From 61bfd5a158fda6cce0f3d013033ebdf2f51fcff6 Mon Sep 17 00:00:00 2001 From: Lorenzo Fontana Date: Fri, 23 Oct 2020 17:07:54 +0200 Subject: [PATCH] update(proposals): proposal for moving the drivers to S3 Reviewed-by: Spencer Krum Reviewed-by: Leonardo Grasso Reviewed-by: Leonardo Di Donato Signed-off-by: Lorenzo Fontana --- proposals/20201025-drivers-storage-s3.md | 133 ++++++++++++++++++ .../20201025-drivers-storage-s3_downloads.png | Bin 0 -> 43987 bytes 2 files changed, 133 insertions(+) create mode 100644 proposals/20201025-drivers-storage-s3.md create mode 100644 proposals/20201025-drivers-storage-s3_downloads.png diff --git a/proposals/20201025-drivers-storage-s3.md b/proposals/20201025-drivers-storage-s3.md new file mode 100644 index 00000000..0a457872 --- /dev/null +++ b/proposals/20201025-drivers-storage-s3.md @@ -0,0 +1,133 @@ +# Falco Drivers Storage S3 + +## Introduction + +In the past days, as many people probably noticed, Bintray started rate-limiting our users, effectively preventing them from downloading any kernel module, rpm/deb package or any pre-built dependency we host there. + +This does not only interrupt the workflow of our users but also the workflow of the contributors, since without bintray most of our container images and CMake files can’t download the dependencies we mirror. + +### What is the cause? + +We had a spike in adoption apparently, either a user with many nodes or an increased number of users. We don’t know this detail specifically yet because bintray does not give us very fine-grained statistics on this. + +This is the 30-days history: + +![A spike on driver downloads the last ten days](20201025-drivers-storage-s3_downloads.png) + +As you can see, we can only see that they downloaded the latest kernel module driver version, however we can’t see if: + +* It’s a single source or many different users + +* What is the kernel/OS they are using + +### What do we host on Bintray? + +* RPM packages: high traffic but very manageable ~90k downloads a month + +* Deb packages:low traffic ~5k downloads a month + +* Pre-built image Dependencies: low traffic, will eventually disappear in the future + +* Kernel modules: very high traffic, 700k downloads in 10 days, this is what is causing the current problems. They are primarily used by users of our container images. + +* eBPF probes: low traffic ~5k downloads a month + +### Motivations to go to S3 instead of Bintray for the Drivers + +Bintray does an excellent service at building the rpm/deb structures for us, however we also use them for S3-like storage for the drivers. We have ten thousand files hosted there and the combinations are infinite. + + +Before today, we had many issues with storage even without the spike in users we are seeing since the last ten days. + +## Context on AWS + +Amazon AWS, recently gave credits to the Falco project to operate some parts of the infrastructure on AWS. The CNCF is providing a sub-account we are already using for the migration of the other pieces (like Prow). + +## Interactions with other teams and the CNCF + +* The setup on the AWS account side already done, this is all technical work. + +* We need to open a CNCF service account ticket for the download.falco.org subdomain to point to the S3 bucket we want to use + +## The Plan + +We want to propose to move the drivers and the container dependencies to S3. + +#### Moving means: + +* We create a public S3 bucket with[ stats enabled](https://docs.aws.amazon.com/AmazonS3/latest/dev/analytics-storage-class.html) + +* We attach the bucket to a cloudfront distribution behind the download.falco.org subdomain + +* We move the current content keeping the same web server directory structure + +* We change the Falco Dockerfiles and driver loader script accordingly + +* We update test-infra to push the drivers to S3 + +* Once we have the drivers in S3, we can ask bintray to relax the limits for this month so that our users are able to download the other packages we keep there. Otherwise they will have to wait until November 1st. We only want to do that after the moving because otherwise we will hit the limits pretty quickly. + +#### The repositories we want to move are: + +* [https://bintray.com/falcosecurity/driver](https://bintray.com/falcosecurity/driver) will become https://download.falco.org/driver + +* [https://bintray.com/falcosecurity/dependencies](https://bintray.com/falcosecurity/dependencies) will become https://download.falco.org/dependencies + +#### Changes in Falco + +* [Search for bintray ](https://github.com/falcosecurity/falco/search?p=2&q=bintray)on the Falco repo and replace the URL for the CMake and Docker files. + +* It’s very important to change the DRIVERS_REPO environment variable [here](https://github.com/falcosecurity/falco/blob/0a33f555eb8e019806b46fea8b80a6302a935421/CMakeLists.txt#L86) - this is what updates the falco-driver-loader scripts that the users and container images use to fetch the module + +#### Changes in Test Infra + +* We need to use the S3 cli instead of jfrog cli to upload to the s3 bucket after building [here](https://github.com/falcosecurity/test-infra/blob/master/.circleci/config.yml) + +* We can probably remove jfrog from that repo since it only deals with drivers and drivers are being put on S3 now + +* Instructions on how to setup the S3 directory structure [here](https://falco.org/docs/installation/#install-driver) + + * `/$driver_version$/falco_$target$_$kernelrelease$_$kernelversion$.[ko|o]` + +#### Changes to Falco website + +* Changes should not be necessary, we are not updating the way people install Falco but only the driver. The driver is managed by a script we can change. + +## Mitigation and next steps for the users + +* **The average users should be good to go now, Bintray raised our limits and we have some room to do this without requiring manual steps on your end** + +* **Users that can’t wait for us to have the S3 setup done: **can setup an S3 as driver repo themselves, push the drivers they need to it after compiling them (they can use [Driverkit](https://github.com/falcosecurity/driverkit) for that) Instructions on how to setup the S3 directory structure [here](https://falco.org/docs/installation/#install-driver). + +* **Users that can’t wait but don’t want to setup a webserver themselves**: the falco-driver-loader script can also compile the module for you. Make sure to install the kernel-headers on your nodes. + +* **Users that can wait** we will approve this document and act on the plan described here by providing the DRIVERS_REPO at [https://download.falco.org/driver](https://download.falco.org/driver) that then you can use + +### How to use an alternative DRIVERS_REPO ? + +**On bash:** + +export DRIVERS_REPO=https://your-url-here + +**Docker** + +Pass it as environment variable using the docker run flag -e - for example: + +docker run -e DRIVERS_REPO=[https://your-url-here](https://your-url-here) + +**Kubernetes** + +spec: + + containers: + + - env: + + - name: DRIVERS_REPO + + value: https://your-url-here + +## Release + +Next release is on December 1st, we want to rollout a hotfix 0.26.2 release that only contains the updated script before that date so that users don’t get confused and we can just tell them "update Falco" to get the thing working again. + diff --git a/proposals/20201025-drivers-storage-s3_downloads.png b/proposals/20201025-drivers-storage-s3_downloads.png new file mode 100644 index 0000000000000000000000000000000000000000..db8c8fe3f5d5effd670d1bacb3a1457587cbd362 GIT binary patch literal 43987 zcmeFZ2Ut_>wl0blv7uN{5fA}Us)B%Y6)6D$={+b_dJ_-=L_|gDgeF}n(us5egkquh z4haFI2S^YIfk5DV@n7riyU*SG?6vm2=bZcOdwF~wsdLWn`^I?381Hz;{P09w>D2Kn z$LZ+kPC=9(Y0=RgrqaW!1D%)97d;k6sih+0Xh|ZJqzYiXCJ7*C0h`j%-p5l>=u3A?(|897_n328Rt4>5}eUwu0N1aZNSl&rMKQgFp0{6D{BT^+d-OH)e5Iif;T3>_!&_h44s% z8QC!o*$m88Y*dWyT;}*|cOHVJke`}0GoFK^%x$9l9^NP3pV*p_+I+E6&$ASz%H&ia zRaN>OLwY8&Zy@}$$n1&`E)%`rIi%Uk?iR+u>>!+9Q)39BQF&J<0h!Eqv{JCn`hUZ#>XnY zv$voT4m=mp90zJ_K9O^Ek+L!5f-)i=DUDm>=|qJkm4i&&yH7xSHafr9 z3EzAN_FsoQ?_jbzor$?|L9I}#O55wteL~M>-y%0TtLzLSwnUhMv00Gx&;>{(~Pa(7O3(&CIp$8r6@U4Yb(=>LKL~P+!bH9)r=p83X--o;$X1?g_x}0Em52m zo`3#6B;^a1&paO?q*evl8}Bpn`ihiCtoG-dok)OjCx&a(aeB1(1(4~*SVw$}o7f9b z`h@tEe1xIiGC$&K&B};J;lnu`dR*;im_4_0dwO4m^+ef%>^ME`;|`aCARuxZa$?B=6dCOwxZYVh2izfA42AF zE-SAmEQbnvsPc1A5=L1r(JKT?X!kaGYe~C$!-%VqJFy2s=)@R4cRoV<*0s>ycvw8q z#PM%mp8W4ogT?AE-=|ahr#<KQw}i)A%B+Z-Wc>S5ZZE(42qRWahbL*gXgtC^A|-KW&D~jEUS3ac z=-1DX_V)JKy>x{TF=rhAO1@qpVg%(f^$m~5_q+F$7Z=~*ft3 zx*I3Ol?B(p|&EeX1D0>)xjZDcDeD!yc9{`mP*S5L2vw-AcgEQ*>{(JW)UCL&5)snWo0iG`?7e{y{z~5sI9H7 zXVvv(Z3!2$@$u=$j~_1x2@45{ej?!I=I+kj)0HA6E-PDCSlB6xX=n&%l@b;fw$#lk z-G~V*Azu>ySGOZi!0QEW$!tvq+7A_6z7&P3tgC~*_5sFeW;Ou~3Fk*Pg)#DQ2_A)K z5A!Bs`8-#~tkU{93{UMmlwtGU*xlVt5V29Ab8>c`K*PM0l!6?aRxp*YgYjd1&B0a~ z4u0>#|L&Y8rO30;sOac(=gx^(G=={7@niDpB^gNQ=;-L?&^ZNw-~pKV7s_I7bv+H0 zzWsfDTo`uA7cH{#_r1MQ0}s|*+}+oKsbs?S^x`@$t=TuoKOl&TXt^OzMiH;Nw{pj0 zU7K0geld8t)eok4;cT6Q7Z$VA^dj6Av*K}X?E>rb-Ie5f=W3~S3P+5IFp2qh%@=Vy z=9`GYK%3H$WtkrDPBZ3>jnpU6Hs<=>-T4(2$q!acW$uIw?N9vZU|~1g=!vNfF5Gco zJx%i2zb!$AXuR(}=svu>)t!&gum+C!>$*&I+8MSKRhJzDWzm2~0Dd;*SeKMS@U|SDiXgZ1^f`O;PEU#J$2edeiRa%2;aWsx(K+uF>0l3Y_YX=MqzhLH(G)llbx-< zjD>y8s1eW4(c7#r#%OFwJFL};b~jxNZ^B|Gh*BOY zczcNv0q@1wAALz|W?ULMg_vUlJ}u(KW$!28Z=Y$FNCKto9>sTH&U@OEAJhfV-P0TTI1GPD3kF2BE zC72>-0QwMXh;{ZwsJZkIK}2l*>bDbvCOexeJL_rt{OwVD!i2&5Lj3$O<*~Jeb79Nn znWCj4E6hJal40ETvgamNN4`~$7j`+HuP_NBYj%^hzioQIXn|#~W);v7$LYx=obFx*YZaD8smV@fFc{y*B9e>1`E)!1H^!g%z@C&B)Hnsa~F}yixL!36ZQ- z%Y4I|-KVlXzkArNh1_}Ad8PPgaCXQJyTCGWi7Zq3W&hVU)Vn8NxBK!kXaBxeVc0L{J z+NIIQ-j0Ol4oL}`95TezG99+!N})0Rn{-tpIW1^n-HwyFxw(f&xuxo8MA%ntj+%0g z_@_^Sp)j3YDSVLLjh2_l5RsFsFDQ8IxuvSAnstzJqWY`~$BaY?@{K~w*=s5w1K<=V z2ScK7KwjyP0dn!}z|m;5sHiByU)%|MGb}bXc8J+mRkeNV_q2YI$>{jFsg~CD@qt-l zfdh&>sBh-C*2*(Tt*w>zK)kEX5v*Aj_NaI_17#?~?;bW>9`~96d4a>=eo+kpL4F(1 z@XQ8+T0`2U-G25EBxq0Sm4-nOdUdq4T?tF_{BM^Q4frA5Ecjm29^E%WZb%M+#?E} zGDj5%6pis)+ASxc{czMm)5c~~&fBM%^h$0>aC>YHJpoym$C{%NrLED|m-wfq zo*>DE1LbR2$n>{ZW40vE-9uL(k4oO8z!+5|5d$17H$SVc#S&b!QaR>vV`3Ah5^y77 zfe#d}FL_0WM_h$aCR8?@o>w$$8UxGWvPsbN6Mh2kArlCV8I5Y=bu1!ikwdC=&Tq+` z!5M}*6Z0(Ma2E!MD7Dhko9wYIx#MdE^OHI~#(p#T^9)o0sx;+>e94)`@6b6>kFB&S<#UZEQf{{bo4Ys2d*JV7y+B*UR5z)Eb^l_ zKCQU3^t$Q0hq=iV=ETsL@u6?CxPo+}%Omt-)ip4RWy^|_UA&_A0iy_VoFk6Y813IK z>unJg!Cw0yZf!@|t1qSo-cBxn7?gJpvLH z*QJ_P&Isx2(~tLa4cw83Yx#<*9zrE}JTLD;vE=%FKf|m5P?OK6!Zx@V&?N?_ejLup zbZTO6vvN)A>anXXb%g4r7jSQ46&VL3rS<0Ijl<_fRJjVq#&ij>H=m&wS5RTuAGAzsl&J%%EW)sI%HS18XzA*53~^j<$= z&16a+_5J+4ond{ItL#+y&TOx|fB2bX*jui&!3X)gs9(d~r`U#NK)|Ia^$)}=a5J{+ zfdF?|x?#(*T6($yl|FU(AptFe;Va%uaz{rGZ|1k~dVB1CJ6EA|ozQlUv&gP&78ll8 zhirxg*3U{6mhATq21>Xro}SQPW;JzNgiZh?^rP0j!8c+tgEnbPneU{?1m_jR7SHr5 zj=6NO^#~Ilr+jOe75Y*8s;>bQ2Pp#BH-kaMlSkQRiNu~oL=}1OJ`rF%}Lp4pZ!sn<(NGX&{^1xbHv4*Ai7m&PSaTg z3y{a$mcKK~Ni(?-`?6Hm*Vkw3zsAK~+^#P#zO&JLq&0x|bt+TIjb47Wd0bJEAW8ng z*^SN9smWINH*uBD6GepfLn~wDs!V&dIv{O){IgtboYClT!$a0$DP2%iD83-5K_IA= z3d{i2sy(iirP1*~Jk-b5&JKV73Bm8z2Oh!dg>?3->u92%^RFKteDbcNys%ZS!tuMX z?O9sQVp2{fk$(RCsrK>q)R3`rY|s`6xKc>QmO7^SayB_<|jMnI<~ zs01%O?3=BvEi?4xXDEGZ_plipol4ETvRSV2vFru);?9N7N5f~KkViF1W2BYeUdIbi zmBouMCrA6Szk^y)jJ1h1WjUKqaw0Ew^|&Lsv_^l*^@wfN^-K_>>5}U!plZR9Fm_)@ zlt=%JXa96_1Q{n|n_CX|Cb2Q3!PDyOI=?hcu7}Y;Y)qs$KiW-Rh{KYAo@NgT$vY}1 zZ|k(Q#&5LW6C>>n_21FjOzFNV6J%ClKGoL9sGWr&LM4s1V`}XfI!;>6(AIh0t?O)yUN6z5*BC@n+l}@C$p^c5{0ZrBY)Iv8}BhGW2iC7+jj?ZK> zUE?55Mp=3+Y@tM{8W&g{eZPK!V||G+9@L$hFE#kAlw?>8zm(r zA3t7#{g74^&hy(_;Ns$1z~)1AMk}4uETgx!ww9NdCqrI>1QRpd@NF5s?(&!UrQEee zNLE$5&9?oXZf;+CQm)!^G6BX8TQ0t({bfN;9)aEY6(U3!uhEA}Fq`=n%SKtO&9v5U zcRCMv%*?#y8r7Z00hm(nE^9Vgx3=9}AK>Nonnw+Tz_=Ea?% zBe zFfY02-9<(_m~k_#OK=C8y{0yI4B{G?pJzO~$`!*J=2)UPl)qziWFGgW;q9lTLpBY2 zi=)~4+0wkQlN2YKUwftI~Rw)6Cd zd5I8bZXdp+<-yZk=*u2dxsP)9rg7>MUWnQdyPZMz4LybWHuSIG-}d6$>4|0)4aNg6 zeK+wJCoJ9uW~Fh9tY~Ci|5a8Y;3fodK+UVaUsjM>Gw6b!k7*^hRJiVToQgtAI$_29Mt!B zdj34}nw>_%f!Pb&?SUM978N~y+wTFt+FZFO+jUyO zkOZ?@FmY?;_V)HZ6yQ9i0@YoiQmJzL+ub0vaP4NWQ49wjRT# z$R_0RP^|`kV~tB}R=MzbUmAtTN8xT~Yl`=WQN4Q+9#`Cm;Z0)RM@ebxagLOw0pIqG z3^o9LC#^l|pTTQ7+!WoMoAL@l$-=f4@+0-_5-3O)ogoc$av zB`Lt>`!_2yA%BeVA#1hFY$fj8(S+i`^$W}>`6 z$U>AE8yQ&^78E}!A%l{WC&5%q33qGY?Ev?s2|&h79sH1)0_bulk$2#L4&&b2;Ly8>asFWA9KmB86JFF}63(8ps?o*7vJMyc6%PeMgL$HvB&BnI$50CO4qJ!b$|`$K@!$;(s}K&04F(wX&{A zcXUpsk}4zbmo46g#oz`x15He`3*9h#^w7=~$-7loa{26_p%I%`hUsqmgso!v;B8KY znAtT(vB zWho08AT3%1<(t*Q;}l8VS?C==o3tMqu*wm07`e8tVi((mkPFn{{c75c%FLVrAuBEu zZP6SK7zktQ7%r11Pp*+Q5@A+q1Cl2U-xqwai}w{gYgAzlaw+lg7txgC#cx*gi>mX` zGA}F>Q=uHNu!^L@h<Y>956rKv-j!jm3f8!XxH#}mb(H8WtLhd`3bH(kRG~hMJN&s`y%Xv9 zoLc`O!3Qz(#%$N|ffk{cQG1Z6IlgOIjb%%z=Q(@o^^-uFr+M-5V$oHUX>B4=>OW=7l|Pw!61Ph9Q=o)@s1lKq`qIOk55 z-Lo0Xtbr4x!Dy%(Mc3j)0RD9WfzkT3B-_1r1t#qs$CrbZ?C%H)=H-^KDnqey($#pc}z8&K02WuQ- zh>oMB-XC1w=JJI*Rr$oW+T#J&RWDunD6Kdza6v?WM)Co@|Y)@mxWqxRB&| zvh}pIv|{RE=`E>+F;;uK+mfCt7klQVhX=0KAJ5R%f`91YK$>0fy(YdzsX7$U|Fe+8 zWS@U2_u(I!n3z-g^0zs|2tK=dheENO(9t5$*iEV;$23-o_awLS$+YmI#?nuP%mrd| zciPZ4Do$u(P_7c3@cibxRG8A2C<&7Tbk>Rv1R0mf`?j{3jBqOrDD`D_wa{hKkHzd) z4zL-IV-UA3kn?Xaq~eq3tE#Fv*vvqppPO@UFXdW3$n;q?&}B09ZpZE0SpBSpA`jOuJJ3%w1S1OGaTx^qT}t4V zkwI5g892V~p6}O33*V^OD7EQ6eK~b~ZA~XJ))F%?aGvm{ZDz)D(2;;eMcLcGqA~aO z&+!AfYhszuDg|V#+Y@59ZnaJxEb1Mp^)4M1%vlalC79N} zEdK4xe8jlQ<=L~T$#ND)6%`eoPbs4IdT&$}_4V}foEpuluS(MT7f258h?fM^y#F2` z6=!(lP;-g)H`J5wZFI*e9s|3#(U6a-JPl>Lm1j>@ve21T2x=^j`nxQKHa7F$-ku;4 z1yYzWAQ_i%xAvnl$bIPR>A4Ls%(Uiu$`_u}$7!;Dz3B?syl*gnx}2an#yZ%7cKSt` zI!AA zu#AXB_3u5^yflT-w2f8F1hrpiBs1;CZ$AkKdS4{x_5$E z(8L$7qpy!)Z^)uhD4-JO@*v{S#)Oj-aE{?v{~@> zX7ZQ6n(hskAN*;=(^Xym>&KJUe|7O+CH-mn($P85su=L`|HWS*6nhb&8V#W4TIp}1 zLvI6<-n1<$^{4uj7YChYEzuAu2XV>psheAg-#6Pz%T^}CXz%s8QJzq1kcR7O7=p&S z-`KI~Hp-!fOG<1bulRrl57B=-WCw9iKn%Ns$K)OTgQQToeFJ`HF&% ziC_~V1Qi3Je_gZROG-O((5yK=`9 zqgAdM9_|kjJVuf&Z6jkKZ>*`V20>`9I}JHJ54r)mOBR!pje#W+c>^W)M<0(GT;>sm z*v)?USYu>lbo|5#Z7r<<7ZqjY$be#t=F`TNpnH&G*WzxOl-W{|bGpWhSfR1LGwU5c zulhw0P*1uSZwDHKbZ42yX&NA5hhr ziyeL)dNbE$hIE)N*^qYVXF16Dk6aIaia|ENagXQbij`>aOY{s)z#WFo9=<(%s63u*k5qwHJ4sZHq-z3$)8R0UZGo-LlBx7XJ#-5MKEXbV({uv+$xZ%903P zNJC`u)3l4%5;#nno;x|k=~$<6+!vNtQw#HZXJP5iWi&GX`z4oya#K!Gksds?0?QZm zIDNdh{GQ;A8;VRRXmV@IjT~iL&Ln;o!Hkx3H@p;HUVP-^Q!T2ig3wt?j*hl4Y|>6c1ZN+Dt@g=RkLSjq&N#nQbx z3xtpjGN2PMHfA&^2-|03DTwx!O`Ex@aSh$lRm7!e_W=Sy|38 z-u*Uns}Qa?Ex7u_ETSL>i4!n7d57Fq(Q)!7Xkl`<__PH>*7UXiQjuKIxOOQfF0So{ za!^~FN{X&tp^=rD)3uI;&X`~Aly(zLg=2JAwO{`iwawApy^0F4rO*=Dl5Hu^%+aiQk!X z$u)1J&)Pu^_e)BINw#kbAVx-scJbLAl*?~;V@~!?UdyxRp7AbIy8vRDT^^~QebD@N z9_I{n+Vy%P^l0Wr)F3SZiz&{{g(!yj@X7?Znx{3F?UjrHugnYV;KuMF?-^>`stdho zsIzKgNB1f!khb{`=b)`T_=a$?<4*K*3>|KB15~a&E^gyyI&;iNw+&8a_Z9YTNguvQ%?>D`A$T8XB`+1)=eteY? zY9bBGt7=u3n?`vY>stT&ZoGC!%G&V;2)vv(xULQQf;=6N)IAHc_2_X|Of6pXk)55L zOWe?lN<7|fr;IM8+OcMi$wU`4Ix&SS!G}`~ORc@tcLj_0b!KprLhmU8hN{XkE71b; zk-+Y|$BH8IK)c%zBWjqKS5I2Xc-Z$o(G^(pkf&Oz*G#HC*kv-`jux{#_Aq>8{7Y*Y{qoezNP$w~>PK${QW2 z9k21q?~etJQNU{XH2-u(x8FdYbeEDx71mx_{d)9@R!BMeedrQ$%%(fl(eW@{=tUa( zJZnb-Jhlsx<>26$;kMaea{=-nKcj}Z&LmxWOjf2&2G7mK(Hz;cb);;@TkVO)n9`CG z>429Oj%8ZS3tT4+4sD-tcQ!FGX<2#+d9B6DHG|1MqI_0|9`oDAHlK!eea)=*q@0m=)7QZfsYKN zB#Y%?XynJaa6p1R@hdI5@Naaj}%k$!V>L& z245IbRMQH^Uwej;6}UeST?!EOD=W;&Y3UnQN0xd(Nq$}1>+{BvV~f$6K~iMAdsoKU zwO6QELDgr^KKmsq05u@bO|QlEAWrsm9b=Bs$CWMph1LV}q6>i|_@3gruj@bovteQ< z(b)YOzxYCD=lcxqbLhEQpbg$36XV~uFKPBw#Ry8=udmMMM}cLM>5C$>>#3j#`_*Z@ zI+6!LN2hoV)P3Y0sb9klNCyNR=eNlR}GG5(dMj=Cn3?b?n7S+IObH<@hLC-@m88NKsACA8nOX zrnfWga`x%rUu#uhvx>y{Un4slvg&^EX%rK_gcQI}DevEplC{z|ML$k6zjgr1$}Au# zs3(w^cnACZchKd*z1!f?r+={DBOC7@cD*-*m5QP8X%%;LJVv|ZmY(Ecz-{`22nfWk z4KgoQ*AJ^p>N1a!4x5fBYU>9foE&-1t?6_})?+O^XiIsBDK>Ra=&fUWP%xo+)tqpu zGSwPY3F51$;^|A0-37*#>f(9x+-`)yVL`DLG~VRZO?RY2jM1kziZD{(BlXO^9E()R zeoS1=hO@nb>~}qx=^-qi*MJhk_V#w30;@pfo~I@R@_}cS)w$e-YWi#P1b_afOU6%j z>%X7R)}iTK3$xFgYT*>@~6lWXTqv}Od;vtcs{+sa6W2Wi2VpEX4S zN%!+d{`X3O7;FN0g){BRm9<@6kHKFp@gMpoTxbh>4vj(S?{Ag%=e^^aej*^SbuUl1 zWg=oQ+mn9(Q(5eoeO~ z6CN*K(#~uM9?oPc|t$vW@%~ZNC!g1D@q39*Gx_iHFIn$| z<%4J=iaadm_kNHv=yllxf4fF9%Zzok%yi07bNwBQz~1eQG4>l|idyrB@N&wvim*4& z1{)J$L0bDRT-Et*-Va&X=;=bw{Ov$If{e{h-Mm+^$bO?3+QoCluIO0JUK^z5t?Ds5 zaifFYE$pGEY%*t|9#E%MB)f4ga%{{$5|ZM+B=OsB5Rg5$@*)Jtcr%s?=InI!-|K2oG9~EA{;`cu#|`h$H7MVwRX`l>#D<1f zlI&WZiH`AUQ98H6QX6u+ru;iZxJWnub{6qxHiSOCt7&pm<^<0exH3evG-?ga+mn!x z81nS%a;&mPEXsSQe!}J>N6tGrl8zLocc9Zj^3s`(JRy3XlGF<7n{tg4k=L>%56=sF zq)d&L+60BXr;O=02GtB|5+f(L(btwycSFV)vF^us2M#Mm%|F~%d16_jXJ=dTPD>Iq09@0r zJaZD8buRbh@T7(v*JN%khsG~mn|JMEP0h`)hZpqTRUda|`XCd)_x%*_{gdkc}Fa484=-f4sDh=>AE-}(w;-H0KP7?x% zau@6nD_%-gL_=12fOvi}mjJ;!2a^Bo%FN71p3PPhl3TEfJop<^_-y9*H}1pm$>Goe zGMh|5mEfWm;K@MRjRBP%|C1wf7;$waBLaz@DWkgVqd|p3LIK>uVj4)Kfo$BP+MwPa z?I;MJ^fhID;_mJ~dpW9wN2KjWeo2nKnfGfqBuM#nqUSmiIG3CQ%V`e5~6?LR7eS`iku%)bp zeB)M1`%r6O+fb{EZm(uJ=5u_bX< z9*PtWl)r<6gTi~WpJy*?>aQR~b=u2jq4l;@t7V8)=A#l0;gBCs6I7dG>ntg|+w1cF zV6g5I!=L?pNRV-xd9Nax`e~g7$mCTXO&vBHS1MN;A?d4+379;50@57LeX-mXSSsgj zGUX6YbP(n^qymt1U%OpGXLM6`9f90@lQ@AS&;y}FzyYcWMwuzDDqY>uBL?>N5o=24 z!xHEXeCAN0arUpQuz^R{lPMo>Sb{B={lOrC-y0EQLhBxifgd9-yR@ zl$4`3w^D0SttDHlQHeaiA7~Wl6&P?_*4n?G^M#H3TT#7RpVJi6>l?17de_9o#qZp4 z1qa!mtr4#l>5$=HIN+I(1vpP?z`8n+F$jx@aEs&BB74{bKijVL^r*Q8`xFFi$yKaPCm5d<&SfC}S4x*5? zu`w~3!4;Ckw~@U6#K0mjBihIRjgiOyHCK4m-#EXH z-d$_|L$Te{1k)j3)RLA9vs=Je4RG$2LdAC;G6(1ya%mjeh_`fVeBjK?%*YOFDL@y} z(lEwY;}Jm@zqADAPrf`(5cXc1F|F~;Z2}))$i+4p@La(c_;B!jzd^wWbHC%BL|kEf zMtONTC`3W4k_6PH0=&FhVOlGIL^qsdajxY^+6A1Hf)hPm!#Hgdq>#fHmPiCb%fzIB zplVq{ma_i+>*oyaxx;w12W4Xs5QSP(Nqm;-b!;vj}xD*&@8Yin-Q>^J!! zC%JV%HI9D~tgQ+3q|g+6KC*s~GLWmyZJ?s6tsUKQ6JGbbiKWl+>C*;wS@I^Ctm>dw ziiDyiK{sH&l{UX5mL%=HR%Y7|Sg(ky64!gx*?cDI{PF^Sh;3_UH-Z2-JTTC5sI||| z-rlA&@d5~3%*^^`W=Kf`cjp$zvxwDrK~vsmS{H?#anh|pc`{g^Hn)p{CO3_F+cl%K zu2?zF1JccUz;f2ASnH~BO~>_+LAXkzmEVA$Epc(NH~MueZ=q?;(9q2z@RjmmFq1Qw z*4f!vaW0khNlv~BF=yK3N@~>^@ARpqWx(lQW;7Nrv$G@P z&Ipp*4st_1Jv~(>JKEc$j}@+EcJMtb$;(qYXrrnc@@7QTen@!-^a#N4)<7-bDnH8l zRZAL=ERpKg+W1O*N%ui|Bb-sDO6L!HW4hI)b2t~w^;>|=Fw#@hN`FKtE4w?$<|JbU z-PUH)(Yw#4D)U5BGm1+~G~>n{=#ZXyUZyK#t>k|BJ46t`vMd#*Wh*PL9OsF;ad?5b z`&>uV-dazRxO0WT6N;)!>|kVrkgW+~voVmK8qm#}`J%!}?EnYH156$}(M ztt9VL4mHbVKTdF)Y&b9|fc5SIO%>2c0u_dSN!H;O>JB+y&T6XUaV$?rNC@{YeCnxF zr`8tSlpZ46(gANvtX)?Jm6@cWeo1GV=AoiE4QJiSZR~ewJh4canlId%qj1?dL(8CI2V=zn2O|xEpdqQka?8lGK zQzSt*CNc5KU}qwXyHEgH`_i)kSm8iacO**xVai>j`U*+=A%4HB9whu=wP|{8A{ua8 z-=?BCl`MY(&){lQ8Hql9OjcH%g)$z5Q=?9f0BK@@)4%!(#50IO0lqw9f1Z;hS;Z+?*s2XM zCXDQ|%Zyhm!XjbZlcQ^yht*?w`uqFAC@I9tx%T(FH%*zDnIPx!KL4R{Wo3ndfdOPS z>p?!BCb2BfjJfFY*W;)G-@oya6%91t*IZP59;>UT%KG^Lz#v#?o0`f1H>28sP6EGn zdWpl^AJ%9WLve<_>ZGBbo=;L(1D{MPLTHk_yC_nXd-w6t9XA-X z2|`9?IY7V9W}4N{ts2*&qMj;kXqv>k74X{Kxyn&<(TJT7_w`v|aN^maeqI5A!m_e~ zp&ZtGF8A3K{IZAH?|q;YR^rx-)sN_(W|O{&Nv{}C;dKb>+`Es9E9|j((XP_A#+}~o z3HdarKZ9tFJ)&axtvp{2VBVd-TTP6p7s13&;3h*E@KQT1C^YqvtjEu%v0niF#zO|N zp6eqR^D_seAegE%H8n*T=@%Mt`)zn2xEJ*F^zchY5Lum4<%6LgKJ-rP0T_;x1N>#i z-bsJj);k&NAWZ80sXN4ap;9opxF}yRHRKM`KZMSp#+g=?yuc==cHki!$Dacoo`!}- zyhpSl6B83a%`8_y@vePZL-J=&XOsFee}4YBmA03 zb5oN_rGH_#7_B{{*t$4S`*O+YG^?*Fir9S_b7naDR&pk1v+qYrDGs7=heoaRfLjZ-5|quApHD zlmL5%HYud&v|UTk65{Ea>TYe_9viOP?2Yi>08;YeM8FH~?DGS)1)J?|C45KRej4az z9NPc9S|QXf;~M$&$&<-20%~HbNjy%_)aT~~ecuIn_B}r7PbdwBqqn~|m zH3*5CyRyX3%E}7Fg3a~oDa6{1KGpeT_bws$wyLc!l{Cyf+VtZ`=8+br%-?Byi)la< z<2HC5^v?_ac1KTeN0qkNTFQ@e8ZFeVt(T~@gairOJ}#8Dq2aBtN}Nyrn<)apNk$cL zijPe}k%z4Z#?>vk#Lv(TZYr0ldEFJH;dsxj)n^Rdj4~TffMWt^Ol74V*yI)3^)0Et znCoATTE#=4)N!Coi;D2gEH3_C+{_kzhA+xMa+idJ$L@f-sHe0R47l}`cr59m_B%wn zb5g-LN!n}|*g(;3vZ@(HOF`kSMQ7 zvt=pZoR*9y#=zKt4G?q?;rly)=hruJefz=~C~Ba`Xp3q%0&eDLXD3OzxeHJjwZPXpYOcIJ9qwqdvNgOPtVmg?__uI>9G+ts@$ub{8Bc9 zSnhQ2iM`XjYY_GtTl2K>ASCm{hYxP`B_&z}Insc(o0*oquI?aEo6=CAv|AQ4zrJV) z__0i5C#NDT7&^pQ<$?5kW+qoVJMT12lq|Ov6#;;fmg3_NFM`xI!KyD4;=?fm#qpnf zayL8Yqqa`REne$a=@JS*lZBC&P|TVc&%a(df~x%TWe(_6KhYAyWT0kNmQ0a@`vYAE zZS_ka69#)&!!-hSMc=0@Rc0q`e>)9~fPh}`OxIgx=oSze`Y&6s*DMv)SmOUkTlIbR zW`*EUM{vIDoonXzmI_MiD1%5@u-Oxop-S0}&y0@PDor^-RJ{0!L;uE3DH0S0ZeA&% z83gc4njg`Qb#JGBe+TSE{*^R;3Xtbe`fbwuHdlZaccF*F7VKY?Wm0@R4;eHc{c+y& zt^E3?9=bp+Qw9=ztRHzijWUqkB}2wafm{xBt@}Qvq);dJsS}7WnvDNTb~Za)*-gm# zqTih8hFrL zYv=Gk@cT05E$CXqOMjWnpChAF05&9H1qBg2U9tD60^w8$wms?Xf#AQa3moR(PIvAC zC;7VF`BQo`xUc`Yi*)c+c%bUt8oy#KTeA&y6XBz!nmC_}vP{@Zi(jH(XGMdL^0_%1 z{2Qybf);Z}jAjhyRttC!>=}G_BpGjd9D}d_9H;%Q=S)kl6374O;o54=XK**2K_m9g zAFqgleZNj#vwrrMv4RuOyhF2-_24L2Mr{-DiQvV_2BR(^i|QlF}j-+YQ!=5K_mpf?C_ znZ`ao6z2LZ1yly}L&9w5x4%pgphvnnZ8K>Gr|8W|z7kPg*gH zb>XQX1OnwML`{vRrOPt{GupIZ3r2UA3?Hha_xEVUPpO+=0K($4+X~_jsSY~C)h`WC!;i|APHIw>DOG9>xBEUH%5J{df(G&9-_NVjyx6>d5+*Pj;(3k!vFkw^_um7{`y^dVEP5@+Rw zIsY}(15}*`)_V_UFWuC1JNRh6W+Y5XQc`yBcSL+_?Dip!O_8+iP%eJsuJX7 zD4?bUDz8i{KuLn(4*KtE7qq`Tj*{M`Iq>HoHc6(JhsFUT1m1Y_9R#bL*CzyNJUaf% zKjy#UKId*c{wkjE55V7S9<9TdMw=xNRrrtnvrQL89{2|?`|m`U|NW@?U-iL87F*FC zNA}vbzq?^Ry6$SWpue~J{s%!Rn};k2ZHIRZZc4UP|)+@7RBt z?D8Kw%E5&ev}_tt9Mm?n1gFmGM)mbp* zT*1iw|JL4nM@5}2U7(HuM^Tv(0RaIOkt~uW4=NxaAfZ9BNX|;mD2OOgi4p__$w-nQ zp&J1~B4K zqy53fB$D8-a=ZeExut9ArEdRpOj{>_<>HHHcf#2egh|WgO{wCE_+?H1v6d#2mTl~? zKiWgQb$8{I>9pc@ixAGW(s>y@2%=vaehW2#cQBO(b08Xx(2@l_7d$%DZY9aBeXoh~oIU*bSmP8n?)nP4#nXz6r2XQZ+7&bu{ww^wI-krtQ^E4& zt;gDT_&Y6)jUpRux9sigfK!Aze#9~tE%4cMasU|bo-7U9v1&hHy8-5o*td$M)lqV4 zZOpdciaSjwtd^=pdZ4(1zCwEZmuAXypN`eS`y)R(!+V`Lf?XK;w)Nnb(>`jau%K@k zhH1~E+9aoG9KcO0b_&Kz!Cv4IFr6v6OMUqh6QL3|H2!1^*R;zmx-)&x2&aSei!Z@x zz#N>uxEtv)(MDrOllpxg7QcJL$ufN?see4@JVwx9)cx&lAN{E$$yX;w-C+=E3+qjU z86keNws-Iy89Y{=(ztIe0{vm?9T&@Q2_pJlqV41WC~Hqs^L#CAN)RiDpC{^qJJ0Ml z4*<@s^!6rJ67<6Sj=V4-4fy>H;m5%8hlG)5PjQaRhVIv2kVvvU!GR)utkrAl6Zp)* zH!!SzcEbOH-3#Hz@LkKCmga3$fxLoQcmgq42ax@Y*WT*4RAZRcL1n2ofB$aYlO0p3 z3C%@l)J+gI2Dy#^&BDSfaC(vB_4$xFdb*|f!V{9X2{!tn?)iZA%-sVQh?>A?e=uB6g+K!_P;T90pZ&V)g= zTs<*Dg`nLM)K8)?f7Z$4INzmJWD(3DfdP8$zyyY|$6RfHA^GqRUp(sJSABFSgWUPJ zk#fPI^R(o8{jTQ{@K;YI;Ca}VB>8?;`N<avTBN8{;paTSq;Ba2C&L zZQ4v=Ex6DdVU(A98#;k?YKOT1Etn<%*@d3hwlROPMfW_Aa_k%&7p_0}4g3Q4v7gtF zJEI6UEVYb|GRK9X zA)TV8IKf<%6uHNiQZU&t=|2@;?l8Az`1ml4sXYdA42Zj-53=Fk!M+|IglZ)ZOskzt!uH80RsKky+CQHi4+UkxYu;Kja_19zS?#E{o^9tHj=wm}7tP zayXAad)T@@HT&f#mX;KW5fB*uCq|@v!CyV$k$Veyayvo|yfJGqA=&Ps~_X(6WcI3%?LX)(*E{{23!i>B05A`ls8!M?6^EpKi-P#VMR6 z==meh0XE1VESd08Oi9IWd_Vi(f{*=6)K(dF4?l|Oy@WjZB*|YqY&rhZ&NzcSM0ni) zaV7t|H2+{2TQDVNStVY^nto0g+KFp4MvQ-SDw5(oan m|s=h=i}ag zR8GE}Bq{J`JJ+w=>{aleE&kY_y)|+mKL?WZ|LJl2(~snVEl;i=EM_&}(C3pFy05kO zIeC(0YQo)~%7sBfO+CM@T{pbpkB{|=CvNfAxvcRTt$Yez`4AOxjPsN;5~V(gvkL_< zec<`C<6Qg{=XdwXA0PSu^=t0E_OP|FSvK&e+XB`uj_3s@bf;lPSbsY}TG66G}f|1%xUIafvpm0OSgvXTlWbQp$d&K0g|cyF*ZEBGh36_ z`_maZVKDgpM&$Z~q-K2tOB(a;Fku9sb-Y~z>$G7L2Dj9m)l26*G-j&`k8E^(q`n9t z#(^$YXas$hWp^e&aOptE?#30FcU~n_Xo$N~1M*yaZRI*)A{1QkBKTJMwoE@?p1q52 z(AQ~a;a!>bUu$TMt`t|aS4lMNgu3|&)~j)7mvvoWl1S5cu}*zh>(f8Y;%caOBDYyB zJ6^2+g7K1uF9J`q(t^2VG}oJD#)@JB_`@Z5WHiP016Ky_)()&5X;v;cg?0FC``%9; zIAB58WW(j1fY~Bwj^)5BiY&T?ofbcP?m87UB}!C+ z${b!GzWS9MAtFZU|Dd$Bq$MD!uLhss&>;(Yn_+MlNK5o`1K0$t4=WcJuI&~Xa8j%s z92H=Dkc-|L7~OhpDHC!*6Exd?q*Ra@>!l<>j$&a21Xd`$SYba93=3Tu$;Z5z|DZ(u zJqH3a7Z?z*gU981H+v(D2@GJ zM-bQ3e_NaX1#un12-br$scxF$TRIV^4e-DO64%T9e~0RL`VPET|C!JH3mXCq!C#i~ zJO0}Jym#S?Eb>`m7V<(0U_uAj93(q`A)kohv2)Z#qZNB zmX$Q;^x`t^i&+N=HN@JApG3f3%-(CEhWR=DXT2tDJs}KcAz{XZ)FTc4u)8aX2ktQ= zfSI>BVRA*BxChFnwW&q`col%3J9?ewyXIcY&~pd#d_kB>;ARUgpg2iYrgs4oWRw00 zS1#Kyp?`eVE+cVQTt*gt5e0CS@H@WNpxgjz`b2T||670#HZyRYdA)k>OAHU7w6S0S zb{-DzzcPQ*sIj6Xr9|R)aB)7Q%8RE2mY2L z{+UzjABN<+T>Lk7_uo=IQNz029ylA)KlxM56uXZ%_m+Hd*OL3VZLPi=6rXcZ9Z{fn zP2TmVHLT&v{dDR_L*Q==&OeaRKR!D3NQ83(+g?}~iF0l7WSSRMX3#_V??scg92Z0k zt*L9*inQf&q#T_-M+A|TpVU5ciM{HtMEVcT;n3fc?W|7cT%`uj))mx})&!?W38{+L zCY@gP%)T2~>&H}k8RLvU_M?~a_mEC=&b?RR;0n=ifxND4X7D+!{L9m%X(OcXD}#gpw_Ed^0_u8tL zYX*ECvNn9fD|&ExqDTxIl@2oF18U4H6{)=;iwg4Iqy zm?bL%R=cn{ZdF;cw&06)))?-*DI29%(K^eICd=QdXy8J>Yhh`3F6!t6#THy1x-U2C zF2<8BR$l&az48u9!uVHS@gdi99=6pi`q*;wZnCUzWUR?;EzQdCi70KF^m&(uC-ZO2 zY(6s7$=2tqxxmzYy4uZzt?Q{L!m`i=Nvux1Do2;tDx8OV^)3yar;-S9vzRFwbtfmm z^s2+ATGluGZTkmr8;Em!a>^2R!F_7VKssl7ra%we0MoiR!Oe)ewpf9-Nm)I+|AxWN z+B0sGwWLRetjc-$lk)ABYbAcXa>k-&+{QK#~FgQzhgOZ)-S(-4(k*8-&;~*2PtM!SDYf^?zG~=v0k(W!NLQ?vs`&Ot* zRK_W+B?IAaCtC$5@dwM3L$A4_mCxDK^U7@FH>Sp_S+3>G;axxHM-Xf@Wyj(q46P1G zmm1hiLIyJimXA~Sz-i6r;h_A~iT5gJvF#IVY-H)NVR4ma6QNR+d~6WcV061#`D&9s zIe@0WJj#PSCsh|~Rs*I1_wcAU$u5Hel&2Te)mO1(av@0*9$o0{himQ!%6bQTyED>F z^5>Pv5-Dwh0-c!;K0vG671obp_dDK3Q>b!uJ-UIVIA;$t$>N$-qwiC%W~C!sa+_P; z2~TsRfeHwRsYUnb));Pf(>v6)se56fdO%q#R2AoU+BdT7ksV)7cx7PySYz=Uo$+~b zB5;!!UMONlB>~DW~~Rx4Lp%c8|bX*yV`4;>Cd=LoBYS>R384= zk9A6z606Dr<$EfTQ??ukhU8c$UWsE`<|p~li2$zN1IB=XkgA_ShFr zCWbQ{5?ESc|GUR9C5NwXC63H^o~?UMRt_O=q7t_(+K{)~F+;dpo44yspK>Zt$|Khi z)+;&Q)3$258etsS^`k`9&sKWx$MFPENw=9n+_k^7u(-gUuEl!=Y5?Wwfm)@MX$(r1k?`ZhlUiJ#3icJaFUuaR>WL4Lku%mR>uT`)yuoKOe?e%P)VHG(LCCo_Y5;Tl|I-wN!gW z{(*9UxSPxFuD9HI+L7gR@T`-#4(1q`Hp4k>NA6!$R+J#|#TA_a%GxLkcN!LJZ|PJ2 zfpWojyrTAJaUB5jSDUnE7*aeuY-7}o2LrrzD#$Q`nxpRT4?jhE4VL_YC8UIr6YKUh z5GTCyKf8}d8I)M}i{irt8(5;eM5-j(7L|@iDRabDbmA39zdZ;8+FyJH4fzR5w_NL^ zp13Eulwvyvh0j)JN|+&Ho*=S(^6FceY8v7Ru$E#%^$#!wQYzAGOXoYP%CZgSE$*Tw z{I3T2F^-%Rj5@2mCKuMU=BQmQF&dq*LdS}sa`J|BM8M!DY@;PMSF?Eng0B-55t=#+yoy8S*uFd{Qg&kNYRxE45#VJRT@0ctLE^nqq*w z0sVl^CyOpHn4BSZ>ZoWBs8y${nUj@ExzVC{vrX=GbPZHI8qvYgWeS7mcls@iwwtZGjFCrwxkQ zh~2#mhYWgvg5b=J(I=o-@f!N9>&4QCN9RTuKi92Hxx$XdE4ZEugiq>x4z4aNuLw#q zTUWxa3yWq^V=*-1Np)8#HOy!A*&|IaT zVa@F|A}UmM>N2vwzRvvl6l|Jw4}O{a+K+6$R>n$rG`Jap45$W}hVRe?=!Nn$@6n9@ zyITA}i!1~U(x@iAeYY8&fFjjzZ;}`Lii;kML`>!r;*`hgKKF%bhlL2*4jya~n2gU& zOfP!e^cu|4k5(3yaKm_?ijE#_;T8SK?zCRa$j z(OnX9+a9bot7KV~Z+ASYr3?(d`^){13nA4tbWMbB3+;}?Qyaf&FyY`#RC|u|J6S`& zB<~#Q16bi@Ko7F0IRP)o5E>#GqzPI~!p_ZKsn-z8q$qdHn-VuQ4oV{+W zFfh(IxR~FpHp7Q0cgOT{U3RcD9z{Fj5b%bScZwF|~uf3ogVYDZ1c1^mv!} zReX1`6UM_=c0h4E-(cXeSvBL}6as$wlfhOCVx)HQ{ zFRU8qrhr{)>PdV@3$6+jKur{kcoLOU+>5chE{l~>}WVJ=SF79H7h!@T1Id{R1( zl`7`=N7caRyeSr7hbvm^P%v**f5~4hM@O^w0Gu6CY=0evO)hV{R#CaXWGfeRb`Pf6 z4%&&N@B14;)5GV(cN0HoTM2@rEf|xHXy<$Q^#y|$;Zon_m+-%V2;yWlIiR^&{E$h_ zs8A006okx)9tA*MsobR^lwpDL-b{mPA3@5m32xYKz%^dGgb7I){7LH=*f#NA*cV z5DbMp0LSmA)}NkE3Q5>S1=0E%P$NadGOO8u*O(s_A7_SzD}LA+NRk3@%G?M(d(q!% z*s&J`V6H$YHqbze(yuZTs7aVIZKT0w3GGhD*^U&lZho7BJ8W_q?vp>-kv?%=)MW)4 zzm-<~JVHp{S8S`#(44k@Aefr>>c{-cN#+v~s*0KzQTQ!X(QMf=a8U48h+B5e84;_2 zLi0=>)Dc~mF+Yn7LUteAdcj_s-y9ich3OQXoklkC*vI_QSx;J;n^97I$ueX@eK0a| z&9nR=_;)0Q3HK$vM|ed+tcNOTW(r^3TdZ?BiwDdf0l(uu`t*22$fODox^yUBm;rR# zajLyT89ZKC2g}VWC}+Ld2UGe=v3#u7z8r=yLXD7`6dF43<5Pq9Y=%BxRfuJ2PqD?5 zXL2#$ee;Wz@^MvJwB3|kOj)?1uq=hsBkP_AKOQTn3X#!GtSA1Mr!DeW-(^`2eO{ey zPj*}aKXwdUrPz%cFSz&F@}>U4S~Mu`>OrN*i^ZS0aAT#n@?bMZ+n7vUs1lf|P>BN< zEo2OZvAsof{Vp~yqwk)&noXA-yhn=!ac^{sf-WnbA%O|~hWmWfuLTqyIC@C~0|V$} z23_KA0xe~Q<32RF&4qh)93dRXozAIPlT+vhLhrQ&jix5L$2;;oTt-ykuh~@IBkvtw$3A>>OK-hJ`arCWPTA`Y`Fli^CS z#*V#kM`oRVq(a0swXhtf5-a*P*bzfVV~?2y3^`*xp}#O!l3urB?*;$2sk7xB&J#I` zO}>LhsMz?immz! zQo`~u6u1F zYvkcFCu_KU#<5?N-)XL6s(8?b)P~^$#MkK}l9xjegA4aHbT9`y3v8%NGxdb)20p@} z*lP-EbQUVFPxr)cz?iE=h;odXxD~PLI79te+>rbeaKfYLhvS|W1kYUZ96WUWOmh@Dq$pc++iU$X; z$h~eBV;@eqPKzxT<-w(0e77S5^ZI8EJ=ZCKhBXpY#OwEwU`LWq2jT{ z0=xH|PI_nEJVAt8N;-c=B~lAJq-!O(jGyQ%SNknZETViWO4|dwTSseq=ga6o_WN`1 z&pL75ip6c7P<+?_RL&2g0qe)rF@J_ASNXmo48P#nZG&$PgUVjf3hXyhCOxv?nbPI0(jA3P&Yj=KPqu?z@73nzj8=Lr^rWJq-$;D&qr`&fp<_u{-S}mEP<;^VKz!9zQ zRjPm0VhlD<`%Qsuy<9@+IC3{8baUFDWCf#$(=Gi)V z>?Z5$*}k!>%W8Iee{_LJ>J5hbM+Gug?#2l$!L4+lzgUK+2UF34an$>73`1gWJWlE# zg+an_hqed~ltSPIyOlv5@c|WnNoXE4Dl||RJ1;_uMX0O0Jwl+gRxl_ zQYmDQ zIG#I&|MM6>;1uG1`{WC=e+=eiJr(0hM|B_@ohXk|YQvwQ=J^0t<@2^YywN&#vV`Ur z0rGP~5Q!135O**r<<|oivaTTD>uC^7XXEo~&Sa^kwSbx3VOn(;x$oQGO=Y=EPK~?c zkFKEIFVHO6qBoimBdo~+$5AgYVlKeub~f=9FXbDF+oz$%fmXYLh~<%*b>7# z1KG2E2xt5j$6uepmLg!$HH(ZyLd;DT`mS-8^}ePGrUW*biQ)P$F44VI-gkdEe0;df^w91c-9Z+05L%Znm&s!^8V~BAUm3EubhT=m!YMf8jW$0rvCyHA2UH`<9NWLwgFYp+K7Y+a}D_KT( zqDIu0d9bWMpA}$k@P~jd0tlj2bREV3+!GvoG^>g7~njMw*ZQTY=qhH3FvRvqdIDD)`+O zK9;14@zC&^1jRpE+07wQFo!piv&?QA0>h3O&CMYp2u^6}kHwPflZivY8y>H>` zy`UEhpK?d_zscDI_?#NagH(wSQ>?v0RG6kAJZE@it*y=`hYCoH^#RPV+7UaS2p{#% zgqpzJd2=g^lf5^9;lOC@6(c6|q$f{0Y$Lb>V)-V7VY7G=Y-~FlMf5aX4%AKbcJ-I0 zvvxIu0%&EspmqSeNs!g)u`YwK?z+;EuFJ=e8S(sVuXHzV2?>4lwIyDvThC7kLF_?Y zl3jssY_iYb9Y%wgw=hNPTsDpvi}Z_VYtoqQj^;bt?C%N1o8^41s-h6nlJjEsYN1>% zs;={un#QS|W}3e}`3~l`fEIYfX^U5!Gj}9kE|gU6f7}TTvZ>CQBHuv68SmVRHRb=p z1$Q%-RQ{Sbs3O;*VTxo~KK%ZS1QAYGnXmzv$&Fu=FzbVo@RQr-JoQg9LFXU$8Tk7( zh6c#PDgMqe7b*PLW9$c&C=5esY~PfpU(%M|SDNAdP>JB&Fco)B61JM29MZ6y zSba?@{fe$UMXBCrESyv*Rkhl_Y#j6+)oNGPiux!v_Ke)Ye4ZW(^N6>+Sz!(zVG4(_ z5rK7-M#qfb18#ozD_fDVMw3W;|81R?XxDPM^vR(+_Oh`tdYn!1s?buFX(r1RHK=ax zR)*o%10)i9-bo&5E=8m=QTrb`xWs3e8uI8L*CK%n$~cuqI4qSg8cMS&IZ(Q~OfMuilVe9!U4P%j}T zz@N_PJ{;f8vqgxXC5V#N@Q77oY%f5{eb^GhFt!Nk?+2rU)FB8;ln=p^gHak>z>N%^ z!Fc4?T+B`bUk;>DP#f)oQHF%~CnzFx?VI_9!-2bkSCFT!1`Cd)YZYZ)Yr{5?UYL4y z>&!N6SD&o2DnH03k+-g(A9AFqLY0=5mTkdk+sK|XOhH0a76!`7x-I?7WQtpP& zOF68*IKmqEgO+kah9al(5#>NEFw*ZkLF0(Xrhf-0zp zl(Rw`v?ODoDZ;2CtwT2 z=DxYNriQ(PWtkq@3!)ObSz~zpZgp~W-QopYMyG0sASZ_4KJa{u^`g*NM%sqBrkvu6 zj6X^3cx@m=Qjg%bAovFl!G5b>oD<9q1>y}I1Iry3QfWVk&{_=~G}#;k%uC{`!M2lE>*bfT!E$6vsRqi{IOxNnH5t!1ehF1{RwS?&Zsz zDi?0uTT)pzc~u{9ISim<30xxtm#}2zG_^CZ8n_|z*khE{Xep4;8U67@)93+H=tb2HQ$E5U>ckn_gF1tJy? zf-Tu76p8?Y3To;IFMN;*7KpuB8m&#uvDHQDrb%VQ`^^v;%HzEkVnOM z0Q(0bi23+)fwmG`D>~77+Y%)x3fWoP2ASAglnkEa6E|xOqox8bT9YW zUw&EWGnNnz)>x6?_{pcTjK=G&3xwYm8Gpg(fZspHwOW5N)QsQ47wpE|YE`nr0(m)! zyd__QtLg(!Z#BLphJFo2yWXD=%TjBvP;xMuRj zePiwu_Fd`9!h*WFE$>0m>E=3+RXxjO^40I9sG!7zpG-OxKZ$%=MDn*Vyf1#zT(5Pa zQ^B^iF2kD{Gi`fb=-8DjcJr)grKm7+AK#l%n;B^d9rpQg%lQ z<12twUXnR-y#@cAY_c|VqY&*^yIOK8Q@3IG)LBjCXPR(V&V}5%N|X1DNTcf(6ERZyHz z%Xb*1`sg`k#@8XtJ<$FQBsyN(Qy3iTWwP7`WEPcUqZDz{-92T`0KSsQxf=Hz%2 z4-WX}vyn@{h+r){$u<3%&B)QbOm$5;wh}c*k|;^%GWyh_D~qo;HtHog zGcv5Kbx%^jp!#U13siEVaF^}tTm_e_Y`KnUdouUSeCL?~m^%Voama@*z*`z{dNh*(3G5M zSBYh{Q}45;JdXUJ{C<_*KEU!w%_8+ij@y1hjXq<%y>u>nFXSU>SEXcbO29lae$@!$ zR~ok5jpkx99vkg4P;<7QVX6g9b(Cp zA{|VVVJXWpu~Dt6WR$p(WOq}`G(6A5Vb;qNOeQ-dscf7cz7SR7;xl2iw?e950M?!9 z&3xRh%Bm=%kl=XnYTtH!iVA%L&%$@_KmIfV4F&H=62Gp`vq^zI7(s>n!uUlB38LEZ zaOl=PcQ+yYrq^XfTUwHL!$e47X=P|k>aFbOq?IJ;A)x9;${a22FRmZ>X>J9y%20O` zM(V{Wg*s}!U+2+?Gfw{nFrO1+wUZ#{o(!g;J(Ia7M>p%lXaIZ8^+XD_<_|YDKl#}e zvN7ip45R?I@V!Pnu@D2S6uo=*-o?~(g~XnLrp3-@bcWF?Gr(5Nc24=S%CGM-6vKM} zqaaP3=kn4DLeoXDDSY+|_W{jy=&S(^0oX>dyRtH+!Hl>bY~EdJqWLy*ngX@Wb_S}y zxnm>C-Cu3RO~CBD5U?K>k1iQ@ic3w0@qPM7Uw#Ut;!;21(xYkm{a`Lh?NCPj!Kg2p zL+~0|*iB3pQ0@o6qQ^sbdoodt=kA|<4|G8+|9+`vuNMF;7~Geu&eZCtn?|ucSNmY$ zgiplpq_3#7hpW4Y0jQIH#6bKk>^hfxvd?OomOhu@;XtEByLbKLwc9ein&z%R3v5cb z?N^g>9VPp9TPwGVS6NIeMUDb%Yu12x%Avmu?x_$oDt96qe2@-IY70ADBiL`sFu|ne znto;NFxgJ^+v}eNxA_d)0e@Meu4}ak)!+VjKmX>;${_ZjrvY!nKJaUCxp}_T66L4- zz09(&KcyG!5Tp`63R=DD! z@#O4X(@q7oUjAKff|yLr4>f!F^N(dEM3=Ancf<>-8MR0=BNb#bgB^28Nl6)vPs~sb zE9e$w=SCIz%SE!yJ%9d9ce3`myVYmnx6NC(R`eX^yT0oLeh42BUVjwWuaYTu?QO9~ zk%cAGFH=9E289c^>pef`N?*O}dLrheBZaKR-Es|!*7kQR{@P*o>q+#Fj@hfZoO<3m zvQB14F^cg4oUsbk2i-!?Oxn`c`S znzyq17@HSlCb_qMDpWJ^K?wQ>-JP|da(v}sDjS2uH)%zN*S_t)ROr9nIp49Eu8|#Q z%g;zb>P5KOSyG0s`;1eYa5L${r#2VAb`Lzqob5C@^s9LIBdIZ|;Liw-#^AbNA|4nt z(GSFB*#&DyO{=5?t?w6NVhf6%#VO6 zZ!X`>l!0m4te2AZ32bU$35|y~ZDhaRk_m6~=}Zwak;UsNi;${omlRT7ZeQ#{SikZt z9x2smfjD8uOaVfp{=wPoV!wHbW+sy}Z5*4>bL%dYSov}!b`szOw6dmcv)vG3xQWn5 zVJuuMGR@oUBrHoLMSD@CyIM9xoc*;$eAfz#ZwQa81JEyH@BN4v+p0#IS-heo8<|9W z(!zdFJO(uNa&NBIbq413nQ1^`SvS-#<&Z|N9!xM0)9awUOkj|bUq@%^(DGX#jp7H% z7kn(}BGbI&S3W~6(t)LeBSv&)BTP@c6Rk&xd`lh~K#b%W9a%=3!!qxM6!j^SJ; zEzv~Bt88W=Fwp?nQavfdWEk*$laXzF=5lUfcS5jaSjuaTObR3AprWYT)8)}#!4&-` zJh54~;;4{IDxHVez2e7hb5)Dh&{^vxe!(_c1ngRO(wx5_^v#^Xl$DH(pJ$3k=Yx{FZr5jk)XeX(W+IZ}mMQhA#L& zA4Okpcryjnpj5F-t$_57MvhMZx&DF|121#rOSGe8WqMz{Sj-xG#)>c$wAL5(FR3z@ z>$$bQR@i~E)-WnOK8|V)UG*!C5D8=J&@ZBHDwGO$olD1l_G}cqaqQW*BE-i|v+Xn* zD8ptum-!QLt7ZHz%T@>PTwsT8474Z9WKm^c8}i>YpQ=L6!>#Mz+-jLUs!uRy!%d!O z#ToN>k4ZJ-pQrok=NRp-({wCr+-JBohY?iCe}_YZZE$l93Y#Ilb(hQG-HO$M)Dovk zeBQuodl|yrY6_{z7pgSeiS|7?lkxof=FjHOu!U!{*5T1(;?q*W8}&wJFXE>R@W-*F zdF2nL+!Fz~gW%#eHF&DrS)b)B87f$4QIQyZJZN1a29zD#cCVVJ`ziY>#d?*{I_WR5 zc9-!cUM>^BCLYvsdA-jNwASm5%DfFs+B`+;>9-=z>W*0%E!o{1Q&f+H{gH0d9$__A z{d&4ZkUN_rEPy!F&atf^*qFS=N8$RE?OtaXF{2Vl=v_>&=oRkZflmjUN?#s<8?>2t zmPU|CQKyo`aNztbFym>hl4LPUE zRAj98pp|zufJ^dN;YHmOfBMyw(~lr(g+fT_FMnO--PLspfZc_94q9_rlQ(1SM13=6#V zn@QN^>PD@uP}i%)Z;S9L0lmca!c}Dq$J}TC;Z`0Ez;?IE^^r+NcG09MjmXnYyxOR& z%*t-=>H>oM^*2LF6Y~Lk(!&nJZE&zF`W}S_FA`txxBXHL?;Q?2XR)c;5J4>RP@tvhwrkhjkAKO{dLelmb$4 zr32O@^{wMSRMsE8)U9Z}(=E13_=KYw2BWQL#;X`XS1i?>_N2 zns>WGXK`QYp5>YVFIxW?{o}8{PKV#QNfC*2-xsXsuZ2$DZPm9#+Ay|nC?hjWZ?>(L z$Cc=l3!|n9jsraBWhj%$d%lZ8LKygx%UZd&Ca*A(d8M$y>ME~2$cWw~RuQ1O=cfyy z6>P!2*VrRXWHa5ri47Fa*%nB4#cK^%@aPp;L~ip%kAafn9&1LaE0mC_QnZ%iy*5h1 zb02`|7~*SSHMa@z_!zx-*Jt+b8Sp4y@2b9m>JB{MB5|*kpij1#sH~MZy=J&7qp}$W zT&lLuam(yN#aWy+TxAf};&D=$$iKM?CA!kE%_sCp(yYv3xN{MbUAYC#db(s9+pxo# z1J!TW%@aTJlU=JAKdVn+YSgMs+{mq!X-MzmZxj*|nzkn&OW<``c|a^d@of|;nbU5e zzssoq!kYy5iX_Fh+D61^xY9(`1~zb(Sz^>P8~10><`dV}9@dBn3=x~PZsjr1bR^)t z0B@VPf{PbhcBhuZG-BsO9GV8r2EQ%KEEH}L-4)8 z$ziN?8v*@5+!C6a?FQPzA8rfH6tZ5l)5)rw!^E||o$m;OjV|`ulZS`-nMj-ji;=vC zU`j#-v{qshw-iKL>$z!T44b{-HJcH2FQ|A?e)hD*ZWQ;x0gk3fxTVY23#E2or8NS2AcXMA=9`Y=GS!L(@lQMHfncpmrV8LWMu_I1j< z0yI2-?&tdJl|s}ni3x=P=Oc$R{rR}%>k5T=z=Yz=Ix@wV(|zJjVWD$w&9}&wvsLjZ z@Ew7Nt%AO%_+{_qvB<||b#t9*3wmA9SoV-njLb=0p{vzDiu#^q;ev>}gw$AWV+6)x zTxuCE_F6hd8!zqI($J=57NFb(a1jgo-P~(^nYwC9Z*b)ewsGZiz4ympzblxgkoN?S z=RF&0+TRr!Aar;k?2iiFa43(CS znZ$B+pi%8~Bp@t;s3k=s{_Ip+)5fm}ZkKnBj1+%%E*^c?mI?nyYF|#Q&7+LjBSCTx zIVV#l-A5chMM&_kH1D1n%V6U{F#TASnSf$B)WUlxV3zLG`Xt(KttPfTcTerVxai(# zqU{|?)u(+we$)i!SI0^jJ+8i{kaGEIE*cve!Crz$P^xT8-Ji~&U;iMMuGT!td4BRJ z!Yd^`us7&DE^#7mWChEuq6LL5`fUF6C%_SL&UjRqg^%)2X#>69;@8dEE}~38Y_#D$ zsT%%tngo5X`^k3J`Pc5M6oVD6_Df4}AH;??iR!VOX~*XAShXf*ADgndtKIJo^y#|P zK1g>9PBU7wy+$p@su=!0#@Tf@W4vZhvKB@&=a~v}*@6lmVEj@p-(N48KmYbFc#=0q z;544X4NUFkAhcdUipl9Ksw|dgR6k}9&p%4F=!(b)kW9-wSw|ELgDfATPmVffm_V1| z(+}+Nez;&~snSZgZJ07`)*H*g;*Z4sJH9w~)bXQ4On%!j4Co@J=RJUFVhm*`yI9M| z9f$q289?;N;!}QmiQmICrLn!yQD5zH+-{OxCS*^*8Ic?ZtvCGjhSeHDNt3L>4^zbzztU&tSHEq;#_fb=27{Qy5zAK8T%NRAD zae`p)9_z5U=T3d}JnC$-Xzt31tqbe!Ed%c-d6XWa?#TMH=X}07u>mS-4b2Pv_7&q2 zrb(S(Z4@A#vYlW60-75Imt_hSl_(XqXCWLEpn*%Pq@%Hl5plMGiD|W4SqPz??D`};F_BC4{l2^rQAyT+ z*W!kOTdg+=)&JWJPGXA;f5CThGm*jVWovV*%WFnHQ4(}IFaD-X$;D0QAVq~W=b+0- z*&8MFy0@G9U~fhudaBK}fgq&_b?=n0_au}fE8a`f$C@C&DJ!LTJLl#DpZ^0$