From 026b3bec9876760d60d7dc129ee8bfdd975ccf58 Mon Sep 17 00:00:00 2001
From: "(Bit-Mage)" <raj@thebitmage.com>
Date: Mon, 21 Oct 2024 15:33:01 +0530
Subject: [PATCH] updates

Signed-off-by: (Bit-Mage) <raj@thebitmage.com>
---
 Content/20240212173904-cloud_computing.org    |   7 +-
 ...0240305152640-web_application_firewall.org |   3 +
 ...0308144621-software_defined_networking.org |  42 ++++++++-
 Content/20240707174313-plantuml.org           |  10 +-
 Content/20240728173428-flux.org               |   4 +
 ...241013061220-internet_protocol_address.org |   2 +
 ...062709-nat_network_address_translation.org |  89 ++++++++++++++++++
 Content/20241014204106-operators_k8s.org      |  10 +-
 Content/20241021084553-operator.org           |   2 +-
 Content/20241021100814-metacontroller.org     |   9 ++
 ...41021103615-operator_lifecycle_manager.org |   8 ++
 Content/20241021110953-iptables.org           |  28 ++++++
 Content/20241021114251-openflow.org           |  11 +++
 .../20241021115133-multitenant_networking.org |   5 +
 Content/20241021115217-dcops.org              |   6 ++
 Content/20241021152945-distributed_sdn.org    |   5 +
 Content/images/plantuml-seq.png               | Bin 6125 -> 7033 bytes
 17 files changed, 227 insertions(+), 14 deletions(-)
 create mode 100644 Content/20241021100814-metacontroller.org
 create mode 100644 Content/20241021103615-operator_lifecycle_manager.org
 create mode 100644 Content/20241021110953-iptables.org
 create mode 100644 Content/20241021114251-openflow.org
 create mode 100644 Content/20241021115133-multitenant_networking.org
 create mode 100644 Content/20241021115217-dcops.org
 create mode 100644 Content/20241021152945-distributed_sdn.org

diff --git a/Content/20240212173904-cloud_computing.org b/Content/20240212173904-cloud_computing.org
index 9abb194..6d158dd 100644
--- a/Content/20240212173904-cloud_computing.org
+++ b/Content/20240212173904-cloud_computing.org
@@ -39,11 +39,12 @@ See [[id:89784e77-cdd0-460c-a5b9-cb0a18842903][Anything as a service]]
  - Platform
  - Infrastructure
  - Software
-* Control Flow (work in progress)
+* WIPs
+** Control Flow
 This sub-node intends to document the major points of control when it comes to provisioning resources on the cloud.
-** [[id:d2dce984-a72a-4069-9fae-10b515f97a26][Cloud-Init]]
+*** [[id:d2dce984-a72a-4069-9fae-10b515f97a26][Cloud-Init]]
 * Practical Sentinel Refs
  - [[id:c2072565-787a-4cea-9894-60fad254f61d][Kubernetes]]
  - [[id:af4d4e9f-3fd3-4718-ba73-e6af4f57c29c][Docker]] 
  - [[id:03cd8062-b3fb-4cd9-97a8-5d60f037f7b6][Open Stack]]
-   
+ - [[id:714b029b-d0ac-4842-89f5-5f871d1a22c7][Software Defined Networking]]
diff --git a/Content/20240305152640-web_application_firewall.org b/Content/20240305152640-web_application_firewall.org
index dc9f8db..0842598 100644
--- a/Content/20240305152640-web_application_firewall.org
+++ b/Content/20240305152640-web_application_firewall.org
@@ -12,3 +12,6 @@ A DLP (Data Loss Prevention) module may be installed on the reverse proxy to add
 ** Data Loss Prevention
 * Cloud Native
 ** [[id:aad7cf70-154f-4198-ad2b-8e6cd40771aa][Traefik]]
+
+* Resources
+ - https://www.digitalocean.com/community/tutorials/what-is-a-firewall-and-how-does-it-worke
diff --git a/Content/20240308144621-software_defined_networking.org b/Content/20240308144621-software_defined_networking.org
index 1950d2d..deb7ab9 100644
--- a/Content/20240308144621-software_defined_networking.org
+++ b/Content/20240308144621-software_defined_networking.org
@@ -3,8 +3,46 @@
 :ROAM_ALIASES: SDN
 :END:
 #+title: Software Defined Networking
-#+filetags: :programming:
+#+filetags: :cs:network:
+
+
+
+* Overview
+  - Software Defined Networking (SDN) is a [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking paradigm]] that separates the control plane from the data plane.
+    - *Control Plane*: Responsible for decision-making processes about where traffic is sent.
+    - *Data Plane*: Handles the actual forwarding of packets according to decisions made by the control plane.
+  - SDN allows network administrators to manage network services through [[id:20240218T061653.528745][abstraction]].
+    - Centralized management of network configuration.
+    - Simplifies network design and operation since the control plane is logically centralized.
+
+** Key Components
+    - *SDN Controller*: The central system that governs the behavior of the network.
+    - *Northbound Interfaces (APIs)*: Interfaces allowing interactions between the SDN controller and the applications/processes.
+    - *Southbound Interfaces (APIs)*: Interfaces enabling communication between the SDN controller and the network devices/switches (e.g., [[id:b148083e-d81d-4ea5-830e-b944cd0034dc][OpenFlow]]).
+
+** Benefits of SDN
+    - Improved network flexibility and agility.
+    - Easier automation of network functions and services.
+    - Enhanced network programmability.
+
+** Challenges and Critiques
+    - Potential security risks due to centralized control.
+    - Complexity in the initial transition from traditional networking to SDN.
+    - Performance bottlenecks if the controller fails or the network is overly centralized.
+
+** Current Trends
+    - Integration with cloud computing to enhance network scalability.
+    - Use in modern [[id:744acfd8-f1eb-4b5b-a8b5-043b9cd36ca4][data centers]] to support [[id:4e6ad3db-c61d-4f5a-8c4f-6e4a7f169c87][multi-tenant networking]].
+
+** Connections and Further Insights
+    - *SDN and [[id:bc1cc0cf-5e6a-4fee-b9a5-16533730020a][Cloud Computing]]*: Both aim for resource optimization and improved service delivery, and they complement each other by enhancing network management in cloud environments.
+    - *Security Concerns*: Centralization in SDN introduces a single point of failure, making thorough security measures essential.
+    - *Technical Evolution*: Movement towards more decentralized models like distributed SDN to mitigate some of the centralization risks.
+
+* [[id:5e9efba1-5e48-4ecb-a8dd-752481528b1b][Distributed SDN]]
 
 * Resources
  - https://www.ibm.com/topics/sdn
-
+ - https://opennetworking.org/sdn-definition/
+ - https://sdn.systemsapproach.org/
+ - https://github.com/sdnds-tw/awesome-sdn
diff --git a/Content/20240707174313-plantuml.org b/Content/20240707174313-plantuml.org
index 44ba208..2e23466 100644
--- a/Content/20240707174313-plantuml.org
+++ b/Content/20240707174313-plantuml.org
@@ -8,9 +8,10 @@
 
 #+begin_src plantuml  :file images/plantuml-seq.png :exports both
 @startuml
-Alice -> Bob: Authentication request
-Bob --> Alice: Authenticate accepted
-Alice -> Bob: Another request
+Client -> "R-Proxy": request
+"R-Proxy" -> Server: request
+Server -> "R-Proxy": response
+"R-Proxy" -> Client: response
 @enduml
 #+end_src
 
@@ -33,9 +34,6 @@ Note "1" *-- "*" Tag
 @enduml
 #+end_src
 
-#+RESULTS:
-[[file:images/plant-uml.png]]
-
 * State diagrams
 
 #+begin_src plantuml :file images/plantuml-state.png :exports both
diff --git a/Content/20240728173428-flux.org b/Content/20240728173428-flux.org
index ba21083..2317f59 100644
--- a/Content/20240728173428-flux.org
+++ b/Content/20240728173428-flux.org
@@ -4,5 +4,9 @@
 #+title: Flux
 #+filetags: :cloud-native:cncf:
 
+* Relevant Nodes
+ - [[id:92efb858-8a87-40f6-bbcf-d736d0ffd942][GitOps]]
+
 * Resources
 - https://fluxcd.io/flux/
+- https://fluxcd.io/
diff --git a/Content/20241013061220-internet_protocol_address.org b/Content/20241013061220-internet_protocol_address.org
index c85b5d6..95c24b2 100644
--- a/Content/20241013061220-internet_protocol_address.org
+++ b/Content/20241013061220-internet_protocol_address.org
@@ -37,3 +37,5 @@
     - Allows multiple devices on a local network to share a single public IP address.
 
 ** [[id:74055437-5557-4a21-9b7a-a3b5df3a8a24][IPVS (IP Virtual Server)]]
+* [[id:3081373b-adbd-413d-8151-06ce322b9583][IPTables]]
+- https://www.digitalocean.com/community/tutorials/a-deep-dive-into-iptables-and-netfilter-architecture
diff --git a/Content/20241013062709-nat_network_address_translation.org b/Content/20241013062709-nat_network_address_translation.org
index f97df9f..bbcbcd6 100644
--- a/Content/20241013062709-nat_network_address_translation.org
+++ b/Content/20241013062709-nat_network_address_translation.org
@@ -3,3 +3,92 @@
 :END:
 #+title: NAT (Network Address Translation)
 #+filetags: :cs:network:
+
+* Overview
+** Definition
+  - NAT is a method used in [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking]] to remap one [[id:d799bc90-5032-4a69-9806-83145297a335][IP address]] space into another by modifying network address information in the IP header of packets while they are in transit.
+
+** Types of NAT
+
+  - Static NAT (SNAT): Maps a single private IP address to a single public IP address.
+
+  - Dynamic NAT (DNAT): Dynamically maps private IP addresses to a pool of public IP addresses.
+
+  - Port Address Translation (PAT): Also known as NAT overload, maps multiple private IP addresses to a single public IP address using different ports.
+
+** Benefits of NAT
+
+  - Conserves the number of public IP addresses used within an organization.
+
+  - Enhances security by masking internal IP addresses from external networks.
+
+  - Allows multiple devices on a local network to access the internet using a single public IP address.
+
+** Challenges and Criticism of NAT
+
+  - Complicates peer-to-peer communications and certain applications that require end-to-end connectivity.
+
+  - Can pose challenges for applications using IP-level information, such as VoIP.
+
+  - Introduces latency due to the need for translation.
+
+** Connections
+
+  - NAT and IPv4 Address Exhaustion
+    - NAT was widely adopted as a solution to the IPv4 address exhaustion problem by allowing multiple devices on a local network to share a single public IP address.
+
+  - NAT and Security
+    - While NAT can hide internal network structures, it is not inherently a security mechanism and should be used in conjunction with other [[id:49fee858-eb36-4230-8eb0-881df964aec8][security measures]].
+
+  - NAT vs. [[id:1a3d2a4c-bfad-4e5a-ab97-4db4531e7bd2][IPv6]]
+    - IPv6 was designed to overcome the limitations of IPv4, including the need for NAT, through a vastly larger address space.
+
+** Further Research Pathways
+  - How does NAT affect newer networking technologies such as [[id:714b029b-d0ac-4842-89f5-5f871d1a22c7][Software-Defined Networking (SDN)]]?
+  - What are the performance implications of NAT on high-throughput applications and how can these be mitigated?
+  - In transitioning to IPv6, what role does NAT still play, if any, in the IPv6-based networks?
+
+* NAT & IPV6
+** Context
+- *IPv6 (Internet Protocol version 6)*
+  - Address Space: Offers a vastly larger address space compared to IPv4, theoretically eliminating the need for NAT.
+  - Direct Addressing: Every device can have a unique global IP address, simplifying end-to-end connectivity and eliminating the middle-man nature of NAT.
+
+- *NAT in IPv6 Context*
+  - NAT's Original Purpose: The primary motivation for NAT in IPv4 was IP address conservation due to scarcity.
+  - IPv6 Design: IPv6 was designed with the intention of removing the need for NAT, providing a globally unique address for every device.
+  - Usage in IPv6: Technically, NAT is not required with IPv6; however, certain forms such as [[id:e3be59fe-2334-47f8-a889-fff672c1c1af][NAT66]] might be used for other purposes like address masking.
+
+- *Connections Between NAT and IPv6*
+  - Security Concerns: Some organizations use NAT66 for perceived security, hiding internal network structures.
+  - Network Policies: NAT66 can facilitate network policy enforcement where internal addressing schemes need to be kept private.
+  - Legacy Implementations: Transitional technologies might employ NAT in mixed IPv4/IPv6 environments as a bridging tool.
+
+- *Critique and Observations*
+  - Philosophical Standpoints: Some argue NAT remains useful for security and privacy, despite its redundancy in IPv6 for addressing needs.
+  - Technological Pragmatism: Actual deployments might still rely on NAT due to ingrained IPv4 legacy practices and tools.
+
+** NAT66
+:PROPERTIES:
+:ID:       e3be59fe-2334-47f8-a889-fff672c1c1af
+:END:
+*** NAT66 (Network Address Translation for IPv6)
+
+  - Purpose: NAT66 is a form of network address translation for IPv6, which translates one set of IPv6 addresses to another, while maintaining end-to-end address integrity.
+  - Debate: While NAT66 is not necessary for preserving address space as in IPv4, some propose its use for:
+    - Privacy: Masking internal network addresses from external observers.
+    - Policy Enforcement: Facilitating organizational policies that require address manipulation.
+
+*** Considerations and Critiques
+  - Lack of Necessity: With IPv6’s plentiful addresses, NAT66 is not needed to conserve addresses, the original rationale for NAT in IPv4 environments.
+  - Potential Downsides: NAT66 could disrupt end-to-end connectivity and add complexity, which contradicts one of the core simplifications IPv6 offers.
+  - Security Illusion: NAT66 may give a false sense of security. True security in IPv6 relies more on robust [[id:49fee858-eb36-4230-8eb0-881df964aec8][firewall]] policies and proper configuration.
+
+*** Further Research Pathways
+  - What specific scenarios might justify the use of NAT66 in modern networks?
+  - How do privacy and security policies differ across regions or industries regarding NAT66?
+  - In practice, how has NAT66 been implemented, and what are the common pitfalls observed?
+  - In what ways can IPv6 address the security and policy enforcement needs without relying on NAT66?
+
+*** Resources
+ - https://blog.apnic.net/2018/02/02/nat66-good-bad-ugly/
diff --git a/Content/20241014204106-operators_k8s.org b/Content/20241014204106-operators_k8s.org
index 9eaf400..929cfad 100644
--- a/Content/20241014204106-operators_k8s.org
+++ b/Content/20241014204106-operators_k8s.org
@@ -7,9 +7,15 @@
 * Whitepaper
  - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md
  - is about [[id:fbf4b86f-9f3b-4fc7-aa76-1112c755eb1a][operators]] in general
- - exploring in a dedicated node
-* OperatorHub.io
+ - exploring the generic patterns in a dedicated node
+
+* Marketplaces
+** ArtifactHub.io
+ - https://artifacthub.io/
+** OperatorHub.io
 - https://operatorhub.io/
+* [[id:d79e644e-0e3b-4ca3-ab92-6f55e11b372c][MetaController]]
+* [[id:1bc077cf-d69d-4cec-a80b-9d8fc9a18386][Operator LifeCycle Manager]]
 * Resources
 - https://kubernetes.io/docs/concepts/extend-kubernetes/operator/
 - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md
diff --git a/Content/20241021084553-operator.org b/Content/20241021084553-operator.org
index 65123a5..0f6b3bd 100644
--- a/Content/20241021084553-operator.org
+++ b/Content/20241021084553-operator.org
@@ -139,4 +139,4 @@
     - Recognition of contributors and reviewers.
 * Resources
  - https://github.com/cncf/tag-app-delivery/blob/163962c4b1cd70d085107fc579e3e04c2e14d59c/operator-wg/whitepaper/Operator-WhitePaper_v1-0.md
-
+ - https://github.com/kubernetes/kubernetes/tree/53ee0c86522b1afc1ee64503c73965b89d500db5/staging/src/k8s.io/sample-controller
diff --git a/Content/20241021100814-metacontroller.org b/Content/20241021100814-metacontroller.org
new file mode 100644
index 0000000..2c07601
--- /dev/null
+++ b/Content/20241021100814-metacontroller.org
@@ -0,0 +1,9 @@
+:PROPERTIES:
+:ID:       d79e644e-0e3b-4ca3-ab92-6f55e11b372c
+:END:
+#+title: MetaController
+#+filetags: :k8s:
+
+* Resources
+ - https://metacontroller.github.io/metacontroller/intro.html
+ - https://github.com/metacontroller/metacontroller
diff --git a/Content/20241021103615-operator_lifecycle_manager.org b/Content/20241021103615-operator_lifecycle_manager.org
new file mode 100644
index 0000000..973c4c6
--- /dev/null
+++ b/Content/20241021103615-operator_lifecycle_manager.org
@@ -0,0 +1,8 @@
+:PROPERTIES:
+:ID:       1bc077cf-d69d-4cec-a80b-9d8fc9a18386
+:END:
+#+title: Operator LifeCycle Manager
+#+filetags: :k8s:
+
+* Resources
+ - https://olm.operatorframework.io/
diff --git a/Content/20241021110953-iptables.org b/Content/20241021110953-iptables.org
new file mode 100644
index 0000000..1104590
--- /dev/null
+++ b/Content/20241021110953-iptables.org
@@ -0,0 +1,28 @@
+:PROPERTIES:
+:ID:       3081373b-adbd-413d-8151-06ce322b9583
+:END:
+#+title: IPTables
+#+filetags: :network:linux:cs:
+
+* Netfilter
+** Netfilter Overview
+  - Netfilter is a framework within the [[id:d43f2ef3-6eb4-4f8d-89ed-095fedd7d7f9][Linux]] kernel.
+  - It provides various [[id:8d7067b7-084f-4c25-a8e0-609bbbe6fac6][networking]]-related operations.
+  - Netfilter’s primary role involves packet filtering, [[id:2db5d39c-8f0d-4bcb-ba73-c5d4e22c4d03][network address translation]], and packet mangling.
+
+** Key Features of Netfilter
+  - Allows for the manipulation of packets as they traverse through the Linux [[id:2deb95d6-5474-4096-85fc-bd568031cc33][network stack]].
+  - Utilized by administrators to manage and control network traffic.
+  - Versatile in terms of protocols and network layers.
+
+** Connection to IPTables
+  - IPTables is a user-space utility program.
+  - Utilizes the Netfilter framework to implement firewall configurations.
+  - Provides a command-line interface to configure rules governing packet filtering and NAT.
+
+** Additional Functionalities
+  - Implements different network address translation techniques, such as SNAT and DNAT.
+  - Supports stateful packet inspection, allowing tracking of connection states.
+
+* Relevant nodes
+ - [[id:49fee858-eb36-4230-8eb0-881df964aec8][Firewall]]
diff --git a/Content/20241021114251-openflow.org b/Content/20241021114251-openflow.org
new file mode 100644
index 0000000..c4e8d47
--- /dev/null
+++ b/Content/20241021114251-openflow.org
@@ -0,0 +1,11 @@
+:PROPERTIES:
+:ID:       b148083e-d81d-4ea5-830e-b944cd0034dc
+:END:
+#+title: OpenFlow
+#+filetags: :cs:network:
+
+* Open Networking Foundation
+ - https://opennetworking.org/
+ - https://en.wikipedia.org/wiki/Open_Networking_Foundation
+* Resources
+ - https://en.wikipedia.org/wiki/OpenFlow
diff --git a/Content/20241021115133-multitenant_networking.org b/Content/20241021115133-multitenant_networking.org
new file mode 100644
index 0000000..26d1b98
--- /dev/null
+++ b/Content/20241021115133-multitenant_networking.org
@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       4e6ad3db-c61d-4f5a-8c4f-6e4a7f169c87
+:END:
+#+title: MultiTenant-Networking
+#+filetags: :cs:network:
diff --git a/Content/20241021115217-dcops.org b/Content/20241021115217-dcops.org
new file mode 100644
index 0000000..c0a850b
--- /dev/null
+++ b/Content/20241021115217-dcops.org
@@ -0,0 +1,6 @@
+:PROPERTIES:
+:ID:       744acfd8-f1eb-4b5b-a8b5-043b9cd36ca4
+:ROAM_ALIASES: "Data Center Operations"
+:END:
+#+title: DCOps
+#+filetags: :cloud:
diff --git a/Content/20241021152945-distributed_sdn.org b/Content/20241021152945-distributed_sdn.org
new file mode 100644
index 0000000..5b0d407
--- /dev/null
+++ b/Content/20241021152945-distributed_sdn.org
@@ -0,0 +1,5 @@
+:PROPERTIES:
+:ID:       5e9efba1-5e48-4ecb-a8dd-752481528b1b
+:END:
+#+title: Distributed SDN
+#+filetags: :cs:network:
diff --git a/Content/images/plantuml-seq.png b/Content/images/plantuml-seq.png
index 5823ef366aa4ae620d0e552bd7bc6263a9b15b36..733f78b5ecd98f709478bc283d5a8e7e8cef15fa 100644
GIT binary patch
literal 7033
zcmb_hXH-*Nvqq63MHF5HL5dQj8hTMFiWFmLqJThX(nLTYgbqPENJk*_B7`noAoLQX
zgx-<f0!XAvN4SUg^}FA_>#pzL{gIq?CbM^D@0oe#*|USyRh6hIm?(&dh^QgY<TZfj
zH1O#ozYKhzRX@FW;YBFCMwr;zxmuf<BZ!pD-kZUV5oV_BZ(P~mA`o^C4+RA5tc~9z
z9Br(@Cbl+Cy<Kd;r~}JauMz)}6I}u%F3DyQPt;lksr)yO=tos2GhXtH_`x6hQeQ{Y
zkJS8R)q1J$E+tx${^THw$(lVJnKtXbKUi8usMRXe4Z~iaZZV~c9ra-4qUA@rAozO+
zJNPPyzf(%}oF^AaENvC<z1j%@NBt<(kNI+UhW>#ccMf&)h*a<=M5-!Zo86dR5JMzZ
zxFHTg)i-ieQHpLTN0`i_PMUrAd+CU6s;}2QVKMG;mp9WHeq*dWdX1;#TaSG!18VHT
zJNDbmjH46}5*yR}JnxJi7J1;B?FGMPE4I8pVVn+vy;#(wD~rN*`N7<&3TX|;W^HJ0
zY2uy{5iyZL<e$89G5DEs)s9}_tevjtanJ|S*R;`($#1+N=Uvyj)Wu0~%g7~vGpvdA
z{ZOq=d6~jH83cmyUCvg=cFD2Bc$vt-O4amB>X+eHTo%AJaMzHyBQHqp@3bEY2Rp)R
zYh#<+C!@uMoyuxzUWQ)TCu0Ix)cK&OUoRtFeB=ioV>uy8H&7rJ1z0p9repbNmqA#>
zAxF70QR>0Vz-KBw$q&V>aB;#JDdMkmYb<w`sCGF-Bl2FBJ2>nL=+}Ubw{;Vlt3<is
z39(|o`|qG|jxP!hS7f#M^(vL$z6-1HIO>v^g_##k2wawqPLq9Ev6OP!QazF0!TF7A
z*G49yPqtCg=DTP{o|uM~RyamimZHM&LZ_|TNPUTRG5?5_<*ux(Au!dF!1N+G2)dxr
z&JGTSviMemz>ZW4(bdC3e}vO;jA>^gvn_#^c2MwPO^--lsFd3;e$^tK@;ltzt6TE|
zPMcucp?mwk)+q7JXuqehvV9RT>v6$5cZ9esD$$fCoev#<$Sbtfox%e!@lWTkpwf_T
zZmaz(x>e!VsHs(yl@p~;#2jv!8GphpEF3V4l0Q+io+xAZ@U5*)cB{z<<qf?pqVbcY
zU}apWN=&kA8Q<f+WzejPJS!N34S}RRYgVEstJva2a)>xDm145!fPa{-nI5fo@6#+8
zZT^ek7bwx!n`#NpzGn@eK;zO_y*wDt?U%b8SF>y;_n9$;Du;1UlM^nLuF$Zs-Rvc7
zu%(Nv|C=1u6p2~AlgM69gZtwXU)Qh8ig+ILebG}&fa)sRSnJMM1>$_k)LL49jG#}c
z%xhv|2GHn7F1EL7e=c=8^vRwdtQS$zP*O5W+L5Pi`}+E>^ym#2>AQo7i9CNF|17M`
z$80+%r1i?(LMbS04u8=blZw@g^{6tacjN8^qq9!GSPq#N*Om2aiaAoTp1xiD7A8a<
zc1y%NHqe=I7PCutyYXa0(Ss@X(hbwO#b&a=DddTvpHi*zG`@c7*7<5ChYL7c2AN%V
z+C6FO)f7Ixmp*WhYR1*VON*6FZWn)F=iXdTJ$`?DzAVd>k9WHEKxCH_3f^`By(`cz
z_S&rPfj}fOV(UP{uePYu-G8k*45@gT#u}M>EQZ~MP1iW49o^uMu?HfQL#obSg43cq
zek@<}N~7po^_^@LwhU)`d|pm~Nx%P)LdeHNQOiV>1ZsM)KzsHQF>6cn{VIf6@O9FN
zxcho&^m0wU8$*O5*ce%Z0N<dI{zb0wBPWe@`|L!|56bEmIq9+fh5niH#9w6T>tnV}
zXJ-Bq2Z_ukflvojyudbb9ot**JvS|)CI!VxJf}DNqX-Fl)x*f%qGKmkB@?YeZp(oM
z8V<$KZ5VB-ajR<N0inEa7y4SU1ZwAPZ$IC{NoX%MF;tW-T`Vh$@NRMF3zK_)yxp!e
z0pXXaao+Uyb)Gq5AT{b%{kBqO=L0?L>G`eX;h`kT`iap%#A(KX2A)JuZ)oWL(~-dD
zU$@m#jr_gw>&(Dme4cibj(0gNQ>YvExz(;e_eEwuZw7OTn?G5GA<1=59H-U0dbd6M
z(7Y9FaPhb%|K4kI&WX;YB`(<$g6t`6Ri*vn`^9#DiR=DH%t4kc+9JX`F3cr6kMVYM
zkK0xU7Tx#jQqm*>=wLfd9zmB_Td{}Rc}4l!y-BR{RJV3q;5&4Z)$;+W<rV_D1NCy_
z^YGaQlia^FcSYju6~mZ96yq`2+hN2Wqm0ZhTOegMaMar8D66sea*9FoVTQ{;8J=%U
z9r2WLXV5ys!1~AH0cxow*O=pc3IrM?6K2DqjIRVeoi{ujRC{kDXBY=DQt+kOx0M45
zZpVnYCYK4{pq3WRXL4JXb8RM{st*n*j02(aZ{ApVq@OC8s=82(BFw=;(I#`Qdm|Dq
z^E*3z`q{m7kL7(9o`PKqG+vf($8AnHWPOij1vir%Uwz4VV&CG&6C4a7FmliZa7vL7
zUzL$IAl~s#vTYzqn{4oG@7eoT@Nc!Yz7-KBLz0RJYw;R&;8+owD$B2D*{ukZ2VJ0z
z{KWS9I&JbK*g{VeG%ZD%4oau2{Oq~kra%}CX>-S5ztA&yl+?7Fm4FFEE2D{%*<@=V
zo}q<**e-aR*p^)@aU|}ShvjPjyuJOlWTT6{eYyEq*)a9X2XpRAQH=|Xd=oOBXWcjx
z*Kj5vek_ZU{eiGveUcSRLgLRjD46TK8u`IBL4PNkOb5gzd*k+PDXY;~NL}^;Q|mnx
zIsg6b852-Yu;n9<L&}y-_fQ%c<S7(EH3M3@RquXaG8^iGr<Hu;&wA5|y6>l-dMmns
z;s(FW^XFap_t)lWcT@|VgnlhNeLUKs`UV|wDY$3TrC!Jm{JJE5)+g^aNq6k|roj<R
z>(#0AR5j#veTG`*=Qkza7aMPF1NIQTrHcGU5_SNXB7<t64y+yqm8>=+OfhAq0Iuqi
z*yrgR)sHlu6BFETIzNHYqVkD%^>b7u-e_7iVE=FR_`9SG$KdMfq%Mk)dA1iKqPC<5
z-N;xRfEylGc5bxaHYUt^Rivjs2C9*$^Tw&PJO5cqs^Jwk5FZZj#DO%PvQ}T(@ud-8
zt4yJm8D%g`-rDVxrBwM6g*;x%8OUs3n|&Jh;`M8ombt@<V58uBac;Pdt62`3eqsW1
zj6FS~1RFN+SC-+Ak5+IFE4?CP#jaU77B}ff-t`Iggy}I=%xT0`+RlPgDPU1L7<eR3
zw<!HL)Kse|2>Re|Ia~qObt55`Z$TrxqY(C>1MNe2&Gxq*l(w@n2pS!J7Yup$u^P0-
zO@?_D$+FHN%%^<~o;Npn#Z%sV`D1m=g#e4b4UD-9UJmN+iuHx@c7*R;OiG3UMOm-&
zF6`h08k2?1KDxwZp*^~nZ5w~zONA?^dF(*cBO`uC*Tv8rU-bY=g!5{DhOx1+QUvSo
z?RGZc!NSTqldoA26Z6+;kg%cG@4fUVzKLR1H<_7F2B88OQngXOZM??qabkt9OYh3a
zG}teG1CaZX-CWb@(Jr&-+YggZ<>a12p<cEW5N%*_wS@Tjz2o)b@@DvWiLvL&ejCVr
zd!fyJ17k6m1(9?;|9voP-_9cGdUksBB2&>7KL{h<$Tw`1VcG(g5PD1G9uE(sTEAv0
zf%+Mb;QA|B&6;!Z=8krWSr6h5*I1=Gko<gnR<jMjG+u1CZ+oov-!YgWM#YH{^#h1>
zU$<hlcC(>%%k{@F&%Dzb+(Mik-BkGU_p7yrJw=)D+n60M2?`-{5rKQo$xB{>8wpSx
zlO1xbNS~OLs%Z(iS$`mm4TkDy7>(v3^AWRd9Bhnzf}*Jp9KOB&kist@U?EFEeg-V>
z+ow1&qtGj;SnV^!@k&L7C@7I|b3x<dU-6FlX}r@_26Kx8N^A-mhiwdoM#o?<SXD)(
zt<#&BY{qd+-_Uc9UbroaLrM6`3!>Kf?_aHiR3aFKd{$6+CgkCK;60VZLY;C_9)eYI
zeLx%CN6lBS<}mR?QHY%!T=b*zOFSgzEK7s>PW*PkmuL#sa&vS0`_&6moHu8}KCSeo
zFiW`zjxO4KuV|)C;vnxxl(6j`oj%Pnqh=PjULDS(>qTr#CHxe+tXP^XH-mXUT{D|@
zUu~nCGz&035~{QCveGR@+P$)*WUIxWa)Bhe^)9$zAe`mVLnlJed;)bVNDL5+RoYBO
zg5>4p5kJ3wO;7(2phmJo40gQUFP|M!ck=<C)(cUOhxh*u=z_nL=-vTaEGOq<e@G=*
zo(g!x7gh$Qa%pRCx1Fkf(X7pN{LEViQ0{k&ZMjTNuBfOeeB0#Bo9O6he0M_YHyn}3
zx(-D*Ey^JH=~V?KCE3%hRypLYXXXX5m&>tcdzWJvSxQ+Yu0{G>{#GafIPVFV-n5+p
z+t7Gh*feN`#KkCnPlKZSVTTz}5OQ{r?_b3FFMG(~3n10lAB`#j>3Vxfqq*wpF_2;O
z_B<DY|CPW0GdUr5CvMu`ir+ctSr39be(qVXL$OIr3t-RQhKm;$<N*^saVm_MN-%R7
zz&nb?zEmlGwPWKW1GgCM2wWa@sBld|C%<z;M~|*^IGcxgynZjOlr*N(m6xr}Ygzvv
z)JSBy_4+gi@s3*XNGQofDWIk`Hwa&UpdwzpdlsQMl@JR62x#JZTAAl(mPbw?5Xh)|
z|5V9|LLT;ma~7_nBlb&CNl8gjaesB7H89EV2Fk5-1ty0^qdVxnSJ}=MXbYT<akX;U
zL&~l{rOUICm&e*vO^>3X3~jAB|3J>b`DP}4`p1xvR<DVB#uRQB8|{&l9&x#wf70yA
zCrMx0%zNSO5o}&Sc0cDd4~9OV0F_g9jgP-pG;Kuw_7h0@E1na)%x%<txeEv&3gRqw
zlE1a6%B{2NPBv<#y_kzHqT>SJUJ%8jXAdHujRaj_<3e;+<^@>(Sv-KN%j_tM29^H*
z<EZ}xwE9_a?fbtKV8<GSVpplnd`?1e+s3=^6>HdFy3Eg?fjp7%IJDEEJ>H+R4Wwos
zEi=QduC8`|0uDqs)V-XXoaE)N^rB*7N?P!VeA5IR+5n3dXgjN!YAw=b-N&{pECSH;
z2zlxP5dZNry?&Dj>Cr|nuPMi!rA{msyEc@wyYn(fRe=+O!2tfjLU4)qC!2ct;{I7~
zlyvzweH!b{;IAG>@X7-mjqIs<jw(w7x*IU$A!3z1W)_(3*)#HM{8p9L#E-<gQYV-?
z|2Tk<AVzEAu2u+?_ke(ag}L!k6G^Y59kcnm(z@-<4?SYFR=(`+=2jqJbN=Y^8`oXY
zBY4=`3ni7^$5a$flu?^ci0E<LK*3G>3LnR#+}~`U(iSAsajCL5nx5D`>Fn%0n097^
zw-4p0Id4oo5D-vvp;#F#GslUS>?;0yXcHP3T3TDe8W9?bb-P`FPeUFDkJzmZqPfyM
z$`nFw=3=W^B^)eu9MDPP<Yg9>ihq2XKT7bYWT2p=>`RsAGswkUNgOHAE&qxV_^Hpy
z%fo|NFRG3F@pHWNX`MM#W<|sM@>D8~<Hi)G)TA9KzcP34ezuvcEK4s0fg$^Tm&$Bs
z8=6Wr3$y@$`Xs4gAbl5%?v#97X5(4Zc;@CanEEG6@c?47vC-T-GI)83pG127PgDtp
z&^teQ@&quY7O@7LI*L0wo*|51y&68=TW=dgf=Q&Iu&$^9!p3y1Quys)?{WZs8Rdy-
zRQ~y4f}c%B$PUOi+wqbo+;fe>NwHvH@1^3+S}o+{<eK<DNX5r;{(~u*?|Pn}dPekV
zewp}=djf`lCjXleTtxjJJO7XeTe@HWW)py~{!J17Cy<rxfBuqHq-)vEdGb`_`|}^X
zsBjqRfR=`Kz36f@i{AT1Q_TFQEiRuQRnd1l0Y32^7aoSKp8VEXH~*;#ef%Yhkg)d>
zsK4x}{RS05S`$pzr)7Y>x8s_|pFd~g5iAfx#cEAT>byV1?&64M{*gUG#Z5{kNO-()
zCfV20xPWv+IM22k<v)J(1_5P@0Hv7_3P^7DC4)|dw5-6~1eskljI=Bb-+V|Gv(nPg
z&;Uw`vT`UtH=o#CG)Vj7aWr-0vw^z>e&`~3ZiqLR1!jpDq^MN+mHG)}NAVgQW51|a
z89O|}J|LCn1jLbPyR|?}k$&wx5D44WRtmNr%I*P>27BQ#=q1mr3vgj-RC$a{h>oUZ
zW)68E%|7sIYb00(u;K<v+2c??E?7*RJ;PF*xd{;QpkUUAF^9j=eap?(a}aNxS-Vcq
z_JOpF_E&Ra$VEx{f2DI#I4BCdjK^D;<4sMKhd^az**4QPns0NcZDwF`si`(ahPxeI
zT`58)_l^~QEq)c1cyFn`B+SKi{-?*o&8z#>dO{eW%7b081vdo@-UBV3g{}EMi{4~T
z-5u3`$gr@O7|tW9Z?QW8I+U$Km#E8OX0ei3u$TGxL;*U}X&6dLssQFv>lK~Nd^#*V
z*4x!3G`6PXy&n=+_o<PQfr=J&b_2_4pJ#F%g++&7kobqB_7K<)Ml4znjN;dESPTQI
zJ(HqRl`B3WN+}|>ty9cO{0a#Pi_B@;#`LnycWkPRXR}9Uj9n0P6qy}B%?$Vpztmlc
zFy_|*;4?Qj9%a}o$l$=8JhwBXrbfeZ3|k)^$jHb5j&J1_jppD?ervc6>=fxsdS^BG
zzTW=j{_5&OGFC={uwAf;Vt&2R-t9;DN>U}vRGll$4Bu;9pVwZZRbp0-+5rrHvQO-Q
z|0^BDE{;OnO`a>$tC|FkS(tYt5957OwzlvS6Cyor!+t8@TEx-NVg${iY!M7|Ev3R{
z63K!3dUY0VX?>mrNhmF~pNUD96r$eDQ6~)N?c&|7*ak7!0+L6yPAm%+*=k;B$8~N8
z2rf5F1?T?L&UI@J;_|w_CMK;}85J#DQ-L7cyl+yKBIUYqv~rG|cAN*OIWgI_c@d<Y
z-Bz7z2*3;@Oo`Hq4I5KNw8SLNz`H{_+>2$ot0^^(>xnt=g6PfB0&N=333N<MqnOQi
zLag@9n*8kWW?wd&scIq83?NQQcDAl9K5|C-EIQ9l2dNQ@vHMVYNFB~aPTHP_Y`sP0
zP1d0vEwXtcme0$*^CHrC1Y~#jC)r9&oTcAZTm?E86KS#Sf&F!^(73BE4#gO0r)qwl
ziI2|@Hhy<|bVfs^ScAX+7+Ifnw{_4MRC&uO5KKkyLA=T;eLRI2V$<P_zcuTUNv>V>
ze%b<gh0+XWZq`FiV>_?Xc}oQU^&Ne)05wxgo#l|ys(!NTkGy$C#5`i)^Jjnp<ClBP
zs($?#ac=q$XlIAJudj30uQ}5Ur)6oWjnoU8Y0Hd)#;1W(pxCE0(mpZ3QBJAu{Osm@
zbRg@J_^g{13GGYqwo9wWd(0(XI`crI>f8AI;1nkwdP=lOmKYM8N>5}L74^jx!rsxl
zsNzp2lT}{OkkUR7PtW&Ux8krh=!S_DO5S?Bgl<Xtgs^)`8+U_13p0Yjs_m|x*b~N4
z18RioLV`*9)|5kLWD@dp`-Ky2NW{jp``lcL^O^r8#_~_w82;orTBL)+`3<(&8)5CB
zfU(e&gDKxBbA`6CF$4GMBwKLnHl;x5`q-xG=B8L63wT>5L*wiLQ)@TpLn^W`CNYXH
zv^AFsv|X+rYZ47q!OF4$kF&MMyQwB0e$;Q%i11gBPEl4x?v(ePwF=l<F-vTSBVjJY
zFX9`$<45hqI5;AzF7eTrUL(8qDwI{a!J=>S$kjx$nUkhFka12(Ig~B!N50!~-P#ju
z<edmEE?IA1=J%_j?)yGW(|mp`;Deu!0-nDRll8r2F`Qfa)-M6tJs{a+5mxFAbS{4_
z(I$YIFit=3nffu#9BR%WGnRT&((Z=P^4hmA529^N4wtU3ml*R@A1{P_I{I1d_k?7~
zd8JokWvP39CG1WLjzj4z%$!*tNK1>Wp(yDfZhn|Q=t>%?fs}Z#yI1jbr)qi7J*RJE
zU0(8dzjh-P3p_2y1JYD&Lr-4@u)z70*$=5p@*r-RrRXYNF)?P_qf}|7znd7a^fW>L
zQZ_E-_~`g}Y`BoH@#~hCf{}AWi(>3-)kk=}EzHkJ=P6htZrEl9m$FSGD-|lv;V@?*
z$YFxM98gDiqCN5|e2=>9TZ3n@@<LI*>lDu2zoe6MhN|utfDfgj%~-!I`NOlpL!;}V
z{M0PIAcoGNFID@(ai;VXureW1wlLQ_-E!0@M%gXWH)tIjNFOTT8Vf4}L&R<f1A~N>
z(|zc)U@UQi66+CPcxm*{p_RTmskoKg4EKXne3#C%6<Tjrd0icK^`JY{zHWinuEwJ#
zIBne`6@ac>b8~aKxqbrH%B@()8Xnv<NV_Sm=o24b*&5i$e%jD}IJel|DBnJ(B9}T)
z>nyw96J!DQ=FnO-HXhrWQY9CI)#P7qUdYVKD!k~9-Py#xV|XecbHy}_0Ma^Uj2u4=
zA7dt7@gWI0x*y;5q6v0%z7gAJrqJfq9+u=c!h9^s%S&1yeU@|su!rQsHzG?|zl&F~
z5W!(>5<qm7%OR}FN^yM9o2qtsn%7a^Nk;X4pU5^fSlBaMl#PdivyMLy99m!TP^tfX
zb5Q*qGwjqDrVCGq%U(Odn~mcK4MVkCmn$q?nKsla5Nll{1=<%~oH%|Sw_TO#sx^Ct
z<>iHa=^30rXcF~Dm_eNj4;Pn!w5P7FZsonGD4{Qf$}PzEN#ZsTC{7q?;+UE)Ev@wB
s_8{N?b5{bnyT<;nW5xvo`*BVrmvlHF^F>h|xC0}CD5%O8$r<_l7tk2sivR!s

literal 6125
zcmbW5cTiJZ`>xRlDpC{_kS+)ageF9UNRf^-6$peLI-vyVJyJ!Q6lswng0v)*kN{Ez
zM5-V{Aat>S)PPi}zo_4P&il=rIcMhlk?fhh*V=2ca<A)tp8M&2eNB2=c3LVbDtc`#
zwTG1J0Of-_cbf7Yo$Dk_xrq3voBG%xJOkYv9DS%X9XuSoU_K7^ytaY7&OSb#-trO>
zo^CJ?A76JjaXW;&-#{-9W!5hjBU7J$?o*wj+zH6BOuB0jseCb-d>}ec;&z5yPn@&4
zhh@KH%kNG$XM4n))#;G&4oS9oRcy5ox;ayKbv%F}v;;RWdTvO}ZCWlGxDIBToT&0W
z!>x2W33EMCD+{p~p(5#<2(a61eVU_uTxT0O(jN?;z52xt`Zg*oN3#M_os?#bE2UGt
z74XqD*0;QJ*tEmY_pzK+dFR)b$3xT-{E1xSlipbZnIf`j;bXii&E3s(TEEtQEl};s
zK*^=7u=M<1C7WC|^S=89tjxF5;ZG2PK0qFVE07?}$;ddAC_+bQ!+%OFTFcqmH|P=B
zrnX~qSq5(BGEz~o1Zu0@H43m=&Anh`Y|Q;W<q7Q#I3NExK0c9a6-AFAkmA>AzuvPl
z7GCxpb+#{*uF&Q>l`X*bO2I--AZ_pwF!_wR3tv)J`m=i<bPXk=TnCK!v?f$*vLyVx
z=NoogH0%An89Yx~37O0I!DDjs;IEcO9uxAw>kMAHw&+3L*!STW4Yo7TM9FhFcG$%x
zVtILardXe@o}Piem1D>~ZD_5J%l;&S=W~$y?bsCD1XD_#S<rr*VF{3>?+Wv<(n)q^
zT3Uy1g6Em94p-E_VQF;YU^FEcSSx_mEji0<bLZaoiNtlA(*s_zIfj_M@e&x5YQLnL
zlFpohnZKOHCkp*=RZ1O#LrL4lVeCOp?=C}o-~+M3IC*=*t5>Sx;^LJ}IO9Iy8#h!2
zO7gAlczyHn^wd&UC$Kqa@}bMrMMQ^_hThbWqs~ipJ<Df~e|jz1yh%Xt31;V88q&+x
zmkaFoD#LEtPrHZJHa7GrrkJG+quY3Np!80%+I!*n6d+6?$Omt#ODEM1XRCAU&stqv
z44m(8h3ZF6R3QJZP%<4uUr9ia`B{d~4;k#3uO`YKf1exLPcsl{@V#KxyiW!iy1w9;
z`SO*A{IS5UD=Ak{KLH$w%ekV6Jiht96TJ3gs=~5SJMD{)#$6oBtO)1TGF~smx)0ak
zEoEljEUl}Poge+R$!hkbsL1{dHFa=cU}vWS1mdTS$rd=k-f|sfW>nacY-CeByp$nK
zFth!#^6{hOHyhKnS>)R+DQ43-Iq&0(+}tVo*0G1(-HkTj>MI%DaCk~DTx|R)vqL1!
zG!K`8dSm>e==JL|N=QZxFi$=M6e<C~))AwC^C!bhnG4^)Qg^Za033G#Wi`8+AV+6*
zRvTf+Tac%aj*<es7qvflE=<+Bk4^iZynnbW+_vy}d(6M)aC_PM!nq%Ux85;9^~4@R
zv+b>X@o*w-%|$_RKQw;J=@Q{+Hi8=2##RvR+<0~mD1)yvmDcey6O;8XdGUgy2~k#)
zn{PeV-%n)8CVuv};8Y08K!>kdRS(z=j@G)HuSoXxigeZjRV2=zP3i5uE(#1GzYVt|
zak@=q4Wmu+(?!QVkG6zrdM=ZynIK-vqY<On$>*6SkG$8=m21i^*h;PyyqQWn9X>n=
z8lkh+yn9MV6;tapc=wx~+Pg@Xvb^T&oN6MX3mioR*OTz?1obL*VDw!E+ozBktC>eV
z+-TTJ+k~W?Tyy<iXogi-p!5`t5@k!&&P#mperx-HO-EK|`pnYWTD9YcAne3&iA1b>
zwHm}Q-Uw1gtOC}I=)JsnDV{T<)e{C+Q!8TeIt&o*vu@g}WINZ1g5tX1FJu?m1W3Vf
zIZ0eAQrT=m`W4aBe*!-{9q81`1>RYk*xq>?zMH@fN>cxjBUhr6X+3u;E?!AX_wXom
zm;TbE?SC|VbEkQtKvk%^pOJwfTi%zw5xu&4%Y7oIz=K%c>T-?5WxJ-LNb^!a=Q^my
z{uxowAPKqNHtUtWu4go&Tt*zoJ2G%{JFUp`gHIffJPBNz$_$`#Gq1AckoURGZQvF!
z@JF~ed)U_2)}|YGweIZ~?$BRWi&`@^R;>)&%o|maOtX#M*xrte-Pm|0+ndRyAxN1*
zIq8`Bg#XJqPbKDDGPHN+hV=FJev#L>9U+YK;`<5F(S|xMSK{e(ctVX*b8|oZZ@|?0
zBR1YA%Gnmd7CRURkADqbsI+b!`29T6A^kULzRk}&*xRGht%4T6bI5wEhw^d0*Mh$0
zyN8+QB{%PK=c~(@UoJ13f#U<+v~L)tVKjae+}Fdg7d%k`^}wUJX^BP%Q1k`ucAr0^
z&RmQBHzAj>#h%x+vyxOmM035loh(VNXm~2|oWkXDZ3zF?{Zc__;z!j2)PD_=6Eev2
zdE`QKbbU+eZu@JUOuru==Oz)Y-w~!8-!rX?i;HotXR(f!L`J1U&oN8?T(JLI22;ar
zwwcRSVP}}DtyK>8HoABsBO}4SOL&)I!Q;FuqdQ(7;qx(*UrO@BzSOWMY6L~a*!nQ~
zk!Pj}u44=N$guU#ZNMkq=`UVP>PR$?H2AvO*SZWl4(2Ifl!JogPe(>X%mgiqLG~KS
zEiYsdRtp2UDN0TQoQFd9YF)>~`T09$XY<paLps|lE#Cb6QTXgQ<Xm8hzG1QMuP^Zu
z$$_8WhMxk^1Ox|bs;hI!d8r8<E)mhvP6Jz;o2sfkJw39B8T+FJ`M0#vq+tO;!B@K4
z+D}Qy=Vcg-n$t&ga&mHKJZs^d3*W3RHD-(^XJ)dpu*7Jx$vA&}$}Ci`x%XPs@#PGB
z|3Xhsn$XwPkZqy~MR-mFIc0<m?l-y?b`zb4>Dk%ibqMPW#@A2iIbz076<<{d+DaAB
zDH7-`CxJp}9-zz1ZBSj@!EWEWQ)WXp=^b~R@<UnXJPlgIj(pmgnV8-uT#a1cTo}|;
zQ^S~6tBCUY5#>Xs8+_fgm=B)y|M>Ca62As7GiWduY_fk#2K^Mo+uP9rV0sCl%z2iO
z@U5LAt_4NkKEVCsWsO3M&mxl|j3;FMRK<o0E70`5>sN&droF;vitQ!Ltk%dQ(9B{N
z53>KK6#MoPQOE3|*%gcLOG{>EX1zZpteW<wya%W29|7bpK8-F6GoLec<~!V490n>0
z36&V+D_X#?0QOP;*GHO_W(2tJ(ugp&Y0JGz*M)vPr=(;dhMt3BF)?>5nwoMhAa2OR
zZ(Rllzl_vh@I?EQXI6qX=Ra6B_=Gon+P!gw)Ig=7mf4_v7ho8JFT$7CI1PS@c+<<S
z8wfbd;5OT$pvWXY=XqTmKby~`5H!-)rvt>$E14zvnM@%2%ezOy6kV1t`OHxLWaLr2
z6LuKTUrzBnhYAA2zt?T==&<x~n5=bQNq2GOTI?gVI8v{dbyBVWTF5_nNLWq%R8HC}
zNQ7sp#>dBR2%VX12?Ya7c?L8<wUjcDcF`Vd2XZ-q7T+@Us`z4+f~QHauVNSfJch^1
z04GdiM?F-B9@G?&#sOSzzH8I|vz_}Z?a>#^7&6!?he*=s$y-FrFF~3Up}c^I<}MuW
zW)oM!iLP&1n5i2qJmL)_NO|S?^UE&U=Ej{}U3M@dLqoum4|xhN#DaKd4#=&Hxm9az
zAQt1=_7eSEd5@{vm_!i~k^Nor;6O>TpK@fH#fs8RAw5)-G5;v8R8Cm<DUml+{S*88
z)%A@HO0l9mI96d9->klhMJT&A=aC)`GmMyj7*$~cSJv0xUgo4D2e<}M2MD*cw779}
z&hXD%4teZw)(=y=)zQTcPI&uPS=Wl>4(qrf=7JW%_&R<-UAcJiF_*KO8*nn*)-@r|
zX7k+meQ8Cu+V;7j#o-b=`p34T;QQ48_8j87WB$#b-}|Jbq)6d3XV1DK0I`+b5PEfW
zb<#)PvpiJ5&u~O2pcQY4a4T~;yM)y!Rgpo9tiPGSIq3NMf{=w$*U%tK_CfgP&ux*W
z*0u@ub_J)Bi74?zIANlJC@pA>M4kk%y%7R~8>`RC;ZTNvI@p6)0p1LMlB&!SZ^;at
zmNhl%l(PpwA$W(5k+F{Z+aHo*hSj`<fIy1ELiP6h7@~9e>8K6>^&-5ykL57IyK5;a
zDH2WVr#XnfS?Ud!$q#?|@+FC6>VYk$@ENsvIv+;Y!7viU_Vs>gaS&SALW?Q!?17b-
zxVS#Duk60wHiRFgxK&53rW5lIv9}?H^~u+DHU9!RSob%#|1$nM`clyUg8#pVIZ93;
zRL_B(SCDIc&R%?=S?@R$1N~~cv{~YS@Iw{V;O_|#*U^Q`+8ho9sd~@cn4)ak?>{6R
zAFIc+P}9)t@9z)fDR5+OuMofYW!l-<ji+cDC~O<m;8FY+dK^RbA7C*LRx@OpAfw4x
z-D<B<`CCsZTIpzdCJ&9@UL+Q2r)eaz`<5kLm3AcIQ2cPO(mK@i<k$Hy{S^EIKl-A%
zPm~ou^~&jdpP!F=;-du^PZ9Vs$IIu37XB24sl{dI8(w!eQnHvxmN7Jwa{?`fYkgAo
z`<CLDnmP={zWMW1m0jFj3nh%rsX_S|rP1JY15igL-cT%c4rT6hBE)=`I*Lu)y&F<&
zDz_|YbvrI}XWYpYUCpvQjHci@iASjghhq}`>M~pm(m_xAU4vR$HaqmO)S^E*pZd?%
zyz?}t*Ou<=g+8eUsB4cT>~0?I&W_P)GCmC_)U7F3>s31tCd;A75p%t>ckCZNWD@L+
zJj?iVH#Vk2@1-6mzkD1F2nGjJTx_K)h9cgO^X=l@@RKL>b|g#2t2fUeZRuop?`*Qr
zKvz#XOpT02D6c1z$<NYRe)ab}KoD51LoS(n1c=JWJm&(OlJu=GBhXG>wW!gfx0F3v
zo)ByiQ<k6@L|)jwOMjNz9YFosWSzt+4T=l3z*+JDQ*3EhqY$#^>3G|%yvO}RlA|3c
zW}A1cP?OQiTw29w*dw6|MMLxEL7~PFX*A&@g+--x6Yi|3pIXIuQG#{GHOHlO?02=U
zp)b+gh49lwP!t*USF^>1zolweuORqam-ZkP#{aG${z`jkxak;XBduP564Wxz2iUk3
ztlO~FIR6+I6Qe17UA}Nivi5V>w*3<#$>7UU+PD^JY?bBl&>&EODh5o5{%+kI<U8M=
z9TpbWt*fu!61Z8sC6gJ%P4{(vJ|inDHs;>Fdw4&rbmxuVhMaTLf%brU@=IrYXZ}@J
zrJrfF@%>FrO;uHr2n6|VBu(z^M=Ez3I|C&r;I#~oFAe%@YiY4bJL(!66Mt<k@bmFO
zFs21p9I4%?<4OvuQkO@uHQdehx>B^+LqkLS8VSmR4O0GV7NP$bXdl;>=keh$%6Ye_
zH!L{L_GL+}Q=rlS6R1VyOiWBx4^wk;auh@NJ)>WTe;U4Dv}ERVuaE*W3X4DWE}QC^
z0q!g;F1~?v#JG-Cz>-BJBo^9VDE{`m?Lkb9f)$huu(_wBV~H7%NZ}6Qqko<k!)H7u
zZ^+&`aQ{u%Q3J%P3;u~c8M(JUxAC>h4nk=Xf!<iWv>po=h$C*_X>>7Xi;Atx%gxA6
z8mKIF^z|cNdC}#@Ltm`)>jyx?J6G=o*(Uzmkv3K`ik~H+=+%#;Czo=t0GpzuQ-&q_
zT(TaV8Q?2dt{ffg4)*qz6GBn(zAppV<BTlD4HL?-V6q3LGBJg|;?UOC#++Y#3Zghj
z_{JXxdF$o5Izb?rkI*{R$vpZ^>L#irJG3|D4-f_dpUYE<M#ufF#VmUO05HygAKh^g
z9}WNFa$~z1#b#{oA9GJvm(K5HTU*=2oQ(3F>i2&P;Anqal|fO=^eyq<Z!Pq^HeOWa
z=j~l`e6kFUhL_iw>AV(zVt0@ys_sBWJei+^17{ZM0)wEj-saD^6%LP%g146lHf^Ud
zEPG7%uA${XZf?utHA17g>r+**4t7K`KUxml@7^4|>sW%8nfdJrm@c(VYDh;u3<f*c
zS#|w1c{+O1uAPeZ!Uf7NXdLCzy=C8>Tv}RsmOFqK41Td{aOIB+WDQC_rstBs90{c$
z!ruu0o8JRE4<0<YfBzzl^fD}gQf%9Ugs2<C*VjEC{o5MO9J!wwO8x&nfJ}eSDgQZP
zN+^P^w718YHpuXUK-15kXJoX6z0<hy&W6%e{Dky%cgy?s+E!agNx4s>{yPoHNKF-w
zxtb$xQ3`Ddk^3EeBxD+2rbH-SKW|F)?-hA|RUJWH7Zu`zeh`-YKgA$_+aup@xVrii
z3kwUYKnHY&;r;tjIR;A20pGe8KYvb+i-Sw`CjIR>i@6HDoo3H7+fooM#KNq~TNj|C
z%K%;N5jy#{v?TAhq9)eWu$r1G@$TZme>!%*gI#1S%ywbm2tacfwDrTeI*ZLViYV#v
zAxmm<czClv8(EV>L$EygyMlfrJ%^R+?2IO`nE6%yO5Fqp;;^rya9b$f$Y+@aAGAFS
zEgrok+tk^mG*h73mBa<s%VG2XX)h-la(w8J5br-V^v1H$FHNv>F(JYpM9^~h9#Zqj
zPJD})p?qIRaQ*=Tf#}C>E=b@Rw6%NA(bDex{23P?jKQp=Qi6jWbN5k<5O>fIn4eV0
z9zW0!PI&ijyr2Nq-BvZ#dh%GxPOz%od;aj+ojZI=trsbX@o)396$PdcNBGi-W;kY{
zUK;uaCHbH@Kh|LrEiLD;W9|e$MMW+g&T2#@hCbMyJkwDnsFA21|LGm2KOcrm29H%7
zW13ed{X34`FihAO1JxI|+=rA{>fI+R8p+3ruh$GC2HTb^$&SC4$68q~e$;b|{ij)O
zT5=|qUva#qYq0`xSsdhpAGA_mIF67~xiI9%xDIu8MpQdyQ1S_nHGNrG*?`%HPGF_h
zitKE(*iCdBx&C(07SIGR*=(EJm4|hotR=yoryIw)L!+#i82HlDwIQZ^GvR=)DmhZU
zREbHYqNqtl8#eSH>GNo{odD+BD3%&)UMDP3`DK2}#CkeB#M~N8av?-TU3CU*<IZGG
z1(N|8F{bW=d6C^+v9V`|A1VZE-;Onc49IG^jvWK~T;pv(rnHfq@0hTT%}rlZ6(Aj?
zNCM2uE9lY20kHY-r(->R7-dVIGFiP_c-;9)GQ%UI;rz(-wA}~Pwi%(s!204p`NTss
z4C+|+LirjWiyRO+*FF*(t0nerZ{uM`YruxJ)Wx_zsl+YBK%`F9?ueI-J@Vu+9`B@v
zo?FAav^H)Ign|85rU}cd;Q;bg5S%j}CFiZ5Dc;%+xXg-7&e}UTSmWTU?ffT&S_vko
zKGC<$=HcYL>ANK3XEHhIK7prKoh~;<4y#mw-%Uk_&?)O=Xu%yR5szLT=gH^D*6%mx
zUX+%GKSbv$9ORQoXF?P|s#`dp9B)p&k=URj)!KC4^7-L;Cy&IU^GCQ2sZvwZ(~bV*
zl;>NTs~k6C&rMgC$5?I7D`2B-1UoN&U0yzW>FZY>#B&L7f-Yss|1$;=K+EwLci)3}
zYv`tI--77q>9N|;>9b0VCKE?&n=r3pn}|21P1r-~BeT4`>lPLkyt()}+XA5Kmjcnm
zkr8_bY;SkBt^xA>b9~4zX>!vh!<cCMUAhco5k3Sc!ufhPJnC*T@mwS?r7GF5zPx1Y
VduT)Iq2%sV+Uojh6)H9n{{!Uq&L{u?