From 3855ed7267ca1fcaeca1a23f0f756bae2df0517c Mon Sep 17 00:00:00 2001 From: Jessica Munoz Date: Fri, 30 Oct 2020 14:12:48 -0700 Subject: [PATCH 01/27] It will have Snowflake_DROP image file in assets folder --- site/devlabs/assets/Snowflake_DROP.png | Bin 0 -> 43989 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 site/devlabs/assets/Snowflake_DROP.png diff --git a/site/devlabs/assets/Snowflake_DROP.png b/site/devlabs/assets/Snowflake_DROP.png new file mode 100644 index 0000000000000000000000000000000000000000..71ca01f101cdc1c0afa08cf517d2946d63ecc5b6 GIT binary patch literal 43989 zcmZ^~1z23ovM!8-KyY`r1b3G~g9mqa3+_6&gdoA)-Q6X)LxAA!?lRa6mv8TV?m7Q| z?_Kk(r+d1)x~r;tbye59R;1E5DHKFPL?|dI6d7p=6(}f}SSToHb%c-aB{A!8HBeCa z9@gUGN;2Z&LQP2EjV;T-Ds zhGa|xg6JP8bV6J#bJNoP-MzEEU_Z3004OWy&q}mDQc`i1l@m~FkhM1tUDA(#7Qk%- z$(3)UZ#~@nWSdqFP~<%LK2H)p;eD;JP-^KO5^Bg$_(G{uWMo)%p|D01=x{9PLody> zZ>Y>meFg%LYuvF}(ab+}p>xUOMwKB@=p9D_G0Y8Q`?u&wYKUQ z6)m2HPGoThO;N3Ka^V@ysPc@+qO^gE?DzoB+^Auk41*9nY+z;~l3O>(ER2C=WZAe& zX4b{y1{RQqee&~3h9HumJ{qBCqED@r0epB$p zR~)(J$d}b3DyCsQD@r9ckmoSQH&I*SXVUrA#A@R@|Tp-zi=fI_|AuQFv=1X-B>ogZA$?q(DFaeh#xuKF~t6EECp5# z694SKL2+k#crF?ILZMX*BMV;yEf-ExkgD`u1cnCflp?RuXcCcC-NR#DxB2#!?CjOH z7vS4H9-c5n;W)u-mpRg7i8&a72rT;Ub(aHK)~;AItT};@Jhk|*10R>+yE7meSZSf1 zF=wJ1;t!OoznB8xz3`TQoQZF2^Z`MCUe1N?q%tNSyn~GS0^f>aJ1bnq6J}=diYyBk zJ%&YoI*3gyK+mDXO8-Q>LyOp^=+*w6GR!-n>x>p#*;vU5rORi2$acSOA)qNDulOc@ zoAptIM3|^G@a<1f47AcF3Y5zf&`PWts`dhU>xAQSskD`Z(B?EKEa&6jt4I?#y#TU^ z-?*bNlDQun1BF?klYgV~!g?%CLtpvFz+4-VNyDX)<6#G2I$~yiwCsg*B+!Fp$|YHY zMf+{a3KjO7$n(t?%EbtpF_;S>s1_YZ0%fVV4$BmyAxTt_^#^j~=}OyTPD`VbR|D2IlE&1uHf@RhjOI-LjN=Uc3=xh7jwh5c6gm`15?_)~l1@@+ zkmQFYcFvatM^0YRO!_Iz!(h3A{oSeU6-PxUGDllaolaH*Sch=5zLFiqEuyRSN99)! zSy@?OSsYp0F_AIsF|0(*FJvm;l&Ue05KKPk2N6*uJ0>d09g%lZ`j+J9W9H8mJLmn# zGWpB-TzxQR*%SI^-}ZHj9Oy=Nl&q40Auohkbq zTbE~5Pyn`ru!F}3^@ZzUkr)A$4V5UyET)0jk612KFEcC?Bhx$+#CO=1+S=F_)cT|C z!g11Z&c)Ul-Wktjb3c3Ec#q;b!9IKZr66tXFT>$ z^8mEVa&Wn4h`xo(insLHQF*J0{F{1f^uTq(Ov4@z)Isx<4$v^H>uyK z->+xcE8RohLmg`xV;YMZe;Lb(2bPJ{7*#uJ<*6ErE6cFS)`>cOl@S?LEfcerNE2O_ zq&chY@w__u`fk#mGlop3i@Fg-in zl5@DpvuQ+UUMFGYbwzlEYb8fIzmR;EW)_dcI_paoZB|ZudHai-z+Ieom^Ys{_AYAIqod*^|c(eG4(SbsN+!Ty?EXs^*0@teXqO(tCYV{t@hr%0vWiPZ32@jei0jQoNM}i|j z*4?de?EXZgvd6z$e?ME#T1#33W=ZB&*?Bos*o#pKNZV6oCVq|)^HsV(y5iC^uvP$c znL8L?JYp253iOWGX4mcoFFU2A%wjTm>%IP7S^>LFAZ0M}qFTLm#`DLaD z!|738KU{tQ6Fn2}lE+fAg<}AuKEAIZ%aIH0f%QT4_X*IS!^hmlh!}Y3>lyqtp4Ef} ziu}sAIS-H5=6a?+WP53wYt8F1sp)&;x^Q2d4ZENodQUOr)KnN(j8-j|qEwLd7`fzC zd@HN2&Mpvsquen$8%&e4Px;7vs&8)>XH{xrW;4+RQ$1ji)^+0L_LzR$G<7<*NMw(& zQEHX%FlHT=j+KF@1EVvfo23iykiK^IUDejMoyM!8Ijg1Xm3#O6Rp3#8z=Qjec3uA@ z;wZJ}5a>`oS8zM&SMtKrUfJ>7q0m7l%U@*Ut5t~TXB&gxLwpQ|I z@lIk}MzzNTc&l1eQUyy7YZrVH?2&CP)B)1FdEN}g-LnXZ zdz)!9YvODsZtr~HuncwE?<>EtnPwR_%vso3tULY8Ey1(mp8+9VM_yn1NiOxP#Skve zQR?vt`l<>Siry0H2!4yb*RAAW)lT|x9~OF(gxv4Lr?Q_WqPuL^TGoh`di)S(XmLr} z=0983;zy)xUsyF*VUvv({M{vEV5a!&?XrD0MEyGhe&jYN)jF0&WR%9>mn`K!1`C;E z_Qn&csHt2Q5}B)*RqcE33y*KA@fKQD4dmU4wu#b+CKZNh`cxa_Z5Omj-DYS+JqX9g zpo$)5U66EngJpxo`eDDCnKEJFCP>Z+H+;O6jiMiSub?ApWU3&^5Q>JKHC}g`Bxv2z zi?mnsQT9n$`z-WPP+(-S%cgVO*Vz{f{0csYafR6r9tiRh*Ag%5k241JeWv-rmAA~-8;U1!)wHMZs`?KNbS@&yl(7#H zBg&J$Q82?|DU>Ou-v&`>+=~{5nZBha6J-CTTdY(nOBA4S(mDI-nq=+vynKB-#Fb)m zcw%)5$1%**k3!nco9MzLMV+ziz4fB3s(io9Zr!lnPoL;DP94Rt>&dkDNRMu=~byD9YQnE+qGwp zqt;7L-EzUUZMst%)F2VG&x%6ziFi>wdqSrid#n44dxls_gsB+Vq-VtWB=p2z;VwfW zBkD%TW;)qO>&%@%JBGCKG*h3eE(+GB-9+}t6%lFo^=(vj{Jqt}UMODVOZo$~kC&79 zQd}}_(qq?ny}90;MfJCz@;QdbqU2<61#ykBVhO&x#59*SS7cT8abSKVtTIMgTHq}qI zy24v|mX}?6$|{;WUPVQx^TK7ilw(auEkR8n4xx3x)dRt*OBJ5GxPLz#)uExV-~BGi zdg*{}LtTW&@UVk|Ul9Kl&dsRK+ZJD-BosPmEB=qG7b zMB5cUihlJgCO;5oEYWtTb!!0ZdH(i_s`w!gC>4H)cgZKL+RX=Hgf6XAA67X`vJbc@HfZWjf}Yyy z-WI0vD$w4w!QxTHoilF0bkRk!i82^>W#FnHTZrcFZSHHnJTE^3@z?TqI!<`7JFmFf zJAZP*ar8UYXkRqBtoNx4&mBflj6bw>4#LY>lzZgE+_F6?*{i`cB9=x)M4=703Y`s! z3Clu5i&l!zitQvz!m`8Z$G@e0aLrWgRC*l_QH^|#ERdlXMIN07t*-zNMHYKs=y+65 zXJzN+IQr1qEKbO9$HgqWMwrK)MsY^;$B6(pdqq|9v^-mj0p zuq4gZKi8xHN<{~GQU6*Pj#S8%eKu5Um*~7Zzc~z>X9%g# zTQsZDU6;0RpXr<}cjm~iI$KD3SXgbjxZBWgw_NgS7;p9|D{0icn2GA90%yYxO-r-5 zhKUdO6W^39L$IL&p9Sh}>FyN5c>8#nwYFAb!2Jr`s1f68O%|x z7cbPr64oNz;$03EG$s<%vGnoLNhF~aHEExpRgW&#>z`s1m5Qq-+h`$<%BT&%6ai0e9b@H z6Y_XJlYj@Z&<2kETneY74HvuVAgo$LZ-VtVR&LLW;Z2&SJlu%>K6bJW06_CjEZheX zcr9oabXaE*SbS)Ktxsa2>?0q|b5Ykm#P;geLgi6#OM44EM=G(o!kvT*Q zi40)Km3o!c{JuXWTJhwkZO8S7f1XBuA-MkeIh8tmu7Kw>6ej^tGKgaSWhR_qr~ zUDqbwYBk7XOMS(DT~c|8e^yypvXHLVg=(~;-S1F_`w2V-W?N3*ZWVWheQzLEn^#p+ z`(!)GT6Kr*Lfw*A`}k?#iTH+8>9At104*omzvKiHJEd@=S8>k3iL5Ke#f~N)T!Ta#ConQ!O9}sSY zEDZV}jW8SbAU3MR=Sq|=vb9y3fI$-hO-(h6=S4IaC@VUdpEaY%+Mc?qg>oi@$nm44 z)k=^Hf>;C#En}7UgL({Iv$Vr{%*ymQ^EjG79=|G0J~c^8LK|mEa0!dggtx2ptd+@g z!fWzr;&Br0`v;+r{Lt8lzfr>28O!1{dDO?B-Bi4_k`<<;x|NL;MrEHOZJOH~Xmu(? zeDsIact~Q5qC`8kNecXTxl~mfERbZzONC$l>xA{Yc9#F1Im{`$V|) zxI)Yi4BEok248*Z+r{c`My-43OWSucZ=Uj2miQl@!&6YX@eO{pTR83-xwzT-XSfL5 zp8x9D2W4KGc1!`{F5BiS-mD5)@(gXD_*$=gy{#Mzuad4#$9Q@+Ph$5weFQ~?tO0HZ z;0dWT#ojqf3(~2nsRDqD?=MJs%T}v2Erq?w|eI*1pp^+d0-q z*tF8w{vh|FIaIU3wUd6na@`c@_QUP`KIFdQl!K^~Xo^UZD3+VsfBf~~$?p}kyV=8I z&h5ve`2E3d5U`^7&0WAxbgn;a_i;wpRTYzat<*)@oX=S_<;~rVe(@#%2yC=FFaU zj{lHA33~FsXYI^gjmbUjzT3O-dkRths|Eji{-0tNO7ed-akUkq)KX9)7k6+rC+A}3 zWM-ulMkFUE7j!nW;8&6O`XBQ5e?pX2uC9*!EG!-#9?Tvb%nr_$ENpyyd@QW&EbQz| z?=6^IyzE_#J(=uXsQ%r_fAu3_?qcd}?dWRlU{C%}zs4pGZmvRZF$zpsDuY3^zL z-y_+({70;J0a^a3VPRutW%<96xmsKNKgj;6`8V0W*Ebd@uXKwE* z{NKtI{MShTpUVH{^WTI@)}H3ywIr01m>FF(87l}35@>5-KvEh_Qy*`Eo8Xr__p7ROKbE(e@2?_OwxMY`fl-mn}437;D zvwa*k^gY(quWzRT<25}H`b|Gj)u9y7XOXT z`r%)R79PUyG@a(}bZ~HRqjsW)Q(5~7io(Anqi{zr{XqhJSHEHPVQ7re2?rF{zDV~6 zqfiLq*LcZPJRu;3x%{lHasr#(tLa! z-w(uT-emZGgN7(CFJrZX_&z5;QqUWg1Qt z?Y!v78Usw0=mv2yy=VaE7eh_3*XS+$E0KX6kjMJJKGK(EiM9h#KiiY_zFtn}2&Zbq z%A9U`c%4I94s-N@7aCinI}njq5Z18w=8;DK5+&p=owk)GE3EEv-~!O`CU()|T$!Yv zNa?lySVQ)pe)p`~;a;^HHaIvq)!Mq=ygIfc8AWqh*)Uc9ds7)q%w=l2cGGt!$WByn zQrtjcgn$nd7Vw^M8hu#c8kRN$yq5fcDi%u<_ON-rDu^KwkWG{Ng5(&)NJl60H1=tF z_DVdOSHrLBxrdw(lE#68@}DUW42urf#dmCQGb{LU$SX@+ka+8SC<202=0Xn@XuKo`zkoc_yzh>-^Kluqw!T`w-OVWm$#7uxNNC!lC+r0JRZAUM6-;+Myqf?Uws-oJ*KHbpO3}ZI|{b~pM@V2%|lwBn+N{3m} zlWS}5n#yw6-^2S(_T4$n0sYu{-9}(ZNlAjNx1m1}RzX#$E7YL##Ya>U{?!vf0p~Gnfn~HTe@F2&rWm;F7aFj zZ(d!#3C21+9&3xYK?KDxhU3?mRFw^iyq3W6qxUV|_clB`{FjNU-^x2Dw{Ve zG+CA{GVBTsd;I5j5CYEpt_Shh9X2}uJQ^8^v#^vphyxBn-dCAU*qtq%q+FMEa_26p zKL2=1Pb4w{`#{H^Tk{*Dn$T}~ciZ7)?a(SHUD0k;WQ!gt%=#zo>0gy020rIBzG~es z7ah@Jn|gGkw|22Y4{_n7-d{8&+nv*Qg*5O$s;WbE%vU=*wln#m$oQ0KatgXn@M9({M3uU_Mrdjk_5;OGY!w;(PbgfeO^M(m|$*=RP#981q@T-^8l$s=<3+hrJ74wNjmnWv434ztbVky-%r69w+HwVn6mouWdtSk2(ycroh2HeJ5i*gRpH>|!&Po+E+N z*sI{?sUQ4ex7wVv(dDD*WAQW>GLMCqjAHM!&y~!3QB>Oea(#C>+{9E~*(w-KSIwLa zKp*Z$1FYSTh@Q08c&ys-r13hL%>LmkGX{HCzand@Fu4WvxcsXPbiYXltzpA2;y5DVx8%v!r9_ zSYhqS^~mJW>)LBNiHAp;G?XJX_rA@=qT6&Q*7F*bQ(Qt^I}GxUYf%`&Pv?J0Y03^5 zzCpkwPCp~QeFU8@DjrOvQ5pK(tFtr8ml=5(TYvd&XrM+ot4wO`mx^&Vki$|g2qc`u zTeFC#O%2~I^@TY8qy6Kt1o?A&D30(>caK_n0rGq_+z$mwFb6v++ssQO;JKdz%QF`?hR!|+Je^uSmsB6 z@@^h?W8V>ovxZoX$Dd??jW!nWu_7?u545g%(YhN`7$|y=SYaAY;_fJ4RRd|3^7-1=HskqXRU^Ozj+$Jy_8BSvhGw>qnh#UmH$U{)+|!n zbe%=Cry`UMy(D^_X3}uGg4x0*LH6ia0Eg;JCuqZ`I_BM^&ij?wh8BWv##!!JU5OZ3 zIF-$}+P|=T%L&8Q+=_N5>{QpJ(`DCOXuhQCdbU4SFra4#OI=3Ibcj6PuPQANwN@}b zKIzgyp2P|2&GDXYP6t&E{GurZe`Y+xw$UEST^oI?(EDV#{&LyVbIPvM?poHt)9T?F z@izVT8teP8Y&m5!MXa;wdmG((Jw$XNDhGC@asqDe1PYA6llhWw`oB~m6LC*yqi6fx z$dnw2!jtSBY&}l{A-geUv1K?0?@NM!%_QV|+kW!Jel*Q?QHp`HzGS0Q5BR}FU%^c5 zb0z5AUugFkb?iBv#?k2qFp?^}k@;TrUYLi5I)LvNQ_`}>#}nyPLkd>W{lT{ zXl^^{15Gf=M=n+mjzwxQp6ikv|C0-ale}+3B%QA}<1vrF!hGO@WE^nU7bi}o7H`+u zTq5186tXa)1km7fQ-$o*tMJNkAQeFrnvj6gK z6G}n9v#H|57@rHiMmq~Z-5ySR6ru$U_2UC6E0G>MDYb}j8B;IER=rQF^g$RJVfPEV z(^ce>Pd#s7VfGO!t++uv1J7QJ;cOwF_7n*lfr@PIvTe$h!3w(t&*oLTmMSF>$F$%s zBXOKWC5d#0`?=svbCmDllZI%(bxVE)a^8A4v2%ovGR=yRE_p_4mPoEO(fL8id6=iF zW&S!+ra{415^6&rxM|I0T4<^VDQME`Xt5@T>K5=OC`WqB+Dlo#8zaDD|t*Ec9h=Gej z{gLb5QXM9x{K4i02X9a@cG)KNpbAkgQCyP^1fOc7bA>ya@Qri`U2x~s6vvfpc0`+y z(<<&Xc_>a?hcUtDva6-hW_~Owl8m0LTSs`hac75en@|b7pjgM#yi!wGjC3+(i8h8ye(oswJ6F}_l3NK(Se&kNE`1J+I$W}LL!@OZFw2qNUMV&gz-LSwT!*oE;_epge+$2NQuwmGk zAIXDG^W7=r!OvLcYB(B6hH{`3?IuIA`!`;{?(Zu=s^iTPvRfuEGmI#cyzfFr;){)a zeG9XFy5aSIIHVr#W_=s1A}!UQ`S|jeVEeKip)*i%6ikTWj$HGf9h}9=4f~}4GzU5G(7PZYrdZr zJLKJ3w6{uh@I=`0B$t=Fzirjhfxcn~u^oQcWWb?GW$8}+0t^dhFe9DeKJ7+w1x7wN zG|qgL3HrvGY<4mTM9w3L!eeol=#fIR@R62Q{VcRHRa-?i_vN*`I_>Z21la}4=gRD2 z^aBT~7hmbNLkSc@`0M^lR;Nwp9EGHHk4^pBi<`4RbQ3pFwL9G%f_}Hhqzc|NdNV?I ztf1mMDtg`7d*gXGBh}%9m37hc1~Eg6JfLFHU-JC`cs?qq1_iTbOYM1`R<*>FmA{;~ z)Oge|Vp@pKytdQC0?G8%Rr;~=Agt?)4+&!ZDxfZQhNyYZ_2Oa|saL-1l21r;k72q! zgi+3O5S#Ud4fysBD{NxYIK2^iJ>PeCt$R^2{j-4A3u>)w2E8?o$SizSdI;P&)dUOV zIe5RQ@D`Q#t-3Q>5KPY!mdI&f?C-ZTHs=d@=3@MwVe<7GU#Tp~0;GKDs!RTKce|I6v9WyaY?=G}9+WcXE9O$ERp+8SHI-%eXLb+`@Q$n&VmY8w^2;#9L>r@!|cZ z@~zF|YW3adHvzz2wGvQ~u zCrGJSuH4nF?0fwv?Zs<+3?2dtQhO(b1v*~@{_~&E0oW|O=mmw8#2#>a&GicH7$4+u zS3jl37P#NEN5HOf0XP|ok1P-b1uUSj70LrUQW&*&W|g?l`)y8Yc$Vy^P*@6%4LUTv zlEoJptQdSz0v%Zh(1bnVwnhTJ7CYzn0OYbwhgV2)D>CxyPG?NQISMT8$rFowO1MCZJe?h#U_~REAEg*xh)$wp?n}m_-#3bw zz3dNUoTy6UF*Z=~ER?=XD}D{WhA4EGpOuI}y+|9HafpxNbGPk;W z{G+2PHaGnhYF3TFgrqH1GT^m6uWa*~f|%+N9EbI-=0s?{bAJ#J3olrTS;jV=6uNeI zuvml7IV20nG@A7$`^qKX@_2on^bLeUVyL=e3%0?AXh`Jie<&7NRjKnJ;=?IWzM)CXyed#EJom>)hzz|#hcjyZSAfD z5Z|Bk7iVPkUy0z=rUG3qb!pg{?SgQZjl|H?SWD2m*Pr~I_8hJIjg$T2DHy=4Kcoet z{`ke>EA}hdlT*!2rE<>JMi*9y`Y82No!-sN7(9OW?B1b)L@97QP`5o+?Lr3NCF!sx zS8HKYgXDEJ8iTn)mRS2>TVHz^d+^y%fre3Tx4h@a=g^kT>A3O&)r5ybRnfKB8d%a! zWox5%Kq-jUPK_Vsb98#e`xAZ25=$FaMDcw{kwayypNE36s;9H|v9tkR@#SV?$7T#!dl@)5j$_7u`2rT4DkC z61{Tdsob7FxiH8i4~RpcX6^@Ivst`nG12IP1*bCEIF|LlwJ`4e;?%-(^!<#oz|~&d zXixeYN00Eu3~_TJ7ZqX(eDT8AI&>XpYT?b1sb&JMxVpj5J-^S`SE&^R-s9Kv1OFj~ zfN4o!$IJcc=Xb9%+XeRb7$VzW_h6KBI7Q!@Yf*(qBh7Vyzn|;-qC_zr_Zrj>xjAm$ z@P9d953dBEyi6(w;Y*P0W(SUceLp0vw;g1{&jpd;yC`z1e`;O^%4dLwA>i5<#oZ^X z&_}l1s6!~STCH7zmR#${ksa~4!%x-xh5LSJUeqYKatM2{Xo6dn$y%7#;u;nEv_uX& zF$5z0!|WgifN?$%@^$LgBG!2M&ntYyOoqP46gn?(y^C(qr{N=B0!W&+A4?y4U zfunlUWl_dZu@8^Wuf4oJ|4PwSSKtFC&zDdQne3M_B?kGPZg8i>C-RC}>aSXU+fT07 zwF~fEC=aN5rkEXZ#7@>I-=4Kz2LIycFRX3m~}AY5Q!i z7V_6cayxP-YLWT@hb5fFDe2Q)-}R|VTEVhCw%j^xzzF0um?ZVC?{f@8adv)`(pS`v9Mpem1e`pD%ZXkJckP!J#5j{_W(s_C zrgn5uRBnkKoN=JAw_!bT%U_jv*{SKlM)n1fnFkQN2(XjK#!@3t+LLy|Q^X=zxB7Ru zp6~b)UQdQWvHwxHJ|qZ}`-CfNZ}f5W23Zw})hy1XBa~+ejiEqb+5kN5v%cyGbFu^b z7(o@|h?X#)joLbW^|Qd=BSr1P%D`1l`g~=&LE-vmJA}QAEExL| zwRo9#OmT1rJF7Q;S^arYc&yR}m~ELQ-O-2a{io?q5Ag9OL<{;gAvi%ei}UVg_IMM0 z$15;K_+Y7!o}tVBH2WMg{I-ivd)0e=fgX#@`;Q-!^Tgn9G&%fR=aXQOIqqSm4zrMYmrw~pDzG-}cRkbYuWk5W9jr^P~U7}*v*(0d%ckQw+eM3`4gXPbdZDT` zSVsI%!j1Wruu1UEYq7auGHKwQ-zp2k5$0C3$vU zv=r#LgXCBw_r4$IYzV$*P{u6p;0(}R;8Th6S1^%j8z_(yuxrIn}-LPssJvGUs!C=fJy$qegml zyeSYes$`{o5T-y=EMC&^4NHG zK3A>udY~l@{c*ayGM-2PJ&mFoiCM%CIi~i9`*4K}<(zv}&D6hcF9h<~pO+WV=>9N^ zJ+w`Ii2@fhHYx%eIS>JFLReX}fr&#ePRJZuoL}|8TA|xTc4*B^iy&aFuTb-IL3Y&- z^wm<%?d`}+bth%~j(Al?S4svh4fDg1(A!I3yBb4^r6Rkb^XCK7qU>_lYRt`?!?sIB zC7Dh=8nbd|t$D%G(lIDzNGl>|j(zZPR)gwn4?Hs6g!C-6Tld&* z>(-vEeg}(&7Wc#TWS4L`e&9%4tCzMKr0(ZuhNry*#YVeku786y|G{inKZs%Ew$ul- zHC&CdS^Fbg-RA;y$Qm&@-6Sv#Uq0D#+U;xgr+cqf`Q3+$xOCKDFY9f}DUb~7?G_#O zHiwB|!^qQ=jGufh`h;ZZ4yEf(jhtqIS&YW8&YfT(#XaX35i&$+6BwYc*#tG6GVgd7 zXxtI@oBu1h3@L$Z4eG|JRtbMqHo@imTj@6j8|u(i*tTDpUsUJ*3z!*UgIRVCp!PB& z{nElN7K3AJHCV@qc^jJc9}MF^2{k(JQEsqFo>38N(%#B~pY}>knlx=Uht_B9*n}j< zS25n()F&Y1u@+n_2=Rggzw9mUx;{x06@7Lx&NqMAeZ0vfrp6}|d^kk9kUGX(h%wsO za?&F0VTSnKoH(`n7Dmq|w0_C+_1{DJu~4-Qd5^|ExE(5%c)3+Pxe_J!Xx11^8S*iH z8;@M6UMo(jTa)k$f}x-lPQ4z0HUpSXA}*oyllRV}qCSwvq_40g0Ugle28 zyWP8PH|l_VDtmlOTkfb&>oVSj6PZNkz3jZ*dyj`Gj1Ihr1L-g*;L~HO ze6Yld*(ua0%(>dhHPn=iXC8szQ$zc@M?6Dc<>38Hm#JU>1kb7zCT{#Jv)nY;FWw{8 z*ari*Z?h=8h~wfAB$m!ULI~P(Df_c=?;(|MTH|<;<5Iqv*#q#Qy~=+Dd>^k8OIPhX z6i9uqME^NhCAcL7gmbpD(Y1`dLj$|BbsE+s-_#ja2L4gkP!PfS#d3q?*pvTR-Ece$ z%ix!@*Ymnz(ox^cx%aq}bo2Xh9-gK!?q2_$Evr!Ow)2%HTlO3SOOJIoO?H1(2Nc_d zO1MQj)#8zHmY&R?6Y*dj~8wD!=Q=n2Bhh@w~nEkZy%XcYMsh{}U zBYoB-SqCSdt+iK95vtHxznYZa6<5mmuMrG})J@2Ew+Iw`_P<*uK2IPQQ&T)tQ>l7RuPW zAppMmBXeyI;u)Uli9I4bjT=HJhlyQ&GNAePYwT>L-z{XO_&qF3#qghe;oDDCRrxw_ z-8)yM%j3bUMG(QMpq$!(Y=D)hu8Su-&S&1cwdbVPZ59-f)#~fygfTeyvE`{y&0A6T z%M(L+jYqf5=>WWajV+$s__D3(_^6~=CUYX${6jlG+8UlQ1SDwN%JY7v4Bz7rOn5*e z;pg0kj8dan&+bRfa?IT@Wl{V=N8jStxb7L}ly8CXf-Y1l3NYyvmeg7rUH+CT!$5Dz zX)JD4^=NPBMBMORCQS)YtPp4+h6T@v?gs^8p9fX*T1vz-w8()K*2^}QTtnYz${ z!C%QS0ctC!!x9bZ`!A>2EVt9AjJ6%r!Wy`cwuDA4gZHm5S|l32+84NL*O}%q3bbbR z*X+75m_go-`!e-rZ-ROE?G!yo^KT^S4GEmCdf_|JikO<0`l^C`Ay0=L zhiv-uu>eSGY0vZCXoC5}*|Iet{fJ~6)}tSV$5l7mP*C+LwP50(`MMDL-4GdTl5Jj+ z?Oi^wFFyZ8sL4+d?}_}7AUc~iOvF@-Ji!C|+$pi44P8no@Ujb(EqFV@0b?8@I0N=x zcU%0l-cr;3T<)VRUOW^{bV&LoU9shJj&D7cQe2SFMVnOcsar;5wlSjd`Cjiw0%AVr z!Yi&=oGAEGM6-}h!?$Nml=y^i{G-3{S$Cmd-z{x>pj6zZysPy@Djhx>u+?7`iV0 z;36%`M(rTRcDCvQv_G2FS84_(A~PpGB*+!6hm%6zwW}|B4@6v?ch)0Xzqv;y+OMf3 zlcqbG1`PbNod2CX`!J_cW|edpAzS|^BFnXXFG)i>aHEz6b5^!C1x>Kd=*}*?3#`>!wG_LM3aa~lHZ%PbX&S806b8)3`6k`W z(TH6pvmJmwDd@?z$m){2{_5^q{m^OO<>RcZ6tO-DM*BdM(1qZ@e$;mn^AGC-f;kTx zJ`Qc~uuiCGCc-M4=@7!S*+HS{TM!a+=>$$!UU)E&szHiy`5{SQ$p1K5faEoLf9VEi2> zN>~pIfC~(gMg#f69P5N=UE@5DP{oc&;^`->IwpRXz6J~ zi+Z;c^2}{}m}xu?24B}Lc{V%?#y#GRC%;_yCQx~N%5}Uc3L6hkbG%Oq17M)@4s53S zj4B`IyuDg_Rqn4c`=t#3D7tT{*iX^*Q5#njS%epg%CwYJ?ailw^NJxC{W9)Ni(uh( zNt*Y(iyL~HD(*H#c7Woa#0GoR6Thfv&dzNxZsXGOt;H{ik50<=xqtE!Gm5-5p} zdW}cSQz*)4iLc*)o87+0q+rY{oP)y@28~r$ueqzz1CZ&FqGxHU&z%k_m<`+Auh@nf z$_fhy{7T>7&6zjfCKzoXz-%)a{E>*Z-pcO9eY+d{!)N|2P%pz*+1n5`4@ z10g?5XTSOqh|Ko=MRUFKr{0|U$O}{Rf)1FTerEmlRu<)Umt$OILlJxLZsu#gU{(_6 z5sDZ`dTPMiYePe~ap24IX$==|#raqggTC;6Y=4T;d^x?XtX|&n9rE}%EcPkEdWMz` z#fa9-D;hueeUy4Bx z=IFz>LvU?z=%-}P9;-xq(86ZCdrJV6NOuL^G+f?IB~9 zK1Bbl{m1Be4NFtwfHLjV%>wmG<@3!kaZ0S~DcG*=G^TjmKhn}#&soAG7ga-pdb1(^ z!0Q8=7%E!=r=6lz#_F4EyOA{$sB!?|d_-brg){}Q>YFITbE&|yzUM9W4#K1Ikh4}- zrw=@V+ee0PY$Bc;IHZ~W7jb_XR^|4EeZzu)q%1&6x}^~X>FyMeZUK>$Mv(53mQLyJ zT9lNefTSQGor16cX?W%`_J8mDevbEe-%sx+x9-K_y5^kMm}8#fcaBTJ?@T66N!erY zENgg*1Ck#cNQ~$l=o2eO_xAKW=&JBrX8nvd`I&p3?kb?vT(7w_4cziZ=L@E?I{fco z+}7Qk3gW=J|F|!P?pS5$7;QD2D4Y47@RL%{S^_MpaBNXgIqVse| z*RN5BlOA?C`wCs|ca@i9R#F~Cq%{1W(=y`f0$nUY}GG~ zcA959gguVu#zKSsf!=n&;Mxe=zYZ|}z)KkIC;Gd?^U5WH>idB1*a9b;s9)7f?8 zM&4X|z9CO7cn_8rTo;Eva*j$4S$?-L!H1l|{xZ$z9qW8)Uc7BeW!o}}4}SH2Fqdj2 z4|zkO!-|uy6T3iOoFn7QizO!QCN(SV>kIDTPT~TLjYq}1#nNBgLb?N$W5g}p``+`C;mC11mnOnfE{pUdt&zq~0;n?mvt!x!x5frb$X5gMwfb*rO^d zpg(Z=%r0>;?FV8YRnz2M<$LzGei6ATjE=<@x=n#@G7q=XGTk zoKQS%G6t0qv4Y9zRI7xl!}jcv`~U(?!l@58R}@P4>@@Nu!x8Lx?^ zvF$D#qee=@!diS;-AY<)O)7R8TO5mdEBvSHnvW`f4&$O~TOF=F@253v+hAz2j^EhX zBwl(p^2LMvq2AJ2=z9!5_U8o~c)K~eD`IszmsGaQ!^xxjkR!T?!2$tvpc!W%C zI1-+aLGustN<$^KX1EVPW{pu%gIFKrU9A zg}`{;fs3^^yI>?hV5%1D>ipPop2hf#=z|F1D^FSdZA8)B9p_#$*L&Mb*@G>CT4R<> z&PC>m&Q(VN(zTy%O@f(sHHYPJ~e!)$g54$P1vUxDkmB=`wfRy-h~)3 zHDp!1qPOHAEID)wka#$YDGcc|QKN~LyH^z-_%>q@iACN7e7XpARPpQjPWJ>?(L)#0 z-#twJvXq^21dx(n@K#&GX;a1(;VPBn}Sx#8*B~k-Z}djgfI~ zHdl>OKE9rVe0V~J>Fb1wNy;;-NI+iy>^ZcB;MLzBn?Od~Z=-c94M#6k_#f{Kr-t+W zeMoG`rqY6h{|J8{EJWff-P~!o}AagRC2VS_|3_l?Lx1pKT4CC^BrY9^{0GvdM4VB=jg(h6 zAaa{PN5Lj%84)~5bDT9_dW{F}q)-^?`*n$MX&L>m+e#rpoQakG*wuY5@SKYG>S#Q# zwzjs(*m9Q(X^I!o<)-XV%?SO^&<9X1(xYLcxrzer7}klwE+MJg2&m!-D)6~Usz#04 z-=wjK25PRtWSlx$LjV6}9^7`8HWlQn&3tKe<;VN~%sCuO?xr?66!_R_67%1A_ChNC zIvW+VOY)x&=Sou6e}z_7KK&R$Oan9}dEIC___WMX8=V;19@LKg8DPsOky+avkn5qA zd@2QjtFGb`b9Ppi2)#lQ<+Q%5{@Z~;Zo{`sRoy`%x5X)^PYiEcWfZ}eH@JvV8Jv*x z;sS1)=kFrwtfuqtA)t{0cJ2}+XN*hN{?>s-DfiQ950gXwIo1=}}()|mo5 zgpG~uTY2-|_5knA-vRH~{`jKgfYO zZ;pzd|J>b~8qbfozPe~O8HgAU{Iyd4(Tg#CQ)r^cZFhj&H@H1nlBe5X%jtgfGWoGZ z>_zqz04}Mu?nUwM@o2ZauF~^7o|Ltzy6<%|@48%8!%AXP8$%N(p{k_UW{NBlI&gqhrJ(+atEa}quoM8;_6r5%IP4E17KB`bx;{`aGE`XSd??KiZMe&1) zoWn>&6`^mb#qH1($UCk%jmko2ri2X+YjO>A;bMwc0 z@U6Z7`_05OK2+=l^HZl}cZoSAg0Ly};*db=zEmK#_pM*+-m%nq_va?wLVS1YzYf0@Eh^duEcj5_8V>TNWrnb~ zm!h-%R+YpH8kIB49C>bcE%JZQRSF+sl~5GO_h6&q*k(NnseE=*LgHEFIF%O_hBOmV%)~4G5lsw{0i?Y{nqS?!MfqrPD(EdvCuiKfY4IK3GW>P6b2vxc~K?SqD_n z|B1;ZDm$>lL$f$VZu>)_^GCP~;EWZYDJ*0y%z|xJczS|1{l{ z*lz4C`(n}_UY7^b7UTJE2hoepz{lpi^n`G`x30-7(a~3dq95N&{)R<+2<-l`7smYNnV$7D!8B44 z(K%5+M`=_>bdyg)f|+TacAnQqMsMLCcCMLfVdcS!Ag6p}e5UkoKJ&EB0+3mpqQE#x_ZpAFO3@CT=WEW8G0!Co@o z%702XZdaBeopwa{re%N0$LJvU8W6!kHV*+R)&>{v_jLHS3v*P*utARZ&JoD21Br%S zi~yongy|WPt@?g@~+jsY-2lEK_Tm3JQq(ge% zTxK;ps%hw{PU#;VXutBYA5;@m%R+$XO&gq3JWnucjMN98-a$y-Bv#)AWrUs546PZq z_DcutM!RhJFz@?b8Nhbp+zWZglE$R93)dl=pHyXDO7(mu^9Cw6s{VeCbW{Rh zqSeb=U~;Ug@13YbpOKy~_YUx$uO%AJT_Y3fEeVxV6m1^rY}NF=dN9D9$~m3i)n&?Z zo7&bNiyM;v0iOQBZEod}PWC{5OV6;kspa__0J5s6q7Q9%&JH&Q_m{fXl1w6TppsEM z%c$m)(9QSZv0sdiRph5(YlCr1Gv6hgSMr&e@dR@QJ}fta1uY{h8(M?(TvmZ0nv+En zTuy<&@q`*1K+S6!Y#~$Nf!{>cnl9HzRt?MC1hufV<41Cd4+J|fOGs#OVclN( z11I0S*|mHRq|gU-y%tZGth_%r?>wfl3~z)R#cpxU`gXmy>;m{TO~<)_*@ ztP*u9&2P_&@Ubk%(JMMkNtG)O`^stQ&AHvWQ8=1_*;xI}_#e9up2A` zLkUD`>D+J_E(p@#LC~SJRy53-ecR+l+p6|(S0!NTpMzOA<{w*Dz~ zBdmu>(v?<2nNGw0*sO#BDZs+U!0XH`JM|vMx(~u_J#`EM7Q6Xu&~OvCDy>Mw!O(q+ z?rc2snif<&2Lx3*`G7TE(NT;?K ztLbvZ^{J);&TP;{vh04kyFHW7;0qOL1Q%B^a@2Cc~# zn9Cuw-7b|my~EjqC7fUraF24r5vW*vsv()=HYW}Eh`!gG;Uf(54NNNbPCF(&frX!i zJh-R^WYXBcY%)O4(D0YGW<~DHP@X@x@2RMK^{owwKQt_79$wCpKLpvEMtQKyeMpKf*IDaV7^)`7bIFt8b&f?LVJks+el;L<;3^Z^Uoo5=W#U zw1ifWoR|YyX?{%UL%Pnv( zyf*1j4LMG-k}qqD$0IB_?oJQ3KAx!Vst0?a@tRiB-vtVhp!~XqwxvD1B@p%CW4KOp zoPSsl*`ePhfcnV^=)kaNq&W;QX4_wjgh(p(ODY~8O%qNFp^SB-Aw7|Mzg%e`IZ2GK zL}qWV!UxGH$Fg_xw}*R8$Ja#m!N3g}InA1&8gL^vZ4lC@U2wpZW*ZwD52MR6jL)_I zxrotdc*+Ukgkt8%D6-xE7|(S|netc>X3OiB;Z8*IK`supY8KkTDDIUZPRcJ?2}ZyWE?A+13&+pilz`C zHo6kKS?g>}==?cy{yx#AQyZ;TDJ|7?{`>PUbx^xwrPswx_auHD;Jx7oc<-Syso$a5 z_vqLEhPi?Isf~8s5swbKIOPWFm#aianKF?-pCP4$$dfxhZNoSI8}5D|bORu$=^F=O z%;nLabEGlmU!XFNR$|VnYwFVh!=i;lsDSWYpq{@gtDhZMzRY@k5frYE=POU0V@17v zZQ>>mzn))rZlq5I;T@roU#fbxkR|HBx}N$f!T&B_Ul|{#`7r6$TvLs%7f0b^JoXw= zQh7X-o@GqJX8K}?jH_@Z=JSaw&GC2f#g=t~f4?pZ-Pd}XR?ufCu0y{022QAiBuEo`%P|NS5N{CZ6O~(P>`iTdF!bv(_DTK_rMf=m^a> zQ}{5Air;HbgcLDbC@Lkpu~Ez5^%AmREj(yW(7*)@nlBpf{(MLZb@7nM%5A9dp8Owu z>(}%EVSoivxrUb7V^J^lZwVus1ZfDCL_%72@9z!3hb09W@r9c;LBY&@i+={4^21*6 z-(CP9@3w^$;tkR`P8^hAoNWl-Y^|pc)mrBhr2wtd8XO>!Ulb)el@bbBf2njY3YT+G zG4%3kEFwM7FA0#1 zy!tsp!!hJv8UKkKig>Zo7?7n z@n$KIFu&GhuF;;;X>&BbQjdZIr`7PzPmtqZm~y?@txF_*^Sugwn5Wg0m6Iy(O4m!f zGcmHhaP;INJDA+z)CSlT`xoJ!+cMhY8S~73!0#kDeEZl#hfzuPXHCEG70F$TdH0ogBoKif^AN=_Q`gXAm%e&8%@0mTU|u*t2Bs@Coq(GE6| z*>~fNmFqVfJ)2z#GOY_!s~0+g8+6Igrq>SOiMHz{sJt>ra*efuQv{;>G@H0~R9`{oWJpB}g$W9>L&`{SM-NqzHsq>1d>_N=betxxK7_5uZee(54( ziX??oDV=vZ!FQTBAZ-C^q)_|$%3~E$wv>b3G5?R2 z8h8>tRj!|kX|e$}p9Fx3eb!ce!2j~NGYrw*bbeO>Nq!4_j;5jo7N(FXq))G$!7|iY z-dQcM8LoZ|n5_6$ZD;h_=2{nzzX6zr9d6RA=_7ZZP`S?n7avT+xw>$mx<7yw*Hqwq z4x9}*owuI_lMG508-*g{m3GxSf)e)VgV1934jyMXBW{U&(xTS-R(Z*;i29&C1k03CIq~} zw#T%vJpLc{)7p9@W9fHFee_I{bvCUWUp=o{yA%L9EaOufVD%cylP7FC9Olmhnhu-N zkKRTe+>cAKs-d75^*d&uAyGG%4Gs*#KF!$ z47FGhTgtTPHU%WXCtr+i8)F%x9);mEuL4j{_J!m$94a&YIlx>IFVEH_k-(x&t+Go) z!)`hN_l%i+|5C+BPz)UUGp2Ehx!}l9ez%Wytwf}4e?CBAg&@ncOfi)^QqP3-zMy;U zB}jUeC}2I41#9c>;rs~t2d9bWSL>84jd$lj@kH#&7QUt)Rr|&K4^yBXL^pDqzNerd zgm`+zXDT%=etYvn(6{Aq=Sx+N9+0rvbfJgj&gngMRB?x+4X+HhzO}bEdyQ==d)VwL zmJ9CT_ca?Ht)M<1aF)7%`KU_aV~>i|J+^C@&9~nhL6!wow6?bs)>jXZS}`=YR5b7L zC6aW0z&Holcr0l3(1Syb^4JK=9aR6!3esI1XmJt!xJ*E_At=>HonPnqo){nBXmUew zZ5yq=Tq$C#4jWA2vI@wIedMh-Cp7;PLd_yZsP7ab0=pc1Y~X!$47)rWVF>s6E>(y9 z9K*gt2aPz-GgpyeB2*nCd=%IT*J4d<#DQ`vJe^PGI`_GClgb*R%p$oMqv%<_$Z`X3 zjB=?_VW3}zR2rEkKl}vg{D=2VGmWjiO%j)tMxBEn0^}pM(CG(ccEdISBK=(=1RUmCpxHQMuvovRC~JU3bTI|nf^m6sqOHF7G@F^&1d)ImUba_mOUvBWOtsnI zJs4bh%D)E^Cl;PsHP$9*-mUrR%kygbNRNpUC?p@TO2Thy3W&PR9xBH%cjl-Bb320X zg{$eK6T#FHZ`V(dO$R9)bzt3+cS#%7pu38GEhC)slR+VAk!7(X<}}QC|M%U8@c$@2 z1Wy~;b=cb=^X9jF4Rdkbf?zL^odb15Z;ZBX_;F&=IGuq^e^(DLx~q|gQ*tS`>^foO z&zdm?Vk*6`oTNdqlRlMG87TfgV6u40GnKDv+th=lp&~45Fa)Q(cF?EDf?n=O@Z(XFoc^P1XMgs;HVd$Xy7ip&oBpK zk{MhnX17|_c1$A_V1HA0`ng9&cV(M~eZCGzQziVu$>*~%>`I%%8>C`Si6%OPRvDF+ zXCaBoE2l||_a`Z){lmOiMkgzfaMB_BqK2()T-aYL56NBO&)K|NmXHUBtn{>VKCbI4 zsr0WmCpXub%?VWDPKGpa#y6dUEx}u8yK;G%WQeO!DA(TJzR`4+K;Hb%0y>3+&_+24 zKFYeq3-~rNZQ1F`Vghf3k%Wfm8iB=< z5i_>8@#j+1=@*lzCJP%PN`xj=dAzT{DLow{26YM@=NrX{mDZ1NSeGmxr~j-N-cG!V zn%NG7lSyr(emqTzgNdSzK0`wLt$>!zoHH&#ByzvIj4QW&JWEsKD}=pMXQHh96G-YO z9V#^(TQ{+Vb?`ZE@p~v%DZvnq08KaTJm_#`Z=$tviX}7y`@0F zyyKRETq!0!Iwc*qFBm{+Y(Ji;mw&v>+&hTFoMT9o;szl~ipUhD-l_HrYOR_| zB;(KBu|*oK3b0uEa!;)`N&`{B{$Ow7>&#P$Ahh`zEm$py$~XiCr@)Hf{a#|@`Q_Hs zv6mjnw%8Lp1a_HNIrKal!(Vep- z!Xz~sdl9!D=#zf3?%Y;Z_b0iTp^2uA;`um!JT-xQ^C4yU?90T%s-OQW{`ycwGa{ZH z=^vUrwsgdqO;xH?s)k|szX2q_Kh34Ex5pPREpk}Nzs2KUAU_eWB(DsI(ChCbg!Ln& zVb^ZlU1O_!5sa=uSR@HM&*RpN%U(R=_m|z4C;A>ZQm*vq*|__3k6Yg}>7F=?z-@WU za0d6^1i#S3c1zE#*79w}SLqDQE(Ziso2j+zrOfJ_#jZWWft*$z*o+H;9tVNd{{`}sTs>ui_RpX7g2fj1pWQ+{wr#ToX6 zz4S|GOH%2OTBcvdwPSp_Z9WgIqA7z-Fej9F%P^Bd3nGp3KFw)Nc59-9puK!poJ*1# z@wKt9dArvYwd$%6Xii_uEsy<*JzRSF+ns=^X102(=GDRXas2&ZsGRj|PGMznj0U=| zz4zWGq*VV0!uNg%&9zK$uU(votX@?v`WQBGuSxK^fmwc|i6z%UV6vQIW~Pp9{n=yh z{IAXj9{tZ6oYVIJ5*MtSl~eC-WXJTBInCBe_oeuVa!y^DR!P!A5L%;iJR|$#FK6AM zc=M|6(R9K~rndYc^oQKV9Ki-@l|o#rcHJR3wnEZVNBKfBG=rQdtlpNp;e&}vBOIPY zg2NK)(AcQ_rBfhZ$?K?bky_;%KAG|rS_;4m$U92XOFQH5czO`v!O4`yOVQOG<*DUS z-t~UlW_*(=--E~>Wpw_#>@S%z@YP%++N07tOPLq_KVhXeHK>p=~gR^ zG`3B=$)A5fd|EU>+-8S*`l_7JkJv7F^M9`thY{}$5;Udmoe{r#sNePgD5`_B0^8cr zvIg>aQ6kk}b_;u`LO{t06!>`9(3qMIhzAlZ9D+#^}#B6axw;I>UGzG>LQ&v z9c`{aH?w)Z+0wjE%89k(r;7>rPBI0D7M4Qv(ou1ZfZifzA<5L(?&ja96SMEQ*Cs%Ke0CbT>Enh+QAbpKFx)L0-=5U^AnEFPSz>jys z1L0;NYb;OZoz&ij%~uDI58_qhepZntd#5mXJ49VqYvmF&yK%+q9ybd$Vl|_qg!)mn zeczegu|KP|qYvMht2sx<)}z%IntHfla$Ekc-Q*}xFGhF(Cx08piXoB8NlQl!>Uqm%tCCw`8^JTre z0yj5K3F`hOl`K0MKb#n6xN++DN77BN-PAGA0^a2rt3XS?RE@rC zT9tW~9qi&(&gxjcx%{)ABoD)0#fE*B*`7@O-g^Hw7VhcUam0XhvOTWzE11IijP!^) z=s`AjOC^C-k->gMc_6nyDf1fNJo9*=mYUH_{KZQLARr84J(-Kf40CUb z_BqQWCQ2>ApNf6Q9Y^*${>^=E!sWt^cav6HfAaUcIzCsW6QK(YIFpXB12QYr3 zSma~jlBvpBjP`$%_@cN~kHt{5sbecfZ0Di8s<~U*RY4Sk(?uecZfAbPxj#Wc*6DUs zWm@ql7Ge_&>(@t`qo`&HD~%-K)t(Wf~# z2*vub+xb}XQ3FgO8YF1r+H1BU7fA;(jUH^iC&6n3WBtXPo8h^G(wbOFHLIE4WDYE! z1vc#zeWD+!kG|71*czA+4iO5-TobgSK6WM_Wi0mW7X3-NCoplgpC#yJY&*Wlg%gZH z!R)m54IIn%Onv~_&8}pb!`KFTDAH>Dy1MO2>n+GvpvipES5`<1FWobw1Z3LCA2$Hw zk7zk^syMS&bOFR?4|W+6Wty?&^`{wg{r)c_z?BbW^uLS%41;&e9Wd3P|AjwNX7Q0ZT*vCQuouvzi14=$UOK&NSrzb|gNDcrHBD%Il? ztPzt#sf+FDRbLawLe(Ns9;rS?Cq1KLsrNK^^D+~6mrGE$Z?+t5S#RArP#g-I(vUgv zW_3&w9o0`J-i(#ezG}Z}rW>=&Z-~V|t}k*YSgqLKKN-f@z+Td;^)ASDNAQiVdkC$) zDtv~%Uh(dI>({={asK}MQP!>=7J0S%+hXsXLapAwZ3`L8OJnZ~=XM*eD64!#_1b)9 zC-3I$DWdekzORr;V`E;FP9!KTXJiU&5YuG&t5C%qMN-+Hg+u{AA4j%pc+@t$nHRC} zQO=u8&!6yCm2@=$f`*TA3274o6dNov@*8ZNkyM2rmGnMof`p(D@<{~J;cNv-QF1^i z48%^6#Ox?FJh%?jKdQcFf@>!jD@4>PB-w4&NQm)DBcOE-Cy0H)%~gyhaGHmBX?wgN zu1ZY^n;_s$R{$Db+AAsoF%QWZCi~mc(32c`{@z%Ovu;TdG={+?`@;pmkL*#QeEzV3 z$E^B{kR2-0{bBbPv(x0!v@Pyqhx!q&Af4bxsH;1#>K*vAM1NFvT7juB_`SpMR+7Q& zPPs!g-w!{}h10zD$Jp&f53Y2g!PcR#GXH>WI4)pEHQR_x>CwGEey18k;ZQSk13~@$ zY_DJtGET_?{Ipzq{k>*HwHCXXe%X%dk%qL8L8H>?>kqE6*Z~T|hC~@2FZWl@c>#_y z7mjJgGd*I$`pxCs#jR9J$Gcg_tEo;p?Am?wxP#gPxMzxu>SFx_r28o2%>?m~@Hz_+ z(SR{QYsx*K)--quQTBnBYU`l-cthHnK1Qn`;>ksQ^>g4!_&lboICywq#Z{tEsX#Eq z9`~HR#k!RM4RMm%kV#-TVPhu`YdcgDLsbq6{02@InkTOqt=wsWHq~(Uyw2&$wTkAm z)s(UTvwYC&gqFv&K?L@;^N((T{z{@17*NIp*M7fpd+> zeDbxuP7bD_**B1`##(bmhd*|JAJy_|L2f|cJ70?dbwFO66I5ih%1PC>neiP3mIZuC zE=6!IHGE(E8QGUpBc~^%h*$R(`lLzo^-oc1H?Olye-$$v@{`L_MX-0T40PLdy$LYq zxZZ2Itwk4M?l1S{P;y0yckSMZ-lTb1&{u9pu=4UAjZD8(dv2Dai-$o-|As|b%XL#j z-B5(>L0iyitnVMIf@O~P^_jVAj6?RAvkuAUNtcNcoaI$RZuau;PVPZ#YoekJ4++Rw z${?oeJV)OoAQoOw6wcLfHbGm5-}VGqZN?Di_|OfMyLcgdh@q;TC)J(u@7l1cmlmmyY@b|P&_LEKzL z@3^lhUbxZ)jMG%cVUfn)>-E&){aoCi9-n#KV>mKIauut^DQlR8 zo2yAo+1lz~e-_c&^a?T^HN(p83=oD_Z|Oqw-tKh*E|j-A_qL_O{DV>rR70hfxu7>w zLc+cw#q7F*RUFi(=+!|_ILCLCB5IE8{g)D@UCI6LZf*zbp){)jbaZ^w)=N{ikHU+2 zZXYhAFsIr&b;c6~nA(dLpAZ3S0X7vj4n7%z()~8Ms%_*zw&yHaS~{}+rm@(}kG;5~ zx%-d}m+j9exgcUFkScP1>=K0AD2?a)hbuI`ho4}9dQpod*v7cK)q`w%M8d-DMi$MW zjT|t$*`giK6jgvUSx6|%0Mw8-NHC^$D%#uL$ew=1sn0}XGd^1$_Rq)e!poF~wl{6? zwCgE*JRQ55bhlj2d2!ZPU*25z-nn~)bN||2qYs9zy}q^*9EkorUq5xTW~^p`^%zMvln7-GI@S1iUH$7R%45~P-U~Z-{kVlY z?J|kC^KeSvLwAz!ahylWxAwQqPp-DAXRzORiG2(U3!9T>o$qTg@yAU76G;^{ci6Zo zLb}zlluj^th(EEm@aBi}^}5&1h0%TfNNLIoewMa56cP;C=eH08LJ;tIPB~wS2C_3i z%j~Y#)`HCtnRC(EU2iZ9x*pAlg%y6gsq@do5BLrsC3~-+==73`Hom;ZN{_801;!7q zS*tOO_bJ~-YhvY)3)`FgHBbmy!!^6~3R=FgPr*O32Eb;ywx7$dBUv@(aCLf6*>T?$ z5UWsF@&`d49@)WzS8k{eXVdqbNi%t+b%f4EzmJ}P!j$7uv44VZCKGL>FZ<0!`^}Eu z3d~~0DQ=N@@OE&Ax{RI>OTa0vFPE@~Go=S=ciaxTp~$8Df$`eyPIiwuA9e}>ug`~K zT9q~dlhbY?Rut|cc1%85fh=DW$^O=p_#pa7ZkFu?KYFVGyH8%-| zzzuP}n;VyyGeV~rf{7as#KZ_Em2?l?g61cX{MTB~eTKubZA@ca^|qb6H1T?}btEiB z(%2wg(4YKDI*j^1^x0Sis#}0t#5PO5l(C^&N!HD%m*AgIR5!YloUA$eW|6{f5&f8Q1 zdEI~&+3#3%$Im1*4h=I9qr zX0w?1m%>yZA?1x0fsZ}ybTc=o$~`wF2?=&rFJCaJH0BOcIFnoYn`<+SNOsUjx)H}> zPgc#XumcW+b}J4=e&t`r55g+V7j4o+4pf*&eTG}kqP-+{OVk6oY|5skE>Vby;)??6 zln={oerzqj%iEo@tDl|3$QSL`NHpSY;wi__2PU`z$NICe`P6GZ$Ai5^GO1}N#e4$s z;H-?M(VlPIH$u0~Kq2kB(3h=NOC`VXdq1?&&-@nHc%&5rMZ;uasNoxua}#uUFfBFA z^W&Wjl&FBU6)V(@x${`)1akE+OBx&E_7c?rybR#HGp%`1N-m!DkOuDl7z6H)`{;)qyeXNA1lKP=<{ro3;T0++2u75;*eO zUtU(MyUl2o03ac&4JS*t@zZpuFVC@l!{jgdS)?5D;OP#DZV0~q^!#D#nJIEko#(*#8RVpqKn8|1L|E9BEy% zPQ#8^5wuV(^u6uQ`@78lGzS5!fp31~FaL*yb+q2YM9RY@Pe2AJqK6ytr#@RLeHbKy zi8wc|pnC|g&z{`s2YRAVc<5^{4led!thoXtV-QX@UEZ_X7TWTyE zMQn$K|7$bCC3$Nhkv59!ll9iWX$(-;Cqx|Hcv#wBddvqX`0Q|u?C@}vFPi$!?{vM` z8YAvoe2gU9Nw})v87;)^GApqh-1CiGQoU)Em>*}Mc=-=cXzKTm|KlcfZ7k`;el$ze zmN*rTO|bF^{lzAr>{=bl!dI&aNhaFuSz3B;x>)Q~zHq6uPa_RpNzRWO5AvfZC6fKY z5gtE8s!pe!V^t=SBFCqgdguidp)`L_#c9+jPHQ;ohII#_xqxK2iQ~5sMJo~2RG$1G zJ?hx4o6iZj733`}wxHITlQ!V9ykZ~rwnz~ydVaGa5jb{n0n&BtzuAev!j~9Nz;s9j z`OJ^M{T`4E{asb%K(elNzRgdS{~xmgu>Zxok&{%v&rki|ssLXr(j`JUwNYhU_)_Oj zS@v&r774gNpj2td;~l??M87~2U#S3*(zUApxj(EV6gkzw^iTrMqaY``%I*&vpa7BC zIs5`Dz{YjSAQxeegN@}gK6nrf4BCCp)B1_rWx}HMXP0JQ+Q8+6te$6ZEBu+{6bi&D zwc`ntyBf7x%`P@_IME+)Xr%f;2_XS@Pq>de6AnXZC3ie_vHo3u`GbZ;lly+L-8q^m zDd5>ib2Npm_IH|gXL_AmIOwl{4!LUZ2F!`s%9%niU^MLqCFGsRueBC5$^r)g3aQ+m z)>1jm!XoZ-4fOP^eFayj&kJW*N6DmH@feg8nDF!DIemBkJ46$xzG<=2Q=LKohxOy0 z-~X@HkGKE-vVJ^9UG*r=pp#GN1JE@aoJOe;%CP@P>;O2}XKMaoS7IkH<6tuS5{n{Ne?;S8ZH(RGL;OWBBF zm}?z?5EhvK(fy?34h0VvP0< z3?{I~!CXPUi-tj{TkS;A{xlfp%!>~2)5wSQ;nh8qTA-XkC5&IbV~Wj z$C?*>zbZ$dQWdgWZ>v?D!u{_XB0_8u`D6Xidth$%-(~z53yDY>SDrlCJVxa+yh+e~ z)_M&h#80H)iB3I3Hu?mj4A^`UP&qPa69hQJ&fv1yAo5f-+n_BxpxuH8v=6cz_`eMx ztAK{@y;zv?oIyH0F*ETi==~Jzj*FBHSXf7A%HaPISH>U{d$Z>}tS`nNM{88*@Wqxxyvf zP)^*v2Jw^?JY$30Z(7&jzKaD=W7I0?`@twwLxEc@h763akM+Ha^7;weGJ|ORk$C4ga(^310XIv0I!F!*QTO` zx3B*iH7M=JBdCwyE6kC#u+$Y?&x1Y za38!Al{C4VsnjgI!H@%J{4u~atw&R)QzzGtN0=DPF?f48=H`5;I*D&2L0+(?sbHtY zSHt)B;ELpkWl<*1{sb?005ul@@cN1O0-%j_^(XGHxez};KSVbmxvzotTk;zG=EG^L zUSEa*HMiTh6oNyu3RIeeaV365IeB@qhhIU9s}Q7+@O=@eomy;G=ct=zTcMf$B0sz&!n~fZzIZ6>7LI$zljTUj3_;~{y!Q~2<*10Bdz=x?UaPCKohCwfh9Ehz@{NnV6I2P`cGUdltiA?dO5*V=Wzxzea+3UqF=r>Fd#8f3EHp1MR^*c z_=lDg4-zBx!CPveo*oZzJZPw%C8H8Z53n*a+9!yxgl-|J2CZ#_XDl8lWdn3KKn$Pb zX1m*o{CO6bmdFsg+|e0(PMoGnwTI7%^W@_*((aVnM$7c!T{ts>vQDd!_Qzg)`NyW$ zfEJ7euS5D`Nwu*VW`-kJl`D4b=Kwe&e(KUC_)AUXU4a{l*8$VGz!v&Ly|Nm-QKMg* zq-lZo4wEr3J0M&>`m8qC@Qi+%t%NW`0R5akwv9>am7BC>3u!Zdg^vI z?x{th-Qg2{}e8bHCIK?5xdc1!5J`L>XJYfxpv+aotu0Dl!OQbhb~(HBKZJP z_P_uF`Uzg29ew-8_v+C&e>1Q5hcQUmguZ+L#roJkMzXP-)J$OG8;E!FjQ*VCkvj-U zjBfhcjo@ET_Jr2AN6DT9WjBu;HeKBBIzDX)dfGKoujzx)c3&l*$E85G)%`d?ts}FZ zJ~|Q>tr=j~{=xj6Rjpz`u~n1Hrn(ZW*ZKKEi`%>9Cwn_8h`7-{NVFXINI^{Gt}|wd zk4t->GGCiGt`9Ln!WHb2!|Xt`$g{4ZeCQNX$1d@7&&xmIkq61a2D~%yI4coT#tmEdj<7gJu+$`uK=VMFJA$tsXZUrPPuW%i$1c0@b(8M zTlnukRidtF^11HK4baZ-hEmWX+AVbk_GjWGA`dU!Awgii081{VwBuAt=ycKFzNiqI zU=?hz26rTf=gB7$fR0463B$v0J!lZnWJC~gi4c6V!=zarpJqPnzioW@rB{esn<|GK zHJ;B(xx0uTmbIR3KwjJiWZbY3&pk(rWWr0#1ApC?*9QSC#bd`z8v&Sd6k-C^q*(89 z4(@L>Dr+n3XH>gj#HhM#v1-s>-tLbh)D@*hM_sM5o~foqKN$BnPo_ZhyEOKpVC-tZ z*)CsV@-ZXIMtO88jPor3J_ySh@nu6khppQpq!N^CJP)K~C{IM$%D$EZ=N6?1Onriv$7 z{CgyFhYkcoI8O?piFA~|hCrMqdOjn%4h!e8R*@L(G4v5ZF@w-SX#aVSc!TDLjfmsR zVnmHbxamMY#m*MES!KohQ7iJX$BP~A=CI(QPxaoRmo<7=`urmYuQ;GB)scg0h__3t z+a~pCgs4$VI0kp(#miZmtkwje-%g6fT`vtX8HMr6E1!)CU!VbaSQ~d1vqg^zzSS`o!>=HT8F%2le8~gA7%2P6WyA*(TFN~)b>wrk zcdr?2_jJn1P*}~?&jc9$tRMp4@77jG#9eQk5lx8#jZO(Ey0NINWz1$EudNHsK2*F* zH{LHWD;wCtTypJKINFPDo+5L7mMMLZPOh%s5`{zy<{={E7D~+b%Hz%ORkA zm%@KRZS<`jQ}Z4ZjASjdUysVKU+jAyk!4b?X?O)3yutuqN{DHX<8_onkw?Z0>;kpV z0qnkMZLT?d0$y^*o^dv0?p}szHvgvS3j-9|U3(k~{qgv#?tS?8gX>d7dscqfSMO|X z^#r7A%Q+NRFCT(;#MO%TRRH93**@xx-mF*U1qw^-(3Fj};uo?OdcuqD8&rkf6JHz1 zPTTm^-tbX-%Bj+?QTh1pgXxr8>AfffzjQ;e%fptzi?ZAg8rrW|mEOerAbpJY`L^}Y zh9{gA{Bol{BozFp?>6Z`@)3jOKWQyG1-2`pRqE7q5D>|bE|rw;IR9XTe{vmCcg#twVeN(NlUc$WSOiLvW7^u zRJM#Ql(J+AV`*e*OcYrnvQ}E`YxX5;QHVm8WNg_R!eHpVqvsht??3M!@BBHR`@8qt zbI!f@+;h+Q9=&@L(JSK^{WB!6CB^rqI48;JGHuOWQxymGrm|n?Xt6|XHGnjMk?5g_ zCro2lN-p<}KF1MxZ&Ly=CXoz_<$*|1>(CIGO1V79{tXw5QYuQ1y(wbLF%S2$r48(L zK?*6&UpLGKaZ)nA%omt@C<+7C6$@#EwJe(q4rjwcU_lUo4Ju)^-e&4;nY&F&>Z^WX zBMP@tCB21(Q!-vKZ5LB7a94B|8{VF|7?Dsj=g{0&x4qILiiiZ%S-XQcemMi#aQx4J zMqxLiIE=WhmXhWZ8k(BKtI-5i=Ske8c-p){=}_AF8|Dmq+1 z#Cjb8;Ju4{TdQ63^46I_C%4EoI?{&+zT*#jZkgsMeFBwQkOovbFm~5|B z1Gs+0w$(?4EWsdcKS5C#)#lfmu~pU!mn~JtR4Q(HO>m5pMPDXg;G2w6n0#Df>1Ym_ zTmpxVyE{l2U zQ#^s8sO=8?Pi((|`Fv^$vm9<({ggD&R~wHq8XtC9X^;tVvmcokrq!K(AotBIV2o=- zgc9&c06mGD-BoUoO(ovHWHqza$h%!oPDx>1%gM5S?msyA&4f&9RW&&D72KOp2JD8I z2G*GVE1hn1jk#&$@uP};qMac8`XSFRH@m8LP_rwx!CsI3766bkILxc8kE*BLtX)o7 zeC}V+sSvbDtOUhgyQef@%EzVs*Q!R8GmarV+&0!b15*d4f$~U7fVAumSPYu`LQA45 zD0+zeRbfRN6w-g@xb16lcS3EPx1oS#zIW$JF`C=2v=QX^CvTWtWZVMRX-i63$7YbA zGfmJj^t+JdvF7tKe9uTRxJnh0euk-{$pFz({}37E2#TKhIPrBh@HD_1Quyaw7}KZG z(8!hN(26ed-%-0l1!nppe~i#9H-~ax=)z*kmw*%Rvn^tz*>`%7#4J zgSW7VF3=z?qO5x2SjzJ_FL1bu!i#|ke}kCkQzLHfIWwcJ&a*U5Y?j0p%7Z8Iqh_yo zhi`{cVod+e;B(W>m)|pEWC4B1M z`SfcKF>r*p)|Jdfw8CZc_5fHr+d|;>V~;p=Oe__Uc+mM~T((B+5^;uXS5NOYg+n zwFpV2-U0AxTS;2*sk5m5l_{zJ$_N7k$?Fs)f6+Oi zN~+>Fsle^cQexAt4kVB9P9G%XB%fSMwe^P}RxquK-;DT{+6Iqfe}?d)^2!O}28Zy& zl^gudK@Un7YXG!kFt`^5))C%~O3I*QUJ>1N^ zPfsoe2rt2XKygc~n9aDa>ke?y-Uhad&}e*iBS@gCvQim73cpW5gE+MXbnx}&l3$u_ z@WThAR%FMju%y|6n!L1$nXc#Dks!D3bEN)^?p^iAV@_=_*_>6fqk2=3zn-O96KjXc z=A1q7y?mwkWUxZaNk`YexQ`~C{(W4PT~|H^y*j%i!0dRd~kHg4}BlirggV8e+O!Tr4Tb8Kyp}-Sym` zG>`#j3$N%q+~Lo6Q~3U_#?#C30?!alf&CPn*MUz_cwtw`Kb^L8LxMCdt z)$)+jgq0@=-wM1iduLU%Y+S`wT9VDp5C=mEL| zAZd&)*7@g=#-%X)gD}tWpmGuVnG2?MAdmCp83z&Gv=0@YQ{FL4->>4y=^@PLR3f0s z&_IA>zMp56#Jcd$g{iwSX?9K_(osz2dnT!h_c~{uW#z5wH_~3zdOvU9i(9^~ z(Zm>w!i+eHoG=X=sv#U!75?#z_*7LB&&$ZP5~lWC4?;Ts?Z-$o&d#`MYQsE_xn>|} zb2LOp377W-lJkp9(?|&CmE6jlTQu)`Q!dvf2lo$1AYP-~e7b#dOjEsnGkTztJ~zwn zSSeDekQ>c{8l8F~e93MN3_3Z#4&OMy$l4eJ5%#k&f9nGeYSM&X#aV%LPjDG=HcAF) z7ot4afV%aMH)GCU5#cz^*+CX(S?cFqo*gGc}b>WBfQHi!+oMPhTD>iJ`)iGWPvA39b3BT_d+8f)*bLm6U9V4CV5UrNDbma;chkhzcS}XcA+_!ok!!Y9oZ5}h@EIN$@ zrXUy#{LQd>u8vB@2EXR4x-Y&~%)oMw;EUOrv?}W_$}eWodCV7$ULX_DRekO+?pK@| zUyyU$g4d0LP`@-=19Ug9|3iA=z@T}A&{mN2@~#@;a_@@PU#hSnjWYr&Bj$`I$Z z)soT^k9Icv_Xv)P33rd?l#S13SMw~&q{=faK?Cp7HJsTXuoY`co5NSmItgMZJ6%1L z;Z~ENhRJZOnwD8)^zi;Vi2%j}RC8O6ZVO?P`5+Qw-*N0A!8?qSL z=;aLAOQb*_z2q#@Kh&E#6E6Gu-in&_&tUfBsh=-N^xP^z=#rIyk(egK=v9Jfr!m&g z6YC2!TWl@lPU=<0$P8jH-NqIvJ?Z_3p^W(=q+SazXywA7boOa2%5(XiVSs>smTlmi zhs_$I7h|80n8?3ZA5&yED<(+L-6Wi zG3$k%`j~SQ%HRAm?N()6nwHd`?XMZ&H;tUW5r$4|>wEF6(-3#9Vy>2QP!?n$)HE`Q zgC`l@Eva|UoeOaY+go0BEl=h;j<;KQ z@jGe8@4;G`9Wl>lrES^t;2G=ILNQsFDqi?pihe22-g-L!Kr#1IlvnGtV;FjCrtSUu zX^d8qy!Vu~Pi>yH&&#!9$~o;W_z)E}X7b~G9D9Zmxatv>O6n5jXlUT)bTm(2YL}Fx z82lxvf+qPXKHn-RZ^)<27lA{+8N|^`*^2No?wg92w6+=owau=N-a^?SBIODA60QR# z^r0QhigWM;v8bHkcOA#)>@PAqbNNgrUK1YC^X9XyTL9JT1dn-lxS56aSA;1So5yVe z13*`?-;Fz4)S(7|0`{bi03*agNLTyK^z2LK&s!j3Z2I#wC~tKxqE`C_>U`u%y!p)B zyAYf3u58qtPNbWCYaG;Ut$?XBO;xp&wQ8Gh4F3g4ID|2*86dWMtSJ_4NyLSG@9$XSt;2GRt68lqAA6teqb!`Uv*})q zy?AZ!eA@&BuD}qKy*Q3+)7S$3+l7)*050^HXDEer_8UA9>i&__)Vlieus6+> zg!rON(LOCG^PA`Pg}&Yjge`5ArRYmT=*m~H+4};gh&|5?5q_Cm-in&$9<4?Jri5*; zm9bM-qIgZoBtjVdRu(dABOotu$!>2#IB?ubZIz=-9E}FPUIQuEGhdm9%Cf8}_OszL zB-G+f*mKpw^Z7g5hdkme>s1V2>5-q`uO%F4;mBkDfGl#D|Or!JDF(+xKfELxl(KhV=n|eJlz~ihp!h zw}kW1!8bo5?tF>VIgNVQG0q$+dIdJhP~eH_ zW_V-j_v$v*M0gg6j=)|CKFB`ud8uGUWDvjg>^dW=dX7eu>r-zinu~t}Gs<#WQS0~2 zBMFD<1(=CMfGa{8HKxuxx?Q0nJ?D)t`pm8Ul{qdW4@-8e55^lWcI!&&H-k&H#Zk7Z ztj?*8qxT9=Em@9NeTbqDFj_|>IIWdmH?Eru6PMh8S)38TaTb18bftKPq$D8Q)(Q`F zuZNvCxcXiOEe{IY*v~hxgno(0aO6>es;)vN`HiPu;(iG6NoWKJoMgyhKg$QpGrm{D zHd+^mkt)<)2C=e<9R-rdVca+@;uur|R|&shmc~Ih&zx*(Djp|$))oybWk3VQtQKacN)6p20p+)zBqx;zb@VK)~ zV6P*c2|80+E&B;DE0eSjA7j`x6Wb#dcqew3^0!WuBg#-R_D)m`l~u zmsjVGi3|oUef|PF`76=pkb@*|c5PYB#?d+7=5uVw(XMRn@|!+&lSqqVnWFmNhp}!; zd-i8HB^$!w6_4_2-4uCB8m+ks( zbl2K&Bf_-V%(Y2zi8}P7%;$M}g}=QTfNn!@Da46nMIYCV4{5?Kp@TFgH?A7?MC$j9 z%HC5&sZ`<_a~@Z09;o8JaJp~nZTFj7)7@79Wa(b)-C^5H^AEFmRZ$?0#QZxKqZ1Y> zaNPf{@K&){6k1V}yny}ai-pRNKf)9S61JOQ{guZ6&_mP?bJ*y}lCCKjO-E_zJwXjZ zY{I2dh0hg}LC(|k;ocx9f2}%vNuh&3r=a|pSpnbr#iG=404>U{;}k_YV~ZGl+u9}T zE1Pr1#`2Wrp6x{ToF~xw(sJIuvD;-BO?xRMZlsUmqM%^1z85ny=()*_uLHjLUusuL z%#7!Tc-ub%!xKFOu=S=v7_oZDLvh{kf(4iWPnufjZOF`h7#9&Fb^Fd7yt$9R4T)YyPI+v}65Q{XAblqW z_=j%|r)6OuY|_?#B=ZrfTy_>3$V%o>ngdQgGVBm9M6V3WS+@U#sAOZhS>XAOY7g4q z!aQtdJxTk>t8f#u8A8zDaTiOa93<)EqcFx&6QJ;Mcf`M&yve8b&ZgiPag2vDmLAy^nNwlS3w?1 zmC|l?0tQ(DgH&Z$;meVFk#s_#^^F!@PTHm|{xD<=ZmG;%E*tsDuUqHn5#D#v2OGF_ zY&0QkQG#^yF2I1$w2>hcda+)elO5BbX+PH3T)nfvc0A&$v`mWJM7%1ZR=M%;jg;+~ zTx&Y9A>~=GEwj{U$`<8EH*o^39q6-2v24>hX>VO&iNcGKLw_!gjq9;K{45#zj8JGk zB^6I~&i)X-ljU?fd(;L_L%&KC;Hc{_}RwfQyhrjs5Yn#nn9>tFj!2} z7};8?uHQZ!?{{*-R%yo?rgYL3N^>|%cJT7)FOWp{f86IR57nv|N?iRLyyePDcj*aX zwduc1l$Te%2>jH41_s2)BMe53(NR1>%ov zE}u~&_GeALDWVc!<3_ik#N5#lNBt+=3oz5!GS-zgaL1xTie)qZof?ZHH~8nj zvfFnQyfwIazW{F^|1v-jFu+US^)8jl`tN{o{~hfS1U*&w=%Z^UwUOFy2=dKBTB7K# z;$;J2I(sc!_)NR=+UbsNKJK^?yY z=y&0lk2fcFi3|kVwMCS9^RGl$98b_T+hso)Y1^IuBt-xU;&y*6Usku*sl7h5w7cVP zL*<=^c_r<3KQmzkYrJwjw|cj41GTi)$(;L?XRLqJ%@F+a-;O2$BTrs)(EGQEP?sOw zWgd%>y^wzw$sI@%WwObSq<7~rOOgL=b~shFSR4)1+U-0|z$+Vdd^7EOFP`~*R1T@p zJ)lqxjg6*?_6{WYPJAoh=s%$dlp*dR-lf*BCq(7ZfDTxa9o}WV z)UIv#fMkOT63O__Ji-Q~y#1fBKrroHg4vd;^H)iykTbN5wH&5oi+9FGvx z&+b6@(kDLshw8_mYiTjTzosw3GrxyQ3}7OI2oKjYnWxlgJ-kEsr1JN~@popGPBz#J z?edEjY(`OA|DFe6uIZ9=%ob~R+uu<;P9FxkIqw?iBuQn(Vb-px|3%A>Wk=rKDY7`~ z0jb+v()vs4T}%J}7I(k|24H__$zjUIfe;qldHnyQVGtnQ(+$sdxu6zLqZ0L-UOPIC Uog^Icfd>3^&KPLssoMnq57+NYi~s-t literal 0 HcmV?d00001 From 2beabacfdf9d82ad0f97d6e1044cd211b798b279 Mon Sep 17 00:00:00 2001 From: Jessica Munoz Date: Fri, 30 Oct 2020 14:19:36 -0700 Subject: [PATCH 02/27] It will have grammer corrections --- site/devlabs/LoadDataWithSnowSQL.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/site/devlabs/LoadDataWithSnowSQL.md b/site/devlabs/LoadDataWithSnowSQL.md index c0cc3faf3..afa77c3ca 100644 --- a/site/devlabs/LoadDataWithSnowSQL.md +++ b/site/devlabs/LoadDataWithSnowSQL.md @@ -194,7 +194,7 @@ put your data on speed-dial. Here is an example command to `select` everything on the `emp_basic` table. ![Snowflake_SELECT_image](assets/Snowflake_SELECT.png) Sifting through everything on your table may not be the best use of your time. Getting specific -results is simple, with a few functions and some query syntax. +results are simple, with a few functions and some query syntax. - [WHERE​](https://docs.snowflake.com/en/sql-reference/constructs/where.html#where) is an additional clause you can add to your select query. @@ -250,7 +250,7 @@ you’re ready to close your SnowSQL connection, simply enter `!exit`. ## Use SnowSQL for Your Application Duration: 5 -You’ve created a Snowflake account, set up a cloud database with compute resources, and +You’ve created a Snowflake account, set up a cloud database with compute resources and migrated data to the cloud with SnowSQL. Nice work! There are many advantages to using the cloud. Now that you know how easy getting started with Snowflake is, it’s time to consider your next steps. @@ -259,4 +259,4 @@ With your firm grasp of loading data with SnowSQL, start using it to run your ap Continue by [​developing an application](https://docs.snowflake.com/en/developer-apps.html)​ with SnowSQL to learn how to connect your data to a Python application. If you already have application data, consider migrating it to the cloud with the same steps we used to complete the `emp_basic` table. Snowflake’s tools and -documentation are extensive and give you the power of cloud computing. \ No newline at end of file +documentation is extensive and give you the power of cloud computing. \ No newline at end of file From 46ed13e20f0da3f57f1b283326e32a44c4b6a124 Mon Sep 17 00:00:00 2001 From: Jessica Munoz Date: Fri, 30 Oct 2020 14:38:32 -0700 Subject: [PATCH 03/27] It will have final grammer edits --- site/devlabs/LoadDataWithSnowSQL.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/site/devlabs/LoadDataWithSnowSQL.md b/site/devlabs/LoadDataWithSnowSQL.md index afa77c3ca..3b5c3d906 100644 --- a/site/devlabs/LoadDataWithSnowSQL.md +++ b/site/devlabs/LoadDataWithSnowSQL.md @@ -41,7 +41,7 @@ Be sure to check the needed computing requirements before beginning. Also, downl ## Set up Your Account and Install SnowSQL Duration: 15 -First, you’ll get a Snowflake account and get comfortable navigating in the web console. After downloading the SnowSQL installer, you’ll install and confirm your success. +First, you’ll get a Snowflake account and get comfortable navigating the web console. After downloading the SnowSQL installer, you’ll install and confirm your success. 1. Create a Snowflake Account @@ -108,11 +108,11 @@ current_schema();`. ``` create or replace table emp_basic ( -first_name string , -last_name string , -email string , -streetaddress string , -city string , +first_name string, +last_name string, +email string, +streetaddress string, +city string, start_date date ); ``` @@ -250,7 +250,7 @@ you’re ready to close your SnowSQL connection, simply enter `!exit`. ## Use SnowSQL for Your Application Duration: 5 -You’ve created a Snowflake account, set up a cloud database with compute resources and +You’ve created a Snowflake account, set up a cloud database with compute resources, and migrated data to the cloud with SnowSQL. Nice work! There are many advantages to using the cloud. Now that you know how easy getting started with Snowflake is, it’s time to consider your next steps. From 6ee137f13e9e2160661869c0c30f258ce8527fd3 Mon Sep 17 00:00:00 2001 From: Duncan Turnbull Date: Fri, 13 Nov 2020 16:24:01 +0000 Subject: [PATCH 04/27] :construction: Add initial conversion of Security Authentication Pattern Downloaded from google docs as html Convert with pandoc: pandoc source.html -o new_guide.md --- .../security_authentication_pattern.md | 396 ++++++++++++++++++ 1 file changed, 396 insertions(+) create mode 100644 site/devlabs/security_authentication_pattern.md diff --git a/site/devlabs/security_authentication_pattern.md b/site/devlabs/security_authentication_pattern.md new file mode 100644 index 000000000..aecf65fbd --- /dev/null +++ b/site/devlabs/security_authentication_pattern.md @@ -0,0 +1,396 @@ + +[INTENDED AUDIENCE] +============================ + +This document is for Enterprise and Solution Architects who want to +understand the connectivity capabilities and best practices of Snowflake +and Snowflake Partner technologies. This document [is +not] +implementation example may be provided. + +[PATTERN SUMMARY] +======================= + +[] + + ------------------------------- ---------------- + [Pattern Status] + [Pattern Superseded by] + ------------------------------- ---------------- + +[] + +Snowflake supports authentication methods that cover a number of +scenarios, ranging from human interactive scenarios,  to programmatic +service-account use cases. Client applications that connect to data +sources like Snowflake typically have their own specifically supported +authentication methods that vary[ from application to application. +Consider BI tools, for example: Some support SAML 2.0 for single +sign-on, while others don\'t. ] + +[This document spotlights authentication patterns that support the +following scenarios:] + +1. [Interactive, SSO authentication for humans] +2. [Non-interactive authentication for non-human users, such as + programmatic accounts and service accounts] + +[WHEN TO USE THESE PATTERNS] +================================== + +[The patterns in this document satisfy one or more of the following +requirements:] + +1. [The organization has both cloud and on-prem tools that need to +  authenticate to Snowflake. ] +2. [The organization uses an IdP to manage authentication, which + eliminates the need for users to maintain multiple passwords for + different systems. ] +3. The organization has service accounts that require an authentication + method that\'s more secure than username and password.[ ] +4. [Legal or contractual agreements require the organization to + implement specific authentication methods. ] + +[PATTERN DETAILS] +======================= + +Across the three authentication patterns, there are five ways to +authenticate[ to Snowflake: ] + +1. [Built-in username/password authentication] + password is stored in the Snowflake USER object and the user + authenticates with Snowflake[. The USER object is  delivered as a + string, or the password is typed in by the user. This option is not + as secure as alternative options.] +2. [Built-in username/password authentication with multi-factor + authentication (MFA). ] +  [multi-factor authentication for security. Note that this option + only supports Duo MFA.] +3. [SSO powered by SAMLv2] + cases.] +4. [Key Pair ] + users, such as programmatic access or service accounts[.] +5. [OAuth 2.0 code grant flow ] + Snowflake data.] + +[Snowflake does not recommend basic, built-in username/password +authentication (option 1) because the alternatives offer better +security. In situations where the only method to define a connection to +an application is the username and password on the connection screen, +Snowflake recommends option 2, multi-factor authentication implemented +through Duo. ] + +There are human, interactive use cases where federated authentication is +the best supported method. Any SAML 2 compatible IdP can achieve this. +Some partner applications also deliver federated SSO experiences +leveraging OAuth 2.0, however, client application support for federated +authentication varies. SAML 2 is an option in some cases through +Snowflake's \"External Browser\" mode on the desktop. When a desktop +application is configured to use External Browser mode, a +Snowflake-provided driver opens a new browser tab/window so the user can +authenticate with their IdP credentials.   + +[Programmatic (non-human) use cases can use built-in service account +passwords to authenticate, but only use this method as a last resort. +Instead, consider key pair authentication combined with a secrets +management solution where the client uses its private key, and Snowflake +uses public keys to decrypt it and authenticate. A third option is +External OAuth, which is the only method that allows for an SSO-based +user credential in the programmatic scenario.] + +[PATTERN EXAMPLE 1] +========================= + +[Now let's look at two applications, Tableau and Microsoft Power BI, + that support OAuth. The type of OAuth supported differs and in each +case the client application determines which technology you should use. +We will start with Tableau.\ +\ +When connecting to Snowflake, Tableau Desktop/Server/Online supports an +SSO-like experience through Snowflake OAuth. This example is appropriate +when customers want to provide an SSO-like experience to their Tableau +user population when accessing Snowflake data. This method prompts user +intervention to grant Tableau access to Snowflake.  An external +authorization server is not required in this scenario. Snowflake acts as +both the Authorization Server and the resource server.  Customers that +manage identity centrally and wish to provide a more secure method of +accessing Snowflake other than username and password will want to use +this pattern. ] + +When connecting to Snowflake, Microsoft Power BI supports an SSO-like +experience through External OAuth. This scenario is appropriate when +customers want to allow Microsoft Power BI users to connect to Snowflake +using Identity Provider credentials and an OAuth 2.0 implementation. +Customers should take into account that this approach requires Azure AD, +because that is what issues the token for access to Snowflake on behalf +of the user. This approach is appropriate to consider if a customer has +an IdP other than Azure AD. For example, if the customer IdP is Okta or +Active Directory Federation Services (ADFS), Azure AD takes the user +through the Security Assertion Markup Language (SAML) authentication +process with the IdP before logging the user into the Power BI service. +This scenario is appropriate when a customer wants to manage identity +centrally and provide a more secure method of accessing Snowflake other +than username and password. + +[SAML SSO may not be appropriate in cases that involve a customer's +Snowflake administrators. Outages with an IdP may prevent Snowflake +administrators whose passwords are stored in the IdP from logging in to +Snowflake. In this case SAML SSO is not recommended and customers opt to +maintain an administrator with a Snowflake password to manage federated +authentication and troubleshoot any issues that occur.\ +\ +SAML SSO is also not appropriate if the client applications do not +support that method. Consider evaluating if the application supports an +SSO-like experience similar to Power BI and Tableau. ] + +Some customers use Cloud Service Provider (CSP) private networking +technologies such as AWS PrivateLink and Azure Private Link with the use +of SAML SSO. This is an appropriate scenario but requires a choice. +Currently customers can only configure single sign-on to either work +with their regular, non-PrivateLink  URL, or with the PrivateLink URL. + +[GUIDANCE] +---------------- + +### [INCOMPATIBILITIES] + +1. [At the time of this writing, SAML-based SSO can only be used on + either public or private Snowflake endpoints at one time. This will + be addressed in future releases. ] +2. [ At the time of this writing, Snowflake only supports a single IdP + at a time for each Snowflake Account for SSO. ] +3. [For SSO the web UI only supports SAML 2.] + +### [OTHER IMPLICATIONS] + +Not applicable at the time of this writing. + +[DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN] +------------------------------------------------------------ + +[The benefit of configuring Snowflake for federated authentication is +users need to log in just once with one set of credentials to get access +to all corporate apps, websites, and data for which they have +permission. This benefits users in the form of simplicity as they do not +have to manage multiple passwords for access to SaaS applications, data, +or websites required to perform their job duties.\ +\ +The unification of user access management means there is a central +directory to provision and deprovision users. Configuring SSO for +Snowflake with any SAML 2.0 compliant IdP helps customers think of +Snowflake as many other SaaS applications that use this common protocol. + ] + +[SSO for human interactive use cases must consider the capabilities +supported by Snowflake in concert with the authentication capabilities +of the systems users need to authenticate to Snowflake. This matrix +needs to be considered along with the three scenarios described to +enable SSO for as many systems as possible.] + +[PATTERN EXAMPLE 2] +============================ + +[This pattern example compares when you should use key pair +authentication for  non-human users versus when you should use external +OAuth for secure, programmatic access to Snowflake data. This example is +relevant to programmatic or service account requirements that require +access to Snowflake.  An evaluation of supported authentication methods +of service accounts and programmatic access requirements helps to +determine which non-human user authentication methods to use with +Snowflake. ] + +[Key pair for authentication of service accounts to Snowflake is an +appropriate example when customers have requirements to not rely on a +third party or for the secret to travel over the wire as part of +authenticating service accounts. The private key can be managed +internally by a customer without relying on cloud-based IdPs, such as +Azure AD or Okta. Secrets not traveling over the wire is a great benefit +of key pair authentication where the private key stays with the customer +and the public key lives in Snowflake. ] + +[An additional example appropriate for key pair authentication is if the +customer wants to remove the management of the secret from the service +account authenticating to Snowflake.  With key pair authentication, the +private key does not need to be in the possession of the user. The key +is managed by code and therefore the service account itself is not in +possession of the key. ] + +[This example allows for the aggressive rotation of keys without +disrupting connectivity. Since Snowflake allows for two active public +key values at any time, consider this as part of the pattern. This +example  is best used with a secrets management platform like Hashicorp +Vault, AWS Secrets Manager, or Azure Key Vault to manage the private +key. ] + +[Key pair authentication is not appropriate in scenarios where existing +key infrastructure is not in place to provide for the protection of +private keys. This method may not be appropriate in large environments +where the ability to distribute and manage keys becomes more +administrative overhead than what the customer is willing to deal with. +] + +External OAuth 2.0 is a supported method for non-human users to access +Snowflake. Customers that seek to allow for SSO-based user credentials +in the programmatic scenario should consider this option. OAuth 2.0 is +appropriate for customers that want to centralize the management of +tokens issued to Snowflake by service accounts to ensure that +programmatic access or access by the service account to Snowflake data +has to go through the External OAuth configured service. Customers with +this requirement may have additional requirements to centralize the +monitoring of authorizations across a number of applications. Customers +that do not wish to pass credentials over the wire or store secrets in +Snowflake will find this method useful.[ ] + +[More specific examples where OAuth is appropriate include embedding +Snowflake into your application where the application requires access to +Snowflake, or if SAML cannot be accomplished because there is a program +that requires access to Snowflake then OAuth is an appropriate pattern. +] + +[Customers with centralized monitoring requirements should consider +OAuth. With OAuth, customers can see delegated access to Snowflake and +other applications such as Salesforce in one place. This differs from +key pair in that, if I want to audit users authenticating through key +pair, that answer lives in Snowflake. This model also supports examples +where customers want to deprovision service identities from a +centralized place.  ] + +GUIDANCE {#h.vm1f2tovs8o9 .c22} +-------- + +### [INCOMPATIBILITIES] + +1. Snowflake OAuth is not applicable in the programmatic scenario. + External OAuth should be used. + +### [OTHER IMPLICATIONS] + +[Not applicable at the time of this writing.] + +[DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN] +------------------------------------------------------------ + +[The benefits of configuring Snowflake for Key Pair Authentication +include:] + +1. [The secret does not travel over the network] +2. [The user does not need the private key. ] +3. [Snowflake allows for the aggressive rotation of key pairs.  \ + The outcome of key pair authentication is that it is more secure + than username and password. ] + +The result of External OAuth authentication is centralized management of +tokens issued to Snowflake, and service accounts or users used +exclusively for programmatic access will only ever be able to use +Snowflake data when going through the External OAuth configured service. +Customers benefit from sessions initiated with Snowflake do not require +a password and only initiate their sessions through external OAuth. + +[RELATED RESOURCES] + +[The following related information is available.] + ++-----------------------------------+-----------------------------------+ +| [Snowflake Related Patterns] ++-----------------------------------+-----------------------------------+ +| [Snowflake Community Posts] +| | Snowflake] +| | ww.google.com/url?q=https://www.s | +| | nowflake.com/blog/using-sso-betwe | +| | en-power-bi-and-snowflake/&sa=D&u | +| | st=1605288006082000&usg=AOvVaw0nx | +| | aLU5NE25OrqfcHUgzSK){.c2}] +| | [[Using OAuth 2.0 with | +| | Snowflake | +| | ] +| | tps://www.snowflake.com/blog/usin | +| | g-oauth-2-0-with-snowflake/&sa=D& | +| | ust=1605288006083000&usg=AOvVaw12 | +| | GuJV00K4OXlKhQbBt860){.c2}] +| | | +| | [[Snowflake Service Account | +| | Security Part | +| | 1] +| | www.google.com/url?q=https://www. | +| | snowflake.com/blog/snowflake-serv | +| | ice-account-securitypart-1/&sa=D& | +| | ust=1605288006083000&usg=AOvVaw1y | +| | X-eUbTn4aEreqUba4hLT){.c2}] +| | | +| | [[Snowflake Service Account | +| | Security Part | +| | 2] +| | ww.google.com/url?q=https://www.s | +| | nowflake.com/blog/snowflake-servi | +| | ce-account-security-part-2/&sa=D& | +| | ust=1605288006083000&usg=AOvVaw0s | +| | 4QZNkTYdzqTuQfwPbcha){.c2}] ++-----------------------------------+-----------------------------------+ +| [Snowflake Documentation] +| | Policy | +| | ] +| | tps://docs.snowflake.com/en/user- | +| | guide/admin-user-management.html% | +| | 23snowflake-password-policy&sa=D& | +| | ust=1605288006084000&usg=AOvVaw2W | +| | FgynzEzkV3cBcDhWN5Ch){.c2}] +| | | +| | [[Federated Authentication & | +| | SSO] +| | //www.google.com/url?q=https://do | +| | cs.snowflake.com/en/user-guide/ad | +| | min-security-fed-auth.html&sa=D&u | +| | st=1605288006085000&usg=AOvVaw2dU | +| | Szz1RKu8XPtyCsPoCJR){.c2}] +| | [[Using Key Pair | +| | Authentication] +| | /www.google.com/url?q=https://doc | +| | s.snowflake.com/en/user-guide/odb | +| | c-parameters.html%23:~:text%3DSno | +| | wflake%2520supports%2520using%252 | +| | 0key%2520pair,will%2520use%2520th | +| | e%2520Snowflake%2520client.&sa=D& | +| | ust=1605288006085000&usg=AOvVaw3u | +| | tYDHBxMAOZq-d5HrQxQC){.c2}] +| | | +| | [[Snowflake | +| | OAuth | +| | ] +| | tps://docs.snowflake.com/en/user- | +| | guide/oauth-snowflake.html&sa=D&u | +| | st=1605288006085000&usg=AOvVaw1gq | +| | VFbZK1oe2fEYHFvprH2){.c2}] +| | [[External | +| | OAu | +| | th] +| | https://docs.snowflake.com/en/use | +| | r-guide/oauth-external.html&sa=D& | +| | ust=1605288006086000&usg=AOvVaw2q | +| | 0MPRVxuqd6TFA-SQDUeC){.c2}] +| | | +| | [[Summary of Security | +| | Featur | +| | es] +| | https://docs.snowflake.com/en/use | +| | r-guide/admin-security.html&sa=D& | +| | ust=1605288006086000&usg=AOvVaw2K | +| | 2ZGQhV5L_7CIm0EiBcPU){.c2}] +| | | +| | [] ++-----------------------------------+-----------------------------------+ +| [Partner Documentation] +| | Snowflake] +| | om/url?q=https://docs.microsoft.c | +| | om/en-us/azure/active-directory/s | +| | aas-apps/snowflake-tutorial&sa=D& | +| | ust=1605288006087000&usg=AOvVaw0n | +| | IhP1SYlZjTHNYkFPlpAS){.c2}] +| | | +| | [[Configure SSO - Okta and | +| | Snowflake] +| | le.com/url?q=https://saml-doc.okt | +| | a.com/SAML_Docs/How-to-Configure- | +| | SAML-2.0-for-Snowflake.html&sa=D& | +| | ust=1605288006087000&usg=AOvVaw2Z | +| | iWwq35T9Fzw9eQ0Jy6y3){.c2}] ++-----------------------------------+-----------------------------------+ From 1f3bd80ac508b5b6d97174818e3a18130f9032dc Mon Sep 17 00:00:00 2001 From: Duncan Turnbull Date: Fri, 13 Nov 2020 16:43:32 +0000 Subject: [PATCH 05/27] :construction: Revise headings and remove additional styling Reformat headings to use #,##,###,#### as appropriate, using the document as a guide. Remove addition {} delimited style blocks. Tidy up by removing [] wrappers in the text. --- .../security_authentication_pattern.md | 289 +++++++++--------- 1 file changed, 139 insertions(+), 150 deletions(-) diff --git a/site/devlabs/security_authentication_pattern.md b/site/devlabs/security_authentication_pattern.md index aecf65fbd..5be6f7e7e 100644 --- a/site/devlabs/security_authentication_pattern.md +++ b/site/devlabs/security_authentication_pattern.md @@ -1,84 +1,79 @@ +summary: Security - Authentication Pattern +id: security_authentication_pattern +categories: patterns +tags: patterns, authentication, security +status: Published -[INTENDED AUDIENCE] -============================ +# Security - Authentication Pattern + +## Authentication Scenarios +### INTENDED AUDIENCE This document is for Enterprise and Solution Architects who want to understand the connectivity capabilities and best practices of Snowflake -and Snowflake Partner technologies. This document [is -not] +and Snowflake Partner technologies. This document is +not implementation example may be provided. -[PATTERN SUMMARY] -======================= - -[] - - ------------------------------- ---------------- - [Pattern Status] - [Pattern Superseded by] - ------------------------------- ---------------- - -[] +### PATTERN SUMMARY Snowflake supports authentication methods that cover a number of scenarios, ranging from human interactive scenarios,  to programmatic service-account use cases. Client applications that connect to data sources like Snowflake typically have their own specifically supported -authentication methods that vary[ from application to application. +authentication methods that vary from application to application. Consider BI tools, for example: Some support SAML 2.0 for single -sign-on, while others don\'t. ] +sign-on, while others don\'t. -[This document spotlights authentication patterns that support the -following scenarios:] +This document spotlights authentication patterns that support the +following scenarios: -1. [Interactive, SSO authentication for humans] -2. [Non-interactive authentication for non-human users, such as - programmatic accounts and service accounts] +1. Interactive, SSO authentication for humans +2. Non-interactive authentication for non-human users, such as + programmatic accounts and service accounts -[WHEN TO USE THESE PATTERNS] -================================== +### WHEN TO USE THESE PATTERNS -[The patterns in this document satisfy one or more of the following -requirements:] +The patterns in this document satisfy one or more of the following +requirements: -1. [The organization has both cloud and on-prem tools that need to -  authenticate to Snowflake. ] -2. [The organization uses an IdP to manage authentication, which +1. The organization has both cloud and on-prem tools that need to +  authenticate to Snowflake. +2. The organization uses an IdP to manage authentication, which eliminates the need for users to maintain multiple passwords for - different systems. ] + different systems. 3. The organization has service accounts that require an authentication - method that\'s more secure than username and password.[ ] -4. [Legal or contractual agreements require the organization to - implement specific authentication methods. ] + method that\'s more secure than username and password.  +4. Legal or contractual agreements require the organization to + implement specific authentication methods. -[PATTERN DETAILS] -======================= +## PATTERN DETAILS Across the three authentication patterns, there are five ways to -authenticate[ to Snowflake: ] +authenticate to Snowflake: -1. [Built-in username/password authentication] +1. Built-in username/password authentication password is stored in the Snowflake USER object and the user - authenticates with Snowflake[. The USER object is  delivered as a + authenticates with Snowflake. The USER object is  delivered as a string, or the password is typed in by the user. This option is not - as secure as alternative options.] -2. [Built-in username/password authentication with multi-factor - authentication (MFA). ] -  [multi-factor authentication for security. Note that this option - only supports Duo MFA.] -3. [SSO powered by SAMLv2] - cases.] -4. [Key Pair ] - users, such as programmatic access or service accounts[.] -5. [OAuth 2.0 code grant flow ] - Snowflake data.] - -[Snowflake does not recommend basic, built-in username/password + as secure as alternative options. +2. Built-in username/password authentication with multi-factor + authentication (MFA). +  multi-factor authentication for security. Note that this option + only supports Duo MFA. +3. SSO powered by SAMLv2 + cases. +4. Key Pair + users, such as programmatic access or service accounts. +5. OAuth 2.0 code grant flow + Snowflake data. + +Snowflake does not recommend basic, built-in username/password authentication (option 1) because the alternatives offer better security. In situations where the only method to define a connection to an application is the username and password on the connection screen, Snowflake recommends option 2, multi-factor authentication implemented -through Duo. ] +through Duo. There are human, interactive use cases where federated authentication is the best supported method. Any SAML 2 compatible IdP can achieve this. @@ -90,18 +85,17 @@ application is configured to use External Browser mode, a Snowflake-provided driver opens a new browser tab/window so the user can authenticate with their IdP credentials.   -[Programmatic (non-human) use cases can use built-in service account +Programmatic (non-human) use cases can use built-in service account passwords to authenticate, but only use this method as a last resort. Instead, consider key pair authentication combined with a secrets management solution where the client uses its private key, and Snowflake uses public keys to decrypt it and authenticate. A third option is External OAuth, which is the only method that allows for an SSO-based -user credential in the programmatic scenario.] +user credential in the programmatic scenario. -[PATTERN EXAMPLE 1] -========================= +## PATTERN EXAMPLE 1 -[Now let's look at two applications, Tableau and Microsoft Power BI, +Now let's look at two applications, Tableau and Microsoft Power BI,  that support OAuth. The type of OAuth supported differs and in each case the client application determines which technology you should use. We will start with Tableau.\ @@ -115,7 +109,7 @@ authorization server is not required in this scenario. Snowflake acts as both the Authorization Server and the resource server.  Customers that manage identity centrally and wish to provide a more secure method of accessing Snowflake other than username and password will want to use -this pattern. ] +this pattern. When connecting to Snowflake, Microsoft Power BI supports an SSO-like experience through External OAuth. This scenario is appropriate when @@ -132,7 +126,7 @@ This scenario is appropriate when a customer wants to manage identity centrally and provide a more secure method of accessing Snowflake other than username and password. -[SAML SSO may not be appropriate in cases that involve a customer's +SAML SSO may not be appropriate in cases that involve a customer's Snowflake administrators. Outages with an IdP may prevent Snowflake administrators whose passwords are stored in the IdP from logging in to Snowflake. In this case SAML SSO is not recommended and customers opt to @@ -141,7 +135,7 @@ authentication and troubleshoot any issues that occur.\ \ SAML SSO is also not appropriate if the client applications do not support that method. Consider evaluating if the application supports an -SSO-like experience similar to Power BI and Tableau. ] +SSO-like experience similar to Power BI and Tableau. Some customers use Cloud Service Provider (CSP) private networking technologies such as AWS PrivateLink and Azure Private Link with the use @@ -149,26 +143,24 @@ of SAML SSO. This is an appropriate scenario but requires a choice. Currently customers can only configure single sign-on to either work with their regular, non-PrivateLink  URL, or with the PrivateLink URL. -[GUIDANCE] ----------------- +### GUIDANCE -### [INCOMPATIBILITIES] +#### INCOMPATIBILITIES -1. [At the time of this writing, SAML-based SSO can only be used on +1. At the time of this writing, SAML-based SSO can only be used on either public or private Snowflake endpoints at one time. This will - be addressed in future releases. ] -2. [ At the time of this writing, Snowflake only supports a single IdP - at a time for each Snowflake Account for SSO. ] -3. [For SSO the web UI only supports SAML 2.] + be addressed in future releases. +2.  At the time of this writing, Snowflake only supports a single IdP + at a time for each Snowflake Account for SSO. +3. For SSO the web UI only supports SAML 2. -### [OTHER IMPLICATIONS] +#### OTHER IMPLICATIONS Not applicable at the time of this writing. -[DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN] ------------------------------------------------------------- +### DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN -[The benefit of configuring Snowflake for federated authentication is +The benefit of configuring Snowflake for federated authentication is users need to log in just once with one set of credentials to get access to all corporate apps, websites, and data for which they have permission. This benefits users in the form of simplicity as they do not @@ -179,55 +171,54 @@ The unification of user access management means there is a central directory to provision and deprovision users. Configuring SSO for Snowflake with any SAML 2.0 compliant IdP helps customers think of Snowflake as many other SaaS applications that use this common protocol. - ] +  -[SSO for human interactive use cases must consider the capabilities +SSO for human interactive use cases must consider the capabilities supported by Snowflake in concert with the authentication capabilities of the systems users need to authenticate to Snowflake. This matrix needs to be considered along with the three scenarios described to -enable SSO for as many systems as possible.] +enable SSO for as many systems as possible. -[PATTERN EXAMPLE 2] -============================ +## PATTERN EXAMPLE 2 -[This pattern example compares when you should use key pair +This pattern example compares when you should use key pair authentication for  non-human users versus when you should use external OAuth for secure, programmatic access to Snowflake data. This example is relevant to programmatic or service account requirements that require access to Snowflake.  An evaluation of supported authentication methods of service accounts and programmatic access requirements helps to determine which non-human user authentication methods to use with -Snowflake. ] +Snowflake. -[Key pair for authentication of service accounts to Snowflake is an +Key pair for authentication of service accounts to Snowflake is an appropriate example when customers have requirements to not rely on a third party or for the secret to travel over the wire as part of authenticating service accounts. The private key can be managed internally by a customer without relying on cloud-based IdPs, such as Azure AD or Okta. Secrets not traveling over the wire is a great benefit of key pair authentication where the private key stays with the customer -and the public key lives in Snowflake. ] +and the public key lives in Snowflake. -[An additional example appropriate for key pair authentication is if the +An additional example appropriate for key pair authentication is if the customer wants to remove the management of the secret from the service account authenticating to Snowflake.  With key pair authentication, the private key does not need to be in the possession of the user. The key is managed by code and therefore the service account itself is not in -possession of the key. ] +possession of the key. -[This example allows for the aggressive rotation of keys without +This example allows for the aggressive rotation of keys without disrupting connectivity. Since Snowflake allows for two active public key values at any time, consider this as part of the pattern. This example  is best used with a secrets management platform like Hashicorp Vault, AWS Secrets Manager, or Azure Key Vault to manage the private -key. ] +key. -[Key pair authentication is not appropriate in scenarios where existing +Key pair authentication is not appropriate in scenarios where existing key infrastructure is not in place to provide for the protection of private keys. This method may not be appropriate in large environments where the ability to distribute and manage keys becomes more administrative overhead than what the customer is willing to deal with. -] + External OAuth 2.0 is a supported method for non-human users to access Snowflake. Customers that seek to allow for SSO-based user credentials @@ -239,45 +230,43 @@ has to go through the External OAuth configured service. Customers with this requirement may have additional requirements to centralize the monitoring of authorizations across a number of applications. Customers that do not wish to pass credentials over the wire or store secrets in -Snowflake will find this method useful.[ ] +Snowflake will find this method useful.  -[More specific examples where OAuth is appropriate include embedding +More specific examples where OAuth is appropriate include embedding Snowflake into your application where the application requires access to Snowflake, or if SAML cannot be accomplished because there is a program that requires access to Snowflake then OAuth is an appropriate pattern. -] -[Customers with centralized monitoring requirements should consider + +Customers with centralized monitoring requirements should consider OAuth. With OAuth, customers can see delegated access to Snowflake and other applications such as Salesforce in one place. This differs from key pair in that, if I want to audit users authenticating through key pair, that answer lives in Snowflake. This model also supports examples where customers want to deprovision service identities from a -centralized place.  ] +centralized place.   -GUIDANCE {#h.vm1f2tovs8o9 .c22} --------- +### GUIDANCE -### [INCOMPATIBILITIES] +#### INCOMPATIBILITIES 1. Snowflake OAuth is not applicable in the programmatic scenario. External OAuth should be used. -### [OTHER IMPLICATIONS] +#### OTHER IMPLICATIONS -[Not applicable at the time of this writing.] +Not applicable at the time of this writing. -[DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN] ------------------------------------------------------------- +### DESIGN PRINCIPLES & BENEFITS ENABLED BY THIS PATTERN -[The benefits of configuring Snowflake for Key Pair Authentication -include:] +The benefits of configuring Snowflake for Key Pair Authentication +include: -1. [The secret does not travel over the network] -2. [The user does not need the private key. ] -3. [Snowflake allows for the aggressive rotation of key pairs.  \ +1. The secret does not travel over the network +2. The user does not need the private key. +3. Snowflake allows for the aggressive rotation of key pairs.  \ The outcome of key pair authentication is that it is more secure - than username and password. ] + than username and password. The result of External OAuth authentication is centralized management of tokens issued to Snowflake, and service accounts or users used @@ -286,64 +275,64 @@ Snowflake data when going through the External OAuth configured service. Customers benefit from sessions initiated with Snowflake do not require a password and only initiate their sessions through external OAuth. -[RELATED RESOURCES] +## RELATED RESOURCES -[The following related information is available.] +The following related information is available. -+-----------------------------------+-----------------------------------+ -| [Snowflake Related Patterns] -+-----------------------------------+-----------------------------------+ -| [Snowflake Community Posts] -| | Snowflake] ++-----------------------------------|-----------------------------------+ +| Snowflake Related Patterns ++-----------------------------------|-----------------------------------+ +| Snowflake Community Posts +| | Snowflake | | ww.google.com/url?q=https://www.s | | | nowflake.com/blog/using-sso-betwe | | | en-power-bi-and-snowflake/&sa=D&u | | | st=1605288006082000&usg=AOvVaw0nx | -| | aLU5NE25OrqfcHUgzSK){.c2}] -| | [[Using OAuth 2.0 with | +| | aLU5NE25OrqfcHUgzSK) +| | Using OAuth 2.0 with | | | Snowflake | -| | ] +| | | | tps://www.snowflake.com/blog/usin | | | g-oauth-2-0-with-snowflake/&sa=D& | | | ust=1605288006083000&usg=AOvVaw12 | -| | GuJV00K4OXlKhQbBt860){.c2}] +| | GuJV00K4OXlKhQbBt860) | | | -| | [[Snowflake Service Account | +| | Snowflake Service Account | | | Security Part | -| | 1] +| | 1 | | www.google.com/url?q=https://www. | | | snowflake.com/blog/snowflake-serv | | | ice-account-securitypart-1/&sa=D& | | | ust=1605288006083000&usg=AOvVaw1y | -| | X-eUbTn4aEreqUba4hLT){.c2}] +| | X-eUbTn4aEreqUba4hLT) | | | -| | [[Snowflake Service Account | +| | Snowflake Service Account | | | Security Part | -| | 2] +| | 2 | | ww.google.com/url?q=https://www.s | | | nowflake.com/blog/snowflake-servi | | | ce-account-security-part-2/&sa=D& | | | ust=1605288006083000&usg=AOvVaw0s | -| | 4QZNkTYdzqTuQfwPbcha){.c2}] -+-----------------------------------+-----------------------------------+ -| [Snowflake Documentation] +| | 4QZNkTYdzqTuQfwPbcha) ++-----------------------------------|-----------------------------------+ +| Snowflake Documentation | | Policy | -| | ] +| | | | tps://docs.snowflake.com/en/user- | | | guide/admin-user-management.html% | | | 23snowflake-password-policy&sa=D& | | | ust=1605288006084000&usg=AOvVaw2W | -| | FgynzEzkV3cBcDhWN5Ch){.c2}] +| | FgynzEzkV3cBcDhWN5Ch) | | | -| | [[Federated Authentication & | -| | SSO] +| | Federated Authentication & | +| | SSO | | //www.google.com/url?q=https://do | | | cs.snowflake.com/en/user-guide/ad | | | min-security-fed-auth.html&sa=D&u | | | st=1605288006085000&usg=AOvVaw2dU | -| | Szz1RKu8XPtyCsPoCJR){.c2}] -| | [[Using Key Pair | -| | Authentication] +| | Szz1RKu8XPtyCsPoCJR) +| | Using Key Pair | +| | Authentication | | /www.google.com/url?q=https://doc | | | s.snowflake.com/en/user-guide/odb | | | c-parameters.html%23:~:text%3DSno | @@ -351,46 +340,46 @@ a password and only initiate their sessions through external OAuth. | | 0key%2520pair,will%2520use%2520th | | | e%2520Snowflake%2520client.&sa=D& | | | ust=1605288006085000&usg=AOvVaw3u | -| | tYDHBxMAOZq-d5HrQxQC){.c2}] +| | tYDHBxMAOZq-d5HrQxQC) | | | -| | [[Snowflake | +| | Snowflake | | | OAuth | -| | ] +| | | | tps://docs.snowflake.com/en/user- | | | guide/oauth-snowflake.html&sa=D&u | | | st=1605288006085000&usg=AOvVaw1gq | -| | VFbZK1oe2fEYHFvprH2){.c2}] -| | [[External | +| | VFbZK1oe2fEYHFvprH2) +| | External | | | OAu | -| | th] +| | th | | https://docs.snowflake.com/en/use | | | r-guide/oauth-external.html&sa=D& | | | ust=1605288006086000&usg=AOvVaw2q | -| | 0MPRVxuqd6TFA-SQDUeC){.c2}] +| | 0MPRVxuqd6TFA-SQDUeC) | | | -| | [[Summary of Security | +| | Summary of Security | | | Featur | -| | es] +| | es | | https://docs.snowflake.com/en/use | | | r-guide/admin-security.html&sa=D& | | | ust=1605288006086000&usg=AOvVaw2K | -| | 2ZGQhV5L_7CIm0EiBcPU){.c2}] +| | 2ZGQhV5L_7CIm0EiBcPU) | | | -| | [] -+-----------------------------------+-----------------------------------+ -| [Partner Documentation] -| | Snowflake] +| | ++-----------------------------------|-----------------------------------+ +| Partner Documentation +| | Snowflake | | om/url?q=https://docs.microsoft.c | | | om/en-us/azure/active-directory/s | | | aas-apps/snowflake-tutorial&sa=D& | | | ust=1605288006087000&usg=AOvVaw0n | -| | IhP1SYlZjTHNYkFPlpAS){.c2}] +| | IhP1SYlZjTHNYkFPlpAS) | | | -| | [[Configure SSO - Okta and | -| | Snowflake] +| | Configure SSO - Okta and | +| | Snowflake | | le.com/url?q=https://saml-doc.okt | | | a.com/SAML_Docs/How-to-Configure- | | | SAML-2.0-for-Snowflake.html&sa=D& | | | ust=1605288006087000&usg=AOvVaw2Z | -| | iWwq35T9Fzw9eQ0Jy6y3){.c2}] -+-----------------------------------+-----------------------------------+ +| | iWwq35T9Fzw9eQ0Jy6y3) ++-----------------------------------|-----------------------------------+ From 907671934df3afa5fe2da81db220b8cd00885c20 Mon Sep 17 00:00:00 2001 From: Duncan Turnbull Date: Fri, 13 Nov 2020 17:05:47 +0000 Subject: [PATCH 06/27] :memo: Add initial version of security authentication pattern Reformat table as hierarchical bullet points, reword some headings. Remove defunct tables and other reformatted content. --- .../security_authentication_pattern.md | 121 +++--------------- 1 file changed, 16 insertions(+), 105 deletions(-) diff --git a/site/devlabs/security_authentication_pattern.md b/site/devlabs/security_authentication_pattern.md index 5be6f7e7e..f7ed33696 100644 --- a/site/devlabs/security_authentication_pattern.md +++ b/site/devlabs/security_authentication_pattern.md @@ -6,7 +6,7 @@ status: Published # Security - Authentication Pattern -## Authentication Scenarios +## INTRODUCTION ### INTENDED AUDIENCE This document is for Enterprise and Solution Architects who want to @@ -279,107 +279,18 @@ a password and only initiate their sessions through external OAuth. The following related information is available. -+-----------------------------------|-----------------------------------+ -| Snowflake Related Patterns -+-----------------------------------|-----------------------------------+ -| Snowflake Community Posts -| | Snowflake -| | ww.google.com/url?q=https://www.s | -| | nowflake.com/blog/using-sso-betwe | -| | en-power-bi-and-snowflake/&sa=D&u | -| | st=1605288006082000&usg=AOvVaw0nx | -| | aLU5NE25OrqfcHUgzSK) -| | Using OAuth 2.0 with | -| | Snowflake | -| | -| | tps://www.snowflake.com/blog/usin | -| | g-oauth-2-0-with-snowflake/&sa=D& | -| | ust=1605288006083000&usg=AOvVaw12 | -| | GuJV00K4OXlKhQbBt860) -| | | -| | Snowflake Service Account | -| | Security Part | -| | 1 -| | www.google.com/url?q=https://www. | -| | snowflake.com/blog/snowflake-serv | -| | ice-account-securitypart-1/&sa=D& | -| | ust=1605288006083000&usg=AOvVaw1y | -| | X-eUbTn4aEreqUba4hLT) -| | | -| | Snowflake Service Account | -| | Security Part | -| | 2 -| | ww.google.com/url?q=https://www.s | -| | nowflake.com/blog/snowflake-servi | -| | ce-account-security-part-2/&sa=D& | -| | ust=1605288006083000&usg=AOvVaw0s | -| | 4QZNkTYdzqTuQfwPbcha) -+-----------------------------------|-----------------------------------+ -| Snowflake Documentation -| | Policy | -| | -| | tps://docs.snowflake.com/en/user- | -| | guide/admin-user-management.html% | -| | 23snowflake-password-policy&sa=D& | -| | ust=1605288006084000&usg=AOvVaw2W | -| | FgynzEzkV3cBcDhWN5Ch) -| | | -| | Federated Authentication & | -| | SSO -| | //www.google.com/url?q=https://do | -| | cs.snowflake.com/en/user-guide/ad | -| | min-security-fed-auth.html&sa=D&u | -| | st=1605288006085000&usg=AOvVaw2dU | -| | Szz1RKu8XPtyCsPoCJR) -| | Using Key Pair | -| | Authentication -| | /www.google.com/url?q=https://doc | -| | s.snowflake.com/en/user-guide/odb | -| | c-parameters.html%23:~:text%3DSno | -| | wflake%2520supports%2520using%252 | -| | 0key%2520pair,will%2520use%2520th | -| | e%2520Snowflake%2520client.&sa=D& | -| | ust=1605288006085000&usg=AOvVaw3u | -| | tYDHBxMAOZq-d5HrQxQC) -| | | -| | Snowflake | -| | OAuth | -| | -| | tps://docs.snowflake.com/en/user- | -| | guide/oauth-snowflake.html&sa=D&u | -| | st=1605288006085000&usg=AOvVaw1gq | -| | VFbZK1oe2fEYHFvprH2) -| | External | -| | OAu | -| | th -| | https://docs.snowflake.com/en/use | -| | r-guide/oauth-external.html&sa=D& | -| | ust=1605288006086000&usg=AOvVaw2q | -| | 0MPRVxuqd6TFA-SQDUeC) -| | | -| | Summary of Security | -| | Featur | -| | es -| | https://docs.snowflake.com/en/use | -| | r-guide/admin-security.html&sa=D& | -| | ust=1605288006086000&usg=AOvVaw2K | -| | 2ZGQhV5L_7CIm0EiBcPU) -| | | -| | -+-----------------------------------|-----------------------------------+ -| Partner Documentation -| | Snowflake -| | om/url?q=https://docs.microsoft.c | -| | om/en-us/azure/active-directory/s | -| | aas-apps/snowflake-tutorial&sa=D& | -| | ust=1605288006087000&usg=AOvVaw0n | -| | IhP1SYlZjTHNYkFPlpAS) -| | | -| | Configure SSO - Okta and | -| | Snowflake -| | le.com/url?q=https://saml-doc.okt | -| | a.com/SAML_Docs/How-to-Configure- | -| | SAML-2.0-for-Snowflake.html&sa=D& | -| | ust=1605288006087000&usg=AOvVaw2Z | -| | iWwq35T9Fzw9eQ0Jy6y3) -+-----------------------------------|-----------------------------------+ +- Snowflake Community Posts + - [Using SSO between PowerBI and Snowflake](https://www.snowflake.com/blog/using-sso-between-power-bi-and-snowflake/) + - [Using OAuth 2.0 with Snowflake](https://www.snowflake.com/blog/using-oauth-2-0-with-snowflake/) + - [Snowflake Service Account Security Part 1](https://www.snowflake.com/blog/snowflake-service-account-securitypart-1/) + - [Snowflake Service Account Security Part 2](https://www.snowflake.com/blog/snowflake-service-account-security-part-2/) +- Snowflake Documentation + - [Snowflake Password Policy](https://docs.snowflake.com/en/user-guide/admin-user-management.html#snowflake-password-policy) + - [Federated Authentication & SSO](https://docs.snowflake.com/en/user-guide/admin-security-fed-auth.html) + - [Using Key Pair Authentication](https://docs.snowflake.com/en/user-guide/odbc-parameters.html#:~:text=Snowflake%20supports%20using%20key%20pair,will%20use%20the%20Snowflake%20client.) + - [Snowflake OAuth](https://docs.snowflake.com/en/user-guide/oauth-snowflake.html) + - [External OAuth](https://docs.snowflake.com/en/user-guide/oauth-external.html) + - [Summary of Security Features](https://docs.snowflake.com/en/user-guide/admin-security.html) +- Partner Documentation + - [Configure SSO - Azure AD and Snowflake](https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/snowflake-tutorial) + - [Configure SSO - Okta and Snowflake](https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Snowflake.html) From b44058bf95111eeb66fc2bd6d2215fbf85dc3dd3 Mon Sep 17 00:00:00 2001 From: Duncan Turnbull Date: Wed, 23 Dec 2020 15:52:24 +0000 Subject: [PATCH 07/27] :construction: Add Security - Network Architecture pattern Converted from Google Docs with pandoc. Cleaned up and reformatted table as a list. Removed google url redirects. --- package-lock.json | 38 --- package.json | 21 -- .../assets/Snowflake_NAP_Connectivity.png | Bin 0 -> 144236 bytes .../assets/Snowflake_NAP_PrivateLink.png | Bin 0 -> 254530 bytes .../security_network_architecture_pattern.md | 286 ++++++++++++++++++ 5 files changed, 286 insertions(+), 59 deletions(-) delete mode 100644 package-lock.json delete mode 100644 package.json create mode 100644 site/devlabs/assets/Snowflake_NAP_Connectivity.png create mode 100644 site/devlabs/assets/Snowflake_NAP_PrivateLink.png create mode 100644 site/devlabs/security_network_architecture_pattern.md diff --git a/package-lock.json b/package-lock.json deleted file mode 100644 index b3600c4dd..000000000 --- a/package-lock.json +++ /dev/null @@ -1,38 +0,0 @@ -{ - "name": "codelab-elements", - "version": "4.0.0", - "lockfileVersion": 1, - "requires": true, - "dependencies": { - "@bazel/bazel": { - "version": "0.18.1", - "resolved": "https://registry.npmjs.org/@bazel/bazel/-/bazel-0.18.1.tgz", - "integrity": "sha512-2KjB0umWsW5or78hTG/RVLmAKmeouyDjqjNsGlOY3pzpj9yqDMG5iDPJh4Q1/hXxiDmF2qZWwqWIEh55LFZXaQ==", - "requires": { - "@bazel/bazel-darwin_x64": "0.18.0", - "@bazel/bazel-linux_x64": "0.18.0", - "@bazel/bazel-win32_x64": "0.18.0" - }, - "dependencies": { - "@bazel/bazel-darwin_x64": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/@bazel/bazel-darwin_x64/-/bazel-darwin_x64-0.18.0.tgz", - "integrity": "sha512-um2OzgLL2Gd/W6joOpvrSTcqpnupliPNpwe/uE7sB0huBSJ/4Im0w2IlCTI6C7OfgMcbpUj4YxgUa9T6u6WY6w==", - "optional": true - }, - "@bazel/bazel-linux_x64": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/@bazel/bazel-linux_x64/-/bazel-linux_x64-0.18.0.tgz", - "integrity": "sha512-Rq8X8bL6SgQvbOHnfPhSgF6hp+f6Fbt2w6pRmBlFvV1J+CeUyrSrrRXfnnO1bjIuq05Ur3mV8ULA0qK6rtA5lQ==", - "optional": true - }, - "@bazel/bazel-win32_x64": { - "version": "0.18.0", - "resolved": "https://registry.npmjs.org/@bazel/bazel-win32_x64/-/bazel-win32_x64-0.18.0.tgz", - "integrity": "sha512-U2TbfK8B7dc3JqXSFwj2oXCQrxEaSzCCUkAHjAOIGOKzx/HLKIKs+NJj9IQkLLr7BsMU+Qqzo8aqo11E+Vs+aA==", - "optional": true - } - } - } - } -} diff --git a/package.json b/package.json deleted file mode 100644 index 6e23cfd6a..000000000 --- a/package.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "name": "codelab-elements", - "version": "1.0.1", - "description": "Custom elements for codelabs", - "main": "index.js", - "scripts": { - "clean": "node_modules/.bin/bazel clean", - "build": "node_modules/.bin/bazel build npm_dist", - "test": "node_modules/.bin/bazel test --test_output=all codelab-elements/demo:hello_test", - "pub": "npm run clean && npm run build && cd bazel-genfiles && unzip npm_dist.zip -d npm_dist && npm publish npm_dist" - }, - "author": "Google", - "repository": { - "type": "git", - "url": "https://github.com/googlecodelabs/tools.git" - }, - "license": "Apache-2.0", - "devDependencies": { - "@bazel/bazel": "^0.18.1" - } -} diff --git a/site/devlabs/assets/Snowflake_NAP_Connectivity.png b/site/devlabs/assets/Snowflake_NAP_Connectivity.png new file mode 100644 index 0000000000000000000000000000000000000000..dda6ec1ab631f0343deae152d5a49929d509dc08 GIT binary patch literal 144236 zcmeFZWn5Nk_bt3=q!FYf43H2Bm2N>0q(Qm_1qA`6J46LZLApT^l$LH#5Rnq;Zjc7) ze&^EX`JeNi^Y#7s-h1yKo0~hoXH zR^Y-NdRapFL_}UjO4DU%dDL4+^Wm7py1@0o3sQn6fq$}ud@m73zEX`(2voJni)5i& z5l}Ka?lt2w7yG$W-k@yPpZd+F$F0`?6ie9&v|i~azDGu` zmVf^f?fQ7w2#d4Ef8R88ZQA0Sc!)sYr!;|b8+AtX@V-CfQ6l?KR5;3o`5y+(-YqGc zu?bZo!vF8{@MlM#FQZDUR|Z~UVEoU9yOeI^^Z)U$i&2(~+b)}uQ6vAevlp+U2cnj* zp^-1wR=Mf&BqwY{>EeG5;=g}X_ejHdXCx7X*g6L@{4%bV`_J0;bn{-2l#!|VmZE$V zP~JX{f%IL$#zgYQpWGUmTYI{(s8o^gKd=2rLk0_OG}(@IPbbp;48rqW-*-bQ8SzOn zw!}c{*iFR#d+v*ae_zU|Wc%oweN}BU1j|%SaLOpo%c}Fpg!kQG4Br}7t7iv)h$|BA z{`XKG|9j6}cn`%ex9M7oUd!Q)6GO%F4@P0#+H_5aL3Xtc|S&p&})@$G#!#|S*@lSGJ}UVRd&Pw z`)DFplMfP3K}&=i85wD^yE>Yco9nnI*woa-#>GXIZ)Rr3>-y&bHV#gU=W7|R{JmRP zQ~cf*j-$)?#=IgETeIgQ9Hg$?+jgtg_Bhu<$}w9@d1(=c%czF^IffaY`$Qd61>r?M z(HR>mG`iKo97{iupVpk>CD#55fa5Y7p(q;K6ZD>gE$>3+4D(AIt z_MKw>0Ri|G+$rBPs@Lylv^&B%-??d8LZz3e>M!f^Tpg7%K9U~2z+5_3r(x12@G$7TKc

$ME7UjDlet(uCK$M$A+j=H8c#Vao<(2B&4LKo^Fe~p;KacZi!Ge z|AW9yvxj*rgBX6*=K>ffS&UBCV)Wcef~duF8dIo4-W>iJx}Dv7E3+E|5fu|-@%=e= zE5HBUr%wdL#Kh}={ya}fVS?v#ZS?i@0!hX95M+Jkt;(hA*MCiJt_~LAJ$(2O@rjJ2 z%p7;m)e6eV;oK0ueED6k^;-Ef2^*!g#A4iO2NB)P?|GhXmn=@W{^r^6rKM{(Fgf$| zS8>UNzL@Y#9PMwiv9n95sj2yg-ZL`dl5eM=qYFG-ts)ea53)Oy(?{L$?@FJPh{mtCU5!OXT5Bk=StVToJ7v~ zkNxB%a4DU&U0hk+ZtoGIoD40 z(Z3@}#6L;IIk3OBwsxTWnOV&2CMiCCeLSDln>TMRxJq2Uj5Xhpv=qTlR&ll_jrODW zep;_JBkAtBR^xlWha8WhDx!X#kDskotb*tX1i%ZYmep%nkVqV%Y1zIR$H(9D>YXIrF|-KtQPF_2nYzi zKQ)K7l( zXYs|fx;^23Jw(>e_;^u!py0lAW+v89op;?x%zx@pu8E|NL41QreP)Um2W_}5*Ug)h z8yg!dKaOopIVK1ZUS3|8ll^%$UESBy&0*8sDiTo+G;wy@qzuBEe@;F>Y^@ZfG2s#v zr1|*qV?=8Gn)j)Dj&2d|>gwv}lAx??gSx>NfHU+*&G)5GBKis6;Z4<;4e@G9ma*0~i)I6b;qyz-FR8`3s-Isa)Q+KA0V6Q}!GBY!m%XFMfOqk>tRGhWy z&pWrf0;hfZ$&;KBrOS&B+{?L79FL*;1SxxX+v5D8B5B52>Kyh={^Tace^P@BX`OkO zW%$A3GH$SU3S{m#NlC=@g0~=Nj+v&Es?QTKiqeFKhiB#FP&V0p{rZ(fXwFfXfrLq% zbCA(zKrTaF3jWRSpYHjnA^3Cx`SRrpkM+>amPd}=JDJK!w{&!9a7h`13knLfXW@+e^;ei^-dkSk4Kzvj-(X=nFF z*efQB4lYO~E-ya`roDkn!K(bE-wW11QzhkF+zpF~>1jWxgQg?p&mwjnm*_#|QL7gB zKB?Y2rW1AHLCiwE5UP}#eW7om3|4AulG(jeLENHhiGEzZ7Dz^1T1M7-R-W;Hj z0r$__J=}GnWn;b)PItTkftyrEdN-|Z)&S;s*@ZQ^wi18p7=PNHDDEkY1o+e+uGQI= zV0C*usNs9|>{&o?uneTL0e&$t!(WBDy_QYF-8%^L;mpj8$;wbkM6p=+2PKNuwc5kH zN7+JA3NPCe1co^Stm1L*dx>=@zJAwh86F>RS;8e{U_jrOqieS5As0#?PD$I*)+Pf_ zMROT)RCq^4Md?)7W%TNi!dF6eUV3VBfs0GI*sLk=oHZ3Kzc!SUmxR=M)%ltn8-4n= zuRE(AlIi7Y-Sy&Tbe$pJIDpWIxT!Ta|40{KKePL_SvI`RJ*R(Z;|n3T&he8RoLAy| z6Ihf~RJT5APOX%U%R)w*vA4;UEYix3qFgen^YZi;C;gYvgeq)Su@<9+O>Bu#-$Md=FNm%(h4CJ=bP%2gQfggo3m<}Zj)d8 zEbxvr`H-)8J4F@Z`%*0Ca(n4wT4k4genu(2YsE0j{0OD;=;)|1%VKkT<^GR`akba4 zUq^)MXQ-cfc?+Y)D2(N9^quDzupX)$QR$;W)ZDL(Y{hEcKJI(ok}B1a&~Sedo8Pu< zpY6|=FSnRkSOz)!65`_6g;U#iYBer#s8Kg`$p&nj3>{vAkdBEHohJ(B3e=6KdvlgjU0`gqx2e+TBz8 zm*CoSJjZBhX<13WKNis+>guv_b5pOy1@3SeRqOPT?D_a0Ir?SF z!RihfgBVvB85!@~xkHw}yE4q`{5C*X=^uEi>9sa`ZCzzA=-#0k%<$xNJo>-Q1^4(Z zBco&;ubn}QrqBE1*qhdhwFiq=Tf$uBa@9XJ0^ms+>VUF7Ge18K(SU10&u+8W6A~08 z{p=a<_3PJFb#ww|W*#8lQhjot|2cQ=oT(58$B&OiSYz&MVqIsRSUM{!ll)oHtXGqtNTv4Fc?vgoN?0`_?DBLaeNK3kwT6bzWkj^g_?!Dm@u4RmvGJvC{U> zzn!LfCy>kPCSCQ;kX7#LyZ$8>-*`w!6G_fvQp(Dq?>*OQb{UZiEG)OLPd_-?+xY(d zyCf9Exwbeg6%`eEo`&k8+J`<9Z&k#}Tjv^{`!jjbAO+5AMjL~0<#dmq+@uSc5u9t2 zJD8uDxnrJPTntCIAwqZVT<-!OP30}68b;owj_Ja}KfRLwqJAH}7!3fg%Ic1DnQ6!X zQf+NHpk2nODDrI(Q(j&k;KsYwb`l<5CSP4OHDAc&B=jNQ`4))Vb>fB(mVFBS#K^?H zWVf5KkBq*ldn8lUQO7p#USaF|LOJuT!;W&Ys4i!M^KUq!Vqp%0{C=~IsivvzVcWWu z9{Qc7{(LzF1p-VgtlQ1&F~(l(eG-6LBS?-1i!6d>@5XTHihXc3q}FGDs;;5I>viN3 zlu{b&tS+%TVt=V!1zIqzJOlPV1|hq~#S;;yWwOgHSXfwvPX@0St~S1=h;V9dZZ?~0 zd_CnQCo3CBe$2wc!f$c0*gqvD<^AP4s2#m@XQ7y!ZG~8k7{}S%@jP59b1G{Pm3;W= zOsZD)ZM>R=*f}Yx?)g+rj;6Kt20y$ew@pe#UtiydRGHSnS684aLwEEAzAR1sV-9Wv zApiB%s}2+j70cvmLbys&|$tTCM_);9ua}b z#MFPjW-ieB`eRzrif7ZfXtT3AB1A9Z)Han_SxE=2n4LgEmZ3ODcGJSukX)Ohsmv26 zrp|GF-!Dy=2@5ixRK;R~-c@BMVo ziMqW+&dsf|_vY0(hAKj8u1JT0g!%Wjadh9AIXM+M6XufyENt^U>>)o#C@)4g(+E3c z%~bEaAFlwo-SoMnde^On5&p<_?b>ZADc_mIKJ{@yfcxrg)krWO^^=T<>!f`TEG+b~ zH5GT8he`%aKUrgpki3sozw}X)qxxVmdn#5qN%@aZET#_r4 z&Q?Wd^g0r=K7INum|x={%m4tNUEZ%dZmu&W3~)z4D4Im|R_N=VPCnN`fy|)qnBK{8 zw4&p+9!ov~LP7vb7iBk8l7#PFZ(Ug)EXvByr_NVec;4oBd9Hzr0_sPGI{RvdR<`30 z#Tf3|y)TycS68QizL{DZzF>><4UcxMrGqh_o;TfYoN1fPpC)j z6v#Hg9mC<0Gf3(uqp+|amK!}a&Oh8FhV(ggfUI$d*VfVs47JNpe?5M@>TK9|0yU_M z_xN9*_}TFAaDQK3*xPw!=p{6YE&R#J$?2E-$9#PDA9-msmsCVw-dSNcH@N3m<&*8Y z{$G@1XPfrd>&ONsYx|LSH=Cv!*7SBgW7b1I9Ov%W|^;~9m%ss!` zZl0By`NEAG6o{&x9!K8Bq(2kY4L#`Om`kt}cRyrAM4bJ-?bh<$GfA1Xf>F*q0QshS zZES2zr_dA!nO^Gv@J275Yye@yyjJm|hSfH+|Hs~-;gs#nX*7*@%x-c{(+~gS+jRe! zxW$Ut>j4kCfe--7AOP*z(9aP`75T0e9|oOJi;7hVEo6#SBPn z5na2G`wE2PhmO`1yu50=hiu0xDjk>loYvMB7T5_WvAzkPfokiNv0hka=<^Vnm}&|# z)%~bB6s0f+fn+*(v#6n3T9k{61ey-C=6HCB%7)POP96>qc@7tv$z>16X5RkM(XqNN z#>bnYwmz3&8|eP%fZ;}OJ!HSL+gN8QD4N8tS(wJ+=^?Fd6bx|;JkO?NB&7osS;C> z&5qH2BX_0X56UVkWpO*Q8S3(ZBhk^(KzyX7rq-JaGr4mbR%&v_072K8EC%WCT*X$= z=g)8APh0%)!Q1AHi~W*(N44Gm|;sv&)8Q3tzrb zjb4s^fr)Rg+561QAkQ(+T|-_D#&SbsOjM;#EBmEUKJ{=}^g#l`gG2FN z8-|(MZ(ttNKYu<8+1CXU8UU@pA3ugqx!Og>2?+_+05JdhrQR}6O+&*LYDMrWmii5U zFD*|>1=>2v54T}qZ_anhLC)TL(&nAnCbG%E2N{bzhvzud2@kGG@P3Lt)s1AM*TiJr zm;X23^xcRO>)%AH{4G+7IVdoYK>k_l`}fRqxy})>u{4d1jRQ3`{{DEtt&r2x2kRD@ zr=_Q3dhfRyGpDFnTVMP2>(`se$QSGyAD&X-wOq0Z7MS|xQdZd>>0Z4e8gDJ_c{pUK za^bKjTSr(8C14%*k9kf7EXBVJ#ee^PN8U1NYRWX2K}74t#<_p7$@JP!>C^we+y_){>R15C0v_+yaFd8Nj*_I9^42(&N4si^*Gov)Cbc{ zqV_#e8qmBW@l5@mh%h89e=AvsmqFULrbENyx=Q)x;(k9OxxO1L8hb%0s^wB+`X{sq z<5}Rp;cOGZM0wYTKPW2_WKOAom<3|%^3|(^U0q!fjv~&hjaK@^DZ9VAWk0M7F%^a=8QbOXXE_re!Whx21x?H_1V_^+5^jk z;e@aUC`7Fy91sU+MRhsv?c29%nwmY9QWK>>N)6C|%mb`zJA=8QPU_VQDtM09dTMp!0C%nX-tzh=_h#rb;89z|?q&A|1O|R7 zwH{84kN?PbRV$~!H3VoDAZ^0iD0#{(dpUv*2wJ1By?tV9ZM=zcZ;b)umzkFUqj6Mp zURx{7%wz?s?8(U(eD+0d?#?_-6k!`nhp_A-ZXA{x~$n~ObTP3@}XOO(s)Tw@< zRe*Wnx#A~KQu6mcjl@X(EqY1cb1Nz;bXR3n*VNV2F4DHgz*YjXqaxupf1;@CSrmv{ zTG?h&t#5DNc5@T9aD3CfmnTk)u<3iMWCoYkxoltI>R;I4UQwb<{@5JHl;iwL=+o1U zJ2GMGi=Pj1B;Q+ZY;6@+{rm{~SveESWI5O-?tC4KRde6cHZc0%%AZZk1kymq_vsTy z%MQRG`ti=r{C0!Y4`vN85&CQ))U67gd!TQIKA7qS- zHufUju6V?B%);-kUcK7&^QR9`6+_i{0M1~&zNAX|F<0BcIxN3$4ELxHV<^Oi|`epm!7I|{W??2_wNGc3E*Pu01Fw}U_yqL6<)Jf zBTAPEM&9x^0l>c(;>&)4snse)Gd-nqZDv5!Ry=s5eI*(~4_s#p8 zhvVEOJM>iC9y+fjxaltL&JH@0o+O!nN=w5q0$$s2Ymi(xiKID<$-k^j09dc5D?@w_ z9zMiCzI^@4YtcdPANqgN?4P^y8boKKYZBw)TYICTqfLQ7QT?dt)LX$T1Sg@DqvH#` zeNa3Xx^Sgip{$&Cv?<;v6*{3IAus*?{YRA2oh)f7p&4&p9jywFjAVB12Kvw~31FPQ zQb_bhQB~vTv7ew{EnlTO64-X6G=B8^&jH&?TK^KjMiLb2=K#+ut*57#uzlAcPA^v$ z8u9mj1Da2(3kp=L=O0N<{D`_bCHVG=(qfNQ%a0!s#eEN~X!%z7c7x#Sgpndi$6xu&cN-Lq#42Y>tE)%!njj|27n1m_w5sGXs-R>lFkiW% z@Rw(yx%ueLh|)VJz0VKM0BOt}__0h=RTU}GBSv&epXgSFirxQ$U07|^&sD)41&396 zrh_b%OT*CcnyZ-0I^+u(hBpxr&p{<52i_F%0k}yT7Z;bf4SA;LHo)XEJ<^G&0YtuV zv+m>4u;USkn;UAn*ZwMz+`V6bS-;Kt2@)LuF<$dFn&t62<6s#k2``Vbq>CnF6~h$f zA}BneDk6g_+GuBIcm4VE=gdp)x0F4AON@w!&?@6?KLENYAT-pbf8+S*C{_I<^seD= z-};@qsvYs!|LR6nVJb|`yk+pPwlrY%`)IIZL8VQch# z2v#I`dq}v53LCwgf78f5w9t)z;C(YTBtlY>lE~S!XJy2EM@9@p_a^-C@$uhOJ%(cy z8zOYSs&6PE@})nWVjLRb>X%

JK)ZQZk_l3GvQvXzez*dM{)@%gWZ)wnZ2?lpvBV zxcZS%QNVKduJzQ!M?NTOl|`1K}}oRKQ;A&Vl0o;_2;7w9thP^ zTiE2v3UQRe!@|||$*+hH6pKU=XOj8O@snUcuB@`1KsJ=Q+A7Xh+RYLuCkelN-2LGq zCufdfQu~~>rK^!f`1B2nj{4?iJZXQDCdmK7ERSFZJ)8W315!+)up`0!`}ZR{e~xvQ zl`QpJmOx{`t*WMmQ9rf%qR&sFA5W*~(p4JkYH9TNp~=;`}4a zd7w)h-K@sL6#Kn@|GWrl%mt7KFJ8PD;chLSJyGwA_1DIrmOukBY`_2KVPP9yZ}N1w z9Ag72e5m8Cz+wRD82#6eA=ZbAfDu83BWay%ymev*7_qM~O#Gr-x-nkYD%s(`K+Qy#epwW$7hVt`z ze{){?U6&5MJrEMJww%W3wh{$=MbAX6`i_NIm92OMx z6~r*+T_F(>{fMEDAa}y$E8Z9SkePXzhldO@H1%2tfYQ&$UGLJ8O#vBJP=m3#Zq9L~!qg$xkESvS_#>qjc=o0b63f{&qPloQws#-*2}`Y82bj?QQ(a!Wgw-#Q-UU}JASJ`0QyG_V9UwcC+*fVq(YWpc(< z^Iew-?4k(IyLa#M+RrJ<&sXmMK51)Hgi{8gRvOlR8psuSUb9W*@#y>#yHD&^-Jh02S!8o&^Kq?Rsql z0^u3-BQA1qDA0RPetF4HIA0pW&UT*w7cNN4HjsT2Ur8m3E7t+TPJOJ7l&_stuwEuzGfihdBz@Q+O zW?q%a&u-h6g^7uY!NAd80Ad%gE(Jr)%a<=rQ&4_#rCsD$--&Y#GB#(5xThXxXMzAJ z!And)v@{Z4)h-g(t`XDH(n3T1XggU(R@M~We@8`yy1&eJT%4JeRo^;>4~^EOA8-M5 ziXV|9W_Ts89j8Y}9@U#2A};eu&IJIu6Z#jkpsJ`~vuNe&y#z)X0C{S8xeoS2&?jZu6QwwiWj0WYja761Tcq#${z|*wI;aKQ_;C?b6W@f#A6HP z_q{MQVP9SmpKo;A4BbN8G>#s9Mh*zE=X7Z4Uk?H2`|c+(?yG!?g}-wtXN&T&+0LHs0}QShMeRU?%&{-iC#VYN@6!XxKhuit3%(iu$Hirn{lxT@^OJmMb|q z74Br~eV}kze19%}q)ZA()UzlB)6ybkXZQKR`)yQ~>*rmqJ+vu&vbe|3RKaxqyj5W* z6pzNwANTTHhc0ONm%94f!8UGkRb;o)ba9hHrF^XYI9nT3WY& zzQYdBGbrS~7wzirL|%-EbojaY9Sv*_+^=Tf(Na((Me3q6R*B>qykHk1cuWpHzOXleyzuGVO*>YMfg z%pwP&PIy6|%D6-uv}GM}yBU0-DKd5&o;;{@4LtzB@w#KLJ5wbn4)a4XA5a>yPEPzJ zjG}Bp&07oIA|5LrZdK2%R054pPDOR4<dWh$CwabU~P-4URzoU0z#;MbkuP53MNk|5eIa|K!G=Y z&m_Mrdx4D&|1GOZsr!qNlIa)z{+IvZ82&K(t>0>iLiV`STn0WMra~^yNiHi{XqcRw zj1bMUyUygRt*;*he8^u}1gVCk8?_Yw+bS zqE)F~25OD*wx_2Uhy)kp!%dTmn2=kyZqW(RlDdDM4oO zyoRR_s=&csQqAtwDYHoujJffv8t|kxXFi~d>tE_}eGn6(53oZ5L+7Dw$k3y%}?IzvYH0&|0p=i$!lRKNUu+e~b1IyySeF+x&O>iJ&_ z4ph6EX{siWlwt*+U4rKHcKsCr0qwJ7dppCn81-p`JZPdhgq2o~iHY$CxZL9Yzgz?c zS7-n`1omcY2XR~WLH#iUe3cujfO3?;7ITK0xs_`JEwG68|$Y;ER{!;5PN|`de^LfU61W8}j*f(!EO6a4hwpe6))s_eTTK83_=wrClTlj;#?DDw!9vax`5zE(Cbki1~s_-=HE zQ&?E<{cB6z-z&1Wi5F`{!xCaj$~S6oL(cuW5GeQN?6E(4mu&!($12my6RFTJ2WEg& z?7-Dtwh4C59#*Vq9`1NI$lp_zKe~+#PVc}BiYOZK0^^wRu;|A=Ag6HR>H+{1Jw4ha zNs&%doyaX4JKGrqz(Y$eq#5Wy2cLvYVoXkvqjtGTtY4T-3>#2y1LuE1dD@^K8e8%L z>g)Dm8k%0&j~BD^10{n$zA56nW}zX7N_xfPks@^&Kv@z%l5_q&C;*}(wjik9yjZ!cY{0{a*97XmfjsxV>D{ozNniZX;>#iUQZ-`tD}` ziURe6)qi4N0aqOp^j?kOm*voAr{t|T2L}OQQwBz6a$4Hg&`3ec-eW1Z0SX4{DbuMQ zzpkX#dVtJfU}dN;6yM~AWc*4YZv$qe<$CTioxnU=S_R(+hA*m&TA;lz}L^+7F^H{=vk zbe)_^W8+ZCbZ>wE^>N#91mqo|X5cg%Kfh!D3^^vt`I(iCjZJhFdCzf4BJBhe5Kw|* z+L%&+y9HcaRePrzO50TH8`t}MAmr7ufh(dUdteayvqIA*0*K72&9|XU5{y0%IWE2h zCkOxu=we1XucG@Of>!=X#bm&8<%d!n5TVVJbeS?{?Evyyxk|41(4cyAhwy zy}RG94@Cyt;YvE*T?4CCxj|-gU9o_g%LhgauX10YcaofrK#?a0Q$*{k_FbT3@7=ox zLIhekQJbvz@PdOdG^EHkWxY))`VVGEK?SP%Koy9(s{IsX9kZXQQn})X0KQ7ys!RKT zr1#y`$mXy0}q~B(^+AXBycUP~9)w-m?fuvhl?w3~lklD&!pSVc3#S`n{ zP>)*65;|bj0B9ErChr%v4G;fu)34J0FwG$0MQ_#|S|WIwEaom#U=D4G)-cK+9~`*7 zc==L3G`D*J6;_dNl76|m=OM-(Bow7IS4p4ZTHvdqK2+tiMEKzQyvtoP6Vc!UaolxA z!gj2hU+&yBz2ZCA*wCgnQvL?cG$>pc)E6h9f&vV(A<&`3mc+VF1iW~G{lMIOC`bNh z6oB+syh>ObI-7S=KTS8^_;~W05RLR#T(7?-kv`o5XIyy2|3Ml9y|;Hr_%8LS^V`|V za|Aem&WD%Z>;U1et5WX}+=oU`*T~MJC6}G#&hVX~p|V-=+|jqCLqCUv-3QOh@RSsl ztcd*C*E>|qW#|ldxA79y?>vGmONrr|t6!#oyIZ_X3(I7{S$FiO)oD}(P~9b5>?~<8 zWfVN_zOpgY-%kx`h(lBqEcNmCz~OA_x;#+mv_e5m?GK@tDB*2X?F^d)`Sy5h<@h=! z2y!2A>%c4KvXooKDSKEP!+rr?+y8L)SG>72h0XDHF)z(ed9E4_{GVr6b zXFA=J>*?zY?9bN9wHpMxucoFZ^2k{31aVls_O9R#oRQDtwDYAKfl%+*h)-IO?j#qVC_P99k zoyea1)d_Cr%K_gns)%l2qZXJE`_2+~3FMMBYUU0X8+a>AlAV`F)ntZoft|f&mH@xZ z0m?8^X8&jSs|Q^nyK@%1Askq&^a^S{geLTXj5qY>V5{E%lyNJ+%%~?Hup`Kx0JR2+ zEJ#6cMz=Kb?SlVD9XstCI9PekQatrD2MYuSM=L2^PaZ|g#zO@T2uPGlQw2v=#weB_ zB>@iP-Dy=~Jh+^TH86qVZ#`aX$O&d-)D~+e@KNal`PK*WlO3KES`)Vc5D5_ZFg1{J}l{3UwXrO94z05<%H1iIFQu+7d!%RC-OQ=>B8jhGq>51V(ApaU1RT{5cBcoZl|nLH-Gv zh4NZfQDczDKQBV9$kXw^&c}h-?=18lO`U+h9uni;94&u&ca8Fg zlh<4Lk-qTlT1CP?r47=@%rEGOoNmw%p&drPMO!TTMO3gQ{_LPz!rEz$N${!U`&nM@ zKYYMnh4ZuV@%5T_obLSD+M;X)Rm5&QkH7b5dx?bU>oJK+`S|4EFse5O99s{U%F9l`(O>Ova^%7f+=Zz zef>?9{7SkiTLB0tfC4nIaoX%RQ-B0E_S}xbrv!L@83rh(1ffC#O#R-`AuBI`#=I@o z7X*X5p&-v<)$6=)0dFnp&ceSA+4K^WbVy;?2>2U=+^axL9VEaWzFTzq;_G3k3k$~a z=~v@FM&lxQCO;{<)(OruHVJIf+jPG%R*XLE`(MY&+`syaIcBR}U_4;fpV95k>YN}m z(4Ej%12gIe($4++7YPWj*-x_m>mc~U%=BV_;SG^B+ZF^k1aueK4I-dlz!nh*cyz-I z%_@)>UW}AwDLEP+b*CMRuF+mPgRAMO6I{vNX*LicxOGbE?c#rocW^N7tIyX@Z%KiL z`QM8x(+5*)E2ca&K!#s50*`M+!VC|zA^=*@Q5X=GV8EgtAT?UET-@EwP`7sCNgo>} z0pKxwurLaG?D1GyS*dAhy#i*7h(VardE8R~iU!LeREqmwUlD^X>z1xAEihp?2tFYp zlq)t}GV$jrsKC&{+Bz=Zv7kjfK`myjxBCF&X%&#%1x`SYTNqlS|P7Hb& z{xWSgO4Pw%Vv;(L&$siWI|{J*+Ip>a(2u7jS#49Er_JAj9*&ktIAmG>W$^#Sl&-1T zeM{<1%xZ9FJ#}`Dsgh^*13<4VmTaq7z#Q^sb(kaO@%jG*Ai0`KgAXF~kGe(mu;M|jvM%m{cPJc{Ot+iXNre?yQzMy z?MzM`vB!ADTGh}v|B2G

@rgrT6fjK#4`23IojBmE868tQk>CWkk1@bKTB+7sKuQ zg-{lIMttAVK@FOz6@|ndqxPTKN0Vb$P$Hl19fO$b0>3ooh;T2IPaewJGG={wD{}IZ zwbVG$A#&Ywf2{v}{6^zWkc(Y&-TIvGFgyExZFtcM|GMXV?Z0D)THCa}cKV_6*WnC3 zCx@bpVTZsK8o%TKs{A^`O$>+AYEI`O^mK{3sWX3*8~tY(HtQ>xn^pTqW;Syv%J~EY zoIM1&w&|Kf8NNne(?<~KId!UC3W1rXO;jG5Sg-XwUXxru*q?H=z{dKv>LFF?E*-jI z=t+mDmL4zy_ph=#2a|Jg9ean`Fv9sPp$-f2s5PbhMzUbLNvP>Q&RzQxiSm|!db?K} zwR`F?B?p=(A&gm$JBROXzcT+XUG(|dxPV>XIBxCQ$gbgv?fKIWe~wGXoJ;Dgj}nG9 z#{}AGU`X~IxD_&SaT1S3#~2O-&iVqWIrXZi&3A}!g>NOiiGQYSRa^_n>#>Uik zSV~GsG3Xic7Zj2D<=APqQ}4WzDwuJr{BPFkrC8PT<`z%vr4i=yN}WjE&Sob1__E zY_TNJ*g5HGje{7ZS;I$+8YjTfaX7zahVqlz^$4|e1LChp=)QRDca*m7SR+wMV9dQm`X{D}_J7hMS4+t& zRgJQz(4>0^mnPg!$=ZQ4{1UWE9BW98lFaR)6>nQ>fidMc6%6i7o>eiXJ(?Qak zte8)>kK=cI(fPvt>Gs>Vb^>41QFWyzioNVp<=hpyyJ#Lz3;Q~6I6pyzVOa(}RM0FK zzi#sL{}_eVAW{lNA^Ns8I0(=ZkYNi(+Rp;OQdd`>nD4(~H*%G!LVNX!Ll8fFjw1_< z2-VU5`^cvG(NHuew%@!oJ_D0dRU=9fs2ZUD5gP#&RG~V**OCS8k$}TS$!Gen#d*Ny zSe6W3Y6^SossGU%+H%4C$0^Y(JQC)QA3v^AXMoups0Dg8xcdFM{Y%zHWm?%yaKtML zk9)Z5@t}_@IQ3h206!(`kd#m+G#LIqviwbdT(A@Xc>_#@7X$>T5!6F$24L`SK7EXi zHln6_be~4K;;FO+-t`VyPKPv*M?GIK1eK1)YUF~g^v_B zwqs#_-X9p8>|tnJQ8O;M?oAJ&Q%5At&99)OqHYZ<5HfVY7lEywoSGUB+)aN)ZSLn7 z0IyMl*c(vYfcu+<4Tt)4er9?b6B(XmZEoh|b&#h&*jl^#_a*}m?)|@N!J8_fzuQB( z>0j8|1%N3L-CYI-M94smy8sZ-4^miww1!qqZ$nsAbi_0P)*29d0Ey>Yw2|el1IZ0| z7)%5%7;2~lU;$A$4PpvPx8*g4LxPJ4^sZjWfn^XcjV>C*T5NY89)#$1Y|6#`D>h9O9AC`+)YMsTo-w3KA7cA?3My z&0}5s`7!^ymWj*67XHY-WB}*<|KRpTWthIC=Xc+EQfL5N_h^-~v+Ma^-QB1g6j){; zJzkSM>#mI6CQ)1~Bf>=_0ofoIK&r*YQoMBeGKdH`2pB#jkP9%)?&BbfY0}nZOMnlT zD!X^*uaF6sdv3n?3P_#^kL{RfkmH#%XAmElThq_EtE^lKH(K!la}t6M}pL61ie!&cVQ;X{a+ack}o|K%;>_d+Ngw{ zidDsFg>3^a1dP(8gDN~z2kN^txGitvRlP3J#quenLXZ*nwHmGd1ohL{MPk5qfRM2e zFatI^p%WbJuXAu1+meLrWx-hlZKA0wbb5a!E>>`T*RQ0$tN=z-N6Z|?y8fxk&|8K_ zMfK)=`G!o)jp2PYJ`k$D=vXmgGWhwSb@JwymxPFq{M+U8vqtysu|z95V&xQ`+bWO+ z;vay83lOAgFsB6X4Of2*vv^t-x;oQv{Fk*lzl?hwbKx33d9r(K8|K@6nP+c7o(LC^ zz2hZMjT<(!@e_k(X6zRo%ZPq2jo}4~+t?X{1O-_>zj^HDA{ivXzq1*R{|vjT+S>gr z^L40JL_-r$Utdpx11wIYB+Nx=^{0rrQz6XnPGH)mX$g29ROV7A7(|CPovbYg6p(MU zgh0P*c`vUt3e<&y?nrs=+(j`l2FP?kOI_8@d(!`GWaQ9fLZfSMU`51V9LpW{xBtbu z*ftZmOHKGWa3lBhEQxp|e!lAH@<^Ze!z!EaYIMWo^luwl9!I$|j6+(%pRXEjdfY*G zyjV<8va|b*oh&tf9Bgdh804#07gK$TVlfFoC@8Kx`D@vMqAm~M2ixWJcz2_PH3i|B zTheA5O7<}m&SWQ6(+76$Hu6O;39%UQ+uL&iLI)yG{JCrVCHG)@p|chT22GXXtWSG# zJr7H-Ol+K?DYE7z#D}JSQ1xFL3ea_~l{Sv}k=HXBv!BT@HXdy}mtwB!gVq}Qxt#gY zu}};QyFdtgwVzbw43t@UdC^smo!tMluwu}NH0aO$ zQhr?qNPD_s77rh?M04tzI;MQo$i)0RiqfSE)slgW=!p$*h6n zend+&aNYiizdEk#j$?CloLQ6AUzR7}yIP0K7)u}71yL-|@1_ zz4=e4Qz_&y$UtcY1!Q1QfufFLrf2IDQoyw$-->U+6idW0-~{u|U0nM)|SXE)v5XNzDWvGLf2?LC~=}ACZ7Cp+m1|#2STMF+1 z@r4kiHMK|=nEH2WcX-4O*$r&Mh|gM{k!&Nk`Tg(QSEm0j*~4lRUp@Vlhvk5H!>{xB z-A{?{brcfMKsHQ%xcugX%|P@lLeEibevO7qynNa*?F-(aNo!l-)IeRE#7eOlO6aJq zb#=`fUPqOlPY+cQ1X^G8c;}PdNuVloG0^A~nG=Jq6do6M1|)Mh=|V0cAzC=KvdR?p z3kU+jqFq%-9LUN*NdpfDYeKFGMiG?zX0}FxF#?Fs^P3zWY=bYr7aDM=qKH}jrEAx6 z4f(L)gJJRv_4|PZubw6VP-^7+=ayk`8OX`XJ@!Al)Oo+DyUltU5=eLReEft^y5|jY z2*>Xc?~H?muhN)&N&S0QC?PB?42Jo>k&zKj=gV31Lau+9(XmHh5%qF{z-X_jNeS+L z2H{epe7Sq~&LL)&=iTKB5`HZWRH;B%f=oFvJNvL-+?v5Svs)^=7gT_5ON<9_3ylz2 zkPz5)^ZU=+rrB5(S60a4&bVS0imgm;XLeDUj z-#>*ux^Eg71RdUU+BY~o`u{}*0c1_3i|IJsYYE%Bmc5u z)R+4eY^*?-G3$aGgxQrFt#XAF!r-mIz`)35)K60_w!*HKci(-svjfQ&?I0?~Iy*Zp zQ|pr_Zd=Wl?g~Fi8YfrCQ0JtkrY@r+`^k8O2lp6*RZDEpG-w|mu5CWbTTLZpTK1D@ zBWdEh{%!{8_1^63y%BcI_cE>m21eyf z)a*z_^$IlDi!kkgfZ;t9hV29$Mqt9lW4!?n@j-Dfq?05k;tzDXrIz-(Fm|5Sy@1eY zSjI=|-(7g@)mf}}4VhNdao<7v(fOiX*BCt@8d_k}U_mT^j1AE1zGN!(b+};X~BGZ~(Zg3Vip&2o_$_A6r|EE2=Y!x5mNz|MU;Kqd;y@dnH$B)_Hynx=> z=2;?)t~f51z%3Wl+c;qiNzTK=BYSua$Vg!O5p-}H^$?(Z7MOt%1l(iIz`t6r+ScZZ z&BH8YddF8u$!6Y%WaKSV2XS|uYEanHVa7=GJ&?(|Wcv86y+ojiPfL_l+4`V!na05p z$7y<#SN`&0j80x&9m{i!($M=;^MllNDZH}3WJj+_$Ba>f%NRUz*$qhjz7os17$}?Z~BXZcgoatw9@hClJz_pj5%DQL6A;~)9NOEnDihkA`wo2 z`eyEK^N!hn@8Y=NJz(f z*MXlJc)+5{QGmF&^-??DYh|Z(J*r%{fur8$wElnSdJC|sx2}716VfT&2#N)QBHhvo z0-}htprW)O9UDOjDX~zIRzg~&TT)2{LApU|15#V^&V}du?*BgbUZ3-v_tk^&+v~U1 zTyu^&#+Y(TR|cSc(6Za(*R6tH`{fkz35FnHfD8nR3o z^$8cnJWgE+CEvdvtm@rr%TBf9E=QoC(~_uUeE_Tjk>Z&vd`4!j-$0`sE zPn^i}(m}Vhw0FFFhJA(YQ5lHOU+1AhB_S@8S`{`Es(w$HoksG5Te<=HI7SlzNEiie zXM)dWc0xXRv_-9)r^zY8dFE{ObVh5V<(VI1T!>@`^XkPPmKNiip(1+@WSXI;D*<#b$kw6D`B62gA7Nuanz8xz`dX$zXh0P>KaJy0 zy}bBr8?JlJCmY;S&MH58fYlvloo~Ls)r)U)^y8O`@{D^_B%MS_L6PS$B(3S~;_M6+ zKeEFrr=SCL05PMifU;_qby`TM0V*G%4Lx8WL5tLgIt$(c{Bu7$!RJq?s`mzN==7_U zl7 z>6DfXZ)wCAbhwe#ZcxU{kV*|Vg0l&b4$G@J-vkf}KtdM*wT3-zMlgpF#6XBlhav(* zWOM<6`ICL>(;FpD(EOlGx_atZ6Hsv;-x`722(@p1+_#f=;u96sf1d?d=eUPWq0yCA zJVcyltFhJMJoG%E6<6o+WdsQ2S&=F*r$NDZg{Sr{{B_h)+kmCK&j~-RwY60|Ob|p8 za2%glL5&+0xdGs&rU=yU2#y)YLyBxy(3$Ibe+=k_#_tAXc`dSE=V=-ly`A*SGR*&y z<3$M18WIt~)SCv`x7cg>E?~A1Vg$6`-n!qRouF)-a0r6f(4D2#GkuL_hNh(@FR$1pKmZ6fwT>BePv*{mH>NeACURqpRDqn zS%dhk@-_h>K!$mW3s!Ttu+U#_@J1C(IM-|{joUx!b5o(GlLb_!ztd5n)zow;#}Rn3 zmX+Bw+kno3P%QMSI_wiLxe7FNP+AGL9X`y{)e_UHQDW@cX)LE8iJa5!->$gy3a-2u5peqY zI`3HZR}Ci+9oTB^fr#OsaZd$`#qr!UzBbfavu?TrOh=m&A$mYhe8`{5)SVS#hFILbU1*wKwKj^H*{1^ zZfIOKm2>^n%Wrq8eAEFQ|BvDP?EBJm!|S%&*4CHixM9m^NKdv|GXtuM_R%vQ{pEU} z`f8zRf+z5@VWYrb)U4V=n*l&@%{wOmaIyp~w?VO-_ePc>0p%)?5<&2bH zdd3(=@%$2i!Ri36<3H)^LNQOq{A$sGor6OUli9=KX z@FQCQDYXk10`zgHM~mclE(7#nWA%!0R_OHU=Y#XF0t2;L!;TLehQ9mBGobYd2f9yw zRiWhXDX_E8n{9AX6Apdo?(OBxitJ$icPCb%-3}> zadAE%*jD&0?O1Wxwf2dQBb^2qb>7U z4617?_gPdcCL;kF4I^L_z(;?!+2*oAq^J>M70A>o6V;~Q_u2=zHRtgNa*>b%tmZ8H1_q1;t*xz< z)4E*Kv!UN;S^ECHiq9RmxS=wl;aYXC-i|wZ`|71>(Q{e_>hP@TtFCLFF>sJs#^D3K z8GaWV+cN%TNTUVQu1qU;)YEr2_R^w!D*ra%hI&n(sVF1^Pm>ZMJr&SxQ1b%No=dL; z=?Ma$O`v249w^5s2#R}=OgpXx9tkMEpm(kV4D|GmE=&!i&kdhI78N&_N@KlBgI!e& zJZU)kKm6U)7wV9xJ&W8eg4cGz#9dP}^h7Hs@GDDs9IJQ5k@FxV9_XY)j8L_)`8X7} zAQVO!`Vv(W;)%IM3f(DPJgYhsBqMdm?xd(S!Qr+>*@ z7=S&gJI4m@EDwu^LHNXShS=iWF$?=tMbJE{o?>79tmJK(|Mk}`w^aeNNO|`?dg&V!jIaBrp%!`eeRvugFOUUHIL)y=hkFZd-CtVD1wc`O zE4gue_tm{8Mm?klLO0-C(J;vs-T5>5m06VT+4JYoV4Dd!XP+-8BAZqsvMI!It#^{& zleTY$Wt8M;!b;YOO1EmmAI&WgbxDCgMHVxccwwz9D~6SbMMxn9I5X~&_DFBx*vSST zI2t^wMVGisUx1zPSF$V!LMSzO78P&O1Wuc(4`pib$AtO5R7LI}{?w%laW{g%&<1+lLOI4%e>o~m)ysX zA9epRPdvQ5jM|!VyJl71vOsS@v#DT~6=R131Q%*cRR0fxpd1O3-*=UK0F8w~RBw+L z7_>>hGmg*9-hiAE3<&9woOAwsoT!LMUYqw10}ibjk!(?}g35lIz-;@0vi<2^+xe16 zpHyI-LJ4cTItVZ5RyTa?c3jkNnq3Z`KfEy$V`C42Y-$M&1WfqsUALv-2&nN(W7UK} z!l@ZRke{Cqq)oKjOH-q&h`<;Lg9#*{xpF{Lu`5vS2Xya_H9UUy%Iaz$*l7)={2h>v zubgptUs<$aU#erf`953xb5V{QJXOkoQMs9MZ)bc*_xBo7^b$~e4moaK0b|<#Y0m*S zEC8BH^W-H@kv?Y#IRLlD$z1=Z^0q;KlI{%fM4$|(PH>lr6eDiFEeAw%Flb=P1q<@% zn3&`41<mc-lW-h6VWd>r6PLb2orI0O+dwn?!#w{Dk)n$Y~I4 zgi^;SZGgT2PF9BNvn!D0xK2Fk&L6lJq+0k#MMVw9!1wB&2k$e%yaQE>95Z^9lYz}2 z{({yP`Ww)W26f9J3n~heDjzmLKYU^$G;(ut8s~GX&-9~wH%8n1GyD%^Hi^J!1S}f~ zq>$lG6gM?3Z4@|qS%@S;tq3PpSylD%EmN@PH1nE0MuJ|4i9hJ@j~8)J7WkD|NHXFa zfT)3%r1>7cVxALt>@5Y%jL2RB(DFPuUQph;_LpkMjRC|OU6BwQ8wTFRbO3!hk8p?1 z&Dm(4;=v#jK7Qoexn6>A0Fopw=&_>(3i~V% zNs)niL#$eH@lQ5~D&LkhN#V-1XYb>cz+e!}^=?yAAUQh#V&jFNfIvG=ldc}DdEpxY z*ZYE&7M1@%Az{`%p%CQRlmo`?Bp7Bx&m{ z0~}=F<5&Zl#jMmOXbRSXUGCAiW%x-N7cb8JSyO^1d-evrIKZ|Kny9~A_YFw_I7^=a z@D-7^F#fbGR5LL^g@&|R@83SxEuO*QBEj+-9wjk9pMJz=m3nU_3OfpB68SP1B^K!aMc?qb}T0IZEF0PjsdN)3+lz{xLH% z>EJ2?nV5|j8HUyR5DLJIOuXkZ%Av73RmNqB{N`jT%gp zP)I710O}vc&>{l;#_Q;R&vAJYZXWQ58q06uu7fTncuiaA;d}Lf6AMCHb>N@W%_7-x z`pkbR#sAmar*kEQX0_g63A}k0VKWtwm!2`NvfC7V2##S?Z0CsKyRpjqNLmx2BsNoi z*II5bwTcFVPtSVwxJO!Jq&s|wNtzR%M4w>m@O6k2ty(I#?ncAsa#<0HW`-y73pF@0 z`6X#m__T4Y&@2GqDj5w82}aPYg7sf}q@b)aDvDNSAE~^C{@s!6wu~z+dQErPW0&`< zy2ls90uM$rBs<_-+Jt;^N*~KHN$)J}`ssSDMVD(1!PSBG6(5_2hsQ6(IfRlk9ps4jApg37c}bSlmGP1%1sM z`QE{Rs?ZLb$nk$M4*pQ3n+Q0THQLD^_ANr7G`3R+(c28KzD6%O zofORDA78g5a#|=Sc`wTeCgSLiL*6}s+yjEre?J?n0^#Q-fp+8nBqRYNETmcKe_KzW zhRHWnu=^#lwluJWbF;M;nggSDVSJYhExRx0q3u7@-a3HM&a z#1wC{Lfiss^a&umoP}>gOhR%_K9p$?n$*Do7Mx&~8wEPaU_y-0wSPA<050Q* z?zJ;{T%i_92oRPY**wNTuP3nytH!yVL%?%}wLMz@U~wjvfe!-36rW8J>_tG)#84{L z-`_7@yt%&K01hTcmwx{I*~g>;=?$8pfU$A{k7F7F0>N-V))o=X(~v zmbW$ZuT@lzD*SfEw)^on1Y$?3?w`0#}}Bn2P}X z3aJ;XBXDW_YpyA3X@yIUNR0RdLLxLc{th5ClwAP@hgs0D<|^DHw~ArI2LM%gwoA@L zkw@+dX%BCnxo8j#8=-J6@7m%3qqnLMC- zD0A#_6mY}fgh7aSc!-kOP+RXRU?NCq3Dh3Gr?6MLnf;{Z`fyI77AgC;VL$;H5XA#y zITRe7qG@`Ndd5gtYB9ppSjJ>wjYJvA!<-p zXcF6;Z)A$u+nvDJHh4k0wbH3fdlM?y>~_99W-6qo!tTvr-EN%0!gmKtJzfC;5-|0z zLt$5XZ)&R zRIo*dxZr?v&;Ga514(I(w7+(-K}xF{@2CGQVRY2ut9VZU0a_KnI5;m-Pf|gwLz#p8 z?wUUE9rX{gMv#*8fh%zlu*0M0y;l{PFnKjbv`n4qQ5Fr<;hb!P(9bKZgIe$Yq7fV6 z*6%mc@OZZn({o~fQlfFY1b0`s{~j8)&wA~34l|f0D>G53bfInPyy~}{XuqZ2zI5= zYtI6EMV!E4`e@3n$yi&Dlyr8CQ}HLBf1_ViE{k8iPw6YSRbYm3Ed@Y1IaeJ^b#3s% zy0#lX9euPc$}e^j-i5qtw-7N5cXC855(XSsaFQ9({U(g#iHhx%5mWb~dD+yfiqjds zS_Sm5m_mf~scSNjvDX0y`B*K{b#ju|lw@Rx?+D#T;eI1{vgBkwNGrb$0fpW9tUhj~ zQ3sAa21X2hgX2d`H28LOaq6VIXnM?_)pezi4U&tFf83uo561P{j(RJH$!n8zZ*Hot zb16%&`}nfYiM(GqwKZbnpOedSW^+@$Agy??_+k2`e^~@CUmD~GKu^m*5ov3Aameb_ zR%Uf-UE9YECOU_(e>vrUK8<70-9q`vgFWC%Xaq1pj5)(XB?4f8;>C*;NDU)~NUtc7 z(s&5_sWSG<5H$qAGp|BJ-rcM5Ctw{eHpATk%xqhZBU8{^p1AKIzt||6pLi z3`$H(dMcDPHb!vdg9{5}$L{xNc3`{0+hqqYQ%L2D%Gw~0yH)9Ke;;-QR1stI-ZER2 zAkPC}QbpyA#u%>gAiIjQ`?P&+!RPJ?LOG%8fvt_jz}p`Q@Y~_h%jITWE6>FwCeErd z?MeGe3XpmjX1TezDF48&soz}CE$KCA@wE++=0Zgt@<9PrdOHdud|0fVoglIwg;XYV zP2QOthH=0Xvq&9o)WIP$g!_!9gNX+#{o?PNO^8*`c1Ivm50+0$b)jh%ut;;2Z0BA*KQJaA6QdfiXNQ8kK^|T2%Of8i)XM{PH`rdoRC}9P9K2{SU%T z2V>M#F0Vau=aLGlYm(3BMe`JJcAd>$2_e#yC^u7m z9NK(jTGfG|2GpLwOMVt^;qICv?p@0*L`e?0JsL{`&j#VjV3Y0NFsdl93UDjOkO3vo z@tfQ*KEnos8C`K2q2Z25w@2P$uw!-gty-hG;FEv`cMP0EUW0Kz+Dbq{Xc=l12Sp+m z*xf#=u2y&@Y#s?4?Ca1`K4;Y}V~_hrCCcS{Gl5pi=4m;Fwmij+BwFPy`48PF`Syuy zJ4~1U7{jQke-#oaci_4OC9EMiMj~2Se`wErGaG>F z=bic(E(j_umKK$`#XwqlMQv^Bc+Y9J3Q)l6oe|hC``DhOsdwK0CjH9M+96@UHY4cr)L7@w=+hI#bAINbC}}s zO6G?PNs1a8WWa-&bVxQugOR$syTR`45#-G_*A$fbId>f)_->23c@I1LJgU|)m#5Y3 z_)mNgvS0vsFF6S+S-|;(isZprKo_Og+5oG+2@0uao1pYPS|DZgF*{q;!Ql*eGl272 z1dt`lAMB#6!I^7sZ!bL~qZUl-`|j8z0-k}8alq#8-o0A`Y0(Pk3&&^E5}<~BM0Vn} z3{ZA}S;6;&X$0zZ4>(z>O_doIOR&%(uxE^h+^4<)5bg&)TL4N=KrBH83}6Q*dfr5W zoo~qfiN?MP=B~5Q=phEiYWQ5bX5+!#aL*sq6uYyD}0vh0Dq5_-s(Ljl#F6N zdzpu52(-1`-P?@P)PEk=5YV=fA7kuNu-oMLo!Kqsu%0dcfs%?FTo=u)t&F+8zP?~M z+^#ou4*ht5=73u$a<`Kg(&zqbJc&>+1744BQrLS4WNqLEUhIjzL!+XuJ^`Qfj`R^Q zTlo!!;~4*gGUjA=-AP6YC?Q#peKU5q7kd+~NHTKr{L)>B>xhACv9&gf1`K#$!7_Gv zbF&G?^{CDigYXoH_D2Wa6b)5)7D!$PJqz6W!C*Cv+;%L>gMvtq#{}X@3up!~CHQWz zf$k*F=dUyJg=}?3!9k-z5}@%|f`<^=xPhxr@5+D~UGFt-f?UDjdK+<>8l?2`?5Px1vICAgo?&gCq&>)aOrMnPFkt)$6si^{MvsNR`SP6-3nT@tS z@10lnH(^#7Dnm@RX9R&q{TZMZP0~LQ^ncwHd=9r2suxj;5)z`QsOWE6aGsEm5G9-d zw%Yy5BY<^Lfy<)74T=uKDjzAJj#_}bR+R}5{JQ=>LSfBSpJI4SNK)(3#sN43{N0R) z_JCrG)D3W5J3%uYQ7U00qTLCEj0QL8)e49^42D4DT<9;PL}3VseP>~H;KW#f0Uw<0 zWaV85MX-12wy~%yhwxA+>2efbW*ZT`?jVp2F3<9HIr_}%? zH}qqn_k2U{`X%HlTylKv1=0;C_wB}0P6?i*N(es*m` zZKo?&4wKMul0lcJiQAjX|F*@KcZC-Ip5@vFhqac1A3Yj9lZ)|(ph|o| zyTCL)P(ngQ(GJUOORW=pdu&87A|&(}#cTsB z6r&R0D5h2NX{ov-AAL2xNn}W)2sEi4~s%Nf9<`nG>z{Xp^s&|}K zKEb%SFOVZ6E9vi2@i8&IxC!XQ64oq6?!V#&pEpdg%%=9eK&=7_t+<&e**|2s>U}>L z>bt*VjVTT!fz8BK)&s{MC8h9MRNw}H*-K$ipY#t7ch5RToTRf9!lS4K+dG_H?4$A` z?25Alwn1#St()8o5ngMl`O&s+o{C6~a? z4@s3!^wE+3OAKFP+q;))-G=5X%xxjpx)LrjxE=xZtVQPlY8K!Xs$@xI1G312;5#sM zxo579-VI=Pr!ZEX;~8o3Xyz73^luhS>;r$(5WHt$OQ8XS8n~~}>ZHaXLBGn}5kBX` zf!xEzIVn2N3A{F|?*5)Xv^F*>?!8{_O0>H!eV(XuodZ+ptpGN(Dwn^o5vttMx3WsP zbyZUT&^pMj&uVCEKh9lRtnh(815LyRKVNbV!hR||6EEWK=nCIFU0j)AwF3`ivw4=3 ziWO617*%7m6$d;U0+F5z=iVq_ucSIU(0%a`bobh0AhXQTR6J36a|hq;~=}RjJsF#1$?r8C3OUZILvpwZ|Y#WhTrZk z*FERL7^!fU-Mp=WLp_z|O9$gmT~>hORAR)hZga_ptSEm?sdL&{q4SZN=YCOt$a11m ze%ZdW87e5)cmz<_-sSn8OZ{lJWyjgzrSnTL6V}X2AMaB@Dq#jI1~kr|CL#);13`Kq8l`eNHO^B z?TK1a9>(q0SBUHfOXzDB%LwhWT^^kjdy1q`R=fUD3VXk%!$}z6XhJ+D#Vqfvc7z#` zTQ!CgSWqP&m^=`3{PdRLk@ejqW0@qmkXf>0xn_nc6x z0M;S{B%}>+3!DWm7P=XLR|Ln^`S&j%t)aV_XK$GlaEVc%F*Q_f4xgSQ-hoa{)U6lQ z;5PRDjKAl_#GW20%fEl7F#do)-GpcX+v41?&#E>UT*%quWB`amp#dWT&T!|?pRZ|Y zp#&Fb_}*v;5Uz653=y9PTaI0NWf*r-N##|*-~;@?gw@&lg7u~BJ#OE;+gq$YYyLcH zo26&m3vTzOnT7RUs9b4yu28#6WUNEkog2l`10O>0kh=BrgHj$|Ud z-$FPza4fI=F@xe94c*X&LxI&VDIcplRJSq~Fb1%H9DrT-;V$~}XR1Xt*c)ODvPwqR zD#UtM{4ca9(!$xO+BH?V||hP`+nmCEIdsS^+6gu9%5$Cw<*fv_XN1zs-HZMBIUp5u}xUw zsLc_kYWu&Pfy<|tXJl8A){%ZPWTIc^-r1hd6tc{ui#SYZoD4PQQBBL%e*8ZCYGd=P}KBgj;alh-QIi1;7d9% zc*kOw_C!1viG)P48y5%0ucGhKHf_)6`L}8Y*gze>m8YfyMRqOMVQK=7MFC>{l9$-t zng*E~)m<44n|bLLzlz7lBkv8kYCjlA`g)OS)smUy`sl*U3U1k_1I5Lc;17)A{$*Mc z-AzX5+5D$H49P$(K7bMpR+}Q`I``sn4!?E_L~cFaPSi2&$PuQ?>>RCW{qA;%$Vjy3 z`a_uq3g3LCR3q(2tP<|=t6*#$yKEZvU+Q+l zb-I-;e_`rp6`^wXDpXKMz-6vtuX=y`;9lyUA94*Q46KMyIEC$Py^ff5c5O~|x8suZ zBkfPgR)~Kgb>H5I*}k&a1IIU>4Hr5=zRA0yAj?Ig@p@}I#))>no_LD>q63- zpd@2z0UivTW|K~!cO8g(kp&1OOLUx^2SyEELLfMgtdzVc2nwxr3I~T1nU#-^#K&Dv zT+grB^LP;Qu}iuqZt-{(#iJ2V^|bhu@15a}jwJ*O&p(_ws8gw+Kj5qZjYBAz>*t|E zfNt3C`M==2fVvM}ahsR@MrLQ6mIP`s7}LWgc<(mt!QT>!xJw`6Y~s=|7=MhWiqh5p zeNmdw@3(+iuFevHWugCzdjQz^UjskH>kWgpJl>e8I_$wqFJA@&uK68aDtcF%ApH1_&h$3try5hewE2^OyG`+bJR=qi~PyzOz`BQ4!tG&?gs*e+JFYA!+vKp@N zvg?1K42ON)P@4#+;-hzn=9*YC8nZFIrlBw>GMdKou0B+Ngh+!M1)?DBP_KN5dWeO> zyhM8F&=^#NDlph{a7ZRs+zoOa8(GX*>DXo?35ZN2sy7?Lw0~7@GlN3+T&b~g zw~N>&kN-?mFJDE6SXS(L!n&<;+{j~`3bYm7+s&I&yTtBpkiRIG>JCHAG3W!#eE`r- z@JS5`d_6v?h&z${j`@lY^U1S9V<1&xumyk+HXF zJfpRYLPv#BX1~O#Cu}9c`t;??V`>j#0cN}jwg_hw_-nxR?=chx%orz_j|2FR63qGq zxhFh45-46gwiK8M^%Z0YVNfc-1=;M|@-FrEi~=Pk1O3-v^YG@MFJ7`Ohnbr+<(Lk~ zIq!tA#7Wvrd-7fM&T9k?EPJ z=LVBM(pmDEsSwZ!w-*fO9Iy{0@Xs%?2PzFH_hAf20Fce0+*HoE3huHC?uWvdg)aE{ z$wNbM%HfGVgsITmg+@XLJ<8@okAgW8gxr^^rkvvZDOsq}bBcy$a}A7h^__Oh7I((H zd|fixCa^QX zL$bEG&42ZyQJBl#w1jj?={-FouktwT?!3_V$Y}og(ZyY$dCUps-2R?C4^c+h)s?~0 zDmT=ZS*UDy&ed<@4fpV{0-pd_So5&xb@UYT{8e_EVW5EL@~O|k4UA^fYa5HS1=D4gC=c36{8Bg zmxc|v!+~N7K3zJQO+ug;fzevXWeWJ7kj0nxclDRTB%FpV$R9_cbL+-)-C=t6HJBxY zXmI}@k<3q%FJ|R;if{fMZ7fDnt5vLAt#%(iI1H$ErQ%))ir|n_)xFsm?gi;BtIQuh z{-Kpdj(AJvFK@+mSDF-PYIyb~F$4s@c^>(sIVSfSPKrGPMj9CnAB)VRJ`$qV0GHG=^>HVqu_EY++dZ*D8axz zYWZ!gs8EL7-R;-%XG|I2q^FhO?vonCXVvZU#Ml0)u1FU;fQ_4zzk94vd-cr%zI-J9^USk%`5=Gf;QO+k>4Xy*RJio z8`jC0sNTy|h~)e}Q9~eir|qMfD?F%tEC`tNw(-TrV8|U40u+A(~hTiSgd* zje36q2amPyRliCLRz_SYwr7reW2wOnjtQ)^^MT8E z!}>lQz24^7Qg%%~i~1PYY8cu@m^`^K7GzpZVzF!?!6}*8l&W3S<;uv!X03k4Y~e@% zfj}7Zdfm&@ZON-uVhVpl%URnT-@dfy?>Ij(I^^!y!QI>@cBUGid{$A{%weG-R;D=j zXlJ5s$<46~6E178L8HGk-3=R=sv3Yh8L%Yqup2*>6cjzYL z@b1`jeIFWl?!B>43#YkWV-HADQd7Smm%RW6kjSnCz;E!60I3+^QxcwjNIy&ugs}JR zYFKMti&{tid_w`aS`RYCnhG(wqNvETFl4(BVqRqu+#z2O&%7dxJ?qw54cknQp=PbX zr}Vy}rs`u~etQ;SakoJpc{|ydj4te-TZha%YKd;&E~aD#<&6+%0w^dWaj;C#_wqD;=gvwy zU2QrqA(ryDQCssZFUHAbDX@xwi&ht;Do?H|2thF`m90Ny^cE}@L@<#v?Hymg5@1l( zdD0$n-&{r_8XK?2))!jMXk&^FScV@QoZf>|H$NnH;VjljI61CAV z-4?-jtW#fS9i5F6r+)B@8$A4UF3^xvk(dHk(RD5t+wz8Tk)9hDnQygiv57PGm}25e z)w%xQw}(n)ZOseBeXzGN3KhnVo-3fOhvBe_fhDpxZ22s0^v-Q z>3SIV*fDqgkSwF3EQP(D8DnszjPhK~G0ut#n-8PrU|;FLifdk3m;7@68MZD+O?Lgo z*`ZGFB{mtnfR+ficT=RANu|xgj>HE_LI+X-ty*H2>4uO2nJ?IdU-G{STR49H?1h2a z+|~F7*M0@h0BgT+`aEjFhuV_jcZCt&;~V>GJNeJlD$*9c`$_2It1UrighL_^+JQlMw@b z3pRV3GAAMDY57U}Q**1r`Lcd?#4p^Db78=ja)m7tyd+3RF<=G+0^=aT-XEPc-%u`Y z>Dm1B2-IXD>DQ%w|B@Wc>jnFaXXelPo#w`A@h)H4-j!bs{PV=--BvH{vvuFy7rOYr zNx8W^vcV$}RYWhHB}$u`TULW0GXXPv_12&u_5|wvwX|3;*p^-7mcuT-o${u5%z=(6 zhxmERuZJgA-<~}7^sh8Sm-MKc#kdZ(EOcbwY|HUp2e;K+Qf=T+eR#k|fAt8*M58Hq zLKH985J?<;92H8o{QaKZa=jt3$1fTxnz^OOwyvhpSZO&k=?&p`_naM^7Gnh*TenQY zGH~qgb!Z+|2V0GpibZJSFS8BqaSd&a?w^^<(-NymS`~+A*6~te`OnP$h3CaQiN8H8 z>fX(?dF}L8DnG^Z1R4#U>Fnb29>0p8I&SUMS+jpB!|K2OY@z;?Hz^QVh#E zcOCs4v7RpPX;Kj{{Wne5qh(vQE*q<`Hk+oH;D@`M&Bj|i(G;->BgsDwZJ%PK0ORT; zpos&Z7z~4xww*bh!3j9ur`OaSF&dN2W^-g1S=W|)KAzh5|1@zBOAgFs^=>Iay)%RZs<;Df=Q5wQ7->;!J~L=$)*)let+IFo*%FR z*TslVLt-KfQrc+h@atijn$k8b#*q*b4lZwxc!x&+rIk&rfmIgq-4a_EnvY;OzJ{L? zc4Rp!{(;2i&EaOBA&8n`u3c%T=^&bXI!6>l^_L#xNi2SU7~CsXf@sR!Ip!%}+we(V zNOG!sNHk1Fn_Ks1N_x;cmylMzId?_{Guo40r+z=h2uyW37E=_5*P`*p>)Kg6JKiRn zP7V$`fh5OhSgu)K#!{PkN^)}J7Ac9VeDIuW6ip;E_JZXBeRXOUPWv0a*fYB;%<&3N zH2nkw{>9I&Tjw2*6k)k~F7rg}Etaqtr$*JbesPTBE=d}Gj6ja#G|6ry23`b(P3@t* z@WO8X`XPD3$3&RVGc}z|@}9{C42k^x2rSp0wUE)$szd$+cQ!o_kMIo`d)$MY;F7n~ z;+nck?GF}KERZk(A>FB1h}T5#zKlkXX&^iBwBo9Z37gC~kG+~LnwM~}+-*wW-_^mo z;90e$x#n8-A8!4@*31lVk8v@F%KOI2^na50`&DP~ARX<}F;1mEb*hZ0`fmhHZlxPh zOU%5=*)iDv%jF}UwH-@tq}}hNcJp@j3*1M>^j^-6)Ku#~`}+Pe`y)lNV{~2;hv_m1 zPAW0#DVfNeK4VCCefR5`+)KLdhuoN$7sdk;E!Axl6(4naQxcPtAA2A3RVy`qGwSB$ za~aQDj~<`eE4k z8-ePNBxy`o{=k*Zms6sQOjP;;P}}!v?Cv{C{#cFQndm$Fg{vV=$6k?Bbjg`%7r>AR$@<`0_Z7*ORZ! z{iFn24rmvfMMOMI@E9krSo?8_RrC%Oq;@MK`+F=fe1K4QlN$r`qw1jr5(53Au?UIb z8uPtBENH07v15l6_VE0eQSiopbfr&H;S-D#=EQApyYw8TkG_g;NKek)i2uT{gk9?K zW#(20|1uFwf8K|xLZ&x~N=1}~{Zvzo`4;cFPh0boY@)LCY$uz3X7*5Y?Cvhv?9A#E z5fmr$jjr9J%OsVnu_h!+Z_aObS zQ8vkq8wR&-k&(IX6EM*e9QCD;@MGktleMKu9Xk-wr*ni7`Xgv%xCR6 z%lK}&OkzaYpX$FCo-+yK${tlZNcvUjkO?eSL~fD>Cnco*QTeQik*~NK&SYJ{o4!LJ zL90*v+c|FyUO9LFw-37y*7W$Yev_O#zc|FfTX>>k*p;h;H~Kko7*o(1=ZatXOru!; zEere1Wc#S^ha?-|N*DxfZ7JD(AYoqe{r2%?Ow5cE%)tG5Uk4IUoK=zG@*K-R zzH>{hmy8-No=fD;&;`X--Qsmsn{T&1RY+GCeR@gAR2;pZipOIoV)8yT zQyLU*@4a%QIHh&zo3cv#?F!j41?jC5qbX07tm&Qdn**wMy-2p6Zuo!O{YlxlJ-4!l z$2km)ziwqXeNcDEVWn5X$3185NFRlozn&k4nUP)dEc$> zIaerA>OgS{O)(M^&@`cTC^Se(3rhc-eh%5wP3X3lfZ5e@O!dwo5ZhqyBROwF144_K zo)KJYxLwV|%sjp9QSG<8yxO5)1&)a{x5E}P53v_O`#ZE4xCMf)k}4`fMnyg0#;SML z?7BX2ym%|btYx-y%q?y&WjN}CoI88!j_jlGxbE@igq+O+eAn--l{yTKyl`T&Y$~h^ zU!t8bvLIEQuIji~&`;}Vo)^K;OgwP$xRL-V9Ywc(Snb+qyT^*k5ni&VO8yu&-sc2I za0&O9jIa1(Y3-xRl`jmIjpX~LJFAeK6mwq;v=B}n_(f0a$u;1=h z>0%)ahx#GC2ZA1EM;M(dGnlJwLMykX`_h*XOocLitMXxrOo&J9E~vHMKhGB9-x!IB z&JeR2ScqgDOj=o&v>~H@LzO2wSQ50bSSZq(@v4Q_*Wztl!__FkZ0BfB^TgH=aQ3d%O&FM`w@Sc`cQz>Z)e!3oU1F z8s44C90UR6WT9c`wZ0Aa#~+{Kf1AP~7%i-f$sb9+m$%t#n$xi5U0$nxV@2-s>Z^&x zB(AgKUH&(MSN%zh?oa1-G+={V>+?>rlax=q8(_;Od^Wnr#NO?^?A0q*68|!t?T1Za z&eEf1a;QM*9it8+J&aMPpfkT6w(ES=#Ihcuudpj?^H2ei!E?oerl&nj0hND;#TN)&+qz&Fuov^)inkm)h;+!0JX%1bk+V<$O@Aqp0 z7K8RJ+C*!oMo6TX#mt5Ndi9#V2Khj;Gzi$;Pq3T^p+kl;ARx>O3LKl|6;T^W>?;YU zKU-hc@C8cs+bl{0bHQJpWwntKBApDzjcVf#%Iv!4p=4of2~jv=;p3FQh1mzWO{W^x zH{xYtUGCp?J}x`-mDKr09pifS6}!gM!4Bfh`620Ef@~_?RDZY5O$kDC$@A~j5+AJTpbKGT_#rW4={rj1#dlXST zLGD-2zwq0;lE9vtP{ z%J*S76Co_r_Gv|pd^%1rtE(zzeO=wBB&KEiUU=2nB0{%!U&hb+vQK)Pdqc&e!|gwD z=+4gH-j)-~G;Sm9LU(*v8N%cD+G%S~-l}o8lD6oNylRrSRU*V#`ZJvLY9D_4mznNK zc8AF2K0=06hf3nwgsFgLSD|&U-Z)rno1luyOEH(@U_{59Q##u@Rx0F)w50P+Qg7}l zdi8eMZ29|D;ab^j19#l*^e$zL>`y7inakv0S$ssi&wU}>9b|vLv7jl=>R^$PQKUCX z!^IhUpP7Ync_m|)%CMkMT;DLm?sZ>*khTv8)2nsL^tDpoKD7$hDl(QrZ3$5k*=~l_ z@~vd!Ql(L=zk(;H8Q*Y@y#C_kHo#*j{aH?WTfBAoXN{r`XGtzcRkc|_HCGu;W^q`k zX(kiTAbq%A_SHg%*7*-lZ|?rqkgZrf^=#-VBWq4`!+5l5XMg5&V;j!$GX>u9;#mW; zX42PGyb^c6LY%07rliuQ3&!>y<%x-k=#%$!rfSRIY3&^6+3!p# z`Biv@i%W(%*-E{M?Z-Yom|IWpQ1iEsL!&W$f)+a-LXAgN6nMOe$4i!Hrod>23)n*mrz13CTUI zDeUU-x!}W(Pk-)@49s`#&AQ)jYRSyAX;Ct1YjyFgw$2&;lI@dyY1?C`a*1xcH)?Rp zFWXB_t5nKi$lB#a^bw0)F9zl_f)8^Y<$JP4%j`!Q8VC)t&++mr*EEC`a%jk6ho5lC zw1S5LSRHfRq5Jefx7nYiO!AfFkVgvf_9rgvhGT;J;*!xtD4+2z`#)(}T3vR13R?>fGTFzqJYAAMs?EaafL<1j^?-Fq;!?r>64PKW90O7vLwNvui5-G(ox1uYI;Osw8!D3@~Sv;^B5UKkKX%EgxAeI^VUP=adxMLR=`!t^KW0 z&g_ukxsNheFN^BO2JF&MXI^}8`RE`7)3hbh4ypfrIq(Ywu8&7l#@@Le>p$Y7;YVv z&IT%Z7^ll%TLE6mWtzu{hdm~!F*Tp>b#>;ND`eCqIfH`~Js82evO;f0W$0Tk-&pLB zrT*wl<49?PZP`0@pYs2enDkx5hd&N>ON?G_Fh*!?|$)vea&umakt05 z@4&~NdKF+LI_Y?ZcItY@J*OZApT@HDa(*Rd0rOkmt~*oFuGd$Nnf)HmRLQ#-L?k7!@a?>XOOO)hd!EFVnpO=l z3~%q>%~Roa9}ZjP%*q+0E_f6A)1F}o(|pCN!{$ZmF*@udTp#Rxb0XsK zj-Fj(+Vuw!)ky_Eh>Y8g;O!@P3?)x+ZWim8SLq!0IDH#$dFv={_$^7Gx>&)pY=bOT z*5BRV{H;9IWb==6Nz?LBt(>T5u`2Ijt-GGWx3Zjj-Byc2FoIk;*FVUZ>1ndq#7p1n z_Z#O(JxEKcl=(hhM>n9>I&R3gBJTBTvak>N=6%;7zqkJd7HH?rndC0oipS==&Kpcl zi6sdC_Vo0`!&G991-S?qAVxs&fyEQ18fSN>!PV)|((^VtJKHLILd|mORba`|qAQu_ znvfR0X@B|Wu>Q{tF3FhqW3J8D&Pk-qM{G?`@Yk))7S(13l5$~#feJGU;S=bJLSU#8 z>^dKQxp&<>Kbctc&fU{%bRw~bvW%_kDTRNFSOqc1O2nR8aDgwq)0%Erl)7MR4u8dW z`_z8y=`+lEo(1H>6^V5Udr2&@+{F(DL^)gDR1FQ#iVkEZ<=i=QIE-LuD>@sl`#7j={~-7ccRcgP8iRSP^vR@hp0m?^dLz2pjfdFwn-kPM zIE*U3?mQ3A@*A?>6XhD;d$Ab4xHb6eOX)+~+%~uC@iW11SVj}K&uUpo&rIv_%nQzF z^|MxX=;=btz0Sgb<4@IqOJG;BC-R{8WdBdp00sg=?}(!0C4mCRw|ll<@0>#%q;2FQ zh|fl$^@((xySq4l0nfFRz)m}o;>NcYv-caXwd8NY96*Ki9ud^*;8OT1f5yQbr=84Q) zJ;X3jmh-L&YNA;gP1zhV!CbvSTV7T`{SS*#KlgjIxQdXo@!$j1>8V#moAt^_!g}$s zeOs#y1RAW?R-64@6LVKR1=muPWzx=1uF8$eSR&5`*1AP37G~%Ro_&?Lj3YMV#BMrB5M-WJ zuPBt^|4AWLD4YWSM=nL>Lj=;r!FSo#X<{z((!IO-uuiwP`RvPQ{AY zS&SPCTb%{aAaT&NBEI)&liZK(NobF;yHNA` z+TRI$tU>uDjYBAxr2{3JzK!0a;Z1&6KvG3O=@3EaPA$JdH}}Z;fc>LhAH#DDI_H-b zODcSBG5YmW!&I@;PRcZSI+xhH$^6Qq$NUE`$=<2_t~pMDu{%0;?#EH$b-dL+u~wF` zi;U;oG$M%kW9(;o6tnyLpdDdU?`?}CA$AxLm~$(|vApB9%1FxMB+UHjg8ksO-nz9b ze^B_tKZi>!-)V6;ZJL*f2+8meoz9Z#24y|QR%niwCQF@6cyy&BdNcofQZO$sre9g(lG8Q_*q37>E7{|S~ zYpL~6ZSSC%FRFWrAl99n9Y(uRRFg$X&z~PdUgCJEP7_9?$0GPu?C2_#x4UZQ@If3VomWeC^EB>rGO(C|`f+ z6uWxQCTH>Tt1POD>Y^$|XN-&eQi+dfJ^eh7f2L%OmhCE>UD7nl65jQjE&A*v$B6i+ zE~ma^1H&VC?O$U#Jnp5FOE$^e*h?xoeojf5zqaw!u0nEWVBB$InN)9S zD?w2peX>DZinlPlR(U>4*W zpUV%3-5C?BW3BwW9?`;JYIfvY zUSpd-&PdYFw~s|`QA=4~JjN11f@i(Xo@Ry<&3&tZy_aISBP8&&(&+jk`%Tp<#w@vk z3%~m31{3&)ukEEy5BX)=PG>!_ke~fQ zgkCY!KT2-8T;qJcyWVmpdq9G7;8V>Jh_4z;7rVi+Vk%2l40HlqeTl>-^fm5K@yBh zGq0;<|J6T^TXndtJ>>i0G*zau>1(RY55ubd(yg`73zd&*+QRvg1r(lD&FWh(DD$QI z=21J>&xeLH{;?5Cr*G&Gdw3cn92#-{Py2CEBT@O`?CMhZe!y@s(G_z^j^Dc;-;>=4 z&H9p-YqaiD#)@Xd;Gh3hAz?JPPczkGvZVDlXeJWVRj&Sx3CY$^EB*>tUQUgz5VT))+ ztNTZZabcX)!PV8($|agAMAvkl1uHM00i0>lk*gQ&yRCbp*&;UeB^bPX?sd-@wc$tB zzDXJ*p`dL4*wxo$t`cv2J9{i*>QN*zD#$GVe8P8?rE%O#wO+2wi^G4bRrd+*{xt?; zoX!G8Q{M*_-e*x%OmUKzv)^aWMgnw>AVR`UEK+0JyW@y|HD(gOx$3Q3 z&!`tiV&tq=I+?Zra%PpTchCI=-1^eZ-GKssRN-Lk;{!4fzIoQod#fS)P-HRV0qWGY zc1v35bwOjbXy z)-=`Kw%@XE^Xp|-hZ{ZK9^ri?9=;?d`R>~<6e;sQTA9@xeQ?J3sAXNkK2obHn~x>Vm}pR zEpkme*bCI3uBD0XcoHa(xa5Ap)BV%*KKl9VAOnNwrLd(*{>9|srfgGMB}^vP^?PXV;MezMjFzU+6_ zOcsBMGd?Pd?7!n&0Bjcl?@bGnMFWJ%e-i_?5LPKo&HS|1Upf%(*SlL z0i75D5(lhM(9lP>QT~lAI_aD(pyQ*!1uf;q{e>uGZu2;bzcB*jO6UO;V(x!)H3VS) ztM%*o#f_*0*6G1O&^z;{Kvcos!Xmv*3?_W7pltPT_yI~W0x6%pPY-^%{{F%Y`i)dD z8Hl3}k$H4mHVjtmD{n|5VxBcGQ+?1sG#&3+c}=2~ zSjU*IBTBeXg?n9o6k=3^aC>vnaL#7gT`!5Re4M_i2$ zpP7W&`H_mSIo@US{`E|NfXGR2qpS9A2}`ktb4%H2=@~IWQx)BDo{=SUQqSg2HK%kn zA5K>v8;%XGOe5_K?g^GmyN-|{NV&mWHQORpy~;NjO@YPc(3cUck;|`}`>=nntxM{-QMz#X(7V z=<-j_aHVlHh_w>S9Sa~9a361N`~u!75)5Ops{{o+3F^|D!Hz23z<=WoSc9GJ4rK)k zHuF<+pC1&k8EiOJ3&GLs=Dgl6*q&E>FRGZI5Z*|mkM+ZK_u!_1b%aT=8OcsY3=O=Y zgn$Zp)v!w=Klts3xhGdwb8;pEf__g7?^1Yo5ea|#Igvm|D?26Dyt~!apA@#W6>r%| zph+*Y99|+o12x*}`L3FmZoWSHU-f$qK?iC1!~6SNWgD!?@QCu?yvWWjrfcN z9Q=_XYpqYOmYJ7qjIq9&k=A<|ySK5(;ahX#&2c@9yXSt3+e(Zw6-YV`yMQ}+g!=J3`t51?_I;jHtQ(Aaoo4XD}_V>n1E8L#@R0MZUd^YFquQoXum4`30HdA z6)V!3RY0QJQh)s9r0Pa+*`JnO=`<4QeS2DUUeTb+f~b|~M}NL;d>67lkDdW6O#48l z$SMNwAKrHo2KZ&(;D(S1R&yJ&bxo9-ZJwAhPC zq^|SmZc*-E*z2Nmu4hj4qF7BMWcj>+kYtFkw zOL^U^`5`l$EpeCVqN*Beclmsy7k#g&Rg#glJ*8GCdA|6E)#|5AUCOODw0FYPYY6NY zBo~iX*sj%Xo=dIcp*4GZ|7X2STW}NoXB=`pXZs!E&T=XKh4Sj6xSnOXmO-gztRu$X zp?u_ni}4D?u=pnz>;@{R25Z0q^f(9d>R!TGCL ze-#uG%$uX>#EBq6lqd-`Ps8%co2MCqU=aXuBHa57EDvESIu^IdM$c zxbcw|VW4*a?l)NpTMb`Mfz>55i;1OTU%W-(6Y~; z>=AD6e1;`NSO6fOi&uM!f%GNi+fP$dBe&lEDRyu2n$~;rN;oRt|E&%enfXySYX=Da zHdNkB@!wv$9Wge>0*#)QDet8#MR<*k2N6*`tCX{T|FAivi10>>&- za|UEgojoDe3(mxoJaW<0;y;OZh9swg>Z+K?h2{(!&u^Hy`8(Z@$W{`XQ?y)6b)_?W z69d&tYj5?s71>gl%jMAsHLom;ve&UbRv zboCRU{uh#$VPcyr7$ivhtuUZr&Ckw3vtY_iYq{!obDj0eA!ZRD21!noXmjzR`sQbG z)dF+pl(#bQkoG0|7+ihP#17Bn8_6HBRCm5$AS1=%%)A<50H5TRRw-=E;D?W{PuvBr zWiVRrot>m5Ra?zK&=JbT zhNWoah?;EuEPA;Al^oyuNb02ahCUNI(`=+=IB%Y{5*fu%MUcE`Bh>6vewAFUN%k2( z`;Njd+}A2=`7aj-E!Q@OMX_dNT`#aP#_ZKTd0o`$-!Q2wz$`!1iaL)X?eFCk6fi(- zE*M={f`$0c@1AIx5i-frqlFu)F>(Vhno$Pbf`wbD_Cg)ceP!fkeE{s+Q4;_M|G4#r zvNGY~!SxV2GsWgATk~9{`|gtNTJj`zRos_Fbf4|b{O$DH7(V{dR2EQd@+-Zws7nSG(|O7&eo~HG@RjLZqLh|U zTozD1J=qBUHgNFj{pYtDiKFk%e7wIK9MFr>M`=A2N*8>PV@UT^{bN$KK9W^`5pHazgEG>R(ykZ>SGW%>uQv6`rr!UxcC7FPP>*fCN#b^w<4|74e zwTIFkME(hG1<@`hmXD+}>*J5P% zLUOGfRZ>9_8)k2<%}&b@L$1Jxn`>LY39hu?9$b*0sn*#sqT@?3REy(27pWM=IK|#>ddn%RM8~Aakhc4*tT*M7Iva?oy z01NgDYk&gGLDAX{VhDH$Xz8HBUBIN5!zw8x_XbtJt%WH5g)bRO)Z$L`jNWsPd}B1h zF6U%#wwR<1u5UYaZ}B=XD5JfPKvAd@7WG3z&e1hGJZ_S+RlG=geF=CeuZ$;~Ub@}n zH^F4$*Yt-PT_^le`n>g}z0EjD0+x3l`W#v{_mne2G}{XCs|{^BOPn>Wli2Wb!m*Xh zhR-=O)-P}G+FtlvnSfF8n`W-Sbao`Unw6nxiu2L3>2v#<}Igds1iw2jzD z|1-@64xNOwtmA|T+JHWKL}6>Nvov@Pz6ILs551+q)d$tUPL=TkCEQ?;08=W|mvR8r znE{K1_DIAb%UMWB=nMFG;NNx4lT^Js`7)LP0UBe+o_?ZEuDc{I0&^QC5acZlIP(1H zI7ta0Nx^0+ts=1=g%wQtN?s^5C<_SW+2b=c4_kn|=3-|yPqfW&}+ z@w1U#>h*}WSJbQU`BCxAtA6S$DqxhsCL>Eqx)nu=9RDpXl?dXyPG0mWfT|34K-FZd8$vRp^u|Am;rR9iw&waDyHkPD<-gQ1wgMk{ekHwg4 ze~K53wX$)2f`+8Gd`CSrKy@Mn6pt1_9w`(==D|Z6RY(e_!2FT*{{4`jV({x!*iOw= z0_GQ`dal+SU>YsoJIuulbwHYrh}jy5i?%BIEG!03R-BmI^8*qFObYe8?YE3f0*}gZ z*rm(Y=*x~L5JpRRB?IplJe!Ug#FY-mSZfcjC_UgSe3ZJu@WlOQ*P$7W7R@UHqd>>a zJ4Bl;Ki#G0-o}Pz9!2orn#%n8adOw&ygslt$8wgH^r{6=^|-Tia=%nLn}hBu)nK-! z8VH{ub3g1EJRStRO%Y=RpD@bM&17106;@2N`?E3OEeV@z}$FvF)q5(Q1 z?u@Eq!>ahCMMu8hm3i^o$lPe>4nu8@;g8tA^CwwEnV2ErwC1me#;W)T&wG7rdE1ie zB&SNppLl^~6i9g<(hrq&Swj_>ch7?`K3IuZqa4DV_@0s1Xb41t-zP~{?ekw(55+`# zUa8uT9YD}C=kLO!l?{^t*5y?9dzTFaxWkP#d2R0&0YiEeT=%d_pXZqHU{h#`Ssu3` zoA~1$j2+)+&{6Iukjp<1ZQ(U|r^SF>-r8`3K?g_l9%FBpg^KK{aJ}$jy`qi5qHfc= zKT67X;nvD{k3{5*0D)|!!mKIKY}p0G0Pva%S%ih02a?r$#Qt3P=15Gu60$EGks?yG_!vfSZG#9iApa)ydxpE;W4rlOW6Wx8B|v#RA;Gimdk5( z)IrP|RYZgBX3(k1k_~|CT6H`%I#%_?rX#wr=bAn)7I(#@_1fLuc8*0~`NeTs{8t2z zFEz6uuW)%z8}}~mQXeB(N2hY6z(|w}b8r5w&+Xkiso;5(tje=F(xO|?x8=UFh0F!3 zgb1dbHNVzo_`=gHb9DM+n+Z{zqUETd2Szn^qZCYh@80u)IzBQsAnyY#cokAlxck>I@w9+E!?P3(3b{M(STYu)vjSV+E^DjpCyE1fT(05h^yslzI_jx zeXiiC!LE{H#JRQI5^u_ii!&UM6?_SAe^yWC)PtK&HP)i4i<7^%<4>KGm3ux3XYb3X z7dROm}${#VNojgG)@nAc@>J1IA5oKYHj+k9jrb-7HP=-LLm#GBzo4q2=(tt zAcbu~pi@ATaWOKr=SO5E{dDtmvmZ}?IN()i54S~={(0{jQDr*?U==gcdobH!VCU0Z zJ0)t(@R}}HYB(4C?Z;N)u?Q!5LCWN}lX!pq`n9AWg4UVOx0-erJ*%AQ&td1z;%Uo} zNj?kV^~A7YTu;jdLu1w9CY%T)I)-BHaaSA&^~BDY+*yqiN#C{i*cR7Bk>i1ccU6f>TeQErYw4W z`<*Q3+C#3=zo&PocmApvo~)dn#kux6)KiU?cdh|FeXFgye_wPkxM}?a3ungZ_$<-% znNlLs?sTi;Mu72R?z5TAmwk2(DGlSQ!&iN?y0B`;VSIm~JhD{jH^kj`a>0yTgVqPh z>lMDAVRePRzKKruR4F_t?NhMcS|bJ4<0Sq>Gu}?WbNq`v|kT5H>%2S6l0JRU# zwlJXE-QC^tb)IW)CSuFGFz4JIB;OYG{ss6$w5mg8D7oHEnwYzWU~y7cuFu?-ax6q+B623mSZ7Adl~mA?%T zXb4b~ZsNf?x)~T;@7WW*Y>3&mxmt?(gyQ|;-|GRSdP)p?CTx@%Q|{;WXA>LVMNNf_ z))hgT$e|%CI$4)MhS_n;>Zt0n0(Tf{g#kb11_P}q*}bUX+%z*B#DCA` za?|B_69>@$LY>K>VkdzmFWKFGsSOM8`UK4md{pfUY#UJ{5^%YH0@`4p9mg@U8ygeT z0Sbo<>Ju+#H@;@7F&tt*<7qr427ZRjA3$KHbSe(e;0pUuRNws=tW!`pI2y#(P=7)N zPfs!STW=yjR_iLkZ#6YFYp4$QLFO|QFv((cn1z_oWP(3(L>K1~BZx-{pp|N}0EU8s zf`sojC&(#08XFr^_v1kg$zZ%84JN#?P^?G9eohutnqmj-QcdYC>@Xq*u=`uxxC=JE zzh@exWRF&b(Xt=e{GA!Q0ODy>vwihGe^H$)q!~2S+V=#(a~6~cHI~g8SVlQtdY^h@ z;J&@pRp;fQDCOMM;!v*FobWeSMIX(!_ zNE_76h?ZUCTQIJxyeQYK^o+mLvjf=M_Z($HG|noWWHf0oNU57vD8uqTdixoYPrNiy zuq?sz{yRFjufKAkC8Y;(WB9Mke0NVnqVnDLEemoR>zQzk^;Eedz~7%%4W!9I&SHy% z)qKr*1`-lPkMB8#GGC}h5q7N{Hj;Jy5zpkM_D{B%mTpnz{0~Z{I!5MBj&9?4mo%v^ z$K}xU_4liS=ra-#fPgDiDVUX@W*;0J=b(!1Kus4|J}D)i@e`0aw3=&v1QMzWIy%pj3Ak21i_a><*;zXU^u|5Cj#c+7Er@Y^d>mfd0>=>T7T}w>U<*WAT!(smfm4v>=hvd> z_u;&qN2moXf`^(ImDibH%tx>xtb5-tecZ%V-C4!vuOZ0(<~*-lO8IBHjz?}ZUHtTzQ=qp@zu1d7 z^Jh8CpuNrltp`XAwShUn=Kf-A6xJGOnNrv`a9qA@0UsTfG6lkjneHq#qSoU~OtGk& zZE~NN6Wl)0g{p9j6X^3JuRr!&n^4FejO+<6yB-e; zMyL>>Vfj76JAP{w_&=T|@)|t`a|@8Nv4W8#DyoMXqk)?f2z#SHvCyQd6W)jmC@;F{ zA)@w1r}O)g4c~WV&JORB1vf7^_`-K(!m&%4tb9LnEvoAy%G?YFl!p05yedb6XZ8v|A^k^~=6 zgUet(Z7ok1KiC>Wg2CLd)?edj)%z&#$)BH}Ua=BY!_dq%>=Xo)c^r;LOq}(u;U<5+ z=P>c{JR~IW^T=s?=r!ef4zU0wP9zu%k(iK@d!K3H-?-K>1s#(jn}7QFu{h0cNe{R`{*-z`TQroZ%51^)azl9dywr!S}E znd(L(%Q!-G=_q4mJeMl@sZ3CPCbu@(irSndBcRHcw8{fn_GPmgF^O^A?b+;T-F` z1POY|G6=N;617ik6B`D9SNDTsQf)3`$1AFIMHYMATK>`>E)3x}0~hIp*d@?Ufy9m> zO)KhTl$|nv7@sEix@D?_NQTTQtxm9hs5p|ZvdnazRFni*|L-JMhVzr!PT)F4R@mg; z?e6Vug?b6@F@J}$E|y;K5UG|hloPo0V-_*5S^c;e{eGa}isyn4DqTUSNz{qxxs@1I0-4v)?cILJito^48Ys1IpDDUB}Z<@AG- zE{LbZ0fQScYzmYCU#;e_GQRGr*+8BdBCucp3lel&p~CS0oy4`vt@%4{H@B1@z_Z-Bq5*rfI8k?!=Z<1pmIfdHt4l!$E zUG@3%zHK>pX)s$UL+cs?C2U>otg!KUW|LccsS7sB>CGJyMbgGEzdoNdTT}q5#aJ$l zUGX}({21nbTY8sG8nY}B5U!-?!>19f=RQ>OhWGBOhG^m9qxJX;X* z+J~gmaRdsuyi_X6mrF~hk2ifyIq$??=m$XTvAcpYelA_TN&~ZN46TR4mY|>+ zZVgq?H86dK8leOgSFZdf+h4|nDq(_|1IZ1FLU3mVXi(z$3x<@ISODIU67Xw4Q0$l? z6+Evl&L+t;LPVU0@ff_K8Gg>Pbhrc zhccoBPS14lX?}X_bfmhjkrXtr!BQ#9zYj_n*?kv`$M!+}TU*PbuRjn>Hj_cx);3D~ zHf0nJ*p)Z6r-^IT@sBGj>jvGS8&qE=i7@@sPNsQ@i|ahp#%RPvEWnKAmN;4C-~N9+ zQ+O8;io(HgD%%?L^Dd!(pb@@@CK3qTG5b@X>pQ==xLDEvB_LzKwl*Yy553d|#XxN4 z(YFARREmWZ=*6J2UU6?kRR*7{?0yHAVP5^>J8M7F2($+W^EPqC+V>Qz#lsty^J0u2 zneFYguhjKhmvd1+j{f`fx-Z%r$x*_9XY@;2&jF!0MOBCo_cqMetnV@r6MH#aqai2Po!`pa zMeXTOy=8P&-FI(22G-v}mj|n-rw3kgJx25-iO(bq4g;!hhzCX(0Ppg=q&6f1QS10{T^}1ztAhj zRkUh4?B0)x`=dZJ+zFVrC2-Au1FuS3T<1aAao{}-qNqY-G5P44o zUS&?gCfJBYh-lsm2zvU|n@&LM2vx04kkOxBoSB(HbBLYE(L)fFclADjoXmjRpHBuB z8*pXy5Bv`d^A^_D2%VjsvuQCv(eP@8`B7sY?Z@JOpW~(a-7Gn&cZoSk^?3Q&yYj*3 zY|H9Q)R@@BqN7@0=SvRcK%j;XGC|(K)PJ6ken-KPg zw!Yoqzj_(Vcl$T$rgoiy7Ik#5#7jOL*V8yz&D&Rr%(;q(kMAZ4kQ|?ZxQ}2X!z5G} zzPtC|i!=VM=klN)QbggbeXi@uPMKPqXup7sjU5p?{sNOSN@aPI`+l^bs2DsQaM2A* zEFLKh1T)I`mS|#=YP0_R|AZ=d8u4D0Vlz!oGvfCfJCj`K+*X>b=g|pQ;3GlHa<-6& z?m{@~;1V?_5PS@s4H`LsA;F@{oiN1QYE^0h^{|BdZxR^$1c}!uI7W3m2GkVI9o6u_ ztxP>BVh0V#ec(+n9O5A0o=cB#coxlnb@`aiuq-pje!=y~k1s`K7r z(JwG$?yLazm!175G1ZmPVl^msMvBa$APm7X1lktFYE@3tAV0bOO}+s@UhwG+0~c}K zYuHF7ZtE&s_#y8Gu@CU^K=EI+x(nAMchB0CQ-pOw6T^s%8sQf(%6N$(+k41EaB(S9 zK3J9tXQl-@R6EQ6O>TEk(P_|;s8S-E0I@Yx@Ezta|7<(HeEEVKl?|$k=79%UW7}gO z_DzbuBXFA-%KpR!mkO3z3pU685lY}isz9XtPfQCBgzMD}?iun@f~MO7pu1rF&<@HL z^uE|HMS)Ex{imCCr;-*pNAQ(%#pW@Eng5EjH_uJmmP|Q@5L*i#2d2?G%T+5cfwcEY zHaXM__lbov&wwvi*88{~f%ms1Ds8CW2i7U;-T){=yFr_i9F4W80Rg&a>3ri9BJ zf=kR84fYMgD;ECX_yc0~llYOrWi#M_%dRciZB+{TWV3~?Qbz|K;laVkr&q$~;HLgV z^W(`@KM%ir+9~H3kM6kFQv?s&6>it$F%~Xtj)i3FUdGY|I%3?s{P?Mp0tq(W zW382dq=1`_Lu{T13G%%SYk-j_m|G4@SaRP=|LhvJPp|2WmyvA!%%$@v2Cado+XC+Z ziiox%^PmJta^ON2^Mkcz3%sf6-{<%udtu2hS?Df4G|W%Iooyh4ASPgL;?AE=vz^Tg z7cPKXc?-8~J=_k9FX;+a&)=n|BcPW4VCbeB-@kCY@MUZds6xTUg`EHffMi0v`i8&79{6u@S@+ppfA zhK2g_>}}3Qs`VfF2?2zZCz~sY(O@ULfjfL}R_N8=kd3>;?7L-?i4B+n_ggo8WH)^l zZfb0DH_NH*1ZQjH{B7)$d?-v8?EH3yPTLGF06ZEwiq`75NU(lB#Uc#|jt$-N zB?@oQOS(lc7`?7y?i4x%Oy={w=+&7-F#hJ3KSG)M|l zQ7}hH5qEwnyafKQqxWB6?%K$YfA5@Y3F$CGD-HB&g1u4Eorb6276gir9ZPzcAQ}KL zM4jQi9O$fK*6Be2?{i?o`;PUOR!H++HvZWC7-Qb@ae}OG2gS7&)2R`(Fz?{_b2EV* z+YZP`Psf|G=3$q36W`^5dCc=~WUw+j*04qF?`72Fb^)y9PLAbW}cePAn0vhW`;@nSh?OMPYcs5>%t^RFe46)BixS_?WCrCwS)3>G6d#QXhnRI~3?O@B zVx^p&z0Wy->jL;7Ke%Z{p|+xcDm9%R=HCuEu6VU`=k_?AUu;NO`37qBi;jd*%LABa zu*qnGsd77bhAz9@f!w9NqDMeDUjGWTGIl1C^>xDKFXw_SHH(xK9qN7o=1Lu1FJ8Pr ztx6Diunj~>mq;^w#&`fxP(%a#WF9V!Nxmh5aVMshAhShKy%73JfH(v}V?I}tN&AHd zPdYuocH0QCAOt2 zF!bgngOS+f<`pxP39tP8X+#9cjTzA3TL5u?)Lo>=yy;H<>wP%6_a`g)05=bZ9{#G? zQDfOZ&Ixc!!T=Fid~}ZS{wBsw9xd}I8>9quqXrZ&?Z4a?@rEjtfe|Li*ogo3S2Zx) zsovj*IER6dv1{Cq+Xq`Kt|DBtnufv}#dT01EH8Nr)TDr9uW6kpAyDLr@@-7{{Gc}21llqSrm*ExQEI>IRnWba2qyf4qqgco~cogCfKxIM52M`yu zt@}Syoa5fSiH7qD7xz1+LRP1epYW#LhK2O-*Sg-d##^J-TcrfQWkN9eD=-n8!*J_w zsT$JMOHoOg0i@rJe4w=UVXt@JWG@4K1G{g@BreZYGZmDNcJ*Y<OA2oFe1089to?mSqezzG5SP+YV#_*D#jC=}6|P^I4=Envbr{`(6C1dgDDt-6IDN#-aT2*7O%{;vb@9q1kyD0WGW z%yD}hj=y30#cH@zM0%JXGXU!)-ew$Y*ZqzfMPXS<4+c&LY&#ux@Ry*m;cG;@qVZkN-Id95?t>B{4`R;3VVNPzLjKy zcs$_=5|dVnmwxt3eFZ`Tca>SCdu}x!>2MQ3N|!HRMtiM)Y2`f{Ukw#dYXA1iC^1ys zAgUG)erUSfdRa%J;B3gt+Yas`V08&HT#0>|oqR_90OaZpS>$dk6CGXDlPB08?MI0~fRCzAp%Q)v*$u_@+Skm?5`FZypHXo{Z9v6_b*=ruv34d8Q>=ML9;f&s98T7Ciz`%^UPp6vylafls)d@#ie z3;?Ivp-m^Dqzr>g%ql4O)iOce2;N{juzF%oPmZukhBu3QplWWnkw36zkoBjww6t`R z%Dz`_#A{1VM#joGJN_5kkB6TBS9!STC zW5Quq3YZU?cfh@qg@@+?YP$*eyWQ~W7!5>YSgRm`s%&D8Fd9@neS91>c#`=rlQeHP zlng9v4CTI%Xlu$75<{a9x{h&C3XlQRz5||)60eOr1i%dhvmDf>@Y=NqrRg)M#jJql zhC=Wt90WlgH8w#Uu(kn$d?<12W|n(z;(_Zu`2ZM8Bj}ZqZ2$48)XweT&t0S$klA*M z-2VaIfd+OCL5;c)leB`@{lcihP}{!*Gxr`sR_Wz9sVW&b^`XY`%0v4=BC>*AkpD+r z1U1k+BtMvW`)BQ(@sPpR$oh0$CX5cCDmVw_eLk-+WEfp4a9Y~A3$H~z#ZVWl7}XF^ zKGnS{EC=e5iVY_av9S;^*#rgxWki-+t^3krc%CF3QeMBtZx)k~g-~9)eg<}~D<=U? z<7GI=a+dodTp(^~N^rr0<#q$;JdX z$!}W(&(7h-XXXF=vbi9WFr4mIHCcXrr?Mb-WKk(BJhm1x0hj5^k~@S52x>57%quwo z5Cv{22J&yh6_FLR{G#C(YFjnkxB(ZMMM&r(f?5s1=P{sO1^lRW_H%Smo7T52-`#tRbqbEh6<(e; zEK5&`W@Tu4UftH^UllzdW|ECYw}Ji#1bW6KcgIpi-e=e7G`KK2Ho(Fk419^Qe7MOV zAOP=R3jAJXZ2Q3RE8==op1%Ch@Jp`SZ=MDLwvDpiN}XqAx11>17r#P6t~oynz{ zD&xXiO+{DUOa~n}u6T;P`|t?b{}(qH{uySI)~w6t5jk_*vjku;akbYiAY54w@<}Je zaMT$UM)UxBL+Bdbmppok9NDjypRC>V$OlyrY9uRwV0jP*-53Z&sp36rJ+)ljktK*Y zC-FTtaeY7H`W)LH>`scFyy#gLyT7!0+UMNItYcS%5*46%gG)~;iWMT|y|`1Y6&>-X z-xOWFT)#e%njv--lGA+P^kO*(t`(ME_Ii+?&9~p+{t|~xh+H(PRt3H@dyd z`BCEScE$bS{|1udWB+XXgVB4F5K+=K9s_v_nq&$zBK$Z#+JKG}TlVbu;ioh?CUl}A z7wDgLGKh|rQD-<5Opu5>MQ6QWvKOLbbSNqU72AI{g_y9s(2j8mQh+c>Yst8C3W#0$ z*ZU>bT|{6G!3^mHVk+=GvrLZgITO@Tv;qs4pc#g*^v`L4@VGP6mcHt9=i~kOHlHhg z>k&DYG}86)??f|ggVlfn(D9WVVXpAK`N)gJX_@bSW>Em{LiWQYMC99>9N+ifj7VNu zDps*};N1|G+<6_nn_4ZeCd?#5upZ`P)ON3R7-*A8ahP-@_&x!B#hMHt$)g;zSsXI z@;_7$YzVV>aPo{3rXd4xr{ymhR*V~X_ z!u!9P=}6tSaqO+6hdOL;eMI9_yTWO*)P^!>3B8#}L~mw}b)6z)t{mtDO@_%()BpL%C2u$*m&#$%f zf>chZ^Rr(!7>FQu{bfzE?gZ(zk&!7=Qxa@{uLkUt&mPYH+&M$u7Dr6ooTWgMchZoS z+ae$`daWiTpH)6LLo76%NWhst5XiTFa)~TYa@+ILgZ~BNAXeMqs(Ng7L~t^p;pQaZ zb(aMqDgz`26r4uK)VWH`;(Y@HU3z3u1SCcQqSR^0VPpq-960zl_3KL(rSHg@egCud zbci;3+LPkQO+(KqQ}lwjou5#kka#T3AoFNUbKw6xZJ}P3iAL+OIRX#C^Q@;%$-;C>X(X(xtuudu+ox{p3 z^St>aKXY%pgDm_HiRqij(ntEz-fG0ye!cOI9~V;Eer?@|r!_8?&((}Fd15Ng;uLTz zgn{2FfaqfOIo7(uhj-Jj83XiBjAmK*dVM}n&~BzEMaDuj#Zu_i+`M-9`b%XG8=+V5 z7p~KvW~Er-O&`fA)-Bdp@LH!qgKvU@jTB=|kaKUWj$Dw;v9!N?iDa%jc^Gw>jRVjz+@ehV$9w7E*} zd@X|M`E9B?c@j;(Q>7~0cOijid~R`()#Lt9G>jlJ!HU@EYRxq<&Ml`q_S6z-aS_Yc zyFFN2zrA-}r%Sx248K1*FJkrIU3l{{H8G5ESmcbad%(+ga{Hsm)^0|~xp^IK2DN8Pfg`9X3zkkikzkluARs4!d|81smmUQL(w*dGA)0pw*q;NAr&e*YKl-Aim$!6L6YnU$hfveB@O(+r9$dOMhxkH+?oG> z;d6MN3jAQ+eX#B}D2}MwlRGXNn!omL@WETah-k^kFk`6x&C7#duuN2Sf$UkH|0&pX zSt+J}a1?hKyF~P-Ys!ZMjDP=cIEIM)`BCeA5Bm+IhW__eMJ$A~`mXZCcr6=U>$hkv z>cSH5GB12l&HpV)$j|_Y)T7vX23n-(F}oH@IA8Q8)3x5eS_xRl6@;1O|U881{z$vR+$f58yn)g-YMmztg3KgG0ke-6`-Wa$o-%} z4N=j|u}SMm6(tc1t>zJ9$EIb1;iOuWI-Y5b z8xCxPbf5!-`ucj~hTZMl+Y$lGFDI)`Jlk;n>tJS_9Tu^yeelE@oRHTWkDSmA_TOWr znM3pNKMD)xMe(aDA0Wv32H7Q;f4~=EtCajBwb}K{Fz7+h(DqrD*`m~NbJDqKJ~LJ} zFAlqexEJaW!b0N;MHiQn{i)uwQ-kF%`5$e1F2dO1218h1(GPN~u`?5n8S@6;iXmpb zzUL;<$5mpYue^U8nlw9W!f#UYK}*@@-n|7F;93a@@$(bQootf@9xic!W3&~3l+{P; zbs1Wm?}?HiP6=dzqF!n=xiebSi{67gSY1zCL+^b&-H!xE_xZk=Gzr#@4X)=+F@?@yneY!En5xqb-RkPWbNkaw8fee__^ z&Vk!ButEW_YFHCslc`#_h|8y64-c(5ePosv{Z#S0c!oDlA%!B@)2bR6q$vRgBk1=1 z+NV?*6JCQ|DE;Q3V21tvHo3C{O%#{|js+z;B|TJtezIc$J^L(n*E>HGsTtaeA{IM5 zNrINQOmdan)RU>`C`T#a@Q?D6VWK|CPbqj@fP%bLs>T#R4wSIaB&wAl(s*|fT0$!; zD^v^v;5PrgX)knSoJ@_vVyHFd_UicUWi5cwjNdc2Fpi~JKZijUwDk((jTm&4=Ar+G zysvPpYU|$Jn@x91r-ZbGq>>^6Dxh?CiFDVdK}jhQDFNy3?vgI)29*Y-^UlpV-*FUF401wcuVv97nN0vilV@8j<$IIQ0V zRxWFjho&_v(~!m)Csaa4O%Q>^=ciK3phSzn8^l5t61ki`>u_TG-ee^Bs)9OOjK0}O zi-@JAB?Rp{487V1hM=)F9MqdvSJM>uya`P|8Ki`k)XoWanBWbwXDNk z5fd?VnG^5yoUJ&#P8o~3nxX11Ek+#!Wxa}3vl7pi7Bl(f#DT$RSLvT8&JJG3%YMBk zK3k2HNWgM{0(YC)$Aav0b8ZeKPYEITWMsWFl`<3S$2&7bfLE-|Df{`VQBk=?Y&>8TW9)6wnd&#NbQC-k#fILn3(*jwzF->_<|K zv0d0*DacS}c&NI*^gWS(5iBRb%@DLnV8sm6=>+&Li!ltp@;*2y(;)hmcSs~;2K{9- z+dzgBDY)cCgeY!_Z+{{NeJWcAA7U<9H+aP;HY1)fHbEg%PCA^RpuKn8t)5-uii4LR z@&z^V=UP~itzOaf_Rv=8&tviB4ehdDi=`pj^o11^Sps>aH z<9Pl!*u5_a*^Uo5!{R<>c&P8D7G~MSAr;>fC^q1 zNcbzfzzoD7&$|C@Km}8gmT-2Pq~>~NXicr}xv8`PyB;mOLEkQv{W(dPNP&Y_-+`C9 zm2k?Jk&xjtYdTc{(j;I3kkTS-173LOXLfKprLO0Wa(#J<1_A#=XdyEY*k39rCsN5x zKBop>L7*HVHi_v(vCQsFMgsoTZz93i4XQT+b%F3MBZ6%!G~n{UAS$BbD_49|VlA~> zkpf=ueMB%PX#ywMDV~|zCK$};vy;_qVYb{y+%T4BIh78yloCFS!MR%!Ovs2{)y76K zNGn1_o(~?Xg$(qBK}7=-5}lZcI7>lrG!qE$7G1|#Y*=63BUyd$kH;6-5|#@1kuon> zeY(5Kf8~Aj+^a#T=w*rRLLb)SXBJscINzWkHXP97`US|igPBExaOl<(Q$)xjXpbqv z!L*NME8LX|dVm6YHZHIzw@hzQ{M zePCIyP_i!2mDr{ejxUDBUGU=zgfhqAmuhgFf&3K$iF$Iu+TPxth5K9uC~knGB^g5C z?mNKdhY3OajcJ2Vp`kKpD$Z|9Wx3Pqp9-AWr+IK=7K!F%`&_Og-^~V@CRc+95JL7&=_!b{-%gmYZFt`G zR0gLXT!!(W1f*;&&ZKodd-F8NO&*bU5hxcuJ^5oflGO_CSY|6h)Q%YWBWuHAow~8* z0vJRhLuvUc2n!t>I}ixNT=2IV@E~By0K5jky)hzG3|7eBUZ%VUbqYG*@W5Cj3Tk(= zeV-VRz>X=Tbj=|`h!@Hx+_a4sy05NIH%%=54jemRFG(=n{CUpbk1X&IOjnew@6YOY z3z!hFGy4V<;X>d54`Y0NaSRXzaTmmILKP6$HdF!uB%lh8*u6pZED{t%5#>|_>wyg6 z+CQ5qt{1<2@?Uc^#f>5 z!Lb_RTp5fb11N3+93A4IEn0+_!AfQ)EnpqHIQt*@-a`+&rK&6%BE|a-1gtw3pR^MWdVy zcY|pL`<`^>=$#Ed?_Jcfu|u;3DJfz_V!f(D8Yh)8YX4GQ3pD#~Y%30W9u~bW+2wD& zCryL?bk4#y0nLgT#A5Zb*NKQmVu%Ew5HbnS0pKk#DhVJ7B2bmj9Hryo!3S)!wE%+x zf`lxD8Qym|F~b1s2?>H=h5N^MRIFwyf89>G`R$P-9`1ql9*cu@;8DhM0s)%uK=90c ziB0;B1wO4z)o0vi$e`o@=lbkV!~yqct^z8ESTP`WU?df&F$t72O>e_1ea!&#d;i4j zt1z|ZYF}mg)VsAT^TrmqJmg?^hVn$bi*Q_-3t{SadSi^&UvP^=Jm`4_V*B7`p?7yx zM+aJWFbKf2Gdr^aD^Nq6s*S%A4@*k|7Qh?y59j~kBg6t$u(L8xbrba{rM;4V3|?>x z1L6FXOYrY%}ae^TRIGhpCC(fP4=0TjbmkG6l$b0@+900z;2$q@FXNz>oH zpcvtquRi{>YH$(h5DFq>twreJx&VO6ohw01#Ry`IYPR!a|6`8?G1~trU|6jZV+JAc zKFW;v|I?IY1`%%n{}R!{^e30zjppV^gJR|97J-!eiN@byw&?qLWu6Pdv~&@|^RB2;Uh#4sd3-A65oCZC@2;s5 zG;+TG_tfj|`3b;y0#f!FtqQk)()v6=x@=$28xA@P-6FOb0CM?m++=sERE=-FH5IY{ zc^uUp>SewEB#w*^W@JsQ274PHf50sD4ioXL$ZD^y^1j*`{3sub?KN+98N>h%i)d|S zqLMk0s`Xj(OF3z4?5E6Ow66PW5xW%;X?b3a-+CzL%qhiRC!emZBS6TA>vIe^aw`KJ zj&G9}2!L{es&Hn0brdb2*68(RD;8T`djxXU&dT9&9suXTg)w>Q)b|XMLSKtFythot zSpjFstJPlf-MVQwUh_>+g4M&1e7-#zSc6cgioMvaIQhjFw7RASy;8IZj+*mC178w@ z5C}mmQN)*%`zRw`{_D@qMfMN#5*D2R*2MyNXI|F2|NSvsrpbA+ z0{NmES#GR%3ZG7)^l$mCid!vyzW9}Wt3Ql>nC8w56YF);I@5m9lrS27tA4{ zRqk+0Awz7mQ}*;mPi!$UmgZCDCwg6L`n3H-ie~J0LpGqcvTf{6QoXVEXz$|f^4gwv zW0`mLAz#%E&Fy&F&HWo|?8Av;`#kZvmwUY=H;=Xg4{DTI0&PjN|L|2MiSNDJYo@Wq zT%+U#kgch4%;PnXenTOJdQBAI#1K5hI~M^yyoH-Tsc!l$E4R<7RjR@@gKCe)tPXvK ztA;`AZWZz_4*Jpy(*1r~Q3hwZH&NiVOj{8&emQ!(fX43?2q5xZ+iA7wcXSOJ#_g%r zUAYrP?terVzXijnRop}4sn~c8#F*r$U&cCHnbS0Tv*SR(#(@evyF4|a0R7z)PMz)m zNXUP$2_(>{^536i{y+GUH5>QN6NTn7jU=J0QxwUKepa?1wX2%;7k@vf67ux^)_SH) zRus~WJo#6zc=SJU9oi3KML573bzuD0VnXK?%}MQ=djkPc%-aT4|8<5Bpi&~-rnH$k z>Vp|>y&FVNPxE{4SKEE4GAAHoL6Gls@6vegJPf(i_c{!k$RJYY>jLOr#1->lKn==* zr3hGm;e&!Wy^pj&K+|jU@dJk(7hCt`gX&BAR0luixjviD;EP`Vrug---^)C11NO0y_n`tR&4zOBu)EHN)0*gmCoM%LiR< z;@M>2SsDS`m9bWyhFWNDI7nuutS$lKix?na7s~QW- zb-8g>jRIeY_}zdSGivUJL-pGcL|gj*`q+0sS!_IAOx5UBuC%2T`Z*}^6{!*U`To76 zY}_C@LJ;L3Vz-F7ppXy+YBmA^$A7&t0=PW;9rohlapGg7(0PtIi>|CC$Fko#1nO8y zAKr}b+yWfcU7G~+|M(EJ_FIJkxP1Z|L%uoUu%%R282m~OF;f7mB>}GZVLWnPnJxUV zToeSm0pikX6i|02t78c%KnkUhs~&wHb7BqNBrGT3SE}P8qB9-|?=JGb@1SM6OrJ;Ky`= zaZCP=t_y*{AH*7@-dRItLh3&rhf_YX4bUL}D%Xc7GsfCfUfb|K zkQiJ5ooSjYWnf_`fZmcS{C`JU`9m96Lu=hxkSb)*tb_}wKaYMx0oTI+zNP;V2M@W# z1oCt&k_ewCrqW+kFyC+}EDJXzR0}_Q0(!Tz5=;t$-p(E4^Or0ze=*bF)XPxcZ0sO2 z=mRaj;_YNThKwSu$je!e6{|87N?QsZi8a5Z7%NC?V{A~>;?ls06*l@&?%(Z{2zPk5 zOStj*H)i+6g^WkPw2B}M6PPlWGtH|k_mX0YYb0!AE_5e!!DP+!{5jmD!-;c90&vv2 z1%Snk0LQvW5CFbo0ZH(LKM%c96lizwxjt5>5_Q1_;Qm;VFS0q)`N&H3GJ9n`G_jzV zdybXrM%t9D*x05g%R#Q<(NfmK9t0r9PM~cwmidK)Mlm938ywE>7s;VOXE$lx8CrD9 z_+T6K3s6-`wx0tIaLU`l4M0rzge+ZB@OG@ki_+HYD|lO=nE-L79HGVky)w3)A`;vU z>%TymjNV-w3LK!y5o` z94*oobaQuqPOX*sG4*xm3tw% ztpZdhK()&#D-)Ovr*eWtDo>UxuqQJPVP zUmeM>y+VcHnZN(f^ZPsz_E-u>q4?4^gl0Daj{Y?#=Fgkm(y9?oey5R>dO zfk2!NZ9YpwhN(DPi&xq#ehv1CPMpmTjIT79Jbt9d+Mc8cb2ui|_@Wb+Rf>tuU)>&y zWv#C&MURHmMErYlmWZhSV#UuwU>3zu0Eb|*&{7YF-vM+0BN?zi`xqS!0jSG7X{$IV z|Fsf*V|@nmKuqBmta_5xQZrpU5s&pA0PxRO+ofjkx}5;RZ@=6M#U|%P2GGEG5q`uj z3In!R(eo!|vDp?L0yu`9nlvbWfBoVAVM7fN)K^1)>13*MG#U98e*433GnoyW+^7LU z8KxOoX9ZvVkJ*daJzd5bk9>smu zs$acY-;)-}{8W2ESe@Nu)t-bmy&?(;>_ZL_QbE70-xpjpON(vP<`!vRr;_hZuG(CN z`!=CW$C`Gga%6T?W0F(J%S}4HtiN<$*6=wtt=P61_3DKMP{wk z^Mrh>Ch@p97Tm@sQ!{8$&IhtUabncdp%c0V2vL3N*wHiCo(5^&p78Q$qGI8$f9jls zLJs=qBHSA4%Z06iY}C%Lc(a4^J!m(8bQw@oA){D*(43}|iGfLe@Q&6u#0}6|9=hk_ zwwO~EP)igKd{SfM*uDpk5R^Y?+b{yGwa?~H0rB#ph<@M)EiB-6g@k79c?Yr&tH&gP z8bavtS$~hs((q;Cd;9X%``tC^4YaErO$R?`7>GX=8u$>7_P;y=e&^`Z&wT0giU{TDOuqNY`mt1j<^{XWCnrr8+FTvghD zbq1^-IopR8Sv7yT8S+`w3g9g^EkTp!mAxZcbm+Y3ybv5ATy6-jz8}D#PNYAS*QY-Pz`{8EBwGfgJrF4R|3R_Bk5V#$lz$B&-~TX{heN9Zc92 zZ*rXV)Xh!~4hvuc5^DuaKsI@{QA{@w_D5EIDZf7s{0!u7It^PZl3NIYe-;{;h_cOW z|7O?*)G8qd&Tr|=7E?Ey&QF#-fxr8dKIXTDVW_uiP5YiTg`_w-J^@WD@mmkVNt`Yh zf>}o>>AXS}enem0f_M4$G{13iP@PJ`=R)pDfr{a%BId%&HUkaK`l5>{di zvsX{L@3-KnylBJ=DaGkdJk~(l$F%PX@eH$vR(JLXd9sO50nruJ%LcWiDs=@S2ttA7 zn3@78JO$Rzzk9UAZ=hdY_WgSLlGBTtG8Aa9tkz+vJ}52CN$WWOg#V2&7OIK*p>}r! z{}n=%$*wfy6ZV-?wCvR!&~&lO7~#0lYXUkORmV||S~}wbe(!oGcDyTp@%~8RmX$3d zQJa5>DkldqATjBk&^#Pu;=F0tE}sC{REmep$nzYaEd;`2&shR-aFjM8_R ze(%$&2PAKPv{yXE4anejI_v^dp#e044B;(>2zMSA7Xp|P50z9>&(3<4w3nbk*tiwn zcjsQtCo|%XaqVoPRUrv!Dv9)p6%Nq71(h#B-)tc{{px|y6Kog|q`}?y1|<7VGaof~ zx8ORN@Q{yxc=lzW%zJ~9iJVDfWun?%K2jQ!O(Uywak#iGuFu&M@{(rNIB~0A%_j$( zdDn$5C4LYbCRKG4cP;~**0MW8vfzVm`ybV=+^bakGio4!@)8$za^h&9PtB9rq@`Fo zy+--RIT1X`n5m{ z3MeJ_9H$^sE|bWg10;%es0R{(wz#v& za+3<236Qmd#3WX}+}{WLsomZY>9RpF!NOJi>N!t>CA&RP;zf$3Tf|j;Kt%{6nvG)? z{P8X0pC+?twnRWP#e3WoVkFG zlcbF%+Y+Q{F!Yhys0ae)2^Xukjh6Um)q+cf?)Z(&RzXECec>TgFr>#Llfx%8`BpO4 zAi`?h;bol1B=5W*(v+oQ3e?@+Sa{9he`nUHKW8rp=awqUjW)^4OOw*=SD%UeQBiI5P1sYfG-#kY7@d{<@|t{l|ucJ<}fzv`OX8ki^GVTP-Pbho{( zKVOb$_Be{PLczlm@BQ+YZ6}{67Gsy#{ou7_>6Qf)A`uPMiX~|=J2#livnHF$Ntwur z0L^6o=ES)((+za%7LwCy? zow!;nX+WI5iLEJtmVPbQi5Y=YV=KG2)M(cj7);CW(Yg?4m-)ljO%0YvOyV@yGc2Gu#35oto36V&-E$NB zy1WU^${OA+t%&LslivXb64aM8=KGg2B;UE8AS2}H5FyQY1fl)%42?0+U2-v@V2fLf zQJF!kGz6#o5w?dq&WIaG2e?(7&zNPlEKdTLNwA$l0}6j(_j+}74K_b}8QA`fle)bclzoJ3)EgS;6utKtLIsiV*_)XF8@@hOiM(|+W^t#!s9Dz*g)Ym2-A zt$k0kVKr$vvugCyXkpyMpS%2aoNKnv=h7}2CeJ_e#3zw!&MvzG>8#@IB2b(Yjr)-I zozfh$tNzgTv|2!xi;@un8nLv!bm(EhAs$}~Y!~F$CS>0wEd@a-di?4^INCV}AQwiC za~F{%J9Rf=sv#g8oxn_b{i|NA3TaxLjV!UdroFuRhAjOMu4U+1GW>LgP)rk5Ascq+ z-JcSbXQQy@v8G55w&xLT9a8@n?~Dxc`NlaLITkt;*XJ z2A8LlYp_!PCMmWTJl(35vi%2SSD|II>Xvae<%;eF+ZSW;Tp&B?2G!1WGGxV>H1qR-x+-LemH)Kx!<6zGD}QnN*kCAe5#*nxY=gL@#-kXEAc`Os5F~98WLjo zz6~mM_47P+UzJ|&3^`k{#U1*!!1QPj1(L1UI)2Und-6F((AS&TFOxC-8^6bzaZ<+; zmnA$foXqCT6Z{!VUSie zS<{oUE0M%z_e+1$ye?AvCDT|a7-A}`5?Hm?foUviGM~J8rT&B#6{_m+y~!pWe2AB; zF87Z}JkUnM~t$evSAPcUP(zf~W-43>aO^jiukFOAlTFqH~bJ{iI@d^5lg;fQRW!)17f_ z5}#WiX`Ceo+m&jnajV);ju+8(`~#6gR~{gg8QB)j!z~P=ekz|On(bv>W1V}LgSAc# zRHHyq?C>!ncK-X4w4DJG>oeR{-VDWULfyIi?E1BJH?n}C^HqH)?h*FQUML0}^`=LCtQRf$u%1R8ZS?I3YV&o2bhgpHU%%L-zn> ze35jA!DVwxL-8}9)X`iK@q-O5l~(i%T9p)P)6?A2!QYRC(f?G&)3Bvw<#JV1C!rn+ zi#DN<{jtUc@>a`$zum;|Ifvwgslqpn)!ZFVcJ7r%H4aA;SD^oL)vN=)e^e_Qo)&`r zK+7=#Py;+nh-fLFF7Rw2g{~d~qG}_&;POM9bAe}G&As=R)tH!E@;!zH9_wrBoH*Ku z|Jyy9k!3o!KQAEUlkq_&|-g~H{*+D>@Q|t-@1O_X}a_Z?ARfW0_#&$ zz_ThD5ROc$(=&&C+ZlFdRjn#4X{l9NiGN)kC{e83x)$=6{R-D4PGjLm%}T?zhZu!s zL-6#37rGi>AoVaz5O4Cb?B|)Sv|!Zsr|3gAFI5`1@+fYR8dYg#_7`&AzE`M^%xj*O zJ%_nw6O))h^Ah8D*su<#8dT8_RMqQj8r0g{D$Oxm^d5BM6zw|pFhJC+T0PO6&p1@z zIzz}5$_jvm>fh-yRoJTSaBiB+IJb2tg{tDdokP`Rr^Ou8wpw(xIe9%do$r}aWTM=q zyk0)1e($yFWmS{@FLl@(5@XdU^-~{(DBHrne{vA((Z^4K1KS6w8~PCb-GrPAy-Cz6!d1{u}cZH0qHCYzwPo7o%OiSDUQMfA!y zI7!&0l$lQg1`TgJPi;sUnJ2KTX3O5Fs~KXvkEp)5=7mQ0Eswx!s|%3~{ICTpNxkAZ zq@&ewf8t^VV4tt z%E+Vxh%KT`2e6Q2gF-eq$&WKGWvI)Itnv!&wM0~?3u22Zl}tCXxQIVfQ^*Sjf|`W` zwi_p!&f1Is0KTidLm;Sbs|4?t@W0MEo^0hDq~YHDO>r;OO;P6cRBiU(>F3=ALT&QTiy zTM>;|^oLJ$uduNWW#URyI6^Af$KerNCx^KO<0#DG761S=p#&qmnbtxes=s{M_gTf^yza`!6j6qcG(<=*6lYApsS5<~vP1%rt-Ox> z*rP8}Z!hL34sSj(0kA-xR)P+v1F6kh-ox+CHSmQf!6Y|pc2E~UbYlS)@H4@-EU>(l z`zr|H=3aE+4tB z!xw3qe9&fzCFNCYU^g5Y|8D=+cEG5i;KTY%!Rl*6?J7n{ub{?ZUzm~Nj#g-|nvUhG z36+QRBY~i$|2-@X!K(rq9Mcg{<$|HRvaE&0+MbK;e+sh>xk9tkYehu>4+753mH~_m z!HR~MB?My|2Q8xbgmk@c)setT|FwI=SN-@*8xN>`rw2Q{E84z1u!Ma&hSM({Yg{~e zy>DChDwkzd#B;5J=&4Year>e+jfQ=DAli&qL*CIs^7iML2BRHo(uF{WbL6KaXgB?LybimC>i3i&>R4{0TF`;4=* zXNDqlW|}1W)R&akS#Gmq3%|Es9D4@d!tbS6MVAOG@?LjKPZl&gK7N+26|B>QBCdn_ zMCc1zQE}GTR2AkC@D{|ON8HrX<>;+dM&vh+1IV#SzJfBG1YkMJ0lppx|4b@W=D6!d z5ZDmzhoF1>V4gTZ@TLkFzH$kc%_Z09O;X`@yRPU=?t4q_Rz?eYQ}jdh1O|`KxX}f1 z-=CVM?B)Gs^AqWLgJoW!=w|**MD02uSfP&D?SV-U`; zguL2Se;tP(Ejrx}+kpaww3Jw>_*@`JKdjPT_rhmVn##7yaY-{G(eC%{0)cji+QbP% ze24{K=eHIqKy|9S2V)49{7Jbt_AaQAIQ@Rk%aZt@6MsO=4e0IL!=m7YvG^ZbVBL*) znrA815n9J6#q)*NLkbRb>)8^dznlA#d6TetD}W@CN-BAp)kbt*qhT4Tv~9Jwh9*R( zPtf=>DcQ};#3}po&*@?JHNp8AlVVUNdG)Y1ly^Nr<6yB3Dg5_(gv8Q?ZMdRL1R6jJ zO{|v%k`f459zXPq43(4OW1I{v>1y5SPEL9!dICh98i6u-2HV`RAxj$JLwco2$28nA z1B*}=R1}X@AW#Dk)^)G-FaxFckwO-OKzgNFg9d-(3ZZYJi=A?iW3y3D>A=V3%)7!U z8S69cRmi)%RGdSpeMnE2*uP?1A4XS2QRe|=GJ`Uy#+^RYLSEkvSKR}M#B?Amo=UCZ z-}08zZ4dwC*2s}KgE>fu?u^)WuEL&SHpHri#7ToXofq&-m z+8|@DBf5$jyOIVy>DeG`OiD7}a}|9TtFjJO{^Ob+Ys+ZPb&rXzWe)?IK}W)SuS34c zg-CR0p*?RxQKJYc4w~Tx3i*Xa}w(@)dS!-j190sR;3AJ`VoU`P&C;8seY`8jkNlRi z{FdY2Bos6i9$1$dJRmk9km(ZP{a%aBC-fdS91AyK&CSq9ujJTcA6}cW%%vx*WN(m* z*~>*oQkGD}nO&G|UC;C)Ia^q`MI84Rf6nu{EG)~-(`ygm*win7zx?`=#pK>R{P+5g z!jJ2e2hY&y7e>m7%s501Nqr+#`|S)w(i%K9Bl8qgkfCtBzEIeWBc5tTYrBW{-c6>! zM}8@5EK0lY>zym|Xhpbm>mJ{iu(^DJH0^dG67$VFIy0mG*!xz)uHP+_I?ufZ;nq4! zB|C1^5b+DM3ei%QUxX)V&4Du=PPNwwVYMnMk*_MOOAo)2W+x~?sE%+P2B-#Bn%lTK zLlio29wlNg>0q?Q6g)~B>f^z_cxqL)&Wz&2TK=`$hjRnJCx=lh*`~+ZQFP;kP|5>x z@#8r@c|J9lMoGldc0Bgi zINmQM=8sW-6Y)E|5z)zYaf_Uf8Wq@>E4Fn>zjWMiv7E(e`Y4&v71rEVPKq_&ouBP} z|9-TP0)~=3@5q8hoi7Q?m3ZzES?!qd)uGgaU-MeF`?=`Hu^f_eZQfRL*?`MU0l4)q z?z$-N%bT+YJ8UWj`cKhclA+PdyVKOb&Ng*0nmI5*wOEY6R*Gk>b86E2@Y8i{s9G}hi~x?0Gms}UQt?Im8HL^9*}{)vlR|Z1s`vQD92YCzf9#NOjB=#rg%o)E zXbCbOZY3xD+LMiY0zu2wfM`1%BfqH+6|kgFF4#R_hb<(fKDd~ZIE6cbq3}6|j}95# zj8YW7!hQBN;r4U=Z#Pa{3TmZ(Kh04#u_yQ6cyTT5bZ#MG;ZmG8&ivX7O{ioql7B4TBD;HCea_=0GS~tL{7w*&M+D{;ad`+bGIHO8isi}UoN6kkllo$d`Ls;ao~VH*bDP=Xt&irJ?VCe|^_2{$JVrV|~NWhtB` z=)IowfmQ#$ZhEb8%bFzov4}pT1?b)AEQZEBXdQ4PAroU6(FLOg=gVC`b5IEsTE>F} zk+OX32(bH8ZBa;`6DyXOtGXP3v7)4(Jm7IVO0k~Ygx6hlqNA{mUApoU{W%Za(vFOW zBF~dFV!!nRx|UhSsgT%UAvp!9OMz>&19s?^LffwI%lV+^*V>7$#$(awV*Jy=fpV4$ zgbf`So{VTIDv_b3_!iQWBLy3FrBsD3`@Su+M1+6>fb20VMO5VYb02LTNa4%RAEo4M zCE1Y?OIr#l5JM%PZo|}0dJmG=RNbG@P9!Dw%0Q{lu(HDK<_+~0g)p(UE^BqY9eCu< zd{ZHn4T-7%X$Lp_CuyC($X<=I+mHN~aIs-rY*304SaX8FH__ObHhr}`hmwC02^c|E zBOFP++{&P8q+kgU7)n-3r6;SjP9Dm7d<=D?^Rh_yTB zlDCUiS9{FwLS^{+?Id;mTYZ%$k@93nYRc~)lW=A;8@0mqp(8&S;3vg|N(GZ=gCibS zmxY);@@Jp9s34K6(7+=KVthLAe&`rH-)@O{u5%6)1}WJ@7U?#H9jwo8Th_dJR^n== zXutIL;WblXI=zxJ7gpJ9Ehl1*x`517Mf4WO-*B9%DwckFl*@;~4hwf7wZ=;RB8{fVJ}cF!qJGb-g(|0WbEp_=-YLt_;k$t z=~I}&QAexdRl$+FHItHi{q@vpk33FNxL;uqf%iS3S|MDnd&^eF-9FD2x7p$`D=xIt zqwVeLf7b*@F9staAx0UolcNq7UmOoA>+OaDSq)lc1~du$GwH=gp!z;|DNQ5V4U5 z;FI7i5J-vKyH-Vf3HYWXjabHj18I_MyE^5C8FeO9*rJem+Yckk?{AB_a0qKlRB9{I zFv;B$B$iND1Nvg#{I1g`+=6z#*mZlK3FU)-ah>xO>+u(@{_N{!Vfst&7o7abK3ifR zoweGnheaW@!z!-#LCxB68Z`b3*eYC(rr3C_;BD5T)XynRYUav*u}K%e&^NPL=_Kyn z8-26vNM5stl78XGUq*h&na<7jkRW^mu2F^E!LNI%`UrTgqfZ88Zyd5tU$4yZifZ7> zjr5Mb;_Lw%o(5a%Owq`a|2vuSdjmx!Fy&0GVzd!lMH#W$Ww};0lHcrcn2~YB;_p6$ z8;)Epc>FCT6SF98&ABICDzJok53O@^{gZg>dveALj~3e99j+dGR^HEtZQMA!Z~gGc z#+4=D|IE&q@nERhiuL!uJ{=c3?@1IwEP;(5t_0daB(&a4P0eZ8&xTL*(t(ErzN+J| z3#qCLZkW~$`%yU+5$~q=RM9}F8cIFZIt8TOT~j?>VhMQ)y#0abeS!o9K$4xLSs=(DO?{ri`f%9WjU zz>ZqmUIKkn^M4Gc(Ih|nnQV2{bZ`i2uAx$23~6@Y=+J5xpEHj@eW}@(;{G9PQ$Lo9 zK{xw1WQ0|i;F-yaBLr=0C*ZdItYjk#U^o~3$dB=B-;v@Q$Ua`5x``nW8K4n`1mg>H z#i_5gS6`D&3t~Q(Ha-{`u!q3E=TlrconRIxBry1-p8`rt(I4og93RFL*$zgzxoYRD z`^j*vP@W>AZ*u;R$Gpg0_uE6VlujB90xk~HhWW_ znT0iqc!|+Y$l48hF=G|7NQL;?&2LwmKnG)zC%4&1x30<|jq(B}yaqC$!*y`uQ`$hQ zS;dOJ@WvUyuV$6z@I0;xa^$-~Yf~g;f5L&?9i&xJ`=ZEPSY7_)fhH1)8R3}KKM{Zkfwtzc{@TlU5KNhO&0W_$|cLKgateJP~0@S zW2JSp;H8)Qx0mI*ZIHjuEYej*_VMYPP>S*x|21w4VBAOxC{l8e(Ixm|5ZIlPJ`?+)y#SK@wrcV;g(BCEa+c z5!AM!_+yL&gTT~-#;OG!K{(V$G2hJDD+w_5iWOnEnMh9*VWWgunXg{A2 zN+J0pA>B9l@^(%kpn<43cE!On~7FTNP;*kDD^y=>LXhZK2 z4I4>g)yEVORS-y!9+oW4*^c&?BGlS5YN55~t!itB8NF48NIY)1>F*(YZlw4E6yf1F z$Ou=H^=q4!;aQwYu>7;(&#jW^o3*Uj;ag}&Dqt%c@F1E`%_-4WO4rByq-l$K)xh7u z^CS_UXG(CnfZgg!M{U7LtVgmW!FW@Knt{Kv9kId4!up);FC2t#ygBgZ%KzA1$k$DI z6Q;RIdx;qj;DaMIwr`PCfg=VR&if^qxk$(2X-}^YD=Zqd=-s){C8CjPFLp#%tCwQ} z(vxHTmph@+d4TR!IFU%`lBCvA+wXIGHC}D)2l2hxa`|HLSoTo?VKlA_7m9a_f`o=5 zy*oMR*l!P&eqF@V0)k_9VrHbYoHNxR<~_3UTc6Qvi%-effd>vl8)~^|y{fv5=FKfD zBgn}wIy(!jj4o9fGWbcyv`0a{7+({PKlTE6WT(8rke92rX+9x;v_9zf?20=>FJA!& z@fEWT|IK!W_Cp?#ul<+S!X6Zp$*2AT=clG)37#0$^9m67NEjo5{gM+hd3!@)+LwL| zomtpk&J;vj^^%h9F={bL8$#W9_@>~aolcr*7R@H#IA?s-)PFs(<;8=AP$8OVgVhl-u)6&EaQ7cbNQ2kAA4c z=B2;eZfA3v@%0-nrH}o}`!JH4KJs*5))4cL0r=}Z=jil;xR~hCT!+#(Bplwi$)xJA zv$YS5Ifq>_<7ea4M2Gr#3$sk@sBcl8=3Y4^_E^DBa&I5rI~M;bCF+U9u$R2J$&On4 zS;}td@o1TZgd@l{n(Ha&mxT?!HIf}{MBN$2%@!>~&jF9{(2ug+cWZrT_}Cb#%QLZN zrMsVs+#mOnr`widn?6#n*=5}Huo6yJ|6{4}q3AK6>W|O&Im@jn$`0RGE!be=#lEhm zV=xMy$L)Lpa}f0JcdvOpdo}#o^Dy6%i=x&5Ijx{)-f%QDvQ&zQVr=gbnrujB+Ve>L z?^I_~W$e-YBxl)Tm}OchsAob19}OY0KRmXKk_RJc`^n$-*?vy%gDA1X^;vSGc? zJ$wfnqB3tZXuhVM3HTGOisZDY;|0uJD(0N3I@#Z=o&DQtv)zj9di@?75fMcXRf