From 58a5b8c7a43d4dc62bea559751a91e7f19c4b2c8 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 17:01:47 +0100 Subject: [PATCH 01/13] Docs release for 2.21.0-rc.0 Signed-off-by: Thomas Hallgren --- Makefile | 2 +- versioned_docs/version-2.21/CONTRIBUTING.md | 23 + versioned_docs/version-2.21/README.md | 46 + versioned_docs/version-2.21/community.md | 13 + .../version-2.21/concepts/devloop.md | 55 ++ .../version-2.21/concepts/docker.md | 108 ++ .../version-2.21/concepts/faster.md | 31 + .../version-2.21/concepts/intercepts.md | 64 ++ versioned_docs/version-2.21/doc-links.yml | 80 ++ versioned_docs/version-2.21/faqs.md | 96 ++ .../version-2.21/howtos/cluster-in-vm.md | 198 ++++ .../version-2.21/howtos/intercepts.md | 225 +++++ .../version-2.21/howtos/large-clusters.md | 48 + .../version-2.21/howtos/outbound.md | 93 ++ .../version-2.21/images/TP_Architecture.svg | 900 +++++++++++++++++ versioned_docs/version-2.21/images/bugfix.png | Bin 0 -> 1893 bytes versioned_docs/version-2.21/images/change.png | Bin 0 -> 1534 bytes .../images/container-inner-dev-loop.png | Bin 0 -> 24458 bytes .../images/docker-header-containers.png | Bin 0 -> 47932 bytes .../version-2.21/images/feature.png | Bin 0 -> 2428 bytes versioned_docs/version-2.21/images/logo.png | Bin 0 -> 33920 bytes .../images/secondary-container-intercept.png | Bin 0 -> 54941 bytes .../images/secondary-no-intercept.png | Bin 0 -> 44236 bytes .../images/secondary-normal-intercept.png | Bin 0 -> 54908 bytes .../version-2.21/images/security.png | Bin 0 -> 1832 bytes .../version-2.21/images/split-tunnel.png | Bin 0 -> 83325 bytes .../version-2.21/images/tracing.png | Bin 0 -> 87995 bytes .../images/trad-inner-dev-loop.png | Bin 0 -> 21915 bytes .../version-2.21/images/tunnelblick.png | Bin 0 -> 93767 bytes .../version-2.21/images/vpn-dns.png | Bin 0 -> 82502 bytes .../version-2.21/images/vpn-k8s-config.jpg | Bin 0 -> 20900 bytes .../version-2.21/images/vpn-routing.jpg | Bin 0 -> 28109 bytes .../version-2.21/images/vpn-vnat.jpg | Bin 0 -> 52895 bytes .../version-2.21/images/vpn-with-tele.jpg | Bin 0 -> 37690 bytes versioned_docs/version-2.21/install/client.md | 125 +++ versioned_docs/version-2.21/install/cloud.md | 60 ++ .../version-2.21/install/manager.md | 182 ++++ .../version-2.21/install/upgrade.md | 77 ++ versioned_docs/version-2.21/licenses.md | 8 + versioned_docs/version-2.21/quick-start.md | 113 +++ versioned_docs/version-2.21/redirects.yml | 1 + .../version-2.21/reference/architecture.md | 48 + .../version-2.21/reference/client.md | 36 + .../version-2.21/reference/cluster-config.md | 181 ++++ .../version-2.21/reference/config.md | 342 +++++++ versioned_docs/version-2.21/reference/dns.md | 71 ++ .../version-2.21/reference/docker-run.md | 119 +++ .../version-2.21/reference/environment.md | 49 + .../reference/inside-container.md | 38 + .../version-2.21/reference/intercepts/cli.md | 384 ++++++++ .../reference/intercepts/container.md | 41 + .../reference/intercepts/sidecar.md | 72 ++ .../version-2.21/reference/monitoring.md | 432 ++++++++ versioned_docs/version-2.21/reference/rbac.md | 242 +++++ .../version-2.21/reference/routing.md | 57 ++ .../version-2.21/reference/tun-device.md | 32 + .../version-2.21/reference/volume.md | 43 + versioned_docs/version-2.21/reference/vpn.md | 219 +++++ versioned_docs/version-2.21/release-notes.md | 927 ++++++++++++++++++ versioned_docs/version-2.21/release-notes.mdx | 635 ++++++++++++ .../version-2.21/troubleshooting.md | 255 +++++ versioned_docs/version-2.21/variables.yml | 2 + versioned_sidebars/version-2.21-sidebars.json | 8 + versions.json | 1 + 64 files changed, 6781 insertions(+), 1 deletion(-) create mode 100644 versioned_docs/version-2.21/CONTRIBUTING.md create mode 100644 versioned_docs/version-2.21/README.md create mode 100644 versioned_docs/version-2.21/community.md create mode 100644 versioned_docs/version-2.21/concepts/devloop.md create mode 100644 versioned_docs/version-2.21/concepts/docker.md create mode 100644 versioned_docs/version-2.21/concepts/faster.md create mode 100644 versioned_docs/version-2.21/concepts/intercepts.md create mode 100644 versioned_docs/version-2.21/doc-links.yml create mode 100644 versioned_docs/version-2.21/faqs.md create mode 100644 versioned_docs/version-2.21/howtos/cluster-in-vm.md create mode 100644 versioned_docs/version-2.21/howtos/intercepts.md create mode 100644 versioned_docs/version-2.21/howtos/large-clusters.md create mode 100644 versioned_docs/version-2.21/howtos/outbound.md create mode 100644 versioned_docs/version-2.21/images/TP_Architecture.svg create mode 100644 versioned_docs/version-2.21/images/bugfix.png create mode 100644 versioned_docs/version-2.21/images/change.png create mode 100644 versioned_docs/version-2.21/images/container-inner-dev-loop.png create mode 100644 versioned_docs/version-2.21/images/docker-header-containers.png create mode 100644 versioned_docs/version-2.21/images/feature.png create mode 100644 versioned_docs/version-2.21/images/logo.png create mode 100644 versioned_docs/version-2.21/images/secondary-container-intercept.png create mode 100644 versioned_docs/version-2.21/images/secondary-no-intercept.png create mode 100644 versioned_docs/version-2.21/images/secondary-normal-intercept.png create mode 100644 versioned_docs/version-2.21/images/security.png create mode 100644 versioned_docs/version-2.21/images/split-tunnel.png create mode 100644 versioned_docs/version-2.21/images/tracing.png create mode 100644 versioned_docs/version-2.21/images/trad-inner-dev-loop.png create mode 100644 versioned_docs/version-2.21/images/tunnelblick.png create mode 100644 versioned_docs/version-2.21/images/vpn-dns.png create mode 100644 versioned_docs/version-2.21/images/vpn-k8s-config.jpg create mode 100644 versioned_docs/version-2.21/images/vpn-routing.jpg create mode 100644 versioned_docs/version-2.21/images/vpn-vnat.jpg create mode 100644 versioned_docs/version-2.21/images/vpn-with-tele.jpg create mode 100644 versioned_docs/version-2.21/install/client.md create mode 100644 versioned_docs/version-2.21/install/cloud.md create mode 100644 versioned_docs/version-2.21/install/manager.md create mode 100644 versioned_docs/version-2.21/install/upgrade.md create mode 100644 versioned_docs/version-2.21/licenses.md create mode 100644 versioned_docs/version-2.21/quick-start.md create mode 100644 versioned_docs/version-2.21/redirects.yml create mode 100644 versioned_docs/version-2.21/reference/architecture.md create mode 100644 versioned_docs/version-2.21/reference/client.md create mode 100644 versioned_docs/version-2.21/reference/cluster-config.md create mode 100644 versioned_docs/version-2.21/reference/config.md create mode 100644 versioned_docs/version-2.21/reference/dns.md create mode 100644 versioned_docs/version-2.21/reference/docker-run.md create mode 100644 versioned_docs/version-2.21/reference/environment.md create mode 100644 versioned_docs/version-2.21/reference/inside-container.md create mode 100644 versioned_docs/version-2.21/reference/intercepts/cli.md create mode 100644 versioned_docs/version-2.21/reference/intercepts/container.md create mode 100644 versioned_docs/version-2.21/reference/intercepts/sidecar.md create mode 100644 versioned_docs/version-2.21/reference/monitoring.md create mode 100644 versioned_docs/version-2.21/reference/rbac.md create mode 100644 versioned_docs/version-2.21/reference/routing.md create mode 100644 versioned_docs/version-2.21/reference/tun-device.md create mode 100644 versioned_docs/version-2.21/reference/volume.md create mode 100644 versioned_docs/version-2.21/reference/vpn.md create mode 100644 versioned_docs/version-2.21/release-notes.md create mode 100644 versioned_docs/version-2.21/release-notes.mdx create mode 100644 versioned_docs/version-2.21/troubleshooting.md create mode 100644 versioned_docs/version-2.21/variables.yml create mode 100644 versioned_sidebars/version-2.21-sidebars.json diff --git a/Makefile b/Makefile index 1efb58c2..5b4d9430 100644 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ telepresence-remote: .PHONY: telepresence-remote # MATCH_TAGS is the regexp matching the tags that we expect will have docs. -MATCH_TAGS ?= ^v2\.[2-9][0-9]+\.[0-9]+$$ +MATCH_TAGS ?= ^v2\.[2-9][0-9]+\.[0-9]+(-rc\.[0-9]+)?$$ # EXCLUDE_TAGS is used when we want to exclude some of the matching tags from the telepresence repository EXCLUDE_TAGS ?= diff --git a/versioned_docs/version-2.21/CONTRIBUTING.md b/versioned_docs/version-2.21/CONTRIBUTING.md new file mode 100644 index 00000000..fdbcee10 --- /dev/null +++ b/versioned_docs/version-2.21/CONTRIBUTING.md @@ -0,0 +1,23 @@ +# Telepresence Documentation + +This folder contains the Telepresence documentation in a format suitable for a versioned folder in the +telepresenceio/telepresence.io repository. The folder will show up in that repository when a new minor revision +tag is created here. + +Assuming that a 2.20.0 release is pending, and that a release/v2.20.0 branch has been created, then: +```console +$ export TELEPRESENCE_VERSION=v2.20.0 +$ make prepare-release +$ git push origin {,rpc/}v2.20.0 release/v2.20.0 +``` + +will result in a `docs/v2.20` folder with this folder's contents in the telepresenceio/telepresence.io repository. + +Subsequent bugfix tags for the same minor tag, i.e.: +```console +$ export TELEPRESENCE_VERSION=v2.20.1 +$ make prepare-release +$ git push origin {,rpc/}v2.20.1 release/v2.20.1 +``` +will not result in a new folder when it is pushed, but it will update the content of the `docs/v2.20` folder to +reflect this folder's content for that tag. diff --git a/versioned_docs/version-2.21/README.md b/versioned_docs/version-2.21/README.md new file mode 100644 index 00000000..183f155c --- /dev/null +++ b/versioned_docs/version-2.21/README.md @@ -0,0 +1,46 @@ +--- +description: Main menu when using plain markdown. Excluded when generating the website +--- +# Telepresence Documentation +raw markdown version, more bells and whistles at [telepresence.io](https://telepresence.io) + +- [Quick start](quick-start.md) +- Install Telepresence + - [Install Client](install/client.md) + - [Upgrade Client](install/upgrade.md) + - [Install Traffic Manager](install/manager.md) + - [Cloud Provider Prerequisites](install/cloud.md) +- Core concepts + - [The developer experience and the inner dev loop](concepts/devloop.md) + - [Making the remote local: Faster feedback, collaboration and debugging](concepts/faster.md) + - [Using Telepresence with Docker](concepts/docker.md) + - [Intercepts](concepts/intercepts.md) +- How do I... + - [Code and debug an application locally](howtos/intercepts.md) + - [Proxy outbound traffic to my cluster](howtos/outbound.md) + - [Work with large clusters](howtos/large-clusters.md) + - [Host a cluster in Docker or a VM](howtos/cluster-in-vm.md) +- Technical reference + - [Architecture](reference/architecture.md) + - [Client reference](reference/client.md) + - [Laptop-side configuration](reference/config.md) + - [Cluster-side configuration](reference/cluster-config.md) + - [Using Docker for intercepts](reference/docker-run.md) + - [Running Telepresence in a Docker container](reference/inside-container.md) + - [Environment variables](reference/environment.md) + - Intercepts + - [Configure intercept using CLI](reference/intercepts/cli.md) + - [Traffic Agent Sidecar](reference/intercepts/sidecar.md) + - [Target a specific container](reference/intercepts/container.md) + - [Volume mounts](reference/volume.md) + - [DNS resolution](reference/dns.md) + - [RBAC](reference/rbac.md) + - [Telepresence and VPNs](reference/vpn.md) + - [Networking through Virtual Network Interface](reference/tun-device.md) + - [Connection Routing](reference/routing.md) + - [Monitoring](reference/monitoring.md) +- [FAQs](faqs.md) +- [Troubleshooting](troubleshooting.md) +- [Community](community.md) +- [Release Notes](release-notes.md) +- [Licenses](licenses.md) diff --git a/versioned_docs/version-2.21/community.md b/versioned_docs/version-2.21/community.md new file mode 100644 index 00000000..b264c917 --- /dev/null +++ b/versioned_docs/version-2.21/community.md @@ -0,0 +1,13 @@ +--- +title: Community +hide_table_of_contents: true +--- + +# Community + +## Contributor's guide +Please review our [contributor's guide](https://github.com/telepresenceio/telepresence/blob/release/v2/CONTRIBUTING.md) +on GitHub to learn how you can help make Telepresence better. + +## Meetings +Check out our community [meeting schedule](https://github.com/telepresenceio/telepresence/blob/release/v2/MEETING_SCHEDULE.md) for opportunities to interact with Telepresence developers. diff --git a/versioned_docs/version-2.21/concepts/devloop.md b/versioned_docs/version-2.21/concepts/devloop.md new file mode 100644 index 00000000..d97f27af --- /dev/null +++ b/versioned_docs/version-2.21/concepts/devloop.md @@ -0,0 +1,55 @@ +--- +title: The developer experience and the inner dev loop +hide_table_of_contents: true +--- + +# The developer experience and the inner dev loop + +## How is the developer experience changing? + +The developer experience is the workflow a developer uses to develop, test, deploy, and release software. + +Typically this experience has consisted of both an inner dev loop and an outer dev loop. The inner dev loop is where the individual developer codes and tests, and once the developer pushes their code to version control, the outer dev loop is triggered. + +The outer dev loop is _everything else_ that happens leading up to release. This includes code merge, automated code review, test execution, deployment, controlled (canary) release, and observation of results. The modern outer dev loop might include, for example, an automated CI/CD pipeline as part of a GitOps workflow and a progressive delivery strategy relying on automated canaries, i.e. to make the outer loop as fast, efficient and automated as possible. + +Cloud-native technologies have fundamentally altered the developer experience in two ways: one, developers now have to take extra steps in the inner dev loop; two, developers need to be concerned with the outer dev loop as part of their workflow, even if most of their time is spent in the inner dev loop. + +Engineers now must design and build distributed service-based applications _and_ also assume responsibility for the full development life cycle. The new developer experience means that developers can no longer rely on monolithic application developer best practices, such as checking out the entire codebase and coding locally with a rapid “live-reload” inner development loop. Now developers have to manage external dependencies, build containers, and implement orchestration configuration (e.g. Kubernetes YAML). This may appear trivial at first glance, but this adds development time to the equation. + +## What is the inner dev loop? + +The inner dev loop is the single developer workflow. A single developer should be able to set up and use an inner dev loop to code and test changes quickly. + +Even within the Kubernetes space, developers will find much of the inner dev loop familiar. That is, code can still be written locally at a level that a developer controls and committed to version control. + +In a traditional inner dev loop, if a typical developer codes for 360 minutes (6 hours) a day, with a traditional local iterative development loop of 5 minutes — 3 coding, 1 building, i.e. compiling/deploying/reloading, 1 testing inspecting, and 10-20 seconds for committing code — they can expect to make ~70 iterations of their code per day. Any one of these iterations could be a release candidate. The only “developer tax” being paid here is for the commit process, which is negligible. + +![traditional inner dev loop](../images/trad-inner-dev-loop.png#devloop) + +## In search of lost time: How does containerization change the inner dev loop? + +The inner dev loop is where writing and testing code happens, and time is critical for maximum developer productivity and getting features in front of end users. The faster the feedback loop, the faster developers can refactor and test again. + +Changes to the inner dev loop process, i.e., containerization, threaten to slow this development workflow down. Coding stays the same in the new inner dev loop, but code has to be containerized. The _containerized_ inner dev loop requires a number of new steps: + +* packaging code in containers +* writing a manifest to specify how Kubernetes should run the application (e.g., YAML-based configuration information, such as how much memory should be given to a container) +* pushing the container to the registry +* deploying containers in Kubernetes + +Each new step within the container inner dev loop adds to overall development time, and developers are repeating this process frequently. If the build time is incremented to 5 minutes — not atypical with a standard container build, registry upload, and deploy — then the number of possible development iterations per day drops to ~40. At the extreme that’s a 40% decrease in potential new features being released. This new container build step is a hidden tax, which is quite expensive. + + +![container inner dev loop](../images/container-inner-dev-loop.png#devloop) + +## Tackling the slow inner dev loop + +A slow inner dev loop can negatively impact frontend and backend teams, delaying work on individual and team levels and slowing releases into production overall. + +For example: + +* Frontend developers have to wait for previews of backend changes on a shared dev/staging environment (for example, until CI/CD deploys a new version) and/or rely on mocks/stubs/virtual services when coding their application locally. These changes are only verifiable by going through the CI/CD process to build and deploy within a target environment. +* Backend developers have to wait for CI/CD to build and deploy their app to a target environment to verify that their code works correctly with cluster or cloud-based dependencies as well as to share their work to get feedback. + +New technologies and tools can facilitate cloud-native, containerized development. And in the case of a sluggish inner dev loop, developers can accelerate productivity with tools that help speed the loop up again. diff --git a/versioned_docs/version-2.21/concepts/docker.md b/versioned_docs/version-2.21/concepts/docker.md new file mode 100644 index 00000000..e8242f4b --- /dev/null +++ b/versioned_docs/version-2.21/concepts/docker.md @@ -0,0 +1,108 @@ +--- +title: "Using Telepresence with Docker" +hide_table_of_contents: true +--- +# Telepresence with Docker Golden Path + +## Why? + +It can be tedious to adopt Telepresence across your organization, since in its handiest form, it requires admin access, and needs to get along with any exotic +networking setup that your company may have. + +If Docker is already approved in your organization, this Golden path should be considered. + +## How? + +When using Telepresence in Docker mode, users can eliminate the need for admin access on their machines, address several networking challenges, and forego the need for third-party applications to enable volume mounts. + +You can simply add the docker flag to any Telepresence command, and it will start your daemon in a container. +Thus removing the need for root access, making it easier to adopt as an organization + +Let's illustrate with a quick demo, assuming a default Kubernetes context named default, and a simple HTTP service: + +```cli +$ telepresence connect --docker +Connected to context default, namespace default (https://default.cluster.bakerstreet.io) + +$ docker ps +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +7a0e01cab325 datawire/telepresence:2.12.1 "telepresence connec…" 18 seconds ago Up 16 seconds 127.0.0.1:58802->58802/tcp tp-default +``` + +This method limits the scope of the potential networking issues since everything stays inside Docker. The Telepresence daemon can be found under the name `tp-` when listing your containers. + +Start an intercept and a corresponding intercept-handler: + +```cli +$ telepresence intercept echo-easy --port 8080:80 --docker-run -- jmalloc/echo-server +Using Deployment echo-easy + Intercept name : echo-easy + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Service Port Identifier: proxied + Intercepting : all TCP requests +Echo server listening on port 8080. +``` + +Using `--docker-run` starts the local container that acts as the intercept handler so that it uses the same network as the container that runs the telepresence daemon. It will also +have the remote volumes mounted in the same way as the remote container that it intercepts. + +If you want to curl your remote service, you'll need to do that from a container that shares the daemon container's network. You can find the network using `telepresence status`: +```cli +$ telepresence status | grep 'Container network' + Container network : container:tp-default-default-cn +``` + +Now curl with a `docker run` that uses that network: +```cli +$ docker run --network container:tp-default-default-cn --rm curlimages/curl echo-easy + % Total % Received % Xferd Average Speed Time Time Time Current + Dload Upload Total Spent Left Speed +100 99 100 99 0 0 21104 0 --:--:-- --:--:-- -Request served by 4b225bc8d6f1 + +GET / HTTP/1.1 + +Host: echo-easy +Accept: */* +User-Agent: curl/8.6.0 +-:--:-- 24750 +``` + +Similarly, if you want to start your intercept handler manually using `docker run`, you must ensure that it shares the daemon container's network: + +```cli +$ docker run \ + --network=container:tp-default \ + -e PORT=8080 jmalloc/echo-server +Echo server listening on port 8080. +``` + +### Tip. Use named connections +You can use the `--name` flag to name the connection and get a shorter network name: + +``` +$ telepresence quit +$ telepresence connect --docker --name a +``` +Now, the network name will be `tp-a` instead of `tp-default-default-cn`. + +Naming is also very useful when you want to connect to several namespaces simultaneously, e.g. + +``` +$ telepresence connect --docker --name alpha --namespace alpha +$ telepresence connect --docker --name beta --namespace beta +``` + +Now, with two connections active, you must pass the flag `--use ` to other commands, e.g. +``` +$ telepresence intercept echo-easy --use alpha --port 8080:80 --docker-run -- jmalloc/echo-server +``` + +## Key learnings + +* Using the Docker mode of telepresence **does not require root access**, and makes it **easier** to adopt it across your organization. +* It **limits the potential networking issues** you can encounter. +* It **limits the potential mount issues** you can encounter. +* It **enables simultaneous intercepts in multiple namespaces**. +* It leverages **Docker** for your interceptor. diff --git a/versioned_docs/version-2.21/concepts/faster.md b/versioned_docs/version-2.21/concepts/faster.md new file mode 100644 index 00000000..edbe347c --- /dev/null +++ b/versioned_docs/version-2.21/concepts/faster.md @@ -0,0 +1,31 @@ +--- +title: "Making the remote local: Faster feedback, collaboration and debugging" +hide_table_of_contents: true +--- + +--- +# Making the remote local: Faster feedback, collaboration and debugging + +With the goal of achieving fast, efficient development, developers need a set of approaches to bridge the gap between remote Kubernetes clusters and local development, and reduce time to feedback and debugging. + +## How should I set up a Kubernetes development environment? + +Setting up a development environment for Kubernetes can be much more complex than the setup for traditional web applications. Creating and maintaining a Kubernetes development environment relies on a number of external dependencies, such as databases or authentication. + +While there are several ways to set up a Kubernetes development environment, most introduce complexities and impediments to speed. The dev environment should be set up to easily code and test in conditions where a service can access the resources it depends on. + +A good way to meet the goals of faster feedback, possibilities for collaboration, and scale in a realistic production environment is the "single service local, all other remote" environment. Developing in a fully remote environment offers some benefits, but for developers, it offers the slowest possible feedback loop. With local development in a remote environment, the developer retains considerable control while using tools like [Telepresence](../quick-start.md) to facilitate fast feedback, debugging and collaboration. + +## What is Telepresence? + +Telepresence is an open source tool that lets developers [code and test microservices locally against a remote Kubernetes cluster](../quick-start.md). Telepresence facilitates more efficient development workflows while relieving the need to worry about other service dependencies. + +## How can I get fast, efficient local development? + +The dev loop can be jump-started with the right development environment and Kubernetes development tools to support speed, efficiency and collaboration. Telepresence is designed to let Kubernetes developers code as though their laptop is in their Kubernetes cluster, enabling the service to run locally and be proxied into the remote cluster. Telepresence runs code locally and forwards requests to and from the remote Kubernetes cluster, bypassing the much slower process of waiting for a container to build, pushing it to registry, and deploying to production. + +A rapid and continuous feedback loop is essential for productivity and speed; Telepresence enables the fast, efficient feedback loop to ensure that developers can access the rapid local development loop they rely on without disrupting their own or other developers' workflows. Telepresence safely intercepts traffic from the production cluster and enables near-instant testing of code and local debugging in production. + +Telepresence works by deploying a two-way network proxy in a pod running in a Kubernetes cluster. This pod proxies data from the Kubernetes environment (e.g., TCP/UDP connections, environment variables, volumes) to the local process. This proxy can intercept traffic meant for the service and reroute it to a local copy, which is ready for further (local) development. + +The intercept proxy works thanks to context propagation, which is most frequently associated with distributed tracing but also plays a key role in controllable intercepts. diff --git a/versioned_docs/version-2.21/concepts/intercepts.md b/versioned_docs/version-2.21/concepts/intercepts.md new file mode 100644 index 00000000..e3496699 --- /dev/null +++ b/versioned_docs/version-2.21/concepts/intercepts.md @@ -0,0 +1,64 @@ +--- +title: "Intercepts" +description: "Short demonstration of global intercepts" +hide_table_of_contents: true +--- + +import Admonition from '@theme/Admonition'; +import Paper from '@mui/material/Paper'; +import Tab from '@mui/material/Tab'; +import TabContext from '@mui/lab/TabContext'; +import TabList from '@mui/lab/TabList'; +import TabPanel from '@mui/lab/TabPanel'; +import TabsContainer from '@site/src/components/TabsContainer'; +import Animation from '@site/src/components/InterceptAnimation'; + + + + +# No intercept + + + + +This is the normal operation of your cluster without Telepresence. + + + + + + + +# Intercept + + + +**Intercepts** replace the Kubernetes "Orders" service with the +Orders service running on your laptop. The users see no change, but +with all the traffic coming to your laptop, you can observe and debug +with all your dev tools. + +### Creating and using intercepts + + 1. Creating the intercept: Intercept your service from your CLI: + + ```shell + telepresence intercept SERVICENAME + ``` + + + + Make sure your current kubectl context points to the target + cluster. If your service is running in a different namespace than + your current active context, use or change the `--namespace` flag. + + + + 2. Using the intercept: Send requests to your service: + + All requests will be sent to the version of your service that is + running in the local development environment. + + + + diff --git a/versioned_docs/version-2.21/doc-links.yml b/versioned_docs/version-2.21/doc-links.yml new file mode 100644 index 00000000..428a84d8 --- /dev/null +++ b/versioned_docs/version-2.21/doc-links.yml @@ -0,0 +1,80 @@ +- title: Quick start + link: quick-start +- title: Install Telepresence + items: + - title: Install Client + link: install/client + - title: Upgrade Client + link: install/upgrade + - title: Install Traffic Manager + link: install/manager + - title: Cloud Provider Prerequisites + link: install/cloud +- title: Core concepts + items: + - title: The developer experience and the inner dev loop + link: concepts/devloop + - title: "Making the remote local: Faster feedback, collaboration and debugging" + link: concepts/faster + - title: Using Telepresence with Docker + link: concepts/docker + - title: Intercepts + link: concepts/intercepts +- title: How do I... + items: + - title: Code and debug an application locally + link: howtos/intercepts + - title: Proxy outbound traffic to my cluster + link: howtos/outbound + - title: Work with large clusters + link: howtos/large-clusters + - title: Host a cluster in Docker or a VM + link: howtos/cluster-in-vm +- title: Technical reference + items: + - title: Architecture + link: reference/architecture + - title: Client reference + link: reference/client + - title: Laptop-side configuration + link: reference/config + - title: Cluster-side configuration + link: reference/cluster-config + - title: Using Docker for intercepts + link: reference/docker-run + - title: Running Telepresence in a Docker container + link: reference/inside-container + - title: Environment variables + link: reference/environment + - title: Intercepts + items: + - title: Configure intercept using CLI + link: reference/intercepts/cli + - title: Traffic Agent Sidecar + link: reference/intercepts/sidecar + - title: Target a specific container + link: reference/intercepts/container + - title: Volume mounts + link: reference/volume + - title: DNS resolution + link: reference/dns + - title: RBAC + link: reference/rbac + - title: Telepresence and VPNs + link: reference/vpn + - title: Networking through Virtual Network Interface + link: reference/tun-device + - title: Connection Routing + link: reference/routing + - title: Monitoring + link: reference/monitoring +- title: FAQs + link: faqs +- title: Troubleshooting + link: troubleshooting +- title: Community + link: community +- title: Release Notes + link: release-notes +- title: Licenses + link: licenses \ No newline at end of file diff --git a/versioned_docs/version-2.21/faqs.md b/versioned_docs/version-2.21/faqs.md new file mode 100644 index 00000000..7c75d8a2 --- /dev/null +++ b/versioned_docs/version-2.21/faqs.md @@ -0,0 +1,96 @@ +--- +title: FAQs +description: "Learn how Telepresence helps with fast development and debugging in your Kubernetes cluster." +hide_table_of_contents: true +--- + +# FAQs + +** Why Telepresence?** + +Modern microservices-based applications that are deployed into Kubernetes often consist of tens or hundreds of services. The resource constraints and number of these services means that it is often difficult to impossible to run all of this on a local development machine, which makes fast development and debugging very challenging. The fast [inner development loop](concepts/devloop.md) from previous software projects is often a distant memory for cloud developers. + +Telepresence enables you to connect your local development machine seamlessly to the cluster via a two way proxying mechanism. This enables you to code locally and run the majority of your services within a remote Kubernetes cluster -- which in the cloud means you have access to effectively unlimited resources. + +Ultimately, this empowers you to develop services locally and still test integrations with dependent services or data stores running in the remote cluster. + +You can “intercept” any requests made to a target Kubernetes workload, and code and debug your associated service locally using your favourite local IDE and in-process debugger. You can test your integrations by making requests against the remote cluster’s ingress and watching how the resulting internal traffic is handled by your service running locally. + +You can also "ingest" a target Kubernetes workload. Very similar to an intercept in that your local workstation has access to the workload's network, environment, and volumes, but no traffic will be rerouted from the cluster + +** What operating systems does Telepresence work on?** + +Telepresence currently works natively on macOS (Intel and Apple Silicon), Linux, and Windows. + +** What protocols can be intercepted by Telepresence?** + +Both TCP and UDP are supported. + +** When using Telepresence to ingest or intercept a container, are the Kubernetes cluster environment variables proxied on my local machine?** + +Yes, you can either set the container's environment variables on your machine or write the variables to a file to use with Docker or another build process. You can also directly pass the environments to an intercept handler that is run by the ingest or intercept. Please see [the environment variable reference doc](reference/environment.md) for more information. + +** When using Telepresence to ingest or intercept a container, can the associated container volume mounts also be mounted by my local machine?** + +Yes, please see [the volume mounts reference doc](reference/volume.md) for more information. + +** When connected to a Kubernetes cluster via Telepresence, can I access cluster-based services via their DNS name?** + +Yes. After you have successfully connected to your cluster via `telepresence connect -n ` you will be able to access any service in the connected namespace in your cluster via their DNS name. + +This means you can curl endpoints directly e.g. `curl :8080/mypath`. + +You can also access services in other namespaces using their namespaced qualified name, e.g.`curl .:8080/mypath`. + +You can connect to databases or middleware running in the cluster, such as MySQL, PostgreSQL and RabbitMQ, via their service name. + +** When connected to a Kubernetes cluster via Telepresence, can I access cloud-based services and data stores via their DNS name?** + +You can connect to cloud-based data stores and services that are directly addressable within the cluster (e.g. when using an [ExternalName](https://kubernetes.io/docs/concepts/services-networking/service/#externalname) Service type), such as AWS RDS, Google pub-sub, or Azure SQL Database. + + + + +** Will Telepresence be able to ingest and intercept workloads running on a private cluster or cluster running within a virtual private cloud (VPC)?** + +Yes, but it doesn't need to have a publicly accessible IP address. + +The cluster must also have access to an external registry to be able to download the traffic-manager and traffic-agent images that are deployed when connecting with Telepresence. + +** Why does running Telepresence require sudo access for the local daemon unless it runs in a Docker container?** + +The local daemon needs sudo to create a VIF (Virtual Network Interface) for outbound routing and DNS. Root access is needed to do that unless the daemon runs in a Docker container. + +** What components get installed in the cluster when running Telepresence?** + +A single `traffic-manager` service is deployed in the `ambassador` namespace within your cluster, and this manages resilient intercepts and connections between your local machine and the cluster. + +A Traffic Agent container is injected per pod that is being intercepted. The first time an ingest or intercept is made on a workload, all pods associated with this workload will be restarted with the Traffic Agent automatically injected. + +** How can I remove all the Telepresence components installed within my cluster?** + +You can run the command `telepresence helm uninstall` to remove everything from the cluster, including the `traffic-manager`, and all the `traffic-agent` containers injected into each pod being intercepted. + +Also run `telepresence quit -s` to stop all local daemons running. + +** What language is Telepresence written in?** + +All components of the Telepresence application and cluster components are written using Go. + +** How does Telepresence connect and tunnel into the Kubernetes cluster?** + +The connection between your laptop and cluster is established by using +the `kubectl port-forward` machinery (though without actually spawning +a separate program) to establish a TLS encrypted connection to Telepresence +Traffic Manager and Traffic Agents in the cluster, and running Telepresence's custom VPN +protocol over that connection. + + + +** Is Telepresence OSS open source?** + +Yes it is! You'll find both source code and documentation in the [Telepresence GitHub repository](https://github.com/telepresenceio/telepresence), licensed using the [apache License Version 2.0](https://github.com/telepresenceio/telepresence?tab=License-1-ov-file#readme). + +** How do I share my feedback on Telepresence?** + +Your feedback is always appreciated and helps us build a product that provides as much value as possible for our community. You can chat with us directly on our #telepresence-oss channel at the [CNCF Slack](https://slack.cncf.io), and also report issues or create pull-requests on the GitHub repository. diff --git a/versioned_docs/version-2.21/howtos/cluster-in-vm.md b/versioned_docs/version-2.21/howtos/cluster-in-vm.md new file mode 100644 index 00000000..c73713a4 --- /dev/null +++ b/versioned_docs/version-2.21/howtos/cluster-in-vm.md @@ -0,0 +1,198 @@ +--- +title: Host a cluster in Docker or a VM +description: Use Telepresence to intercept services in a cluster running in a hosted docker container or virtual + machine. +hide_table_of_contents: true +--- + +# Network considerations for locally hosted clusters + +## The problem +Telepresence creates a Virtual Network Interface ([VIF](../reference/tun-device.md)) that maps the cluster subnets to the host machine when it connects. If you're running Kubernetes locally (e.g., Docker Desktop, Kind, Minikube, k3s), you may encounter network problems because the devices in the host are also accessible from the cluster's nodes. + +### Example: +A k3s cluster runs in a headless VirtualBox machine that uses a "host-only" network. This network will allow both host-to-guest and guest-to-host connections. In other words, the cluster will have access to the host's network and, while Telepresence is connected, also to its VIF. This means that from the cluster's perspective, there will now be more than one interface that maps the cluster's subnets; the ones already present in the cluster's nodes, and then the Telepresence VIF, mapping them again. + +Now, if a request arrives to Telepresence covered by a subnet mapped by the VIF, the request is routed to the cluster. If the cluster for some reason doesn't find a corresponding listener that can handle the request, it will eventually try the host network, and find the VIF. The VIF routes the request to the cluster and now the recursion is in motion. The final outcome of the request will likely be a timeout but since the recursion is very resource intensive (a large amount of very rapid connection requests), this will likely also affect other connections in a bad way. + +## Solution + +### Prevent recursion in the VIF +To prevent recursive connections within the VIF, set the client configuration property `routing.recursionBlockDuration` to a short timeout value. +A value of `1ms` is typically sufficient. This configuration will temporarily block new connections to a specific IP:PORT pair immediately after a +connection has been established, thereby preventing looped connections back into the VIF. The block remains in effect for the specified duration. + +### Create a bridge network +An alternative to using the `routing.recursionBlockDuration` can be to create a bridge network. It acts as a Link Layer (L2) device that forwards traffic between network segments. By creating a bridge network, you can bypass the host's network stack, and instead make the Kubernetes cluster to connect directly to the same router as your host. + +To create a bridge network, you need to change the network settings of the guest running a cluster's node so that it connects directly to a physical network device on your host. The details on how to configure the bridge depend on what type of virtualization solution you're using. + +#### Vagrant + Virtualbox + k3s example +Here's a sample `Vagrantfile` that will spin up a server node and two agent nodes in three headless instances using a bridged network. It also adds the configuration needed for the cluster to host a docker repository (very handy in case you want to save bandwidth). The Kubernetes registry manifest must be applied using `kubectl -f registry.yaml` once the cluster is up and running. + +##### Vagrantfile +```ruby +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# bridge is the name of the host's default network device +$bridge = 'wlp5s0' + +# default_route should be the IP of the host's default route. +$default_route = '192.168.1.1' + +# nameserver must be the IP of an external DNS, such as 8.8.8.8 +$nameserver = '8.8.8.8' + +# server_name should also be added to the host's /etc/hosts file and point to the server_ip +# for easy access when pushing docker images +server_name = 'multi' + +# static IPs for the server and agents. Those IPs must be on the default router's subnet +server_ip = '192.168.1.110' +agents = { + 'agent1' => '192.168.1.111', + 'agent2' => '192.168.1.112', +} + +# Extra parameters in INSTALL_K3S_EXEC variable because of +# K3s picking up the wrong interface when starting server and agent +# https://github.com/alexellis/k3sup/issues/306 +server_script = <<-SHELL + sudo -i + apk add curl + export INSTALL_K3S_EXEC="--bind-address=#{server_ip} --node-external-ip=#{server_ip} --flannel-iface=eth1" + mkdir -p /etc/rancher/k3s + cat <<-'EOF' > /etc/rancher/k3s/registries.yaml +mirrors: + "multi:5000": + endpoint: + - "http://#{server_ip}:5000" +EOF + curl -sfL https://get.k3s.io | sh - + echo "Sleeping for 5 seconds to wait for k3s to start" + sleep 5 + cp /var/lib/rancher/k3s/server/token /vagrant_shared + cp /etc/rancher/k3s/k3s.yaml /vagrant_shared + cp /etc/rancher/k3s/registries.yaml /vagrant_shared + SHELL + +agent_script = <<-SHELL + sudo -i + apk add curl + export K3S_TOKEN_FILE=/vagrant_shared/token + export K3S_URL=https://#{server_ip}:6443 + export INSTALL_K3S_EXEC="--flannel-iface=eth1" + mkdir -p /etc/rancher/k3s + cat <<-'EOF' > /etc/rancher/k3s/registries.yaml +mirrors: + "multi:5000": + endpoint: + - "http://#{server_ip}:5000" +EOF + curl -sfL https://get.k3s.io | sh - + SHELL + +def config_vm(name, ip, script, vm) + # The network_script has two objectives: + # 1. Ensure that the guest's default route is the bridged network (bypass the network of the host) + # 2. Ensure that the DNS points to an external DNS service, as opposed to the DNS of the host that + # the NAT network provides. + network_script = <<-SHELL + sudo -i + ip route delete default 2>&1 >/dev/null || true; ip route add default via #{$default_route} + cp /etc/resolv.conf /etc/resolv.conf.orig + sed 's/^nameserver.*/nameserver #{$nameserver}/' /etc/resolv.conf.orig > /etc/resolv.conf + SHELL + + vm.hostname = name + vm.network 'public_network', bridge: $bridge, ip: ip + vm.synced_folder './shared', '/vagrant_shared' + vm.provider 'virtualbox' do |vb| + vb.memory = '4096' + vb.cpus = '2' + end + vm.provision 'shell', inline: script + vm.provision 'shell', inline: network_script, run: 'always' +end + +Vagrant.configure('2') do |config| + config.vm.box = 'generic/alpine314' + + config.vm.define 'server', primary: true do |server| + config_vm(server_name, server_ip, server_script, server.vm) + end + + agents.each do |agent_name, agent_ip| + config.vm.define agent_name do |agent| + config_vm(agent_name, agent_ip, agent_script, agent.vm) + end + end +end +``` + +The Kubernetes manifest to add the registry: + +##### registry.yaml +```yaml +apiVersion: v1 +kind: ReplicationController +metadata: + name: kube-registry-v0 + namespace: kube-system + labels: + k8s-app: kube-registry + version: v0 +spec: + replicas: 1 + selector: + app: kube-registry + version: v0 + template: + metadata: + labels: + app: kube-registry + version: v0 + spec: + containers: + - name: registry + image: registry:2 + resources: + limits: + cpu: 100m + memory: 200Mi + env: + - name: REGISTRY_HTTP_ADDR + value: :5000 + - name: REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY + value: /var/lib/registry + volumeMounts: + - name: image-store + mountPath: /var/lib/registry + ports: + - containerPort: 5000 + name: registry + protocol: TCP + volumes: + - name: image-store + hostPath: + path: /var/lib/registry-storage +--- +apiVersion: v1 +kind: Service +metadata: + name: kube-registry + namespace: kube-system + labels: + app: kube-registry + kubernetes.io/name: "KubeRegistry" +spec: + selector: + app: kube-registry + ports: + - name: registry + port: 5000 + targetPort: 5000 + protocol: TCP + type: LoadBalancer +``` diff --git a/versioned_docs/version-2.21/howtos/intercepts.md b/versioned_docs/version-2.21/howtos/intercepts.md new file mode 100644 index 00000000..ee853b14 --- /dev/null +++ b/versioned_docs/version-2.21/howtos/intercepts.md @@ -0,0 +1,225 @@ +--- +title: Code and debug an application locally +description: Start using Telepresence in your own environment. Follow these steps to work locally with cluster applications. +hide_table_of_contents: true +--- + +# Code and debug an application locally + +Telepresence allows you to code and debug an application locally, while giving it access to resources in a remote cluster. You can either +do an _ingest_, to gain read-only access to a service, or an _intercept_, to provide read-write access to a service and also re-route +traffic intended for it to your workstation. + +## Prerequisites + +Before you begin, you need to have [Telepresence installed](../install/client.md). This document uses the Kubernetes command-line tool, [`kubectl`](https://kubernetes.io/docs/tasks/tools/install-kubectl/) +in several examples. OpenShift users can substitute oc [commands instead](https://docs.openshift.com/container-platform/4.1/cli_reference/developer-cli-commands.html). + +This guide assumes you have an application represented by a Kubernetes deployment and service accessible publicly by an ingress controller, +and that you can run a copy of that application on your laptop. + +## Intercept your application + +### Running everything directly on the workstation + +This approach offers the benefit of direct cluster connectivity from your workstation, simplifying debugging and +modification of your application within its familiar environment. However, it requires root access to configure +network telepresence, and remote mounts must be made relative to a specific mount point, which can add complexity. + +1. Connect to your cluster with `telepresence connect` and try to curl to the Kubernetes API server. A 401 or 403 response code is expected and indicates that the service could be reached: + + ```console + $ curl -ik https://kubernetes.default + HTTP/1.1 401 Unauthorized + Cache-Control: no-cache, private + Content-Type: application/json + ... + ``` + + You now have access to your remote Kubernetes API server as if you were on the same network. You can now use any local tools to connect to any service in the cluster. + +2. Enter `telepresence list` and make sure the workload (deployment in this case) you want to intercept is listed. For example: + + ```console + $ telepresence list + ... + example-app: ready to intercept (traffic-agent not yet installed) + ... + ``` + +3. Get the name of the port you want to intercept on your service: + `kubectl get service --output yaml`. + + If we assume that the service and deployment use the same name: + + ```console + $ kubectl get service example-app --output yaml + ... + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + ... + ``` + +4. Intercept all traffic going to the application in your cluster: + ``` + telepresence intercept --port [][:] --env-file `. + ``` + + * For `--port`: specify the port the local instance of your application is running on. If the intercepted service exposes multiple ports, specify the port you want to intercept after a colon. + * For `--env-file`: specify a file path for Telepresence to write the environment variables that are set for the intercepted container. + + The example below shows Telepresence intercepting traffic going to deployment `example-app`. Requests to the service on port `http` in the cluster get routed to `8080` on the workstation and the environment variables of the service are written to `~/example-app-intercept.env`. + + ```console + $ telepresence intercept example-app --port 8080:http --env-file ~/example-app-intercept.env + Using Deployment example-app + intercepted + Intercept name: example-app + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Intercepting : all TCP connections + ``` + +5. Start your local application using the environment variables retrieved in the previous step. + The following are some examples of how to pass the environment variables to your local process: + * **Visual Studio Code:** specify the path to the environment variables file in the `envFile` field of your configuration. + * **JetBrains IDE (IntelliJ, WebStorm, PyCharm, GoLand, etc.):** use the [EnvFile plugin](https://plugins.jetbrains.com/plugin/7861-envfile). + +6. Query the cluster in which you intercepted an application and verify your local instance being invoked. + All the traffic previously routed to your Kubernetes Service is now routed to your local environment + +You can now: +- Make changes on the fly and see them reflected when interacting with + your Kubernetes environment. +- Query services only exposed in your cluster's network. +- Set breakpoints in your IDE to investigate bugs. + +### Running everything using Docker + +This approach eliminates the need for root access and confines the Telepresence network interface to a container. +Additionally, it allows for precise replication of the target container's volume mounts, using identical mount points. +However, this method sacrifices direct cluster connectivity from the workstation and the containerized environment can +present challenges in terms of toolchain integration, debugging, and the overall development workflow. + + +1. Connect to your cluster with `telepresence connect --docker` and try to curl the Kubernetes API server from a container. A 401 or 403 response code is expected and indicates that the service could be reached. The `telepresence curl` command used here is the same as `curl` but uses a container initiated with the network created by the Telepresence daemon: + + ```console + $ telepresence curl -ik https://kubernetes.default + HTTP/1.1 401 Unauthorized + Cache-Control: no-cache, private + Content-Type: application/json + ... + ``` + + You now have access to your remote Kubernetes API server as if you were on the same network. You can now use any local tools to connect to any service in the cluster. + +2. Enter `telepresence list` and make sure the workload (deployment in this case) you want to intercept is listed. For example: + + ```console + $ telepresence list + ... + example-app: ready to intercept (traffic-agent not yet installed) + ... + ``` + +3. Get the name of the port you want to intercept on your service: + `kubectl get service --output yaml`. + + If we assume that the service and deployment use the same name: + + ```console + $ kubectl get service example-app --output yaml + ... + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + ... + ``` + +4. Intercept all traffic going to the application in your cluster, and start a local container to handle that intercept: + ``` + telepresence intercept --port [][:] --docker-run -- . + ``` + + * For `--port`: If the intercepted service exposes multiple ports, specify the service port you want to intercept after a colon. + The local port can be empty to default to the same as the targeted container port. + + The example below shows Telepresence intercepting traffic going to deployment `example-app`. The local container inherits + the environment and the volume mounts from the targeted container, and requests to the service on port `http` in the + cluster get routed to the local container and the environment variables of the service are written to `~/example-app-intercept.env`. + + ```console + $ telepresence intercept example-app --port :http --docker-run -- + Using Deployment example-app + intercepted + Intercept name: example-app + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Intercepting : all TCP connections + + ``` + +5. Query the cluster in which you intercepted an application and verify your local instance being invoked. + All the traffic previously routed to your Kubernetes Service is now routed to your local container. + +You can now: +- Make changes on the fly and see them reflected when interacting with your Kubernetes environment; although + depending on how your local container is configured, this might require that it is rebuilt. +- Query services only exposed in your cluster's network using `telepresence curl`. +- Set breakpoints in a _Remote Debug_ configuration in your IDE to investigate bugs. + +## Ingest your service + +In some situations, you want to work and debug the code locally, and you want it to be able to access other services in the cluster, +but you don't wish to intercept any traffic intended for the targeted workload. This is where the `telepresence ingest` command +comes into play. Just like intercept, it will make the environment and mounted containers of the targeted container available locally, +but it will not intercept any traffic. + +This example assumes that you have the `example-app` + +### Running everything directly on the workstation + +1. Connect and run and start an ingest from `example-app`: + ```console + $ telepresence connect + Launching Telepresence User Daemon + Launching Telepresence Root Daemon + Connected to context xxx, namespace default (https://) + $ telepresence ingest example-app --env-file ~/example-app-intercept.env + Using Deployment example-app + Container : example-app + Volume Mount Point: /tmp/telfs-166994305 + ``` + +2. Start your local application using the environment variables retrieved in the previous step. + +You can now: +- Code and debug your local app while it interacts with other services in your cluster. +- Query services only exposed in your cluster's network. +- Set breakpoints in your IDE to investigate bugs. + +### Running everything using Docker + +1. Connect using docker start an ingest from `example-app`, and run a container locally with the ingested environment and volume mounts: + ```console + t connect --docker + Launching Telepresence User Daemon + Connected to context xxx, namespace default (https://) + $ telepresence ingest example-app --expose 8080 --docker-run -- + Using Deployment example-app, container example-app + + ``` + +You can now: +- Code and debug your local container while it interacts with other services in your cluster. +- Send request to your local container using localhost: +- Query services only exposed in your cluster's network using `telepresence curl`. +- Set breakpoints in a _Remote Debug_ configuration in your IDE to investigate bugs. diff --git a/versioned_docs/version-2.21/howtos/large-clusters.md b/versioned_docs/version-2.21/howtos/large-clusters.md new file mode 100644 index 00000000..10c8eab2 --- /dev/null +++ b/versioned_docs/version-2.21/howtos/large-clusters.md @@ -0,0 +1,48 @@ +--- +title: Work with large clusters +description: Use Telepresence to intercept services in clusters with a large number of namespaces and workloads. +hide_table_of_contents: true +--- +# Working with large clusters + +## Large number of namespaces + +### The problem +When telepresence connects to a cluster, it will configure the local DNS server so that each namespace in the cluster can be used as a top-level domain (TLD). E.g. if the cluster contains the namespace "example", then a curl for the name "my_service.example" will be directed to Telepresence DNS server, because it has announced that it wants to resolve the "example" domain. + +Telepresence tries to be conservative about what namespaces that it will create TLDs for, and first check if the namespace is accessible by the user. This check can be time-consuming in a cluster with a large number of namespaces, because each check will typically take up to a second to complete, which means that for a cluster with 120 namespaces, this check can take two minutes. That's a long time to wait when doing `telepresence connect`. + +### How to solve it + +#### Limiting at connect + +The `telepresence connect` command will accept the flag `--mapped-namespaces `, which will limit the names that Telepresence create TLDs for in the DNS resolver. This may drastically decrease the time it takes to connect, and also improve the DNS resolver's performance. + +#### Limiting the traffic-manager + +It is possible to limit the namespaces that the traffic-manager will care about when it is installed or upgraded by passing the Helm chart value `managerRbac.namespaces`. This will tell the manager to only consider those namespaces with respect to intercepts and DNS. A manager configured with `managerRbac.namespaces` creates an implicit `mapped-namespaces` set for all clients that connect to it. + +## Large number of pods + +### The problem + +A cluster with a large number of pods can be problematic in situations where the traffic-manager is unable to use its default behavior of retrieving the pod-subnets from the cluster nodes. The manager will then use a fallback method, which is to retrieve the IP of all pods and then use those IPs to calculate the pod-subnets. This in turn, might cause a very large number of requests to the Kubernetes API server. + +### The solution + +If it is RBAC permission limitations that prevent the traffic-manager from reading the `podCIDR` from the nodes, then adding the necessary permissions might help. But in many cases, the nodes will not have a `podCIDR` defined. The fallback for such cases is to specify the `podCIDRs` manually (and thus prevent the scan + calculation) using the Helm chart values: + +```yaml +podCIDRStrategy: environment +podCIDRs: + - +... +``` + +## Use a Namespaced Scoped Traffic Manager + +Depending on use-case, it's sometimes beneficial to have several traffic-managers installed, each being responsible from a limited number of namespaces and prohibited from accessing other namespaces. A cluster can either have one single global traffic-manager, or one to many traffic-managers that are namespaced, but global and namespaced can never be combined. + +A client that connects to a namespaced manager will automatically be limited to those namespaces. + +See [Installing a namespaced-scoped traffic-manager](../install/manager.md#installing-a-namespace-scoped-traffic-manager) for details. diff --git a/versioned_docs/version-2.21/howtos/outbound.md b/versioned_docs/version-2.21/howtos/outbound.md new file mode 100644 index 00000000..987792ce --- /dev/null +++ b/versioned_docs/version-2.21/howtos/outbound.md @@ -0,0 +1,93 @@ +--- +title: Proxy outbound traffic to my cluster +description: Telepresence can connect to your Kubernetes cluster, letting you access cluster services as if your laptop was another pod in the cluster. +hide_table_of_contents: true +--- + +# Proxy outbound traffic to my cluster + +Telepresence offers other options for proxying traffic between your laptop and the cluster. This section discribes how to proxy outbound traffic and control outbound connectivity to your cluster. + +## Proxying outbound traffic + +Connecting to the cluster instead of running an intercept allows you to access cluster workloads as if your laptop was another pod in the cluster. This enables you to access other Kubernetes services using `.`. A service running on your laptop can interact with other services on the cluster by name. + +When you connect to your cluster, the background daemon on your machine runs and installs the [Traffic Manager deployment](../reference/architecture.md) into the cluster of your current `kubectl` context. The Traffic Manager handles the service proxying. + +1. Run `telepresence connect` and enter your password to run the daemon. + + ``` + $ telepresence connect + Launching Telepresence User Daemon + Launching Telepresence Root Daemon + Connected to context kind-dev, namespace default (https://) + ``` + +2. Run `telepresence status` to confirm connection to your cluster and that it is proxying traffic. + + ``` + $ telepresence status + OSS User Daemon: Running + Version : v2.18.0 + Executable : /usr/local/bin/telepresence + Install ID : 4b1655a6-487f-4af3-a6d3-52f1bc1d1112 + Status : Connected + Kubernetes server : https:// + Kubernetes context: kind-dev + Namespace : default + Manager namespace : ambassador + Intercepts : 0 total + OSS Root Daemon: Running + Version: v2.18.0 + DNS : + Remote IP : 127.0.0.1 + Exclude suffixes: [.com .io .net .org .ru] + Include suffixes: [] + Timeout : 8s + Subnets: (2 subnets) + - 10.96.0.0/16 + - 10.244.0.0/24 + OSS Traffic Manager: Connected + Version : v2.18.0 + Traffic Agent: docker.io/datawire/tel2:2.18.0 + ``` + +3. Access your service by name with `curl web-app.emojivoto:80`. Telepresence routes the request to the cluster, as if your laptop is actually running in the cluster. + + ``` + $ curl web-app.emojivoto:80 + + + + + Emoji Vote + ... + ``` + +If you terminate the client with `telepresence quit` and try to access the service again, it will fail because traffic is no longer proxied from your laptop. + + ``` + $ telepresence quit + Disconnected + ``` + +> [!NOTE] +> When using Telepresence in this way, you need to access services with the namespace qualified DNS name (<service name>.<namespace>) before you start an intercept. After you start an intercept, only <service name> is required. + +## Controlling outbound connectivity + +### Connected Namespace + +The `telepresence connect` command will connect to the default namespace, i.e. the namespace that your +current kubernetes context is configured to use, or a namespace named "default". When connected, you can +access all services in this namespace by just using a single label name of the service. + +You can specify which namespace to connect to by using a `--namespace ` to the connect command. + +### Mapped Namespaces +By default, Telepresence provides access to all Services found in all namespaces in the connected cluster. This can lead to problems if the user does not have RBAC access permissions to all namespaces. You can use the `--mapped-namespaces ` flag to control which namespaces are accessible. + +When you use the `--mapped-namespaces` flag, you need to include all namespaces containing services you want to access, as well as all namespaces that contain services related to the intercept. + +The resources in the given namespace can now be accessed using unqualified names as long as the intercept is active. +You can deactivate the intercept with `telepresence leave `. This removes unqualified name access. diff --git a/versioned_docs/version-2.21/images/TP_Architecture.svg b/versioned_docs/version-2.21/images/TP_Architecture.svg new file mode 100644 index 00000000..a93bdd7e --- /dev/null +++ b/versioned_docs/version-2.21/images/TP_Architecture.svg @@ -0,0 +1,900 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/versioned_docs/version-2.21/images/bugfix.png b/versioned_docs/version-2.21/images/bugfix.png new file mode 100644 index 0000000000000000000000000000000000000000..7c03920b44b1bd2da06869ae3d0b722a3e58160a GIT binary patch literal 1893 zcmV-r2b%baP)EX>4Tx04R}tkvT{MQ4~ebOcWOs1yhKKOrch>Q4z}+g&;%-Q6W(aXUPVcNtj8n zNh#O{EL<9+7B<$}TG$GL-~wW8VWnszVdN))1TntmAMStm@!$O*movKQwE4lb@^&N` zP@=IlrQ?+@+UUo}h^jlexo|i{%lf)U66f87nAN)P&+0Yejt-In`1PEf2Wbvr5Yfe13o(%TLbA)=vs~61ShL3i43MKW zHUt+1o0)=Mf2Y{6CvL4S3mq6H$RbOGQP3!mCPSVH(pV@sLxQQ7!Q~DNKIK$ftx6t1P9)&{40>ZQa0}h*wcP6WoIb!x5kfa`a0uf`=-X(q zcV}~M|Mt}L`vIQra=2B*j0^w(00v@9M??Ss00000`9r&Z00009a7bBm000fw000fw z0YWI7cmMzZ2XskIMF;2!1Q0G4AVcZ$000GONklzHj&2OE25f z-L_C$N(-oj=BlH^CLEcRsrZ2Lfdk4sB_(LN5?C6TkCw;)A@{+ zowt_-4U%oIY)PYq%pfhxd-h7g=y?!Ozt@pqHgu(Oxw=}QriQOG@<8w?R^8~1xBx(n z9wx$qp%_jMl*){(Da{&`r=A*OHUNODs|D56sD}c*M3zbHZ9aW?sZ$)>0BIEgNDyN` zxn1WK&_Mtx<`60MJWI6fIzxxXSP;S?4z*Ts^7zOJbk$v`#oAv>~i@CvF zLPH+0MjqYUHg1)U^a2PV(}_H&y#03CAOH;N2>^h`q~u6004CL*v*%#f1A*H@{^hnN zvjLz<${ACH032)JQMIx?9-r2Iqrp26A8Onh@`pBd#eW+E+?wrMe=K3|7;)Zq+nC}q z9%~vL?d@NE#ge1;_H6Ha8*U}Ox(k?Nx@%_}T<(COgc_30I=8F3jmsi zHU$v_00||hxq^LTs+4MLC4eRdTCNwScPY~<1Mus(G-kr^Pzgx%YZ;l%05D8eNAaE$ zT}k!f*FoQBM~3VyFwd}CnwF2pvs)WiK&ry}AuF}+(&aY+AYD=-sqwU9V(Q{^mi*{~ zDHQ_^9E-kVb+jyg5X@<7S;Dc{1_-VFg6Z(l+XJhvwX{vm+IxI3DPWK3Y_XWB*dsO} zHRBBc1GwG0*}8i1W7*NVFcdXqC~C^+^|O_IS5N$)qP-u25Oqx|_+)Wt!gh-pe|1GR zHmxknPU?&Cex?z(6!gudGc#}Xesvg}*}m~HE* z9++^5vU6vQsyNF;nxI>~QspRy9)zb5z@>)*XS%gD4pWnWlf^^>nYD-e0iYoq-tR5& zH#$mABG$<3K^*`jh5;tY>}c%{cmAEPiHaNz#R4+sKx8GY7|oTX%bKdn=Z@)saM)-F zmj*|Fb>Y$=hr?qOsiUfVZgXYnvgD=(0B6`ZEgZ)j^XLZ-m;ky*?5PL-=)PaR8B>>) fZakhKKgsnEF-2uxB%iBC00000NkvXXu0mjf9_n(| literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/change.png b/versioned_docs/version-2.21/images/change.png new file mode 100644 index 0000000000000000000000000000000000000000..d271fc519154e7d9094b05ab4edd26c2d8a635c4 GIT binary patch literal 1534 zcmV0004gX+uL$Nkc;* zaB^>EX>4Tx04R}tkvT{MQ4~ebOcWOs1yhKKOrch>Q4z}+g&;%-Q6W(aXUPVcNtj8n zNh#O{EL<9+7B<$}TG$GL-~wW8VWnszVdN))1TntmAMStm@!$O*movKQwE4lb@^&N` zP@=IlrQ?+@+UUo}h^jlexo|i{%lf)U66f87nAN)P&+0Yejt-In`1PEf2Wbvr5Yfe13o(%TLbA)=vs~61ShL3i43MKW zHUt+1o0)=Mf2Y{6CvL4S3mq6H$RbOGQP3!mCPSVH(pV@sLxQQ7!Q~DNKIK$ftx6t1P9)&{40>ZQa0}h*wcP6WoIb!x5kfa`a0uf`=-X(q zcV}~M|Mt}L`vIQra=2B*j0^w(00v@9M??Ss00000`9r&Z00009a7bBm000fw000fw z0YWI7cmMzZ2XskIMF;2!1Q0DD#MCdS000C5Nkl4?!H?ChN9`#hiD^PJ!F{C>cH*~U*AO}7=; z3e#Y-X3S+y?(YPy>cvSM(TSO%)(kM#3Lx!Y1Mj5Z_4Qw{(j zuk?%%;kyYP0pK}VbB0Y0X6$VM62NwWCxdE}B_oKv37`Zm*5c{j2);?Ud;oi4>-*eq zJJu87prGJmiN{fy7uN&W=X18I2CYQ^DJLMI8>>&AnqkG)&{`A^P(FZ)Tfv|(5PqAk z-bkNn2EMA?R+?AT4ggEW?9XmI*YHR#mFlO-&e+;67rQ;4WA~kZnKNfDKdl=0ZI?$p zUNK@f?cvH;nex{^Hpg87p$x5kwIHx{I25Nq4x4SDTv0t80fx z$6tTuiL`YB=J(XH;!(k0^c+4}sK6UGmk52_^w2l6(Gdhegfr1hd#-SS2itr9oxKM+ zUI*=h0I&i@xYJiK2My2Nt^5BT_#XJ~f}1u}mNZ(9l*vwUMtxT0sz?6`n82y$W&l`R zkWu3qb)_}Ec(i;bxZ!;AuC)5c4C=|3*hGf&0~7rMLgq~1ggn!Y)U9iZy<_f_>F|iI zNL^G%j6UP|lP1o~CnR1>%!%rV(MNT}=s8iCa?o+pn=0_EH?R;e$F2aeRsg4iBlTlU zBWP61AeT4NZFl5oLv;;L)ot2sDYfnlw$FdwUnd2LU2U&^yR~lN+2|X?BNneHWgDWy zUrRB@clydHvDfESOaCP>E*%_tCASzWIX%&8P4>!q0FXUm1OU{2RQ+D>itcT`g1~3a zP)Gfj`)gjhwz6x;=@!EUo*zn1T(n^l>X(lJwDkN8V8_#RAV~oi;=hXDI|p?aw$~lf z1kd{+YhS@zQ{Ut41M!!V1Y+c7#Izo*G(7g8!wUc_QN zC~JSgmXM`k&dI){Hp3d1-eqgv{&n6^^5EVDc3t-EQ={nm0y`Y4k!+=d`f(_Wc*t4; z#~Sl1cZv>oa^?q?Eup6Ho71%qH!X|mT-!c4`M$JqS@cgi?bic=Br~w_egt3to)wF; kJ9N25J#vln@PDvB0m8jHkA_vIe>)v5 z#EiMur-Rc%8K1S@I0Yuajb10=phepMaC66eV5{w_-1sRj=;W8loSfI0*4CDV zs|+a+6a>`;DAi@r2-w9=xlLr1uBX?baBPX zIx5U4;ZHfK!;*s@LmwPa+gmfZ-t9P<%(KIp-dBAyawnUn)+;S+AylA4x#dq%^dB6% zTp*K-?8!mesyS$OI>U!OO$s=4l2 zxWt2_Ar)Q~rEdERP{0V*b^B49jZc@rxWh*LHQDP)W8`U95Y)9pDzrV5M9+9Hq zFgnkk!s8tk0X)^YN%PJB1V;+it*#OOf;4TMkK52^dnS(EsiLgQ>AV4h<-Ga&a+K5o z*x{3X+)rk)1>h0~_+KKW~fZO~?0{=TmJ0O;5?tx7qt=nY(Xb5K4x(txfL3 zNPrj;cc$8Kj!dcVW2elUa-F{AI>GxkeKH&tKxjfdeBM(Kip;%S|UxS;yWd>`y& zYK&`UtG8=j@of!glv7EfqG2b@eaXKBXgMG$k*)p7&rRQ1h8-|AS&zHLe-xLi*7Z;Y zjsLGdf1IUdWixMGm?3hV8+bUi&_g(oI|w?Q%5Mm0*azG0OScp~SiOzY$Mtzw@6@hkAOM+f!}52TODbHm?4w z>z#Y&hch@ec3J;baC+2givlLID5gwwPn(HM#QL3|ZMk268A=^*8@FMHs%ZXnboh2` zMZkFSI%pTalkNL_#5G;rj4rV$^zP1B!UbryhQ0U3`C(kvNIR}oGxLkDIFDYct3`uqfletc;2L|>})OUe36W- za%YF$E#E{KFxHartBJ>MH@F(+qI*uaI%+QfBC%iZ1W4-KO5PPZH<3POmzACvl-3z( zx1PXqzR;E`kg_(ufS;9=lRc~-0wKetA zEg%=Q;XmdR_PqP1@E(nTo_fOh=9IbbdR)tK$A9DZ7Yhs%#qX^sIVU_QRiX8A=kK=HrZcA~F>&(606 zl~sA~--9yT_!;NZQ|%N2-`_jmVwbB9Fa*tio`rTs3SYmaEfe@X1U|nN;zYD|EbkoH z(HP#Sa& zu%;>grzCnT}wXM!etrXB_6m<0ha`P1~1WSiMzI({+2r3 zIA6~QbN*91dA1rl6LgmEl}1hxG;zL#lVelFZ3fAOb-o!^To*Z*YKp(>b3SXd<-&xK z^t6@MP60HqB$w#VuRS|CBV>u$K66P5y%ppc1m--|xL5vIQLe5=E=&F!oqXEth~Jt@ z1aF&Lpr$2}4L^tLQK7*cR8P)^mC4>AFEGB^Jr%^s`L?-vyiq*dX?4?O?7STBN7&&h z39O?^c(}s+bG9+)WNRVEi4hE6El{_lC4DImtFXDrN2~;17=I@rE z!AX|NHJmIQO#01qCbgWF9K1Er@=7Vszm;1&ef-m&5t)*Hd=W5$z49&m?xj%5S5?O| z4@0kUynXgE@-%HTpG29dI69HOoudPF_UW1Yd&|VV+1guY3mJdK?ZCrwNSHi7Fdi|t zfH}e9caMj9)o1Hw7}ll8AMae`$)@9a@F}I1noG-4aHx8|3UKWF_6Fs%i)PcZm|LHu zb0_XSgD1|P%-HH!s*3(oNd4qLVP1spEcFPe36aL16}Va$tEj}m`>`Urk%Cqd0fjeUv=&Y2P{+ zLjO5>@AyW#+AErt3}^-yr{Qd35kov1C;B7XYM#5{oT~92-23}IpvUE26DCg%+V1-L zv3aye#fi$+(a!>BK7MR6NOJC} z#V{_ZR`d*%$ig3+FbrB;nnz$TvOkbpZFJGA)iX51MLsCyM|ADyOR6L32fv8@oV5j& zJ&%#fo|3*9EL9ex3;l_`ucopl!)~`z5}S7=7y48_4dT<@EcSe3DedD|7`?3Y!E;8q z-cI(ZZV7I4LzV&X;VGZbn$cMIdIBjDKJasP^W&(DR}E5w&RA5k4=I$&@{)K~YHSSD z?qndnOl*;|aG>R@51uOz>h1jL(!rQ=jp|2u zpI0-rR&mtHILxMHvkaNB2 zdFn2<TkOR5L9->O=2tmK~k@#ii`8;q#221 zX{Uj67fYQ0*&;uX_Kmtv8jlGksHmz&EVOiK(~cc!?`t&@RLqW47Vh{a=c~apwg@yW zNeao2)$0&AM@b-9LwT6y&?io>(A$>ugB-A7Cyr}{hx~h4qyLHoOn%n197${|cd|=b zDi9@s1h2ihuS7lCkT<~9WE6%K!jR2#!G=vmkX&9x#}lE{1wB6Q=D8A2`aE(D>Z#;tw3>u-dJq??<)4W>+|dEg1M4Z zauY5bw86K{#haz#BzJaY@J;+{33Mh>YA8+rHLpZlhXtwkt48QD-oE0SnI9{7itT_} z4W&DXC{nWB$b1md`EuIx({M9`R-&4PmoyJc6Y#_5Zd9iXIzAu17CE)B6JUFSOu%+( zYp1y*i2}T6@hZa7_wjY!O9}yM$CVfz-qe@-82PuruRS=!tIEdJ4URmrT*Js0m6OH3 z3mGU{e9?ckVdWOMKJ{{HClRd?Q=Hz}ox!X9DW6k0wTAof!j3d?3D8lI5G9v8CYKQv zz=+M^*fJZcUJv(wRDXqB4<f5uiCOXso&WBp*MIi*Q}1*#?##!N>|sXGp@PF)Jh7$9&=-7ltNkp83IH% zRw|~Rc*kKDeyw?G-OP>tbpdMY*0)uWroN;u-EmO)MD9jj;6yu@I9ZIbnG`Qm>y-z6 zU}G5!J>jZMs)#klc*6=b6|7>RnA#RNHDeOitfc4!IIbzn@TCy$$}_C*Q{8Tg25?ZY zsoNE2>8`oZ?qM=3m$A9dJ!dwTW-#U{7i+Ww<(dUVJ*&wnJQZytdps(wBZ0v$ z{^yg+N@H1?HC)wm^pC?WA$#l05iF;ls?=05Qu=q;i!8n`A>-Pgo+z4vP1VDH6>ph= z&y`*>(^nYEh7zoQzKq)q;O+_#R2H`q3FsER!6y=s(RUu2;Loi(^CGiS*}2)kfr1NF z`C)$;Zgw-{k^Asbx?nT?g+QL7nWpNFIY|T3N zt8mZLy%}}gG_<0^H(&lb~{o}6%=bziHq$@uOv)#hi?n(T57sv)?;($(_cN;(#%?%4mUp)mD zs;ro(rFT)JJeTUqW0q7S5kGk#)8GqVV|;cPo(5#ovt%w}j^18UIoqy-_JC^#$?MtL zH^y*9uaI#SIa8tmuGeqR+TsICoxZ0l7X+VLQUFIRn5n%y7g!=eUT5hKT?*W_uVR0I zvo7wrwElSb#jA~IYL={maY=e&)N=Bsoc!DU7g7&|0jb!Sa`J*ZfB*Hn)>LuLNY9mR zoQVOIdp*^tnk@!6m(D+$W#SwKM=wT{=bCE=-^m66yR)!Tmvbl=_BxUGKYyr{gDn?r zfw);7m{D!A{P)p)q_6N|8P<(T1+e$(T{u^OAq82{ZQ@k>ndRhq5w14<+SR~QT#W!` zlr|BvLRW2Q-DhbJ8YEWPM<~RJ|AUvUh`ij{g7eGM z@hc7zX-)g?)=4Gr{cr;kZ96T)XfD2`1qr6wiDo1N34t5v+}vZdR*M%P@`B^=8F$ZV zROH^laEaCZSi%d_pv4AS3W)^`FGKqCau#cC%ZimOuj7&-Qb;esAxCu3`Lq;m5UCwZAxTiaTl$RyphK_MxLRwG)iMk?`!PP=-@C zJ)Y++y7H*iW(jfJ@}?``IERgM#@Mf-E6C1s6P|VRW$>A4OO$Mpufz4{xlK~Mz52T^ z`oCA}>b<-^v0^;n(Fjkxh~$4UQlsf+gnWd(5tdg5jI>jO8JOVrsMCjhOU#qzjMdBZ zyu5)K3nF13r4Kv;H2M$Lb!Bu0v^~79&MYL7qVeWUQJd!d4{FMV=SCeas0{4fFTG1h zHMal2gbB?vmcr(>kJ6adT%1`8UrQ$g)>tL?rh$T>!5wswPIBc{g--|YMyW2JUrU@S z)^AAgw-Kw4_Y|i*J}Mvo|x_-EO=}cJSyb;D#6YE^#tQG^Ku$$f#+wHFTAl zULCIK!Jar#lR+r_Y08Rs~aSv%gj0 zq7oQ}-EI_F2$rS!`KZ)vt?)b48A+6;Hj+x^m5*-u$9C> zv@Y`=1M(V@fqe!ye;E-Kry^xt8l<$CA-E8*u8GpL*_OPP2x;K0w{sT>xd1`s0|HkE z=s5}~l{NeSm>X?vo%4UF-AT94B1KQf3g#?)XUaFGMhN>{*nisSrdmVg(9kE!3sNk8 znoYmRz^^vcEF4-b&*>0P9_0?x8htjM_XgL_*_B`Vv zwNqlUwsl)*eTmOXX3JF&srr2Es1oTlwUGWj*D!04V>~{6>t9v(qiIq4R2xki2zEcZ zW~5}4%i3V_%~s-93by3ynQ|sk+P)`6i^c0qVjrDjfIR%T>+J$lcZF;XR4E}?&*;a| zsa!l}{j4<~`BWR>Dp;DldQ0$#cTLauO>q>pVrMszrlakU4>dCJK2cTj@jIlC9%HvQH7uz96hnmN%(B zy3C~qVw*rcD!XDxy4vI~hyI;I+{_ul0K__mP0j0#&oimJtVdk>+Z~P1uVKC=st-o8rJ^D5rN@hqy z2Hf=Q=g)tkEesnPRvR?JaCyun^EKBp&GXrV1L#2zP{VW)g0k;GLZRcAMs+;kW<0Tc zp&_prj772>L@qK(0HDHKHCY-I zAru1jb`yH3z<2t^`=FgsFN%!i%~*eWk$__~CGg>O^rFo9tmwfn3}ZPBvs^N~Q-4qUQM- z(p}VX*OyI(i8lC&`?!r-4Wr}HDIkw~lA{~!%Y+5GLwgJ?jm<8#x_~1@s#MU{^Y8Q_ z4mr95T#$heMf0zSVX8PC(L^vck$z7U4pymUY_=PLgKW~3gcqSCH_($-pFOO>jr<2P ztZ)nUu!iv>B$zBoCn>sy_BZw#O0~~2C#Mteenq>qes-nc#S_SU(y*0Y0x+*EQSu&m zphJ2Hz+aIda0SWGMf{&)U|3CJ9E~N>FeWW$!hqVwpWp(15K)_(4nfmx=(DxW$UT6zvpY zC*opPLqMd~^SR#Qa6^F{RZVo<+=rRIhTuJlh>Jp9jV@9SKNn_#tk8m30VvO!!su(j z+7&Ip8e<(Vx+rfh4j8g7`QCU94|qPS?Gws!g+9w2Gfm6wqZDvHf?2hPln(mOjwnHKCJWGj&9ev<;1OuTR4rdZpSa&uQw_vndNV;|nAcl@~=dkWv@oBn(d?3g@yP#CtvOcTtSGG=1U z9opSn6DWh9t&z$+fu66j`I?VhduvhS%dc{LuxwI8mmKXC5Ji?BwecQH4jEEOoPn$^ z&Uz{)&gF(Y61&OtKKAzv|AV@3h#p;o1aR01OA9b{vx>!`rqA8}x@_BVR0yyURuWgR zSJa%#`Xi4M!ALW>9D8i2`t(y9C4w*&ou_$W=ca-03R9Ulc4SAEWt0-pF`47JQoOrB zN)JIL>Bo|lx6zOB33TCi*9$H`jsM3|oNDqN=2C#ERdg>f*2lfdpp3D4ugeAE>Ho5! z-BLn>uv2MdiKokc)+p6!xnf+Oo6l|>LH)MeKmWK1=-TE{4DRr-Yr#4N?lHgDy>Xwr zcd(oAeeX)ghTCwXK$f+5>C_RP(A`|RG9?o|QKoJg?^BF!^jdjvHtE*5F?*a=>lW9y zC|TP4nJ1<<`i!>@%NhMhe7^B_;fzm4v)X+9ystwn*5ZVfDL}_|GJPSG55)Jxg-~SU zfe2j8)eU;kFEU4bb!jaun2Q5VN2TVD=K{>4^LBMpgqbpO*p=t{KN!vQ z%YRg>aZ>W_7TGW~>7h66-ScMDXn%M0mg@mi#FH4WH^RBy7odAHuv=kB5%aM!N-ev# zHmMW#AXOY=%{RRkq%xz4uDGjDRkv zmL3#tE_gAR8?of58ody#%Y0P$;iKf{VtZNEmIMPS+C5!fE_Lc1`>Qima_F#Maf=Q} zZkLB+zq+ynk6%T&cDahyeteO~{;l;{Cl@QP zaeik^M$}EhpFWdn;j~=G<{s9MiB$XUl@;lg3KbR{Rm;Nki(OWT6}I37vxX3O>D1=h z?#4@SM)b04fwiB(=CWqoq77yR2|oJqFL{Y`zxaYuj_Qpnhy0(x>?<1dP@2gofosW} zF;8YXvf~nD1gVt`=dS<{Y_6=(RH7NwR2qfvxkZ;1-Ks)h+%mUhFjo*2NY=ea-Fdu- zJbo(rWC&#C5`zCjU_A@&_Zvt9Te1ar;-!6h9|chGDoRg2u3x45koxBXOe1j20u?W8 z)y*dp+0SZqY)FN$VjuT;^~Rb4swLY1#C2+GXm<&yNcAEyF@;eEDHz8XN^C3zG#jVT ztr=OJAtY9p8KgXO#EY1I;Vx!k7N7Mm_vmIU#yZMy-SGho&Wn(&R&=>P;c*dqL`|$* zIQzSfQq|@Nfr}QXy!UexR{7!+|0BCsbxEWQtr?G0f@1SAk%SR4^od~H&k>lJPzXGz zkV|a^)7h@}6+0yv+xxfmLv;$^J2+zKz>a~O467j^#8>P#>AI?hx4%WlWAHE9}xF8)>b+Su1XW41;%D z8*J(8grkmT%nGrbE&fGgVwTGb39JWn%WD4 z-L}<9YxH^ugTD;#^N~vs)J+hkEW^h<-AZrYC}QJ=V5M6{TaS| zP=boat*oC*_2p9tifuAOk@Zv=vhOb_?x;Gl%t%vk$Ve5SI&H!YEIP!^7u>zc|J}W1 z=r0H@EoGX2PlV{iw)QGXAP@emJ^l5D482oeFAUjt7fc?{t2Ul^3aWd0|A4e~bm9z1 zx)u9T3~4RtRNKzzDua~TAN}T2NxL{gQo3TzAlZ<)OHg=j_FPUM$c0!_HcZ-n_u=$N3h()FnF$WmDPIHsehMkA!%<^;qk_kSGmO8(sR2#~M-x{y`d!xSSRHFY@s zM!-p1P5aVJ{6((e$5$`vwSL}OL26wCjCLLFOV=|}Kur~2+^y)xp9ka_-0`}6e&S;K z63w~kGr-2W!dzL2!CE-8OeP6P&G|V6&T~gvf`p?9Q?i~Na51~Q-Dt-xJ-_v_IA5Ud zQp#g1`Mu)R5G0pYbZ8^oygH9t7#M%(Z%qy@HrREFQL{yTND%`Ixm)>Iwb!Qj`845p zT>24QG+10lMrwGRz=I4Z4v74|$sz{U)nLACdIx4UAiqH;H3!^Fp&<@y5BZ?@)H$(N zHw8>&I61IMS@Mf8TRUIR`ce8L-4`-XMIZK%((81oN`OED;rUHJ192^0!bIjhH_kd= zz{LMZSWORr5Xzh)=$CP`$z|JjM%_3^?{l4OlwY>l4m9<|m`;k*G%3roCq74M9!%)t ze`8%Jom;+D-z0ntJ(pRVsECVjo5%4Ak7SgoA-1aV9%?PW>sOvV&Li{@zH2=ac0y@- z_2?9Ni1sc>9yu(xun*g3?aK~K4ooi?%biu0ns4hjR&{j=hQJ;3(-jtOuP@c_IeH7k zZGCD(3TZTWh&K1IvJ-w>_jWHSy#Tp=x8ZS**TOqEUPxQTyUoJs=-^FShi5+DTwz-D zjikQN6%bt#d?t&Alylc@gbgyH;BH>NlZnnU103=X-7!pU@^NUBZR?#$!>8)5E#Jj& zzWn6qdOpXc-xU}X1#Xh<0@ItPMnYK{{J)eZ^4Hz`#?x*be?Kn$9Wc?pLP?@bcXpD6 z!+f&rgA;~9f=%LWhAUBXD~-2%bWl$RV?3e7zD6gNQZkWA+Qy>m(?KE@u$DZ=~qO2IKFmt!p ztJ#ta4ZB!Lnp*G1#qp(Rq9VYmbLz>_nPNy!Dk=I4%iv@NYjWdy_i^Aakx7-d_%p#Q zF9{gc04H*)_x^xWZ$>cNx5**)$0$Mn?t_$n?cFbbXeqYVPXN~cUxfl*{OVit7{U%I z`i%EX$3KK>(YxO${rjLpuhh=B=3c=N{P6HFd~4+Krq<0fZ9X6UJFv+4hMw&@`MJj) z$c`dMWWraL!9LTPP8&Sdq9^B2_G7cKazHPpT&tsejQlrWK-+lRZCqu+By2TXLPdXSkVuu6({rHTm!cK{ph>A#GmefTDvgqW%2# z)B{zUuPQJhR0>o6ZbMkC@xUEWYnWCn8^9uzusXJnK0_6Gljt&e?Wq>0B zv9qYTUb90~NDIZ&TQ{yEtaLHj+Ci7M2RIVwR|v!C4Oh2rcipToPkiBumqz0{W{$Uu z9NNAR3MtYnQTJEUU3ge5 zSt+}7a!}lP{{+)_&?U(;b=4xQt8$TW^*aL2tdOwN!R0xgw{xF$CUE z#u?B8G7j@=B=HTg?Iwdg&Cszn%@90thbO?eR?y#P-ujm5pm#djFHJ1>USo}n$Lggl zg10}&sHvg^Hx{JUr0T!9L4wU`5Is4id|_VPFu2#p6z;E!2*T+3@`|m86~)y#dlM)O zul5?9VJ+V--yZ+w%#IYj?a}L-^?V~v{Udtv6W6ec&4~4<5oinW7rOjQ2h5%|(^>tl z!xUlSqf$?9&A%#)8V}W>6W3r)cK@xB@zzwbe^rgfF8thteY#4%{0HB`stt1erH~p5 zl$0iDOyvp!ds8Dl1XY`&CO9;_TaH~`m$jIBtH{;&jGv!`;B)U3$ki?U{^^#4Y$tg< zE^fW<*J*9MH8K^Tvx~$}JYKUeGo28iPv$(JHFXp2^_y=N5aCdpmpSpe22rO(G)EpU zCAPLO#mtr1!F#0XhmRK$644HPFsesw=_>ZMw~`+WP|P{@t%(1^THs~x)$M#I1S~Lq z=|Jv4g*c4#1(E@-DB+93DY>T(N>k`luiEw-1_6-PxkLg#O69G&$RGXa^wW>{bO$WM zxu2K6N^e2%>r(sHe_J)&;!azKcHO#dE)6D7A@YKn6G#*TQ1Riir;G`jSzg5v338}(j^2rloU;K5jqS%rREMT zx`c?2T>WgS*!ca95T0NA0^$-P96jTef|E~BlyWO+Dx}~0{K;;{WjA&AbUiOZtPW4e zH|l-YL%@HoIM&ut)`G?_eifKJg?wVgS8q_SF=Lu{+ zQi^}Hc2Ia78`EnIAVEa^i0T0b3-?-D3RXCDA+NcUGnBIZAIpi4GDxX83ua5lhcHIO zq=KgxDcW^rtUXDc)eWUNu2(ytznXag%1ouA@aPLE{XxtHCK=C0-Jk20Ja%N+MJ;-~^x2mmFeiWQR_;>P>r^(W;20X%J?M#3-cyBFbF^Cq z{CF#CGR)3>Gx@u}@!7F`8COfy>R>7%S)109iDCg)bfmq*c;s{&a(iR6ENA~7Z0Yj( z`0HX$;U!(Cqtx@O6Yd{|)N0K5WOXJ;xC!a*Qe$UT<5s^}k}qRCzZBY&8i<>Ec_q%i z_r&tNNRy&VWTHY~YPk7>GChz;r1?GAusTXGHFRAWB{TtcEPYM$m(%em5-g}ADCrrYQM)XZH-^y*XxwtF)GeWT3v){mD-kW z=H+SHjabJYOcOGyGoDtB;K(?c%vWrA z?v>b6Pm0E%IK~tOzXS!O(J*#)8JQfk?!+(X?28T?pfr&j@AeIRPNv^j)FwFxEiL>m zqmCqpdQ1+K3-uRy-om-(X9wQW4Z;5=MNeRoSc}DAc;wUXH_m#Y-_zynjvV1Q{eD1iy9< zcC@0~XRTminT;QJV={x%Pv~CVX=%2@_kj9!Ju2Idc_=FCRmM0McR){f;~-NF>y2dX z{hxJ)`+oeeVLjBg_DzRX3zVRTeA5Rmi4-ai+3STRh-A8CVW%wiWJHgacUFVEO`mZt z?{kAgVX542+NcNRZT+iU65XT6Y$DYm_|<nToEc zOyiw`GO_;-NJ<&XdKa!YeCotCq1zGIXD{$mET0Wgx5_ zkWreys$w!pji|YnjDVKkzl?AV;J7%4w=aGE{1XVym^+PBOqCnDw1quN?5GVt$JNz7 z>kqhm)b#6$yOM0Q=ua;)&+(@47sJf*-07~XTlS=0AuWn-e zsu3M7ZwV*!4iLb!DQcUC260iroHZLiyj1n^UOVe!JLrcsn1+C3uhhxTdR3&Q>-wR@ zaE|fTS=fUAus$cb(#vrFw=hXBGdgM6^EWrQ9EF#TOk@+=QdVbx#h>JN8{cVEo2oq4 z_6V9{TIuk8x0S}F-Ee)f?C?}?V1X%7gCR?6by9GnF3MbwR(8*{k+NYSJppRBV?=SE zQcN&`6o5~^Kann}c;*}OwOcc%jugFe!Vhc1?~WEWWFsbZK5qxi*ms7(&=B*HC;o>m zEoEzF@j=F=ow-$Ctup~AIjU+qMtx?bSNlseMrFP@`kn(#I(t&9HF9el?>I;(J(*x= z_%oZ-Aw4HMIsLm=tA>GJF0m;N|NF;QfRQyWKaZ4)kP?&CQr|2K!A@O-2IPE-gm4Wr zSnE6!T-h6Kj&nZUG3r|M>6+Lmon&7jlmZL{XTvCd`AoE_+~TfMYGQ1n%q;1vV=Sj! z$XYMv!@a$MZ=%dGMLZQ7w5G~pgWvW9C;zDyrd2DQ;*ldM8}B&GzW!Xh*)bEOla$`} zd3?paSE!o$)asEi+2En$tKy$AcThsSz zKv#senf>CJSFT*|g4A54iA^Cb#Mxp3)V4vgmyss;F%3en>#7x^^rr9RHo2%S5@wC+ z=Oe#RZMdhS`bW88Jai`!+Mbi6TgS;oPVI5<(0r9w9&M47wsPokX-!plPO|@iCDzc0 zp?@(NIKz{IMYAFaGbis$91B@@YzL7>I$FiBLSN&jdhtfqrF}2zeC$uX_-%hn<&-H; z5pwEpK$7pm7|(v%Kv?WRZYFuy$oAES1t~LhCVTo%`{U%d^V~~qIT@x_$VIb$IQN%Y zS9?n;aFmeeQK;ZPm@ ztdL+%Slw%1Qu^S#)QB7Djb%%|>v?Oiw#=YOE8&3g2eONczN!V8ds_v>%(!brqt zsT=}vsXeMjYLqUe=xB*^1_yWiPU&#Ui3giYSpz2R-)_aR3|Fa1iAgD+G*B$?^Yu82?az*Rc z*~#Ar8kf8YD!*=m#ngbh1serax0{)Wlog@`Q=0O_Y{f?WT)MXeKm0a7T$qUQBJ5hQ zm-$)awk!G~OHC(0b^?_{4uvSfmd0?{Sxlcw;lj&ptACwxouc6sM6fmv%-l1>@Nve^X~ig_dms$a7BHG+gcz~ zq8-qK#; zM`sBl_Z|~NiP=Xlgy74x`^wDCGdr6Ewd16eKWb7Q*ckSLOrye~6SeFX|xQ zaVoopZ!ofVkB;E_2gBW>+ag;fx;9u3JeTG(TkejpiN|I)tMy)zD! zJ_XbrM>SB}gJpN<6+`ge!zyQ6l|QGlWRQHlDSH$7`T5-0OkBJFz+(q%V-${@9=BzM zL7;xWOr6f^vVtZg({^NaZzP8jlqNR<4|{P_9%BJp?MY&9;!cY^1)-+0c^d+Sqi#Pq{kUk~1{ zYP%xKE3+VlTgn;KB_+lZD+LTpN(7J54WO#HW>3<0QXIgZr|`da9p4YPf&vP zg(}{~*X(vXvs;sp+43#CPw?S)IQ)5}Co))l8<+W=vwEo!OfiESnWMLAc{fvB+!q?+ z=2~yYLcxyQf4D9w)2&mL0Bp z50m#tra4F-MZ1WRDJNK+wIMuX>~Er*kf-KycgC=sOZ4$UFFp;gu9g?rNoWN6_w>mB(J*+v zvr4>~-kU0F72Yi<@@psv%17N^D2BNu|p3m9*JX zJ{W#&o4$rR)2NN;uy1r_4eyRS3CbYq11m^^yUC%GPfo>!CE^fywiUWp;8FR)<@SBuYqFQ()~>B zGLbPJ2Xq?wg%nJDJvF+ktprwh=&+HfA5|5F7Y0)OFr4Rbefu|%Vw^&Zl8cZDn>srJ&uf)Fnvs_O;DFaJHE z3X!SXm&1i=?$P!7nF#InW8VpvX7NVF>(6Um=I|7N;rZB?zn|CNT{P3A^&A*K@Ge9Y zKaRUj=(3vtz059_ zvogU|Zn)!Mr_$ZFCtz-;a--71vJa#s4Qbx*zF+z}=rioAYjcvyp5-ZOgAbKHGIn#! z54Y7-IZcKHgP{HDOi9@2J7ZyTDA6BR`_(qveC@$?vUm9aPpK$-cu(hfG-<*Dzkt3a zNPeH$GC(VN6_?jrZWVuT;mkiX5dVO+=sz$kXD8|X{Ap=ya`4qvMCm1xXLSdPa?IiF zGOF9X`kxhtjbsoN9Ew}Mr5&d#$JHB#V@o#um4~14PP@Mx9UPfqp_T03!BM(;=*#G0+|YBMU(=PGY7>6SA=9u zW&efq3iRVjO~-l(L&a{;nf}A~qx#SjKT0j$4xR~(1=lUR49urO0!ut5t|K3_63K5m zb_2()-yu|gzFm>JWzQ>%`!2}#MF3JR@wdWFjh<>@rVW92>wG!&f&O6_pnV1NDU;k- zvOTpZD1VS|THI4$mssC}<#fOs2Cl7)o)B6B#rUoj4wK}kwQTsCk78Uhos!Zq_D2;n zqk*9zc#D^(D-*^$q*FMJfIN=3$#)S<5to^VSZ#kNVtWJ6H7q-0H+IP(EXe?D%X$F{ z>S1Ry+9b?NHQlD+5J zsJsL7884ID9@J%E3VZRsjc}t@tJIKGtNH=A_S?`c+iH`RBBqULaotH=(yLj6>4OcO z0F&k=ocO065sjwNw3W;Uk2F*^qao&F$`;*b9U~i-zdj#UEFIi}l>6jhId_E~GLfS7 z6_bC}8dz5|unCwnHfOX<+55nim>yKEm>w*f;R&k`hThi5or@&k3V79(yy%vD&t>Ph zRFuaemg93Wgsqv}*83*E;~w?Sc~?yC!}*zD7EEO(HS7ClfgJ-}gdhP3R`w$CiV=n# z4cJg3tjJl$eLV9ECzd|C-Z353&EeP6vy$lHB}MP1I_7DQN1KZAfqCec1?Urhjp0xu zB78p;!^u*_t!o3vEB|nm3Q}c9a@|t)Uk5<;Med4o<<$Q1;N$iV@R~90G9uG~&%d$1 z`R?iR46>}x`zZNAp?-0(6ge43G>_^$dil+@#>Q015as(wrNPRRfR2D?$2;sEh7@W| zWeu1Nr#y1@)2Fz+dLM_+dAj4SpZ73p%zmwH`YG_bf5P6(vWBNLCDt zNYCQ~k7iN&P68iHSW?p!m1@l*Kxdrn##?}vlA0r4UL}HkEZ02sMr`)^{k}H{UB%r6 zfU4D%E1))4u0@0~D0aD?9V2I*ib(eL+y@q+A@Cw=VNgD0lmrDyPzt^B7{JbQ8K5mp zf2*WGdHW6-Q0KOX#9HV6ep*4<)_rW?&rQI!4q`?(_%!Lop&cNAx*)$1-&c_i1_<4O z0C2Y5en0j}HK?E#6Q4s_F|`;RTq(B(SR?%3#mNB>tX@Jn3-_A&Hi({HzU?4^K-f8n z|1ZG4GC<*3lcN7dP4~C=(-z_E^ued^*G%aEvWo~m)ZqkZN4~EAa$e-9AOO&Gq)V>y zRRD6(A(p4};;67^_yYl3JsnUmEfQTe|6d#f1t>~GP~E!^NrvP=jT}7Sup}hAH^+_u z)ZGCnvSxy+H>6wvWRE4O5fesFyukO`u&DU&uIUuSD9#@6Q@|bpUC;ln?` z*)juQn;sgZyxP3=fdl{=q2WGw6!tMBazYD`Q_c2*Tlr1J(vl1r6M>=^p`K!7kYEpL zBv;N_7`UL~z${{OHT2C6?nLBfvHqgzb3e1-@f*g~Y%jP0#*z7Y;`EToEmSRFF_0DB`2m)!^0&mh+G+Y| zv41Ce+*;F`!;2=q(6M>~5e3*)_n#%91mdQ7{^P0NLwr{E8sea{s4G~?UuS323K(s; zGkOBxCk{Hz!z&Bc#J%@?Vsj{o5u{?^1~PN|P-G=Xg)opIzL=GIvZEWk_G6U@oj0mE zvR^2A1{cR(1b9TyR{G;)?+d^_CRq_tjNBF7rfq^mer1oW%0R^*EK92MMjIsUT^Yaa zncWkhBe9rDLa=PhRXIO3 zP#-$U{~T=(aFs|AIq_QtM;Q)A+5H_wmfcB?5&>XS2sT8+l62D_fK4HPumyr7-fRFK z3vvDzfK(r-c@TlD1wi|J{Ag*2Uljg+`3$rYJkJeowGi`8VRXwND)tCwr$REAX4A%}C)VYWxAVLq|q*7N94tIe_aCcYZg-QiKb;GcF zj?7a<9Ynl#@ZB9Cja#}Y>55`R%&-PwmveLx`FDowY0)+S494|{wn8BP6uYsFTh%a% zNL!O<2xs`e-zpudoRcUI7r6Y5;;t(@qTiD4x%)KqM?~P{$YAmhA+#0OGv5ZAe+WPCUouBXC8+ z?$^ohq<(vT_a|#-@vlLLq73({UR77FH8aB=i`q!X`idF?0uc7@9R0?TN6~218D^(&XAas9^O4Z+YI7U5!4WFAe@#3(kz*&g@+iJ1q^7cpew_J#lzjLfWB-SxV2qn}{hn z_6Yi9!@E?)rw7PVC-@8i2m>HpTJYB|IPrTv-%k7n7a>wR4a=CLfM%yij3}5a1O2uO z{w!WqNj8R?%NGr4*z{9E>w<joUn1o5slJ1RE}eQBjwNO{!%FX^KARn*}Qw8Va@0RO#d(Wr2 z?{m(5&bgLz?(1Cte=m@ExFEkIdCN=Awz@q+z$*{(`@mm_3q8OB1U#^l1G8O8(^BK~ zuE3X%ikB6Rs{`PTUM0|h^vsk`%6Nyq!8r}g*XXq7Z;X$5Vz|rJ##If>Ml3k%{=5M% zcCdAG8@0jLvT6C&PX2~pf)+1s-ygB5kxn_#vim0kI9p=TYzN}imq9n;f6 zRTj7@L4lrSW!GF;X z&`pCx9drVG3Lp=VJjR*^SwATK_fM7u{Obw23k9AdB>N3Bon{DjobhiVM7@ib*}CCa2=V`Li$p z8|$bG8pR6eER`or&ddvOq#Y2}B`;A&Y`6#cv5M7mMey^Ucifc+vP+TA0#Gl@n+Z4O zTv56ckf6$2{DYo(@rw`m0rs@xlm=>%>#a2yv^`TnB z-y21bM#5)HJDi*Z|3WH&BWuJ8q5$$UP!n}3NI&XOP0AZszv24r#kCekQ7O9NgtQl5 zmJgzl(m4F~Ra=iuZZJ6mU&DkCmMR(q%AP1E=LH5HRqIjEF3SjGQiWKZ^ z$eXmf7IhCLf`Bsx&B0JiAeNX89dBg?{w(A|=JzD8t}bSF{jGJqzJWebu;4@XB?|2` z*wJ$~(3AM1YP)2vS{dgU%HSF_SJW8I_0nA?#&>}qnj-DeQ#b8lS(PdB--kaf#>!L! z*F$&g#BLzYPAR78%bCN2f-6ACa&wUudKGP!*-tFw3P`&IAOCSP%%+kn8{u~X7U*lp zlN1eoy>yVDuSq5Ug0$^v!WggrOqhq3$?WKGh4}a_77TG>Kmctn_@@15*a}wu*JRY>WX*xm=s5zunu{t{Wyp)nrUh|iL{9B({48nwe<6usIIIonr)v7TD zvzKx?W&?{lAL!%qX*+0e&M>c;e8hlxV}ZTNP4w3sILzA=tvV2JdO7mB=QNl=@va&> zFTqF4+$5M#CJf0g5c`a6i?~1B8Q|?~rKC*r+@R&{uQe_($WFSJ9p{I)u8XIgZ9NL0 zx8II)*HBV!PoCu2c1zr|RM<-|n;stpab?9r^=`*!wdirs;dxk=r#^YOx5+guVd`^q z@Tc?qx(2!$pCrtGjIKtjL$zLZh;7Q6N8rk*N%lns>u*Y-YKuWY4_gthUkKu!i%5uZ z#qmO36sZfay%_r-sv6n8dvzJn&oTLeDq;1|U`v)Iqbv$H{cRi{(ey<6Mx+v$CX~eM z_rgNY`Q|OA+lCIYk%m@noh-Bh)2_@JWeel@Hn$9~J^zyPi8+ks$3gMyL42;&CJ%e$ zbgG@k^1rAD?~v+kJFZXL#pFEW&rGrK%irj^)NgoA@`LJFt(C2ggzYKPa2=1C!OpmJ zztq7xsg=YJQb;9eHr3wWYNS5C~nK)24(cK$X==`_9u=IiW)RecD&8YWf0= ze>{0r->`}yc#jnLVOq1vNKHDegC#`z5kj^^xo5@uZFngdOUv!Y60U|We2?Z%GPm@x zyY{J=b0jq}!FL;BlD3g%m^TACPg@J})jqV@xX%B=o#}-8f)u&$s`ymh9F0z2Qzxj= zxsXeq zV!1Ik3P9XpoRn1qX;3_}lgM}{Pw(ptRYH4Ce9o+&TYtLn`!<<+#~?Hg?}mC1DAqdM zY%%Mddpbjxr2A2|9;uz%em`J4t%^Wjp)W>W-vT>cDA=NC!`47D_D@kg7zB2s&JFa3}?{s4cp;RMKx@XI9J zk>uXtwz6};mAk9{rLvZErphI;3v=ecMJ3*f1GG{_vzoINIDMsjfyNY&?tkhs8XUTB z8?&TXfV4IB7c>I?q^fbh{NSVgqlSIJ48s)v7A8;LstQ&*`{vSKAjeT1Q?Ry)*1WBR z9rJ~~tMgS9C02MU2REvWXe<8p#5jak-25ShS0+<8VJ7y=$_IG6TkP((*@CcX>3U*O z_*EX$FO*H}bPjLTX-l#ttNU?*L8~HgTnG!hXe+IXJDUi2XOwHulRCTmR|c04M7L{E zZaba8b+Kr%F6SMmt9akONmJ-FVbsq7PEZuW?Bd6RkJcMLFA5xxD5NdS+_GvvxA&Je zU`Ad$Q@mrU>d*ha@ax1PY&@f4v(#_xm!GiH@$?01amR&;n-2#<88u4N_RJlgTFL@r zE>EOJd0c*0)WiimD&d7^5ZUK&rpx#NH3_V+k2sKjtG!a?>(LxeZwDK+ju^G zJZQlaiykcy7*ysR*juVnhTHB)Lyx4cfNuY$;PCRL5E^lJ3U|%TRke3NJB;duai3sI zNkrCuT@yfapoesI(HkJm{BBm;@;-%Ihfw9)$wN_$0Xo$JoeF|g_9KRi^t^Wj``=q^ zq%Hip66K*j738PbOT&DKEs5Plhs%UtMpICHQkGZ|VAt!yHt(#Q;L4U(%Pv zq1|%j!g#^v$>HM$8^S`m83%)m32Wl=vX6(Qv3!N|(vnEE%~qZxW*^|{YlW5{u|5k? zspLdXNw+FlDT2hz8Ry`A;;oNtT8<&zJX*goO%J$_{n&dR0$Wr&O%)F)imaW7i0`h6 zQD#u*BfJwPo~qI7FWcOzq~|D>QDOx>rdDwMnvq$XwW|X5Vk*n4uq&)d%Ajm0Q)qTi=ClNYfmwWizv+nd=QqBHtJFRejf2`o;*G?5mmDD!>ydOE< zaQr%vQRfb?T1_HRG>oQI_snbEnCNfzV=l15i>he#O(z-{r8s}8YJhWBe>eoDvDi!# zeCJdm)-KTr%G!OMm+9e_$i=gIQDFor-qZA&20i@Jq4KToc#x9VA1tpx<;G==J<=Vv z9X;XPLg@Wj##0h{?9Z|#^ z&zVxp^J0G5=C&~|z?(p}Zg z>;LBw_=1D@UmiUpn7QFxvu3W_b1iJQ&W)&qx2%EbqHaNYq7 zX1Gg}s>=;TgpA=5O9fu*UHj4a*ysi6*kW_Y7_&g=q?NaMCnK-R*-pecVeq?7t0QgM z9)d_?NMV3JWj;^E>oS72tQd+Hk(8m{@x|)aMg`TBY{rc5?JbCDQ(&Kv32&McD$s6Y z)3pFM7wMC#c9UP$c=maPQx6Bs6u&w1O8G84ZS#n2J<DW|Q0DQjFfxOn8} zQuF7;?)oZu@L-NPrMDC=FZVu<<2Y;U2@D)Bxxtm%IXQ8#yI__-jMYhvzW-byA=nJ@ z{;*zjJq;-f|BX;KL%W*lD|{WIsebSYGb_#g?mot?L>jWyHPf0b#9dej>*n zC2{gOHz(0^4O5g$n%QZ$Y%b@-_bnsF0&XEe^|$j8M*-d$p$ks^-t-#W*8Pei8Bxg) zPbef_eA0Grak>DbcB^qkos@kGwHB~JG#9y;DhgNItH{Z^H`3_2hManvZ`^R&uU1%p z_jcCr0a)Hhfmm>n!QRHH*uBFHM}tfgZ);skEB=zA1M-N#n#W zYcqx@J0fnTeD&RRo1ur$q1C_pcBP2;Iq#B`7o~xIF?soK zs1quK#PnLUp2VStcIRa}%JJTAzc{)1+f$VGe^cgIrupeF3y+Q^H#3BIAv*i?FiV78 zlnAZhf=r-@(mE!h$2WIaOt!A)aV^0&sqNvT_sK*5xH)|g0FW7P9~7wC>A{h9IV|M_ zquH9{Vq&@0^S1TX$*-c+8+jDSv`!TZc9 z_CH=2gUO{HY#)&oN9N%3y&ImKQY!9)!O%n9mm+CL4J76iMNxa^T9gXAb(3IJ2N=(Ax zhOW?uYRBi=?|$*pF*Z3VE{IawrM5olQGA&zk%ez-&m0vJkE}d_l&gY?7aHW9hA(>1 z1-Ts=KdoJauK1lmhFL7q#L-EUk6PTf+$DaoWZxT7(rvTwEjFgX5B>D|q0l_a5Z_qI|6V#jocf2QKj zH;Oo}8tT>S6r~t?!Rn>$^aNC1xSE}0QxHCu=2*)`y6mo8EvC&`f;8ywNAK5NM$J{i z1nK2};JxBE_*JPA{04NTeMQoSz8(8H6`x*^HaqlB$!>^P*w|d&1MuRlTSqmkLkUhv zJmqRh3;fe#VjK4gWy3GL2Z0xvKvRe7kEDWQ{1d-ERSm42tRGtcGueIEWXNUMM3G)G z7i;1f2FBV74eF#{_D@>6_7+`~!kDupV7ldXsH+ovZ=p9p7S%dYn9H5pxOlAcvup91 zyNLZ)<4#-SRf*Jo2c@1@)7=q8?3MKTkb9|jXB4Lv{Tz1#D zf%_m`G|(4^$u%Lbla(oRU-zDekVW-wF?+Q$IZ!e9aKU42dggeau=B!^x}$t&rZd<_ zKbG@PDPeD+3>!ifnK03T#=uUJo{Twt}T|d*{7}K{f3Nn5EJ};)% z__(-#%Qd?5r4BD{Zu_n_0TKFTyS4HyFU`qve@s!fkAA>tpPrA?HLXEGSc9_+vO)N* zEl&}G#&%DUU`Pl&B(HdEjktPh?)+>CX!afF1MTjh^iK$^Uz}`!-krMsI4HVD{1URM z+vBSqrxBXO|5R-nVSbQ@cX3}o#FReae-b-P;zDv@va!Op3V!v&lK*X^hE`xznwMdI zJ3@I1m!HJGDb5%Ddg*y^_TE#&uqO@Ms>6Ov$`1C=RD%?Iu!Z{q?gHM3JLTu>H8WPp^GwRJ(aNQqz291=4yJrP13{h@s5QU~^5mbr!+d}I zq%TMrhgG(&Z_Hs3j$bu6-xtpdFs-2BUK#2HK+UD9|>|NgRztov#ues(lsDK6?lz*^KwvCpoy_^_$q za*0Idi1(Sev^9jcT8;cOy*v#4b+G|tqr&^2+wUO6K&{y?pR?i5n)>){B!!~GuxTD#HMlD(8*?D zo3jzje8Le%CVUS`<_~mZG?E*mt^0UlhFQdvp7J5Ns(<=Ein%F%enhZ!g(#5e>zNe%2Us-eA0@9$PO)g}d27f1unCl#l2~&jlC-rb z@-tBU>=?*}zdSwyKZm4{Zctj=5EY`1XyF#%y)9HEGBsU7Bap?JlQKQ(n@Pk}t|G&m zC$0bTrw;Jy_1#-{LnBGc5{&9&4^STo-jbq93!}Mz`B@iVNt}kB;nXDF>bp~*C=~0K z`eW~@Dw^P*WuPYaL+w@BPiyhBrkb&JP%A8bvWsTQLphF8VDI^wc*YoHJ2CH!#A@}L zbNe@wjB-nGb_ywTcXDoKl3a&a5SS!gE80M76<_(octURk_32bgFde(|VZEd7y_&}i z$HLD-5V`Er+;r*`pa~$9b|d zg{D6Rs|{&`&DaB_eA}Ou^zk}p%C+87R-XXK{kP)C^*u92jhjhraUbn2Aq;3ZTf7>w z3hklyvHO42BWes%H19g5Nl5aQ4Ov)>mWmw3}uFU4jLMBpH`FebhlQ`{o} zP*_?r_azTkJ?`fQ_a{Q5sGnBSM=_sHybHaGg*^5!A|poo^4k0vH1-ZBZG9U?V$Xtd z1IOAcJ32lFh|ym`U)aUEjy*xKR`Mb9TPf?}%8lD_!hr^U$qywVe9m3SWeM1I@*NOoBgZHn1_SI-cL^( zon0CT9}@;uk|B|Lz#uxd_;#;fvZ3O1Ql2RQ>d^;56re~iORnG7Cj#-+?`8euh0cfa z@#qVDxp(B7>h$J2BW^(S1&ZmpaT|AVDxhor>f;nRAQ*nlUeZ_CcaOh}CIC)QtDs9= zvQ5#KCH{WjN7jHFZ>tngB;TxMh6TVyCK{*xWh{UnF^%v4?7Vw7q!AQ7~evxi6w|>nMc-_2GMqH*f?^7HQY!s_?TK87_>23Mae#ei= zQZE-iAN3;irWbc@DEUKvmr`)+4;-fIPz|9Knk||mB!DF9FllW3YY~%df8Y%SLa_Gz zN;G9~1Thl&UcYeZeYmvzdl-Wz&57b1@Gm4kpivmm1_jZTcvJJ^ww0?VTBNB`^S8zw z@*(Uns|ki2V%4Z$8U?|`@}tZ!;LsI`3ivIRDJ3I))gTN^)xQYF51T5*MB}sUlYSqd zxorH#u0w=`ta4}=kUUid{O&E0VQJgGV3Hk-p4;>E&OZco_))LWb;b92Q=_UBoQcLv zPK*c-kEaQ%gXp7Dv-5EPe_DLj)WLTQ$N`$YEer|kv|++VlwW}~z<0r`#sP38%|Lsw zl{86DZbb!@#G+AjhT&b&eyXePM8B_H(8NA)zp9LVhKTTjHChf^HyC!r-*13Z4T6Jj zy11wIoZTQNAQTjh8605j6fhR-c20*abcd-Ot@nZ}IbnZaZ z{t%js?N%HNenm}xhljkI`YzSrdHu@om@N=0`70(VVff(8hwG1lXhOlLKNxd(to>m& zynvtDpu2ZN-M4xDj_!A5fudi@xQSOj)}fw$LHil^8ol#%0{W&`sebUj1FH#f=DN$z z&btWdyB)MOWSXtZ`=9`roR;< zVoZ_p&dMm}`S5JF+8|M{@bTA*M~?-um;DgB9wfcJs<;KHV@eg|qy@M#u-0&V#f|LM z8%I4CMA0z9K?;~d5J^#`p~Xdcqxt>$(>t~HW&Diw{C3;b6jB8eBI-ThzW~|rEnN?J0r{|7-WDwlDzQu17JVhCwGg5We076oUkJtDe*%TmAUKJ5 zE|_#H6i5mtPKg%rgS1$jGd3U?m4g`~IVzrnCdO$HD-ZVplOsG$n4YM7Q2Q6tR7jf$ zZ}xjh5hr={8EAZ8w_Ms!@G`;_S?XVTHT>!M6LT=XVz%Iw3(4jrPNaUtdxSsf1{6dx zF*=OGUG*=h(Ix~M8z@*}seJoxsH{de2m7{nq=q*a;Q1qj9p7~8i!F@Uh6FqE_<-rA z)Vb6Bmo_B62;Bj~?bUl#@CZF=+mH8X?EcmMv^^MtOxbBw>9)bP&}&lo{&&J8F#>gD zZr$!o-;-q0zGw-q@UKW&k~E+#hwywv8;brVeo4_6+mr{cz+^^e#&!UCfLrW0Q(91A zQm|WsRgh3Xu98})QqdrF(zNuse$U*~h_2@IV&Vs>-MGS-#F)kyydl*={9nAGtbGYv zvJ!blin|Kbl=bl}@i6f&hlht)hrEY|Ga`o$Gc+@I#hI$!Wv?+MLQYvV#oNX9hYE*C z=IA%{H~0~vwb@XUQ(vL#^6Si(sFp}IDxtM|)%|k2=ab6ii{%ULWVY+c)u%P$@;T&d z#cQ>$e0DK^($m!>L||!#m422gRXD1evnnUBYPl6ZQ9I#2AzNy#WBA%RL42^V?|*pi zgtc!u%aK3*Wne$Sku_Z`Q+8dHPv~rd>~QJO-m%t6%IR*uVc+@aV88i@>_}#|bcU;7 zzQ5}|D*_T}Vs&_Rrd`;D#JX^1KEs4=nQp1K%$r{~qaP83uRut*j$bNtCPH#xb|6O} z4Z;y3A?~IqlBi*L!F#JuoQ5->rCpNN8P}>}^`C-PSwti7!?z;}@oYYKSgsfvn4?*f zFsWPE59f`<>*E@wSZSEJt<+72TVv^wGt;ne>EFf{4;V2yBx8ltB4Z_t`zMo?GEkltBCG7?Twz1FVIh=NJV}@eiPYKo1vtK`v;Wv zD;o=(X^bnTO+eu6`SKSfiUh@M#fWJ`(?Ey1EABnFy?N3y(Yy#XrmdCWN_qnNX8L8V z)2JC791i=n!TuN?$`=p`~{(#n##d7C*Oge1j>hvOTnN&Ck> zxKqtiD#tHHi%Lp;SBo-h{M_x_GXsZBjw>^o4z!Hj{dk%Oao~R) zf31Cx*<8IsZ7mB;VdyE!7WGrJ*S!yUEAfI0>h;_AZ+pqF$uumwMh~Xt!-p8q@FM}* zBn@BF_hp=gZwro*IjT9h>>nKz?eBJrck=h}v5tZreiTxqe#zi$R^FndN~qg;+N~Tr zOAwW496?!xR2TB4e=h2zZH#;S=&ki$PECD*i_CS{w|GghPmw{^A*lhlbd^(;qg${& z?K+)mnlzrowS6HyH%eCve%Oq8$b0 zBrQ4m<+DpW7JQZH6|L$xTFox)7ms~Me3lzFO$|(64Nu79Wb#vat+1>*YRNpLw7<(J zKd5ZY^^}h{klAqEh21gCE=M#ZTEEo@wdGowK95b$>delzhP%*}3RwL5oZdQc*3m*? zBr8;|c#_Z_-k$%|#rx2a*je!AX5l^ax(l%eV~(srsO25(Rg{NRoT@Uf%}{1zA#U}R z=Ywlg^JL}41nM3sS7ZudId_4J<)Yp21=PTkEJpgiS?njL^ij^mHSXev*W&6z>ofv~ zmL2JtOn;6`Aeb&2|SSqd(^~B^pmx2)tWQklx0^TAN+gS7_SiUA)I2di-L8 zG>}IKarjCeS6}bitum|z2!gmfo=l1{{Uurt7Dx z>PEURUPxY+RF>W&pYY9fHn@A9k7w~QxI~?t0!clm-<*fIdR@3)?cYk9DJu3RpW5y` z2_@YS-Cew{UxBBJ!-adEio9{WsvgyEQ}>?_kNjTSUcKN{hw<+*y7YutSipd-5C9Eo zfFsa4H(W6T3I;(wLl*|+URKRj=L4fGz+AuZKHQWItO}Vmm8b|Ybqk%B2{y~xT1dvY zMw(4E9}6?XAGZDF-s|YFDB`EetFjkW=k&yvVgVL}7C@?et1Skat`T@Xj z0Z{)+0|1g>c>kSN0HgdJ1{AvlnE@bwhtUANf4ibV4+#7BH$-e800#7h273In!2b&x z<~j@FztUhtpfZ4fqL73H=&fjIZ)|Ms@YTi<*XXbulmTZeuI>N;V3GayfJrEPJO=>4 z7tEB@9Mxo`ISp;B==F_k42EE&$ zNQnLg;%LD`q9!9pBxGZ6OvFmhNY6;Z3r|Eu#BFb6!l@uE`a3%4i-+W^qoXY+1A~i; z3%v^qy^Xyo0}}@a2LmHB12Z!n2!hVR)!I=XNN4Rp`tM5qs~%xv2Sa-^TSqe+Yog!k z)iv7Gn4-hwBJhpjrK3P z{@on+Z zo}1ynrIr`|UV=9R0N@8m2n#3y!H&~mJTOGw`d!YzC5ZUJv+vgONM{8VQ3M3!Q03&R zw=4!OLr)kM++9yFixu*gD8HfbyPd(I5M4vU=0z{R@VPrIE-%wGOVRJdn({q#9UmXZ zpN$@`@?0&i58~h?qamXaf&K06J3*`mmtIm+@R1+7>G)OI| zy5%1L`Ry_deIUjE_7)5W^u3@QF{&i~10dz8141+a?(c5?VAQN8LIeE%!`QzE1oU}E z{yodU&|sOsG46!QdeyZ5mbYMNSxw_i|HM~fQJ*cZV5j$`QvWaj7Iu`aezf9|rXQPjkut9`%2k-FxyX z9(nCLnMI%+PYQ`KRmb!tHC#0R#YYsA7;{mnlcS**P4$W*I&4YO2U=>3W7>#e!Rr93{OE7!`vDbe59GR2(15# zzEe#s*U{Qe(2lKkXLK~7_V_DS=Fi&N8$HSS0`K?<`jOEu@A_TrG;fHzjevBAN#ptaoh@tho%Pip9$uzJvanR3`?O5QrX zIKQx&$f?D_1Gspvrlw*^PHn=aGCv=*g1$Ke@1BJ5Kq`M&Jzsb~9L!w=_-q{- z4rRKHi)5E7GQkyHZoXN(;`^6m#=|@3?-zfu?PLi6=LwPJ&4?h@Co*S*s?CoZ5deaB zK=zFipd3&ND;_8h*>*8u!bi!SEFn+i(;ZG6kzxyt8E~qHFAWKA?~xKZ)@OEseW%~h zX;#kg;5BWotLo4l-}o1)#DDEZq!{TVL^56#I4$uK#?=YXtu@~+~xrPkrPYbm#^%~a8 zO>xkhn)(u@nYjNt1e=gGpDMW(s4U`x z%3t-YwBRrn?j7k^*-ZPiR&?7x{uIvF-V4@&7#0?8`Q)+JAPqcY%Kt_65AGa>3^+Zm z%Ve2Bg#}dYOOvsQUFUdL(I9ieDG#a4;_iO?Kzv5wUxx9opK@xDp|wq&77ivFDPcTb zexmugG-fi^>py8v4X3qfp)pk0s{P>Y~vq^fCASS$wqsS4~nompc3aQ2`22c{e#KVw|C)p zoB0%8-UX3xydE1vg`RA+BAppNz8~N$S6gn{@76Gf2)yp~L!UU%48i}7_(3S&Evi$B z0 z|BpfWv!74N2^pI0{Qy#{V^;LH_oy)myH@FIw-MLNPM^6p?e6vrrNKyX>IK~MNgGFm(nnSNXxC@eQn##7NDt#fFkWGj6WwL(Iy!wm2 z`17YfyzdtIX{AoAiQsyLgRl_}_Ogc}IPf?m$xK34@frxc@wLg^m+Uy5LdWLMihMbj zms_kczAjbOvJ)v)DZf_yhp;V_&^ISX7bbvq^maQTx$lJ+g2yu7f);6t@A>wQy$9o@-b3@J8)&Zv7Xy;f6ne7sTZ;$_Bn zrl7JiS|dCZ!tE1+-b8xsVZ+i%>6yc4*Ti&I?u0(^{~+&Nd_y?2?j$(0vku?|4;&4N z`9t4CyMy-)?7j9kUB???Yd%3oNIrEk(6`+sId2675vpB3-OgvapNm|65r61>eLQM& zbwEc)mrds+%R3Lnq?xPKeM`^`M0n3gMAFj+8GGmat9{}-jp~htTFt{CLCH}) zIO|M&c|2OVzrXi`K_@CEC3u1}l>MgD?uLxd`H7WPMfQNn_VQPVs;;N9RtlrOfwXiu ztPsZQ#Q-6z)l!|+GAl8PCT+sgY3tb#MdoD^GRf7ND3578m($@4kNd4&GYJ`)$d5!i z%?9&XbLCQ%=F4H4r`wbHB6(7t_9#FLa5#R*`>p+XFh+P1&$R}if~UK) zf!J`h{w})D7ITO5m1if7$Ri@<*P}RpXawIj6miM9Q+iDDzJ#l2nSSE~%MvVIdWDG4 z!Of%OprrC3s@XTk)#J~g!8%mXgR^lbLf#b|ww;ibAPgR}gZ;)GSUkonNG+uop?tKVogY_DA4ldOcEoo$F7#FyRk?pX`5c$WCb` z9QgKpH4a1A)@e9^WVlO$u>Ep>4{@*A?shXk=&jZ1kf1@GB4mw(fbSy`IWqv)-Xi^v#0-8X8M!&Hd~JBq#4{p$M;0BSE9df9-w0 zS?#jwq*|=tKf;a5$B#d@&!YHVeWW|>cc=$nPKQux4f-zG)_~|9 z(yHBv%6;p5ncln}_qGT&v^Ggo=kb4-pv%;*^U4}I;ceY9hD%N1!E;f~VO zozv2=P#~vWMh%s`I~8k9{B>`;zA|+Zv37$*j&?7nI>ElWQi)ZCv3{nmxGJA!Ss5Q? zdh@f@oJHbMDnS5(z&3(=t z6&cUP7G2RQ*pD0D`ts3zA~@DtJgY45=5xNL<0 z_72`A*G}_ZhM)6U#W7wfBG(0oE2p4g_EoV6AJ=B*gAZ`!9X-)c;V~MdJ00$*&L}P} zwrRiFy&C6Zplyms2Rrn&jSxhtMyD@P|3% zha*0}vEQj+sC6b}Idbbr&2(0Obd-qJ<_bkqJyDj=WyI5lt^x9CWE~78?A+@&$zPUDwAx?(A&$Qe#WhtK3uK1HlAA1acUN3 zj3W2=xQ>GNas@AkjH^e@Nqnk}-mP91&&@ai=CuB9i^0<>ksJ|;CsXx`F6TOEcDwT{ zWeIQe!en@C-El?SZSKLWd4X$xgsofYkwJDLGaTT3zFYS`nr#9Z3is>%#X7U;rFsjY znYBinvvIz+=d;eYP)J?xm(OK+gl_x#Jf8I652}=Hb8RoT%W~23rQ|XxNI1-S0)Eiv zaDGYUw-6obj$kfhX^T637s#X%3kCMLe%TqW-rPj33g&ae(Akgb5kgA%w6Q_({a~gz zu9$ZV0}+Sy*f|fYP+wo4R5bkSe1-OO!OsnExQu-;lrd){LSBE!bMou^?I_t4jCThs zhSqMsvV~w&%hZ^xSJA=mR-4iOoC z?f@HZz3!p+QI@SvM>@48KjAT{)3{xknJ&&jj3Bx_*GWOzULqMStrf#4p2wFvzWswg8xS->0Qe6Z&Dmd4 z3V|>WlrYe5$BNsx#jCh5>dV?~Lbc*NHm~W4LdJqSmuuUHiqn>?tv>736&{LQQgPb2A${vpG`A(0_ za6BUdYRA*1iTh{DDchOF-H8fJ#FMyMV`pT7@*EBhJ7H#@yayj&bu1j!_pbGkp_dfB zEvE~5n++a80*UMPxJ7hYm?j?{%DsezYG$^^%4QSR9T!DK1AL-d+u~ix+aLCNxZKfo z-I>L+X_F@;l#?fp?Cl;os+9FNs||iTt{tyvJ$2*5Z#`1Sfp}2epO)oAME$V!lxouv zAOjvA&|tGpP-xrjeb#=*kAj^D63dywaVJoaz*^vl+#CJ^f=5NO?eu!lakm0jYo=i7 zhpdiRfC7`O8~iZ#lIi7^R!ww`s)CEc0&?}r^l8;=K9cvBMrF z!Ic8gY@Fa>nkE191=#$6g@g`$8au`J2)W#zbk49ue~nK70;!l9ONH{#*w5oVPj6T> zf{UHGamLcf@3hz!kedZ@4nk8d(^XyRx-vVkTsL*UhMCfTt#~dKlRAGr_9|QW&SGR_ zfBVgmSEyV=hx#Z$IdX}le=Rvo;rpdRWF3P^QSpJjGMkv}>31=N6zAiz&_1|aHBg{$ zMNOYqJZW5iZ`nY=qL&9cX;&&~5EsSjv_p)aKT3OWP~6}Yq(u8GJkvP!*{41Yn}TtG zsl110+(J=*@M=&U(~y@OxEk-J&RJ2e>bj5(c@bNND7Y>Jjwn2wg6SYmzVr?V#kk>NvD*9v z>nfy`2mMAmfE&)Ut!wk`hj2y`)V;?K>0*`ctE5l2_WZrjH$PN(cn^#B!W#@Zb5BH7 z^%lB$tvf3ZvetE`z%zI^g(AAQ9&Ygq5N1!;SQ7Cz1qXC%h-RCZ7}{RC_M+bKu5itX z^R*R_PDdm;J(}Ip6>e~YFuU7b^#{tAKleU8gPe9mQfou>>vNWI?ssRD=j>7Mi}ofS zJD*P7U(ES^J?NB@8hg*Uoqyh_(Ud7mXY#&){P@LAZ$dQwHjw4LE0E3HWU3~30D0Rz zrcxa>B&p(x1ZRhR07x~=Mkb2|=BOes1luN{spC+RCVGC?T61L8V^7f2? zeN_boO)Kc6-RQF1#0d(v^_q>=nVz?NHaadrdl_>zFNBR?-QU3qKzxZhIg~B6JaDcojhmxX zJbs!ZNsS89#I{nzww~4Le{-v=_cAWzwO_w$@SoN=>esTund?)J7*C|GJ&yG3z_BV% zO!qngGrmA_8bQ68ff}NgLM$D$G9PMm=}rk^5i+{DA8*hen0>0KM`)j7cFDawfxi(9 zRQbVx9MI<`KkW1Pplit$Sv>ev%iH1%iymi7$F6Lp)S9Ejc$P@TqRFOMer3y4*Sl3K zx%$h2+Bma*u<@hDPNEYvw;&M=2G|~l;gg!<*X78f_1E%XbAZUY%SjX2!I}kaqtg^X z&_>O{g~YFDs)o=0C`F zzKQwXG!AB4hhOtESj>x>FryR}RH(4wtK6keB!p$zH&l=zpB2yq zq>HdxKKsOY8(KUZ;MG;b%iInqHyF1ny+Fm=md+IWdN{aC1-b2_iFn>uW2a6^P4EnV8Lywl+HD`s_c8op1U>dB-T{EpW>vNZWN zTe%?KQQ7bzAhnEg=WETU=XX}Z`rf;HFiqUwyflhEo}yS^*6~f+rz(<3p3kF}!rili zb^_-v2fV4gPn4=#{J?Z6L~%Xq>uqRo-q{nr6w@y5Of1UJ1y>|+wWgM@Ui|8gS8vx{ zbrbIEE%azwDZvtr^r-J%#}IwGxlO)&ptKN9y6z-9EP+5;C&DE8C9gV^#AUF9?DjIl zZoJePSsEo{$E`}*^NX*a1Gj!VxJ56l#URQsHiyo(YPvSr!yB1K1*NZgC;D+`JreN? z<5Hz(FOw|cu~~EPYZm&?AkMaX9BjL@4XT608+aA$bG;uQisc1BYsv&OYg07|Qk9;~ zO730GB{r^4&LcCk!@oX{QHTa{UT%BRA(k}dxhRFbL5TxKN;4x7+&9GVu-vz{zC%#_ z3RK3|p zjN{jt@|sMc{pLpy@rqS<4@aarKu^|)>x zt-2%XTL;_g@gbSWX?qOFFFsvqcF2J{zuuBr6a!!20!5TTEzO*))&X88)h8UHyDr%v zV_z;-uUe`0omv^Bsc>E}8h$<9nhADB2?0}mVeq`;J%6G9V9nVF`6;0-0)%(+LmwCp zOpe7vej4&nKas>8&X)GJ#$;@MgL-#e6$OxfZKrzLs?ex6N5o^59w%mEl1Ijauub>J zghGXoc{^!bzbH7yJ7W%rfphl7iUEpkX1Jd+kuhfQKKxRA+z6T{U$JN#{?qy-h5&dK zNsw-$Yic~O)!7f1JUwn>;qJh!fd~3+Os-5PBlo#Y6m{4Or}Y&A6QHxIUmn%kKt|2i zPla9EF3R5@uoBog(o(e1eqok;**-svdD8jdtzO7qf0r?52Q|E^sEBFV4R1_%iSwfj zqHvZYHU4d^N`So=OtY^MYjFb0j=vE7rn_^n-H-=|>E7>lQ=C|WVqD@$);yHp^)@bbL(~$`f zi4sPnR_Jx@2MuDa(N(eh=;d3SAo;O@Qp#+qI7?Ar^3t)IeH@mJy>D!AljS>rGmaxHgz0p0cM^Ke5hk}=^$ zBE3|IDSp8g&?p2o0M3~62cS#&L_OLwSPX0TCQcFax})hG6>`RRom89DPIXV~KxPNO z9LsTiWXEoDsDyYcaw?(RmW{G#P=KMzUyXj*Eb zAm1ktGN_!Fp@cM&Q?HjPRjK;2U+KZN~OdNLpP)_&M)ACe{l>E zS`_1TyOM|b-1S$A&lv5j{cRCOb`LtlTK!Fx1a8j>}W4UyKP=V;0P3JMg5FYBHQ!Vf78udczuZ9(K#6_WDE#UOh-mG^VE046!5Kh~~spFD-~6 zO5JQ;6J|>__I>$Y?-ggj`j>3KZnyG+Rz>{))T|`|ThE{< z1Sdda{SLPhq*d-#94f2Xqc%$`I|@LHwzkdm6+K6fpy2Y9DW3q2fj)}+lJI55g(%p{ zpAV<#yeF8T!oI3Np*U8*e9najK~*-5ou2!I2&n>S-Eu(QD}pRQ^evBm1x$ZEz~A5h z@#e@~JP|)&9{05Es^XZX@(r{%gjx~(!+3LXo#z0giEhN3h)cAZYrGD^(Pp3#&HF~e=+Y@QTuxezbqfIj@R2=NYGsUtw-G6DzFyarz`n>eEkG$iD zs&BN6)_b8HJs(N)=@%Z3(lIrY7vi-O(5}{0#HkX!Twxe~>MbMR6QsH8v8e&if4_T(NIe4NnaPzU zpo}f@UI8m_YHcy=f7L*2`!K=O2R5z8AdxotdROm-taQ_yIy-hlN7_0vJ3L}>OH(^X zGr^h7_vKAB0FhjwgL5GzhAiS)ves8vES&Hw_8A$wx9$GNS;IVHeA*q-Jc|@{b770u z;5h=h?1XOwAD;y9Y4szyt_^q~3(Dke&vHF!5lhwdV);zl!TV4SIvzD2j_C(pP^!qs z8ujbpcGqNYrlre?XZ1V{o@t>3XQ!uYyxJH>e<|*FvefrcBOK627y%v4^xm4!$8|6* zkl7hcPFp1Dv55`qO`cHA9<1|arF2&}v)95e1+(lv4+QhrPBDFnMu|g>bYo#l+uJyejXR2vZ)3kB^G^EMeWzx^0^AZl7g+2KC>mu0JTCTKW*<@ zqNLd*$vBg$dW9KzP+}~_z~Zjeq`%k2dz`gJ=Bo0(f}&d1A_rFUsIZ~Z@A9e~1Lt-1 zOG{{5OuK{!h9Q(>WEnA4^Z{g{*rv-J9m^$bS~SwJ(Go^U*T;wnkvDWGTYFY2#99U) zWkVIMkIEw2ot5;yW88*Vch>dO}j z>7qxq3L`r-q@McARf;kjUu9DZ%gu+A8elglu{VD)7+iZ_`~Y5?4ixr6q_o%G9#paF z^ev-dvyjpHde|k_R~#`MUmf7$91n*HS_qHO+)>{Pi?fsF=M~4PmKr|2w(b*msfI{jM%X63iy_XJ707D$xZxGmh`FCSQkuxBX> z7shm^c<*!x&CQfG11-`;G%?E14e30#xR))2KIA^G15ds)(6Z>2A7zx%sf`S1_2)tp zUTEW*Bh8ucp#`#e=_HpSb_Zy@NPEgm7@* z-tgJW%+76Zb5BmUo<6)*mZI;DkahMCdW*5TYS^5$z=k_!RGptyE^0@q6*tCq8%7P&?wc)7@@~GF|g4k>=p&} znw8aZ!S?0xh7xZ1!RvB}0u(x;VR$1$J%v9WRrWpJoUXPW>Dz!2^;FbqHdvy<{kE#7 zxgwTftA9qv#?zrvzT|d)zA4O822;g#T4OAAGwloEpyofJhzp_Sq0!n-Y!um9KQt4ZGL4YT0i`AyC!DCiER$^=*5#tpdF`IMCVm2 zA}+o3Gm-pe!Zh{=67ZE+evspHfonkjDjc|(5858G%<6W@+5bgMKgN+szxw8$WB9ph!oHL|L@cdm_( zi-@#f_(&>ozdo-~uqf6piDraxk*m+o^$z3w!r_y^$Jabks5Ta%M+}$`4DUHt7rTPo zKx^$}h=T=IY$N9wV1;A@v1HY5zXp3oyqk{v^z{uk`V!(Qi;Ques~aM0pQ*}X#SQTH zC(JPWZw3L@LL2HLBN7QqGckmRR<3(&c-L;Q`gF%VMLMwYo@H4{>|v@*(a<;kEujF& zY3qo5>j?be7%wh}W^%w832+m-79p^`>Htdx#JAU;U2P7Lm;rwOPZ!l%KwJ- zev!X0Ya${@DVz{8%f7=dRitcDDJ&uTZl^`^F#uOuFTxF+c=k2s01%eaOnA`V!)KyxVTeB-A zT`s1dibCW%A#{ty@JG8rZW=Y~b%8k1tKXVt^0S$;v2INl^!R)92nWhl zIZZed9s{+^7G0$SGTW7(K4d<2VhEvq0u!G1EEQtEWO`~}Bz>`m19u8%sPkw-)3`!Q&5 zfuPp&$(iSv4iM*HlPG;5V6&a>vQ~`E5JzHotP43n=mcbL| zgz*ypr*kHh=8(4p^In#{mfrlD*dZ`IoR(8|W-hS_0I_M@lsAhH=c6oe)+9CUJYVHq zdG$(ZA_tx{h*7qEL>f--`|N(6uk*Us6W{Bs5AV#Y9C0pDecbl*V!uT-xi3ym>9t-7 zP`zPW*byA;F1N4<5RjO8^@|0{l@e0cR~Dvkp{S*(#0AtakX)RdS0J4LzTDo3^PKa` zS~S#D4sbxoU65DWx7|$)P?2(?CkfgLka9ok5y}(VaO}H0tj|Bv!CqS(7$D7bWbDF$ z4TLx>dYVX|xTxJ}d0&3hedw}kl)Dvyn^*xO)W80$vyBqt9>o=Uw!UPn^xJ-m0O4q) zW2}FEnEa|X+BVu+FAAK_i?Vu+&}RH2`bczVS2mZ2;D>Jyk=Uf+ z92-haaxAX9sAi9i_O1qc1z{BZ7i~OD;h1{wD-%ON|K7dNBG$R=dPGl)(w~NkqT1{b z{ju&IA;o}){=~-=;eu$ZopH7@VaGHyopf!wa9r(;*ByVn-oKN*+EC#fYSO=~3(;dh zoN$7w*qFnL9-(ZoKnO0<Lv{#<*MirWW8vSTky^|tp`Zh;VE75y!kfpOCF}? z^^nXA=+sr$wb5F%9rC)geLqHVrWzL;d5|1Wr>Wv1S0UB{!_1s^+6syhPBMrFlAh@? zI{fU*{KVzTQ&`B-*7)UaiNSiq@wqM@lN~0O7aDCkQ>|NE*V>wMz~yewnhe#B=E}vw z-!E3`@*Pti$@WF!OHIWIG~X7sMvQ#qaAtF6p18V0JwG9UVawq4ld&#*FbH)whMB9JunhBjT)lnKTM7lFlc(DXerX*_I*W3zCiw|F z{eILxgzp;y6%fQuV1?Fon|1q2Uls(g;8;J*)CA;rWhPrDIn)!`1DaZ!+KczFjNX}VHE`x(QzYpm7=MT+sCuNoLRI>!X~Aqbt$0X zA!j{o8NV}>B-E#c(ihTxk4lmMl{b>!SOU9NHtyPz10eh6 zE8X!nz)CfitW$f^NchdC8lw%2NJo-URA-UDqoq1L5wI}|iM;Yj=o9cT(-^2GTamQv_jZIWMzP02w80H*i?wb$p zem_lrU=jBScruM@fGB5*bGQYIa&Zfff$fEYH>tiTLO*)nlC<iKZX2-ryrptUDY%6RBUSUVD|~JKVrr8Je5QeGpTD5&Jyk zb+ck~+Lgdw2HvfI)NEzhfpIfKv@q!c&yAZE@RX!S zZP<-;%x(EX5?<+g_zg+a03j6V(UBovQ zAS^?zQWl&JO|R>GydIO{)*aM@?CwCQD)ZsnnkX$@+rw_^cbb7$(2hon2*-zgo7KnB zA0g=09S^&$r?>%hkkYe^>4N2Rh6Jv^PRzlJ!nl)>21@?dyos)a+>kHS)=pd>%4w2r)SbBpqt&rzu({(gC{Zrcw(}E& z9A_02z?+)|-`ovShIdX6KthV*dDqxASqqgh5njZSPYA~pC!X6K^)A|yc;=?uFLWMD#7O>As`jgayJBw6v>iF zgIF+t(rxHeuE*gG=d3Y^rbW4zE+p@)*Ml7go5v_z218oxvn&sI_04wy70cu25l)$P zK2OwA18SApDhf!^Rw|f`-AKUNh_5WcO4tKQ_zJSg+we7eIkoWc0xSleSLn82!?&DN zMi?bTLIzdCjGnvrft4I?9*PJmCz$=D?}Z9H;a%6#4r56@1*8+G(3v6&8XoSqTwu0S z0ec8-cfmXU#{qPT#2lGhA^MqOXoIbV6_%Oo_l`a`aV^#K^Q)Q|`{=!7Tp2(TTVeMf zWo z3!0$b3<$bYlf6QH&h(?Vs|1w$26%Yysv&}yOnK5w-d1FPvVOdsqck*i}&i(e7!+d6cES;-WiR=mTpf90q5f$vM zGI9T8Y(Z__24-z)2g9arB`R{v%Z9G7ReJtv0cwzL;5J3_&!@IA-h-)ibr+ziEL1r< z@O?2o!#9b~Yh{aRWvlMV^L*669J|=O_E;k)BUKE@Z+1s&4)dM5TX4cU-g)PA(90Lk zAf`#Iiqq$rq|xhyoK~VzN!0Gpy0@M^Y0Uk0&!z(R^Gr=vqfP2toCPdQ&t0V4IiAvF z8(KHh<&^NP~dfJ34l)Drnid4!8|+o(agBLlervux5%}y~&}awXyr8UOyzlTrov%Zx|F; z=ub>H=CBlAk7kj+AA%4|LT$hkF^WZ@4suaDc<*lJ+pf(r3=gFBK5pPtFo{ee{B}+} z`9y3$Eu|5$z#0jePt=a^L!GuW_D&bX>^=_>{Ab??K7?l(j*VSs?HBu;SRtnFCXWk) zTWoKMZ_MvlZhh?OG+C*$u1V~?uyLcwkGu`aAn(@~o-Ih7G4AiTWg`iAIL)SHSxm>; zY`b5<^Hw89(VoC`dC)03tXJ??8;2PW;CwK_KHMlqK&^QElch|hkWeyEx?t7_JLUr#0-$$oI?u47ehzJSK#Kq5O1NX0jy{4ICWn+e*#s(xrb zAe@wKqHyTecRfsgF?Z{>%hWF_)$Kj5$Gwj4vGY0=MASpusUN&4R9Mbx{DwB;{{XVh z_DJ^2TNwhz_fMQl4AYEyw2QvjvN@td#afOKBmuX%tr6c zzOXsLar2}*Ptw_ak#a+K(u&gvD`AKTgh8 zmL$|i`G6vsJ4?m@H?2Dl4ek6le1zo&pGkn#1mP|GY^I+SufJ|BI8xrsl)cGp$TF_Q z18F6x58@psY~DIEkg}m~fuBnuuq9R43k`J9+_^aRn zh8XC}uzK8t7B_&M+vXQV-dwG@QVKn^kH-8iijJZAPTc9^6*viO*oUhT7ZExuV;I{M z<(btS1tvXVSF@njIw?d|S};a1Vq0dJ-%9$=EobpeYa9+p&$b(>^-SsAlGCW@{hrAM zTu8)eavx1Dcq!1XGRj(y=?gushu(mdVm=}q)Ik&}Mwp3M?}vfx;=SJJRJxVfPMR5l z=BsMLr^->uOP+^i?)%iILhdO4HUPZRL$b9V{6LygC)o-vP@%uIEiu~&^{g-6u03~< z1*+j&j`P{7Ogbf!iI^K#8Tg0f5U;ZBwC-4gPe0ioHr=xHL*QqE5I(=#w%be|w*CON1Q@Ap7}i*-)n4{z(Y}p3yk0 zAlP+#>NjUE;$Q`O#U5|JZ*$&lxvcF&Ka8yqVIyKQ3ETS=zO%YwF@lT(rAa<5Ve34l zeN)Fd=7cJ}c0hj)O07vd)&8ubkWu8Qfu7% zxR;Z(malh2%m>jnMV2x{`Sn^?yTp2gg7M#cy9)cg<8h!*W4tgs-So^qb91WFCoK~j z15lzUkGon2uM7|;#~?p0<@??ynh0Q?7;~~V-Lmm#|GYF*I6PV8C9=H7cr91_TjqFC z<*7m0rv+4NN_Iwq*9te zGrr>Q8S&{0d&%tV%yHZ5zy?KXIt=}<6Y1t2K0uys6+*B5bq-V~w)n_Ot}UaFl<;{J zHPVa<=lbnhQPB`ABhh{PJhjE6)6{SlmhTPb+qY4cyIRQ?FD5RG`{*yY>B6iU zX)u`(w|e>5_G?LQeS~IawFR|hgni14SEptV(@ncfr#|XFdc_Fr=q&Ea)aod{zMQS$ z9cZwuV-1VWWP+a{&7QXySeVskgj7ds9TI5b7wD=6!(1W`qR%+2(|;HfAuAYsryr?) z-+q;$#Rd`^JNa@_%Zr8{?&rcsXhY@G=`{Ew{opp4PqdF(a%y&vH-uP;e=Kdaz6hRd zYf3VqcGD2{Sd=yK*zWe*HJt6U-*r%M{qehBSH9DZ6G7B$q$HxA=_cB8Nd+UTx!Idk z-B0#mRTilU6utX^dbiV1n)!+PjA<~(~^C~xEHTaA5b;bufMHm+gG+da_(^sTd%nWFIdj?O_o^S02QrNVYNBhr5d z6E5scct@%hDJ!ILLpjS8s^%imj8e=hHRW=)fKKe&5{tSY$0IP>2@~@SF;rS_@*|ry@SXj= zz;h?tK3v-sTajGfM%B9o$U7{{hs>l#t2{6OYu~~jpPI~oZT3a(V`B^_rl|c1Y=`Uu zrY+bnn`VDg;;Id`^D98kc=mMk)%$X)BUN{s&nnLJu z(gHi?;@ISleD4GV7Pb$=GPT@4tG632)>_~65E+zfRzAR;Ai`eiUVZ$`%!hEr{Ucl> z7)21&0J7)sgM@@qZcb<8M@PA6Lr9?vStL#6U&t``^y%sURrmZOR>g*7?%Vr#)Hzb) zH;2F_1kUQOM`qyCq#`4YWZYC&E&UoSrd0Yv)o|+{TC7`d>BBR&BjA5rwb%YKU z>!(|!VGhMq$hS(BP|(V0o%UY|YNK~#(9jOixgfLKF$Eymvz?EP`{)cPTvsRQ`tz1D zi7s`WgH0D|0-Tskh48e#p(++E%)?B-48Vxf!5yIF>!rmoJtIJ3G@~gl-b%W?7ZeO zbO!G-4faFk5WAgwyqj(s?sw&fCn!O6AA_wktUiXns8rq!iSE8C=|5Sr^KmT3I^2s> zXO2@BBGHHji9Rx_iz%}X zR5t%20`0pvi4?`Uxu>^WNfMPlnyDUYK&up&O1#ORZ3c-sAI8C|N;pBC7y!GakL*I! z)cQEP*6^c=;24rmi;q0i)azLprAj$RQo$7Qp<=%E<0jMPjXMkWZFlP68mnohQn~#C zR357-O;Oeg$c)UTsA7SeVsY&pie)3UzHC0$$5#!T|{Gnl>l>xhYfL4tI5HaR-EarRZXSKUlqZ$8sJcN`N z!h3PCGcPJfGUvx~gBI__NTXL*6t1s|4OBbIJ>7zqr)H3z>E{MBrb{k zxY(|`=jf-%Y&|E#z=vwS0a?`532ofoy(lnU;kn!M`7gbV{C#`heN85E@ z|ARC8@|oF@kB+H=i(G$oi%)8vZz*3#k3T^(TD@lFQSL5im9(^duY`3IMY9=DV`z%X zt-%1*oFSQ$EI-MVLb*v-{}Y=kjM56 zakny3o8VVqzH>(NhiShRwKyK1GFpoAKAn?#>&v|$a4C&*clez1r7jY&C~?y=iDvIr z_0V06%hYtVo33}F<1#_C8@piw+fNu=EAt&Y!Ttm*BD_BX&z-uc`~kvoSSwfa{Ee{q zPzoDXdcmWDtZ?W9s-X$N9#qrCLbqqziBbWxWz?Jnm*7PSw#!!4yn)T>>mZf0@{CV+ z2dvs9S0^uGjg;@!_BwjQgY-2=`uj1#?%X~ z2cb~hwdzScz+JCeaU-Po?JhWftil1r6kJ;g$BXq5m~cPDbg>#UkSo*%Zeb#7$dEEF znHF$^wDd-$--AToH54Rsn)F7nM-!dlh(4Uc1ygp?ajU`E4X?Rc$SPQ&8+bi$?sL!Y*&&=4leFG-GFM>~_~{gG$zA!{M=pYQf%oq{ zoBNwFmwb}zo6&1o7uv_O@H(%;IwSR)(f-1A!R8v;MIF&N$GB_SFcXi+8v&T-?j zH;Vsg2Yt=KcQx1Vz{u;M9(`SF6NHHa$bNL$FsCN+sh)vMSmMmRPQz@@5$&Z2wTVMnZ|_1VyVDz2D*Wmmz9iaXIOPtT&wm z%DyouN^JMrr5QB)YKwfZ)XC75qH|!&O$f=-T;1Q?I?z_VMcc7B}v?_2pJP?-(Wp> z2_OVK38IC{S@Uo%xNnWe3P0?6L-hv$l)1M>M>%^~Uv~tE4+9;RloPj6x}6X8YKE?r z==g0<=BpD68;8xjHlt=G_zj*|{XV>vOZjPnzp=Rqw?7oW<-RYSrF9}_fJ^C0bS`#A z5@S0%b=wSFAxl~}AAy&9<8Wp2iVl4+1+WVXb}8U}zi*D7ap+I^3}q#E^%8E+z5~Aw z^dG8Lv;Ostj0W!~~y0sAG@Ts&)?Nlj2=BVt`07GR_CM zhw>*zM~M>e>oSackQ>AP>4eJOfXD*s)OU7&q$~fieeuAH0+7?V7DJ_c=~Ncin>W=Y z(bH6_nA6ODXH-_vzLtt=^!y7FyrfA&BJBZncO+|@#Syt*TmNk0VO)1H;2M6Rz z22U5(ZHJ^15>n>yU(KE3x2lw6BPY_2eQs4_8I$im#CG?|ZCZ39P}pp$oHKr7Zc0g) z&E>*uO>m(y-^aS9PAfSms)>bGvo4!yjg&-w#UztNMUiK#QnzQyX)JekZz+ba0%jIP za{p)&Ln)N!!vJL1M?sI!4ME0F(Zx!o2XZrbf^KW6$lEfs~T9?ggstMWZ zZH-I7^!~}i&E-($2sGi!$QegesCS94OfK{prAZ_w{DkgDv{lK?JubP4<;n~+x1N)hi#oQ~0NaHji*?9Zf*9>Z zbJWT~HQY)66%AzEF0`72nTn42n(JfC-T5H5tJ=(?WlQ0UFHv~?OGxVt1^@J!dNSO(O)`Al7ejf% zYFfS-I47Bu2D}^(4aK1xspL{AkYBF12Yq_c_mO_kryHKE=ir9EaO6{R9*ePI3?jD6 zbXLR8OdQw4t8|tIjl)@x{pAmyuNy&(D*3kzNb$}FBVl1-{s0PCIoxBuA1l=hKcCi) zIV0xxI7e1CGYd(o=8Ca3dh_pO`d9V^oZ3Xcw$YID4L}fmB&RK8bKnDQ1Jt7KT*J=` zAxl5@O{#UjV(6p#)l2VIZ0gigm#8FfuI73MK>1=a%P5^wo>r3V~hcxa|*vyse zsv!7FQTo{QgahGvm*6VJJh-dO6fPccTlH~Utg~g-C`W4cy@m9pqDaM1Xw@=7VnlsG zdd=50mLoe6B-q3pYw$M75CvxN!wx}UIF$na&*0QpjAz5GUvRa~MUwNRgT1w;W7q)9D2{rz>?P@XOm3-s z{OepC5(=OY7EVA}qb;0mukwsUZP2--6<0~2aY4U(gwNbQm*Y=IbCu$%HlrEK@XjOa zbSOn-KdvAPjdyc6Oalh5cShA+_6s!w|OD z_~b@e_iTe8k>Xo8)y|(D;QnA?7xdn}f*)~lSB|*EoW{8TRthhA;8{W2=)@nLn`l7b1;GR>({TRT_&p6M)o4EM{|k#p1-Ba*0}cIvUl6nwpKZN}f)=UpS0AUPG`&16EiIh zQRNJh6Q6Xcd_R+PtA@dK{a(6E4j{?(Ua@=ct7#3XC=y<;>(WN2-A{rA_#P z@no^ypxO0Uh#r-J3ywngiNpHXla_<{e# zHpu^OAil&`meE&@oB*=PpV$GN-( zlY2r|?Q041n?sZsVG8^$w>P;#Xt{zE4}^WCVlroG*oz|4ps64 zmV&Ho5H4Wo+GrW`1_C!nm8zn#=`g7kDHBY1_)fiJ4<1S4-0UGDPu&o?-^+nR3bJQk z&g@yh`A-kAv{LIPt!Be1@CG6nnYrS5PS`I)DnZ8%U$+lHzU>aZcHev#IP?BKCc1pA zP|2jUd8?dS@%jo9BH>L3^&jc=A96}G_gxAmV#lTsa({5gdtv73DIjTLV`ECTH|B?V z9NSfC^7*a2p?hXftjKwhrV{BAd|%-N6sHj-=@j~xg7?EWu~{^&!s9A)@m?CHpt-8z zH;O{2m)A;v~+-|K?D82R~4v$pYGz! z#M36{TR*M-DnT&-oQ79(vSF<_%Az-W;W}jD00cRD-N0M4F9s1bRXNIEQ?1L1|SnA)00CnpT^q{xo}u0cs4Fb|%YIvorOSz5Si&yRA_URWY;;de08s zkJut|Dk^TZ*jD^2G`K-m-7heWabAcHnsWUIcIe+^8#s3`1sO@D9wQIyk-thRB@aW{ z$7@<@dmRz%LnJpdTD!C2B{o(1nXT>pMuINh#$(8|*(yDGlf)}@PQrhwRsJ^I{_CS+ z3tEt00}l8uU&K!gBv=(%Le_sMSiiHTi(2J-lMy?&s16?gS&&(9S^<|aL{I|V*QLmR zC@@P#_-?((6nzwYIIDK1r~Ov}Imf#yxWWAEm2-1k4PByc&N3~E_eh2_R&mTG2N=n&LjS=50pjQ-n;{p*KR4S%kh z`O|%V%8+3nV%)?i7oncle8m{2a4tXwZD&_ps*=h75LMu=(eD0N7vFy@UjB*oLXH(v zBD$d+=tr!rgA?&Yp5-{U8kA?6cCdfP`ATU9eGk-Y9}VYx{XeXM{_8SgpQ#KPH==CD z`8qR6;3IqmHW;1yQqbA??m_)piSm{IMvGdc8FZzeBjeu?95^-(J~onIvlFH|sA|b- zaJ(M_KhnlJ6~(JNZKh0#yYR$hB0|KGtWKIyM;NuD;pSxKz^%N>RF6;p9!KxZ_=}|9 ztNc6%`)CASSS&gSRc-qC?kk}elrUACtU8{>Sxb)p469!3eHwu+z5?kkjM4wvwHgPII`SkwDM`_(epi#m!|K$T&SzXiDBC0Y&W zEu}yS+hQ4CIbl-uSoSK<%y;BZR42%%4r27~id(|WtM9&I zB82cbZepU-D4P*{M0(CAa-nbj2LpQ2_(}|0X4hb;l1@Bv{K6i*gk*scfy(9&H;Te5 z@48#_Z9buYfL#FKj^sa;Vem##u9ud`aIoA6yH6B*Z@% zol`d$2>cQK8c2%reWOazZ=7CiGn<)Z$RIrz6>-uUKU!pfn8&R>{e7NZlUxh?J&=O@ zeB8~s?$U;SwuB{-36*iQj3N@AsTgdK<_vIsuh*l@;T)~xvAj08%jWW0P#2R^zziof5dI>Fj zGh4wBIl6RK(2yx;*AnsfhW{Io5j{$*qcN1ZhQ7-1e@x>4mCzaV;f#8?H~Ne9-!AdD zkJ1Qm{yAM%-2BJ?^@9Ez5^#X~*?~e`$p3naS;#N58VryGlI8x^K7XBN{xr=0^S9R- zuHiIC@{dOG_d}br(bCeY^RwT?f(NYcOH_<%?XriaZ4^fO|C1hx`W*pi`vNuc_n#2U zn#1+0%8ZTGKT7F&5i5pE{qp@+@V86klJ|cZ#Q#WcJ&_2@=dY@)H2!~fo6#($9eoQH~hq5pf2-QvT0>;am@`v22oW`6?e|Hkd1GC#_(L=x%`$%>{p z64Gfz7r#`=w=q)f&@ziHj;z-94U#u#ak$=i{-%^1pH!>3hSH4#4K0WdG5T%{B07_S zEd2seq)1v)v^xH8*@jvy>r({u_NuU$i9wx7XM|=D!au4nUCW5R!JH6Qr5!$|gNh=b z>25#ot!iVj$o5Rf)fwdRzV}tp0P@r+omV~ULL+W{%bc4<&YV@-Ne@YHA2XreP(Sfx zty^ojn)h4m`{__%Ds{d$^M}++R5cA1_QbNiGY5TIge*>-9JM z^nJ(NCu31~{l zu$)D7h9I=FvqA9`=-OBT1Em7l1>cyiq8hIb}N&wLPrENSjY48p>^FqcGlsX z{;O{G0?D3szgNlvb=<6n0zo&fnQr)B!v^T}e#Rv{+n zdk``A{~4rkD@}OKHe7W;;K^eZRu3N4ZK?2n8d;Ik-oM2gNn83(95YF;W>o`HGl((I z>c;b{dg@?xV-8nlz)nH0zrD48o8crGi565fW1&Oo#fQ&E-F`q0x`gAF;!2C-iP~cWgM8EptW&2fs z|3H93?&V;jUe2)jC%-S6NlHhgZ1)$VU)0ykzQFds9jT zrI%LQIE7m>L@L}9dL{dZLpu9~tRLsPe{zda*L^#Uk67d#Z?vctC06Rr8^Wv?Iv1wt zqYfwWYwTO!Dsv>7nB*9Iu!(*Oi=}4pV4fmADN}l)Sh1JgVU3LLqU~Qyn?C9M&hN_h z`ih9txbRS;_4#$0K*;;;<6=$<6JnDU;x0IzLTvo)n)p1<9zNJCIDEKdX5tCXaF(=I7m0eYr$p2OEVUjm(8i2? zbbq!Aj(rw6TW&Rmi3oFd+ken|8@+ZpxOhSYF0U*+9g76v2HNVCB*rASSx$#P6Qq7n z3oAYy8Fo7W+`m38@T6gWSW2&UIbKoe!%i2D$}IhciNicyZYFF)9O1hDiWEDC-WnSs zoXpxGZeaIP=W3=-?@VWT^nUNR-(?_}DEphj6Sx(M5SP<%AyPivJVC#$Hu7$l#h+%L zDv0w%SL<9GHwcU0;YEivG{eiIqxX8AtoPPigz`6^gJfN0P!Qe^#gVUW@ss6_b80Jv zHvpC9yqTdR8~cw3cOyCGYLhB@%UAmu8OcC3jp5sag+Q-I^9$*CkVf3bhF6UROd+Sh zqC0i@ZA@FUZ}P?z{io$TtwE{K<%zRR4R(2F$&U2$;83x?I35ZF09V_5_gBahK0J4|U9nQ_gN!UHrojP! zPlQ7gn#?KTS{Jf~xQErP^Yks*)n9cJ^|@a}Vp0?u9mYOmzCM|Pe!%rFEG)c^O0~>9 zIS^)GEgCYv@?U=1zs#-(ktyV z7TchA53N)h&4$rJ|pPw7^Jg*-)Xuik95<%=#l?Gs1_HC7Nxn=aj4l-9bf<-wT zavOQ}i)f59zt}INczv=b)Dv(nx2pTR?ElI;Fg8F1tW)dWS4rmN?P7a({=M?^SzDd# zYEA$>OKtN0&&M}j)xWO>Ho(c(ez$XT0E*ittwOL>$3&jl?isDr`DkJ8&hH|UcLy`& zK35sF9-pZE#9GlFEH}f01$~GX-}cIqFSJECHG8T6cR}`qghT+_pAT_fZP_ts7mQgr zZL8jAl(r)auJ6(roxb*_&!<-skwZbhTo7Pr|)4be=w??KJW3@M%wDc)*hefF+ zcGqW1F?FC(p&gxNA!WR{kecJtl6n!-fka-13-T-y1J)^JF0VdMpZ5YOz?mbzwszTr zl^YCLh??ajA2%BEOECn*f4;P%F70*r9BW_cz=AAZN5o=O97;RD&#EOp0wCx$y1816W9OTZ9zM2L%a@P(bK3e56#2X5402)h_&4-`5Tb z`QB~^SNnR;cHMi}Cm!zJFh@LE8K0qxGw)=>&YlEetvV;4zm=WB@LF7KH)>6tYBTd4 z((9SzFlxEO*Z66VTo38j1<~{9!m&Z3H5&d1&|*U0Ca>lVB<_MGb0Q|(_ChDIR+20G zzH#wUg=9NzBv132X-8W6K z51%~Mh2UOk>(i6-%eSs4))+i~0fH|w zZ4^!cChhcj4f45o50;zYqRDhy`E};20y*X*;v2Yykh9sMRQ6thG$FOWS>7aFJ3P9m z?8C2;w|%SYktfXZHydw(b++2tH+zlM#XAU6q#=wPYoHY=tD_o> zalybru=0#yK3&s=_>;4w4{)LteR_WSGkj#hP$T!JO!Q~yZLPQc(-Av-oP?)jXa!vX z_9hpMijTp0HYnCN_~2}9YxAip>+<#ky|0f0d3tYS4h$aS2XU|{RK~T<8llW(jqc@w zHBywr*E2M>s+qd%BTuJAXKt7F%N;*0%dd&hrJavqJrnQpJ@nc05&?S5$2-N$t(k0( z{Wcmz=050qvS7UZ*1knsr6 z)}HxKz9l?a`Q=W{-Iw$bV@s+rSXeZIp()IYYi#80%2l912 zCt5mEbI9Vv^(M5lUDlWneJwn@~gkf^QHBU!t<=@B3;gVulocSWtE?I8kxf?7Rr4$8ExXw zFEuK&n_cD#%p@!93|Xc9zL}BN2b=k{&2%?e0R`bf#px!~9ePcbU3N{`LDvScFyAtP zrAd2>h^;BPcPO%G3wJTqeEX`L%m-_aHfK`zB`*Ts_ATdQ&sxc8wXy5K&|L;#c2}MD z(XD0Ka>(o&F_!rAvo$YQiMeYnyS~J`!k0@f*_6vgQVx%PbXHztct%Xs-_(yrGvMxg z0wtO08Cn$EHF3m<*+eL@3Vz%avqAmyv^EF3r$YDSIT`( zF1@My>~vM7Q8ql{UEwhulP|osgp!zCOKQ*Z z^fA_FT3cAS&jnJ{(DGpm#0Jx>jL&4bKU9GD&ed3{Y8Msst^V2r=T}bWH}egS8Sz3V z3tN6m@5YB6l|0|>cyBWGJ*)b1c2IO2x;Hzx3v*a_=6RB&_9_eDPZ6KPT_GW@ZTGl; z!&g2f*z=`u4lE>S=t$vz(SYRJW}huY8g5$mEyTtofq;xYToB^S(I{2=IEqG?3vzRw7VL>77Lza z{yA9xyaT*hQchg*e4b2~IGe%U10xy50 zQ2QF3YHKOY;C^!%BzTMmTWT#hd07iA3~hig*AJGYj42|(<9GOBNzQ)q)7g88dO7OV z#%(sNwUQd+n{g$jr$(z^6XC{!fM1xaByP=m*#%AMt3fR3UU^>FL+r;uV&4+-UlO!& zm?vY?<<|J&k)rP&`Fa{^w`S~oCVr5#H91F5gsU$Kt>cHA`QFSl*Nh_46~5~zZ@3<_ zbMcs&EE2wdZIx~oZh9o_A{)3;_*5H^n~&TqofL$GvNPTG`ncvvx`c;-)Zt~<&#X$_ zHq{lC^A+DNc0$6D8=PK8{*#|r5aw?n#c$|$Bdl(z6!QxSos>lAAO^eaScfT;)yS{8 zby!~+3v<6UE_|vPNT5ZztXGLkz}np8{d`nM8!G2uFwEfz-lO9s*|+ZxO;zD}`xH4= zShVw9rA*w6SuISdnPr8l=Xpd?#LJRM@3jGAlbi+TlpoC$r(t56!5pF|&k zMrUrW(>vKcYF$Z8OIwLec$5U8@6TrsiwE{S&K^jR?7r{PPabb&D*Kr-W~1Oy`>hbS zvy#0nx7T~jAo$pMZAguVmJas&YrW`2eZ5Q4)PO|*H2kV`F0m}Fi41np&0gpuVM!q3 z6c6Nn1E@O_v5Wth4z!uM>NXtJT%X7&m8!mSXOX?c{<`q!}5lYg6*)?%lw3TM`OIW$|WD|)gO%5(?HGSqArc`t~2h#rB(TLq~3!v8Z`+|)cLz2W3$H! zqK-6bni5tg%3{KfQiTq-3sgQ>np=nr9e7&G7G#Vxw6LyENf;1M3B9^f|1j@tE_uhb z`Xmg)CoUYUBY(bfXC+~|Y-}t*!E~9Gfa!8p!eA~jNPyzjHU&}>yqFpaHk`=!5bt9! zERBcnGdN#gr;FI(xw<$h_z~LuewPbg)~T7;yO5s44RTfq)-n~lYe(HFx&WoBO!2kK z9{B1ZNSMbq=@;`zI0QVKw~FG9^{IXr43<*~x_3EPd9^FTa7v=H%=q(w!D%LrLR+c0@@s>x za=<6CC24;NUhm>L*ml9kT0loQDwQIZe=K=ZiIO6-RX$mB6a5~aT*zkgbsdHtz124U zY9s6NQDFhPrl2|ZM9;_iGt0(u*0w?Q=Q!|S((x;gL%cYYWjOh5*S0^OCT#(l>Oa=a zu7Q@6@9Zo2`b2|k3= zdAw99Wto!h)t-WkP2mSsgWYou%c$`!@96|X2n7dwa$zCOImvW)@}2b8*kMCYeL;gV zhBC3T9j$4<7Yp5`W!5|laWstr_Q&&@JUI z=|f$$CuizKKgUF~*9&yKF~|HVC6csJV^tSl${m@iGLJI3-v4sFVw-y1wwYxAk!rc! zNShZ)nonUlEgL!*xKjpm^Wq=0TnD8fEkPABkLD+4YYZt7YiG{Y8TZX{p&Jv*sl#uU zzSP-bR@aqQI;rvxR=!?R9cVNb^8`N~vVwNB|n;(~*zkPqa=>p_u0wgmT5eC)C8-uQjH-Cvt=eD%tpLz z&l>KmzAmhmb=;J}p}u})8d?$$v&Ref_qdAu3b=pWo-QH*;FAUzfq)n`9DXN2ao~S= z1hI<#E_ucmw&w3f0zF}yEs;7OJWooaeoEkDKx@>+;FYzKU{`Buk!~(PEoB^weE+J- zp~v>gYk0%di%agOuBaz(X=v}Gx`qXQ1>c}}IjOJFCb})-Sbz*%s9=%zNQe&faVWi#I^AkL`EL{mxdMwTwWy5I?+E7JQo+jF2J@ zxBd_4(gWEK)CO4kg~XmEQ}n?3Cdu@d)1ANe9e5Wj;MO1N&2+@zHGjG=$Fn=gqkM39=f}EKbIJi^5Rl@v( z%EzPvJEm=2PO9{{-R7cCI8kL}9AC4w%AMNZyb|O_!{RW-ySA4$UJJ7_aEu#El@))- zTwqy&rrFa{>!J|zA&BoA;rGx2cph>?+HAg5cQBv?z>9gw3nuORGDK5^<-?XjO&qg2 zriIN4-a1-dMN{!(`k2Qh^uOLeAtlTexL!%a*Mad{LG2~2wm+thefUy8ThQG5(Rm&` z7MIxLvdgv_#HD-J0c4huE`L2N#$)gRoAW33Cx!sFpRfKAGe#oDA0Xf&r7J%2(hj_T z)-e85Grr0Cr_wioy5hDdleN*V7_mjP$fZ>G|Rm-xzk=Lsa-caJndmS(kjQGMrm9VWb&QTtQZ5p+&` zyO7y)s}t+Iue%)aJ|;ch@a+gs1qnsHsdUqP6!3mc^wq11=G^W4?`wesRi|^rt5ia~ z9v`8hXJ{$`m#x1cv z>1l3eF3=E>eW4atccYBVZMC$8@woO4E5|zCw@i?s0raw35`km+!WJ2<4S7$Gj?2We;NSb6&A^Gpe{+Z zB^1C}e#Etxuk2d37DSG9v`%e;QnUXmt%E{kk$$~lG@r#QX-><*ze8r~WwxY<9-y>> zJI2;gkz&_z0v-jTNKI~vCv7c*M7&%v0Z?n~BQD#OO+gJVdWB`5jm7Xq=A`>-1xk(y zHaGeswdKaK++_pHRmkQ{DAdM<3vfhw4!LBRH$47=&9mvei6P) z&L0Hv6}+3~oo>wEEnE4=jFduGU}f0*efEn=$ARram^jJ5s#x#{pwU`0Lx+Tl%Deg{ zn(UrGbEFV8sCz@pJKXYRbN1~6x5C21fv9QkyK%gyrIPFT6#C*CFY*)~`wDb+(I8wpf}jmYr6E;1SZleiR+oVV z75poIn>F@&;!8v=?e!d;n%v%Ufs^Kq(Vi@Z1qn~;q#+dvRd#XD4@yL2E4C~S$lQpq z`N>?C`su?U5n$^`CE0USpsxX^G2ZjG+de^e2Kv6tZyjVveKQ7&pD8bAju$DgDFG)e z${3%1H+5w-?}Vw%mgjvXKcVFKFgelE=z2B)YrbriFxg;k0AadZl8a@sphFJLP@{4a zQ;6N`6Xq)g7HZ0P|DzmvS|LUt@OxzqJ)9zCrK1GO;@iW4z#kSL>FNI<&bs{$1q)Kj!PJD&7$Q9bMl>1x~SjXEXXpgh-n+a8dvb6^bQ zQK|GiEBSJjo~Skqp#H)Qbd+C7E|bDO_I9>LKww(@{PDdiKgI*UQ;x^NvZz-1XX|Wj zZUJxrR9gZAS`V?%KRC=R)7Vv*`MT-{wOVnI&#*b?e`C++_smsO3+w)~r>EnPM0jGx#8I~fIrq|ZfD?>TZeF(YLSk+)4 zzU^eHuVMMgcc=B`>PKFSWH0$d16CE#HKlaAEI3JbNcpdDTeke(~JH8s-VdO7=ygk^f zcbJ{gNF3qxnyb|c!3%#eGQ99*Ctj`lI#FiV;xoD0uLzq&?lnZQ}{<)UV-+ve#ARd#aPU`DmcC*4{Hlaa@@hpUP&$~SHKC+nd)Gu|~m>95lz z>qy?aKaQ|cTjQF6c=#uPW%{|}_Rb%eQacI5H!W1j@}?CgJ*p*=J}~+0|DrY-He`qI z=PN@jCn6h29Hpvn;oW7+=PWZTGV^vYT6BSjYjL%jm;d zCm15)p-RUbRDdafijN5b+(L(hj`ia=);IGIsAdhLaR4RfoM!+* zMUsHz8HOAs=NV>rclY~t#nnCU-}la0{<_TR+uc>wT~+<7y4BKw==tVH(vF}VJ+mv@ ziv=Mx5PvIH5Qh$ABxfm0{83XsD`791l`u|eZY8Ne^n(e}ZIXV!xv-BOEiAV99Hy~U z-H#N+4f`kzJSK!kzKoL(OH4I6>$`v4k;xof19Bf+}R41Ux~{-N=a2-d-$ok!)LD{1e~G${u}wWy_tV z`TX6b>~K(Dr+3&S@3$Oh$428S?HG(vVhESkxox~UAKi6tTeQf$+T@w1kLL=|6*pdk zKs$tZhE5$JJy7kA=9w0;WV_p3RZ{`shGF3YhQ>z~VcmQ?gOcYTc~lQ+b*y%f!F9QJ ziHVgVB|fo2bh4f{gLs;#s2XuL-=bIBp!RVmUl%I7{@w($^Xt>|koVM%=9!^QT|9ZN z2pKEXWJAA0tx+j7n;<2bt*b~QdOiNDw($fe)n(oh-i3bcC)ewb@4u(imRT1sH=nzv zO@I=|$1Y*AQj94or&uMg4S_hhyw;9l&8K5)>U*^4@a zY->^TZ+S;nc(nVPM;43Sr1cr{?^xOgr-mHldy;yT>zBhuT?5uP{J7?qMG;Q zK2AEIcE%EtcIbP+{rYhLsl(MIAp-!Uta_=Tet)5#J#EtD@-#?%GBQw8pkCFbWmbQ0 zVkA1BYL)OlWR|zq+$2LFHS4O!JFPuvbP;;(gr{L88RRtnupha++?w1;fweX38*0gO zHfA-)F7(Yp+*V;KXxvB!5KsILNXoUI_0FD0P^Qb<1CZiY{$=i5s%=x9IzX?CzhTT zHHw2)aw6GVYJgaD!N>}&`kia=O+8#8fFv0DopGqiI9=pp{uz&LEQEa7D0_wP?lLym zX|+ol)SGmrN!L1O`0>t74!UTF^JXJWeLOz3cyc^(plu(Tg(|*T5wxFgWUUbDEQmgM z>2{YTx>h-SFcGF@`;6tJ?i_EEc^uy^I=g|}^3BbHZQ6l4Unm|U&7x=KD*dHI&ttlU z#xm=su%~fjN>*O4?lgGFLyj#>KexGEVRs;i&^>QLW32u3p~Rh`O_XL0fjqh+d2JL+ zm4ybct_jztFDLP<#y^Q)#g-|x3#}Sdek0zhZcEq-4j*S z%=FU%!}lQ~qae`@7I8!(Zn!fvP1fXe)uLEhnRFe>%w8Sh5!G8Bz1kld?~}J2TV#x- z&!(DEy_I|kW#Xai`OVqcUZ)2F93uuyn>Sd|yNVEt(LRR_=|Fy6vM#-&l>2L6Yy7(f zGwSA~!LQwF?IF7QFzl6;70v6_@;~~%x@>uAY^dQcl7e9&wOZACSrMRgEM(+No1D1FYx(F!6^cjKMeY)?J}Ms zndC{n@e|x(n30`(uF?isHy7Vt{?HX$;A)7N0!icX*^Wy*_BILyiB3ga%c?3t1U}N( z*Dq;>Fivu%lYE)cyTi2&efgP*@U)ETRNpyXvADP#3QiKFTi2X>$U@FyXY~r}$@=qz z+|da4x6gU|u1SgSqjb*n=rVLKN|02ZH>e=aIwZop_v$}Qb&5L21NQW3>(i%>=VuaQ z%;4~S#(Jfs{!A5Sa;NFijua}l%mMw4 z><*;{Py5u&%H+xIE zY*n(7AFBSCfU_KIc=*j}iVNT-=KP)qqpmZ7b7LO>dBIF`FrCuiBmw65Dx3_YxwU^ zT2a7?T|S?r&i>Qr8+1S~I+1c6q9MmDd+)O$AC)c)7hE~wI&UyK|t0=H( zUif~%C;l?(A31r97T}bzey0Z#yap5otfZ`L{Z1KPZ-T{xlBJ=w+h_K&cby=_m5!;6TE5qc z72GLkGNi?#9)s^_{DKXzJM=X$4ij;ybBwkie=DJXGNSv7_n97jb4nb{WyjS4khl_gG_=+}|GIynI9nT|?U~#J`Y1nlBLx*{ZFrZEY^pz#uEhY39}m z7?asU9b~KB5s6cC)t8fx%VlIGmf~a)b_fn!ITGVU*isMmXoLYF*Eutu21dGpG+RCl zM9)n^vGo)h7s*hJG4o!i01I)j{EFTIK-?}!-&k9IfIc6R#4E~FD>LN%U@1NKO%r=L zMatx>BW?}%$d$dK48f4CJd1@=VLD1*w;hL|_t~mv!;4ST>St@tJ8dg&`B}A&-)!~r zYYxE&f7~KkzEDCu`o8gFm?m7X_W?QGO_Mooi2ib&_soN90~!t?K`(<1-OCj}bzW0A zw*LNP3MtRTE8#t$c<^l27NRUz?;$%8De46gBiMFjTs}CP0gT+7SP1Fny>^W?+BOk- zm!+}7#;e&2BbD7sqsw?xWVNodqwMUwGory9`bxgc(k@DO}5??wStC9Z3+FQ>d7fi8zm4}{+NniYt zOjP?>CohhPn)?^G!n+Y^b#|JB$v7p6DD|A6BQV1Qlz)lc{Hv*q3ubprEw>$?rL&I1 z^Xh5tN=W($nAT$F`qb`I(yxBnhy`x_^wkO-Zihr?VMC?Ll5j&*J&>|CFSS-UvcE!q zdN~pH5#Q0?*LNB}`Vl|pxX6Vp9Uyc<5hGy_g2A20hsFlm4j*lVHPNXeRsL76=pR&* z3wEN7J%d`_u%?P}zF4B)D=&_TwTWA2_>-r{v?E(XlLvd!x)FHBF#B%8H=8{Z8#i5A zA8NS?H-<0X(p*K2LUvXxG$?QkwRn~C2%F5(e9^rsLaZrf8e(rVxp(xk+RhKgfvaOm ztJ%&YS~w!K2OEMA4|#{Lan|W>-3u-sTH$jos`Iyn(J#TV* zE{X_y^;`EpCJf4w@%O*QRYd4Y^v8qPkQuuei1ZP9Hol5=m(JOA;37UzZ1~bhv6$wq z-hs8oq@zI*v&%3Z?jwuE*PSg#Tek?Ijsnt>#yZ9yW=-t+jJ1!#I=pU^M-&>1kKc3I zfMdGKUqKq(C-mCAFzx-!WHx9}ajlr`7F~KmD9>j@WBXt)y%_6R(66-7GKox|+Yz9- z{kFO!d*C1_WTnV2?)B>ory>3+GGIA&{=OXD_pY~PRkH}(cx5)qQCLu^L)`LBdXcFI zB47OUX^o5abm5tBQ*V%2=^~7I%G6&-oin-d9yZ^Hfq>Zf%xYlb&@X25;n|f~(X#su zM1u$Ms$Q)8tG%OMBYIi^2O4H_NRR1-%eHEUE4+*|te5Yo4So|Kw~AU_P1=;~eE*^Z zlk0O=@+c6ei{t+GiRXrQofR%U1F-^u1#D?uJ*;1waeV1}Q$NA%V&ZVQ2ddqTb9s-x z%FzHgzsAlx1SLRkRQH;7rx4SyUQGCUg%h}cu%$ZQRF9O94F$myX>VpiIdLWk-Si{F z@>@w^+#@DR z!fBdcWYlE#EAFbE0=Nqj7vDLUHzPGOwAQLx_wlAXdCFM;W>4(j>=iu9@CYeES6DZh zWQ>w1d9Ag>YG@)7^bI7%KT<&<=1hBYYdoe(-9oRWth3Bj$%Ah>2-(e=H>g%0Ne{1` zSQZCaJ_T>54)_(RFXg{_Qt?hL{NC7bT6Qy4CEssAJ}~UfAVzW&!4fU5Sc2r_cxa5K zz@4RgVi>Y|skB%oInSBE$ej%ht@+3;QC8|L>9fnsH;6vXYkPO^DeKLbqxBC=lzg`z z1kpebXT|gt_`O~z$#C9X| zN}7a4qAo>eKX%NuGT8ev(B;l+0OS`cpMm>j^Ke$Q;kF|nYO=?k$3{C^fw5c%k2%ifgRL&ki3Nz z-~n5DyZc|3CXFhSVs+lMn#JDeSQfUlGID$3Gg_NDcX9oZ*V=OniXBUOgSEAF0mMe| zw>o=@w|>m zB2*S9E~9;q8OEe52Wb-D?f#flY$t@Z^vPTbL(JQio=)f;*H}uScH{5<&0R3us7nv$M>&-9>|GzW!+Mw# zR5*U&I)7DYa%{#Y-YXIK!*IW^=Xxg@)?I(EPOMz68J}r{FrOU=#+)mp$x>38bz5=Z z8Ux?epiJne6cH^;!uFbJr52tc*G!4he{ui3fBEzC4`^snlID2zGyb=Z*i)vaEn0#r z>FTL!rRrS1}dWIc+$p4z(|vi}~#dtQt7hfIk-W#qsi=Yr(&{oVJ3BLj&(N8_#>`T+U; zK-?*cE(y4)6U(U-9A1R;lz#izhz&PW+gEjKy8V=1!GrRP5k1j(c#e2#7uOuXzl&+JT=ZtiaBuY=7b%_ zsqyChkC2Myp^Gl-de4Tv8&a%q0t)P{(?0uL>BNcm@d<2o&V;Z2KWN6?W}cKCg9 zgalO1*{568C&=qH=T93CkW=MV>Kht*;Y>O68D(W<-Ea`nbA_=UJ^5bQP96=MRz^6l zP|G!05&;Hvw!}_2>oB|XRx<~FEFdSR7-T)h}`J*U62rq-z1V|sYc&`byE zy|XIWj9;CF?Srl%#nQbN{D@F98{m%lX})Yjd3T?E)5`>C+)9#snvtq|5|_2wBUru{ z1Lan==^L~kRNsjC_AW}&hZmnO&3`vFxt}vuB45v#@zVDL)t^tWPqgduE@mh3K)tOZ zeFbP&AVj?kzmP{FPkfTXZq3nk*rx)hRkmb- zdF$a6PhVPh`4%xAxo%2;ynkI+877@-_&Pzi!r5$+k1E^o3~HuV>_jw<>l(_mWJjwP z8Q{H|n*Kb+xYc>sa2uy7s45pMBgJpzM#7h_+#~UrOW1EK_CtGbHPzkgo>h9$Cj`eQ znRaqQqQ)Ot#9LuMAE2kgG0AZ#A@-$D31`8oIg?fQn15DN>v@6s`$H7>4}f}JjriR$ zBclZ8U9EKJO;f*>N?_rDc84wZ&|dJQ%1=SSVGR)&@+@Ica3f_lK1|L3mV+dES3NVt zJ@Tl!_#I>oeJIMH3Wo}sk<(0NoDK62Uf3AkSK=}!P%hGD4_8a1k9Z9Pq?zMa@-Nr5 z@zubgy+iC6&b+7&PM7qLfGZBSD2yZK~p@wC!6w)o{L$#R8o-)n%Ag)JO5)p zf-u&QEXt`SLcY^el$i@rA5~|WJ=|sH@r$Hmy{@0Z^Q`MyYt>bC8J8r>vs2@bEJHmb z&5*_G--7#~aIafOce_msEvGHsewBG>SfFHaZ+`#HLO7%Er&Xn)xKgNpo{D&w1>Mhn z4Vwjtd}y4rKV|SDaDcwaA8Q0BdA3LAwXON#y{YSco%huVeY|dWe3035Ls&=i1 zLo8~BcJ&^Xn4K>QyW-46H|C;Ne9&*CmL3+F`+uD_J^FCHZpE=MJq7akXfysZwjmTX zmAskjUfK5YQiT?NxvR6ntvZHcqF;=2Zs#L#*QAhkHOX-0A@fo(kki0|#;mVKtFy55 zm#Daow3!8M>K*?v{j_LE}(Th6fjnT{(N!Zh(uS=|t1z;TsAv&R#se`KLn$M0C%rI@LoUjD1s97ou2-FRSi z2T&!={tH|0n8!O$(yzgRM~%7+B)VL`dkF+#eWt7;51yg%`i0=u%(xfV|OPQ`yA#JBt4A zME(-F+`k+-2HyO^mVY_&FGv2>BR?9qe>Lmh?biPUD=37kO0M{;@G`u^IFPtQnCKEa)T{3iFxKiT=fcpz@*w`ixs@DCRH k1ne0#Th0GAk%=Q>;r#R$I)!c`CxAZ{MGb`_`G-&b2X4OENB{r; literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/feature.png b/versioned_docs/version-2.21/images/feature.png new file mode 100644 index 0000000000000000000000000000000000000000..525aa1f94520e8b7e0cc7a4e66647ac8b9156df2 GIT binary patch literal 2428 zcmV-?34`{DP)EX>4Tx04R}tkvT{MQ4~ebOcWOs1yhKKOrch>Q4z}+g&;%-Q6W(aXUPVcNtj8n zNh#O{EL<9+7B<$}TG$GL-~wW8VWnszVdN))1TntmAMStm@!$O*movKQwE4lb@^&N` zP@=IlrQ?+@+UUo}h^jlexo|i{%lf)U66f87nAN)P&+0Yejt-In`1PEf2Wbvr5Yfe13o(%TLbA)=vs~61ShL3i43MKW zHUt+1o0)=Mf2Y{6CvL4S3mq6H$RbOGQP3!mCPSVH(pV@sLxQQ7!Q~DNKIK$ftx6t1P9)&{40>ZQa0}h*wcP6WoIb!x5kfa`a0uf`=-X(q zcV}~M|Mt}L`vIQra=2B*j0^w(00v@9M??Ss00000`9r&Z00009a7bBm000fw000fw z0YWI7cmMzZ2XskIMF;2!1Q0I(x{F+rNK7KRE>=$#@47YscB=nR*gw9ZFO~7(<+L_;H$9} z@e%8rj9Ak_0nuUPAu}T2Jh=0?_w<7S#fZv>?vH2hvwwH*bN1fn0>cn*<>;k!w<*lC zBYCF3a#RMTAj8@3*=d>q0L*YUQ7ZZRf@A?G%@=!pZG?b6HE@UNkDyGpSecyk)KIa~ zlmf~a2$gq%p>;&9c|p6cWO3*Rvr_tPtY*EoX;kRUmN8)w5ASD!{CZHz$Uz$ORM5B@ zdQ1)yJ&1HkB4i#c4%^qd(ROz|fcht8?lDm282scerd4ZOpYo*e*CRqA^i0OICPkKg+U>+~Ta*m2yNh>z_Csywe`ry6~ed%{<5d z>3FBKXpZnSTfv1z!jX}W$l8B>H`dV*#udGK>TYh)zcuF%{k@}n z#UcP`n@n1t+dOBlZ+}4x08mNR6NX+25t)TSf*6(|ojRr008sMChHW$os;)O-Hm5>3=ujfFgVCBHl^1t@QnB1tTOw%3RmRC6;XZ7OL-XzL16X2H{==7b% z{l4~<`Bum-|JK=iLmfkwj35YHni1h4w*O`agks>uRbY00h){J10^{@HjvdV?|FUYH z>aJ6PypsBjQ}eEFis@W8)2?uh`qkCKthXBH0YGdGeH#EeRf-Kxy|#N$tv@Qt1M^bf zPq=dOHUBR+gHIX*|M_Z2<{Xf^WAL9j3{7GZ6c=j(zL(eit z7jCS0Vn=%9na1?C&vm8eLbZ7%R2+lof;osX=s^q#(78Lomb?!Cq#|DN@v@i3$#;}t zrOQsTai&{y)c$`y?5jWGA)$gGaNB=6ZoIOi+2Eh`Dx_!PAs*g&f1WBsz=~ezbfG{& z8QkBW&G4I6&J8)WKgIc@C7-jmTVp#vT>j33KHKxiyN`w1Y~W0^>pgkg6hy|w!Jk(G z_RPWi#-bZghk|8UsMTtSGC|kKbfT=;_Pk+#`3%ok;iAH3eQh}DWs(f6Ms2JAo|Ibz zwOS21WgJNRb@bhF-ZOBvfkwsv09clVuJam@@fw}V7PCumMpWizeU!T}(rh8D#h zqp1KeqMDA6KSG7%LsU5kYBrm>^##c*WLGx_oemtwLZuCb9BzQue&ZhW+9lA@nUEw2 z;_X}D>d%7t)_8E2PJq366;Np;F>`Va06>P5Q2N{0qtfpQL*JJ}&~fcN0)wC)kDeLf z>UhyRG7apJ%7GL@p@QV|LUi2)ckwvn%t`S1{BT!nKu{Zn@Q)UO{bFy=?TExJOKwM} zPN_US3jib@4WQ&Q6JR!j(ni+nbzv=$2cUu=aGOfUj8(NY#kg~eL9FNRC%xMVNgIj2 zBfH@-7=bIb2&^fArmjZzYN8s?Cg#i@cd%pB)U9Wie`&XOTCG-h+)+A(57JL1irYK| zODNMOF(JDWs_A%8O1SHOG!vBkmj&Am38)&1Z_38>IQg5(u8fNUQpzd1CwXQ3JxZCd-4 zoW8Pmppt_Ks>9HG>lXYKA3y~lYR7wWPh9G?b0lKTsssP220Eb81cHr?gJJ#R$RW)D zVBSp|x+BRC83Id3p0aCTo(h7%ZJnO=I+|-0NXdls*+xhd;NQpx^ds*y$7a;5t+l`T z)oFXTM$;U8II72qbq?`IAErwIh=bao(I}|CEQ)C40=@)@9!MTfusbULvV}D)Ur}|T z4gfToK+tM^de|eL=>%WT(t(!)@3=W4U`S}~h%{}P|7q=?JKZ*)M$zUL5 literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/logo.png b/versioned_docs/version-2.21/images/logo.png new file mode 100644 index 0000000000000000000000000000000000000000..701f63ba88182d529ddc728ee76899773371dbf7 GIT binary patch literal 33920 zcmd?R1y@_a_bwbPXn^9b#frPT6?fMH#oe6%Eybm{Lvb&~9ZGPABE<>r?sn<#FYkLl z!_8V*XU=4wEwe}VJbO+eRF!2xC`2d#001QSQA+*o`TzjH7$X7SN|ku9E^iljD{&=p z0H8Jw_30DB+dYN(M|C9tz?T*P0Dt)pJpjB10C=zg00*W3fIu1mfbX2uswVVCi|qVS z&kX=T#s2q&0c2zmym8mF(bRR{63|3u;K zVDIQA;4Mt`9}0oD^1o_UDvJM*xZ4R+=_;vGNIJQGrr>7bVqv2aL7||a5OTG!6i}Cv z`R~Wy?u4nV-QAr9SXsTiyjZ+AS)5$0SlRjc`B~XGSUEVD-zb>fd>q|Bc{4k@QU4c{ z|KTI`+0ES5#@XG*$&un8-%n;v9`3?aRR0A1@8`etbhokm|0FrO{kK_f2D1M9g_WI! zjrD(dzdb7SuU0_C)#me?`G3{@w;UnXf5QKN%KVq5|EYa5RRl$d^?#d9 z1V!;TogM%n29T2y*Yt)t%0>Vi&dv^;>i?4CQ5Fg|3VGj*C!at;Q>1!j$DkZc#jM}1 z`xDQO!6Co74L=eGbkY}zgXDr0-nJX?x|Zz~mO6B_FkabN=eP4WKxe$|)o^U7By|$!K@Ab1KP-$TjA9sjAIY5IZ;@m7-nWa}@|FXQ4wx&KTANZX9kG zW1#F)i+6~32A@38pQ{6xc53(B=btlTC}6-yM)W+)?TWhqfn-qS4vVkh`&;s;Qyg*{ zV*^8mSoNl^|4 z3F--@C)_Kzg*nn5@W9R)&nS@)Qy5=^(BE=*ZQuEa*bc`ig0%L|YA z-8X_O+8Efl8%k7v;lQe71%LxO{p~xr#vABTALja&F{M;Kzys$`ttVDSaXQ z?1;1tpZuRv)_L$~;I3p*&b|idW?yj!>eSJVDq6%X6^U@;K>t zKC^chL`73SZ}~;paJ9+UufrdysV+X7k!U;@e>y`yr!}JFeQND zRYTLQVsYs1(7vTdYJ3+&(fA0SR`hGrsVuPZxpWHt-6}4mX%D|%mG{f!C*BnlfBcXuKu!g;wu&OWb(}yuD+^q>3?tFl6z`GDimB}Wb@)%g6fr4S z;8m162E`BY85k@~VlaP~z9HiYbEl?|r2T18$n**R=EtW!7`CpH>3aaXl)jn9Y82H= z1kKMM@MwG1w%u^yAgQteO~6FrQdc-)MA>F8(~G|SY5L;>3Wl4`AiMrqv{qVMI3<`Y zbmcz}#>azUe(0x?N5B};<`GlCIBQmLcwE;&uOao5mR(+^_LcG92XUT?uda!`@ zi@0_?O*M2)7uG=&c1}GYY#QTCy~oyc^cra$#-aXacV(AaduUq9gH|71Buqf-S##=v zZ1u(^nIm#y4h%iePXhhii8xv8Pi24@2Y>>YWEh-0L>egFz~m^3`>NDljc=4b7I=Uf81iHlPNgn3*BV)1 z0DwClJdNDqZPL7?4>jw&8{%I`LErjYZy^{FYwtATta^rmp$>gq2eXmsYKUG~^Rgy~ zJppDi6YTaW&PZ)as+y$^R6Q8SKJ_wV&a})$IY>O}0 z=ii`BeQ8f_5bMC^%w`$1^`(di!92@JbOqBGEEUWqhIqyf#-tp>w}I3R*HPa7G*>i| zN={X1`cMpKR7QjFF$Q^r2&rI0{WRx8G2qTnNLff4t(k#oF{&-H2~*=%R8dH8c?Vq0 z^=~9Hz|=I%?@bjbXz3Bsa*8QbZ4%uPJt8^VF#de->fAUj^2&Edkb%lQ5i8`yeC!U* z3mPa_vS=la2c%{5mQbH_oXHxjGayBm&0y~?K`;^0Sx29=p0MAD<=>PuknR(g7X{d` zEVjqP0?#g2z09;B!PZB1iGM7yS82OEZ=?z+jpm0VJL&`-*je_CRtepA(UShR@a_C>~=!RmPOv7YlhS@rQo)X|nD z`VyUzAN zcvxUCzG(35&Dg{ol^}#;g~jKxNL2rJH%J19S2Ed!}`Sb#C8p7v(EfOp*+(+Y(9&oL&rR zldCfjok;V@j}$;(DFTN(9EUwxCPOZvByokKunQa2ry9ICynz*)je%&4TKMJg$?~NF zr#O!XEp0Z(tcR9a4;U2%(O>Oh$86q?&fcQvh?;*={%7A3~JVV^Mk zW!j}Tl2T_asbKfza2(#D8QnufUAptK_4b|M?b}*A?VmQDj>1L^p)oC0bDOeCVkxJ4JEekKlt2CQn+~elJHcgu*|SmZD8;%8qHk zf~NuF-}~*N>?BXB&8^rc2+?|fqoO%{EveMf;(m^zQ79f=a4WcH4XiW0G+%oi4yd!x z^HI`E&t#nB^-}+x?yNCYVYF>tGoCf@aH4t{=S`J!?!*+FMPr(gD)At7ZeZ4}XgM+5 zF+8%cZ!t~ zvE8G7EVw(V<&I>|0}=&pNX?4PU&KZm<&uB1!#j2@ZxsGByJI zno;M8RC&Z5PJ+37CtMk2w_4K^u#^Rc%ST2;`FzLnC*E}=M7X;UX#kNSViOcumUn}l z_S%k~Mh-kdxc8kHP~h_$x1de(q-hfez(oCV9`lii!}e4NaEmzU~)#dVH>kaPpN^p<}rI~^MiyI3mI?NU6LA% zyH8Ne(5d$J336|=cuv8YdEPF4sU>uj`zw4a!@hs^zNYX6J&*EdMvgA^#-yiew zR5g93cTnDA<4wm^e+RD@{pS@X{_JwU0QeiSvFOT|rw{2-rBEFId## z7!dz8hxo^_!3daVxxR>wDT?llFhctN@dQV~i_wH8D^@-J>HBThCp(2xcBw#^6<5^@VZE~<^@5;po+q*u?j8o7 zhg&;L`bQ#ZT?@=O%adn|;3?)`RCF7%WkGT#K3xaHukGA!FM9AdHio4&K4XQx7Sa{IvNL z{k6i~I;bCl5LNQCLa}nn4aank3FsSmVXIsX!*lh6KqF9=ouZ_TnR(%JYg-`f<0a>g zN79OjSHTH4?kw(hGC1Arx6q$tx@yo_{icU%)6zkHbzMI zeG}La&WWVzF6~~L%Ea4)o;B!T#3xF(rh^IS^YT3=IHzk={yuCV1r|{H)2KucmgYpV zCbA3b^!*71@aQI1xr?s;41DqH7hTE3KAYD$RGQemN^iNL{D=Ip!)G&$qf;Zg@lopG z&?46_a-w;XeofMGERIcqD=Uq{Tu|*<@Wc+YYu)w$?D+@Sww*}9usLn|4{5ip*{tXC zEsOBO4_Z3UpC7(|K0U|~QqVLTmV`}FyYQy*)VDyEf&q!S(R7lEg+ra)jMgYtRnhW6 zGk7~_k@;Qzml-#xthzOh`?M=|0>e!gG#lQxiiFfC3!bo?HIsCrmM;>wYkHTu`jxP!Th_QNk>MCZ;mi4MJ;nOD|MJwc0Bw?#bMJs zt<$8Ze#&hZkzjN~N%k1&6mXnu)he5O9J&mF4U?l*y6f^BUv(}<4vpD4; z4*ubFH0@9%hkc+!1b;J7`k)w4jvHo-+DjP;p>xqBNeOHdD%DKhh(#DlAt&i{h}FJg z>Kvwr`GTjhPXo?^;cMZ;T@Lkd3OM(LdO#Y?POkChWx=VGKQSW4OrC&FVA4gSC%SVY z!|-WauWp%o%Y);F*&@%K_+ZDw93!Loa{1tZ7RBpjfXX`NV#lzZ6GEw5|AdNuJtQW( zX;KOQZY@n@Kv>YDk+==hT!eb#vmPrqyyHUI!@$H?#%&hS#s{)HkpM!ISn_K6V1hly z;erJnKpYw|0pG0BnPrZG2QLb#td|IqMKZ@_L#BWAjRdqyCtjzR zjUT*gJ{=f&t5N9Od6R48U=41!ZSQ~1^g^GEX9WLJjPN95c`5T|JTHf8N^C+`S9g5^ z*67N!Cz9F}oS9(jv?tzAd1( zx#scd%J|t0{u)+Sp(w1*{C${CTT~RTbJ}^CESZ&kfzl7GtdACR?FvCx2Xs37=Y^9F zTt+v({-adExbinlj++DNG-AfmIcjg%!{KIM5H|UTexVZdn9Nc^Bi~8F!E@B=IOl=K z=D%`6x=%m6I~ShTTe4Lq`8^(9BhoQvR7TtI5XtdqVU3*8JdP=GI@zuA+g>yGPY(Gn z|1@ZCwANR+89Pr^%F$`hTnF}bI=Dlxa9)hvM zBH%Sv9!W?P`4~*5K}KN}%f3w?Y`;b?>$F(UX@QhC`5lv(GOq&z7XzD9XBo*M%AlFR zB0ZZAV21a@Ti~i$62` zdB6|y${4BMEpCX4FH0FZMM=NE#dx~)!!gU8wl3+s4?1|VIH#{2ivLAf%!H-8(QD~K zENZL=I~W%&BjUvR(r^bnpMr8jz++;C8Z{A-V7T@Ri@!W#_xCd!R!3H zkkrT1$Wt7ZcQq`=()K5#4up%@34GZ_u{sH3&qEFC+Hf3|GOBew;+a;@* zYs^4CxIXul4a7hwxdJ3bjbn5QnfYo3!Mpxxi3s*_vT*;Tql|O*EvPoKhye0}Dm=0a z_X9$%dlQf*9~{?rje#hOBb?8#r#I}0s{tPU?ZPeqRr$5&4Mf%oc7kqeHa;Z> z9g5(%&hP%bK3Ghrf2+&=H!jv2PgL4F@)Y#`PU+WwHx{X+9t4l^&nAUJH2Q>^!aipA z<0OLvM)x}IggW2>Uty3r@8h7ok|oQCV#T1|B_+@B5Ex80nJ1$2dNvugZi6fzMCjkR zzQP#o2cp_{Vo)EBHKcImD1C3U{K)r59zou>%8u6a%8pSd*+!z*Q!{zXNF{ znaO|KqIc<6R<6oEv-HFWUWSUbM=)kQ!LiTbn$m$Fti`&pK5_syv6Vje#DpHx`pnPX zZSy2?;NWKc<(C4tMJ%@2n2!ax4Q7A~>xQnF~*njIl6A$YkOCU&U%q$)pA1Hu|%6*VRri`Op?NT!2X5`{4xGr_3m z(#nfq=>$wtCA|ciyjBXu)9yYeKYc_V`Q4Wt5Vy8ZA|K-hb$r`@Qb@y2MTh(qkX7uL zx6L|R-WgpQ4 zokq9c-5_DmGX&EmmLWx~1MBB#OsGa*%Fw7({b7nfyf;uv0r7f?u`e^S0B809jCh|G zVSmy*aQ9pXnTV<~3}_ z4VQDC?;VQY$t_8oZ$gFp_D3JA#gWp~Vfx%GH;(B#^`2Vzw3e{Z*SXHH1K(iI;kVZB zknB^nZO8K3T;pMd86k*v_EWS^XGaO~=QLGtB}a(rd*mG2pgQk|(x+?7_7X33lnRbl z^ch5{;B!`aW-UCa2vgZH(J}frH%fr-2$uq4wRP9$z0b?d=y_JKUBiQ@u_zKHz|Vo~ z>0xM6{qkecRnHk*CB>u~Pis)PH<(uQN7RS~Qg=Lc7P@_adl2fm3v>w*Jx7EHONjFGJ03Q#x9Ylf**$)L?5W9C|)n7cn1+I z4u`)3IHZ5<`rLo$9$1*B`1`q$g*bvjZVi?}_J&)?B2N;Y9X)Hd%puCJ z7F5B5-3sOV_+LixS@FyfOb>|P@uCE$nIXTY!9=*sbx%c;qODaN^B83u0T9AeYyM?p z2Uf|e^o2pk-xl>9@H^n(4Tx{oxE>{MBnwH@JI-A3`ePn5>VW)f!TU@*$$Nk+hmqo6 z8o(r_g^Wn#aLjM;r!uEV!id}0yDl?7*%CRZAVHCz;{;#vjt*l|fg|*i3+p4UArW2G z1s)OjfhtCVHJlKA(V8OeBn0AP#@D3UtvQ~e0BqHqOr#1Mi^YZWR(zU(=mM}IYBL6@ zKJPv?Sm$piF9P`-qr_w{;~D%SWFzO_6$JmtkWTF@@H}2@sWxhBEieCoVF_1Hij3SX ziwgF++-YfX+qE@;|FH-~I_r@lYbhSFTHAY}KPNcfi)TRN%cU%)2)pOG3njlpxW)0p zHm89kg~Cqeht;1g4}tw)dK0gZ=Xe&R#VY zZ%Nim#KOzSkPERrg_RBZ97Ztd7`YX>Y25y#?xV=FEw*``uA;{XnFH^+#2-)EYAUL# zJOUoBTtX2sJUe`^U5#4ZU7B+_tzt8|?NW$&9kYlzEu%99Jj(s{i&B>d$b;-_+FqU? z{U$FfapPguV*TOxOnwltDUx_qY%{iKACbjNhW1g!D*`8(>$vym>jW{wL&viP>7M`E z)pUe>BlD&AzFqNx3pPgK=hbht*E^flF+re~jYVT=+4^1>1kutL*_+JoMY)Yk4x_z6 z1UZa)4MCdgQeH1T(Er{l8TNHKsKcs_Y&*&U@^ocv*sKA!-NA5)FIfRMe|v&nE_1~^ zj&S2a;1ZQwGXKjl-r#yKisNISqlMa@yYtP^)6PehW5GmPC6tr4(@xWpY)|1Hu0?-4cAQXQ%5TYm1pwXsPmHbNKnn9GL;s*O7Vy;i6{@o%REj8`+vKt^ zarx6X(w#XyD^i_mkLf(=D7+TduBYi3BJSbK$J4G;k^3#|0e1O{%3qO7_H|>+t%ucz zJj>3KB_X}J8Xz`x$_-=xbLrcl*MY_GakX!+H%m?{zrSkQEWJNhx^Mh5(}d3n4s#lA zieaD%23lQ(n~YuKKt3IKyql>J)U+p*D)~B-Cmx!`ReQT0L6_q!c=R*0qPqHKUZYsi z<+S}W*6*OKBumlxcI}mxC|t)Rz+(+oWo21^vFIkdz9UmKsPpmRux2F$fu4bR`%O2; zyR!|)$Kxh1$uKmR2E_%)U8~#S0B> z2u?jhUM5eMn5&?yJz;?nDJFkC0q~V({Ccu22@=GeD|k|I@wPzCq!>gSen;iO9Z+MoI0+bxF^WH z*I}AoU(m+p1;zp%TZabUQg!(k1Sk5y(F)PCa(vM9oO1T{X}-&;2B}y&&y*BIubC(p3m(V z@7mRhN6`Ild`57gQjNg?d{S+TyXYkl4w+wvy-`5sc1_T>E2Dx zL<$lMjzL(d36)+>W$Qt?aiWRue$h$uX6$7#=k?j!pjm!?v;215*lmnEK!;$ljR1bH z3~PPu&ARPa{v86Ziy=C?s&EX^r%8wUDH##^gNLd@R2K3ny$xY)RtFkOHgq4s>IwxU zRXbp-&83Ju-E&n%B(vlmSI{p3{*0&k8Rbig5{#!ee|nWt#&wR=}#Db!u<8C=~m@lVh`6*5279bf3X0?nq{U#dxX)4cxusu zRkSD?Cg9dl(^}xkaT7ytmQ!ue!+yy#|5q4~=N%aw%_4e$#$P#qC)yM%!`Y(s*2Rfe~OPTSlOqfD4U>TWxPrb)m|D*MyIQsaZCTjO$T45TUT?czk6&JHy97Z_9tMsrpMNE=%m%PmGbkDd zTx;Eqa!xdpzupaW9*9v&6?`)HXnBXo#kc=;@8WUgG;o&~MA(DaUGOD(uc2H1gR4r9 z`d1BxPI>g|&x)s%Y1zekUyhc0b&&Xm-CCbB&AUhpu=h+X9t2Wl47|`sUU;?vW_TvmV&4iP30k*aXVn4%{WWrB1^5w$miEpm@RE3q!uxLHn_u^LM=`Qw zX)dMZCJEOGVH?(2j+$~>Tsg9--+}XNh9?a+`uru0=q_wKEujPs#*?zeYREsAvZ!V;kuKS;vx1 z2)m&qzirl06o*}u9-7Gm7#z97R2O}WMIA%DOg|mPxW~SwHbej@i zILce9gl#)Z08JPw?ZLkEMd!AUIjoHjy9s}PDW<&Z9JWd{Dzj=P=O_5Q)4BDZOAuWu6zV12Axo*1VbK{EV(ipGn2Dp_z#t=MJKQGU^;~aXc^!RHK@-}51?j~zE z$)fVYAKjtm?e8}Au~~2FM)s)%YzL5v_9#mxx$`O};|oXr#*;-ln+ z)2rQ}oQ3F@-%Yuyi|StT&SX&06YR8mUl_bmt`8kPt{or?+*uwMJUud@I{`5y{cyeY2?pc1a0AjV%Ge;h+^J23wf!JWOmi2ec*=A{FwX*lx^7e&cobQmWbu4n14mO%4AtBWvk1;pM2c413^1+=VGlrLs_{;#J_Q%x+9|qD%Q=Ikh)*mP#RIYe z`Ulk^i2?~|2Y-G5#aMHBa$Bs2<6`pklR9$(0TN5Ql05rgsH^Tx{LjB4@_kC1O^ge= zZYj#6UQz9Ishm(*X_6p|cfxF~^CL92%Z`hjzL-Lj>P4&%YhGj%K?u+U_jD7q7Te?E zKNY;_T9fidPoN-zVND6tALD|adNF?Yz?kn%rGOByt^<%X(&k+0*X}gd0YV4cY+SBe zA4LtuQE-Clf<+7GxqR54wdx14qYLt`pM6}!eI!mBylt6@Rz%?aZ05u8-(-zgPiqCBR#n?_$4y+Ju)!T#9%Qsv1J4KXdUUU@bIiO|PHJ4aV^!D4PrP zD#`IJU-DdXc&6t>6`Zgx@o;njmg<7yZSLz?Et=)pt(V{SBiGf{tp^`46j2h)0Ev9l zU?dk~sbBt+P2qu!A8Yhc-@-fE4+RK;DBYhns|v1N;6NY^RY?xsQ&>!~fd%&`nYw~m z*L-`THK?VB(ZM|4sXHF>i{8VpuM_a(zGRMV$2?s;!Y9n__NSJ<3lVLejpNnXj~1($2lD??(;j8TcS;Fw}?gi)afh$t&^%3NaVgR~1{5 zQT6T)P*VQ8gk*EMxCY2&7ME(;6zCfsO-zfbZCXov;uy$np{!sgJ9YeE@Fp;97wFFA zYZh<>iz5bnH5e_J171lDcu5rOKEE4fqMb2-!vk9s6JGDRO$hVa0C$glhEV~`I?fw- z@jss5HV?{OX>iwmt11X&Ln3mX zFhf|9#1Q^dLlH&H6s>6F+-@gnNBFpkNyVZKCY+42Z3F8g65HBsI!UDfa0OS;3zW@w^r!-Nx#2pK`~7opO@qD(9a zHp+p+b~dccRXC=QuPs+RRP4v7pf=<|0|R5HG%5YPrJHwzvoH@Ri&%Pa7T&y*#bLoj zwMqDJT~)OQEiZ;dlcGAPwOuK|tAVg5p}Y0aRTYO$OzRWxyzS!eqYai#_q(?H=$c}c znAQ3{a53wsTwL7oco_9%k`#5qlS%rg$}!F_M$?5d_1)86hgD6q1xy-$bM5|C6dGKo zBTg^K&6PHQ{q71pE}v2++AYrId{Z_fI_Maw`7TE}JGwIX647#Yre%rhRLn(xW8ljW!)wczlL`tUNOaCCuYw@Uw$f6V^h^CTXimQ8N6HukGC2r zItDMkpEMZ3T!7Hon@UD;)ZBjSA)d=sj^Z*Bwf7qRfsJqEo*;NwS-1T2Q$&LO@Y*U` z6VjG1*Gz6BAf@7mz8K%AX|GT}8l9r02YWjFuRFEuJeIK^xJ;zdB$bXGZ@9>#Ti7|u z-ivT6LKUTBVc1U&E7HqV{SzPZA0RNUv-9P&0xJz-ADef$_aw!TPreN;+A7V<74Rnq zNGkcqV2tzX+91ZdVj>90K(4Yv+cU-UY$kZdCBp#KbOrh z?{xd3B6JQBOVs?{vmV5SMwWN3aat7RG@ZyqH|13(f{D@aLbqw*!U&z>5*UCS;IXgM zM7{xGSC2{X9O%XRtArmjXePt?UUPUjuKsFs4nJ}4G$gbZJ_&m?AxuBLcz&Q5bzqSN zn38x*2zTQlAYD6($v+eZ!#NCW#igAT$j05&RH%)t4aBrowi_fO?ni|vfIbE5A0+k^ z!|`Iw^s(Nnqti{@&Wi1A7ABj(Sva~d_Dq4t2~3MCBx)^H2J@v~h$d^bhWHR*jA%dS z&6(t$Plm_aI6oDMpxMY3i80TuW{*x-JhxDq-jaP21yjwkreF2o>KJbHCjC8aXu<3M zXnXy(L!#XO$`gBb@?%jbDXMFNA7t+t7uGFH9>6u3c2`LL1w$4!eXCbUw5%?FluqXnUbH%7bRdAU{3m^hB3xw1RdAa zwPwLqo$j34T+bESpq*J$4phE@C~t)w5E+PUtl2!ER@ zb4OGR$ObPW9h0-vtG*E&fpA&^+Gn;g2nR)+SJUM{rZ1$UZb%y10i$w3m4NkhV1ajC zIvWE#tx^WWLFF&NNuMQKkQ)HZ4Y)~X75f9&>n)}OxAFnz%_8OEU(e%$&?+BQo;P9i zbMCg_-p52?{E^L3EFijqtOGe35*W$cQSIK3nQX_lKNP6HV=MbEQ&#sUKu^G8bZSp8S$?Al=spC{0dLx4CO4p z!Mwa3#hIhP4az02$64=nsv;t`9x5yJ?=u& zfa!rKHuWVm*BF!F6SO_ngMh{C1rBKyxq=pX!7=F@vp#B7gm$vi4_zfzuS08bmV%7 zo0y3pf_lA3ZiWoB=$&uRanl-^wG}bB$k)Qwor~D0uO{nLz9wX|kE#sfWC&~u4~FzP z42@i;1#W{Ew$So~K!x-(8Tk+lAfBA(|5Ji-{!iFO0&N+CKavQ zplV(utXxn)RZK)|EPqG!O||n~3{q#KP_ES|KRK(kr+*DI)V*B^->4e>>;x-OP%u=3 zO-`EQR+9$rJY=;cx(8rS@1A3+=R3;xi;HlHqlzp8AX5lg=Xpn_*&D_0E5oJ4sMqBe zaeQ)oOcXPjelsZ`gdGW*+{)>>^%JUnwFON4S#i_ znZHeT@_bDsG_+>+e66QR{@b#Z7m6;=LOT?2-7Cl~)*^V){B}TPuvCES{UXK~%THfW zINsKBnjLLHo_PA-{v?eQJ4*;Lww*mZ$&6-t_;15YE$*Su{k-NK`svK(*E?%hu1l2# zqz0)7CpkKnEvRH!+Yi>Q6Vdnj3;DsV@MAHv1rKfWJHsi^+ovJP05lU z4|JPrO!MxVa9z_Xf4gK(Ha-pXgby|Fg(U&qX=!VB~`(s!1 z4>wMLs7uMaz$%(w??P;oC{!sUP~0W%Kqxq4iUHXSxwg+YfztRf7PTJ_YHR_QkEOM# zi{bC6pB6kCbu1C^8`2)1XVFEUoJCVJ?~m?A{EEk_$i^>JbkUiJdempW*g+ONcoIx& zJp1!GOANDh92X(y)di7FHW|6s>kI)aj+yh#Gztx&c4^n;S{d2bvA+HUG8cmY+)Utb-5Y!$==}yN!ok$9Pkp{B z;oM5rv*yVm?F!({g-+@nYF(8o7amT{JOUL8hjv$l`O^I6O@rz$zuuywTguhF-p7Bj zB&Qf#Rn``>CDQ-fFdJu6w@(=cFz-x4SvMI8b%M}#DW;ff7Ss>}?eDqPytxJg?56i_ z-qC%Pn=JWg0$b8s}HX=NgzZNDNFsM;kdjx!6j8$wJPG|pE6 zWbL-V;`hy1{K)_-BcrM;1bR6HNu_UA$04VB~+zz1L*e0l@AUM{5MGe-&*OtXB&hE$wicQ z9xV689ZyrgnGQsY+InN?XzA?)dL6o#2()EJ62_g_b$pq;;LaT4{IjdXLAU=T#13-W zV&Ee`QVn41@@|@9$Q|VI-MT=Vgy+*cWq5ob)w;Zb`t3GmoeSSCZw8)6ncU&Zd;R^4 z?=^4ab?-6X>D6*U2q?kG!E@Cwu_==A(*Qf0R18->se6Az!1DPf5&Gh(e>Yo{;%-76 zk6MBppSw8!%!E34+(*BFu~yq=K&upZaE$y@CBbDHg}ZJ0Tf}#95l;opsG1V58cc(E z0@ES@_>vNwqe60VE=bo@g}j$ys>lr|KrZMM6Dtcw%lkzDZ^>U#`pXnfYLjr~BR~Lq zY9XwV=eH=)0^3qmCaB9h}Zv|nZ1@_Ij1qS;( z?6*S6NV9`dM)v7fAuVRuJ^hC9{oR4jrW+R8ssH?q(Kbu z3#P%;9)TRRc`CB2hC14r)ql!1#-5q%jY=vb=7wfEh&#R+;7!|@XzlQnAFum*F}q=O zbaXfMv#K|0;&%37uPGU2a^$6?9ty4$onCcfNgLN-?4`(hcQ)RkpPxg~%|wt+VXq8_ zev2pk@ZK{I683MAdvA}7wmJC&gI28mK02%zUUhLD#{ilh%(djulzmGSGo>r_FE1jd zjK8RIXyZM?EyBn(ITZaCv!6KrK#LidrcYSc_U8+2jkb2LVabNWE&2P0q08B=vU4uZRieEYe`^e0J&$YSY^f+;)dkrbGS78SFa6r!|2HqVF^IGO2zR#_IssyN_r(jnF6_!`WNzoA3SCt$V~a zLbO^+?iksnbjw`MFo-tka=&oN_(x)e0r*x&E%X~vX%r6@7xlYjGa9^|-ZEE#Q!%T$4tD&KS32SyC09{rye!KTtIlwA*?yM3-yj zSwR{49#+Mc&r@;e(&CnRa9c}JCV1pHtuR0D8;ztjRNGnGu4T1(NYqKAy=r}%(27m+nh8ocvQ?m=-=HbqpH+4)1erMK6?&JY6;kW)+l zNVg-%9UM@eL1ulosi#08rhI*nq@nEcFLPYG72@2u!W3hYMpWDbMjwRXa}T>CJjY}= z{d&>!#l{5%I4VkXc7qwj66T59^8RRe!pm{rtXij--wf6%L=N!x5B2wq5<#*{dm~l z?&;L?@W`@UIFC+AZ7i)+fN+o-YYIbMB2m`5c;|j1(vWyiXIA)NA_xag9Xv605vN?I zt{EjtId2eAgQt;~2UCqLN-I;Kv9M?7`wNz?-9Agw4z4vdBdko>Qae@VS90wz1IYSH z8Xwk^OTgeAd)ik*bIi?!eFH0Wf#=meTJSfSZ#=}yJq;SD_rLti=mKf-hZ-io!R?|n21iRC=+>CY=TTOn?Z!vFSeolM z-d8}foEDTkd_ej~PV}LT=4AgCyVnn&)#kfUI`1;57SAQc}ywmUI_g6TZsXopt>>oXEz$fAZ`8pmw`c^a3ci@qG#(3R-W1q zioDY2?T=QiD=azdCqV&?nQRVa72i{&dlLm2Fj2n#fXVs|_gXxrcS7cC9=miK8FA9T zyUVYX<}!obkYYwxCH^v1HDm}UHvWOf9%tx47`)^w&b3e$oj*eL@RL$8iMUTE;{FVP z9h1d+PDcJ{0?qCtkI3IJ>-Nt|QwjBy9m%DT+2`WN)z9GefgDDFCvIUm#Bv{o=yCy4 zgI2LoEUkl1{G%c0*4s%BhQh`us>4#nErd2_j(bX zwI`Jf+KENvRH$dXIGe8x(BnRp$b9l}7$HZ>OKKO~SG@PZg_ztWj|}&3AX($u+DGbX zA!yMy91rtWI&BiXBI~vgG3w~*80%Xuf9rQRhR_+ft0bhT5S7)v^3R_?C!Z7eQV@2Z z+wIPF$Ps~crzA%uB`nQW&TO(X8U-4f>BY9A0p3#q`biQ(C#{R?IspdU<>D%=$^}_dO2M zgv;{-?tcju)&d_LPRRwE7Em~2YJc14R8h@zDd?$EuNw%(Efvvv?}xzj)Gujc=&FUa z>;i};i6?N^VfZd*VeW+KuF(UVcOn6)cq$JzfxM~a?lHb|2yBrdS$>{lM1V-aDiT!s zQ4jd7KE>SNm8W*&7Yt0|{A2QWOP6iO!LjU<)V~KkBYy(w*^B6IO=nqzjSldwCuLKH zatxu!F^)JZ{O?m6CdWXJg_0JP|FWP#qt=$1dpE%fu9bgWRpHuF5J;(_WJ%f`zO5(B zJOJ00b$7)(6!Q=lNbpxP0e8m(*XWG|Pr}{jp}!0MoHIj$()UD+wVR;>Z@9EoE(`L( z7ASk6iCaNIBe=F+U0g5v%8ao4PhSuv4;48XLk@kT^W@H9WIn+bGQY)>^hcy=yQ63p zY>c?c;91=#Sweo-!U=2(Ai%arl(9MOo(vD|CRkgb9A;uoqeCBsI~k+U_?&QoK(-JC z&uu++Hf7@z(fbA@?6DU+Y@b5PAE+m$rJYf6Olm-1dN9*y) z43~5_KxV%!Jtf&B?>EQuXmv_sBK&uY7SR4i_+udF$QD(k$E>dsrOgTu2EuG1-d8*! z64pyP-%K2(80b-HM9xzIPIt(5;w!{2il>R|&8%knskPj%la5=)KpVI%bJ#V7z%j=h zat1ew`CyKgfl;Ems1+$GR3Jeo}sDH*nK*=po27izZzwFU3ZAo>l-5;4G9B_ z$==r>rHmlwp?yR3i1_z-pF-LEDACct{+;}{^VvE-Q`}x`^nW@zJiLg(Zc+)4Xl$b{ zIypxCnwSQb=m*4vqM;=nn|T#zJ@kP6!+BQ=N%)LonIoD}*vE|RlyC=VX@KKA%F#wQ zECC3!5;r}2_6#UkqVAjOoO-+_#WZN+hNg%+i*H)EY;^@upjx5oZ$y6VJ}vELSy@%g z{3+ovna32y8{!{|jcRmqu9);Na0W`XOcQt8=&uO_4Nk+xr{d(t*SUe(O3~=E70yko zYc!nS4F!<07Z^L7K)Yra(pWHX|UL)naKkC;_?qH%(TPwLwiGTcj z#qXJvhgnOkrfa+8M8A<2cFKz2{D#OKLxY2S2(qk){wD>U8I!#VmrQt-XPb2hw0zF2Owv~%7_ zKsT@-r7$54Z*n8V8tUZJyD&VSqazdpT|zLB@2&GGVm_Fe<||~1@LAS-R!?KkbM`p1 zea(2^x@uB0Q}p`r#~)9I5e2YmdG<%s#1^0Fs1o2W+P)DoSu$R^%Az^Dv)&F3D-K47 zd&@MvGp(w5y3V0C4|D_h z{t|{|ViS^G=Y6z~jkaLhVfGg%GtfG&kyC!lVlq)`rm{@LGqzc>I-i;BXnE5dPd)V% z&H@dq4YYHrk0X9Z(h;A3|4mntg*9NZx4g!$ds(J_4}UY|$G*{>ci!p!#9HI~vbiI& zw{PDF-@&xHr48`gJuFe~pCpEw4Cn^1L^PV_mpVCu*-Lz97zG4WG@&qWT=~S0lV)+o zb=FzOue8cG$I38%G6c_!lu5jM?y+?0o>d)DT zF{bPiP{HXplGNVoe(PuE57_s}^fqqzM#!G6soBDcRdo3-FckfsnfxlkGpd|q9`Y~@ zrmS_{j*E4#O_LQgt4j*Z9Y$ac*5si-$x>3<@{PEroww>miQb)JyS~HM?0iQTB)&nY<@=AEua(=DEvvI*i1Gz+y1e+!{1X}CO zXNIT=&qN7KN6lOJV6HEt*?p}j8vOd#zxJ66Gv2y_v?zstpZX=?V(O>Ma9Y46XfMW1 zYhr!GKqYogX`%o`cBG%-!*q*5CS!k*;l~PIZAtC@pekl8#q;u*s5*dw* zb=FyDx$CdL-q#Uv{OPB3^((_`LCU@Nrqe*XM?{vGvc#_2p-L B{1|F+dAQbWABw z{EIE6s(3DRuP{g=1}Pt|5lnZh`& zaIlQV#)wB8aYS+tHFj>Xm1nRLATp$BmL38Gbok(Y?$vG9b^G@1<|b-Ol=+HR@9>#- z(1L#YtDu@8fX^1dFI#7j`|J9v`NkD8RBEPT1sK+MQ`N>@b=6hwgcD9k?nRf2CXb4R zhEc8A?qsg}#W{Iqaz^ISYk$$SKWGiakzRW=V%$={Nn-__$oYwhDcwsc2+IVtyr&~t z;nj%a7a1fIa!uyTq}h3fzv>e5E%KTf=QS1n)1uGPRjdPVt?yQXEzr(}>vZYpF4=H( zckPCCUb~|W2MRPbEkwI_Ry+auH!7$$u4(Tc-*RntSY1E2MUT#2ylC}kreb|JTGQ#V zxc1s>of_YK)hAa?j;B^=YFz<$`st_p9uEqS)WSRU+DE8qegHP+1^N6V@w;LuQ4%H2 z8}&E(O&T*`E8$pX2jbem?{5_Qr#|zYa4_N7U+uEXF7ulza<4w1^9+#l9A@n}4TW_R zCQRUwuY+1QTk5)WGZ$+kMS;D87BJj0BIa5EyZ;s*# z$WI^K*WLDmA#Tf_UG(t+w@3vRQ6O6(PPh~X+=DWGJMW;hKY$rA(8B(*co*?FF<46oNhgg>O$BsI=fLo!G}F=-+NL;ggKIjt zbJneOw{1LF4Ta@yvH;XiraW4+IZ+2ihc<;tieFDHHh1r4Yr5ms8tD2~xAO&;lJmV5 zSKQ^yuhGXEZ&ZggsKwD&4n={ROBxNd@4ox4-)f1Sa-xl#_`$aT==E7`xr9?BH-H>W z!MBS6`8VNplWB8>|NZyjq6w&7V}+T`tV0{vQqY)~6byjfGFrNLlEGlyPzR;KiFZt+ zo9S-vE@o455ir(kZjlhtK>**ie^2+O>h34j_I8t00H8Go=svlnsi}_&o&^FfZ3;)P zx{CYv*6X^R`gHgGL=;x#B!mQoL?PBwS{ylOuD*Ndp@-Z72OQv^A}1>#&3&dL?(v7+ zc4(!CkZHPa3D9k`jZA))@ENAMeX@&mPRTZ3OwFxHL9XzV5#zimsL@&@$sE}-nVIlf zyudyEbaXwx%%U-{TcH5xAx!s5f#2>gRve;VoOU?0-y#(NwVkTn$wLOYyEj|I)oFjE ziMrQQ4!Q!QCLnAPwD`B7Nq*x-b?(fetGU%WwfFHQ9Tv4{3<3F6b#bw89bJ&t3z09# zNwR&f2OoUUJ^AF5z5qpQ+kM;^;lF8gleaxW8zpCg9sUgD|=f2{;+swhkf z1CHjElEej|Q|f0T%OC*tXFvOyH{r=t+1|rX+*t->Cl}U$XNac8*}L+NOls2l(~Fj9 zFE#b~%B}G2iG%|fw0osacJ9-|J-pRWUk9ceZk96eKxubt&4ARn8pR1Meo+7J z>M2;y?XEV3_5wcfB)-Jkh_p~ocbz)B?*wv)?#kVF-`$@V0&7G-PAG;JsW2MQp}jjnb>N48u$J3M z8gzoRdsjWD-@24UywKuPRlv;D*ZA|gtGe^ot8+utQ-GO{^-*6G$|__7%$wt*r*-uF zo_Aan0&?ELWY;iPr`3DBpVas3`+g>O99m)PUn=bn`4u2z{CqCnS&SJ7=y?V=8%mew z8Y6O+V@HL7*>%an#;ik2|5^>@>iZRocKh~%tdQ#T=)ssdVkhaR2Wb3aOBb$e8Qo4~B{sO&W}9t1zzYF+)PKzNTh&_6#3D1xqtES}aOx`r z%uSJxfS7U_P`@JHN&Fu%p9b(ZE08NbX_X82OHC#SOm|G4k`b8z0=#ApW(&*;1ZJe| zw%cxgpa%fX^?d_7;bFEsqkR3SoD;g3TGx@$I(CDE-$8a%TWPlk^rvxGGkv|Y)D zY*?cB>)l)mRqr_RW3vD1tFOH5*ew;mvdKPEK@jo27^l8@LLLF~d&EBxPYkcq55d&K zrlzLS=$6k}VB-By2$?I;4V08+mRvF)ZZO%YUqf1^DCnhQAF|MR;_JwcW2) z@8`O=tMpo&2BGT&qRv5T}KfEm7!7>RM39@6h5UdrRdZHGX$mV>d=Y(sTXai}w z?e;&w&HM6GS60dRvD}ht+MPzQp6#mKAsU7Dj2i3q?yWv*-D9D$LWa>Y_=Q0_w5p$` z!7q1hImB(fN>^>%7`UYXE?H%MF$QgI}aRHTY!> z-|*L`eK`0 zWr172Ye#qS2CKV&Y*0(dO8yYBMCjId?>q}0?vN2q+9G2&OnkO?|*Rm9(hns;O-E$Qt3@sEEL)C%9Na~D5^ zY8gN;V!H4PX1;rk2DqTH_ZieD8NwE7P2Z(oPuELh=&9dB#SA|gP@X4NNV5Ev7J78d zObY>$pHw9N7e=J0+0Zlx8l8gQ%*8?y zO<}>Jgb-ul>F3SWglA1TX!&xKLvfG}VAWgZ!TZ_ldG0g;`ga2Pd}V&>=u9yM?DtKc z>4v@fiMwaqcW%~_rGA16aVe^x@i0$%_~D1$efQnxXQt)aXPy#-KCe&3ECHQ*G!=a& zmoN|ukQz_{GI=dE$z1b6a0eYLKHr}u6k)CfMfghdJTwQOBWU6=Tg+;ikbysORis~l z-jI4a(V&nZLt?`J{qKKwT6Q?+*!2p5uC3V>{8C#EShr=B_0$pEsPpvC!c?F8OYnh|&L zr(@kwACC4yV<~A`*lC1|5?yP{BxMHHJT_&v+v&AW-OV!br!QXOs@3%dB@|=yt>T{} zJ1ig;iLjYz+HShw0WZirEWD>_k9&qxla~NCV~H*kZy`QR%*-;LQ_Aw3JVwGP58n~* zC}!MkLKrJ+em!crWQl6(6d-&)5a!lMF_e;36E_R}HFLe8rn`kt=3-rU=<>@i_Zc@Q z6TVvyH!a6uofeiI5eQ%e;0Wy5$ur!RFMr~$8#mRDcEf~cVoH4k_?ex?EVV9jd*){o z+;89e(!DipwzpKOi3~OpL4$-n%VA|XP)uPHe(qTXtMi2U-%6)8uC5(2Eut+2z07`Q9>F3o_qx0q0!>U#8-(g75`m4Qfzf}tjHXtD3>jW zN&=<=({HBwQ+gj$%1Y(}y<71$)94M!SS$J{Feu}~Ypu1G`}xm*?mqkMGp`xz3!|dE z!fiBYpqoDP+ngH&$#sB^x^%ff_}ZMsZvT(QyUV}+*7a4v(Mk9Hxb@V?Ww|D2k6*gn z_18ud-DJI<^U;@Xy{F%DFMT)N1(oexd-+Yc#me<)azKtH#DW}XacyVa;1O;38(IW( zXrv?Z6@Z5f^qB3&+$(BcBcSF+%?aq_DN0@@Hs28niVskVMN`u1^?g~WLU zrUk$01^8yh3^!Bf|9b2(clW*by1n22!d>$CYi@E->8iEjD;cD~AoS+{xUb@$v52F z2OQ|0(V~^Zw1UeQlfQM$swoQ|UynzWS=$Rcqw!x9`606YU!}^~j^#`cJ*# zp8a-)TUJ%AzIROI!b@C0PT{9rXZ;de6p-~5h6SXjJZxb7xPW)t%qy95TjPrXMMM53 z2i_`%xYrOeKdBf`5h%-~1=wk|A%3p#E~Yw~of%jA@4tV&CVYj)a1T-+{5-u~-{KQQ z7N#Y9L1neO<*nD&)@0~B)S&zNy#xJjM?X^MhqV5`4axXeE1i%U)shxK7#gD#;`h@ zZZ(|Dgr}Pby5y2eRu~J(7I+x1 z2lIt$B4MBb5PtBB!1VB_v2N>U-*#J`f4-ag^pkFDnd%U3H2TXI8faw-l#4IE*sp2F zgqze2Bm7H|ALiAwa|-m)M;|%u6`w4COzWCSO<039PT=}0|Lh*s`s}~@-%NL+wELG! z%3V7(3i{I5A|DAOdWs+T#|8`|MvU-}SnJ*jy{Owl&qK3)meQ`GF{b(?P?8K^UtoFM zH(=kWcW5gjU)jBE-rx=`&O2ttouu;t;?KkY#xTZZQ3;JpEBt{69_T**{PU!iv_KeZ z&R~K0Y83SAy8{MYx0ew@3^-t|<28NdKEQ803kEu2q1^;Ey6 z9h#jbk!xydET|QZfSmo|*e(k5dHwa*_x=Jz^VeSB8YYaYs&;MY* zdCNWg*(YwHTIQ?0cE{wmH`5>4t%ZK`LT09=_c3|bH?HbxiW)i@XcbdE5@@bKM;jBj z&&9WeakqxL@G|YeKt4-PFA?u1rrV{9_;)hj0s4|+Y83gm0-<4SOgq|k&YU?bG(1&n z%jFq*W4=bDK~(^%s=a&W+nL@(?tbD)ZrqqLZn)~=6#_qTO$SEqC4gAvjydKScem=) z8X4yASucPAxVE;|gM5b_cJRBW0Cw}&N1~n|!k~bG2d%oAyGjw9j2D~ zPZyQ>fe;|<&l&D`rkIH`cZ;Dzl_>`4I3+aqN|qro;n7}fE@)%n4Rq}VbZFV~Wv-(d z=O&l6a~D7Mn%n=K|G5XH`L4d~Qa4Dg=>{;sRv#G7 zau&*9*OZ%YzS*&SaxNgZFo`$JJ9H23w9`)Ro7Y}(TU~ge+xEG)-JS2e;pVB)u)IAZ z=@Zopj#M$2v;U_*{fSG*9`qq7{dJLk4Cr5LM;AS;NwvT9q!>)3_dH4>K6wvBDlv$7BUf6(RZn;%-LVK|_6O%UBR>%O$^2KiT zHQe~`Cb~B?^mM}~Uw0D@I>>#l!8ZHsy|>@1&9tEv4w)i{8vqUc~=K!Xk^T zu@1`w+(QvI$;r)Kop;{Zsp{ambm`)HtE=jeTkdyvXv*l# zx83GOoOYV)+pk{|uvRGK8VdtEN9yAHsz02WVXwdbx^J0hfC`Owg@WATf&Z}iQ(If> zj@^4N*Is7%Y!xCS1b*9K@@s8H#oqC_DP*3xg_-FnpfA^0fN~8|Vl?GzVicEIb(vmm zbI(ee*^4Ai`*>H#zmvtL>Fe{}3IYJXv-m}^)Tn!1nY2!sV~H|-m96Zm`z0el0k{Di zX7jIp^(!A1Chhz0zwi1Ae5=cph73IZqQD8GE%k3as{t+(EK zD+LQ^iV1{N|5C44ia-NyME$nHDjLiD}ra-x8tNqlYBLX zYkSZ9Dd4E2`8qnS?PJ6Dv*n8df@vMEv;?3dY5RcJ>wL60Tgi>3Vs$mleO6VPC2ex0 zjx@#rcJq^4B_lF4jepF$zW@IFlLKkc^hL<*^~T%$wqv~xi|_!zp{W7&Ew|j_eN5ee zVTLBp0Q4`u_`)A40C}e&M7W}P8Z1L&E7U08G!azG`fZq`8!xS<)oES*OBgI*&P1lw zx09oNaj3dEU2U%lcxB3HMIG;s|Md|7K!Y<#<{albWC2sroJYp?kY7#ML! z;l_Om8oK;w{ikbh=+L2lbRJb1sx&;$w=fC|79BjU7idVZwYs+kah4^uRI4*Gu8Yjd`8wW;Hfb!4uJC+D2I#cHL#zwW>Zir3uX<0L=!e3JbTAW+ z1~`ZYNYZN{{_eZ)oYr&mRTxI@ZLq-x{+jvw4DvCzxh4UB0Xg4MG%xH!=RDTvNFfci zB%t#VG1-}gc2SrXt}}gHo>M?u{_AbtgN;VdrRZkho)*8sn?|bgK z$M-JSFjv#kXzgj!rg@O#7En_V&<)2>Va#~|Pr+veLoRXw=waXd)Lh)RbvG>u=zJ^F z>hzC48-6^y7hbM(u!7)tJ?W_W90PDBqluKU?Ab~$mFfms2owIuBad_+eDHzK+%46F zw|LtI3}|Y))&L=(rCSXU8z^~(b_e``p0WA#LNK-fcg(7zAjpOA6aPfxL-*OLa=Cch zYTdLnpaV=aG4uzqU1tI;?#VrCh<~G2Z#2M^Ff;0q=~cNbGLezZgg@t;b9^f_nZB{( z(a>ZOU*bJ`_H4g6CjMz4k~gPKb5k#8-2KKIZ|t==gLoLR2dDwOX?JGcq1_o=G+8~`y>xS#jLZXICspd|JnP-NxA!|+d=UV z8`m*YZsr+jog=OBqK>oBs>KF?{LPsFhMDjqMvU-_Gmy~>jZ^f!7hZV556-#z>Z^UL zHlU0?&pDE59O4i0WD!jEi-*wGq=)+)8RrgQse^M(V;o075BQlEkG7|~jn#5SjT+_a z=Uk)xv&EJ4sPHh2Ze43J(9?V`y9HQUD)C_fFkNkXihGNxi>E8R?EX#4aCgbg=F%qH zlRGoaR%z%{SlNYcn!B&+{eT0pvUGxTAaV#TVU^Pd@3py_j0c z$}WZan;H+oc}%Ouvgid%QH70SKF)NP&6+jKt-0o!9<*p{>gr~e19r|S4Cr#BFo3C1 z(e;)Mc8nLUw=m46wu0^SD9Lk;nl_swLde!b5= z`?$KgI`1d2J%-2vcD@7ka=@MsVIioXoUV6l!HIlc zZ*y*2GSK;0i5%wKy*htH3~=q9PCXg$>A3zlyf=o7BFbNFh8`5_Ks;>ur{8OuCje=P z36GY90NaNje(2B9<_#tMBVJe`Y%U4W&_?_LFT}B*rrV;;G0$mT2go$E;g-fXOn&O- z)Yqv#p_M5p@+^dG!HF3PmI55I@0_@be^-z|OE%ptA*6wi%$CcCh}($)yJ>3*Ge*Q6 zEw&cgPRdxvQjergC~7jm0}jAbS6AmojvVReYGQK(?vwcqL_{(h;g%`@8k{xSAWZDd zHrvdf=i`@uA@XB!A&y5MeYCG;0CKyJ-^MIbX&Wcfs?Oq&JOkLggZ3uPnE6znte}eo zm+@2u&T{!%u0nB)3bq?m-!J~E78zsE@*cKyjgG{re*<>v>ZuKLrrqz*vyVb|uDZH< zq0VQcZJG;V!eee9d+f39op;{x(E>!d5shDIx!DUW+VjH!;s=05ds2q4qDz%_B8VGhPG8Y3~`3yB*Ag=mJ_08FEE9aB9L z@an9dXD#WrA>s-}dLQxHVr+BL$B@};#E{qA%5?LTAtwpwU38Ckn@pnFx8DP-?5bFO9$kn zi$*w(SWz_2K|I6ne1WcT^@{)GGvy5@M9>O#oyL?Zf!3hWNfRF#txlcoY%yf$p#F|F zC#_x$XcQK!#C{#tFRhT!t)?SDgH~kV$6E1P$+llzz zP;1G@iPV(fw>1d}5R;=H6w~kq@GsC(o$E7m_aGrvl72R*8t=cNDOqLHJ!RP zpr+59fiRfu0GUDnQ=ezt1N5BpzWMC~$m2)v(c)f?KO!3}lZOv&(A z{-=1N7;syu&pCy_#>#L%ktPb%uw>xZ?WQL*CIe|`;YRy0CEB}h;u9eTH!JAX@EoH zb6qGA2bt|<;Y>FgSw9v>zi**lx9ay=OJiL0BPA-P&fO5+L@n7pZW-Vw)1ahGqs2=r zxtCC1xM&6hh%n(#I_V@2blVJ(jGl>XWSqI71)qLz8s`kW_N=}m?$Ek)ja_jC?VHZO zkGudiGu8kt{pB>WQ7{2utPzfoX>~L^_igS=jseZ zz^S>)uBoHXCi68%B3@>~vkNIL*nlq^NQyZ!j@fls2CR37sT^uk4{~HiBOHC?5CsX1 zYyh8oHhT>dACn$tiEYwQ43d0kXEC4`!^>9fM{%UyJVgYc4b;&X`g>{^VnWPJfTIko zLprC?*BbvEtxi`K>%s##2(V>}tBs7Kphz7Vm(3c$f8N6#bH~{T0-AptA)Nn;SxmjHAH}$_8}&MdPA{*}@5;-y0e6 zF0Jp3x&!=ZaI0%mUuUsLy3ugQGg{)QztaGR`A(~Rrg;0na{ICAsj~%i#z;WTuar*2 ztJ(avMW9DB#Z2m*MaqCB`KW-*#;UXUVtpn&03#h}*+NIgnH>K8?|-|iuDZ&%4cNdK z3LI8{sjI8=jcnYf)t!buR(1u{Xm&>9;g+s8G(1E>Q!JAm|0sw=->N|ICtSpoSpsbl z=t#s`w7#M4X&F4TsG8;}048H^z4g}al~-PIH{EoTkB9*~8Y{bpMg@?j$w?p2G7%;_ zV8k?M7%o~EGTES+G09Cc(-=p*Fv$szp{@*?fiUOM{0ze_rpfL-*H1WDW{Rfu#y~fr zWI48Vpnnne$7T^z(?2Gjj7meRXBtRjUQ$R@ms?I~ec~`+PewbSaY~UPizznZN1;S3 zJPTB?pacY%4XA~LXW*p!>#VcR@?Kz~r}_z~Y0>}x_RcQWj_a!9_rsWywonHvAtX&K zMWt0L1QLP=J_>>dgcOMqkv^ab2x=cvRU!m6Q6xT+NI~HRR3Sp6m{2JXAd>n4iN1wY zRw+bvD|kVTQ`@l}J9g597}u^r_PzXnbLM~VzWdJ1nK@rR=givDK5Or_*Zx|w|FhQY z`8aI4@#w3|0spB}r;0L80GtTeamTWAojze}&iMQ;x_8|Bx`sO)?qz&nri}u;A$J9! z3qWgHl<<54Xw$}Zkpb+yU;gmJ4;Pzd{0BLp8}&rxde1%gTyaU@H`CI|(LNydizs{) zk_ThBT?VMJ+_>m?9qhnUhDD#o36!z;8oeCj+#j=4m)9%Z>$9O;%>R+%FO&=CdL4sK z{Q@Q|CE=lm9@=u@ZDG4KW@~%o$dQ!?9(bU5`-~GwRiJ&m2SCj|bY4&aTb2U}w`wa9|y*JHu-Z2)pEYN&D3tM^E248gHtFgQz&KF+^U4ZUp4;?zR z!lSOZ>~+@MvZnNd&U_CY;Byb12WfEOM;V9P9zr+iS3u|W;{f^)Wu?V^2D;ze`wp() zFiVyyZ64BqiA^)YgAYDf+_%PEZZi*Lu#Q}7-*?}A#ZzpfT)xl_mk~U}&KGC>zWFru z!=;M?PsADM)9h|(+U_gRIe>Q6FY)X)3y8(PNC69sCFYs-r=Nbhm;+#MvZ$0HlfIe8 zHTEb#FO;bE2mrpR-$H229~~ccQS^6Fo`Zqz<2YvP%U!+CK=+Y7Ujlt0b>Urj{;=`z z;lst8+5nEvRq=2PACt)MnOiYkXq!H}w3o}$J}2U`pYQ6qdp-vip``{Ea&fnuTU)VX zEOad(bg^*O0rwdfp8MSVj~lnQ>Rfoc?0njZmtWW&FJ0lby1H(1CCGgbox3H3g*;}1 zq0jcW&psB{A0!++c(AZ~xeL$y;Nha<<`ei>qbA$dE^3pvMO%I_kO4Krd9KC%(9?#&_O3s&2l-IZ@%lv$1yn{r4BQyKr}L z*X^?7*7F~4+ycuj{(Q}5_h@{5Ufu!>i@sY$jhx;CUDvj}>i8xLXp!A_fPf3nyWzO- zPd)Wi0dN3KB=CGZ?~vbh*Ik8d!CaspT=&uo35(wGxb+_B+L*$Wp8zBR%fhUN3G952h@IO=Ex##N;Ms0 z+;m<*;Y~CCCmna4e@@}Q%n3Z6x+pvC**rO3tL4}Y^u>DcA)C-FvweMg%{ul%IgORm zBHFZ@Yk@_hcHwyroo~$XRvI6I;A0hhGMafJvxotZ%c}F%O*|~q@c{N6=vG&;87H@J zT^3JkX>&1=;Ms@*X#NY0*I5bt0mGtuE#>%m5$Suyq~fQw2Ko+kzsT~M7SX$kACTtY zEj-YZOkuVeECv*>#c z>3qtKxbNsowFY`x9O(uPghd}bFO7=MbL+-nZ_rs3T^|h;@1m>gx6AHvVsBtVx%U-%vO?I|rss@#ZME1&2y(8KlWaCigg+qcqQD;H7#y~6^U zl_(Zn&$;taNbaLY=%|4J`u2tnmg2jmd)QHpAwFdd_@j{QwsVJs5Egx)hgQD<^ioaw zqA4F7JX2crSVXOs&+LTCO;Ug!7JUS@2hdB)p!c`|`dKV`Y{reSlBQTi$HR9+uIS%f z4fHq}chGqNy;N5Dx~l)op@RxTbOsvmJ@iZOD$Jn2rRySqKCtM%Cwr!R%rdOSoGtZo z@5Fzs$mrr2bvQ-=^ntRx)BXn6=-f;1pu-TIvIe+5FM%HKp^vER0Qx|2whpiB={R1V zSdZ)U5m(fds%7`kr_{^xHXA@699skZoF1C_o}YJ*$6>Gk!q-bVo0l$KTIF9_75=Ln zQFvS(4^04lps)hyH{5W;ab>lp-sU3>SC{F{ua4_tF2wPw_zaf*BW_KH;~D*3^WcN@ zaedzT_;?elbHydBz_ZjB^|6K{dTsS*Wkqh%H{Un(!3ItOVL@hmzyyY0a^Bs>Mwy;6?xMoyq}%AnpzG^ zE|9Oi^2#fK`Y#m!uV*pzeonjb`vvxJ z<#+3AVjMuO=V8`fef3q^{3AtxP6&_>^f2;o0KHmuzAj&vD}Q|d{{1iLZ+br@SNMVa8?Jn{-bUsc6-OGS)B0_e@!1MusYFJI=9qyHdR{)%0BUB~0f za}7z1Fop&M@@vxTI)4|X@EOI=m(9h-Td9a~NdSGg1`DuD4EnG77nCD%<$po<+xN-3 zZ}J&sg}DX0K*adwHUM&YO6w<1oM4RiD}F%{D^5V?5hkF40D3zmvfx0>nymV(0{A~_ zS9pgjPg%RBW+Np4X{ehUy8p~yGAYnxfLyoC*7ZUW|Gx6Oiq9(g%oHG(GA0!Q z=-o8Q;@hKL`3s`B@~d(=e^EeM6Zq$1R~~>XZs_*lnm&uXcJ}PqRsAIs@!GsxYG{1C z3ViMS`Sa_iPMzXk6F-SQ6@9V{kV_ep3<31++T<1wdSfwuMIisWc8WiSE3fPJYucs9 zBH1b_Ih$aBYd>L4f2_E6^5n^@8q+g+LFb=zGWw|Q8oXbZ8LNBu?k&E4sZq^*jA#Oo z>jZiA%{SlNbNck@OVZzODgPxES*HPV6gA-xKp#z^EJlEWD}PkG@P}kUKdfub9~0PT zx+@RBWvMp=>Q#Yf?fCKID|)K$kjC~YMXq-bm*e|Bjqk?={Jrce2=E)KJJXYrL9P?g zo-=38T+m7J9*yVA=ur`!2FRs^X@mg!_*&hg>)`)>^wCHE{-u{*+9NQ1taRmZmFQCLe(*>4XmlAsf^moJsG=O}< zDaI)NuPgqsEc;L0cH3<$`aIKBPEH!9V4Q6ZrnX(Pld9UhxTIoN~_-?=D zmRlHS@gUHoPE2ZN1*Zm(>w0{TJPAO4x8}f!iU0i@26E5A$3;~ljG_S)7-3rjqv|8A z#{&Mp0|ySgN4Je0SNd~z+;PW>EIh9KI*Z@Ipf(jC__|H;|8K~V*0;=yh>I@E4Y-N8 z!&P}5fc%8UdymHZ9}=oN8SSWFk=a&WMPab&HL&9V z){8BDNgF-X$-oCVX#gAm35#{F;!`)?c;kM#@|$wyxxrn4LzZpD00zY50kXj0PbaBr z5x%D1e^WfI_=Y@&ughaNQIxE#yhjvpcLjmReT8;pX@5ff^8(2ybW&n>p39KJA_I7x zq(oMWJbahQYbkcpX@hbH(wfr-xA?S&a7^C9-P#}cmdY8gFCnOqkG;)2+Q@h)L8XE1 zBhycH44Z#mUX^FjHM*d(nzswUe=UICt^fAkl$GXRM>Yhk4Ou)qfU4k4GC=kT$-R&W zF%AGj-{UTNPExdYxukcC{=DK3D1K1!SIad0Y|TFfJ?=Sxhx#O-6G!o77`=)1vYs*c z4c+#8L-p$dIsou_7&f|tfBmf z`1DzLE*_)uO`#aS=JqYgzb3)=Dbl{@#fjyg75`3=KIxw_hq|=OO;b7Zf@T`1vnH8X zZ?XoKDHC@(rz}hs=Z&?v{YXm#eFM4| zOn&fFzSC9IJV1tZ!ovQ3*%;4jH-T@I+gD!XxY4u?06hjJCmvEDk!I7(YoxN@Atxy6 z)OjCn|Mw*Gj3S$KT#lgEJa}BR=X5Gl$4_N?o%TWOvl6_3P0fsUoU1*QTZ zYyvt9ltrJ0w2zdZrvW<6w@oR~5MI0o*@a79y9n zMVk5!&e!#2xuBT_+8o5J%2H>&s0_d+ic8CT>Mtwu07~6rR#6e$w)3XG_RSYBc_Qs{ zeG4VlwNuAel^r4PXGftj?vuV!pjXwSPmjNC|7m}$zf+3G6ulN{he&^pN)~A-!R3Qo z{0`NCl{-{$2?VMZqIpn9rs}jUG}Js(fWWP(#}&Dj{YgdS?5dh#ft^k%x8FXX2#8tG zw3~)BPdUemm|OHzF0J2`roE=X+;H0orq;!PJNTs?_>75Nb;d`YNE=S)lrnU2R`GL+ zuPff5NIS?jjn8Gw+i4{W{iS($5lRh=vPc$HdHGz^Jn6c~!lTSIm4nB%IU86%Q&Iqo zOG+f|yeWJZG_Sg{3;#EY?^h&HMtlETM!;}X@lO=Lt+-dwiy6vT(vauVGS@S&s=mvh zj1i0er;5LN3x7D4tfteP=w(H>ITOqKdY3 zL7ISUgbEEbEsP5Bg=Xb*bskz5S+qpTp#NoNZaWmb{mwB8`5^uw&2qb-~`0vt0FQ0-eXGJb2_C?(=O23jmwCUntS_mE4tw7omj)@&nkSN-spb*z(DG z@tJQqgV5#XJDTiicRHu^4=?3AZ|X5t?G_a$@Z)(_HIH4s1_D2&Ae&{9f?7nNzsGw`WrkUH%=@=oV8EhFtkpMx8oV_xPuP(t3`fE&NH8VH~d77buw@t9g+EVy(xm^8P8pavM!QOR9t zc!X4bz}e>2<uJNF6Y(dQ$A_utJ3DB)F3xa%ScBUK?8jPI*TL) zLRG#>g)F!f$jG>E%6Hp!lzMp?JO@}A5DEYQ0(nV9K~$I3<;~A&UN0}N%C`kfDn~!$ zQyy)nd8bX&a`T{h+PsvebxAvFoINwAmOUs?lsoS$G`8+h0<+8oYcUd6Ipq#q-nqNgz z9_ciXPU`Y$S)L|OaNR*}ci#Le*|cm@>0w~W%iHEHXUcd0(G13vy{5xwL-TPF1>!m-dyG!_V`nY@702ew2JZ-@J{yJkKMa^PD$L zWpbYLrtUw@r)if59io9@i)%>rg)Od|xA~?_aGbOil(x~t%lorz6F-$1H{ArHy0R*M z6E81w-qdq&-V}bCwpuA?{b%3dB z-~6U}Rb}uPTU8lt!cS$=H02I;^(k*EbN$}at_x(@6gF)Bd3l~s^)YIh+eqts@uob> z<+P1VUdQcw{>LWY^83RYz3I=|PhOcC{&96h>@Tm>>bc(--)t2!`Ds=)qs0e!aj&IV z>@8Wgd4a!{pW9H@K6Ur~#G=Ee?)m{UY^<0^P;Tbr#jld5R4u+T)BR{a)1JUr2Hyi; zpIv+}&1zX{WX|QFTT8wgzx=k$^nKv1xh5RyckgKwN6oT2z30QS+6hkOkFzZf*zDtr z-YU?&b?U5RLa$c$F&|0RoxMUvii5X>&53zo;{}Hd1rq^^xG%P{{gW4aJWpxa`RoS_ OK;Y@>=d#Wzp$PyGxPevx literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/secondary-container-intercept.png b/versioned_docs/version-2.21/images/secondary-container-intercept.png new file mode 100644 index 0000000000000000000000000000000000000000..e19a3059a0d686402598bb02f5601598b88cf5cc GIT binary patch literal 54941 zcmcG$Wmr|;7c~l^pok*UAxKC`ccZk@ND4@obc2+NG=hM1DIq1@4N6LPH`3kBJCDEr z`{{nUAMQOqJP)3;&)#dVHP@VDjxja?3UZS7(23BIkdW@ZkP=fuLPF_6LPD;*jSBCS z#0}qt|9F~-iYmMi6@6@DXKid|VT6Q48|D$lD}|znBiy!KVHq+x_Jk>z1hZ3F-r5-GpU(H=P zlU+|??kPU!PAoHH$qj#W*YB$sTe?HdeEMfnUqThf3?A&y5~dnD$5Qh(cLOzY&#!(m zQEsk0rfVp9QzHF1_eR8eddjTe<8RB#C~5Y(O>$JP9t)yt=j_JMT0|PLvg@`Q6hB5o zdNR@U8hf30;->2j0v4GLBwj@W(H&piVuj)LZ5-mW{^9 zc&kVwxkQY@T`!#>vh-ky4+4DX_CNJfR4@I7PZDz@2+49}_k6xxHaiNVem6j)pU6A+ z*rFOvq){H>oYq8?%D(%!v_#B+1zT0XLt7px~65Vz}kPnu*03xcXIEh&a{jrjMi zHX{Pwxnm=xVGnCJg7`rep^bNeH_;qk$cm$_px?TQ&VDEUECC7WG13dM=gKbQ8&l3M zI71UHyW3F~;j-l94kDP3KmCxxy&X0k^qyn&n-UJzEu0$^vSQCqUW5_R_489`KX_hs zaR1>dvIzQWdz}}-(G#lgcj)J?wD6;iO`MGPI*pyS1x>nHA5(-25q#Kquhw7R`ChW0 z&AB1%VSvBCf7*k4V#tLJjI+l5^&QV*{-B^nJ`+n~Cw*r7?NfZbCT~!)5)~I0m$RXv zp#(Q~IRPeS=%-*pc537H@aC1(RWk=0csV+j^78P+e3nSn_=}B&g>@<|A|fK=;J~4% zs3;~O(K20OOS!w$6H)8@<38dv+K zMsKu4Z7r>kPkw&PA)%ob$W){(kK;5aLdT^~ zTZ2>iU-*ejNECUTJ9(b1X2ckEL^ZcIHGOJoZuTI9FQM3oeb*3MY_Hu|S{i=J#I)5F z{zST^+8Bxw<^pC^CGpQRBKlKfkcR?Ca;}6%iA|gL(Vk zSa{IBiTh#@qP}K`(weGrw6_?^OXQUdA;}JgQAqKH$HcTnF>0P{Rc~)uOxKL9%+40@ z2ne`S*=WHCsGe{KHTVCv;5t4$Jak+c$xn9sOvLHnRRrH{yF1(Rnb`e!%K1(NwQS(6 zqnSDnx5qohBE|l$DbW-nlmb7mOKW4Jo_guqp-xd>4BNhMZxCO+@#V{xhF?B+Expk& zLu%}oyXOiD3d%o-LX_;KWX>%u9cdTpH?w_y#6LVVGNOhHp@0>J0}~RBSWqIS`1!`yGGp!vG*VGsY955 zF*-lmeDqnuKubjAm)u}K14U03b$53+yW8QK(dA-`8I}{X{SU5Oh5V2bcLLO(P>guD!4dQS! zu5Z+}w6v&A+P-{mhS1S^8O@X%=-*~<)E@rCVWpS6>+k*h_uY3I(J)AO9(d2Kx@)bC z+wUH7-J2ZlrIl$ zuBmG0rz}Bj_LdFrkx7KyV}AQ#+V9LhFS8gE(bauiX}@fIu+qoyx9BdMfo&d|F>Z%iTDD)`tO;u;psHP5IsCJgQ&oZI@% z-f~Y5Vm1bT$lk%gxT(7}SxF!6-{$qKIS_ZO)I8dL?w8Mule6(e-m z++o=nuj|^@Rx&RO&(~A9;$l}pfw)h7`%D+th8AD>FugAEhgje5mu6NhF;%Q`+WfOR zknu{ut0zg2!+aQnjEoGXud68lyKu~c{wFN>7eO~CF3a&nr3|@8!p_dewa>U<&QIlS zoSd#`A*w&DkK~sRXRAox!U}WP?)@%GMNJK{YT&goATON$Dnstmr%%0EuV^4PJ7EuH zDW#*k9dDK9AFt=vBhDE@!Yk4m@+eEYnhR!g*^kUqK@Ubv9n}1*#B3np-O2Wnx%95OKaOu$dF-T&fomaa`^9f%LTlnWD(;*a`y`1qBtOLBDWkzehNN zaYEA5O7VN4})O$o?d0Lel*X|x3W>Zz1COt{%&fC+2dD_J9ai6N{7LTpW)Yl8Lpe*(z zCzn}H*v&WH2_Y4H2}vI9KFK#oo<|KBUXI6kn&o-uOcZ-Kr50oTEat-u-1zv>xzEHA z`{N}*Z+k?>rM&Q^;o;7X0%8XCj*l~xvy_gKrzR)c!YI)qpQ=&AXease*`I|` z(77R>ot@pV*_uQo3uIb_Z_fe`199kn{fT_4;(!&Fk?FKK?mJd&QeA2`VCv?(S}b z&b~mzUWXK}me?X;reZ4U{&J7A*;vtE-^@%}VO`<1Bt{B>YPT5SE~p|spNYAv5JliI z1;zXFa&E5p&v)^e($t-fHZ+imj5;J>GLe+Dw;{tSlZ%Tbg^lQVC1$^u32!Z7ujn0_ZuL5!UahQ3EN>qwI%Sfr@xF$v6=gYL#y!q zbblF}kTBMw_HRdY&KD>@3aJvGF?2i*BjbaDI(nYr!I@ph=^-b{YFFB&A5J%#Lw?K8 z^BT%gTdv-&OO;O+vY06Q43n%>Y%H6nUESi3MadE?gA`1}8A!}+rBH6A4fT*_I9F5B z8};7pyLVq9#$O0)PULp564nkQHfhN2WuTCkMm8~7=0wa=9sjq_{=b^wA`H-hA3A} z5KQ>W`EP2U>*{_h&L&5cx7Ft6AbdKVI(I`;Q&R(76vTpub~HB5C0dLX4aEz%7TqXD z;D#^L#zHZIZe>GnOPLm}F))7Q#ZWLak>w0k8Nz+$5uHdQib{Vf>^&?}QY*f92d2%V zqoW#`>5x9d#=5#J#|rd*C)@=b@)mJEsVdwD4`#pcJ8!9xJbF}}>IOwv5#pq$Bl78S zBP2mBj=&tmfoaYe^2tl3BX5F&0|V)i6U3*A#TSv$H5sBbo~q?J*g89_aUw2FHMPID z_Y3CXcxy_Nm5a-X4{)z>WUCpN7Ky!P2dhwaJz{VwnnBLTkuC1+Q|C^ZG%r*uOQN0@rysocASXo)^6{U;)D=I7Rxh*F;%RpeL zup(}E(Pt!860>;BBJajm5jYcbjR4fm2q?x2iyIq1|DCGsZjS|*L7{r5+tJ2uKtMq3 z=ht!KF5fj{tDU#4jt&l#|D8!J++l67-IRk!XMsGo>#Z5yiIr7YD1wgYZz9nVE4#5ySfQHMa|JOX+*9e+P7Q z;sqJa4Q9R4W;5>0{5L57$=1HUupG5~YEpiuP8>3_deTykpc;j^CmLFbNXoC-3#9+IY4-eKH=A{RAs40bF%EO+ z)-U9+?o07$)@Au`nJGfsW@eIMno^#rA`a+mZccXv5bVhQZ!g^rMe7dNsTHqL)H*Jkjx_uGdYKfhLD*tDx^T_bPY7*$h^gAjKvP>0B=D=VhgZpB3+ z#Zr9pOG~N%vc~^6Gi?hUvFtRl>?U$IUjoiZ69wS-7Rsmc?SEjAMmhZ@F4`<74C=&6a|3%RF^D>HyD&Nzx;1J+>sCvZ%bcGBkqGtBQY^?Ay;(@N-Dheod0&k z<3lEnMl4U?Olf(!bMPOiCGgSl-|obCfH5_Q*^^9yaTNK@&6uc*SYh~xbNSK z)0bX6wL3quOi4{0t8&ZDZS=00$-(zD>c}Rb5Kw!ST4daTXXW!rK&^FiZVoFS z=1VT7Ye|Nbl$3eUrySM*gNQ?lMrV=N?qo;L7n3Ycq;00^3coWtbc|90g0Cm+lew{EJV2|NpnY zr0KMVl9>RO)T(no{ji?MYw!Dr-^pfwsf%WM1W@i+p#d7S81xsf5Oe0VG1>?TRv7~> zhq$QgcuUA5Y54Z)WF@rdtY&%K1}zwTP8)4dPLo`8Uj2~yZqOP6DPO_|je?SrQ1Bf` zV`HOy&1X@+`+bE5l6BWtZn(-Y8vyUck|Lq6WA(f^F{ug#ULpLc8WRIv5c>Utt*Lkz z3N{(pb<>26ogD?#SOot0MzLp+uR$rfr+R(GpkA%o?BWm8{%d>Eb$%Ibrm9)<@|=CX zdRtirCKKzFIhNI+W#;V*&lq{3(@%h*=GWJA^ilfy`n=qT0Yn-tw0y3)zB;GR^cP@1 z4|!xT9{z-3q9Uw^MwWt=RZ;xK?<<4W%)MdF4PLv&fO15gjqOw`;egrq>p$U`-z>>N7 z`H$^}Hy$%EU_`Wk3JSUlfRKdO4pQvxy``=o*i%IwpL~3fXE!#2y}d;Pk%)+igT^dc z-j)jWv(D7GM!>A;aS*j93wy=omO_Dn>Gp*N13CbaFbZ*{+@9KcX)P@hD3o*1a3fGO zoStgp4b+KRA6^QIkI?c0CW)|QhTkJ-xa-4KD6LhAh9LH!6NJ&E)bsL6;A_17%Y>smV z;xWdpRRQhP`KIv3`<9{XLiYh`uB#(r&Znx%dP=*Oe^(Du9lScOEu zVfr9PHCG=7Q**J`fi#$@hypztpYvAdx98p!whO)<{E_r3`WvH#M=ZShO}Bvok$|O( z;jvBes0G9w$7T5k!kmEHio|hk&~=v8@6#t1!?p)p7NgHZL~bBaM+8vI#^En)%yd0U>1iJ1um;eQ(+;b;xUEBvkRV)KTwDq)C%6Fr9kx=1cZ)SQ6_{SWLtpNY zOg`Gws58SJz-Lx9_4E~(nj(xln5F|LK(R*#5l09Y13riX#sO`~xVPnNfKY9k*0thd zVmCL(OH)OB(6y=@0_a}-fVparoIWP=x@dIUuJx<07Y3HCsi_Ikrj=RGbOR_QfZTwD zf_C2!x@wE@k^oNgVTJrRf^IQF&RZmmuS;A^bwffzeyHTACJ1|x3JVJpahO6tvO}se zfHDUh+{E@Kf?eFMJtl<}0`TFdl>XB8a82chd~)}vJJ=QOr)-oG!BSX4&`iq$UPkoQ zVPRpNahyT9n&oV72WcUfhxqxSL3T0%3Hshx-mnf4kglp6R`+_VJb^ZW83r0d5>BE~ZuN+m%VM_nc-jDHi6dspj~_pp zLZ1t1wZvj99GXdNJiL|^@t_z^b39mLgUJfp$(fhJ0G1IfM07MhP&w$G6sv=Qvhla? zVPpc9EZkSBiq!ZZ2mjd`MeHYMt`uWEQ0 z*9RMSlWYM@Q=VG&QM|;V7aN;zj;(W`laxzt>3W;~cC3iw;JDS){eYkQ_x7Y-UzH;X zk7vS43<3I5mvsEuVSDTo=|IQOB;McQhwHq~yA&aKchiIL(v7C7DrQE^ji=){Cj)}h z%=ecpX6ln6Ej}c9D3Y`>W~Nxp)qEHCmpXOebT43E7ZrXxPGy z;<*a9M_H{tebRNbOELX$gCj@f=@_f8xEPCN`$IeEX7^v0BJnt^;Sf7-rI~#u;?ZEZ znWx^^zQ1f+q`t$f7V?Aht?tWo)#!X3;6c0=UHTdBHoLo>kU2$T7?%0lLqdwjq$Sn(@zyD9W3sCJhK6U|$-+Iv)-{bgbH7;$FdB4no1m*VfU<$e+gg=& zyJIHF$SfXb4u7H;&1WQP-yOQ_cX0#Bdk4DpGyteaMo>c$rOIJ@dg@9YQdy=(F*U@P z?#a%adamlU`@Zb(PmSLYlvz6ULQsFuW}|gH=T3GPfb8&rGDtPy8yboUmo$JjEfgmX zNNn{Qm%`e=HNY>ISWZL#JFx4G?i6xfDBDO322y{50wyIO*nx80E92c%t(z z;Kg0Mory;8#r>lt38~w~QOwH|uKVgjdN+8(Z|JLw-9*NwR+#At#jL*w-^XVTpP7i4 z9?4^ch`9LkRj*M^XYTBF`P7Be$^%QGGkv>(Sg}JS6OyR4x=z$D&k5Lw)>4D!S zZRIn2Lq9bDR6_Eq#Kvu&9LgbNb)?^y2>mfHs6!;LQSkmLx7E(_P>%Z}0{=eKCR3IN z$zK|{?Uz^%i+fzySMN?B>OZ|1bznmp)8=8eGP!{-#)ja#uS;a^&vtS(D|q-9=9XGY z=cu>ld`IsFwajB`t|)7-lMfSmdg>%3 z{-1*u&Lf}37Qe;qXbF`+dh&bzaD7$Cfi|qKui|y?==)Q+9elVQw?W$MnSpiFt+k<_ z6LpDSdKK#KV_dACt`GO6y>s+2=6Dd}??1T!)Ln|hYX8Mj0aYHV;Nw;?BBoQhK5woEFQJ$c%B+fd!Ac@g3{dZ0p-r^ z+YQixL6sHi_ZVFt&PAEsET1VuGd{^#-v`J{2<0&;DQRP>IvUW%{3^oh}o5TZiGrmagteu90} z`MNHlfWI}J1YpE-KgzB zp4CK4sg9?fR46I*Ed5>^>hlp+>36OU)vBm!(SBYWX;K_*rQ6iGH_=e_>NOx)P1kj$ zy+_KknEKNW39Y|Jc;6`qPfS9R-Qv$zNj@6N47qfxzkd?ci+wfuor{cy8H!B0JAcf0 z8g!Le9vwQ73CTo1_qK7e)9)KC)EcXb>=3^0yvVQnWysd|Lr1tZJmuGjmx0E z6LxII7K>1h0$bUQ{@hF>F{%Qh;45G;0M-v5KKupvY_IK{-|dLOxR|&3v4Jy+D`+e` zdwcUxF_CbpGA5>K(earuzUX(G1vTpnZ=HKZ10F!@_VM8U63wI?2g%TGW0X}j_jNP( zjQeju4U$kjkx5+xv)$0hq;r1I$R|;;vSLNFH$f~ytV$hOiz`XDXDOqW(kXmFX}o)T}3UWtB!{5mWppnil!}nBjbokO!?=%1uqD?Im3$ z{3W*;H@sj%Z~3iBB=y9E7*-2{X^mnw^HV#KaMX`7(zAPiZ_ZSShYshij#Y6+r8QDK zjb@Sstn@-k#;{{+ii(Pw?d>>+j09x|wahn*-FYwV>PI9ieN~)f&Ra63E<6j%oiA7) z8#YvL_y6$p_$epH^P1scb2O}m*Y1J)Iv!Lqui4$i^L=@sGflN}iL5y-Os(%Z**Y1! zY){7oOE76w9Y`&w#e`zM^2I20{>=R9XN+JbnSkxDy6McUSBONUb$vCMrA6r7_`cmV ztuC1i7Pup^O{%VP`?zGx!ojrvQz*Y8ROr(W9vkCBYJu%@INeJGWm6h)YT?%+2jKV5QCF zhvgvG)YK?xdmiten;VqAepP$Tlsof;^DZ94H>jZ;X8oT4PqDe~8OkLIw43MG9;q+0 zmiGPJCT*R<+pexRQCBB0AIX#5wFV)qqPjX`T;wV<^=nYuJ{>u0SY?iy0UME->x>JQ zWrWB<$rEWM4=Yq|?zc1c(ydeL@`A#`NL(}Q&&Z$ce!S&M=XGTm%KMsOFjF1TjhAgs zoi`Xv9ZXmwab&*cY%UVooUjK0_Vq|kYa=#I1=d3mGaVhbXZ311X@zWDTa&T+8nMdL z=360FkFW?&8y22^Nw$7d^5fl(Wsz_=n zUsub2<6+$Dv^GdbEw7!B0-k~YyZ}kT07>=q^bR&BqMt}d36!{%L3;)e_sf?Du-BAs zn#6Y*Uq80vwwdOSJFeZjns#2_DY*c^ar5TQ*|oKo+tamx!7-o)G`}sigUzh^Q+-!? zS+bVc9eCbW;QSAM;bT>I)nB$Wn~&I(zFs{(9BGddr@mE_>vm*AO-n0|)D4|oPeR{un`&?4rHS?S5qme76)d2hB)BDEu+2_)h zEUci!yyvLSnz25f`~7pW$Y;T%$8IfD_;!_@&!;r=stM7$&f2GL^sTnXN!!(eVR_RP z&t)t&bY9U@Phls<4SLEuwyHu8k40J=e*~I=>0l;Su}P0yA1=3ik^s~SJ5WS{bW$pL zOUmc45=)|HVZq>We)I$=qC42s1&-^gOWlbbF{}opeEQ|knYOn2A^KcUMuGJRXN1mK z2m#!H>pj{Uq1jqpbIPv{U9QhJTHJnJVv2A)`H zQ0nSb*n9vkN(sn1LzE8zQfJ)!W}UwNZBkK|lQC<2pwO&JN3raAV}=WECA37x98EJF z3tD+}9&Y1f6US3L&RE*w@N}-W&KT9{KToEM+!U~wzyxhxs`UekMv-T&U`(A-+HLFM zEYYDNBeUV^V@m6F#gGLn|6>Q|jK1}J;e*kwP4Y-p%YQtIRCW9jfVR!!lWF2?&C<8c zpiG`#?Dr6ISrFWRVO_%Sw4uA&pWd?=1ME!)lxWw5&)hrv`>8UqY!`4`XDmA!^jGw1 zc^3`KBe|NWs*Kup3R^eNz9hm53vIRLp-zfIEyoApdGI`aj7F@nJu)!dgvez zobk@+R7uBIx`?$RfJg`_80368gi>|;_BY@h0edx1Tb`QLDPDs#!Wp%*Ku}8U;>_tc8Vx`}@+IEGWvfD(K0Rm3QvkHCPoKK$+fT^4RJTekHKHRr_mbD>fT* zwqbXHZtJcbq6{Vp#>i4%klN)ksuiUPw#`^?9&MIfFJj~U)RxYo5HH~4E!NJ!LtBI(mA(?Nw{dWu3&pg0jKu9`mV5EXBYed3=+baB_0z zaF?8c;+JRraqay?J|Amnhxr{c-)tc2*j`DM8Gi3p0os}4EK{c zzoV=`CF0<<7oU86`}1{#A7cO87a(4hGv}xmQh*dl15`8gK!P^>0DoX3_(2z6Y`-ig zbh?O*_z8K$F9Gmm1DT`&s2o7npq2dI7%K*T5)<(AlRJ0rU=XmpC(n|J-{XN?^bF>d z$90dYBZ_eW22t{MC=i6thd^k(M@BK7C}RZ1g9`Xe$Q&OL+&)03FiOd!abD;Wg+brU z01gGgh9IM$_QHsP=n)6IO$?W19O~u6x#ooU$|00@1Hd1TKbewXyR1WQ1no^54RdJ; zA?(-R$3P$wW!FQMmrrEBJFAHqQcd|{kh7T?UPDb3A`y%$e*U~9OD7rnae*Bdes0Ua z=Ee`qKjcjyQ@8&*FKCZoCHl;fqk)|hft@(x;@!4lI)0Df3j>ceH2RI#=VZna?LtI{ z5fu|d7dxv1&}qS>?#fk-yzB88*%D^b`61bV9@1q@$(I#>I?!9}XpZzQl%&0|*km(w zrp6l72&yp3ozOaX%eaW*#D6J=JIr#(vE-VoG zzu%UIGwT5Pv*#8G-Y(Fg5w$Q+ryfE1xb7{!a6H(AZIn^j13XpO;F9)qjVn8}+B|%G zU+5$mh|R$I1Di*VydUWod4CVtrXd>*!7dF5Et_)x+H# z!RK&WPgBv--Zn8Yfz|bqre~B{kJxI*4m((d%|asN82Ize8_Y*9DjjRzVI=Z|O@TLN zWsvSAmF&Rs{6=Rbh{AnocYtd78`=@gd%T>y*b^D_0vVaEEaHiQ1lQK+^FrTybcz)$ zhz4ixaQ!QtYVh24{dKPa6Tp=PRE%#U1$u)U{XXG7cNezS{%rmB3kVKbDozrli{jv% zn;Ae4-Ro=yi1?xl zEixJvUv8O?*zH}o2IA8<4H0vXR+(Tj0gV((yF_ zTAR~_{wE*vv?Uo?o3h)`N&{Qhz7^^D#pxcgQi=jObysrFhlSRF&!HJsk@Ub}@n{@d(FFMzVN>t? zhFUUK@IjbK`&U=9Pl#+>Z@LD%TSZ+CaB)C)+{sW5Sva)&+qSqGFe1oK$C0lRH2dWN zfXskC-G&Ao6fetUc0c9}`Q>A5no($APit#qc}yR4nU5Gx9c^Bec<`%z^rnlU!L$N? zIgU#f?_1Dfhh)YN*-g%+I>i=#PRo}*=hFjQ-F*TkL-cY9{E~(a99Kpi{n=L9L?`Do z)jrwpPWKF(WExWYbOV(p`%|p zp3Md^y=o3Lw6R~$Ad**;Ef2Fv4=Z@jK%~HP*zh7R~HL*Kj z^l?xFiM`DpL6j~4Df&~VJ_$+}mFCj&a_dT8stOfC;~Esy1krtQe*PD*S-iju``v#; z0XZA=A|`aOr3ZTsp}L2A-mm4UF<`#n_UC{6ix~X1l#@Z_5al`|M!{{|3Cin{~YVyN$2%! z-5biths_gC+eCgd2bjU@t52{8YRvy-VNg34I*WKO2k3?H!I`>xnZ9_;2YnA8l-;ZrP+jr9bY_EE0 z(G^42VQ7LM&8+;-EQ+OQDwh{C)>!1SSEItjxyH?zS;CxjaZ5+P?`%d(K(O{5XstEi zkwm<1S7i_)Vde}OEi^DwSA3<_R#ox%V6@ZOmR9*x8#>AZM=h;MJzc+SioI))J;%x{ z!L6d5X?r*h#f+LUtH~i$$tRP>@AW;RRks{NED6X@fa`RWMvBM)I^M+@fTHuZvgk`o#ee6zJY%5BqZ?Pwcv)3`!!!8;u|dzh zdW(&;aX&8aBpFLeE+5aBPPLQ2in7T5K{aqb(4(Epl$V_K@ZZ+i`{iqlCMn&)_c@+F z^Q&Eb5$>gwl++Gtjmo`$3+9R?YL6Vzx1y4E(vh8(=58A+qx`N`HKotg;@f|2m9`*) zxF8$`C4p|;-V>ehs%Ra?ZGA^uSMmR>CSmxj9Kb)ZM^_n3$FZ4og^V?Zt3{qTBa~yP z&!g8WxvwJ;KpTV~n&~C5gWpC+f9a?JYN2|Wg+^S@RDm8s2}Xj-UT8JNmq>*b#&L2E ziPKjtNA+{4@D)#&`A(`jaPguefK2WWWveUzGHfTEDKffyxIU5rHZ5?<_Ie7URXDEW z0ezkZ?|?Zp7)+IR+erQZw&xBB-x_{@q-Z2n)ScSCGsVJZW>SqcOuB7 zQhPY(Efn`UjXkZICi4J zBi1@Sy}Qr~2Fyd0kxI}v5TXRA14rwe4S+}y65=C12VH3JKo;>P7xf*D219xXcwoSx zl%??f20{r0pZ0s0o;|ozcF-~FF7~A1Q-p4d0W9DSZMB1nj7yp^9RQu6MhP zi^m!>*CdU1KV3*Jn#fgdsnJYgV;06UC+&WBLPVAN2OXvWYA zzkPcQ;H~=u3fc+uk_eOyG&b0r;{YS3RrbKgs`+mc8Dhu;-{G9(q@O`ixq0grL|h|O zt<6wLNy*~>9QZWnevDXQ_!=N1BCh)GaIFT$d=nMbZtmBuqm8lOwL0oh-J-zCkbb)z zbURpEA83llqse$|-e+cJ;+&5IVln#jl^iU5bWyU2e37s$y+1YBUq&&sL-7JLG8G$J zIOxR12CetOUoH;H{K?L5%=ScnZV<_D>Vo@#!+JX5WhA}g4;ezxsx7w7O6>l=L;~as zUQ}@cc4G|iwduhW@SReG=PjAxg)K_~T?ZWpXg){?jT4+unNXjhKLN)=7|=ao;6SQ7 znZJwBWxb#`|C_oaFQ!s7;VXb3~VMu{oUKp2I>Z21`=3a zWFcH+ZERQ&kxWbL4@_kdECA3T!Cl6wAPFNHJHXbY@4<{{3oISbv+%%+F609D-DZ67 zx(f|mYUHYddhg$Eh;SElCh$hU7G*X1g9F}XjRIZdyu3W9Z3uHaf{?1soxeVxxkfqx zYd-;t?)zF?5wS&a2k;buXfGur1NQSA8HlBaPhKjdh}{8-;8(Uv&S-YQePMcU27J7noha_Xot` z$LMIaqC-JJ!Bcpi0eJ;B6>J#<~=LVa;~sD{+l3xuF%LpEdupi6$p zC7!kQ)H>H&*X*Lg{-Gu(Z>$r9o!6E2A_BbeEf!o6l#=)Ve5L!1M&|y0%)%J7qQM-s zP`C&Rg2)WQV;n6q3KHZP`Kf^oK1l0!4<+zhW?4}(G2I8d#9Q{P$wwPG;2v)RqRM=P zsneJpVSE5jhA}w*vxG);SsviyXGAdnTl}7t@zSS|pyeDjfG`A|s-4u{-ky?yq4P>_ zdCRX*G7|EfA(^`c*94{T$nW33udZPMp+;bV1E;vSST4=K<_oo4f)s3!SK4@BH=ifk z+}e_plJdV?Zmso=SaP5ni?AFqE{48d70EnZ+IUH6v?Z5Jfa@fdD5 zfIER!Ir9NNlh$K!iE7ojgq>@ag0&hk_vE!0H>oLl3UAy(w*iYc;E77-PlJ#X$26T^ znIpSAJQnUT<@j-X@c2H7(_$MI?4jHSuxPwDKY_$uQP1xTt3|fTcfkYx{jU~Pzo5r8 zV2j;3JWK~aQi6bMcyF)5`JQ&QlVX*F8O#`7(37$A&MEVHs4#FuJL+X1JSlKI_0dC9nhR9Al1Qx8{VOyz(V833U&oZoRLfRpa7^>J24`jO4|35z<|ughc1DRx~-Qm1A#r9;Q1>4->{72^x zH%?B@lpr~xC~n*u z+ev<_qlJ_}VSa}pB1#Zsl!5P}Xkga?-}Q2&+MDmzGj;ATI>b{wP$YJtWa+cT{?EFD z*xq2L`~a0kDMytNRDA^NhhP=JPVx=%EaG7aSRMrk`b6D-o5ds_q;^b~z!F}&bRmS5i&%Dz^8xuq z*7&T4*uU2c3m0!`y?1$hgQwP-te&5r{kLv|ZfXBFSNqohOf3%7vBK(80hrLCw$Ilw z4a9R<>H}fenJk=)D7?T;0z$d_3}!aMv8Oxy$z2592)R5B?%*pZbtPLmN5{utCuSWx zZ-=ZcY;Eh>-kjlb9mi|$-0llL1 zt~zMbfLk21*Fy^&srN#N_>D=S@o82+bJ5cXs)|ulkr=*@9DBjo?e1lBg(qtpRM>H|tJm_}m=mby9%p+Qj zZ&AkZoQXa-*sf1%8w(2y-6xA_xSh6*tsOXAua}OBZVZ5pmE=*E=5~$f#Mad6#nA*` zB?5FK$WSkNSj(%v%jTx09jj_5mt>yCy%kdidE1G66t|SrEM8YOJ#upQ-uimE0z_K_ z55~3alLK_Xtahe3Zja~;2=QF;pbu-%nB|*AGDJm3{(&YygI2)E7XD{{d13XhxL=;O zip#&A3&wd}mxWF95Mu0uqM{k<62UB*_lH#`CKCSuatt;N~2BMqn zT^XaG2;Df&sV_R;GyX`)j8bM&SKo7fXrOMvz)M;*oq6J-m72oiyk{5)PZP=J_y2UY z$II801n~bOyO_OWAV#eOPvHrD;C9`mDh)iRBfMg#&+@(OHq>kdATBPJ#c0Ir=39_M zZf!R=&&!b>e_TAImBGW`&ZvXOfShd4LxoooVorJ;?QdwNrtHLX+<7l&7W~nYgUD+ID1M=U;m0}WAZ7oov{DT4{TCpdH|5%5S8nZ3{)MaILAJ1kXm2A$&1Us)w! zgwO{gT)u7fJ*Fqub0u3%zP1}JLLpP5lBli0i~F=9LOm3QHk~KRN1Sf`R6?E&9-Z<; z3CI9MPMwxy_)0B1@)Z?vs;phDzSVWLgltYY_QNA&sa7<;#oW6D=kuWvQ!xQIerPRn z{%yEu_)aD+29JD*C7GGZU9#a2*$2(!U;Zh=9#HqRcsZ&!a4*lr%J{IdOz_iylZJIpq@IDJzizV>>*=589Uv5DdmkZ*d1-Ji;JN4w=X|_!p@C$Ds$+1`hIDjUc1czpHB;vp zu}g_Edb!^7&Nc|5Ou!3+fRxlF)q3x|R7c~TK2eT*Ps>+E)S!+9kM(+>{^>OtD$aLc?M5)|BAV{@mW|R zX0zM=*liL9+2<{6JiKTtb3GH|Wl?V;M`E;;R;X3yg8W{S`(rGx8G|3@#$OHDr>8@` z$nNZK3oZ+LC&&?(pEePjoYz}T4j%#7;Q6zF4r8}shvNQl|) zB;ijDKAn7_u=6UD{o6B_GyXLn>Ev;k%e%U!d+%ul3yE9kABZMbTDRW6*iO45Hz|t1 zW`}NWVC49Fqieh9$KrOw6mh@%GLCjH4?k-58B!cLwXx@~hs_-CUOF!%uW>QrNlM6{ zC2@~C$du=|KG`?6J0F(4)C-i#-WpBeA@PcP!b+@xeSVi_z6VQm!`^noJgSRENGL>t zalFWA>aCSl{aHSVq|^3faMFRGiute`^+agUXT9!{>nG>)Jis*|-XB`$91c>)iQ9H& zKOxFpQ(5w6VvOa#)bzY`6$~$SB4CEi zS+1XN%izwfY0YSKyyNl=`ajCoGnuo%lnEgHQ+L&^5 zA3P*$*d3Y5t#-5csm@Ymz#--AeLM60x7#f}A~@J6*mrOhZmwFj_ucCkY~j-wY2FTP zEHsEudCYR;DMaeFGJQNXyY&lVso-mUm z_Z<0@_j(gOcbf_6%m4KPyi9*+ts`tKcOLT;zvnVFd1%!E2QO+0J5M>wbfl7oe6G}0 zSv0a?j4V+bdohy4XiFDLgK8vH4za zF!&zj2NQ|d>0gKn=j$0z_d2f>?`>f#f8y2liF3bHvr^<5^C3LTFR7tYvcnFn-b*RpyGy;L8ZKF`)8$_Exx}i-h?89jIK`wj@l@-=gq5KxQessmE|)qVd(Urb>+eXW@n5XJuH(pCI!nIy zVeq?X?$e((I(+G)WgS*a*o=hbxS(2_f;)0-}>Mv?BdJW>ZezWQSNnZkVYAm7wMQK27EU z+BP4F58VgmGyZLs@fabAd-b+8dl!$d)a%1TK8ueVxCxwam<30EJW33=$Yz^5JWQ*62=zIPNmY!%m;F9%_6sR zWABlRwNz&U_6mM4QbEK@nayrXc|W6R!Pv@6&S3m9RQxo1GJ)i1YgDA;D3Oq3{+4%A zINl~7t8G7xjHeL?u^Qvts^S9KTIC_3fXK9~{5P|6>X>*lnL`6RPIPwrNV$ybH#xm= z<_qjMg_u73}sqkCAb*j#p&WGf@ zz%AO}E1+9Ax!KUX(4E(1Y;5cfPVoha;MrAnlM_zi`oXxYq=xPqf!9~f+2e9tTxm;x z=j_xb%TBlsy^{RK4~f}rP6+TW1QK1@>x~yH)H(#YIG+T})s8DFd}*~`xb}0#BKwrX(vUpwlHEX->&tXpV$;{XJkDO20y<=7~l|EN| zyb#b&Nj>nnm^Eo-wQk|)A5d~#@(H-<^9iNEW8n20V)n1uSI=t>cSmAkV~h3v>Q9qi zGsJQa5VE+J)D^l?uF+eEdPTkc&Z$61IJdQWnS60>jF(;{X!N4_9L4cN<17AxorChd z@8nmH*jKnqQSPF12}Nb7iD9X6uxj-+>1MIC%KsJr@&}FB=P#vT{*bh%=y!$Q^pR&s zRY!!K&aY++j*q%ZOh?*vUmM6c;OKZAa1C>n)$kwkcQP`>vR_J52XFMK2{Tit$nI8Q znzg?m;V%iDn&8^+jET-tsb_U_zG!4-uP5g^<4f*3DNUFg@M#j042!fi$zBXLBV#>Z zmpAJzdGcE)=9%7ea$%2S-c(d4qsA(!8jnl$({pB-(;1$)64Q>a%qHKI2yN%vkfXY< z11e%nqbzve$NS-nCVK_Q)6|OC9L70p^kH&i%G(tc2Ly!ldnF;uoX;|Pp0B#CaR9dum*&}%-59*yxZxq*^eWFA=QczZZ@1<}X zF&x!LRV$%ml}3U=OI`Z&{A8?V^R!A45i7$c5AeH_Qs8e;1jp_CXtbw((zLtP)Q5=B#$N1^zt5c%mDT<8y&m_}u!Jq;@)KaVof<81TWHmO z{hD^uV)GHA#P!sj@Zm*8DL2jU<)e4>HyfS${GDnx((w7axg8YxRHHy&E@0&5O99L! z-IG!6nTa(?3)APREH%eJ6(rJl1UtTz;Huk!t!?NUm zNI;^xWQ$l!v#j=u5<^NyVosEA_W2(m?dfDC`4mw#w-%W$ytyHojnbPtqszyI{x|gS zDPq?l9guP)K=>4HlqawD=3<)2ks5g|a<$Z-BF{OlU2mGFrBfHbZB?AK!u{@Z>(u>d zdYz}TVs~O(Tm3aI^X_o&w(c9!zEJUf7iWmn=09 zE+73exa;$#zt;~tZS;liQl9O0Wkjrw77Ld-9ZkN`t8tCLFLQRle~N;0Blg<;rANT4 zHR%f4M+K_!!r}Y0Z9N79Yw3g8BewzXAXOcZwjD4F>8@G}6XSH9CDYOBwik6(RN&4i zTao-9uD&v?u4L&t1_@4rdq{8%9y|~vxCOW1?(PW^9D=*My9EpG?(XhzI5>RG+_~?a z`F_kZlP70-@9wUyT2;Mj?UA34k$1PP1|oQNkPwbW?$$rNrST$FB(U1hP6cxysV7Ak zMJB`i`Jo=iM&eO(rg?^bzfvh~R(Y*5hDHw09VfFs2n4YocXWW4BLL59imQL|{=LqV z$T)g+p(>w(K5WQfF=U%J@^NaK-%9UQk|W$^mRU+PIEGr;d524tsogKlqV8Gh zp*Z3x)#q2Hr+byV!$@M()Nb4-yX#UoT-G$CSXgrn`Zx?DGLG^mQEUz90~irmQ7jUw zRR%-Qfgpm}2%gVEqhP4Jgr&~O;&Id+o1Bm{wFk-A*!U5H?k|OArZY`eNN6c|-4EHW zE#D0S@H*hE81O-aXVb+0p`z{`nD8=sk~LNO!$X$^4y!Yl{w5~r&v2TRy1(2R>tJk{>AO`siuIuws5UQ}T#n z#$+M%&7myz84qyOv3}i0NNB}2kfY}kzq4evdXBCX7Z(-A-eL+?#T^&9Ug7w#$%^k_~4HswNYjk8ODIDb{s`enS#={tV&0cl4i3t+;T>y?OB6Tp3T)wzBNDA{iUj^ z{`3;JnB;3uoImreo`a1qPxlHf{F>~2sO0YgJ=o-!u6gegTZW(njNyVd25;)j*0?bS zZr<0VDPS=y$H`o;V!ZwEF$iNWbX$0z=5Fn69s3Lz>n*g?&aF#H(jF5;iHpdH?xKWY z<0`JZ+d$Y7BXcca6+#RLZ8hx9mZ2?3o|tAx7Ia?`kPOb^^>j0HL`P@@Z91SWmC6m= z_sY`UYeP z&TqGjE%t+Ql%Eu5%Oeh={aNVn*~`njTsoJl`XOg96s>L>A9vE$;1uKmRfbLe*wX6h zDT^f`^-W5HkQP+_a&!G;);eEfVfp$i1lr&XImxGeGBP?JzK1cHFlkSHO@BNmwZydL zYs7Uix;Ni=VXf^-qg5rUnPScsa4*^ObHZ%0x*C0f1#w|<#J`5;J|3WW@4Ps6xu$r% zVWlhTVnPkrCGz%#Cx5!=Q^(7i+&cpM+Pmg!k8V4Ju!bTM*eW24leobuONP`v0}Fd; zG^qxeAMz{}(SwCPySwvDPEJ}oVLV)ON5&)sPCO^n%9+d?S?p@qtk08P&9d&$+zE~u zg^A)9EM(jXqkRHfYBq)o6*kXU|MI0sp)UZ&29n_knUZ-(l^t3;kZWN4qSkMBx8+rz zgGHA8vtH2A`6gAGLR1~E&*nzuU_;J%BP@I?O`4+Cb%iEjl4fn!$0m{2X7pR_`GHLK z#VXX`3r6#3VA$27abQ=Mz|y($*5Cp{{L?I+J#XOFLXy1Rk8PEZ?Dh%*P#-{$Fli0> zLx_A7xSk+IHc~hBY4L8KGbmW1_O)FU@Nr|nxp^%jW{GxuU&-(XhY=X{HoIl)eOa*^ zY}(g6NFy@soI~g2VDdRN=1$-y$n33lZgI$(&Sc`YVk43|S{gZx7SaluzBRe!?Cqss z+0-Z4_5H?(jgMnGo}90no3-5y0Z>Mjt=Qc(P(MjURrx;o^hZPUwT9K6%fdn^C1Ueb zTAyNS_j75(o+&Df>n?PaQw&2fe6jmzryFwQUEW$z%PQ2M$WGD#wfA31t8E!&anl;) z#c?Tv5kusuzG71%A!tkAZi&=K+V3_6=*wlXn`iSl#=q3gqIy8C&@`mT8A{1HSN~l0 z{D~mnQ!IK7Kn%AZfl0rTDI=jOr zCGV)_1y6xmh%017SU{*3|I^74K9}RKnuiPAIrrO>A3R5k>1%4^0!tTXA1M!x6`fad zPFuxKwuPSnb-%%tyD)$j!lJ{)aeH7hJp21;m8x`kGBlm$zO|>z=26*9Y_Aq!993e7 z-ajNIl;PTPsKdUFo?2HqvA~6(g*BiSR!@ua!Fwl25YD6$V7Ostc>j*LlS>Zz4B_c?o$ryBg6{@UCP?3gkNupBnu`= z_|s&!PbWC^H2mSp;yOj6U_TXnHHlP_$Zoop$5@v#J(XWv3)c}A?#dB9Pn0J8lg5Ej zLVu%)zR3Y&Br{W)H-kfthT?_-)y!L{W#DAB*v#4=rB>us{o3BjZsT|~CPi7&rOf-a zKC!iKUHU-an}mi&T-*JHA@hrwIo@&ng!s6#`xqvik$P^Bcm@A%H=Y&E3I_qI&iMpi zrD!sB>*Ca>0tLeL7%S49n08pUaf;P{|EWY-%;bx}yqM2W5BH5hc_O1oALYD1yAjyI z#x&1$&c^ek{Af0rgqCzC`DgO;kM+OzwmNs{zvWSqkhRNpuzgZN)d!xNg2q~tId=ox(FT2+dI^nMV0Gmo?JVPJUJ;F z0fiY@7(GbU>R$N}x5nH8cR)!+*;K|Wea`SDp(gyn$musgxE`5qaH}`xO zO_j<$@zCfh<>p%l;Bvy6UgIcK&`t2S^|=nlpX1`VTBr$G@YlG1R${imRGlnJJ^B^) zn2u%_&8}>(w`v|3T{t+bjqkp@Yt_7%8#^n#J3XAO4N5SYSRayz6wH%eI4iT)4|y@| zTj6nMMMvbZUUjU`%2oUas@-p>shRTRa ztE)R9#c8G}p9g*;J%Y?L4;qcs-pNJ22PNO)#>bMB^2rUC+mMBZIUTRZ#msY;y9A>= zP^myPCtMVF-9igTTf-SHqqGPm>S@4G?MpPdQv|7(Z$<@mA6CEKwhjI67R#P3hkKHG z1LN62hncyiM~T`;u_Rat$PI;sT4N!kYP>tv^S0rQlgW2*jQTbo`v0uxKoHy)%uUTT zDuR6W-XFOfR-$^svr5gp;LUn@Pi3JN3FQh3Q+|k4D9}47UqwzQqn(vreC8LpIjB4H z7t9AiM`wO7;yeXoCy%mF^`3L3YHvkB`?ollheQt%$q-@DOK14Pz)2_?>!ZtZr zwXy}A->l|4@x71*h)raPdefiQI;QOh$XR9)Nhg!BH9;FiR;(mq%PiP zXT3*reui`YCA`V)w?xf3B7OGPc%60Z>@@dwtO}E?uzRkrPTDaCgi-djuD9fl5fJHY zDl8>NOuthiQEmPnYWF#RDqTehiM2#oXyW@@ zu*y4=7h?D3bjt^I7^DZYzr#S_V}jISS=pVD&~0+iH=VfWMg3XR$*{7tjdrNWO%*)T zym*60Es?8@<=3o^O*qN(-P28w{1U72WE>vF;417rV&fhI`Eo=nzlO^S3}&H+hF2Kj5X%V8*x==q<39*_PEhxQ0089aQI$XiNxdNv!K+3r~69P7Ak#R7LEOb zw0l+;kj+o)tf%HI9}n#oPc*NNi%v4h$QgB7jA@DrODo~meH0fr3qlvQpfz$hOeY5( zliyevHaz5bwt~xsKGcf6c>XiEb$&D;xF7&a10Pu8M626 z=%ThoAkO_$;7Vbs$gxs#+Nrql<8^-5wJXZu3?KhK5-cK-`r+{Ea%ubv---3s3X4_9aE!^KPepoerfcT!G4J^6c0*C=I8x7J#%#+~6Rwz?VRTgE*+@K)Fi_V0jU)Ydwcx~|~Q zH#VFgAa2fPA@o0-3`YCRD0e)6CNCs3&Hk}m=S*eML!t+qh7T-EYIXBn^xt!Y8`~Rj zG?|RQVR2mGe`+bB%?V%Cxmqrm$#NI^dJ5f*xDKp37=NB6+f#|M^o}kYf*)1kLAZ9g zayM?K3UeYL17>+hvdBjW66Y=tcQ_!F_d*sI8_3L;R)`S9Jva_{Sq@cJ< zRwwouwU0OC2lY_>)2*@d`q%U3_&(lKtV$QeA2K<3~$WBi}W;dEZAf}x0N4wJ;*uW}RP6r(M=bmxr=j7ry$7X5^jhFg^viz+kI$O)Ry!P$W{@zo0Lo1E- zAKeX!q#GK?FPe-0bPRaW^Ew9BXu5|mc@XN{CJ=ov+D$6TN>pEfgDX+rq#z*{=-5cN zO)Zo8_Wt**D zXu2O`YDzkxp$t)hGLB9j?K4`MqF6>VvIGVCwWOGowc8!E297H^4W|pVJBDf~;Eqmp zj`j*Y#G$>>z$1_0%=jQI**kLk2>^STDx1~DD!aIZ1ejHD#a>cJ z!(&zG$n~1mh_a{Q;aVvhq;!&W#r;aPKP9ReV=|K{; znmu#pWC2oWvZY4)lQjS}o0o5f7Q6cAK|ad4s!5CP!{6e=UD_9o6h( z;r!raXmt&%yMn&yXMGNvi^F{jI4d#*8t>iJ8lHmmAl<1V7MxldrJ90%A1%hwF+)vW zzt+}g;NY4JJ3il@rNI|AP~0qc#N-zQM2+g4;P(&$|u${y4C zGX|1jhEzGG(eMbzO&_>%3w%D1&M`IJ{u+r>o7v&UUqy*%kCgsH6S(y|W?kj(j9FmikF!6I1YF4Wgk zuG2P7xbAI#HB!M$`6*k|4HQq8_yeDw+N=Gl2Y2ERVm|EdRP>%-d8WBioqEeeL@Kcv z!h?P3c&e`&Wzb8K{JYolvIiI7B^r@6$0*0^RWQ^3s&p-f)`&AHl~!9 zO6}H+SxeN5o7*PxKVxY)ueo{kJP^1*+Q$16cT%KQfT@oW&6zASH9$7e?}&2p@^DzI z?KcKLS64Zts>f*TFIJcJ*Sjc8R>R%|u!b16)!0OT0A-G=C4`Ow8%|K5JRCpTVOTc0 zvl&!x@}XaRAhOAk(t%E;q)Su0Dv?W})EtOj`H|i#OBtN2jrZl(XC$t|g8Ku@gPZfg zoD@d$Zq(%7A^IxPNchX*(qBuftJs{5ACMB*avqLXfEaE4II14FR1M|xa$Gx~@_&;2 z5I7a|f;Be2{C*>b9cU)&Tv(KzUN{x1-*Zye5KYkc%76XZ4FEIHMawd8%MQJ}`I06* zFXy$z#~h#wBTt+x-ia+IxFPyIAD&P&r^`C|G{dr_W5%8Jh_k3y`wlT`?p|+Wc#&P^rQ0m4p z<(7{|X--x@)M>Vum!q1jly`}*HZI{6b`j2z?W%Qhe6%BU%=L))aPN!=vAo6;?_9(A zB3H|rQzyd`EJ8xbA)xV5Zb^)HdfK~BOqf14!or)vK39Ema(^d)h4EUYipm}t87NkU zM}*hnB%H0pXlm=}oh#jgy3olpRklL?PhDiprjzh;Og57E zi&ECI&n(=Jvs#Yzh`k-($g{y`hFM8`l{)MfBnAb9`LT3{8mxuiSRK@vvu700==-^) zj&VeXA*$0ujMXJfe|jWc zb2)|JtoJ;LhGv`F6no%dt*-y#JqU*r^&u7eHSB7?Eq~7M)6ClLOUCd#?@J=0^+uI? zqv{hy@?-UNbX%8rs{UQ4hl^=~;3ug&sZHge^1nKNoE6OGQolir z_J-3vHwANVHMGN()ZI`2qA0CKas6?b&E_KkftiTo_Y#{|xd!HvK=eHpa?%yUCM<&!>s|Lrq3zTUNP# zKE!KqyH^sUg2wj>48#9rgvJ{+H0jdQqFam4_mvlb5R(y8aorjL)zK&vMX zJj{dcXK(61oI*mE330E-nz%t*c9vPaeYox87_W3CA6ElfKEcMGU^o0$Kdqc>J{zv4 z20c%q2=@$hyn;?L8X)MqIA0U0LPl2E-$N{3(1BI@Z2S|ZCEQ0N(|&t7xz+E3pfO{6 z#^3}BjrKVUW!$t*mVC>+=1M%i>tU_uP0q_s8zjBOJ=d*Coz0#N_vThz(%^M8yeR z9D&b;xZm`2FJgF&w6yquW*H!|g$w;-W>&?U$;5ffKlus+oLIQ}Z%Np}AYh~bePV%) zD22%GsCix_?P?*(7s``i>wo>#Ut1ETn8unS7w0m(Q+XX**6NL0Js?A+dsz1P4&J}g zm0$7cC3O^T23UxO z^=w&Y1Y)WZZ_hooAx;Za8`hKdq4M7(!vD9YxeeCLaft&Q-%y$4RAd*j;o#B3-~KhF zN7GHW9^D>K?4S2hQMBD!&6bwwtA^=>mlOH*e{Uw^lr+HcrJAGdEvB|S5#IZkA|e0y zJHf3a@}}i@zW#+us$~7A;rRa>`SiDPWPiuL4lD!pdrtl$JW=bvCeyAX!(1@2`>rTc zCh`H6l0Pl=3nMWhvyKf0Ig>-i#vp08k`X`H+FW#@zu)sj34OpH?xf5qTu3Gv+`pm2 z3l{3~b4kM=TdaxyV4Zr4tv`W{5LLDQpGk9lxR@hAi$TSD-{_aF*5iMIj*clHLe}n; zdD`1H**5=n)8O^bz`UBj*N96&@T^YEKq_wAmIEDr=A}F+)?J3p-_FlRgu|Vrw(Dx} zZO9m++I+C@SV|Z2`RJjeql0|7AULHzu|XtvOYKxw$80+M=?$>}jE0TZW4XaZE`==TqTk^XTAvC=O7}vM;ENRM70QVTz4z0_?S)HT z+Fr-{j|N#L=u@C$=%}{=wWD(LqFWKa8yy1!auL*YPb(|SWk@^=dfr4h;z^0Js?wJ? zRNqF#W%yRoB?@9Bb2SQz%QEF6Z4H;`zEVvfE&tU0JWn62Fc6X(g>HCS#}udx#1USJ zM{QzkUPx0#IlAc9MVM;oPV3ZLmqKDY)HrqeX)PUZnpyGpl9v@jZQgE*^6~CvX7H8xau|gj7+BJGq&f+bc{m zMJBpZwKxBYj%iP;J^0z;iZS(0?(hFKT^oJilaRT&h*$W8D9wBB;1RF- z4RlQO21NW{L4G$fxjhChPy!o z4w%G<9ch!=0;qdkZ4qh1#C={5^o@u}->1$4fAA2&8)0DZ8e=(^WqUJ5nsc(*DwbXvIu62!HF9gi4Ma_sp9t(W(si%lB9r4=dzU=Y z#Kw;2amILNV`37LJIqX=zko96Q8_YN7pZBaz^4fy55njJ}3-j8#^;q-s$c)f}N+~8WKp{tK>bwd) z_h|oH&L=*BC^{u>`z;}D>8(*{2WfHRaIn7+69gcqbdj%dH`&W&fE6V-A8C}#0*0T5MqFA4Z|K9w+ zd}hu&Gh)sRg^Wqe9UZEy*R*cGbKp2g!AO4e3^)G*XI?lcyq!O%$J7`8wd$~Hl3F#UHJ zvU`8Vm=l4F*AAdt?#`^zzg8p;W=B9n6J;C1Aclsga&7xL?Uz{C|NOZ~UX|c}LsR@a zvzDa5P<}y#l;T+2xW9Mi?=bXfpD1$!gdtq#>duZVI!X z(1NI_c>`Zzi0X^t=*53W!EpEJKqC*__6DhAQ&b9H!J? z|1>|jwCwK(GSo6Afe?oGSqzT`TFCtW8z>uVxV+=o+u8040_07)aKeAYUydl-Uwb%M zNZKuucCRdR|81a``-UOp`wV{UarJUbjamO%uG0YPX@W*%a2F98m)~!wT*XP16-M&q ze~=;(aLPDKO2}#`REgwL--4r67-UAm_s_#Y;*RCd&H!7cVlHt~c@pt2EHplFmMFoa zje1solJnC<=U;$A4?VN&qLa)kHp(9fl$p~0eP+q4s{IILs3}J=cmI24jdkh%X(uIj z463zpDaNQK+cTKt2oC=mJV}D5H44H6%iwV%?TK&vcl`R>4%pd3GEV9dwV|7X%+TGp z|1wWkJ37vEg^Up+2m@LaWs#eUb|!Q5KldsEnILRr51d%4*Yd;T_3tOi?Ei_fPB}1% zMAQ@_`Do^|hJhoO-rAK;mI59gF{`Kftq6(k!c>yma?$GF3CFj3`&VMoGt_WRD3ag)d z6$06KUh)6TfD$$RRJ2cQReIjuE4C=_xkN)s_}`oOh#LW*B}@5-aTd9{Xcsbv{k}{C)(}!j%6GoawTg zI*atp>C9D`0VOF7?1y7L8NS^E1A3q#NoxNncf_!}zn=s=dw<^)9v;4Xh<-6&qF^E% zC@1i;Qd1)oDVQ9eMMp3!F_8kc{LkQwb}|k0e}zR24D^dLmNWKr_qR{Czfi@)1H8!6vZ{{p zaYS@@Q!`V(v?qUBTY;jEjx9WCCm9*|e$^98VzQ^hX~R3+Jw0i;xvyZPrIkKuXb^7O z>Kf>U#l`Un3BlsvurV;Qf+c|E1Va`*u19OjBqlu;7MF#aQ+?ga%BrVVQPHgzAcJ^2 z{<4N=n!#wqOgfbOyx8CEsnE0_L-{p|m0tY@IZbdb_9TT0vMlWvj;$rZnl}9~hpkD=AF|oylyip&fr_MaqdV>u`+MhF??BwL_o;#W< z=8f(61q80mM^Pu%J4Z216~D&76Bg&^qRh(!LJrF-EB*=fK5-mD3uX^h5bSG!`K?Ee9ub~IW#x)AUw z2AfCuA+^R{AovBkeMyLU2&qj>=I6PNk0GsXeRzOp$!|Q-)j5fYm+%IOoRhP#kZ^HH zREv+#YN%}hvbyM-u%oN5`ztXc?2?wN{(QT^KYNzJ?6O^!8iWewi%k}RFssowY2=}eYdzVrmYy*{6Yga zPO}j3d0c+N%-LI>wEk5{MtVh3nNQE+}MuVrK;B5nDqC2fT{z)pFoz(zV83wW?I-Tp&!q zi9Zc_~OLk;*Atas=wPE z&sJXeed+AjouCLT;>Di{h)tptyZK`KyO!u?Ca0T8;vp z&L^ghi+08CoX?GhQ+a^Cc|A*|+ACs0DHtCgQ*O)edLE{FXUPjdHEAqY8NoT&^+#TC z!pbs52F&5+;R@JC^4CSPyE=+=n(NDp3#PLbffxFN?epW2$whO+_3Em|3I${$5$Vc) zy_DR%K5h&Nh}sIBtjr~&ahx`^KDnQeay*|ss-4stp@r4IJAs_0%Zy z>B|=pEoix3zj{@`_dmwAI}@R7&B^`|5fvm`n#U-wT6y34@wEv(vxGuY3RUYOe^@m5 zdsVUMT%TuI_#&5k)&S@KmC)Gi^*@0BW9Z6fjCcV@HQTTbR0hgTfvzim!B~}nCeN)k zY>1>}c%p~QmnpMhzu!o>C#&rbX>?TDOUdem%4Ly++|JVV_5`5mmLI6Fktl=E@{Wx+ zg?{U<73gz~6)9>)n@@+NG@BY-rurz9@EM-tHe5q*_Gj;3+PGgv=hjOQ@ij7b>+d3$6X;1)JJ<3% zj&ym|cPdq+ybmS{bn5Noa=dMwvjJ>CmJJld#KOH%Q3lRyKVCOOaove0W=i+o5+-Ye zqu<{c@f6M4r^?SE?+4GfWKMNf+zk`+cx+(YEsjQU@SbA6UhT2v*!f3#6Vq9e`w@sn zd^rNjxWg3F)ekR@TtCReZ$1EmJo|HBWP`rL_YfkE@DZKP~rtkAGR%9xbFCHr|LZ z5)w-tQT4~x{{jLdB8-ni^U|xoBWZ{xS!H;PTfRA1IrQq`>B@`9{9Npn9JKYtCB**+ ze+>%7O-cFE`Pp3#@vC;nV+6QhJv~474E7MSvnz)adoMRHh)VbMk|Ol<^hE1&X@f>R zp#5h9D&>^%8wYROBi5AoN#JJK5Vcv<@YeL!=zCscgs2qh_q1w`?AV3}37a1D>aB0C zrvjIT0}7UE3ihm@T^xuRh&94b{2q-d<0sOe$w|rZN8}|HqPAu$Nlw7(SEqU<-6vli z^crKT2dxX6*ZJesl@l0F_xzN!;igjnG!u}3@qD!}rxlGxcPWzta)@0GuB#9JTz9v1F=hFo%$C<@o90)*NbhpWC>=0F%=# z-c&)6IWoKHQvECl2d}_XvBqW{vD?*Z1ZDrNTM~p7I3HYa(RXZBa(Z@Jgg;#q+R5@P z?z)8}J)>B}`u@2}QM8+j{YmRFpRMuCE5)IFnkDxj&~PGV{mU)h$MK!`99s+5``@|w z3RVWwnX+l=f>Fh>I3h#8a;L!^rIW|3>0gAx(502L&_$hTn~a?qgSXZ8vh62-w%!;| zLIRcLjRT3C!$zaU zbR^=5HW{ico8=_{30JyX?)In4!|VzamzTE%E`GE*t&I_tR+fjq5E-FqkLXY`VQ=dZ z(~>4&J2ngs%*r9zVvti(`ZUVjKU7{-(KRcCX-=Kz9`VXu6|3i@?M9i=f-J@3k`M`( zElsXQgE`oc^v03r`_D0=gvko60eH0qt{ry67jjK;UU7Bvj%fT`&Wla%4UA4yXp2{| z?_b(i*sS43)4Bf4Y=42vYAl|yS!6g~$xf`blKYiPM2UUsy6q*@>YD}0%L@VP!+D(6 zR+Evp=`0nP7VTa1pTbEV4JP}@Uds6?wgTg(0TF+xoSDd=&UUX)1>!FLNljPd?W8Xv z9=FCDg`Z#}uJYt>HNHGbwrtk;x_Wo|n)= z{fA`rL{69Z(qk27xbYu70vPxF5*`)hV$%Q9&sWo;EIOV%6Sreg@$V-Jo z*uYKm&U6M5feZT4itE8CObFq0+h#D{rQxY+Y<&D1d|V;vFW3{FZLi>wiQnep>g#Vt zkqHAnTI}|o8ka|O;MS1U{k{>M`o}JyS$~d{Gg2ZM{WAg;MMPBgnIc{C&D>hP&*Y!M z7MVBpDENtqMxbrvfaBuD+ckZTn8BpY*$sq5ZkzaXYDLSPRd#U0H{tpDIB(Y%+;bBG zAX?|Lyt3m1*tiM`lNh@fl9HkT5r$mWVgso83l;CPYd=!4T2nU=y8$cI$xHE~**I<7 zV&=!w42@3u4@%jy;7;d7lqunv?n@tq`d7o6cjz3Xv~Kk}kI5_d=B*e1Hn(9d$?DU5 zTqM*q5h>gVX~vM z)7t*3%F54kJ%EY%U1`eL()~jNL8EhVt#p$mfU|VpERMcweq*^Ukk3(Ai-tJqBR-wr z&-#M7`uZbaWk!$%UC*sGCDa7z7jb@Ry@yfdblGJAw_BY9NUM20{(!I(J-xm6*tX)} zKq7KdMnc+-hUfAe^kK|%b6Gl^{TW;&#N)hK&6BORpPrr7HZce-N+JMv#NZEFy1L#` zRTBPFjTbDe+4TC5G?id^rgXJd`yYh#(Mg@-@ebdYzB>879Hl{@!|YHjsOnM zN=aFDZF3W(122n{7eCfH$(9IGxCsTd(SH!I=X|`aVNhmMHmX#tf0FB*BMhf@dRxX4 z#W^Mw@5I!UE$Kz}@nbz`X;ahA$gs4w$}m~t0}P}W%hN55iCp%6=5DYn+xy1HXI;n# zYoK%u*=9or7qFrcZ1gGlj#po^1>8E%pRR7m6G*J&nQk%hb$*B^nZ(y($!0Rt5(TGddXL$bCxp!y&|{(g-N5IEYqfO3t?^C(fD$J_@@w%%!ZbyLLAYtxnpLgUWYqNGr| zh(=81^`ot8I9*-%K0im9O9`~SWbqI&)IN=ql;y_<8v`=EUs1}gcfnF$R!2Jmb@ej$ zbd=+8z(vKnuEC!0IRG%*DSf@YzsHfLJw07d&jM=(7#SHmM@Qd00U)-jilwuY>@nLi z(+R99qMfXUD$UGl>FostIy_;ux1Z+xxU&C9*3Ox~j0DSn;*bd4U3`w%`Hg7KnygH! z?Pqa#68VrrN~5qqLe9rZ2Xf?)!N*Miba%`Lj)a-!k_^eV>?f`_J@roziI`fJx0*pC zsmO^HA|9ztCLm^kzSNaHqOY54#&)m4jS)$EM|gbVBbln4k@1V9)Yk0zp02^X(FZ-f zMG|VJh}KsA+JY8cGqViMfr-}9H}BV0M~IYhaIR@9%5BO=asw3`*qE5wK+;YCz(ZhF z@Ig{%M6kNmT2CjY!_wP)Fgb&x?*+bCfNojdnum(<3-p>HB~*nA96O#%&&|%DVdL8` z4MinI`70D`945ULryha4eZ1QZ9lvl{G|TyXF{!?Chvzmiq+J9fZ6cDp;J*$ zGcq^``+7bQwhZvs&IWUqc71IhoFJ%eE;Ty$p-VD=_G-*#=vh-jgr`8mND*%#puRC) z))s_+k#E{#MNi}>)LHAI(6Ug```qNi#-?sYlRUoa+%#ZJJOLM}{CXrrE&Q+Ut&t)9 zMnq#rJ6p9@cep0e{p9SFuR-G_Y_Q{x4Fu~Pf2;t-|$Tc%VnxlU2A?CLJKHL2V-7J4_I1E`WHYYR2THBHN zk$copk<;ti-!|v_T1S(?FNxPJydwd+n-eWyKGzOf%ayCP70D#8V_6C6&w4mZO0_n$ zz0#d-vRMEe9By2a7Ws_|ZZl5S<&@^!U%oH$TKO**;CKB6vGZA$ABw$*Jr$vxT!qK@ zb0e8fZAnp|6-yIE2Ps?@la5Y#G3 z_DJ}3&DXdr5(M#|%&V`kti=Obhpuqsc;kaKAic8N8v^U2>jWK8)k)4@w7pSR85ma% zP-g6Qh2k_T-08XJdfWOelVF%^5NK$MK<8h*&D{|vdev_~z!ZJbah8U%Kf|}Bai@3p z;_(W9wFmln-Gv2xTOaQQh8iOSwW~_nCvu!?UKa-fO!;e8%Ue!cFHdi61ge0iR8;Wb zYu|+?HN|-LUB$ocON#e)1AJgGVU4sLYTjWkFrD512nqU*SJJE=d1IrlQO~uN7{_#B zqrW+S7TKL^-=?p$QMI|eNPrJr61>YU(z6F-mCJrTmc3Ko&rZE{ifM-a;g?5{r{9)} zi*h4Hcj9SZjB=~`(a#PElPgo&MRI-*lG7sFO`S{g$YLLPlQuM!lrS~jWTaj_XLdTX zqTbxI|RivVqjp&u`GK-v~aO_fJZ_~D*M|M=6+WcF7$AT*rVm0lFCLHf^;}2Lp4hj z36+t2Jx7qnFA~!4_|uXcF(l^AW3kfZ1;OZ#7PzOH8;JtBZYy->})hf zf@3{02y;7Ue8a?KQ+Vp`y4sKvN(8=|>E-6$)$F>4e!j_44MoPr#uhF0L4EMoKj5fX z@1itSs`4|58Dub@Ba~J!m@bSLC!} zFV=Hc#1xLjf0y_&O5=SQLxV){z&$KP9VS#}YZ#ojN6L{>l1?gG-b24Fb-~2yw3Kyy z!QE9_+JB1x%}j|7i;j-ZYp|Vxzb&JGVS`XWW3Wm#MYr%qQ0xdklIEb7>|x)d)Y0;S zwa8dLQ}Cu(Jg#Pyp1b;J^SnQWHCp1n#iP!L|5ca^0q3@GdxY?eIlWxk8#}z3%ehb! z5TFc-oK3IHSbhq1GMg^4PIaj$N`;aYah7XMyyFic>}4%}X>UPJ$?#(`$+;Vbio^)h zb4Z(e)4ysWH^&$wA0x-ljY%c_%!!GSHLcR5quEZ}UPLKuRdR+R#C4e(#(7IV&mG#MRzMK?XJnE{)s^hR$$V-AjdzU%7#s`^E#NqVM4$q!L zWpZR}Kt@M8{V8Fv@zU*F8+rigVJ&v4Hf!&n=O-IN4+oBdUCG(Dyb*q*6J;@>WDJ5% zAk372tuustGR6PHPg??aU?5zxaI4RiP)o%(enMgIN?pjw64B(U*EP`+GML|U)h%)Nw z623UHUg;N^b$GyizXmbV9UYZrubhejZCfXdr|dBB7}-V%gCC=)A`Z?3gd4TGh?-Xw zvN$#txGSsgn)Kn2Vc?Czq0e2ay;LO5RnAY8n*$OQ>9wM!;-L%I%U^%fpd2ph@BL(H z2ntI50%ri)=o5E@e}RXVoAkjF&Nl{!mBCFk><;G&a@yM3WsQ;=VXpR7F*c;Qi-ubx zEdM&;(GV^==ReDBe)%SKjW$8+oEh7B3;7GIc>`iW1vx}zf$oRT&Z9iG@u z%&S?f+0>mdRYIXr&P+RN*TRvaUOjZSeXsrudXR4Km91h@K-S*1b~Z=V8|{!|ZAbs4 z+FZ#?XC?h(eQmi}8$B0j$Gi=JFucC;RovT+J3CuDCQ`>E-Kl`WjEsl_hC1bf5bj#b zO_HbXoJM0=F_YEYb8Kk}1x5>XIr^?=sfR_ij+^L`S-s!(q`xQe;7yl0!!1cAiQOD( z8eHL9Xf*1M6#66La`VWIHfY}?QYl_ck_>RNJ#;2a(JP;heT_5{-9N)xp626)n$ERf zjBPR)tQx{&Qc42e%S))~*7lFa+ZC)r5kHihBklcC9_)lzX+YCfdk$! zzUtuFACPWs&u5aM2|>4XyJZNuYuf^@n2dJR!y<@*aBFgXjYX;9q=30vW2SsEDp6m$ zG8!DWy|i4l`OMI5we@R)T}8c%$)!4{^LHkg4+5bIb~E*EXbURio8Ul!^TVLC{|e|T zl$^(^x~od~{+s|_nE)&a$?-3uI}R2-=nI?yaJ_oOY`BPtCMP!#uBN-KRp~HC6lq_S zi!;k?F^i(cWfO3eJ*d~$f(AY%lBE7)%c@A)e+I32Wp+b~iD)mF8Y@qw0@>v=eVP3Y zpS#*Uo`^r3_`UvHv@Mzz0}t#b;i1vGi%;enjqN@aIZqt#_uH(Ku2SP##h*e=UsRF_CicAH%8QjZV>=U!3+$9}9ELLoVm5%A4Z2pQCmc z_mS$_PlM~H30%V#y@XaO+~u>UD7;bYqWtqHk>YDM=JP%jiA)bBzFL`y@U3*3>rD(# z^lm=FRHIf%mn*s8l~qyMSgAL%k)e#*pN8y_bC&$b=uFFqNDh%Nkw@|2|4|W09jsD4 zwGU|h1m6upiJmRj=rDl=48mtqKXZc_&ee07FPQw}aOOO2T=n%g$pF8r7M#s7i2+OD zed=WzU%q4vGC?&JDL=m}M@OQl%wQwD@2#tdgv3ZB(d=FVkIn8JUJmH?vY~=tgBPBN z|Cs&7iX1q@Pp0C`H}+;%BwM;#MuI6V87%6pCM<^eS4Z{clN`T)*D4nMP$}B%$+&r9 zdUuEQRg`qifWCFSAO8ucbuC+vfh1t4ddVXU9*h6g;(*BrliOi{x@ymKTX*-gKtv`_ zt%L7+ra*7K;(&Fy#CshybM^XLk-;v&g9d#mj=a$esOsw6_y`z15Q3+_;^UjNJJ0*D zn74TDZnRV$78{&|fhzAC3N@)g`kbDdTE z>A|50ZzZT7q{}hRyi+9z#I2s?EJ!~k|#!j}=l4b9Rg6>zDrNlwuv32QEWKTsy=0uD&6*_w|^^%e0V)s}{jwq(}v#d+FAstiecmyP3+ zBx3`$B$kDIy*<13b4{Q*O_yUfgbb9h0+3mN9H^?^?fGSIRb1a4IV6H3?>YH=)^En3 zn@vE7OAo{>@Grr*Xrbw{&$rB1oTn;VeYS`=&OmwbP~iK6BtTwd;93#EK$3AM;b}_c zOXV@vq%wNxU!=SeTA=wTGm|6&m1t;)sT0k5{Rv$$2B}swFyx`7)8U?K_^LsLw`=5v z=jhN(rtNem4CeX6g)C-a`)d z5B49lZ{E&jb6se9-Aofl&bPLtTyZsWSD!m!Jn+T~$8LKh=Kj6MTZ(VINClCZ`4zNY zE|o1*B`kexhrQKemHcVn#=VuFAnr~Ep#CU}5D1Q{5^zxU^w2<5z#Ir-| zGEWW;c)XBex+U@0jsTbno|!8wIt5Rs0#-&X0bb{tywEa#e|^vRLpR^iGDVL(UE=%C z@IIbk4ay)nd5`I3fvE}w%KoB|sA#$V%=?pO`GtDIgj>%K%#4H9vB6-4|8$pC9^JES zN&1AvqDrl#OV<9DpTvb<1Hc*lu3NLzFS}4b>F1@7`i8C2TM#KDZO#BmXm!5XMy}xe z!guFPM6#D_@Tz7(_(M(UC>6C_lkD}`M@+IcQB!ETyC9aPrP2TxFvk3w+xeVj`-*N0mLTq=qLniJ=S#r^$cnS&X%UGad z(fR_III{Q-ZPcuN$c!OAmKVkgbT%tZT4?$-CQ~Z5A7}Qgpes0h;(oMP{nc&o2EZLWNjq1a9Fxlv%Q7vC zj#Pht`Z7$(k(of5tmzn8AR)1($fYa0Hc6_xtI&mzfPesCgZ6`1vVXCnGw zXxzzG5f>@X(jc~mP0$`NqXL}>a(t1I_!5UcQ}HO5qk&smwX4xsM<-&* zajBrRy->0F_t>o+C%+US&)=URa$Q){4CvGI@^(0TDIXB;TxRhRjtmIKvLgrQ6;z&I zakE=r_t447%Ugb=6$SXjXskMC`K7xy(e_NG^nwyW1iu+Ab?A4(ORu*O11mGc>2K`R zecTzj59A2_($wlu7XR%ZSiz`|gj!kA0zDot_gQ)lqqgL&ITnh%$`l{B72kScgh_1G zFj3Fz?R5D)zrHD|Fnu%+h12Tio$g75K14hv(YY=`GOkJ^m{ItwSq?kP0rN3|C$rSK z)!NbFLsV=!X+o1{a1ee7tNdO5?IXnIrZYqxC#q;EBwrtXad)2=3>9y=(wzJ~)lt2+ z#kZEzSC^w9dM(|JusA85ip>=^xIOWF4aXkN1-s!XQ42k>sCuJev$*|fq~X0@)_=P0 zY1O$jR1CJQO{d;~J|;;z+JEN^f7e^;XJe!m3_+{7KFa4}=pbnhH&;8=gQW-cT*8)_ zcwD{*QKyn5A>6Fy(}D4Z()F{Wck?R!SXqqIQd9dXm@h0Dj-fSf?#$mE6g?8q11&$#~Xn5;go$ z9}Yj8Efy8)i_YID;Qn=YwSas->N~;$-e330sNj5NN7PdP-1Yv65`j}+k|M!{3kQqN zqDsa?;-6s##8xp5$is3&s2n*$B~D%Wc!OWaxhlL;6baW^jiu*^-RBqPk;aN_A4Bju zr&bVTQ1`3p+~|*D9AqgYA~%RD5+F_zck9auN7wW{{Y6vId$jQZ5Q4;O(Baid%E-j0nsHl0+-IuOS`K8by%18{>h=h`&tKo46&CohV@Iv(J+EM80 zqI76hTJJCXxw;=7&h|PwA6^BI#IjB@#G)ZEuTsEb-X@hAh$Vr!p^xXjFCaJ27QT07 zIZy^LUyADE$_V)vXAiFZ4Yn$OhD6kFga^t&8q+QVjoefufR2S0qe=?Y*nkS+kJov9 zqnpruXPh~{vx2)|q?LqlkIAU&iL!VcaT$$GOM@Tb;o%xxZmlcf&L$b+vbo)XrSZ{W zmcI4=brc}mmIw7(87Tkyv7&-=;Y#TFh2WFrxA~X1i*c1~t$bfmg}cqIul5xR+k;c5 z3-0WY+0;$&)uXm{4A}2;+j*aqt2}q@UcN_qzK>w)k~x`nlX~C&lGO!vwCzjeV^JsW z7h_w`lsWDCFxrG(zkfl3(0W8aqy?Y|EIWFE3X7+a ztX1u-->^7I=ZrJJmaF)Hh$JrZ(ub)+xXw&&YqYDLN zGJtR$&B(VvS=4%B8 zeVIc!yW+eZxW<5={#wc;M#CHn{Okp1}9m~%20tYSGI8roBaNg((QE{lAjmiRt(*91^&1X^{eKJBta0ifJX%2+<$xf44TvKs*w{S%dC!f)aPfI9 zafIvQgEH<0*4EyTU(V54EXU=kbPo>+dH)^DzL6_F_7+k4XfgJa-q_`z@fNAcrw6;w zwQ78m_42M%DZ0Uo|DF8P1Y{0^vXOM;P_y0q99iLM5MTevb*jcTb_V&4F@ZB2%hH~= z`x7;vWbcpf&Y!YC(O}7iur0^4)f-o}d;onX0EL6_>g^ufhP#Ta(Ug00V$}J!>zDC z3>TysC~3wYW;r-q)3=L>L7g6!l+Lg;sQZW%gUTzSqJzXh8Xr8`8m4v_ji|B|O8e@8 zzOK<>{}u#V%;XjSf!iOh*qPb;v-5vqXH}1=EhOHK5*q;7N6}`Yt4^<-c-V_K{g^$G z{@l*YA&*?Sf`WpCILkVcQ8C}Hw1j8N~v}~OgPz2~OjF+b^A9ozD zTQlIp6>e)hUdKDF6~#2^!?#X$-UIDW$UDahaW)G7qb`rCvKue$`U1d#{4iEcx1mh? zzM*S3glbKwACtVo@{|OS@o)AubhIi}uc`4OQ6#L-OniurN8Y#IJ`QXO4$F_ zg7w_&$`-pWM=fOSBg{euaa_YSG!` zY+vrSbQ71-ou|-(1B^{?vAd89kKP@dw)#GADL29FiOsf30xy-V1sR*6XSD=l$f4`; zwh0f=&~<7okRW&(TO{h@2!`vKh9!W-fcuNae;Dl@c}*+2Z!STc`8Go#TZ{GC&Y9Gh z(<&JpD1N}R*=&vnz~<1X_$WfH3XAvm=M5&AO<%mNaa^oTf=y1>Qs4t(!~p4n757m5?rwXicq-l@#Tgc{=2roj}({1z7U!*T5o#0yYQtoei?K6 zdyDV9=`UK9WR^51WE}cEWD$!bj&B*t z>__c2=us3>E@Gy1goKMD(4rW9-POfHR8ObFyDb=4PDV9Ys6#+YS>=LD1WR3Vj+kF+ z910vVva_dxDULjvExN>z3krV9WX^ST8`Zc&-L~~|&x9-65UL5ZH?QTO4 zdv?%fN1h5RD*5tH&Ez;C09FBNITZ72q(QUvuamOU+Colg#t1*+716dzpc20_4{w|J zMm=0p;)F*qR^zv~P52UvD#YkI+9KSk%NW}e)_2N|_2B?N*ORtJwXEQGCM!q+?}UU( z+g8`t`r-746G7C2ntW|Aml!tDBB0kVai~f3qJV`XF;oRcGSXkX;x=QqY)rE3S}E>4 z(?;kkQ535S+Dt@mO4#woielC7N9lcdA7ga=OnGor);3FycaYs4Lk953_}rw}*e|d7 z$}J0fuhTfBJ%5D$61TPR-<%cJEPLlNSVx24K%op+V~hCW8C!+tLlW-$Q6+x>%>oen zGq?gbF;4p#qsc2~=nnODL&G;))6!C}icYnpBqdMtpA2a;8SLRN=T3>%w9-{r9+IFL z_@^o6d_ORn^?ll+|Y$|{uc>RS&fDwi*4fP)V)QpSt*-dcM$8+kwDiC;TnbOw zPyVkrDwtfl#cG0880O!UF|s(#a$dbb;Y(62o~+(V-0E%M<<9R4ei9H>QZzM6Eu$4; zWK`{TNV4xYSak3#jmIL`kbvN}7||5#4KlK3_kn#5MpmGBt`Jt_4~u=o!GfH4We6fB z1_rK3A^)M!`-TB(3_>;&xQEI7!RbyiOdnJ>E}ANvpPYH^bzyHXag_VR{#1Nzy11K; z?uNsm+`04oe8u23kLuuCq+c%FOpBM?WgoO>J?QFE0v@n3GB!h(3>Yr4fq^M%!$|pZ zx)T;djWi}v-W*?k|JBNuuN6^h-CY>p8IspqF~TJTz+I5wxQTSME_b ztVKr1F%Qt*%@h+og}_9S#{@xDE5$m=PL$k?#dF>}Y0%8jA^!UOoJfiiYPkn{VLat9 z(Jei%fRh*K_VKH8H2|+tLHa=zYIFevxZsU*ur&n!p5KvV8>T(Fp=|!gA(!oD{vYTJkF!}oX#N~-gJUb?@>$y$YI*~CrcISO{mRnNRh!IQi zS+9>3IZDII=<6!gXY9GE;>O0Pq-|2YcC)EwTm|4{hh4n9?RDX=u%G(|#JoQYWadXo zIu8h6$`zSsf=4EOi%7TSi>eE+4f;JxOWJ6T*f$v4m;28sS*+*Z>7npheF8FxO06*x z(4)QmgI&n=2)ub4Ef~VZk^3e{?{f@5aN`ZuKvzcxMIctBoBxcL$$nU*^}*?Pz`~de z2c8a5V*`?EU{>`Pyv-=r4Oa8dU;y!_syrZOMVeDdM@ee!)#*uQx?bfm88WJ8kXT`| zSjWJkR*M13HnQp+vfiD8xvbLrjEsy!z8U7g&`;Q`(S@FClXq8EI(=h#lE>C;a*I-gnkD7^+GG!)GIO(E&NGZc-f8 zn?WNj8)Ym80vz8COn)Q$Ifk`BIV~Wb;F(Ji7a7|f zC%FnClp90ogFoR6Ut~~uC2wG0-avFNgaml+P>Awwc4%#$o~~46i60#e$IcQU;8T@u zxZvgkDciw1SqiSO#E8YpK*dJ@==`Pl)Ty1Fpgxe$sW@SjB4&(uxPGwq!=qC)1MxnN z)7!eIcIg-bMx)<>3jW=l70y^D8t;$|=$75x_!WSHd0a1$T#aJDQ<@TY5WY9yl|E!~?+hZABBE6g_0Hgu6(24LqF!I zi0zks{!E<0!jlSU|Hv$^zM{FFNq}F@k*F#!uj>>KPl|FN0x!b3MqB;w9^Z(H}= za5PQa=Ie>eVv%*9_$xM!7y2~ssf&6Hy=?iay0l}Q&K!o){oeRZ5V_KW^{-xMAE53u z2@U|VcxLwZQu`16xN24DzoEl^@=R%Rk>-1#3fj#bRiRdf6m9{7UYvRU0>+QkkEz^{ zv2ec=B}i{fB{V6ez=``WdptQs)qCoL+nA^xL1^RM{4Uv;@85fxstsy>qWDbFBcP2K zlx2kv&mkT-*d7=D0;s4EiddBAZ@L4;)Xp1Qd_l${=!a1_)cubtc*P#@KN1qsz=xoB zVLmdryrOClE{MGsgh*jVAWR%8_&mA~`{c7^6Rz|=_^ox4agmgX0!ju}SWT=DgkcaS zGtYY&jXk0Iz2`V+X>D(KT9^Wyt$5$pha^uR#c*LNLly$nkHFe<cNC8}yMBkrFU>MuHiBbW}dDP7gbrs>w{clr50la%y zK_$jVfb;uulH#D|@e6}0XO>T8uEtT8z3fth&3TSiB^vaI)y7K zCo|BGrf7ESdyu8=3(v~qIpe`Rv9Gr(vQ3V*Hk3b7F9p5O)hf}!=~#47y1;n6eDidF zAB3bCC{`k9@-8m;?Ck8A=)_imQWr+)2;-!H%<2z=%lkCOU6a_?HK5q%D>UahOu9!%0V1B5RO^%SGp z;mQ|W-bbg4e0uIDS~p2v(OWGws&3+=!a<&(7{{bbI9RlDy;!lKl+)3mNW-~Y<&*1| z1&Ri91@RPxj=G<;5P^lWmrPTc8rKJEkLW~m_t-6WZX`ht;D5{y?k~m%A6y_x8DaUVs1iaS4^e{SsSUxhtu{5Lc-uz5zUs6swbB zUev~$$Pqk+M0CdGd+QUN5Aw8HWRgU5Y4<~)>p|L-N#M1t@a@bkfz}2mBV%j=FGndi z>PMK1d%IoNij5c2kQusrJozIa0As<+-LpcUP|apl8e*>BCc!e)8;`{#B$i(FJpv~P zh1c#U+*J)%R@?1$s<0DVrO4|FI*epq$CGv8vh5$GMwW3rv6y)uT*oh5Ra!qZ^@W;k zV@|6Z4KkN$bM{0%FYkj+ZyD@$4vw#225HtqdwO)S3*oKTurI!6v3XkL6`iVtBe*RCSdxG?Yy)Jw)d3OS? zWF9a3c5rgb_l!rXHhEbeO|X4wY#J|f!wnWWO8TTHIF;r6wm*r2TvMZ6JD(A5xK6-% z4vrMa%|0GNjxRn2*@Xk+9Ve%ukJd>QRnPX%4qN+sq;HbLZXH+0VlJRDwyneXZjZ4W z!)}rO_07+!HkNQIP4+i1WNWLdb8s_lc=!|W{t*}N!X3y3Ivr29rz(Ua_pmb*x_^9E z7PkGe5QGV30MY!a z%FjamPC4kY2*y@GQg+P?aG`g*IO%kIm?Htsl8a&Xp+D3RBU8&sJR6nt4oxR0;pN+$UwYT#)`{do6`csT2rhmXs7_I!MnKYpgo>)Q zrbhmf5k>EejlY+baljqgQH9>#DCV=Z-QCd~6?lZrJyIs+*5~YZzTFv{;MCFn_5A3R zpxsa#>HOk$zV*lEo&==RO?;^A-yWz*psHW=qm`dcb5+( z@b{k7kB{S~VYV2_)!|5coXI7NK2l{CM`_R|=+&q+^~8^7G;Hf?eibZg7!niIIQUyM z?v=ayF_y!WB21+DLW-Q2m{2rcmW7^O#F`%P_4L`&{^r*;6zp74 zW2+oMNIc%(u47^X%tcQ}=TnO3?c4h+X`gcFZtsoDHuOAb8z}jhU((Xw^MKpLWGx7x ze~kB6^LrugI<8bh>A(y1Va#+ocv0P86QeNSjmwvy|wWE;p61KfJGoBX~SB; z)K5lE8OULwwYf!*Usgt0=fQhqXQx25TF{rdnberS=Zw)L2@Cf*9IrYk;%% za-BxRW^1pdnq3$f`8yYv+<}bKcrzshCc!fa1=H;1x}9tOsITcLL#Vg!y?9YAE-vKv zz$lY-e*Q6IA#<|ET}mygP%2+6GRib7%MCgkEFB~BKsVCwcxWuvHnvz)L&m7l(Rzx_ zH)vQWX}h}%3iInbrtl?LSl};AKZ$q{+UVI*GMh$wfoH`m%lg7RX}RI6i+nZChl%!i zTA1D%trHV?CMG5t8XASul;q^(m&#XV*YEW7eEj_>z`wZM2@miQ7XzIX?%^cP*~!UE z0nkTMP*8~M-w2lW3k>X^BqAAF-FWsP%yM9OxS?wZos?Ag`%+nJ_4~jBCI7PPE@&3i zZ5$d>pqBBLF$HQF(k{XT{<^sy0dCUjhyV9Ad6&CaMgdc5YwKcJ$>n65NS5As;Kh}f zgTx!_TI&tECt+}!xbT6{F7LMFAhiOGbcWuHZ_p|VF*7qGV|{Du9VkC?@7qJ|bhoVu z%atSYdF$2F&<~m@kG+nCUvHoAJ-%o8TF>>UNt+Eu`Bz2_g}9JJKHEp5K~4McvFzg<-7ZO74eK*EpZ{ttK16)k zgzjEspWqErKB@=#u1>Ds0Fe3Tt_LmzErYo(avkIX_cC(n2qEhR<#OO7nRa8#ovr8* zOX`C$O3rXdtw8*HM=>j3x0T4cjNJvuM#te_%5t>>X%6Fo>kW<>&Oh^*_qvn870Yci zmI<=af8QXs(ip&h_PG0C$E(0~p_2CT`U|M*2=ddDbMyA%OK`wb-T8fKp73{DRf5KY z1^x$=R2Owb8xT=~gsh*RODRR6Q1|fN2<_Qh`J>HtVR&FO_)_5Kt3wL#6RbwS28&t4^B`4RnI`m z)Dvw^pl6;QH7S5{l0uo<9aKAiP)ic4j+(XC{e+FB)yez+E6*vkc;ZvfV?07ZN2i#j z&(1{rxrkC2p#g_vgr8wy9qm8$qP9SprBUPX0N}K@R9FIMPv@r9Ihf0xO`;TNgf}L( zyW$wR1|3#2X7B4x7oGwS7neHR*_UNoW7>v#mx#0e6Fr>@pZhlh-(6^-??vU~Zjn_ zpApcxfsT`#z0UE2J2plQa0nw3Wsob2As(AnTY2&{KLFU4focQJs8QOsuYs2=ei+)P z`?Ll!PrCttJF(Njz;g^qOtHW17IQ!c=1=?Jb`;ulqg2cj5 z=G#D-ygY)ovt7|D-ku6Rw>M|bSErGh*O;nc1(lXSLVZig%~Ld-n>t{1fH(1N!`SXG zwx#4cSpA_GSB;>v7QVUP{{(0QL~uxuwmLtrc7s$;59r93xK<(FX#uP&Wd^%4z9*T; zpg&G}i%6O=la&3$uNm!VxqWcHy$w5#;_pxXnu#G&VD~}P-Za9;4>!{EgfMy3j-fd@ zuD)0IR5PT}sXtFidDq{+)>k(Wa?7#vUol)1;;RQW*Xuq%I71s-N3>{+9&p>CK&o6v zm7<`s3`QCC@V)!!&lemFK<&nsSGjh6_fGzxA@Y6oV!h==?Y@4o>-)d-y|xdG)#Gvb z(G8cDYoZn`X3IN@{M1W+CQTsL!>Dg5H4=S|P=f3tRo(fxdH zthOB^RG@RDcV#ma5L(*VgxNyJX;hf)KKyHDW}%G>FkkIJhNY`i;DHooBt{~f&tr8g z9}jdNIxGD}AkDt{aQA@8LnI(==kLy^1EteEZr0^hL4M$2^7D(&66u%4*2TDt5<2cv zee9CWR!Z1r%RUR)*s}xqHo}hmtte)t!9wLR9-0R%0>aAYu9*4MaWkvyDJy%!H5-`V z>m8fVA`MiDa);9Y0G<%(!PfMRdXVscz%)PtdFhaOU&vsahr{KbXX?~YmoG&QSL(Ie zU%^Hfk`t<=GrNWyaa)|6$waY;8(rOW5IE^~&&RX+WCOm|pd82eZqtUZ)MaR$?uvFY zUp|--IXNX|9=y*`Ik9(*+7=h+e`h_#Gm@cqtoK+1K7a8vnmnW-oUZE(MKdh%HySUf zQtHyAQ4&f~*jpYB=Wr~RN_XPwoAa3GY%-RdCAP5r&ssMdhO!DfJ=p@vVSB2)1F?&3 zuIY!XH;hV^T_+P=s9Apkt4$w^Ho6{l3AGnsek^GjViqG_hie- zCprUdQcy4^WJw6l*2|ix!<%Zg?5rIKyzRu+FBoR6!`WQ~Ju}Sl>VHUD(khS~- zYW43z1JH6_CPbxUQjxx}QIWSPd$ zhAJEbD0Wb1LodIa3->7?Z$qoEiOUrBr7>vfa~ ztAK5WJn1ijIQLGI&h1tA7O*;$vYQ8HUEsElAyaNbo2Q?KhC=G_8PvJ&BE|7khp!#- zxqaNRsF`7CsZ0v?otNE4%4Wez%S>nz&5P_^q@({=r}XQbwVBbk1NsSN`WQrF51hfB z#Wj`oym7pauYLz2Lp6EhlET`JjvChmwH&>~+3Mv!tyxL26JP|_f8|-!Hxq>i#l&LV+6aynDUQ;bIt=21~!n59mSm=0vA2W4M`S_Ch1gZA8b#3(tG zv90x$H5co{Pm9T9-4nw|FWSc``-e@2@9Iq6&Eo(`2dFUgKnQo+K0w3vM%%OWutcTu z1l|ajf3m`*EvV^^FbF4`!3F_%B_Q-c&C?Q*o31hso1CRP53%H75dak>m0~JS=dzR` z$c;3(oTK1Y*nP#SZ*W-^i*aLiohu&*g$GN3Muo@T(~<`ADS zE7e}OaTIR+cD1?Im`&SgsWV^yL-!imQqKSNmn3LeeAqZKDeDJd(g2kkOqc^J1>)ix z#jPyJkhoj;ZqOW$)ugF1Wq++d^TF)F&i6QwLUNqQ6-hU_+em}yMfhGg-Em#8nvBL1 zo&oc-auFGfXgIx8jS7!5v!A-HPRG>J`3!jKkg3hQkJm9Q0d!*M6BqxIhHoM#B)SlGE_ z;r07lEI7FddcAHHl)4Y%WVI5M+#~R3U&)l^RpUZc7Td>LHFx|^ zvKc1y8)jGDQjgtuYDncTFA$xeNZIy#QtdwW|T5{({o66;7vSSn(#1QiZO z6H_CUriQ-@f}2`HVqx^(kpZGrl2J8GE;pV&)GcjloCg_9wjTc%Vl;%ar>c6_8C$NN zaQ%u%*35jl+abQ9?(@KCXJi-Wzq9q?Iwd(d{WF$WREwc5Lb{cX9eraOy(Q3?H})vF zQ&PHpYZtuR_Kb`StAzjc$_J9vGd{l;i+b%}2C2BU;>s%+&$Yk33sp68ErwPF6yw+E4hFRHzXBcE5qC(ccQ<+eM7({29U*mLuUPF~Uf(Ie!@O>G9kN z8@#w=We(czY+F7nPygJzJ9vG#F^W1@0wda{_K>-j%vi})_Cg>bd_*EafbNkK10Ubj z8WelvAMH)5%dy=UQBhZyXhGY>rPe6Vza@B~hfS@Z(;q~hu8^s*>$G4>ltlJ+zf9TV z&MF0Nr{_*xbel=^-H0P`l8_ANqt4&If4{G%;;7bw0A8)koDQ1-I1k^?pKs8qmv*t`jb0y7 zkSxr~%+3QanUj&Efx^kzF7D>JbErK-*}c4M)w_rL!_SZHmR4tkfnZPc5UOW~Kn2e2 z6n-iqo@SFhRUg@~IDXeN*4K^C|C!llO0kIk{(doJOu!X5d**-cCdm$7T~Ab<&tfyM3djJezS-zUPk>1h;iWP-gEq2n zzdRc|(RYWN{N%A&*IM!1_VjU2;kTb!X{f1#+7?blgUSbdmGs)<#$)~ZDa3}o>X-ux zuJ;Q*|L`EQQEX9ERGblbE`W)61P@9*JVlSw`5=-NSiw8E;p6B=vxcMS&Q)VVA&D1q z`2;gFR7_f$&v|cAEC?Pz!drujGW-`_dOeNmH+Es_;UQ0I2sbZTmXV6T=2{yXZ_sP= z54;IK>=WIoIo5hLp!>}rJ(TBUgO7CI!LNIg%iW46+Gahsu(0rNUxG04zn2bq54-qE z$MeNftvwZHQJdQP(zP8_A|0e?w%^w3cQtoDJBvk1JZzY=e0;n$sr(wzbb+Q=K36qM zOUuxp4&12zL>%lcQ5#MBq~r&~>~9v=>rzwrHHCx@OLxW!^n3zEzmmZ-pYBl8(kcKp z^k=r#;Dg8yANycs(RF#(X#FnVj5W^Fmh>s;laP~tbZIG)i@vH{Wn6(vGy}QqSP>^`{-TVD{kF( zThqNu`~^A-t^IMGTSYwXTH1QqEyHE117dBcmtSu^Yg^f`xm=F6I1@#TTzVbAejAOR zXj-mEi>B~l&VV-<;)S$&1~~RLq!x&2wG|8CEDAO`P#3#5%zjQ6fXm5ZM%<*eU^ZQ4 zZy`k0EL?m8dVAK<*(on4H()2m1e4%M*lW%&yVXe?mu`4nsJVY8A(z@-yr6N+5p=Z_ z6kX`Yrn~p)v`s8eEQFkbB5tC{5JL=FgLHUMHGA2kt)x_1amEgE{o}LZI|5#XWe(uWgb*Z@cZOwa^2* z!>yT0e0;x_L9J83hPkuy;xxF?F* z^Nc*3{wQ;pO&pxSxGd0hk~~Db^+BoGWGc8N!Tt*_YC8$z+Nw<3zZ>kmruq^V8Y|G^ z_Ax0lo!$C-Nr|3Z>MPdmT&zx(Y^u3_;U==xODc3){P?U>wMUpMJ)^~3PFScPMg zK{Za&%M2N@d`AUE#hPNvg;v$e^W&9cYDx`gM51AeyY(_&hvADE8f7UHpT}gdERi%CIznlh2m=grl4U)-49>dx z6wkV1tEPF%?@2#lZ;i+%h$IX$W7ZwDjn^#x@b)JaJoCwYdH?hvOZ$=<2jv!yrV&vz zAIp$8pY^+UjSnO$mHpI~RNZB}T=di?E({A<3X{mPQeD0u73I}kRlcC7r$9%H-ZwUr zk>>e@h1npRR3>2-SA$h?*JVNe)qS7j#XE8HiTbRTYHB_9X%FJuqh3X~yv`e~(mmZ< z%J#YsPp<}{NvajT7fY|M=2%Y3cbcet^@^JUj`G)+RrECf*wqrU< znQXXmN=Z&m2w|7&4M%b{H!5@0pRZkt-0y}bX$~UI^3q6%IdwmDJLi~Kc09E{E*?77 zqcnIQ9<<1|>yvy~cd^8vT8s;i|HMMSQ=-%GMaR+cbfIL+WYF*%-k9Nb?A4)Om`yOf zrtrFWV^C-?enB0RS>Hua*LY~i$^~(N#7*fZGExqjddI zRNP?IsAbhCGyN(yZ4CuRQYQMaJ>GGHY{^aTLfSm^)67#s8%BNxh8;>zPtUEp=uZWn z!>h~byW@DdsfYa+q71223xBpR0&OlTxsoiJZyDE6vtgE_{#? z3(v#g2qR?9J^VyF7$>MYnqT?I#q{i8jRqABE!b?5;t{-6L-_&z%U`qCSI4?-mdqPY zzW-}){mvnEm`xJ>ao>y1D0cF#_R&lWjZ$YVjM2hYtY<7ra!=$;aSK#7IShN_VlOWC zd)=J}lEnxyVL8_ylHmER|M4O^@)AmD52B8K_ph}Xy)LuaGi-O4BWO(`2})O_dw%ap z40L?qEPJJ~;T4w6ByyIjU!FXL8qv|w!KA9H>a|^SJkxAGeR6pR@lxI0`Ii3q`T1kL zg0ap+&Ysj>-?O909}@h&GN$o;r$kwjkxgN5*N28E(3hFE%e9_MCfyQJ5)IjylIX$_9FlZq3JQyz^M z;|Cp>EJSHn5oYZSOz+2mMChA-$k;85!xr+LE@$uN=r^=@+(r7sJ$1Pg2O9JFx=mCZ z$Vh#timziOYI9LEL(ClSrDE^Dp+-r-{{D&tkHx^3AJ31EJ_Ej`ZK*ijoP6|z!+d)G zwt26JZC*|7l+Be=Jqf}t&8>5hO{E9gUqn1t8-ohd!W$zwlWWK4J4U~E*DfxkLBFw{60U`Ma(P9>et-|ZNhfq&PCCc1q+x(x$=)S+Y)$w0?{Ql={!CVcH7jnJkYW0l z?mN|#jy`(>o41%bjF!BW{Kd?mKjXyDkQ0V<3uXFOr6HM_)IicvKScFh7M&Q5uy$09 z$Av3iyW(9O{y?55=k>v-T*+Xg*%%^%Rkfq1xR(M0_x)U|8sWc;lHIzeqC!G!94^le z3ASs`%@L=LK=e{&ZmZw3l^AaOZHxrj)$!K2URd_Sdaed_b$dCTHDR!Wf(PAdosErq zn!UHKgOabqieJlxEKYo7@n1kE;xN~k`}?OU8FBKno6J-@{?V+mi#<4Xkt)Oskb>sv z#h=dA-porTDA_t6t8Zz@FyhRUls!uNEoy~VnThG^FMVWtJ3WYKRzWXqXXa0vT)sA`p5I*j@Bv}3Or{N9mq)KDT9t0zmKn|EzB{sH(tLmlOM2ZEejaq=v0{vPtg#26l6|--{zQ@ zoc#U}1`9bQCFQ?2ZRC{AFh8b{{LAgnqA*a9%JV$#NcLV_asQ!q2S3_xJvrczb0O-309M}42XIADpJS8hJdoMaN5;u;;u*b2@ z@{DbzUc(w;jM(hsan0n(FjZCGzGZT1_I`B5G2_tm6EPoZLW+u^t-iRAUH*7J@dqQW z6~t${eOwGvLN{b65?w_86g^cY=H+hQ`1m-S$YQtPq0z23BKPcrgM)hTze>+sYPrcZ zgDFQQU~?(;!9$je4^b{AGZnLD2>4taekCV=eFabTZQAY3AZd0e>1+9Lr!kE z#K{72kawJQeK-_%<(r*LdJ~YlHCtB~93L-3g6I>=@GY2jY`4D+ccDyYNA1ST9v89E zV)_qo46d>yT_yT2NYcD`QQclNSTH93ivD5u6){+ z$vEnoZDDX!!gEibxbV&P$)`z6Rj$N2QyX+gDK5QykOANOHRDgnn^|1UYS{4Q_FaOu zH4ys74YSn}oEIW|4R7e?Y8^^0#vPC8(H!+-g8)L_o6#H=?5+7+2shDKSxG5%Z7@yw zJ^|N|JzVZ#1YXyr&Hb?8%#A+Dc-%yo#%bY3LRvby8pHLW3`&@N7r2$=IpSdrrI+|4 z;8aaR(f3;%7Bd&oI*emmz($JV9g-A@*$jHbN7N6;Co;JT6jA!|S+a7{uWBCm{mj{F3 zioBtwp)nMl7>wdCY6-Ys&ldDy@+biAAz5)b%+faFw_ffFc|TzK1i^Pt z@GUi!9UUFjN{mC{R@>OPlamuazW5y@G0Mq-mk1^x9IV z+^;W{!s#_d;jH|1pSktJY_01=xuxER!Bi=xQQKayS1ko9rXFP4>KAcOqiz)6u?+fV zyV|F#p{O`~Y+iSH^c$RF`EM9R=Ev*95@9XwiZF;diq9YRK`V>(JHvF$&2yjqXb~4q z=*!E>%+z}OtSYk$+CnG#llA3`7i(?-ZPs2~2z1%-o;J3Bi$DsrRG9iN8aLYv6T#PLFcf~>;LCUN~2rmVoK zaY0~ubg(u^S>b%VUAa{{IRt}5PDvSz0|qo|nSBF-&8+lvQMhWH%MR`_um6mEg~4}H zFR!Y)CM71uxwwB?`mO0tY!E6rXZ$EFqUUTrK~AFUp&=m$Id)qUt}Hk|rk7v#gjZ|j ztwFGz4!dJpievgc3=YutF{ag87A{s+g}V+s$#Fx#r1(EJ9>F$saL_kDJloSOi5$SFNB_yRm1O#d6 zxX<#u@BQv~$GHD}#u>*0Yp*@moKO7X*~V$zQ6a#k!bPD_1h-TbwNWUH78DAt9tR74 zQv7q}3H(o}qk@9gEd>PzcTYDvM`v3Uiaj|bSxgnXCD(f-Orji0qDr)Q|9t-3 zkN#qsaObX^$jcf>-m<5(cn_Z`@)vqHEfglu#Zc<{yb&c$PFBUddDJCjylIGLhvh-m?$< z>eGzRvcF@;y2<{;+9$MN$2(6Y5AqXU-gncKYNh|K%|JQ7>A1#zx(+oBO`$tpU>N?}QG_$qZjV%;yVJh9p=${Eb%+mEqo=Vse4j~XXyl#?S) zWooWk-#B>4bMh$s=5wu$SsxG9Z{NQ4Nmtosi!Dp4pqTO>DB!f=hEIfD^r5j|oMaHA zh!qs!^-NtnTo9FsvO?=RJ=i1*SB$|X;>A?l%F!Xh_SmBlJgi{0)p7G5*jB_ouptE;N&>IzOy zPQS85+ywdf_ha|)yQmJTy zyu!k+#e)u1c6N5p#Y9D4jl9)WH>$F`ZCLNQr1e^Z(!khQK~pnnkO^MLYF5_P#N^~L z_WjxO=VvF+;nUb=>%CNnsHr)1*{>36-@B)2XJcc6?v5tQPioGTulWWw&@nJDU|KR# zGcqt^mztX)V!36GP{q*yRGH&yRt&>9-@d7{cbnk3G~Tw8mH2}KA` zardq*d#ajBT=&8)-M2c){(*s1)eeIX7JcI2Kp#bjxXoCc9sm6;bbr(ay^fNeUIwEr z0QpQE_E*}g6v?WB)jn&Z`L|NoK9%T}^b`@nlF1Y(DJjPr{VIIVPmhXk+_;fMLPEl} z;G*k*ypcVQmE@CqoZ|bokr7=<`)@Rt@O0r##Kfqg5hvJe6^Wqz_2FmFo;AkB#dV^l zEMbqLZ{fin{k?PN4r^0$Gr?P(;*MD4lkRdG8X9hGZx4RU6u1t@N~fx!@dA_KK^zY; znN8v2$B%`nDJTR@T7v8IZ)XWV#z8(NM90dCiJZsmMZL#jPakaN4USYN0u%v62!|@B ze4cxe4#%0}`gmpF#ZiCQEA8TEcNvjw?BCg%SHPzg7i1L_+`A<&FYksrxcFmDvi*UG zIDAN1S-F>%h9*?hd*z8`I=87J6LBjYk`pVtnORu{VHfAx*4B$p(a_K^qU7_`%JeQS z*Bp`zwth5aOK~~c?xkP){`z(b?>uXM2a}-S)#d)2{%R9*b9%KxlG%_0+P<$}TYpPe znAAVOCZx-Sh#wdmTfW7>bR7Hc9q-l^hnxfcpsv35}am z_4n>J`no7b#p0%(og5%bIg;j1R^<&n_3z8z!$5BztN*#Zx7P*Hw|#o#mGS)f4hs?S z{P(vqJf;mge|P(3-W0xm?R&}ncaAg`qbA1PN}V5VZF5G`4L(68&4H=6V6&a>y}8pp z-RS3WuwjaM>C!xe+jxTyr?ZPorOhXj_36fRImp;+af(b3U}{(BBpqz5tQL4uKBb*~ zuV*JU&tG^`Zo=Iv0&D7pH2DlGrzB?L7}mIb+tS`1TS7u&d~$NJakE7MGN96DO%K(U zNGn0X!jzAm8+vw(BxaqsoYQ!~`N+FF$y>5#3JLFTE}FnUW% z%Q~Mma!E-^?^`@uHEZ6JH7=CyO!*ZbJ3AHT78k9HwAi^(MTAHSE%Wp89#(5)@}DKr z%W&&+q~hZclih-JS4yA~^1cuj6jX##I8bz#dHlzZh3SAWv|P`nDXHI3M9@(;}lnHc74TzUMr$*-F&_loUD)n0# zV8nVFyF&eYyt2Sz;=OGQZuEj=_)`dScAkX2zkfw&q=OC4UFFD`m;xsg$^&+PL0^$# z)5r*qzs9q$HQ(tl@t&25nYq$^UOrZl3DvgH9l!nSEAvO+;#dLKk z{`;78Z_xl2L4|R@ZWb4o4~!yo*6t>$B zw2Px;8RjlS#f-7*%V2b!cwhK3FK^xz6?USYKKnyaDRQchiapy&@(FN^>bUqO!;AY%F0;J1s$JKQBgH8u(H|`Llv|7_VJ^G z-|nxk(>1Qs9M*zJ11KuOAtY3RVtJ30ghU)o^b#C6M>Y%eK!_sW`(x#{L+S`rV0R)r z3JD2W@~jUgJXfyd^o?WTn4>S25TmYXG4>o5jaxyblF(3!X zIIW;PM&glkJ<%=FiWp@0*Y@v^mKu^68&4X+l9}82S`@n}cqeCI>tYWOc zuWt$yd5obbxS$aV)t*{9_g9C1ExB@gF-hhTR8(Ch7Lvbc$o)*2k{z@F%cYw)`45Jh zzCfTwQC)q&E*q4*6lgd`ShAAHg;Ft4L{|3yOeUzOa&-UC{j6`jc{9^BG6# zZ;J7e%p!-o>{oZErl$6sM&5Q?{P(#+ZZnc05wg5QvH|b9(~DFq$>Y0?5B^ME7vbf# z_;(aI-F0#}=n=B+a6-6%Q6$>P&GYly2L{~RA#jz*$;t8md)S}?rn+q!H70wzBH@w3 zS&<|z>c2%E$6lcoXONOQlla#ewH(x{4%P+>9zOe@w~J*hNI7J6dvVW&T^>DtjIV+shnj>d z8ZAFq1_hXA>R%E?^=Ew_>+WX7lf4f&zhoTu;e%i!l!E_xwwzC2zkZc1*6{^Usq?Pd zc_3Ggtwf9z*_4nLyRXj~rKFly8;`glmC<_!2HpX*EhC`3jBI{>zkY+aV@6iieUy$p zyj%8ibO+nt-y_xx$g*Qww4jxnRu|cYcm^@CdhcjlGK&A6 zq_sHk?{Cj~6SJ3bJa^lz7*jsI|LJ)JFcZ9v8`sy@8B#uR@WF#v%4nbSyi=Y{}lNJj`^Ez5h0-wK;3XROBa{2UfzFkb`}EFVZf=H3FXPx zDHrvC|DoGuFRxuIfz-QDpn(WJ%xF;nw^?f83!y!pVp$PELQKZJy}hlfso5KicZ~x7mEpj^)_#xG)PeaA|xsm z&Er~HT2SHANZ`mb5Ut!Q)W-TRp4V7gPz<)n*?#}4uE~_l`#*1}?bc5Mnu0sTYksBi z`oFC=Vj+n`g-5|p|Gmf@A;6Ihj*b1_A3={nu7nqy>wmBR`x=BqpHb6E2gkOx$u_|W zN3KZ)>|jPjM8w9$9W8`FooD9dCAxL%7XGO|2|axhTox4-#Y+MAL2km%Gcz+o!E1rS zBA|)_934D1*%Tmvg-;PqE#exy-7;Ec{16QTYwlCZb$rS2;b9#v!}pkjgM;Qx34n7g z0JM(RxKLxLDJnuRLiYp?joEs-^F?I(VR7*dXJ==IR5eO>6r@S#>)TmRQd9qSPeN0F zn25)VI zdie9F&G^Jb`;Q;uz0xG4q-ZGqOnj0!7JZV;%*@M`2Ke z*LeB)<)LSLSN4DTlFma+MfH619K~?s#$~86SXfy8=ci(T>gHEgGL{<@bp+QZYk7Lz zlw@U5R3ff@Z9hp%9um@@m$^_-QCWR_!uYPb+E(_zqZ+O-mr+zvSwxserPU=#DXHz^ z?n(%O7@)E%X}TqP1R*E;-LGz?@CNQVoE|PFp~5o-?2#ZqP^r^s>1C9|VE!c<8X8`Q z0fxR8Vx(>}O@l6P00eIB?~k%Z;a%hIYLCR8|NZ+Bz_rC`iN%)^e#)wF zg10gjfp&q^@Iu@N*QuHc#Xu4_x3Q5(DPXrkqKc|>pGOA_vjyaLnjcOA(2!+UEV0 zNs~V@wEt6H;=Gl=cfA!8|y*^HCT7p%C5@OT=AR$c-&wmD85vh* znom?xX7={H_tqy!L1lFJ@QBFDqPF3u^xc?>gHL0;apRWA=+WNlccg@aiV{OepGYO- z1lR*TOW36Y9%=jc2q%|G9j`vR7?4Rpw;7rQY7u47*@A)-)BLeBstT_-Ce3_1p&SAKS7!teEZ_^Cf z41RtR$fDkpvL#rFyQk-a%uGtCAenn4WOuJ?W-CIbLiItve*HQ^N;{(Q{LhYsK#O`Z z_Ks3rUHyZ@AUdGUPKXYung~zx241G}63P4Zsd~~>PJLy-9+g1{u9AU!IJnX1f7ixT z;>m9^Tn#-|?SX28Z2Q5+v;vTn&uKUD{QUe3jEsI69aOZQcR-+mZi-c`^XRQ^Nxs6v zE4+e&eU&p1DNmk1e+17o58)^3v49DBk`{oTy88M&?Lsv%vmoF5oABoCxpoZiwNV1l zrrIX+V-Qvc(ho5;H6CEQouw}YAf1RM^1;T0hK9a-|9)tiCggC75gPu$>)X^TtE-lq zGtCI|h6o02aS(DyGH6dxS-E3&mcG5c9TonFjI(2Unig8U*r)_7#H`6bA_4>33gB2> z*o8DK8{u|Kb&MKF=fZ8~xBYAZ3ade#JL7AOO!Tm@3qs$3{r!DqZEX_Bw8(6!pxpRZJ?w zZwCrg2tmN5rxo{>1$^g|q@<#P^d|~2&sVO7&=UvW+o~hg3Bu*cmnD#Suz^S*f&0O2 z*356)e|3meGWd`PBE4s*P~FS9v%MV+POcjYp3IGH5c|e!-EuY_bc1pna=h1$B;ViP zx=3=M=9ZSCqoOd8!U?|`lxl_dQSjT~fPfZLZrYd+b+n-uwDiGxFMBSd53%$#Ojna! zzfFjcPu996!3S9PXG;Z)UNdM37Neo1onKpv2dTYdbdhk1o$K<{xPksGNa|D z@rCN?`AYHR4L)J#NA{)Wt#n3Z_3v&AK=TX*{TDMtbqm!XM)6>(lu(8QACCe6STV9->iTZEl zZXCX+g$#otuL4c>D(n}F*g1oH_0o(lGlae{ z^ua5nq@*UTp~$8=0P9J7bqxhjf!F3E5$a=A!|F*zAt-1F27rwDVDtw&sY0*J2y`O* z?3=$P%5ZbU2|ZyYo~EUuVq&Y@Z{J@8Z7(Q+Qk4tfN^F!YzI$b?B4=Y^HDoi#kBK7? zNmxKr`5>zmnKg@}+8~<&NPxQewU*-ywqk32LI8xYc_^uMfqyxU_y5Gt%~`-2SjUd- zzr8?1(Mb5>U%&IB4G`NP=&7LL8;-3lD}a;0>om;X)!S?Rd$_nRzCZLL-F?P!-`~WoK9QV}@S-)&KO651I}(1k3hfFEcmy6$EZT@OnV2nX2=^fSi&u zGWv17zjO;iG~ckwPBiRX5&>x-u;$u)dWwUC(+0MS&)RfL2sMZpF)c09NW25Ao`Vu& z&>ScfCC?aox~&ow9X)^coE*f?&N`39cdpao8adLmtmu53`e?)N zJXv#dmZN`uejdEG$d@lovrS8&MqPY5xf-V!;H$uSHy<;6Y9vV|i7o*ol6mN-vGMVp z9~{3+2ZRBLjW*!=rYp)RQSAEtH9=orpSNiThfdLxWnT`xQXEwMFP1d5!iL4ri)shK z=Y-!AgK&im?E!UuYtpUN5~3XGh2nl2_^2Gov%$to)jRR4i@iyCgAM?%c!Tzx z`<@GN_U1r#hu4~-&*}q&4Yi1UREL3mMYd!F>bq%e9~2S9-pDT~@VR{7jGWt~h?<`n z-tF>3aJbZv6v&I%Z+V-G{Zg}LDqmk;)C@VF2~-*Al<%O^PJeAU1#jURc#JFHjvXIt zR&a(No*m3u1ImIvkAsgNWmMJ!-HeeW?w!Y?G6;J`? z5$Tbzv!Hw9Qw!sdj*bFtlC!b-iJi20w7U#UMWsZqY@ks6nrTU?23u#?`7S-^n^6xR zh7E}o8&o2eQt8?ao#sFv)Au14=ONR9aQy@L_!nYc10NjkL92l4>lzxYdLC0kQTzH= zyxQnygWqN%F|%?m7-;pbu_Oq;yIRfNKjHWO&7GHzK)v{>+fE@{Ua2)9ZEt265^^S) zvg~JUGpqTmDqi7ow7gE45m}B=E~}Ijty^5w``+h zg&(-FAjBHLb~=yw`CR2WSX`)F>W=Ml1dxKlw=!HzijY;n)bI?t={Bt;K>krPS0n<= zeV?9|ufP2Q&LO>|bWl(bfEgD3W+0{b;4R5~&KZ4Unk1;3IzE zI^KL?`o2u3=K(0Bd+&ZFOaxhjLl`(*B+{SZX92ze-?)d9r+wB#0KdK<{1Iq6TzVEs3h%7>Fs+0$E`R%25$uql_7LLt$Yb>)0+o-Yj9&Iry%%f2XJ}= zZqcT`T`2HQ04i9Znb9a|#TKnhwuV7HDT{@z@AslD)5DXIX*F5&-EAa33av=tF{KX} ze(5jsNlChF9Oe1-(#6I(D2>^-R(fmB7^xDlAPTwweW0PBsz#-xkb;J+RbeKDPcMD? zJ>{jQXyUr!6mX=Q#xuHKrQ^U z==Y1%)ad4*112C_LQcc7;J8>iI>yOdoRWf9T+cyeuiw;{t-Y#lqq&+qJxxKs^14*J z7-$Vv>>wxwyEz z%kVtwX@FRwP#Q1A$viwf=%?AXE5}=+6z;W2_yeP`Ty55TSxF6O^W=Cg7vK92t5b(*CtX zDz&cDM6|RCAl8JsOTfB-E~vm;x0iFmtl;h$!Y)*FlK$ZU-q)Twpn&SPBNTgX4rOj` zu93luCUdq&I_xC$8XBFL*RRvEvEkORFrcXm0JH#PGsr6_3|84|;#2Y?I%9^o4+m1m zL9}V>>A^ZbKL@0)Y+^zKQ0rjiTP4V~;29#xjKn&GS@fGX*UL@n(V?%yu_s5D#%f76 zinYr8TsXtz2|5-A%dlzo(vR=o@A(P9;F1-H^ax;pY7OqkQ|mL}+S3GW>#zJ^iUpCs zrlzN5j5OOjJ26P&Fag~50BH1Lnd8(e1zmdh_VzCb6=>LxsYSR|c7lL?aT(X(GbOY4 zPVMDzo*e8z*#R+pz(KH~vKJ(3|1cc&eO{~Wznwx)=<>p0!DORum*C$uev8~5`K#W1O$BG(?eDWK{rn21kc3h3zXqUfYN>$ zYyxII+7Joipl$NIF3q#M+}{fkC$lQVnW~1YtIEC~QOJIJih(?kWiL_%CJEx+B3`AA z&edmXtWZ2smJcg{>iuf$U-vNeuXwZyFcu+BQc_Z;tm^<-EDyKlkz7(Ml!pl|ZxNyy z8FPf9LIw2V`f}&jE!7lkqCn1W?9)?=?PB>zV@F z02N*aD5nBMiHL^g@yCyDBD2pAEBu6$siI1=F{ z)5s*u>EAJPkRD~`Ktu$2fr*h34HVQES%x+kp12F93s0iCFaGnBcuumUeU z?K>ILb@MgnL5Bn}9ZC*^3SOyR$;j>GCu4hrm!e^~1sa*@&>Jmw1SXf7)RREK z@$&J>J-kA@1=8NnI>twSuJ2%K3L8Lbhk4l9C1Yb_ki94XCSEvnpF0Brk%PTNs1#EE z3boq-JOWexGN@~$sYwWwHXML`BAwKutu1#Ds1ZE~`p^*T#|fA%K~qubHR-+p++PE& zz)NEuo?fD>t7{G@H4$z!ba!^c_bgXvM8iR-Sb(a7OnV^1LI6NM+#kDgjoYLR&X<^s zEc(6e7x_G`TnG)Zrxp-IU|llz>-~Tm0hFLCf~J?aG~snf2PGR3=YfqQ+9^N=L`x8h zVHR>8C;Ij4S3ovBM~0|pR#7;wfIuTm5RDpvkju_}^9_W;v4j3(zRh615{!}|swU!K zcYOYgTVdXcsDj%ko2>;fWiW+arX6hHusy zngG;r0gAmCoflL}kWpc}3106?1c>kE6>70>ec@?k08hnlV@eL}GnkCJ3tU4~RFqd1 zae@#b>=71#W$*Wpfis5O>c5*IzEdn>D*byQ!TSGy%|Dmt-$g)8|9kzfJN19x=l^ic|A&M1??(T7 zpa0V}|Az%Vy1Z>)ZcZ9bisH=FaJ^0>`;CZP_(AF3-iK>c3BSm~-=NS@HvHWGo>b=r zsd-R+MEg~T>X!rw&xU?izqB;`VPt2iYgGD%#~Krl(npWnDxX=Xq9f;xOiP&NUr9lO zw-ps(+VfMy5pPZ6gYu zk}Ut?7N~UKB2nTT8$&)kgjxte7#*uu(hWTWG%N6Btso7HOdEwUw%u4;_@k|S<7+mQ zUBrE@)p^=$oW=SK8Cx# z8dkn&XW&rG&(G%#?Z6cDb@^&BaP5}*?e^U_Ve@;%Dfm6D&koaK^d!7LEIWVGR22U@ z>D$p`9{N6T=dk6WQQ1s)ERmdF?`)+L0hi(87kIOn*D(EcLRWi+Sls!8R&B@6n_%Z9m7*vd_P}KZA`1+p6 z~|VKC!S_x~Hqh{e6XV0?$=>T}(4qm;qiDL0~I9D=OsA)IJ=k^jdP^}$PT zIU>S^%Glk6T1!fva9*wc&#`CXD2=N~)pexy^?DtgX>1_JmHdP6ziAB}15$H5yb|qW z{7Xx{rLQjKju`zvep6|{Ma+No8GWSzdKvjT*}p=e7+w2T;Qy7d|Gz}L6raJ!z%dT& z?Vb0k_H?Tf6ER=`7#~XnTR3>z7bbYnsHw9|zT`*+#UR@7r>CqrdsBdWzzNNT<}GQ6 zuE3n1@BeoV$ z*c3sjO}lA~g+eAFUu)(h!vE~p5EC~uL(7An^|`VSXxi=Pf^vYYTm2hB*Myex6MGE& z?RHI>vnW86KMm*r3IJJS0OJ#SS0spj8v+*?7*+X{P$0kf`AFb2>D z-~j9#cGHFr8C%YsHw zn+PljjFXm0RW-FC*6&7T`voVUu=Q0pudJ+?T(bxOl|c?{VNDw1Jki;@J#ZZaNC!r8@AcE1iWa}e<$G48hGno3>zT*BZ!R!?Np-50}ALi`FiNW5Im!@+C2t%qUe=Rat0s$hht^ z_Pgi^LjrB&-{W4}JeWSmR>sJn{Y#;GizJ5Ur`Xk>@Hd#9%}+ zvkD@IfhE0laG+vkmA@hHwlP%?VlurZ1u>a1v{_yek+HKN*nETlAO?6H3lQKZYs3|L4kfmDyf$Ri?(;zkY$>8j#b1&22kI8alQG`mG5x%P0rlH0y@}g5ayj=WsOyss{oBcoMXf&l$4|a zM+2Bl?BmB>fb0kn9+XAmcpBJ5wX+P*I!v%!$1Ley9;v$)0Kb)A<$4LFhn2=a<$k|C>T~%1Wns# z(q*Pe4A{*U4AN&iGa)D;rx(Vqg@uKI4ah-O!{zThm()-&G>6S=)rAA!_rO3Q{yFrN zMG$NomXm12NI*GY*L^#za=;3s%E5>3sw^Zxi}GRQ(En&>={l`F2!n%p3fL%wbq~Ve z@9Fu;reuVo&U*2PQ&ddM0uWSXIDX{QKomyAKX4kLIAS7WtYEv$!-l|)#U>^7f>nXI z*ri6*xWGLW;LgM}G%uE=!4-yKUHYFw!>sV?9iIb)#l*^b>C>lAU`pwhdvrp#gM-FI z!3YcwqL9I3;DQDOGhEg%T!0FPnY{Ln4)jfOOZbk=AnWIUsB0xf%6|*RW7gD$3}H}G z#zAJTa&Y!`b*(&|aRyNu_}SRm$utuSJ#+dOOZWoLNiBR`;pcY4CjG<0LfdkWc16YR zIN-uCp8#LkxeJ4Jh*ts|feHs~Z$19bvIxX#R2$G(DBrz6&VBmnr2++E&YeI)qLD{B zW_{DW-lW_(ZMq@r$&+xHVE$hxl)8Pxb5Cy9+06nf~ zTpR>4sE-Wf@t}OcFwBbr+1#?Sn==*jTN?>q4(KmP;Cn|;)C!?y4NMCrBqd>Q)eL=z zj#esH6ase*#0bQ_k0GE&;%fS~4kSN($sixfC}heo5EAf=cFw-S0D&<~>Z^PI`9TK$ z*`O&qt)xE@;*rC1?3&DiN&-Ft$h{})Aut;{4>GOlojapv5|Fo0e^JO76fyyT3J31I z013Dl^P$H&Ki`nv)XhsNNgk@`O!6(U`( zSSNI=!+vY79Z}Gsp5Lu;Hblw@v`&!X9?CL=!;IVD!rJ=!W2h*=2G&SM4-O8vF)%Pp z(?ua)5vmOR>=FumeaoGnpA6nvL~K|&KqE(_yn#H0N=OQL->xEj#VHSj6qp-l27*E` z=i>1e!VWtEJ9K?vvY{ja1E3<<$w`P}@XsA!>Y&vcvt z;~zhN_q;Ym0!n1UaDl z7ItA;uAptQqR??C0o zMdd=TGpKeVgI$3XOomnk7V`A%e#jY%m4Q5@Q6TF1X3NPPkvsJer^q}CJhG*;Gd`RW z2o4Xgrz6yBu$J*Et`|%5VbrKiuw{C^pK||w+SPKFugGr%|zYq*CY z3t50D)=;?HIy#tCYMo&w6|5FU4h{}|G)2_E&U@!YEI6fYpFjUD@$Nr2;mfSZ5zaiKOf1NOL!b&hY{`xU}TOxeH1e|7`EtB1YNK1us{>5y6$p{*-x_Xl#( zs01ChD(E7$7-X&VxJXj0w?&uO9(UWprG)As60w&^vf&FsOx$9eXkoU~^6pMV8m#2+ zhB)!?q>N)Ro7P#;DBs`4b0yI<(xO<$3F0)ro z-#d_JOA&nYqsV_!L}Xq@WmvEe@V!8yYu1Ew zaznOV#rY@)yuWKdYC}jv4F&O%HfN7|_m8$_T#$En$mgJ=fJ|>McXI^V-!#LH=4h_X+kp@ zVxc(0hK5Hbht5$K*?)3!4&UmGzwew%WwW!byzI!5fr&PijdXrh)BWZ- z3wIA)hxv`#CvWd?cvmn>3uCF_8OL$B0LYuqmqwTP*}N; zV`Q+jni@ah@kOfjk6LR18-B4LKKpZxu|-5IEt}@3<~xMlYkOKNmzUlR)kYQ$Ur{Fc zj{etZW4a~6Wi6~dJejoRhj5{`6qjKY!Dx-I(!SKYux0YD-kz;aS;YV~{Wo)lze6O| zn+XfMX!HVo-woGBD(33XC7pegld-Wa9;ghWKW&*MbjxSb%73*a6H22uT4V6uj{38{ z=drK|2fx6(kj09X{Z5PN_av-0D{a0CKP%D7bhF}k9_Oav&7yohm)J@-6%D1dGVaDx zQqttq!Uwfu-drY?#DB9s9QG#NU!!u%$TUWVy&d809)gPgh@*FG zi$s3?N1_Yg=#8NoUxSlfc|q5iUsa(i;Q8vj)le<0=UIqiA~yQqb>T3^ACh^R)m#IE z{*p*rvIM)q!49Su!_S8dL`n!8|{+YbVV>I~6R!hB})i^bj%x2{7Pzr5I@@Iz{;^n1f` z{!dAw!VSVOd(L9)iw~0XZk^Qf`}djFkQ*9u^gZX5oaOG{#KjAFREg1$=NjN8D)CHK z#!nw}x(>ZIMz?azZ*fvlMvB0dpk!f;)$8IQfJ3Hl;Ys_#LtJ(eA8KNJqy`WXg zEl?-u>TW_qVP?xjqrEiFm9teBO&3vl*fTP}Ty;l8UvR4?J;Av1ZGDfFeQV2i6+$#r zLv3ligh&M=#}3&Pm0ooJ^Q8u#3d|P@vvG}x)G1FXO}J{{%rV+&PAXCeSz4Uf7ymqahroVDSvVRbH=sUDxvBH08=1pd3xOH9LSq*9w>0}bVV&4}QG0U2)ff(Oba-_9b-Mi|r! zKJSXH8an3G-gJ0UsJ9f5T&}(Ra@^*vz)q9s$00jL^_0|Q*483tj?Yx7ZBYF;Y4z>0 z7hQ#ne6p2_1&s)Xe_YVIJ!hkw&F3g8%% zCR$0-hQ}w=R6dJ?R(rdK8|Vq`dg%7+|!l8FbZ;w_M(%3|D6S(j5H_j?-;%$ z1K&Nh8jYIA3E8=3w_%*=cK-pn+d+N6NdL#aK3UFM?%4Q*h&aQ`GzYWsj@DRtkDD=i zG%~R>O(GW0gSNw}*yaONc_o*dZ;PjpkP^}DbB#qCC9qga54Si9 z+ux9oeDpSc@z77C`8o?@DisM1Q6Tn>p&*q81}27z{MZDhM@&qQE;-cBOB9u+@?6HUUt=vU;Vn}PEbGEwN)Z!X$SNILPxtA7IyE?+VBRac zne^_R72YOpfkd$Q-=7N947eKnd9#0z^Yr}0ox&IoyUAr|!OeIs?f}zB(w+({GD7+0 z543?gU2J87i;OaAy?bT87*&i9^tnyvCi5`dJ$>g3<_q3c`B@BQR0K3mss{^r2uqf-5}5=lxg_6&%ob<7`ki0)^L;s#JLeZgI%VVvEp+kG(X6c- zligFrGQ_@1BwnNI9g|}@cPg4cU5lK_(;8eDb{oZVGncWlwyN`7eXtsc#k=$UT;s%1 z(3VrTFsyclg_Vu>Wcl*m>W}A)%)Ns}wn3o1w#P{#t1$@$r%-%4bJq%SCd}`a5mLn7NXnPjldbZq! z7RmrA-S zn+e`xL5o!JWF70*$>zScTC>iH?$iV6qoEI9;Y2gGrrq~9#x*>(Ndhp?S9b!<&HO9N z4X-`T=?&@q-0gL_)q~(#EzPj&_zV46f5MY6zU#9o{GPp&zBR>$2XVKA#(x;TdSh>t zZl_wMe*5}&Pj!XorcMovS?5B^5*V50DR&xP@?|X0>BPpXX*~I_#{_E+>r#_LZ4RXhVWzo>Hfhdhbd8HNr8^%pzsGTI+xwHheK4ce z@Hs9+%HQaOIGN;peC8r-Go)*jpdY^OR z^J(3hhuFT;o|jJ5QGG5=oxF_yjiO@Y)otwG`s{r_mhb|0I~h?QoM%(Z*7W(@eklGH zcI>WHIGL!ol?stQefC7#_F_lMb++MCe!|IiOO`4dE8Esm@8*2+_bf+sk*tPBA;;;6 zS~JH^I10z128?z_R(esh+mqflM-MVt*jR?%hv?r+ui?RJj;t`}4mE5V^e!)(EhPwn zxA>XkzYg6^clYoS&}|9LvopmC;ZrNaBo?GQJl}3hyL?CU=M8r&dC3y;{zAn}+@GJb z=);w7PV)UK(ae-^$v0fMA9&k}$?I1c+Z(^0sn293qpv(tiCT_ITW@SP`&n0R=Ju}+ zpAn!qbW49wDjM4HXFk^ zD-tVSuQh2D%A1akTz6==ZVJ4nC>{GCc2dehN3UL|KJ5+k(gtvT;~`o>Z~CsS)DExD--uE2u`JXP5-Vc{{HKYp6iJ; zuTInn-qlnV>h`*diZ#BoTp~I4b?ZG*Xvud;r$d?GHFj*cP#8to$Imy3S9@Hc>ZHFrR)GM6$E^MsY8inl-doo_)Sx5E;Xg*-918IF7y`Eg_Sy7 z&05v^YfrMKEd;3&1YN!-yHM*@1x+gd7Id;S(yzV6c{Zoi)%DpS;bk;)8hN7K_g_-n zYx>-b;v7$V%EU9$miG1wtwx@&Pc?CW=_@m$73 zwf*QxOBeSO336FWoX!vmpfMh;2+r;DTTc7?>J`iP8g;^Z=(t1%ML2lE>jHmYWH$PW z0E>ZpG3@OqeeWzA&sf3cHfgk-<`^0pS~>keZMW%Y@1{A)Ek$uOf!g1ku}k}@Ut${? znQJjmq{ow~^7Ey!T5#&2bU;obO@Fv_#e3^rabH)%q{2cn)-SrRJpYO}X;pC_Vc=!D zUC7ZtR>rgAnzVAV@bO>rnF+1FIg3xL`X}aVAIa#8nU=>#wrI+Dc<{*|Q$=I|d)V&& zAhRRLf#!KP*TVAARi2ki9-+GvD3XQ6%qqLtq zA)Ga>i@|PQFMby2Ycu-OBdPhzexzDs*t?fF{r6HGnCV7a4kxhY92Xy=FkmO zdsZxaqHkvZL$e@ruT!<5^@uL)Mb^Rbh}NTLAA>_1#@-!q9*87vczAj+icK_4HfA+q zpUGUL`I+5MN+_dMXrXi)ojVjTYdN>O2)nt?j|$ki_VI(u%xMJ5q}lVxyq9NByQi-5 z#v*@z$cw-O<$Ehj@pfODLr&?{8Ebkce9kSwQDlWF3=oT6GW?{!hymf)-T$N1^w7{f zy5Ew2lpp(#AI{%Tp(ng={um3dyxVN?7FjjAL95eciQ3ZTbGkTCzPU1_KMhOtdeaf$ zeEyJQ60n0t+_OF9>$x9&`^jowft#5G( zqkJt1k`kb&Z4fj;4!xfB1|HGB(cjE4~w5(-%qO$*@%m)})u|$V};7k#KiN>!qM3 z{krid%fHgq`rc5`X5#l+QhTpWzF*I6@!nNd7l0aPb1>{YaMjH`Y_!bebeOGW^@ii| z{Q#KU6Rfo9_nkh4^S<8u#IkpS``p z7uF#iU(CG&&bJ%qbuJXrg$oAJ?^7F-kdk~fso!bm{*|VuM;Od?;_G^ezhTD3q?}@(Zl1c29S#nt1H@k6-gT{+f0T}oHbw)UA50(<4Pit?!AIbBrNrl77zK9B!PymTm zE+0Y`wsD(-lba=K=b*z*&WqH4yK!c1!LzRiE9bw06sKCc%gd-UB=@P)zW!g#y=7F@(bq1z0RaUi zrAt6Ty1N7fl$7r7?uLzmbcu9}2uOE#H%ND(d~qOq|MuD| z=6vRy&ofv07jSC4kYH?CjUQ8okfhST3BpJ^Agg1Ya{q^c{=NU#woAdT! z8!FGhWBT;_gMGQPF8Vb_WXj^W#dMgtPbI-XjD7AYD}BJ7=joC5e?=veeEn;j5@9RH{LaP@H zNX=uYwo6)Ipkc{V#iLbFW2CdcT``Ee4;NlRVp4If3uB?zW7K20w?x_YO`y1P$4Z`Q zaMb9_a5>c6oXRVk>kun_x>uyd&vaTlJ{r>T_3Cz21r6-}O_|gW^+k=+Vg&~r_^M2a z-C-M=59ewInC_E1oN8-^$#`VRUNsu-{86R#cgB&i>~TZ=Zas>*8Zu>c;2fQBZ^|T_ z#a$I?utq*Ma!orGf>V`Zd}@lNQ1*QB@`XTfWT;_p%HImJrOpbgSvf;y!te&Q=3WF6 z(@qPH(uxX$gNk7AAHn7W2VkQmu(;DRIYYyN6#*@maz2zQn0!1eJR-7MDCrxI-hQAi ze|9`0N26A$g3xsDg`wy}ER(fUDZ}NxW?-0j-~WU-HDz!|Cy0L{_z?ICd^Urp02dgm z7Y+d&({PQz<6%Yy(Gest9EV529bz9MCl`$P-Sd>+!Q*k`7733*xRs()t5Xzy#Y0jvA(5+XLF+wdv1V^DB{B@0H#FQot#^px61;k?=)aSn5#O_NkgNNvr&-pM ztYBqTZ^bv=8tP?@kQP#8g`Rg=?>Akiubh2t#n&{O{31W@#Qm{)y26A9MC8+z#sbH# zL@&^J(JqI*CY#Z#ZFEfc&N{idc~_V5dv*_>FDGXpBp%({d7P6RRbQA|TesheiXRCd zGCG+l#a1z0whXmK#fGwmJagHeO!gHEf%~-4SvSqceYC%YP)h=hCMHcQP_O!YM3mS) zSL^9ve>*92bH4W>oHrZPTs7`K`TsA!Xuz}^r4?WJsW{Ry7G>PMf zt(Tm%byJb)aMqSG^Dm^5x!TV4RQ~C&*q>#av#IkBd71MmYL$4p+^;+*V$HrfPR7fN zI5oNPL(YLM5WfPDARe8PGEnc=eAjMAK-n&|(;X|d_3SB%$ym}xfo5qCh%2x$Uf#Xy z{=2azQO$M3@{p{5ceoKZZax3KCcz9!`bYxC<(B2D3l_Kc?|%OsLG;n_Fbp}T2swu2 z3Oxvt=tw(>OK_t~NohIOl-r*x2)a+fHg!oU2boI@wGSMC($O@A%~=xl;_Oz7aUJzz z1PdUx%vqA|IU{s$B1qr#%b)l`Af6c&m3~gWhwe897eOZ2(%Q&Jqb;~*BMUMvJdNJ! zoIXfVn41Ec)DaIMbsH#U?)xaDPLg4wx2|lCC*1S%0&W>53s%+6muD2e?VbW`&2rx= z(xqJ&oGHQVb7Qo(NAg>#5m!D6Gy8yeehRU!7xj%>wJG&Ig&3(w>#K)fL{2vKzDjoa zavQ|qy_UM`xzZl@r|Z-;X3xrYPwtLY4WFUWn5!tZbWKK(nHK+0U4jD{e7l`1{T+6j z-epWfY2}kc4m)2_$)pM4r_UKB)4USvZ*I1Rq%!J*x4?OLTJIIi*tnPtLbS^_^N*P( z_f-GT{^?m`GA4+Ek1q!K$!q{vCSY?W2a}G^vW_5lzx)CgOLyyrXDux=)igtTFQd1j zirva*&yv$tFXgw2oR$rOxtqIz}44jd)Hv3IH;`-Ue z#;)8g+j8LnF`w6GK{9CHkCkRQ&Go+JK`l9u^%amMgKbprUUCnO# z>_qE)Zoj?6AXfNJRmgYu*JZ!{oC183r>hkwgXLs4wlSRw?764s-_VcG`v>J5RZNng zLyN6ZAe&Qaam+(9M0n?GdZp%T+(^y(rZhAI+N(0=(67&JHk(b@LwIKcP;ub>Ju$H*p zhmVS?R-Z2gAF!r~53JOyLzZOI0i8Zz`P+9lk9(aTdBcI}tVf}Tu+u2FxI5T0j0A8} zXenFVpC8v!+529O8$&g%*MXeA0J?xrEvL9={i%c*q~sL4(aOyS9rj3w6B_gibL&p~#2jH6zms+J^$D)U&Tb~WIj%zE zzG>UH^4ai0LponZ+I-a&yV&kBq0+ilJpBgLQLZ+MIaZ*BNwCxQb&>}XjJieDuuI-$L`e92`zvv zLBMYIM|9!vA?SQwvdJROX`|!<`rGxA%WAr%;5zi$WpqA=DlPEhuxoL#wV(*n5}+*Q zzEyeQ#R28zAS>x7lq-mP$7`OO>oa4_%kgHz)-|6hG=o~Mtf%(|Cse)Mjxe+75e=sr zE3JD~_-Ql;*gf}%{P z*5TzOo%M9HC!c1dzhK4buHPQDfIupM()5vk^gj2|+38kS2<0XH0MlBt;X+?$fe!DIQ%)|(2sT`|Qkx*m?s8fB zfe_D7{JH+J=7P*zmD!X(mk_bR4MKToY3EEQ$DDmFqYcmRh2MypQ^f-(jLDhNp)(E9 zAbYfa`_T~=H!u1KWLi{6$l3}L3MQFY^Ce&KxIYj!-K=|4MH2LWwQX+EW5!U(qZe&T z{88jW!JlGd1wq3dg3ZGeCxkEb@ga5IpDm}v=|LLTX4;mPJvJq!13<%)s;Ug9>%QTR zu^VLb3jVNwa9YohqjZw$U3XU$3Rla+9EbUX=%XLcHrpkMA1#EC{NUO}r9H?tOGCS^ z1m!0zxPEBtBLPkTmi;X*z$NQPM*~Vf@6zygIW{{z!h^$VL_xL;;QquqAx;pi%~Xi1 zU+>L5n<+}Jb<%1};v3YZflVSI{ zb@CSSCwNkkTRV=`J{!)Hg=*4sH?ePZvyeEeT<+>zskv;m*4pKoId@U$DNb}_rkb9% zMr@R&+{nIPPpsoGu(md&eSQ9lmDaWH`1K~~L;tXWVQ8eT%{{yrDXZ?>-SEa18ZB|# z>L79=mo=8DED0qeRZ`M<^5}2ndaG{K(4f0`ZZ&SYr$&GaIlF5e5?^=~KR0RhCq{(4 zPCN)p7ZcMxpvKeVxMI>012d|-eP~f|Y>#Tjd_K<)p6YjA`G083|6cfyN&2SgAGMf* zLedMg$ASICT!sASMQ@LB{zEpEU#0uci~c9C`PrfRpXa;}F8<#>?7yG$f4-&%TiQzz z$ehMrqV&p2O0ps$^oD%>_jdmL;KOrERnavZ@RzG_OAz*d5)=9N5or@0Tzepr5*UoO zT4;dAcKqr<{jYb0(tp7=jUX$P1*DW9~fs(5|3`6BgkgG}n9Z0pdZ_!l>k;KSPSii#t{K(uv6jh_`1 z6egnziZcx^{^Se{*112)zh^jX^w9&o?XzoFz>UIr5@i|&7?z;n9_5=iVy)kN20$ZG zVelNL-r$erDhz42E+bf3g)gycm(oa*OG`>>o@=SFzh}h{7Y7f@dKVPL9|&Y(FTr!1 zc{4jYt`4_`6Ji|h^LFrh4?#G4?XvwNp=LTk?j@{~4OsHYt>YIQEj28Z0l(|Y6AHAO zzWwRn5(UlWOlb-KE!{~0brWEd`IJFBS9@YZH-FL5JN&(~eePcDswM5@g!iub*?*pN zfvx+Bm65S(^4sN7kU)h`HN`1$XoF*N8c9+I$Zt0x?kW6ddDol2U%?ZDIkH&D_l};P zklNa%S#sR29-}tX&JnTdNY%^)oEsmd|9W-Y73h6f252Njqtu5NO~>kwg29;8wltE% zUt(g6K=6}3nfoz(8US*SuI?`A@8ADczsHC5xN+CcOUr5nj9S{}Q>on@x~_MU!%Fp7 z$fVDoRLvFolxwzd+Q5!*5*{ZB@IwFb@p1Ezuzznq(oO2-BC1|9Fz|q*%$B=Z@dI&w z1*jrbGV0XvLu*f_-92vAH0GvheTNe&#+BM^wd9&THWco1qa~u5QUr{x4GrsAcxg{8 z_53LQi8?5T6<0lnYikk`ran)t8W>6ys#pDZx@>7_n?Ci_1!bkY>s!*d7`HbJZ#G!% zNT=gs5)yvb{O7Bjrd%x^wk-I32ntm^`_Hs|HFXaA-%knV|4)wO|Hwwb49>rw|5t3}}9UC4zuPJ8eTl zXb_;00$ehg$N4#N*u?O&D?%R-Gs6*TPd8PWAF@ONKE=a>HQRkCPiNuahy@MCfRX|< zJ0NFai30jm2uL@B-&m}Pz$a>GB+cxS5EGYF4AgjOXlfc-TB3gT_eTU2T)@o*UA26p zqoZ?$!KOxk)B?PDSv56$KzrT-WOC5V!k+C87j)NsFJb(;Mt(&8y_h)Y4(MNAjyhCS z1k}-bhSBy1E-v=1dd!f3uwRq2gv@%z*5QD>3eh)Zn)jY^0$pi7ew0NT{U|9-At)H( z^ooi%T6(0+V@ke9_h4k7{dc3sic?Cns&7!?^Bm zu)Cs=$7-A<@+R_%-`zg-yUxgQuxb$Tn;`G68e< zH4ymN7n}ebK7G9{+`k+QeUUhzYjb4>qCYa7gYbn1xUU9%bj-S1mvu3KyJ(Jc|mVFl(x~g zLHAYr#hQv6H;+Tj+S*oNbtGBSL+#P9Zjb^_qkVrAf+?P=mXpM2B`JOg9BwFh0gUz{bwk-vQ#^!YQy z*Vi}ZB^~hOQCl)#g+Yhs4WPEZb2%UeO6^Us*jn`-I1<#<4UOK%=cnCMLUcJfKGu zV2`c=!hVXNcR+b_YUdyW@)u$Mw`w&{CwAE>Y?~lncXwb*be+%$GR@BM>DeBBjx1h6 zc+;z|%IL^JA5(5BYrk{F5?83!`S)KJCvxVuK`robKrNuy5Z^?=yH%zFNr|D#ld$&CK|Ce4rzqiOFP3 z*3jVnR=uuZrY>gP2+HS~G)66Fx6{FrJ)9!b3_bkLrK{5yMk(0 z=rIKJ0EV4?u~xG+&ziMrf2(B??$@0y&mAlGtQ6&3_^hw(21XW>DO--SGTiR(nY-97 z^$qQ7UR}%`f&xbdw9x}}ERO`eC+N&zaB|%ov~uYI5+Su(3mi>O+t%Twbd=bMtKJI( zYh$t2Wr~;28AaAM3#EIHGW>35O0C)0OolfWE*C*Z%x@mfy9z)x4tjm!aAUgD&NsM6 z1FA4+7pMjAi!%Dl-BOT%g%BNG4sna@>06BV@4md6ZJvMec})Vn+-Ze>aqkqDacBs% z&G-UZq?-qY!JOI3vxu=&7DJ@d&0*>qJ9$Db+d)&^$j*g!(bj9^Uc0{zIB&I!;BC*m z)4{B{Sj`Q5M|3owEFb_)DSiT`Jm3?5Y{iPA1~xB^%;zqOfX#IDml)Azp_<$SL?-^S z1cy;0tW7NR_~3KoOoKjyQ22csXpnh)P=5~uc2)4dVCb1N9$0o*qbXbl9qHXF67?z@ zzS@&@Wj#^{3av_UhP=t&Vj^wT^eKFy`t8jfGrdvhLRX)GYL@l`#mO|ViYFe2i%)Rr z2l`~{kI%=rl}OvaB@$NdC}gT=SJ}?=w7A}u7v-SGAg(=gaB^A=3?2gvcXHrH>!^09fm}1PZ#;L* zZ1&_$Qk7Mv9=|ZO)`89CB1 zpq@;JyN+j)F|_&b_z}S+A5>JFaX=qLi%-#(nVQWQj_7EDMMMOisqg8!zdYW%2CP5r z@x(CbTud4Zbl;l;SN@>900yR6XGdyZS_(9CZ}BNkdc?Xr{*)S17U|aK>G6{%a}{Js z#Jh0U*U;eq+uibfXS;AWXM2(&A`QOBU+L3?0wV>tLsJ_YeaR^zJLwviGEPFze`{6} zuSxib8W{Nco+NzLsU1ibs5`Pr*YV=9Arx-)$9V}uDkr~RkRBtLb=SX!I2i?D}EoUknsc}LOS?IPg6p ztt;|jg;K`-UCvIse?m;0^A&#^@oW|>$mnHIphN`myMRLRa{eS557z z%wx70=K`6yAVA4S{7V)R8VY-W*L*YChA8}1&13!7n8LQQ{qF4<*Uui;cVA3caWSun zzJJH6J%+5sYH2M1urA+npjf4#oXs%T1~R3IY{tZtg0~3{ICLXFKBCg97G}7UJ{qr? zE*+#6Xji7-NZ~GT>`R{af1IApU7@6q(*b-H_pQv827zVAi~ZTYE@i0%woFv6 zV%Q`}Y@j9toH(_cA{lXBf?dz)FiX(`uZ>+C#Gw{R9`i@Amfg zbJhML(l&hxM~Te`DkiDco6z^JQx}DM^HnqBSGk`Gaicej+lAx=5kJ09lLXX(KIJ0W z+P(?68j#MrudlY(n^G~kV+|&nDpFvsVHWmB!G5Wg;QQ~N_1Yw4L4XJQ;~DKvu2_cB z1bc%GCAd9rUgI&POj5Z(av17IqmoBI$ys$HPXq9PyHlT%*B8KAF|8N;^_~Fn zFB8b-e`;0-Ma%w#wadF1#l5A<@CiCqW+yuz&;$6bQq5E0RIk zE(Ea1@c34f`x@_5QGh+i9!ds)01Wgof9T?QTsPU9Qw757O=W@c$HY+jdNQ#y`cPTj zL#Fl=)MD?={$XlCIN?@6=~DjU7IcF1_CpgqqWMHA5k!?SZEK*{5G4A)Pte7)*^GZ+ z1lBb^k_izNhe|cA;cBbTuR4+mU?U*LYh%lqVw)0U1b7T2CZ08V1?TH$Xw?(OMeU{W zw$8BS*g5tKKeYHhc}XuB95P`(k%fndf~)eA?&QhdY~2@O+smu|eQ}vYiCDZ{TD`~5 zq4`9{v`z04Lzog6nw?L1P31_a&ql>;v|bp`O%~4A;P!=E>VMU)4aHr9$>C*dX)rY3Hx1*~Io6gkBLmT!P{}=@4iHBp0n9l zCD%2AABUhSNa*yGn}ReijdBqd55HrXUY8LdSGG{*aD{7D!^$%d;_1dzQRIt1zmz@a z1sVr*eDsFV(Ds*P$~jZ*953B$RyWhB$sXKKd+PP&G4lh0yqDo4?%ylDVW!3NpZGVFPTi?EYV|fz|O8%g+ z)-MDAx-*4M*E%-EfKt18OiU-7bzvXdxETRjJtK|z326NGhAyvutacr5Q8*n zPTAA>Lc$c!>jX*uPbUu8m~PiMYx~Kl$PyCwQ9=BMfIy+pB>4i-H)r=_X=whOXs#X^ zHc4#mYz6Q$oWmoZh+wV_z9l%bnbm!dOFdnUfdN+gEH_S`q&Hp0TS~5zAX{t>EMl-^ zJMWf{q18?NzCjyBXA4!KPcV+V(rL1bphUhH-S@ed4ozTW)oHM6}^_q(nM)+7#60I~`5kT#xL+@?7rJ=9dsP{+W|0w8N$Lm3z-JEmKq5 zbeiKqA`Bx=sv5Pw4sO?1jvK4)kmpDUG8(Q%13~04cJGfiatOUHH|l3lWuo1d`#o}M zTlX%s=ad1EPzVqk18S(B?M`Jvf9 z|00ZpCuRfH6kCb=D}XbApCr~>hSM9{xeJhZuUe%WV@@PluS2SB5r4zzElIgCbtI|5 zMc#h4J|Q4F{gj)Uq)$3W^+xuV9lVht;5;Hxp--`nyRuQM{0baiQq|vIKSE(?WA{7Y zF&-zQ-`&!qyd-$BsU6?wb@%&I77`uaV8$?Vy50Jew^prN8lVo#!Qo-9m=hj2yqz-- zN5Nr;qB$uj5GTR+QIm`FmY z>uLT4XGlRI7nRNAyt;Xw533Oao}D2e`xPP$zQhM{OV1pFpy6p$zxo3kbaPaC?)D~m ziln5nyc-no07YSG__2^L3Y-$azxW(>+*)5{{YyVIUP9fIduhV_{h7)RnP~vc`1(L%PgX&M5opCYU4WNA9zF=id z>lfR{fO#Rh+rQUPS63|lNVh4MF74oe6|U+0sYL938a5yXuh#4PJp~*mkn4o;8UQQM ztH|(s0>*GH8+ECx9fjNjyieUe;4ggm5CkjNl2-UWZlE@=B-1f57TMgu(ZT|Kq1kFj zIzZAIbny;m#d(llMg8+1dPyXRL;buyO$1(n^4^g$QK zh3N#dS*`-f6@xd4+^!P{`?oD=BruvRleiow9W50M3a5F3Z({^l?LM`ssrQEq(K!qY zU(2O7`Fi~%?%qjCI%IFOib*j$Zg8fgXqOjY3_9{Le0U<0ANxbk?kSs!k1L!v%Cfz(Jwb zgJJXTgc6i!K(+s*HnI{36<#DYcYrTdZoM{ZwN~fR>jkKoW{Xwj&>yh0;`&lqWjQtX zuk|Gl8JA$C#m_BPx{81ugm{bY;Bl)^Y9Ui)tJQ9sBZq)5vH0!c$S8D=$zL{?^zn z4lIS~?7va#!f}$-h7}fCXIrc6@kjWJZDzZj^S&te9z3PBefO$UGS(32B7oyJN|HS~ z@pmMiZBCv{)#;oZBK-`q?~{z0J%IQ7wAr4ddEOnyjQ`>vVstAQh3N`NLMT~%%0J!y zo|x=r-?I|}lP#(8O? zWkp}^llX3AHH$_wmloof^YGOt&Fcvcn*QQ=uvU{BsqUjz#laaZ@Ukg9_Azf9bFfKp zgh#N9VRh!XIF-9nwOLTz2DF=C;)67${DqbZA53=-!2UGcFt~4-BVwR0OFb2+v9 zJhmOgerzziP%s4uXRvM~6wup3XX>&}O~0k3$)36}C3oF6E#?vgULKN{e8P0Nxhgfg zP|AMbPC^gx65Ew6Hn}DRwE0uuz}@asza(NU*;588R4H&MuGX7PGR@bL3~ghIevtXt zIX4vvHg>tw;&Z{PGs^&9Ze`7fQ;jbJTJj z0ONh&1d&ah-;*{Inig0YZsYaiZy0E8=5FJ}X*Cm3LKlDKyu`@r>YV%~HkKn?qY8N$ z7|#mJBY3~XgH}M62dpo*W7GwCqUyW>K} zQo5h&@#sZ!*kc-JC0&Wp0Xx_b19F+-e`?ib098`Bn~Gx^XeN@U3XRMjtMSiV(96At zt~VrR#|wJ^$p%L28?=l+)tC$LV%a9~UZJ3HoiLxr@O)u3*B zyrB<_eieCpz6zv6iH#P>s9dB!w5N1n{up3Yh~2%#TZAQOxYrj%^_pYIl3Zf<_?zUb zyW8NsnbO4LC1?hd7HpFq%`cq~CyY4&-;+q|VWZU;w&P5=x_JQC0>m?GZMHcCEH;Ed z8MM0PzYF`AAx4{qxpHh!((~NgHl( z_Ec+riVVk^;Py9XIKmeg8MR((t4e3JYQqzMduism&}~(o!9Q=nkg7KViDQ0 z`773TCR`!nhT@XSxgHDvo(TJk{+_C+G*1R_63*_t?+pZo3q-t#ZPBj=oEqW5A33t< zl=N2$(g9a)D!vGoqe?Rcgg5yDC!R@0-46~9-_5UQjZxWXJ%C&qgo9rM=D6f@?4`;L z-on&F_Xn>4dRDJ>8xrNA0*URqb7=Q?W1UB8K(^1)Zkbg@$qy%gTF`?4+v6G@99o&z zV60zsy(0ZGu_1tfvUraK6V-N<4-&o4*&o6PAoCG}AbY=VJnsYNg&B;);zukVjbz=)+*N<@@D% z72bSz0W&9=%?H#B4Eq`00a(VgB@QFRz;%9@D-sx-Y#hnLIkqniOD=sq_8j8d1uNi5 zg7#%dS7XONfIev*M=H{K* z9Q|yKF70`52*M+Uq*bG8j~&OXu7U83Y{&GiPBuT_^#Q?Ar0Bsfxv4Xc6$E^sYq)$ii#%(0S}kx|C(a>*gW( zuFf{z+yV{LowcCA8h`eYLC0D#efxKhRdr}sO?!UfE(`D&D1?!wvP%F)M5U$KBsCpC zt$AH@y64EsfO2Rjj_!m1j}#!$galn!WZ4GKrC2&d7^*N7&xIzw^t3dJIhsEhPXs zJdy7l?2T!u($S5pwXs?-p;&-C1uXLCFlv7~+`-N9Qp(p<9cu@P(X<>ppK8TP4tyjV zEa#{I*y`#Sp{#K}r22qLGGW`+nkzN?iSGSYS9&dp-xtLno^p9roNTrxH$Zg7qsq#Ae_{GY71sG}AYrtQ-u8jiFTyCg`tTPNpk1pFw4sG`@~l+gm72{CdS55=$$0;0333wO=u# zIE^ku^wB_M)4sWxe&%y@dHzfpMQ6WJL!=MsL3)PX#ZD@*Kuu)m*0A2;@_RtMW>x-* z3rjli9~=w;fY@>3U(Wib2^>apK!9KL5?Vvs2NAtnqaxd@)YU9H0Op1O8cO6a=3iLy zik!NA0lz%uU4I3gmH^L<2SjUl0@p97xHRH{;uAp;AwP_2`|w{NQH5WJ^a^jw*Z}l3kJF+v9%JvQ}gJqftfQOgvBNTOD+ti(L?+I=dATQC2l3vpH+hmf@7Qs0| ze3BUFyz_v>vBPd~7{LJY7kw&40k8;;R(GaAZ_+h-%V-CF>+i-OAkrW8{2e6oM1RR3 zpTvLdH$Z6D?@DZZc`>MkUhf;Ki6$Z$ci(SdL2=^74iu@Sl!0XiBYRfZOIfGcYpZd7 zgw8}XdXX^FCg75S@T^`!)`G(VlaefAc00fD{-cJDoawxu#cW|dQnL4V}G9*A4;%=3}c!<`TY;ZPYr zBbRF=eY))Q?2KZeinn(LgW~Xs&4X3Sc7vKKZN+Pcu+o3aE=5YYJV@3@Hi7yvp3oRZD+xT(#3o=rpO?CT`RO<0@lzQgodFYZOT*QN)4RL%GHYBOB$V|J7Iq{ zu$ucsO)Wqier6o>gBqNmNTvHtrsKgaKNz4B_5dxHe!9;wz7wy`LK@Vi;CSP2 z7N2R79Yi$V{egE8v-IRlgRUk)GEd9~7uNXBLXcK}Qt%Vz%YTkQ-KY!gN{oOT#f zOqe0Q(&<6yy`tfXNmQ#s#GC3 zoI1TSla>9xwuRd3zU777=fsZrdp8Y7gf08?=Fk;?ESXz}Tb#V<3C zcxA#tEp(t&&?7$It;e>2-CK&tK;hg^5D41-V!$SYMr*aU#28ebIzmq^k`vbcLs0vQ zbErG5OKPxj<-VS=%6&Jx#7L%xH?BfJ!e1%;o-zj zZ`;1f7q5CqVioC1aau?6Iig(G&fu#*Y~*}+-L{i{segQONIL+rRUL*4Pj*w`VLSV! zZY%QkWvhquy$o6@FkXNd>j80qf z<1I!jHIv?9uww$74<>K`aZPN`B+EZLIMX*vc;DZBAW8pgdwRq8 z13kT+*|3V&eebQ?{zS(1-#L7mkMW4F<3w=WC60&I>Ce)F8)18g#VtOn!%S=;Wg`*5|kc;z5<0J*ig;w-p$WpnWfO)y^RPI>32csZxo zG!LAd2>+i^^~mwHz)XZDuhVkzp~eq&F1u|*&Bn8`c}OA4P95@h4G%<4yAybrc((eF zxuI&MCa5~87rc-k1$)EVmCkvGVIRvEJ0fo**37(UalOvoJV&Bzy0a5bEo>~Pc?v!; z>bqNMALAN2LAdxBwCtzI!yha^a9`mVA+HI1U!PM=v^}=)TDDS6aiXh~w5K;CV@Im+ zp-UP*{vY`J`^HyHQTmHN<=`Mwir>?&?uuno!^tUiJDG@@#HMf=w`bc33~vxyo|{~G z?GNL0g-?jRDKjuy7z6i8?X&MG+R;@*4X1ufm4dDdY53F6QYI3Ee%INX zPe0|0O!1e^7Y?Px&GR{JjAV8ic=GGDj<1exKpb>`WV|1l(3ytU#hpO*g%$*Y5D+0g z7m<3bpjeC&$%Xgys5kG$)l~A~>P_YA9%I&;S}x%^S#4=HuSsJ~AGL6RI1nI$>Xn$H z;t}}{&A`4IjLeloAVP?NnKFT&@t}K>{>05TccjIG-jU58-gA7*ip9A>C-Gm)X#IwR zlhpLbtEWDe45D|*l)OAKig$5NY)3Yt5JDrY~n zx$d~twb;})=a26YK_Odm$(}=#JzrT?dMq6t=_n^ia^o~CC2JoTcn+3_jL0jJxB$wg z=fmv7iDe+i1}^HQD*h{o*g9AJj=r?z$B$B+1JBw^i1f{rPl@v>;qxP(BLW!d(A;se zU5{CBFrJK(<2r=qm8$U&U#PsA9eT6X9jQ>Ewy{U^E-d6un#LqA zJOm;FpJak<_$x=JkhA;Fl&bPI61c?aCvBz86ebIBJxV?L#@31}g6i_*2ALGgBjcz9 zT%&n|EUFxtbeI$LP5XT0tjB0i;Dxg;Ng)Zjo*{Ar-shi07%= z_WbPl%HhWzwZjlKffI%YQR+6dS8q!wC!zN=tfOOgf(OqRZ-4ye9+m? z>0Dl#e~+mn1D5BErGAVF)_5d;cf*7Y6-R1wZP47%?%InO*xyz>DLlQ|-%#f5bI9l4 zN9{H7@d&B1p=;!=A3oMShp3gVlQdlHeCl{F_D)6XD_GkE7L!*hKF63uz}lhQ2S&8* zYjW8!T(gp<{$XA{5`Iq1nLYYIn}zk5D)7u87_rJ3;UBuZD--6-~%l@0hIsNroDQ(LRxY`NIXd_ErA(%XtEzdFbf z;C|^%@SyFv+FeN}PeErQij8?MoBpN!6$Xku|9Ul(pdn~$NI}>2S)Y<_pA3gIpzZdO zd2Q)*Wu^g<^d8=M;8!B-Fi1Tsl_O}A_^F({WO8x9X2uP9wR=(6E!bto{4Rfl0{HFA z!;QqM=HsO|+)lih3>uaC|M~9sCM_lMe=InH_(?5hUFeO-z#X_c2LeAv9|A9I0#!1* z<_>+}@v6JB_bIz%MXFmKo}$l1-XdPhInx_b53@SQg8sW~h=+64qhz=Eu?o*JM}P_7 z`xC?DNP&TJyfU>5+s*~~_(C7vD@{!}I{ErcrQvwofhZW+n)gY|MB$0XrTIqxQx%SS zpL$ts(mh9xc!;EOUbmq5tCt369pE0lCf|pL#RL`)NL9ftl0V|* zpPmIjLoWhw8%EG4a~Gig@4{(17xFM;@;E0$3HGlTeaKZMD=3{=Y_`n01qax#Rqv|Z zIgTu+wEIvNszvy)(kll{+tJ}HHl_qxhMcEd!|Ci3;@NT>TwDeAV=I-dDJv=pkCcbv zu#VKQ48_*@9zr$CDqc~R%_bO*3 z?7(Oh>rI%3GXGTN13&=-z#C5He4QK)QOhj4Mq0dZtG6#o=XS$z+5{4_=RFzddfMkY{{bOL$Tp2Q|;0+eT{p{L$=_mR`E+TJU z_RdjP9SL;;(=SvMd6LU58NgI>lVXL9VRnDg&88xY21gPD~%JCjeS3P%B5ojAt#eIAuKB<9mv?I7uO3!V2Nl+@M|j5qTg!$D#tucae( zfmg1{EruQK6mA~`GOs4WMTUDjy{Y1-GxdHiz{N+1AjWy>#)AP?W7TaMdgZ$ROd`>9pBLl4>$Rhc%93Et6)TBC$0aV=@$btmkF?~EV1C{qmuh=J~QsGBJ#1fg2YSC zCuSe~_dyB^*ui%e=Ff`b3gIA=oGx!^7}*E=?(CZLRT-CUy*hPQu7^^?+iHXtFnl&+ z%&)&=u2HS|4L2i0jEonJ5U?>VScTL!KaroZi z1gFN+O(f%+VSC<2jT>W^lfV0EQn5ZeA?BY(Jfis4_@JQQAqPWX(}E^4_UC>6)MHRsGb?0T-#8k=9jP1d$dJ>929o9rgV_zFIz=$oBR`Ck(Lp za&HgJ&rQYUdp%8bVzk9z_fSFaowdEidZE|23SQ?Uo^Gx~Mj%|ia#&!(kfLYyR`PMO z(IL}rNG<(4H_T!(Djh~F6drzyz8s_f{{7da=Ipf(cQu=q>~`j6JEIph%hwBWjaP?z z!B>|t^54`xWQZdCXr)kPDNbAUmn$^F^EJ4wLCEFA%WZ6HjojzN@ zlXFfHxOv_If~lj;@saHj(^pN`_FRHGwWMT?x3&$Vg&YOeR`MEoz9VKG1=Wv%MFO{F z_Q63Ar$YhAoJi)MlF~r)+-+?NPfDob;pJ$#At8rZx814l zuj15Ns!NZnP*3O2Z7iP6ueFs?{jPYun=xzQ{B&V96W~7lqr!4`2t_ArZFv{{BiDq$bGv znr1KObuCm@j$aUQzy>|eq&o`_L3&OU4(8aNk^#{sJUPLHYJW5nov|ZbOveQmOy`K; z4P6I=5lB!u6T`taPt$m!db@*8o%L{GmY16wwNYbEreZR7MUA6lZgkCb$od(am zNZn;~vyA=cBJ(Wj6%p{bIqY)rJHAp>pl^3A3c$Yh``8IrmqH9G8EV49IhEN>wIu=o z%IJKqo{2r(CJp+0@I}sx0YGk2ZzPrJ&1EGr5QF&e5#(<{>OIhuWi^y1dLvCwabso2 zt*rL{lpnt0WCVgX?k;fbU_VbAU^grIe6(@F9qJaRe2{)UBpzTm8`DbXe=6BY3V^pP|w&2{zbTlHGHY~$Lci(A2!>G&SOK^7TdL{pdz zhNxHuKc$7I^0NSqCjm~5i7cikcsS@xPO{xr_|Q?Eb4y3HY3aEmNjtl1vWQ(dHxlsj%rfCT1;rfV;QW>6d-nBg>I30z`c5F_Jq^B9NztZRd(j_P`%#+AF?l5 zvSkTlsSqNREe0)o$Y^LRDcLfX>|2CT2}QD$Eu<`AWG(wABvQnLd}QA%d$Nt+x#RQs z|M#6&uUGfw-kJN{^PJ~A=RD6n=Y7g=fKM(Cp7MUniv0Di5vId+y11Izj`le3<5aei zpCMLjkkVNw9B0(9|7Z>A8gAPu85{w=?eIugj>Q!5HN0{nmwm*9}r>Womd`ZSp zn-9DcLRCcnb^j{D3I-#G0<+h^KrY~2_ya>|MK9~BgsI#qoo z?xD|>ko%=OYVSV3XFlylrZUNY94T6$gLG*o)n~<3&57CBsGk!@?*}Xf7cK*+$1(Kg3F9ui+P+l%PznjMjS~$={3g(JsAO5 z8w6f2vmYzO6{5^E6u5R%G;1A;0J$N(G49bLBu8r`HtL;?y>0ZTp?%$125d0o>A<0I zAvTDtIH*_3-H5oevC> zzrn+=>?z0AG&DN&g_l)8CG5>9wU^YP;C*+l;;ia|I2ey(&)ti?bM8n)$V;P{?g3%u zsd_4aJMi3xAT3U2n~MzyH3)|8-3ONg zpQVSWoLG12EJQtoWr4PH7j(v2Xwn|Ww!TR@!az$+^JgokCgiY8$`+lKl@x1Llk)T`8y#KZ46-QKdiaU#KixTSy*G~|qz!Q} z8T{qzRphp0pQ<=pxMCI-&Wm$iWS~RknnXduYICOAU7ssKq2=W`JpNpFZz1i|z>0{M zmkds<{noxHm#Lpn@hr*5ygqoI&h2^b2rM?cy|8YHE$8~D^KC5TY~=t9aOT%AgdipLfUpLhec|qC>Y~(!<>VA*>_xBbp@GO`dlkd2D zILFWxyTLoz;m%@yC)_>s_9fpTmX_VcTh(c<;PfTzTGr!JgL&WhEr^^}p$|A^KDk>T zU7P08c0anSzmBoCwzjL*{9+8>7vav~Tl)ZO6{aOJ!ls0T1u$>NA2_LwDd`iFSmLCn zR<-^4ltfZkHERJvAtdPOe$LP^9Q5?^f}Q6Fu%B&Zc<*nrYpT1LhS0SrKGw9$qhnwB zWLX8W>Z4)qeA_fo!2#C8czA%@#Gr#PutS83trHHzdbd7Zo|x2BXKX(MM-Y8zV{NFc z1l~R|x<$7>A35bkre$MelRc}e`=@ODX0Sz7(eJGF^O^K)?-p}_^@H3$H8nadO>kmr zYRu@HMDy80+D1nEmseIGh`nPhej8H2Tz>oj>i9N<;T1>!HE{d9^FEW zvq++M7lox(D)nk9S6k=13hDc$5;+^g&!f4QIeSWB4U^9%XmMc--DYqf`Ay94ksAR~ zED{n5kK63n4VsA+72#mUA^CZ9>>pGHt3WoS-njev-YG1UhD6H#x>Oh%GfULe+W^)H zi*^*l$DEDfS7KU_v%=eA7RDhNqOqlg7AQF-#2sK#wsmyeoR~PwHvL6bOl_+vs;lni z2AEVfBTtu~SDhVq2Zw!s6Dup^8l)B{5;BG_7LvLMy_4g`CyWaX48zRwaauXDdgnbj zxFjYIYrICc*|Ql1O-Lx@DG>nL2zTO!oQvx-bJVkG8NOqMy5+=;Gk!5X3#?vXM>;?!aB9d>rx*03>8Bc0~V4Zr4irU_%ht zs@IO+Bjf`d82IJf>k8)4XOCSerPdZZLu99TNZ`Hpbfz3n*AvM;-Q3-?R~&)jt00H} z(*aAp3>Bp!0mV6^93fuX|N8)GIOX#{9$*bkKt8Qf?8uij#4L)wGH7*-7~l+HL(Iur zRfri<33YW>WAaD@F%)aK999WJJSG0vJCPztg^s{8C-{-S`oJsi`XqwV-sKUFzAe0{ z6PTpi3?%!|8`d5k9_bsqPg7IHR8{$b@nt`LfF#n=(gNYIttdl??R7S{@3kM+L(sj| z-=mb4cN&PqE*33OM&WxScS~||#2~M{e^FQ0Ck8Lm3h-fb z26Uk8gy$O?Em5FInF=DNw|;gW#F~ z_4IKcitb7_VYMazsCLIYD6qrTb$bT~j0n4(Jp7(q0Py($n`h35$O^r^BVC`Ho7)F1 zE8xumdXpJ}ASJygU=;~T$pV}d$sT@jZu%N*;TP`xp33EFcWwF+CPWxeYKGHmW7(ed z-!HAg+wVXRlc0_JIARb%s7hMM1@gMme`nzoZTvYL^|O?wV{QMOJ zg;qYb>F;SwI^_Hcg_c3QKzeK?dzzo0U&>Jexxqd1+kgJC0^u`bHFFf9^=sZTva&|m z-R_=_h%mAnq=0jkl$3OsY6fQ9f)aE-E>KKaIVq8%Sew!N52@!Jk&^nhGNX)0`CLBk z*M3IE?$>)5%8(4BmpXQK&)FNX$XTO8(y#uyn^m8#PYCW6@(D2myqY-Yd8trAM5GH( zjb2IvU+urfJqI>Yo}Iz~Tf^`tMBVdAbD2PKYB^ZE*LWHLWkJOSuka?~-KJy)r580T zpCN@@(cO2i^{07&Y8a*Kd9Y!A3WSfV8{%T1xdd=#Jf*L*PZI;z2mx4Zcc1CddpIBa z!R~cQ-z#&me;aT}PEqjyfEiKlq0l)~1DWtXd$sRR{(t+950G~xCYsxwr~<*mN3KTQ zD^RM_5{cvC<=tWvQpGiUQlxJxp4-ti3JmE(B1xeck}wyJmh zTi~&?w^|xX)Dd|O?4dAZMUeQ=}< zJz`2oKA`D*DsE{7;Qa}P9)7?)!F?s0ACqfxYzTgU46G~}I^@Ez`QOE|J@adasjSF3 z!2vBG3}e8Q76MBCx7gVSTxEiY0m5CHoSwG*^87p@62n3BZ1LgmY3?iN-n^!*Oh9ud zw>CEu`6$;p9T z`8X**ltjp!;8T0C0`r(Nw%KQL4mvnF&3*$SxFl?>q0t43?d|RIF8%U)+S*NmIo&CX zj>7K~9J2XSf(`WbC68Txi%X4JyJ%YUJ5TZu$B7DW|+%Smfh=Q;FEZSWBOo@~8xn#o(lTme+(F$$hLuGb0&dIpqs5Y9@i9Xa+v$fWl=pWFbt*P99I%UGx$m4;nr>ua009!pYwho}wUbU3D zh~!VG;D>k!$HT={Thcf0x06174NR%fszs5qxU#aZL#nc?%u{98_WKmU#oEjB$vb@! zH--0yITH1ib{8~-OISEahpJ4aOdIkqzLY9~VkCP)j;-)ty5{Qb?Ok9coB2m3;~_M| z_tZ<1{1^KLl>bUhOl;0d(13TdU4P zDcD6oN>A|d99OL;@Q#BVBq1u3CewNemC)$4sf=MX~_Go5#0u zC(lHE61UcJS&$nHzJgpZ;E$k8hATn>ef{iN=$@1b^Dx!40>D)oCuO?eC=>|xj&Lg1 zQFja%ED;Yge(1VF@i|XX=g<3k8(Fr?=!$9_GXvhYLV|z>t z%U+`kVuf%0X@bHLX=4y56r;w-`F*2&SF%+x;+%DEPEH&4?(RhUmqzJ$c0`K;ZD77g zlD%ATx#3oDm`VN*Mv$V-e)G%{+~bkDk1uYR<3=bSw&ov3dEPe9|~@Ua0IfU7~kG^Gch(!{zxXrtOn zR+!=0L_n?VXaA@<$-@Bh-KVLk=?Yv~8&hb68AbMFEFcM6|16CgDDihXN+r%+M72(@ zeSB55z+so1RfKJDAP#$Fp288C$>cyXLedZtQ=PEF0O{{3r`T9r} z)Uc?g|03$=-e=pt|IpKf1Th8{7O>4hmdL!4?KuAX=OCZ5OA12?YYmDsK#b-vT#&=37Ofu{dX`0!1FlP~HZL+MI*koTNPCBb#$;oA2Z{Q;?N9 z(;mP!C}s%r=h_I0Yua6)~#Ewko7>0tXHpCEUVm_RMm^#3+cmR5)IWd@)m$ zBTBbS58eF*jCM4S4F2lm!oueQWYChd!OHj72iJH2@fPNkM7)WK0_b63$QLw&&E&*G>91U;`ZN{8~YR1{oQN^^#tYK_&G8a72*RwFT1Hg1OO2i{lFOY*p z0bo|b3e&3-;^NKE`sSHW@OSc5Sk$p9{g{(QdQ6TJrE%=ovAfU#qbNbpSTi0zzUz<_ z>iB14!^27*=>qE?Piw$WKIt_T^K0TmLIG6oV0Lz%Hvl)ehLuj|oGU{O42ad*H~aht zT3cT{eDfyYnSQRPm!IFI3fDoiuHwsT^8o(MI-el9xVRV!b#@Ao%7_t;J@%(mRCr6UvGo(tZ9yhnxVeoEi5Xl zh{Q$G{F)(7Dlyvl$cb-*gU*nT%mU$&gRieIwX?Hxj`0yLOG`@uT57672-bCJdcI&B zKrQaPh7Ux8uqZPJa{CBFBvRqYU+DOAk2#|zio37ZiY9k_PEJg`Oy^G9cnsD0*5oiK zO@W&rs+WEQPkv9=_^zX|5|skWG578r`cRMRofNI)(_#$0iDE)cBoAMj-Z_op>Rw8w SC2^wQb6(F#w-|Hv_WuEmua`Ce literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/secondary-normal-intercept.png b/versioned_docs/version-2.21/images/secondary-normal-intercept.png new file mode 100644 index 0000000000000000000000000000000000000000..8cad6648efc25a003f8ee08dc99ef4f3650444da GIT binary patch literal 54908 zcmb5VbyQXB8!b$zD4ZKj5Ac&d&T=cG3R{d3VbOqc^91o9SI5PuG9-LMIMBiz>tA3d} zh!$Y=Y~j`s*1HE7S1|;xj@-*fRtkbml!M|nyy&FdSk1X;a$q9alW+x>lj<$k+1D}We_rqrjNJvyjQew|vJB@8jI@;k4op##0_#SqIWR&2H{bt(fSidEDa6mx7 zi%MPZ$5a#nH`q|$`Yv9NGTorrqufLOiIT0Usfn7LoE(&!lXFH-Pw$+al@-rIAQPFC zr2ci(ypMw<)PW$FzISSB%GfAZJr2%w`X5fll}(&;%fQDeI?UKO6g@0epg-6)7S?`T`wqOq)OPf&SzIi)wP zw1>EuW!lbP>-X=SIRyn9MEjC?@3N|uTboW)m*~MMt!-=+KmNPf=XdVhxj0)dG9M|X zHkquoH+ld5{hhb@_V0Cd=WyPoMQUS51cC&oRCdJB?21` zXH0TIm*^N~2g}f=&0(yYtMFVku>PGp|^)qrdglvEn>jkXBNC&r=fZSR~C>;CL<#|<9qrv zXB>tF-pw4-!w4|hQ zva(SPvmYPt#1gQoJwPlA&5x8?QFiS{0lkr8oxrZHE>b=C3JM`b%zoLhIvov9@gpKk z_mt%1w@pW5X5#QQ{fDZhS)c!X*YS$R#7HtvF?-|eV0HdJF0RtTNQqt%3ij&is{fxo zW}5KG50;je%oi6IC`&yF^EmhKr$cZ-c)9btop8X@g<;&iD~Lx*I_`b#6!wn3iRJ^W z2BD;62l00Oe%StZZ`9CRKF^jj{akK zn2?>Fz2Oeco{Ef&%zTuBkW>nnfwZooq9RuQ&{+z^*C~7af0L+a6h6A29}Q&7 z#GQ5 z<0RuWMp^6CEI&53<@BC>Y;0kJxe9vRNw45bx2wqIx!|75 zIrZA<;3&UQnGp+*&G_``(|TR51cq-aB|kJ8T5_lrOAQBY8vP8Z{t6tiB$F1W1z&Nd$_56sGq4otb9zuK@zPYkv#6V_DT@DJUqESP8m`AaM4639T0v7GeYuu%7+gnyh2> z#UOkO2}to$SCj<^AwOx+4 z2}}v0GJi*q)LT5&7_enMT2Pt}VFCY?!UAsAzkgAlQKW zdZ$&(CNky>sPyr}u7dZYL|5;X6l1 zhLDCx$$a)fh`7pAVl*8tv~YEws&^)a1%YzucD`AKh}u3`QeNmXw6nEU*US*{b?J^{=gI$E7SMV5 z-oYW~Wrj#)8YJ@0-ri>sU-bH&9~hOZpX8IDB5M?wx|BV9^HqOr>11~vk4ceECgR(M z7BkHrU6~5YH`TKC-w@dCl3`@36p*U-iXTD&sxw%go7=O8w=yYw3I01&pSWrm^IZ}Q*X#iA6d zr(VTsh=9J4hUUU-@)!xSGR|Ofw9M#{#r)=`oQjG{ z>}Fy39Rh6Uv8Q}|rBI<|;JFj)s;gxs^*qEs@(c5xcMcC%O^#KVv97JL(ClrWPG4X7 zM@8XIyC0Ji6DN?e#IkGOdsd)Uf#kH5V00TDeGV#ELS?t5kPdc4Zr)8NXjX=llxc;1 zeSO=A=TbhSWk^}wTOBM(uu3vJ@PjbN1UC>wRN zgB+kZTpw0`3>otwBm@&s2z2is9UaT5TBO+6&5(y(ot^3WU6Bc2#it)IF$GT6IpR`M zDnKFH-P@Z3wBY3IJiE5`mFKxwswpXtbB`e8C1wv$>t zeL#k2AbVLvf-ZJz(5SH5T3i1h{oZmEK0?p#obMkRvNweFU6+gJXddm8?=MI6(uJ;9 zPy)|;lXzUkBqUsNa&j!iSRwBUmTjQMY-Wi1vyAoX7KHg7wM|6%_^B1BXI=YpWP6eVp~x z#p%&^mp_}T3xUg)B`S@HkBq`_v=JTJ*)(330otKnr3%YFG9gqBf!(2$rjY!bp?oSri^qU|(TSVu3{MqHA>j0@ zZAz=Z@ZSQj#v~`pLQ2ok($FL#k3%!+#BJ#t8anh3#AQ6gW7pCcxc~2ri37%T3aJ8N zsn zAs&SH3PKGIB%fw4i0=8n1?t_?d56ldq2c}vaJRgqPfW93Al4$_Q_bP9ZVBEk(@f}S z6vycO!NO-NnIeFB6eIW$7m6Sq86BP7*w`p`+@3;_l9IxB0}H?Vrf+c2c9_!hLdU_{ z`sIJuvyA-o$*ZZ!Q&&SngLp;(u|d1@kj~Yf*H>ZEZcxL-#7d30lU9fF;|9#Ru@Dg! zP9I!Ww(kqrAl}{04e##1ORC?#b0AnJ+Jp`fIE9Ct14xNa{2#lbHq5aN--5O zGBQ#xBCm+`Vry|xZ>?rZy_4OJsaNy-2A zcj4aL{5+FN@jDwEn^G+6n-v#9J5OatCNrG(msbCGuUlblx)~0eV|n_6hpJsgowPqE zCodQ8k@Lm>?=p46HMT}^WV|*9&n8pFDKL0})%5xM`SJ1c^D~nmf|kaSiJO~1Sh#5+ zIy#!{84Y5uvYvc{SSG%Tyh zj?|8j)NpZe@i{wOH&gk5*u747<6r6C&CSgjHSHHc0%Ln>EV07Li2h>jqRLu+?t-Aj`Q6T zay~p(L_C<;hY#b;7%y^n|Y`UT>l+l?O+JXFjIkcv3DCS55T%73J@^75wW z0%z%U>z%21j_2N=&}y%NP{p%1o`^KxpWRJVuQDGk4gbT7&#pC5uG4a>>EOUF6m~xv z@L}vjmEv@vxPSYL<(-z6HUOJ`HE-|!LU$Zi=Dc${M#1lor429K|#S>L|n+4ntrVVD2_;2|F{dN-!4F9oLd1is@N=aW;{cz zc!0nS;J8#zo(uuE>ZE00W$kSS9`?Vzx-H9qYhq#&2Go;+Rf3(t?%=H_b^)w_2p6-vAZqJ?>MrUG5>p}{)$@+l8BwS&(F_)^M9ZH ziL?PR5+I;2`QgI|4pC>q{<2lw#O9Gb@rPS0SYf>CIfNrG})~-9+zyNyhnVl+@KrpB|I10AB_#;^IV1ffe_;B6;2yx z7sUtKLdoRh_}1y;{M#JwXGMO0JJ#m!+t`rJa69c>oz3tH>J&Cz=#0Q5d-|!uZ1^FO zT;RabiFj;i?MLD_xW`M zO_pjwYg@U-2|>08&4K{ zlU9jdadINX%Q29VlaS zPO@cGdJKQ!v!`0PSzc%=Dk||h?a{rza|e%A<-Rs$n(TRSU@+|y*1KNu)lWamG6+me zaBZ@43#IBcH`CG4&u*-|7@cc-U!lTf5tSG#;U>Vsn72?p zQ+Zofi#aAVHS=D6zHwBQkj78P5+dA}T(h`am{ydMLS9IKf%wp=Oxy#huu3~_$ zNF+R#J?){Sqa}K1_G^D$y|cv5k7861`X!{Hsku5?$J5x@i2enUKF%Xrn|}g#Wa36_ zPdF&$)B56{`&5sAP`wm7@oLGHAB}y(_9n=Kod36N>utZ|)s`J0cO<9H`S4SRmRlaF z{BfoR-6$_}-Y}z}6B_;sX6Ks846n8peO_RcuWWSHK{+1zLkE|k_{5*mSgVSyTj+YC zQWJKiLfb6@qFj~3fyIJ^yMB{bQbL?_B}zf1&LFs;yJTQ0m8~~vfAm*IB^}PY`MwlP za^cjbzSIiVviM%ijjm>hSH3bDkemP^~k-_)Ds$Oco+hTVdW+%`@G)sy4jK z>g`?bd};4eVb&36)pYke+F%Z+eHRYmK?eqNcGnx-E8Q3Nj|`W-y!w-`=$nL*c=zN) z?`Yze;_S-Iv$Uhl)1AZN_Z(N(X)|M!wX?>L_e_`j>V*t3LBw#Xt;0Q-4`2Juws%8X zT3Yw=>=4R7kZwwD%Zbk4*)lN~S3VPylg>cX@NXk>bx#2VlXyVsL;Q}0YmxNjZcD`K zA6%GoTYeb-&c!O(-91cl1iGYS?Nm&_fuW9y>7c$u$^f_M!Ipd*p{KHFz6OmqtSyg9PFi9*zZs2yJGeD{5n;#0QA_+`>XDz=PBEq9$v2I*Cw{#};FF=VlFG zEkW^WUK`54bMM}*bf?|9a?42)cJ?CKaf^xSh%%%8-=l63yC) z!}z}#aqRmJMOq2%1>AX>Ns+8-#fIx|4K>x5OiMV5BlK?Uy513xXu39MC59s2KmJK*fQ+K&4DixcbBGikTPC{lH9;!lO6X) z9WC*^)}(J@Bfw~4Q+a3Bwe_obmFcbJm{?UTt8=A`{dld6a^bHEaSX!{vOKJ?+X|9#%dlf8zv`WB5fV$)v`05+ zo@M6OpgJm+>Przo@_3`7?HnF1!j`gVHzuF%FN2CrW}{uV+}75{>2cvi^4R$M%0MQs z>k$jIh>!mMWzeJ%I$F8OVDUs-aS#X(T<^Xkv1!(R958O3oJ<+YSAL||jtO$MLJKKH zn0!2kcTwY65YT?8Wl}F*%)l_g2!dBORUiS#?0BVSxiK~XM=BPU5D;y2IEaeN%34e- zxE!}Mpkqk}n>9Ey$S1!5xizO+aKGmfNLJPho!Dnbn=&w^V2HW{lojwY$kzrSLi8l_ zM#24|+$SgR1wIR;_bcnEpxw&-`HpZ#dU{`YL|j~4A0Ho7Kmu+cF1cM_9#`(yfqG|O zf4)@*QjuIic^Lx@?Tpk>u8|#c3lsmAN{q&tWLn z;VC$sTM&eh2gmuN)!n05xM&N0{N*jH(j3Oj>{2@^d&7V!&53^NQ)PR@h%;qc<(V%hU1r(GJD@+^W_KMOHW#%CA6Gv(w145U4b zJos?zeqxJ1)*uL@Gp5Wtc}lrE$HyHIav*mVYSjFQ=hS;@J%a@LgWmPkrQPOO3Lu^O1n(R!F4Nq4k_B>hzJDWM+)>jnbLHc!RzlU)KqIh~$ zHx^cm`L~li;|>lE#{04{XSUX)5BC6=U>rFZ} z93&qg7&K$W?fBp$rJ&GZY}Nn0M91fOMAUIKlxGV2MyUV8{gMd-@g`$tEZltRhq_z#Og{|4zeV$rG}s?1KEgEsW0 z5K3VRn9P8pDsN|ZV9{?2$|neQzZ+Z~YaO@4S}HyVy!rY%10))ig0~=9_(C}tD>oS# zAAbZ=>CZTJEHB7;_J#u-kT@Bki$hB^ltM?lNA_aX#)cS zsy9!4KYpA6>H})M$#`W!f&E{7u3b>eb*!uujEz?`8yMSy36~+pO6+;rK@nh`74o>K zwy1-E(ydSRA|t+>Z*eRS9KXy&?uPHn!2Nmchx(!f+!ShsrmejRT>qWjtJC ztH<+vfn9aYE;)<`by!z?=Jcw{WvogpBkIH<4epBGJSkVdWE)MW zv!Tycugo%xV>@u#78FY237_}8Xnr(Y+cH_O@s(X$IDCDxpL2H?Nvy5CbZ-b-llpvO_l3l~8 z!?M3GER1M#vxba3^ogLL3`%lDgwDChtOILactA*xgZ8lJwyV_McKfmLbq-YpRX^yZQ6qMIFoqE3EF=ju1htE4zIe-+E|b&r~HgLy<)4I2<#lx87|aJ7WSkF zZbOu%YG(>HFIYWmn2E9k>NmQbmb$OR!H6~g_!snU*8Vg(t7OtDEG(?1%^EH3wBsD6 zJ){tx*ZEBz6YAvs9UW+y1M!O&Ugp7unv}uGE-gFBo|1Rgb^bwCFZRbi>T40I>%|#Ys6^#V{XQ|ZH0VFe51K)EL-8# zP4tmRAMWz=>*XQgG3`{|I(!c)Nq zAgHHg=G_&aYwYKn7=~)XMvKxCvWcxD%|1--1vlr6U%sq7uWhU!5#2gFhlvf6ED?8z ze7|5vuVybYPMJwylQ#Y3C6I*q?}4~*75%)Ci{a5Sw<;4{e3{s+=M|=BAeMEMN zJy|n3qPP0Cr*?g0ej%hC(Z^FQyJM6+z&2Ub z>W(ORbFp&d=2fgY04+$(CqBu0lYv6&xbbeOYWjDzp&ZFnM%~+Szq`ByWIZ2?n)+UE z@;+e=J)QPc00raC&*%)}<_`!`x^C693oK9dA-TfInHkd9^sG$Vrbb#m4+GmhOPAjs z`z;@%|GWmCc>F7BS|c^}&-wHju(Z<4KgWQpCvEdkLg~#P_#H&|TlO6df{7S#4 z(|pbT{yIAxR;@O?i}CkchE$pm+1aHdABYN4o}M5KFf^RA-QwpTyGzoVl;++Zl;$x9 zjr_}KHioCa-|sTHB=z;I5H zSl|udPEl!T^t&XFJGpmnetDgTkR>uApQBK`e<+u@U9Ut zk6DG9lWBxwed!0w0yoH)#e3$tJ6DZ$=J?k)z>p^sLl>)R8tinm}pPr~hoZkB)(U_wehR8@?Yo&MJmiJPY=+##tL5 zPv$cNa3ki8gr3LHbk4R_SXgNfye-2u|LsTZ+Ez14Pq*<)0K}s^L(1h=6Y&M!-Up)3B>$320kgj>08GSzt25avW&8l^)|AJ&#kh)Y{?Jdb3cPsn z;x=&o_Ldd^>*FPQlHfu?AV+`8_-rZxfn*>efP;wij3wImI8JK33)9ryF|+ncIr;s+R3xiyX@3Qitm z#Kae7C)d}<2S4$r+>bS3Od=U*HaOjtDYbb>6MhdXsteC!_Qy>|-?^^{7N_LxEnD4E zJ;*4PIFx7+W9S7c7^mfyhG7_qI4lHZ*FLDKi+@%JRb&~02w05QD^pSib#y*z*9Sn? zysCzH-X1RV5sp|E)jhEbp^k9MTwodtJqc0Z`Z%ogjR!XP z0_a?cS^>fUIicq=I0i}h2)aq6b7*NPE(Ijzk4C0 zj+C3=PJ3Pp(#yo&c(*xLQGdFWRA~X!JRmKNvS0XG0J?h)q$oIktYISn&4_|w1|AKD zZXfTGa>Jrgi-4x}D;*h1s6q3Go8O0ijv@Rkou8zZk4+Eeu>21?=w&qqlyp%F3E znFN6@epS>#7nhrBLBfdb%m)h&^bQShxn~D@EBK`l_M2ou*H{GnkonxEs{{BRArSyi zi=vghr&ej+70lik;L6>i3&I-$Tf^egKX`B(;jB4aYr|l#x9-+e;W2}G0n9}aZX>;p zu!zJ&X>hfG;^m%WIVdkL-;?+x7!-;!Xf?2EB`PfCR@12v^-32xu2wC6cbQa6>EuUy z9=wEEtAL;Wm#qVX+24+zDiNO7-ir6jHG{DpqVu5e)f_| zfkK3qCcfI5x|_!`%OmFDw_d|UI`}yAm&IeLH?WPM@|TgDC2D@wgeZUb_M1~Tua7vw z4i<1RJheU^S2jEQZM4*v(n^{PA((#~$i$~Z489%@MFe!}^|qNC?pD9Qks{RFINt%u z8<@;%^D^7c1VsL~UWhr^zp)l?(CO)`o_+?3GrGFDN1RMT$AWr@7fN|b`pLvDoFNgzy zLH|3z(DL8$ze`~MzkKHZ>0$_Z^560Q>xLG>Lax6HF(YLoQ$}@d7#aDi>Ud0yWWyjh zRZc+x3-#)T0}@jZ!Xykc$;~b+owDHWaee*r_xAhNEXsKgo%a@b7LU4&>}9JBR8@0Kp zc}refFzx>1k5#9uv|HLs-g=wgwSzL>#_f9qW_q!Q_Au1fU&tb zSAt_GiE!`vB&Rl?vy%%`qylp0fcMd)3n@Xtr0G%5s$h$LiQCsN|Gv~2m3R@$&G)o0 zzC^zuTW6o!0eyBb*Lnac_PV?ylGcAX|K7cOMgN&dX@1~xFAcYtS6*C9YriKe1uyB+*Jp71j!n9A{73vO3KA|bqzoZ7qm-#+Tcm!yV+*VVF z3GoN&V^(O!ufM*Q@;+gY(vE85DxI}0m`oI!)?#h^U`6dI5t?Rs^=>79e_mHF2$eV} zsPj$J)^z`;JKBmFHg8~PF5~1xc4p~}{ zO4hqh_fvyQ)5?MqHShb*nA_JB6saLejW3%&o#VJHJ-+07qC|Cq)p5bcn{cagbE1Vh z*O5Y8j*IwU%b(3KxEt+1PeFjdQCE>qlwLFU#*FP4BF6tCY9u(6qUC_8Tl9%Ye#{u}Iw4&GDNSLI>}ulf0hY9cq@e9`FDtyFpV z5a(YW>^)^{5)wK^|I%GHp;$N}L_|(@iTBTRf;ji|M2-6%AG3xHv({7%HEoOJe`X!T zIiHY(-n->1W9jbw^izbl3)+8yFt53(`u~;05!ZgNsP8*peABFpg$_UJ!JQxrPL3o% zQM2pouG;4SP#FOk)r0h=T4mTvqN}UB0(QL0BDohYs5m*X!7G4-5G$bq9Y_RrDw%Ch zHLz&aj~tbOn+;fn0H_Pm58tdc9=q}!4@0YgIR%B5^J0u_H;=_wtAg<5M=-!Z$4w|cRlJC5ZzzuwOIf5mKj{`vw#E^`qR=V1YKrkXLZy)_ZFlG*tNimj}8XU zY}28ywMb$&z+clTT4FUVcJ9qD9LyJtH_=LiuQtSmDJEg1_*udbvDCORRgh$e-wF?9zjqU1h`XGGfc6f*c zA$OOYCM?h>vjFuV&I{Jt`=q28-@#mN4DNcvGGZ$$D?~2_{$Ph3a2wn_5&rGd(`f^l zl16HOOATZUd*YkntpST}99&%Q{DKyq?#@msYHDQAFF?rMTB|N8DFLYs=1BVL4)bPu zy1FmGX1`Ypzzj^vy9WnuS#$A*6{XiF?~f>WMSgWfef0B<09)0-6h+jiEVZz(bTo@p z0XqHztuLS01h8w&z^ALaHHe_*Ape(xb~t#+3G?#cHkni-PFj2g#8@cU3=kRv7!Rw zWhFZ|H1i*@RG-Czf7jZZ0q8I~{{S{h9@9Txo`W^l1i&Hi2HlI3-TLdR^NFwdlOT@C z?9R3A9v&LN>kmkF>wiN#J6{0Y>;++TWuoR0xY2+u`ys|_6=uqQcS$7xHi7(j523Ka z_~Y97Ti8vsN5+31T&xex_YP|_>aM;1YBkaMD^rsAcsVWP9{OB`sQ-gTQ+$60*>sC4 z%V@KSc+SCG+u1z>O>-I>Z9q1G;o(*E6#%*!Jg+XISyUqdZ;ft+yB=+1z|;~}JPZ;L zT)d=+HHIm`DhvcF&xJr%g5<~m6qXQ+cJt?t6je82QLZ9)#8t0Nz~yGQi4(LItxQ0LTM?(V-Xg@Jzdj z!b>DhFheLSSJbHTy!L1hAr@6pAwt->p%O5{OE#d=&nzysfk}B~x=9!w2FyYUkc*1x z&yWE;tAe)*gfoPx7e>61aat~cAt52xbe0G?pv2R2tp0+__ixeiOI;eYxw#XrCow|L zXww;95*pvaL|Fnh?5ImKEg^wZVND&QUjFW+`hBa`ISMn)4^~qqjV1+235inMWqBBn zSkx(Cfmbe@wEwvjhB+3}(s%EGh_2Vmz307uG7< z^?2(Kyb}Pa3W93nY6Yk^t)>+=P%t!+{(&zFprH;gVKvb49)Ryr7%1XHAYPg9MR;wf z7#0-<#J-@rLpKkh5KM$mkEnU>FLa5*ObDT1fG*)EpaqN=e4*$_P~+*TslB@$M^VOL zTC7f80NWHbGxHAe>#(Su8C3JUV1idodXj4!)BR~uQkYQxuLU+8H9Fl&)fQzLs}-pFH9qC#9c|yt0SctL4Wj^fJ0dVJ(CuQk1Egag7#bqn z^-v7kft|llP(bU9hOWtvI&#EHgHWkDeP9+z0F0}`J+NjsxEtyR2N7n%L!RZXD3D@b zK)fNrM6xM&ez7acpEN&K>srK~$MT!3DR&YS4VZOd0P(wEE`1WY3GD}33M^Lj!X%**@N&Ry zXbJC{KUCM%&4a!E`*H-M0tK{87vtk zT0;jZoLyawm}=?&#r738sJwsjl>Fh{8w8DnxPjEqfi8P;YLIpXZewhRg5SFhHnz5i z*W^G7nBCfvx3S>@gMMY~Ea(c*WS_%Zd+@3aHM|zq3Z>suuYR&y)NckC6sRmZvh8Ab z6l=Vbn&?IVC0UP5xij z?FulRRN-^i$GILres@F9huB+&yFh@Ow?z4xbqs+oNnB_ zIhw-`oC+~Xt)x)~%>ia`#Ff(5xQy~yfEZkC#l?V636L>Ft;Q8Z=lZ+AY6j)=i6UFAiz5y zV&L*c3|5g~Y?ceTb8>cOGxHs}@hUE|wST#Xdg&MS5+nWOo?#qjPgPlFSeu9?8XDjE z$SOrmG-x842y`OXMh*%Ur}FB=(K^-ON(>?>^iSuFss5cEYps=Efp@)g?cR60-x0J;^hinE?e0&asI#q7 zD~M)QkA*@cpt!uax|)!fn79USnnf@s1Kri6Z~X4=necO~g6G=psV-qt$L74Q2vL=# zsJoM22uYiNS67vs8*+P2_H1N)XC9agB2Q2jtZnDB-xiFN*w9;`-CH1z3Vc&VbUi`z zB_+OdS=&7u1CeG91@+f|8pd=>^pj4srnd`lw5!!x*WS*5f{`Vq+T6K9kSwo4{Syho zlz^{-!2tqpAiU90QF+msp)_gpbp{5X7eB3i^{e242SwX%<$~u*$A$g05L*hbXn$S2 z%u~u@dZxg$G9y$DjwH)z>xv!OeuvF3uWKJ~o*%Xdv4s(gZg|Qn;@~%3#(K@I-GFy- zzT8m|>aEEVe$QDOHJr!coO1d8@l$3F8iWWzF>&}_$6F`KqI*tB_vw2RVMeyij>)bl z5eoVT(U~{4)1@KtL|_-JM}_pOyG-ga6c;+WD3;fDLB5Fh^&6R zF_6SgvlkE~6U^{nldAcS|E^tUXt)x!4gaaGRc=u`4LGs`I#H+0H%gl(#Td1hUbf0N zUb}PW%lFQ{JdxLp-1bcFTwF1BAQS4r7%l%PfvUH;QCcwLCWxFW?8=S1+~2gx`7oBH zD+!!ZGdWB-g|58+UhcWh+|{Vl<&0`?>|Yi3v8w64Sk*4o-+H{|exdUa@l$r;Lg&v# zU0JO++&RQkZHS3i#d4CDRW{f>8tNl)OI)iXU1qh3Q}-3rN{sIzzK}OBc~zm8D&P4nC(a(^pVijd%fShw|-kovnMrm#i1}#5eR8 zx64kcov4qTBi~!sRORldqoU?*&OCF-{M*Pybn?r1fu1oJP2TI=ZsSEjFh*Uesxn&j zeSC3g8?I}8&MfD_rgyC~Q!0bMEq51=vG5$??L2!uMq@^YP^5Qwpx03M5ZESnq$oI6q6W36Bgenj9vCJ%sz} zSGDgGkf3~Dlp##uxx@&gnCK9Gk}|uTIju9tNNdskIkS+%>Wq-=Os=75;f{jGV8PqU ztMagZ$)*-ppR=9S&WvwY4%j7}1J|Rx1u6n@_RMjs4{?z(9gY>#>3wAGESIpyzj${1 z<08J)N9k{q)X!>Lt{Ss#t+h$r!Z~7j`EMzlJ^@}{{0!f<`x9)(Z;TjQDZtDxK1wcv z1@+~iG2O$ppG}G;?#;?kPSr}~PdP2mP{tgbPXik$n$)?%zjQ~Oy$gC#8ToBDS^jBX zSa<%Nkg?9uR;4UMI$?t4#;tP$s49CG7@DJ{yJ&2hx33lYS{R$y=X2Q8wK5H_ds>2` z^$B`YBUh2F<+lYu67e!hs`xF=qF}j43R^7SYx<~KS(2bX;b&igaEb0LnMA{AI6*~s zsoA=x62ry%s&?_k^+?_J4nsGaS4&d}_hg;jgmDGc|MdchX1p8|@h(07#7c^6z!cD_ z_{#djhdD9f_cZAr0!rh|^|wPeG~cd%=AX3qdn`%)xctFG5!B_zLak3xRZ=dAjm~}N z-?TlV9TV>3ZQi|5;L(?PoKq_4n0)hQQ(2BRW9}j0w#w}^khVJ&{RBFYY98X>HT$bS zTW*piF7aC-^SP%#ij%7rMH6^|jD#<&JL3N48OV4vwYa~!d2?Y||GJ9NIy*9bMp`y) z51X(*ZFc+a;iFe7DlYe89^zZ@A5sZ$t$E)iZX7gw1P)Guh3n;QWgjiij^XbXf>@4g z&V(WYWL$P#$z4L7N73121D5kH&oL#UGI|=P@G(58zp2Tkk~}7B(CXMb6~4~z|A@1^ zTql6W&s+DaQVHvW=+|hi`ZaXU%eEiUFm_7bsM~gTw6pnakxTLVD~>~l?fGPCnSHGY zZay-+PfSy5v~Se#%e@tp}a1t1XEa>L)+))O^9;eELT( zSwXP9<_~SM>{x$S)@9a0>vYs`g1)R?(-mDXI!|ehwQw9}$%A30mL*F^c2_QWNyw&YqKPCfpz(e_AC&30qQqxNy=W9@Iuo&A|IgD)B{4;s{$ z%P0yGcH25wl6aEBLTQX&5Baz22-RON1uuy_eL^27v`NC1E+b=8YIV86Bo%mIGW$nyC>dMV+g+8-LhCpWzW$GN$xjnorAp8rk{;?YbR)^FY* zCb*kRZ)-G=ZK5CO{ENr4QO?X0HC>_3kL-G$N@{q1_4nh*(ZR;Yly#oNZ&SCfhz^-u zf5SNiDf7F>7BN^UtfszgubirA-rE{&)~onn@_J}lm{iU9hge45ueC-@X;cz4(%}6d zx31yoQ?7K;`FB23ubmW{WQneKr!%o>yL?N?x+j_||70h3j>(zoh$JLZx~+}quq6wM zmvNJSQ7gFBO#Mcsa>gj+R<}Z}ti>(OM2WreAKE9@6Wxz7StVf|5zkJZG^|d>zZyzN zbnYh1U8pMGA%Xq)%bZ+rCspIw3AtVE5B|njX2Sk|OS62bk9}>?OqOb_8Gb9K!I(%b z4AyR`Cyhk8msOGca}fprcs zY;v@!JA-z?C@#C~!oPDhMM>TqW@rVVq1Kk`FB5ck4{N)faMPYS&Y#SpVy^s-Jflwi zQ#98Wa5dSpAAhrSY~Lp~DXL|wfYf-j5ce{b++@IZ;Pd8ui1V@@Ll}8q?KHveLGi%x zVa4Iv^|$&K3K6BFdR;4{U-2EaBzO)-52L!=#=mfkk;;xBf5De<^^tmIuJP@+7P3Pd zN#)T`(yFpYwt^09g5UTO$|;c=URk~RLmWKG9e+R+QnfWmdPtz0aVU{;S~>MaRC_}u zv+Ldax?i8HVw%u=x}JqFMG)!HJd8fc|B3zWfH6NEDNZp=;l{;<)#e$fSRB`N+bjGw zbp6SK-TgOjevw{9o{Eg?(0gQrl3j$dxw#>0sztGA8C-{wb8g-C^s5#vAlBxI1f>MQ zOBuiVoi*}sIXNj^>;6hSyai6X1JaW-w4L*>1|ej>LMM{RxGIR3{6x%q@Pl=l1K*ci zRIU)(lyW)mB`oh^Jm~iu>Q>>l;w~)Qsz3NkC(!V7cOhNJZD&cw?Xv5})Y&_9C@gpM z{A_v81h!dDZ>g*Ik_Xq1#54CK^7;PwfimXk{NbSd^@L!9N|P?BHeCh&R1k$pr=~rMm;YnENLjgr*N0T((h2R7Xlc`!`&5z{^bXQM{{Zo=WjeZ5h<-IAwuB)AJn{K%lu(+VboSCphC9pEqU4;Oo=Uk6W#g4MrrQ<0kh2ks&XC#f z5?4yMOVrM;J_hckpwoTKcR$bPPYye*@`kH<=lw!H7gMGA3VZgiG&dwXHsDK1TS0r~ zVv24gPp0!{P|$eaiO1!@-ETivq4*?@(s|#vxktTB^olL}BwO~|Z!~e-2{{I(z>FBy zaeLhff9;ooUkk-AYz}x0-F7+sk2Xb=Ri3>teu|pr8TfXSKPh~)Qs*v)VgI|Hamu~E zc%3W;#(@fD;l321=b>YV#795X3BnViiTa^@n@lg>L0q{?+k=8onMccWTWOzjxKLy6 zyokZpy5GUh*Y}41YaIxS$FAQR+N>kfay{E>@q?wLq+5q3eJWF2b|!+0=4V!nW5nmu z@B`?BTlonCc&w)Dr$7Fl%Br_d`)$lM&Bj;gG#e<`mWum-sQT)FDwi)>5D@|CZb1+v zr5h9kq`OP$?yduplF|aw0@B^x(%s$C&7paNzx&?1_fI(IeDlrB-ZN|O*=r5W1=qCi zhG+GH6MIC=+b^xFmPR%E95gtb#h7%Z9+HVxWFzL`Ty;FdD>FvK64Q*v+0B~I^(p&e zgqw1g!-aoga|YL~9*DpeD9}pob2IK=-P18O2>2vxPM(6<9Bz;n%kxvFJFg*Yz6z}v zH}KM`2KouPJx9I@)s<2Q3shx-VX>6J5b!KS?0-pn_tn+R3gMt%dO{ zUHP0n!&~1f1uktiVfj(ch6;v9a3ntW!9BIJd9Z@UYhX!Ht|f!2S#hxX&#F!4X5r&z z$0UGn%;;sUqeXl=DE5N*ngS+Fv!d06rEEE8n^@4po6vE`o^uS_*z<Z& zR%9UW_w2b#ndd9qhm%+Oi&sIltT~w2T3?I3H2gFy;ob#WHHynhe{SC~G%z$fKD$W2 ziH5scPc8+J$4DT4%Ro$%Zz~JgIDvDQ7w}&?oty8CyapK?ugCJG`2~_Mc?xHpJ4bqY zv}7B2jY37tSIahs6nc;#&*Ngo=qUif>Mc)9}Z}?<=_u87SyPd`( zyN)rZ=iMVS@YqORS1aZz1OkM-?g&;WBWfLwUpWrTP~HkBnGMOQj<~x2W1mAXU(SH! z|3wEbKyI)*LRoT))y>9QAn5|RknAwveeqVOv74>UAu5lmFrfLr|I9Irrz>}SSwa<(4A(!fsJYi$~!xS9@yT8Dww9CiB-j3^S-As92`(8G^Y#H2I!ST zz?s=lN9n6e!%keKov0kBWpi=1Sta3S8+21^&u6IFLAA43_uaSJBY3%d%U?=Vp<~?- zC0tgkIf~m0Rj^pyFJ5iCQ2=XL+5XJ5FfpW1?&N8|f^2ge;rlZu`>kHTi~WlGsiPq4 zDvpzd&d?-^`Mt_<9|L<9dYL zbK6~3anq2-Uc}1YZPDG0``HF7D)j`7y0abY@YvJy9Qo79y@jUS@zp}@Ez-?4yq3jQ z9~s#*!@t+CO`{^cRN+8YMl+2??Dm*RCV60%j{Y_pvE zzWw`2s|)JklA-*cY7>3e$TYJLl+DFjUpV-cgLU6{^#wq4`aj+N*_tl*#Bz7G5G|}C z&+~efSYaVnKDjR`)!-7H-EY-Ml`aiT2dgJM6TBTHV#Y8s8ct7}%rL6#U= z9MQ~35Sr}GR7LI+O=+-sO)~1f+sMOE%2&@BpStQqSnC<;(;o?FR4UM7gOGFlu9m03MuNhn&FJW+R+3uRqmYOtyFq4^hf%7X0&Dd-;>ujXh z)yeHvm8>^avc(&v5;4D&IdIADgNeFnF-i5@h9Kov5~M*q1Hb|3+qs}p?e>_?v6E$JURW-nHmT8-Jv?NL75tbQCm4l zVM)yj4L%OhAnV4HJV>#5u-#b`(PXf9dN({h!@3yDv7^weew4*-^KY$+QBKNqb3Usqx_P}I@aLUPcJzI$&8JS zxf_Ea_oTf8oyVjRF06@X_z#^8x)Ss$nH`c?-p$#VI#u^HIJB7dm}JvJsxV1Y#RkBV zu*nik*a+1*oa0<$!ms!UF*R0gztCbA{=gt}pSZnR#zPM(?6PzA^-e>g!4AgU>f)_+ zEkZ4jvoj1|Ee4@6y5|Agt}5foXf5jxe#d@2{L=yXROhu#4kQ`|KR|gtnQ%J?*XeJl>GSg((;_cuv$aT zO0NbY0BS5Wsx$g=n_o8`%U{*^Ae`LqRjqbej_pI=&|4?H-Jp|OhsEB+PP`}(xR?hO zWofj8NJXNBN}3ipKUHR9E+O)zd7{b|bmWx^VJD*Uzf|%V!Wpi0`r0nMw9=ctIj!pA zG@~N%eu=&J%k#BWov(dQqEbmqJ(RjtIu}5!`V8CO|3`3mw#G)3e+-C8b(`)Jn_h{r z{6Xb!5oif$;3G|9MIfpq1SfGCOP_Ie^$Ag&I7QRunK%OlAC4vrG!{7;q;r)%gFWG; zU~>!(!{Gs(_8q5N8QT5=A~s6<-1W^)y$)P!*W_k6omZTe>5NULSX&tv8$lQq;RvMB z%zk7|a4{1NgWW9NP3nU|A>>B{q*roV1|lt%&nr$U;F-v*m|bGIC1Yy(6=DFmPYuVD zMEyyehbaOFxdn|K8xJ>~AzI_4mvhQ(s#u|gqX#})bO*D_s0Rx^s@%Gx3Q^*(X7pmh zlN;fh8Ls_T^t&}fUn+ziQk2E_Psp|PUYHT8~fvl|4%b-ga1 zS(6E7?6B(rFs4+j9tc(w7U#`z2#;*pxIZo|ICc{h4u*0egSD$-`I}ro(;1Jju3K_w zh0?|Te4Ff8)2H)M*BW;>=FNSyTDM#ioZ+zi_|oEO<p^p2>zLyTSb9(uT~BA$^F{C z$UTbhh=)-RY;ZA`qDT3dkjTg#Cj!HkcW#NAt%-ojXBM19>|o7q!XDAw;f0!^pKlXb zg0)}Mw|qD#{5&2^56|gTDz68oVsipl2}!YO@n=7s69LzlXf6v3eyp4CsL5|O)zZ8# zx6EP9zw33UY(X&r!oa;vX>eef^%WWR^lSLpK6O6%N_HRG)Oxqjfb-pQvr{9T-kvwM zOW)drnjX$oo7|w<2jg%aQ^IM+1FLmC9oAXc(XT(nx4xSoIu$;|3rpq)$&F;=RFlW- z#t5FKjbyHpLX+O}_`%dx6E=;r4$)LzPg&jWl>H>Nx9&XrHz=zo{`OL?4-7k;R<=|8 z{he0`Dlp5vS;$le^~9b{e=_{6Tf*$^<>6l6R9P|u1E@(NUw~N@@Y<}^-^5ZgLz==` zqao8$*FX{CYui(nxiqI;F;+eHVX_eU>R;s53J6t$>(=xEM~iH(tLBfJVA51knm$xu z(`9c$GNy_S=2Hsii*M+7zB-ob?%k+Uf@--^szB_KsCUxt8V$TBZcwEzT?4YDBz3 zfZClc>s<5QHMpi64lFLCF1U?lSW?$jhw2TCUV#Nh*j~RxV}M5~EQtP`*?iK{#C9$_ zCjUnJ=EWzFj*A6|Af+%fk|VY%e#V|7K4w(S`vNhF8d8s~{k zbdJphX4ymZmWS~MPQ9dGW7#(`X^3BLQZRB3HRBB>XFJ_>ZF;&)6{;zmXysLzA4(YhAsPu066hiOy**z)QWEHP$#aeS3fZj;dN90cHPSwfl1bq^gzz)Qq_QYcR}<~#ITYP@7N2VAio zWMLS!SSKWJ!tCg#mrALCSmNaTY2C&BkLE-=XZwTqwsV|?Yam_q7@r6vq%LERFe)(s)fJ$a{6(emkmJo7R0 z2O~{p9^sq$O4sX*!}Lv$i;HXd=W`Z?D2c)5)3Xb52KEHiK(sXF`ay@CE9_$FAN_Mo zXjzaPqceyV_5rDm#av0ik}AX99GwI*c|p8TdPjQ~f}pgB2ipe2WD8Bm#o?@k-aLB> zA>VDduv2^91SLpbKW0ThL~~qMS|zQc!zk+v3H1@y?fCTeXg6XhV{F^Say6$~I$55@ zwJjgyM_yC1{jemOEHT};J|klZ{x*CBOi92C_J!-Q@?*Y%iSP6&aHRKEPPl?Ymq^ZN zOerMn&!~;@datg_9Tw?tpZGpT8hv}Hwa^vf44S{o60#TQ?v0!*)`o4=_OvNqq5?eD4@-gH&Y?>iB6 zqaGUH%Z}MX&ob0^K`G57@Z;g2j~vCCruUhRu9a4s)v2Wp2eKelHd<3#TdZ6qr}e_Q_ty|L2HJwV?%H3AV{Z$qFQKs0AtZIdB4A6o?lTGWI+ov`kGO z48#x`@)QdQwodHIxSg-L_UrgsJBG3oRfn2qej`492`^p3#gSHto_mk8#N+K}&fp;c z6)_+T0qmO1{r>uWJ2Y+zYY)!@mFWkKNsgt?s zaevPxka~uD54&+?J5q)Jy1)eI%@IRO6k8MQXk>-14~FZ~(ye_DC)-wz5F<704u* z*a8yQkD2&@aIa{BQ&lWd0z=X`l%wnV)YZ+E9)PfGUG85Hh6Nn`rfKlBV$fiJ?CMQ) zvACr8X5*9?^M>!SOYG_A*@jrY#WnF$+xzz$A&hp5lUM5p+ah2NP*KBA#7^X-+Ut1_ zQ6Yx&9dpo120A0J8$oa)!VliXWF-3)x$-MH8tfmuj*o7)y!_|4Y#&FWs;3Tgj-o5V zD;y~{?=i==f`{I5U`dp~zmE)ZKfi&=WGLkV1oAAJx}kS|Vop*UMkFakwB9Wp8yEL+ z-wP4Ne;1z}>Ed?t*8S>rn#orvUW)4%+Rqa%PUC9x^ZaT}pHO#I>5U$f0r%r$CSzkR zJIC2Ssi>Jv*6GI0$A9c1+DhHr!YL?5B~%)CChU1~xt_gc;#)Xvc;S9OW$%Rrw3OM< z*3j^hTqC99<8eKMX1Or-G-7E}*lnuoPfY?2n;%l_5m4W5R8HMroL25FB*g>$hEJv; zS}?`avt=`5(c96~io6u7;StfQaxIFl#8v?rY4}*& zu+1#arSk9VivVx4IbBHISzuZ>^No903^n<>Y!`}e3bKTCq2j4l^A3(VIzrPdw^H`z z8;ZvBEoBCaaBmbi%oY=ijT!WS+q&u-jF^q;YN7hG^9JJTyX|2}&oo zL3O>p2&KO)bK-yPdEEG-9!o_sOG$CD5-FXO{m8lKGQK_Sp>Sx)Jt8Lsl7f15MO8(i z0IQ3Kdt$B!WOX0-28h^KYwzz&o4>E*vZ@*~d+X{mKN1obQ2dL(aW^|>iOhAIj$GIxAtV3( zDA{Siva+(Ft#@^jM7lfd-_7IjJ}FY>y%#Bf)l{3)7k_R-JLAN%u9o`_4_%gS9qT1J z0QMA%R@v__9$6U6?_dUz?yYr~783G_xU_iNSiaWR#tFX?4lfy;Bl|p?rIccs4^QFT zphnB9odrEZOqJbE-aQ}UZ#|4G=eoYbAq0)==E|o(0S6&~?}VwSz=cO9tF5WINf>r^ z8@(m@XA}+7n{i}5(qKG&m7ojp zg?=H)!#GfSux4nZ@%y$~-CtHY@f|O|j!1;gt?u;Y#q0aNR1y6^-FL38@kqyLD5U3< zth7WfD`OiT@zJU~m7c20IMH8K?d(3nho=h4&W1&2qRGM8T!whsl=}=`T<|RvlUWjR zGL~OG4+}Erym&=_<%o+nm`uUR8!|~!KT@l@#5+iaD-;y?HM3VF>fK0CcPrRij2cBD zt`@s1`3}YZw-%tg9s~DHDuz(7F1a5~`H3|A9y4*4-7fm5P|8LYqU6f-7R1Lz zzf7bcMUt|z{_JPAXgd@M{=o=gQEFM4h^UT>=VavOkaZ<1UZQ~Dr5`%@>Ca0Xp`Zt; zvNy?@ZhiYy9y4Y11+SOfXR!jIa2aEJ2R zcx!NQRP+x}wV6=j+dMgYhie1NRiskhIT-E|{dJLqr(|P0Cl??6B_iHq&%UjyJ|{nD z=C9K?NU#eL!DcJX_4mzKSNR;4nPEbVBO+tPSPux2OJtC@hy4V4SXe!SeZqxGtLw|} zfH?jKrQ*S@N^`{=4fb)`8B*cLq53;lF7F0+nCxfpjWP0zP}3Vmp|Z_GBdtD8VMJp^ zFRbM$|BemtG@<8_R=ulf_c0>sPW#m(x4a${}T zjI`XHh>uM?f8*tkj^=xJjb$ROj$7KblUPGTOvU|os{XcrUauFl_JzEQ0yi)3T@bBY z)T_TOKF)?(Grb~ey@MEo9wU+%;jes2yT2d#VS|_1HSYNBwD8&C&j2%ygvQLcaN#$R zJ^#mfeEc{lu;u-oX;j!YZs|2gqzjGqe_9M-e{HJ)>7h`0zb*EiR_#A6YAKTPIt0Q- zb8r4C$@yv-^PgV6mf9O8NpDe7+k2Xw=5MLZHvRF-zh22%3X<~l(depph{^l||M}^B z`KoI1)NW`LqwN-F5UT%^WCNjFydok+?mR(bj8jE7d2Ma=f8OE1^w^!BnVeB}lJ5g!5C(MuIy6xt(;)ERZMNR2$38Y;;@tRqA0f>D%?$VjQ7S$eU8CD-cvLa9oSd4C z2n%^lH>)Sy++~zyo#Vc=&lg~UHgePAZhzmkLtAla!`7JbhrnlZmIOJPpE)8i4y(V@ z=Wpld^`j7NnR0KDY~LIjV1y{Cw(4$cZ|c^EX$&+i@cxFH{{RSo74w z5{ILrq%dSu0ykHcHdg7y^KZJ@U`hP~u05bc6jD1?5rckl=>olGrn8jDJx zL0;PSUb>Y^Za1XwK|NHubA13e!FKM_ABQ?J%2%s8T;EG##~XHWneTAiPsWh`ahg>h z?B+k`po-SDHf+h=QfU-nO%%`IXO_fkGFZ39aQJd#d;}-U*yy+@Ha;fmEry=p8azE# zCOeLeUn2C=3@`M{3jc8hzM55Nz?y3sgL@-BC5>3h?7B6WGOqnq zz&L+o+H##;~U473idqHh|T{!U@W9(FUQcJIKT z7paQ?Cw0yRD9*@(y>~)IZIvjAXVWC|CvPr!Ir(c!7mg9G9tjx_4yFYjCVNPsZ8wduSl`1v0rr?01s(uj_EQrSIY;lunE2dNBUB8I$$6 z@E%93@7m8`loLkxn1pjrbB)pe!ba=DWWq43l0VVY4B-5r=6QiT_=l z|F``5M2jN?4K$cw##prF(mrq{z* zbbM}?OaD)=9=GTMT~RM2gtcmoj`{t@+_gEaf3L!VzVbsC-6^Ifo`5IPe+t&05jXG10|C3ict4qZ>|rLvU9GK5quVydEE{&o8Q4b@#_P4xP_ zONbhObDYcU&BuT5M|knBU%@al==m^``?-pU|NFD}oT1OEdps=$;oP%aV+FTs-v4*` z{=3a_V!d|iDj=7Qx8GgQkQ)UJv(dW$r@P_0OOhUwI3a2bOW85@FTVZzwVB>f$LUW& z)jB+qd$G2)b^kq(%|gNgyn2(L*a!d;se~Koa~4hiHWu>#2J0Ao+R>6^#(!21176yf zXZ6z><-g}>DIuo4!-Pq#BhP*6)iBkE|2+Ea)&P}yuO!Ho`x0YgO6uRA2{y`iSJBad zwRrP;n1XO0lD7OCrT>iNe#l%<)yn}ee^8H^&`XAKbjVVbUpWnqT zeFkf3Qw@##&oFZAVj3&lmjuDrt5A(+2K;B^=dPo7($R+d-p@>}shSvb`10SQl!}N| zuQw_8>36+jo7^uG`E+Csi7?8K|3XJ%SkBSkNc1uC_vc<%BS8LRt(fJ-wtS|kBJ?d; zm=k>y|Fu@#)V}cV%HO3#?fZ51KaRD8|Hp7XowIs6>uSmtG0qXor=_W1$xP32N&Ih@ z{~t(lX4!r@#gfUO$L>M6dPw|V2b8dSB8KU#(a}JB`wPg9{AVb^1crZ~z?XVv->+gQ z*0*d0jz|Avkr!R}GDh#~L<&sh#C}+4{m1R=zd8K~+0J3mThVc(In)sO_mi7LZC+b zaL!m{d_018NJz+)EntF`l)jneZtv=P1~l+sh)GBQtBo15z$f~MxN8DW&T9eC2}1-( z)nrYoJgpnH^Hrp;H7@;!!)2kXWr>r3%lL3ofp;=Gi^AHsJ1Ea8)YT0PjG_{vh2MWB zcZG+C0TF7Mon3#oS$R1#VHobx;ohGhjjSi{^vy#WlSyD`voL|s%pM!z{EuW?N2jip zE>GY}2Mj=f3(&KHBCl4nSMu&u@#AeHb`rE2me14^L`1BNR9+{{N?BN1g6qdRI|ooy zRaMy%GfvAx^65bAE{Ba%RaNEvgh*2p^bjT}qRDPeT^a}@rA=+aVEM!Q1CXTmq^z8! zXWXo(e>`JgSWiEbk=9RJ+t${pb*2-ZlT-E9!xOaL3NDudcd!9&9^f2C>;8H~{mpu9 z9l&hYcghBs;gJ&KAjDy__ZYo!4hQ_+xRyM>8uY*l2%#ao|NI`+xhI08|QRvBCp_nnD~ z8~jfp_w5^OZ$$r|4^B=TZoZ`ch$qM=JwrnX(TJI??^K*{uUuUXjLdq5&6o*ahzxD4 zen~1vE*g}n;jLfZ*pzrzYj^4Hj8__b&qd|?JoiioK`!KdHixfNA+Dt;58#D#=!C4?X5m*I&I)Vov15We zE$Hc6mIPsdF3cBSI&?xp381S4IC%>Al8+|0{bAH=wY*5J!|aNqbtv}>r5K-s9wsK2 z`xQ%0W+u1&25tP>+N0z;BQu6EwK0I%N2h2VOf=7zT7t*(r+)qku9qx*_AQA>MrIJY z&yI(SJ^u&(qnLZ zUO(l6j}yT-S#NPyQGwu&7}RSB!^SAh1_M0yN#dj4@K!Nmt z&!3QyntFFRDz?x(j0sSG%-V`0e1!bGqq`f=kwAb6ToAXqyd0DYY0<{%JuaR47!>j9 zx{VuDMRx8~?s7ve9uvK^>FG+j#6sW_Dj*`(vb3bTSO8GWv59z(}LNs_GXh2)y(@k|0;gSBm^q z@;32<$ja(Er8PdeH#m01LZ`&@dMFfjuUeSWg8~^yVm_B|zTn2N%i+(raB!y6Ke-)~ zD)d^0@em6M1ES0Ogj1an5X5K$1LV2cLX8+SHRt2e$-4dRjk(;fvFo8^dc84BC6$#~ zI(Kg4#i|j2vxkL`Ph+hEf_WDg973dNCs%mUM^LE9JKW%bhmEBENBfhby-h?4e_v61 z;Ed}Tje7)f>yn`NbyyO{;!hmyfKUoH`X^I?9)IE$ayz=G(8zQ_(ZYCnf22%z=bzIb zg6;wK#xlnPCpdgJgS>u9zuuMqnq|u;5sCgqqm`VzfkNd+Q@|bMh`Zl()qVq-qk5eyE0Ocz>z6OT1xRa-+W-Fe znltK|+*dRQBBHzi)l4%N_PVn_hKxZGB;5Ur+H(nYdN{(br6~C*{Zb0aGR2ZOp2pBo zf5j4tLG0=20fitDfYXVEsS#Vm?{>OqytKNp!O(MsAVeF8slXlMHS_{@`K)KHK%>bo zUbHzhKLi=>*;$VL)?mbZ@YtiJq4Ol!`SlS1EDb=ytKV5=lwvWiQR>4~fZdGcq(`74 zPgggJ%FpHH$;rtjxN+?}CqzKo{o-@a?0^zdF2&c{Zi>9Aml-KM&% zma`5z?)%E%1|hn~=z%9|E60ZBbCO7ZUu!(gl2H_~e70$M*`>jz)Mk;oWN{OmTCFSE zdz>#+%+MNqtHnH&0nN(K3SOjrcudQc#Z9dXBR)M$5!n~7_^@T3+de#MXWNa_0zhNKIUjeRJ!ul?CCZA_WF#dV?3c*V&w*g&2%wXImsC-$tD?SirtRT+;2=VcC_p3?uk~w z=i-)%`s~||)JWPrHFSMgILH)Z-AsmFU54bcH1EQmJ>i>qAW*TG??G!W{B)4W9)(Tb z0kHzSVWnKcR{K}FQ3ibPz-s8hd8!JS@Zmrs@G-g}0TB!p&)rXvf?zR9@&lGo`54P3 z2DOhX0P^l7xPmkq zJWKw<5XY$GX4b6_E1@eHz+Ou3jDB9Hdp>sasptXs7YsxM9KVff|GAS>w6v{PN^->26tR)Y41a}1S0QA+S$1|!#zDb{p zfnC*>@ z>FEv~EfJ-OUV;REr;DfJegNuBzf-j52$*ZgNHjS*s7omNs&3yaHHt<^p#n(RCIL8E z)2@~%Hu)cIDjd^oYALF%`dt;lp}mFweY!;=?xwywi9v0JcuHv3@v;#kTfd>W$H$&Zo@f!a?9> zS(}i}LaN(}-*mJgb`S1~iRfM6#i8NYHG6@2=?h&!NF9`@tzLJaO(uW`nY`Bf^?*N^3K$GQH5-xP+YlDoD;EU%a6seS&W7rnMM9mq7|Pe89YaT?tfl7NZy-k z^kvPFRbVK?Jx>zs3WeYOC6{~hDwz!IJtacjn9y(EJSQkr=Bf!ch@Vh$8@6=X=WI{q zUg?rTPioLyj4n;Y)!u+|I10eTv9q_EZn8y5^3rXmK5PtYY=lEeV#|^*e{A}Pcgsuh zNnPyv8|TAMhlBgzZiryB$V!vp43zRXONtU95%DPW3@L>?rEzP(XOh-<@+~f^f90W?DAurkZzT|zz@C#6N|9SD16aR%)NNwB9SWb`tB#t#l2Ho?X zUbR>&Tf>0CjMHrJNR?V4(}~}LeUzC3te`48ZZh=UQ5PB=w?BFn3$;AOWe60j&-&>SD+V%Y;y}?%a{30s^p(fvsX>8m zZ@MxN^o1DM8L%XP;?mx$@|;Hqvn2znK5JQlaM8#-4B^FW{U{9PssLbXtgl|NLR_^b zf(UC|T_oBLz68c|0%~L$U@5|wu#VQ+Y*NN&4%zOEi>o|Tg(7barpeL#BE*&P4<^4v zc(y`@9`rvT0}v<>CbCc#bhaCH#Kc+^4~n2-ydeB~Y}?VPvo`8~sud~_k>kuQB-H*K z5da?C{cY%NA7BLp6c&muvVkq`^Boe()niE0<6wRel055Uw85MCjvSFzAN2rPBub-FaicH?)!H(B2Rp2mv^@! ziXkwtKJQ)PPfP1o>}Eq>fOiY3#}yXxAO?bC9i3V$x3%RTbh!ePk`Tz#l@W6_k`u!; zjyuvKm5K<-JB!fKTAGqIUAAIBLtN)M%j1X7N-v^HAT1LE$#r3g@?fSyT+B`!Glr61 zGj7s?0+qel+UTDhTv3>7Un3d=X1lWgoVE;+aXO=EX+Pre?#_wFkm%9N9PR6E=TIs& z!lKJ1OSc+t;9<{sNWe{N??!|aK|MS;(Hu6b1akmFp%F9d+oZ^Fj#s{b7MT0y4dv^O z$nW30qsv(ZyzVbAuhw?S{Hm>C&XcM$hnD5RsNVk`n0nkx0JE}*SAQ}}`@3m4jU2#g z#>5ssDEU>aE-ILEwVRnq7dO;64yjl5ik6iJ!POx*7%GLYVIX@;1Eqqf!+;#b*XT*# z^bi5({&>y~YB4$%#&#onG(Y(VKUMklG5;cYfZ11Ps4_o3NWeMKZyG;?Nk?yJkc5)D z3&e$wiZMV6Je=`eUxkS0t!P=f>l zz)hWy{(d49(!w|?%YfRIOljFyib?M^%#aWtO{p_ODG%VgmLWlOYh6gg-IH9MW^U~p zlq>}k{BV`YB=U~Tw8LeL3X{1=!QCqyXk1RU?AIYNdPd6Z=ooxi1tDTEvSlnGgUyIj z(Oi%fKK0ob_VkkZBE?gY$;qDf-%%10G*0!oxp^}cG;}^P(EO$rY&NNXT{-)Bag3BV zz^)(&B_bkvjINw)+h;m)j8!>*JpOUsMg5C~(aNgE-DPEeEwC8kt<@5EJXg}Lf#^u3>4C3oU!pdThNrpC@4$i1)cB2spBM<#lZfQU|AgW=8g zHjp3lwI**$(FYs=Awa7csOXFe1%UVj|u?`N}~h>4C4 z(Aq60-*s8#c3hd{8hnQ|5&ODtbS)UN1Z@liU~Gt;H6{Fw;Q&1!gie83*7IGARr89n;H zwE$reOQe4})4@v&yQ)!1(ZbaNa8%nukD06UU>U)l&ND^a(znGlv~~WHb_L#|`p{~( zrz8^U6(4g;h`aXI@ZPm&7pj3mC(-6BQtEJ03NV-{?#GVeHRwWeaoJ78^=olrfL<9( zZgs2T0mC%j>oA5D5{_Y#&o`+l2SXU`DJvw zA5A6;^5_g%eGkQ^)s~2Mb6nI9F|BH9geVVwA3@Z;&-*9-pzd#Y^Y|bNACxl)gE54i zlhvX-H}AStrV59mRcHl*c3=_2sF6-it&$(y(LNMUm4cGZG?S*ICT-2_@l$bi-FJWI zMFylb_f=IhSaB2e&9YD!eCyLyWzpa@s$*0K17%*>3v@eDU>bFX_)%4;XDj#a4Om&4Po+sUI-R*2| zkNpzitt!wJk&s{+m~)K%giQW{aimPxc~h3Gdo2(;(`boBYDgznQleQDE)HOlvz1Q! zbjJ(hskTFH=t1Ew5bIsmDSPqYWbhCOwTf=`M#goe-*_6cuKN6#nLoH`pfY}|qF3t# zJ2NOY@aYz^{q?2144L5d;D#Zs(tX-GUYbatmBpn!0V@2DH@dZnPm`L(_)#EN#EOcn zCu)rkMkCQ;XmYf%>wSlp#Z2B5x+0&FhDbd<;Sj6PSIbQ%i&#Uv5;_2_ps*S4|7gNjsQk!bGZg3_510HE#3W_{vLggv3h=1+`>^p6RD3U zbbgnRvI=%pV$Wr?U+jiP*RDsj!ymt#!oN|QMzL;gfoKi=zC6tC-E|`Enx{A=*+4A! z0>XP#inZ=NEVq@s&sk6T)WeCTi;`I=qvF{6mNyT4svqjD`R1GLLsTkzM>9NCUk|8X z7hmkxe`ar%A@!|(7=he%yn7z$PO`WqHoX>jsHKx31;4{#b({({PoBap);OQ8F@k>< zAj)R3$T8KeA*LGtx{$Zb>FUWB)P0Dt7W80RNKc5bkoWu>mQs{1dB;{vvx(ONVnth*{B6}h!oh)I#T`lSrk4StT{Z48cd~O0bP0BEl-85yu<7JAzTDx?d0gcxWHPn} zUfAArDI?(wxEY)Q&dHPEJVjZ=MD$h2s>?ELI0C85)=8DN8$|8|c{oGZIsEBfwoK;c z_k_OjKp0CNsNO=b|K8%}>0r&ld;_T>t33gw!rxco@OWQMh9Zqp@hqLrS{IIJ?G}@m z{N8tx#2wwkgv`ClTJOktjg>()S7~pt3L{=fghnyF?5WiAV|jLqk#NHE`&!A6Ca>!- z%dIc|+;+$0K)gL+@>tLdo+Pbc{sp02oX))7E!&$5xP zyCC?nZPeB7?hL{c2I%2@+wkx2KyG#zI93b~kHU5o$oLp)xHwoaUQ zc`6q4@JsZrOHF-l`Ea*AO@57q9a#{=A*h5p0-xC_&q&=)f#T-QqtkTK;ZF!-;p~x|Kr%!_Od`-re|~`SFQ3HOw#0ic&7dPU|i^@(^)|m zmj}ix66E0~cU_CUy;|3EOkR#c>eoC`QHHc&lF=L-&sk8?s@&&9Q~2DxV=GbEcR5G) zbe~6h{@LEnG(JAmw0Ps_u*gk)Tc5H+8{7N97U5wvlBbV07?|?1#hS>n?rc<}%07hC ztTJ&j+1>2=0d;3F7&)E#jY7fGstZ($Q}w=CoRG_vt(l6$Mb18`3(kEM{8%@u$@;WZ z&*7+UjzX!KwDd_msK(b3X)qWmNEMfq2Bq@|sE4QeTSnGi-}wR)*2ENAve0|PzwRy6 z`U|@|AIC4rOY6C}KzQ{7&Rc&^e^=O`#kg1}_tJdOs~^(9Em{n1@|nMVm(7E@+E@1S zNQ?*@$@-l=@{rn4=nj11lhJs^Ahg;ei`gnxSyKMx`E7I-PWMw$S=m%0%X*lj)fq(| z&fLM8l{;=QA%Rfq^0O(^iURdGtoMPyXq>IIja$#ak%^srKA!+%0O$^uhf8X<#e}uJ zI@otfc2teJvmNJa?0lB+1~bI+>-J_>rK@o(xk+8TU%}QV@N8;!p&S-h4uzSk45xp_ zsd6b^RlbxA--BlA=4AKdb1KkkJtx;OA8ugidi^>vH|_WEs`1ojvkjCcf18EP_#{H> zIe*WeRO516-RB`H)}L=8?OkGWTSAXBYuvWy#kjL~0sYoZVk(a}K5!&m|+W+H-BsOo-Ky_Fo zu3%{}JQME^zsXa9{CMN*P*B#UNs#n?IL%daFoiFheOk@rBf2b^VA{ZLP7|=6%NwhX zObd9P^XnU=9DjOGJVw)J@}mOgah3W7Z#(ctucVUCjOwOpOY20cPF z8ym~!=7c2KhKrQcKuNE8`;uoP%J9etAnj9)Sw96wgV!(6rWli_h;L%Z0!;7Rf$yrW zFu9Ume4r)XKBeo3kGy;qk^f8K)V{0CJ)Sh*EiR9OGt2MtBi_5{CbIt0cG$$L7=RdL zy~L>b@+Y2+CS}5cwHC-FZtyo&OkO?MIXF!argcnHdgjql8><$c)1RoBX~SqYx}fs& zdsZ1lt^oIE12N8R0SY}R$r(xR8hii!uPF&akt#u1=QmsUCP zuXP(h`eY)iKFV|;3=a)I<*{p*f~*@JRy%{m$U}L|uSu#* zws*bot81%l3|=twg`*Emf{<&jv8vqMHw_-gp>2ow$5#V~;6k+qm0DT`>1ZX$3xL4n zbCsl$n^zlsnUKW2{C{6WMW4mNz_aQwi3voI5@X<2DrB4*Ccd?UNhg1QNy>A&SnGP@ zY&v+F6EWkw6Yw-lb{LwkP6RAbO3UI!ebv3cQ0`9v)Dj*0Pk&N3sI#ru%L@u`Bc*&06S3QINmFqJkhyVg+<5hukHU!1 z5x2DowH?JDbiARI`))_36#jvp<#x=92j=_+j`3epK?`#nn09C1HaQbtaK5^ELC|?x zLLEvl8MyUX_M@cq#`MZvev79@OsImP!0d6-_rx-n0hK+HAD6a&R9$e& zb2Mz-Ckxd+hFoY9T&z*%8vL9oN1vI@6UKU>|M65M?d_l(asC(7Msrz-r|a^|c>OKI zL81(E<)-_GT734w3LA9C7m9WKbDS&kMHC_-?l9Z3FYcZ`-5e4?#U5d#$@rKKCBI|QUV<&cWB zv~)^{G?LQY-F*=0?v6t@9J=G1MQi{mPRm$-lUm7~Ee`G&;$6LHBJ# zUEIC5@$qqN)~g@Ef=eXuVuR!&8vAc=I4pT(HstP2I^nyJ-#opOZ2PkwCzdKC7r_9{V4QI@I4n%zS!_;HhdX_)b?h_(y_VTW_kP|N<#X&T?cx6X zo~9HtkEq!6=to$Z`#CgGz&Y6Wf;$lvrzJ!CLlG0z8l77EEOYqHV{LZB@g4Ry_!Ks% zsDp@1vU;4CRZG#&En!10_}42@dQ#GTb7)Tep+3LkHiqfwmFh*VuDN;5`?VJ<&bea; zlGpF%6W%2JUQ$n2&Hk0{2QJhvd@L^ce$TP8D(?>Rv3;OLf|vDT{)D3^&Z9H1!{hmI z+RK-`wP9U9t$&2bH>2JI*E}4HV$#E_g7gQZiXs9_J+$lO_Zb}ztoOe?Ma>S| z7@1ZfoU6c;Y$n)MPsh?p7^eX4aCvm2A{|ztHh+RzbN|x0oU1jnra0Yd)!BS=_UCbY z@XFog0l&Yey+$}ildaGVw@s;$5oOwCbutwqPSg2c&!Y>JN)?slG|x-?l^fo($rGW9 zr70>77f>Mr+l{R(j-L}ZY6NT?{uO1t{xy1Uoh^A0bOh)yqP!N~wG=*ddkho(R31<>vm4q;5FaJY}Vo=?<+%7^Morc^N(p64M|) z!Ujj6<*y~YNw|E#TxOj%`1$gtwqn6<|L84O z;1?FNTqyK?OsAn~5?5~y7Vu%l3MW6(ss8-h#i{4fXf{E9ap3VcnZIZ3;RXOBw0Uu* zCk1^t3W0_(1zmI?@vXm7 zmbgx_Hg{{by{Gm0x;@zN?K06BDkXPV);7`4UyEFU7|!{|;hQ)8^V8>*Y_J3yikFd_ z;g2?A_TGOHY(b6BzJw)TUT?42N{Z1Z4^{5|_@zO<9 zj;R*iI_&Tv=Xm>-Rt^M(BsCcY`UTq!)nn29{UOj2oFu462c%gSCy#dXRO!yX!erNT zpbI6FQl4~;M$>Lrj%FRFy|^~aYBA~il-!PVz9cB;pKnQmIA)W;*#xosp+!olHm_s+ zaT=*uqg%_gO6S&m_5%&3#4NF`qgous4)8g*Mk;yH;PbzF&>uP<(IcmL2*NyEx&!j< zy*~U{rl|4`&1mun`1N#+KSay%%YLQJ#r2h9h9!Cb(;-^g?#lf!R7tD9W1036z+I_x z6N~~riXHG#igkDgt0ud@N=uhdG!}iBlQC;jICjuE&}<53X}v1dUl+@tG?m=@(VwfB zRo_R#;ESH}KEx%Ybih35o|DAoAeIBY{8w4_AY+9zw>2|{d-GT$ zuf|-B*X#xBE#ThUoG~snx{e)e&4pERjN;tA2hu5NA|i3L?SOzdJab1v5j`RISBL6E zE<+h=L^p0+@ANO;Qv)|$xjVpN)QfKB)@_{JUoFW^Jw1|5bG0lJKpKS8a0TtJ z3`l%j&MKK7pYivo4;A7%>7y~4MP+LpLu84L8G*xu#jyNiR;%Bzd+1wiP5kE7E{{C? zJ^4F!_AkILflhqbr#;x80f3+kgx`k&Tie^il@`X9x=n5U=CK@W)ZS>v{JYOAbYV#2 zqoW3g@kPN2Ws2rsoKR)xpK~`D@qGSv?$J6lKHdtz3jlO|`(_^y=+>Slz$Yaq_uvn( zyWYk8(QO(}fn#@ZfPFnL`Cb6vstl(KEyKNGQ?<;#AR7ENn1+O8YMSrqMk2A{{o?u)28azy*Z$C=gb)Tv zXMJAIec#sEF7@FlDRPSGfTJD>E2lFjum&wV&_;kxspcvZJrWf~6jUow@ksaFSRXr~ z`7I;Qfl z0@b!wAcsaGFp1~$W4g~Dn*}HisF#^t{cHw)$8?Q3{T0d&cGG#Oiks!>Q9zoFR%?-f zpkhKcD>6R*Z&pPPlB8@f=rMc4y5w5VUX&K6GF2rBasZ9k`)BM)!HWEh9n2#0MPJ6W zqg9P!#ipxpy{1y7!v@X?xDO(KFwT7X`Z-MYih_O^9^6s_^Dvv?c%LWt!7LV zZgUr*I`$2JnMXjIEDH6mlrFk*cPMG)`xAhxlG_v1{2>d=GP+Fo#T`bp05)E*(E!Y* z_4@c?>Goumi*%_8zO=a72b|Y9E(^kdk|)je_P5Xd&o7rYSIJZs5ue0ru>b%@+>YDa z*SFQbqJF319Y1)xxu`qAkPxO(&cAw=`nFAc^g zZg&NolZJ%`#j}*zTt_yw39fUyG_;$XVhV5vfw8#(gl3T@^R}9AVkNjPNCj0F7AsS{ zTudBKlDI27R`mnq_lFzZH9%(=CnxwTfJKf$)TfHLo1VM^CF=FJqwKSO8MEN4(n-sH z!y@mHf4m5yP58X$hVCPinQS)mSmso-GB;I5BZ=#)WE#bT-UtrJZI^AvX09Z$Ky4@B zBqXJzJT_c_(TP8eh{RZH14K~sxYZ0kri#kLo0|LlLY*_8@-cEf4h;~MGkJ@|}4%%Oa9lUso!*tOuIbbe)rje@sM26_{E zvCAVaZHv)f{=3g(Dokh;EJm>|zXSwAhqyl!l^lUr2&^5iv&AUED{%dUf^DY)+=QaN zXkK2~xSGTgfA>LP6@CT;{%z@wW5q5o5x?u}pSUmky>>j(?4YtFXj8BNSs*R?3{3pAr zS*5b}i8DhHwhA@908>j|hwCJX_g~udl++2{W%Z~n z&uxV>tmI0|7=S49c?0&w#3}vs`tSRG;aCv>R+kTwFlH@Ck8vB*DASK^m;6voxe!Yy zZ`)8R|N1zTghv=GH-K3nz3I9i&@r6Qfn}?6ycVzKSuYfK!3NkEe~;Q~SG)h_=H{2H z*+=g_&#}9_y7&PKa%B``1Zh1(d+{O!?B;BPL67*YJ@L?#fgutqL$l$GoSeZ-9vQs5 zQB~rF22opE3=m%FTNqHcJlW>3X!ongnSyU5&|V7I^M@bA4sJ~qc*bAj+J!mvg2_jT($Cz;fb4iHU9im_az#l;>q+m};K zL;&NcA^_n*L|-?2v=i;=!E8s8*5vT`a2B}Q$E;=`JKhEx>!+F7nPzf^kF9qlktR#D zGqqqX0D`vLxxxme-eo$8Z@EF)3}E|Sli*4mDjS-Nm*p5?eM}kebp|CGr2+y9A*{IP z5m|ZKO|OusebDT{Fw7}Jt#l=fRoh%?i8-;V<>=E%9!osSnm#FMM-=jev*z&F8g(NL&dZj>bzaXQTePGX^d!xUAnoc^pKoZou z2Y8-l&F9xL6IPRz6Eih-r~shoi@He`uulYluu2_-vCv}I>1vY{5pw|C1C;plN#7?< zRmWUx4k_}y?T+zM`3Tuq`_`qj5376pXUW||Ox$<0)LBcNIcc!b)PQzZJ<;25zSd*w zAz;-(ns!K^R-F?h=(c#~qY3YVS)B4WF2)gaKPb$m26M6@0J-}Jg(5yR&DsGv#aJGh&3xI!rKTv1ju}t$JzJ8?*12d9RM8r+^c~*pr9K`0P>%nJ( z^zNxb#uG8?m`AO?0v=tzt*$=96}^g{$XA%{cvKVf_xox#+iYpmjCQzPw{+SaeSDj6 z=C=sYb&pP_VZf~bbX{_2=@yAWcSpuqff<05hi9mn=YN(OozAep#@#v^f9rNeXt0!$ z07TaO2vmDKq7J}I(jQPs+qAYh&Ax{gGhI90x*s1qExre!n(0)!T=wasM>hdaJ>RF0 zlG`vU2M2R0%{sz+i*_`CfnR-udB_<>b9??12D}U8#bKWY_?&o=@~^}w*{Mhg-)5(5 zT9TW2CkGUr%#Q&h%H0TZ$`mjD%`FO+Yk||yP`t{%^f%uwV*F|o8DNVf&aSb2Q@{ML z7QnRUY;Pv;*RR(g)bFdj8({PV19#O3$&ms`O3t|;bp9}Z-V5p8!nfJ&?tSM-nS_vB z1&^OdniP~|uIY5Z0>GGx1>?Q~&XOZLw2Hv9jXT*)8?=3bXz;xbr#EcFH!RDmR|{A8^5}l$ad?IK zCpxvF?iK;QJgtFfrQ3#byJMFZFGH*y7!!9kzJWRij;2F}FF}m8G_!UL5O?b@%_J{j zEZAcSwAp>f9}kP~X5k53ckaOO*j zzEn#QZZdvQm>kWE?KLZGy$LSGSFxK<-&ZH>=YqJF5RG3F1WO1iYdKDZ-7@a-SvY1nMhJj-K%Y`>E(&5`VC2FI?PGQzP-5=g%hArb7(W4LWUpv@ z-F}!Q@D)u%j>WZQ`y}pf^Ji-xvw3Rux7eNkuCXQO*x>+m>h*}&MR&)#zqp4Rp6WDnl$&emarkchuva=><;KSn(>D;wkW z9og~Yq0tl6x4n~6rOJ744~v3Gye=+k!(47ac<^m|JY|jGh8x`_;aM|7N0AdP$W!ku zW+ce;_CqH_C=(6~brXDC9ZF%I1mL{2@s?P`?8Law&loq~SIhP;uqQF;kTzXb#Q8l& zT4Jv9qy`23PnV?PlphGs>^wk+&qJkvtNK;Dg6!5&80Hm!iqB?nm;$JmWI>m=*bD%A zO<9yNh}pm$3$!(n+bnp)ncLBZ3U*p~&T>`{aNGZWpPzkp026QOU>qJF@3o!hx@~&3 zH=dj)o26`H0%rn%DlMdu0x8=FM@&N8MBLn?Vj&vU_`-8;dvXSrXYl=-*={=kmgDo} zAoklWzIr$h4mR(I^7Ki47w5TzzzfC+_Sp5F!L>`k9AkMUASA$O zYt9rIWj7mOIpAO*DXyQw+ipx(emY%x0~F08fz3~)MMCg`TTXVQ)9L`W-U_e=Yg-#i zPR<`|$41s?V>bPf>(R}(fsmq(3J7DKHsWBxAn5$iJV=XT(T*xdg1_@^qewbA@^r(N zT?HpH$;=>l{{`0vW0i8$pcvA}lU@pMv^~)*<=40bt$l#81h{;X%h_aK!xq3)0h!H^ z#FezVNcA!Kdu~4Hz%ij-mt~)4pIl*g(t=C8(7DNEF zNUW13=pv00MJWA4lU%|8d;`^o&+p{>bfL-R*ah$0cc11*cPWHKgckl5iUdUOyQSFn zc>5i8%kLU{D7&*&(e-QEc{&|_^H9OyH+-i)VHJ=hls9kiSvEFEEZTaV-Z zNEB)|>(%q&Ywog9CmhuS0gP5|jcC!GKk9n-N#tg>jq3|A)*Kcbsa=XU!cx*g;Bt0* zU?*7pY22#$a{_a7w)1R5#Gqe6&B45v<%_LpoJXSM$`O&mX{o&$K5tIuVJc3JyVGGv z%@&APh2h?KLyEG0x=OjA5e~pnjopWACUR#Hi~?(+2A|oOMca*9!f$>@JRwgZUn5;g z77jLQQc~h7h+MOkXR2Ahi*lXF(+8>rqv%%6!biB)!%=bZamSPUZ;=30$G#TbXqHv7 zvsp-6F<{KEzCrrU>QPV;^!f95k78oZgTS9(75^^HE6qEo8p=L=0<5!sYV z=C2P+hCTp3d7o{i87Vk4B>l*z$XTr179seBY*;yTSl{qfEjs7}!qKN?8jAIl3Oq2M zIZ14c+P=Ow9 z@3C+z&K}LOZp18C@v`C{O}5Xb(fIZ}c1Ldpllc+j+a~J*O%hEsqc8f+eCH%tm|^x& z@bOv1CuC#0uyW1)<0|Iq9gY&huj$tp{Ks*-K7OUs?~ADgZFPXcEs*EqRiY1famC z)aLarQO73{>VhfUmqn>1B`~GGlnbEq=AIh_GE<*;F@1zmK%Kv|H*DiUxXf``JJyIk z4XDc|b&OF|AMbO=-Z0Q zzkf&QdcPNz*CW|7Dl?3>$H&z@2F5w22OEHncb(l<6}HLa;%X70llAL4A*NCJ9ayNti`xU9>UIu* zhjBiqT=0_b(AJ~=kW(Y_9b%@tit|Z<_%*(5RAh?;w*!Tj6|a=RzpQ+4Nt4(9f!-{1wRnN`)#F3w=KQizb%P&DL-djAXyX$OnSA zs6HK`iZmwQ&rT9Xf2b#5yd8ecBL`@RCk|GV(hfnfbTY%s#BSFsUygXN^t%&jonmNP z*Lf;f#wKG^p8?GqIxa!)bYx57t7ixr3%G7#lV?Sg?+~G(t^D$}%40=Y5c~Tkw^XE1 z@{&V;7oBGah$;@}OXEj7A8~YBf{9h`%siP)-xrf;`aJX7 z3XjJY%N@FXtF%xd{6K93%^ zH$oU}DyVYh1vxo6nmBhyJirx}8Qh=0*e0ihB7w%T={nZ{_83l9UR#qo+Ng9o`|=#y zw!Ni=w9`{POSJ~wQwxi|xCH-$#-4KfU(#{Uv*^vAiQ7Prqm7Cy3j1>qNexAsPvBe% zyJQ0zl`_>1<4one-#nJw7Tc2&Lalx!=w!w+fIS_V9<78Ad|*BzTP!e~kjyfwVwNnP`03{RL7XaXVkcp`RW_%?UD{UH8uFtSBBNLL>JQ1p zm~27n0=VAZaj;F&4gS7(wF!fJ9xZ^Dt_HXDRlBp$?@S>Dw)*FpdBTZ8do!W zA0D3Z#KzV(-82%k?ySQt(B`f7p=c(X)Oy1YErJy7m+0i5;VD}jnFWNtjXgOZA0NFh z41g0{xwyR89Qy9DH}e`DB#ru<&yg-io?;ahWp9*(f`WL`9W(J+2YANxRx_-3OD_3tGs9%$E~>H8k+;@9!fz{DM}u zuWgr+XD1j9{{Hk>b^PX%^i-p@sP@SvDtCsew5Yn*YNpu!T>U`wu`v&r$0(`9@aTA! za(m!du6Dq1>k|WJE*{ED?7G=yav^NRyzyQb9W-lVe2;qg^=iZ&)NfwKD5#B#JWE*$ zwAM9MtfC9(?nX`)l+!n%38D&K?U?6_Vo-~*RWnzvj=%*}OwXv-3uWa9MEnl~3hT0x zZ*xK)r{`pdo*u24LW&veu1-5zCe$BN`VMWw6NoTi2!a^26nAoRI7(bex#cT>u0bz|I7GUMyFki_HsnL%U2q%@zOGJodjoO&31q@@5 zzGvEkU+;Ds1mb?{u0FoN-`+9D_~bQp;p9D-ytWy~b|YxOpkX!tcW5YF5i=LO4H;PUz5H!dguCa2_)Yc}fv4X94gb>Wt+XuarIJeoEU?lsi z_ZeuA8{96tHx!YyT%YV7@#w=heJuoCzaFo3_K~4oU7<{GvvqW~zsAOspNi~6zz4^r zIe-q`JO!oSr$?y)xRLG^$p-R>vm}>9D$QoR$Y8HJrl;{ht4*Ff@a4(OC$6?>!5wJU z!CK`F_n-LfBo270`C3~RjhEX83L_&UwGM}by4ZB(&I7w&<1UQa$EJS&(A8x>IU0!) z@VHAfcigwWoM0^WCDfm+Uz@A7BLHO5?$LB4b2EAMB~e+KBL$FI0-IG<;rORxfSBB1 zAY#Ai`W$8U_a=ZF%tUz+SdMHXp_SdGeCP!?EthS+csLI7~&ecAv zG%`|Fjly>kc6M&htVuOX4TXbV%IQ)+*`(#=sTdf7OH1D+3%W~#7SCu_i7TtW1o+*r zqCn$bOd{-n;$-6Wb)4UtAN4JhpQzZO_AxTBu+{uw2%{A5phDW**)cHra>M&E(DKA+_FUM1l;s9gf!f>E)WhVlOwxk+4InMT+kBi$33{ zsZlc%QZ04=GK*#&OwM?qEr=h^7*_I82bWOhb{^|=`@1VY^x($x4muC1{4&w?T2FTQ zn(0+_HTTqva*eHF(Gl+J*Zj_h-kpQVhcpbq5`!exhtf26p9YG)(U)q7$ z_V=;Wboqc-)2M{mLl(@vs_QrmSI|lZ^fTw7J+v1pq`<($WS6o4sx`nzw2486Yj+?>l^zwg}ijBKVoC@ zUG&ik)8@AG2E-1l{vV_(w^e61A!>Jb_r%0RYg=0vxXZI=&p=CS<4a~LDo}0Yb*dtI zbfWBM5wh(`uF#d`&kr60+2Q7<$;rvdI}dkqwKSxP$)Zp!uednc=UEtIW`%wIHr*TE zpda*v5E~m?Uw?nq`bQiDyrjhNEZHO>UtUY0BM&;pKcb*^rb?p=i^t>{7-CAoo5`}P z7J#nMZq&s%C>*>7Yg5zm#N|$XB+JMM2o4~nqY}Sv zR)C|&M#(xUlbJSTj8hiIJ_7mqmPYu#-^5`rkrm0jBT-&gJ*I;>m4I}aDKD!?C|gf zkpP1PCG_48pkCtQ;#1Sp-Omsq3(p`3Sq#mrXL#SPSUb{1Z71KFE4a|U#vnUq8Jg^z z=y^VimUy=Goi6xMH#K_+eJys5C91-+LiB0LSSFoX&wF0xeHjMUcosXVBCVd}Mx*apYdV zD&##a6Z^0B<5Ps76W3~K*v3b3h!*&TX&3fCCs&C8c=4~);6LhoYyF7=LxA_R)k|ya zE7maE;QxIXfdee}&+zq#TktewI zdwIjWpn>H^dMj#&G?_CpmvDL2tJGrIlv<2xSDBnz5+Szgh zd+vZQ`ZM_H{o)>p&{(p&yAw?QhSRk?G4FmD=--GGX^Y7oN?`@p^?<^=TZz+yG zY924{TU1{c_E$213ay}b!hJzf&nE3T8c|%o93eW2o!XUOR*Li29-R%a7q92k!0OGfzav0aX z(dq@BZT6i^ul)I_N-p-!gX0(N0cIRT;u_bK;$;7ojRc<_5jej517v_zJz+$z06i95 zf)XNDq>kyvEo|<*8K4ht^XLL|>SmxCooljBDu^8bWbwhmxd-5F&n@rIEmOe%AkcZ4 z4Uqt+%Vi;p0`-DA&kY=ew*XjM0KVN7?16YT-7CmE+g1&NkH9uZ>J*nh!%{|pQU#G+ zlx3F&CbzMP$;-n6ll^mCw7k@suOP^*=lI_i0*k*&=Q0j-Q9z6JQ{DMs=~ne9U#hzt zy9>x)57OKlZ&zyo%mIiKB*2v!0VZCReqR{K+crlsd8?!wN}VPKf#jKe_7-sb_^J#& z^)TGwaw9y*B-3Dd-Dm}WbrWBWV#|2M`+10IL^}YY*^j>E81}P%vr-CjSwm$>l|cn* z8;|s76k6j>ZuOC_D$ONZr7h!cFYl`2QLuwRS!hkr?L^N1hgz;m^;@WC(FFS`)6SQF z&W!ES3&W&7kXa{)G%mw^u%|&(8LxF$85 zNGNgUhg0Rs0*!!uMl+?FM0(JWsP7l`@!!B9cefnjbf+ zvaHK6Al-0~`UDhAC~9V7AM#X}HH$c@ykux+#V7Ds$ZdX-Qr`# zExLI%5kkds1GUCsqjt+VO&(VI#gM|~vw!{Uj zq*&)Pt??F5rX4OADq@Q|+r|=U4WLU~D^E7Jw<^Y5pIj0p0XV!*8BR22HNo3kdkfy` zI6EZkn_tgOnJF5;aki!^NWc;sjd|_I#mjjLl|DI5s4@Zx3w^rP#CE7MMxg`fiONXxzg;U;_aqJs#e^=r)I*hwzo`lKU_cc&a z_WmD{7?^L)TE*(!IDR%uXh3r=?;nA}Gb`aGxk@#!0j?dAoGge0js_VeWn8sRb2{Ks zkhrlK!~jVQQk#)#vFHNLmrin;5Gnxeto(Qjq9jyS_u&+vZ$w%I(oBul%yCyMTyss% zM6OQ|()f<4HY@-v%0(X3w0DSA*d7uBirVzrv$CI%s3VO%KS#&i2QQ0a00<=`({K287b2HiM;O`_7Qf8G!`W{=ut0x_$MH>6&NCj z<9@U$3}pI<0F0V!GhE$yd@|s47No1J__s9Ce5|EuX3)%#a(fV1?+Pjkyb)>?0)WNp zc9tD@7>dsy(EH>FCsW$1pe21@DJLH~#0==bpJ#bi(yzs=VP@@+F) z%8kuKR~WN^OIjnh@N@>y(?~4C!#wL00|c4GXpI67XKJnT^7y{_t_ z8X958Y1F`Ktb?_Hbmv(>Z?NdL2SD(~(QS3vGd{%i4teOLrpl2a+!SVou^G#pY#Ob# zR@Hy>(d`}*l2^xr2o(T2xj+mc_LIk{iU+fawBJmXlc>}J*$n2oWRH)G)(!-Ppj-3F z9ntf7YBO;UbRgCygYrmYx%c*sx=^QA!X6SEvb}_f&mSHv$DM8To15pH&J1-u^{T8K zBeZ$Q{1jh<$j{|#2kT?Pa#vf67`LYX`7G09mmHidEg(4sngOT#a$vCb>;AVN=X-5{j5i&rC$EStHqbbr^ho4A z7wVKzP(br)^Q~nNvL3fI-+<&8PG zK;iZka{UB!Vgz|7*_!KW1rLnYaSAm#QvmV*{)M@mk1c2oQ%x)hx_5Sjr4UA^72(92Z zPv*?v^_n?Aq7k!s%NKI?Vo|C3A;=x$cd-tu*17%yDF#v+z(I!+Jxf*V+=uka%F4yP z+u`zfGZz#ZlCNB2gF0r$@xWvDXGqAWiIJ)|cm(%3D?lt5oKP3;a7xE|*zo@A9Dzs$ zLe5#?Z38=7+59fR&0UAUV!(y6q}K2ttJn46;%4Fk+~IHTcf{F)6F8368uB41IIgBy z6(EI1te1H&N}>+x@n(wv@b@_2dz;$fw;s^S61dd$zWdhDiuoQNwlt;Cpk~J(OU6wg zR0V?CmZ_;I&<*7f1fdPRA(%pFgairJ~$nnT4@VZ*Q4|81%{-@*8?;TRpLr`AsnGeCHt((s9`{){MC zCN2F7VP!s`R5!QHJXhT=iSmHHwA$g4-4NVn7p61(p`e-u(3JzKI4U~fe7Wg}3y7vV z){c$4%*{IwQnH8AIwxs#xg42v79!zP1FKzk^KbC+F-UNGf9KiR(0%;9D0)4$eM>FR zR2&?~8$0tdf#uVxu&Sx2qZ|>?6ao&j@u_P%UUpGB`W^;s${+RCs{n-S;Z6gvL zBfj-q?RT{`Hps~~nXt39$pY^RQzC? zDEuk@tK}^6)b;@2lQ#s%VZn^)iUk|M>1WQ`ZVUb|dICqHYu_D&C)B7n{`fTCumsKC z^(qqPjHR{yq_e}M5a9tu>?js5Z0f`CB3Fb8v_`$TqiV(*@9btdiTwp*BNtKiSBwHA zI-5IxKW%b}7ILrN*#6xZ82B)2P7jwv9yqfb14KX2NSIpCy_rpUm8*>SDG=ch`g)9= zu+CYLvxoo7V%9aYSJ#=Q0E8yRzN?ui(lW5HNTL@s7g^Y#z|3;i=@^Za-p8@UaC@LE zxBPP@V7;m-gWRt{t>+Zf%5;c{6m=_QHS8(1UJ?P#Sdm44GWU5scvL>m0z7ZZaJuf2 zt_k1^%*uwigsU&368Nj7G_pSNm|Lx^WGBiyZPwJ%8m+hA(LU4+6PoEfJ+On|dRR^v z{`)w=(Dv^QTKDoEdwY3WRaMC1AY~EY0+8yjwBJDvAxpA&v%H5&rd&i@P`qnZC%pSI50Kl1Y8d8*kD%%nU%RI@J)A?rkk9x=Z) zNSMUp$hT~zQwSbNBhe~Sr5gp=CTqz5g{I5ol+6HpGku#O5cIW2T!G`+feSqsp+Mox z7`m+kTZu1#9(W%7XW%ZLl97`SPfmtKuWEdeK@AHn%K9;Eg$*ZO<}f7YX%18Q=HyhH zi2R>rcSBxUS^`;J;y|-lp7i*;&`heL(<8hm9xjC`>APu);VXQt+nbwW;9pn3f6XJ> zB+y^K{vH}C50YNJK`l*!=YFC4(tiX+%cRqkPj>ZOM`Ua}8-D;G$BmY{^}fmxzN9qn zNZcv3@dYR(Fp5R;s^lziqnRLS-pIM-iYfIBVO%ETB27x?uiMnhbl*~Z$&C5?H^M7$ z=K0?h^7K@#7M${z@yJ@!xiphr6mMndYAD$3@N_mF-kPrN|5d%~I-LK$A>aR@uI#sQ+zih2_9M2b;Ttyqn5yQsNGc%W<`iZ!{ z@ffCJxPpRF)f5L15K$~@z1O>;;q z6_@W>T46XZNNIisef6eu|LDl}PVXW3)1uV$^uOc*(Rzulmy~S#F=dv;&Ha+7IbYVA z7T%Lj+pl*0`Z8(njF=n}qoS4;eKQRHX$^N{E2cTOFPW;ocQDX64%)zz&tnqz?4=M0j=Mh(G!BjI)9HK(9T}l*J&uV? zrO2xU`b_bE-{3epDoRp0@8e~AoIV~~$H(}Y3|`%MJ>HeSm{y+U+#3z$eHGMS7glK4 zqfej*!@tNS_$9)KDW8GgPQ}a5&&PU-Okv8^$_&vF@ut+ozYT-;z3u%7U&9@2yzJe% zyrW|=YS)nL$vrO(FXOmd`qX?Jxrn=*mzM{Rjfsgs2Ez=!uxh@o=5^e^nH*GbXg>&2 zkLFoSpp9@Dn~k#6TyOUt*`++@noq%ab#@n$NpF86edwd&?*gM1NSeBKH=M7xx2Hg? z9sB%DmHE6uXJ}D=bI1~IQ8o-aE-$CCWm7}yuyQYgcA>Z%DfEpkDsSDRHgY%w5-3_Ls^!kALV^3rBQPLeP= z2}?0DYBXcs9LQT}a1*}z3WGKsQ^snG;De!r$(!!)uFEa1OEca3@jP&)A%r2~w*)o2 zG6S0vNn(e7l&BtNdHYHtX4TQzk|e zf$>Z-HT2v$2%r1u^4qwoymBR;%7I^gLeWdi%`_2Rq;76xox70u7_;k3iOMBMBJJ|B zprAmj>~nkITPeiM%vMNq1 z&~B@VYG8CU$#Dq=wwuW*GcY&7lnRSk&VTEJpH^5X+oE3z8IkBG_84u*48u#b$8Kc~ zJsx&Vh+g1mVr?-9GwEm*D3_HV9JwG+h+a>Yh^Gz`&*;@C{P>y*u~`-inhyS=wn$PO z`K!!NOf5~WaDVS*ZuZVlwQ1~6SO|Ri=2Bsn(%!Pg(gUBP4DGqJaWI8alGEm~3LvdQ z{6$FrBIYB1KdnixQLOsz&5gUv54|g>qNqEJbn-5hL%wTF#>O?1rCjoq+f{&g(BFKr z_}?yFWS=P1%m6wwN6I~`vjZ6zF0UM{M!~4$0pr{_=j_OktN%v-;)n!wL0;bF;LVMj z(7%;?Nl!y_FgZ5XXJuWC?XH)5=??3=g9(~wPShmS1?83%@^omhS=+`qvITIOoDL-M zi5eOj{@aI%fBE2z8G(V%HAV;+@jSM!MP8n|KhbeLq&90YgO3$9N@VM538$UX-$|lB z_gn8v5rUCEN375nP>a?6?^3CTav^0aGx*IkC>*W0v6P^o$#|`BaIjFXS@-%JPK`LX zsmb#VjtG@Cae!E|(EROJuoP_9&=fc2GkyY+lR0; zN3K?zTx7vfIfl-gZnp0vC@49X_m#R`(pd_cPy=o2*Kv&%7-+f|4&0RFS*1K_-@Lfn zKb_PIgD*5Cyh98m#pkfA_~{d9dG>_m*aG~ ziKOb`b3+?V7}axRpOz=tvT@}mquFw%G40FTU@YEbC;sB={RU?A7brQB&#RsOt=Zi9 zsnm8}WJ8l(NQukDsta{xd^2s1>t}vJ-4W)@DMbU#nBUF`j5t9}rB*PgUJ0aXd--ss zlkFBxPD&=j9|-CbA_Qr|J!fQ=LNz1%Op_dXD8%<9}ygulq9x4ibL2J|#L>}+Cdl6`$^GUAM$xcAn0MiIWy zPMYK?QpsG9n-9(+>DlxzFVrnM4>oFI40_-2dOJ~Z8%m_6`G~ohpOl>3M|g%qMkmsh zW_mP^W+u%NB-AG8us(YTenJ%j$)Bz;<}2O_jmEMVUy6k?j|s!Lc(Ux;OFVhc4}a`e zkR5;}ZWWIV{FH`C~Bw~;L18iBazPwY1@7i@bO zi+AdUVpXRj+^50*p*nFFU0SRkoj2}z2d~c4bPl7S^t@s;C@d3q(d?(m$k4poSq@HIJ<_nY!X_tzu>k2S?xy|bz+uP3x>|hN~1Tf=x`Qc$I z{?48_Aycr@OsR;|Y6{T^;}hJr*0r@Yg8kZ+SCenj!CQIF>^&={l8aZ>(A2!dowPTu z>JYR59|rRZ8X=ue`@GK8f9-b434^IL*tspj;n#NDrNGkpwG}NL-ArU` zEH2e6FvCiTFu^O6+T2`|1Q?uT5`t<%{NGSZ)?Jekx3WYLuEHaPQg%4l#%P=|9-lH( zv@j^gCsa1huO$Rd$5i0wyVDhepfY*gKEj;Ngg76se*mNwWQ}`(BLY%1XgqrE2g!ra zs;c~Oy?21WgEzUq+TS$@#as};fd&N-!Mnd?VQgl(OwW&15W+D-I)ENQuB3n`FTI*gbAZ=G6 z<<1ghB6JkhESO;;Zo!%SjTBEoLA&+7?LicnPf?R6n!DcSi!=A}V2{#FW1(x2-aQ)~ z$IVA*{EEx~1ngjMl zJc~ic(qmK{v7ZRLYSE3U!2kNtrODHga6=;EEHQ5b7*~;vRCrKD@n8G-_uwsftnY8n z{Xdtz2>=f)CIZj19?aeQ^71k|bmc`v<-M$6O8=>Qn%&fSyXL89=!$l|?OIQBDDV_t zB0r=6XU@y+uMOe6b?eK0^O7cYoTtbrQdie;9`fMmjfr1Dx#@2_nmtc|5j&Xq`IfcZ;@&%W0TC?$keO(uF^1^+!Y7 zovVvf1+O{8pjBh3rmh}yJqx=#6PUDT4iY1i88|gB|A3fZ5cBTIrJIk#?$qJVYjSa9 zV%OcWQW%^X;2ucq(iRp)#4ej@LtVefZ}}Ye8*8eo9ZEAfhl?sG+1q^6ZaBEk8N=N*rL?Jt~X`<$Zh9Wm!I77dq4;GAhz7(F&KGZQQ>Dr(YG zR?_n5f6Ze2PE1tC!< z#ciEHqr(q9q<#)=a&mHN!dH3%mUG;4@$9sh<-JVgV5PiD(#p$O1+I51?17f68i*LU zF5IA+5j``bgMSWCQ?st9sHqi>ocPaAwnnL)m)inNxfYx<+*=;wh6ATdm``0(GY{d9 zSAU&mJwI4#mFFhZ#d_uM$-D*MI|R9Jk5knfzs-a-eA_zem87s0H8RS^6Y_AI*&NQ; zd+-RwI)VYbebsHGhQ)OG2hi6ftm)>cci{V@CsEsV zGYdvXMl35C%nL1M=fy+tv75K^3zYp|;H7)qUa`CYr@Zp}C&$TR9hZ$H$4Z-(4q@P# zd1q#neca`kwAYYv(Nf;sIXXVt!u&IRpd)o3@#~k396vD$PFN?~)j6C5pW9l$Co5Jr z{@YDsf5Zh2@ zXJzH7Xn|(6nNN_A6cxbk4Q6?c;`1E&Aul*K7ei^HOQQa-KA;hD>l5)iz5Afd zPD#0znu%s^W_Cws8kC7fL9|W7!*cV`M5bPEX>4Tx04R}tkvT{MQ4~ebOcWOs1yhKKOrch>Q4z}+g&;%-Q6W(aXUPVcNtj8n zNh#O{EL<9+7B<$}TG$GL-~wW8VWnszVdN))1TntmAMStm@!$O*movKQwE4lb@^&N` zP@=IlrQ?+@+UUo}h^jlexo|i{%lf)U66f87nAN)P&+0Yejt-In`1PEf2Wbvr5Yfe13o(%TLbA)=vs~61ShL3i43MKW zHUt+1o0)=Mf2Y{6CvL4S3mq6H$RbOGQP3!mCPSVH(pV@sLxQQ7!Q~DNKIK$ftx6t1P9)&{40>ZQa0}h*wcP6WoIb!x5kfa`a0uf`=-X(q zcV}~M|Mt}L`vIQra=2B*j0^w(00v@9M??Ss00000`9r&Z00009a7bBm000fw000fw z0YWI7cmMzZ2XskIMF;2!1Q0JGZ|fY8000FmNkl9(xUlTrd-@|*mlaaeY5Jq{&z*Z-pWprce&?P8{FlX;5T!9DL}?x*2i=R4 zB{3{oW-KP)H2`4HPC>+GO+n51hX%AJ28G&LnMjal12hJJ1wek6`DFka5Ka;(PlR2s zE^4T~XCMRAGAnF^D03_`jResIfCqKCl!1`jp|a)&?lranKx0aPk4pAQBfB)0fY`2F z)nJs8fC`CF;a6y=>=oD=A3g`fxm_wFz-7!hOe7xg)nBQ04VcDjwQ6{V3*caeKnZ(J zdCe%Uit=r>js<8GzySaNrn$bwHQU{R3IKq>0bqb357g@G{&07S=dEfbto(LAVZEYrPJZ}thpnW{U5d(;!0I7Rgso%Gy10yoF?dZR5&vaLP;I$St05taVRWKYe z4z!Pt=Z#_AfsAVaASpaT36kn=H%)W$LSWzgpH|5Vh1r}mrp(nAS=|r-0IhzSCZ|pW zDZ2p~!Z`pC1bL_u;@{S$(qK~iZ!TOZ$SfM?&0O6c7182qA8_${BmkUyBE;a-$#76N zphkb?A^m_6zx!m zmh!QKuHU{Ww{r?zwZR1J2XTC4!%fL))E1RL*{9^xM>!U)^Ee7MsHVMr*98pKpaM3hdN(K(@JE8h{!30Q@sEcRlaaHD)9q=?n?@!Sj6W zD+AKkuTwUdrnCc+d9Epz^VUcG+FFlfXAz z{RGz+AARj^0uF^=YJ4ZIq$<)C+LSu+f~5A8dV<9jRYk^}F}z{+_pZ!c5_h8eztgj! zS0Dk*qBNTr*HU&KUpBPL(D!aN8B=*#_hR1h<((=;Q_hOS4X!o@w-sQau~#4f_!iWg zWTs?gr=!o?YxP+%m6vtB!G@P#@?W%WU$)92_4y`kTvknFe~Vl4Y7qFI`e93aXso1E zd=DZz{M@khU!_m@+0~w$cVfsh1r?bBL#0n0wWjc;r@A#`888;nyJh#)@qb?sJzU#l z(|gz)LG_`!Lpv5u&I5q-&yKtrRM!+|^HMhC&6$*SY}yd_=4&&{`b@>yv W#RfQFfv5xk00009pB zy`8S1hoOeLl%=zy0L;qS!dd|C=z=MN1%*q2Lq}^57&F|_!O2|;F2nlA9a7*Jb6Sv< z`Hx#X>}6ODHSRJiIJ;RhO9%)F2(ii%Ff%hl-K-u;-BVQlt2p>ehSk=?!$nF^(A(Qv zz*|(n+08~!_{NPJfF!Yb-|MS%E%KdrwT|2n7gOQ@0BNzkF5ZN0dVt*C-@0I_S z)N{9XQ*d?!1wCYc58_{i|9SDh1^;-k;qO;ozaje1SN`M5KT2X6ET!dU2i^w5^f;z% z|Kr?W_d^9S!|{*d`E%_5I12_}mH;aFYa+=KxX;^aVqx9HQdPXA3%{_DekqN;eJpZ) zwybpuF)&Mp*N1>inquR~V~61olHrl5JPW(I5jso8S6hD>e{-`B;l&Ucfc~zn;ON}{ zbYpsIV;X%H_+iS_RL^u*7wL4q98mairiPO66%IS|1$>p8*jJuC{^M{*729&B%WRDM zpC>Wbqj0VUOym81+g~M)gf1wVGeJ!1Isf$#m79ahGXH+A${SLOyF0sx&sFySc?Njw z#s8f8KRxzMkO7`7ks-C~e_o@~2%t8dRV6e2*UUjtGyJJ(p6KnofZg2_J`l&I}wz zoP4L)BNf$@(ie9e9hr%^ZN@|wzntQ>A>^8CQektMl#q$^RH|3EOHMD>WDpXBjzJwJ z&sNIwfy}QgcMp( z*Qx^@Eg8!F>rp>LZ*X7w~%Z z;@tB4^%>$*-qg)$za)}HW0`}Wi=nNBOo6o3Mh-8^ERx*GfmUc(uB~mu4QC5C)9vESScr6u5ib4f`cIQ zg9m*XfekoZY$>PL&?(~NGlHS4! zTSwz(Y17dfEZy@5e*NZ0dqex;s+MTp5}Lr>Li2Vhi3x`fsA)fBxLsblM4D>{t;Xz+XPL55%Zvc$dh7*G`DW<=OZ2T z&Xf7qPyILRmRlB+%^@AMdGobH=c=5k?A11jditxnREU}u0^Tt5v+d+91|PC#l|j+m zP0fO(jeFxRU?q!2+x;uPSd(jI!C0WV^`7Ly&n&SXlS z`lXnV2V3Y#6Me=JAAzhu4Ja8N139{GM*CT6S$AGnakd6g9N!!rvQ}Et#PqNbzUM{? znQr}nJiX>nzOtW@X?QE0$#Ne_&B-)Sj;xa`*W4lxq>{)KKP`ST7ixa-Iflyr!A6y&71mb&_3yZ-eIdaI&MX&VdwE z#@>XRmATw=;PA;`Ffih{=an5wlrLH1bitr48HNWeYFVBHF3Vq3?oDcSp+Q z&JQ}}=3H~+wm+gpqWZKQ6Evml4!X1g?=@1dRV|m)ZxX;mCzN0SluiO@HS3RCHM5aZTFoR{jWR{7M@^*X(8Utc*46W4 zA)@>+?xzO$o+h4~Tdl!`TD0pE$Zs{R>4N@{q}KsA;j>j)Fc+n$I3se-bv_~3Xiyb* zi(8NnH-W4OTZ@y=-UpXK%^APhj*>9PK9TlOM7VckcqGqaf+=ctpVc`uoU; z+EHxOeXDn_t*-Q1_lbx7H{t|ankY+55`+}mreOA3lz2f(8zQna@*nlia7~4;o0yaT zfJ>5p8`2WdKRA9j6tT*=>A|a1$~c|yu$6u5h*`{Sa33u9NCWc#ae~*A345FM$cRu< z+3OJj-)d5AGHx)qePJ1XCfDt97AHA9>tSe@n>Z(N`Y9(W4|%wpNy?Q0w@{Z|d!IA6 zn;CetiprBa&F8_H4mv-*MntAmcQ<D0hd(D0`TREI ziQOToJV(FW`AON~((6tu#Zjg+ROHP}ye!2}j$mGGG2Dl$Nlv;bz<*Yav=~~(QF@Kr z<&{nQu7}4-j9>FV+3LK2=n{t9>E_Dm?}Yd{)UFj2N=3;+gJ`maXjw|RiC+E$+Zdfw z!&b)^wkJ(DmeWKdLhhMAS18DHcs*hYjURvnoordkLHtpl;peOkq)^nSlwEYcT>Lyi z4lraQ5zk3zMc8A7J5bG%C@x(pHYm080uRXbfL-K+su*G%M4&S4I%iQ+bV9C!>~LJ1bvMQsK&a z`BE){Y_`>;L|1b9HLw=4LRxXpzFCF6d=W8HXdBf7tbHTT!8RICLQ!=Pg#)H(o-nQU zofWPCMF*k0=L7xgCG`RsT*&;q3_4EWQe2Bj-H*zP+haE7zI~1JIISnnJuHRQ0`_8~ zPZ}8;LM5!<^KBO`E7*W)3GUzOWMXo=U{?6_VZVL#4_u2|fE7+E5&XXrkS-x8d7_;f@U2W=`y^n`VHKT%?c zi|Sk5(z2-1=lTvgvnK&EMQ)pI{O@=R1$@`(7MuGyT9tVAKMf}Oyv)=O<7N$CkGcx{rI?d>9IFqA)lKEEpC1^-IF;iOVEB?4vP<~y0WhE!RWOKgVVvuI3dMaRl zYLM{b@n(Ip8G&{z-bb+OwLU5=rn+Zqv$>eV%o=kf)FxsP*?x~Kp-xz!k{n5$l@m95 zkrYaHun-|B{I#o9x-;$O^#L>4c$q!JtM9_5=k(MqZ`IcY4r*RUgcT%H3-<&(CVSg# zI>oETU!_}KaBc748m4JphoB6efr+b9!!lXQZ%5YF8#`Tb#%kuP8e43cEj$5_ zzimj-7RDcwQHku%G$Qx4nL@*qQi%FB8U>pqO*Wp1SX(RgR<>}ky4$uB?gq9K{)l36 zNs;V?Lc_jMn-e>WR#aYJekSVExG?svBC5xKD2_tLe$|&yQ%;j8(kiznls7BZa$k^I zj5}z&Vs3eIC^nsBK1ol*eZt}S6Q12&!k(|f%+XDPyi-<`-`b?`@3$co6NQYZ+`8f_ z@ML4l?kh5#wj^}cKIk!6iy*8%f>MN`c`ObR_nVg)wXEb`A^I&OB=vB3LV^+!%wx<6 zdL@6>!ZP)mNH6piJgtWpkp;mk&JO#7F1KNm_TeR!=+Bz?EGAm2u((g-?av3NyL6tP zEXxh6K@S%aw4br}6LO_UM!=cd;>lES)UNoab%q+G-M{Ud>R5}2aJ@hUeLAErszD^U z7~I@j%gK^ttvs>yoyFIlcI4B<%cY^`@t4fq`WdFHthjL!$~u*av_n%Gj@AluRul$W z-qn60fC!JrusD%-0jE3Qs>Puv3eFNmw$n@L(3Y~C61j1YlX{@Y_7&Bu&-SW*M(;U_ zPg2_i7gKOkN~7=4@m4JH`c$Y8XU8AEoo>9xd9;1Ww3f=8!1fp1d?R^fh5ZOVg>8ZT zHDdYESa({zRrB@puh*E#C?z*!-S2Exp1!%VmRhuJLdzu3Sy06I!Ymx6q%_L$n)SY} zRZ(;b1D&^j7F@61btOw!bKjM5@*z?HNfcKa>( z>gY9ul(tF9-A)yMfHr8e97~hMaS?$Ajk1sNvb?yVUUE*xCbzNn;U*2=8jP}gFUk-Nlq<6@_oK=K;C2F2uGeE}oAi9p7i3yc|L@6! z@h{`~=fY(ZX)Tfm?jGs%q~s~rlM8f>F2CxEhP~!)e9j-hsr&qyW^FmgLc&1*Bwoy< zO=iIM+gHcEOku=m2!4LC%?_@X13zyy$6_dPL{xv=N!>MN_NAn?d9(N4r3;JS0=?mR zQj>T7rW-J>Ygb&mJP&+ZNFL9;v_a&;1(gG#h?}ahDRn^uw%3!#UHDnfe zi1)X$qq5ylLN;!A)G6kDa?WY^X(gLt3P4_ z%$>_iD&}F7f@~I&=T~JstrtdjrJnlergu6b9=#VD3hgi5OM z{vDoq{of3a5_bA`tm$`-JR!^9y9v^v8>N0Ng|5>ES9DiChmM>~(`#Q2hZ5?`(=(M6 z6?7FOBpc{|@&DP1hSm3H;A<`=N02+Nb<&fe(-Yi zLDp0B;oK9>pp)#1DB_rIG1kfVuPC()@*9Q(C86$z(&yXmhi46xf-Hoe)3jlMLGA8) zE%oLL5 zF)UU6`W@`Fkh$!wfw)gMqY%~>933U{3^9vF@bDYPG$FaRX*Rjtz^X`|Yi^qzpoqrlLVGPU4 z=Wk$oM#)!q8Qn&f*N{-=Fm23};JnJ~j!H?0y54SYCQlaNbdi93KQCW93_mnV0e4ILd7`MZh_yaZu(XTx{!iZqTnk(|EklMNDClj1Q z9h`HGiU-ee5s|YBCe9xY*oS={`q zEoVrl0k>@{cVrjG{0fg?DR40>wU>9E5*Pl;a5hv)oy-`X3IBOTwojZ2T66O&4uSEO$;Jxr z`OjQU*;y6oIjjR8?X6GnWdfS!;;ht{-oqKubrFZVs0Q{6$$9Zn0s013gURe9F(b@7 zq}reIXmd36qZKPpk4BoE-d{uH;xUAg$=8sRKR4)2yG_MTYqYU#Uvn&r9I||BCcFP! z0{w`rFC9R~tzFXIPKBamqej2nqFB3s7)gqitJ6jsy;l=mdKZ^$H*ei24Q-df+jSU5 zu@6QJeul%OGkqoO7jt(^X{Y-#Dn!oUG}Ia8fzr3%+2$|Xy?Ruz)L6~eb3Su^CfP^c zMmX|b7+EUK62#}5lSuJNXJXjz61Nhbt${w$Y_*_h`4=O7)0zFQ!Om`n=5CclzZ@gs zY^;INv)rbEHTwXj#8cQNJt9OJ+29^&a3Qu^!sn+Ob{LkVv|woir_S$jnPIyt+3*4B zIR;Vv+v@zesAvN4c7Ce5<@8@4*ZB|EoeQY$TtoGje=_2Klj8%Dc-M}OIG zB!WP%LytE;Y`I}QNhmb0!&1QJjEOrKe~{6FZYdtjhLZllBvAog z^HCGExxX+Vhv>^ol&DR`GD(U7iX|A_pLFlnYoA)q41(yJ z`7Dm|LB1rc_yO?RBDG$WASs!lM*4WQt&=GT`c0838}V_yWSzM|M;b$_*bOm;TWdQHAwgTO+Vfgp!T^yghz~6avAhg!Cpcj z1`iP@o+5+J>BGfR$%mtwa3SzF#s+MO%q#k)p2I@zS9LtTJS{^IMq2IImDDZWiOjv< zWTLXaFlre;^>Sr?Up&svZc+RSsNTtQfg_0TN*3H4Etxf?$Yfsez+d}&LN@8G%nqBm zCtM|ghq{)A>Pf$rsf^~EER<%0LL8k%P7Qr_qVvh^a25$nq(UA%o9KNgK3Zd%EXDKKj^_MCL>WMnKc z;LThONWcn`tE)Mj^hbXU_>i!7=Wlkpn)B}3DsMGSJo${SOef4_)hVMxPbZw}`Dba>T6U7| zJK@6}-@SJFs9U*I9dv#++@uraT*Gv_avK2{*Z8SVI#J7|83x48IwG6lSNC3j8=X6R z4U8N5?c>hNg1pUy@X7>XrwPXzQ>l&0#Xvwq6iWHLl(yao#%YKTJCm?zKNG+APHu{_W|ofw|0Vaf@^WYF?psj`Ov{3mg6^bN8>}YD0eZtOz%}8upfy9z(62 z#jIouX<|1*yN_XcbC*>bc7NP&9nz9x>__K*Arx%5OZV_K&#ZT-pyDG_!Nv8>q~n}I zFYlVOCX>Ltbg#9ZsSnP7o9x&QoV5t=ch1dd+(qMtO+dM>7xM zSFVT{ATOldy+OqXdmSUANNQG1X<$-5#7gU9gG!t995Hoed1`{1<>xrW3IXaKRsIi$AP({dZ7dsL12)+db2Rp0Kd<8$7b$GEXH{HL zw^7kEM^L`%9d&d-|KjXjujGtBo1^Rd@6 zTQXWqhyB16yGG>x`F0`$nk)dAp4(f`Oy7O%nWMo3FK-IvuD?qNOW7Vs?vGbn9^L*a zM;hu+mPUg}WLO52M$$G5`;e?->j(WFLnG0}Vh-8uibJSMt@zO+Jjgo$kB`fKR!?+j zv5jOm=R2155No@AzC^9af}e8&OLT9Tdt7I?>WP!@U~#(<>Oyg(GUem5SGNb?2fdL_ zlHjF#_wSiH=ops=_+lIaOPbH?9sJBA5Ar_CqeR3E3>`WT>Uu?w%p54J|BSgx! zu1DOCvy6>Yf-2i>>Z%u=e3E`CH##5uh5=cu;PP&}YW&q&R}J4I?VS_mPb%}RtlV&~ z7sJN6FT)kTDL^d30*62BG+p0DbgBF-HF%1SB@W3+TCsim^d)Y;;%0g~Z%c|$Grtdn zmZCwgD_Xb~N{31}rn z2iUA!0zc*lgvnV*(gx&P7m?h_d_mqlQPP1VYF?%>YYx7MtBf=Z)N0c85oDedl5Bd@ z6*O~Tnrinhbq=Yq{f_m0ZP1$0E9$g!v-tou$61I4W$%euuI6T;$GNMz&*tYH?_e>a zttiQ+(MW`i{kcPu#>Zxz^ZZoVx5xDd1@Yqsd$GU!5)%9ok**s*t2&(yDDR;3>9NjM z9pAePw+Kn^2w=x(v{Aeyy7h@5weEU$iJCy&+aoenJg!1R&iQ~xU1a*e)Y##|K3}}C z7?TmA`_4hycHm8lx*WcCD|}!QJ|8zPD+f1R2>)rw@2nx9Odl{p{Zk_;CiJC*NHv^3 z!BBqVO30Un&sJq19zu9=8Xq!A{?iA~q`Nce*(|Zd=o_A^s;$y5p|83oB3ACSthZ5U zvEL`EpRkDGp9>U~dmlNVF&=U4Q_pL{TWj44()3%(BOhfwKe%WLJm_w*LT~fE0a4}? zuB2PvXTP#uteFi3@(WxqGo4;nVLX4@!>hR7N_rP=3QOz5RFGmB9G_E_+NjC%? zBIyv-t0o_@LSoA%l;dVD%D*3?)_mEjc6-!rdzR(on;$K?Ro#BPp9|odkar=1Vv}`p zD;M{z8r$=ue>z5d#Srr`XeBbO0apk@O&%&13DDlWweAB8MCFj?I_lQW$-4P@bPEeo8d7{RZoTWKwN!d< zcAxnxIe*X0Bf5~w+D6EP8TWR3mIv;iJAFDt&t<;0z8*qy9;P6TuKK@aV?}Sj9TwTl z`YJI|6#9To(5#+P-!RKKR*?H!vWEZjmx|XNm57!?p3B2e$li95J^$)^{K`6^Wbrov z7kdYr_=zmUaEO->KFVJbal6)_;sha^yEsv4c+u{APpC<%s{kod4V%}IyS3)9s)Y_; zLlL@HxrmhLk$Gx@oAn$5_4&k4kZJ6Ai|^B(jA}?+hIFwPIaWf&U!dn)^$qEDFc-C# zOxwawn(Pm3on`foH6gCzrSClbC*3D!z2}fb)6x|ELei?yt37^vzsM}*OTiH>(sndi zZg#otC+PuEWjh1OF(Jn3T?(}80qFP@wVu;F=bfRXBX?~>FB$p#?GtOCR~qwKN#X2e zlkRP<#8R$7HxO`&@!V|_o|dLU zWs&Z11$mpD$?ugc&E$Fw{4j30@VPCS*`#!={Q=6s++$E_O9Vb)`0RbsGZja>hdoFf z$e4ayAllF5;o$+tR!{OJJ0`PLwcv_v|IZ4H+(AZ=Z_#E;7P6b=>{1D}TAd4wKt)xq z5@{JY^KFJNFp{3J_2HOD?R(t6O{dC(t5<9dcgPFA@Y2H{sL98A<=t@FpkBWFT)*-J zQ8ay0<)0O*E8z3?y`&FQ%!o=S8>{Y%NaK>8i_);@)m^Np*sI$e>%?m^@OKgwi!2ht zKY2C;1QYfI8+X3d7I1ckEo`0DJ}kawM$d2lG?Qc#cSX=20G@{_GIJAgd^9hT~ zx3qkAeK_+YE0X(X^6TsicLb;tws9-iIk$0}D!a{#x9e^eCFUi1Oy?vM!GaO0cOXPd zaB<7J+V=U8*qV4Bjab}F{Z=FN`j8V;B+fq?-Slb|9o1d`37b&2P;*X@^e20p7-@Uq zL&y_pzS$QoymdBkVrA#5lWEocAcFveY_W~%m*MW@W*)XvnJ<@YjGw*NKRiLoH?cYw zpS=5B?P<+7FfArVYgwYg8CX;kyTtXSi9<1)n0aI6Cb4tQfC)2RXJ6Z8|Lt)Whi?j| z<3D&ZOLW%#3s)Ns(hvQ2GVM`iuS?ZOha28i*l!z$T}}GpLzO$rv9wDhTQ|Z^owM7$ zw2Z&3P&q^j$++Fddi`)$c|q1p>;Q3yX!RfRR~q&uB#!%1z37P!+2Sp!W#weqMoTOm zjt4N6dVlnu{Yrg9HHvbg?-)r(9sswl-ws^L77CAI%N{~vmoBaF>_`WZnzLm!wFkm~ zFE3yE;0T!jk67F__6<1dj+sE;u%9H8PZ`*82g)kQZf$Ql2A&y*?YKzpe%EoAq9ctw ztU2RO=QsQ0n=RBo(<@6_XLo@v>qt=4)0!cm8*qm- z+PHtXZW#Tu8Tjcjs=1wbyT%OJ5e!q8=R5d8}i)R}c z!g+Niz$A@hEFri3Hr}a&hcHeH@`a0{(3U*PUzWr(ArNdo294P8%x|r}<$xw;3v$9s zuGoQUdGDh~455J67?$V-9xA_{#up}wD>-rv(2qY_c^guCk_ngEsqPm6_f)X=7VH0K2qib z9#yEj<^Ea>l5?vYPu2~8ix$4%i&0Li-ZJZYmZYjhnTuQMVd5O~cs_ichIKAhv=1-r z`kajAQ)bdQJ5QNyvbDr8)=s?UosT&3irn#7Sx_^PaRcWjrd^NDl%AJV9;)(}T&2!W z&^5aJAz^`>NN&&VO{iJSr#WFbJN&`hphE_6fe0I3YR6)+$NR}FB8aCdb4qg{q))2W zAn0>l0OooKEzmDXP0kWH>a6m?hdR_LpP5xbgA9%~_uZ-PiisfOYg)?HH|0*(3+@NB%cm2= zP3NciT<48_=A^AiHo{ueaWLYBb!Ibf*h{wSKApA#A2DQ&M;-acaCecG&xhHB{ZMxc zyUgF3V`Z`6cS=m8cU3pub}W*ba~Bu#w?sXwzY6)%I)~BB%C);eKP{Vy_p#x?YZqC_ z=5L{Z?BQu9#(fnVxu&(=6#!)j^WrS5dGw&$z`n=iCR7_l5$^9It~&E%8Y3xMbq2qj zG#iif4yD?70kxGfqPzB;FJ5St4oz=Czx*DKpzedq)po)c7O3E(Hv%8=9x07p)bEj3> z=jP{c)rLYr;tIvy=tXOHLDPa5=dr`LdN*`@$LI2CfjZ`3D?TXgg_MKO3@z!FwWqsd zn*~48z$jJM$6)zhMy0jtc|+#c=owwDCJuEB6%)tn>b0nvla69>&JhgmFV(3g{Q%f5 zDOsZB(>p$@t$wZI=xTAl(~6Jy&c#(&Djx$yC$bH#5|x{ZR=T%kJrhe)-Qy;;?2F2k zYdXq|&hk$WuP+?0`WsBliIbNAj!|i+AaS@Ic?dMkV|V3zo&?D5OFH8QQC~M-%AKcs z?NFh*Q%yZ_o3S#+?*VW`o!5H8D$W)hc{Zs_zY3RP*)5n|`?2^B+=P#P$}oaU)m=agn4~ot7cE1X?^J9RAg*uK6?4?mK$eVRjT()UB}0>U={YpG{Yyu9#z? z+ON1D;0-OvvbWVe_jSt%E7jnxcoXq@XS26vZsOcu z_zC%7M}?FTihV4~*M_n1%637lHVj&Z9%LWjy8!j9YVeHv5gzFPxWGqZetG`zvuKt# z=_09r$DAJHC||_RMWpB4YObGBT3USTV+d~^cWpAPk+!?^%kjWi=$oZn15_DJ)ACyw z@g6V1+^sJLU$om_H@!(F8yFf&oAlosDgR=h{)q0}6l8g`vd(eQTJ%@o z=+8G-%HJFuArSBRI|lSu*RODZ2vMWe8;5s)FTlSVp$|et##s+(e+~Pe1scO1XO|`u zz5M#SC;lifKme-A`<;*NUjv{5nhR1TUIbU9{-;^SpqlpKudM&mKRZ`ItIS01O8h3( z{%jU6sAloq55KYS9|G=RGfb=g_q~~2O8F@1`M<|zKn=9Yx9jGZ`hS{L460f6|8VCA zpIL`z1niBWe%8!H03D=Etgy0;=>aAT0c(v22P{QIc_*a4DEgxvCR<`xs&FTRXmy-p1z?WY`~jB+OEP+> zs_NR4BJ3sFE2Kb!$<%OXXxJOKXI$$ORhOLdfQ8_5eo3Gk&-;mNJ`c>R7SpX|9|8#{ zG=Oui5ZY>^NKO-1{nxCwO}g0}efOZ+&=#Z&JW)MHHU}BP!YQTFl;1c43Rw6j)A_;e ztHO*TV(>Dc0gcE~h>XzDyuop@X3$I!m5s?yNIC<23X>C%an@qQ>yn1^Cw@zaC( zc<*bHKp+;`e6lEb0p>I9vm6eD?A&+vF_|Pl)LQQ{3X81b6B-J4YC2qU0U?+OFc4fE zdNp~Ofxa6v7+v%qF(@f%5TEgegZ^p-IFt^faK46xCcE{g|0;TbNLz{HZZcWcrFTjCD zxcA-QG6Bwu>5~19{B8(yeXuE68^!tCI2C!NmRC0i@hMJhb z$CYfLt`8v;P|5Ris9$~e`ZA7M1twe}dw{G*HgV@?{RI3cqZeo{s*5W#OlE&ll&|?@ zyL{5rdy4X@^k!{Yk3c=n(aQ;t=Rv1*#jJXhu7$YVnDgj|ncvTAM@lisLiyZXkfHY>2wknl+8Hcl`n3Q0d@RYnUAgmb6pfi!9vlNcEz{oYWEyx0VExv1U)ByaydSVT zTxhq!3`c#O^&Ag8{yFb27j^~RQw9=xcnPvW+KB+c^`*Du`l+$F-fcAKfqU1v(cj<) z%eR;=yomJ)#AKZrf*A9?d!EM&30jxsS=>J-YrbGYj_nL-WxklBA`eM^-VgRG3Yl;` zqOhemw?ea*fo49|3rx5;O!yWblQMHv5$^|>v211(ESE)(J~7l~7lW)PZ9GJsn%82Y zL5D=^yCjw99LE+8qP&}$?A9}8 z3o86lk3Z(mk9}Y2$uAH8G z=275bkGa?N_`6@17fylaUPPdN)Nufd`i#jQi|BT17<>4-y)LwFB-!JrU*_?a64pKz zqyY?8U60?Tc#A=l7$jh4P&hT9A%brYn+Zp7zYQd?nDH(Bc9<~^0g5sBRdzf&Ojo3o zB%TrB6DH;ag!qiJGN(I3Ti0b4+#lmcmB}?IstOf>aOtpHFK=tYNEC|$SwI-c+|SP+ zB1TGr&igcMwBy;IMSD_sJ;`&5=6-iAqX5F@B1Gk>8ll3 z-o4$fRQUJQpko^_x?#NtpY3q(NRy)Hnh8)+-`VXK-V|f zkSq4Pl$80hOPeeMsHby-AcE-dB~nPHSVXdfTp^Z?4!>0+tK2lv(!@>Mp!fBX5!KMp zb*gqR*GcYVKmHra46LyfGZv{HrO#??BOIxo{Da$JXAWM%`<^zGTmWmj>iz?-ztzvc zKZuU7;KAXfz)}bKT2%72^kyIfxtHi#PO-Eo{)lfp7&pFM3YD~V6e6Mqc^h|sl`X1-)HR|@C!pN_71rtlEY~?9;BF= ze{R%4nsu$)S}`T{&a;~&p-g{EN-)0kiu#*}a2oqx!P&qN-{2^hY5bFkHyQK9ejH98c!}vPh?!4 zK04{>rW8wB@A5nvL~x)Ftx1?NbuT_yf=kM>I6O3YQc-M8D znCWcQJWAD&sm52XXfpY>aJ!dMeg5V0ydGXYlaJK#s_~8;YWDNiFiis_)MGO~`$3qI zZzpTW)lEC`A>aKwTjSQ9`RP#yqWw_Oz$c#yvXulqjEsi<2_}R-Vq}aG0TVju9rc|p zT#!{z z{leRRC##_(c%aJ|@q(>X+$^6Ln{QG_i^xlF+Wp_J@26N9MD=AjXNdm?Sw6ezjaS*2 zS1O(Uq3Ay#Z!rCFwzEg`#f|2FT^Pv22l~Jr)cB2m!K4QsTyIwBr;u33g8xE!J9YrH z$;vc%Y5vPArrWe&7HXqr?Tc zIW?a2j%hgT1F4^Y32%9!CNOpw#tjI7cyfR!Y3}g8z?jHjZB?w#HDHr?+RX`f#8-K9 z3Hvt0=WTZBB`2!qH$`!XkPZ<^KL3HjJ0cj6De*wU;9vE92JXKa@O40>^k1F99Bifx zKxWV7-lhL^tZf9q!nDRq{~-VddN3e!?D3e%zk2T`_E!Kh#T9xQ{xxm@;nQLeKE2TE z-x}#Z$q8Ce&4;$B|E;AU8$kHh7azL+r&(eOpqfPd=>ODm#TtX~9X>gf{HIwDK{a1x zS)2W*mW{DD&&__AVQK@=ILPb0^9N)B_=Fxnk0zn@q7VA_fybQrM=ois%-$$$_EWHH zW+f*5Di&-F!~SfKmN7Y_=0T^PDHhS(EmjE{`i;Fnf=6x!*ljpQY8MGSG*KdYi6Y;O zbPIZ1061k&P^}nH5Ke28R{lzIw;V{K7>_bU{6QKY0^k;v$n@&J5o6wtFTO$q5kANQ zH~#w*1iFHL3d=J<-Ge$iMny#A z5|hy<_~Y9daH!}trGHjlTL}c|^WFvXk1vwonUFsB>gLYV?KcM>ML>Ml(TeNDrz(8sR5hhW-H78z{?gIl5K*B&O{L|xj=(fsr)TfK{XS*Zj=0&Un zNPs!>b$ss}U^2Kdpw43ywFeqX8VT{Wz3E^EylUd)b)NYrTp2VN94drtKu2I8tEqL| zGFf*dgPY3a4De#-Q>Y0!oB)&Tc^wSoqiq@h2U_Xui^v0kG3}J4T;DSMYf%Irfz?yg z|AhgpxlkOG$xq;DCpqGB?=wq5v}4(43_foQHS;s_12Xi8_XxB6-IQ;VPLt`0fg%fZ+h+i4*YR41g?kx+LRA`6!U`8JT&qz;%IiAcEeB zrcqHLl7x6jQ`+%5NQ!O&^OFX{AaweozByJ7DkBVC@vh{1mnV^#^Hm%E`r3p)5=|Hpmj_JL83WRnU7y?l~U88CZ-%kDH3 z-*>FiGX$iMg_*pIT`Nf1r@$z@X!N6#$+ebgEMv(P%(hHKN_G!KJGxp`7h@+da)`ja z51F2}1_rn{NH^J_*#=)Mn*m^5Kh|oVhbou-bcpkpQsstXuCl{Jn2-fCa%9 zZ1DmZCFlhlT&5z23*>E(Oy51=8|htQGW$?i@{uRv$vpvT9|kr7a#28&2}KUBR{?!R z7~l0!{F9@+twjKYC`>cNeHrq-0gq3Jf$?)U+6IAk zRQqeEYzRfL`@k(+y&?LsEYibez*?-`B|`K}w)&qT6i8*Rwljysqv4XNT-O2E_q_I+ zqLo#kyudhMtHqYPPrBm+HNk?wgBYA z$JeSYTD;{9{V!b(V`cqBSCy!5%)OBLy;?V8n14%iTXkBg;bqr))TnylBTQ<4zF{Q4 z1<@_FV^jug=gGkR*qsGL*oFBg9D7@DP&v{kgnFJnDhC1`*i!$f|NHYQKeVT@JoXhD z4SX^Y)s-1W?@4llIdvMi61Ew;1F#{{+1%;8PD3qBQNl|Ju!Eu3jCEwzqI zo#3l6kV{vyV!1N?-KuQI(u5mq=pD*#T~&q)8`-ksPd@tGP0|wMA7(iXbexCz0{i=b zRTb#}&|)ou!{yk4+J>pVDeq5f7MZ6c>AE7=o!4&rAblSn$&yr(*u6BdiRxcpeUw=? z_5HG9>EH2*n`oS!zx$mSyRfv$7aE!uh2Xz0*)f<5}tqFPMGTYu}U^p{F2h*Q?I=ljGLVfV;p<@g23%U01X!uZ6A67^U z-*T#DeDT=$TLTo_fd?Weu?cm+7rTt-078wf;Yv_ZzNXJ<z(bI6M_?`l18y)-%$P{QsWA^iKw)1KKhCp*=0q2 z#{Y}GHxH-secwh)szqWgLy>t_h-IG1EOUcU2oWJ6EFvj$hRQrdL>d$#Q9@>!Dr88; z5Q=5WkYQi9K7D_m?EUWJ*vGNof8OK!CzfYD&;8uPb)DCFo|k>e7;axcip1P{jR*_j zY&OIortxBCf6leTaL1D*kx-g}1Qc+nrkSe>rIuR6{EcDO4XHAjbn}P+29_(|^9{q< zZ102&#_lM6A{gj1xGY1~0=kKvi+IueXg&$JfMyP**!eVed-W_B-=RNh2- zbFN7(hoZi3@9u`1VV%#Oc=>69~JaEa9;8=F~r%No@?VS4Q?zN4;T9 zr;z=Bz>c#q5cNlh%$uX=q#}eD8PSj`{AZQl7uvqxmBF{JFZIu5e^;ySZ%4o1yQ}*! z3X18OF?qA!phBV`bGbv|=skTLJrt7NYx)&B@Uoo#5*$#Hy8kv0l8nF5H}9ltgLmb1 z+gJXbUc&VYaS*pN?hVr2T4ZX2nDW1$|36@S{MT!WdciQFhUqJ*TN3LY{YO_pR(dyTU)Sb>0>NvOYQQqCXqmKRLP*GyGoWnw;QYIlJaPNn~O- z`k~;*pWFVYGCToUYRC4k_FHc9O(G<_l2NHn@qaB2E`wnBJtdp|mYe+6jIvIzdB@jV zp6Y)Ru79sGC1)N;YMbw$|Ged?+M!PTWJi75mYehzg|+9*BLDgDmZzfhUw3c00_hyO z`g?vd3UKv7y01Y}wMWPR6a~Ps%c-yD!%MFq&&V=s=T`L3^Clz# zm(g*K62`q?AL5+$Bbym*g6|KLK1i@4SF?Ccp{^x+rap@_Ol!-Ste_IS1%uWv_AO(A zO7{PsKE9_UMhX9SiIskal#n(7S=_$O!Z1oU_Mn{C5&~KZ$RzcAs0Kou)%we?XXH*t z<;(w@9-#CYw^<@Vu?oRSD!1DNQetaHR!QV?T?bdZ zKZiur{uq%L_F;_q{3mOdvyb_q2*|-qj{uEgE&Wq9y+u`K`JJG0QNRdXQM@!z@#-Wc zC<`|W(#U8~pu0D^R=bE5PI4mD;4o*(N&`5ka~a0EvcRIFy2B zvU)poIPHQJ+B_X0E&qOrZtCPzH?p#tpYB(jZ4lLw8P8-kKakqr4>_|2%6-Luq11na zU1T3*j~?RkKQ@gCyYei@^Q!h4A)0Y;p*q!BvJDW<$*hZBEIe~+`6B`3Lzz!jpk{Sx(3oo|tu3S1l2P^?pYnBoye6P&>n2VNsVG;as zrY<3USD13R2!e(Pz!s2=8QHdd@utNpM_>8!+M5oe(}5s*FG}+3H1mx3g|Llr*;@~H zyghA;nSrD|_xp)2g`feGErqpV32%@L)ndP_E{GJmMtRnh_btf%h9-Y#UE9#EIsXbm zpyxeZL;DlS%MT^RdD8j{-Y*z<$R!M=*6Q6?OAQH{s4Bf=&@8F`)Vupt8|yP^5Jed8 z93+eAf|QLpkeX^Tq|9i-?yF4msPvD*wu}Kr0BNd@@;_~VBt1n_XkJJqoaC>Ddq| zi*CNyd~CB78`Dqfo94IfMX|l+^m9}#jAY}%Qi4X)MJ^Refji72Xtni< zdr{&>e@HV3s?LWYH&U3e|z^9ljY;x)R-7 zDSqqAhAC{H9pkFl=34WeW|fUMmpPs*(?4G&iApvrl0 zTk%Dps`0Q3Hm&RG0pGA}QgD)OyQJ2+C%FfJn zShV+}zi~3r1z{@B5#D2;r&v>9E!#sohJ!t$T9bZxLL=HF&9o8O8td$$bGkgn2$qFTA9s;vjnS?WZ+x6gJXNn{K z%$F**55j_uT?g5M*FkHLVtBrw^g%*eGk}!M zX`Sbzys;_a(w&)<3NgCnygHx87M~LO#VQqFv_9R8kme~#mN%B#tuoFoQR96dfCm2Z zqsY?3=Z68^i8OBlArQN5gZy2ty!X3Eb{`35r}oM_e1L_1WtY%O?Mo*hPub|G z+?pNOK*HvIo7mqFUq{t!1M#Rj13iyQ4%@>!4>|4zU*&P&RG+DE`O+v zt~L~b$c8y1V`R7h2SI%7nC{%ppP*;&>Z}fS5J_#gFk^k@D{b$plJWeXh2KqUL!G^UPgEqBQVUlq!%Hf{kbd7OlKE`#N>-{ebHY|kw(5&+<<6Gwt^fmr= zKmP5z5G`RWxrXNUR2h~DGIyQ6q?1M_++mbPid+G-`6^Q8BGuGZR)|QmeBsWx+-X(n zJ@#zmL`|!R^|wd;RbAT z64-t8ekX|JmiGBL7US-^?N+c7z}ZHQj(O3w?6 zHK#0(j=d{-#Jo(sR>)~G%j1$#$#zWfc#R^I3WU8A^nc%1-)6<@@j@O&Q~ ztT?@LmYtUB+pv6g9T5h%FWAv}@zCPShx<7sqS>Dn??0RPEZ+E5w&B%BWkYdZ5ts{8 z@}sw{1my4b3uWT329Q}dO;lc47nUmZVTR~7gSOC zajpJpnU(2PXWGyDeR6_dWHbF>9y(@>xL;yDJAO5CcOdJFsbpmds^6Ic6?S0HTcdKj z2RWY(Y?nu?yq%AyqDq`9vD#zUNjqr&jYU6h>nz^UOZZ@Cs3Ao0b8yTj><_ZzY`=9& zp5-}yv^6Vu2+C2CCutyo2(O)KZczyWgKUG3W9C^)Rr19vKQ6+_Sl{U zjn%P^J#NUTQcNy(S>=k3c8K@M1SCH_vui*rh z`NQh?P8H!X>d1gj9(~8dq{mBql1uMr;wA4maLhkS?kJy~^C~g@WwsC-sCkFm(1PN} zSGhG_)p)8OLNq>)SW2sFI+WW=Oix!cmNPE%l1-V~Xlh`x`?rsNvy9*n^kI;|_tpIV0=z}Vbh*Pi9p6pEO9S`%1KAHGCt5s*;UPkNGk+fFcHQ~NuRWki$ zpKreB&quA)#z5PYUD#_Fv`9)tJ(q`ZJ~u`CWH$#TnT7R;P9)jEuT?kBP03fyRkG5K zrqATP^ATsc=k=bO^`-~cV8^5F++>CRSSdM%_RxG<#kgmU?#AD)cc{B@vbrr3H9t_X zBt>JJPc=0)wtvoMS!ovc1R56o=(~5(^lr@u^3OcPDm0ScTnK-Ebo4b&U6T=2886hI z$CKW9g{8v0KoPzR6WM;%Z#+k86f*Mps|xBS9$~P3>7LEvoz?qGMR`K{zwVrROxcpP z&T+s*ywLGBQ|+D3kj#=0%tJ`Jip)FQTQ^1}%g2QmbIrFK$>}~xeNbAMcJlp1H=;0> z&z~*hdr~B_DDG=%DDWD}8lwh7ENGRckV7{)ER7$tli+~?d(tu25X8{|Gxt)k$ThuPrl zjTC97=ZL8>zB4ea_Wkq8QA(>OZXK$^oO_AEjIJ!~Z(Ua~#-m3E12gX;uag(KUma?R zhkt+%+=rV%L>1zUQVR($;Y*&k6^4o_RfOWm8HbBzEn%0!QMS}_`XdWWr6`x&nLtg`YMxf@a(da>3Ob=d z%%q1&&^KDfQ zdfAXty%8Y1{k2Xc415`~EU~liJ8im@Nl3LWJ&sXS{)V-ew`>ZmHeK66t~hGX{w@h8 z6~0@UE3NKiu40II<(YB6`$O!x(M7YAQtKbY+CH7w{X=cQH7e!{??DTTE^3Kp2ko%I z+)~C+1G}j6r0CJk>{+=RS#%GUU0>a<&p7eP={!l0r-!Z8QC5zM9Tx=gHC29z z^i8iVR(HgtIb3FKRXf%BsH3d(YJeWU6>skS;{L~7+6xuACU~9h!dpilXWtgAd@bv? z&5oZv9f6gp8kXJ!j4S@X*MwT6zBJ(;ri>{WM%8)o(U3_DP#k6l}_1gjaC%BIh)LR4a*$ zn#5Mz`!!hG0 zq5m7&`;G5I1;i7;(^o33&$nErCj~&S=H2z9|55Y*2F1Qn0!Zfh&E!x0>K~{~DH+hv z7t7na<+i|{Uyz)JQoeBusm9I?KvfA=w&dR^&VRoAo-9P`U((N;Y`Kh+9*n~1j&pPW zOtnA%a2cVevhxC4sXxsyNqT&)Ii_wwPp1H!bq`Lp+1y_KD3$?~l!m8Drn=Sqr(W{U zpWY+vck2EBjrS!1L@tN_4*q`!9~RJmXFght|J%16|HEqiAWULKW=0dB@9DE2H$@b- zcry=^RaBwKj|BEpwkf~`eV>oLY2N3(&~fU?59pdBWHp0OsUFIn?r0;AH-HY6dA|V} z(=%S7Q>Ld{mI05uVxMXnDl7x-bE*KyW&MmebDi&cB*v-a=M9*Kq0aHB=K)T-w&P~; zzXf{!65Q|0pLm$LHgGfRA?pZBxUs2QpX#>{&E)#6IWz%P>$N)WcKk1Z$mXhWMSk%2 zAf$f!RE~OmAj>-+xJ}LlZ*Zv^!Mrv%sX@rDc!^2NDKqzz1JOBt8;70aW1M0x;s{7x zgXCVuE;V%4r`5mGM}2JZcKP>4DW-IxPv_6md;D$ZD68)lYn>ocEr{Y?mdjA^I! z1vvZ660wTP`ZX9+r6@h@M;?P<_?IXQn0DV7h8Uzq^4;-WBT@dP5BEZJ34f$%l;TZ>ewNu7mWv@bh zx>{S+0$*teQ0ez;@zlwdK@623fnY%%RsT zDi`F)C=huT7K3k9Wu9eKCGBw?9HsQvTi><^wgQfdbx8NaWCK+|QUI)h@N2-8#1tm} zvH~3+=Ei#3n}Tc6_cecA8o7pLzpg^9$ws=!G&SWa#YElvMX;E8YU)z)Yo-J9)Rdh{ zq!?-e_Ub(6)ayyPqOz|=lfUQ5MvtwndGtKiPMzo;_bYcknVYBlH97zlM;M70evY^C zimX8DxE~4Y`IvT7&|{^GE`E{025HGWi$-!d5nmvyTKj$*EA#yo1R5XyPdA7|Nb*+- zru-jNZW;u)A(EdF@Z|EK{xFhjGEoW>PW?##qvP2!zTu10kYSO-ushO=UpVpI^Vy_z zq%_Z{mVcI1*7T8_6xKgyIl_(X(n;41PO2U9gcSShA_wW6FJ5DJ?SVyFD+ zYg!rC^S{VV=XU25qF033YIyc`s+>J%igfDU-8RX?msG+-zxx`@v!SciENkIinM}1Z7oiq6sJOALU#1{OdJkIG(7R}uw^JR7dOHq^t*GzD z`o8t}cft1g3Vl%esYG9Mr!r7{;Ky#ZI z?73S-V4vyY)R+6Guu&&OW&x;AMsmIcj~b_+bO)5T=dy#pKZ&i{G_bn%Pu^InApT@S zWsOvNj&}+?4-USR`H~E$jB){$&?(>ge$)SENQQ1^yT2 zQ~My+9MaNv2frC&riOjgUhU&WmgWG=LCqje89L{LZcS21hhSfSg(ivz(`HG)k zIm+nt7hQNea384H*oHH8Td5e zm&!8LZ0f)4tB{uP<)a;a)yn*}p}~9q!OtnBV!u4i0`hPPIyCe8a4c(K2kB` z8i6gPovo909HwhLkl{}(g;jr;oHdeLh~6^8IR3C1iKYK4yRxwAw!SwxKVa*^pL2yn zt7W=&hw4MSqBBLum+TZQFYcVVC3gm6_>P-`+P~oKF2+sPGM6~9zs6+u?hmc%UfO{_#@R4UY>FhB!)wyHZg0UXK2p<^TJ9!QrOU6)k z=5(ITP$U{qM<$0)KF`yCB7=Og%mM50HEjtf4enCjF;kqULlRC@Tql1@6sHDY{j81% zkZs4JsVR-0fdJJJnAzG-XhJwVIG7U1!~&&8X(U{2KFc?CW^VD^@b!%=buuXn;h4=R$J90VfUR2G{($bahSzmvVv%1N)tbdTHVNPIzfC5-uFLV<*{z?u6%A@6Y~Jy=$Kdt z)Ck+KY#NRgXeOqbi;a%U^z38DNI*@2-l$%cH}HD;iSC0rcP`rtFie_^KBD|yH!-|W z_hD8s8{jdYAuE>r)wfOL><{OCi>@;1SqV2rtsN9dSkS_=h-G?C<0?y9WF}RkoRes? z@m`!iG1KRo&VQobsC2NilCqg||BL3*taVS1z#ARSHGM$zBvNrNE0XT3b*WWznM(<0 z*x#*But?A58__W38RP53(l=3rx~S+qJXlF3gtPvEsHL~wunWaHf7+2)Djzt8RZkFT zo(R2X`5Y^Eujz6kT}{Al>NsgA8n@$oMq+|@3kB+l#0h(GCyt1jd@6|lDc*Uf-a%U7$UVdAEN_F0p}ikBPr@7g$d~tb z@|wi>dB%@vTFLNsgmyEw{hGsC#Aw&EE+}ygH6Nw}u!5URq0~B{^m#dxgX0x~{@K|I zd{J~T1&Rt&wGZ6XdgaI*wt&w_3iZ5mD|7Fe=n$2@Jqfje`y4dzJT)In{sJrn1C^fi zM*NzNHf0DPPsP`!(nTsZjy6Y#n~N%o6wr8`YZEJsOyF=7l5NmZ8K0D`)rkt(UVX%a z`gY}f!0uUd>5uGK@<8%FcAmrRg`%<&xx#6#jl*)Pl9s`R`Ij6`EX$hT=++D7+TVL- zl76zm+mK~sc3Vce119K9JhQAvQ*i6PC;K~Te8cbQm{(ej_x>Bc@V~(Qo+~5Ql+pRk z7I>ju#$RUe?u)*&pa1=NfKJZ30%tNg#rt#7-}p#0^LDlVbDbj+f5areVU~mx0Bd-% z`--0aJ7&67aZW?&gJidR$=<&ib3D9&UNk&<>Gb3;6hycixS+ZoW*2Y#b({VTp&({+ zopAbm==ZlF1{lCZIvxPYM4QEbKKt)f{SWRrEe8yXO0$bwNNu;2VyW#GuCzQZ zoHF`rxuVB8iWM#`AZ4T4@;?s|Ef0!GlUwk!o7dmte@jUmV6KyH(7ST}d`ZVO5&Ou4WnJ~KkqwJR;^E`28e#T($u;0`fx8@GHy)W9I zW27GB3h40sRyAJWP|`gAis8`%@6)Hy7g>JcyslxX2(~ir&=l1@4>85!%dji!WH3?&A=zKTw)%&L_lFdI_5;#v2~F3? zkmET4Iznzb7bCJ{9;E&Hms&C%k&*Tw_;*m1R;I+a2!Ub@FI&x5HwEWt9t7LLy5KHz zEX=;hjn20@sP8(r!7oyR6*$l2?lg~)hX6hh)Kell_!`=iZI>n>gK`c&a${HE#V@aF zSg#d1eU|WAD~Fts2*fbd_15EhCq+1;qLv2}jl@%jxx$6y?DB^tl{xq^808oUb-}-eBu#9+c&2(L zfJQGw|A-&JO?hB!9f)jz^VL3SSr`Y)kR8as!CDJqHOW*+z%&9Nw-)q6J^ENsZDrNN zBMZXZ{5L3!M<^BQ=s7e98KA^>fL@j}Q6I%Kis1Iczn(GZla3w)c0n~VVsadv4^Wrf zx^6b%&kTf!qmZAeAQOgtn)!lk1;6{`rIlKRbi%BH@&)}Z1RN(243 zMHMhcnGjs0^|%_js3YCwwcUG8UwD)SU5azCMyB>z#cN=YR6RrLm;+(TcB=iu44OB1 zpB~J~qohe51MPgmexI*zqulT+!jOH+t~UeS3EzMkIbdA_J%CLzCLbJF*SmQx`1i0~ z0%!NH@;<9YI8#U+9Y%MuK0T+yN_C{$f{YO`8D{7Xh9WtEXjc;t$#3F_Jvl6XzQyX*1(NRPi-JzF@eL|I9*=$f$fI)zd=6&q#!Y3Z(2 z<^Bx6$2D-We?0!_ILS%XYq!*tS3=(M(%#`Ep!}X~-WerRf^R=}X6vUZ5q6v3gY_iX z()9xQRUtw|m}&qSOa3`#nad$ofop_N43#QdzC7w*^7h8=-PNQLFk3Znl{BxQvA5zG zfDE_iYxN)%tBpzBWXRG{KopX*I*L`rj2qL(p~VHC1hxtgVqw(Q{$DY2LMzO*1-#m1`}Hy9aqc2R)jql5RLFp!-0KI zR35EAbY^1D*sr3=u?^>QsUhfmEooxZU{!G4O5V-vViRp^g=K$V5D?9BNF>*~qeJaN zlNR=m7XWpF7zwgg>}CM}92%Q!K}mKhk7&HKwufy?p`u{ohk^w0%X<0qH9u|q=Gt7Q zEHQXpqzdi8`7%9GeQ1BEfLgmsmj6hH9Jg>HO+_-$j`ygMV<<|kk&blUm>n9>yM@rJ zq84iVS)gFMq|cg5SNFWOnx(0|hEO!GpGs6MH9J^(-Q}XaTrV=aAb5KsBOu3w73siZ z4}5@-{3W66l8@!A9QzPC?_SI6)TBn#JoXe|O2R_ls1jn?o@Vg=Tu3#t#Tw96c`w3G zAN0+};uD+>X$V-XF$<`^ld7fvyf(@vNh;8P4AW05qDA2T!Oi3jeDiRQn3>Q=Er>1n zK}PI>;xRM6-TE9s!J=!Lw(_wD1sAwa#446%&&!9?6vR-LH5?B!J}h3Wcz5hKO7V`@ z;MpyHNwa0{joTuV(wrRG?88Sm7Wh{AeeAjnSQePI%d@(Nb(Az{bq@|7aTQNYExRxw zIC;qb5c@T$%1PCStV5GPDi2MSeH>MxovKt+@<`u2J>Rm3cj2LBkGB&BZSc+4JU zkwwZX*s!iH5lBcjmZ{;eAYht_(K|utYE|HLdu)8%;r17+EG{@)DHT_Vmq1plhO4A@ zxu(G%sK(Jn{AjsarN%W|XDlywVwIaSN0?0EXI3IV>NjLD^sWrrcHCAozicz7vusmE z6D<|WOXo9ivKp(Ug~{Ry7gbSZ20lJM9RDNRtev&>>>(jC<&U&sX_xz|50j-=-|38Y zf5)@>LN{3g&lM+ZQYnb@!Bl-6=XApJzf}BKf+?m=z0n!z|Fe7i8GyDwW5f>Q8baLH z>0e?*>4yUa#3J#7RB?N!1$D-LtB!OI_^$+*`TpX4TDYN@+#hf*eA?kKe|V<7jy%su zZ*5H53Hyb4aXPIzAV^eaeL*hG2Pet9*CpG*@@Ezf9wSAY}%gr&1kYJ`ATJjBP zuSCZ8q(5!AA9PLEnv(2^fbAp7td;x3GXySuX7f+y!gW^ho`_URugm>-Ju2?pn=7knLY^LaK~dnQL?ux`rN|qEogQus zN|NBAx_bX{!$kSqqX$OD5L4e%!zrB=-WTDQNf<>2ZuI*SOD&p&8yus<*Ej;M`wi(3 z@2E26^4Qg5CG3NA*9Ws%qoATA6BG*pXFuZNh`9vHgo5dL-=k*Z0Owi5#~ zAK-6>Gk>M8JtsN8V_I8hL0|c49%YkQPr`aJ8~|1f^MZp<8|X#ryR_d~+J0Q2Fl?fd zC&^ckovr7zPPmv)OkQbm`R(B%ma0U3)h}@1zK70K?X*BGF~n7s^)`nVafax2Y$vM? z4C0E*EdEn8U72$nLq%c}w`}jV;BL^yTgqe|ilb3b&J83>9%i)~67_L%_ z8*T*`IF^XSnO0hTDoY%U)H#+_8V#aLik2KX@2P{1&a>b1SqEb&@YTi&>kORNu|9-x zLad5Jsc2TNa|yB{>y*oMyK|N!7a(I<)~iS9`KMEdrAUJEwB?dEK!`HYC^L25$Y3Hw zIO9vs`KRn}HD#`TqaO>ov<_jY)oF%KjBM#eUssyyir8DaecaVcuV^_M1yYSInGdwF zhBNDM6uiGt?;uY7a$Y9b`0QH^a<3ZB6lLu_cd9S-SLP=M+W!+$JzyuEB2&1~c%x5j zdH>=zIXS0#LP&}#$M`z zzSinWoLlHffAs5qx(q>Q6S(BjCn5YwAf*suy&k#P#|*W@8Ft$wt}LP%0VC34e?i-j z8>3ilMokDDfm+7llLwcOXf99k%ijRVA-!wt2PjUR_4qDk9%WYfSunQ|Q{eJQ@*S|m`|3e%V6saRkLndmv7Yt9j z|7_XU!EChEX}66UoO}!Antwx?rfl2$*6MXU(5B?y5UBLXvrq3Zlj9gG05Rrdzw^1d zP5N2IAG_}aCNlayY3ZM@oc-ip=*A~W+zPdb44MLd5#AJ*|DhE8yy)z^jh4s!^#ZwO5q^4`B1#xC-4*wu{ zc5?oZZ3ZKASRALi*!sEF-zdnPP4ZUH3x`u8Psx(v0if|(KK*J7tPloNwSo*n^O=7` z){vdeQG;28ke~KefW{D>Cu~UEZ3|q~tPSWy>8jvXs7nnntwUj*P5;Iq5d0zp_|M$z z%gb9XL&psu6`#52mT!Gu3M1d#*#B|MWlqGvL;d&W|2y*koi_hnu$z!l46QHt?Ovgm zBV0nb#S+kJ4w*7+-A~y3A8-rX_;yFI$jdN!_PQW&5`!r}hXAbI%$E(2amB}HkIl2soA87U71Eb^;P^gSbeZfoiBJx$UmWIZZ>c-%V&2Mg7 zvJ>zGnZbCAt7OO@>KhrAM8e!Uz&miRXX){bHGy82qg zW-vvx1fCQHK#_Y;OK}2-ldYQdLG6vyz=h#PVlILRcNM|2JYeOg8;=*w4VnPR}6v|kfmA`xM|f1SHr!C3^*}Cv!f-z^>z$hhWA1VeQT`b z(x`r-0o!cCxsU|IS_KzjsydGP!lFcer(8V!U=A3O*>nLUT?H=R2kL|YSrbnIy3vdj zdt_FRrj&qXI+$TQ(#v`{BGO3Z(#$Zllx@Q5Neu?nbJ^_EI4(>MXjvtH;DSXECv8fEa&?}`^y$L zcKmc5VLMT5QioLnM9lMyJ}Z#Ptmzee2)!v__p(Eo-2a-vAu%vD-L&fsyD4_@sW9_r zOd`8VPyi6hUUdx?N9B8<6k-XACzXIeQ>&R-4k477oc8B5um}y8XdfIIKpj;Fkr(@5 zI^SVLDnhPm`oa%#QzS0J+#Cdx=!em~vV3!}VEDZ$T8EG;UX-}lgK1z$J?ebz4XA%G za)|ckgUQfVEMR1uYyO60nXQ*fYT%lc)=-&K5dam)sO}zTYFk2?>*s`8wSD~8COKZb z>~dNBn+vY1aj)h3T|&zpl<3-vmw$&^P6E8bVb<%&F}ZP18Pe~ezOY_+e`92qH#_!# zu2g|A{+uQbc^HmgI>T`%5@he!>NVp&rhuQmA#pIY6eyd+7PEXDc6r&U-iL&iumT~i zNUz9J^<)tmB3Hi>%Bvu8VI5&t#YO~5;GF_?I#o9Y8;$}5Y@XoW{h2U*OiHlt4Wn}@ z9--}CLf=t~#yJkA==Ucm3~zdhzmT0;o#S+|qRAZqynJ8Sg6Gea%7v94*iKm0qj<-0 zi3G2M_o1*5Xj1&Q>&J-%CFT#o2HHj~y58ki*Q{JiB}2q)7teq_+$_luIOFJbkHkZM zs}EDv8;6=3t-2Utc+Y@~ekB;x#j~D{SH?#RtF00bk*#B+Fram8cPb3d`|gzOg$+#>tGI)n~8mOphV(L~~Qw_grkc134s^b)HLr zUTq}TW3ea0J)$=dj#R80@&jD+=wv*;(|drUqm1?Jt}*i}e?dU?@Lc;o=tx~G`DDO2 z9(69Su1&k^2ggl;J07q9E+VaSkhs^*gSzU>a)u%>>Q=+!?0H#4N^QHq;o#1qIs4D& zBo|QIf<6|xGl6lnX*iaoaQs;lm2fTB?_KMa2V@<@0wk|4$&)8_5H-C+2c+@qGc-p00yy*%b<@l$Hjsi*K@FWpPrwFc}76MfSj{R9q{!#M_* zIgB+TnHcPNEz?Gftv^e3oH#yGAUG=B#Ohd0&cV-M{sE}3_=~pknHVWKkB}2foSBvp zT>|qWLu6bOV*E)nx8fZ3zQFUdAg9Y!F42gF@?P(REyqxT(p{q7#jY!hQ_QW(!g$Mf z+Cpz=RrnIQ?|3d*HdTbwYg!L!CReh}%x7Mz&dKIYl?r9W7?@{9vO6Yp&L%_xjt;|ao)nw-vIy8`{e%YQE?m9Upd`94$_Iz>|Eo60oyo66U4Y8V)^4D zv09ZpI8&_?blROUzX)2gBOC$~qRRTa_a2}P)b|clwlw|7mSJZ>tsZFKbum(6-=`gh zd(Q_ry}bB^M`{%)skPWs9@Ni5zj07_Amn%)YmV62#n8pws{XJSk;L2FWCm2^8b@@L zNw1Vxvsl+AMnQT!qM}CjrskLCU9Uyf!MF2Ak|_AxlAdgi{eLt_J25fbD~Al8nHYs^ zi=H5Icu~xR@i9SlP9f)xOH@;amgYt8Q>@pisO+Gln>7#Ob!pAk<2-KOswHyW@jP&< z7>Ye3RSwo9ihpklVYmbi$-W;;VIvo7{lGGsk;SC1Gx*eB=(?a&sExv2Q+ktdMD%HCQWc&}BV{jU9fEOKUMO*Nj3R2PsDQEd#;{TUaAL7XO zlRYk5nLbL=$Obg{j{TO~I&lzgE7l{W<8LsB%K$0Pq+@jcExbVB4AKEUE*#F;Vjt%3 z3RIkT>E{k?8Kjd(VUV(z&%f9LXT%^kFiP&WfA4GXavvT8%;nGzsV9F20Gjuh;P;;pIRb* zIz1hHb!{aW5(@R)K9W82#(RPMsp*TyZoSOE2hsm1(B@8t&V>y!uA%@>WYmCs=q13=-cb zdyC8S@v8-IX~LMkf6UVE0%1lKFbC*R-=n;Z^aGD-*_$G}0zDXHKSHgfjh zo4gk}T%(RbI~F=NN9Nv7=sWjhO`#|dy&Im>aN`?buw|)==s(}O@>Omy$#|sjJYbZb ztrNbwDzx{3)3*WezGm>A|As?GM?^R}gMjZNx!Euavhwg>i1#B55u}F861<~e&L}w% zwiaZm#D@hyVL1;@olOfg@D8WLpD9eAosbPG=IV_ZLA`SJS@_H>N%|}ii-nks6 zv#r_-oTQQ-x?H3=F21r{4(3Ot7xx>V_3zC|+M}l<(dsr~!>y(a;Cb5gnmD=5L}SB@Kt?f8Z0Yk7-(SAq{_7dntH z=dA(br6!q9IlUNv$hNl{3GVP*7e1)%7mUlCSY(EOG~DKLTx;o6I-Q6Vyp{WP2%Kr^ zcifjM`snkHT@)CwbFwP+Kqh#1x^W(!m1Mltmr+F0vZpQot29AA6^xq+Z9Xu4YNp9~ z%^+g@P;g9S2Tcr@!4flP)2$7yE{ht5s7{#2`_;4_6H&Hx7zVCTeGqmfKhG&(l6F0z6ReTvKB@JKwMnJ)u1C*75g>^ykX&bolbdG*1WYdO zPz9k1;W1$%rLI7qvG92~gUrmnLrz>W6SOxt>w(Wl>g`$t`%lmh_J-Og+N&l9o}mfz zP#47h5^m+Q)-BBx`UHk~eJQNsY%i&uJ6Y-KY@=Z*N{!vA)=S2qeOS0XDvWx!wXgVJ zI9st-INf>Gh4W0L;EVQS(7MeC!~eAKm~?}#D2|l8+?tSmw#7o)d?b|5_4;v)yw3Hg zUW_3&-mZb~L<5I_a@O1(@>`fBD&n9M^~U5DGM z4`WWrb&NZM=xxuY^ZG5(PtGV9WN~9j{SJzE(LQkbP5XTuUy&*QE~n4qWkS+$iDq1C3nlnWhAHmq7JZ-AJ%Bn*Es-WAKil-j z11GTY!qq#hKahc!q^wyhB7jz}Q4Ew11~Izozs#m$8Y7#7Az`Wu5!PnDv4ouTq)IA) zjx?vAh6F?3yxv}MgLZK>?mumQ0Nn(G#F0}6y~kE{YmpAFHj`%Fm&_sSA8KZ4OL4pZ6GT#~>`hX%6FPPu0ZH5U zgoqfA2&pKFkh^nx|Mc5R*aKe?3NC}2mP8om*wl+obN^fQ&;gEJuejp!q)shrwV=UL z>U>j1grO4V2Vfm zEGdY{UD2WZ010GXlSpH`)+tt@cZ#D4*0bXWgB_B{gp2#gCaW0VzHajVTC0wWROjRG zk3jNFy-T+hr3)&>Tim4qxTK!~GLu`aL-5Rrz+HZ2en_2Ks!$w>T=Vik?N==1{7BYOh&I%-Id@TJT~#`%;TnG{WuQNcjFpTSsrf8U?$!( z^NNi&pD4T8Tz9lk+$-e3t4OW*GR2U11YTa{Em2SSK^;npR+7KnoA~|v1P#AyQNlGfpJx=!{B*-z1 z=b#y*^+olzs5aX(v%dFySY$5z4r#7{>-dX%3M0D?2D)DbR$#vE>e4XTAWvxW&RQGX zC-tS{>3BT&!X+1dl^)!6&6hyKz*%+N`eMqme;vWQMfY$tX26SG&@aatbEK$bnNKX$ z+%0@nswIL=`=@;LYm-`Rx}#`hIHSbH%LxYC@G5tUwba|$NFK7}hN)Rj0b@+_2iy7kRcAr~bK%8Z~d_P?+J4Zb>ypZ9(Q;b@%*-8toNaOjR zW8`bC3rVWHW1L-HUH-AJD79lvCS;WvvQ}{HJ9&E|iZh;p*|vqxz_IVLweC8yOTz~Q z+?kID&#$pF#mosWafIX}=EQnhhTk~XlO*g!Int_!&MSUK{X0Su@=~du zJ%!c9jzZ37Q;Go_t7A1OAwJ^X^R*F-X`dxIJewDgQ@=93!s_eZ8!5|`P;xktpMO)1 zLZw<{G;%i?=F$@9O7XL0J&v-0RoIoPjqp|HOKMeaD_2>+0rU_gZIV;6C zlLgrJ!^-xx=k})WQnFDBz?4_%{J*Qjt&39yk5ctp1PkoQCVUMWepUV=54BPtH< zrIY*=^Hz7)GS0kO!JMntxQa8rwsXM0LNq>nydmFz$L`t@)RUz1Ak}mu!~xUS#%?7m ze21xgvvK|{y-);>{a@_8 zbyQSs|2L|LGDr=ebTQPUdhcviq@g7_-NOX=7k*@V1o#Eb)?=B?6l-te+*^i|p?Iz3GM zK{u(8K6#T<^ZWKl~+0kJNkgTLi^+$Qb)4iB{FPpD0WNP*+&v08BbmiAi!z7=U8#r*8U|`pF+y51*y|1|Eo$pri*OA7O8B3)X1T?cS83$1VcrOHR97h2nx@Q zeXttUqTdlP zVp4=VoFrHnTN|J_Q{il)+X&|v+p`bkCDON~2y8=kNVMjfI!xjh$Mhl=q~ef2vvDn7 z@di~4feMo;@BLlK7p@>X+_lkccrCq;T&>1Ba-IwhekSDAd{H-_^_$cs;m}j_7RsiMJCS5bFZH{ zs|8Eza}DRe$=5=Co@=C4kpeMzk*8C+O}J$_go5Zc=G{hZyA1MGBzSCuF#5(0F&o9* zCy(|4)$+|cRQocyQcGO1BIetEDz|7=b@J%F!~$Go*3gY`y5QGa^&G1X6U;?ia}qzU zT_U=+E0c?JCs>A#V}c+{21dtpmLj*UNl}0LBa!kr%gr?Du>=p~C{Rg9RUcK)?0cGZ z`TX))r8?&HOfC6*_;@8LndiMN{$YwmXpRqA`_9Xrb6v+{z$GgEs1TR2yN*55GWcFy zycB|gTRhMv{@dN7IdZCTyrcNr-|$}rt~j3_df3u{$z*C+crS4jd)+e9Wm=VjCGPS= z;FpsU?xthr5q%IWla?ijN8cjGicZ!?YnNHUgwQp`aW>xSnfk+)!yZltaKBL&xBgEz z@cPlDY^r)pEqNX^3N@1fAMJ2NTY^z62U7vEkuEx+*~z1j7cck>_vbg4T5n(S(28p! z7rmpF!S?Z7>ut>qO;@_viQ0_A@X5$`jkjdqrLB~^KIjqWy^k=7>D68ER>$J~R_6Xb z(fWDU4Zk>RgZXUEX0F-i#!NkM?=4w6!aAJUi?Vdwd;~{;C8aV&-uOn5{%Je0rr>qn z7u_w(ssXVe6oI;tUST9fKS*b2iaz#0MB>VJc^7+8C?57z^t&H5 zUA3Rq5WGQu%q9|Aujn!ePto0o?PcLnuTzE;G*^qR7)(>@!o3d!&%z z-Rd_vBBNQ8xD39;Yq|n8M94j}r*4^^3m2%ap z)i0N=aG}Xr!^@`m@|Z9>gaf8EOT>GA><*h+z2sAVHhxM*1C38l&+s~;BSuy3@lFW`GHmv+;tCe@wivX>y6A=A7G`A} z>ua`q=s6jKo5nPczP}NBF@A)AYf*2$wqQ+iAYrMZ&YM)ZU4fwjUfkh%@pI_q0=GI@ zgyVbp$~vj<$2e!lT1AWEb@G3E+w+a_$9#QJk}$dX&4*f>wSNe)ew%H$PMSj=kuZCb+ySO6a8T%87$X=ZIgegki|h9 zrQPHpZbWZXj#zo;p4t@dEt8-BBsv=q9^VQsG{WO=wt0_TBv;9asu zt+1P&2Ct8qhfB8e8&lT^r%5W~`ox5eOj)NtUYJ(rKiXj}^p;pH7CS57vgc$IejI=t zVzX>94?4pq=q5mSb^Y7R6RK9u5t7)+??0zEa#E~3s}yBE>dPOEBRY*9pK3`@_ER*z zu9LTKk0xm?Hlb>X$Ml&ZsT#09#$)5r(Q=1Bo?@dmk4>v@eY)+Ng}F(XTjay(5RxqB z^r%S2Z@&qng~T#}Ikoo_*lb{$kV-PQ<|)%kS?t8vK`p(Oxy3~UlOBvbSubK(N`Eeg z?g7lpO|bh0*BH0_MdCDser&=Iv4*D@krpNwP0pj&;eoTRGMVqTqzC1wm{lb52gb!O_@LcRyGmR?^ zB^wI?=S|r61r6sC_%=Td2~oJ+z*sB-?E%{WkxOhrqQ(ZIF-#?L3+X>KyA(~Th+cZz zO?4&RS*nZmS+uiK!P&ZM5PN5dKb<_Z^e$82{dN}7=LMA-hhUBbrsV}36P$WaJg#k8 zE)QDUrQ72Y?-3gx&K9Xqh`oQ=K-6u@&lP{I$c??+Ps)F?I!ai+5-;DGKDIgQ_*)6`ilO-MJ@)bsOt8 zuA8RZ*zq;gQ>LcFpx>$Udgk-(Z1rDDmQfLd^U_S9vSKI*x@3tVfPy@ zv^JYuWhQUv%_HXD6sD{DwQ{&w6iho9d-0sbqI5B$f9v2q_?g{5o~B!%dGq}r?4)7brw;!nq^U)aSBg>?g~;H2fU zY~|Pb{WP(!6!N!HA0|9F&-;4KBR&qm_6~*EFyOp&9!S zcM>sy>yKxZ3BPbNP(#^^W&!{RPu7qav4Ozcgi+js14G!MEZ$`3D0a0LKK|t9sG*2W z=Zz;d-m9J5)ko6EY}dkf4#tnS4rU^{f1W;3E<;{mmpT0tGY$zyWW6o3yjb-({gVe< z-5%ZcqIaB%Uyn95qVf}xS4!Q!Pp|$4^??u9b}jEeu3+t$`gqwOXU)~ixpTD?@~Bb8 zIGi~X*8QK47=0f*z}8mj8;Hd-2P<#D;%hcq$8}#`w;49WvT?dmnE8p#$~A>Z_Tb$N zmu~S~#c#gI?jo2cax(1bPA*~(6YfD$a{B%@uPa@hu0q1&9Qf7GwTV-C9`br-KV*?( zzLkEt`Oke44`t=`tOnp$ABiL5We6tYjX36;sMZ!n0TMCQku@x}zr95MbIfN=%+TTC zhozI>%@6=_Sa*`%?VVnc_r&#|J(rRhHB#}$M}0rS2U6LQDl+)y&0O+!K1Q%wUc$+` z9eF)L(Siq`16|itI%^WiX@)JxObLVmw~rat4A`rX#qV+9zG8$o^OQ@l5uc=wS8 z>@Wz~bAKOR_9>)_+-*rknyz89a(2j69^t45%aw`!CM$$|+;NN&#muJUt|j-z4#WU- zQWE}S54h6?lZn?jnl{TpCPvc-AP{JUDs2U3fqCPeF5ahaTK4A6IQ%tWszU{OkX5b{Egn-ZD4DZ!gxaEbi~Yy zRRrtUtDutOCWRBIGCc9zKE)x5_yqv(T;lM}1>CBJeGQ$Tj z5Dg%?UHIBV$Uo(KbN|ZQyqNJ1fB{Ew<|HuH0C<1T?~nQ^=?UPdI60C|X_yjKto||r z^SxC@-z`U2`5c>_zDW6_(KnU2Mpeijn|3%^H&3L2c=_X>@KrC-or|bK1wFQM8HMT` z`>q!12Q*NRh%@kb;g}3ZIUMY+Pd<43_7^F7o?22QSL%N*)~jD({m8`R=chzhhB$6V zA0slKjL_W3$zh!K0Sbe`VRT4IewTeb#)xiHGA8`QBbvmEY{dz3Hq^XyBqW3Ebbasp z@Us_oa=Rw*$YCIiA8DG~S(pb~`GNAb2pbh|6+zc1QbABtGl478@YM&H;@@Gpp zuyjiHnN!@#S&uPOD=wxml+;G+esGGy%HbpF$(X?+ z!*VB=7i8GR#h|u=FUS*O6ea;(Mu_yG1F(n7IB3yHimCiffeGOT7&(XiZn1l13@ibJ z23L{eZoKzC9DId$t?sm%mNh%NeF#Ev(>EN6_lj-`4KtILkG;90>1cxvF@Sm|4m8rx zJ3wsMk7WXi9HjVi8~|-Ln&wnB%Aoi=Hlzo6!o9I|bm#qMns{RByFbh}NXY(D*p-gP zo1^(@341?-J+|l;`0g7CBe$?2EI)U5>1`JmE$|JO^R1LrQd$X}lAUtr!5)6)%vbK; zB-QEO08%wCVcihBmzgcp=KW7n6sSf)?u9yw(Z6iDPyTWgcr_%rr;m_75(9tidr{z{yde1%D%||@0-;x> z3T~bdr24;TTVYl3h2pHO1bw=#}Tw<{?D5M770bU-gwoD ze~PwPw4Z`^BRuq4xU>U&& zB)HEdvYTm-XX8y9pd84PofWVuK|fc%l~+g@F#cce^>VO19)7>|En}3U+>aCPAUd;o@ zc1=EA#;*Y|SBv$K`gV$74`iZ}#2LA^A!5^RY=MWgt!T3EAz;Yyfi{5%WEDDTZ`JNE zzMTXYFj4MZPP;E?!8%dfL!8VV@2fhJeZ@v>oYHjN@(K>8>ED0$O}Q0f4vCyKaC!o% z6i}Q>3Q*?v3OopJ;J8{R#XcD44o2hW13;~kbvvz;708ZjwEkV5iHxTFXJA#U=XcddYArrHJ z^9`WZ{TX2(lu_?cv)*DpTH(U)E=+4SI<7=+d?^ix)e%>>lYlbiWjSBCCClhGShGZb z>+mi7Y!b|aoFTG(>)kaLOCYIzd?|@96|~f2z1RcC4SY~!MQ`v68oV4|<|9VnLxARS zgCc8nN~ey%=P3(SCKZ`L4LDXR!7E_B8jHmG28HV}mXK#20J^f-yX4;2EADG!(lmhE zcX6yI54)qX@f489**9}D3@&H^24P8p0xCRtIFB9usx_nI8!HA za}v~X@o+sR{rh>JF@XDp*bgWA%Ud>{J+s(`ZqmO%mry7ccQsB+3FNg?59h zwoyn1!5ENRz&snl#1UStU}Z%R?Ez#8I4vpJzTy$87Lw1SrRP8pY{!FJ$^-BlXxo=* zdF){Qd~X1jh9r@f9KPUKjWsm`bSJn_(K%F>%DoA){yK6k&);m_RcaAB0=j}dZzk24 zo2E_NX+6*h@#1TU^e$u0zNX!HMUpILJsQjonrc{6TYx>r`$9gcdo|YgLgi&ZV5Ybg zS8rHItYqbXVfIodUfiPg7zQ2{Ec|vyu5G0hcII@bP}^~!TCv7c$8V`%f!!aXwZY1@V!Wm2{Q{@-6qF;m8U2MK(xN zx|Q#;OmcDyHC@@(BCV7Hfy-VWTeFxTX$f#3oSU)_E(H#rw|rq@doViH8ea6gvJ=x8VTQJubT2=sIag5;MOB81-k; zwOta{S(}*ENls*~@-jR%GRT zCg20)T&5o$xsdNM_KDeo0LCzn=KftEDA01gXr1ehSn1P9Xgilg!Yl^`?N+E&Fs`Vk zwXqab1Jf#~3V`>+$3n;niKyuES>Uh98N-9kqfD47z|>uLZ6XVU8@f$?Zt_naO+_9mR8yHo}WB{rlQKoUPzWcqop8M6Ty^AFEd`vRhuunsjM^f{uMh_V2pDFF^@H5AK5q)XiM? zp}=G%6L(wBR_b{h+bY`i*^_}>=h_X7?@#*3=FjZi9h8&@X6wh&L=36Fh=bL)25gYmTf-y_-|!M?v- zD!(6;{^W~8w*aTs5ZM4xEzQnV%T0{P;mgUNvKfw}w$Cs|!NmaH;B?8PW=L9c;re7H zfumqrz6`UFV8|IZOLG!pd7<@NHnmpJE^JBGfeGmyyR_JbXgoUn)q03D7RhFO5lbPj zC-9ct=#`)b9Av&h76q~}3aD6aN`mgXR1Q!`+3o^aIoqqd3L1dQYEdTfMMeo^;t7Us z6#r_W@{4%YVwOxt!RJ)W_*ur+tdCaS-&|3T8;xM-jhb-cco6yb#twoMwOjjDrg6V5 z_vdQi?@V9D2Y6C`Bg-!;qy&zjBpd%l5n0OaQ@EVXMS!uX+G99!bk#9cFcbD`2PCC?6 zvGH%Fi!5zGru5VW1r9-TLehFjy;xL>4p6XbBz_rg&ut~HF{Kv1>wnhzV`7``E5nC2 zgF<5kDcp$_D1Ci#)Ou1$DPLYWA3fVA^B6iLQ=#L8#EVW&Y!4u-;*e_or<^zg2F@2U zea?-Y+{qnL`tvu;gVap!rPXK;OX2mq#&*fr7-&paCS+mrEA7(7##*()Z8j}x`DA}? zw}sr?XokCQheQG;CY$DxX@@$B9QOg`WGV$#l$spHQV_oju7{!qBLYtW&+>(=>_r9b zu&?6DGWpDUJK!`&VRBs(eg|t>&#|Jp5-b}lCs_ilnSGj4&!!u6Gx?e6=@XD4U|X7QG?1A zn#Y68qT-ql9c=yPgi6x&RdBl%F}AJ3BJPB(Vv+aZYqk&bOkZ#QX6FAK?q*WB#f!9W zZQ)-3dz6B{`zBVd7t^)q5L)^#={iGzJirU&nf{%F`HB(3ITkgNp_GBY;D`(eqlgOr z_UBLj{@%S{@Z}(h{+z#m7W^{~06TE8O#NE`PX(}*x0zifod5bY7XgxRG2~y4Hr0$E z2!MYj=otFCM zqh){mzW*}%u&Iv2?k-Rzp5_s$W`w}dbkZWe2kTM(+@BXHn={6Su{!2p;Cp&2LeHxp$F~~2KdPh_w=&=YwKKiL~l{+pp%0W4k z4bZgsbNul!2AsX-j;`JCIOz^?sfU`#rGWo>Kgsko@)u;Apb3}tG|Yl zA!l01$_T)eWIP1S%wf-Nj}<@}DqxP3tpUdWNoa6nKXK5X)NKPxbVl82PSqC~Q1Mtg z-dd&&_TPFdb@0N|Aq6}Pe1?P|o7pZ(p*5nv$(>o{h@vI(IQwG>0WFZ*@hAX%zX4dl zDWI%LXW%72EnWu9kjpsK$NmGD)j0@(VSUaS49XXphQTkTIX?yLcl1Aj+@25E&XK^^ z&J+|Ta@)kO6&{aFE5hYl=;?N{Ew@wG9-XX_SF~8(`)^+Hs)SQret=(m zXLYpFEdd0*7grkpQ;OFwNAVmEPyam~3l?!XOT53ndvmjxST$+-54g`_TH@|8Q z5x77^mqN-s{gOgXkwu*p2_0~~Bl?bVj2g%$quTA>ETQkuLB@ctMiC)$3vm^v3!P&( z5!qGD+IDV(1;+gaZ}do7DuHhq1r?nP#5=aYpvz_+aGnh2U~ZS+SZIfyKfI-&)Dv0_rI+ z+CNPhDpdn0yVBu4=-6nE%51nI$XE}u6G$PJk#F|dLwiR0llFN;Y$E}y= zUtBxVU=)FZ2|8*G^ZY7+sUVEZZ$1+h1ZH0m$h-~}n{y`ReCYy66&th!NLi*Oz5ztU zBA6=E*66_yl%EjDXqkw~aZVKpbP)`F$57%3c@L6Ur{aokK_X=A)=Dps=pH-Wxs8ou zfKe7790!;W>G_{fz0CZa6$lS7SoOeOLxQy}9z>9Hc%w2az48ben-K&e%^ocp@ldFR zuWIySdq+GN)iqD7@k13*s^-N8VDpd(eby4XH;|v(9{BKKXan)7$sqL2KTHOu?Tr5PJ*eGgu`JSv15Us)2Xw+K}3j0JigLEO^|L0mk=N1g)F?ciwZw%+hW|_>^Z+w}6 zPn;?oXc`xELe}1k^`A_=Gg3H;J+UzPBd!e##yl02l8lpoH2~OK#Dnx}f13+(Q-rqD zj1+L-57aOo0EOYMoQYY#@N5Z9iJK0fCyD&#>T(Fy1KyF^uA-3d0rd<*t6;TUNjkqh z*+Tgd1(!o>>()e%>d^zE%~>M7(xDl|A@M-4vr3-8m?Hqgx^83$oJ4?})%pt6EkSaB zD6?2a>(Vdk`%=O4BOX7Dg6BSsmi~4l#Q2zPD0HdI=&VX4ZFz1_<~Ks|sudcf)jgVu z#`~b0r?~-Y%&eV3Z+`sAP^ZqlO}Iu$kI=w7PoL}JxBkvwb^vb$ z+}?$xYPS+vPEXjcOt4~qa=iEcX1pzIo1#*@b=wnE&D=cT7fZ**s_>c%3dyZXmGHO- zJVNSv06FTj-(!{isU@|p=ybO_Z4xcm75s~G_c4fOo=FSUq8ICmwU=VoQ0iKKh<_vt zkkqLxY^bkBwzNe-ad*)F>^ZD4oPpu^QXqO|zAR8(_FDP#}NJ02- zco{qbrWYjWqvpgk(G!u)P7~ChYw|kW-^PRR$UHnzL}AUw^-B#%=3BODY3y3?$xyKN z^&P0aSS)jDE$lho8bxsON*ROjO=Dkr@|8JGSrbtQu)ae@-;I9x4iFrE0u#x0m3L+( z5EvUF`oV#;1trQtYfHb)q!^Yg>cm2MPVw=j&8;Iqp-(oEYT<(q^_oUl)bx+aA#6ef zHE`M3hrXKT%vy!gkRgavxcSL> z<Oj;~eLp_}ElmmK6VkIiEa1u1I@hx9(S zXW7+UeojiHG=3)(8~tvq;6I_sP;nl2b(MtX2`PiB^Aq+898XU|$rJ@b_Hn86YreI$ z@2lVYRF8IyZ5};(?|A3ySFP=?FCWIs-&ESd^|nV*FhY6ay$0J{ zlahfUH+E%JCO!tNU8J*M?AtTVL3M;J(%=@&4n2|P?%3>CLMScesQzh)5oQs} zq4r2k#PPQ_^!R#*v_W7QY=wCpcKZenKUl{(Q_@kW(+B333^=@)^yI)`5-mu=-lEod zAwIGTFJE3`Uj(nGleQlqf&6QcvKk!Dz~}Wtlbw#F2IWpO?@oHRRgW%Bq@Od`Q=Rys z$}7sb*${X4p4aD;Rigc*nt7>dWh2%zbrg~?pL*7F1cPC-Vjh+)mGca}>rJ5Ci#P(0 z`<+|?z5T)j8NsBQEoWK*d87-E(tWNQwqm!&K%_*h(v>CWT$6YsS2Y`yZfF}7oB`P$ zSQO6jR9rrUkW!hQ_9x7^fW8Q>Y)i@5B>qZL{#<~Xo?fpV5!?L(;F!fCMZ0;tU%wz8dZc5exs-iL< z9%3HMT5}b4Z6veS2mdZibX9z}KFNp5#Ses)u(s&%b1_@syqt~{1J8l`q~@NE-yh$M z-`D_No$dyqpMtB!cI$HfRTF1f(J?}RwsEeLm8>En&Oqu}zzmLX%)i8WxTl|&l`2=_ z3c>=A<%&MW1+t-a(%2Kxg<^U_f6=Zv=HpN|3w&PUOR#&f&SiPtwv*Qu?BqCCj#2ct z>kM-WeFwMm4<7jHc=7+@+B?5e^C~s|y_P^5@~cm-(O8tz=3!7qOKjT?`O+wkRK*mP z*954zo1VepIw-UVUiHr3m8J38r8BjPRUZy)33e8cDIRA1Ljp3%jVH_`s>T)KqldBQG-Kk*L7_UxdBtR zpr3q{Dr};s(Mr>J&foSb+P;%t;`Pwlqn+xSu04wBr~VCY6jPhPC-`Y$svB?`iGd~> z!E)>u)@C7qHMS>Fak(d&+aO;k_*0j2Rt?4oQp+TgT2Q`xs=GYId>gLpLh~c|ViWgZ zC=Sd#7zdk~mv-(&Z$K^&Q&vou<**p<6QaT^j;Q$O_f>kF^BfrI?C6ndy>RVO_K$Ul zyc(G-8oQSjxy1R_y!3NinzE)cvL0ClUn&KUiDsscu6XArF4ozVuJRw5%3~%2tjJm@ zP^yxB7Z`UFJ`xv^zM$&9m;bBKHEKq5LxLPUe zbeKmR65n7F5~=Qr7;Q7yyLos1fuIQU{M=@77o5kiS{8H|rfDAD`?|?ek)68x?2F4q z%5xBSUHMXjoy?pB>teUg47;>eul^Kc)7zfs`fD#1Q)h!Yp7I2d$MAi^_!i?oU~45F zf$1z#%hU9#*j;w8<7&DV%(ro=^?t*Zh6}jI76;UG^*V+nkZkioaXOz8_v&SdCmmPy zgrxBGzEmU7ON|Ohz8BMDaUM7*xUXaC(?d)nUc0ohNRyz{`lEsVi0JfR+%`(HN4XBG zZE!Qk@0Lny7soibN1lkFT|#DTm#LId>8LB~^{i`on?x4qoxH&H4~8@Tp2U-F=PqMY zO5M{p+%eC}EhrHk>^^21Co0W*`O5(ifdw|qQyDa60RN8vF%8loA3RZm*%Auqe~lXA zc!@T`bxFzYtBbuWum zgd`yTtOz|U@abE=`~tp#=GeytPt_bSu1HMSrZZYom@IWmY~Z;yGKWmRw3XNet}G3I zIg`yCc3x$`a(~Yi6>-1y?Gyf=xa(B3i#3~rvhGcdFL;I`BwG0!8Se6p6d7mOP)H$~c&FuKO>ZyXEHTlk__EVQUWc^2x5nLBE!iN3@+iIYgCgtoy zv@5ZW`Dm;XWAjnjY7rcv)YV%ygUeQ8SaNRXCxs>Y=J$xrf%l4-%eHGxPf_LEXy>~~ z>K(>3raE%@PfApAj^9y?G@-|vN{^Za^a^)mrcHQ?BV8x(iKJq$T3V?u z$6PDBUQBTPm`)4-RaWsK%|rfL^*&#Lpn2Bzm*&%yh8{8OsZVta|t{55Z$spTeX->%7o z5fzjpY6iT9$r=3-HtUZjR^D2d$eLg+gNdk99T693blhGchZf0|@rCg=z7LBpa`+-F z@g4bf{Y-!l77@`CBCd-cT_2T&4G!NSY<6uF)E{k?AiBbbeTC>e+^dAvl1RafCGQs_|$5ms$xUnBRqf|c{T-R$=Kn<-GZ(>u(j@;q$zFTb&w0ELc z%HYS{8fE_4QZr_v^L8FX#v4q?LYmssX2nfUYid)T)lVIp@+GNOusy?)A~sN)Fw=>` zngM%ZYYmiG=!*sE24LjUMwu_o_w@D7jw0y43HJ5hjCd!S!^NIgWCv(-_;Z9H#ZvQq z@`lf?;@>vq6ul;mC#Wby8}*uApwRBKLdepGLCmxU@>gHedzpv$H!p=aJH2hB_OPOS zf)}m1%M>et4D^q5#J)^hLqV#~<&JmlS^~Yi|3fR~HVn;1XkhV2q-!EUtT&YVTv_{6 zl!##J(08_`=sPV92iM5uv(0`DR-#JN-j%i$qPVy=akr5V5U(*K{L<26-CZS?>onU1 zn=-=kx6Cit<}9kP^x7a*r>E*Tg4%J1|x6tl8th<7rqr z`r+~`8oFIRQcfd4j<$BZt6euqt?h1~Q{mY3Q-ay%|EfqCTPeeZd(-z~MTZteH>0E= zGX7B%sb!E_>oMU6#^0wvO#nzF)fn$(=D4Z1;$I8u^|G2eCy|NvVv>r9;Cpek?@N_K z4bmLe$|oh+aWRD9nh@je{DB}YZW=y*rho5iaL<|YMiG74C7pap)4;5-N4$!hN3UB$ zF=d3uEJ$=0V_M8S14`wk^17EUjEC)da2KCf1L^G!T}=f)iOmZft_!-LCJOZC!2EJl&h+^HW_JZJ=WwU`BDVo0424O#HtE6HofIduV$RR z>iuK6F>mz42{#~Bn0YuMV||MpjXJ}BUM98_bLN5;-IJ(aVfMR~YwtD=b(iQmak(B( z)fJR>ZZkdPZwV5hc95!{9Gyks+*Ec6@sAKlFbYADPp z&QcOA^aS2nQ>{7+D&!o1{Q6)2s^HquUr#CUBsyDDji}&1Vz)T3d8Rp|h@{$l$7zEI z|0Cx21VYVifK_dLRpekjkD>c8CHCc4$Lk{&g^|lkIK89cevJ5zZ|_ z@L(J3jZpBtToX(g*$WZKad{eV%o4uBnM=<=|5hRO%*}H(_oD|xCkWUbC?Cj92T&gC zrXcKJ=?+{xK{Dkcp+8MwfOkT{1Sm6M8oN2A_cgEEO2_o&7v43wYwGp6o#lBOIzC^c zu4=Z1lZVgC8Y|N@2qki>G(YT={4fg!97zyG=K0g#`H~coyRq0az4}WDLvWPo;rJ^e zp^xo3E^}Hj$jEH@y^Einy|bJ}Z8J)h1r~ z6>;Eq-L@dDk0v&2s~ksXf9)IRp&st}l{bz+vSAN;iZr3BsW2um_17JweU2~@?q`an zK4pvooIu~$(uH8MQDiaytS((b6fPTt&-U471QZ?o&02RzyL zO;znH+bilkY~R+*mBg%u+TLQKaaTnTc3>hj{)moY;7x@0TpYM|LZEpg>utxg+{X<$ zZ-|;)U%IXM{oM0yKPRf0B5JjeHEh)zB}f9yp_mrMGr?es~s2jjEds_f$&IWL0&K+;h-!DE03GAY(^NFX1 z2&$wrmRmWLqS?Gx(yEs`skySnxk$?{IhKVyUdO82_PU<_IJxik<;aQo%iR-EBak}o z{C7a~#{#8b1X*(}kgn}1EkI4w9>-7ct|kP5)Y~n9VBg)T{7pj6L$~2-h8^X}BIt?2 zZlM&;R?5{_c&>G;sz%`2=Z5Fo=i&=ACIsxSzeGp%jXs~1QNR0BE4oj(Ti0X~V}2d) z&OqzhH|hBIBlq5B196%Zs4Q{`(G@}Zfs`Zrib;cGZ07yC!?G9u(e;ax*d2!ThX)#- zUN2QMJCXzh`q@CTboSa6%U=Zuk?drX>-MGXNS;Wi_&(9+uRgb4`FzLr`a+zpPE{V$ z#Scd^*`-(B`~G~3z^?ubNlmr@e4hnAxN-w4(A-2iy$=wg(#1L`kcIJog#A^q;B%6+ zH;6m^oGt}S{yHG(s{DHJ0kK|IDU$u&>B!noyE*gclnUpHabl<2QafK&?iJD+hYvlx zCLf5a)(4Bg#N!1C`-dR2M583g+3nr}f=RXpX-~j!)I0#;nP{s&qV@0c86=}GeyO|U*IEx%$v>c4Ewj5Wc~@~<@g;eryJM|Zdgur@1!?Ih zP$qs&l%ibo1SADpjXy-iXo@esdii6;r8OU4{!c31ch!vU<0}KGuYawQvT;xsszm@&}{ptT+ zlmDz8IjsM#lmFg3e+f#!|Nig4pU9zJtN|gMsW<2z><8U|i5H0IM%`ghj{O$k$8&++ zzj|TODezx=C_ZNZ@yL}k0iF{9I5|+#HRC~pGAObv0fc7m-dwuuLu-Bnc#zDlfP^y9 z8xjjy3qT>S33!?ZW1gT8G7CuR3X_h?^#GIY(+7mNgYvH+wZY)D|2aZc5MSq-`_=^z zKiL4nWZDLi=AD4R6h8(ni&0RbTgi|`7;F1s{t7q^s6xeqGAlq}oV*XL2X8L2r#Q=3 zfoyey6?$_daUY<3{nk5=_D$RC{P23CaI-|4w#1uPzG@jyy?cR=2j!F^N0ycv|C znm8oRyZ1i_KO700PJTb=ucriR;19|}N-qt>i(ei_8o-~BZdpyvl5&ps$uyS7r8 zRCu^6VzrsAn&vInUn?kpkxje5A7wia^7GpQ0fNr50MztuNkGEh527oQptD>JJrSu% z0l0#m!Cbwm=b?I5V-WoQl?e*l$$>geYr$1t0HK99(tS77$b8w;eO-U*-6ehKG7IFB zH-g{XRG}>mV?8JvE(2PW2-WSutEkJ*dvC|d4Uh! zcJd*hDQ_>4vH$uuenj@x9-N!i0U!NnEbZQ#*L~m=lR5y-Oj|(up9`Gu%!jkQkJTV^ zMX7_lwsm}a&?kHMz~Z=kqPgBr5>pjhUPGrSywl7mKW*+AvMi%KK0X+QV0SDBh8 zA9BZl8`+02ah8T}x(4}{L|HuvI5lN>0PDL~a{$~3D#hi`eS&;K9?sSP5>_2yHl2xW zKW&mFL(vN5%x!_&cCHHkLcMnC$Z4tSA<)AZm4g>5G=7dR5qM4d2_=^?$ta#Vy!FV_ zf%8=SCvh#~4q^^4ou-{fzs8U2Mi?VNu6_d~Z&#d4CiJFwf;*{K0z3pfcrrg37vbVC z5q$oqhz#xq0^*C1W0$bI2E_WiQYkW<`#_BF7=319X#*K?1O=@dwn;C=8ku~|A#d&0 zt)FLkkmuaFsVdRV z4hpH3rmFVp8Ks;a)T}Fy0ArCGjBPIKD9hY}7JDX&YEY?iNR>JKnRHyRBwJl3PlHd0 z=QD|BE3uoNQVm(zn$MnQ$h+fkHC>uz_yX6Z*uiV%Tmn>b-k9VvbH_6u)>ZbAJrIN6 zmG=ox0h^A9NQ~XOF+xJe#AkCC-hK%=IBz}9dfz}J^apyLS|b;wLgEnZ+;iwY6>4qAZU8K!PRatAA; z_qjm@!Cn$vnSxHBzy&BrI=?l`YS2BU_=v$a23{9jUWOpKn$@bM4ex_VDM<42gLJ$3 zTi|4%;;7k|ry&M+O}u7n!ZQ?S+y~$`&epz6CN1y8eR_wX`XbR0>ZyAlnr?tRd_fx9J8QUPxGw4%BPH&Op+kq_B8^O;%DGV9+&eyBhF<4H(3Y*k}0x|M5Cq@qX z$yCH6I0M2pv<$R-lx|F1j%@Wd^xz%fsWFPiA?E*xO*%tlo(hGuk=--0<)^nMFK3qh z40nJbA=eoF2oP(yig8Y1N8VhXV=xbyl&%Gj(0(w>=@KxrNLVR-beTq0bD3U|X z<^s+xye6k>g7<&P^feCF>pBF>X!e~E9TpAftHjM59q>~YKLuQWkMC3ga$LQ-H0(j1 zY)uBY<8V!2;f*Z-a~b-+>I%AK-_p^8;+kT(oHHX#9=|8^hmJ@~!ez(i%evf7Wd3sX!P#(@=%}c!cc3i0Y?0^XW<)$Eek8*SA_ezLkxEGhpE1w)2l&y&l#!pdNxBS5 zUd%-gvNJq-f@^sM3(ITH)>F0}Sbr7N8Y3}j%`7D#FTOs)6!U^`<$0%GEt9D{H||U1 zV`(xCOAT7DSENChD+bXY!FFdN^=z;*edLXxd9gW~k=qa%+j6ww0U$!CMg>oH1Wv?3 zU(<##qa4ruTY;Z(6Ssuq#9B~VfKW`(W>v((vABgl5cVW+rOe^kP36~Ku(K2`Gb~C( zdduwC?I$|hf=P`$_RYJo z=#QbU?ea`bX6s3uTwSf+8V-#T%JcVwX=}0(2^8I);30DqlY#e`GFKIGkB50H7T1Zd ziQ)bGDGzI=Sc9PYt5nk~2o8TZQj#>=`2(h)l~GvgojC-EG`!U-DU&M9!ewlem~2(b zY_GEzc8D(w^Sm{+-jp27&|;|W)7OGlNAoAloW>9TmTdRfVH<=mH2xCkmfD>0W{N2T zN2)E5nI?)d7jU|wNI%9U&r|dQ6^MIvQ5c&<(9iy2(?gH-tI4U1xKAZ#{x-tJYws~^Ph3J9%Bwlt&#UF zG-gN^;Q1Oqo^%TJYk28*r^9{0(bFrfCs54}_<^*w2Cim@^xPgH<8M@yvDUh8c%J#m zlrTN=x_~CJ3+4MKWzP%84x3TL?`CL5xsW(+g&6-Q-h)--VQDsfQACma=BYE`O9gkx zSI=XMzE5#|u*u|egd=Y?b#vhFfxqVywt?6FD{jjk3Z1~#(1@#~$beni;~2~XyV4tsNQQtnN)3Jtr3!| z6vJeju=nUFy1jv0;Q-0oD&UMl@I0$lEts8qmp7S`SpS zJWB|1!*mD~;k_W3Y?clUR4E^*4X&`?lDWYn90#R z6%&)q%zrHUXxx&Gt(*E1Lp9VyS_HIvFD4TemN8?sd=dx9(ZF8Dt8-zNv#e9NYc!0W z!30Qxso*Ymmmi;8>wcCI$J8i9dS4EgAb!*8bK!nSTOgSMN4hLF{Tiy#@^X+F9ubiT zPiO(Glf~-Ux@qwFKI8FEbVnk>N8#8fx7R@}(M`$P$cYnMOfsq6q(LNP@m_pGsxX_g<1o>b2!* z8ko!oBENK?eeDLzWAL;vxhMaazb57j3Ppy@5-58QJV05o0^}pHAHJDn(P~+a(luc4gwU;e4v;>v_q(r{K{YB%>TL{H$!ebmjOfI ztnt6yEKzc?B=egeLWTdIY#;7&AlH)cjF;X&O*3+WAUH_aZAstrUzd*-^d)$l`PBH2 zYvGTblnC&{M8oc?lc1sBZZ@zD&-;U~pOd5edkzKP?dbs5v~$#Z;NR7lINUte1Pt$PWx%a1 zK|m$Mu?@fzN8rn_2f%$^uGpVOkSYzJn~LvEya`sD8Wz;-<_(e!zDYF$VkH?m(TPM3 zx=nyzavkVu4KyV{s>7@%LVO$~-Nudq^`B6mDswj2vEqq5D-OYco&yr9Ym_8vB!Ony zJIoIRWZ!AvLOx&G0D0n8ll6PAag@IUa%NHp^r{Gfk=W)MKS<`EwRAjOxSm$lelPCO z^ih0YvsR9K4=tx3=1yyAnsdpspT+{&;Xkh1FW;2>di6`+pDX~)@w=grc>y$Z>wj&8 z)tw_0V|W0?@-F~cUYnygNK&8iyZGVCmEX~6IABG3pLwGMf_W4)LC~v=DrD72J`csp z+k-jUeiI>$gDGnghuRX5QQY6ak0d}9Zro)~AW&dqlCV5dV(}FO3zS?J1@uG?)F_u< zF%`N;VGTu>d-(zIK?Aaj2zP_CPx2rU;A}uI8D2I(v97KFENh{9?Mi5l*$MaNi->9; zcrG<7kmT}fyL*w`*JvDNn(N;5owIWsP#3xLBbVKHl?;_}K@+_~UJh{9)Kzr>lKK4a z(wht%m{_zrkzA=NNYe4ao#;&l5Ql+pPWq$$RcSTq?5`x+jx3IzI}nnx6d6zSfR?U_ zR8x!*Nbc?PH;lpjjoWMZ`4KpTm4FlttB)%BP$4DRlPo^~q!@+}{Pbic+Vg(uw`1u? zS2tBUMSM^eQ^*xGSIWK1fkNSY<|#KidS@ciAlKM$DD&gDC(cY2lvhySdh!G89^NVS z027EJGeJz=ovQ@F1bqOqNPzppUZd!|IZ)D5>k`ZF8v9_(=%_I;ch?+&$gCO5Z1IPHAzg3#%w-}-8GA>o7p%dQ0fYPbzPm5NuC~7@Ob{7Z>QvaB zgK{HQL4t9IInYyRASlg`0kV_@W!*EH=%;~>NAWzNn!AX%6)ohZzWiW{cw`SCN{wLM zjmb=3pp_Fi2Du&rrqoY_M;?F{4OKuun^XbFq7N|L>5!w{z2_Rv9VNI)FM-GqLq5m= za8dhSMN_(=Ua=FynJ;B|y?Q*Q&+&ue!NUcbQ3Y#-gl=J7R+BB=YCvqhHE%A86tQg} zulewM1k0!fJ8o6-t66YZ`>r_w-c?81|JB}?#zWb@eB%s^tVIXX5?}Aes*m%W)&LBXDm+7H^;^$SJa>U`SpDkoPjW zf1ggwg+lyzRGA7l)bdYe0V>5e4IJVTuDzMfueJiAim$$-RacQ@l0@0H-UizaGv=(l zRt4kW3Xy7X(IQYLE-`#WwMzUW-2%GtDm0Hz;hyn?U-jgh?<|8K+r~XkS)M4xqYwo^ z+v}psFT4xSPrzLj4$dMuAa2zlr70Eo0f1#}|9GQJMEJDs?~347{d`)q0k~TIdflUsp+=RmZCXArDW`+Aw=AVr`Eu2*gV*&s;5S{f zmCzA3pHvWDmNLu1-binD;WKzfwzZ>7H{UP#B$}(pVn(09 zXt=@_&A&9kF?F#wsrF-$?@xz1cXF<$keqH~5jJx@!N|t`7)Dpj*KjB?o$sOW3=llT zhTGp?cdf|2yfm=4{m^Hyq|5kHY%W*&XG-y-KF!Wk<|TkZm#ZM@iA@GQIhQbTI$8@< zJff-Imw+gNy05~dx%|<7iBeXLiav53R67sBa6rbkY5u$ALU-h)AaAw;L|(-E15_jZE`ma|fh=&Yj(@kl!J*lut*%f~leoBl%FqJ8Rc+SVEE?E;y%3fm8FnaZnw zTThVSbx&@9CyuQ!*Nxu{7UDfP*!|>7k`IBS^g(j8as^>UJsBT}au5ntKJgYO$Mc$) ziQ&9xn`$(y;#{0jj<0LDLs5yo-Qt}ZC3>1bKXI~I1^qFCX6qf`KLdkT&?0`$PPVN4H(jBBb2mO?@Ph{`sTC7fm3~7r#4WDmhF2e60 zE;db73m#UZe6Qw8zb6#q{c4|L!9|;nXx0vyNa?3on%YwQRWk>_A=;8iyWq2U%_TR& z#)YHSv7!2R&vb*h{ zgXy!Czfb$7{BV*yA$t=ZtS{(Dn^m!C6LE`mHE*6&T**S?nC)4@TJMIO44n{O!iXkC z@4jw|i$q*bgqxYO#KK+du?Ogaao!Whg*c;JOQ`hNtp=Iz;ENlu_R>6a@WjApdme9P zzd1$J=JPtt`h9XgI{f6+&+GW}a;bQQ@RR354fHtq^eL?h#(+v2gZh3@sBClVh2?jY z+FV<;)iq8N(Pp8d&`cqMyye;lUtdIB(@(ZfC>k4#Vd9B(Yvvz4tu_z2g(;Pu{>RPK z_~vHwK6&M4Eq51I{F{j|O-^tptC7(&*N`KQmj?T}r^=W)-yBi4ZUq|kT@T((tOx7;U@?1b z&rOap1947azKQxD&BxJ^7I+4^NFDN~^)keK;`mBT$sGjv*tbaUY5A%e$s2i7aMT0B zUgmCjS_3w&i!+@#yl-+7I&4>&%5X;Xdqc*;ORl`G7RY*O2%~aG+3$uhuBHotQ7q|d z@!^jhx|wNN0%Bbkzbemly-~ukTZ^;Vp$r=B99TG2$VG?3*X|mL@E(*TSPixrcGqcs zI6eC*^v>$ag>!S#2HLw6^k&z8=x=lju1-A>>C_f1jN=kz)Rz!Djk5SAaZ|{mx~0by zSagnmye;+6pvX+*M zy34)Lwhiqb9fjv#t$MoUBS&_Dg{FHfj;!{7tR8E^lrpqiXSca99)^z-kW9Z!e-zSj zd*MMtdhygt^$W=+yQA1GLNJyS7d=BL!VkDG^bMOOPkXc?dsDmbvnJh@M{%}`;BC>#Ikl21ssFxOR&A6=nNmu}3t z$Ci6V_q>L)rF3qCsu4}h^v@U_pF3i^u6;L+`0nTXd$GO;bH$<4+`_*?{#c{xt>UA* z4t43y&bM7lTYZa*53wlv*)LLdYw%vKK}{Ah-!1hvZ0zdB;5jpL;`1*haI{h-Qp@hs z*tg^R>#uQ;IPG!R)FgS|O#O)dM)7n$hl7DfK#K0<*M2987Zkp0|qbuRmsc3>tE^@qyMUHZD7N5_{LPe_1A5_1?Oc4 zipb!f~ z&(MeWbcy{L%9Moqv4%VS@UTt?OthO9-rj2%X_Eh{GdHPR|=)dS-n0 z$KrlJ9Hi-#hzMQL9zy4}7<5FHuh&Qxsl$LPHKEs`P1pzO**+bK&TOJXlEGtBI><6T z`gI4a^XKD3a{c(yl?2yQs^|)900?3vNBgLq*8$h7(`P?eRNRf6Wiz-mI*;H*Jzy{RB8te^#6#gfGw$&y?;L7H%M51vVLu)B80H(Khp~NKqWo;vDCSu*S7aV`s?1k8n%*(y%tqAe@+F)eUI3WNiATWs z;aJp#ed}(4x>R3|L*FEhcHrH|?I;H@(Y)R{Ii2?U;b>{Q=Z^ipXgMX4-#81QO?d`Z zaK_i8V0Ts;Raog!?FW)YY|9t~mBy?=(8r^i@~ltu^imQhGd<|RrI8jPniwumpiR74 zc$bP1UH}y29`-;A(DioV)hR}V%1G1PNWjFkSKadil#xlC*fIZFPG1dH`|Re#TXF+o zKZRyHw!U}!>b}mkb8XgxX(ZEi*YpY#L0CzdPnb;p=4vLjP#_<`c$`g^dnI8%6twmvk6DA@PuZ4E=UYs9_k zgFW+<+{HO5SMwyn5@6b)WnQB-gXU^4+6SmPCN73ytB7&sK7|u)NZW3siEAsmeQIA? z>)qT5G1;{tZBlyI+CHUH*#i-jpN~iKz0Zq$uGFfCZlH`_`mrN!LG&z!u10wp`i} zxcwOByL=iDLB9Jg0r6fJIg=iLykqyodY6QDsVyKX6f%!?ol_`Cj1cX)aZu-Y#E2t< z-A{b!mvT-xMg(EVWIq?H8e_);m-oK_#Lyl}p3aGB9D}YFVq3P4-t~kbped5jOnv&M zn*b1F%G&tzH&C3HMn8}U<0tn5;?T`1ThRD+!^V&@WRvPbNTq0~f-=u$Vb6p}cuzNy ze7aBVo5Ux!hL{qU9V5zEI5 z*}>(K=B#?Q6Y$553sa%F5v;EW45k>zs z;FG`za-RRZ{|9)&l`5%;-aO3)<}bQ!tGss12lXy-o3{mJ`m^x3LGRoF^K#J`BaS$c z3cam%l8buB&!6UcZh~_iew;oSi=>74Di4Iuuu}Qrr||8?mIL2i<<#o$;FG5PNk^?f z#4A{96Lz%5j!EuyntN0a7da7D-q|NNDjjcjhVv)GY-XU92_;m~e|?OS4d{eYKc=YK zAPxQVox}JruRI5Hn-Qp3Le*z}gy?pFA!!1alXJ9JN-gksV>uQWN%X+BDonSvS7%&0hem}@uF1$xV`*OgJjk95gbt=Eewb1oa$!Hwx)7IBh_MKhb%|mE;HkDug4xQ<6ZP z4En6=3Z4CCH1|b>%fzn0YJHchXm9ImT>tTH_)cY2c}&K}$$-R^ow1f~EKA@oi+k8~ zx^eg9tc{7U7=y}Da>^ks)@ET$3=SjC8R`5EMKM(aQo=z?y6-iM2Q7(Lm@2X`ugCp| z1jEm;t4VO4CTFz>$J#Bv9RHaH?m+!?n(Q&L{W()nX9z%hWi& zYijgl`^AFZwD1}Tri#x=96W`SL)>~R=x>KF?u+tB-L>F=yjS5?dY@QP;>5CUow7=Yp%z zic54b&UgsLJUV>L>EqpcQB9Hs2xiT)V+Q?i=J&GV~ql4C?5eU%j zvC(2Bvq1njPxNWmCyS!=eL*v*rg@w&*zktr2Dv!N8K*w5LuvMDwsO)k*rP*UQ^wqB zJ=l1fSz0q07VU+jLD473^_e+t5ZLJnhEfDMz_0W_rzZ9fly%C8t{2uWwNcV?J_RaJ zWn0@ZUPiPL{=ABk)!ozsW>`!Z|6F%nm`I(BmjvCS`ZHk8Ec00$Gm#yweoEyZBpq8k zg7z*ytP;uP6#h-AIS?};Bh9H$Yme2LT#wV&O-8Ela9rGZ8W;gOZ|8@Ol!tam z5|X?8m$0|zI-oh%=6*$u!rqiOGq=d$UB@ARi%1dt5Vm=%9I4@d%8UnjT%3g)u)0q(8NnJog=NedF@?Z-&jF76xEji76vCJHz}E zwCSF;qOitHG`=C+yraqQgB76FV@mU)q8(P;T8zp|jEuaUJuPEt3%H_r1&Ayr3HoOm zIotOr+H4(^jCTk;jXz(D!=4svmL7^aOT#d0-oeQ_aft7lvdP%{y(P&ETN^WoV}?Zy zZWuQn*fgPVp9Zgr<8#AgGmNWY1;_$}QSSt?W#}>7x3Py;HrXr>2#%h@&C&=@at2xT z28hs-Ts10OspvZ=#WcOYJuhA%a=AX>+rI091v?->r;=ZAq4i_~?+f*cppdx!n)k=x zr1``}B9T1kFqx~lRjPhrbO!=5iqY-4pD|sm#Fv|C6>2L&=*6gPEhWCVBElAXiBX-) z5+i4aqa?f$t#uTu3v&s;oLgVSN8UuGWQk6%qSYTf!Fi7YL36;x21{nu!D2sqO`nhF zP#cx%zTo@F7LINOE9A$Wv)?JJ4|dR730=mu21VnodoS%Dm0V(!Kch~2q413M z8-n0&m9hOJeui%5*%lm8TxLpg0kvEHE+Hr-o9QdzGYEKSOKWYeXb~zW!+qK-o!}kt zfk-=~@;;PsXV=$Q;v=T0lA=^jJ*=}}4z(Fpp{Z)fPNLBmAQpR@y2(+SYuB*j4iDWj zpeXRy;H{rey&C8=sNX%2pE-B(ddfDxId*2d%o$`V0_e;;y184OZEud_*sO*{3DX0m z!0ap<{Q7zP0fXL*V)|E%wu)<OA5N>q`ln4?h@ z+C5~vy2%Shf`*RE0`XfpN?Q`(5phy4w6)z@qwcGj_{d?dCne9K#nl#ioeeDE_&z0ETLpX3V>QYby4*jnxt<{`YyeKY)b8CsS2 zXx#*yGyS~MKI@sot zq_~GNT_Q`wVzP$dnOIS?-It?X0Em{{2XSme7X&r@Tr0vYj%B3RSyW6vccOGv@}uz_ zPC{oFu62ra;fq_*)G>)&iVJcNc)Q<}pX5tE7`zfVQ^5XIGdQ^veGji-6Ow(iGptdJ zoJ*0p6DSYA~!h||U=&5vi@vld7nlyA4*MFbjS3C z&4$kF7~hfJs}U~W%=U`gtLs%0=~FsUZ{}wPjO#d09&xuIyKF>k`D zqnsOUtD~%P^f*+3*4%j@e3@xa5Ec{z0JvSn{+vSaSGpjFz20c$TK$z*76W`qDO zE;2t6PeNoowcZ7}PF_MrvH%@7N(09kYst;T(yp1t!VrY5|6!OqUIvjh{T4KWp}Nf! zW!yYTDE*c)Rn3$THP&IN$Kf$|D6?py*chJS>I2>*s2~5y`_!mYYC??9T}{~TXPXG7 zF4kfCcxsCae~@81$YtZYt5tE_>B;Bry>dzV6ub!#sGCpcZaBLp`2`zlaTC#J5VJBG zTE4jb-5+|MP8^e9y6YA3BU~)jWFNzLbNRTOtDoT75rW{cmv`3aFCxT+3a zs?wX*%w4r>dy;6obLc-t$(>D96Z^rRE^(rogJnDs&qPRFEy8Z2$*m^^!zEF5#;xtM z^TP!F7G?>bB%k~E@!(*WRod%uzMTOBpDV5zA zRoQszbnMl~ybN7&zAqPR#P`s|g!p}?QT20QbD(;pNEVNtnyBi1I@hjB(|DqqkK98u zs5MTmg3#$6H#CWq-$8u-PrPTu>(W2%4yTAwW7r>|u!~kqj0b!5^c4f0g6s83!L;yIP%Fg7URC*m$6^-O&5-w>>Yacwm*LdEc}Bk^rMwti=9ju zEF({S`Ox;eF(4X%q5Ni;!Y$m_29D7AMXwwGeQoE@@}~gSD)Scpi~dr7=1}G*w!C%u z>c2iG9bTU|s!RCAAW`)vS=gL>?*FUvwIW1X=kUF2fb|~Wf+ZuZZ+EaVr2{Bpzy|5A zJp!9G^<6^9*PJ`#H#Ye!VZo%ZgmV4HH-ZzF1OLw5m>v|x6314+!{Q-?K)aQYm;L$( zFLELgvyLcE%*3OPkpR%QOETcXZ4Fk^<7lnn_m>@b`BC z``h{ddH?^1;}hOP;#R!(*NX6W;{VsA@ET?k*qJPc;gELGzV9UeX)y5KuX%@Ihgyc^ zDEy_X*UHo-+lbE1!&L8s?&E#EKE{{{*P1F^67BLy=}n{(>}!Pg!=Jhwu9 zY$g2{{p?m~JyP^$06ustw0IgxpIQ$jX^g^$LV;{>kXol+>^Ai~8G~Qy*BT8!8hk*J z!{?4e$b6F^Uw?8eyiTGyNY_~XL(lkEqrb4^O+MHxUQpWT{pIRx{s{nkYL2hz7ygYJ z*I!pr>Rr2M{_WtOP2%^Q527Lc&@b&;m7*y<0!qMSu_hLlIta2$WQW%vh;@owOr@(bE5)#b{;$g?jdqF$zC;v zX%TmNs4(>qv09giI|tCS`au<)&IghlChG+0n!C9sgr0W*7H0HAw?FoHxZKi9M}uiN zALxLi>}^)x&BcC%T4nhxiPYdhgp{$%5W2`0oKj~Iy;ONCC`U}nY7x)Mg$$%>MDeam zoMX5vyYp*gnvxlsxTu46sw~g`(=K-BdQ#6HU@v+a)Y*DWcYt!QF`7%v&zkECeKBa- zXv0TIb%{Lk4`Zq369~DEIf5X{9*FoItqOqqmA`i%nO;Ra2Y!BmXu6NX&^%&jh0A|0 z2aEh11n4YTfC0$Qu?WodPA$^QP!RrB)*CNZxR(Vy)0<6(pgnI|*dSEaaTlmQ#Re0} z&6$Hph;B zBM1Q4StazJsQeL~SQU6XP~9STP&!Px1gbT#WEFUI5M7 zr1wsuU$7Wrx$qOgT_LVPhbalso=rUFO_x!7i!hti*;G6bUQ=9C1p*c!inw;3$U~zg za0L+rG8H~Lc|Vx5Z3MJjt~6FZ5kk(6_6&$ct$OwT}<*AMIOUeO(A-M3YCxGBVg12|GV4U-Qzz*8D0veVJl}4C89OY%a zXx|AvAUe(@Cqt~{BQ!H0RmR?n2`&33f1){Xk_izdc4AE7UE9!LNpE=t-SSvq>sOTn zsFzSSRpPTcrR)bifso-{LDKZ&9$;IVjc`q>b#U}QbfG)Yyk5a9*QLPzs!A(ZN{vKnzdJ4K2;*c7|UwV9^ODJ_kJR5W!FU5myPG zoBwkh1=X*Ekfb!Jk8HaXc=_h2GZ|%X*gJS{gEsL(*PMGA?EG#4;>m#VrI2te6$AfG z)?oRri`N?j)J#cp!)fAWng;;1Po{7#f(BT1Q-(z1*6Ub)0t&tKvcI|T>DwcTjeaiV zTFho5a$eYvs6!3J1Pk~aFEd058Zxg!es>EH%~P-d^(R^>Rq>3}?uOODH#XXjbrcsEp) zdFuv#H>EErE{9qg$h`4oF(>Za!vQVm=L6% zd!?#n!<>G+k&ZG$E!rG|GSZ9-8h7C-k6YY@S0l{E_`(iW6eO|4tM17h``8>#QJwAU z{i9SV_+xTmEmCA{bhRdO{{0F*>l7G!F=3Yr=n19f4{U)W!=zGe_i@| z{Xp!4<=a4*o$5NSF8VDmVN99P5sab=y8@ETKQmiIj-OP$*o>7H4~IQfcxfOucYT9| zoYv|)%Hm2YiOQ}RMgvCi&tYi2Q8v679VJ<=01b<;Rx);;>7u#+=fJiQ-=F$VZZ0y% zrr=0^%wOJqd#FLv)1(Pfs^XuUnOwgV5OwAyI!Whgz>I`k(OD5SX#?*FHJ4g7qFUUd zld{nIR77J2Pxsaf1rlITiHVCOEv8T;iJk2NwqN??ny}!QlDj&gcQ9?$T;?t7Dr%VV zOboM?cxt1)>F?GwZ~c$;nyX^9S^3|Cr@e1&1WgaFy*<=(k__9IS-M`6KGWA-Mou#Am*tn!zPQ3{tAsnEmZyv`-wa@M1!an-yU9S z#Ir#Z4Gcu3BKZ8Hhv7(+7$Oa$w7}WY_nwQ2k#43R72!K_m~~VgchkeTmzTm&5-olyht;I3Q{Fc}-B96ss)iNNd zh3S%zq9lHiEj5Zou?f9}1DCaKk(uzGo-C56m0y-OnboL*@;+@(D$kO^&7(_aM6bc4 zTn`EQa{GMZhv&BUAG0 z-Kr)$xVH>pK;``|e+Tcw zH`*}So}|LbiN4C}N!Nxo9M@$#aoQufe5a|G5=BBMxJkoUD3i+jEpZL$!VmbUX1f?E zf-h9=<3dgS!Hf@a$mu@_Phuw8h-NVi9uv6r=bU9U7>H@3?CZI@0!nVW=FVZMIViky0btbI8wA}hOI3D;YVvUTcpXX!JNyhuF zyZk1uNN!3lijs)%@`w}8GA&nDM#^YzI_%UOJKIn@KXXWa{NC8;FM(I#taJN(gNW=dY!+UeZUtL+44qwUVW@{9{t^KC8;8iXGLP z|55aq^}?<_RA<)R{L_pOQ0Db1l7?0f;SbfuRt&`H&k^qx26cBvphnA_IMy%=UE))q zO`fx)wE6WB-%w-Ys>D?wDLlWz=|BQS*B(3a{C|E&r0UE?+EDsegn!4P|M|1hE~qJw zDe+$1{m+4h`;}LR`tN_<597mppLEWAKY(PT+G8QxIV+!@KVO}zJxVF5;O}|hl>L)H z))(o6NR|kwFya8((p)sIA`fyQL)BTWu@f-Z@AS-}e(^EkNUrVzf4XMMW%5!oEK^QTYNJ5$WB$p)&rwYDG?>- zs;RxUm3zvl^B3psIfA=+R2CWX`xAKm#zt;L5%Lp{-Br4dXw#?*KS7u;D3jcwL+LJi zZr?v?K}gG422Q3C{Y-uh@=l1{P{oZ<)C(8qm{USx0X^bHY<6pF=fz#m9 zVjp?@qZR_gr?~c=^cvppb$sXkd+^Bjd2?j&SHN{mME$b`8XZtnX#=N7Wd6uaNTn^r zmnI{YH714|PwBxs;leDak#yi3zTF4z4)GsB`INc>1-&l&Gcc#=2a0~$AT;BjhC2UA z+_?n5XU*;hfiSYFcj}SAKr<+^r1a#$OfLsgbzXE%u5w}#yB}anXKbv_Cn6x`k&(Y8 zU*MI~FN*}rBbUo5Y2}nXEi;arg)>7}ZYoHO`kkAO`7$bAvj{i52FTTdWEYS)jy&Jq z3XYfBy#J(@H(bHH+m(fR^^~nx5 zRY?yvyH)ZF?J&80ZjxbFfa4X;G?NDOwoBL6UTZ*v@U6U0x`|=7*Wtw2{vCC=*$FTJ zNxPm*q4l>6w-MKpTL5JBLn;35OqR&yX7r{q(E^wO*6$z21sXkPp`c>!(I&i%e?W37bm`Bw`O8_g%xAM?J>aNdH+ls8h)~9xal3eS_ckR-H*&DBX;85Fs|y?qs(J=ww6aGjkil7|)I9G7E;p59H-3Dn%q^3oH8`>ObZ{|ffIiw}m$l1ti?a$@OMpvswWiZJJ=g&Nsvw$bktvzlDqi^L9F_D$3(kYtEx-I z%&40#X(WAsblZg1nf-xGt*{D-CZmw~-C$F*I(X?O$C3t{FS?2DV>QBbn{SHM9A5PA z*I;vud+y1oisk=~KD^2*w*?Hs8NDgxawh7S@Sd<&7s09M3ORSc@*m*B?VW|QU_$Sw zdDLJj<_+jchnKz@jG*lP*iAAZy`EnhtIdz(NzGR#LN4i+C<2f%eWvSC2ck}tx5l%a zm=JTC2aLGg@=lMcjp>y>F!*3reTVju0d22sH(Ob-u2>7B@ZHHn&BP5gfhz|AnBwn) zINJmFJVTPQo1%Ietu#Dqo2X;7Uvd!&?gL=wYsP<#z9gizKv0ELgjGc_+(@zdD@M#l zDh{aTJ*;4CxRYbvPrgHqIVDHP`h?O-b&0<2djU_>S*T4tsXvWgmhC@pAN#O z_TWF+i2rN~tVog)UJS7Ix2``I#Zelh6Rlyl=}@7y2q00deNFEZUa>E1)$+TG5Fd>) zNwXjW@t|dlNMETO!0G+F512%^j*PE@1%!(S44e@wVA(g$HL5j*TH};LtyYCzU8b5A zN*FTOs>&%{6YD$BsxWa_$jgYX(4`9q{F#~uU@7KjXrytk7o8IS`0%>O2ScUqRny6315&Z zRIs2}#V2?K5b;FX#OL0h*A1} zd*l8O>JZ{0=Olh6Hsn%L^PcfFU^Tz)7#T=|1$mwG=F8(UGeBRDW1iRKK;=40U9x`| z-v^;M{aJ5yUaQ(UFqc)0!iHq@xmBSy6Swj^A=N*f8|ol=4MOSB3^Qq_Et|c;GVU< zI?d;39v<9eun5hKa&f{wBO0G`a@p{ab9x;wi9g$@p6tdbXr?!McB5(jfL2q*neC@k z4J;OqbhH9&?;7&sDrutxCKpefxUAVaxoIMsfk>ubu-=)cQ9kv^X>o&B?}5nTCQnzG z#z;b8E$zZrQ05!!{*gatUP6I0dZ=;KiG_qLVMGJ=kuvqRj&|$UVfrSg{Za1{yvpAV zkzB&2V7WK~iiA2s2UJlLUw8_{^!lQ4rrXtMxTDr+6p|) zw0{aNXnod|U489)rQz99+xCK^L(wL3I;n&{g3}wbQunBFVFhR)-DH(}I(=qf+hKv` z9P6GeQ4-D1Dz``jN9!X{=bSO}m2A?cc&W zo1ItqY=TagwG!TckhHqy@W7P9cExkPhOw0r&8=j9k+exRc=a_aDVfB6yft-S-yX+A zwEtly?S(RR^Ajr_AMS5Q-2Cxwb~rqt%jmoSy9z5`SfK@27h# zUZdb`x@VO>$+mb59HUDrt^Zb%H_`g*lJL)?)uFnB+4kRSaw}zq`}G(SOfUTR^T|v;Vxv6kKFUCjVa-;ekPVjl3n0JOg60RR91 literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/tracing.png b/versioned_docs/version-2.21/images/tracing.png new file mode 100644 index 0000000000000000000000000000000000000000..c374807e5e43d66407e21c9da5fb678ca877a59b GIT binary patch literal 87995 zcmb5W1z1$w_CF3d$^Zg0v@}C^OZP}OBA`f0cS|=6A&7J%9ZE|mA>Ew<(k)0M&HwP; zd%rh+*Z=!oo`+}7oU`}Ywf5R;eb#49n5wc2COR=X5)u-ooGe@&2?>o62?==x`~bMq z!3f3&K9HT%Wh9YG2T8YpFGeQXa;8d3NKC*r7zsJl0ts|i1o$Tg{*jPC??RAJflnOZ zUo{IE=^pTjeD^#HvJno!o7m4PUd`I#K`aCI5I2+{DS)(Zb%@!p@fR?!AUa zb}r5$FxXu~|M&N|eww_t_-9MDPJbU3FhKUZC+wVT9PI!1ZlJ30-CaRdi`ORBI&cdc zV0wTyM0xnRh5so3|2+9;i~mwn`=2$rxOsU0wd%h-`p>GGP9~00b~Zqp&Z7TZn!i{6 z*N1U>cY%o(MHgoOzeN*8ug8(QLP8Qpl7mY;eT}@+h??~3$w{+5 zhJvo6y4*V_EEJdy7vdd=h6(5X6KF7n1gHn)9c>|)K>+<7H$pxxEjAmb(^?sHJ@i6f z<<@G?H6>%~d-C^R!YV3m3omMmf4*3nuiqFe2V>JPwT6)!y?Efe;m?+_KGk&jd{>N%gC{jXV zv{z^y+k`0)N$w8Yau^DDZKO7=!vYxC&M79}@IC0f@9f;TP2R z*vjJ>Q{>LmF-EA?W81c0oS0yc2bg%i=Cx_by6d?lj!ierZ!*GXv~@$Rli{-wC$g~uZ@6rWhkC|};IC#bF3*%mK$Qus=@nI!(@ z+8+gv(IxWRy+2>Kf8EFau3!dr%g}cge@zelV{QDS&>rrd$zsQev!e-LZ02kQVvBam zuvWC=SZu0((PxLADjeR;eL<#=;0SrN$flvOut9L5<@~Nakjuiv~ z8DlH$2Kg4eEQ*Wri4`YmOaG!)^hZ_^kMH)g%XTOTxcvFW&I1s#Bea*k*C$&?nYUMU zPL6@AilueS;nhQ;mpmVKTQS(vPG_vjsz>FSc@?>9+=PG4Ic=Rx=?_gLnPs?-R*xyq zZZO4rADM|=>dZKgDP6{G>@T&AwPA~;9VK}k_TcJ%x~1M<48)$C9DnK9LyONm!}*tH zEs`Ge8K&;B*Z6C++_0?^Hz*??^gt9DrcLIt`F?9Tg5CDH4h(&_ZY64KGbdVE|GZZ# zC7#18| z^ck|aiX0MH4ICYK8j%T|m^hm%DA#Q2g1{CY>tk%CSxY zZJK>6+GQTnA&G$FtEg=rQ8u?}cF4e=>Scqk5X$m?6`#Y{<7nTjoM#2QwF{yjKTSUW zvS`H zf>hhj)t$sv&T)jOF+-Sqb8qjfWS;k%jS@EP2S*)+-}@3{wz~V}H|y6)i1OhvWC*{{ zDZ{$5XY@`?SE9u-2%ek2Z~vvd1Bky_c4Yl}N=a;+h%}&|#HYXz+EDkOPMMdwQ@tE3 z{&IftdJu+>%{Lbo{`U#GZHnItNWDGS+@9s_e02cg?7Z^QaFbW);!&2$Zn zTj>&*8X}P*zWLYGRvg6mf+yn|8y=5m7T)ZF_+Ot)Xr-EB%5+XYZoASeAU07D!NbnXxEXvl&wn^S)T; zYu1^)1@?AcNm-NNcVHv9!`|Z#3jX-;4Y_G6KXv`eGAsfcTjW^v^Fb#GZYxu-K5%M` zsw=R@1E)dbQ_L~fIft$_grII#)4?0NT)^O=OZUAw-}+{jsl+mbr=W%ZZR+~$cua-9 zF8lMV9_EXd#OABDYG8{@DN&HDklHn0pB|U_UNeWLUGA8Pr4s18im3*g+8B0>sqyk% zi`P0-f1dWkI9eoOjJ5H2R0mmb*19TQ4tJSn5OvmlBYjNd*IaBcKd|!@Vb$Lc``9yw z(&bh=2=x`UbRC{tjAh=$4c&uc&oy04luf1^@M|4zP&^t;r~OcP`A&f?Iaq80!QPS@ z2I|;$nR=OM+jug0Jk@;j$(5zAbYw8Eg+8(-#ckew#j5QWb+mA0O|)qFuX)d@rbG$@ zzt>v@V%HY)UcgM}OJNDnWZIQe_x8Ir9i_vCZVwZi6(iAJbCZ|PSEFv77rdoyzS$2I zqnYuq*^uP#B6Xt47HJ_Jp>{oAOWbhW`?A+`l`h7j-{p35F#9T2$#V7_Nn?h8l$vGr zswdGtcvm}(&ti*vNbJ_@Vuj*1sUyicP|P^ci<9lCS*Euupwns(-EOXc)gJ2GI7mKt zj&AAE#=JdRjJf%xpYT{JVb569AG`0@M?i_^AjS%DJH>_)U%KjeEc&A!V)$b=$f{7V zy%A2PD4%%tg4IDoTuAtAG4Q;B@P&0ndxR6~?fcsfcApsONFud}$&Lf-9B(Zhllc4q za$A(mXsWCg?a2Bh27|j3yiH*FR(^DEoDHe(4l^MVB?F+Am4)m-9$pLK4iz|Vf}p?(u;^TP1BBs?Rr?ENVHhr3|O#_T3eg}VaRz1^HEtG*fYAqiPiq|SVh+&-ZD(%>{=y4}` z=KxjqSaA}^p7jy73uA|c4f!OG4&R~m^DLp?Sdbi8xQksK7;JTm3}%Rb>a*Y1h} zyD~+7`gdlKvp-S`KG>sWuCo}g-|otsq!}Euu+Qz{IViO#A;RHh-Cz5i1Fn5mc|gH? zhHb*gi*TU5woQvQw$>jJI<&s;~f$0owW|0)j#c0>M8>L^@ijtY&Nn_1vgu zjoV)9sDHrQgEX1|>V9z0H;5)qXDI0k@+ue!Ige3Z$;ZY|Hb4$nO1B0$n8vpwj+*dx zI4TZ@?zd7#QH#M%s%_x)jD0fY5<1n?P&0lk>IIwH?~i@+h1o{k7QEe*zWQf9Xpx3n zNWwLh!PYW})+ZUVqC_W4MA@?s$pp9GN{P1yN#Ew!K&`0~&~vVTguOQME%}wG=V1{? z^FDyg#P}fiMtrr{^ci}bY?qQE{jS8Tti!qWOy8S^RZ>1ycttiQba0rWo&%bU{)DSP zXOFtrSe?x`J)n@TU7`Bm0g3h7#DxGccNo)hepckf9`!F?y}F z?%>Oh(l17CHfR+|W`awaeIGWY8Xt>C0!a6sT zRxO7!uOn2c4h6Rha}Je|V{(fLB*kW;&fnhjJDL$0XZT>#Ux-|%9%kFfw$%kc+MVu4 zNC!Jq$sE(!$^v$7zLyh;A%USD`p_nILmj7ykQ2^TPoQW>H=}LSGzDJ)XY{)VPy%<# z!j<*VgO}(H*@JN-QN?Lqh3qC8`nI}-xY#nqleQTXD_3m4^Ek)pzgCHmMrp3-kcp!B zkoFu&WFH;1>Ak(>yRh$Ukou%%3c zo3_12P0^5Y=bXVa{r%8IH#lXGHkz+2Soxw#aWLknW2kNJ<mhsvy`DrV0b@HbOutAoLZQMcC;S?xZgord7_?$E2x7P@fx7IX!sCtca| z2r3Rib~30MB$j1qxE11A-bvG`t_S8f`bN{P_;B4rdK}iy_i)pGbxMJ7b`cuFzx<(U zu-EcwjT#$DC`2AEI3K2pAAs9LO|yjZNIEwcqF^t)(cQrUqRs{UgEmVw=d-9Yngo6+ z!=A6D#IYo#{9=*LaBnoJofh#QXjTHGBo)%h^Kh zT0-1V=%g5~3p$;(Yfg(iEl5*lpBbl$ydiUmut{%X2VCNMObA%58R8nF|7BM#T$4Y; z1lET55L^e&u`{NU55$b*$kwCsL6cG?IA?3vZ>^^Yxk$WGY=Waninp)!r<62uUKoM1 zAp)g$ZcSU*>Agg7Y&TaZ5lTj--HFUC?LsBynat~|fyc&9k2^_>>1}Hu{k!!W8SWIz z9B|(&DJ6I=k*}^7l%rz+#~U9?AM!SeY}0g5On-IXVtN zM}{9Eud~DP&Jannt=K_!aTLx+9(PtZc6D3yxQ^UOv=RA}xS$0(FY*4EGn>y)n+FT% z0nAqwXA&h)xBc3c+Ll{VpQH=kJ!@tYM^;3B+>IH1pKpVf35NnJ5nn#h+oRdE zetIZ2?{zeg_#+aV)R4`3|9lyh<|~o}=7V?8`;k9>R&;0UY<*aV$oXUX74O3}s&B4Apqv%n7OTZ6lW0>B^Bm zBWqWVK8#6RPjeb%2{ICE8p})66XcdLmbl)J&p9%{C+<}JK#6x^z#<0twdc&42Y{;H zB6>mi(pfDfhn@kn=IZDJ2bH+}9M4Ne;@F;={T1~@o=P=aoQ@a7zDpD}{cJ>crl(+x zM^V(7Yy2Hlttdt{ETrR`=wpz4ntoC5hR{+wLa{YCxFtkGgmiwy0-`p|$(cPABp$ZM z@Cu3x2N8kL!D7X@G?J7LY>5IRv_vpE3?A`5XhNX17S8&kl56uxV!IeogzN)n=EzoG z1T`+I^msnR4*IE3P!{@Nqy`K{w70*CILqQmaKiA%nN6mVr;=mzlAx3jP}I{#P$2N6 z=824v{AGIH^@Q*;G+%z-Tjv2=ZHL8~7pPygv_B{2!&aLjv1_Ox*e(^$SJd~3BEhb4 z7#pGJtcOXiP;fk?(x>0`N1&DxjWiMK*d+{0ijYX_V*^bY$a)5GU>j=N!Q~NYl38${ zE60!sXE+)Ll;ko+$M<-_!v@m#i8D$SJJA@G6MvaBu9GNRAn0-PmX16&a8?^psTz@l zzv#rVNYWtE$RlEnk~$+op{?PZgvee4{@;p~XsMv|QIy^lW6mViqTyhO=ds<4z_y<% zYbV1I1~#;gb5-Kr5iNA>>c%9*^IWEyU2a^mmLsHG$1^Y&XkL)Th$akc+4vkX3 zw?K?rx};OL)77?>vy<%z9h+}jMg*c1d{&e$Tw-$e@;Cknj=8emhW(NmCGAaiUc&R@ zpAu*Mh|hipb8k0dgi+xLI38_A(Xs&zb_V|KmWpq2YBb56@^n9?*%*HZ6G-9G$`PT z*WMWuhfvz!vU0I|GI49phsjRS;;3hz+-<5yq`zUydQz&lvd{Nx&C1n(=YJr^>Z5nT zE^0U!NGP2uw*U3sx6DwnI6@E9b}gbQM;@F=Y_HR^B5ET%f2#eB6=Pky#uLYjrmL1I z3U{YHiG9+m{$q@1)h%YS`cH&I_cw!ZmAkJKxkmKtZ9hDi=p81?depMd-88&%+aV|* z2GZ|GMWo3`OhkjX$1*2lWYNr>r#YIAEW29KW|e1b^WLvWuVzY1(!wmP0WaEpIou<% z2rREgu59;!;7v3Y({eBnXGD(jl=O%Uoeo6~Dx^Fe654ABBMjMJj1v0U&39G^4s*tBjgTGkECikRcht-a zBxExkehiO8*lIj~Xi#%7bRQ*WRK62|UQV>>rRVnD<;cN{jWv6#{EgFlJ*s?!v!RU_ZC(nrrHYx&%tj{O918(x2$OF^4xNNLt6ZM3;3T$n1iB;otEXZLS=wosjmpo33TOj!OnimQ}$koXD$j0jH2!P z=cn;hF~zO>IoaF>iUual;05Lq&fujkxNeuWg(;v;?F_u$r*0l!A!LIKF_w5+$T{Hp zaFZF|+v`-#yc}<`usD9XY}>^k>80Q*z67J~LIUF@NO4|o8;y?{G9uY4 zoM>C@AJFzaak8aT`$o-=VK{vUg$Apwv7?;be_D;b2QFSF-F~xCXa}}+FNC1bo^mEg zx(`XA**;qi33V@1BysQXT3nTZ8&4Ic#$Nc17fb1X3f^Doa6Ab! zm5CpMv~4L~>?g;~PU~F{K2`!W>DMGWKUvfT5mD}T@iUE9zKDf;VyFS~>s(%B*8*-a z>^{U-gLx2YB2|iY!>heB_-E)h#8KB&fPRQmZknmjNZ||pg@dx?Uy*A&k_KFKy|$We zSMR3ueZBR*Q)i=9<`VVgEj716E+}Q+H+>);W#~01sr=m79NBtuxo|7`K3Lnfeyy^` za7>Bsc#EW1%Xfy3KXQa70fXzF3?T&e#(No7tdyAlu#+@v3GoSN}alK_< zDavs1@QKuU){B<@@O)UMnE7CwxhmEM5HAMv({E;FXz{iHPN{oZ2YXt~X2C-Tl1I>P zKf1RHI1{D8L|*_z&HmFGt}ItL(8pVn%prFGyu66O-$!(bgW8qeLMg7hO?vif+|Hq<|A z+wT3?I6DEIx994y4;?o2eV$U7U6?IiW~BRJx-@-U9Xx-&9sud?AeHr=?!;6=blULNEc^`IyOAYq#gcyeu_-#5MZ^qEHcJS!AH0~_ z-W7TK#%(=oUxo6y(F*~Y6B(uMObVAoCqrKSE1ff>9JYz;>jSb(LLX-@uDr7xvBT0t z8AjFcqh(Um097>qQJ>4*#F95+OjmB;;(hL5*$0LsO)Sqo0QSGUOyRXK2)Ila-h+a6Y)0gTI6qNV8Z^7hxX zs^Jn+^AE3zgTp_~DSt+|24ookc-;{D=wi}skBZMb2&*B0hrJ{ZGQp#f%&;kMdEoAQ zj(Wln3&AxhX$jFT)XYsCbpUkZFSB4<#*{2;+v#L*N#{j~;Q|m)a59VDYnWnA^ zwD|zl;bjBELtEsb;=C{Qn-WpVrGEes3^i=FppS4I?;@2(<1IIq7es2cKG#3=>FES* zMYnYxDP!fa5bi&ll=Fm~hc*SY1n1TDHg$vMUgVS_=3tcsg!#qG@u}r?jEkMt*4p$9 z&nK#OBESR1ox!gzcWcYuwA=+9;=08mrvTL6srpn}f=pqx<4Hq*>SLNcOELG=7#Yi+ z^-Z1m4{5iSLNiz5Hw<+}7|>iut6^LZj#ouH?Ryf1B?Dg1b>X-%A{+gW+_OJyj6Jmx zP^qj(vrxhbZd;hDJ)e;8AajtK3HirEmP4`sAz z7Y9>l9}35UcRn_CIW#E%r{E?w$`yjd7u@vN%MPy6O0Rq2Ra~-jEK|QaqL_te(q4>z z(Ac~H)$iyP`*_)u%D1Fb1KEh>E-}jny%`(&bR4!59=iCpEQF914lRX6~+vzTLH1MTcZ+*&Izv1=jk4!eEYM2HcW7zTkeyY zRXurfnosU6AXZHXYHg|2VfTAtw>`qL3mR~(slt|FG|aGf#8umhZ8yevIKLfh@P)9K*gqgfjGzE<8YCKc3gLL@eY}ny$n=9;K^<3&z-IeZN>S!iI#%{>MZ+BCU%cK+42qhSgI7g zNOv1&d~#^d79IroT*d0+3nnZp+X^aZI@E*6zm4e7^j>%cAJF;d-!Bn!=Pe z-O#ncWn&%TcE!z~=`MN>gf2|Xc(VP@DqwpJt%iUp`$^R24ni2#LP5NRsKF$cWaiHl zjgooS%N(PASn1q5I5Tzf@tq{h#2K+SYGOY!CAnSefZ(!Wf?*Q$3Y*=PPBop3Fp{{B;E_6z23i0JPhS8f8v}jDYa<>BrNuTbSq%0D`)B*qX%cTGWgllxWTCJ;;f7CJ zjE7l0sy+8Nm!?WF%EEOBLKaV|^H8XHQUmt`pl!25tx5hl&%MT@pn*5nJ@lDr_wi#0 zBtW35+kepgU4%D2x=;x#MH?{T6jkcMz_9)-KIBpxjD<8>p%Aq>y}wstuNC1{S< z8nb@SHK`gQ)m1Bz!uLupBLWxtclgHXoZr#Po}H|Qyu0}-V62IY*d3d>V4-^}u3HG;}Uhn0f>o7Lee>Gd9A3=aNB^mzM0$H2!) zk%J1(__pLwi>G!hmmX{ki;}Mb46-AG0t3^*^m&{HSi<{XkAbK-kDaL;pPptL@*s{L zQF`L>tnC*Y0=Q;hn6bkmqY|#fdz(jpk=S+?pose(EBW21HGNvVf?{?xNE(Wn7T6#YT_R|pL1Y9G$q9P4FI9@f z__Od|o7@eBM|-}vmn=vy3XnGuj80E8r#Vh7vH0@xA{|3rAU}r!hY1p+Zs-0C zvHp6J1VfP$*Wz6d-@FHS+ozw(yg#~X;GBFQ53Q>h!ST;EQ9LXrCTv$V>k^$|3JR-! z#4afp(#<&e_h zWOcj9<7y#vmm6rIbmnp=B9->e75c9{I3iup#cVWB-QfI;yf{jrKhljvd(zCA3{qp; z9R=l{CcGT|$^l{425$9_-ph_)>rLG^Te>BG7?M?hcM_MGbF)_8S@T*(Yot`1F=}g4 zsN~~uEoSafNyaQ_0@M4PTrv-^`7MUg;+7lg-^1Of-jFCv;?S&WPiSMI9Y_+9(LKbc zP%~LSTc}j55SiDh#GKGA^6BV_lFBTU*Ia?Y$EhXL<9`Gs5EdvuO(&I-NbgarNSEK}=z# zQeGOoAQA94Vph#=!BV(!@hN>1H(jxf><#!GtW`CRP3J>2rUoJ=*t`sePz zz46+#1=+5$^i8`p_mKVKhJ9{wzB&6gwRNnhuB6bgvx)xRhF<5mH}`Z- z1Oue-VKG}SD-{$HNyKUNiVtJcb)F@!eesc^^faerUgP!YtboUZA3`;ifZ0YP^BiUg z>2rE-1h*gQb^kurv<0lt5L6hk)5`f>@A4g(?t`Wr56-0RtMlw@_E2 zk4(1c4m*0HiE?<_nJY4w-f!~Pq~t3u3=F~L-48klxmSSGu)yLt*>*BVbDqO^2MDg= z>KI7AtX~Wo&Y3tEIQ>;4q6hHnbO|rO-ob_3s{6|*KOQg3^BL>SoQ~+SFt>Rb%tXBHqsIdZv+#AZF@| zOy`3{HpUb|PbW*R6e(6;M|#w}=;Dg@$V^T|OP0$p{wy|G5E4z zUEzPQbPvLioG8TdCp%xFoZ-FLdhlR|w>vcjuHiN+acP>AeqxIw^OI*sp%{U*`&BExz(;WHJ@X7O9*Gzea+X|04gW zpXf<~v|)q)n?C;co>TfGON+;hB3VI7sQ)>h-<18A0{#wfz79L=1_@LA(eF)if50ym z+6A)?*PD@; zC~YB_3IJOD><>Do^g+VksqmX_DAdxCvbah-YJFa)qr7kbMiMRpNW$9yNw|8Jf}v$? zUT|Y4<{$6+m)HLLrSV(f7*xsB^FEnic}g7E@jUKtqsd|hK^QOra<&rS_OKpNFieSq z7N}ez_@U@m>3?ha5X!#H17Qokn{B46ZRN^t4Kh+xpW^{#yb6D1hj^4Nm=Ye)&Hd z`kQp^;;811voVhSDJ}iqtC2y0YS72ne^9soMIis=a)vfbw&Pr}^VgjNB#nZC=2aYuZVz<|5BU(oU!lJi;i~Rjjaa%|Ht;9ZxzP| zaxYx({ZGA=%_;$Og$sUJ@*VQ>&o2DwWq91qy+1AVZw17)&;Y4s(&PSZEd4*0{O{w# zWBi8t-=F;Mu7By>M$l|9{cS+zKd0_*BFvy(iT&T7{PylkT8_9mF@QsT3^+VATt@H<<7EL{-@IF?%W4t?EPR!o6piP(kXp$rg!s};}uJ*MF5)g#G}@?S9B@n*$vIB!j7xm$AA*d z!xp>ZxKp+kl|6J;n!58U$+#-Q4t>>kd`}zQw@F-pX8fGcb>fCH81uOwVD?|9yRbGt zvw5yC-HAFA>~Md@bv9SCX1C_iImhkY;I}^3&dbLt3tFVu)O`CqX=~STAieAbBvf2H zD;SQy9#}8)xL?!fV105urRT{ygxpAGrrVZ;nxA4>{MpH+faM0@SJHP%Q>Oyf^cawL zK)m~N;uOfU;PwU*CBm%isXe#y5^-FN$gl1g%ckirlhShE|H|S zU(1^DUHxWu#3;bl&p28D&XBRIqoD;L5|Vy)&_$v0N5TkToR0$JW}VtPV2Rnk1LWYG zU7@8Q+--DP1E)cOjd3^w21~j43_$lD15m%D^wB#i@aLrv63cTN04uS$ddH=E$AjKa8bJy(3 z5_JaPE9H}Vt53cGXPuA6#udQWOi~6``8dAJi`M3jAF7E=HEbA4mO!=$G-Gy`@F1fw zR=l(AJ_JC87GHL26adnCpSgR*5@31sl}(3crp?X0Tf-uPhc{s@-_bF@6 z0ESiygfp1RI?FdsGJkri=hFMv_e2Qpvp1)D01P^+$UX4%`vm&}Ah;uckj+0pe_0GZsUr@22@Gd01YZ>V}`s~|ID);tjNakuwd0Lb$76}-JVvN|Gxh2Nz|c;6gl zvSaVfZ1@5fTR*?-4NB%QtQHky$lqlkSg!EZ{OY>ABcxw0Yc*d?+;o@j3a1R{+n9~g zEG2DUPBbaca{BxjP&+BU1Tqci(*aat3qXV$Xpc0HU2|-Z zvy0SSx!5*(?+*8GvZa!=HJPj8D4Y19FgIq;YS0iO0`%^Drsn78A5jkPEyv%_3$5(l z1*K|BmQD(6jragZ^WU`I|9dzZKp;u`04g=2g7_@SgF?E}08ueu{#dPUL(&>kVTg#i z0df&G3K;;IGEK2-I>%YYNc%X>4U*))bWp5p#-)CTr$&fq;sUZXWLjTGr zYVIz-EWi1B*Ukc9C@TS*!a-6tBF7jGzvBV&VgC zG)IjDLL>Z}&?!z+!>?u!myn^-2>FxklCt${L@9!%W7_aTEX59l|7}xpjFynvxH;b; zJWV>?{2oXiKIFa>Ojs!!wkdyYQ%z_B7kc7cWD8fan9QHJd744LLJjvS*8$kkRd2Va zjiU$D${@=2!bj70G;iV3q(q@luCpxL?Ycv+bL=R=!Sps0#dgOvK9QW+$u0`z&&otU zu9t1HpG4UtuKXcxQPT)c(y11Y4ah9Q-uY}PbmKhnri&B&Dyby-SF%=$ju1-{YJJpj z7gW(vX+1?^!IXr3Jxe+yDbi?ffwAG`;#w}ZhPFv~uG@s*Mu&u@6%0HBp?v}F)4_<0(xn%Q0c9E-VxEbd0& z7*9f>#Be|kd6%h3TUa=i2NgQnR_(M=#LS@?93)9pd6)ZAX`fAgN9jufNa(!mWm360 zK-@)`y&|*_ot}9a1d;*^KVNHkrwV6VzOuI;B`1|}&Qf5jr;(9t0nC7H0aD?xAbNepv*VC>~mw;vCch~Gt)MGeId=1$AxC)(Vu;R6sv)l zuZ7rZ>Gp%TVHhK5!i!x^ci5ZWvm9&c8PseF5dXMH9M9-$-pi`+Yf5>6SD1tQs zIOGb_?w?bc)&mf%<87FidjT0|f>{9m$^#kUz3O}3SUJAbV1uiXg2g@}ghLP{Qg~7N z%P=-X_N1VrK_UZz49S1#x%(-3061q7yBH)Nv}+T&tmzh#NH?Be4NGCKxd)p+>!*b) zEPEweL6WJS(>zBv0`q+kg88m9oyL|{ zyIyD{i;8la;S5Av5tSKMw6BjUu%{zRgE;wy>A=E;`Z*3*fj1n3VLpU5okD6yn}ItR zRy_J+(Y>eH-sTuE=U{V;1Jd2DhBrikqCH;GoLGCFZ_-~gYNJJs7wIk7xhm_v*evOPABi@YEc%r<-s_PR zpv?t1nt>?Sp%;o&yEHT}>e`Scu~)aHVTc#m7%SVxqU&Z6GUaxd|C7iC+Yo2vjfbjP zCoJ2b)U*2DC5Nb!C_EGfTLg?9wI313$fX0v{-)BoLfUYOS34~+KGNjc%=5Vx&qSw? zFUZ_S*|d8y93(tD)1IVT5N>PEkcy1todN-p8M^fd>L`BLRJ!M*-$IZ7w4_&X{Ly9v z9+4)4$?O?c;@Wz89L@OW9D0|)?Py^~G0sbfHEt|<5Yj4CAvf6Rtx2JM3#8{SZpQF#h>;Cau0E>9}Y(#^K zhgPpvBdBV?q5Om09BKOqG5hS$gLFb&h$LmPL{Q)~I3G+j9jy(vibo|y_yyDW*xQ08l7~t(d#;Uny2ppb*b9;}EQDNc-t%if|6sZbf@4(WT@OHmNo8>Ti zWkhl}MvIgPwIiA&#~?lI7hDidzxqVqM$^J>l4H$cD`JJ5=M`&;ND zYSg~?qF)Y4PV^ESJ14!o8+AUi*_PPE(e{`xlIu~bp_eHMEc;CHg__+3o+R=#S1BO) z{*A!?)oBoiXF#MV-x`P-&4)Q4DZq)m3iMkaB14S9)U52FP%t)Q^d40bLhx|DSgEi2 zAh}Ze@!R?UbGbau45GH$Q*bpTi&7T-fO5IPbfuxcfIV}Iq8cMx?t;w;TNtVlWM2Kv z>!l6*j9*RUjm-C?mFZ4h@`i6%PVL6WVxWL(W+ww(`lJ=e6ek5Wz#SoKMo1<9nkGLI zI{9D**u}2vNgnPsUp~(KN=?VzMWQbaOyl4si`8FYUGU`{=i2@wZ)vS zNf_9oXNz8Bk^t3P$XXHp!%#2RS3_nd(hVesunC*NN1?Cb7UPt0Z0zFaD_uKA?sQ^a zd3}Lzq&*mW1AbAONEKz>@kR4|{Ql&s)Gg~b?w^dY6+!lKKGF*S_vi3c)7L)|bF+#k z&Oht_nH>Wl>cQfy@6=1sSN7ZFWN9!SnmvxHMNIo~W0~<_JyLM?Ktv z7AlTfKqHC$ke*@?p0I|tq&7ct6lyMm;6UX2twa-M-%q=Q$4O|5r`uO*pk}iyM$$Y- z?g}}(k4n`V0*JY)8|gZWXPf&Zcebi3cBGS3Zbv<(E{qs1M1b`g&UKe-L}0YYL$~L; z8=O%{NCdU40Yb)JQQ$mCsWp%voQxU6VBcBUYzb`%zG#D}VQe@|>X?~uK5=2B1L+v@ zn;6#%4f=C&&QL#Gx+nbwb}GCE{N6eFZY9byaCP!{LSTvWwr1e z$UO&ZzBh-#HLf7FpN}iPcM#|!^Y5=vk{vkQFRkE%U$kiQ( zzl1M_xigK9P(Vfu5W$l01U@|9lus5hEWSZPeJEUmh&Y^px3ZyG;pbrj$V)G#=~AuV zT^dz6kXu|{3|_riL`|??x$m^DIc+qsZUvh&H1T{1Ab0gjhfx_~)tF9_0y5>%=LAv> z_)ZV{p0;K@4klTSLkxB$y|?4m;?`1CS+{CeLTKpRL^SE1+8o+F_U+K7eOb$L;Zx!i zewaLEtW1N0-Ab?yh6QR~3L1%a@;uy1<$S!2<|9XVO<3_%H=@p!_w)Lb^otcTC^rk@ zEncTfs;CSJw-5X0&Fls|%7v}lT>4_-Y`REui++cXkxnoankm7bGOtJ6l5(I-oC_hm z%b2mx*7%Gl&Z!&1!4BY^=L1!9^do!q1%^Juzrzmx2`_P!Ld{>~wugmQB@J1XHM+V2 za!${MH8@fZ2?x04yG#3>4$*#S6{GQ5dXGX^3sLzuwjcGqKQI!*aw3h63*!fGSi>d4 zjiHW<;3s%r4|Vt(9V|n|sYl~CaA#8*Z_kH(2ft81$Bc4#D51cT6U)bQj*CLojy4`k z*e3#&%X>+Uf}w0hn$m#S45Y69ek9>newPE*#e?;HCeUQiK%wbPLJ}1Yem2GoG3Q`y z)5*sahQi264IiummZ-I=AyFY2?qy*{3V(GXl*b7O>d)v#4`9NL|1pX|D}3 zHL_=?hBKILG2|g&{~M@rP*cz73(bhDX>!Rb%aog|!MZ&q0gi~{V=EX8`W=j{B?JpD z6xzKXixBK^y%2_B&9Jh7bjV607MD)=j(Tx?j41cPLC z`dy5wmJ`+ppPVs3QdY- z5U`g?>-19Noe4SYyCDzAMu6ZX@l$Ar1|-Y0a5-P#M*y725fYHhIOF%v^%~DhQu0X_ za`w9B7Bh(Co4+oxKWuftS2`8Zf2EE?1Xj)Mq0*!WZb0wEOJh!3RkCX276cOKoVCNY71 zSSAmyd1Y&BdTjP##Ib51$|dv90p$nx{BQNY4`w)m(H|s*`yK;|2H}lg z4%t4B>zcZZ#1(_7sIrYj%S(N&Zh1g5{y3N$f5Xaxs(~S=7e2#9mTBzCiw(ceuVUy2 z!JubjC#?WGJbx5r4Zja9@)tZHi&3XG<5y6DuA#gD(D<>brqfSzY*eliuO+;pFQ1UZ z8L8~DtAQWV;M6g1eVmXGk$2dQUC{#k@IpryOC9V`eVo;9XCE7ecEK3s0Jq{_cj%;W zoi-G(B$TYT|5>X6XK8c&S-%nWE{%bIhxuDAQ>tjVYM75yHC}>iwkZ4n?cjwD_?n2` zn8xJ>Vgsi3Ai#12fg{O2?EH!p3nH!XBE7VzvL(I_II?LMyl~eEReu^(mDwaG zl6(*Hcz9}-6ZClED8ik7JzLsIllK+?xpr0Hkk%wVqo0dHF%C(!L~TUg+;B876T&et z%XH-p-_J4rp=7@EwsS}$mLZupmKvCSCR|ptf1?Fq9q_`7ZR1B}BSZ-{XoS`Wc{>>q zEY@VO-XOU-R#H?JsPuja( z@URg3Jbw-tM@E2V2pHq(quZbbBqPlB=*IkCq;i9diQl6yv_Yd0C>#?BQcZIBi^V$NXA6E<0H#sD!gs39 zu(eniMbbnSkmXA$lotj*eq-lFEh89~R|u(nirE4O$2FY~*hN)VlkFlj@Tu_C{2|zI z5qq35QMhbteg7}ZAR3S&kY^+cB;0o}D0@T&QYp&+oDiJ6jH;u`){o(H>5wDs^Z{`o zXzizE^xs@hxXr{~gg7)s-h&<4d+BJwWd?dXk(GlmLHHbbSTdvz@Im4b`y2}6)sE?} zVM@)}!XV6%Oeli#xD~QT$sbYC{TQSiDR3Bh4bCyrzZvcjgIm7ev2V~wthAF3dS8j2 z$3dGAcCoG1oH7)6v@Sfux&H8i?nnXwHBua%r~3b>d&{sYx2|ni5R~o`X{1Bi1ya)8 zC@4rtx1iFYq?AaAbeE(kA)QO5QxK$Eq&wev!B+Qkf6u*Tf5-9uc>j3la;+=o9COSu z$9ax(V3;!$KHkR{!wEj-kPaKq3btuEgrgTDci)St<@hSh>SM}b@gyEzTgOJM_C>7YK92GWK&nR@325;d$5LhXE5hnV zGxGb6{Db%l{OclUi%SR5FM7CG{SR_yT-WX-4(ZLrMH%A^W!I_&cqrG_`hD|ni=ng2PRK|+k`cufrrCji;*19d>%tzc@U z2F?JKDUiccfVhB;pq9Bs;_VxQehk~jw(Jd)_9 zdf1XLB%eebTW21$i!5zlol##ZiqoByY6~IHw8C+7kEz0Mak2A=nVUCVByee;Wy!@oLRjdZY!GhAR26^#7$^>xn@l%N~Zl~Mw zbvQH#AEtEHc~`uCXyA(*6>=PaLTJgS_sXy&e%I48=GDUGcea|0cngNh(xT6kBTKyy zru;s1o5slFmQy*>h$t6CbT^|J`;y;4SpGUWC@(_5C`;L9P`Ga@p zE$?sr87r+TmrG8O$r-x7XKyuS*EI12O3(4ZR&hxu##>T8)FGlzqmWNHN-KEFT)1c7 zOt@hW!*o_9f_HY)-pwHm)g*I6VQnywCnd{+ozNg&47G^=0VBhOkFSbT)dw98g{jA( zkYzmM`b^t^3!lW1GBeW_@G&jRV+U%Al zV=%>G^=qsP1fi;-rWJ3QuaY%Wk4*07enjVN1j*aP14OJL97bz^zL*1bs7~Cx)RDzC z)?R{e!Q6vgtP&iZwdyh{N{IM|*IFVO_u{fOlq3v&sar&8Y~-&;LYe zTb$F}TuTy)z08n=s~YBS7PD%W?0vBM4vT*B6*ikGMFYy~B?cxw+#(0*Ge2LImwbjd ze?0Gg^^w>Bulr>{uEu@*Y=`%Gk7oCzb}-o zu(zuEGORTA6+);0o}-RGSN{^l*tn_iV_NNK8hiW!bk>|pj`1(|pnZoauHa)ASmC`H zyoZC%Is1BJkkW0keDS6`aX6)sNWr&sgVB%-!l@Xks=&tsd55sVj|`(jp7F$78Cp1-RX6!X&f9WlIh=@qTeZ z6``X(mpZXNkOXUR@p%2FDvI6iL~_%WkfM~Ri3@O9awU<^sqF5!HSd@sj`|1@h{n70d}AEcMz)_hG6M;PT1U--ch=o~$!5?(Nu=-+b;De8+|Syh9mW;Z%XA`i;fS< z)3u&EmIIm9?KfMfX)q)N`X5{Jc6^WeGR$YhF1;#AZWiGZoNZdU@u*sW_p4OWHNDx8 z#R>-uL&^K^-23M*78ib7Q*Tcj+8KRl6@90oaFm~VUXrnN$RuvYIZ}9_<9#tuC+XCY z{zN$&G8=Aj|EQT}U-jk})Y;r}sb+WN9R!_|?^{t839oP9)US1L&O9n0A3ahP-oSDo zntStSYKXoYLl;AM&n{MB#0JA;D?m+3DUA9Pa-3qnF7E+j~A1kRzpZr(w{MTNeY>7n5zBBM1555ts z-2m}ZKg$yqPh*CwgZhh7vRgT|Y5l?I+1hx|jXMIo(oRby@1SzPoiRxq@>y0m;a^|= z`8+{*R%c+-#h!lv9xITOWj+4PNMz&!t>04!J*r1 zIs5kyf2WfF>!&ny2mfE3@gE21 zW!Ippi9|7d6X43}fLc*hnGyS243ESIX%rNQeRzKi$ZwFopx{^G(*EK5iZHj`)y2$1 zcfbvKR930_%TO?Q5CN0hh7@QE!uuzM-y|GlhN7>E{yL;_5TWq6%&Onc=yss%+1#Rd z!wT>GWf;jYSvORCRJY7@0@A`g zNWlt!G8GU%n2zQ|PCgBr0+P!+P|TMJ>QL+m9)sd4=Y7CncxgLI|N6npcYrFJ#XlQE zJN7XFP-GSoo{Y*uij5HCwrBr)p~&ZA56FR>jr~R6y4vHd!c72D)BFJ8xA|a^L7K+* zrZ7VO=Sg#C-{4q z-{f(9HScpRAP9{8W+X}ad+!p}LtR~hpe{uup2-?xh>zfrBej5gvJ}8VPhe({&#Y(TQl##NrW}8)v5O07XrZmQh4l6 z@cek!n+ZfgH!7+i%Bm39Ru*bcj%;fJpX-&Uq<#Rhq9x4We7vuz)EGiodprio5zYzk zR7h<-`rDF=M8d&M(@wIuOWFaN*(xevGU#0d+2$ zed@~np;H%W=(ZtMSmy&obk-Lj@0560w+P8oLYj@Qd)q*noH@`%?bx{smDD-#gQ+(m zq6)v>9X$$gSe>$v8>29`w;yR1fVQ1-Kzb1%wg{tVs}x%PUY#PScAoX(tQ4?sPE#R| zO6W0nXa^x$5v?Lk6ISJF1Nw&hZKi^nndo~xn4q>i!tSJhk=QN#)yl6+=u_cPpV%>>R@JxPV`80uBKvLcNLZ+M6P;e7lzVJ3s zdHvjd2~xn-;X42Zurj9-3zYhluwKi)1~O`LY?F8mbc>%G-+;0M_OV{vX3^gVt0P%2 z$~>qV4pmx*He4-IIu?@EbKh&#>zK4G-OveSj081Owon~0jrj+t2nrN_#6oD1BQWl1 zSF-5Z{-2BGMV&rXoe*9)3P<7^j;48!ECV^v9ITP*jM`1n0fS9LyxVs9;jhJYBzeIA z_n5&=IUuFtixybW-%UKhl1hhoH-&%RJhswZ>qAHJmKlmkNZ^*L+MS;r1_nSX#Jzd`k z+;A!2x!Z7Jz4}_2mdoa+mrO21!qM1hGXd3q9U@$fV;ZEmg{TkSeWH(xj4R1r0Q|=` zmghy&!+|91Ozuv-`UVLLKF5X+tBDV`D+k~E~f3J8;dJ%C{zMQ$^K?LNz$Bnwd* zX=rAEaYrQBjO`DU^^gh4*G5fLU2FrMBCeon{WGL`Jcpt%5>|Z3E~RCQv4-nhf<#7S z$Pn*Fav&FH-*TlFDuBOz*F1wP1$B;6>DF)hK(HdBU=gHyYN<&@O4l8Qg6~m>aQPb2 zXh1bo*Y&Ou>*lql;gQR@oZ~=qwvc@8^6!9v1Z6et9Uy`7wu58e-u=t|di}r~3)Uib4lM;pB+JpwCK^h#fK1? z@8~uJ|8J+PDa--VL;Jy1;H7EkJn~OKp)Y;pH^yX?&Zd{N1{zOi+qh4s= zf(~<4*VqxW0ROs_sC^!AQRP5o%>&`kgM9EHLP3#FH6`9uft9~b|5^OneSs|+>*}4; z>L_w8P@wscfSyLw-ZSghNynR0mTK9VF#>2^(I#CbI8Vo`VHgady zSFI0i55>Z!v|Dcf_9V}|MNx_YVfDwmt$}-CcsS!=9k+!Fb)v7oo9mGdYA|9zgs_cMG#H z9G?DOe9Vx~koLFsjN@mftZ7A7T`0{l5bZ^a(d$cmKPEHLWwFXLTHEB45^Nx2iuefj z13=daA3J{6VR9(pj0^kYMESgZFobIb2yY#!)JU?d;tg-D2BDgZ(}H&c)Gb(R9qxxX zy;f?{2B=uQNzIzIyQK#3VK{B)ux~t*z#9bTtsZdkC|a80gqg1agBqPQscKdDKLXzx z?eQlPvG)|XXabEzPU&c~z;hP8h1weREtn)h_2o@+sR z3a4z!lSya%9VM$TKV8VFcMa=xnr%e8R@LC7B*7y~BfWlza_e#RoLso@=oCe(sqn3) zU$40zR0m}ABP68{Rg#EHK^!$ZKY+Uydq5;1Z*ZvZ*?`K>Hayr7wj{1B5esJQIxiU7 zg+02jA3p{^X|UX|Ji?(ZZbCJ94?%#Yrlgi1qoiDDE{{j1(fsn@cp$mFYPSGHXYo<^*o_qEK3XO7 zpO@us;}8!`C)mo)Vj%5r9Ef;{B3G5`2g_M}L93Xy**|sk)AB$q3pawtd#ScM8 zE(3S`Nzt~I*pTKDC|2x$O_aVB-uM-Q@TlKl4@UvM*``iTxAQ?;7Ved@pY;DOCIlbZ z5I6lF)1MsTUEp7O@k5AYbM9Vvo+C}^&cg6!b^gqve$rRqPG7Ere zT2MCj+kXD>jQTsU5TJ*k?~JOEVTfsH1K4ytfXn`F?Q2k$;(&JQl!B1Tuk%x|JW}G} z0ep|b+(a*`4VnkR8Z|U~idiT>P=VR*Vz6i&#S039A zec_vlRL?{e==k(6I~9O(mH#(dgVc2`rr;~_>cu(@VCKgC&8Ax95%Fs_w4hUH=TUdV z)Xbi1&o5(2rU0Y1sA?bgYZz}r!?;5+zW39NROmP+G*))3_U~DjghyI1{w+%UInw`l zo_Bm!XBHkQ73##|zP`Nijj>hmmwZiKGVSU@zzucM*Ht27M(>ywK~bv}*4Nj)#>DgDiO!h5nB^%Rq;w&v?>5iA*h*=x%M@9;*E zj@D}T_1j@uvcES3ypP~|Z)ty7xOX?IQy7l`e%a4YxyYKcBmMOuIS%(&pD(7nWJr_UqQj|wet`6|NmS2BmM@(PeD*IR{uHwe;SQA zy$4%HIIZh)mCHA>p|pEnxq=3v2EJ*lU++W%BpU& z!r`BW_M)y_d^`l(HQMz%e}d_;@N#^F>F=gM`*L-z={0zpPCsX-MG|q8HY6y2k^iqJ z`5>;SvVEJ!m{f{g0FVoyt z0EKi(xUt?p*Zi-s|3@F*6)bvx*&47Wl%TNsu0>8p4~QQ}S*s6zJ^U{V`R6P0&=o-` z@FO7oWh)l<;95pz`N+TQ*R&ZW8k*ksUBTo&eMWfF<~|4Z?>B!ITF212IkFS1V4moF zS+_s`*B*g4PYU@Jzk%SN(@oL@`IV*+)Be9cF^Z{sfeN?tzL-|t0nAsCkHf;2?bi#6 zmZ2)Z)=mN==@V0j>0a0V8bK04=sJSd#)`kL>;Qe@kjM5{B8AHPmTWS2cu%sRCJWp7 zto3XZz3V0Qr~PdmpEQ>wepC{te_ilh1=RVG7bE|2HRripGB+Y+?VdjA-r7L|`ACbZ zxSvuu{r*y}b^6l1m#F)X%cXxh{Bt=RU@B%xz>XY*m!r-(?LW;=2Kr2Jd_5x%BOF41wlo*~BybmS98CW>%>-ewIsZ z2CCW@vtzn=3k)!KndI;^v@RADkbHS(IiQKbIP0SwOd_g5z-cHdoH*s`@+N3G5rLko zv!dYjg33gnu8?}KX6-R0GJ%RH!mmHP@8ZQ6Z~Hb(6R}yEFHrMX3QOm+-K^9Xm(#|y zWl8ozL}NV1A6;HZvDb@CE-tojK53p9%^d6CC;a0(5xak=3`S;M$&@g_(IdCc7i#3sDg}PM+W&H^zr8pDvW24lqz_KbNtM&u z2Aif^EyXhb$UULtO1X1iA@-#gbw=j9vTwJ~{gcI8buZNZ@82X@QYf!illdG|clH%g zYm|3)seSgMS?{keZ4izX`n&o?E+Tw8|0Psd5RqPziZU|QTKh$=(~REvA7lMLZ0>(f zOfo8}!toD((r;f)*k)tjR+&h)@}z4tO^}~^Ok-cvO^-De8d2tVVv&*|&LMGv#N4V29F17fd-;YqC z9#S-XS;@NTc^IGJ{9arRYv;DY-2d&l0X9?YzjN-PRY~?k#$f8_$PQBfk7@qz|MWKW zCTf0Cops*f1mBxR&g>Jr>liY5IZm@y_$76Qp}@Z}p!><%B{)Pn!Y5|$S8l|?>?a>& zQgA(xd2jkq?EI##k}QCDncPu@(I+yO`&sX~y*sd?US^de?}^MupOgy!#Y-#Ta->hU z{`YbGpMD2?&q5Q-UjF(AyYs&kxP#^Y>vu3)1CZ#ObGs8T1AVcgCH7M-iUsd8D)oO3 zRx&P{!rlqvJB$8Y-0czevtU8xy%)S9HzZyR8tmjXG^cpWs)LTi)Bn_98@Dg8pv^js z49o@*v33TEcEYO9y%3VS(Mi-SHY>X@&mUVDKtCBgfRCQreRj=*1 z{bcFLXyx2~z-$xIFOu|#-SOi2e=-RDWc#@I$+?{|j|^f7#2i0stq?b$&{X(`VKPtIH&A@r;DvCp z0dQFE=l3fo3i6KtKxP8ajnLXEL6M0sq$n8=5dR5KcAPiBwdj%xgq1m~z>(8nbH3YG zGmM0jCibNEWak7e%vtZQli#HehS=@jEm_d~0?La-p9Z-&s?N9bl zW_LP5*`j(!gU9g5tzRGsUSMVF@#9O$?_!oPhpKkhkkOcwEqsm4sXBfD*di`heR4Kp73{M+*vb1 z_dWK`0$VdO#9o&}{WmdLefB;(IvEt5a_?lGz^*uhd_+s7=fUt;15lkNwdHmj0$dq# zalx`t7fX!IbZ3jHIY4qDhbRf6o{Oo~05G=a)v^0ATJ5T3n((LrR3;EZT5Cms(Q;?0 z0hkRgB#;1WPrmi60gwTRZSkE1rh>T<31cBRoWupvMPX)tQB|Z{B4)7x!kuw{b!hBt5?(O-A|?7^T*2E0*niiDN8i;-20j@b>NRZR8O~1r01O{|sLZ*cxK>GELhj7* zWz!)jQP{P)gWiRcq_7Tq3jMSYKIXh|G=Hey*DjcoMzFYuPKXCV$IHnL4cu9`2GH&V zccl zDg;^Wqkte>w*lA-zF?i^TV1|hKK_)$W~4kP(RQrH-3>e5{i(x8 zNKI#of1EB_i{>D*>?|hD=Jw7VHJZ7pws52y8y(aM(Ff)S^6zN@-f>Uk@u?4r2}Gg* zLM2W|;otAar%fH|XkNL(mxR#`;8c8wgy19;28VS%IokT-4-Q(vAa^_bIO42G}RrEu?`*^C|v*$43X38@PsU1VP;=%YpkbYNlZ~ zgnBBiP3mu_Gca&e1jrL!+Ajt`VM~#wK=>e@WscZ}Oy1z-v3 z3Z9G{0v*NpUdZXX?=BTbiOss>7VxPkOU0#z` zA={;CeE`6*MF7q82jjq9umND`pl#Nj*QSYq2(;|uj~Dxx?u*XQT#qW$qGt$r{R9At zL4-`%!IDNp7%NhuLC=Yo(g4kbbDK_yW9BMhiXY}xA{2);vAY2OpAzW#G|`8>Ep!lI z47D1u->m`?LIO20y>Ab5pkPwvu2*fZ&gPVUH4wW|;>CsQhoT==CnmNO(_h`4801Xz zrVN$e44h&=N(7QFQ@#?RY&ww&@HgfQ*RjYvQ8kLK5H&UE9vnb@5uJ4CvNb6~RtXR0 zL9>ydlU6&LeIShzd=NDCM)5S<^lo8Y1&g8Ct0!EV;tC6r2pFIVi28#;``&t(uL=yp z1d#U$gd2x$Kw3=Yz$&H=Y(}Tl!<_-P8%8-G>&=ikSN-t#8HWyu$< zadpO)R7Rg{HZx@Y%USG#_1Ki-Kj$TW)2=DNJh1tp@h^wx;=wTB{Whypg!N zh5yt7Kt$uAKxmM7aQnmKAEcdY;Sm$!zCr9C%-W74hw(a&)`S^7gU5yNDYvP{zotqC zIVoD#c_F0e)p~F;MC#tBPH)P>zfuq!^fVr2sV75z5b%|ZG%q(?cgtu&102Uy5)vBG z#!q5?MiZ0d_2jvND#+d{xR;9wJnjOwIAz4@Ka(MfpQLYa7m+U#bDEFMH?mx7sPf6m zE(wDuD(zZxmLNZ;T-_|-a$rC@>jtC^TyEaOY0_c4PC2$3`BXBJUH;TvkOG#|!$|bB zDAIanX8P_@Kq|?hpD|>!HOn~`r7WjXFs4J)@QF5)XM3-qbNxI0k|ZohwEr@t8;<`M zqdlFxmN-wYa#0u1EVvm5r}fhT*zU_X%^bmQ3ZLP=P8_IBxiJdL9wq>*j|n5AalK+y ze(U*kN1P?1`a4L;X<6N7s-sKTZK4A`j7PVIvdVAph84@Oq9%JB6cULVBRnl2yP-bL zfPCw9kS7{w)`}aZ%B_YF=*-{oP>^a>94}U-Ym+Az6;~~F5#glHEa}`KmGcswVpwi?+P5oieuoKO?reYp|?( z*W1VN$rHj+)81V#&Fzb#=H!2Q+6rV3;6`_AUQXT76vwvn=6mm0vsHHyJD6~{cS=K$ z-cjBw+DN^0@A&$g3G36C<1112qR?%Rqo~m_PB!ACit@I-`vsk|aqx<&fE{T6Y+A@Q|QMb`FvMvb4d)hm1NqZ4@GCQ$;wTDY;n0 zoctB=Ww6}!Wt=(q`}XtO_ErbfN$tQ z#4ZoG6%}Mw#s7fR4h3N?LfJdoGTt!( z1VNL%@uGBtjYT)}@4jcgA#ZTkrVCriE!x6-Fp(!+CzgIIXkw$NDSj2Zp5iN@e2}nl zW}H~j5=Y3gtFH?WuV&<4%-BOEUTa8M3)Gy=h$Uoj8OqX`rvDg~=TwiY#;o}^D57cU z&VEa?mBNrRQv3X6%~$IoT?891Lep@COHL0}8p>X^%~g9-w&tYkj!T2ZoFsC_!t7)n zX0(Hi&5{j#dHzA(y}i2EYu5s-8kUET655|~sZ-!sUG zKg`Qa=O89fH!I6E?%UkZ5No@WWSEpr#dji}j$V-$7cr{gC!|r}6WVKGVGWr2Kc}6Y4fs|Tu zgx(dqaik2CW(%;_6mty34ya05EyXV*Xcl0tm!CR~eL5IQ6mo63-XP-!3v6L{i^A>D z;B$hR9V%!yUgy-|jeU2m7L_tac8)B&p$XYUOdcs`u%>eP155sB(rE;$DC&hjSw%b> z6fxV|+y(pHPyQ8%yd>U*bx$v7jbcc-z zcFagtK`9WP`v}j`)(kK@7VI&D1+hcyR4b%-h1cnF<`o|cj9y(cI07ViI5v^muAd>l z&PFSx2pTmVQC${2>T4XkiSb4ZpL;O=k1=WSDCyx3Q*oImo30U0sLfpHQ2~xIv~wfG z80X<#(Efc&REC;n1@G*KR<)OA^TGR8+IpyvW4QQhu{$d~ZqXpH-$GAdW_ zg+K=%J73m>8w!^ydr}L7RE55*Cfx{!@x4`r;g=^5u%cK8FR@3eVFsm`I&HKGFd8VV z2CCqOP%q{VXM0J~W=9JPNyMPzlM*MDSOeB9J5pu&uA))WbeYi2u(QzYn4wOE@ld>O z%@x70O>Lhtr@cQu6f6Ao*=EHypG=a zd>AI$ddW#$WbcGZQ)g1^qpQ|vTvkxk$ZSj}vAcdbKl}E>`!u}Kw;q``XhJ7ZH>bkt z?dK<+tJLHTnhWZB@ed}Ri5)68XEma*WbB-nJD)j1mE_0^lrLtG1f%SFo$qH(RWri{ zl;$_;$E-GvKu^-)Q^R~j4IOQ)D05vrUnP|GS%*1fXt*hWh{bFK(M^99xZ_X++Kz+_ zGI@_TaY0W(uT`Rn*+MOSZwt?0|TMDQQoo@gE}3Zk_(=lT$0VTsz^_DIG5TulO~;9 zE8S)j@ei;I1&j3BJy=tky;mWJ92^8M^%8$XEsW5JW2%8TsU9!*Dwoxmh}iaFYNXVK z0Oi2-z*x5fa9W)dXPS;k?8IJqDR;j(-`sWRliO$RvGpVg#fc&w^7?Dr#8LDn>9}NR z88sQk8P*ez!mSt7^95UwEl+pbx_9VpAXbE0@`Mm0?A>e~yUmU?pg}v))@60brW_TQ zX*zURC>n)$+&zv+16R#uv0F-Ar(pWNfO%V0^7#~h>kJJoTp`q*^%Z(XJW@-JFlkiU z+mMq8xucbr34X&`IM*^`smu1p0<7hU%{F>n_0EFB4@Ai{*NJs2oz!ta%)RdfY%to0QLZ;-0-d2gbts8U@8Q1S+Y|?a*#GxMkSa zcr(l9;67ENbeVLw*soK$E1kRFw22h2PD`TT^&FdOO$4p~O7CUM9-hCM$nkU|(~vTr z!*To+asMGqiR;kp@0;TX0>&MRHyV_mt7}_p3YmG6;1z1j!kLgSvO(x5;k--w1!qr% zX6`HKsg;z&_uRpg0C&7`H{&iiG#Qo7f|xhN8JGDrHVFq65zlAfk3Nwqeck&0vFQf1)lQ@};2=;7zkjWyv;Ijw7k~O*MVCTu4@5X_xe|Il${ z>+g}hlX#WSYEZ)%o4+`gS=pYGYuJf9&U&FYL#Iw*IEeEm*VsC-c<-iyG^#7}{q9{2 zrX+zG$`H_1%PP0HdrE?^CIdZd&+Cp{MTT+hY|3cDcRxEXY=z7vXd}wpC zHp(%F0vdxBs1#|{>Na(G6*W7xt8`NCCCiK0&_uRla!pH;7g;z&PXCpGez{ESQ_aH& ziKsfYl<~f-uZN#F1+F%j=;G5WFrpd0x+g-9k<%)ikxqAFx+=*iKzWJ141@A7A5)67 zE8?9}kGhc_fl(zg7qbP@TExs`Yc+h;lruUA;uq}j;-%*OCmft8+g&w6Cy>Hm9?=$u z%3KdVz95mB)e+yWLZEy&>2Bqc)OpAnxAQGWz;03c@z4+&@etfONqNlqr1J~t0z|a? zfY_Vmbai+k&LF{rxfBrQ?x=G_o1?C;2aY@H$co3WQ-op9t$VADokXc`*`LK!c-fm2 zER`LO3U4-#*>AcZm(KBToS}iFg%{?IKKihh4jOW5H2HIvV@Z1_gHTFUBN3caorG7P zvlIke6#_?Zr=;Hn>)$ZI81z!--f7d<&a)%tp!2-RPVJ&XIu_!Y7RtQ^Lr>< z#cWj*Y+rg%4Kbjj(hfcXn~vOjxyCk?MX>K#l%y~N!H*ov)BJZfIf9?k)QVFs1_!O> zgssp7b*S&5di@I{-hLE~wJ_xV*C;pfqZ3B;3E@J_WN$HY>Fn(zPNYfJL(#CH7G%}P zk*hTEamSRC!UY(z@Dq_7V74QaHy>NMz-~v4dt!cmfJajU>OiJAj{&QkMPUl_ELK{S z_u5&(=#D<|LQA1!@9KeFt_$?Hni8I%2@TY^Gwn_bw;FB4yPdjLD^{~cHiwu^<_7v! z6Cg*%JbrB)9r#_2Fv=tac`&8;~lYGvl zX>i0MQGS8PIN2ME6reWMn+|m#hLliy#3e;;K3OJvqlWWtl25z`XOc!TS}FA*9?#7Y za`fbajrv9aa-<4b#bpVpjhn(J5a2Q+qPoMbw~~Y+|lYvWj{d zySN8RjPPYtxPw`8=E0t2zjST2ku!c`y4+4?hWe@I%+ogB_n7_KSV?{}VBNiq3`b%cj|P zB?#$89VqSU5Q^oi!XB_X3m-MPI*vASVWwF48O_8vfx@Zg6x$eY>@TY|BGo$&w8)OJ zsbiXotgCiRgv?{?XD48vvdUnk>oxJls|XCEZ`94hi);ld>Noq%fmD;LTW6 z&23&yu8vye!jAQLDQG{{pCuTNX{oTzJ;~ZhT6o6bmdrDZ(z_l-+JD0Dw;pIDJR&wD zGIl~o?s-a#=<^lTTq)iaMWZCp2D#HlsjJomh4|5~o_91og*vsPUUWjJRfx3LcWsPM zEw0oZm|QQf3|-01?_FPsfEB*7)*+rA6btpizKVB$l8nNeUU;P5nzVoLQ~ZN520}48 zH@S5vj!JTzR)3+PBSRQa9?$|C)^ST$eY7wcbRA2`b(w*a!unjCEXVX&03({wJW&jt9B23v8dK+`9!hK2>P>CHR_ zO>KpZhYEtANT~Ol%ZV)GeuT0xD$w9|NV$#_*^6pLF@23Mio#q6WybSjXhfTQe}?zP z%Pn)eEy!BO*u`hST^A0L6SkaW`sQ(jFjNS_Nz!CJDvtM-E zl`G@N+Bj(f^2YdM${Vng!qxiZeNr*Lt@bnP-lA1m)S)M~+Bnk=s-BlnmhV1{vHtdHhKkx)hkZ~TGq-zE+O?Lh+Qh&rpAi2b79@mO6L~UnRddYO zSqwh%3TuDLVl8Pboz8mWn3RhOoqkP_oaLfYRzLzSPYSB*YK|z?%#Ucgl0=%}xf%2s zuitzL8)NVZ3}l7PgoQcfUIY@OhRnPzL>0{-R>_%hz>B>xJA~Jgk-5Qn=HW>{To6wy zO;9uEcz<}b2|F1BxG?iKw!;T7GUlu6wKChD!Jsaf?zU_4TLO5$8r%)st(A^UsXS0IDd^$y8m5q78lpi(ZEVvc!XHy--19O+}Q z-Dt3b3AYPYDBB4rq%_3JFm8=jPY_Xn_KgfyLI#48D1^72Gqw&0g?*A$hmO4VNsGcv z3-@fC71Y1gWEp!2%qzVbGqnaeH{+}B z*&XO1b^XEn559aqO*kPSlfJnyk*2Z7QHyzaU1ga+bH+1r(F5(T94nNYCPpNCv&;Mi zHn3(8^Dw`sYGyWP6UHEIk=nfi3R27HiDtO|f=!~mR!(x8rzK8z%`HY1=tXrmV0UEU za}b`^LMM9P$B>t|pP7(P4j!g$VPVWJeR}AC4tcqVt!!mF%|WG#{mnma|1-c#g&LWc z9+|jl+K#rlGA6>Ippc=QIIu*j8w=$rA##APXqnBoMMK_#Q{3{uU(H*JMPDWd>xr&n z^ru{asWP8g&e;q7BcyL4Q#Ubc643ej40-v-@BVeUWM+V4YohK|{q>aR0Q1{k08skM zq=U)1pNk+{4lqbG#f1L_O@;fKzKprwZoKwivq2gmI$UZU^dYWRZ!`VLp9Ukj1qslH zNHWmX{`)xpoaVoV$y*KZ2IO*fW6nPkeKDdX#P^*H9)_^BBcCl#Xr})>hWy?p_zX%s z>5<}V1%G{?#~PG_OZkGFaE>```PS)0xby2ihSLglw7+xxf_WORtitBbcs2SaM60kH z+$*|e5P)Jv3b90ZwoC4vVmIe`2+?X(61ChLE_d?I^~B(LM0;^K()<4HP2Ob}^Ln~C ztfhW+WUg8H7c?`omw@kT@v`z;$RAeT?-@>BhGsqCz2&)QJy{kF5MTcNO`?iCfMQZ3 zfcHu1mEyG~wJFbiOHprgTr)np0B+~ICX6?KWZfVZ>CaSOJCbr-0fqS}P-*lo(1&Pr z+i3q1;9_&O)fgwglr<2V*7vBh?ezQk&!xBg*`C(EL1$>yN09Lq+~``#FJ zqJ;p`3DA45z#$L-!F?8*j|!I2PH&M*Tcom~YS7~oekn5d*$mGg%veJ_c~nde;+T*N zIHG_SRg8`fhr4TQ#UQ`HF5J=ysW7lsOutOgt$aKILN`?C)UME3WCbY&yLo_ii|87n za`~p6i75a;o&eY;I?!Vf2W6NnJ?fGoP)lb!fD-vD-uTADTD97cqMoH>F#VBG?IP|;n(_~q4An{sMFp!PPC7#apT8*h0Z>F8N^ zCEv2w>;JN^TL`Ui(Ib?$Z&o@-d4uo&KsV-yKqC;7^D&_S9mU_qeR5DxSGWGm;b8AR z=DwqA5DprSSh@ul^@NEWlR)AVs~epn{s6A_2g>(cIsp5d0IK?dz4-cHtxDP_?X2AQ zH&G$jku3EGpjtfd#2>5x*l8o^3vdOLcPAFDe`X;bh^U6dn468Eb|w>`8Xpa`jF5)` z3JH2dR~Fz3u=~A4Axr@22k)*PYJW1kta=}3ZM`rGp$1^GB#`Bt|L#LiIi@0EoPdw{}!UjPyEk1J)f3=ban0Wjm0W63;2YpY+} zJSFuzHKA=P!5+)SloKf25zkf61ZiPn?rpBw!rGR-PTtie6 z=6nxw|N67UF?0l!*e1tpkJ10IX=dws6Ad*dfyOPxA39^IS+6 zZj1mh*hamR{Vz^Qwh)IPZ=mT1PzQl|d;>@06cDj_*QkG*2iL>?F~Rau ziL32bOygAvBuE9F>@XxbF{9#?gtq!f7GnXJ@0@LAbo34=t|W7`12zc}3Q{}3kR|{_ z2NS~Hb>={uBBD3i-FNmy1JEzmWKTpE_MYkR<4QXxg_SlHkHcRnE zY|RuS{+?D_Q$gD>7zExsbA*>BQK;RJqWKOKFY#CeevTM{BT+u*D#dXoP%zuxjckwb72EbVEyRrMmmW%JsK;4eq;(-9c zHbfh81Ayy9)ka59N(_O@u38yUXQD20#$H^#L1@K%Dn?wr<=zQ zD%FzSx{u2)t3P_)rD4Iu)9j9T^PL-A>aPCsFrbGK0wJ7&t}5q^R8vSdqX@Jyy7W{Q zSeSKkQn_k^1#p~Uny*k)p~mI*LP%j+*ZcFML8En1#$baTNOFc`(*UK4)2OA13cocI zj}Rf*Z7}4s)MnggZJ!Ul z%ANrKL-KY)xc+sYQ@ov$1yT}9SrYH7?k^~9uvA=#r6`g3nv*@MDx3#gqU zRxYQc-_F0=yeO<7Bbj7n*_|3tv#LS*oK+7qQ0~?{jUWEQz#JGvGT-2Cf4bq;V`q*O zL!uO#GGG_WVIVfaTkod9Ow+dkh$C=0adR2IrI=Sg=uo2kifD_P@1R|q+2K8)LarbJ z>s>26(3+mdkB|bXIVSY86i=cnu!t#ZL`{tMaLZ>4WuUBX7uKJO@OX#jA9OL1HRM)7H^)ap&{Z5%7#$as?oXu znnhU?vl3WOkLHI;Oy@yvcD_4Jnv5vq1#Z+!CqZ669a_N%Ki$?#-X9znUedE1D%6uQ zUsS!t_?{qdLRd4h26R%>st-^hV5?N}d+NH;e&ZrxQqMjlzGDX(#{2SFe{C{on^fpO zgtP%#m=@Ga)$n%At+)x(Ow!rF9?mH!S;y>~q(vd#Q+zT9b{`n))vydI;*IoVEG!Ij zxXKfx@OkcAiGbhoLi;(X0b_&2Cw8IN(Q(VB;yMa?xtwlSzo%U1iLL;uO}>D&l3CQb z(Ms3H3rf+8reDgpIIj=a3#VpSPdzTZK2mlXkn;$6k2OZtS;zEk@{O?lA(BjvMta_Q za5yFh@x@@*h!N;)zDUusijm9$?hz`+)s`1Ja54u415F>*{mlh@sJY-Oz-8bDU68`q z?jfE$E3Q9sCE%EfpBx_<$poZSVF}D9lf*Kyra!;xqmv!#2=-i%u`j1)_qR~Iqhl{= z(4k=r^}`CLCd-s>tmYii`BI?U2<`TBa#$oKOez0)(Rc zhmZH5lAlE=S<8F8lGN;Xd65yRQ*%>e6}+X_VMaKmvBvg0|mze{)nSPO=f8 zc!kpvMwyhrhLzNEQG=02N22`sUPU{H^`4xnB=_8M`gk`8JBe9Xe}H9TFl=2G(%70Y z@k6c1JR|D%^ZMLZ_g$E_SD-D6I`iRhxFD*>5eQZ7vqkr%jWhdt1bW=ha)xb(h$0F$ zyc@RZ_p<-_cp*xTrl2XylwVoeAZxzo2C*nOpbc88Q;rt+;Pm@>fJIhXlFit!_=qf*X z4JiwST~#w+AV)omM1PW#lse(ovrE2EDoLdu!DTC4k}N3t}pf zQKd1p0Qzsr^+}FNNejgY7cVu*NkPh66Xu9I8kV0+m$-VX7EB+1IJC}X=!S#1fB}OH z#^GYr1&E_XfDPJwFyxHF3-xT<1QCyLo8z0jw{lJ(Q{Er~S`Wa4Y%nHTxN>YD@hjxg zDWF*u)@n>rdYQtB%7(TPb@txld-L)ZNYyBA?ht2c+Q%M1hEoF0Hh?=D3gFr!fCG`R z+~gFb($iQn3=qDX^Fzkq+P;#f`7Ta&DsEKDN3ruafgxp@ZODqLUfPcJn%_MOF! zs5zkW8S_k7DEoqWMgsqRi29GeC6^+{D(2vA)Jl8|&im0D7c^(no3rcj+EpWG5Af?I zR}F@!%X+3Yx(&*CNj3e}dvVOJ0668-Tn|_7Mg+3}2>S!X1C1|on~wr6r6AUvRDl0B z*!Y?*w1VCCH9hK7OGr>uJPBexJ?U_V%e^uiT@twh`sg^_ON1|WA+kl*+jb?m^|m;v z1)GrcNw%Ftk^hWcrH0D$TzSEy!=A(5jfkVBeP&G~8pkHbj9l%RvNXV=GXMf|D3*D} zQcGCFf93kWB5L%f2_*f+IDD<@MO_Te*1@g=)~AOz(YmSl!i!KS;r&{>Zfc~h>d7}~ z+e$V^iOf&exD%&5=rb|=nU|S{4PbL1)+c<#ETs3iWdtATKFX~qOC;a7Ar?w|1G$>* zSeT8aciw&~^mJKPmu1w%&$T#q6AfG_VULOyx67eNl*=m-pr&cC$^iT&J&T*Ul{%Sc zB%wd24$u_hM63NHGxIBz@giD6$7##yqVR;dgs28nGZAy6G|nm=e`XOy*E)v zW=Ybh&PYFB!t)hZ<^LrR`41oR^Pi;YUQv;x(>BHG=e}K=Ab3KPME8a0za~Ny6BUD$ zC)+Q2+VBs-q*)B2kjrLvZ|D`ZTy>i}5GUjJWd6h7M0@c;xhnR-At;l;_NQ<$i-Fl2 z3g!KqBHuDZw#CPf3NXDveB}?R-|2wdfk7z$ERN(~qeYrrXFHXM`IjTM_Np$CKYKcb zTG3%9Q$!Dslc5DYFNd>aL6;Y@UwW>Woahd`8GxJ z4d!Bd{R_3~?#f9J+xs9B>vSdGzUa;b6~GvPgDEyROtUXe_@Lr9?5<5Uf}rL~>ym<8&DkM(GA*vo(Mh8kqjbA0c8)EDXzuX;LK`n)}I?ycyy^mdMN-=9ldR6DUQRu z;bTtHD()Ya0%=-ZB=&69cfBn_jaYMk*Q;P_0L%h$5>7*jiHuuCPvIaDQL#%R@&qu1 zNlMK?@B;(7fQSgeeI(J=ptEa0Clqc>K$4ZpzJO)u2cT9zaBjZ71eoL#U<+gvd{uo* zW)eaQLC;)sEilmHSxN~FAH$o8g-|u2IvQ5MHnG| z*;U6ywe5RB)S+kSh8aRqKq={#?iT3=rKFUQZjclaB%~VzL_|82PLWVb8YHC4x3>43 z`|f+6d(ZX!XN~OHwbt*OOCTN*U`oCt`M|GI%%!Z&e-)R4=v2+N9@;_(11)(H)6UyR zM0LO&&`~Wvvh;|!0NZ~e^<0m%*qQpj+{mMa;#BfEy%g6~Us6G#rA`1$ z>*9Q%I|j|M;#RqWrTzazn0)4M=M@(6InTG(HG-hKvWgD?!QvH_)msHoxj5idcpZV~ z0NT&CLDGCEX3q(vq_wYNa)Hs_$`n+4VFyu?+lCm} zZv|R^Lp{}lPC$baKYI(d$Dsg`Vg^mO>~nzny`dzT0qM%g6i`|Z0jk=y-St-(lNj*O z9JQ_hN)CsO8enAHPb*uo*n$8Kk4*EN4>twAn1~-tKf&bLH8=wND%5Z8gETx$u&**f z+9V}^G{;EMqs=M=n>3P>dt=cMAVguEe+s7hDv$j7zDVj=4ZtW(cqu4%nFIS=s$J#8 z@viFb$w&SZUAyC?lk|JCzD7omk2}qCPr4uGp0roz(&VcyCMRs&sm1pqOuhwTgy*(d=@$73_ivdL>Xi8%H(D+$54;EE$J|;qU~1~fKc-&tNS%p<{4(3ZQ;GL& zzbc$o8fLI=mRB2o(tdE^AhxRl_D9$tZdb-VzN(2|3K&`lonfyKL>%K!X5w`B@r=t;Q^Z;1R4qu$$ zEAE_6Ma5+lf#NS5s^sUmg>8V-#|y_xtiNt2^s`PN0hH)U+*N!UDk*g(sl_}fsWGIUOtx5q9z%w{J$MVm z&B9l(*XeRP-1F`$_hbnUfB|gbUTuP%8WenpW58?wiTw<`A)UWM8M6vR2l_XZ}3x)Ky$+MRaOi{tI0&KVsJ4O>}WvfV1ApO);a`> z5}3p@1xcef^LL5o$~4Zc&I^acK0&4+(oc6f*blC(&pI2?o@oF;XVY2e`7_gPU=q`* zRSgRGTubYFge;42Gm|xm+0Py4@3EeQkQp$-2r(XBE>~xDil*RYg@2y_L%HT*8<=B> zFWX_9*l3NX0x$zR55rzze*r+0(f)Lw(hr21tbYMtL)_EkxIZCNL`mbx8n?q8GCa}) z;wjm>FcaLV#2Mq`@k>ZSR#!x05C6dgg?$MEv|1;KABCPj|6*nIcx3m4?M>6J&wNdi z-@RQArW&wl7UU3)WmfnA$&i^F|HV?`O_Taq(GzBhA3~A^Pn$TV^Gd6S6}TJp9?U?} z#|xv}8HDelQ_cw`$2p#3Ma$Kl#(yX!{(6nKGD0gWyk$T-egFjn8x4h7OmHkuUVvQE z`Tg^Ueb1M>qR0tduM&;Zy%xvwN0+D;EY9Hp?~g7x0F={-q~x79H5(CX^W5kPN}9U3 zYDEO;;4E>|IfE#}_HE1-TJ+mcyLcu8v1#I-jLGaT=}?F6ufwt{kW%3@Uxu-C85#zhuh zf9aWRa~p@V>#4ie1Ht()`gvED3aJmlPMD`x90L@Cv|*;(twz9Ohu*@-Y7A9vJBJAc zkTksXjJlu!989GP(HqQ`+0ZL3)FD6U)7pF)aoVcz1!kXoCe5=ZPh_OulNu{|6(h*{ zfRebTdtazW;^%RPAt-8^KOpo*Wd@1)^9Bf{h=Ip!Xa5d!C=%u+vTgWQ6hV?rfXHH# zRKf5E0Do>BRneB(eq`gWfKTSovc{?Z@@gBv9}yg{&zEEInF_nfn+P$CHQ2`SPoin( zn9hK=^Hbf-gf&JYY(#A?3{FJcZ z5S?NoxwKl!gnpBZl>%`CCFcT}tMot51wGh3r%N0y(k_7q2KQh3Q*&!sPVp2*``@GEV3bOBmWeC$y4Q>M>heR~5>=0Aq09I~Z53U8K z$F8|mvZ_c~uE5NR%lN|ZtsmIUx>&vyeg!LSzLv%h08GOzEo&3(Bbh`-v97Yfe3SZu z=YS9`U0qXB2}4ZB(7EGCz@OVlk$>7r>Z5O0xXTPos*+~dU(ebve4;BzqX1pn@`fa1 zHIIdEp(tY4b|g<3M@^kP%=jU?yw*`m>E_SiZnA?|RzZwstee+bjR0_FS~l)SHe%c= zhhe36&9tKWXZL>K71OjNoxdK%2P=+CF6L-b%yG%FEo zJ{fhK=goWvUW!PS8@-nV{2Ph^Ngu!<{E|Yd4ADYHJivUaQPSYA2jPxBOioIuqQHDC0`vh@$zU=gdY=I@IiBTgrk3Q~>tcRbTRqZHhmCYz6II>80^5slT*uuKi zIzmi{$7)~$xjIFv81e&DSYy^YiJDsBxHARL^j9ZYy8;?T^z$kqj)rS z!#&TZi?&MWdmVj+sF8i4@hZNy!2_%j=cefkv!=Z9OCyNR?u(Z@WN6JB>uFsYic^LU z#PY_qQ$_DzE^kseW!q=z%kaCGcVDH4V=?iiqF4{PnjPnRz7c=q7i*)C90rp+Y==TA zzMRjQrbxd}5!rO3C#;u!w$QY4pZe?hddFA(`D})*l(4MX?CBGT=ntq2OfPg*`NpGOxQ~v=L-w!@?se7utpSz5?%o=6Tqf z9)#yYc6Bqo@I;z1s{$)&ZCU~!99-F_fsM)bXH{?kdL`LK+SdC)ZQc7X))X6z^mN@Q zo9ZxzSNs$Zd0aY$mT(p1c2~uNJ^bsE+zsx9RPD6>ka+OE`9;xz)Z`tEw;I}o)kY!y z^q1NWxV(*Plh*IJr*7O2kPb3~($|mfM4OOA`=lK3uA9x|>e%|_j$b-`daR*c#p9Tp zVf&(I^Ujj8&%FD=zApGX(WJ-smWopoye1AygtQsxapbSC)2L1vta&_D zLp9+y)E>W|6OT8@or&a$79&p4zvBB`c)YjX_5mcg`_H(UI3Wob<7qqYDQF*g>+OvvFOCFX`!7oJDF4?BgdCaa z#o#b*QMrw(&vjBdMvZJh!#cQ6W8aLtA&Qba)MQ3}S+;)U0IbcGC*5GbZseKj2JNwe zPp3cJxYhT#J74rHBE&Ih$LbE6s7v2gN9w)Xr|Is~2cBVctT>z0$x(OYv6h=@V5M49i+ux$Lgg<^=NH zmMkCdv?Okt(JU?R_rk3kVr=(#gVR|zL#qvkqxLeM;6`^%s6>%fIf4ytOl-d6;)%p8 zD@TIughw^_;nyxMA>cWcoN}7Ocal4NnVdgvVMfo~3gFE>(4}yRSxt!@Z>g>xZCdp@ z*S7Y9?yA$2la_^#;ZrH*GIT|0Xr^_edi@}Gor0qPt7|=AhV;NV*C$rQkI+V`r`~2_ z#?)8L0gH#%KZ9w2Hg({QM#|ooM88(wjQSu;%^yyW|N8wz@wPb;O93O%pn5WMBjjlp z-PT~0WshfH3hKJ;9u3yk(>s}-9{?<)uXlC)43l|>>=hHY3(@n-vT^hEhXpJhH#I)x zOe89h`{i82dOdK2Ta*f~EgU*n?dyoN|AQJpN3$4`A?3i~Pfkx%U<|rxqeb40=hJQ; zbXEMuKGlHk8}-7Vr`IG39GH=Ps!0^+kaTb? zs)W?Kw#m@kcqc%)%~Jhs2rDN*CcKXTa$wexso`$x#jsyMlZZ32fOFhcTZR8R`dotf z^70xFYhMMPFZpYZnXL`i5tkP}{Ris2p+v}XnG@ZzN+Wc32h#I-zAP5s7M7aMDi~WO zm85YYSZ;9^(>lZxY#iY-CcN4_F0&U51rntWthKk^74wuuc`0alTJ1Hzz3LYqiTmE4xy7dY~MLl;euUG!{@{n&{FpS^M zhu$RO%9vbOq{fBLU(%Wp$CoLP^jMeG9YQ2ghA#%LCZ;e^YRrqidd@9KJl_40qXa0c zg6)U*b>zci#$@QfwK&~bq?n^B%1*R@qW!3G+WWW*v-O+QO|T$iS>7#tdZ$>Yv?`%@ z`+n{F_&%I+x;IZiiUpIUaT3;I1wJ!UN1J{n9-o;TzlkSzvij=H?kgtU`|m~t*+i1R zEKkgBclRaSdvn1h zR@dY0gq!CtCC{G_^S_@LO_m5|>yN?JssY&6ErTx=K6#*uC*mJ zscV3mlqRk0E@}R_7E#GYsbG&)-sHYH$xHO$H0!^^*jxz!5>9Z;c=69DJf+v-Ky{Vx zMPvQH49LIzRVFtk$XR-&^3GnaQ048t=YP3i{p*n^t7h)t9Dd5v9GMb&Q2E;*yX6lU z0jq%Y6{f#f82|O>0CDy7YFaa~thaohi{BOVXzq@xbk=Q)lPlo}8 zKJ`?2^N&aIuU79r57GjI!cvZ9#Lw}sk+^^Ty5g5ffv~pO`46ux;b< z;KgsVaf8iQ40yIL#`F)Z{O-#Q)%zNqXJ()Njp$Dx&8dhV-g|rdueULOo`_%HP)idC zzj?FLAkXx#?vu}a$KjmdQ0u{r<21CAzu z#o$qZN6oKW(G3NX0##D(g@fm9P~b}H07a`LTTsPl9&Y_lkW1@z2&I-mQEI=W6A z@-!HrDvZ_3A^3e8z`Vg=;>cdv32|8lFfShHq4Z1<_HxNm1OXdZ9CvHkr^^Q@0h#1; z1m3#lwCk^F%kKKi(u<3)M)FfCdu$f`8K|ql61zAu&;96K_7VdC;^}pMK+apAO|xD94u}CIFLtuS*LL~=t#^5@ z4Ukti4>D$`8zEW>8Xd*qm5r25v|9Izi-tft{^%X^pM)#bEQ53y1(_EA<)xE}#ME-e zT?h9Ko*^ZZtHjq}NjjjXT?HX;i(EkVm(7XguJs0RtYrX)Y?Z!0S&gYBImf4cuQP_4 zGEf*J0K$sNHs%6OfXsT?K_wz@F7v+>@k!F)C=xEQ;?VyiI!tXitSOzQ#a+bam#KHdXl z7Z5z@z&IPWC2=Sal52o~#nIrRmzo$dUU~}>+uDF)h%8XIkQQ>c3an%XqI33+sEUb{ zfNCmd-vC{3wfcVSrTdluCA4!RkRH;3syRPQ&c-8@Y8M=10H}TM?i~M$DFk@O94K>& z9C%h0qpEcja{0$1rPOzAJFP92@$SAC>DM0%y-Nd`i&k4C51!p+l1S4Ss5~RWV`I1I zj&@n^Q)%1WxCx}F%V#4yqFJR5S2B6j--=dJ1$YA9NR|EFv@771)>QeJAwnts9D+!- zyE8(0NN$=B>b=R!FUOojjw#b>W`4gyHDCI@ z@7}Awd`87B{jtU?>b@%Yr*)9rWrv6Z)7}*BIRG>~xARKMqhD@ak@e<|hrbH7EdQcf zQ!#xR?=bmt;rB0)QXT3la?VeGI4m#oTK$+=n-LWym0}IXMCVk7LgDv3h4$x6eB; zvYKs&FJmfiyMaw**IXV$!cdSAt@`+(sDTK zRRaz5bzy*P4+V)MOfy}kl*h=50qmMC_bKM~bq~Zh6bdW9qN&3+?(92Umomty} z-sM#$srnRrO>w#o+$U||Do|v+1*DoeT?CdU6eWlAhAWLGIjB*CK1#xk#`oslU0`Zj z;1QO!q(UdcU{CP?G)Byuo#qHuHH-#5M_*r!@CNskXNyqdjw!%fv9-cY{ordUV0~$2 zdf`CObOXpL>tc^OtY|JwOcZGgs1niXar|W$S-wA8^O(HhYXov=oCR6$R4TQ)_jZx` z%=3ynZGv*q=vDc=tkSA()}4KDw>5|s)Fllk2TcKs6{KAe+ ztJ@8EFuHp{janH`^5eDYY8RAk$bnfmv;^i$flXlR)^+#WIqjvj3c<|@m;_pHYDYpf zZ!ovdyA1P(5a;0I9D9OOLUR8HgdMnuRXHlYzeolx7G$DI<*sSRl!3NxM$ZaW&)Am} zFTNWBt@6$mars+~@`(mC(@r8dLyks`!4J%Qe66Lqt5e+IHhdT0F){uMR3rA(M;*<`% z6Lw~~fxQf12!0UGDsX6Pp%`Q`{W(Lrvfl%1hi%ovY<<;s?ktBP=;yx$)lI5kS`Xzz3*xj;fh+V9+yNHsq2I2z-6X*K=3JW&U_M0m1jutUs|#7&ejI-R zEG|~YxwF6MXJg%o`#0Xu_PoFFR3=nI;dES}s%1Xs*O&KLbPc$uXz9IzQV_Uv^r$Z< z%Y2ADk3mKsvu-|)DkQl>7dL|lP&{L(yJHh>qJJ_)NV@VH#svQebi-#~LF?PRn@#mSg>S+DHK zm;^o{Xsb!Wx|g%ccCO_A3WPs8j6a^Gg^h7P3tF3e*$;s+~Czwomd5L(;-v*=PD6pLt z)#`Mnp54U58ZoDk$;Qk29m;Zb_Cpx4j=?S=$S6U6UWrP(eVlJTxJ`ry_%z*PIu8g8 zP@mhjqXFm`?ay(*Sgy%>bLY`Q&7D_UK^qkX)lD!41T#=o8-S|5`TLECW_iCTeK9}M zl;l~w@}cU!k&_d8202Ssbl;!^*u9-p`O>0sV7cKK$=R`H$tSYk`9h12VTn7Wa#aDP1$>y4v$x;H`6BWwGHADb9|EMX&J{ zvJ!BTDOjizhr8v@_U^HZ^|eK=R>-I0qJr)(=naG6o{YjErf zy;tepEZ?Ir5rQQmXcVHwMzv;H$EqNXDEaaE&Z&f6jN6YlsD19z>-&Y%E?(yrcUkf` ze%Kyslba-exdC9@`lsWLzBBnVebr@qsmq7OMWVT0XNBVFFrJLv!#Axdjc&u&bhH28 z;Q0T3E3WgzUeD5?-fFqoLt-Cy68fbj9EVEym!AYe|pua@E~Jk;72#u|NZv zX)v_Cy=p{OTbyTr^${L|suOp6&eKbnWM5>beV<=~qNtvWVH%R8uXJtSE!@TH*#fd) zleD%6U+S+EVdBz?3geB)!s+jF=NC18%TSd-1u&n@!2IOs<1EqqMls38{}RdkO0V#n&#zUDYAsdH1g;QmfrxH$|9kk~&0S#3fDk(G_}r6xQjv^s>a`fPW~x43wJJ zU1jYPIg{TBfn0mee)0XW9@vkQVwwEIRWkQcgkP>u|M#vXaSn9i{)$1q99O-y92{x+ zYjKl>#Z>zK0;<>%N`$9oh4Y!VD2H+(4N3xl#RNP%S0S=edD=2i5( z#3KTxoaCcuy5K$8FtZA9F#K52{a`&AEY>a8$Vt=6UlEcaM7j~!zK7SDFb~M#Co5mq z)}>tadfPO;Yy^zBujE#85>&9f;VEfgomZy{_Jkqtuu^hf90$sUo{UAEf+ZsY@d$Fo zFzZQp*MQA}OcG6B)+h)c(_5K(;|QgiZ}=Cef&#->IEr6sHJbmxT?}dVP(7Q#~F=?IJ!wmxlWN!XaTPr z>}q%2$*@;{XxQ+tL1SeWz^#VzA?aAH%sVdWvmkL$A$=p_5b+q{W&;4E+&l#D;<0l5 zZBJyqzwz#i2pM1SZdyi-`ST7Xm<)K&(=L#4nTQifB3iKNi->S46n-R4%9sQMw#~%9=Zc#-&6Sd!jTDaXc>&l=EWrM{kv8u+Ft67M`YsIF`U&X(5 zP?>Xm`|>euu}|cOxF3x0m`?6jHl@)lEpL<;B!IK;^YWgh#Z;0*|51A3;b`3OKsp!m zKz#sMjk%?0l=0xhaH1Pp8^wI&g?DkOy`M#!d93Fo9 zc3lQdUCUj-giiFTk`9G@k3d~xik7F0KXjcI)uv^h z)ae5}NgbmPa}e|dc=JRU_%QPu0I)LXBm5ZBk$!Ks1}mxyUs_W7gYB1kH&eEpbxAdU zfy+>@yZI`>l5!EH{~Vi zPUh?5<)Yl$9%WGtdBaEP_>iga!tb9i!#V^#z8fms{ZJo(xnRTG^W#;TTW$HqOS5}i zZ^CRmB|HE~AA?y*u<$X@v6#mgR#JuhUUjbh_?~EN(kI$2lBGxwT-PAELYw=~-rOw} z^IBx(mRt0C)?6c8q;)(^csu-I7z`7kmwTvc*X4+*#Eiaio=sH5%ggH@`$wa^O&Lbm zq`}^np(}NQ?;qW71ZY3g6&cQc6)pNF%QgEg8_bsoGC@s*xT={e?2(rcKzwI|b5o)` zEhAwc_62>p7hiZ=oMl#8{q|ZMD#k$&7-`YOUJda{m}@LCJVe9zB0rR>ahslnks$g= zWV3oic1L*)Jx&KI|X~WJK3MCos*b5w~s+DUR3RSei96! zPoiLsr-TfFDSY<>Zga;_$C2Q1hv|r*X}p9gdre0R)VY(4`S>mOOO=k|vDqucmBs~t zZ!zUTRJA$bl)=f#T>xC!g$rKib3FaCL-VhT9phni%=4PhwC~=SQn}|w#A0ddCDH<` zcAOE#q2y!FYoz}|Ii!^u$xG_5thq1&5YguRx8y7<@hN32M_-4>X@}~I!at7@ElJY; z*Z0A%e~|eIJtDEl+VZ0;owzjW6#*~0-iu$Y$`GzgWBk8W>i@CeP&rOqQ?w_wfdzf! z`kytKzxlHl;au^jskTX#=26}WK?`V9pM{?^B|WHR&e@`_xNu*ULnWfYR+PLzJ{74ql7 zlR1K)+evA9PU#5>aoV7!6DT$2M7K8NZbhX;`zFVW!D2g?u~3wA$lDPRP&uQ>w_&LAMIVf~c{9Kn)TuwTM*Mh4OW_UyqO z9RA%K%=&YH?t(!{A}c_9lj6O*cKJi4EQFF(hVXuQI1+ptIDJY^Iee6V0)^%rKn!uA z+`<&!lU2n9>r#lt+wlM@1j%>qn+m{W019p1L$xgr2e5zdE2ns3WQ(u9(3Lt`k3A9E zS$3SmUyG?c!AdF;0}A20gf*RjoTK^#Xa*?BIr&UnujM^pb5LIw9w#XCg_}h}xHkA3 zQ8YB!o5NLZK=LFy19bjS222V~FbIa=gQQT?p!&$P4VNDW6z~|W>K_CIo`Q-L4hRt6 zF=^5*H<}yM{rR#)3s1cRsG}$$K=rdOaCf%?mvIJ7C?t!AWK%o0HwPUFFs2`Gy&vj= zBzTobDrD01xUnBKp73^abKMcJ7gvnZkV3wQLg5Qz0J!EZ7xqDBs2E%cbWsTJ%f0D# zFAWeAL!k*R%dReKH>>V0SPdQeHX8YvcPyOzTgauB%zQc z8vX$}0RH?Pmsxw56JR1kfp0|28*o3lW*F^tAals<6eQw!9)V~eg#n6%`PePij2F5i z%XQV~6oP%D zj*bf4z?A~%dHv}^p@7l2O;a}jj9jM0rL|a4&Wd-;uOta<5TzlL;@nBz2F_4wec}GO z-_Jw8%08&s0gEYY-UTEOC3nw`K)fU=dv-Qt)rb%S*@w^ct}>10Hl?PfRt(8f2Ghp~ zpr{_LWbGUS>W+Z)1Z*UTIuy=N4`Z`&vOhr4LZ*Nk`PDz=M);FZMF1J`aw)^_LVyp| z3K`)Tv$X9J9>Y>rVsUH0<$HEkwjR)ju~4!olk-v3dV%DAwSwDgx7}{%tyr;6ou8KL zmglpn`qqtg6gr;%VG|RvPA}@ZO+QE~=z! zBl4yQ^KRg>*M)PFw~rG(+iv;vnd!!DFdV(OfC0n}WfP@RVo*tDrX2`XT*$H%BD4)a(Jyw#Fv%XCYMm%PM|1_90cTpPW?6f4M2iNqwrCDm4nlDlIis{7pz&WZN8EHs zk;1#p5K%9Ort=XlVH#F9tC)J-I}2ahAnH~$Z;jN$mw-X-%7{v^QFD+C(gE*9eUrU{aWC?joms>-;{bkQdYIOVP@mAL1C+Fbs?T8!_Jfi(G!!|AJKXoKkS;}3B0VLf z+foRcc#IeAFCnPo-oj_HZsrQd4Z|tSKq#l>XK*sxpb+EnTd2ZacLZhLGm-Tak&xI$ zo%Wk|Z#dr9G8kF>(d^4SL%0zbUXynm3eOAU4Uge5i)tnHw|rYECRf}g)(W0muVZt+ z-|FqQ(ZLv0^af-0j`zc4eJf0`_*#!Xa`F}IAkviPKwJKrHZTD6{M?E<$CnTS&b}&7 z$@?>hkWTJ>BK>b}kIP;P9%5>}-rs+`L_YLfU}343+NT++1siz(u_XAa{|~qR)ghtn zw9~Xwe%==*C`KkM1cBrgyoCfcO#flDYgF(Ibt_47!aG{o5Yb9EJ6A#Nd^H<`gzVb3 zG`(b0{087|Vi3_97-W-j=!~5mD7g?5Ga#vp5lbitr)95&$bR*wEsiAEg-_wc)ULhU zAVbZlfOvHgs7CViqV|Y5JI~~^T1=kdILqH`zYQyaKQeK^h;nA6-9g%)HG*KHd0B5>K(j%nf5rK-f;itKsISYY56^~cOd{T5s^gd; zF@%5`A)L|$n4hpg(%XZE&<}yp;d+75-GXK`avh;`c92#8ijy@|O>6@RB479;?CN4+ zAvRnU;&p*?QO;sNdT*)Yv?*GEbttwGS%u0b`4PPmTA&YWm%Ab>&C!{>%%5Fu(V*t( z+zaFkl^5V^(Ogm3Ug~I_Yzu|Vur4wc?NmsndByjU{9Ig9TkcqM`qXLVoBR+fP& zd%Bq-YXqvCIqjnLmJQPt#Xkzehy0e{oqD$1(LwPo_~QkGHbr)QqAX&Fz`Ogr+3_5iY1m@rgq(^ znXn43PX7V~J^ZJgdg&#v+T>w`?%1p8K?=ZO?;CZsRb==&axevs&d9`I4>N_+J0Hd1gA`}? zv1q*~7HTyodEmKEfR;~8+@e9kC8Q1@bt!6f6@JGgtP-C31yJ5Q{3udUdAhcavCxr)z*&xnsD?vY*Jq2e^`ygUVQ*;pCy>qw_;A8E6a38Kny z_wu@Vtkm#`(d=Ud`zJ2Yo{?y2h%`H|1X-qlF7iph^gyjX`AyH{JS`4;_*vDa(>+qf z?x^)tl^^1X1r0U9PaVukZ7-04<4}0?INEx$oa$LyNTs#rH->g^+Zzi~KmQ|U@UJtp z%@T&dv+G<~g6RD!w*ys|Pttq{^{(K;(3}Kr$ylpBz+gkRkuH~7C}b-?M0nRNQKj=~ zs8OxC>cn37yE@(UMN|aiNJ&4O?V;T=>VU+*rw*336QQCMeO|3$@NTg$S7>YR$qS zEK=qbF7Iwxg?awY6!i_>M8+%p2>O!8&rO9>`uHp zc@~AdXWc`mFlX5w8N6Z;wj2-cn9NAGmdIhFMhL^h5L zGr}j9xaNg-M6k<6&T@2R-iRS&wcX0W&TM1 zopIRTO8&_$!+tr;s@4gX6GVSg!uKa75-V^xQ`S$qA`P7!X`d()a*T2$2PK;RU}UDg zIH&kF96j`xqxr5Tx(pW)d-}WU(aHx(FJHT8v<+RAO@8_Cg32-R=W}nRpj6xHE8AAUVV3SWfh z1{Er!;dtrA4tJb{972}i85H3iAtAR_4L1Cp4=oC#>l^jur0+mBU9(YYX-4UNUUaE40vaI3ad38mK074=KV zK7?c$kv8kT%pQ$VP*mu{NBV5L^mmyaM?ZyC8f<-iZ=T3#R88iZvXt7G^3DSAWu<7H z^6!a~qIL)@F%im>M{VzLfWF$&KVu76VFQ#f5M6-pcu2%tfjc&Eb`K zi0z$NM%(k@{PUC#E*m2#l_=HUTbHIWGtubSGz4dsdMV#uCC`mNK&J2C{IualA+-Dn zvZ}6n6N_M5kAx+`=3Ded4hNMo(F)3)@!o@hSf&q+JP$4($C3XbFJ))z62Htq@msMQ z_m#Hg6m03D8C4WE=`SQQrGs99!LjQjgCs(diitu3d&vGO4jCN(yfCyP941rHUkh}n z%nG+byJDMZC^gACJq$TUnoRnINtF3C5T9y(3z#u?Fe9<%hC${6x!)mZAjV3l3ypiZ z4&=-@U~uvv(vEAzGL-=uoHn5AHGkg6H^olnG3~q~cy6ks-*b0w^((}aThO&%{RnqL zl(N`Q@M(V8OXqmzp)7d2T{y=Z)kk6bQAJ=bNRKEEfgW#>b0E19a1WUAE6^^)5pV8Qu`z%`w|?xOLiJj!I5@HDu> z1-1c)ne|?YE8LE&O|i~?RH@2!K;Bx~aNM1TlS8vkXAjGgTMZ>6Fy8im`Y0-PMrJb) zW>X;oXfgAN4ZW3D1d1!-~w^qo>(IbFOhUb|b4>cM_Dk8PsNzOg?6w6*X;+_6O7o)G1x{Ym9e+@EuY9rz+ZTbnhQPq4%cblgkx>q@ zL8I?h^CBm?k{#P%J>kAq&*Xy7Do7$lfU;PJ=Y|BoX!SuTUz@`m@{30xLpuiYkx`W+ zoMx$ZGP(;RoM|IgAM8WlN+MG5qplDj!73Ic?6skB*TE_K8e_<+D9cYWHrEv1 zrORk|X~o<|414MqDCWa=skOV^T+30hA0(K$^dl!m?H1iup23u&u$$^+dG-O5r~!5= z(f5%$+0@d;AJG|He@X6%hb<6q zr@mT0VgCm(UXXBU=>EA!nTit0uj}e>r2zP{)YbOY+Fz@XmJIl9QL6ex1t7*+@nQLB%s<&o&;x<{_%oVr!^R>`{^mANaEjyc}27ZkE8XZ#cM|0{r> zM;AQ}H(@{G^`^@lzP}#dq|K|!mvJ&!S?V`~6un^^EpNT5pn3jY%)auwj{?^HwRZ+z z>`{uy@5Z`#r)Jl90uCamOmz%Fhof&)U%h6h3J4T)Ifd3Z`a7M~o{N$hc?!YL1Q4&o zGTX7q8CmADldZ~Dllfl7-1!Y4KP3^Ch@DtvUcSeE_Xe9<_gBZTbvqxMu*S|@zy>Tx z_6ZUOHA4!xU_Qc}*CeButbKq8^pzvy+>=1ob*>G;h!5{|72;C z-DDoJF4W&)aL_PEl_8qqyQEuUfhuK0;@Xo{^WTHV|9q{PoB_?!L&wcW(KB+TzlGQS zNgttMDiNW}YNRrM-qiYyGy3Nb6h}|MLz7WR=rV7+R9QWgC9zxC;_7SIiU5&fxPU1MVs^7H@Ey- zH-VPS><@KhgNu~5Ofko3(PTifJrz0>!v}euTcILkh_m|q5z1tN{16pDMb$9_x&V|@ z?1~C0y3p=YM>YdrJ|RRAaDmR`=>1+w!e`A;Y`bhM4Yd^r+2I1f*0{?OR58``^Ww1$ z0M$!Rl^469WII8C&wy38mdrmo%=Q;WVi70P3RFGXH7~$Jr0WSB6|Oxa2THg4wARUo zzCyXsTm!;CM(bzdeVgMvR-p`Gri?SkO^&$lVbaeWK)wJzMD3lBLjiPydCD&!@-p$e z7xMS6!%z6pekk1cs6@hM2lRJiR4!V=AI zPYMBmyv@MAl=zp)!>0{5Dajs~{2ZHSAZ|{y;0*v2L&}>j1oM*Gu8RWo3;WRQ#1pj3 z^FC)xMI(UFG=B6I)U88=*|YAP6KUU8)@UISvE?+^?4Q^i)oS37L|TE5i?qr7viSua zmv}+P4`8DZffz;EZlC>lY}$0M?Qdd8e6?*&?I)g zr#bz2L+lePZP_v0zjPXY2N7M$I0e>P%G=EXltGydx=`1F-nXWo=Z>C$$I@_a z`mI%6NekUZ2qqrK+y7xG8RABFN(ecw%2q@G_Z;&yxHX`zkI0i)hxd7pO66>+tgmvb z1BTa(0k154ZFi@O_6`z1AoG{R^05G!*mm>fS09$ZI*SDv3eH7qUD=h%< zHCD_Stu*h_3;nWguJ06*(CxWNR;=2Wi|vR6Mf|Dt#Ja z(&_6Uc1_(T2v(Sv$AraV6RPEYq?iuwRv}qGi6=>X?GWJa4&46R;PDRz#x-^*PO?(; z#pPn22QL?dd`m!(S>;!ds!n{ezfSrRJf<{Vxb3fXjl38|Ays87;tthQN;n8*!)*XZzcy>z)l!FAk25iK_+p0E+_g`?d zxz#FX4}2q!vm5TYaoX_V`lLjd?gJUoA@`xz4X2RLvh*1{=Zx^rh_mK$;ftd*kBr(M zol-*jzGwXgyVMc{>M@@=>F>ngK!vTp=%TOY_Y?XN-0GjYrQc&y>mlYxJ!ts{_HYMWI;g!^jgh1F>r3%~UI+&*QLW&`j!8 zUu+q!ogwNY2`Kw{vC$f=qu*M8nx#?Afbo0Wq}*}Rs=4blnQu0Y7CIO>JbV-WY@R{puzV! zsLWu1ORPW|1ZdQV3xr}8AR#N6c9G=xE`<#wx=ONvMkaX(n*eJ6!|dq>nj6d{xXXm$*mJ%l1S>fS&p zlu*@2p3FLk*N=h+Ub;MVCEGvSIiWGeM#Cu(U)E>Xh*1b&IIm{Wcuf?HWfUOSAzOry z##{FFhn!n4 zDp?xCMWP`=kLb9i4l(QvmJVm7>b6wL6_=JPr0sGB)m>@xT~W9C$@Ee1RylH6 zh}A21YWzF^gUeIOVbnkafDye~1LzTbl>ya#IK+y9x7|Y}(`Unpi=~RFi^TF7jmyum zKS|y0>0OY_m{{K%5HlnDA4--D%ckld zn|2;z^t2uqlJx$l1mhJ2*vr>I_1k&ZhR6sY^~?tI)0EL4fCrQkA`U!ty7jqJuRVmz zi%C-VYmEb~iswre63+gf+k|(HMt!63%p_Ce5-I!-z$Qe~j<^MZ2#~Xs#bC(399;}9 z1=QxFK^Vp^M=O(vY{!+h`REJJVvypB!;!$2#Kce_!=_OjQiPAQ*NkeYM+N9zMyR}v zbHQ`I6haHT6#pS>xDK&k0=VkPnX@cW^fC*UYyuPuN?-?>PMkc<>zr=cw}q1G4XV4g zb48M--7?HE%t9uI?fb2zk|A1Qcn)2N#KT>HE=dpJP(JsXC4ccO@o}O|a{ygv<;GO`ItD5GN@9D8PF7D;3z$qp$( z2q_`i*&^%rxw`NBxu56zEcYM3|DOI5=Uiu8pX+nI-|yF&1R2{T5PQ){?iUTh558*$ zVe9BeQ?FDq(F8VZkAXp~{t2}s*co3U&U~kSk=80yQ&5Pss89}ZqTU$%rdAs z*7hJ9%2$4VYX+?k001W40MzDdfe9DOUX?t^kx_pgjE9mP=5R&Gh+Tzf7E3H^2p4)~ zh7t=6E)xAyi?n!`pRYaT`bi&dN`_?okw^y?8UG8gf;tuEi+cFVN##&pl~}x!2M(7n@#xZ@VXj zrwzLneCqB5&46>9hsySN@SX~J5>7+eAMVPbhqAbwGlxofvYAbAo^Nu!4CLtOzfB5A zwP>FyeX&&K%0`bojAcx+k9E{=4F?`hG2AeL^^jUnjGVqPU}P85lZ=ZA_IMbeUehU| zA}Fa%{qUOEgL=OSSmYcP5qeyiAB$w1YEv(I$E7sMgwKMeO0&4dq&VH7o`S91g^;`_ z2p0q%zZwg$f_!SiYKYZmjt2w`O46TL35Or_?XT&Ls&&hQV{zf|0HL5YOig zQp@JLhD28cR%z1*6o|9i+AL}di4Cl0=KeXXf^s`3IX{pne1G`z#UWVX%a;hgnt(G8Js>sVt1EYv3 zpQk8A-`;fnM4K`)v^M&j3PuLVs`*B2gv}mc%}w2%*rsGrvZh8EA_SVSZc(%zRHHQ% zf2zJ_1p`T;TfmZ)KvH| z-7ya}Hd8{+P7ef@wt>BX8x;p{A>`CGuDSG~E(v}zPcKR+Ok)nzMKS&9a}JT*sW3o* zx*@&rut3YX1*%+%iEIlv_M1Dr+bYhD*3IY}f4PUFhNk~K`FUY! zz{kL>cout8<3+@Y&~qV#`PtX}6rgZ1F;Xi1H2AlQ*u+Vbr<*r)Y&ABTrTB;8lttTy z*-KK5C@mGZn&pLI?O}o41m0d%u2;7?(|GYYRmNw`)@2_j{X!=_IpjDWvvrKXt*t$H zW$14~xn?WQ!*)XH8xOE{0_JJ&oIdF*JdQMyih1DZrduYVOCaQLw}K2+m5v;NBd=2H zQ!ncrtCj5=hj|2M$va%cvmTIdObS2IqqhB4%Ds$W3<~+MDMsed(4w*lXH(p9cao&k z3zD=lv3%IMHf2B3xD+)Qdihq8qlvLFE1_O@9287Rq) zwjsXuQJ&E0EA4u)t61SG$dvP&;ny^+fFX(Nq2g$JB=Ge5vh2Zr>4g96FB%A48M!hQ(OIqRjRa|V-@^h`loKIgfL zfn+A9(#KJ%$oLBALv80?J}R#lxX}^@4qeq=Q0{$i*u7(Gz|KNwah++BbuqgOy+nv| zO}X4ZmSO6W;kO6*ufN|+D2=0<;`$tuah#b0=9|u4uWx0s`0^)iQ{u;1Wi8uexh3HX zf10(VK4W)s-h=W&ICt;H>nt!~U{}+H&G05OX*$VixC6ny*sDG$Ec-j?cM=_u5|MhC zwmqn1Rd<*?1ixbmQwQDP1!!8qZ*Za1a5H<*9iouxEQU1`a#ADaTMT4M@_&wBbSpfg zsgV%4(epBvO;$aj4Hi?G!o}ncG*6Nprfr-qeHVQak1=1uk{)Y=B}X$0piftHtcqOZOY{#V z?k`UaD%`U9t|#;DAM{l(|Ik;V?)|Q>D(Qw_)K9w&Sa1P=+kAd=9)#h<{O~1GZNCW9 z6$ZiyU-n7{{Rnj&qrNkbF~eD(PIy99)WohKM7`zOkb~vfo?H;OXXasR0C^d zXjpd=1J|7sVmh7K zDAG(*9^`8W08aP=F&i5Eq8pFwEmA*dHa)U7`+nA@9TYTb2`tN^J}E-(ZW0e9ESy{w zl9W)*U|3IES|b0)#6man#F5ivlb5cO`li~isVH;e-J@O!F5Qp6hMkyVbqE9+!_CD( z1HW+YyRpH|Tp%7Nnu3NRQb~xP1z}DREDi6&dxYO_a>a_gchRP`s?D_`atgHLeTiVdC*ObY zzH;qN?4ksjoS;Ujdu~dHyvLVjM&(GX0n8iHg*MxBEL?b=_tiznw#t~Auirhvs^B*j z)l8(}+>=I^0=_W=%ckn9SKoZQFSH=|(f(G?wf947D6Uot6tiU_m=5`unAZqt)0Nio ztrt9W9wr_p1RAV_@`O#?4sNyl&X4ak84ty;s^N1pKjacEv$q(&f!g4djeWapo~EW? z^1^<-8~Rqs!WEC#E#cu4yz63i7=$`be&E%blvlt(L#a|Im!L26LHLPk2hW0s;+{~= z$B~JsWai9@#MssoDe9Q@ubEzm5~X5}M1I z!d~(wBjj{NGrpL`G{{A^U3giPW?6r(&cdBt)5Mf3Q8iK9k>0im>lvm8Fi$)suvr-&|DfhnqQrhT*NQL}nK=u4d_99HDw+-STW zL3>kE$E4(nS0I=yMoT#S*s?g@oV^3iku(I17y7Q50e#R@!?RA(>X42~m)UEX?^vTX zsD5;m!=Dp@wfDm>85+Ka_Y6AQuA4XQA9IlUxAx>dhJ;abp8bB4P>t=$f|_%GX+EuS z0ssX!*#3Pr`!7#I3?wxwn5yyoYpIurfhA+kF-Z!@O z>9bl6^6*|R9@{EC_;~eiXZKj&mr@d!6;~0@xzjR#P5YIq3eMx3d)nv!5>AOBQHSuJ zg+^L_)?8Y;=+R+RlVQ_!vy7tK(WVh4%(Og(%Dsd&)Ziz|6*iaj#d8l zO(<%*74jr2zGt72Dy4Lu>z~@PKhDxWf1#q9@STH=&NlXmmvpVUO~$NG5|Ra`)~s!* zcL2dYhG!`KZfDgpDAz?m;54so%{nBQ0u(J?fG)7x%Da$CL22F)CYdM*1TWX2KqOy4 z`PKTtGx!RSR_TFy=n=_K_Q7$lG9EsRVh}6a;m)@q8A2`TAsaO<_Mm-FQ}7CHV48h7 zIL`F$9mw>oq4Nji90kD|6<`AkgUqftnl;qTYoSQQSqK8D0}(av3p@b3FdX!kVUVMb zE0CZ=8McD*Z!95Y7UXp2XhE!XZmXK%LR1LUx*VZ(;cHWnaLW z(B_76wSS>hv(>6i)zP2+)HsRJ8@vtxlCWQPeA70r5Rg*S`3lg=Ed}C^K3wtAo%eIz zfDi-QHh2HqfLg9)w@@z)(5nKflx`?oQ4SnCC2GeNMO_C3P;KCrU~ca6nr^t)*u;X) z^qFoyq`IivhK4^7TfA8sN>_p;M4fYXAQE@R_r(FQBnbnFL=Ss!m4mN+6(Al@Y@P!Q z;l=QaBAZEdUkxLv&)&ys7XTv8h)>`RCaiZ_!Elxu^2`Bli9zQ%fRkcVE6_nOUI*@V z9-VAHv^j4ecKIaGp*-1o{r;*P==&zY=e|Cue6Z!Rg^}e+*C6SC3qU?SX^$NJ;=Cm= zJBvL4^k<(Uo_j_=mCH7PCto;Zm!VBO*VIay7^%h`=){tNGR?^FzrlY;4k#CTd4-^P33cUNE zWbvm)1i4TWGoO}<(M7|Ag{R?l|CWS=Tk%)7{&ZBye; z53=)3A*V&LlyOwF5Oo;SNg{F>lz~~6xswaILu~$vVyT3}r2z@<79YuDgUoT&W^@p? z_!h7@Oq}qxfD~Q{p0(ouXv;V_H!P8P+O1(dB4xpT@oUPorR89*>&x{+Q^lF^Airgk zb=i;Veip-)&pk!nnRL(WqDLF{c8mruJZCp!@4na93#gh#0gLBqYbSAKn|{11J^N1Vpb2O@#&p=bYJ_`OD_jzyEXY+e)*Ly z9^Jl(ny4b=Kl$O>k`y|{>``^`)5C9%kz=n@U)R3zejW#jJe2y1jy3#=SDL0#s#*v8 zMg+KGA|UV39C;cYB1nw~P);cuC1(6j9H!m&)LNer&Bb8Cw{{l5t?g$gZuC%?MF2=Q z`%Xvhm{a^pQ|Y_b!BSuIiP6`HkESYX|N*6f}Bu<-l;&N^H$)T${Lh*WNj^Gi4sQ~ zz#w8)eg%m&LS5@Ils-U;0l;d_fV{62Sp3&%{os{OU}KH?0oQ>XvnKC{P)0TFs#Y`R z3t2y0-hrR94`;H+HqzA0ft?XY#+qORaYH{QJGf$*DFNDPu2Kl4utw$cg{)44sdHq0 zIT#CPTn-C|k*c;6PJrpU#7`A=Y&D|;vx{@+oSZ8q&XbxVN>`JBHIxU!w98%qytKn} z>Lc)Xpn0EA=?SO->;)|x-yxLTrd{A)N|iz%{hd~67Q{n`0iYu}lna;JWrBUNzF&NF zt?ca23`nDTu!gc0o(tJ4i-Qm#Xd>a6HJA+~vnl`uBMne-Z5siYR>TNhKr49*>p{_$ z?q2dIfWhPU2bt0Uoe=X3p*pElyF73+y>&xT2h7v;?}y)~;;bJAd+TMJs1y7^wv+<{ zIz;!4-e~dMwWb8v;?lizp?wn36xB79(HBK z1bZKf1|Ol%29{o5&rdYq5Q1V6XaUu)oqG=&;u`$s2TKfbR_d8$-rLBPV7c1lmH`>7 zE1J@gJMcV18|C&IU~Mo{&YypJ@~qG(8J5^D!Xw6et`8YSyQUaN_rsT+8$-KDD2Wxm z*9HOb>Iu^ag~wg)2#zS~*$=Sf3jX4B6cN>AS(eu%G}~Z1`K}R6@A=G8db-02B6Ff(9k`7AEgAPbm{($mQ{82M6;+g1^Okljrtj-%n6t4GTZ<7&b;0Jna$W z?-s0PkO3~EeArzq4>mE;vqzo)Klz?sxG8>1tNwX5IznnFb}Z`z0kP64=*A0@Q1TfG zl}Xtt*GcZBpql&Csriu2ra-8voqM)dnp2pzBMA*mn7VfW0MKJ6P9RtqVj~9Z5ykX{ zk_fbDeL;I_dk!Vft*C(vvpa_p*6hGnwo0LAQK7?m=GC=5RVbXm^1^+%-jGJZ*R9m_ zJ*V1&4&l#<7QxU1ifGP<!I~zLG#O?zG@fQqJ#>n7$RnryTnX zXp;pZ$qy(D=8R(XnF+hL%YjH24+S_ehH9p$#Wl;3+HQLSB9yurcVGXOwR*k zHhWZk!aWBK^A|77d=??I3UOnf2$~X3xSn1ks+~Qia5k^!q zN_(3iIQ^Ph;1{WVxKv9J$O^=5^k%I+RlU}BTZ!ORbi!VlgQY8)HiTw;hqlM$7KJN_ z5Uf;0D?$pbEW_0{*mk<(HB zB6!o*u2E5KybT=sqjvxIbsp3h-1j7jFNxmRz2-ip=FGXX-*mFQ)&b2^IHxixAzF!>Kc5Cq26h+YL1ImtLA7wd z#u3I6bk9(}K|`eokVO>LujUC5Z@}<)LY4RJY1w)trQAuzexO5hV|mQ|jaiWVu}N)`4J*-Ebytv8?LCcsfiuodzXuz1dUz zijO!5=cjVNjSNq@tLbp-i7$H#qsu(RASs`y)Ei}Q*V_zPhY!Qb6U92w$|zDe&{$?# z&A&>Tr9tHagL^eRy7_wF*Q@Kub*k~PqpItEPH<(CNrNIkrKK8B-SMVrO^9|}ZP$RA z&7Bl8&1ga?I-cmzl#8HFT5G=bV!1YYO151S_Slg$ z7jSc94)fb2bV*NUIj}R#M1F%(@lGamum9}IWMC{j2!U4!*P5}zNh(duGT%zM;3RtG z2`;PM!Lz2Ffv;E2-qRjybwFKRqoQ2t(<=LtNMMha=3J*aXd~Tr(lHBq`OAXmzqS!z zz|=e{!rohbPU^f=V((%<9tT|I31%C~;>h!ktX(y0D^Z@GDT8!OojhfeZk}l(Th=G` zz^m~slf-B!Kv!f41K%q;tY>MaExP$C2umufX-Rh}%h;qO+dQsBLBb`yB)dsYE#xN} z{j3wWp*kLOk~kcw%^By35)dlX-+5KL?n&3A zSwBS-SdA)Z68->{WheGxi6T9hQ-^8Rs92FC&^O&`Ugc-ukDOq%<*_kRHKTU!0jtzA z;l1!L%@Sohz0#m3?8(H;o!D2 zOpUhQJttMN0Y$n!P+2#!kDFwS@9OKgCF%F$2>b6)C`~KJu=zS!s+qQp%y+sThK-Ej z6Ekqzq5$=e=uaxusk$POjEH_F1g=8-d%l7|kG8AT+g$PR28mupJ~Qnl>bRw|<uhyCVF5$dF}hc{KJ^N7#9w31jrSVd@!1K3(D<#2(nt-P<@H4Cp4EIC zS5u3P_-`mBfku_&E=8{SgQU<)qk#>_-8XpeI%2E*#7{eNB`QVc^zqzh z11=^s2Wjhc>KF+9Un%v+PJmx`dx z3>)IjbRKSXn4#kFKQ#`*<6M(LHdALzL?7-}U7VsThbblCT7EviR0H~i*c4T< zn5N6muImH!5~I`eKebCbumS8q5=9BUVBBufm~PYVw<6WST-vCZGliT&&y3R6T8WEs zWS<8eX?0)=Jm%b8<^bGRM+><58!0}}X zf*HLqzC`R!(SGVmNtRES&W2w0+ek6!?Wf#&Dq{IPftiAG@D+o<6)UzJh@LH?lFJ@a zS&sW{w7y{sIRXv-m04yH?_@8`L_^W29LE@Y204}@b()fKj7-v23-1#7GTQMv$c?q+^_8AMwLRY zd_il1MrEq_U>^>HseMKZr8B)>-up@ZfElQW(xZ_2&zL#yk~oZHJub+d+&|S6<+?sU z2Hb|e!w+}9KNc$~J?tenGP(unnVe_M1O&|D_Rtc_uJ7+}w+z)}x_o%Fy%KyC-K9(* z2IfF1Dwph{^G~QIV-R+HVKrKIa7j^pzjp@roEsyr2X~!B8eM8gSUB?60d(1SJ%5;xu9 zBZxee%vikVs?*WUY9F(!G=ewljEm7`Z(w|S>ATOiSwQ(cua5IZ>?ra|dc)fl4Y%gf z81SZBMamJnYl#cMKh>2ifpVGSr`Dwp;NCX`2zD*erCq+Gkgy4BH}a>jNq()JM(oG8 zU(%-H0e=K{y%X{Y_#v(GrrKW1>Ln;z zZ;-4CbCVbUVGS5bfE8V6@;dEl&zAJ-j-&)ott-U8hOK>xBs(itv~w&v!J~Dw2)+YD zC*KQ}3f};Wy`w4!t>wriiei2YhN5d3N~f}7co73&$Uws>;s&Mh`hCtV(}>)#%NN`N zIyrjo6qbYdY|?_O1eyfg%7w{iw%}Z_1RAsOb)1f+e`zJXh(Re)uw4cZhRa|q=;$D` zI7GKkFgXcbp)wx+g=EMMq!F=LijOqgp1+oYvP6pi1T-z1oADiBat9!B*mx)&Kf#{^0=_Pfn%!XU@6_1~r93yvL|r{%#J9qrrSj`u^DB zi6`^@lz%wte?1N+QoC70izcn<ylP2F&-NUgql`S z1h6Q~z^*Qv|0S?02_JJQsg>gq)AXPSd5Q5-TG6ett&i--TXTPW-_3Oh;K^9$S#>P= z{+~-jj~hs%jDw%1|D}_{rN@Q=4U9P<9sf}4B-LN~ay9Pffv<^~D*q3;P-j6{(<6oL z5!*cAkDdoC+SWP%8G;t_S?haz`PnMq@`OQDDkvFf`coXm-!1NM(!XIo1VvkuB)|h|;NQulls5D-gmeS8I z2U$S_8z2cR0svz5Mm$5j>ok{~#^-mz9ERrLs$*VQD>TUiHXRK+Y%Gi$5k@|+8ea(D zi-72xT?TURY_k{W0w4n-&)%pUuOmPrfkElGv+J(Z z`r+$)HKe-j>{kP}jFtSQft)H7oYQkzU@#5EnN5PYl-NDLkqT>yDGLb~R>UcneQ@rc zjLbr!7pNzUvSZ$WvU->%^kYUN+>W*497zcJ909*uP(R`ZFhuHfwH$Ag2ATKs4?X?C73>b4oEBG1C;^oKx&k*Av}slTIYlm@)|q)GkY1TO)t zUw=e3v=CD2MY;CMES6OO&!=z*y$~jESAiy+r-Z;|TZ7hOlf8xW#*&AmLy2a%8Q=q6 zR{@|?q8xTGhqZ>>u>e5jP0K+?5e7Re)C!rgM5So(Mx3w)j+7)9<+qGznUN}`z`8|+ zbPSooc4#mQ^mMTamT)U>#Z$oVuL5X?!Xe0(6-2aK1JkJJErg|YN=J{Ee`g$I={F2T zW~%_U%2dafb143t%E(ohf*48C^Q@j|X<(D*m-PmiudNbOzSRfJ{3nSBzv8YafK^?4 zQnkDfa;!#kix%@G{XDP;=*a5# zoPLc|Mm~D)Zq-+3ES!3EtIGAjJg_MENxGQKO>cBkFpIzF0%wNSEs!~_!nMoh67RoQl$r5+-b_IGfg*<_v-*1O!i)Fr& zuT35`%~7V|4fJGhd?~0*5rm`|hJ(}(ykitu54B$aa;x(k0B||9;2W3`TRI*sk{zVg)z2w5MekdUV?Dv4Ur1jcv(`l_)dS?&hU@e~)u~n64kibj z5aP%R+=&8&UQ7h;(e*OyG2x*Q(EyhMUr?tDK@@h+@oXfGlUMZVS{S4zab=iszBS$; zvObLd+`vIDaCN#Y?ndqAJ@VedY}n zPwgmZ)+mVl?!^3{TxkW+vt&7$zq6u!9KzyzD9r_|uqD89Dq{d$kUQ<*SZkaEa|S<) z&IbTq_N7yZ+xR!hw1q0sEIGl97b6YX3+J9o)c7OzuN=ukopC|3MZCfxAEJx z8S#XrPd;F~c_yphOTC9l#-Wv9yQBkGXhczTI~9mt0<%j68uBk+lkHFIkg}KZ+}C(O!Xr!W2+<4Ey?8Sl0<1~R2edIgJu)bKDiP|RO_0_qNEDSpe}Iw` zT$h!VTsUh21M|l<>Zzhiu;+KWhw?C@ghM%ZLZ{XN{t@?s$syrt$)!Cz)lQFtRah?S>kx<0U|wM6Y*4#EQy`KW*7Kek$Lu0n73{ zJ7S50tANe27UlpazL8sLoANFCp$25GM|;1Ya*x1RAmA;yN5Agb={Y;h>w?EK>dCN` zASE*6(tvfV_3~}L8+6lGQ5X2adVT`4|MThFfTZl9J1KG}vJ&ZR8^mFGjSV^c0(>5_ zALh3|a9mOetpz4QujD&E^Cq&WPgFlRCLk(?S4{;7D2_tSqjG>>$}zAj>9Fz|rqpsy zVRn}wm!ppGXGo#v7xK(1x8C6-#CUL(>llPB+n!+T#a8}AUpxVbmB!CPK9@7#{XZ7~~E=9r33y zsD+p%6RYq#(G<4Eq$1qT1qt|tBKRVoD_?2<2VGFxdH+c}v<$GF_pov0?_p>~=HL87 z6jT?s-p~xAia^?{XoQXsh_NE75~HZSd9L`4a&wY?fbt$^$<_>VfIAO7No5esYeGf3 z8FpLFcHkJvZ5tX)BX6L8b^uZL`4)Pw*D~BFn#Gu!h{@m8Kxo-N)j;-TqZ0J)v4F(D z*)GGlnCxk?!0B$;{lORUaYXYQl?x9Eqji^mdm$?e7D8gL3w6D9$t0 zeIut2AgU+t_6+RxQ@D4li!%8PvwrQkfo#?TuL~E$`Krl=#*R!Xj4rp`@TS(V;b@0p zz2QF~q4}`3N`VZ^Yks9dIvk&XrqNwJd~as`ggHSHha06P0nrs#I6Gj;*e=zZ^f|zvuzL<3=>m5*(wn3PB7}dCHgVIldb}pD=MZ3)5!%lWdRunmb zpjn8+8A%3IB-r`nKj#Y};tj5483{-7CGK#kb@P`tfxF+Uo|rF@U1+RjVjZs0;Lc{J zY2~I$%j~u4xH?XzR^EXjpn>i#T4@&!;M94|EJ8Q%9l2oBYlU&-HOskJcw`ep<4s~s zxyZ*9$gLe*EgmjT<)1`JF{$UQIP^MjS}>TIKp(UvYF9)?XH)jOXl9X#HZKvMDKY(k zL6zfHelvUj!eSu=5n8dr-f6f*v``~14O@ADMy`dM>W^?ARY8u z?!@R;O3sGvWxqRkc+@s3Lc1(MIIu2+(AU)NoL)|={#+6v66pzLc>MQ%5ll25W}e`m zkY4 zS-|nWFCjtX@egkxR=`^01;azF!cXiBC(@{H?U#}cfP&u(YDw9lu9cWU#PUkESZ%Wc!KTvLLojXvjd2M@n6Dvx*IQ-(uFK`f_vW-H)cE9$Pc3kimtq ziA#`eRCVPi)1dbXP*ZMqp-*?#&Kn2%=r=5GA08}U{^W3#&(^77*7A$XN7Ga95w*G> zT=5D(>tM4xf92BTV}<4VVN%S@=f+2c5U_jNVvhA@kXuw+xh&a#SX$7ZTu_pD`6IGtedssflC3jp|uvIBA3fk!JT+L? zeNBh$R>q;*WgkPu;m0P=EM68fGh~0nH~ORp$lPl)>7;_*a<)HfYbU%L>+dn>j8)$> zd{+{s$$L6;yK=?voc70n4x=B>hFx5r2rqsxw=L7v6*yFUf8e*iAk>P$EQT z%-aW)G;69MGn7l2TGb^ANp;5oxbtQqEKWdWVB_Zv7Tw)Tltn*&er7rsy3QPM*u@#g zx(|4y+7%@Z&GH-N_tglEB~Pb`TveEJ5E9_0h>Q%%oPDy|V=5E*fFuvMeCde3c7(3Z z)Z&NpkqEAuSwm)7!H4Y!U`{t)IbobE@K*0tGB|y=OX{mWPe2|2!Q-=cEJo~2luFp> zYDcS=7Au|hgg?7YCclr3aT`jNT=seInYC#tRbJ`(@xx9-(<57Z@A`Vd2&ZnaKLwK1 zdl%G$2~w=&#}Dg{A@YZ#!*Onz<=c6l{o7#<8ReBMUID_sKY%2W&Bf-!?ijsZDW*8_ zqt9q{T)?|G3!cj_n%owb&lcA=Jtj_ecK=W#dDiv$vT4J`|GfVm5o2=fAnNyJsv;Xi z&kb?=VW)#i$SH^TfL7XE_Bt~GOW_kO8+M8@xCu=e>T zrdZ2GrW9lnp57CvSOeIZ@cUxjiCu~B_njuy%~zQ->#s|?cUN6E;1%#bZ z*3z7(VcZMyg=qyxHq z|NGPG$_cOU9C$o0CuEiT^A-QoyD}uy`5~ENGW~yF{9ivC#?N%}c#qVfgBxUYKl1!f zul?tdLX&a-`UU^#Qx}uM_;qK7q>uM-6|IirofQ24f9Fs|%g|5a!hb(^;QZc=PZT@G zSq6`6Ho`*|l{7H(9_!&s8m}3TvwS#|tV-|34;Wd-&>ZXG9EI1&|LF|<%PLjWSV_Z4 z;K?zUG2Gw`(Z4**KYiMC0ggiP|1IDDE#Kevng1={-}agR?Y_UZC2$A*-|h=G(*Nzg zzuh?gS3LZ>tNyQe_^l}XU-9r;mG_rwU(C@7n%WV?oZ7766X2hw+68pEidFFc17}$% AlK=n! literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/trad-inner-dev-loop.png b/versioned_docs/version-2.21/images/trad-inner-dev-loop.png new file mode 100644 index 0000000000000000000000000000000000000000..618b674f8851a5fd2621bb6e1bd65a69cc765d17 GIT binary patch literal 21915 zcmeGEi93|vA3u)Y)=)~8$`UEY(p2_+DGI|_qOl~5?Agh_7YX5&5h5g0H1;L3Pu37Z zw#Je@`@RqJJJb8~xxUx$y1swH*L8K}KKD8IIp=xKc`lFV%34*Rbh`V#X@Qf7glowuiE;(x}$M1@~U%-;qa%oRFv4*+a?+sp`b9-G2g`rXR0!9knBT zyVr@6a>0Qa5{;6Qob4=YOrVcqJ(Ek!&t3{rSEXEA_g&5o;4EGi5a9jQuEMq^2HuOn z9#~puY0$CsMaLe|-Sw~1e0~3oM%^_F8xQ3$P1aAjIusBT%6MK_tuf(E`NNs1vy-Z~ z%s9l2nOVArMz!J&)yqP-B$_-@PCO%~l`M4WBx!qCGH!))O;+_kNjY)nxN$0#xWxxGU@DX8^a#lpqB4lhua>Bw0w1` zL2?fl`rcAu4i7(E;m^}}t2Dl#&)w+@>ikg>SlM7sTVUgR9vwO7CL8NEqck3G`I7nY zV_+^SsxL%Y1#d%t4%8gI|KMI<;raj05v3I&N*?urHBcx@lHQ7?FZz z%2*a?V-Ze}d(JPfqzYcb52$@SB%?C;ejJT(>?$1SozK{QkPcpmpT@lWM(yqU=+gPs zS#hbXRO{lJ*mn5ogw=}vj9-F-f)o%wfuZY0|3rBuEx~@5bYNVgh}F90GDHgSG5%}k zs4p2+&o`P~Y;C79fT#>1=z0%RK%uh-6esOhu6+KzkVR4@s*-jM(2XCIr*Gjxnw0Zl zB{MG~Paf$M$~n;MfTeL4NHAqdWtoecqjHHC60y9KxhAlXgjcLX7|)T;=AZ;Vev48P zfS`3cO#5TwgdJzPh7m5Jr?PC9x3}+iN0t<~p`P95_syl8Nn4(#bxk@X&!cI@AeSZ| zey(w_g*84h-cq+jw780%`i6*|XpH0*oIG{t7tEQeD0Tf#rld$!r)QZVOE=;ULQAi) zBQUASBmESePB1uxrJjxory(e$s^I2A%Nzc!jJ(Iseiv+UcK-b1wp`*+HX;{>IBW{G z%b2&VQ|e*MR6Rx*uk`FHo)YMqbh-cBbGJb?M~w>#jlD=RbZ1KW(fdfm`2r!M?+9xu zX`(Ig6&1gveH!^mA(*MwH)kkNOi0kuKxwJz54P;@A3nyOGW?9sHAV>E8X&uc(+)>?PAbc4zMFZSZKzYU=%J&6iZ>3GuUL$JJR?75mg8|M{p*h!_*cOPpAu=V zs$*PwBCbXtRQ#RmYQpcpi!RP;u~PFpCDLno*`C#zBJu2>r2rq8!cWa|9cwK<$Zb{* zZ|k&bZA?lK{tuyTF+F=1#Xr-#w8hykDY}nLgj1ZBmwh`^@)`FGqZfwS3ph{OdxQdq zmvgO<4dz9ejB71unU#5inU2QK%(@Y};4iD_dJGh%mX7A7+b@o9uw^j42rbAr(jnDl z`p{G6kL_Uafh7_DfEN;COcL0Zj#5dAJ5LSTguD-CCS5Vhagx745;6aR z%_)95SJBgMtU8?FwTq#|JW@3d`~F*dTQh0G{x8E;aORVn{ZT4zL75QrUPN>Sbv!3Z z{Aos{s40%oE^-p%B)#W0%3^IwXK+Z9haVzr6@kbNYU#aUm5=JAH62)lXp3{iG@-v3EAMVP zNt~AFH$AOf5@;ovSUZt4fmbB%DOJ{(l&9%@RXqDGjh|Nv$a4H#??LcYmUvss1#R(( zY-^@h*gI;4n(s~erm=ebVvFkfrHZyDXnp40GfBtTAT5`oJ6?_Yx_>fQpM4?BN~@h( zT?sI%MhcwVtlz#&4TWx>`fI8CdKGTjzGBsx<{1ZTV5!J;noHi{Yx!?>oj};~w%h;K zuulv&s1Dc6(`;Ooro8E!LRwWHcy7~W84JwWOh~BGrF<(M!zbmZj<2bdbqQgHnI4@H zMn%Wx^_tFjOGj>(WLYZ&)E6rV5dcF)(Way!zBu_dIs zG0DfE!5-g=ct86RYN~R`%~eH&xx$fWIgo|J@?697x@yMyCZAt|Kvj=ol8@STBM_

fkzXIv zE6|U^`_db@yb3Js1>&(IpKhO7+lz1C%{{KVAugC~yr7^i*Mu<@&mot6`D;|HX6D`%g+GuHA6$0{@Fig45S~VUt$MF z{RV4O!d$S2(}PgC7o8qTUJ)=bTMn&jua<%YN9gB=b0|~pnbmy!rS!!yz zepo9tk0{r;!?Vg?&=!1ISxJ{;A!S#}eW4vq_(Rl@shf)qsR(UjIZS?J5wdtU3$fNf zI_l4QZBm;V5=@X$4w;aX4^ZBnShfiEE8}$Gu`sV?G~;)vEvo# zo-VO^PI5eNi{0$U5gl}W(mQRa4vS*HyUdtmXifOGdq^5Td#6(jrQ7^XSLTp(lB=u{ z`F=)9WcWW}j0C*hmD8!}V)4(PSWm7<*iyxcTS{mv=5NBa(edi|C}NtltM^vV&g#>* zlo$#0CC<#DqBXG&^I%tt=ANHfMH3 zRCqMKaxiyRe31rLsqW}*bwh+A^y7tR5#`lbMJbAIBd2g&f?>*jPS)Mpdrkz6q?pzx z1tIU5k{}gK%PE*;d%K&*VZ}!0t+lj;=K3RJ%s|^2WaCnN8~@SK*49Md&zZ5c7&@eR zLog|%$ul;tvMmA)8=bcoofZNe*<{Qpy{!o3Uw*=jLq=<9rUta%aoNK#IypU5FMO6$ zk`bh!*_aU5L$%JNat`BlT6^j?HeXrYvNW|eU~e@B^;Ym=67k3OzRa(eq!S`>?4F@} z=}SBo_lys&8=X84w^g8lLB-|4uTg0)1G07uC|<-;qs=99@m6heKrzBr5~@G z@M}Fv|8IP}pjy#Kd!edqOV@uj!Be0=Y4c30lkpoCi?w?Lg$iCOLYDM+;>}y~U0w{@ zpJ-tHtK#{Z^r(xoiqeh8Wdw_cVCBIhtFNlv>$_74nbj<_Ow`*wo}!O_i`TmT6)(-j z^En2a{&f)B(|_w9*1qj#HLOsvBODyk-4n9(;KoH9XUePYBh!FEbE$iLRB;+p4PW2^PMfrm@KSA*8|LC_Tv3(zwU(U4QulY>D0O=pLsK?bfZ~_ z7ACIXQ?$H;oz%2ZP6n1Ua^fsi#K}rSQUAQUF(sWgw~~mEPHBw%d^3hLbyKQ|CnZQw_c;ttFa5Z>f)v5n*_FIM1MHp4#;1qr8xW9C5e8ef2j{ zj~7l64m-z_a^^atip_1WE1M}{2vG?-mLt{InYzf@D)!jhi`@Ww#pI0B;c;Che+3mG+U(5)p{pK7jfL*Sh(zAZOb`8qc zK_{S$f6*zV0&VYrYDJWD+04ylwEX-41mDWC@_3-FnV?m1Cxc%^C_}#RtI!LL1;?Vm zafDXFs($-5IK^=OPd?>4XTRay{E&}qMBe>KilmMQ>)QBk(l5GZxjE>zZKi!ZN9~;O z<<#jR_lh@{!Qp6>VZ{l1>;VCO6MMIudNcZt?)Lc3RCJsJm?KuGK7;5>G~6^l%R$Q% zZ&WeUO$hkAcOEk27g<2jK>g3+2*Et!I*Fe1LiA5OvRV=eok?GRF(Ny-kF4rnI~Osf zNX#?RP0gF_pzr)!{F@@5&EjH7rPq@_q`&oTz_Sb8G;*CF*PD@c4W?{KvzWGO1KASNSFiN z=#ho!irT`_!W`_M>h;<2zb$v{sip>M5fmPovi6bf@0RZb5p{hJExJYX`@NY8vU9UN8j=X_*+C{c#HzIXJb+7dr?hExND;g zI%qLxX)M?$?iaHx?KfAS?w@2jqw0DnS)lKY5l?FfepDET$rd?USk=+FqK~Endwl-m zZ(I&jSM~Vd6oXeK4yNO~SH&z`)A4+D77pj4ZA=o%azAoyV3ix5^6{jy`gFgwNt*<* zL5{Rx7Y%3K$oSHsmdDiI*C&Bf{Ic#7iJLcKJ16E<{+1X2ISm=QURA(xL3Xlvqa)?dk{6Og+6%X zOOJ`A*rb1}u=d<5Cemo41YM}O6{JamR+MG((lV@mN?xFbvJxyzg;YOOQljof!$6;m6p{G92J z6qH!F>1Z!@Lxf%Ge5~p-p9pSPcE>Zl4JM<9#KR@m$QIbA7zSiCX8W<~?s^6R$yK_=8sEbi~ zy&nWO%=vMoM2YW+YKnaPRj=YY(l}L=?(%Me;bg^c%mRuLdA8wl?Hr-)#nPomTEE&p z=0D@R-1hdc7H(;rfW%2q8na1D^AOza`xc%i75aH`8K0><$L-=Sudq45+SKu4>O!Rz zg^Dya;|QPh1oX55ZyhM`Zm+;s%m)h|6)~(vcK{BB6qDcI_AHt?uaZzM~uZshJmEjq&F1kfsfuU>xGI z=)~f&U*Q5lJf=Q=JQV2JW{Nw;=HlK*TiE;6*O4cGBaXU6&RbOB`NFv)%)&a_viKwp z-DO@h{j_}H?vGSH>q8ZtHo|>S0WDpj<^wLKoQb`M=a%1sFsUOc<$<%iyk*{qcgu9O zLsL%`C8l)gy18nW@YVKH3eV9W9qr>=rQj+oQ+q0#gK@&p&Wv#lbCsAPR%4<8Z}M z!Ul#@r=le!s)I7qu0LR-(o;8%X2EHxy@6%wCM_H`GABk~Htf@k)#Deb(rqoi`dH#~ zm$ybcj!CU&o6q<>Nd$IG`&U0C zSX(&Nm$iH_acnOAU%R>IsLU6cPa8)YOGRsEg(-_{rIdPyD?3|-0?amyQHmiOwb?`F zW_Jt}_SQw47E|05G2`=_^IUcDlXWTcKuN!0mUc;(B)(U>@+G7){UtXqd_m2!{j(2~ z@$^q@as-TYI7F%y6NVsGf%eKeO>-Q~IM?^!r?3RF3)P)({QP0435Y8=HoTj_x}AFk zuxi=+uJIYdm==?di_C;mRB3-fU{NkiV59<|&y+Cc=X}#kI2t)^TcpLU#OmFAJ_+KS z1y!n-<>vt|l)^%+o52s3oaXK?w*)%Ksy3!acx8sFSOav?`PK6*s1vH0TFcGJhGt>& z>F%Yz0Ai+;%kGfc$$oYj=i0k$dN>Gr-;c+$Kt z?l9>c$NA91=wl=Z1Vn%^i>H9;De};A=ZIPnrLcYKH6R;(`1Yx@B#4r(!_A^GqlU?U zO({hx)6(LdwE(`4W*khSdp5$o~7p<7h4SS9JI>wn~l)iJZ}qks}w9eR_Jj zbHV1){=s}@EQpRK9&Inl$OjN)u|f&NgKL{qtiOclH+0-@lg*R_`TbtQK0 zJkAsl4=Og={ItK9(q@Mf1tUh z4;SStq`6@Xl-Sd*y|VnjGuWM(ou$3HNsr9RHYG(6$^Uh`J_pbcv zwbQp#ZT9@OY=2(Fa$eTrNg2)A+VZ(*LKEZ43gH#~N|GgRv{3jOCnu-d)=Jo6+OC?% z8C2d`G^4`kmFO>rF&}<-m)X!Dqf9Em+&pqJ%2L~qF2<8uKYOfVl%I# z?0PKWP^Dc9w_~BY289MB-)vcU2nMq5;-XZcj)G;zNqcd~h4Yn4%594Uh%I=%{UV-0jdxNy7^J(5o0gJXwE zl=oos7vBJ5ZcIZ32s^EfEyd*a1aEUFtgW%MzL#H7f}kI~m8^ER9KgnoOqL2=aq*xU z?(IuBl&^=2iTE8K9+Pg2b4POYyWFBxETe|;!r2>weq~zg8w@$wWepYOC9i_4MYc+| zk+MC7!Uv`VrzcdyGLL-o@!0&**_)L;gH704p=EejRJsQQUAUWV6gpe>nGsC`n=X=F z{&P(P>`Us%qxLAZBB+z!8A?OF-EP!R*Y+Kw#MGRECCvb!Je2(Ix(gH#bbMfKV7{kN zQ%8rKV!-$~PjEw_^3j#&T~_(k)u_>aSVnZfeX8LC(7e~XI{u4RwiZfCkM_=l>n;LiEs`FYXdLw zO`Fut75glH5TCSyR9G}L&G$z$D~F)IQ$x2ItDM6#1sJbU7LRTc&J_8)K^U7S>`dn} zD0KHseChvbJ+%Q4iHFBkjmK*7M=MWXSLTGZuSl}-q#6EtV7^8M5!B;vx&FmXUI*J@ z2B)=~a2kA!C{@%k<87kTQ={yh@4*JwzD5a&mQe8nX!JM>WRDWVyB%H4GAz*r8BnoE9|L1VaHq;_LLyD2tV( zoZCQ#=BqUMg;rJv*77dUfoc(p%nec0##A^YNHxT%Xn2^KZ7Mi`b=i5}0hI0B_VgCk z-PEi!^C?h_hk7|NIN<4pDC`Iy759Xga!)L7+v0(4W5d$31!qD zeLM`tcU!Z}D74EPY{mg1uuE3~&S%zTP9c>xR|G+NdiJ}&C9Xng3yX^eMq5T8YjUsC zT_S*H7!7pYG+d;rdXbAA*ea>PcmS=GbL9ZFB4zZOI8X{?E<=>6`f3)p^-r!{-kw_} z>A(v(*&_v$*I-ztOKo$eqPp3G3pzX@mU&A2zVSZ^pr>mAu4jVY1X)fXQEaD&zk~f% ze^u6V2%hzxB-mOtp->Mr#Ck-2wj(kvOsoSKz6Rwl?X zhnoI-E`hgEpqV>?4j7h+7;`5-y|R%72A->C8WPd2hTAcvjE)AnaDw>^j!#x1mb_(k zu8n{ZBt|9A5|1WGM-k-C3NEh-)Jcf+em@tg8FDfr+d+xR%ZsC(1SY(QCsQDnZ~{^Z zoi8E17P1he)c%@y)Nt9|k`=iMA<26H1NH#Zd$NTe)E{OOShScrWdXses~6w>HopXg zei?M)Gwt=@`Zxd~*;Eql^I&wn4XGgXaWjE_kCgAn1APgfm2t5DU?Ky7-L_7cY4mP{ zek>jyZbhs_P(a3}mYkLZdMc6Ygwr6MQ$dCrDp+XI++f8DdUqRnj+FuOzH{C`=`Mj@ zI+hM9dwH0$y*R2Y5wpV6#_J>sQmpWTN2G)hzF=P(Gz>K3yY{{0|8fD&c^#!Rvk7?* z0!e%Zl2AO>f>MUyAPOr|HYevJ@qIBz$+e@p!O~ZuA2=5t%*k=;$gz{^83?Z*04(Ls zEs8&dACzDp?`Uw~o`PH!0D~)v!Q%Q|4o)j~p~9$5MH)da5p(%uH*j&ZGNggeU!wP2Q8E%X4Cz6n8ED{b?LYftw5o$f*} z*^c6@*{-%QBwRUb49xGui*?|><``wS1=ot;fPm_l67DiuoO?wF*#N+ynK(jV$fm!(e}d7%F0SnT8#e*@aV?e zy0=F!PI5@CDAG-v2J!@o`8ly^Tb}0aXiIuc388Jk$%~T+{1~^gGFFhI+n}@AW@Lpz z$je()M(>&4wP$`7c2X4(;ptOZ;hpI;c(gvSvA-WYuugBoo+ud+>;KM)ofk~Hm3(@n zL>%}uKiZYo)Ex04(QCf>&DNDJXl9jH3HX`r29wpyc{K5$LFeRfC_VOY^roQJn?Ma`2DPUB|FZ*G3wbEta&`v!K$r0liRJw}TV>8mje=cVLD*vCTrRr?-G zYNnUaO?DPfF5B+hWRHD|2bSWG`3Ud)D$YM8QBo=BaNER=#Xsf8hv8-~RAY8q5DzuT zVnBNxXJz-~K0E*Ty)WVPmh+TQ$Pr=aRK%8!boZ^?CYu zo_Et%mu~30BD#%YH}vd(*;yO=ZF-4w@nd$qiC-V94*7AsxnSOdCaSzg30Pk;pZ|L> zg-hB#bZztZ?e?GMTD^E!8Q#;JKeY2R3^CvvUlGq8bTcPt5Z5aH?)r+I=WCvr5v9sr z-%pvxBCVK0fxrvXJ->1zb*dwF+W#K2&4KiOD;W#^&1>gJiFq9Q-&jaMfQZnIu}{)z z- zEV7e%eS$Lx>gqY06L|BJSwA{I89+XlC7)geLBDSpur{$tomwp3<$z`7T(*g5=XBWMQX3l!e!eAYNLQ z{^!w0Ke$qsmzP&RDI%2;YX@WU8`{?|?I?YgZ!fyk=Cb<`*ZMJE{oVj|$bN8Okch%i zS?TPR23`O7rs<|k^)-}zu6%IDrlUU*1PsgzUR>Cs&!)F#ayfeLU}ict;76;8(uUlM zb|Wbl+B`M?40j!-1|EEz1=gil)JdpTF08%W7GwF?_{;@0%vb}DcG~wB6Yr9BFKo@{ z*J$aC(FctzrB`U_q$7gU|I2+W|2Kgle1raEA6v8i=uI7}Q7i$sSE93CN*#uf4ma;t zwwvZv^+P9+6q15`8aK=Ll^niw|5`I@ull`1i7Apxt9Aylo|A$pLlF|)mwsGTW@b;z zvJ~UMGE&;^axmk0K!qviu${6F=$i>rFcwPtqkQ~Wftr0O`~FhUY3%@2i?_XTvR=aW z-0~tq6YQVI?d$^;<^wX@GK-wrk%;2Hyz?nf^C&fd6Uah|shhcS8ritpsAeq-fJ_P% zF4kXTH*$P0^WJ_tC~xgWiRq(vYuQXGUHZ|m3IJ#XO3O!IBf+JOkdZV03M7I)d>j{D zn+NXPFcU9d)fn%*U!TZT5CK0}!5T=52rcpJbGzjO;(&MerhC!X?&+g5NEJ!Mv6&e) zjOAI$^brH{Q;;t3`6Ty%uM=CrT5;4AO$*f9bIphjSjjAA2}mDjm@*1L#I>A~ub@W@ zHQyo?gWmFzLi|iH6=vM5AqO~_sq(IQ&yjiTSBfZk_YCHJ|qd9=loA@B4C12(0#MSi5;&H(A-Hh9OMuHTw4V zEezf7b@F!7f5ff!gC`}?=mB!P{!2GsgLS)Bky9IHbL?rfJk<@D$mg287(CVmU257l z>a+VEB$FWM)hXB!LVyujt!5=jg^7MYU7_-L_|Z1WQM)Ftw4J!_>n*YJ$cG-;L6u^c zUZbHy`?3O{2M#^&4A#e*sLL?ul?WLA!F;`C?^sf%NO~ zF`V3*n_a5i*rq%Cgr@gvEf3*BA*Z82G0V1hE?w{Q_O5Ue ztNV+$K6EVLOiA2HV0X2zUInVy&RM@{=<%BhAeB%cC?YCrJc-9XwtMr4rYYIt zEbh{iWe$UfReJfv{o-M~waCHRAfwNs4z}zk)|^ga{LgMMC8oW|OQzn+YN#N@Y<8%k zJFFd^h1iF)UQeQioy+cDP^hXp7_P2A33T^6SRgz3#kFDW((Nu6Qo>gvV!uyCM41fV zlv0|?xPqEg-w@?(&K2EI6x3;+ZhH|jSQjVqnP=S2NjiCYop2!X?N!gtY_dgWBF(Lq zq5JQ0&ZhOc+B4QfS#q`@y^z*n?r_NL#3hcnxxV_=ZrO>vYOgu zCo_u>&BpW3SU_ln?>pS^>w8IwvAR~u-5Bm>XJ=RG^jK!Cs&TO8+yO_U=lIap3s0q1 zM;yn5<^I!3$Eb;%d$nszS6rC!vN%_ zwbo+Z2WosePw_{|%q(c}6AD&QN_ItC!VsSSJoZrmaz(NiQpJeOAP3F(plTpp9V$#l zFVGa$_)HYi3thD1cI>Vt1j@T z&w;JG@YHD!xWpdJDbV_VU~IsQT977yQ!V@Ni{#yAsKS*Z!5P(O53Rld8z%G((>H~)9@LdIy92+Up3&+_-g$78rc(#Aiuc!@5M0x zsnAI4WU`M6`XO$mHJ>YlMz8;y?j1BGUKNZCIF{h3De(P2g#en<$=PZq@2NxpJhp)^ zb9Z!gwRvAi`JV*9kpE!|_@MvW{)eNZ<5K(X?yliLNq13Dzxge=KI=c%9nx9?3-E&y zvu<}y#f(6(2=P7KUb5cY$S*6~@>+5YIXXnAn+K4-c*PVA2v9CoRUiJ+rot5dAHk;> z)#3Sko&v`_eay>ug_0#D^Pia3r_DW>XkhAU;nj0=NZPjD-LfWB2>HFmV8hJZoF~B^ z48NSri!H_TZHtRu{e|LA2^<(1Kfzr-k(HG=z?F0qnV~7SSpJD1HP-q%15ziJ&g%^g z%$=$9%aB}8A&;F4va$u^f0vwMdQ`Qv0c-zS^1P23GGV*K4t%kMT!E%1Zk#NPc zcQb&~-MhcDEYbNqqR4dXK`mTPWMn*e7iYefY?qE(w`&#EQpweq7FmezzZdJ+fAsP< zhd+-BG@kbUuXFuSv4geT1Ud7K4uxYfg3f~!XO3Ztw z&l)99KEUr@l6uV;Btxqx0aLPTFMU^{2ZL)>IkNn&p@lU?|JP^xbww}MppL57_vd{n zTg&_g;$~j|WL5o>Ax2r4#6r4*r)U zni7bmpMF+iUA{1}M%c*Qk3ck$PslHFR=5;DlR3d>0hqMcM1&kWI3n3?VvRdf6ECb) zmTjSOn5tPbrq|Rlg;s;JGN&1k{?k^KH7L6un{1LcSsg}JT0R|ZA0+}me@VMPvXnWf zccBkIqk18Q3`Z=Hq(LMag!V|Kfpw`p?rW-}hV=_0J8)N2Qtm4phJ=VZ=vy$0As0Nw zjxJP@Eo~BYOP215Ux%=*8ik&pIPm7W#7_XE%BJNBFGAx$ieLpUBFaIIZ!ZS4_d26X zlT)_cZUGOF8#Zt(`e`jmoZtGdO^<>8YtbS7gc@p?SDs3rs6*1Ljg6VT_knirOP{=X zjQVayiNVcB4DamZfFRwtl?K9VQp397BJ`6{=Pi4IbAh^tu=)N75HsYg^w|(4(KZ>g zGJ7l_L01yk5Qf+|W=>g$$eRke+(8TBHywj9%eG+%;|#02#!u1ugEQrq3=^ecLAwTY zjIhffn%dX@@3BmAnfMuY&7_Y%Q1`tmL6S0N)+A|W2JpVMJU;FG_f}NI;nrgZmb8z+ zK(;4MKQi+oLlh7^1l^}m0agjX{_N+$(OOlQzMZeCcywdm4^9{?CS55y6nW=JDm-2;xK`*pwc1xLbo zN9NK zTt{osB^-8M?j~oMTU_y@&!iqq_1Ybj!I)d&I(OoY0?nr6Pp;Jc!~?r|!PCgYkU=!y zF2A8i-uzGy@n%rm2(3S#@{3DiWv#bhV*N|CCe|scri!pZWI?;hPnCuGd49+zA%>R_+GC{Clz1FJ2x-rXxdtiJLOU8Di#5sd8q@WZbT zca86&nJHrc^zqw9egvtsw>nt96}hEz8r|XZqUwk_;T{caK~hQ}b1ko5F6hyx*bxzh z!=v8BA;}AH6sqw|n}xATkmdDB36cA6s3H8KJ)jo$4mP%_g*yPmVr-1bIPr3prnP>^ zYxd_D+rRxKb;o;y$riz0sXOAIN&6d1HAh}=8dec)V%wZb3|Ke%X73%?+4aX{1DE&34FFuDRA`i&zPR3I>fkHI0*s&Kr^P|f)wHzBcI4* z{jffO2j6&q&3sxa%#ux!rjBk5s;XV)vI|3ydVpsFYL^(Cb&?9B-{T+W&FNnlt_I18 zfz8LaWJ^K$O>+5f-W)p#pkrkt(mf<*pEDX%5MJM(EL6D{br}Go#ts0J<@+tvcJ2!_ zYVz0QaU|J2AY-A@jM|CXRBm?v|LXJl0!WAQ=7}AU>Da*Ssrd?=&et@s5Mr-Mw2e8) z<;m~QChv8*y#vWazhnqX(VRAdE;z7r)@Njr29@LkGQ+2nEynjl#?I*IJk$+7m|by~ zQCYXX3&`8rW9A)?Am1l=pEqz?c8e8)oUi71DvPNud^6tf8!|k`Xv5 z#U%h2jB71|Mp1MKU`|TlLz1p&=EHO%af_gqH{h>7e=-?-ytUT7nKEV7B-%4Q=hwZw zqwU{qIdPHPKC4mxU4934M8g~4g!R<4&;4xi5QT#K78U_V1zO6Uw5DGkyRL) zX|0&t`PdV3^mX0eqQNEIy2#zvd97wc1{=~{ShvJ-4$80lxh(mF=nrI&qHe#PN()Q3 zsV?LIrkjp9C`5nDgF<7Yq^TH7Jju3VMPn%t{`C`b{NIpI6C+_+SFJavRo;tor-qAQ zuUbbv$7D}>)+%P~RtHW|gnk(U$nyQ^p$RhR`%htU)CWJpedGj6CXm0Sre8whJL)lO z9&*YvvMv1m<4g9niVX3L^WT-h$&BJ2I;&+-+SXhdar@KE#zxRX%e~Z}j#yI9x$Fi~ zf!U^9jHO=QdTk}@TEofV>K|gD8)?6)dUCC_DTf;xrppS6Qi4H0mdM$W`=o?9K$FT^ zymt0pV@36WjnF}XmjLQfxLfw}+UDdB!Xq0y-}*p}jn(q?z=B@K_DIo|A&!PPm94>& zdB%<;u36PfykND${@GXI|La?)wCwE6#|VmyJpAOC2H+*fP!5$uT-$tdD{@s{EU+*T z#NnCcQ_~f=Y`223(vM1Szakt13l0_&e7@u%0Fx8ndb&<)Ta*HA4o3LVkycI%y}3G8 zbIaC`Sky4r7;8N&C`mN)n;wt@mWu;BRZ_cDB?fWI9Yn-fnD zZ9SYj;dd~0a|P+|jW>+?rffAcKiE@#If!r?b%LM+5p*902xQPUfW4pYfKClNM;rLQ zuHmhH;|2{mZa$4+6F4xxx^)WXI$k>xdmTANn{T5oqq{qd2r~ZHlE^>NhCLu>SD;1m zRy7|y;s2&e4U5>4+@ff)r$++P)v7Ak6K9xIVrc$^&lJ&sxGf&`|N`;$6{%?tLksa0g4VpUq&lLo&`P1rGL%x||?FW8Ke9LhL%P0?!>BBlX{&|enA2pdDvM?=z z?Qqf$Tz7wi7}-o+_i4F}-LE}fs(D!?tDtLgMV~I%7WV`sFs}0oR+%OBYY_FQ@pp}k zGC?-vU8|V+bPx?}qwj4owLmyi*5dRs+=w@UaN?sN!mcEx0BgACu4MnYI%9IfRDQ`c zAw4_)5Ig)%DqtMZ>7~ih<=wP&CVpe#6eOhy$TZHkMnP5!$y{+B#Bm>;F9llwoIshJ z{S;VvU@+QP`Bl;lffCk^PPBv?z?<4c4T`}vQu%)xOe&+VzQ*IpIf>1#netx!)~wDi=kmcm%8hxC`6vyyrNa%K-oxK4q2+kzH0Add#2vnBTusA^^*rm}x8 zjEs}|#jirfaa7>uz^y&ZIgo(+kK6`2RMAMFfkpmHkU16l%64~k*_lp(_k#8^>ls*2;Cpo$>CoBP~#T}Yjkq1-3DQLnIyOs3AV6iF@@C6 zS(_ZuhjClI%-Rq{r=sUUAnv4D550t(l0ep|z+P5|?2_NMFpkF1z$~N49dWsr4Hd)N z$i>1E0U-T}7LTAUS{hv5SzdPPl$SRF2IKKN2zv657L9@_ukxP)d0Fx1E_2l{?YM@F zva-QJK$cluH(t5@2beMGo}P)y!=jH>f4A!YM}SORYOO zbX*z$4fz0;M3hs>eO({-ZDXs)l`}?eZ)Akf8uacWgm#`yZBWuBLNvv524zFJ z)qHOa--td+=<{b2mT5eH67<%*b7{ym9^eN%OFpLyP80yeL{Xtq7;J*iWU~7&;tohc z=NEZ7?WPuWT(XE`QF-n3w$lyKA^4x~-s;%J&h3X}!wa_l$E?SH0@=`F!D#p^`{Y@$h!k?3gIc0`gqmm*Av&ofh?goQ`bV6Lb!}iXxNoQgw zl!E`qj|m_hD7|vwflK0iSNFznFDf=X!=YAbkY$S=z0h=o0J|bT-YfqmJvby^II%ay zMA&K0tpzN2WV&pu35=OL)ykQo#a62FnwWyf60?r64BaV@8{lsWos_y_-?foKLj%kH z$qWB1wAw7bu=_YyGyt7&PC<=8Yb5@+Ti1~XniQO`oUW$Kbai0?}n$r}}fBN8K zzXz+Tty!6V)DvRxeB*}uL7mbxfLZ}QX*dLXkW4*4zjo7hrKMyc3{ji-`D=kF1WA4t zqcGOysE<A`_ zlim#P?VjHJt-#6P5vvZI{;Ed+;O#hage()L5%a;ot6crNF?)>o03k@sP-x9})Z1kN zGeGaComxy-T8h7zww?+UOdZZf_DsZWn_mqxV}M`*ea-$#R!JZ3aN!e#A0#_DH#){8 zm(WpsiXAu_%-8myfKuL*nLdC?lp5RYx(+4%XgJwf7|8W$Z;O5CBD%P;krr$UQbzYv z)xc%JJHU_0F|qF>Z2Rd7PfdzW%n zKLK(OgwNK>LsnO?(;C;>N2ZzQ^nV_^jte2_l(XhI@KHd2&a+mquL3Ge%l=kRcW?eT z^0+-Ao2_px+cFQA*i(`~PfbU2IWQ^4`* z017eLclR1N2>N{tID(l@i&Bkb=v&R1#W_ z?iZ{g4bINa&#l)#UrcmC@vwp<@@vqgn>4s?hxHvD4Y!faJV*Y}Q$U&V^4$8&5-G%{ z-u4m%cnQT|#4b;$c` z!RdO=%s8D!k94_XU>HNyS#g>wUWf~+h&bT~ z>{atEo+zGmiYE-;G=>+{1^`x;pGEdGfhib(f#l0K7Pi!IsVJ2-Ku4B1Xtt2~wlczud4*aOk3 z7;tyX@#fK2S{H+PST^NJH1{p6hBE=^LcnsY#jiOA5b`e zopity0UMiBW@ceT+wdtnHE=}m%PU#}aTJTFu%OvuBl+cVGhoauAk!lN{!D|qJ!O9M zBV#d{6L0hbP#(dO3gtb9!w+0)9LUcBAhT`CD|kK?>U^RAACZ*;lf>77N}Za%!F-ga)80*p5tKljI4a9Z zh~dr7G$!z5cz@uRshf#hdGQ*2$grdHct+x^Hn@k_kqd48llz`-O%=Epo9zz-Y^>dN zJY#H6IojfD47fR@HS*of;=bstcEDw3==6SdMnt=B*oALmZTsI~A3j;-?|NhpSa-|s zsgMbQr0twXogVBG87AwttZq!Z8p0DFp^_vlFBeB*bou zj7sf0$Tv8zcbEKYVP3uBW-4xc#ju*C+lQci4S1wZi3zsF7gN7A+G^HMC~>*2J|UpN zMo|SmY_^KHaga8;>DAtK`YyATaB}UhpmtVK`|H5Jzev+eE9=ap2Jsaf!{O&TuFbxn;&h=myMmX{H>iXa%s7Ng4IInC>^ll z{A{ezRS|l8L&K6|G;PcPoe8C3hxd+X-F%RSf1*)O@Ox7vJhH$);Vc~sM2%Op2ej0P zpLf5|!(VT<77|w0_tb#O`osN3DjelZ8Si3@VwUt~MDhQ-BCL>~@S+%}{pb7{fAU$# z#!&;YAabR`+6?Nc;&9C5U2)&gnM|jm7I0HeX!W)VJjI0q8xqnI7(?WkPFKY)<0Y5Dm9m>I9y5_KMIcVl<9&ZpbbVa(5Gr6<>Zqj_p2#u99@u7j2*4gXxEwK4TdivtQ6Q(JLM6`w6sLs3ztahD3yo zNUG$g(swpwsXIpl%gz4DMVRe`1} z0Qxtw?+>3@VfJG9|F4}Zjb}US{u%Y8cx+XBEnNtcqOn!g5>>56kWR;1t@6}TQ`Azi zZ&i#ER0io1sS!(Q(NYN^qFNd{63Q!pm zK)Sjsja6gPvFdmAFtz)uyAVbc;7A3O%GSGYVy6b`vAe_;cO)8&73fw}tQ)Mr6ZvYE zH7v{|uFSX{QO>S|h=+S-LtY$A!r#@m;d;uWM*KC|th|(|CJJZ6reJ2h*vV47_{A#b zg$mguJP=!{UjYoInAX!+Ap>>&qNkFvLgL?Clz`O9GB22HE!Hz?-`*SibyN?ade&9< zOL*=0VYDSgU_)uIFPV(4|55p2Jo`x)g$cjx2*@9(t~kfQ`G}EkcCd9NioP|ycWXa~ zE`43K{z49g)p{IF(kQ$x^-J2^g!jsuYa;xZBtBSXTG4 zyaaH=3BQN&v%1~xcDeGCvF;;$8OTK7s#4a8nK0mH9*Y8YD`5`dm+rW^`{7*Rx6jOJ z1UJfc4_zEt^`%0m_-@qK!H&E;9WPdj|QY*b>=wRBmq-iJbmZ>nW<4&JK?gmS^e+ol6qPGS`b0-l(2WR;R~+R zXx2rOf&%yCnLdLzibR|H0e=7>Z*H%t$nu}2p%Cz>5{BU&sDJHODJO91c}MK<-c1dY z+Na*8W^J7{B65%QI;PHUb9?CHs`iIb_02quP6f8b_``9&-ge-u=jGK{Gh1gV$^AB} zaUZL+d5-4X&7BQd^ouaLLXmo!)yTjz^yr2g#V&sD;&3S*Zr|VRyBs~a#-esLfnNX% z;lp}%k3iR&Y{72VY)IHvMF%2_AP=>SJoHP>lmEO>*~hg0SY`T57LipvY1s;{>{}6p z$T_({oxy|A@^_ELQm;i5Fg(KM_g&ip&!+{(*-!;(Ff#qTr@CJ$A@8>ID3OJ1e0o1Q z<%QYtvGU+W`rR>xu`p$(QNR8$y{qO&6&DL2X7ikMq>tt*8-FKfK5%f3#E&ZywwLv^ zQBgMA0dGo*v(qYaN^O}q5f#@Qq^N$SAl+SrhMB_XWxjG8{tHHBywJCyqf7C(X$kC( zQlqq-#Nf0^gTV`0 z__=7cs#y891v?#XtJ0m~y*R0}Wk#?($c9Rn0|cH{YZ>;G-h31)!;={@HEu@0^L=Mr zZhqrtLyH{)%yd2%7&|{qNcIM@AAm$%Ec?dG?cNDgfmBO+&ax)XW4|hipBJCMZK9i` zEP?(0W+)--$)(ifBQOmG+vOw*?H`?EK&iZZY>(T8&}d1^iOKBO0%}6_ja3NUxBGD; zP-U@*g81f>yUT-BVU$FNnOTFzJ=}G^YUV$gH35kRU1i^4ywFe=-J*Fy*E}+*gcpOk zmfp0pBqO#;eddUyai5kTp;z4o^MN8c8&*wz9!qr$uJsg6xvhU-Txf=HH3AmlQSDCVbfW-|fJv#i)o*s&F_T74u=$=hohyAc}I`^eZma)w2-r%z;2#G(@}y9cE~F0qVVZ zgl;6Q$BBGCLactR*D-r^r#(*w8&jYV_-TX%m~bGqe@j8&gNFk;m!%Kn?1w~;D_UaN zww!LKiM1r*b!D~)WBHbCPnt1J(M(+h;-4Vexz`zI>sF61uBEd@j}GF(MbzIN?_b-< zOKWuvr8&XpbIo*{I8_D%3>xtY)uX$wZzxBGkcz@>v;Ul=oX_o6<3A`Y6<0=pqUH}D zcI{I*L)-d!@$nKZ$h&<+$;_$rz;^dl|66`V_v7YX#FR!4$hzKpq8I+x7Y;AzsvLU2 zK~KJDgmHZ>L6lN1N(#wCVdU+qJ{X!%9__uWN7*+Zmvo42~8bw8dTLtOfSp;GS z@t7<$tI8rAz(SC_oW!5Orp(!CK8$%gHC`W<$nE|d)Q^vkP_`lFBK%hV03Ve@{xPy@ zs7cm=I)|{&Tv&JIbdHKy6R8;W+DX_efhBu8N4ut-G~Q?*IE5!8-8GWF7~caohXwo? zF$?LZniR2rLdI~Ud(;3b#>rv(9Noo(AL#xiAGi3Kne^qy<=;b^#@Gw-H?k2o>{-K) z+w5S{l^45a5xh%P31OxG%QiWQM!&$9%S%kt=3Iobe2N0nBL@AXef(4~uf#lY{CyRz zN(%nEeWI+Cmq6Df{qR{Y%99bx8u^N16k7+<(5Rh&9`s1sclR^zghct=<;L-K3j^5C zhlU`dM+S+jH%~{NFy^m+(UOd_njY;1PB_R!LsGBuT$csnL=Cru7FZko;v#&ovwe&wfOL2L!zQ#M%>TA$rbPu- z7w5`?!b_q8PCiL@8MK6Co?m~!=5?xiYT8wv<)507gdoyOgOk{A3$5_Tn0giKS7{LK zA%ouxg@b;80S5}LmsCSx2+}>yQu{WYJ6Xtay1u|Kl%Xh*IX{+rRQ3Wo3w)fFf7mj-^yIzWBbCQvJvB|r|#;oR*jo(u}9ZmMGQ_8T|#X_{u+Y) zZC5v=Ar`Kz-VAmSwfZvglJ#)nCxf-XcGs~;(|z^Gk(KHhA@F&*RNHbCA|&}G<1Ch= z4(ei9GCaqII1hxGOFulaf<)dyBfzd>SYws&N|L$*7KKPi+8)E2SoSwJ$ zxY(K2k$n76W8)ATGkcQY_fji#+D!~wNcYaEnkvGLZ&!`zOe@^(U8I+NECbLbAS<(N z4qt#vxmT?{vusL%JgaPaXV5^aGpg21%mU8M*QA3hqsi;+1XA+DbUzipwF;*B421VQ pyhfH-MG8EySo)BzHx`*6euo*;!bgw;_g;l9{ta`_nv#- zduxCDOV%ValgT7mlgT7XNkIw~i2w-#0s<8zEv^Cq0UZee0R@8q_YTo*gjjk{U@S%C zMIaz*uR$Ka~03 z3mnX~Ko;`y5VY@k1PCZdEC}fL9OU~CBElL1=AS$S#5<+;2L>Dt0so$2z5n&{A^)dl zKGc8JgpSOI{;xdLUu*~wRWT6gJykVzF*kQ`wQ_WOLm57Q7s1wAP0LM7UXIt)(Vo%R z%+bW0(aYZHFA4;|7w>!4-rUU?;AL;;;L7VIK=w}!-uL`pFcTTzpDJ#)0%Th9N&qoO z7jpn7BQqm2nIIAX0N{5qv*1+`m;5*S`6F(B@+t|4-XSF zD-$a#!+Q+|S8oS5V=o2=SMq-m`7b)+=B}nL)=qBLjt+pobd60M-Q5Jp$o?|=@8@6b zH21RpA5IRg{}$_AK&HPXOe~DdO#feKZq^q6KWKkT{)P6BT>oOn|CboAn4_Jei>i~c zsktBv|3CEq6ZAig`&VrxYcF#yMM7y=|NqUHs8;twB0tp4zF_t$FrzG9L^jP=uz&$hSgZfpym0q2(duYMBZb!|dD?mz8K_5iU@#|X>7c#@ zk>w*$|F7hR6pA4c7o!iCBGNyy9JlyyaaV#c01rimnvHJjvfp4V)l~UcLlzSe5>Pm~xCl*J$d6gFtL5d$ z6C<@n3le~olt`e$|8BBT8CgDzbJ=b7yzXBaf~&-Zhc`8#no^c%5-A2iAds$iiG?N% z923+mr&XW7{<@MQZAK=Tb~qiOU{)`Qj5!+ty00v%zlU7A_atBBED=9T+)D}rZzQVIY zmm}e;wl%ZtA^)fNiYy&s4ul0`X}`jjLEu@y(TdHMLGhQ=-l^vPTUYDs4FG3@&{q9G zFw51GUCGg$WFT+2nw{rLy93S*eN+jV87>62At<3*li1s3N&@Z z&x-YLdGI$yJI=!lg*cBU!00iz)sQhT4vxWRlf=Tp`t>sYw6cFa9F9s@RMD7iJUFum0j-$Sq(2D6IVVn z6gWFryyQ<{NC13XAG%I_#A<+sJA6pkn@lLq-o+m8%zjtZU-oP zPg}1PkUFXw^qZ;Doxl0oOLIITVkYQ_Sb>S+-)mbzWC{`DKMfG)=VZUkFhs4vZ0@L- zyEn=at4BUj(2iAT*DWU5+%b(tM#2@x2-b`C*-4BfUVYeFx9xkQ+$Ph zg$mZ}He00968c~ia8@Q3r@f-nO208l_IXB!*QbUU2F#5YWn}Azkw3O(C--E-BO_p& z)i+dBRC{dF^73+4n_24XT*F4=9616u1r>N$&}yB)$`2{TttPV4eVV@`ojD96KWEiQ zmMB@p+Fl(mY;rHPd1UqKwK;Yx{@z@!NtG3Ra%DeDI_8na9~FFrxSiu-#yO2>lX4K6KqoQT{Jy9pHs)ZPDl{>R|ycGogiaCrJ|3Me13rE8%^13$F6GuPsI3HIecaaWK6ob$h#|QWfm3%R4QZ86{y;N_ zv8j+5=o!#z^YBR8NT*D5eAAS*c8(&AR7jIWV$o*xSmic#&CSgqEmr@Kt|U#Qaa1CM z5pf}3sjm5VQX5f|bp;a~+GzJNe&^!Zefc6T?M_zL)BzbfQ6@L+6p3u(a6C#5mBzaz z(=eKC7eC8u=OUFOn=M!>2U)N>I7bf)NWus37jcFvXSRqv!b3l@mM45*I5rEmO|1OG zkVJ%XP>;DzyMCI&j&d~$9o>%{a@M1g%&yMAiNDnpFXrxQlIg)$v<2;|EQTZcLZ`gX z5w3H^^;85|#Kgm~)F*;0+TT!JA~WskNU#Znf8EAjRY#w7u2~Jq-CCvaM9e)0^cC1h4kg4@!J4R%7flZEMHfu(hS)gatUPR1$k>uN=W;N;*mnLJ4(K&i;d zk6${(FQHGh7l`L0pz4sKJ=WRzW*+e1X8qHy0>x<=WT${mnQG*U;Hyk0LLy?<)f;CC zL`u1<`%$CDRQb6OEB;pw+E?x+@(db&hn#}r&2V9V)6l7oeb-v&ZOLH;*)&8YQup+X z;Ibm&&pyjx!*w>jIy4Ln92F&)a#qucNmzZG9$Z$w|Nb_@!9b!(%RX~@+vtbz|7@3N zU&AdsG@=yRNJ9iMYz4`zjMTxAR|WAThxvPeWTjIq{OV<8$gpJOz>-p5c6NVIAcS0- ze3a)k#{EJ zyZyvwnac5QiYWF)f3p*UlV~qF+G)WJ-&^>Toa1c8MXWI?D-d*HO4%T!y;?2|wgE0u z*!kl}i!*|P5iO`FkZvYUgh;T?-}40)72Ri;DQ#DkiVLZ03BWyjB^D>q<>h>UsM{V9 zc@r5dwId>KE+D2HyKq-L>j{>bb|fMJZw5-w9BO;eOX4of7?_+A9!x9j>Z^xaD*tZy)`S zs<3koLFs!>w41n1O!4Sjb2-V=> z7wb{}-6lEA=?9MR9NkAW_OHWa98Na%Wt<`w+|PAMznM7oOqrL3{`fW^w_f1kD;^Ab$rW9yuq2u@yE2G#LjatJ`(nRqj068PSKienD zWhb)JaJrn`jiARNC*Y{Wg2jW2NcSdOMt>yUBzTEmMu=NcV~H=Lb0#c`q>L+wB7ESP z`Gg^ae&P>(F|DPp&Cocwa4FOIW@fDvbExIe zaFzz#bM#e}X+fRJM3^LS)(x1UNJI*@h~E9@o>6?OfSIHuvoG+QyhdWFh=?Yf(p!VO zXb)2MV7+X@RMGt*HICnS<%ww_vcT+QvWy#1{HhNhXJvop2O}z_U3bmXLIS6t%cJ1a zLkzY(@uqVC7jU^wkK_l~Ohxs|nmP9x9du1!fzBm+^(*22TQ9?(fsvcUsf>mW?YJKE zP8C`TS*-nGp7}|@T&`qkvf~wmKT{NhoH7alxrW5k|q^3ihm;cO1)cHrisu&HP^4FWiDWrkOrj;25BKVp>iVz+21r#(-f7f^{Dng>2ud*rDUm&L~yxu6sImhEu`*;PA z-#G^qiK^ukXHQ9g+En&7{cPA_FhyU;S_n>LWv3X@-)5eU@1yjk4_TbK9^2Ln-@cPX z+>#E&ZFu?DEP#L_lH?Ngx$pU!k3$+Jp@RnHL|)l*K-9cL6;@nSjmz?A_3`t)+l5&s z)IK{t2oao@Le>^HoHB(Esw=7xu~Txl4RJFeU7evSDgjw&{17Kc_?(E5_*RWD45^yK z{gGCv_onc-wq^><@lH;Od(CJz1PVFc24xTqWf0L9pr}uJm^+kxcfQU?RSsB@KD%b* zqG?=77#ReNLP(?Y&`e|OO6)>Gko2$Q3PnMf;5^FQ_OIiNd?&Zg`BHyGpB?p0I;+C3 zKE*_V4BKf~E7ONF`pEBXmxvR~ znDDECy-;H$*cAfYO`Fj3hk~Nc@5RSCl$*1s7IjX6t$yJeVV!NKF+ z1wWbmETXHQ`rSULo{qaHxB`Hk88^=MHs*1nI4iAW_=a(g!^O6^(+e9Ld5MQy(EHRa zLr;a}Jlt%1WHw(U9@d$k^VMB#p%)fXklb(HH!B%%i%TTJ1~MbKwFI?$=BJK| z7D@h$;kvt7cCU!*p%}jkfvt2Q{W`q>>1zI(&q#w7SETs116)4p35^>^7@v+)V|3a&gS7w_@_SW_eechY%n67_a=M{L?%Vn`d@=J~ zs@6zFVVu&)_JGKsI2CdFWK0pskbVm_S=b%sRg^iAFw`iQOVeOu>Yqc)zY(#j!%-mGLAhF`GOqwS!6@RoJvzv>6drmY7uYV=iejem>TO z7WfI8iHV4|x7wwQguY#b?;MlE5s2}-gf9r@!CG->YY)JH10LI7@f?9*=J0|qN9avM zJs%Q$=EF(x?SpR;Y0sp8S>~8}bZyh9t&H0Ed9A~kiIUbtM&XSqzp$}mT15eJEr+R8 zYOeyBL-FWnGN`gF`LHU|IL_CDJSl$?HYy5&(xi`!?fK|5e+HfF7VjwVfWR&mA{5?M zd=Dy!Cb|np=>PIL1iuOgg&x4c6a=)cA%4765IGRb=q%9Q>j|<5XCZJcu~Nl}`lcrJHh*QsorYK*^tB3!X&} zie{kOIM3^}SM{{i^zELxOMeFxLbV7*9ov(N;x_qNndu{1GziQ11=d|v234fJK+sYu za1nH$?@c9Q6w_S`!wd-j@|_{5+mE~`G7jO9TtY9830L=#J&Ll}qy464HLmCN7lwqi z-fxG+pCQ7Dx*ND0Q7U4xE<^2NEK{;{_DHP`!N82u+U)>iBJt%9a3KLSwDbu%l=7<~ zL^`L%o)cyXJ@~36A!0mc^42V8Rb{nOa-SP8uRnxqT@u{5j6CbXk=4Et6ukauYWU=k zzFJ27!G;T404#cDrfgueK#erFKfb4b^kx4`-H`a0ZAxDrxJ32yGOt8%spC!%;3{D^c4^lc$ zmc@y~$5{Hat)6VJQqQVMiP}Vl?T#8j1Iw+g1c)XV!7PCA-;|Q9jNC=ep%_1y!#qWo zcfab;M3LXFhzV|>#cWIn9Ys{o6h(+4enqceOQ2j9?!i8x!P2YMIPvY}JCP=h#Jg9v z>FeLVBv8zm&rg^Ig!pFMvBl4vIZ#ttLeVSgu1ao248o?CVRGjncFP9}6Vm=jOaAF(#oUK;FkrB|#O_Bq$WWQ1HIRk04V(&2Xut*wtuG1**1uj`_)nwK?DbQb{ z8NJPXnu@x>mseTe5Pcrf^44I~M`wT`n=G=THw0{!{Mq^*a%xkH>da&-M{b7z+hE*n zyA_fl#wtgEBGzZWAy(N3j&+~L$R()6W2t=@Y+NDaT4Ils8L9*vi)?zF)Uj(8V#QaO}y{?W7v z=Q~(f_YuQo)B&zD>e@)JB!iN6XOk3CdqR2yJ5LG&eOEC=artc*GF71g)>&DaKIu=>%m^S*Xz_MNlOL#;T$ph=awcA;&{yHq3FsgP2fO$e>VC zNM&hsfyfzrR~4~1VfPV?NE`{%=fU??`w%r2X+-io-qZg1C{k@sjPYlQDKkh77h_dikK^|vEZs$W=bsJZdG zHs?luxMO)1(Ki*&%+HK0hoR35r-d>${BX7c2O8^PGyayOe~tI446kDNLhm>XEj$No zzN&svZEs?^<&j@?6xIVn^QAg0lqp?!gV?%v%ef?)FYs%apSe?s29t;5xYFlh&-3Th z3Z(MZ!!&SEgaBa$^mwhQTxjpBh4ua5w#v(+EZDi%-els47=z&ztNeAtmpOACxa5V{ z%4)LvIYfQBX3wKs=PB9j?Ao)I3g-rCaZ5NO`+n}BZcPJ;#VIppajNS3Xu2Tj8frtkNyC;a}URWx;j z?T$a6;)Y$PT0ahDYu965(JGJgTuWIDR0|@Wom<}ysv-kCpVAw>Q(nMi=joHnW27r;Fm!b}KguTkDRHe(a(Q#?Tu^)X1_4dJy{%k^(laA@P^ z%ur03nIn82pk#r?>gVJzNwyx@Ac&g484M(?u(TzZMu74EfMusghmY;?(ec(T>^39p z_9Dvh)UGKmYcKwx8#VY7%B#udXd_2skY@`mF6i=Wn$cG5dT$0m#YNgBUCofL+#8_f zccqhrU2luOsA;H9!NK(^%6i^T0`5DDO{C!g^2pVtfpjSK$OcpPLzMk2(DW!Z(?}-{ z!R{NjRRjI=ADZ=4-)XfBE7N!rkH`vpBQ6;%!I=2=r0tJB`M%2XBY>CF4pX=c*mfr4 zmX@Q(`3!GYd<_pexP~1aI^{LQrXTxe6o>7(UVNfub(~e3xG|aw>-m#4I5#Qew%iXy z;G1^^_l63W1JG~c$B&lOiGO^vbR6A`X#Iw+={R~&5%9zC-ShVd4=H1)qK7AEd|?%e zL=fu8WDvg?!GQ)+tQjo}E0dFr;4Np6s$g-d>fZQ9#JJ})O>v3rx^9VpBrwN;-Mp{vT$?6-%QxZd+3;$erfKWv3khZW` z`bXU#-j}Bj{moQN$Vj+u43!P0j|7Yy7b5rR6+fh$nM+fH(Ga#S8iX6KTj%PsVMd8* z-y4Ixyfb*c7YeT$py*pi2sD5!3nQFUkx^sO+AD$;KwSXDncy`IircB#BE$p-Bb&nb zY7wP#BN4DV`b_9$z6|nisgusdGF;uua&G~14wR${+d z`{?+d3{&lV`~DGccx%n~j6yp@`|9lJdbem>A;EwD)PDRjXlLE|_*^dI+4b7KS%&8% z$l-pjv1B~$Wov&R{UsS&5ghpP#3QCa()LDLUR|C@_4-=mSMQZ*ySZ?CwPUz~=GH)ca(binexZu~aeMz?Sk*7SLmf+~J z`98kn+d!-U|Qqjsk;^cBU>P5I2upk?l7&Kre_F;@2X z6CdF>(v6TJ6FIoboC}Aq*fAE;KaVicYil_Hd0d<_%0F~Rj%|yOu#FBupN3_wM)3GY zpJK-oDH>7hY%P!w3gkC_xw1k1vw*D!jM0g}DI&yZeP!F4!l`S~_TjXZpCokR<~P&Eog zs+mr7%0TTfB#Mu}$$UsBLoil`(u3@JzlP!ixs5gh>EgA|(*xFX zzkTw&2v*Tnx9uoC=CV(AiIKv(Z09)?hqEvGVuh`)FeS*Fdw8V%MP9N2z+{qcLduB7 zzn@S=aJZ}>A;C)9+2vR2TF2H@I-={&=!29ifq9LsV3AoMDenj_AzAufMUfE&!Djd& zMZeTb`CRMHL6m=vqaV^)tUpIQjo2Z_RGrMj0fE%WXmbc#9?d{~MoBy(ivWsnYA@yx+j7w%G@lu$j#5| zOl3Nb4YxTNh%~6V8JV5aL_oFgKv_y1|JH97=e!K-@FQ!At6Oo5JjQ_TvXsmoUYdy` z;fh>VM?)-epMA1&W8UWtv9aaHB-ClYyK@J4Yh)SLkY6elUfWg8Lyxh9W~=G7tgZ|C zB1O0(T(Y<#`vUavr-AviTNL^+iy}aA2`8o;^urUl_I46@%tAA;ne*ymtqL5JRMhUh zvjlj-W?fT72MOM-7GG$7Gw!WzrL2Y02iyFr4-_uU(&dP^U=zdup>FEM@S`P8(R|lj zQh@UpB$SFXD2iu)0$nf&Pq($~iMu`zOQm9NT4Y>drerkDkSQS|&kMyvoTg-r_&8%l zW|nvU`hAknzWMG_U?*9hW&bwsuSmIij%JcZJo5NsuGs_md40CN{cFz-zB>2FqBj`h zjNhJ0Oj@(rfTFYW3GEt__qMEXtd+mRd4{re|CX=qxg{g~faHBIe&7ki-E|{e$3=>4 z6OG_2}vK%ph$2EbT6NfRq1iBqV=z;RRph~bo$ zdj6vh{;^_Uq9_;TF9RDIad`!U?}#)+VxH_SN%xhTFVk{Cp`;>e%;6=fNDhOh#AXR`k~-#axc zC8~B1W_WPNOHpO0<4jrbwR{-E0Jyw~nSte8_Jx2>Pp{lPd+1h4RQe8|jdHMPr$PPM zN4p-;H8E4Xab?~&{|}L>V)B@%H0^W(6-P#x$jqcvP>$Rm7qCRxl2~B~K|C;ICj=P4 zFBxERMq2IFMKtJze;XxgNY%omV~8d83H%As#Apu5Ss{JWRIJ>AplhR}6sJs^y82fX z+(q@(7XIgDu@D$e{~7hvrWeCGhE&8QY}29+d&dY8>UeRh?g0v7G`sb^k}Z>iTKL!> zR1{&vs_gz> z*NuKCAc|sFiR~{t@cXX_Yjgbe-j&yt?h@voNh3Zj!mPd?>lQ<>dAa}j<1+X5RIH|< zslC)><3Eot#JsQ%@_Qf&ykW5lRlQxZ&3$m1;q}Qoilok(kIfK2TDJu9qm&6vw z)N#eCmcHt8jLJp0&)cBiPNX86+vf1{*u<+s>qS*mh;sHcu;MtJNAei$cQGtgqTq(o z*D$KUw)0e);~;2}+@$hl1f4ka&gMOYB$zk?0^Zbt9{WNrZcHI11vPd$a=(srDfHY) z?y+V>lPapPz8GQ05muU%>fCjM^zs{6MH>?aX1FZ)Xvgj<_wym??saaA#FUP$ttcMZhwOLkz?}tuq=tEcR8#v<1jjb>d zjn_7#T+ZzsGcA6Q%X`?G{O+78OrVyTjD^G^qZ0LBSRhL1%aGWT>k%gt`b7> zL)iBKO^Mk9O`?85j4J|8<1ob?Q1#`c&#bDa!=lUs$RDcQOvgU2-+!>xh$g-p^5VBu zh|D3z1L!K)mifq(sv4ujaV4h=U8#R#o(ip@PVck$lzZNfSBw}ydypNMv;qyndN?Vi z^etwFFQAqoUFz$~=>fEVkju;HJm6g>jbm~fPWKas>%Rod%68s2X(PD=!N+mjU&IIl z%)oPVdfRLHI$H;RWwwNKdc6d?Y)3XjWL+H`Hib&4u|_N~EG1<24uAk#=2i;?K%PIA zIF=|Fw72gM$>HDO9U*p<2)O-`2r*zGe)?0e@F|8q{zr#@^1Z0%A7k%I4J;x$=ETU0 z&x^#E+D#^(hxr`Oa_yN$1S}?4b|TU2rDH1DT^D{=<~cdB{l@4+@`5_H*J<@>9F`d- z9VS)Pv8hlV^*gQN8oQl;<-6EM?1Ze=` zk|ddPNXm9(H)a^k`j&i0?5kxThB%rG>qYr0EE>nW`Xfaxg~+qK5>5a8XBTX^BDN5W zuva5JE?$Pu7*k=yPF(|&xG=FXR8awCNj(}uTIh<&-rId=Aa>}y(>Cbvfu(lERwZ6F zc85x}?Y2>hR0x7g@hz6U+N-P_u@m%dnCitEg`)@l?s|qOeT=3sL}!t zoVV9vN}?17ms089;b8j;pJss zh#aJIW8>xVI_M4_w2sL%6t`b#YWBW(S6RDGEjo*Sn0Aq7Y^J>2?w)nFm|EV8DM{I4 zDcE5Zj3s7+^GI$U&N}ZfwIdUHyOJdjE~+>p?tIBfycpPDSpOTPbb)Z8pO$(6ei`_@ z8(Im})>#0=me*_sw@TsBCMvgK8`F!{A(9f7#4&~)Lado$ct3PG9H5Xv%_;NhIdAJH z!&sZJ5-Gs|An68q+#~I49Sy)ln+{+Uzh6~%M_tV>gL*9RalUBu(qMR@ZwX;B$`_Q@ zp=Jo~-CR?CIv1!rmY?^+9R|{1;$mbY4gis#BTbWuRK6_6P=Lemz-ZPGkkSG+sV%Oo zrm&~!C8!7L5Aq(NfGHx=kz`N{XV5V_DS-cqnP~#wCJK8mb}Y8e@01rL64QeK9B1F( zXy#xeN5$#{mPgDhBM_*pn~-twuxLN0=U+C&$v<}|;9t*j0nh_x&X{4b_p<4~hcr(E z?z+d_#jYi3oKulD{7}Sp;Y5;HHl>~4TC^OokgUIa~ZjZYIeRcMVb{7BZ8E96NaD> z0WKAy7AUhx1a9Ymp6q!`3;ca`MFY$@pVHS?*ZJ3DuD!QWPH`5d#|eA5BT&_956&ne zO@H;a3s4O3*pCT88_A!vwh+9Rdgj8F@1*|i(695-3i=47<@^$ zw~}|8b$KE=XSYdHi#O8~rws3?!6L4ibYP~UTj^71xOF`DA&aE7$FU~AA36SxzwHcG zuV~PTvdL)>%l|@8+{Qe0DM!ISeVg17K0-IVDJP8?7&uzxgzFki)UpnllPfuF!_Rn` zLA`1AmDp0e&h0;LVbdz1N5GGK(_YMepaTUq3Zn%ePu%>JklI0#S_c4I^y!DB&=PS!)b~ z3a&Ie-^~b%88*q#)g^yC9`ba3K4s+jiU1VSXF_0c8BdT#GkmY5Tj2!FgZG;>f4~r@ za7A=ccT6t0H=)j^)-<2cF6;|Yh#;4S>4o6}l&@$txzdDBn8Rda2EkV; zyt$?nYX(ED1 z?u*s@6?p>P0~QvH_2-6eB68~;e$H0N3DVj)aZzv*R>G1OCo9{=PppM0 zb~%hLE*eQBmNvK)Wic!eZf%1T@m|P_J@Val2dj7fNK8~{`U{!#F0+@t$&Z?+9f2$E z@_cyTU3t->UbxDSO9_bq8kC%Ur4f+HK>mn8@pHRhlKJqo<7WknGL6SQ zKF4OhSlX(GR&PD#@iIU%jp1Dvx_BjNpFgt`a=HViIQzQa{zM(cl@H6f(j}N%TH7TNBxRk5q zDtA+~9B{5`Gt*#wn?S?7$&KBa2ZYnBy#5tTdKKYbBG#(E0rEGc5sfRRAXJe;+yJZ7 z6<3t#ux@xIfW_mLc~A)$=w%3aE{fR*m?8lj(I*L4t|-Fl(qq*(8~m-|Fx)a<}GUUcR`>Xa2J^I|S|H6LX5Iux_o z_k_6u@fI!~meA9+B9Afu&I;@J0rAFZon$V~OvkGmcNB30a$+yNw^7@j?!ixq6tZaq zD?DeVy#4s4xr`AcF4SDHVHX3o)t_Bc;A1{2fC*&K;)NcycsA3kqc{v*eu9XvFMr$s zANw^8Mcn(SZZKp98Gw-*Yk9ez1*?w{>-ck%&1=3=aoju1Y;4k5(sc3er}y^Z``o)> zNxPj)FB4vXG0FRw?Tv=;mCFYOpEf;b z?vR3|f+pzT=l#|OO{y=GGcJe__Nnq5sZ+$g;tO+>Fhoj!-%D!FvJZWY{jfC%&xNWI zH}%lUid*4?=I8oaZ<15_t>PnBh>_(E?oed|a7o<{9A%1_%)Ui1-)6j_+qzvXU9MJ+Y9Ts;}&9(A-s6T{P^G6i!ImT+Z16YDEM402uQ zpkR%$dWf66xaN-wI_|r9Q8J`4EzHUQz;S}TFc9Gylgufeop#9--=^Rew>9Rwa0%?) zHifgebT@=WB#~!Pf5z!#a44HiypO(|M3dzv^5x=%6Lc6S%fk50OO#^(FfLgd2Xphhd5BEBEdhdo&0z@N@i0 zD}u+#){1%6<$Hm-C2$0j&|BpTSp)57`zdA5{Vh!QZ1?X$tMpdO%=j8*i3b~h3{@o&-42PH-f)o2{7JgnP*$%&; z#xV>Z$#+XLzizimJ%^{{qw>>4Z0HNQCjk}eP#el7y~1yQDjsejRRe8ZS`tP>Xn5M# zI@N$CBK8iYl3?*YlhlRiD3J;{ozOet-x@MjaI}}drR1Qyl0DcPBUv7%G*hk)2j!=y zvr!e-dBBia@;-jMlN2AIH*gaAP%cQ&`MWfdHDvsYRHpZVptD!)tr4;~ApE#7RpM^n zrPMlo!pq%y=b)pC=gY#(-O10pwIuJhUv^nFXVsP6PBH6;CSJ&|K8ILxmA%o-xdNRe z<9E#Wy8r<|C*xd&=ugrnLZMrMIC2gMJG#+hlH($p8Jkkot zU{rynA+Y0x`swF8PPLODC>7ef=vP$Z+!+x!`b{TTqZ=Lb7t~}kxC2Dv({}BM(q3hV zfR`nuRFmj}uS0zl4O{pskCsdFIt!&a6HP#@*0lt^t!dS*(B8$wm88e7F{iB^x!>N8 zLIudX_LI-4u~MQAF+ttO#>-)%4;BlESL11;1zSyenZgDdUE6y*EUhXX)#7^ClA|G% zd43mvWbmUwMN4d7%;Km38S;%_B!-XCM7MA7E&I2qZfIyO(mz50kz-DBl26=dTb6Q> zBMo2Ww0{&y3TAa`adMQ39vvly^x=R)b&Mc@fbPAtnnHt;Ga;EPzz0MhziA^!9H|^) zGYH0KmL zQ}WRd0&NIXnl(crf*G2Fvl-8D8=K6^?xK6H(bNp;(0(ON2Bu0dzv&qpx6b$z=hShc zHTE@d_&A{*B@9y6fRwPp$Pq6XwE#O4(d*Me4wwi6N?a_GC)@^-<%YL_G7CFFpv1@g zR-u)ZR%o>BH(J`hvD3|T*L=tw?-N%T2vec*VZ&+UOa@bPyc!VZ)MONr7u z7yLcRpcWk?|A;aQ5Ic{flnC9pL#88xW7rUnQVnNQ6FExUFiD0z#`cM)8KKo&+QiLrf zoK6tJKPr+>U}sI%bZ{UT2?D~Jqn7kNr5){W5AJj~v4SY$suPO8*_tm6u+o$Vlf(u= zW7A`lhTdOgT((R}9{l*YCt-es7cZBW4(+~54^ot$pVSU5H*KzEv`|3>3xUNeM5Kff z2$>PCwaRy?>@jTGnG(-;0Weh%Q#?pSiY1#`NRi#qpOI<_>#(j z@sPSoWqw{t+W-d}8vCy&p|FNE%NjY062H%CtPT0Dwo}F4@Z5GZbb!#jc0DM%ERp9F zb=M1D-sJk$?tV&reae=>Xd9IJS9dbgW8lTWBz9ei*$EC*!9KbXP6?^W{rKZY}c>$+8rQo>>391(h(_el!0A3pIa@_hvUW_4}i2+VINxSOhs* z7LoI!h>~%xQTE7XW=_t`NB6^XRuiluX3A2N%@#7JhF+}%cE~HhJnfk2ea95LA7)L5 zz`TH*ukNcw9pz%>X&klI`QT#T^4@vkpA)U)xcxut9weP_zQ;u+Zv;gY|GtQM!vz(Z z0=V^T^Hh7_3jv&!H66MCbE6XP6M`Mx@G`FZY=@+s?(v$p09@KvuYLE~pZ^RVYAEP1 zVT9N9g>DdH4#$neqfw#kYa7{K@^MBnV>vq7bA+2jtp1*(Qqoh$!NjJLB*;3-?|yjD zi7a@LB(q6)X zRO7hy*Qs$TXnphbL|n=Df@`WC7igA4G?~D&M*AoDGh6^_wxacUOgzIaF!Pr$zXau4 z8e`xKC9bN6F5z1|g~P)pa@3VXxjsP%S*I7DGOqef=ZMC8tkUnBj*n}&rX)}Msja(b z6Ie}+_%9xx)b9ekUgLNBH4V<1ZBf!f2(vO#H2RJ!k;fB91HDt)U+1%Qf46@bk!gKh z;35jfjy(PG+QbQqtNk! zcDIhSYrr?JTf>1vxTrrf6VKnOeldNdUo7dsqduwfji4?5U7YCQ=oTRn_^EBLTeor`fZ>vi*P{kCm9+bwqJf1aCj%ho=FQaLfEV_cLN?-r{AxZ1%K&F1qv* z1h)z28|WZfuX_@hEv!cJqnEG4eg}>)-V5-3pQ|Ut03?Rl2b7j?*TU|i@tEr6h-?pN_{Z9Jc(%s2P3pKTG^}dqaM}5qW4(dpu}Zy3O;GXZ|vuB5UtQ?E|l8)hiBM@{AFx1awp14vCvz$L&-y@272>*&k}6!`8Qu`chdzAG+Q$LRa*ET^>c zOc({iEvvVs5z1irA|_j?{&R_toBU#jtXZ$~yQ0Tv^jKXUHwE=K+f&KkZXUTqq6t60 ztzV6ZN<(;#MGc*!-{O-!Tr7O@_ODWvAvme)SRTDw9#_bY)(d=2>c@KuQ5*~TtOGfhI z?ZBu?87~BXI=3KCwf^~nzKE4AOK$aum&-%(8>#%9 zK#$LQIm4j3ulTbx_aCwH|N5ARLz1k%ueI$V1|b$7YG8K!EeerKI;EZ{tWyL39C z=e4`oP!favj5mIG#aL9z=PB6zY^q`Iw1on409r>J|A`Zi(fZ47!9P3VP7d=tm#yKt z^Y)*+IS=QeJq=pa#^q&|2|xGFXe@Ispp%J3V3KEyjE*IdWWNd+6RmYfyM5}JlxOO^t*F$gCm0tea(N?12U+-p`?cAX^Lw59 zPvhg#X;dY50!Zelm|BmJT2J@ZrRC)t`5&7HW7+LTiiTZY<0mBU!)N~=_TDKxtbJP_ zZqqbP8aHihn~iNXX>8lJ(=@hi+h$|iwr%H|$y)2|z0cWK-}V10%`-cH7#{B!bA+Od z`MNg~+UKN&bH$;G4e|Fg&=~Wj<^|{;A$P2=Kfhvx)ZN)*?NeOgoahA4`F#sqi2jxq zy|b?;mH6S1euS&-c~=4PVckDB^@})q*dPu0)R-Xp98#FAVmFXXQ=X)Y+1yvTb%52c z>&Nz&nl*`+)ZLET?VLV0ouq%-+BPnYH8yYggP!^IhG-|n{5Y`sU?%<{c-C(Egf+wT z2z9h!Ox8Ud%D#!Q03P>ntd-reW!LL#b_(pzt=U zv)NHo1uzxkuUP(>;%O!e0pDzsWRx@FTHhWu~Pw@1U?o}^} z&e+?}MMOn)&Dk=`g+HRDoQQ3!hDFEwmstkt3>PWVx~YV-y{y0d@XNLyVNqr(KVSZI z5_ko5+AOjo5Y>NC&+@#hz1j8zV;~P(bM?LnOMA=B%SyjC=7Fct%5j`C)mdO!FggB~ zgX3sZdhlfUzyzi*XMG*!Hc5NgxIDA@p^!AExkK3cudk?0;PXBRE6bb5HVanE|7p-F zS%IUQ$4hxm)nTq9CRb0Druw8gWD0;RJNjMX^$(+ZVQpY{jFZfqf369fK{qE2aqh-~ zJlL$QBL9?B&B0WUQ(1P8ut93fuXs2XTp2-;Eti|N6zgjv2R*+e0`~ia5U-OYzuO>X$($W{n>TsFHdV z^Sw3%LT1QU&!D=C;9s0R)(C6FE41{W@ZVk0ev+DChD<9oHv}93>=NqzCf8QR1!b7?vjq|l+wI^xfA2Gv zXmC{biI+yT5VlJT98XkP1>&1!OGfY|l=Dr_XEQJnx8E3w4K67COjwSk2r#ok;PJ<| zt(^Tus`~w@$M>0r10N)Yw4ByYexl%B^(>r(X@{~X9oL`y6ks1iKlI|1Nyazq8|tIM zG@rrKcwmFudTHFC)P|izLB!A7Np=nSkw7hZT>m5vDsj^fG*;nVY8(OHUj zbA1xi6BEYUppf3Gs%O3qvY&cYtegmp=TTNG{imt9=0DEPp>x)oKkd7x?Ux^VV6ykN zYj97W1+n7#$i)p5Nv~C}#Pn|r<6BfwIQVmnbG=;8lX+K1Cu|sy8%hn?lB#+ImgYH>XQQd3=i_d-1xs-qt6WOE` zbZizw8a^K|NZRPkb_d&2FCZetw>T-X?^8a|5}{F(KXme+t?F^mR6aW~x9H1m{FH@V z&mWS63{oD%wn^8%`>By9%E9{lRv)MA@HiJgF;3#_ZaR zPIo>kpXr4{vEC@Utci=ddzu7gU}S*tDm}}T9wgVgZEAMbAWH=z1yr-yZ9)WdmLmd9 zBu{7)6%}o;sK$25RQ2ULWMzP&^`ThB>FS%_wp*^@gqS2s80N5-PUKZuN7QiHu7j8e zZ~Y|W zp|Sh}gZsC}{`7~x$F}&efyg-S^$YXXFdBhRAQ6b8&^uOku3t#yIw%X{`N#0r6s>4> z@@b!Uy9$$AO=D<~93$pAnGH)G8FR`TGRJDdbe5RKvW3jj*I(4R6N(bI%79;T5~^o#=;;fk@t&*fDX5`$g=P1#Br;IN_o>=BL0Xp zJnAZn$$FTN9O{=jbUHI*)oV zQZE@u3|M9M0_PekXX_owqj0*(hm&TiVQ)1{l>jUgOA9{QfrImVRrvL!L-g|fi)QH- zvV3g8g~Ys^zI%Or-Ng5ivT81g4ejmy#>KqgP$Qk5NYYM9sJ-_J6AWh7aA>J4H9h-< z*Rv)qpGdp|PYP4|`}>9&j7n3zJgnY{=2Evd@6G6?p|~GUKVCcJZJW~FykF?yb0OY3 zb<+NFUQANT=*YU>={6$t^W>uDDu*(8YpwqersfJ_tIbx7j7v-YVf8nVC^*|#aZi@r7iUIp#M%O7 zx4J%(6-P=%5mZy!Z=1az*7=+}s2vby7Pp^Gg=HjFKUR;Etz4oicN(uOut^O0ULNz# z-pk&ZR5WzssMm^|v8WLtmqQRFawcQIi98t`Fnx~T&jAfnGE@FCd~3bK(|)%KQhVFM zfb%{_$AaqcfO6?2x<`oLoqmL>_V6UK>zlZXNh3!lQPCdzc;afb@5?1pCXYyC2~gN; zN>12w$PZ6mpA4eW_Jf;`!0Uwygz$0@H(i~{AoB?t;o$C}@r1h7K9yb& zmjZrv@bH813Z)bjiPq!lh|atZXHxZ!R(Qj3!0zY35JwVtF=6rda{gd+^B&VY%@vj0 zlbDtEj34N=gra3c_=NWxMGpgKaE7)#O6sx{+$^77=v>ET6{Cd4efCGaU}6TSS~`Wm zjd0dxQ~3OQZ!I@8>8^gE$W%~LwLTY&5=K1rY+5=869mF;4-#i;A z_ZZ)7F`Phi^u!o3o|u|hx8`^XVn1UpCG0S?pMS0$CIo?O_AVN8zr&=~nIvhATZ=P0NYQ&Vb&6FBPCRqQYJ9~*RrFUkG@$yx_0vwH* z^w0!Y1|O{+LE`Bmvh%tdW^F`tENRBevv?+3{j6!yips}t6UrQy2_{7CeM9OQ0?u^8%EndWHP@{lk7^-rEGQ`8%C^*d9_c z6=?1TTe^!!%Gk@eeN5yTp!w-?w{36Cs@EQQaCf?Ue{h399R^qL__AHYqG(zM2* zBaAeI&a4)(9ev9Wu*X4Pr5=+UzH zX-7G=>u(1?bH7xvQrPJ%bq7Zq zb3SgIx%~FX#F`W8Sm0Yo0F_mu+sox6kFO300Y z{YbH_UJw0BxeZj8y*^&Y%w|>y54a&d^D<;HlaJ*|Kqn-3finM4}F)%v6tSi?emW zw&W{v07z;8xI_eBqj!lA?gHP{@H$vx`Nct+qISZM-0yvf)w?wiKDMW%PE*SM*!mnO ziPN}@LpS|Khk^17MX>W0$p(o^#_~uR`0y^%LeQ++5E&GdWl}DwwL(KUiIS;DhqH+B z%J!r2u)@0XJEt8<;Ej>Duj7(aVF9$upnVPR$UrCUj!s?0sVUw4pKu#sap zIPu<@O}P)*kC!>YML9Ob1&fli>1-*ih)b1PPQf2*Zf=P#ea~Q1)R=8#bhMN3B;K?> zHMbsWf1P-BQV^ngbpI>;R zpzrv}3M-X9XE>#H$aXnm*c6gO4)`R-04Lq}FYJyP1pSfrJ4mwcsh75^#YUpo4(-Nx z&Eu$oV@)i2MUo}9H)}`wQ2y!fd2n2z9flk9X%p4P_NMhkb()zKO5-F`hyu^|a z`x;JY7)usHt$t5V&P8@%7}k`9DF$8@iH6=kPCf5gA&5(7raYpr_JZ;xv#S~Xb?xok ze(u=WipyUe<~Ox4Eq_Byj$V>|V%^r|v}X`Hh@*0AB!g-oEi8OI(={6~XBpcgwZ$)0 z-3nY;!GKY%PA_~q+k&ZC;VmEbg6?R^`w8R&=BW#}2lo6h@%qaBfmDsHZuU1tfMgwq zT*=4-K`IL**a;5m|3+H_ zxM0C;a=Pa`NSqXaR;j;d3EjiLC-8d$FF`E+=ly>T)@zgC;euF~*rzBid<*~oS?I6v zdry8I)@QY%_vH>0O8;8#?`44>8hO|n#^j~P%7xwO<5tDF|7D2)E>=*Pt||=lhV=ik zdoMq*d+(96Y5jkB^$1Sl*DMUo(*IoK-!|TSoyE6#-CU#cf6wJ<2Tsgw^2yiiU)TKW zI>67hoFE0}Kt$jc z{-mS*C;8rf3sM0V4OwiNiTN*64M$-B)*P*lLchuQe{L&42`nmTwqiW+cWCtQj}3f1 zzI57I?E3r{y5S)Ki{jOuRB!#4<5cl-L1?iu+3@}sx`hV>2oN!2tm$m3fampYi{mfC_~G z>V)rSqOYmBMr~Napk0S8p`ya3l8|xq@5boWWPw406lk#+H1LpR{9iNI7Q&w<4~+9u z=5KEJm-&EV0L>W7%a5qWG`T{{yPq{-uqH8PmzbG4cr&A;>VW+_q|&KY`NuY-p@9k& zp`xL6VV#PKiUyh3M!JroYc+SQmHo!kH1y~Du_Q<;j89UvV7hKokIzgZJU%gAUfi$f zwXHW50Ib=@09X{uM2(5aeqqf0hbE^ifuvwmYSpPWfT$y3!*KH&}$lsEYZ@1z7=83@r7fYc`h~;`2?$E3@ z=X$fGyWZ*V>a%h&!bwHdbo%SCdPa>_vmMlN-JfXF^AqOm8r1RHd{VZByZ}3EJ_Y z3d1EQ5=x42noNO0{BkUsnGC>qr@6x;OR$5xsSI#UNe90A*v`2C&)6RyUe?l zu0&uw4O0{<90>Pd?+A*B>@tq+Q2#)5ge@8X8fo{2y&+c!u~8E>~0X3rDpK&sU}HecniFz$eN;fp_I0#pR}PCHfngT%1W1h?>h; z7p?uV3iDxE$0n@%trw0W+igEtY20J&id&;34*S|~gx@-md)cvS5x_MEA34_j@HSf> zjw2aYT%^U>uVgAi-Q|jv2soe5LZRWe>OmZ!?$lMM>veL5>4aJHg+>ZV?sHf zXAkeUsN6|v7p(%5?B)$CE{0jrKDc(TYddcb#%qHgLo+U7r%MPeJ8VGX^=F!EO>V}8609La9V zaPh6C0OlK8iJZ%+r>-pLrn=3?IlJ7h`6|1**%LKgO)Fbn&*>+co7>-kog*L7dU>vL zsY#W-%|_-*#Vr#9wVbaq><&5Re7XCHCY-eycJ2Pd`M7=uF}f%(FRZ^`g!hmIv*~U- zaVtt%oCZGtv?M*9`}sV!wU^563=${5>7b->kYs3R=zJ?yT|`3XbTgC_e)D;*ydW_vedLpRhCD9UGRd5Y}Vr9xUfW8cnp>=baSi;i@s*LRgO5 zv?Pahf1k|=iSrMl6?Mf&MWv;&WF>X&aOz+5MAS-~ujd)QV5qx4{T<#?yTILEnb!8} ztGkr*qVky{J5glU4i^hQs$tqMTJo5t-(Bn^3Qs{&*0s5Oawg5q%m=%;NOZbcvad}R ziD<6oYdqR?yXOw_`$jX7^=duaB=|HEWq**=<2vFBZ{8o2w#LlQD={AwRkFykFV$IQ z{>e>COA}2Z=HKM$Q!_Iw=@a}V2qGZW$u~6xkZ*XfMLglVaEi;haAu8&;YOY$O{ODD z?p_=sl^Qv|SJYQM9UWv6T!__V`{g+rEp`~AqKMWKH*ubwPJcM+ z0}K<_ar2E@rTWWX)^r?hmhzX-F9H9xSJ#ofISTTfo?f;)2n8=W9Hqctirsp#&Qd@% z3hOIbIQlqBNY6&Oo#{k^Q8|8udT0Jl6JRn-btQG9jI!j`eLJP7s;|3B^GThC=x5?! zQ3tXxusK;U4(7(kzqlvdH8&qU4%@eAAF>%bb6YvxZN-Yp%1$B9jA8ukn>w&O&10z| zfkH6%_Fw|V&5CvDVf}+j{c#MM?%BAx*v8ArGv`3#Nh^`O`kD3JkyvYt{dOyv@l0vY zZ@riKzU-{5s(5aR4WAWZ@r?7vu0Gua<{|r{MM%J%)XSf3 zC*&i!BoIW78)C0y!-1<^vP&#q%jNXseA@fD%_{OBbfElG8h+l#>ih;!6~>h5jUK3u z7x8h#w}vt}-d9zkcqjZt7|uB|kFei+KaMEXrGnYJ=699k?H^b-Z0(+qZv}eiT|XXp zBQS?oF|2xVnn_v~*koAQ_wzD0b2*>#NBzYV72{nlh8RtEPMLsVL0}6Vv;N89tOuY4 zp$d?FxESj$=Y2#u(1Y6fz2oUn`nY?tQzH0<3-jVEU|Qt-PHtOJyO(X}4!PK$=jDVf>H%PAd`X&qT_Trkj!^ z>*=}Iu7sg8w99i51{OMkwX@?viCgxT%?Q!WRWDdQxed_J6@9WXr1wODBzK#2+Ri5RwUxnOUeoo%US7zskq|1$6W*M52BS3@Jes(Rnel!< zl=q6L+6rzmc`8EvS!Cg)UIxUc)|c<`loON~n|7o_M0C(L2w zR`p#dD8fd(y@ncPVo#?2C~YWpp5-Z4aT*_LC|Z>3q2qZV{G_E9OO6SokjGEWUFNR{ zAUs^)v$UR{_E$>WOV#P1X~Ykih!u;NVu}=eqK#+Ts(+vy%6~Lc@W|=&J1ph zeIO+S{p|r)CJWMJzr}761@9OBK4C2@Df0AuYk&oI9Y{cCWF_&m$*q1Y;I<|4o?*^U z(}$0NzsG?KYb(05{u8UoT%q4{$eELAKB5*^slh?`_>86!m0MyTnnHZ3%e_?e%a|Eo zb`ShhDEc&y!DH{3!AgDP7=K+e-AdRP<6~{?1^5IqN~fbA$`CKz&)PI0Yg^kXZ{xZl zT3N3A<-9tuz${QUw>+e(xCngk=B&kpYmw!W3?_QnyF-ilpVuTTcvdqze^ zhel3$M|zSD&<}wS)aracfR}LKmOe!xLe}a@t0E*E_XmShx?-u=#|ji7 zo1IEYjp$Z$vC6g9w6f$do5GMkPHEo|^(yZUgnfq{^-*K>F{=out-jc15ZIL9Qc7?v z@F_pi<|$w@r-d9FlJtQ(gAbHfEOt=cuX1O2 zPbJz!u@blP+{}9#9b?kv&(FnhT-jMZv)|XZsq-n)yrxSH-;yW;?m`AVzki-`HCowz z;BjKr9JVS0v^hU#(ob zr~RqX%#IAs@qCbb^SjcTp}qN%z+>Goyq#&sg-Vt=aL5cI&r>RGME3fAMab71ydGKv zyQCoG?)r$8-aVR%$@{~_!{Hw-=B{56RZRBxLF`bBQr!;Qn}$uU8<{(jK~e8}x!=yB z$;HLyr}<8@;cr^wz)68XQ3PXgrjW+1``d>Yg|x=Oq{_e%Wc5G?+6`K|T<+4q9MAb) z#?#^0CQM?nhr1{Q^&sABz$ZJK-B@hww^{_jBg9W#qNPf$b|Vf8cLT@cx+H|t1;riE zyV)J%-T7)!;p`J`ksS9Af0gl8)6VahkXFdd&70PAj$G#aE$;)6skB$;y9RD|c4?Al zZjYZ>Sy5bPVd!$c{7zzJE^mnGiy-8+irtKGN3QY9W(25!>&XS^_QUlN??4O%eS28} zy50SyVGt%eDtR!)8y{XJjU3{1h14f;enaN4=rUeuOR~lNM$Na+hXBd>AaKI2(+`E$ z`B$;nnx^><-o`f&KmhqrJPq7PK0%}EJfCI8GRsc^Xn?Jokb?hkC}z+h@hkO#h1&$c zCBXfWE5ZYDI^Jmco92BZsZ@u*UF*}e@>dcm(2|l8WI8=47gyI0*eGlc)Hy%mwUjt5 z*ZEYdi}?J%02w5fjia&IVudbb0)uG)APE@?!XE^j*br#Ibyso&rj8Hi8R^*9>yET$04~t zQ}?gF1^_hbX!HC)V>phV#9}K#Wt|xti}d{bVBX|%_XP;CK|gMert_}t?d5;muwQY_ zeORU0pDr$p-3tAOZGY|fO4EWbWr=VTKrXThSk&1{eORen@#0cJLRpfabxPt)CX?kR z=JTDA(nQ<+NnvNOJ^HLJe}qq$Ocm?MM1#65Yik|8lKD~uS;CP5wQEigG*iTz|7RD; zIFBXpPQb0=sx>(fTJ{=80Efh;f)@R`(&`Sh$3L@fkEE6^(3XZ>um1V)ltQjZE6r>a z(ADXW(4j0Fjqv87{vp#FgZLOh?C{`#Rf?LuL$Nrgr4>$jXo$`LBP^84(L8mqy}6my z?6K5f%j*ROT~q_nCnByxZjI{wJE{u)RWAN*v9=V5Suq%`5On4$I33EhWLA5N?Ln09 zCbMt@u~e`T?sw-~G>+#w$0EAhFutnNG$PgkmUPdFT(fb`jjq{&xquHHKq$04rlAL_0~i_ zP$(JJpXVs^XqUcb7ir8_>i={#*Cb*~#_-J;qCl0;Oj|Pn zkUCGCEF5}q-#-P}5D0`&dz3kLgSuH<^hhZ=!4+^Mpo@!(t4Gi1`BFJhksFQ9bscle zYH^nY$^S+Y;P9S)*sEJtUxXv^p(l9f#9%V+6e|_P41z&Uv^#M^5m0eZ=PiYu|3{4e zhoZ%BfH+AjzbD*yy zV>G+Pk;vl&Yzw8lA0o{fYhC(%!;5+#F-Lth96~tE*of2il)3Z#+HR{1W`@&^%loA--`m z+HGTh;9){S_LsO_5jn-cM};GWur=gC&iW#W;@BK%#Z%ZIhP`(7_XF&X=Kn}Og?5|1 zYM*#Ai#I65mo%Hb@!iq%54W6~%gxT^MpLAlLy7XvpCgHWhBVk7WGGb|A=4Xug~4RY zGqYPx2SQe478_zr4i`WEK*T-mvxLPaM+E6y@vgZ_{cuWEmLtQ(DnkSS#zTOJ{Q*Pr zN_am7kVjXSr+fNUI0OjQ2wb&aw-yqNj9RZG^xPG1a}Y;d+@S5wZkC0eYhq(RTYMr} zZn@?^oGs_a7r3Dc3r=ZW0_S`FIo0a!PVo#xUO6AvN?V@;00l}HjwIZjDaDGw7ybnp zrH#FbTx3qSrsvcW*N1C|tNm}o$*jKQiWM50z2URX&Wwa&3BQ2=)MH`pCJ>2gG+Pu2 zL(A!4nu5*gQb?V4`71O!6CAKcPo3pPl|vGfWyZ=-M6j9+O3bSb#V!IzULWmahLOq< z!;o7N;e3;UMnW!4A<4X7BtNKl$(2%&D`TQAB$i@Xu-!8FgwoVtmyXw}XUO3FW6Cxw z#o)@&JRLT=p;cPlRGqJ-vV_vt#u9gqj-bspj4yY`gks3!mjyg)t+qrc-qrv5X$Wv2 zC)G)RFb*DokGnWu9=)WpMR436Z|A+@aCpI*OYc%&t@!iPLmaK{XJA-iy7g9ncGpIc zV&!0BU&Y(0MZRb#?6KNvMRsHriN0Q$@E>zy~Y_nNG|#yZaGtZExsT!YWBIM-Sg z*T@&Hnk=q>@A;NH^UxR#SfV^)oa>~$lxxCmW}vtoY{|*Vntr@IeF^l1dX>gAlt;qf zJ8|Tt4wo8pQ--O@MNpap1%$qKX|?}`sMeP>hgu)m=m~`<5=W8gj%I@Hn0A-jG)~$n4{pf}y8uNtYDBYhMYtPSzIe+itzuthcIuQHg<1dg5mF-K_xXl<#u$QPjftWwIbut?;2GejQ)degU!4LwLf!pI zE7SFjWvApA_#Nj9NIacx&CUdb&7seyu|DB0fsfh%l3N|J$z*pJN21g*>%AVNc~_}F zBG4B>5IhBc@AmxYh~eGtb#DI%L=^B&F3hh6N7C1$^ozaV330ffe1nHZDY&hUiF3^H_$fvB_c+%7A<+&jbSnjq~%OAG$zZsO|A1v(0_YfuNXZI$!5BZ40iEfm^Bo*A^vpgP_F{iBKa=soQw1o(S)Q%)vzx->aU;{WfBHoxSJXCL ztW2Zb4V6j8t~v(PSMqjBwvuW9b3wP;wdp`ASLDa-1%?Aer8(CzkV(saNAoqNg^V<| z>6#rr8rA!ccNfYGu_JHh3`5Rnk9{z6pD3jGbCPs>*_jllkSN+ivGe`sS*IyZCZEgz zi1*3_8jP5H)*j??+LSO9wef+x7p7R1gBzy~O?_!dXN9FL?diO}qd>7DbWi*m2)^1v zAc_|1Fin+eX#IIpM4ni#Bx?0cRT?c-Q|B^!LPzaaVe@1vQBl7e2lY+l?C*XsTddb- zY&o7+EG?931XHRq_OeA|+GNIZKC14IhQ7!IQPw>tt37 z8HoI{@6Q5OYKr3DbdW#dbs_QN21|do+{fndQ*LpoN7M(L3H=rkt@;_@c6geduBzZR z^@lBu4+n(ct+i=rxBVxWn&D%2hLa1uaSLUwVHVShEY{ke=OsMu@9%NdTU@x02p3*G z;WlU-ufelOzJ_m=^A)h}}kfe{&o-Pj6(TIo5o0nkY0`?#r6?L#0G#>J_lo$wAa zh~8k7%X~eG$A@M=(`>0B&B1uCB6}EVlNn6^Qe-%h5f%s}W1ZHX1Kx~F+kNM@! zY`NCP!|{rzOc*wuuz)w#X zDbi7IMuLR#l&jQRHMGT9qHp8V>bn4`ixVpDFqNpbTdwA|G(9YGjKYY>UK|(r>c|q>hZapVLy7o0huKaK3wn} zSSBebGt~oL8yXi44qP}Wt?u~%Ym4hn%@-9n+`;qP!F+9@1{|1r_Q)^TH^&dDk9 z8eVw+0W3|m(XJtZzSPUnz*ypGrc_-WX-P?m54m_Nz$`>J==JR{NvA0KZwSz)b6Pd-H zZ+;`$R38nBr-r$UD(j8I$%MhuH85C*O(}1@Sp){7Tb**)1$BK!;{Lo9{b+l5`%aY_ zDI7Qaqg(`mXihENYmUh%l-m^IGX~kiL%U}9)e@@b1t{inouqD6AwqrA6}Ct1!VLWL zdlI?p4?5rWw}yrWt^3QpoR-<#vkZ$xAkAaar+|$6s4rV6*R}e`i^k>F;^+ygq}k*x z(^1%luh@m+*Xr)vcTLAil^ybUB=yjqa%_c@PA3FC1Tv##l3B=)D7kL|9Vlo+0reO? z+O+0$6La0mYKvR&lP!o`sd`{i>K0c`(VPwVex9W^*U0jm^$xZ1F?tl`*`D=FG_f3d zk2v~F&$&c;x7R>K2(KeW#8 z5tpVb=~XU<0V5nB&qdbSKYCX2p8S{sie2??vyn6_Z#XL-n-N!YCQu4FcJ?!Y68ybW8_`20q#1^5`SI4E6y`X~Vf?a0B zN>VDtTJwh8qpxuo4R-A>vw#nV3rSvukCo6Vo@yI-7l{2m-O~lXTfOcAa22 z@Fb5|(xBMy!n@BykWGxO6u59+c=!vZ5dgZH*hD^NBykDH!pwX>!1(WLS&-H`GdQ!6x@vU0wzgv4UW4NQR#Zi1_|?7m3e@ z;Z$bd#XF8pG5+JQ&E2=8S%?5m+7W)EfYm_$8)<*Wcg$tCJHM}f(?Lhcvdfwgb#Bt? zosth~Y|i2@HQiFMYn{J6is9ir4UFaay5BI!G8_=#qsb^HcuaPuppFMvT-EN&Rle&% z>%R&^0GM(4PU^Bt&VIa4wz#;hGyRV*?pg8)8e4-s)*HOdG%U0qv1mkDUmn^7>Dh~m z4e~F#*zvUWjX_ZE3lNsu`3&e&twtxrJvWou;Qfv3{z33d-%bn8{2Xf;q7sYW zC-ZIFVb#14P;PzzM=?Ds=#6`WX&D4O7-{{#5Kc1E8%pJlU7*j;!s#--MXHH}ZR;8| zQDouL@ZMDtabl@qP?Y^&;5?Casfv@{5EN_^h*KW{Go$vH{L6pvNX4jkvU! zuLkE03jPPk;=%`rge<(eRra>Qe>_*l!^X*}vE$cadwYh4e=7bh>&*25(cIN_sho(Moefo%FuaKuD*O6I&_%ULH7 zz_{kuWy5LS_B8qJfdiAAw1KUwM2`o|-+9C13;=wh_YO8V76*~yjCco!30CWeZ1eY) zgl$|;Cw7}g-x;-1K76J2h!F;E02LEc0Ymxy`eqvg1a;A6azi=1r9tA1pa207dv+qE z!DSIQ?Zfc3A zOb6HaFV?Mo@MILhrrn{&w*!m|xmpvl`|}+UfL0OnoA7{$%>!7ZhCC?oyOov?-B_S0 zg_9U}Z-`wjN(NV)q%L^QXps!be53rIzB)<()DMv~7~INttIPC&df3 zccNb9|I7k7-42GO)$8>D@Y=m~iWjw3pTJnkeFk*>m>==BYW`~J&xiAkpKh=g1*ZoU z!(}i=W@GPM4^N_5)C6pk07zs zWWE&2(m{>=Nj;8R)2&bOFGXrLKXGwV22$iq z>c_jC)NpoZJJ%)vFw6u%wKx{r0)KT4RiMo98NfTb0WcxER9NFkr}<4P5W#OrE$uHu zzBt-^P*U(>Ym4i5BYQCWAeT~Ukj8;o4_y|@v|k%7iTYT))hY-iHFDs7TvgFzIB)1M zLYl#RjWz2wrApfK+9f}b%|;PBd8ja3Ww<8R^xi3kU<)U6ScCPvFnf+%Z1bjreEd+= zY;*Tzn>?|GVIWTz+9?qlgDg`YjtNyiWBns|nXHr-;4I6B6X~`1E z4yz2uKF?L^c6j;1mTR2hRv)KuhOewFdt)cLRoj@hD#M#oXz-~eFb-ZWjprF6ce49*{lQ5UORwleIoTM1K; z1Jd)95U^ZpVhZ;_sEI8DN(>fCQhvI%qrN(_lB=;j$w{NrhP_qo?4{ikY77rA<2#bV zIiW`9GzvoJwBlrQ3Ff(SV_Od;d{eglf7X$g|S?7$THu2a-+S?%4N(s zf2K!PSXK|Ux9I2Q;YZli@8%2T7-+R7<39##Q3i;f@00_Lt?*h6BMFUD1Vb_CFnSEo z5Kk`coQOwEju-32mH>orfYGUpnx;tZ&%jn$f~H>=lM zZBaX4n@D4Iw{H(6j%5iW1fkG@0RT4t(R_8eOTEbEokpYmi9oSZbr_?$noP0Mx7T)E zhII8-H)I+u&;)v8u#i2VX|WpshtHjAQK`0)%*O7)Zj!PsN7vu zZ!oyM2!x>f1Gz&6mnX>Xd^H&+`~68{JI!~qMPvZ_6HH_6IN zfwRPMy0_3U{?30oe|MNMYQ{!IFk1J(@A68OekD-mw28$Iah~)R8&NDFREPi+H6q9PTmaXD#Rq=FHpQwnVpeTwZ zt5J<+io6>|z*E@WmnYdOKYz>iTWB%%U19UUsyQW0=`QaMf|m}R0=&PAY@yW06}#gM z_7oHAlV$dny|7Um!}0ulP;DdlUfZwUAt5k+Xhb210bg;H*htOsn!ToZLWof(vPFG? z2I^p5LD)((_im1qRtHbOB;nL+35lk#G0)c+1;>ab;s~#I*5&YM-C(i7>1l=I6nzy3 zN`CFHsQt|8RH3{QRE{K0X-ofwh-UYJ$a|sp{N?QxeeD$OYuuR~2_y z$2TLKFROqU#W7nGibN560=U(>H_Oi!Fc@?{0CY7T1B^941rteyp^JKr35rs!S@BJ_ z#RjeV*Rr3f99;m=Y_mWjowHkWXbuGE8oOk%h6g}f;QmyhZ7+F;AqfmnzAdRumS2fK zUTVxVnX6E!v%ne85ep2#U^N>1aYEYqLAl0cti1$SjaViRPOd~H|7HuzOq=!dVp=yB z4AIY&$&ARNUhY>EqZg+Qo##RxH9Fhk7ID;qW_9i8W}S8>TWq(L;s&Ug*8Je&`C)pu z-#ZKN9Y2i07Bx$r+4nW0NzX3H9>BIQS!5}SU`jdlao_s9D98LOnboE?D|cfpe>i~}0tLr$9$L3wph}?UY{v~tQ}w>g z74A912M~)gdBh8>OiTvhnwOf-!~W5Q1=NxOn@6nn`(X+fM^K4F5hRg_9tea_J^@=~ z9_fW&lY9ivch9tEv-lu7G=h`(FE}{#;+cJ|w+H`p2cvPH@py`ypnrr9oKcZlE4dsd z5KE9zR}bhAOJqm~iY94(S-R4iwVqBA4rRmoI;`7dv@X?FTm4KnyJ2n?T;;QA z+#g&Y$w7bA-zD;;J>nKo4^ZOWUd-l0f67pM7JWAOhG z_m@#wh3&UDEG5z)-5`y$bceLk-6h?K(jna?DcxPtjdXW+NOw2SiTAzt{_po4&*$fp z0~lOhthKJS&U4P+oX6U`eAS}xtEBFr4ONVum0{xBcJ&mp4yv$GX_vVjq^#PB6KD>r z`N>HhQH@~~;l(PJKp2;wVFp5UTQO?R!nh341z z&NoWwOH@c4@8rv8{UC(8-oC{p2z}br24^LZN{5zRg0_|?`g4iT(RS;@#Ob)jicC{R1cMvKaox}saz^4_>< z?tW9?#$wlikKNyAOC?riBfosQywYN?De+p|P68!2#GpG;+6AtD=nZ~OBn!4lTu)v; z!k~}o-1N;L|E?pr)>DU(jQEZ85!x-QkoHnGWJ*e*&dJradXkunFMEhRCy9E1>$)GQ z;r~;CE?23`%XlaWQ;);HO9RA}_YJ`#`i`3^FDf$%YZ0gTl4Acw0(XKOBx9}RuJ>x# zn{q%uxrkkf>)bQ>X5hHG$+ueDu~qU#{mm>pM4wRA;XYXwI^Zh8*Iv@6Rk-@i5yBa&GpONcG}gk;;zV;7s!5RqF}i zxr93LN@v~BsZL{xKYdpUnkva1!q8cW6*QbB^+S3eGwvXPvNB;J>*%Q9lDEUh8k#Cp z!&eIZPDGL`?DY(VilS<=TxvG9)avK}PI3i`3%tWtZwCCdr3zON)dfRwQiH>Y^@FTm zl!EQpf=Z_MyyBbr(R%;|L#YX$MVgn4HGp? zD3g$m`csB80)UXJ+7GN7h8|f_=>2XYGV!Ms-MnHhsJQn17E)zIAuEv^fQ-3J!2L0J zoH7<$odRBFIE@^AbR}ffr+55c8U9?&NnvimwS3!Jy?FE!v(@JoAOsGgDd(Cs6yWwD2+}rP7Z;9jZlpx++F6z&3ew=|7ygN12t+~XX?d(m* zsVM5#reK={R>$DTIyhb|Tq<^*&1HS;l? zk`4tzO}Rn7y!OwGUoU>7e!P+3G2Z!!+DHE%;hDjH7N!_l4}*)%4B8Fp;t@no{_T%6 z)+M+wm?0fZ-y^4MtTZ2o-HUPW;ffjkLlp#nqj&@)sP-CgTaLK(KNnc+7k2lxs8__+ z2eJA`jsNcDBEB8AXmiLjiF_QT>k*NqJ%3kQXr`DzW(H2qn_!=c))y}v^$GfB-+<;! zrSMNzkO5STlFNA#R-1sepvUFJiZ&+x7Q6KCCxkC^QeY|HON!cYp3&$Rv-m8Sdh7HH z{>{zGyEI?HO|W3d-#uc3Dme-&+^XGdn3u0x*`v-W4w z(p}lh4}Ix%enu{A;&XY1FDO9gtR-?t0dO^nZuI@SKeLSG@2wC^vbmArlI&cF9Ky5s^fM-V^2d#NQ^Db^MABxHUFY zVhB2=x>c5N4B9Q0Nw87(6*%D)#0#TE^+vZWN(D;lBR)I1g~kl(6`wFO=Zeo+fUr`H zV>wZY+4AsCK&3>xq&f7`d}bAU5Pj#tUkO;9k*fIC&Jm1eferO__ zBeoyDUjT~D8v#f}nNv3?BLxUl9e#+2i53#3`nZ)l>wRx^k9NW*ylzKG>#Nu6?`1b~ z6iqH#*@({@x62f7QLW&doST)dDW3n%2f(~R3)B~qzYDYlPj)f_XJ6t-9m-(7<;V|I zWAkAGU8FYCxO*nM8P4}tB}C_W%lQGDo$5ld=dZ@2shRr;1Z5~HB!Xt?3Z*DQjz0QF z5q8-3g+oq7%i9{Rv!$>0CEtJG|)^MVnBl5eSsM$rxif#>V5+;b_?AJO8)9>eX5Sbb{#@ouK;tyA2=;kw~HH!6;%C zt&v||nPcoG8*FAQ@Sz1>xuAVn1VWN87X&QD5qyp!&8sjkG}nj1pDhYHUFme;4I9QX z>w>DS?sKr7n&>?!?q9{_dZMfVMhadW5g~Xy;Gc#8_?Ha65Rr|qI2wBx9T3|i$s$K? z#Ot}CVgKRo0{x*m(G|2DVGj$1MQQGMCqIb{iW^ZVT6A9x_sb`I%+Yb!LkR8)F&Wui zQIV+ts-|Takj?*(tcZlBmv5cf8FaEUW=OE?iMq>@JEN$=+4ngNNt*&U7`zFz&t61= z!7a0UGTilrVVDV=tlgqfH^bLRL`#hkjkVTf9t0-jj*?G(FeRZ+f3@HEQb2%aMAhSH^29=4 z0$FTU1P@s=Qs{T7UT-=BO&G*6fL-`zmJlNNql)m~&q&+3Mwe>;E*o&Ab3w>_K@+Ke zOK8CDHu;sGR3N$v12PSObL)AhG0p!`Fa2NHSR0j=nmW|~{rK-Y!hma&Lz^`Cr}q6{ z3M%;G6WlExRitue&yR5=(r( z)^m+{{qnNjJEC6a{oP8p0pZBuwzglDj-vx`np+^Q9BaTjdEcea^xr!{lkr+VsV>wg zq=UR5(16cy%1 z&sc@1DtD7Z%C|uM=PyB}h7cj(=IRmZuQC@i{qG@?L&JC_O1dq;ssnI>&aC8sRo*~m z<;(FK^P~{yz01)bHtM>1xv48a9@^9himq=i(Knj!cfA?}Qfs61DsAAPcKBz}-a?5H8GXEmSSfj7` z!YGOVAP>5*Dc*DtKf3&x1xvollrGzv23h)KGqnG`MIw@<-SfSXpnLi6Qg!`Nv~q zWYj!7#M6D(%3?Vy95a%1(s(>L|CEqGdFu)Ce46HHzdhR$UFLO08<6ap_04kTbr1ev zGLo(ql^KXR(7Gz%c?!8)^lO&4{#@@dH|#{^50!HN&jvxkE6ce^7E!5*-tdQG>hWC3 zkc-{P)-&U8VoS3gs|Vp;clQyrJ+V;-tjt;gftE+nFx z>Bia`1S2D(8z8f8K=N4F4eAm6vu9Xiv+@*^&hPPn1B*<+bU9Y4&GU6<6oNu3f3{T6 zvi%2))5)rL%bH0H@VNC)R@cHp?SAPH|>45;X$~{n0V6Yf<4rEaQPKDqHj|p$f z3P0nAfW02V*z&4Jk`zGlpB}jcH&9Dg9q*p*k1Nb3D2)aaqbmmokK1LztCumCjoWwe2BEJR`l)i0}Xr_QMF z?F*?2N(tcC)HQ9sT_0&*9Ly<(Y#z7VBZE_qJbI!yFXsf+ycJx7hCT)$ z-|-+ex}3_mZqTw9|LRvn#tm@nj-UKR>IR-RNdSW3{|}giJi$^*Gh(_AIB> z11!SA02pI{I7>iU9BE6j`{9pKdk88!EPgv$Wz3tlB)_wxR@71q=R z$asT^AH+kpTA%Ku5gJ~w+ObSghI_qvGHLNUdgoDKqoqt_|Oh zb?DEiJ!VQYVT0{ivh%{9pC7LlY&5bR@E1;!>rq6%sLcVL;({&vd&IJ&1(u4{?02BU z+HUruY1P@b&u18EV^I88?^f0~xtzMXE=(JcB}nyrb0V72>lk;4W8Kd`t7__Dm_@C? zMUPJoc<|SZ!HD3-^}$#rwJR|w!_sg_mpf#+1Yp@(XX14|f`C%I0f0VA8=|ym*#ssb*P0!^ zy_MG1t4)Q##)gLVg0oi>9n*DohVC~@jof z2$)@Ngf0W;`gP zO4+44==fRVLN9l&^8${T^{A zA|#%1_i(C6r6YqZ;PP`pMF)TcS3DQIo>G6VaYBP`5&v>AoFKt=>Wh1lDqkV9u__}uTR_z`UuK}U%^06@|^64?spD z)2J^xE?{Dxx`8H}X0kVQx%&lR1hM|r77Q2GO4g=k@X($%Ncv%W|E)EE-blJ#VruSyF=3>%DjCaMmuBo|0b40XVU8u z;{HM{7lFi9@(u=K!Kkz7R>w#Jzt8Y_qwQ{Hi@N*C354-TS_lJSY@YrF=O}_mg~-N` z`ACcVMc8e&9r`HHM=9QT_M|>~$nMd+Rw-2v!&5HWcTX!MVD|SMm%?Jqfay7M_pn-_ zW_$}1zs5HiM)y>%*G+~=nV{v&g=8pjxj)&#Nc-t3$nS({9_JXq+|#132l*oLW96QB zZCX%M2IepK<*F6H)aSDR{%vBfoUY#|`+iXY6*+c}ltV(D*jy9GiX=Bot*q0I7;( zotYXLH(2r*v&%3~CZ*~m(9yxOXhkV9=6P8(f#ObMP0lzv{7w7ksCJrzH&NMKL|tWqMSuGk~C_1@Xb90_#J+ikE40S8jhw#=NP!r-!A8s z5%29FqVsJ>!TnYL*xP-!!h%XmI)17#{=FjBRMCxJD7*D2s)#3Usf~*In>>U1v-E&s zl}kL%Lik}h@;JtQa{{a*qN8*#!$9JAngg6C)#1xlcFV;qX^v#M3UogLyRc7RQ|IGjV6u~~d`r9~T8=2f&3qW}hz{AzixFask)*~K@RtFHyX^+Ucrd(0f#cLIf97%4%}XE&{NBT$^BG_W zdMkg?4s&a^q8n?TUOvPn=d8qaHrq{b|;(pB&g`wI;8e8 z8(gU}>NPK9#qwt!beo%vKjg&H013#j+`GGkh!w4m=W2*+Y^AV#U39a5u=%r62rydCHV*lALX**d0%k@FhiRr9aH7o!Le|;eOb?@^YQR!&%puQOC(?4>p0G-{nlANkJVRuR3luStwUmQ z;`R)HmFd6L4dygt4rXMh`C{DslK1~|`AVq40YuxXM z;h5~-PF>e|qLS4>n>Uwk=PBY9<0?l`5*DDt>mrAgAtw87BxoYEoQ0;0@LZe*xzC?S zF<9IM2MNuhWTkET)ElZJ^7hfdiK-)(Y~ZGO?OOcb%{-%ist@Lc|Lxy>nmjha3Yz+m z6*T1?vsb@k6ELJX0Gu+b7kKRcu6M`RYYDA4k&KGnY6(%sAxdJY39s9YBO;HeHz$}I zr#rd%A6#Vp4V+qunKN- zMZ_md6DRVA38TeSBQ8W2R|BLz-Z$8y^ZaWla)DWsW$7TFa7GU5id?8`$%#e4q5PfS#?3)F!nxc48r zO`V%VuQIF*Thc1r_9kiEm%>KQi1^-|V244DJya`9aqhRY%c7Rb%TI{(-_tt~)+W~e ztz0QHxLBnyG4uSFmaespz845G;a`S0!+WTWlocjfhbv!fs=asM8*^48NO3kD9zOk( z`F>Xft@2PmXRGKlgDMk^kA$`z-Y=O1)}XEDe3o_)jWO zz|{9CiBy#I9G=VSHJ>CMUdJx=TS|$1_}L3F6=j9i1rF`6n!#Df+C2IzS4+7~4fiNV zSs-|1I+mSSkYZi@G?}l9pE3`7B(!-|n$nP9Pf$;MZ?RlceRXiTb5}AJ+xk5?VDHjA zOV0ZT4x6Q~nWpKmpFY^A%l=7nwD^3`P^2Z{Kg6OH+x3OLSS#zE(uBoejo2keDxTU; z=n>ZR^$Yg_=?qBrT)Rn2In|1tVuW>8n;8uR`*XV_JP);1wbVKRq2Y&HIu7@76PKbJ zLZ&}>K6{~mf;rAG6ymy1nZFMwsg73C^F>?Q?1r(-%YS6Sh>Ix>=p1Yg6LTeNon|4J z($I84!R#Z*MT$8f^I%*i6mYVFqg5KoPWk=$zVIwSo{mj)JUG?StOi@a;%*j}oQ*MHFV z?fI5;+J2=08~57FwqkUMh0gytEj^G7Dco6k-YlN^n6@bDWYCaQt2sv*IJlT`l#tAH zW>UInK(jXR&3MX&V*V61B{h*JZF7cLAtFLDoXQRbc$C+SHjICFrS&e=ni4m|jMP>n zH2Ksx%Mgd^PmC}98ss_ti2LB--G2c%el00mFogq3aP=cK>&}<{isY4uW&ub&v=`dye+XBEQluN`?~&?tV49nibv z<+S73zRberq{VCY9=v5u8|0@=HTjr|{(g*wSDnrUO%4LdRsl`}svlDP_!VQxgAtt~ zX^yu#?_ajfmV=Is3fLR`_y25;I~M@Ug17N5?v>w0nPE3*=Z4=MdT;DhIXNHssmvQM2t4n1(J*mNGNNe^|HP;BdF8oh|6xam7!SN4H4$2A+Vy<1J zkYvF;B1Czx0=bVG3BYO7>tN!>{Ck((Z%)K0qmr<^{{zV@ip~B{Nd6)ir$2TFb)sGO zi_I^hDntg2mo+dwV`FmF%WsohKsz~f{IAM^7sAjHuDA6<{(8PY@!xs==Pvxm1R;SI z76l)rd|OGwf7jv5@BeRjev$%krvK;H{)D#iC`Wc*A8IyTUMe5A(88YbEw`d%=ei~k zDs%tG#6p5h-e=0~7x?yPn?{op8Xvq7t)4Lftu)mqtFQOGc0-y-xtw+#q$|y z*E((T2xQwiJszCA_?;%I9kyi_8^5Expp5`Gsc_s^0W}ODTTA#OuOEgbbfJEEVPQcn zXT@Dvo~YCl#Oqrxy8~=mZeR0yIL!fdm~Ei#&J*-50Q5EhNQbK+>*jPWw&W)!k6<$` zkMS#61qVI-joUpkjwh;9slxBD6NU5dF7N{;6)j=+wz^kq1Ooj3>qhf`{L~*5wzqqj z$-M5gf;{j)fPJyi-T~`$^}v-ol zHUdz$#N!#XmAVuisW8I7fpQq&b&z`1@z|~V^7D(XfS)s4&9fpBa$^8Qe)qYgct(s~JemZ@c~;0~*W8hzlKXpo=f zK7p>r%Nh1!0i`09&#JJC)fVxsr5u*CUT(K%q|#WI)XzS4mJ78uJwU&d%MwGPFCA?5 zzwodhywU^o^;GH*y=ILbh=HnAn`43!lOS-Q=Q~cUj6;n;cp1%jquy>q%-4CO!*X<7 zJ`nB%drUltN7e;ps`0kSgF)}pm(>T6Rv;e_HzCF2{<8=qJPk#71 z`{njh0Zm&M*TI9C_WOAi!V`8Gu(0;qgMOj7EJ@Rhx^+13vFO|Vl`Z5e++gG|k`M-5 zuaDPeXj*^G5B%vtQ>!$BZcr-AGR^L>=>JJWt&sgjDxM(> zm@#**E-kLt*8dX%S8;X#SyIq5bptx>w|)8;oE}Xz^b1#itj)@00fZ} zbYZLWbw_Q^PZ`DiWLOnv6GkBE%C}zMOPn>!t%UDSZ|`i1}y2N(o@DwIaMx zAP_g4cE{Kc0$qALj#10_B1U?DfJTDdWBi3kh-T0*eGVb=cz0PHFg+_!{#54Okbvn^{`#gc@!p z+!u#cn1l)PRC!q}Q6Z18|6$Ua&1$I}OZ zWcLn}(nLQhgBsg z4GFanbACnD1$EM;%I`B5uK8@&qIDDWw~3a@zxoy0pR^MRc!V~D;jce*A!wLBG8=O5 zaaj49J6h<^=IcHL=^GNaOvJb-E#(LJ@wr^Q0siJkU^qj4?QtADZp;#PZfwiz@_K-3(rCv!R3GP_O&sG&GO{0XewEdlk?!>m;?0@rW)AMFdom;oX#&6`?P_N zaL5LzAHxS>ovg0tu^AADsM3Qs7s#^GJH{Aui=q*Q^BXWpbIO-1@7Cv|>sNk;UpTkGt*=ThFH!?ED$pcHZ_C&abn#x(%V+xTCIJq7$KwN#nmhDB z!AyGqyj!}UP~UU>&XRV$eU7oLEbEM&rtM2R94N^V5nxqoa$=S$Sb6QgU{A;DA;4wa z!I_u$>lZ%3l+oXZqf?g;A3>(cbNX|y*G!~A%%l9lOFf6i&Tk>TM>~9C)Ds?AW?qYF zx@_tA@S?6v5{NC-q}FlrSI9*sf=JjY3Y{+Vs5=P56xEKo8maZIQ^>W-@IA16V@>sCi9Z-o z|4`wwr1AAJ_XA}(5$v(*vIeSx?-^y4Nh`n0+f5pDstl{5>4XoSL`O@lHU!+G*DtPR zTVy+RX_JxX13PYkVvbnZll!R>rc~eaE%t1=bBvj8ut9Jh$a}XP+&WZz>)^gPm?msR zB=mRK9$AZL&iZ6Egzb^WjtNA5Cf&=i0Sr%8cy4Lw7?242Qnd!_667=iOmr*yY&A}Q zF&o7f4}dE0o;mNOH0lP}y_esfGEmb4!v92Yth-(xO)XHvzby)QC8m3!Gv?FbxFx1v z<8o;}nk9-RAxkM5q7Q1TCUibyHwn#$ZMK@e8CVJf;eV0bB*3WhYCN@imp4Xu5PVefQ)`60PPNU@la& zR5C5@OH-&LpQVi?;+Kp4-V$mztaYwX{gfc^J0c++zs;IpS-leLpIn`xWlK9P}iWuMCLfCrj6 zIzUF<_WX+8=u;X5&$r|8eS_}MAh!LP4E^T2-gu6*TnjTrf>Qdr#K70(_1;=L)Cw4kf?_hE$pBV@jB+omR z#Qr!U@}Pw&#d4LmYQRA0%+wQQ5VR0lKHCPak_xKNN!h>T(>=fh1HE1=5b}9AlqySD zBmKb66dEl&JWg$oxN&JjO-U?#GB0Vx zF;y8)bOQ-frXTe)KkBN>K&C=NMyx<_oP`@~*wDk^sYfxu;z|2>RW=$QD%|@$F6(?)W z1Uk-JLnoRJMSOOPgR=Tx@D+55g{&>T*DwG$=(U~yy*;wtL;QMAVHddAkO&7jr1^}z zkAL>+_?7#gt?%YQEu`ebnYCxn5W8>Lplxs!|%%eu+x2@_)^ z>4FtGr=uq~@O~GX5rl|fG)uxKA7}jL3ynU7ZucqyIk3M%(|&=5@lz}oT)!)6bwM0#B7WHZx1`-7P_tsvo`&@HdJAiDS{W{ zx@r`k6--G<$?E<=?tdzl?Cf#DO~~)2hQN(Qk-<#t9HbIz@QrBKnOaW#rV@*KjtcmLg9=fCNJULuO*FDk>O_~VCXsU zeJgEzqnnF_rh!JLez1J*geg4sPgq7h#;3v4U%bwh$azR18_n+bDz3D-66xl~E@+ZIB^*>-!EROihRj`(Si_QW0sn~CJ+4kl19^36ty2(uvZ6bFBY&1t#NZSvV0LU zBuRe3lMN(sy~n9huQ#ChTYX;@*@p$fe7Z+XCr)^k(bqZBaeoe+9WI-KE{?+RIItM{ zv?E1=FjN#uRyBwoUn7lX{+>Z`w>vq>AQ|bIRm)VfW6FzO{)D2u>gT{SZ7GMHC*UNh z)^%A*TUp^Wr!ZNZOC;-Au0SDW0E$vLiwf-z2E`n{7WL7US+xBM0yt zGtQTAw!}XyhkZF8(dy9>aLL&DTxA@0NWYL^lV=heeaLBlP=LuY48Lr#R0q`{Q-YOMd?#h7DJ?TSofy%zlXgs3DH7Fv4884Olv7{_FD5NUX_bt6R1#u3uw7V}n`PHH~&}OVmfb z)3Y3nH$$oHBC>Y+h#NoqXZA0wun*>|J|ny}Y`%33yQ?0nR>Y3&P@Squa`qWos1ZBF zV;jrbug$&e7VbOy@)Gr7f{pGn^^d?S=+JcDkYyzA;QMVfocT*JpXoTN-ly2O7j+`d z6F1y_;XCe9;<6_JJBFR|@)U~u-L7L%tm@a{AGc07I~m9;77Lkd8nvco=Ffn%n{BpX zWG~p|Nx&8}oZYuouK)U+0i_X`EgggGbN8H%uwdJGJ4-{byGy`k3C*F-ww1zX=lLV~ z_R$`%guSvdT8F>|e#l{JHWZU~*Dfci%#i7yN-!T4k!?-|DP9w&E}t3!It<=9yGX2YLi_+zrE4 z#OLZQbz?Llj}@99G<%63q|0tTDB}bhR&=xFKixcTKR+WnVuffxkDLa>`Gut$Gp8&rP^npUbN8b+ZU<>}e)hwx0&~ zK39)1WFK!qGH2gQ@Q|X8K@Y+hd?eNkH@SzVMs0RiZdnu7J9gaPu!`)ldF+4ARlA%i z|DO#p+ZV4dH4kh|Zb_i&-uMOxBHoL8V)?}VD_i%@m+{iUkd}pafTY3U;uGEal-MrJ zT(;8G9Y`t=01x{<-G3U#eE%oOj;-c7YGeA{cctyM|LEq>Q*<8})O`KBEIWO@=+Re| zXtz*YEuD*5Y67X!Q;XUqDNK<-sG%9ENoo0`v}Ufb6x460ev4jE{@7!Pa>4-uowIll zrzG?9m{F&`fuO=x#8(n;?v-~@p*G|7f`(?8YuRYLdb^|7;+v1tcwfIlu$szf}bwmcRwE#oCaMpZGr& z@-p3x|DPI}T>hY}!g)%SsYLB)az#wX4fnIjPwm9Y8X%tux`9tO>iTqERBCTiQLlH* zQMA`1zmixBCe%_inKdAyV*XWz`$oSC@#&H){TPsd%u*ssJtuh{NC7%+44enX{{6Y% zq`f#eNJ~7-YpH0U{#QFO>JVK18}t8W0se;+{&IXk8srx1|4uo0gRv2qwhGEN7q1$> zeh=`94wee|N`~}yoQ6hQVSEW`+yEk)mSX8nTmfxY&R};D=4qwA1K&6xaZb-W?0AFY ze!0W6z`4dM_w?hdkk z5nJNU-nY%HHI@!&;{5T9I)6G`QGSwh`{c}IK!Q=683wptQUAT5uMD)Q%H2mI%bx`P z!Fq>Xp>7G2?Z&0`*H4 z;yZB=yZl=|cQyYn>H&^(V#&~_gEqx?4y|*Slgqjv!3@@r1k>RE&R+TeO#~;DJ)$pI zX|=%qQr_V9?PxIwXq~W1f2+4@t(WjX+pELeHVCed0R))Wg7!tj2DTIalv#cnkh zdK-eZehu|J@vN16a<_GVd~*4Hg)^t2h4*SEZD%{%oHQ@H7bD{aB~yLmw=%E zRmel>-^9T;h>#w_M_0+%(c+am7X?X3YHH{Scg$@L+ip6?{IKOnPc`FGB5Z-)LfQjO zGGK~pi%eBDqv$FH+U&_b<5&B0^o31Bu zPrAN{T%*h9hb9BItxvy#(o~9tGkt?btG}ZxutT?7@~|rNe7#_jSk$TQjL)~9p!_5@ zOu(h{eWt9bb>XebV}yt&bO_076I*#B&oTgF5Wmz7gL!~KhYPj8jBn!HKxCX+yMfhy zdpL~UYJPP*N1CBAT`YROS1b&V6sYmJ2T^3=2Vb7=j|Hl%7N$*UrDJLR*3L}t-% z`WJ41G`#`3CvaFzQSm}{^C`$nF=>^U4y!Ha-qwD^m(4J<97;Ot*WCmq($p%&I3S|# zUHN6;o#)d74(LfRi@0SKIRq8kptj!h42w?93xM7C6DpO-FW0)SF0`r4UNP=qG&GJf zGUvO^@~hgHO};!VD=)=~F9D5p7*y>)i$tH+))tGyLjz2`#KtQL#V>dPKI1)|)O0$re0x7=gm z^|_uFlPAR2`=;N{IM(ORu9F3iaE0z#U6CUr+%+OW23@CSDK5DY(5D+4lZg|v&kHtA z??qm-TFv4RV=@@r)!ARdcYngMVf6;esz?~EvV4}gV~ojVy?j*$KZo0iPWbn+W(QSr zndCRsdoyhFxnt#1MZn$OGlQ%C|P2BZ0$wQSIS40t(dPGX#4oVE_t{-BsIa@!`EGepcGeNgv|(}U zS8r32v{zXnM8P_|&{x`HHPsPJ?@@m*^Z(u}AvoR;-0w5G-8{jboSi-EP^F-zfTgeZ z(^rh7Df&k{F50*vFFP_ZpBBg8+wOlWr^>JfJA$X)j}>UcA`)`GVHG9dwy$$Op|ne6 zwSs?oJk}jd;^{%H)tEA$y;plUd}}n4g!F+@7PCZC=Hk)*l}rl%7ouez$75rn2C8tP z5N%T#o*h z{;s&Zgp(-g+1}m}kRj3jCxPFtay3%v;e#jJW%4rPr1~pA3&aVgJfKHn+f@> z1IrxM?0Q_O5gG!fG`>c{Um)@_N9IWrmm7gWAX*@hH$gV%_X8UkE7GjPQYC zAxXm+eTwPQBS*&WlGaOMLD!#(jE6qoHxbkRq_-KS`kWRFqsz#;U3Ml5B4Bn`#k_1m zAmB1>`Y3@_pr1V*u^Fr(ruxU8{L6)jC7{d4KH8UhhQOTy%IVW17+cw9N)8^HHuHIj zOhGiQR5S|NukLF%!8}os7Ps3_<8qKTu)hCt3%YdHMby*4(1lF74B^?zu5ZuL1m8e7 zt$5^NEK6K-XkY$i{eucg?iQZL<_R&?61Q@CKQiGwT(#?(mZ$Fc4poVJiYd_RnQDlM z6N0ev9jZKPozrfnKv?`nlOnn7(TGxnMiKm%u2RuWbW#^!h_i2YC2Bp@nNygn6j{F^ z8elJ85v)@48Eci*%{m38NK`IYhh&|{tj02l#_ShgxZs0e!59T|s_TO#AHv4(K=kP0 zB*iNgdc=As^ut#omX@u?awQn)7keg1`DND62j+(1Wo4U^(TKc8WSM7g?eUOEW8lkl z5*4y1Z7NWd#NkAfHOwY9o~BbDZE!|VjGM1&wtm2VMqBB0z#ca2zX_5^A}{zkVph7% zkYKaN{ajB*8LY#C70qofMt`_-itf3wSrBt`xW| z{ftF{IiNL-Ey=A&SizZQ?V-8y>>?iw99_ePn0n*CQazOjA%%L$AP4>D z4J7V|CO`0Sts^+Zb#|gxZp!A1Kq-lnYm_LNL+{@DhH5@(8YgkMUMtYs{pnrp@oWvH z9(SK?-W8$z{X_$`W+CEo-$RXvRdg8Qm4&(0c+O|oa5BlvPRiyljqF!$HNUtFjnVBc zAG*$0wdgXAi6x`n!)Ng$B1ngH zr*wmKcMDPy0@7X5jdX+3A>BwzcS(15gLLswS#T)2>qNc4Ln$&}HYje7bAqqDTEw?nOE zh+A9+^CH3`)%)}GIW?qD2H8(T-v*GGZyHBlh6@SZAFYsrCs>y;p2?*2sx&eEIE7dU z#(?I_OZf*L=P2b_Y<|;zIN9Nbc(Rd+cv@Ln8pT^f-8&&t;z)s|#^w(6#I-9~HzhF7 z(szRZZPVr&MwJRT_XY!r@7?6kaM2V^cgtaO1fys(*m6`NTJ^B{{qJQ{d1m6>HTD&_ zB}uwJGGhc)o@j4Mu)M$F)W#TK)WM4+Vty0xw80Xgg-T`%gy#~Dj+c9I%`flq?<{u_ zpl4cE`>gDaOgg!Ma$#iViUW6hI*bjjdIIm+2{Wt#r3eO>gnK0Sj;Tn)B=_duRz6vu z&^%kxrB-~tFd98*;(gnWG`DJtmCReJj3P#Dwp{Shsj+1D@Offjy@-A9_G^3giNBR< z==O|&L}(i@cwLX`iB0&jttidm)-Rz@FItRQqZZGspNOrk$TXFuL;SpxF-_3nCg?GP zJP3`V?ZDmj%h@bRf(wrRL&G%!20yKiVON=TuUZB0xB?*E^B@ZGM+hvJxp&?C23tp%M*Ba%7Ccy7h z-w>79Z4SI9>=lyZg}RT1@B?}OOqA>&YOI8_ao&d!=HxP!Q4S`RJI|>Ie{|;4AEc%I zKs9MM!jK=XsD_*U_LEKeD}Jeq&z0(3wTT*` zc_0VcZZGDTs=DiejNr<}AyhIsm!K~6^ z7~3q&bG_*|A=b_$i|<#|XUCDxP>2>d-yR(}ke|$VRsDp{U;4S&f+CfS3ec!+ljqH| zeQNrduv;LDS`Y!7O<}y;eWW68q-DZHjWCSQ;vDgW3y9Q_ifMS&i&!ZB7c;%Cp6x7yY+BNW=zgG4!g&4# zXoWG!ZPAYr?qM41&l&x^%{ppXBC?_(?3=b{<~}yx_(oLE^ti%*k*`%XA$r}byM;rOdcvsr?q75;80kz#kk0Z2G) z=5az9ZUb95T=!Yet7I*7d@({3?i0{s%W%L2Vb?Y(@Ph8RoxI$~9u=2pk1}YIX75OKn_c5wee?TNUc_496PWAaLa$p|R2xPor zLg>!~3Wr2wChV*T5?B&g&5s>Xen8FyH*eWK`s3|nZW`9WA>Mskk()eOE6;S_V_UeO zGEZ0(nV0K5XX2v9{ZFn@8IEu$E7*R|9xn7GG1d8qrm$)cV8>xVglg@m2VKBt6Z%QRAc~J}Bn$E5#iyvNL3=mmjWf+{f z?1qeWhvTw1sXhkW6lP%td*MQ9zYsjL9gCx&0kHjzn3rGQ*EB8b02zb?M?B|jZ1`gl zYOQM`4XwzxwWRVTqr72Jew07fBkx~k7i~xzhs_;tn|P$2;LX7d)@}&z6qMw8;0Kw1 z>|vU_MAeztiXuZsXDc5@#0kon>5vXl zqcH^1b?~{PXwo+AQjlamcM!RT@T39mRH-&cbJ@W!(>ju)9ApKbtDMLwkJsLep#pt| z11L(Bl+-J@5KSZD6gZ=Om<&{c_G+fkEmT@{mBPWPpl??|M2ILjvVK0_yVR^tMK;Mo zQHn57Wh6!x5_u#k!>Q(AYKa3d_{f6f?+8|YWqaDJ{O0Tk zCqRRZA^W@|Z8A~Z+}?d8kP*rERe<9!j_eI2 z1Sztl+eW7JGV@IprDP-wK!(gH<e`r>Zm!=7wihtxOgR>@x4*Nk$Pk5q*`@&(EtpP4+Fc10ToH)px=S zNoA$;J;Z@RT$}D3D5lkt#zD=eLjpYV|EFvJFVeLnP>{e|+Ll9?#N;_5bmy_`c|#}y zQ*y(x&$Yh)hHS^=4bQ`0rLtm`u2n%s-5_z(?dGG~1f3hDe@h z(Omfn^Om;6mhlLPRPL=)mrG7Bu(W(t!6^`ghu_uMbRbEGI(En?cBg{$Y4O+L_^$ai z7>nH$s`_BsA5n|zyXij8&$Gkk;0U7OGBcy!w-%m1%HGn+gRJ;(_GmRc*cS{&zfl{)q}m(!OWn40C)uMv3~^ zsbll87C(y9@4Cb^#~n6Halzc66xU{-L5TEdYN?yacp7=UL>rC2R4t5i%y2dLbzvkh zdD-tTv{!!>@Dqc1`~NOY8}omkrUmPshN@WiYkCy5+f#Xo1ZMJC&&kQA2+iba8%C!V zfjiQ~Qekn#Bxg@5GTXcLAmh3G=fPiTzF0Q8f|5Va+73U8XlYMP!=bsyTdTZ#6D_-Y z(Cey>W7 z=S%IeNxC1~Nu>j9-5e&f==KLQ2!vnhy}Rg=boVYSE|@fHU0(3sUI_NSGEgj)6!u)J zxG7REMU+y0<14pNkF%d&n#NGz@op^C;>^#+c&awjWQh8ZN35_SZSp?!Mi%$G@yxsJ zh2~OsOO>XzV-Qg;Cahj5Bgtw!2_+tmUuAUL3w_kFyPd|)Uj>KBfU{3OcmLCntv~hh zYsyFUQyQ&&9_pzA%OA^ERQ+p-jHP0Y@{GOjF)G!zqHeR5Odt$m zfR+@Z_!b0+3}?ui*~udlCiZBoTFQK=w&(;nONMFHEMci+=_iD%A7i6bZ#)wz2wd<3 zV%tG^VU(st>LCM|ZFPrH=Mk@wVIAqkd*e z9fJXCpey)~##k+PBKj1|G+%_`GU1#>kP6z6^G&(03torwhTw#Iiq;FQv>yN(vwaA6 zawUYIaU{EaOYMFP$9$$~V%@XqBY{ehc97gY*T?M^!E~zC;i&c~z&$^Cw2{+1A8#=$ zHV2uIPOAzg7|-7}buQ5hUKGtR>Ypf&)NP0?F}z$J-%(m_cg;Om2&FJw-7d>hs;G`! z`0vE*LtI4Y#eX4YBlJH}+`o8zR%{%qEIzP0}vkeJS49@N=Ld#cI&t?n#@s$T!Oc;x0Q zl~R{6R{l9@ZN|5euRk=wl@a#s2dEAdL+h=5prh!ZluKsRX#d~5Y>-|sI#tU9-SzK^ zp-503({Sc7nmubA8Y^mmf%+=P22Zm58oIkkSOuz$77~*|OJsyZR5P4k z^kn^^e;vnO5_$`7eY@GA(3Us*`z%+`=Y!!zmzGFzP-JP*w(RJOwR z98eJ!fUSL|gNPgY;C_<<8t|s+H}YV49B%%wwUx{&OJoECIBZODVC?kL_2Qs4e4##) z;Zi^Otuv(W4V{P&6l@grdsATv4)fVSJ<(vj#;ZIwi*YRSkk=dz0q|IUkM}kL7d|J# zH}*Ryoiwka;nd|)sK54JvWneU8xBOjC{C(jG^l8bdEvTn#qdtp^`OmJ2AdxR6fb{0 z;T$-he{m|SwZ-q)Au=M}CG_r6afM{Fow-~7E-WTjZnfLWQ{d!NuWS`-z7npG+dCL$ zN#-D%=ng$AvXiBaKDCqk8so9@s#*$&16q-ky(^U)_)XCkzL6W-MydmFk^IHlPRP_w z4t&s?n4J)cMk1-5=RW8{|B$gBCG(CsOWsO?VQ6b0**DJ{hOfPxft1V^#D+2FB#;GL zHJ*QKe5ySml1qMj1w{6dWAkYjw03RI>OuqDY+-IYt?c@p!CwF|uRi0Cp33jJXnc|( z9$_i($YWz3v3@+BuM|G>F!&dF%b-)D-Dq0$tf)u0}AC{*N?lW5%mta&Q!fdvP>TwVng&0CD9}u^=)bQoKh9Kjtjmt z1(4|;HeRN}J`?_%%ncorVNC(KZo1AlSfjsLb%kbZG}b}koIfL1v~VJ2Ko(;lf~;X} z_RD*8s?b=e;+(%(#ckj1H}A=?WZz%gYrxGrUBnRREWQsbe1`WEN@jXPP2*{976yRS za3ddAowdIJ#)x(C{RX9VQizifJneUe>2usEkeTRMlqEn2V!`xwHC{v3KjKx1lckPB zs+6ep791Q(?Bi6qB#F3Aq+7awLLK9k230g4QxZufjl#`mqBJT^&`qcFHf%6VD+YhH zy8)h12E&~|9?qGxHyDqzT(W}T_j4T5s!-NO``A-VdaUx@_^#7&DhrLKJ=ABEf^KtN zhl6(3MeVh6*c>CsQ5M`aAv^mpSu#MPFD^Ze?PnJ1CfxZlyc@WBKi4!6!Fla<$;s&8obaU-yex@pA@%D zx0SQsKSzs%w|=5UHQ8wFk1{L(L4#ceBk-r45U?b^CwTzq33LdxsQdP$vycVttT)F| zhnTC;7QS3ZeI9NgZb6ZQ0!N%;p(fUH!HV(CC|w_5d}PR~!YRhtOah%V=3By>Kn6lt zhFgyr!ffeS5%%L9xPni}7Qfg>=$U^0;v5-N6O@1)llu?a7q8EcDn_OS6Ez4hzEMMl zYm{nrpQzBbJ8Xn?ERkA?*vZ7f{HPn452Gj@Ek9voh=*+)F_8-HV^nF+>*@XqH8GSB z?bM8Eig=0mpnHNHpPhEapb@P`Qg^UeqbgBK7oDHWv^kWtw0zZmVqk~|Tv64xHX8ft z-TfKYlC-k}E14E+s}C{oi)&JEJ^wq|+bX~gZ$Fmx9p9;c`dCu8rMna)W65$X&5Xu@!#{s5~1S4!zjOTt$jR ziUF~;&aeQIFQ9iR&hmjk4d2L=H<>F(eG3q?#yuFBp`#5YA|tCAQQT(bS`+#>kBV3y zzuapoeFOe(n zQJ~(iP_B43{te1IY{sp*FFN)3q-?s^pI9!ci}_dt?ZxD=%vj^eVoUtUK6NaAH%yA! zbubI^XJ|S;)~sIb#tg35-waFA>zGzV?J+=UXlzidw#SY|$>_H;J%&ca_DekH7mV#u z>?l1WWi7bOKi&abI6et#Y=JF1ripB<-}r%paQNKhZ%cFzkoZKVhPZoi`Z?n5ij&-C zw-c*Q1ro@n@vM>$Io2}vQ`bm+9cAM^qY(kubC~NmE&^0h9&~q7l)hk zRbF_mTOwOm@ar*TEcp%1ji|g6VqihoGAu3mrEW5xNRkPKTNc&$VOa$~{8JaTI6qV3 z66ehqb>~zG$kT1B9W0T~F|7RKHEqvu!+I6|l5p1JFw)i!kouOAn))F*Jqcbvv<8Ph zRH}!sRo>_mNah#1s3a^C7}S9DfSW`EB)wc?Sm5VDjB%!-2YjCm2S?t;nK!dJ~tZ2w^TQw)0%)A||er~xV7%$3qJCed8tLx!BwNha7g__zDExd{rTb^ot&dM+E+^SC6&Gii_ zTR+j^AYVtE1Q*M;pS{r!OZ&1mJgYbLrEK|4aG>}NtLRdVt`MCpNNZ?mQ2K1+-!0S+`!0!9SIHjbO^ z$id=ckKu>d(U%$T&&WnLf|4N2ZqO?x3~=u(!U(xbq~Y-7Elg5LjzG@3&s71+%eEe)p;WDP{ta&_*AdL3AlXBIn!ojMMLxVXn|@*0L41!nLDz651Ks_(`)jbdXJ^e z2#H5w)wUC+P6Tc>I7BJYyurjAOcnmU z%@oBbsTbF@o;o|iBf9KB^h7nK7rFmMeEOrLKN_JrM+Vt!(bK2Z2d)J~taytMyHk5x z{v|q8fPxewioW_K9@k=UW+op^gre6S{< z^&9O zq7=XzjVE^>CP1P)Cwf7p`nO>AU%yBDN%^URI}Xx##J$!dleTU3y>jJA6YNyutxK~c zqEc~gtqQKblGO=Gj{Q%9TKmP*CtnoI=8!D=J?mZ3zb@j(d=3}h-PXyiy*Zm7UmHpS z#bjX4&+2wdFO^#x@g}-}Y~=O3#GI%9`4jd1*9jekc_RpKB2vXG+5!t9ZTC~IXJz^R zIN4UGA?w?5KOF;nbU6=0+(pv}1+}Cb3XSalJOUVXC{_vCp4I$fDoA=1r%;LbTO-<} zp!`TaeN&vkwT5OrZ-<3m5XO4Eb=<6JsMBooJgLS4B7%V?vn!%g6>hW9oJF_p;d^_) zNWJG02VVdvS^TcG74EdYciYvS@%&#W3XEL?zy|iHCWk9iA<%0{f4Ru`1!2hZj9mFi zvX+NQfqlGc+oJZmgZ0w`tt0jB&rWw&okAhsXvM(veC=wi5{Ina9moyBM|*{{kMZ8lY^d)dTWT1lun%{3HZ*6R7seB#g9YIp?%+Gp?63oNK1 z5n&?5u6qfWFgcTjsfe`gKiZPdG0BY^iJYiwRj&l2c7$T1T^=m_iJGnK5x=;|)6zH_ zn7Y`DB{6~*$|mcZM8p?%srbGl{yp$na$<8}4mDb2e)#w*4DJkiVV ziPCX8RJ{wT^I_f+A1QCAP!15E?yf_P28XPwm%(T`E!XBmIV?z?8IPcFtC-V%IL>S) z!S!4S1k$rsnqQ}m0;(n2f|q=a3I%$c%B3H0V{+v?V<fFIZZ&L?Tz&J}?*-j%X1vukP0pd<^X17r&Q60M?lfp}##AA1~H=shBA#PU7L=VZ4-$1{~(TW$ohMg_ElNpUI_J zunaVKKJp0#2r^Dc`yl!tS`>#Nd~TRy$LCM%O#ZdCOr5= zT|{io{&hC1QS|GqMn}8Nj*bz1MItM{`8s!L*5sG650m?IvUBy92kcX>7yF{SZ5BMO3Gtywb@+9Vk>vGL-#RdRXk5ZUyNw_LtslDu_X9Q^Uy@>m zNNeUW>*z2%YTL3 zr#f31=$ZD`yS+O+-Q_FwMFFLJS{v0hJi3rD^ZOzR#Y*GRe&eMgq4Bq$QEb1_Nvl+X zxZcP-_vS}KgCu>BrxOJfcXp}7?k;43goNHENjX1s&bGg39yS^6UYVWEhyn@avG$;& zA^>K@G|pvqmvS+unUU>@69uH=7kE!PKpa?NP|xUlTrZPIMzz`%7NW+apU|*9k_lHk z;Jfs2SwAwZs1H~O&fl{Zq=7OF@eIu-j=sj~NoIm2<+JQ(ii4WIvR=}t4Hye&Z&g&l4mSuZTcA6!hG`J{|Arcf?d$7Y|B$HUk zG-iLkci0s5xv}-+APayuG2iJQqGK1#) zy{?Cn>#J#4URvTo$!MA`8HhJA?>>!nwgRBtI9^>ocPxCe)%;I<`x zGiMEXX=RAgDW|7X$q@>hBG3`%+-Wx0!-l%d8GYn$NZWHKlZqdv&Jh2P^YIY|?EQV{ ze#%{*11&&ZDBcbgR?u15-AZmshv)SYIZ=}c{f1GIF(Sv^DbEshH&;;~I}a?I=X<`A zP@5PE5=9@8uC)F#H{b_E7$M2mefG6oJpAL}eCd(m_jK|0ER5iCb;!0zd;d>!;ri8s z*kv&|BH=SzHx3H8s$l9=U#baA9#3OMQ8>rh_>}0g9QibYCA#}oxzJay6z?u>4@F$x z?9LjseXgw`z2qRH06rI1zw4BmrRv}YYqEUT4?pnujA1;~n-P~Jk_Lrrr_$BY&^r8^ z!dYj+P)Plm*2q*?aq-z*{D=)$Z#TXXD;dhL47}Cv6WO}vyxiKUGw~H$eY|=OWXAfC zH}G)+f{G;KOz+=XL7(Y*rIAUZl7eDPvHI=(;zI;p-2&%-_HP1CV0WzNq@$anlPBO6 zu}-DOS1rz*o%5s3ZP`)r<1veAQl#(*BbTRI_r=>o7aT)*9%ACy0wH8cxq_g>?`s!m z{W)SwqOk2}{W4#t&t2!Zt4C;c&1}$rO^L7t-2HkFOUCc)QCOm3I1_YW@tE;o-jSZE6&9C?=jy%U*04B{z)K3TB9-+3vHf8; zvN+f}?aZqmOmrPUjOUn9idb6kp)M_Jo{9pPbdp~;Mwi)$ovbv%Skocv4F@@MZ0p5%Wpy7If9Uz3_H$>W8j zYOWK%!!*DGh~BmJ1kp=f4va3D*N$orNcmh2WFNG1EDk6SZ^=+M@x#15xP32JGtoj>vt!f$Uu_sUU2AwN_YfF#T?D%P`cKYL~Dr zrn2s*5ztD9O*oJ~iIB%5>#`>Ckx*3)jYfGjHIobVfMHS~MO2%G0Jt*3 z45XXH3yhlgA_)1v1?JT3=X4M1kC^@YHiBt{0TwAtSTw&Pvp_)h)-Q4~Bf2T~2;IXLe*j#5&k$>cXjipNKM=Zw7kOUc(ONxY8nslJHXf30rI z=R`-;Fd1A)4XIUQ+D|I|04Bq0B-Hku?pXN|BSP)MH;|<`-ZG;Q{6Bm~Mujd)Q>u~1 z-V0Ge(%k?gl0uW2`R+-JLnK6$&KHQHm*5cn&(;1f(2@=V6$-$B7t<)}fBBvW48Ue$ zfd-S3VEXVMpZN>#FhcJ7Vlj$o2%$KcK)Icwf6*yPKjgd`#W#DhI3gFI9C7`?U%ajM z+hy8a{u^=uuO--6OuFouFFhU4G_wlJ74_`)gqllb_2WP>ekt*In5%ihl{DZ*$0bmh;pO!b6Y_5O4?NE&jbCZIk+ z#ODiLyuY389?e#D#N$7%xu4~#b>91y5SNygCaD1|N=+Ybd?n|a>|Q?9-=)20mFNat z+llOm1YGD@E`oG!C*zW5*uzNp^`EO%wQl={HeG-p#pb>X0oeO6h?x+LWcKl!ykp|< z`}!tpa{66&TUz;xq;HP_M-7ULlWIMkB4m@;(2}an*)Kc5U(#~hu6TuSciy=AwzlhE zh)lpqSb!~X#X{79?>h!WY2KngmRJxfc?(lHe9$Uq{+c8-B7P_sa}$03J^j=1kif0v zmS`xTmdW;ru_ILSFlV_B$XFP4chURfSziDj?JEyqIkr-*X8(oTi)kgt{lzdKy`Cv8 zj#0{$|9*?v_`_tM%gNbU_bBi?1&u?&_)p^X-N6O!Cm+Gh1{=?$fz5Ky~NL@nvFi*!Y{vn4%6sK<49|b{Q>=Q z?nMaZN=ebB5uHY2bqZ6J{5nE1lml(4DLrUQe?D~+_qq^;*TtS2)f04jTe`cf)_>7i z8*P5nTgAXHS3Nd0W4F~`=Dx??lT3xS+8q+GgO*EV6plyGy-IxwQn22- zZ&nr-F~(gKY`!aSg5^Q6voM{+H(2mL@A*bf1MC_`@(;Sl9GguVq)Wu8!qIKO=r(=I zpj~I&lfx_c@8h!$6^#I?hnuG4EkGIR;}XV?Git;TaCRE z?fWKFKZtMhyOjTaqK4iWgUeylUb#T=wP;@~YfdZ~Br*A-_F|qwHQs2S@B?9hMNURB zcV%Y{znj(JDhL5wo{qrdHXU`lcVjZWQyWp46agNf-y6yDngi~>kqU#Z9r229R7%h# znCAzg66XQPUfV2Aif1&4&ad%UgVwkF)nqzZ>If62C-`SS0k)mN( z0!Hww5&i1>N`=~$5-4}H3@EfKiBI-MV8i=Je$7n*@Dak^1jp5#^Bse$c2GuV*kr=y z{D0ij|Juy>2`$f7nY{%w{PL#LaAKnUdVA)ac>RC~p#XM^GQD$ZfJMhX3ZV_q2xZ`H zEcL}5AFT+ldprtPS}wMI3M1qc>rrzS=5js1g?w>}i99g%DN7<1GR4)t9kdVQCoygT za1-@%m+eWjF&r9$bWWy9Oog}g)l4;tOi^#lyu{Hifv=cP0?ODU=^P&yTeIO)5L3Iw z!o1-(ldpDsb&0pYY+$q9qdSjTjC$M?!;J*~JDY)M;t^~VAqab(!5(^$N&Gr|3S-i` z+MqA@SovWjVsvV1Dr@M@v^ugp8_e|Cy27x+0wM@9K#dT^(6Rg}g>01kjVFhZ+?WcG zV92t&Z*9|XeC~Jy%2Kgey|eOZzfjcDs1%D_GjA}O?b?e(d!`jo{l%hm<#7_owEEehLxOO4EQ7P*r)K018EMw=qodi}xJm75AGXw#0uW7Fz zJ_rl(2ny^=KM5bA;CIGwnSY4f=pNxkJt1S0*$nxCSO`F8=6ee_*SUTDh6A4Gh?hJX&vj3h|l>kgU+p(GUW#TA` z*R7a4zKLw!eS!1u2*u;V10iuo)6Ipo6_D;+&D$e=mKS@L;lCN&>&~7+6o7Y>*kYG8 zry0H1!ihOT$Q;ig#TYw@&D1BlGdO9T_&Ia}5e=<)SUx$>cCfXEJgOIgAMTA z`jeducH8bQ4Xr1Yu0H?Q@nnH^doqicwDlo^>Ey$`yxXPWAOxEwXSorFh~sQOc8vI2wIB^}2vc!2<3PoPVnZsf+w17|*BWC^ljdD8C zs-)K&aor=L5(c)z@e7Yg&~sI%zQI*(60jr^BgOm+lm0($sVBC|NlQIN)lZPft}E1u zqr1LK`FMH7H=YQGn(yb~Ld_JxN(>cM%xAd9h)@`MMkR4PA8;I(@ah!mJof9zH|M+h zb=aJrD@WW;S|6i~e;b=h6jQM2KZ!rb6;``~%qRnjkfZI^;|F!#M%0WN{fPKtrgle~ z^q9dr(hdt7{#xXVU^tk^!!L;sNg9*944ckZ%Jp%#(!`*%0~F@~uOR~E1`Az|1OBjD zk?leF!7dtQV%MnK1T$rm`&PAy|IVZ|LZQ~GLbbBVTA>CIZ~&#*>*rr2xcbV!@{@e- zSKHhW3@eyWctrc~k+|CyO#a$in(jx69HeP=s@j;OhyF}f09^OB{sMNI)>X+|34wtE z1h7BffwU{(&)YQYu8W$mo1OS!{?|X%@rgzC9tl4NFz*z;ZE&G9Ro65$c<8#y^Z;Y$HEWM#sdq~hfeUloMPt}(2^JfxNz$g=WRq( zxt+~Nz-EZ>5bl1O48`#ib+{2l^ZuJ;@+0TK4>&|;>N(?5cM zYAGLzA~;{T`pM$(*Yu{vqAha2`+if%P49PJbF^TL8 zzYXjkneWc2=`W96X-7!uY&*+_dCnbR23Qz=X~wx-7DJIxSsmI=AoZ1<+!|cSS49+J zLH4q$;)rb3&f(g=h27!Ac+H}9GZp2e6}yjtrIvHp@_@+8$1fYp7{wIuiA*V+G!LAq zDD8{APiOMb!^9?4KImnHiyY)3Um05?oU9yxV3k1_*_SJh#P;!>Z_n)$Yk&rmryb*e zu`E5P7CCI_Mw2)NxobIcFu_V2N_rx#Zy$Z+&`@!Er{X zKp18X=MTRo%W)p{G|)OlVm|4gbex5Qk*L#5p|7<*8TvfSH zY0SKhJj;jGVPqc4_eCylkp$_JHc09z@iHpc59tP9o2-ypHlG+aK3jr}r~&2up1 z7V5M4+~R!SVRIau7MGi)4&?=QY#EdT{cjG{LC1l6%_dWF^VcNOOVVa;C7bg-{RVo@im^@t+fHg(o1#<^tkfG0IFm2}F-Y}Jyt=pldK07_XEN1;&WV|eNT!XTYW zQT&6?I&utCxdC*L6HraTOX3kRz!@Xff4rD)vA-5dSnmJQ>WZcHt?9e2`ux52eBl^9 zt-N&iA4>};tW87)_=bMlA1ykA?~jEn8^%e1NaYOc=jk#5eKL1MxBNm<;)(7IjV*dd zI0}nM4{^YHka^_WlQp?KNm~pcsNh_74<T@~GULF=K0)HAU?12T7^lNINDx!wedP0Ot$kLn!#@sthvy#{10m`Ka}`mS9{=w_ z&3^!Y5w#~sKAk-k1e|97@%o=PFB5`+{=@Mw&A)k+e+?Z;XrIUe-8gN^hXUlIfds-x z3%X=cpBNw4U-9k+sbb~$DR8}2Gc$~%N_OkDP=(51X6FqAu-6Dd0;d!Cf3J^z^iTJF z$@%bz-*YIpiY;jVa3R|(HNL%}&K94wGV9~;xZ2OO`YGZlLh;Pigg8y^nAv0VFH66Y zX>4ylMIHS6D3{+q`8eKZ6k5P0lN>GFS@D4WApxX-?+oe)q_UY9|m(Or!)1Q zgkbP=Dm0?F*1cNz;#6A#NlGYAd%@V6CU4jR}eQ!v0>t*%lp zu0Sr*kE=Oy;#Zx8ZSl?IcUotsrz~p-+XRUHSy#6;ACF0juCGC4>tF198w(^b#0(V{ z+QG5GT=7B=2CGDN499@!1Z@#S=sY4Vr*UC>-J)evJ`f*wfxvSVkXtbS)A{-3;ga~1 z=G=4}hD;{1#r`!FlyXG<=R>jm-Ku#+-gGy|*Kx&nC|g5m-F_qbHoIq3{U2C$x>Arq zUvdXff^<}}qe7qUgp86)*P6AZ$}y`0+8K=7;5f?-nA!=Cx&D>3SiqWg+VT*znK8Z<+^Q7`)GP7C6X1tY*Xx6zah_}}q;#o^hU zL9%og0`XVJgGIracLu}FmzaU5 z?*x!s^6Fi-47S4i0o6ZzoeatHW*Ljjpy&v{^5(ivmAS~r+z~}u8e-Di$l6#=l|6B$%H4j(mQ_3&+*EJAgcJyRopa&+iWvvdH{=uhxemK>Wg~IC4HhgY7=`uQ)2B;OHNolNn!Yy8-qt^H>v8 zj}d&MnNIX8mfC_X0MILXU{`@c`5DhuLyd2Rw>#ojq42VUF5a~3^n{FKUkGA!JMbMP z##ucjy057WlwBp2KBWw)zGszvx@Wx^BfJvh{jbT#Vf|h}Va1GtJB^Pcjf>N}ay7&0 z!rvGLiHE@`#0ckzHh-Wuf%GMSgI}8ElacABw3SS@dsf6^+CzY41r*K>DFR2!6Q=+) zbY)4pqi&HnKikMdzF*`z9E04Vdk2@RZQXIJ*`D$J=_;1NRQ@f7rMh(Wt#Nf0g29 z)2f$QPG~eFoi1SBXx185MH)XMIX*diK#muOfuvNod}<&l#!Y`R;7r!%Vz0?D>90=+jT$pin<$<;YiXvX#_+V|nDTTkj& z7FWcM@YlGRU13$Z&RoZSA(T9|^sEUK#|!{T*rlnKyvN^S(EQ#btfdIEZ=|x?ZpiYDb`vX*0AP*tsT&qd&W`6@2K8?7_MCh>;+_UBA9Sks z^KMf=AHFe`Iwz@YdSvbFl{G(9md}TW-JkH4C={3PL@dRbO_e0LOsdVh%TGO=R9y2e zTZxu>=qv-t>BU2`{B+5h`%oM+$ev>AHWVTBKnM1$aG+X;UJ9pn-l;pi$ zx0({qmX2=_6&fz$`~3ydX4MU;LQDQ~*k2Y`F~itK7||qrAWq&ccSvYXCGAB92i;#j zz-bUyr#G$1f$xAN(h`OBN0HE@cabGke&yPW%yswsEWv{Hh7J+Z^hAv*R1;~tS)%FlQ$hakspvQ4vuoL&6m9I6>CSk zuPjGU^~vo-bLpaY*CVx`w% zrBQT$vnYQoic^U~B<|%!m=HZJahWrRxZIlOrin%J9EpuJdeeA1Co%btz0Pt_Aj)!y zB5UdTd53~Q!=p7ZZITg=r8&`}-)64ToQ}a(Y;A?~n&A9E_ayK5V5SCXap)@?2%UN{ z<`^q0xHxqJ#NkdE_Pf_Izei{MV(kx9p|?J1iVh{Y6Hyso{VJVtm{a z&Ec27>}?eeV05}tICW*zl1Yl8l%}}sEX_$RCVw6@-uyV@_MR79hx#4?PjZu{ z?lti+L2V{g0yfJ~lekN~DQ4UCo_H<~)I?U}Pj?0Qy;X%awbFJC0W4WV%NGQC_aJwN z$fLo@Kl#-0OI8}+0;}&|!ZxA?l5~ok6$b+c?eB;X%|=5H`s>)uE4Ko1XHyl^S(d<1#VsN;R`U*xqCmr+CNP*E9aEbBR`PDYX%p zfT-PQ1ljUt)Of7CskXjL$EkOQV6e?H8%_cvT6~>`AVblsT)DI^*y8~lT0d@&J17aN zpD}pv_7ni4eQLe;$_iBjL_7U-*sEqr*#~m%E1PfAW%_;XwX!jBKp=AJ)z8ezw!fGk z!qiDl0Z(G5*(I3Pn!YT5qNy<%tI-}|FmNd`OsWIawZRw_NS#}CNGgw&lSL^J5fQEY zwpl%Iw0}EeW8^&Q-plU->Gep@`J(H^O^Mw6LcqA2Yg>%PF+tILEj))bSjoFOS=@C# zvyU+N12)$ur0G?<4qMel>?sjs=-%oKleptn>G^UeF|3lPAQlg+`?30klLqCbU4@wJ zZ;D2cQU!UaWy-(-C+W#;XBf%zE)T*}KCq<5QTd3w)wNDzqky6mq(p(j_1B2M`cjJ2 z%YWkIHut&hEZg04oow`)^^?gyKj|KGFL&r>A3J!OXsm+dI-ka&$~~3)76Nef)rJ9S z+V_z7jxnnvI$}#V$qM<(sI%P7zBFf+Ew67co_Mm>Xiy2YGVj;7=XId#c!`Yr)Z$HC zVxdvV-mDwo*MW%732C#|)tT$CTl-rc?GI-Iv-boV_Gt3fkXT^UphmWuEPC8So;T}2 z1sgnDL_@T`;bOE5xWeNjjb>nBN|fci2~f8?U>xbmz_2FEiMFW)6* z+&4U6^0-{}@Z9|f&lC%R>Wl^n@m@%FbaP=C4a}4g&G$6LrD?u{K$HD9jr!-)I}CZ7VP!|3T2q6$Wo#0M@5Q4jFLhvNGJ2b(AdvKSajk{ZLr?KEJjk~)$H1Ep3 z&wlp4-}3{`hx1(5`oPtzSzWcNX4M>H&YFWpmh#(zNxRJ%1w2SWQSl{MDx_w3aFBax zfPgK@&e4fhG8xIe;fnPO&K6^Gz@K9j2gM&+WsR^rKcy2u0!71^B?FJBbPW3N6@e|3 zK4Q~CBgCQi`NWgc9Iwe54y3iGbmCM|VCzr!cbEHXFUMi4MRgLHJ03iCD1fTDo|5Ov zHfH>fV?(i^)RO8+u;2F$X7?ePWFA-KKg#uU35%RpZ#Yz5Ihu9wZ`D9HrMxS&-^`7_ z2}DK3cwn(wYzVsQ97tFSJHs0yS~a*3sZapeyq#9lQN=Gw8*e8lzt#jf(?Q2MezQ-0 z`J^rQPP6l%Sy2mRW2Vw1Oo#O-!p-?C(_rp$({+1CkcY}XxjTwNi?_Sm(jhrL8{}`qE<}d zwM@xP@oT|Qbx|Rj#O^OeD{m)0QA;PH0|_`BBC^D1h^~UJedl;6!AkMjj;j;BUC<~5 zXK=ez`TYiKwzO4giO?6{5$-5W`UU#ncu3d_Do+|WC(r9+FMEP*10eNIcINdGgFTP2 zqm#nZu2#`|%@}Y=NGG%c;C=M9uUj<6+MP!_hoX_5dwwGs&z1_CtVsD?L&C@0PPbcR z@B>TUoh{-4Yj=(;Or5p35@ZqpLuiO-XO<*=~Le~BXz8L!7=FG#&>T-1DND2Bjv zJo`^Y!v_p6U!I?k(@nesov#VBSq}{_a!?tzdf{m6u9xhGBiv+m zI}#G(l0%M(F&INnb&Q>V<>lH;Z{zrHf9W5u&?1saU>O{kA_4faUqH3ba%pyL$*4CU zjaeApm|k3ZoTO;2nzVSZi=4lD+nK0seayto}L^S)zx#d zbj_WLk4dN3y#}C|-!9fQT`Nv@q_pnGZ<8OzM|YXWz(A!1^l&$b75S)&z{&x`#U~Ve zlGxlLVzZ+|0URzl&2GyNV_(vx?jV70*O&$wq(hgwSg8uk6f+uW=0O-;8;4kD5onoUb9CtG*N&U|cE!;8L~G zn{GFeRsn&X#_n`B_Q4$H2!t%&i|ubcf>~{tq{lgJ$%*BQ3oeOAtkvtGFXnQ@Xh*tZ z#!3`S+&DZ_gM#~xc%fTIn**lW;&ntClM(bpncZ(wG-+!%jzc_h1>~P@@p zxo>$Fp_hAIbQdcwa-;r)N_d!HF}p&J6XDY{hEN{CE!T*fSDQ9M6BnyV7AT@tQ0*U(JsCPl{I9*b(6pxyntr=^MdNneE_n?l`m^ z+o7;8v^#6BMtm|*1u170Owt;cLxa?%Z=W{ImW`4uc1GV3!=cTUKgJ7HAFn$qq#db( z)2H*NwWjJ|)n&n93w~Y;Vft6qYub%-kJV_=FHeA!HYu+6?~l`tmYb3Vn(Fr(n;MU- zuHPR8^&SoIunqGM51@+5HrS1Rify=7z{p(Fi+}y-Bsi9mw<-#;;~)Q>u&-_ZJJ!Oz zJYm$XmO`=6Wkb+{NvYAm@oUvaFY$nSotA;A*_U`mEB*kmWpqw_X$rRg_g}coL=r84 z{>UnA+A4f}gW{0OLv9W_deGXG0^;Xda02PXNtZRvCv6FS2b3X?oO!z4ARO6R^B)yu zka~iCpacqMU_&ceKG!LrE zz+oG}9r1Js>L=m%o3ko2^f>tzh?EH?j$>-CFU(JqUnVJQ>)S3kYr027{qh1KYp`qT zmJl)gqRBxkQEb=CX_yKE+G+E0neDC6!)Y{!J&e?>wA{E4BPBRGT#5ma@^dlLDFyjA z4E^#Nn%KrJRPt>OdqkZz`#fz)zR#ao=YB8)Mczq*PfQGw(NSo2r&V4%n!s(VGBpXJLUVPE5x5C`vJnkmr5sNi5D{C#;fNC|hD*;gAYG5-D0 z-}icc{y^#^_Udg!0dlYZeN8AKzQo@9Hdv@hNsjnmS0qrzL}UO5(iGAC0(iE(TgbRYOTLjx5%uY7g z?dSvLjcNcT+cytuq#nwude5k2IKz*81WqQP2RHHBzjQvrztVkLIvXm-dAuthtKQ{y zKJV>5*x5=Q#Gial<_@M!b50yg;TpaJj%1fExZRaF%+t}%j2s0Rp$j?nVDmjjg|Oa6 z2kcTDZ-aLBIMk20=G~$Nj(fy-Xz#~|h2}=|#N6u&#&c)1t`^K5uiyY}6F@eNr-NCQ zz-F>ZY*P5-(c_lR^3GzjF*Z-j z@$C(~^JDTCK5+!I#Hbm)Lcme2LCO}KR#x-3oL24mEve^Cn;ky6X2g;`Ka#RNpHrT>UO%yexhWX)E zX0ufVvZ<`UE$i1f8~1nV-5X5-1%c|EjKCKWtyWncmE&@}ziSr05vB16JQ~{|1LL?d znfd(ajw8%3tWHiXY~p=mwWFakHd~8`x&9zFU=N<>+?=VY02iqA_Vk>;OEgL2S|O<;e2f{RSSDh zt9#!Q*yAR`YpOGx zr$`6ddAVr7#CID=_0a4mcV|8Ia5X!3)M5bWgw_mlEes6tWR+2a-gm)I0v4>#!jL0A zVi3)6YFHYX@KWT7s3qWiQm_4H1ij}SYq{U0*C=px-$Wadr0?q->MO`tz-9W*bQz`lxkLM)d%4GlQM~0{SA5*PTg~edtiKZR^DYXa&>yhHvkj&4MZ( z(-O9?)*>kMaL;D7>!y0-b8y6W7;{X9nO}xU!uw_y5gAM9G9QEN#D^%y<^;7PTiNlQ~^eaN5r*3Q-7aXccH&QKvq>ZY+hcGG&x>r&l0S4778S2@oQbH)b{~_d=senN_U{!p*O<(-xVxGZl&6g%TT?739_1(wOI0{7 z_vm=aHi@z2gwQ?89xfcW(Bt7!H+AUFO*Le*l$l^Eb)do_rWyV`$TpsSRkM6~yA z^+g5U|M=c8XPQ9fA?r3>jBn8?_<}WhpjHk2xe9Upl zrI9Gcp@wZ(U@n*Y;FZsg!a@UixK-1oi;%T=oi6ih`(g^do%8YH4`;aA)4_{t5Rv)1 zlePN|P>OZ^4eHQ!mx_#{igg` zKHb>@WqCZ09;VPrY16DTOmu+qVk;d9|mmC~A0 zlvQeDF>j~%^)cb=9T77#a;?U)hmJna2|zS>S`I-6E53et zq^@JNJ4IG?LsPPpRlau1IB7~`n+SB?C2iVOPO;gUdyPa8LFFNT8&dz2g zD7>$F%FO)EqV~+f-ESkl)+7a6#C>(F84p|d_L6UEQ)%FAcy#4CS(HPVN#U(NVt@&; z*F7^{_wU1nnEf01`1lc6)^Hq?@H*7aP3`I6?Iy-NUyO-IbQmYF(brG=qm%3!eCm$u z%@+}Se%G6rw7}N;W(Z^GyN^p-jw@4+t8x@eV9TE=fB66aB-@P_y&OOca*t%=`UKhU~ z-;`Oe`Aav$J_I%3`e>xZXQ}QvhRnI(7Wf&9i1^y|MCI@_ii&?VOtW9x`l$=MmB7^Q zPBj00WJj{Ft)E7R!^z8=`qkC`CNgAAlKD{2Mu&r@nn@kIM+)=jgKrY!hN0Ki{Of_@HL~|EMe6B#@$;LFiF;(g3@wYh_CD8^!*ztWNjuWG( z2U|B==apg+yzL{KhHJVq9yaS_Y@1g?@SZcd*Kh%@w;!JRd=A#Iz2Gp{qBV@Km#;Bg z8@Z==PmY~#uLhlRf!W`@jzdW-#T2@}7Sk}em;~*q^xoky9<{Mpe*`ryz(NKHOe?{T zS(eZ9s2{fk?{1|Nc2V_yGzbTZjT2W5f&=I`RRHPo@n)L436MM|JgUA{6VNaS{pH`d zJ4WARjER6AUwV-D&2~ji9_A0Z7HRZNa8%8c(dd>Uud_RP#%`4LF`|Ocs(w#L@^O9+Z(-cI{jT^b4+Z3zbp3B=~*NbPHF4PQxW4LVYz3 zFr2!6riN(^vun@;?H|Wp?PcT-2=!ZMke4Xc$e=spQ?9;}nUKUR>V8_E@MT`!=vJK+ zf;Wd^CNFzR^X^FOgzFAGfujg()f$jk8XFbwa7ruwt{p?vf%mbSZLHu<}|ag+Dz(4GtMV*O3rIH_LvZFicdlgR6{8v7~j z?tnFD-REFaUESD2LG{-T#_nqeTo#r$noR4fWEc|G=De?ny}1q{(Q+v9p>Aarr}{0U zyjjF3=xE727B!YRhxF7<{@?WoAz^5UHpd|eWVw|)#KzVq)(}SHz3IAKwdmZ%80V$t zOHLWX=z2T*Pg=jvMiwS1!g&eTX6+Tt!ki5sqWY3PR)>KZ*d{@VJqWc+`T->4-3hie zc8T3kKG6PJGu_d%tz;8(&eP>AtQ(B%+qxh$-{E{Jc_`n?ixo<48FQZ}{nd6BLJCRJ zlm2kK+|3gcs#{FSEA7^M$dxGjA@|v5T#xZdl?k1~H9O~-5nMHSabQQ~Pq+>TN@R_( z$*a!x5C2R_&)NtT3dkmc1!dv<&c+L4-^q1lVmPRbVq6G{rco-KbFi3mrr_`U(ESJ1 zMFs)*PsZ0y2kAx36PlEL#6EOaH;dj2u8S+e>U1wDC12STNu}qtjA09J*1}8nSWMda z%Pr<=;G90G-)Wyb8&tx}yU|Y}pb0E0o~O#72c`qN$yFh*%xz!-qzGa8Kkmb(x689&$cZQGM#Be# zi7x>tbycrny5C9X$>csKLUld3wN|+l1TIvajT#MFOSF9gFHd*(%Fc%05Pq7a^8Dqx z4**E-enyAQ+C4SJC)D!%9gqpjn%>OyQA>lD_-Ua*CX7>@co-46@fW|c{d9e3&gVpY zn*5190sjf2bE@4+{8|qe&x#42dB>#S{><}a2|OnkAD_=5#*aC~cJjLl*LFDH;Cpem z6ukt~hFkJZbIf4nOQT2&rvaPGc6ugf3_^7l_%$cVEQBL@N0FwR+#8|uj0w8^+|B%L<(;4_FKE0?Zm+z8 ztVw$Z_KqdrxLGdEAmWlHpJEXsW#-*pwW^ro=<9f8(`L0m`uiG-aaa;Tg#*LF7OJV=1!A#*15ZG7$}mn{+}`5on*^5Cgf&GAQGCgJqo0+;KcgK*bFDFPaotQ3Pza^_-! zkVUj^M?P6P`>yanb8w|-{Ocy&h+pg;t4OXJ7gKK6jq?pnkyqFb$0HOTS_H%+10G!0 zd~~CV+dX$*H^r{LLJGC?spC~ z!Jr=IocHt^-{s=MqEySe{FzXqWomwTutfJ)4}MrPpo(?2Y+ug@MVwizfv(gWx+87XeRBskg!;Fg?eKSQ;Hrr3XV z(Tr~~;=5Ip1~KmtF9jKpEQ919=B)I+b=bev&NHV+6{HYBmA|8dZHiZT?n2ofZYdlL z%-37YdY<^m>RX$)SQpGW+b#KAUiqNIR7pIJGvM0ibN;kso|!sRPB7<({hxPa$Hq2` z<2sKY9-?+(9e(kW-4M{>W6jvfM3xBdprU zrfYxXlORs}^&#or`1I$TR1LJ(^Otk*K`dOoHgaIWA-H}Xzbi=Non%#$K;qaJw74g7 zN4D*mWfT^dkl?|&txJ{U?(#T}21ZxLvTt;xu^s(2f7JYl;1B{54d6jI7K#x3`95&T z<}#)w@6KVO!_@Ik$F^i^C_I<%=-Lr#@P4*Z>#-$dX_P};RLi3Ix3Y)8dWqwrWr=#t z>E2emOPQ0FzcrYCSP1YXV5n2Yrfhqzy9BWg1sEP{8!IjqK$Vy4LB)V1^Qxa^2At4u}?2$QENpjxutj$;6-!59p{eYg1^@E(HCNFV> zzgE{f5hhFAWJ)$qnVPGe1qbb&942KQd0y-3XOfS*uJG30^lr#S<{W(Gbii@H^xKO6 z#Hrx!=k_6O^7<@|kqOKyMlAgXKII2ErduwD2_{5DyrbI7?dn@~A3g^1^+m3MTYS=v zlMb6>cGQB{$cK*SjillQy#`Z8n5oh$dnZ>c_2uRM5Od!tK3jFwNt#;J=ME(uaDG-j zHGtK>p@dR?UO-~LND?qj)G!+@SI;zdy`iyuP!L>@spT}%Zhp3?394*Y^g;6#lgVQ~ zC_ak&#bGw_rpP?QU0AG*JntQ*g<{C&V00<9xGIBfE(9H7*3R-PVXMjwgK{%1Va$kp z=m*OTIX_{XEN?Dfbb~G_-eJm$!|RQ4Tyv*3#u)Ql5DB(%gFOEPk>1D~qrH3a9~vq_ zn{;>*JgU+7WuVhv3ygfXRt6P2$Yx#bw6d8el|>Xb*=#m`PrbDZYY4-bTn4f~6vZ)Q z#TQ<1E0Oq%JNf6YDdv_`fp+QeHg|S|O!Ay7je{=06lCCy+0Ja3z(%_%2w1t1=%qPrB`XGU!&vH5bIC)ErY5s{>mr)xi5G6q%;$J2NbVnKEDCd z5^MBqL+y6TGvrxUBALOC*V0>GW7)Lu4>uIJ-@s+;16!jkf2D;yk$0)HyND?iXcL-j z{!q>cPh&Mw$O{pB&s!*!w6|E2gkdvl^8V?xzWkwi(7e<>1?-Q+As~A=oyxZNecfTIKuF41qhhWjv3{ zWINHpik_sg_r!?BEB8YsP$DjmCOlH+oFV(KxzONG?yOGJ*z{=%mc;~NhhXB1 zyuSzr5pps@anwNjEQ?oKbZ^LUwPK4}|ILoGAl_hO;~foQOUvZ_`}6<&{rdyJf!j>h zN&(CDf3xazK$Jly=p)xZboYNq@ANtpApB5zt8DsTT=*a0M~#3QNH@Ce|6jB{K;gf_ z18)3QT6$OVf8WV|^EvS}+!FZCdTeXEADa993RhXsK0D(*>}0jj>7QmrasdH= zGk;~A5aI8LZaq!2|;2*SyLd&!NH5&|54A}5ZEk58IpD#tyTQyt$NEN%gT*W`A9r~bt^3Gupgwn337X1-cF1?jFEKDMYL(vFWDg0=7 z)S$!-MvNL{U)Q3<{&$eW>mDbPL>WH)&KM_O{7L25Gs}Wx-wr9&!Uv=lw3J@DroSRQ z|9R2CQbt9Nz`~_{%7Cau*-F?E?0i=IAxT;3MVW9t4tTL4XRD+-rQRmm>hGr`;6(n& z=Ojnu5Z5gQVXN6fiilVZ1Dj9#=m~sQjtShgV z5hP9?oo?4kYw3Be_xpdsET2^X8&Fj-Q{H&Tjd*B)%d@p}HY`*t8BKFzebjU&H?$JM zBdp|v$Ho+^^>4XUx_8;bQ6l z=yug!8FZ0z#t<}T5FxO?lb0qZ?(^|5H_5Vs#BqKUrsL_(w+S&Y2P%NWJ?a8-Z7T;k zD}nl|GeFgPke-gy%Coy}A^6HT|HXuY#pXalkSp&$VJ!rlx9GqeMav?MLBmn?ZY>7l z6(zNcr=qXDCu!5%^gZD>c~@MHhnjrw>otp1wk)^pjDY=VgNTxXw_ zLPt0Z<68W6xX}1#e6}7P7VK4+G%2q$0FFG>^`+_A&zlg&hMv5IED0>85%=4jyqa-2 zzMH}CBjSfmXG4pRKugVmqW?J&Xe-#VCS}^q_swhJd_zM5SDKA0{zUr=j!V_40$W~AtLHnY8o#ez@_bxC(?AJ?#B-XC zy`dmpMbKm1y__*2vmy=t5tv?gwdi^`2Z`2pTJh5^n#%u@MJ*#RS7Wi~C&ph%Cs(9g z(p2zPy?@E$uH-8(z#pD?Q(cXGT?9e}{v*LaR5|f+PssT1 z>lG$K0t8o1>n-h{RypjeLT%|1d0{V39f8A5*LPw8nAN3Pjf9)&dQXWgLkT(F;iUQi z-CRJ6B6C0gi9yOgeK~8!KjR|mwyLgfhnD@2h3zM{JJQRmpMw) z`Is~;L+rU&$aJHl)nmZS);EB=;VNqLjk(hl8@XK#VS1Mk6!mcrR$>7d?1kAQGu6R# zd6s;ly!7!+XjIh8H3bk*nqQYw?bO3zTJO0*359VEn4N_};B0{HK>&uADRO@~XB8%I zsR_&ykB2v=7S)r=g24IgOUM*(Y91$pgBwX}^#-u@ha5l*dJaegSc?GOw*^!?sygcX zKf44u;te&hY(m{$H=-y8wT3XYfQv!mfg!w{Ma~#bO%-U6V8>*L8=~=8Pgxgxex&&p?oGfS1k`(rC;x-J$9Ad z8$F-ck}JKKpGyxOrIAYn7hS10ChBVv55~|b6n_Z8HGS6jy9JNzk9uPO5DSB^hNzLA z6om5FZmL!q55}Ri4HZJ5HRdzlgIuk3EhzU0*Dwc-d!$FKk%dNGSJZQtR+cbpYAj|q z2dEXA8kqj^2mC~JVZ{kR=rrlupq$Z#c=gAU9-#e*2xSRHDyxon=u?GzczX0HFeW8l zNIJ6D``9$aDPZ@J;qLTQQ&ao866w0mmSEk}4Ax%V2wLp0q6vspUv=u{C`@SI0fMIg zV+MSG+=N9$MK~eV=Ut?{-e{UBRhQq%*vTsl|2E=CBH(-VCs9^7`7aUJ)i4$q)7QE} zOTIci>kE65OvH`wg|KtJuDAA|Cw~%FB*OM0r2MgCq}F`PX?{FHC{@lK?ZuRQ^FHAJ z+5z8?Z+1zyd`Ry@Qk9shP?Am(GAVVxUFqiRbGP$Ib=WLs9R>??w}VQL{cKD3aI;Q! zRR7t!f@6hE%W*X~aJ`H~(u=DG;%v!cuq-KbV@cw0fe>N2_B%q_Hul{R;`Rnsl8X(I2zyI;?*Y&^e>fdh2|IU*CwU2*L z!T-P3lE)BXHPZwJ)nCH=|Ak%Cm9cgA`|xWTQjj`#X$r5uQG5Ag5Y65P2dgJI8ma%Y zh>NFRqcA%dp=&JsN#p}5xm8CA`ygW!dzcmsCh@5xcB-rS^i}<{yS#diz#b5)M$pLW zUt+1EzJT*i5GTI`DUsdM+;*WuSzFuE_TAT=!aSoO_LfD|C$Z#z zr+$d!G;(_JYa^A&@4t-ME0LNUG@iIoGVxy>0$^gg?w?%1>B28v|F1j7z@1{XMXA5i z3IBcfMI3;Dy-NsDOHI9j2H?LNQAU==j&7lT=g?fix)(}4u5r$1Q7)FEDUui8 zAfKkLdzx4?b8pK+5my0Nr{I_SMN_0^!Rc)EowXN`^C4SwnVim&te|cAy3_zXUhl*4 zZNBa+A^JO_v#F{eHH}K1N|U*4AzIY}&|4xNgqLCZN+e7|W7?msGB_+|<`db?b~$2| z!sJ(g;g168W}3i46F6;W?TX%}9i?gUYViOr#wzs>>z?&vQQGMkj&EQijJ`sn)mqgc zKu?LwF?G;DQ=z<7zDr4IFXv=*RasHtLFFUD&-Vaik_)j_#*hFMmy}Ba*^)B9;?_5a zJXx`>0bNTG#?E|CX*5)Ni`28xP@=om4PWWtbl6hDdD+olrtR}}Z@NHC*|a|z7^F!Q zUCPB`BeX}Zl?WRTeScI^)F7p`g3pwn=TMPWMt0*>D>nzfx!Sy-d~A{@;uT4PCXAan ztq_HTY5IwWMZ8lnk-gAKWGxxcGWj6Y3jL8h^R`{@ZYbq@t}uT4kc|ztN@=)Sf3V+K zNs4cW=4dYz1<)8st-q=1DRwKM{HhDQ0Cnjf9&-dS>I$d<&IMw1nF*8E`7S4$m5+T= zKB~>XznD`3pb^58tim#!tQRy+OoN9>=5ej(3Lsl^K<5&cBaJr)Aa08Q5{G<6Y~M~6 zDv6sq!WfPompJn;x33qAtG@d3;sAIG2T@j?y^=@4L>+L7VZ#<-hB85b@4KGz#GM&e z91`2N5g}~qgRIPw$Del*NJwT>8sT=Kqh^X-kiL7LRX0gMX0t&xWPZ90f_YXaK4DV_ zjxAQy&{a7CElJgKznHAKKkc6bK$H~#W}8#&#w4|ML-CTi1L>#KDx7V%)T47{*G7%_ zf$GzB0@uqvm%!20IrtUy(dax43k&E|hKbjchhEw=Cko!wp^bPQOUFfLll$*&seiQm zFahv(ce__++qVYb4SqEC_L(|>6&jTjda&c$&CjYhNyQV|nH_n!TC(~B+T^+7d7F+} z?q05(M(v>gWX(7OxEI6Y>TAwn(&2Q#=LYhSAxB*Z#XJLDgGpS&G&0GM>m*M1*_ZBc z%`3s1%f=(~-Kv5aakW<-%V=AgT1wp#KmmhVJRP^u!{#gPyYq4R<{-0D(<$V~n_XzO zNHIor8UJS3ljtX}&*+P@i(6`=BWT%O&cOgtw6%ZSfmI8zNlQzc_#!_=z?va}CGL`H zJDJ>-^VK2z>22@rXG6?M5Vvi*NleJxj=f51X1}%AHmpZU?@uVmU$mRmoG1oBZHEP> zhFdtzU;{MrspbHxs<4NtbsskDF`CW64%XK+OU*C~sdVZ)Pg3@J${G)OT>(`VcWu0b z)-Fc#diNG2ij-cTvX^;ANnc`Czn;D9;5NP2SAVSa@L*}1LD=#N-LCa<%0>+F9^RjNCI>k zt%x-&>vN{CUws#&o5t1bW>x;evgF>UKT6K6%|0M0FL-0fMDFj(pk8%soC`^!vBgN@ ztO=g6W$5qyMCL~nzq#(z%R+St45X`GXsbN`iLaK!j8V;RTn$x#*7+W6Wh#*7emPSE zp!^$=n{*MM{o=}@3WIQ-F0-H5ubjT%Rjf7t_>6~yw1_5R8#nCs2v8lcG995gU=VHP zXi~Q{sd}n0Ub~QNs>ACZHPhOhoKgVTHKC8F%EhTTQ3+LY|H8ssrXOo3~b(t*i008A;;rLA1Xg^K30 zgW9Frpi52LpY&PgtHXVr>`8&Co^WTeC-m&y=|_=bm?xDej!W*f%{QA#4tEE&cQX$@ zn7lp6SfrX@HD!-)kSCjHvPpTINBkQx3g{Wk-0T71Pa~8xwz3Obbf*@j{<==UETZ)l zI~8$V^n84H2#K`yO(C*s8bu=`vaHMSR0}8Ji_`Gvp0uc4fc+ug=8WRCnuI0Y{?LtF zN*ko@($?TFYK{rLEMh(HNoYvGHiEa?RAlSzXiVqBB(!$9>t+CdSYxmCJeY2)=O~}M}}AcO?#9lyAzQ`)z7KJ zMe7cXAOdL_50sE6&G6ejS5LcLE9gT_itP}OVE6%$9h*cGC4ujI_4I`Gi*VDNd1crX zr@nDaZ%*G4AYbNw56S*o^AwZ2RU(%0akMIGBjFBMK1xZPmc3F*Y*v|K`*SfqbbQ=9 zzL?Uv+L;H&xaOpbXiizf!su7-;4=vVJ%3JTVCDG*kdZv|QgfUq=Sz?9samf;WZ)3r z(f*)s-4J8P1X?=-bb{m14^R6TZYp0zF!rB}g+%h!p=2Q4zUGkLq4Ep#@$inA-6+i+ zUY}vn5#|^i?4{#jN>)crpwnQpV|aClRXXpEj2O1wZ5f2D=K&a*IP`V%)eWA`wd;xi z-_V8561NxPqc8Phx#vAjX7!2?dhH)JsKpj>JfM_`l+`X!Hm%%ApNLJZ-4+YrUqS?Iq}F8ZurN8c`jp?;nDYKEGXHta&Fl>Ao)11_iXETF8>BdoQwN|NFJd zG>!x@j`#b@r6}{SxxxwXNEcJ~gnJvZ_%NvE{hN?zsfJ~5wEJ0F5=NGdZ8>{4ZUsGD)0+m;&dYp`<@A zJNju8s2Eq@9JZ~Fnar&1>=&>@0D58|QU(i#HjXzBg5 z_X2qAiz}Qs>^kP3rt5vjvu0(~nI=!dm*Yz`02a@ke_(yZsSDfR+KmvI0{g5lfYhbO zww)jMYQ`k(#soKG8Q8|EUaM%1KE5RFW-?AkDT)cQm65PUv5&zTWMp#SeX2dnzr~I8 zil*W%n~j1tk{WjfCbmQ}z&*wfgWRy+1>u1{^WxGZj9mXAC>P7HVm6_QHygHZA8)6i z#RVF74*TWZE?#U3@T}f9{cOeZdRVT(0c5VrAg3tDg_qiUMyWM4Hw*$2nY=%r=g(VjFkOB9TP|h0|a<=R&R%stHIudZkF{&(%ZHPid{(dR9tFv zU11+2Lh)CQPUMLA4FmV$>5ENrhpIHNjU#-c<$90` zYfz#W5|PpIrdk-a9GERPkZ|<0Nb4$t!gr4-(4%Ni$BL#JN{6ksX~cWGGfzYc`G06xpq;QcR5Qjv(D9qdb(hSkNxt2M?hGL%)?WNYs!evpdTRXw$g%;*nBGnG79 z8G`*UJU|&H`M!i|4X`G@BJ((jeY5M;rH=yaiyozfkwOr^CLlYhJy8^H#)E*wBgjwa zna~;Hw|R`lWzf~p00Rw}&1@z$Rx^}50d`t8CIcnRZnxKrAEEb@P?WUWmIo7;d;Axd_!nGU95^S12nuTd)6&c7q9AV}R5`K+UT_%ysU4CRgkhTxwddNvLmcF9*C;dEA8@reY+LleKEL#2R z*ikT5gRs!{m3_6!2Wd7PCOK`&I%W{${SvqZd#F7GQ|Mr>_R9Mi4Q-pA1CC}Op6zQS z=6ja6CL_aW%;-Ztk1|jc^rF&+-It3Wd2PQAwBWpQ3Nkn)L1L|P5J5ph*qO*IjZX5z zz=Y~`MW1i~^0p2n>k~Kex+EL#UvQWkEQ?sriI8M)?p+Uzm&^pWfS*GSjMu(yaFKE< zz}MhwTN5hz9o7-Ht6`1HOj<<20YPa7K_bubiEYLlyt4+yNi1+GH)JfL?*_Ws;}g_o zUxbUuTI-!r4F$2KD!JRrcu^1QtEhfK0YjTmYYtzW?X+F z`Ve)Cx)NzNn8Z=5%%DMY_zYn2!?fnjgF&1ttK-$Rv!o4IZw4oxKYJW4NAk9_Oa4TLWJZiDQj%;Odl#Bu z{WgJFegiA#rMtl=u34SY0M;NG0o=rXDIbUok#{dmqW`iJGdSD4o@_qV_0ZHL)!CT4 z<$^mPVg zIHCl7J`dHCUJ(rk44L710T}`S*03`pRWpGUBSB(~*K!*!6_pdA0nIsk+}G>K4#y`c zrHswzU&|OoTgB2*6Ddyzb7{ba%ya0N6s#z`kg8=!{p#<)xG;9+y8+_|y})Q48Z9Rg zDx@wFHshwZqckUD8_wb&Ke6L>^ca))c*Ywe5*t?AS*NBLv=Y+XKoRQ7j^v%QpgVzV$a z_dcIUXlF)K6}0a*{Mkqp@w`|Jx}EeQP=8-@>5a}d2_bP9?)ijVXf^J|Nd^Z`@aDK$#M0eLl=Xny%H5S-4Sg{B=8 zq`2~K)ZAmQ@9?7#kDm5lNUW2h^_cm#gJp>sk zClg)75bW@sZ}#;vHxYTD;j@}K%RM#9V^*r5C*jt^gx!XWNt`k7HS0doB4go`N9wKi z6`NYybwchkt3RO0HtIel&}^t7fH|*WQLqXDMUfp95nK`_7QBDHG(`!a;I4~!>%8)!a^%k`xj-@r z)reTv>)``*65fF%zcDf@bojP|gjT_w6sO~&CecnDPqpoAQI5TZCULQR_R&Wo&OzC( z%m;PbL5?P5HlCVmUudp`+Gy)42Qv2&h<`Iq5W$+!{r?kmw> zcW%>}8S|w)w!6y-U$|4jq(dbk`-YB=T|dnayXw$Ad+~^adP7eEa}e^^q}uIQ%sygZ1E1IX7o);@46O~FV3R!o_=OI;_M%V>R*8_!DPtxGWvR@t znZ>vr<*TpQ=a1m7ldoI6J3qPL-fIE@$AkWFo6sQj)E+Hj34I^VUSEKqL(UM6ftW`y zKXLb&j7g6nZZsmw-7iDR_oYUdCx+wxnKxmipyw$>p*XF*eCFOy0(D9iBFta3BI}_X zh=7tyExwwd?Ce{HWVx>fvaM6xe^0sMvhT1Jt~d46bEmxeD@Sqs&2BvCn(-WAO?{rC zlJW$tuw!+vu)6|m0m9n7ri(T|xNyx0eMf{~1E?^l-zi(%tJfX3=7k=Y5j8bIg7#WA z3lo}Xnj`98kYF(VHpJA!R`{8JEbW{ys_z51HbZNPb~5j9d~dIg(&8nf(wid^`_k?8 z13n{h2o>!hX(C~1@9!X0IMuUAcY2f04A8W*4n!w->h_626zwIN?4I0jjOX-w@-G-V z=RVb!6|Z4bAPVm8V62is(fuekmx1X+U^UN_J7``Q9co%pL(mRlBC)B74xgX{QP#)s zW&b{6>iBq_aASBAdOKbYED;Not>md58TJ7mh#J?6?6Q3}vMn6>|gJg`6|s4SyFjz zZGrBZ$16|TXs$h^eBezaa3#*4biq1_XDu%2?en{(KmIM4ZNL1^t=*oT31*YLD}4Nx z`OHgtYo&9GMRody(2u8$4-`+#nk&|%I9Yo}=Jh8FW{Rub(!93%V<*=&)6X}XW3C&A zw{{*%@oy*-ytXP$epNy3r#DZFlUE+n-B|>j>tJAHaW=8q>F3iK_l@O2v?$}AWyjrb zPG4bA^KAA1Rc4GE4GdJzvu1DpQrYz+r=--7G0sWWx~wQVuz&M;`(H=GfETK~HuKKf zDb{W<+a_~UZvj(k_p-A!H&*c&{av$YbN~Dw&v!@(3(WkP%$uMkUS{T7YCr$_%(G8! zcNDdHGZa4yQ9Ii@`}Gye$2YSdn@wAF^5ldoJ1@!t$M85m%h4iah6Yh&f)#iNncNS z&AD*xAa~wDpM$rz^h@UpAM4%R`dREo(OhfE?hC;;Kcq9SYP_6aR>G7Ox@G#!Bl`Bh zS-z8;AI^My(>nL(q~Di9fsWYa!*DjNc6;Dym+iut(ccRzcfL|(2>%i0+Pvap;HzCH z(*IAL+8_~sd%D%?oA+1h7N*53{anM%@+W7iuu$~YoTq6*vv;<>HqO0uCDW|rN``hh z_s&8dm1wKo-=5yGcHHC{ygxZ}o!R5UustT8ll!0Z{dr>idXJO%>j>B4s}*;wfD21j z_%!q?{VP#BlYF=M?xvN$HA;VP3zgat(ifTzbnn)w48lix=cw|}zS{FIcZzBG?n!2) z-g2vyE?fy?yE-@jn#{S9>N=nD{L!o0sr{wITXXn{nR`Z|n z#Gdo$a?K}2$`63k9kU-RmY5e$ew)EK-R;J;9~pxGXT90K>DL+8yt9jb)VwwpKfUbS zY7nLNePyt#Ldvt;gHGyG^a74gnKk7dX!dDCvgZB2Ne7(TA*%!%8N~9w9RBm{@GadX z!Po0Io_N$>uCxE@Lle6quP&)q`;E9dt_Cjbaz>vxby@I%Gvn2k53fBefrn$D&fQ8W z0@v!e8E6ZliUXI5)_|6Z?(du8j4lJ5DgrLOW7#YOoHjx=?2tOpuu*Gp1loW8+{?4l TR+#+jW&i?DS3j3^P65_&`=eM@! z=_%!Y3^ca>EQax(M?JSeFY8<;kAvH zo|~SEvXHr>J)5b8qnRZe$leL|2%IoT2>57k>1Ij^vbS?^6#|J+|GGm6_zWv%r>6XM zi`#1vYCRQoN-0MdOG-XA4mJ*IQB+DwN?{iZDuxj#Ln*F;lbv? z&F1K0&CV$(D9Fyi#m>d`6u9H5tEYpTDd?$#E6rb({H{mZ($(C>#>vgb(SZ_Huc?`% zyPF6#HLRgOKY#Vp5@hqgmK|11$6#0fdhC~7e>Eoz zt4v7B(azCD)5+A_Qj}BpSN;Di`d{b%x?9}_WND`_ZDSA20bq!zAUD_F5B>Mbf1lKL zwRDkkvr7y}jp zqDNR>U!y?xj~_;;MGqCDr1Hh{Wl%#>&w^IeD_h#1NIC;+28TNSKooa_%iG2M!0JQ0 z=fdK_z6ck$^{DHp%7*`f$HK&G(BNBococbY1f2K)L|V#UANQy^blPq875-TUyG#u) zlfwV@_g#NI5cmX{vD_fQTKhkBL^2=zx7w#z>ROF(W99#73HA|Bd*Q)ogShzfNd(~v#eW%qqpszN`EQ$WUIhjels^RNr2H}SR~>n! z$K?OB{8!Nz1b7*3w8Ki~{}}LmUF6^Wk+eL!a}u_)(IP4l(I>oTakLT^)H5CAU+Og<`Ka;(r%{cJ zHL+OqWQFST*IMtxrS9bs{zdfF7=Gh)&y5VZ?e1FB9?0vOjwfE{`(##`_DuXf=l8Y{on+!|I*QdkqSo zLy3$1_5;Z-zgvhBd&f5`|HV$1_M)^^Pd2qdzB) zU03gW)Ahu>p}qQn&d34txg!!4T%DYql3S(hLodR!oI*x1RwFZxhTeii6)l`R zkK1CCA|vGj0hHJrWga`prHa2z@)ei*BbOj!*ASW2bX&<3z7s32fyB znN70PfVm=bz}dhA^4;t?`bQxwZ)7@-dhj-aH{QJtJ)JfY+il&x<01CBZ&G@Wu#m^O|pvV<(&Z16i%SYo|8@&C-^-^T9Px}NH^62TDqVN|H1fU^4A8zDkctfmp- z%@E49`4_y1%dyY)31daCwram=C{5b$ANF8klGxQs=-JivZKpQ=`9_N*ef+ea3h~_c z9K2r6=a&QJ7iYA1q}xL3dggL5qZV?xDK3PSMZ0HAdqU`KHPPTdY$>mXMD$+|4owt` zKhxRww0t@E;7kfsOgj@<5V@MGj^q3(V@L^sC8B)J%Q=zUknc)4W%Cb0&UXsJy3k*+-z9BQ^QmvDm#Vo$|`A$qY?dk8@b8xy-1rsNxab^!iJc{5`kXFsulqr{5s zcadM8_Cci^NoT+FdY@65Iimb@>IHk2+ql9qa5MVrsz#mGMqt*3mdFgf_Zo-hu<)`T zg?`EVLE_Lt#oBQ)ZaPSp7CqN>e|HTMy}uX`Tk$INKW>5wg|~gRPg3F2pYhzx9y*uo zxI-u8pj;Z%(wd}M_xtM@5Fevc*VOu9f_kp>);6k-9_6}5NG79K)*5Vtqbt?Zis{Fh zSbDXVdC-GKfx#3}o(p*}Mt&$GaNute99YEBbflE;R58XaAz(LBX6F6K2x0@nh0lVPBR&_{t|ZR1I}H$N)YXUmoGt0XXlLWr_k4y{vT&=fXMKk< z7YyITq;6^%q2G_`U$r#&cBuc}>sfLeNrutYmhRUNAsiyU6+flAm}G;g?#?1HAwe~m zk#C)16Tb{)o9K#Mx(i&6s+oUUIj5T@*^HJqu-iC-FlDOfVyt^_baXF&#LQblWcG)kpqo$i+9H2Y*C+u zxug!@qkg^u)G_?fEk#**3sl@S@1s5fOpkeIxwQo8Nki8We5r>vHJ_*&HGe*HY;U2U zde)7I+Y1HV91X1AM%9Y!*7lfvl?X!W+d(bNmkR6W=m~uAD73Dh_~_vA4N6fj@?vi$ zAJCi7!dM~ZXtBHS!zF`r)ckbN@J6ox-C-YrN$~CYqS$WRPWAFzG`8>+!kl^CV5E9X z^Tm$y1(KGHKSzi;d0?)VT8Jx!I`Is{-0P4gDnZ?3>5&K5BgEA|RvDa=KI2diyu6(l z4i9(Tzh)>QSd3MN(9jhxQ&Kc~k z1bIZ$u$Rv-dvZNUu_;TXj76TZ+c91jc3Wz2ENGTY=AUI;M{#X@WLi|N-AwfgOZGBM z^eg{p_T_T|;S)>4O+&HUvumeMjWn^&pBgDbyp@avKU1>``nS+sx9~7T^QBwMFw$5u z4mDnltW)%wWlg9OfSQ9lMgE&_O8w%Qn65S&b07*GL+8Ga!c>wN zN!Tu*_`rNJQs5EJ0a8nelmj^|&MkK0oJz;eOL_;{6Kvv7f?Vm=szmvL%?n0<5A0BUGZGX;CuHE$Z$b5M5vb3GqWr?EbvY)a?5%Y^dUy zq2KYiaHT@w`Q}aH^!Al?C(5HV;pc;|k_7c<-fYGY(k76uF8E%DtgDePS5f0R9^lWR z3V-Ha+;XI=!4YX)`wGm}h$Hn0J3o$Y<=r{I(n2s+525A(KU?zk9s1;1MPNA?_wx|QRKB5mzTgps4~N&$*@E{$WSFEIH5cI6RM++s zzYfN`O7ku&4G+&3LFbH2rzAo&d&*yp=G*Hn^~#h6w%8wvwk|(baxFMy<77a?I7u4= zTqfKQiu?>v-*{u*B5Btv;PCbOt`woSCMy2QxwCOU#WGdDct#6PGu#FJD13{CsbBPZ z7q`0W?g}(UwZ!u~!s=H>;FXzN6B|XN9%9Ak%-Nkq!m~%S^2?fR)e8+8X=vmAhUa;{w zmvtBe=km4ebKVBGcNUz=l}S$0J}QQ&g|yFQ9KOk@n+97_mkY29KQ|<>>(iKX>YmE- zfH>JG*ma(MR|Buc?y7O$C`>t9E5K2g@{8?cGq!E!I)I%%+KPpQTd54l2(yK=2y@=w zY>GVyaz-jferrHs9c~qVlTxGa9Scz=nvCXp6xYo-o(SZ)2*flFKKgK#g?Ev*B=o;T1e!{ zjc}oD_#~nP3QH`)5`nA`b4ouj+XEcq$O6=EiG_4eH` zHztKWfMD2t?9?wz^=b2gKV!&R3}cpe4E+{&LCjhQ3lD*A=5p5p0V^u_#DmPesAcK>8FJof`zNIRAuNY6Hcc>`s+3i3e`nKcv zfy@foNgN1L_HShM%wha6SDzH}Oc7zX4cMRQtcYsX9ul(;&xs2ifPFXMwLd&n8stg* zs%96YVfC@#^l3<`edkv1QIL8ieQ9af#hgP#?(EYhZ5v9y1w@Rc!)zb)1#xM}Z!N=^O=m1Y=k>BkY|QD_dos zKTH+X-(HefiHsxKO$L83qwVCO0JRtL9Eo;n z?>SAJu!bn&biBvA^-$|LsA4}UE4l=_+_qM`t_E4xA8bdw5YaZa_9)fP1P5<3nd^o# zePQXOc@>;VtM}!FT;=V=#EIggqG8FRFU<@}`j?*!JdBun7M__z%QuO8ol)?sL@5l9n473!ujOl+Nb#lTn@aO;|-y6g>?x*n%x3llgDw-D8W6{?` z`Q39CJ1llmro|(>1o6ON)bL78RY5vGT{IG9-{o69i;t^>!xIuWN2=9|&`^!+n@m?r z3_Mo|mOrQ?GSnJ%x!;iIvo5M9%T!sjsvcsOj$l*kz(IXAb~ax#Oi~I;WR`$li zTE6%24%I`!92^|N`1kNsLFd5@ySvsI$_`*~Di(ca{V2_wfSqrF?dg2v0eJg(k1M1QA^VVc`2Kznz)D;b% zpIl`*-)}lE5JJ|wy0Urci(c+)6?sT?GZd?{`;O`3h*ufV-38Nk8XOlpt8B1(jvTid zUmhKj(gr3wQs56+Sksir;F$E8V-fe~WvX$@W?HDcpCIA2 zz~MS7-||I&_t@Oy)N+BLkF?BZpU9WqUF>>Pj2dxpWHm6WxZs6j8W$>Lo=PIV*6;8x z(lI($_>CzCO6M^>Phq|kxk6^;5J3^`XQ#_5Ww($uVfS80$ncgH_zr-U3-sC^W6vh` z{bhs0`JS(%WEgeYx16KWoHRGe4>_#XUCA9b^{_Bbt9soke zwPoc*{|+1ey8kb%nJ=V=p33IFP#P$tmihX`-s-)`xzHuB`K z)wNDbhkg$J8-CAL0h;{YE0XhXYYGAK!0X%kiN(J=I7$yRX}3bI_HS#R1GbB7yLfT^ zyMxxa>RRr6&T$O?vgU*lu$|mpP=x5;9sGd8ST2;=GLZByYyST-+$Yr@e3+saFE4;d ze5en=Yw9=v5I$vk=c(}NH_hdpnl3hiOdzK2`KGC6WPDH=0$|IG;G5&2BPZwxzezfP z9*De6br(QyII3 z;^m7$7(8}3^}?~w2nJ!n$OvZq*B|Tw!sE!#d{s+R1s?#!tNE^9R{`)7$?^}6#VYOh zE1iS%nXJPAl!|{IQyv4u)nR-D!ucV93kj5COjN(208VcXpNqo_NBn!XSAP~_-jl$# zg2--52lOpnJ<|}F1B#@K?&d0m9*yz*^fOCMa^FOrL=dFBqMEq9FMvOyTutnjrxFP5 zJUv!Bc|IyW>%7{oP{q|o|LoXtI>iU!J2n3lPZik75xzgy?5JmzVaXg>5k~ICsQzR~ zW^zJJj10hkgIcl!_YlxnvC`zuDMpE?1ovB3Lv2d3o0j(hoE~i*x(4R^ZjltaeFvb& zF_I~ea2@GM^EeS5hl&JQEM-`{o9^-N4>lA~mYdyqCMnPOk7mDS<* z4wsjS^-Aal^FX$+|7B-8NkKfrRACR6EB_C-3Hi5?5{$X?SPuXq$NM`;+QE*)P!{xQ z^E}R2M@HuuK=Q1wfHsKhJQh4lSW6k>2C79u`JuolvU(SlH#*a=9jZg{78Z}@DW{MM3 zh3f}f9G>mBm>ZD&%)I{DPvS^ANF$`tjWH8&9{uHuY$eDq=G)If%keIh8`(dBKCOD3 zc)Kh*C@<2~rSAdfjK$LT$(T##$&E@ZjPz)DTO97-*%(DBRyya8&d5Y_ZWAhndY|Kz z#HIkuG@$w60R|)zbJ;G_vD4GIVdWSA?TnngJ$}dw;6oTANH-EEakV{PEdZ#9!O^$Y z{V3LY`95De@MexT1cnQrL%%FHP8(MchGq~iHFrM8?2PqbiWx5OPU)$T(T|o;1tLJ3XU#$Bge}FM(t9>R zLO*@<_lFs#f{*CNa0dXF$zBde>x79YC)ww4IEz%6m&`ub=U73%wxPs+o8RT2p=3{s zfq)r?QqLM5wHHd>r<IROxV9a5u(G$9pHP z@h~N)`O?B=_#6-R7`(2Ul*KCX0_a**u>Yao3Z3edG2gVYxBW0jhM!c!Ko`}|#pKJ) z+^&hl#rLj9e*%qInlH&{HUP=YMj`k(Ylx)&A(u6sY0px7PD$i(nz5G+o^fklfx;Bg zdt>)WZD*$(vSRS3wfi}T_NSEc(Hce(N0gVk(W`JZ!u_YVo$+Ok)+B< zC7(W>;1`yfj2`wWvuo`3HRjI^Lu!`QZ06Sc0c@fWjAy%8VlkvqP!-=GBM0;=fP_9~ z{Pr>#6Y0Ags>=pak=t^agPB}A`YV)}!acC)5b1TI5?e%NS=5%QuY&zib`$<}TH0V5 zz_r}etDAdQUGt#$f98cmxlE$d54MOg6Fs=R;YVygdoNb=?TwtnD*pqI;7f9QMpM~O&Jh`DqPEqJwynz_mM{kw5HZ?WDTQLln-J=y3W!SQ94j6AXQt@ zyx*BL7n=@+_idE$rLlj{C9FTz5hXmi`HrKD(Q~wg9`quSfo)P{aS%kob0ciuaOj;n^ASTtisFRd9OBe0dB~^qRKH6wO)(=w*I@c zjQi>%@*+_u%mf+sE?t|XYvv#Rm72NU9JlQs`Ouw1`CCC4G-o>ZbF7(e{w2^7%TcNy zi+x%*lX1J`f5wtJuo!YL0FNkhta@|ce^2r=TN_<eb3Y&q8Z9A-DU_wz5*)5>Bc1($L01^L%hBZ=u_=>PJ zbINLF{MQ)%g%;M{nNSZJ&$Yy6Bjlf|zux@qt1tZ`0Bu0YY__N`w zuR7#c)8YJ$vqv_Wy_BuurFgO#(+m=y{O_Q-dXK&a@Q11o#_~aiV9ayd2(?%9cdN|E zb;64pJ=BPi0~5rr->q}WuE#ua9WtuP7AkI8~Fw#nS=R;u(k-E z^ZSo+xLA0M2Q~A!lD`l>|RtBin<_*R;X@}zaT>InhfL9ggg9oiEby(r8 zd1hkM-1pfV%QZin6$Cft@PUT0ZGawXbMNN^&QW~~WdW;kNs5j^nPE&A+)q;sOxwgy zMK$47hVjo);_%&9;<6T1WCm}M8os=IF z*Mm+Qs<=BRmJ&O)i18*Kf!{jy35@x0knyM9)pjwud>?3(4>Cl$D}=aw)xcu~Jvrhr zL!X7#r(8)=v_82EyZU)mER^L~g@|58x;XT-+3?b%*XuaEem1{Xg~D0;fL z(qy}-9-~s%`9COx6hS5I-g!G%qe$8Q@>vCzppAM8W?RMbXQ?0CBCWDoMQ-yyBiycv zZw=kFg~;>yJTDb3-~H&%ONcnu+rNA%Vwq>&`i{fYcfotivIHQ5k!9}u^uEXZ3o04ysR|fVkV=0%Z9t^zZ`~EQJ zJ4~HJj^v1qqFes>o2JRT%MJcOxw?*iPw2C1i_24`6&%i-)a4XukD@DK@%$LAP7R_a z{Eqj1F7xIJ-{_9ArkLhxOuEcc_;zj<#=G=yLPkPAcAWa49LAhSgu;YmNGUMaYFAm2!_;CqSax#o$L9($!0qGn~$(@-J zKBy7Yx1f$dqivc+bR66X15;|6^-s#>-pGw^NzU!oSjRgXB4Sq$P8^!^$b3aR6 z(7mv?ZSqELBds3{jn!dyE45w8e&(I?*thXx2);KB{xF3mV|PYal{^-rNwc@6pi>_4 z1xyBR9yCvP97{XWn697KObPZS*Ldfh#M0Q)^(?r?>?i+=GDGJVAM7Gejne*()AOvc zOG$M#H%W=mu^qywD95u>Xpsn=c(}qC{Y`Cg6elsVF+t-mMJUvZSWPFlHxVigGS2Ka zMKlHpTg*X{^-eZs9IJK@LMxJA)(RQ1SEIIA(4+#uw z=iP90J+~;R!aYlMTAdi!;`69O7M;i9i#yv5{0`n?`Ei(>4v8B9cfUvMb7uiDR83V0Ij_z>I-wRq4 zhtNtmrQH?=z=pae{jW3k$w1INT9j(k#kJq%6tq4iBygPa}B=a0+@Mk{SX(B;~1_^D`Cy}+nx!3w- zaSp%1pFD4@SIwm>C-NCttaQ4RJhfj37lHu~Gn8^Um> zQ%?%~byq1ut=XJ38+So9?t8#_PrK#-K#;}?8%YS(Yr@T*A%%*^7|VTz<%aQWb-g%y zLJsB0-mQo4)=^|Mh!9cDgpT%g8K}g|r-wak+cSjv>OnY331wWK99XdmStYlH(9Fuf zR!X95Uz_zAPkNaJXzE7Py8X(a{h9>4drMam0lQ<+-c5TvdYm4P_7Lj_ZgYPu5j7^i(sk^_-)k@%rc*#+ zNyHMrd0P7sVb3-dUTiZ1?B6ihUMT-U)dfALl$&z(=2%dY6n#vYEpm1Oeqk{vJm?v9 zFu|mYvNR9t5&7EkyI_@dsNSsWFc`z$*^e|c4ZSDTeC+`L^U$Sg7;Ku_fZflo*N%oCLc2{TMA`J@jh3`wyo!-VGzGN)68`zwkfVZN$%~oih@ix?z z3licPA8ef=7;&QZzr}&`NC(eJ|FwW|tSfg_}lSt&YLiO@m?Zue_!4ePy-? z`ur;vz*!PL=WG=Ao3!*rGvusuelewFyqrXfa)?be}{ zqWrd9Tt{v}E``MRqf|Dy5>(9Gp%im=WVNBdcl<`ki|Bd!XvCs6PP#CohL$^z{oLQ? zyO9UBE&HRx)t(sb8srFd%(j;ux3#7*HTG$mi857~%;t0+@thniiU9zEkd0=ho{Ym{p&pEyF#1v`f^}rtpj#ThF&!3_gr=TS}qO zRV{dmLC7nFxv}rSXRmSEVN2Lk!A10(>)_En zTWwcjT7=jF!N7lykO_Fvfd17rAROPT77fBGDY;-^IoSY_kg#>}JjH5vXnc6M;K zw7m>w-{6eD+JAi<884ab@#%y`q{GoFAgUxPULwa%v-!iu$kJ0Kb{82eyRO?aGS$S0 zOF-vl>(dq!uwKRwDdyIYfc8>gqUMOlDuFDyr;B<_XI?f_i4(F@6@r?Mm?v@Zf_;j6 zxsdJ1=Q+Y6IYjrRBwv!)Fg%iGWTEo+!Bu>hIJ9PI_}ixwN7$qLqH$s3jcHIpuJ-mt z#sOqv$EV(>%G`ZT6i0}bMEk&wx`L=|S1yc`a-&coPagsFuG}+|*d7gY3=nJocy*NU zdAXH26ggJw)8qf0RoRH!q4$j+esGo(L#fAw3BmkE&Yh!#?h?ZKzoQ%2cH%}I$hKLw z-RtW3Q#}ajaU{_o2qDLsibhJ`nOsKcQGNYyK>9Rfl+ZcKnPwx#|1)!l@o( zPWtcKjoyi;4c$!_*?brLXYT;s;UR*yi1uZa9h$r0f7JezffPV*j&=S|#Xqig!~bom z36bSbmh`p%oZNpAG6kQ#f74oj(-D>v0!mLCwLD*Nqfz*tJO@BD1_=M64=#*h;JCkmrd521ITP$M?FkJ5Ft4g2 zS0;W#^T0bFK;~*XD!3WFnN4sDhzV(efQVTH4Ct**mp%rr{{VpcH@hT@gTRr|!2vo1 zQcEg76ssI%zV2_#bnYjTg5^f+ny&-swavsEUUaaCQhxqAPs4mb45EDoXoa(+fO3Pk6*h2pT&nhR{|X z$Itgkp|H*02ap9X{}RjlU9Jzw0Q>P=EfBni0>dO|*Ep%OzGoA-(|=lF0chTJ_55#7 zS@z0X_p)3^Q2<)Yxdi}1UZ=ix+XQ5OBs#{P>mapn6+Io?u+$d-eW^5le*Rl21S5Cz zq)@({Y84e4d9J6>M3fJ)cM0$9*B(4=nxUpdPW%B(obyZHrNBqUDvx~uOz+$@&FBpZ zED2@?7{_0b@y=sFJf8)SFs5-LXUJKa4lrds9u+9UfHxT1tTwUK0N{fPO55(PcILvF zg)P5j0;EU};C5292RI1H(R1#y zv#caX$b`&(sOzGSU9xa`1>m$|ji1U)zG^ol*ZZ?UMAsn_<7fxJgn3WP05XM&t0wGB z^n@Jc4Es0*-PCE`c_8He_Q3z^b+9h-!Nf`wJ9!j3F%KiD=UT$@&yrjW0DX>Gcq**O z)PP0xb~A*d0{}m!Iq|SePq!;-LV?5}TD#^SZ%hFT6~fTk_uF2>D8K@_a&TQkz(DXZ zs4dmdW$?IKTSuSH3xq``7y7*SM#!F(&)5U7mF5xNRTH)6sd zU@rM}>%7a*!_O3eMsyiiQICln3{K zms$=c_!>ZH;5x!PG^Z!7zQp_Sb^V0uv%X6mWbBRem)CpECU~SUnKGXIFbef98_@&v zUJPh}Mhg}6EukTIyj4JMw5JXrqPBvi%#0Twp9AeuAg2sH)SgxF1dDMGb4bnNbrG$t z(yc-P=0;kL-~lMu@c!<$a5ExaB-(EQ__8hoUoX@-$1YzyQe+5BA5D&%|A2cmP*73k z1@L7m{PGc+yc1wK$Zp= z*I;Uj=rd$?X>hkUz~7<;XSr0h@MCq%bF+T<FIZ#0`lK0>-aXL^=NU%!Cfv6t zDR6*JE&gKwMM6NlxV$N_sj8mPE=`K711T>`&haYpt$!;*NYIvr8|Beh7+65(JD+5f|9qWXl48 zfZ^~j2TH1&BC}mdKw@O0kAnpghY^(W{YmT_zRFK(B8krqNXa0C;i+a2$Xam3p-X7s zDS5Uw3^!i(P~64qtnwoW5h1XghjUIxdKw{%L*QLa<@6;<0e^d2OT=$8XE@}E0i##) zVJPY4cY~F4U>lZN)>u}4itUfg%!R+v-~KT&)sZF{n=|A>>0GkWyJ#l%5Aq80HMhzU z0RaIh?`>L45N)t3~||4qA#me zl55)BT>ZDlOV#_6qNHlK8uLbUC-NYjo=5*&E5`ZZp zgP-`6&=PnWrFUb5GIa=_t9E$PITj{Z>T$)zIw?Y)@%}TaaC;IM3c1%HB&2d@^7T-} zNI0VsukE^7XLsJm&moK61LyID6k_ko)+6*j4s9+=ZHWk}7bA59&X5>rS$W7^(F!c* zgz^Oi1a&zvy7Nm|L6PgrXHe&xU6bguojpAGp`r8?KZ*Za`IupqTlTTbduFxG1V?K@vMARTx{>$Q zn>}y#;|eH)^t}cM-(v1Fk(dE`Hqfr(PFZgF8jz(!8R=G!^Q5CRWxGw~&*2Zu7@0(# z?w}MGn1-0SDbORb7o+b|xs3E6*vvuYT}g5i|FH@VlH?%F9!k93^cYZ?c}OsO9KSi|B7MiJt! z+XWFh+y|j*ygj(dIHFoCn)9PKBnxpeGy2?RABc8K1U35jNc0(`@^v!c%syOn)|e?= zOq%Hdl{Ia){WD@|!wIZw)3Dw?4N(qyugTC*Z6ILO!8gAsh$yeDp=Rfy5dY)?ay37*<;4FK7Xy;Acd}Lw|G8j* z@e~83aJRh>y8jfb0CF|nm|@gEara;Gm>(dsyNU==`cLsYKniC|oPiGn-s|IL1i#+} z@XtDLq{W|~;-aPfhWh>vZh2JlJSKQ6|JERGy+uSqC&Yp|L2NVJ?X>VH;(7k}ccwrt z?~_nOFIt$|5L}s)444+k83*@v`{M&lQmE=Ycd9r)70mTxDsLNXtj`?5<+!Qww3_-) z1g#Eqley4I;-BjY&<;X@&~k+PL+F17j0pCl*ONG%P#--B?TL>8M3x|{Lf(nX2=qd2y&qk{HH-4H9)H<%>5d+ ziT$HhM%*nUV;7i(9~r4((y|aB^O6glLR5HI?Ec2I>AMvRh0T{diRHcKMGW7o6BL-r ze#kD_yM5{CVH=Hru&qBPXt2_Aw7`ycDNLT z84ARxe39ia!AR=;$%I;u>a#t(rUkDZut9sO2@rre?YC~qcAvB_-a5SJ!w@<7^6>~u z!aCRYjpseg@dKjYtQNoShXlc}Pys$)n+NH7fYenv{dILK1a?Rr0+kL>!}iW}>m1LO zV^{_%pv$Oj@d4CF_?gIA=YXhNaQv)c8R!iL;9j^G*k4@3VgNZZcP;T@n4|r8xckD!sL6r5&YjOh&lXjj`aTI6iTw5o9m zwd-oKWL4`kf)vZ(^8 zjHWn)HsfGl=%CXqA=fI zYLnY;ruI|r>v*VrsY@9aD;5}r2b?e(15qw4ynID4CmUz;H(DnC0l?jOm4=Ujuc;K` zp(>V6*kKFc0k87on|S>!+OqlREhGQ(E3kkv#9JtXJfitj1=o|EfZRyw<+mSaU|0am zD~8DyYXQ3+2@_`8)hnF1_y9(mw*4$dgQXY)`uAs$E+A-}!7wfc6mdK^XU$zP?yLRd zxiI;iAxyM`&ps|oVvjcmq?~xHHUaE56MoDh3{N>Ju6ye=ZyH8srndw%H(g9h; z1oJ2GlJ~X1GOuGT)nia*3n{=(4ORd2IRAJ(&7?nGxCu8$j*x`>Y3~F8d=SD?xDV61 zZs$Pn{BK$OpkaK-?8-TH$FbuG1yuZCN@O%d2uvj@ga4MAsG#BR*BloCp)@-jpZ+luP&p+RaQSFRpx4X6*<*lGRsVK5hLgRz7vX?h{&h zTvrRIb?S*b_+XLb41kcV3Q>gv;$crcU}jgn?jCUlb^r;+&I?*NG_=())g`pxtGR6Z z3x`(Ai;3JjymKni4FIlj5lqE)Lkw!Q$8)F4`AZ1vJ@2 z#;0!vN!CqK~e2)L!WlKb>M(gr(Nmkmg$h=0QJjCY8NI{B5#}J>OYu@-gp%hkEK{^4?-YEMP6uPdJYv+2W0x(J zjJbOaKYxaaZi;N}JF%Z3%U*?@KU&Q~9_gLQ5q9HP@-mC?HDtQ63GvS_dsh+cVMdGm z_3x9;C`9~LuFt5bCZ0Y!LR#*N0Nf@v%PA}~3(1&j*Uk&8@q@Md9` z!i0NfeR!+kkL>{YcI4v7O$P9ifC6!n7yWBur03?^$0d1Ner!$b?OU#({# zKBFG%)B*nhX|3Isjl%7V1n+qg6+6+}SW$COSuJgVp4F%}9ZjECeQ(qi(|4pws4L_; zq{zIe?b3tg2KvVKDehFpRY2*tKfMmfDX(^++YLkXA`Il6HssF1&LM_;#gYw<_oDbi8#_$HIGB{Ku^f_T%tV$g#L2?Clj$mb+7oOqf z^WWEU*DP&|iCGWdBz_BKjT%g3cv^M+^e1?!_m%@ z8}1uktP|rT4SAw)`2Vo?mSI_~-MhCS(v2ucw}h0^-Kn&MNUI#qlv>!W2|pjZgu0pjp`JZj;gw~|LwKfOzd`y22W6t^1bUL@sE2< zq!i6AuhG10IZZ&%W&P#<>71gVok?RFQ}YvG!D5Ra00kp)xOR+{#Q!1CqwS62W^_Sl zn%-MQ&(0DjzR~(ld8zar{j89@1wP~Bn@rQUDttdNy*#_u{#LnN)rrl0i@E?b=(>+Z z{%>?1kLx@s!lZ9v#p-WnfE$b+Q%X9CF_ADS&?Iz*!X-N~#{WDHmkwy{oz!gyiE(-} z`&JSAw5}){!u`n!azF3N*Q7F-ars4DXJ3B!YY!)Rhh#zL!a`X$*XWSgI#^aDBUn5y zHtaVxR2o}(rp+x}ah!6gB}Dyf8xdtG=&xIZ=`+<(?HtC3hwG-1yM zP{Yn6MpJyt4ra!_ADE%Z$3xX)uEPviiY8Zx8?rRItv_16!JJmfbPM~^@qW^;Q%vLM z+qAM&U+X%@d|mwOg+{My2{7|w&oYd!{_dA$us}Z658syyLdeF`(z5|%o%3RHadWYJ z>R;*q*@;K%=#0z?;%=rs?X%+u!v6;f-%6#z5&VxTS zMq00MCU{l-f8?k8Ac;)4Lg~go-Dhzxcy9P2IL8*jHzFolFMmv=*^K1U;Kh|kqE%DC z{@=OAY+LuQP5Oc+8t(D3W--aJLUUVKmt_ z7HQP~OI09_JO!(74CAje>52CLqlmZvvwhTsuhKXFiMOj3J-I8uNW$O-HH9fun>XLq zKU7C*(gk{CW95(VYc~VZVZYJ@r4!BG_R2`n-q*TlSpCLQ`&=hikq?XZ#S_>%4{%Ih zJGq3Ildw_80X9RgM*XCJ1}HuOz|p;AtOdBo)&uvt<(^^B(_=lNb}Ft zwqS(zj?x8a5P!tI1kDJHlC4iy1#X@s)IoEUX56P=r&m#l{hzn7aVZ745eMBQbqz# zkt*bDQ&cr~*YRvxt$pt`$TG=vUK@*2GcqadV8+SLyc$0~4*tG73;i#3he?f~MBk;s zA9$vgE)I>+Ng%{AW&ClKUfz3a%J)h2a{17g1#FH<39#L@9Dln|sQc2e+Nkj0+THRs z@spLaK#hjer5s){dttiY^wM)tP-iFYQck z2St}JgrPWQb3#%2N0mL{l#Tkd*mSVibYqut2_dH~WdotJcWHwLcg*Z9lo0{jWjt)x z!ro*ZgQXY;5ld{2Dn{;GJCdQVDNwswj6Q^Bt3N0df=Eks5~^%$6^;^F!MQ~9;aJ;S zNKhR<(&kNJt{elmm%<<%i-MW|x-bN`WUWs;S;U;C*@AjV#0KOXQ}CVK|HPPyz38R} z=aGLOaXejo@L~%Qa9~YTU%h#qP_h2#$E)eXl<{$-T|NlaYUk_@FgBHLpEVTxpyOR# zD|V?5-MciJ?g7{qKPuNO-5-Hga5ECyRWbf#zZlF<{g;eiNj_fPFgRGI>ODMJyM26E z>&Ke*ssaxd`W)_r5MbBj7i((AaV6n=jcY)XY%o5%Xt^{&Wk1j^#jYkgyv%gh?@aqQ zh#Im%-Em^r20cWcuE~T!JY%fE#pL+42V*7|ayQ@t$ zwNO;E8ho`E3i=N>ye*}_KZO_`6s}n~^#gN#wf#?*k?hCvp|Q?R5Vxqs9tLJTdoi`^ z5{r2QX@tJtr-74MI&b;Z=}S<_)OQrAMA>sjv}o^@Se{;qW?39RK62KB-sQBAz^9$J z?)%}|xkO&$T|5S?kcd}%?)dti+0B#HL?(s?+EHN?8mXA6VHqe3?bkMr?|#4}nQ5GY zrKG9xY8p(Q zdi~Tjb|)RkO*9K`(E54yy^3Hz4W!wTDa)fgX~3YglT3WPTGb4PxMK$bgu+@=R)qKk zX#B@5RM8!spI%gEYu+F;A))u*Z8+@}FdHd@A2h+I7oG}a zU^|+AXAe~@;#UGm^6Ok;8PuEe5sdjRSt0`{jd8dHgwj#&hNorm@0tDBoqVcn8_i0OwRMHI}gTO=kdNL9OFjQ6?4m;rH{a>B+HCKEFROm9$&y#xnNoi>dr_Y-O**Q ztB-hfi`4I+M76scURm8jh>Goi^&lLsT5cm_W>l~_ZOoc8tXICN3OKK4;^*0LR5`$x+`JId-_ zOL=slHU7)Y;I%5_i7_cRV&a3>L?6PTIp&7whH!DqYkN?S1J;jOKd{|w9TphMdij0q ziDHK2DXGR((ohtUhYOhj{*Y|RioZ!d2v4T~`^ZjD{55PNLiG2dt#|I@P@ncaV?Or$L?oxe+-1@41SRXMqmz7<5`@;83q zidQjlT^*JWq;R}#nc^kn~=;~~iG3s+^=9g1GnZ5xP6xR74Ls~rlT=)!Bn*6pdX z48#!3?rQ}cfDId^vN6K_{LKd%v;~AO+qrnys9B6zzMq{IMZna`RJ3zVzShPamFHM% zy}U~e$kD8KnSi=& zBnVdLPDgVj!O!mJYyyU;YSl(dy1GEmG&~%GjVcix@mzm=;1LuX&rAsKLvSKS1e2QKULJuysp zV7sD6>{pe**6&9$fH^HZ?WzjPNy1_J$m|I*HShwXybgDcL7_C{Y^!2Y8wUOT0u5@c z^B4VzNfc?0V^QG7?%n-hyv_2;W>eMSDz`LOC0AudKklR~dDC^Cxvz~e`xwnC!2yJ} z^aEHWH>|^Nl~A9x-a8-{4%)hw8+tM!JWlSt2&3LYnX1le*yEB+c7+5xp%(9DVTA$Z=NPdtLYWq{NrMhT z2HY?6z{Et}$x_+>DeoJ3(Nju*ny=u42jNEv&On|yY*SWTe6Q$QN}Kr(e0uKm(>hAp zIbGI^qht-aj%?LKR&VqfL}-%cb{V7Ic?vUGHK-^G(xyM?-VG?TbRj5tb|>_ni>gUX z5$gz>{wkLAJ9;zCCiLO%V-4F_LWIkfz>OAeK( zKaE!ER@yGiBNUIDZuhNKrB$y3nRj>ZFBiTsI-8Svxy{{Ifvw~k7VEp)ih4F565qs0 zt7uuW%zF>u5RkUn;-|nn&-@+7`^6`>t1SChQ_O^Z0TLPeBooJ>&o(?*7C+Ub2<4uX zkvC#a`3T9Px0$4QiL^zWdxah!&B{${L2i52h(pvMJM?y6L_^bMNj>8D01J(XD(b*U zi?HlG=5puKSW&v2$ZYqxw^|aLXNSKt=x_QLr;W}mifScIITM??)<@HJjj(^Qen1tW z#@ixa&B@)iY3*&-1tuBC*9eYz@`TODS%V&(b0Z(?nzvuoA0@xCbfp-@(5p_LR-ROYg{I#1 zEAV>(14+8%2kyH$th3sCp{g}b>9wWi(#zso+)?!eXC(7xm zRl|ak%;ZEmx>MVrF~-(m?u>hQjQZzZqB+|hhIgPO9hrTqG5s;0Bdqa=9nET|1-W(k6A@y*{flJslajhBPH(&1F8y!E1zsV zg*3^2VCr&QFpFFE0ygfLeXT7kS@sJOI{BuV{^qL(5((^As?k>4JOjBz@BL0q##vatyyH8@ zGakr&d9MK{MN83yM>f2IES16c2*M89mK6obrFpT=#S`5s$L&2kbe?=-3qKEGkWlGXJGCc1E(Ai1#JbpMWI0{Ro&Vx{H|%8PRa>Iu6yc|Y^Gw2UA*)2*)RN_O0V zxAAc&O?}NZa>-?8qHO4~*o?l{m|Lx$YcnjmV#0XZm^!@e3HnlYjXW){?isENhlZwp zq@DB1Rkv~1-T`JsRVRtbjz)Ugh*)rfuW2a=PgHU7Oc`d+UB?uM>y^u{D#Dp2T`bb- z_D>is6tPHx=cS0zjx?^0MKHcdoZo_eP!46AZb8DUEeEqitpsaNLHUD*at(%k+IjDb zYSP7;H|O%0Wb7E#ZVZ1(v!y1aRlLDdx~fzC{O6BM_f^|Ly9oPN8x3?!i|^h$7#WIm zHjr|iw|(1QnYKv9@NM2;I*BRF?JoPdf(;glbFCL3TsiAUUhz4ISFi_o+XnntF2Wch5>Uft^yiQEmSO?vyBe}M}%`f>J0_vp?a zzP3$wT?-|7M5CR32-)7dKLSlep|M4@`HBFig!2=vb!K~2W#Q;G+lN(R2d>=GiLZX? zqUBhTQHjp>6=tFhb9A>a%RjWBci?`0Kl^8Q9$uRXtIQ<=4~n2rB`1;Pk@b2+Wsny^ zLHF!$!S-2JHe+9Vuz``bX8jFsL?c%HeUV_Far8-N9Fvp34&D zJ(Yh;R8iPs@<~_v^RTtcqa`L3E8CHqh13IOQOgD@XBiGQ9y!H^DIJIeC#@i|$HEet zCL?+i_C_q4cF8yb$R?cC{;s8=Q)^J9lHr5J@n+QFgU_dLS}FLe{@qF$&6tr-*`{_{;mzq4_8@>tm3^~ZQzLoXyk6@H@}q2j1W9ua6(M!NvrD;TqgA_BY@ zwdyGXQty1*@wZ~T952(8pXCcv?EEc85x-DrSg)@R$g85Lm0GZC;rvH1F{&^ z6F|G-q{sR9hg<_hT_bT}B+5Yb$`JbET#s3|*q@|uVBo*B; z1s4pvhxpO%^ituM!OM0N4R#=oxAg*xab89Id!NkgL&$EMyihK3e*ko?o2%^;jXvhh z5U>2Cist)khQf~<2*jgqssJ6wDdm~2k?XBN0D(qqtS!#igGP0D z>D*Uff2L{0UI{?znwwMXC5iQh)05Df2wg$+R0L+jhH$y%&(nBR!VhApUTHRudmOvF zI=)T?0Hv*gMSpD!Z(KM}IoE?BBMoqpzBjhx#hab%?b8vR)}xCo3n+hdMXS-g{1w_D zx(nX1c-IS!8wzDm0f4E2jk!TluJ<)uE0nPozJqC3o zXtj?@RwsvK^_#U}9>IUC=E(b9A2HY<^HD(Q=bB22fJTm&dNJe*@zw%)WeU1|@CZa) z4cUQq+&T+FWOeN!7$@*P8=H8YX|j3UeGX#=YZ9>*Ac7*2JOBJD5?zOfurw|J=`{n~ zL?zQbC;^ZgZ}-~YO1M&ZTVTNMng5)lQmLbQ6j`OxT3G4kB6lNE>En zzF-HCfrX#@@R!*(gGuim2!X^24zF55U?Y>(;hXxwA{D?T=Vep{7!8?p5lSt(>jsKv z326_3sRN?^1MPq1z65-a)9!O`6YZL?WMG%Ukj_|(B(r+z-iM(1&`?BbEuIQymp9#p zR)u^x!fX02YJ~64K;tG@bq(c1{778Mme$-ndb=4QH4F#9qw4~n#t1!ti;t5Wy& zdRPkl6w@UjV;3g4u(ucTQe;sPvjd!%Ee~;LU(<&{`d&FmhJSQ z>e^E#GN6)Sk~I0ROSa?)DFyNlH*8>DmQ^>+k`D`Z^gd}^fkE-&sVRT(Rhv<*sLV%7 z&vF85rPqrXAtTy(l4zXzq%cm#M_u<)WVjOEC?bu@^NyD;IRe7 zc^`Usdx=m2GT4DS!clpjXHX3{#5HG&eMfoZ1x_0h>wlIzHuqW&QIAb;0M2IGik-|i z9_OI9ErKky2AE$hxbM)+Ss-Sf63*ehMhu#kAAziU^^E){*^|; zHqS+LY9C=~Qhsl^`oLTdwkb=w@09ls0utW=hENr+y9N>)D;E$ssOC)eg?M^K{W zZFLMHFff}Lnk18?t^}RiZ5HvOYYQ%fF5QQhehN(FPB+0!WeV#{<>l1lFQgQw?Q4z5 z=EKjkbFsauUdkV&M&BVD!$xaGIx#Ys`U+EF$`J}b!3`Fc;5mxDiBa1A69Ref1v47w_uTgD>?=i@-9^a8Ll3 zt)a^I0dxu*^~CAe3R`F!mPoJw+gTa>#0cgOHNm_TLqQKTiYXGJgce>S?r_IW*4*s; zCd5%jjih6Oa@p?0{j6IlmK6IoPOOZLX{yBh$&ielG89|AlDH|~#DV{8PJyRk_F|Un zhr;~E`nkwMf*ba&q|@xD?^o#F^|j22p_o;CfdDi8H*(q;vUy!M5jz?gZ&0Gp(u*wY?q^qB+1uHT zi}G&mc{?(q@%WLK5|}=8y;m8=lvdYCEf6o56*mw_qOaHG^mG2u$#qJwNsL z7KS8@Vp6flonYlO2yH*}uf^B40sr(zTuPhIIrmNzP)sIwRC0#w$MQRdx5nQmD}K5) zPl>c%$nceiX2MkWovjq&9 z=Ub>Oe(UMY=iyJARxc*ZZ5F5ANgHl>RKR0YZ(De93@>lPi-w(9T7!uSt9NiR%#eVH}mOrF6PFGzpCp1p*Fe^$<3z`VH!bzM7w%%^y4C&rOEe!V zzKyJvv8Wz_{waQWbp^B3wq91|NmzwY3Y3ZlT3>t2w^6b*ZF0-r+q9Ugdu(sceyCy^5LgfQmq}=KjS@08km8RuGz}w}x5Ua+mrXY1b z-eObVGrYyOB10_cg-(z8m`TYE#p-$A62Sh#!N7fD<&?Z(LLwm4Yl?nd2QhusAZLbOX+Ml;g&&cNje-OA9M!d_A~ zs?}^~pVg#v~9EjdH1E8sVr+ zMi^RWKc25tLbDguY&Kss$f6uz5Y>9#phvr}P*a7!$Pyjdr`9#8GQhc2{Xapg@Ia4c zQ2(M8Cn{)>{yqeQP1ZNtj`QR5%NOOoGn%U_NBbR&(pJ#|FdIyTJ0*-Y{U<^`{v!n%fk61?-8in3$ZoW<&yAtQ5mc`qFmT~BZ!a=<&0r; zMpKQ9BI7c9$y^#iZ-+894%FZ}j8;YbUGMmf0JuFHWIn{Q_dUc*ro?bVj^K|xU!Sy|wotGya&|2IWB+yXN zyD+aO`X;w>Okz)rE-70hx6qYN>-|G}(eRK4E@!;P$mP--Z|?i8cWSOoJ$e>FWYh6p zCqH%hkM{s$Bun4YGdAO@_kU?io@m1&UZs;BD~B^;694l}PSBx#nDnWm(s%gB4j!Z& zd?aimd-#_tB0jGWjz6|O5=>Hxw zV*T$!B?WCtr@>M8Uq=N8`acxduZ`9J@dIVfH#7d{%YQ!O6~&<7kHmH3Qt%gW4qG!I zC-5_c7vkai{%z>;gO%a(vE(tfm6h)|ZWn6C#Qi=w!?ci3fy~i_@a}kSa3YmAo*QOF zzWxuj2_#%sYZ_5NbNuGmEx69D_XL|$O$^G1$>Q%^C26!5t~OejQz z3^FVB@|%Qoe)JnxTt8Wa$x5CyE@yNuXP)$zBylj;Z;og*7d+MK_r__vd2(el-eR3l zCD3HfUyCXJfh;dJ+G61G0uVyUJNjInKdj&jk5+%-u}(^-q@3Q-1$@3Wa<2>#N9PCy zSIRztmk;GjQz>Kw5vJDsJ%E7N)AL#9^8bFxagSf3rq%qDyZr0&7OG72>l)*M>q-&| zR033TL*QmMxdD3#fB{&{$V5yASwVC zsuepV!DISz)ngACOif_A*LyEharbN4KEm($U=ZM6?!KaR;QbUr z^l$ti)82-E4gjA8KLS!tXQR+uzO9O+K{JTxg;R;}a}GSi>rXwK_n;os0=+Z6tVt%` z#}T~q?VFIjV5@$J%t)(tTE4E=8^JOk*bOLBrdIAXzk7(XeGs(_BX}1^s~k=1a84d3 z>f>nZg2?C@uW?U@wrzy)ITNK*WTR5?72HyjkV}2(Td z{T5t8Dui<)4MtEM`=9X10x3FP!6zqVDdkkXm8(>LmO@1FO2vpj5<5z`6tK`FkH@9E672Nh-jie}+8wArf}GYd|2SPE zp#o^xm?m324>DE-al>U7%JmzIisgB8pl5Jm=8x4qRv@4t5IBHU+ytm3AtFNL<3n%& zLBM$<7rF_rMkD~G;j$bu5OMbi{%rWhXstd>YDJ~KFxA2O$v~}u>%NSr9nR4q{L&ez z*42aEI9@a>NCKK3N1(tENZV#X$<($%c$LO2o!ai5ldIn+j)~YB&k&H--}4|z>R&>1t}SB^>g6EsGbla*FYolGnKpQ$d zc&q&##HkE@>JuV>up=~^Lz znI}B4Go7mbOrFgXcWaJu5J2(rhk$dNT5}j~aN`uc?KTasxRDFYq6J|I|J`S%^ekHylQspN5+;jNAj5mRviajbw@18fYS}m9joh zqz^{_0_2(H$rA%`t{z_p|#0P*?A#eko(iz>0} ze6@V6RVZ7bAKkKZ;tkmBb{1jqX-I!$GN0dY&LhM=rT5n5iSA}9ZFF!9eWWJ}N(}mu z6@DKKCOIDw(AQ`wk?Gw*hzLD58Yp~C7+(_lzp%JDwhgLNF-&G@(eYK)Ov}c1oo>I# z1 zMJybSV#%2PrM$buQDft?SzvVy}dZq3cP7!gWGgvFPbGv%!M`Lwz+%=4!g&ArEzmIy>-^@ z*W;(3$Wm31ui|ZW*5UEk0W+idlYW|8tx>eyRv7#6UGaI|!=A01*)sq;0%OwIcYsIn zwuuBh^A*GRa$KZIu!Vxr8^nOf8_besud_?W<9#$=03^+{!r)%0b21T#r76Pl@d zw~7hH$-KjbR2Y2}$=xt{th?5IOQ^W8^SY8~Rq7aD(PE*?TQWFSM$?%nGW0m+U}DMI z&AbtKSUZ!X@V{WPunO$@Hd z>%`3F_sQsSCR2x_Dsl#3d&ka9I2rUqG~i_{5x%!V4DYY#pU>fvCGGiNyn`=yJkH%s zdv&FT<`YhILI_2`&y9H zVLoWMITo22ZsXKd*Vx*Vz=*{Wtw`_WA|xZ2jqC1~`J8JWp*#Jl#Nm8xxZv(>e4fZ* zO{@8&cj!_^sKi(yNvqDXpSvy;k66(ck_@0cFk5n&d;Asj!417{J}d=#xN{K+b9d>O zla~FQ^MugrkzhG&ZRTC#(!{w?9_NsIWF4Xl7-{F@htqx4?J3@A52hYXEN+sytL&Qd z&e`zngiS{d74yhE*pvxAW!;4&CXlu1vx#PvxEuaj0NpH+zWuv|+GXK0ItM*wzP-Bi z`GF5$Fi%QIKQ>$V;k?AL5VNkCkp9Njxei*@(qK11VSx~MskoEqFj~Ha)lp7Y{GPL> zrN9G|uvS2(w7?CMO;p=We=@J(-Zg*WXwr42pbRq+CG6lBg|lyXU7zbk6f5};nsAaD zKMcf0BQ;{yESzsX*8JIKge3ka`irf^pkX=vSR1b=OjAr`=ruAELG>yY6?H&}E{d1J zMJz9A@5#E@jd9EurqX6nN-%a^mPvd98t#T+k}kSPt^8pr8krqacElYk?s`@~_2@H% z?Du6H_k5~uD7BD2Zcu!jUYYY?dBaogSW}Uay8G-SJ#9vRpL4xo?3~k&Ps&nDD%5Ee z^$!O3v!Bn%hoV#p>GxDBrO1-ao=iz+H`?I8zrGfApNLGwso4WoYHkH2X=mtU1eevt5^R3WZ2}Mx1B$@3wZix8ZAL&)$gC0o&VhKV8B zD|Shgoh?o#lnR_0d5SMecb8n31p2ioX9b;6*V$@3zKqJ^MtH^nQ=}S7riuGb@ z`WqnCuqEY})8U~T|68D$jypwn;QKn}ra*VX6yK$Jir0t{=sES-RIc&STfU?#lN#Kj z)xM0nquETvz9}z(c6w|2^2J@wTkrq=pu%gO7Fx*A8MhhqptyBnCJi}7+A-ES;pw6L za=K*2QSCg|d^Vg-ZAuCTM zwIZ0U*5)PN_NZy_y;Xcn`D;O4MvI5!iH7vw0*xgeDoL3<)0cn8)?|T@<@7mir}i&# z#_Kw`eeaTnUZ+2)YwyLKBDgz8*Y^8a7Jq8I+-?4$td_P@i_uOh@|zE6QNOsAIJLAnekqQng{ei=){ z<;yOjcSnR`pXIN7_q+5r+_V(wIqBgvXvP2QqyEv4EJZ-%xtGgj6ZE&_6#)PI-=F^P zIr;B8LEaJny&L}DenKQO(D#@GPyWx@h>g9P{rh#az2HSg9YLk zZ9>v239ollJFii115;ECNI|ZS)8QUqqXC&R0scs+azSY)+lCm0D)@)K*JQ`fN^4zP>vQo5P1Kmn3{2u#8OjxG772W z$@uPSpC&|jCQ8F}kPS_PnBpyq>&C7hfaw+&afu;vjFdJM|7z1euAFR!9@WlKa&Wy! zd7Xai&zDJG8rBuo{Pk2uDL%+Z@&^{?QWp$boCNZQfI#fKx&_k4_XUus?xw>MxJb!B zjYI^*8qxZ>)XyLU5E8mWx{#IQ!`B6WKFEgoyh@)f!QfDQL_R`mklceZ7$-)RSIG^* z{R0r;9K=!zQ$%{L0&$2(6d5*0062}Tq1sPmtBwQ+n}Vx4e18n$x+W3n6}-n+^+5P) zLQ=w>fazIKZya$|3NIIsEQb6vHsHXO#-rqbjmF zMZH;2@eM3r{Ze{=iR{EL1W=!rMiw2XGwOVPV08yKJ*&h;odVex2ja1eg9YR^wgJ5HMQl2$LOOA&(_qr30AcAhx>KpQ zIe1Q=GQF83uYsuZ=?VwO{F6+{Iv+SZ8zcoPE8rej+QVPv;Pb=8K=dUkGK9y<32t$^ zaj#rw5Q4j&osv&|4j-Imo}6%f>6GF5MK_gu&QJeZm%?79L&xg}j42>GeKebN3TAzd z`MR6`#(|8w7$Agaq{^Ws5PD58cwqyl10WAq!uvYTdw@na+Ed?IuK%oPo> zSuBh@rERw`dz>biu>o!ws*1=Yt;)Xqqr$craLO zakpc5F1Bm=Oic61aS=ajH!h*$#3X95JWtJsODFj;Y|dblTjx=D7ljJPdMDF+oG)cX zA9bY}Vt9-%k*8%?_+Db33{v2+EfZs+F%@&HD+Y~T{Ox9h>+Lv$Do2a(>!pkjT_Z4= z{p$W~$a+0ufy)AO%iR377%0PM2!3+7=-zbFnWSrQQ6Ve1oX#d;lIx9#)n8)Ju4aC; z$^2Y>@G!pS!J=j@+gk+_CYjl)+p&l+J$%^;h#XrX)=u9SYfg@p`mJ)|sL)*N5cDQ> z6rX)a-DAHOF#FHe3~BJLD-d3!IBNH-1UE#w-NTXGBm-r zz(=(2{44zUG$OewGh2O*$U}{~#?kn`W)K zFCOupyf;n@mg#-mZ$w@|7>C?S6ltwx<6x?!%|?LfaB_la|Izvl*YNBsT>Qg{#7dE+ zPw)7NK?5VoRasd|*hLz@;~=2V8-x64m;F}P8?*Zq^X@>Ow$y*w%>S|Yi3Qtn?s{XY zFBRF3+`ewjdk%j+zn1(Y_0>pOq}qhh=Pc&gsVy%zu$*z(L?e=a_(AUcnY2Y;qHzBV z`pYzC9Np=`6e+v9ZUt?@F)gSXl9m)c575x4Icl$n#*$6%ma)5bMrTMH(!GmL+(Q~3 zpPuHLN3GN8-&NzAPn^4+BYa~sd049Y2O?u%_sWn}FS!RTgHWrLp;H(iTNwzG2HFnT zHFI+#MbVhr_Q1u-C@vD5P4(T$tbKcmu-jo?$xDHfL-X2k!UWPSger`3ijHy0aSXoU#ljG)b}6T`d`_4ewacEoQsA~PGd{$k zVu!>|)mC!cB4kZ9CZ=w^<#Mc$YHlw=SZF6N*aLf)X&VG%HOFLR$C{VcEp7Bka<^!#Ya?p)VH&Sp#W{9`xuJ2<}8+$mXg`OJCkd`*1tWU2gZH zdt~&}nTL)VCtZc#cY>2l#?Z6;`#oL$ZP|39FUVvl>8t(msSGe{%*V*}cQJ=ld-J8$ zCmU4=IB)k1Lu=}KoI+5ssxO;AOKA0{+9GH&)et@*$JzaBioKJ(Ns~?ZhZ3hRw^MG= zp|lWD%cbf1>4p_6NTY2~6OSc`KJv9C7Ve-d{E(&4PN*z>q}bUg<45uSt)A)SCg`$~ zA=wmy_2KGr#NHEUW`-<8+f{#uW}R>cl42x%S~|UT1ECcR`H2i)^xm20V^6l$zL>gm zBWI<*cIv4z>x4>oUHk z{4*b_b@|_i(oPE|GqS^P`hWjLK6-AAsz(_3lzR7HkNoq=$YTr^QJ{?3=@qHitS9;hwayUoCguj0I_s=q_;{oLI-yi->cl;kX8_Y}VXlTFowN&8^ z;77jz@0JlLxYnQ!lfYt-55PFEA{q}N0qR^l|1AY-%oq*0$f zd0*hSU;TSrdB!ScD76?fR3LR$#xnAe}Qqzvty5})eVjA z=E*hFhjg7M)bHjKHHCp$o#7w&kkSk9;W6M9O~t0oO^|0wF6^}Q*`$X3WC3Tq1)Js4 z%X*u_lT}<6dCH3%Mhodz9v`thQ#W`x^wxBH=&`_yd+QSsO_zIdyL|g!Kr8gUA20@f zSj?7BE}B4?ViS@v#0i@!ZrE#*hHoMM38Xcl3eFE0iF5y56D|vfjpMJ-?xh&XEf1!p zEzx`BzwR76R0f4`e8^ZbZ3wwCpX#oR%|_TQyxcXkt$&*S8)QHG0~b{uI0{uTWu5v7 z@Bm-~wi6{N%o~Rg{ga)+rf!dXxTHG?w}zbiPI}=9P3MJ;6$*UI7Nt88l-BXC;kPf< z3{X0L569vVKm7jQW~_gKj9Twu05Qem?Qi5@P7PQ`h7hGfu#G9u)>z7MwqJD4!(-B__b}`b+{|0HaNCY$<;x2*<}F?(@{T3JB7 zs*niC1;wQVem96s8EV+v7c4f%0R`yaQfm1(tN&l{Wpdj}FVhDn{J8?PnX`HoC zcWej(L0m(p!$)`YI45Wew%#9}xyoO%x^Q>^LES7yZxEy>KF-!FUVAHGMJ90^Dfy64 z<3aSX%L>b&nGmEBtd$_K&o*TrA>p-a>}rroJF9hqpP%wBl*JwmnEyE`5sNRmcm zj{7+S%S=1ChV5?<&yWkSE#@y6PzgpL+I;#Yv?<^Xli>i6Wv70B_6(FYBr-C=?02R% zq3)(aj7*SP^-zn4W(={6*>g+2z&#zI*+x4F#;Rbt%gC&VJbI`4)eIl}U{oI|ib<)~ z>s=FYD+W1tA(@~}CPgmkcgG1Jg^dzOosD56BL^l6$sZIHe?n%si=DoD-NcI->#Ro`rp&Ym7KL%@#$YOl7WRGV7m!r9002@h zf=seiy6LnkYJYA|;MSb$1&VdatCzdA^E%OA0ZI}$yKd>UYWUTeTc8683wvh+&H_A4 zO+5##d+#FY>~GvXwN(dhg|Lf{*4b8I$FcFe5eYykUM{M+y;av4aOwG@kL;*n>&>;3 zL@MYZwX6l3S5D>#stchsAG6)j*@`~U@&R`#?o1ag% z9T&PHo2(>Ab9?oHcg0;sjN8Oh$?~iR?iKbDrUXM?M8`6P1f7EH%3B7K8M~MLozKi2 z=uDB`You!*^6M*Od{N2T6viA%!PKR3w}@za;H7Rv*EFAK?atUlX$`@J@1_u%xAxjq z{?nVz*ZJ%GreM2qcDowHPU!Dq@M#>(85hohaI!FYtEm5W%Dr=9Z%0#+{O0MfY(1$n z$FL_GmQ*jHIIM2FVBI1SAF>jy!f8b)rD53i3x49}^jf-KA9f>QEuXRB>5j$XDk6c9 zwUWjJCcRVT&jZsT)0osP_1AD&{gGJVmFq6E3L5~Lb(Y@friMuSvdT29PDrDdcwO`Q z6Iz91z;}dG=h?HUGK=0sfHW300vhpJyPfZ_K?_VfT}zOg>Y!|R`{vjYl)C}IdJ5Oz zjMl9)yoKc-fNbolP9w8NQ)#<5s;nOa(e4i>Jbq-)I@B2IWa|E}v0=1~EKR@r#{)?>e;P>AWc8Spg8h4;|*pn7=S+msqkgPrYF+qh; z6dLM6BwsNlTY_zyoDwnY5i4MAxQehmp*bn&6lvrTcBPBX7J;PKXmb>R2Z5yx=aFu}YnG-%Qjk#1@q!ffbbgpB;S-XS#$?O!tR{!-ImmZsZ3(-gQ$;3+}9ZgJfF12H>^^Vq|h=-KWKl?AuA{wZxESB;ODGdMyPvz_m%YkC(rbF%^H4B zlU#s>^zGzm@>5EAX|eLE_Q1NA-|r+=ciz@!K3*@&l$&eFGkzMZSNjR75*M`ETSW2>zsRqUfmWBqd<-Xa7>pk5*|NQp=%{U_1=ac7d7zLv! zV(&i&d+pT5Py5+x;y#2=LX*zR43bRpw6?X}K|AB~>;V`D^}bBvnTMk~i;*X8o({I( zNswZU$=;w;kC%w&@jbWp)1Hfe^=)a`-e8Ypi0&7$G(348S?aZ<_GZsOFEohbr??Ur6iKmQ$Le+$W@N5PFt{JQ9*% zj(8pRMB2r!J>i=XnNMa*!j22YB)k~++wR3}=2E(=rjwNVkj;kkwNF=CY)lDTc3m)+ z{0Z;#OFc5ra8FyT1~aU4qkmo$#1z@v1OS>9_l0@p@nP0@<$Xj?tn{y5Sgwtmjw^bl zO}!zTLa6p#Y(9)IhYE08PG2ksyboM?-Bun(RdZlni+>m9ZrbYP1TN9J5Yl*v{Ht%@ zbi1C2;Xff2Y2QOO-&TUzuAH7^cH6J>=#AvDV;!?b`w^zueP)xZHv^#mo!5)mZkbO* z#AXNcZMe#Q016l?a7Ed@tukDQ;HVNkr8?Y7X77NI^W76NH=&(~hJp*`Ukd?!&p~V<%jz)!=TrKe#LJg>H_R9EAHz( z?5-oDezLo`-mg1;TR?dZ4|XZ;-E-mgud$-urLy=6qn^ zdG?<&2iJEmfos>V-l*;o>G_~FqN-nQV{OFiF7$H4Ae!d*tWonsuoQYGcflQp%cwyp z81XxHIr5uXNwVap4bfF_ZAwl?95pmG#F?)%TyytLFAm4h;U8GPnDY~FRI2@TZ0PsK zK@i!emf@DAP7tCV^YH+t5~cUN58F2w7Z?0$k;c)6P}6FPUt-&3JX*k4X&D!{YX7Og z7bgG1(gIzV$I0(`jA_1g49bc5GMXY|A1vBEiKZ#ZYqzN5%gEmze4xQ4Q;O>HEYUnl zJ@4}v{RsCvkF@i`>*ss{G~+h21LNQ~^|D}~po+#GA%16HEA?W?b>xRoy4^*!V6uaKdQ zN`}7Zt7wLK3%$fegWH!ky~ZMpM`h#_dpe5m#kP48e=E)|WYA^7a&feI{9fpl{s>G8 z(IT<|zNs@2Ty2Ks%HrnTRpA?)W6*TkxP7{PLIf)+?*4@zt6xQ^NhVc{={7gp@De^7 zp^=W8Un)^zUQA`GP87j0H5A>)Jxaa_4|cGET}sJvx;MA-maisi>uzmYg8uCih+cV+ zl+6@i^&tH~#y2UwEmggUs5a5?u}id|hv;Y73wA5fQjsa@*%ITh1-VdI<04ayzO`KS z!5^cTRYgE4nQi`8eERNFXy4!4Ri=G_&yWq6An&^3&}SF``ciP$)UM^GW36t-?&R$r zEayG)76wkTmdld!7$SZj{}+4j6&2OCc56!zikx#S1Q7uV5+w&EN{%WS6a)oCrH~9o zkSrM_Do79!kSItfaz>CO$pQhDRAk9#OmKgDxm)`${+n~!*V?{XtLa)*bB-Ew%rV}# z_ouVF#M1AB&J#2K=hkfYg1$HA1if=tq;WorxLE3hhlDp>VyO4R8yBqf&L{88B@DceClB1QCZ4VW=&$OuQ!QX*wtrp! z=KMn`Z*>b!*Z7%f`V&Yv60C%Np>CcYAA>Cvo)=BtwZM3|PHugN?vBcqAth(g;+V+> zY0hR8@5yd-iEM<9vNCz_In+=*-^wWcdp-B=bxZaeip|NgKqOu4P(FWV9fNK z8K}ein@@K=Ul~Eo;`Y*ulZp@pJh?aYI9E~MOX^&@`q^fSoqd?>7?|OO)l{0a0ude@ z^nuqSbn=7R~5{0kl4x}Ge9tz{|D$@k&;Moxqs^VzUGgvv&o4y|lmOusixv~;V zGo*1_(TE>9GX=`>k#Nktq&>EYiJUhTZ53h(tK`<04OY;g^i$Jm6k_4_7#)kAbJqD@R%*<=>=$fgHKbX#~5 z8}6d7wo>c2II^=`?dR(kJ7IA8mAstvHC@hJ|0wxuhsPVoWXI=XZ+7?GE>}#ZElCh8 zKIYHehdrOaK`}#xY+N@B*^R?|spC$3$zLwed!TVpwUywO=CkiGYoW1Z|L#cQeO*@9 zs7B_(foQ|K0z1X?x1YroNm>QptY}_=YF5{<{YPp^Mk(xve={@Sx^ln7h}DUAR(opE z!^Aj=dew0ZaH-m|Lj840Ur6|4$p+4eprt)-#fAi^?RM(XUhxy8irlPbL_xo9w)C*p4;R`Xlx@(t6pm|!EEIk<_>t$?07mL*!jl(8hK>o`d(-2YO_C&6E8f!@F5?a?gO ztOTftd#^2#Q!cwq6it5NSfcHBvrPLg^~+xgqM--?5l7RQyH;xDLUO?#ayi$vS;?YI zI~#eX#uu5BeH+bIzCX}t*W6|&wx=5>xs4JUPBI4&uI}W==hpD=*k28NA`zQ)t{y2p zD2BHMyDN=Tp0eyre4~3^yPd};hzCapl?ONpm_)+$&Nbs6_J(&~gsmPSFU_WWmsUL= znYF;IpKRhI$4cFGhXJqtj#Mb$g6;e}9&p8lP=ik>XGAulmEjJn zFgK-G`z#5#yGJus%cLwW`STmebBZ%oh>nd}&IXGbyL}0>doV0koitgx9t(~f@dwU* zi#3x%;Z>r;(Fl%x+i~g|-N33)4;LP3v7l)ha5%N#x^xwFGWJyasaEY5W^c!u?i_J5fh6iOZ$ z&AsE4vnSr7{{}}0;)!!!wk+vBWWXCCenWAyK(hevjU zR4pBj2?9-!N*@E6#l1U7DacFcYDg|D*`_F5b>A#_*(4mOSSN%`gD(SZaB0_5yd9*R z5FOGxbvCoF^mp~Lc0Q+fzi7;Yy>8Sq4O5{&J-dyAN6V0A!#r?Hn^Kh%|5Ac=ietie z>^pKjM_FE_zozKBV%70R?4(@=c%2@BWv!FLY(4dXN%-5BEiEJ}I|lC=I5!j=BA7EMX*Np-x0> z&98=@_=|(@G4thllVTPxFA02HL!0(?ruJ_i4MHzINt&A(DviAUzR*J<8oBMJpD7eI9=jwlV>B3i zL7pNrva~D7z2*@%!ec$cdJ?0$IiW}5bt6`sPTRAqJf-qa^Y}D+u{ZyrMvjh@mL;H- zGu+ECn#zbLIjc+FrRpGh+xB$9YNN+&=&ZW52O0vs_l(3nFyqb{J#JIlLxvBWg>UV&wZ?vGgZwHP)H}Di&%?RAPtMA}k4+#W z@x*pUHS~#5YTxFp;9G2%+APLBeI-0I?!MTcw$C-l%;DX%1T&=zudC69h1^vv^xVXyuNzxwEjEa)>BbIU!!Dc{U0!8U;*?Cz9m4r40m-f-_t2J85=N zayBdE3v27OF{$FW-Mdo9n`2KXQK+lIE=_K5=>uJu+`a4oe$fp5T?q4ZSFC4L$gtR#t1<9?Luh5c;LpJ<==|QB6&16ln9QZ2BV;F5^((OGFjQ!dve&{KXveU9 zK~e6ZSJo3(5=0qP6Teg^1`@?jU951W;Fc%S1`c; z_AKDxCSMRe_yQ;Hm)8EwBx(l>w160Q_3=q~ zz)w)hCISko9}>d=6?S`Fp$xWtv6NdB`Q#E4UH zI0w!*DuvvwCqTd9!)g^C-w=9hOK|yF@POSba@uZlG7FyDavHFzhLl{B6JccThk1wE zO05fGlP=AIP=WRM=m1}@kef;BsS{9z1e4hLM8zW6Y6(Ed6WJwAhcCluo$Y3>kC<&wW>&{Id>hw%_daBb9N0;_)R6CVDjP<3Zr;9CIa#3pX5rBdjxbOut&Smx z*)xJFnvLNV;MCk23+Vv8mF(LCh{Gkk?<{}n3KtGV1)+V20I4fvn$PK0_)4ipO=~b zDf+=8D8G*Vj-F?lR=Z#9pNdJ)n9PTu3J>;f0bknLY&z{65A;EU?Sb$4?C(bM1MtW9 zyGOtNxz@A4^nVH}Bg1`CV?+OJr~BdFhe!~&>qoBq)z2<>16TNTx+x>$uW!`34gUD+ zM#Z0$vOj&~taL!}tk@*o+4|?zvHO1os{i4{_Z5Hp6jq>>Dc!v!?;kuba8q9($V8>r zyT2loDeV`*8)~I4P)6qO4tgc{ZRe5t$?6tTO=vi$S!;j4hi82lEFr?0{P zxy`SVU`(afEVcg{O_rT{7gO0oD7^tGo9R!kIyHo_w0S==^9^OEb-HbsuD`m=h zqoA4cdweE}&l+;r0>g zaAfs!10aSA02V}kcxU8XEmmD=1SC#l+MqXM^czAYfHx`|lt_DvW#rjES8N?oh#Lne z0!;hcOLU+iHT=!;R4R|j_#>4M4gBVno$0gBb5c2+1Y!9=i+&8^e*(oiB)A47!0!?P zf}#tcb4mmmv8zF^<=5b5V&8>NMqQi20VndaK2+5*OG^d&pt;u!+MsmWFLfY=ET5)uC+GSR&{Q)6iNp{FG|!O~7jCr7 zTgxI(SX>&hTt(j_K9oSUcQn{jks&^Qe7eH;NfQyPHw9FlPa3RXU^zZ0f$(f)auo6hO@H*<+Wj=@&=d=$=bX#}UeZb5*Wp;k0hIHDes(7$f zY#C@P2iYMy`VmkoboUql_kI!hJ5Q$hx0sG8mi1E?g zj7Jf+0&(~|njWJFxQRmtk9H;mGzFX1KJEY!LG)r<%`A^%<0=qF0KvYIYH!$5KPY%X z?9JAvH$^@xzhHqUgG2$lR!u@0F&qB@ZR8I~m_7k1q6cc-*IdB%xV6TiSJJq+01Toy zl$BR{QU%J}VYfCQu|g%5k)W+P8$2D_NlnUacLK`-(-O2rZI0L1Vt81M4i5WO74y$G z`z^(+qWovzu_Jl{ZZq}#=Qtw{9eR2jAl>%9Wrn!!L?Igr&l22G@Z+>uB@J{^Bz_MB zt(Sxc>$vgOJ(OC~fZf1fQm(+f@`55FGwQ|6B4FU~*Ui&=D8&nAhCVGza{?VaQXult zea3Ws6r>W<(jS6ndHWP_3%XfR?T`wCXx>C#M94Qn(oXL9w@r3B@$b0LPARzO|HT3@ zZ{f(O1Dh#1!UT{=E|j5iInXl5(B}%{=1?#(Lu?ps%M8>#wiiGZ>Rk*XEIYp=33kex zZwakM-+jO1pt7+8NB$K5S_aND`1A(Pip%NNUq(DT2BE|`Rgv`^QJX8@Ckdt|p|~mF zIbcj?N?eQkV$}6dEGA_>m;cNZXCyP+BXmrJ;kw#lU%Jg6U?T9< zTYxrR+jyq92Sq^M+cEOMayhO-0JXs<3<%310Gb*%C`fDWVQ4lKNLL+}dlUbl za&&4BcV_3YaPV3Tzl6Z7Gr_7YUP+@p4s=7ZeOH*J5}KFdg@1C9nP2WX=R0g@9O+D; zGAA8-kN^2-hKy&hKMsDIF!BU_9fgBbxkw=R^?C;r2NfC3qDnqzMyhn+BTc=RgN{CO zBl8F8(3{Acnj1zx_;Ut4)Izu~9?+wsJ$T)Vk!03D;Dj)7$W55t0FDzTh^AS6=NFr` z^tKc>kdm-PwZc{ct*jGgb|LO2Z2s^WfSUZzu9I`%D{fa$))cB|6E4yD}!Yu)wzC;Fr@XZ@+^|tybTX; z&Vd!m%hI_tF@}xJ$zaX?Jg^){_}^%RuZwaOf4gb^EkZy4xj1LBDy#6R6|`s2%JaPetPO~qS+O|>jo=Q4o{zvf@Q4bVm*Ew$voXZM&}j_2&hm;@ zNZo>h)`aMSv=9MPoet81(nyVQUvFfrMoV_@d(f=IG&3*8PxNB`SVqGYSSO#>4ZUTD zP5(ZfvufCx0JM$Hzs#-h+13w=OswlR^gVH!XfO`LrydvA2)7d$@! z+Lfz}mB%}W&@Y@~(*~wFk1bEPm7djuPW#5_TmPvfi8K@m_DkyMk0&0-gk0o01n9Z@`>C!O@snwhx|AMUZVP_@y>;a7UFV> z(ts>JQkn3e=|J8Xi+D_)dzywLz74^j!T$))zg~YP+ zV3);G8*7YvkFeDX$e>>ybnYB{H)nzS)U0!(W>SN+6^PI=}A%uXjgV8DL zz&kqpI<9v8#qT`S#l2=1_Ip1`^OkyoWABq3?!{_YWLw05@)$)%%3$?kw^)*z z&rDk)g}n4*1|RRT?`(TDPa;?JAIg{#5zHv*EG{M_OoTjGZWj&Ry&^YSSa3A?&r*T^ zEeiX}{6a&eqQAA~G4e8$_QHqnS+%>w{yzUx(p!MT`&@W=``@1XuUz0fUc3CCS-AfT z{%il|UFpLB=hgk-?`IAabV;?dhMZHLAPE0Mpbsgw|Nnpn|JSf3|94*~)$>0tfPv4j zLvTnzgTo>TU>N$)U)zcUSo#h@p!5qiz59~}1VisY&`Tr%_g1})O6?VC3uwQ?&o%I~ zs^`|n4+norP`@G@e|)w<0oWdsx!3xz;QcSjc)e?bcCiChYuHx)=NCxhw7%vxJw2;Q z`{9Ox+FjUl2uugowXgjC;3yIdSo~9r1d#;wFLpO3g~xL zc&+om-2@Q`y|7*k-)W{2vmeM>rZ;N_LX|I;y8v*<0qCB5J>Z-HQ4~okYZcEF-{GL> zR=?jpa#|w>xK;Ax_0KAqK?iHT9E7=cNh?fuGe5Zpe#Ij@z636{v;;U;nT-LHcr&%WCIxiZ;OlWgp~UFU%IvZPA}7YL zWc!DVPL~CFd~U%<-+y3^57_YPRNeZ<^K!DVKLbU1+Jj6{b`;RU+tW)vG6?TT2jB9U z=n2?ig@D6Ru1-6&`I>=T z(SD@NvsXxEExB=aNV}nD!7MTg?QiFPsk9Vg`h~DOg@NE)ITVya0AfTkF+etY7ar^! z49wwz&)!36AdoNau6ZdNaD4WVcWtu4O8XEHZ!K~NB&_3;#cIvaZeI+{3`&(k zr(vKYWQ2H;7|2u)r25jUB9J{DoX#bR8jkn-}^#Mt!gdmIM9Y z#|Ku~Zi{`{x2t%%D(i1ob=uURn|)z6?ZC0blhz3d+YjHFf{YO=@#NJ!*G!Vw#O~ zQ8owHwNwH&@vRN->-R4gYfLas%$zb+Idw9CK4HV_>+%S6I%k{q!U4xo);FL8adLMrC?gSc^)eT+>4j}o#m3l}@F$1| z<8pCfP#-2Ey1ZW0!m7Jbn&ovx@zvsVNXncNVsB3yAnusx|K6EetY8IpuCK=Uy}5&- zSsmp<6@>ye~aEFh*Ji$313EU{c!Phu2B_L&7qJICZstj}k`GskQ zFE4uld_YS~?CcF8vGs{Qf~j_~**%Jq&r36T3DZG~71iv5s4u-sE(^3m_y zt^!@S8(6hKX^y)uISvTGvAIOP7eJBYLU2Ov_PafGIk%%;D9xDBDRL=7(*vri)e*#e zRbQwBe|i-v%(*@sgs_t5M?nFA<+{9E>!Za!s(abK`ZuhC@$ZAI0CXkbY?VkpbPVs6`y2QV*bF-u=(kSoHChtE~s8fdEOm)jMnzu*FWrm zi@mggiJ-_fgH`w#I7FQZ-%695p0EtGKzv!3X~lT#VaIHNC8opH9;Hc-*_bO5<-`E& zV5=ZtY)1H+^A&w|^f(3673(wfcs$J}) zRE{8SXLi$U9NK_jV-TPh4LD~J8Pp@fRCB zOC}f~j$(*$F$UI|JYq1}Y)rsPKJ+li*hiBM00Q`UN0!m$Lt5cWDPxDAs&TdUt<+6R zDR-lqP3=O_qJrLs)8CM)a#%5l<6c!SQ$pWWsyw!{kJs{!-@FhtnpIm$_boAR9 zETT}&%(brxFijb`joiFecc4sX=!``&S=xrvyk7G%5fn{bJzq|1Hhfms$G-5m^GvU^1lS3?g75 zzFA6a&K(ua-YBsKD)Jmo{oIJqKKep7SgdH#XHjN(%%C><`AgU2`t@G zrF@Fdn;Z%VeogZGg7&e5GLAOg1C?(BvQbIm8J{+RAh=ET=F(fV{EQwqo`zxqW?+5= z64|5ei)w$o3ZLEX7Dn45F4U~nENR!i+?S5gIaeBb3925yzGn+6icx_Rka^*zxs6L6 z8A@@i60&(dspgOx>3AGd!FRzqv*E1>nrkOmZsX zZkpy@DaQJmUcZD9hHS(0sXC8tj~1I*w>7xWurN=1yQ^NbeZ!N26%+qU?J-1>T=y{I z;w`e~vJTtiIur<+)nyrF6TkR-nrnL>SVyQ&zA3yStQ+JlDp9r2RrFaBwLMt~iMu+|g(Fsy4h+KL+V5;ljIuF_%6g`_ET0ah#p zzRyz82dz7q$3j;7008nl@Y*V7?r1h7MS#cZr5bx6a!(cB#!T_8&GJ?Oeh(4VGHjhp5NnXhSREYdBtt1+nX_pK;ufFdWth z1;J&C*fhDobz9;a6pYM)l~-d_8Y#r$#rFd{e=rBuH^=RPB6iDCplpBt3u`%~u5in} zY5L!#ayV1gKCMS){2{aZn=7i_Fk9jmjU@iIf>ti7EI%ccZf?&(N%04S6p6$_0i)-# zugk^Pwpj)V&ZY*E71g|zn34#X_S$~4G9ysNIGj_Oe-QF@*WREH>nLVcIm0_=;e}7 zJGOtoBJcBBuwS_FMxz1RH(tsaL^|UUAZ9>hR%tS_iP1X1|JI0lu0oDz$c1^Xey|3u z&`QE@2;u3B`(IT&hknu5oTeaU{i1TVNglC|%XUEkXQ)U>{*8cM2TS0GI#)A5lT_Fz z6@Wib5p=oY?BJqxB8cf{#11;(EbY(ecCJdq@s3}0P_~-ZXx%RBR$6?o%~HVoBM_LN!`u zXUv3iTPs}ZoA!($PvXkXumR(W;q$qc)qd)pNaNsm)zTCysUK? zKR;QU^9rnQN)GoxW?%OwgLN!JF&qv_8Ds}*zq9zov`vSpGp!pcPzC;l6-#kZ5U>Ad zCbyNj1D6;rpCzWvG6L(#)5ab-uZ-l4t(Uv61(UA}3gyqS$!L!W;c78{5ghgRH!jFa z7jmU)fc0MJ3Bgo|e6t(~ZVy!8)2^oo3WejfgEY10IJ$Vxi4WuCo7`eI;xh6Yy=Kv~ z1qcnJUUfs~D=NxlPC|9|$WE?)mdsA3b`K;UDtiB7c6dI=7M|D^P2d{mqmH_DkJ&$mf`L&*zfe&8d3; zl5t0fiFMP%;?zFyu2dUTVDu*tNb;}tWE<|ii5!5mU#J2J7q z{T{XZ{c+In&fTbN|Eb!lDYtg09rtYN!}fv{HCE>gy<2OURdw1NoYuP&hegr1Cgi1! zm-}L52#+!^Mn~;TA5{s7v!oJfboB`5vxSLaraScAgn7&C!FgZD-E!<)+8ZM<3P$ke zLHSDr=TV2Txp^ad+}|C7c<{<28L&xogYuqZQ3pO(2*hjEpn|%4`Vhv{0&44s8tVVNpG3=k*iX z#dS@_D_Z|%(Ln#>qK0>qPodj2m1OoddEV#!<<#zl#_HYoC^bsvKN1thQFP(C|LT#h zhkh*)gQq(ZWF*Nds-e_Q`f_ktiacf|ksMEWdR~N=+?z)fyq(qD9~6V;NTzJmbbP76&rGWzD;KU7FPJd&yVw79QkE$Ptg9TiMR+C6(o2nGf3;{Vs+FVemnh;)x_Cc zp7Bbws3flJ{?uP>{9##N(j^$5RaADO+fr`WAg(=g=i`l<`N6)TtgeN*jGMa;b`X*i zNW#i3D`Phlad$zu19a&8a?QWelh}AE=W?|-@hk>KJ{`P!kzq|*ZBs**56Q_DjT1m% zqth;b#hG}J9wV5nPPH&JIQO$thU#}*?(l1RYFm7B2Q6d$(mm;t8UqG#_(euk6y7@aisquY7}L zSII~`VAA2QzzpR4CS})H1G~yYl?sMW^caZi2CZT7N|&f_Fu?fnhQWc)jr#7-0tvK@ zG(gGs`MvPx9BuO)Nq&*xZ%-I*Eop_CE(;bX(s&h_x874>WxDk}cQ!RrMnQW%H*XF! ztciNgcRxd@CTS~;*|P@g^oCUM*7!AFiK21AaYhlvOnAT3{f4MUefMb{I zb3Mx?vm{w%#9m;Rc=sawbx~PpiKaPiofaQkZRe@GvTdV3kC6{bAVz-#(g5Y) z$lfZ4RqwF&8cWI*qLqCc%+yk6~P_#diUg-C% znlGc@8}1FRu;`H37%L70qf;!mhj7{6hC{x#n`BuiR@?x((J#J407b)-#~jGxt!~2P z_D(Oov-{v)ECr+T1crXFY7z&Z6=8YJ?9f)Q-_~7mJb5T6D}W^&_xp9Ht`@&k1!Kx| z2X-w94!0*8( z!$8!-7N2jjcAp7}U!*7I-xVTcb@}#O(Z$ubR8wr1C9&Z|ed@K4725dYdySPL^A^sw zNok`vO)}N$r{-yS!eyDTF9vww?HCt!kD?Dh2cK%Jeux)8NO3maNt>9bXw>iV`c$;O zn^|=zMBA)7)38^*dREqRz@8$+iQd0zs*$&CpFs7kQxX-n$L;XVv``J1F644E|c%h|;v#q*2f1NwO)#$1ye$ zY_!5mGTVI9FmE9uiWa#G<2p|3P9bV)abIAvTO<)R5?dq>LKs*3c9}|ZSeQFX=+JI+ zeR*+EP~aIhe6D76-A^pOvgRn+SzGd8Qm$lm*Z7B>toE}Yd8I{-Dc?QeuJOEg$WV^_ zSotg57Gfl*Re(Qq81bHrJ>c`aSv3)SZdy&coZgqp;rPyFmVRHt>+@Dxx8TC*yZWc~ z)YOaMt(B^qr13&=#a?2qw5xCE*CRov63`>{XJn6|F(MHSNkV<_sy&;by^vl}_Csoa zQ@HFp0)l2(=~xX`TS;w5g}ZjZ9$9(OgQ1?HRb2 zrw;7>8YQa!JX}-_J+*L8PG(_olkHafbK`R*p_k zM|q%nPGETWJyP%?yw3Sk4dL6DeYB`_=a7=EJ@}S1C-QtBA$mbv(WF%H{r$iiqP0EV zoZ5$~FeFiB8-fIPE%cAI;wdD;t#W>la(X|uFs}oBShP1aiZ3pt#799yMt5xbB!irl z-|P6$6DB}Rg#Hmi*d7vGGQw# zW17QXX#|monfP&^)r|GQ_g$lDpgY_DMsYO0qF(c+LMaE;7#v+Bv9fQ%xh`Qj5==~n zZgy7saoZ%zdKNWVxJ&fY_czzeS9=o>-{jjOka&~Tg-SXj$||RyEnTV`F|mn+kgn}? z58NV>?mC{%7#+wqk}#t(0;VYB227T(LT&$c;FSWkFu?C)d1~^BW8E^6QS|aM5K4Vk zs({L^Aj3oi6j}w)Z(cquOq#|y`y>zOlSa8mRL}Yy{^#6s?q={I*N8Imenh59AU%kP z^lTrjIA|Ag!d&nhUqh6>Dr{3^Tf zb~;cn8vubxn1z?lw9z$ZK=K4g>s;e)(|a~#Bm|mYuL7+$44wX7sk*Y{TsS+ETCkE24hMDZcn$g z!{=!K{DL8=upS93>S)4`H=@CObjTI^H>#%C*+m4 zFCnkLA+t(beSl~Z4!7>y24Ip9HE#Z*nC#Quocu5p7nsNsoLa5Wf#2@F%4I{upoYJbq1jpZj<7TNJ_* z%&|Ca{_8_ezt(>TDAey;)F=M4vkvy;5?~RGbT2vc@cfU2=quzT@!q@j@t?{YPMtaM zD2YxtiTy2S|L;Zrcch^?_TTC8-v{yR9sB>adH{(0G3bI~fP^s^bO(7N7)1+z4IF}4 zL7-eRhq3t{x(*Ld5&k`l32Ip?lEaGfEFd-NG`)OwpYl$6K}m zG>}}~1#FwXNKJzjL`bU<1a%T2Z1Q%W@f_Cb#Nj8C$d!`5e=O$-H?!2VhrvFa3Ub-~ zNbe%NoVpEKvC5^7=M#)+Z>#MC;q8TEX&_Q>opZQgapT&wc_!T*7X<);T?0o$I^_6~rto2}8~lLtbA=rN!$eJx&Q z`|7gP*q2WxcDfn-SG9n?JzmYEl&N~792^3)0(X4{|0gyoPmN|qfW>8aX z+?Hmz2SoIR0C{z#NgmXPCT0}5}l969;PX+65;MAD?9G#k! zdl{1C!cTieN0s0ALkf!hot4|vw`@VsUihp0aUe<#Ly(IA2Dj;N(CJr%0_A5wcxB@r zFkH-uD8X2se9=XNo*fCoocs|a>4&@;HVmPhxQ#&S!YX4Ay6caqZ-9Wr+ocbGTHi~5 zV)T{x6qj!QI&$_n;%XoL0!SSw0h`t!$RZ*QwuI=JlVkU4pdkpiqk7fx1Xuu)Aa#U_ zP)!S^1`@bRkzmpZFT569NJ6iG-g=;7VK+peUFz8bvsa9K<2R^rwv++soOH}m6WIjl zBsPP;patU`2N^nAE8V;*$M1&oT}-v-cxv;T%e)b&95~D1NY`M7yP*LtZ&L1tIizle zOY?joV}-ID`RJl)c7SL%7(lIsppNk8xYlj*KF|?(U;-}BCe>h|uF%W#< z?1g%BMj#OYVdf(PKvJJ?cgQq9U-0J+L7o~l1YS3xQTC5pcM*yzfN*qD(nX?TEf)Wnndw?tAY~A2d_S2qfeTz~#kzMb zbdei+1R3Zjh0kdPvnwRqt$^P`z^rA9u08EKbP$G{H^_f1D4Cs-9*QS7hL5Sp4 zL`gBAByzKAXM5(NzLMXi$FaaQ7)f@HM>4k0fW&|wP3m@6f4n&!1AYuvQkkuRADvbi zqz&)MSUilS0bT zj(Wa>B`z@RcNI5kFVQi9*43+alJyo8>(=#+di2z5Er-%*19$1voLsH=Kud)$7mY$` zx)fk=bHP=*KK&7Zskv3>E^&jNV^{rS=8r{)l~~3hKun<%>Q<~aUh=vxest`Us>Bb_ zey2Q$D6^L$BdgvW^!}n#n|%8>)Z$f0*!R08cu#O!%I-}3bGDN-3z2{Q>hg0+mv5q- zOo8e?f-O|6+;yg%FdAhMyT~o@3psBY<<21_1na1XI~W?TvM+K6Q42R-u{+hHLy4k5 zRByH>V$MOVt-V2LN5v&T(q8t!&KI!io=+3grpd=!eYyAII_>iZiU>;t!hQ~NAMAc; zFkudCk`3mbgYpd!rGmI)knXr@NTB!w;C0@REvQF03f9?&;zv9yA#c6^_8sjmg;Qwg z0wW5)xQDD+Bhl$wqrWcfVpG^?@JCi)yW&yn=udk6aBG;+v4{f7a4?ahY$o{JLl&NB z37(&)hdsxs02GNc4RyV*vM$IrDybe(Ue#jnvKK(Vq@U)&6|~0p!Cdqz&Gw{-h7%=O zLNLLt9FXaI5^*ru?9z9u-VAYBNV;MRYnE?{4FaZ$y`A{S%rryFzef8ykduXrxHyFp zIjF_8$ag837>&@g=M4xguv7SiB;jkIf}3{1sh2I9;y7e6082I_vu_bM4||uSYBM)BQ*bG80JzLTCgUrZ#WvOOKwoLr zpAy^zw>734z#1l62M*4yf=VblQ$eH`A{_S46Tm)gQV#dQ0vSFr|1f8u&*_;m5OiSp zC@zOA-i0DWXk>oHNBDFz?wOQuZlBz7>!nd*q>zVEd=1#e@18a;h=7C*gq*m-4nj!Q zSz0o^4FeybDG-VmHp?V$D@VxSQOJqv1!Qu=N7^gxGR)imWAG|8vUGJ5((?k{;m@;?f#>;P>8Ll!)?tsUKlg)1 zPA$R*q}xW~JisNvSrr+(+t{T&ojey;0sLTGwYQyLDu@LT>-y2F;T*@u#5CA~zO}$J zPkQD#F1274BHbXN{Qe9L2X*g@+GK9MvASZLP2fk5GVOlWXEM#~`XX6yF|4FU?@pPW z$UUZL%Z+MX?mA^;f3A*PT~ug{K}cKI-C~180XPCV-qgUXp*fUxaYKij*eb4qFA!`9 zviA%s=x0L`*8(rK5Jhpw_<(Ra&I`{e>P@;}B(_*&#HFpjq7Wpe`PuPs z%MWc{+{)sLM5}zbO-HEOzFUq6@;C^9hxOiMgmHs8_9B63C4qJ?p+b~h_g%S}E7P69 z?WE510aVTxj?~z$3h?#%U-$$4J^if*L}4P=@(94+MgBErxTMTt^H=Gp8obp>r*Ge9#Lmbd=#TM7c~&R!!F z+24?tK@sOrU`=be(;e^%cg=j7H*i&1dtYUcIRn@CX-gXwxjeM3l+Ire9uz)A4hm@#uO}MOI9;-+ zY5!o&mUt)7GYF%*O2c|iXH9R{dPHBHaRa^1xg1?rFqQiY^~o>GENWrXB(4&$qV9A4Xg?r$cNmXnYrI(GjM2c zek+h8Vr9>dJ!d7DMkmWf)XA*;MNkD_fTr!71VK}LgyS-h6gX7<_5dLy?M;$y2{4wH zOS}xTgt|A9nQ$H?n)Xis95W+bK07nXjS?$a>flhMV@+^Kkb=~xO|E3Mt?@lg?9$1N zRCSf#@L<7lK-ROFGQA;fYU5UInW{`;&hk|=-)`gg{Nnpu;qD{OFY!SN7``%>^RHl5 z%`#zJ(Y6Ji6zeUslqI$l#7OD~YEQaCs_!l-({oH;ugm0%Z>kvA@-Pjy_=orZ$1_~U zZ3F*6EWWj1)KH_mq$47coT|?KG6T+i#j;qTZ#|0|iyN7tRCO9iTcKnX33gffqPxZ! z-HVP+Y}sv6Ir+vT`Bd3=>h8UbHvv+I*4gd2tl1+~#GP1pC}4ekynFp7;nankm_2dg zHZ@>fv3lIo(AiI;Znv3o@5Y!JA=!7XPq4zGQLcti6qr$r~2|I zOgD~$SFhINu!B>Mzeqp0g3;`MT3f7yTaGh z(w7lAUz=a+vEUZv{#82~xC7+JsTw_7|M*zwUxjf~@8omDjokdJv;~&T4v>v7?^n(H zKQ*bdVUz?VsNQV5TmSK&OMqK{`9Ncf85kZY5#}5v_;+eE-Uv+u@>zn@!qdYITn_F1@MgMWd)P{e`<^QTV`r+PE05A_i#NGe6 z@vQs}*3;$f-#^R%AsBt5#;b4t9#E|73A_Kk#^28sj}JarCK&N7T{ye1d@gM9 zNf#x^508EF2%w{91%X+(W#JPz_CaBBK-K>clEGU6PFF$h-3eM~fXsq{!2Zh6Fu-pO zYkUKI9WoG5;1fua>{Ql?0(Oee-}WA9K}7^KSaHJD?g99KL`U!90eF3)Adfgm`AQpj zZ_#l0^Wts;kPBnLZgE&G#N9f8;9|bpGN9eS5TYesW>7?#gy7=-7o69t;Hos~uRXR; zh9d0!yn!(@e35Z~I98e@!H~aQ<(LwcAQ0s80|)MPtTa@SasQBHND8sw8-7YXfWpixk>o{TCC?IMA0&rk_ezeUaLu5%4MA@Bmm zdn-_%aUySoT>**zT9GQ1duLGDD=JkjN^yRFf1<|7vv(Jq12=X!oep3n5 zg3JIcY)D690<^|U>E1xQjDpyz?u`pz+#GsvH=bf z7YR@W`4!)Om;_1^{9!DpWsH_6wRx!V&p{1=NWgXYbkHt$Oi>9Qifi-p?w5Fj0^yG^ zBBh8XsEPoRDn4E7ObK-BfQL}a(2vJKY>m%Dr2tG21WEfd>Sx1vU*&hbxj8Yv0GGx9 zML7|$RJeQ>1i^gg>ugIvxnr%_==K8|@(`~Kz@89V7W6Q~R1UO(qQ_NcV3M#BXrcXd z?wo9inzDicxG~aDr46)|Cvd8BoG{!?hF6j(B=0+ett=5}+j~?4GXn|=UKjz#D3>4E zA+*==%s)X)dB}QGp!Q&Y`~$|qwLt-1B<2b8oMJ$E+i)n}eoV5OT?hACeEFVS`*)HV zsLQmL3_XsJy{AA_m-GiRjSqFFx8f>58|s+D1={m*ADOZf%QgW0F{8__;QMKpwt&vP?ITns)7_c`VU9v9 z8P{9pfMk_IRmo%ds`kT)2UR3n4!`6Ug1IheJ_IFP5~zHbY#XaK+YcTqdMJ41QUG<+qS#d^slpIm&yAZE1y#xIOdF-Rh_D!M&YT6-ZaBeT9r@h!Xq+blj#FmoZ5XRNtc$N+_*>uU@ zxc%G&u#Iq3*#Bwoz5l6xyJvu%{N`{E~<+ zF^zwMo-#csh0gQKj7WE#y4HNa6e^x~zT_;m;BT)x7CC(mppCKzqXvqB#t+hN9w4}} zaS9b(8fDGKmPrzU4NHv{tyAFQmh zSvVTO25<9&2I|0gDIQX5VqajHQp4W~+JA+p4{9XqvNOD2_`DQ-ur%1ozH)9BL?e!d z!=|6-%JMyw>ad%u-GO;&;fweQiOs z8GVx~(vPsIQ#2<3&_(26L$X}TvP#pm5e{k-Qz(+Cbd=2kvYb;)u#|u&NcOH)63_QtL{VN>aT4d`iO zuO;-T>+;}2*oldCbB$G}3Rzg0_H|7h?sOn47tBjJ)jDq{5RPe%PILMpm8dq#>$?{}dEPcia33FiKNT+7op^r;|iS*|Cn9_4)!J(S`Z*UV!n*t;aP> zRq1ck=&E`V@tYVyGy_i_we$7JvXrEVX2C=`oAZd@4S}4oHZ5?|sy2X}-Dh&p0@D`&&v{{FHvGLQdz^=x&xiws7{d;gi*|8 zdC(DTSx@(;`&P=uxkBv^P4jq0|Po#Xbg+kc|_m@D1sGuhZrD zq^VST3of}^T$(y9kSvz;hCGR1xU(vGY)sp+_jH|mSw@;RMPIMmaAS4aWlLNZP2c9dSXkhEjWZpjFuyv$3C?wxWq66Uu%%=925OILN8l zNs+}-in&WgR@Rf!G{FPJ5dReWIZltOL!o02gMgdMg(D?(gpO0wD%UB-8s!&UzOj16 zC*~0QJYQQFypb%urB*Te)OIeIB*xkiC2uX>S=Di3S8(!LOvSSr=7VFdQtQF}Q7VGP zs6}UixSD#sXHxf)7DiWz=k>3QrdS(yPP=q%90V4}=E1O(AL=w?v3qnLKKr~ZlyNj* z$r{n&`YfE(k?V_Em#gzEF+0ksvHe1+qJkn`e`B-q%&Go2gGkfrtU@rf!&+DN3RDsGU!t#?Z)nU#3k;;d%WS`latL{(h-y$2_@Dns)IsHs?n4_N{z)HlN-g}#yDRphhyS02qbI^)6WeA7-Q%!oyLh<|jHaWbO=hDYXnvb=H zfRpbzSI?x=$J?5=KDB2IK9whKm}X~5dtbLcOyXRLl3UD<0`mX!x8a0u{M6;xj)F0m z9_UCj9v>aH31feM1|?E-sol)sA;BG`pf^H$i4a-|*--{-N+WrUN8AUu3Z;L3l+%dt z-nbvJ{b28DT8a%Y|+`y)IM`56s5vm$i0O z#W|@^|NkGS+TZ&p3v$sta^wyH@`P#Luj%LgSpNBA^LBDpdkMlS>-h(q5~YK5cXu1- zBvJ7fn+_KxNsdkaQ_pMeM!#Ep=*waizGBo?<+!9$c`&OB8&eppkvx@6Qu7@1yZ+!D!y6Pjt@TDV{MO zb}%8$G})zf|LaJmJ(bLMup2UkgEurOV5f`M}bH#hEzwQplFJ?LOa(v!d1PtPu!V@xgCxXJl= zpV~HCOF?TF153y`AX=A2{dk8$E-J+^=sWh=`PHtk(S^k`(N8bjL~en%04ZTzy!f$s z#E>OScOPo*_>fg&8H-h>?~osE=U`Zom5|Hk7P{kJ^tiyi$P6E$*-65FZBz5rbiSs)M~-Dpc;4m~S9-RwokF^l;(!M1Kfdu!kE|ww{}jLUE{gwFN`wV~EeSnspS>$inK2x)S__R50QT@dcc#2XvaD zt9HUSQp^=@2{j1NjS&hA*@;-%^-A!y+dmAjjVJ$AaF=XyMr@e2oC$r`6uOir$e-=+ zJ6hs>%Zwrh;fIhew{w!c2NyzB6R7+K8d;to>3-pGB3IuEV1$p5vh9YNQ<0WKKEG`i zaa9EL0r#|qcFxAmrJw=;fE0zCavRNWyOvef=Nb{Xz$tLjwDtJRHO&!7{32>VRdM9d z;8*q#f+CPpKI1<1p9G+l15#Xu$(>y|t)mGT! zM5By50)c=@<;fhW!G=aMc4Q5$=6mwB3`-)sm|-9{%r|OL@-RbQX>j6aq}1>Lh6w=_ zhC**ofo%mntgFC)pXTzRl*k6NWG8vnxUe}3&65XC(th>H_l;Pr_gY^6Dgq^Ea3VQc z774*j2P2UQzdC)|GLBuR>2N;K%{;~MX5bmb;D8*K|1orO!UNYQ_$p1F$#S6N4PSDR z8IiM?eX#+YsRHUda$WZR5rA?Q+9l6zf=?VBz;uD!mO}Ow>lzUkB|CFCUkv~Rr>tyH zCSUQLIy}-Ag6kSV`p-Q#HBVr~^f~+hVv15~d{5^Pm?kh~7w)Zn=QIYrH+qElf`{YS zxUahOFJLCn1(YxBO603u)KBNPkV!eY%y-A?$k#G>v72Ma zePLfC4g;-^5%oJ_hY~qHil9~oJU*70D)Pn0z!RVmiY}{ZWmPbe*2n8H{ z#2}IlD8hN?hypo?t)gY-&sE@=gu~{{?W#=uCR=Z+e`WqGhQ1+3-5p3dCzoadU=>;f z2^hNc0Rf#esrM>5SyIqv8glIsG_9--c^Bks`jE>wuu;q-QGCqJHC){sEA8L}$@-8I zR(BBsQZ-)|d9RAl4U|EnPK5i;Clg`VN*0dQO_=ztt32k@Fk1~kg1(m4`_C)PoFVnY zP)09WU8ue?Xri_W54gBN`+H_JT-fA@joigIfZlYN9Y;qBHbzcjcWXbaZm8RyF? z_0z$7FS-@pRSR=qSHZF}P`}t6!iu;VW=>>2x?MbDvgUA%)XLBiNFh`xZe0^<3!|5g zSE&~D5mt?ufA9R#0YI$v^JVIgv%wmAa8kPJ6>R$^0qqK^xjw8J@m*SRMA`zz}aX9wos8y3q)B?P#<(Z9YaTz(NS+4$v~YLwbj> zh6730zE7v-egOuhKYv7O|AWfW5E^}fHXPx&xS9Q4wd zNU@?+mpFfEcVD>n?xQMO^@t@k32SZ}mvfj%DmD+FzS-wz(R_%PXqCvZVRPsy?zphI z2svIQZY;BX5R9hyDCcR@WdKt9Qu6Rx5n<0V`#5X^R9YvOZ!TE{nW1O}+>DSfiZp|koP+;^k(HOOPvoTcXvAj;iEQVF5 zjU_~wgUn$n05g@MG<9q2{rDc$pD&9f&t&^4&jF9_4JogfD?|w1NlQ`Ohc;;9C#Axe z#00?unakpqd0^aeNM(P;6=B#l2>X)r64jHOulO`hd2;lKGEqJ$C(jIHwC>#Wi9z>> zye?yZi%yslD*l9u1{fs~5Qfwj*rSzvEkGnd`EuV9&p*qA4B&tps8wmS2#!K(Q zv(>5etc3D10rWk90yPb}at{;i=9jV?gt8dwWWX0gtCPr7j`%*^JXmN(DMoWWIrfSg z175h7O?7fC3O5%!HU^N|#?d8tIS*5p1M%rt;9m{6+Pv6Y92MuqdHRL&Nm4RCHavz) z(&cy9TX&UxJoSfja-+5Y`yB>R&ji+d$GNymqEV01=gLn&Z^(&uLYP*F!$DZ;{hrq( z^I-|M_Y&3xOi+BfyZCz_+03=@drq0#$m`m1CGxWt7rbGjF-WK~(X7w8sGoSa(x*ZzfUpRSC%$C8p#9Z}Vp~&;3ppG9T zi#@Wv71vs+WmtKoQ_q}nU?+{S`kn6F4+hr{*Z7&zsGN1ulM3a`Z0j^BH}a%kOP@!1 zeM|a?>CBqIsvpc6Zj!#KI8XFSi@khJUFb_?@|eY`NvUscQ=+0W7fWh*5h{ea3pxJ1 zQAy9Ui!(Q_SQ#JqJfwPUEb!~$cMBrsWaR9-_MP3RkiA5OYqA%N^|L7W0?bP(A7%ey zcHw;wP0fnfmx{EmT+L|@;Ot!teIQ}$ODakBYkzCl%5ls>3&RL~o#{Z0A5Ig?8$M0- zoo$-xkh4d&D*)@)CIu+w=qrnLegr)0OfJ8xVJm%|Z}8o_Uy*Y^ad^phrn%Qk)Jwh* ztcB&Gi-b6ca(;SqqqwC&-<<4TQIZ!|t?jEMn64zKMM*gYCpbB9ga*!pVNLtBP>c($ zdjzf$xO+{@3N~Gxr+k0v;RW-=BeNO$iH3EJ`qr{6JrHBoqSv@Kg3#hCz>6#vGi_uX!;o-zp(?jHE z`c6HtO(t`vj!pj+rgZI4lReY?OLfva0uS|K4MvCBqQcg;J?aFtV z!plWaeV6c=yxM{t4NWPXs}rEb5Qi7bqT4>``sXB&A6#LJl>t6;8zF+0fra&xqZTXq z-m#S7R+j=zUG+e=kH&teq|P4#EBm+UbP}1nK9sDRb#Q(t*G&|57CG_kk}aJA$7YcY zAoexKFxl|b%Ht{{kW0jCE(m@+-x3rj(@;2aUDxo0VpHrz3I<+o%6GJkH}LUTZF9N$ zDdXfvs(y`qiCOv>=a)vlv~!q~C~?u>LM`dWdYLzp8b`UmTlt372Rw4gCUL1MD|Yti zmN^4DV{Lzf-i`pBH&JLd+KGSJ?TUu)Adg`*?>&BGJEY9th7e=q>oW-cT5R^pO#8T4c zo8_gX?8E2{uMj-PS*F~Dh9ZVPu=j^3Ojm25Qvp5N;IQ$AzkpS+gU?yb!ewOj zLYU0L+PH`a4+(KkkwrCsllX(;%up;ecVJGP&I`cGB{@ zX&glxC{1n4>ct#g}9fb^;vJ~K%YRd2sNCe*GBoryMuW#?3DeOg`8|bmmb+uh}BX`ruW6ipDoGtixTwB+P>f0;0;RHu% zE4C(Quiib~jwMxUNV_TLEh<0dGR8WxNH}NV>oCNQXRunXn()+=7tiqbIOy-d!Nd;l z!s)dskM-6GhNTTG?m{zYEEe7H?|I8$YTTcH%7Dd6dgAono%jVE6@LbnyqNQ4m_%u1 ze_8bo7{go+ft31KtaW#MPq9A0J?FkC%u2x({!5Lqqy@OA**lD7Cxljd9UwH$%P&>7 zun^4wa%|SEmDAfo!JcR2Kkt1lEhhk<<@?i9+k(BGc5=K1vy6u|*5{%D-VY|BkZO+S z#U(edk#-wnP5UEH|G^7250U~tL`_CPi)sv~i`kr;6`6y#1(cXI8M}BTb|5=X_68U6 zeR}NnVDfmzuFdgZmt05{5g1F8O|XY*f=ADa?eTNhQgY($OA$YXsQ(>Uu%giDtx`oD z7p?z-ED6xR0;u#aWc1H8z;6TJXkRj`@Q%6h)+2qtA%(SZedv~|`H~4g-;U0@Tr+j^ zpPVANj-=>7$T1gy22J)TR3Ten!ZbaiKM_7);Oez)eN5yN{zi zO#h>gKg~GGR~J%xqsIinBy)CeEq~nG=u*~U+0#4sjc@`$i;Ps;J(GWTSxpdZr`+{0eX-3}R6FbG$xEG(!xeQEE7-P465%eYHr$Z{d{p)W)Y*w;Mrn#CRYU zT-4~SC;tH}oub8wCzB4d_Fh#aD{FyI`jTty9tb!jViioi)VjaVDdW}FLFfMe1o^1^LawVn!ak)Y|y@lQZ zMnphD<~_coowzDqhzl*Uv@Zw3nNM7GU!vMF_2+ytl2_rV{T*xy{l<6SKdS5r&^x`q2#L06rrf>)&@+DGZ`h${mc+_K4IbQ&y7^Mt?@G z=Gxac*2kpFAPB`Z99UU`{G~>=UJJu8<}rjX<&HNX0FJnc0tw71DPKU;P=tL*?K$rc zF>`LTUR(<2EPofZfUR?(G z>-M{jsp+2xpAKOtrBi$dLFI2!918*G1nR3Z4*^ebQbn!Yj<42lnk66~)M8 zM=ct`lM>B9Ycn##GEiB{1%p=bP8ZuT2X5I9(OL%u-2I&QnrFl`j`{=i86CQbXb^89 z(Ma&2FV94I-R)=(tyhJ+e4CQeeGs}pL@S%)EPJ6nfECpyI3qep#|`rg?iX@R?BU9e z4zCb@-`y;Er1QZ!+Ply#k(!Qz(zq)h3#4=z$6^Q26dgi`0TOez1)2;Q{sh5-^5Z*U()C?-5R2P(Q6seHNh2l^eI5-xLI-PlKT^_rY^D!Rm;` za!mh8vP$D$(C?TLLyu8~BFewiupI56ef@D)!vq9lFB%#={bchk8<5F;sR(>eF*PdZ z!XXzvDk6m;Dc^2$`7n(Jo*9_}8de2DwF>0SIPn`?Hm0k6XP)Ji9-Y7JN%fkZgrcq; z$?dJ-(72%#b`Y8%B9x7^Uy=;9>(t;vJws-IipE3vTF&d6%>ln7v5EqoYIM*6`06BX z5_u{po3@-TOI*#E!0Cv;T!F}Ju6Dr|5B3$PG7M}NNh82BQfO{6UaqH`lSonN1MI0Y z46VM5g6#}$`j(@I8Ubv)@zeI3%+yIYXlCO;vbtrB+Zn!x(%o)EKaQKD@Ycl+c3wl( zBqdBk$SYpja+Wf5esT(}K=K;P4>f_0gLE8Tv*;SB(%^`gRR`b$dMz0?P+UK(ksnxW zPt#!ZKK(>ECE7T|3lfzg?`YqJ45RsgtCh*&Gh?1xZ{lKmQnmC>E{0Xa!eV{Q|Cd_Z z9pR&vR!7{iY_PUSD89CfLQogX(0r$GLwyjpyWU%*-Sp5>A`4CN8gC>^&PuZ{xvFqs zRN84Y4isc_j`C9BMIyiSx`KE}B8muZw6B_jvONyO>M11da^%Z>_)4EE4EQFY?>{X^ zaRvS!Uq|$I*wu<;3-vL)lvJ=m#Cf=>-wF~H@wDIRH!TzA9CvFGrx>5R>epR;oz|nH z&9n*Lxu?z8b~ELLt)sH{Ke$FXbn+sdHcus;;yeDUQ-LD$`X@vgIIkSS3u-`5&a0EC z(G|vOCw5`t{u;OrbLjEmB2c*4l_W=e^`}tizsN~JzBiJQHUIGW)(aTAzH^&0?u5|l z0RQ_pyh=;&ww9HXOC;ALM5re z=S)3*u?`p$Uql+Kbsut$`OyBX6n^+le@Ubf0&4~4hazRC4qXp~Zq45CC-Y`O3$jx# zI5=HLXMeVFmYfp^pNkdg?gpi;{jKSgg|x*ev<~f&=g+SEY6;VMxAzob$n#*AkR{?V zKE8Y?d!rH#1Ni1I10GGxE$M2}!W~&MrzKp?edUSE6;k`AjBrc4iFCL_ZTv*Ka#mjD zx(s|RA~O_=wl!s&N1lCp?yQR+&}aV;Ib}$uzE4dXrwnC;J1kpV*r+uvDk{AjWtT<% z7)7Ec9VtZd0N6@q-0QvGQ_qqanIq$11sC%2P|S9|7ogqi7sCFqXjT6tJJ@;8ew5r} z=IiH9zT2w=_7!iZFC7%LiWJKwx6)6q197;)>$7@4g1mj`54 zPh)EYsBR&>3%!u&g|m$a9r~$a%>w}~y<&St4=K^$>AimRN1vkaV|{O|xYqfPM|~Q5 zZ-*Ucx+MR+O6}Kgk%~PKH`_*YTB?zLA1mo2pf^q!^UNp6*<91pkkyr0AuCJ&5cWyX zUY4q==AFS*)rGACon{JV^ophQedenlde_}D&CINhG2K_A^2U(jL$H>D?(kwezhUl~ zowkf=Nm&-e7`13-YwZ{C!dsviOvd~O2_og@62-UFXulj<0ofrr;RW=ASag=Kh9qW2 z&pIs?vm+(cgxeF_>^vHF-#(ik3oPONw4nLoSDPynpze@c5S0sA2@hkh3co~)8%#}I z7Hh~((AA|*ok|^>ce2u94SENZ*l|I|0sJx&-*oA$K)$V8RLTv6S1x+z&^wVVLjq4{ zx?~D#J@#BlL7te|{Gxq43t5st8P!TCQJi`R>ABPAUvBF0 zJ{D00!ZQ)t6y~>7J3V>fi;f&BEGkX(Z+vVBN_W|_)0tLM^7U$hWdh~x!IZq%q7)R0 zb^j=j6+79ia50`*?<{tt<7K1#_qtZ9u^=pea=iZ(TYOtu_qnhEbnVh)9NO6h&+5fr zc1=%Gwuwvowp?!Ny@rb)ZEs%~$X*Yqb{z~@UH$Dk_(joyC`@ZhPMCD*vzO7vV8Wyn zvU}0ttsOzO6v+|Fr|z-%;oVW(M>LAMzxWJ@s!agXo}S>|TaJ>LX{`EDH|z(^vbgU9 z06lj$E%7@wn-P082<5)O)}dT;lGL|R-GYyZEqac zk&Ld5FV=WcY+yL{On=8LRMp25cR6qqU#Iss1*y;CTu_Dw{LplDjtMf~UC-L-oJ#e& zC96DjxnQpL;)1s?CwAUpFS(WPspqaw(Mp6Bg%)a0LXPobU)3ttP&iwj+*3Bmo2->h zMg){Nxvy^}-Ns>o+WAC*-d?p@*Nv81%=5_ef9Oovn#Rw(qOwL0MzLQo~M=SA3H?x^%(z22y_k2R}j6c%#7vx9=_zryU&4-_!ejxUAw_u|Vg`3uh+> z!WX<>drn*WFuRohk!Ad;a+8JYx$TLc{cHqjSSk%Mxs$p|6*;>X%OmrOE#a+jt{W@! zZ>hdT-H0r#p?1BmFa&_c)+6%2<%_um0%*M9vEB)s6e}Wt#;n}zPKlExGXNTTJ`pK9 z3$xN|P=O8lcdl*k&1%$K)!C8j1>3LrUyP$qQoj%1I~!ek@7-*z?KZ$r|AOGRT1_ma z@p*h0Xu~SEc73P}=wHYjVtJXi>D%n^;3YCikJ*DQZtI8P8pFdNw!ynHb;uqW8;=gc zTPcN51Rk#j>L<~8r9_pcnST(6EhONL9$4zn%*dSoA0uFg5rp|fzWE;`K+;4Wue})D zSuV2Z13d-DVo7TVU?_6Si1+I~ZI1xC2j950{ z=iIv%XvQnjax2RsL94l!zKd`Y%*1!~Ck_ewMsj1d0TP-y z^}k88{HKS0)k6z_1q#8NvPf-RQkWr82R0@1iHONNn8^Lce5eSMbI7C;P0txn&i0#{ zoEtcEf_ZK3LDj;KPp=Nf@*aF_l{bUxA3=$rl}<;aQ2u)zOfY zbSu&AxA!{yaE?ebdu#3MgH1MX)KZyvS=Ihwq-q38Gqcs3KAX3eq>N%oyLd~e_S~v4 zodIO%e%IB@U(qdA;^AlDD3BWcM&KhYAVa^L9&&_~%2_OfF+Tz7SWyJgVG${H60)18 z(F%L1wn%#_Es;%q@-#Py;0|i(IS^J57nm4vmSD5=QOL5K;=XfH>n0)>2L2>GoHX}f zfjODuMm4HuhiI%=){xwYyS0N7-rq+Kb{&5NGAAN%y121YqlknAft_f-Hufz6L#4${ z_sDZ?c0QclEwdlc_m4nIUTS9Y7jU>>XX7@UuFeJq$7$uMbZ63${X|mR^wFG9`skqn zZ&xM@r45c3lP_V2!MK|ko48vTC!gCLs~py?%;)wLWE_v(wO%BUXCGA z_41V^kc@~=eRss?qEuBOfN1>ckA9>WMzm=7Pk<3o0WNjn9q53_>bB@}-vc*QrJgSJ zzM4P;A1&Sp0PqmLt`Te;w|r%gKou4>H66rsgl866%WSjp^#vnH6afrcg9uH0zBsjo zwjLmPJw$wq!hnjW9KMPnK5V2{P5#pDnknh|3(%Q6Hg`eZB!sx1Hct%ee1E#);F(Rg zc5SzGEx;ryt?##9GQk}p=D$gPq`Y{W0dK@i-Jpiw5O8Wgedcwsg#|gkM7o!*GPjo( zd%d6|Dy0!^26Q4kvosLkE;Bpg-4Gg@%H2n>(gDa@N5{iJFX2F*CjRXVlVBp+&z|g6 zy~4aDBH|x7+58oLtc18GdCG+%vNCh`nT}}B*EiRm!=l8sB?vSx%&8ZwvC&Al_9*r) zCJkmB{LrH~a;vUY+A~jT@TOEs{8<39y2tNhlgFTrite9Qc8XOjSQEnHI(@_t?2ZAc z?3}Jsa(ie#1iF>;70h$gD;@d+`C{~aK6l3UQ4P8tpQjfL>FWm9p|pd?hoMEE7BjT9 zn-erA5f=GXK3g4FhBwI3+_at58l9mXgE?BE<9>C*?_k+;X&C$|s}U-no(%m653NOl zLftXEAexqTWB%bVe&X7IuqRhHBf=wTSwacN&dRxqyLYk?A^VV`7NVkCRxNA=8dnkQ zFZBV`6xCda;}kaHVPCyW(`jn5Vb~l_zvgr;eAj~epohfz)Ph;(C*LZXWRg=2!C8JL zE$~xUhokfi3z|jI7?e3VYsfdKf~kPjXdtI6=lLSl;`0!SSSJt(J<+YQ9A&wE3M`F) z@P>c)dCY#WA$l)@=ttJsXVRjvKv~HvqO7dfRC;;yz~}s=amTEl{nl>I77<6n-)X6# zvlJnGN4FbuhvCQ9p$DcH>+IPbVwfe;80&!Jh66z2(35$l%9bEbfzZ~71$+cXFd;!U z)`}8HkYf)IV|kqDu`F5;Ag71SCEQcp7iFmzwo?QJ;B17zXE^tfYvn!mx zu{tTv4jhVc7It?WXQwGnJh60W1d%C-IZi_g%DVW<76Cg4iFPY}xL5|hjpiA<7UPXx zmN;!#%2RA$uWH2rg-elIoMHpT-J~UsYql>s>7shi$-y@PYtw>1@Di zO&`KC9S_)3XH9q|_x&@%Kt#k`CPwVIDp!s}LHS;j0g2G=Pm?asT`xK8_ubYgJM(gQ zk>qy~UFO2`qPcn_mYY&{5agTn*tyj;@25t;b>B@x5qzwFT_^bB;*D)*1eJ*T&CN64 zZp~h{LXKi?ra^v&Eb^r-dWEg4YHg&2pNA_wf={34h0oAthQx4Jwr$Tv2#z80(sh~Wr*MB zP77S9D0}Fb-7Jd5FnA`Z$wf-38QTsac48qMWv5%6Snz(RQ$pSz5S;!(ln#FiMb&h) zF@&y+F|EnW+9SaQ>MeRgLP5_{Aeoi0JJ=NU44a-4l3bT7ngv|FyMVp=rkdgFO8_5V z^Xi-%u9V#!4H%ogkQ>>))zH;`f+@3Hvs4_6JkLToXe(tGctndhp} zRJrl(*xd{8W{7lB;c1L9Xe;_F6$D8}X;FDu3G~2G!OW&_%@bV>Z50nI@(G;&{9CI| zGi~zT(R6+qmHY~&g?((%yXAV-3IVtf?NpwK9mtzd)Q)*%X-|m>%^_ZH)@E8YS0$2R zuHsA6&k!C^lygmsSW|Rgb;d*5 z+qX=!sXwYc+29Ld!TP^%)Uep&kb{+B&Qq#U@v$o=sM5N*b_cH9um|B4Pd<`#WOZLy zw2DD%nTyDn{|NBCSre(C&3@xp(iBUj`R>I#ZQUJykZM7u058Q;)k=>JLVPb)F?4l3 zNIm<8;)1Evy(mrXrb>RwkQhDb!54EIS77Vro*3i7xw)LlTFn*{vpM#4^Qqpolt4I# zv_5-}i#W_>{Pxp11(86_*54d#_k~6%lBxGD(%v+vhBZyg<>a@i6NSp<9J_M*O%vgC5jg;hY^Ek za~|Xr^vdk*RvVHTX@8j5=V)_F3suY!$r?eic{H6%v8s&Jf0?sCGa3D@<=(`$9O)A`WRm*OUn<{e>+l*y!d6;*J+6jhXQeg` zhoS%DZ-Z&AcmB&imG+-fO$BlL@OrrYEcxeia`X|ML%xt(`1ZN|Pd~B;F%rpae1B(W zA*rAZg`^OV%f7#L-qu$HcL_kpoco)@U*`r`N648M17}{&&xSX*r5}I4(wiPi*J+QH z(!c+)b$y!GU@UJ84F+jSwwGc-9PNCuT0Z6s%j zjetn%ZQtzMH{+alW_Qoqo!v83p9@{xRe$xp_0@mB``sTog`5XS?h)D@bK^m2?%M4h-d{^7+D1V%Nz0?K!%Gxgz*jojTJyA zL&G3LLv{kpsNac&_O}iA_YDml0}~4y2Nw^Y0ChkODS(cKfq{;RfrW*Mi8?v}^*w+| zhDFYDQwEzt!yJdzl~N!uCKH!UwxW$nb9j$k(84VU51*QbmX7}FH4e_}TtdPkqPN7v zSXx=z*xK1UxIgyr^z!!c4Sx1KB=kiXG&b(l>-dB>iAh=6 zIk|cH1%*YGRn;}Mb@dI6?H!$6-95d1??*<*#wRAHKEW3jmzGyn*VZ?_Aojl=93Fi; z{(kbqFEjw-7q?J93KpOaV z!kP6H|I#jFaEXCS3|wO15(AeQxWvGpg#m67y$N9kV~ZY@k%Lpih8?H1dR`CDAub+O z@|f3=eeCZgh(oeZZ6l=Du`-ds{Hn`^d~ z&pr(+JBNd08{sauGqdbf9IuYQt*U7$W{+xlSV+pE+87)(zr+@3EDum>{JG}-Eq!18 zz~vOn6bYk9PcEIEiH&i z7)d!XOrT$%AwmjEHj)&A7rtjFcZ!Pp)6jf_W%QVpK<`J0)3Bcv?#2b``YRVY_zkXzlZ4{qk0$!rN4U;c;o@j9v91$O#eKO05zL)-yl2;$inDrLc_IrGt+}MK69VfB zVnF=(EhNApyGLmg5}@CRr!X`ONY`j+Nkel#l5iA_wab?7Vh!AP?P~G|S$8+brA&vL|XBPBNwY6R8 z<;?ZDBm7n*FkJikM#N$)1j9Rs*3#!{oN9yiT{@d<*8o5~3HtTo9#bR|Fe^p^=M477 zSb&cZ6MjO+EYThkc+t#jWRSxAnEry1mhBn~8i1l^4T{{hYKkCnP0n%}RIjZ7kx&z9DGcimVvi z)EHd{h1bW_aVQp%farZhbjX<^Z%yZkQ<71e+tA&SnugclhsoOHitlBvxF&TXh_gk* zwyD?DhIYvNgx^ZMZ?>ajZz8zDw}Kynn~K5wBFNBp3-iv+R1pSJOOth{rMJ zthuH}YM{*eIT#-{^d3Km?vWQMj=|bC&z0&uwIC!=%j?lEpyH>j?f`$}%9|W3?ZwJf z0iW8zU7CHH2L%w*g&wC!AT%kWF3hiB+F+A<)WGO%7<6%U=4xc($2;h*U)`T7(G?0) zM$PpY#5egBdWWly)Fi9uJMmSo(*{@IzgaQmO*Bk>M=G9nxQTN2rNMeEU)(}N#^~Xr z1SVdZ-Sf=QWcw(Y)p{LM9&)rcMvBR#!xPR7bm+g}Riy{FPb6C)yPJ+cw2fuUrik=6RA%O#@+{aXdvyeWy;npoG2olJ4;?DS& z$K{{J`7&PrHT+%1>n|Ly`cE|wvYAbIS8cjauA!lxQEnq|*RwbY8{Ay>@EwgI@oj*uKFmtJT}7RkmMn#0u%SSDfpD+x zoWMZz0+2@nofA=SkpSC77>aj%*hSF}-OYQBa$;}qOCQTg@*)A*2^1rFN(Mm)LE7mS zTu!K~UCw}TBoJ2mo@?tx6F(C8?Qp|L0N3_;>$<^k>mK@zi)(e9S-pH8|9CLYN`fkq z3(`RX$WTo-WFFJ>OqF>r#M|)Vc_{-D09cX0qN5v>Cupk!MG*ws=MH%7=8n;5kN}0^ z8A}>963BE^KmzY@TaS}IXN6z+zx%^z-sMY^_zS6-ZWWuJQ`QWDrRUYYbEMIuo-CcR z3#h?5_p6OxcX$5(5nPl@K1kpy3F>~7>mY%P$m+jylf^CRWh(^u{Mix`7?E(;<_<4M zi9c~&rbiUfNI+@3Xyfdz_S9$=lsn_yAF=k2C^j7v*WP+W5r;Z;$FUm5hq{)68a@)3 zdZ2dB)&Lu6_~Nf{a3m(>ccEBHanY7AcOo)UIW!=S;l@n#P14`wKHoZa7Du96n~@j#E|GQC7>by zryAPN{0#QwcO}RVkEpt)AiaHyWv6&OsM*GI91f;I&EISs(AF&u=8KqVozdeLh2=@B zt=1Wa^1MSy${a7{F{u%WR}%*%bQDd{j*1LS!?%S&8jt(7JU{{`cLn5$&d>$9qH>kk z8NKNGWfngW7(X~wtX0*o?su||brP|TesT}SNF_;Dy^lwg47zB@^-fT%LCEL5ev%;2 zEMgE@Vr?BF`z)o{mfc&aobNXFFLr}mW9eZM_^Y$U_VqM+T zN2rCLNd9OvVqH3&cw>>0D6smvz$ z-Ai$$g9+k!H{}R^y>X(nz}tDLi*;mYQ7eDFHj6}D_S7gr>l(4!44xFC|HmbqsCxK< zX+o_k$1)LEh}UvF!!tA0#RWHIWuM!$*D5Fs4>56vRn{Y@GZ$XeZ2Iwf943as*;+1! z!<>BAY+qU9v-Qw&Coz^#OQk`-nv!-EslsNAXFoa8H2N8KEfdk7mBinu<9+iw!H=R> zau3V1h3;*r#@zW!a}0ZXa9m`&^9D1-DKWe_EpjZX9Zk_*ZSDjA-KHUL_m1d%<-v#>Ko78^->j%Q{F0HIS{9nbA|WPdQG zy@IjLSAq+wGK_B#9fd3~4IeV>?|pVq=czD|qv&U2w5}}*Qevtx;tCCwO>^nUhOF z!oNPhh&p239HAR_JM4C4<1>qPbX|K!s+;BW#n%~vt)g%T*(S8EM+@7~s&zOgmm41~IAaBg1yRxSU zgMUge96ggkP;^vnC|?~@H#838!@OUh!nGjE&$#C%VLKaMUNL0oz0~myTs|%D#j(4x zZ6cFa@a3&>eT z`yO$*dQs@2GD^YAEGQ@NlcD+Jp?KQY4$~w28k9Pr@7713VE>2=@n*;9Bv6H%}}|C+j3+a zmZsJTfTvlNP!+T6$$UPv6}0#1a`|71+;}WHf*UyXdH}Vz9Mx6wQt=sHXp%r z4?H(L2y34=H)Qcvr-*XNJyKB9PzWsa{MzB`^zFq%;l4%Q0E>v1wcZ`*Vjx6Z^!=pA zX-uQ}W5NV|ivl(0jquNGDcK55T(^cKw^8ED;SKhqxR1Y4H8WP-82pUUxuxFB*Z!&GnkSe?NDTtS? zsli@zj*a<>6r%fq5|wca(|Tzmv&fl!>5U|~U4!{ULy4BPJfGpGLi8cnwBtWjmL&d=25*Bpj6u+kgkWY6Ly2yspe{ zF4cZlDP}186)^*F*yG^K;xMoZg-)z;e^7GHa2o2T?~VMDW5wJ%N$hW5dOPw4lx1{l zx}&0Z?%L6*N_%Pbd+E>$rfe_ETW~S#pPkjMD7*)EtN*P8XGvqq-xTrxy3LU!N z6e)2^@y-Aek=@W3;3Qu&^Kn}uy&8|stNTN0)1zeohnBWXJ1?~@BdeZ>n%99Ds(M}n z0d~_T3SMZRh6ghO6Lbe`pEiOa3*ulb2sT5$-dgjix}x&aHKKb#J0qUv6Jf z716iaJMbdQ4fG*^?d1=URgvFw?v}8ejEE^R<*=^sD7gUkz!QYfm) zQ)-d6{4RB&CM8Ip{JxZG_(^5`rG)s2l7sDk7HrfOS@XI%!oo}$j&J55foMpzQ6WeE8#AZ$=-I*+ zHb|euBxG~ASgliB`e-7FB}#+nGkI=TNvG|H*TmW}pFJ>rDGUT;6R20YUu4IC9<6t{ zr9WiKs;ylWomy(v+%WfBAhK8p($}APm8Ni75oTefYdPh71w~^FKR9VEM$}D!$p-E7 z*H`J*B7<3b_d^I`x@9vtzHnE@(&j$Tj1}^J<78!xrF6iWU0YdQRd*^?TEZ{ax4#&{ z^>s3^iyG8Eus^L{9knyyy;k?iS=sVoF^Rfk+SgLMD+`ytt|ssMHp}^1za@v*-e$DK+1auoZD3X()hGdTcb4=W zuv=-C@0fev>B%}a>}Zra>m$zOee=nAJJh0x?j7i8Eont)+oD7M*s^53F5#wPp?>lQ zEr*YieW00-e&E8Hw~yp~9oq=w6a~8&RH*&ytg+&x9{Jg1#XYEqN8Dhqs`JY^jT5?O z{3J30%0nY4BuJc^Wp_d}-f3UJmrn0&DH&CDKHnDUc+t4N~9 z9B`4Tvu_4J-tpp#F~?5Hag*#uSC&@eigdiVXZswo2|xX=XsrFH3(uWWDMVp*MVqL9 zlw)j9>?p^M)hE^_j9#w|cSXh;2S)O6Uc=nzt648 zV2@?=cQC;*%cvR`)zrE9ZrHcj54;66&4&6M>`l{Wi>&U0Y_vyRUJ1Sdua9MXY+c+) zSMCnuzylN%sT56zqZ+KS(?)na6|DSndIS{mJ=@j^um)=teT}jkZiMPu?+wJ((S7Yo zVZDDiQ*L`$%Eej4{-017$_o(;qf^U=yWg3r)lRWZA*hCRxbf&f>B70n15GN}w)Inr zsmhph2jky~4q|5tG{HBX%*=0d$>v%|&6p*UXva#&jGfb|>I|JpONz8yt!cee;ouwD zSy&VJQIi!G5RC&}=PfBMW%8^GvlJz#vz{JKc}ie8Hm`l?d2KBf#aoY2NwK4riL9kO zNP@vLL?Tkz8I3}Q0zFe}7u&3e*qiYXws^g4TBjkzP-&!#j8HJlZRF;_Jh=AO+FPTn zXC*`_-$$HLlAbxNqUK4rP_|=}*KOM*2HJynn>u{XlBVW91#Q&H*kw)<2~~;tN_X+^ zFd2nMl;d!)u?P2iJk~I4SoLb5L4ZO-s-=naro*=daHEf+6Fhn0^Ra62v_Y~~Df3nl z#N0(AJHqvk{oa5(MBsjgvRJPxO^S0uaaMXY$_YsZ8o91tHEZbm;wj$M`hrJN+1wm7 z-ZK@Mx{{DaI$!=sBO0^V$~_`jb>#86i)z)xVSZ(hv5RJ^jo}SxTxe0j3sYKlPWBW_ z;Yp1LZSHYnB_071U2>iDCTR(q?l!e`x>+7!q;85UzcKLoKpPGxyrTav*ysX7ye6Z{3sLrAOKXho=r$WQ~}b;eGg8)V;yl~^4# zJ)mzK&Tr$%{f?OvaQ{5wElf0q~dQNauTqpODdu%f&AYh+TXGN`pEnqSekIkzummwrUp^0%J8bCKh3_kZx!vCk+CbLi=>YUiJ; z?;rb@75J|z@NySPQ1+Yy4b2F_@eZG!WcRdYL!fa`5xTAz`kF(*fCPR)lSJHA5A#=A z(hFF_kTqBp5(sXZyO2;kyV7{$>~I3I=jDe4dK}dpBF>YUHmyP({X4 zHKd&&3keJw+aduRuhuiqXouiW6$gJXnB7r<)L&vO!CfSdrB_=V*)6m#uva62bdWm|!1PK#bBO-w zJlHB!Dx1V6is85C7yRzR*>L{9*l-@OprM@!F+d$tQkcoE9D*sYcF%!+_SHnijN#|T=?zVV?Uj46Pia5% z({W-y@)jQZQ^n^$s+KRm|8tuIm+`-h|0M=4F>r~2OAK6M;1UCu7`Vj1B?c}raEXCS O3|wO19~i(ve)>0)fJrL= literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/vpn-routing.jpg b/versioned_docs/version-2.21/images/vpn-routing.jpg new file mode 100644 index 0000000000000000000000000000000000000000..18410dd4867866ce479765ecd0b031037cd282e3 GIT binary patch literal 28109 zcmeHv1zc6#w(laOySt?k>5z~vk!}!_5)hCsk&+N;1Qe9+l-Q(5H%NDPmr@dYzvVse z+^2l!ecyNPIp@7|f7i`#!eXzv*Pe6CF~=O^KmK#VCSVHyj-srBEC2@&0C3R{1eh4;=oqAU_}B!LWYkoYWE2!M47ZqQ=-BBgD3}FU*l%<3 z^72wM35g1Fi`?Sj<^KKVpRiJdYgxQPGHqNl3|VGBPoDzYG`U{>*(s~o0^$hSU$G0c5-%cb#wRd40sV36ddw0G$!_STztZtw~6T)nOWI6 zxq10zem55d-hy&BO0q`;VUexsLh&mwNV}9s581ngTEo;K0E{zy-vC({tu@ zU$kH4mkfUCz%L#6r33$Sb$~6Q^w4`QD`(nx@=VS!er)Y#BB@9Z-&`1+M!-{)PWs$F zT^R5pSQ7@M@fgB@hB4#I=)06R2>W3`vsAv%z}sS<`E5?9dEaLyHK;`$Y| z3-1Ty<)o4mCOjK>7mTPziB~8Ibgbs?Z@<)U>%16 zG91o?{b%@4h4r9@9YPxzkRD&=(vNeN0>y_M%m=3qVez&#c<>?6Y_l;U^{4J`-=%~Q zwp&rLjTT)h2?Sqi+2%|ea=dH^-TQ2Dn^$q#kpBQJdOVp+pZGc3hZHk?{_=F?rwOWZ z!hNo{ai`OFMQW&>-FV>!2elR&%4>u4iuM-bnT;~ymZP{cIOi}V79tjo@`*pO9zc`K z?L9n-HV+I8!v_>knTgc4a>Q?+t0L7C_PD?5@RSWq)7u)H(=(FraGK+FTyA zPAkE%Jp4}kJq!rt#blkDT7v=lA1Z@3rJ5M3(9*T&Y4ZB%5gi5BeED*77m~?y>67O) z<4Fm)708jak<$>L$~;|P!q>l4t2uxi=gXLem{xrxg#pHNcDnOby$H6ahHj}?UqaX0 z8=gL=tqOjY3+?4i^Imgm@OYgq%H^k>dMNAXQotXF1j*^iWuckA+5DDUIK1YwToz!X zX869U6%)%Ce_LO)JuPP%lc(F5-=LMsl;153zrB4bXJ%okR)KS8=~HO8QZ?S5IVS-o z4W4jBmQEhRCuaCILP>8Y1qh_3HbtX60$op};3bs{I{txcX+LJ?!q?7hJ@;Ul5$8!4 zHc|a%M-+il{_P@1~YTYRECT9rZb+C!_ldql__kSaMITpnYNPEoxOc_XK~wxsV-u~Xx8vSIZC=@o7&w6N?eF1jg(&% za@>1W7BLNU8Y&HJ>M3)A&S#As3rjJgirOW}Sl_4&t!wO3zbJH!Wd?T;6N|wIw5d%pI5csQh1cBdZjVsc4iAExl08sS zMOk>~i!~K$Ev!V=MUEs37x#Jv$1BtYAW)O}sescz7%G*F4+B0Frku;T7~OD!(!zkK z^%pQ;hm8puZS;L*B~XR?H!aBG3o753lF7jKYn4Dl^;aPEjN3YA<116!0<{J?!D_vg zNdmVol)`fyqa&QobPRs3K64>LZFQj%OFhN!@!W2(&d#Yy)FIj7E``i~fUUDKdaGx} zR8U&Jb*z;}quu^0Mi+_f9UNvj9g(AL!>hR@^M?lwO_)|T7@QnyF+;*M7(05p@uHt~ zQ(DIhYZ*!_99e5`vv#-81dQOSLEe{35pdX}hSFv8GV`Yy*ZECT)-xk?i)h*%8TsfR zw1qfR-R2U_$X#L~3E7Lhx`2ZLWc7K5O%IndvaHlLJPpsE$71-{kM{7JbTvySy?*G> z)vu0heN3rlv; zRq)TImx$s#;uO+`E9DzJnQ%L`MowrJ#xpy}WXL+mSn0x8a~lx`(5wwwD8Af_YA@@F zCm&?NDF#9>s_2+b3d&gYq9&Vb>i$UqT( z>jNr3#Q5eZawDOs6Sklk6Sp;<0gkDFI9C`K1u<&fL7V5wN#!YjpREY45&~us zK?te*5zV2RM7FN}Bwt*8cm;nL%47PMS}3B9siuj*7Z`wVg=)2+f@rW&VE@qNR#r~_ z{SN_<%gUAyP&!nm}9f}XsnxU0e8w9=t5RAF}i>e-af<~=RQ5+x?Ywo_aU(!nK{1J+5d7p~4;AXV85DKReka5{ya_ z!}_{wgQql5Dr0_f?o$4czaFz!Ics8bKwrt3f}|?XgL-YlHIMYD&rN{8@-%+m-UU&k zc^Q);msHm)pec7@c&DiFQ`?RAAGMPdzu~s#zY&!k;0m})p`DYfr}s?h;G~Xkge_}J zSaU4Oh!~!3HAeGWEoL{CsDr{{y<*qp!(|^l?|j;fl1baPwZl~&DRNR2yBF{amJ{Q) zV((3z96@dS0}q~Fx2c7(+}l`CcyN3)Jc%{v=!<1uO>3KzXp>u}ved_wn< z-U4$V&yHtcsqR&gaQpdyzR{$?i~+_Y(sUh(h!hr*EPf(e^ApAj->DnuDLodA z75zX&U3zgu%+31OWpuNwVMKoS_4zuKC(w@=ed!M*KYxNh_%gHpnasBO*>Qh-z4x|f zv?g7kD!iXBuz;oyFsFz9RM=7uu`h!~m|(y|J@KQ^ty;A8ODPyY+m8wZCbU(q=xS53 z{6m>j;r~qwmQQ2K7Znjc7+_Lhd_@2m(7Cp{Zv1oOnqr?;@h=nyDOZ7JFkpx+f8)9U zeTDy>;b$Qj0PoW!axi}7U*vP7J}v>G6n^3>$?i7LChdlE7Ms++Yosx*+%%xA2Pawi zZ=UUcnCfv_wVQ5uMAZJ&;hm{qq4@4T0Sp*Gkc9zFtqqsqIwEc$?D4g=;RLM~1`H}I z=u5KfNw18xsa&flcXAr)vjLakv#?|gl`U}Ax)6MOA!}~^{MI33T-F0?0V=AYL~?m5 z4@A$8fuZT~f=Ck>3!b671^$OAmm!}(XYhl0KQz>O-$tm7Bb=7;6daP&57)!nUqkuV zN&Vw6E}GhK^vBiNU4m5=dftm~%Q=112m4n5$h0q>1FKR~G;m-9=xdlC~Y6c=c*#3RSg(O^TO?v5Pj^GXtyD?78zE8~PHan2|w?XZCvp zx*j(xc9hTZs-FWT1b1UKeC*wGpuS`RP^_CEB4=GC!$fdO7HdHI)xE&D%**oAK*dO9 z{1&>UJD&oB%U5&VCNvY(r-l?}&c*H3_IN%WfeBZE&ihyFL3N4kR!nJyCTx!vNT0^d{DL?+detB)qD=jyG!4D|? z4_f2k6jdBc&|rNJ|1rRD@1z6cPvr*)Rk*X_%*x0wCq4Gxi|NHbQpkgT4G#S zzIer#Gin}#&2yopWjETzx~O47vioH$+_3KsMRt*;=y;@a{T<0#GVjr#H$(M10sZp` zp9ZPM#07fms_?&!$<%+!PGkz8=k$aG_SX@Z;4s*TD{w$qr z;bz}Sv3`_gp*0x1(6zh!QOYg*DnWOsSbx$2+V?4`{}tQ^vrx&tWO+n0Z?=zxwoEPj z!ZJGvJsh*6JJBKGeXA{sOShdq;15{7!^*C-j%M#TWV&?M^O?}O4=yyFHZ{fMttp3# zAiDg}=nf1}qAgx4&8sOA^$%q(?EC9P{*S-E(YAur>!uFa_;HN>-LBU!LFa?vYm4y- z8U$P?l)eY}h#)rZu~>3(LmvigWEK1W>BI)h)|9hwd!%>POnD)3{1<~xQ<~d4>N$u3 zpRuzZf>=K_sGm}h@Z0*)E8RwCkIsw zJziDuPt>#Rn}6w&l$%x^y4)3Qt7ViCZD#oT1-}6EhK!4*nqHN6pZW(i83NxQ$MCvK z^3V6_*xrpkQ(JwYko|aU+b1^%Z}p_b76uqmAoO1#uzLsd-h67;A;CLn(EL@IP7V*V zcdwB(Qe8!HZRHU1Zrv{2(ybun+oqi#&H1-tNpO8}a~mpe_yC>dp4lGf$Tvi&F^zVe zZuOaX#o(|toiqnI*UnFIV$vv;frt|sy-T+uvrg`1sIwnvhr0v;hp_3hp!;TrGOd58zfiaUq5H!g7D{2Fjg$27 zM3oGIIte(sz@I7F*kSg!cAg2FmDYM0yu7tbgHKn$&7OeU-ima?2@C;(7 zef8o927pUg;tXlZ38oD+7}FAZ38uD0sZGWjHlB|8?6)Pr0Q#}_go9mF9pXGZVogOp z1B-<)VEz>+R4!wOZ2Ss~tpDolds54DI6XrC1k1w0I{=)SX)StSDvikaGE#1WujHJ9 zFXiG8v{;?TIiP%ZD0+J@kiZ!&6;uvRH}-~aRFNNSjE@9u#7~!czE6bvp+fW%LT}&x zZmS3!!djl*4$F}^GrgEQ#_VmWkdptN+xS~kd@-+M<){%$6dB2EV z2kK1S_w=i)&t;^M48gF?L*C?dPH?&Rp1;DJTEDsgRb|Cf{I@lo#1^~jC<5307)IFb z*o!}E6)V^}kjt<>sUVLILh1CyjZ#tE-bfFcp23p`n4%_xX? zBE4mk@o-EwZ)>KqHTjH=eKO%+aKv=>RJs^*qNKovSif)O{C?ye30rgzx7rsz?gH-V z;`7k2KG+gpy(ga(+B#25L&^hb1BF?kndh-1v0Yi^4yldh=sj+%B7#H}S>D~!wDfKM z^I6{-UlF@P(?nDxDpF+4hg;%wDD*S|`g|?(Z=DSem(T?#o0*j*5lMNP#Y3?6-bHT- za5_W`p{CbVMYuEQ(Zxw++X4(Y zCp!|qBx!*GZGTOh|El&^fgmBDjFn`aRki8_DU>+B;WQ00xGf-pdZJ6+8{#5TM|A&6 zPDH@T#>L*-ig2{Bi|=DMl@R@t0+tPlVkW6iJqa3YnXRQyG2p2ww(l_h!qEY` zrlKGFO-NYIRWPkf~~0Af%WZlSVsQO~JQ;T^iEZn}-pQ1|QtUJC~7zLy>yeCqnh-5x5! z>9fO@`+cBB`HM<6h0&zXi_>l-cFTwLPRz&|K6k+mf&t6Tr_kowNNBvW;dsQ}R7cw! zR*e$*t2KqQ7pVv zVYjzXS`ojsr4=+s$jK1#lu%CHCg}E-7~`R9un%>xT}24*BtyJSK?8@`Q`OvXE!`L_ zkA4d6XZj5<_bv$w&qCL=eVgnlXB_md!cn{p3{rKYNXvf4CiHGV7|tYmC(@pmVb#m^MU7t?gEnsw-KIb<#>NAJDYP8J-(8l} z`Bb8SuLUHGFvL#k>3vQg))-}!f1`plTp)qevyJK6ZMH-od|`Spej~j3-CO!o z<$A7L=R1TO;E6*i%yG)AY3J1FxQjkrJCbU|uCS$QZyyaTU(bpbnkJ-1QR8Ny2 z7=@L8+nvFZ>Zpr1w^)6@gDAM^WNIvlw5IwK8|M3*Ls0YB&uwYeC&&ivaW`wND$B

hE;{4^F@x*Zs#u|_|Bie JuFub@{{j`ZlF$GE literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/vpn-with-tele.jpg b/versioned_docs/version-2.21/images/vpn-with-tele.jpg new file mode 100644 index 0000000000000000000000000000000000000000..843b253e9d8d471d95ccba461744d03d17fff368 GIT binary patch literal 37690 zcmeEu1z43)w)TgBNC<*-Dua#Y!oa}5#Jq)tLwFkp8ykm=;4U5^6*&zx6*(p4Jvw&Ad$g<&N=hdF2dtbA zd3bne7zITIxJ1~wdANQxf`W;OiGz(pdiyph*L}+ST>s_I)eivw){P$2AE+p_zzuv9 zRD6`HMt}yC6CLFbAK?FfP;Q{2q2I)~g^7g?7AU?0+(1D^y@7^`j*f-~mUaXG4xr(q z6Wo6&e)Fz^9tN!qA=ihH@3$b2^XrHddw1x#-`IL!ViA*&l9AIhFfu)0=Hcbz7Z4PB z@>D`nN?PWb(ko>ZRW)@DeFH-yV-r&|J9`I5C+D{=o*%uueLng6g@%0zkBIyl6`h!r zoRXTBo{?ElSX5k6T2@|B-_Y39+|t_C-q$}cI5a#mIyO5uzp%Kpyt2BsySIOEcyxSn zdiJYdC;;lebPN3XFCDwqFMP0HH_*^f(J+4X3+09r_@LsWq2GUalR#VnL(k?eE!T%z zgpWhM=htCExD|JZ-q`kH5!3O^((nH2+8=uM*LBR}ztyvU>)5~dYYf0aMFA%d6(4{C z$7f85?pXhP{y7H!Tm%1H1AlG}u=wvxdKYG&Xi5*Vi|A!1AD6tGkj}3&AmmPXbJL=& zS>6^VkHp_pLi&i>AumSZd!m3np(^wWxOJ3q1w4r>zXINy*Pc=bok$hSpHUumpYI!9 z0j&opJqlV^zy)M1?Go2z`SP^j3RrM~&QcFTSL}wN+nteD0Hg;)T*B@O*aK58)8BAC zW!lwcu8eKDBj!XU&#=dbOQW&V5gy^h{nED{)@S3c4A&w6hc5~e0O3FAV~0e$0z%); z=ANT#TmdU7IUeB7ya8_$*%`j{K)??ahwskSl8DdJ_zgSRNr(;v%nlGAS$lNy#J%%z z7Xk=FU4i#sP}T-iF=s8(JV$l+8K4XOqn`RxnTFv19&)kRd0 zqyap17NvMc8$SsjHQUR5WyZ@uo7tTzJ%kdiVKk}=QGZC))X^G!8agHG&;KG?&m0hZxe7!{Pw!>Pr6kGdEmH{CMEI4U)Os_bv0!iUnaMX?8!0*w>A=J_Tb`L z^RvH$vjuw1v1B1wZ%av4YAP5~HdXC2bTfIDo|Fc*d{4lg@|%xrIm)H>5)!*z^F2*A zW1?*d-ja;poGn9oT4RJgUfY)rswuauaZ{C=`vX-15mQuUCf%_d{8~>af(g_iQnBwY_w2X4_xcwP1`cQJ#Hh0*jGaAI`MmKzbEMtQ8Kl$A1f;>;@_`sC>%nzOY4gDkIE;Q!a2ls{D*im?MNft<_t?!kZqli%> zB;NAHWK6C@Z!HhemWM9C+`0U@uRhuS{;kSQb4$@CK4tN_`p$rBu`CbP_qADCbPi7uXzKV^&~zXI}@} zkR6p2J;qNW!UpX%BtsS{oWb*s@xmTt%C5~aT^LVVGBWp9YFLJOs8||E&Un9hRVSA$ zxk(BaI~aI<38Duk$VvjselQ|jv&w}OWRhbg-_`uU#SnUe%qTu(c z`g#QvYmnVx{K~iRQ|sNN5IOHOdTSi_0B`q+MA0;XrkTQ1a+Zhy`jQCV(Qx)#%eas>7-enTHcYVf@u#+K?e$$M@qsNuaL53EIa=iDGlH+Tkf zx4%8(w3>Y0VtO{SOccr^PqZ#%={wu0D_2rd(7)^6 zvVs_)h4FyFpw(=7VIT`>Rc*nGf-Td6wD+ns?6|;T_9uH-<4L#^qJU$>urIM#WrBN& zHK$R(A4f1J!VlPM&fiUPZeP|K5Mi{){Ay^}H+X2^CoElIz|ed-yQUU)~< zL9klGUferVRv~1QU)BF;=zC&^&uz+&==yQEHX(jn=?SQkd`-`~7e{+yJ>k3sSE zj!pAJ?QlYrW|L^0+V3VBB`HTNFodg84S$dcJ6{Xwo6NgEA>Y!=y95Q3UiKe$-fiZO zKKh*6k|~~{(R6z-zg$h5?o&w%dKt6wCrB>Ya*CtzmZ{GpmC)i2u+?@d`r5j zT}_Cx9C>Dr#6OYBP?w{fG%Ic6dicqPce3NojUc%`K-3#n+-rXYY<$Cb(O+tLPG4kg zNp-}eg$(EI3_whj>}fp?tuBf)r}uVzbZbI%M}Ap_2}tz&<0l8+2;HOHiNEwRxB~iE zGFMpQckwQKL>R9CJ$2}T-2LRd zmgODL$Fr-49}$IJ0n#~H3D-vuSYb-^1O8E;he`ID;XzdPO6H{d_K3d_-*!=at8m%M38WLTRgX)=)oSk7Xg+2V;x01kwzY~R-- z`AS1pq9-bIC}_J5+=(~Ey81_+VJP&vw{DSSqz-=kR`17@%n1(IAFs_t9fF-m@2z)a z-@BncMNvkP@}+O-LfiR_^~pnJAar3Bffl6eq!F&~z{4Xm-4vHIZHjiYox1 zy#nS;j-HDqf?kOSXeV;lPam+EOrM~TTmg5bF7C$>gJ>B{@(TEItM(*X^#4uy2K8ny zDP(qay_Wm!KVu8VybK|ig&73+U53uggroYq+iW}#vS9J}HW?(D=*Pk>_Lug_|7-hU z>B8X(pq+pp-R-{u4hqOuSz>mFFFxCV2Zp>nXq2>?A{vkG*XETBY)lQU@=K105Rj=+ zdMgUz;NF4+OR)RoXpK!tCBkgC%FI6t_W_#4sKWAkOjJ^msE{&EA`N8yxKg33X7VJ( z>m6ys*S2KR3!DP?0>z1{l78xusja2wXg(Qcx3Gfr@|HVk@kxAJ1=z+ud`rvwf}50t z5;DP|q{gdnzXiHp_hU&sp$if_$CsXLwFinri+U&A$fvq^@DZ-@Unhg5s^Z9!s~4fd zbMfmw=k?#!K@@n8%UKm!Zwp_g>NFh!q2mkxI3mzfi;X{%vQvV3g;RC)`7!0_C;TN_ z;(zzRVBt{PMfd&$(e!!CZqyxSdSg3U_gJ-mAQol94;aY)rqoy=8N}qVwfnxWfyII# z%1CbwBBmDf?oFPNo0Hbk(PB{ycVAz-{50nkV5!%?^0nnSK#D%-h&udX4^P%xc3-ro zeQ$M4TiZ-IWdz#V+ISOF&w`gKNOT*=I+w{UJr^Wh`$3C{17w=W4F7(+1SGM8R9=?-NO*Dg1+@-*cMLj9QFH~wZ-OxZjL7&4$0CihUOMTqHFT#pnW9Je(8j3H)yg}Jr9s?@> z$+U|r02Y5DQgsE)7r}oQ&jhiV)Ro6Jz@Vz#K^knSw}z3zdK@uS`KZ?hN4SgRr*&me ziA!&LB?dP){Mw)dok(s%m(M|yzHV{(3ZOy=Zrv;X)M3M8-7Hk)Pl(sp-`n?8H6T31 z`^ke=+Cb$It?qKrDF5^Fn94a>SRrfXm@3?kv4_)iHR!5}z3n|TzbcwOS}>pCcEfNH zRMp$(=11aJ%AX>Kp*wHiUI8s8*Cudi|L#xxZS4h1>^Pfszm8puPv#e*i4$w87(Zog zGxYTM{}JxSzV6H}NC^F_vca4bxs|#v;ig!z zoERYkDoupoqW^gg>eN@X#g|?sX+}q-G8KGvGr{dY7PvxMUt5b)dOWZfwOtz86TPb$ z>Cj-HJ{5dpGM#M96;o_Yh?9(}ek61FhdMt5y+2r{ZP68Y^;jN!%x6f~C!dFrd?F~D|7oTdVL7i<_3ZiQhIpO(T$5_nO zhY2D*lVu?)_nYcE6HrmvhYs;? zli2Q-nl9&(@=Db?6_muxUOsshuXApc@%95m_okoY=>0{0s{DC~B}%J~KvImt-ik{x zQJa?Y>dPrDjg@GxrAR{-2|G93&V-Bx!pGyW57xvsT!zKdyT9RXIa3B57~4AtK<$Gi zg#DVvSh|ozFp|ENu#t6=Lahl2LjL@2oBKv4hH{hgj4%wE@K-y!pR7`cFJv;;A|vHr zALUPvk4G5Ysn?K;Q5s0hn6Z^(*V~JWm#__X?$Udk#*j37e)(uv;mZ@44R`aXBU)xf z7Qsh%mjP935n8$D>dtV5>LA&uxvB_m@=S|`@QEM!EdrEC`z(wtTB=L&sD1~3%+QD5mzQ-{|>Ch=o5@;SNJ&l& zZ^6VB)~-aqMZ`OO2yECX6ncE=p$i2O{g6Jvhdqe$hQb>Ahx^7GU>0L9SAhP=Dt|@z@aR0KyCol#w!e|w z{3$k%8hA>&tt~-8f$|7i3{&Vs^+K`NsRP>q?5qVcSFpNDIK zBEptG-z^U=Md%i{*wk)wqcJ*L@_BCR3{nMT^A}D@S&?gX5gC4AC#zpJVXWbT@m4`* zmj>ZQzeZ-?d zRu_@8_ZhRFKS6eyzosq{lkuF=b7?<)wIyG^?@_fF^b%JR)=ymDYiY@jUi26i{_5M2 ze{1F~lxnfIi*@LWozxG>Ix(G4>B5q-dqG?R?#y^EMWI-NQa`O-B*SJaJF%NfHNNl_ z$Wf=gV~Bo<{R1^$J9)3#_Tfad9OLt#MjeKou@mo6%L!*gqfo)-neHVfoF9h*Z{BXf zlKVtZQ=51XyYkaak0TY=R7qa8D!s+8+G0YA`gRZ%=mYfXik z5Hn-ttRxNnOS7={V?lE4^iq_i`^>mI-zBA&=?<2vF_d<4JhLa+hLV!Uw7L@TxTNdo za2t=Qn^Om>ph@e*dE;i}7R8OAm6)mO|9;#5T}`ZuLOW$k`1B;E$ithFrm5no^>MVs zV_w;%tVfl8k>k};_{1#X!0TO2l`)H{sJXT$IbLa16_3t){15Mi zXfL=BhvA0Wryq|{pWKWxT**iU+p6ZE3r{+n@A9J|H)v9Tp*`an9( z6rB4ddmqs4j>YMHA=Qp-$)=sDEor=8Znm>k-eclp@57pLy>shK*+R8}oVrxRZp}p* zF_7=i(m~2d9knGIL}>f@>%I;7THJ$P^Mmk$0sFEdw=;W}ewpI#ukAl?_LqBjQ3h4E z9_D1tUKW+eC(T|$REzwEt^m1`G7p+V z>D{2oqf>ZgONv_m!8jX3C+oqvnuSIGRto_->cH+)bYQ}i51CV<>DX{nOv=C}ZKWR@ zIk9xAb}MPey-Ckzu`WFG=59!l~kiVn&9&23g5Z%xC!wz_v?xq|d(!Bb3g`|cdkl|}4W z`Hwj{sk@9`#siZzgHZ2DC+YX5cu{0jF5i-P!*kq%UhcF6EjMx}yEM{My4R__eI_j$ zG(~pIyQWd{A$dKoi8v!|d@@<;q3=s7pOK^QJh!P?C_XbCbUZCC1LUw8ZwLTPt*bpK zCs>`Hk zm|$$WL64fg^25Lh`%PZ)>}Bp1KzJGZK=fjbvXFqd*RJuW($x2n+m?$;`gM3$*?RyfR@q%fo{@Q(!gmCRW_T*4eJxwN*^79~`}g-P~rvsLNM zWwp2`^IMo(ELaAWP^ImOsK%{n+$_&Jd2!TtE-}pUPO^Q<;F#oVu~MaAz>`f8Yd|Nh zRO86yfxv{Bil7?LdBgnnCUJ>FvBhn+<5(NUXtmton|TM{P?bH!cBraK6j>|W+FVoU z-mjPk8|<%1E$akG5EFGn`{{-+*pjtP_@ZxjE{;t+AL2Jt+Sn=(7Ao?wX7Ol&kO|Bq z998qRUA=^8z_%e&FH}`Bo&HRk@9) ztzn|E9Ro|RrkA>H70>4KTuxlU@p%>g!atH`-~7t z1QsRaz)?y~Vpi|^7%TinA@B8GrQPXpvZ)SHUykib?wNKu9^)Fn)r2L=me z95^IuPI+H16Dhd&#jVw+AW*bTf2x=z5x;;lHmBZ?DeE4nC;mo}g+gAc#|{;rW&7sT z57mclA#SZo-yw>rDPIQH77B8)!hYYNW#bJ_7{5)L5yl2AeHfArYuKqAkT8i_Ty_AN|^kvon?XrEq! zaCLY*ax@p=@X;NU4iE~{g8IZxYig~_e>+Rwv`s$p@%jXxE`D;zkb|}1TM2msqJWCGx$veYpTBEMxdPsH)4AGHxo0mbumwP{x9nEoS=#%0 zvmHlI`ZP;q4WT>4!Yy;*93gY_?JH-TG@EOEsArnd8%)`k$)6W|TQ1|9X%24nfK*m1 zesC8n9KlK9JrFSBS64NC5uoiwXxI8KMBoZ2JZV6FAg4jzUIHi3>{0hT-Wi$+{DdFG zk3zEY5(D32(7k|eAVF&{LDC0=vfkF7k_Y`>X@e;#PQ2}I&^go}x`O}x3YeL)LP{oG zt5k`_v>a^vbRPNJSET=53EWq$1ox!f7kKJMsA8Ft-htDzdiIWX`Bgba z+s9bu^mRI)lb24SGCwGzCo4%)tOp#(lFB~I^}o>!P?@<)`24-}@Gq@(@1kwSPIHXd z3)dHRZ=ZZ_&vBnUXMskfdwnA*LE#5sG_EJ{XDbL#>eAVaPerATcX*}E1+x%yAaL9! zG}!&Xj-r_l)HcaU9aWIrv4)vyEQZ1%^{^MEioGkxmTCC8l4`AbTbLNd=J0wM5NdrS zw2Zv94Lun&zaIDPAL9~@7O*;zVS_HW{K6@zK%A012}vL;f4U1ohf*MP*ql|K7-Z74 z(c5sXHJY7J4S07T=$U&6cO!YVI|*GSsXHn8FX$rT_vb+zHW0*N0~D?RO!~BollAx$ z$S-_Vd7@XUNbmpW))Xp-W+OFsF6&LlX8rn3m%i2Jb3A&=*Pj4gD?j}vMO_n>E0q|Q zK9)B?;3RkjoIEe8Jv{^`L&6oDj9)lzhb#!aYujA`XsWdrMip4h*nd?qFxdJ>m4kk7 z9hQ*j{{LlLFpihQ8;80C&MMf>4s;F!3$~U;tUo*G<*K2Z;cujbfoVmNppg1k1I(oDi4rKSCAme`1;FMP?1=Z zL#$;bXteH1o7Md+av*t>r4sN|~fU8NLU5Tae(zN}LCWkKCj0aC0jTB$q}| zP>@OtrP;;P;>-X-mGQF@t!-y0p<)OGhIo*qw>sUINiz~U-obHpoR9VZ91GX4y1I=n z^+Q5x5MiM_$5=5-Ebm~imK7v19Z9Ga%P|leDl?k(rQFxw9E^~P|C&&YYkZIHVG+H| zk(2Uw!bvCAW~DT*NxGI!Ut^_8K7ZG4*GhFh&uV@uWNTe43C=z6`#%Q00&)3 zya`UNsU_c*mYrwpQ39^dlU=W-tx7&Ggh}7ZS+u4b0zXYADS~ZWmL=EP#e>E8bl zAVklC>cD%BX;Iud*d=bTW%}gVR)_p9ZY=^Pmt|&=)D64KR!~Rz(1P`G z0%NGyLiEyfLxoDn&UW4LkmIMw($b3Ok*ZWWM(l_P#>t>lLX-^{tx$xj3NRCF_uMth z`TJcN5gGiIjhP1*uy)?{j(8k1YKEOA-v|7k;sg(};W&}E7v&Geq@qp+ze!2=r|iC> zrs)^qw?N1zn_4%NDwkoJT97fCz8YzY-CT5E4KzWm8m^KsoZS?n7)Nwd_BWxu;Sw|@ zWfF<=6lClxN-p;x9g;B)z|Sv^`hoGtyNVo}MY!9C`-y{7;kGBHN$;tSr%|q%;V8VQm_Jn>KE`;qJJstFZ$iNq>ta>+;)B z(gqviV`a9Y1!F2;sr)?tcGFxCh4WrxyTw+LHlM3-%K6ZKwk@H}fvB5r0`82nI}HWD zH}a<~&n$d-`!G0lvh1kK?nEW8%qz`=*yLv>SFbmP` z(1Vc#o1*uTuz09QU(R3Q&xgjE@K*Bqw-(P>{WK~V?B|pF{zBWR^mbj3!sjcNeGms6 zH%}hJ@kTWn5Kft^+9Yb;e(*ubF(R#tXC{PTN~K;1(bJy*I%-tvKZL$r z6G%OAY7EMrm|i`ua9tfsjca9Rix$5(HqW#+@2%uHaz`9ZMgCK(=bVqHrO|yo=Uj`y zn1t{Ute_06kuxQpHUizxQ?%s)!>z@Ao3Fp^*SA$j)jb077$bK+ktcJiz1yrj<5Z%D zR4Nzc9;1f%=}&>m%GgbXU?BpT9~mP2bI{FRS1TJsdhZlHPVcQgDZIRJoNQ9-_8%U2 zR43W8%hENRD^6TOrz9?-KZ!Tv$i?X_#U53@y?7wP&uXy?X(7p?{rrmfB~R4pyT*Xe z{s*l%2|YJUs^{JoO=|Q@_8l}29BO`zvjM(74QWiiv9&;n6O4huknId>d@x5L>;qG0 z-DYEi!763cxS!C@%tO4%mw z+m%Q!QD7lS`qax^d-sRm#T8K91en2en92)=X?qR==!@m#5S;`0F~l3D}V#cKQzS?Dr7zU}1SdJ3UWa5_X4r`&n`5 zG_)~&k7a&E`l89UWWh{D0~wDpd9!w|!OZI|9u_m%h>J(QG`AR)hV!&iRfUgyzlgwb zg}xYCn7IPQUy4&tO2Qy@N0mt8lM2m_ z4-Qst4jIqc9XHj3JyOMlZzz9CzsL77AcyD)e8oqU&cex zA0VQp-Pc^sW@{sqZrLrSEy)F}#$bAC&I*u8BnDUmn_5s`=mHJ+PEQ+p1<2mdS<1^Q zFBS!{mh8?yfGU3pbond(ex37~bs1%NneCukm^SWDW5j(0kVIBGPN%+rv0USZzC?2( z-qjwLwGhI*AC6;tf2CdW)U&_h@j1pc%C^^%)Z9%%VX%rm0ah9^x#prpLUJokExdp<)vhR5QgviOWsnfX z?;T`zKSg_0ca+#uzB24*^oZ0)qxo1|lvCAIAuPZ1Ivt7u#KufjAKRj=z(?Zc;NIq& zH*R7G+l&h!&X{ggdwHcs>Jx=~6{!s6<&4bvKF$n!{UFb@#Bt1P@`7(AQdJLaFR%a& zjs3lQbg=}W5G2)~IAl0DU+C*VmUySlngn+RSB$Y%{8YuT_QN|4SSEYQO&?>bK50Wq z%zEf?`1_SdGe#BUOsKq7(BzV;iq$-ya|Qi9uO3pjYECye`DY})1>QOHzAU+RS$)h;Je=sxeMp5TJ6KegIz1w8WAw0u?CyP=o}kCV_{tkq4-!_#45z-C zri?e4I%k(M-F*JT1NTUz6fIEB9L(uR>*G29$~qH0#P8SsG-6bGj#1nTGNG6nu1}rI zkQvd7I0(6=W78mn8jP27TPx9>Q$#j#!tAc8MqGTJnTB?2^u6U9(j(>(T&|Xnt=%3E z<$O<5Un`L_hFeAwZ?$()9MG$A#s6@JWBnSI!6G+d?R-9slvq`jMNji!V;rG7E*_#% zyy!vRMHc*0@iK+|3Es^!0@3s|>rOa)^Mk&W2C+j3LXUSlp9sQ#X^7~Vyi7FcowxA|@zj4DUSI%u(Mt;a3ID|MRnijfJ$d)sRpHBWWF z?EfBzZT=SJ!%bG4ciDoJHgzBf_R;t$_~YFQMcnpyOaHRjlo2BE{AxW zm74p3goE}cmhU{?rJ8#`-?45$L!B^=j+hqfLqH3Wo%%Q|X<3NGX1;83ZwkPsb$iQA z&ZJk2v|{*U5gxug z-}p&AAQVm^wpl5f^*zy@3`e03$GY(YB;avkpdavq@a#|IGW@S-rG>-oQ|co5^P9Tx zmGNh#%Dlh*s@Z??oY@kz|4n{@t{^Hdf3gFnz31hCXGco#u$>maFLb`X16g0;gp7Ei z-KnQ!XXXk5tLoAJBXspYptF?M^FDH}v(W!I5Ae_WnM#AjO!jWn=da3DO;|S<%7P_P z-lV4lqCjHtG#bFgQooJ#qOwCG)j=Mo1W(L}TuS+Xf>!MX0}1?q3C!r<1M~JnnXVV4 z%+0f7UsjN?C5aOblg}@!uGq;brz)Q~ zpR*0l`rmZ6jn^yUj~IQ5*;EMVlRSrT343F`a>*4ZHCmaSQ}Q@(jC?erDUSfZdz%?1*lZuXkUe_%3Yy-v+J<-c^^hayypX=yvyN)oR^R-~AEj>7=%ERECKGUVT z0@_4&IW9eNY7dkYRf;O2Uab(l7=Kk*HDHx}?@Mu~uSA(#vN?NYWSo!ZSdMDwn#Sc) zi+Hki#@NmSjRL+t8E?*xdWIiOLCQ-3rnn>1oM+}#SZ`Yt4wIl7u- zX*fXo)gR}_jc5L+UXda;{zHbI>k&0HyF`dDwjhO6EV?Y_m8@LyMwltXv=e3XO@6!B z<0f_sDgA-;9L74AY$u`O#b}sN?6{sfZhY4Gm-3Ix=%ueMm437ch@R$*WeEFbks|4? zfFNv+bF9_rGxgg}ybaD_NDlDBa&bDn}Vt4Th?Q zK$z}z$Mz+KsmfaFwHNCya7-^bQ1>Ek{etKoUdUVl)Wo_+ME$j3g2EQedzbOTSsgy2 z`r=o90<1in+0sJ(^B+GP0aaC}9ylx~X-LmAekA517_5u#BapRaBtBvr!kHrI z&q*1MUVqoS{`jE{g+6xvjoVe$&KQr1E*<-ugnsEzwRIs8(9RH_A zc5d{MYf4p^!W3GwVe=3vg&6Rf{h{BQNtyvmA;zs7|Ez zB1~~1k(Y!v@^=fxrr%jrx7yX9X4rnX#BU8dQkth6;<%Th4&WHS=6Z=UbC}ay5F@t& zL+cv=Rl3J-=k)(ax>be4uUNR6Q5+V7cTcOhv$%q1MVq8EPQaI$Oy-BJO-P?RUwRI7 zlloU+w+0OCdid6!G6WSlHy}OEXpmS8zZO`H%-!z0d5L9U&h&5ZAN7J!V(b<82@@D4 z4mDW_wrkvA`b&)o(oyaTW3dFCOMy{hj_+WUIME6zlXOjjKp6~?7xjMg$lt%>TBT6& zzgDiE>nWmjt9&)gy+tr8_G$IrXlxee&3RLvC|M#2EX<}>vL6RTc7JDy{!vHjua+xn zXDcgf0u~(+mD#Be9Yr9vAfZE}vsZvx{{u9hpxC!!%aDwm=#(tNKV(Dx>n$IDbPo3p z+jno);+bhE#I%tN6^y^FbTXgvvh(+!7i@;%ontgX4`{%QM|qH0LN^o~su?0sns4cs zap?)#eRwO=Cyb!o7ixm6+m*k>IIz073ldJ+c;ELiyzh*f0)dSXl1Ate4!Glc<+L|# zgyKKGlgV6Fjdp1HWS`=_1!fyihunLelkx(y93t?@yV9)7R$gCP0s-oabk^(qp1*%0 z7fbBmJB39ZnN*XZb$EIj!QxQ^NWsyjMD0FDWp(r6p|`edthv{dFks16EXeCx%`VGi z7}V`vj}ftmZMm=D%}pM=J5{#Ic=uZc|EDU2toYMaEA&wD!+jkf8#+08fUw$tmOd{P zI_xlu#ByS_WgmAAI>$E%6xFnI9cpN1z%p@#`$xS@w6@ zD%qVFm%1nnlPhflJwWt%L0J)H+R>3#DjVD~~E8vpV+pA2}r&oe#!0x}}f)nx3oKhFpp5Fv7Zdni8^y2wSV4Vcvt1rJUt@&%7>-?)~c50)D$vJ8gkJy)BRl11gONJaPV}i(3e5V-s)~!SEG_ju z@=tOJXkBuvWK8NTR75!DLoXQLO*BfnOs1%p(L7Z)@jbgct!a8FYBNhWkw zcn5xY+l2;+qX%Y!XC!z79=Ak19+({I=xvI4f#Aw^9hfrA3z`TI!8(3P*ZUCa2R7|0 ze;@vPL+O81GdVHHaEZFVRrfE6z?3xl)~9HXF*|FW6w5%mrcKMID+J* zwnke9Lt8?y5FZ;`T>~zd5xw?cZJ3&~;msr}$5VGoDvF~RN@HI3#|c8rvmR9WppiE-V3hhAfV{{4JQA_t0dHx{|_ z0rq%{>LLr)k2tX?aTs=+TB*J;>xjMS=^S2`Q)(91t1}r07ss}U>Mq0013BP`4PW!lo?5wTYS*Lt*=Umxc z^t-;dIC38OY(-ePqIJjs*BpYGd&O4rgfnRrm+apJHa$(S*P@y)38li?>7I}x6bVk0{5 z*OqJEEb>ic3HW%2Kh!2rU|q4+_nmm=2~>S>o7LX2@3r?Dx8*uSWQorZZQnhO6q1X! z8;kcW=P?bYcFWGb!p>@$`@|%6Z~@K+HLMV4Hx3o2_jS3x+%8T=PFu>f6dLjLXuht7 z&^~F$FBlZqP6#A#azgK*YwlwXY9**0#bnV z4h2r7b1T$~+}j8GcCK1VV<*jjLvjCES-f1)ad#y#1t2T3ZcfNF8%WTiuKYm$j6}XYFATu^Ki{v7Yb!pF7@Ij=_GME8!LG zq{S}axGtBlJZXqFN;4RaB+o8+Z_$w<>&kT0bmN2n&3oK;2f|KJURV(8&wm_#*LvaA zuhHGH>^M(blpU;_v4gt(|sUD76%7Xj-v1ob1z9 zb$G+nYIerz%tJu0f0*lMZs@Lv#H)1Chh=%IBlh3zp#&zS6$w3z{nXtr%Up90CTBMn z;Wc6}pZNRFY_2Q&c;p_q!g1RYCN*UplIeOYrnX*{-F;o&?(u4ijFP&j_%@af&oD1b zCrJyrJ=EAwl#ldr&Co;}on}n1%W~Rb7P-&oT>GelYFy1rf-a;iv{?SFOS1qzzlE{{ zJNCntJyPLQx>r1KC@V-`Ab8o&Ht^i&xm%Ak){hy2AN~YS?9bv-hjMR!i={Ce*s^8Y z{LpMOIB^AF;rN&K;Dn-NAWX26PPD)b^CQHIWySu0&R#9crUd~BntD%0>_bMnP`emS za&ghlb}*vM{R{B=uRhEs&^=KY{0Ju>^n*$rhEy5B+Zb985unoG0!>iK$zgS^{*$O) zDi1%V45mM&(EilBzo$Ed`%rT;j(eD0o_6qczPveObj$9(J9y8HUtjjOTc-h8U2jbt zWV7S7LrGg!+}{%+v^h@{y4mXeSon2fUX}D(8uxzpa9xRfXZ;gX{o$bGtvZOnajHy; zgsrNMUx*D)( za~s|5+P&qz$w_i2u7ZfW=>o=(gjMk3+>u8QK#T?nURL1o7JkZ*eF9P)njjW5CdTC- zUD4v6qV8#|tj9zla06c*3PP`8Xi`Ube()72c!f`#E>b3^z)x^-LQny8$$p0tp?UAX zScdo|7|TH017jI-;Kjn-?6d8G^1u7xy}x_kuxv0vzzO%2E&Q60LD$64HYBv`D6>rp z``umVf&VVXI+#hI-4IS0|C`iFzsoSJEr7@Lu_fA4}w zr~g&J)6QO%BEOdqj)n6tWX;~Lj-OuGc|APny?vUWecumeOw3Gxe6J1rf7b_Q&g)1C z5RcnnOuGU=tiJC$iGN7e?uF+{qTiYzxTF7=DDxNIVMXJCbe8E$PgeMW#iT=c+sZZd z!GmP5mjdy0=4XGkCc1t{+TZk=IaHsW;|{CzmPrTA?V%+QI3CT?DL6Phhkg=~FmlFr zDFoG>k#z7f@|@tka)$Q9QOdmuP@^TvLwgQfnclOl_tB}{5hrSV5LO__fc9)n=*Bn+ z0MKeXNxt<;l7sD$f_L)^*g{ey)J z29(s)C*&#j$HZBCFWaa&f7U*JOT@>#{MFgksh5`ny(9NI8}>?=7+txAJKurfWBDhA zl;kT_w_UB$*OBa%MZvOYk-HlqE}VDLTSe4%^#EXcbzKLg!Ed(U`D?nQU`VPkU-HBbr?i))h2?fvGI8sD-#n0M zcgFv{^4@9Y3OFM_fL@S-(e|caSrF5nAl3lu0aK0iLC=!tU+>2MXTd)`Jd{=ZBtndV z7pe#epuE_%^>vjmO#cOi(31Q36B;@dGr22qyi&*zU61|8!k9WFecZYltSpp8+Cj2Hz3w%cHb3Wh zDWiyeMh>I`+lLiQ z%JM5L*w1^GK|mtDsZe(;%k(TpGg~uC?b&BQ3Jo=+OG+TI&Q@49itZ%Ejl8Sd>M{uJ z)A#?=-gQPbwXNF-LQtwo?;wI2id2!#L7GStr6VXHB?N@fi$PG3ZbYgGNLQ+cPy&L5 zrgR8FLX+MDNCY&1cYE%5Z)naN=XmcuzW469=ig?KvGy9@+WXt;M~R zohjH+3nKO{>(?~wb(4T^xbs6*75{L6veqRXJC$)m_QCt{gHT@H^@tqz)XseEYsr|9 z*YcwF4CY7a<{&k(Q|uHNiNgiJK7HI-z?~DXb()o7QqqTm{e^w+&1v797{Ad{qoTK#V#TKg)W(^?2P)aE+ao3ffS2Z5NPYUQwA_u4r}g zctk7g%y85qxEb~&FS%u33qol?;?TBauh^1Dc7Pdpgw0+;+qZpC>)2kB(iV`v( zStA~7R}rjYf_M})l9w((&(_u6EHuXr*yf;+?Y#b!Xm$7$$zMj^qb1FIORR`q&Whix zBmTw>YoanW!*vZxi%fyF@*UID3LSXLC111T^;~VbiDO}B+uG>fa_AgwP-h-S99%q+ z=kkjfE3SFaHhRy>{Mg9V+g?)39UAiNUE^*C#akWxI4=#X%s%A)9FgfwN*3{{O>-O$ zzqug+Rz`5vX|gzci{-K>r~3>5N?vFW6!bLSy;G{)Z|E@fhO`(?dbVX(a+t>e-g27E zmt;U0yr*620d(rBewHI(-p*zg#u%SU&dr$`tyKnp4ShjdS%+0r?Eansw^@A_45QF$>mrF?%@z*%CcL}j~mxPL+qVf_tIO=BNLh}JxH@<16fBFE-d1?pIRna z&0DyOabOM@5sX6O<+85HrWCjya!rRlUlvFbRvWfj6(AJ$gx?KmhUqWZbH-RD1A9ws z$NyLqay7kmC%z-z?@oKtm8`}{I4za+O7`v^3+kebd?R}261*rACWD6RDD(QhOlo|8 z)Roa|GRM8G2=c5tB9znTJtfE$6A$_VDt}XaZt?@J=R|F71k<>8+XS50d2QQcPe}r? z3;_`01&4vR!J3H%kxdPU5>3%;rh?Ecxg+jQqogtwHHLtf3&YAq2EA$n(|*ZYRn?@W%1{U z6D^M>rKuY6rMKUhzko%yBkwz95REfk9#d-D&bC}T6?LSOwx-~QowDb`*?X<5<5Fk! zJ6Qa<9Wq0M2D5aVej;0jqKd_pGNz^^tLGm4^fC^anm8yB zSt!%b61NCRUe~HEc?S&?N9Me|wz2pNV$6mx%$Cf8`jCMP^Cx)r6>FAkXI;b+h@&zt zl6nPsx&fX_UJAO3{8y1hcE7~N>xyLFw-)uiXm-SL3R>6FD+rZ;R8xb!)?c10RGlPr zu4!4x=cK}>tjHao=bGg{yPW;Y>oFnRHm#6i){*Ad3^aQzQ)4Mov^+^Hv%Z%h^*sRd zTUo`bRG6!dB;!o*;BMW|B&6f@$qkipGgQkk-% zC=A&z0;M>^p{#jO$Jfc?+dZ&-v9-S`L2vkYCQSI6M1UiE``Ol#UdDmDK8q@D5sg!{ z#X+kyRyLL$iB_FOF5TS7s!R9BG{WdD%J`b*NUT8+t`m1H7X$M%?hSG8EhH}rOAD*a z3sKo!KVYYIK;YSZS&VEfM!E*r3YqYKdxG?X*AxZ7X89DR{&AHxT<`6 z<)mqdY~}m~o#9+ceMNv|R?LnyRgxN+KfONxxw2E#i>Hch^$SR>b!P+Ka}K;qJi|Rr zAHAS2>kUT(_2h{=-=~x!*YrF~H{%4cIn2W&wE?TuQNG!0L$J;byInzY!$J277c=J=YuIdVH3E})Ay-#?r zDtrMMBZUXbUTjPo)*eo%V-DD3c{5jhSeM9!zBSX)ImLA};)h}N;)-oE+h;-dpALFs ztCAOk?&}h3g?u&~U1&r_jILY9zW08NAcrU{Ghp_o!9mGOU2|(5QIU~oLwd{03()*g zrEZqjQA#rw>rCjgxMcf#>c+mc(Hj zHlrDf2fj04_O@2A5^>3>Fw8^$VR3iB{`7FD=i*=)^AnzWH}y9!K>M=JE&T@iAqP=X zWHgesA*x~SGgSizFKe(&r?(B1IN&Xe2QE^1wy5J@Og$~N5$|sDTHn#@ddbZ1dI+F^pb|Ax;esim@;bP+pM>qA$a9HY}KqUbd~9wQwRlrd-ve4?J3TRzkUkn4~S< zxKh-;6=_;F7VWC{%_8QHGqqz@)uHm5O_t6O^U^b93o6 zFKiB!Ie&O_d7+Q*J@zQnWIG_#X|2=wWzoBlB4-J)8IzvYlNGASVvJx1N>f{CU32f* zMZ>MsgPk?&TH!E}6!E9_vzt*)rf{N>u4)npYHV@h$+#^K#^5%>Gc(Z!IEx8N;?{5v zaZCi3+S@UqFmSkMM?T%U&(@~P!^a}UE#-XOFXcAK@-^WgFT)GErFsx9eYq}0JqRF< zJjJe)qxPgRw3sEfU>eGv2Y_t4Kcb2NeyIBxT^_BZ>*NH+qZJ?OQ+<6AL|2{>5Vxtd ztmdh80ar5WP>h0}rzg<0ub9F0Ag5+D{?32D2Kw!=qlPGKxer&6dEe&tquSJv1-YV2 zZ-^iUFpKYlMAuj6x+bj0;~S@~682sNBEB~69E0BgzHCT$Rnmb40G_j;r@c-N*Zc#g zNB@4OMik!w+xz*YlI&=dn4l*SwElq$?IX?#)*XRqqElB9l9pH_YVI4fYbCaeJJPu# zq^d)VyUA!+$%)UMKmUL2PRf007(_u#g?i0yg)(Kr#&(-=)XT?UGOcjXH4g zcy8Jj!=-lsX@7#T4j^RJSpzn*zKER!z$s%3K|Br3+9CkB3Ua9^C*En~%s)TNk0}$S zU}Ib`B+oU4R}^O&G<@7$$b1rYkfTSE^3;*oEEAgB2D(+gUxVE5Bl;0*tSwF8E`AE|cFAK4IGlVJ(m`WQ?(Q0| zvQ~-zyJ<${_HTDT^nTaELe>X78!wSCg`$ZkPnVmvyRpbU)z@J1Muv2<%Y=oo#JS7mpANk2?oR zqZ?kI`J~Pu84qv7+Oyc}4G7ir*nXG^us{IatxGKc}ADsp)q##(XV!&9a&+#Vwq$8Z#AhJAVrmTu+%bff0w4jZ~c%V&+CbD6vZ=_@{rBAUAeX+?ju2SXLe3jN2~-Z z7A}4Mn0ZU-@xWxzu>Vb_voi*Ap>h%Yj-i{K*MMEsvA6wu&2JFIN5?5kZA=UUa&CK+ zT3VQSI}2avQda90M6K)?Ux7~!H!|chqOH^trP-_{uZ|z*c*8Glh^r6#DkRb91hsL6 zuv0&YVR>ci#_Ls617g}$qYRafH8U=)}rex zNs1je>+kVvjiiwZ`Mm&ID%e|AU%4Qfr2#F~0l;u6@B}02ZUZc-Zb@;!Sv@9f)O^Cy zg@Pi48v6QZk4zE5$wfBrX*lT;^T@FU^*Kms3v=Y+DG-P<)=WFdF{C8eVx3va!r8AA z26Yn?z@28Qc;<+gJ*eJJpbH7jX4q;{IbN|g=~C+bVz=RgqWRh)Xe0ohxTUrj(pn0G zP#e8fzaT|34{hSof97$}-%GL9yHg9t$12JsqtmBJN7spAabadvd(HC_%j;+TdC3QG{@%7-eo^ncY%SY zsm^}8*l2*nFd^0V1vEDZeB)lStbPG;01X*p5_=&&-8+W>0{MD6$frC^NzDHGAZr6( z|D&`#3%`6!7>AV?vXz~mS25aZmD=CQqy`$ZLTgx)mbYOsebXFeN1?m=D!w5s4WIxe z19g=O22f)yM{IZUt);mjHkJUP)ab1*px7R2lnc(#59*DpNL#sd?|>X#QwhkfAv9F= zWU)j9QJ3i0JJVM(u5XfrcD|{3Mugw@jL_WJW1uQ<%>M%FE(2l`1{vRz*4`1ewB7j( z=&cF@UExzQ`||UhKf6a>6D1b2i>_?3et55zorulwQTceHf4M6U6IFF*tVC;{%6NvB z!MVA9er{9p5fEf|P~+r#XKA*13aH>vD~%|%gJQu?XF?g?%Mq74Me)KZo+Va`8|GFG zx$gM_7|8@l<}e!iLGG*$oFCcLelzf4_4niSR<7gt3TMk;KT=E-j*5=`a@@>R^HXIvH&A+ZBB*br`fD33+1!TiIT z!7^-NFg?;@ttE2u2*&`iSPvH?!08+=6^^AGLfMp@b)al9$fW#i( z4o0`0mr&onw0$*xjC~@CLX-2Brg3OC9SB1Ehr + + + +## Install with brew: +```shell +brew install telepresenceio/telepresence/telepresence-oss +``` + +## OR download the binary for your platform + +### Intel Macs + +```shell +# 1. Download the binary. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-amd64 -o /usr/local/bin/telepresence + +# 2. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + +### Apple silicon Macs + +```shell +# 1. Ensure that no old binary exists. This is very important because Silicon macs track the executable's signature +# and just updating it in place will not work. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-amd64 -o /usr/local/bin/telepresence + +# 2. Download the binary. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-arm64 -o /usr/local/bin/telepresence + +# 3. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + + + + +```shell +# 1. Download the latest binary (~95 MB): +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-linux-amd64 -o /usr/local/bin/telepresence + +# 2. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + + + + +We've developed a Powershell script to simplify the process of installing telepresence. Here are the commands you can execute: + +```powershell +# To install Telepresence, run the following commands +# from PowerShell as Administrator. + +# 1. Download the latest windows zip containing telepresence.exe and its dependencies (~50 MB): +Invoke-WebRequest https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-windows-amd64.zip -OutFile telepresence.zip + +# 2. Unzip the telepresence.zip file to the desired directory, then remove the zip file: +Expand-Archive -Path telepresence.zip -DestinationPath telepresenceInstaller/telepresence +Remove-Item 'telepresence.zip' +cd telepresenceInstaller/telepresence + +# 3. Run the install-telepresence.ps1 to install telepresence's dependencies. It will install telepresence to +# C:\telepresence by default, but you can specify a custom path by passing in -Path C:\my\custom\path +powershell.exe -ExecutionPolicy bypass -c " . '.\install-telepresence.ps1';" + +# 4. Remove the unzipped directory: +cd ../.. +Remove-Item telepresenceInstaller -Recurse -Confirm:$false -Force + +# 5. Telepresence is now installed and you can use telepresence commands in PowerShell. +``` + + + + +> [!TIP] +> What's Next? +> Follow one of our [quick start guides](../quick-start.md) to start using Telepresence, either with our sample app or in your own environment. + +## Installing older versions of Telepresence + +Use these URLs to download an older version for your OS (including older nightly builds), replacing `x.y.z` with the versions you want. + + + + +```shell +# Intel Macs +https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-darwin-amd64 + +# Apple silicon Macs +https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-darwin-arm64 +``` + + + + +``` +https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-linux-amd64 +``` + + + + +``` +(https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-windows-amd64.exe +``` + + + + diff --git a/versioned_docs/version-2.21/install/cloud.md b/versioned_docs/version-2.21/install/cloud.md new file mode 100644 index 00000000..0379bd39 --- /dev/null +++ b/versioned_docs/version-2.21/install/cloud.md @@ -0,0 +1,60 @@ +--- +title: Cloud Provider Prerequisites +hide_table_of_contents: true +--- + +# Provider Prerequisites for Traffic Manager + +## GKE + +### Firewall Rules for private clusters + +A GKE cluster with private networking will come preconfigured with firewall rules that prevent the Traffic Manager's +webhook injector from being invoked by the Kubernetes API server. +For Telepresence to work in such a cluster, you'll need to [add a firewall rule](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) allowing the Kubernetes masters to access TCP port `8443` in your pods. +For example, for a cluster named `tele-webhook-gke` in region `us-central1-c1`: + +```bash +$ gcloud container clusters describe tele-webhook-gke --region us-central1-c | grep masterIpv4CidrBlock + masterIpv4CidrBlock: 172.16.0.0/28 # Take note of the IP range, 172.16.0.0/28 + +$ gcloud compute firewall-rules list \ + --filter 'name~^gke-tele-webhook-gke' \ + --format 'table( + name, + network, + direction, + sourceRanges.list():label=SRC_RANGES, + allowed[].map().firewall_rule().list():label=ALLOW, + targetTags.list():label=TARGET_TAGS + )' + +NAME NETWORK DIRECTION SRC_RANGES ALLOW TARGET_TAGS +gke-tele-webhook-gke-33fa1791-all tele-webhook-net INGRESS 10.40.0.0/14 esp,ah,sctp,tcp,udp,icmp gke-tele-webhook-gke-33fa1791-node +gke-tele-webhook-gke-33fa1791-master tele-webhook-net INGRESS 172.16.0.0/28 tcp:10250,tcp:443 gke-tele-webhook-gke-33fa1791-node +gke-tele-webhook-gke-33fa1791-vms tele-webhook-net INGRESS 10.128.0.0/9 icmp,tcp:1-65535,udp:1-65535 gke-tele-webhook-gke-33fa1791-node +# Take note fo the TARGET_TAGS value, gke-tele-webhook-gke-33fa1791-node + +$ gcloud compute firewall-rules create gke-tele-webhook-gke-webhook \ + --action ALLOW \ + --direction INGRESS \ + --source-ranges 172.16.0.0/28 \ + --rules tcp:8443 \ + --target-tags gke-tele-webhook-gke-33fa1791-node --network tele-webhook-net +Creating firewall...⠹Created [https://www.googleapis.com/compute/v1/projects/datawire-dev/global/firewalls/gke-tele-webhook-gke-webhook]. +Creating firewall...done. +NAME NETWORK DIRECTION PRIORITY ALLOW DENY DISABLED +gke-tele-webhook-gke-webhook tele-webhook-net INGRESS 1000 tcp:8443 False +``` + +### GKE Authentication Plugin + +Starting with Kubernetes version 1.26 GKE will require the use of the [gke-gcloud-auth-plugin](https://cloud.google.com/blog/products/containers-kubernetes/kubectl-auth-changes-in-gke). +You will need to install this plugin to use Telepresence with Docker while using GKE. + +## EKS + +### EKS Authentication Plugin + +If you are using AWS CLI version earlier than `1.16.156` you will need to install [aws-iam-authenticator](https://docs.aws.amazon.com/eks/latest/userguide/install-aws-iam-authenticator.html). +You will need to install this plugin to use Telepresence with Docker while using EKS. \ No newline at end of file diff --git a/versioned_docs/version-2.21/install/manager.md b/versioned_docs/version-2.21/install/manager.md new file mode 100644 index 00000000..0f1799e0 --- /dev/null +++ b/versioned_docs/version-2.21/install/manager.md @@ -0,0 +1,182 @@ +--- +title: Install Traffic Manager +hide_table_of_contents: true +--- + +# Install/Uninstall the Traffic Manager + +Telepresence uses a traffic manager to send/receive cloud traffic to the user. Telepresence uses [Helm](https://helm.sh) under the hood to install the traffic manager in your cluster. The `telepresence` binary embeds both `helm` and a helm-chart for a traffic-manager that is of the same version as the binary. + +## Prerequisites + +Before you begin, you need to have [Telepresence installed](../install/client.md). + +If you are not the administrator of your cluster, you will need [administrative RBAC permissions](../reference/rbac.md#administrating-telepresence) to install and use Telepresence in your cluster. + +In addition, you may need certain prerequisites depending on your cloud provider and platform. +See the [cloud provider installation notes](../install/cloud.md) for more. + +## Install the Traffic Manager + +The telepresence cli can install the traffic manager for you. The basic install will install the same version as the client used. + +1. Install the Telepresence Traffic Manager with the following command: + + ```shell + telepresence helm install + ``` + +### Customizing the Traffic Manager. + +For details on what the Helm chart installs and what can be configured, see the Helm chart [configuration on artifacthub](https://artifacthub.io/packages/helm/datawire/telepresence). + +1. Create a values.yaml file with your config values. + +2. Run the `install` command with the `--values` flag set to the path to your values file: + + ```shell + telepresence helm install --values values.yaml + ``` + alternatively, provide values using the `--set` flag: + ```shell + telepresence helm install --set logLevel=debug + ``` + +### Install into custom namespace + +The Helm chart supports being installed into any namespace, not necessarily `ambassador`. Simply pass a different `namespace` argument to +`telepresence helm install`. For example, if you wanted to deploy the traffic manager to the `staging` namespace: + +```shell +telepresence helm install traffic-manager --namespace staging datawire/telepresence +``` + +Note that users of Telepresence will need to configure their kubeconfig to find this installation of the Traffic Manager: + +```yaml +apiVersion: v1 +clusters: +- cluster: + server: https://127.0.0.1 + extensions: + - name: telepresence.io + extension: + cluster: + defaultManagerNamespace: staging + name: example-cluster +``` + +or add the config the `config.yml`: + +```yaml +cluster: + defaultManagerNamespace: staging +``` + +See [the kubeconfig documentation](../reference/config.md#manager) for more information. + +## Upgrading/Downgrading the Traffic Manager. + +1. Download the cli of the version of Telepresence you wish to use. + +2. Run the `upgrade` command. Optionally with `--values` and/or `--set` flags + + ```shell + telepresence helm upgrade + ``` + You can also use the `--reuse-values` or `--reset-values` to specify if previously installed values should be reused or reset. + + +## Uninstall + +The telepresence cli can uninstall the traffic manager for you using the `telepresence helm uninstall`. + +1. Uninstall the Telepresence Traffic Manager and all the agents installed by it using the following command: + + ```shell + telepresence helm uninstall + ``` + +## RBAC + +### Installing a namespace-scoped traffic manager + +You might not want the Traffic Manager to have permissions across the entire kubernetes cluster, or you might want to be able to install multiple traffic managers per cluster (for example, to separate them by environment). +In these cases, the traffic manager supports being installed with a namespace scope, allowing cluster administrators to limit the reach of a traffic manager's permissions. + +For example, suppose you want a Traffic Manager that only works on namespaces `dev` and `staging`. +To do this, create a `values.yaml` like the following: + +```yaml +managerRbac: + create: true + namespaced: true + namespaces: + - dev + - staging +``` + +This can then be installed via: + +```shell +telepresence helm install --namespace staging -f ./values.yaml +``` + +**NOTE** Do not install namespace-scoped Traffic Managers and a global Traffic Manager in the same cluster, as it could have unexpected effects. + +#### Namespace collision detection + +The Telepresence Helm chart will try to prevent namespace-scoped Traffic Managers from managing the same namespaces. +It will do this by creating a ConfigMap, called `traffic-manager-claim`, in each namespace that a given install manages. + +So, for example, suppose you install one Traffic Manager to manage namespaces `dev` and `staging`, as: + +```bash +telepresence helm install --namespace dev --set 'managerRbac.namespaced=true' --set 'managerRbac.namespaces={dev,staging}' +``` + +You might then attempt to install another Traffic Manager to manage namespaces `staging` and `prod`: + +```bash +telepresence helm install --namespace prod --set 'managerRbac.namespaced=true' --set 'managerRbac.namespaces={staging,prod}' +``` + +This would fail with an error: + +``` +Error: rendered manifests contain a resource that already exists. Unable to continue with install: ConfigMap "traffic-manager-claim" in namespace "staging" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-namespace" must equal "prod": current value is "dev" +``` + +To fix this error, fix the overlap either by removing `staging` from the first install, or from the second. + +#### Namespace scoped user permissions + +Optionally, you can also configure user rbac to be scoped to the same namespaces as the manager itself. +You might want to do this if you don't give your users permissions throughout the cluster, and want to make sure they only have the minimum set required to perform telepresence commands on certain namespaces. + +Continuing with the `dev` and `staging` example from the previous section, simply add the following to `values.yaml` (make sure you set the `subjects`!): + +```yaml +clientRbac: + create: true + + # These are the users or groups to which the user rbac will be bound. + # This MUST be set. + subjects: {} + # - kind: User + # name: jane + # apiGroup: rbac.authorization.k8s.io + + namespaced: true + + namespaces: + - dev + - staging +``` + +### Installing RBAC only + +Telepresence Traffic Manager does require some [RBAC](../reference/rbac.md) for the traffic-manager deployment itself, as well as for users. +To make it easier for operators to introspect / manage RBAC separately, you can use `rbac.only=true` to +only create the rbac-related objects. +Additionally, you can use `clientRbac.create=true` and `managerRbac.create=true` to toggle which subset(s) of RBAC objects you wish to create. diff --git a/versioned_docs/version-2.21/install/upgrade.md b/versioned_docs/version-2.21/install/upgrade.md new file mode 100644 index 00000000..37d13bf7 --- /dev/null +++ b/versioned_docs/version-2.21/install/upgrade.md @@ -0,0 +1,77 @@ +--- +title: Upgrade client +description: "How to upgrade your installation of Telepresence and install previous versions." +hide_table_of_contents: true +--- + +import Platform from '@site/src/components/Platform'; + +# Upgrade Process +The Telepresence CLI will periodically check for new versions and notify you when an upgrade is available. Running the same commands used for installation will replace your current binary with the latest version. + +Before upgrading your CLI, you must stop any live Telepresence processes by issuing `telepresence quit -s` (or `telepresence quit -ur` +if your current version is less than 2.8.0). + + + + + +## Upgrade with brew: +```shell +brew upgrade telepresenceio/telepresence/telepresence-oss +``` + +## OR upgrade by downloading the binary for your platform + +### Intel Macs + +```shell +# 1. Download the binary. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-amd64 -o /usr/local/bin/telepresence + +# 2. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + +### Apple silicon Macs + +```shell +# 1. Ensure that no old binary exists. This is very important because Silicon macs track the executable's signature +# and just updating it in place will not work. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-amd64 -o /usr/local/bin/telepresence + +# 2. Download the binary. +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-arm64 -o /usr/local/bin/telepresence + +# 3. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + + + +```shell +# 1. Download the latest binary (~95 MB): +sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-linux-amd64 -o /usr/local/bin/telepresence + +# 2. Make the binary executable: +sudo chmod a+x /usr/local/bin/telepresence +``` + + + + +To upgrade Telepresence,[Click here to download the Telepresence binary](https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-windows-amd64.zip). + +Once you have the binary downloaded and unzipped you will need to do a few things: + +1. Rename the binary from `telepresence-windows-amd64.exe` to `telepresence.exe` +2. Move the binary to `C:\Program Files (x86)\$USER\Telepresence\` + + + + + +The Telepresence CLI contains an embedded Helm chart. See [Install/Uninstall the Traffic Manager](manager.md) if you want to also upgrade +the Traffic Manager in your cluster. + +![scarf](https://static.scarf.sh/a.png?x-pxid=d842651a-2e4d-465a-98e1-4808722c01ab) diff --git a/versioned_docs/version-2.21/licenses.md b/versioned_docs/version-2.21/licenses.md new file mode 100644 index 00000000..47737aa8 --- /dev/null +++ b/versioned_docs/version-2.21/licenses.md @@ -0,0 +1,8 @@ +Telepresence CLI incorporates Free and Open Source software under the following licenses: + +* [2-clause BSD license](https://opensource.org/licenses/BSD-2-Clause) +* [3-clause BSD license](https://opensource.org/licenses/BSD-3-Clause) +* [Apache License 2.0](https://opensource.org/licenses/Apache-2.0) +* [ISC license](https://opensource.org/licenses/ISC) +* [MIT license](https://opensource.org/licenses/MIT) +* [Mozilla Public License 2.0](https://opensource.org/licenses/MPL-2.0) diff --git a/versioned_docs/version-2.21/quick-start.md b/versioned_docs/version-2.21/quick-start.md new file mode 100644 index 00000000..7217ffad --- /dev/null +++ b/versioned_docs/version-2.21/quick-start.md @@ -0,0 +1,113 @@ +--- +title: Quick start +description: "Start using Telepresence in your own environment. Follow these steps to intercept your service in your cluster." +hide_table_of_contents: true +--- + +# Telepresence Quickstart + +Telepresence is an open source tool that enables you to set up remote development environments for Kubernetes where you can still use all of your favorite local tools like IDEs, debuggers, and profilers. + +## Prerequisites + +- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/), the Kubernetes command-line tool, or the OpenShift Container Platform command-line interface, [oc](https://docs.openshift.com/container-platform/4.2/cli_reference/openshift_cli/getting-started-cli.html#cli-installing-cli_cli-developer-commands). +- A Kubernetes Deployment and Service. + +## Install Telepresence + +Follow [Install Client](install/client.md) and [Install Traffic Manager](install/manager.md) instructions to install the +telepresence client on your workstation, and the traffic manager in your cluster. + +## Intercept Your Service + +With Telepresence, you can create [intercepts](concepts/intercepts.md) that intercept all traffic going to a service in your remote cluster and route it to your local environment instead. + +1. Connect to your cluster with `telepresence connect` and connect to the Kubernetes API server. A 401 response code is expected and indicates that the service could be reached: + + ``` + $ telepresence connect + connected to context + + ``` + + ```console + $ curl -ik https://kubernetes.default + HTTP/1.1 401 Unauthorized + Cache-Control: no-cache, private + Content-Type: application/json + ... + + ``` + + You now have access to your remote Kubernetes API server as if you were on the same network. You can now use any local tools to connect to any service in the cluster. + +2. Enter `telepresence list` and make sure the service you want to intercept is listed. For example: + + ```console + $ telepresence list + ... + example-service: ready to intercept (traffic-agent not yet installed) + ... + ``` + +3. Get the name of the port you want to intercept on your service: + `kubectl get service --output yaml`. + + For example: + + ```console + $ kubectl get service example-service --output yaml + ... + ports: + - name: http + port: 80 + protocol: TCP + targetPort: http + ... + ``` + +4. Intercept all traffic going to the service in your cluster: + + ```console + $ telepresence intercept --port [:] --env-file ` + ``` + + - For `--port`: specify the port the local instance of your service is running on. If the intercepted service exposes multiple ports, specify the port you want to intercept after a colon. + - For `--env-file`: specify a file path for Telepresence to write the environment variables that are set in the pod. + The example below shows Telepresence intercepting traffic going to service `example-service`. Requests now reach the service on port `http` in the cluster get routed to `8080` on the workstation and write the environment variables of the service to `~/example-service-intercept.env`. + + ``` + $ telepresence intercept example-service --port 8080:http --env-file ~/example-service-intercept.env + Using Deployment example-service + intercepted + Intercept name: example-service + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Intercepting : all TCP connections + ``` + +5. Start your local environment using the environment variables retrieved in the previous step. + +The following are some examples of how to pass the environment variables to your local process: + +- **Docker:** enter `docker run` and provide the path to the file using the `--env-file` argument. For more information about Docker run commands, see the [Docker command-line reference documentation](https://docs.docker.com/engine/reference/commandline/run/#env). +- **Visual Studio Code:** specify the path to the environment variables file in the `envFile` field of your configuration. +- **JetBrains IDE (IntelliJ, WebStorm, PyCharm, GoLand, etc.):** use the [EnvFile plugin](https://plugins.jetbrains.com/plugin/7861-envfile). + +6. Query the environment in which you intercepted a service and verify your local instance being invoked. + All the traffic previously routed to your Kubernetes Service is now routed to your local environment + +## 🎉 You've Unlocked a Faster Development Workflow for Kubernetes with Telepresence + +Now, with Telepresence, you can: + +- Make changes on the fly and see them reflected when interacting with your remote Kubernetes environment, this is just like hot reloading, but it works across both local and remote environments. +- Query services and microservice APIs that are only accessible in your remote cluster's network. +- Set breakpoints in your IDE and re-route remote traffic to your local machine to investigate bugs with realistic user traffic and API calls. + +> [!TIP] +> **Didn't work?** Make sure the port you're listening on matches the one you specified when you created your intercept. + +## What’s Next? +- [Learn about the Telepresence architecture.](reference/architecture) diff --git a/versioned_docs/version-2.21/redirects.yml b/versioned_docs/version-2.21/redirects.yml new file mode 100644 index 00000000..5961b347 --- /dev/null +++ b/versioned_docs/version-2.21/redirects.yml @@ -0,0 +1 @@ +- {from: "", to: "quick-start"} diff --git a/versioned_docs/version-2.21/reference/architecture.md b/versioned_docs/version-2.21/reference/architecture.md new file mode 100644 index 00000000..93e29853 --- /dev/null +++ b/versioned_docs/version-2.21/reference/architecture.md @@ -0,0 +1,48 @@ +--- +title: Architecture +description: How Telepresence works to intercept traffic from your Kubernetes cluster to code running on your laptop. +hide_table_of_contents: true +--- + +# Telepresence Architecture + +![Architecture](../images/TP_Architecture.svg) + +## Telepresence CLI + +The Telepresence CLI orchestrates the moving parts on the workstation: it starts the Telepresence Daemons and then acts +as a user-friendly interface to the Telepresence User Daemon. + +## Telepresence Daemons +Telepresence has Daemons that run on a developer's workstation and act as the main point of communication to the cluster's +network in order to communicate with the cluster and handle intercepted traffic. + +### User-Daemon +The User-Daemon coordinates the creation and deletion of ingests and intercepts by communicating with the [Traffic Manager](#traffic-manager). +All requests from and to the cluster go through this Daemon. + +### Root-Daemon +The Root-Daemon manages the networking necessary to handle traffic between the local workstation and the cluster by setting up a +[Virtual Network Device](tun-device.md) (VIF). For a detailed description of how the VIF manages traffic and why it is necessary +please refer to this blog post: +[Implementing Telepresence Networking with a TUN Device](https://blog.getambassador.io/implementing-telepresence-networking-with-a-tun-device-a23a786d51e9). + +## Traffic Manager + +The Traffic Manager is the central point of communication between Traffic Agents in the cluster and Telepresence Daemons +on developer workstations. It is responsible for injecting the Traffic Agent sidecar into ingested or intercepted pods, +proxying all relevant inbound and outbound traffic, and tracking active intercepts. + +The Traffic-Manager is installed by a cluster administrator. It can either be installed using the Helm chart embedded +in the telepresence client binary (`telepresence helm install`) or by using a Helm Chart directly. + +## Traffic Agent + +The Traffic Agent is a sidecar container that facilitates ingests and intercepts. When an ingest or intercept is first +started, the Traffic Agent container is injected into the workload's pod(s). You can see the Traffic Agent's status by +running `telepresence list` or `kubectl describe pod `. + +Depending on if an intercept is active or not, the Traffic Agent will either route the incoming request to a +your workstation, or it will pass it along to the container in the pod usually handling requests on that port. + +Please see [Traffic Agent Sidecar](intercepts/sidecar.md) for details. \ No newline at end of file diff --git a/versioned_docs/version-2.21/reference/client.md b/versioned_docs/version-2.21/reference/client.md new file mode 100644 index 00000000..73aa5e13 --- /dev/null +++ b/versioned_docs/version-2.21/reference/client.md @@ -0,0 +1,36 @@ +--- +title: Client reference +description: CLI options for Telepresence to intercept traffic from your Kubernetes cluster to code running on your laptop. +hide_table_of_contents: true +--- + +# Client reference + +The [Telepresence CLI client](../quick-start.md) is used to connect Telepresence to your cluster, start and stop intercepts, and create preview URLs. All commands are run in the form of `telepresence `. + +## Commands + +A list of all CLI commands and flags is available by running `telepresence help`, but here is more detail on the most common ones. +You can append `--help` to each command below to get even more information about its usage. + +| Command | Description | +|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `completion` | Generate a shell completion script for bash, zsh, fish, or powershell | +| `config view` | View current Telepresence configuration | +| `connect` | Starts the local daemon and connects Telepresence to a namespace in your cluster. After connecting, outbound traffic is routed to the cluster so that you can interact with services as if your laptop was another pod (for example, curling a service by it's name) | +| `curl` | curl using a containerized executable that shares the network established by a connect. Especially useful when using `connect --docker`. | +| `docker-run` | run a docker image in a container that shares the network established by a connect. Especially useful when using `connect --docker`. | +| `gather-logs` | Gather logs from traffic-manager, traffic-agents, user, and root daemons, and export them into a zip file that can be shared with others or included with a github issue. Use `--get-pod-yaml` to include the yaml for the `traffic-manager` and `traffic-agent`s. Use `--anonymize` to replace the actual pod names + namespaces used for the `traffic-manager` and pods containing `traffic-agent`s in the logs. | +| `helm install` | Install the traffic-manager using the helm chart embedded in the telepresence executable. | +| `helm upgrade` | Upgrade the traffic-manager using the helm chart embedded in the telepresence executable. | +| `helm uninstall` | Uninstall the traffic-manager and all traffic-agents. | +| `ingest` | Ingest a container to get access to its mounted volumes and environment variables: `telepresence ingest --container --env-file ` When used with a `--` separator, this command can also start a process so you can run a local instance of the ingested container. | + | +| `intercept` | Intercepts a service to get its ingress traffic routed to the workstation and access to its mounted volumes and environment variables: `telepresence intercept --port ` (use `port/UDP` to force UDP). When used with a `--` separator, this command can also start a process so you can run a local instance of the service you are intercepting. | +| `leave` | Stops an active ingest or intercept: `telepresence leave hello`. | +| `list` | Lists all workloads that are eligible for ingest or intercept. | +| `loglevel` | Temporarily change the log-level. The default duration (30 minutes) can be altered using `-d `. The flags `--local-only` and `--remote-only` can be used to alter the scope of the change. | +| `quit` | Tell Telepresence daemons to quit. | +| `status` | Shows the current connectivity status. | +| `uninstall` | Uninstalls a Traffic Agent for a specific workload. Use the `--all-agents` flag to remove all Traffic Agents from all workloads. | +| `version` | Show version of Telepresence CLI + Traffic-Manager (if connected) | \ No newline at end of file diff --git a/versioned_docs/version-2.21/reference/cluster-config.md b/versioned_docs/version-2.21/reference/cluster-config.md new file mode 100644 index 00000000..16a81310 --- /dev/null +++ b/versioned_docs/version-2.21/reference/cluster-config.md @@ -0,0 +1,181 @@ +--- +title: Cluster-side configuration +--- +# Cluster-side configuration + +For the most part, Telepresence doesn't require any special +configuration in the cluster and can be used right away in any +cluster (as long as the user has adequate [RBAC permissions](rbac.md). + +## Helm Chart configuration +Some cluster specific configuration can be provided when installing +or upgrading the Telepresence cluster installation using Helm. Once +installed, the Telepresence client will configure itself from values +that it receives when connecting to the Traffic manager. + +See the Helm chart [README](https://artifacthub.io/packages/helm/telepresence-oss/telepresence-oss/$version$) +for a full list of available configuration settings. + +### Values +To add configuration, create a yaml file with the configuration values and then use it executing `telepresence helm install [--upgrade] --values ` + +## Client Configuration + +It is possible for the Traffic Manager to automatically push config to all +connecting clients. To learn more about this, please see the [client config docs](config.md#global-configuration) + +## Traffic Manager Configuration + +The `trafficManager` structure of the Helm chart configures the behavior of the Telepresence traffic manager. + +## Agent Configuration + +The `agent` structure of the Helm chart configures the behavior of the Telepresence agents. + +### Image Configuration + +The `agent.image` structure contains the following values: + +| Setting | Meaning | +|------------|-----------------------------------------------------------------------------| +| `registry` | Registry used when downloading the image. Defaults to "docker.io/datawire". | +| `name` | The name of the image. Defaults to "tel2" | +| `tag` | The tag of the image. Defaults to $version$ | + +### Log level + +The `agent.LogLevel` controls the log level of the traffic-agent. See [Log Levels](config.md#log-levels) for more info. + +### Resources + +The `agent.resources` and `agent.initResources` will be used as the `resources` element when injecting traffic-agents and init-containers. + +## Mutating Webhook + +Telepresence uses a Mutating Webhook to inject the [Traffic Agent](architecture.md#traffic-agent) sidecar container and update the +port definitions. This means that an ingested or intercepted workload (Deployment, StatefulSet, ReplicaSet, ArgoRollout) will remain untouched +and in sync as far as GitOps workflows (such as ArgoCD) are concerned. + +The injection will happen on demand the first time an attempt is made to ingest or intercept the workload. + +If you want to prevent that the injection ever happens, simply add the `telepresence.getambassador.io/inject-traffic-agent: disabled` +annotation to your workload template's annotations: + +```diff + spec: + template: + metadata: + labels: + service: your-service ++ annotations: ++ telepresence.getambassador.io/inject-traffic-agent: disabled + spec: + containers: +``` + +### Service Name and Port Annotations + +Telepresence will automatically find all services and all ports that will connect to a workload and make them available +for an intercept, but you can explicitly define that only one service and/or port can be intercepted. + +```diff + spec: + template: + metadata: + labels: + service: your-service + annotations: ++ telepresence.getambassador.io/inject-service-name: my-service ++ telepresence.getambassador.io/inject-service-port: https + spec: + containers: +``` + +### Ignore Certain Volume Mounts + +An annotation `telepresence.getambassador.io/inject-ignore-volume-mounts` can be used to make the injector ignore certain volume mounts denoted by a comma-separated string. The specified volume mounts from the original container will not be appended to the agent sidecar container. + +```diff + spec: + template: + metadata: + annotations: ++ telepresence.getambassador.io/inject-ignore-volume-mounts: "foo,bar" + spec: + containers: +``` + +### Note on Numeric Ports + +If the `targetPort` of your intercepted service is pointing at a port number, in addition to +injecting the Traffic Agent sidecar, Telepresence will also inject an `initContainer` that will +reconfigure the pod's firewall rules to redirect traffic to the Traffic Agent. + +> [!IMPORTANT] +> Note that this `initContainer` requires `NET_ADMIN` capabilities. If your cluster administrator has disabled them, you will be unable to use numeric ports with the agent injector. + +For example, the following service is using a numeric port, so Telepresence would inject an initContainer into it: +```yaml +apiVersion: v1 +kind: Service +metadata: + name: your-service +spec: + type: ClusterIP + selector: + service: your-service + ports: + - port: 80 + targetPort: 8080 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: your-service + labels: + service: your-service +spec: + replicas: 1 + selector: + matchLabels: + service: your-service + template: + metadata: + annotations: + telepresence.getambassador.io/inject-traffic-agent: enabled + labels: + service: your-service + spec: + containers: + - name: your-container + image: jmalloc/echo-server + ports: + - containerPort: 8080 +``` + +## Excluding Envrionment Variables + +If your pod contains sensitive variables like a database password, or third party API Key, you may want to exclude those from being propagated through an intercept. +Telepresence allows you to configure this through a ConfigMap that is then read and removes the sensitive variables. + +This can be done in two ways: + +When installing your traffic-manager through helm you can use the `--set` flag and pass a comma separated list of variables: + +`telepresence helm install --set intercept.environment.excluded="{DATABASE_PASSWORD,API_KEY}"` + +This also applies when upgrading: + +`telepresence helm upgrade --set intercept.environment.excluded="{DATABASE_PASSWORD,API_KEY}"` + +Once this is completed, the environment variables will no longer be in the environment file created by an Intercept. + +The other way to complete this is in your custom `values.yaml`. Customizing your traffic-manager through a values file can be viewed [here](../install/manager.md). + +```yaml +intercept: + environment: + excluded: ['DATABASE_PASSWORD', 'API_KEY'] +``` + +You can exclude any number of variables, they just need to match the `key` of the variable within a pod to be excluded. diff --git a/versioned_docs/version-2.21/reference/config.md b/versioned_docs/version-2.21/reference/config.md new file mode 100644 index 00000000..c9e22895 --- /dev/null +++ b/versioned_docs/version-2.21/reference/config.md @@ -0,0 +1,342 @@ +--- +title: Laptop-side configuration +--- + +# Laptop-side configuration + +There are a number of configuration values that can be tweaked to change how Telepresence behaves. +These can be set in three ways: globally, by a platform engineer with powers to deploy the Telepresence Traffic Manager, or locally by any user, either in the Telepresence configuration file `config.yml`, or as a Telepresence extension the Kubernetes configuration. +One important exception is the configuration of the of the traffic manager namespace, which, if it's different from the default of `ambassador`, [must be set](#manager) locally to be able to connect. + +## Global Configuration + +Global configuration is set at the Traffic Manager level and applies to any user connecting to that Traffic Manager. +To set it, simply pass in a `client` dictionary to the `telepresence helm install` command, with any config values you wish to set. + +The `client` config supports values for [cluster](#cluster), [dns](#dns), [grpc](#grpc), [images](#images), [logLevels](#log-levels), [routing](#routing), +and [timeouts](#timeouts). + +Here is an example configuration to show you the conventions of how Telepresence is configured: +**note: This config shouldn't be used verbatim, since the registry `privateRepo` used doesn't exist** + +```yaml +client: + timeouts: + agentInstall: 1m + intercept: 10s + logLevels: + userDaemon: debug + images: + registry: privateRepo # This overrides the default docker.io/datawire repo + agentImage: tel2:$version$ # This overrides the agent image to inject when intercepting + grpc: + maxReceiveSize: 10Mi + dns: + includeSuffixes: [.private] + excludeSuffixes: [.se, .com, .io, .net, .org, .ru] + lookupTimeout: 30s + routing: + alsoProxySubnets: + - 1.2.3.4/32 + neverProxySubnets: + - 1.2.3.4/32 +``` + +### Cluster +Values for `client.cluster` controls aspects on how client's connection to the traffic-manager. + +| Field | Description | Type | Default | +|---------------------------|--------------------------------------------------------------------|---------------------------------------------|--------------------| +| `defaultManagerNamespace` | The default namespace where the Traffic Manager will be installed. | [string][yaml-str] | ambassador | +| `mappedNamespaces` | Namespaces that will be mapped by default. | [sequence][yaml-seq] of [strings][yaml-str] | `[]` | +| `connectFromRootDaeamon` | Make connections to the cluster directly from the root daemon. | [boolean][yaml-bool] | `true` | +| `agentPortForward` | Let telepresence-client use port-forwards directly to agents | [boolean][yaml-bool] | `true` | + +### DNS + +The `client.dns` configuration offers options for configuring the DNS resolution behavior in a client application or system. Here is a summary of the available fields: + +The fields for `client.dns` are: `localIP`, `excludeSuffixes`, `includeSuffixes`, and `lookupTimeout`. + +| Field | Description | Type | Default | +|-------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------|----------------------------------------------------| +| `localIP` | The address of the local DNS server. This entry is only used on Linux systems that are not configured to use systemd-resolved. | IP address [string][yaml-str] | first `nameserver` mentioned in `/etc/resolv.conf` | +| `excludeSuffixes` | Suffixes for which the DNS resolver will always fail (or fallback in case of the overriding resolver). Can be globally configured in the Helm chart. | [sequence][yaml-seq] of [strings][yaml-str] | `[".arpa", ".com", ".io", ".net", ".org", ".ru"]` | +| `includeSuffixes` | Suffixes for which the DNS resolver will always attempt to do a lookup. Includes have higher priority than excludes. Can be globally configured in the Helm chart. | [sequence][yaml-seq] of [strings][yaml-str] | `[]` | +| `excludes` | Names to be excluded by the DNS resolver | `[]` | +| `mappings` | Names to be resolved to other names (CNAME records) or to explicit IP addresses | `[]` | +| `lookupTimeout` | Maximum time to wait for a cluster side host lookup. | [duration][go-duration] [string][yaml-str] | 4 seconds | + +Here is an example values.yaml: +```yaml +client: + dns: + includeSuffixes: [.private] + excludeSuffixes: [.se, .com, .io, .net, .org, .ru] + localIP: 8.8.8.8 + lookupTimeout: 30s +``` + +#### Mappings + +Allows you to map hostnames to aliases or to IP addresses. This is useful when you want to use an alternative name for a service in the cluster, or when you want the DNS resolver to map a name to an IP address of your choice. + +In the given cluster, the service named `postgres` is located within a separate namespace titled `big-data`, and it's referred to as `psql` : + +```yaml +dns: + mappings: + - name: postgres + aliasFor: psql.big-data + - name: my.own.domain + aliasFor: 192.168.0.15 +``` + +#### Exclude + +Lists service names to be excluded from the Telepresence DNS server. This is useful when you want your application to interact with a local service instead of a cluster service. In this example, "redis" will not be resolved by the cluster, but locally. + +```yaml +dns: + excludes: + - redis +``` + +### Grpc +The `maxReceiveSize` determines how large a message that the workstation receives via gRPC can be. The default is 4Mi (determined by gRPC). All traffic to and from the cluster is tunneled via gRPC. + +The size is measured in bytes. You can express it as a plain integer or as a fixed-point number using E, G, M, or K. You can also use the power-of-two equivalents: Gi, Mi, Ki. For example, the following represent roughly the same value: +``` +128974848, 129e6, 129M, 123Mi +``` + +### Images +Values for `client.images` are strings. These values affect the objects that are deployed in the cluster, +so it's important to ensure users have the same configuration. + +These are the valid fields for the `client.images` key: + +| Field | Description | Type | Default | +|---------------|------------------------------------------------------------------------------------------|------------------------------------------------|-------------------------------------| +| `registry` | Docker registry to be used for installing the Traffic Manager and default Traffic Agent. | Docker registry name [string][yaml-str] | `docker.io/datawire` | +| `agentImage` | `$registry/$imageName:$imageTag` to use when installing the Traffic Agent. | qualified Docker image name [string][yaml-str] | (unset) | +| `clientImage` | `$registry/$imageName:$imageTag` to use locally when connecting with `--docker`. | qualified Docker image name [string][yaml-str] | `$registry/ambassador-telepresence` | + +### Intercept + +The `intercept` controls applies to how Telepresence will intercept the communications to the intercepted service. + +| Field | Description | Type | Default | +|-----------------------|------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|--------------| +| `defaultPort` | controls which port is selected when no `--port` flag is given to the `telepresence intercept` command. | int | 8080 | +| `useFtp` | Use fuseftp instead of sshfs when mounting remote file systems | boolean | false | + +### Log Levels + +Values for the `client.logLevels` fields are one of the following strings, +case-insensitive: + +- `trace` +- `debug` +- `info` +- `warning` or `warn` +- `error` + +For whichever log-level you select, you will get logs labeled with that level and of higher severity. +(e.g. if you use `info`, you will also get logs labeled `error`. You will NOT get logs labeled `debug`. + +These are the valid fields for the `client.logLevels` key: + +| Field | Description | Type | Default | +|--------------|---------------------------------------------------------------------|---------------------------------------------|---------| +| `userDaemon` | Logging level to be used by the User Daemon (logs to connector.log) | [loglevel][logrus-level] [string][yaml-str] | debug | +| `rootDaemon` | Logging level to be used for the Root Daemon (logs to daemon.log) | [loglevel][logrus-level] [string][yaml-str] | info | + +### Routing + +#### AlsoProxySubnets + +When using `alsoProxySubnets`, you provide a list of subnets to be added to the TUN device. +All connections to addresses that the subnet spans will be dispatched to the cluster + +Here is an example values.yaml for the subnet `1.2.3.4/32`: +```yaml +client: + routing: + alsoProxySubnets: + - 1.2.3.4/32 +``` + +#### NeverProxySubnets + +When using `neverProxySubnets` you provide a list of subnets. These will never be routed via the TUN device, +even if they fall within the subnets (pod or service) for the cluster. Instead, whatever route they have before +telepresence connects is the route they will keep. + +Here is an example kubeconfig for the subnet `1.2.3.4/32`: + +```yaml +client: + routing: + neverProxySubnets: + - 1.2.3.4/32 +``` + +#### Using AlsoProxy together with NeverProxy + +Never proxy and also proxy are implemented as routing rules, meaning that when the two conflict, regular routing routes apply. +Usually this means that the most specific route will win. + +So, for example, if an `alsoProxySubnets` subnet falls within a broader `neverProxySubnets` subnet: + +```yaml +neverProxySubnets: [10.0.0.0/16] +alsoProxySubnets: [10.0.5.0/24] +``` + +Then the specific `alsoProxySubnets` of `10.0.5.0/24` will be proxied by the TUN device, whereas the rest of `10.0.0.0/16` will not. + +Conversely, if a `neverProxySubnets` subnet is inside a larger `alsoProxySubnets` subnet: + +```yaml +alsoProxySubnets: [10.0.0.0/16] +neverProxySubnets: [10.0.5.0/24] +``` + +Then all of the `alsoProxySubnets` of `10.0.0.0/16` will be proxied, with the exception of the specific `neverProxySubnets` of `10.0.5.0/24` + +These are the valid fields for the `client.routing` key: + +| Field | Description | Type | Default | +|---------------------------|----------------------------------------------------------------------------------------|-------------------------|--------------------| +| `alsoProxySubnets` | Proxy these subnets in addition to the service and pod subnets | [CIDR][cidr] | | +| `neverProxySubnets` | Do not proxy these subnets | [CIDR][cidr] | | +| `allowConflictingSubnets` | Give Telepresence precedence when these subnets conflict with other network interfaces | [CIDR][cidr] | | +| `recursionBlockDuration` | Prevent recursion in VIF for this duration after a connect | [duration][go-duration] | | +| `virtualSubnet` | The CIDR to use when generating virtual IPs | [CIDR][cidr] | platform dependent | +| `autoResolveConflicts` | Auto resolve conflicts using a virtual subnet | [bool][yaml-bool] | true | + + +### Timeouts + +Values for `client.timeouts` are all durations either as a number of seconds +or as a string with a unit suffix of `ms`, `s`, `m`, or `h`. Strings +can be fractional (`1.5h`) or combined (`2h45m`). + +These are the valid fields for the `timeouts` key: + +| Field | Description | Type | Default | +|-------------------------|------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------|-----------------| +| `agentInstall` | Waiting for Traffic Agent to be installed | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 2 minutes | +| `apply` | Waiting for a Kubernetes manifest to be applied | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 1 minute | +| `clusterConnect` | Waiting for cluster to be connected | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 20 seconds | +| `connectivityCheck` | Timeout used when checking if cluster is already proxied on the workstation | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 500 ms (max 5s) | +| `endpointDial` | Waiting for a Dial to a service for which the IP is known | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 3 seconds | +| `roundtripLatency` | How much to add to the endpointDial timeout when establishing a remote connection | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 2 seconds | +| `intercept` | Waiting for an intercept to become active | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 30 seconds | +| `proxyDial` | Waiting for an outbound connection to be established | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 5 seconds | +| `trafficManagerConnect` | Waiting for the Traffic Manager API to connect for port forwards | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 60 seconds | +| `trafficManagerAPI` | Waiting for connection to the gPRC API after `trafficManagerConnect` is successful | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 15 seconds | +| `helm` | Waiting for Helm operations (e.g. `install`) on the Traffic Manager | [int][yaml-int] or [float][yaml-float] number of seconds, or [duration][go-duration] [string][yaml-str] | 30 seconds | + +## Local Overrides + +In addition, it is possible to override each of these variables at the local level by setting up new values in local config files. +There are two types of config values that can be set locally: those that apply to all clusters, which are set in a single `config.yml` file, and those +that only apply to specific clusters, which are set as extensions to the `$KUBECONFIG` file. + +### Config for all clusters +Telepresence uses a `config.yml` file to store and change those configuration values that will be used for all clusters you use Telepresence with. +The location of this file varies based on your OS: + +* macOS: `$HOME/Library/Application Support/telepresence/config.yml` +* Linux: `$XDG_CONFIG_HOME/telepresence/config.yml` or, if that variable is not set, `$HOME/.config/telepresence/config.yml` +* Windows: `%APPDATA%\telepresence\config.yml` + +For Linux, the above paths are for a user-level configuration. For system-level configuration, use the file at `$XDG_CONFIG_DIRS/telepresence/config.yml` or, if that variable is empty, `/etc/xdg/telepresence/config.yml`. If a file exists at both the user-level and system-level paths, the user-level path file will take precedence. + +### Values + +The definitions of the values in the `config.yml` are identical to those values in the `client` config above, but without the top level `client` key. + +Here is an example configuration to show you the conventions of how Telepresence is configured: +**note: This config shouldn't be used verbatim, since the registry `privateRepo` used doesn't exist** + +```yaml +timeouts: + agentInstall: 1m + intercept: 10s +logLevels: + userDaemon: debug +images: + registry: privateRepo # This overrides the default docker.io/datawire repo + agentImage: tel2:$version$ # This overrides the agent image to inject when intercepting +grpc: + maxReceiveSize: 10Mi +``` + + +## Workstation Per-Cluster Configuration + +Configuration that is specific to a cluster can also be overriden per-workstation by modifying your `$KUBECONFIG` file. +It is recommended that you do not do this, and instead rely on upstream values provided to the Traffic Manager. This ensures +that all users that connect to the Traffic Manager will behave the same. +An important exception to this is the [`cluster.defaultManagerNamespace` configuration](#manager) which must be set locally. + +### Values + +The definitions of the values in the Telepresence kubeconfig extension are identical to those values in the `config.yml` config. The values will be merged into the config and have higher +priority when Telepresence is connected to the extended cluster. + +Example kubeconfig: +```yaml +apiVersion: v1 +clusters: +- cluster: + server: https://127.0.0.1 + extensions: + - name: telepresence.io + extension: + cluster: + defaultManagerNamespace: staging + dns: + includeSuffixes: [.private] + excludeSuffixes: [.se, .com, .io, .net, .org, .ru] + routing: + neverProxy: [10.0.0.0/16] + alsoProxy: [10.0.5.0/24] + name: example-cluster +``` + +#### Manager + +This is the one cluster configuration that cannot be set using the Helm chart because it defines how Telepresence connects to +the Traffic manager. When not default, that setting needs to be configured in the workstation's kubeconfig for the cluster. + +The `cluster.defaultManagerNamespace` key contains configuration for finding the `traffic-manager` that telepresence will connect to. + +Here is an example kubeconfig that will instruct telepresence to connect to a manager in namespace `staging`. The setting can be overridden using the Telepresence connect flag `--manager-namespace`. + +Please note that the `cluster.defaultManagerNamespace` can be set in the `config.yml` too, but will then not be unique per cluster. + +```yaml +apiVersion: v1 +clusters: + - cluster: + server: https://127.0.0.1 + extensions: + - name: telepresence.io + extension: + cluster: + defaultManagerNamespace: staging + name: example-cluster +``` + +[yaml-bool]: https://yaml.org/type/bool.html +[yaml-float]: https://yaml.org/type/float.html +[yaml-int]: https://yaml.org/type/int.html +[yaml-seq]: https://yaml.org/type/seq.html +[yaml-str]: https://yaml.org/type/str.html +[go-duration]: https://pkg.go.dev/time#ParseDuration +[logrus-level]: https://github.com/sirupsen/logrus/blob/v1.8.1/logrus.go#L25-L45 +[cidr]: https://www.geeksforgeeks.org/classless-inter-domain-routing-cidr/ diff --git a/versioned_docs/version-2.21/reference/dns.md b/versioned_docs/version-2.21/reference/dns.md new file mode 100644 index 00000000..3265a444 --- /dev/null +++ b/versioned_docs/version-2.21/reference/dns.md @@ -0,0 +1,71 @@ +--- +title: DNS resolution +hide_table_of_contents: true +--- +# DNS resolution + +The Telepresence DNS resolver is dynamically configured to resolve names using the namespaces of currently active intercepts. Processes running locally on the desktop will have network access to all services in the such namespaces by service-name only. + +All intercepts contribute to the DNS resolver, even those that do not use the `--namespace=` option. This is because `--namespace default` is implied, and in this context, `default` is treated just like any other namespace. + +No namespaces are used by the DNS resolver (not even `default`) when no intercepts are active, which means that no service is available by `` only. Without an active intercept, the namespace qualified DNS name must be used (in the form `.`). + +See this demonstrated below, using the [quick start's](../quick-start.md) sample app services. + +No intercepts are currently running, we'll connect to the cluster and list the services that can be intercepted. + +``` +$ telepresence connect + + Connecting to traffic manager... + Connected to context default, namespace default (https://) + +$ telepresence list + + web-app: ready to intercept (traffic-agent not yet installed) + emoji : ready to intercept (traffic-agent not yet installed) + web : ready to intercept (traffic-agent not yet installed) + +$ curl web-app:80 + + + + + + Emoji Vote + ... +``` + +Now we'll start an intercept against another service. + +``` +$ telepresence intercept web --port 8080 + + Using Deployment web + intercepted + Intercept name : web + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Volume Mount Point: /tmp/telfs-166119801 + Intercepting : all TCP connections + +$ curl webapp:80 + + + + + + Emoji Vote + ... +``` + +The DNS resolver will also be able to resolve services using `.` regardless of what namespace the +client is connected to. + +### Supported Query Types + +The Telepresence DNS resolver is now capable of resolving queries of type `A`, `AAAA`, `CNAME`, +`MX`, `NS`, `PTR`, `SRV`, and `TXT`. + +See [Outbound connectivity](routing.md#dns-resolution) for details on DNS lookups. diff --git a/versioned_docs/version-2.21/reference/docker-run.md b/versioned_docs/version-2.21/reference/docker-run.md new file mode 100644 index 00000000..b702a50d --- /dev/null +++ b/versioned_docs/version-2.21/reference/docker-run.md @@ -0,0 +1,119 @@ +--- +title: Using Docker for intercepts +description: How a Telepresence intercept can run a Docker container with configured environment and volume mounts. +toc_min_heading_level: 2 +toc_max_heading_level: 2 +--- + +# Using Docker for intercepts + +## Using command flags + +### The docker flag +You can start the Telepresence daemon in a Docker container on your laptop using the command: + +```console +$ telepresence connect --docker +``` + +The `--docker` flag is a global flag, and if passed directly like `telepresence intercept --docker`, then the implicit connect that takes place if no connections are active, will use a container-based daemon. + +### The telepresence curl command + +The network interface that is added when connecting using `telepresence connect --docker` will not be accessible directly from the host computer. It is confined to the telepresence daemon container, and there you should not expect to be able to curl your cluster resources directly. + +You can use the `telepresence curl` command to curl your cluster resources. This command will run curl in a docker container that shares the network of the daemon container. + +### The telepresence docker-run command + +The `telepresence docker-run` command will start a container that automatically shares the daemon container network. It +will also circumvent Docker limitations that prevent containers that share another container's network to also make +ports available using `--publish`, `--expose`, or adding additional networks using `--network`. + +To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new +container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mappings, +ensuring that the desired ports are exposed to the local environment. + +### The ingest/intercept --docker-run flag + +If you want your ingest or intercept to use another Docker container, you can use the `--docker-run` flag. It creates the ingest or intercept, runs your container in the foreground, then automatically ends the ingest or intercept when the container exits. + +After establishing a connection to a cluster using `telepresence connect --docker`, the container started when using `--docker-run` will share +the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development +environment and the remote cluster. + +The `docker run` flags `--network`, `--publish`, or `--expose` are all available, just as with the `docker-run` command. + +```console +$ telepresence intercept --port --docker-run -- +``` +OR +```console +$ telepresence ingest --container --docker-run -- +``` + +The `--` separates flags intended for `telepresence ingest/intercept` from flags intended for `docker run`. + +It's recommended that you always use the `--docker-run` in combination with a connection started with the `telepresence connect --docker`, +because that makes everything less intrusive: + +- No admin user access is needed. Network modifications are confined to a Docker network. +- There's no need for special filesystem mount software like MacFUSE or WinFSP. The volume mounts happen in the Docker engine. + +The following happens under the hood when both flags are in use: + +- The network of for the ingest or intercept handler will be set to the same as the network used by the daemon. This guarantees that the + ingest or intercept handler can access the Telepresence VIF, and hence have access the cluster. +- Volume mounts will be automatic and made using the Telemount Docker volume plugin so that all volumes exposed by the targeted + remote container are mounted on the local handler container. +- The environment of the remote container becomes the environment of the local handler container. + +### The docker-build flag + +The `--docker-build ` and the repeatable `docker-build-opt key=value` flags enable container's to be build on the fly by the intercept command. + +When using `--docker-build`, the image name used in the argument list must be verbatim `IMAGE`. The word acts as a placeholder and will be replaced by the ID of the image that is built. + +The `--docker-build` flag implies `--docker-run`. + +## Using docker-run flag without docker + +It is possible to use `--docker-run` with a daemon running on your host, which is the default behavior of Telepresence. + +However, it isn't recommended since you'll be in a hybrid mode: while your intercept runs in a container, the daemon will modify the host network, and if remote mounts are desired, they may require extra software. + +The ability to use this special combination is retained for backward compatibility reasons. It might be removed in a future release of Telepresence. + +The `--port` flag has slightly different semantics and can be used in situations when the local and container port must be different. This +is done using `--port :`. The container port will default to the local port when using the `--port ` syntax. + +## Examples + +Imagine you are working on a new version of your frontend service. It is running in your cluster as a Deployment called `frontend-v1`. You use Docker on your laptop to build an improved version of the container called `frontend-v2`. To test it out, use this command to run the new container on your laptop and start an intercept of the cluster service to your local container. + +```console +$ telepresence intercept --docker frontend-v1 --port 8000 --docker-run -- frontend-v2 +``` + +Now, imagine that the `frontend-v2` image is built by a `Dockerfile` that resides in the directory `images/frontend-v2`. You can build and intercept directly. + +```console +$ telepresence intercept --docker frontend-v1 --port8000 --docker-build images/frontend-v2 --docker-build-opt tag=mytag -- IMAGE +``` + +## Automatic flags + +Telepresence will automatically pass some relevant flags to Docker in order to connect the container with the intercept. Those flags are combined with the arguments given after `--` on the command line. + +- `--env-file ` Loads the intercepted environment +- `--name intercept--` Names the Docker container, this flag is omitted if explicitly given on the command line +- `-v ` Volume mount specification, see CLI help for `--docker-mount` flags for more info + +When used with a container based daemon: +- `--rm` Mandatory, because the volume mounts cannot be removed until the container is removed. +- `-v :` Volume mount specifications propagated from the intercepted container +- `--network container:` Network is shared with the containerized daemon + +When used with a daemon that isn't container based: +- `--dns-search tel2-search` Enables single label name lookups in intercepted namespaces +- `-p ` The local port for the intercept and the container port diff --git a/versioned_docs/version-2.21/reference/environment.md b/versioned_docs/version-2.21/reference/environment.md new file mode 100644 index 00000000..7fb67968 --- /dev/null +++ b/versioned_docs/version-2.21/reference/environment.md @@ -0,0 +1,49 @@ +--- +title: Environment variables +description: "How Telepresence can import environment variables from your Kubernetes cluster to use with code running on your laptop." +hide_table_of_contents: true +--- + +# Environment variables + +Telepresence will import environment variables from the cluster container when running an ingest or intercept. +You can use these variables with the code running on your laptop. + +There are several options available to do this: + +1. `telepresence intercept [service] --port [port] --env-file=[FILENAME]` + + This will write the environment variables to a file. This file can be used when starting containers locally. The option `--env-syntax` + will allow control over the syntax of the file. Valid syntaxes are "docker", "compose", "sh", "csh", "cmd", and "ps" where "sh", "csh", + and "ps" can be suffixed with ":export". + +2. `telepresence intercept [service] --port [port] --env-file=[FILENAME] --env-syntax=json` + + This will write the environment variables to a JSON file. This file can be injected into other build processes. + +3. `telepresence intercept [service] --port [port] -- [COMMAND]` + + This will run a command locally with the pod's environment variables set on your laptop. Once the command quits the intercept is stopped (as if `telepresence leave [service]` was run). This can be used in conjunction with a local server command, such as `python [FILENAME]` or `node [FILENAME]` to run a service locally while using the environment variables that were set on the pod via a ConfigMap or other means. + + Another use would be running a subshell, Bash for example: + +4. `telepresence intercept [service] --port [port] -- /bin/bash` + + This would start the intercept then launch the subshell on your laptop with all the same variables set as on the pod. + +5. `telepresence intercept [service] --docker-run -- [CONTAINER]` + + This will ensure that the environment is propagated to the container. Will also work for `--docker-build` and `--docker-debug`. + +## Telepresence Environment Variables + +Telepresence adds some useful environment variables in addition to the ones imported from the intercepted pod: + +### TELEPRESENCE_ROOT +Directory where all remote volumes mounts are rooted. See [Volume Mounts](volume.md) for more info. + +### TELEPRESENCE_MOUNTS +Colon separated list of remotely mounted directories. + +### TELEPRESENCE_CONTAINER +The name of the intercepted container. Useful when a pod has several containers, and you want to know which one that was intercepted by Telepresence. diff --git a/versioned_docs/version-2.21/reference/inside-container.md b/versioned_docs/version-2.21/reference/inside-container.md new file mode 100644 index 00000000..db15d0af --- /dev/null +++ b/versioned_docs/version-2.21/reference/inside-container.md @@ -0,0 +1,38 @@ +--- +title: Running Telepresence inside a container +hide_table_of_contents: true +--- +# Running Telepresence inside a container + +## Run with the daemon and intercept handler in containers + +The `telepresence connect` command now has the option `--docker`. This option tells telepresence to start the Telepresence daemon in a +docker container. + +Running the daemon in a container brings many advantages. The daemon will no longer make modifications to the host's network or DNS, and +it will not mount files in the host's filesystem. Consequently, it will not need admin privileges to run, nor will it need special software +like macFUSE or WinFSP to mount the remote file systems. + +The intercept handler (the process that will receive the intercepted traffic) must also be a docker container, because that is the only +way to access the cluster network that the daemon makes available, and to mount the docker volumes needed. + +## Run everything in a container + +Environments like [GitHub Codespaces](https://docs.github.com/en/codespaces/overview) runs everything in a container. Your shell, the +telepresence CLI, and both its daemons. This means that the container must be configured so that it allows Telepresence to set up its +Virtual Network Interface before you issue a `telepresence connect`. + +There are several conditions that must be met. + +- Access to the `/dev/net/tun` device +- The `NET_ADMIN` capability +- If you're using IPv6, then you also need sysctl `net.ipv6.conf.all.disable_ipv6=0` + +The Codespaces `devcontainer.json` will typically need to include: + +```json + "runArgs": [ + "--privileged", + "--cap-add=NET_ADMIN", + ], +``` diff --git a/versioned_docs/version-2.21/reference/intercepts/cli.md b/versioned_docs/version-2.21/reference/intercepts/cli.md new file mode 100644 index 00000000..4ff9dd38 --- /dev/null +++ b/versioned_docs/version-2.21/reference/intercepts/cli.md @@ -0,0 +1,384 @@ +--- +title: Configure intercept using CLI +--- + +# Configuring intercept using CLI + +## Specifying a namespace for an intercept + +The namespace of the intercepted workload is specified during connect using the `--namespace` option. + +```shell +telepresence connect --namespace myns +telepresence intercept hello --port 9000 +``` + +## Importing environment variables + +Telepresence can import the environment variables from the pod that is +being intercepted, see [this doc](../environment.md) for more details. + +## Creating an intercept + +The following command will intercept all traffic bound to the service and proxy it to your +laptop. This includes traffic coming through your ingress controller, so use this option +carefully as to not disrupt production environments. + +```shell +telepresence intercept --port= +``` + +Run `telepresence status` to see the list of active intercepts. + +```console +$ telepresence status +OSS User Daemon: Running + Version : v2.18.0 + Executable : /usr/local/bin/telepresence + Install ID : 4b1658f3-7ff8-4af3-66693-f521bc1da32f + Status : Connected + Kubernetes server : https://cluster public IP> + Kubernetes context: default + Namespace : default + Manager namespace : ambassador + Intercepts : 1 total + dataprocessingnodeservice: @ +OSS Root Daemon: Running + Version: v2.18.0 + DNS : + Remote IP : 127.0.0.1 + Exclude suffixes: [.com .io .net .org .ru] + Include suffixes: [] + Timeout : 8s + Subnets: (2 subnets) + - 10.96.0.0/16 + - 10.244.0.0/24 +OSS Traffic Manager: Connected + Version : v2.19.0 + Traffic Agent: docker.io/datawire/tel2:2.18.0 +``` + +Finally, run `telepresence leave ` to stop the intercept. + +[kube-multi-port-services]: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + +```console +$ telepresence intercept --port=: +Using Deployment +intercepted + Intercept name : + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1: + Service Port Identifier: + Intercepting : all TCP connections +``` + +When intercepting a service that has multiple ports, the name of the +service port that has been intercepted is also listed. + +If you want to change which port has been intercepted, you can create +a new intercept the same way you did above and it will change which +service port is being intercepted. + +## Creating an intercept When multiple services match your workload + +Oftentimes, there's a 1-to-1 relationship between a service and a +workload, so telepresence is able to auto-detect which service it +should intercept based on the workload you are trying to intercept. +But if you use something like +[Argo](https://www.getambassador.io/docs/argo/latest/), there may be +two services (that use the same labels) to manage traffic between a +canary and a stable service. + +Fortunately, if you know which service you want to use when +intercepting a workload, you can use the `--service` flag. So in the +aforementioned example, if you wanted to use the `echo-stable` service +when intercepting your workload, your command would look like this: + +```console +$ telepresence intercept echo-rollout- --port --service echo-stable +Using ReplicaSet echo-rollout- +intercepted + Intercept name : echo-rollout- + State : ACTIVE + Workload kind : ReplicaSet + Destination : 127.0.0.1:3000 + Volume Mount Point: /var/folders/cp/2r22shfd50d9ymgrw14fd23r0000gp/T/telfs-921196036 + Intercepting : all TCP connections +``` + +## Intercepting multiple ports + +It is possible to intercept more than one service and/or service port that are using the same workload. You do this +by creating more than one intercept that identify the same workload using the `--workload` flag. + +Let's assume that we have a service `multi-echo` with the two ports `http` and `grpc`. They are both +targeting the same `multi-echo` deployment. + +```console +$ telepresence intercept multi-echo-http --workload multi-echo --port 8080:http +Using Deployment multi-echo +intercepted + Intercept name : multi-echo-http + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Service Port Identifier: http + Volume Mount Point : /tmp/telfs-893700837 + Intercepting : all TCP requests +$ telepresence intercept multi-echo-grpc --workload multi-echo --port 8443:grpc --mechanism tcp +Using Deployment multi-echo +intercepted + Intercept name : multi-echo-grpc + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8443 + Service Port Identifier: extra + Volume Mount Point : /tmp/telfs-1277723591 + Intercepting : all TCP requests +``` + +## Port-forwarding an intercepted container's sidecars + +Sidecars are containers that sit in the same pod as an application +container; they usually provide auxiliary functionality to an +application, and can usually be reached at +`localhost:${SIDECAR_PORT}`. For example, a common use case for a +sidecar is to proxy requests to a database, your application would +connect to `localhost:${SIDECAR_PORT}`, and the sidecar would then +connect to the database, perhaps augmenting the connection with TLS or +authentication. + +When intercepting a container that uses sidecars, you might want those +sidecars' ports to be available to your local application at +`localhost:${SIDECAR_PORT}`, exactly as they would be if running +in-cluster. Telepresence's `--to-pod ${PORT}` flag implements this +behavior, adding port-forwards for the port given. + +```console +$ telepresence intercept --port=: --to-pod= +Using Deployment +intercepted + Intercept name : + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1: + Service Port Identifier: + Intercepting : all TCP connections +``` + +If there are multiple ports that you need forwarded, simply repeat the +flag (`--to-pod= --to-pod=`). + +## Intercepting headless services + +Kubernetes supports creating [services without a ClusterIP](https://kubernetes.io/docs/concepts/services-networking/service/#headless-services), +which, when they have a pod selector, serve to provide a DNS record that will directly point to the service's backing pods. +Telepresence supports intercepting these `headless` services as it would a regular service with a ClusterIP. +So, for example, if you have the following service: + +```yaml +--- +apiVersion: v1 +kind: Service +metadata: + name: my-headless +spec: + type: ClusterIP + clusterIP: None + selector: + service: my-headless + ports: + - port: 8080 + targetPort: 8080 +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: my-headless + labels: + service: my-headless +spec: + replicas: 1 + serviceName: my-headless + selector: + matchLabels: + service: my-headless + template: + metadata: + labels: + service: my-headless + spec: + containers: + - name: my-headless + image: jmalloc/echo-server + ports: + - containerPort: 8080 + resources: {} +``` + +You can intercept it like any other: + +```console +$ telepresence intercept my-headless --port 8080 +Using StatefulSet my-headless +intercepted + Intercept name : my-headless + State : ACTIVE + Workload kind : StatefulSet + Destination : 127.0.0.1:8080 + Volume Mount Point: /var/folders/j8/kzkn41mx2wsd_ny9hrgd66fc0000gp/T/telfs-524189712 + Intercepting : all TCP connections +``` + +> [!IMPORTANT] +> This utilizes an `initContainer` that requires `NET_ADMIN` capabilities. +> If your cluster administrator has disabled them, you will be unable to use numeric ports with the agent injector. + +## Intercepting without a service + +You can intercept a workload without a service by adding an annotation that informs Telepresence what container +ports that are eligable for intercepts. Telepresence will then inject a traffic-agent when the workload is +deployed, and you will be able to intercept the given ports as if they were service ports. The annotation is: + +```yaml + annotations: + telepresence.getambassador.io/inject-container-ports: http +``` + +The annotation value is a comma separated list of port identifiers consisting of either the name or the port number of a container +port, optionally suffixed with `/TCP` or `/UDP` + +### Let's try it out! + +1. Deploy an annotation similar to this one to your cluster: + + ```yaml + apiVersion: apps/v1 + kind: Deployment + metadata: + name: echo-no-svc + labels: + app: echo-no-svc + spec: + replicas: 1 + selector: + matchLabels: + app: echo-no-svc + template: + metadata: + labels: + app: echo-no-svc + annotations: + telepresence.getambassador.io/inject-container-ports: http + spec: + automountServiceAccountToken: false + containers: + - name: echo-server + image: ghcr.io/telepresenceio/echo-server:latest + ports: + - name: http + containerPort: 8080 + env: + - name: PORT + value: "8080" + resources: + limits: + cpu: 50m + memory: 8Mi + ``` + +2. Connect telepresence: + + ```console + $ telepresence connect + Launching Telepresence User Daemon + Launching Telepresence Root Daemon + Connected to context kind-dev, namespace default (https://127.0.0.1:36767) + ``` + +3. List your intercept eligible workloads. If the annotation is correct, the deployment should show up in the list: + + ```console + $ telepresence list + echo-no-svc: ready to intercept (traffic-agent not yet installed) + ``` + +4. Start an intercept handler locally that will receive the incoming traffic. Here's an example using a simple python http service: + + ```console + $ python3 -m http.server 8080 + ``` + +5. Create an intercept: + + ```console + $ telepresence intercept echo-no-svc + Using Deployment echo-no-svc + Intercept name : echo-no-svc + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Volume Mount Point: /tmp/telfs-3306285526 + Intercepting : all TCP connections + Address : 10.244.0.13:8080 + ``` + +Note that the response contains an "Address" that you can curl to reach the intercepted pod. You will not be able to +curl the name "echo-no-svc". Since there's no service by that name, there's no DNS entry for it either. + +6. Curl the intercepted workload: + + ```console + $ curl 10.244.0.13:8080 + < output from your local service> + ``` + +> [!IMPORTANT] +> A service-less intercept utilizes an `initContainer` that requires `NET_ADMIN` capabilities. +> If your cluster administrator has disabled them, you will only be able to intercept services using symbolic target ports. + +## Specifying the intercept traffic target + +By default, it's assumed that your local app is reachable on `127.0.0.1`, and intercepted traffic will be sent to that IP +at the port given by `--port`. If you wish to change this behavior and send traffic to a different IP address, you can use the `--address` parameter +to `telepresence intercept`. Say your machine is configured to respond to HTTP requests for an intercept on `172.16.0.19:8080`. You would run this as: + +```console +$ telepresence intercept my-service --address 172.16.0.19 --port 8080 +Using Deployment echo-easy + Intercept name : echo-easy + State : ACTIVE + Workload kind : Deployment + Destination : 172.16.0.19:8080 + Service Port Identifier: proxied + Volume Mount Point : /var/folders/j8/kzkn41mx2wsd_ny9hrgd66fc0000gp/T/telfs-517018422 + Intercepting : all TCP connections +``` + +## Replacing a running workload + +By default, your application keeps running as Telepresence intercepts it, even if it doesn't receive +any traffic (or receives only a subset, as with personal intercepts). This can pose a problem for applications that are active +even when they're not receiving requests. For instance, if your application consumes from a message queue as soon as it +starts up, intercepting it won't stop the pod from consuming from the queue. + +To work around this issue, `telepresence intercept` allows you to pass in a `--replace` flag that will stop every +application container from running on your pod. When you pass in `--replace`, Telepresence will restart your application +with a dummy application container that sleeps infinitely, and instead just place a traffic agent to redirect traffic to +your local machine. The application container will be restored as soon as you leave the intercept. + +```console +$ telepresence intercept my-service --port 8080 --replace + Intercept name : my-service + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1:8080 + Service Port Identifier: proxied + Volume Mount Point : /var/folders/j8/kzkn41mx2wsd_ny9hrgd66fc0000gp/T/telfs-517018422 + Intercepting : all TCP connections +``` + +> [!NOTE] +> Sidecars will not be stopped. Only the container serving the intercepted port will be removed from the pod. diff --git a/versioned_docs/version-2.21/reference/intercepts/container.md b/versioned_docs/version-2.21/reference/intercepts/container.md new file mode 100644 index 00000000..1d99698e --- /dev/null +++ b/versioned_docs/version-2.21/reference/intercepts/container.md @@ -0,0 +1,41 @@ +--- +title: Target a specific container +--- + +# Target a specific container +An intercept ultimately targets a specific port within a container. The port is usually determined +by examining the relationship between the service's `targetPort` and the container's `containerPort`. + +In certain scenarios, the container owning the intercepted port differs from the container the intercept +targets. This container's sole purpose is to route traffic from the service to the intended container, +often using a direct localhost connection. + +## No intercept + +Consider the following scenario: + +![no-intercept](../../images/secondary-no-intercept.png) + +## Standard Intercept + +During an intercept, the Telepresence traffic-agent will redirect the `http` port to the workstation. +It will also make the environment and mounts for the **Nginx container** available, because it is +considered to be the one targeted by the intercept. + +```console +$ telepresence intercept myservice --port http +``` + +![normal-intercept](../../images/secondary-normal-intercept.png) + +## Intercept With --container + +The `--container ` intercept flag is useful when the objective is to work with the App container +locally. While this option doesn't influence the port selection, it guarantees that the environment +variables and mounts propagated to the workstation originate from the specified container. + +```console +$ telepresence intercept myservice --port http --container app +``` + +![container-intercept](../../images/secondary-container-intercept.png) diff --git a/versioned_docs/version-2.21/reference/intercepts/sidecar.md b/versioned_docs/version-2.21/reference/intercepts/sidecar.md new file mode 100644 index 00000000..a3a474eb --- /dev/null +++ b/versioned_docs/version-2.21/reference/intercepts/sidecar.md @@ -0,0 +1,72 @@ +--- +title: Traffic Agent Sidecar +--- +# Traffic Agent Sidecar + +When intercepting a service, the Telepresence Traffic Manager ensures +that a Traffic Agent has been injected into the intercepted workload. +The injection is triggered by a Kubernetes Mutating Webhook and will +only happen once. The Traffic Agent is responsible for redirecting +intercepted traffic to the developer's workstation. + +The intercept will intercept all `tcp` and/or `udp` traffic to the +intercepted service and send all of that traffic down to the developer's +workstation. This means that an intercept will affect all users of +the intercepted service. + +## Supported workloads + +Kubernetes has various +[workloads](https://kubernetes.io/docs/concepts/workloads/). +Currently, Telepresence supports installing a +Traffic Agent container on `Deployments`, `ReplicaSets`, `StatefulSets`, and `ArgoRollouts`. A Traffic Agent is +installed the first time a user makes a `telepresence ingest WORKLOAD`, `telepresence intercept WORKLOAD`, or a +`telepresence connect --proxy-via CIDR=WORKLAOD`. + +A Traffic Agent may also be installed up front by adding a `telepresence.getambassador.io/inject-traffic-agent: enabled` +annotation to the WORKLOADS pod template. + +### Sidecar injection + +The actual installation of the Traffic Agent is performed by a mutating admission webhook that calls the agent-injector +service in the Traffic Manager's namespace. + +The configuration for the sidecar, which is automatically generated, resides in the configmap `telepresence-agents`. + +### Uninstalling the Traffic Agent + +A Traffic Agent will normally remain in the workload's pods once it has been installed. It can be explicitly removed by +issuing the command `telepresence uninstall WORKLOAD`. It will also be removed if its configuration is removed +from the `telepresence-agents` configmap. + +Removing the `telepresence-agents` configmap will effectively uninstall all injected Traffic Agents from the same +namespace. + +> [!NOTE] +> Uninstalling will not work if the Traffic Agent is installed using the pod template annotation. + +### Disable Traffic Agent in a workload + +The Traffic Agent installation can be completely disabled by adding a `telepresence.getambassador.io/inject-traffic-agent: disabled` +annotation to the WORKLOADS pod template. This will prevent all attempts to do anything with the workload that will +require a Traffic Agent. + +### Disable workloads + +By default, traffic-manager will observe `Deployments`, `ReplicaSets` and `StatefulSets`. +Each workload used today adds certain overhead. If you are not intercepting a specific workload type, you can disable it to reduce that overhead. +That can be achieved by setting the Helm chart values `workloads..enabled=false` when installing the traffic-manager. +The following are the Helm chart values to disable the workload types: + +- `workloads.deployments.enabled=false` for `Deployments`, +- `workloads.replicaSets.enabled=false` for `ReplicaSets`, +- `workloads.statefulSets.enabled=false` for `StatefulSets`. + +### Enable ArgoRollouts + +In order to use `ArgoRollouts`, you must pass the Helm chart value `workloads.argoRollouts.enabled=true` when installing the traffic-manager. +It is recommended to set the pod template annotation `telepresence.getambassador.io/inject-traffic-agent: enabled` to avoid creation of unwanted +revisions. + +> [!NOTE] +> While many of our examples use Deployments, they would also work on other supported workload types. diff --git a/versioned_docs/version-2.21/reference/monitoring.md b/versioned_docs/version-2.21/reference/monitoring.md new file mode 100644 index 00000000..b91a55cf --- /dev/null +++ b/versioned_docs/version-2.21/reference/monitoring.md @@ -0,0 +1,432 @@ +--- +title: Monitoring +--- + +# Monitoring + +Telepresence offers powerful monitoring capabilities to help you keep a close eye on your telepresence activities and traffic manager metrics. + +## Prometheus Integration + +One of the key features of Telepresence is its seamless integration with Prometheus, which allows you to access real-time metrics and gain insights into your system's performance. With Prometheus, you can monitor various aspects of your traffic manager, including the number of active intercepts and users. Additionally, you can track consumption-related information, such as the number of intercepts used by your developers and how long they stayed connected. + +To enable Prometheus metrics for your traffic manager, follow these steps: + +1. **Configure Prometheus Port** + + First, you'll need to specify the Prometheus port by setting a new environment variable called `PROMETHEUS_PORT` for your traffic manager. You can do this by running the following command: + + ```shell + telepresence helm upgrade --set-string prometheus.port=9090 + ``` + +2. **Validate the Prometheus Exposure** + + After configuring the Prometheus port, you can validate its exposure by port-forwarding the port using Kubernetes: + + ```shell + kubectl port-forward deploy/traffic-manager 9090:9090 -n ambassador + ``` + +3. **Access Prometheus Dashboard** + + Once the port-forwarding is set up, you can access the Prometheus dashboard by navigating to `http://localhost:9090` in your web browser: + + Here, you will find a wealth of built-in metrics, as well as custom metrics (see below) that we have added to enhance your tracking capabilities. + + | **Name** | **Type** | **Description** | **Labels** | + |-----------------------------|----------|-------------------------------------------------------------------------------|------------------------------------------| + | `agent_count` | Gauge | Number of connected traffic agents. | | + | `client_count` | Gauge | Number of connected clients. | | + | `active_intercept_count` | Gauge | Number of active intercepts. | | + | `session_count` | Gauge | Number of sessions. | | + | `tunnel_count` | Gauge | Number of tunnels. | | + | `tunnel_ingress_bytes` | Counter | Number of bytes tunnelled from clients. | | + | `tunnel_egress_bytes` | Counter | Number of bytes tunnelled to clients. | | + | `active_http_request_count` | Gauge | Number of currently served HTTP requests. | | + | `active_grpc_request_count` | Gauge | Number of currently served gRPC requests. | | + | `connect_count` | Counter | The total number of connects by user. | `client`, `install_id` | + | `connect_active_status` | Gauge | Flag to indicate when a connect is active. 1 for active, 0 for not active. | `client`, `install_id` | + | `intercept_count` | Counter | The total number of intercepts by user. | `client`, `install_id`, `intercept_type` | + | `intercept_active_status` | Gauge | Flag to indicate when an intercept is active. 1 for active, 0 for not active. | `client`, `install_id`, `workload` | + +4. **Enable Scraping for Traffic Manager Metrics** + To ensure that these metrics are collected regularly by your Prometheus server and to maintain a historical record, it's essential to enable scraping. If you're using the default Prometheus configuration, you can achieve this by specifying specific pod annotations as follows: + + ```yaml + template: + metadata: + annotations: + prometheus.io/path: / + prometheus.io/port: "9090" + prometheus.io/scrape: "true" + ``` + + These annotations instruct Prometheus to scrape metrics from the Traffic Manager pod, allowing you to track consumption metrics and other important data over time. + +## Grafana Integration + +Grafana plays a crucial role in enhancing Telepresence's monitoring capabilities. While the step-by-step instructions for Grafana integration are not included in this documentation, you have the option to explore the integration process. By doing so, you can create visually appealing and interactive dashboards that provide deeper insights into your telepresence activities and traffic manager metrics. + +Moreover, we've developed a dedicated Grafana dashboard for your convenience. Below, you can find sample screenshots of the dashboard, and you can access the JSON model for configuration: + +**JSON Model:** + +This dashboard is designed to provide you with comprehensive monitoring and visualization tools to effectively manage your Telepresence environment. + +```json +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "panel", + "id": "barchart", + "name": "Bar chart", + "version": "" + }, + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "10.1.5" + }, + { + "type": "panel", + "id": "piechart", + "name": "Pie chart", + "version": "" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "stat", + "name": "Stat", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 0, + "y": 0 + }, + "id": 5, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "agent_count", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Number of connected traffic agents", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 6, + "y": 0 + }, + "id": 6, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "client_count", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Number of connected clients", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 12, + "y": 0 + }, + "id": 7, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "active_intercept_count", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Number of active intercepts", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 6, + "x": 18, + "y": 0 + }, + "id": 8, + "options": { + "colorMode": "value", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "10.1.5", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": false, + "expr": "session_count", + "instant": true, + "legendFormat": "__auto", + "range": false, + "refId": "A" + } + ], + "title": "Number of sessions", + "type": "stat" + } + ], + "refresh": "", + "schemaVersion": 38, + "style": "dark", + "tags": [], + "templating": { + "list": [] + }, + "time": { + "from": "now-30d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Telepresence", + "uid": "d99c884a-8f4f-43f8-bd4e-bd68e47f100d", + "version": 5, + "weekStart": "" +} +``` diff --git a/versioned_docs/version-2.21/reference/rbac.md b/versioned_docs/version-2.21/reference/rbac.md new file mode 100644 index 00000000..9612cdc0 --- /dev/null +++ b/versioned_docs/version-2.21/reference/rbac.md @@ -0,0 +1,242 @@ +--- +title: RBAC +toc_min_heading_level: 2 +toc_max_heading_level: 2 +--- + +# Telepresence RBAC +The intention of this document is to provide a template for securing and limiting the permissions of Telepresence. +This documentation covers the full extent of permissions necessary to administrate Telepresence components in a cluster. + +There are two general categories for cluster permissions with respect to Telepresence. There are RBAC settings for a User and for an Administrator described above. The User is expected to only have the minimum cluster permissions necessary to create a Telepresence [intercept](../howtos/intercepts.md), and otherwise be unable to affect Kubernetes resources. + +In addition to the above, there is also a consideration of how to manage Users and Groups in Kubernetes which is outside of the scope of the document. This document will use Service Accounts to assign Roles and Bindings. Other methods of RBAC administration and enforcement can be found on the [Kubernetes RBAC documentation](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) page. + +## Requirements + +- Kubernetes version 1.16+ +- Cluster admin privileges to apply RBAC + +## Editing your kubeconfig + +This guide also assumes that you are utilizing a kubeconfig file that is specified by the `KUBECONFIG` environment variable. This is a `yaml` file that contains the cluster's API endpoint information as well as the user data being supplied for authentication. The Service Account name used in the example below is called tp-user. This can be replaced by any value (i.e. John or Jane) as long as references to the Service Account are consistent throughout the `yaml`. After an administrator has applied the RBAC configuration, a user should create a `config.yaml` in your current directory that looks like the following:​ + +```yaml +apiVersion: v1 +kind: Config +clusters: +- name: my-cluster # Must match the cluster value in the contexts config + cluster: + ## The cluster field is highly cloud dependent. +contexts: +- name: my-context + context: + cluster: my-cluster # Must match the name field in the clusters config + user: tp-user +users: +- name: tp-user # Must match the name of the Service Account created by the cluster admin + user: + token: # See note below +``` + +The Service Account token will be obtained by the cluster administrator after they create the user's Service Account. Creating the Service Account will create an associated Secret in the same namespace with the format `-token-`. This token can be obtained by your cluster administrator by running `kubectl get secret -n ambassador -o jsonpath='{.data.token}' | base64 -d`. + +After creating `config.yaml` in your current directory, export the file's location to KUBECONFIG by running `export KUBECONFIG=$(pwd)/config.yaml`. You should then be able to switch to this context by running `kubectl config use-context my-context`. + +## Administrating Telepresence + +Telepresence administration requires permissions for creating `Namespaces`, `ServiceAccounts`, `ClusterRoles`, `ClusterRoleBindings`, `Secrets`, `Services`, `MutatingWebhookConfiguration`, and for creating the `traffic-manager` [deployment](architecture.md#traffic-manager) which is typically done by a full cluster administrator. The following permissions are needed for the installation and use of Telepresence: + +```yaml +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: telepresence-admin + namespace: default +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: telepresence-admin-role +rules: + - apiGroups: [""] + resources: ["pods", "pods/log"] + verbs: ["get", "list", "create", "delete", "watch"] + - apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "update", "create", "delete"] + - apiGroups: [""] + resources: ["pods/portforward"] + verbs: ["create"] + - apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets"] + verbs: ["get", "list", "update", "create", "delete", "watch"] + - apiGroups: ["rbac.authorization.k8s.io"] + resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"] + verbs: ["get", "list", "watch", "create", "delete"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["create"] + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch", "delete"] + resourceNames: ["telepresence-agents"] + - apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list", "watch", "create"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create", "list", "delete"] + - apiGroups: [""] + resources: ["serviceaccounts"] + verbs: ["get", "create", "delete"] + - apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "create", "delete"] + - apiGroups: [""] + resources: ["nodes"] + verbs: ["list", "get", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: telepresence-clusterrolebinding +subjects: + - name: telepresence-admin + kind: ServiceAccount + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + name: telepresence-admin-role + kind: ClusterRole +``` + +There are two ways to install the traffic-manager: Using `telepresence connect` and installing the [helm chart](../install/manager.md). + +By using `telepresence connect`, Telepresence will use your kubeconfig to create the objects mentioned above in the cluster if they don't already exist. If you want the most introspection into what is being installed, we recommend using the helm chart to install the traffic-manager. + +## Cluster-wide telepresence user access + +To allow users to make intercepts across all namespaces, but with more limited `kubectl` permissions, the following `ServiceAccount`, `ClusterRole`, and `ClusterRoleBinding` will allow full `telepresence intercept` functionality. + +> [!WARNING] +> The following RBAC configurations assume that there is already a Traffic Manager deployment set up by a Cluster Administrator. + +```yaml +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tp-user # Update value for appropriate value + namespace: ambassador # Traffic-Manager is deployed to Ambassador namespace +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: telepresence-role +rules: +# For gather-logs command +- apiGroups: [""] + resources: ["pods/log"] + verbs: ["get"] +- apiGroups: [""] + resources: ["pods"] + verbs: ["list"] +# Needed in order to maintain a list of workloads +- apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["namespaces", "services"] + verbs: ["get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: telepresence-rolebinding +subjects: +- name: tp-user + kind: ServiceAccount + namespace: ambassador +roleRef: + apiGroup: rbac.authorization.k8s.io + name: telepresence-role + kind: ClusterRole +``` + +### Traffic Manager connect permission +In addition to the cluster-wide permissions, the client will also need the following namespace scoped permissions +in the traffic-manager's namespace in order to establish the needed port-forward to the traffic-manager. +```yaml +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: traffic-manager-connect +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: ["pods/portforward"] + verbs: ["create"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: traffic-manager-connect +subjects: + - name: telepresence-test-developer + kind: ServiceAccount + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + name: traffic-manager-connect + kind: Role +``` + +## Namespace only telepresence user access + +RBAC for multi-tenant scenarios where multiple dev teams are sharing a single cluster where users are constrained to a specific namespace(s). + +> [!WARNING] +> The following RBAC configurations assume that there is already a Traffic Manager deployment set up by a Cluster Administrator. + +For each accessible namespace +```yaml +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: tp-user # Update value for appropriate user name + namespace: tp-namespace # Update value for appropriate namespace +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: telepresence-role + namespace: tp-namespace # Should be the same as metadata.namespace of above ServiceAccount +rules: +- apiGroups: [""] + resources: ["services"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["deployments", "replicasets", "statefulsets"] + verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: telepresence-role-binding + namespace: tp-namespace # Should be the same as metadata.namespace of above ServiceAccount +subjects: +- kind: ServiceAccount + name: tp-user # Should be the same as metadata.name of above ServiceAccount +roleRef: + kind: Role + name: telepresence-role + apiGroup: rbac.authorization.k8s.io +``` + +The user will also need the [Traffic Manager connect permission](#traffic-manager-connect-permission) described above. diff --git a/versioned_docs/version-2.21/reference/routing.md b/versioned_docs/version-2.21/reference/routing.md new file mode 100644 index 00000000..32dafa67 --- /dev/null +++ b/versioned_docs/version-2.21/reference/routing.md @@ -0,0 +1,57 @@ +--- +title: Connection Routing +toc_min_heading_level: 2 +toc_max_heading_level: 2 +--- + +# Connection Routing + +## DNS resolution +When requesting a connection to a host, the IP of that host must be determined. Telepresence provides DNS resolvers to help with this task. There are currently four types of resolvers but only one of them will be used on a workstation at any given time. Common for all of them is that they will propagate a selection of the host lookups to be performed in the cluster. The selection normally includes all names ending with `.cluster.local` or a currently mapped namespace but more entries can be added to the list using the `includeSuffixes` or `mappings` option in the +[cluster DNS configuration](config.md#dns) + +### Cluster side DNS lookups +The cluster side host lookup will be performed by a traffic-agent in the connected namespace, or by the traffic-manager if no such agent exists. + +### macOS resolver +This resolver hooks into the macOS DNS system by creating files under `/etc/resolver`. Those files correspond to some domain and contain the port number of the Telepresence resolver. Telepresence creates one such file for each of the currently mapped namespaces and `include-suffixes` option. The file `telepresence.local` contains a search path that is configured based on current intercepts so that single label names can be resolved correctly. + +### Linux systemd-resolved resolver +This resolver registers itself as part of telepresence's [VIF](tun-device.md) using `systemd-resolved` and uses the DBus API to configure domains and routes that corresponds to the current set of intercepts and namespaces. + +### Linux overriding resolver +Linux systems that aren't configured with `systemd-resolved` will use this resolver. A Typical case is when running Telepresence [inside a docker container](inside-container.md). During initialization, the resolver will first establish a _fallback_ connection to the IP passed as `--dns`, the one configured as `local-ip` in the [local DNS configuration](config.md#dns), or the primary `nameserver` registered in `/etc/resolv.conf`. It will then use iptables to actually override that IP so that requests to it instead end up in the overriding resolver, which unless it succeeds on its own, will use the _fallback_. + +### Windows resolver +This resolver uses the DNS resolution capabilities of the [win-tun](https://www.wintun.net/) device in conjunction with [Win32_NetworkAdapterConfiguration SetDNSDomain](https://docs.microsoft.com/en-us/powershell/scripting/samples/performing-networking-tasks?view=powershell-7.2#assigning-the-dns-domain-for-a-network-adapter). + +### DNS caching +The Telepresence DNS resolver often changes its configuration. Telepresence will not flush the host's DNS caches. Instead, all records will have a short Time To Live (TTL) so that such caches evict the entries quickly. This causes increased load on the Telepresence resolver (shorter TTL means more frequent queries) and to cater for that, telepresence now has an internal cache to minimize the number of DNS queries that it sends to the cluster. This cache is flushed as needed without causing instabilities. + +## Routing + +### Subnets +The Telepresence `traffic-manager` service is responsible for discovering the cluster's service subnet and all subnets used by the pods. In order to do this, it needs permission to create a dummy service[^1] in its own namespace, and the ability to list, get, and watch nodes and pods. Most clusters will expose the pod subnets as `podCIDR` in the `Node` while others, like Amazon EKS, don't. Telepresence will then fall back to deriving the subnets from the IPs of all pods. If you'd like to choose a specific method for discovering subnets, or want to provide the list yourself, you can use the `podCIDRStrategy` configuration value in the [helm](../install/manager.md) chart to do that. + +The complete set of subnets that the [VIF](tun-device.md) will be configured with is dynamic and may change during a connection's life cycle as new nodes arrive or disappear from the cluster. The set consists of what that the traffic-manager finds in the cluster, and the subnets configured using the [also-proxy](config.md#alsoproxysubnets) configuration option. Telepresence will remove subnets that are equal to, or completely covered by, other subnets. + +### Connection origin +A request to connect to an IP-address that belongs to one of the subnets of the [VIF](tun-device.md) will cause a connection request to be made in the cluster. As with host name lookups, the request will originate from a traffic-agent in the connected namespace, of by the traffic-manager when no agent is present. + +There are multiple reasons for doing this. One is that it is important that the request originates from the correct namespace. Example: + +```bash +curl some-host +``` +results in a http request with header `Host: some-host`. Now, if a service-mesh like Istio performs header based routing, then it will fail to find that host unless the request originates from the same namespace as the host resides in. Another reason is that the configuration of a service mesh can contain very strict rules. If the request then originates from the wrong pod, it will be denied. Only one intercept at a time can be used if there is a need to ensure that the chosen pod is exactly right. + +## Recursion detection +It is common that clusters used in development, such as Minikube, Minishift or k3s, run on the same host as the Telepresence client, often in a Docker container. Such clusters may have access to host network, which means that both DNS and L4 routing may be subjected to recursion. + +### DNS recursion +When a local cluster's DNS-resolver fails to resolve a hostname, it may fall back to querying the local host network. This means that the Telepresence resolver will be asked to resolve a query that was issued from the cluster. Telepresence must check if such a query is recursive because there is a chance that it actually originated from the Telepresence DNS resolver and was dispatched to the `traffic-manager`, or a `traffic-agent`. + +Telepresence handles this by sending one initial DNS-query to resolve the hostname "tel2-recursion-check.kube-system". If the cluster runs locally, and has access to the local host's network, then that query will recurse back into the Telepresence resolver. Telepresence remembers this and alters its own behavior so that queries that are believed to be recursions are detected and respond with an NXNAME record. Telepresence performs this solution to the best of its ability, but may not be completely accurate in all situations. There's a chance that the DNS-resolver will yield a false negative for the second query if the same hostname is queried more than once in rapid succession, that is when the second query is made before the first query has received a response from the cluster. + +##### Footnotes: +[^1]: The error message from an attempt to create a service in a bad subnet contains the service subnet. The trick of creating a dummy service is currently the only way to get Kubernetes to expose that subnet. diff --git a/versioned_docs/version-2.21/reference/tun-device.md b/versioned_docs/version-2.21/reference/tun-device.md new file mode 100644 index 00000000..b4755442 --- /dev/null +++ b/versioned_docs/version-2.21/reference/tun-device.md @@ -0,0 +1,32 @@ +--- +title: Networking through Virtual Network Interface +hide_table_of_contents: true +--- + +# Networking through Virtual Network Interface + +The Telepresence daemon process creates a Virtual Network Interface (VIF) when Telepresence connects to the cluster. The VIF ensures that the cluster's subnets are available to the workstation. It also intercepts DNS requests and forwards them to the traffic-manager which in turn forwards them to intercepted agents, if any, or performs a host lookup by itself. + +### TUN-Device +The VIF is a TUN-device, which means that it communicates with the workstation in terms of L3 IP-packets. The router will recognize UDP and TCP packets and tunnel their payload to the traffic-manager via its encrypted gRPC API. The traffic-manager will then establish corresponding connections in the cluster. All protocol negotiation takes place in the client because the VIF takes care of the L3 to L4 translation (i.e. the tunnel is L4, not L3). + +## Gains when using the VIF + +### Both TCP and UDP +The TUN-device is capable of routing both TCP and UDP traffic. + +### No SSH required + +The VIF approach is somewhat similar to using `sshuttle` but without +any requirements for extra software, configuration or connections. +Using the VIF means that only one single connection needs to be +forwarded through the Kubernetes apiserver (à la `kubectl +port-forward`), using only one single port. There is no need for +`ssh` in the client nor for `sshd` in the traffic-manager. This also +means that the traffic-manager container can run as the default user. + +#### sshfs without ssh encryption +When a POD is intercepted, and its volumes are mounted on the local machine, this mount is performed by [sshfs](https://github.com/libfuse/sshfs). Telepresence will run `sshfs -o slave` which means that instead of using `ssh` to establish an encrypted communication to an `sshd`, which in turn terminates the encryption and forwards to `sftp`, the `sshfs` will talk `sftp` directly on its `stdin/stdout` pair. Telepresence tunnels that directly to an `sftp` in the agent using its already encrypted gRPC API. As a result, no `sshd` is needed in client nor in the traffic-agent, and the traffic-agent container can run as the default user. + +### No Firewall rules +With the VIF in place, there's no longer any need to tamper with firewalls in order to establish IP routes. The VIF makes the cluster subnets available during connect, and the kernel will perform the routing automatically. When the session ends, the kernel is also responsible for cleaning up. diff --git a/versioned_docs/version-2.21/reference/volume.md b/versioned_docs/version-2.21/reference/volume.md new file mode 100644 index 00000000..4d592f7a --- /dev/null +++ b/versioned_docs/version-2.21/reference/volume.md @@ -0,0 +1,43 @@ +--- +title: Volume mounts +hide_table_of_contents: true +--- +# Volume mounts + +Volume mounts are achieved using a Docker Volume plug-in and Docker volume mounts when connecting using `--docker` and using `--docker-run`. This page +describes how mounts are achieved when running directly on the host. + +Telepresence supports locally mounting of volumes that are mounted to your Pods. You can specify a command to run when starting the intercept, this could be a subshell or local server such as Python or Node. + +``` +telepresence intercept --port --mount=/tmp/ -- /bin/bash +``` + +In this case, Telepresence creates the intercept, mounts the Pod's volumes to locally to `/tmp`, and starts a Bash subshell. + +Telepresence can set a random mount point for you by using `--mount=true` instead, you can then find the mount point in the output of `telepresence list` or using the `$TELEPRESENCE_ROOT` variable. + +``` +$ telepresence intercept --port --mount=true -- /bin/bash +Using Deployment +intercepted + Intercept name : + State : ACTIVE + Workload kind : Deployment + Destination : 127.0.0.1: + Volume Mount Point: /var/folders/cp/2r22shfd50d9ymgrw14fd23r0000gp/T/telfs-988349784 + Intercepting : all TCP connections + +bash-3.2$ echo $TELEPRESENCE_ROOT +/var/folders/cp/2r22shfd50d9ymgrw14fd23r0000gp/T/telfs-988349784 +``` + +> [!NOTE] +> `--mount=true` is the default if a mount option is not specified, use `--mount=false` to disable mounting volumes. + +With either method, the code you run locally either from the subshell or from the intercept command will need to be prepended with the `$TELEPRESENCE_ROOT` environment variable to utilize the mounted volumes. + +For example, Kubernetes mounts secrets to `/var/run/secrets/kubernetes.io` (even if no `mountPoint` for it exists in the Pod spec). Once mounted, to access these you would need to change your code to use `$TELEPRESENCE_ROOT/var/run/secrets/kubernetes.io`. + +> [!NOTE] +> If using `--mount=true` without a command, you can use either [environment variable](environment.md) flag to retrieve the variable. diff --git a/versioned_docs/version-2.21/reference/vpn.md b/versioned_docs/version-2.21/reference/vpn.md new file mode 100644 index 00000000..ccb9f7e3 --- /dev/null +++ b/versioned_docs/version-2.21/reference/vpn.md @@ -0,0 +1,219 @@ +--- +title: Telepresence and VPNs +--- + +# Telepresence and VPNs + +Telepresence creates a virtual network interface (VIF) when it connects. This VIF is configured to route the cluster's +service and pod subnets so that the user can access resources in the cluster. It's not uncommon that the workstation +where Telepresence runs already has network interfaces that route subnets that will overlap. Such +conflicts must be resolved deterministically. + +Unless configured otherwise, Telepresence will resolve subnet conflicts by moving the cluster's subnet out of the way +using network address translation. For a majority of use-cases, this will be enough, but there are some +[caveats](#caveats-when-using-vnat) to be aware of. + +For more info, see the section on how to [avoid the conflict](#avoiding-the-conflict) below. + +## VPN Configuration + +Let's begin by reviewing what a VPN does and imagining a sample configuration that might come +to conflict with Telepresence. +Usually, a VPN client adds two kinds of routes to your machine when you connect. +The first serves to override your default route; in other words, it makes sure that packets +you send out to the public internet go through the private tunnel instead of your +ethernet or wifi adapter. We'll call this a `public VPN route`. +The second kind of route is a `private VPN route`. These are the routes that allow your +machine to access hosts inside the VPN that are not accessible to the public internet. +Generally speaking, this is a more circumscribed route that will connect your machine +only to reachable hosts on the private network, such as your Kubernetes API server. + +This diagram represents what happens when you connect to a VPN, supposing that your +private network spans the CIDR range: `10.0.0.0/8`. + +![VPN routing](../images/vpn-routing.jpg) + +## Kubernetes configuration + +One of the things a Kubernetes cluster does for you is assign IP addresses to pods and services. +This is one of the key elements of Kubernetes networking, as it allows applications on the cluster +to reach each other. When Telepresence connects you to the cluster, it will try to connect you +to the IP addresses that your cluster assigns to services and pods. +Cluster administrators can configure, on cluster creation, the CIDR ranges that the Kubernetes +cluster will place resources in. Let's imagine your cluster is configured to place services in +`10.130.0.0/16` and pods in `10.132.0.0/16`: + +![VPN Kubernetes config](../images/vpn-k8s-config.jpg) + +# Telepresence conflicts + +When you run `telepresence connect` to connect to a cluster, it talks to the API server +to figure out what pod and service CIDRs it needs to map in your machine. If it detects +that these CIDR ranges are already mapped by a VPN's `private route`, it will produce an +error and inform you of the conflicting subnets: + +```console +$ telepresence connect +telepresence connect: error: connector.Connect: failed to connect to root daemon: rpc error: code = Unknown desc = subnet 10.43.0.0/16 overlaps with existing route "10.0.0.0/8 via 10.0.0.0 dev utun4, gw 10.0.0.1" +``` + +Telepresence offers three different ways to resolve this: + +- [Avoid the conflict](#avoiding-the-conflict) using the `--proxy-via` connect flag +- [Allow the conflict](#allowing-the-conflict) in a controlled manner +- [Use docker](#using-docker) to make telepresence run in a container with its own network config + + +## Avoiding the conflict + +Telepresence can perform Virtual Network Address Translation (henceforth referred to as VNAT) of the cluster's subnets +when routing them from the workstation, thus moving those subnets so that conflicts are avoided. Unless configured not +to, Telepresence will use VNAT by default when it detects conflicts. + +VNAT is enabled by passing a `--vnat` flag (introduced in Telepresence 2.21) to`teleprence connect`. When using this +flag, Telepresence will take the following actions: + +- The local DNS-server will translate any IP contained in a VNAT subnet to a virtual IP. +- All access to a virtual IP will be translated back to its original when routed to the cluster. +- The container environment retrieved when using `ingest` or `intercept` will be mangled, so that all IPs contained + in VNAT subnets are replaced with corresponding virtual IPs. + +The `--vnat` flag can be repeated to make Telepresence translate more than one subnet. + +```console +$ telepresence connect --vnat CIDR +``` +The CIDR can also be a symbolic name that identifies a well-known subnet or list of subnets: + +| Symbol | Meaning | +|-----------|-------------------------------------| +| `also` | All subnets added with --also-proxy | +| `service` | The cluster's service subnet | +| `pods` | The cluster's pod subnets. | +| `all` | All of the above. | + + +### Virtual Subnet Configuration + +Telepresence will use a special subnet when it generates the virtual IPs that are used locally. On a Linux or macOS +workstation, this subnet will be a class E subnet (not normally used for any other purposes). On Windows, the class E is +not routed, and Telepresence will instead default to `211.55.48.0/20`. + +The default subnet used can be overridden in the client configuration. + +In `config.yml` on the workstation: +```yaml +routing: + virtualSubnet: 100.10.20.0/24 +``` + +Or as a Helm chart value to be applied on all clients: +```yaml +client: + routing: + virtualSubnet: 100.10.20.0/24 +``` + +#### Example + +Let's assume that we have a conflict between the cluster's subnets, all covered by the CIDR `10.124.0.0/9` and a VPN +using `10.0.0.0/9`. We avoid the conflict using: + +```console +$ telepresence connect --vnat all +``` + +The cluster's subnets are now hidden behind a virtual subnet, and the resulting configuration will look like this: + +![VPN Telepresence](../images/vpn-vnat.jpg) + +### Proxying via a specific workload + +Telepresence is capable of routing all traffic to a VNAT to a specific workload. This is particularly useful when the +cluster's DNS is configured with domains that resolve to loop-back addresses. This is sometimes the case when the +cluster uses a mesh configured to listen to a loopback address and then reroute from there. + +The `--proxy-via` flag (introduced in Telepresenc 2.19) is similar to `--vnat`, but the argument must be in the form +CIDR=WORKLOAD. When using this flag, all traffic to the given CIDR will be routed via the given workstation. + +The WORKLOAD is the deployment, replicaset, statefulset, or argo-rollout in the cluster whose traffic-agent will be used +for targeting the routed subnets. + +#### Example + +Let's assume that we have a conflict between the cluster's subnets, all covered by the CIDR `10.124.0.0/9` and a VPN +using `10.0.0.0/9`. We avoid the conflict using: + +```console +$ telepresence connect --proxy-via all=echo +``` + +The cluster's subnets are now hidden behind a virtual subnet, and all traffic is routed to the echo workload. + +### Caveats when using VNAT + +Telepresence may not accurately detect cluster-side IP addresses being used by services running locally on a workstation +in certain scenarios. This limitation arises when local services obtain IP addresses from remote sources such as +databases or configmaps, or when IP addresses are sent to it in API calls. + +### Disabling default VNAT + +The default behavior of using VNAT to resolve conflicts can be disabled by adding the following to the client config. + +In `config.yml` on the workstation: +```yaml +routing: + autoResolveConflicts: false +``` + +Or as a Helm chart value to be applied on all clients: +```yaml +client: + routing: + autoResolveConflicts: false +``` + +Explicitly allowing all conflicts will also effectively prevent the default VNAT behavior. + +## Allowing the conflict + +A conflict can be resolved by carefully considering what your network layout looks like, and then allow Telepresence to +override the conflicting subnets. Telepresence is refusing to map them, because mapping them could render certain hosts +that are inside the VPN completely unreachable. However, you (or your network admin) know better than anyone how hosts +are spread out inside your VPN. + +Even if the private route routes ALL of `10.0.0.0/8`, it's possible that hosts are only being spun up in one of the +sub-blocks of the `/8` space. Let's say, for example, that you happen to know that all your hosts in the VPN are bunched +up in the first half of the space -- `10.0.0.0/9` (and that you know that any new hosts will only be assigned IP +addresses from the `/9` block). In this case you can configure Telepresence to override the other half of this CIDR +block, which is where the services and pods happen to be. + +To do this, all you have to do is configure the `client.routing.allowConflictingSubnets` flag in the Telepresence helm +chart. You can do this directly via `telepresence helm upgrade`: + +In `config.yml` on the workstation: +```yaml +routing: + allowConflictingSubnets: 10.128.0.0/9 +``` + +Or as a Helm chart configuration value to be applied on all clients: +```yaml +client: + routing: + allowConflictingSubnets: 10.128.0.0/9 +``` + +Or pass the Helm chart configuration using the `--set` flag +```console +$ telepresence helm upgrade --set client.routing.allowConflictingSubnets="{10.128.0.0/9}" +``` + +The end result of this (assuming an allowlist of `/9`) will be a configuration like this: + +![VPN Telepresence](../images/vpn-with-tele.jpg) + +### Using docker + +Use `telepresence connect --docker` to make the Telepresence daemon containerized, which means that it has its own +network configuration and therefore no conflict with a VPN. Read more about docker [here](docker-run.md). diff --git a/versioned_docs/version-2.21/release-notes.md b/versioned_docs/version-2.21/release-notes.md new file mode 100644 index 00000000..1fad42c7 --- /dev/null +++ b/versioned_docs/version-2.21/release-notes.md @@ -0,0 +1,927 @@ + +[comment]: # (Code generated by relnotesgen. DO NOT EDIT.) +# Telepresence Release Notes +## Version 2.21.0 +##
feature
[Automatic subnet conflict avoidance](https://telepresence.io/docs/reference/vpn)
+
+ +-> Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. +
+ +##
feature
[Virtual Address Translation (VNAT).](https://telepresence.io/docs/reference/vpn)
+
+ +-> It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. +
+ +##
feature
[Intercepts targeting a specific container](https://telepresence.io/docs/reference/intercepts/container)
+
+ +-> In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. +This update introduces a `--container ` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced. +
+ +##
feature
New telepresence ingest command
+
+ +The new `telepresence ingest` command, similar to `telepresence intercept`, provides local access to the volume mounts and environment variables of a targeted container. However, unlike `telepresence intercept`, `telepresence ingest` does not redirect traffic to the container and ensures that the mounted volumes are read-only. +An ingest requires a traffic-agent to be installed in the pods of the targeted workload. Beyond that, it's a client-side operation. This allows developers to have multiple simultaneous ingests on the same container. +
+ +##
feature
New telepresence curl command
+
+ +The new `telepresence curl` command runs curl from within a container. The command requires that a connection has been established using `telepresence connect --docker`, and the container that runs `curl` will share the same network as the containerized telepresence daemon. +
+ +##
feature
New telepresence docker-run command
+
+ +The new `telepresence docker-run ` requires that a connection has been established using `telepresence connect --docker` It will perform a `docker run ` and add the flag necessary to ensure that started container shares the same network as the containerized telepresence daemon. +
+ +##
feature
Mount everything read-only during intercept
+
+ +It is now possible to append ":ro" to the intercept `--mount` flag value. This ensures that all remote volumes that the intercept mounts are read-only. +
+ +##
feature
[Unify client configuration](https://telepresence.io/docs/reference/config)
+
+ +Previously, client configuration was divided between the config.yml file and a Kubernetes extension. DNS and routing settings were initially found only in the extension. However, the Helm client structure allowed entries from both. +To simplify this, we've now aligned the config.yml and Kubernetes extension with the Helm client structure. This means DNS and routing settings are now included in both. The Kubernetes extension takes precedence over the config.yml and Helm client object. +While the old-style Kubernetes extension is still supported for compatibility, it cannot be used with the new style. +
+ +##
feature
Use WebSockets for port-forward instead of the now deprecated SPDY.
+
+ +Telepresence will now use WebSockets instead of SPDY when creating port-forwards to the Kubernetes Cluster, and will fall back to SPDY when connecting to clusters that don't support SPDY. Use of the deprecated SPDY can be forced by setting `cluster.forceSPDY=true` in the `config.yml`. +See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2024/08/20/websockets-transition/) for more information about this transition. +
+ +##
feature
Make usage data collection configurable using an extension point, and default to no-ops
+
+ +The OSS code-base will no longer report usage data to the proprietary collector at Ambassador Labs. The actual calls to the collector remain, but will be no-ops unless a proper collector client is installed using an extension point. +
+ +##
feature
Add deployments, statefulSets, replicaSets to workloads Helm chart value
+
+ +The Helm chart value `workloads` now supports the kinds `deployments.enabled`, `statefulSets.enabled`, `replicaSets.enabled`. and `rollouts.enabled`. All except `rollouts` are enabled by default. The traffic-manager will ignore workloads, and Telepresence will not be able to intercept them, if the `enabled` of the corresponding kind is set to `false`. +
+ +##
feature
Improved command auto-completion
+
+ +The auto-completion of namespaces, services, and containers have been added where appropriate, and the default file auto completion has been removed from most commands. +
+ +##
Docker run flags --publish, --expose, and --network now work with docker mode connections
+
+ +After establishing a connection to a cluster using `telepresence connect --docker`, you can run new containers that share the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development environment and the remote services. +Normally, Docker has a limitation that prevents combining a shared network configuration with custom networks and exposing ports. However, Telepresence now elegantly circumvents this limitation so that a container started with `telepresence docker-run`, `telepresence intercept --docker-run`, or `telepresence ingest --docker-run` can use flags like `--network`, `--publish`, or `--expose`. +To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mapping, ensuring that the desired ports are exposed to the local environment. +
+ +##
feature
[Prevent recursion in the Telepresence Virtual Network Interface (VIF)](https://telepresence.io/docs/howtos/cluster-in-vm)
+
+ +Network problems may arise when running Kubernetes locally (e.g., Docker Desktop, Kind, Minikube, k3s), because the VIF on the host is also accessible from the cluster's nodes. A request that isn't handled by a cluster resource might be routed back into the VIF and cause a recursion. +These recursions can now be prevented by setting the client configuration property `routing.recursionBlockDuration` so that new connection attempts are temporarily blocked for a specific IP:PORT pair immediately after an initial attempt, thereby effectively ending the recursion. +
+ +##
feature
Allow Helm chart to be included as a sub-chart
+
+ +The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. +
+ +##
change
During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080.
+
+ +Telepresence mimics the environment of a target container during an intercept, so it's only natural that the default for the local port is determined by the targeted container port rather than just defaulting to 8080. +A default can still be explicitly defined using the `config.intercept.defaultPort` setting. +
+ +##
bugfix
Prevent that traffic-manager injects a traffic-agent into itself.
+
+ +The traffic-manager can never be a subject for an intercept, ingest, or proxy-via, because that means that it injects the traffic-agent into itself, and it is not designed to do that. A user attempting this will now see a meaningful error message. +
+ +##
bugfix
Don't include pods in the kube-system namespace when computing pod-subnets from pod IPs
+
+ +A user would normally never access pods in the `kube-system` namespace directly, and automatically including pods included there when computing the subnets will often lead to problems when running the cluster locally. This namespace is therefore now excluded in situations when the pod subnets are computed from the IPs of pods. Services in this namespace will still be available through the service subnet. +If a user should require the pod-subnet to be mapped, it can be added to the `client.routing.alsoProxy` list in the helm chart. +
+ +## Version 2.20.3 (November 18) +##
bugfix
[Ensure that Telepresence works with GitHub Codespaces](https://github.com/telepresenceio/telepresence/issues/3722)
+
+ +GitHub Codespaces runs in a container, but not as root. Telepresence didn't handle this situation correctly and only started the user daemon. The root daemon was never started. +
+ +##
bugfix
[Mounts not working correctly when connected with --proxy-via](https://github.com/telepresenceio/telepresence/issues/3715)
+
+ +A mount would try to connect to the sftp/ftp server using the original (cluster side) IP although that IP was translated into a virtual IP when using `--proxy-via`. +
+ +## Version 2.20.2 (October 21) +##
bugfix
Crash in traffic-manager configured with agentInjector.enabled=false
+
+ +A traffic-manager that was installed with the Helm value `agentInjector.enabled=false` crashed when a client used the commands `telepresence version` or `telepresence status`. Those commands would call a method on the traffic-manager that panicked if no traffic-agent was present. This method will now instead return the standard `Unavailable` error code, which is expected by the caller. +
+ +## Version 2.20.1 (October 10) +##
bugfix
Some workloads missing in the telepresence list output (typically replicasets owned by rollouts).
+
+ +Version 2.20.0 introduced a regression in the `telepresence list` command, resulting in the omission of all workloads that were owned by another workload. The correct behavior is to just omit those workloads that are owned by the supported workload kinds `Deployment`, `ReplicaSet`, `StatefulSet`, and `Rollout`. Furthermore, the `Rollout` kind must only be considered supported when the Argo Rollouts feature is enabled in the traffic-manager. +
+ +##
bugfix
Allow comma separated list of daemons for the gather-logs command.
+
+ +The name of the `telepresence gather-logs` flag `--daemons` suggests that the argument can contain more than one daemon, but prior to this fix, it couldn't. It is now possible to use a comma separated list, e.g. `telepresence gather-logs --daemons root,user`. +
+ +## Version 2.20.0 (October 3) +##
feature
Add timestamp to telepresence_logs.zip filename.
+
+ +Telepresence is now capable of easily find telepresence gather-logs by certain timestamp. +
+ +##
feature
[Enable intercepts of workloads that have no service.](https://telepresence.io/docs/reference/intercepts/cli#intercepting-without-a-service)
+
+ +Telepresence is now capable of intercepting workloads that have no associated service. The intercept will then target container port instead of a service port. The new behavior is enabled by adding a telepresence.getambassador.io/inject-container-ports annotation where the value is a comma separated list of port identifiers consisting of either the name or the port number of a container port, optionally suffixed with `/TCP` or `/UDP`. +
+ +##
feature
[Publish the OSS version of the telepresence Helm chart](https://artifacthub.io/packages/helm/telepresence-oss/telepresence-oss)
+
+ +The OSS version of the telepresence helm chart is now available at ghcr.io/telepresenceio/telepresence-oss, and can be installed using the command:
helm install traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss --namespace ambassador --version 2.20.0 The chart documentation is published at ArtifactHUB. +
+ +##
feature
[Control the syntax of the environment file created with the intercept flag --env-file](https://telepresence.io/docs/reference/environment)
+
+ +A new --env-syntax <syntax> was introduced to allow control over the syntax of the file created when using the intercept flag --env-file <file>. Valid syntaxes are "docker", "compose", "sh", "csh", "cmd", and "ps"; where "sh", "csh", and "ps" can be suffixed with ":export". +
+ +##
feature
Add support for Argo Rollout workloads.
+
+ +Telepresence now has an opt-in support for Argo Rollout workloads. The behavior is controlled by `workloads.argoRollouts.enabled` Helm chart value. It is recommended to set the following annotation telepresence.getambassador.io/inject-traffic-agent: enabled to avoid creation of unwanted revisions. +
+ +##
bugfix
Enable intercepts of containers that bind to podIP
+
+ +In previous versions, the traffic-agent would route traffic to localhost during periods when an intercept wasn't active. This made it impossible for an application to bind to the pod's IP, and it also meant that service meshes binding to the podIP would get bypassed, both during and after an intercept had been made. This is now changed, so that the traffic-agent instead forwards non intercepted requests to the pod's IP, thereby enabling the application to either bind to localhost or to that IP. +
+ +##
change
Use ghcr.io/telepresenceio instead of docker.io/datawire for OSS images and the telemount Docker volume plugin.
+
+ +All OSS telepresence images and the telemount Docker plugin are now published at the public registry ghcr.io/telepresenceio and all references from the client and traffic-manager has been updated to use this registry instead of the one at docker.io/datawire. +
+ +##
change
Use nftables instead of iptables-legacy
+
+ +Some time ago, we introduced iptables-legacy because users had problems using Telepresence with Fly.io where nftables wasn't supported by the kernel. Fly.io has since fixed this, so Telepresence will now use nftables again. This in turn, ensures that modern systems that lack support iptables-legacy will work. +
+ +##
bugfix
Root daemon wouldn't start when sudo timeout was zero.
+
+ +The root daemon refused to start when sudo was configured with a timestamp_timeout=0. This was due to logic that first requested root privileges using a sudo call, and then relied on that these privileges were cached, so that a subsequent call using --non-interactive was guaranteed to succeed. This logic will now instead do one single sudo call, and rely solely on sudo to print an informative prompt and start the daemon in the background. +
+ +##
bugfix
Detect minikube network when connecting with --docker
+
+ +A telepresence connect --docker failed when attempting to connect to a minikube that uses a docker driver because the containerized daemon did not have access to the minikube docker network. Telepresence will now detect an attempt to connect to that network and attach it to the daemon container as needed. +
+ +## Version 2.19.1 (July 12) +##
feature
[Add brew support for the OSS version of Telepresence.](https://github.com/telepresenceio/telepresence/issues/3609)
+
+ +The Open-Source Software version of Telepresence can now be installed using the brew formula via brew install telepresenceio/telepresence/telepresence-oss. +
+ +##
feature
Add --create-namespace flag to the telepresence helm install command.
+
+ +A --create-namespace (default true) flag was added to the telepresence helm install command. No attempt will be made to create a namespace for the traffic-manager if it is explicitly set to false. The command will then fail if the namespace is missing. +
+ +##
feature
Introduce DNS fallback on Windows.
+
+ +A network.defaultDNSWithFallback config option has been introduced on Windows. It will cause the DNS-resolver to fall back to the resolver that was first in the list prior to when Telepresence establishes a connection. The option is default true since it is believed to give the best experience but can be set to false to restore the old behavior. +
+ +##
feature
[Brew now supports MacOS (amd64/arm64) / Linux (amd64)](https://github.com/datawire/homebrew-blackbird/issues/19)
+
+ +The brew formula can now dynamically support MacOS (amd64/arm64) / Linux (amd64) in a single formula +
+ +##
feature
Add ability to provide an externally-provisioned webhook secret
+
+ +Added supplied as a new option for agentInjector.certificate.method. This fully disables the generation of the Mutating Webhook's secret, allowing the chart to use the values of a pre-existing secret named agentInjector.secret.name. Previously, the install would fail when it attempted to create or update the externally-managed secret. +
+ +##
feature
Let PTR query for DNS server return the cluster domain.
+
+ +The nslookup program on Windows uses a PTR query to retrieve its displayed "Server" property. This Telepresence DNS resolver will now return the cluster domain on such a query. +
+ +##
feature
Add scheduler name to PODs templates.
+
+ +A new Helm chart value schedulerName has been added. With this feature, we are able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources, including the Traffic Manager and hooks pods. +
+ +##
bugfix
Race in traffic-agent injector when using inject annotation
+
+ +Applying multiple deployments that used the telepresence.getambassador.io/inject-traffic-agent: enabled would cause a race condition, resulting in a large number of created pods that eventually had to be deleted, or sometimes in pods that didn't contain a traffic agent. +
+ +##
bugfix
Fix configuring custom agent security context
+
+ +-> The traffic-manager helm chart will now correctly use a custom agent security context if one is provided. +
+ +## Version 2.19.0 (June 15) +##
feature
Warn when an Open Source Client connects to an Enterprise Traffic Manager.
+
+ +The difference between the OSS and the Enterprise offering is not well understood, and OSS users often install a traffic-manager using the Helm chart published at getambassador.io. This Helm chart installs an enterprise traffic-manager, which is probably not what the user would expect. Telepresence will now warn when an OSS client connects to an enterprise traffic-manager and suggest switching to an enterprise client, or use telepresence helm install to install an OSS traffic-manager. +
+ +##
feature
Add scheduler name to PODs templates.
+
+ +A new Helm chart value schedulerName has been added. With this feature, we are able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources, including the Traffic Manager and hooks pods. +
+ +##
bugfix
Improve traffic-manager performance in very large clusters.
+
+ +-> The traffic-manager will now use a shared-informer when keeping track of deployments. This will significantly reduce the load on the Kublet in large clusters and therefore lessen the risk for the traffic-manager being throttled, which can lead to other problems. +
+ +##
bugfix
Kubeconfig exec authentication failure when connecting with --docker from a WSL linux host
+
+ +Clusters like Amazon EKS often use a special authentication binary that is declared in the kubeconfig using an exec authentication strategy. This binary is normally not available inside a container. Consequently, a modified kubeconfig is used when telepresence connect --docker executes, appointing a kubeauth binary which instead retrieves the authentication from a port on the Docker host that communicates with another process outside of Docker. This process then executes the original exec command to retrieve the necessary credentials. +This setup was problematic when using WSL, because even though telepresence connect --docker was executed on a Linux host, the Docker host available from host.docker.internal that the kubeauth connected to was the Windows host running Docker Desktop. The fix for this was to use the local IP of the default route instead of host.docker.internal when running under WSL.. +
+ +##
bugfix
Fix bug in workload cache, causing endless recursion when a workload uses the same name as its owner.
+
+ +The workload cache was keyed by name and namespace, but not by kind, so a workload named the same as its owner workload would be found using the same key. This led to the workload finding itself when looking up its owner, which in turn resulted in an endless recursion when searching for the topmost owner. +
+ +##
bugfix
FailedScheduling events mentioning node availability considered fatal when waiting for agent to arrive.
+
+ +The traffic-manager considers some events as fatal when waiting for a traffic-agent to arrive after an injection has been initiated. This logic would trigger on events like "Warning FailedScheduling 0/63 nodes are available" although those events indicate a recoverable condition and kill the wait. This is now fixed so that the events are logged but the wait continues. +
+ +##
bugfix
Improve how the traffic-manager resolves DNS when no agent is installed.
+
+ +The traffic-manager is typically installed into a namespace different from the one that clients are connected to. It's therefore important that the traffic-manager adds the client's namespace when resolving single label names in situations where there are any agents to dispatch the DNS query to. +
+ +##
change
Removal of ability import legacy artifact into Helm.
+
+ +A helm install would make attempts to find manually installed artifacts and make them managed by Helm by adding the necessary labels and annotations. This was important when the Helm chart was first introduced but is far less so today, and this legacy import was therefore removed. +
+ +##
bugfix
[Docker aliases deprecation caused failure to detect Kind cluster.](https://docs.docker.com/engine/deprecated/#container-short-id-in-network-aliases-field)
+
+ +The logic for detecting if a cluster is a local Kind cluster, and therefore needs some special attention when using telepresence connect --docker, relied on the presence of Aliases in the Docker network that a Kind cluster sets up. In Docker versions from 26 and up, this value is no longer used, but the corresponding info can instead be found in the new DNSNames field. +
+ +##
bugfix
[Include svc as a top-level domain in the DNS resolver.](https://github.com/telepresenceio/telepresence/issues/2814)
+
+ +It's not uncommon that use-cases involving Kafka or other middleware use FQNs that end with "svc". The core-DNS resolver in Kubernetes can resolve such names. With this bugfix, the Telepresence DNS resolver will also be able to resolve them, and thereby remove the need to add ".svc" to the include-suffix list. +
+ +##
feature
Add ability to enable/disable the mutating webhook.
+
+ +A new Helm chart boolean value agentInjector.enable has been added that controls the agent-injector service and its associated mutating webhook. If set to false, the service, the webhook, and the secrets and certificates associated with it, will no longer be installed. +
+ +##
feature
Add ability to mount a webhook secret.
+
+ +A new Helm chart value agentInjector.certificate.accessMethod which can be set to watch (the default) or mount has been added. The mount setting is intended for clusters with policies that prevent containers from doing a get, list or watch of a Secret, but where a latency of up to 90 seconds is acceptable between the time the secret is regenerated and the agent-injector picks it up. +
+ +##
feature
Make it possible to specify ignored volume mounts using path prefix.
+
+ +Volume mounts like /var/run/secrets/kubernetes.io are not declared in the workload. Instead, they are injected during pod-creation and their names are generated. It is now possible to ignore such mounts using a matching path prefix. +
+ +##
feature
Make the telemount Docker Volume plugin configurable
+
+ +A telemount object was added to the intercept object in config.yml (or Helm value client.intercept), so that the automatic download and installation of this plugin can be fully customised. +
+ +##
feature
Add option to load the kubeconfig yaml from stdin during connect.
+
+ +This allows another process with a kubeconfig already loaded in memory to directly pass it to telepresence connect without needing a separate file. Simply use a dash "-" as the filename for the --kubeconfig flag. +
+ +##
feature
Add ability to specify agent security context.
+
+ +A new Helm chart value agent.securityContext that will allow configuring the security context of the injected traffic agent. The value can be set to a valid Kubernetes securityContext object, or can be set to an empty value ({}) to ensure the agent has no defined security context. If no value is specified, the traffic manager will set the agent's security context to the same as the first container's of the workload being injected into. +
+ +##
change
Tracing is no longer enabled by default.
+
+ +Tracing must now be enabled explicitly in order to use the telepresence gather-traces command. +
+ +##
change
Removal of timeouts that are no longer in use
+
+ +The config.yml values timeouts.agentInstall and timeouts.apply haven't been in use since versions prior to 2.6.0, when the client was responsible for installing the traffic-agent. These timeouts are now removed from the code-base, and a warning will be printed when attempts are made to use them. +
+ +##
bugfix
Search all private subnets to find one open for dnsServerSubnet
+
+ +This resolves a bug that did not test all subnets in a private range, sometimes resulting in the warning, "DNS doesn't seem to work properly." +
+ +##
bugfix
Docker aliases deprecation caused failure to detect Kind cluster.
+
+ +The logic for detecting if a cluster is a local Kind cluster, and therefore needs some special attention when using telepresence connect --docker, relied on the presence of Aliases in the Docker network that a Kind cluster sets up. In Docker versions from 26 and up, this value is no longer used, but the corresponding info can instead be found in the new DNSNames field. +
+ +##
bugfix
Creation of individual pods was blocked by the agent-injector webhook.
+
+ +An attempt to create a pod was blocked unless it was provided by a workload. Hence, commands like kubectl run -i busybox --rm --image=curlimages/curl --restart=Never -- curl echo-easy.default would be blocked from executing. +
+ +##
bugfix
Fix panic due to root daemon not running.
+
+ +If a telepresence connect was made at a time when the root daemon was not running (an abnormal condition) and a subsequent intercept was then made, a panic would occur when the port-forward to the agent was set up. This is now fixed so that the initial telepresence connect is refused unless the root daemon is running. +
+ +##
bugfix
Get rid of telemount plugin stickiness
+
+ +The datawire/telemount that is automatically downloaded and installed, would never be updated once the installation was made. Telepresence will now check for the latest release of the plugin and cache the result of that check for 24 hours. If a new version arrives, it will be installed and used. +
+ +##
bugfix
Use route instead of address for CIDRs with masks that don't allow "via"
+
+ +A CIDR with a mask that leaves less than two bits (/31 or /32 for IPv4) cannot be added as an address to the VIF, because such addresses must have bits allowing a "via" IP. +The logic was modified to allow such CIDRs to become static routes, using the VIF base address as their "via", rather than being VIF addresses in their own right. +
+ +##
bugfix
Containerized daemon created cache files owned by root
+
+ +When using telepresence connect --docker to create a containerized daemon, that daemon would sometimes create files in the cache that were owned by root, which then caused problems when connecting without the --docker flag. +
+ +##
bugfix
Remove large number of requests when traffic-manager is used in large clusters.
+
+ +The traffic-manager would make a very large number of API requests during cluster start-up or when many services were changed for other reasons. The logic that did this was refactored and the number of queries were significantly reduced. +
+ +##
bugfix
Don't patch probes on replaced containers.
+
+ +A container that is being replaced by a telepresence intercept --replace invocation will have no liveness-, readiness, nor startup-probes. Telepresence didn't take this into consideration when injecting the traffic-agent, but now it will refrain from patching symbolic port names of those probes. +
+ +##
bugfix
Don't rely on context name when deciding if a kind cluster is used.
+
+ +The code that auto-patches the kubeconfig when connecting to a kind cluster from within a docker container, relied on the context name starting with "kind-", but although all contexts created by kind have that name, the user is still free to rename it or to create other contexts using the same connection properties. The logic was therefore changed to instead look for a loopback service address. +
+ +## Version 2.18.0 (February 9) +##
feature
Include the image for the traffic-agent in the output of the version and status commands.
+
+ +The version and status commands will now output the image that the traffic-agent will be using when injected by the agent-injector. +
+ +##
feature
Custom DNS using the client DNS resolver.
+
+ +

A new telepresence connect --proxy-via CIDR=WORKLOAD flag was introduced, allowing Telepresence to translate DNS responses matching specific subnets into virtual IPs that are used locally. Those virtual IPs are then routed (with reverse translation) via the pod's of a given workload. This makes it possible to handle custom DNS servers that resolve domains into loopback IPs. The flag may also be used in cases where the cluster's subnets are in conflict with the workstation's VPN.

The CIDR can also be a symbolic name that identifies a subnet or list of subnets:

alsoAll subnets added with --also-proxy
serviceThe cluster's service subnet
podsThe cluster's pod subnets.
allAll of the above.
+
+ +##
bugfix
Ensure that agent.appProtocolStrategy is propagated correctly.
+
+ +The agent.appProtocolStrategy was inadvertently dropped when moving license related code fromm the OSS repository the repository for the Enterprise version of Telepresence. It has now been restored. +
+ +##
bugfix
Include non-default zero values in output of telepresence config view.
+
+ +The telepresence config view command will now print zero values in the output when the default for the value is non-zero. +
+ +##
bugfix
Restore ability to run the telepresence CLI in a docker container.
+
+ +The improvements made to be able to run the telepresence daemon in docker using telepresence connect --docker made it impossible to run both the CLI and the daemon in docker. This commit fixes that and also ensures that the user- and root-daemons are merged in this scenario when the container runs as root. +
+ +##
bugfix
Remote mounts when intercepting with the --replace flag.
+
+ +A telepresence intercept --replace did not correctly mount all volumes, because when the intercepted container was removed, its mounts were no longer visible to the agent-injector when it was subjected to a second invocation. The container is now kept in place, but with an image that just sleeps infinitely. +
+ +##
bugfix
Intercepting with the --replace flag will no longer require all subsequent intercepts to use --replace.
+
+ +A telepresence intercept --replace will no longer switch the mode of the intercepted workload, forcing all subsequent intercepts on that workload to use --replace until the agent is uninstalled. Instead, --replace can be used interchangeably just like any other intercept flag. +
+ +##
bugfix
Kubeconfig exec authentication with context names containing colon didn't work on Windows
+
+ +The logic added to allow the root daemon to connect directly to the cluster using the user daemon as a proxy for exec type authentication in the kube-config, didn't take into account that a context name sometimes contains the colon ":" character. That character cannot be used in filenames on windows because it is the drive letter separator. +
+ +##
bugfix
Provide agent name and tag as separate values in Helm chart
+
+ +The AGENT_IMAGE was a concatenation of the agent's name and tag. This is now changed so that the env instead contains an AGENT_IMAGE_NAME and AGENT_INAGE_TAG. The AGENT_IMAGE is removed. Also, a new env REGISTRY is added, where the registry of the traffic- manager image is provided. The AGENT_REGISTRY is no longer required and will default to REGISTRY if not set. +
+ +##
bugfix
Environment interpolation expressions were prefixed twice.
+
+ +Telepresence would sometimes prefix environment interpolation expressions in the traffic-agent twice so that an expression that looked like $(SOME_NAME) in the app-container, ended up as $(_TEL_APP_A__TEL_APP_A_SOME_NAME) in the corresponding expression in the traffic-agent. +
+ +##
bugfix
Panic in root-daemon on darwin workstations with full access to cluster network.
+
+ +A darwin machine with full access to the cluster's subnets will never create a TUN-device, and a check was missing if the device actually existed, which caused a panic in the root daemon. +
+ +##
bugfix
Show allow-conflicting-subnets in telepresence status and telepresence config view.
+
+ +The telepresence status and telepresence config view commands didn't show the allowConflictingSubnets CIDRs because the value wasn't propagated correctly to the CLI. +
+ +##
feature
It is now possible use a host-based connection and containerized connections simultaneously.
+
+ +Only one host-based connection can exist because that connection will alter the DNS to reflect the namespace of the connection. but it's now possible to create additional connections using --docker while retaining the host-based connection. +
+ +##
feature
Ability to set the hostname of a containerized daemon.
+
+ +The hostname of a containerized daemon defaults to be the container's ID in Docker. You now can override the hostname using telepresence connect --docker --hostname <a name>. +
+ +##
feature
New --multi-daemonflag to enforce a consistent structure for the status command output.
+
+ +The output of the telepresence status when using --output json or --output yaml will either show an object where the user_daemon and root_daemon are top level elements, or when multiple connections are used, an object where a connections list contains objects with those daemons. The flag --multi-daemon will enforce the latter structure even when only one daemon is connected so that the output can be parsed consistently. The reason for keeping the former structure is to retain backward compatibility with existing parsers. +
+ +##
bugfix
Make output from telepresence quit more consistent.
+
+ +A quit (without -s) just disconnects the host user and root daemons but will quit a container based daemon. The message printed was simplified to remove some have/has is/are errors caused by the difference. +
+ +##
bugfix
Fix "tls: bad certificate" errors when refreshing the mutator-webhook secret
+
+ +The agent-injector service will now refresh the secret used by the mutator-webhook each time a new connection is established, thus preventing the certificates to go out-of-sync when the secret is regenerated. +
+ +##
bugfix
Keep telepresence-agents configmap in sync with pod states.
+
+ +An intercept attempt that resulted in a timeout due to failure of injecting the traffic-agent left the telepresence-agents configmap in a state that indicated that an agent had been added, which caused problems for subsequent intercepts after the problem causing the first failure had been fixed. +
+ +##
bugfix
The telepresence status command will now report the status of all running daemons.
+
+ +A telepresence status, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead reports the status of all running daemons. +
+ +##
bugfix
The telepresence version command will now report the version of all running daemons.
+
+ +A telepresence version, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead reports the version of all running daemons. +
+ +##
bugfix
Multiple containerized daemons can now be disconnected using telepresence quit -s
+
+ +A telepresence quit -s, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead quits all daemons. +
+ +##
bugfix
The DNS search path on Windows is now restored when Telepresence quits
+
+ +The DNS search path that Telepresence uses to simulate the DNS lookup functionality in the connected cluster namespace was not removed by a telepresence quit, resulting in connectivity problems from the workstation. Telepresence will now remove the entries that it has added to the search list when it quits. +
+ +##
bugfix
The user-daemon would sometimes get killed when used by multiple simultaneous CLI clients.
+
+ +The user-daemon would die with a fatal "fatal error: concurrent map writes" error in the connector.log, effectively killing the ongoing connection. +
+ +##
bugfix
Multiple services ports using the same target port would not get intercepted correctly.
+
+ +Intercepts didn't work when multiple service ports were using the same container port. Telepresence would think that one of the ports wasn't intercepted and therefore disable the intercept of the container port. +
+ +##
bugfix
Root daemon refuses to disconnect.
+
+ +The root daemon would sometimes hang forever when attempting to disconnect due to a deadlock in the VIF-device. +
+ +##
bugfix
Fix panic in user daemon when traffic-manager was unreachable
+
+ +The user daemon would panic if the traffic-manager was unreachable. It will now instead report a proper error to the client. +
+ +##
change
Removal of backward support for versions predating 2.6.0
+
+ +The telepresence helm installer will no longer discover and convert workloads that were modified by versions prior to 2.6.0. The traffic manager will and no longer support the muxed tunnels used in versions prior to 2.5.0. +
+ +## Version 2.17.0 (November 14) +##
feature
Additional Prometheus metrics to track intercept/connect activity
+
+ +This feature adds the following metrics to the Prometheus endpoint: connect_count, connect_active_status, intercept_count, and intercept_active_status. These are labeled by client/install_id. Additionally, the intercept_count metric has been renamed to active_intercept_count for clarity. +
+ +##
feature
Make the Telepresence client docker image configurable.
+
+ +The docker image used when running a Telepresence intercept in docker mode can now be configured using the setting images.clientImage and will default first to the value of the environment TELEPRESENCE_CLIENT_IMAGE, and then to the value preset by the telepresence binary. This configuration setting is primarily intended for testing purposes. +
+ +##
feature
Use traffic-agent port-forwards for outbound and intercepted traffic.
+
+ +The telepresence TUN-device is now capable of establishing direct port-forwards to a traffic-agent in the connected namespace. That port-forward is then used for all outbound traffic to the device, and also for all traffic that arrives from intercepted workloads. Getting rid of the extra hop via the traffic-manager improves performance and reduces the load on the traffic-manager. The feature can only be used if the client has Kubernetes port-forward permissions to the connected namespace. It can be disabled by setting cluster.agentPortForward to false in config.yml. +
+ +##
feature
Improve outbound traffic performance.
+
+ +The root-daemon now communicates directly with the traffic-manager instead of routing all outbound traffic through the user-daemon. The root-daemon uses a patched kubeconfig where exec configurations to obtain credentials are dispatched to the user-daemon. This to ensure that all authentication plugins will execute in user-space. The old behavior of routing everything through the user-daemon can be restored by setting cluster.connectFromRootDaemon to false in config.yml. +
+ +##
feature
New networking CLI flag --allow-conflicting-subnets
+
+ +telepresence connect (and other commands that kick off a connect) now accepts an --allow-conflicting-subnets CLI flag. This is equivalent to client.routing.allowConflictingSubnets in the helm chart, but can be specified at connect time. It will be appended to any configuration pushed from the traffic manager. +
+ +##
change
Warn if large version mismatch between traffic manager and client.
+
+ +Print a warning if the minor version diff between the client and the traffic manager is greater than three. +
+ +##
change
The authenticator binary was removed from the docker image.
+
+ +The authenticator binary, used when serving proxied exec kubeconfig credential retrieval, has been removed. The functionality was instead added as a subcommand to the telepresence binary. +
+ +## Version 2.16.1 (October 12) +##
feature
Add --docker-debug flag to the telepresence intercept command.
+
+ +This flag is similar to --docker-build but will start the container with more relaxed security using the docker run flags --security-opt apparmor=unconfined --cap-add SYS_PTRACE. +
+ +##
feature
Add a --export option to the telepresence connect command.
+
+ +In some situations it is necessary to make some ports available to the host from a containerized telepresence daemon. This commit adds a repeatable --expose <docker port exposure> flag to the connect command. +
+ +##
feature
Prevent agent-injector webhook from selecting from kube-xxx namespaces.
+
+ +The kube-system and kube-node-lease namespaces should not be affected by a global agent-injector webhook by default. A default namespaceSelector was therefore added to the Helm Chart agentInjector.webhook that contains a NotIn preventing those namespaces from being selected. +
+ +##
bugfix
Backward compatibility for pod template TLS annotations.
+
+ +Users of Telepresence < 2.9.0 that make use of the pod template TLS annotations were unable to upgrade because the annotation names have changed (now prefixed by "telepresence."), and the environment expansion of the annotation values was dropped. This fix restores support for the old names (while retaining the new ones) and the environment expansion. +
+ +##
security
Built with go 1.21.3
+
+ +Built Telepresence with go 1.21.3 to address CVEs. +
+ +##
bugfix
Match service selector against pod template labels
+
+ +When listing intercepts (typically by calling telepresence list) selectors of services are matched against workloads. Previously the match was made against the labels of the workload, but now they are matched against the labels pod template of the workload. Since the service would actually be matched against pods this is more correct. The most common case when this makes a difference is that statefulsets now are listed when they should. +
+ +## Version 2.16.0 (October 2) +##
bugfix
The helm sub-commands will no longer start the user daemon.
+
+ +The telepresence helm install/upgrade/uninstall commands will no longer start the telepresence user daemon because there's no need to connect to the traffic-manager in order for them to execute. +
+ +##
bugfix
Routing table race condition
+
+ +A race condition would sometimes occur when a Telepresence TUN device was deleted and another created in rapid succession that caused the routing table to reference interfaces that no longer existed. +
+ +##
bugfix
Stop lingering daemon container
+
+ +When using telepresence connect --docker, a lingering container could be present, causing errors like "The container name NN is already in use by container XX ...". When this happens, the connect logic will now give the container some time to stop and then call docker stop NN to stop it before retrying to start it. +
+ +##
bugfix
Add file locking to the Telepresence cache
+
+ +Files in the Telepresence cache are accesses by multiple processes. The processes will now use advisory locks on the files to guarantee consistency. +
+ +##
change
Lock connection to namespace
+
+ +The behavior changed so that a connected Telepresence client is bound to a namespace. The namespace can then not be changed unless the client disconnects and reconnects. A connection is also given a name. The default name is composed from <kube context name>-<namespace> but can be given explicitly when connecting using --name. The connection can optionally be identified using the option --use <name match> (only needed when docker is used and more than one connection is active). +
+ +##
change
Deprecation of global --context and --docker flags.
+
+ +The global flags --context and --docker will now be considered deprecated unless used with commands that accept the full set of Kubernetes flags (e.g. telepresence connect). +
+ +##
change
Deprecation of the --namespace flag for the intercept command.
+
+ +The --namespace flag is now deprecated for telepresence intercept command. The flag can instead be used with all commands that accept the full set of Kubernetes flags (e.g. telepresence connect). +
+ +##
change
Legacy code predating version 2.6.0 was removed.
+
+ +The telepresence code-base still contained a lot of code that would modify workloads instead of relying on the mutating webhook installer when a traffic-manager version predating version 2.6.0 was discovered. This code has now been removed. +
+ +##
feature
Add `telepresence list-namespaces` and `telepresence list-contexts` commands
+
+ +These commands can be used to check accessible namespaces and for automation. +
+ +##
change
Implicit connect warning
+
+ +A deprecation warning will be printed if a command other than telepresence connect causes an implicit connect to happen. Implicit connects will be removed in a future release. +
+ +## Version 2.15.1 (September 6) +##
security
Rebuild with go 1.21.1
+
+ +Rebuild Telepresence with go 1.21.1 to address CVEs. +
+ +##
security
Set security context for traffic agent
+
+ +Openshift users reported that the traffic agent injection was failing due to a missing security context. +
+ +## Version 2.15.0 (August 29) +##
security
Add ASLR to telepresence binaries
+
+ +ASLR hardens binary sercurity against fixed memory attacks. +
+ +##
feature
[Added client builds for arm64 architecture.](https://github.com/telepresenceio/telepresence/issues/3259)
+
+ +Updated the release workflow files in github actions to including building and publishing the client binaries for arm64 architecture. +
+ +##
bugfix
[KUBECONFIG env var can now be used with the docker mode.](https://github.com/telepresenceio/telepresence/pull/3300)
+
+ +If provided, the KUBECONFIG environment variable was passed to the kubeauth-foreground service as a parameter. However, since it didn't exist, the CLI was throwing an error when using telepresence connect --docker. +
+ +##
bugfix
[Fix deadlock while watching workloads](https://github.com/telepresenceio/telepresence/pull/3298)
+
+ +The telepresence list --output json-stream wasn't releasing the session's lock after being stopped, including with a telepresence quit. The user could be blocked as a result. +
+ +##
bugfix
Change json output of telepresence list command
+
+ +Replace deprecated info in the JSON output of the telepresence list command. +
+ +## Version 2.14.4 (August 21) +##
bugfix
[Nil pointer exception when upgrading the traffic-manager.](https://github.com/telepresenceio/telepresence/issues/3313)
+
+ +Upgrading the traffic-manager using telepresence helm upgrade would sometimes result in a helm error message executing "telepresence/templates/intercept-env-configmap.yaml" at <.Values.intercept.environment.excluded>: nil pointer evaluating interface {}.excluded" +
+ +## Version 2.14.2 (July 26) +##
bugfix
[Telepresence now use the OSS agent in its latest version by default.](https://github.com/telepresenceio/telepresence/issues/3271)
+
+ +The traffic manager admin was forced to set it manually during the chart installation. +
+ +## Version 2.14.1 (July 7) +##
feature
Envoy's http idle timout is now configurable.
+
+ +A new agent.helm.httpIdleTimeout setting was added to the Helm chart that controls the proprietary Traffic agent's http idle timeout. The default of one hour, which in some situations would cause a lot of resource consuming and lingering connections, was changed to 70 seconds. +
+ +##
feature
Add more gauges to the Traffic manager's Prometheus client.
+
+ +Several gauges were added to the Prometheus client to make it easier to monitor what the Traffic manager spends resources on. +
+ +##
feature
Agent Pull Policy
+
+ +Add option to set traffic agent pull policy in helm chart. +
+ +##
bugfix
Resource leak in the Traffic manager.
+
+ +Fixes a resource leak in the Traffic manager caused by lingering tunnels between the clients and Traffic agents. The tunnels are now closed correctly when terminated from the side that created them. +
+ +##
bugfix
[Fixed problem setting traffic manager namespace using the kubeconfig extension.](https://www.telepresence.io/docs/reference/config#manager)
+
+ +Fixes a regression introduced in version 2.10.5, making it impossible to set the traffic-manager namespace using the telepresence.io kubeconfig extension. +
+ +## Version 2.14.0 (June 12) +##
feature
[DNS configuration now supports excludes and mappings.](https://github.com/telepresenceio/telepresence/pull/3172)
+
+ +The DNS configuration now supports two new fields, excludes and mappings. The excludes field allows you to exclude a given list of hostnames from resolution, while the mappings field can be used to resolve a hostname with another. +
+ +##
feature
Added the ability to exclude environment variables
+
+ +Added a new config map that can take an array of environment variables that will then be excluded from an intercept that retrieves the environment of a pod. +
+ +##
bugfix
Fixed traffic-agent backward incompatibility issue causing lack of remote mounts
+
+ +A traffic-agent of version 2.13.3 (or 1.13.15) would not propagate the directories under /var/run/secrets when used with a traffic manager older than 2.13.3. +
+ +##
bugfix
[Fixed race condition causing segfaults on rare occasions when a tunnel stream timed out.](https://github.com/telepresenceio/telepresence/pull/2963)
+
+ +A context cancellation could sometimes be trapped in a stream reader, causing it to incorrectly return an undefined message which in turn caused the parent reader to panic on a nil pointer reference. +
+ +##
change
Routing conflict reporting.
+
+ +Telepresence will now attempt to detect and report routing conflicts with other running VPN software on client machines. There is a new configuration flag that can be tweaked to allow certain CIDRs to be overridden by Telepresence. +
+ +##
change
test-vpn command deprecated
+
+ +Running telepresence test-vpn will now print a deprecation warning and exit. The command will be removed in a future release. Instead, please configure telepresence for your VPN's routes. +
+ +## Version 2.13.3 (May 25) +##
feature
[Add imagePullSecrets to hooks](https://github.com/telepresenceio/telepresence/pull/3079)
+
+ +Add .Values.hooks.curl.imagePullSecrets and .Values.hooks curl.imagePullSecrets to Helm values. +
+ +##
change
Change reinvocation policy to Never for the mutating webhook
+
+ +The default setting of the reinvocationPolicy for the mutating webhook dealing with agent injections changed from Never to IfNeeded. +
+ +##
bugfix
[Fix mounting fail of IAM roles for service accounts web identity token](https://github.com/telepresenceio/telepresence/issues/3166)
+
+ +The eks.amazonaws.com/serviceaccount volume injected by EKS is now exported and remotely mounted during an intercept. +
+ +##
bugfix
[Correct namespace selector for cluster versions with non-numeric characters](https://github.com/telepresenceio/telepresence/pull/3184)
+
+ +The mutating webhook now correctly applies the namespace selector even if the cluster version contains non-numeric characters. For example, it can now handle versions such as Major:"1", Minor:"22+". +
+ +##
bugfix
[Enable IPv6 on the telepresence docker network](https://github.com/telepresenceio/telepresence/issues/3179)
+
+ +The "telepresence" Docker network will now propagate DNS AAAA queries to the Telepresence DNS resolver when it runs in a Docker container. +
+ +##
bugfix
[Fix the crash when intercepting with --local-only and --docker-run](https://github.com/telepresenceio/telepresence/issues/3171)
+
+ +Running telepresence intercept --local-only --docker-run no longer results in a panic. +
+ +##
bugfix
[Fix incorrect error message with local-only mounts](https://github.com/telepresenceio/telepresence/issues/3171)
+
+ +Running telepresence intercept --local-only --mount false no longer results in an incorrect error message saying "a local-only intercept cannot have mounts". +
+ +##
bugfix
[specify port in hook urls](https://github.com/telepresenceio/telepresence/pull/3161)
+
+ +The helm chart now correctly handles custom agentInjector.webhook.port that was not being set in hook URLs. +
+ +##
bugfix
Fix wrong default value for disableGlobal and agentArrival
+
+ +Params .intercept.disableGlobal and .timeouts.agentArrival are now correctly honored. +
+ diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx new file mode 100644 index 00000000..0ce7b203 --- /dev/null +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -0,0 +1,635 @@ +--- +title: Release Notes +--- + +import { Note, Title, Body } from '@site/src/components/ReleaseNotes' + +[comment]: # (Code generated by relnotesgen. DO NOT EDIT.) + +# Telepresence Release Notes +## Version 2.21.0 + + Automatic subnet conflict avoidance + -> Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. + + + Virtual Address Translation (VNAT). + -> It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. + + + Intercepts targeting a specific container + -> In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. +This update introduces a `--container ` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced. + + + New telepresence ingest command + The new `telepresence ingest` command, similar to `telepresence intercept`, provides local access to the volume mounts and environment variables of a targeted container. However, unlike `telepresence intercept`, `telepresence ingest` does not redirect traffic to the container and ensures that the mounted volumes are read-only. +An ingest requires a traffic-agent to be installed in the pods of the targeted workload. Beyond that, it's a client-side operation. This allows developers to have multiple simultaneous ingests on the same container. + + + New telepresence curl command + The new `telepresence curl` command runs curl from within a container. The command requires that a connection has been established using `telepresence connect --docker`, and the container that runs `curl` will share the same network as the containerized telepresence daemon. + + + New telepresence docker-run command + The new `telepresence docker-run ` requires that a connection has been established using `telepresence connect --docker` It will perform a `docker run ` and add the flag necessary to ensure that started container shares the same network as the containerized telepresence daemon. + + + Mount everything read-only during intercept + It is now possible to append ":ro" to the intercept `--mount` flag value. This ensures that all remote volumes that the intercept mounts are read-only. + + + Unify client configuration + Previously, client configuration was divided between the config.yml file and a Kubernetes extension. DNS and routing settings were initially found only in the extension. However, the Helm client structure allowed entries from both. +To simplify this, we've now aligned the config.yml and Kubernetes extension with the Helm client structure. This means DNS and routing settings are now included in both. The Kubernetes extension takes precedence over the config.yml and Helm client object. +While the old-style Kubernetes extension is still supported for compatibility, it cannot be used with the new style. + + + Use WebSockets for port-forward instead of the now deprecated SPDY. + Telepresence will now use WebSockets instead of SPDY when creating port-forwards to the Kubernetes Cluster, and will fall back to SPDY when connecting to clusters that don't support SPDY. Use of the deprecated SPDY can be forced by setting `cluster.forceSPDY=true` in the `config.yml`. +See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2024/08/20/websockets-transition/) for more information about this transition. + + + Make usage data collection configurable using an extension point, and default to no-ops + The OSS code-base will no longer report usage data to the proprietary collector at Ambassador Labs. The actual calls to the collector remain, but will be no-ops unless a proper collector client is installed using an extension point. + + + Add deployments, statefulSets, replicaSets to workloads Helm chart value + The Helm chart value `workloads` now supports the kinds `deployments.enabled`, `statefulSets.enabled`, `replicaSets.enabled`. and `rollouts.enabled`. All except `rollouts` are enabled by default. The traffic-manager will ignore workloads, and Telepresence will not be able to intercept them, if the `enabled` of the corresponding kind is set to `false`. + + + Improved command auto-completion + The auto-completion of namespaces, services, and containers have been added where appropriate, and the default file auto completion has been removed from most commands. + + + Docker run flags --publish, --expose, and --network now work with docker mode connections + After establishing a connection to a cluster using `telepresence connect --docker`, you can run new containers that share the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development environment and the remote services. +Normally, Docker has a limitation that prevents combining a shared network configuration with custom networks and exposing ports. However, Telepresence now elegantly circumvents this limitation so that a container started with `telepresence docker-run`, `telepresence intercept --docker-run`, or `telepresence ingest --docker-run` can use flags like `--network`, `--publish`, or `--expose`. +To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mapping, ensuring that the desired ports are exposed to the local environment. + + + Prevent recursion in the Telepresence Virtual Network Interface (VIF) + Network problems may arise when running Kubernetes locally (e.g., Docker Desktop, Kind, Minikube, k3s), because the VIF on the host is also accessible from the cluster's nodes. A request that isn't handled by a cluster resource might be routed back into the VIF and cause a recursion. +These recursions can now be prevented by setting the client configuration property `routing.recursionBlockDuration` so that new connection attempts are temporarily blocked for a specific IP:PORT pair immediately after an initial attempt, thereby effectively ending the recursion. + + + Allow Helm chart to be included as a sub-chart + The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. + + + During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080. + Telepresence mimics the environment of a target container during an intercept, so it's only natural that the default for the local port is determined by the targeted container port rather than just defaulting to 8080. +A default can still be explicitly defined using the `config.intercept.defaultPort` setting. + + + Prevent that traffic-manager injects a traffic-agent into itself. + The traffic-manager can never be a subject for an intercept, ingest, or proxy-via, because that means that it injects the traffic-agent into itself, and it is not designed to do that. A user attempting this will now see a meaningful error message. + + + Don't include pods in the kube-system namespace when computing pod-subnets from pod IPs + A user would normally never access pods in the `kube-system` namespace directly, and automatically including pods included there when computing the subnets will often lead to problems when running the cluster locally. This namespace is therefore now excluded in situations when the pod subnets are computed from the IPs of pods. Services in this namespace will still be available through the service subnet. +If a user should require the pod-subnet to be mapped, it can be added to the `client.routing.alsoProxy` list in the helm chart. + +## Version 2.20.3 (November 18) + + Ensure that Telepresence works with GitHub Codespaces + GitHub Codespaces runs in a container, but not as root. Telepresence didn't handle this situation correctly and only started the user daemon. The root daemon was never started. + + + Mounts not working correctly when connected with --proxy-via + A mount would try to connect to the sftp/ftp server using the original (cluster side) IP although that IP was translated into a virtual IP when using `--proxy-via`. + +## Version 2.20.2 (October 21) + + Crash in traffic-manager configured with agentInjector.enabled=false + A traffic-manager that was installed with the Helm value `agentInjector.enabled=false` crashed when a client used the commands `telepresence version` or `telepresence status`. Those commands would call a method on the traffic-manager that panicked if no traffic-agent was present. This method will now instead return the standard `Unavailable` error code, which is expected by the caller. + +## Version 2.20.1 (October 10) + + Some workloads missing in the telepresence list output (typically replicasets owned by rollouts). + Version 2.20.0 introduced a regression in the `telepresence list` command, resulting in the omission of all workloads that were owned by another workload. The correct behavior is to just omit those workloads that are owned by the supported workload kinds `Deployment`, `ReplicaSet`, `StatefulSet`, and `Rollout`. Furthermore, the `Rollout` kind must only be considered supported when the Argo Rollouts feature is enabled in the traffic-manager. + + + Allow comma separated list of daemons for the gather-logs command. + The name of the `telepresence gather-logs` flag `--daemons` suggests that the argument can contain more than one daemon, but prior to this fix, it couldn't. It is now possible to use a comma separated list, e.g. `telepresence gather-logs --daemons root,user`. + +## Version 2.20.0 (October 3) + + Add timestamp to telepresence_logs.zip filename. + Telepresence is now capable of easily find telepresence gather-logs by certain timestamp. + + + Enable intercepts of workloads that have no service. + Telepresence is now capable of intercepting workloads that have no associated service. The intercept will then target container port instead of a service port. The new behavior is enabled by adding a telepresence.getambassador.io/inject-container-ports annotation where the value is a comma separated list of port identifiers consisting of either the name or the port number of a container port, optionally suffixed with `/TCP` or `/UDP`. + + + Publish the OSS version of the telepresence Helm chart + The OSS version of the telepresence helm chart is now available at ghcr.io/telepresenceio/telepresence-oss, and can be installed using the command:
helm install traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss --namespace ambassador --version 2.20.0 The chart documentation is published at ArtifactHUB. + + + Control the syntax of the environment file created with the intercept flag --env-file + A new --env-syntax <syntax> was introduced to allow control over the syntax of the file created when using the intercept flag --env-file <file>. Valid syntaxes are "docker", "compose", "sh", "csh", "cmd", and "ps"; where "sh", "csh", and "ps" can be suffixed with ":export". + + + Add support for Argo Rollout workloads. + Telepresence now has an opt-in support for Argo Rollout workloads. The behavior is controlled by `workloads.argoRollouts.enabled` Helm chart value. It is recommended to set the following annotation telepresence.getambassador.io/inject-traffic-agent: enabled to avoid creation of unwanted revisions. + + + Enable intercepts of containers that bind to podIP + In previous versions, the traffic-agent would route traffic to localhost during periods when an intercept wasn't active. This made it impossible for an application to bind to the pod's IP, and it also meant that service meshes binding to the podIP would get bypassed, both during and after an intercept had been made. This is now changed, so that the traffic-agent instead forwards non intercepted requests to the pod's IP, thereby enabling the application to either bind to localhost or to that IP. + + + Use ghcr.io/telepresenceio instead of docker.io/datawire for OSS images and the telemount Docker volume plugin. + All OSS telepresence images and the telemount Docker plugin are now published at the public registry ghcr.io/telepresenceio and all references from the client and traffic-manager has been updated to use this registry instead of the one at docker.io/datawire. + + + Use nftables instead of iptables-legacy + Some time ago, we introduced iptables-legacy because users had problems using Telepresence with Fly.io where nftables wasn't supported by the kernel. Fly.io has since fixed this, so Telepresence will now use nftables again. This in turn, ensures that modern systems that lack support iptables-legacy will work. + + + Root daemon wouldn't start when sudo timeout was zero. + The root daemon refused to start when sudo was configured with a timestamp_timeout=0. This was due to logic that first requested root privileges using a sudo call, and then relied on that these privileges were cached, so that a subsequent call using --non-interactive was guaranteed to succeed. This logic will now instead do one single sudo call, and rely solely on sudo to print an informative prompt and start the daemon in the background. + + + Detect minikube network when connecting with --docker + A telepresence connect --docker failed when attempting to connect to a minikube that uses a docker driver because the containerized daemon did not have access to the minikube docker network. Telepresence will now detect an attempt to connect to that network and attach it to the daemon container as needed. + +## Version 2.19.1 (July 12) + + Add brew support for the OSS version of Telepresence. + The Open-Source Software version of Telepresence can now be installed using the brew formula via brew install telepresenceio/telepresence/telepresence-oss. + + + Add --create-namespace flag to the telepresence helm install command. + A --create-namespace (default true) flag was added to the telepresence helm install command. No attempt will be made to create a namespace for the traffic-manager if it is explicitly set to false. The command will then fail if the namespace is missing. + + + Introduce DNS fallback on Windows. + A network.defaultDNSWithFallback config option has been introduced on Windows. It will cause the DNS-resolver to fall back to the resolver that was first in the list prior to when Telepresence establishes a connection. The option is default true since it is believed to give the best experience but can be set to false to restore the old behavior. + + + Brew now supports MacOS (amd64/arm64) / Linux (amd64) + The brew formula can now dynamically support MacOS (amd64/arm64) / Linux (amd64) in a single formula + + + Add ability to provide an externally-provisioned webhook secret + Added supplied as a new option for agentInjector.certificate.method. This fully disables the generation of the Mutating Webhook's secret, allowing the chart to use the values of a pre-existing secret named agentInjector.secret.name. Previously, the install would fail when it attempted to create or update the externally-managed secret. + + + Let PTR query for DNS server return the cluster domain. + The nslookup program on Windows uses a PTR query to retrieve its displayed "Server" property. This Telepresence DNS resolver will now return the cluster domain on such a query. + + + Add scheduler name to PODs templates. + A new Helm chart value schedulerName has been added. With this feature, we are able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources, including the Traffic Manager and hooks pods. + + + Race in traffic-agent injector when using inject annotation + Applying multiple deployments that used the telepresence.getambassador.io/inject-traffic-agent: enabled would cause a race condition, resulting in a large number of created pods that eventually had to be deleted, or sometimes in pods that didn't contain a traffic agent. + + + Fix configuring custom agent security context + -> The traffic-manager helm chart will now correctly use a custom agent security context if one is provided. + +## Version 2.19.0 (June 15) + + Warn when an Open Source Client connects to an Enterprise Traffic Manager. + The difference between the OSS and the Enterprise offering is not well understood, and OSS users often install a traffic-manager using the Helm chart published at getambassador.io. This Helm chart installs an enterprise traffic-manager, which is probably not what the user would expect. Telepresence will now warn when an OSS client connects to an enterprise traffic-manager and suggest switching to an enterprise client, or use telepresence helm install to install an OSS traffic-manager. + + + Add scheduler name to PODs templates. + A new Helm chart value schedulerName has been added. With this feature, we are able to define some particular schedulers from Kubernetes to apply some different strategies to allocate telepresence resources, including the Traffic Manager and hooks pods. + + + Improve traffic-manager performance in very large clusters. + -> The traffic-manager will now use a shared-informer when keeping track of deployments. This will significantly reduce the load on the Kublet in large clusters and therefore lessen the risk for the traffic-manager being throttled, which can lead to other problems. + + + Kubeconfig exec authentication failure when connecting with --docker from a WSL linux host + Clusters like Amazon EKS often use a special authentication binary that is declared in the kubeconfig using an exec authentication strategy. This binary is normally not available inside a container. Consequently, a modified kubeconfig is used when telepresence connect --docker executes, appointing a kubeauth binary which instead retrieves the authentication from a port on the Docker host that communicates with another process outside of Docker. This process then executes the original exec command to retrieve the necessary credentials. +This setup was problematic when using WSL, because even though telepresence connect --docker was executed on a Linux host, the Docker host available from host.docker.internal that the kubeauth connected to was the Windows host running Docker Desktop. The fix for this was to use the local IP of the default route instead of host.docker.internal when running under WSL.. + + + Fix bug in workload cache, causing endless recursion when a workload uses the same name as its owner. + The workload cache was keyed by name and namespace, but not by kind, so a workload named the same as its owner workload would be found using the same key. This led to the workload finding itself when looking up its owner, which in turn resulted in an endless recursion when searching for the topmost owner. + + + FailedScheduling events mentioning node availability considered fatal when waiting for agent to arrive. + The traffic-manager considers some events as fatal when waiting for a traffic-agent to arrive after an injection has been initiated. This logic would trigger on events like "Warning FailedScheduling 0/63 nodes are available" although those events indicate a recoverable condition and kill the wait. This is now fixed so that the events are logged but the wait continues. + + + Improve how the traffic-manager resolves DNS when no agent is installed. + The traffic-manager is typically installed into a namespace different from the one that clients are connected to. It's therefore important that the traffic-manager adds the client's namespace when resolving single label names in situations where there are any agents to dispatch the DNS query to. + + + Removal of ability import legacy artifact into Helm. + A helm install would make attempts to find manually installed artifacts and make them managed by Helm by adding the necessary labels and annotations. This was important when the Helm chart was first introduced but is far less so today, and this legacy import was therefore removed. + + + Docker aliases deprecation caused failure to detect Kind cluster. + The logic for detecting if a cluster is a local Kind cluster, and therefore needs some special attention when using telepresence connect --docker, relied on the presence of Aliases in the Docker network that a Kind cluster sets up. In Docker versions from 26 and up, this value is no longer used, but the corresponding info can instead be found in the new DNSNames field. + + + Include svc as a top-level domain in the DNS resolver. + It's not uncommon that use-cases involving Kafka or other middleware use FQNs that end with "svc". The core-DNS resolver in Kubernetes can resolve such names. With this bugfix, the Telepresence DNS resolver will also be able to resolve them, and thereby remove the need to add ".svc" to the include-suffix list. + + + Add ability to enable/disable the mutating webhook. + A new Helm chart boolean value agentInjector.enable has been added that controls the agent-injector service and its associated mutating webhook. If set to false, the service, the webhook, and the secrets and certificates associated with it, will no longer be installed. + + + Add ability to mount a webhook secret. + A new Helm chart value agentInjector.certificate.accessMethod which can be set to watch (the default) or mount has been added. The mount setting is intended for clusters with policies that prevent containers from doing a get, list or watch of a Secret, but where a latency of up to 90 seconds is acceptable between the time the secret is regenerated and the agent-injector picks it up. + + + Make it possible to specify ignored volume mounts using path prefix. + Volume mounts like /var/run/secrets/kubernetes.io are not declared in the workload. Instead, they are injected during pod-creation and their names are generated. It is now possible to ignore such mounts using a matching path prefix. + + + Make the telemount Docker Volume plugin configurable + A telemount object was added to the intercept object in config.yml (or Helm value client.intercept), so that the automatic download and installation of this plugin can be fully customised. + + + Add option to load the kubeconfig yaml from stdin during connect. + This allows another process with a kubeconfig already loaded in memory to directly pass it to telepresence connect without needing a separate file. Simply use a dash "-" as the filename for the --kubeconfig flag. + + + Add ability to specify agent security context. + A new Helm chart value agent.securityContext that will allow configuring the security context of the injected traffic agent. The value can be set to a valid Kubernetes securityContext object, or can be set to an empty value ({}) to ensure the agent has no defined security context. If no value is specified, the traffic manager will set the agent's security context to the same as the first container's of the workload being injected into. + + + Tracing is no longer enabled by default. + Tracing must now be enabled explicitly in order to use the telepresence gather-traces command. + + + Removal of timeouts that are no longer in use + The config.yml values timeouts.agentInstall and timeouts.apply haven't been in use since versions prior to 2.6.0, when the client was responsible for installing the traffic-agent. These timeouts are now removed from the code-base, and a warning will be printed when attempts are made to use them. + + + Search all private subnets to find one open for dnsServerSubnet + This resolves a bug that did not test all subnets in a private range, sometimes resulting in the warning, "DNS doesn't seem to work properly." + + + Docker aliases deprecation caused failure to detect Kind cluster. + The logic for detecting if a cluster is a local Kind cluster, and therefore needs some special attention when using telepresence connect --docker, relied on the presence of Aliases in the Docker network that a Kind cluster sets up. In Docker versions from 26 and up, this value is no longer used, but the corresponding info can instead be found in the new DNSNames field. + + + Creation of individual pods was blocked by the agent-injector webhook. + An attempt to create a pod was blocked unless it was provided by a workload. Hence, commands like kubectl run -i busybox --rm --image=curlimages/curl --restart=Never -- curl echo-easy.default would be blocked from executing. + + + Fix panic due to root daemon not running. + If a telepresence connect was made at a time when the root daemon was not running (an abnormal condition) and a subsequent intercept was then made, a panic would occur when the port-forward to the agent was set up. This is now fixed so that the initial telepresence connect is refused unless the root daemon is running. + + + Get rid of telemount plugin stickiness + The datawire/telemount that is automatically downloaded and installed, would never be updated once the installation was made. Telepresence will now check for the latest release of the plugin and cache the result of that check for 24 hours. If a new version arrives, it will be installed and used. + + + Use route instead of address for CIDRs with masks that don't allow "via" + A CIDR with a mask that leaves less than two bits (/31 or /32 for IPv4) cannot be added as an address to the VIF, because such addresses must have bits allowing a "via" IP. +The logic was modified to allow such CIDRs to become static routes, using the VIF base address as their "via", rather than being VIF addresses in their own right. + + + Containerized daemon created cache files owned by root + When using telepresence connect --docker to create a containerized daemon, that daemon would sometimes create files in the cache that were owned by root, which then caused problems when connecting without the --docker flag. + + + Remove large number of requests when traffic-manager is used in large clusters. + The traffic-manager would make a very large number of API requests during cluster start-up or when many services were changed for other reasons. The logic that did this was refactored and the number of queries were significantly reduced. + + + Don't patch probes on replaced containers. + A container that is being replaced by a telepresence intercept --replace invocation will have no liveness-, readiness, nor startup-probes. Telepresence didn't take this into consideration when injecting the traffic-agent, but now it will refrain from patching symbolic port names of those probes. + + + Don't rely on context name when deciding if a kind cluster is used. + The code that auto-patches the kubeconfig when connecting to a kind cluster from within a docker container, relied on the context name starting with "kind-", but although all contexts created by kind have that name, the user is still free to rename it or to create other contexts using the same connection properties. The logic was therefore changed to instead look for a loopback service address. + +## Version 2.18.0 (February 9) + + Include the image for the traffic-agent in the output of the version and status commands. + The version and status commands will now output the image that the traffic-agent will be using when injected by the agent-injector. + + + Custom DNS using the client DNS resolver. +

A new telepresence connect --proxy-via CIDR=WORKLOAD flag was introduced, allowing Telepresence to translate DNS responses matching specific subnets into virtual IPs that are used locally. Those virtual IPs are then routed (with reverse translation) via the pod's of a given workload. This makes it possible to handle custom DNS servers that resolve domains into loopback IPs. The flag may also be used in cases where the cluster's subnets are in conflict with the workstation's VPN.

The CIDR can also be a symbolic name that identifies a subnet or list of subnets:

alsoAll subnets added with --also-proxy
serviceThe cluster's service subnet
podsThe cluster's pod subnets.
allAll of the above.
+ + + Ensure that agent.appProtocolStrategy is propagated correctly. + The agent.appProtocolStrategy was inadvertently dropped when moving license related code fromm the OSS repository the repository for the Enterprise version of Telepresence. It has now been restored. + + + Include non-default zero values in output of telepresence config view. + The telepresence config view command will now print zero values in the output when the default for the value is non-zero. + + + Restore ability to run the telepresence CLI in a docker container. + The improvements made to be able to run the telepresence daemon in docker using telepresence connect --docker made it impossible to run both the CLI and the daemon in docker. This commit fixes that and also ensures that the user- and root-daemons are merged in this scenario when the container runs as root. + + + Remote mounts when intercepting with the --replace flag. + A telepresence intercept --replace did not correctly mount all volumes, because when the intercepted container was removed, its mounts were no longer visible to the agent-injector when it was subjected to a second invocation. The container is now kept in place, but with an image that just sleeps infinitely. + + + Intercepting with the --replace flag will no longer require all subsequent intercepts to use --replace. + A telepresence intercept --replace will no longer switch the mode of the intercepted workload, forcing all subsequent intercepts on that workload to use --replace until the agent is uninstalled. Instead, --replace can be used interchangeably just like any other intercept flag. + + + Kubeconfig exec authentication with context names containing colon didn't work on Windows + The logic added to allow the root daemon to connect directly to the cluster using the user daemon as a proxy for exec type authentication in the kube-config, didn't take into account that a context name sometimes contains the colon ":" character. That character cannot be used in filenames on windows because it is the drive letter separator. + + + Provide agent name and tag as separate values in Helm chart + The AGENT_IMAGE was a concatenation of the agent's name and tag. This is now changed so that the env instead contains an AGENT_IMAGE_NAME and AGENT_INAGE_TAG. The AGENT_IMAGE is removed. Also, a new env REGISTRY is added, where the registry of the traffic- manager image is provided. The AGENT_REGISTRY is no longer required and will default to REGISTRY if not set. + + + Environment interpolation expressions were prefixed twice. + Telepresence would sometimes prefix environment interpolation expressions in the traffic-agent twice so that an expression that looked like $(SOME_NAME) in the app-container, ended up as $(_TEL_APP_A__TEL_APP_A_SOME_NAME) in the corresponding expression in the traffic-agent. + + + Panic in root-daemon on darwin workstations with full access to cluster network. + A darwin machine with full access to the cluster's subnets will never create a TUN-device, and a check was missing if the device actually existed, which caused a panic in the root daemon. + + + Show allow-conflicting-subnets in telepresence status and telepresence config view. + The telepresence status and telepresence config view commands didn't show the allowConflictingSubnets CIDRs because the value wasn't propagated correctly to the CLI. + + + It is now possible use a host-based connection and containerized connections simultaneously. + Only one host-based connection can exist because that connection will alter the DNS to reflect the namespace of the connection. but it's now possible to create additional connections using --docker while retaining the host-based connection. + + + Ability to set the hostname of a containerized daemon. + The hostname of a containerized daemon defaults to be the container's ID in Docker. You now can override the hostname using telepresence connect --docker --hostname <a name>. + + + New <code>--multi-daemon</code>flag to enforce a consistent structure for the status command output. + The output of the telepresence status when using --output json or --output yaml will either show an object where the user_daemon and root_daemon are top level elements, or when multiple connections are used, an object where a connections list contains objects with those daemons. The flag --multi-daemon will enforce the latter structure even when only one daemon is connected so that the output can be parsed consistently. The reason for keeping the former structure is to retain backward compatibility with existing parsers. + + + Make output from telepresence quit more consistent. + A quit (without -s) just disconnects the host user and root daemons but will quit a container based daemon. The message printed was simplified to remove some have/has is/are errors caused by the difference. + + + Fix "tls: bad certificate" errors when refreshing the mutator-webhook secret + The agent-injector service will now refresh the secret used by the mutator-webhook each time a new connection is established, thus preventing the certificates to go out-of-sync when the secret is regenerated. + + + Keep telepresence-agents configmap in sync with pod states. + An intercept attempt that resulted in a timeout due to failure of injecting the traffic-agent left the telepresence-agents configmap in a state that indicated that an agent had been added, which caused problems for subsequent intercepts after the problem causing the first failure had been fixed. + + + The <code>telepresence status</code> command will now report the status of all running daemons. + A telepresence status, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead reports the status of all running daemons. + + + The <code>telepresence version</code> command will now report the version of all running daemons. + A telepresence version, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead reports the version of all running daemons. + + + Multiple containerized daemons can now be disconnected using <code>telepresence quit -s</code> + A telepresence quit -s, issued when multiple containerized daemons were active, would error with "multiple daemons are running, please select one using the --use <match> flag". This is now fixed so that the command instead quits all daemons. + + + The DNS search path on Windows is now restored when Telepresence quits + The DNS search path that Telepresence uses to simulate the DNS lookup functionality in the connected cluster namespace was not removed by a telepresence quit, resulting in connectivity problems from the workstation. Telepresence will now remove the entries that it has added to the search list when it quits. + + + The user-daemon would sometimes get killed when used by multiple simultaneous CLI clients. + The user-daemon would die with a fatal "fatal error: concurrent map writes" error in the connector.log, effectively killing the ongoing connection. + + + Multiple services ports using the same target port would not get intercepted correctly. + Intercepts didn't work when multiple service ports were using the same container port. Telepresence would think that one of the ports wasn't intercepted and therefore disable the intercept of the container port. + + + Root daemon refuses to disconnect. + The root daemon would sometimes hang forever when attempting to disconnect due to a deadlock in the VIF-device. + + + Fix panic in user daemon when traffic-manager was unreachable + The user daemon would panic if the traffic-manager was unreachable. It will now instead report a proper error to the client. + + + Removal of backward support for versions predating 2.6.0 + The telepresence helm installer will no longer discover and convert workloads that were modified by versions prior to 2.6.0. The traffic manager will and no longer support the muxed tunnels used in versions prior to 2.5.0. + +## Version 2.17.0 (November 14) + + Additional Prometheus metrics to track intercept/connect activity + This feature adds the following metrics to the Prometheus endpoint: connect_count, connect_active_status, intercept_count, and intercept_active_status. These are labeled by client/install_id. Additionally, the intercept_count metric has been renamed to active_intercept_count for clarity. + + + Make the Telepresence client docker image configurable. + The docker image used when running a Telepresence intercept in docker mode can now be configured using the setting images.clientImage and will default first to the value of the environment TELEPRESENCE_CLIENT_IMAGE, and then to the value preset by the telepresence binary. This configuration setting is primarily intended for testing purposes. + + + Use traffic-agent port-forwards for outbound and intercepted traffic. + The telepresence TUN-device is now capable of establishing direct port-forwards to a traffic-agent in the connected namespace. That port-forward is then used for all outbound traffic to the device, and also for all traffic that arrives from intercepted workloads. Getting rid of the extra hop via the traffic-manager improves performance and reduces the load on the traffic-manager. The feature can only be used if the client has Kubernetes port-forward permissions to the connected namespace. It can be disabled by setting cluster.agentPortForward to false in config.yml. + + + Improve outbound traffic performance. + The root-daemon now communicates directly with the traffic-manager instead of routing all outbound traffic through the user-daemon. The root-daemon uses a patched kubeconfig where exec configurations to obtain credentials are dispatched to the user-daemon. This to ensure that all authentication plugins will execute in user-space. The old behavior of routing everything through the user-daemon can be restored by setting cluster.connectFromRootDaemon to false in config.yml. + + + New networking CLI flag --allow-conflicting-subnets + telepresence connect (and other commands that kick off a connect) now accepts an --allow-conflicting-subnets CLI flag. This is equivalent to client.routing.allowConflictingSubnets in the helm chart, but can be specified at connect time. It will be appended to any configuration pushed from the traffic manager. + + + Warn if large version mismatch between traffic manager and client. + Print a warning if the minor version diff between the client and the traffic manager is greater than three. + + + The authenticator binary was removed from the docker image. + The authenticator binary, used when serving proxied exec kubeconfig credential retrieval, has been removed. The functionality was instead added as a subcommand to the telepresence binary. + +## Version 2.16.1 (October 12) + + Add --docker-debug flag to the telepresence intercept command. + This flag is similar to --docker-build but will start the container with more relaxed security using the docker run flags --security-opt apparmor=unconfined --cap-add SYS_PTRACE. + + + Add a --export option to the telepresence connect command. + In some situations it is necessary to make some ports available to the host from a containerized telepresence daemon. This commit adds a repeatable --expose <docker port exposure> flag to the connect command. + + + Prevent agent-injector webhook from selecting from kube-xxx namespaces. + The kube-system and kube-node-lease namespaces should not be affected by a global agent-injector webhook by default. A default namespaceSelector was therefore added to the Helm Chart agentInjector.webhook that contains a NotIn preventing those namespaces from being selected. + + + Backward compatibility for pod template TLS annotations. + Users of Telepresence < 2.9.0 that make use of the pod template TLS annotations were unable to upgrade because the annotation names have changed (now prefixed by "telepresence."), and the environment expansion of the annotation values was dropped. This fix restores support for the old names (while retaining the new ones) and the environment expansion. + + + Built with go 1.21.3 + Built Telepresence with go 1.21.3 to address CVEs. + + + Match service selector against pod template labels + When listing intercepts (typically by calling telepresence list) selectors of services are matched against workloads. Previously the match was made against the labels of the workload, but now they are matched against the labels pod template of the workload. Since the service would actually be matched against pods this is more correct. The most common case when this makes a difference is that statefulsets now are listed when they should. + +## Version 2.16.0 (October 2) + + The helm sub-commands will no longer start the user daemon. + The telepresence helm install/upgrade/uninstall commands will no longer start the telepresence user daemon because there's no need to connect to the traffic-manager in order for them to execute. + + + Routing table race condition + A race condition would sometimes occur when a Telepresence TUN device was deleted and another created in rapid succession that caused the routing table to reference interfaces that no longer existed. + + + Stop lingering daemon container + When using telepresence connect --docker, a lingering container could be present, causing errors like "The container name NN is already in use by container XX ...". When this happens, the connect logic will now give the container some time to stop and then call docker stop NN to stop it before retrying to start it. + + + Add file locking to the Telepresence cache + Files in the Telepresence cache are accesses by multiple processes. The processes will now use advisory locks on the files to guarantee consistency. + + + Lock connection to namespace + The behavior changed so that a connected Telepresence client is bound to a namespace. The namespace can then not be changed unless the client disconnects and reconnects. A connection is also given a name. The default name is composed from <kube context name>-<namespace> but can be given explicitly when connecting using --name. The connection can optionally be identified using the option --use <name match> (only needed when docker is used and more than one connection is active). + + + Deprecation of global --context and --docker flags. + The global flags --context and --docker will now be considered deprecated unless used with commands that accept the full set of Kubernetes flags (e.g. telepresence connect). + + + Deprecation of the --namespace flag for the intercept command. + The --namespace flag is now deprecated for telepresence intercept command. The flag can instead be used with all commands that accept the full set of Kubernetes flags (e.g. telepresence connect). + + + Legacy code predating version 2.6.0 was removed. + The telepresence code-base still contained a lot of code that would modify workloads instead of relying on the mutating webhook installer when a traffic-manager version predating version 2.6.0 was discovered. This code has now been removed. + + + Add `telepresence list-namespaces` and `telepresence list-contexts` commands + These commands can be used to check accessible namespaces and for automation. + + + Implicit connect warning + A deprecation warning will be printed if a command other than telepresence connect causes an implicit connect to happen. Implicit connects will be removed in a future release. + +## Version 2.15.1 (September 6) + + Rebuild with go 1.21.1 + Rebuild Telepresence with go 1.21.1 to address CVEs. + + + Set security context for traffic agent + Openshift users reported that the traffic agent injection was failing due to a missing security context. + +## Version 2.15.0 (August 29) + + Add ASLR to telepresence binaries + ASLR hardens binary sercurity against fixed memory attacks. + + + Added client builds for arm64 architecture. + Updated the release workflow files in github actions to including building and publishing the client binaries for arm64 architecture. + + + KUBECONFIG env var can now be used with the docker mode. + If provided, the KUBECONFIG environment variable was passed to the kubeauth-foreground service as a parameter. However, since it didn't exist, the CLI was throwing an error when using telepresence connect --docker. + + + Fix deadlock while watching workloads + The telepresence list --output json-stream wasn't releasing the session's lock after being stopped, including with a telepresence quit. The user could be blocked as a result. + + + Change json output of telepresence list command + Replace deprecated info in the JSON output of the telepresence list command. + +## Version 2.14.4 (August 21) + + Nil pointer exception when upgrading the traffic-manager. + Upgrading the traffic-manager using telepresence helm upgrade would sometimes result in a helm error message executing "telepresence/templates/intercept-env-configmap.yaml" at <.Values.intercept.environment.excluded>: nil pointer evaluating interface {}.excluded" + +## Version 2.14.2 (July 26) + + Telepresence now use the OSS agent in its latest version by default. + The traffic manager admin was forced to set it manually during the chart installation. + +## Version 2.14.1 (July 7) + + Envoy's http idle timout is now configurable. + A new agent.helm.httpIdleTimeout setting was added to the Helm chart that controls the proprietary Traffic agent's http idle timeout. The default of one hour, which in some situations would cause a lot of resource consuming and lingering connections, was changed to 70 seconds. + + + Add more gauges to the Traffic manager's Prometheus client. + Several gauges were added to the Prometheus client to make it easier to monitor what the Traffic manager spends resources on. + + + Agent Pull Policy + Add option to set traffic agent pull policy in helm chart. + + + Resource leak in the Traffic manager. + Fixes a resource leak in the Traffic manager caused by lingering tunnels between the clients and Traffic agents. The tunnels are now closed correctly when terminated from the side that created them. + + + Fixed problem setting traffic manager namespace using the kubeconfig extension. + Fixes a regression introduced in version 2.10.5, making it impossible to set the traffic-manager namespace using the telepresence.io kubeconfig extension. + +## Version 2.14.0 (June 12) + + DNS configuration now supports excludes and mappings. + The DNS configuration now supports two new fields, excludes and mappings. The excludes field allows you to exclude a given list of hostnames from resolution, while the mappings field can be used to resolve a hostname with another. + + + Added the ability to exclude environment variables + Added a new config map that can take an array of environment variables that will then be excluded from an intercept that retrieves the environment of a pod. + + + Fixed traffic-agent backward incompatibility issue causing lack of remote mounts + A traffic-agent of version 2.13.3 (or 1.13.15) would not propagate the directories under /var/run/secrets when used with a traffic manager older than 2.13.3. + + + Fixed race condition causing segfaults on rare occasions when a tunnel stream timed out. + A context cancellation could sometimes be trapped in a stream reader, causing it to incorrectly return an undefined message which in turn caused the parent reader to panic on a nil pointer reference. + + + Routing conflict reporting. + Telepresence will now attempt to detect and report routing conflicts with other running VPN software on client machines. There is a new configuration flag that can be tweaked to allow certain CIDRs to be overridden by Telepresence. + + + test-vpn command deprecated + Running telepresence test-vpn will now print a deprecation warning and exit. The command will be removed in a future release. Instead, please configure telepresence for your VPN's routes. + +## Version 2.13.3 (May 25) + + Add imagePullSecrets to hooks + Add .Values.hooks.curl.imagePullSecrets and .Values.hooks curl.imagePullSecrets to Helm values. + + + Change reinvocation policy to Never for the mutating webhook + The default setting of the reinvocationPolicy for the mutating webhook dealing with agent injections changed from Never to IfNeeded. + + + Fix mounting fail of IAM roles for service accounts web identity token + The eks.amazonaws.com/serviceaccount volume injected by EKS is now exported and remotely mounted during an intercept. + + + Correct namespace selector for cluster versions with non-numeric characters + The mutating webhook now correctly applies the namespace selector even if the cluster version contains non-numeric characters. For example, it can now handle versions such as Major:"1", Minor:"22+". + + + Enable IPv6 on the telepresence docker network + The "telepresence" Docker network will now propagate DNS AAAA queries to the Telepresence DNS resolver when it runs in a Docker container. + + + Fix the crash when intercepting with --local-only and --docker-run + Running telepresence intercept --local-only --docker-run no longer results in a panic. + + + Fix incorrect error message with local-only mounts + Running telepresence intercept --local-only --mount false no longer results in an incorrect error message saying "a local-only intercept cannot have mounts". + + + specify port in hook urls + The helm chart now correctly handles custom agentInjector.webhook.port that was not being set in hook URLs. + + + Fix wrong default value for disableGlobal and agentArrival + Params .intercept.disableGlobal and .timeouts.agentArrival are now correctly honored. + diff --git a/versioned_docs/version-2.21/troubleshooting.md b/versioned_docs/version-2.21/troubleshooting.md new file mode 100644 index 00000000..545f5369 --- /dev/null +++ b/versioned_docs/version-2.21/troubleshooting.md @@ -0,0 +1,255 @@ +--- +title: Troubleshooting +description: "Learn how to troubleshoot common issues related to Telepresence, including intercept issues, cluster connection issues, and errors related to Ambassador Cloud." +--- + +import Platform from '@site/src/components/Platform'; + +# Troubleshooting + +## Connecting to a cluster via VPN doesn't work. + +There are a few different issues that could arise when working with a VPN. Please see the [dedicated page](reference/vpn.md) on Telepresence and VPNs to learn more on how to fix these. + +## Connecting to a cluster hosted in a Docker Container or a VM on the workstation doesn't work + +The cluster probably has access to the host's network and gets confused when it is mapped by Telepresence. +Please check the [cluster in hosted container or vm](howtos/cluster-in-vm.md) for more details. + +## Volume mounts are not working on macOS + +It's necessary to have `sshfs` installed in order for volume mounts to work correctly during intercepts. Lately there's been some issues using `brew install sshfs` a macOS workstation because the required component `osxfuse` (now named `macfuse`) isn't open source and hence, no longer supported. As a workaround, you can now use `gromgit/fuse/sshfs-mac` instead. Follow these steps: + +1. Remove old sshfs, macfuse, osxfuse using `brew uninstall` +2. `brew install --cask macfuse` +3. `brew install gromgit/fuse/sshfs-mac` +4. `brew link --overwrite sshfs-mac` + +Now sshfs -V shows you the correct version, e.g.: +``` +$ sshfs -V +SSHFS version 2.10 +FUSE library version: 2.9.9 +fuse: no mount point +``` + +5. Next, try a mount (or an intercept that performs a mount). It will fail because you need to give permission to “Benjamin Fleischer” to execute a kernel extension (a pop-up appears that takes you to the system preferences). +6. Approve the needed permission +7. Reboot your computer. + +## Volume mounts are not working on Linux +It's necessary to have `sshfs` installed in order for volume mounts to work correctly during intercepts. + +After you've installed `sshfs`, if mounts still aren't working: +1. Uncomment `user_allow_other` in `/etc/fuse.conf` +2. Add your user to the "fuse" group with: `sudo usermod -a -G fuse ` +3. Restart your computer after uncommenting `user_allow_other` + +## Distributed tracing + +Telepresence is a complex piece of software with components running locally on your laptop and remotely in a distributed kubernetes environment. +As such, troubleshooting investigations require tools that can give users, cluster admins, and maintainers a broad view of what these distributed components are doing. +In order to facilitate such investigations, telepresence >= 2.7.0 includes distributed tracing functionality via [OpenTelemetry](https://opentelemetry.io/) +Tracing is controlled via a `grpcPort` flag under the `tracing` configuration of your `values.yaml`. It is enabled by default and can be disabled by setting `grpcPort` to `0`, or `tracing` to an empty object: + +```yaml +tracing: {} +``` + +If tracing is configured, the traffic manager and traffic agents will open a GRPC server under the port given, from which telepresence clients will be able to gather trace data. +To collect trace data, ensure you're connected to the cluster, perform whatever operation you'd like to debug and then run `gather-traces` immediately after: + +```console +$ telepresence gather-traces +``` + +This command will gather traces from both the cloud and local components of telepresence and output them into a file called `traces.gz` in your current working directory: + +```console +$ file traces.gz + traces.gz: gzip compressed data, original size modulo 2^32 158255 +``` + +Please do not try to open or uncompress this file, as it contains binary trace data. +Instead, you can use the `upload-traces` command built into telepresence to send it to an [OpenTelemetry collector](https://opentelemetry.io/docs/collector/) for ingestion: + +```console +$ telepresence upload-traces traces.gz $OTLP_GRPC_ENDPOINT +``` + +Once that's been done, the traces will be visible via whatever means your usual collector allows. For example, this is what they look like when loaded into Jaeger's [OTLP API](https://www.jaegertracing.io/docs/1.36/apis/#opentelemetry-protocol-stable): + +![Jaeger Interface](images/tracing.png) + +**Note:** The host and port provided for the `OTLP_GRPC_ENDPOINT` must accept OTLP formatted spans (instead of e.g. Jaeger or Zipkin specific spans) via a GRPC API (instead of the HTTP API that is also available in some collectors) +**Note:** Since traces are not automatically shipped to the backend by telepresence, they are stored in memory. Hence, to avoid running telepresence components out of memory, only the last 10MB of trace data are available for export. + +### No Sidecar Injected in GKE private clusters + +An attempt to `telepresence intercept` results in a timeout, and upon examination of the pods (`kubectl get pods`) it's discovered that the intercept command did not inject a sidecar into the workload's pods: + +```bash +$ kubectl get pod +NAME READY STATUS RESTARTS AGE +echo-easy-7f6d54cff8-rz44k 1/1 Running 0 5m5s + +$ telepresence intercept echo-easy -p 8080 +telepresence: error: connector.CreateIntercept: request timed out while waiting for agent echo-easy.default to arrive +$ kubectl get pod +NAME READY STATUS RESTARTS AGE +echo-easy-d8dc4cc7c-27567 1/1 Running 0 2m9s + +# Notice how 1/1 containers are ready. +``` + +If this is occurring in a GKE cluster with private networking enabled, it is likely due to firewall rules blocking the +Traffic Manager's webhook injector from the API server. +To fix this, add a firewall rule allowing your cluster's master nodes to access TCP port `443` in your cluster's pods, +or change the port number that Telepresence is using for the agent injector by providing the number of an allowed port +using the Helm chart value `agentInjector.webhook.port`. +Please refer to the [telepresence install instructions](install/cloud#gke) or the [GCP docs](https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules) for information to resolve this. + +## Injected init-container doesn't function properly + +The init-container is injected to insert `iptables` rules that redirects port numbers from the app container to the +traffic-agent sidecar. This is necessary when the service's `targetPort` is numeric. It requires elevated privileges +(`NET_ADMIN` capabilities), and the inserted rules may get overridden by `iptables` rules inserted by other vendors, +such as Istio or Linkerd. + +Injection of the init-container can often be avoided by using a `targetPort` _name_ instead of a number, and ensure +that the corresponding container's `containerPort` is also named. This example uses the name "http", but any valid +name will do: +```yaml +apiVersion: v1 +kind: Pod +metadata: + ... +spec: + containers: + - ports: + - name: http + containerPort: 8080 +--- +apiVersion: v1 +kind: Service +metadata: + ... +spec: + ports: + - port: 80 + targetPort: http +``` + +Telepresence's mutating webhook will refrain from injecting an init-container when the `targetPort` is a name. Instead, +it will do the following during the injection of the traffic-agent: + +1. Rename the designated container's port by prefixing it (i.e., containerPort: http becomes containerPort: tm-http). +2. Let the container port of our injected traffic-agent use the original name (i.e., containerPort: http). + +Kubernetes takes care of the rest and will now associate the service's `targetPort` with our traffic-agent's +`containerPort`. + +### Important note +If the service is "headless" (using `ClusterIP: None`), then using named ports won't help because the `targetPort` will +not get remapped. A headless service will always require the init-container. + +## Error connecting to GKE or EKS cluster + +GKE and EKS require a plugin that utilizes their resepective IAM providers. +You will need to install the [gke](install/cloud#gke-authentication-plugin) or [eks](install/cloud#eks-authentication-plugin) plugins +for Telepresence to connect to your cluster. + +## `too many files open` error when running `telepresence connect` on Linux + +If `telepresence connect` on linux fails with a message in the logs `too many files open`, then check if `fs.inotify.max_user_instances` is set too low. Check the current settings with `sysctl fs.notify.max_user_instances` and increase it temporarily with `sudo sysctl -w fs.inotify.max_user_instances=512`. For more information about permanently increasing it see [Kernel inotify watch limit reached](https://unix.stackexchange.com/a/13757/514457). + +## Connected to cluster via VPN but IPs don't resolve + +If `telepresence connect` succeeds, but you find yourself unable to reach services on your cluster, a routing conflict may be to blame. This frequently happens when connecting to a VPN at the same time as telepresence, +as often VPN clients may add routes that conflict with those added by telepresence. To debug this, pick an IP address in the cluster and get its route information. In this case, we'll get the route for `100.124.150.45`, and discover +that it's running through a `tailscale` device. + + + + + +```console +$ route -n get 100.124.150.45 + route to: 100.64.2.3 +destination: 100.64.0.0 + mask: 255.192.0.0 + interface: utun4 + flags: + recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire + 0 0 0 0 0 0 1280 0 +``` + +Note that in macos it's difficult to determine what software the name of a virtual interface corresponds to -- `utun4` doesn't indicate that it was created by tailscale. +One option is to look at the output of `ifconfig` before and after connecting to your VPN to see if the interface in question is being added upon connection + + + + +```console +$ ip route get 100.124.150.45 +100.64.2.3 dev tailscale0 table 52 src 100.111.250.89 uid 0 +``` + + + + +```console +$ Find-NetRoute -RemoteIPAddress 100.124.150.45 + +IPAddress : 100.102.111.26 +InterfaceIndex : 29 +InterfaceAlias : Tailscale +AddressFamily : IPv4 +Type : Unicast +PrefixLength : 32 +PrefixOrigin : Manual +SuffixOrigin : Manual +AddressState : Preferred +ValidLifetime : Infinite ([TimeSpan]::MaxValue) +PreferredLifetime : Infinite ([TimeSpan]::MaxValue) +SkipAsSource : False +PolicyStore : ActiveStore + + +Caption : +Description : +ElementName : +InstanceID : ;::8;;;8 + + + +This will tell you which device the traffic is being routed through. As a rule, if the traffic is not being routed by the telepresence device, +your VPN may need to be reconfigured, as its routing configuration is conflicting with telepresence. One way to determine if this is the case +is to run `telepresence quit -s`, check the route for an IP in the cluster (see commands above), run `telepresence connect`, and re-run the commands to see if the output changes. +If it doesn't change, that means telepresence is unable to override your VPN routes, and your VPN may need to be reconfigured. Talk to your network admins +to configure it such that clients do not add routes that conflict with the pod and service CIDRs of the clusters. How this will be done will +vary depending on the VPN provider. +Future versions of telepresence will be smarter about informing you of such conflicts upon connection. diff --git a/versioned_docs/version-2.21/variables.yml b/versioned_docs/version-2.21/variables.yml new file mode 100644 index 00000000..b9c6a779 --- /dev/null +++ b/versioned_docs/version-2.21/variables.yml @@ -0,0 +1,2 @@ +version: "2.20.0" +dlVersion: "v2.20.0" diff --git a/versioned_sidebars/version-2.21-sidebars.json b/versioned_sidebars/version-2.21-sidebars.json new file mode 100644 index 00000000..cff0c94e --- /dev/null +++ b/versioned_sidebars/version-2.21-sidebars.json @@ -0,0 +1,8 @@ +{ + "defaultSidebar": [ + { + "type": "autogenerated", + "dirName": "." + } + ] +} diff --git a/versions.json b/versions.json index 01a309cc..9b3422b7 100644 --- a/versions.json +++ b/versions.json @@ -1,4 +1,5 @@ [ + "2.21", "2.20", "2.19" ] From e59cb1163d68875185266e36b4c7cc7a67a26d12 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 17:07:12 +0100 Subject: [PATCH 02/13] Fix angle brackets. Signed-off-by: Thomas Hallgren --- .../version-2.21/howtos/intercepts.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/versioned_docs/version-2.21/howtos/intercepts.md b/versioned_docs/version-2.21/howtos/intercepts.md index ee853b14..adf8dff8 100644 --- a/versioned_docs/version-2.21/howtos/intercepts.md +++ b/versioned_docs/version-2.21/howtos/intercepts.md @@ -48,7 +48,7 @@ network telepresence, and remote mounts must be made relative to a specific moun ``` 3. Get the name of the port you want to intercept on your service: - `kubectl get service --output yaml`. + `kubectl get service <service name> --output yaml`. If we assume that the service and deployment use the same name: @@ -65,7 +65,7 @@ network telepresence, and remote mounts must be made relative to a specific moun 4. Intercept all traffic going to the application in your cluster: ``` - telepresence intercept --port [][:] --env-file `. + telepresence intercept <workload-name> --port [<local-port>][:<remote-port>] --env-file <path-to-env-file>`. ``` * For `--port`: specify the port the local instance of your application is running on. If the intercepted service exposes multiple ports, specify the port you want to intercept after a colon. @@ -84,7 +84,7 @@ network telepresence, and remote mounts must be made relative to a specific moun Intercepting : all TCP connections ``` -5. Start your local application using the environment variables retrieved in the previous step. +5. <a name="start-local-instance"></a>Start your local application using the environment variables retrieved in the previous step. The following are some examples of how to pass the environment variables to your local process: * **Visual Studio Code:** specify the path to the environment variables file in the `envFile` field of your configuration. * **JetBrains IDE (IntelliJ, WebStorm, PyCharm, GoLand, etc.):** use the [EnvFile plugin](https://plugins.jetbrains.com/plugin/7861-envfile). @@ -128,7 +128,7 @@ present challenges in terms of toolchain integration, debugging, and the overall ``` 3. Get the name of the port you want to intercept on your service: - `kubectl get service --output yaml`. + `kubectl get service <service name> --output yaml`. If we assume that the service and deployment use the same name: @@ -145,7 +145,7 @@ present challenges in terms of toolchain integration, debugging, and the overall 4. Intercept all traffic going to the application in your cluster, and start a local container to handle that intercept: ``` - telepresence intercept --port [][:] --docker-run -- . + telepresence intercept <workload-name> --port [<local-port>][:<remote-port>] --docker-run -- <your local container>. ``` * For `--port`: If the intercepted service exposes multiple ports, specify the service port you want to intercept after a colon. @@ -156,7 +156,7 @@ present challenges in terms of toolchain integration, debugging, and the overall cluster get routed to the local container and the environment variables of the service are written to `~/example-app-intercept.env`. ```console - $ telepresence intercept example-app --port :http --docker-run -- + $ telepresence intercept example-app --port :http --docker-run -- <your local container> Using Deployment example-app intercepted Intercept name: example-app @@ -164,7 +164,7 @@ present challenges in terms of toolchain integration, debugging, and the overall Workload kind : Deployment Destination : 127.0.0.1:8080 Intercepting : all TCP connections - + <output from your local container> ``` 5. Query the cluster in which you intercepted an application and verify your local instance being invoked. @@ -192,7 +192,7 @@ This example assumes that you have the `example-app` $ telepresence connect Launching Telepresence User Daemon Launching Telepresence Root Daemon - Connected to context xxx, namespace default (https://) + Connected to context xxx, namespace default (https://<some url>) $ telepresence ingest example-app --env-file ~/example-app-intercept.env Using Deployment example-app Container : example-app @@ -212,14 +212,14 @@ You can now: ```console t connect --docker Launching Telepresence User Daemon - Connected to context xxx, namespace default (https://) - $ telepresence ingest example-app --expose 8080 --docker-run -- + Connected to context xxx, namespace default (https://<some url>) + $ telepresence ingest example-app --expose 8080 --docker-run -- <your local container> Using Deployment example-app, container example-app - + <output from your local container> ``` You can now: - Code and debug your local container while it interacts with other services in your cluster. -- Send request to your local container using localhost: +- Send request to your local container using localhost:<local port> - Query services only exposed in your cluster's network using `telepresence curl`. - Set breakpoints in a _Remote Debug_ configuration in your IDE to investigate bugs. From 996b0f74198a9e9d4ecc11df6e1e4c85acf15cd2 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 17:20:58 +0100 Subject: [PATCH 03/13] Fix bad console quote. Signed-off-by: Thomas Hallgren --- versioned_docs/version-2.21/howtos/intercepts.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/versioned_docs/version-2.21/howtos/intercepts.md b/versioned_docs/version-2.21/howtos/intercepts.md index adf8dff8..76d9f38c 100644 --- a/versioned_docs/version-2.21/howtos/intercepts.md +++ b/versioned_docs/version-2.21/howtos/intercepts.md @@ -210,7 +210,7 @@ You can now: 1. Connect using docker start an ingest from `example-app`, and run a container locally with the ingested environment and volume mounts: ```console - t connect --docker + $ telepresence connect --docker Launching Telepresence User Daemon Connected to context xxx, namespace default (https://<some url>) $ telepresence ingest example-app --expose 8080 --docker-run -- <your local container> From eefc235f287bd714342dd0a5a75a67cfd4015a6f Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 18:16:11 +0100 Subject: [PATCH 04/13] Fix relative links in release-notes. Signed-off-by: Thomas Hallgren --- src/components/ReleaseNotes/index.tsx | 25 ++++++------------- .../ReleaseNotes/styles.module.scss | 19 ++++++++++++++ versioned_docs/version-2.21/release-notes.mdx | 16 ++++++------ 3 files changed, 34 insertions(+), 26 deletions(-) diff --git a/src/components/ReleaseNotes/index.tsx b/src/components/ReleaseNotes/index.tsx index 2318f8a1..ee6792c6 100644 --- a/src/components/ReleaseNotes/index.tsx +++ b/src/components/ReleaseNotes/index.tsx @@ -29,26 +29,15 @@ type TitleProps = { export const Title: React.FC = ({children, type, docs, href}) => { const typeKey = type as keyof typeof titlePrefix; - const handleViewMore = () => { - if (href) { - return; - } - if (docs) { - if (docs.indexOf('https://') === 0) { - window.location.href = docs; - } - } + if(docs || href) { + return ( + + {typeIcon[typeKey]} + {children} + ) } - return ( -

+

{typeIcon[typeKey]} {children}

diff --git a/src/components/ReleaseNotes/styles.module.scss b/src/components/ReleaseNotes/styles.module.scss index 1651c9d6..bee23277 100644 --- a/src/components/ReleaseNotes/styles.module.scss +++ b/src/components/ReleaseNotes/styles.module.scss @@ -55,6 +55,25 @@ color: $blue-dark; } + &_link { + font-size: var(--ifm-h3-font-size); + color: var(--ifm-heading-color); + font-family: var(--ifm-heading-font-family); + font-weight: var(--ifm-heading-font-weight); + line-height: var(--ifm-heading-line-height); + margin: var(--ifm-heading-margin-top) 0 var(--ifm-heading-margin-bottom) 0; + margin-block-start: 1em; + margin-block-end: 1em; + margin-inline-start: 0px; + margin-inline-end: 0px; + display: grid; + grid-template-columns: 20px auto; + + span { + padding: 0 0 0 15px; + } + } + &_no_link { display: grid; grid-template-columns: 20px auto; diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index 0ce7b203..00c94410 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -9,15 +9,15 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes' # Telepresence Release Notes ## Version 2.21.0 - Automatic subnet conflict avoidance + Automatic subnet conflict avoidance -> Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. - Virtual Address Translation (VNAT). + Virtual Address Translation (VNAT). -> It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. - Intercepts targeting a specific container + Intercepts targeting a specific container -> In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. This update introduces a `--container ` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced. @@ -39,7 +39,7 @@ An ingest requires a traffic-agent to be installed in the pods of the targeted w It is now possible to append ":ro" to the intercept `--mount` flag value. This ensures that all remote volumes that the intercept mounts are read-only. - Unify client configuration + Unify client configuration Previously, client configuration was divided between the config.yml file and a Kubernetes extension. DNS and routing settings were initially found only in the extension. However, the Helm client structure allowed entries from both. To simplify this, we've now aligned the config.yml and Kubernetes extension with the Helm client structure. This means DNS and routing settings are now included in both. The Kubernetes extension takes precedence over the config.yml and Helm client object. While the old-style Kubernetes extension is still supported for compatibility, it cannot be used with the new style. @@ -62,13 +62,13 @@ See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2 The auto-completion of namespaces, services, and containers have been added where appropriate, and the default file auto completion has been removed from most commands. - Docker run flags --publish, --expose, and --network now work with docker mode connections + Docker run flags --publish, --expose, and --network now work with docker mode connections After establishing a connection to a cluster using `telepresence connect --docker`, you can run new containers that share the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development environment and the remote services. Normally, Docker has a limitation that prevents combining a shared network configuration with custom networks and exposing ports. However, Telepresence now elegantly circumvents this limitation so that a container started with `telepresence docker-run`, `telepresence intercept --docker-run`, or `telepresence ingest --docker-run` can use flags like `--network`, `--publish`, or `--expose`. To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mapping, ensuring that the desired ports are exposed to the local environment. - Prevent recursion in the Telepresence Virtual Network Interface (VIF) + Prevent recursion in the Telepresence Virtual Network Interface (VIF) Network problems may arise when running Kubernetes locally (e.g., Docker Desktop, Kind, Minikube, k3s), because the VIF on the host is also accessible from the cluster's nodes. A request that isn't handled by a cluster resource might be routed back into the VIF and cause a recursion. These recursions can now be prevented by setting the client configuration property `routing.recursionBlockDuration` so that new connection attempts are temporarily blocked for a specific IP:PORT pair immediately after an initial attempt, thereby effectively ending the recursion. @@ -119,7 +119,7 @@ If a user should require the pod-subnet to be mapped, it can be added to the `cl Telepresence is now capable of easily find telepresence gather-logs by certain timestamp. - Enable intercepts of workloads that have no service. + Enable intercepts of workloads that have no service. Telepresence is now capable of intercepting workloads that have no associated service. The intercept will then target container port instead of a service port. The new behavior is enabled by adding a telepresence.getambassador.io/inject-container-ports annotation where the value is a comma separated list of port identifiers consisting of either the name or the port number of a container port, optionally suffixed with `/TCP` or `/UDP`. @@ -127,7 +127,7 @@ If a user should require the pod-subnet to be mapped, it can be added to the `cl The OSS version of the telepresence helm chart is now available at ghcr.io/telepresenceio/telepresence-oss, and can be installed using the command:
helm install traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss --namespace ambassador --version 2.20.0 The chart documentation is published at ArtifactHUB. - Control the syntax of the environment file created with the intercept flag --env-file + Control the syntax of the environment file created with the intercept flag --env-file A new --env-syntax <syntax> was introduced to allow control over the syntax of the file created when using the intercept flag --env-file <file>. Valid syntaxes are "docker", "compose", "sh", "csh", "cmd", and "ps"; where "sh", "csh", and "ps" can be suffixed with ":export". From bbb65d622b42fed4de28023454838ed407307315 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 18:58:10 +0100 Subject: [PATCH 05/13] Add more doc links. Signed-off-by: Thomas Hallgren --- versioned_docs/version-2.21/release-notes.mdx | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index 00c94410..e5515358 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -10,28 +10,28 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes' ## Version 2.21.0 Automatic subnet conflict avoidance - -> Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. + Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. Virtual Address Translation (VNAT). - -> It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. + It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. Intercepts targeting a specific container - -> In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. + In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. This update introduces a `--container ` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced. - New telepresence ingest command + New telepresence ingest command The new `telepresence ingest` command, similar to `telepresence intercept`, provides local access to the volume mounts and environment variables of a targeted container. However, unlike `telepresence intercept`, `telepresence ingest` does not redirect traffic to the container and ensures that the mounted volumes are read-only. An ingest requires a traffic-agent to be installed in the pods of the targeted workload. Beyond that, it's a client-side operation. This allows developers to have multiple simultaneous ingests on the same container. - New telepresence curl command + New telepresence curl command The new `telepresence curl` command runs curl from within a container. The command requires that a connection has been established using `telepresence connect --docker`, and the container that runs `curl` will share the same network as the containerized telepresence daemon. - New telepresence docker-run command + New telepresence docker-run command The new `telepresence docker-run ` requires that a connection has been established using `telepresence connect --docker` It will perform a `docker run ` and add the flag necessary to ensure that started container shares the same network as the containerized telepresence daemon. @@ -54,7 +54,7 @@ See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2 The OSS code-base will no longer report usage data to the proprietary collector at Ambassador Labs. The actual calls to the collector remain, but will be no-ops unless a proper collector client is installed using an extension point. - Add deployments, statefulSets, replicaSets to workloads Helm chart value + Add deployments, statefulSets, replicaSets to workloads Helm chart value The Helm chart value `workloads` now supports the kinds `deployments.enabled`, `statefulSets.enabled`, `replicaSets.enabled`. and `rollouts.enabled`. All except `rollouts` are enabled by default. The traffic-manager will ignore workloads, and Telepresence will not be able to intercept them, if the `enabled` of the corresponding kind is set to `false`. @@ -62,7 +62,7 @@ See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2 The auto-completion of namespaces, services, and containers have been added where appropriate, and the default file auto completion has been removed from most commands. - Docker run flags --publish, --expose, and --network now work with docker mode connections + Docker run flags --publish, --expose, and --network now work with docker mode connections After establishing a connection to a cluster using `telepresence connect --docker`, you can run new containers that share the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development environment and the remote services. Normally, Docker has a limitation that prevents combining a shared network configuration with custom networks and exposing ports. However, Telepresence now elegantly circumvents this limitation so that a container started with `telepresence docker-run`, `telepresence intercept --docker-run`, or `telepresence ingest --docker-run` can use flags like `--network`, `--publish`, or `--expose`. To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mapping, ensuring that the desired ports are exposed to the local environment. @@ -74,7 +74,7 @@ These recursions can now be prevented by setting the client configuration proper Allow Helm chart to be included as a sub-chart - The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. + The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080. @@ -119,7 +119,7 @@ If a user should require the pod-subnet to be mapped, it can be added to the `cl Telepresence is now capable of easily find telepresence gather-logs by certain timestamp. - Enable intercepts of workloads that have no service. + Enable intercepts of workloads that have no service. Telepresence is now capable of intercepting workloads that have no associated service. The intercept will then target container port instead of a service port. The new behavior is enabled by adding a telepresence.getambassador.io/inject-container-ports annotation where the value is a comma separated list of port identifiers consisting of either the name or the port number of a container port, optionally suffixed with `/TCP` or `/UDP`. @@ -127,7 +127,7 @@ If a user should require the pod-subnet to be mapped, it can be added to the `cl The OSS version of the telepresence helm chart is now available at ghcr.io/telepresenceio/telepresence-oss, and can be installed using the command:
helm install traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss --namespace ambassador --version 2.20.0 The chart documentation is published at ArtifactHUB. - Control the syntax of the environment file created with the intercept flag --env-file + Control the syntax of the environment file created with the intercept flag --env-file A new --env-syntax <syntax> was introduced to allow control over the syntax of the file created when using the intercept flag --env-file <file>. Valid syntaxes are "docker", "compose", "sh", "csh", "cmd", and "ps"; where "sh", "csh", and "ps" can be suffixed with ":export". From 385ca6b482ea58c2a1116b77476d4d28d463b65a Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sat, 7 Dec 2024 19:02:06 +0100 Subject: [PATCH 06/13] Change the canonical link to www.telepresence.io. Signed-off-by: Thomas Hallgren --- docusaurus.config.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 23dcaa14..339124a7 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -180,7 +180,7 @@ const config: Config = { plugins: ["docusaurus-plugin-sass", "./src/plugins/configure-svgo.ts"], customFields: { - canonicalBaseUrl: "https://www.getambassador.io", + canonicalBaseUrl: "https://www.telepresence.io", } }; From 63f0bc030cf333c9671309e5a18f281fd284e544 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Sun, 8 Dec 2024 22:43:48 +0100 Subject: [PATCH 07/13] Temp update to catch up with relesase/v2.21 branch. Signed-off-by: Thomas Hallgren --- .../version-2.21/concepts/faster.md | 2 - .../version-2.21/howtos/intercepts.md | 12 ++--- .../version-2.21/install/manager.md | 41 +++++++++++++++- versioned_docs/version-2.21/release-notes.md | 47 +++++++++++++------ versioned_docs/version-2.21/release-notes.mdx | 13 +++++ .../version-2.21/troubleshooting.md | 39 --------------- 6 files changed, 92 insertions(+), 62 deletions(-) diff --git a/versioned_docs/version-2.21/concepts/faster.md b/versioned_docs/version-2.21/concepts/faster.md index edbe347c..f8afb503 100644 --- a/versioned_docs/version-2.21/concepts/faster.md +++ b/versioned_docs/version-2.21/concepts/faster.md @@ -27,5 +27,3 @@ The dev loop can be jump-started with the right development environment and Kube A rapid and continuous feedback loop is essential for productivity and speed; Telepresence enables the fast, efficient feedback loop to ensure that developers can access the rapid local development loop they rely on without disrupting their own or other developers' workflows. Telepresence safely intercepts traffic from the production cluster and enables near-instant testing of code and local debugging in production. Telepresence works by deploying a two-way network proxy in a pod running in a Kubernetes cluster. This pod proxies data from the Kubernetes environment (e.g., TCP/UDP connections, environment variables, volumes) to the local process. This proxy can intercept traffic meant for the service and reroute it to a local copy, which is ready for further (local) development. - -The intercept proxy works thanks to context propagation, which is most frequently associated with distributed tracing but also plays a key role in controllable intercepts. diff --git a/versioned_docs/version-2.21/howtos/intercepts.md b/versioned_docs/version-2.21/howtos/intercepts.md index 76d9f38c..c8c124de 100644 --- a/versioned_docs/version-2.21/howtos/intercepts.md +++ b/versioned_docs/version-2.21/howtos/intercepts.md @@ -49,7 +49,7 @@ network telepresence, and remote mounts must be made relative to a specific moun 3. Get the name of the port you want to intercept on your service: `kubectl get service <service name> --output yaml`. - + If we assume that the service and deployment use the same name: ```console @@ -85,7 +85,7 @@ network telepresence, and remote mounts must be made relative to a specific moun ``` 5. <a name="start-local-instance"></a>Start your local application using the environment variables retrieved in the previous step. - The following are some examples of how to pass the environment variables to your local process: + The following are some examples of how to pass the environment variables to your local process: * **Visual Studio Code:** specify the path to the environment variables file in the `envFile` field of your configuration. * **JetBrains IDE (IntelliJ, WebStorm, PyCharm, GoLand, etc.):** use the [EnvFile plugin](https://plugins.jetbrains.com/plugin/7861-envfile). @@ -148,9 +148,9 @@ present challenges in terms of toolchain integration, debugging, and the overall telepresence intercept <workload-name> --port [<local-port>][:<remote-port>] --docker-run -- <your local container>. ``` - * For `--port`: If the intercepted service exposes multiple ports, specify the service port you want to intercept after a colon. - The local port can be empty to default to the same as the targeted container port. - + * For `--port`: If the intercepted service exposes multiple ports, specify the service port you want to intercept after a colon. + The local port can be empty to default to the same as the targeted container port. + The example below shows Telepresence intercepting traffic going to deployment `example-app`. The local container inherits the environment and the volume mounts from the targeted container, and requests to the service on port `http` in the cluster get routed to the local container and the environment variables of the service are written to `~/example-app-intercept.env`. @@ -183,7 +183,7 @@ but you don't wish to intercept any traffic intended for the targeted workload. comes into play. Just like intercept, it will make the environment and mounted containers of the targeted container available locally, but it will not intercept any traffic. -This example assumes that you have the `example-app` +This example assumes that you have the `example-app` ### Running everything directly on the workstation diff --git a/versioned_docs/version-2.21/install/manager.md b/versioned_docs/version-2.21/install/manager.md index 0f1799e0..09cdfa4b 100644 --- a/versioned_docs/version-2.21/install/manager.md +++ b/versioned_docs/version-2.21/install/manager.md @@ -5,7 +5,13 @@ hide_table_of_contents: true # Install/Uninstall the Traffic Manager -Telepresence uses a traffic manager to send/receive cloud traffic to the user. Telepresence uses [Helm](https://helm.sh) under the hood to install the traffic manager in your cluster. The `telepresence` binary embeds both `helm` and a helm-chart for a traffic-manager that is of the same version as the binary. +Telepresence uses a traffic manager to send/receive cloud traffic to the user. Telepresence uses [Helm](https://helm.sh) under the +hood to install the traffic manager in your cluster. The `telepresence` binary embeds both `helm` and a helm-chart for a +traffic-manager that is of the same version as the binary. + +The Telepresence Helm chart documentation is published at [ArtifactHUB](https://artifacthub.io/packages/helm/telepresence-oss/telepresence-oss). + +You can also use `helm` command directly, see [Install With Helm](#install-with-helm) for more details. ## Prerequisites @@ -180,3 +186,36 @@ Telepresence Traffic Manager does require some [RBAC](../reference/rbac.md) for To make it easier for operators to introspect / manage RBAC separately, you can use `rbac.only=true` to only create the rbac-related objects. Additionally, you can use `clientRbac.create=true` and `managerRbac.create=true` to toggle which subset(s) of RBAC objects you wish to create. + +## Install with Helm + +Before you begin, you must ensure that the [helm command](https://helm.sh/docs/intro/install/) is installed. + +The Telepresence Helm chart is published at GitHub in the ghcr.io repository. + +### Installing + +Install the latest stable version of the traffic-manager into the default "ambassador" namespace with the following command: + +```bash +helm install --create-namespace --namespace ambassador traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss +``` + +### Upgrading/Downgrading + +Use this command if you installed the Traffic Manager into the "ambassador" namespace, and you just wish to upgrade it +to the latest version without changing any configuration values: + +```bash +helm upgrade --namespace ambassador --reuse-values traffic-manager oci://ghcr.io/telepresenceio/telepresence-oss +``` + +If you want to upgrade (or downgrade) the Traffic Manager to a specific version, add a `--version` flag with the version +number to the upgrade command, e.g.: `--version v2.20.3`. + +### Uninstalling + +Use the following command to uninstall the Traffic Manager: +```bash +helm uninstall --namespace ambassador traffic-manager +``` \ No newline at end of file diff --git a/versioned_docs/version-2.21/release-notes.md b/versioned_docs/version-2.21/release-notes.md index 1fad42c7..745b6bab 100644 --- a/versioned_docs/version-2.21/release-notes.md +++ b/versioned_docs/version-2.21/release-notes.md @@ -2,39 +2,39 @@ [comment]: # (Code generated by relnotesgen. DO NOT EDIT.) # Telepresence Release Notes ## Version 2.21.0 -##
feature
[Automatic subnet conflict avoidance](https://telepresence.io/docs/reference/vpn)
+##
feature
[Automatic subnet conflict avoidance](reference/vpn)
--> Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. +Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet.
-##
feature
[Virtual Address Translation (VNAT).](https://telepresence.io/docs/reference/vpn)
+##
feature
[Virtual Address Translation (VNAT).](reference/vpn)
--> It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload. +It is now possible to use a virtual subnet without routing the affected IPs to a specific workload. A new `telepresence connect --vnat CIDR` flag was added that will perform virtual network address translation of cluster IPs. This flag is very similar to the `--proxy-via CIDR=WORKLOAD` introduced in 2.19, but without the need to specify a workload.
-##
feature
[Intercepts targeting a specific container](https://telepresence.io/docs/reference/intercepts/container)
+##
feature
[Intercepts targeting a specific container](reference/intercepts/container)
--> In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. +In certain scenarios, the container owning the intercepted port differs from the container the intercept targets. This port owner's sole purpose is to route traffic from the service to the intended container, often using a direct localhost connection. This update introduces a `--container ` option to the intercept command. While this option doesn't influence the port selection, it guarantees that the environment variables and mounts propagated to the client originate from the specified container. Additionally, if the `--replace` option is used, it ensures that this container is replaced.
-##
feature
New telepresence ingest command
+##
feature
[New telepresence ingest command](howtos/intercepts#ingest-your-service)
The new `telepresence ingest` command, similar to `telepresence intercept`, provides local access to the volume mounts and environment variables of a targeted container. However, unlike `telepresence intercept`, `telepresence ingest` does not redirect traffic to the container and ensures that the mounted volumes are read-only. An ingest requires a traffic-agent to be installed in the pods of the targeted workload. Beyond that, it's a client-side operation. This allows developers to have multiple simultaneous ingests on the same container.
-##
feature
New telepresence curl command
+##
feature
[New telepresence curl command](reference/docker-run#the-telepresence-curl-command)
The new `telepresence curl` command runs curl from within a container. The command requires that a connection has been established using `telepresence connect --docker`, and the container that runs `curl` will share the same network as the containerized telepresence daemon.
-##
feature
New telepresence docker-run command
+##
feature
[New telepresence docker-run command](reference/docker-run#the-telepresence-docker-run-command)
The new `telepresence docker-run ` requires that a connection has been established using `telepresence connect --docker` It will perform a `docker run ` and add the flag necessary to ensure that started container shares the same network as the containerized telepresence daemon. @@ -46,7 +46,7 @@ The new `telepresence docker-run ` requires that a connecti It is now possible to append ":ro" to the intercept `--mount` flag value. This ensures that all remote volumes that the intercept mounts are read-only.
-##
feature
[Unify client configuration](https://telepresence.io/docs/reference/config)
+##
feature
[Unify client configuration](reference/config)
Previously, client configuration was divided between the config.yml file and a Kubernetes extension. DNS and routing settings were initially found only in the extension. However, the Helm client structure allowed entries from both. @@ -67,7 +67,7 @@ See [Streaming Transitions from SPDY to WebSockets](https://kubernetes.io/blog/2 The OSS code-base will no longer report usage data to the proprietary collector at Ambassador Labs. The actual calls to the collector remain, but will be no-ops unless a proper collector client is installed using an extension point.
-##
feature
Add deployments, statefulSets, replicaSets to workloads Helm chart value
+##
feature
[Add deployments, statefulSets, replicaSets to workloads Helm chart value](reference/intecepts/sidecar#disable-workloads)
The Helm chart value `workloads` now supports the kinds `deployments.enabled`, `statefulSets.enabled`, `replicaSets.enabled`. and `rollouts.enabled`. All except `rollouts` are enabled by default. The traffic-manager will ignore workloads, and Telepresence will not be able to intercept them, if the `enabled` of the corresponding kind is set to `false`. @@ -79,7 +79,7 @@ The Helm chart value `workloads` now supports the kinds `deployments.enabled`, ` The auto-completion of namespaces, services, and containers have been added where appropriate, and the default file auto completion has been removed from most commands.
-##
Docker run flags --publish, --expose, and --network now work with docker mode connections
+##
feature
[Docker run flags --publish, --expose, and --network now work with docker mode connections](reference/docker-run#the-telepresence-docker-run-command)
After establishing a connection to a cluster using `telepresence connect --docker`, you can run new containers that share the same network as the containerized daemon that maintains the connection. This enables seamless communication between your local development environment and the remote services. @@ -87,7 +87,7 @@ Normally, Docker has a limitation that prevents combining a shared network confi To achieve this, Telepresence temporarily adds the necessary network to the containerized daemon. This allows the new container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mapping, ensuring that the desired ports are exposed to the local environment.
-##
feature
[Prevent recursion in the Telepresence Virtual Network Interface (VIF)](https://telepresence.io/docs/howtos/cluster-in-vm)
+##
feature
[Prevent recursion in the Telepresence Virtual Network Interface (VIF)](howtos/cluster-in-vm)
Network problems may arise when running Kubernetes locally (e.g., Docker Desktop, Kind, Minikube, k3s), because the VIF on the host is also accessible from the cluster's nodes. A request that isn't handled by a cluster resource might be routed back into the VIF and cause a recursion. @@ -97,7 +97,7 @@ These recursions can now be prevented by setting the client configuration proper ##
feature
Allow Helm chart to be included as a sub-chart
-The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. +The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted.
##
change
During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080.
@@ -107,6 +107,25 @@ Telepresence mimics the environment of a target container during an intercept, s A default can still be explicitly defined using the `config.intercept.defaultPort` setting.
+##
change
Move the telepresence-intercept-env configmap data into traffic-manager configmap.
+
+ +There's no need for two configmaps that store configuration data for the traffic manager. The traffic-manager configmap is also watched, so consolidating the configuration there saves some k8s API calls. +
+ +##
bugfix
Cap timeouts.connectivityCheck at 5 seconds.
+
+ +The timeout value of `timeouts.connectivityCheck` is used when checking if a cluster is already reachable without Telepresence setting up an additional network route. If it is, this timeout should be high enough to cover the delay when establishing a connection. If this delay is higher than a second, then chances are very low that the cluster already is reachable, and if it can, that all accesses to it will be very slow. In such cases, Telepresence will create its own network interface and do perform its own tunneling. +The default timeout for the check remains at 500 millisecond, which is more than sufficient for the majority of cases. +
+ +##
change
Tracing was removed.
+
+ +The ability to collect trace has been removed. The code was complex and has not been well maintained since its inception in 2022. We have seen no indication that it has ever been used. +
+ ##
bugfix
Prevent that traffic-manager injects a traffic-agent into itself.
diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index e5515358..831eb586 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -81,6 +81,19 @@ These recursions can now be prevented by setting the client configuration proper Telepresence mimics the environment of a target container during an intercept, so it's only natural that the default for the local port is determined by the targeted container port rather than just defaulting to 8080. A default can still be explicitly defined using the `config.intercept.defaultPort` setting. + + Move the telepresence-intercept-env configmap data into traffic-manager configmap. + There's no need for two configmaps that store configuration data for the traffic manager. The traffic-manager configmap is also watched, so consolidating the configuration there saves some k8s API calls. + + + Cap timeouts.connectivityCheck at 5 seconds. + The timeout value of `timeouts.connectivityCheck` is used when checking if a cluster is already reachable without Telepresence setting up an additional network route. If it is, this timeout should be high enough to cover the delay when establishing a connection. If this delay is higher than a second, then chances are very low that the cluster already is reachable, and if it can, that all accesses to it will be very slow. In such cases, Telepresence will create its own network interface and do perform its own tunneling. +The default timeout for the check remains at 500 millisecond, which is more than sufficient for the majority of cases. + + + Tracing was removed. + The ability to collect trace has been removed. The code was complex and has not been well maintained since its inception in 2022. We have seen no indication that it has ever been used. + Prevent that traffic-manager injects a traffic-agent into itself. The traffic-manager can never be a subject for an intercept, ingest, or proxy-via, because that means that it injects the traffic-agent into itself, and it is not designed to do that. A user attempting this will now see a meaningful error message. diff --git a/versioned_docs/version-2.21/troubleshooting.md b/versioned_docs/version-2.21/troubleshooting.md index 545f5369..1af80eb1 100644 --- a/versioned_docs/version-2.21/troubleshooting.md +++ b/versioned_docs/version-2.21/troubleshooting.md @@ -45,45 +45,6 @@ After you've installed `sshfs`, if mounts still aren't working: 2. Add your user to the "fuse" group with: `sudo usermod -a -G fuse ` 3. Restart your computer after uncommenting `user_allow_other` -## Distributed tracing - -Telepresence is a complex piece of software with components running locally on your laptop and remotely in a distributed kubernetes environment. -As such, troubleshooting investigations require tools that can give users, cluster admins, and maintainers a broad view of what these distributed components are doing. -In order to facilitate such investigations, telepresence >= 2.7.0 includes distributed tracing functionality via [OpenTelemetry](https://opentelemetry.io/) -Tracing is controlled via a `grpcPort` flag under the `tracing` configuration of your `values.yaml`. It is enabled by default and can be disabled by setting `grpcPort` to `0`, or `tracing` to an empty object: - -```yaml -tracing: {} -``` - -If tracing is configured, the traffic manager and traffic agents will open a GRPC server under the port given, from which telepresence clients will be able to gather trace data. -To collect trace data, ensure you're connected to the cluster, perform whatever operation you'd like to debug and then run `gather-traces` immediately after: - -```console -$ telepresence gather-traces -``` - -This command will gather traces from both the cloud and local components of telepresence and output them into a file called `traces.gz` in your current working directory: - -```console -$ file traces.gz - traces.gz: gzip compressed data, original size modulo 2^32 158255 -``` - -Please do not try to open or uncompress this file, as it contains binary trace data. -Instead, you can use the `upload-traces` command built into telepresence to send it to an [OpenTelemetry collector](https://opentelemetry.io/docs/collector/) for ingestion: - -```console -$ telepresence upload-traces traces.gz $OTLP_GRPC_ENDPOINT -``` - -Once that's been done, the traces will be visible via whatever means your usual collector allows. For example, this is what they look like when loaded into Jaeger's [OTLP API](https://www.jaegertracing.io/docs/1.36/apis/#opentelemetry-protocol-stable): - -![Jaeger Interface](images/tracing.png) - -**Note:** The host and port provided for the `OTLP_GRPC_ENDPOINT` must accept OTLP formatted spans (instead of e.g. Jaeger or Zipkin specific spans) via a GRPC API (instead of the HTTP API that is also available in some collectors) -**Note:** Since traces are not automatically shipped to the backend by telepresence, they are stored in memory. Hence, to avoid running telepresence components out of memory, only the last 10MB of trace data are available for export. - ### No Sidecar Injected in GKE private clusters An attempt to `telepresence intercept` results in a timeout, and upon examination of the pods (`kubectl get pods`) it's discovered that the intercept command did not inject a sidecar into the workload's pods: From fa6fc23cb318106017fc52fecbdc60695c6a9a14 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Mon, 9 Dec 2024 00:19:48 +0100 Subject: [PATCH 08/13] Temp update to catch up with relesase/v2.21 branch. Signed-off-by: Thomas Hallgren --- versioned_docs/version-2.21/release-notes.md | 14 +++++++------- versioned_docs/version-2.21/release-notes.mdx | 12 ++++++------ 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/versioned_docs/version-2.21/release-notes.md b/versioned_docs/version-2.21/release-notes.md index 745b6bab..8834afd0 100644 --- a/versioned_docs/version-2.21/release-notes.md +++ b/versioned_docs/version-2.21/release-notes.md @@ -2,10 +2,10 @@ [comment]: # (Code generated by relnotesgen. DO NOT EDIT.) # Telepresence Release Notes ## Version 2.21.0 -##
feature
[Automatic subnet conflict avoidance](reference/vpn)
+##
feature
[Automatic VPN conflict avoidance](reference/vpn)
-Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. +Telepresence not only detects subnet conflicts between the cluster and workstation VPNs but also resolves them by performing network address translation to move conflicting subnets out of the way.
##
feature
[Virtual Address Translation (VNAT).](reference/vpn)
@@ -113,17 +113,17 @@ A default can still be explicitly defined using the `config.intercept.defaultPor There's no need for two configmaps that store configuration data for the traffic manager. The traffic-manager configmap is also watched, so consolidating the configuration there saves some k8s API calls.
-##
bugfix
Cap timeouts.connectivityCheck at 5 seconds.
+##
change
Tracing was removed.
-The timeout value of `timeouts.connectivityCheck` is used when checking if a cluster is already reachable without Telepresence setting up an additional network route. If it is, this timeout should be high enough to cover the delay when establishing a connection. If this delay is higher than a second, then chances are very low that the cluster already is reachable, and if it can, that all accesses to it will be very slow. In such cases, Telepresence will create its own network interface and do perform its own tunneling. -The default timeout for the check remains at 500 millisecond, which is more than sufficient for the majority of cases. +The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used.
-##
change
Tracing was removed.
+##
bugfix
Cap timeouts.connectivityCheck at 5 seconds.
-The ability to collect trace has been removed. The code was complex and has not been well maintained since its inception in 2022. We have seen no indication that it has ever been used. +The timeout value of `timeouts.connectivityCheck` is used when checking if a cluster is already reachable without Telepresence setting up an additional network route. If it is, this timeout should be high enough to cover the delay when establishing a connection. If this delay is higher than a second, then chances are very low that the cluster already is reachable, and if it can, that all accesses to it will be very slow. In such cases, Telepresence will create its own network interface and do perform its own tunneling. +The default timeout for the check remains at 500 millisecond, which is more than sufficient for the majority of cases.
##
bugfix
Prevent that traffic-manager injects a traffic-agent into itself.
diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index 831eb586..c42e42e0 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -9,8 +9,8 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes' # Telepresence Release Notes ## Version 2.21.0 - Automatic subnet conflict avoidance - Telepresence not only detects when the cluster's subnets are in conflict with subnets on the workstation, it will also avoid such conflicts by doing network address translations, placing a conflicting subnet in a virtual subnet. + Automatic VPN conflict avoidance + Telepresence not only detects subnet conflicts between the cluster and workstation VPNs but also resolves them by performing network address translation to move conflicting subnets out of the way. Virtual Address Translation (VNAT). @@ -85,15 +85,15 @@ A default can still be explicitly defined using the `config.intercept.defaultPor Move the telepresence-intercept-env configmap data into traffic-manager configmap. There's no need for two configmaps that store configuration data for the traffic manager. The traffic-manager configmap is also watched, so consolidating the configuration there saves some k8s API calls. + + Tracing was removed. + The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. + Cap timeouts.connectivityCheck at 5 seconds. The timeout value of `timeouts.connectivityCheck` is used when checking if a cluster is already reachable without Telepresence setting up an additional network route. If it is, this timeout should be high enough to cover the delay when establishing a connection. If this delay is higher than a second, then chances are very low that the cluster already is reachable, and if it can, that all accesses to it will be very slow. In such cases, Telepresence will create its own network interface and do perform its own tunneling. The default timeout for the check remains at 500 millisecond, which is more than sufficient for the majority of cases. - - Tracing was removed. - The ability to collect trace has been removed. The code was complex and has not been well maintained since its inception in 2022. We have seen no indication that it has ever been used. - Prevent that traffic-manager injects a traffic-agent into itself. The traffic-manager can never be a subject for an intercept, ingest, or proxy-via, because that means that it injects the traffic-agent into itself, and it is not designed to do that. A user attempting this will now see a meaningful error message. From 0daa8891998b3a38ee9a7061890af61260a729ce Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Wed, 11 Dec 2024 22:56:36 +0100 Subject: [PATCH 09/13] Blog entry for version 2.21.0 Signed-off-by: Thomas Hallgren --- blog/2024-12-10-telepresence-2.21.md | 122 +++++++++++++++++++++++++++ docusaurus.config.ts | 10 ++- src/css/custom.css | 4 + src/theme/DocItem/Metadata/index.tsx | 4 +- static/img/vnat-dark.png | Bin 0 -> 51353 bytes static/img/vnat.png | Bin 0 -> 37545 bytes 6 files changed, 135 insertions(+), 5 deletions(-) create mode 100644 blog/2024-12-10-telepresence-2.21.md create mode 100644 static/img/vnat-dark.png create mode 100644 static/img/vnat.png diff --git a/blog/2024-12-10-telepresence-2.21.md b/blog/2024-12-10-telepresence-2.21.md new file mode 100644 index 00000000..7247c656 --- /dev/null +++ b/blog/2024-12-10-telepresence-2.21.md @@ -0,0 +1,122 @@ +--- +title: Telepresence 2.21 +description: What's new in Telepresence 2.21. +slug: telepresence-2.21 +authors: + - name: Thomas Hallgren + title: Maintainer of Telepresence OSS + url: https://github.com/thallgren + image_url: https://github.com/thallgren.png + socials: + linkedin: https://www.linkedin.com/in/thallgren/ +--- + +Telepresence 2.21.0 has been released, and here is a walkthrough of its many new features, such as automatic VPN +conflict avoidance, the new `telepresence ingest` command, and the improved docker support provided by commands like +`telepresence curl` and `telepresence docker-run`. + + + +## No More VPN Conflicts + +One of the most common problems for Telepresence users has been that the IP ranges used by the Kubernetes cluster that +they connect to collide with IP ranges provided by other already existing networks on the workstation. Telepresence +would refuse to connect when such a conflict was detected, and require that the user somehow specified how to resolve +it. This is no longer the case. Starting with version 2.21.0, Telepresence will proactively resolve the conflict by +moving the cluster subnets out of the way! + +### Virtual Network Address Translation (VNAT) +The process of moving a subnet is fairly simple. The Telepresence DNS resolver will translate IPs returned by the +cluster DNS resolver into an IP range that is guaranteed not to conflict, and the Telepresence Virtual Network +Interface will then translate them back to their original on access. + +Telepresence will also ensure that any references to those IPs in the environment that is propagated when using +`telepresence ingest` or `telepresence intercept` are translated as well. A local process using the environment will +hence be able to use those IPs to connect to resources in the cluster. + +![VNAT](../static/img/vnat-dark.png#gh-dark-mode-only)![VPN Kubernetes config](../static/img/vnat.png#gh-light-mode-only) + +### VNAT Caveats + +Telepresence may not accurately detect cluster-side IP addresses being used by services running locally on a workstation +in certain scenarios. This limitation arises when local services obtain IP addresses from remote sources such as +databases or configmaps, or when IP addresses are sent to it in API calls. + +Using commands like `nslookup ` will show different IP addresses than the ones shown when using commands like +`kubernetes get svc ` if the service subnet is subjected to VNAT translation. The same is true when using +`nslookup ` and `kubernetes get pod -o wide`. + +In situations where VNAT causes problems, it can be disabled. Consult the Technical Reference documentation for more +details on how to do that. + +## New Ingest Command + +The _telepresence ingest_ can be thought of as a _telepresence intercept_ light. It's an intercept, but without the +traffic. + +Sometimes, intercepting network traffic to a container isn't the most efficient solution. For example, if you're working +with a Kafka service that only interacts with a message broker, or if you're planning to send data to your local +application through other means, just accessing the container's environment and volume mounts might be more practical. +The new `telepresence ingest [--container ]` command was designed for exactly this purpose. + +The ingest and intercept commands are very similar, but while the intercept will target a port to intercept (and +implicitly a container), the ingest command will target a container directly. + +An ingest is also less intrusive. Since volumes are always mounted read-only, and everything happens on the client side, +there's no conflict when several ingests of the same container, possibly on different workstations, happen +simultaneously. + +### Why the term "ingest"? +I initially considered adding a `--no-traffic` option to the `intercept` command. This would allow users to invoke the +command without actually intercepting traffic. However, given that "intercept" inherently implies the act of +intercepting, such an option would be counterintuitive and potentially confusing. + +The term "ingest" was [suggested by a user](https://github.com/telepresenceio/telepresence/issues/3713), and it has a +nice ring to it. The local process indeed ingests the remote container's environment and volume mounts. + +## Improved Docker Support + +The cluster network that Telepresence makes available when connecting using `telepresence connect --docker`, will be +confined to the daemon container, so commands like `curl` or `nslookup` would not find the cluster resources when +executed on the host. To run a curl command, you'd have to do something like: + +### telepresence curl + +```bash +docker run --network container: curlimages/curl +``` + +The command `telepresence curl` will run a standard `curl` from a docker image that shares the daemon container's +network, and the above can be replaced with: + +```bash +telepresence curl +``` + +### telepresence docker-run + +The `telepresence docker-run` will do a `docker run` and attach the daemon network. So a command like: +```bash +docker run --network container: --rm -it jonlabell/network-tools ip route +``` +becomes: +```bash +telepresence docker-run --rm -it jonlabell/network-tools ip route +``` + +The command will also ensure that port flags like `--publish`, `--expose` works by circumventing the Docker network +limitation using ephemeral socat containers. It will even enable adding additional `--network` flags by temporarily +adding them to the daemon container. + +The `telpresence intercept/ingest --docker-run` now also leverages this technique. + +## Performance Improvements + +This release contains several performance improvements. Most notably perhaps the rewrite of the `telepresence list` +command, so that it now retrieves its data from the traffic-manager instead of doing a large number of API calls to +the Kubernetes API. + +## And there's more + +The release contains several other improvements such as Windows arm64 support, and the ability to exclude certain +workload types to offload the traffic-manager. For a full list, please review the [release notes](../docs/release-notes). diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 339124a7..21c89fa8 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -57,9 +57,10 @@ const config: Config = { [ 'classic', { + blog: { + beforeDefaultRemarkPlugins: [remarkGithubAdmonitionsToDirectives], + }, docs: { - // Please change this to your repo. - // Remove this to remove the "edit this page" links. editUrl: ({docPath}) => { return `https://github.com/telepresenceio/telepresence/tree/thallgren/add-documentation/docs/${docPath}` }, @@ -124,6 +125,11 @@ const config: Config = { docId: 'quick-start', label: 'Docs', }, + { + to: 'blog', + position: 'left', + label: 'Blog' + }, { to: 'case-studies', position: 'left', diff --git a/src/css/custom.css b/src/css/custom.css index 2bc6a4cf..c9e5c512 100644 --- a/src/css/custom.css +++ b/src/css/custom.css @@ -28,3 +28,7 @@ --ifm-color-primary-lightest: #4fddbf; --docusaurus-highlighted-code-line-bg: rgba(0, 0, 0, 0.3); } +[data-theme='light'] img[src$='#gh-dark-mode-only'], +[data-theme='dark'] img[src$='#gh-light-mode-only'] { + display: none; +} \ No newline at end of file diff --git a/src/theme/DocItem/Metadata/index.tsx b/src/theme/DocItem/Metadata/index.tsx index 5bb65f58..e55e8600 100644 --- a/src/theme/DocItem/Metadata/index.tsx +++ b/src/theme/DocItem/Metadata/index.tsx @@ -12,9 +12,7 @@ type Props = WrapperProps; export default function MetadataWrapper(props: Props): JSX.Element { const { siteConfig: {customFields}} = useDocusaurusContext() const { pathname } = useLocation(); - const { metadata } = useDoc(); - const vpath = pathname.replace(/^\/docs\//, `/docs/telepresence/${metadata.version}/`) - const canonical = `${customFields['canonicalBaseUrl']}${vpath}` + const canonical = `${customFields['canonicalBaseUrl']}${pathname}` return ( <> diff --git a/static/img/vnat-dark.png b/static/img/vnat-dark.png new file mode 100644 index 0000000000000000000000000000000000000000..a7be314a0e4df728f41cc21fab45c12b14013c60 GIT binary patch literal 51353 zcmeFYcT|(z)-MW#qErh_I!N!mBO)S%Dpim!5Qww@p?45aP=ruJ2LlLF4FXaFf{0Xu zg7hXr=)ITw;Je@b?Qh>R#vR|d=Ztaw*p38~XRS5YT64`c%WuxSc&MvRLCQdihlfW2 z*0^tghesd@yqm5N15XZ}xN3p_+5?PC;Rd$8Y%ouE2-L-a4ek$fU~}+;Lh$hX##|qc zUk9;YIW3M&4#V)J&MS#0Q5u9itnWqk^w+b!6Cmh1*?Xo=!i8@Z`#VE|0i{_8c~S6& zLYFs^#5AEm{)g@4JvIRkWn2X0HLk2HN}>od>M4d5dge`A>c@E|R`cs(C#@U6ZGAwSkDxRp|Tteog7ry(?fC92}bp$@F}>-+Rup0qcI z*kbUw#ycM0Tv>^~x=nvgTDu2N&dg2~2ChPiEbsZoQk*#tVoF0%;*i^> zexC5@UK^LnODD2W>mRJe&mZJ4$&*UB*c6zYJy$-=F3-HhT%xnBo`2T4bB8$3j*ed; z=OB31Kjr48(x;Rko9@ZBb2oz&D1?Ft+l1=t-JHf)EZkH#lFH?u8gJu!a)UM;uW6_Z z2*HI$Jl{=w9plAur8kC0s?zt~gB5m8W%qqN8#f%-APFb-ESsZxtq#bW9~6))Qyp!2 zJ9k%MTYL8>4#Iw}FhJn&@D!E(V77M74sf<74vtVaC60~8Rt`3(y%NVGDIHNAn5u&l zR3pIC!7xDA$S%OyPR^b~`3|X~pFBXo)d6nH=I83-<|Xf^#PNr&Jn;GQu?Pp-pDu7` zB@R=ahit0uo(^o1!ji(GLTY|cA90R5q-=_w_7Hi4`w#v>0{EuH;RJ`nBRuKUMdSy=}M2RS?Y ze<1~S^Mc#D**RR20*DJk0Xk2fH~@piMTKk~#3h9!CGEt8WW{Ws2+7&mK9PdRK%R(8 zi2n--Jx?egm9{Sbx~fZ3_5djv88I1qX=zCzXhU2Pp5L||@?e;O_sF0b+sti&NMEc#zh9=h1VA;1774sEEL zx8Hv?7(rbf4B@ty+!T|MkdPCTk`)D3Atoau`Cpw(96Y@MNxY;fCMql;`={mdSmc4t z0F1T0lv9AfpXb0{tdQFJONEKac*pQHBm4e|`Jw zs|)ncRbpfNb1CF)?f%+=m#vS(U*`?b`m4##$=1!$0ni@*5ZAw-L;n||Aoc_}eu%xK zkhrLWosgugEO35eGNMBE4&t^F;?gn_vi5&5@1NAY+#zsZTTcfSM}Ut2uK@A3B9}Vj?;R_O{J(gj_@~3aC>dbfU(W#L z1?WPNe=5U&@C;bN|H*&s*Rz*r>igxGcP*Vp2Pb$*ptr^}2z8Y0x4j zb=cUhTf(fP9e z+tjT+G0^w;oV_@DG>j?y;3x<&T2flET)Lifyl?Jqd`syrRt$4bqOs)u#6D&i zqbSk%=KksWT?$w^QfO9*4Qe^_4%6DV>T&0Z#u)38BV=Uf>RoKbU1nG&(i@)SMpz}W znSfLh!fE6Y9KJ#>XreaAUgGD7p-Fmv`SVs$!qCWO{cA0^Hal5NYzys}yF9X9hj#7d zp|}tMDbG*d-T1Bb{>GLbIH1I6qEYs>Ud;RcbJkx!w6L7u`RRo%bFBt6@2VBpH8<~M z?hvNb(wYGu;_O7!UYVZ0(v_{xefF9C{Jr?r2ZSekpP8D+{CBU~o#Js1ro|*KC*dp1 z7`nLj6OG4$P?P7=wY(vp1{2SYL*XnJS}Hpq6Goo-`k($lq^2y*=$#Wz(w%WO3*n+X zBR;V81ryo&tDx^=i>IUV0%BJ{+?!^oVgdLHhU7a z`R3CiQf(_HYSZq{)rj9W1KjOZ71oWo&wpMEwMfkK=Q1^8Nlsoa$xEaLKTX<|0ne*8 zRF?f_O4AC!9cTIWctr7i{Ew?nrK(aFS9xlA^LZ35I zM;EY=cJ-&i%Tdf^Uz@J|y#Dq|m-MquH0N2(vy^2=M9!6?Ng=3m^$!g( z_BN8RV+JEvksG;Xt$3{@sRTTSZ&qdF=XYx&n~bpnYPJI!4eY1EP`{fj53gOkMTOD@ zvC>4dTBYrJfv1ypHL8CUVyNa4H@PpGP^@(3P7&!JdB`n;3TF;mwE_f^J#tXf&*rxm z8)8tIsy~%?BDjAYB%`8K2(x%_?-NE0z?q9gI@d@(a;TsYR63h`>8#P}6~NY*zq$(F zfFUFeu{{W3swejOC`o>;BAViLqi0+b&=6`JR`~+mYzm6L&6eaH%)ht9jY@p(M)f z@%*H2-(~OFK<=Om&%+R>@WR_XxGo}pMQ&&~YL>{BrtL;zk8ci9#BUXFv#P0ae%{sW zSxW>hc&wPMRj7yj^_eC%4lyhs^NSPLam~l*>Pi%6_In1_j3+8yhD+M5cX75Epg6)l z7jPt*=) zDUYTz4npy3@geD>t3gGOVWKQLEQ`L;Z%GMr2CR_Cl?}4fMEm+VJc-5+Z0p&gz251l z0h(m5EF^^(dZe*r-aUK(G(sD-IN*z6xDtDgNegdHA61SkXa#j(64ho$sC91l>qTCC z53K)e7+dsU(GlWGeW#U@UbI9s8>s}cAbLq^nBO?hZzK1PQXv@R*U`(u=bML|q&g*_ zC(5eM@Qf!20JZX8X{1Oec_~sOFBd;An=8ma%(m7VJ`$OSBwnRbbcVR*+dUSy?98Z{1-PN|L$j(RFkW=_Mxxcd=B#Q2Qi!aaj^*6S5$7J+B$dfMk$njxyOR zD+pQw5)v^HoD!4s1`)YzP0Gd z)a5a8&#-nVHj?Id+^mk@>!!WJF!S&}PFE(vJ|##hYijq&qvRXZmicc=1xZC@;+&vW zf`Y^l>dM!4km3Z{wR0vvkgT++B}<~@TgG=^VK*FqtVDiz>wE3q-bR7zyM_|?mVO$p z_VW>H5sTs*i%7DOH1Wlun<`Q?OCYAlHrZz6r$rl9ldBwXN465u&&UYJl=3^rMh%@RKI*et0i`Ktr#b(lG2K zY-s0P91%}EMMx>IB)EvLGwU28_M!gSo~^))ltg3m+osC*?^F0fgTCvKoQZGJcW)Y3 z8!s){-1@k48%8zpn3JAVZA72*)63U;gAp>IpGh4JQdgYJK6%NJ_)&hLu3TmsTP2b> zQAgSple8hXx-J=)PtsrEYHQNF<}epZGq;%h+?ia$z>NZJUYopoCc3s?dm39wgwFCY zn`{rTrAXsK(i}>pvGfC9zb&xH|jb+ErEU`+B!0hEKYsFN>`+}XhuD(gfo1?oM9R8 z-k=I4p?VlaWcZ#{V61LY4t$b&&D!6GG;U_n5I(_-sHJdTS2TyMN+W(pNm8YZ_kgkZ zw&f{`J)D-v+&kyOgnixYtL7JEDmUASpVgY0z;Xt(Ib0R(nO^U%F^KKZ=)0iubSso1`2b|8BGpm4s7Ye4N+-^}Hz z`^Vz{DErIH^4Biv^Dg%ayj1?$(?6P-=p_Hzq_ERp&42fg`21J@KO6=K#(<+_!hxZm zy1YVj@iD1)-EC@-eOo2~J-Dj5d@y5`FSVLERi^mD3peZ;%}=yIZ1n!}DpP`1VU9== z{6$+U=h@rZk4KdP@$OEC5)fjm~G#Lt&)2L`ciUaMk+iNS0R*Up5i zuEOF_VyrVqF2tvdKgTL5-SUs#4*h66c$LzV+RQGi39Ah^`B);rACGS!?#xFngI0IW z$mkc*ozBn=otj}y52mX3a8OcBLG}%%i&@vKRP-Ft0HTBs&cu5JA`7$Zb1_lbT|

zb?7Fc#`|2_NMMhH`KoTn)kpn)(+f%B5m9YmpdZfYUNzWOiJTAHA7fW_TLb5KkFG{y zZemOZa^VJ*5pQ+d9K;!w95-i%n)U!KXaZvZeD9};>D{e&?@*nR`!WA4ddWNX5bJ@E z79o9o?-1~d>(X{z!E_q(##malVPs_c$hXH0JqFKY!!I9|nF$uFwZ{I%KLUY=dV?@>xZ?1mas}R@7Nl@NNp)q@s4lC6GeR zmkYs@r8oWh)nx67{tifDytj9q?;u`t&JeAx@8@uZ^%0wNKRyewE`blvt>FLzY)68< zLY~-Zvxq3)m5S5BpJi-S`vlwsuQeO;-cIy{8-}0UJ2woY_-iTjQ{Q*#MTcy(6V;-A zuFA5F5Df)pSO;?NP}q1yHo9O@747xQEQ73~<8#48yMoATKEgE)vj%1$kbiFJgm6EmC`s{TnY9czJNzGb@-2{8j;t3u4%Nq&L3EVWE%8PRmWL z5!8%hI&(Ii%sw3WYqGKVw4o}=cFWj$f~2o8y! zMqWjhj+gThzawq$OP`pS%bx|>Xs`UN2CYDP{S2`l#3HTSliIkgi51{7#D~f(7(1fl z#)oho5rK2EIThffmcglSvvlnqS$a&6S_^ED%@Bv!-9+Oi)^6(MP^8(qQZf(tB;in! zg;M*E)7f67ZV@OsRQzfLwR7DZ)arY z1}gV31#ER{74XX6A!py;c{d~5&jbI7!$&~-6+ph4#|YGvEd??=Tp@e_k1lic=H%gL zL88x^3=GdcUztI0Xmu+hN`BHsE4|tN75oGeJTSo^2)wBJv4eCsKE?V7wNa0u$zoZ0}I~m!%(n883##&ZU?zJLIx1z zU{?Y~9-Q2a+6{pd>u|4A@j2Z#R-$N~%we(O{8?u?v`WeOS*1t{ByrbMgx(oT=4^BJ zksep)5M|UFvIrM?ylZN|A8k$4<#A~L80v|EB80iC^T;XmEAeD9N1F;%&voarPK;Do zloR2BvMr?bL%r)saNbP=m4;mK@y%}TbPyQAI|+eM(V=h%N%>ztltY`4lWaIEL?@mM zekzD6ebiEIQ6|4iJH{>BbaM2I$LT2Sv<05^;rQbw`=!6r8jF^Dezgx+F7}5EE zvyzmoT~T{uSX@A!ud8&RS;^tB_U{=0R6$!Ia`YBF4Wo6l8@@((dSP+bez~zW?p#m0_ADZs=1>=@V_euSlfs zqYC$Z3N4db&QuoDCY!e1@`^^cBmRZ&BO6Zo@EYWvdcX^#(vQDm1t4i3O{PIlozbK2 zWj96!Vb9x!rTY4&1-w_Y-~so^yD~>VcWfE7u{vjFUM#;Zy7UOf-14D)_WPiatE>7& zpllbcPDFM>Y52x(gOV=C*R0lt>25yUXlL@*nWKI-S73Jqm44=QqXOC9MhnJ-#^|)y zB5J~sg%0~p&Z?h&7SzyPQ}e|;(Hy&r^^n7D)ka6F25>;eq;k4Yd*80tg(h*t%DNQXHHg2XDVR~ zO0HvWLVVQB<&`+$=eazi{O2-KKYrv^^g*ah$9{Yu+7yHsS|dgCLw!4Y{kJ*;B0&`A zmBN|Kmg5smBpywbZN-M0kwFdqJUR6_NQZC|!?WX8WzeT%A|$uNixY}k;H%Y>ZknT^ zn=>ysY4fT9U8gVtK{sA$A%58}^cZe(XOaxJD;lZQw>msxW3OX46q22tZH~7y&zm78 zkzHW{K9!UnCNTdsbnm;wV0T zJdXpM&ob|bBB5*+?C>Bgt@nMzxP}jh<&T2vT~HewqN2iU$M#c^wm*ldLCfhqc_nh2 z;GZ$}Ue&Cw+dbATlvSg@x_j(>_y-#WMzb5reh}iW&D3TT6^(DtN@Kf{0>x6EE@y^T& zwK8`fIW8t*4)p*oRPNXUj+hRH`EDe) zPAr}QjA<~=Vm(WL)P)BF87gii&7vZwT6>(n6@rQL*3o$lY7)1-cTo#JevstGQQZPh zmd~w_b;CQpuGZx)?Y}*a=QHUo2VMmE7R~vALKXjrl(gU@SLt#0 zrSB!^*nY3u2+bywikFYLwU=JkWTOHBKWXlG3RI@*u&{`4UrRRlar2eTx`6g~nUn^) z1hsEd3t#^nq$m?wLF@iBh0FKjxj1vWn(@p}j~}z}X(z`P1h(f2d@!f(I=MCRlr5~Y zC(RviHFmT_ii~!Zw8?P$bJ9MYqQ%hn-S3(s#UGEpjk)-2Wc>a;ezpY%w5REKR>VoM z!Rw~u<#*nNOh$Y#tR-bGN4&e4+TwlvMo#hvoJtU*m}JJsmXlWP{Nj#k4F(x}*Xa&Y zfjFiQd)F}vu2*7btx+6foX*UL%M@>{ttec;c`gXzR?FH1V|z_JYNbjnAxFm(kwzrF zB5t`9BCSETfXfmvp%XkOTR}GW=0it+%^KqQoS*DwI`Rj8xqmpqF^SJmeryP*OOq@C z$T#&WAG$YIdU-jZ`jPRE!R4Z&PCQo}c3o3^TwJ^{#3%SnTAyF)DpbLS54*R#+LY(^ z`DNj`pFH3bIA`aLZf^I`RS5Tan##c2-RZi#!DNQrxhupyy$umuN49w!&i(B{4O00+ zNl1Gvo#+XUTS#a}vv*03qMp|!T7eAhK6C~fYRLDp?u@-&Y(ORypJ;ZjNK*Rp1IW|~ z8}=jRrusMjHCipQayE*piWGWo@rR6p?<0K7MPhw8;!pMvCgeSP_n$wrtvT2D^oBP8 zul|!wv<+Qvi=DBt!qeXLv(<(b&-3S(s|~Uk$=81|`_>AGw{$3p+7{$HWN~i-b)Dsv zx=~(<=i3=@pKk3!a~ickwpSzp=1j`N!$0dMm$z$W`%^akU#NNuitv_Ah+62a+}sxA zOreV75D;$srD35Wr_Z$EjO|@^+5aHbfIHsB-K?0eNDnTqEx}o9ReCLq3@w8@E`z(3?vK%(2RS#BKMa~a8ezK8)01FashwP@ zcdoejkRzL0rxZ_msrF8ZQQ&4ziSTS-ji(&AvD~14Vr!lR)a)QlmFM05>{ZynW9rHG zMI&N0vn!aM&QF@Q55}IL!v7LL)-; z(<@F`vJbputkYF{e{Iq&;xnMCU*3>Nbn3CMc&b%A?RSn!3P||^VcRtMD839h_&3va zzR5+i7wLy3YbxD{#cYeASmdv%qRgx`U$m~Y}B{A8fXCV^YFgH8$ zQ)#5g{_(SZRKzL**0P59>qm)aNGhR<1uh>eBKhadi8QxrCpcl*`aUj;H}WORf_#hWTvjWW&Ii+#9HmxZi-Jqv%ky0Bk1Yus_@Krdz1ZbM%A1X_Q`V=Cf`be zW1n_hRJdh!_Dy`%hACD(z=4c;{f3I-ZeId>YlcK<$YaRR7z4u{5%g$WW5Z|A2L$C8 zbNvVQX!j3};*MI!YJuuqYiqb&9dX82a7oA`Drcx!b&l2owh-DYyqv9>eZ^ubL)V>M zHnn4PKMOE5SvNxX7DuFH1|B*tI+z%H%fi5c+-T6I22T8_dlXyfT0^D!Ji_6j+v{vPYH#UN&B2|2k^^uX$j7{|IGr`=rDZ!yCwy;dDhyzB$T%3?nqyHb&b1P zCkrBkA6kO~Lu#9Qg_oM`yDQYl@M<|GncD=8!mf|5nwRj7-8yVW0X5h7IRrjJFmc^w z;7VtJdB~)1W|5Gq$yWn#R-+mklS8%V{{~}wU zc2$Pr_isE$7ekE!stdD5XruNlL za>nv<^|{j@Xj5IuVsjFWX<@w)CW@dwh2q>{VLfyB@M|AhAbMhgE9a{is% z-$Blzr9pKA;a^~+=bfS^H^@rhhl-c_-}F4zlT|WgOPtP=^tR^KUaKbEKn|ZNih@) z2Jxo~y{i!I5n5gif?oPfM<^@N@DEbb!$uuj@_kxG)AMtKRPFz9=A(x8>!dM@f_{p6{0 z`sN!Z`LJGYL~sTH7&XsGsVS%G^88u(Udp$9kdq+#5x@PbJT7k8*^$eD`*c{fPt4~V z8k&C4GGA7HP=-3k)ZQh#5<>TPEdW;)p5H|8E_=2XSCv>5rg!Q%q2HF#Ms)D%X;<%5 z2$laHku;%|7`iiLqmt<$k=gUJ#H zD<3M`i4>HsgUwckqs0R8a2?<9~ zb;jVwT+doh=11*khLvMA2$djkB5FBeuj!HnGh^)Xh1N-|l6KX>QXAsq!K%UgX9*Qs z0SJao_F}0H7Yg1PzdA6o@VG3jcKH%TQ?#M1)xQ{BAk@-rl&4 z5B+B5SW(fNI6;}T1zMrw;+f>py}dMYcc{O=>k3ZeuuSB@GN7tvz6zY>j>Eo*yFy5VCf54yC=#i9~>Mt<)%kDF3jD&KctM>t!yin|V2~vDv$bDuW}_9StwZgtW&J*@1Vx`l2y6>-Fwf>5PiuVS9+t-QGZ?th)c-|z4cjU z90j&~XA$@L^Q2I`uQ*?dL|~q9X0wnoARN^m^A=3*bR8?d%U``}9BDZ}4!#UbHdufJ zh}|O_$C)P*3WaQ^Zs14wRCqk#<7#B{aa%LpIN9CFm_Zgt5Hn^SVzRVzqz)bcDU*DT z8Tjxb74ii{Vd*2%oP?tJkZ?mhNy=?WfC z>dpneF63xSl1#fO&pw;wBAj{&xTEMvJ+y4g%Bc4+ZsjauzAWWe%tIDocK+0u z_!CwPw_57U5L>6;20(=e{BG4gbr3)=}I%Ra2QK=@u7M9ztc(#{FT`WfEIa@k;b06NOs? zq?X!@lYv}VpD7eyR*^@Cn7U0Y3MZ}MmQ0aQWcZotKGtZaS~fmr7=re;)HfmnlJ|y= zQqpd`RRC)l!)7710EX7+0lcqc#WYA3XoXKbd|ma&vD-DhA^0xuEZj`YRX?4%;&ux*iiR??Y~f39 zPBKB_XgrB9P+S%~m#Y1VqfO|{0Y(T>y4~M_2qBvQF%h|3J*D^4#r7+?ytd>l-0`Qa z=^TgDzC)hnu^mdz&~a@aJ(j(A!tU)UTbCVPNf4R@w@l=1BtMkil!dXsnC_zrzt9*% zYxJH+#9=N5hkN^EDuAXcmQD? z9@Z|>2e3pU0w)f(LId?jj_68!7cti{g~zonOoN5I$E^h%IVIhYfl_Cvf1Y&a+0OId zzZb(=Z!=dLwCKYHH%&@IFBmnm9Vz2M{BuUjhfNon^rgrvr{x^+GSJG(X%M{wL>a)L z8tkGTLfu*z>WR_2mwx+@W#D%ysqB}dBVmDJdfj>e)c0{9w?uG%y~mG@>h7+^ znBUQQ*<)@H9uUaO(o&t~OkAhZ`Dp|3pWwUn?V)YesS8c?6rgscB1`f^x>qy}HsTT~ z(}UZuW}a-c&IbjFqIvEWA3JFrq2u9oOGIo`yUCb+S`r=*o0>XI6at0KqHvBf9Vr-11nRRJL&cvQ%5V8r6&{my6qwSmxLr z_o;PEwg?cNX297Xk0_cC=eUw4gT#%I^^L>oWWIiR)IB z2HV_{{%Vb#TW_Lp2Ai=6pCyXCiV6`Mh__1$Y?A4tNksmq`q&Q`KX5UfwvMz-0a7XRV(sA*sa%F1Eh zS*TdFuLMJdeJwX)W3^rs*o7$=LShnm&vBEAohy81&iRdcB^g5=lU-!Zab1K_cG-b{*c zE1>u@lHKJ6QpqxT{qYQTFmaKnPYk0)G#xjZZ&Rx~>%VxV^--IQy^>8WY9}^+fGX^M59DHZp@IsnBi`qGROB1 zbln*$<(!|QIu`_~ygP{~HlQla7d4-#042f~&noTuSlyi4>#Bj4{XUWnK6PEuGOaIu z9ehjwg+N_r4RoW%QG7(}cx;C!8&05=#u7P-27;!G)dx;ZcHN+Q&qEYgABc~OpQ1Uk!+GZsSM{(`n-X1pvw1O{>9I1OyAny>#}Ww*1BIKPosq|b^hvEb8FbeY<}eH z4zMolFZYsKtG>GVK5Fl4uM2HA$6G@#SF=IkQQwbCGnriNQ{1=OR}2TOw6uK9e@&N@ zJhQuFTvWk~xe+8%e2}+&vg?oUH#GBexY~{+wc5#rA;|G}be=kSZMLQLMM*ncFaDO{ zj~v~L+7J2p>fC6HC$DZjtacfdz0p;Udnfm68dK%Jw@uEjT&h@pupJtC&&7Y(!d;*M#z+%ymdCaIeDKuEhs>`hL zh)&dSA$KA7Sv=fcKc>ljvx|3cV~QnNfntfZj79y~j~9(6eIf6%QcSV52x)!|i4U1x z3e}8aJE0hh87&7v89n?^0%>0P*WVemlZ1bWRIqk*wM*5zZ4j#XJIi=0eIe=#WIKF! zY9ac)wDf#xcyRMWQx#ImwtW!5L|odSoX(kw^rsTSpi%?<-4!}4&U?qXf0t2qvpC{Y zqy8$j-1HPl@B5B6o#9b`hdK)SE;F|EmjyivSX>Lw%9o2{-@q`yWw1KwiNicGHs z>0xs@T?apT=JFsZ;MAKBuaPgL-@4-~Fe?~D22=gA;XNbJY50*V*a~Zj_+0io3r|Bp&t4}GSucRT$?3>hozJJ0ckc0~441V|0 zyNgIiucV}+1rMD|a9gZ#s3%J;8UadLpM|DlZb*PyczE{6mMD}kYgJ5G^Nfw z!~Z$h8_#bcIDpz900FN0RxP~Y1K_$+a*>|L-%zWut8Md4AIZ_39->hjz-N5m5o9{~ z@|JrA?n4jY0D%TL&RT@BL*4^OJ(yZa_X+7)0BpYq0F1ma&fI6Y#>PU(v~HK>KmNM~ z_0)cGl(*#rtg~Sc88~-_iFGu`ghu5Y>V2eOHfmhAjJl98ogz=8;`? zTkrYxj_)N1pQ{cg3ED)g#P*Q`-G!VIwIL;^&tmNRGHGpiW=htXBEUgR2ZZYs&J*9G zLjysfR|z(XiRR|3Z7h!~P{}BMup>gdN4OJ*@Dcbq4SiZQX0a<=F*y)fxTFaN?U*w? z^O^kMM9}rb=6)5VJo034_o19_1~sU-H9=QT7fiw%``|ItL06fjKHM6BJPxQ&lDd6oadW>Ha>JQmld&_|iHdn=CsN2lfW zaV6mWx#lHcP#4eK2rYf@nfueF2I&{ykZeOgifgsbZpkVO)392rrjRr?lB zyrPw1W^Q@bC@0cVpGjKF_>g~3YtGL`ZMvndBaV)h@l&dX%;VA(WLQ|TK` zm))D#*p$;3+iSN@)A4@pZucxc#iG{676+8+(QApsY&t8e%MEU5+|Z*_4OhRT1u`IG zt<0}kNO{x9r_i8<^3{Bmi9Bc^b(d>K6Cq`w3o&j@s>~c+ZF>C*1yb$0cmx)SlDW{s zzqmS_nzQXZ6Ua$f*1D#0T$x0EG$8p}JE6+Zd4__Tl@mvUDSt1=yoSQ6B2bDvHt*%+A%-wBL zdNIH13fXsh5mZOMD3f6SbSHN^egKG1#%vb8xVMUu)xR-fvHkq5txfzpL)qhIFzwz+ zF;a-k`8X)re#wRKh2fs(%~50;4bqwe(b+9`>gMc#X2LzLbI%;XI5+Kw{nzuO^;ZA;GFSzDkxQ z3aIhO`nmwj>AlSOuEv~Of2E>ohdB?=~Y*6ebaAsMh#EFbkB~pQ+9v2Z8Hf$Yf&mkofN9fMc@WC ztjMR*0WLbyI;H~)4;B+bP#zv_s#ZhJ-XOt>{Ubq4ts*kZ+=am^E zqz;+FqalD7?l63a4D@Jw7O3Y4M0tLcw`l>l<^X_KZq9IXd9{ZEcv@go*shE6Wgi6Z zweSA&2k7M#Kxs#2v<`3Rq`Z&IhT9H{_`ILe7Z zrs6TgFkxM9Z$+k{_M`vnSlKBi(`%V$kL^B}0oast`?GwE32j#$-hFIk7?4%o0H~~+ z0&iZN*IgQzcL?Y!9RtGy0y?tuQ~sB4yCJ?>3!dhnYOXyvljGVoiCm6RPn!dSV9ljn z7W~i8=yK1(PPhu=uoQSKY@@V!9H&Lr_!EzHd1;uHBkfZp%(>2L?pv~gKF5T3 z^B`OWS~enzo}0aT#aQbgE|a;-*vmrNBUc&Fj=hQzPZhcF`ML4Jwy*Ev-d6(aYza3D zsk=b&XCR{s_o05sTl+Txl@`>Co;Slo;NGv++?=XP-ascAtTwQH0N38;AQ5V_%&j3k9QS+J{Si448vYFDuTUy1h zzCsjK8~bjYnnK<<0$OChqTS=paq6v^4a^tut>#bevpX1Ch>y{d>;sulw7A2JiVMaH#f9>-QsIA()X|uUqQ4uYk z>9$4;_ck`3G^TGUL+|L`l+%Fjxit*aUBB@I?+W$aKd^1DJ#PeaIsVaK>gWSR{Aw&Y~g``xJ*Qd#C2 zX8mhiXjLP!z4{Hs_j~x*A%+C@2jozkd=v+pHF~CSCl-PTl6Na9U$|<7{JRcD5N%uqj6* zQ3_O7rW})3R#+X$%g68NJCH~y2)X<7sWQK~&`^I-FGn=TaWVRsn;EnDUc?pR3NiVr znS7NNHLm&mMv~EOoahV#Vm6CU>6!#%0{I&$D@;k_Rw3w@qP@?ctR+rstp ziHzZ9q3k=xo3~Mo0BkP*LECOhi)n*Pw$o;^g7?@rQ1z3^W{AI`@uR&?$dn@hMEfy!Op2?|*Jy7l(H3MW#;(|BMgQ)Ck^x zP?|T1tehztdOLjIqyP0O`&Yf-PoEliy_+b85h?8VpypFwqTj$X^ydp6E0K0a{z>PD zh&HPAD*8uBNFXRfF~~IS1!8y#GEoEmxmZ=NW03&v`)>xWzZ`5Wy*qIv8d&ViQe>a> zUDN{ruhewek^%Z|JT4kmWhT?n=n4Jpbmb#t8oLg#Jg}TQmhFavOx>e^+hx+ofA(hd z<2aDl(e>w``1WD(y#_4cQ;dJIZ9$q z7O(7fM^?U6?CvIZVZ=3z&6Sna9>h9r>uq;F3_)KsPCHgRnTI`RCwHuzb~KoBte&2W zdm~2pz1Z=mqq$?T>s0Y;T-&aOa#~RVyQwQdP{@C=0M9%Zx|FbXzr^62g!Np0d5P+M ztzPS{UUt~bQD3==+r#BQK$b)pk|wwH4+sL6mW8>D!AHL?33@L`6EdHx*Z|z3$ZpCL zJWHD{ZlGi1@+;g^t!ewV^!pWu%|FX4x25b&E9U*k^j{HTW@YUcQ3?QH7sl8V71y?F~O_e0;?VoSm(7fs(Mjt^m#+RSE3llp%AF)ldKcAl}9W^ZcTD@^eX%YDQ>EbJLmS(@I zs5FxJ+pBFRUDqh{(gyzwQ!vg)+&{Rf?4U6i0z)A^h?}{3o@+R5)A#vQDDl=-GQIj` zy8d?2R4ZYU9^BZ6ww!2G{yOYL6wn%2DCx0H*K9h7AdQ?)rF`DN1`JpZ4T`yQz?V89 zY*Y0JQ0Hjp=A9q!@0$h?-|-{z=zUE=lRrG4?-ReH^H8KC_l2W?r@-`$`Ps~sCRUMw z+s(PC{2qmGZFJ2KWTRV{&O(~J1Bd&mG5O_7cZ>LW(#p>dwBOe!{QMbhIQ0{qyK$jU z@`yT5V%sF_b5j!@u+5SrA)hUG$1Z=X_YSZ%v$t+eE@S0$aM+x0w;!)^GY`GELonX% zZ$ucFg?CszItsNfjyN48IyAz`1ftM zW4!%a9Z!BIFZ5y+dChXX7JA)o;yRHvFtH|@VnH@vT2Kf{4h4$jybpf+cE-B<(qsSJ^X=C%?F7@$z!PGen z+DQaj+FpYluBX<_&aMm}hNh-`AgIX}bDn+b;?Z?x7_GusSwT+45$vNDe4(JArCF1= zFc)wOYr|Ao+3bN^hXOlGF|fLGkf-!G<0 zwzeeLaTu*InKn8$@YaihZ-CQml z%C64+v5l*ZjXF~LMhn*1bqNE5YL@OU5xJ>Fd`7O3jPDL5snfd)c{h0U;AANqqigvd zA9h{J&_M8L=~?k42kFdor-g;(mGUd@L$DOy#fJOUNBs7S$r6@GB<*6#6Wr>}B%$?? zWxXwN)J1(??MZ(0=MAN(o1aOrmv9-Ia%q~iI*qbdj#)H6R%|>pNj`dMr1uP&^66MM#kRE zzYY$)eRmBTDgrUF#<0=jrq4_)ZVa{+?t2Thqpp7-r%D{v-ocGN=|$mt0xW!S&Ea%d zMWOK(=euLVDJ{yVV7WJ&uKVjzB3>GD*4LNEBT9+Bpe~wJjpb8Y9Jg;zMU|l0VLahd z2c>Qy>$&km%Zj_r#2jdWZ4eiAv;hbbsxe|}VT5CfrfYGt1xYPla==5@5eW75+)uCE z^COUt!qU70h*9~li}H_6Ua;AEui)__ba((N)K;V$PA%HfMCE(K1`=fQOodq$}P1fHyzlb;|URVyWV=);=x9z1|=3=38^2@ zxKOcr_Er+_dvH|!_U*tuz@~1WD`hNSv{n|^)@DigoK-Q1$%>$Ss;~HZvS)q-zDw?q z6>M6!_%hzj$m0=cCH!#78c_DmUo|*ic79l zq`|>>^kfxvF&RUO2^>KS`{JBT%vdBPMHi^86}q&To9)7Hz(&y*I@l0GkNGroxcEUu zg!Tj1r~78J`2mY_v`<{$c;GX65Y8c(YHrV5i4eWT42fT^-|62i@Gf^BT{2(>m|_QL z0i-@X)mB;VihneItWjOgCl_Djb^Oq6@*WE+=YSU+Dr?4R>4BT1KuZmxr95$_y+ONB zJQcPxd;EEME^ikD1+FfNJ;b5(tvbLk)eX!CDn(g5M%6F+h zg$jGw1hxE)by`C}-Wrd}_)lu}cmzwdUzUr2vi&(cd{OaJoUC)8eP#^-7 zEA3jk)&WuihYD1!`+&Q6Q$(tn*E@+4HkJ##EWJnKypOyr->1jM#5_wcRpwv^@~J)o zioa!5iccfj`K1 z3VW$`g0lf9_FOHLdRZDSdo_JWmqrSW@IdiRSj>y{s-WaRnevFIoUCnl*=0f|lc26w zBmvfMh0HDQNZ*vcyP?+NmIE!FzsF~!%Jqo7^6YdM>jVv)M&D_{Z^`1`atRdY0aeu&W*GU5 zRU-@*OA^`N^%v3sKO~I*pQUcW-+%vS`9D?tf2!SoU%`J*>!)jcn|<;S6xyfEmO(-* zT3PiM6D^P(I-fc@=GhF{#u*|1!Yo^X?5WxxByDawyZMDzq2%9L^p24vJ|-rHcMK^0 zuaYR?@9}?>|E%)QV3}7~@lso=s#EUwhV+^^OCEq8KJP`wbU%~fx*_S~bN)5o8B z-=+eT-qmu8l%dfsYP_@dt7VDW=x&WKc36s=ph|DO3fe{H%<}Guo~4yf0fRIK?rQ#c zdz)H-pg+^Zfb`IU>ch25VtL{qLT9=r@a?+9%#Lr&^LzZXnMm*z=|G^2CiiwoGvSQGZI=^GO=1P?Bu?kTAN^l(d!@EsX{0mKnP^kMtHgHQsI0nZ z6}M2qh^vF|UhA|VEa?zpCmQ6Nlj%Ynlz4(aZWHpWYIZGEr8JPK&bfT8YuTlL=2}rR z(h_JsbkPj!y!u(U8q%3ry^0Mqn4Y<^iM{#p`5N=$=UX|{AFz7m_nP!YqhhM;LC1Aa zOPU<=9R|(Yp9^j7*GZ1qgYui`wWkTE*=u^XsuX&=jIvC;FuoT*(N~nrOW5r!R26zuWP5kIN zDls*s|Fy_I5S%EV8&YrFI2GL+U7M?23MSz732kUSWE*jzQmptvAx@AFW4KsczaF?w zgh;XOJ!?u!tFh2Eowwav)sXS(i@_Wgm9bIW87a#Vv9|V!dN*q&jYghUYP7AVw^=dPM`gHC7rN=7|;Z6ptWZ#>Nn2q_3H#e)|5Klt;ELKebS95WqC$LX7cJxLHOIRqO4v_@Na3+>t$O|_dmVa|b zprH-_d+F$~$4Q+qlx(Sjb(XW)1sjr;iB2)rxv^LIvSLd7dEOG%E(6KdD{m8?+~cLw zg4Y)}WjpfRnph*+L|u+Dixz7NmbYwN{&<=o(| zQS`3qHLA5vEuI-Uq;&@k;L|$DpB2h>0Tk_-vL7Ju)i>4BufN{J7e(RJKbi^3?6x;G z^$Nx@R#iE#w}1XzUF3g=>E3w^$2z_!W@G}`SXoYrmsma*r(sEu*bxAy2CjubGZh-h z7?~<7(qfm*Vr;?CR@jU#xWB~Uix&Hc=grDiW@Slr^ z>{S_#`M2C(`klPaXd>OSI!_%ad@%Kayl|DRu#XtLOL)#QOI=1JNi0P6xJ(>NphzU- zi5ox%M?e94Zn*4EI3vP&+!KpQ>q|&TB#Qs-l7;JU*-|Kx44&?bz^&?9@{3x%VZxy+(H*Fv~ZA zUsTC+P_q=ZQoA$BZ_IcS5=~)hYSirA=5}IrUd5Lz;~$Fv= zQ!Z>s5N3gFQP+xW4=f%i0}te@qn(|HV?`m&h@GrGg?4M+LV^MP#L>yf?Q~$oE&GB)Do3{-& zgu(rpI+MPx<<%%K%(;5yQ*W`I!gcY)9cOKxVPFv5hU})|$r6i0Vc$=Rg~t0pvUF zi9M_Y9qVBlOv4$Mk8|BPOO#TiEQL~jInq*d3dQE97&#JqNX%{)a&A*K7H$@W_giPT zJH)$(VwRSN&dy>BBdil?-LYm{woytl`u?}5{M~;2kaBRv(6xxufjk)s!BFIbTx1zg z*C>p*Y43RXN)u1Ec(x7DnJ6-=?WlM$ zEy_khw+xeSE(@}Spu&3PlNeO6n25;p*K8TNPKlp0+&)4_-yj)zbf}AYd>$D8ruslK z;*E<&>@2O$u0K&C@LCurJ}g<6y6uXne0z`ivZEvSsJd2pQtjS3AF#1s9(df6FtUYA zQv4a)bW`TLh;q-PZ9~as;e)&*ls5d==~5zJBWj;0>N5A9)Ie219Fa;;IT1# zKh?YHG;%X)C3K5kRej}|!I!q?o>tNS26GdLQ>4N&kYBKhxBTK-%!hk_KU(GW%@q{< zcF`J^4lXZxPp3s7O`f4^n>X`PxU^<)DSm`9FI~)Z5!>+HW>COCD&t7|`{TElJrfhc zfE7a&XQ5U7Fm7nWN}%%Z3aJpsoq=x!tV`fuN|w4tI4c#vija8`WUV#a9KPNal-zm3 zenmV{y*Ki;?as;6@%3lTjR=!|m08O6I31Zwe}?`5A7VDwc_e zxE&x+u&ISxyiyAU%R(p?B(?DZT3B!*H^6ln`dRhUmPvu_*H14fo)79FQ@x$`r(9%ea-_!t4XF{zXH?Om&DE+ zpnJjx+dxK#pFIbl=!z;e0vCnAnlz*DjgONoZ$&=MMcp_Fx{&c=Oxqu8r*>vk8!t_5 zY)okF0v>+u_@exjmdYUw)f3@Ft;r{-6+0d9!o%Io!zbkfEV0MD+V;Yk?jSo&`L5+L;>UrMH?Eg{c;_)nYg2r&cG%DU@`*eaF08Qs zWgd;cDOGwmpZEJPXZNnoATC`wQK&NDM5hKueQ6s4XmDsPib z&fdMC2d*4N@P}6v-;v0gtNDRko~Y#qqDeET zEt|#AO?oK;dp5+7REsoOlDrY>g?kO|f}yXT$_v3=TI)@o2-zMbAk zm{(y0w++Zrz-BC46SW6+T6_!cnp&}F6ef5dmK58hny|FsvD8w?Uuw{|2FA3O)mLmi zgR^p`1~eA7oprk>DUun7;U5rhZ?6->uXZ3018Z8>ER@Yv41Ok3Di$^#5fp^CAT*$D z-F0g2!XR~PUwuIQpc~WlIwVMp=UWhPagxjWo?6~4{LV`hS_HIC8+|%G-9(B7+xY5- z8?dWMp4;I!O7@f2E>hGnfOwY( zV4x8Ghk5s~*^lI}WzNI~@*5Bf`_$!0E&_H1P`+)cVsH0;=c9947AC_ zw9KE_6#m+UtZpckK!BxA}GXpTWJB25U29^W1&C8Ka*MqS_;xC^+ zGoqTgQXTs*zEA5{gnXHs%RJ>+mwb^QBCqQmmYsSJmGA15eXDqK!0#4XU)0r1h19@I zvbbUkpM(s7m9(TA^Zz81R|FsL%u970j;Ni^uX1s5aNt}J&QGs3rwGZ|=l7 zIbKhBIzks}F)d|{s8^Rva4=1+5{BQpkpjBl)fq^{*{>ReW%cz?CiroyOpIJu*R zv9glJ6UUZ;=gtU@!uK93;+@SrGbhC|^Wqo1#pi#ZEvo>d*XEFvoEHuQk~ESkO-Vh< zp}O-E+S9_Jvl&%U!~|(uS7c@h_ER-njaR{5&G_OLTJd+Vooyq*CMKiEMRD*|A6m&B zH;L+~9WgmA39`IHDOdUWM#2xzAmwR7p$9^SuGgopg%F`onOMgb z*SPDg*86(wek%sDNh>}zpXKTVQwvlsPecM zQmoC*+WgCFnaD zB-J{k5&rZKA)kClHqh%>;un^|mhqjn=|MupDx6OWi>^Q{Bqp(=qexkDc6%!Y!0z%G z=XsNk&f3ExR2WDvC1|bO_T3V{Mgy~9W`eOKjh3_ zeI76u>|C!h%|l>XC%lRE6X`Y`&5f=|0fpZ#oWCGCQxG0l!?u4vEN~5ddMY9wDC~yu zicz0KpnU>ZMTX!tyM2;7T0x^lk7EZRJ=<q^S0ndpVsBWIPM(67G~ zjx0#1r6AzLWBl!9-LS59eF6@+^BbONh>SZ;oyVJlg|IK534735;XsUMU(jS25LCrR zl4eSBPHsE^N1>g<76>YNgzI7Tpkrsbd9c&nB)`%2@q{b8^-E2Y)jy97esa4W^GL}R zEvmJ)1sF48NQFp8JaOt-fKufQh&fs)Q7Ew8Xg+)xNCkl^uwI@fVy2Hn00AOe%Fy}m z&XSM`S5O_-g4M>Vvvmg21&tXSG-_c;E@Jfgj|wx4l@&km;pXsyt6%~cL8iS-uy}{&IoYc|gA?TIC&$V3g7e9Y? z@x)p5T*!mFe!MEb1FRH~Q>kI+vhsTqa}x)h-O@nh7&f%9YUgKER#x1T;TLM-4olpw z&&$hAYWb4=lk~TAmxW6quSDw0b@J2yPR3?@Uatyu*CdzL*WrlD2B;-N&vQ{JLb-@| zOSa_)xEb!wO&g6jCQ96_G+T*mH(%y2WLLs`ot1;+!u?^aea)Yd4^U}qCG9hb z9Gw!~Kk5_~ZaiMm1}{|6bLrC1(j3-V`dvIIytWojE94I5=yX`^gxLeJ)i?I8yIZ#S zs040rJ`U1~!S*#fZm0y|qdH=t8$9Ne%%tb+@Mas{+%qlSgu!N|Jsd5llhlk=lFr+t{Lnny8*{1GJ$zY{;#; z?RRNu57RPaayuD}AFg()s7ab)%cr7XkHn!XzYA52oSHW(s&?2HY5(Q8m~CdyHWz-| zq_CKQP7Vy7)ZlTk!b%ZcX*V|27$qTU+(6mHXgzG`@%Wed>S?E{8pZDW?@cb+b(DU; zNBJy0~@ zR=?o?hP(v%O4m6sx;|`h5w;a8=7X3Tlk8sdeGIF++&(xvYa<>YskfG0^q+?2MWk(vrT zT|+%Dp3&mC!z~Wwb{=)=GY~-^Xv&bEDp{E?vIFXC`=!M)+Z!fgXw>O3fiI~eV&{oC zUOMIJg>=ew^NH?&kA(c;uMp09fN#Yeg5W>}C#yP4K3fbChYG-P%^E|%Rv4Y?zVw_X;IEOR3}6MSAOB+daC=LLz`_?I-U$!eCu_anIN5w^GoVda258DA@wmYB^NDg0 zBskn3g3iCeB@$>O*;!PB#iHZ^kpV1&BHPg`ODSbDv)Zq%2YYAIZi-z#G5hU#*WEJ7 zpPKyYQpW9!*jgXU77_pJ43-A#08M9YAS9IZAv-JBj(KF-_2r}v%aLqFi7GoZs+c=P z`JCIW6NO+41lNtWR@4cTqXa(FR*)5Qe!_7G=?^H7@2p}K=1p{hylnkM+|JMs3Rsv~ zX>JtrgIBB9f4^k(eumiwlRsYHUD}U_{Un*=>tMSymlB45eG)qlh3zuf$7RevI)`OJ437jy@+!7c9To67kNDrhK>rHs$Dxsj3M2~uE|$q*`5>An2E1lXlzy^H^Y zWImsksikj3-S=Hp8PqC?|GE`*fwaI>uiZM{x#-HL9#Ds@JtE#*Q;Q!uC^5a;D!DEP zBTYr_+)U_s!j#e4dLj6A^K0_iVkZ@d-fQUt*S4)x=3mElq3%yb*g10Vpcf#h71R-`DhWYKJ`MH;89N(R_w1NoXY<)(`Rp z%N;sjSM38QjC9pWMbai`(<~y0hW$u+xm@>NS1|=n!^tn6p#>v8NO^5bK)SM#a)Y9! zF_n?+%6mgNzm||3Rz~3!>~_@WkBQ-^geTC*(Dhr!{Y7IB?0Ts`&f`g<5`P3=fsb2) z9~x2JW~OD_AE6vrVHTIGg*oAD_R*cmK%#V>%cc2u0Wu6S4<FdsI|a`3}`tbF9HL#hYicoIbL< zu7(bNj+AM*?f8E37U?8aTs4QI(|jK+rU;xK(1FCSX{TrgQ}`_)BncUNL{BEpwrl3c z9=W_WJ!p|JPDX~f`aV!zovjy-nU|=aVi_uZfhXLHl#mKNRXf1^NU991? z)5Zp=;}TCIYQ%1jB;;mPEA6QzdE|n)I-AedQ&Tt*BiYf~hOtN2YN!d9=h!>ET}hfa zuxgJ`aMo@6b2jh-Q_H=RF?1<#!BjBC*v}u$ZVc3%&X8KI@44jzquoVO6bVQ}zC0tivHOh<|jcXit&;b;xL=ibkNZ@qQS!aMf{!+k!r6Dv-mq z8ylFNJ+_297mkkTsXls31A)1DKPz?eLGT&^fFcEr4sSEm?f*4O9x{@zGs3Dd+D1*C zg}1gRi3}|Aqt`tLz6jU-3G#5yPM3FmAtA9qGX0>2UfA*A&*mM%>^Hvt2N%31E$);r zw*&<_y!~lSxKeK#oxc3~wMameO>NCQMM}r67j78?Wlz*h`@vbo(7ByQwyiLV2Jcw4 zqGRVNgPHuU`%(JI$g^f`*n6>g98K3gAs9+f4Drus{<7`n@TTjqQDD?V%R4%McI2{} zM*cY}Z=Y8@JKg^4x%#4LeDguIs^P56bn?*dTX6o4% zX+8khaRo!W5n^66H&F|V&3lVOhYG06Vl*``75z8H!dbj$FbfZ~P{yau;!F&RykD}! zGLz};=I(|`;sTi}Dvoo+oQ)R%yd=1{_Nxp_!=y%Zs44lMmyT2h_FVDVaxO@N?gfrbtiL=8Gru`F3;ncsBB3%8SvU zWBujL;n+Y&Dm4z0+Pi{WT!%ese&zH+n#FCA5bwui3WxMm4F{DbZG;qZP)vVC1>IUm zdN0&MPt11gWS=COrM9XvunbUjr2vAB%0s0U0qD99=e8MLJ$Cbuo%Z9t!1mF__m?tL zbYFC3ZFV{BO?eK|3X3~C3vDxDcGcMlr>Y6cqO+B2TB3@hqQiy&n#qB?=NMi4cU6=qdA-}`9lR5XMQd)YIg zXVpqdq!ayi*CkdDH}+-A)=JjB9J;WGl_KDYFd3nq9J*zn)_onh!)%q8O=ZkK_N(N( zMuz(ybTx7HrcfVojJk^R)nDIK1prO4fM$r2*=H3R=r>=gN#bW-*0vdq)95;EN-8VC zU7w}t&2EhA%EpCIe0@!ykPd9-uJ#TN8N6dMeYrx;dQZwa`s1TLEV$k=IXa{Y4eL5uI6T|P@%m1A7d z#;tpz3lE+o8a^>>5$T$bb^WD7 zkJF!D#%vQ-e?Zh77k-Q{Yr?FPlYX&D8*dS02-Xd+z|? za|o@ds>A~x8aahO+OHQ@EV)QhYr8H3`?w5EZ;^pb2`p|mkB6VMq^{HGwG@~(3nmXV zn`#VVlub=A&r$$GV(Z!Y^t5`|1&em=50K6v+XHDar=H-Ox(zQEaO{;0X3ZgD!i3QgOP5}E<}rOMv+~v;ulXC|#IXZCj)cDAkkWYg9E)^hdpLp0eEKe( z(P;a`$Yncu5Kn`|pj+TK2W;ET3O5ifj(mvi0<3d0!DU{?wL_&`b0X0gCC9Mr5w^xv zvOW#D=Rs43+F#&4e;Lf{)`^aRT6ZyiG_?ueo&rMrGOyI-Ke55+tmmGPFsAv7lm>>s z_`FhhvN6t=NUEB}AR(o6)ZG@t1`Q0fyovMWgHEsytnau;bQLrnEx>}nO6;Koie5@N(o_octZYu8WJa+} zF2?G{l1V!v-4yMsdVBY{=8Ia`_G3#V;SfAq4> zwIXlR`HrPN85lYr-bMA-`IrFvh*hi-%f1Lss%V`9R+o;0EB8>66KQ!xof#s!wg8>7 znV5kbnE|wpJB|<=LhDZD(Y!ow@@)=evj_s$QsR``l3TV`jRsB0TktEaa}3{F64aHJ zJq$j2<0uX;Jy*OH)a1|h$iPYp&ZD3{Dhn_{NG>$le>Q3WeKFA&AVf8T=xW2~S)2M& zEY#}GMx#Qy$j;&DE&vLO?(fD$Va&UEnYSK&MXpVk^74WNrf zuci~ENJ@3xqe*yUM>xsx!&u(=m=Dn58e`vnxZ!ZFsZ-4QOl=%2ub5=9o3N! zP?aOF9deXTO<675e8ylElXi*TV$&~Womj^lr8FQ&`Cw^p$*EMY+^DBE;ZPwppts20 zYk8^6w5X|xMe?pvC!g~u7fi<0*ZZwG+NE%P3ZT-&fb6BbZTt=3Q$-JANG#BU#{_It zY@H!a{72j(ED+1F>Ep~&J@vb`VGjZQ5pol+a9es1L0tuGAG}gMp10J53EYZN!Z8IT z5Q?zhlu;>m5S?HogIuyd(QN;c8PFMlIBKF1_p(|zsIpgkd)I};2 zua^M(t6FNSa6=Ni{QxhnJ`zqiq8WAXullazmL>aBl*wB6k9eZ+EUvMsfl>$aV?wW7 z28*#Tw64zn{mK5-w`}Mg{>)QS*!7kE3p-7pBUTrzO}LXl-10jHTr3|%m*D}tuH|Es zD2v+R%`Y35B@dD_ZLsTS%S>Mo5-qYnD`(PUgD*T*6di|bsXgyT!hV~6ac05 zpdIXc8rB5beTkE9)Z1D^nI{OE1hZGc)!|pRS_ZLg;1j zk+$*ZdArNG*2br#?RyfXW9AKr9b)j6>ukD2FHOgjpC+S`M{q>og=yg*duUzWCg|8O z+-91b5{!$FQ8%+BXit$k)=4YQ=K6J9tML1%pd+Cr9_O7pRz<)@&DPnJn)0X2*e*9Q z&fv!C9715@XQdLwoseT6UpiOW&990{c*g4DVu)AsTjSe*ov^$tYMUmyk0e5^3BnFhFc6|!HI6aMy@nXWab%Z0FCA-t3> zbx0}3tWyk5iHrUV|55_1(g6Qup8GF;>z_c^zmNX|>-r~)=Iy{GdySpF@`Fj+MR?WF zI?jmd(OK9JsbgaHiPQ`eB^Hv$Qh_(=f+bbgi=WM$o0U=h1>p*wb^~YpzmZFJ_M(3= znEzS+Zz}VDr24`$E|>rq%tD@244-)LDRsYn3fvUaS*xb1YDfmYs`>a1=&bju2n6s{ z`{I1OAE~OUeg)Xdh1S4$=#_=K3h;NE<0gEa6>nDjs4P7hz)A0T-xiTMzxuOh415?- zqc1Byn*KbJJ?GwJCHR0ZD~kaq3naIf1*_%{Ho&cXeO6hW2#H-E7W31M^sha*UBP zzxs8m68J|qdw z$6|5ZdAn=aL-a*jU&C%2KIJ81uL#=35aQAG3%kv^21TM5+;O4Ya~ie>TJ}A%tdv}I z>QN4Fv6qQ;9l~vRh_zhTvvw>a7*JY{lAu?D&v)t9z~E3cI^P{P+OuNXEAJFtQ9NB2 z3IOO|p19bff?pbcjK1)fIS+jg4V4pJIJIV~r5=@vocL7al1|>P{=TOv1dCPj!RhqK z;stu~L6)<%J{0n}XVM@vMatM8cic=5zRnzA6;KypdvlXLD_XrPXoDvl?EHmEwTCZ) zyU~_f@|P9|M8B|7QDdJTav=rfL(PgfiwDt4+D*-5T%z%)i}7}4`d0iTwlfmCyNq?> zBz{3AL=!Q?n&$Ug*E)}lr^Mx!&~dVT=@4H^K@0RsM6@~@s>EF4_AH6Nls$ay9@ugb zi{~l%y@Sn!;#Tc!> z7$wPSfVwdeA)K(7YWncCk9!y@vP3EB-P3Adl?Ik>%k}KDYkMR^4~A30!j%NV26>lOWrB9WH{G#+61&i28*7nqX`7*_9R5`GmVHF6gH?xm?>A2c z&0|tlame)EiS>P=V-OJYFaviE@N0KD!PWcDZ8)b(U97Ut>rn);`C;JL(Lk)lqSs>D z%kN(0P#QuD5y;H^{9|z_0v_@kdw~kBeTnd4`1G*;nQ-s^>%0rZLZ`{n!Z+$^3D&af zHP`roH!lW<$M=#R7=UYc?cetX`qS6BeAA?qruG|w%Q_}{iS9AFmq6VXMuG+i&|%Rk ziB)l9Pqzw1E>we^)l`3NlRwfSLcnSY=dn*=eSP0WW=_D*cpH)TP6C&YT7_Ek8H|tZ z{0|8lvXJNO^I~Kzq_YTg<$=&pax7CHhAf4+i-481WNi-VJx2YOeb0l8y^GZMzH41u z)$~T+BtK_YFk+Wb#d0Yk}5U3QdXpHA=w85SK?#ae%N^GQBX6TyjH3v6A}ntKf)DVid? zb6043Q2Ef|1YAuNznd?mqaFn$Pl-QvLkGKKnmTPjJOmd{>KIuZ~KeB%{Kj<iWku`qpoxP%+ti8Tt^F;r{S_T5KQh;` zPW8W@b^pY6THKX(ErfRE+n+dFU&Bm`>~{Nq;R(GPu>MDAVt8|DEO|YquK}3BHP9=l zvT$j_;V}?2b}@V0@8y9rdh-5vp>=j(D_*8>W_-Zk7?2v*1w)a%u%M2#P2D-an)9;WaAD@}L9|^NOB!e=EYwdXsTtv7`){>zF6zp}k(& zZFsrZealPw%c}?AU1&~tNi$R`io)H0wjbIX1nJEX_EO1^5!-JQ>>>ud zdhSY#qk}7;`3xob0~23(pwO#t&k9WBywSeke7dw%>!2L+H0EefE76PPPIb3v|8<_G zZ8t1t1|7=AY6+#>^)Yvq&+}d5W3)eb8W$p7t922{QiabES@{0%6-+=KnmE$lI!`Nw z3Fg+v3;1|&xqiUAiQ^ky@=<$8z$IZhbvbs2Yp0STF!*JXRPcR|)N!rC+-H}vOzFa0sIZ|_&?*fldhf?h>A}p(EKNHW(=S&4zlo-&!u%dMov=o4 zUez?QVffjm2q1bBVzB@ubLJcq)5-BN6%eogA2BrlsjK{-Xe=6l#$t*7vCn2FDk

)Je&(`A6Dq3KjGa!vf?NA4X{XgbCZE$S4K<#+McO0LagNrLA% zU*C^~?drz*p=j@!-Jg+|7&2i09${0%6WpCJGdx~-1Ick$Q32P9hhdCZ7Tg@Yw5Evf z5;>C^CY^ho5cV5z#lObf_34Etcn!NdYgxr~A92*=BB4Jje0ydM-Qxbn4E+#u;Ao?> zmsrnub6BOls}d#==Ak8T?K_iEc)_0>>huCTbLU(>$A<;#SRN^py2`mz1*=pe|& zkNXJ4!$`ZqiWg^B&M)m*6Qx-*)J?XUKBh?pG&FvcslVca+2&k4O+5aEpL%!r=%u)0 z4^QCs1`xBvJ60uv{Xkmv{gqbgM2;9B+}*`9`VM5+%w$cLlVr*4iN2gO#u%rWr52y7 zT7|2BkaId8sNDSfRicC{+KZAufwVSlCgF}e5SwuC6i227)a`0r;sS$5!pG!rW_hw8-Jpff2>G=L7TR;#F4^@qvP;`>^bp zoVw#lf!ey6#{Xgg%o`x%W!p+Jif+pwY96AuAIKSMFS~mhkhPGYTkdY- zgg8CPl`MMvi`ST=YKh{7pOEXJp1l2gNh@|}k|fMEV05@19i%>L7HXq7K~?|WNL&y3 z#y0ypskndts1Y4ISJbj~Bfg(d;YjFTk46v|ax45We4a{9`Ym(pxcl!L!EC3pGcvv> zVYu#4LQ0~u&A%f;!e~MWep0uu%$D=Ty-V=}-(llxC(kP7Za|?~!tfFa@)a{8jW- z7wF0&o&w4*pzQqb@|OMI!@uRPt7h=}l1Hk~)xg4ncyd%4k&Ae8TJ=YR8$G? z(3-t0EK;85EG~B87Azv;zlplj;KEJvIxAD}ap4c{`vqj*V&cetP)Cx!PHD>2zzGiK z99~?ACX1Ok_(!lsj&8SkHfDN(M)D3b@tvc=@&7hg{JSjZ=36iW*_zTMurp!w)7vX+ zH`g0}`Oe*)9Uu;h7FjHmSxFu}#+guMGO$I>cHUMKrn~|lT=qYG=zJ6aNBn*rqs~Sx zAUXAc$4;j#psqGAl*iU`*4n;dW!(7XTirjZ0dJ0a=f8E>37J`#>yjyw)Ap^U&+Aar$mx|&)Cyx1=-EnJkTNb%wlD4KeD)e#otL%3F0vq$aMJv>d?=9I~UMjW+ z?Cjru!qI5>&I<<6+M2JR{vJ*5RbEZ?rCu$Qy(G>g$C40QSNxu%W{a1zACc{xYq~Zp zpe4JXO{r+yG$?$%e(w-6kQn4$;3MsyH1M=~6hV|t)HlSfKu7WWmx&!`-rUWbVy8Bg zR}v!MoI6PsCx!c?P zU?;E8D;a4ClPYyeX4^RJbT~Bn&Co|4?> z0vpAv(2@~1bm`0Pd`jP4NW{{&)xZ@ql1p1Sc_1X@i2C}1$jY!B0h_B;Aqw-82i84`|hZwzHZw9Qlul&q$w&WU8zz+5k;km^d5@T zP(!Z)q&F4mAP54|o74aaARxU-4@E$bme3)D@(#c6-f_S8#(QtP`~S-rrE*V@LFzB?);9-e@n#?6b~qCjz&qn+1%FJl`UO{kFb=J~|ULMDl1nSUiAW)@YO zE}T176=s!7WDzRx*__wxPJ3Cx)2CsA4~^l=$9}( zjK$z@TJ-$3q_vT<<6{KXnaOz)h*;tGu_QKjv1WbdYhxIe#E8NBU{>4O;7v+lWF*up z*m~5s;@eQ2dIIrLP8(Uyko}k2jM>zb;+AKn=_Y2XKp;D>ozYCDzv4utwf3EQySNJ_ zIarmZ<`K0?Fe;`KB(mSLXc>MQZ^mL9zy&2A%v+z?_$9=RO?HNUSA?l8kwj3q9?g$L z1QOn6TMs2(Hq)-1E~FB_OL)tOrRAhGU`aHr4iJw+Y5 z1H~+@P4;#ck9SmYZse@INW!hK>B;oXk2Dsmz@;r%Ts#e3))L^Oet3yyUmAHNzt#lV zmd#&e5VhJ{wsfLNY44wDov`_HdM3Fjza!FAoR{wKTsC}KA_gyVL2U9FSW9!n>1|c$ z->c#j4bmJn9q@RtbN`7eBtc?aTL{BQ8OsX4)AoLm9u)RKlKM8;+36ncIseOff>Me4 zp~HH?xEO!h9oFs)-wOHf-z9VF^q7KZgzheh=%~;Ktv^~bgfnX*?<>T`agc(k(PAam zCmS3TO?3YK2Yq_Yh}6n6Nfcl6-YKT1&lyCP8CcKb@oaVw6~T^lT%D4YNTRV_cS&sf zGR9QSW>OkT8Ba7bS%o>C)8p}c>Z(kdjji+EUv|M5yskO6hM!^hj@3c?&7s; z2?U>JKB3=$hhqEoNZ$z)djp+&4&_db)MryCS|UU4ENUEnKz}AC%UgsjY61-qCerA= z3=F_VFq6GM+T8UVrwbg;3G;T(`}w_#6O{0=MCLZXZ$pac*+EB&dh*jZM8o5~%N+y2 zgwz{#a*O&j{;SE$!d4OE4D9SYqT||^t;l74-{mih$Ev`llC)b_0lByndx(30{MIOl z%Mnzgqnj2a8pw?5NCBykq}$-6bz{Fh_+cS$RDri-F6UzG7`V|X1GyeLz!b+?`z68X z?A79XN0aVTDCPmWn<(hBN#cnzwyPH>v~*EM8$>e*bBzIK2|9d5^QkITDZL9dGQ!Hx zmx{8%G(MTWI;x$!&&OV};q@e#2TcXT9$x&+)3GK{p#79=c|CItPwrEs>O}PZF9+Jc zV(&;KB~uE@u!9divV52t-)>h?`ty=O5>(1?tZD7vawk!`P&@7cfV)QJoat>G6%PUs z&e-!XWbRG2=G+EzQw6zkU3s1gne`f-TaWp`(7`wqdHdo)>uiUTYpgW8Q^!=Hyvua# zRxWu44JmwDAc1bOo5{dYmEJ`W-XIih}49?c@NbOc8$+OMNeyQWO_$GC`O@rE)+{s#&T(ZdI3i6J!|NW@gsl-#wp&eeY80;gFnW-;?Et znUs=YO_+|bnY^Dpoqn7om4=sa@kdI_Q5vdHrTaN*+a!6wM^7534 zgi|X{ew%wY=|0q3vvoe1*nT<`BtcYIzP zm(ImM?0QCmOc2L?5b5T*7<2fXeD*yY>J%u)Sw*mk1d1iU+SES9ZnshMJ3Zfu8pUdW z#>WKBjK)jMJ}+5r0r$Sl=$L<46Z&AzVIvq+HMkTAJ9CAo4h8y>JMbL~G4|d(Hfs2? zXDROwyVC&6ps}hd{KEsc0{;F=BUR^GRLP65Co+H{qT2wK}#h{(~hv z65F~6mWVKdTMmB4yX7{gSS;RK#JM|;C+2emJCpE}Nq2e5h3pD3srWT7Y`+A+4C6vN zwQF*I;2tI|B1h+KJF&7-U42-DPW!^+NfYZy4)1JVqBr4STkA4I6vvo`E)eu+tF#(j z*9|n;v`PP3CxCv8JMRuQ$E)I^+nvfB@gw=In@2uG-9&wxR|>V zD@d*E?TZuF{_VQy+9)JFgY}J=xbE%f@Z_`D+kgEf_oAPoWvQSp_1I(`vjC!+A`G|% z*teuX6qa(kx7lVj>5z85;tLSsiHOa8CJ?DqT|WEErh*NPBIxY-qFl)k&2|0={FC0U(TV9;Z}WOI4faax8RnT9a9b_MM#PRAS^q6RaBl zOVb5$spAI3z{|IW6ptu4`DyXZ(q=?>$I16}@tmv;X1j(7mi)muw9 zF+#L{$R{Zvjf#3I$Jb&U1KHzcf|^9`=)cpd!w@wQAbf|PBP1jdpkb;gO25D z#+s&T^o9rbB{&|R>2+?KbGR(zD6T!6JN~H0kg^f%MfMYOZ!Y1AlYu=shMem$cPlzMPcTc`_zA)H259NwITzu=NNxuKKgJ zvSSdu(z43v?zH;hqIfj=zN{l@)3b3`a-qTE>BCOFWMo}$?va<6#tZb^{Vjne*T zFLy)Xbj1cM2a^3?C>U2Rl5TX3V8oPmr1lQiDQj?X=6{m3e^IsniNXEv+1!5){1?Cb zH^TS-hyTNN|8su+|IGZC0`Q-6^3QKp%I;8qZ$vogMIMY6nB3+HdG(J{Fi*>yMVFP> z1jq>hp}YRScF*~5Dt|k59FF)){;L4mT}cE^A1oV8UCBg+416uqyprphC*C~5Ix+k) zdv%qk)~icBQ^My*di_kW%G>>gALk8!p3-MG0N5Ka0NdkAh%?Ma=3zBFO0Mpnvx8dgR4J2GsK$iXSvBrH8etb<(q8#;z& zDRzfC@~qg_;54X4Ym9i4N|j?m9P;CXPG;JEeOeLC1JOC=3; zXS?&CL5`hLj?6CFkgeiA6#$(~U)hFyJI`Roib55&9QWLsl0L57nmY^W^>(M;*_LqY zuo%hV^oClFRo>5=aZkk=HHo{r4>4_u;KnG;n9~M`sV(rg{&+rc5g)deXKO8DW#t*itcT^r@XzUot91_zksBX^=jE2G&j`XA5@I_oE~Wj@k@*1w zB7b_vJC@nmNtGFmrWd4~OIBxoFdR;!SyuhsPur97`ceWWa#KjWN?F~$5o_lA{El+p zE^llFTVAo>*gw=q4K!7?4xIjZ>c%2QSWGq%wd*nKz}BC@_I?g|5to+s*eelL-h-15 z6+Qv5PO-^*m&V}r^eV=|)C}NYFv%@O#SJ4jtcYbWJ%<&wdH>6|ZZsr=b~T$Hhd}@A z>e^%}5KpHU=2De>>?6hDsu&^a>{#VcPrfil&@EP3Th=Ty!izUeb*CLvX=ow#!4O4{ z$pJ|*xk~~<IVf;qfatr1S1a#C-Bg!0quC$IEUaSi=o^vhRRTed5-%95+r`Ei4FRACez~0tE zaan)!fumltqq`ILHUN<%#2g=bS1>NQwUEoOjx`_Qzm%lT*VEI^e8LU`O(7%dlJaP+ zG_(#S`5-^dr?JP4L)TV>2xdFDLcetAHo(?dy)WuOFt`@n>_}v2J->Jy*Mxqi^qMt2 z&^hu%2(Avpym$+fD16-5BO=(xIV=`%6@=|QZ!03^yXcOUBS`XgfdZP$a$6O%&Ii}E z?|qZHhbPhJ0%(rTC#3r^GD~lAs%hObjlr|Mj~tbW{2-iX*|at7 z^Qi$ni|lk~m>(;+BL7A_4T@B2; z1{inu%SUNIxl{EhuULyrVH^MPntVO8%ny#|7Ll@0O+Q%|^Jy-(z6jl{;lq0x>pfX1 zDiT$VMqu%1bqVNQhPLs5G8_I0p8~`-8zej3B=O8|(v7vc@e%cc@e}T#7f-F9<#*T& zobjlM^>C(y6}uKe1A{t(BJoKFS{~-BSWg-bBZtim#>}eY)$+H$>Q@9GFMo{xNqy}? z>nOQ!OiafT0mk-+_3>!mwCIaEd$G8rJ+}0!@)PT^=%n_fSIc^4GI~v%Wr$$h$S3u= z7$CN+>uND?lX~8I{l{tTN_4!EmpZqNm}z45-*~*T%zKtU9W?rWfU50@Tl zqc~_+c!^>?YJ4bZ6|caXI7^k<&Z@QjeP*tLSRHmu)W224F|Ni*ctm<@pbiS8AAtG1 ze4SXX76`vR(>+i?5Ccz@_V}=?|5V)T)wJWP7HTQ_+wh~i2&n2L&AXCdhE@M&zdIye z$#TiYXUI$PlNY-Io%UQEt+p;EL5@&1X%hX%2=U!xr%ltuv$sv+Ppa({_p(0_XY+^O z#XI1d2J|cag(~sEBV!^suOkGfeen<=XwJ9f6fj#C7&rQ!93)R9KrX&4y;4e&o!?vA zb8%m9&@4lpqL|51>Ii=jGkKs1E+bGk#W-RbTmPGO8+#J6$JsFmBcp5`F*Z8Xf}g~< zkp{D~UwRm%66DaHwl9fK@w|El>z0)9-Q_bc`1Jx^;Tt;iTXlUw3;!_ddT^& zT6^&B!w?Y@5tD?t?|aTH>FLTobehCn#73O~eR$cOj0Gw(#RTN=PEE-qQlz9DI{OJ0_`4y5;gJ=*B z!l1Q+rCovHGWT*26Bs`|EqVO=?B3(gZu_K`nmZ5sg|KjE<-i?0Ehz&Qz( zLB~nl0r5+DGxn7HfLB7KvXZusJ_fuIPo#IKweh>t@2y@>jI8B}sgBBxV=-~VFJ}+) zll=Y^`25mXSFU(NI&@1M2~LzFIZH$(F#oMWN7@L-zYr5B=MQ=(HD0|$%il1A9*p7l z?LxaykPnDOIT7UCne~<7xR*E19so`^hGG?EcM{yymh%2=e(e1oPtxH(TYR#_A**>C zwR=p6+^8a*KU@H_ga}`JBE1v5500jC>icMVaFN5@-V{GXk3z7r%9;kU%~@g}&+ioG z36Zwy6?<-wi!KKz5@6l_jiT`$Jc(-T(AEbe1QW1qBnLDf6w= zHg>r$T{?}?_h?hkKBU$L>2g>PHpw6nmNv;7 zy}b2rF9%E6aY!e0sFsLF;3oK!>=Cv9DKg-(s2baDL&sg}+AD@t)2xw>YN7i}X6dQ+ z@USRQAowgiaW3FJB7rcTm@(a;P!M*tO7R{cb1DnPA z&J9f5On5VpB*)iL*)|jLXA8lroK@d9^c?+GHAMHb3#uCvn(%qLY>bO861T?0#$#g4 zzj&ml4IIY*?a}7;Vi3NTn;4u$xKF>PhQX8gj5KJnzDYxip;9(Q8jXZGgpZZ(#I{;Y z<)JVHb!+0BIU!jrU1#O`5Sp)#ab{__+g|G3K6J}jmxuK2&D`!7GDW;HaG7y!>FvI) z*IHBBK3%272t_CFF#-QDl!ns)f&#h**?3%3L-!@c-15#X{MRR6ZdzTCMt<4g{%02| zyQ2M$SXF=8`dw>J%k@7dR6)Hv*dKWc_(C3CIkZ?15R2GiRoN&qqpAqbVphRFE3w*L z9e1y`L{eJ!9}|{!C^W~q^YjP5TQ$V$2lT!Y@6JiBDMPvFL+;tQmYE!*HXS^X%15$DE_{B4x*5C$z2jw-V9O zGPDjnE538A!A|>O z`_VAann|buPmclX1F5aQ7ez!|dv$U=9*&Wb7teQ&Hh{*i!0X?5<-ZdwZ->~rb8F$d z2zz~I2K60y0H{BJA$Z}p-5p>D^% z91!b~lZdaSeh?ofYVmUXAxebWMqIpUhH5u?V`}4((CLPJmRTeIaK?y>>s#--T6TZt zopX=rDV#1P1O#HHeyOCOJ!Knqnv8yex+8=+T)GX}2ehm&ciIj>f>-i9=^sZIG8@C2 zb2Hj{Es;*+aySim5IvN0C&&P@UT{51&O;55t~9>?OmG(Z(W+@c_c>wzr35b}#&yka zz@sMx5oC(7gd8qL5VE>lykiLbSUxAFXE=Ye8%as~ZiEKNdn~Wd{J`aFwr%!rl|Zl{ z=Z;2c-Njsk#KgY&f;G29#Dbl5pNBzAWX_HB?W2q)+(4&7oq_(ssG--ynb_UlLW#-y zL6gQQXBQ#qEfPfUram`lkVSQU8q$j-f9jGApEj3Gb|E_%NIhq5AeQaE2cNScW-8?@f61SMl*}Lv!Mw^V9Y}(ydfO%e3DJ1;_6T09aIGqB5zyKrsP|6|KRA<>Zxt z6a6HUdWOn}N+s*6MlKWbHFf_ycWmO;1Y)gBGZvZ!Qkkd`cYt#Bk}8(|FnCid>gv)Y z?ql6laH^l#M@h}h*2hjQ9Pqn$#JZmZ1I3m~l{Sj+W);l*pcJ{hEi4n8O7$KP=PX>r zPw55;8?%s}NtU@WF^y_ykdRy^JM zRLwCrO?axi(z($!p^adX>bZ;2?BBEHu^Qa*B`5fzXElAL0uk6~i~dG+^J!0H{Gqge zv(Z760n9Rw!PKYi613R$03`IzGFSmcv#M4%SU#O@U(96bS%wI@(0OGjF6C)koWHHb zBebXgaQN+LZBN@(P7=7adpB>>^m`tgc-R5=R$O$}hj9*U9}wsWEL74ifo=9(hcz{hs?}|8t_*_` z#3Yd(0W5fEeUI_VFfyCi^*mwH#t>@Ao0w&HpMO2_s#f~pKR*-B zPfk)kS}yRaX;iHpN28L$!oDF)M#)=F(s_QHV}x-}x6*0`bdB9wBl0VXgat);Zj zSm|2QaHYwoVf}09Yi!BAE8NFo8qBV~c8QlHv|eUZ!(vM9d_6p8+HyMT%IX7k@f(^- zFsb2rItnbhF83NTPhYI_2giN2Hg)j9Ja8upN~q%es@%JqML^%2d$xfOoRMIW!}>1t zMIn8}`T;~g*9VRm26CP0i8)CH)!w?9x$bWg(dbH# z2ts&*Ij^HXm8+o%DvMrwf2+>5sC{DQ@N>n?y~ajnFAtqp5qc;l)1H$$I{ zwEc_!Dxm}ap%1gw#cK2)>nDVME?5pu0*bO{EFU`H1uG5)KMuY;xKgq{aVVSFF?+js z1{54ltj?^A7pY>v5Q~7i!=eW($qF3W@21h(m05E!8qZn=o(^z%$+1ZG%yn-*X8PyJ ziMb*V-BDn&K=vJTSjL|d!pdn>Tf@0+R@uU6p!NL9oOlyn?~%A;>Z#Z8Lsok#8?S&38T^i%4Q-JvTS7 zB_O6g{IyYthUM{ti$OwhN~jM28?ZT!Ji#kzZo97NFh|(UtZMluPX&v^Z~1H!z+f{F z0y$WG;Jakw(c^JB=^q&RB)0G!S8_xiGQirGJuKyi>5Ee2 z4}>ts=uS6z47DZ)OZdR3Z7Rptz9QsEwjkE{qet6TIVJULto>UQ6_dUI40eCfJCIl! z@Ra|~WaTHzqhbla8#~EUB(e{i+PR+)hNYW(;hDABkPSl9<-7>&ZskJ$x!5gujP+?B8aALm`Z z$6mBCt)D*&@8R@}3V~SnQ9m+l_IJMXNJ8j<#-#Q@Tj_%HXb}_~gMa5y7w9rXaA#A< zsI|V+a-kb{?>)+U_-^17fOvByn7n7;2gufKM0f(JXQvP0@{+rwo70dFYjs(7BaC1Q zA1pJ7&Gr7{1M31-rx-h#uCBH}jU>Z2LJk3OlN_GvJVvPBbZjnZ%Ydvoamfw5QR<=TLrg?7gEb^$ER`pR_SVm;w64 zyXj7%14iyz?dNy+ci=(+{arc6m~-|u`qcB$EIUaCYvYCYJwX@aN1C(Y{#`r!{SDK* zBK`X0#)jEF*<%7$R=RAPP7Ecv z6vr``u7_Oi#YaaM_Mfo0I8=-Vt8S*Sw-UM^WqMu(IppsBU5(jP4&eFmfS>@C&AZk| zcyHzmLgN=mNA{B^m0Z@lH2qg*o`bz+fX#$vsM-Cj8?*;1Fww9RLWp1`%hZ?S2$GuM zJDRb_gDlzJjJE+LzhXV|Gwh6TvFl>O#!zMUx3@d*iADyX!w9rwmJNM3wQ*74t>MoA z0=5W*fw&xnrJaBG0B6P%&mpyZ4}1iR#Ho76COl@{i!6LXV>uH(-KZuOm7V-*sM;}a zKgj)L_t%p$WUIH~;VA&7YXX-lFpkZ?s{R)9R-61`KY7^A-Y@V4k?(AB;1BdGvy)pO zRMY-hOx@3Bs*v`){6Q=`ihed*9sAq~`b5LRL4P=9$T-E;SmoI(oDnHr1ZG6K>C@8{ zup%I{0j;<%st|h&Vpmv1@&X4BC3^K`OwU0`)d1JZTx+e_L|ue=isTVJL~Uq@GBiFB zZo(Df{3+qtFXN16Dk!guSJ0*i5a}~dVI=E6g{75e4Ayp56-$2YHW?z^Cq~`ac@_{i z{tm|Gy`Q<;V}mf&$kwf8%%iR+AeE-<*B~H^8d$FbcPc!NVBQtFsUqSQL5N@eyiP6x z0wUlA^JWM~miUfZk``RiPuXRiZ#(cl&{-9qqk%zb;@T`ErrsHt8m0rM4MU38Qz z^yC{zL+(K!3Bu7%d?o3K`QMKhIU;-l%7${hG4v=~*rgLN+%{cu$rbGob=D-Y=>Pe7 z)#ISiVtVLiCKW{r2bP_sXoS^eL3z!TGczxfOOFYO)EOlCh@apRzI5%8D+`N;Ze& zx$g{ru3uU}X-3NgK0N~f*Nh~> z%gB!+f%r4h+u{)RcC+U3-p<$6rVo<^hI?{fE398KvJr4>!{-dqLyn{*tJ2Rmb!F4b zOH5Ilm)fI{#hbT@GD%bkE(%nPm4J3VMrB{}J@}{EP~(3pD%i3vZ|!{1w=GN}&Ei-N zz*027PtTS%UpYPd_<-_)0VOwk)GMSmFqE}pIAL@8mhbs3U{R+}J#r1IA0=JxmR!qs zDEYj#-^IK;IBFtOJhY05rxU1s(2x-SKrg%JGN(eEM^@aHCiC*ZzgG0|u`l}g0mGjy z0$L@8mQ|13Kk}XFEwj(5D|6=J=KH3<+nrPkY!Wn7Nz31y3G%Jr?SubLTy2&4x>dW} ze}1$FMAP)O10HuP0+Q(0v*c$`PaO(wewNcF>@PvOJzI6$K&#UqHBY+aQ)%NDlfZGM?$hZ+n*qc89HB~ z!kcUqPNx3O+R*(Q^(S3m&kJsNFZnE8w1ygi^7Eir;gF1?kMG_itt|j z&Jp;tjC1um*^wW?S+0T8+9{IwB;MAy$BO>0pap@X%pEChi54QD;kAwRHYSj-l1*}K z&SnPGZ3IMetM^5VpbllM^~?MT^z53Zyof2(saQDD)*Q%_ppYyDGEx#+nBDpc(hCW02Qs<7+2k-G=Bx)*a5_qa7nD)mu-$>DemV<5jw=Sw* zPLCqB-2e5>#;?!&puDIMK(=v7D`3t&)cZh9A|8VyDsA&d#pTKJTfM4B_z~njkZH1U zMy#^M?w`QT3+^9-VNN7&uDKm+zjV%P6K*7AoEmd3CtECD2R5(QM*goJcmfUeT-@C` z@87}_i~Gsw%g7HmFfoe@WCUs8`pkbk%75=kBY#J?0eRwfY-)3rH;uI9yoT{fy5=f$ zl3M+-{0);-m}PWaTnv^b3m<)7aV|wQyLy%sZ_t8zNfk?nNHer zWTegZYj=IpjyX(&z>iQGfj2RcL$O7la|BGxd5z@*i+5%i`Y+3Q=Sti0?)jS@49ekiVzX%gW%HslU78dwPVfGN~I1chWzYh!^;$v9ns@R-0D( zP<;WVLq#A~eLv^PVbYrJIDNxxyOy@fu{YD`+V%7mHItUbr4jv(a$8<1rq=)oii3-w zviW64)k{$o9ptx&PC6%<1TXuaEkAcmeI!xu@Hdd4@{>o26G4MJ`rAY}^nzq(=GWO7 z!+KN{sY`t?abx!HE$FHdhk+bl%@TVSW2V#2>&a8vcNCE!Fn-32EPF$Lw7E4^@rtMZ!U#e1Pf5(ZEsWomedZ!OcXTkA1iToPtf$vW}f1SDj;Y3vEt@jkJ?hl zwG$hvN@dnMNS3a+=NiInJ$$EeeL}fjnd{05G<^t%<`yfo*~b`Aq{o0Exx)j==;>f zxZu%YNqM>f$BU&Tp=;*d?|%Bf#NjjSZy?hHanV6x<}OWX_bHJQIq%bSYBpp3?B@fi zqvIz6jZY;M*n`;#NA8k{05gXa$`-Oc=E)<^0R3LVP&v^L911id4Nygp4i{u!7H)vP z1d;UIM5gMr5wKcOV literal 0 HcmV?d00001 diff --git a/static/img/vnat.png b/static/img/vnat.png new file mode 100644 index 0000000000000000000000000000000000000000..1caf93658495399fa9443a52fc099882a1d8f719 GIT binary patch literal 37545 zcmeFZby%Fs(l0s#3~qryaF^f^e6Zkd!3jRt1b2sl2oMPF!2$t-6C8pJD+GdDZ~_wu zuEBlokhS*y_Il2~_uTy)`Rjvc=(qdruCDrZcXd}+4beJU$^^JnxBvivKvhNI2>^g5 zg!;5$W1>pV9a$SuNmro0vG)^eKL&SCH+!hF9fNm(yB&j_Khz!o@Sk(hktO-efZcZV zS{fKm;UA|uk$Iax!iT%r-6*jVQBj3WQ@xJvN~@1yYtmp^xj{@?xE5`bPr&=|IhJuk zEqKy;UXOv#LxwV9Dr&W2{iR^q+N`I*xYSD*at)@WP)c3jDT%EMsW;qjGUOgYN0*-( zYff)JXhe5##Tj6@4>A6uV3|SfCAp%WB9!AkPTs7MzPrAjUcKY=o zqOYrMuB|S~R;D2Kdoi4S`lg%yU$jNPV^BWvna+LPyY6UWd8V@5787Msd39R>`?$8n zzyW{nDgjC`4F5G0!Q)Sly}4Zm92e)`VbOyo(7mjhJlAw@?61wB^du*pV2A{;&Uc%V zZg0oo98wUAXbb?vO(62_sx_H>TPJ?632vOG#v?|xdU-IZ0mk~z<*d`n4Ns(GmV?&iypG-f{J0jEUnS;$U6D(QjL z=hVpqw-oDT(qIV!o?whFp5|s($2mGPSNZ+qO7Js-L!c)c`o06PitGrFH_xW<4XF2Q3PDXCq!yQd)8#f+MQ2;m!HqYh3{WmczG-OqKN#((7$crrH@*jd{6AW+vwfdkaV{dX%A z*ng|(4YmI-u>Qu|-J9Ry{3|1<=KrMox7z=Z{dZ+lElo|Zf*Zu=jy+WcDW<#r!M1J? zs4e*Sqo|mOppZ30fX7-;M4U%RKm_$9E-cC;C@d;2fXeaPKC=E7QmU?A-qx-VyE{@S z;=E849T6KL0edk)aUOng8yg-WF#%g1YY{;a9&39WdvOTAsGYFbqkkcx?FmKAN^9qT z@7Z4T|73W7GAowq>4edO=P&4t4rT{;$pxE!`cf$fk34;RG`fi@02>dQb$pV)5 zw6peh^VD~9bCzPdV~OFe+K0Oa*~QkF0GVqWq}oBM9LU60#HIu@5@b{mJ}Vk`<*p84SZX*U{5j}K6qE+I#nt#ZFordQ<4@-wZ4$o=qk~rtQaa<~ z1NN|_OB3BVtmF}$@NGEVV|Ij+RiNzc9{em^6jq`>+=4fX*NjJz`92Kq-1qs(NW5?l zh2Yzx`fio~hBLBC zZOMu7o{$%l(Fa=5hqFlL-6eKXp*)gGZf$hhr;LtZ;!3MC;z}prxoZws3z&OoWEU$? z9J3hZMW1yP&KGq{T)q89d=;(WrM+y{m7baGaXdvu9LIiw2wD{|jg@e_jrXHIi(??* z0a`lx(Zo+DFY<$eet)H2@9Ep2s9RE?{}VfdrKxpBLd6@S-VWtsqzNC#k+%tJ@%GG3 z>Mb?G+0?Xj7-%teK?gh?I^-@q;>Mx@wk6aLDY;w^`(oUF*lr>ASNG|_+%QTAV@Ft| zUSYa(jGdLzZI{yWam*rNdx?9Q`2h-N+KI$ftd5Q29iL$>(T2HU#-kLFSZK=Cv0=_3 zru(N`B$f|Nd-4q*F|B`jg(6KT1uz>g8y}yOn8QFON|y7;1u=*wJAv-6pJU4TIv1c+ z9viN(K9TUPL1XloflxCx8JpsRmX8p>Dq4A3eqV^=C22?un+gNIzA_z)$P?fLm_zsv z609(NDK>Pj#vfOgl^yX9PNcG#WvQa%U*rgele1iFslC`*SFn5+*oGF2Iha~>rboSM zQ^M)ky8S69#T>#T>y=#P1av`yGKw1;^96b+^wKTMlS_TK(Cb6;8#@bk%}LaIy>Svb z`OpestjYCSwF(;A;E}TY0IH3$`r*v{O+rchSgb~^;U>AhgBc&Vj+JzOWHzDh91&i{ z1K>GpLu9t6tXCv>;)H{)_`-tCaS?s3=t3h`Dcf}bLlfZo?jm9MrP`9lyi@<{(w6pe`IZmolcyN z)PI-Bd?pbscKjUN1aOx1LZ%<#4!65baqOl?v(|cLtI_mRZv@J)_PCg^sUyYab4Oq8M`Mo6 z3P6uG;RC`Q>2^`_@^-|WonF%Rx4c93RlBzkqrwcB0W*oXX zW+c!>uN+)r1-$5JO%wfIEtYjwivAd4x&QUrxuZyQ=S}o2j{%p`WM_ejj)tCc>XlW> z5K|V$_2ZnQhWgm}BlUv1t(IEM>!^(xi72uAhCN9N^jS~Czq4lTp@q)9YTPwj2`ryp zC}nW5PsXak1D#}7?WZSQ3Nd}CV$xcvHq}0zI`e{{_i8a{1>~tOIp_wIZ|gCFE%P#h z%YNAs9%|1~K)4;LegNBj+*E0vw201!xh;EtQeyL$*5ZDkI2Egw<5PfIKD&+TM0Lsw|YnUWF_zuT1@?NV5izEm2cdp zOb3oNxo7t(Au``CLK&>ZTDt-zWxcsA>#U|oNhFDRUZh5hK;Ueb9jGBS9{u)Hme#Ae zf<4~$%982w(Y3zYY-v8FLbh<7LpZB_=g;fPk6<$;{25;%&D%#oBn}%pSw3^=>>WHT zLJ zeKWOAFlpFxDCNK_k`lxMA9S00##*@`Z$ck|(eR6{@A#0uVR><*dYe`&mR7&#E1H1W z>U>`A6jN&O*>9h=vFawqR3|93n!`5ElIhMEJTOP871$k8r*&?)sH0j+c^Tj1`xJ3mq2uQr9OI;@eJ2btxj0zX3SK^-)=7)G37_w z*tX}dqX@O9*1K+FYo?9m=ok%E%|u28$e?J zZE~mLQ1AXs21QlbMZ*PpGGKzx9dgfU4qwENXB4fkRuFTj6g$2Kuos0B~UX5{2VZWzGKGV$cAaW7|}x; z`6~o!dLU)R#7`wgIzu-@B1T66)Ije*3gc$EsT$MnRrf>`OV!(?1DILZI9UTiSp{lc z*c_`k`Z}vHh6Xb8Gv6JTpnKQnd-PfdTV^3YQt)G*V;Hw8n8l(gp&bQlM%WwVEJdtw z-I~vE__OJR_rVDs%UBgAIbQ+j0cXPg!zJNHFfw#+RbNdIFWM9^&U2d@GKdtz-2l zt)4^?x;2iTH=$&pqR^mmeWn?i_ta5j^iOV;`!@8pOzP*cLDQNbP|2R049$!MnHl;9HwzHt zglwNpn6SMGVY2KNhOipeG1F?To36ysQ|H9 zw|Ly|>*Eyi@&G$&I9Zem1J_S%lNDnlvpYDenBoRP*#i!}F@3T2%I|AaF7U&J`_?Ui zi-4-+K$$XIm8~WCOZeQkj1ybb7M74-N_+$9AY5ZM9VwakDIuOK#!@fLU)u8#3-~=e z5AAb`NRHUfvGhR;eUDQ;vB=UNjwzunVW`!nMuOcT#_@dy^f zDc~zd*{dc=fbVX^dbvOW8O;8wVj>zCrn%YePbTNS>e@hI6q z19OV$a%WIyPQ829q$lE4^?q*wBcG49Qxf#*ym*|`Vxz+2+w_)Xmc zABT`IJk&Wlg+n1MwMbAPVdD9Q)m5wl$kJxR%?Tme%~$CEKJ|nS&^1tes*1;c^0!q#K7ynb;gJRKEUOx`0w1P*{3pN7PRCNb`uoqZP3S z=T+dEF|hQ=>?J8-zD*NrLmkyo2m9^)O$DSPu0kJA%-QF~8}L#JRY;0dp~Fca&ysG-z2-s7A`n3xyhd*{{u$}A`zRz;Z0gb=O*~P| zc{18jOBjVhVhKzgMi3qetBfK)B2=AIQ=tE1^z6JxgNYD}r>ee)#qf!GAF&m6bjdfj zk}cAsid(}Qs3H0#DUVEgX>55oE3_6n=b@}nmnCa1nplj`1{1LO+1yFI+Tpi1@_O!r z$YPiD9T}tb<9ZjQNbLTAcxoJcw%)9lgE;b5d&FWbh6#jJgHA-%#i6;Ec58vVR#a9g zvD%c5)A8YC(Tc^S9-hh#giahG50+~tgmTXGc01p$b)6}V3H5bTj26*#BQ&Pog6984zV^vgg~xpB?t`j)Brf9imj+4!l-w zHrVb_ve{Lo-7u|y#S{IK-0pm>u!?TSbj5Wk$_>lt_2IK!{0g(^fQJ{Mp&IxR!Z^)! zBo8tKQ3B2RB@_eZF*9fojY&5TIJ=Ppz&!$f0eAwjk)-C43yoDUYy@qA6mf&v7idNw z(~=V&*uyA+xwr@M0Op4GT^%Ni6Z&~gsr!&g=(Xm4GVE(Bz+%01Y<_NcfWMkl5>CDq@ys!tq?qY zQ^BoFTYKDD_IbZ-SKgKOwXeLl?^>FaM}AbM@-oc<0+9`um9F z{02L;v3g_y(yCg;9LG17q1s z-z|kRO$@Dsc%?CMx>9CG5ke0SR977YxKVYfZWmMmfn|D~RaQ%k;80SRB^oQWD7>Q8 z^$cC7NmmnjIoJ{2DQ&u`G1|fdEB&wJo$A9Lu4$plFsI~QAXUL-5jU?}3U*e>z^j6V zKT$btOPgS@dR*k&yO6W7Akl1fhIRRrj2|7gsT$ZHc^^B6lPp6wyqEK%7W9Iw06C4_>rQR7to9gEC+1<^7xtH;Ungu!ZFatiGMz4jluo#+vjt!onMw=EjQQ}T zic`7~F1-CojmvEj?#1=-X22NeFAV1dx=tS;wt-rurbTzB%DMUaUEEl%ESF?mpCnqn z8aK1F5+eSOXcKCOr%-ueZHy_bTODW%h7>R^>9H94c@&!RY|=L6Jp5$PJgGXX=}g19 z=_6=Kn_-wleclDVV1M{VwL?|0uCCU1OYNA)G)ZjY8E--AIt1a5r~=U59HGv}f}eWd zW$H5X&~j#4teoRk*8R%Gz9w&`7Hedg4}sgmwWD%QV}OQkh~o+B=3E`m@0BgNO7oRt zo{hlV%I?jT%6H)MXAs0WZg4dkyFtOypm=xZr>k{ntbn~QnGmFoP@pKt-h;v@sXFkw zSqajF(M&~wy@0m!BwC*DzOjHs8JsyaBkZXO-!n~Fy7bBR4-;-b16xTe*-!dQCtX*l zxgE^d9QRy4pBXnGVga`ayAtNhE)qz|JBvImLg|)?Ib0Ff*JwhzxKH%G7p#LdAX13I z{t|FTOq&`;v||z8M=*6_fZ%!d)KOZ0z1{uIHf7RJ^XB}x9N5LS*$CFGxKrwptg84C zNu`#2eLJzh*QIusb2@hQLHv;$XHJ0-G>@nul#Z!VTgS|>nyvE|K*{@&{tw+^7TQ2*s8IQVY1%X7UfoFrX&)R+x~GB zOZJ)EOIr$I$?IF#StEVLHtee!@1SaD3|7AYc(xZ)8e70Iuwd2(`UH6{YfsH)Zo_(T zcRkVd-C)TF<)Ilv=1#Q_p%YoH*NxJ&N%>w7GKMPjp_NIY7$VaACbaGowec#R*AP9O zyk~8h@^!~IDWQf*B2E39iSKjDpwrYW&=|+9;~Ukv+N|Y}0K?%S+&`ve@KB#O02+kN z>Qiymr=0K?#F67=P^a=m2R0~K!-_wS9NIz(ol#*(f3eGckte48W(jAAAZnjOoyj#m zy}7>t%inxY!Iq3}MvQRh3FjA9D3{GTTi>Fg$92!B;9!L3sVnq#sUEa%UgGm!?3A~e zqe~Wk_+$FR;CB6u8Cz1BI?GPt`;)N?C9HFE805aAn;FcYHZb?;oBWFHi^xXpzC-hZ zW0&N55ZU8>FHnPo1@M>B+Q&d|TG_F9BD{nA#<0xp&5MfMnQ~@F&b}m~FavSXXIFuK zG(G1XLiWD*gw9?Zf(WiK&gEfE_q%t;YQNUjVq6jIhob;3dF4UYxCIMmS&n@I(}`gD$OE!ajCt zomQIk;{xlb2)xBa8gp`p#+iJ%s#ZA(c21I{oMc5 zfcAK@kXQ*q2x?cKpkoG6-&vOY?4YT;{qP@_+TU!mzf82hlHa#xcXukktjPX2Z1zeqPXIjA+`~>nQ<3zT@{$Omvh2WWxqNG%aPEYE)j$pLIap&MGV)4`pAX zQQe+t=g`Ls)OoEVf|ky6g^P2Ru1??Gk;ngS@c)z7zl_WO-z;Y|JSedxkMdcdHpa*x z#4m>%uPro>kXhm6Kj1Gw%R3iA-6lZne>7yHRoq8d0*f)RFEtG3ww82qw4O+%U1tsK zk|XK?d8{t?(AsDb38OuV_t6(ftd>R3Y5AzFq^e^egU((frx+pt5s=~PTXTdDZ@$dv zI(5Zo&Sx3lIth`}fXgh@?FM&PVb^W3`)y!!4gf-{W zW_vs&{C*%YV;2u^m{DqIU=XPg&@k=sO{oMHWbQ^vg3n!w-{j;&s5B^U<*kQ@v6he6 z9`(Z@nF5fMOAH4*M}aHo>5R$x>;?5@+&cPcQ$94Ll21pu9op5Qi8hGszD;v@Y^vzu zAs@ZE2Eus`n$OIieLQU^3(>ghaNvS>M!N#j(IxsgKhhu6Z~2^}I4gp6!QWYWwOnmw z<)IVmJlz49p=qE?=ermdx|xo)VM>aXFJ9Hv5)D1NT&CwcUzManSl|x&0m;YT)bSrs zx+`xvkQ6M9zJfpPuWJu=&qI^q{G~kmM-pIAFT7Vy=d5XGkxEhE#ed?;;2@7=72HqC)WP_`>>;7QzK#hG4&(&)u-5 z&uTQ-%HGmZgYgp3)fvG&fNW4>$6y!^@Ko(^u=2=)ynq55ye4-OHo24S1v(dkquWUf z0Z$E0^z`>Ia)QoSMwWrO(;w-vD2kCwbooznwoNU_OCM1E`i?Vdv@Tt3wS-8B5;1XP z!)ksShP4ewDJ!icH|m@t7V{;H1~2Rb+e_NgH}s<&KY*_`knva><&u$h9gi6mlpQ*E zsU~jsX4?%;b6Ky>#_?viK(s$Y;qcKc*JwCU$=vROnwTefRAtA@e z1*vy$$43&e=U*-}etZ+I2UE9O&8+S^%`iJg;|xTP2llc+b< zy@Wo0pXL)*O|iveA|Nk%XmT6FgH#`y17(DY)kj-PqsbL76XDtacWP;#cQiiX-e>yT=289n@Bo(XW;q*1ua^oNA~^JkT*hpfj1?mooVL<*Gj87mhOw?EDtZA?8w*Qjs;4;am)#0=4cYs9PSR& zz5E0(g!@~)c%dMb`|W~AW!NMpDEtR#v!s;p=8^2t!?CQJ6mDr?Gb^bbGpw`hO)qie zV#J*NQAKuL!#)J(qb?l7$|x(?0h3gjoNWskWIS5$+1hA-+LqVeM?~nZqtej^5dB(P zqvIRbV#m`WO)6APo^rMiptoCZH;E{F8l5lxbbi2oeU2OM0-VCGX*s-Z%^#HM8y_nV zKb>KPGn2?pHd4?dvdSnfNFwata4-3#+#YF+nrRG}sJ-LFK^RY=k=Nf@xIMw@4};MvGT!g!YaK0Xj1B_!7^NjdrhXyW2;=?wx%mpi=O6mw z?&Y_>d4D0ePq8XtHjmyA;+^CmyR36_fO%~>m6DHLHnIyo>laiVjRj7X^o4EW7a_Sx zg=DYR)VQ_uqUFO|e0C$=^8}T)v-d9>tfJeaR+owCsBNmT7SkHJ369(xw5*UWYw(qt z4E@Uu!DQSlC*1xS?JJRKU;0!Z#o2ln6Lsk_y|Wdc!F}8<-{+?;3$GhDNUfAjTrjuK ziAeF(oj^ke5y9VCHEy$UvTo{vj~?Fq(Y>=+!tn;q)`$Ftw-@>rRdIiXY^6ujoNogLP+l_3_ER^`d`oZn( z*jZY2fy6Ckq)^tfEzzhBzL*V6F$Va>+;lnx5;2!F@#brz@`Il(FU8V6Jvc}hbou^} zSVkzXN96UT-uHye6e>MBYL}QX_)>Uhq}Wuz>){ZEQ>C$o%(&Ta*k7FM^eri{O|^8D zO}EOdPF$_|Ac;He{`|x&6jMLdb~&Q-P0lRr#v^; zWi~>P4(+rgWthqeAm1eOn6N7&h?X zj`wV2F7ZICRarwUSv_?2KK!UJaJqTn#(%(B*JrA=zlC?D>)6`jnKrew~GI<%v?$oEBCGfkL-*IS9A~D%llkNy1rc7O8cZR)^fw7 zjcoO!*)4D|Z?X`=Rjm5pBqoGax~E||h?+|_!19gLcOYNLK@pda++={LLQLO6-|;#` zIA*Pn1=-ji<~GW&3e!@BbreGPv~sa~Gg2ie6wSYI4XN>O@UD0)39OzBne zrqATH%=owCXU>@(BveHAv9r$5CCiT_Ih8kbfg%NVG+9a*L(4!5EsV{&XL)>b_1F4G zCxcVPmuYt=$yKROEFNDWxW8sw2?YR~kKp0m@6H5-q(mi1OQ_?ETJ-kmx~;Q%YYF|u z8lKN+GF&Foe1nf;X%EQN>n;cWl31NLg0eeaJy~|AA|d13rZTFSp!3@}XOH6Zy*Zgp z+CWl1%Ihah^?i+@?XWz$a7-dA7`Ks({!8(gueRQK0#mjwefXlO`%o~iTleemMb?WY z&%pwZ&-R-pT8xD2G!;$fTy`z9^*b)o@Fp}GGDH%9{Z%oa6m7&D`?rGz9RAM33ga3# z;oa@bBEHIoRNk>AR*qcpdOuhlT6VdKLA&V~xw&1UxWQ+A2aFj}TY2@_B%EH5n08$} zn1gQ6H&bU$RsA7NzOS^TZK!Om&~CD&(Rl8*{br7>iG-#s9uc9Yn;Eo&6^(`xkpcef zdbdr?o$a*NroD(5K`1JBpBdKGo@8u|eD7IcWqVL)v+Qacte*@UI!OAH6=DFN$_JWSWF# zQjuBWa3RJ2)0=D1(|sy+44C`#J@%t5Q2Yk=w?4{YV;fafRWD48r$&jrSkIm0`^UGM+Q2{Is!|5c-N-r8~C_i?U4(^$D>C)=v1f0tF;n0J{=%d|65raoBqxvmngor>ihL)q9OZD z@nS+fGjfpFeUp`-PG?K3ruaK!ZcgG)hvEN+i%>(NWP)2#)X6R155&tk+bQlb97?pD zeND~fF&vWXrn}s#p-zHM_T4P{Xq~!L-eLLC8TGvf*MZ8b_`F{~iFi~NUBHaO-*O7L z%9b;;kbZvNX~1DTWS~yDqiL4(gBCH8y7r4~D9b#zl&*!t>bd zb_)RZ`u>L zCVGmewbB;3iJOXSOnaO`h4>y(L_DS2eDe`VH}wQt@9^M;)$Uj`jon{&05f(v2~+0l zAswleQdEqtG!4oc6nGb)vaeKqGtGH40=n`YeS(?Cwi>IMPWr)PF%EcJ>P0kuh$ri$ z<-=<%V*SihYNg@+A9Jkhp{(5pE0e5rueQ!hjx);|Etw_uhq|rBj`~GJMo6@-|2|q3vk75|Y$HR*%q{x4)at-zZn;?LYi*nRKXRUBd(k4K zvX}-(ikzCWnz=uJN#U!Qr5Dp%S|O`{7yq^}O&Yr<61=Iy;)v#45t2Tz{212YGw5Q1 zb!!MCDwAV>Oyq-D*?Kuk&R zp^hh8D4eW>>Ca}e;1L=f9WOT#$ZWSRZMJ@6lGIo-9;ZG|o(KzQHud8%yvVI8h4?Oh z@re^|xQW# z_wD2|6wTeYt09h!cOih(gQcMLHU*?<_!SMfr&fWPtd23HS(`MNQhbo^J4?Np{+U9d9O(klXsuqHq?s9An}05l{EUTQSCj8j{x z9KKk>|Ajd?K|fWHo@yIDqEjO>A+5FqR$sC-OjU!~rLMl#HAWn*My=ORPj73osN zs1x4j6ncvAh@I)dH-#+kd&y*dDp)8xu15yyF0K9%O|+NVdOFGDXliO9O?2Re^ZFM` zV6gkCo#fAav7f~{OV zF~3DsUevty*rGqo;EfkwMXQ-k&3+S93Vor_x>c=<=^dkOnH0QovK2Ff9eySk4EZ`B zZrNM?VYfssd_VqGMV84M)b&>;>;A0Qw@pH}syK5NM_+?L>A}t?jmzHbR`)$Li?SWQ zB~I5359Y7RwR_!rU|PXD-dw*GWY(3S>EpAj)DpE}1lH*NR?vFs zCw<-F*NArdXihpg&B^#pGV4ocY-cLX7?IA0;puhH>_be9=35x8EWV?s8;=U{z1NPi zl=J!YGCz@w`Gq6-K)j{umDbd$rR~Sea)y0DM$Y5LZ%2uM2{{^d?m3yJVELX%M-i8w z+4E{C&egk2vPa&IEjq?NOY4lhw}!sA1m8p=r->aUpjVYTH7aiv*1i!hfuH;k<@{z6 zBJx-pXYAc1BUf~Pr25`-;{M+EJdUxTp$djZu;i~>#w*wH zsoYlLkJqKt=dYkapCa1gM?F&yrJ|A@*3@3uCHmN*=bW*)(3kF>;2w62!VuYYQ=Vn; z4K*RzsRHnzP^;CF@y%}X&m5iTEdd9!q-tTF3oefN0Zz~|lS19bLyoifzE_|6v*V+4 z&Qeo1&JDKbdQ*0&)kQGQSm#~5yUqlkJ4$QLyGSiJpWXP_8=A`s>CvSRe&GC++a}$U zVUjEy9ZCmr`bqitSm5Hl)ly_1zv{_8A}N@dHekS?{@hRYGMt3)?17&IHzU`$rb1Zy z09EteMKoc3I%y7Mpo;pnrJPL4!PEC~kGY=3#D6OlopZ%g`DQTtN(`*K`@oX%a^WXU zMdum&NvV$%x;sslh+w;tY2;7)9F)U^u=2j3GAdk+F42@nZ}KVeOHF#j#c1$#eH0gK zO{j_GQL4pAER}lM$e{1r#D@7s_)%(_8xUEC*of@Ja`#}p?X(YJ$&P@qPznwR7Kcl= zp9JHv@};#W2d6|8dYI%YndFJt9=39;+{YJeCt6_I9{I>>m{{O&N)g>+I&JPNwSw}> zNVE28p|i2_1y@3waL2F?7s1nKkma44d8p_9hTe(^F>#QPu{|t(R8AkUCUIgqbJ~uolwwa1|j%N={Zz!nubcu z!D-ILprEKN4LPhGZCK{O>P*GqfEjmR6H@j&;} zCn^~EYOQdz97lj3W3Uaz_K!)L;aLWlaJb_0H(!nsG#56WsaHAtAn6hg%h|r*cPb3r zZPZD0OL#HdJIS%q4GliK|I<8M4CJnksKKQ%fL^Rzf9SeI9f|l>p0&03X;)ycB-IxL zLvsUnN*`3-J1h_Q#Il54@a4wB>VZvj6htjootQl%TRryd315Bp3}%%>Ftvr1#D-!` zqVIOv>a1bNI3npDY{IrL&}?K+05p|byPe4!?kGE%U7xfpdAf4cO6%nICaD#NX<(sW znU~Z)X-H82oD1i{lkw1-pY!tM&ly~nDt%nE$)hrRqabAxhW!vmNg{3|etB-bUW$p( z3)s1h@lVnw$HU+&21?8VE5{F)B>M47Br9$BOoZa?6IN0V8vzT6hnb~IlY${uHnOF| zh_VeNatMWG(srhj>d%v(ne8fl1OC03^Des4Nn_E9?T*c*cw>+bNYSpPBtrA!mY8Via7JZ>zNj+5?fTDR zz$cQ17okZ-`&GwBb(A_cb{C~S!v!W$aHc>pA27_AiWAr z5>w_IZ_loPMHj@&U835+pL}T&TWvCG%K#7}irZ4zrluXM;d=~4&4C2yVy{AXn)5B! zNIZ1&6@NHIQ_n=>JcA?Hi6i0{P|MJ&sYF;Ys3ge_V-L5+4Hi?b8^S>taaPA-v+M0M zNR%GzTMSh@93a7azy=#S4As0V0$( zEDGg(5`2oC6%hTI@60yhCsQ;`Uvhy#w@zrNL{GbFIC%PYon*T^xz=nj{rycogO1gM)Co~i?eH~OH3^c+r9#1& z>FsXo1`8oS2NlrQxNgRGdm!>k1_2e?uz5y>fxt^zq-pQIt*qXs(IB~Kn{QxsBMwZp z(N+bC)Sow*a(h@le{_zd<0J^L{vhu3MsqeVly_xwBpDb`1c!~zDXhO79Hjc~twV95 zqiZG3vwrZ@q#z>AM~uzZjTacFBff3BIe>K@*^RJGty7W}H?OytB2GPWh2^ndP3s3D zcbes?9h>w=k98ynCN37ShnNjbM^UaZ5J9(tvW|mf!nvHu{qCyH3f#|=iFuX7SLg*J z7MyBmLnYA8{Q7qa^oiGAPrH)P`0lM#WHaN9Qe;&NG(2HSnqzXDNCifbBQrZ+P|6Znke@A=ZB)3>?Cj0%q4X1~VnnAX?+Cb@cJFCd^x#kbw$EE!r zL=QYL$lLb*?l%UG+!fbGeK7&$8T!=X5MOYbr5;4gj*FjmE>>WR4TTn1{;)Dpuj0V| zAlljA%JA{Mq}jUHJ)U$mf1TAf#n}1|As$Gdq(LHq&HbNgQ;)PfCB5c2JjNU+zXC0B*ca!OP z$baV0|2y!1&;1>UzjF1dTCQlQdAr2Gj;5Zn6ZD{&(m#kTP4s~~=zzjq6aAtSYX?+; z>kX6!&|&g|q+KAiT0pdedAAQkpU}<26YJ)O?sxpWHQBXE!{u*A9I3$~(X%P@ks7>5 zSDcU=%tPLLh<-pG%3I%d5Ah8UGG}~S%ZY@$)qJ1MBiKj61Uei#pXH+41D@B7IGT^> zBO(PqwpD@m>8Za4g&z{4-(s2(;Xj#Mhd*TD#2x4PEy8m2eAkETxVH*3#l;-FTam3+<|mUVpSj0_Vbz zq705zc>K(8Hqcevq_~!IWW*W}wd#XMLO~Ijh+y;SVbB$M;uq^&upKu>#Y2IK5BcIs z7b2+dl|9(CJXgofl7{ya;5M@Q(0WbYbLIl5qo<0ijt+Wgb)|~=UP{-fe$6gGKb}4q zLrzkq;nrBe_BSWm$-Y$M;FrP+L06&GqKQ07o@)j!{TIqY8T zdu~$(03F&Zv}!;eAV|b`@8Qk&W?N(;9FR&-^A5a#PF;^}0273bu((U3-(noA9MTj+ zL@^gxF7LOa;bWZ^7isTMmW`AvbQWF*@&T*Hk@V=VW+IDepE{Lhz5U^w8Qeeo_-#)n5lr8O$95bMg6kyXi53mmpLmYVYnhIn=Js?bs0@ zD@ZxRenpcVl^K+L9k2eLJ0-_KbXCe?{>m|EiF>K5(jAu$uuyqDIZ{&l-dT(kV~EOR zQ9ae~i^gcS`mY+@NwvD9VLxa%L+~px!E%&7nXAqZ(9&w!Tz>^1Wz}!&>xR?g4g0)2 zt*qK*w@utkTfKV99HA6ogy$Z=r9;NJ!jd#~ofNV5k=wEt;D+hXM=Hdqpy!-*MtE`N zJ$b4)XOWvGZ>Wc6W>0^&5{6l1N!6tFU@{XwEywXPw2mz~YS&`XZYy_XINaj7E!~Qc zAIW@n*xwyKSdJ}ub~AiQ5>fn>!=HIoN|IEl#UKp5h`wUCu%Z2Jg~;amf(FY_V}!kL zoP3>9_+<`LL!erb>Mx^SWj7A7-XZucyqGa=x(aXMNqDqL$9#B><6z`E$Z8%C5`FvV zElKZlKcFvujT`GNZ2pf*6O#$~;7?+b@a0rTX%K~>szThk3Z(UWxGH=tkko`99$~V` zm?F`S+E<)1F`Uzj-mnvLY38?hxnUL1+YaL|$4oNKS;SH}u+k4x$tN$V7Y1XSRS^aH zS~4+u$hf?=j82*TjL(`pKo);$_(gf zj)*lozPY0Uq%-&i@DYiahXxXd!>m^*Z;)Q0b;a;%JfhXCd_81rXAH}3)8A|=`N~NF zv9Hezx758UN2?Z2YuY*ricbm!Ane+XWk1%|{~j@&IR6AD91L7H>d6%z7BOSd}6KQ&3ko^&ht@E@Qns5;V(Bi^}H{nwkPN1jc(i~ z7KjZ@9-(w~mhZ9yMU-n;!xI;7BgN@%xvNqYKd;q+OWKW}?p4ZK0+7yjpBCQTE}!od z1z8kGd@&F*@hG137w<(`X|wga++hxyKDR6^Y8G|D(m4F@sR~))Zr*$7Nx?B#6mtmf zl1{FrHzp?L_Yd5jY|T(3bXH|vuMN-y8!q3M1p6!#)YQ=gjiB6i2Twsh5|-;3+Ve8s zPKBXuxq!%rH#;o5d08FbCkfL~$7j1W%&9^KmBpZL>&yXIIK0z)S9JVQhmlX(x5v@( zBl;HY(gn<#T}SrBH+=hyN?5rc>i?hS-a0C(_un4{hLA=;q$C8SL0Y;&x|A+Ka%iMm z6p&P6=nw@&nxSKukCZSB-8D!I(lOMKcl><6=li|q{?1wFuDi}3mw#aGHSGQDXY;)G ztDZNA*ZnddwNY}UflAY9pYe46V&0O;ykF+l#aDN9^VVen=(JH;aiZ)Z7XrjTLf=ZS zyl9+wlOy=3t}gjeu|JBhY)*BQeWJYU-cxZX{4x=44}N~VScXDyz7jSR`A&adG)&Bh zCuvLg88pznD+j;Z==Qs5u%&~prX6zqEs}2Psub&PRQo%pa&ZsC15wR(O&3qiS((y3 zCuKV^A}`RmJh@jg#?*uyhxjkg{VtFd@@{fZN5>t#uzq4*c)($voN#epC~M1hMPQYB zlQ@c5!gM-W#ioD8FL@?v$N47HkMlpW0Fv$uW^ab^mOp-M&3o2^(E*paDR~ztZ@loe z_}ndPPrAh#7{x6Nw=5jDaxq&iNI+SwN$eh`KWf<9m^_?7IXNRc@xm{*^NPlktD6M9 z?mhiR>A9?yVuAZC?wMb3{WATn=|EoOgG5i}rMUc4K+rqd-QSm*`JW$=N`$5Se%{1) z6ne1Jcd1q4lEqy$GxD%uYI7g*=Yf3@Lv~sv}AW)X6}F3kbjF` z6Bxr%W0-#`^&IUpQ&#!%u++eTIjCX7h>qHV?7&OYLX>}cop2GV)S3fblr&h#nk zVpf~)Z}P9iW9nO8cF@YPo>!cRD@S7teZ%-u9}mn#)JG1%MMAex4PO%u!q&`m|8Su- zmxVv<5D9EQfAkMp80f8uL7%=-vXNFFyz5Id*UhqNpPl&HO)d!|38q;Dd=E)_6Sk(e zCyd!*Y-u$tQ#|Z6mOby=J0%%Q8d;bPZ-3u;x`L*kj&}F}o>AjMoEWE1eEN-$U>53| zV-Pzg!ve7hOrQ|-Ghh}WH<hNSSDDeKUMt zM^-VEJ4KQzqiPZ22!;u{{W;zj{$swyfEf=$Ok=C!M7qX( z!lv&p4S!r zHn|&DS;wbmXPnjiruqDDKH_QwUrSThcxD+|@dE9yMkfWlva#5dNER#`?l`eaod+U+ z5w+hv|7kol9jxsMydy9tvQ=@meWgnHxoc}y2wQIYF18fL%5~r|aEzyX65tgV-)t?J zft9(Fb!4u|iW?}}!)%=s(1k_SC^uniHImD^e38@u^b3kMxO|6YvYz08Kl|dU%rz*6 zVx>x-l8p^I!CL)DDN+?cq6t#^RxN#M7a8scL3y)Qd)oa8y|y?>k2gHG&n{|Z$imvy zO-utUW;6jLP(Jj$j^)E+m@e;6kp4VeYaPkV`J)&-9$wnOn-;o5fY}RMLJ{$MYA48`_zPwi)x%sFX{aT( z6y7rpmn%;6r88-T2@YR%!znv%A(vU9tNEzTqZRDNegTaFtBf-hjU^<}A!7T|7(;3s z5<>iSR_losABBD@GE?3vd%e}p6DE-(ID29J#HVd%F<_<~wk3twHoIJMBeIc@wj*{JwX4k@ahdPa&ADRS*kNq;9x7O%N%1<3hJ8g9t-DGN1>a0a|IiW!l zeubK_&-DgS>v@QY9p8bxzdl->da|l;_y~lj6T~XZ@%RaB`)P^FsO4v}H)DJ^nvbOQ z>Q`RhGiXG1)3Y{ou%dkANWEW9$=oPB>Pl$Rn?9R2gREshJo0@!GHG`TO5_<&99IhKEx}{JO97DCY(Q{h7bCBE23ZWzPNiE zR;C#UdG!yuOg^>I?%}E(RP`+~u%yO#v`(+s#c#Ja{h;HmPc=vNqZzQ86&VXY&CnJL z3=Ys}wRngNxBRLSxqe-EyqAwbsV95R=GQ{$rl4xp%jP#V2E%*b1NPf$LBk<0p2)=0 zAVUcQIkXn^m7JnfSn>_Mc8R18%<%Tm_YU9qz!^e7RPWbP)hVhdfiqst^OS*~DRt~x z&A{NHNcM`4w<54}X72HWY3I7u6V*b4+N%T=IzS$u(UPxwC{+7Njyq=7A7raeNW=y3 zW*eDufTXK!r=}WkP~XB1szl{Edp6cG3CAR>=RK(65*(0d76Iezdj3Owj&K{JIEd)X zlykG3*^>Cj@)HW%Zy2IJPufovYv57y$qCPl+InQ1^Zpl!n!I&DVATqvCuQLP%wQqb z>EP`N>4$Ev8jg)+^Z7xn|?_Khk=1}c91 z9<3D_vgo@kU7TJsJhVKPPF6v_qpToE)qg--r1wBFd+WJApVQkK3rhi3HxXnrv-dw zzMoSi()yY%%^GSI{3%CiZMYw(sgRffrBy#MGvgQl$8KMPDPbD2u)cdMpHsuqQdwJk z-&7a-%?r#xCR31ft8IRhW~e=1vz1`>t%?eM^3s9US(=>3JWnerAGq)%KW*5(_zSY# zP#2WeMa6pr6Rf8hT8IHHW;pv?Ta>g++JAb4AZfSc*pLU(9BW2AnuO{r}%1KjwL6tP5 z=ZTtkaOy3l%Fd_oZg_h2Wu3u$-u`-%N*3;unv&X)4<>74BK}?CqqUM5%w$wg@q1aN ze|_q8U2Fb4s|5abs~?58DbjYe@_Q6i@MKX<$=2kwj{GO(X{)tmMBzHOy;73@&SIbc zg1K=CCwB@Jrol&Hqliwo)AKm~Q6gTNWaWvD(PGvzIeMnn29`U+`STF>JAP^lr+bH{ zaclWW(;K#u`w;5Evbv4_P?OWv&%=|4BRCxlnBFI@!LbzYVJD-a#^#M!FUw*HBz2jq zc7i(9By%^w*@mw^hlMy_-Oz(S^}SbF0>=F&=LnLm?i|C z`8aW^!a4bPXV9YOf}g_P6K{3$HIdx}uGz!wIvF9XC3Z7fb7j8^$7uSX<*&0=p8?+D z(;|3^IOG{Ca~6BP^@CDw34TTw@@ z3KAu<*4+NaB7F_a)-Rp95^wc{-_@y%{{;c5OqJLY9g7mOY+p1j3Su|n^$I!ywM;Fo zp8|d-41I2nE8s|b=tvQpg)9wHS+0Ysnk|#QN&f6Nzb8$}Hc{X7d|_wm>r#QBb93{X zP*s{71WkHl?7K~iZO`Shjl&s&wlf_O@Ao~EU(H_ilv$BV4lr*#h=1f`qRCi2-o^Xi z&5+iUE8vH0U|P1x!h;XlSe&>QCLd4-iBiA5NKeud(P!SaQ2RQj5rrB@<(|^B5>Cf=fQJ)aLJa`iPt767O_5(Qe=j!>#hJ`N!hct71N7=6pwHl z4~=-)k%b1EsTIat)c%YeB;(`8bZ54qA$qIKF_v-e-W{<2XS+xZD`%X@hbQ+735kCm zAJTcp=x@HY4UzaBZE5`I{7sHU+ZAP1%flxw5xOz*_%xy6sqeZ2O@D0On{vXlJ6Tf5 zgXq+Yk9Ttswaq@KNqNYjeW`h`;~UVDci@W8`^`#7{j{56-i5GCZcs!0prkmJ^#NrV zZ?mB+xqc@q{HWpUJ~3q`U*JocvhRmd$siBH2Xyyvyk2Uwhn4jOK)L`sVL^%$7BJ#a zN?XCIwKu*7wH;UwpNx4+y!2{0!Y|G>oPL?$zeczcPRRR^El@tZPa)b|-jvocaQm78(s;%+6?kKlsRC+;QgJ>Z!$_ z+*BAIyhEkJz0G)(ms*}UxfE@#yXGQEXm79=B9r~|DYtaQZIEz<9t1QI=y#ccvvX=? zhL+ZF{@Nd*029jrrH&5F)S64enm?UcVb=9Yu>ZAegC(q-%A1-ME|HGxR!&Jp^F0~+ z1Pl|XFUpo|46pi$Hn{>3AF8Y}N=r3}?!8PdgOwO+rE z9^te;WQwbBZ^~x6pm?ofgU@DD`gd9A&ch4rJq^lDe%|J3r)8;Il^d50r6J$1MJ|Vf zH0hoiou{e6T!=**?=Yl+WamQQ^{P~OwG^7h05X`#Rc6Cm&1nPr95SbrvCo)zBn$jw z(*5HnZD||Wz#n%pMv~RA7ULEDhn@FNkMF8 zF9__Av&?Zqdx;Paoal!k!hQefGczF<@$i3TyXSu%-T!S^$h(DhR0|w=nX*;`^pByn z_{pTC0!pvHd&;3iZT5u7pzADE{6q2cuMg-3YuGuo1|g1!bH%<{(rCIEArU0%YAv+7 zbtG)x*XrCag>F%#W^>J3cE5EPU9cfF+*k(k3=+;T?3!~pU3|_?tdNs_qhM{`TxiL{1^B6uM__J z{{MBt|E&Q`3X&dE3>htBSK`Q!F7EvL$X;HHLjk4ZN2b8g{gXqv%z+PD-iYtPuv@E= z949XQ@j&^#4iE9p%5nR#)Veedi~tvshvxh0SesbgQl|bBe0Q7HgYKY>?O);>Y5)-~*T}&rN1ob! zKHQuPpD^+br{C@+LBxRA7fj^qXW=ihZ?U_IQ%OX(dpuD(R^`GsKr=S4*TXiSh3`i5 zZkL;Fi_m>LB%*pRaNxOnBj{jcS;gL@=t>7!=AE&C{P*7LUr_dy`tb(GqHMB7Y?3Ye zB1yi?CDs`f+WPDWVdl|dqk(zyZqzcw0>fR*mD5sh?Lb}YGwqXzBllvi>n|v$k4^G$Sd}%tIm2vPwRsgAmus;9 z&r^Rp%dJx^x2*nOXJnc3V%@#_{Kx|pgAiXsc*mE>MyX0t9_CF0XcBY|$_CxMZqrOf zepTgmwF|e9tkWB~bC8JSMDt42R`lzjXqc(l4Qn2p^x7g}Ku>!D7a0J&;@($U} zMwaF|1vQ?0wY~}BqA+CeW1EpG^g$hTyTk`E5_YXR%$(WCx;HQIl0WxK>Qk}K0Js%? zKP<3tWMHQ8MS}j7B}bwd&>0EXA3A?^Lk4tKL)P02Z^{pEGFT|H4baoWH6%7PDz?64 zP>q(;(dRU>GY_IeGF%P&ut!EaJA3=N=4~wv2}MOB@34T56lUKjon!PZb+d^=I~sO9 z%#c(iF1(uqw?6YWK2lO;d!{+!%w7h%5u8sE_s-Ywjz49gceE_DqB9dP626m4=; zI~L7}0;w?Fc3uu%dxFZXrGg@2zW7HuO02Bp++11e>?wLiIo^a?&pf}Vko1hzESjq_ z^f=G)GIqLWwU<}$v+LpbIV>rf%XQwv^?v%a2bFWtx2l9ncbA9GH1PBN-NBOzpG!(i zy}_p!ip8I9XP=qcHK-?5&0N?*Ul)@+wHTiYM-Iy21vjax${?m*mg96H*OW%jFWd8`bKbXN&BOgmVk{-gLaM7pf)i2O3*@`rSQA$I+7R zA~+)mR~wuD&1hReLaQ%2D_a*GRzP;mdfpkT;U>6(AMBapYYN#!V2L{$d7M}FwsM^} zqb~w<5eqd{>@K=^ITc)e>1dYTji`($Vog+TQiKHTZYzQXNSKpjdamNykxxP%$?ne_fmnKQv%~g zJR?qTYV*ao=~W7eL-SXKhYP6p(#T4k6FZFIZ5EQPhTV<#Yh7bXm$mWa@?nLBttToa z36jtw>b(y+Dc!!8x5-}o8aYN$$OrLiZ3nzlKP>gReHEvr+_E@#e2Rh!s$rxr6HEq2 z|H|TR-_W>nju&Tgus`l;GsUl9ULQD3p_WZEM@y^1#~+F`zzebW7smtn^S9SeAx{~W zGaG-KQHg$7^_lLe&{4*edb?Ii2Z!{NuoLphlHy7&OjS>`3XI|;p95lE;v&}Cp zA~(sK02EAOm3`Ie?C^Ev2K7}sZ?%3X`i)qq$2wtPFlY%P9DJ-yEhb6a@O$IU{a%MG zJy5B8z8F*U%!!YA$#HP=@K(qPrKu;(JS)tnFcyFqw!hG>UYn*_s&f&FTkbJ@cxKFY zWXyn<*(qTYGCIW-Xc|*-*F+c%H%KU(03+dQf2GzM)H=pS(LKkxc%C5a)cpIB_^`Ti z&L#Qo_|5GV0{R$C>r7MhjXUT0n4=?0Z^@URX`8bo6lq(_F^*N08-#82h;Z3Lz2cS* zaXFv@BzvMuePk>RaN&`lfbx&8Uci>g*ddC~`S#$q92vY4pT1sv1HyOZolH$SiGn{YFc`VhL&5rZ#j#p=z@Ci#i&eU--G$ZK^UX zOLt7|H9qDk@N@SSw#KefPNrAB3{I}D3&eN)X2Gs^+59@YOxQ9#7^#AMjP`W>xBkoI7ZoirO)&!^V4*Vc2|4g3xF1G&r6CgJSl|= zi6iKc7xSYXId@DSVZ)KLM1qp&rH|{L?>yriCq7$p0QyF>Cd7Z*9#7Fkl}_0+_Bipt z(sAHJdpa?JEtBH?3Tpw%sa^LWtiemMD55w{R(vFCjkQ#PZ~F1*HL)Fd-2PEqbF*mx z$0$}$rmrj~t@D3OAb7`XKLgty7{^L6g0u~2xF`DMs&>CkK?G}cu##?m{-0-_O5b04BO&Usx3*)2Gs|AMh?S&np3acI z0m9pV-$xp@I6MxGjofnLHMjkbECAGR)LBU1h6Gz20K(mW+sE%d-70oS<~&LAn6?7z z;B8+}XU7cCkVHJtds$8?_3N$NQ++`4EC^^?iqhAL_^{?yn4=1Z7O+lAu|Y zeYD%H5QlkcCZH~2yHm|MewKpo>FxLJddX}K!YPb2F@G4(+T<8}vIhM<-kUac?}a|H zb9I^9qCnJeH;ealXY5%TF^fvrg-Z4T!)9fkUf!CPL~e%1(rTu49}UTb}}Cf!QjugqsWnb<={ z_myeeTn_X$E9e%y_yLUw2BQG4uufHhHierb^7ZdS**fT-Fu-V|w zS`hnt<&5y?ljSBetC|8IiMO5ZLdgpc2#E-}a%EwS)22-FU8UK95?yLjwYClAs(kA$ z!!|H-b${_L1=-NZ!t`^kwdEhIH2Htm0h9A~zI$UlAjawD%2&>`t z{L1iQ^SxZ|+#Ru}Xr9r&(-c6+5JpHBdYW?w1nSx}XYSr zl^X6t^B`t|3$4N_JE0{m0G55;w=+X7SL>Jl-}w-s`9PD>gRK5AQ^H4Espoc1o0En#`ws(xYSO5t#d=qjdDKUxAfK4IRtzv1#5%MUPJf z?skt^l3l?0%^MpfMy|+588E@jk&&M;n+*C&Q#RO30fXLy_?%h~G3QU%+g9js44RMd zBX?U$9$>+gJDG_1@OiF4#zR);>$1~Lc6@AJfS)@sC+RJM^cr9)YvN;bZkMzb^wyu?Rba1uKC*PMDU1v( zzu9^9($+R%FOmCEv-)vM()+%2%~paaIvq$v18QgOYVIq`a!Z>Z7miS_6(8qG z+>BYm)h8&}J?esE>WMWs z3J!=w_FPL%DKQ+M=7RL_)k;JZL%g^_Dm%P$ZB#TwsMB1;)4XJ8h2%j4mvl?YD@V2! zw-py#J@c7BE28V%;wM`@1@88a=u;9`gX*-Ii9C}4nbK*-X5D5H%0OEB^V6fSA%ERn zGE56_(xeC6ZN)ak*SL1dT?MIMTg662`#I?_7kJLW*kPGtY~ruU{9}j=s!E+{)D+og zf4V`BnT6cZS(*zs0}z|d=1%tbubrSqxc?KAX*2N#WDDt@mo!@xvD2@xJmX7gB6=#+ zg)H%IW+6=WCK$tOrxirF^$z_q6LKaBhP&3H&@3^{T+)#4rzo*_ap`ja1IA%?f{CdC zQpTo`rNbA4keSYcqmr&Ffwa@J;DRk%X}xBI?hpaV0nbAeHiOZm8eH>fKF)P>sm|yU zlouKwE{j3bE=4XKYGbv2r#abhmw-(~`|*Km1{F%*w#2a2{}qxGItE4e4zwQy>ST{7 z=S`M6e%0yT>9eP9l=G``N*dg0WiZ9D8!K2lerh9Fvl$+*rIqitDPa3P$2-^iZnz1iEr5S>yy; z9DTEHickPachZWrIJDZlZcXBym>I-I4evTgmp$lAx2qfE>J3nqG0i!XZ_Nkrz$Dts zJjY@Fw}eO9Ge<5l?SZ(f$ngd%pRo2bl7OYQPs|pH6pK4ov)>oa&V9ocnts!CHUC|1 z#3TrEIDFpB38~h6F)b0T-#_PZxJzHF3FT0Ku*@Ah-6a9U8Ej^vCH}N0Zl^*ASm7T>#ageouHpPFh(R;x!(u_)496l>?0V1Eb&nUU+pD@NxpfH`XcxHZn z3b5fT?I-Ge{^N+Kr&sK=r`!2ow{~AhOf%PuqJc_z3nDLiSmLBvpRC{ei+4RTc7o;B zoF~9jDCd}uAm_dB;SVQPxr~Lml9O8!6b7}R%8;uH01D=x3*@2)cOs;#Ed^rSLLH{+ z%^`S8Bz2Us2j0}Z-`ba4z2{|bn;WjLj@c~>BGm8ex4CbsOL{gBp6r3ozP9f2QV>ja z>~o+X8XJ3-lb!wqEaCYmHRIBQf>*VzyIQiqP?qjq(u}>ld(Bis$SoE0G<)nMW0AQL@OnkT`3AL)IhZ!{FW@9BuZ?4EysR}U-8HF7T zGAc*zt#SO2j6l312xrVru|b${g*QNzprHecZ%(QhmZgB@&7*# zOn5Z#-v1#$|L0-1k~jsHS1{{J%1UnNFaY;h=mZ4`MQV<}G1;a6lij4wCA{6Y88SchcQPAODIk6|h zVV+iuxQV#81oSnHTp|=LExkkqfPF08n7%Jy@2+J4Bf&KZ{U-WB8vAKlF0i+l!kz_Z zl|F6^-NIS6gk3k9dsv@5uqP;&332D#++kQO9V+5O5%tUtu5IO=KkkWjT*EZH-&vZ; zHPXbavRi8B@Ep!s12I(iM^yO9la5MN7UM`-+oBIJ49*1D;rA@vJRRl3V#Hw_Rh$Dv zdICrzDlz^;sIobKxLD8E=}Z|rnVvmoBgXe9n|>rZr}j#hCgCS3qIjU z!JtU8w{}UORGA6$oV_}(3kF$L>tx@jUT_vyGbLXFBJAoa?PtTK+QUi zoTdgvTJ^b=E{lwBsdPvf3WR3gnqq8@iDNq+>XZ1ow92qC;4jq^L~+$zlL*?3O!mUQ-zW+vgm2E&8zGYqiEAm%6aT zU6#bHdyD0*3jsy@+RQ{=*jEEntdn~^%=YihGV_4xWr`1UG-j&B<-65d{65|0utSX}INl9zS?V!zZ@A$3D7f z(cry(b|KWmCV6LJ79K@nHgoP4LM=a3kI5HP33pUla-Z)=v=|&RgF~(2!Xt*Idzg7K z#TxMuQn{V4x~FuFx0)?er}KWc@da{B=C5jfRN!~sZ$l)aoRe;wKV^<;^xL#W%fD&3 zOu@LTV*^_@=lOT>CBqYW1yh!fP=g_p{V){pGbL2CH|b_6Bft|Bab)C zI64*m_7paPQ*CZ@jv>689c#zv=-!PsiO$Rkq}lCZPEc2=vpqOZ-WcPyJR{TDq`!lw z{j5PnT(o0x;&4)DCS^Szi}b~M+SIFQ{auFH#>i3hPzOVjQ@H!O%qX6fz=!z>Wu{@o zrcdq)Fw4LYnnhE%hhIxx`>^)OsM{t=JHc-%DMh4nlA&yF_Vh!J&)Vf--y(i!$;q|L zN|3Y6OVm8pc3+8$Zb*n=|EooYYdQ$ygeO>KNMRRO=Uo)HL=4OuB zXNDWD+ldd|5`>$Z&2G6?fY2%EC+a;351b}^-Te1&?tE?^8H;$@GB1C7SmYf0O1wAoVj-fn_&qdGV^v${2I716kuO91KPNY`?nlqoy;ytNc?A&@AV7}X z6ilx=kl{hF7EKw``V4xXwYz4x;xPUH#tEJ>B;uKh~{nox8C-J9pa_y=THU}n7tfQ3$NhO7_n1QYV770f(yc|EDLQbV? znpMsckIllWlWSL|5pcp-(c1oac;{G@W51<`bo^C39LxChpY>6&f|jK2VNW)l=6-Yw z#j3O{0W{Yv{Embsz;Q0RogDfw0i(&+!To38!V3+wRE}><6msS^LJ%a3%^O)FVmm3M zV5f1vIq7Xon{-Rf53eL?U>S7Bx+C7s_{w>vBy9u~T1bey4LI3GF|<|KeU3z3Vm(Wy z{lV3vFYN&?2X)ohX2>ErNFhvt5zqT2f}mtYUNJt6&cx#r{}7XJ%tzqG;x^f&$wQ~nxs`A?)U z#IV%Fp@CWc|8&D&7adVxEc`#hD5dYzQWJv6?v<@YQBXzXW>f?+AL`_nUx@WYX$?nS zIF)^F&rP>0Js(AbZGd{#xS7N)ZGEstk=db9<8s6p6hJDUh8YCfqNMef^utRO@`F8# zIPX547|Qy&ljAqEhCGR=%}7{8bD_o`4YO)|k=dDSfa~QhPaj zLw*W&Ied(HGMjpC)QjXph+t!TDNG@9wtc=;J^qDN{P!F_rsA$+)ns@Vy2!`K6)2vA@o^LA^xqa!#t1P1Yv16nI>g1cBkDp6%0Fipz^=P7SPrx0OBorHdHkM)8Xf~}R$?Tm)A63$ z!u(bwm(_IKFNy#~?Z~VeYUi9^Um7}}v6gwJj%32loQnpZ$!^#sOMvEt9i#1KSsL^?$hLJct}vOvC$ROfCw zkc3`c!QRLgxAuV-Pc4y`;<-3am=7=^jT`Ekv6W(6pjUd;A`kcSVefHRVs-;<7<+&P z5daziYw{7rYkr_JO-`&lY%NLwuRl%=;pL0u_N}w1@xf-3}g(4Cai0LbfiWXUU z!EhxW9JDOj2yfW-4z0?hmgl>ZyC-8AWJ#81NTlfZdGC!a=}Ih=)>eJxy!X_O%R5)IfRHrkH*`eE*RCw1B>X$8DdcxpM zLwjwGE0XBGbh7CqQBg8%vH|?j5P-VD3+D07%~1agthXWQP3%nBaoD< z@hC{FTMKn6PrwN1xW^}&5>c9)S)hi+dGR2V-EDGm#JW$KwO|0hAyYY&(2lz2A#3%} z)@J(P2>DTHOsoOLLF|Qbd5C|b!Qmw1fdgAyfFfhz&h`DJc6aqU!KE|z*XP!TV?Whk zH4d43Q!LZ(pUJ`=nVI_^xf=ZzQO#2%z8Uv@NWju>Mt)nL-zIH*r zqJ7y{;Pq!;bSys8-aBH7Yn0l-d8Fm!KKvH!V)O8wY1eNC|AN1J*GiY@+|>_x2ETKM&Q?!Gg#iN6I+2!YRzM z)7ajOLYmOw3`fsCTm@3x!Ksd87x>QmEvui5_I#7ku(rs%SX+@{l_RWE5xf!+ZVr?0 zF=07_QMpoI&HJ?GYc-S78vELOJED6^#HIfD}D8HFzj*4!2^myevciB8YRoAn`u%JSmBFZ z-;}K#q&sV|+-T2q>vB7*9Qn}{iJl-0oA`*>Qq#jDC*{;jzoHKrsGf_>9M+4%s1|Uq zPvH>N`D8)V6Pl<%?A7gk&Z7&jf@kDg4u$(eA^iN7*|#Z+GcU~-A+}1>ER%RSsQMVY zslm?7zK4I6?%jqKZIV90UOk{QrV(5!I<}6BWkK?0EXZZb*JkdCri>_N%!9R#8~Hy@ z;5&S4>1;`#C6(XfoLc&x1HZ$h#r{IB;{Q z^NN#oat1p1p#+wvl4LtEA3kr-Wa4nh>)ceT%P1{p}QGYR|eB+ic zZ%6L4<8ndkaz1c6P z%Tm4NAPr}*5O|RdQLa9xLWiP4Z-auZr9x>|3p2KWj_3^DUr$+vV=t^Q*7dLbg+1|u z35o>>w&H3tbkg$n22<6AM~4Po_xS{ZR$H{TPD;BuvITjKIrnnAFLk&RHf zaZvPTf*l=6D|x3TC&Z<*)tzH9Y$(Rv}b_T=RPh){o;?>y6x><;}x% z#17uJlsR7dv@Y8pqi0Y-@ICC+)W;P5xo2W=1iTZv0`n^h%Z(iZql^WabH}Cmb!y9A zzP}kxvhz}kImbPtG9!&hMN{7ac2181?x?8k{jN)d*DBER8?r@0RlPqdu%2H&_Y3Jz>gM}{4Z{OOg2wmvviJcq%f3Eq zy)t70Mm*|aW(7F-08dYFen5li*}&i>V$4xm4~LB>0L?^bsXuofR&>;CZGHZo+KP7O z9W7vybWy(pM0<)K3JSod!MP>NQ}-@&Uub)t8dbV>Sc~mtS8$<~sb}ZD;F8}wnE%}0(xtoRCb{A{LS=1+Fe=%(S>aZ z4N~7$EZ(0amuAn@P9z@2m9UO_0Nza~q5tHg(@h%>(>vJlikQZ&CRip7rKB&h7CT~H zfuZHkGqkS2FKA|;0dugP`0eR^d7}jE0A-5A0Duj1pEMM7LUNr)#a8*CJ=Yd9;!aVT z*~SaygiLh`keaDIK2vZqp2$6I9xIPFe0o9n4}#*>>c=DQI}`KE61^+ za*v)Rt@fS|_V-GD_RTP^%vh!# zrW)xSMWe=l(4DdkD4o5SuS6axCAV07|NKD^V+dB#xd$lie0uK$vXB?-l9|1v)ZtsQ zix`HvdrrMnrh++~qm0Z+vd%THnDmYsEjQcv+ddtnk7WMb|J7Br`MZm%U4X7}arjj$ zL?dvk+;2%TV9pLu3q~Y3uhCp>A?Y7s<|TZt#qSvz&JnGBg4cI5#M=3N#T75if*k5 zrlF|K7~?jlF5Dx?IISdHT#!v`!+3Dd&4dnq@iNZ0ZJLf3$r2q95W$?Y1h$78h7`%a z_JSQntU`<1gKC-+oF6#Hybk$xL;=hwm1s|jctwWyp-bOVTv`n1FqlH@YlV=&1fZiz z_m|c8n268$F?j?UGhU4Su|Yw;-WG1necqi1QFowd^-nPXQ#gZuMx8%qptC6?b@$wM zRgebzb74FXBL)$E1}z)Vc~Epog&@gj zSjd*-57Zjnb@fox70xO_iSXv+jHVyGbB^r7>W9!h6Q@J>X(VYDpm0EyJ2=@&ai_pU z5Rf7a3;Bt!gwv;GDP3x`)jMe#*a0uafs zI0pCkTM1fmbG94<$HbjunLOC@w(L=^Ezp8JF%b}EY!oveN75& zgl>%nHeNX}$Ppz*_ie}uw%2jinilBm#q@Qb0``ySY~AC Date: Wed, 11 Dec 2024 23:31:50 +0100 Subject: [PATCH 10/13] Add some useful utility targets to the Makefile. Signed-off-by: Thomas Hallgren --- Makefile | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/Makefile b/Makefile index 5b4d9430..88b01043 100644 --- a/Makefile +++ b/Makefile @@ -37,3 +37,31 @@ pull-docs: telepresence-remote git add . rm -rf docs git checkout HEAD -- docs + +DOCS_VERSION:=${DOCS_VERSION} +DOCS_BRANCH:=${DOCS_BRANCH} + +.PHONY: read-branch +read-branch: + git fetch telepresence + rm -rf docs + git add docs || true + git read-tree --prefix docs -u telepresence/$(DOCS_BRANCH):docs + +# drop-version will remove the version given by DOCS_VERSION. +# Example: +# DOCS_VERSION=2.21 make drop-version +.PHONY: drop-version +drop-version: + rm -rf "versioned_docs/version-$(DOCS_VERSION)" + rm -rf "versioned_sidebars/version-$(DOCS_VERSION)-sidebars.json" + jq '. - ["$(DOCS_VERSION)"]' versions.json > versions.tmp && mv versions.tmp versions.json + +# generate-version will first remove the given version and then regenerate it. Assumes that +# read-branch has been called just prior. +.PHONY: generate-version +generate-version: drop-version + yarn docusaurus docs:version $(DOCS_VERSION) + rm -rf docs + git checkout HEAD -- docs + git add . From ac8d148080e223bbf0a7e5dbd194ce6fb633a1a0 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Wed, 11 Dec 2024 23:32:20 +0100 Subject: [PATCH 11/13] Update docs to latest on telepresence release/v2.21.0 branch. Signed-off-by: Thomas Hallgren --- versioned_docs/version-2.21/README.md | 1 - .../version-2.21/concepts/docker.md | 39 +++--- versioned_docs/version-2.21/doc-links.yml | 2 - .../version-2.21/howtos/intercepts.md | 22 ++-- .../version-2.21/howtos/outbound.md | 93 --------------- versioned_docs/version-2.21/install/client.md | 35 +++++- .../version-2.21/reference/config.md | 6 +- .../version-2.21/reference/docker-run.md | 5 + .../version-2.21/reference/intercepts/cli.md | 4 +- versioned_docs/version-2.21/reference/vpn.md | 97 +++++++++++++++ versioned_docs/version-2.21/release-notes.md | 32 ++++- versioned_docs/version-2.21/release-notes.mdx | 22 +++- .../version-2.21/troubleshooting.md | 112 +++--------------- 13 files changed, 231 insertions(+), 239 deletions(-) delete mode 100644 versioned_docs/version-2.21/howtos/outbound.md diff --git a/versioned_docs/version-2.21/README.md b/versioned_docs/version-2.21/README.md index 183f155c..5c65fe0f 100644 --- a/versioned_docs/version-2.21/README.md +++ b/versioned_docs/version-2.21/README.md @@ -17,7 +17,6 @@ raw markdown version, more bells and whistles at [telepresence.io](https://telep - [Intercepts](concepts/intercepts.md) - How do I... - [Code and debug an application locally](howtos/intercepts.md) - - [Proxy outbound traffic to my cluster](howtos/outbound.md) - [Work with large clusters](howtos/large-clusters.md) - [Host a cluster in Docker or a VM](howtos/cluster-in-vm.md) - Technical reference diff --git a/versioned_docs/version-2.21/concepts/docker.md b/versioned_docs/version-2.21/concepts/docker.md index e8242f4b..7efef2c5 100644 --- a/versioned_docs/version-2.21/concepts/docker.md +++ b/versioned_docs/version-2.21/concepts/docker.md @@ -48,15 +48,11 @@ Echo server listening on port 8080. Using `--docker-run` starts the local container that acts as the intercept handler so that it uses the same network as the container that runs the telepresence daemon. It will also have the remote volumes mounted in the same way as the remote container that it intercepts. -If you want to curl your remote service, you'll need to do that from a container that shares the daemon container's network. You can find the network using `telepresence status`: -```cli -$ telepresence status | grep 'Container network' - Container network : container:tp-default-default-cn -``` +If you want to curl your remote service, you'll need to do that from a container that shares the daemon container's +network. Telepresence provides a `curl` command that will do just that. -Now curl with a `docker run` that uses that network: -```cli -$ docker run --network container:tp-default-default-cn --rm curlimages/curl echo-easy +```console +$ telepresence curl echo-easy % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 99 100 99 0 0 21104 0 --:--:-- --:--:-- -Request served by 4b225bc8d6f1 @@ -69,33 +65,26 @@ User-Agent: curl/8.6.0 -:--:-- 24750 ``` -Similarly, if you want to start your intercept handler manually using `docker run`, you must ensure that it shares the daemon container's network: +Similarly, if you want to start your intercept handler manually using `docker run`, you must ensure that it shares the +daemon container's network. The most convenient way to do that is to use `telepresence docker-run`. -```cli -$ docker run \ - --network=container:tp-default \ - -e PORT=8080 jmalloc/echo-server +```console +$ telepresence docker-run -e PORT=8080 jmalloc/echo-server Echo server listening on port 8080. ``` -### Tip. Use named connections -You can use the `--name` flag to name the connection and get a shorter network name: +> [!TIP] +> Use named connections +> You can use the `--name` flag to name the connection if you want to connect to several namespaces simultaneously, e.g. -``` -$ telepresence quit -$ telepresence connect --docker --name a -``` -Now, the network name will be `tp-a` instead of `tp-default-default-cn`. - -Naming is also very useful when you want to connect to several namespaces simultaneously, e.g. - -``` +```console $ telepresence connect --docker --name alpha --namespace alpha $ telepresence connect --docker --name beta --namespace beta ``` Now, with two connections active, you must pass the flag `--use ` to other commands, e.g. -``` + +```console $ telepresence intercept echo-easy --use alpha --port 8080:80 --docker-run -- jmalloc/echo-server ``` diff --git a/versioned_docs/version-2.21/doc-links.yml b/versioned_docs/version-2.21/doc-links.yml index 428a84d8..febe49ed 100644 --- a/versioned_docs/version-2.21/doc-links.yml +++ b/versioned_docs/version-2.21/doc-links.yml @@ -24,8 +24,6 @@ items: - title: Code and debug an application locally link: howtos/intercepts - - title: Proxy outbound traffic to my cluster - link: howtos/outbound - title: Work with large clusters link: howtos/large-clusters - title: Host a cluster in Docker or a VM diff --git a/versioned_docs/version-2.21/howtos/intercepts.md b/versioned_docs/version-2.21/howtos/intercepts.md index c8c124de..61652553 100644 --- a/versioned_docs/version-2.21/howtos/intercepts.md +++ b/versioned_docs/version-2.21/howtos/intercepts.md @@ -48,7 +48,7 @@ network telepresence, and remote mounts must be made relative to a specific moun ``` 3. Get the name of the port you want to intercept on your service: - `kubectl get service <service name> --output yaml`. + `kubectl get service --output yaml`. If we assume that the service and deployment use the same name: @@ -65,7 +65,7 @@ network telepresence, and remote mounts must be made relative to a specific moun 4. Intercept all traffic going to the application in your cluster: ``` - telepresence intercept <workload-name> --port [<local-port>][:<remote-port>] --env-file <path-to-env-file>`. + telepresence intercept --port [][:] --env-file `. ``` * For `--port`: specify the port the local instance of your application is running on. If the intercepted service exposes multiple ports, specify the port you want to intercept after a colon. @@ -84,7 +84,7 @@ network telepresence, and remote mounts must be made relative to a specific moun Intercepting : all TCP connections ``` -5. <a name="start-local-instance"></a>Start your local application using the environment variables retrieved in the previous step. +5. Start your local application using the environment variables retrieved in the previous step. The following are some examples of how to pass the environment variables to your local process: * **Visual Studio Code:** specify the path to the environment variables file in the `envFile` field of your configuration. * **JetBrains IDE (IntelliJ, WebStorm, PyCharm, GoLand, etc.):** use the [EnvFile plugin](https://plugins.jetbrains.com/plugin/7861-envfile). @@ -128,7 +128,7 @@ present challenges in terms of toolchain integration, debugging, and the overall ``` 3. Get the name of the port you want to intercept on your service: - `kubectl get service <service name> --output yaml`. + `kubectl get service --output yaml`. If we assume that the service and deployment use the same name: @@ -145,7 +145,7 @@ present challenges in terms of toolchain integration, debugging, and the overall 4. Intercept all traffic going to the application in your cluster, and start a local container to handle that intercept: ``` - telepresence intercept <workload-name> --port [<local-port>][:<remote-port>] --docker-run -- <your local container>. + telepresence intercept --port [][:] --docker-run -- . ``` * For `--port`: If the intercepted service exposes multiple ports, specify the service port you want to intercept after a colon. @@ -156,7 +156,7 @@ present challenges in terms of toolchain integration, debugging, and the overall cluster get routed to the local container and the environment variables of the service are written to `~/example-app-intercept.env`. ```console - $ telepresence intercept example-app --port :http --docker-run -- <your local container> + $ telepresence intercept example-app --port :http --docker-run -- Using Deployment example-app intercepted Intercept name: example-app @@ -164,7 +164,7 @@ present challenges in terms of toolchain integration, debugging, and the overall Workload kind : Deployment Destination : 127.0.0.1:8080 Intercepting : all TCP connections - <output from your local container> + ``` 5. Query the cluster in which you intercepted an application and verify your local instance being invoked. @@ -192,7 +192,7 @@ This example assumes that you have the `example-app` $ telepresence connect Launching Telepresence User Daemon Launching Telepresence Root Daemon - Connected to context xxx, namespace default (https://<some url>) + Connected to context xxx, namespace default (https://) $ telepresence ingest example-app --env-file ~/example-app-intercept.env Using Deployment example-app Container : example-app @@ -212,10 +212,10 @@ You can now: ```console $ telepresence connect --docker Launching Telepresence User Daemon - Connected to context xxx, namespace default (https://<some url>) - $ telepresence ingest example-app --expose 8080 --docker-run -- <your local container> + Connected to context xxx, namespace default (https://) + $ telepresence ingest example-app --expose 8080 --docker-run -- Using Deployment example-app, container example-app - <output from your local container> + ``` You can now: diff --git a/versioned_docs/version-2.21/howtos/outbound.md b/versioned_docs/version-2.21/howtos/outbound.md deleted file mode 100644 index 987792ce..00000000 --- a/versioned_docs/version-2.21/howtos/outbound.md +++ /dev/null @@ -1,93 +0,0 @@ ---- -title: Proxy outbound traffic to my cluster -description: Telepresence can connect to your Kubernetes cluster, letting you access cluster services as if your laptop was another pod in the cluster. -hide_table_of_contents: true ---- - -# Proxy outbound traffic to my cluster - -Telepresence offers other options for proxying traffic between your laptop and the cluster. This section discribes how to proxy outbound traffic and control outbound connectivity to your cluster. - -## Proxying outbound traffic - -Connecting to the cluster instead of running an intercept allows you to access cluster workloads as if your laptop was another pod in the cluster. This enables you to access other Kubernetes services using `.`. A service running on your laptop can interact with other services on the cluster by name. - -When you connect to your cluster, the background daemon on your machine runs and installs the [Traffic Manager deployment](../reference/architecture.md) into the cluster of your current `kubectl` context. The Traffic Manager handles the service proxying. - -1. Run `telepresence connect` and enter your password to run the daemon. - - ``` - $ telepresence connect - Launching Telepresence User Daemon - Launching Telepresence Root Daemon - Connected to context kind-dev, namespace default (https://) - ``` - -2. Run `telepresence status` to confirm connection to your cluster and that it is proxying traffic. - - ``` - $ telepresence status - OSS User Daemon: Running - Version : v2.18.0 - Executable : /usr/local/bin/telepresence - Install ID : 4b1655a6-487f-4af3-a6d3-52f1bc1d1112 - Status : Connected - Kubernetes server : https:// - Kubernetes context: kind-dev - Namespace : default - Manager namespace : ambassador - Intercepts : 0 total - OSS Root Daemon: Running - Version: v2.18.0 - DNS : - Remote IP : 127.0.0.1 - Exclude suffixes: [.com .io .net .org .ru] - Include suffixes: [] - Timeout : 8s - Subnets: (2 subnets) - - 10.96.0.0/16 - - 10.244.0.0/24 - OSS Traffic Manager: Connected - Version : v2.18.0 - Traffic Agent: docker.io/datawire/tel2:2.18.0 - ``` - -3. Access your service by name with `curl web-app.emojivoto:80`. Telepresence routes the request to the cluster, as if your laptop is actually running in the cluster. - - ``` - $ curl web-app.emojivoto:80 - - - - - Emoji Vote - ... - ``` - -If you terminate the client with `telepresence quit` and try to access the service again, it will fail because traffic is no longer proxied from your laptop. - - ``` - $ telepresence quit - Disconnected - ``` - -> [!NOTE] -> When using Telepresence in this way, you need to access services with the namespace qualified DNS name (<service name>.<namespace>) before you start an intercept. After you start an intercept, only <service name> is required. - -## Controlling outbound connectivity - -### Connected Namespace - -The `telepresence connect` command will connect to the default namespace, i.e. the namespace that your -current kubernetes context is configured to use, or a namespace named "default". When connected, you can -access all services in this namespace by just using a single label name of the service. - -You can specify which namespace to connect to by using a `--namespace ` to the connect command. - -### Mapped Namespaces -By default, Telepresence provides access to all Services found in all namespaces in the connected cluster. This can lead to problems if the user does not have RBAC access permissions to all namespaces. You can use the `--mapped-namespaces ` flag to control which namespaces are accessible. - -When you use the `--mapped-namespaces` flag, you need to include all namespaces containing services you want to access, as well as all namespaces that contain services related to the intercept. - -The resources in the given namespace can now be accessed using unqualified names as long as the intercept is active. -You can deactivate the intercept with `telepresence leave `. This removes unqualified name access. diff --git a/versioned_docs/version-2.21/install/client.md b/versioned_docs/version-2.21/install/client.md index bb3c110f..f1811a5a 100644 --- a/versioned_docs/version-2.21/install/client.md +++ b/versioned_docs/version-2.21/install/client.md @@ -36,7 +36,7 @@ sudo chmod a+x /usr/local/bin/telepresence ```shell # 1. Ensure that no old binary exists. This is very important because Silicon macs track the executable's signature # and just updating it in place will not work. -sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-amd64 -o /usr/local/bin/telepresence +sudo rm -f /usr/local/bin/telepresence # 2. Download the binary. sudo curl -fL https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-darwin-arm64 -o /usr/local/bin/telepresence @@ -61,6 +61,8 @@ sudo chmod a+x /usr/local/bin/telepresence We've developed a Powershell script to simplify the process of installing telepresence. Here are the commands you can execute: +### Windows AMD64 + ```powershell # To install Telepresence, run the following commands # from PowerShell as Administrator. @@ -84,6 +86,31 @@ Remove-Item telepresenceInstaller -Recurse -Confirm:$false -Force # 5. Telepresence is now installed and you can use telepresence commands in PowerShell. ``` +### Windows ARM64 + +```powershell +# To install Telepresence, run the following commands +# from PowerShell as Administrator. + +# 1. Download the latest windows zip containing telepresence.exe and its dependencies (~50 MB): +Invoke-WebRequest https://app.getambassador.io/download/tel2oss/releases/download/$dlVersion$/telepresence-windows-arm64.zip -OutFile telepresence.zip + +# 2. Unzip the telepresence.zip file to the desired directory, then remove the zip file: +Expand-Archive -Path telepresence.zip -DestinationPath telepresenceInstaller/telepresence +Remove-Item 'telepresence.zip' +cd telepresenceInstaller/telepresence + +# 3. Run the install-telepresence.ps1 to install telepresence's dependencies. It will install telepresence to +# C:\telepresence by default, but you can specify a custom path by passing in -Path C:\my\custom\path +powershell.exe -ExecutionPolicy bypass -c " . '.\install-telepresence.ps1';" + +# 4. Remove the unzipped directory: +cd ../.. +Remove-Item telepresenceInstaller -Recurse -Confirm:$false -Force + +# 5. Telepresence is now installed and you can use telepresence commands in PowerShell. +``` + @@ -117,7 +144,11 @@ https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/teleprese ``` -(https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-windows-amd64.exe +# Windows AMD64 +https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-windows-amd64.exe + +# Windows ARM64 +https://app.getambassador.io/download/tel2oss/releases/download/vx.y.z/telepresence-windows-arm64.exe ``` diff --git a/versioned_docs/version-2.21/reference/config.md b/versioned_docs/version-2.21/reference/config.md index c9e22895..c4bf07a0 100644 --- a/versioned_docs/version-2.21/reference/config.md +++ b/versioned_docs/version-2.21/reference/config.md @@ -36,9 +36,9 @@ client: excludeSuffixes: [.se, .com, .io, .net, .org, .ru] lookupTimeout: 30s routing: - alsoProxySubnets: - - 1.2.3.4/32 - neverProxySubnets: + alsoProxySubnets: + - 1.2.3.4/32 + neverProxySubnets: - 1.2.3.4/32 ``` diff --git a/versioned_docs/version-2.21/reference/docker-run.md b/versioned_docs/version-2.21/reference/docker-run.md index b702a50d..1a6003fc 100644 --- a/versioned_docs/version-2.21/reference/docker-run.md +++ b/versioned_docs/version-2.21/reference/docker-run.md @@ -34,6 +34,11 @@ To achieve this, Telepresence temporarily adds the necessary network to the cont container to join the same network. Additionally, Telepresence starts extra socat containers to handle port mappings, ensuring that the desired ports are exposed to the local environment. +> [!NOTE] +> If you use `telepresence docker-run` to run a command that lasts longer than the `telepresence connect --docker` that +> was in effect when it started, then it will lose its network. In other words, when using `telepresence docker-run`, +> you must always rerun after a `telepresence quit`/`telepresence connect --docker`. + ### The ingest/intercept --docker-run flag If you want your ingest or intercept to use another Docker container, you can use the `--docker-run` flag. It creates the ingest or intercept, runs your container in the foreground, then automatically ends the ingest or intercept when the container exits. diff --git a/versioned_docs/version-2.21/reference/intercepts/cli.md b/versioned_docs/version-2.21/reference/intercepts/cli.md index 4ff9dd38..c112f01f 100644 --- a/versioned_docs/version-2.21/reference/intercepts/cli.md +++ b/versioned_docs/version-2.21/reference/intercepts/cli.md @@ -78,10 +78,10 @@ When intercepting a service that has multiple ports, the name of the service port that has been intercepted is also listed. If you want to change which port has been intercepted, you can create -a new intercept the same way you did above and it will change which +a new intercept the same way you did above, and it will change which service port is being intercepted. -## Creating an intercept When multiple services match your workload +## Creating an intercept when multiple services match your workload Oftentimes, there's a 1-to-1 relationship between a service and a workload, so telepresence is able to auto-detect which service it diff --git a/versioned_docs/version-2.21/reference/vpn.md b/versioned_docs/version-2.21/reference/vpn.md index ccb9f7e3..76579fbb 100644 --- a/versioned_docs/version-2.21/reference/vpn.md +++ b/versioned_docs/version-2.21/reference/vpn.md @@ -2,6 +2,8 @@ title: Telepresence and VPNs --- +import Platform from '@site/src/components/Platform'; + # Telepresence and VPNs Telepresence creates a virtual network interface (VIF) when it connects. This VIF is configured to route the cluster's @@ -217,3 +219,98 @@ The end result of this (assuming an allowlist of `/9`) will be a configuration l Use `telepresence connect --docker` to make the Telepresence daemon containerized, which means that it has its own network configuration and therefore no conflict with a VPN. Read more about docker [here](docker-run.md). + +## Some helpful hints when dealing with conflicts + +When resolving a conflict by allowing it, you might want to validate that the routing is correct during the time when +Telepresence is connected. One way of doing this is to retrieve the route for an IP in a conflicting subnet. + +This example assumes that Telepresence detected a conflict with a VPN using subnet `100.124.0.0/16`, and that we then +decided to allow a conflict in a small portion of that using allowConflictingSubnets `100.124.150.0/24`. Without +telepresence being connected, we check the route for the IP `100.124.150.45`, and discover that it's running through a +Tailscale device. + + + + + +```console +$ route -n get 100.124.150.45 + route to: 100.64.2.3 +destination: 100.64.0.0 + mask: 255.192.0.0 + interface: utun4 + flags: + recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire + 0 0 0 0 0 0 1280 0 +``` + +Note that in macOS it's difficult to determine what software the name of a virtual interface corresponds to -- `utun4` +doesn't indicate that it was created by Tailscale. One option is to look at the output of `ifconfig` before and after +connecting to your VPN to see if the interface in question is being added upon connection + + + + +```console +$ ip route get 100.124.150.45 +100.64.2.3 dev tailscale0 table 52 src 100.111.250.89 uid 0 +``` + + + + +```console +$ Find-NetRoute -RemoteIPAddress 100.124.150.45 + +IPAddress : 100.102.111.26 +InterfaceIndex : 29 +InterfaceAlias : Tailscale +AddressFamily : IPv4 +Type : Unicast +PrefixLength : 32 +PrefixOrigin : Manual +SuffixOrigin : Manual +AddressState : Preferred +ValidLifetime : Infinite ([TimeSpan]::MaxValue) +PreferredLifetime : Infinite ([TimeSpan]::MaxValue) +SkipAsSource : False +PolicyStore : ActiveStore + + +Caption : +Description : +ElementName : +InstanceID : ;::8;;;8 + + + +Now, run the same command with telepresence connected. The output should differ and instead show that the same IP Is +routed via the Telepresence Virtual Network. This should always be the case for an allowed conflict. + +> [!NOTE] +> If you instead choose to avoid the conflict using VNAT, then the IP will be unaffected and still get routed via +> Tailscale. The cluster resource using that IP will be available to you from another subnet, using another IP. diff --git a/versioned_docs/version-2.21/release-notes.md b/versioned_docs/version-2.21/release-notes.md index 8834afd0..dc3da888 100644 --- a/versioned_docs/version-2.21/release-notes.md +++ b/versioned_docs/version-2.21/release-notes.md @@ -100,6 +100,24 @@ These recursions can now be prevented by setting the client configuration proper The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. +##
feature
Add Windows arm64 client build
+
+ +Telepresence client is now available for Windows ARM64. Updated the release workflow files in github actions to build and publish the Windows ARM64 client. +
+ +##
change
The --agents flag to telepresence uninstall is now the default.
+
+ +The `telepresence uninstall` was once capable of uninstalling the traffic-manager as well as traffic-agents. This behavior has been deprecated for some time now and in this release, the command is all about uninstalling the agents. Therefore the `--agents` flag was made redundant and whatever arguments that are given to the command must be name of workloads that have an agent installed unless the `--all-agents` is used, in which case no arguments are allowed. +
+ +##
change
Performance improvement for the telepresence list command
+
+ +The `telepresence list` command will now retrieve its data from the traffic-manager, which significantly improves its performance when used on namespaces that have a lot of workloads. +
+ ##
change
During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080.
@@ -116,7 +134,13 @@ There's no need for two configmaps that store configuration data for the traffic ##
change
Tracing was removed.
-The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. +The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. +
+ +##
bugfix
Fix telepresence connect confusion caused by /.dockerenv file
+
+ +A `/.dockerenv` will be present when running in a GitHub Codespaces environment. That doesn't mean that telepresence cannot use docker, or that the root daemon shouldn't start.
##
bugfix
Cap timeouts.connectivityCheck at 5 seconds.
@@ -139,6 +163,12 @@ A user would normally never access pods in the `kube-system` namespace directly, If a user should require the pod-subnet to be mapped, it can be added to the `client.routing.alsoProxy` list in the helm chart.
+##
bugfix
Let routes belonging to an allowed conflict be added as a static route on Linux.
+
+ +The `allowConflicting` setting didn't always work on Linux because the conflicting subnet was just added as a link to the TUN device, and therefore didn't get subjected to routing rule used to assign priority to the given subnet. +
+ ## Version 2.20.3 (November 18) ##
bugfix
[Ensure that Telepresence works with GitHub Codespaces](https://github.com/telepresenceio/telepresence/issues/3722)
diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index c42e42e0..dc9c9a96 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -76,6 +76,18 @@ These recursions can now be prevented by setting the client configuration proper Allow Helm chart to be included as a sub-chart The Helm chart previously had the unnecessary restriction that the .Release.Name under which telepresence is installed is literally called "traffic-manager". This restriction was preventing telepresence from being included as a sub-chart in a parent chart called anything but "traffic-manager". This restriction has been lifted. + + Add Windows arm64 client build + Telepresence client is now available for Windows ARM64. Updated the release workflow files in github actions to build and publish the Windows ARM64 client. + + + The --agents flag to telepresence uninstall is now the default. + The `telepresence uninstall` was once capable of uninstalling the traffic-manager as well as traffic-agents. This behavior has been deprecated for some time now and in this release, the command is all about uninstalling the agents. Therefore the `--agents` flag was made redundant and whatever arguments that are given to the command must be name of workloads that have an agent installed unless the `--all-agents` is used, in which case no arguments are allowed. + + + Performance improvement for the telepresence list command + The `telepresence list` command will now retrieve its data from the traffic-manager, which significantly improves its performance when used on namespaces that have a lot of workloads. + During an intercept, the local port defaults to the targeted port of the intercepted container instead of 8080. Telepresence mimics the environment of a target container during an intercept, so it's only natural that the default for the local port is determined by the targeted container port rather than just defaulting to 8080. @@ -87,7 +99,11 @@ A default can still be explicitly defined using the `config.intercept.defaultPor Tracing was removed. - The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. + The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. + + + Fix telepresence connect confusion caused by /.dockerenv file + A `/.dockerenv` will be present when running in a GitHub Codespaces environment. That doesn't mean that telepresence cannot use docker, or that the root daemon shouldn't start. Cap timeouts.connectivityCheck at 5 seconds. @@ -103,6 +119,10 @@ The default timeout for the check remains at 500 millisecond, which is more than A user would normally never access pods in the `kube-system` namespace directly, and automatically including pods included there when computing the subnets will often lead to problems when running the cluster locally. This namespace is therefore now excluded in situations when the pod subnets are computed from the IPs of pods. Services in this namespace will still be available through the service subnet. If a user should require the pod-subnet to be mapped, it can be added to the `client.routing.alsoProxy` list in the helm chart. + + Let routes belonging to an allowed conflict be added as a static route on Linux. + The `allowConflicting` setting didn't always work on Linux because the conflicting subnet was just added as a link to the TUN device, and therefore didn't get subjected to routing rule used to assign priority to the given subnet. + ## Version 2.20.3 (November 18) Ensure that Telepresence works with GitHub Codespaces diff --git a/versioned_docs/version-2.21/troubleshooting.md b/versioned_docs/version-2.21/troubleshooting.md index 1af80eb1..7b90b02c 100644 --- a/versioned_docs/version-2.21/troubleshooting.md +++ b/versioned_docs/version-2.21/troubleshooting.md @@ -3,8 +3,6 @@ title: Troubleshooting description: "Learn how to troubleshoot common issues related to Telepresence, including intercept issues, cluster connection issues, and errors related to Ambassador Cloud." --- -import Platform from '@site/src/components/Platform'; - # Troubleshooting ## Connecting to a cluster via VPN doesn't work. @@ -101,8 +99,9 @@ spec: targetPort: http ``` -Telepresence's mutating webhook will refrain from injecting an init-container when the `targetPort` is a name. Instead, -it will do the following during the injection of the traffic-agent: +Telepresence injects an init-container into the pods of a workload, only if at least one service specifies a numeric +`tagertPort` that references a `containerPort` in the workload. When this isn't the case, it will instead do the +following during the injection of the traffic-agent: 1. Rename the designated container's port by prefixing it (i.e., containerPort: http becomes containerPort: tm-http). 2. Let the container port of our injected traffic-agent use the original name (i.e., containerPort: http). @@ -110,9 +109,17 @@ it will do the following during the injection of the traffic-agent: Kubernetes takes care of the rest and will now associate the service's `targetPort` with our traffic-agent's `containerPort`. -### Important note -If the service is "headless" (using `ClusterIP: None`), then using named ports won't help because the `targetPort` will -not get remapped. A headless service will always require the init-container. +> [!IMPORTANT] +> If the service is "headless" (using `ClusterIP: None`), then using named ports won't help because the `targetPort` will +> not get remapped. A headless service will always require the init-container. + +## EKS, Calico, and Traffic Agent injection timeouts + +When using EKS with Calico CNI, the Kubernetes API server cannot reach the mutating webhook +used for triggering the traffic agent injection. To solve this problem, try providing the +Helm chart value `"hostNetwork=true"` when installing or upgrading the traffic-manager. + +More information can be found in this [blog post](https://medium.com/@denisstortisilva/kubernetes-eks-calico-and-custom-admission-webhooks-a2956b49bd0d). ## Error connecting to GKE or EKS cluster @@ -123,94 +130,3 @@ for Telepresence to connect to your cluster. ## `too many files open` error when running `telepresence connect` on Linux If `telepresence connect` on linux fails with a message in the logs `too many files open`, then check if `fs.inotify.max_user_instances` is set too low. Check the current settings with `sysctl fs.notify.max_user_instances` and increase it temporarily with `sudo sysctl -w fs.inotify.max_user_instances=512`. For more information about permanently increasing it see [Kernel inotify watch limit reached](https://unix.stackexchange.com/a/13757/514457). - -## Connected to cluster via VPN but IPs don't resolve - -If `telepresence connect` succeeds, but you find yourself unable to reach services on your cluster, a routing conflict may be to blame. This frequently happens when connecting to a VPN at the same time as telepresence, -as often VPN clients may add routes that conflict with those added by telepresence. To debug this, pick an IP address in the cluster and get its route information. In this case, we'll get the route for `100.124.150.45`, and discover -that it's running through a `tailscale` device. - - - - - -```console -$ route -n get 100.124.150.45 - route to: 100.64.2.3 -destination: 100.64.0.0 - mask: 255.192.0.0 - interface: utun4 - flags: - recvpipe sendpipe ssthresh rtt,msec rttvar hopcount mtu expire - 0 0 0 0 0 0 1280 0 -``` - -Note that in macos it's difficult to determine what software the name of a virtual interface corresponds to -- `utun4` doesn't indicate that it was created by tailscale. -One option is to look at the output of `ifconfig` before and after connecting to your VPN to see if the interface in question is being added upon connection - - - - -```console -$ ip route get 100.124.150.45 -100.64.2.3 dev tailscale0 table 52 src 100.111.250.89 uid 0 -``` - - - - -```console -$ Find-NetRoute -RemoteIPAddress 100.124.150.45 - -IPAddress : 100.102.111.26 -InterfaceIndex : 29 -InterfaceAlias : Tailscale -AddressFamily : IPv4 -Type : Unicast -PrefixLength : 32 -PrefixOrigin : Manual -SuffixOrigin : Manual -AddressState : Preferred -ValidLifetime : Infinite ([TimeSpan]::MaxValue) -PreferredLifetime : Infinite ([TimeSpan]::MaxValue) -SkipAsSource : False -PolicyStore : ActiveStore - - -Caption : -Description : -ElementName : -InstanceID : ;::8;;;8 - - - -This will tell you which device the traffic is being routed through. As a rule, if the traffic is not being routed by the telepresence device, -your VPN may need to be reconfigured, as its routing configuration is conflicting with telepresence. One way to determine if this is the case -is to run `telepresence quit -s`, check the route for an IP in the cluster (see commands above), run `telepresence connect`, and re-run the commands to see if the output changes. -If it doesn't change, that means telepresence is unable to override your VPN routes, and your VPN may need to be reconfigured. Talk to your network admins -to configure it such that clients do not add routes that conflict with the pod and service CIDRs of the clusters. How this will be done will -vary depending on the VPN provider. -Future versions of telepresence will be smarter about informing you of such conflicts upon connection. From 4fe7d41836616c0d9a761111263d16bf4f9001c9 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Fri, 13 Dec 2024 11:25:19 +0100 Subject: [PATCH 12/13] Finishing up 2.21.0 blog text. Signed-off-by: Thomas Hallgren --- blog/2024-12-10-telepresence-2.21.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/blog/2024-12-10-telepresence-2.21.md b/blog/2024-12-10-telepresence-2.21.md index 7247c656..097e4f11 100644 --- a/blog/2024-12-10-telepresence-2.21.md +++ b/blog/2024-12-10-telepresence-2.21.md @@ -51,20 +51,23 @@ details on how to do that. ## New Ingest Command -The _telepresence ingest_ can be thought of as a _telepresence intercept_ light. It's an intercept, but without the -traffic. +The new ingest command can be thought of as a light version of intercept. It's in many respects the same thing, but +without the traffic. Sometimes, intercepting network traffic to a container isn't the most efficient solution. For example, if you're working with a Kafka service that only interacts with a message broker, or if you're planning to send data to your local application through other means, just accessing the container's environment and volume mounts might be more practical. -The new `telepresence ingest [--container ]` command was designed for exactly this purpose. +The new `telepresence ingest [--container ]` command was designed for this purpose. -The ingest and intercept commands are very similar, but while the intercept will target a port to intercept (and -implicitly a container), the ingest command will target a container directly. +First, `telepresence connect` establishes network access to the cluster. Then, `telepresence ingest` makes the +container's environment and volume mounts available locally, allowing local processes to run, but without receiving +intercepted traffic. -An ingest is also less intrusive. Since volumes are always mounted read-only, and everything happens on the client side, -there's no conflict when several ingests of the same container, possibly on different workstations, happen -simultaneously. +The syntax for the ingest and intercept commands are very similar, but while the intercept will target a port to +intercept (and implicitly a container), the ingest command will target a container directly. + +There's no conflict when several ingests of the same container, possibly on different workstations, happen +simultaneously, because volumes are always mounted read-only, and everything happens on the client side. ### Why the term "ingest"? I initially considered adding a `--no-traffic` option to the `intercept` command. This would allow users to invoke the @@ -114,9 +117,10 @@ The `telpresence intercept/ingest --docker-run` now also leverages this techniqu This release contains several performance improvements. Most notably perhaps the rewrite of the `telepresence list` command, so that it now retrieves its data from the traffic-manager instead of doing a large number of API calls to -the Kubernetes API. +the Kubernetes API. This makes a huge difference when the namespace contains a large number of workloads. ## And there's more The release contains several other improvements such as Windows arm64 support, and the ability to exclude certain -workload types to offload the traffic-manager. For a full list, please review the [release notes](../docs/release-notes). +workload types to offload the traffic-manager. And, of course, a number of bugfixes. For a full list, please review the +[release notes](../docs/release-notes). From 7edfbafe3ab03503d881b5f2816464cb744d37b4 Mon Sep 17 00:00:00 2001 From: Thomas Hallgren Date: Fri, 13 Dec 2024 11:26:12 +0100 Subject: [PATCH 13/13] Finishing up 2.21.0 blog text. Signed-off-by: Thomas Hallgren --- versioned_docs/version-2.21/release-notes.md | 8 +++++++- versioned_docs/version-2.21/release-notes.mdx | 6 +++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/versioned_docs/version-2.21/release-notes.md b/versioned_docs/version-2.21/release-notes.md index dc3da888..c1a5bed5 100644 --- a/versioned_docs/version-2.21/release-notes.md +++ b/versioned_docs/version-2.21/release-notes.md @@ -1,7 +1,7 @@ [comment]: # (Code generated by relnotesgen. DO NOT EDIT.) # Telepresence Release Notes -## Version 2.21.0 +## Version 2.21.0 (December 13) ##
feature
[Automatic VPN conflict avoidance](reference/vpn)
@@ -137,6 +137,12 @@ There's no need for two configmaps that store configuration data for the traffic The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used.
+##
bugfix
Remove obsolete code checking the Docker Bridge for DNS
+
+ +The DNS resolver checked the Docker bridge for messages on Linux. This code was obsolete and caused problems when running in Codespaces. +
+ ##
bugfix
Fix telepresence connect confusion caused by /.dockerenv file
diff --git a/versioned_docs/version-2.21/release-notes.mdx b/versioned_docs/version-2.21/release-notes.mdx index dc9c9a96..b30043e2 100644 --- a/versioned_docs/version-2.21/release-notes.mdx +++ b/versioned_docs/version-2.21/release-notes.mdx @@ -7,7 +7,7 @@ import { Note, Title, Body } from '@site/src/components/ReleaseNotes' [comment]: # (Code generated by relnotesgen. DO NOT EDIT.) # Telepresence Release Notes -## Version 2.21.0 +## Version 2.21.0 (December 13) Automatic VPN conflict avoidance Telepresence not only detects subnet conflicts between the cluster and workstation VPNs but also resolves them by performing network address translation to move conflicting subnets out of the way. @@ -101,6 +101,10 @@ A default can still be explicitly defined using the `config.intercept.defaultPor Tracing was removed. The ability to collect trace has been removed along with the `telepresence gather-traces` and `telepresence upload-traces` commands. The underlying code was complex and has not been well maintained since its inception in 2022. We have received no feedback on it and seen no indication that it has ever been used. + + Remove obsolete code checking the Docker Bridge for DNS + The DNS resolver checked the Docker bridge for messages on Linux. This code was obsolete and caused problems when running in Codespaces. + Fix telepresence connect confusion caused by /.dockerenv file A `/.dockerenv` will be present when running in a GitHub Codespaces environment. That doesn't mean that telepresence cannot use docker, or that the root daemon shouldn't start.

u)Fn)sXo-QqluLc-Np-bISmvx6tSP<1J5|5tl1sO#vjHtdF1RCsTNO!*UD{!`AC9&Uo&Q z>$F(cJ}=FdcwFUXL!n_6qqzO*CESe{Ti8NSTmujh6=Q(`snBp3;P2t{jj>E4ys%G* za?han5hrrtbJR}<^V15%k_+A$-4~y1%Drd4hEHsNW^=kgZWBME9&9*J0exSF!K;9! zlymHj`7FZ2jzSk z<*nCH0=YO}?<>%UDcP?}cP_y5@2O)WAd*c$n+{d3kdN#y@xe%|i`U2GEC(8JE&xSc z1^w$p!$T|uiWxDK*Hs}8E_7qIj2s7T*X?PT;w8)ceW?JL`ZbALmIiQtHe8X^$A&j*W@;h_hf%1S7_DmKlj@bMU2q5XKeZU#@2X` z^$&)3A*lDhw%km8lUaDXpWKdIp;3?~?5kSOf`gT9S~$8Yzksl?0tL4+@w>9ZH*=JZ zH4I@ZxSwq@ueJBLBGRMieU9i>dPpHK^)W$XJ375jAO^q3Ts_qni)$ERz?7*-9*RGT zSVec2M9#HpC~fdmJJOA08BxISe5samhx&U`#OHfbM5N&|R_+8F%yo!^ zxsGHoZ=8`#+e4Qfm^r%{JyQ?Or8Z06oVM0)wyJ);Qzm6HFy_ z8=aufpQ$0%IzmJzjmv^tJ3fI(vIZMS3c&E#(TyRITXwf@UTEhy9s=_xq;lxljU9LE}6jhFFcC{mVj%nzv=)QQ%&W zT8!_`;NM&R+c}R2!3U>3_PHIiE(ZH!YoO{(7Cb0BI=&DO5s|TQNB1mGg#i}w(O|6X z{VgTVTIZgtoJbY8Nan`&SBR2zQ@;}4W-#OU$TibMY9GU5fvC7u4`&;|w5@f-Rs=t+ zcz92YK4y>;^Q!BUQcT*4tBa5@>mmVO|* z`zdV+n|M}Vv8?g@g%^WH)I^}H#Gc^xTS-D-sXwC3#73jm{q9BsL}o>v5Szhb<@_C{mc8(*1(B#fcr7rGxYwzxP}HV zPZ)4II+AlfuAut>z0%A0#^b^6Itv^5mDg0Cmz{i;du?26NJsvr=lp|0VGDaJ6g^X0 zGPoo7d^FE+>oLc!U%P{)ZG!0~GdK7AU2b{g!U5hJLwE+SUV;^77G`D%+jpF`sG9?r z(2toIV%*Q{?3`67&kFQI;hY|iM>Tm6I0SIhO*J-4)5o`;bh}YR$dV82+7;~=(bYoU zGFH8n>R_;qGZ#hSQ?6rBR9qSDyB0MK=?E;Bd?Q*06DY|kFd!>x$RK=2ER?x8GjKMyj3doW z7RG4{B`6xOvJR2*sIVXfO&;8}D@6@&5Fa~?pfrjf&};OiX^RF4r6*h&hMYmS5fmx) z-b%suocfAH7P&*SKjGH#+bkFm8$B~>eHcG9ru)LC+Mb(BmEZQWMBd)or$I4>vz*qk zAO&0YRmdwfh}!#;UHDiU>N!cCqrO`vtD-iZ`z+OV2zQ)5Gcy1Rf(Uth?VD9NvzHnl ztE-~Tf{d_cmtBM~vUO-e6PA#YymL3>#VyNYRm=T%&FeozD2F@XAo~pq3f}QrdVfR+ z5zfsCT2zu^l}}w}Zj2ntED;zWZ;m;uZ97WxO2M)Yi749~)+hIYWX}aY-(-DmBCA3u zGACaD-hRJgWf0nA&K@0NSHf>-_(Jee0EuCgv^mAb8)tNWz#20-*(I2+LfoUjJw_c)*-lM;{?T- z<%B+m^j}iVfmqDeT1xBZke$EmfIzVWeG_s0bttyI&)G5cLC~hp*W+TJg_Bbl5UKh4 zPgMFVlJnCi)j;g;rzijK4HrMZdF|_dJ?ZQi_|A*}i5M$)Nn2}td1aGwCRz{1>Z1v{ zkBK~WUW%}Zew>P}vv#B<){kpzUfywI3XGmW=rFV_$xFo=`oaADJ?ko#oW9Bj_o43n zO#QgL3R4)M{D@J$W2s2s>Z^`*N2qfR#0X2eV)|s;)gVc72AdCS74ZbKJH>)8DSN&x z->UL-z)X%C87>Iz-2V=aBg!!$L?A27n!`>%J(Nx3cKYAQmKWONv(ygbE8P2*nAv3p zY?szVL2+MVFB+nl8om^Be$(t>lRCN??k1>#*C0o2fuFDr4eKdrY-*-T{uYj2VP;5gUwEra z$GTp==YzF~?8;IQ-9nuY03$q`0dRMZDF|c|%3a4gO*bE~47k)xVe)8~*S?iqrcn2v zIPNgit{1mlAI&+`Pp3yZ$(4P@wpsxbGcWd=V89XIhR+#SFu2_y1B%~(47#G@X)s`+of^to zU|_62C)zxHKL+wKo7Df^&Qmy6?*qAYZRV2)4|hcZ|M&?pp`rkoP)h*8>@YWMWtdxP>W#kfS6h zWyB)Q*Qka&jnD31QiFM=2Vl1XNPN!n#ee?(Jm!o^kKl?g#MgTqdHsWmf9YzNGS+#& z#+Zn*$3vGJqlJkvPZCiPG9C@hP~2Wv@E1!@E^=5jsNpPp`ZTEhRJvZC zvoO;V=X2kRAsYs_pm8q+1=(EsD=U)*jaSgFL+TK|_pIxNmBWP`ywi~t`3Cofdf5Hs z5gb$rJ-W8vq4gRgStn|`jgdVMU%Z&GOjO{o-zV^hU+fZenV3F_ap>GlJo035jC`~9 zL`2BNe5p=Ux(i`iBIC+0lqReq`B9}L^As^~And6n>eVz(R`RM4f@1lScN4=>!>{~p z82bZu43onLKTg1nJ4tJXaRykD$uXZU)dIVp8XSJ%KUxcpN`M873EluL@-uI7~(SJ8A2+$$) zK)$3;rnBSU)Gw@yf&m!Ba{DYtcrMhtdwb1w`USb0C$*LDMFUr!n}6Jfj0=jZdf|8= zI-(%GGkV`TIvN(r#yGaLtu#U`J-RY4gg7}H?dKYBga>z;&@e}VhXirXPOKH0s`Qf~ z(7^dYf5Bw8#>lZCZ=D)%)9kFj6o#pDtk6ctomdz!E(j#vl_-4Bk0xcF6X>me9HyNw zE19ws-7qQ9b-dt0S8GeHR5j?FHb^B+P3;y|NS=(jSN^k z$@K+U2lJQi4?x&Q2V6CVx^hR3X!C5&Z{^xySl;t6lq(mrIAR$WF%{a^&vMToKID0G zdyDG#VQtN*vm{NQz{KR*Vb19V;s=Jwx{Z_c`G>=)gtOzQ4hK-EGMm~U%^_}p%tsG1 z9Q3D}GWn*LISjja> zvI_ZX>Y{BLBY==Bds~)ko;Ui860doPX~ZmMOH_}~ASoftVo6IR3?Y!Dk>oS5uh{D* zdoP)3q-b%B7DBZ2#UA%of)%|qd`At=z6n>gU-j4V&`swgaa`T4a7t(%QBIDC5Z*^N zg3_L3Uz#R$p7H32V?`fC8PV)K+=ghzx{>xAdtq4w14a12MuwpFxwB3Nt$I$$k@PWf z2w%8~@%^Yb4?{^rLZa}{xs3X1B9MiahZ67IZ=)uh-?mv2MUWfZ&nSZq8l(tYzED(^ z&29Ac`XZMja+E(-eimsk#)rv2ZDb%=5g0nB^txQmE3X^Lf^`xtgWhky&skuKrv8v9 zx**9v_`cqVOu3lln|$H*Fxw-(6pzIsNe;WOngfs*A7Z|#8p-gLB!_kL7v#>=8Bn+( zBZQJYbbd79UZ+)?BvtvYHGxT|df5K5;u`}O{kvihU{P83kSHV9a4VU9Fr)U1ZTdi4 zGcH*vhF*)yu~tWwekqgh7zbJNT#H6LrEK?MN&LBPYmi>jou1;mv{h7aBuiOk2j0zF z`tfObTe}|Mh7NQg$-8u#q;{%i3lD24zQ!g$C46%vr29<9E6v@Y>0IX|FR)}s+p_+G zI&tiv(CUSzsvAX=0FEb~O~!#+$es&_j_NRDU94&lqC#qe7k||)EGc>xzzz}X?h2Xw zGh82}x0!S{sn(u?Tza#w?h<#g68FT2&fjj1aKwDFktmjC>g48;Z-Zw|tV1q4Dn)?H zdW1@~?C;dY5G#2Pe1||y`|e+7x(@b|&smI$xw)nAD`geUa*rn=Ox@=S?a9``%vA;$mDI?n%c zeqL7ornYBaz~sElCq`O7!~%M(utFhiGv3M=Yw_D4XCJe`GR95*3$czCx7qI$x$KxtlVdlxK zNRPHyR}|>z`{LY*<5N^tQ5|+4bGCUy;8IAqCDH$ z;{x*v(nP`C#{4K}AR_h3dRGrlhLB>o#g;V2L!G%p+Z7FY$;$60Vc4geWwm#BGpk24 zH*UOm{>XCfKD}{UpusDd@nh4Zix)#2*q5ah4{x?ao@CNndlPUSJyczbR>X{cu#J9W zV0b6ZW>>jgdkDWf;8I;cetZTBB(rHqA1qH9`B+<*-<-?u*5vl5uhbZ&L(ZwAGMF&I z_Bzw?B> zUMn2ceCG*Up|CT7JmIhf=RBY5Agjx3EhladH83^vGv@vqG}h&{TK}!Z?g*9NO$OK$ zrbl?VVQD)0`~e7TWKQ7JQ|*`$`}?@|HgiU@QA->}%Fj6T&utjjlcD&sN0GY%qE6Q^ zWa?|psO@H6Pk6d2$Mn0XJ>Qs`oJd_TtC09L==x_kytph>Xmv(Nt1^_0LE*p z?~7UyE-FvUTagFoec95%%v{rgE%sSZCJZ}}asfJhdrqykR`FSmBV zy~Bp{zdxLO)&G;oE5HwH;y-kKoheitQx55)<8V{-LbYS6LXywYGnuZZ5+ahJfBNt= z$_42Kk~bmp&vfYx5GoMchX(CBL9ZskES9MKE^cJG*^wsoLGUaHXUu{Jx73M)JXI*p zMZ-Bcr2pd75}YeXUeZ*3v4g5U*BRfDXHt70SYrns%Q6cB>hy!VI9~iJG7^8pL6obI z*qIdl!`4v^BL4%8E4$=N-4gB(bPiWvZcFU$_cF(9eMO=DP)Zny#sc0UcI)v;h-ec3 zM(%ZnB#8a}$T8peUX3XoG#Wq4?z+sTXilCahXz~|-EU>~IAF5OlNI~A=&s95G#%Tb z>;FsRM1N*pv<`|0*76;%Zg07bp9-k8;foH0*vj|B0kR>&owH6;mD{9u>JqceP0~YI zFn-Tu{&?^ImHCAKv!3POTMzU^e|I_Au**M%0cx!|Gw&E&irBPE3=` zR35zlR9a#^rN|bK>0(1mwC9EcPb9>IKyr-aD@?{36kD{Jc$_kIRItHGgQ5EI7P$>p z>N&Nko};+uNCF?!a9C1+(G6tA6X*8T0V`M>PL$G4!w(Z#t8mAKbHwSK1-P}*mju{ zbIy8Qp=xZ$ykSP8OV96SuomS@s({3p^)}BN$$3->4h54PJ`Bw_s;p$c(gJ}Uc^D0E zj#Dv1*^-SZ&(un6cg9nS<@?i6&i?{YzUshMR`7<84 z5x;S&Be)_N$LGw4C$Wn?%0w%(lRa2@ZWIbE?+|fP8kp&GRpqXZ*zzN!6B*+9vB`7I zO&n1~F#+MfXZ8CZU|EGY>}9;2mi7GjyjAY8EROgHsKlAN!T<#ae?0^6Tp?}9xZf`C zd-PU;rz*Kyo{+U9zJ@9L93Dj-(?@&@0M7&#WXePB+njy;CyUv-!_UIYVz1AE!-59< z$5X-n&#A3W^uz1hwzkN0V^H4lw3WsgxKk99BfN98QIQB!KpEvrma+Uc~D zr*ftv_$K=tiuxqCe~!YDZ78Psvw)kDJmG9W9lHt9!%n6Mm3ll~z22s*3V&Jbk3?a3 zcEain}!a3`5J(Pfwe|s zW_DU4c~BHrekpf2I^0Bl|5g#s9cBhNyB8)WD{FN!r4>q*wFbIGt3epew<(~a)>;v~ zZZ0y~PVpwU4Ys%MQZZDz4nFTW#foY#9{kwmANKY}Q;X%eUq8g!8gI^Op6Hnr?;OLh zGrfb&lP9Yqg{=kbtZ!W8tZ;5oJFv~uoRnx^@KRe|h(}Y$4);v(LycIf_+6`V@wTQ& zNAF8^`}vA}96%21I584v62?3nxxC_m;%)2&4o_XhlPt4OGG`^>+RaFGZV%`{+US(= zl<*7Mw@CHwOCbydD96l^rruV(lQ)bx+oM~N8Fd64CnR@wgS*j%c0%K&(d7FY z1v~d{xH_vMgIjTa|CCa~0kyjne{@Qzj)V;0^v9=^8r>j(>;HqJQ=JKZHR>|@m!uf} z0iDWs>d)U6-t+BS?2~OrXB)3h^vbgh4dfq|1#o+N?{5-U6}i0rw>|m~?mwBU|Gvi) o{%Yf|vH7I~zjWZ24*b%AUpnwh2Y%_mFCF-$1HW_t88-R909h!shyVZp literal 0 HcmV?d00001 diff --git a/versioned_docs/version-2.21/images/vpn-vnat.jpg b/versioned_docs/version-2.21/images/vpn-vnat.jpg new file mode 100644 index 0000000000000000000000000000000000000000..9c7d0551576746bfee95b795c07ddeb8e60d3d39 GIT binary patch literal 52895 zcmeFZ1z1*H(vzLgv;6-gh{@`_8`pgodyI?11o1Usp2=2P;oXb1NG= zXA#Iwb1Q_>&Qb)T!>i1p>?&zxYbSTx-Ad!Oil)VF2Ma+<$W2j7VP7F%Cs!vcPcuqi zCr4)wAzu;5rEnn-hN9Ual$Ru)4k8d;P;E&UcPmOBHXb$(R?vLjTo6!(yQQ^|x|Ga! z3E-CqE*dE?%A@5U~F%#hhG~m46EUOB*;jLAAZ4_VASU2AThr#XL0qT&>vEtvp=3 z+%2r6y{()*seiCrTKwd7^>TN-9Dt<-yOpDr6G-L(TAcG|SJ2t~Nevyajh&P0B?oBP zpHv|Hljtv%hjtB)P)N$f!VB7oyp#w8DoM!F#lp@~=n~}MwXzoE<>qDO=e7`F<>9s9 zVin-F=4R#RwBYCC=CtNBv*Q0DN8Z`P)6Chz3MvPb%w`7);pgYG=72JAneke%@>p5% zvkLH7S@Bt$Tl4(jS9P}o-N?-GSAC#zEI~N}e1g_i+g4P^z;6A%M}&rz+jq#(j`GqUh0H9V-Yo+0F!Q#ugnUO@ z*qS-pSb=d0`pOlV-Cs-{2RFYpub_ZAD?cBP87mKmpcSh*r=TUPg%y{801uCVm9>T0 z4}K39Yfm3DcPnul(2qb1fL?T&ZYUWpt;_g>&d1gYYC6yctQ=gdoV=PGf8afty#^uc=%bZcsV)EtT+YuEcpd~==ERFpOcG~gYR+< z!CcDwi~j7;RB|;H?0=l4%eG(A4mjLP6qw7P;Lp@3O8KAi9}E1)0{^kVe=P7H3;f3d z|NpbVZ-*-@XK<(H10J0&7Ga;sOG=uksjJG!D@lVVO8|g<>S*EQ0WSssPR^e0>ar4) zx_bJQNb3L^fCyj!tN^c>g@>!Snwk>yNcY#}%lPG45g28K%KB@Xzr~_kf`=&Zut^D0 zh*`M0dxEej2=n=PxJoR%P52Er`vpn@R$9*Q@=g14Zs%_R&yKTX!drh6kjfv2=0<<-_V;!In_?E);fh^a6FeEYQ<1nw7Jb23XU8 zKcs*xAP*=5Y5*l*4tN1}fFs}u+RF}b1~DFhI@m7pH~hqx{AwVVIml%PSb!W-fD7OR zm|gM%&^Z8U!19}IJ*>I8E>SRO5&(cOdvS3<3tj;v0Koa9i;L6ji;MFd0DzkYfLG4H z@w+?)0D;dS{?TtZnk)dg9s&S$oxkDClL4Uq0RRwAx|+G0UG@V9zG1Dw>xTV806^CR z0Gzh~fMRfEH?R%b4&+V%fF@`wrPlzEng#%LHlS?7zZp05&f=%t{w2+K`(1nhBmp>B zSm*;5c<@0$MnHgvM?gVBLPSPGK|@1DK}AK!z{W(!z`{U9#l*+N!okJE!$Z4HK!}e^ zh>eSf3l#zb2lBupTth&(hKr7hj{Cn|F4_SsWLRamSvVLh02T`d4h!a@6C4Z-01F3R z&_GRbRS*zi;E~{9k-=6%5D)iD6G#993lDcO1)zawSWGxf5OJ>lgY&;!!wnXY1pUfQ zfp`z*51UZCXsbT0$ zOEKvsDdmG%jvxc~h6fWR#{bwE_>G8C>~M*OS(U^I6N7@sRM%ceL(r@Z`hn_F^T{{R4lLENx#_MBSW_=Y zDLoT=r9vls$9=D4C0(;d?mOi_kQJOZR%?^CIRF62DQTaaENeZ@EzBLi6l}E#ic^NG zh&UbBDoK6s8A0tg9e(Hny8GoozJGhDw5-)G_i_M8R4e29=5%10v-dO@^)lA#2ow813H zDlC22puFlH<}aoXjkH?ZY1>GMf;`Jk?$?Qg(_IreSgO21C*mguz%t8M1;MPA`&hfE zhzOaG&&huu&|ixjHP)N02_BlrvHA2IU-8$ufzu|9trYEha{;a-SC%;tXjSpA%u@P3 zZs3O%Ij@Ikvl=n?bcTQL3Y_KT-QjlgLxtvKS@EF{o}I6MnRF--N*>fbVZ{J&4SWQ? zO7Jh;l8TO5q|xqh<;F;6kTSIKs=x=MitT;!?3+?|(*C_$6EgMI{+dm$E5o0q)#KY1+x@Ldp-zV+g$3D1CfJPxW&<~u-o!{8 zS>PKH!>*e3exX37Pg-Bekb$-CKahxUy-*N6CC)NP0g{~DRWgcy`coVLhr}}(J5_D@ zx}*c=(I18e{2Hww3m!BD9|?AsRnPbqh+%zBB{g8ZuC;_;^J-#5I?KLX$4*}2`sn0m2N-78n0zir+ z79&{MCA$I~8kIvItTkW3JB(Jm5z$V`dI}}@S^h#9>F=v09P*$%R0`-0aif{DgF*1j zk6TrHE@ST}Ke*Nw#>HDEa>>NgDYP{y#Vy}^BpJV~SLC18(|CXR3vYDJOZg-Va2Nhd zcDv%vJ6x-+ri4L8G09(o?tyMqLV4X=<>Fnl)rc!PeTp#Zp=Ow%efZac)Sw(;D?3ZXKGpf7cP z;0q6SJ>VJQUVp{qM_zExk>(Zf`xyaQQIt1o>j`0SVBVaw)BV8$|Hd;w?!4J_1GgY7 z4$_^G{XZ;oe_{XMC$0YhT_bpo14%SPPl5lk-H-%_GaXbBEbW&jyz^iEF&lvv#7!S{ zaOQxegL`sftZWJ*eks3A7HpFPUb)~_8h0t9_VdkZj|~?2EV18jW1xHpbca(P9s&_T zYXQj#f7q%0l3&+^xL?~XtjQ|}6kGrb5c#p5icjD&{#$q7b@*q#0rSRlEp0d}+U8Te zrIq#R#FO?h;)X9qjnn_whtV~4lwN^-!tCmxazOjWR!>n81J;B*lzoPV1U)-d90!La zS~*K&jXr?G{=+61%8|#fT8bq;eNo!gOu>;fjKVI}xIM%V}oPf6+04)0-Iel4ryofDWbBJOHo&^864$SA7WM#IDXoI{_ zVy>I63sd%WL|1Y+V($1(rp+?me*V|8;Q_FNKLu^RN!FXeX6S{1ye0u#{lnX)O&SWz zuK+-t23);m^{f0Fxz=aaytf=Qf2xao*5s0Lq@;8m~?eDlhBnircvAUzdomdqGy zZlMU`6Z&%H2<12$PocHt&+%9iOo$m#%Ty%TH@xe*Ga$ z!C?5$J*+5u1-8LjFxw8EzqqkmCeqW(9u^M2?%gz>aucOKI(Pd}ur|O$}X;E6N+S5^*0D^sT(fHn~My~wk3*Up=o|RHN z)Nl7x(;PL1ioJ470ifJ!*m7a+qu7;`Ne#?|vG2)0_)h-)p1G1+8 zytNU*Hd!_0WjmGphTNO!ib+q&$>;{q<>7gl0~Lp9=}pU7S?o)hIp zl9dl0SO#5k{mJoFc0>IRl?Jqw{=<+1@JKXdt@ThrayVL_2hI`c zQfLzrZ@C`QUxQ zdl@NTYULhA*}HF24dl-yep?m0>^h)Hj1I&*SX(9E64}o+lS;v z0eR35u>2wET_Jz}{zKOKlQDizefjmL?EIf@{6mT=1_NPP*ER}{ayp!zct6a%yBF=G2`6DWW+=vT!5O&AHhz2(6KVBla8 zz$<51@TMCH><$3{VMG{QJbYeCF*ObzK1?iZ98OatDry1<4XwCq5O}kT4Bq*|Ai!P# zn`oNu`E;WxeAS5Krc;9?diNbToUGBy+G_vLQECdwnQ#8vgoa|?_A=I=T56%K?eSSS zreJk)8;gs>*kMvvmaTWh+I>2!DJmoGJ6x3NBNnnBnm5h)SpkOc@p|3S z&V3Gb+_aQmAg-n>Kf-V#_O?9wq?4l+ar?Gp@3|c2hLm_A?qZc*H)$q@kXY8J}PH*2&i?cLezR z*q#wpY!SZic2=^^BvcL_E~Q*fkI`EcFyf|Fr3-k^uqVLZH$v5&_AaBHQ5~)yqk;aL z&ow7BIxdCaWcS1}27MZAWW%mDKH(&*Aq-E_uSRi)*L#m09Aa7^jk*iZjlAbzu=-Jk zoOd_8?Lk89SE z@dLf`frw*GgJi9iFOV=3r}6V#Z*pH2IbKd(ncbjs0ujP2be2Q{&F1t29t?TD3a%sR z_EH8ZL^;F73*ggjf4F^7(4Csm)Us9b!J`p=R$31d=~}{utF_og!|3 ze1dG|H5EB*$J@Gw?d;B6{D^6!<-4_@6H3eTa7OHrRb+^uI>dYgI^M#@K>7q`8Ukbo z3=DnT)zT#iBe16Cn8_w@@tSXHv(*;@MXTK$rkp~(9>VHX)LN-6Z+C^A48+U zvL|PfvdNJrmXD8XHa&|?0{fgVrVHc5rmk%r7f7(Q81?Dsu9s8mLwX|{V;I^OzQM7q z#TZk}`NUkV$_dw^_G;Rh*x(!oa(3gN#h}>vzA+sT|ds9!%vzbyg%dUg|z{shD*g1uBH@9@>%dI5~_pvZS zjR*D=aeGS^wJe?zY@wAH=?*d5Mmfn0C6VP5Y=}j-G4NBQYuZ^0u$(xe>_QBbAX8@e zqsZl_mN(vd|E@)isc!Go!0m@rM^Ng5NV%u_3YwhzjPitH`MFcYjV8Ym3dcN~P8O(v zH@XZkjRbJeI0`YQZ&GhAeM^`S=q~MEF77JF>9X${FEg|6#{WNgl^9)nc&MADaMKng zN5S4PFu%6P7j%f7j(yQ$?B_BXdJv67aiT}*_F=ZWT3oyJJ&!COdpWtyVuR+}J&P^a zd|WFTMw6)4U5!y$b~ekofYV?-WV^doAkM6@Oqm{}@}isls}e8Z%H$U=@vJCA zfl7uG(b4*POahbL@X}m{IcC4Ef1^?#FD%LSG@Nc~ssoqxS~wj`Zf-Wuz&kmI@i?q; z8Z@S1nevJo?VytdP{bXEW13ptwRmaurs&-Z!!OUWPhCG@2uczza2zr&Zd6Hko^6MJ zHt$rOP@?6OXNR*=DI&CL18)G0FR$n01U z??FZYw|eoprum0kX=bexs*79J#^pz!(e2da#`72x7WM+SGz#(8joZX~eC-qTJJ-dx@Lz2fC z>vOqNXgODHfp$&*c&h#=v%ZysQn_8?{}w8Ovv|v&?oB%w=kEqm{8@jRcaxg;`LnJr zx9}MadTyAy#dx~h57eoZXrk|Z?unG7-oSUjrKXOdFmQ<3O`0H^d$4@_jZOyR7@s$b zCI>AiY2ndM@Etu3(yqN=TM}96pDrb0VgI^!Ba15qEBIjvj;}9FJVj#AaM?qff}blK zdCmdPo(04b$+O)-gZ~2P35>K$n(QcIZD&I>dXMG&D#{z);2C7*9{v_`y{U9FEbD(0 zvW%&I+jL88#teTGxn5VgshxEk%lTQ9SBOCwpqQ?BhHXv}$##I_ouFMq8DBl_?O@4dZeC*}dK$SDWrHvj>_h7 zDkS$y)M!SqDIe|jdmRLt3b{N*dEEJWtLe{1T&shx9*+nNxGTSuak$=7!%7sJC|hz~ z&wh-nq*H!y0UTG@2TmMg)=}IUM>=`AVs>n@aC2-y_4ERuYC3nMhsf6teLxcs^MAtC z_@!P8bPI>5>BF=yvvgBSrMP2Ovo2rxwd#qVS+O34(LSnYNRx@;!hp-FE%JU2^Zpu9 zwla@)x;2T-7b(>-HM-g+mbOFjfT{4KqA$(pT1GF(hMgXm#eb#Y=j?n|7mdzBmVnh` z@aej`Q+K|2s0%NO@CUErhn@9A;liOU(;pY7_RQZZ%sSuQxLVBwy*Y2rdydQT=7i1tl5oVZ{YyOof}ycPg5}P@EuW z+~EDx0=klSoS)`Kle7{4^*QXE{`IH#;*-HE(#GwkPZc*h42{?FChE2`Z-Tu05KqGt!eW&<2E&mvd&&Rrq`~7 z_bVTyl6pdX$3%}FNz%sySvxPOKxYE#s*BdrzJoV(KN7VB`fH}f>3h%nWiY-VK3mq} zc|tZex#zsA+9!hin-SGza-&OHd=b~)n)Dp+822cUI_OEGCn2{sjnmJ;X}dzB>rgO}<% zsfUem#7{`|_;usF&U9LE_Eo0942Y$U`!JY~>=xl?h)zBM<39ILBPN+!zYI+10$IwQ zGS@&nnsfx4$SB^|F2f_a+js-SmhqM;*HOKs25xzDbd$y_b-Id-h9qSh-dgSZn2cUL zJdofO75Gy;arN2@^;_I;pFJtYYDh2MysMl9NfEUFS}H!1DTJRhZ^Kw(n1h+86pL3- z7~hgR!8FHz+%BL%bAMx>Fy#pwT7()E*SjS$AO2-m3Sau=C*XF_m$EkCi@){k=(h4d zUwhKH$$BQvuitQcHtlfphj!QW1UYk3`X8?2I^3kW)qEc=hGDZq5y|rTQ!lNr z9sAj<)0JOu9p8oxkpBR#r1zRcPn}xp7l!YMw-?H_#Ts?H6)bW%ePn95opP*db+>LQ z8YO^v7Z3EX=7-L-aFI_!-&$I7aiLAac$OM}%qew>yX(k+)o&({S1sx8BAzOTNUe`k z(4atKLHZ!Nf{D3P1koVfs3(c9YIWRjY9L+D!-37o>UCLTZSucE>9=Mk%*)BNTVn34 zhIq<_54O-pN8T!G&+d#unI;x}SwtA{A-$^Md|e z_XY`ESBvbHCsqq1Dk_%I>Cm8d0)rR%1rZ#1u^w-C*fJ9mUgI}@r9~R2=U#o}wk>^@ zlmQz#N(R+WqA{(j44t}I-&1Bh(iY*OSGmR}Zm0ZVvM?Ak(%XW|AGP%YaKQU1@*#eo zBoS@@?q`HsrC7}STxz=zQPR5^65?d>vNpF0rQx@4<5f%1hUOcw;N82&nHQ`f%Hwc{ z)N&l2juWQVLNqIwfI z>AJ{-mhLS@XF1{Qc5C>6kxz+IOrdDr^}FBLuCfu-DMKmw1o=uy<-CQqyg8kw$a6PX zGUQNF_pJ-chvu|y_Si46HfvKT{+5Im_Byto)FIr|en%=OdU57r-6k2{a3U zCx-tL0jaYcKbvm8JnD^z6wjDhG>Mxms{)T7dJDTjUQ2Q+wZ}g9T)G`vQ0DBt+sx4{ zHO6H1mgDZn9ku9pa%V7vY0ZnV_yaY)HZ@oJka`-?x}=QPh&O0EGuH`wsKL%GSll32 zx_(Z|iC{)Rr-qfbE8vHjQX|$XI^i3{+ut4yB ziyjMrfd>!}pns(J{Voj#77H5_hmwjDjzdh%luO*~(bLN-E$}ZKZ^B#v-jUCEN9T-D zo#`$B4eECm4?Eey%!$IxQml!>t*KH#Aao!#xGdTex%%*l#8T)T6vGW zq-!9V&9KpZ<Uo&r@L0hpA$ZJl zaiox;K9LWRRdkQrJyn>qRacWeW*-u^QkDq%D}@giU)#qp>iW#;7#_Eeamz~uFFq8l zDip1nWq@n&?_OPU?NYYyLXHvU-8b(MLS!>8fN^xF0CuBVx$*G0b)l^6Xe{dG%;t|$ z(^9b#<;hqSG`WrMI^V0-c;^wP`{Vk$Ea|9z%IdDj`fxMa=w@9YaZ{kD;$Dy`X&un>s{qkJ2?N^7!G>OygUo zA!`ov1==Wl7TxFOT|cTA*GOJh6V8k~`D8<0k-{zln!zZEcsW$+`Epyib@zP0o|$!bGQX(*38&2#gq1{w#;aB(Q(7=p?N1A2IQ zDF$!=65+Q{s6Yra2Uj9rA(2TWS05qzOp^ST}I>DAgITLO=Df zgG(&!MW5h~xT?ClyU=r}n0m=tCXAQJR*y8@oJ-V{d(74iQSOX)=Es(&Ta@3ViFZDKzaBSAK`Twjcx&otlPqqM zOve%RRVDrD-X1OLyEZLp6_Z}I@Xx#gBw3HL18&UE8nO|fhPE%bHvBaZ>@k8;a<4Iv zGLmt}3!}>B&FHt=TAJuXy>F`mpF9JhfkWcJJ}s%CKDFo5(^QRzOhtLl0rI$eQ~h(p zvJYfM#yDHfNslx=W{SVO17AHKZVh=CQaH(qOlA1jl76*!`y2EwkK3fl=Plc{W{uc; zxiS40K&1tg>CTD3h6sIC>*mBTD2V(5P>o55&*t>1Jo$VGm7j{Jl*(nkL&`VW5VsO?cvIiJBkq z3KA?7w!vfSoZmr+vrAW}rOr%u7eZ3H-fwJO2svZ0UUF-w%ra5tqNRw|l-r2KR&du+ z)mpW8XZM2Q9w!zXVJBFy;_F!@{qC_#(gPpcf^afg1$cIDjkr5$w^S+0ZJ+w{lSFre zLcO4s&)sOb_1@=DaUK%qCDOtV<${qZ?@{G|FCST1owJa&!FS8XYs%NZI5Y7l|9M`~ z4@R1rF2#rTDV%>677}DG;c%x4;BuyK0~r_GHKuw6=vy^9Bzv@GJ7r|TF^}o%5RU9U zwsmMl-ip_QExGY8ZXV7XM(r9AQx}Zd!DEV3#1ull^0dw+$r?qZW7SMK%5*wOLD0d* znkjL3ytlMy7l80<73poyxlhHx534E=hEs89`arjyrjw`n92ac~wcS^J7r1lgqNjcm zy2O;=sK6)Yh^gdS(xtj3x*6ZR#*iRwZpnIX$wa?<(kEYBKGN!1YSV|8vh0f(D^yf& zP?u{Ry)!Ky_}Bt=ze9)Og+8LHM`lr$x}Tg{-1`z%dDfm$vW+E4kv6{1vP$nSfCyfM zgI=vR&xWY*fAEB=1b#gL6OjS*mu@g{2q?%XNbpFA;BVc)yaeu2z+bdcaq>RKgXjH+xsqL5rTqZ+*ZAYN$t;30=KdSG}Q(~w#6qo=(gF4N(e_->6ZhpZ9?9FMGS zunYk;`x(wv9p+Y350@sM9)xYJuEq$lX@O2=_2K zX*CtWbplkJPR<~Xr7BiPE;26N@GHc%BBU5!so2gI=q7^wrVQL~Z@y-fo|N4a>#ipg zi*ciV5w%itS=yl5ja9kBsrz}V+1SJ0rh9j~MY$^2P!FsNP}G9@ZYkyP)W@)?DAd?I zp0C!Ajn<2ehr@<>TcGc;Z(GET6}9>r=eqf3Z&_{bg}8{Q%9;n)*C>uq}tnk9B-Tf`7i zj@8#4{t{7WA+*Z=Lx)=fqD`R!BLD6eWl!Y_5($8x#JVQ-pxAtBM;x4=@UhoyJ zrF(Ptc|={jMfn_m7u9FhIfI1Hm;T3~A0Sq3g9dkZ58~Tvn>;6No5@gTAG!;~>{zI)-w3qiZpjDbvX_Pdj&gZi%nLy9sq+3Mt$tW!b~ zz%AheJG{ls?L7Jlsa6=n?2WgzE`p*GXu9gI*YNs+Tv28Q3aaE{tM=f5bpzj&;)Q>rbtmBf@sQgD2|Zae&c~qAQ~@OZip=V4#c6aYTT-uOC$#X$GwKEF zrscvg6|ym`gUJ10LmJ8U%*Rbx2BJbsi2Dy%wqH$|csp|yz1DlLuY<9cmpBlI+JN9$ ziJ;Fx=JTcG`E@ToTV(oxz$g~M>KSe3xmuzc?YC|)?^){@%8ipt@+Z&8Nj_R`35-4J zyx-kI;iMNT>aJ{UQB3x>H+(rm^L41kecs89V`UV9-D&g)TMgRwGxTI;E&fFEF%ETbMiIutf?=M-S&ozLle%&weVzo{ z+=_Xs-A5b?j?RblA53zWov^9BA+RL{!Mof#8xLvh23vX;Z;jH`3wrR|4HxnTL_a4= zrEy#3QZ43?h&E(OW-4(%Pjq;8dSD^nFT^tWENAAi3aom2{akx}en50djX9Mivt@}8 z>Z{jZw4xGVh56Fqb=6N3L~r}QM=O2yiGXB=<-wqiHGSy^z{l#^62NW_-}m#4O*usfkXFNuogDvaQcKads}( z-M+`SETE!yOKxOYcxB-Zmlt_g6tS4T!o!-fQW`-trsVjN)ke0;5o)@3ZZBuCHTPb! z@@OU7KN3Dw7q{qh?B0)EV8bJ)S~{H5&UIRIvq+q9eTQUPqteJBOJ_StSjUtp^z?j8 z6d{#OZc1H}WOP}EliCRUmkT0tX-u!2$fM%S>ZS0CN`l`{^XDAt>wK#$^-EX5YVx2V zc^xmS!!>WhiHD=WdfaH=b)Uy*Mg@_yy)=01E7Pv^YgJx5ngYk7Z9^;x=BOquQMVHM zs7}!-`|*3cNgsMmtr|Ha+-;k56pZ|Nut{c+2Olg^Kb{jNr)q>k1z|wGdeQT23BT5n zIJFmDmT~XA54)vSCVN!T$86KxSy3TwhDFh}N!BL!3o-B%kC=!C?1%L z=Uvbf)*G4L#h?rEMQ3rWB4e^Wc9U~ndV%Gs={LwR-&eOkJh!X;C9XpW<>fsEueB*x z${Xkf`o0DlGP@@8tW!MsH@H27KH#txZQqw6z=vrAd;>c zH10Vm!?z!{*SoVSJ)wQjMgNAsE6+)@Q(jHx@R0Vi9h_+e5r2v_d#jKJ98oSKHY%)O zJT-noNFvU5sS0n*a-ow?Dm{kAR=VZJ-mF~2x>PA`GcnHdPp*Eop8N2KaOVY@4ZfZm zrPi-wkebqA_QIBF_u^L;hP8Qo%SA&vvy-WrhB0Je*@No~(m&qenDShf^1KEFZ`q@S z&hL#qeva^I2su*e0eTK;R&de%Cp>GX3{R2~`W#s54PNu6wsq@Ps@zh1k!aH&b~riM zfrQtW;N}{G1@i(YTFXPLX8kC-s)M%Q7|Xvub8f=^A)7Jy3A78pOM{uZ<3X7B zeg0HK%#!Z=+=i?*eMKb@gfn(fpxqg@eNPvNECgg@;+X1{LW_Vq8&M1d3&~j)97C_UCP2>EMctb3FF4(b}aJiC>}4}80>Scd+Ym#09*ZaT9F4jo46`o+zIu$&V%J^Zza$$a4hNb zG__YsMUcrIZOr>pA!d#E%dL^8BRk5nVMThfuLgDQw>4b=T}pagQ7j*gLn7u2(&PLE z6eq>{^b$z>1>+q%5W4G4(%YBwT;IEMvVU=&i4ciwz3wBfNu*kD#J9~0fN8ff_r7eeK4z*Ry#sP7 zfvZ40T+~M;S~bW0>ocu3E#tWJO3Lq$JqW%wIEo@VoIgD?#`%1{Ud#737QK3)B|gQ= z(ok2jbJuk@$L;LnIcfaJ?1zz8J>!#Sp_^Yu^p);PaiS59e)|meCk7@Hf=_paM%G%f#`B z*f=us$T+ch-Z6VjKMk>;Osn|mUxJqenTUgAnhSzf61+3&GW#*8sT4d?!(IP|uWd|Q zzw#Si`OSHSPMzpSStpgpq8ETndIFcVAIo<9Pj>F#f-d*39_^?>Xx=CNqFd$B$gmI&sq1`$|=B^GR=U zM*0%vx7@9vJPOm{?r3&wa*FY*vn%tZXAI(Bdh`I@x)*#@r;{-CO|b&6%9%+Lk;)w! zI)2d{YgPS|lH-aSw#na2D=CUHuTRRch6feg!)+Aqc7KXNL;GU=HrCK8Ipp-)JJ}Rr z$!wRwoEC=SSFOdD)?d}RjEWT2OILlY!6gRsCa=_;)~veKC;9@2cD?KJ*}OHvT32Q`WWZV+BhIl>A3xAmwjX;sA~xw`2a^E{xnsAE-SAgd8lTl?0~f$d z+?oRV1Z~mLnW1z+y`H>-`%HiVv6+dHz$tc`SJF=PNw*H#a7 zR*4L25STQSsE!&2lu^qX*y{8;yIiEpq7I1crX>WBtJlg0w^m_gzuK=&DpD{AdXn1D z9B(g`l?V-27!hjr+Zvp)TX8Lo64{a|DKD}U2?{b8+IDsKvE$&qAXpi<#1l*Kdc$W- zz0ujy`dT47qF$1_EbHOa9_y8-gSQQdKW`iMEl<~iaJY<~$os|#Xvb|zxpJjXlQCoz z9!4cd__tm^Y_XVYB0%By8R@ew!fJJtCH?eN#+q#BesbZ##>>-*QImW^VdY`Mj9r&q zj_A*p?4QC9j8Nafl4>djZ>=kY)zcT0GjuvRCtusse(Bec*TAOCd|=0KV7?r-)vflN z9(^;i9K7KlrYd>4y>52&ey|}?nC9hS)5mIDR^={X%BNIs?6_PIPPi+~KaV~7JY05E z_S#c<-i3tlr9-kC(_BYdd10$vy+~&@n&I^DZheQ>$B>u!Y3Bre!H7hhT6j1yo12G0 ztde&1D)Mpnn+)xD5Vv`nd8zL)HWSrT@x=K!=(b>BwPG6(O8P+9fyA54 zv>KY6GucmN1-!!#2yKdY0^UU-lUwD)Y=u4Q>fRm-0f#G4-rA%mh(U0)|kR4BUJ&Rba#VnqmMvfQl8%pU~y2z}RPo}~KhF|dIqIFFD=-3dhGj+@t zOHe!BbNOg_R`z8?|1UqAo_O5!anJkR}MW~KW+Yg#Z;FYo2N zI(TX=w~e;p$7u9roH+q+!bD=B3UPiNLNdmT`Wh~`)570!7ZN&QHeZ(R1m{%w8cVTA z1I18CkU_aSsMiw<{bOci`+>yzIS$DN78VxHJw`1oPIh$a{!#mnw!(tvHGe9K@%oPe$M6antz z*;MHk-Ay)=cR$mRj-1E$G}N1)bfX_bU4JhYxP9b@lhp81T)rI>cY(GtDn4GYiMchb znp4mplfvXHvv1b+*HgR})vtHXBWLMPUwrFw!8xD30L<$nzU>4)H|V?od|Ka^F9tTx zZE5e_oZ0#E{~8PRU`Y{E(UC+>QBggUVN3DJD>b|g4A$2i!1+p0GZFWWeo`LGKm*&^@wiV71HF!WW7jwymo}-&Dgspz$}+-FQ*!KU=kk zTmJTVyLezpw0LnJAQVF?y9b!N_f@@Q)y%zX-H(~^jcQ6<(um7w)vx$G1 zNl@@?JIz*wid^afh)uDQyx&UGC#W;VjxQ>Fp5K`{)mIbs#Em30<6*PnQDWZngRT0HI*1oQ z)ddi;RG317$NO2+vA||psk;80Yd3l4K=G%$foDMON%6x1`uCHShexWl=U?yx8YwRT z6W+_!ma*XtKkeEyS`NImR#($$1H%$uMJq$m+;z6-? z=#7xtGS?DkL8N1%flpJ5^JL}1SRwV>+;@C7m6|x^LF*je6VW_|ifwjFb0jhY^_HCb zjv#GIwIf%5dWvXbUz@nFQ4eMW97Dw7T66p2(AF{1<#sN0%hN+m8Wcz$^s#HkKF`qfwmC03lyhqfbi4VGiw%c)*q3oP<9dPo3ciX0M8Ij+yg96# z)^wkHsmpAA$R9_V{W*B=lS=EXi0`m?7JxsEL(-jAql;>_sXUM=z3W32$VPHz&|p71 zy`RrbYg(r~{b>R_duFQ?-$13P)2hzLwZKx{^O?;dlcw3Vn5waITOrE%3Rkn|h8UGq60t88|GE((rr2{?()QUcz zb32}vb!r^0cm(R7Q*7N5*vxnIRfVygpxJfXK>1k#8l8oRp7`D!QE> zqG4uNW#=j!m73%Y4mcVR6bREyv99w68z+N*aCEzx!sABBtJ%^HZ-;LrSCRFFUD%}e z&VuY(T%btn_fTq9#9C>~x5B;v5LZBL@-f+h6{|Jy)f1Xi%Lug(yXH%nT-`N^xG<}p z4UzcjaIKGSDG+^9NI+EQkE4#sT|oFcU7s_SjY=A7ZH2QKN0qA%%mU$Zc+&@Bf3_JE@HqtQ0wNk&pcKOjjpT% zVjl{Y>?d=hh58Jg;$8FQdE+2b#f%>DMmI6G;T7Z9iXLV}=-D<-B|kn|HokFWZ<`l^ z1hGD6iCxm+?Q<`PYGA^4PG#*2OXg)!UGg-nFWG1fJ4qm=k?)t+qPMaV6;zBRK#*~@ z?2Tp;n7_snZ_&|NpOdp*ltZ_%Y{`;CkFxL8C9OE{;fva!vt|m{Gt0!@&WLbNZ~{gj zmDN3*b;Em3YcPSe;hOyEWv-M@D|T6 zvuiEt`1)Ojvwilp`qjd#^kH;KVe{N?@tfov%1z;@<4?!GJ1<@(n6K@zLy&KG0_-m@ z1pN~KzB3i2zM33aU(dSDMVidgO+&HYuhEI`K{hTTK}dexAr7lEl!@N z5Jj7s21W(j@LgooZFZEqs1BL*%e?y-mzSE{?_2f)sdhpsz=Zte>}qShZ{YGIR@ULO z0V}X#-8cQI$NKa+KElGh!t*c#IJO3t`|t*lEf( zT5@+?EyNmqz$A)Gm4IAra;Syp^7&iy-*;Iy?K)i7#tvcWjnH32d`IS0LFptu@qZ4g zpeB`38jaCZFaoKG2bxC0TK`RgWgAwWvm?B(!l0VjI`W>oK^`;lv3A-|8e5+?&Q;j^ zF^+28#|S$ZY4^8;r%%50X#pdrJJQWu?~dhZ!<-nMVWz3?$Wf=lCG(@>_gr&mH!|%$Zs9nYGuBLHzh97%PH7!UxIsrs>!9}9k$S$A{W#zQGn*pH7nUO~N_q=&G( zn)vA&?oaH`J|pI+8ZKXGcg#)t>H0WOI^t@3wm-zL`I3ISTT2Vkk4afiPV>li(?zc- z^40#N@o?P1ljj>CDuylVtNEqIH-MyCdtcDLT(%O)sVO6f7hjW|KGN5E;pO;yx+qWcCti^xx^!!tZ-Y)cph7c6A1pUj_6wq~eJg*A$^k4Evv zE2tmzqSdw*njD@pr0l|HqWy&+^$sg?NJ|@8gWzZD`w!0tXEr2Tl?xSP>o>HH4H?4K zwJ`4hm&=cEcVss61I0eL-HW8a-`X&NZmq9vRsLGjTR)~Aco}lA4{yOEcakr_2V7`1 zv)J{*hB&lLPuEL7K+`FG@xmueOc)TOVnTFD{Zo-XTDB8~0(3)JLR?;NobXX3Zbe;+ z&Wty2zIV`-T#9e6HpX(kwb$gy(RxwwJ-YJ$Tyz=cSG_6$>Nj56Z7};T5=*an!nf-D zdltlR+SI)#yh+o-Kqs9ut1w%+U;jQST|zzE~S9XI*fjyhJ0h zkH9tcO&$qdzGtdaIVHW>K)fN%=YolDGj_$PfW9}K@uW3MxhO4#H?l8$Jz14uqoakD zi^7eI!=RQa=Y5q>Jpn)cNT3H7zTa1>$NIJ>@`wum!1Uu47u(F=gw9)h)!2Yn$8|n( z{E|O3@D&-}Zqgm%PuJa0<$3L4ULL#&cE{Dn#g*~^trvyD5zzFCC&XoOZFk~K88P*a zxI*s{Tf0lgT)pZJ3toGjGGSVzw8psNZr9#JV7v~AiYl#Uoo)IIEiQ(sQ^c)#7qHxo zuWGW)Qdvw+VQ5xK9%B}K{l&HPE8A(>E2nS`saHiM9VoqPXB1d+DEhmLO9YWEyv6Mw z02W*89Ue6(BdYvMR&Vi})-X*k^Ja4FDphV0*SeMRN)}bW_8JHk=F@KB3yFj?rHUb>#f$ zhp@Pmq-D~7V)%%kGQI?%=|AIxcD&q9CF@|EuCt&4o^rtbC}r20y(tsqo~;yhk{%w; z^25~D*iJO=OdXEheirFJeft}rH1T_1VUdxH0Ugq6nn0oaFo0|I*^6_el0ZsFLiB** z;YgkD>UCKEAWOG_oOfjCrh9W)KdDPj27@Sa2m@cZ-r;cLMCil$f&b9(yL>0? zF5j0NBn0ZiPb2aDNT=8^w_+kgq&40Nxf=KEUjCGjymiMbs5ONNJ=I%vh5}z{=3RR+ z)m*f4!h=dLa|1eb0v$Kz-GeJk_nD&2_>?wY6RQ>9$^9#C&M}?GAk&5BWZ5W|%jD0T z{t|v42`}X@XP{1rcJTTfT`cwR!3$`B9ZFnsf@rSwE<74*(Unj-P*&KPBc`f#iH$X4jS0iPf4NTezB9DChnij%_M$A)h^ysYCHZz% z{aT40m?rLRc?VmOuPWwgrGZ0CbW+f`r$q0U@{t46#H`lW=J6|f1L@{QUA+$?2Ae`~ zLN4}Z!GeSzD)q$YRi9OxBb(nk|KE>BED#T@&GnN>(P9$Ps#0KaXMMB0_G+62+uvsa zt%;RznQ@rl;uh9@n~4{X3WK8qk|k#qGy!MO*KUU#L^_s&_^$??(0EKsu0#prF-o!} z`$HmgNT>EM9#W28zK~FT;xK=F1ow* zHlNo_6W!?R+4D17_4rIG`&6==A}EVv2c(bE(^AuyL($*hy!iHRgInH=$qA_JY@*)`J`Dr6t!gW-ty^=k1e?)*bqq^y!JFI=>`s# zBg1Y0OJ<7{IMZ$wSz=vg`mnTc)t07pAvS3wSIG8 z7*QxE)#km$CIb2sOb)9U-z+vw7jWU$e_ zNw!|5TEOL;eIy3uR59-i++|9Xa@$}cIzT4@({ksK^*9|C7J+VJYZz-~hk zM570&&kX)VDrpa9t8TaJ)^H@W_|Hpuo5=>T%*N zjh6}giZoxD=L1{|m^h@&m(=G9rCf2sj^%H0hA^y;?N&Sprmo*W? z3|`5{QYA_>f>78REnr8_q!4pRl_3BzOHP=IXtT}BHk)jwL=?Vg`aoa&tIEDN&GG#4 zXRF8eehe)DjTFN?M3OFX5ds-&KAC`T+BirZ^K%zIP}dHvtaqMh{(URqdNSb{7va&b7)`hQ`vl6BlyKVeCcIzYxR*#4vB z-HSS?AMEF2ark5L)b(r_V)|qK=d<#C7%sQ>=f~;y-t+Cym0w2h{IPy?sef#DxFY>^ z9PTUUpA)!Z%7%J&-QJc$+5rHU$Sboiniba zjH70T`)rq#vb}Ai>I+>;zs1mo=yYtT`cXQCIzXX|iAH%*3a#EE_TA`Dkn5O|Ga~sm zq@CcL#p!|%WXUzL%c5eh2ug^QSv!a}`X8_)8^&m9$@?+4?TrPoX61Y`<{Nu_)c)aF zh>rJ;ku&-`2=xHTHx8?}P*XDe- zF)<*%dk0xbzQs6eTvjt%etsr~Gt-7GQx!$T;Z&D-f|rTavbtHyJpi0pV7y;R z;2UDxM>3wCW>_QpK~sWZOJ@B|xr(GUH9mka8)L1t?JLNHva4FJ@*5z{|8lWWjOtB0 z#(iB@W3Bn*Hsn;RLUxM7HpHSFyGoV|1Ie52+&WTjl)7p)Yh(VLYW7+KFqFbSfoH|#X2uQsh#15U3$5M(641rbORHvO zX5BB4vg?r~P$4@0t+8x=;4dfGZ ziJ_#v^$t?3=(WHULdr63SB!(18-)XaXfrB?tqJKPH9VCODe4OO0ZJ1prz7 zG@BPoi40x8IiGi%tlK1MmXvO*Jg&4FMhW@AZ`2j5oksrBGc$McDRV&M@Z(rU(nJ2c zB1~B$is>=_L7k{+~&w0L; zRwQ$=Y9yH1ovLuR-qoy0q}R*)4M9JSN{Bk|6Nw?sryOtV7=V(O?^IHX1;S~Cl!T>O zDWWquIAdq#8|SQf>A69GD`gU9bo4F04q5zEBQs(0q-m75n$E>ZrxbcptMaHh`1T$y7+m5g7rM4&1(u$QK#rW11d^wwY1x2H+=Z=Td0c`sdas#itW7(vQ_H$ELP6Fb{ zs)Dk>fubmp!mhPoq|*WnQu|!Bx)6ne4T^@?WJfK}ZgNgA$$^T#G_<19lJtR^^oj}1 zz=n*`OcAWLf&a;BBS|Xq1l-8HxFz(|97dNmuzN1ligg#0kud@NJ{g}vDV&f)R#^(& z!(xiS{pxdJ&jEN#aIRIvBA@{cO@23HWy%P!esf2bX*K)SLW-VTfzfp6xNJuB^T7jV z?^*PXretq%&n7+xkV$8QYz{ecr`woBrCMDCWrjdl##*O?en1k*qq6xL7gtn;5;-q{ z;9yZzE+PJpji8W_-9#|~M*S263Ig-2#qjNEaq`7gJL8^-I@?F=%#Zl#nF*;k@{Ls5 z)QAJ=HFe3p9Kyg2=ylB`8GEo5D>g8m0k&mlgf%G?eqV#30@R(MCwWltn5rdiTSkPh zzQ9e#mVhfyDH){kRLJcKEHvyQc5J_{9N9lylsu)S$F3Jf-oc#z1x=)^1t5$ejDI69ng4Aqhi ze4fpt2@l~il4aDtK}^(!%0hwRIf7U4tf`Wl#vJxRy|){&G45>%tJh{pKkucR!N0=tB1@V;+Nd(@S~fyGjMEzu;2r43-R}5g6hGm%(ib|q*y>@Pg$|k zl@6bis>!HK$`92uhr}qUd(azl?)trbLdXu1@qDT~6|Xg}rLN3AJ7kuvaF=Mqc1|sY zqoOg=u6|61aq)2~QP0ji9d<9rg8jNNv8EU_BxD3?E3(dSw75vcA@_k)k^$%l$#zoK zk>)T>04v)W3}r?urBza}CUC;XIgj&52a}Dm+*fcJM{HO%UkYC`AZ=CCK*nM|$Ow>y zhn@7;~|y!ohlqScps38iSjrYu-!iZvb~9M-+bB3sy5YJ)5oI4E@1sc9OZA`H8$x4&>GNBz870kt5T(k)&xNIiz*q_>ZpG>V-n-D=VT+=6 zj;9sD`-$LZ-rZTMgSzG_Yb#Ax_d1=S);M`PSSf4SBls2+->R z4v0LcA1XTn@+_x{8fSk>mx+vH7%NYKVac*lq*od08$yiEd3bd>odvN!~4w9vW!5u_3 zBat2@+X`DE zu~|5GkJ%~!f+H52H`(FfFLr1$9WAC9X&UPtd=LB5KiaORz{*=ew8Q-aM%!C!d3|eC zRtrLvCgh>(b1k&?2Dqt?`G;cwXlRidh!`P-b%_9n#w$^i=2nIQ|5qQ01kJ#xkLAZX zCKJBMO3&KgJk|7Gy7*ebEsYojW6U*OPnYL?gluL1m57h{&2zwr@CXh&{f_tZ5UzLG zU|YiTC~`0u6|Z48Q(Tj3g02JfSeclcvgP$mlwY(LFgI)OuV)y1KiGg%4`(-^QY?%P z)U8Bz#+{JdZ+BUY8q|jGc5+YWy<`&nqx`LjwK;tCYj+e6@(Y)$PRER`!A<47{o0Rk zn$V!okNeIf?#14uP7p3$oxhX*@u!^DrKO%|b*4yh=o?N-exnPn$P2qzBnW$+wK3-G zYoXv!|I;Yzw*mvko1vLV_Mdk)EF@-0cC?LrlapI6d}3{P)RSw73+%=s(%RW%4z?M2 zcrxB9We}tCx$_UFm%=nvBD?zRisvB#@W{pcB{j6)Sw97GTdZeJ2E%y7VedJH)mcIy@~vx!6CinUhFU2*X5(l; zGwi*-t>zf0g>QV0h)|p0M*J(EQ#z!D?s227Ch&0o;Phph;-lmE_)JDzam);XDe>}% z`w4oBw}-bZ2kRp_0S~4=8IOKBB17FKKt#&wKo6G%^g9dLQR*VTW{-E+Iv|ZtofjzNs!b#u+1&Ba zlCNx~@X-@>NXi1p4TQFW8qP3pqXaVw#4-)?IQNHoRSK^&8lUKEMRCn3^S3F~WW2QX zjnhK!OO_#n!zl-+bVquqF*kz3jUcCX>TLAfyORe*?t5Bqy$h0Un!H}8PG{?s-U6T6 z_u2q~!TT(n6Z^Jmxx@M5X1GoxvuTdoHzx~1@g4O72MEA=K>D3|h^vAiGV3^BOp`|r znOtdex=2g4iEmCWKM=yeje>8Ut)C?`KVR+jsj$r!IM_C%-Pk=K*v-T<@OTmK zM5@$`P{+@^BPcLHd}_-Ea}aqZe|(~Jy&4|8tZG{M_r1=`((_e2?+^~c0C~ynTuRrb zTNT|l-K-m6UQxWxxJq%e`?rV22yhji?}`YDPD`>@9f{I+A8nNuH__=L-8$7fHVf!H zXK&}nY)UX5y#z)<0;cu{`jy8L>@z9b33?>u$@Fd}jlUn|Fn@zb%P;jgpwUk<_2CuU zGA;pji|hM9c4E6b;O=jLM||zImjU`;>>ZlZrOd;|)i@q>Dw^k8L_bzT+*xK$&Fw3e zBXk90W26^q)Gqd}A*O4W%qzy);qy?Z<|LhMGPyJ}>CqLddrltj%xcx+na{oyVuuMy z(nhtq>$(zr_7#)8pT`&6AAB&SKU2 z7hXvsBtUko-(KqVJDN_PkNa~qCjap6PyWnWDOQ6o$Sy?KM8j!K=!0wNg87j3F0d;q z;vn8c?*a3HtXSV>zaQ;q(zBZm>)XK7%V+UT-uHGx&=uSjmaNx`WSA7d>sSe6u`pFa z*<1Kf!JFeZ%I>k@h0K^ohwZ(I4K1o*-GV+lX0A41DSNZ3Wx44&%~2(s7M+3)1}G*N zgd;Bⅈ-Xq^V~_Mi_NBK47)EFeU{^7eYBT%Z8ov$ zNSBCiOhpMtvzrmem>C%ru8c=OsdgkJJ9x+0N%0tpBs{imdArHtqBOeoM!3tT%bI=< zn?2z2GY*RB^4KO`^NGCGM*Lm;9_uFMHc4?I(>}+sete2|+2&`gl-BJw2v{1|W@KMfF<7LIku;UD9DDoba4y%`SY_XF-%K5x zkXInz6w|#!FyBWw^zo{s-70rJgG@})io)8YW}ZN5t7?<}HWO3>BgHxET*s6Jd2G(- z)FIp>md_$FCeySCKdY%^Ws{KvwI`d{fw=uL=|fNzC?RN=!CGE{gQ!-%mPn5>bZ?Bh zTS1uUMZ%bHmmsH8gre|E+n57Tc8F_6l+f~pbsx z6O^z*)P}uLz#(1@4gl&Q3vf)5xSA`$F`@MQw|T-S){rOz?RDg^+$0EAvBn?HSF7n^ z06<_3#xep4?ocTY0X%X^JK=UCX>(a5<&<~G`a13!0_c&uBa6Ddf>jI86Csh`0B_R= zolL}RW;XxfK_y5tV5!jI&xbx*6|mDv8KU=5X9YR=<)g_E<=N(InhB24ur z?NOF)9He~LB{(n1#0gFm2kH@GC*gA#W9u+0h)GDUueb85u*N0xuum^WPLKb;a^mdqNZU1kmhL>h!~Wz7;A9mfR}Ck( z&Jxmp&l-wum-QKs9c(#KpL&0+z zkw+1rMutvbK>Xk?1o*5w^c|!o=?Cn*Eqxc14r9s-`*+Nr~s->&QLj&Cd`zI@_MjeHb14{OfFSC_p zwh{|A>#h(3Fs|mrTg3ZkWs#ALB0NwVp-SYS3@$1(VbQ6R&|{A1QVs*xdpNwXiJTf| z)~OJcD9NmR$aWo@Fle?RjZZJxI`FP?33(U=eA_9)Wb*Na7H0i$casLCNcl0SaLgfx zo(B%D*ANX?#8Ocg36S}y^v1^l#S5!kU#alHtGIEKMAX*vYrZ9qYmshsKVp~gqR}Nr ztPaGIm3Y^>GqocYN?9tgtBrdyIDE72hNjAi0vKs&HbaHz5Q`)7F>`=8NzlPr#+1ED zbs`JNlxDg94vfs4V~Ju!r&hQ@cC`L2_jG2OxEU!Kr5sSRqhHzBv_hoa_9^3#v*r@Hac6t(B+HOQNj!VHk$nADq4+%krN*iL#fbtkj zi0AMe5n?^R1cP~$>I%$EN8n~9MasY)f4QnVpM1E?_uY|K+wON*LDe1XnjXxQ|81fQ;5^$S;yK*Cz6q}kDu{f(`G3Viv z8z{mgOhU|en~~khne{rx2hisrV-}Z)0cp_E;yr8+y&H9d7_Xt1O~}Ge$3kip`e%9y zp$1N01Y(^<%4+BCZ))Hb-}}orBCkmYJZJVSNsS5a(`6y?4Uos``q`XsJ&Hmwhi62< zwjT9bN&1?e*dd{aFso1ARb!Ws0)dqi&#H3RG#= zT(%hgD#I3Sr(|)mTp2~tc~-P#96e|&$cGe$O8JoS~BIPrwcC(TzA?i#?2#-&w5JmLs@<7Si)ns+! zZNhQy@*VivOFD(6)5*B??tt`^6i8lohx%Y|k_JkPhD^Q5+p`icjDDe0gek}ie@yvg zo6)m_gG7=6r@oCP0vNpB>5VTBnIcTH({k3u0I8t66KFooP^fI43<1FIaJI6w`UYigyTmU9M!wS@nU^H{vS(n?xcD9PTlq4AM!-+b*tR}z3vq1G^ zlD^JJMzCX*D(enev6);jHHxbIs z7xX0TE^+~P+&VmBfi|4-@SToJ=ap#-XYO9>-K>F=xBTfmFl1K^2d zd4zP)FVfT#S3@1)qpmv~cP4ZBPz$V36CPKy5vz-lms|L(rqt)wWhYSRc~u=O4H7|T zI0xGva`tejXv#6&om)l?d=vDH&O+aHxf*q3xIZOOULx4)^pmLW=2l3)Zj4!fdX@!O zxk#SjI{-UU6ZzKNVgO2~$0cbOqu<5nol(Tl_7{ZGPiJ_ozm%rvCcg~IronFi^bOz% zf6>3i&UKo0JY4@wpt>HD6ku2Po}eU%LGLxkqzJ0Q+f9+8W-HE?rV8u934>`)zpx#Y z5l83ul@%40Ub=5JD3R!-Q8fZcwW=aUk3|MOBNy!K$Yh0&7wVtEQW|eqKeQ+bYNW=$ zf#m#_M6pfagK?%WLv{TqLfnAAXh%%>XZvVxm)n=U~-Rp>iK5s&UhiM&aJkj(ga`C*-AFC z0D%3IQ2bnhUk3ayF}o}uK~+>Zn`IJXkjGBSMhG{dgbvub=AUdFfd=qH=QA@H6}S7) z+zZHWF0&Lh@jhQmd#Nm=7sLF>k~>y^Fj>w>F019Ou6l2wa7$p*k?(Y@y9Y+(R-&5# zWqar+iToGpwY!f}>xT_(oCd_oSmDxX&i7k}g4JE-*$+&K8Fa!VB4ZRUHzLLLD0*Ve z(pfck^{RNmT*2fv0~O~11d|hHgUKp~yNftOyDYhvATk=?0et+RyLCnuvfUr+9~HGJ zPLuV@2~fRfZb2fq6Md_Ju9&X5%qFRn?nu+@qf_?b^OxYXQB`}Cm0tE+&)<<%$*FC_ zRE5rt0541u9^wEXbwhy|^=G*e=y2wtEHS-K)=l{>eVR}buM4{G{fVF5iobf=WJTHO zGpv)KU=PzP#MI6r02?u(1N=Uv1ODr&q5spEpT{Zx^dP_d1pN(^{BMVpCj4?{X#&P? zNk8%iU;vVkKndaiFcK_D0uX=%Ns>o|AwVR+-+==N&_O_SKmrB?L4!CK8I0ft9TbEF z`&;m!@1-Y5T$h`G1o{&&0a55LjQtG%!Z|&H{uhFTzvKJ|_;p^Dvm`huNj2{e%zqEg zv~&T}1Khel@>3fB0X(-3HX!YP(;oPfpMMX|I7FZXpmJ(H_?O_xk+45GPablO_`(En zvaA1>;E>&ahy}to0?UEJz5(?AH9G0^pXf<4?ALOUk^W6C673UC%}YP892Vi9P(Nq_ z5x?jlKye5Gq5?3klkiik|D(hS{BOYDE^_wgDkr>|%001#yk%rE{K39me-#N$lQ7TjQcVEJ(<@=-i zD?Wh)h(I1hAPzv_{1X)Fk~_g4Z2!m-APz}DhXBMuNr(&46n{;XsBUrlQQ9B>5n@4T zO*kY#;+oZe0;gEI_fO!zbN*j||5Ez@OTc@tS^BRzS7b!c|JR&z=g$03z+a*){SRc$ zvE5+yZ#lnteP56S$Md5 z|D8XY!Z*N&KLRI{f0XD=4E}`aT-t&uL8Zcr*72#G&^2-ud+N#NDHGWeT*E=C(?y-3hj(K8G|zFiZqPkzo6TTlW)P!wEo!HH-BHF~mh$m&sOlaAm6Vng#1`=h_Lqx1 zj_4V2DC|gQa-AnOOkwc(zjj|nqCr&1=hh$Nfdg~-VmP>APDGloD7nJjl;;62XzFfxBM5AyV)TnWlJF#jVr-1!M5d?`9XiTVYU_-ju)DfV4rT zuEYM3$ydG`jyUA%UpmUxf=E^T@moHg!G^G0@tK5K2{AuFcKkU%KjXT7;eOgR&^Lg8-7zaVqx6p49LF`v<0@@=9{m*d@_d#aO9JhRipUKS*;qZPGFhx*(m`t9hch zWgtU3uA!vxKxMsvWWsjrDl;M?dVejL%HD_EDwf=mCL9)D^Y!R)*W_*iM9oL&$Z*Rx zta{&|ftjMp@suevjVHjt(itNfM%J#$jjS83CUtN63^G_;j30>JLllHghmmk78RUk6 zO*SwYRY}mH<3n3QIMI!O{^wODh-2f{L?pByLK$i?heOzNfJV~Jzc%ZKHXb7V zyOY%CUQ-j0y|hyY#hP$ZZQNU%E9wdZz5}YXClaZUrIXSb@kc^9ZXV| z*GAG3Mhpc_s4b9n0H$9T^QI%a)Tq~q5&!N;>1Am`<;P!Fi^T>-5xVB$;yC8>Sa@0- zVo91bq7U%&KOb5qBpF?HAYHy1`b6t`6?DJuGw5>ky{Y>}%9ZRZM|YTQAKri?kxAir zQxv=T&3NcKxYE%h&<397&8C)*HqOpGqcsrIdlZ_@kgM{QmZu88f-Gck4uweFZk1(S zhDdaU9^uyZk!1tBqGzSaE;-hj$-V)Q+UCWR>%PWs`O|%h-{PFO4ncK$ZbrUSHRl*l zsbC&p!ue|AvKe#A{GLhJtUBU3hV-X$b@cVDvrb|Apam_+tbG56SS+Z?e5zG8pFd?j zcs#CGaa9OB6G>y*Uh&;MrV)-GO3GiN6w>_}lU(5a4e;IS&rdZALYVjZKJtaov_I4= zLdSBeyO|-(fAxGfn{jRP2cc$@qu0iBuJ+a;DPPj`b{SOnD5@MFQFJ#LINQtWM>p#G zmpOW3X;0tk!;G<`#7-sThtB!sDT;{X`54Hj}+9<_S@4X*u;Q7_}1eOn`1hifkb-J_Ba*II#}yr8~l6fHv0R_&wKPK zM`RpOEX^E?ty~x=zJ9_?I((RTUW9+PI0CBcTX#J(dO2_(Lsn|)wzd~saWmx2VXH6a zB;Do!=b}`n=h>qz8%dB-|EP!@_5~;MbEa^>1B#D$ z(;BUup<6JUn?Pxc@wa}OAIYkWg?kQmE$HHtP0G)`s`PTOET!)RlOAPFkpI=0N-4Y4 zD-cBIJ0?+m0~Dx_Kecn5x@dE`=rg=Jp8W>sXzKdF;c_wh<5zGYJ^iQi*M}NmDFo88 zADj?#$jGwHKBSnt@r(QZ-3kS}i=BT+SL&PYT?`dV51(R4gTbo+$UMfgm&l{}A!2hLX z$S0IWy&}u;oO_az5;37*nm&a3c#}IMe0)`b!xtmd=#zewS#>?krqgMwFkP5ctC;yQ zrbhZ2f~B@5TFK_;oIx0?)$#Q2Gw7e0e`d2b->4`Vq_{i3nOXpP z@l4nZVZFJUzz+w}nbn~SC?}yz(8n^Ki^I9u*OTO1X(_%@YZIb9gvvmkvCkZoMvIma zMiW?%NyRH!|A7V}6?n*tgr*|_UhnWRD3HjNEBck5S{cI47eb{*zgN`zg0-Tvy$I*9 zL%JT-7yy7{LNj4Dh=8Vdq2}IZu&QS|H9Cwo@ct+xcv0yHXZcgSl)Cv7lCcL}R1^=I z%N|8wxquF}L|`|cEPHdTJI+1zS(|!2%cNKA7u)jer~xxSOJ+s;yVGMM;Zt3syRl47 z5OV+h4;@_6xI%h)bsN#K&$*` zAo*#q=)2}U!FdFei=FLi@3h3eGeT@9uEpuFz`64D?!i)v^WS^z8=Xa_Y%gYCC{Dep zSaUap!pQMV{|&vOzlKvbf$ZvNAM%R#`6nY^zXv2Y2RrBDYp^|g@;u{_jR?^pgSzG9 zICgdzn6+8K!{8_lxF%+giCRvyY;T|*(`%OYk_oF;>=N$00El?P3wlC3iSa#RW=xwS z`Dat!ROscxh|~X*Zdl_4*b0i+Ckedm#%Au#wA@~eq6Boy_QPsl&+nmwXEQh*W6U=S zsFCl3j;&w0K7=8qNMwXC^y{6LzN(@tFi{TTjd^pD1Qmf1STukzOUXyE94DE%TYXGv;&|i#0n~?Hg{#+v86Pp zfrfQ5G}v}x_^u+Y0%~o4TzCZ8M1d9a6Qui9$R5Kk>}w;@qZ3l*u~V34CX^J5B8Ztg zxVWYzi#c2{iIE;N8YCqWkiaacqMRci_nd(*4=DkqbOxmeRtY3}f{leztHleJHxNRN z=0M5oE>(vRYn1aLglb_F!Mf{R!Yo<1hXjERF*G14#8IMscAqS@3DS}w4&BJx#Yie3 z!Wxwsk;q_|fP~!7im&mwV|NEIY)9^#5C?%bVW$CSSv!kwGg&~#87$h^?_=jR;R5KG zEXrhb#CHV)LwjLE)0b4;DCHtJj(YvfWqIhv!y6#RnDD6Q>NCQ^Rr}e6(e(IXu%x3_ zV6vszxH}7RP~a|kBP5awfGpsmQ4s*t5&#M%7h7!!>X3M1V$!4OEwJ3ZKUs>C*I51V zsFtXV#M~SCo!Qx$I!*7ejB!5uQ|$ zggk-8s?5V8duSn-ShaIY;U2#ufzn#2J@?okduk-Me_1zdT#6r1fe|CH**e#L^l?2l zp4*PwIFO2JrEVg*UBw<5y(m0E{!BMU6$`F(QUU;uQrbQZw$w2WB$6C%P*eAdU_dH_ z1S|5Q=s9WNS%Tqwr$n}DPZpS8enjEz*AQfIy?b|e;Y)3vpS$6go!RIBe5pvD2P5^p zqmbzj_%V&38xlrl4oQBLqYLMLf#_q&J!-I#lsz%JmW~`z7S-&X zuht-X;q${m#F@MjNEY0Wtcx~3GQ`P((dmFl*g(ci#=<~ye2_p07qIpbuvr}=Wx$ih z0z$~Me>a&hpkwx&mRJ*qZx&7$z^Qd?f_q>O{;D1O% z(&~q9q3zRLy55J|!V-`L66GY&Bkh)eYs0rKCPdU0ko{_(wF?8cH^UbB>yqirRwqlq zo|32^nYYBvBlTnJ&yIG??z6EnBZVpHu5C731FK+%Bm9rY?+0*Uabr*Mhnz&YzcVvl zF;HJy?J~1enOfW-1|e&%jSzTVAbPWVF3jHV1>Se~`LN#;2SFYsmmT=O$3Of^6zF0Wb6$&dEC&ojNjv7(PEIi6WSEK9F7MA&tk*2LFpD^Ho= zlAM3~0jL0q4rRv2pQ~7QK&al28Lv>~z)i^#ETBC3PlSCK;HDN(8L{vP?&KZViQC7W zA&hb3Etc)X2`%}JNK|UZlu@Fl=Z zA*76^4y~nKy3rJ=ijJpZQh-(v?TYH^70mK@j1+AhY96Lm}G*ZojR# zY_^>z>}#hDAYv9Gn5Q`Ln zR21%`BJp$^f;```{whG(_`8+?2!9VQH+kNLW#ZRgbu+1e@p~ z>6S0f`$`B4HD+E!(4Anzji(XN9$evmM z-8*Nhh(pxm0#s8fIEVlw+GWX^9Kl3bgD!jGou+=b-D;c_;Y== zpANz_Zg8r+GRY|f;DV=Ho=Jz#q7jnu+#w|Bm8H_=5sx8+vSRaza_7E`Y|iOl-|FRf zAH>`Z2*{&{T#*KF58z0ljD~=LPO`+#u@Zbpr7(U?7Db;UCJc*t|K_3v}Vk22=n)QjKcsT#MVs9Ps5vU!oAY4WN&}$=s^WxUoVfoUE8Z zNWfpe5Xal?Cis#SNOYKLM6rXMrV?EaY8wTS>?4o!9h3spBBG%#*Zl1B1RxW@ z6atE5<#dCBiDPu1>(|4`QE8&`#Xek#oxNx^dHwo)RWQ6FX*8t48B;iF2oGS3ELXnl za9nf-6~M3od$nV~YYz9jAR>pj7{laU-gee+>GZwtsuAXiucg(c;71$)CmZ`up1@v= zDE;L_%bZ8_8MF#Co`$L3D0&g|Y!)Zc%uYM4k_p9Z*ci_c`#fSIdZCawikG)K)2ZO= zXn4$0=zO2oB90-$Co=0bL#=af)M@AV@ei;9^1za!1apr{Jjgg~*_O)UcirZ2-VXYJ z)kCsg*VYacCymi1(vWWg3sw%x0WJdkvjWofu-IP9(0#o6%@UEX*y>5bxkxZ4s|_nCp3k!s2~6Ys1PhzZR*M;R_;a{jiRC23ZC9-1&V`p z^4yXX-7o1X;`ME8oL#@DWy=MKC*Bq5tmE|0eWV1_-9=NuWMf8R!F<5|%;H7HII(F1 z#zK|E4b1|+{61IL6@HgXyIFBa6mi9L{G^4~7@98yoX{*@xPjP8w=?_3I;Q&?7fGIf zHZLi+8d^e#?~}tTVG=l!QVv_`_M@r?cvuE%C4iW`sKQ->rFjJb^eB+{8-`C(oBLDS zw`n#_BO@VYYH*#f$|H4T!vP$54A@MW+ZVd6rJJiJ<%$)@$G%pKbu)MRzGcufIRj04$naPl_ApK;MBMhMcDI0f5fc?T}5ZUEg>G>eaRqJ)#`{!#9UaOTt6M!u70Zxj z)ZFd+w<&fKDY(A@5*ibV6tDwIlo-JSESv*#Pd%bn*-(K0S83N7)zsFsPeMXRLTI5$ zfP^9)5d#Q@-b8x6ij;sNAXOAWNkV`Cq4x_YNEMMTpny~fAk9Ws!2qJDbSWZ!x$V98 zUGGZ?hOt4@e5@uvF}g9Qp?&ieS4KA4@L0%3;b})zmDCfzJjS7yxRE+$m)H(# zO~ZY_gde$&5u|B$EuXj#@VM6`--Jw>xaZZX_LpUnSYYcz=2x6?5m(4^lvUa=)TTt~ z{&2jNU!I#YG1bKugs1h7NWQ z-Fqcs{Jx0e8N81%tmAC4Vt7j?rVlftBy)CN>0=dYdO@iyT~-%;n-F^E*-)eP=WgDJ zm_7(k{Hk={5yMYFMED}appZipe}k0!W{h(AlL3rg3MO$};Wlg68tlh@ z!*2oV{~1YU*XK;q}RNP z;ZkHiZDlHOefzUhv*2c*QwNgV)~#R}oItv!>#B(KS9qFvTUE z92B3^Jc`p3=fmk%4&J@=ZnY=5#*<2&sPmfj8AXQk9|Gd5#IG(N{I7LfP_}*1ucGSD z8c)$TTv<1h+nP&rlVN0>_Nb!wCO+6)Y1vfTzHqk z2+iPP37=<=AuE)t&&9K!SXt7;`kEYu$>cMNU6)&)W*E#4W3EvYb*ezu#l!(=ogcrM z{CEAX|89c)gzKZP)DD$arZ3_&?(N!IB4hHgYO29&I8V*@Uk^_osdu}SKPMHu#p#E* z>IzylK$tS$UbygW@FM|iqEF3atk|jyH(DF8LRbbJjSUx8Vn6YD_V?duQ>OmkjI86v zAB`S2y<8?TdKlnj!6rpL>Ogy9%t-?vg5Q#~+mt)e8WC>TIam9(y9h_9)1b6*(2@B` z@H3`v{TN2+7Yo-SR3jf;XVT->!QDjWW7v7L-dt!45jp-rZO%n|DDAY^58S-w`Z;Vm z?c10lg1LW^Hpi>`Zkk5^m`|yVG>w<8jbt>J}z1X+X#oeL!xp*sIP{QRobs|Q?Q!y&; zwerHi)#H1{uRuJ7=ZMC3xpe|&rL9+_JfmY|DylWulHjQh#Z!vJ()eQ%fRnZ~Jk4;K zgs=({B*RuORV8DufnwY}28m^yIo5D7bxAw53eQ{6u#}T<*~Lq89&%_^E4&e`ce$&y zQMo$zm_fSF$fp<1J2qNnx zG?*(2(Nd6M8Y#Ea|E23#iBCH6EDYiS>=8zn<`X~q1y8{knqbHkiLavPd!19f?utH* zbb>T<@^ZHgwXYTHur1uFBC@TiCT*B8k`?!Q8Hl(8jxkT3`>yOvkR);1h8UwfIDFdA2&5cFwMu>?w0R(I5SvmW)jltRzP>s&2s-$(Y zEMu7Mg3D*S&Y28A5)GIMg*_b4_;F50*JD`^$;B7L+;BWIiYQc#nxl)GGVUp%5y*Po zmj2p=S1z3;5SbQ0Vc}oGmVbSVsj9v{Y$46c9P>5&SFl0Zck;2}g}Fj_KSa7D8{Nl^ z_FE{O#N^@TrVB%OVzhuWy$BzoyLnq~3>(VrZizFkc^jx@2LcixY=W8r+d{gmb&|$d z_d2%z_S{zoIc9$I{!iWVtYONKXLWClhtG*iJSUhe64V5ttg=0(L(NjO^(x!dVg}-1g z?>C8Q&lVMR8BLss{&35yuf6yW{ntRdIv@5fx31>WpK5yd&2^V+OTIqSm_HD)e=cCC zb@6JvzBLFfY=)?(v%hl~Z@B zgJd7{yL+=~IQ3pxg_V(6e&L_*fOIahIX~w{8Bcl+QPZ)oj2jd_zbF-!O0!deMFU8v(1b1^FxidjENGVY*y*fo|Lc97DU=$V;2!gt~8 z#mE&}GJL7+AKcqEQ&Bs3(sZvzg-|YoP_2+G>enmMCergAkrpttqna>HB|$7YvF(XQ z#PQE~5&=!#q}+My^u}+vjt?SMa#jf&*76&3*5mmq#I@k0I&;r!gGxsFN|L#{-9t{)(~A*qAT;3Aiw}Tj=>eTXFt%lj_ge z9+BAH!9?FsNkq-}FHE5W(se`24!bQ)vyJ!DgGNgB@kTOf7|Q8S$z0wk&qFxWcZ8T3 zM001m#<{TF2ua~q7Qe4A`|aKIvAICNzRaKq z+HzYih>hLR@o-+3ow(Yp*6Rq1NyT)5e%o&60#AC{T2ME$>!MEayXxF~BiTUE{iK`6 zO{U8;pv={hwVX^FnYj!*R~w`6EI`vFW(HV_XXwete;Uis-gpCpyw{qbOHi|3t`LNEjX>q%ruo!dpx+4AsSP0#N} z$-z1L>83nRd$E8@3$PL^P6_xL?q-|0SXm^uFnlP@T9<7)Y=oI~(F@JfMf26cqQT5_ z)6opQ?b$EbqfO&;ub{W&|CMs~^c-BCMzUx=-TiRU0$u8PahACbprD9(56JoxpSTrNJ>h>-)h@qR41N?%*a&w1}!pnYdi%a7_8o%td;o5Cbs? zK1IK!#1#tw-2h4jB|Y=Qt zF<@X;_r8q88tbP!C{I%_)81C2ca?;4N`19p<;U5yK^B+$A6Up;UdoOwgWTfgru0BH zfXrHJa(x`i`jkx2H^Xu>juJ|hGgDOvY^gWALC3WQ85i?Osk!YnJGZ>7kUZjMY(R(< zrmQtiv4~%Yj|UpJoRdSdqf5{4{8Ep*2ajAGmtOp_bczgcNbk}%dZV&h#f>)RlDBY7 zTX#h#Vdsff(1b0Uf3w1;Ds=k~KnnG0ICfnKxTL5!3*G#9&hr}-HpnL7V$bq^5ewsi z1jf9}{*!d4+*%H%9X6Bacj>{GHK@?j=EK}mk76N$_dR45vh~f*%;haw=^*9F%VY*; za^XkYTVXxr(i1Lct_9oq?qyh8{F*L;9n<;W&Fw^-Sc0&TO{e)^-@)wWibX;}!q;u- z0&?r>;e2SIhDbg!+-XSpC9anO?`eqSb&40_akairy>FM*@z#T>6~=dG2xT8 z9Ysza70u1m$4+{|qFjAq_fJZzI2;m{LzI5l9fWx_F!Hrlu{>*q7wT{55Vz37D~)_C zb(29#2UIna-eb>0Degp*I$mn7*(LT6@mktgXAMoAAK^ZI>8q}o^teF@9|g+HrR;Ec z3M_Q%f~Kb`JBz~0H}xh;LJ1mWEJgv$mFyVgjAN2m)b81y zBhM(-a+P{7C3kclu>UxihsHD_AUxWaBF|t1*~Fhe>TjbvVy zbEAloY4Eugs6Tt-31PXps%@taCzaw(KpaE~@q|6a@#don$MIv2q9wku>?NE1$7NR$ zyal1zT=Zbojzlc+zwDJJy{-SGr{qF=mkl3--ZubA71-cu|`I>wFwP!OX?Q24^mz-szCsV5c@xA(L* z{%xqV5R+n%ZRkB)GFE5-nycl)_9yjaNz0RpbP1^7#xDzgdl5UuzNoa9$3&El@7ZIM zkFnoBg&-8X0_{_Q&eEnIx0=OYC^rBRTk|J%79d=6U2TUyW5w)P1UE6<)R(>u*!Z6iR%W>SSjx z?h?snbr= z&7OGhvWa8zOJSCN(m<^G+~eKphzWZ2jB8|hZP+N%T}Vzj(}gfSaR?H|#S==SB@e><9L^Q==Jdr4`zZ%Q z@+&v9m{Ll*UF1$v{B0Qv&)FjguugWq6nk3=go{f-?3R&>30|fCw!jtKBN+TKE6c^C zs5zbawldATHgXm^snUkz+i7R#4OHYaT-*yx5$f+JXFj^t;`t`n2>v&XlQQK7#2xIv z8t!_k_z};*lrB7jeZ@OFo$0Nhd;c6zM$BuIeD1NOi)~$}wS$at0_i&GS%}Ekj9O_3 zJ@BV>@+V;SV}HD?T~X9!AW_DaRIp~=Crc^MQIRcrmmP)L)+Alorn{XbCEqAB)N4Y$ z@CSZ){uHfNj>mgSw^=)C40De{a3CYLiyuV$9?fzT%9?6I-JNa+jKg>Ws940oc1CAN zy-oZjeI~dEiRt0R72tkpg_ed@8y-;J(d<%53yy}JX}}Tgktti~ zNyHeFdVJ-*pTI5p>2F4zsHc6>c{~0-qiHgX1P%7&&IjpEGqTaj&yMHumQ@7 z*Tmk+%rOh)rw8(NN$?X~c>n-2q6)M)BMZehPz_JSL9zYdrwL4WR?c~X`%`=z95n}% zf5gNnQ(iTGiajcu-?jLDFb3Q;5_SlixsL1QvebOb_%B88>)C7jc6=z-%D%L}*H?@2 zdpejKfa=uo42>52!h(k;LGSB?_cN`&zFUgQ8M<3lE5~7F2d{<{9;@_uzL_?WsvDnC z4+92LBzh1x(PB;b3vpdAY<$vN5snVU2bX@DSt3%Es+qo$(Ae^hN!UD@c3V^@# zIkd+mWrn1M%W{0Br@)35s43Xp`oox_le3Ygk%&wcA+HK{ay?ue;590MA10t@KhWC* z!37LEKE=tL4K03sNM)Yc*dKI%$Vs2_kmeWxyX-5sIQgfKI8U zFuF}P^?p^aEn7co=?+>+j=w?>Nl86Yj3G+$j`x6?UF*R3IM{s;{AG%CHlUtpgMGgM zjzBOm!!Yk*I>ZQ9i*GHJz!{{qeT&4I!kjuc6Z_sYduBb;apoY9CVTjNEx0H9X}ujG zRx8YXFv}p!Zamb-)Y*BSOH(`j4~B#(QxepcUgfL_z0?%uW74w_uQW{HxURx4JqHMW zp_`3#CiP9qY`AOq7@SOfiIpn*7=Kky?DPLn59%+=n