From d4fcf39e2dd75e1c837c35594723a6fc7f8e2e09 Mon Sep 17 00:00:00 2001 From: ph1larmon1a Date: Fri, 19 Sep 2025 20:09:03 +0300 Subject: [PATCH 1/4] docs: add PR template --- .github/pull_request_template.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 .github/pull_request_template.md diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 00000000..a20cda4d --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,18 @@ +## Goal + + +## Changes + + +## Testing + + +## Artifacts & Screenshots + + +--- + +### Checklist +- [ ] PR has a clear and descriptive title +- [ ] Documentation updated if needed +- [ ] No secrets or large temporary files committed \ No newline at end of file From ab3ac29877111893df2df426509bc4851c4b8032 Mon Sep 17 00:00:00 2001 From: ph1larmon1a Date: Wed, 24 Sep 2025 16:09:11 +0300 Subject: [PATCH 2/4] docs: add commit signing summary --- labs/submission3.md | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 labs/submission3.md diff --git a/labs/submission3.md b/labs/submission3.md new file mode 100644 index 00000000..6d507f3a --- /dev/null +++ b/labs/submission3.md @@ -0,0 +1,7 @@ +# Summary: benefits of signing commits +* **Authenticity of authorship:** These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source. +* **Integrity of code:** Any tampering after signing is detectable; altered commits fail verification. +* **Accountability & non-repudiation:** Authors can’t plausibly deny changes if the key is controlled and policies are enforced. +* **Provenance for CI/CD:** Build systems can trust only signed inputs, shrinking the attack surface for supply-chain attacks. +* **Policy enforcement:** Branch protections and server hooks can reject unsigned or unverified commits/merges. +* **Compliance support:** Helps meet SSDF/SLSA-style controls around source integrity and traceability. \ No newline at end of file From e2cd0476b3e2c1b3d962c89b79454f5605587565 Mon Sep 17 00:00:00 2001 From: ph1larmon1a Date: Wed, 24 Sep 2025 16:38:09 +0300 Subject: [PATCH 3/4] feat: complete task 1 --- labs/IMG_3066.jpeg | Bin 0 -> 71133 bytes labs/submission3.md | 31 ++++++++++++++++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 labs/IMG_3066.jpeg diff --git a/labs/IMG_3066.jpeg b/labs/IMG_3066.jpeg new file mode 100644 index 0000000000000000000000000000000000000000..cdf67e3f3810cdf2b910e2fad88d0b2fed5d5321 GIT binary patch literal 71133 zcmeFZc|25a`#64V5lQylREP*=iG-;nNkW_5WXqN%vSrMavTva%Vv10<$zHZG)*^(E zv5ch>S!U1}X6DTAc)y?L{VcEN`}=-=-_Q4t-yfg5j=9g7`#R^ouKT*K``XShzcOc7 zxQs$QZvuds8K49J02i=}MF3!fdMwaCfJFk}_@fU1*I6Y0>N~P1{%s5^0I&-FV|~|0>))Tmp7w(6@BQ81UhVqZ7zlW$sUKC>(mi@YS6y@evE#bx+Pa$R z!09W7CMM8#S6l+z+pZ|Kl*)WtslnkUNV$9|Kod>J!b%bV~WXKKLjye zIsh;pF`2YHCXQb!Q0M`yX9zCJ1`6rD0A29nq6!UhbI_#Cw|m^C_sOpc|sH86 zvkzcpVPj)uXXAk83w;x@Bh>8t90CW9o!%vA>BM>PwvhV$)R$bcXDaZ*mj_648qNWc zySYU~#l$7#4=E@fR?^fuuB~%I*YK>-Ipgyt7p`2rcHIhESQl5fo9-T-UV(RlfX z?ml=J6&({B7oV2?_(?|Q(`Q+E`L7BJi(bDeuB@uAsjYkWzP`1sy`!`1!^iHyp)bQD zqhH4eGqZEwzWACG}<68R4t0xh>p4#Fckn zj;QQay?MSr|ETcyyG$T)1?xtWNxNYDoD~;_Yg@3erotSXPiu9K`=fC^C_^StcB$pA zAvOP0;!L>}=_7b1&p?&*lL=&|G67^A)#{Le#6{y?B55F?A+8OxPG$nh+EgoLCcyoX3CuGACU5{vxr1)4L~re!d_XXA zL{0@ENSV|?5Ctc9LIdG5YNUBO9X*!>3U@Pse;x`Wm100N6Ic^v0`5kSq^;=kpcE6p zq|k5UT2rW|^b*FgD=Id5sC|M#sSC=a_($A1NOc zU;=y5{av6AamF6|uY><>>Nfv_=>M$f|KC^_62yP-uC&_U1mrxC*B97QJ8eLQ*!*UJ zE2j;_^&v61Ke-+}lnDy-^HJVG0&7QC{`6ao)4SgF=8e42t}8H0>g{c-V^S>xH}r=< zfhIOEoC!ekD1>gcdV%go?}%HYjh*K9sc>z&{9R7^=3i2eJ;elanZS+=hV}}vED=dh ze!|v?f0whrZY4aYX~9|bPxniqUfAH4j$Nc%KRAGl9S91?A81dEAbS zI%*gJ|MO%>$NvA2+R}ccH=^y^f_L7*QelIQ*W-ar>!2K^01@TbkNUf&mCuJ;^$XV& zc#m#hNjY3+JjrL?Hh53JKE8iQOF825uy5J+9ocsVPhOtl5VHJlA28;?KX0s6K}jwq zBuaW9)_e4rjrG{s^$Gh+zoaaU#3oi&zFxa#nRW>fwoLFjr)c)7yl2ov>R9#A(X*%1 z%mJ2(ZI-K=N#5tk9Px`;9243j{f{cgKUAK(jc+?38xKMo&-5E2=^6t;d4_AG@{w2< z?O-vreJ%}+_Fcy-Kio}ilYb%mEpZyRXKp2r0d1(eHs~5uVxDzq|Lo1TnIb6Gk%Q4Z zVn044uYlrQVbg~6V~1SA0G6jwACEo44ZQCk7!rTt|NLFT@$xrUhceP_s|hCB5%NA^ zx0W($M~F{u=v{f4*yr+O`ptTqU9V4(n_o=9N@G1@+a)hvd8>tC{r|-bQ|@a%;MMEt zCX>UD&(2^1cY^8Yg1aiAqV3~YYHk>MBF=bS%koqRjE@c%3Vz_wVBe#*-3aZJ+YIwH ztXc8hpm#Mx(>0E%oh4g<()U9x(8Es&SsDTVokMsIv+oX9>4jezrZo<=-T5yR@=^M~ zzW#bje$I;KaeN7iB`^UZOnam79?4pMLTUSX{Ewx=364AbQt<)TS-lkVUa`h2zWBd! z>@8{4ePHXA;A{R-yC(%T{A+kxBp}S{_62y<7w}vYc#m5#@4tP(nS+1l-SakN1~P#T|6l67E$II6_Tmx8-|y zN3vfiv~W%Oq}k9+ctUn|jP-1^V&{*L;FfC^>Lv?_PIJ024CH=;MUCjz^y5<^t9lFR z+EtkXCZ7Vm1OIqU{zibc=azi@-$9Xb*IRLJ(qKd${5lhev_j(#{e~0NS9+jbXqnGb9&^vhNhLaWE7`&6 zG0FU#=_%tQN8Nrt754(EBwXwBsz`O>?}o%9#n_plU!p^oYG6jy+To7yUVEp`(B=aj zXlGY6Cm}Ov`!wogn1LO*+lL9T7mmWcaxRU|`E^N#Rja!-C`)6>jIH~u!E-I&}HG?uT^0T62kLA7BvGJ_MuK{2eP$J=& zS?F=stvMlYyu;nyQ^1gYUtX7#WhZOiK}GK3;vHX2Oc;gBXtW{w9h?1x9=YwftV7>t zXN0PZKuo%(!Cj_vxmv%y^K&z{!Nof;fsd-OkPy&c(N2|X%o>!TUm*2HYbNFCB_%4l zi=hZ$IZemr@pR-~E-C)_rC)u`N6{bU$;OOGHS~tzs3St?SF4KWoj@14VR5Z7(0I*~ zrh_72NOo|-ppP5cowzTBUz+`tU*?jdRL#BwtOjIlr@VHWZ0JTeJa>8SYBjhC9%2Fy zlIZ%rL1t$@t{hBAm$C?T4u+F>kRQ;~2eToCG=uKi?1XL4zd-As!M(l&35&irz(;r<3KqAI64-z0VfirDRhL^O0Uu2mhf3iBCpP+*oc# zpFJrbd5t|PO@YIj)mZ%U)kxG0MiXv253?KX#K&U`k5eH!kS~=+ZA=PGwwuX$1y>Js zUwe4;!CExoQ*Z0xHeq_nk!gCr_%pQ2%xi7O6}^mMttOf+Vd^8yGoj!A&QXkGiKWu@ zOAM7kVnNDhXh%T}qNfX(0LdB=FJX&3N3|h2PnqvEeWsFVtD3Ld%TFtC)#e_$O}8k1 zuz+v^ThS!zUP;PBYO3hc7R@L$G!)jkDUj`bIoEk?VgkGCYZrXgr%2(Uv8q^7!-M7P z4A@B$Tdcpe?bGU)mRB6Ni*&jz5L5A^muj1u_|kjmX5AISFVC&TXt#bBN#8(|x}e44 z7$z&kHY(Eu?YvN8xOYRo=5a>^duyJ|L=;LsFaNfG?tWKIgbAcAaKklbffO#PXNh-+ z`jmrN;Rn~O5cTu(%jzl5vgJs}5c`<`9?1m0b*iA3+=rOJhFNa}B*W|_OyDsRd6Wsf zb;WF7(F(UI6GOKjYwaU2yb#-ldP{qV+cUQM`teL)Fm;>92&Do}z)9B}5Hoz8(rOe( z#-nOUKN$V&`+B?ZuhOnrgs~5^U$|tBho{V@&+q0=!Q|lKSHV3W$;s##37^rfj=?w>qQNwljb!PT$=v5ctvcoJ}EC=5!gAf&%i^bDT4NVE5&?tf2$$k zwfS~PMGKn|8C6VR!28-hgOa>>rBnZGI4H+blgJt~{rFW5BHfr;gY}#eBT+J8*yFusjTfGpJhHBS?tu=QTwq7=Z_ph>y1tr>tInj0VnH4UH;9N8RNiufXQXvJ;dkeK zcCRJM!MO_p((d;4aTiMa0h75p$+s>>*4@>8)@<9;qqylGIO>7T7`=-~<#2L0!ShMH z=19Hj`@maVI*^Ww)!dA`zx1KwcHixIhBqUJ33$QAMk%#aG^_(Ymfe|UoUCWC`dza3 z;Nr>0@%F6F&n#A=Ew~Py5VmJk&%<%(@j{C4F&ZyU*B}-1v4rNgN)Tgzzlyu=C*a_n zNkTN<3z(I(ajv*@S8XhoP5h%c_6KJNu@b$Eh2RDtHgTxt6Gn9hgG$sGQaZxUy8&0> zxjs>z|H90FU~-{8lF&(F)P6qfQNWEm7JtoX@4#oy&6g0bLQYy_HmV;^y5M*JuJJM_ z?ZTLM2tlT%96$3__Os8+`gfusB6ZpxHVV0uXHgEX?mhapLO4F1W{|*u;x3-(7-FsQ z()SrY!h@NM+O?n*xjZ-P$-}#ep1gyt-(CxJNp{B*)r^8=e$#Pi{Gy-{q?FhzsbRNS zCeo0WgJb7c_QsUWR={0XscL>p;?S4*(1b3cdSSfHdiGx6L2`1@bhdZLXFUx+j^Xc3 zRi;W^S_ALi)kd>Fdhk|UuM>ECrtvc;#mESy1W`d9GJl&9By-5|Q_74l2gQ+`xZy_q zIaAZ%2FOhbX&)J|b?ok zmC(xmR!7OolkB5%&wOtx+4wBqI5jwN32$PZckULezmNc6kd=o^lQstVbfHOK8Kc%{ z@*wumjT(k}ID9UtC||M`Rgi3auci6?g%oCTW#bBBpnoZh<^lF1>ah5eY6Kq2b+Vp} zB58Q8n)iqo*~}+U?23HNCjpMM-H+7MlJmbS^*nZSX8ElmOvTN@scL*nYBPLP#T+7C zP`Lv(PC%#JQr#nJwJB0d_ISiTgsyS4QIq+pel}yG>gm19C#G-WP9PzIb0$Hy4_%sk z=GP3ESxEiWuIu)ymy-f!7eJo4dr$S;rzl^w>3WZp&7}I=rnMJIx5@1vJ$^pEQaAF~9D4wAH%+Sv(9bcRs?_xOz*{rPo^|>5)$xOd zniXL^-%GFbi3k6dOAfc-Tu2h$(tu>)0JMsus1`KI^q6}dI0(wUdr!WU&qwgl(|FOM zR^zF%Uf1W*)4|*5`c2l}Y+pL>_Z7ld`T_%*?ey|0Rc?M+nk>;jQxyAy3~v+vEuO*S z%>+cg650x@lkqM#s<(Vs*@162O-6Lmsjq;W_uxg{N<7}#;XR=%OW$mqpBU!9TAbL2w_CkbAbp=SoCeh~V8s9&4OSXuco zxa*FrcdUd%(ps(9Q2;j3Ax!mz){O#@GZsCag&hAsddiqzMYD=S=EJi{W|8h8r(+p8VFc!4yYE02A zZdrOZL5(Za-@e10LZck!!yHGxTYIrKeo1H9aUSt0g)Uvh1Qeg8gI&^+OyKnU7kmR8 z&=UQC1YK48T90LjslEiP?QJ~A)VP2;z&w~1trcAzK_JKy?Qn{I1ths zROon2^jNQ-n5WDMxyPnrH=?ZBAF^9LNm4q7SUd4%@^sBB9_f5;M~QaQDusjI-f`r||p z+&;gP{91Ht->8pU!$fTi-Mw#X)P6~Hu$^$g^ZU(cG+qd`2-&B+5d(5VyAp>eBL_YG zjL3Bdn}n;b_%eESBq+A}BzmdDGDwY3P?!5X$CGGFufv`i#K663Xs+=!G3hBp6eIu;b@N)LvIl-SE89GyCI+%Zd3x+(39crW%b$ zu+lkFD9@;=SVE`^-uU8!>*<$=UF|$(YTqZhCWN`P)&9PAI>Y_IRe@74`26#5PvN3y z{5X+x0me&x?jfOPaC~$*bO+Kc&(~A6VFT*{eVLU~^uRh1?8<{y2&lsg1_a zr&c|LmX#-kFi%$q?zFr8MyuM;B#koliD>3k88#K_8fE_J2A9Ky2b-pM`IcoN2vOI9b^qowEzVOE5n|1^|ecmG;`rAsE0i4Aao^^JgX+l%w8zSn-O{C0k+FBL`32vyARZD) zwtibSa}<3hfHmKRUbK7z?eY9ZVSb${Nss~VZXRu0*J+;YxWAHwi`vk+xLKb>kJNE? zymz;%qV<&rPs6^~1+l_(G6G^1$fq+Yfs3W=vBM?$mZs1<@&+E+B;MYXdvA)RXTIQD zXpSeTjpbAFsGKw>y6jN%39z^MP!-uKI_N;`N}1S?6GE(?%>|*2EL|3Pxw!tD>y7wL z!hg)c1xOt=c(S2|Tt%GyS8eg{+T*WtloL3BAz2~5j#50R3Gh~|@S^s1UzIa>ZNpZp zazg(3gVMnBYiF}ZscGsf(}{B&4~m{TlZK+i>FT#V4TyKg>%WrUB8~2~TV;quS$E%_ zJXDUG!Lfby$ip3jd-PM4u}j`G4Z0C##wtNelHqPsfmYg9kr?w8=)1I_nIdP>gpQL{ z?GC-c)e%6N=l)^Sgf4M=EPvh8alopQ!C&j0<8)M$QLdWzFnH8(V#w z_m&wbA;pL1M(%i5x(Mud4K29n7jHemnQZi-`>oVI@0n&~uU5vEQXp{}7m@AyfpUxz5SsZRn)`Ht_0gBVtq9^=uBI3FPr z;bIZ5P@0)0cVCW_5ze#w`O*Cm^Ca0hVk?GVHPeLYKtHf8_S)8(QItMy9DlWw>XvlR z zCG|)mD5{IJUeWQwyjLK+$MNm*_-Y-c&d4d$y?siWTohBsh~zFX&`P5yS8x|xD>WW3^QMJPu5FEOIL(H!IrCXi-2n?hrE zWCA~9$|vd=vzTIfpM3~P0ZQY_QWGF8>VrJSXhO+OgtnvFreqO(O<7;jw^r&+{WQ<} z8uV=DM~nye42ktOp&o}8QA{9!^uqpBM8pg=o!wBsao~f$<;jbjg>}L$=XFPzf&vl z@P<`$c3{S;KrWXVxQvIk03kGM^?cRP5#KGMk6(!Y$31US@pgJ#*-1rC(g619+{NS~ z;pxg|g;uOfLi;d9CD1fufmRhY?w{yWIdEqjVHLA3=K3`8rnwdI;ZSr(R5KC;QLT=KS7Sl!5SWEkstcU7wsCxa@6L{4-L6v{I~p0 zq_c6ZmAX78QuF~F!_?0Hs#YhR)Vb7%+NlGP4BLiiIT7m+4TjX z^~JV%;KE6%OuA%miQ@#=jZzz!5BO{wT4)>#n_0hA7Q*t=z^#{;bohrfw#`!j)B-1|gy^(@XP>xru3 zZ1FplWBmE5roK<|Kh4e8cJ(cz(lJPv`i5KmP@wA{GJk-0%h%>NW=HX9Iz889Xy)x;dQG*$_|=h7^?Px0QI@{e zM-7|~+%Rl7Sy8pI4)RRnnShhGF`GE~IA%0u%O#M|%t94~P)1X4(@sNXjOLw`xaM79 zqO%z_QiP_mZ-YO9xgDaWK(cyfBO}PDV(vyj9=%sno_sNpeM~h4DCx*rl^y!^h2O> zn%X|3@yP7t>qX)(0gm(^-r?tbgWXp@wp|F*aVUmc{@NOZ03a#ApQ`DCGF8!hjDlAg zUF`%m{fsCr%4I9NTO|wWtKZCa4Ib#fDudt<(%!H`^f_v|g^h^DdLN-6f6EjjZd%Y( zrG%mv@@2N3i&;v&D(lvt0TsR2ShOoH~#PTarUA$Z3@!g_j z<(@sq2gCX^hW4Jki5moQpIkt05$jqaLQkN*Hm+UM@v5#LhpFJ$8)FydU$9mKw3!!=sejPpi8@*-J)y4#9 zN_XACXIk~YVN`7maJLF=-vW_z5f+1k8K@z(Nvp~9K=Q#(pDUM#^^A+gz51oA(@l8G za8NM1u0fqWLR5cloGxd8b{D9kl_B;b;!{;h!UEJg~1Atw{) zmV&!uX+n@gx#9Ylg>DGhc~z@zM5=-sT{@M7#ltFl<3kZ`SzSqVY5m%4_ccRzzSt=q zl`{lkkPFs_x#jZxY(zp7z_(-v@_5q#G+qPejo3}SGP_C_`Zas*<+K_PRcvB>p&+Qi z;ZUb(!n&l%nmK!!ep@NGu*+8M;nv^S@8KZNZYH1{K<8ot6(ut%;Pd4YIJo!Q@b46A zxE~%06+eUK6?uGH=81N?hrO)b@e;++q}mC-S}_s%TS)v_>0JbXafSLGBK=Wl3pUk+ zjm=+Yq~D1+*`^y4)Aw}SxhtQl`n%xzzAcm6GA}6n4GxD{I=(*r;3`RPofyT#NG|^9)0BIZ^_hzrZ^GYH%rdcF{oM`jyWQ_P*l6e!xW{_BCsu@g*?GWe~DK+LMyN zI#OG^|Kvid3G2*nbKZXcOp%cKJC*8ZHiHXwMyw}ElD$#Sc#hm-+wOyyd<&YA4BUA& z4n{I#0&y@gkRJ*E+{iYEjRIjfvdFWNP_NcelMGV_gRyUo74Kc*$^CBZ!@ z(aI@fu(^oFMHy|fTUurALrH+^1>cVl3OAz`egmCMBwbID28l3|P1pO84HZjlO^)(~ z+*UKkZijOwv+-j>Vw@q0Y-vqnY7n!ZdNX+7ifGC+|Q4yok^KyBx#AEU3-;O zBJ&&(?N`lubU3%zXWR_!UH6-aw8YpzxzOMeOJ4oV8e8KR;r z8t>XHhw6dSH!wEOtgidzGw%mVgOb9HA6$!G{{@R$N=|YlbWSNd1la^eETM=ceS-miIc$eBjr4YJylgDKDBuqL}Uw~ zNN>5{JbwaEFx2DybE}pB}3KDq|!Gxjr#N+`}jmE~IwA;V`j>B8nSdm%h_-|8GPtNk)RbOYB!+MuLe^nElw zan!)bWH9&RWRZ{5Xs4xh^7W@eW zM=xit?4`apK7QK%@2`{|sFurl6bC@D$P8~<`&{Wa*IwHv$N62p@R*x># z%)P#&7B8Vpm>OR|3B5<~5Y2)LyM6N;eGaV*p17GM01vy(9;#IGKA8pkD-HKi7UW(a zjZ?U(-q7a8BM zQ68)U+=%2gp8JG^CqZ_;(Bj4qm%p3KABCu)yiwNw0h^k^2>T%Ct)RX3*rG^3{ zSyvl;5O@k!NF*7pZW-|{F_?h!r6)`v&j=M0x;WZ4I>j||3u!A{{if7cU_*z)tl?~{ zMGHCUSzl-e`UJG?Um#MIp$b<)wP_q(Fk~9n$^_!k;`9@Fp)qY!0z*r`r443-1;_h^ zPU-o++2v=j-&)Q0B|cDXIG6eS9!T4<1Y`wc;I7^RigkZ%Mm*7vt7SU%%OJf9w<=q~0T^P*D2T4>HvzY5RZ4POH|r z`H*AUW_hrCCKo`lFL%buFX+nEYHQRyJl4qP*Wlbe4y=QZ-7$yHQdY^tJPED_CQ1wt%-LuB;w;(Sse1hJdA-9e=h9W@AXsJfkZlD-a zEg>PEdN$J^g%Q$9h<<1tipFmTN4=T6X!CeAbvkLL_WaOhc9Cn}(fiq~I8U4tOqgml z3tK9f;frhLp?Vnbdo~}c(S0Q&dVGYEW^3%f$jdXtP&vWoP=Fl?KTdSFB*6m}Zbe=c) z$?q7t^wu1o(676kOVf^&74(Cwj^B)xB7>*n)9)}MHzzmwCaW>V? z<#N5(5gYr`?-;|()#C_3Q-6B zrLF1Ty~&~=FOqx*vkyL9fvYY`xk;jhn*DB4u*2y}o~B$M;_Z+1DWLJ!wXB&nuPXPn zjMe$-yx{YrxYo~|L1PN&47D>I{TZszg22C1Zx zDWYlZ5LWNRtQo)S;H#X2{Jjd}2cx~MtbBUsC#o+WH`Uo=hQdKR1XOxIUFrx~zLDls z<5t+dW<@GbyUdZ#de_2k-xwvRjkO1BAI&q7y0Wz@#_Jz_E|#r7ZL5<5d6L`(9>6f_ zLGDR<1hwf6Qq@}PB)ryP@zK=S&*p>CCbH|SeYI(ZuO(}i*<)8e9bfW|V%aQ$5~ASl z?=*g}Eq4zYmH_Q{`=-2`1*i!sHNW7LM%(76wxhjQ!w(;HcyRDcGXCq^v+VRp+|?55 zeMq;RDn}i}gvPm|<3--MGc5w?eDdwq-pipG(@?j=dwmY6VgmG!O=6Kg;D_P7;= z@t+G;Blr;~M+bxeOQZko!2;ew$mp?=MIocXT!1P$`$@xSR+;xqP_xE^dK=RW4OY}z z59XMZe|JkVFWMYU@)Ny>Iv9$c9!)_8&2rs*&{hw=bj>>dNZ3Zc+9YGe1HV{=v|N=E zNyJ{$VYE}@XmBJKwdu8;7g3ll`Z6?Y@sm%a&lU69hBPhClh+E9V(lqX;a0B~>V0$a zJxQLr`i;RE86PSP_bAFHYg$HKH3F3Gw*WV|!5XsRg6_M7=nNAn1-b7%eXB+FLz}|Y z4W!iaHj8J#WKl>*R>s0gUEta%r;YR^Due49m% zU*hyi#^vvcEttm2`A^1D>ThKqAQnzK8j=MmC@McW+@f~4S(&PKhO9OGbex?~i17)L z^V%C+VkWuo{gMs^8%q-GeC;26sIkO?@~Aj3CnxK6Q`sP4v3h~fH4vKKBGB)7`RZc8 z1<{SFx-AcsG{lFEjx5x;8EBDF`sDuD16h1~e{Dylc^*7<%{61-klp)y&f*-haihPj zdehZ8$P;szb&ab%CdMg_U%I_~t$I@X(m*v;Ge>6Xq^YT^^~-1>{w@i{*5ZTrgilQa zM>!m@eR{@oCvNWziS2VUGbCuOl*h>nQ{^MH4T_@FIi7s~@|N3vA^~lM9yOPx52G}Y zC#X@R%-P%~()w&!^~luz!BzSA4fCA-LrYsPFwJQZ8@JmI@6pj>SfcSwP@Nbk8+v6L zmWT|T4ZT_W8ENuny!KIAWS)6t=fdsVV)~Xna^W%T?Z%|h<+@~$6DdS3*jaSJMp#~G z^5Q4wsXrI}!1EaikFQvRr`QYC)irNx;yXL#qPech-R^vOP52yZaUuXrv$SBR=vTJQ z4diBq(@GWO3VQmLC&SC&L3XCqO(Iz)u?zBv5Z$OfVre8y z&q9s-bI~uF`Q`6Lt?@v?>jeU;qNx9s*JtA(&mc)dO%27+Z%Lga#^>18-|Fm7NBP)=Xs_h`;)}_c5${SF5a^v++q2@=e8wDF>(ql~22Fg>43I@n@H+-o5 zFWx2Z5)-8QB5pbaLE@X01$U=HmWm0SO zbM;mozs7gS6>vmPbk2M?-H23(nZvLy?(?cQc*8wm>o9&av>+*F&nwi~AkIh@G3<9X zkQ+*_vnS!GhCvauvtUowtxQLuCy9jexLXC^hIW51tUH}Hf|;`X1pD2?KzxP*I|ljW zZ)2h3M#E`KblrFz*DCKQCswap)Sw!bu3nLgcpdh0mv+x@n|FeuGkx+O+`4RpjdquW zpZ{4texdiyYwUtN_9n`FX61I4n|RvHM5ojMnrEpI*RX}++~_qDvLY=o_6c{;&kqLi zhR;kjz4Sb`RcBQn^krY+nU%EjHrE2avdP{52v~U?vJpo#<90X>v461=+6v8Wd&v61Bh|8o7b@Q;Jqp(9_>kE~&lk zLq0_D$2;o(X0*z>FLhpP z7kLZYcJ96Zs5oX190}zM$IvsI%YroRMPk*Z(gzm@R&V9iRC&9?ewuq-D|3{ac0QD3 za53?P@+01e!$wF>VQN#(4{E(w{g4GkzL;%q05)xkX6Le??#R*eR#VBMNXF0e z)$^Q*Cd8ICXbuYRM0Fwu(0F~-Rg?ssdvJz~h;o1L>13T$vz&19M%WuEtZ?u98@qmQ z?aM{oy4f@eZN6`@bRjFs2uV8@89@s~bgJHo5ViE%9jalTOJI+1TAuVdl=I@YZ?W9| zH)$bAdiiDjZsMSWFhz&>%E0AvW#}5*uFPoc| z>xaeUWOSX&(0Isvn9j@!SuPXCKvRvj`s@MUR~>8A7-;^arun{IfYHfwr9a7O$T!#Q zfTbJf1~J&jR-ISL?ofT6by53<+?&z#hVPCmA8mV^BDQFrVg%&J@S7|Lvbj&o?tUG7-1nMPoK4WY2S$hjt=0`YNB64PR=0&d@C~7M| zMzMIksNmikT;{Xv9fs_GQ_yzjz%x@#v-NJh+QAWGU1lH&iu7V3&4DKub(sq;5Ub~x zGQAE`V>~rk!4dJDM3uI&I-eys``qfiML-zA+-=|4aF_a8446mXKBMh~1 zwxKkKa09+$zPDBmHgoM7uck>2mfk$Q`FXkRLG>-=ls7-iCy4Ed!A@zPKOTFVIA=Va zZB8&k9}KBeOHZhIQhU9Ptu^$PszISsjISzM=-PX`Rd2tatx#=ge}B%gV%s%Rh zD>r{_&H${wTw6Eqcp4lUl}#fb0A04PoQlvly88B=U4xi!=Bv~azV@4CgMZYd{uMWu zr2eMq(RmrKL2)8dl97izTo~HZx}7{^kX<}p&@Ml;a{guX<+F=v2doUcA9;@{LZKtO zb~woc@__l%?Z}5mOZC)d^_9L>_$|@Q?*1IV@qBp~`nW&mY1-5i+DV!OB%e4JI8}id zIZskpikjxt#@A+Mn|&j3=2DhkY@vq2{RbyLiRKiq3EStqxY_(E@1B7HqXu^)WlS67 zmM7IgrZ>%*dIc2Z+p}O>YCBwp8OK&L0o83Wh1z6li?0 zJYEhyolAtly>mDz%hVbYjb=BCjrOhXnbfuihlgLRDGa=_DMc(jax}gPn&v&%+k;Ki zaq0-4U-qO4qk3RAm4=7#8 z-K)H)tH?%Prx-!{3(A)6Bnu&#jN>84OpCUbc%y~zjkaEQ3zk<(w4VAKZ|`r)b*=M% z^*Te#CiuA@9(#)sgPTr=ia=MXhrlK*#C2*UPWpk&DaE?T(JSdRt7~77)Us!}^5d_k z?2CQeT^@5^3j5H3N*Fi=dk(#T`v;;!;J6{keN3%wiS8z93OV7s`6%UOV3Q9=EV?41 zY6(tW(rb*s_>o;gv^G;x=sYuscmwv4W^wA`=rTbewp8^_@0s!Nj(J;$_RqaC)Ms*L z0~HP*y4#8$-F65PVj+brL9r6{ZbmG8Iy=iRb|d9$9Ue}KwxiaX+SFVH2fx(7s`a0y z-Z=5axBOx_dw+ZQ>HZTfUF#||7ifwtneeKj<#jBo6$6E5$GQv~sg~~H0R-RT4A?mA zR;B8>oMI#Q*SqR+#bsx2^RFKa_^D2=cBk256{zn?qSNlnEH8~`{8D6iJ~#Rlp6N&% zavUnFQ51f9<4OGDiG2b(I?{@4)HrAX;?ejv90{s@+6{3k6p8!@BVB~=KC6X^*Oi`+ zF>8*SsV4o%^xRwIJCZ3l!N&VO?QGqX5&3w9o@tS5KX4Y1&K|;iHJnphf?P&+(lFA2 z{L2K>wmsh=9YVW1ZrWfd+}r$2y4u24lU&y;l`foSk;uk1rp_YAN5DWOO&4)g1w>1V zsPP02l$pF^_b z+dD=Lq2Q_EMWHyFmd!0c`yTJtw#tueZZy?|`nsIkFOuZ?wVk)ydm48SLGlTq^XF4S z$Tdan<~;QM5A23Z<=4v)?b@4!nnts6#@@w{>Iht`YgG3mt`peFctw`fE~#UsmWo#` zSYL|)d++gGpd%UOxamk3>4MsLU{_X3M@lk!_cC9C)|KW}>p|63&Fr{ut4Dg=G%d^y zgNNngzLL{huwT6t+19!!a?re?xEWp(J)N7Y02M1kUa=F^#l4XFLiSw!kC*zLMXx){ zkH3oyACspY|9;YLX;#0d&DCl#=--Mg?U_J=4yk-6IG7Fv2kW`NBX8@DhZ@{16~WK3zkq+7`SRlGfql1i8m%;@AJ}Ht7NwtT+Q|UmH03(vi(5;7LWF9 zvHS1MBFdmC9NnpF_k&#TD-?HfM^QV56{!GaiF$VHjoT&NU0c7NEW)Yu(I-SRqv6p# z%TMxO?isQnsx~Z7!5*WlSLu*10q*vs-JqXuq~giM8I`2XxZffIj$R_7ncG)0)uv2F zFTJlbarK)`9e%#)%MpPiYf$VM7y}I?C%g*Qf#$XejcLKSM7DT}E)Jc2Yg=3@>5%fY z@~m+11*!9|cJbzV6Fpw=b;2T{Swa=lCm|oR#D|;?IfJdHVL>?tLGRx>T!!K+UzUC3 z?S(zc{Cp2RtUS6W>EKCO;A%NXL^w$j+>N7&f}b$e=1Dj&CU76z1GbZyK)a2aJbCXM zM*iywM#XQQiiiMIe_)_WwcQGUG!)>Vl|*fMuSh7e%}hd>&L*0u2eCF{9!jH{k=!%M zC=jj`fuyh?yka!Db}PslNN3=}XF zK(c0-yjWxc1l=Uun5cPu8s%$5*3^%aHpqs!SLmr$T2)Qu3zkh`A(j@p1=Wf)KIeWf z2p)wItyYE!ga+C?94C6#Cmz1-qvu}LIi1YKVSa5te|m z&smrfX|rnJ38Q+iXYB15&6SejL!x0+g*X$WUHJDz7EHS9p2{ za?d{?jp>@&k%XAA7ztShU5amI z){R27A-rXoeDkbC0e0!txp=cVIE=3xB~v?n5*QLEoN&-qhts zle>>_HV!!Q{sG+oPr&Fl!%#IaLJhqdi=%!QVVm;U31&i|?(}WQ)B6Jy4j~L-W>EJh z!U-&^npO{X05$#sg#8bpAR7O_5(@VRg^ksgd1h{*^KBd|Hk_cWxPoTD{neToxM<@Q z&d0fel{W^D@fpCQjFoVg!?s!Muh)^g9EP2b6L{ZNTGum>1ozjPA6QA3?=kc681s>)jEW5h8EKi%r!X41HcjT#>mC2CH_-n+Q8aVp zzpqhtw2Ze>{bPSFJ?D2hrZZg+w63qK9(iKDnfRC?%C=EH8xO4QZswvMx{^9yL@S3E zXB84z8pY7x%RWOJ4irR^#CqrDw2;-P7P*iJ91!B3Mo85&o>bnzoEpQWd6UNVtw)w?$07fFZCp$-{e?f z0;{i~x4kA||9&CdN64NJGUuaqPZPIRLzqAWWW;v<{PzpL#y#?;Lo?}$=8$CfhvR6A za8TR$Ur!y!jYQenaWiK^wZZU7NbaGW7`Yz)Z|4+(;yW36D7q(z$E{DTg4Qb^GY8t`tXl|p;o9`ihNoNAFWn9fd z)Bv>xl`hyaWFqrBW*hC-Q3R!brZUD3(MKUCu|)R&VedVIn(D%KVHD|L1nDSIKr9F- zO{q~45D~G_g@`oiDqUitRH+dZP!J+gl@cidsS#v_+dnfIOZ z&N*}bec#OUOJ{5L+Iz3H?sb>zzOJt|7Z&A+X<&xb$8KIYexK&YQXjgM+tL7Z1f?!F;E&}nzIixpYuP59_{^i=>IQ&@Q-4R zTIc^bAzpy}xwPmQjv}X{K^;8|l5OT*cVvQJzSl~qU6HN3-4j4ft@Oy#_VhkVJOC* zFzbqNN~Ml6a5K_+SUl=xECc-Q56^VUS)y$bz;WsakyNAnN5ErNf%!H9AW^#>2uN-a zu_Ic49a!%k$W|J-C^%DB5Rat+i!B4p5}zXgW^61LfdKv09nfQLvjws)orr&*?%!|s z@4EYUSNv;H{UQewRMYdYz53jV*L>Fh{E4rQx9S|S8N}~H!p@4=iCu+tSMo4JM9P|4_2LL+z6Bp@ zuST)8Baz%JwmpQkGIFYF9uUt3P{k!&)2^gmtJ78_zfL^xwd->CW_E#W>0$2kvbpA3F;}VbeiME!$-*~n4*ajYq+C`vu{Yu_WpHF&E}D6&MldGY^R3 z=u-@RsuJFfGpo>DTAeOW_++A#D_K1B$t%h0Vt#b)om4Tbf;=_c^G!mZLQ3VS14-c- z*g%=i#i3WUgwCw3<8ciN3?oWl7{QXF9Iu{}ZrZ-P-}9y!JJ)W`-n!=wT-DuB#dEO0LMRbMKTxJ72}Egocxu7=+mOP9jm*P0iE z!mdHZj#&^*GTvUJ7H3jbTi1t&H%lg_Ou3Yv$?f9rUyZrF zudHNiZ2Xx2Lf8K7WiEiOyvVF2x*`)Ku`8BEj7!6HUK-e3m8B<^FScw8zpHBts&LO{ ztm>>c=zs4%sMLz>dW;Y4ZQoI+T6(pdlz6Phl=F^D)mx*< z6fq8QzgdOkBRCYEjAsdmFtgBSK|4kCOwY*DOwh|9*A`K1@dHll+0@R4{-G1U<3$d? z*zjss%w(&)a7KYXfX{Cl_#GNZ$G&Wxu1~f!`wSqnr5(bSIEEGVDXEDRk$H@|6>h8p z@W;UgM#68oSG?FeK8?)pE7`AYNj0YL!8DR2+gfokyUhF*+%(|gIrw$zFy%*fiOJL4 zZr@{DE#3LAD`^&`cTLKSOYF^*)Mgdql5bpLWBp#hZ@hv!0p_ldH553dow-CqLHg6W z3g2QMTI{3pkw_$C-c6EXZuh&h-$_9Q@!wp%ZKbfAV6*K5*|M-WG{~Mcn(G+;WnOYxeN#ksDl;#L2F>mYHIrr8Oc@Vo7TT>ZVp>ticzEgV-6^D@ z#8XN3S8eS1w1^qpSdSUA0sQJE8o|u_%XV+P{`%4#DyE4jNQ`v++-1{JSy|)Xbz|(q z*Ou&t(5=fJbEQnOfRxCoX7*V#=roLR$drB((|Bgtr$Hp>Y!+Z%3_ohc&~`pU*Lbt6 zXRYq>y5|+PPVtrMm)6TyzFph_)3VPKynZ^y6A7IFuma^qWEs2#&mMHn;3vw2vrw^R zDpB-()dNqprP%MyE+M1YO**HFUn5SQZ)_~_`41*t&fFl6>8glTj5`84braiyKASWY zLPv6*CO!CE{w~}2w|f<@*?0;2V+TVGa#(#n7awB{(^!ODPsan`%+~x2f_WBsgKO6T z(|B7?E@+9o#yA)eSdapx>AUEm6e4cmyy<^ zNn@(4_EpeZlA|(A1tlWR8<_UrsQaL|S_#HH-*f@K$YX%E`)9Rc$VHfP3`59~?2m6j z#($f&9P%G^B2c!YJb7cguLp&`<#ye1s0vqko97umk!3!aC2E5S$D1Wj_i4OR+?;pP*w)xS_M0HoFf#kvRAuenA;aoNbdZnc05!VM zFld9t6HDj&LnH(?J>_g_PRql6S{!>a>TY_eBuKXa6Wk(ABek^2Xu* z9ULy zl%d3F?)>!?XR7-Yl5{ZW6$+rHDYuOusKxunL|z^Yd2MRw&g4iH)UPf{=p5!V)w z-7jxzMevUUFm+yr(^y2Eg-TtGOR>lPUTvG5>J*8r2|n9e<2Nk-#L6#bqlocsV4s-p zFywSZc?)PPgwsvjecW;{9;qlTBV1Hm%|-p`7Rku5zR~x^P}Aj(!L1)1@6*`m_hbID zY5GLtD8ZPOS?a;oVL)Nx)9AxDvUqlGrgAWQU~7Esq*fi)`H_QUsMd2qzWzt_L7FS$ z;5G{;M*&4Mc(ewb59}^!_EL&zN%r|FP*clq!ap3+@Ftz0yWk$WWXN!>nH*XdSrgrJ zZx8cF@14yReY3$$NZn38Xtmfo+u9*b6m}@_3x7#mHGdH|;7VLXHqC#7LE0uW_Mo)E zu{Rx%g3-x6yg_EuQ_1)x$$-Kcc!hm1jiz;@TJNF7<4D5;YzIzGbQ27(2=8IG^&;nu z=vTn5TtpCb*P27x|FSvxMA%F8qhMZ-?-Np69!-(l#m;`zwl^!a8@uS;ccdptXC*_Y zt<_^&fyIphCzm{=%Hj>9DguXZEulfQigLVpM=`&?Um(0&DYekRGwXNEp0gWS)d{+N z!I!@mAM&1Vw0pgWDTaE=%+lileg3>#0KQdmF1iSC3D`-Tn{<~94?RCjF9=IXveYpW zcJI@6xM}tYJG4AS(#mu-3DJHdIwqs{ z%ezk#uIhQb6SQtXN_d9g5)D+YLu9cNDZ z7rSgRR*WpZL~ITkd*|%Avv2>@-J2f_#2pD2UF6uAdobiAQl&DM=mQvr@|&<@8#9sV z`HPa@(Odu%yAR<5|?^F zPP%_J3s82HAt-i;(Qy_JY`R{#iFLGJo{DeA3XT(oUQMSPr%Wi8rC?VAtByI*b*mGv z%F71JIp2#W*u7-mmIfOa!sgr|GTEBg#g1dF^Nauv`7!0Xwv$&mHqV zFsWy#YEJfhaS942c1Ztlg}`kfXSzS+LDR0HG>Zk)Y*-b#d-;8*J}rNEKHTu)cop`I z>sYx}@MP;a?5!137x2n7F^e$d_hZ9=D)%;YkmmQ9(kxjaea4nEWKk(iG;Afc$K{cD ze3&QC7gUq(`H%U=?PIduZ3}BL45NHV``cJ*EaBeo;j4tSbq8?{#+L)%$1ff^7(sTj z>>`!9u4GfNw60$N_`vDYl5qzXd<{6h4mc!;DxONQ3)OV`{%xbL0RSCC<5|GFl0x&i zB{6g$9|~ZcXtgnWp{CGN<(~5KaqozaWkl7Rdx@L_J1iG_-D-Rj0+MfAc?23xJSg}W zHGCL}cMEW$x~B%LPjmxD1I08o=Q}>-<6V099;+B#UCs`DoHMsA(Gd`U_=F$xXx;^! z1TJeY^i(N?#`1wptbqG)rEkH$7Tx-HWtYikWKVT)e{VaiK*mF|Yi&KTf7vP!%Ud&W zF_i1j+%Q4GOwh!Ye?#uUEshGp%Oip^{G0*0+QWSa2^|MK?#JH2fYl@h$o)7{V{92eq#vCv3R zqw^p`|Kri5Hp7ZjWp($GH=F}@9HL~sXLybuHLt8hob6}vj?%rS+%S~S0A2d*oY%Bh z=7Sp1-B)dM{*$y)?pSZq%xH`s#b2%@CDhkMfA`1-A_8$Ac$fK&r14urvqnE1QZGG|6-FvHHiWSBC-XIFSIVkWbfJ>z4M9b8`DVb*mQN0!*CZOc@gAt%NnC*ZA>Jl(x_>vC#rl> zt+`a@1pgrOQZfD>?FDoEL*ba64auhMsiRCc|95H41CbUM z5*D}4A4v$eoZDUj2Ox(bFbYRKvZrxTn?qFBxKWW`pJR~nd>4;!A}X$m{Mg>7(i~%a zSLlYw@yuii)AbhNF{3}GXi=0sXq3?l0_q&|)A-SCL#iAlNMmbx-`M>ed)sI)6JpnG z%xTpoOVw$>5s|v0PNu?QF%NLhwHjVc^H_-uDth7X9cZ2umnsNXp~FB4b9w2nKkNXRAeJ%HL-ELRZ|Hn0iLjgXW=wucrJ4*yi>B#7V#=q_FjuxG3 zBaW>QeKln(=P!N5_{A(D9suOND2W}-0pVtH<}Rlh#9_UqvhOy?R_QPIt0?!?7r3Zp zO59&twN0P%U>W`F?|x7x*@m2$`@LfWfFr=c3PpHhqlv01_R5zp z2^%*OWrG-Z{JKfrr&wk}5hj{e}d__Z5d#QH(1@M%Jh`A#!12lS*S z&c@re*AU)td?CDHyY{$1&Tr1z*y1qkhAyfw=8RQGW@}viYPZ_ToF6vi*sKl_ZaH!T zM;y%;^HIQm-~Obq;Y*8THaG$H+MAFsSvvQ_SVMAQZd{d3(YCyDS&P4Ri|p$WOTkax zb5YaCQ&1s`w~gx9f<9V@1>~u2dQ~5+t8WJDSgO_)Q7(C^ZiO$ zCvU&oiX|ikGKl0uL4Vl}JT6k3yPCsXXt0%A^IspQ=n=q7C3MoQn<(>_5oOj?PbYWI6y?R5lm5EbgrU$Of z20UsB%3rCbTl~S48GTz(m=R6?&{Aw%@aN{@ZyuL3`(XRZR{0Bc2!fv_3YE3Z!ef>hmNT|*(o6-0 zjFL{c9Qb@EF*ovHMQ2s1_$Iy)5rwO;Y$3u}6Hj{DbQQjeJ&B4gnOg3g9x(2ryuHs& z{`AdR+GgEXe72962v7IWucG_G$?l9}he@IgGe%d% zTO1v|+3(tQymxlIb%FPN=;{@7@zp!<;^}1z(FAMB-l92EU}@@zIYo# ziQ{P-9nK;l1rQ#h=}kArh*6B2Zt!%ax7yMB5=+>1>)tC-au^-vR!;=GEs(96X!%ds z*Pqmvq!Dxb6clEc@nSaTpWH4Fu~WyGv;w`FT}X1ey+{{mbTsI244Ru3E01g&zu% zrd9w(;|gQN5?Njw4OPSHJ7t$=^oTFhSj!;s>ljgVwq8~8OyFjiij@rX7T zi7_Of_;xCRi-0nrVrd&c^>hJoxgc7Iap|X09c&i7oSc?3?LvlVQ2DR7qUWZ#x*VOj zd`?+$w)G<^#)uu&LKvNggju-X;KP%lFOs4EXQNIxy}u{@(*n!r`@Nt@@hO@7Et}N* z<;=8Pf2Goe;jCR((D1&%^~d2qaUlN}s{H@%I#Lteha*@v`i$x~3d|y7cR!3pv-6pV zKip1DAU5vPPxcb9Bm(D!tUbvRN5Y)B|`sX+zAUxd&J(LND)G~$p{BQyu z+pjLiU0Wv^@m`es_*SRoMd^s@i)W2rx9|%x#5dg-lYTWIQsJGR{h+efdUUJ@Z2Aka zhaRY-o5G}>cD}S-u=EKiv3@L;b(V3w0<-^egMTN+b>c{*ba>t83FBXmL+0lUlBR zYSCi>Zwg*q7MoYHo#PcN32O1OxwB|8T5$JG-e6Ax;LE~~M@<817P2k&0Hk$Nt={$O ziL|^|4;yo;-1dwtkoU+bSA?TZ?p!&QA49)R1RZwJG5J)70uX3k(K{9Niu}!sa=6Z> z>=FgL=~Hf2aJ2Mt8~fv<56XWu`#fQS6D2f^H9D5RY)l~I&ffNgz6YNo1%13F4K3i4nbIE;2# zf1hbAp?Iw^FjzJBt5KB;`>zSBvtM_vtHN)6>hD)M+HD$Dw2+U*6Ri(z&KEo0msu@ZKY4`Ng4bt)V3%C93ty3?o<;9t+yxrE zM_CH*+7D-0ORSX0zYwCRd@qzc$d>P3Ngk0sHGT)nanmTRaYeLk*;)AJ-Q0-(B-aQB zEFb@+Sj#|yd_qM39SkH(Y`vMi*L$Dj*&Fp=ht<}b62^UTAh1*es%_E&6i<68kd)VT zC($j|Eb9mPn(6`J__9CDG1(fkm7_i*A$yv9kg5-P5VW5p$Tx!7@`?Bwl=*MKY>Ti>7}8Ppy5G5~+cvrx)VbW7*zM~*i%7(l&BIWve*Rd; z{9xdeMDG@I1Zx7N=8cYHr6H^Z4sUez^Q?x;9k!-ge0$ za}F)Fxx-4N9jo2D^DxPSG1&Ez6oeC4M5MP$IMBmQNfE!uw`W-B8YYkqzr6&QwP!&R z$RLdcnoGz-u+i*hX$7cs)@O`pU+MIdp;W%`a@kUVA z$VM%l@&hO-p1L7Ir}?qVv^3}PA1^iU3JP!U6?ban>I@jW*n%k`t(^VKCQqWWvs#M5 zkXPpL>!5))>?y_*7X_#}NdIsul3GZyyJ-tkumOYB=S3vrW($gYK##EMwIDuzOSFDR zTX?*6Eyxi6^1zf2fAtY$9DPN@4C{z}xC=>|AWPw}`UoQJK~-z7(Ae^N@`Z)HaRDuu z#Hy7?g zj^APqqA+ATzD8A)$q=DX%51;w*wY5PTOKd^+7&PPY>bgV#~GCWCe?at{!m~%NBCe~ zfI%o0z}zW`MXSR@Rg6Em{bdu@@yUaHFQq%4Na=u=yJ>7oJ;^cUm+`)ED(bXw*fZEN zoCUiD=<{$$KI>qv8R7HbA+KlI`-1|@Lv#~y-!$`e-EEL5E5A@a!0;`EQs(vh)%o5G zxt8{yK0 z8H(vR>Ih0U{kDKu-m8Fp-VD--rCCG9GsuzKO&9{|iFz(E0dP8mC@Rw}&L=9l_A6(7 zfqAGs^G+0Xin-EsaPB4jQGIzKxR+f}q2(Zk{0@1bPT{G7iB}HeQjN#GHa(jOx3mzI z6U(&&m0SVG>q7un#NkDtbn_f!XG`0FksjMxCov>Iu2o);YRPJ&fxM?(JR1hd(gk6j z6j)(+J}gsskaZnH@epI=Elnes!4MX#Rm(wEY3Bd+KMm|*C1NPnK0BA!RwO{WdmC8A zJ_!#996(_w5WhC`&SFMVxmfQU@GD3bA4qGT$Y5q8mNS?BvhC_CVnpB+XD&vjYpXI{ zhzuSrPHhhpq`@0+fN%O1LAeGSV}Q4*Kr)1blRB?cEHXVE2G$rC^`i5w$2(6ZR+aVe zAD#RzmHylF6m4&V8RQC12;e}6Js~<^B5ahGXDN;|dC56JzTbx0U7a1X7IwQCA&%lo z!=ghfIep&^7v+Qbt~A%4J+9730>e&W2ry8?hz99ZG3J}C$x9)aeGIMM&DMT3a+jk0 z+O104!r0#zU-l)Q2n*1=6U)nK8@Tn9u83*;3*cE;%ZaldZU5(wSpa^L;KI;XFXW_xW8<#&O>c~*&LIJtn?ZD%B5$B z@9Zo-WeUUqt2A^MbsM@<&U_7}w^eGHWdH#R)|lcw(qFbcq_n?m7Hg51GOp!zN)+u$ zC7_$P+e{2CFA?X_;t{;8=8XY=+px) zeHlIrvp|>p%Vv8D9K{kQ$dRS#6cAl=w4~Db;w2FrxOm^7%XN1CGk>^s zhIgETZnG@1Q&~S;w*Ru-s`g-dF0eCV5#$I-^|nSlbY5y2`@DiL@?>@p-mdp@2LH=r z@yu*j_|)~m?No-eKHUf^oDpLPn>8WJ-&Q+J|7DA^7pqKDxY3NKMV74SHn%+4d(Xt_ z(8GiH^Kc+(Bm=MmP6$rS=w&L5^}N7xh(rk@euWD$binJsd4M^TSA`fM3hJD6@mgg& zYWn+ix0~<&C!z_;<(eSGF?bJKO=oep(DyUsnGt|d0<<>Qv6B_|3uxO7RS0NXQPmgX z4F+k&A)c=$D%NLxPhbCi;?6rGp-&0P41f`6oQHqj{^rBpLK&w0hJv#ib37X423Ap; zGq$l-LvqB_?{xFHjZ@Dgr!5r1Rp4)b%Dj3p3?CL_2r1L*pg_6@rctLslyRS;gx~)$ zSS)IjscIj8NWya~UFyMfLsiC}iMV687QX;Rq$`}mB8)st<06SL-&AkegyaSOvohZw z3MnYeY+#;hQSHoLm@aJV=yC6O;|>twQ<6Bq7-ze`x5kN`R>%^#&&+1rrh{{`@d!%R zVOAlst{w{cP%0oA7Nj?6kz%~M zbHIsD=)T=@qq)f=)~(CJVzr5t*5s0ub=c8gone9jVq0_0Fc7bdnhgVzcZFTBKJUIM?Q)ry&u!$=H1b!*EM~_hL7A=@0%Kmy zdJo$w#cu$U9Y!Ml3I?^_rKT46?l~ZFEBxPG29iz(Sppw{u&4|JOaWdOSY@-C2wxoK z_8N2y%MkRLNo|(u8TVlE+CK8hw!horb#E*MKVw@g-<#B@`+58#@5JSZm{8Q0*R`dN zp{9NqikBH9ON?yE3|>O)J{?eiKx#j<6=hDvuh78`-56x;W&LEGN^NR@_3J!!rLbDv zNTO-d3Cj0NGgsAo=So1U<*Jb<=kec1MJ_$VJi3Kx1SD@4;bGFEl@Jo}?WCc!^pZU* zEynC)r@I}NXQ~WFJ~tofZ|IWcTaU14RbXt_iBWHpGt0qfGzz{IHZr+Covf=rYnWIN z6rlFJXwb7ny+B;XcKX_l&o1UKBAPEBy}50)D->kJ637J)dx&v>V&aZgf{^=jIkE2j zBo95AVRc!0!9l-Q6Zco8t_++wJ$FBzt^Mm>;*a5rL}uoeGNhCmRf2J%bNi7ZvuE{^ z;gRI3z$Ezc!q#^o9vL?YTxYUnm%;Hl3%;-7?_o46z_G$U?Q;ml#f(IAGn_DE^E07~ zHSm~KmtaftA$3i28%OcjGfj^Wuj(DY6(r~sv`$!90@9#7(r1C(x-oP)mG63Wq``w< z3EClrul;2?uEcQhbI%^;#y6XdR!yg*f|ozbBzP||xxat8^f-;qI@}NNJ9Oyj2eaZo_H4Z?o@!8<+p6-f6swt-vnj#S zGZuS54yP^miMrb*(Rjmg71Mg`cOOXRNBR5wm2~QD1LNvmr*wx#G1PJ;(W2OMoJ zMjEd)-+IS+!|>7bz8b_>E$g-~WrTa2d47-^2PbV&P%9W8bPsRdWAmZkhI_9bfqXyG>rQyf}Y2a*!7Bf_Ts-5f$ zpbWM}RnY6Bw3Tdcc_f8zcC@JlvuBal&zx78TVuq3^28V-r9qQq1k}&^s)c1GwIcxv z;sSg}o+L( zSEY(E!<2xjGqD7Wh*C@t2Em*0yTCsrZr<4hu4Qe{uj5qN7K|&L-wjs@pvpiHTNTO@ z`t!sr>~}+TWd&~gWyKS(Z&ucZH>eff2Sw<)1M`}itoI5#vCNpQLgi5(7VjLDYuXH( z;ps@dJQg1j`#m5lr0~t!a&@(I-E0j!eS2bJXP9?nMW80TLF+M0A%^*ng#)f=`*WzA z)lflXDn-^vZ{n*JK7PkEO6u_h@qHzhvf`<>CZ(|~A-EV}qG~(W_hiDS>JC$Mi-OcziO2%((-DO^+Gr$ocoe&sI6`IqAAPb2(={y z&>KauZqg}htS`W^T5SE(;0As^kJ1`MnbVIiqSZnERjf(!*TKnqPdh{2{HmJ#%Z9Nz z3Ju*1Yzdj{z;H&LrSCxx;wWayqk%M6%32sK-jA+)0BO_mw1hZXQa9i5Hn8roR^tY@ z>YV(3HhZmiRG?wmGxmzMmzhs=QMA4Mv(C}604l#S8l0tKGa3Bt;UBqZtFLEX8C6>e z9n`jBg6t3rtnD)7vH<-Os}sE+ispK*mT`%(_|wKcp;cezk7#dEpq^__lWOR!Y_c<8 zNu6ZLvYLT-BraU_Hp(L;UJ6Z*f8)bO<#rc@VzUQM$E5GY$D>!E@q|Uk5ZbSKU*S*Zypj%tu=4EQ1uOCB9>zDB>r7ZK$ei1kCxhF1DQx8 zLvd$k9TC}3m^l8|>@`RXxQqbu!e^2NVuJ8X0#bBuz9nv>D_L~})nJo_QdKn%R!0o0 zyq(R7!ht!ZmEQ{A&j5Le(8&jxrzqiz{<+pm7Q457aeVPvydwG2bn1B=Nmlkt0*c1aTje&5bc zo)j#rgxfcYXSI|th4AwFy8ZL6NO4dz5%!;XFSz%`bRZo90^}|GWUAu z)*+|&$-GfW+RN$GpU>?kMY?aja~0!Jlu$2d%{i=DEFCqCX9&r*+4O{>OlL`>My;6Y z0X2`RhRA~ql}j^yTZSQ=R#(`W*|r#p6*l@w^6x0}+Gy3cx9K;jhi9g`_hFtUN_{6_ z4>y-<3$7i&YcmUv0+JsC@abMc`m|^Q-1R5QrkzGRbmY5e;Dn#HV-T>UsDAYRPplCl z<<3)&nRG$_X(C&am(<#2bPEgX_8Fi@HA8ZDB^e$|BC^ke_oDx@A&xV@Fqd{8FJKUL z=2mk(kq4Rc6*Lc4JuxJ`Kh;d1rauj9Vv5n8LJ}V!&T*g7I`zC$*A~Af&YEttgEEKQ z1fUba=)ynew_=}_qkGXx%v^+fhBu$7i?Km#O4ZHo^9LujE0T=L&hdKnTAbgA{{#Ye zvg5AHaK#({72a)q+>5m%Nu0Y^a?LjIziU}McuF7{8I4wkhRKK(srNSS(nl*!op!8M z(x`vcdHB~Ab|u@_p8jLun}oO-e!Z8qt6dS~j1_;;wvW>LESc#LC3r5Su;8u+k605}v4)TIo_#O&1<6a_A=7H-P^BcA>09^?buhf47LIX8wzF$^pfPLBR3fq6_rfmQ#N5ey0bWjh%| zb!GYwfV27no}_5Tx>yC@YA0?=G6eol|C-6c;*@1Im~E<3#+l;>|FR)nci~|mp{KuA zP1R##pJUXJ~!5@rboxlTnBudCyAc*f?ym_AS zW&Sx933eI$X-_n1o8vFr_@8w+Hj@i_1W;6`%J6N4+}^08Gr?J3WPT-w7tiI7_8A?C zJ00jAc! z?$W)Fw{O&0NS|r>5iV@wM(^nM@>oCtCy*nT$|{$RCu71TZ4)^^>b5XDPPWp*I%7Cw zzjP%$4EipeygLa9J%=OEdr&8PSz^%Dsq+r~6JuMnJGxh6)ka}HG(d|p!am!6R&jOsqTTSnRSu)17 zXIOz%e+xv1`XYGnsHV`z_Ygbn+K|rKV6Bqenbat=vM7WqNAj_^rNi!*!w>!xy*XiF z#1JxJUHj9<`j$%C6)(EurX;&GH)OPGUqS>G^1_bDkr=U(8fHRH1{%{f!PW|4t# z74lxG(wwP3eN8jt{EqAiZFw{|3N=tc8n2~&O1}fXlYfxZ&3=?w-h|Hf)amkiE!6Gj zujwX7MpEcI3di4+n@*l{vb3f4&}6~?t^I@C|0`;SD|)TYEBm6TcSWqCx3yE6+|G*! zPJ*$Kv(M>m$E7anfJ!vuKu9o;ib}MRalHO#eik$`AZgLeRGr)8!k*_i9)=>|RT7J?z;DLun^vc< z9Gog+B;DnU;*-mjn)7o;o;dJHV{>B-QVwLKn}s8mUCfxW)p+a*p_{!GL$Oov@*%60 z_P8CaGR^-6r>P!iB~J9y-0mM4zCo<% z-6k;(Hcg8~=)ur!nfv;6)IEfSmLv`GN-?KBA~XN&3csBkFFYVFGymb!^Ji@M79ylP z9E#G;1r^olVXUWOlA?)q`GA-AoH<)Zim9i=#Dz|gjS+s@*9C>`HJTYPuhtN-6ZcEv zfq6YMJdI@>68p;r$MFy+h7lPN&Y`b%+i%-XGxwklL$=dq0IjKJ7SX^m^%d z5WSbv8Lkt@WtmvEYIZDIo|u7yP7ot2dVqYNHTob_^{w|cOrrrZ-nQ zD<_;PZhm;TwU?N;Ne^2@c4HYL%B)+#6eCvk0&@3BTKQLFy3vAGto|-gdsKM#^FQ~l z0>;VzQvOufxd|2p1P;ujTRpKXLF%~`Bwcx7rNBe%3V`M6AUp)q>`a#{I@7I6R*vi> zuUbo={~hn>sL~p)pz;~>rzYl6fLpo)RVY{K0q&Os-3)cHDs{#vt`4XJw|Qm%iFZ@G z_4L=e_oT6AduuEIyLq?6T9)%hEdmxj#xWw5kIPVN>yI`#ze}{4j{eZq6~GjqTd4(J z`z_`(jE_{kQ49ParU-MIS`-AbHq-dM&ZZbG`1OKs%TF7@&U_4tV9 z7x&jkUs8q|FPYy-`nmOR^g~?r?-C4-BbS-_4-fP1-P=%@=V$qfSJv0QDqMH2NxX7? zgFntWZclCJvEld$yjU@~am;ow6}G&ZfA!DwmS*liU;KulP{c5svAoJs=KU!Vgfw1w_ zOl#S?LGLl1eFfAg_*rKQI04Dgz`;1geAfWCMxBHNr!%y_*&pt2TRpAT=~oqgh|Ml^ zPlI7wkF4{^dUM*;`3EOLv;$o&ly&0zEBxJ*FDK~JESPW6VnA?b4+BBhL%|7jjrjMC z`|)NA00`U#|A_RJtE+JJM>45Nz@kWASWV*46P zV44}P$IT*Ps`P5#_Cw{+y|`>nLubU2 zDK-DwSXF}F{-E+k8{R^shom|){?SK`@4)P3H7|L}F zbmBA;09F+99;9SSnC*ABaR?E(u3cS6&xWPw5N-r8qK*^TP(0LHmHKD77V9-}_QA<2OB=C(~m1?_`IAcEHKw|l+wpTU8kAF_EQxsVH zg~6y+=${yhh1sZYBW@qj)zqXODZP6lFlN!ct@GFzci4hSZA2?;pxa+8Ih? zGW%Yg^z8U@o1!jAYBGU2rnX}8aqph zW+{!pMvR&>`FiWP@)n->M=|c~Cge*O1{PctRrXO59lll*E*1TlEcg75gSp@Z5#~iq zqca#c10jVVe?U-71DOeEUiUQV)ESrB-V(k3;vQd)$VtuTuY*&DhE;w&Uq{bp(miPC z7&cZ2SP6g?Zhl1sOja_)HMy_3Hsgl!wK^YDQ$Wn3IwyEwM+0SQdpfeS;2?PU0S0bWqdeej+K}8rlLG) z^p|0buF{o#IhV%oT(``#3SiAH02P5qCMYnxW7bxXAVuIxH5$%SU7uk?rDm9I&3o=w z?c!*7np4gA9}`$IGX>QBj^4}F>z!Mh?Hb>(+&&8I65~Aj8&H5<12TAE0vc`V5cJ@n z?Uu~FwUo%@nR?5+DLrPyfnNjh_3M+|y)vmLF|aeiOJ5|u#T`03ix>bh!G$2`rE7!V z-XyweV@KC$&q5#Qylt4w_7JtT*uF}<<77R3nzt4_ z-q}zgs&xe!-x@ zrZb9SAhIB{i=~vR$kWsPo82l?3MMADepXqb|A-qj|$gd%OVrI@B$vK~*ouRSO=&TZjJ)0vy#pEletPQ|V2 z#jq(r4}tFHKQjx$0*Vbl&Vf*Y8SBcOVZS%5qtu=3QA%Om~;TcS}NlGaspv!vWh zPqRBoZEwVW){Kc z+r%6ju84nNBAx!x#78_vyP!mI_U+0l|CJX@zbYQTJoIKf1hGX2t2=Y}D-u%gVezg} z(Wb|zjaEA87c{VxR8xgRH5xelpR|EI?(ci0OeFdg#LWi-qFnTlT!PWXU>hNYW(PV-iA^NfKquU1Z-vC_=JTw(M&rdq}cmjlm?@GK0p=Ebrgd=lSRJ z{XEC-IG*SG{QLcfaUAZs@9VnH>s(&vdA`m|2aR+>xjj-(A$8Q>Gx>@RpaOoC5z4-d z%1-1_7O4pEk^^y<7%9+gH3{7H(cfEW*f?OttItt&z&vfPur9`HeDSfQTwS#ARk_Lg zO*du_BzTSewa`FB(B|CK@8qAE?>r`BJn*Vttw@#4sobp^0(|{@=kPajBYp(z%~e>C zF5b$HiHylXp)59(Y?(pLVt*6$t*#~a#_@*+D89pHUk`I4CXKeLK0hr7irTP``tlv) zo4T>?frKe3U>`%Z;emG0oBLe;I2%J(t zXQ;nD=xMC=s2d*G;x_X9v$R#IF!8!(p`eD5Un?3V7vXxMQ7W$F_!*GT$nqk>a)E0B zKxO+DfiQPGecrq*u@I9ip!D{)kE+NXS~BPPJKv2?#m4FR3^=|T+j28k&BP()YV=maku+(+DTg-UxUU~u>&^#p8J`$%-qkch z*W$_y*q;5QyXAd{Bijy@N3OoG_FB>toimNU?4SRJpUOy`yV(PLfn;|TpCjNvS-P^I6boocmT!au#Ag5A|E>hTc5ipYm zdQxunSHI7`(xm&W<;LYO#^DLZdx<~}*-^slLrV5RJw|u8w*KuRM^g+cWc1C)3|ZqD=kG={709uQn4x)>wW8!@&9xs}fu>O#sIOhNMl< z)Pihga}s=2RBIf0^`2!ra0J$2b$@$~xtK~^zEjC^H|!<#XG=IGJ&dkN;b?mZ`d-}J zC7CJ34n3ZMK8JT)BdjKS{X$Ra^M~rj9a{1zSpH5)|pt%@U0Dp-gk!c7xwx)d|&P1`kj=tG%|>w3#?Fyi~_omO90IeXX%i|)lVOE zan?u|_{}_=^!!FmcogaLp0ga{eweQd!ef7Svu(D(;f#d?$lI-8+zK60KtBaTt{L~^ z^G?@}rcoC6$1bClJ2pN)xM`}NLC**C%V$&jDckdh8M!F;tOq!0()%9eg~N!I;|j;m8xQY<(+493#{Fra&`r8p1% zGT*z687)7*eR5nQaet`X)L!TOgd=*UNr}BWxclWTisiy&rszuF@dd_0DFat+_<-EP z^HWJ5tAF#om)V)PA`> zi1UO-Z7rqkr+RP6mCCG!D}Lkm$}hc+v9nUV=@y&VDVN^EE|C_l?@AejeMr&H_jP+S-{h(?iU(#K;g{e9NUcau8Vd_UlJe`f^7^F+QI9BMRWA)RFDoNz&S9b2yass?NZ;hK(vR^3F3dW`bT4U{wl|OS7+6s=0goq|B5X4##K}ga-d%Ve9V26^wVdk4xdvmAc zE=S(G+cB=^cyQ0D?wef62$E_zjRnN@Rb{3A1^9j>Un%sytl+zdX*Mrf{6|gl(OjNK ztggxz*p@IKp4s?f+iksFN%nzpqhD0NOjjF7Y(6<2w3}3ZmGbi5)!2pmYenZMct9AE zL-CsDctkgyhZ3cZhjjw3_8L8Y_X30ODUy2TjO8kIow$~Zp`xx_Z|mnw^&-C`-xF6E zB(;gmS^2s)qU84p$7Q~m>)*wcrA#8dKXW~DOE~gL5^qo26Z4V~PJV9R$8Q=uT1(sA zNlLxr#KsY2`;K$7z-wlEC2$%b*P!hab3VlO|6tDTzt6&D-C>|2k%IoqFgPbaI#*sgTg+mF9AR-xzoiA|!dH>`K!8!_Xy%V{S)AHD=*Yy8EHl&>nf z-t((TeMY{P0LCel4%&~DEO>2wHMM2p4MD-Fl%WD$8_rVeQX5z3B9ddTSLqez1Za$| zvG}LOh`+JgZhN@D@baU5_t!pq5h~s3BC#aiOoc}+ayXO9ib3Bq5p$yyX@RrGVh*cX z#Y)AzTotU1QcAn3uNy@SLwvURSCe+SX&k_;p91}Lom$#b(hgPg$b+|!N2vyw%JS!1 zxSj|d)vq`&$Me~?YWChi3l6%_FjXIZL377Re{E(ZH_|S>Zyx#+J|Z7-)%0~#hsr`M z*Nq5&aOk=I9(uxsUnTeoL&$Ta%*sm&LpEu(FKWkxGWp(MzY=mS)KTgjzenwtsj39uD>a`SRB@DOu7T`(G&l*J!JI1 z;-mkLo&L|~|H=~yxaF?+N;U4|J*sK5K9xYdd z=O}%1NPwCaIe?E-m}+u&xW1mRZw-&}pIRd!mq#otRZSI~5*}hd?(z#&>>;Eeqd^S+ z5Vfi>2TAn3!l}bvB!tkf_vQ;(R{dF#8DUKOGg!GqX-m2c=4i#pQNZhk1A%`9p*p>j zFu}p(%%!+clVE;G>cu>fYpHhokk80_qq|8x@@vh?mrg1f6XoKL_nItV9wW)#z=R>F z6yR~E;qJjXv(V&v2Q`D5HJ7#T3k{txb*b|GiGG!y=pHZIJY_CQ#3$iNJgChg+hWJ- zm|PXW{a0hWu2Gw)vTm%Q?2CRi-d7xiwF~#DF;gU7t2TP}TK{Q3r?37e`J`*9Hsc*C z_zO@gXbIW4hY=^NT7$yF>aQHT>K0CtpkHGM+5=i$5})YSbtg`0cZ}i%$%U~}v`pG) z+YiR4*GBtH3;jFpbd<_w3!BapQlK~#`C;Iy-5grzx(9Kep-511*CCvMx8vF0!H)7r zEWXW0F$&EI)0-k%2H!l`XgaS68R&5}CT})a?H&9i-f)=72gXiX&Y8q$dZtabp#=5= zC#w)@5PJB8cd%;}ZzamT|5n@ETQ_PLDqmTR@PBbhGibH}dXJ_HOa{^ADZ}=SqjVpC zEHz4BWe!eWx8P6OF!lQ|A2F)^Y4TQ*-PjS0J3M%9Pq1Ub=+z#DsLrxtGOB~TB>qVI z#BJ-V*VhK*9G=CibDUY+9F}>6syn2#2}*7Nq{nW~hyyRRh=};z>_A6M!h>kjjy!+Jf6WmUTox`p&$ldmEKc(2QnmiWXY~Vfi zFrgp>&~V9IKaldhLfS$|P-Q5sufS^i|wPSv3ARhhgLa-$DDY<)e z75K@wBw`JRACcv9JaYPElYVvzQWcecp~st;yda$r>W?4JHh2%b;xO}3Jm2!em&NQg zzw3Tn|Mk;E+Cr|S&gZKDnwYUS+(bnNfZK0=y_rutIuA-Yf6b~_z6?d2-M@wbuY!j# zTY@29M#dqluMsP;?Wi~@sZqnj=QL{DFV0E z_OI@1Tp-PxIYX>0rwew^anrpR#dJ%Kh^@${t?s;|*&9rf?;Lwp_30js=PQqEI6kk& zeq!3t{Q)0XCBC;2862BC>deP&xe5jk%q~*JQD(Pwah!s=cVRvjW!X z1GV--WOO;KIMAVoc%0$+%}^4iT{CoyNSW6NcOH>%HMC0oA)t>w!qF%3T1e<-B`*^@B@?vJxXjkd>aBiaW0wK4cA{bkMz& zHu)2^*5+{qUY}6Tpfp-f8~NQc4G}o=Va@Uo$OUB8(og{W#LyjRazV(h$&k9o)j82@?X{ymua|}{ zG(uBD2<0ziG1HA6@jl=64A64<4kXI~NwNaH%kd1>xyn?yInGV^PO|xW~qGO+6&9GRk%Mr^V(O|6sj*{N0>X(vyoW-X)o07ssCB z0ZK@|kEIJXQ7hpWg*YiVv(O8}S(A0kc5St+h9DDi#4OrY?oQ2GlW+L*q{xhe^TW>JA2`Uu6apaR2x0aDxdWk`4<(OUPPrx} zF_aI<^sIN^lmXh%VJlJL)+j6O4)^vNu~5 zdzwjG1cZdRxtuiCJsx`EUIS`cow9-foonW5@Tn9g=QcRZYLt*V0Bf*2-In5j!|pwq z3JUH>>g1kzcJ)iG=%in}rwM@ahbyqb z+aExC5Rmx!D#Uy~4^k3XZjC8xl4+M^&Sk z#HegRaRjbrn>k6{2U?npm(+}RZAE!KqPrTIP_r!W$9p_Ogc4|?j+y}@Xc!!Fs70UI zKXast;vTN~Y#JMKtD7}KyHnX)CNDUJp%Cr}Bgzno zA7>t^95Y|<++QQsjG7%M)rNS^4F_;%X_>`lRb>VTyBHL+KkYT+<(EwQb{ds;TWN=t z@f;|}4dgfq;KLooYOJ^bvQ3oXLA%>0clcNQ`*;hS_XQa@ZS3{$h|G13xsv6;orVMj zOJqwmScUkn!Opeh(G*lyy!B#-p*%(SHSrfylDyj;5FBu8@%D6jV8V>}%`@C`$%vCY z3(A?cEQqmPC3pl@0!QmLz9U-`6iA0N)o~gWlTZ!4w@=JUx;0zgJXPY`Tc<_YUtl|O zcjm&2F2ifLnFJgg2{3_Ll8uunN^@U|u%#Y{{=C%Q4PfL&A8x3rKO=XwixgV+gfB#q zt?V`7g&G2C9fB$dQGmy!2{kS<{88#8TF?nz)8CU3W>OUL1Y?-5QK2KV*}tJr%w#w* za@w<%dO-PU4y;#B6=0+@RhKawhCDFF7OwDreOsIh!Fso9&v?JT)ySMb? zfbg4g__gWF%PhNfwq*R;w z>TJ;<_jv9{B&B12PCRM1Sxj8Z1RL@IXc^RB?zP>>w)Id$Vtj5@CD1H} zUDPq2jpvhZZu}l+>9iBQUH$Il0q>2_aJF(#;?=4`m?c5uVN9-I3K#0Ju5e)y;8vQK z@3?E`{(2?b(&UZuMW-_^f!so=q5;;}pSlou4_D zBfOPm;_$UuQzg!FVo65u{!iv_@l#aJA2Iq$p9?BU3mg)Z)5y;V`XO1`4XE`T!Ltt$ zGl^N#o=5WqtUUa#lK3H$6RpnEB!3NcK>bovI>ayKgO59=$oX6w@ zs*gR70eC>m%t-xuR2(_s!`ua?r0R3uVf%zHn&~v#=^dxj)!EJ)nI^<0?96rdmyigN zd>1s&aZvAr+oj>Oz7lSso@5JAq{55odX(_#&b869v{)bYsdj^u{rCYtr5_F7wU5zT z=%6iK9N&$qL#|fPAo}qSa34)3s8rv1u2j!5-MIdPnOWcQ^!M!tHqI@~v|^>FggeaZ zj}S9ie()KBPBv+9x4)&nZJ@AxkuDHO)uA9(7bxYe*+(fN#l>*jW{1V~U(v3kD_DQ$ zqDf^RYUUf{XC99qbNAPj2Ckrn9A+0g`ejMzHY69_g-jQ;9}lWCsTlRit>-$DAWpki zA1}AxF7RDFPjyoElNgq*7{&5FB777{7vZ4FfScO}`SyZMemPc@;`nXevwDE%*VodS z@&^L7!^heNB>c|rKWwI7VcdD~?Jaf>wm)1kOlgoy4FmOpwJ-txFiM%_;>+rbvtM6C=Iw-nD_Sy^NCZkSHCrzIv1_{ z9BXSiJZ5i-EnlTS)8_J(XDp0dL2u;$zW&=i@c}g-KYt#=vsN3KF4@*pd$03qAxhq;=`gS`1(WyoClikA2@)3h_8;5bn<8+MK z$lG%mx>PKUGpM-x3LHG2*p3y2(Z=;zHxE^co1bwuCiU0X#hg#Ic=-OwC7AZE8@QC8 z-jpw5sldL5rJv4h|@aeQ9j+e%O2|=-Zh5vSqAFiac=tf^1+S)I(P_ z`M?rlVFalo->=gpb!dF}@5Jga;k1)MmaR-Ba@J^_&)ezR@^a`_YvDv|{?eFkR!5z> z$pcxL{VJHBQ;+;!s$SUfr$&QE{fu%hk3b6e(uK)-AEjjB*n;uPH$r@Fg_+glc-`pn zNa4Jdtbe!Ac20%y_4ox2syqfjC?|W;4b(b z$>X&oWTP!YdE^wVIiQlrK6GMZT;yq1OS`EOv${Sd4C| z@tC;?Q6FA-GTlIEiuhs>`amX;YxAgg{mz+g{VN=sY#`4c#T-YHudGkrZJ)1ArYqfB1^aghHMi-1AK3_M^#EPB zNLVQu-n`7n(U&a`x{8W4D-^FD&8v!cV~%R$ZJw$qJjWFdZvURzP8VDJn~i2S1lt<} zD1Nc9Ja$dehjxszl;~gU1%my5<6Ih{7vTwye2}!lX7{AV^w`}R~&pX&y5`m zC#{-4#Fd;z-SsH{VMYb&B&_>iZRVnehwWe_$^A*Q8M$|qi9Kd;^VgX-OXS7hnuE16 z^P2j5u5yAvoS%yuQ3xtkU>%@Rl|U`MCpTzsYU*m?qo8Acm#k{6T{N&c&HR#ixuJGs zO}4o%NG@$dE8xUMg4T2qY zZdN||@gI+K?2X$hYkb6|w1}LnqSi68K>02z>`-DiDCCAZs4YU|+6-&0hWhX8$^$v7 z+(9nZX%BKZy!~XgSWivnC;kA3fiBfRll8#Mr(cHA4deGaLAP-yC@mE-Q%j?UvbOkc=*}W1 zd+8Q0WvBGx`K%kN9dgd&k1^GlTG2I~Sx}MCO?9CZt(lWnxckw@WW$Wztm(pRS#9-h zF)Jm$RFe63FrQZO6(avvc^k<8o6tpx)LTHXYjGF~vNb1E3PC|ds?jxpU*Ln*s!ucH zZl^|-QWYl3Zu!s(I8xbI0FrkY(m6J2Ah_pQuk8I_@j9?&2VO3v`wC{@ z)}(;FdRt@g=}J!gupfuYV%c=VFaHEZHfnYZ^DbTyYW)JD-SsEL3Xb;mDP+f}{n7_G zS0qn6k}fWBf1p%f*EiR{u*c88)*p-YcCWcnDQ4>2CR?dn-Ua$Ek$;&KIOrHS)ooTS zp@oaW(ax=649OVyK5!l>IXtj`41YQy=;@Yn(nY~y=er--Knn)pFlhh8kR1r){$RAg zTUAn~&$#VO=y;n}S>$ zbEoZ@3}Wl@ocAJ17Co}O;<2^1PvXFNb@+rK8|zKZ)dtUyX~;2A8=7(x2K+w{^+~ zk*=-@MGIw~Q7n7c!2+EgvB30;uB`wadIf4d1>GD#E~7Y_r8F@y%wt3HUcn>e$u^BC zJCdH0SODjbYk^LYtAk(Oow0Viahiph?omEpJO@JSCYr1lUN#mDSCIWXour24LP`UR zoa~md2Y-p>LKPIoTG<6jwtM9(C#g1!5|le}%3&6mm@~}JE%LP#ba;SIpYRB4QeK)q z=izLzJ$-uzfA}UCS&MNTJp2^#+M|3C@E8Ld$|20`C6X@^Cv~T&?(o2DxiB1N(>Ul8 z(Ah9}wX^hz_SFHdT$<5{TJyn!Iq3&wIfj7`;|;=b1u7@wDN_pOwoSP>rf)Y-L z)M~1KhMd!R2ezN;M$9_&@#s1z^~HMSx(IIts%s=qDNOtjhQ@yQ$0o@^Z(;9={GtDpHf5sEw`rvd$r3 zxv>s37Y;NHh2F%mP|`yS5*#@7*ZLL0lRZ2hD~O z*ibjo6Xh0+2EuGM;7&nas16Q6cC|>XY;9(XQ-5-)4dqzS$mVM^`PLNLBJA?%I2>EkLkdI(3;+)SU<`TH?ER9qDgp z31QT3YNVy|@J`0tKHEJo~Lh0&4Yb z(K4M6a`J{F2Cf-ByJ70%@8;#tC#l}z5Pop06DkL#Uv_ipXW|V;^zprjy94(n` zsjN>-O`Dn5OjE$zGTs|}g<~fltp6*4e170DhK%;4OVezbpB{Ssl47SM>muOSew+*K9L~2P#h82f%m^_~t4FOrwss|3m1>T&nFy*}$ zqN>;T>ZSklEUSviM<{7%HWftAqKP2OKp1R52+iHKI_dcq!4Qv_K~zZpF%Ip z>Rmj4E87Fmf=+RvKGhpt1kmj|pd@M}kd4Aaa3_H8tVM|o`_mvGP85LmFp22tQPa}$RaGaU z?c?2YIT!k&B6AiftD7!JVD2{u{|?;jP#37xR^Nb9KD!+uJBmN}YvxFbY0Idn-OwxD zq9Otb!FbQG7nh-+P5@lVE%q0s2@g>okBM|=M20$MU%bu z=|{~h4}BHipMUr+*N47$DWNXYq1X5s*KT9#+*i-!;Y_e$8Nk4^*~1^y#xCkg%t#Mg zUKRa3FJD8Gz0TRZDZO82f)LmjN3nst)yBb;Dn=7?&ob~yptX~^M?TEOW4xYyznMKb zue_tJRi)N{fFiijNR>aRe)1>_Qx-KlS{?yJ=^qwJ=D?xEQ7*^ppT>6fZIDV|K- zgdtD%M^+*(7wbm+_r@4+%APK~@gv&sj4-|csB*&WFm^(aIs~T{;4B$wnk$G$0{i6> zZHBi(*s;}pRQXGSXFMg>o>=>aJ*dZ^i znskrz&JVpX23!5%(Z481ii=fbX6JwiRTKwYarSzkPXb$%e;v{)o@cnXrs*an`$$($ zo6*qiy6+r>1l1-c5r4>RGs(uVp5MQUxo&_x{e`%RvWMGqz~!MPmP1V9^>3^BQMX0gJ! z%jU8sWR6Grmd<5_Smi&bNsd1>Il^bb!$h! z?+oV083f~Y3R9rWd-x zu|WeXehF6mz!3PQPLQX$63M!VGK~{|6%=d|dvU1QaFT7Ae@b#q@*m%6u3$wr=ZFEYRD-@lOX7F}yq zC!~EkZig*MD*dZcK8i5gNT|(;LiuC?r*x3U7Zhtjz8pU1)fd9MyMFfR)a}VH6}m+) z1RM(|O6Ous*&DmLrSDt2-?|!;g?ZK@!Es{p^YIQgGMdR%jN72*UeuS`?Wn z^(CjnL*;6P8IyO4`n;mbeB~3CRmL|(&NP>E%19jlOTiW<&6EkcI%UDgZ4ta~Ch>6L z2VU}9={!@XR3)A+_#QbOVLHe0wO5HoeTAS1kr$ufm2d`NL!K@nd6~M7=m#V3RRSI^yrkQ2RDqB7yvn(tpzM)3ekW2NREhhVkQMY1|Avc7@fTL z&?#E?K(qF431z%p*FAoe>G#q-aeB)@i4JzjD=`YJqY4Q2G>G3(d(0%e65rBY-K(=z zU9#mytxu@)e{-8^mYN;gW&maB3}fsl2s(da*TaNoWrH4*Kf{9W@wq-Yva1JWN(z~( z<4?Up%!9_ARq*g8FgT9b6Ty5G}oZ!Ki-5SZC z3`3IC%SLZ3F?#UBD6$s_H*82ItpF^FBy!UC8j1%c`MkJS&gW^9K5XuD%5tHm!$w=6 zJ3wUhLG0lfnr;Re=pXfY!~9C*ER#<#xVwSkT^^-C5~FEdOwMt{?{+zI z*e^F>2JH$590T|wQNk^MeU=ON5+fl=)uLufdZeNB#FFmFn0oWZhqZ_|X~QCE=qzT? zrvndUg_+X$?JMy7>uGCj z<)c3?eD>?#+i=TqN-WyEpP68_NdUCrn^bc~R!uR62mci%q%S|~XiP=aI84Hk_V0&} zr15m>kCPfRj(BVzb^PdZIAMep1^^EGGJ`pjNLuscF|Od$5H3+kRkAqbGfvKwmA zwMJ&gaEeUT&${S-@bE5sHbK49tEp}FgboPjM;FAWmk{M@@c7jA$sX75o%^bsvGV-|Ly5EZ6OO86Vu_oA&~A+qGiT-~MJs%^{J?EP zb&651oo9wo$yi;WfCPZza+6J5#*ZCU7`NGBgyT^Z=L zQrbOFZ6rUc#us~!xZk5O{M*Pw-}FMy?R5UnJwhiBKOMl0U2=h@kM`}IS^c(1BnK1e z&#)6?%+?lwl@3n&K*pf_M~(h!cs7vMBKr@^NXoTW2$C6-7aZzP6Z~gza?A%}P&_RP z%pP6W7D;klM^J#GYV|okmCqu9lb8w9r_ z9=G@~?&Z`u-^EWcr-F>X zYds94OYMLzDjF4J^xsED6Sk~hU`mi=&qR7|W*dfj9C#GFwj-?cUZ{1LKsLcloMUqC zc#%n9Y);}m1#(*a{7T;kaht*9d9T>>O%W&juzpzT3;E=eG7pO7oSSnOa*ZsT0=IxW zwJ!#Dg`(Y|2FuCkL^d1U+2(__J14(HJ2x-()hJ=#?B$@nHtRX@>y!j5281jtgbg=n zKWg4L8uWHe>{W3~ZY0M1z)rMw*(ZnNp>q(DJ- znVXpnsrh7)GA4I7I|R=7Xkf)`Y!Ym&ujcca?6uiN!JpnQsS3z}FWR-*hcRhQwztEV#l76%N#e(kw!l@kW za;~ys!ps*KcGT<`@Rvl}F^{z{ocO~yUEmH7?X{A+-@?gE+Lch|@-J1Xpzsg9@~?lR zu0(Ns%8)yP6Q^#HJ|elU=tyuX?oSeDl70q6(0)eTT}@-ma?ir}9#M}=_#0e8FXLbNVSfDuk^qj?%a2zAY#xh|sI46r z%tsr#XbRIZmy*fsDn>Bms>|2Mn7qKp1B{q9fDvfT<{{)go{U7Y@>ad&`;0Lw^`g^d88Zb#0pPs1z3bKs(&VfnFDw!f6B1~@y4 z4fPF-$%n@}v`~BjlE=7L*7ZIod{I%m_(EFhdX!d4%7ym0g?K0s&r42>U?O3Yi)3V& zk05$*%j}f0vX9G`Pb#H(wz<*%DK-3O>EC<(w5D?9+ljflJn(ly=jq_#A~G9VB2C{@;&feSY^OB|k!#J**O>icAAfdxS3ElYd8$F# z6eNR=(IvqZl~8L7p<;k8>}4N2UmjD21wH%6W+qfbJ2G@l6ee?{ZYuuaHa(s$Bi*Ln zd^NmnCtUaniwE;F^uCTRzCyFa58R*OWIV@9(Um9z;foa)K2L_!q>jFiey`{i3skoIIiz!H6x%zc6 z`0=fwsq0_t=TCYnsQEhPdVEW@vMqkYu?4d397RC&<#)2mdP{bHVB zx28#m1FbviKhOLGX=+akr3+W(B-F>3$llTFtQ#Md)$IvGpxB4(!$IdyX(MvZ!&brM z2uasizXOw<)LeW3=%oqMX^07;*D1U_ThWDJWjR>B*$Uo18}1evP#k0eWt9P+na_#s z7m0W0Er;e-wp;d`@HBku;$J9zAN$8a^@!2^Q(R4Td=2GPS#YREn_+_3YgXuEecp;A*fp zy*!4z(D);0i?bL8pkr7IYfPFN8ZyT2 zlI>@7WNcXI$)ac3l(?9{NY2KiHp0+hIn={Q#-7_O|F9?lXMAk6orIh+q0Yj=v|~ZC z4h`gm?u7D!p|Tor^BM0$-nBzn7s9R0m%Yy~52kS~U)1h3hu+A79&LzhYz*rf@p7l@p9Z9?2a*YoQLyF;(=wHeW)MM@-LmF8o81-Q zD(XC4RwKJ5A= zme~Mn@2mvu)Bw?qhkETa5@`xxaBbSM=C0ZQrpoA(V9UD*3(6TLjFdIxKP+YehgcZD zz#{_`sRdP$*nu7oYbDf_uMN)u+I12XeaO5p&m-eo=U~lHHCA3`*yl#{5vvrDq>l5+ zYzu{-Uhj|I#Pb887z9RneS!eW)<__hfW#ozcr6S9Hk;=oR5gG7yz#x&4JwL~FlbJx z>XofeaCts4E^B;$&i2?pEU&uh0#!_l$26dECsYC4@WMxF=OK7d@UTCoTG&C}t?wPQ zByo@RPaU2ABz2pDXjg-^%4pPNO5BFmp~zN8*^W_b0w7<_yQpqnXup^^{n`xcO_(-f ztAY5zMDOzPoK6hc9t|ID#vocw1;zZC9VK3&KyiQW9VVi&5;5ERw2oQ0HPmOE3QL_r zzNlC7*$)*a!tx63Xg<0Vc$AA^c%ER}(+^#_C*jKFgEwg#;s;fHKi}3%<4fhzU6fqe zumq$h@D9LIF=VT^&7vf|;$St{wuOI0-=N6UkgsO9lYf zx#$k=Pz4Xn`!l~ndt0QO^p|EoH5)*0CKY5jHFZ?!nR#)}*@^<=2Npe2;(T=&LST#i znfrhoaT+Qy+okx(jNjqp%`WKRx^p^Hph@kZ{W!+!=1#$ltK5zkF0_3$sko{2c0ql% zZryBbD*&i6K_J7Pc#z$>h6s%&TT)*Q6=o}m*{_&>tKMO6DJb|}x#sC}>)5h(8C$oE z{^dQt&suT)!vgeuwGCa&hyw8a>_rR4vz8OToMdVj<|-+gSzW2RZ{$VkwX1pcL)?&!m0RT^u{kyY|jB3~^-;CKs@!Z}nvL(;F zEz+yxJRJ3j9F>2fQcUIZ$=s_=Nh6OL;4rqHC3wbjQ%AvL-!(i8rr8Np26JO1=vvHC ztxGd5_Mez`^^fY=pd^__?8gJ5rz92Gc0l?v>?k;WG$wGv#>4+%X)x0TL@c{tL@xqX zuew$d$>idooHI)LSYHnZD-RaEJNIsBd6BHHwuo6Wg&?;A+y1x9>Lnu7!RpFSi(FA* z${kde0~tV1BZ;td4!y`_cAb$RO4vmQVm<(0@jrtUJRsiU2vG8IXL3i9Ep4j?QUd3j z-loWMcuhGT|FnCE@elZ_{|uHq*!~}*rJXP!x1du&mT(J#k1Tc~BZxq*T(i_Mys*Q( zzV0(od+GYLpWJ$DYODD@zS{`7HoYeeJ@HwoV!YGutT?E^6Wa&M;DC|ifSSOhdsEGe zbfDG3h^QYq_%AtBK8iLoW>}H!Gl=R4uq<+Q9flw5x{tcn$1Zg@S;2t$G6Wy zoE|f(%}s+fA!4dW>Z{G_T|`B;MF53jvYo8DLPn*rc(0Vbkd*fd5#@kh zjuo;R{m>j(_ycnH$NhM2IDPI%Bei7IjE5LgID&ost)Pj2RXgeVBH!si+zOY`4_B7K z`Y+Jusrkr{>#?ZH9J-Kb7ZUitAMn(%jtq|20L-58Wo!SM{OuFweyS;bZP(s8wo2Pw zxpUR{?1?1I+BXbo@h^FIZ>N+xaO{?eyLfvRCe4rwYAqv@FQ`Qj_IS4l&`-la2XVGk z`^Y9*Qsf!bTz1B{uh;b{+`-SxjK1S9lVNS9am%we^})doZ^}xt9Un>Gf71PvCD-)RBuHBieq$P<$WG{;%aL7J+MyEE zR`Spz)TkP@9Jm-9r0&%*5)_)lMYo+{AEVpkO?z5rA2z$+kaAhu%RNRc6 zK(2K=TPLKP^FEL+Mx?1Q2Owe9W{BntcjC2{JiQi{b`_}JyYl%q?3M2I$Cm{^bbS-Q zs{Hz{*}hrC3<6e0fw9y~$t2p|peAbJP&HiRgCCh%%HT=uIxnysIIz%mYx2yAvrRt( z*v(4Z*pA*X*`YBz2vvb}5d|jiS@_v#7$NfW-2t>f+8EC0m>Rin9U^c8EVpzF!T!0Ll7QSfBUA9*)J}F z^x*3`1Rx}?HoeCh53H0U&Kwyk-44TB1I?F$IY`HNQivp*)m`8G5K!H8rjoM1R^dc< zp!+?Q15v2({DdD$r1ky7r~t1nP0zFgCE1IF<#}3`ReoMw-joOkO%9` z-U_FR2;SSx4?hssdhUVBms1AEy6IxT?^hsFFw71$Mz7shjxeZ|gxN?lmu2=)!MiSK zjK{ZtXAvgMPUK8@fl0Gjv+GlWOs-=AYEioDiPcR!mZpP*YTq^GRSj&_>!m?cmFkM` zm)34q@ac~vC{oY9eImyM>{9>nrBJTI|K>IU$}VC8L^dK$XkP;M&=ChDH}oO1CtEPF ztr3+l*F5U&J-P9FLxUo4&Ue&ikJ(aDlITE1&G&b6XCpp}$3r{-aRJkRL;kvAt+rr9 zM9lQ6H~y%{_Kalq46aLdWEC1NHGA7Cz=qXq45M4Rh?V~_DBlPMw;|$?6cmV%nA`+^ z3TZCBe8L+W0E(p(BSYy)RptTI*f&8tXSrctm+@2l!UtPHsmwzZ8Gs*amjAFENCjs) z0j`)Y)m>cO9f(yHZ9C+|JL*|eMYW5O8jyTZ|Kh@r2e_MrG&HPEqJpP;QbmF~2vd0- zwV5S!Sr=q@wW%cD5_&TqJRxh4&Fw*o1L(*-FB>L86hM0?DUl#9t=eAQBonTPK9s7+ z1LF!m<#_J6g;xQe;aQk&wHXWpe^D(T|$ONd$ zEo#J25vOkUSSsV7((>+kIN8hAzqKLaynw^o!^b_ZxJ|G_f`99{U{wTNsEE0Lz^4S? zpRq5?%m1~5lc{|76Md}n{h~`vII%dcWH4^J=}%DX!EHDChtB}bDG#`tvG`b@f8LAc zV*|<)6LJG?1v>QmV}&Zuo7{81dW`|9OBVjnT;LTjNgCL$O2$*19}UkOd)hsV4$a}% zs{VG5N2?v3-EHYWXF0Te!nPI?A$zF;JR z13-L+hB3do_MH-{W~Bp}X#I*LpHqv$fC!xGzScuSdb-;KA1z{wxJu;n;G_5zdyX#T z*Jbyh777+xw$F(Knu~NMF2-L)FP@}|1B06eQe&XIU_JZ}vl}U(k1T?V(d37W*vl1^ z>!NA8wMmB%$^9?vwU2iWomz;+c|Eb&FKolO<`qhbY$E`Fhc83>U-$cPr!zkCN>%8h zuZ}ow#M`A7;B3#CN8xQIS0C^djx$H?jYf0k(nkd^eaUg&_rgcBJVIaF=LA9{W%`1f zZEU!8nyKr9!pZ1EwK7pqVI*C!oXNRJt^*AH;rg01!6jDBJ|#V|6vu`ahK^T(f29H` zNiRvnEy$ire*aEd!PjfuN7iVNZcx;n|4ZcQ_+)3>Iqad%LkwXSHnMOLcp0qVEr1n= znlonrhvE9vF}2A|s!i>;-}-F1w-bwDbeFxW%6*OTyMFG)b7D8|#eY_R(0jNs?xnlB zagJ?J4iljXu8#4_;li}eAjxW>)rmspSgL>dIrbk-5|3K$Y2E#9)hZ&9&2D z2&$Lnx4iD>^C*p^p2JriEyQ=7Uq3?iZBjXaY~%t(55~@p{eSIUc{r5&+aF2F5{Wv; zHWih!C8QIXB3nW!*_##;Vj@DOc_c)(By@B{izQ2AcSy#rbjmWajb%n5nc*Rgk(udt zcYg2nUe|kmzw39M_xqQX` z6xQodB>R7Lc}{Z~ayb|<-T|9kj*`uFM-y^7tsX1s}O_GAc*r~MO_Pt zJ3U;tA4KP^F3XgsjU0V2YumGRKq~IgE#=$B(ie8Ea*Ra^w#OSvb2T_g(z)2Q61U7TCuK{heju5u>@WXI%MO`3&S z>wcvt)tj1${8Y0SdzcHyjvEvTJttGTR`)Scf^!DNH$8x1rKAE6LeM!v-tc~AgWn6C z`;LM?TkGvgIHq_x!fwgz>%LdgmrXnWc$gH`{lrZ&blsE-ISS@#;a6E0j7W4{)Jdz> z&)IXO>wudfc|3oHdqI$U9(rr=f|QHca7qPrlr-{nk-gZGDgUtsxm7WttnFl(r>b^R z?fAO$gFoHbfBU+a!~CQ6Ey?@>aNlqqnl~Xm381qQ4cIcx7Ue6QL;_lNsQX#E+L|rv zr}i+m#Tu;He67?hDXe|B7Cz@LM2M!i$2sDltb5=EA$H@FXApEoVKyqzM|RBlno={n zm$fI7>;QVxRCDiqf=Bg&^a&(zgDcs*rrLIZ;W*JiBhU78dDRIt)OpGTB#Fi5*|9PKkGaf(L#KJwKIF z%IeLl8LAWH#GHBbij)+hdWl^Vq0+79elP#d-k%NZm*q)4U}n?6)(%dy{pWI-ujecj z%CT}&da`y@lk3Vx0gYB0f~Aa>-4c}q?z)|Q!Tt{7sDQhL2ms4RQ394#A)LTedV#(z zdhB9JcoO_za5$&4V)|#{H$Md(7wdZc(<*0AT(q1{HM=#p`YQGvjg&QsE0eJ`6Wk8b7jGv( z+M;wo<^s4ME&|B5iEZlkd=c&CjU4~!mef;92|EnVWqBr*e~qkQsuaU!=``4yJrRDP z%U~f+C+VfEt(b4C=7Pxgoot#7of0>yfh~{mWqJ+Exa)Xn;tmEJuf0ymMF1x&YpPPe z-gCgj+k%-*SvhaI(erG{%l<#&I#O{O+@E=nzW{ps_p$n+d}PPqka5A}RpJ1UwVXpdhh9iFhbC#d|GXHT?3&(Rm-0}u5XxHI<4oqQ2DV;M^m z4H-X9-TcAy%u-+0z<}daZ<2%OoU)|RL!|^=k?8zgGAB-BgfSu*?l`Xk)(qxf2nT3? z+fBg_TR9`jyUAGgk$Qau9d8t8Wp_M&a_-38wW4aK%8t^KZqYSvz7X5jAxG6|0O86Y zT$@?(tl%j=*mEKJi@fLJ(>!OZAO<4k)NI*^y0o5k6mhGykx%MaJ7H$`M^fgO{=#8r z({A16H9AFCdgW-2riwpzxy9eCDc;0CA;5RYtdii$gTxBS!@u7rs${bFar_wK`i)l< zwQP#LPLgE8=NC`Dd*pYs%+w<(_2&>NGim2xlF_)RDsl*mdQWmCo5sjYJHI^AFjA>_ zXAqn4g{Lz$B9C&vVdg$(JGjV%#>V!v%{+rR$n8m@7C{O#FP->x7DXB}BS$6N?%**T z!r{(Am)U*Se%sJe)@Nv|aoP0?2FaA*DlWo+2sw5jBt;1^$ikKT_%0~N7lrvDIvfT5 zZ1gwG7v*=Vi#5;{1zCp0j-~CRWx2cv11p$&Ro>1!4MK7R85bLYP<6=-s0ZzCB~LlQ z%^C>(%jnW>N(7dzZwbkYf$32S{Y~PM$@XXp^RX8sTYbByzrF-fYwKVTxP>WM$iORS z5kF*CEY9syc;Qa9_q^AspwIQONAhrLlo};QOMb`5|(mTkOatZI>5E$xx(GoEW3f6tcdNdbU zDzy-y;s4RY5=)dmc5vHSlV8QwHd2DVK zHDBCmD&YN|Az}X8`6Ca5PBWJY)_Q9nkKrMW%ax+AhhPEaKzL)={s`nj=R+^L4OZ~M zyhc!)WqG_Z$EJdzqR!e4``oN4FD%@fFLovFTx~4A+^B@)+~x?N^4^(fa^lL5O15uj zL21tqE-k&iJP{IFv)uO#QdR@t2Ic-GRpyLG-6`D1*f9y-U7i_Cy{*wj@H$6@(fy!a z;QQP-ZKz9h;LMIm(DeChUZ3%Xr8PPlq^Ct2$hzNpJEp(1i#qH{)>huV^|f!RgF;uY zEwPBv?8jY$3e!iq3X=uFSE+0lbbntnUi`v3A!^G=MTn1wLQ379@bscrdfw6&i=;QI zyTdlIS@IG5_Up&KCVyX`<|0Bss>Q*sZjpnmSn`b?$Z* zL3wvdhcWx;wLHNk2m^%Ek%nEsHO|(X@%;6~Exm!0b7t{e8^$lXP{!$1=awkcT44Cl zKTbU&3zsarB`Zi^eACMY%ZvDh^YFCp3JPkBzi~PaX#o#vU>o^!Iq#973TX(3`Y&>& zAN4tNT}ae%s@qMN$7f8E*9oW<7 zV|bov#o=!lSFi6XJr8RuM%qb++hJ8lfF_4Gk!Pv@CU^BP9SYyYfX|A!_si`2Fr1qt z&c8ZL0wj&UMlbSOqy+vNApdaAsE`-uf?l9o*+0 z{GN~?sH$q_C2~7>Q-T&gEE7Gc$+A;n+I^&BK+jwxtW znJ5fL^0IH4=hw%aO%e_9$0VB`ekFqmzygua&vNu{vYR{4^6nA+#x&(PmJL;1_r=Xl z%-J!WoVGsOW3HjmW&JcDfug!Ir1gOHLEBae_>c6m(c+G#4$k(CtT%ZiFpT2lXS$X) zYcK3uKa3yBd@%EM+9oQry3sBAjzz|;Lu*#wbE(wBGJ~42Xs879rttNV<;KxfwPymy zY?M<E~Uf!ji+y`E~{POM;?})OP%@xtf%5McJuP4m2u%Eh?wN_Bd@J;W|gd1o- z0h8eCXaD;FAAb%P_pF>Iz9WDl9qimBo3WtX#`Xx=+*4Fob_8r?Ih{BrTqsQD7&l#|N2wP|B53D_ZdGFCn5(=sdf)?F6 z8N$}F=AEpwrR8Bhw_r$8yzrw(VOgO9PC5d7t$ohl`*k5;RaJOOIoT?$fxjR9jY@0o ztDLx|>R6ooA^D8H?M(alt{~Hf+w>dqFZUn^Kx9CSN}%x$$I%?7^RDxSI35SkjZws- zPjflc7DIU|;a0z=p1>XEkn6B(hx|H=we;egR})I@7Q0$0U2-jT!l->>c?Z)*;R4&~ zUFv0a=yLGP*|%C5cM3GE_t`F+0jr%$ zMCi4d^BEFxqikIVWNK?RQXDA#&&f_byfE%L5Sq=v_De7Xk;pmK1(xrOr~0$!Sti;{)y}o2WVJZ*85MLez=MSX)3pbcg1Y4xQ09 zEqfL>=t&Mc37b!bAFMRTd+uz0lJqi+SS`}TyQ-Qzw>_*@^!+cJ?zhUSN9D6~1Jpx& zq$jldc1-M`aiE8$l+=%_B5-A9zgM8k5{)_W1;M8}7-lf#on}!zr}$L;?nZ9{*`>c! zx8nNq3<~v0!fC9Vs=Q>%=WXI!>MMGXhP#01b?whAD%0p2W+*!Yc`|g&WTmB;$T~?O zyJKOPj~E5aQ}AFwW9W0_CChC|kWO0$Q`0?cO6dfU9H6gCJ?}RhGc6bg{z7HSVm45C zt^w3InFKS3Dv-0Y!u$b4x$@C`qUyW4hNmxMJJ^PmwhC{}@H@Y#rwGtP-UiR|E^<$E zlCrt791AFD`T9X>*fIFH`HNnS%{K`5l~3-Oy)>mbw(;^#$?8oWo%TyrKu=!^eG(4< z59T=cS5VdkmaU+EkQ~ANh3q;w+kPA0a#-n5Ix#u~Y`T{L1fV!Go^TW~b8FSJ4Z<-MNw- zZ5}eoGg`NH|EfRMhEwc6W=U*=&fAT2ggMJFLATfAgfG;IblD3t_bEiyWeRLM=a(?N z&Jrm%_3pj!PqhEt1M}OrGvR33ZfMHZ6{wcubQyDKUg>CrM`QKR8t#o*X?o#_5eN`>QCgL zF4>adOjyC)*{L%s_A&L`hOeY#Z}F5uV_x*86Y+?U%wX36K+64JU-I8Du?DJ)S%qL{ zThuJJNQu%N7;8~T@NvgJPak23*|yf78xJ^}+YgnMjR;2x+!qS{W(*7P5@>YI8--t- z^`vOSHo0aY%2GSpYfY!$%nzF{Iqot$tGZD4_rVbVj=+5T0r2{_75GnpSF#Gg`@>$d zpy`EVq(M~R7>t7htM&0z&o_*|CjW5$hij1mS6|4CW6|7wHvG8f2Yr6X#t*&tu_yf44}aK#AGY9!E%;#z{)a6<03@FdKK#O3n9HDo W`EmV68VCYR{ts&XT`3X#Ht-LJ1cvPZ literal 0 HcmV?d00001 diff --git a/labs/submission3.md b/labs/submission3.md index 6d507f3a..d406d25c 100644 --- a/labs/submission3.md +++ b/labs/submission3.md @@ -1,7 +1,36 @@ # Summary: benefits of signing commits + * **Authenticity of authorship:** These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source. * **Integrity of code:** Any tampering after signing is detectable; altered commits fail verification. * **Accountability & non-repudiation:** Authors can’t plausibly deny changes if the key is controlled and policies are enforced. * **Provenance for CI/CD:** Build systems can trust only signed inputs, shrinking the attack surface for supply-chain attacks. * **Policy enforcement:** Branch protections and server hooks can reject unsigned or unverified commits/merges. -* **Compliance support:** Helps meet SSDF/SLSA-style controls around source integrity and traceability. \ No newline at end of file +* **Compliance support:** Helps meet SSDF/SLSA-style controls around source integrity and traceability. + +# Evidence of successful SSH key setup & configuration + +``` +git config --global --get gpg.format # -> ssh +git config --global --get user.signingkey # -> ~/.ssh/id_ed25519.pub +git config --global --get commit.gpgsign # -> true +``` + +# Analysis: Why commit signing is critical in DevSecOps workflows + +1) It defends your first trust boundary. +DevSecOps automates everything—scanners, tests, builds, deploys. That means the source commit is the earliest control point. If you don’t verify commit provenance, a stolen credential or malicious actor can smuggle code that every automated step will happily build and ship. + +2) Tamper-evidence from developer laptop -> production. +Signatures travel with commits. If a repo, cache, or artifact store is compromised, signature checks will fail, stopping the pipeline before bad code becomes a bad release. + +3) Enforceable, machine-checkable policy. +You can make “only signed commits/merges allowed” a hard gate: branch protections, pre-receive hooks, and CI jobs (git verify-commit) can block unsigned or untrusted keys. This converts a human process into a technical control. + +4) Supports compliance & forensics. +Signed history provides non-repudiation and traceability for audits (SSDF, SLSA, ISO 27001). Post-incident, you can rapidly scope which commits are trustworthy. + +5) Fits modern, cloud-native supply chains. +Combine signed commits with signed tags/releases and artifact signing (e.g., container images). Your pipeline asserts integrity end-to-end, from Git to registry to runtime admission. + +# Screenshots or verification of the "Verified" badge on GitHub +![alt text](IMG_3066.jpeg) \ No newline at end of file From ecdb6ac2871c7ec5ae5c2092d5294107cd78b938 Mon Sep 17 00:00:00 2001 From: ph1larmon1a Date: Wed, 24 Sep 2025 17:24:56 +0300 Subject: [PATCH 4/4] docs: add lab3 submission --- labs/submission3.md | 151 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 146 insertions(+), 5 deletions(-) diff --git a/labs/submission3.md b/labs/submission3.md index d406d25c..d12912c5 100644 --- a/labs/submission3.md +++ b/labs/submission3.md @@ -1,4 +1,6 @@ -# Summary: benefits of signing commits +# Task 1 + +## Summary: benefits of signing commits * **Authenticity of authorship:** These tags or commits are marked as verified on GitHub so other people can be confident that the changes come from a trusted source. * **Integrity of code:** Any tampering after signing is detectable; altered commits fail verification. @@ -7,7 +9,7 @@ * **Policy enforcement:** Branch protections and server hooks can reject unsigned or unverified commits/merges. * **Compliance support:** Helps meet SSDF/SLSA-style controls around source integrity and traceability. -# Evidence of successful SSH key setup & configuration +## Evidence of successful SSH key setup & configuration ``` git config --global --get gpg.format # -> ssh @@ -15,7 +17,7 @@ git config --global --get user.signingkey # -> ~/.ssh/id_ed25519.pub git config --global --get commit.gpgsign # -> true ``` -# Analysis: Why commit signing is critical in DevSecOps workflows +## Analysis: Why commit signing is critical in DevSecOps workflows 1) It defends your first trust boundary. DevSecOps automates everything—scanners, tests, builds, deploys. That means the source commit is the earliest control point. If you don’t verify commit provenance, a stolen credential or malicious actor can smuggle code that every automated step will happily build and ship. @@ -32,5 +34,144 @@ Signed history provides non-repudiation and traceability for audits (SSDF, SLSA, 5) Fits modern, cloud-native supply chains. Combine signed commits with signed tags/releases and artifact signing (e.g., container images). Your pipeline asserts integrity end-to-end, from Git to registry to runtime admission. -# Screenshots or verification of the "Verified" badge on GitHub -![alt text](IMG_3066.jpeg) \ No newline at end of file +## Screenshots or verification of the "Verified" badge on GitHub +![alt text](IMG_3066.jpeg) + +# Task 2 + +## Pre-commit hook setup process and configuration +1. **Create `.git/hooks/pre-commit` with the following content:** + + ```bash + #!/usr/bin/env bash + set -euo pipefail + echo "[pre-commit] scanning staged files for secrets…" + + # Collect staged files (added/changed) + mapfile -t STAGED < <(git diff --cached --name-only --diff-filter=ACM) + if [ ${#STAGED[@]} -eq 0 ]; then + echo "[pre-commit] no staged files; skipping scans" + exit 0 + fi + + # Limit to existing regular files only + FILES=() + for f in "${STAGED[@]}"; do + [ -f "$f" ] && FILES+=("$f") + done + if [ ${#FILES[@]} -eq 0 ]; then + echo "[pre-commit] no regular files to scan; skipping" + exit 0 + fi + + # Run TruffleHog in verbose mode + echo "[pre-commit] TruffleHog scan…" + if ! docker run --rm -v "$(pwd):/repo" -w /repo \ + trufflesecurity/trufflehog:latest \ + filesystem --fail --only-verified "${FILES[@]}" + then + echo -e "\n✖ TruffleHog detected potential secrets. See output above for details." >&2 + echo "Fix or unstage the offending files and try again." >&2 + exit 1 + fi + + # Run Gitleaks and capture its output + echo "[pre-commit] Gitleaks scan…" + GITLEAKS_OUTPUT=$(docker run --rm -v "$(pwd):/repo" -w /repo \ + zricethezav/gitleaks:latest \ + detect --source="/repo" --verbose --exit-code=0 --no-banner || true) + + # Display the output + echo "$GITLEAKS_OUTPUT" + + # Check if any non-lectures files have leaks + if echo "$GITLEAKS_OUTPUT" | grep -q "File:" && ! echo "$GITLEAKS_OUTPUT" | grep -q "File:.*lectures/"; then + echo -e "\n✖ Gitleaks detected potential secrets in non-excluded files." >&2 + echo "Fix or unstage the offending files and try again." >&2 + exit 1 + elif echo "$GITLEAKS_OUTPUT" | grep -q "File:.*lectures/"; then + echo -e "\n⚠️ Gitleaks found potential secrets only in excluded directories (lectures/)." >&2 + echo "These findings are ignored based on your configuration." >&2 + fi + + echo "✓ No secrets detected; proceeding with commit." + exit 0 + ``` + +2. **Make Hook Executable:** + + ```bash + chmod +x .git/hooks/pre-commit + ``` +## Evidence of ~~successful~~ fail secret detection blocking commits + +``` +philarmonia@MacBook-Air-Aleksei F25-DevSecOps-Intro % cat demo.txt +API_KEY = "verysecretapikey007" +AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE +AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY% +philarmonia@MacBook-Air-Aleksei F25-DevSecOps-Intro % git commit -S -m "test: add fake secret" +[pre-commit] scanning staged files for secrets… +[pre-commit] TruffleHog scan… +🐷🔑🐷 TruffleHog. Unearth your secrets. 🐷🔑🐷 + +2025-09-24T14:09:29Z info-0 trufflehog running source {"source_manager_worker_id": "FCQOY", "with_units": true} +2025-09-24T14:09:30Z info-0 trufflehog finished scanning {"chunks": 1, "bytes": 133, "verified_secrets": 0, "unverified_secrets": 0, "scan_duration": "757.139459ms", "trufflehog_version": "3.90.8", "verification_caching": {"Hits":0,"Misses":1,"HitsWasted":0,"AttemptsSaved":0,"VerificationTimeSpentMS":754}} +[pre-commit] Gitleaks scan… +2:09PM INF 14 commits scanned. +2:09PM INF scanned ~368868 bytes (368.87 KB) in 220ms +2:09PM WRN leaks found: 1 +Finding: API_KEY = "mysecretapikey123" # anyone with sour... +Secret: mysecretapikey123 +RuleID: generic-api-key +Entropy: 3.690116 +File: lectures/lec1.md +Line: 837 +Commit: 2f235527f079d948d38f9d9e9cd04304c384231d +Author: Dmitrii Creed +Email: creeed22@gmail.com +Date: 2025-08-31T20:12:05Z +Fingerprint: 2f235527f079d948d38f9d9e9cd04304c384231d:lectures/lec1.md:generic-api-key:837 +Link: https://github.com/ph1larmon1a/F25-DevSecOps-Intro/blob/2f235527f079d948d38f9d9e9cd04304c384231d/lectures/lec1.md?plain=1#L837 + +⚠️ Gitleaks found potential secrets only in excluded directories (lectures/). +These findings are ignored based on your configuration. +✓ No secrets detected; proceeding with commit. +[feature/lab3 bf95bc7] test: add fake secret + 1 file changed, 3 insertions(+) + create mode 100644 demo.txt + ``` + +## Analysis: How Automated Secret Scanning Prevents Incidents +* **Stops exfiltration at the earliest point:** Secrets are blocked before they enter Git history (which is durable and replicated). This prevents exposure via forks, clones, CI logs, and cached artifacts. + +* **Shrinks blast radius:** Even if a developer copies credentials by mistake, the hook prevents propagation to remote repos and CI/CD systems where they could be harvested. + +* **Complements server-side & CI controls:** Local pre-commit scanning catches issues offline, while server-side/CI policy (e.g., push/merge checks) gives defense-in-depth. + +* **Verified detection reduces noise:** TruffleHog’s --only-verified mode focuses on high-confidence findings, maintaining developer trust in the control. + +* **Configurable exceptions:** Allow-listing folders like lectures/ prevents false alarms on known benign content (e.g., sample data), keeping the signal strong. + +# Task 3 + +## Setup +- **Path:** `.github/pull_request_template.md` +- **Commit message:** `docs: add PR template` +- Added on **main** so GitHub auto-fills PR descriptions. + +**Template (≤30 lines):** +```markdown +## Goal + + +## Changes + + +## Testing + + +### Checklist +- [ ] PR has a clear and descriptive title +- [ ] Documentation updated if needed +- [ ] No secrets or large temporary files committed \ No newline at end of file