towards that network. - -## Network Resource Internals - -Each NR is basically a router for the User Network, but to allow NRs to access the Internet through the Node's local connection, there are some other internal routers to be added. - -Internally it looks like this : - -```text -+------------------------------------------------------------------------------+ -| |wg mesh | -| +-------------+ +-----+-------+ | -| | | | NR cust1 | 100.64.0.123/16 | -| | container +----------+ 10.3.1.0/24 +----------------------+ | -| | cust1 | veth| | public | | -| +-------------+ +-------------+ | | -| | | -| +-------------+ +-------------+ | | -| | | | NR cust200 | 100.64.4.200/16 | | -| | container +----------+ 10.3.1.0/24 +----------------------+ | -| | cust200 | veth| | public | | -| +-------------+ +------+------+ | | -| |wg mesh | | -| 10.101.123.34/16 | | -| +------------+ |tonrs | -| | | +------------------+ | -| | zos +------+ | 100.64.0.1/16 | | -| | | | 10.101.12.231/16| ndmz | | -| +---+--------+ NIC +-----------------------------+ | | -| | | public +------------------+ | -| +--------+------+ | -| | | -| | | -+------------------------------------------------------------------------------+ - | - | - | - | 10.101.0.0/16 10.101.0.1 - +------------------+------------------------------------------------------------ - - NAT - -------- - rules NR custA - nft add rule inet nat postrouting oifname public masquerade - nft add rule inet filter input iifname public ct state { established, related } accept - nft add rule inet filter input iifname public drop - - rules NR custB - nft add rule inet nat postrouting oifname public masquerade - nft add rule inet filter input iifname public ct state { established, related } accept - nft add rule inet filter input iifname public drop - - rules ndmz - nft add rule inet nat postrouting oifname public masquerade - nft add rule inet filter input iifname public ct state { established, related } accept - nft add rule inet filter input iifname public drop - - - Routing - - if NR only needs to get out: - ip route add default via 100.64.0.1 dev public - - if an NR wants to use another NR as exitpoint - ip route add default via destnr - with for AllowedIPs 0.0.0.0/0 on that wg peer - -``` - -During startup of the Node, the ndmz is put in place, following the configuration if it has a single internet connection , or that with a dual-nic setup, a separate nic is used for internet access. - -The ndmz network has the carrier-grade nat allocation assigned, so we don'tinterfere with RFC1918 private IPv4 address space, so users can use any of them (and not any of `100.64.0.0/10`, of course) diff --git a/docs/network_new/NR_layout.dia b/docs/network_new/NR_layout.dia deleted file mode 100644 index a9f59e20a694c6e926af162ec1df94203e01d4f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2884 zcmV-K3%m3miwFP!000021MOYibKAHPfA?R(QC`{^9fU7_;B?MSl1|%)-nDbN_8vWy zM9XX_(nC>p+=u(y3y@T7N+eAYgd*lvnK)ww!~zTKZ+`@KfggVSyos!bAl-&Zd_5ru zPplwbCaW-BUr+x1>tDa~CO^Kt`e7CN-^;)2)ZbY0iFm7iyPn)-+5Pvk+2i9Qik`N9 zmZT^OcW4{Te)prupUFbA$=fT-dRf8B&wTY=`K_O2X}H*Bfff6k;Ciy~m!H;YvWr)f zqEuOKnM6ryJ^0b}c02a!6FU(Pt8?h`4OT|)%QVqSncLM*@m)6 z_H=(#q@f=5^F^7m)K(UX*Kgmv<8O*4m0vv9RoBo)A=$=H*I|4tN9raj6hVEagW6&IaXTzXz{;r8Y}Nwd@svtyBqB#8n)E~IAZF6b|3yYwSD#oD^1 z(Tm$K%aT{xf9prvE*&Vo{$g#XTJAaxSM7#dDbY~NW4OxhZay1QS5f$|MEa!UJE zzDUwlkiOP*j0i41gbPfFLwbta-X)JWH3YPScdCbi+4H<_GK8Ol>@i6{DLdG0YwUpN z+5y2+;u$mqfdqG4Z%Ujwagl8^Iwb-zn~Q!zmq{Go1o0~G!U-L#DIl98i=duXDd|se zQ}qW8FATV+?JRcNn>&evQPA2?B6Zu^Pl_lOd@B1(xJ_D%GFe0omOzxy_M%)4BBiQU z>bat|sEw$=&hfa{6m<|6Hc_>5hC9wnH6`SvlXkH^8j1b?ScM`Lm9Vlz8jd}&p8xlH z!jD>2^DHf&C8GK;Id-E5EgHhqsjjJ0p*7(6>G6@mPb#l8WE^RH!Wf76j z0K!D8-OIT`>yL*FY)raX>44w_(+xzmilYF~0KIK`yICwep&g0-; z_O8LfD}x!kgGU&1p|pw}LA$v6azMJcdW8}lT|E_@UH#DvXm<6=W0-aIZlmQJG+sW4 zx9&fCPx97kWF?r-nIng7D!qYgpTl2QdspkP`{LK7`D-NKhn)#mqXme zU&~rw_1C9PlwK~|({R}oS0DBUw)$TZ*~QfQ__SFh(F^-0rTyF5&RcOTgSIcBS}jpI zYKck`XKX8;)^~|&6J-A6m6h04xXes0fN3bK%L*7Zxd5gCa-CPd_8+2&s5@hjdK*Sj z2NBi%U2|)A)g7{vb+yf&qToA89X8wuzB| zmxW7nLbkhw+G7kRy_Ga9o;%un&NGYW)P2Tt$vVc5=NbwFJO?}nJO?~)!E<*2eolpP zeonn-ey$dP#?8X(*z zdJB%gz800e161aELaTGI!#wOGO{$jh?pwK4wYkuY)=~(oUCPPM(Bf zGT>T?m`X5GdjKvHDvQSD?xRK+;_P>rj<2j*)b|rq2Or>}O5UAsY4?X}Z+Y2EH(j!6fv`$nSG%*8Ug{ z`C4K09F8`7)X(0uk%QTk5=31_O@@gVf^vHh_MCdirRsUEXZDcccY#=Kk(_PEP!2z!9A2Uxs^#rtnF-clXS%Q%B|dsw$W`?~!*>wUP+lE)ym z{`H}TZBhNCKXrzx$tcqNXds5mFj7h!cgi@j?J-A^_EuT9FjC^Y{CFmVBN(!)fXaby z0pEh-CNA-~396k_sqVlrdPX}{FVuM!6O~xc)qChjvY396-3Y8amkA?0BMxwD^MNsy z*$BBzBh0L%`ZqoCDdi?HiL1z~0+W=ek>C-)k8${^PCS60v%-(gc8QVeGCE+Le%2=I zd~aC4mu;p9*ZzbZ$D#Ql>!UjGi()`NG0(AG!VT_> z+OQD{8= zsBW=U2+v4<^`Sy|=8TxbyGDZ>0pS7R0pWEKzP|=958%ZBmmwMjc$G_A0z4Jt2Y3y2 z0l)*m1Hc2ocR84q;Q2#PywL=LIs2h2vwQU0)z?()ny*|$v7OY2e1l< z>%l<^-~QoxY=CQM4IkFvDUwiN9YKy-)22v_0`H-+1@gTzyYiRIV7mnnG`?6@ zosj^7BRtxQX&)k!FE^Py+6p7#RGpE4OJl?(?L#|M5V_G%b&+!>g-tnUVg)w2z?lG>S~wF1 iY`Pq5Dt?drryzZMRs16Vu2X;W_UivNBa)X6-~a%aONLwk diff --git a/docs/network_new/NR_layout.png b/docs/network_new/NR_layout.png deleted file mode 100644 index 2336642790f35972eaac4814fa2547c9be1ec708..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 39589 zcmagGcRbaP|2BS7WOW>pRk9`7BrChJ6Dl*2qOw9p$;y^dXh{f3q9PR)Wn^TJY$9bv zX4&rR^!a}7-|v3hf86K&_;|lRI-Tw3N-3=NKKqvfC_5D43}wKR!p4)^f34JljAwB3uC?>&%GL0XnvA2cROpU5cP7a0=sZE6;CZun#3K*|99>C zYo9sFV1l;u=eebHedj4}-oL$jMta>Fd2HB119%-A9eo$Zk6*ZO;n*=o_3Da>43~it zzQZ?~+S>&bWC(V&wG?qww9T6Wh%z!VmLIMx{4U+_TbdOJD?dMzef##;vJg7|)tMuB zsh4e5J(ns%$mUg>G<4p7;K1*$f|2RLauF6f9!ccSNwxcZYL zvAelc{1ViH3Dr~yl-$yGycaT3H*Y2G@?KjmjE`^4Ir%)4fvbOT`P%Y)L~JaV^f|p_ z$8M&iSf4qQP9L;Il?vx|FYs!ZTUe#7nVDI8M@Ome64Qp2$m8zrZkzJZ5B?i|jSmm* zJm8#g>VLjNH;(wDA#vZypY=&26B8?=&FKx!E5Eu52Ft@*9bV<&DX}q$H&>( z+0)Y#Kh@OKjvwE#9)C|yFexd?!rYw5CULs+h0V{OKbh7A2_6hMa^30Fklu)xn8Vci z$qI#ZJ;a@|bzNQZ($aG{;T=16(ENMp2^N%ZtFfD{h}d4bvA!aC=CjA(TY}bR@&_0y zCMd40{5`6pb7g7v$G1<{72i4O>D?$TRf(D8NG-nm3zI=I1LqkJfKbNlO@#DuayAKw>f3GAXmCXp zQd0xe13z!(Ry1TGe4_UKd8{%qF>!6WoI!>|f4(s-J$?JGT@T{pHBO(#jiF9^=k=S3 zZL{HC#HLa}iqe*Eb4yooA_evgepUVD;O; zfB#2kHt7%%pj>gpv$@ZnIrhKziQRpW_ofzZx5XRhh3RQ-g(n+>V`CAdD;w(vn*#{~ zTX6|?XoX1~KYo1wmHE;6c@H|eDBU|^OUuhloX2)fFI{4zr@|Z0QsIp|@y0^mrCGeo z%j@smyKF_AOJ!|s%seK?j;VQYtKL&HBg|5TPTx-Mcy1jQ62i{Lrm3k}?X+}+`euz? zFp0`4Ca_J_jNnGylJ?8;o#!^5SGJY378Vwd&YVAb`SN~sEoc+;{QB{Sw`}ZSB<9+WA;Ak=_aWp(yVfp2@FG=d3KY!NT+7gH}$#=chh|6SoS93el+&Ki$pDpPT*hB~2r&yQjzA-rmc})TYMv zr77;eyPKPojLhovpoX2@aJF&QTg$1BftyhVo~5U2cm(`AoZ0YiYC|S8DUDSr<7?kz zRl;K^%OxDwmKQ_~sP^wKbSYU1t+Zw2x)9!=hx_{5_r%A7lP zTpp^RS!_Mq;D-+f)rGjZRX>MO36nz%e~+fAxA(o*?^8}rlV1}T_8LE~ zR(^;?*}i>ya1+AytiMNUEw1p=roTiQV^kX!mfLslnp#>q+Smlzbf);Pvy(_9cJ{q1 zr=15%IGLF-s1t)XW?<)do4LDkQL)o10UoA@Ltkd{lhLx?{&R=Ma2_yn+G; z2L}}u6$=Z?5Z(8oA*F){vrWbqXTHzP%`vJY|LIsnB&4O&jj{s+15++q*4EbImZ?%( z6?>eY>McUP%5c(Qx^R6>C>BhM@szGil08cu)ey4kVmOQH{4pXG*lUN z^nskD-|C`E>Duf1gWSPJ#>Pitc4?iLpgxRTW<_4)zc$Izfwr41GB-FYl;_!YS@M;?`5& zzhAd8Ra4uPs1tqThMm;C0pGd$&X;E-=~o8BxDH2iEFex}xm1W8G7bYJ*VsZuOH z^J{uE-n)0tLxHpW1v*5Mo?wc+`{V5F^T-=~$s(~ zb1mLT(67vX5x=@HzOcIFzB{(#=k88N*<=G1zg2I9-DJ-jeSLkDLQOBaVU`3+A-doI z4pI!JAJt-T@UcPim2V$6 z(Ti=0MCMVQ4Ww=|6&4p_u6-cyPEtqNpZb}HemKpFOSoI!Z5VAlMfqCyy5R4DQk5(7 zLh4%HOAfeA)c*W*JQ+DTx>>DsbaWw&=XrwZ>FG-rhv%iHX;;s=K>5`Je>bji8{QhZ{bBr#R7> z_pqrVRH$ny7`ZuXZ*JQu%f`lLiFW+FbbY+RZ+T%NjKm@5`Ync2k$&5@8M?sO*hb{n z#fuj$o~I-v43CUd4Z7Y&xJ*v={Zzg>KN>hdRHMEm_W(ddS63IuY}5D(SVlidcE%d+P*Q^b5x?5Ia^OpF0Kq96IS-kNokVV7KhKfl7f`^3Sf zv3aD!&y77&QcSR+nLJ=*Qp@Id}Li9^YI z8Z`pV%#X)=W~j2m+TY2>M)GWJ0;FkVNFoIH8br7K@ROe{t{&E(`s<7^X@^EWO7 zp&=prWo11lEx3cnCnlU69eexwkg-*WwYIi4M!v&J{_BN8tsmIXK z`*)l!=wcPKWIK38ra!VJ=<(y93@WQl_@*miWh(+~p&_B6=v&6wZO8*wX6A2n zf0~n{=r&vpEQMU>4OK)emPJO=4zAt$@#PLc zC9C);W)>DyIHPP6UEMFqie5u0eoH^@0C!hd`#Uo|EUTL2KPtgH?yDcy*Uws=0!+q;Sa93CEy zn~5xRxOfqeVrgaN&8dPHFQySK+S=MnOG`?-8!<`vZ>*ze9=tLixBP}8b?zUA_7EaB z;t)DkbhnwQKE>uAD90yGoG=kS4$Pse8&zY+!pw}*pykTiMo+JV!C*R1nGi|tZ)A)g z^XW9A=35_9bD;F7zP{7kx{7*rU*EOa;hNUR`sFJ`LaHymDLcsHiIxQY83{JjE=SpS zX=#D==Kum@*`=u%6&~#%~TG03QQh8UG z*^wjm-#!K|#@p@PyBF}VwY|OY&6`rUAGC}EOaU=!W`=HCqC+?HAAagz_4KLm<;x2f zJM!Aw+AQC?s+~M}r*UL%$@jp4H`abjnNOdNH>zy3wYFY#baZqtdGockp#AID3l0vw zMebQopX$8rMuNyXb(GAtWbO_8cWJ}FfN6K|srTV(d{ACwMpE9%9S;|-SE zW#H@kJ|u)vIg2CI27N?KT-@b92anc+_~SZwC85%GX35u=S;xiYw}9?#-{pClatUG> zU*>O$gxv|0O`J`pwB6~CAA2s%o;`A;YSU&aYKt(yI?Q+>eB6!6iXDi71z#5@gT`}q zcFc^7jJtO`+t>_#{|-2EomA|*;%ET00`^{HFq12X_t zuV24Dbm$OU=*uq0U{YAQ&&*H=8nr6-#}0YdZ>pZ2f2R80jWnjjirc(2#qPRJ&s+8o*vb9j-Q02%RZtgw3a~CcMhuWZ- z0qY0|2r$#i1Z-}{^y#s^jku#{V{KqV@}AzFJy|8!R*La@`_{z7MCsac!suH<+Ts*^Q9mB&WCr)6(l(s#yS@kw9qjsRj zlepluQB78ZB-w3hI~ffnF_L7cp2;3!q~7xN>(|Q4%7};vj4s>7j_T=Q+9o6$hzkqz z#t()O4gK(5O}zKfm6@SKmo8mG*ZT0`!=XEWQAAHZKb4u8DQ;cDFD#2O9w&fX9=X+p z;=a85xe1#mKp~`8jGGcSpBP;r;+Qb3FEBJi7y}k;-pGepI zE*%q48rQCUsPO7Z!`SJ+JYUn@eFgJ>t_r7|Yie#T`n(MakV(0rEn+!i<4I1=Ut|F? zUMgk~2`km}l+#k|2R?Q*oW9U32B{`P6J zSg2$rf?t~W)**s3Ij%NLxT^A_JFCU}~Mk<|H_Xu89Te*^L(Me#x# zM7_GN;_qi>cCRjG9e0tX{3t4UXG22+4j6!W$VH&dChfEY+xO4W>CFzvOZ+iO%zt%p z23Rn}#o|FfTj*qW;g?UJKDD)ZpatbW4@RgN1@29K@!|zOF2s4aw;@Cj%Yzk zHg@*&XU@bweE2Xi@vMuB|H>byORt&QZPG?No)3J@wU}`SfuZr%w=!}E&~}Bg`;`r# z`!k=hBItFC_W<_*fFA&1I(#tw?Gx+1{_8Vvxlbd@DZw+O=!I0{8+l(tFQLxpgb~7;#F= z%gYEKq!Tp{F>G$3!x{yC8=J(ptQ5cdie6&s;f*7pGy9Mp4Gqq?ON+z4kF@x26&5Z4 z<7%>ExN!r4gfjc#>fclEJSV|MRdne*DObM<>gdj$H)p@F0B->l?_g!6yLtx5q_eX# z^|gV^?pQAX(YUxckWF%milvy`o=4WugJ8Qv`+&H%wgyroVne+`@?KqWvBKat=BcSE zd3kwGXMqcVZ3motzqu97%*+74aw&O}DGl6mkFgf;gvuH~Q8ep-lJoD`*trsRbV*i7TFj}IYEiQ*Ka4CCDSzfyI zGC8>qkrhem&Ob{RUsKo6pnPTii9{fzY z!^XfM=FT0~_2PQt;`-cR1rcVP0Vt2fVFo*?B3#!+TKw3t`^~}_LhgjM^#)S$>eZ|J z_T^k#`7<^#;k7EhPac(_Vy~-$WA6L+mSBnHasVvPO5L;SWawY^m>+F6D>!E}+a|iL zl&hxBS4z)qqC;&txaIoukBtA9k4=YIf%dH(L#Pj7zp>ec-GJdn!F z0x;OOA3rjmKUcADcu-rb6Wml8#p?B|)5g|T%C4I9{z5oO!To35=jff2lapf}%gCw5 z2l9Ld5N_TKL1krSS=m3eiTkQz zI44X__iaHPd|;HRfxrOApqvt0ikRImB{g2=2XKZyWNB&n{_L0AAUL&TKIdIU!l4FX znvRVx+>6ruC9KPmq+yP3o$M( zSLZ4AZ{Bh1)-BB{pYxxZnn*kzqfI=3UiS7QhoV>x9X{+S{9+2cX@**MOB#;v;loo` zt|+X_?%&_u-2Bq`svJg;`};3WcOXz=Vqy>?OfmU6!75>jyE0Pr1iw3JHf7}{%`Yr; zJTo&kH?Osm%6a8Lu2xVG#VYDP&w7wS7AmWv z%D)$4N<>6YS2w4e4Yc#j%FQRbSsq~_WzEf!2M=0tlemK==)Y7~yLxz_Zsxyw3Mw*cgqAKL~THBLj)MTRNYwYoA(oBU1kB>*Oh>}ZaPEL-rl$5%L2JX9PL&r^Ozz`0hzOF?~BjV!XcT9wmgS@yL zKCEJD`*K^fpr8P6FZLK?>Nh|Ed*j@vFqr)CE6DTOa|KA<$%%=ps75J%%VXtX3@Cvm zmnUw=$8T46=*mBfakw~{xOJj|GD}DWP)R$bmNY-Uqo!@i^~&Vk;_C7 zpD$lZa&vz}Hyzp{fiy+kqUVs&;wEj`y7l`(Ex-##iDeiWM?N`P#Cayu7xH-XG_B zhr!X&(cxkKD_o~!(Egm-XnY**^c~nyORGgAQ|pPj){WD<;(hjzY!7a2b>?=O{%D<(7P+~sl9yx zcg-kz+p9nI2L{l|9w_
1^vZ2S$LVKJQ}btP3q=r))}0J;8mUPn7qzMuy6^>O+q zd@U=Bt6Z|{V}%$xhiv`2DqrYS_?D&;tXHOcG{4k-@i-GR1u*( zOl_qZGqk}qmRD2+^tf~THtp3qukfnxI6WX|5XtY}zSY{V-lVRtU*BDLG3DUZ!&$8- zpP9}S*$=A$To{TVdREZGDJcR`aUi}K8a9Di4o=Q{_YD|h%~iUMzw!>hTG#*v?(y#CO;rES5taAW@M zNAwgIFN0xWMm1hH%KF7^;G`{3*Jq-`JUc? zewkf*m_E*dIC+1R)96EY8Uo7AEk8Os8suq~tcbYy#{5`(SlCu256T4SZIrg>&Yd`Q z$`8yrS?L-hd9ymWyU(?>v`qcl`kd1<$NoGW0^af9$juCLO>0flsi~>aHZV9$4Ji`n z@u*d&hMSuk#4!7mlbcohF+hqex^K;``kBbB6s>)sj9vS&2KP4PC(!@ov!+si|6s$F ziMx02YRQQZ?1;5Nynwjog%{e<{_5-M_}^Lx#uuS}0GsK$ra+`jPD`^u=%RP;0Oz;*HI*=(|HzFg)%lh^7^row( z?d$Ig%y_zxN6A#eUA=Se?(PuT_}?Ax@a!>zUWlq-`qGv%)CS!K#YrKua8e*?0cNGvclBZ54JC5kzjNmRt|Kwa`h*C1%vQ}i{|~cA z{$a$eEG6W0J3vlo`KwlJ2?A^W5wn!?b$oNKDQR%MI$aC zkeQub)7}o8)Y9I*!`eVF9#<+UK3>|cI!?@ge-T9?NH;?=B2!RMDDya!X>?ETu^odA zz#lYdQZW!E27cUBAU=yzr^FP}Q)FUvxu1}4O^~FN6u2;mvWxDcg@uLQu^~bZ9{d2&bk*s?g{Ku;ZAFEJ!M-epGx9NQ z-#%j*PIB|`&^vmRm3j*`4}H0mlvKibg6Y2iI}LdN?cZy%yYhz{ObqGi>8zsW!6aJ= zHZ-S6$GdTHO@1SH04aKVErXjN_=B+J+O^9PqY7{`1hd{=C9qeh0|WjWfH)82E|q=! zNS69QQ|Rn3-gk?keJw1lz54QeGcyT)Ie!z@(!}b_PhUJ zu%Ws-#kyg7Q_=w!k~$6pNeWC+ipGo{neo@~{V#2|l5%p=uEFXMJd)}I)$i*kUb?f>Rw{!vG9c3kDw`F7ffh%H`1I^gVdu2O-);lD@3 z#4Y~m1DVc|+Ds0M|C2;5_W2#BC-~g5$jBpNo{HN+k~vN)dM9N20M|Z_jBVu-&D&6L zA#sUYzHKTrByuW1909OICje!RYaPNRdg{HLq~tL9BAgM-C}=w8xmJjMkVj-yq$DH&u}>HqCrO?O zRpq9pruK$Fvwlony$mBI|IR)5``kKZW3Cu&Fy@6vM?1~6LV+cQX=EC~?$X~BDQ^GL z6vtyCocQGjZI3y$ml;;vYTVM>jt|IJt`hs4N>`HUS%RPULpKy_AkT-{RF^ zC-wJNmpgb1)I(%bu61dN;??+O->`vef0Gyd8&Xs@irVp0+;Z~W?~-^=6Y`;qW0LMJ zzPvA`Q3XtVVq!bSOWdT7rzMID8dq0W(Or)|RO+g&73Sv;ZXEgD`7%AJ$WUv%u)N59 z1V=z*m)hc=^Zfbq^z>HSWVCfm!>bGM@Sr7xY#+Ez{3LEma5ZEZZX$~s&V5(@PFd}a z4HJKvpYP`7^_xsBzyks%qOK0&6R6z?%}31+)I2Ov0wn5AM^6-Uv>S*HNECDPZhT0{ zf#$aM_RSO&D1U?Fge2qAFuTy@z%xti+yKj#jj1&z>kTbm$WIk(jWss604A zNbHRkn~P~_X%Gdh3eM?kX@%DjpEgaawByR!`St?w^1byXXkVXW5C4wo6v!w^+CGM! zgYIlw;^RV4*z?xwze~!>$P$rqiug@(cE)X8oSQ(?lTv(CmZf2BZH;k%b=5cGmwv?M z0u5Gz8)buiX4nA7uZHN)4IntlriPkKjT*s|XW_^4fZqpk?7>aY3V52_2s#sUiTN96 z&gQ^s=7+>IPa!e-a#Il&+#{pxz5$Dl3h?JuRdib@9#N2vfUdBz>O+)=6Soj(3=8M( zl@G20?!l9zxs}(r$+TM@y;y1YQTR>NZ%#Y7+X9H-u5l@NJW*Ud;qKjVQe;fb zPq!k?u+6G(o_t#pS-Emc30^g*AjaGu8xszb&Rgv-dacHA&fXeMGh3P*=_ZA-W zaB~j%AM=%X=*+9MlktE4GEU1-ZA+xCL4$qQn^RBEUCq8xTKLSR2uh@z+%6|4CsEPd zso(nf$tLeq8(Mkpd}(iO-MRk)yi12M7oa0m+vShXS8dig?AKtg-U43603{8Han{qY zY_E?(g5x^(zi(RsF#gwyq-14dA|mc7dgW>Qg%DJ!m*i8<_J$v+X8aL&>%eVcGX?(l zSA+#I@C1`?^leVqJUAkqsDqIhl?k(YzC5qY?OMoSl|)s&#p^;%5mZ83%Np&OB7(iB zD*Q=b0xmq(c*5y<#f51sqdS=}tilNff|sn4Scs5qPg+{lxNi~Ev;ktb!sg6AFKO@J zsXN%uV{_HGf>4o>mls1Cax1cvGMjG}pf3l(hp~G3?{5_-zu?nItbBwa{Jnc|9@K>z zWFfC})2pLLk2XRVfBW|Cr_;fqp+l@hTvf~@xOz+x6=cT|Tc`j(Kfjd(@K%3tPsyU)ABc5zsK(MY3|8@OZaXXj_C41hx6yz zBdc0km|D{8@HT`6O-dD0%h#{C{l|=r6#+A@Tq(YJvpH5}{Vk@>ty{PH8Zv+-AN0Rj z9dcby@N_CK!IjoS`O8~Rp*>dT6`nN?>Q2+02{RudVhn~k=PO<2+6PywqhV#AxS<-N z)Z!JEgfAW(nZo(yS(oEa{9R@x-fa)GvOq7#2nD7|k{)4f5_J@q48POU*PpR3 zfLBC4TqiS<=o%s|DLM1^Z`IbtIPGtQS89Vu53fwdm?6>V=Z|}R4D|4&=#!YOayJ-z zc+$;lBUpUZcgQ4AXw=uumVEuJtdb$&gPj+N-FId1;~nS;tz#a6s;X&* z=mz-yg@uKk92~C-3+wCa;XOjHM^fFna}qYH(L51RQOIapBS<7IwMKjPlO5B?-p|nO z^>dI^d$`@&>sR%UzUcR9WvG0p0Be7BT)DY$M5BohWEBMXat#Sr1h z%qz3i(8R<(5;a&#uq#=p;TTv!2n?2HA3E>gpmorepnUXFqrG~lXf7z#XU{5Hd4}a9 z;?Fl4mAPldX}a0(XFNcJ@c-xc02g!(PEOJH;Wu{4O9=^S>FdKBMrP^0el@qSz*q!z zvGK0tndxtzFqApUTGRz?3aAsBS`zu-u~?)O)<`Mi{!?#v>>j^|t!-_?Zbjh9no`w- zlSV2u>-cAf;x>BCPM!=S!IKC&G5*J1Ky~@^Eg6_bDk>`vdQYb!VKsRNlb=uLZShb@ z#ymGZE-NDg5R>2ai^WNYP|ZMjFy-B}<$KL>cWB*m`Pvm=V7PI39TR@5Pu11buq*q%ozAW6c044`o4c~lT@Fkjzyg);Dv>b! zpe(s@QK%pH5T(gixpc+HKx=67HfV7CN`yt1x1df~Qb0Q_nYS((HA`BB5jW{uy^cf`k0AwST}OZ2E{4y!rhMHbt;?-sh^xw-+U%gY ze-9?112Qs(LJ60?e=giedShG~PEL$lx2o-={QmszF3iC_00u^U^+mH0?!_-IJ$U#q zhJ@;Xl16^*-+#8C3kT=s?oLM}l79m^X8-<5Yw%oJvtPJ_NpMh_7#rtgXAjPJFIGgi z2=3wQu2yN+4+}nOXKiH_ZF3h0#jZyh&Q`yb$peEDRbErQ%}q^rrOrlfVL%vat@;|k zrEx6f>h!n3l$4ar%pX9oJ$+`M< zglNyFGzQ-g=ljB^K53{IM@*F9glTS&yBhj>&{G~mhZg0OL}kwZ{fCb>{0u>?zHxA% zP-WC!@cjxT*4769S(!XlhW_VdUEmtQ_DP-e-Z8_)>l{x*RcW+Vd~vNH8<7)tWOJOX zl1k09VyZFn*U{*PwM=!>zM&74x;efCjnW8uz_DXINghJqzv^m**`l94DAZ`19B78# zmSDn9@Zj=O?r3jE&F|{z(e*Ua_|b3_!08_{q%D_Vd;FC1=|dvTz3Njk1d6#!D+>E7 zg$OMt%*~gFYqmog1C1VG-J19=CkupZVBn^x%AjNKd$PvI3r@R#walFA-)Ix{KGTOT=OCVa-2-22Y0l>`WAd9h>)6)P?EE!SDAS$ zMBgWzwiRZun}H33mz9#8QA;Pxp7Z)AQ=mWP*CmK_Z|}ETj*iJ{7)@Ob3*L2%QBA=l zz(Xq)5IRmPV|sd;>_z>REs~m#Mheu}2Fv~Rtqhoy_X z^W`6b--W9M71YjMjxzHRId{-zbUZz?8jQj{K*Y*iTlNTU!l%H+M~g$!z)){$+6fgA zbHE1NWU#Mn+ZK%h_;W>tmakZ^Y|Y!*;Mk#P8@BaViS)Z*B!ct>&gEwPAag?GV~yY@ zT&_py=@Iw)vcbHTlsr^V8yz2KVhUJA!Uj$@#r|Jm{3uE+lI&(%E zY&QnQA-WZCe{pdyAimZp>o*e}K5WrCd-e9Mn&H6BTbbBY_4T(2hIA!oeCp}B3b6;d z1_#HXLzGlh5aKj)=tdtuc<=yD)ns6hmoFK`DHr{(U%wu^OP)76f~tpSCGR0ZcpS#V z1iqr#--V0rUUvh@1e&6}`~s|0`}ReRnkxK3Pz3aqjry*e%aRgRGa@jh1bk9w#vWvufdMwmi zKxV&l9R#ODd2A39+ohu3&z}!Jd6~_v#QAjUgN7{xTufL(I%1mCYxAu~%fP}to!oWoj(Z0?9z1vP&>9<9n9e&fdc%*+_{4{$!wDpq^$)798XMQEC1r3S~s z!%88~!#d`QDGsawsRYhMdQ@ad$xD|nUqj`*YY|cGGxs* znsTvPE|XRz(P!v|EB8S)-W169`8nh}H<_q}#V2=jPVizEoH{xT6;&A()}| zN55Avj|uAC{dle*L>CYy-*4@T&GCS$@0cE@D-A`R2918NpBGFOQofjl@Ea1;-m|1F~Cfqfm+Z{Dljz*ZC*};**nc zQ!c#!vFhGPH}nPiD*RRk9`Cm}I6Lo_K6hjE_yjN>T0I(o42KhhGFxXbot{&@+L=Zu z0pGuUi;Iuvvs}k;3+RTi1Jh$C2Jx1bd>9=d`#||rZ3^U|%JtzpprEl=WBk+7GD0HirH8eIyXx7%(@30yKIao%2=hm%9IXOLT zZNWCCAmgE_NYYQh)Ikog=hJ^CEifAmz6QI~hh3d?-Yl()mSR|)%CC>=!%PWtQL6&$ z5bBzy$1hd$^`()NfPesEN~%D74S?IE<=4a>*h9uV6x6lmtxv<{q_V!q7ixnt0$2f& zV#rZoofg>)105wLC0pnkI49UW7u^C?No;K4Hl6V8Ki0cfMz%4oV`l-o5y3qytgJBa zJgF`;5NqLaCi@yn&uVMaL}O=5%i7fY%RVD%sae&)zbW4n5teE1%L| zltf)^H;ds?l3o#o2hsb_<5@;~7IZt#YPthe72=n;nAnM%#u@s+;?5(tI)3iIsmTjR zLe8(!yZJ+|a`5Di_PqH$vOXp1ef26NK_<@qHp+ghckkau9d z$OJF$^TxXE#5Diym$S2OSgoS{F)--%#6&p0=2w{?QbpFWlS~(qoe&#It6#o+3DHO# zI(cE0L|*%VBT&8i>(>(&7VjW20idI|sknY4s6PQk29E^5W?NI!XalQ>2UdhC_jEYV z89&PvtA(i1-p&a(LT%b6_PwH_JCx;a-n<#uJ$Ya3*M98G=z_;$58Z2x3JWD;pMsXu zdUm#cL&>*^Ek_;4??RoxA`7 z7DN>=j133;n%Oxy7vbpwGMFCh#g%@ID~tTe^FNT8nv)YX;56BG0s{p`tlX7Uiproy zIl$qyFXE-&&NO)~ralA;fzs&U@Fa30#t~zc0pRfB7b6Z%a$nOtvZJY`rHtX`g9jqr zX$PdGTN@k2_wAd&V5~}=nUS#yecij=Ftgf90mOMnYb#n<)c`^rdW7c%1{4Y0pKa^i z=n!y6RH{0_5`n(8IC0|!J@^~&7T8o6Xl!J#X4}498alQ{7_slYkMUv#nIr{=r^|bD z`lZ)-nQlmE@0LY(^gy77eyg~@8#YAD?$G2CPnoD*S@d0p(O`ysPq(k@qy4M%=vhdy z&=(DxG~pfu;-_A52QN41wMpPA^>KtSI}($UqDW--90YjWH2Avntls@>OnIK2z4t!xfK&H8 zR;q}*|MAK3x&1~x39Q40SREZX?3Eo=WFk)4lI z8!*CqDD;(;sdpMhl4xmYiqPgz6R|5`VbgOL@-8H_*RVc-`w4DBwnhAAR_ueGZ07y<~+Q{?}lyMy&>e0>g!G#%cO;&^*Bt zM-Ck-DlW#73;FugpM&cc9eCRY%)r@)8nq!8H-D#XP2=C7Vb+HUF6rnE?A~!izlI|N z@ZsFnHusSRMoz`iNE|t26-j$bz&w9XPuXUkFX=2Nb73H4V2DNYfT5tVrR5gclk#V% zlJ5Pxv60usu7hQezPrtAfF7WGeU`XUf6l_pY_jj&-{$lq7(uap`B6edNGSZvkD-g? zl!SUY?hochtk|Nx=xfa}g)Na}zg4b#8s>-f(H4X#$f_s>-g|nU9v;JUOPW>0;vq21 zllE#-WH*cd`jY)>jX)EJvUm9CEnHM8N=m4a>YbJIxT=pD72fn;K+Hppa<&fv2B960 zV!LrX=LD|GBxG&2Q1Udw?t>XNX6|7A#TwFSH5CCiT_3h;B@8XZtKdX_b(Y z5<4Qh3b*dp_I40KI}G@J02dHK2oRPJqGZh!z0oX;j-N+P&QvZz`yxM6O;67XGDx%j z={D7l>gKzds*DRzK9B?(4-ebr!{%gZ`Cv4o7LH9ck}3(kS0T}Qg6P9Z0j`1k!NI}s z;riv(Fqgl`$lzyNU=(wbCv@T=F7%s<-_=0zVP@cg`rcSYl z6<>phc!nFFo4ezy?SAa2{v#@9j%7o%HgW2#bH=h9hm;+4Y}LiNM}Y&4lg7V2zI(Q2W?espB44_us)aJWOWB?zhuW+J?>MuNE+^!@5hIZ3Dt zgKMwRFJYfk!7_|+qVUbmgmw^gWd5n~nvP&R*d$P`3-j}K>^lfnRAVG9Ra;wIsE~0y z8r{~DDBrjuk1kiB5J55Z7!3DSR^j90Q&uL|BlI-TZ@DQ`m{belE5Zw!D5hXIE&A)x zQgL@M!NN!lFaTv;^x+!!O)b<&G~*QL$r%07zF31yoB<<~54fCKVU5O8!N)U?Rgb}# zE_E5V2c?R(G2Bkd2lOp^m8~C0dIhb@KM1uz~jxLYt}tQt$*Q^MjgARu;ek+L(T&+^FdT%`hu`_Aio3Q+ubM$!!I?mFFG2IjO@`@36PPlQ*9$}TS4Ckx9cEt zf6MjZ8E^2BXwUCpE(1E3-$g9xt*rc!^Ss3TmBY>2udHBV4uTxP{kn8Q@TQiDFxjM2 zb}5+f)Oc6@oj#dBH3otx2MRt`P z(bP;xOso;<1{H>KjifL$Hy^r*38e0UytIOXIX9_VguV>>Tri8G5=AVrDX;&<>Z+XQ zFSh2Fo10#4$X|;fQay=7@gDM;1tB`xDS(?UCFO?kw9NW~i7>WFLNLS#i;4C>sM-1{(8;rcvPH-e2|>jOFokoXjJ#9a7>>{a zBI)RWnnU(7tL#J^{%lCT3gm>_^oY+X`^ggrRE#nzRX9Gtm+qaBQ$#Fh8D$UcQOB?1 z_Z+3oqNBtPfWj6{?2e!eeZ{HxF20a>hlGW+IK+3LR+<w66@8=gGrHP(`eWY7$wSM5+!*b+QAw}g?meB?S36|PT{Uh_j5 z8sz{m(`inaK$x%9#$c%u{nJP&!BaS7@yP4fuMs7=PoMHC*b#~+1|Ab_6dX71a1(Bo zohyLbjggZRPe~}jf*ZsFf2eLK?3z{WqM%7|9DdW^HmN&c0}dz*h83)j8(_@|OK0Be ztMWk7bN2(p|Ni-Ns^DBbrn6wqD1xEGbSfpcDyRnKS0FZ)5O^~o@KW3=KP7GDij@E$ zu;94s*EL`wXdd)vK)%Co-TiC-b#W}uVKww8N?k+@Gl6F1uM+EHjlK5P1X5Hb2lf^r z{D4429SOG5PJ}9o#XjH^U!KUb^ucBOdZzxHE~tmn_2mh) zgHO^6s(U{@kx_jNTD7#)AO7{69P)I9v7?z$o9@n+HNZ0TH26i(7fj zP~C{D1CE`l9&%D-lO&cad4e$w!o(L&9I*y|U;UZnGCid`TB-@;apym{7lrrH<}Ip^ zkwNTT_+<26EaAbLa{R@`b@B%~b!Vif&w=)VPto=|G;2#3J>ln@e&gK^Z-YI)3CjrE z8)#_)bl}ml!}?oKR~MGM;Qp@e=(scL8vYWtH{6IX9UTY6#0(zHsALWUFVL}yiHM1P z9zd|d>x1dhi?gAhKESP9H`BDWkkE7%VfWZrcX^fxHiar9Nt!)S@CE zBm%rk{j zWWmz`@L&S}Kfmr_xSuCtF81+}hlv-2f~e>=28L4i5p0D_G^dB5X@EmWs?U4=+`ga- zU<50IMMdm95OhC}U>h9e1=SFE=X?tN-a zt6jKA$oD`V1vkO0a$E^46gtc4)2A_%s%)&bu6cBVe=;+iLCY#Lz0kbQDQDLuPHgAae=;}e_>bmKh50th5~_^F++n}6f_GjF9nZ`|GMv^ zGdJnbil})6v zc+K&#v1SJu>@Kbrg2m6v6H|UpO)P(L|2{{v6~y2Is9eGzsnBMzO%2e3goD5Y-4*GM zIW1H74oTfk3bKa}rdP0Oa|;V0ZPd(kATCr8F<@)kOa zIN7gZAsF2kKnUF)&R2APFg|!8_OLSss`5Yn_?^4$w$N^x;-om=1r`De(&V}d;(&>h zZss8@;K+AkSp4nVp$v;gSOdCuZ*QG1e!|@VJSQrPL--|H*5BX%_3LW@@RX}T1tle? zuwOhrkR=Me3ARg^-@rPc3=YkBQ}cisQ&B0!9n_8&WL%7+AxsA3$*2}X%vb{Qh3jv5 zWo0`j-A(9AFlqVXnGU;S?VX$sVi5yZ1ke%Z#d7hM7C)$4rAfGHzl+1LvSX&?pltl1hVIKR8%vd=xGz=iQxw^_>HzZQ!^5)@fxQmCxPraX>nYrZduB)xh zqreh`?cmivJuXnAO@!OKy4a8U;nT3-%dH^O1^NsXs0B9*@y4hQA0a&r&C6G>_!Yzm zB$(PV#xc07tWK8$(c#$$Y91o0r>4E%5BRN+DKtmfq{Hb}MQ&$dNY~s-NuY0`%An!e zT-no;golsp!UIA;WLX_P{27$P#S0fGC@9D-F%Lt+Djh%@tr8~~7bZ^XI7KkkgM))G z?J`qu!RJ~Oxd}8gZVDiwW}N@#D!0hj3E5CWR&enF-cy&NQVPuv1q~*BuCMAK%OZ2lK#_#< zY^KB#wk%W(uo%NXenc4LZwjCX&Jz7GJPZ#HI>so7aM9TmxOPzuP-O5ERyzQGTui)f z-)1@1OmQ~I<}UouIy$wmQ-EUA@{m(4#K%zcptgCzs0vvTSRNID<_>n=u`o=(OU@Nr zfv76rB}^&;GXg2(fwEgNbz$r#KXC+4&v{DOlBSabisQx&H2rgWdh}uCpIEVk5RIe7 zx*7I!5QI(Ho2rcb|!lk1+yEej$EA{PX#~$gjfSfkE6!ZWC$C40s@ug z<>lSo=JT?$gchp5#KZycdgynYEG%e1pzc5b-xjmNLkj3bAE_$au$^;sgeBR^#AHhW z55>JeN!>&b@d%hl5p%V7^-t^{kW;=AaIti!0tgk$5}DdRv=7vkXwMBdc~=E>*?95~ZH?qEA>CtPeT3%+jK%3z|a)cSV9+22L2D77W7*7^XGf;EFfX*@!rCs z9LOhl-iRUUOJLM76EGy74Nz}wZa(kmNS0|C2RFqD-5;lCvZ)8Hl4j^wk2;hXwQ};zv zK$sao;NvMV5E;2yDKY~G-UYIo1l;&UlSP&>K43qPDZ&H$@1TSpm2XnDUG!B(sk0** z$c0pl%wfCX)Atz^p#$ez_{o2M3vijF4(BJX?S;UHnY3egoEmvo2ph5R>BPhk5p>*= zFu_5{*W|raWC>`3zbL%vv&iw&*nH5WcEWRc+;|M7P>PtSw;*rh=mKv*Y*hlQrEg&H zxOHsf`G=L5i{rgqTi5yPB-8_5gi!=N(mQ5Jf9wM14z)x3hMt+{{?*ATJZYYL`S&%8 z+;9CBmX`^_kra`UhH*UHS2eV_`FZ3^RT`Z9mMGK%`1gFD^IN#=;^y{w&n$n6Qlrmd zQ&Y^31a9niou}q`%Sp6jXh|DFEmI>umFzeUebkf?C*k|qih+UQ(dJFUTk*%*Iy&mq z*!YPVRVBo|$Ek1!qip^+CcM%2z=UJl#_r-pT@Mk0mJyse!1Q=n1uPG!FSszrH(8x$ zK8_?;uLgW3f6fc!q754~3>gI4AH?8k%n{&hf$bpDDzFgvBPwkngrQxlT>Vp5RTYNn zO&i#qrrrV`_v_c6Gu~)C%j1Q5O$2W|jV2VSDOzR8Lqz;>^&@G{T&=;X}E?EO;IIx5sz3|t-)HnjDCsd3Wmqf5uR`gzr~~eAcn(Q^vt^SA@0heh+sUn zF>AoyY~30LEhV|?d;P7Go00qH#R##dYPkfCgHAri8i%v97K*hUvsXLONz}$>hn3J6T;N--KCkSDH$K;2B2yZ&V=O**1&^lnC5RN+LfE1~>wQ*(y2_f-9jF6|n>xO1`=Jm`t#Uj9wB< zDrth_^*_Yi>%ziGYzUCotk)<4)B|9mh4TVW(CNVw!Z1&PiDd*#F~H+dupRRjOM>dv zJw1xT!n7&+y9tN39@I^<!XA@>yP93F3$RFtn=gjGT;y>c}vRt?wb{qHgKvM8Zc0 zTFBUVd-J7D-0X&mCc803gEMo1V2TA}kn&K z{s<}v5v~v~gw+bd!Ktj=584kf5|2%ILBSlybnV(2w3LGwdEiUO z=V)reXxq9vI@nREh5kZKZCZHYI1E~N9K;W@8xsf~yZ34E0FtXd9_?sm#*RO0a&Izy z8Vm;=Z1HoDmEDRg(KkR!kRJnxi;YiDFa`|^&;gVTLztL#i4w%YM|>2iSIM18S6|-> zOGPDukMIOZ%(-yYAgcJ?W--AaCSP{_!rezt(;a@GdI=jwXfw6Ro`}yL_Ydz2B`F!sCJ>58|sscokr!5EL!7mKj zDmvA z+u42{VJeR4Yo-3V;b64x?nBaaM1B~3jQYS~Ab6pkggr_xx^Y7(=E!9#IS!y9UE8;) z{O#(>M};;mxP6-(!>tGrO8WWR8B9Ae#P!|nP|Aj54#&~7!mB#0PO)r@vJe~p`8lUp zx*!hMruEiG&vn93HJ1kvHY5rho}O80r}X}G5MhL}Y?Es3+q0%E1Y1AN5xlbAe&r2` z^3x%=I`)}*>g34?jsjL&flJkOwTi9@<9rq6$5I^98*t$%{eS}~9$#8rNK2!@<_p0M z@+=A~y0-EA2lVSl`-~{?WOA~;p|^f^@xzDgZbsVoXSxgJ2*&f?Acy@`k?ak z=56s8JyICxZfAvH zQJoQ%oFCqu62?6k*O2V3?b{*m9N3oZ0o5>)TVfE&Co)qUgAGSwRr^UPk9^9JSm~8^ zs<+mXB6qSjtE2*KXuo7hPkw*CL{n2H*%KH@@gy>XT=*slwH;46{ESmeVg+)^Ica%Q zUw4OI>bY}c#Uu~XuGu4UQ4`03iBl%TE)lK>*1^`)i-{yg4g$;8mwArX;}<*_Bzztk zA`HLS)ME;T3Q<(MU9jc+*Gm^aeR}EACAJ-0ssMknB1i#=6)WI>{zP=Q!OK*w3=Ir+ zaYf{>HHKh7J}exP+FXhaQmIrNC#*(!=P|kO*3YVl*_T`P#v-EDRDtwIckyPyeU)MA!zxCwh*LWoa(x?jGL#TH*tKj z5nRstX1u5I!iRp5d)K6P9W@GJ}v4ZJ!3epljjD~rP#o|1%>;dbrZU6!}`d*s5e2Y*>wbIfS zT5qVoXZBm(BC!)ojY5ya#8AbE+-rPdMmU@G(r>Gfc&+m5R&Q@k8WiA!ER1s>v8UqS z8sk{e3V5NM3u6`KuTumG^7lW#H+nyp;KO61yhq6cjO3Eq<3iPf%j@5@d#~-6VPhJ}wgc8{Uc83?)=&(`m@%v>lv$}PQz)DTp z%JZAg71-6#bXto)Jv+CPx}xfCOF^KuvVvv_+b*=nks~ia=63HJe?VYQ-2iP zyT^tNFIFS#{)}D%7jR~Bvdv%4n_hyy*6pdG(i0vOV>(=oi+?{gmXU@kko&xjGYm{e zsXLsO@lS9Fz%Y1q1Wl5Qwf}S-`T@2N2*p%9%Z_b_&Tyzz00iXgOh8#t72B4+m#5EW zjooR`!${cON7U~ttmLunAuGxD8Q461)v!j0J^&WYk~OGvf!$u8TQYIkvSZ)kwI;Hg z(HcmsfP5fsdJNMR0j1SusSj{0$7QTOAG(czOa6+&*#fdh3c z_#ew@fvC0;Bd~J4yvgKILgjAqXBE{dc zDPim~4R6Zt?AV{ky4xXr8(sK`XSx7WUQ!=Oq0)kUr7#m~as;Q`;M1mp%+!k`9v463rbJ-MkD*IY;qMQPi zVq^Hq-q2t>f#!y8rvr}|Z!&41y0U+6!L3`@+^+Q9!*zvBfsmqZEn1Pri;>YWyL`4Q zx6Rz!ll(6s@VtU60W4bH{rI3OZ6wf z?NNO1>u%9ZzvJC5a6$w*q$mK$8r!))w^0Yak?X_GvIn56mqd(Ycr)|}(qcXoT^)D_ z*=F~s5*;$iS-B|Oa^BVvOT=>n0r#j(R0T?5nSva~kv)#8f{TCry?0a$Od`~Fl31pY8Jr8?56s?s%ws{`M0qVkT1KWhcTnQ zicg#M5E+qd7}Oad`jw3z|DrIovf5Fl+utY@YCt&e>6^O-{y@cp0?BwmdeAldQPbzo z@7BG0cOo7-cP1WmqW96OSO0L0(fyQOa&vqxD|+$5jH;V*=8eakIl0i6x60i=@hYOT?|l|%{TWKQp+kir9hfRgTUHZD z{^}n*90H3&Q4BN4!_OBGEBAyyBDcQ(;rV2iJ^DtzczjupP*1|!Aik%{$(%UAfBRDu zwnEkLY+oPR5CPSzy$K7#8O%ZoQkSbDBrR4%zC8#Y)i(M%OG``S6D()&cLa&G$^v$C zZ_?@&D_4@#NyLW7{sf2PY}lS|1!_Ml*I(w8z3xO`OiBslxIr)|?M{!2t9%4uG3{rr z@*r|5|D6$#j@O>IxMj->L(Sb+zm^DVn=X^5vu^(|7i*E39H3VwZxrn};g3WAe)8t; zrD>F@>?ZU~bT;S>xefh{j8HJw1vUiiE1`j;Mmt9X30;M*gRk@FzoNyj@M`$Q2Ou-G z&S1v3X%oF>{;iGqf+ndm^?qnpHG+rD{7uU;;caCy5Ds_4a1Tpt<~z3)D{ z=kH&?#!gVQ)PzCsy8doGy~&p9;@&ce`8FKuuW^r7rE5m>e!hO)B3Q|9M%o$BvW?mL z`_cXT`>yeOlnKhLut8`O(sxEJlqteVV9%g-z2)6ZA9LX9s`QnJxfg6854WA!`2)~5 zv5UTFy&SvEB6ge3j^68pE&ULE-8u?I#a#(5*d+-OdOu8I$RJh0b^v)^+2!1oE8dva zIa5Q{&=|JwI$7>I%a|RcPh>tJ&zTt+v~PxaN3>KDwho-3v)dZZaLey+uKpiaAteD& zH{+bOO@ybLH+OD<(ISzHGOtm`AwZIJDDqK@-Un>Bm~{WL1%~UmxP&sSK4Pbi`%+6& zv!St(V2_I<6A&krmRg{mmFBsa#?9|&zXqj+b2D5%j}Sj7{@9PyJS1*_|9MKsPSJ)@ z=|0&uHB)Wy;_>72xnZ<b4T4j3{;cI^W_;1}E2^#=Ej3G>}fB#ccj5R-#kB;uX zoyA;VQwBo#YI7-cEVg+^oL!=tJ2iTA+spP!aGPeUOvj6zwGYL_fUei7ZIEV-V|R6T zPy3duX!#^|li20Mtph!wv~&f*#>OivAD>{G>!=laqB@}gsx4A;HJar~D z>I&mt!38iT*#9v88JG;46&w@urMx_c;IFv@>NnW*D(0$j0*I#^vm9x;q;HU}YVKcj zrvd}`-3k$9T--V+>RW!M%iP>x!td*mcq7^6%##kU8R|JxB(X6rb_Ne>95l_r?8F9Y zHURLjnvrrbg;ZCAN;4pdzh`8T{-c>Q}QpIuK6P4{4p^9#tm`=DFp68#Q_ea z|6$)oM$X+NDx{<&dcsk5E=avSdSpWTu*)g!EDH2U&KaR|pND9_?x-haCp#M0fu|h* zXPo>9;P`J<(^dS6mpNsPFi{1Tn49X-_SJGZ+nsORJ>f>!ST0p3qrA+3Uxsj9n7Ij+ z%K7+stH`4-U<;SBPd9$zAfQWonYwf`f8-Gq+=||Pd-hyHpf4ap2A7Zf#UX~sqsm1` zM{POuG!V(_Z6}R@oVUX5aRL5r(ICa-VKwKFZ{svY9=4ZPw|MN2up>1@u=Ug>i}V$* zR|i?eDJm)kTnt6sM`{SjT=Wflh?E*bO_W@23OLtUegXA$Or~O}ZGLx> zh$wZNG^iOUro?d+>h^}3#$lP*b15(IQM8lNmuJFdQ&{HK6fgV@4$6h3UNCDq#8XJM zIRE0R16!S9$AJ^G<4p4pe#Ak1^TrM1`4?-DfZ*NB{ilI`SQu@ z$pC3iJ9n;#sJ{8j8<6qQVbh+L7W77G)~uatVi3&Km6?u?;K~E-a(S1?Mb0{APX*xo z@q<{X#!r`okh7HUS^@abzt`3EMa6E?S!Lp1e2nKemCTnH9PBNGMz09&8{LkTR@dPT zexLhf{5VhOb-)Gy`bOt0k>$DqlR^a;12`a;ZUKZ;|;;Nf$3b7s6vYt;Ycd6j%jJ zIQj>?`l?rwZ8gswARv01mIYr_Rdab<-oAft@b;QzW$hv%NiJvAaH4<^kfh_#}d$V^TYCFL; zYbC21iN-);MR$I1bEEBB7`#tm4?8lVMvy8?!~y#>g)~BymdWjP$-eL1#GTfCqONX5 zyArhSn#e|m*O{`EkAcyjjC|ZUFB@)DRjnX3x?nm*Ir^d1_xm4FqZRaPEY0*Nq~^SP zcNJHK#KAl7cFAOK24a&N)_o(QkD?7$W;K$Mb;pAj*cb!@rK4v;jpu#HQePXOouz3u zu!Jk;7Nb6?*FokeHSg^x%CFBh?QiEFb9$uwgHR#wW!{AofAU@tf2y&|nT5^tf@H)1 z{c{z{`wbjOi%R%amG>o%R&o=Q|AcHgIw5c~TTO=>-xVzN51-exnXqKZTbQBoJ}w)@ zKJ27$@@IJL4@{@ErGLw~>nDzb1k)R}NwqQir#cDFKv`T;p_VC@2NCQPY730MfQF!Q zP2UUC7cDX;T`V9#Om62Fz&lBaf$m4EF5ZC%}~RM%aU+PFxKj6S?{%N9zEU4_#cVYkNaR8rUNEQ-4BlS>bz zaVRXTl2x|s{3xA+(+q;y8sTfSnJ&@z%vV*10ZC{vJslB8*L?mQ9T|BlE^aKp(7O{g zM*$>4`*!V+Nj5Jq1~Q`h_gj#hcc}kdNGSCyn+zpls_=GGj#*JEfas-;{NG9iEnWJ6 zN#KTCIs5$s+jDE4J!|0EZ-_r=xqHCe)Cx8XvDDi+9N24C`mTTW%%{Z##_*d)Dg%!! z-2iek1giO?ZD-D#2g2Ar)OO?g^~ArfYSdl4WC==4aC@QKeDtW-t8Lul*jRlmXT%)4 zxlKD-gnxp^WBmR28zfR8^%BUBpX@K78#~)$fTDMPwurVz7eCISt z3Fs)!oLNH%V3isd1X(w`1^)xiwmTp|lEn;#UaGl*IUXz1zXC6k;lX-s)5j6rn3*}s zA@H3_t%J&iar#}@a0tduKHB&I#I>NHn#E`$7ijy7!r8A2&isuuA9**%^;hxJkVw#9 z7`^Ht5wk#`2VCf)d8gN|U85*=_XO;#I^O?0Tc*-K-Rqht4MYe1Q8?XrRNG*$fWyjz1*jN8DnwGvZ_ zgW`WfS42~Ebz9gTMIidqTuGcw@wt<1lkCFlIVy1;-Z3}Qx7gND=Fd^7FQfD%o@y+} zZVq+8<;&rPm2am3sZb(hY&poufu5hdNP%%QGCFZj$C9I%OX%~DvvzO+dD=wCl2Xw5 zSQ#stWrZfDPw(Dkp?3h+HWB2_-MhMZi;6I{A{3a33dLhY>SEAnXe^<5=w+fm8$tH& z<$2ii;Wu{y-0nd02r{^K*;5Q{P1~Xyfaxjy00^MOFhxDvri{|qIi>_ioimA$XQab_ zBYbMOL1l{Q@H5kaP!r|6>_X!}-7{vlbxya9D~5D6FAX}OpW)cSekS^d4H2obpZ(!Y z{Ves_?e!gNx38fZwN|z|{N{~Qk$L?8$GP54HJ4kzl+xb8!J)20r@a8TRO8rl2C4Sz z+c(bPIIQ(5SJ$@f+RdkL+2zcE%cEM8^jjJ{0)3*a}-Mx2@!`+hr3hyP*qJa}WRwPq4@Sat3 zUwCYMPM+~DXRdY5A8`Cil7f~k8^)GJeDJ&V$m(mu(ig0W*rEej75{YB1$S|9T3=t| z*|rBy6ov)@hJZ^I7dsSfbX2zzoQ79C&()MG?3rMGXR!TJ&+wUj%vANy{8(}@;q=$O z7qc5bX9`h7?B1uCzCq0ZscmC1B(}EV^k{|H+G>1D)(}fXJ|CJDoCq_5!f0$mh@Ao5 z5Ti-n;+X7ZVk8n(4f6Xkx2r_rL`a3by`{T;{h5>$dxs=g^p>C5Ed#E6B%^~1w`9o@ z{OREboV=7oNxXbkmY&pw5F2;>^{3O)+&RMNe6Ct(nWx4dKi)QbDMbqBJcQ`X)#iOH z_1hj=?iWNOjQK?%rmHMNA{Qr(Q_V%AyxSU5MBiu^sz88gwLX1vEBqqHe;Lc&#k_99MNwUQKc=Xb*2dVxHoLFK->r0YKjKgq>S#T z;yq%td5xUSe%@rxeA_zpk<0{)eke6h=q!Eo?3tn2lC2&Hn0cs<`edBwKmo}A0^}du z(^0g}=EUfq6A%q>$}N4e8G#y59%(rhSF~)45a!f~GI}-j4FuEJw%^Bo;QWiH7#-DO zDa^v5p99K1xLZS1$GiBcWWL|-ufGnhGA3tvnUfQ=8o;#6hVhS?jdxC=>R@fskbMO% zKWdbP`CfiK`#~ds@J@=e@71w~XmRjNug|^78nfDRT-ESLdM>GZiq*AWN9gQ}jxM3= z8ai|+NI?~fA%oy854r<)II&qby#12Z_!(|b_l%>Q@61Vj7CmXTfSDdUru5{&A-(*m z{<7sga}=r|E}j6ts|#cP;K3t@{{2^nCt=Vb6b?(y%@N17G*wzO^uH^*6>WX{y!D$) zZBaXiHtaF7Ip_1XV|1YSZ1kSCF{u;NQ|Db0TG+mQcU$+MDC)Le8l-%+Z=r@W9;3Lp z>rN*0*Q?Hm0~1Y|26s+D($QR!xI9X2m|F=K7ES<1Nbl-&QPu8}kmb8EoHaOHZRoJL z3lql_ZU?DtNs*12ivFQ;=^jLm1x$i$lEQ!qzNiP}l(A{Uzgf_wkYzGw?%WF&KREt4E>ibu`JVZ9 zZ1iLmX|-gfzeAhWTLhXE4Ydka$;=yo+uDK17uthFtN2;qN0{!{!;$NmC*W>O5UuZEpKhZE5W6>L5t$zy@onkP#<3lWU>4%bA_{JPFH$w&2&; zwCN&w?Yo?*f9||Xozq`qH(rI5EkDuKzYCk#(q)Nm$}^eiq$?rz1P2y zW$0R6s9bz7hgLG)fwyD@lIvLTxell4V$7k~=kyf9;`u>UbOBaj^2|hD~ zBB8kjwG|%jj;|g5`pY2F?mqgZkt4&O9nOFH)!i^sHJ<7e^#NaZ#^p_m)#71U-er`bmc9bgNu0|Dklc*VMZ!I3|M1 zU)AIlq%C)ic;$uDP4<9Rh(r<+bU!~Cl{xEsh|T9yeade*6Ai%u(go6qDHCO30omCt zSa4ZIBXrcD6jrSQR6#bN!qgWK9rj#U~BbTD$z zWiL1a>j&aWssRZdg)XL(dTF3|X>sq(hRGMwN#;I)GPsodj}WLKxm-+X8kkMtp8Nk|rQ zKI+|J{c>&Egr*i_=)$V~hBUzuri zb6A5W9Q|Id>(MPCcTJF!SxqPB&)8SRakaH;nP*k_segyn7o#HOS~OgZw|AGnwg#t>61F_ITBF&EL=mI@{UNKGKAb%3@^H$bG?8#E~ z*Y~2hr0lX}u3-0w>IKX_dAp_W@P6v)20EgHJ+9Y}UhzO*{^bC5^^FGc%hINw3U`-m zueOgo5*tnd|sodL}CU^Ov)KB3Qm8kbLrf%?N#1SVJhmTFIhUnHm zd3QF@7DW7h#adznij%ABuP;6=nU~7;Y_~ID5DpeD79mjb?KgX@9~WzWCV=x!%afB$ zx34;=_)a)VR?glv1TglgRT?0=Dy`R*xlyLtMj_Cr#lhCK+(4cyOI#HR$NRPe9o-RgscsJ9B|bm*)lNk#LLhLmlY(< zvAalWljqk^VBqH9d}-J$DmHiKdvO?5xjt z*Z_?@plE&mI4T4Am}tG#jnF>N3(Gl**K}Esc(qNtoH3&pWNx&v&htsovsIP_4fjdoA4V46(@%$){&?!RfBgmv z4PC!(`k8FmKrmB?Xb0)NJqYN6%)WP+W|4z0AT!PE;?9bz~kMs zeQ=dw9^AC>Ppl`LsrhWu)cohFZ~_0@0KFRy{9}jsIsN7lM8^O63fc1%vZu5LKmqc< zNXPguo-_U~ghF^jVe~lbiBhmgzMT+%?AW0yNroI0EPrhMo(O=B&!y3?Upvf+X0JyK zTCbce5_L72WIcAKMfTcjqNJ%m2%n(6g;~b<8aCH+b?a}@cV>r_0;%nj7#SK`i+dYn z^%|C73|Pnoa(3J{lBme6#h+_xUOD10aKH2Jj$;3I|9(W-7*9z{&D{9Iqe`!CNp!T> zQZxYOT!x#!va-_S@_g#PK4+O@N{3==Y#3V{Yj;A-mMbJRtXR32#G16yv8~S*(i5=W zuT|(n?ZY{`RlArb+<9$QN)(ZD)@G*Jh0pAJbYkO>;pZ8C^sqTGYwK!Vof;r1$GLNR zH(sNMu@C3=WMpPi7(Pchd-$;X$7fVV@$o%y;DAr`^;4cH37Hh?Fnczt{MTiZQJaY4 z4t3hMs^`0*Neb@YgJJxIB<-7Xi}W~sx*kg(afw6^|QdUNkQ zC++gJ^IUWs`q(tIFa&6oj-@R=Ca8C}6)WaUpB_if&HL%hIz>^Bd$wP{zoD}o0wu{^ z4TEn7TKAC3V9gI4Zm7SuT{miAZAInqxYX1WTW25fYu6IWw=qJd{`$W2rs{=py({ti zmY3suu7gWJA-CIWCWJAuwipY%zle74G(B!sa&__-Z)LSgpFjpzgf9Hte>LfrrA%Z% zgLh_Ora|-ULaOLmg~TqM?HAe`%z`^yp8x9W>&$Nf0WIQ~eO-rInW=A7DvqlcN+h(Q zxDY@VvrnG%_|ut~E?Vz~?Zx}ml6x2i+qzZUid*~{soceCD-?K zGLm;&jF0}rh*57d?;RdAE@P0~W2L1Ux4Ko$J)wcHva-6`m6<8?=AD2}EQprhevR1Y zD_5ETc$lGPy7%9!tMVn$tMdN4l1P`=83Wu(k1;q>-wS}BqpY^{BrffwXFt~7AoOMY_?AvlTZMD`xO@HjBKPrqC7+_|v8=$9mrZA?@xjFr1LH_T9SgQui$#fV2`v@47aD69{lb z!mwmoY2ax5R`Y6)Tb@~Pxj4(K3AwHKn2nOD^3v4FwCn_QZbr*dbpsfQapW|~Li!$q z#fb4L*XfN6dBT1@T@4LTwOVMJ0ShyRFaYJA`KV1bsFv>CzOC_k1eX9v9n+Swl9JK$ z7^SY0XWap0r;$-<*ADp`s=ywvg!lx+@qn$wN_W(5UBj7(@^Q|Am;24f-az7+xAzs| z*H9qJD=6TsMh5%**YtQ0at18`6tXnM3CH>b(+Gr!!gna4T!s9aoY_&Kx9o z9ug-6rjoU$-qUQ(*2T|LL!tJ^Y`cTrZH)Ovr28i@J8J6acvn3Th7#=F_FX)?P#PR} zU35z`q`(-&zpYfWTep7ykqP)c{06viVcM2Y`!(Ku`GR`9W79f57{3#1L1%WQp5`+vyEiVUM=Jzxu(0pc`dtU%GV;UaM<8*Wvs6V>@bp1l|d2Dg0+g z%3&RSNl3xx6KBpmDJoJw6S&mL$$r+X$EODa6}_daKFCc(&xSZ>BG(O%e#%7`CLWAJG-Y?F7+~eCyoU((UgaCHa~*qVBj0 zQ}1ry{{3p>^Hsxw3qI8Oh{t}C+_H|i*mp&!ylkiG^8p-tnDm&`*3Lf{d7&3}w^m4w z)r^q(LxqsnSvI5mHCZ8j`cyJK2*iXFnJ>CIDX8t3B4@4D#2-e4hYKky^4s6=RO9Qv zc{3?@%*T&iLPKYbX+Ar<#q4UY2v>*gk-&R^JmbX-QOove(UV#yJ@mqwu}~bE` zm9#RCoFtYgA^b@XtC42F*MEAOSNP;?%vLvtgGouF4*t?CF_{#xM=%`%I%EKx$sTZw z34sovy_k~iUD@Lm%$MgJ9@KnQXT^adzdISYDx{jMevt+*q>^;<+Hxg1UrT;ycMr8R z-xqQ9AJ=LQ-sLPf^;WMQFUG<|-E9@ ziOnK*qsmc&b~GlYt*CmtY1<5|YnJU=OSE39-B%Rt?I?NR)V8%il$9wA*z7&x?pzh> zy)NWkRK9!nvtg}wtRJ@B*5V7s{_4ocAg`BFT_X!`jXi2*Gm1P?6-33Nr4H5CE!)L9 z)qc*eeX3lqa62LX<62L1_i|>dOK(ZZMh$jqEcaQ`?1zLMHWQ=(M4pQK%XB zYU(C*B?@78KGl!bQA?WtRO@S+Wt*|#Gv#@S{!LI5B>jLmsH&(40>9xm^7FksJ;^lr zr`zx|v9TgSzSE6a$aea_FYm15-}G>GnycfL2DTB8LuH-kDTuo;hf zFeYZ;=6U+8@;EyUA!i}@-t0nX6*iDPZU9#t{va_gz)q)(or8?E##Vi;uzmqmm z%%+g7TvDfnTfY;YTK~(tX%79hw{p{{_|#N~g$u7HBq)}qqv2$q!>R4l+~o7;qhrGj zwZgSr6k%rkz|J~4uyV$#S({ztZ}$qB6rX%2%UosV6x`)DHsa8Eep+Y4CGxY-n1OC6Ltmjz#V!oV zf|^ngKe17O+|P>)etYNb##?CKCQj@#aNsmrcIiy$pW@;j*)q3Zuev}RVjzSe+iP*} z)-98vL$yAhmTx1sR3lA!p{wsB-VaI3RcwWJ1{;vnV8s@asfi8ZTir){+5`4Nb)w+g zxbZv1SnHI^3shT+@OIx@_Ol_LN|s%S6BAk2niVS`>d_%jwzJc$dGqPJijO8MsIW@y(dC`*tcAGT zBAupzKU6*N-Lu2AZAJT6qh>CHa{we6joASP#P5=!jL9CAcf-$PVr*J&ATkxvQ4GLR z-bZi$C3Jnj9p%HdA#xbl#34tKg}ja057D))tqNYk-~#L!CB%gJSxL=S#@>y!llPif zGopijdyYJoRYR#@PD7_hSGhWy0dys(CPAgtt!R**KYyOuK`U8o7;M=L7&eSV{q8}+ zC8Vt|{@Fr@rQE)&OlXI>Ou?$H^>HtI@q_a-pVz#&&=1p(@O(^~#Fn`5Gugh^;6l;; z!YLvGjT`>w7M_BTNwJbQC2d)kkh3xzF(O_0CI){YHV-lfe1z-769JLK&NeGdnb3PA8H{{e zk6?XFy0QHldxPyc`oG`z4(i44ls(|SZCP8xf`3ss!tQ9%F0cRsXeg)=dp03x`j=HG zqM<{M^_?mjL(SBQ6O~K7D0vui@-33&16;iXvLG@M!dZq>Oz$UP!Zs0r0NJ&qRJ%1G zeQKgZc0+kP?{`OF-&0adD0JaVc-QTwJGT8%Zb~uflWHllSS(6KLG zyhCC}Omr5Cm2$^L1oI;R1qnHX15A^VbKV1nbE3ppFvR2awy4W$VSdcV60#vZYxQ?t zXOtqwjocLYO{Tr2KvL(X@K5!!J@nfPXN8eOdqvze0)M$ZE#J@j1ZoemVw)}~fb(H= z_0I+wM3sAJ_!@4|NCG6RRRW}udrd`#_{6UmpAa)x(#20ZYL=%O*5B>NIwZi z0AUm$4|PhNkX?)Z5ZjCp1eE1>-3b-!dwL2?Iyo!HvfOcCVF-dfZq=CYCa#_tlq*+m zCW3MQ&5mM4OkUV%cpS9k+`3tY%S?|q2=OEh-k8QBgtg3&ecoM-Atfhq*h0jOTPC82Mr<1@1)VGR7zqH-Q(d&^k zErH__#?5nL^)!nY6jpwcuEW>p>~f~3X2Ko4AU3+upt^udY$k(Lg_I^{=CDVS3fml^ zo121$n$3iKIfBmK4xYt=Q*6_wi?%k^#F`grZA(`p+TgI|VdNiCZeKI0VVx1F%3vB! zKYsO=-Ci$^RD~s;D3@ESHG%T%>{&N32##bvFB@9GzGMXy4CEMXTEG7G{rd)3@Heu< zm~MA&P+3A{ftra!k+l-?vdi$=ecr4)Jm5l+W^b_ei~S%B{EnQVwuvPf8z-;H_K;Y4 z{v5qxy?q;Ay`8{2EgtVia~>w-k5j)~zFdFO+1G`mbNntF*q=*5ATREOjeN5^Lq+ z@a&f6MzrH>31|SVZ_5AItK`DAORO3+?d$vY>9ZW8C24rz8;Dj&0{Qo+Og`HWy5ju{ zh2{ZvLzeEC=$z?0v{i3V57L%VQ4j)glhUI5n9U)%WpsV)vUAd}sM#;(1E)$ibrR_t z;M)=m1ZL|i#6{>xS9zlL$FXpl02T+$}*w~E9oN_r8`Be za#^;F)!bP+1hWjB^4vvTZ*|}wxpIwr;jKWGCzfjLMoO80KLXt)_D$`UwpVBXyWH%# zpyOv!b`RDiZjbck-C;~_!%S~dzNg07znJ|E4PK8%PcFPL%Ag9yHZ|KUNSRN)-gk?? z3IOM4>fQdo>!DMt((RA5WH-{sUndk8-tMilk5FjWCvj;$3>y=kd|+ij;r z!?KYsq~T-nZW%ot&wu{aJL;l;4o%C-u;tI^g!-^m@EjzBEYLEQ>x z^XGeB)D!Af;CSqzGy-|;3P7$<Q-!# zRFGA56>}O=*J5M1X7bN+K0;I7&>}Arq44V z-z(i>Rk?!W<<1uyMxa|Xo|h(eJo@U|H77j(lms3eSRNh>cwUojvH#{|8=G`05>5%I z4P-0yiw0AUJla+WIzW+&G^>-QCMZC0^*2Z^0c3SMEdOSMaEoAh+O8WB$)U|!ZQv=4 ze@X1qsne$k)-}}JgS(kBiC@O>i?BQS9%2=h7d)Ki3Z^0rMQT?I*2$@qlv+AK_Cqwa zg^Y#A8@(1~!6l?({xX@Tmsi0EtJszNw#z7vX3>t3ayEPR&Bf*SWgu{ngf>T#W i&nl9eCA@BEi*nfLvs3L?BxDFp{-p6!t