From 469d37b7bdc5a086b49730037380bc08c0f3a6a5 Mon Sep 17 00:00:00 2001 From: Bader Youssef Date: Mon, 6 Jan 2025 08:26:53 -0500 Subject: [PATCH 1/6] add wss docs --- .../setup-secure-wss/apache2-config.md | 7 ++ .../setup-secure-wss/install-apache2.md | 5 ++ .../setup-secure-wss/install-openssl.md | 4 + .../setup-secure-wss/nginx-config.md | 14 +++ .../setup-secure-wss/nginx-rate-limit.md | 10 +++ infrastructure/running-a-node/.pages | 2 +- .../running-a-node/setup-secure-wss.md | 90 +++++++++++++++++++ 7 files changed, 131 insertions(+), 1 deletion(-) create mode 100644 .snippets/code/infrastructure/setup-secure-wss/apache2-config.md create mode 100644 .snippets/code/infrastructure/setup-secure-wss/install-apache2.md create mode 100644 .snippets/code/infrastructure/setup-secure-wss/install-openssl.md create mode 100644 .snippets/code/infrastructure/setup-secure-wss/nginx-config.md create mode 100644 .snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md create mode 100644 infrastructure/running-a-node/setup-secure-wss.md diff --git a/.snippets/code/infrastructure/setup-secure-wss/apache2-config.md b/.snippets/code/infrastructure/setup-secure-wss/apache2-config.md new file mode 100644 index 000000000..5b838b87a --- /dev/null +++ b/.snippets/code/infrastructure/setup-secure-wss/apache2-config.md @@ -0,0 +1,7 @@ +```apacheconf +# (...) +SSLProxyEngine on +ProxyRequests off +ProxyPass / ws://localhost:9944 +ProxyPassReverse / ws://localhost:9944 +``` \ No newline at end of file diff --git a/.snippets/code/infrastructure/setup-secure-wss/install-apache2.md b/.snippets/code/infrastructure/setup-secure-wss/install-apache2.md new file mode 100644 index 000000000..dcc6dae2d --- /dev/null +++ b/.snippets/code/infrastructure/setup-secure-wss/install-apache2.md @@ -0,0 +1,5 @@ +```bash +apt install apache2 +a2dismod mpm_prefork +a2enmod mpm_event proxy proxy_html proxy_http proxy_wstunnel rewrite ssl +``` \ No newline at end of file diff --git a/.snippets/code/infrastructure/setup-secure-wss/install-openssl.md b/.snippets/code/infrastructure/setup-secure-wss/install-openssl.md new file mode 100644 index 000000000..3f47aadcc --- /dev/null +++ b/.snippets/code/infrastructure/setup-secure-wss/install-openssl.md @@ -0,0 +1,4 @@ +```bash +sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/selfsigned.key -out /etc/ssl/certs/selfsigned.crt +sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 +``` \ No newline at end of file diff --git a/.snippets/code/infrastructure/setup-secure-wss/nginx-config.md b/.snippets/code/infrastructure/setup-secure-wss/nginx-config.md new file mode 100644 index 000000000..295d4d723 --- /dev/null +++ b/.snippets/code/infrastructure/setup-secure-wss/nginx-config.md @@ -0,0 +1,14 @@ +```conf +server { + (...) + location / { + proxy_buffers 16 4k; + proxy_buffer_size 2k; + proxy_pass http://localhost:9944; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + } +} +``` \ No newline at end of file diff --git a/.snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md b/.snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md new file mode 100644 index 000000000..26a1adeb2 --- /dev/null +++ b/.snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md @@ -0,0 +1,10 @@ +```conf +http { + limit_req_zone "$http_x_forwarded_for" zone=zone:10m rate=2r/s; + (...) +} +location / { + limit_req zone=zone burst=5; + (...) +} +``` \ No newline at end of file diff --git a/infrastructure/running-a-node/.pages b/infrastructure/running-a-node/.pages index 524ac6396..4cb64c1e5 100644 --- a/infrastructure/running-a-node/.pages +++ b/infrastructure/running-a-node/.pages @@ -3,4 +3,4 @@ nav: - index.md - 'Set Up a Full Node': setup-full-node.md - 'Set Up a Bootnode': setup-bootnode.md - # - 'Common Node Flags': common-node-flags.md \ No newline at end of file + - 'Setup Secure Websocket': setup-secure-wss.md \ No newline at end of file diff --git a/infrastructure/running-a-node/setup-secure-wss.md b/infrastructure/running-a-node/setup-secure-wss.md new file mode 100644 index 000000000..69a7214ce --- /dev/null +++ b/infrastructure/running-a-node/setup-secure-wss.md @@ -0,0 +1,90 @@ +--- +title: Setup Secure WebSocket +description: Instructions on enabling SSL for your node and setting up a secure WebSocket proxy server using nginx for remote connections. +--- + +# Setup Secure WebSocket + +## Introduction + +Ensuring secure WebSocket communication is crucial for maintaining the integrity and security of a Polkadot or Kusama node when interacting with remote clients. This guide walks you through setting up a secure WebSocket (WSS) connection for your node by leveraging SSL encryption with popular web server proxies like nginx or Apache. By the end of this guide, you'll be able to secure your node's WebSocket port, enabling safe remote connections without exposing your node to unnecessary risks. + +## Secure a WebSocket Port + +You can convert a non-secured WebSocket port to a secure WSS port by placing it behind an SSL-enabled proxy. This approach can be used to secure a bootnode or RPC server. The SSL-enabled apache2/nginx/other proxy server redirects requests to the internal WebSocket and converts it to a secure (WSS) connection. You can use a service like [LetsEncrypt](https://letsencrypt.org/){target=\_blank} to obtain an SSL certificate. + +### Obtain an SSL Certificate + +You can follow the LetsEncrypt instructions for your respective web server implementation to get a free SSL certificate: + +- [nginx](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal){target=\_blank} +- [apache2](https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal){target=\_blank} + +LetsEncrypt will auto-generate an SSL certificate and include it in your configuration. + +You can generate a self-signed certificate and rely on your node's raw IP address when connecting. However, self-signed certificates aren't optimal because you have to whitelist the certificate to access it from a browser. + +Use the following commmand to generate a self-signed certificate using OpenSSL: + +--8<-- 'code/infrastructure/setup-secure-wss/install-openssl.md' + +## Install a Proxy Server + +There are a lot of different implementations of a WebSocket proxy; some of the more widely used are [nginx](https://www.nginx.com/){target=\_blank} and [apache2](https://httpd.apache.org/){target=\_blank}, both of which are commonly used web server implementations. See the following section for configuration examples for both implementations. + +### Use nginx + +1. Install the `nginx` web server: + ```bash + apt install nginx + ``` + +2. In an SSL-enabled virtual host add: + --8<-- 'code/infrastructure/setup-secure-wss/nginx-config.md' + +3. Optionally, you can introduce some form of rate limiting: + --8<-- 'code/infrastructure/setup-secure-wss/nginx-rate-limit.md' + +### Use Apache2 + +Apache2 can run in various modes, including `prefork`, `worker`, and `event`. In this example, the [`event`](https://httpd.apache.org/docs/2.4/mod/event.html){target=\_blank} mode is recommended for handling higher traffic loads, as it is optimized for performance in such environments. However, depending on the specific requirements of your setup, other modes like `prefork` or `worker` may also be appropriate. + +1. Install the `apache2` web server: + --8<-- 'code/infrastructure/setup-secure-wss/install-apache2.md' + +2. The [`mod_proxy_wstunnel`](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html){target=\_blank} provides support for the tunneling of WebSocket connections to a backend WebSocket server. The connection is automatically upgraded to a WebSocket connection. In an SSL-enabled `virtualhost` add: + --8<-- 'code/infrastructure/setup-secure-wss/apache2-config.md' + + !!!warning + Older versions of `mod_proxy_wstunnel` don't upgrade the connection automatically and will need the following config added: + ```apacheconf + RewriteEngine on + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteRule /(.*) ws://localhost:9944/$1 [P,L] + RewriteRule /(.*) http://localhost:9944/$1 [P,L] + ``` + +3. Optionally, some form of rate limiting can be introduced: + + ```bash + apt install libapache2-mod-qos + a2enmod qos + ``` + + And edit `/etc/apache2/mods-available/qos.conf`: + + ```conf + # allows max 50 connections from a single ip address: + QS_SrvMaxConnPerIP 50 + ``` + +## Connect to the Node + +1. Open [Polkadot.js Apps interface](https://polkadot.js.org/apps){target=\_blank} and click the logo in the top left to switch the node +2. Activate the **Development** toggle and input your node's address - either the domain or the IP address. Remember to prefix with `wss://` and if you're using the 443 port, append `:443` as follows: + + ```bash + wss://example.com:443 + ``` + +![A sync-in-progress chain connected to Polkadot.js UI](/images/infrastructure/general/setup-secure-wss/secure-wss-01.webp) \ No newline at end of file From 9e20f8be86fa4cf5317eec805a2a03701e3860b8 Mon Sep 17 00:00:00 2001 From: Bader Youssef Date: Mon, 6 Jan 2025 11:35:50 -0500 Subject: [PATCH 2/6] address comments --- .../setup-secure-wss/apache2-config.md | 0 .../setup-secure-wss/install-apache2.md | 0 .../setup-secure-wss/install-openssl.md | 0 .../setup-secure-wss/nginx-config.md | 0 .../setup-secure-wss/nginx-rate-limit.md | 0 infrastructure/running-a-node/setup-secure-wss.md | 15 +++++++++------ 6 files changed, 9 insertions(+), 6 deletions(-) rename .snippets/code/infrastructure/{ => running-a-node}/setup-secure-wss/apache2-config.md (100%) rename .snippets/code/infrastructure/{ => running-a-node}/setup-secure-wss/install-apache2.md (100%) rename .snippets/code/infrastructure/{ => running-a-node}/setup-secure-wss/install-openssl.md (100%) rename .snippets/code/infrastructure/{ => running-a-node}/setup-secure-wss/nginx-config.md (100%) rename .snippets/code/infrastructure/{ => running-a-node}/setup-secure-wss/nginx-rate-limit.md (100%) diff --git a/.snippets/code/infrastructure/setup-secure-wss/apache2-config.md b/.snippets/code/infrastructure/running-a-node/setup-secure-wss/apache2-config.md similarity index 100% rename from .snippets/code/infrastructure/setup-secure-wss/apache2-config.md rename to .snippets/code/infrastructure/running-a-node/setup-secure-wss/apache2-config.md diff --git a/.snippets/code/infrastructure/setup-secure-wss/install-apache2.md b/.snippets/code/infrastructure/running-a-node/setup-secure-wss/install-apache2.md similarity index 100% rename from .snippets/code/infrastructure/setup-secure-wss/install-apache2.md rename to .snippets/code/infrastructure/running-a-node/setup-secure-wss/install-apache2.md diff --git a/.snippets/code/infrastructure/setup-secure-wss/install-openssl.md b/.snippets/code/infrastructure/running-a-node/setup-secure-wss/install-openssl.md similarity index 100% rename from .snippets/code/infrastructure/setup-secure-wss/install-openssl.md rename to .snippets/code/infrastructure/running-a-node/setup-secure-wss/install-openssl.md diff --git a/.snippets/code/infrastructure/setup-secure-wss/nginx-config.md b/.snippets/code/infrastructure/running-a-node/setup-secure-wss/nginx-config.md similarity index 100% rename from .snippets/code/infrastructure/setup-secure-wss/nginx-config.md rename to .snippets/code/infrastructure/running-a-node/setup-secure-wss/nginx-config.md diff --git a/.snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md b/.snippets/code/infrastructure/running-a-node/setup-secure-wss/nginx-rate-limit.md similarity index 100% rename from .snippets/code/infrastructure/setup-secure-wss/nginx-rate-limit.md rename to .snippets/code/infrastructure/running-a-node/setup-secure-wss/nginx-rate-limit.md diff --git a/infrastructure/running-a-node/setup-secure-wss.md b/infrastructure/running-a-node/setup-secure-wss.md index 69a7214ce..55775dbff 100644 --- a/infrastructure/running-a-node/setup-secure-wss.md +++ b/infrastructure/running-a-node/setup-secure-wss.md @@ -9,13 +9,16 @@ description: Instructions on enabling SSL for your node and setting up a secure Ensuring secure WebSocket communication is crucial for maintaining the integrity and security of a Polkadot or Kusama node when interacting with remote clients. This guide walks you through setting up a secure WebSocket (WSS) connection for your node by leveraging SSL encryption with popular web server proxies like nginx or Apache. By the end of this guide, you'll be able to secure your node's WebSocket port, enabling safe remote connections without exposing your node to unnecessary risks. +!!!info + The following instructions are for UNIX-based systems. + ## Secure a WebSocket Port You can convert a non-secured WebSocket port to a secure WSS port by placing it behind an SSL-enabled proxy. This approach can be used to secure a bootnode or RPC server. The SSL-enabled apache2/nginx/other proxy server redirects requests to the internal WebSocket and converts it to a secure (WSS) connection. You can use a service like [LetsEncrypt](https://letsencrypt.org/){target=\_blank} to obtain an SSL certificate. ### Obtain an SSL Certificate -You can follow the LetsEncrypt instructions for your respective web server implementation to get a free SSL certificate: +You can follow the [LetsEncrypt](https://letsencrypt.org/){target=\_blank} instructions for your respective web server implementation to get a free SSL certificate: - [nginx](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal){target=\_blank} - [apache2](https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal){target=\_blank} @@ -26,7 +29,7 @@ You can generate a self-signed certificate and rely on your node's raw IP addres Use the following commmand to generate a self-signed certificate using OpenSSL: ---8<-- 'code/infrastructure/setup-secure-wss/install-openssl.md' +--8<-- 'code/infrastructure/running-a-node/setup-secure-wss/install-openssl.md' ## Install a Proxy Server @@ -40,20 +43,20 @@ There are a lot of different implementations of a WebSocket proxy; some of the m ``` 2. In an SSL-enabled virtual host add: - --8<-- 'code/infrastructure/setup-secure-wss/nginx-config.md' + --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/nginx-config.md' 3. Optionally, you can introduce some form of rate limiting: - --8<-- 'code/infrastructure/setup-secure-wss/nginx-rate-limit.md' + --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/nginx-rate-limit.md' ### Use Apache2 Apache2 can run in various modes, including `prefork`, `worker`, and `event`. In this example, the [`event`](https://httpd.apache.org/docs/2.4/mod/event.html){target=\_blank} mode is recommended for handling higher traffic loads, as it is optimized for performance in such environments. However, depending on the specific requirements of your setup, other modes like `prefork` or `worker` may also be appropriate. 1. Install the `apache2` web server: - --8<-- 'code/infrastructure/setup-secure-wss/install-apache2.md' + --8<-- 'code/infrastructure/running-a-node/running-a-node/setup-secure-wss/install-apache2.md' 2. The [`mod_proxy_wstunnel`](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html){target=\_blank} provides support for the tunneling of WebSocket connections to a backend WebSocket server. The connection is automatically upgraded to a WebSocket connection. In an SSL-enabled `virtualhost` add: - --8<-- 'code/infrastructure/setup-secure-wss/apache2-config.md' + --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/apache2-config.md' !!!warning Older versions of `mod_proxy_wstunnel` don't upgrade the connection automatically and will need the following config added: From a08ec4a82bdb119ecde500c513853a74dc7bdf10 Mon Sep 17 00:00:00 2001 From: nhussein11 Date: Wed, 5 Feb 2025 15:13:29 -0300 Subject: [PATCH 3/6] fix: adding missing image --- .../ether-js-server-connection.js | 2 +- .../reserve-backed-transfer.js | 14 +++++++------- .../zero-to-hero/build-custom-pallet/Cargo.toml | 16 ++++++++-------- .../spawn-basic-chain/connect-to-alice-01.js | 2 +- .../setup-secure-wss/setup-secure-wss-1.webp | Bin 0 -> 70734 bytes .../running-a-node/setup-secure-wss.md | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) create mode 100644 images/infrastructure/running-a-validator/running-a-node/setup-secure-wss/setup-secure-wss-1.webp diff --git a/.snippets/code/develop/smart-contracts/native-evm-contracts/ether-js-server-connection.js b/.snippets/code/develop/smart-contracts/native-evm-contracts/ether-js-server-connection.js index dd630a24e..57e20bc1f 100644 --- a/.snippets/code/develop/smart-contracts/native-evm-contracts/ether-js-server-connection.js +++ b/.snippets/code/develop/smart-contracts/native-evm-contracts/ether-js-server-connection.js @@ -1,5 +1,5 @@ import { JsonRpcProvider } from 'ethers'; const provider = new JsonRpcProvider( - 'https://westend-asset-hub-eth-rpc.polkadot.io', + 'https://westend-asset-hub-eth-rpc.polkadot.io' ); diff --git a/.snippets/code/tutorials/interoperability/xcm-transfers/from-relaychain-to-parachain/reserve-backed-transfer.js b/.snippets/code/tutorials/interoperability/xcm-transfers/from-relaychain-to-parachain/reserve-backed-transfer.js index a5e77b8ce..397611573 100644 --- a/.snippets/code/tutorials/interoperability/xcm-transfers/from-relaychain-to-parachain/reserve-backed-transfer.js +++ b/.snippets/code/tutorials/interoperability/xcm-transfers/from-relaychain-to-parachain/reserve-backed-transfer.js @@ -25,13 +25,13 @@ import { Binary } from 'polkadot-api'; // Create Polkadot client using WebSocket provider for Polkadot chain const polkadotClient = createClient( - withPolkadotSdkCompat(getWsProvider('ws://127.0.0.1:8001')), + withPolkadotSdkCompat(getWsProvider('ws://127.0.0.1:8001')) ); const dotApi = polkadotClient.getTypedApi(dot); // Create Astar client using WebSocket provider for Astar chain const astarClient = createClient( - withPolkadotSdkCompat(getWsProvider('ws://localhost:8000')), + withPolkadotSdkCompat(getWsProvider('ws://localhost:8000')) ); const astarApi = astarClient.getTypedApi(astar); @@ -42,7 +42,7 @@ const aliceKeyPair = derive('//Alice'); const alice = getPolkadotSigner( aliceKeyPair.publicKey, 'Sr25519', - aliceKeyPair.sign, + aliceKeyPair.sign ); // Define recipient (Dave) address on Astar chain @@ -56,7 +56,7 @@ const polkadotAssetId = 340282366920938463463374607431768211455n; // Fetch asset balance of recipient (Dave) before transaction let assetMetadata = await astarApi.query.Assets.Account.getValue( polkadotAssetId, - daveAddress, + daveAddress ); console.log('Asset balance before tx:', assetMetadata?.balance ?? 0); @@ -65,7 +65,7 @@ const tx = dotApi.tx.XcmPallet.limited_reserve_transfer_assets({ dest: XcmVersionedLocation.V3({ parents: 0, interior: XcmV3Junctions.X1( - XcmV3Junction.Parachain(2006), // Destination is the Astar parachain + XcmV3Junction.Parachain(2006) // Destination is the Astar parachain ), }), beneficiary: XcmVersionedLocation.V3({ @@ -75,7 +75,7 @@ const tx = dotApi.tx.XcmPallet.limited_reserve_transfer_assets({ // Beneficiary address on Astar network: undefined, id: idBenef, - }), + }) ), }), assets: XcmVersionedAssets.V3([ @@ -110,7 +110,7 @@ await new Promise((resolve) => setTimeout(resolve, 20000)); // Fetch asset balance of recipient (Dave) after transaction assetMetadata = await astarApi.query.Assets.Account.getValue( polkadotAssetId, - daveAddress, + daveAddress ); console.log('Asset balance after tx:', assetMetadata?.balance ?? 0); diff --git a/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml b/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml index b1db64bf8..7babd6bc5 100644 --- a/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml +++ b/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml @@ -24,14 +24,14 @@ pallet-balances = { workspace = true, default-features = false } [features] default = ["std"] std = [ - "codec/std", - "frame-support/std", - "frame-system/std", - "scale-info/std", - "sp-runtime/std", - "sp-core/std", - "sp-io/std", - "pallet-balances/std", + "codec/std", + "frame-support/std", + "frame-system/std", + "scale-info/std", + "sp-runtime/std", + "sp-core/std", + "sp-io/std", + "pallet-balances/std", ] [lints] diff --git a/.snippets/code/tutorials/polkadot-sdk/testing/spawn-basic-chain/connect-to-alice-01.js b/.snippets/code/tutorials/polkadot-sdk/testing/spawn-basic-chain/connect-to-alice-01.js index 64681f1f5..325bb0ccc 100644 --- a/.snippets/code/tutorials/polkadot-sdk/testing/spawn-basic-chain/connect-to-alice-01.js +++ b/.snippets/code/tutorials/polkadot-sdk/testing/spawn-basic-chain/connect-to-alice-01.js @@ -12,7 +12,7 @@ async function main() { ]); console.log( - `You are connected to chain ${chain} using ${nodeName} v${nodeVersion}`, + `You are connected to chain ${chain} using ${nodeName} v${nodeVersion}` ); } diff --git a/images/infrastructure/running-a-validator/running-a-node/setup-secure-wss/setup-secure-wss-1.webp b/images/infrastructure/running-a-validator/running-a-node/setup-secure-wss/setup-secure-wss-1.webp new file mode 100644 index 0000000000000000000000000000000000000000..118e20e29aa5dc6206d53b7f329eedf67c3b2758 GIT binary patch literal 70734 zcmb@tRa6~K*DksYcXxLP?h@SHEx5Z&aF?LLJxFkOcMBdMxCIj26D&x=S-kRn|M~aL zzSuoRbw4$0de5q^8fz?dIcaHWY#=~KN?cW2l}{HD006v#HbEqS9xOmkLPB*L4cY~u zZJWBdIDpUr07oYeH+30ta$P-ra=2XpJOC4b1K+a%U>ho9U|K-im!4sOhzb;zn9ofcBRvr3;#splkcUE}8$WVOhWTvbF#h6h1 z%N82l-x!2w<0-2J#ZZ0_vAMehG_L?$C}y)Tl~jOYVknk&a!`JG_b+raD_dzfD27%G z=&h}X+)KV*WTP$Jr8J-zsvnf==B)mYEl{qNn}pauvbCmeQ1mzdu&2G&3;jj^ijAe* zzxuCzZ8UYDbZD`H5xs1+m7y3Fim~18HD3II`T(Z%wUKzC|Hb3xss7?WHI&Y0=_Df# z#ZZ6123Bs;FR{PyyEwW-(ON;W9g*zPrTqQ7Z33lTQ9PgE)IXq6DU6f-qJzlg-!{@ zgzjD%|HwjwJlr&2=ukf)iY^|iFFAzz2{ExVl~;vgs6P-dfFeKwAPFD`ctV>Qz!_i% zu$?(=JB9ZC9+3u^0^9)B080S#Ka_tZbp9G~g5EU%zJN1;6O_mOKXT%KjamY{p!DDW zq5dt)46yoZ)ax$^d%!-_f+Iiy-~jD=La`-O=3i^tfL$oX_CNi9t(!xAb%3^)vHz1M z28~J)YW0Q7^IyH>X#aA;O2JCP%EC&+GC&9+!Vp1-BJ?f_Z5$9j2>-v{{+AzSA7&2b z8_XiiHq5HAZK&J-%7hYN8*1h6Oj$y+_&*|s&_Z=`L&PDkq1vIEA-E7i05gOOYDWwr z0=3KyrAqu0%S-J4=KX)h^q&X-|IPV7dkc>ayo6iRuq`BDY$Y*lPWY)}7a0eD!x^?=qbK*HI@$IaH- z#)Di8`W3Jwmvb^_c}32_#=!;vynIt$cmRMa+`qmRK-`J{(j1uq0N!rs{0aXr&0G`! zXlH>=xBUOoXlbpjBrBt!FoYH^3hd0*C~}0^S4C0NH?iz(+tipa#$gXajTu1^}agNx&>% z5wH%epFO|{;1X~Pcmx80a6l9w7LWi)2BZNp0XcwtKw+R1P!XsO)B~CTt$|KJPoO_A z3>XVc24({bffc|8U7NCBh?G6Y$J zTtU8|a8Lp$6I2AM2DO3)K$D2da!n|ez0+{d9Zb` z{jhVe-(hdy;NS@0nBZQ+slb`SdB8=&Wx-X$^})@pg|BoP(iRj@IgpKC`RZ+_>8cJ@Q8?kNQd|uQ4`S)F$6Iau@-Rz zaRc!R2?>c3i62P~$rdRXDHEw4X$)xx=^hyqnGsn6*#OxSIRUv0xgU8I`3eOEg%(8= zMIXfjB>|-ZWe8;pOAT>8Uh*(ni!f9nlD;9S`*r5v{Q5h zbXs%?bW`*|^c?gK^kwuL3@i+G3>6GVj5v%+jB$)ZOgKzhOestY%y7()m_wM~vA|eV zSQ1#~SYcSjSR+__*s$1i*mBr**s<6(*fZFdIG8wGINCUGadL2aaJF&5xU{%(xDL39 zxQ)0=xDR+Fcw%^#c<=CP@#gXF@QLt6@h$OV@aymw@gE4t38V<@36cof2sQ~Jgp7o0 zgx-W72uBD{iLi+TiOh*&h#HC3h(W}R#OlO;#2<;Lh;K+pNn}V|NU}(VNKQ#{NkvKR zNK;9BNsq{|$b`vk$x_Ms$d1Wz$i>JV$TP`@$uB90DP$=;DGDiOC>|;4D77d7_%3174r@YE{h^dC`%j5IV&}*K5G)|C)Ph~+-weP#cb>BnC$ZGq3oUPKRFmV z%sFy67C2Ejr8$E*+c|%5F>zUPec)Q*#^P4uj^ZBV{>{V7n$yUd5p zr^*+{H^vXcFU}vt-_3t7z$4%x&?s;r$Si0tSSffYL?>h^R4nxUHRWs5*M+aQg~^3Y zgbReXMJPl}MT$heiBgGLh?a^Th%t!SiB*f8i?fNliMNQ~NeD;;Nc2mBC1oUIBxj^B zrL?57rM9FgrLCo_q%UQ-W&C9NWnp9$WRql<g?+N>Yp^QG>kPW zHEuPZlh={Bdf61Lg4KkQ`f^6l>IRqV^`pB;1@ z>Kx%6O&mL%FrDn3hMh^B-#X8^Fu6p!Y`Y4$rnz3aDY%uo1KkbX+dZ(MoA)VCdd~>Y z9WP<89Is#A+TKlXG2S}8o$_JydFONBEA3n22k|ra8}z5}5Aoj#5DO>_1O}P~4hB&L zg$L~g%LJE)Acok7Ooy_CCWl^!>4bHLlY|F{e~*xfsES05bc{Fb1+(bNkd}jP}f>pvyB2VIn_ptAs-Y+GIB$X#)B>N_RPfO3%+g%<#P}gock{KF3%!w{)6a; z+I*7y*!+hA+k%xsnZnj0+M@K2uphlX?iXtpe=6ZCsVF5ZjV=9M=2W&_u3kP|!CO&L zNnDv&1*-C_I;u9Po~@CrX|H9jEv&<>i>(LLd)6N}m^3UkDl`r@@io;p(=_L{V70`w z0$Y7rFWYR|w%hgE=Q`v&20H~iTe?`f%DO4Kb9!)k5_=JQ!+W3meEV+tUHVT4tOvdi z8V{}y=?*Ons}0YLD2$AaN{Db%ZxwxI_*%Ekv)!{Jxij@mNW;rl52=?7#76^9&$-AB?# zv&V0a_fA|+9#13BFwSz%>Cc-lL@%Z;buagRxczwk8Fxi+Rd&sFJ$R#fvvuou`*;`g zi{MxJJ>UJO2c3t5NAD-Nr_A3BzdQdZ{MmSRe13K@bu;~IF93$#K~`1(z|S%O07VY~ zz?y{~6W;uN=KG5S`1d&#ih=*M7xMqYf1e9q2B3Qgz{h?7KrwDHYi|3o4Bbm~O(a{K^`tlttI|U^mW3}l@f+u$kttd4G^=5v|1_uYBI72-~_S71->qeF=~0N*?=k9}13mWif% zw}%!}R=ZJp<1S&wX22=Wea3Qz{gTmkM(>~+1LMuFqafPbKkhYsO?4NC_A+S;{3TRL zdoTw`c@FCzp5Hz2$(CyA53$9cnqTGi z8kqb^m&?I$km8lG@Zd@yidz5ER}PNf%lN;vHOYg;OxIf-$EFU+-#4#5diVa0+LlhH z9G`T#1Ro!%M<+C&RT5i2+nd=mEKo-}$!#)Q#h=0CUOgXN_Z%lv8gs6%UdCnFBIyTD z5ZEFF?WcoIigJl69bta@;qgZ=5;br-N@iKLrKa__jK(ZM2WKXE#k5 zXC54(S>Pmc9flu~br=)c%?&P8;|1qF1QEP;BH}Mz-4Arxqkkme}; zaxnaq5L?KWH& z9e0gqt?pbi;Zz8H+xZ$s_CEh@`NVUbyxUJ-`dAyt*op@Ev>A!5_UcE z-Oryl*4;mzuQr&fwp(;DvczClz_ct{H7I2c)HvcqYFFs1Rt+{xa&a$e)ksGW7zG!G z#e82%KrB})vokcw;+;Y+OJ7#j;`=x>Rg91O2wZaW2jlHhJv%|kd9?i_jvBnrqQ4hL2s8% zT{x}NUDTgKU5MH^wLIDZsw1tNjVg{CAx!IDmCeeX?%?~hhO^>ZwT*p{y54JnDmS-{ z5#_a94r!PMM=e^81YQyw$?bst$n9I0fIb-DB1gO;O^1cP`JxvyCspEqh) z@@^Gp?rUhZ_&*~A_3!4o&+z9G(;eixU;l-lfRDy{pYQG-UnjPv`!^2}@4N$DVP{jL z<3l20LJ>sR7$H^z_NpxdCT!*Cm8~wOZ1Bi*gqp7)k<0CV11S*L5R;H9JY+_Qctk&Z zD^r*lxeMJExyuzH1PM|LVVOD)rz0GO*CbhS2@@R=FAz8RV5Wn_0}uIN;c_5Pt_e>| z$b*j@N+mQ`j^57kHd%BeY#?HNoD&q*pJu8PX()MZjO$qCNkp>0sF-3#EvP%19QxZb z79{#5J*Q2(ujuPq>$HiL(f*ziG{=ra-+jy><|?^A6dl%;|9s_tJbm1sLG86F^~&9# zTq@{n+1wtUQ8bRxS$A^wTo$mbk9)(ppKvy%-w=P~>uJ8u+v;fteN{&_o1^3L{CS;i zfmv(uj$LOJj+<-y3?k&sNz`)6G8SBUzr8PRQO&62Vv4!$v$F1g=N(s^ia=T&iRGql za!&7_s{~i=`wGl}&30V~Wm8i%<`LOAoD~AnI-8xo&;o@nxzMii_WYLh*Tt(l<2^K< zTU<+_zQqDowD1dk72zIBSPZRJ9Xu`3KGTgyh0k6xY>epfd6 zp?f-RLf;t<<~5rTpnt>mJTpy)oQl>C@4V6`C?$RiX3u2IzL2<0@~$<{gp8 zYIs>#_7|RRd`pdYw#cLsMCDb3&Fc-ojY(3aE+hX+4)009mrUKEjbk~jOBP?%0*i#E z+u|52zpt!_mW|#I8>lx3i;e#IScF&Spru zVzm4cF$614cRd;$HCr9OBl)hkrhI|*i_>6pSm$x0PrblE$NrP3{cI}Ms^7+c*tw#N z{orMZLVc5OXuF;+=QN}6BhoB=>hH?|jhPdAU7aKNe|-#i{%U^e)v^3uS->3@aeC@K z=hcF=l|Kpt=W~JpM-!cT>CfE$VhytjPR{S@YZVG_K~|-y!P8u}d9Tb01J>$`urgUTjQzazHM;M zEzTG_P%>5BKG+yRcSP8e4{!(j&}C>kcl)mu=;k$lnU%m-tDlPNDF?f!KaMwYzg%4X z>Hd0g(KdlW&v+xbVD~`lM+fmMh?N6lqepJ7m z{ud6{N>!aA>0$ElH7}&qboNW4mud$vv;+VB*IhM0mV@=4u88*wLyRc_Qer zj_dHKJQ?phA2U{XlBwk^FaLNim0@H2E|Xe!+T;<)v`#+(0#%D}!olBPEK_bSy>5aE%xzhh1d&8g1=^oNp->7Mu%-2;ewOi3sw$jDASuT5BF!o z3z&fE$zjLjBd9{8<(xVsnjHmgQ>&kzjTa1qJG;8bxvOIqf^Ab6h5&%9g82E;(}!oV zrssr>RupP4viqPB+el7z#(FqvU`-5^bkuFob|Iwyi~1wX4d`Nnv2J!t=c`p zGvIooSy~ar1sm!RMg|wYRcRq1qJE=%r=~rO^Cz!Q0`EjEu{}nALjWu5Tv?~~Eskx( zI)*ngT`t#$jC);|pKl#PP2;MCjO!(r+Bx*$1c}S%aBhylu0VLjy0t98Cj>NU#o7GKui73uGnZ~ zP%E6o+X0D!VEqv$h-IlYk|iTctc}s#eB*d2UUG(n`WL4i!Nj-5$Pv;+z$g~Jm8YJE z&s4ZACyBUXl-D89TmS;oU`b*m0A~1CvFIvWCnjXb$klefz2g1)mOb{l+eRm zd}u?+a$A4sIPA(LjUp0>$DJF+FCI&_EGPP=*&hnO>Lwk02fOAdK)hnxENk}!zJ{Dl zsMhIybfU0tZR#!6XylWXdWVIqAL+~du%p4`uhpjsRio4DDY_n9!Y?MTI_D_oj*BBtb+Z_Cf>o)39UENlixRj{ zeR6cwDw$xbt7~sQtBw+!bTtkt#Wx&^66U;;u8sEgMA1(2vMgVwtX&Tm?{JJ-_Gtg^ z+#mZZtwau`u052bO1gn6+>F0S7X|UH`L*O`=Na^nT952G@E|@=9TbAfjZ;cFS9ll~ zIi*K1v8F1AQiI$6eVmRQg?B3xW>U5GYk1N9bcu$j@_VL6>&5z3ZEbsdly)Ku7nB^; zFOwSc;)ur|GSG+R!0s<@d(1f z6JE(Mr?3oXs+vgcRDar4a)C+c&Y09z`mPfeo(=c7`JR^~e!t?aaRZqG$<;aEo?z5d z5#Xk1oJCjd#K(e|6Gb~KF@N&-aJWbp&a&r@#*}FCXp`W}?J~+2C%p5Q|Du8 zNdHjVKt+H`@pBbpJqXPhRH3j;`EVohX5#bx#qIs z>TZ>H4pr=;L5)^B`4a{3W^YyTnSuneC;Qq|mZ!`mX_wgY5AjKCvoi)W)WhC$w*6>m z{iBz-rR4QjulkKLRWX)qvHKp^Sf1)aWG}?&ml%ff z?-2Xij&SMTZ!tvMk9vml5~PPe5Qe)?-w{U$FEXDA2$ePisy}NBgryw`fYf=Gir8P+r_$@!}rpg$R!aonF_iLLvAgg+Vzll__t^^mxyXlJwrIT9j@#ikR9ko+oh zl3$Y|rsjaJjN(|-RlfQm#-|~;mnzR=Vg2?P4%=)Mu9l@w%mGtDeV>*FcToguyLX;P^nq4|=n#VTc) z90`>Cv>UX~*DD%5(`}FCkt5Vq?>Waf-%*LP<#9cOrlI-P_$@KFNB`#x)O*{_^N7TJ z>l(ul1e7d5-&g${yeOkCEZW@C-*&o}q9_gP%5URT(02m1=>#8GMH7{WaPV8b(56ai zrWM4pc$pP{ydE%d$<~b=>z$LtM=>Nb_oQ`L1K<7-GZ?O9Se&*PQ}N(RTAdc$RMhtb zjzG6IXmLf7W z>wGR#c1DBgDk~E-bcNv&oVw#`LA~Z`Cuiq+eP*N4`rOky*T%#OPh%-^C7A!`D21_V z-Tpw{`C5jL#}KKktc<$q%a_Eoi~PXMyDn2ndiJP%)ee-&L8ZhU`^*TU%8cK$UKM_@ zoKy7ey1%#_usfePSF9v5vGf%O+LmUwufWwUf}$%y`1(S26b1_>L1Iih702n{OzqR*G6I#JLD!8}{&!*=42@wdjucKMchWSbSNi@#%O;~^&T z`!V{CCKNWj@?av6uU(?qwImJrk{Mey+J8dd5 zwWeMlD#KRer$uh`2F$>lG`((iDa#{ThrAdnQekHFmSWL!FNDHQ$Q`zo$%8S8@r_B- zF7WLa@z(OuQOb9(=qU+UBnq?*V{ODwSSbHdZ-mQ8_ zxv`Mc3%6GYZ>&6leguXr-BzJ|Rzm&lqHLH+Bt4k9VH(Y8?#L9fn_6g}Oj&HuXw_Q0 z-B<+L{&m6l5V0IgwcO&ma%VzYD2V5-j!;ON<_|c%E{(8Ii$}SC2WO`EWsrzUW(Fs^ zoph=~doH;`F}t`Mefl$*n%>?N^>NxLrvq~*XxdacU9@Ux?s5MpQtW=jH4R!jgD5{5 ziK+!dO)MTGTikiTYC!>F{Z-VrYPy!#}(5H@c>$XhERT`+7R2X4*4 zDk5$@ljEd|m7c?q(SE?m;Aq-6K^CR?Je~PUPMy;3<5<5R!tbcN2p(}168S`8)mk7q ze(LVo#U+q9MDdah^#(tA1Z=-1&w&L8((~Z>I8+76_1{WlI z!pPMJPwl{;P^^elx9X>du%N+lHyrX)s7e)8Bb25*g)4-YIXu=bFtnsPb*Mty!V)9f zh0^GAEu7tTTr|VszP)k|ElpwZWv|d8@@ExS3MzE75Ul0A>-VMOjD&AIAzl z{iaTsS}ZT#tY1ZFq>mD_f55GQaLIM<2-;_<`PMeUe8YG)nlJ^VmU!v*wfoyJ^cO`YO!Pn9N~(7*eDbGf zwQ0Q-WD43vK;`d-#M-GWTN~6PSv~Gl;vAo2b%XpgX~{o+Xn!j{WQVAqrYt^qx7Mlb zHm2rSKb6GreellVb&U;z`H~f>sLKkWnRZ~syaQ@WGCucTegk{yRv#wZ$vi)*oofvD zdifwc;v2k*_RoY+87|P3bs{xLG`D-0YH^z7=bYR+r#_)gz^87=j1=Ibpa@3?Byrz; zsSeNtAK{FO#VSkf71*L_&9I){6|l&lJtB|UyTZ=b8NkNaBHu;e8LT@aTmkLk7r-;G}RO=~M8 zlYcBnr^96wM0ov|=R5bHt-=Wv8_a78(b3jyItOA2$`cZSMMUNotb^;{-U`_HMO+vFz7C8^vRc?^L*0m{c(TR%FLg*p>Sn7b@?S@4ci zcEa4z4WeWOxr88j8KSHDHLvOh%e1_4Kd=l2SnNb@Z+vE0h_Nu$C+jSGeOkP_by z94~}(Y&#$1+0us%s*zS^nx3n(S-OSmy71OVzTq#G90#UXhEj|q%<8`hx@rtO;L4+2 zcP68s^qb##iZ*P*B2{kjrfr?gRAGa4ki7qx;3M_eQoPYjNeP}vDZVWfHnjeVXie7y zSF=#&(O^F*rh#??+xKYa^hFmQ+>uzBr|U! zdq5CZlhReb!~}s%ISadBYE^Ir%leT5cXFt!Ol&*aABxpVlsbBhYc)f7_I;Cz8v2$`!63n^WaUiPZsk_n$e>D{4MD<=J zO!r$-L|wr<2PCd{^6}K^z^BnmQsR2%iK9@0an|?&1=NFS_nvjL(c1~-ZQStB7lO5a zFy#35A);T&z_K{iqv0BcLSWSH z+cifKKTGv8%^&yaI~>!t@6sNHx`)uTouBVDqz!R{zB9$^taaAV>7Dg(cOImQ5#b>P zIe2MIvd&zz>QS1m*A{Kf=HMFPE-vU|>@Iy}W91Y?;^&}$s_SZX{`_SR%O9LR8`gR)hyqeyZ+_r(M`1Ae^5tyVPF%w7cGqR-%lR_=Soiy`x*Q%( ziSu4%u4&|!$4)*gPWt;*Llraw@WZT09J`9*^wcTWhi;!TF4+&Zatf_2ulz0htbDfe zdcAJe!p5-mx3fb`Z^9^X1#^`sOGeV5YGAt^RpJd1%viK0`(*Dz1lbWCs`s4*~+Fg{Im{Qns>=FPg4Gjl zyrg+SlZ`bsUHF<`K)=mHdyTpu6{{(GTp^I8gXhlTICe5`k*0DtSCz%Biw(ROk(j`i ziN&KMEB>&aqazTzxh9@Ry;voE>GvS%yb=veahSQbkWwd!B`_~6!>!%+z+{PcPylzvGNNoL9{i$ttZ{g7EKYq?taMSAb#V^ zY&i4biBkT4FPXK}e?!iWW2rRdvhm2)yk05rvYPXQ|Aj;VnHo^0IorW&BM47--oD*a zdRs7X9?9z_qAofAiz-D-#cWPke#!ZFv|6dR?sxC%mpZ-bHq53zp27c6NN$Y?#syyGw{_Ip=QU@XPw? zTBcf9nqVIGPKX{y?F)33on$yzUb1R&@4^1HxP-!UoxMowH0<`cXNX5!NqM)NvM{a{nYNUduc4&G$6u}Hq1dPVl8}-*wzz_e z^&mRwEh=*DDk-;_U0auu($EjX!Pz^oV%z(!yc2m`_$ci($aKr1>3i3c6HwuV@&4g{ z$qMe+F_F~3B+M2>!U2)~(vTOy4?zg#NF%AIS;w~pV)6s5FA692TZE9-PL#b^eivV2 zxY*Y8-+22C*ghG(*4DY32|5iu#*Rt#@?F=r@H(I3YayJmz&eJPJ3g#l@ouV<{?PV~ zjoE?gEFq9Bzr(z9fD2YhUAkYUKDHOK% zDYM0&YLeV+DlM@huZJf%$+Q9b&tq#zi-J{4TRvgC5$rPW`~}H{6z%J}1Rwe!=$g?J z+4?ulEr(%+4kO0mseK-MNCHxNc!dK;o;nS4fp`Y%Arc0ucB&OcsaB|iYp*adDm|;N zQA@_T24@TiAE479)h_?Gg8TEw@9@|Xv3^UU?<_#Z$oC{UZ9HA7)@6n}tXvE*qM91Y zpv0apshlZjE>FEJrsLr4l9tz6Js3xCg3vAxmLscsuMCZ5?-nixtDMXIOviWfFkmVD zF|Uw$Kr6=(3DjGFpP@5z^RDBjFMCdSsD_V`4$sNwqNgWB<1rX2(WCU{mg#ulFKa0? zNNWOpN!FDa+Muu4AvjRl1x}!vWV7=IE&D$HO`G`%@WvzpfQ+K3t2A zr$Da(6fv2NgkfkmJ43GV*1|w){=n>QkX#3szG7!`PoCJsH{rDogZS5WI-<_)RVh0aGtIr?x5j5*k3zKZ!;a&Q zdxF^Xk4{$MzAD96pL>6k*3QkNy25P}&%c|gdhf5EbD&K5thPd(xEaAk-*)^iW+ zry{zV8CjjQwk6l?)^FeWc+RmI)deb=*+0KZ9}11c-BwSn=QL=}}9Z^14L?U^obQRZ)4`$gU-C7hx72yYwO(~lB^ z-cWtpkC#>!YbkBGE4UO0r)YDUGc)MIH6Q3$#{!VF)wK9pqNK6OcMZEU-Q!_zO~b%7 z>i`c%mX=KKn6^#B6<79k>m6!x1XjDZ!Gg4CQ_>??XX4k!?(oge^yc zrf2WSGneO1BtE_-gh+Md8ACsGQhYi{=-2PS1hl2(hf8WDGz?yb-=pEYEUVAl27E)E z>o#u@xC7?v3^2Z{ZXc72SmFcL)~%@=?%mEn<#Ds=;z>k}Oy0tb&m)&k}9`*-UM z5mIkzIzDjR*LM7>6g#(2I6Yy@n8V~L8nY*ePdaDX32#$<>eGHJ&g+iH_v-h+3b^^n zX4^kip9`hk$DDTo&Gd`e03U>)C5+nSqJU$|9x;lqB20F5&qaPQF+?$Z(gl@)$~1ft z6}!WdWwe?RJo5Trf!m(zCx7|kVf)OQITihU*-*Pz2?YW9UTF)gn!Ro}LVN22l&bRanr>(^^&vOtiI^r=+p({xKkb0NB8*?#gQiIG%nX zl8fQ8$-_+fV!KPVo!_xhwd5FP*a)}}y<($|w&ht^&6yYc=6G=?--pU7Jr>5_rQ@`t zKRi==^hQ3o(qOdBLQVLbQghWqOik`#+?V&WNMDaLkG)6h@=S^Pm#@DkbUFu4O@dKn zzM)V?j&F5yeAyzsI9Co@yuGb!37EV`l#Mi{MR32lTFeLmWduLhKbQjU9E$2-7$0iG z3CJotN23Hy2AO|*O8amo&pfyoP9mxXUjOjj&Yh8UZ`AS^`!NVhg0vRUFMIP;s=g;a zwE!s2PGE9?t^BxHbcNo|Pi<38W?i5*OVvFqS8y%AypKHebCv@U;**f z1UOcS=KDcaFf%4!lbdDKeEYLD{Q0#Pzg=op4ExE1sN-Eo`0ChiJ91w_eC)ENUpdBG znn<}iZ0XtREaM+SV>!`_YvlACY2xJH9F!ps;WG9m)aZ8k`i!qlGO+q_x_Q0pmKg zAJ9#1>4QauoPXgI$z5eQIrnY8UfB8r{XOh!@_~daA0oF;%vFZI$GAb*Pd!|Y?3F=< zdYz7inf5KgQ3$S_7xoh@N-V?MYUy3!LiYJU0z*Rbyq!-)egznNKR0Ml2SddbBr)U? z6?yDa^{?3+-tVHwci;}_ifAvm%uw$lF=_KlGbxC@qt;dLM*8YH17``S_4Qa04yS-? zv3x|n)?F{{&dm!>88w?~#`n^lp>GggX$ICtM(Ki-)nNmn5m$Y9?Pkz;0|~# zZP@}{P#j;Aw->Zu%KJyl9Ept%bl+$&f`q zOKCV5cmP|GfV$d5W_-6=gCtkEEX&7UE?ekNF*M}s8sAu}`Jno~#^>45r{)GfA48Jb2 zrE?`%l3de))pqTK6ja1hm6hGqu8#Gqsr6u^Wj4e~^(srgibCV?gRMyX4P01~wv_UW zhL1pan7t)N2T7yGEc%v1skc?FNLUudWetI^9@rR&J{?F}OaBNLm=&+F7-2-N*cWne zT%Vef8&EoQRi(;^EiicMF*@TYTGEZv(}Im@0$z8rxqUSI0K~XsFX|}oVPBzR&&b|x zSo`P{p{G}ZX=U0Yu~1nwlG9k~-Qk&CpD>?O$XyrA;;KQ%jmPMz$p-(2Cu*XyQr=sL zxjdJoxUA*S%+PQihG08&8x)fpI3LYi$zE9}bud)#BbdiMchPDpO76A$dsY-UYo4F= z2_ZgAKR{=2F~eka96sezNCd&;W`BCT`}X!$Ozi5zYfBYT^#f8zw@-1U67yy#DWWnx zR~yxC&@AC}5%E>J5k%4iT;kzaOd1|u^YtMdr`r2^YaFD(xEQ~$bAz-KjNopWq%5d5p=U)d}O_Jz^lAlk9rQ#91OyJ(_&c}^3>vd2#Jqy03* z??7g+$`&GUA&tsQ{-VkX&5MbeDtu;IS{fVD2}xx-_SSovAl;n%3vU4~*WG=bSsIpO z3;m`DhE&30@|*f8-}gc#-LRW~tb&?qYezPh;sZjlNZ%Q2?-lq74@a)6qlPA3j~xxA1fu z>=diOHqQ%<$wteA8HY^nS`?l~vkTEzHT8JvHR5J2((K6(Gnxwi7`Viif3o=40u^?U zJrFP-Fs{#aiCS=Lbo$`^ZUw&yPC*kxQ=XKtSP&ig<4p-5lpUqfidY9fH_#B-zicPj zq)nG)F1j|l1HY*hIW+^AZHT|BEE+;zd&7|{sWuT6g^5>^?!{PBYN8!KF(HpXa&t~L zDb{~u-0jY7zckGJnj4@q#Z;hRurThgMAQ+FV3hQ_ClwF7lcpHkZW@bjx$j{v|GVMI z@v(3l)3mxO<>BVVn6{3^YTHI~F$KZdh9~2SK!@=1ke45U(-B4^#Z(RZde_Af2_da^ z@E_!N%%>+#SQZ8!`Vgm}p9DC8+CdCM{|kQR3@xvAs*URFhWE$Qh|91!c?@ww3W)5@ z9EINziQCvGMsiz^BcgO*WN;>Sy8F2vuDe_2?B?{?u6M}aI@FSxB2EyK$P6pLlh&lw z^sg$Ds$l7j^e0*FN7I@b$)vF?=*1-WFtzAHK#ex6Q?`$to0NJNtFAEgdQ-@UE`EYB zjZOb#)6*0ElIBROGK^3^M+8^Ra_Xda*I9W0e1&+3iRbBtucV-7(CVMB!szL-tREkA z$9sZ(FY;*c18{D)i0_NpUepMkrDk)=1j8hLTZ#3EB|HctEGArSkuA5jBu=H_kB5$- z%_CQ5gUD@deYNIj&_9_}jzsBuy&YbYT#n}l^sRK+hfOc77!@cbhZCV`byR*NkdE2m zUx)ubNvXIEsir>-*25AjnLjduZZFXAm)RpEGAaVgt&K=SKppFI#q7V{)189`e%6Lo zuy_|!>EgJvTS*c8>VH!>9-nlEwQZek`S@%X9z~dymZ>mpS|`qA5jSxhE&rykfC%hw zxtHK1p2M_E#rk+GQd{*XXvO&EjqyCaD+1^WF;mN6K2=FNo)CeF_v=v7!IGJ=?0xey z`R#Fx!n9E+40A?4B%zASu9eYzF1~p!K(?~VkYKp_oz7Co*ULDe2^~fig$klhg7h1o z9P*nV{?-Ne@kDKLZEep8Ff6tB<<^fR?b&j2CUpqf#peD1k#XY z!iq2xl0*+yXJ z)4uU7xa%0Q^R<_|yROEMVON;whx-6HZjoMk{K>k^0M{Kbd+s1NRZ_aij}VY-WeGE9 zf8t%`&hWX;$XkSVQuvZ{jZntM0N4}*tF*c+Sl;-y2~1i&-CI(-?;ErhYehE~rNUg= znCdftk=7=^wq2v9!k;RUwjDlex;k7wJv9)v!DMvqTc-f0xoS&VC7k@KrB=7Z zO*jUvsk$p*mXXZD~ z98CjOez0Is7qBn2eW*!B`n2j$9R5_57AZ^*1ZT}DSBZMpCi2lCRevD?)TTA_5E@qz zNDoe~q0cY>MSGg&0Xq89h2?9QJ*xXG zlOAd)&&%WhTZZPanP_XvXs-E=|JL0mg}(tidkw_-z)VqwKZJ!wg%*+HYkPy$S?Gl2 zD-v#vkT#Hxu%Dz*c*g{knMlSgk{QS2)`I_-Ex41)+}b4Iis!#$;kWoDUyH-)-LovM zsn_z`X0IXEpIXnZjTd&piBu-fC@oM|s|bBq=BfV*D3`dlzJAqdzrK#f=TCeo`Kwc4 zOFB00HA%=7M&~C3susaQuXHbL9$!)a+U08a*UKdin#edN4S4e9CSjw)r||jQ({xgy3F$Umc6sqgmnefLBvv@?jdPcQ?cH zqU?&S-QM7pr>FVy<}m0}njL!!5O4tb_V)si2eY1`-Y&Ln!K$OQL4~{ znh6E-q0_+B>$^BcoPgKafh8*RWTn}TYNIkUVfF<_Uuky)6+8O>aKdN1*Su{%>A~f) z4nkX#|IK{8Xg?v7+@sxKz(2aC>Dj~>X8d@Ve}Dp-@qIoPadLik-`p%)qv}IdB8eY* zGgObyx0%K8L0f;CG&Jbv+_?INI{X3|qC$V2%6bJ8@LF2rHZHU#LQ`j}We1x}51K#} zuw{M#-m&XtSHG%WX(R5F5bsLh4uy1;5UAWy@A#_+A@L$fmXT{(uLiC=` zfLH(4)^$m|*}y!@*p%p}`Qy{q(R6Vm_#;z`(z}Y7CNhVEW1R_;ofZLc61J8_JMAv% z)GYGM%>GZc`&(ldOHNIVa|rrXsjqQ zA3Y$eSfxpu{b&fuV$^dMYsY@W3}wyteb#DCnuF6DV=PV zEEt|!5#e}LqZ7glr0wYG-qUL%e5<=$*A@`mja7@&7*YYxUCd+GR#jx|QUvx8iiU9V zDYuAQhZ{lkAHB5W7~z?A)(`43GXC{lU0vmdSu!$i*7$Z#&O(--y^VuYQ8QM;8fz>h zITx!ebHHpB95^yb3k8e#az_)+Y~pmsu=M`HjEhS!6PL3ZJo+W9qErXk!>`^V-$+bE zJGD_dh^I*`VHwglBD;KzJ6nEr+1-He9?5^F6LB6_ty!j9-aPt?ejc0g>d-~a&emhz zR-5OcfobNub5i#l`-F~>UY8}REC=QSfWLT|BtC}0J1bz7M|JB z?r?YPnccB%+qP}n+_7!jwr$(?oU#3%efPckZ&l8z)K}?Fr_ViI)t`Epcg#p&jWw? zXu}2m7`B(CS`Q_PT&L7%!hWr*!v5nL7vxrL7LiWmNh9f9M zfu2K1I-hoyFSK5lRK&aHb%GB@ozOzeXpRARJT&ih@(9z8VufFAp1o5>1(uo-`tof( zG)~GHr}J^$u1o5XvG*#`ip$)1+zEsnftUv5jnHnOlom#c>7S$~~1@l*CZ1RQeope`@ zJ=?ar48=~#RSmR;)}q+DGlD49@e6A>sYiNm@G!S>s#6?q@-G&Fp9 z{PpY9bzJr^t9I}F17^ZRg=425KHb;1R*2GxntXni<hd)-WqyYTlKE+xMcvRM39Q(P2G=$uFYx+Yj29U!5bNX6AuN zV-E5Q0n>GV%-b2Ng<_#X0Z9rN!X`$aMI!VTzo++b)4QxT|JAzeQM$1mSDn?&4)k!m zdt8M?o|@2X!h?*R*j)PlnHmlR9Ixh2)YLqSolsvPD!f{byu6JyY&-ANgkPy6Ex{M% ztn6igC9Jif$2y9swIxDJb|;KSz0J{H7MTE%sQORYjhdVp2oXU2_=ufDvc^bUxWqpe zeri>JC&J~AF83r%z4W6=6v4p}Az~O<%o=jxX_Tmc$xc1q`=>_oAf(Ai5;ANPqY3A^ zt_#^lQE*EP9v7hZ2rm>m9FrT3QZ6=4#0BT@ z5+gJfrH!~Ze4ek!WY<2{r@cG4?KU&D)Yq0CC%w(gPAR1Xl9QMl8(s1jh?p%dpTNvu z=~>xWaM^g>H)fq3N-YQ@(>y!LsHEz4wW+Ca2&C5j+GJrVGNwI=ucZfPox+ofZKopb zkA-lE;qetxi8O#ze=5~W*^f8PThual6pG;4E-VY}3VIAY=Kjt;UXhKvB&%fwmBCU-VmgwRpG?K!Umc?4iX}4_s1p{>RRf4 z#7cI%DXAXv0~ZzJIF!;LI^#P1(nvSuG!YD}LiR7NdW3Ug=8<38p;nETxF7&Og@VDg z#RBwnu3VJjUI$Co(n^mdCnwfJqy4>V!1ul-*Drkq=;L8!C-0?%(a>xyotVhyXUDR` zw|-hgDorlYZxfbGGonbdjAs^-)j{#t2WG=Y?MqJ2@j@yK7gQ;n$&9V5wIb!rU0{*?A@a3@;`?PAtl5R|RJU)4 z4(||%5o2Mc9_TMViz}*Dn?re7hHh#!>e*fz)!@{@T+=tv;>m{;Y~zSm%+`Mj_al?# zrAMGrbBm7IwNT?nP;kbkbPZP2@-IeP_6X*&8xoCm1lhOAmqy+w3ar0xs`OishHANG z3s9<;($3CeE5ZoRi40llmoc>xIijte;@<(&>bm+Pi=ac8{Vgxf{z1;n^(4dncn)<6 z`-k6zs&4%##k$}omm#T~M*;&ks_uVG9r&!xsDVgKjMuu7u9*AXE;DcZEN~BD%_9GP$)=xvx?4eJr&C|8Oj`cd#maB})9^ zoenuNJECz-K|@c9$}{XsyKKtUK@rkbE3j!s>Spf0xNMh}GA0J|Tg?<&fXGV36(|dr zpNx1GI&gHJhcI!L7udQ15>9p_cQsn4MI<5_u*oO~nF+}i-b0{B2v^Ucb>UGvXHXhs zx{dX@2ns`pL}{5&O=tzhrwx?z^_*)yJ8eC|;W7;9?5n|;d3LGyp>3ZvR-7Xd6x2Fl z^=F!)@A1&ffpobi%t~5MEj1yUfts?aOa%3QTi&o(@@gX_DukkSoO!G{SG@T7{ zop@uPTdfW%YNwqg#zdvx7K{C6m6mb98TmdPB-ndc+TVk1+Ew?!jaFmv$QSJ5RnLWP z;Qj-{nkGlk^FVpb+k|Le0Uz_x&L?PoSPvMVLoMuK@I}exp z(E1Ti3NB|WWeafJrz*3yB8#@dSH=hWmY3A$5|<>uEOq3d#b%SKG+~c{AhL!kuFiCo zS-X_3-sBgnfm~QH}BoZmfNQ)2% zQ5&hrzbBOaN(y=sw*Z?CKJdRkI1XT>*H?O%jt(07H%4RMh0(ROrN`C)x;U+Z#87l( z84}jrvDF-t@Q>`t8MW8wzl(yA=1}j@XU`{eee6zQMIXx9My*mBS?O}ijK;lN1~YHA zB8e`?78&$07^KtDT`Z}cB9~0q@1f#Mtp+nmH+?D|7zrPSm@X0@iW?frnThRTD~lTL zvCZy&RA+S9qfn)2#WxoH6&7p5rK+OsLGPL@I)XPO)R3QBGsn-Fp< zV*vlg@ZHdPvChgiykxn`^}44UnE?7Ss4=T;-S3vm*VOjCC>iKlJs-1!naF^ZmDl)l zsATE0IEi)dZO>pRL14=Aa?PC5%AnqkTSh5(ySo|;KD|u-k-Zgax945l3={nFM;(#U zRxZz3g4?*gUEU}}^u(hso1p~BH%&q-s+K;tbE5GL`=oP1H7S`YX0@Za8ZMLu z<+7gHYFqPN275<&Svq2I!KEdBPyRAf50u@Q43oJi>k#BC)=i_{VZV-)chkvdUK|GDOjk1G=@k-`Y<@XEHVaEY2 zg=)M?kof6DA~+NIQ=+=ZO9WSon>x`*QET5%+Zetxhq!kP1XFrsm8?d%A%tdRwBOlj8Fi)vPul2Jjj_UPIGV;J5&_nXji>aod4*(uD%Y zr2vCQ`!D^MrNRq3<*@eEnFYujQn2JR^Om5FAZnovO0h1ov@-iOaS-3VNG~8Y{6uBBa2y_(B zN?=fpkxHxYH75p){S@1AnH*6&;CtMYHKpAQx<*dA=EB5HOwBq>Qh`_&`%nN&lfB?y zY8`6s2as7DbLCz`wc58#Es58G!1^l-l1n>_q;J_ah3X+U4BEBaXus-ZM&0faV2pLv zf>mXkHCV;D*vF{3`30k~DL&QmBDUuSb8Szaa#!A*3mrJsLB}g9S!4|_L{;@JBvtWY z_6VG8UcunEFV_<?>*XpWO zsk*_lqSjpP>Y?DpZHx$;fXK?^@PCDH3x5vzTm_N&9{9}cmz(R=OqwSX_9kcq@BL|S z2+sjoHM0pf67M`AOd@VUhvnL228f-Kfl`lj3e|IYl*A*YAnfiKVY?S0%mC{=89p`~ zoxX~NvG4p3F~yt$-x$&ALZJKyga%Sb<7RFnCiNy< zKK|Co^~-!j(ub!?4_;-JW3{X-R~0-Ht>k9*E;q;(Wkyow=4(O%Ne}t!xPiFq#8owx z`zt%SoXs>X+7h{#VSg`tXayFsqJ$~V>u;O%9#;dFfK!Qxu3(m*D=1RjGef`*nF{<> z=2{4%fz9w+;cA)DWM1c1;6r)MnBoI#P^ehRi~8EKv4#V)g_{u23;CT)12U$Hnd%PK zh=kIcWWI-fg>Fd;7j`y^Pt01UKyxw<&Xo4*0<%XhZ)Hmo7aaO1-~ zWNoIVIBD5wsGrpPubrk>D#6U0#KfAUXL8)nQ7TLS1icEenD*@3s&8Q*SN}U^-Ez)y@ zUVE-}s}IozbOIho_`qS57LNSShY$y|Z7^fwKxLZpI z%9_$YJ<)-^MX@6{2EtA?jPI?2#4^4-J1M#60)7DI_}Z`I^8s?QI85rzV%6DeG^#SO z=aT2vicM{T-W|Rlnu|8U=nZv0X}S&S#ZYwD3>8~AVY6j;`evLS7*#Fd*15mNoOH{= zjbg5258|2OaQWsV=0O_&vM#SNwC#h@bmyX$JowMf8GlCja=OR+y7^Di5&6Fy-j~qF zuul%E0A+2Y4L?%)LP7yC7e?(+5E#koLCktbl~T%H%bv8^*q&H0O>fw{q7c(!<*2UJ zS)INYCOsQ6G?UR*M`LRvcq;u!P082uG_GnV9{pqX(bCk~l!b&=Ub)o;uXfryFSXUw zqqD@N`f4wsd;433%Oxs>%Av)mla{cAdDllAr-(YX=-wZxaF_zSoXQ7IL$s8P+E~V{ z*EK;_DY*xP{2JyU2HVii8YzU6QdU!6xJPwOeGUjqe>>~74e$xqQ1!)24$a#Kv;!=Y z43i-9q;CfQuxy~ri@IuYKA;8AX67va+AeqIfn1aWpqHpJ3kE&2>W7r%wQ!)D=T%CL z|4_EhuE{%#JRwF@Nd{dV3^I9|`6K(L4`)c4>@|Wsws4S^L1IM>EopYf*R-i43+3y= zjO;0nudGeWgP>~F)}u)2hDV=Lbi1%j+-FH|PJAo_76$9Fm!xH)Tj~BH3!`wacU=%R zgE{FyaSV#URhk|vaRZ*Bn`U`N3iHzM^>(X9xM*g@`zYp6+M*Cx4mmz9lxGT&e14>3!o`5vqBt@ctK(*z{g zhUMJvlHVyo;roqt4_Pn9e!ssh5Wob?geT#rJK0;b8xt<;dItb4Sd<#JDUBO+a(Hre ztb2*SkaU#A!4|%i-M9O*RAMM7@@UR(wsz})4GxD6J?9hWT&9 zC%A!EDiuR8II2h*f0QULzeTj(75t!z_)QQ=Pe9yQ=(BVS1aJFQm)2<}!Ls(-4B+5U zQ)WGQOI;h=^t$rWJmo0Mrckw?hB0l#f&Jdj6@xyI3*J5)ue`wek6f_7P2dS4kubSa zjZ56S2ICH^#avuDCXF)x!l3L5lFA*7l=K{!5Kl6?IgWOaBttQOZ_qG#X`1Lp?<+Ft z-Mh6%(w*Dj;V)*vt4kQ<^Cm>bhM!sldCVHpjmotkk9-X?x32~?(6^hyX5Qw{67}Nn zy4LGI<}Q3|w;JCtX6`e_SD6*}cqPi~JVh~^%T<+hRLRF426J_JK%0~~0fiX~V*}K% zVXT@_l2-ug9>!yPEB+y6%97AC!W>p~XKKo9sBueCY-VnN)bltDP9qzUQ!LyRdJg0F zJACyMfvcHP)N7G;%_?%Ngjm^hb>6=};5>#wyWRW3E@3A7GYJtCon%Nu1Q(SFGBX}DMz_na zB%Y}0qE)?0Hz4PTPOjL5ntJxxb8~F!$<)e2Y(+#Ai)it709s43KvcZ#zyj*F|F^M^ zZg$6PM017fJA!zmLq)T}<(1LV^Af94Aqw@cMUL%Ewf8G;CUr^-)4z@1uiLRW;ZoDz zJ7{yplF3}GXI&j6aILxdUM!S;s+y^v60_)5Sr;_EZvXLWbrMy$%{(ugV7;ETG(d0f zL!K5Wavlgpg#tuv0Y};_H_w%mR24jj$z*z`3jx6GrW8SD6X z)Ge~zBuNU(jxv%Ts#9#3g~QZWcXO>CI$9Upe!V6NXZ{z4Ce~0I@f)P7#=gv^7TUMh z^?0}`&k%d>z5fE-#C{=3{CTkG(enRmZesRmpdq}$`|k=?IMaUR8RGu;r=^X37`6BR z26SeshSt;m?=lPTgat357L~TeRMZn)pO1zT@!#zb|C=HylkBwZ)c-2MGcP(a9|BtG zcx_yKsPAs14yUEO8Xi&~RcUKQ<)HWYz*4)GI`^}@h?9ob21CG%Z(DpYx|YgjO0Eco zPIzYnnq#T%7~K|m%F1q6rQwrUnPpxyhPcWLd6sDg!H6MB8UDwxnz_Ra{P(VIIT0(0-F6M$)o4W*-d!xtAe_^<)*adKCT8| z-q=wSmUL1 zn=ZFpGy!pmY6NG+=GM8n)Y5rG3#(ELqRjaYGn;vZUb@t!Dk4}vj&B+Jz7(7(V4a%v z5@b?iE;l)QhOXtD$mvJP^Ss)}s_>QX&{Hz|8$C1it4USuXCLAjkVh~T|~p5>83mIR`y@W#i-mp{pQndIO*sq1I@ zp`wrv$3HT2Jpg*%e~Mn`B8bTmQ(eX|p0$nI2hMBP%m2c79=%e=P$$tfKj%#7ewcB+ z$s&OQdn6FdulTsL)yG08LRl~d_k~D^L!}3|Xtf7HCDh51#y%+R!@l5S5lYS(8D(NE z9YT}<1xy;?4`mu;UCLHlvISNEkg0TD;)a(K?IjVK?|Zaaei*RRy7QvqGfM`q7%dwd zzdzNXl{ek&(X^-ElGUZoW~IPPNMdwktPF8A`Kw3&nh_3M{Ij0hmBg~&f^)Il2MPw? znxhC7;_P;!b~wP7g*h>cTeEe)^n1rkF`HADw_l7YNwr3Miqb7w!%iDH<(SWQULiPI zAz5RH4^D0$A7B6yw5(e;>Ul`($CCg`g1(hT7$*hFq?~% zhb25d@@IzL#4$!(lBL7~-9DqL;(z$1?5YAvHctyrwR#7{!_z+*CR z^J-xPiDU3@T+^0)+0BTjI<+9fY?Zcjr)}e5K zMu=%QhncJ(@tLDGYY?Fyry1=%#CzrFk0uS6h>Ryr&2mJoleQD%kQj%|xw*95=dx%h zFI;+Ol`MY#81KBZ*T;I=fHoHbO3iO>oWsTq6zGi6^M)AdvCPJJ@N3tf{l0^^Kr!CW8805lX;k>f4=+ebc}(6z&s-$M*oJ@-zEsV@66eeWU`)gO zLVe+^s|96ooz^l+8^l__QGF9 z6B&xx(`}K4Vl%Z4q8P-!8}_Vp^dB~IJbLUIlv5phYoP^LzMN*8mNA9IEGh;=z0UVr z1r7C12x^pRzP}_g6VDP2mQ=ZQ6dhIJ4I+cLUi@x-{1zD0Hp!EgYcF>=VT<3P{;{fE zcjI@~e)|4QEB_~RZ%FY;KH%F#3D508RyK~niDvDDhFzJ-TBsH0iL&fD-M6)p8g;>H zh^mex7kEmvNnd)3f_Qt33R&rr9JJJEBaWfrkX^I1NLk%RTH|!=63p+Sr49|{M1LpW zNQL{00{P4Ra*tFW;l>Wgg&W5UDzuE2yWzt@ z6*-j(;I@#0`Y6q1B&J#;qws*{nN)1tnzJhTZq}EOUq2NMMwb4t4HVfylcEd@ODc5g z$=L5_JBGFVY7UcldEjHc7uhw;UmA*7gnBJQPZ$)s8z9qgnl-tAye3;CJqNd}4#jex z0P(463^y`6U!}0}#!xKzKvzk&?jfwcQU-=7JCM;)JMh@W!1NT2VWh|(o2t0&PZpiKAOeKG@JZv#cbLg2 z%D%s+&NGlB1B1a5p>7?)uAn?9yXZ`@mS1sba3CigP5K9Dg$Tb(FLV-d>tB% z8C$nTHxye)Zi?5Rn(||+LsrGACwqOgS5}CMrT+F+!Hekt*;4vvKVVTyvr2H+pzLLR zBIvYAt%32GU;?slYYvyn&U}=a17F9@#a!?CC&|=UI-ozm^Tl^+eBEoGF5E!yrhb%- ztjZTDQjR#jok-d~&|p`S%)L^M#w7jT4tiHXH&UgFr0GUiov)Jh+gbo7TaBW!Ee7tK zSStofa>n9cr;v|*!2R-G;>RE zyBUDuV4)WnUFkNGy%3elq4HBr2HC`4D?}chjbD0gBb=p=mtiTw_4bjKwpT#}i9Q5e zqGHnE7qx5s`(TG6he4I*-z2buv7gh8)@4yYQ`Bs7CtKb4)!e&8bwf=r>a#&OhBXni zg{ss5_=me+@wuqDl}zbl^SorMo8;LBS4Y<_{#6e#p}5DWW0(UNYQ|217`9iPnh$nl%6Z89Fegu>-7SDPmCG2T|C%k0rc8(>@la~v2 z*RUdGWHA!d3*?=SfWkfYMX%`y%*uDCAHSQ$Ruifc7TO_zLZ9@_r_l+0f1%%gXl=7M zwAM}v5>|fffn-&uAj8TdT;9RqAXZ2S?wA$xg~XjXp|c(d^zKjx7uqQXm2GYzdrL+W zhf#%Q5`s`iYyN~Nyd;r2Kx%73d8pUl@HJGwz(!RX(}#9Nra_9CosP9W%-3|sXUR94 z3arMtY$K+(j$`VNl9g^^uDot|emX7WOx-7CG-u|@P$zJhtARJ%Orsfc!v)-8M1t!` zj)A80vy(M%a#tXwcaFY&RB6Ep&=mra@&|PF=^1l{T+>9=s znNEr`anBYpNn>~CoklhVow=${vCg%DewHfREi4=J;)MZVS9F0J8wz%-QHerg!_Hi5 z&)jN5?Tnmtyu0mXx{a~%2Iz+9&Vz%T`*iPJHENp~=?`&2P0q>QspgGlrt}N31Gx6^ z$Cq3JO)^QNb!V<9xgz-4r3?uQ?ltq_h_7l>4wS1BX`Q6(zNwpnk;FXbCt+uwMvZz z@x_?9^7EF}%b;3FwPqzTh-1|NjF|3b2$qKu+Igd-2AvXwq>>@^tjtaq9!a|L7>5rk z`zauf{naTs)sMP*o*=oD!)}j04H6o0(sP0FKu%FPu+^9q_MrS@h$LiK_0aA846S=+)md$$;ft3FmW5QcAoZ+K^JD4gFQeDV`6*B_ z)uJr8hxjrBUEmP?;DDv&*3#SJ%-8T1XJqgL>(4qju99$WnE z{yMFSai*!%iHIfHVge$U@Xx56CMF0~xA8?#;>VsFv2 zUcf63HG@py?7Xk~!@+($q7@KcVU)dYBHs2bO1vE7uix9fn_L2(+7Qh;>|3|V`AVZ$ zaa*0_3|J0t$ZA-mjeIv+V&EJmgsipXGZ30V<147a4J|JLd8KCPh~#ls6PP(W31aFPsubs zK$WT&@U6P-Eh=rIt}8jaMgH6P+mUhN*xhL%`V6XK76x);cy=-G0ZtuN$n|~@-(%tg zq8S|R_?y$o2h8*;;h4k=b0sWuB-Y9vG3&aP^W+~Mu(@=tC%@yj+w#{{Ubv_)|4~y@Nd#_DL-NDk$=`6TIi_8_#^#p^p zkN5rPz``+7q{hD%43s{V4lZA&TIHZytq$Jj9*DNNO;xZdJP-Bse#h!Izy*^`WzLcT zQ1kb8KaAz8jte{(;A(+->s`m!d59Tg@)OqGD}<$M!hsl{&Fhz<&(3;7z2&6tuufyj z-(p_?op6T#Od^w}KdX7j`wIW>LIF+<1-fpU?ByK`IV#~*v-+fk#$-<-S3}cMx&wGR za}bhI%UpgXYO-nosIDC^?G%Y~Z#SATQX@TlvfQC^Pzr~?f06R))c@$EW_weV5@qk0 z>lvEYjngbKcZer^xNeL3e8M(hAA~$Ad+En2#t7!iCZS!8E3a6}5LL>?b4XP=Jk0-a4~NGVmh=){|h_WmBDrozS= zt5>C}rV)gcjc?N9aC@-f=|={RqivR#p_V--a`v`#2%XodF6Fzv>xAQV)kyW+;e(yc z$CKw$^7VtdUGefV9FDGF60K?U1U-AFfPq2a#2yhlpQzQd;@zLaR$K8=D)V9UAPOzc zvND+Rh$_|`znhN~mtvuycxA`dMwK{|A{c;XOo$MPPx4#-*u$h7@D#lB^0o|_bx>~LCSL4{_Uwj0ch;A}ZKf2Htxd4n$nJ7^@ z#${z@A!aVb3x5_<@~eX_9VmiGSRZ>&mdthVhYXqwxpC)t@#Z5igQHF6-8!fE+8(yLy>WpgsD)5{e&SJGIzg3{ z?D7&Xce**#F7Fdm>Y@T)DsiN?$z|xWyE9RgeCXL|Wv_8?wyXx#HjFA)b{i+uzHQ!C zp*FiQsQ&vw!9AmnEo4`krMCI;Tkt(#* zOWn5TypV3X;gn#dt(IPn=@wU9tJ2~uB&Cdfo;6wE-5$$k4BQr5Zy8pWP0!O&z^Db> z`Zlc{7htEQERG0i2@Z*E?QsvytG}%<-JvmOIpsCTC7eypj!~|>zIySgR6C@-6#%@~ zA5e|xc$BcJtHx7vfc`tJPGqyhT~l22?$%AE&K=-Z-i9IA51DJYE*Wre$Bg*HuIT)a zt&`SDt%y(kl~222`z(?=kOvZcF0O^=zGo3;c1|U-HDuNo8Ki;^(>j+(JKnBZHlaI> z?_=zi8eg_)%GH!bNzr;=#lCxbt|62G z_p?VjC5R3cUKaboSCulqG>q{qFXtVgC7pI#`zf4&6GcE9H=1&&CHYe6o^9K=4TNfn zj0uYoRj7P!r8U`=L}YfEIuVJ6m-*j_3RyQ&ke(?Q;FiqI?{lM7q!jDA+(sjb)SN)d z-SaIS?y%7**lULy|3t$4AEM-SjFPyx#Ku%mjNs3IxQ3BU@3{DTSFnn1zbD{6`pR9N zr!*T$)T-?tE#MxGWgf#*_IBHD2Ji{AFjq+~DTn%efKf&1+na!7LBZ z=|X3{NSh>5;_oTz(_Q(-w=@yOe0#J!AiGK!^(%tnnTtTQ0^n?ZU zOHLLIhB5+W!7F^h5v`&O|6e|^A+6UNyNO8@IKH&`jg9$mP~DV07uRilEsbvR@Xxi; zOT16!rojY<#aN+{31$GXq*bfW-yWi$h$BvHGgMbN+NG6|7u!`y=_;bv zqvGm1YJC5rZ5|bL5@QlYn{3tcaKlusMU5gGUF|kGahm=)=RAj*?K1sJ7?tiO;AKWT zt#&cI{Jz>C2m0`w2JBbz99*3{6FbQvMJqxF-YY_@BPREm-{u}a=Qwn>5&zH6unHKj z-RWLu!RLK>*2nAPSomwVyX&+6KiSiB9V)LL)(G`7nU%)u|)r*3T z+5|ZPr@reV%4OR{fIKY3eX>1>vOi!7N z_e|Cg4!cJe!28w6%U5jpSHD-=JCEao5B}TC)$zd9TXojGS0uLE?Ne&D&+V5HAmMAi zPT?zhYngK6i{NZK{_T|FVV4R*pE_z%^K(-3Yf}4bLdR!f+nZ{ui)ypW@lq%0DqH#L zN*V8J3D1TZx0*S-x+#msIZMV_TLz;Om%*FM@V2Y@t*iN|wf?Ks>AKbKzSa5O;o|vt zY;?MCK3k%=J9)~RCgUrs{h7<<#pCGKCU*Sjw8DAhlbkXu7hqK z7#T5r|BTo1Np2AJas?h1y2W2hL|n4TIf~qlv@YG9WIHU*s9HB0+=cc3paX`=potfn zx+yiNOT@KXA|ix_f`g7G*!L7y-}qtFho@nVXEyS-u*ms+aRg&vECSrs~?K44QT?LCy9Ff!?H4e9B4ou1i3J@M(-{;$Z`bF8*?TP z-*Fr#U?VNNUfL-?hIBg{TNDGMc&xGECXFv}JBN(#s5)siT~%MtfUR43+P3zEuE)`E zfMD0a;JRlly3HJgdG0_uC0TJA`T7W}QqRApEKWV$#uFw4Yb#l>=nfQdKca~ZyPeo6 zb3hyN_z<>1ji@4JjVEv`@1cPgKvej z{HBE4sx*33=~I_%AKS?tR{L?B#zR?;V{k9Ec-QZgI^hv#{AU7QyAzZg_(a2JDCa#Z zg$<(;h zT&Sk?{vz|3TB#(ge>isiwqq*aDJCu;(m}bHkakipxoWfk`i0{Mu*cb9N~Hgo&?kw| zx1l`uw#|vIdTb0 zTrjT5p<2qiSDoscrmi2QrwWR!KG%KEVCvhOgA-& zaX4=EK_OIAwV!`cvWRx8R{2sO;CsdDQ_xGUWO<`kQlkq zwR)*B2vr2-*ODVp%dtwX#PYa9w-n<R@zKnzg6i1aD?GGn^)P2y3htha96n#(9=FZ}E9m z3{6c%H5`J@E-l4&wS+fqjy&lyTqGBcs3X4N>KMYxYswhb4Txa!Lb7-WRxae(xrv6(%>&nb0g z4d6v|2nIkwU1Kink1*|Nx9vnb_MFQm<+}N_+zklsBoTYrHC48`w}%ephtb2iE-o_m zI6!{MCaah|8+m+x&&83w8E)_3d{GLzitQ->){LKJkYat42KzkxTUT+-Uie$ES9pj_ z!~XHjJM@O^jthOYsrx~?d=9~8EK@TEj91;ap43y8wX6ixMa9>3bl?4yZX=v$De+pm z9YB`f)g*S=%R5IfQRNucf5<=ZuO0WoPBiMd8A5CN7Cuiv2W|pJsqDp$RD-z_3I#C} zSO{kBtIrc91R6e_G()lv2qB@me$ICunfKa#p}LMc zc}Rb;*zS62w+^Nh-oW_tPqGvtVku$Q#lyxZ$S{&lOFigNmO`zp)A5X_`$meDhm8SK z4-&$yZ+g`!k`*D>9$U~Us?De?Oxs0ciI1nH^}6zsgzUG88wAW2ho7irmlLX{APC6E zb3e>vrSL3$S&Bason8md$d3&v6*t-LT51ZuD`M(?B1>jY#7uFb#KIk!@7ZCgkbOv5 z_N-EAS1uD!0RZ2RH`w6FWV#|+@Be;18u41u@ZYmH^DQ+p$KdtZSaaifBG&ad87dKP zP&Z+fW2s0m*a~I1QmZw=So2A~v9j^8+{4N+W+&p6zO8a?4T}%uS!c0eP9;nh0@zeP zhMvA>&Fu-jOD+y{=4rSZoCPh?OwQYNlWHvV%ux-Yz4X7{pv{9sV(y z!GZ~_Ie=5onu~97@oZ6M^hOAuTU8wOjc>?b029z*znlA$^el3c$Fmd)QIvNwXLgow zYpLV@B&#fab}3)WCQ^Yus{`5T5$cVC@f4W=m4?Nm{sdzRW}CgTO!fU{c#zC8RScd- zO3dXdf>SOz`RrD{AXg-VXc+o#fYR=|@PNdC;u3?bl;_+(#twi)a2X&QT8n1z=cuPd zv#klT0cG)#Or!xuw1g%$%{jmS$yae z3xrI&IJ;ot??pZ9HSL2AI>_JRlBl|F28aW{{UoVn1Z^b8oG1)?O55((k%H^gbL545 zt*1b|9k0p(9}%4)A7fTOhmU<%e)biMqM?GAu3AREpXpYdQJYVR)NL5B%K3RM9!N=l zL`|;oCT}=0NiTPXQ#GQ?bg0)%=^wDp7c}P@xOr0{44e^6mb`Fu+fTtQ75-j3;eW{HivYhr{1r(hs{4lNQ=f}o@~1f7R_iyY6- z*Ndl^H;OS}EICBy?({Igg!nnt*updf0=~|CQu0oZ=(^!}LH>&xtoDf!(*#PfcO`N~ zwMtmEZJ0hL#JXn1>`&PC;F1M&!~iWn4l3c6UmP}`p=_b!ckjie7zE2$3KL#*>r8Yo z-wMuJeOI3+`cZVWA;rtWqq&@JFtKYi?jQZq$3x$)#D%B9eUok|?Lo->-m9^`ISQ*P z!SArxWXtKvCaij>>aLOFCyW#JEy|&LP_Qdy^tTg(_fc8=aNbcb?os7yOd-M&B9nrI zr&Z8s9_5;wdEP33=Z(pZd#(R|k=^SN)8gP+60j0ZH_MT7j_QD=c_O&*j1e?`C`=7u zFGB1Wu8E_6LkD7u{RX2^BsbJ(n5uegDf1_ippcmoA5=9lj>QJpF3|}7`I~N&9}$CR zfz~?~I?9xb{j|4C)F`?*g*~1= zRr_Ql2VxPyTC&+raABEgwo7Ke4u_JvNxr)BmQ)gqyfA#EiBMy|4kBLv%b&ckwD3<; zML+G?ds&5<48`6%xhMl7z2UEv9>3omSsAsItJ~a6$226{{jopMC$W5kJ+`NMLWc*H z%2}dcll|qp#(L|kh(+n4Sg*%avUt-VJ0)6gQg78Lh`i7TFTm5*43+o(yAI_M5KM4? zqKtB_fxa?(@dR7jspX$-s;;;Uf+q?4`=>gI1YFVa(!m*nDUN1?DeW0l5A*1&`sifdj>@(^Jt8L=$u#Ot8K*;Hi>j}BAqQjo=Jt#c!jiTB z68oDsv6Tw)5|Tq2zhG2@^C`DGW-CWAuZwrvoC=GFSZ|n1T6pf4n84OU-YSB*##c#3 z^l0)~Vgl!~myET(DijU5W)#mJt3!k5nXcaSc22o)>d!egk@)C1w$ z?{kuM=}0Vcn=N!mu$=A+)*s`a1lw?)m*=0i7=zl)V5&=jObm(2U@K0HL`J_=;{O0W zA#ki$%CqWwGDp$D*sP|5j3@>&Mt{j!iszvD+?!6B{Xg2iIXKep>$YRtw(VqMOl;ej z*tTsF@8ug@wM_%{hESvtMRTQe&Y3WTKkiG=Tb^$VJ8&1i$MP#%C$Mkll zBY07J|8UajiFAR&iFE&QlBH-UbrBv7B1ysg6k7E#~C z?g|RRYnHWb9YT9Of-D0VgD1Iktpx`Gu1(>}kl>#-yIAI6!iXDt5KQ=NJFYYVIk2n& zhF|w&m@J_P4|QE_{kOl_7M|OX0$`u2rbZ#dzF8HqLoVt$nG^m5)2@udc?!kg0(d0p z8seLBz4PQ80C4G5X>6%ja@j;G@P8VI!B4i*0}e+q241|K_mfFFB$SEx%73z7MuA>^ zRR#1xW&W%|2pq##20#N&^@9-{qCw8}+@W&7u!~p=0eu72N-1Nk0B-?htg3jBRT{UC zAe<)nwU=&kz>Ms+_&K;9Z#@ijx5OmsS0!l*z^F_qAAp|^NUi{`5~|a>6F_?uHbdGf zV7ljzr8i*GMY(JRs4e+Cz3s0ZEPbK!1Qig*O-&k-vE+bJeb%(c8m!#1En$2uHg8S1 zTIFiz5~|fs7Kot0=+khJR^81`mdTon{s8x)CNSLsh%)VE%|~-|A&9kq$>&(tfe7M! z`s=b2z88|v(Cjk53y^CLBp^Bw(Yfp}_Ne6-0#%Cj+Owe%R&2u|4Mj90d=p! zyecw*h!IfoR;XJ`(+eLgO%ff~zXGftsTEPv5Ygw59?b4KgyWOk z74S@u<$M>oT@0+(W*e0AOMc9|;TdNl z8&IiZw(tCto+G?lTz@{D9WW^1babH3h*V{tVeP0VDM{a(F06 zYM5~Cy>iT>OF|*~aCtAvtT#2GI~`cKC%TB=P(QlCG%X@HHB|=TveO}Rho*6TtD6;zQXIM$ zR1xz-o*j7)jX`*}c*vad`E(uTt3V$^Fzp^|OH?XxzH8HIbCE!krMW`9lczp=}->vB@f~@! zXgPE%@txDg{o}6gOHl#%zwoKgzLx8QA`1|rAV=T&u;Kl&dRBX6j1eebnn3$Xu)_^` zZxTkyOBv!-oi9pEOm6okamWZQRnIb=X9KaB-mZJdyB6&tyYJRS;_$iMwvK{3#pr;m zIP@G16~gtX6#pm7NF0vM>7)J>jCXFZ3=x!zjFOK7PPWrIke4nT2o@)5E;v4=-9C$V zEz_caQo->Cj3)XtCdjD1xgN6!C8D8VzJ#fH8g^xt79f9bftWRO783t2PRv`Dv?B=@ z*{*puS-LEX1`x1MZXhd3QcNfX1wxb6w1BW)oN0^h2|r)(wn=EHoTwckMl*&4(_>88 zhAgm0gCwEbKQ#;Hk$j0IDUS>F>9F7k(ub(+u-EOXahL-R+ZQwshKh&4?u!3~PfN%@ z_!!kR(6E|& zFS70b`yX&V%r0dIu}8~cSL7PfGghe&Wn&^bX?FA{=k|EQH_Q$H^(->Hf<(3g@wlG^ zjYY~;)2|_m6x0F-FS-hx_o;PvwBCm#J>RaN*!0VbdtB9HIqLOZ&%sy#vurV5$k=v( zASWw8HXamtIi6AjfuE6Sp3KS4$#WN^W*>q4^uCr+?IYv^pmjKhVzbqr`85Qs5eFLo zphvPGQpuLx1bE5(Qpqsias>rZ4>ENhSzr(wRhJoTTN{Ch5i2GdbbF3_4cz2l1~+AX z7Mi>`$`ezA#RpeRIRphiDg{+Kr^E?-UBz`>VXrlDTltuNYfqc|N|4aMY&3D`T@BH_N zV%`dvxgH1rk3C`;Ol&f-zTe2skCP-5Mg*a~cCVC1z4E!b!y9E;aGU1e(uZedUoi8W zQQfa1nC?)O{6#TJ4na3|Ef0fWq#AiKyt`1j<6^gM(S;!{B9`g_C@)S)i&s%fVk!Iub1n! z>04c6gC+^nZqVvXmm4FVLDH5Om_h;htN>y&vZMdO@cpbobEhN{T;W2rxQPnjZMW^c z1z7%zuZ4QQJeXduMg{2~11SLvq0Scj2+M2<6h!IHRkkB|^{;*sGy^;`|29`$TA3Dqf}kV&Tjht^p!6t55>Ea+YuW%xTIdP`))=YwM9Hv1b0cNHm4KrqIxi@w;<=*v%{(vH}`5Xv+Va_1jYXDIr zHni?cg1K)_$QE1&AVdy~&doH+g&Mg+3WX>Qh2CcZ{N6E2!hzFi`kNSEZ&!NZh%;ix zRPQKPq>ocQ2`&$r`GjLeHo~osczLx1vz5X2t9#2#)>FkKZ51FxUWwEPx3f^PJQOGc z-WeIRYk!T$RJm*f;Cu~W1mJrI7N-oM?6cnWyBwPSybuBrg{lomg2lG6PESWzj~LS; zEt4KQ0BdXObvPmb(o$=(cvKwU7EQD`UvFDzW6Ura257klCZ&ZR=if1y?xuagxD6AL zvdiE<9$k@kG!zl}vKGhGiT*L02$?U#NPmlLuV{8UoZ(*EJ!yUV{W z9+-eQH;N^=l2-m30r_uNO@x^EVhs(?0|8izxj-I4mjqj)?MqvBTk?kE6fU& z%QT2v^tI)69BDCT#dyZ3sVz6NdNno&?2~amhsX-p`7MYZfE$wS=)OrJVPX<)AVB00 zHCP237oaOu29U78HeU%RO?FCy7NODVL|^H^`gRWjH0VG8?plWviz;pmP(YLWDAE1~ zFcKl0J6elWcT_<0LN^Ae;5d+ndaymRH0M(5CO$%ClxjX!mDijtwbu-2*T|(Lz3Tm% zKn+M|n{i+|JiY;L1lX8w31C-|W3!F?2OMuFrxW;cXhh4a^^oenHSY9Ng!psVZwex} zN)HqUFo$2(U{~MvKZOYK^B_8riR0rUffpidp=C}v@ij6IveP682k9@kP_2f$8uhAy zV%xN~fSX304Fvd`|8VH}rIi48mr50p1wVJO9J^7lcx&_G%t;+to~@m?F2}J z3QFrZT{1^{GD$eQPU%kg6sbaewY?fos7a>^_p6Ozj_=^-4;m}eFN!9y#wb`j3)=)= zrET}e^C=useZ!j%oQ5Q2o0VFBAvXRFhdA>U!T_WxAZr#z{6rCEWMfD^K_(+kmW>+> zxXIR8tHgs>H)l&|IZia2VbUhHh|Hs2q;kz{=BN6wun zWt`$%EhKHtU0_o8CbO}7<~4YN^YZ?Q%;ZdbS7E~74wN?o(n!%TFIu0$kyPz|PN zp_h%ti*pX?k%!ugm7776k&S&_dz#(DA9UXH^%0~MXVuTlmXkESWsV(Qv#n9gt(g$I z+o5dDks2J5+G-ypaFi&z*Nn z0eHB@J9t`{ayqC2H)3ki`^en2+(88r(h+k>l$0U7GML>66il*3isilk?#!it>NL8s zc`1b%i9NfiMmur|AM+|OizGA^&uNbjVF)Rq{ou;-#>$9?&BZFPXPnUS0M)vK# z0AcaV7sl;BG5XJ$Q+#uxQ)K=xkKufA_<(O3G3-yh^^^dqKe4in-ozYGi#V93=A7S|aa3OQs3b_%A+Nkx&Y4X~OsyWjrf46?lnYf%bNugz)&FuP%=HOZ#Z ziT?|UWU8oPQmd32FjL8f|F#}YmEmydB#;LSP>@1h9L6bPO->+XjlE%VL%CXpW3UJP zh^#gNU1I&$=F@tn*aX6JWE6wn>SC&c%$#%3M2bO=0Kki^Szw$QfhB8#8XiOhG8rF@ zP8CG0RDI3-ab&T7+VTA$GJJX+iY1<{l!r>$@fPc~&>0#Ajw$3Vq@X8ohq67Pyz3<5 z53}8}ih7(SUl2oGBE?Rd%F!qi)z$&uyc?xMip3EB{?M%@-tpXfxio&=n@}^{cvI7+YEMUCL?;;P_fpLTd?HPW=+&wZ?&kR7@)^OwHMh6p53uLl@{m%iW0 zuzlr+=g*?c#`N!l335BnEOT4>Enr&-q{9{(x z&UjV%dqXrshjLzD*^=xskIOiy_x4Vm4W1GNLK_;ul)s_r8ikN*Tk0BBLUefU{*=NX z!V(mEjy&k~T2uKtan9@&r6T3uA9x@?nSqaDq+)D(6;C+XR<{QJo+C=OrNh7pc6lJ_ zj=^?kD!PaXlfKU7vaGYr1tnEz>%R9AvuS-UupfTF(N6^%2oGqn~(k zv}Sp&+5b-IGlA1KR_+~E8j)h^GeIH4p_QfmS=1IUGZs6I{fO9j0p8^up>?Y*Z3lC` zQ*e>k{DM;TEYnka?r4r!-J*yCH|ctYkm4|uC7a<~O~q2&%=r{HU=bOgs@~>#i4acs zU9zLQTH(jM_*J)nJ1UN`x!t2z4{}K+-=M|kC=45?r)`FUBW{P8=zBs&3V7nUdi5-FHV-*A1C} zT!sSQ=!qkKjP#FKo$g@_fEb4I#)rl)E#hJ7z>d#waziPcgark)9c9)pLN+ovA2nUq zWPa?DYB;YSpCG19>bhe5Nu=yq>52vUE9YfB$`EpL_(}P9 zYVK8h!wMZUFZCqn<0qw)Y}8LQbYQkj15`KN+aH_*z7Y}%_xIH}z3g~M| zjtIk|#|H(h!a>O8fk$SF6<3R4)Oq-CMZl5@TZ&o!7Q_Z1GoF#*kg7P*DX-IwDA~o6 zQ^6HU*;!~lvKR$pCNvts#D^Xb&1AJ8xRCR}F4`r0)i5?wAEya7s|ydIZ%7hhEyI+q zBi=v{Uxd|yrW8h^iyVk)@svj;l(va}KU7?1umWNAG<_9Jozi<$`KVH z7t_=M()1Q2SjD6&!K2suz^D|~9Gh1RlxtqoCJM#585CVjx-Tj>M2`y)AmbAOn@PEO zKTrTdFA+KkV*urXW9dp|l~0s!G+9ko-_SksffJ&}L8n4YA>Tj`{;vrIh7Nb=#cQL0 zzWh6@Q0kdv!0as=hJiXD#8DlMTDX8xOP*HiEB*9VJV2P7I+R*2Ixq<14z322xjx=B zq$UKrs=72;&X1se)Dnbrq*GfA4Jn!v8(TK@nK||?GY6%aqKp>m307&8;&DPr#;We? zA(b4}cqMs-keR<$+WeTv9IO&Fr9RL&9EpNc6H$pmszBD*ME{+N*b4uo%_TDTxFsls z^dkAV6vfX7Giw+Mfkg3?l8j#XGmm$Thr}4g1mq3`j58QOQI|&bS8g@)s?O7aDC6xW2(tBZ^sAYt_r~ zKy|51iaG|&0zL&)GnY%KYirIZ9It3pjxkWFNLu67kEm~A2^9_XDH@us?ObBY+34?o zL^?69B?1gg>6R)swi#gqiNVI}R1+$77$rlX5zCbI2tZpj20p<+U!m&Tq%obO@)uS2 z^nT8{~8e58y&c4+LG_^8BP`#I}c%!&m+tFypIgs6On}5NTcdj?kdsLw1qoG zV&sOI+IhJT=PLaL*)P%b`=}Bn9Jh!F1(VX9riy&cDe|Zybl8W^*It@8oeU5HqQ(MX zTbPN#+LStc@YJM&KTT7`U-0tm?3CUilT@htvDh#5yo2FBA%WZ!v%?*PfFqo zAkn+aVqxPtxn-^|xyF-eV0_pdY5C|q_+8#A~ApcsI7zZ7WsTeJM7B&nK5y-II z8c;jo!B-sCYg-hYGPCTjJhQTjQj6qpMo2jFc2OIAcyX+!s=Li29h_Yb3R!fO`VwdO$ z1>eH#flhC2axk%10y+>ejnY?o4lk4<<>2}N;w5jAm*re6e<4Vf=rWMN!4=pcP`RXB zil={mpU_;vs=EPKEF%?sEKk#eCWkvj{doJKb~nT56FU~Ke>7Bp{JHrVtdM(2EDvrE znZhawA_-M(P`MDfxSR|gijC?E=7av|{kDeF%J<*koQl*1>dL`&nl+L@4kT)waGQ5Q z%u7L-FVg-?gn*E}f0q#SYd|`W-JFKS4SCcJ)knu?F97ChmUbHgzd%f`KuEbhN|Tf* z3lq1v8oP~dV$AF-EF0^G+f~pgux`aZ^Y5=s(8rA!u#6n;%NB&|y5Q7g@Tm$DXMZ)( zR2>&yEMCqQ9~(5{;aoXsQW|zF&&DxNj3&osUtN;=zSj609O4?snkp7LV3jng`5C17 z9FM;qmRi9<66kkM%44*~j*_IpG-8&xQ1l)4MX2#!Ca^JuJw9Krf-1W>KLY4Ws7bf; zbtOScEQP;26|)MQxkePwIkM8Z!mVXNFaRheS?OrVgX@O^QHx#b6Lm;n`pD0WhU8W4 zg3Pq!#pW=t9NeB9CRcQT0RtGH)KQ{EQDLM>q*ch)#s!i{s303XieMw+yjCg#D5k_0 zO4erHZ3rzi-FOs*^q!#O?vAFsv%m7*;eaHFY3!P*d)dJOz_${)F?SGY$101G;7`ZX zh1KiFS=%s@fb{0C)WieXy@GSfP7VoIZZ6hNIg$b%XM>6MDa)f#YXKQkPAB!1e$zmT zoH~|TZiuA#R4I<|Ltwp>;afA_m%WCCRe7^DyX1EmC1-y(syHq^HJZuH*QEkFDOS1z zT`#uz)kM;(W>3@XWGyKgoD>Gc6zz7JuXNnW_qEC|Y=T_w&g+hc);ifCG8i?2e7POd z4fIOM)Cnn-q-nrPnu@eanNGQnfrqzG#2uUtGxMbktq-f1&%#U!?AG04gVEcwRUr+x>F4 zbzV*2RecKAo3mq8fH$j<@pct4&SZ8(dHSZI^pBI9a}Xgwey$Mo!Ko3PySSVt>@LHv zO04a)l8RlC$%3Uu6;@FYY0mHcca&W!6XH9-#=&S|Z0?J6&(eWRDJ#HlRgxTC;>+ww zUelgwGxmz?$fN>FRn9%0&iL#}?6guMeE!?D44{++#zpOvzm)X|q@2Qn9Z+CWQ>Ej4 zGEmBfu6@I&p3(%TKeSz;l4>+;lAnaVO=W}?4@`%tMxuk&u&5Es>r#i`f9odEh z>tq|?5gL*wOVS7*&#$lYLn??2#=`{XXWS^!Kp*nV?*Dex8u9ruw71v8w8;}Hrv@Dn z93SChN|Q(5HkS|(wWzYV?u6Kxa1s5JwZA=o%NEr`PYi6@Xp@#zP0+)m*W@cCQ-rZ8 z#&1B@Nfj3^>|T%%fNN>Wn+Ei}U`jP-<;b zZ!{fuMtW~;hhBt&1E-A{!9dIx1w_`d(qq$Msn|I)Xw&j5w%f!aDoDApsNWT1CnL%! zCp7u@zr-gy#1MUv3r;c|+o|4P&y)G^vw(7McH7U&$D~nW@z@pj1)*ftA0B2J8w(Xt zqXK=-JDH(mkqe^T=aX07MHX~B4PWvlH?w5(C7y=TX!3-|Y?K^gdKi#Z($I%Ji!RNX zTye!Tq*cibWFQPc1%4@L5a|yMjM-RIGPX3qLGfA0Qtn&^x|Tda)8kv#b9K96FlXEW z#abxxHQ~Y#Kn5ju2*J_&$Pp6d!2Cf?<&b*uOrSh#(4DN z#J(Fbagc+MY)wIS&MU%q;805Mm5@dAi zybV1X`n^*wG!A zY<_(&YbV}SaTxE}c3OH-v7UpIgbp6{u9(fM zCN+JI*{Q zm2i7UL)T9v?b-fjnvSqa>}l6mK1 ztd_+z%%mP!kE|2Sk=kFi$dqgBf7e=;9(XP)rb}5}_*DvZHot2R#^w#dx{F^hI%3tH zQrmEv#OK@^4I1tJRHzlurnwcdXCKEl$dvrvH$1mVm%_99%iYRS33T!VV>Ducfi;U{ z(Bghl>dmDmMF}n@bu`LGb~pobShU-B2D?i1Pdd|=Tz|?}JegOfWcK4G^!cnU(R#OS zHU{$Fp;X3~Df>U9o(wI0X=J6H#=(ZHeNhSzsVL$b_w8_| zhwX~Q)ERxBlO@xN5EzL)W@{OpkSOsvK3urZO}q_=kB&_wG=m${koZCrDo}B7i9`R? zKqSj40kg}7YRtn5Z?^v%ZY)kyHXZ7D8{4s!l_ls|i$aq8rf?4J>#Ol*)XLd~2cmzK zY1}E$*dL!cdr``hJ=zG25Ua*@bo0`Y%F-$7C5`6llxGC0!9S1AXJK?UYL^gryAsZ@ zT);><4ZU11)P0pWg7EE9zA5-cIZ8%2)V1D3gdQNu!h&=PZ=})Y; zyz^y@0_eoy&6(RJo|372_>sfwNI(FBngy3uBdnX1G8s6LlA-YwKW(yy5J#bv zs>+=0?w4)s`=*%m8wGCtgy?>_5hnu-u-QvB%DltVtJn=iRuC^Qhgk zyLwYuqLxsrc29eW>uxE$xHxyFTV*VGxc+TA-B_XZPBMLcRXtX~>?uxDT+BaV+$5kl z3~3uzMk)INXViVBMrTEIYN2*%R#s<}xcs$FR?z4J3Az>BukQ;!_sS7Uc%`&fRVXRq z#l~^qFwfG;do+_zRK0W`!!Lnwvt^Xe-B8haR2v>Uv7ENAnennO4uIz$;fNd{+_{=S zq!VZUQnyg_b_wOMFteyo+b+BB*6?wxo`+PENt~ZNjf_1d(VB@oB3;6*rcF>WVXuTT zu%-Ca3@>tzI0O4Z@h`S1&vVeglKjZ8J^0T3ii36Txozq+mZy?IJY!FFdHETgIQixJoUfTJn*BOR=w zVXkQxdc)05Sd4~TJ^Z@Wz#^kTFUT=W4nf|=$@Hi9+s+kID%He>z@x1mPxPXH;?K_0JC*xckCXi~CnqlZiSVF_`kx zl%(7{n-_V?$4Z&?O zpl)}+dPo@l2f6bG(=C73}gI#5oO#^mstLRhuK^gvn~@#9@R` z7j_f2F%PLI&g!GcJW4|uYBOlBCSYh<91(Fikd?)1`+3zy0;oVr@N2j^T+Y9^iwI&Pss+^M|-l*Lg=@Xr&<+Vbn=LNkvcA!2o#;K`(A8(8Q zagCGImu#IwPOxIw-|P;II_ve^_Xx-1uq05VF;SAuBy=d0+WNCQq!z<45?jXBBKa|z zf>wz{dq%j;M*SDBS0G+tyo=pmL|(Bium1;J(IjbPtSO1MOys=Adi}t|2jd$>~;XJu*`_L12Pq0%A5M+r&s`C7}Q(XL9Ir zT|dxlN1co(xz>YN4qH)d4>4(g+7h-#c7U7!q_$>5?3;m2%)Mdw@lUdxc*uVt2wt`L zKOk_umOhTqa)I%707tL3ULrO>23sG7fF+vM$eYaN3nC9UHq_W)*-!*gtPbd3-J7N7 zJ{%yF+ut=|sd2k);-2~CR7vP{sRb2}|s2o^p7PF^2#M~We8D-JdY z&!hxjCg2H5M)$+QLn;))O^;-WgWdRjDX`tcj5lsRTAM<7G$^Nfc|e zS$*$UU9zlk#$WJ2?w+CUl$()G$Bvpfod2#D`!Lb*G-@Aruuwt4hF^LmC0MvDtFV-OMjRAtZpFV2!ygi|zchzY<;)`=MI#Gtx zfYA69^qraC6sL6X&~StWLW7T(?G9p7P28-2cyEr{XUMdnC;h9-Dn7-H!;&SR;Xm;e zzs{^8#5Ssb1s9Qp`F;0{xfy%C)vrNS8Xw0hR?M?g+^hwLv+@70?+pwuI~j$ zZ8{bT;bjJ$24-gp-F7P9h!0CZcBL!67?NDG_Hi~QLKbH!t=Mg%MhqU?p{<^RFA8c; z6V#*Lmh%bixeD>!!s6NrM+XR^FQZ}uGX^CKyTrFd8mgFlRgfX{zl)d{8ZI0BAmDZ! z?Io}Rimq=AyNBvTESo0bgn%BW1kJxH)b=P66rrUGGXYw`3204b9qkiVq!dTM7Zm-6 zQPhJz1+m5wiF&;9orzX+849&L6TVL9ms^OFMkro$B28EK`tq^`S_lpLcNFMi% z)&w`xJ-5KF3vO(~X?x;}K<{`NO+kWU?$z#X2}1v>-4HwP5GV)>a)(E4qineSS6GiB z3%jL&Nu3AeL?I)u^!F(xSo(j$B2bg64#_a(`sGz`xBk!)r|&P)rJw};qpdhVw@yQ{ zu<*yJ>SS^_-*pq@>)(-t)30VZOs*c$ZRgM_I8j4p8vvhN#f%l5G{Ls6ZAtA7J@7&x zbR#HkHT^y6<+XhW@BHKV#Z54d1ngUmEAAKJie}&?AgCdDJGT5O=%g+EV&R+$kz+4UhFc0<)hXP(XeiZ3v2m3$jbQR&yo@Oz4; z0(pji<)?N8rhC5`ImNk*h5D8(#^AIKdl6SPB+enp=Ew>DaisA2ng3oiFc$zW8f3NW z0;J8$P!x`tr&vEf1{p|4ES#a4+QE1?)g_HR%;_&gKfkBX9Uo|F5(rsme4Uom4bu%T z*28TR_t-)gSf5jET{24>fMKg($dY*BRA*aDGR;PdYZA%^lafC9F z44u1Geb2tijN4!)`#TB2lZ@Q6F8Jl5C=2J7W{f1>4Fnb(=x!{gc8S-CG^N>ZKej(r{lE~h)2#15lGfY zSku>H&a7{JK%{Ex*fyI8fjWyS1UeR}l=j{`W5UL^5RPG)b93FhB=E*G3#B`2s*~)o zV4|&m1T)cSFO}P1oS>_|B@hyui&!n;r9M zW{O19I$!XC-(&FDA@!T%t92c|Rv2sjd8in03ugO*xHD*`Kid@~G?i({BL&#M6~YxzQoRwU~vl%NA}lKNH-qCz3+!?7YjK zgRGDAflP~)^6q|+#l19_LTK-YaPQ4R4kzjFO9sXa#0BN!&|WY1>L7xJ-`ts9dfdOw zs*SraJw+DFRI8Mcm=yOi{jUy7ICtuN=3G4Azmhp;PPxemdPJ>a7!qrI`|`}>sAVP-z;A+__=C9M0MK!7J9Gn$UJt8%!s@tGyeEPgw^i{)SK?gluD#1;WLE#YJU= z)wVh1|1=@{rxjVjKg0YpSoDAQC;R8Ee?NxE+CACw!s7qj0Kl9buIn8(7p6~#Xi30~ zn#COM*XD+^N1+E6j-4)IYzmZsP;Tb2=o8DHyti6X}+@E@2ppw7YdGv6qGW+>E8_fD`SqEv(A=QPc*$TOE`GzT$86P-?`QkO@iTl%re(9f;b<1DQY-{Hz zvuqthWLk@$m=2Q;Qz8%gZ#gJ z=-Qjt{l0|wo}yoNJisx!y-_;ZKb8l_wO0D@)O&{?z%yp&ooR1unFmNm2H@tQy z&#ruZk@@8i0Q=4rtm3vy1{zJ#G8zdwrnJ-$y*oBVcqWtZqRiUIa-7#mvGi6k!W=0Rv696;RkB!oe*}0paKTOXn{tUly_CbFBx$dK#FLm!emQvFZ&%G1yb`|- z*j#nT<70-rg|_ud-jx~~^Q|F%SmJgChC|e8^3&jDam*20Kd(+1L6J)djMs(rn`ZDK)*Oeud@RlTv@aYFVsZ*L205KMHsp@d z*{GV+Ld`xIEhtxXZ@^>+H74k95wEGF~t^mR?x_C2Q+XFqNXFvf$fcG$j|}33<0I7`TLm zHKA55YyROohyrl9$)68sTuR(|B_Kiw7Ugpw%Dbx4Fe7ZCQTf_uw&;&cY|gz_Y0Kr1 zhGnvxCrEGCk=h2N;Hfa@8nR>_IO{Rtu{-4ObW!HC-PqB4zO`p3fkeb2E&*=344c~~ zzKCU%k7&QkBB$qC#X*iR-4*p6>;mkDDUQwkbG9mnbhjm~azNs!BKHKoF{5N>#mPe1 z&-VW_zS+Wp+7F>@%Gie&{=12B(`4WH$YKrSjupy00|Ni=c%fv2jFHgJ?1I$2E~)F_yPYHTAF8+N3eTG7xROxQ>2~PzMlMtw=|pAobchu;DS$d)gtz zt?r@~t`VNwZ@SPeP{zPvBS+Y7tOV?S6~bK1XZ{$NFipl-1wmXM*WrRWe)=X5GS=_M z1%E6I8=k6&LkXASh)9%1!MeC35?#|oq%>lKw2xg#CxS>_u!}e@W1zH4C=`Y7H*w>h zNqUcF7{42q;JGdHrm5yp!kju^BgvN=`LPI{q)%IiJ5muZRkG1@_Y?qs+|t#zv3t$u z74)Xfxha12*|d=c2KFlIvoS1 zK1}#@&2trbv@7BQb)ap8u{8?829;%DBOF=tT5-haREOC;NGBTVVu6Mc+tZ4Y-}`nq z(``^k@k6c>i)NiY&j5x>GL43D==YnAJ~5F|IM`!`0%#X{qq51b)rDyfB8MBYQQ>!Nz)}-NDLItvVyl&Xm)EqBuf%u12{SoS-hk zD}VpWEuQj~KSra*t*+a$H%{q76sqwbSheP(13X_A0{p*^Q7(k`s5}W-8VWWMuwn1l zDx%S@BIq020-zRG+5%~eQ5e)=JG7-~DtvOWeYx5H$U}Of#ZGwFaXdUMuA+VDi?7P~;K;PNo9i?WzN3?kC`8V)OYmmnJxxw@&Mg z682QyU`r~$1Ulf_=SJ_TEeCCeD|@f?}kk&7QnhDXGWDTAfPn zca#`%phI}r+Tv0-*-4L_LhUQlyho7_JL760wgk!7LRNnL^?i~u(vSE8=KE~md!xS1 zI|G7-qm1240aGGg&0Z?1fo12^=o}5h2I^VQx3Wi9+q!{|otF7E=WSu}MnB_EB@_Bc z#9Kd|vv4HoTDXc9!I*f8yGULxXRP2s@fu8{WVjDxU=1TY&!N!9wprA7jW*-j8Rc>h zzKJGTr;~>f?b}uI<<5JH<%;Dmvj$t5bm4^v2Q{1u6K!qKX<_xUy#{MRtA@1EyS^_P zFx?7Yb>WvGYG^l2jT5K$4F&>d*_u*y*TTjzJI8}cAAY@j_iF^T#W0wM@NLtU6M1rN z!qI8Y3Paj>?)YtS`nDW|v_)f!^=^JqAC%)ya1IOXtQ7k3pG*c=-0pw(mIJ;bh!st< zPRmd;Pp)3DZI?khVd4K}WBtexo~bg`cBt+A)3egE+Oy`Ra?pnnoh1uSO%gLR)NH3I zLfe#~0#h%#JQhnQ`e#G)>(|MDY}hC> zja^7eg&qcHrV9D@Xv>scTd*Q}8#R8kGx>Tv?!PZ<4yncrDZ(q)O|%BbQJ7tM0`eycmtrq-A2_4WRrwQ8m>&1JcXig}w;KlXVfZD_Us7hm51U0D;X z8{4*R+qN;u#I`5)#I|i~V%wf*V%y2YcqjjV?_Kx3ci&sm&{M-!5;wIyEpS?l)r zj@cHWHUYtMM2;v06tMA^B*ZF_;x_FJ(j~HS<9)IMjv2t$WS;x@cqC^Vi^h_dh)!TN z-0HtwG)ey`)9cKkhtJotBT=g#+6uxU=e`X*rYiW8k4jI>)BG6J|H-I-Fb{n1zPY=E z{!mScNFhovG&P(5i>x+QJmIJ4K@qmLBx!2~r~OCM9)X@-mq7h(5h#XF8?}n^M(ro_ zXr<8~eC4{$E3ERydiv^Socp(`#q)%aUxGOg=BA~J08{G$lI>;3!V1s?(8B@|l1&}T zb~@IOIvh0YCUd?&eDXbK9_5NxGV9M~{lq0U&FjoD82I^A0>?*rNJ916xp z@v;p>T1lJHWT%;(lD5I(WGEq$;&LakK5|K;UCNYl#nX8XY zEWqELo{#*zxa_`z)Dz`YEx_TQpVaT@(2o?`om|dmE`$^0ygHO2v#ajZD#ycQRWkv( zK~Lfdmm8fKWwAgyYp&2MRltEZ4UGlji%QL)kCUE4@PyVF+#R)9=2KvF z$zVUWjr(?tM@$&)9BgO|-r9+0Oco}iV6~~{clG;`ApCqB8#}%9_uug@e<@DRL~%JH zjZqZ{zDa(@DHhY1G?n{o`4sJVIp5hNUhy09+Dh>ZWL};8-Wn}A@Vbp?3(%|hFdoY2 ztZUJVwtl%kvF$FnX+8q0U%@af>-V-s&6<{7*wf)(+TUILo_c&(!fl6PvOvh`=0*|^ zl{Ah@_z*|`o0jF4t40Y6TWV*L6?FMEYGG2?7!4vUHK9Xo=cCm<3D}5)tlM$&C@M}2 zSp~v$RKhe+V)~^PGqx0dx3cBuz%#_{++aLR#G923Y5Wzx%R+{@}V7FUWfJ(1#N zz4lFzVkht-ou2Q6PcLH?Iz#M+74zJrK!;Q_jqMI5=Ac=lFED>@UJl_^#@g4 zI0ckVcRe0P6_V`|k6GwYyf?``W|%E)D&=TW$tT-h!JbJr!MpDrD18NoCrjx%+ZQZo~!x2`Mpi)=J*I~S@O*Orah5W*Lxtd_WY(LHbWfc**) z_m8!?;#Zb^NbT#dcw0yun|_>MiS2d>T1i4|41^Ena3QRjQ*55ddmory_27mNk~X)u zS};x7x*zBAc{Kbg;k!tHUpp-M%X?>X!zdURrLrLJoFH`w86KZyr;Me9z8Y)NqqEN8 z-!3NHe$qr={j>DmfB0$gu^$O0C1ov4Z8|8NCiG5_9uu&;>7XRDm6QTH++>Y6N%dlF zQN@?6wT~FlY>v~XRR~(+WWPx{f=0QS&K~ZuaBMb^N`C%~>IMaq$}kw&KdO+g0skO( zG>#@j(P5t{#^+n}Lbt2ZFvBruv_glWJhuN2Tkx0e>DuH<+~r73pe?G%TC1l|Y6G~UZr zqu+H1piQu)i4IOS7HJ!1csI@?9-KqWnDcd$pnis}tn9si@%_y_5tLlC_QxyzW7R8B zv(iV=#p^c1#W34EUu#HFtenCJGj)XQc5_`Yi|g0OZWJ;i|0vA=#0&OA8SS`9Vl;Vc zqy;4~+(tL{H1^k(UaDHz0QN|8zY?BNyOfy~S}=)un}an7m(F^6Mo0L5!TwB#A>EV=UP48r-!qX3hX!MlLr zQ#f(!Gq#@2f6AzwON1*k2tAzZIcU9BiglkQ zy!TxM<*#9)0asu$!G|IQ%6c&buXEtlPJU*0n*rn?%kFn5yV#NgG89R>bYWwZ7Lx60 zvTpccqhhLh&Uh)lcz1tO9B0(GutKbxCh-wt?c*d;t<^-VLQ8rsbJ@3T9#^VHUQ700Qm z+!uf!Z&EE8fC58{G7a>`*HUWot|QBPRjz%rI0J{sX?-{sKj^~M-c&TzaiU8qV5)0O z*RbPLD5nw^k1Zl%v!5h*ZJl1^fvzdk&H*-`*E*%5*VjrA>Xe2OnVDUyu}5DT0fHaKrxrMeWHJi)~a#cz*ydp z#{0!UnX?i-jHJ>Mxj|xJ&u3-nDKv3gtnwNlyug;?fxge}SoMmThk9n*6#3Hj^-{XT z{8mr~W}PqvH7M)P^xX~{FbH%L&xAvTHy2IkSl_CmJ;q3}ekMGN^PmuxypOk0P0jv>UqHaJvw`c(~<|%o z29Jnfq@jriyC1Vws$%~$?~|11ZwWY(%=yU}hUdja#imec;j6Sv14Pl}zA##=)BdRA zI-#c;qtF2jSk+&9%u>ThbxR%*6nWU*pQ?{EAY;4LOzMe45g)+ZIUc4NO zN}`Ka$AZL5-8p1{Ubr@BjM7@&3huy6WCRND=w&+Y=@IS?bpK}1pIyk9pn;;1&a9`! zSeGgc>VbSS!}P!uzezixe9pf99p`vSbwR`GV`4++S`}?H7&Zz|`ra$GAB;&#>K2q{ zw*?6l*5sF4*Tcs!D0(j^D0hx5A&&c`OQ;9BLI!~j$su#vJ2_mBij6$8B%%X@hDQ-| za}&}(a>Zmu(UG?q1Ng)#RzzIVtGcd~?hYl%eJkwu}+z6+1;TyZdP-p|v`=?f< zmAYYm)LREUWR?fo{_g#IG}dcQoddPr7}Isc#|m+EK)0Y68X1|pFp4<~;8UjYJ1BGAN&KLb0Z5hM(A7<#xK>@0lQoSY0Y^F^N;c zahF?DX6ndP*4ub)pbFM^#$y{Ze7y*vCG~Z0)r)Wbr_Va+Uu7ab>TxYW>r6@agspqN zW%aHL_?o>YJ30qKPwK@A!7>l$Hm(L5$bvdm_E0FEpzj5!#JR>)AWy&QD=KJw_yZ{e ze{^H+$b>B25}ED|M$idb)y5{$pmogj)w54gzSG?NNH)UGjCk(9ZCI0UvRklifgSr; zuZPp6kwmrXi(F_;ot7+LOI}ig_pS}YVbqMHMnCMgJ=lfHyJXS$nO*$U9I&CJhOmxd zZYjV{K@%(&czcip1>@tMmh6TY(sSg!(J+H@)@{Qehw?Z{37Xnq!ZD0NB0I}$?v8kv zF+cbH0A8tWEXr{k_GA|G=XKDtxIET}hUiH-rf_?*NK2nL0Zi;L#F41D-jR z8mffGp;Z1QQyLtwWXgVID2iN{c85oZkTFVreDpOI#cEt1!o#4Y;9J4qL!I{iAOeF+ zziCNd+3K7#@$J=jU5-?UmIyRUzFts8H)erG_HwUPWI<5napOsK4RiY=@j{P1~272#hD~hR;+t-SU;iAzTC4~B_gX)ji|Gna`|uJzwgpev?RWApC*G z!bZeQCbZa{?LASgqn0|ynx^0!F{&oQ3G8;YFE7aH8d9m^^IJ|FnFuLItvrE*^^Vfi zy|7p$F+M+)_adG~gc+muo+sbiv?UnT5oD~^Lf~Yh*aF=(0O|d1M)1*EWL#vh$MDe1 z#8pl@IDed6B(YC4^(d4$#8Adg`o}LJ?K~OfJkW~p^@@AWrL?s>WxEejHUeGz?Gk1& z8rU4ibQ%ua>tFd9RBrwdxt2T_3Q~8G6ruW49tS!OMS|NobB5?aW7iaml1S_b|?g~xLe?` z_=R23L*I$27Jg!L{n-XbG;c*zVrs+V4n*G;>#7m!Q?)QUCQA)`lq6T!i|HA+=Km@p z+J5d4%%pmo$(w6JWkww2URhnfM5*v6C07%pmjMf-pZzp=s$`AV(VPS^XE2mHC&_(V zJZ9O|*xhg!23@H;%No~lfzf9O$X_4x=U*+PaIhNXt+BX^HqHegt178Ca5xC6ZZQ(! zbhDVE!0ble0PO{X1%M$yPpE@a`ex;#PdDWEk5&^RBq}7FNJ1E_4LwEWB)_05s$E$U zFOTZAlhl-D0)FcnZqGmJ3h|xcsIvK}tocRUPVxgqD1 zdCYEXSy=b>n}x~bT{IMO++dN7$A`_vDc>v;_Y-q!?);XzO>uM1ABaZ~1}3}pN6&-c zabNELI1KFcNwJCpO&xWMpy{Cs>0WJt9g1#tq}z{(09WL;}Pb-!I-7 zQ1@;$?nHAif?J5-F@<;JG63v&mh_4AEolDawY@`>j}{#u zVYY%T!c;gLVBwG1r=-$Lkd%_b4~%JhlSm=cFq3d~lWYO?9L)AI_JF)UcTID~S|72S z??9oNTe9vT2&jKTEZ8J>J#k?tMV1sPrEmSK=Qf@CNF1VwozF zHKE}96A1yzsZfFv%In0;_a;j|Hqq@L8?-M$c5k33bQ^^nl?RnDEh^H^)OfJTjXSI$ z^u57Z@(OW=<>|UR;xk(cN0l8#9*^6J5@ku}E?ufB5>8|anTvI#$r-!^P1^# z%oBUSZ+O<7{!v#W3$j0L7$&MpE9f_NYNJXUY1{WbSd;>dzk{84R|Y@Y!fwIWB;0kQ zaLI)La~&HCoDBwN-gVJ|JtSvoGgT)vrIBpnFo^2}n@a%gyURgAJJ7glm)0o=E(k3n9Wnwp_NYmPCmnI0xO#@w>+yOaBaS5QfUA`5i^GDx zn6`nBqTweQrVwbM^r>VqFLa(?k+_9KOmQE!7)bqTqmb3VmV_qNArSuXB=fW|z4ybz z{^3kcU?4ir)nRNI)vO$QM0Uw@`D%h~=N3cS1WadJF*H%pH6A|+?YmiW1P3)1Q zRSY*6gTS&O{0WBbXCHqjWyPLDDK~!%c<_K$255+i7XJG7x3QGDgjy6rP|#Mv-Hl8vz5HCicwGI3b91#qz=i>*nZd#2_-J7Yx(K5zIMqp8i?j;XTY*;h(3JxhUm|sS z%(@{sS*7=N_3-%#%;mH4n@5W{_ru(;Z9ywNStj8oyjIGLQM=x|_jND?5DF$UNNf(A z;CqXE9_3Pt3MM=!x!~=`RM@|fg#n0_z~^DgN30&m@4%IoLDV%O?qI2G0gN39aEC>% zxBm1Hn^a0Rlp+Vz5U%8CP@uo}NQHcEo$0Ur>@;G_5Oj(ytxSIs%*eeZDo@)tF^<1n z@FVkb)1};^hHqXjfeWOw()O@c{U(5Qf0Bw{M#KCR8ddZ?jn!2ITIm8x4L3L70QW-! zjm&lB=^eT{JEuF{W0|rr$yX}`Ou-7BVhiQJrXvg^pckI)s;OC`TC|=JZjRKI3yVin zSBh)zN^1ZM`BJf}o54<=x}G67`^Y%_AGI>9gur!68my-(U%{E|D z^1aWFgi37T-T^GcQRb!jmdAQC&8-&DwmP|izA?rLunxyUTo7gzN3wb7>lU7LqY|QA z#|5F`bbwB4Dnuf!w{r`Dvbt_x^m3HDKCtnfHc>G{MtM6paKK|r2F6CE{XjbOy$7+Tzo$TnT8-Q)ofYP0K;%9T6eqVk%6nMcnVSvR$z7KiFZ`IocrnFXjn-<$e>;#^XCbMIBUSlJRf6D%$ zj}Q2XDJ+4Rb597QV$rid z;fj5JXUFBct~3EbX^`?+En%@<4$h6nf#R=|E$_02>Y}#Qd3y65cXwDU?;>hUw%f#~+)=b~^E4;V#c>I4#1z-vT#8k%f9 zHG^!^@}Nq~s{4RmC&;H(qQu=cf5VN*Q}5?eEUxDW(1-b@^i0RpEwBQFbWAJv?k4IA z=`~;J)O-)B0MJK06QrvUFGR6&V$mX@?fRW^cMu|y{_Rl?gE&Ht&Q90qTG?Hz?S71V zE|gmu8Xr%ORPZlyVue9H2 zNk83xRSj@J7(HfvMB*yKg-Ggz69OdoX%CNGlKXj9_$%?HOCC-1Y(2k)F1_flZ;)iT z2BEQ~ztn~C`OE;K;;r-@Ar--3?jKE5l>OHXI>Dv}>3g3_fviVcCPozrAUQX$Zkp7* zA-~RC(i)N}x&WVm3!`DJKK|uO(nr-Zl{(LulsQz&B{%0!jJwL=fpsSVJ%Y|j@l?8= z{a*{}%$2ad+q+2uhjOjKL#A}s=nbv%KBCL}3D%uO&P7}M8SO(|O7xLaG8q()JzkaI z^?vJ4c!y#14O+hxc73n?7w@cozu>GzCG$ z-lcr{Rqd-g)=3cWDmudi!ddEZ)&h%1v|n@4YzAg1b*ZSSc>s37M1b@Du3@TXb$`6T zqt}*Rte%v9D&2$=bmyACoNKsM@7?8li<{s%F=}G*R=-sG36gXIRZtj7wCyaa_I6O5 zd%8PW2_8Bj&PJ;*tRUPaV>c@Y1Kf1Q#juC;k9+Tk7)QU|na1B+&QCQ_k#Kt3+o<1Z z(^UXG%0E!$QId!kRdPi6j>)_8m@v+o7BD9hOM4zBYOv|$K0f#_-DB5(P4#`HTx?{U##xMfM)MA4C`Ad(8&gHiZ?cAY5r=mTRY|Dm9ECqtO6>`u zFOS)*f!RcCNXrRrM6;WUptCIkI1}s%KjA2$a-~5&pc8fDNxG>M>)xoSY_CNks8EO1 z5vxN7tuDiAqbz>tL^h`GL*}SjWB_^hvDgWA`HMw9#z*+_*7bY zp>UPxopkKf(>Sa>HXBPlX7}})OxINJ9ZG1z;Yw5yPp{}cTJY4 z(Q`B*-5D}>>~n8M`9q`?my8S9wL|rlpVxpr0^(oV_@h(7|MZau*!igQKGN~E1M=&4 zMGreV%}N^d`83n<$@8@rc4pC!`~#jvNgiEMtVw$JY4`tOH{%xk1lJrv0yb0j4T`a{2s_$QaU2 zQG^6~jQ?%|)7WF!W$8W)JPQyfBr4v6`x&@P$SS`yJlCkUM`9mmQ2w;D1T zH4zkYtDnG6D6HmUW-YIO$R!8jD&s>*OQ}2Dh){%e|LkbFm$Ga zjcMyo8SY`vs~%AN$qZ*W)_IPSFlVsAK#!)}3q^y9#)1bD2qe;Gr^iuH6G^9Bpes!K zT&5c3<+^{wr`NzZ5Vb8xRYZ{Mr4Kw|3K1SgG^3TLh!G=kU(+pu)+0uNpLA_EuZgX( zN8~n67~hrgg~}sdoNHtjn$1N2;Tk|o%;k*nVk$XD(??68dnj&VEvb2btSE6}S)Nq} ztpc3fN~DT^i}FT*$0jK#pW!~LaHWQV72?{M%-4A12EVpbwpir$G%5(8gqaIZSD3YN?)0FJ5n(;d)yi;6I#8)6PLR%h#7RF zsLsUS*v3^VZGTQ22k&`gJ=k7^`UIkxO-+Z>cuUQ0m%a&s`aemUmy3Amyo~}e@2~uKch$c|5^<$zbqkxdjIk$XgJ#WSYmH-nILfEpcdv)JWXont(~M()a%ci^ zaW2hGW12z2$HT+#bEQVNBh#|l-gRyBnLjtSXB7E+Tb0RD!p5XR|AFS3tg^%$(5!Ph zi;kfFI)eXYVBjC#kfQ78WjQfIyM81Y;@j~w9!0PYTURe>HGp+!=BMSNG*e3wYUZ|? zIxQ=#jey_pCp281Keb$HWzy7&4si%R{-SzqI1DHg|DrMr2Ul%}Q;HK3$y;57tQ+(s zU7KUo0J384fZpSy)1;vblBqo92nt73NqR5x7Fgl zOURSg;vCFJ8TyFDfPX9LBmXUKjys-uLmr6c(Q?>cRb!SFR7VipqU04QSF>jC2xv*u zm6D3}j|lR4Wi&Q(y{A{>Abvyzv)eC|%vI=A!>f(?&O{kt#afH%P~?WHPFB(|<(Ae1 z|6bL+l{;II@8gR$+m``+a#cj|o)u(VK<|*je~ac>T$b8x4qcBd#FqpV!$Ab!U)?W4Ks{RZK-u6Gh+{C@&kr_(A&s6TG3OI8`%}!a%8Q-9 z#eTFa-#lKT+M&L5_q>Z^P$AAVt>re`N0>wqRc3mJ0sK>Z? z@a`4TvEYSVI6d!XN$EF%VQF6?)bMAm=TJ(zT?Rm_y7y6eR(=`5ifEE_8a%SBb97iu z_O)L7w`K}58-LLs8FN+#4dsnAeazon$;>BK5o;aaJX}Ghe_V9%Y4z%op~>c;r&`~- z^$PE@{go@qE|qy8$qPZc9{Xf>aYg8pD}7V58zJXxTpI1AK($Epbj876VRD~U%{4s; zCkTdFM2!3EM*tNZWvKV;Oo*rSVAMB1-;n3_l$e3(MlTineYYqvh$P=6)-bJ$|DH9n z>xGzJ5yuXmpUV0MGK@1oZ0r;+sQ`*8i(k;7B2d~2&?b?^#PLo42!43J*x5y&Qfi0b%#PHtu}pi#6kB>)Y0Nv-6gp50!Ip_|H7;{_nrB=HVET_7 zs}{iS8*8)W2@FEIMB90GK!$_qBu?!vQGEei9zsbsP0|w3C8A8=eZ9Tg7Xegi2yu(V zd)LvW^z3|X!6H&#DZK-EM{b+aTafJ!whAW;M<}|o-_jc?myCEf=Sfu}iN$Mq0;qX@ z*bvL;*;4O2tAWCkbwg!|=AF35XSkB&T;W%wbbrn!Q7JqGf^2~4fqC-I&M-`(t0>+g zD{&5Td46M;_CjQSaCcv86o`_#Avsf-^Rnbu1rAGn<$;b2NI&?zf~S@#Au3$X3z}v+ z1ou5}p{6~y{INI^VDjx+8{`1Si^-UwbXL=>!lj0JBp$c8s`(2$hqomY$q04!n!L$kT;*a1$K3`I%<0JXv=jjjNgcH#^wXKTQT)1oivn zDjMXWPQ1;u@Hm!~qid^{g(pbG&)gxzLeD)T1>$>w>GdJkP18bX z5ml1JgeCN$wi)v-Ls32f@Tw)vIGqcgiC2*-%T?xerWzt>nt!YM5HRkqNP0Q$Ve(3e z{&Z%I%y6gGll91rxTO3=(Mb#2E)=t!zGHc}KHhwe-J6);1}rb=7TX_35KPoTovT+R zcZ`f_TMCkQYUQMVP1x2LH%h>WCgr6QA^H7}p{=d7lF|*!01`}Tnw54_fFeg$7$|-h z>h}-JIx5*JhUaV|CHPPQ5EM`Mfand9ld+pI#nEyZFenp%zm^M3+f^{RZ$`vpo8PjE zA}SCU44{6V=Tl|FKz{GNEs6!(9jq`ahhb075X`K;fJsT~@_}vOmK>FWP@$rOR!eL@ zCdk`M4#B3_@^jCi9!X{h@{adabk`YQG*Uu$;_cwaoC%GAkqo6>bG|DGnx!^DA~s5e z5}4(=n5cHYMH)ynU~B;x-_)3E*8+o3w@6piLIKD2k>!F2eKdG=9Eb6gpHt1n=aEu? zwWh{$rcn=mSiGOGuqu(FUgL>{O%qg)lCkB8$#8h}09b!BL9^xt!wjuOg{g9IOs$~c z%a2+R<)|eSF$8LYou&|rz(0f`1tJ-ORkpK4Fbz}AxLhYl_4H2vc?Ca4OW2-e&S85^ zlm*0b@2^=$Q$cMuS@;)}$Jm++C}DJ*+(MPdUR9kV>d93|#+ z7UyJ%l0|>10gss_&ZD!i;)@PH)&0A9k-J4l77O)jYhg($wME-}sY zmK&JYG7rebLH%)qdG4=BwAjNcLQS$P_LF^}~-d=rmY^BFe7&*r4N zE<(OaLB9`d{*z}bTr`=5IO5gxFgH!ZbP*NP(iCRCSp8CF) z{tx+s5iVaFGnzm#t5Ybe(ri1dw4mAtpxo`@^B?@E5q+H~${|vx_KYVnM8GH6Flj_| zik_-<7y~s9%~NK@B7_@(r3rI4MbR`|HM$nLbc`7ZtCX^L9HvTTFk4%-t1l@i((a+x zIaaa*m!dYBXqto&x+azW%VKasJ)~r6*b}Qj75m-dk3nu|^al);#DlOP+>EK{_nyAj zc1)2)AbM;Eq(cpT?4)I{Y1uUAi#pmfMwfJ%GIt*`LW4Ql5i15CY(Vay)Ru?L{@R+N zZkX-A)IiH_48!+H`hdjcAP*+;m8zbux|)JkDa#e*uyy3)ynhyx_>^n3jI;^y6S0jO z7nHq^h#zR{U<8+ZxTJGsH@KTWu2~IVdepR)2_BqHXe1&e%JdO7>G4`X23O@*37nJt%7?{G_D z%(b@al!^(%Qgq!icJkDNJ;KgMDwm7sC+f!h6Igmk5?0f{{Pw+gF$UNo{6l6NSf*=x zLeypis&`X4l;HbQpimaU4;^I>`tpN~VyxoMCIhdos=U;@@9hJrvM6zdSth_ksJ6{jKT#PVvedW
ZlV`-;`#M`5OTk-G4o$*L~E&@q4634rA zvKmlzla9g*gS2}$tb09?5~<#NjG{E6nG3}&oIY@2u7LQzNyUZzJe*&oJC@d75_T3H zj#4ZvQ+b}ppr@+=7SYUgS*H`Q;;#H9%aE}7ZVQtfVIztaf^5&y$a!t)y{I9@!Nw$g zFO+^Ko?gdy(w%L%7x&#k)Z_<8qT~9CgV<`G+ao?L(vu02nfjJ}5r>^pUS124m=VqL zPjk+}W(}ZIC=bqry)zdt_Y@H3(>O;`aUCg4A>+9p>!!qopUmLiAQyL@TEdJ+ijC&( zt7HU|6|?h=3AT85mF=r(UK6Gc9W>sS&Z2+n(gQRm7G9c>9C7fP$Z!i19_rFQKsH4> zrU}3ssHs|8#YnUQ^Ix8bB0F}svjhR>K*RS85-mu?z;3|_DZ5nZzQj=muZD}$0I4j@ zS+ICbio@}jB6HvVFtPS|fjXte0?H!tq58B>V9ftteJ3_5G1}@ggjP14=d6LOQe^(K zb{#}=w4g1u+AR;Eyd;;xvkw;&Jz^Kk%vJ|QSohy|M&&c$t8%9+s>#|0oc+)@2o$@@ zNeAFEq#w4cF50GyEcXlJt*|tsHSkjrj zE!CfyF&$xfS}wIHnc4AOyh50tBmPETwW+$t?TtQW|gXt%At1&JSM6}QqP4f?nR?HB05+N%usjx(6iUJ7;Km7PG)d2 zTMVQdl)WwcoQ#Q*07UIE30XwYM`eWey~69x`zKPDx8JLCd6Hzlk~krbdp!D5$Pvdr zXLp@sdE5sRMaMCh64~fa-3h0@N(|W%@G-HK?*4^ZX&-?NaZVsyfJUcyPU7lo8TruK zmM2oZgmp$p9@Bt3u6IsEZ`NP%MgO~|iKOAgm0Ixfn(WliF3 z2gUrz9098ha*jOaMnZ355W;mFbi^YQN+r}+)sDt-5WW9Rrmi8PoxkQIH|U#Pdv>h_ zhEYEy!F~cM_kPS29S#qFK~DRv(VxZBa`;iKppieg#G8MU5Cl;Zknm6h)Nv{`Zzzgv zl|XhEIRP)6w3Cqb{4))M!%MkB@~%g{i2H-P#{RS$79jjQMRpcFe148$Eq6YCv=!?( z?$62h6-xQD7>9_@$$U}sQr~x2VJ5n8gdo>=L70j6S}}0+TgvisgG@dlkF7e`?fT`L zfBX4~k|Oc9^psTPw2_Opvr1A8ww;b z?v^|jV!5BMvDoA>1zMY{w+<3!426DCbW-P|PZyKAwy}(#*yU!?{Y*x}BM~L;q~XC> zbL#y(=1bF7=ZOKajFr6!ZvpZ>jVCJbE5&qM)>){n+A1F!94*fs2@ggKFhT6q0YS$o zuqFH}0s`%T7P);=60%(6{~~q#c#570=eQ<0MXUAmK>8>o7IaAs8ZB(>dcQ0=a)?D~ zh)tJralj)-khO~On(l1V(FAkce`d+bnIF#o+-jC|kka?uaV-nJ^ihyVrQiqh(p1(^ zy0T-U+Xra34~%g;VqLgi$&+I@-Zy#JWt;n$1XaG)BC@f-sG62qAZyg=sx5$^9`hoQ zvR*CBHUPoR0FRsE*8FEcd zhRHxbzaL09RQM-jNJ3B7Cb^(e7S27~7O;`x23Ji%NtEyzbTifCc~*%fmK`8QOFPf7 zjo^vhK4)fCVvK%hR8D!Z1!_=t!5{q|qr@(@-PKv*mNgsEs;eJ=S=2 zTIJvn1YO3W1Oe}YGez~zm-@;#e)go2)t!aRU7_n4)8{%>NzYKm93x79nMz!DBe8Xj z1$ILr>dc0t@(`rxXsXUkJ^ZCYAn&7OgU%RH6I)q7jNx|95RKw!446H-LTv9{du3aa z$qeZw5iT5Slvr@EeMAH0&dUUtGWMf3&7Fqp;ZC|*S-|HENsiAJ3)=X%1!%50H@apQ zD1C2gA$$*Xnjxfpx&j{*4luWyIZ!1KzvZ}mhe_s}LG@NXpbW6YS$5mytg3q&Wkt5^ z-f05(Bx%{TeBM*Wsde*0;M+D>4WHKZP$A-H)1YaE?Mw<3Py$`#pbCamUT|I=BukBj zI&H0+Wfk-Q7yE3EF>TX`1%k6#RV>+A%B=&(<1di(XF#TgZ4s;rl3l z9S*dIO%@4tENaRh%cS=()zXWWIDPCO`sTGGY-Ex)@bmFolKPwuOc&&dzV8#o1>*4j zYeZ6&LY8Z-0xmrfsiY4G;o(&bV{$?{u0?jS&cO^}k-;qs!C>imE5~ovBj#;m{Vfu| zWL*DM?=iy-0Q7rReTJdH2hsyqqc~x#MNGjmHI$h0NYtCoDxevwl#vmFkDVYTng?D4 z1Y3{sMwS=n{xFVZv&7C|k4<{&k2s^xz^sW_2cqp(52Z6C$~t1=$1VG_=R!m|F!cx&Uvt#98e#GGIva zhFMWAe6)a4UyvcUG>u$f3w05bcLg4|wJbg~bA-h(qehp*NsD~TxhDg8zw0(TG}2WW zkXPQAqN`@&Ps4ft7qxGfJ; zUfturUDZS*g5rK%!G!S}6q$Sc}RC zmqdsyUECoBLszKl@iq%zuB0DNm#b8+E*u*Ecy!T;7)Af&U9zB|2+(dKfVRR^nGgb< z5-|W*{ZO#Ppq6tEGFQGtyQo4U9M zmk-TqbSWDk{pCYkzT(<$0HFpx=5Q&~WkQqeh2MOWvc3ecyj}k$A2+tI_SYyYhorg% zFoG%G3C{eA5iZim#w9>I>WrZ{#l2$DSUq^A)m%^|~(Z7bgD2(SM=izbF1bAOet4|APz3O6>oDNa2mk zzfk#gLG{IqJS-i6qrT6}RV8INTR0M*o(>L(cyB;QF~!=YyDtD;0J6OSjOzgc8)|+R zFqAO3IlBbA4r@`e3>?c7K#f>I5b(bV64A!swaZl~c(M80I1B*I-Z{xhOZ-=g)D=xy z9`qkskU^1Hjt4e=2?Ia8=t@Mp6~HA$e4dnue%*ChLWe5B_21gLLa7(VqOTU2(4^mq zziLCIOkheRzpj9fx8Nu`3sC^bkr+h_w5S+Bh7^pjNJPH@AfrP1r>|H7Se9R%x2ePx z#|BIg(DaR_xgSd<(SR`{=X6;A{8Ey4zWz7MQ2(Jf|F@*}Kb7bI1A*a_{S-iIPy5;3 zKfh+8p}_zkizV={FrVx;l&=Az?B?GK{tx*I0puG6G?(AOA>n^KtBVV|P5%dwf$%>E zWd1VpxhzY(_mF=@&#;I9B!2XZ0>It#Z!Pav?F0g#__N`k;(uBYayqVwMkeBNSsq4; z!)>=Vh6{t=Xkvyc3IX&4Tm(QE1(FZo5fU&7;ISuU0w8xJVgZl~#bE)+iMIXRY`K~` zINGOI8*c#J?RR#w{r_8#`T_jM!z}3kMN^FR1zP-SvoC0UC5M0i8&5T#eDShrrX~E( zwTfc#pQ^95OJYKt=Lmp-$g)wuDiY%~t&2;qNh_|tUlYwDsrG+_Jd&z_lK(wa0hEYH zDg#0pNhLt2BB=-nwIvk*p^>Ege}z_(a)7jxBo~0&Yj7~NkDymf3=e>Etn zU!%zgp#0~7GM9R`2n(1YUoAP_A9()l2cY?j&3*R2anKPU{(l(a`ZDS!_;Ci(a5o9{ zA2#0pFG^YFFP^;GQ(t5MN=BFd8)w=|el0&#!ju2emw#3)2TCa>M&Ouh#xR)_8tW-m zKU>nRXl?LHmdGE^&G7Zq^m6YR%bmk9c(NDQE#5No13MbBj9vF}oxO2%_>1~V9^j;bp-IBB)A3CfS2jb&f92x1|E@X1NNvzo1Y{5u^ z;9vc>g&px}e&?|P_i#I>R6t`HC-ydI=c(L?S^Vs?UU+!Po3xg{8Q~JM&ensDw`wB- zgZpj8H9Y^~%_Wv&8rqvSrU2zbYmq4wk)sP93v$&q-)3F7X&ESqR-n->C>=2843bOV z9%r69a#k!=gUZ}94uVLeOy^wUye!eSha%QGM6d^iH)a~*L=#>hgO1-C6po>NoZ7Ud zK(4nVNNhOw>m|LSZVg2cH;t)}6*zf_hf_67TO>J6nDcuG%NniB@x?wU?aoQPe)51D zSPoh`Z*~XAIR258VVQhQp^AKECC_hMJAUAM^1%z`&K>u5#c_upc&`~N_2A~-3Uhb8(s#F3l(O$*RTry|me}>P&UNP- zMa|G74VjuPtC}v&W@QcCc7CDHe&vGfr;@pmEgjbiUOv{?3G(8Nrz<*}Bi3*!u-yLm z_x-e$%HCq%b(EJkFYM!Dt>x-CGUav3&+A@CtsQXKUcwKjq5PuBx+a|MqvW zcF4Ri!DiLl`qM5SYhHY+EOhE@*Tghc+4-xs-&9P>36eCO1q}bDibL~{7|qoFTIBrn zck~9E73$v|JGifWR`*`|Q#^7>N1CoxSi<%B-YYKN+4@mqMvO_>l#@y=*;O00f7Cr+ zaKxW``B}CwZ^m710fO6Dize(Zu;&DsE5}@_y!DL467{$@@wNX&95q?u9#u5j7IJxf zPuRc6+dR`~ztVbbr==}YXJe(!8?r7mop>^9L*MjYg7^P_Ovqt>5nhOcb*On*5;Xy0s+p&P(2V```cf5-1W52-KVV_Lio@cNUh!gi|T`oRYJi zdH^GF({x_0gL~zf>Q5@H;o?{wpBKh8@s-GjPp7~9RjA?#^b>s(|Mt$3CGHZFRaMs> zwXoBC8Pje7tl9S3lnCjI*K5`M-#Xp(bLhvsN7Jrt4U;WMzhaay&*-+X)rG%W+MgP@ zx7eOzdJ8-ecSG^kpN)%uM!To>pOGDoR%pI@oBu4UDR zqQfl5v>f;XU#i3@T$FD!YV*3zostf0mhiI$`MAvWJ9JsdYRM(RsjKV`0xvmMKFB&} zPp6&XhK5Izt+=Lc?)n!R`MownUC>)pCcrP-bV2(L7R!xqf{stve!ej9ST)1%?fThF z`#+s$ObJvn1s21G|C}$cvHSUJPxrl|4P4y(-=@jmaJcz+U9aKizqic~{M?cK_{6`* z7a5)dg_3{#t1vbAu_JqN=!)c*7k&3mG`PRjP^UsVabI?F%m=kYHP??Fc%a+z6R3M} zBjdsPKj!-%1#&*;+>kf*u%KA;?xuOI(!f=GJPxKyb~~5)M6sHzEC2s-{>C45rfc^- zeE*O2rudmXBL6dA?BDn3K!eSc0CS!Ts@>)POT{iX&)bmK+;Y-^U%mF)?Gt`lC#qRi zcd@^_&LbBh^>1@jaP?35u;0<}LB@@y ziL#j)KBt1`*ZteaQJ8c5%|UUu4sBIU-$$(nCRBCDezCUxr?c53cjP_EB#ZMRYY%cm) z7jXY8SNI*vr)7Lvu6rs^9ZyNzGiR60io;@kE6!P5J|J<8Z%^V~QTwQEAC7<4o$tB7 z!djl#hD=EpgRRU>p&M!(;Fx4~BGf=YQQczH^DN0GR3UYCS zY6tRcl`=|73as??%gf94%8m8%i_-NCEiEne4UF`SjC6r2bc-wVN)jt{^NN)rhQQ2m zNi9w;$}A|!%+FH*nVXoDUs__Tqy(}E4j}GKt;j^!lvk_=cC=n{ey%=9M&D4+Kp$>4 zP^%3{)G8peA~h$%B{LTo2tYgRj4aH}Y`_{Yq!3m@w1yU^7CGnV0(F+yA%YRA8Ceot pBiPPJgq? Date: Wed, 5 Feb 2025 15:15:54 -0300 Subject: [PATCH 4/6] Apply suggestions from code review Co-authored-by: Dawn Kelly <83190195+dawnkelly09@users.noreply.github.com> --- infrastructure/running-a-node/.pages | 2 +- .../running-a-node/setup-secure-wss.md | 22 +++++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/infrastructure/running-a-node/.pages b/infrastructure/running-a-node/.pages index 4cb64c1e5..bd235e850 100644 --- a/infrastructure/running-a-node/.pages +++ b/infrastructure/running-a-node/.pages @@ -3,4 +3,4 @@ nav: - index.md - 'Set Up a Full Node': setup-full-node.md - 'Set Up a Bootnode': setup-bootnode.md - - 'Setup Secure Websocket': setup-secure-wss.md \ No newline at end of file + - 'Set Up Secure Websocket': setup-secure-wss.md \ No newline at end of file diff --git a/infrastructure/running-a-node/setup-secure-wss.md b/infrastructure/running-a-node/setup-secure-wss.md index 5205a5f72..527463be4 100644 --- a/infrastructure/running-a-node/setup-secure-wss.md +++ b/infrastructure/running-a-node/setup-secure-wss.md @@ -1,5 +1,5 @@ --- -title: Setup Secure WebSocket +title: Set Up Secure WebSocket description: Instructions on enabling SSL for your node and setting up a secure WebSocket proxy server using nginx for remote connections. --- @@ -18,16 +18,16 @@ You can convert a non-secured WebSocket port to a secure WSS port by placing it ### Obtain an SSL Certificate -You can follow the [LetsEncrypt](https://letsencrypt.org/){target=\_blank} instructions for your respective web server implementation to get a free SSL certificate: +LetsEncrypt suggests using the [Certbot ACME client](https://letsencrypt.org/getting-started/#with-shell-access/){target=\_blank} for your respective web server implementation to get a free SSL certificate: - [nginx](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal){target=\_blank} - [apache2](https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal){target=\_blank} LetsEncrypt will auto-generate an SSL certificate and include it in your configuration. -You can generate a self-signed certificate and rely on your node's raw IP address when connecting. However, self-signed certificates aren't optimal because you have to whitelist the certificate to access it from a browser. +When connecting, you can generate a self-signed certificate and rely on your node's raw IP address. However, self-signed certificates aren't optimal because you must include the certificate in an allowlist to access it from a browser. -Use the following commmand to generate a self-signed certificate using OpenSSL: +Use the following command to generate a self-signed certificate using OpenSSL: --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/install-openssl.md' @@ -42,7 +42,7 @@ There are a lot of different implementations of a WebSocket proxy; some of the m apt install nginx ``` -2. In an SSL-enabled virtual host add: +2. In an SSL-enabled virtual host, add: --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/nginx-config.md' 3. Optionally, you can introduce some form of rate limiting: @@ -53,9 +53,9 @@ There are a lot of different implementations of a WebSocket proxy; some of the m Apache2 can run in various modes, including `prefork`, `worker`, and `event`. In this example, the [`event`](https://httpd.apache.org/docs/2.4/mod/event.html){target=\_blank} mode is recommended for handling higher traffic loads, as it is optimized for performance in such environments. However, depending on the specific requirements of your setup, other modes like `prefork` or `worker` may also be appropriate. 1. Install the `apache2` web server: - --8<-- 'code/infrastructure/running-a-node/running-a-node/setup-secure-wss/install-apache2.md' + --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/install-apache2.md' -2. The [`mod_proxy_wstunnel`](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html){target=\_blank} provides support for the tunneling of WebSocket connections to a backend WebSocket server. The connection is automatically upgraded to a WebSocket connection. In an SSL-enabled `virtualhost` add: +2. The [`mod_proxy_wstunnel`](https://httpd.apache.org/docs/2.4/mod/mod_proxy_wstunnel.html){target=\_blank} provides support for the tunneling of WebSocket connections to a backend WebSocket server. The connection is automatically upgraded to a WebSocket connection. In an SSL-enabled virtual host add: --8<-- 'code/infrastructure/running-a-node/setup-secure-wss/apache2-config.md' !!!warning @@ -67,24 +67,24 @@ Apache2 can run in various modes, including `prefork`, `worker`, and `event`. In RewriteRule /(.*) http://localhost:9944/$1 [P,L] ``` -3. Optionally, some form of rate limiting can be introduced: +3. Optionally, some form of rate limiting can be introduced by first running the following command: ```bash apt install libapache2-mod-qos a2enmod qos ``` - And edit `/etc/apache2/mods-available/qos.conf`: + Then edit `/etc/apache2/mods-available/qos.conf` as follows: ```conf - # allows max 50 connections from a single ip address: + # allows max 50 connections from a single IP address: QS_SrvMaxConnPerIP 50 ``` ## Connect to the Node 1. Open [Polkadot.js Apps interface](https://polkadot.js.org/apps){target=\_blank} and click the logo in the top left to switch the node -2. Activate the **Development** toggle and input your node's address - either the domain or the IP address. Remember to prefix with `wss://` and if you're using the 443 port, append `:443` as follows: +2. Activate the **Development** toggle and input either your node's domain or IP address. Remember to prefix with `wss://` and, if you're using the 443 port, append `:443` as follows: ```bash wss://example.com:443 From 0d7d802f5a877c2017c81925b2091d78bf6c3d0a Mon Sep 17 00:00:00 2001 From: nhussein11 Date: Thu, 6 Feb 2025 11:12:23 -0300 Subject: [PATCH 5/6] fix: merging issues --- .../build-custom-pallet/Cargo.toml | 38 ------------------- 1 file changed, 38 deletions(-) delete mode 100644 .snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml diff --git a/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml b/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml deleted file mode 100644 index 7babd6bc5..000000000 --- a/.snippets/code/tutorials/polkadot-sdk/parachains/zero-to-hero/build-custom-pallet/Cargo.toml +++ /dev/null @@ -1,38 +0,0 @@ -[package] -name = "custom-pallet" -version = "0.1.0" -license.workspace = true -authors.workspace = true -homepage.workspace = true -repository.workspace = true -edition.workspace = true - -[dependencies] -codec = { features = ["derive"], workspace = true } -scale-info = { features = ["derive"], workspace = true } -frame-support.workspace = true -frame-system.workspace = true - -[dev-dependencies] -frame-support = { workspace = true, default-features = false } -frame-system = { workspace = true, default-features = false } -sp-runtime = { workspace = true, default-features = false } -sp-core = { workspace = true, default-features = false } -sp-io = { workspace = true, default-features = false } -pallet-balances = { workspace = true, default-features = false } - -[features] -default = ["std"] -std = [ - "codec/std", - "frame-support/std", - "frame-system/std", - "scale-info/std", - "sp-runtime/std", - "sp-core/std", - "sp-io/std", - "pallet-balances/std", -] - -[lints] -workspace = true From 021e1ba87b77f8b4d3d49a84529a063cd0e50454 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicol=C3=A1s=20Hussein?= <80422357+nhussein11@users.noreply.github.com> Date: Tue, 11 Feb 2025 10:39:20 -0300 Subject: [PATCH 6/6] Apply suggestions from code review Co-authored-by: Erin Shaben --- infrastructure/running-a-node/setup-secure-wss.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/infrastructure/running-a-node/setup-secure-wss.md b/infrastructure/running-a-node/setup-secure-wss.md index 527463be4..c63e87cf3 100644 --- a/infrastructure/running-a-node/setup-secure-wss.md +++ b/infrastructure/running-a-node/setup-secure-wss.md @@ -3,14 +3,13 @@ title: Set Up Secure WebSocket description: Instructions on enabling SSL for your node and setting up a secure WebSocket proxy server using nginx for remote connections. --- -# Setup Secure WebSocket +# Set Up Secure WebSocket ## Introduction -Ensuring secure WebSocket communication is crucial for maintaining the integrity and security of a Polkadot or Kusama node when interacting with remote clients. This guide walks you through setting up a secure WebSocket (WSS) connection for your node by leveraging SSL encryption with popular web server proxies like nginx or Apache. By the end of this guide, you'll be able to secure your node's WebSocket port, enabling safe remote connections without exposing your node to unnecessary risks. +Ensuring secure WebSocket communication is crucial for maintaining the integrity and security of a Polkadot or Kusama node when interacting with remote clients. This guide walks you through setting up a secure WebSocket (WSS) connection for your node by leveraging SSL encryption with popular web server proxies like nginx or Apache. -!!!info - The following instructions are for UNIX-based systems. +By the end of this guide, you'll be able to secure your node's WebSocket port, enabling safe remote connections without exposing your node to unnecessary risks. The instructions in this guide are for UNIX-based systems. ## Secure a WebSocket Port @@ -20,8 +19,8 @@ You can convert a non-secured WebSocket port to a secure WSS port by placing it LetsEncrypt suggests using the [Certbot ACME client](https://letsencrypt.org/getting-started/#with-shell-access/){target=\_blank} for your respective web server implementation to get a free SSL certificate: -- [nginx](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal){target=\_blank} -- [apache2](https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal){target=\_blank} +- [nginx](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal){target=\_blank} +- [apache2](https://certbot.eff.org/instructions?ws=apache&os=ubuntufocal){target=\_blank} LetsEncrypt will auto-generate an SSL certificate and include it in your configuration.