From b9a80b4343be6e58bf7775958bea4b8ff7169732 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Fri, 29 Sep 2023 18:07:48 +0200
Subject: [PATCH 01/16] further tweak image
---
personal/_sass/_layout.scss | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/personal/_sass/_layout.scss b/personal/_sass/_layout.scss
index 90cc579..0054a61 100644
--- a/personal/_sass/_layout.scss
+++ b/personal/_sass/_layout.scss
@@ -199,10 +199,10 @@ body { /* This centers us in the page, and handles the "too wide" case */
margin-left: 0.8em;
margin-bottom: 0.3em;
}
-@media screen and (max-width:550px) {
+@media screen and (max-width:600px) {
.float-right-350 {
- text-align: center;
+ max-width: 300px;
float: none;
- margin: 0;
+ margin: auto;
}
}
--
2.30.2
From bdddd73b66cc754f40b338a9ed56b8db8b7bdf3a Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Wed, 22 Nov 2023 17:47:24 +0100
Subject: [PATCH 02/16] add Grove
---
research/publications.html | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/research/publications.html b/research/publications.html
index 1993fb6..902fb52 100644
--- a/research/publications.html
+++ b/research/publications.html
@@ -7,6 +7,13 @@ slug: Publications
2023
+-
+ Grove: a Separation-Logic Library for Verifying Distributed Systems
+ Upamanyu Sharma, Ralf Jung, Joseph Tassarotti, M. Frans Kaashoek, Nickolai Zeldovich
+ In SOSP 2023
+ [paper] [extended version]
+
+
-
Verifying vMVCC, a high-performance transaction library using multi-version concurrency control
Yun-Sheng Chang, Ralf Jung, Upamanyu Sharma, Joseph Tassarotti, M. Frans Kaashoek, Nickolai Zeldovich
--
2.30.2
From 62f098270581ff12f0f71c8448a9b4a0041ff4f4 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Wed, 22 Nov 2023 17:48:37 +0100
Subject: [PATCH 03/16] link to group website
---
research/index.html | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/research/index.html b/research/index.html
index 6a16288..d335f56 100644
--- a/research/index.html
+++ b/research/index.html
@@ -4,7 +4,8 @@ title: Ralf Jung
-I am assistant professor at ETH Zürich as part of the Institute for Programming Languages and Systems.
+
I am assistant professor at ETH Zürich, leading the Programming Language Foundations Lab.
+We are part of the Institute for Programming Languages and Systems.
Previously, I completed my PhD at MPI-SWS and Saarland University in Saarbrücken, Germany; my advisor was Derek Dreyer.
I also did a post-doc in the PDOS group at MIT CSAIL.
--
2.30.2
From d3547e5fc5186be997e4f09bb4a21d50fb0dcf7f Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Wed, 27 Dec 2023 19:52:50 +0100
Subject: [PATCH 04/16] add Google OSPB post
---
.../_posts/2023-12-27-open-source-peer-bonus.md | 13 +++++++++++++
1 file changed, 13 insertions(+)
create mode 100644 personal/_posts/2023-12-27-open-source-peer-bonus.md
diff --git a/personal/_posts/2023-12-27-open-source-peer-bonus.md b/personal/_posts/2023-12-27-open-source-peer-bonus.md
new file mode 100644
index 0000000..00fd3dd
--- /dev/null
+++ b/personal/_posts/2023-12-27-open-source-peer-bonus.md
@@ -0,0 +1,13 @@
+---
+title: "Google Open Source Peer Bonus"
+categories: rust
+---
+
+We are all used to spam emails, supposedly from Google, that say "You won" and I just need to send all my data to somewhere to receive my lottery payout.
+When I recently received an email about Google's "Open Source Peer Bonus" program, I almost discarded it as yet another version of that kind of spam.
+But it turns out sometimes these emails are real!
+Meanwhile the [official announcement](https://opensource.googleblog.com/2023/12/google-open-source-peer-bonus-program-announces-second-group-of-2023-winners.html) has been released which lists me as a recipient of this bonus as a thank you for my work on Rust.
+So this one time, it wasn't spam after all!
+
+Thanks a lot to Google for this program at the $250 reward; it is great to see open source work honored this way.
+I have donated the amount in full to [noyb](https://noyb.eu/en), who I'm sure will be using it [for good](https://noyb.eu/en/noyb-win-first-major-fine-eu-1-million-using-google-analytics).
--
2.30.2
From aef7fcc9e6b69ee09cc3fede332b7125494723d4 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Sun, 7 Jan 2024 18:00:30 +0100
Subject: [PATCH 05/16] mention the first OSPB as well
---
personal/_posts/2023-12-27-open-source-peer-bonus.md | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/personal/_posts/2023-12-27-open-source-peer-bonus.md b/personal/_posts/2023-12-27-open-source-peer-bonus.md
index 00fd3dd..788c42e 100644
--- a/personal/_posts/2023-12-27-open-source-peer-bonus.md
+++ b/personal/_posts/2023-12-27-open-source-peer-bonus.md
@@ -11,3 +11,10 @@ So this one time, it wasn't spam after all!
Thanks a lot to Google for this program at the $250 reward; it is great to see open source work honored this way.
I have donated the amount in full to [noyb](https://noyb.eu/en), who I'm sure will be using it [for good](https://noyb.eu/en/noyb-win-first-major-fine-eu-1-million-using-google-analytics).
+
+**Update (2024-01-07):**
+In fact, this is already my second Google Open Source Peer Bonus.
+The first was in the [first half of 2023](https://opensource.googleblog.com/2023/05/google-open-source-peer-bonus-program-announces-first-group-of-winners-2023.html).
+Due to issues with the payment process, it took a while for that bonus to be transferred, but I can confirm that it has now arrived in my bank account.
+I will have to find a suitable non-for-profit to donate this to... or it might be noyb again, we will see.
+**/Update**
--
2.30.2
From 3e50252f4490a68c06515616e115a130f8ade901 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Sun, 7 Jan 2024 18:01:24 +0100
Subject: [PATCH 06/16] dont show the full post on the overview page
---
personal/_posts/2023-12-27-open-source-peer-bonus.md | 2 ++
1 file changed, 2 insertions(+)
diff --git a/personal/_posts/2023-12-27-open-source-peer-bonus.md b/personal/_posts/2023-12-27-open-source-peer-bonus.md
index 788c42e..6214be7 100644
--- a/personal/_posts/2023-12-27-open-source-peer-bonus.md
+++ b/personal/_posts/2023-12-27-open-source-peer-bonus.md
@@ -9,6 +9,8 @@ But it turns out sometimes these emails are real!
Meanwhile the [official announcement](https://opensource.googleblog.com/2023/12/google-open-source-peer-bonus-program-announces-second-group-of-2023-winners.html) has been released which lists me as a recipient of this bonus as a thank you for my work on Rust.
So this one time, it wasn't spam after all!
+
+
Thanks a lot to Google for this program at the $250 reward; it is great to see open source work honored this way.
I have donated the amount in full to [noyb](https://noyb.eu/en), who I'm sure will be using it [for good](https://noyb.eu/en/noyb-win-first-major-fine-eu-1-million-using-google-analytics).
--
2.30.2
From 97ca6b88a6d9e86dd2ccc78cb512036af8c7c112 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Mon, 11 Mar 2024 08:19:47 +0100
Subject: [PATCH 07/16] contact: use my ETH email address
---
research/contact.html | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/research/contact.html b/research/contact.html
index f825928..d43ad95 100644
--- a/research/contact.html
+++ b/research/contact.html
@@ -3,7 +3,7 @@ title: Contact
sort: 2
---
-Email: research AT ralfj DOT de
+Email: ralf DOT jung AT inf DOT ethz DOT ch
Phone: +41 44 632 5598
--
2.30.2
From b9e09bc6c289a4fb5cdcf71d5cb46e0bf4cc9484 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Thu, 21 Mar 2024 19:53:05 +0100
Subject: [PATCH 08/16] update website
---
research/index.html | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/research/index.html b/research/index.html
index d335f56..bd7b174 100644
--- a/research/index.html
+++ b/research/index.html
@@ -17,10 +17,13 @@ Please explain why you are interested in a PhD in this field and what your prior
Note that doing a PhD at ETH Zürich generally requires a Master's degree, but there is a direct doctorate program that you can enter with a Bachelor's degree (application deadline December 15th).
-->
My two main lines of work are about Rust and Iris.
-On the Rust side, I am working (also in collaboration with the Rust language team) towards a solid formal foundation for the language, including in particular the unsafe parts.
-One key result here is our type safety proof, which also describes a methodology for establishing type safety of well-encapsulated unsafe code.
-My goal is to make unsafe Rust just as safe as safe Rust by means of formal verification.
-On the Iris side, besides continuing development of its logical foundations, I am interested in applying Iris to new problem domains; recently I started working on modular verification of fault-tolerant distributed system components.
+On the Rust side, me and my group are working (also in collaboration with the Rust language team) towards a solid formal foundation for the language, including in particular the unsafe parts.
+As part of this we are developing Miri, a practical tool for detecting Undefined Behavior bugs in unsafe Rust code, which has become a part of the standard toolbox of unsafe code authors.
+Meanwhile, MiniRust is our work-in-progress proposal for a precise specification of unsafe Rust, that I hope to integrate into an official Rust specification eventually.
+My long-term goal is to make unsafe Rust just as safe as safe Rust by means of formal verification based on rigorous foundations for all key components of the language.
+On the Iris side, I am continuing development of its logical foundations.
+We are making Iris fit for specifying and verifying programming languages at scale using a more modular approach.
+The long-term goal is for Iris to be able to handle the full scale of complexities that arise when doing foundational verification of real languages.
For some more information, check out my research blog, my CV, and my research statement.
In my free time, I like to run internet services myself and work on free software.
--
2.30.2
From 5a209269bef4653c72996235995eb0742a886f1a Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Sun, 14 Apr 2024 13:09:18 +0200
Subject: [PATCH 09/16] projects: sort alphabetically
---
personal/_config.yml | 8 ++++----
personal/projects/index.md | 10 +++++-----
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/personal/_config.yml b/personal/_config.yml
index d63d639..f2c5c2a 100644
--- a/personal/_config.yml
+++ b/personal/_config.yml
@@ -12,13 +12,13 @@ readmes:
src_base: "/home/r/src"
out_base: "projects"
projects:
- - name: "lilass"
- name: "dyn-nsupdate"
- - name: "zonemaker"
- - name: "schsh"
+ - name: "git-mirror"
+ - name: "lilass"
- name: "rust-101"
src: "rust/rust-101"
- - name: "git-mirror"
+ - name: "schsh"
+ - name: "zonemaker"
defaults:
- scope:
diff --git a/personal/projects/index.md b/personal/projects/index.md
index c5d3f4a..988c471 100644
--- a/personal/projects/index.md
+++ b/personal/projects/index.md
@@ -7,17 +7,17 @@ To solve some issue I was having, or to facilitate my daily computer usage.
The tools were usually not written with general re-usability in mind.
But maybe you are having just the same problem as I did, in which case I hope they can be helpful.
+* [dyn-nsupdate](dyn-nsupdate/): A tool to dynamically and securely update DNS zones via CGI.
+ This provides self-hosted DynDNS services.
+* [git-mirror](git-mirror/): This can keep multiple git repositories of the same project in sync automatically.
* [LiLaSS](lilass/): A simple xrandr-based application to configure laptop screens on Linux. If you are using a
Laptop, frequently work both with and without an external screen, and you are not happy with
the configuration options your desktop provides, this may be for you.
-* [dyn-nsupdate](dyn-nsupdate/): A tool to dynamically and securely update DNS zones via CGI.
- This provides self-hosted DynDNS services.
-* [zonemaker](zonemaker/): A small script to generate DNS zone files from Python.
+* [Rust-101](rust-101/): A small tutorial for the [Rust language](https://www.rust-lang.org).
* [schsh](schsh/): A collection of scripts and configuration files which can be used to grant
someone secure (SSH-based) access to a machine, without giving them a shell or read access
to the entire file system.
-* [Rust-101](rust-101/): A small tutorial for the [Rust language](https://www.rust-lang.org).
-* [git-mirror](git-mirror/): This can keep multiple git repositories of the same project in sync automatically.
+* [zonemaker](zonemaker/): A small script to generate DNS zone files from Python.
For some more of my projects, check out the [public git repositories](https://www.ralfj.de/git/)
hosted on my server and my [GitHub profile](https://github.com/RalfJung/).
--
2.30.2
From 43307ef533738f9b108a6daa91541692f396a725 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Sun, 14 Apr 2024 16:53:11 +0200
Subject: [PATCH 10/16] add bubblebox and blog about it
---
personal/_config.yml | 1 +
personal/_posts/2024-04-14-bubblebox.md | 68 +++++++++++++++++++++++++
personal/projects/index.md | 13 ++---
3 files changed, 76 insertions(+), 6 deletions(-)
create mode 100644 personal/_posts/2024-04-14-bubblebox.md
diff --git a/personal/_config.yml b/personal/_config.yml
index f2c5c2a..959b104 100644
--- a/personal/_config.yml
+++ b/personal/_config.yml
@@ -12,6 +12,7 @@ readmes:
src_base: "/home/r/src"
out_base: "projects"
projects:
+ - name: "bubblebox"
- name: "dyn-nsupdate"
- name: "git-mirror"
- name: "lilass"
diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md
new file mode 100644
index 0000000..85dc684
--- /dev/null
+++ b/personal/_posts/2024-04-14-bubblebox.md
@@ -0,0 +1,68 @@
+---
+title: "Sandboxing All The Things with Flatpak and BubbleBox"
+categories: sysadmin
+---
+
+A few years ago, I have [blogged]({% post_url 2019-03-09-firejail %}) about my approach to sandboxing less-trusted applications that I have to or want to run on my main machine.
+The approach has changed since then, so it is time for an update.
+
+
+
+Over time I grew increasingly frustrated with Firejail: configurations would frequently break on updates,
+and debugging Firejail profiles is extremely hard. When considering all the included files, we are talking
+about many hundred lines of configuration with a subtle interplay of allowlists and blocklists.
+Even when I knew which folder I wanted to give access to, it was often non-trivial to ensure that
+this access would actually be possible.
+
+Now I am instead using a combination of two different approaches: Flatpak and BubbleBox.
+
+## Flatpak
+
+The easiest sandbox to maintain is the sandbox maintained by someone else.
+So when a Flatpak exists for software I want to or have to use, such as Signal or Zoom, that is generally my preferred approach.
+
+Unfortunately, Flatpaks can come with extremely liberal default profiles that make the sandbox mostly pointless.
+The following global overrides help ensure that this does not happen:
+```
+[Context]
+sockets=!gpg-agent;!pcsc;!ssh-auth;!system-bus;!session-bus
+filesystems=~/.XCompose:ro;xdg-config/fontconfig:ro;!~/.gnupg;!~/.ssh;!xdg-documents;!home;!host
+
+[Session Bus Policy]
+org.freedesktop.Flatpak=none
+org.freedesktop.secrets=none
+```
+
+## BubbleBox
+
+However, not all software exists as Flatpak.
+Also, sometimes I want software to run basically on my host system (i.e., to use the regular `/usr`), just without access to literally *everything* in my home directory.
+Examples of this are Factorio and VSCodium.
+The latter doesn't work in Flatpak as I want to use it with LaTeX, and realistically this means it needs to run the LaTeX on my host.
+The official recommendation is to effectively disable the Flatpak sandbox, but that entirely defeats the point, so I went looking for alternatives.
+
+[bubblewrap] provides a very convenient solution: it can start an application in its own private filesystem namespace with full control over which part of the host file system is accessible from inside the sandbox.
+I wrote a small wrapper around bubblewrap to make this configuration a bit more convenient to write and manage;
+this project is called [BubbleBox].
+This week-end I finally got around to adding support for [xdg-dbus-proxy] so that sandboxed applications can now access particular D-Bus functions without having access to the entire bus (which is in general not safe to expose to a sandboxed application).
+That means it's finally time to blog about this project, so here we go -- if you are interested, check out [BubbleBox];
+the project page explains how you can use it to set up your own sandboxing.
+One day I should probably rewrite this in Rust...
+
+I should also note that this is not the only bubblewrap-based sandboxing solution.
+[bubblejail] is fairly similar but provides a configuration GUI and a good set of default provides;
+it was a very useful resource when figuring out the right bubblewrap flags to make complex GUI applications work properly.
+(Incidentally, "bubblejail" is also how I called my own script originally, but then I realized that the name is already taken.)
+Joachim Breitner also recently [blogged](https://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment) about his own bubblewrap-based sandboxing script.
+There are many ways to do this, and it was fun to figure out my own solution.
+
+Using bubblewrap and xdg-dbus-proxy for this was an absolute joy.
+Both of these components came out of the Flatpak project, but the authors realized that they could be independently useful,
+so in best Unix tradition they turned them into tools that provide all the required mechanism without hard-coding any sort of policy.
+Despite doing highly non-trivial tasks, they are both pretty easy to use and compose and very well-documented.
+Thanks a lot to everyone involved!
+
+[bubblewrap]: https://github.com/containers/bubblewrap
+[BubbleBox]: {{ site.baseurl }}/projects/bubblebox
+[xdg-dbus-proxy]: https://github.com/flatpak/xdg-dbus-proxy
+[bubblejail]: https://github.com/igo95862/bubblejail
diff --git a/personal/projects/index.md b/personal/projects/index.md
index 988c471..f872845 100644
--- a/personal/projects/index.md
+++ b/personal/projects/index.md
@@ -7,17 +7,18 @@ To solve some issue I was having, or to facilitate my daily computer usage.
The tools were usually not written with general re-usability in mind.
But maybe you are having just the same problem as I did, in which case I hope they can be helpful.
-* [dyn-nsupdate](dyn-nsupdate/): A tool to dynamically and securely update DNS zones via CGI.
+* [BubbleBox](bubblebox): A simple script to sandbox Linux applications.
+* [dyn-nsupdate](dyn-nsupdate): A tool to dynamically and securely update DNS zones via CGI.
This provides self-hosted DynDNS services.
-* [git-mirror](git-mirror/): This can keep multiple git repositories of the same project in sync automatically.
-* [LiLaSS](lilass/): A simple xrandr-based application to configure laptop screens on Linux. If you are using a
+* [git-mirror](git-mirror): This can keep multiple git repositories of the same project in sync automatically.
+* [LiLaSS](lilass): A simple xrandr-based application to configure laptop screens on Linux. If you are using a
Laptop, frequently work both with and without an external screen, and you are not happy with
the configuration options your desktop provides, this may be for you.
-* [Rust-101](rust-101/): A small tutorial for the [Rust language](https://www.rust-lang.org).
-* [schsh](schsh/): A collection of scripts and configuration files which can be used to grant
+* [Rust-101](rust-101): A small tutorial for the [Rust language](https://www.rust-lang.org).
+* [schsh](schsh): A collection of scripts and configuration files which can be used to grant
someone secure (SSH-based) access to a machine, without giving them a shell or read access
to the entire file system.
-* [zonemaker](zonemaker/): A small script to generate DNS zone files from Python.
+* [zonemaker](zonemaker): A small script to generate DNS zone files from Python.
For some more of my projects, check out the [public git repositories](https://www.ralfj.de/git/)
hosted on my server and my [GitHub profile](https://github.com/RalfJung/).
--
2.30.2
From e6148fff016bf85c5e4b559a4d69f2deaac0e7ed Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Sun, 14 Apr 2024 17:01:25 +0200
Subject: [PATCH 11/16] mention cargo-script
---
personal/_posts/2024-04-14-bubblebox.md | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md
index 85dc684..cc8aa88 100644
--- a/personal/_posts/2024-04-14-bubblebox.md
+++ b/personal/_posts/2024-04-14-bubblebox.md
@@ -38,7 +38,7 @@ org.freedesktop.secrets=none
However, not all software exists as Flatpak.
Also, sometimes I want software to run basically on my host system (i.e., to use the regular `/usr`), just without access to literally *everything* in my home directory.
Examples of this are Factorio and VSCodium.
-The latter doesn't work in Flatpak as I want to use it with LaTeX, and realistically this means it needs to run the LaTeX on my host.
+The latter doesn't work in Flatpak as I want to use it with LaTeX, and realistically this means it needs to run the LaTeX installed via `apt`.
The official recommendation is to effectively disable the Flatpak sandbox, but that entirely defeats the point, so I went looking for alternatives.
[bubblewrap] provides a very convenient solution: it can start an application in its own private filesystem namespace with full control over which part of the host file system is accessible from inside the sandbox.
@@ -46,8 +46,9 @@ I wrote a small wrapper around bubblewrap to make this configuration a bit more
this project is called [BubbleBox].
This week-end I finally got around to adding support for [xdg-dbus-proxy] so that sandboxed applications can now access particular D-Bus functions without having access to the entire bus (which is in general not safe to expose to a sandboxed application).
That means it's finally time to blog about this project, so here we go -- if you are interested, check out [BubbleBox];
-the project page explains how you can use it to set up your own sandboxing.
-One day I should probably rewrite this in Rust...
+the project page explains how you can use it to set up your own sandboxing.[^1]
+
+[^1]: One day I should probably rewrite this in Rust... maybe this will be my test project for when [cargo-script](https://rust-lang.github.io/rfcs/3424-cargo-script.html) becomes available.
I should also note that this is not the only bubblewrap-based sandboxing solution.
[bubblejail] is fairly similar but provides a configuration GUI and a good set of default provides;
--
2.30.2
From fabd70c35d0fa85dc1efc714678f67618bd269ba Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Mon, 15 Apr 2024 14:42:38 +0200
Subject: [PATCH 12/16] link to flatseal
---
personal/_posts/2024-04-14-bubblebox.md | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md
index cc8aa88..6a90b06 100644
--- a/personal/_posts/2024-04-14-bubblebox.md
+++ b/personal/_posts/2024-04-14-bubblebox.md
@@ -33,6 +33,10 @@ org.freedesktop.Flatpak=none
org.freedesktop.secrets=none
```
+[Flatseal] is an amazing application that helps to check which permissions applications get, and change them if necessary.
+
+[Flatseal]: https://flathub.org/apps/com.github.tchx84.Flatseal
+
## BubbleBox
However, not all software exists as Flatpak.
--
2.30.2
From b3391a7aa88717959dddfef6178de815b09ffa90 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Mon, 15 Apr 2024 14:43:15 +0200
Subject: [PATCH 13/16] wording
---
personal/_posts/2024-04-14-bubblebox.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md
index 6a90b06..cd8f050 100644
--- a/personal/_posts/2024-04-14-bubblebox.md
+++ b/personal/_posts/2024-04-14-bubblebox.md
@@ -33,7 +33,7 @@ org.freedesktop.Flatpak=none
org.freedesktop.secrets=none
```
-[Flatseal] is an amazing application that helps to check which permissions applications get, and change them if necessary.
+I also use [Flatseal], an amazing application that helps to check which permissions applications get, and change them if necessary.
[Flatseal]: https://flathub.org/apps/com.github.tchx84.Flatseal
--
2.30.2
From 75454324a78c1fb97500bee0e53adfc613f0fbb3 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Mon, 15 Apr 2024 16:18:26 +0200
Subject: [PATCH 14/16] link to sloonz's script
---
personal/_posts/2024-04-14-bubblebox.md | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/personal/_posts/2024-04-14-bubblebox.md b/personal/_posts/2024-04-14-bubblebox.md
index cd8f050..56a23a6 100644
--- a/personal/_posts/2024-04-14-bubblebox.md
+++ b/personal/_posts/2024-04-14-bubblebox.md
@@ -59,7 +59,9 @@ I should also note that this is not the only bubblewrap-based sandboxing solutio
it was a very useful resource when figuring out the right bubblewrap flags to make complex GUI applications work properly.
(Incidentally, "bubblejail" is also how I called my own script originally, but then I realized that the name is already taken.)
Joachim Breitner also recently [blogged](https://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment) about his own bubblewrap-based sandboxing script.
-There are many ways to do this, and it was fun to figure out my own solution.
+sloonz has a similar [script](https://gist.github.com/sloonz/4b7f5f575a96b6fe338534dbc2480a5d) as well, with a nice yaml-based configuration format and [great explanations](https://sloonz.github.io/posts/sandboxing-1/) for what all the flags exactly do.
+Had their script existed when I started what eventually became BubbleBox, I would have used it as a starting point.
+But it was also fun to figure out my own solution.
Using bubblewrap and xdg-dbus-proxy for this was an absolute joy.
Both of these components came out of the Flatpak project, but the authors realized that they could be independently useful,
--
2.30.2
From ae834f8d77aeb11c5e502e02e1706bd128aade37 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Wed, 22 May 2024 17:05:59 +0200
Subject: [PATCH 15/16] Tree Borrows post: fix link
---
personal/_posts/2023-06-02-tree-borrows.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/personal/_posts/2023-06-02-tree-borrows.md b/personal/_posts/2023-06-02-tree-borrows.md
index 8c82a20..4905aa3 100644
--- a/personal/_posts/2023-06-02-tree-borrows.md
+++ b/personal/_posts/2023-06-02-tree-borrows.md
@@ -7,7 +7,7 @@ reddit: /rust/comments/13y8a9b/from_stacks_to_trees_a_new_aliasing_model_for_rus
Since last fall, [Neven](https://perso.crans.org/vanille/) has been doing an internship to develop a new aliasing model for Rust: Tree Borrows.
Hang on a second, I hear you say -- doesn't Rust already have an aliasing model?
Isn't there this "Stacked Borrows" that Ralf keeps talking about?
-Indeed there is, but Stacked Borrows is just one proposal for a possible aliasing model -- and it [has its problems](https://github.com/rust-lang/unsafe-code-guidelines/issues?q=is%3Aopen+is%3Aissue+label%3AA-stacked-borrows).
+Indeed there is, but Stacked Borrows is just one proposal for a possible aliasing model -- and it [has](https://github.com/rust-lang/unsafe-code-guidelines/issues/133) [its](https://github.com/rust-lang/unsafe-code-guidelines/issues/134) [fair](https://github.com/rust-lang/unsafe-code-guidelines/issues/256) [share](https://github.com/rust-lang/unsafe-code-guidelines/issues/274) [of](https://github.com/rust-lang/unsafe-code-guidelines/issues/276) [problems](https://github.com/rust-lang/unsafe-code-guidelines/issues/303).
The purpose of Tree Borrows is to take the lessons learned from Stacked Borrows to build a new model with fewer issues, and to take some different design decisions such that we get an idea of some of the trade-offs and fine-tuning we might do with these models before deciding on the official model for Rust.
Neven has written a detailed introduction to Tree Borrows [on his blog](https://perso.crans.org/vanille/treebor/), which you should go read first.
--
2.30.2
From 8eb61b7ae19357e45d916f5e12e8dcca01b4bae8 Mon Sep 17 00:00:00 2001
From: Ralf Jung
Date: Wed, 29 May 2024 23:09:44 +0200
Subject: [PATCH 16/16] update CV, remove old research statement
---
research/cv.pdf | Bin 79713 -> 71044 bytes
research/index.html | 2 +-
research/research-statement.pdf | Bin 93121 -> 0 bytes
3 files changed, 1 insertion(+), 1 deletion(-)
delete mode 100644 research/research-statement.pdf
diff --git a/research/cv.pdf b/research/cv.pdf
index 1030d4cf785be70aedf088291073c1fe268c0e8a..b1c619b3dfb17213493b3fbc1bb30864636a1206 100644
GIT binary patch
literal 71044
zcma&LLy$0luC3d)ZQHhO+qP}~ZQHhO+qP}n-FH8n(SB9$WRwh2nWXAl$s$z{5u;_K
zV}&A}UmjV9Vq_#>Ah0*Gg5u$UqL(qXGk38dVB}Lc$fL_eT(8W~5
z)Y#s{6pD`z%Gt%q)X)~nV{=4f%V~=Z!FNvmyk=QuIB}m>Ue!m{Y79%-)_n6BkdP1(
zR?%xSrSn$^A?Rq0PBzwW@IJ#Dklf2eGtsu6d8$QwX0Mo?oX%JdIpIbQnI|7%R7xL9r6BPQxd^qNneVOEbxWF4LE8dat)tn
zudYgKvC?Rh$0i218M;OHnnZ;E_a_+rBe5)N?elJgxGpb!+A^ahltc|Ol=yHXBFa+_
zCHc&L**E~=H*haOMd9G*2X!Bm;|BT7h?@YA$Nq*;TgJT8?28cDwBUctCo>^c3cUy8zON)I`wPwiih@V<9uDQK(NLiZ$#;E%b$SJ(e4VbV?&m@WAHUQf@VZ?&Z6NO3qORD-(yfSZpvbIu_5vRo(T=Hxd
zPo8J3A+@rcY}924zJ3{}HK~}kmK$oY)pro%@*-iO(ZcymRoci1mD}~DdW^9h^)X4W
zrnPwl6>pwr&H5!2w_D2H%av5LAngscz@h*!SRB)M%V(_vF>!@w#oiOk`sLLv%Q>}2
z%>F!0Lz_~?2tJZOFe7
zE%ciJ+Y1oc*@aY_gT!hav1VXcEb$-lS{pAvNoBR%7B=C7B3UDuZNb&<4s*XHDFa!A
zpKCAYn*L!)Z*GLq)-u_u=%i*wBOw`Q1TJ`jAyVY}jSrjVcPq!FwP3|+%WIwaBImF-
z0`3@@-Madm{v-?$a6l#2wjm@upUVTmW0)N#<*CM-tm;))2hJCu0*qKbD{N@TL3PSfCf!2Xzz6y09LfDPg&^AY
zVkPwlJ91!qE56qsE@HpGOl<3(b+6iw2#&SW8kN2oP|qfW^0lb!m48DxRELKBSlPaN
zQquibd`g`2xHf{W#oZm9fD!T`KI;BgerWD%Y<{j0M-!3}rN$^~`Or^cm)!XkX|-Tg
z1uvU8q7VBk(EO;Dt!pM}H3HIInI%*c1{;k8lUfS=taCoB-(v|A-MaWbOBu#Dt1Q27
zL-?!!Vvimo{PAmkgwGaaLqsX%jK+Yn3YMrGphO$W#^L;jcahm(U^1{#6=J*o
ziKVJzNk~q21Zn^Uiy^ti;u>yiNh4i4BVrY@4fY4!^$Wu?uGd02qEqyynysDb57F1c
ziU=ZYtfG(E6rtMCji1Aa%h~)^l1y<+yjLIpwyf(cNIBwH@N#)Pb{f(c;@D@#q7|{s
zko(PJF0k%0NRo1_si9|RFtCcaIV{HX+?~SFsuGK~OYnRyZD|uWFesBffQY+5?}X&f
zIbpcb7mg^tNbbMA*h2X3*kJ#{B;W|RXADRAw{&@%HPMpptvE&WJVP8WNn};`Kurun
zfy0P1PS(Rh=MfPtUFs^>J-mc|gP^I>rF&U&NFQRng)2Gc!`fY|G{~FbAq2S#Mlomp
zZ^d`!2;()Md4EV&UI?*a9EY(8%o}<|Ri24G*LVu*gIX1%)BeC6cD5iy56HIsQ9GJ5#n1yVNO-k+l;=uI}|y
z8OzLEFYiINr0&IT7@#fS9$bUdg2gvC5#uFmcHYh!Y(3lQbbfVmicZ#To{)c6NE{2J
zV;a+Ur|eizPlF5?(0VMKVcqd864z3aUw}Xz8d*CQq?QYKq;T+Nv%5#XFq^VN6%HZ2UKM6l1`Nhx%lgf>o=WZ4d6&t-neIv-l>nY{M$x(;&|m19m=O8
z*H(VazV@Re6v^x9jPq=bC5c-pMC?1?_9W-rc-iFLe>?+GCmN#6`rq~i;(OSiy0&7Q
z)>e^DQ%n%wo-&A*{@EhZ#DX~kD*wXuX|GdqI_VPO4mhXP^D=G{qGM?X
z$VIb`B~B3b^(MXmM8nD?+0{P??_K%5`7vQsgBdvd!KEL~9PZ4yJF)}>o`EA`(WC}5
zJQgnF4?CU{@?+3E4(tt;MJFoF&jIAyu!s?2(1}rE9UemC|1`bJ(glK5q=``|QAY=&
z_q#BNHG~C;)G-vH{+P175@O6&A;N@lAhQgG=-qToM`(4Ebo4q1uX;#pmi+aQ2aS(u
zR{YW3yu`7hkNUY7?4^gzOAjh!{rUbIB-}`mLHH3u!Ry{1(?cO+BAjW`IA6iH!^g)j
zdm{h2yOQXft)%yv(R)F?k_((tjZqi*E6Q36vN37B-!;_9tY5Fn$Ns$8Uo}Sv`eZf6
z)~Y?`#EC)H@2sRF4hT9`5)X|TGsf_&z_;!@D-y{d0zD~ADbIeaKHb)A86yjv(HxaB
zymG=wjr1zdWc)Y4ndF_$RDnd5$yuBguKS23R*w
zzsOeh&pFA{IeVh~$3p^Un+!}5l~no&FQEYJApSuew2GEfZch?_(z8ivMtUA{9=90QMP&UK_046Fo@Ch0^Svx+Fkfb7vH15Cdp30%`!%Q(J>>2sBXj*^q0C~XwetKxOAbOuo9Vob}2%c~^)
zvsJ_o3%KHZ_dM0@w(bP3ep{F9;=4K4DoX*Z#<&h4-kRLadOpD5=G
z;%6YZpbJ%lJM7;8L(h7TRRloj7=hBModjWQ$M0OG8L=cpDaRe|h;$)KF~#cX;<4#i
z*Tn+3z3?jRQSGhmrBcid@%b0IVXNdrP(p1;);E1kEm&m?3Av+|pBP1^A?5F84Mx7-
z6IlU#iI#zMNY1dFu18a65eeiE^*W~5g`+F#&jiL{1nO%yosHEk39RHu)fA4qOlaTY
zN~Q`F@X=VPm$T9Bwp+a`Ix1)6?Qp2u3jj8BNneWrYD==;Vt8v)EH+}U^)Q3o#Y$2?
z*oGBJ(@-N4E$N?rP4D`Efs(?s?$G3SLZSP=+mn^61jauJ^Cjt{$8Mu4D0{Zq8eUL*
zsd*UXi5%1cY-M<6Q|XWZgqsAIPb^6^FG(t*k(#xgr<9F4AAv~zT4no((~?5ZCVL5B
za$bfTdj#G9Jh(plbYd75wAA-o%qf4Xgag>twC&W99dA9sSoMRmq{MPFA&Z*fd-jNwsb5_e$6vu#VOY5j*TH*t2@Z_)&
z)`K=d&l8_PDom2oAQkgusFDcldf+I2wTjbXnvYrrVhYtGC#2DZx6B^Xl=
zir&JF=I^&TEP0X3aY`4h&f&P=Uw;HJE!g*-W$+~E<+a7PTOl4y%5(|M?PqxK$H}SL
z6FJ`i0{ZBR5rps?GNjR;5U3%wCGN=J8C}o?Jl(xVWStsoKRYLo2Hbc<7qG^Hkm`)Bud)0u)+T^t=8*QpPCDSKjPtKR
z)SiT%3#T)$gQU;O!Ac_bj7$xrG+>Y=?Ca=z=s*$vUIIgWW!)vxKE7H0>4Zo@y#V==jen>jq);Ae44+UjfTsGoTs
zT~s@Zl5_`K@qW7ssS~tgCDPt3gq_LTsSktbV>r%;l~9z))VKmaKwRDz!-rda*BI!S
z|0WSL$A6QEiII`{e@mhijSZ(QE+pSK^>Qn{Vk&4NfLc%IIVEMLqzPriZGcX6D@iM1Kw9#VloX`PNCELljwVb_&I@m#*4PfEw?hV{z7
zv@drngcWCzXy9ZLdC~oh3-62&@Mtz6&*@cM~JR>NYAfhMrlnh6wW^%{8J67&hO||cPbZt
zQuy$k%dDRmUEB7lRsu9e))8licPEDyZXe4T#a@p;W=Qi7Gfp*p#E7Xx<`KVH@1jH#kL8@vI?|pczf!}LqZAG}wgDquU$>K9@6XLT^mehOXHzE&+dto}
zIm0!fR`;HVz~Ya0BYHToYCHb91_8HbMnkb>r{>T(CHaE3x@w4XQY|H7@#xtr!47--
z9{Z--n_@&Adan661iomRM%v@>*MyC{-7w)-Cx>P~1tAY4@H2tBF={$O;52@ml)V|)x;d?VWYfS4)$4gkx?Q31*3tbtnzv#In
zKbR1-R`sZoL}Vc4c;?)!FS070qlt$zCQ^aFQDYySAw9;R6q7CYu^N=H*T&(Ki^FY5ux8;_>&n6QEAAjF~Cdf^#JrqSL~=@9U&5cpLI9=XDX*
zF-L{dRYRiCV5zYjF;q)4oPS3Rq&QJF?VcxK5
z0b6wTBm(3m1ZFS(F8Y<`@dZ9qFHAbkJtu!v01m-sNs;55P-2I8k2afDX=ITJ0Fue-
zQ1Ycggn+m91A?8g_8bc^O6PP&JqP8lyc67pTYT=mZDYbt`|F}Bgw?JI;0hz0{GG60
zg2dSS&T4m1=HIK}e=A7>v{Iuvq2KBtpI(gAZeB|!>{ayy!h6pTm#=GwiUD3NI9Ax-
zU2+(s1n&~pUi>$Q3qbFCjkuE#taNpujE!VztqW{V1BSYG-}9tzzFUz!dWZ@I1v5p9
z1ak2FW!#&NFzqitf&S67x<prP}E@
z);ZpF6yA}LNN;-AO|4^ws%%wa#!*J&CFU)k3;1bSyp=l28@z+92j;1$)U=jy-bD5v
z8(s55B@QJRg4Oki;OHe)l(erx#h#!*6+>K}EVTC{R#Pe_0r8W{U?s(=<~VqCA}GLe
zR2LaG%N(qsDvIlOa>C5{9^h%mt(+gEv(i$-3u$6cq|&HuIz;P>!oFsEDGcfOLzds$
zlF4P_L*=i#W27NoV}r3;-v@F~2Sjk5wy&Nb$*!L;VxHtbGs5E$Tog?Kf+DcZG)ty%
zz+i|V-)I3$Ou_O90_$9X3VWlKnns%Dyo@0-jd-)tVAu)K*`@-Ybu=}nxWW^bRl2lmn2o<
zkbu|v*;!evV+HtBM-7$?O4c7Y5Z+=>U{0m7IuUbisEO)-eM4t*>ZEj$1yV`&GJuc1x(rK%SbyN#9vGGXEl60|
z|67o-GBNx=dW7Kr{~O+-G8MbTfU@&O-EBj1_?{C=8jfZb%%W_GmMps2UJ=F4`Xv=e=^t)QfZ=VzZ6$9Ys6
zBIj-MUlK|XdY^QHvkZm59F!|9C~-9ZLZBoKh$v-RdIV4L?40x4>)~Nr&kAwim)KXk
zRrFH=bJ>v|b_efe3$w7n#a}3OCU9;7jW*jBxXuO5uI3w+q=;Y&K
zLNT3T9}PJ_pe=EsxBuQNHkSX|D@FoFHb$oZ@m!b)7#Wy2*#4(vCSdrVlz@?uk%94l
z>BiK!nrh_CB+}ABLf*DIx~GA-yF<^8ZXmb-59~nR{wM4Pg1Wl8&K`Zu&1Scq&wev9
z@b8|wbya(;RBJBnppZmS!3dGHiSyfO#}fiW5;D*U>0
zexU#{I)1y(e9MAEFd+m!eve?9TU(j{gK+i;f48tz0|Ww!I1vo23}HdSDJZNYC!_(&
zNsm_mkOUCscjvM4&rM8h4PoM27{G#X0$2c)wY>vg_|X82wc{g3^h-DydW|7D0bl^(
z+ysoH-fRWx8Ru{5(RusfEbNUB_V0h;>m2~nH?aRR&3oShx*h;in>*uMbbrUr>WiI_
z+k5K`BFlY`JH4pSP;8{GH!}D-)aRH)U(!a0j-Y)i;i%fz|D^s<_Yh
zj^R#ETo^hYxE~S1?VCCc5y8Odz`)%0{4@6pcY1dB&>l+;4vnD6pD7=F9e4)jMz%T-
z4(>l)>;A51d9Fae$}gdAZmYHacdb9%m;4+W99#f3vY7n!^}S~-Za#CiW`Ljl&ujS-
zfikv$G}C|eSsWWbU2~Wgf9}EMf0>w>?nt3ztpwKU0g&_0z)9UTN8VBZFaGkTqkp^!
zf9NE?`iSrTqPu???SGXE{#?U@xafWI81&~Fd#f_ZRGp!Xsps`;&fdeIA(%eYAMc2MWOF2C#e@|V
zqi*%@mivlO_FCLkTwA=!U+qiAH!{D+4(VYG4Ye8ia}It$nCcrH0Xg=Noto-BzR@>+
zLk&O9v}WfQc7b5#J?S$tPVNT(ZobZ>-t-NI1x8!R{AVH~iwMV$eY<~$?$fr`Cw6~z
zSNi0?y$Ak!f4%1e1sLYvhYquA81wo}m8=?#QQc1a)63=L(V?FO0(1>)tn^~tLu|{`
zmF~ghD+Z)Z0gQJz?zEe(t`l~yVp(o(70^>zRn39!X|no*qf5ELT~iuUqU_evB#
z9~;ElzdoX`xuV&~n?7$((-Rx@2B2{cJgBpH2S0dY*fX4C*}*+
znk%=9j3?KFzql)V4+a8%XQkI~aeX?YDMX<7gl*>Di4!@*)q%gVw2s)<$<67~Wcf(>
zlbI|=kJ?Ke;t0hLoooCGyxcJg0uA(Qv%#csB9AFa>!SI_j8bH1Ru8^y><>8~yfPnh
zxlX6_0e+sehq*+c;4))IwY*_=T!}S4S^kMN(PvY4CFl=`a_=*|+A8!&tm#mkrQ#!M
z<{8}GnnG6;Gu}lgOaF5XRbN9gAq|R3@Q7qL+I3~DnqO(D{$a{G;4?vw?+Q4nwU8<7
z^!pJv7h{=$QSOj=1|ERQxu)ec$_Kh1gO9!2)!F0A1PDmyeg%H=cr=6Yj0?t0LXQn1ag`?
zer_z}X1QFBfKy|dvxZ6sX5GEncm#$rb7X0`J;hH;A3xNrN
zOp|*T(@3{3ie&d1fq(Ua0#k7lPS%+1H*w2rcjOON>9Qk^`wurTmGM#P>LxDMFZ0OT
zOly%yfFh&b|56Ug!HQ~U?XED`X;Sc0
z7>lb6h!Cj2A=N!+&8Cb%dIoF?&b3X_y4;&F{?Mt;>j_i50X_>apZxp_qhw$8=e8pzcj?NPEPX1GM=R)Z;
zD%}|wdi=F2S1Cpsf}#h^Zx3MkaQmHoS6Wbj|C(y3`B10hO#f=nVeqM%=Kx{$FX7_GIIFZ$t7y=Z9^St8*7(Kr3h)gA$+E+JJm{Ea@v(8Xqd^evRHIZGjFl?enlxY-zPZhxlw^ugx
zvLq*q{$3usl0{CMA2PrgHS7Rm_ejh}*zWysq6rZsmuc^_U1w&26HqHG9oQb6LLchG
zWx&OMvd2%rG~d=NcGJUg9?TQ;;=1th;qC3y{?}6iEYa4fRw!X(oB2Rbsz+eC`cxZ6
zrurk4(90`Gbb?maW}WonT`pUSRu!_Ldx5Ts?0)r}ql->1uOo7mDAfdhme$
z!ZDi;P-vV|l3oz4_W4s#S({a~;6QwOdA=hp8BU2VCs;X
z2WW)Ss{RYuVwb-(&EPB_2XSXTNheI&T>=b{$z<7&;+(kc*jY6VJ?X;u^n+e>B>#Nt
z`}Ja_fJw%r%I2Ua*O34ptANckaIm!)vFAm}3={9__bI5P(wtZf$hBGQlIoYU?|gKhc;6orCV;doGFu
zotUr$w<~6#Re}``ZnCl45&W(4P=+Lob8QEtll!Evp1lefvtGp6_R0%78geM8mz>tS;wHBhk
zM%PG=NSUgyc3B-W718WT`(sXY(?2w-Zb|>>C?0-|5Ur6S}qj
z^0W5HsV<
z_y|_6uGx3C*V0I)bEQUNgDpvJeHcnvL06UTbDibi`Pt6G)<=^omTh!B=m|diy#)|;SFpUDs>tTW0~fDSvA@TfmI88k^6W)4!D{huGzMqQ
z5E-Z;u`qZYD3qI|*I<3Y9dusD8nEdA5AS+4dZ-<1o28G7m
zXNxF`S-pVA5|0#TtKxSek!VcuVR4|M?~IfDeVxuca7Tb^*!3LNHYNRo0!0S0l9Jnt
z=Vq!6!P;|B8#MAZQuAtp29F#4Ckz0;sMw{qr>;_wkjj1r-Nd7P#001-Wf^7MIJ||*
z1R|3oy(ojqrTPVEG`mRb3Ckah6zaJ&w=XCQT&KCw*KqT`ln0qh!v%%mHcQ
z>BL$^n4h8CU*|%0*oLlRv~UaA*CMkCh^KLy;yiTFfhhP*><5w9hDD4F%=
znN0OITP>YFI4`T~cNrHHVqB3&UwmU4;Qc{%sP#mDC|BiAE5YO4pnDaCa8fBp4FwvHFq
z(%%}jaoyZl@C;wWrH|+0DvP_fptW5!i_R`5ijP}RK`G$HvNcLN#V)ok3wmRj-<K
ze<}}#%;PVs(fj+B9)M_@48OZcc8T2tUhHDXfCr#5k`|VNhhZs+->G4^CdGB9Bh;}Y
z(2KR;qPrvvow}9}L)Ly`+uT%$?SwDGn>}_%`GXK??WbKfO~b>L0V_YLbvbkXXo#FN
zgSr9BsqTER*P>GlHH07akOjj>swdzoa;auu)@705bGs9Ob6Ua`qjc9!u};T2s=;ijv5Hz
zS@3IiquW!)H8S9|Cw!Ph^0xDA)yvv+RoSnaKi#t=pIB-B!QA**cgDkNo>`gA*P^Y&
z0@**oCzyM+%&W@yVG9K94f~M9D@FZ{@JnioI3Z^ZRN`VKi~VgA)bh<8H{_&+48Fs;
zzB+EOU2}MT(SoX)#@tFn>e+$2IuLcMlW|Y)hI5pKvPqe(rqb7%Nz}2W&p=QcaQOir
zp5R1U)GS`wu<9fSRI~FR-N($n7~oIVi}Dh*TC#%e84|;JY{hdi&B;BRU
zgS!0h;PpI7#y%PF{p!|ml>U(6;ThUPtDMe7dY#CZ1;IENF4h~1sZ^=1dBloyVu3EBzBQN!S&!|k
zv|LLS4<{|WWKm00YrYqP8K<84YNnFJypmcxTY_|rl2GKnX1fN(Xjw4Epm+5z*m~T$
zur}*}A8oy=s6ghdChdVZEqGt)1~_^pWQl+a_R7X3^ud^&pJ!h2;n!|9G7nvQO!N+!mGz?#0ekCF9)
zv#Fn~T^{xm(6xTn(QB^3^-If
zEj^^`8b7fxTpe@{hQHATnl`Gb=j3i~SWH*M@e;a)HSAbYTGqtvD&7~e-h9GurU2h)VDXD@n47}q!vpiH;N@P1^
zm{NPP@?%HxYF@0wgycY-(~~Q(6a8Ku@!siaW!o1Bb9;pvoDhKwl8pcjC{_}imomPT
z8EHGDC6|pY@20;EX^jYUP_^RTq;wC3NFEp6Re5khZsZ6U^$WlSbx6m8r}n|p$mJ~j
zERx7wK;1M=d)~lb2Z85D@2tsXUCh?tp9ygiAtAthe^xom8th*`8X!-Ue#J|yGVlfl
zGfCi~Fds5sL|CV@d{YL&4hY71a~%vp61eT;*@zM$eijcVEx>e=mVz%%WB8VFRH`n{
zrk}BIHBs^;2EH$xJ*YWj_u43quVrQO1}uz8AxiSLF~;~?>l{N|4qCeIJ>~p7VEWfN
zMIiec)#tabAj+lL=n*0_V}Fr{EH`L~Er>JDWKDE^^g9U|UgI5R`^#;c(1TnfA3fm(
zN7bO!sVj4qR3)a8B>4BME;z}%H@(WlrJB3Zkg*!XX*p~j*t0NDA`~VP
zqttU&8Zg%337Iz3+9+no!
zKymbe$@`)!Qv#4nr7z=~Z@s4KMv^P}l1~jIV+Rh^bG3Y?;*39g2pZi1W@Jtb`#bdF
z7KV`ok;@6R(-Jmw>)%)F%30`7%>Z7*a|Pg10)4vwX|7k}P#Wp8SkoygO5H^YhonYR
zf76;}$2M3sP7(-Cht%U&YP9!potEaO65V4yq#0g#ho^1!)
z8XB3QCFzz*#tk~OM=P<3ac8$f3pR|inQE=E6>Vj9!gtvC)4BU>7+jS9E54i!4=|#r
zZ-UU@&RISRCc%q2>;w&yjJN54bWKQTW`)?cLr*4NQF{ouFuE;q=<1IC)cYs$dpi(f
z%yuf5jgyv&f9=#_v5tZ!c@Arh=rk=4Hu%Pt4hCwoej&lp+7c;?u68?I&tjBZLa}UL
zDv*AeJc@E25Yi$bY;ot5U2|>@0eM{97EiDAJgPO?S3O6+`Jl;~W#T%d$UXU~-b(n<
zlSD(@ME2&ay|Yd}UKiorq#KRA+Zfg}^-aK)*Xlma6-nx+*HKa?&3!ypHq$7|s6UR#
zz{lL}YxHq*m97KUa&Oy}
zLz}yl-`_A}3f}o?m(w5#W@EzQd7lRYVHxo=UvSpD=h0b~N^{D7v
z_J$wh;aH))iea%JV5+5=HJa+aoAJP+m5J9Ivg8IG=w!Cs=Z(>B39b;!8r<@(#C7s8
zJA+ZG{PXXXjT9t4KyTIxbOc=>Wg0M*IZMzU#<^1)(`|HzZES1d^U0>|i)CHHX=(q*
zQ~q7kS9}mY!c!Rvf85s9+qoIoW8(~&U6`Xn-Wr#q7V#8joedrd!Z(S-qBkQX&HM>sTLhrSyW3`RU-d3gS0=T8h=+c$LrZpI#DsTseDop@+AB=p%-~DJ8Nb&)%VzdJe=-Du2^AF3cznti818+)HR%ed0qSC>>I|dY=iCjS5*?{9EX&^Zs@J6Yu}$}S
zJ{Ldcjt)1zr^yUQCH*U$MT(svRqH1}mhR3L)7tt?j4aNQb_Mv_v}_M}--$T80#sz>
zHy8hTDZ<+I~3v1c9q%Z}yWKs?FR
zX!=#bw99CV!cv$rGylSa>lqb3RxWAfRO
z&3}g_NPTihjoYnO
z5+90j-NdW955j}=*-Ba4+K8Fw-QO>>MVU4EfeOHTA7DF5Y9IPGVcCOAk*Aq)6cfRZ
z9{5)154Y1!W&DMBL^N>wwV6M=Qt&9xaAI{Vhdi0oaijt%e|@`0SC!Eql#=RIG*K?M
zg+qn;L%H5rXK^(S6I$wX%Io24Dq1?bg{rC5{ya~?ofxrhxzHK2(1@y1!gRxt>Krk+
zW@Cs67@OkrX}ZN}%5D~2(}dLe8x6tX+&|GfIchU_rOdM`+V8RsR%ePF;aqV#%4EK=
zc-_ew;VHuqXZzIt`6zSU5~$u0!=tGa7CpLP18%0ZGM@&3Uf6rNX{^E5)KE>`mjY%54y<*7^z>qk*z{#gdb8cQmia*RT|hUJn>%LqGeWZ
z;4-YbYBC5j>}yKbG0vK8<~{nPkUY!$n!ZP{Hd@uX|_&$x3&$^nL*8A%$eDvCE2yD@)GmFliP{-)2G7!sKGtwkEeO2|x
z)Pd%N#N1nkrnf`>-4x`vRLVSAXzx*TsQgUUTh^yI&ES1!wmK^~XZpZsKvt_VjVB2!
ztJ)9fS%?XS{0pq>!`dJ;hBq*ZPerz-TvXuIojWHg<#Qyrpcq(KpA++FiidM2p1nH+
z9*EKaguUz$<$gMU#wt};=)3~CvTn#N4Co&PEc+%Vk=z+kM(Cnvt&`#QQH5(8RJ}h0
zZVJ1S_5<0(Wj%eIi^Z@wdM~myIAH@D3X2h=LL~(EP4%hggX}pno8oF+5qV6ogUCGx
zb_3juCDO)vY}D`q4#mA3uq526gqa;ajfYQ|$W*fN==uaof?`zX<(N-q-=nt4mkW0A
z`zV>5uU&NAT*|>&$|B5N4p`*blVg~YzJ;-tPIrJjjGlav6Hyz2nR-bWz{sR}MH7}u
zE;C@=c*A$a2^b9$U9~Gr(0WvYm0wH)CV`)XeLPh71bS1n-Ni*JmMS>fKg)vFlTry(f)aE
z(f*{gHVaJaxhtHECW=d?|4TJWqidx%2ea1BJqfL);aW7P^zc00r6$wmEwTpqA+hwe
zzhrli_pHPrG;j*l#`j+Fb1{?Q`uGKH6dWv(nBM5!A)acss44QGszcX|IEgjM1OyE2
zfI2#4qLk3lg8x-$haWb2g5sW7UDtxzwor$`ZsQmbiQaeXPElBje)Y8Boipj+Wu=FG
zddfW3kfE$5QT5Utbw1j5_H=R3>8q|6CSHQi1IgFXMFf)R_3kr(;*Uc9;(s>$l_`Y2
zk9;gl3c0i-ozvkXsGZ}e^aD&;jYdfbese(^M;q79OPR3@l9K)6e-URUq=6eK3~NRq
z%fU^C;$;00Z$(fzWGg7XP_Okj+BZErRzxbjcsh@OTI&N13HpJgsFeo!nKprBNAetc
zKv6gas~jP{6>9(PM0euR{!Fqr^MOkT4bS
zUL}UyDW348F3yad!J!%!a9*Co)25gp6P%XmVP?w=3!Go`4Mz0M2toH^0n@;gTUak9
z>JnX3L|AfvyWQ|UB|N%Szev}TezuqwWu4UVmPPo7hj{>Y98wE#S3=@jc3{P&G@SjQ
zhBP%;IPIhXL^yi<#>1-0(-mCLeWRAUNUUkAbN5k4K(3hB3p0E5
z#3KuS>6z#0hrZ0>ap|A=LS$LU5Y{Z4G{dxlccHuY#IgC7($~gb`EcQC2BKVZn@Qy*
zw56tykL94nd9aaMnsomcQD7WuJABsmWLHv6q=$DxNS9cn5-P`Na$%Kx8cepI)Marq
zouJk%V4u&V+aE+ayo#|S;$7b2jrOkFi6{j%6h2}04`43=NMyH(3m&Ct@dh<9UUh(q
zV?JhCHftngm=|}HPJ!pe4TpaKAwFx1x}B%d{NOf(Y)qGeob+G75+WxZ%=1cy8X0B=
zYFVb>R}dMmX~r8RPgOGrWJI)}2jd(39)Kfg-@;;}Z>5{H;tzB*izegXJ@N(Q+k`9l
zV$y}vuVR)+jukD3HmKxGLS#ZN
zQ_0!s!SzA6?MmJ|(o@RParuyCHCRqg5xQeH?At-d90Oz+q4RLeY=*Ab3dIB79}Vog
zgZO_{WofTC1B&Z~XkH?R-OvjMmGUo54VNz=l~JaQj_c_|{9y~e%IG(Ud~5Q#{PAAH
zR548nxudSrfw%|M6P_`?BNq0`+>7@IA~5wK&9KfYPcvfG4MmeM=)5E3H7m5@Y*daJ
z0AZWeAH!ZNhsKaG%Cnu_7_jkCNmYn|XX_q(xI6fiRt(Mn+=pcKTiP99dk<<52j1R!
z@}6wh1ig8fkdwL^8(taNAd&tO#9yrjH-zRG-8l@AP;~nFV&m-)IOi4w{k?Vv6VZC>
z&3`>V7=fxu8dS_W6Y}B<43sR8q(nYpe6W8L9&>gG}T`@R_&7z!YVShbI
zpEXtgKo2wDn(XgDM85+kBjKQM`f^af4vFUl%GSqhj5VL76_d_g_E)u!>Uy?Io~Gx9
zc{?u`pQUBDBuwFH2TG#GKzyc%o0d|*Le`8&3Jo}t;Sna;FLRC_)PG}_Fzqr{d=&5v
zyE1b+FPrZZXb8Na4Pm`U$_K@nEUn&>dO6kVXw_A>@IK6~6YzQxZ+t6~P1SLK3qBG!
z3O(}Iue-3r1MC}T4e}Sx8P2?!27;&_sg~z~95b+b`z;7y$%TzuvV9`lk8}WwGpDp2
z9Uw)E9tE56#ZuPcsjjlcy$pNKBWye516TXZQerZi)B0d04UkKIJN`Dxd=g0J{tsjC
z6r2ecwrj?=ZQHiq7#-WT)v;}}lXPsWW81cE>)qe3so7Oi^HGz$X$$*m3L^dRq{S}b3{zgpQ{{C}rn)^Zd@Ir_#6g-I
zlg-J{pa}mBT9)kmb}H2>*9FI)8I0#u2o;p>NyH<;z?M^c?120VH%f#%kr|))9)s*U
znxT^uK2MIFGb6b05tTd>SqX2~ArpF&GA55-ziUR@b$Tzxor=2SSx@BH%H;aMWb1*Y
zJNr9aRUl+?)PBH4PFggf^c%|`@d#(~E9bUqxGeE3G?R1!A@u0;HVHW_WK1m^z`0~5
zW%k6^BrF>#!f|4(A@~#zo`|T#ffl+JCW&H|K&@gjO8Wj*-{{B*uilfFzo$MB%yH>g
zEr;aaRx4L#@0Gnt3eY({=H{%uL0}vHTzXf6zZ`4Z=h-cXk{1G)3f^o_1Ia
zq^Dqud88SXNlAm=66f%>gXf><95eGf@RDy$u08~Gh
zJ4s9;*4@G566Pvekzq1NWOnlHeeA>7(Sdjeo@UZt1oADxWboHw(>+f8E%n@Z-E#AY
z8pNPbwlK^aS6|_*Q09)Cale$ZW8mmC3~_7*^cxD~gfl9W`Ye8Qs5-k+-~25`>=<@&
zn&Ih7UcMoeKKN!bdj%|7wTw64A=miCyVdW;A_c$5o&VKE+^*Lk+5nbPc?#9*W7L)D*F#vJ+->30QbgJv
ztcZ{?Vy35y@Akv;HkSF(!lgKR~@)|0C4P_J1he|Dawrb~g6^o8qD2<^LNhukkcj-ug~vss#;(h7alLg7Wl)o!R4C+hY>_59Zaahwy~Ixgpxh
zoBYh*7Suhx`EGpuomm<1x%mB5R}~&CA(JM$wzPvoW9)c3)i*FU1+QG+%<19$tD#N3
z{xr!n5jtB3Z0DIk8Uv$S_=yA|fIRxWMv%A^c+t
zTLZWvHMK=D;s5|pY1)tp#Pk)|+zsH<&fWy2*%j6c;(9@972!X9#Q>=7C6oP(v3+9sA;-*nzpdO-dj;fdtzz=H>46f~G5ixF#m$J$@qOUW2B4
zP;oJp27r34=Bxt|$3V@1H^!e1zDlKLw?|iIV2y50P~Dp9Xen>dik9%?r@c1(+C4d-
zFBZ4?r7u)W0WD8$*Mies%j;tcGq8II5d1*(NgNoK7B`oAR+oUf@BArHvv+O;Y-&0F
z#{jZI=)k}eDH2uu!jwhd?ANUTh0_8*upix5DI_GWn*hKj@cP*hhaoR7kjo-gnxXoZ
zQz3WPHb-}Zl=ZuXe!;`y1qACP;7mcE;Aim!4&qyoh-=0+bAB@JH1SYTeOdZa
zg2Gbp`}#&^9)4bSK<}N{e1XW6K*ga4CGDLtTr*gxv!2)KsRz$j;QeP=$t$z<(6#)P
z0#FBE-IAPt@m1lIdDzeb9UJ8=Z?Bga=(`G}1^#;!A;GZ2XNojd@C
zfRpUg2uc6TzzfslFLJ!DXH!84DTSYT;)%DAF5SwVKS4h|@$hT4gkYW3R{!z66uhVLN
z7fA&gltf2Cl#t7-I^Hs%O6beu$W%e%bN9Hv5FIcRTD%VLjJUj2ob=|29H>Gq4u?2){09TB%$P^
z<6Ltjgt-DmIZWICiq)|Bhr%Dw+<&BdXDAh`_57jL?snl7kRw_;wG9~or=8=)aS~ho
z-Qdh2uCq(e9qa834eu!PSg_jYjax~DlwOUpo#Zsika1G~%X2lkxptZ!M`ITPX6FR_
z9w$Ip1Z@UGabi9XrB}8v3T#pv9Kj*8UMgK+c
z-YF}IA9;tDYVo{$_zK*lO@B0U?;v)&fANDcbf;?O^>PiWE;jSRot;U>talgxSl$HE
z&(Obw*g!&S4hp|J+Z}<8mqHU^vlLT*b(@A;uR6bxt^8mYky~{`xFJW)2UQ+Ai2-*2
zch%3W*!6IJ>U<=x&jG4<*n;s10)Kc82aPf>wZ3Cm8x`jFpBm6@#{Crd?<*7)eG@*n
z2^X3dd+H9(3r4_*ft9~f8;oIvhYUip2UY@;r~LHk=$
zL>q67*bm*3e_a(%>OSH?MzOQzFJC*1w4AZWOI`ZI2XicB`W>G-36TU08A^XMFtr0ki?!Jj^=^=v
z?!{GbI$)sf)-JOGE|^sl&f9N8H7p*HbmP;(A+AY2CBbb@-+mUTg_?Y5HjKf2d@hph
zSbJ}W&>D!x?^7v0mHGxR?~u=YrZl3+Y#R>3-_)Ary^uheaf?+?
z12-y<&IA=nC1&CJ3l_?G-Li*#$5p1!4gP6izgt3HHs27B{tReIbP9tmt-|eeQojvs
zd9dykF^KO8tuH3#TIH=RgM~$ObwV!l3l3rF!d%?b%;Y>CpYuXY$3wF{i-lt2Svk$w
zNUiYd0FpkHM=OwIWtcDb13$Dmy2;a@bzC0s^Z{Er!53y~?x5|q<)jQZQAkXM_y90R
z#Vf{hkQp@i$4e=~u<*jen|xUu?^z5_(kVT9+=}`CLd{!I`1(`*1X(^HsIrQ`^2yed
zR}s}`IGb1Z{{1~vXDb|cGvvofF^tPQ}zR?+2{!Ydlt34;O{PtaDow>eO{Ba9+
zx~4af4-wuOXl)Sn?mRDIgM-Iy&B#;pi0gg6_30WM&*v>74&%-ZnAqU8f%$ch+*Xw4
zP{m;YOED5oo^(txVB7VfBLIP&rJMnFz$9!;=-rEGhvXZ)d}31((T~Mo@Spd9__dhW
z-2_=q2HB;BJ7Q`r5#m8%ZQ)tjFA!?TG=fGLr~a>C3U~d<(9xuS=!a3bWc6EC
ziX*uo%<}B$4i+PqD(%S^nrfdUUYQX_G8vkeVfUYqisN%jCL{fa>)etQ>|-*HGg}L{
z_{nsl+jqr`JCXqtPvn@+*|&%D*@3CQ!jSp=oc83+^UQ-WE`upufQuhvgD+S}(>ZV}
z#`e5Av0T6M+2l)KrOx>j?0<%0y;o>oEN8zCwbLkM&kz+iS$vXFm~m%3$+V!II+Jv&
zYW`%%i0M#nMS&He2pX$(4i+akz^U
z2g{;I`bVj~&a(tQe!BRv!PnSU9CLgh1(y%NoQX*K4#m{g8x^+W7dq9d)nLFc{iGHo
zG7AyReMs9~Z=~x0q^Z+NhOZo(njEt)S7qvv0yCe?bRY}W6rSGu-_F@_JJ(f(AzD`a
zd4D`gHNmZicr?h#vi*1t5Y0F<-zQcxYxlWFc3|zV*zT)eNgpUCA$_hbY3uFEI*>{?
z5zm9eBz)&H6PI?6TveXo{k?lf)TCP_DxUQe5hcOKi`AzI>lX5lPx5C_yO~e9z6_|d
zd<_CbTqkn|Ufiro<_utM`Drir7_Du0RG+aBZM=|}-4jP`y)Iznq<}Jkk^?K{3xulI
zf&&S=b5Jl%5!G^z@!n+~dM1zW(XiE?H5ya-00B_7T*ACKmjc{o$Khyg6mzz*FO?Ta
z$IgAgL#LvQm(kEn;jlw2z@HTW)>|EtGA(|MXZXA;L>mOc
z?ylE&h?7=V1SYY)L(cd|15Q((g^_aKiiXa%K?~`ZDuLpX<+uR&eistN
zxOLXTynhG%0gGA+9R=PFZe81_oyGX{JB}0x6UYhYX+G!6<2Qsl&x8wmyGB!2v2#BM
z1Rpuj-irv=T+i2PtFNnR2=Hx!U%Bd4%7Z26@cks@E&V2)(}{+uSN6N4f7s40$C~*N
zinoc98+H96zRGoB-xBc8kF|`Oh@e3CD)kChA$N$|tk!2z_-5Fg5CZ}$>H)e30(m?K
zBnpUwXnsGw`4-JlEkX5mwm8!w=w-4QElDZpk`1emEX$e+KLXYdaWcz+ZYiV?m(Eia
zwjAyK1}slj2nXoGLfKXQP+?NcJ;@)T%&vvc$CZ(!K`NUFbU#{Y|AHB^(IerCFvvj-
z!={C_aC(yBxGT`^eDg(NkY%XQjyX%?T6@l+b`3f3VPX!;p`W(ZR3?QC;9i7Wl}93;
z31$p+-H}z+O^Nn0)|(Q-43}f%e?wvfh*4tc1Zkp=#yY*`{NiEB{$URX1isMX-YmBt
zX29V?T4SEXUKLI0TpLe?u1-NHxo*y!CPTxC=1{3Lv{8N?KKlj<_$vYOMpB#%i-Z?f
zO?!nIa?DthrUCciPz>U^mlm9}=aT)<mYRN2u$Thpz#E%R_ueMQWQCi4tbyfUE;@
z2a5TB6gh>|`-gFM6(8)nL5|T!m}K95Bz5=u%g+RIjH4w#p4D8QjYPC;0h2|UCig}*
z8lN{x4Qs&JNbt3xYdBxvlNfFSQ*#mO}B2dj^Ml^bn
z9EMaVzvkx9l##alzWe`r8FFRkQ3jLG$G0rwCFou}u-Z2N_xZ)U|9d2uS8s)sQdWrl
zwR=M3pt@YGQ_Jvn#~F1HSrtA+|0p|D|6xVAQ>L9NYKFt_eevFlte7S0{uiKSJa`Xe
zg86t&r>(Vc_(ZsCH{2spd~Zk@vaSDaC*uujl?#>+k>@&}O8^R@CVZmfw967e39brn
z`?;L%!EMhtjChr2meke>wn#fdYb(oRYvE4+hxRcxbwYt({36^Sr-i%4Us_F5vrf@k
zdxl7r6n#k52HJ3=HFs{hYp%s?rAXLp-u*B&4`ZxuhqcEh8b8;TS~x%hF-}}qi;-)q
zm7IvQps!Owe>{U{W;&i_=`g&1EM{GdQcEDWf6myJ(PSGv6xc&mU
z_745uhFR6)788GEplP*oY~@Z-JmZ8)#K&6PXuN|ZjulNI!rQXvkbUk%iu?2XMdLsI
zdM_L`$mG46aheh}gkJh|f4hhS)09>SJ%MA_G5Y`n@R@b=1gmU@vu_Uh)>_1UfG5229Bg)Y8-oVjI&M0jSl@~519@90*;?SV-ydXI|UL!
zj9e)$-FW`Zu(MW$;nwG0ueSk)gAf|
zWoXv1*ATVXmAjEo(AiOCxhO-*h`iMdK6CEsjQKJ{8J)HEH}Sx(385}4)Z}-y^mo86
z)^VjFea5}n8J_TQK|(A@`D|>ozG=QEXZE!nT(nDysupxw+g%KtOD#mrF)MP~DxM?~
zW*cV1URS5iK(Dxg{Ho1~o^0SzheN9
z0=lhL&^SLB3|-vOp6X$*dS_Tw7zJMZ+!B+)G#BI37LN6;>Nq;xGWxU+szri)3cfw)
znHvUQtu|YIgDoF!Q%V*hl!uo#7l~EYmsggp%(r3x9~*p{Qzl%t^el;E@XM1|Q7zje
zF}Z~a<)DuTn86Y>0j9G?NYNPl^@g5shnQ@hF3dX(Dp=X<1ly8iE0@$D9NdQH;%B1K
zO=Kf}nf&^-KTxnkC~mKn>(YF(UB5p8sQSHWT%}5>6MKaA*IbT2#*;fMHS2?>?GP<<
z8({mH$XT;_o{ncOiEt8>C?zi$f`&StiKCL|)mntk(#
z-AxAx+1)C9GB$Cs(k2a$Jy*f!>bW!Gsv0feUjL}7ZFu+gn}+nhS0D(IJkG1>vBFj_
z)d9|)AXW)R7D*7^*~i-Ui?x(}i=tMZL`e)EYy<@V8T{%}2hNA4
zgT5Wavsts7Y>TTe4t|6ep{ozmu=HaLPUL(!J%&aRBcfijOch89i0j%Pcky
zAI4$mWneEjjEE%&4Gu9k;H}#1B{KsTmp98Sm5`_X$4fu#R$>X{(pH#hJb9-1(cF4c
z9z5(%Z=e)M`4O*dkI&BHqH`f1+7sdZOMKGWGH*tk!4N
zRBOIyCdmQI8*sTdq#{;?f<*|MA-4go8_9k-`_p|ov2@if4nrr31ZR)PL9kyhm=#bK
z`%R7Fm|*c*3UCzLHU$&Eh}g3{e;?BFWtZOXMATfZRSMEP`rbbn1xU$Aceb%p`PL<(
z86Xo1BNP;4e?9Nj!5KIdq5RRWK(&Tg_b1W$Nf@lGP$S
z?~zmUU_wj;gfGPjkCc_Bd&P2nu++IF|J3u#auXhV{c~GCpcyj#^ulcoLAU@M6xsdSA)6_e*n;;^9v5G3MJV@gTe4$)z(T?jL`nN4rZ4Od7GuAT^S}2U294Yclm|LWt
z_e(YQb8-W>K`A);Vai47^a9BSrx%*1%Hx)9l>LCN5?Nz?KsV^L>jwRc9gOT$ElSUw
z*WbmXA{PCio%$4Xj_|6dvaDW{kN0j*WT#b@vBJlwL)sGqLTQulWzhl$EvE4ompVhL
zm70x|PPgziND_6eC$n6uIWx@r+lun5F02$KPGy_baN{+mfd|Fq#XV_M19Z;|_+@wZ
zP~cw|!PYn8=mOv3lpP;NX*SV$!|r1oTLK1HFKfdF#GH_%$=MX+jYi^!-d#I11Y6Sz
z)+S4LKlc^arC4gJjSLTO{~>maEw-F%GDHtlC;S2Z$Ajr~@N)5O7tea4U}*fL634j0
z8jJKOJ`i2dtJ21lS=>-^W6FXw2@3oR1FGcyJM0+#PlS5<|794
zK)j86kjYVtz80VUaqra|27)jfo&&R?{-zS$kn?RE5l{PViXM^7bl3wVMMf<@rH5dm
zcDWaEb(_95-zG0kuOu3LlCika?VD1e_564iZJ4${8mcUvU8~VqkaW@7&793#nl^c|
zT0ceFCkU;wJ`+N}!UaOBihX8Ry}6$g%AGrLVEa7w^KdC6*ep34E$LH3|7~1grtTL0
zq~?`IQP-F{JSJHT)0q_#wg^6}z{JO`bBtt)bpcl?<>-+u4U?v|o$&>^#w5}8X19H6_TbQM#`EB|e#BiS2rLxi#D7HBEHIl0|ECX6XZl_UtoZw=;c4QpZ%z3o}89@n_I
zzdrY_$_V(61c|p8l-RWH^^t$GmLAgJNAqn@f2*$g-c0P}{cp4FQAY#_g8(
zOD;6fbv+Lyt4n$8#5G;rAnW-lb3nA4dZIO@Pije|_0_bTE`YAI!k##qY^X}Yh}cFa
zj4>r#JGZ*$dD1!UCr+Snq+p8I@DdPp8Gba(#}dy`^E24dQTvmf%-GXzq`Y{*9#uLt
z#uTAvav&itN?%^VG4WaQ8l|~Pf*HGj&wXZ
zMA9Zzxy_yufhMIk44#oM78Z4HfUGK4v|L99bW6dOO!ZB^#{TquDOp+fc3Wfq;4F8+
z_jC2^AYL`Qu}1b0{k21D$T2u$VkXs$971SLD$
zbQd3{<-o49T20pJv(MzJW+7nw5r#kJ2sv|5@H{U2$a$;cRcyN~$7D2O@onz-$>Ghm
zt)FCFIbqZn(62l)!zmLcUtc8cI%CwYiNgU@jw!Cc4}y!Uc&x01lx)F`S5#Hh5&T5)
z<6DNpjX07)Y8EGl?msq*nhBIjB=!-4O0j+~o@AP(es38>aXuM=WaHuEc8S
zVRHrPrm+aMx6|Dqt+fd%)RAnR3${u*aonZ)L{a89gO%JGN%!)&N>zh?Y(+tOF7m(o
z+)Eq>PLk^%-Y&Z9(SFDrWQyzhlmEi|rB&6
z>R&DU^_R_8H
zRFxm~ORPA^Ic5!X`kN8?t-MzV*_tX0wV@jL;q)^ynhQad9oYa>bGbBCAp42*<`nw!
z7`J|b4ToM+Z|rDcfY^F)B*?I4_)`WwMDTIk(uaHNcMXs8$}&nmh9%skR9zrRScj59S#C)QlZ2%yY`5aGjn+
zbuvYo_TDai5Fws3t<&Pqj(B|%6!Dbj(0#90qO{U}fF!`{PMkaa!&h+T`aS3KAfR(X
zJ^yFar#{h|MpN?QWTNziAP~%PNUjF{udC;I3F3Z9ON%7_Lj6)*H?`+;l18VvB!+;S
zRcZ6%S>hXr(21pw`vAw*N>)fanigqDs|1{%bH#qP)y$+(!{F!Mpf5Q8;zZNKQ`5}H
zVFfORBCB*1DV6rG7hbfzfbARqaz8mfeA#~8gUm2H_fwegA%Nq8O#h~?JQ~d9`mDg`
zQ{p8~zpxavigJ!&VoD_+
zBKd;N_0>u|TQ&k0U}QClz#0~pLB*C-v39Otc41_KUBW%qmC}D0No}f5R;i@nsPpDR
ziY->waLS_*kzdn
zdi^1KBTj=}A&+4WT%qfT
zmLemH3yH>usE>1r%;D5^8wTs^*dd+__YYGv_<+Dq_BDd=*qD`vaPuP+eqP*W*K(G|
zvv3?w+%AMqz0_30HN8&Dn_&JC>t@*K!6(47DsNR=yg;-q4eo{CmR)mf5
zgC&Y;!z*fHV^!;vx{hTZq7nsJSe;qa!##pT*EzX!aVwp}LSv^`i*t`BEW&5bLUc!5
zevzc#z0d~+rFO!?@@eILRGq$Vk
zc-4#rXTtKqc^6SPEPwali)N~+oXsnC!eDGtVMGc+0%O#24}B_bY`qbg;@TR$
z8W`{j!E(Q&!z?+(X-at^R{yFyG^dnVxk{SdBhGt5+^!LI3>CvJl!ZIp1LDO
z;e0sgH}a7E+fV!~PHUw+Bg7^U=3
zBE1+k&P68P7u}tOG8t$=Of!BQ1Q04!8}0{@RqgqOaddEmE=`b_`~02-ZDTM6DEo37
zvx!rQDYUPbtXWIVL(jD%{WF*iq`B;=2cPcfFy&L@@W$RQ|HC0Jh>_&YPc!~Pb
zL+L5|;$#-CMP6`Sj<@onh*F1%q0Di+ROq_H-Cslc2j2ws;C}^eO*$46B%rVB-5~^s
z8S3v2aPVMvciU(ur8+;RUowrj;MD~FguuJO8P=>qtjtB$XJ93(ge3%|*^cs{rwe)t
zB?oX?ikexGY1;4|2}!!A*u~0dul@eh`ljL(5}BJe=r&p#&Pf%sZnAx9%%xvvrU29u
z>W&Mc&*zj+&~RXBn~s6QL!IUVrL$RT0+T|f1-mMq~8?{SvR{<9cfr&Wi`HoBjI-$T%h)xGz?y@#C3kulUc|lcjdg)
z3c23Sh0G3^ALOnF!feSsID6-E?vYp5iB&JsHp?eJo$f?*$*H-6K9ObvjSo^|@#Esf
zVZtb7YmMvYsCc`fyIgcy6_+V4S9r;WtI9At2!;*8BU?vn5q5@r5Sg=%&Wr`~f=Z6>
z)~>UBTncq~mQwyXBc0NOLzpM=J2HbX-W~|r!z^(WyOrie;pWd=W1si<3V?KceQiHt(WKPMhoF~`jZSqSaeFbB2D?^_l1I*3F3cyNvpU)7u1Lo;6*`Yt)|Jp`V#(wa}Kli13e1vlC-0D6q1?=j;?DC
zC-1;f-B-7(R@OEVZcq<3u*SVc|MFXl9FS9?PmaZu(p;$8jtz<->P+@AqicFm{X}G0
z?nbKq^rWEqm^~@79_NekE&ST=EMh#{JtuzsZ(Ya7YV9Fy1+;_g{Y_DzExk(g(4R9-KS}4Y*oo;c-kOWk+R}xYp3`46YQJ9
zb9mt1ad~3gGqvy*1>PD##LYx9M=QOREixB+U?9pQ`U%NLzy0Qp+bYiAZMV|L
zX<_tN^sX|Zyh;0;gYVXD>m9eY7;9ZPT;(Eoi`Oy#uwSC;)KFTi^@HzXPSaXugwi!@E`Pj97f=;a8m7nh5Y6^e
zD(!4ImAK!+VzbWq=?T@^MF6kcBy}e{=Vcmmp7=Fl3S!R$HJklD$Qry7$m|Ov)=E`8
zTxtW|gLT?&)I~}g86;L;?!hxdwj=g=s)Q$j{(QNjv-4mdEYpD%D|Iu`Mc=IS3;=cc
z5a{kHJw$St*X;{3T=
zuRN$&Cr#xnp}QGJ<#LaAxqRdy@fRJXAxQiu;fX4DACP#!lh^tW1$ktk>l3$obC-D8
z;##}?$Ze%+ISOUHn`JE>~n8z;Iq7_3-Q5gP-
z7ly&wE(Lcflv3Z?DT*DBI1&}H;1)jIVz)vdVIJ#G88~B~(9haE63w?5@?==hcPmh0
zZu~uw*gZOaBlWW!Utph0gq{!$1N7-zi^PM_pT^aWiDP1MXVO&q>zwf~F}&8!r}}Ka
zpS^R`e_B@MCo4^}<$0pOU0DGb1KXUA+YDbBbQi&TSj}Lg`!NSK8K#!eu`mbGIk`=T
zb_0bU0&GJtsD=fiAxQY?zZWhxT-n4Pe9`8koGwE8gcZ%_)Y&vhJ;_I32F
zjvq6mb3j#{^f%0wn2&r~QGD@bA{m*d;L|l4;XBd;>7;>_$OBou5z)V4DWe6UqBf7G
zl0QpTsR-5gI98a}bc3#Uptl+V+uDy{4j))61Bi2%{BVy@(GdjYGHvXY6}-)x)qu8w
zTzN&J`qUT4$0EX%T>H5;E*td^@3xI|Q8JtqnfezxHUxjiB9!X~H289`uo_tys$^~+
zVjdVdIiE@4*CIaynQ51WShi7As=Zolh`}gg;l{b2=`ohe=G>C7*1AqkSOl%zp&wvh
z5rWBmLL6sXGFxXj4}?Dk
zNmoVLtrE`3t)KHtPnbp9&t#5OQijssX@B|pdZ++l|k0KW(
z&W`Bf=Y!p{03`q%f-7+Qr_{S7
zUL=&44qPu@^4;&-P(k`y`NE_c%B4nvydFvNFa8C1^tbvh3N0aR}9FJ5Jr4
zOCrF_A^{t60GUJJ;kU&r%ylWLZ0BSZ)L%64AX*5Imy-IYu(j=@CgJcXyQzdWC{ui8
zEx$kAziU(Nw|z1KQB(*WY=KrB&hmodo0)Of5f51FM*$X>P8RT!dMR0t*S
z5>SXwLVg|Hhm12;`*Ll_dDpi5YwKlu9xbc+Zmv|lfW);$xR6)iMUyF#&tR?m#B{-X
zyBraM@r)?3@#W9_RY71kBbs>7e0ZmA%_hXf^gRDnBB$(*g_*F@vO7B|I}ztSD1{#Q
zmQ6+5jG~ow7Z}>!ye?SU^%q02le({^jvx-U08^(b1gudz0~s#nEZ*8FC)QJ><06(!
zCrbVsGD%ic9AhXsfDSak;9DifpMb6%6{*wUp!&|e73Z=nn5|VuGJBnc(ez>(M#ugv
zGr%NWeTE%r^VaD67*fboa~2YYU=fi8uccoKXdqRk
zz~-`6j50IIUcZ&<(-CY|ju&t?MvMl~G*6Oo#WUqReeBn>&}WW%-0G>^re!_jcrT|5
zT#t43xVJ=4S)Nm4GQ}Khi`X~uA~N-qN`Cq~x2LA}x6&&UNk`@{uDrer(8WUo*??(a
zU6dNoI6P^s@0W{knkWV_u4wdFQGgRtk|`GsXNu!;$aB+}a&?Kp^n|U5Z`iW7*)a0Y~fmk%P;yKGVmn;r2
zlA0IJ-Yy4`S(5R|15HhTAec2|Mfo1)Cr#6zCk^eOm{ct#?^9>a13tPXg9QlREQeQo
zmB3B9+M2c)z=bRnT$n=Y^-jLYLb`%jZ_FK6w1lCv@_P@vpR0S9c0IOfhu~kCU&l5N
z)QMK9iiCBHrwe5C${8W))W7UgRwvbu^WPO1^5J}KJpZVL-`i?$QTVMDJqu+>WiC?0
zXN=EAO-|PzRp|TSBd6sDbqgNR7|zmuw}s@k!~FEXKf0K9D#gbYhF2`ss_q*j#)3XCcWct80{n!H>T)T@Zm-2
zc>+|>f~?fAF7k3;k%0YjVR$QUX?R$
zispv1!4+{8*Iy`_1aNVIpMv>yFr*?FAvPX_*elmnZabuNcANJDEl?9~CG0UUZyJ*d&=4p+HMXK0JXE
zb!!f{M_uBiIo=6?47o
ze0bPd*#3W-`>Q)l-AZoTs0cik8uT0NH(TvD&(;V%?Ed#bV{|2F7ihKeAKWpOi`=r}
z>Ztd*(f-<0867HO5GB>OHZv!&G_#Tw9+aMsPGW0pdUjA^Wl3&3N~%z7WpV=cmfj?i
zk_f|_jl-k6who8Slj8)oBp(YpKqUntB?STw4Gql!D>62-GdMpmwS_BETU0J3Dk=GG
zm>eJv5>5pC^Zw%2$kGIv=r7!!t+lznnYqRnApT{@PnVSmk~^&cQi`=g1wzW}jR>pF
z3eu5T4JR@+v@$f`hevX2Vr6d(k=V+@*5J=-K?)TK~S{7c#!d%gc|;tFy)r-cvjQAM=B+Wa$ci8eqb&{ksa(qjWcY#6yY+
zSn|ZY%{|q&vi{#iuzPj~H(yE&;^=`5VJZJwf<`^B99et;F#+>V&W-h)pUhB8AOLiB
zaDb^TI(3<2rsGvW<)fiD*iXh4;?;GH;LoxBD{~d_$Y}q{%*0+6e!B0CaB=LNzcnk2
zkz-r9iOks62HL0)$lcKp^Br)er$7KyCwU042tUXP4Qj}%X@Txr8^Xv|T$y?2rwIH4
z)=oA9T@`+at?q%+Awa;!Cvas8xKj)~M*GhnatcIZyfCq6v^9DZ1Oc|1g6ztT^kLoo
zvjkZP48V$O2|5JMj`ocVY#aiQo_A}O<$vOCfS~dN>w8@cV67IrHGj(f0=fT$rId$t
zMKyGXH6`)(E%kkLSpbu(*6?z8badCUf4{yMnnTX9%q;@B^BOzClG3h)6^!1w)1qqb
z17`QS^nnLTWlZFCg>-=DUhR4yTPlzU!qOc1)6oH#9~YZ%G08|(Y0A>AJ)gI|vpC2GBe9q$*9PDibzRm{Zx&7eBM%E_syZdPY*)?fquM)m`^MtK<}_gc|eqHL6v
zi%Vk=Lbz7uT1}?0$EwE5pER`AL6usd0ipaR%kca9MT3_G(3wQWn`a@!LSZG(?13A5
zG$OKy8`(LfIWO*lB~Y;qhwE97apKZO)CXTaCC%X3$x}>JrS0q+`bLdEh5Tq4J&ZWX
zHlG;ozF07~PQ^tZ!3J6k9Oak7&pNO5!1yBhdf(aIoY5A129`Eo0m#zGtd!i3+pz3sG
zPpcOBlZy!VT7e5+7CbI7?Vfw3r>Cp+2!8|;d_uj{8O-BPHV;R@WH#(X&>3=?t26O+
zAS3qVtYdE^sy$LZx|9Z44Cd!g?IH2$kh>Rh*i3PPnD0tz%3jZq`aP*_o{)?mzy=Su;J2b~u<2w_F
z(f}I8s<-}4`7P7|O8Nv<^Z|dQ)Uhe0Smj4S8}%)e+E!)zVPdD~K}k37PrY*hNR(45
z)+A%;9I^Y;>gQMaJ<@!c5c^!B^#~?jg<4Ff*FwQ!WOgjGqZlS7bM@=hPSex8ss?b5
z5a!H}ZjIJL!$j*?c_YheTIBNFZ+PGywvaWD#=r%`^+QVO(|^;VSP7F*dlU3RgMjS)
zAP*+;5J(m8>keW3#ve2Z)^aKv(YD8kaXBO5-i3oV
zjd=h%Aj>{0_sMRXaW2!d7(&3obYBmZUKc4WLCo=0wnuqR%fk%9eHO`3Wn#&kmj|#W>tZ?xg^G(doL(
zJOg`~CrAgl0G4HG%v=S7k5%GX;b*f-8$5FLxn97hXBcW~u*q1}-w=5}JS%`NIv&O+
zpJ4rBrRE<{SWJh1*fIT>D#JI40~vy;K74emLnlP
z-fHpcK}#!MY~v!}9<+^boEuT=Toi1}0vO_vn!twy6e|;wa*+47^ND70nULRGGp1B9
zC+%8Jf5_hCUJ=jlZqb4*Iu~sTp|$hmNRlPkptWT8P}L<|yRN3#`u8j~Tp&^m2Eg
z%+qMxe3`sRC_vI!rlt#JEkW)@U=cob!n>W--Ny~L|H*O=sI@q%jZjt^6+pR4ee7h7
z!XEBUJ}#xjdnawhaksg8uDySFq@P(aKO$`Yax@D$nd8+dkm$ErxE=eV!@uT5?xYo1
za8QL|otYfLRNRN2Gu62ixv?zSJDyf#MnmdQz*{WiY65QX>5Uh=9N&IP
z0E&NC{DXf;rPB&Z>uyUq9q{rT$VY~#5kOa4aWcYnxSMGDzZg4*CSkN_$(C)~wr$&0
zU)i>8+qP}nwr$&H-${?UU&Q+lXRzaB=2}CUwA1p97GCF1y_-UdM)vx%RVn6I`WxDRF-6$kznVX^AH
zp9`yp#xtZdqIvZswwFTp14OxXI@yn&TG%;FjPbA?9Locon4-vFH{A+;GDp>4L
z=#Fa0UL-I%wV0zex4cU;??!ONX7^8BLSmSnxRN|*7m+Gf!X)S&rl`kmX6ktxzI>j$
z`MOBi6PCGN6ePW%Je|g&4?Is#1xR|U(}ff&ZLs&^&krApKCj8w^xRV>#XE#Hqzy^Y
z3-t3?=E(>}Vq&)XB6|JM-wEv!bCio1;eLmc<{E@*pRjSC#%^cK%9eg;1ywa>I=XV8|H)%8SvrZVf=$Pp4qOKgM(TU(MHg6bQe%a`Wk?j2wP%!gM$KnJM*
zfrsf^OxyFgZmbVO;~I(zjveEv0;Z$Ax;$=Y@DZt1N#MFF|2Q!CL1?s1(ako5#ZY5-
z5%Nasd&i)5)<1w`L`QOND&NlvEw02(CIS
zpCF$y7{NgE0#X%u8;mWf%N2fw7Xjkx`{8wc5l)I=^0l8T?8p*?(v@nZ&WJilh`&hi
ztFb2wRyL^@bkXC=0gNsW4ayn^-&UnTp7XhwhiVjIot+YD%FiIEl2&NqYTr_qBZqdz
zoCMqY0GfFAHLUF3k`9Qi2$sXr&XeQQNQlDDpsG?6NPZ3JK>uq4WRRxyI}vQPR@vAT
zG~?Rb&=SE`@E|mXrF7@%mGE{ECDiWK8}Nt%9D3|vdquOS^f`JMFudmokq59JWYe8mqIJ$4p@*xE3*=wA56%
z(tu155u7M)q9MKM`3Y`sc?iZ=QXV$ET3Q!Pr;$^Hy4=UM9&QmU7rY4S-UmnbPjUD#
zeTO&pWHi{*(Kk?x$>Sluq8_b;MB?zUP@{+%0W@~9h5dm$)E>&Gm;^2@?NS(T12ic{
zUbWls>$`iDy5$`j2#yRYE$WyBT2{Zs5`bk06KcxPD03VN?$Pr-J3(9!F}>8C`Au=V
zP~T0wz_j{l={mlqY$<=H65s_Tnjpn_XYRNSayAWc~HG(fYQ+
zA&=8Ex+mW4w@%gAhsvV^#L~2(JIj}mTDwvQc<9yY!|bR?6iW!C
z3yWHCf`{0zI@g$--3Q|7LBlE7%Qa6XX!hfBcB4N53UBr)S=3CTYIjoYC!L$aW2U-!QZp8
zpOb!Tsnw3@eiy@9cLm54}azm0j95=gcq200~2qnHsedy
zinV&aI;Pwv}9L{t^u_Gq>UtrivnLS=ziO|#OtSFT-5%a+k
zP7J=$T`9Ga>hXBZR!Toj&JUGn0y@rO{r5(>fs=j@uwyM1^;}^oq0XxsE4z`Vd}|Nm
zfi?W-EVkJN;#gey*MIeZmbaQYptMRrJe?5AD4d18O-k6ZqO#@+6)@ycejsS!bNtzH
z@6_aj;^-Ym{lUCy{kfo1ACKe};ES*6=8}EwgM{-ip(E+g(o)9~8!GL8x|C!4wM0Ml
zRkuVHv|fmolkQ{>$l^8lOT(toi@}&n8jxw=3A;iy!~Q?7mnij$738!^FYe)t`cc1)
z14!7-Bs|-&pY&dYZRLJ8k8Ro&)9_^bezic<9QjOS!&{$}jrkpHfB}VikziGu#>0wo
zZ0@?(eeGM34#6X^;a8<0g-rPjAP2en-K7Zi4khdZM8g%(oU;^5#T)5c+EmAHzwHB+
zwJnp~4xnR}e&E_SK}b&?k6otz!tIL!4^@b6iq9{XO*N|;VGAT#4x4TusJ?pAdcZQo
zDzWYG(*HfvgVI?Cz9EwHmt0fqdS_?ytCe!LX1q-iC$&&@n7r}R!olBU7sKIL8IRjo
z_fW=Kx``0-kAF4X^r!MT$j-N68^1w6nyo$>5h-EFJ11!aWstYx?4$?th5wX@Uw72L
zJf(^-V+0Ehn~QbXXYJwG4e!P1t&D#hw>pe5B(tmwErsI^{h_oiYI9})-<6Hu&p*ML
zZcdef4f?1pA=t5P0VGg?3FS%vn~hbV*D@0z0QJ^zw}PlvLwMS-D1L((YcpPGC>_0w
z=f3?NFr|D4i+ocdYtn}0OFn3%8LJPx!vTF&vj~o5NhY|Ap_%rsNsA5EsL11(k$7`5
z+WN1JY~TvH&UxNCxu3V?X(Fl_95Fk8p>2;T<}j${MBHxmE>X}TlJY5kI-v|a8?_Ny
za7u9Mn#>Dey@eBThYo!Q+W3=!wp~RzNfPs=`;0%<7x}JtZ@8t*Y5WZymR9E(wt&MI5p>}fVR;8(pNCN
z91WH|@M0~dFFX1V=eTYr>LU9N^doMt@PoD6H&IRWz4dLHreWLAF7_GGhJs5Ad8cNqSCDF8OGr?=?SO}dAi>g{CZTT+-
z$%*TLDwkI*tdhpomu703dlEWVc#~q2wh5>?DWN%ctyX|bK*v=U2MOYr%i<;$TV@S)NjjGE2=u{
zYSZ)lK-YAP@?fVOWE}z|J`GNNEws}BLW#$pUU5ISV(PnxO-xE4C7R6;RVyu;HKdVq
z=jJ$A83ZC~((vO(K-`XF10|s@c5|$h_Kk5p=jYNPzKRBzJP$
z1=o7*-aL&5of1PocL2waTsyl)~
zi#jJpeMLZu%gev1F@zjKnh(~XTSFq}6
z&Vj}bt$LeRATZ`5CC&a*C@Pc!7k(PMq-D6ZO*twjEd
zX4rP=7T})FbQ`NSc5Wl8^52nn>&J^6JcvBGL?|VThNIV%#46JZhxy?+FO0vARhGJs
zxidSHN<=+XcebDGp^NAf?i%i^uqV7~SXpl})V^^>e#57gLWn%g#X=kV>qf>%z0sH4
zADjE78+dLU#wCV$HPw5ds3jx%r=0A%(4TwDKx6c55K&)Em2hF)YqJEC4gdu2H=AYN
z%gD9D)-w_P{tY5#Ra*%Z&47R1x&Cc*N$HyNTVOXi44(IFm6Di2K+09-zIwf1wnmN1
zlGY_$U=L5b!m
zth8!*HvTjo2q96&oLP6%c;;i0?&x|ikK#jS`XVc&_Y|~ryI}0Nph{bP>wX&=3d4FE
zPxn|uk+i=V2C`P5x4QN7)Fm`jv|RrWI=zJuVkYaHY+Jg&UgumKD+exd<1NEB+sO6s
zhb4FCbsRd%T7IS9RLQDtacDEE;T$pd7W4V*dFu!drnmE7nB@
ze=x$Fc%h`TAtsasEn^P43Y;7TWp&Vj#-GzaO1a07_l1qTg=Q{1^KeMQ4C44f=Eh*?
zQml(eiuQLt+&C}HIZxY9wmcIPc(1BKt0|A4b&=R5eits1ce~m|J7=U8l|y)YN!a0v
z()>ARG4b}`IplZ7mq5dj#m`b-I==u-U37&3DBzL!AgKDz`;V#Gcr<&geaxmE94*<3
zAXtZ@g}fLPq|a>xW6_XEgqg}-3OI=h$5VVxflhp~*U%b{UCJgr8tYC5jd508CKtNH
z9w2c((b%JitADZ+FGO9`uQ>C^l8SNBbwiFd0<7j%5{s}>t*vej$gcU4$0*y`W^t@#i<2M<|g$%x)=M`_WJ4R>mcWWE-bA%q7-JFEJmChxZ1-Pss)>C!?}~mL*Ov
zcdjH*ny0%t6?phi#59}GhL90Thcb^E?@iX!v?3AN9*2;8SZ}gBRVx*JII$r<)k`T|
zs=It%i7{si#3K^ZIWSnp1pMq!#33njw8VEd6UJ7aak+$3n948NFOb_zj@ddT-F;Li
zmS$!8mb{C3TxqcQh@rP~RP|RP9!y`+td`dpUSmWOvp11-{GVrj_zRE6d^Ck_z|7&W
z>yT~}<`pq><FH1vVQDP1;fbB2n+Y$Er$J4!^wDH891!WD
zr?sAQjsnMY_!kbuzI~NPTx@p%=Q2MGvhrSK?YdZ-3e>oTU~&EAH65&?@+isG?BcE}
z4I*h4VS)mK%sg^avHGa>(@%D9#2eN-;A(UOSdkbCL+-Ex5b=@sm?-NS8XMsyM?488
zP{s6mM^c!Rz;kp_452Uk*LVkX3x)^p&64OhyRMIZT~UB851Ue{f^OaV+A(u!KQB6s
zW45~H;l5`G{d-TT;pEz0GHtlEE=3SsyXdwVR#1sp{Cc9*VlHbsIIUv6go;`k5ZGh3
zkNTcKY?20aRN8t!Oa5yx$^QL00XhEWy(LZ$f%80AqgIO_<>F;sX&}53OqhASLM$?)
zeUn@N0MD}c-9T9O@z`>~v(Tu4B&E6R3#L$|0=5nUid=Xo
zeme*kf8}MOadoSNlR-8x%zjn{YyJ0^(sz?N!~5&qQj?0bc3(&2OLD_XCujoiS7|MW9w*15f(TAK8%G`2q2$08SXu;oE`3@S2_QBeY
zQvZR7-Wk1MQ>UdKLm`wxn$Y#Af_={5JW;Y6nNsb2#Q$vyc}Q9pjjW{qRUsu{}pl~As$&GElo@ixn&B`1ywGdE-o@X`P%Gr+5Yy=9>02C=S
zVO=hGAx&Eg)qP|{BAtl6-&X4Gsx5%qQi?~}E&@m1xYncl%s6ON@FHs=&x3(a;C8@U
zaolvZtGH*FG3r~T-#}hgsVH>b?~Y=reLfU4j=zgGdCdMfou#LE`gal5!q6Ao?HPg;
zRK))x`nQZ&|BdKMvIN4i>`00PigTBWIZtNIRsH>)DxQ
z$x)#dPgZF>XlAO15Yi790?*AWYJMTMxF0*p`XUy}6oqR;4YubMO0i0MT$?OfI_Oa4
zhcZrs+eLhF72(#)m(f)^VdzP5*!9Z)+7}ARufsQD1at1O;$&*L!>G5rlL
zw+mLfWCxU{^=vQk4iCduWczj=X#_{}olkvPNElEU!p}P;xC4ah)N@h}f+vSn#$JqV
z=I{};6BG)0PRGkUY!mI8(*+tQvYSp5r|1~@Kh|~>y=Okb^2~qxEXUlVa2)Fi3T-_dS4f6
zgf^3GC^!F-Y;w_F;PQw^5{_MF`e!R(^cWJnM}$BWg|*cHe_AAjzsfbc(V!8)pdxCk
zMBdGfrpN;oIh^gjFx(?HTvcVB{0qi^--sq0$5nV?;zUg`j|(XL9)#QMaiJE>ix~|)
zlIWq%+QNv!oR^q%FUT_o*`~@dy3;Ued&aw@4R#NVp6g;#Q`XfmJufA>q~WfZ@Sz9l
z;@!`c)||CMXHWEQRL3s_o=b2%#mq(6+w0p*wvLE7#X7{*h_y|~&p)$na6A_BzdJ(5
zV|y1<2}X`fMRQ)O
z>{$wY-Z7?EWEnqeR@Z1P{quxH?$>Ag4lwFI1vNb}nnkkas!UKMh)jJYlhfh7VaubY
zRk}8aGE2YmQcQdD2ft72=L49?H%f0QDk4k9i0qOCIel}8Tpz)bER_e8qTOiEVr7fM
zE9TTK$>}0bqSE(l_!pj9ltd+xn^j%ibq!KO)#K1E3`3!8U64^;42_oV6sSw7hcX!5
zo(x{2Sxn@dwMQLzco{hek2EaaGxgNidMv&vqk~O~kCa?b-BS+50=pa5oS_XpgZ$r>
z`!<`rV|}qmC2n5gH764K^YyD+_-gzO<_!0F6E{b2@8lHMzt)UQJF21&@#WHObvLNp
z+EtYX)|OteUgbWW{sF2p_)&KYAa&Y;V{uL?{g%G9aO}|=NNx`Uj8}`~Zsb@ky3KL|
zDh*OObt1PKR|F!VcJ#a#JSdmOl)30OL<$B)Q&^d3D1g3O)tP0{#UuqVS1@91O~(o6
zHEz4&s8<%F?$iRC=K^JYs3^A2#{Qge5rPAY7zGCv37Sy4Kr6?%{)jM;6Q#TDtfJZd
z2ydRtdT|X$`4*EM)Jh-6J5m2+PAi$Kt~^xX+fT^#bN&i2jf2utLpG^-_!X5>NSPy)m-^wRvH{|JSCUve^o6cY+;`2+-
z_gO@i<=eZRGsZ-XNt{PtPO8OaxD12Fqt8=zf4ut#bE~Or)Q51(-$lXVTDRE98ndls*9a4&*84*&LP54r)ZEr%`xSO;^eR@FWW^V
z(UdNknb-=_bLvS$ufic%OVkQnt})Z?r4YNgaV)5(~J%_3`+0ed|fHJfZWRI#D%d_msY)|9J9c=V8+=H!uO*;bpN=Bq6z6ULR3gh6}&6{AwLIRFbDbc
zKtcjV^q?wa{0P}2>`cU1OR>ast8AZRiCmMN!C)F_eFZS<)+Aj|WbT)?Xx^o8`8n4m
zdbOgenIoiMam?ymxb>v>U0a3XoM?jii>2RP@R4D&=%-{O-_Fv>mGc1Ax9w9cEl{Bn
z;Ge;|OH{vu4TAPI4BfVb8plka3$>@ZbwBly)P8#^Vx{JxJR9S{-(Lv
zVewy|^0FeuxG6xm3?Sro3{
zfBWdA7AkG~FESno=*1S}?;SaR0=SZc#gL27OR(O??)!iMFtecwjze);w-nCFR1hD9mA46ZG-&
z`i-%8zT8e7qV}DyI!|Mr6ed4Dl;EZWK4Lg=^Jm&CuGA@HDION+>Fm-rC;?pF;tP7<
z*h-T>?}1C_Md~}G#yY(9eux&ON?T9>@aBWW(;dK$(aGX&fG$^wAwZ
z<1pl}wxGV{hcmz$Sly-u79mChI4EpeKeb%PNSb3r5DV+^`$cQ5lM}$Y^ndoI&nB^)
z4Y*Zy>iKk;CfC?#URcbMT*W+-&uH}iMB-2nM(KZ)5ozckxi4!nYYG&f6{*sWC2k{F
zB_-Av#%C@sQ-!2hdU`c-J7CBRInkK-^()lajj2juXVG~MC)hjpM`>pT#IvUiR}e_F
z7%bm*yA#i_T&M4QE-Qo^LU)>1M0h3Iga1GXRv@PxtaBf~_z;J}p&E`rGm^Ce=F){5
z{4x)9?`XJj7!pabx@KHGRhBs5zAE}jbK()6ol(sNjr~ND4^-)IzpOOP@6-Nl9|23|
zritq{uCran#r;zn6!KCJ{N>{tk%!_0&?H=gY#PTv*(cv3IXfZk@GS?N?@~neCBCD%@@bFqdhD0rSC4n9PvA=&%oya=m}_SnT-b2laK9&
z{)(;q3TD<#OY+2r+N0ORb6k5ptMqx3|3MnUUwY}m($vA2_?>0Y_9HXX(VCcD9*`2>RK!FOtoL}CC6^9T5;24~DVuSLxc
zHeTVPb?PMi_lLw9TTas0?=1POvZP5vkYZ%PLGI1??V(DfAWml3=MY|>XTe*Kr#H`?
zQ7;lsv{eq`jXkABz;QD3*qa1geHoY8wu0NDHnY+K*IUAR%d)LO923josKzGo1|*Vu
zIj7GG0=}T>JjNe!E0m4>A6_#2!wF$E$uZ}rk<(R3eR}w4dw{sfv9)|kjEGf6FMD!+
zlYycK*!F8o!;-hNe$>HDpkx%hswN9>MHAAl4u@t3GLMhHO-zP``Z64B_`0}$tprL1bdC7~md|FlY3H+jrEJYe#1#X4~0Su%5W6f0dm<=M`@Le)*q3PYb
zaDIap>+RNv6;BS^?G+%TF2{Dw*||lDSu4=1p(XUKTJaU$44{)BWoQQbqYKvWfYBCA
zHta$_kObEYTrkFcSTQKBc_3K%?!3qY2u%{kB`t5tE`kz5@Q!5XfB={0ZIhCUKoQ=B
zwRfAh6F)RtvTm^uPY7A2sN*xXF|{@nN#ldx4EekuXrXw55f{mQCP|p4V`$j&li84f
zcgL~3G23zWp{x5^yfhy^M{;Ex$qMK?RCoS4LUv`2HBtNx!35FSo2!^SBh
zC}0Z0LtsSd4m_3hTYFFhfnIx)fxry7z4`a7%$)@Y+t7+Kho|7V=@3yHxXcnIUW;ug
z=<(hio69COz{N+S`e!)zv$pXf7?D|4GsMS*rq5gS-rkzfI-$iRw`{Kpi(3VWVqAgx
zRGGp)n+&E2_MBITy~{ynFIp|xz={~Nz!f-;XhkFC@tv0&5}lx1xc8zmj?jFJ6|@k|
z<0l7yH;r%%|0d7l<1Lw-hsA~FAa7_E9?>rt7Pky6A^)B-0J0B$xq%l_IzHxob$@~u
zCZGLNs!saHP0(t=n-K!gO&P1Ttl978-|tO@gPH21w6gCZRA%$#5x9VWHh=tRdj)jj
zk=ud!r?731!5Z`+3vfiEKD&B}T627;f@$)%7#UGhxC~~bAU4%^x7IyDyR#txxuqfC
zB6Wz{L(5{cz|l>8F<^>ic4UaXf!^pq!!k~;YjyJ)DPLM_=xootQC(lISRt#?JA-xT
zot@sk8{bqx6|M=%mA%9QGc~iNZ9Upt##O+cGD3>DxC^A_<8w2`f_sX5XBjN|-1!1z
zqhTEIFO|o)QMV`gq&wRe{&YG${XL~hW`Ejp7sjow5jJ8pZr;w7Ip=8erm#jPiRfr#
z#ietVmY6u*A}uqS!u3>B)jXhIAK#OEnVP#~vomsCJhWnt{{L()I-&AV
z)9fY0XfeSm4DxISac~I#W?%d7(x>JE}ESkUE%s`%~$Uvd9mVGNX;(ZJX7G!>g4d
z8|1~<>wf5rZQ$q>x`?=hA!oC&lIJ?p1|Dmw5_nM%kt)y_C$F_kJ4`!t
z_6hPCjd?*U4dt^JAwe)e&qr8y!@N;%s=3@Cr7@zI9ivFe!X=M?w2E99S&JGb8kjgTG+#(ibl=U+?uk-PaCL29`~>{1*YVNF
z4lxJ*Kc8+P`LR^aYBsny%xIPhA
z)eB;`__LqlQBlfzUv?h2(gklOP)1k-7)gfkgwNGM8dfl-2o>OUw66dgx5Fu~*T#{MT(;~xs
zFIyjB4>N8^>4m<-`&&r&YAEybMQy*sephQYL0gvn3?k5;^HYrkbO1dLy&XV2d*>1T
z_m{In5aN#uEU$=_J7Yi^AyQLO@Hs(ZjsRJQAPoy3;UJfR-d>~*!R|pl#Di=-ULY+o
zC+B5ijxEogI(<$6HU50=6z01u#OA>!IpI=4-=2$RRV+{ay|D@sbAU#Ird^SBo{>&r
zW|@~_?~z?-@{=-bw%zDXpYlf?oV~JC>&wSh0^bC6Q+OZE_CU)MQI>*n4+Fh|#3H3#
zXom1qyS#^2(85*YUNF>UA8Z#94XKM*Pmd>y;Nc5Ol*og7v22(g-JD1ygZt?mSRtC`
zGACBMtP)3J9LE{6NO&{xIO40cJw3zWY)!en)qrPRK-5prw14q?_Yj4Mt*=aYsxTtq
zgFgz+xTixH(h0Yf?E8B5F~;rVP!4MjvGxgoYPvel-xAl0cQy}ddd9|5-66-omKyK;
zTgvz&4z<;Z*|8)b+`f#WY3Ipobr;;DX!6_d+$XjKOwX^zP$=!(7}O#J7gC10*+uGj
ztE8!+?24~{XeZEc6-u_WT{W0T_!5twU&-e_lVuf9LlsPunZTFt&?sgzMY%asn_RZ>
zmA!^zg>8S9l-SrQ1b>;jx6!Yr6U%cJIeDC}m!~tkTr~JXrexc*9@rv#@G(VrB9{b<
zIMprz`VJlK?my^mR^Uw#azROoTWD%LN@g|>oQev!1u1E9^6=QKX@TGeDyjtPOf$~7
zWKSp%M0I=guoR#Vdv4|_mV+$jhLlQ>woIVj!br(Mff9`xZ46GaW6y-GmAO@6u)GBi2MMUrhkXs<$-xYlKTwr+bgs7nc4S!i
z$LUPWCe@jO5TO5MPbN)}e4iaUrE~RL<;7|6E#cmI*@E%7bl^VO-)+7)PM5HTj`o-gQDe@QWkOdg0w*^^*x0u&UnH-PB96ZgyG%3C=C08MNoil#5
zRQ#oX4~p@;%CQiBB%57{Bx^Pr |