From 718348e9db7492cd8b8c4e24e5c947a1336f40d5 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Mon, 13 Mar 2023 10:29:20 +0100 Subject: [PATCH 01/19] Import .editorconfig (#589) * Import .editorconfig, see https://editorconfig.org. * Currently only general settings are available, but they can be split depending on the file extension/type. * Fix input name in check-spelling action --- .editorconfig | 15 +++++++++++++++ .github/workflows/spelling.yml | 4 ++-- 2 files changed, 17 insertions(+), 2 deletions(-) create mode 100644 .editorconfig diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000000..dc4d828c69 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,15 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +charset = utf-8 +# Use Unix-style new lines +end_of_line = lf +insert_final_newline = true +# Default indentation is two spaces +indent_style = space +indent_size = 2 +# Remove whitespaces at end of line +trim_trailing_whitespace = true diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 26f3c69d68..d49509ce6b 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -121,7 +121,7 @@ jobs: uses: check-spelling/check-spelling@prerelease with: checkout: true - spell-check-this: check-spelling/spell-check-this@prerelease + spell_check_this: check-spelling/spell-check-this@prerelease task: ${{ needs.spelling.outputs.followup }} comment-pr: @@ -137,7 +137,7 @@ jobs: uses: check-spelling/check-spelling@main with: checkout: true - spell-check-this: check-spelling/spell-check-this@prerelease + spell_check_this: check-spelling/spell-check-this@prerelease task: ${{ needs.spelling.outputs.followup }} experimental_apply_changes_via_bot: 1 From 2fde37aac618c749176c6d6b446e40d7858cf1b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enol=20Fern=C3=A1ndez?= Date: Tue, 14 Mar 2023 17:28:42 +0000 Subject: [PATCH 02/19] Deal with #590 (#591) # Summary --- **Related issue :** #590 --- content/en/users/getting-started/architecture/_index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/en/users/getting-started/architecture/_index.md b/content/en/users/getting-started/architecture/_index.md index 3dac6d40e4..2c06b5aacd 100644 --- a/content/en/users/getting-started/architecture/_index.md +++ b/content/en/users/getting-started/architecture/_index.md @@ -174,7 +174,7 @@ available for visualisation at #### Cloud Usage Record The federated cloud task force has agreed on a Cloud Usage Record, which -inherits from the [OGF Usage Record](https://www.ogf.org/documents/GFD.98.pdf). +inherits from the [OGF Usage Record (GFD.204)](https://ogf.org/documents/GFD.204.pdf). This record defines the data that resource providers must send to EGI's central Accounting repository. From e30bb853d085fc9b484ddbf104b510c24dcbe22e Mon Sep 17 00:00:00 2001 From: Sebastian Luna-Valero Date: Mon, 20 Mar 2023 09:54:10 +0100 Subject: [PATCH 03/19] Update DMCC docs (#592) Updated instructions on how to to use the EGI infrastructure for Disaster Mitigation and Agriculture community. --- .github/actions/spelling/allow.txt | 1 + .github/actions/spelling/expect.txt | 5 +- .../communities/dmcc/_index.md | 207 ++++++++++++++---- 3 files changed, 171 insertions(+), 42 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index fe10aba4c5..dbe594b3d1 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -24,6 +24,7 @@ RDIG RTX RWO SGs +Sinica STARTD STORAGECLASS SUs diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 382270fbff..6c3dd8d187 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,8 +1,9 @@ # Expected "words" that aren't in the dictionary, one word per line. # Some arbitrary strings that are in test files that aren't really words. # They should be removed if the test are changed/removed. -microk8s +CVMFS diracsgm +microk8s +mytoken reponame sgm -mytoken diff --git a/content/en/users/getting-started/communities/dmcc/_index.md b/content/en/users/getting-started/communities/dmcc/_index.md index 479b066108..f22bcfb2d3 100644 --- a/content/en/users/getting-started/communities/dmcc/_index.md +++ b/content/en/users/getting-started/communities/dmcc/_index.md @@ -7,66 +7,193 @@ description: > EGI infrastructure for the Disaster Mitigation and Agriculture community --- -This is the documentation to support the **Disaster Mitigation and Agriculture** -community. +This is the documentation of the resource pool that exists in EGI to support the +**Disaster Mitigation and Agriculture** community in the Asian Pacific region. +The resource pool is called `vo.environmental.egi.eu` Virtual Organisation (VO). -## Researchers +## About the community -### How to get access +Hazard risk estimation and prediction by numerical simulation is crucial to +disaster mitigation studies and applications. The Disaster Mitigation and Agriculture +community investigates in-depth the mechanisms of the selected disaster events and +develops the appropriate simulation models to reproduce the processes by case studies. +The collaboration framework aims at becoming an open science platform of disaster +mitigation so that all the tools, data, resources and simulation facilities are sharable, +and the simulations are reproducible. -Getting access to the EGI infrastructure consists of the following steps: +## About the Asia Pacific resource pool -1. [Sign-up](../../../aai/check-in/signup/) for an EGI Check-In account. -1. Request to join the `vo.environmental.egi.eu` Virtual Organisation (VO) - by visiting the [enrollment URL](https://aai.egi.eu/registry/co_petitions/start/coef:369) - with your EGI Check-In account. The subscription requires approval from the - VO Manager. -1. Access the cloud-based resources at CESNET-MCC: - * [Horizon OpenStack dashboard](https://dashboard.cloud.muni.cz/) - * Project name: `vo.environmental.egi.eu` - * Project ID: `29e6fbf618984a0c98ffcdf0222ad815` - * Network ID: `group-project-network` - * Security Group: ingress traffic to port 22 (SSH) is enabled +The purposes of the `vo.environmental.egi.eu` Virtual Organisation (VO) in EGI are to: -### How to bring your scientific application to the EGI infrastructure +* Facilitate open science in the Asian Pacific region; +* Enable sharing of cloud resources from the region; +* Facilitate application sharing from the region; +* Facilitate data sharing related to environmental sciences from the region. -The official solution to distribute software in the EGI Infrastructure -is to use [CVMFS](https://cernvm.cern.ch/fs/), the Software -Distribution Service developed to assist High Energy Physics collaborations -at CERN. For more details, please refer to the -[Contend Distribution](../../../compute/software-distribution/) documentation. +This resource pool is supported by the following services: -The following alternative solutions for sharing scientific software in the -EGI Infrastructure are also available: +* [EGI Cloud Compute](../../../compute/cloud-compute/), +* [EGI Notebooks](../../../dev-env/notebooks/), +* [EGI Replay](../../../dev-env/replay/) -* Use the [EGI Applications Database](https://appdb.egi.eu/) (AppDB): - either [packaging your application in a custom Virtual Machine](../../../compute/cloud-compute/images/) - or [uploading a Virtual Appliance](https://wiki.appdb.egi.eu/main:faq:how_to_register_a_virtual_appliance). -* Use [Docker](https://www.docker.com/) containers via the - [EGI Cloud Compute Service](../../../compute/cloud-container-compute/). +This resource pool currently includes the following Cloud resources: -To get started, have a look at the tutorial to -[create your first Virtual Machine](../../../tutorials/create-your-first-virtual-machine/) -in the EGI Infrastructure. +* 16 vCPU cores, 48 GB of RAM, and 1 TB of block storage +(provided by [CESNET-MCC](https://www.egi.eu/partner/cesnet/)). -### How to bring your data to the EGI infrastructure +## How to get access to the Asia Pacific resource pool -For managing data, different Data Management services are available in the EGI Infrastructure: +Getting access to the Asian Pacific resource pool (`vo.environmental.egi.eu`) +consists of the following steps: + +1. Sign-up for an [EGI Check-in account](../../../aai/check-in/signup/). +1. Request to join the `vo.environmental.egi.eu` Virtual Organisation (VO) by + visiting the [enrollment URL](https://aai.egi.eu/registry/co_petitions/start/coef:369) + with your EGI Check-in account. The subscription requires approval from the VO Manager. + +## How to use the EGI Notebooks service in the Asia Pacific VO + +Verify that you have already a valid EGI account and that your are members +of the Asia Pacific resource pool (See the instructions reported in the +[How to get access to the Asia Pacific resource pool](#how-to-get-access-to-the-asia-pacific-resource-pool) +section for more details). + +Access the EGI Notebooks service at: +[https://notebooks.egi.eu/](https://notebooks.egi.eu/) + +### Write and run your notebook + +Use the JupyterLab web interface to launch the notebook with one of the available +Kernel: **R**, **Python**, **Octave**, **Julia** and **Matlab**. + +Datasets in the EGI Notebooks can be accessed via: +**CVMFS**, **DataHub**, and **B2DROP**. More additional information on how to +configure notebooks to access data on CVMFS, DataHub and B2DROP will be provided +in the sections below. + +### How to make datasets and applications available in CVMFS + +* Access the [VO ID card](https://operations-portal.egi.eu/vo/view/voname/vo.environmental.egi.eu) + in the EGI Operations Portal. +* Get the VO Admin (or VO Manager) for the `vo.environmental.egi.eu` VO + (see the "Generic contacts" table in the EGI Operations Portal). +* Request access to the service (sending an email to cvmfs-support@gridpp.rl.ac.uk) + to add new content in the CVMFS repository (for the `vo.environmental.egi.eu` VO). +* Wait until the application is published in the CVMFS repository. +* Sending an email to notebooks-support@mailman.egi.eu to enable + the access to the CVMFS repository in the EGI Notebooks service. + +### How to make your datasets available in DataHub + +Whenever you log into the EGI Notebooks service, supported DataHub spaces +will be available under the `datahub` folder. If you need support for any +additional space, please open a [GGUS](https://ggus.eu/) ticket to add it. + +By default the `notebooks-shared` space is open for writing to any +EGI Notebooks user part of the `vo.notebooks.egi.eu` VO. Please check the +[File Management](../../../data/management/datahub/file-management/) section in +the EGI DataHub documentation for more information on how to upload files. + +### How to make your datasets available in B2DROP + +The data on [B2DROP](https://eudat.eu/services/b2drop) can be synchronised +with EGI Notebooks so you can share content between the two services. +This offers an easy-to-use storage and compute platform for the long-tail +of science. Here is how you can get them synchronised: + +* First, make sure you have a B2DROP app `Username` and `Password`. +* Upload your datasets in the B2DROP repository. +* Launch your notebook selecting the + [B2DROP connection](../../../dev-env/notebooks/data/#eudat-b2drop) + from the available service options. +* A B2DROP folder will be available in the list of folders (left panel) + of the EGI Notebooks. + +## How to use the EGI Replay service in the Asia Pacific VO + +Verify that you have already a valid EGI account and that your are members +of the Asia Pacific resource pool (See the instructions reported in the +[How to get access to the Asia Pacific resource pool](#how-to-get-access-to-the-asia-pacific-resource-pool) +section for more details). + +Access the EGI Replay service at: +[https://replay.notebooks.egi.eu/](https://replay.notebooks.egi.eu/) + +Reproducible notebooks can be provided as GitHub repositories or via DOIs. + +### How to make notebooks reproducible and shareable + +See the +[EGI training tutorial at ISGC 2023](https://indico4.twgrid.org/event/25/sessions/254/#20230321). + +## How to use the Cloud resources allocated to the Asia Pacific resource pool + +Access the cloud-based resources at CESNET-MCC via the OpenStack Horizon dashboard: + +* [Horizon OpenStack dashboard](https://dashboard.cloud.muni.cz/) +* Authenticate using: `EGI Check-in` +* Project name: `vo.environmental.egi.eu` +* Project ID: `29e6fbf618984a0c98ffcdf0222ad815` +* Network ID: `group-project-network` +* Security Group: ingress traffic to port 22 (SSH) is enabled + +### How to share data + +For managing data, different Data Management services are available in the +EGI Infrastructure: * [EGI DataHub](../../../data/management/datahub/) * [EGI Data Transfer](../../../data/management/data-transfer/) * [EGI Data Orchestrator](../../../data/management/rucio/) -* [OpenRDM](../../../data/management/open-rdm/) -For more information, please see the [Data Management section](../../../data/management/) and -the [tutorials](../../../tutorials/). The following tutorials may be relevant: +For more information, please see the +[Data Management](../../../data/management/) section and the +[tutorials](../../../tutorials/). + +### How to bring your data in the EGI DataHub from a VM + +To access data remotely stored in EGI DataHub like if they were local, +using traditional POSIX command-line commands you need to install the +`oneclient` component. For more details on how to install and configure +the component, please see the +[Access DataHub from a Virtual Machine](../../../tutorials/vm-datahub/) +documentation. [Access via API](../../../data/management/datahub/api/) +is also available and it’s leveraging the integration of the service with EGI Check-in. + +In order to access an existing space on EGI DataHub or ask for hosting +your data in DataHub please contact our [Helpdesk](https://ggus.eu/). + +Additional tutorials may be relevant: * [Create a Virtual Machine with Jupyter and DataHub](../../../tutorials/jupyter-datahub-virtual-machine/) -* [Access DataHub from a Virtual Machine](../../../tutorials/vm-datahub/) -## Service Providers +### How to transfer your data to the EGI infrastructure via EGI Data Transfer + +[EGI Data Transfer](https://www.egi.eu/service/data-transfer/), +based on the FTS service, allows scientists to +**move any type of data files asynchronously from one storage to another**. +The storage can be either any grid storage in the EGI infrastructure +or a cloud storage implementing the S3 interface. + +Relevant tutorials: + +* [Data Transfer with Grid Storage](../../../tutorials/data-transfer-grid-storage/) +* [Data Transfer with Object Storage](../../../tutorials/data-transfer-object-storage/) + +### How to use the EGI Data Orchestrator + +The [EGI Data Orchestrator](../../../data/management/rucio/), +based on the Rucio service developed at [CERN](https://rucio.cern.ch/), +is mainly offered for Communities for specific distributed data management +needs as explained in our [use cases documentation](../../../data/management/rucio/#rucio-use-cases). + +Dedicated [Getting Started documentation](../../../data/management/rucio/getting-started/) +is available to start the evaluation of the service and to access +the resources made available by the +[dteam VO](../../../data/management/rucio/dteam-vo/) +that is used for testing. -### How to contribute cloud resources +## How to contribute with cloud resources The steps that an OpenStack cloud provider needs to follow to add resources to the Disaster Mitigation and Agriculture community From ee17bd478f53efe8d09d286b3f21a5d5b5fcfdf3 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 11 Apr 2023 10:04:30 +0200 Subject: [PATCH 04/19] Prevent editorcondig-checker to look in markdown files (#594) Prevent editorcondig-checker to look in markdown files as it triggers too many false positives, cf #593. --- .github/linters/.ecrc | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/linters/.ecrc diff --git a/.github/linters/.ecrc b/.github/linters/.ecrc new file mode 100644 index 0000000000..e423169d28 --- /dev/null +++ b/.github/linters/.ecrc @@ -0,0 +1,16 @@ +{ + "Verbose": false, + "Debug": false, + "IgnoreDefaults": false, + "SpacesAfterTabs": false, + "NoColor": false, + "Exclude": ["\\.md$"], + "Disable": { + "EndOfLine": false, + "Indentation": false, + "InsertFinalNewline": false, + "TrimTrailingWhitespace": false, + "IndentSize": false, + "MaxLineLength": false + } +} From 8b3fe5720f895f73277798adade520f278a24d93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franti=C5=A1ek=20Dvo=C5=99=C3=A1k?= Date: Thu, 13 Apr 2023 08:37:38 +0200 Subject: [PATCH 05/19] Update resources limits and supported VOs for Notebooks (#595) # Summary Update details in Notebooks and Replay (Binder) service: * resource limits * enabled VOs --- content/en/users/dev-env/notebooks/_index.md | 7 ++++++- content/en/users/dev-env/replay/_index.md | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/content/en/users/dev-env/notebooks/_index.md b/content/en/users/dev-env/notebooks/_index.md index 432e06b41a..87f344d967 100644 --- a/content/en/users/dev-env/notebooks/_index.md +++ b/content/en/users/dev-env/notebooks/_index.md @@ -53,7 +53,7 @@ in, write and play and re-play notebooks by: 3. [accessing https://notebooks.egi.eu/](https://notebooks.egi.eu/) This instance has limits on the amount of resources available for each user (2 -CPU core, 4 GB RAM and 20 GB of storage). It will also kill inactive sessions +CPU core, 6 GB RAM and 20 GB of storage). It will also kill inactive sessions after 1 hour. The central instance supports the following VOs: @@ -65,6 +65,11 @@ The central instance supports the following VOs: - [biomed](https://operations-portal.egi.eu/vo/view/voname/biomed) - [vo.reliance-project.eu](https://operations-portal.egi.eu/vo/view/voname/vo.reliance-project.eu) - [eiscat.se](https://operations-portal.egi.eu/vo/view/voname/eiscat.se) +- [eval.c-scale.eu](https://operations-portal.egi.eu/vo/view/voname/eval.c-scale.eu) +- [vo.panosc.eu](https://operations-portal.egi.eu/vo/view/voname/vo.panosc.eu) +- [vo.environmental.egi.eu](https://operations-portal.egi.eu/vo/view/voname/vo.environmental.egi.eu) +- [vo.lethe-project.eu](https://operations-portal.egi.eu/vo/view/voname/vo.lethe-project.eu) +- [vo.cessda.eduteams.org](https://operations-portal.egi.eu/vo/view/voname/vo.cessda.eduteams.org) ### Notebooks for communities diff --git a/content/en/users/dev-env/replay/_index.md b/content/en/users/dev-env/replay/_index.md index 03d345725a..d7cc290315 100644 --- a/content/en/users/dev-env/replay/_index.md +++ b/content/en/users/dev-env/replay/_index.md @@ -32,7 +32,7 @@ additional features: - Access to scalable storage: selected storage spaces of EGI DataHub are directly available under the `datahub` folder, simplifying the access to shared data from Binder notebooks. -- Guaranteed capacity: environments have 2GB of RAM guaranteed and can reach 4GB +- Guaranteed capacity: environments have 2GB of RAM guaranteed and can reach 6GB as maximum. - Persistent sessions: There is no hard limit on the session time per user, although sessions will be shut down automatically after 1 hour of inactivity From 7e8ac6d7b57d3845005bcf3d1d602cf460fbe240 Mon Sep 17 00:00:00 2001 From: Nick Evangelou Date: Tue, 18 Apr 2023 16:40:27 +0300 Subject: [PATCH 06/19] [Check-in] Introduce new attributes to replace the deprecated ones (#593) # Summary This PR introduces the following changes: - Add `distinguishedName` in the deprecated attributes table of the SAML migration guide - Remove `eduPersonScopedAffiliation` attribute from "Affiliation" attribute description - Add description for "Subject DN" attribute - Add description for "Issuer DN" attribute - Update Claims/Scopes table - Update Attribute Descriptions --------- Co-authored-by: Baptiste Grenier --- content/en/providers/check-in/sp/_index.md | 141 +++++++++++++-------- 1 file changed, 89 insertions(+), 52 deletions(-) diff --git a/content/en/providers/check-in/sp/_index.md b/content/en/providers/check-in/sp/_index.md index c454930dda..adabdc4f07 100644 --- a/content/en/providers/check-in/sp/_index.md +++ b/content/en/providers/check-in/sp/_index.md @@ -349,6 +349,7 @@ the table below: | Deprecated Attributes | New Attributes | | ---------------------------- | ----------------------------- | +| `distinguishedName` | `voPersonCertificateDN` | | `eduPersonScopedAffiliation` | `voPersonExternalAffiliation` | | `eduPersonUniqueId` | `voPersonID` | @@ -531,15 +532,16 @@ UserInfo Endpoint: -| Scope | Claims | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `openid` | `sub` | -| `profile` |
  • `name`
  • `given_name`
  • `family_name`
  • `preferred_username`
| -| `email` |
  • `email`
  • `email_verified`
  • `voperson_verified_email`
| -| `aarc` |
  • `name`
  • `given_name`
  • `family_name`
  • `preferred_username`
  • `email`
  • `email_verified`
  • `voperson_verified_email`
  • `voperson_id`
| -| `eduperson_entitlement` | `eduperson_entitlement` | -| `eduperson_scoped_affiliation` | `eduperson_scoped_affiliation` | -| `voperson_id` | `voperson_id` | +| Scope | Claims | +| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `openid` | `sub` | +| `voperson_id` | `voperson_id` | +| `profile` |
  • `name`
  • `given_name`
  • `family_name`
  • `preferred_username`
| +| `email` |
  • `email`
  • `email_verified`
  • `voperson_verified_email`
| +| `aarc` |
  • `name`
  • `given_name`
  • `family_name`
  • `preferred_username`
  • `email`
  • `email_verified`
  • `voperson_verified_email`
  • `voperson_certificate_dn`
  • `voperson_certificate_issuer_dn`
  • `voperson_external_affiliation`
  • `voperson_id`
| +| `eduperson_entitlement` | `eduperson_entitlement` | +| `voperson_certificate` |
  • `voperson_certificate_dn`
  • `voperson_certificate_issuer_dn`
| +| `voperson_external_affiliation` | `voperson_external_affiliation` | @@ -1783,20 +1785,20 @@ connected to Check-in. ### 1. Community User Identifier -| attribute name | Community User Identifier | -| ----------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **description** | The User’s Community Identifier is a globally unique, opaque, persistent and non-reassignable identifier identifying the user. For users whose community identity is managed by Check-in, this identifier is of the form `@egi.eu`. The `` portion is an opaque identifier issued by Check-in | -| **SAML Attribute(s)** |
  • `urn:oid:1.3.6.1.4.1.25178.4.1.6` (voPersonID)
  • `urn:oid:1.3.6.1.4.1.5923.1.1.1.13` (eduPersonUniqueId)
| -| **OIDC scope** |
  • `voperson_id`
  • `aarc`
  • `openid`
| -| **OIDC claim(s)** |
  • `voperson_id`
  • `sub`
| -| **OIDC claim location** |
  • ID token
  • UserInfo Endpoint
  • Introspection Endpoint
| -| **origin** | The Community User Identifier is assigned by Check-in or an external AAI service managing the community identity of the user | -| **changes** | No | -| **multiplicity** | No | -| **availability** | Always | -| **example** | `ef72285491ffe53c39b75bdcef46689f5d26ddfa00312365cc4fb5ce97e9ca87@egi.eu` | -| **notes** | Use **Community User Identifier** within your application as the unique-identifier key for the user. Obtaining the Community User Identifier from the `sub` claim using the `openid` scope for OIDC Relying Parties or from `eduPersonUniqueId` for SAML Service Providers will be deprecated. OIDC RPs should request either the `voperson_id` or `aarc` scope to obtain the Community User Identifier. SAML PRs should request the `voPersonID` attribute to obtain the Community User Identifier. | -| **status** | Stable | +| attribute name | Community User Identifier | +| ----------------------: | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| **description** | The User’s Community Identifier is a globally unique, opaque, persistent and non-reassignable identifier identifying the user. For users whose community identity is managed by Check-in, this identifier is of the form `@egi.eu`. The `` portion is an opaque identifier issued by Check-in | +| **SAML Attribute(s)** | `urn:oid:1.3.6.1.4.1.25178.4.1.6` (voPersonID) | +| **OIDC scope** |
  • `voperson_id`
  • `aarc`
| +| **OIDC claim(s)** | `voperson_id` | +| **OIDC claim location** |
  • ID token
  • UserInfo Endpoint
  • Introspection Endpoint
| +| **origin** | The Community User Identifier is assigned by Check-in or an external AAI service managing the community identity of the user | +| **changes** | No | +| **multiplicity** | No | +| **availability** | Always | +| **example** | `ef72285491ffe53c39b75bdcef46689f5d26ddfa00312365cc4fb5ce97e9ca87@egi.eu` | +| **notes** | Use **Community User Identifier** within your application as the unique-identifier key for the user. Obtaining the Community User Identifier from the `sub` claim using the `openid` scope for OIDC Relying Parties or from `eduPersonUniqueId` for SAML Service Providers has been deprecated. OIDC RPs should request either the `voperson_id` or `aarc` scope to obtain the Community User Identifier. SAML PRs should request the `voPersonID` attribute to obtain the Community User Identifier. | +| **status** | Stable | ### 2. Display Name @@ -1919,20 +1921,20 @@ connected to Check-in. ### 9. Affiliation -| attribute name | Affiliation | -| ----------------------: | :--------------------------------------------------------------------------------------------------------------------------------------------------------- | -| **description** | The user's affiliation within a particular security domain (scope) | -| **SAML Attribute(s)** |
  • `urn:oid:1.3.6.1.4.1.5923.1.1.1.9` (eduPersonScopedAffiliation)
  • `urn:oid:1.3.6.1.4.1.25178.4.1.11` (voPersonExternalAffiliation)
| -| **OIDC scope** | `eduperson_scoped_affiliation` | -| **OIDC claim(s)** | `eduperson_scoped_affiliation` | -| **OIDC claim location** |
  • UserInfo Endpoint
  • Introspection Endpoint
| -| **origin** | Check-in assigns this attribute on user registration | -| **changes** | Yes | -| **multiplicity** | Multi-valued | -| **availability** | Always | -| **example** |
  • `member@example.org`
  • `faculty@example.org`
| -| **notes** | Service Providers are encouraged to validate the scope of this attribute | -| **status** | Stable | +| attribute name | Affiliation | +| ----------------------: | :------------------------------------------------------------------------------------------- | +| **description** | The user's affiliation within a particular security domain (scope) | +| **SAML Attribute(s)** | `urn:oid:1.3.6.1.4.1.25178.4.1.11` (voPersonExternalAffiliation) | +| **OIDC scope** | `voperson_external_affiliation` | +| **OIDC claim(s)** | `voperson_external_affiliation` | +| **OIDC claim location** |
  • UserInfo Endpoint
  • Introspection Endpoint
| +| **origin** | When available, this information originates from the user's authenticating Identity Provider | +| **changes** | Yes | +| **multiplicity** | Multi-valued | +| **availability** | Not always | +| **example** |
  • `member@example.org`
  • `faculty@example.org`
| +| **notes** | Service Providers are encouraged to validate the scope of this attribute | +| **status** | Stable | ### 10. Groups @@ -1991,13 +1993,13 @@ connected to Check-in. | ----------------------: | :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **description** | Assurance of the identity of the user, following [REFEDS Assurance Framework (RAF)](https://refeds.org/assurance) and the [EGI AAI Assurance Profiles](https://docs.egi.eu/providers/check-in/sp/#level-of-assurance). The following RAF values are qualified and automatically set for all Community identities:
  • $PREFIX$
  • $PREFIX$/ID/unique
  • $PREFIX$/ID/eppn-unique-no-reassign
  • $PREFIX$/IAP/low
  • $PREFIX$/ATP/ePA-1m
  • $PREFIX$/ATP/ePA-1d
Following RAF values are set if the currently used authentication provider asserts (or otherwise qualifies to) them:
  • $PREFIX$/IAP/medium
  • $PREFIX$/IAP/high
The following compound profiles are asserted if the user qualifies to them
  • $PREFIX$/profile/cappuccino
  • $PREFIX$/profile/espresso
| | **SAML Attribute(s)** | `urn:oid:1.3.6.1.4.1.5923.1.1.1.11` (eduPersonAssurance) | -| **OIDC scope** | `eduperson_assurance` | +| **OIDC scope** | `openid` | | **OIDC claim(s)** | `eduperson_assurance` | | **OIDC claim location** |
  • UserInfo Endpoint
  • Introspection Endpoint
| | **origin** | Check-in assigns this attribute on user registration | | **changes** | Yes | | **multiplicity** | Multi-valued | -| **availability** | Not always | +| **availability** | Always | | **example** |
  • `https://aai.egi.eu/LoA#Low`
  • `https://refeds.org/assurance/IAP/low`
| | **notes** | - | | **status** | Stable | @@ -2021,20 +2023,20 @@ connected to Check-in. ### 15. SSH Public Key -| attribute name | SSH Public Key | -| ----------------------: | :------------------------------------------------------------------------------------------------------------------------------------------------ | -| **description** | Provides information about the user's SSH public key(s) | -| **SAML Attribute(s)** | `urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13` (sshPublicKey) | -| **OIDC scope** | `ssh_public_key` | -| **OIDC claim(s)** | `ssh_public_key` | -| **OIDC claim location** | UserInfo Endpoint | -| **origin** | Added SSH public key(s) in user's Check-in Profile | -| **changes** | Yes | -| **multiplicity** | Multi-valued | -| **availability** | Not always | +| attribute name | SSH Public Key | +| ----------------------: | :------------------------------------------------------------------------------------------------------------------------------------------ | +| **description** | Provides information about the user's SSH public key(s) | +| **SAML Attribute(s)** | `urn:oid:1.3.6.1.4.1.24552.500.1.1.1.13` (sshPublicKey) | +| **OIDC scope** | `ssh_public_key` | +| **OIDC claim(s)** | `ssh_public_key` | +| **OIDC claim location** | UserInfo Endpoint | +| **origin** | Added SSH public key(s) in user's Check-in Profile | +| **changes** | Yes | +| **multiplicity** | Multi-valued | +| **availability** | Not always | | **example** |
  • `ssh-rsa AAAAB3NzaC...qxxEEipdnZ jdoe@grnet-hq.admin.grnet.gr`
  • `ssh-rsa AAAA4xzdIf...fxgsRDfgAt jdoe@example.org`
| -| **notes** | - | -| **status** | Experimental | +| **notes** | - | +| **status** | Experimental | @@ -2056,6 +2058,41 @@ connected to Check-in. | **status** | Experimental | + +### 17. Subject Distinguished Name (DN) of user's X.509 certificate + +| attribute name | Subject Distinguished Name (DN) of user's X.509 certificate | +| ----------------------: | :------------------------------------------------------------------------- | +| **description** | The Subject Distinguished Name of an X.509 certificate held by the person. | +| **SAML Attribute(s)** | `1.3.6.1.4.1.25178.4.1.3` (voPersonCertificateDN) | +| **OIDC scope** |
  • `voperson_certificate`
  • `aarc`
| +| **OIDC claim(s)** | `voperson_certificate_dn` | +| **OIDC claim location** | UserInfo Endpoint | +| **origin** | Check-in or the user's Identity Provider | +| **changes** | Yes | +| **multiplicity** | Multi-valued | +| **availability** | Not always | +| **example** | `/C=XX/O=YYY/OU=ZZZ/CN=John Doe` | +| **notes** | - | +| **status** | Experimental | + +### 18. Issuer Distinguished Name (DN) of user's X.509 certificate + +| attribute name | Issuer Distinguished Name (DN) of user's X.509 certificate | +| ----------------------: | :------------------------------------------------------------- | +| **description** | The Subject Distinguished Name of the X.509 certificate issuer | +| **SAML Attribute(s)** | `1.3.6.1.4.1.25178.4.1.4` (voPersonCertificateIssuerDN) | +| **OIDC scope** |
  • `voperson_certificate`
  • `aarc`
| +| **OIDC claim(s)** | `voperson_certificate_issuer_dn` | +| **OIDC claim location** | UserInfo Endpoint | +| **origin** | Check-in or the user's Identity Provider | +| **changes** | Yes | +| **multiplicity** | Multi-valued | +| **availability** | Not always | +| **example** | `/C=XX/O=YYY/OU=ZZZ/CN=Example CA` | +| **notes** | - | +| **status** | Experimental | + ## User authorisation From 8b5a539f711250c639a1c6b65a9036b977090b41 Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Tue, 25 Apr 2023 16:54:42 +0200 Subject: [PATCH 07/19] helpdesk: document ticket scope (#597) Moved from https://wiki.egi.eu/wiki/GGUS-Ticket-Scope --- .../features/report-generator/_index.md | 61 ++++++++++--------- .../helpdesk/features/ticket-scope/_index.md | 23 +++++++ 2 files changed, 55 insertions(+), 29 deletions(-) create mode 100644 content/en/internal/helpdesk/features/ticket-scope/_index.md diff --git a/content/en/internal/helpdesk/features/report-generator/_index.md b/content/en/internal/helpdesk/features/report-generator/_index.md index 0eb89066b5..8faf49c1d7 100644 --- a/content/en/internal/helpdesk/features/report-generator/_index.md +++ b/content/en/internal/helpdesk/features/report-generator/_index.md @@ -2,8 +2,7 @@ title: "Report generator" type: docs weight: 40 -description: > - Features and usage of the Report generator +description: Features and usage of the Report generator --- ## Definitions and prerequisites @@ -11,7 +10,7 @@ description: > The [GGUS Report Generator](https://ggus.eu/?mode=report_view) is available [from the support section](https://ggus.eu/?mode=support). -The implementation of the report generator started in October 2011. Hence the +The implementation of the report generator started in October 2011. Hence, the report generator does not provide data for tickets submitted before December 2011! @@ -45,14 +44,13 @@ ticket to a support unit the expected response timestamp is calculated by adding an amount of time to the assign timestamp. The amount of time added depends on the ticket priority and the kind of support unit. For support units that have declared a quality of service level the response times are defined by the -[QoS level](../quality-of-support-levels). For all the -other support units a medium QoS is assumed for calculating the expected -response timestamp. In case the actual response timestamp is greater than the -"expected response" timestamp for middleware support units the "violate" flag is -set. +[QoS level](../quality-of-support-levels). For all the other support units a +medium QoS is assumed for calculating the expected response timestamp. In case +the actual response timestamp is greater than the "expected response" timestamp +for middleware support units the "violate" flag is set. -_Response times are based on office hours. Hence the results unit is working -days._ +> Response times are based on office hours. Hence the results unit is working +> days. #### Solution time @@ -64,8 +62,8 @@ a solution" means setting the ticket status to "solved" or "unsolved". The solution time is calculated as the difference between the solution timestamp and the assign timestamp. -_Solution times are based on office hours. Hence the results unit is working -days._ +> Solution times are based on office hours. Hence the results unit is working +> days. #### Waiting time @@ -82,7 +80,7 @@ how long it takes to provide a meaningful solution for a problem reported by the user. Ticket lifetime is the time from ticket submission to ticket solution (status "solved/unsolved"). -_The ticket lifetime is based on calendar days._ +> The ticket lifetime is based on calendar days. ### Time zones @@ -109,14 +107,14 @@ lifetime doesn't affect the calculation of performance figures. ### Unit abbreviations -- [wd] means working days -- [d] means calendar days +- `[wd]` means working days +- `[d]` means calendar days ## Reports description -_Although some of the drop-down lists request the selection of values a query -can be started anyway. In this case the query is equivalent to a query over all -tickets!_ +> Although some of the drop-down lists request the selection of values a query +> can be started anyway. In this case the query is equivalent to a query over +> all tickets! The "Reset" button resets all fields to their default settings besides the time frame. @@ -160,8 +158,8 @@ for the specified time frame. The result list shows all support units that have ever been in charge of a ticket. Hence the same ticket ID may appear several times. The number of responses may be greater than the number of tickets. -_Response times are based on office hours. Hence an average response time of 1d -3h 23min means 13 hours and 23 minutes in total._ +> Response times are based on office hours. Hence an average response time of 1d +> 3h 23min means 13 hours and 23 minutes in total. ### Violated response time @@ -180,11 +178,15 @@ shows: - median response time for the specified time frame. The result lists shows the current status of the -tickets. _Solution times are based on office hours. Hence an average solution -time of 12d 3h 5min means 99 hours and 5 minutes in total._ The waiting time can -be excluded by ticking the checkbox "exclude waiting time". In case a ticket -gets re-opened the metrics calculation starts again from scratch. Hence the same -ticket can appear several times in the solution times calculation. +tickets. + +> Solution times are based on office hours. Hence, an average solution time of +> 12d 3h 5min means 99 hours and 5 minutes in total. + +The waiting time can be excluded by ticking the checkbox "exclude waiting time". +In case a ticket gets re-opened the metrics calculation starts again from +scratch. Hence, the same ticket can appear several times in the solution times +calculation. ## Input parameters and results @@ -208,9 +210,9 @@ parameters are: #### Time frame The time frame defines begin and end date of the report. The begin date starts -at 00:00:00. The end date ends at 00:00:00. As the implementation of the report -generator started in October 2011 the report generator does not provide data for -tickets submitted before December 2011! +at `00:00:00`. The end date ends at `00:00:00`. As the implementation of the +report generator started in October 2011 the report generator does not provide +data for tickets submitted before December 2011! #### Responsible Units @@ -248,7 +250,8 @@ for all reports and therefore, if necessary, be excluded from the selection. #### Ticket scope -To distinguish between tickets under the responsibility of EGI or WLCG. +To distinguish between tickets under the responsibility of EGI or WLCG. See +[ticket scope](../ticket-scope/). #### Notified site diff --git a/content/en/internal/helpdesk/features/ticket-scope/_index.md b/content/en/internal/helpdesk/features/ticket-scope/_index.md new file mode 100644 index 0000000000..03c126f104 --- /dev/null +++ b/content/en/internal/helpdesk/features/ticket-scope/_index.md @@ -0,0 +1,23 @@ +--- +title: "Ticket Scope" +type: docs +weight: 40 +description: Description of ticket scopes +--- + +## Priority definition + +The GGUS ticket **scope** filter is available in GGUS ticket search. It offers +filtering for tickets in **EGI** or **WLCG** scope. The ticket scope field is +automatically set by the system based on the qualifications listed below. + +**WLCG scope** tickets are either: + +- of type `TEAM` or `ALARM` related to VOs `alice`, `atlas`, `cms`, `lhcb`, + `belle` +- assigned to `VOSupport` related to VOs `alice`, `atlas`, `cms`, `lhcb`, + `belle` +- assigned to `OSG Software Support`, `USCMS`, `USATLAS`, `USBELLE`, `CRIC` +- with issue type like `CMS_`, `ATLAS_` + +> All other tickets are **EGI scope**. From 8f96133d35cd2095dfff43118edbe8367680cca3 Mon Sep 17 00:00:00 2001 From: Sebastian Luna-Valero Date: Fri, 19 May 2023 12:56:09 +0200 Subject: [PATCH 08/19] Update tutorials (#598) # Summary As requested via: https://docs.google.com/document/d/1nN3vw0GasnnMlM711se62Shfc3LHLP90CNh82lPmqds/ --- **Related issue :** --- .github/actions/spelling/allow.txt | 96 ++-- content/en/users/tutorials/_index.md | 35 +- content/en/users/tutorials/adhoc/_index.md | 19 + .../accessing-vm-with-ssh/_index.md | 2 + .../_index.md | 2 + .../VAPOR-VO_detail.png | Bin .../data-transfer-grid-storage/VAPOR-home.png | Bin .../VAPOR-storage.png | Bin .../WebFTS-credential_delegation.png | Bin .../WebFTS-my_jobs.png | Bin .../WebFTS-submit_transfer.png | Bin .../data-transfer-grid-storage/_index.md | 2 + .../CERN-PROD-FTS3.png | Bin .../data-transfer-object-storage/_index.md | 2 + .../{ => adhoc}/htc-job-submission/_index.md | 2 + .../htc-job-submission/argo_issues.png | Bin .../jupyter-datahub-virtual-machine/_index.md | 2 + .../edit-mount.sh.png | Bin .../no-https-datahub-vm.png | Bin .../run-mount.sh.png | Bin .../{ => adhoc}/notebooks-checkin/_index.md | 0 .../notebooks-gridstorage/_index.md | 0 .../notebooks-secure-blockstorage/_index.md | 0 .../_index.md | 2 + .../{ => adhoc}/vm-blockstorage/_index.md | 0 .../{ => adhoc}/vm-datahub/_index.md | 2 + .../tutorials/{ => adhoc}/vm-dyndns/_index.md | 0 content/en/users/tutorials/advanced/_index.md | 309 ++++++++++ .../en/users/tutorials/foundation/_index.md | 108 ++++ .../en/users/tutorials/intermediate/_index.md | 528 ++++++++++++++++++ .../en/users/tutorials/scientific/_index.md | 200 +++++++ 31 files changed, 1267 insertions(+), 44 deletions(-) create mode 100644 content/en/users/tutorials/adhoc/_index.md rename content/en/users/tutorials/{ => adhoc}/accessing-vm-with-ssh/_index.md (99%) rename content/en/users/tutorials/{ => adhoc}/create-your-first-virtual-machine/_index.md (96%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/VAPOR-VO_detail.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/VAPOR-home.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/VAPOR-storage.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/WebFTS-credential_delegation.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/WebFTS-my_jobs.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/WebFTS-submit_transfer.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-grid-storage/_index.md (99%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-object-storage/CERN-PROD-FTS3.png (100%) rename content/en/users/tutorials/{ => adhoc}/data-transfer-object-storage/_index.md (99%) rename content/en/users/tutorials/{ => adhoc}/htc-job-submission/_index.md (99%) rename content/en/users/tutorials/{ => adhoc}/htc-job-submission/argo_issues.png (100%) rename content/en/users/tutorials/{ => adhoc}/jupyter-datahub-virtual-machine/_index.md (98%) rename content/en/users/tutorials/{ => adhoc}/jupyter-datahub-virtual-machine/edit-mount.sh.png (100%) rename content/en/users/tutorials/{ => adhoc}/jupyter-datahub-virtual-machine/no-https-datahub-vm.png (100%) rename content/en/users/tutorials/{ => adhoc}/jupyter-datahub-virtual-machine/run-mount.sh.png (100%) rename content/en/users/tutorials/{ => adhoc}/notebooks-checkin/_index.md (100%) rename content/en/users/tutorials/{ => adhoc}/notebooks-gridstorage/_index.md (100%) rename content/en/users/tutorials/{ => adhoc}/notebooks-secure-blockstorage/_index.md (100%) rename content/en/users/tutorials/{ => adhoc}/oidc-agent-fedcloudclient-terraform/_index.md (99%) rename content/en/users/tutorials/{ => adhoc}/vm-blockstorage/_index.md (100%) rename content/en/users/tutorials/{ => adhoc}/vm-datahub/_index.md (98%) rename content/en/users/tutorials/{ => adhoc}/vm-dyndns/_index.md (100%) create mode 100644 content/en/users/tutorials/advanced/_index.md create mode 100644 content/en/users/tutorials/foundation/_index.md create mode 100644 content/en/users/tutorials/intermediate/_index.md create mode 100644 content/en/users/tutorials/scientific/_index.md diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index dbe594b3d1..e758a41e0d 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -1,42 +1,3 @@ -FZK -GMA -ield -GRISU -Griglia -HLR -HPDA -JWKS -LRMSs -LToS -Livepatch -Minio -NAMD -NIDs -NPU -OIM -OTHERDESCR -Petabytes -Phedex -Putra -QWG -RAL -RDIG -RTX -RWO -SGs -Sinica -STARTD -STORAGECLASS -SUs -Simulink -TPU -Theano -UKNGS -UPM -VMIs -VMUUID -Verdana -WSL a2enmod aai aaiproxy @@ -59,6 +20,7 @@ appdb apprating appratingreport arcce +arcctl arcget arcproxy arcstat @@ -86,6 +48,8 @@ bigemptyfile biggrid binlog biomed +Biomolecular +biomolecules bitp blcr blockstorage @@ -136,6 +100,7 @@ cmssw cnaf cnrs coid +collider cometa compchem condarc @@ -227,6 +192,7 @@ epuid errordesc errornum esaco +ESGF eudat eugridpma eumed @@ -248,11 +214,13 @@ folksonomy fom fqan fqdns +FZK gcloud gcube geant genkey geoss +Gergely getcontmsg getoutputs gfal @@ -263,6 +231,7 @@ gisela github glite globusrun +GMA gmlog gocdb gocdbpi @@ -279,6 +248,8 @@ gridops gridpp gridstorage gridview +Griglia +GRISU grnet groupof grycap @@ -296,8 +267,11 @@ hellasgrid helpdesk hepix hepspec +HLR +Horovod hostcert hostkey +HPDA htc htcondor htcondorce @@ -322,6 +296,8 @@ infn infngrid infosites installable +Instrumentacion +integrators interoperation ipykernel ipynb @@ -343,6 +319,7 @@ jsonlist jti jupyter jupyterhub +JWKS kernel keycloak keyout @@ -369,13 +346,16 @@ libcloud lille lineinfile listmode +Livepatch localdomain localgridmap localhost lofar logdir lrms +LRMSs lsd +LToS luks lvm mailinator @@ -388,6 +368,7 @@ metalink micafer micromamba miniconda +Minio mitaka morecolor mpi @@ -407,6 +388,7 @@ myserver mysqldump mysqldumpmds myvo +NAMD ndgf ndownloader nearline @@ -417,6 +399,7 @@ ngi ngis ngstat nic +NIDs nikhef nipne noatime @@ -433,15 +416,18 @@ nordugrid northgrid nostreams novaclient +NPU nrandom nsdbname nsupdate nsupdater nvidia occi +ODV ogf oidc oidcaccesstoken +OIM okeanos olas oncover @@ -461,6 +447,7 @@ ophuser orcid organisations ost +OTHERDESCR owslib padova pagelength @@ -471,24 +458,32 @@ passthrough pbs peachnote perun +Petabytes +Phedex pkce plgrid +podman +Politecnica postcss poweron poznan processid promozione psnc +Putra pvc pycon qcg qcow qsub quattor +QWG radl +RAL ratingreport rcauth rclone +RDIG rdkit rdm reassignable @@ -498,15 +493,19 @@ reportgroups resourced rfio rght +Rness roadmap rpms rse rses rstudio +RTX rucio rucioclient runcmd +RWO rxtx +Sars sbdii scai schedd @@ -519,9 +518,12 @@ sectigo seqnumber sfn sge +SGs shortcode shortcodes +Simulink singleuser +Sinica sirtfi skipcacheck slas @@ -540,8 +542,10 @@ srun ssds ssh ssmsend +STARTD stfc stichting +STORAGECLASS storagesite submitters submodule @@ -551,6 +555,7 @@ subresource sudmodules summarises surl +SUs sustainability synchronises synnefo @@ -573,6 +578,7 @@ testvm textlint tfvars tgz +Theano theophys ticketseditable timeframe @@ -584,11 +590,14 @@ topbdii torito tpctest tpms +TPU trustanchors uberftp ubuntu ucert ucst +udocker +UKNGS ukri ulakbim umd @@ -598,6 +607,7 @@ universiti untaring uploadtest uploadtest.txt +UPM upv uscms usecases @@ -611,17 +621,22 @@ vcpus vda vdb vdc +Verdana veryverysecret virsh virtualisation virtualised +visualisations +visualise vlemed vmcaster vmcatcher vmdk vmi +VMIs vmops vms +VMUUID vobox voname voperson @@ -634,6 +649,7 @@ wcss webdav webfts webinar +webinars websso wenmr wlcg @@ -642,6 +658,7 @@ wns workdir wps wroc +WSL xacache xcache xeon @@ -657,4 +674,5 @@ youraccountname youremail yourhostname yourprivatekey +Youtube zenodo diff --git a/content/en/users/tutorials/_index.md b/content/en/users/tutorials/_index.md index ef6e83b885..131987db39 100644 --- a/content/en/users/tutorials/_index.md +++ b/content/en/users/tutorials/_index.md @@ -9,8 +9,33 @@ description: > ## Overview -The following guides and tutorials show you how to perform common tasks in the EGI -infrastructure. Each of the following sections addresses a specific use case: -it describes how to set up the EGI services needed for that use case, -how to connect or operate them together, and will walk you step-by-step towards -achieving a task or setup that can be immediately used by researchers and scientists. +In this section you can find a series of Tutorials and Guides designed by the +members of the EGI Federation with the goal of providing researchers and +scientists with initial knowledge from which they can perform common tasks +in the EGI federated infrastructure. + +The content is organised according to four different skill levels: + +* [Foundation](foundation/) (or entry level): provides an + overview of the EGI federation and of the EGI services, with highlights + of their typical use cases. +* [Intermediate](intermediate/): provides details on individual + services from the EGI owned service portfolio, as well as services that are + offered by the broader EGI community to complement the EGI services + towards certain types of advanced computing use cases. +* [Advanced](advanced/) (for more expert users): provides a + deep-diving on the advanced services to conduct world-class research + and innovation will be presented. +* [Scientific](scientific/): presents examples of domain-specific + Thematic Services benefiting from the solutions offered by the + EGI Infrastructure. + +## Do you have a specific training request? + +[Contact us](../../support/) and we will be happy to discuss it with you! + +**Find out more**: + +* Learn more about the + [EGI Webinars & Training Programme](https://www.egi.eu/trainings-and-webinars/) +* or visit the [YouTube channel](https://www.youtube.com/@EGI_eInfra/) diff --git a/content/en/users/tutorials/adhoc/_index.md b/content/en/users/tutorials/adhoc/_index.md new file mode 100644 index 0000000000..b94a5cf9d4 --- /dev/null +++ b/content/en/users/tutorials/adhoc/_index.md @@ -0,0 +1,19 @@ +--- +title: Ad-hoc tutorials +linkTitle: Ad-hoc +type: docs +weight: 50 +aliases: + - /users/tutorials +description: > + Step-by-step tutorials for common tasks in the EGI Infrastructure. +--- + +## Overview + +The following guides and tutorials show you how to perform common tasks +in the EGI infrastructure. Each of the following sections addresses a +specific use case: it describes how to set up the EGI services needed +for that use case, how to connect or operate them together, and will +walk you step-by-step towards achieving a task or setup that can be +immediately used by researchers and scientists. diff --git a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md similarity index 99% rename from content/en/users/tutorials/accessing-vm-with-ssh/_index.md rename to content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md index 65c2934426..4c932bda3e 100644 --- a/content/en/users/tutorials/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md @@ -3,6 +3,8 @@ title: "Accessing virtual machines with SSH" linkTitle: "Access a VM with SSH" type: docs weight: 20 +aliases: + - /users/tutorials/accessing-vm-with-ssh description: "Accessing virtual machines with SSH" --- diff --git a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md b/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md similarity index 96% rename from content/en/users/tutorials/create-your-first-virtual-machine/_index.md rename to content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md index 7366ecd120..37dda92e9e 100644 --- a/content/en/users/tutorials/create-your-first-virtual-machine/_index.md +++ b/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md @@ -2,6 +2,8 @@ title: "Create your first Virtual Machine (VM)" type: docs weight: 10 +aliases: + - /users/tutorials/create-your-first-virtual-machine description: > Step by step guide to get your first Virtual Machine up and running --- diff --git a/content/en/users/tutorials/data-transfer-grid-storage/VAPOR-VO_detail.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-VO_detail.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/VAPOR-VO_detail.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-VO_detail.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/VAPOR-home.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-home.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/VAPOR-home.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-home.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/VAPOR-storage.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-storage.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/VAPOR-storage.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/VAPOR-storage.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/WebFTS-credential_delegation.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-credential_delegation.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/WebFTS-credential_delegation.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-credential_delegation.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/WebFTS-my_jobs.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-my_jobs.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/WebFTS-my_jobs.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-my_jobs.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/WebFTS-submit_transfer.png b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-submit_transfer.png similarity index 100% rename from content/en/users/tutorials/data-transfer-grid-storage/WebFTS-submit_transfer.png rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/WebFTS-submit_transfer.png diff --git a/content/en/users/tutorials/data-transfer-grid-storage/_index.md b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md similarity index 99% rename from content/en/users/tutorials/data-transfer-grid-storage/_index.md rename to content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md index 1984d6bcc4..dd57ea2844 100644 --- a/content/en/users/tutorials/data-transfer-grid-storage/_index.md +++ b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md @@ -3,6 +3,8 @@ title: "Data transfer with grid storage" linkTitle: "Data transfer with grid storage" type: docs weight: 160 +aliases: + - /users/tutorials/data-transfer-grid-storage description: > Use EGI Data transfer to handle data in grid storage --- diff --git a/content/en/users/tutorials/data-transfer-object-storage/CERN-PROD-FTS3.png b/content/en/users/tutorials/adhoc/data-transfer-object-storage/CERN-PROD-FTS3.png similarity index 100% rename from content/en/users/tutorials/data-transfer-object-storage/CERN-PROD-FTS3.png rename to content/en/users/tutorials/adhoc/data-transfer-object-storage/CERN-PROD-FTS3.png diff --git a/content/en/users/tutorials/data-transfer-object-storage/_index.md b/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md similarity index 99% rename from content/en/users/tutorials/data-transfer-object-storage/_index.md rename to content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md index 1412a9c62d..6caf797136 100644 --- a/content/en/users/tutorials/data-transfer-object-storage/_index.md +++ b/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md @@ -2,6 +2,8 @@ title: "Data transfer with object storage" type: docs weight: 170 +aliases: + - /users/tutorials/data-transfer-object-storage description: > Use EGI Data transfer to handle data in object storage --- diff --git a/content/en/users/tutorials/htc-job-submission/_index.md b/content/en/users/tutorials/adhoc/htc-job-submission/_index.md similarity index 99% rename from content/en/users/tutorials/htc-job-submission/_index.md rename to content/en/users/tutorials/adhoc/htc-job-submission/_index.md index 7c117db3cb..77bc5408a0 100644 --- a/content/en/users/tutorials/htc-job-submission/_index.md +++ b/content/en/users/tutorials/adhoc/htc-job-submission/_index.md @@ -2,6 +2,8 @@ title: "Submitting HTC Jobs" type: docs weight: 160 +aliases: + - /users/tutorials/htc-job-submission description: > Submitting High Throughput Compute jobs --- diff --git a/content/en/users/tutorials/htc-job-submission/argo_issues.png b/content/en/users/tutorials/adhoc/htc-job-submission/argo_issues.png similarity index 100% rename from content/en/users/tutorials/htc-job-submission/argo_issues.png rename to content/en/users/tutorials/adhoc/htc-job-submission/argo_issues.png diff --git a/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md similarity index 98% rename from content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md rename to content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md index 13967f084d..9348544e52 100644 --- a/content/en/users/tutorials/jupyter-datahub-virtual-machine/_index.md +++ b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md @@ -2,6 +2,8 @@ title: "Create a VM with Jupyter and DataHub" type: docs weight: 100 +aliases: + - /users/tutorials/jupyter-datahub-virtual-machine description: > Step by step guide to get a Virtual Machine for Jupyter and DataHub in your cloud provider diff --git a/content/en/users/tutorials/jupyter-datahub-virtual-machine/edit-mount.sh.png b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/edit-mount.sh.png similarity index 100% rename from content/en/users/tutorials/jupyter-datahub-virtual-machine/edit-mount.sh.png rename to content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/edit-mount.sh.png diff --git a/content/en/users/tutorials/jupyter-datahub-virtual-machine/no-https-datahub-vm.png b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/no-https-datahub-vm.png similarity index 100% rename from content/en/users/tutorials/jupyter-datahub-virtual-machine/no-https-datahub-vm.png rename to content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/no-https-datahub-vm.png diff --git a/content/en/users/tutorials/jupyter-datahub-virtual-machine/run-mount.sh.png b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/run-mount.sh.png similarity index 100% rename from content/en/users/tutorials/jupyter-datahub-virtual-machine/run-mount.sh.png rename to content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/run-mount.sh.png diff --git a/content/en/users/tutorials/notebooks-checkin/_index.md b/content/en/users/tutorials/adhoc/notebooks-checkin/_index.md similarity index 100% rename from content/en/users/tutorials/notebooks-checkin/_index.md rename to content/en/users/tutorials/adhoc/notebooks-checkin/_index.md diff --git a/content/en/users/tutorials/notebooks-gridstorage/_index.md b/content/en/users/tutorials/adhoc/notebooks-gridstorage/_index.md similarity index 100% rename from content/en/users/tutorials/notebooks-gridstorage/_index.md rename to content/en/users/tutorials/adhoc/notebooks-gridstorage/_index.md diff --git a/content/en/users/tutorials/notebooks-secure-blockstorage/_index.md b/content/en/users/tutorials/adhoc/notebooks-secure-blockstorage/_index.md similarity index 100% rename from content/en/users/tutorials/notebooks-secure-blockstorage/_index.md rename to content/en/users/tutorials/adhoc/notebooks-secure-blockstorage/_index.md diff --git a/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md b/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md similarity index 99% rename from content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md rename to content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md index aeb885e79e..0d7c5ea3bb 100644 --- a/content/en/users/tutorials/oidc-agent-fedcloudclient-terraform/_index.md +++ b/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md @@ -2,6 +2,8 @@ title: "Automate with oidc-agent, fedcloudclient, terraform and Ansible" type: docs weight: 150 +aliases: + - /users/tutorials/oidc-agent-fedcloudclient-terraform description: > Step by step guide to automating the deployment using Ansible with Terraform, oidc-agent and fedcloudclient diff --git a/content/en/users/tutorials/vm-blockstorage/_index.md b/content/en/users/tutorials/adhoc/vm-blockstorage/_index.md similarity index 100% rename from content/en/users/tutorials/vm-blockstorage/_index.md rename to content/en/users/tutorials/adhoc/vm-blockstorage/_index.md diff --git a/content/en/users/tutorials/vm-datahub/_index.md b/content/en/users/tutorials/adhoc/vm-datahub/_index.md similarity index 98% rename from content/en/users/tutorials/vm-datahub/_index.md rename to content/en/users/tutorials/adhoc/vm-datahub/_index.md index aef790f2aa..bb691fd2a3 100644 --- a/content/en/users/tutorials/vm-datahub/_index.md +++ b/content/en/users/tutorials/adhoc/vm-datahub/_index.md @@ -2,6 +2,8 @@ title: "Access DataHub from a VM" type: docs weight: 40 +aliases: + - /users/tutorials/vm-datahub description: > Use data in EGI DataHub from a virtual machine --- diff --git a/content/en/users/tutorials/vm-dyndns/_index.md b/content/en/users/tutorials/adhoc/vm-dyndns/_index.md similarity index 100% rename from content/en/users/tutorials/vm-dyndns/_index.md rename to content/en/users/tutorials/adhoc/vm-dyndns/_index.md diff --git a/content/en/users/tutorials/advanced/_index.md b/content/en/users/tutorials/advanced/_index.md new file mode 100644 index 0000000000..3e715ba157 --- /dev/null +++ b/content/en/users/tutorials/advanced/_index.md @@ -0,0 +1,309 @@ +--- +title: Advanced level +linkTitle: Advanced +type: docs +weight: 30 +description: > + A deep dive on the advanced services to conduct world-class research and innovation. +--- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Target Audience: e-Infrastructure platform and technology providers and those researching +or applying (distributed) deep learning at any level. + +"Webinar: Distributed Deep Learning with Horovod" (March, 2023) +

+Agenda, slides and recording: +https://www.egi.eu/event/webinar-distributed-deep-learning-with-horovod/ +

+ +

+About: This webinar is focused on the Horovod distributed deep learning framework +and the reference architecture and service(s) built for supporting it. The aim of +the presented works is to enable the efficient utilisation of cloud resources in the +heavily resource intensive task of distributed deep learning. The concept of reference +architectures is also briefly presented, along with the experiences gained from their +continuous development. +
+Target Audience: Scientific communities, developers, integrators and end users. + +"FAIR EVA (Evaluator, Validator & Advisor)" (April, 2022)” +

+Agenda, slides and recording: https://indico.egi.eu/event/5876/ +

+ +

+About: FAIR EVA (Evaluator, Validator and Advisor) has been developed to check +the FAIRness level of digital objects from different repositories or data portals. +It requires the object identifier and the repository to check and it can be adapted +to different contexts and environments. Developed within the EOSC-Synergy project it +aims at helping data producers and data managers to evaluate the adoption of the FAIR +principles based on the RDA indicators. This webinar will present the tool as well as +show how it can be deployed, how the different tests work and how it can be adapted +to different data systems. +
+Target Audience: Scientific communities, developers, integrators and end users. + +"OpenRDM - FAIR research data management as a service to the scientific community" (January, 2022) +

+Agenda, slides and recording: https://indico.egi.eu/event/5753/ +

+ +

+About: openRDM.eu +provides FAIR research data management. It offers research data management as a service +to the scientific community, based on the powerful openBIS platform. +The service is available as a preview version containing an openBIS instance. Preview is +intended for end-users to learn service & eventually plan on-premise and/or, own cloud based +deployment. Alternatively, self-hosting using local IT infrastructure at the respective institution +can also be agreed. Consulting & support for on-premise and/or own cloud based deployment of openBIS +is also offered along with user support including data model generation, to be able to import data +into openBIS & training for the use of openBIS as a data management platform. +

+OpenBIS is designed to facilitate robust data management for a wide variety of experiment types +and research subjects. It allows tracking, annotating, and sharing of data throughout distributed +research projects in different quantitative sciences. +
+Target Audience: User communities that want to use GPUs in Clouds. + +"How to train your AI models in EOSC", (Dec. 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5742/ +

+ +

+About: Learn how you can train and develop AI models in EOSC using the distributed and federated +computing infrastructure of EGI and the services developed during the Deep Hybrid DataCloud project. +The webinar, sponsored by the EGI-ACE project, covers: +
    +
  1. How to prototype, build and train AI applications exploiting resources from EU e-infrastructures.
    2. +
  2. Use and share AI trained models developed by other researchers (from and outside your communities) with the DEEP Marketplace.
    3. +
+
+Target Audience: Scientific communities, developers, integrators and end users. + +"How to orchestrate services in the EOSC Compute Platform with the INDIGO PaaS" (Oct. 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5720/ +

+ +

+About: The INDIGO PaaS implements an abstraction and federation layer on top +of heterogeneous distributed computing environments: it allow to orchestrate and +coordinate the provisioning of virtualized compute and storage resources on Cloud +Management Frameworks, both private and public (like OpenStack, OpenNebula, AWS, etc.), +and the deployment of dockerized long-running services and batch jobs on Container Orchestration +Platforms like Apache Mesos and Kubernetes. +

+In this webinar, we will describe the architecture of the INDIGO Platform and its +main features. The demo will show how users can easily interact with this orchestration +system using both the command line interface and the web dashboard. +
+Target Audience: Scientific communities, developers, integrators and end users. + +"Analyze your data using DODAS generated cluster" (September, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5695/ +

+ +

+About: DODAS enables the execution of user analysis code both in batch mode +and interactively via the Jupyter interface. DODAS is highly customizable and offers +several building blocks that can be combined together in order to create the best +service composition for a given use case. The currently available blocks allow to +combine Jupyter and HTCondor as well as Jupyter and Spark or simply a jupyter interface. +In addition, they allow the management of data via caches to optimise the processing +of remote data. This can be done either via XCache or MinIO S3 object storage capabilities. +DODAS is based on docker containers and the related orchestration relies on Kubernetes +that enables the possibility to compose the building blocks via a web-based user interface thanks to Kubeapps. +

+In this webinar we will explain the DODAS fundamentals and we will provide a user oriented demo. +
+Target Audience: Scientific communities, developers, integrators and end users. + +"Running containers in your user space with udocker" (June, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5541/ +

+ +

+About: udocker enables the execution of docker containers in user +space without requiring root privileges for installation or use. Udocker +implements the pull, load, import and execution of containers by non-privileged +users in Linux systems where docker is not available. It can be used in Linux batch +systems and interactive clusters that are managed by other entities, such as grid +infrastructures or externally managed batch or interactive systems. udocker does not +require any type of privileges nor the deployment of services by system administrators. +It can be downloaded and executed entirely by the end user. +

+udocker offers several execution modes exploiting system call interception, library call +interception and namespaces. udocker integrates several tools to provide a subset of the +docker capabilities aimed at container execution. +

+In this webinar we will explain the udocker fundamental, how to use udocker to execute +Linux containers and how to best exploit the several execution engines. +
+Target Audience: Scientific communities, for programmers and IT-service providers +who support research and education. + +"Deploying virtual infrastructures with Infrastructure Manager (IM)" (May, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5495/ +

+ +

+About: The Infrastructure Manager (IM) is a framework that eases the +access and the usability of IaaS clouds by automating the VMI selection, deployment, +configuration, software installation, monitoring and update of Virtual Appliances. +It supports APIs from a large number of virtual platforms, making user applications +cloud-agnostic. In addition it integrates a contextualization system to enable the +installation and configuration of all the user required applications providing the +user with a fully functional infrastructure. It is a service that features a web-based GUI, +a XML-RPC API, a REST API and a command-line application. +

+In this webinar we will focus the usage of the IM Dashboard an easy to use web interface +designed to enable not advanced users to deploy a set of predefined and well tested customizable +virtual infrastructures (Kubernetes, SLURM, Mesos, Galaxy, …) in top of a wide range of cloud providers +(EGI Cloud Compute and also commercial and open clouds – AWS, Google Cloud, Azure, OpenStack, OpenNebula, …) +with a single set of mouse clicks. +

+IM has been developed by the Grid and High Performance Computing Group (GRyCAP) +at the Instituto de Instrumentacion para Imagen Molecular (I3M) +from the Universitat Politecnica de Valencia (UPV). +
+Target Audience: Site administrators already familiar with an earlier version of +ARC CE or planning a migration to ARC from the CREAM platform. + +"Rolling out ARC6 CE" (July 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5157/ +

+ +

+About: The Advanced Resource Connector (ARC) middleware integrates computing resources +(usually, computing clusters managed by a batch system), making them available via a secure +common layer. Conceptually, ARC provides an edge service to batch systems. Through this service, +called ARC Compute Element (ARC-CE), scientific communities can launch and manage computational +tasks in a uniform manner. +

+A bit more than a year ago a non backward compatible major version, the ARC6.0 was released +bringing new functionality, enhanced manageability and increased stability to the community. +With the availability of the ARC6 release the support for the previous ARC5 deployments are +to be discontinued with the end of June 2020. +

+This interactive webinar will introduce the major new features of the ARC6 release and cover +the deployment steps of an ARC6 CE both as a new installation and as an upgrade from a previous +ARC5-based deployment. Special attention will be given to the accounting system related changes +and the new one-shop-stop sysadmin toolbox built around arcctl. +
diff --git a/content/en/users/tutorials/foundation/_index.md b/content/en/users/tutorials/foundation/_index.md new file mode 100644 index 0000000000..1c0aed92c3 --- /dev/null +++ b/content/en/users/tutorials/foundation/_index.md @@ -0,0 +1,108 @@ +--- +title: Foundation level +linkTitle: Foundation +type: docs +weight: 10 +description: > + These tutorials provides an overview of the EGI federation and of the EGI services, with highlights of their typical use cases. +--- + + + + + + + + + + + + +
+Target Audience: Newcomers of the EGI Infrastructure +

+Are you new to EGI? And maybe a bit confused about what EGI is, what we do, +how we are structured and how you can collaborate with us? Then this is the +webinar for you! +		 +"An introduction to EGI" (October, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5464/contributions/15771/ +

+ +

+About: The EGI Federation is an international e-Infrastructure to provide +advanced computing and data analytics services for research and innovation. +EGI federates compute resources, data management services, support teams +and various online, thematic services from over 30 countries and international +institutes, to make those available for researchers, innovators and educators. +This webinar will provide a basic introduction to EGI, covering all the +fundamental topics that you need to know before deep-diving on the advanced +services to conduct world-class research and innovation. +
+Target Audience: +
    +
  • Scientific communities, projects, research infrastructures who + wish to learn about the services of EGI.
    • +
  • E-infrastructure and other service providers who want to be part + of a pan-European federation to support international science.
    • +
+		 +"EGI Federation - Advanced Computing for Research" (April 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5083/ +

+ +

+About: The EGI federation is the largest distributed computing +infrastructure in the world, and brings together hundreds of data centres +worldwide and also includes the largest community cloud federation in Europe +with tens of cloud providers across most of the European countries offering +IaaS cloud and storage services. The current federated resources represent +altogether more than 350 Petabytes of online storage and 380 Petabytes of archival +storage supported by approximately 1 M Cores. EGI expanded the federation of its +facilities with other non-European digital infrastructures in North America, +South America, Africa-Arabia and the Asia-Pacific region, as such EGI fully +realised the “Open to the World” vision. In order to interoperate at international +level, EGI and its partners operate in the context of a lightweight collaboration +framework defining rules of participations via a corpus of policies and technical guidelines. +

+EGI offering includes a federated IaaS cloud to run compute- or data-intensive +tasks and host online services in virtual machines or docker containers on IT resources +accessible via a uniform interface; high-throughput data analysis to run compute-intensive +tasks for producing and analysing large datasets and store/retrieve research data efficiently +across multiple service providers; federated operations to manage service access and operations +from heterogeneous distributed infrastructures and integrate resources from multiple independent +providers with technologies, processes and expertise offered by EGI; consultancy for user-driven +innovation to assess research computing needs and provide tailored solutions for advanced computing. +

+The notion of a distributed infrastructure offering advanced resources and services for +data-intensive processing in research and innovation has been part of the EGI mission +and vision since the EGI design and implementation that started with the DataGrid project +back in 2000 under the leadership of CERN. Distributed processing of data supported by +a pan-European broadband network infrastructure, solutions for trust and identity management +and the Grid middleware, have been the enablers of two Nobel prizes in Physics (2013 and 2017), +and many more data-driven scientific discoveries in high energy physics, astronomy and astrophysics, +health and medicine, and earth sciences resulting in more than 3,000 open access scientific +publications enabled each year. In this webinar Gergely will provide an overview of EGI, +the pan-european federation of national e-infrastructures and he will explain how EGI supports +big data based Open Science and contributes to the implementation of the EOSC vision. The talk goes +through the services that EGI provides for scientific communities, and for the members of the +federation, and will show how these services benefit research, science and innovation in Europe and worldwide. +
diff --git a/content/en/users/tutorials/intermediate/_index.md b/content/en/users/tutorials/intermediate/_index.md new file mode 100644 index 0000000000..84bc41d0b7 --- /dev/null +++ b/content/en/users/tutorials/intermediate/_index.md @@ -0,0 +1,528 @@ +--- +title: Intermediate level +linkTitle: Intermediate +type: docs +weight: 20 +description: > + Tutorials for individual services from the EGI owned service portfolio, + as well as services that are offered by the broader EGI community + to complement the EGI services towards certain types of advanced computing use cases. +--- + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+Target Audience: Scientific communities, developers, integrators and end users. + +"Data Management in EGI with Rucio and FTS" (October, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5711/ +

+ +

+About: Rucio is a data management software, originally developed +for ATLAS at CERN to supersede their previous data management software 10 years ago. Since then +Rucio has been constantly developed by ATLAS and other communities that have come to use Rucio, +ensuring that it is a feature rich, and well maintained open software. +

+Multi-VO Rucio implemented by the STFC in the UK hosts Rucio as a service for many communities. +This is to provide communities the opportunity to use Rucio for their data management solution, +without having to learn about, and host their own instance of Rucio. +

+FTS ( https://fts.web.cern.ch/fts/ ) is a low level data movement service, responsible for +reliable bulk transfer of files between storages. It’ s responsible for globally distributing +the majority of the LHC data across the WLCG infrastructure and it supports many communities is EGI. +

+In this webinar we introduce the main functionalities and show how to interact with the services +in order to schedule transfers. +

+Suggested tutorials + +
+Target Audience: Scientific communities, developers, integrators and end users. + +"Using EGI Cloud infrastructure with fedcloudclient" (September, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5694/ +

+ +

+About: The FedCloud client is a high-level Python package for a command-line client +designed for interaction with the OpenStack services in the EGI infrastructure. The client +can access various EGI services and can perform many tasks for users including managing +access tokens, listing services, and mainly execute commands on OpenStack sites in EGI infrastructure. +

+The webinar will provide tutorial and demonstration of using fedcloudclient in EGI Cloud infrastructure. +

+Suggested tutorials + +
+Target Audience: Scientific communities, developers, IT service providers, and end users. + +"Using Dynamic DNS service in the EGI Cloud infrastructure" (June, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5559/ +

+ +

+About: Nowadays, more and more services are dynamically deployed in Cloud environments. +Usually, the services hosted on virtual machines in Cloud are accessible only via IP addresses +or pre-configured hostnames given by the target Cloud providers, making it difficult to provide +them with meaningful domain names. +

+The Dynamic DNS service provides a unified, federation-wide Dynamic DNS support for VMs in +EGI infrastructure. Users can register their chosen meaningful and memorable DNS host names +in given domains (e.g. my-server.vo.fedcloud.eu) and assign to public IPs of their servers. +By using Dynamic DNS, users can host services in EGI Cloud with their meaningful service names, +can freely move VMs from sites to sites without modifying server/client configurations (federated approach), +and can request valid server certificates in advance (critical for security). +

+The webinar will provide demonstration and tutorial, also practical advice on using Dynamic DNS +service in realistic user scenarios. +
+Target Audience: Developers and administrators of relying parties that want to connect +to Check-in for authenticating users and managing their access rights. + +"Providing controlled access to distributed resources and services with EGI Check-in: +the provider perspective"(May, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5494/ +

+ +

+About: This webinar will help new services to integrate with Check-in, +the EGI Authentication & Authorisation Infrastructure enabling secure access +to relying parties. The target group of the training are developers and administrators +of services that want to connect to Check-in for user authentication and authorisation. +

+The training will showcase the use of the EGI Check-In Federation Registry tool for +managing the lifecycle of a relying party, i.e. registration, reconfiguration and +de-registration. The training will include hands-on sessions for the participants +to integrate their own relying party to Check-In. +
+Target Audience: Scientific communities and IT-service providers who support +research and education. + +"Access and analyze data from the EGI DataHub with Jupyter notebooks and MATLAB" (May, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5499/ +

+ +

+About: Good, clean data is hard to come by. The EGI provides scientists and +researchers access to a large collection of public datasets from data centres globally. +This data can be accessed using the EGI Jupyter Notebook service. MATLAB users can now +analyse this data using the familiar MATLAB desktop, via a web browser, on the EGI’s resources. +

+In this webinar, you will learn how to: +
    +
  1. Use your MATLAB licence to login to the EGI MATLAB installation
    2. +
  2. Access data from the EGI DataHub
    3. +
  3. Read in scientific data into MATLAB
    4. +
  4. Analyse and visualise data using computational notebooks called MATLAB Live Scripts.
    5. +
  5. Share your MATLAB code with your peers.
    6. +
+Suggested tutorials + +
+Target Audience: Scientific communities and IT-service providers. + +"Monitoring services with ARGO" (May, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5496/ +

+ +

+About: ARGO is a lightweight +service for Service Level Monitoring designed for medium and large sized +Research Infrastructures. Services are monitored with probes compatible +with flexible and widely adopted Nagios plugin format. Besides basic availability +checks, services can be monitored by emulating typical user scenarios that allows +to derive the quality of service the actual user gets. +

+ARGO offers near real-time status updates which allow both end-users and site +admins to have an overview of the services offered at any given point in time +via a web user interface and via enriched email notifications. ARGO generates +custom Availability and Reliability reports based on the aggregated monitoring +data. The rich monitoring data collected in ARGO service is actually stored in +a highly flexible big data friendly form using state-of-the-art computational +pipelines and formats. This provides the ability to reuse & analyse the data in +different ways such as to highlight service usage patterns and provide a number +of trends and insights. +

+In this training session we are going to show the process we follow to monitor a +new service with ARGO. In addition, the real time computations and the results via +the alerts, API and UI will be shown. +

+ARGO is a service jointly developed and maintained by +CNRS, +GRNET and +SRCE. +
+Target Audience: Scientific communities, and programmers who support research and education. + +"Managing Singularity, Docker and udocker containers, Kubernetes clusters in the EGI Cloud" (April, 2021) +

+Agenda, slides and recording: https://indico.egi.eu/event/5492/ +

+ +

+About: Containers provide a streamlined way to build, test, deploy, +and redeploy applications on different environments: from the developer’s +local machine to any cloud provider. Containers make it easy for developers +to package applications and for operators to manage and deploy those applications +on the infrastructure. Container orchestrators like Kubernetes facilitate the +management of containerized workloads and services, using declarative configuration +and automation. In this webinar we will introduce the different runtimes available +for executing containers in EGI infrastructure and will show how to manage Kubernetes +clusters to get your containers under control executed on EGI cloud providers. +
+Target Audience: Users and application experts of the EGI communities. + +"DIRAC Services for EGI users" (October, 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5267/ +

+ +

+About: DIRAC is a complete framework for building distributed computing systems +of any level of complexity. Initially developed for the LHCb High Energy Physics experiment +at the LHC collider at CERN, the framework was generalised for the use by multiple scientific +communities in various domains. Services based on the DIRAC software are offered by several +grid infrastructure projects such as France-Grilles or GridPP/UK. Since 2014, the DIRAC services +have also been provided for the EGI users. During the webinar, an overview of the DIRAC framework +will be presented together with a number of services offered to the users by EGI: how to manage +user jobs in the EGI infrastructure, how to connect custom computing and storage resources, +how to manage user data as well as automate regular tasks. Extending DIRAC with community +custom services will also be discussed. +
+Target Audience: IT service providers, site and NGI operation managers (new member of staff). + +"EGI Operations and responsibilities of an NGI" (October 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5268/ +

+ +

+About: This webinar will give an overview of tried and tested approaches to +federated operations, both at the level of the infrastructure as well as at the national +level. It will cover the most important aspects and day-to-day work covered by staff - +both at the international infrastructure level at EGI as well as at an example National Grid +Initiative (NGI). Example scenarios will be presented along with the tools used to deal with +the scenarios. Finally there will be an opportunity for questions and discussions arising +from the topics covered. +
+Target Audience: Site administrators and cluster administrators; CVMFS power users. + +"CernVM-FS for Containers" (October 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5251/ +

+ +

+About: Delivering complex software stacks across a worldwide distributed system +is a challenge in high-throughput scientific computing. The global-scale virtual file +system CernVM-FS distributes more than a billion software binaries to hundreds of thousands +of machines around the world. +

+In this webinar, we will present the latest developments with regard to CernVM-FS container +integration. Containers and CernVM-FS team up nicely: containers provide the isolation +capabilities that decouple the application stack from the underlying platform and CernVM-FS +provides efficient distribution means for the containerized software binaries. Containers are +an enabling technology to harness opportunistic resources and HPC facilities. CernVM-FS enables +the use of such resources at scale. In this webinar, we will show how existing repositories can +be used with several popular container runtimes, such as docker, podman, singularity, and kubernetes. +We will also show how operating system containers themselves can be efficiently distributed through +CernVM-FS. Lastly, we will highlight an upcoming new way of publishing content from within a container. +This makes it easy to set up, build and test and deploy-to-cvmfs pipelines on kubernetes. +
+Target Audience: Scientific communities, and IT-service providers who support research and education. + +"The EGI Datahub to federate distributed data sets for data-intensive applications in the cloud" (June 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5089/ +

+ +

+About: The EGI DataHub allows users to make their data available using different +levels of access: from completely unrestricted open access to open data to authenticated +access to closed data sets. This is possible as a result of the seamless integration with +the EGI AAI service. The data hosted on the EGI DataHub can be readily accessible by cloud +Virtual Machines (VMs) or running grid jobs thanks to full integration with EGI Federated +Cloud and High-Throughput compute resources. The use of protocols such as POSIX and web +services guarantees easy and scalable access to data from cloud and HTC applications. This +ensures maximum compatibility with existing applications and minimum hassle for developers +and users alike. The EGI DataHub is built on top of the EGI Open Data Platform using Onedata +technology to connect a wide range of existing storage services, regardless of their underlying +technology (e.g. Lustre, Amazon S3, Ceph, NFS, or dCache). +

+During this webinar the QoS and hybrid cloud data processing scenarios for distributed EOSC +environments based on EGI DataHub and Onedata solutions will be introduced. +
+Target Audience: Scientific communities and IT-service providers who operate IdP for them. + +"The EGI AAI Check-In service for scientific communities" (May 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5088/ +

+ +

+About: The EGI Check-in service (also called EGI AAI proxy) enables access to +EGI services and resources using federated authentication mechanisms. Specifically, +the proxy service is operated as a central hub between federated Identity Providers +(IdPs) residing ‘outside’ of the EGI ecosystem, and Service Providers (SPs) that are +part of EGI. The main advantage of this design principle is that all entities need to +establish and maintain technical and trust relation only to a single entity, +the EGI AAI proxy, instead of managing many-to-many relationships. In this context, +the proxy acts as a Service Provider towards the Identity Providers and as an Identity +Provider towards the Service Providers. +

+Through the EGI AAI proxy, users are able to authenticate with the credentials +provided by the IdP of their Home Organisation (e.g. via eduGAIN), as well as using +social identity providers, or other selected external identity providers (support for +eGOV IDs is also foreseen). To achieve this, the EGI AAI has built-in support for SAML, +OpenID Connect and OAuth2 providers and already enables user logins through Facebook, +Google, LinkedIn, and ORCID. In addition to serving as an authentication proxy, the +EGI AAI provides a central Discovery Service (Where Are You From – WAYF) for users to +select their preferred IdP. +

+The EGI AAI proxy is also responsible for aggregating user attributes originating +from various authoritative sources (IdPs and attribute provider services) and +delivering them to the connected EGI service providers in a harmonised and +transparent way. Service Providers can use the received attributes for authorisation +purposes, i.e. determining the resources the user has access to. +

+During this webinar we will give an overview about the service and provide +guidelines to support the resource providers’ and communities' needs for federated +access through the EGI AAI Check-In service. The webinar will also cover more advanced +workflows for addressing non-web-based access use cases (e.g. command line and API). +
+Target Audience: Scientific communities, for programmers and IT-service providers who support research and education. + +"The EGI Notebooks service: Support for analytics and big data visualisation in the cloud" (May 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5087/ +

+ +

+About: The EGI Notebooks service is an environment based on Jupyter and the +EGI cloud service that offers a browser-based, scalable tool for interactive data analysis. +The notebooks environment provides users with notebooks where they can combine text, +mathematics, computations and rich media output. The service, in production since late 2019, +is offered in two options: (i) Notebooks for researchers: EGI offers a basic instance of the +Notebooks as an open service. Any researcher can access this automatically to write and play +notebooks on limited capacity cloud servers. (ii) Notebooks for communities: EGI offers customised +Notebooks service to scientific communities. Such customised instances can be hosted on special +hardware (for example with fat nodes and GPUs), can offer special libraries, data import/export +and user authentication systems. +

+During the webinar Enol will go through the main features of the EGI Notebooks service and +he will explain how to use it with Binder and other open-source solutions to implement Open Science. +
+Target Audience: Researchers, and IT-service providers who support research and education. + +"Introduction of the EGI Cloud Compute service" (April 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5085/ +

+ +

+About: The EGI Federated Cloud is a IaaS-type cloud, made of academic private +clouds and virtualized resources and built around open standards. Its development is +driven by requirements of the scientific community. The result is a new type of research +e-infrastructure, based on the mature federated operations services that make EGI a reliable +resource for science. +

+When using EGI Federated Cloud resources, researchers and research communities can +count on: a.) Total control over deployed applications, b.) Elastic resource consumption +based on real need, c.) Immediately processed workloads – no more waiting time, +d.) An extended e-Infrastructure across resource providers in Europe, and +e.) Service performance scaled with elastic resource consumption. +

+In this webinar an overview of the EGI Federated Cloud and how this scalable computing +platform can be used for data and/or compute driven research and/or support the development +of advanced services for research and science will be provided by Enol Fernandez. The webinar +will be relevant for researchers, and IT-service providers who support research and education. +

+Suggested tutorials + +
diff --git a/content/en/users/tutorials/scientific/_index.md b/content/en/users/tutorials/scientific/_index.md new file mode 100644 index 0000000000..5d7d0a0873 --- /dev/null +++ b/content/en/users/tutorials/scientific/_index.md @@ -0,0 +1,200 @@ +--- +title: Scientific level +linkTitle: Scientific +type: docs +weight: 40 +description: > + Examples of domain-specific Thematic Services benefiting from the solutions offered by the EGI Infrastructure. +--- + + + + + + + + + + + + + + + + + + + + + + + + +
+Target Audience: +
    +
  • Oceanographers
    • +
  • Climate Researchers
    • +
  • Ocean Modellers
    • +
  • Ocean Data Managers
    • +
+		 +"The EGI-ACE webODV – Online extraction, analysis and visualisation of SeaDataNet and Argo data" (Nov. 2022) +

+Agenda, slides and recording: https://indico.egi.eu/event/5980/ +

+ +

+About: ODV (Ocean Data View) is a widely used software package for the analysis, +exploration and visualization of oceanographic and other environmental data with almost +100,000 registrations since the 1990’s and more than 10,000 active users. ODV has been +further developed as part of the EU supported activities of SeaDataNet, the pan-European +infrastructure for marine and ocean data management. To make working with web-based large +community datasets easier, an online version of the ODV software called webODV has been +developed, which provides typical ODV functionality in the form of web services. webODV +has been deployed in the cloud in the framework of the EU EGI-ACE project, which seeks +to promote scientific analytical cloud services in support of the European Open Science +Cloud (EOSC) initiative. +

+In this webinar, we will be able to learn about the webODV Explorer and Extractor +components in combination with the large validated Temperature & Salinity data collections +as provided by SeaDataNet and EuroArgo – Argo. Instructions on how to register as a user +to perform analytics, extractions, and visualisations will also be presented. +
+Target Audience: Scientific communities and end users. + +"Can deep learning models help accelerate electrostatics-driven protein pKa predictions?" (Nov. 2022) +

+Agenda, slides and recording: https://indico.egi.eu/event/5981/ +

+ +

+About: pH is a crucial physicochemical property that affects proteins molecular structure, +folding, stability, and function. Many computational methods have been developed to calculate +pKa values. In the highly accurate, but slow, Poisson–Boltzmann (PB)-based methods, proteins are +represented by point charges in a low dielectric medium surrounded by an implicit solvent +(high dielectric). Empirical methods rely on statistically fitting parameters over large +datasets of experimental pKa values. These are much faster than the physics-based methods, +although at the cost of less microscopic insights and unknown predictive power on mutations +and proteins dissimilar to those in the training set. +

+In this webinar we will present a novel strategy to combine the best features of PB +models – accuracy and interpretability – with the speed of classical empirical methods. +The deep learning pKa predictors obtained were trained on a database of 3M theoretical +pKa values estimated from 50k structures using a PB method. With this approach, we can +retrieve the physics-based predictions with an average error below 0.4 pK units while +being up to 1000x faster. +
+Target Audience: Scientific communities and end users. + +"The Virtual Imaging Platform: Scientific Applications as a Service and Beyond" (March, 2022) +

+Agenda, slides and recording: https://indico.egi.eu/event/5824/ +

+ +

+About: The Virtual Imaging Platform (VIP) is a web portal for medical simulation +and image data analysis. It leverages resources available in the EGI biomed Virtual +Organisation to offer an open service to academic researchers worldwide. In the last +few years, VIP has addressed interoperability and reproducibility concerns, in the larger +scope of a FAIR (Findable, Accessible, Interoperable, Reusable) approach to scientific data analysis. +

+The presentation will give an overview of VIP and its main interests for the audience: +
    +
  1. Use existing applications as a service on VIP.
    2. +
  2. Import your own applications to make them available to the community +benefit from EGI biomed resources in a transparent way and
    3. +
  3. Foster open and reproducible science
    4. +
+
+Target Audience: Scientific communities and end users. + +"ENES Data Space Service" (March, 2022) +

+Agenda, slides and recording: https://indico.egi.eu/event/5743/ +

+ +

+About: The ENES Data Space delivers an open, scalable and cloud-enabled data science +environment for climate data analysis on top of the EOSC Compute Platform. It provides access +to a set of specific Coupled Model Intercomparison Project (CMIP) variable-centric collections +to support meteorological and industrial researchers in realistic climate model analysis experiments. +Data is downloaded and kept in sync with the Earth System Grid Federation (ESGF) federated data archive. +

+This webinar will provide a general overview of the ENES Data Space service and its main features. +Moreover, the webinar will include a tutorial on how to join the ENES Data Space service and a short demo +for the participants to get started with the data analysis and visualisation features. +
+Target Audience: Scientific communities, end users and service providers who are interested +in discovering how we have been making efficient use of EGI High Throughput Compute (HTC) resources +over more than 10 years to provide services to worldwide researchers in structural biology and life sciences. + +"WeNMR - Structural biology in the cloud - 10 years of experience of using EGI services" (April 2020) +

+Agenda, slides and recording: https://indico.egi.eu/event/5084/ +

+ +

+About: Structural biology deals with the characterization of the structural +(atomic coordinates) and dynamic (fluctuation of atomic coordinates over time) properties +of biological macromolecules and adducts thereof. Gaining insight into 3D structures of +biomolecules is highly relevant with numerous applications in health and food sciences, +with as current example unravelling the structural details of Sars-Cov2 in the COVID-19 pandemic. +

+Since 2010, the WeNMR project has implemented numerous web-based services to facilitate +the use of advanced computational tools by researchers in the field, using the grid computational +infrastructure provided by EGI. These services have been further developed in subsequent initiatives +under the H2020 EGI-ENGAGE West-Life project and the BioExcel Center of Excellence for Biomolecular +Computational Research. The WeNMR services are currently operating under the European Open Science +Cloud with the H2020 EOSC-Hub project, with the HADDOCK portal sending >10 millions jobs and using +~2700 CPU years per year. In my talk, I will summarise 10 years of successful use of e-infrastructure +solutions to serve a large worldwide community of users (>16’000 to date), providing them with +user-friendly, web-based solutions that allow to run complex workflows in structural biology. +I will illustrate this with details of the HADDOCK service and how we could increase our capacity +to serve COVID-related projects. +

+Suggested tutorials + +
From f6d56be6b21705f860e9a2966cd1c29ad0e6f6ce Mon Sep 17 00:00:00 2001 From: Sebastian Luna-Valero Date: Fri, 2 Jun 2023 09:21:02 +0200 Subject: [PATCH 09/19] Fix relative links in adhoc tutorials (#600) Fix relative links in tutorials moved to adhoc section. --- .../adhoc/accessing-vm-with-ssh/_index.md | 6 ++--- .../_index.md | 16 ++++++------- .../data-transfer-grid-storage/_index.md | 14 +++++------ .../data-transfer-object-storage/_index.md | 18 +++++++-------- .../adhoc/htc-job-submission/_index.md | 23 +++++++++---------- .../jupyter-datahub-virtual-machine/_index.md | 12 +++++----- .../_index.md | 22 +++++++++--------- .../tutorials/adhoc/vm-datahub/_index.md | 8 +++---- 8 files changed, 59 insertions(+), 60 deletions(-) diff --git a/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md b/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md index 4c932bda3e..0e07e6c21b 100644 --- a/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md +++ b/content/en/users/tutorials/adhoc/accessing-vm-with-ssh/_index.md @@ -38,7 +38,7 @@ machine image and is generally different in each operating system image: [obtaining images](https://docs.openstack.org/image-guide/obtain-images.html). - For custom virtual machine images you need to refer to your virtual machine image provider (i.e. it could be something specific like `cloudadm`). -- For virtual machines deployed with [Infrastructure Manager](../../compute/orchestration/im/) +- For virtual machines deployed with [Infrastructure Manager](../../../compute/orchestration/im/) the default username is `cloudadm`. > It is also possible to change the username using `cloud-init` with a user-data @@ -201,9 +201,9 @@ $ ssh centos@192.168.1.3 ## Infrastructure Manager (IM) -The [Infrastructure Manager (IM)](../../compute/orchestration/im/) provides the SSH key that can be used to connect +The [Infrastructure Manager (IM)](../../../compute/orchestration/im/) provides the SSH key that can be used to connect to the virtual machine in the VM -[info page of the IM-Dashboard](../../compute/orchestration/im/dashboard/#vm-info-page). +[info page of the IM-Dashboard](../../../compute/orchestration/im/dashboard/#vm-info-page). The page shows the information related with the virtual machine: the IP, the username (usually `cloudadm`), and the SSH key. diff --git a/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md b/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md index 37dda92e9e..1f27092505 100644 --- a/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md +++ b/content/en/users/tutorials/adhoc/create-your-first-virtual-machine/_index.md @@ -14,13 +14,13 @@ This tutorial describes how to create your first Virtual Machine in the EGI Fede ## Step 1: Signing up -Create an EGI account with [Check-in](../../aai/check-in/signup). +Create an EGI account with [Check-in](../../../aai/check-in/signup). ## Step 2: Enrolling to a Virtual Organisation Once your EGI account is ready you need to join a [Virtual Organisation (VO)](https://confluence.egi.eu/display/EGIG/Virtual+organisation). -Here are the steps to [join a VO](../../aai/check-in/joining-virtual-organisation/). +Here are the steps to [join a VO](../../../aai/check-in/joining-virtual-organisation/). Explore the list of available VOs in the [Operations Portal](https://operations-portal.egi.eu/vo/a/list). We have a dedicated VO called @@ -31,20 +31,20 @@ access to the _vo.access.egi.eu_ VO with your EGI account by visiting the [AppDB](https://appdb.egi.eu/store/vo/vo.access.egi.eu) to see the list of Virtual Appliances and Resource Providers participating in the _vo.access.egi.eu_ VO. AppDB is one of the service in the -[EGI Architecture](../../getting-started/architecture/). +[EGI Architecture](../../../getting-started/architecture/). ## Step 3: Creating a VM Once your membership to a VO has been approved you are ready to create your first Virtual Machine. There are several ways to achieve this. The simplest way is to -use a web dashboard like [VMOps Dashboard](../../compute/cloud-compute/monitor) or -[Infrastructure Manager Dashboard](../../compute/orchestration/im/dashboard). +use a web dashboard like [VMOps Dashboard](../../../compute/cloud-compute/monitor) or +[Infrastructure Manager Dashboard](../../../compute/orchestration/im/dashboard). On the other hand, advanced users -may prefer to use the [command-line interface](../../getting-started/cli). +may prefer to use the [command-line interface](../../../getting-started/cli). To know more about the [Cloud Compute](https://www.egi.eu/service/cloud-compute/) -Service in EGI please visit its [dedicated section](../../compute/cloud-compute). +Service in EGI please visit its [dedicated section](../../../compute/cloud-compute). ## Asking for help -If you find issues please do not hesitate to [contact us](../../../support/). +If you find issues please do not hesitate to [contact us](../../../../support/). diff --git a/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md index dd57ea2844..4138e54524 100644 --- a/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md +++ b/content/en/users/tutorials/adhoc/data-transfer-grid-storage/_index.md @@ -22,17 +22,17 @@ to perform data transfers between two Grid storage. ## Prerequisites As first step please make sure that you have installed the FTS client as -described in [Data Transfer](../../data/management/data-transfer), and in particular -[Clients](../../data/management/data-transfer/clients) for the command-line FTS and to have +described in [Data Transfer](../../../data/management/data-transfer), and in particular +[Clients](../../../data/management/data-transfer/clients) for the command-line FTS and to have your certificate installed in your browser to use -[WebFTS](../../data/management/data-transfer/webfts) browser based client. +[WebFTS](../../../data/management/data-transfer/webfts) browser based client. To access services and resources in the -[EGI Federated Cloud](../../getting-started), you will need: +[EGI Federated Cloud](../../../getting-started), you will need: -- An [EGI Check-in](../../aai/check-in) account, you can - [sign up here](../../aai/check-in/signup) -- Enrollment into a [Virtual Organisation](../../aai/check-in/vos) (VO) that has +- An [EGI Check-in](../../../aai/check-in) account, you can + [sign up here](../../../aai/check-in/signup) +- Enrollment into a [Virtual Organisation](../../../aai/check-in/vos) (VO) that has access to the services and resources you need ## FTS client usage diff --git a/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md b/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md index 6caf797136..4beb2bf6de 100644 --- a/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md +++ b/content/en/users/tutorials/adhoc/data-transfer-object-storage/_index.md @@ -28,19 +28,19 @@ repository to your configuration and update the client{{% /alert %}} ## Prerequisites As first step please make sure that you have installed the FTS client as -described in [Data Transfer](../../data/management/data-transfer), and in -particular [Clients](../../data/management/data-transfer/clients) for the +described in [Data Transfer](../../../data/management/data-transfer), and in +particular [Clients](../../../data/management/data-transfer/clients) for the command-line FTS and to have your certificate installed in your browser to use -[WebFTS](../../data/management/data-transfer/webfts) browser based client. +[WebFTS](../../../data/management/data-transfer/webfts) browser based client. To access services and resources in the -[EGI Federated Cloud](../../getting-started), you will need: +[EGI Federated Cloud](../../../getting-started), you will need: -- An [EGI Check-in](../../aai/check-in) account, you can - [sign up here](../../aai/check-in/signup) -- Enrollment into a [Virtual Organisation](../../aai/check-in/vos) (VO) that has +- An [EGI Check-in](../../../aai/check-in) account, you can + [sign up here](../../../aai/check-in/signup) +- Enrollment into a [Virtual Organisation](../../../aai/check-in/vos) (VO) that has access to the services and resources you need -- An [Object Storage](../../data/storage/object-storage) for which you need to +- An [Object Storage](../../../data/storage/object-storage) for which you need to have all the credentials available (any S3 compatible storage should work) - Permission to add the Object Storage credential to the FTS server or alternatively for this operation you may contact support **at** egi.eu. @@ -58,7 +58,7 @@ As for the "Data transfer with grid storage" tutorial you can look for the available storage on [VAPOR service](https://operations-portal.egi.eu/vapor/resources/GL2ResVO) while the Object Store can be one created as described in the -[Object Storage](../../data/storage/object-storage) section or trough a provider +[Object Storage](../../../data/storage/object-storage) section or trough a provider such as Amazon, Azure, etc ### Step 3 Add the Object Storage credential to the FTS server diff --git a/content/en/users/tutorials/adhoc/htc-job-submission/_index.md b/content/en/users/tutorials/adhoc/htc-job-submission/_index.md index 77bc5408a0..293407a6e6 100644 --- a/content/en/users/tutorials/adhoc/htc-job-submission/_index.md +++ b/content/en/users/tutorials/adhoc/htc-job-submission/_index.md @@ -11,7 +11,7 @@ description: > ## Overview This tutorial describes how to submit -[High Throughput Compute (HTC)](../../compute/high-throughput-compute) jobs +[High Throughput Compute (HTC)](../../../compute/high-throughput-compute) jobs using command-line. > This tutorial is meant for somewhat advanced users or the ones willing or @@ -56,7 +56,7 @@ In order to help with deploying an UI, different solutions are possible: - Deploying an UI manually, using the packages available from [UMD repositories](https://go.egi.eu/umd). You will need to install at least the `ui` meta-package, the - [IGTF distribution](../../../providers/operations-manuals/howto01_using_igtf_ca_distribution), + [IGTF distribution](../../../../providers/operations-manuals/howto01_using_igtf_ca_distribution), and [configure the system to use voms-client](#configuring-the-system-to-use-voms-client). - Some @@ -75,7 +75,7 @@ In order to help with deploying an UI, different solutions are possible: [ui-deployment](https://github.com/EGI-Federation/ui-deployment) provides a [terraform](https://terraform.io) based deployment allowing to deploy a `User Interface (UI)` in a - [Cloud Compute virtual machine](../../compute/cloud-compute). This integrated + [Cloud Compute virtual machine](../../../compute/cloud-compute). This integrated deployment is based on the Ansible modules, and should be adjusted to your environment and needs. @@ -104,7 +104,7 @@ using the proper `.vomses` and `.lsc` files, based on the information available on the VOMS server of the specific VO. - as an example with `dteam`, you can find the VOMS server address in the - [Operations Portal](../../../internal/operations-portal): + [Operations Portal](../../../../internal/operations-portal): [https://operations-portal.egi.eu/vo/view/voname/dteam](https://operations-portal.egi.eu/vo/view/voname/dteam). Then looking at [dteam VOMS configuration](https://voms2.hellasgrid.gr:8443/voms/dteam/configuration/configuration.action), @@ -202,7 +202,7 @@ key usage : Digital Signature, Key Encipherment ## Step 3: identifying available resources It is possible to identify available resources by -[querying the information system](../../compute/high-throughput-compute/querying-information-system). +[querying the information system](../../../compute/high-throughput-compute/querying-information-system). Two Computing Element (CE) "flavours" are used in production: @@ -215,13 +215,13 @@ In this section we will document querying the EGI Information System to retrieve information about the available resources. {{% alert title="Tip" color="info" %}} It's also possible to use -[VAPOR to query resources using a graphical interface](../../../internal/operations-portal/using-vapor#using-vapor-to-query-resources-using-a-graphical-interface). +[VAPOR to query resources using a graphical interface](../../../../internal/operations-portal/using-vapor#using-vapor-to-query-resources-using-a-graphical-interface). {{% /alert %}} ### Use case: identifying all the Computing Elements supporting the dteam VO As documented in the pages covering the -[querying of the Information System](../../compute/high-throughput-compute/querying-information-system), +[querying of the Information System](../../../compute/high-throughput-compute/querying-information-system), in **GLUE 2.0**, the access granted to a given VO to a compute or storage resource, is published using the `GLUE2Share` and `GLUE2Policy` objects. The `GLUE2ComputingShare` object specifically documents sharing of compute @@ -582,7 +582,6 @@ $ glite-ce-job-output "$JOB_ID" #### References - [CREAM User's guide](https://cream-guide.readthedocs.io/en/latest/User_Guide.html) -- [CREAM User's Guide for EMI-3](https://wiki-igi.cnaf.infn.it/twiki/bin/view/CREAM/UserGuideEMI3) ### Via the EGI Workload Manager @@ -591,11 +590,11 @@ $ glite-ce-job-output "$JOB_ID" > computing workloads on the EGI infrastructure. Using the -[Workload Manger web interface](../../compute/orchestration/workload-manager/#the-egi-workload-manager-web-portal) +[Workload Manger web interface](../../../compute/orchestration/workload-manager/#the-egi-workload-manager-web-portal) or the -[DIRAC command-line interface (CLI)](../../compute/orchestration/workload-manager/#the-dirac-client-tool) +[DIRAC command-line interface (CLI)](../../../compute/orchestration/workload-manager/#the-dirac-client-tool) is documented in the -[EGI Workload Manager](../../compute/orchestration/workload-manager). +[EGI Workload Manager](../../../compute/orchestration/workload-manager). ### Troubleshooting @@ -613,4 +612,4 @@ the CRITICAL button). ## Asking for help -If you find issues please do not hesitate to [contact us](../../../support/). +If you find issues please do not hesitate to [contact us](../../../../support/). diff --git a/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md index 9348544e52..d663d19d84 100644 --- a/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md +++ b/content/en/users/tutorials/adhoc/jupyter-datahub-virtual-machine/_index.md @@ -21,7 +21,7 @@ synchronise images from AppDB but is not part of the federation. This tutorial assumes you have: - A valid EGI account: learn to can create one in - [Check-in](../../aai/check-in/signup). + [Check-in](../../../aai/check-in/signup). - Access to a cloud provider where the [Jupyter DataHub VM is available](https://appdb.egi.eu/store/vappliance/jupyter.datahub.vm). Alternatively, this VM can be run on your computer using a virtualisation tool @@ -37,7 +37,7 @@ learn how to start a VM at EGI's Federated Cloud infrastructure. This VM does not contain any default credentials, in order to access it you need a ssh key. Check -[this FAQ entry](../../compute/cloud-compute/faq/#how-can-i-inject-my-public-ssh-key-into-the-machine) +[this FAQ entry](../../../compute/cloud-compute/faq/#how-can-i-inject-my-public-ssh-key-into-the-machine) for more information. If you are starting this VM on VirtualBox, you will need to pass some valid context for cloud-init, see [here how to prepare it](https://superuser.com/a/853957). @@ -47,7 +47,7 @@ accessing the notebooks interface. Make sure your have those ports open on your security groups, otherwise you will not be able to reach the Jupyter notebooks. Once your instance is ready, -[assign it a public IP](../../compute/cloud-compute/faq/#how-can-i-assign-a-public-ip-to-my-vm) +[assign it a public IP](../../../compute/cloud-compute/faq/#how-can-i-assign-a-public-ip-to-my-vm) so you can reach it from your computer. ### Step 2: Get a hostname and certificate for your VM @@ -63,7 +63,7 @@ safer and more secure. Firstly, you need a valid name for your VM. You can use the [FedCloud Dynamic DNS](https://nsupdate.fedcloud.eu) to create a name. See -[Dynamic DNS docs](../../compute/cloud-compute/dynamic-dns/) for more +[Dynamic DNS docs](../../../compute/cloud-compute/dynamic-dns/) for more information on the service. Once you have your name ready, assign it your VM's IP. @@ -136,12 +136,12 @@ $ micromamba install -c conda-forge tensorflow ### Step 5: Mount DataHub spaces Log into [EGI's DataHub](https://datahub.egi.eu/) and -[create a token](../../data/management/datahub/clients/#generating-tokens-for-using-oneclient-or-apis) +[create a token](../../../data/management/datahub/clients/#generating-tokens-for-using-oneclient-or-apis) for mounting your data in the VM. You will also need the IP or address of your closest Oneprovider for the spaces you are interested in accessing. This information is easily obtainable via -[DataHub's web interface](../../data/management/datahub/clients/#using-the-web-interface). +[DataHub's web interface](../../../data/management/datahub/clients/#using-the-web-interface). Go to your Jupyter session in your browser and edit the `mount.sh` file in your home directory. Set the `ONECLIENT_ACCESS_TOKEN` and `ONECLIENT_PROVIDER_HOST` diff --git a/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md b/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md index 0d7c5ea3bb..b3bf21621e 100644 --- a/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md +++ b/content/en/users/tutorials/adhoc/oidc-agent-fedcloudclient-terraform/_index.md @@ -13,25 +13,25 @@ description: > This tutorial describes how to create a Virtual Machine in the EGI Federation, leveraging [oidc-agent](https://indigo-dc.gitbook.io/oidc-agent/) to retrieve -ODIC tokens from [EGI Check-in](../../aai/check-in), +ODIC tokens from [EGI Check-in](../../../aai/check-in), [fedcloudclient](https://fedcloudclient.fedcloud.eu/) to simplify interacting -with the [EGI Cloud Compute service](../../compute/cloud-compute), +with the [EGI Cloud Compute service](../../../compute/cloud-compute), [terraform](https://www.terraform.io) and [Ansible](https://www.ansible.com/) to simplify deploying an infrastructure. -[EGI Dynamic DNS](../../compute/cloud-compute/dynamic-dns) is also used to +[EGI Dynamic DNS](../../../compute/cloud-compute/dynamic-dns) is also used to assign a domain name to the virtual machine, which can then be used to get a valid TLS certificate from [Let's Encrypt](https://letsencrypt.org/). ## Step 1: Signing up for an EGI Check-in account -Create an EGI account with [Check-in](../../aai/check-in/signup). +Create an EGI account with [Check-in](../../../aai/check-in/signup). ## Step 2: Enrolling to a Virtual Organisation Once your EGI account is ready you need to join a [Virtual Organisation (VO)](https://confluence.egi.eu/display/EGIG/Virtual+organisation). Here are the steps to -[join a VO](../../aai/check-in/joining-virtual-organisation/). Explore the list +[join a VO](../../../aai/check-in/joining-virtual-organisation/). Explore the list of available VOs in the [Operations Portal](https://operations-portal.egi.eu/vo/a/list). We have a dedicated VO called @@ -42,7 +42,7 @@ the [enrolment URL](https://aai.egi.eu/registry/co_petitions/start/coef:240). Check [AppDB](https://appdb.egi.eu/store/vo/vo.access.egi.eu) to see the list of Virtual Appliances and Resource Providers participating in the _vo.access.egi.eu_ VO. AppDB is one of the service in the -[EGI Architecture](../../getting-started/architecture/). +[EGI Architecture](../../../getting-started/architecture/). > This tutorial will assume you are using `vo.access.egi.eu`, adapt as required > for your specific environment. @@ -53,8 +53,8 @@ Once your membership to a VO has been approved you are ready to create your first Virtual Machine. The OpenID Connect (OIDC) protocol is used to authenticate users and authorise -access to [Cloud Compute](../../compute/cloud-compute/) resources that are -integrated with [EGI Check-in](../../aai/check-in/). +access to [Cloud Compute](../../../compute/cloud-compute/) resources that are +integrated with [EGI Check-in](../../../aai/check-in/). While it's not mandatory, a convenient way to manage the OIDC token is to use [oidc-agent](#setting-up-oidc-agent). @@ -172,7 +172,7 @@ You can retrieve information from the AppDB about the sites supporting the ### Deploying the Virtual Machine with terraform Instead of creating the server manually, it is possible to use -[terraform with EGI Cloud Compute](../../compute/cloud-compute/openstack/#terraform). +[terraform with EGI Cloud Compute](../../../compute/cloud-compute/openstack/#terraform). The [Terraform OpenStack provider](https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs) @@ -386,7 +386,7 @@ virtual machine using a fully qualified hostname and allowing to retrieve a [Let's Encrypt certificate](https://letsencrypt.org/). > Please look at the -> [EGI Dynamic DNS documentation](../../compute/cloud-compute/dynamic-dns/) for +> [EGI Dynamic DNS documentation](../../../compute/cloud-compute/dynamic-dns/) for > instructions on creating the configuration for a new host. The @@ -542,4 +542,4 @@ cases, or be used as a source of inspiration: ## Asking for help -If you find issues please do not hesitate to [contact us](../../../support/). +If you find issues please do not hesitate to [contact us](../../../../support/). diff --git a/content/en/users/tutorials/adhoc/vm-datahub/_index.md b/content/en/users/tutorials/adhoc/vm-datahub/_index.md index bb691fd2a3..58ff282fa0 100644 --- a/content/en/users/tutorials/adhoc/vm-datahub/_index.md +++ b/content/en/users/tutorials/adhoc/vm-datahub/_index.md @@ -10,7 +10,7 @@ description: > ## Overview -This tutorial describes the access to [EGI DataHub](../../data/management/datahub) spaces +This tutorial describes the access to [EGI DataHub](../../../data/management/datahub) spaces from a virtual machine. In the following paragraphs you will learn how to access data remotely stored in EGI DataHub like if they were local, using traditional POSIX command-line commands, by: @@ -21,8 +21,8 @@ traditional POSIX command-line commands, by: ## Prerequisites In order to access the EGI DataHub data you need an -[EGI Check-in](../../aai/check-in) account. If you don't have one yet -you can [Sign up for an EGI account](../../aai/check-in/signup). +[EGI Check-in](../../../aai/check-in) account. If you don't have one yet +you can [Sign up for an EGI account](../../../aai/check-in/signup). ## Oneclient installation @@ -60,7 +60,7 @@ ease the transfer of data. ## Getting the token to access data In order to access data stored in EGI DataHub via oneclient, -you need to [get an API access token](../../data/management/datahub/api/#getting-an-api-access-token). +you need to [get an API access token](../../../data/management/datahub/api/#getting-an-api-access-token). ## Using oneclient From e42dc52576e7020760016da3a1c8cc637e467aa9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Enol=20Fern=C3=A1ndez?= Date: Wed, 7 Jun 2023 16:17:46 +0100 Subject: [PATCH 10/19] Enforce link checking (#602) # Summary - Force checking every link - Weekly schedule checks for links --- **Related issue :** #603 --- .github/linters/mlc_config.json | 3 +++ .github/workflows/check-links.yml | 5 +++- .../internal/security-coordination/_index.md | 8 +++--- .../providers/cloud-compute/openstack/aai.md | 2 +- .../cloud-compute/openstack/cloud-info.md | 2 +- .../federated-resource-centre/_index.md | 2 +- content/en/support/_index.md | 2 +- .../en/users/compute/cloud-compute/_index.md | 2 +- .../compute/high-throughput-compute/_index.md | 2 +- .../orchestration/workload-manager/_index.md | 2 +- .../data/management/data-transfer/_index.md | 2 +- .../data/management/datahub/clients/_index.md | 2 +- .../data/management/rucio/admin/_index.md | 26 +++++++++---------- .../rucio/getting-started/_index.md | 4 +-- .../data/storage/object-storage/_index.md | 2 +- content/en/users/getting-started/_index.md | 2 +- .../communities/dmcc/_index.md | 8 +++--- 17 files changed, 41 insertions(+), 35 deletions(-) diff --git a/.github/linters/mlc_config.json b/.github/linters/mlc_config.json index 1388779a79..80be965c54 100644 --- a/.github/linters/mlc_config.json +++ b/.github/linters/mlc_config.json @@ -71,6 +71,9 @@ { "pattern": "^https://operations-portal.egi.eu/downtimes/subscription" }, + { + "pattern": "^https://operations-portal.egi.eu/home/tasksList" + }, { "pattern": "^https://operations-portal.egi.eu/vo" }, diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index bbdf321f2a..68fd507607 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -3,6 +3,9 @@ name: Check links on: pull_request: + schedule: + # run on Sundays morning + - cron: '32 9 * * 0' jobs: markdown-link-check: @@ -23,7 +26,7 @@ jobs: uses: gaurav-nelson/github-action-markdown-link-check@v1 with: config-file: ".github/linters/mlc_config.json" - check-modified-files-only: "yes" + check-modified-files-only: ${{ github.event_name == 'pull_request' && 'yes' || 'no' }} use-quiet-mode: "yes" use-verbose-mode: "yes" base-branch: "main" diff --git a/content/en/internal/security-coordination/_index.md b/content/en/internal/security-coordination/_index.md index 2817b05db3..cbfc9125ef 100644 --- a/content/en/internal/security-coordination/_index.md +++ b/content/en/internal/security-coordination/_index.md @@ -36,10 +36,10 @@ This service provides: acceptable use policies, identifying users and managing user communities), traceability, legal aspects, and the protection of personal data. - **Software Vulnerability Group Coordination** - The Software Vulnerability - Group [SVG](https://confluence.egi.eu/display/EGIBG/SVG) aims to eliminate - existing software vulnerabilities from the deployed infrastructure and prevent - the introduction of new ones, and runs a process for handling software - vulnerabilities reported. + Group [SVG](https://confluence.egi.eu/pages/viewpage.action?pageId=82380236) + aims to eliminate existing software vulnerabilities from the deployed + infrastructure and prevent the introduction of new ones, and runs a process + for handling software vulnerabilities reported. - **International Grid Trust Federation (IGTF) and EUGridPMA** - Representation of EGI in IGTF and EUGridPMA. A common authentication trust domain is required to persistently identify all EGI participants. diff --git a/content/en/providers/cloud-compute/openstack/aai.md b/content/en/providers/cloud-compute/openstack/aai.md index cfa3cf6903..f89a43394e 100644 --- a/content/en/providers/cloud-compute/openstack/aai.md +++ b/content/en/providers/cloud-compute/openstack/aai.md @@ -669,7 +669,7 @@ and Demo environments already using Keycloak since June 24th 2022 and Production environment expected to migrate during July 2022. A general guide on migration is available on -[Check-in documentation](../../../check-in/sp#client-migration-to-keycloak), in +[Check-in documentation](../../check-in/sp#client-migration-to-keycloak), in this section we provide specific information for OpenStack providers. ### Changes in Apache configuration diff --git a/content/en/providers/cloud-compute/openstack/cloud-info.md b/content/en/providers/cloud-compute/openstack/cloud-info.md index 68a977c76d..497ca25ffc 100644 --- a/content/en/providers/cloud-compute/openstack/cloud-info.md +++ b/content/en/providers/cloud-compute/openstack/cloud-info.md @@ -11,7 +11,7 @@ flavors available at the OpenStack for the federation users. It runs as a single python application [cloud-info-provider](https://github.com/EGI-Federation/cloud-info-provider) that pushes information through the -[Messaging Service](../../../../internal/messaging). +[Messaging Service](../../../internal/messaging/). {{% alert title="BDII is deprecated" color="info" %}} Cloud providers no longer need to provide BDII as the Argo Messaging Service is used instead for diff --git a/content/en/providers/joining/federated-resource-centre/_index.md b/content/en/providers/joining/federated-resource-centre/_index.md index e574184fd4..d11e554bc8 100644 --- a/content/en/providers/joining/federated-resource-centre/_index.md +++ b/content/en/providers/joining/federated-resource-centre/_index.md @@ -131,7 +131,7 @@ different entities. Anyone can report a software vulnerability via a [form](https://csirt.egi.eu/report-vulnerability/) or by email contacting the -[Software Vulnerability Group (SVG)](https://confluence.egi.eu/display/EGIBG/SVG). +[Software Vulnerability Group (SVG)](https://confluence.egi.eu/pages/viewpage.action?pageId=82380236). The report will trigger an assessment, following the [SEC02 Software Vulnerability Issue Handling](https://go.egi.eu/sec02) diff --git a/content/en/support/_index.md b/content/en/support/_index.md index 8ea9a2ddb4..8613185f2d 100644 --- a/content/en/support/_index.md +++ b/content/en/support/_index.md @@ -9,7 +9,7 @@ menu: --- Support for EGI services is available through the -[EGI Helpdesk](http://helpdesk.egi.eu/), an internal EGI +[EGI Helpdesk](https://helpdesk.egi.eu/), an internal EGI [service](../internal/helpdesk). The EGI Helpdesk is a distributed tool with central coordination, which diff --git a/content/en/users/compute/cloud-compute/_index.md b/content/en/users/compute/cloud-compute/_index.md index 36b7fa2efe..906efd21b9 100644 --- a/content/en/users/compute/cloud-compute/_index.md +++ b/content/en/users/compute/cloud-compute/_index.md @@ -74,4 +74,4 @@ emerged: [Training infrastructure](https://www.egi.eu/service/training-infrastructure/) Eager to test this service? Have a look at -[how to create your first Virtual Machine in EGI](../../tutorials/create-your-first-virtual-machine). +[how to create your first Virtual Machine in EGI](../../tutorials/adhoc/create-your-first-virtual-machine). diff --git a/content/en/users/compute/high-throughput-compute/_index.md b/content/en/users/compute/high-throughput-compute/_index.md index b686859634..4bed00f1f0 100644 --- a/content/en/users/compute/high-throughput-compute/_index.md +++ b/content/en/users/compute/high-throughput-compute/_index.md @@ -119,4 +119,4 @@ Before users can access EGI HTC services, they have to: > If you are interested in using command-line and direct submission to Compute > Elements, there is a -> [tutorial on HTC job submission](../../tutorials/htc-job-submission). +> [tutorial on HTC job submission](../../tutorials/adhoc/htc-job-submission). diff --git a/content/en/users/compute/orchestration/workload-manager/_index.md b/content/en/users/compute/orchestration/workload-manager/_index.md index 735e10b8f2..da102920fc 100644 --- a/content/en/users/compute/orchestration/workload-manager/_index.md +++ b/content/en/users/compute/orchestration/workload-manager/_index.md @@ -23,7 +23,7 @@ scientific communities. {{% alert title="Note" color="info" %}} Workload Manager is based on -[DIRAC technology](https://diracgrid.org/).
+[DIRAC technology](https://github.com/DIRACGrid/DIRAC).
The delivery of the service is coordinated by the EGI Foundation and [IN2P3](https://in2p3.cnrs.fr/) provides the resources and operates the service. diff --git a/content/en/users/data/management/data-transfer/_index.md b/content/en/users/data/management/data-transfer/_index.md index 2c924d2b58..ede3eef73f 100644 --- a/content/en/users/data/management/data-transfer/_index.md +++ b/content/en/users/data/management/data-transfer/_index.md @@ -31,7 +31,7 @@ The main features of EGI Data Transfer are: {{% alert title="Tip" color="info" %}} Eager to test this service? Have a look at our tutorial on -[how to transfer data in the grid](../../../tutorials/data-transfer-grid-storage). +[how to transfer data in the grid](../../../tutorials/adhoc/data-transfer-grid-storage). {{% /alert %}} {{% alert title="Note" color="info" %}} EGI Data Transfer is based on the diff --git a/content/en/users/data/management/datahub/clients/_index.md b/content/en/users/data/management/datahub/clients/_index.md index 9300c2f5a7..a2e0528d0b 100644 --- a/content/en/users/data/management/datahub/clients/_index.md +++ b/content/en/users/data/management/datahub/clients/_index.md @@ -14,7 +14,7 @@ the `oneclient` component or the [API](../api). The official documentation for `oneclient` is hosted on the [Onedata homepage](https://onedata.org/#/home/documentation/doc/using_onedata/oneclient.html), -and a specific [tutorial](../../../../tutorials/vm-datahub) on how to install +and a specific [tutorial](../../../../tutorials/adhoc/vm-datahub) on how to install and use it from a Virtual Machine is also available. ## Using the web interface diff --git a/content/en/users/data/management/rucio/admin/_index.md b/content/en/users/data/management/rucio/admin/_index.md index 17148b5fbc..74b7500ef4 100644 --- a/content/en/users/data/management/rucio/admin/_index.md +++ b/content/en/users/data/management/rucio/admin/_index.md @@ -22,7 +22,7 @@ authentication methods. The identities bind authentication methods and permissions to the account. The account you want to create identities for is input as an argument. Accounts will have different permissions and access (such as how much data they can store on a particular -[RSE](https://rucio.cern.ch/documentation/rucio_storage_element)). +[RSE](https://rucio.cern.ch/documentation/started/concepts/rucio_storage_element/)). ### CLI Example @@ -62,7 +62,7 @@ True ## Creating RSE(s) -[Rucio Storage Elements](https://rucio.cern.ch/documentation/rucio_storage_element) +[Rucio Storage Elements](https://rucio.cern.ch/documentation/started/concepts/rucio_storage_element/) (RSEs) are how Rucio represents the physical storage available to your VO. As with many aspects of Rucio there are a lot of optional attributes that can be set for an RSE, but as a minimum a protocol for transfers need to be added @@ -193,10 +193,10 @@ documentation or the help for the function in question. Most operations in Rucio (such as transfers, deletions, rule evaluation) require one or more of the -[daemons](https://rucio.cern.ch/documentation/main_components) to be running in -order to take effect. For a multi-VO instance, these should be running for all -VOs already. However, on new VO's joining Rucio some updating of the daemons -will be necessary. +[daemons](https://rucio.cern.ch/documentation/started/main_components#daemons) +to be running in order to take effect. For a multi-VO instance, these should be +running for all VOs already. However, on new VO's joining Rucio some updating of +the daemons will be necessary. If it seems like it is not quite right please contact the Rucio team through [GGUS](https://ggus.eu/?mode=ticket_submit). @@ -204,11 +204,11 @@ If it seems like it is not quite right please contact the Rucio team through ## Uploading Data In Rucio files and their replicas are represented by Data Identifiers -([DIDs](https://rucio.cern.ch/documentation/file_dataset_container)), which are -composed of a scope and name. Furthermore, multiple files can be attached to a -dataset, which in turn can be attached to a container (which can be attached to -another container and so on). Datasets and containers are also represented by -DIDs. +([DIDs](https://rucio.cern.ch/documentation/started/concepts/file_dataset_container)), +which are composed of a scope and name. Furthermore, multiple files can be +attached to a dataset, which in turn can be attached to a container (which can +be attached to another container and so on). Datasets and containers are also +represented by DIDs. Scopes are always associated with a particular Rucio account, and must be added to Rucio using an admin account. If no scope is provided when uploading, Rucio @@ -303,8 +303,8 @@ True Once a DID exists within the Rucio catalogue, replicas of that file, dataset or collection are created and maintained by -[Replication rules](https://rucio.cern.ch/documentation/replica_management). By -uploading a file to a particular RSE, a replication rule is created for that +[Replication rules](https://rucio.cern.ch/documentation/started/concepts/replica_management). +By uploading a file to a particular RSE, a replication rule is created for that file, however rules can also be added for existing DIDs. As a minimum an RSE and number of copies must be specified, but further options such as lifetime of the rule and selecting RSEs based on user set attributes are also possible. diff --git a/content/en/users/data/management/rucio/getting-started/_index.md b/content/en/users/data/management/rucio/getting-started/_index.md index f51325312b..c06045d13a 100644 --- a/content/en/users/data/management/rucio/getting-started/_index.md +++ b/content/en/users/data/management/rucio/getting-started/_index.md @@ -9,9 +9,9 @@ description: >- ## Rucio terms -- [**Rucio Storage Element**](https://rucio.cern.ch/documentation/rucio_storage_element) +- [**Rucio Storage Element**](https://rucio.cern.ch/documentation/started/concepts/rucio_storage_element/) (RSE) is another name for an endpoint, or storage solution. -- [**Rules**](https://rucio.cern.ch/documentation/replica_management) are an +- [**Rules**](https://rucio.cern.ch/documentation/started/concepts/replica_management) are an instruction to Rucio to do a certain thing. This can be to ensure file _x_ has at least 1 copy at _storagesite1_, or ensure file _y_ is on tape, or even on tape at more than one location, or even file _z_ has 2 copies at any site diff --git a/content/en/users/data/storage/object-storage/_index.md b/content/en/users/data/storage/object-storage/_index.md index 06f53b773f..f617b9995d 100644 --- a/content/en/users/data/storage/object-storage/_index.md +++ b/content/en/users/data/storage/object-storage/_index.md @@ -482,7 +482,7 @@ will be able to generate properly signed URLs for the objects in the storage. `` `egi.eu` for more details. {{% /alert %}} You can then refer to this -[tutorial](../../../tutorials/data-transfer-object-storage) to see how to +[tutorial](../../../tutorials/adhoc/data-transfer-object-storage) to see how to transfer to/from an Object storage endpoint. @@ -40,8 +43,8 @@ Multi-VO Rucio implemented by the STFC in the UK hosts Rucio as a service for ma This is to provide communities the opportunity to use Rucio for their data management solution, without having to learn about, and host their own instance of Rucio.

-FTS ( https://fts.web.cern.ch/fts/ ) is a low level data movement service, responsible for -reliable bulk transfer of files between storages. It’ s responsible for globally distributing +FTS is a low level data movement service, responsible for +reliable bulk transfer of files between storages. It's responsible for globally distributing the majority of the LHC data across the WLCG infrastructure and it supports many communities is EGI.

In this webinar we introduce the main functionalities and show how to interact with the services @@ -525,4 +528,96 @@ will be relevant for researchers, and IT-service providers who support research + + + + + + + + + + + +
+Target Audience: Scientific communities, for programmers and IT-service providers who support research and education. + +"Introduction to Slurm" (March 2023) +

+ +

+About: Slurm is an open-source, fault-tolerant, and highly scalable +cluster management and job scheduling system for large and small Linux clusters. +In this tutorial, we briefly discuss the benefits of using batch schedulers, +the motivations to use Slurm and provide a list of commands to get started with Slurm. +

+Suggested material + +
+Target Audience: Scientific communities, for programmers and IT-service providers who support research and education. + +"Introduction to Snakemake" (December 2022) +

+ +

+About: The Snakemake workflow management system is a tool +for creating reproducible and scalable data analyses. Workflows +are described via a human-readable, Python-based language. They +can be seamlessly scaled to server, cluster, grid and cloud environments +without the need to modify the workflow definition. Finally, Snakemake +workflows can entail a description of the required software, which will +be automatically deployed to any execution environment. +

+Slides and code + +
+Target Audience: Scientific communities, for programmers and IT-service providers who support research and education. + +"Leveraging the Onedata Platform for Long-Term Data Archiving" (June 2023) +

+ +

+About: In this presentation, we will discuss the latest advancements +in the Onedata platform, focusing on its new features for long-term data +archiving and processing. We will demonstrate how the platform has been +optimized to meet the Open Archival Information System (OAIS) standards, +ensuring the reliable preservation and accessibility of archived information +over time. Furthermore, we will explore the integration of Function as a +Service (FaaS) capabilities in the platform, allowing for seamless and +scalable data processing on demand. By combining the robust archiving +capabilities of the OAIS standard with the flexibility of FaaS, the Onedata +platform emerges as a powerful solution for organizations seeking efficient +and reliable management of their long-term data storage and processing needs. +
+ diff --git a/content/en/users/tutorials/scientific/_index.md b/content/en/users/tutorials/scientific/_index.md index 5d7d0a0873..eedd94194c 100644 --- a/content/en/users/tutorials/scientific/_index.md +++ b/content/en/users/tutorials/scientific/_index.md @@ -197,4 +197,149 @@ to serve COVID-related projects. + + +Target Audience: Scientific communities working in the domain of Earth Observation. + + +"C-SCALE Notebooks for Earth Observation" (June 2023) +

+ +

+About: The C-SCALE project has been federating compute and data resource providers +around centralized EGI services, aiming at providing users with seamless access to +processing capacities as well as source data for their analyses. Alongside the traditional +IaaS and PaaS services, Jupyter Notebooks have been identified as an environment suitable +not only for interactive analysis within C-SCALE, but also for documenting the different +steps one needs to take in discovering and accessing geospatial data across Europe. +The demonstration of C-SCALE's example notebooks and procedures will focus on those +essential features: simple steps to get started using the federated resources for +interactive resources of Earth Observation data. +

+Slides and code + + + + + +Target Audience: Scientific communities working in the domain of Earth Observation. + + +"C-SCALE Earth Observation - Metadata Query Service" (March 2023) +

+ +

+About: The C-SCALE Earth Observation Metadata Query Service (EO-MQS) +makes Copernicus data distributed across providers within the C-SCALE Data +federation discoverable and searchable. +

+Slides and code + + + + + +Target Audience: Scientific communities working in the domain of Earth Observation. + + +"Introduction to openEO Platform" (December 2022) +

+ +

+About: openEO platform provides intuitive programming libraries +to process a wide variety of earth observation datasets. This large-scale +data access and processing is performed on multiple infrastructures, which +all support the openEO API. This allows use cases from explorative research +to large-scale production of EO-derived maps and information. +

+Slides and code + + + + + +Target Audience: Scientific communities and end users. + + +"I-NERGY, European AI-on demand platform" (July 2023) +

+ +

+About: I-NERGY aims to support and develop novel AI-based energy +services as part of the enrichment of European AI-on demand platform. +This webinar will present the objectives and scope of the project, +its requirements in terms of resources and the successful utilisation +of EGI infrastructure. The webinar will conclude with a demo of I-NERGY services. + + + + +Target Audience: Scientific communities and end users. + + +"Access to the EISCAT tools with help of EGI checkin" (June 2023) +

+ +

+About: The present era of rapid technological advances creates a +challenge for data providers and scientists to create and maintain FAIR +data and services not just for future operations but also for historical +data gathered and analysed with technologies that are slowly phasing out +of their usage. GUISDAP is an open-source software package, written in +MATLAB, C and Fortran and provided and maintained by EISCAT, for analysis +and visualisation of its incoherent scatter radar data as well as for some +other radars in the world. One way how to preserve GUISDAP operability +and accessibility by the user community is to make it accessible through +a Jupyter notebook docker deployment through EISCAT resources and in the +frame of an EOSC project. This will help to ensure the FAIRness of EISCAT +data by providing tools for reanalysis and visualisation that will be +accessible by any potential EISCAT user with the help of EGI check-in technology. + + From 1873a31a2290faf6f5bc1f78789520ef6a3dd3ab Mon Sep 17 00:00:00 2001 From: Max Fischer Date: Tue, 18 Jul 2023 11:45:45 +0200 Subject: [PATCH 15/19] Add HEPScore23 to example (#606) This PR updates the description and examples of HTC accounting to include the new HEPScore benchmark. * Add HEPScore23 alongside existing HEPSPEC * Documentation cleanup --- .../high-throughput-compute/_index.md | 2 +- .../htcondor-ce-accounting/_index.md | 30 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/content/en/providers/high-throughput-compute/_index.md b/content/en/providers/high-throughput-compute/_index.md index 5384f91d98..46e8dce6b7 100644 --- a/content/en/providers/high-throughput-compute/_index.md +++ b/content/en/providers/high-throughput-compute/_index.md @@ -32,5 +32,5 @@ Main characteristics of the service: Miscellaneous collection of documentation related to High-Throughput Compute. - [Changing the Site BDII](./changing-site-bdii) -- [HTCondor-CE Accounring](./htcondor-ce-accounting) +- [HTCondor-CE Accounting](./htcondor-ce-accounting) - [Storage Accounting](./storage-accounting) diff --git a/content/en/providers/high-throughput-compute/htcondor-ce-accounting/_index.md b/content/en/providers/high-throughput-compute/htcondor-ce-accounting/_index.md index 9fabb97347..5c77ef3d80 100644 --- a/content/en/providers/high-throughput-compute/htcondor-ce-accounting/_index.md +++ b/content/en/providers/high-throughput-compute/htcondor-ce-accounting/_index.md @@ -56,10 +56,13 @@ jobs and feed them to APEL. ```ini manual_spec1 = :9619/-condor,, ``` + + Commonly, the spec type is one of + [``HEPscore23`` or ``HEPSPEC``](https://w3.hepix.org/benchmarking.html). + The spec value is per core. For example, if the CE has the Fully Qualified Domain Name (FQDN) - `my-htcondor-ce.example.com` and resources averaging 12.5 - [HEPSPEC](https://w3.hepix.org/benchmarking.html) per core: + `my-htcondor-ce.example.com` and resources average 12.5 HEPSPEC per core: ```ini manual_spec1 = my-htcondor-ce.example.com:9619/my-htcondor-ce.example.com-condor,HEPSPEC,12.5 @@ -76,29 +79,26 @@ improved by adding performance information per machine. Performance information may be added to each HTCondor StartD. There are two separate ways to do so: -- An _absolute_ performance spec value can be assigned to the `StartD`, similar - to the average spec value assigned to the CE. HTCondor-CE APEL accounting - weights resource usage by comparing the `StartD` spec value to the average - spec value. +- An _absolute_ spec value, similar to the average spec value on to the CE. + HTCondor-CE APEL accounting then weights resource usage by comparing the + `StartD` spec value to the average spec value. In the `StartD` configuration, define `ApelSpecs` as a new-style classad - mapping between a spec type and its value; multiple spec types are supported, - but in practice `HEPSPEC` is currently the only one needed. Also add - `ApelSpecs` to the attributes of the `StartD`. + mapping of spec types and their values; multiple spec types are supported. + Also add `ApelSpecs` to the classad attributes of the `StartD`: ```ini # The absolute performance per core on this StartD - ApelSpecs = [HEPSPEC=14.37; SI2K=2793] + ApelSpecs = [HEPSPEC=14.37; HEPscore23=14.409; SI2K=2793] STARTD_ATTRS = $(STARTD_ATTRS) ApelSpecs ``` -- A _relative_ performance spec value can be assigned to the `StartD`, as a - factor to the average spec value assigned to the CE. HTCondor-CE APEL - accounting directly weights resource usage by the relative StartD spec factor. +- A _relative_ spec value, as a factor to the average spec value on to the CE. + HTCondor-CE APEL accounting then weights resource usage by the relative spec factor. In the `StartD` configuration, define `ApelScaling` as a number; values above - 1 means the performance is above average. Also add `ApelScaling` to the - attributes of the `StartD`. + 1 mean the performance is above average. Also add `ApelScaling` to the + classad attributes of the `StartD`. ```ini # The relative performance per core on this StartD From 5192530c1e48e8dba4f889451bf84e549c41a342 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 5 Sep 2023 10:04:29 +0200 Subject: [PATCH 16/19] Bump actions/checkout from 3 to 4 (#609) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4.
Release notes

Sourced from actions/checkout's releases.

v4.0.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v4.0.0

v3.6.0

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3.5.3...v3.6.0

v3.5.3

What's Changed

New Contributors

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.5.3

v3.5.2

What's Changed

Full Changelog: https://github.com/actions/checkout/compare/v3.5.1...v3.5.2

v3.5.1

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from actions/checkout's changelog.

Changelog

v4.0.0

v3.6.0

v3.5.3

v3.5.2

v3.5.1

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.2

v3.0.1

... (truncated)

Commits

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=3&new-version=4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/build_pr_preview.yml | 2 +- .github/workflows/check-links.yml | 2 +- .github/workflows/delete_pr_preview.yml | 2 +- .github/workflows/deploy.yml | 2 +- .github/workflows/lint.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4d319b6b04..8fbb7f7501 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -10,7 +10,7 @@ jobs: name: Build with Hugo runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # Fetch the Docsy theme submodules: recursive diff --git a/.github/workflows/build_pr_preview.yml b/.github/workflows/build_pr_preview.yml index 554836b0a2..943d63558c 100644 --- a/.github/workflows/build_pr_preview.yml +++ b/.github/workflows/build_pr_preview.yml @@ -18,7 +18,7 @@ jobs: name: Build with Hugo runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # Fetch the Docsy theme submodules: recursive diff --git a/.github/workflows/check-links.yml b/.github/workflows/check-links.yml index 68fd507607..97a6129073 100644 --- a/.github/workflows/check-links.yml +++ b/.github/workflows/check-links.yml @@ -15,7 +15,7 @@ jobs: steps: # Checks out a copy of your repository on the ubuntu-latest machine - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Make sure the actual branch is checked out when running on PR ref: ${{ github.event.pull_request.head.sha }} diff --git a/.github/workflows/delete_pr_preview.yml b/.github/workflows/delete_pr_preview.yml index c817b9fc42..56459927ee 100644 --- a/.github/workflows/delete_pr_preview.yml +++ b/.github/workflows/delete_pr_preview.yml @@ -17,7 +17,7 @@ jobs: name: Build with Hugo runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: ref: "pr_previews" diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index c32921f7d1..87872a93c7 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -17,7 +17,7 @@ jobs: if: ${{ github.repository == 'EGI-Federation/documentation' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: # Fetch the Docsy theme submodules: recursive diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 72b4790546..e8167858e9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -12,7 +12,7 @@ jobs: steps: # Checks out a copy of your repository on the ubuntu-latest machine - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: # Make sure the actual branch is checked out when running on PR ref: ${{ github.event.pull_request.head.sha }} From 884381ef9000a979493d5eb86a6cf295a8629891 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Sep 2023 10:10:22 +0200 Subject: [PATCH 17/19] Bump tibdex/github-app-token from 1 to 2 (#610) Bumps [tibdex/github-app-token](https://github.com/tibdex/github-app-token) from 1 to 2.
Release notes

Sourced from tibdex/github-app-token's releases.

v2.0.0

  • BREAKING: replaces the installation_id and repository inputs with installation_retrieval_mode and installation_retrieval_payload to also support organization and user installation.
  • switches to node20.
  • adds a repositories input to scope the created token to a subset of repositories.
  • revokes the created token at the end of the job with a post script.

v1.9.0

No release notes provided.

v1.8.2

No release notes provided.

v1.8.1

No release notes provided.

v1.8.0

No release notes provided.

v1.7.0

No release notes provided.

v1.6.0

No release notes provided.

v1.5.2

No release notes provided.

v1.5.1

No release notes provided.

v1.5.0

No release notes provided.

v1.4.0

No release notes provided.

v1.3.0

No release notes provided.

v1.2.0

No release notes provided.

v1.1.1

No release notes provided.

v1.1.0

No release notes provided.

v1.0.2

No release notes provided.

Commits
  • 0914d50 release v2.0.0
  • 9571738 Add support for organization and user installation retrieval and repository s...
  • See full diff in compare view

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=tibdex/github-app-token&package-manager=github_actions&previous-version=1&new-version=2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 87872a93c7..e3c47c54ca 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -56,7 +56,7 @@ jobs: run: hugo --minify - name: Generate token for pushing content - uses: tibdex/github-app-token@v1 + uses: tibdex/github-app-token@v2 id: generate-token with: app_id: ${{ secrets.APP_ID }} From e749a5fd0c5fc51fc843d444ecd8856c084a39f1 Mon Sep 17 00:00:00 2001 From: Nicolas Liampotis Date: Thu, 12 Oct 2023 10:19:11 +0300 Subject: [PATCH 18/19] Check in docs/update providers (#614) # Summary * Update integration guide for SAML Service Providers * Update logout documentation for OIDC clients --- content/en/providers/check-in/sp/_index.md | 131 +++++++++++------- ...xamples-keycloak-saml-idp-saml-setting.png | Bin 63603 -> 146578 bytes 2 files changed, 79 insertions(+), 52 deletions(-) diff --git a/content/en/providers/check-in/sp/_index.md b/content/en/providers/check-in/sp/_index.md index 31696f8cf3..13355d22d3 100644 --- a/content/en/providers/check-in/sp/_index.md +++ b/content/en/providers/check-in/sp/_index.md @@ -149,7 +149,7 @@ more information can be found in the protocol-specific sections that follow. | Protocol | Production environment | | -------------- | --------------------------------------------------------------------- | -| SAML | | +| SAML | | | OpenID Connect | | {{< /tabx >}} @@ -158,7 +158,7 @@ more information can be found in the protocol-specific sections that follow. | Protocol | Demo environment | | -------------- | -------------------------------------------------------------------------- | -| SAML | | +| SAML | | | OpenID Connect | | {{< /tabx >}} @@ -167,7 +167,7 @@ more information can be found in the protocol-specific sections that follow. | Protocol | Development environment | | -------------- | ------------------------------------------------------------------------- | -| SAML | | +| SAML | | | OpenID Connect | | {{< /tabx >}} @@ -202,13 +202,16 @@ certificate, i.e. issued by a trusted certificate authority. You can get the metadata of the EGI Check-in IdP Proxy on a dedicated URL that depends on the integration environment being used: + + {{< tabpanex >}} {{< tabx header="Production" >}} -| Production environment | -| ------------------------------------------------- | -| | +| Instance | Production environment | +| ------------------------------- | ------------------------------------------------------------------ | +| Keycloak-based EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai.egi.eu/auth/realms/egi`
| +| Legacy EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai.egi.eu/proxy/saml2/idp/metadata.php`
| {{< /tabx >}} @@ -216,8 +219,8 @@ depends on the integration environment being used: | Instance | Demo environment | | ------------------------------- | ------------------------------------------------------------------ | -| Legacy EGI Check-in IdP | | -| Keycloak-based EGI Check-in IdP | | +| Keycloak-based EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai-demo.egi.eu/auth/realms/egi`
| +| Legacy EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai-demo.egi.eu/proxy/saml2/idp/metadata.php`
| {{< /tabx >}} @@ -225,18 +228,20 @@ depends on the integration environment being used: | Instance | Development environment | | ------------------------------- | ----------------------------------------------------------------- | -| Legacy EGI Check-in IdP | | -| Keycloak-based EGI Check-in IdP | | +| Keycloak-based EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai-dev.egi.eu/auth/realms/egi`
| +| Legacy EGI Check-in IdP |
  • SAML Metadata URL:
  • SAML entity ID: `https://aai-dev.egi.eu/proxy/saml2/idp/metadata.php`
| {{< /tabx >}} {{< /tabpanex >}} -To register your SAML SP, you must submit a service registration request at -[Federation Registry](https://aai.egi.eu/federation). Your request should -include the general information about your service (see -[General Information](#general-information)) and the SP's metadata and entity -ID. + + +To register your SAML SP, you must submit a service registration request +through the [Federation Registry](https://aai.egi.eu/federation). Your request +should include essential information about your service, as outlined in the +[General Information](#general-information) section, along with your SP's +metadata URL and entity ID. ### Metadata @@ -318,16 +323,28 @@ attributes that are relevant for user authorisation: ### Service Provider Migration to Keycloak The migration guide below applies to SAML Service Providers (SPs) registered in -the **Development** and **Demo** environments of Check-in. +the **Development**, **Demo** and **Production** environments of Check-in. + +**Development and Demo**: Beginning March 9, 2023, SAML SPs using the legacy +Check-in IdP metadata will no longer be supported. -**Development and Demo**: Beginning March 9, 2023, clients using the legacy +**Production**: Beginning December 12, 2023, SAML SPs using the legacy Check-in IdP metadata will no longer be supported. #### How to Migrate your Service to Keycloak -All the SPs that were registered to the legacy EGI Check-in IdP in the **Demo** -environment have been moved to Keycloak, so you do not need to re-register your -Service. +If your SAML SP is not yet registered in the +[Federation Registry](https://aai.egi.eu/federation), you will need to submit +a service registration request. This request should include essential +information about your service, as described in the +[General Information](#general-information) section, in addition to your SAML +SP's metadata URL and entity ID. + +If your SAML SP is already registered, please ensure the accuracy of the +information under the **General** tab, particularly the policy and contact +details, as well as the **Protocol Specific** tab. +Pay special attention to the new **Requested Attributes** section, which +allows you to manage the user attributes available through Check-in. {{% alert title="Important" color="warning" %}} If your SAML SP relies on experimental features of Check-in which are only available in the @@ -343,9 +360,9 @@ section. ##### New Attributes -Some attributes will not be supported when moving your SP to the Keycloak-based -EGI Check-in IdP. These attributes will be replaced by new ones, as described in -the table below: +When migrating your SP to the Keycloak-based EGI Check-in IdP, please be aware +that some attributes will no longer be supported. These deprecated attributes +will be replaced by new ones, as detailed in the table below: | Deprecated Attributes | New Attributes | | ---------------------------- | ----------------------------- | @@ -354,23 +371,29 @@ the table below: | `eduPersonUniqueId` | `voPersonID` | {{% alert title="Note" color="info" %}} The values of the deprecated attributes -will remain the same. Only the name of the attributes is changed.{{% /alert %}} +will remain unchanged; only the attribute names will be different.{{% /alert %}} -You need to update the SP configuration to map the values the new attribute -names. +Ensure that you update the attribute mapping in your SP configuration to align +with the new attribute names. ##### NameID -NameID formats control how the users at IdPs are mapped to users at SPs during -single sign-on. The SPs need to advertise in their metadata which of the -following formats they support, otherwise Keycloak will assign the unspecified -(`urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`) NameID to the SP. +Use of `` elements is intended for the Single Logout profile and +is not suitable for long-term identification of users. +For user identification, you should use the `voPersonID` SAML attribute, as +detailed in the [User attributes](#user-attributes) section. +Your SAML SP should explicitly specify in its metadata the NameID formats it +supports from the following options: -- Transient (`urn:oasis:names:tc:SAML:2.0:nameid-format:transient`) - Persistent (`urn:oasis:names:tc:SAML:2.0:nameid-format:persistent`) +- Transient (`urn:oasis:names:tc:SAML:2.0:nameid-format:transient`) - Email address (`urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`) - Unspecified (`urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`) +Otherwise, Keycloak will assign the unspecified +(`urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified`) NameID format to +your SP. + ### References - [Keycloak Service Provider Documentation](https://www.keycloak.org/docs/latest/server_admin/#saml-v2-0-identity-providers) @@ -399,7 +422,7 @@ the steps below in order to register EGI Check-in as an Identity Provider: Scroll down, and complete the rest options: - - SAML entity descriptor: `https://aai.egi.eu/proxy/saml2/idp/metadata.php` + - SAML entity descriptor: `https://aai.egi.eu/auth/realms/egi/protocol/saml/descriptor` ![Add SAML IdP](saml-examples-keycloak-add-saml-idp-2.png) @@ -411,10 +434,15 @@ the steps below in order to register EGI Check-in as an Identity Provider: - Principal type: `Attribute [Name]` - Principal attribute: `urn:oid:1.3.6.1.4.1.25178.4.1.6` - HTTP-POST binding response: `On` - - Want AuthnRequests signed: `On` + - HTTP-POST binding for AuthnRequest: `Off` + - HTTP-POST binding logout: `Off` + - Want AuthnRequests signed: `Off` + - Want Assertions signed: `Off` + - Want Assertions encrypted: `On` + - Validate Signatures: `On` {{% alert title="Note" color="info" %}} `urn:oid:1.3.6.1.4.1.25178.4.1.6` is - the OID presentation of voPersonID attribute.{{% /alert %}} + the OID presentation of the `voPersonID` attribute.{{% /alert %}} ![SAML Settings](saml-examples-keycloak-saml-idp-saml-setting.png) @@ -1265,24 +1293,21 @@ Example response: #### Logout Endpoint -The OpenID Connect protocol supports global logout (like the Single Logout in -SAML). EGI Check-in OpenID Provider supports the -[OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html) -specification where the logout starts by redirecting the user to a specific -endpoint at the OpenID Provider. - -This endpoint is normally obtained via the `end_session_endpoint` element of the -OP's Configuration page and the parameters that are used in the logout request -at the Logout Endpoint are defined below: - -- `id_token_hint`: ID Token previously issued by the OP to the Relying Party - passed to the Logout Endpoint as a hint about the end user's current - authenticated session with the Client. This is used as an indication of the - identity of the end user that the RP is requesting be logged out by the OP. -- `client_id`: OAuth 2.0 Client Identifier valid at the Authorization Server. - This parameter is needed to specify the Client Identifier when - `post_logout_redirect_uri` is used but `id_token_hint` is not. Using this - parameter, a confirmation dialog will be presented to the end user. +The EGI Check-in OpenID Provider supports user logout based on the +[OpenID Connect RP-Initiated Logout](https://openid.net/specs/openid-connect-rpinitiated-1_0.html). + +The Logout Endpoint is normally obtained via the `end_session_endpoint` element +of Check-in's Provider Configuration (see [Endpoints](#endpoints) table). +Parameters used in the logout request are detailed below: + +- `id_token_hint`: The ID Token previously issued by Check-in to your Relying + Party (RP) and provided to the Logout Endpoint as a hint regarding the end + user's current authenticated session with the client. It indicates the + identity of the end user that the RP is requesting Check-in to log out. + If the `id_token_hint` parameter is omitted, the user may be prompted to + confirm the logout. +- `client_id`: This parameter is used to specify the Client Identifier when + `post_logout_redirect_uri` is specified but `id_token_hint` is not. - `post_logout_redirect_uri`: URI to which the RP is requesting that the end user's browser be redirected after a logout has been performed. This URI should use the HTTPS scheme and the value must have been previously registered @@ -1291,6 +1316,8 @@ at the Logout Endpoint are defined below: to include either the `client_id` or `id_token_hint` parameter in case the `post_logout_redirect_uri` is included. +You can use either HTTP GET or HTTP POST to send the logout request to the Logout Endpoint. + ##### Example Request ```http diff --git a/content/en/providers/check-in/sp/saml-examples-keycloak-saml-idp-saml-setting.png b/content/en/providers/check-in/sp/saml-examples-keycloak-saml-idp-saml-setting.png index 6b034f5d421452abb2ce49539b64df25a1d75c9b..200fad2f203f431ed7dc6e1768d2c6728d94ac5f 100644 GIT binary patch literal 146578 zcmeFZcQ~9|_dl#nM2#e*Xpx8>B%;J%5G{x{TJ%VWIta$-qJ)HK(W3X>JEOM{qKq0{ zv|%tr@7~*a&Uv15PEOAC`}@7VTx0IG?!ETfYp=b^XM3-#C__d}O^kzsLniw~5{iR! zfd>bNVC>=r;L3jg895FPajuz!gtDxJ1cS1z^(!+=V;r0(?<1lJ)l`?Syg73jka#Tr z&i*l(REQ!D+wC$O;{GP-CwM+r9y73h3vHv)C1JnwTtbtLxBwJVe#ifYB=ZOIzGmGLZ+H}b=+t*r-Ii5@~YncO&HuDmNRxA7S~NZ!!6I6`F?%d9b6 zhB%j5aoCmd$HZ>kz_)u&w(9xNhETup5`mX81t=1i{s|7-6EsJoc@gfsCteZV>IJ45 zoJXYWjYKxYgWg*+#8u>0-VS{rdT;u^OZuLdH*h~lQ22OvP=KJ`_6!moq$R$eLOA9@ zAh9N8N=p1Ti91h-^L_argOqQp;n8`qCmST$^-(P`58{gWI49p;;@rL|-E{X8u|<>g zhVUn%(&rwJDD{ckTg+_u<4COE27I^Of22!j;A!2WXLIS8m|hAuoYvpBUn)BF6DvPE z1y!KGgsifK%0bp0HNl(IY1Dafxdt zt@L#-)hy|6Up%Do{eWuyWEgj!_UT<_`ck|wKelGtwzxLk7JI|P2e*oz-6QL21V48x zR{18m%D#GS6=KP`%Ts|r?nl@5-NyXU!#ENyiuN|+nN1s)*X^&PY~rijCuC}A^$D#5 z_dd(aN$u0RUalwhxIF#-R%7s0N+MqZmd6a9N*#AB8EJ3xUcpiv63t06-SJ*}Ov=Q3 zMSvpUJzuLuD@!ZF*4Eb9Hpn($-p6)j!GA%qb24Nl;z$z89R2ZI8q-}iGmhmO%RI}s zm+7LP^53ZmOZ{?lK7U?rQ+@N{ri_z+?OS1)1nvgKdbN7Rdezf%Jn<%F&-9|Fw{?=A zd@pOJduu4=l@fYKCp5Q8qgd@n+$?^Z3X}iG2xt=2zyDe~dwQ&#cjqHxMq_T{dfS3c z!-d>VH%dyW#O90*RvI=L))CedwR;ib3(8lsL4#KZ`7!VOOZ@ZYsygK&pb;eOBD|E{ z?>;9p4OE~MQP=@UFDj-bhVfIWlVW#VkKoH3>Ktqi-jM5%_7K-luem)Rclq6NI`bWK zr6Ck10~0W)nYFIjkO9dPAF>&qF`KuD>vv2evWPLiU{TO7oHv>yn3JBrkjgYXmJ3(6 zcov(nRuG?6Cx4W(8$vGCt}c^RDv$oyBabAGmr}~OJ`lUih>StjBcYQLNEmX?nY8YH z9c`ULe!4;3GB3Dlc-@fpV4jb43dCh%5a?djF0@(SypnqKX`dR*%Eiq7tV z9Ua<#F|ya~xgw8Av`LI+?4EYtJ-mCi_b{CLy$?TK7qM=yjdYs6w{|a#Gx!;#0$Q zdrEweh;G4Wj=0%6(Omoe-Ro@|U9{uWkFc;hRo?-&%!at`_^`O#I70NpMUur^(bMP@ zbTeFVzJE>*5%^kUX>2ZIn}PfB&1cXCUIR$zy0DgMm2z1Tgo3~p4{-rP_JSZCbb`EC!)mIsoN~QM zqbb*0=P~Q;E{UAS5FckBD-t)_SG3Gz7Q~tt4X)_lgk1Z6Q{@Kgsvx(m!u%TR4y&P> z1TPm@_|SBF=|y2%&GkL*Vx5nb^QX|y{SorkT&f0L zQmiAx>w9eXm!I`Z+Dh8Oh#^eO3vo}h!ta_Z4k_wIkKN|Kihl3XAJ^}Y8TjOwNoF8< zJAIk#rkc@x^9X8rkC5G0$XAiC+;uP4&u+`5N2EmLYh`G~mR=~SEA`NStKX(GRHlvC z@g1tOcxFMK|91Fu0ZcoyfeWE`=A5`gMe~m4BmZ&a%V^b4TkbDgKY!NEpV+B(6Wu>n zj%P_^`QlRa#c9Cv7D|-Z!*blR)MPGj)335m&FA*{mR+&a+8detgUD8tq7Ut73? zd~TT?L?75KsO+SIWE$wN(ye4)EHEvw&&tc|&l}Sq)0EHk3*r`>a&O*}ln8X{PS)0j zHObmQoi`V_A2dveE_mcD^KRL9-)wnkY{F);wUUI)Lxvvu947c?`3Bj!qhqM!X?jo1 zf2OS-RgGLLDFM&9UPQxY8Gi{G_!d~0bIDs9F!}A^TO*~4E)+}S)bSCNigvi!{)&l9agt#1#aQ*5P zr@cdwp1N^8k{U49Z*tweXkJ`NpuuIsaI-}qnCDiYsQwwj*4?x0*?|<3nBGngfrGk= z_ImW=LKEwitq^qZk)vDT>65cLc@HefWm9?rah}F8aqYP9M%H$Rl@*#M^L+$9wSLT_M}M&O4>irvd$UQ+eX$dQWB zC`<{@#--?l?+q(QiPxUKDhHjFo#CZjBb-p*%zO@buaU;jWM3&L;IIS77jZziS8(uw zBV6DY2bUTL^xH8GjvOw{e~+QKtiL~lhlAs1hC}fCGupuS`A-P&0jPif#{cMxLkOH* z0X{xScz-;7fhP(7k7I%{;2w^+s)Vd8@U8mN*4Ws}&eYnzZn`)KxIkp{M9U5b=Ni-b z2Uiw)cLN6pZ_-Tdnf)_`r{I^?FfKzQ>lemcjxd|^_uvRSf`LPrvArRKBh1pu4(up$ z=eH-o!14KI?mG;>Jz{Sma_5OoN$YpJ7!u>!{P>}mR4>u1FC-4NPos*Tlp(Cf29pisq^2d85jqP6A zn%UT!Sz9rjzt`}EHQZk0&Ykmy{`>PEK8+pC{@0R~-S6E3I>>!~hx-B7eeQoEvp0M7 z3$pV&{~`OWU;k-N`21yHbvt8Q32PY4*vcOAKZy(f*3w^Y{*TZ95GtEF8e2Y-Gy^E@ zfIdMU@IB)Ho$T+o{*hGcPozA&Jbxzr)2%;|o_7KaHMX<1gr5sh-O9`!0+9XF<-b!s z`yUzP0WUB2gWt*ieEsheDA}3;ax^?=5AsJFf4=tn^TOQc3h*a|_>Z>z zb`?-J2(d8te^nPkJfw}v!@&{5k(CrzbHrVpB#fh!8f*V?g+NM*5_Fg7-3#VVj2FU_ zY^A@Bs`lDo4ssBfWv5pnN=iy!mu^0YzfASujUWSS(#KLcX$leCmiiNJ*O;lPgsRe- zQlW-JSKsJmWxbQN(VO|1E7|IuUbCzh8Q$RF{o;?+8-?XOsVpz;hK8!)x~O zz}#C*{h072?2+}@yT1;c@)n*t+>S0g-TZW{AMamSd2(Bffe}O+ zaQW9`mb3`y&fqa$66jw<6Y}_tm^AT?YmC1hRk3aoHRqD`9Y4jagVOVtDd&QCi73Jb zhB5L_<}QmRQ4=h#4`ovaHQ)ZbCbL3-!J(YyOP2Z<7B*sW0KFmpmnZ(8^oAj%$>eXk z@t0G74WOqeeQIjozl!`X9Vg(~C;c}iK@n4Qu#U+~wEVrNe;S52ViywsrV4*KWz_~| zy_AcY>5cy?(a#(K#^vE(IQyG;{$GrXr}}NNq(Opf?nn7LMbDExzQzmmCc1CE>Yi|3 z;oAw$SSipkzZ=K>3oiaE^rFWkPZNaO>h}Ae3z%)rm#JG%6sNA#cvz1V&q=gSRR5#|hd^OjO(HrAh}*e5SFEt8#Pw9%bOZ z?0&Fty>cN^2kE?n>3J?8*ukhz&2PEHKWRU(|6=MNbQlf=20gwuFHTK&W@u!}hMU}3 zu>R4HIy}0{iQ(xTk>{c#7Sr_a$BT*_K^HF3uPO>IP);`ni7R8gFF{yiJ|`fioUj1% zwify2k(Vm69%?VNToSbp^X{E2Y&g~Ch2{JE)^2ukU;zOrGTA^yA^18=<%dKNX%`RJ8$)v;hTTj9GvswnaDH85lWq-=Jhd(K1c#&8+ zh$l$&)G-mt6agP8&~r1H16|jh(XOGm<^(wxB-F#HTXp}b%Eu}R z&uckXmD^Qs3fiV!O0p~;(g5X%*zt*;?xzYJZ?v5Fx*hFyvxOvAL_Kbw$wDPYk-V^9 z?jNOd8T<}0R#2i+N-G?#E`O;X~Sl9mWz4Ro5#0ZcL^4c_@3fQ6+a=XL&QeL^`ib4#W_<5Yu zV)SWE5*Ys`waDv9_=qvwc_32>5vAu4-2lmUcxD`-4$aTm>GIgCnHChu`*8E2ub8jl z#)qFQ1{0$)?0stl+U3hfCbnC|(#IYL(sgn-gLcyYn%>ytjAJ7uwhVMPF`HkVZL1E-sPbidP`9&@uNM*Z z>4!r@9U9ZkaeAprxzGl>$heYQ(LwkA#l<-~HU~vr)gvHj0p{IkMv> zB_1Ds_-W-1IA_-TlBmNi*X`nS1E_5pItPAuj9f-Xj$oPpSvKlw*uuZe2+rd*u(p12Lc^9P?WNGzwWD(c|JKX~ao z4v1|coK4kLrUu(sx0DiK3IB|?nnVhU4M<D`SYy)pp%mN}61!IWWcE?Cq-Q{O4wx>i5eRPs~5vX;t* zL>QY%X*{@}&ma&yQG-~=HeBV^Dz9&^CtB1+J-M8&>TeZ>If6C&5Y^KWW7+fj$%R&D z9HyL15VP-DG(NRDA8al_)FZr@07Kw$gQ3E%uhdIONn|Jd(q_Wz&o|wN1krJG4HgZD z7>+ajCi+0iV%ugSmMZs?!%-bkqH0ScOL26(!`PRd)zN`oxQe=`Pe}<6;$R`F#<0cr z;7cFXS4W^Bb^_mix--99?lv*^UHg*6>&epx`r{tQS|PK~p3*umB`bZm?g5dgOD}Zahwe+|xGMF2|ceG9S8{(O-Ad zj~ITs>FF^*r|2H>sLG&63_R8d{uqUv}Y-;Kkg;wQigG5c<1>!l5_LNJk$kG<61#)acv?TqEs}DWqzo@TL z41;##r-}Kw5suY!HyoD?NO%%}WWe@I&vTFW-h-}f*M+HVS7tfD>UM^|n|IS~E<_pl zuJ1e^e^$J%T&HRCgzgZvg|dZDtt3~NVT0krS~3A7+S~E@K_@QQ>h_%_REx*i1kl^_ zMV}iHw~vU(S9>mwrc>a|sP?p1bY3dBP<|$Qb`ZQao5-RVw0M5q zzT%c)bd|HPZZ~E?LOjoHPw%GK5dY!n$OOY~?5m??7xhb^+QDlet)F95DHQ#hU z;4--)IHyj$f>K&}ta}wYOPuav1GwuSO=!RctR^10TEnV$$1Gr58-hz^>O}x&rc_=H8hU}m!5NwV1>ymNx(83Y9pCSi8gM1-!UUPE(@Dc4aZEn);ktXeJanAxi}pU zmou*xzTb7iR->=%eR22>SZxi5VL|kf%zZ;d_2h**;i|9n6_3|pM}U7aI?J)ETfo8J`_ZpB*!Pavd+cB(3Vx z70IcySlR6$1fwN*+RRVTB+X9F`Cmm&9<9wWFNM@XU4QNvj-yvZ=Qh5M})U&38-KL zB@FlHD@R?ox=*G{h6z(?JH4LUM(+;%*r|(C0G51{<6V|`d+1oVH;Uc8=6U$jDm}nC zKH;HLnl?k-F|q5bmXg1(;yAkQaduSloKiA+7?i5n2|3vwDB&omx--G@$%7FoueI%* z#kpHYlO}v`99B8md}9Aqo~t_T-i^`OJ@4c-pOX0J*V<9BBOk}h*Z9L}d^;f?_S%4tH?{SDDpcjyc;&OceLs1b-hT1O zNucbjKQ@URJiiJX?nS0*IiY5&QI^pOeEoBSs!C)lgYTkDRfwt6O;k`$t>`?~%dlJG|hM=Ej#T+4dJ3F+q1w~C!@-8B4JIcVUf*4!thP?^!W z@tL0EOQO`+SH1exZUNW2o7Ym0q*q7} zzoqBzlugaCjD}v!HmZrAezY0fueMy(6zs1gljdB?Cbv#$50o$tcJ}%T^n@~bmH11Z zPG6!HR3CkT&N1O|z&ck5ifjuMuHTPfc(da5JVQYHWgy?gZ9m#sujgq7d;4?2N4&D9 z3b<#ey<)1s=Du1McIW(QQjTnCBh$KmNi#|riZ>gK=(2ow1Fy!&Gpl}n{v4^oRH^0i z?Yay~FLr8FD(Z&DHl4%Hkfz_3AgJk;sI%ls1oSB*f1at)Qwrf9*4~ZCTTK}#H)_rd zp?lj$8R449&*t3!u*xZm+Lv+P342#D1c4WyJ23GEa#SgP;03Q5J2&(*-k~p{GW5|) z`8`e64JX5yCq>(;?`b|?qj%kCf`G#NJ-?De38Ylzv*t3?@?9Ik%>p>@RnP1;5wNsuo309Fk>PVy%;5LX|#WoKkxzw_~&b_%@|ckO(|)sav|W zj>SShTCc()dQS?<*xAh+pjuig?fKx7K~&}-yGEIUjZAG__p;M)9+l^Newg-A(0p1v zpXO&{kD5-A&2MwqfnJR?o|S0haYGzc%(-HNrNqgIe~OqG7(6Y#Z^8xN-S$)8QG!S179iQzZbz&@vIm|b zYA}jJYIgEzxoV8umZIGaNkYzRToa}&k+yw0Dl7>g;lbC1Ew{OMq|O^DJClx-J}KA$U2n`gjV*W9cd0=TIJ5LR zo)TYmHJmwDkNCn;ungjEm)6xA9vEy(df(RoYcrl4Ybze+rvFlGf}G+z;{ z#L4Q)SC zkpp_;OEpZ>3=*|HYU=~tL}BKMmXW!W#IKfUsYnO2-sNyzyElwb%voxvZ&xd!OOKR~ zP4y&Q%fx8{LVV15?0+_yec6HdwAGvJ$IGvu9x#%UTIh7Eq+EW@U+Bjy-zKV5swk`^PS<>RS+2Mle=b4gddg7u*T<2GsftO3jYjqmQoV=oaaV-C(e zOz)D{IHdygf#|5QiI%~A`)y=)m@?yCHT#h&X=B&TFD&l7zS3`5^@0M^`uGompndhx z{$7;CMp?o;gQ`V95c!gSTv_D7rz^n^5rPpi>r6Q$FjX(ybn$ah)?u zaq>D9v}sPSM0NZNYwdFLW&E2MBlWQ?GXAVbPF4N#aAGe3i@ec}@>5Ru(>&^iLik{g zqTCOnZ+EB7wRo9yq4HGQ%9#~-n&tW5^iItyrSCI=Tu7W04--`SB&DW7&S@OGbfH$U zx+87)H^&UFhUyflvf=Zk+*4Vq#j*Egb`@UReb4!qrk=JAT$mH}y!R7^xMpsP-b@ z=lNU_0Lg9PPfTfSTY8Xqq?f4}n{cB;`Av(o@nE5*=xdra3nsQ3FIF52ZsMlDCt(iT zBLuwSu7L}zUSA4MvPjdpYi7Ji%rlxI9_2tWT3Xh1JFCX~af8dZ3ck+0t!ISY4Un#8 zy%=4PSG^dstbs1)8WIFu{d9EsC2?6CumWQvb*yCb48#pdUYHui^}EALzA&HKCB4aa zU)nkek`;a)^OhQvlCnPXbUO7=tf==%|08YfwS&j}5lE+QT;gTbQzqnud7K}q> zq|8#>Z;)+zS2~zp#MbU_5ACjJ)3PMx1rvo!#c6g@k(%apBJZ#Z)Y zVpBBL0zw(AaMYu0BOWH1yHqpi?*#_(8ReBAr(xFWCT~K*t(LF0F&3H6{H3#&U1Ztz zw&^0+J6?!CSNKM!@IEu?aTJ%HSHl6>F**a>lWT|Wffy%9&rpRK!{db7|CF`;Pp;Ur znTYk%gBPtAr@1M+XH=>fDNPi1{7bd?MsoBVM%!-b#_#k0$SIf3*5JKarJxP#8W33t zGL%;^8fTLVNVkU0q{)UcyGNv#_tQ*DP1Ly{5;c~Syvc0=*S~O0KN~F_NPTdE?v9P( zksA8Ze(M%}3$xrX9{f~VNUp4gR^n|yQq5h9CODJLAAl&6k`G^XY4ia?YUl zU;V~6VrIlkuQXP!vQq)M?qZI7L2%xLO$(V~c4WA>LD&b5Pc}gM_fWQ>lY?bYJ+cYcZ@buX!B2%`XDyh$flGQfr5F~$0XMKO*~nJSJewE5cvpLX}SV4lqn>x24`{*2kE|UqoU#;1=RTDE*3?F zY|)`ZQNK-jBelI>5s!f;RJwLSM0V}xJ}X_MpPMW(me)HI!oF^&b*maT@8WcgkYh?G zYM5Kt;;y$3hU}(I%dGH|fEm=Ur&keJezcxkPFS0tB$hN^noJV+cBK|@%b_wMp=zE0#S8N4ZS~_rbF>+ zhJOBptHT28RQ#KT)@vVprNs(_1` z;R)WQqE$f~l(9}94Je7~8S?tro^f8Zs?d`#bBpar>{Oz#lkFqoxf$DQ6!6=%%ScUj}RMcEf3mA?2fG;dpfnvFVJrGvrO zt#Z_^f2YWp`16GO(b{gsL@Di%L*NF~X)aLUc+bCnnom?I=kiSlk=1J5^d_3>>@@9l z%?oFebmdR8Pk7JzfCziBu-I*ivb7J90(lwJ^_IbxX!GYx{KY(qXG~8fRU&;JcoZti z25{Wd0czL8U6_8nbQ6^Br5H+ncNY7ct-%fgg_!*QN^1j;$})Y6YH(xTL)9)Q75o~P zPQ}-9%Tb<}*fTY_kv8PzXHtX8pv&v`2k%ZsmPp|e!3&tWwUWyo@>lw~g%4V#XQ;I6 zR!G@7n5Ni)0xao+E%&-#)nq0*O_8~*tl7r$oA%wWs&Q?bT-!o(laAHaP8^EtEn&%p z<{NFh998-70x?l6Ac0r`q8?K!j?f1`w62~*QdEh_73Yq#1KSuluMOH+g~F%lx6=7pQBMarS_;*d8Ow(mhPAoo(CJ3FD&9 zbqL}1O{rGOP>5aBE;GG+q5WaG1>j#pOqo26u-#>sR#t*=&R`md0w$BcrXU8@J##Q< zo$>-NDoibgu^|4|q+D|vI<9csMP-O_2sV-=r<(Q{fu zYX(5zPP}^r9fGC1|K#2%nPc?Ep?3ry{O{K02AFA9QU9>GD(;l3uv zKJTqCgJxEkvgPk-otVb8zWVr;zGR?uGr(K`&mBahjYy6QGXEUi{Z=7X&H<1Mayy+Y zaeK{gN!%a@OF4ka>R2xLj)YPsZHW7e)EucE9-tFX?1ZD-^aKrh@I7BpegYyE8Xlu3 z)fr}|!Iu5li1BQKsSk8Q!g9`K>#J9)5W32DVBMP_G6~dj6Lz21tX0G&3Z+$Cz%#d~8PKQHxT8Fe$0+^5rk&o! zvRWhPmS}>Qv|uQe^#yX;B`oj~AHI8k2Y3LEnVbwz#ii1<=)Ux0vx{3(yjxwz_-J=+ za;C}K4%`8xu;T`HErE%c&XLr(WE`azc`;;Ve*S&LVAETmw5Jd!YPwcFQs8aU#r9Ki z1_$p8Aia-z&-~9l80F`l-TdQUm&L#6KL-|XgtPL`A%`dQT9#%fOK7$==8Is{{Sxd>i`{pZE#E5?{EIq|4zkZ&zoBA>izO- zev~JGKKdUW_JM!hl${_GsjUIQ>d6C-}Z{~*TSyRHnNR(RwNH|;k6 zkj4L4{o{zT62K$P)d-`Y4N6$@Wq?Mkm^ki}af=o5VEA68(Zj#XhM1#Bp|Zegy>6G) zGF=>&8xCU19zJk^%W3Nxjvh*|s6G4qKZK5FGx5gstG7F8{C|Co=NO}ydG?rHzA4); zrY|sunOFd%*gTgY%Rek8zk6?DYnK6mxD-%vO8r_O^T7NJpI}1!{2CRMB?63(d2e}2 z`o9P*4j7-0HS=-zf6a3F`IKC%)+nR=-=O{N$n)b>fMwgLxU15?W_kA_MMsv%h=1gr zU!q-H-`_ZoX*DMdx1Cyy7t&M{IRs4TuNlp=9`HP;d;*CFF{fk(Y8u9tu@KDA#&b9>v6e#ds1g2|NKAvml@Gyr=&0i*zC-Qb5ka6)!yy*GC zD-3!Y@8Ue8GO*R)pv>D1nAn~#s6Hhcx9mf@ulRTWWuoH}5OXQ33yg$n=gdU;6aVF< zf3*%t%7FDDW|9^8weew4wgILxh$a2;FBJ9M{IP}uQ~9wh^wO_w>P1Rjz(O_2W>fr? zg}+!&VkW>sDS!MaqM2C4xNUiCZoO|ZfO2&}Gv#W3yOj==Q(%QCB>P9TVD=ChufC^wzT zlM9mn)tW1&0KiJKWZi-S#jfFnu_(RfuIK%x5F=dOJj^KVPR%u5^-^X8aW+)|fcKh> zYqMzZjE#-4=~4Q&B-gp@PY!qN0;%~r4_n<&4@~xediRvu@sD;a;GiS&y=FA|7mn5& z5CBF54jU_by;4wP#b2`zJKbwItLCoXZx+?if$>!Wxv3h?if_&NK>k^4B(yBK=cVn2 zKoU}2^W4#vrh&~<^O}Z~In9;;3C`+7_rou+`h&&yD|T9sU}LW zRA*5S+XsM+lb;^EoB+^{dMm^Eb-4u!&}aecgjf+5hyEPmu8Jw=72+-<5%*)qN&tCK zQvn-4+yOveaP0*7<-zQ*0TTx8`9h0F#+{Uz4ix}4GBE(c^7bD1GXQABh_VFI2=wG& z(zbfc+dHHII8Q`_BDj}KV4^Q^T-zd_YSb(04<-KZya+j8OI-)Q5qg?maoi~vm+%4Qr+b@Sqi()x zzX4(B9cOS6XD53?podm9Yy61$P?=Z4ap0w1(KFY*?|!#5zG=`^pTntyFj=X(zz}id zDOEl{++N0hl;?U4fIqa~b`KkPxa|P|B2>IHCfjOAJn%8j?&5C9 zQ`Y1nkq)9=cHYCTAp`+P$HaNksH{dagG|Dg^tH#)__Qkpi+c$ECE-3GLv38&B8;?} zY4pTmatnjFxJ-vMw}(f;?&Iwi!^0{_z=(oHo0 z7NMDpnwJ%|bjf4i`z(%qNlN_hHplar;G>KCW^V51-G03&OxX>veOAqOzkECxk&`RD z*}-^T+j#9qYx_>r0Zymcu7dss;Eq;=76t_o!&)Zl=! zZ8XzEfq?mHrHY?JfrO0!vU6~zVB>fEs_$|J<^CsLvl5||4+F>i$Eru56vq1+fR?Ze z-3D==0_c-@wFc>cb3`k)nS^`$h|RPZD1Oxx=+z(rXw4ymzciG!BUuISx~`4*@J<6T zHy}@vgI+}dz`SZMJ>;W6MaT8JJ=e@1K-v|pD8zYCT5$O)00=_7Xm=V8d;V|K;EVp;!3`s<^nr`Y?}M710Nl)Ev`NBp z)H;AGJ$;7xHnIz3sS5|nPk}UE9G*bL&G;WZLhC-_q#i}2XGY+4(wd`CCYCsx$BsR8 z-l4Angjn758jug%>DoDZg-*zZ4FBZRik18Uy3HidRFjI=AGfN>U!RALebDs>b6M5? zkZuUT2B{xLs3FjcQ0olX(D&52>?LwNkTQ^(%Y9lyWqA@Tdb&g|dTe80FkSDK%Nvqx z*BwqT;YpZ2@Xi7G%C01vHh1fIcJ1q;>)a9L=E+|%xKx%k@U_|PkRe9=M0)@czT2&g zBMG-()^$s4f1Dr+kGQUUm`=jd*ax4x*s(jr4;L^mVga;aCd0 z#jmdcG|lu0GvO`Qq8cD;uFD${jK>JT+Ukw~W4P9kIdr>#eD|poI(M2Z0;m`CuHVYn zoEE@rYaFJir3#-zhrDmpV3E0(3bJ4kY{Xx)2Eb9FLB4 zeGf83qxTTRvpxPTMT(>$8c%6B)B`1Tz548^;mq!u80tc1oUK1%sQV(dVQMJN0VT-M z-p!URx<^P)PmZx1fMh!gfbIjJTa+!Ma#;5;z#D> zB!S@rdi(5$1-)vNX+<;d`lZ>_m234uxl}Vx5PS8zsQ6Rr>Iz`sUx6(@?_hjJ^meIl zzQ_*XSqrzOp}ZIpTW=7dagVyS@4=2v=1hoxzm=KM2da~voV?=C)D^6Ar9EbYSt|8C zuK1fktpO+8--}9va!C_qEi3#kd4by4$ny&PnB#erMe&=e1U{ChKxM2XCxr){kNN~o zfQ%E@OP;wjk{3+(0Gk}fbrOE^BN>!D&1pg}!xF)!F#^`u>uj9ufc7bK6(ai`OkbcZ zWnN`%iP14(d`5v>eX3th{|J)gS-dT#3Psl-ccL=V3G6ml^;VLl<8>%N9yxp~GTh}y zqyHmsNE0o>5&JfxDJh{z_c}_2>Xz$%@zG3b@T3=r#JfzSOE-2nUw3a30Ux&-7`i1j zZk~9%X@Z(PXQg#6_($OZix6%%TPTM7Y}Nc(aRfLr6%mgvv4+EFtmgo*W#mXQU!gd% znrx7$kl_O}?a1A)(f-o-taK65ex_yO^&=8j6<8Er#V_y6uJFx@Gv3`6DHN0haMEpQ z-R$?eD#;F4;{doM6()eI?=FTN^HdY<0f0N2_nbrJ8B&eABHgE5&rl|^c1~HQYEt%4 zr$AlhQTqV})l&sYYl6O7x)@X8@szWmzNM=t*On`viQkV^Wmcs-NT^)&L9M^-EFaNd z0hWjOr+zO)esZbR9{&a`AJ3v)miv+14rB;d@o&Z)4}iPi0@+aBd8oZ+I@DTi&nO0y zr{eb>Y|45-GE>!Twf%{Ef`w6IqHZEZ%5Efcq_d_20C29-)9p)!gt_JD04O4z3d`(R zVPk)nnI^wU`NCT2S&Lh1xhY6B6Fsh&Z~JfX$!&nTwaKg*`iN;0K@2J_QTGf`%E z=7BiMX!}HnTO635Q(e!V20n;!klZwSrI?i~8Kw&DM_`z>6Y(C(N`*0448Da!SYWCh#?%p+ zSJq|})f*J<=U=9%&d8BhH!+TE0PLAN6gHG>5#BARw&*yD&3)4lVcOo19@)thVz@JZ zl!tPp&QF;M^CCv2Y#Xo>8?kjmp{T%%8e^5#*4(Ae!$vDHeflE{^+(vP)Hfw##aC#| z!U1rcyHOZ>{uRF$nm+|U7YWRbB&9zd16v`M>`ccci-xn46&ryyXL3EICvf@%i%`58 zd+vws2xbC6UE66D({a{G-^BoBmCX13wpm%FP`XgLhbfmCkVmT3V|-5LIVnPZdl`)4ZJMbQsU4l8R`O9J*3 zkmO3jKYV%{JbDDtjw5$vat9KIM)O_*yLE)~Q^9-p+L8TVTGu=30oOVXd}vRY@1;DN zP*^U}JNG$oE0GgEVP+rN@3*~#O6`v?DD`^plfPOr5VQcEPjGTypql|^Cuh~m>S7x3 zDy-pv!`rV)4>9^B|LR0&z8Yj~Z*;msGaf+j_vhr>^~Q{dCl;%v64_T)4ChLE6CaYA zR)h72vOUgGe*DN5Jtkxz_;_cuI0eQ#T0$Sw@hAo&y@hL5*FO(z9m&u&uK)zy-%FHq znNXuFAN*pc4-q?-%Iktk`I4_rN$~y}h&?jE-p=jYO01hV9%1vF$d@k7a$8c zkIK7rEs+XDcvgTD>T#^&7M#uzquOkFzW1mhyC9YpUNA2>0cC$z5^|C4K3hh*RTmwN!`dZU-p*tI&hNfy4c~89RaakBvv(_~ z-IOzEOFZ4qv~390&YBiF8O9tPojaMTN$iJ0InzuakUC{;|GHTP@LzX4j^}Q<+kvP@ zbgb(v5&44-{3TE9{IixCxOuJLyQ8V{P$p`r;Ux+vjqJ}wKW!^wVo>JwB-N5xr&l+L z^iSX%slcO@GcA#ZpRrC?gXLFmU_w;dk^Uf_lrtd!1F-R1i z<6j5Ca!$CQ%Rsf$M4ApwEql2aRR{yl&}P9RyBpK$7&XnzRe@>OIm!^#H-plbOt*a& zjr&aQ93H5O_|Z9hO1!7-(T)t$J=oc)?nlJpRby6%=G$WscVZjUr7u3Cknq%3$jR%i z02fmAl~xmWCYEnqbv6J11E($=v2(3^N_+a^&p@I>?+b`psBn}~(+Y!(+2kZX=6VAe z3X{M#vpMwiJL_DW@cM=wH)x0A!P4t(!9GMu!MH3-{CxOs(KG*onr;^O_qW$0Eg}Ou z`qn>z8dGRkMIs>&cZII$MfF;^p;v^ocQBo!z@t;#mJ$WFjv$6gu&AiW-RfMYFuCiwoA!8951vCP>Kb3NJm&kjJT z7>a-gz_3sU)hd@pR50nM2!4TU=7EG}$C>Ih(FtA@=Yd0Y&jx_pZVmog^d%3jY24s` z(kyhS9)-soc}qdDETwmE7xz20x~6O8?M=M1QHf zGT<8MV1@-bTB>O^og!6gbF@^C0=JMkswj%Z4-(sJ%XT6P8y|05xq_A{zpDD>dEG>w z?uwKEk;6f_>JJ=Gur0bbab5IC!jGI2p^5Zj<;Tb~y3qq$b&A4gAM~GHJghZ3Fm_`df(P)XwsjVG{|c zg|f>3T6%&iYOnI^j!VwEj+^F+fGj%gjdu?>8!Jsd$AAUM#gaD+k0l$t8gVFxYXjoi zrpa(pPLW#9q9pBmS7PZe-OtvMmU6OPqpK%{&YOw!mu_2f5vw=%K3(M9TsYaAMo>Ft zG1NhF55InHxRjGyM@#s(T%RYBLAj7w@iF7&@L|bI3Q0MNl5l1nzoIdFAjQDUuYhP} z@2$i7R{RHIjUhJ!F@|f)#d}~rmAo)}x2>PbxmpMQ3Xdwse$&K|(wHU19gh+`$a4?u zQ0|l3Vcqe8`?9m9gmY=wBkKAKm$-D`4(yzfSVaw*yeybQWj<%uqF@wK$bM-iIDd{K zDJ3O{r>@d3((JK%o#y=x|DK@=R2o)RimnQIL9RPl5U+%D6#Pmj5m2E6_D?UwN!|D% zN2?D#$T7TSiZ*%!o%Wp>7S>W32kCIbD2~dOJieN~< zFk7Kw-_tg%(Fp4m5YI<{>5w#bS=iHZ7*`jcQace#+)TKG3|$SooQHiEXXT^xLpjZD zk?fS25U(4UiyF$3BTpJgh^<)Tqtbc$ozu72>{XC=4%m}yfwWHMvCF;f*AIs>8w2mD z_dJ>-joKE;4K=h?F@FdO*%nHL8D|WBxJIx%-O!-)^3(FC&AVB2!^xL{@PnYf#qG%p5K?=etb8nUwb`NB{(gD*6Ac~3kw zal2ZRT|RKBES7tFnxiD+r_8L_DIVXIj=uQ(%tUvj2Wx~6cs+Fi$Td08Sl7O`5B12e znFi7l`iVg)&7GtqgQHe)2r?hmd=eBQqlGV*JZx}ANEMYl>?- zwNlv2A9lwt^vy)_w@TcuheL7T!J-vojd{s_Uv*a~VQ(ah$o|ZX&;Gzn@x%I%6cYA# zaeMQv)B$qTA11ufXNMb^lV#!&qI{{QesEJ_0s=kvY%UMS07W6-zS1BG^{;)}BzSmV z^761jOezFlP6Tn+U-{2jl=)#jj>$)qJd$-;L(Gw1!fNZmEveyA z7u*X}NmbMP_Od3Y6p3#0qWW33nvN_QKLk5^hpVG=+?CWEbM)IIH72u9_9S;~?Y}GP z@NTfewfJ)OZJtdq#lBZ-rk^f0^SY;z*khZkOgDW&VhC>HFhn;*PM1ABY8?~4byT%9 z#EfW)ES4<}cFTj`9*;{KMKa)%4MILV|q_2MWefoqz^nmjat&MYoHc? z2N6h5tD#+r7FmQ8q&mr23$qhY3MYFL;>U+jhevup9UwqA=S_2p#}7zJi6v$!5lv)A z7(|sjsP3OF7LgXY)_9t2iQsQ{B_3Tt`3fZ}tb*QzFXA6C27YHR0FCx1-^nRNK-3N%7EG5qM2aQsf2_V7ghQ4XmGkXoR+gNI!u_d^Mq9@{kGjkr!i zuXqY#!PlH&MEkr<8ct#;xzdVj&1I=trk!^T#>?hMQs{*~`KhT#CE2760X++$CI^CU ze6D;Bo2rSvayzU{&ql1OJZ8;j9tGq{sIYXrr)7OfswC&G%o4-InKBq5nuwJ(&>{ja zJf^f<&KoH{lun{vgR+_Gh1Qe*z+ESLq4Xb066xf!q+WNYg<~*ZWtq55ljVotJ|dUg zJuMh<4%_Zs>nc+T^;9pGLyggB=Ijn<6Lzi`!7J$HwhyMd6=s#)RkLrQ@Z`vkb22Le zQXiwACM)b14qaTS39SZXSE^j)^;kFY{biaRdE%>YuPXPYxfHXES~C-?RS+?LcC#{( zQpqN}=L>C=8QQN+z`?D{(l4j5yjEtZp)l#amtQ%65F zB6ZoMDr8y|bshwHf*RS!VF}bq1KeEHG2d%sg~!AaqT%#oc7#k84|raigyuX&2=~^` zOmN9b+v@pq{SpXoCD?l#n(C`c%os181F`RZFy?=Q<3WzWNZw zAQ3|Y>KIkc+r|MO`?>Mgcx|KC#nlUw{NeCoNQF!&R5UEg(|Rs;DwQFaqOoii4=Z&+ zck`Dc!2mlegoBBRJ$Jcc9KfC~npv4z$V1CVDbqvA@2GUhR|q?%Oj2S%SF$q`_Cm+j z>)|M*Vpx9W=G{@S8g|a?eUd&Qe}-w_s+h5;QE4C56U)wED4q*(d4vZ3D_`tz#~gdon|{ zS^zEgNJ&n#YCW&JP5!|ebHM@EPd&$X9g!->uJ*m4cj9$b6r(`K$sSlPocgs)nrxaI zzoI_9T#kPS;6lsWmJ;^s7aBCl@Mc!e#j{ht^nP?rb) zKh(}<$b-n6OFho(wXv6P0NjcS>cSPbjS4P*EPuIA;Whyq(uPGx=93O>XcDGoLs)8-L7CYaG|g%f4W>Cg6o?q6PjeopU&#-w;<`T`=Ex;Ht>IGJ z$IP;oAhJ1)V9VF2p5akJ%typ1(n2qcV0la}s4slw&xI=l+8xqeA%fy_si&wm(Q(=pF&OiJ!EB2c+#e@^GUe-okuINpg>u2r zFtcZV4T+XDYvedm;py%y6rlx)?!D$7L5hcMksJHwiTVL?1Fy;@m-0$`_hMHaWgDH@ z5`(ughd;5c3w496z&O{YAz?0%N;~cBd;0hkgLF*-{+up4XC@kb70KOU6N+@#q1iMM z3sCla_D`2`|<@&Lr%TxQ!>`*yjM~;piJ7uI`PC?og_YCE1W-X$;pDBg| z(xc41FG%mIuAYp3Jn=ZK>#MZ1x64VD5q?xVxmeIa?CCb{ze-fksbasJ3;C+N)W)Fr zZL}C5A{&Mj9Y5!C18s?`U=t}8q16hIKPCvw#a+p0-Y&F}^kovra zJ96y&V0m`GJy8Jw)gu9OAm9Vi&`7b77fO%nQ}#+xDwD zrS+VCpKs};^)`XDmAag1yVWgr;z#$mTTRH zzqFv-iWWg#OXj4r4@Ov-x2HTIA?_hgVlxWemZ5St=S7xkbqDF7%PeRFL3QpR9NMi^ z_X-eA)!fk%K#D!qAJcNYCmNT8Zl66(&B=}sZSgFe zvvq6RDd6FRNoIUrO;}%cfl?O{Q(kB0J+ZNuY^blYR^zZ1eIu5-BSmM=_`kqmqT)ju zNZdcN=m}#4e3r#$D(@jbuIP*IVU{l_VX=bor=P#F2zAPwm?|8+ck9f5-OcXZ+lE+s z3rzU2oorrqWjh|0hjL`Z61fy3wl#g4gS=~#NoFZcf${>>O@*Jl{iu&>v&UkhrhCP9 zsD3>HNP=tm1N=KX$u31$EaY;Ax{YEL&rO{HEg(%rJ@91u9My($I&3df<36dvjK$J` za;8+-9j$n0)WFr=3CP+|W{@jrBGN1lC>tlkJ^1;h+j&L3l1RcaE=Qkb^2!M*m(zHJ zDwnH2l}xF3ca`mk^Bbd!$9mFGC+^0xL62<0a%ob*`DW7e!-47IHS)P$y9RN&6fsMC z73V2|M4V}p!V2YzIQL}}T`Y+Po%!t=~$4hF?@;Fd2 z4HQ=Lwg*)@vP7gVe+GHltsBTtizQZ{I82y7nibulV-4h-T%fYRtQ&@SJ?3#a(ZaF@ zOcM(jgXNMF%9p);avUyykLqnkqk_a-DyO|U0wtzo@xyz{oAt*t9>v~{14|Y8Jfinf zY~_R$^3`e&9g`d7wC)h8cv`K$SE(KL$=|6oUmq$SA;09w5!6=R!(-HYkD<3Z#q#9` zxVkg2^L-SdjcNu*hGnMgHiwH_{_~AAGbPK8@mMFG3eH5fXIg$IuTbqzM2T$zc+FdV z<1pa|DS3NlllKQ#BvLzQKfeKY_?jTzGfHkpGuI1_HA1CIU%0IZZJGw1LDx%%oO?C& zrj^<>N~s8p2Wpp~YNu)Ua@U+TG%(#T+rv}d{bTB(P#>290SnWs<_DJzo$9ym^4JkA z7WQQ=*QWfE8~}Xl61*~sJWe>75+EWRI2J&8H!$K~Gi)rDZo9+-WjdL)0U+d&*DGfd zHLC4u(U`y8Tgeqwt{G1=ApJ!VD<@Ty$~SDKw%@sYKi{?8AFqMVRDq@QJ`a-AXijg1 zQBTYVTTh`eocVH2F~g_;PzfL21~3j~WK}~`iH!Y`#K6Hai1yt8II%IjxHZ-6QNGLX z`ktA5JttyD>yYEV3v52!A4p1KuWjOn6ow^!d3wpcxqwILEJ5A@%@O|_;7I$(LI7iT(B`zY3{pc z?1a)B-v6%PB&i~xPW0jMh{EB?1;EuSQ;5lvr1Fm_Nco_+olQ_4w<`1@I#w4FT7-ax z$e#oR2QhW6;qIJuw1O;|n0DC3gacrLIv@D={8CcP(MrlWJB=buon#r8%L1&gXhS%P-nT^HLw{5_h!Xosdme6{8OC;M9 z?uF-#zxH1+ztrmGf57~TK7V3#e#Kewo1hHSZ`+!G#Lqwf_OsN6T6o=YP-n-!Ly;lg|J^k4=ki z@?RjtJ}~fIF7N0E zj2t|2EB%X1zu(V<#Y2E8j4i;n__eO_*SjaR!tm$g2rG8Kf8;DFxZKf<_CYYnS+Rf$ z;;}5^ai%uS&C!brhLke6$wzI}cBrS)sG2PH*Xy~gsuxVn%5|q)RF~$SsYW_2rC53I zY_7uKJZkqSF=z5uroUHp~RQI^vF4qMHD>9zbldc){@+?r8O!U8tE>S_e7 z+I+V@;!jdlP0^N6r1#cGG3)Wnuw7T!9SKWhF*wd-A6hFjm@;|eBQ6v^2!@Q$sw*wvF^%cqZ&x8PT6k_POu`w z5&b5W%7XExx=xGP;gA(Wn|5VHsxbI2#_2Q~>S6*_t6TC$i;|%xnM6}ZPz#M}-*JL} zY#0!0ydJ`^`}4%Nq=~)saAZ-l**~J&&bl$@zEogMq8&Ue{Xs_{suB zqRksQZ2Z|MdFrMV-%p>u<^PEWdG-;3k=9zb@8@Wyx+S#j4))Kjg$;|w9H&tZ6F6%T zBgGH&_BW+QfDPa=F|nY&;Wnb3Uja(d|Ak zFSO87;@z0C3;fM=bxOZ|fH%QWj0Kynx8z64{9nbnJ74b{)}5{A*3wmuPuZ{b&j9HD zRDStrj7KGqBx&x6<{FcV=j?I+xujYNBqMVRrdnrnT7ZbD&L;wuW;7zv6{mxcPbvai ztU602hTT*C(K^*1&~R#i@JF>2+xBYW0-Z*QfzK?sL`GEEkDAQ0ZI$`tssxR@O!*w& zbVl?tiXtY0?1B>C3ka!Lx6HUum`xg$mD#>OjwOoMuwbEiKQtD)N1E_H%5r;qDI^*O&}t){ZD^^w>jYd&@1S zyG9Ci_%_bkWujKMt9Nc^zWx~gD2T7!qH>GvXq2zstl<*#BYZS-LNW|&pegT83R`nSLJ6Gq`pz9Q316@T$Aa|H>76l0I zqwTgxZ3i@L+Joj`MaOHJT{)s=e~foO#K-94FXQkAj+Bqh0#xx%S`{n@QrdhzSyt+5 zIDUQ8QMKF?OIA?%0aaV*9WJ0YI2^*AlS{>nlV3Tv`$y~E7aU6x1YZv7V0QNifC3Pa z)s1KQb8sS(Hv?4Aa8^@hVt`F|1Oo;%>8*D-#d=FfRl*T#PTxU8&;^2Jfb*me3vSfiYddoRc;j9sm3g z{*T@-#-?{=*sZSIJU@!1(wFrB+1M#}3~pTiDAo0Zvz=1Q?J4JiSzRQG9969V{QLx_ z&&foQw5KyWjUy2n_gi0u8T_;L0ICa`Z=;nKp4N%p@-oGV;&GK8&wk8P<&EZ&1!3W@ zSW8Q>Z`H{~Cs4be&({!7#NJRBytBff`U3=VjZW&)9J5X{tM@bKJ7Z8S>#J%kc~O(H zu8dd*8x^fL(NMQiDffD-`u&1fUU!jsMwsk(qZ{CGOKV!8d7jK6T{9)vbdB!c9BN=B zD$Vy`Gs)(|q2hjz;wb&fnCb;D#ajGx?N)E_aks`xj^_MicfBO2;nnhuZa*j z6x7G6x0$La*$te$TM2Q9% zas|zJ{T2c_2B+=&ZXJVeNX>wL12Q@F>|`IS%{h_dIVU!q_F^Is8``<@7_rx_|8&gN zDzkh!pQNIkcTE>R;=1GcBTT)!>%+BUf`)#8$WesxjmP9mut5NC!dLC}-Xay)tBAE? zp%f~R<mH;ZmZ8z&yyT3noZ^L?-M_h@F=k%|6ayz03!i zCCFv$xF!?N)*}_oIV~0SoKccJy{Q9GBd67j*-rRWQiyv3oj4WhQ$bpU^`y-z|k%wB4AKF#u_Z5dy! z+~X3pJI@lRjMTd1<{=Y~ zNc#BcVo{>)`K`6la=)PkSY!{n>oy3;Z4b7*v;fTCmEKP^@1clRcf0s4>g@N zk2HQ%)oB!K9;6ZqWi{`A&Rr+ZyQJ=MX()WZ)f>BdyYJ}6MFfbXq#R1H$m0kI37qMQ z#T~#BAWG(ZA`=yU2B`K{g2p03wl;p1z&k{x<_AnF)sO)_$DOxGU+>BAEIo5v|3;yR ztoNP(o&obm|9{C3^Vkqvx6u?b{HFd5kWcW|)Q}V^8DG3W$bQiwKEIN%u+3pHllE;= z7d11Qxv|Sc$AX&__cG&)j5>8A>Ge&Eoh0}Ze*ioaOp2@FEXR#v5=fS>>}2&V5RRue z!7X$IIf_G-LYJy>lo4fJ5N)-DM3vlj=Q_5RHLM&XwLQ|$8~y0*E2k!B18`5(#x-Gj zS3(;lhTJ%j`~be(jewPsuW*(!VY@7XgSA+`UMAMCfF*K=@TdI;k3!qR-joA#>d;Kd zp0y&T=${(9sqVG+Y$qcFZY%(0`NN(R@hf;<71v> z+v6Vg(vkwms>Tkyr&agG5fPVV*rA8{FNQ4t2`~JH2s!S7{y?O@8Z5f0N>`XT2>X=v zyP?u9&|BC5ZNC*AocTo1PvPpRXS7*-l}MhgQE6!jpt9C6MWeoZt+N2GF1=PzF-ct& z+Gs4Ju|)AuC59{j4cq^|DS_Lwc#g9Y#<)Zx0~Ak@UE{{?kzD z6T&wE%x_=bJ!AGwd5!qUNRILKi#}#!_de@ow}cgEqc&RK+mBLGI(<;E#Js=Q0^8MR zSxwOE$^4lFT?a=a2S%NhC zt_$~#YGVv&i8jxesJl*|Ss`QP&M4VtxAf^l$Y527#Are7AT0{9YUeb2>cc53#X8nWTu|PbW8Z_}Mt8aP3Q4jF90|=a9A=uGol>mne1(?c( zqr>^Dl5Tq2bJPY*WuRci4p?F5d=g>)ni5@|3%e~Cj)GHwMWnm82NGi_5Wyut&u{wZ z{a7NBz8tp9v^_5mcjIQ|?ymxzP(^-4*EQM>%&BC%;oLIPueEYtwKma-UNU9~jz!~rjV$FxBB%XF710kW>yMe@+W|7hv zL0!p6$8VtPBe}8OxYT@?Rl^8OWyD(qL<%dEOQQS&AF!d81T(=HdRbq03bjf{c`r9@ zp}8vwy0!D05ZVAWDhhVU{2knygjt5(lk9^4URUbNL5o~XCW^%2*#z7Jf2yYAA1y%> zYnk!ptY)Kuc_4CZ9h@thd!o*mr2eUBq8+#={=wzGr zEH@pQ$_o)h=Xgf`Ir)|!1K{o!KazgYOkA_Y1~q?#$jD-wYTTE=xPle@lll3@DVxP! zWWc~>P7rTT46Cg>psKtE`+~=7-9S#y7!@vE1DiqZp@YRxjZ#%15dy=7vGa3< zB|nBnRHJu`l~%)$*dq5bE4%MSx4D)?_`Bb-j=OBUKVGWUF@`}UmIZ-sGJr(ti-2e7NG-j`f~E^(%L}Hxkd{|o?=l>g z+bNU@8S|eAjiWvniZt@A7;7-nr~~?%1?soG0Q-7sx&s`nk9%#LfOkT^Lgo}6;=q-L zWp#RNd^6QJ#H3{f~bcpH^dCe3w&zW=h3!S}m+ zuPA*gy`Q6w#@P*uHTVEzt)-<8fZ7hk!!+d|Ck%bZJ{(v9Ae1+U9*CdNhm~*RO~bh1 zM2P+c)yw#m{z@-oQMtfKBa#E|A2$68)~r@FQ^9#h&k?vvZ$aNIOs~B=e~d}Xs>E)d zlitMg(U+K+`DzggPDIphj9a5D#k#!ToYex*y zjm(G%dKB^2b+LxYP5Cx`7Yi90TNi%xrDzP*U$?8ywOx6e%1ZG2}VM7i^_h78}jzeEfu2zb5-gCoBNh8I)C z+70Jw*j*bx{A^6KP9o16v~S}g+zC@?L84%ZO({wt%X1spL~o=W!qza?g;B_Fzdgaj zY^dLsYW4%z$PYMQ1$&$zlV#alGi<66qJ8V#{mFut1txgWfbq_4R85cIL|^s8yC`7K z{Fz1=&H`YiJM>`1RbQQLY97Z~tB|q<1Yhf+|Gic#Do;~qIp%DMLc5&^r)8(vIL$nYx9gBv+wfiy3q^3T=hf#KG zEKS~&IjYeHYd?I)(iB$2iQg&vWoPw^1W2UNM3o9YLJE9$g&uN=Z*Fxnb`UN&w&WXm zLzcaKA6n&7k|d>vgzX40%pNk$Al(V$6O>S*+D)E7A4rcwmDtNSOuyJfp_?cJNoTd0 zu;1_ZqFmg7TbfOnQj4$z+)iomR#7XtRl|c9btq%$&2)1yc56%1u>E>)uLVln<-S z#`?CWg<0K3IB}S*uf5y}9iNaD=xo03Tly|bGC$CfP2femM;_vCqMch*9PTR0!KBE-EGQwal&jqn!)7vX zWQIA)?ou!|!y}cL(#2t%sHXU+_a8)bSaJJ4X>c+B$7>o7&%=}SShxBL(_FHEu-PXg zCA3brw(BY%HU-WlRI!BtMgcicceW_;pGf%30kO( zss5pplDSXlLD)FrG%z38JFa6B#9-VU$+G%^wJeD ztD>I2`Le-jb`n;M-MV@~bNBE-(IUSvc2!aNE_I2(){MpgakXC`3x2D#uAxEE3;YIdOZi~#rt+c&;sLi~nRge(S_T&+pOXWzaD z$?2iP836r7pVEw$-4+b2a>37pSdhoSt2|Z=};hD zx}c=yPa!1X{haLfI7TgHDe>ToO1J*0VFhX(#QV`e+6t}yf3tocZ*!SDXSZ-^?RI>Jew$$Dw(RmBPSQ`5pY z+@B1_tarYSWlPyrw0^+Rh5!hE3EE~SuzI4G4}G6*v(%;QZa3;n9Sh&xLrIyEl3t2= z|L54SGDBkcd(HE;h~=IbHLz#3j_iXSS^2#;yE4qa*5HL|^f zUVW{&R!Mz!9#Na8Xc_$Sd_ZP<=e4C)SOQKYl zkKD!Rso9lKH@R-Qv#%2|nxoVmAEeFC%&1sqAO#dJ*M}RkY{2+^kityk0OZFl7{nI{ zKz`TK@IoNFlxB;1KqT|6fff4F3yaPf*zFi2d~?#61Z0y(+6o;FbwD15&A6A)u}ZHE z6{hiUku6mLlUdjRPD&oG;FOoTbbl^x-$3XvuAAYC$Kz6FtK55+jQF@z&#hLmq9>NM zya8#+lf7m3x__BL6_>e{o@)!@@+40tp0oN}yZfDTC1M?x2oUKQydXv0JLhi&SEQj6 zx6gNCaWp&Qc|slu5m7I}H-GxU=*ERWYU5oqb?YPCqv}Md4V!mF1%;Dlv^cGu`9WPL zu2ebnF1!<$cR-ct!2ITN&;3{0N%Ffm2hKG86th&}5$e8FF~crb7pJ3n!Ht11(fDce zJ6a2Iw!Mr?PW|#S>eyn!rME65eF4OmPBM$g{q9oLIE7R4wyk1SUk$Vu|lN^WTG0H#wq`4Q|OY}429n`&Y`{&5r*(VY_=L|KfsoB3B zI}mYAo~|TlL5QUz;`t96H5v=^XA`-XTnVmbkea{e913VzCvs*=Js+YzmgTec+gS)o zy^Vr%f-HT)|2YL0)qrw0`QhxSl8A>;pJ-0#jFKn9G_u|^DG|Y&iZI-*)N% z$!9Lf{p^5><#X~!iUcRUaqVsiEH;f~(~%rq=xU&mjASD3G+p|lvD0eZ(e+Vf;{>Ri zv7zX#UI4;vZU7DHtrL=u)aab6NmGxSWyo&HfD|4b2Ko;m=9@vl{Ce9v9ynfBEoHFS z>Vi^{LndrM`A%1_QcK0`wEHsN`gq^x4H6EgR+^IZ^}2)fQIPU;GD!cW`@G$s_sL?uST%8Rc{`Kw;i0N{l2H7kSeC zL1SbsZt{dg+(IIG{gGgKQ% zGUBdi;*XT8Uw` z)*c+*&pChV24T%xg7I$FU#(K@tKThO`&WD`q;o11c;1pD5h-1U1%@<5 zb|%|8i|ml#Sp78fosYRVDkS)CUzP0u)$i@|jWbS9!h6yu?iQ)%rW-+M&}03Qn=w0H z-vQL5vyMXrG~eOiQ<^^uoj3Gau}a$U4HSVK0Q@{sm~<(mFaI0;+vrDGU#cbEkiqUS z&bNtGWs_c>d&FKKSJPd-;1n+-&X=$^pZv|stf4(8O+5&x21uARl3>V3;WGM~LfwU+ z1qLkQtj~`{kKG%E?5_y_Y2@+;LaDP3^!mTY+6sft>`M|k>!%YnLV^^i($6#^A>8XX zuQw7~0ODaX?g)?KcJ0#!RpM&M95pyM}6z?ANw1Cws`9Sd|-ap8m! z=zKYK6oXT;_S>rLYi??jgXSCx48L?+=p#r92XQE=Ux%y{-EVrO7tr3H`3ZO){tDQlIhwtdKztK| z;*bCHvH_T?R6WO@9Diqs}cpU%R%M z&3q~xXN=f>ft?32m8)y-4b>u~JS`vf|vhQvzOSJ_>E zW0;lQ2GD@8^TN*rLL{{aW$%aS7As-1&I9av6>u72=Ou`MqFk zHij&-YZtmO_}8TV^%IuHTYDMmqvMWg(jqmqI@V} zWG?Y_m(P)teQEd>|%l01=-^mz=-3%*#MEz!%g<+%%@z49=YRAp1E*kT-hzNOkH8zj{r+j{}PmIQ`VneZa2gOp7 z*t`?Xi1PD*V;)ypjASOIk{b;KdBBvnPl?=m5W2S-Dg?D%rbHH zCH-&27Z!oMDiISgTnJf)l z>H)s0u_OUNaQ-(1{@YKKQm~sycK0~gLt*@Ded3?t8Rxet**_k07&Uf%KEG%Wh4UZ^f7uh?(~1DCNc&>1Vltx-*;0 z!D^HT%yEziRPoqANA4W3A2)$SZdq?Umj)0(m@*H<;5{M9;6eH;0RQc$w5K3vjF-RyG9sMkFG&(HIC^o-X8ZN!g&q;`1|1`~hW|*NE>PXCt zZM-}2u3I|ldGmDNT4tgp0CUX7=F%>904J#>??wwgqncWH0&Pk^QLWp1c~A$ykU=n(aHmvfI&J0++)+pi=0ktkmfGl&Va&%aZ3n>e(E?Jsd2;{oY;RqfBJo1Rte*31eFDV;z=htC~hf0{U|1 zA+q`%olBr>9a(mkIRxI^qXd+-x?tLS1dMt@gM!?kgSg)HH=O@>?o9_V9&#J5TVcaT-phw>~ zUgmKL0Lz<3^us_$J|j9ojp0cn5WI+TAzHl( z%Tq}N5Tl*~z(?f*uI~9SDq=OC_4tC(t$P2}g%|5O@`nj}q;e%-pnkecIoBoQ5=I@) zOVH09&0{Fh%4V@<{1{MS-nNs@bWsxSys*w0ZgU6U*FrHT%(XgZWN+cyS!MATJ~>p! z)aVCiv|2U88IsZSMoj58czlmw1#|KASb*T@D%Ytj@Q=7Jv1Vy<6ZBYi2A&DKld|`n znL`_%aohvu);j0?DL;E9&=>7z;UZDL@GB(^eDU?7X8Wp6d-S|~66SC!)oX?*y%>qDzMb@_obFRd3E;!tmY1Q9BJNDgJZZ7;BGc& z=mF5sU}(0!>TewYfp8E;=eA{-8838R(%`17sJu=S55FkX*_Z^l7V+`irjJIiA@%2# zGcMf$=|6g4e(mQ#dD@iBkid3<>ak*h<^)go?p(_>^EsKhJYj}v4^Tc8I<`@5Ch7T@ zoJQYY<-r=;K+gU)%4O%P%OWDWrk_+qxID{~7olT|=g!q$qhCcNR;G?^SuGcNr#!SV zNnZe1ivi34QtGat zaDlFoR3gL~$dv)4C_pb+f>q^oU{_T*ap$Kn!xoUNlwc#)3mC`p z*S<6b)`wt>GpB93=@@T&N1=-mY63`S1?UNMlqnXV()FaPA)!9w25X8w=smv4XeUrp z$E&cKsjKc@NFos_gXz;d0NK|nY6MzL|EkTB?y2GkKj(QLim%H+hO!jE5k7QG%JB>K zdG7bHL%~sRVZT27hM8Fp9|37?ygevn{SEjWJBnR8r^uVh4YK?_ec3@A2sG`Zl#VLC zm;d6nSSZQzRav_SvNs-4Wqzn;<}>yD*`fj7`1!~|g&)s6k3Q_oWXRb!#)eoNZ%=EH zEPzLRb4}iQU8&tKRR@IhGotOOe>Tr~pUDRO@7vxV&Ca*{V#tc0fwdPm#Kb?D`ynj< zpDJ@i*IyAiuwPtpH*wIX>W9HmQ?afC@5gk5_lrQyHYjCw^ z@5d*k+Hl9UiR+t2^PsOeIARf>UsO#`hH3t24N@Cdc7|Y9DayV)eS1)=F>IsUWtK*g z?rWrHLQZgV16~q#$H*x2#v7R5Hxt?r*W-&BdRo(4w`Y4|1JWFdyLu=4>hw7>iM+Zg zrgWc{?hrNvL?jLBm?m0(MNtMI039MrW~^4(TMHmpE(Zn;pT^y+Njs;5E-lzC}(z`Q^yS2_9&IDX_03~l~Zf%#jeB)blWa2;(;rLDeE z3X`fv;X6Y+@KwZo^|@hpdoW$XXZ8x*q*^8r@TV9yQd*l5-H+6q>cOGQJH-GIExqqH zfPYHe75--GO~VjNGoQWq*B!W=EHuibvT1$u2-+sOu-L$)BX26+hrQz>WdwM4;k)JU1PL5)`E6ln7?o5&|)`$$AMqq;IT_Zz?#I(rNoU>Z}WoE3~l}uq4;3KC>xM9YP5&|YDRAdZeE|)V;qRl)H21M!mK0m~61ZKv| z#wvBdDkEcpKs`dd)T9>x{;aEDVA3V{0rM!3Dvl%IXx@MH8kvB+*cOQKME9k`GVAAR zB?+R9g1pUjaP+*%B}T7Tj|C)5shX01%mUdme2*0|&5D<-95z889r|)hncezOsZUHE z61+CDf7?pQ%~Am-=w*;wP( zAyi(sletfGZ!UUufR)JZlKny47ZV(17MdoCl@T4OOm$Rsv_@c(W9iTV?%~^4Od1mO zZ44V}Nxnvw5UopKRZTh~kvV(?M7E2-N@v)#ZMuzA^=v_%TwJ*Mv%wuaam2zYEb1<$ zq^XCfos^%GQdZ2N75Uu^^NDKiWfy@AAavTGETuA&T~r%X0JKeoR;@!htgn2V8X?$? zgp_kbaJH=g5cNKe<>4)z_7AG1TO@wp4-<*KT~7dQX<44gVa>kQj$FK4Z443hCTXn! z^_6mpOx~9DpSsMOfsr280wEXYU9le?^maYZ)k-b7H=Zfx5y~_UGPgvS!NyVI^+m_! z)p<0|m9opx=9;&Uy1ICCLyGu?ysL2e3NTyz+t&WiDFl2rk;BAD1U*f3WD5{3N1P83 zY?v_Qlr31y_`A7H#3<@lfp(EjSQdwe$UDBw{HuqPjdg*e6q71&mi7G&fGR@EnVJIP zh~)%XPeQ+hbI(ILz4foYMiD3Twj3w=jjdriM&b(|AVt_l$lNnJiH7T<8))>revb2g zN9PMv=yqg-`+1F_#X+99X@aHPb3rfE9uL_8+Iv`J3rFcijnc;!zNI6BydD_=7_ZiN z-R6$~rHc2i9_9)sR<>1uDTf27E=Dxx-OVq;ftSHFu&!pJR+D}nI-h;KGJdkwy_J&6 zHK`57;end$ZR%`!B@b<07W37Rh-~jzKR3dy1Eq^acPis!3rhejr0*)7-`56^@OC*K2(W?D^=$S!a@B}KbQ z)EE&&W>Q-*+l4+^9%8>!RbFl>&lM#l*EX7`VYTmh*3&MnVM!dIrAHh% zb~ll5jNz_c>qTWOap!ol1rZms)99YE>2TJA6N3_0vjk6d!F~ zoC8{Q&R2$&`?6~Ygne#J3IAH=tQjgV;F?7n(zJ(M$9q%JhXzZ&-S->hrE_igo5cTPSx%UJIeO9qRvHw(4 zd%O6N{r$ZD4z}gq8J}vhatz-+vn;Fhsf6lw~`H1-o|i-`Pe*%>!B zX1wySJKgU@j=*D`&y{QXd1e>lT&n*+_TDlot8|YWRuoY{Ktcp0ltBpr5kzT_?i8d! zkdTz_RFqakKtNJTy1To(O9Z4tx_SS5&Y5%0GY_6m?|RpI*E(NjWa4JudtdvCU-oLW zs?-zGTUtX~{hR(r<5nMO+%tVN!st#tHe@0}V^!c}zh1+dk?fCad>CiFEuKrA^&`}& z$9k)0AHbO_j47X~snqi%!WfZy9Pz}}z|(}I%gl9f!-T1^ z?)K!rFe%;ivmtVkKqbL1X&QaWBYf)}NF8bLb(4eT+4g2YA*R|-Clky1l6=e39fK!o zaqMw%pw(ej!9e~C(nnD*FKf({te=g2c>o0_`(6SyWpLRavELy3JljSnGR>43&DedoYh6EXv)I>+oX6#BOp2`+dg^DX4983I5wVYH@odNs zjku;0^ntzClPv`CH>p6!mWIK);JCrY;&U_E#!RCrW z_vLFz(cG`JSI9Wswyp7s$e$W1sd}w4yKTKf&?a+^lF?wQgC=ci$-?nu`fGvBv-RJL z#{k9IP@FADK*0lCBv)RV>!F&%0w7P!&OdxZN=pDKkgPth$$}B@a(rL|r=b$9HyS_a zVx~T7AKHx2+SX=i*Gd>Igxb)|69uP!g)?M=g+0}SQ|N0p-k51-2zv!RU?DBm=)?-S zx@2&=yw8;5@u>Tp6yGsx;{l$-!vd9ly3wc7Qj9+z$fGk9tqYjOXn&kdD2wvIsy=o4 zep_U3#e;}XkV>hzJMafbQMyp)Rjr~g-`~cOcT)&uMJn7EpWbm_QOBWVzd%`%Iq@5w zU`T<&ZaQQ?juQvCT+b$aS0YdFShM#De4eTTUf|-F|+6?jrEiBCeZo zqr&=B7eBW3J`=p&GalEwH%F8nY=S2%A|!Ietnyf`>h?$?c(`m}Cq8<#znKp1q;7fC zRYE;gt)wzMY_6^MAeKFjUMQh;@Insipv0ZGu%3Bn8DSvPFeqHfp{WE;z5-a>J7o8T z;szCe*t7?TB>Yj5DR4af{c7QHoB#5h~a|Z!mw|C_~Nf&j-Yd@JP`4bKQ|z z6pk|?_fVYL9d7N?5DZAK_<~-t-JWssYnO1Ow$@{^`QcKp6O>R`e{kK|IK9$m&qKk!Ys(yzp|N;D7rMz#9R$)uD?MVo~zRL?O-O%VuR%|9VQEne$$uLw`9n2md z9n5E-H+t)iK^{YGkoxLu_Zfvu5!|dA=f}Rh4XAKvQMLt=Lw^JgKjqEa9JZ^*fSJzU z*&bHxet7xD{713oX!{SNt>j51{u;e#Gzv-1u4;V)fm5UVIt6EK-avUz2LStkC*{Q! zHLdmU)i!`!4TF2kkXf%S3ucjGwYw{$g@phWPD(wVy67v7qw({RI-e;o-v#o#F8agi z`GPEAntSu#JNMJcdAbKQDMtndvwx!sdj>2+HrdTvGCxto?oB|Q&o0eo#4x5AZ?&g~ z2a$u?mrWC=m}+vuI=J4=lOeOG)~ZoJnoQzyTt4vQ5I#D1LIf%Yg* zQ^tFZkSky{)%EBVpN`y_0LnQOy^9a_=z#=E!)L3x~W*A3{nhb{zg!-dCuw(Ne2!FFSQ5cj!xWI_2LB9=9E@XU{X63whroCr7LD zQcPS*@(b&D#lZoI((b@$t?|JYkzvp!1itB+6b8WnQYc7mhLzw|CbLXIv)}uCPafV z+6G~jQO>LN>&@hQyF5A`H^5wzOC|1-SG@TXyr@PsHt1H#>5RnuIp*Q~*@ zvjZ&8@YzP_l1*U1in4!pd?C4K)K`V{vLTioC>efWTwp%+goM*Bi(>*Tz@QNx*a4Tt zFjC%dfb>Qc^h$BOS;1TJBjp&VINA`8xUcQ;&}5_!rg8mI@C~Fxnk!TLbo6!;Wndoo zu}d8l7`&nGblC0ug*3Qcremx3ZMgy*&TzgqU535XKyc=B#D>SE32;PQyW9jhkG5Rc zP^o2-)PVEgms%#cXEr!>H;Bj%Nl{s$I#W+S%H>J5+AwHGjNoX3+_^EEi$86%)ix z=%X!KXuw+DY0{%eZ~+Y~4=R=h!Irz`fqim-ROT+jjuAbCBb>ZnpLbyuP!iQ~!sTspMjP8HARl7Srzn4J5*YmQ(e8)^DLnGQQD?MmHf zK~jWpCnl_@>a@Z!%WY9l(8HpfpG8L5>vDrpPCi z)FN98GRI|Yyt`6)(3*R2X9}Tztq&cf+7)FS2}~Hv)}N3-&o776wsHo-d?x^SGLwIi-t$YZ_8LfCX!dS*r7P^i(* ztdZ$VIO)iV2`XbzYdxQ9a+HBG_!m<{B3sUuP^Ty@Ip^jb>@{+ua&CtCeDGda5Ir)DwCrj7keX4_a+R@EAot->zVFDvFkZgVU;#M2>RFW5 zYh1m`HcG}_=6F_e87=e;Sqys~Kl^61lvRH45|e;O&n}4c_aeX`oF+R8{#-P8I823q ze5mA^t?#lBp>;{2IYm*kC(la@W<*fjQtrmr8Y4VFt1&diXn7n!FpE6{w$~co_yn-- z3~#;kY?E)ASDk0jni?$wXxHV@o%I+8da8sR@PLGcyj>j5P2x}l5xdV`+>5+mVSd3u z4oLK`i2?V;hGGh*Z*+a^37`)0k9`HjpO4#3`%mqm*L+olnPj$P06WB=Ho0tb)sc1a zV|M|?<(q~nsVnR@dCX{0C8Fz1fm4n5Ktuogm0biJY6%G=1tv!QkepUbNR_@LcqMyx zSfAW=z93a86D#ncIKN;q%h7|UNQ1N8N!0~xt5#N0i>6x)b~sT@qrX~(1ec)Kdjqg3UumA>zWi=yYfO!wgo^lWGUl~&ZR@#@q?(zu-m_eUAyP{kg1#)e#nIjrps zP4C20XcjJ>jddcSCrIdoB06K}MMe*0-I&7|VKp5aD&HGyb%l;Mr(losv@k)74bg{t zK40ibxH4L&^paKBNpx1(%C*Aab4rcRhTK z{ovpu12R9+Gi~F43WO-0y8AKGf11CPKNid==2z}=>=0`Cg!%dpp3JfhAG4PTPgQ<; za>(j@U?tyiW%kWF<0|0qBzG=gbKqyiyS>3ipFapUkp&jeoQ7uh*WP9)&!dGE{kQW1 zTSTmeVFH3VojJ(r6%TBeFI=qUtGIitTLO7_|2!7 z^Nc)V*Bf&CFE5D?4mF{>A4J7H+x*!+p8k?830A;CR6KkcKtcbw4z-{=@tyHAqqHg+ z-!v;-5|0RL-(q7&v_)}ojO}vBCrWsWwxwr(5*Q2pGld=zh>Q;2dk3q?A8CUDK|YhP z+-R#0W~kR5TiFCThrraxb@ODzDASsCLUa_?jAGvRJH7P&#Itvllulv8V>W$PLd>3e z8$85uItT2(Ie{VL0-s8T0fnff88jU{WrMX?9BnYkGa!WORiX!Vvu#5VA+iFr7}h8z zF-sFrW^)!VsHN+{4=Bm!gJ^cNBj%S;HB$tpTcUq~!m5Obq(%7`0_R5;z@$VwrW8{Z z3Qu5?p?piu5h!i-91H)I&?vbc6MD-}rZ8-fkeZP8o_v-i0XDt~mqQa0pkon!ec)b` zS?t#zu=Nt(wehGMCruliaC~zd?fNUhd~%J&q-SUZ?d0GO+HP)QaUHq;vJZP2BX^%t zTPIFRd{=U{-qQ1fJf3x6N-xGK;MgVXs95-zA_~EIhwf-(B33Q^kkMF8e?EZ|4?OvK z`}W>n@vOVrd=P~YK*dvfh6W3XaV_7gJtf^e3}hc5UFTdX1i6`YGvTOl3CRjR4g;0P zD`qOcg@p`w&Fr(O6KVOmaE)F7SV{E@=^ z)he57_JQC<>0F zZGy&Oc)mHZ^c1rM=N%w5FV*hgR2;#+`M9gyX$S_P^^NQFZxRHiVamVkd4v7)a_&LF z0;f0#FUFQXA{jMSr`>T?En!SLKBRSBVT79IrjPSb@CJ{k^+>iWy9@3yu$2<0NX_*% zpfM?slkzwI2CYMOYjW3`n*96}Oq&XifjBV+zaWE*Y^95{<`?r)hwYaU%=!Ts)OiNo zHQy9caC@bg?;QDI&gLU<{FptxZ~|3qQ2X6qFsw(BN&<*+E!ZAVZB&c@isj=FvbSXL z#NWc5n$ICsF`d&{OtrvqOdc#-+ zQAM5;qoDyzoX?2H5GU>!*4y>4$|d+zVg>@wBx-za1;`i-8A9wCS6|9#H? z?#~&}(w`fx|BavjyWu{P1O876c29uwEs8ma8Y34gzV#c!zC2wP@cn*SGid z2+lkk@ssV^kiihkjZ9p@Ph4wP80JU1E5W9U7c z{_(dR#y@^EW`NIQ4K)jz$x7Gs(mj=lf3v!a zXaYrbV6z2&dCV(*d*-^2r*Anl!^ubh8)K}qx!H-GqP@p%J3kgl8yJNM6V>nKug;VW z0KSGK%@<+oU*nCzL=9m)t)C!b9fM4{AFIy+kxZ2SMn$}ytdJ74@G&KhD(O0-#`Cvi zJpiLkK9CQcWk37-v7&rFWu9&K3P9rn<2nAboEc$9!=_Y*cT*Q`fE_N*B*;W5e3zV5 z)%^ySZ)TdDiX==JWUG&$rjv9s3s=&$fIrz2t>0C&0L}bj0c)byzWB7C-0w zWm2f~(?A8T=hEl@lDP6GX`c7zO*3GlL1j|FH-5+1%}!79bf|IHf5$sh+^VCHra2wR zCDyaW$d~_MT^{E1of;M`U0 zlB#&DC+>384I9)KlaePB18K^59|cPQA|0I{n|CTJFNvkWW=B zw&DQ>#g3397UGI!K?%-b3Kj zEN;b|s|nSqKwqmzyQdJF5U-#x7*jo9vlsjJ84N=;by*(#tRc%lvVl8c`M(A@YK<3q zUS#+-Y%rh8Bfn}~M^0$%Z`I-YYc|Z{TGO8C2EOC3gj+kH`?%xe7eZf<-z!C=b(O^Q z<9b=9!uoCEI)jO_&$AbIAV6qSa?A#j&mk!OBwe-8f?4mI;`r@E(zCDE4hRel4|z}(Wc z)rL$9?XCEacOab5l(GEioAZAEpmqd(LGp75C@QqB%*=(FfZ_u-zVB0ss%u#g?A^kG zkr?yfZdm)2{&O|!da44G&7W5y0@@>9#T$*=kG6wcxc~LanPwl}DzKEU;{quO$qV=b zVO!%fk{Ou}&I);4K)dv!Ki_i)xTfL8R$s2*&-$+IxLlT_8&t(#9xs%F?$N-jb;b6i z*F~kIk4q{}neZhbD^`w9UA@(Q-ubLE{evr@!pWHq;G(_dPM#{{zleH?sqfWn%hL>3 zi0r@e{Ey(TxMz$~3Jr?86&^as_WUCRvm>*0IZL31()K~}e1gN8hNJ4o2LE`;o{_;D z#B?QUpDLw}+)(=)3&nTsfMZ%6&Oc1W{woWhcO}}ia+hcCKIZeA4kDVRM?Jn^tP^YH zwq72pHm#UqU&>P#woQ?Z_A6ks{CTHr8CZLD=kXG2yr|tzNSxWIzotb?wEo#1A|%_x z?pnY#UW#cH5XN4~B)Y1VEY}FD$K?&RWwHXA)qsYcux?(#BWqtrf89gjXs%)Idc&m8 zcxKont6oDDs!AM1o$hZsI8!vrOTIV{5Gg`o$Kc#AzRuTtF+ax8oX<0b?p}mHhIbPp@j_SQ-%{mhc7-KyU7$Sq>3VD} z==3y&bZHotvmXtUHlsgjH1$VKB8D?3(=Tu8vKWo@o!AeWm_|zToc3rq9$yVLn*P?x zc%?BzF+E(>=jB@Yj+M1E=eD0@)KU5NNNN&k_nM4S=tucsmL<?C-Uvg4;6jZ7v!LIXlWbXg6-;GB*uCk3nuk$j}mR=&we)Yuz z-6ot;&{(e^&Yj0~K~&;tuBRshg=UjlDUsmFu|X$%cZnY2=J9%mqBloj9cqkZ^uEB8 zSm`x+hqyG$(t9LHu24^MIX9{2QGbDWC_Toes_`i2Hm}gfJCb8mgbXUn1u9j-mz9B&0_tWX}Dw3eD`1nIZR zyfqR69ja#GP5&$_rb~AF|FqvBfM0sSNDD#)K+0$qc!G+WPQY=T12D}+SJLt~OMu=w z8}%iBAhqh^vw^u$r9}`nvM;#Br$OG$E&;!Yl`SA@rN_U;aBm#v2%=86D6| z)34#Y{Z#(k_x4AVdEijI>*%Xpiu4C`Ejev8-%ad<=c8{{_R9-)#Ei>Jwu#cwrU*TX z@EuBTMuF7}=LYJ|L*40Dz3I;~7SX zV(eibI8KCYMOQ+%_PX_Hj5Rx>Qsgo<)C*sK+>mdJcr*#3gV3IYxsKNM%nuzo3N-5P z8qVBv3LvJtcWTVD>g^eir~R0pAGBj=BrnXCh(UXTWbTEy1VHXq*8v~Rf?RPXhnDiR zXioc_)KRb|Jz~ow!T|?aYash#a+V6?E;yTrFHu-A9*8@)t58dIFQae;`UL%S0UDU8 z`VB%ff-~?r+!zeTO~^S%;C4bXqa=uK9*7slwsj5nj&<|(@wkPqNPS-pnCL;*_J@OY zYI9*a0k7PzwpWD#?+z9xRnvQ@W+%sMuA`c#2TF7_sMhn_VX zAfm%FQnlXe)yl}>$>8vvry*x)!`6ECSmz0|8Su6rN2&z#2Eu4TT4`1JZk5VLr8BBI zuIzg5Tw6X7v;OeO;mXIYgcr=V6HbE_04s{_#-CN?at@`Qpvm>4`q&4t>{HMmm>dYS z0u)Pr=>fvJJ3>@wd{V7*JJ~x%2g9`sL@GI=)$VaV7WaW+=VEHlWAW8k)O=M>kZ}UY zbRJ|aL!Ts0?=5dn*oBP&=X@9jg3{Q8VwTh=jE>OjU>_>{#Gl1zrj5B1bMz7RK)Dhb z8k`MgKM0d$TXwKDKBajddsy+O*X{)O1Y*Z8M@R!t4YL{CYvJ=(xlUnx8^fT@b4*c_ zD_|lNn~pJDf6mI?^{L^$p{?wF!F?v`1q_2kH*DRyK-@B(!g@Zkpdc(=0||f9wEIsJ z1>r9BWT>kWHX&KA^lC*-;jHcLjWkQx*nc|eruL-4u2~crtg!{o!_aEq=EN!c%6KCD@P{#xWVFQM z%n~fUx|~RG?7D#X3mRLmRd{o43%}Tm7=9F|8!psq zqW-*&SnE2BymQdV?5b9bY&zif8O93-7Rbg66&Ju($I_l3^qu+5cHf>=I2A|4#{Jt} z$JZ)E)3wz?ms#`*-+W_teofpxz?Y$<>7V90TA8nFPwXYoY2n$WJ0EWknqJ8SUw*a2 z?&^w#8xY?O)@(rcw&>ENd#pbCbTFTWv2BENqcb`>`a(me-};JPTiA=0X%C|mHAY!g z{{`R9P}!jkxsxcT=%5kPk5kG5&RAoU+(gHpF~l$(4%iM4`$Gwf(*}G9=uGBG%!-9g z$uB4b(-Kg)LR~Dt!iuS~{m%fqIC#|8A<&s5qJ1`QWwp zxBQzS*yekzDjthqoBT6!{hMODH0E-rJ}m^XH-K=Oq--o|jd7)*gt47LR;xY~2L5Dl zn0h_h1Kk<@NJzp&L?2mU%6DI;60xA)qn5#^hpPGj!(wXk$c?$YWu>^dVXhOE5`FTf zcN3vw!A+bh_!4qG=2UWl*HLA+$_?}+^9&07J#<|}AEL6h+`cQa6(#mkGZ&@7Kl;5^ z(byOPU}-S|A)&?zsl{rHigbu(W{Kl7B6nv zj=h@l-2`H`ooZ7N3zOcmKi^2nw*8J|kg7*wj8T%@+65LDwp(VLcI#TIH_M!k=i>u? zj_530%Mr45#b#|{{3N>k&@DHveA^76Qh<* zhrZ3swegyt>M2lQuz*7O;k$?i^8=e%2m3E1&O2oX2^$b~vXU;}h{d{)+RVBcVYafv zv6js&#nDf7njx#BNtoA_BQKvQm1`^fbLMu>cISev7c5y1m~-Uz%lyugNWLFNNx*HQ z7LoF?(s}x1<@|+9uL~2ff2c?q^n4Z7j<9&DkSud+j8RNb=Ky;gT_O2oIk&R`GeP+Z zt(e^^&-&7ZeW;Hh>}BkhVxcM0j1xHyX4a|pK%GLf@`p~UI6?bIESpt~(ga)~izVC> zbe|9YToa&}4Q7^v7&lT9i#h2LXZ#$k&SW(&Q&<-elF(xu z4zoY!%?%K?*|PC%g)Y*0IH5xhgUOBMD;xw_8{a*#y^0koP7aKEdlYFM$d0l0FK)Ix z1(i&=d+a0{eM-W)#!<6M6G9C;?Y#~Ry9K{_MW($qp<)tvz9g2F49VJTxevIBxf+5a zv`^JBlaVZQmJpZBV2XGa55kjM+ieazJ=CFFl~q{A!!;U^H@Z7n<;z$ZzQszbl%cDn zu`{YglQ%RhE-L-~Y_5O?pZXK85c*nWomV)!^*7bkyThm)){DBQM{_*2wg2=1x;V{3 zDF+6RhHxOwXB!Q{Tok9kiyG{TZ69fHOd3@+sX56 z5f6=iZusu$53oVGWEMw;>&wB672K9a#$9}yrlcQuHK`GLMO$l=JeV>xZZj8%x|PWt z2%&_+hSF%jZ^Ox8A?-&&=bWt1ig_t(x+UrZtLz8W9HV3xV-&o~9=0(&UK`Ug%x*EQ z%sQnW^lVtC8g|7#v3q4UnlE{bnNc&gIi-%BtB6*RRp{lPRa}jku)XxCE)v|o^hTp4 z`CpvmGGB|g*IVhGDRFgwjth6x>!gQ!xJT|Fb#oqV=DEXaFlMUq1(lzo;_OIxabjS5 z1+}c@k>4d(iBZs&d68$vuXrztRi$H(6i&L73hFCRd*^G~h>*`d6c_ML*`y6u{^8p> z`+fHqR~}t4*+B8n#1!szIy0|m8t_m;I0c3!-`=KtvE-KfKFIyd#hDkBKlPO*3sz&I z(y|=#3FfjWz*cy*;6OOn$R`(a6qqq}_uPV4`HT4!^1g;*g9*?%cwoq(GW^wy?+%2~ z;Lg~k7(v={Uwcp!o5r2_pk8Tb&^DQLR<6f=v00?a$mFS{P^JI0^;4DKb7sfLLQm)Q z-38+C$Pc;O?fWZ-E`sBuhW)L`LAClmc273-zx;qEO6q(b;CpO% z^!Cu7c%|(M4(lZXdghr>Qn^y@KkgicC1aXUbFde=d;rcro;UOW8`Je!A8ak)U3vhXSax}j)$oT#00_OiMk&E| z%c(o|(^s_b?JDY^{bb)H{?%;g9+TpraYt!n!h2OVNcS4&z|3XB(` zB+1)8xoX25G!<%uHYQya(>p4C!dD8M*|xfV92;4nDsFX;xS9_<;CJ0`)jXOVmk2h$ zD@Z_(_p=p_OxodZdSm!5OzL*OD6VP1SK2zkZ|W-T>UxVq zQC!CR8w3TMB3T*3*G*?LDLQ1J;6O(6c;+6O;sA^9>?Y%#i#*dGvw~mgfK=tw*+Sb_ z>n5sr95Z{Fbx^fjkJ{a)!Z`h}XOb~)ya@A;-$rBNXc*E2&bJrfII-PL)_NV{2Z!BI zRdg}(x<)^u>5#My?ARj=v7r@TT>T|Zf?0n%ILoU|V58E3_~Zw!tI;rRW#mT-8+=;| zo$podAl1KZOYXQ@oP^O~@DCfHNok2m|F=&VJJeGJVmINe@LxQhQ{s5 zO@g#vS1Lcz39*SG($7a6{A@Tx$AgomNrExQzKhV-n;EC^iF`A$GjS8GDvxr@zGeOJqU?9 zQQNTFmR-L?TqSBVu{xlUuJV*4VYivpYHyV9K7VT%YPU}g-`6L-%(tuGMt;7@9V%q} z2Y>au$P6|}swieP@thalDheR5mBoo)qbc`19r#ADn{eaI>|XbAv8rQwOHrN=8@zwe zy=ms3Y7_}B8YXWwix}LF+byOWY+56WYxH#>ZEw24<5D&bSWIzZ@=QQyMiKl&JmlW1{mXHULH(OKk~RTm$S!UL z5VnWvN`jp+N8}LKVp+`Y#A6cAM>I+1Y+FG;%sK*cqLTmc{83AYT4{QB1lpEBfSfUG zi3dt;*Ve)EM?-(h27>qhAihmG8kbA0dvgpvnse7U)7PSN z+pj1Xcqh+GZ-u$#k#l$%`ICs76#G_ctWu&Hbz8_CcW{ow(*86HZ~m+;AV?Wvd9#+C zjy&$MH7f2JT(fCOm9wLkd@ z~srP{f3SI9-| zCZq~_TwZsLAQ158{u_i-8V^wW_^H=)e|09DBD$3j7_k`~Ms(xl#OJ-y6+sljZZ|J-3Rzg+W-EfXkkGmU&GztWfDwq8v?3LIM(@2)J5qvE|$)@};>_wYxCA6-IG6j)339 zqCD86B8WWwQ)O%ND(ei%Jz&jqb|HUG;qw?<&bkMDpq=%)8fM-W@($ zaK_t=#BJMKW`K|r6<>z88jX2_y?)ns#~WKnVE1Ex{G9yRS>5hiNOd~dntLgHRo*JJ z8*!}?DeY^*frlmEgHSo*ocl7f4%vTa#!3LQWxUmKF*~9Jm#L~oW3(DVqi~9t9L(0` z!z7jW-f1_av5Q#i{LMoXlLp3nVc7Bo#6|K`aEHZabjJw9#R!qr)<=>|GP0Wv3;o-|7 zrn4{qPt=~`ef8SeXUBhB^Vjrq%@w^n{pLEu_p)4$FR2#4`~=B*Eg|%p+Axdd9`9xv zSugb!sO0bDsvNH91H;~~cRPyo>^+Br zs-nU6uSRlJh%KuQT?A2KH29;T$hB-vhII{p&6J^hGm5Kr@@^KNm0 zI79K*ArvBL%*ujktwD{WL>@_!T!wRGE}|ZHcz1y1uDg~+%?s49|CQ&+0ZwYcImep2 zNTK;1?06ySn5$jIa-4hceYYfDaA9Pmota)# zNC$J@f`_qgTmF2se)wdwFrdY)EUZVz+`s zLUgT@d&$rId$i{mVdq8Whrw-*;28sZuA*wGP5P+ojOOVTOWpa4Uy?STvP3l`oOw@S z^)L11^=@mjLw2Gdt;j=yZmke4N|b)gwbo1J$uRl z6=~@(b!Ctp>jP=A17VCKu%nddw1kVFTYThlWY=pUOgk588DKJ5!8K_aHz=Yo2@zb& zK=l?tU;rB@r`ZH2$9K02HO|gzgA&)vDN&QzA)o*qr9VTRV;N6VmK%*oBJy!J;@^l$ zfN-lFfR0NtB*R&*=)a}@RjlWkjG)hnF5Meo{~Q7sObg~s=2<*%#!075f6IONO^9bT z(anFuqi&9>+rGt?35fIERm6r0EG4>yB#Z4@Cg8lL2IakRWwm>UKC6tFdTM(;$4!(T zS^^#UeXK89SavxQ9e_tkvtD=Ha$YZsc4g9#+*xgsP1OBP%f1#yVb<_IwsyRtA>BqM zEtI2*=RaQ*c&LB<$a@JrScGEwTWUs&;PeF?_L#snblrK+q7kG_^XFow7o1s?Aw{=V z2Z{!B$H9PST4}pBVLF_M7;>yoO%Z7R|#Wk`-Jt(`|&Mr&A&&=(VRTuaR4vAqdpbEJKJ-)BU(El*dd&lT{ zyremfD-BVgsb)FwS2_utjKD2aw!55cz<7SROV?sz0l%|xEaCtt=;7e3BWOBpwq69> zL@kEufOFAm_(f>3+lNJmw=SPkY2*`M2RN)jHleb?J{`S3!ByS)irJLuUkQj68LUsr zfST3tlRPqILCx5znD&jDgYvOF0C>wq*6zEM?H#}IwLnpRnJF9Z&^EO(yL)+4^CpZ} zoTip5IQzU_9%|iknG+{d84V`V6qH*rXG$&3p?s#7Dfq)w(^YmdUG>rK)TE{~`KSIw za_9Ss-DvX$I7lWA)7<=YaR|4VLhxWU8q=1x3iFK(y72Ot;oB8(TYNI6eYxA#UjFIe z3|y_CzWgJa2X_D5d()vM8*|9AWy4H-MgL{?PC=o9p#&c8@drF7{H0l2=T*gTFC>BQDKX*o zR_Ge-fq6!PQ{Glk$bFv9=CHPdEitS{PcD`!C)w=dh}McU82kH0zG}c)BZ*n z5s6E4Le^%0m~2P4oEiWU8hi1x#WR42@4l@y((?_8=#i6B(y)IqbOO0VCAP7V#Ni9y zeGd$Z?+|>kgn99hKXEtdyW2!+6kT_Zy7t@?#k{RvPi*e_4!Iazh%rLUhNCz$e(SBe zG>@nBjSO}gfURFXhz1$N4w6ETM4lrq?y|ko}=t>VQi{xY6O> zN9oaHY_8{KR~rV@95yTii7r~bez#HSVT9zS)CTr20oP=7Yk7nOu|v%4I1?%!Y>(ozG)14{Zzapb zdXz?PNC|{yg>%@N){IiOusKwOYBGrQF*z1we|iamR9BR$BVKrmOY zy$1VqO4MFqAXC!}iq9`#bK)>aCiHF%9#v2`zQHvK)k9h%Yg_3;Mfk+{I=UN=!S{IY z<|<-y40V&!ng^`wYM`NwCu2B4+>7wIdNj7aL?YG}Y+Np3HW8m(fyrT5fAqv!$mqo$ zXU1uTp*(i5X}?Z%U&{@nYme7&B>!tDih&AkYLOUd!i^2ztEs)H_xYsAC5p3(J*YN& z(3e^1TBAG5UgWgzvtDkf_PhN>R_W!hlAvGw}zKEJKM?|g&H`n3r6xV-CuygdQEQG(l>C?&S12wq_RnaMwX zwrwk3;0L-cfv_R|A4TLw(Z#U@O^>r)_`VMPoUbF)u&i~bL-g(+Sjp|0S@$`Wrhn(g zbRQR_FbN6qx$^>c!Zr+=$8RbbA-;dJ|F+qu!x}>8w2GhMMi$36L0wfLE)j(_nT$Qb zO_XQWx|NPX$o>7kcFpUs7iFN&BH^BZ#D$lY!1nb-Lq_<>c7GbC<^~4Cp35)QSuq-s zg`sSnAxV3NjS`+y(|o5;y)W~-;<+A3gu>zYnhRk-yfO!bj$0Q+w}_QH9KNk}W}0fv zBGa_rE#H;oSu5jsa3WL0v(p>t_KrAi+KV*#cRMX2+V`yPn8#1c7+c=P26j~#59d&| zeTXf9mVrZl!4WCgcN_^@qsnX%?w&$!g5|M6F^y)F-H$7p{>`=5qU{`^sZ+Z$=Y@`a zJR4D5E?Ny-b&D8!BhaAMb-q zJOlr7_lBHG$Rbd&S2Kyq=M*YxFY#Hd-ti|XUAm`|Hxy-WV{X@8qhJ-)q10_h9QvCT z^71kRO19>R_^*@>u3fdw+y@$PSC@K|0u57Vor5#07>~amK+8a(xGiz}m-k8&UhwL$ zMt+I8I3Q+|j(gnd+RkY=^Fes*fjC0Oje`Jas$9^M>17%eN!Uq{w`>odnpN!U-B7rK z9RiaPT_$EU2Rj|VXxDL$e2E}xG*X)Yv#_^#UdHYqNDl7bDmuu6XmzLC)~HtzpgrW3 z1M~|>XuKtJNG_SBU7Tx$m`t?_AK;#c;Re!&AJ*=6E3(nU{&psurSwVVT}UG-K#m~g zp&%Fh?9z#dwbt{DGRp^ot<jC1{>|26_mP<1$dwtoyOlGpJHJP;;qTSDju|rC-t~`yaoK^ zD;{F#=G4Wz&_)rqbRG04Qoff^SaJn(weT@}O3N1#BP_n)O?EvFQ;wnd*eM;$NyVKh z>U-VWQZ$%Rb7Ct1->t`SAGXzF(pJW(jfk$tgHEMp8N$;o-#)Ar;Q56tFBl;&N7!m_ z^{-{=yxmER&b%Z2D%8c|JG0GCq9o;A%F;K578~B>H4b?X^p=x$4oJ+rBwf<7+agXDoUMAKu+tR`n1Z$i6ifOO8(efs}1+rls578cc`# zEAyVt+TvT0$*Or=?1`PPVp*xS$)I6@BP}5bl8KpjyEWYt3_iH)eQvs?0^u)4(~W_T zP*IQA9Fi>7#hnBX4@>mY=OYc+5IHCusTgE!^Tr21@d)lS#1(TNF`+hFk-K<_!0T;d z`kuEGWVlR~W{a5u-_h@L?S1z=u_~18=kUWi81>ch8)en1_6VrzSH@WC4Xs8ZVLPVKKwqncSrJy0o zeS8T5*!(d}q1z!zruG!9>;+Z}atUKr z=#rCiDZbMle1p~aSq2jvTCdNzJ=48P%wk@NUCjQ6VOQpk2P%e|24?$u7iL6R3)t_~ zu&~SV$~z4h`~~I`4oCwo2ieo5*gAcXPX8XIc&V5Vlu|gZL-ZV4>(*%sh^&oO_%Ah{uDsU5wckRb*Y}93@j+h zB@<-3zu|Q*uL9sSujH*#8ipAPtH&UX9e*k32tf1hFh`jf63TpFgG=-BOl9dG~oSO5Cj!?chT zs5;5n30UxNKIwm#^S`@u=Gge(*!ka^^{9;6E6b$$!I+acc&IcFcKR13a@Ut4Tus z!~+GAbW2?)6om8C{Sh-i{$oV^dz36+`cn}T+C)k5{wfMyMWn$rH~E?e+QLy8`b)q4 zO6jq3n-z;>(w_bARu$^2SI;8X-1Cq<#m>KrLEpyn6u|Lh)}t%!-BCzT53bAs%|hHT zF}gup6!W0N&SNMB6+1vR=Q@KObRQRjmdn!i)EPdUp<}R(A2n#$Eqn^2@IoPkBXH_r zGvm8kA8K}_^W#wNJ6z(z_>IB~oe`Munuu4Izz^tF6-?8+?1{~To;l-r-GzjVT7b&I zRJ5a~%X-q@_N&QwPCw*9D!t=Kq&stBh2{UdEf|e@qNQUm-Mj#{QXFKUQNq=S56U&9f znKoY#qQUcK6r6Z?ym%fBznWz1SLKR``tX~>C@LOwJyu5|0v9Tz4HR8u@5cqKUxzO< z0sYE19B&C{F*MFM>dz7TwDW45)$C+KF-^^IbB-}0k~;zv0S+dGADVkWR_Gt+M`I4^zm0V=c8g6ow1!2WkBmq8Oy-Hc2S@7PFy zis`7mJU2|}Yyk2yh~(CdVEbx#D+^xNL*p?*(Y5-{o@9`kFF9|BDke#-e07dT!~goY zY)N|{PgIA5`v<9Nu3kEZ#vg}Er$Oj?)I~k9$9#$vPW$sKA$ID_iW)B4)~b~*{53|8 zUJg|;lzit*eQH$sy3sk_gAlw&K#isuYiWWWbh6%rkY45HC8jMb^*Qw1KuF(V0&@2Q`LpFomf`+#znH#l3f>$ z&8>=o<7CR3ieI1JR2yUQ;7$J|$;`d9z0_#?>hPn-Zd#lX*ZOX$=edR`(`eT-iF1)V zu&MowxpJ98CJv=n-w98Hk+^Q%+T2M%*vKk$tolBt?bO~Erg6v zcG*H@?@dO?9@#r&@9k}TpI7Ic`*Y6y(fR!G`{Vch<9q*gAII^2U)S}zUgI%oj(DSm zN{>Y-jEnVxOoNaV{5>9N!z*(9_Rq0M*AwFVj$x@wGxCT#s%vdWV70G|qj%`bsHPlOEq-3-w_gKU z>%q$xEB01>4Ku*dRyAIZgml?-ZPO<2JwH0At_CDCuSlPO!0*1i5QaMhB}^6Tat6ju zbgGw7gr>;Ik#mODuG88xk0cpqZ|cXWr_tGOs#9`gtZ`ZVSg;wkP{)7P(=9!3r4~NV z*KS9`D4*HLT2=#;1C`D8C*jujs97dC7Z^21`6ly_@#yiS#J(6OAI(H`8bCiO{T}eNh;6{z>?tH7X+68)p9kG(7RLW|1#HH<|nK;&t-8C*$Hs)HI&< z-gajI;+`&kmo~Ph^U)Y0%JQujio^3GH;s$>_bwcrQvM1wQm>xL!ccm6uJ?i?g^c3* zlTzyim2dc@Me175jG7~5d`WViN)jCk4pR)H7Q zUJ3bB=W|r=dlAoKHS(K>GsR{`%wx1uGy%5;^Z57Y*SKl!&O3iUH#8qCKv$9v^)wN> zPO?Wo#;dZ$sAa;TbH)tk+OQju$V44YANElIDF%1udZw<2_1$9mD+_@1Q7{{>Lkmpj z^PoY?1M%uN*f}VScA{*@uy_HBSpdd|dHJ^341ExIR)-EY3o82l=r0B7$74uho(EUJ zsnCXqOZkr&3SS&NLy1)sl#9-VFestXwAdD4q zas!X5{-bI^I#$rbl913na_tv3Outi7v$I={l98aTX+_QZ04+h;#pqxV1X3^An?fsn?B$u(o zf({Cvr-~30G}QT415!R2PLR1cac9p05apkCQ3?J$4T$0$@@|(_DHN#ssUQ;;Noh?5 z4x#&_9L=xXXF!gAMfrp5AaZF3F;Bz#20bt4W=F=;i^;8T|nK}rZkptK06@U5lPFOMtqbbt7UdykN z$c{cZTtE}lE zjQ=XMmiO&(BtyG9PQ+{a@>Z5}tshx>8qmZ={zzGAd)+FSN<5o)3lBj!?SXM>$oE%O zsdb{hwQID5nB*6z`eeCQXa-390J!nefXEut0n$U27iu7@ofH5{)KxFGe7=<&aRImR zBmISVO%F^Ous^MB98R*jco(&RGG`H!{GBVC)vP?ZfMX%KWaWEAvS1B?mybUi4ZS8= zi7~G<=e7@p#+z1t3s~8FZ#`_6;RUStL65?XyE#wjJxFB(pF+?Jj*NWllO3NB1_E#Z zQ`NkxFys7k&gFU+`V)TJgpEssVV36DmG``+U6U8R|pG63gxOZqmD+i zzcOd8Nm@Tg8IaZrLfha2!S+?ilJ;`-gQD{RuqKf3Q*?7VP?t|9l);C7yM~3m%G6M~ z9N@A?lk`4Rw_ReN+_bbkPY`a0bu0f?&52V_rRl%4#2l>C@lMCOKecD<@d*9dk&25& zr~wo&7^b7ZFb%}Iac_ll=3?3EE&5mIn1OBhfOw|T@422H+B$P{aC9^8Y8Q-7O6wSY zhkPW!bgY~aSATj3lvXCdUQZ25Ov?Aws(n1gi^itX9Y3xvb|I-gnLa#z??P}q-h7Ga zhMMbXr(3NI1MVaHJKcLPbj2!!+&H*&14C%G8HhMIXoP#78h@748hJ`7=)8O!Qv!=U zNgCZB%A&4|UWy6Yx>AnXJD6tE`W0o=3{T~?VAIjbmtU_1o&%WEVOO2vv1FB+RhL3i z=_%(Ku)6@2l;=xR7d;GV+BTF}x8=chL1=A@(B+dK*29Jn(tG)d`QdV5hW<$p-81yb zUOu%Qr-_<5+fh|$v?&PY(y2Xn|6`-3_l_U+4sCe2czOs8;S;))yw*)t2DIqz(`2+n zP|uSx^ql$8Iue50#l<^?6r>}XIvDcfyZMGaEt6+pS#dIdo$Lu(mLf97Vr$S4&BMG_ zp#9564MLW`*{B8g#t2x>ZBMr+3@N%^DT9vEdy4QGOlVN=4H0S}B`J`VSwcY#e1lDL zBs`SF>|n)g^iarVvDGu|98cYn%bb!`*lgyrx}9!=bahlc95bhVsx(x`4IhL|r~2ua zWon(ztB5YUDw*-+`8-`rQEW}@lt!lD$ZGNhchRlv=i}EL45!U(?qVd$V}}r`2XP;9 zM#VVsE3rkc#&~acQ=mfpoR_4%3TLv%VT!($qBA}U7LD?k!lzx-8pYrZVtOE-Hks-8 z0;o4ac{o>GT{^~15%=^&sxGh!ErS-ajy zh#uo~Q3I33LDByFjBx8f_GIHi7TwAIucT3??T4?u{WsKa7>=*dVHYPZf=t(tRNYKt z{f5<%chE;2QPMW(1Cth+t77w^kr{;f3RxJaW~p7B7pdXCAE8?$iGe7}dm z7RJRG!7t<$(1e@Mx4n&+aY?q_*Wdxou{hOV_Cmm!s+v)i&vPK7ENis-u_Wa*zLrL> z=dJ5_`VwES4b!@!@abmf_Q&lnXL0?TqIi246+TbYerHGFa_@ZcyQmX8r6fxykojnu z{9Y#!m`)~j%cu8iNN+OHJjR?&XxB%IV;Ro?wR=C7+FJM*QUg~c&7<+0AVxKj3Jdz7vAlP^}dlA@fsW@Z4B z$Yx?i8)p)$%+Du&pffw-xCCSxF>dgEY8sC%)Kd{8K!$lMXx{f>+G>rWpXe`)9p`zHe3gXOUFocdnDDvDP+5>o zogm@Y15uEg^SQ$&o+;3mTGwsJfa*m3&d&B^bQS)NyyG2PtIpG52m5HR|EWA(iU;q$ ziFWflxo86BD22hz9lrYw1ameIg-gIjncZ3uuGwHpsQ%+yPo8?2{p&N%W3+P)&!`3} z0y$oWvZ(5c3|~Co)Sx_vNp?_yWt^}PEU5VwBhT`EbP;FcQJ&{Pe_h{P`KL8Ui&~Bm0r4fzq9T?#ivQeNNjvS zPy42*742v@_5!fDL-8Dp7qRc9?q`ea(q|}NQTco=BR+z*d|M6Qd4!cMQPaamSH}^~ z1dGQj{whArKvh8Tsi0tp>fw{yJU?;hB1c1YJ8~F5*~$4rI-R`!rn`@>!N&(N0z<|d z0lGcJdNX}FdKc=KF&Kut%-uig-(#h!p>ILoP0k82O=^7N^)iRudRR4rnx+8l!ty0f zv-X8+YcCsrG4^eaVywzfqnei{dr$=fbgn6(L94=eTWFFKH_XMG$0wfhea~x*J0GK! ze1SF0avF@9B@|?{u^=D`b<}fE=xxOESs%GC+$bku&9OhBlwMkDdpOXrvvl=-aNpE%kA`+Q1Y?)qJ9jPy&21ePk=Hfu*(g zyVz(86sfCQljvs)y#=TsUzg+k>aBdfL$N5G~ z{0TMv7`#eY7~8P#RyaRf;Sxn)r8t71xHd%?ISk| z)*KkR+S=QAUDw|r#UTLHFGXvE9Xp8@!e?hEL)|*CSD?o-9E{6iaABDPq_i#Fc8m?= zE66dqlnPf-{?o&+vTDq&31LI3I7W)~fZORs3kji>n*rtSeOL-;~#U3X)xGKrK8a zSpgyFSSLc|4tCK5@IA%F-;P(laDUsOOF^kf(?j6TB2#Ci$P_8>MXWpAq>}u79P}UM zGBnDb79|lz$bg0q0*J=k$dCq_EH%2m*mtyRU==8wSeZ>2mEwF6G+#QDRpx}YR&;J% z-5jnbaO?fb%3>=g{>F#;?3g6Lg52@dw!064oHqP1arD)DOf{5e-O5*Zv8wC>!(b#KE&G-;$tp+Y}KLGAn0ay?b)- z`oa23v|ZmdzRMlk&@(rH2rG-zeHJBl1cM8ei+JK`F9xqHwA)M#yfsd60t9f5BEc1L_Z^kCd-PnMX zk6er0C1D^>j9N#eWw zAIow{DBc{XNuNViL+$GWnLx11exB2-3L|p=FpTPl!%L)v=`(_75TZwJ?Rti?$y)=? zIaImJ1CcDB@J#3fyI{GpzB}a}G;|Tr{ue@VC$=k^aleY`{qurchk(7PHCbo33my^? zs>Exqp9bdh!7&|xq1Ys!?HrRy60~xpt^(gHe0*alGq=tx=X-&1a$s7dS`x4q7!Esf!`sA5ZK#C76kEQ~s12Mrx`KNpM1|&h<94xh4n~(Fl)WBs4L(>?bz@mPR zqRSU^UkONPxW42O9;Lp>`Rb$yr}(-Ws)t)erkk}~9sQd$YC{l6I{`a=;n?x>%i{?NAoL*A9Fo{iOX^oPxqq(=eBHHtoS;G%Qv_Dor9xMez5i;|D`{#lGrb6 zZ{X#NZOg_y%>@zzs~1@Kf>T|xHMPZ(m2_(Yz3H#>Bm`9V?b=%DEgk zZJS-*ZjB1?pB(s&j8145sOP&eHkDEEE@5I&>EAt{xm-sS`A+YVTx+9+EdJ4gG@%CY zA%BPr#()UpTPGYxFDnZr#P+O@6Xy!<9|;2g!?}D1w+8#lDxOiz7VE_1wExjMw8ZQ1 zD1uSP!hrZtC!&_kGIWkSQnDsgj2A4mMLuzG^auair&2q>_tjqd*GAI24v3}r(5F!N zpHs=-pK`VmyyBbX4$%~U|LH$I_-|T;BeuwYj1u@doAtvIBmB{h`@3iI&AS+(?JtB` zwY=&Nqz?59d6Y=>x{rfbr>j6Fo4 zgrG}W7?q}6$SrqDeHOyVw(wgmEBuW`#C+77Z~Pvqs)7aj3727aE|>v$hSWQD5B^~~ zUVK#PZ-A01=#*a2lCYdpiM5!1`MdA-LWt*7aNnh1(VN+@rieBd^*{5E4oP7ye*%IP zMV&gM7YHT`IT$}m=JV0e?dOgtgu&BR6wEjNr}Ox9-DmZZP^;VPfz(3sG>@e}`*-1l z2CH1U&X#AiW3CG4MJEAgx3tGu?DHc@R!rz2k}yy7Ut|O|$BBnKF7I_}i7dkY`|X)H z6%4INMm3kfY{I`Y5yWlKaTOtC+)7E%OYH7YKTTb`Qn!&yg8_U~e8^Qx!W2dSd>r4gh)B9qO@0#Uq+Y!y~ZjL9e>PR>cl_Nh*iUvFJy(WNNFa zG#H8z0vBk4VI)EW=}=;xN{pxW+Wl0)dQoEh-%3$!VCVV)P2T_9rP`~4XxJdxpE4EP zKVt{shv=GNs*N|sy_uJR-A;Rl*m11{XHWGc9q^cTCNv!4DRY}rOv!PFrRMU;=_G-kY^}z(}ae1)%7ex@5vJKfvG@N9LT!nH`uMr6t=35c%C8erQK&e)e4!5 z-em_Bm&eL8Qo+TXXZZ8$H@Z#pW**ZGpw;!;pWf66NC?0Ui(Q?{`j={=s1x`31LKrW z+#ED>=Lf}lk=i?M<7aRK;_+l_s3@Q{^VjxW^hbOAiz?XVs|OMKN3CmrEOsRQ_g4vQ`Y{hoGMDXYD)XUEb(^8d-DxT; zRb2A=Hgmah3hTRiC@Uz=CVh#ftF#EDBh)IlLyR^v11J4FDC;5kY7#8f-fIGobHH)>ss7IzfFO)ketcal z1uG*h#S&QY3qVrliS|e<1sr_y8(mB{Bn{v)Tu)bA4|;%y(VJfg>>0is3W&EJY8aD<1?JJn1lP&fkU{ zZ_laS`+1Z*Jn`eZTEE$jAk)EJI@gDI+JDw>O2)yim5l{)zTLjzI1UYD>RqOJ2@w~u znD1X(Y(yBrlre6eAgzXAh9?d@@(}DpFwI9WsFe{(<5WwFnCp-ZXXZff0k z>8arUdJyyQxl=y=?^9^b{P)!SKLh!LtI#Ki;9Hdw@Or8H@G2vWMbq9=D6Lac!ZbnQ z2AN*5*8nZR-r2G4sZ3dSbK?(>3Q+uJ$~vL1PaezQf3Zt+twUdmrij@HF#LS8UJyYckOk-D@e^YhA6Zk4V77 z$mwVR(_V(>fX5p?k|$a?3h%fLC^QW00`aaY7yTr-8Gd-Lo9^8$J|2_ogWTVn0A$}` zCZ4Zv6QQ#DF1Ognb^OOSI-6@B6%zFADQl8O4ql1ndega`Dzo)welMwM6CN1U*dw@gP;*RScz39mo*nneYj%@(JbN z?7iKm)Af0xQCO_?o}y_-;hU~hxoS$qOMa}^93xTL{%H zT!GKQFzvyOwD+pJ>~A0i%;dMsVi`2Y!lJ>WRDu}K(oJE)NCOK_dipp*umKa_qhU8m zQZgB;`paP*-rfM#CPQb%S}1rnaoSyHGqxILtE140ao+tjmyS5zre=$E;W<`6k>=l! z?{Qh5Zny4M*6V{cwOXrT=N$8abC)%=Z4WGuRWHDMQvkS=SP98Tjkr5lbDii9nM;Nl z6$T)6y2?jD?tUL3M0PN+3ypKttu}h>%Ky&`Z8$+Ss#Wo2sc@i+Uxj$O+z|FKrh-@$ zjv79&eSwM=!5Ku{;>%jzyY#ak!spwO1u`NuepQU)7Gf9oy|%nr7eBCV_^G0H4dbmo zs*5C7Ht@#_>IM?(eTTYzF zcUaZP?ObPcdXiwq%28&nJ5RD)#EECof_&$|3$#QkJzH%eJOdt6F+odqmVazEkGZa& zyE}Pk94a956?Xam+^7XsAkh}|fJ=7pw$I~YUGV2ytq&K#W!!_%id---ff@e$J&Y60 zv272q1sm@eld4<3amt}#ux`@iwFZ};HeexHpr;Vj?fVE}jsr{1TfAtPOQGhSX8|Ts z3l7ombzzXtRx}r5+0mj*co07FY_k@8i=lHx@siRzcfqufE!70&0AK-O7sNbb$Q6&=6!4EB?G z@39`jT&%9qVgOnBn@e>kdqEHNltlqig|x+%a~by6{A_u@6#8}--Y%`(>D?X;E4y2~ z*M3s-{yC8ab|YPub3N6~{}pFOobaW^@B3HVH*WZ4Q_&78ki3BVU7dsVvr>i$tdaPj zFI<5zY@F7u9Ih(QyNPg^Ez(7a;!k~MjIiNEiKpY+aU%Vf>p?#8)D0+;ouJpd(^}+f zE-^1}-z3fr=Q7Mkdsp~J7E@Whq;zO%U-1GJ;_pr?)M;29jDd2p49))2JsB|w#Uw4b zZ;8mVq;l9jA#OkD=6G(WG}Ck-S&xjcceR@uDTmvOmbYI=`u05Vj4Rzd#w<8Z2J7FQ z;ERH60m7YQ~WQ1*z~Gm6OGY zu80AI8bQSnRu2k3UF9v$5V{Y5a5yZcI<)iM_{|C(D27Q!R^Nt}Gx0;tKfW3y0Y3kH zYyS2U32ov8Hk(-h(wtLj3m+{r~$q|3BXySAOe_2&FCktP~NmqXjg7%>%M8$jES% z^+kXCIA8)p!szf#T^;_Mu#bAWt}o$?Png~IS7q^0`=uFbP(f1;V{ZLzeEzS2ivvi= zRqeQQM}5ejKkE>NamG`MwTSUAzeEVK)VuX}j#5AW^_d^sK}2h5i#K@uH*Xs9J+C4I zHqb--_n^z!yV$Pm1MY9}Z&vaD_xkmZD_wyp_YZ0FKMJ;F0}6MBu;uEZ5v~aP{07Zsfn;XB~4z z+Raw3{3b*3*Uc8{M_|17N|mqwevo{o9i#M=-fH#=>*|@=LG49CVJg>fc_& z53k|UbL~h5PyNeC{2yif->>!`5AXkd!>5<=Vydsi)d~U zhA&Un9JUTSy|^crczDT$GFvnx(hEZ@{uJX!Q7kM)Ii&}$p1VJhnifdcP}i|hZ!%EN zX=FTTc6)W|snCgU@${P1Q=HmwVhamgl5dMy$+SL@F&TAOtN^3EbkyhF_0%o9*@Z2N z_v}{13$RVEu+4;BoJz8P-N19o{w30_MyVsw?ZD44cpq-OA1gmA^aV#B_ftTf%QM)T zw_J&TnLYTnffFlOfK~xQ3ABH&J)*VR2aw4JU79pO?7Vy4bCM^fcjWgzO!Ti*SGwA@$3A-$<_)l?&nE z%huB6fl;ALOai>srfatLuEkq?iC&;hD;Cl+V?T0`W4{-gabIw?(}07$6Nb)HNcbjD z+cw@C((747L%ZV-bRE^!6v?SdA8P{>Tz!olWn(J_d`U1=lnEQMHc(>;N*#V0=Z_nxFn2^bCSqR$X)aX@{KL_ zK~kU#m||XnzmcwiK~48~)RFV_4XxLw4{+hItAiK?s|2EMuoY63trL(gpk<&<5qd+$ z-GxL8QHALT&=FFA6C-8mL{hk1i8sPpN|lZt7s~=rOPe=c1RZ~Y2c@+rf9&auxoWoM zCwK>2I>-@U*{sT^hly`5EupD?4&<~FaDlI^X#On*aEn>sD-+zcEiGGHbYL?UIbiFB zY7FAeTKprQFCjIJd&O~hxHzuR;?#FdCL(m9Z2S6a8vk2^Ez<*apd1V_9$Ch~x+Xnu z>Be=>)F?r`!W5zdEh_`(o%b`oNIXBmL9BK=$(Wq!QPP8LYu~bTzYryqODDviyj|{x z>eNh0Z2U~nGhXFeBqu37h0O+`DtZRz(7;gavY3V zG<_5TMC09pBid(Xdt`d86ek=M+w&IDQzJAOe%Uza_9Hh|FJNgIqXq6v$Q!pQYD?X0 z-|TF4PoBaxap5GYj-rcN)4tVe-D0;i&!uDEd{_hOp$g_VkcW3mWYM9%TTi!`?m@6s zoB-m9oboEa@GZR8z_gqn2^}@vZ{_EW^Px(){9&+e#H03;{toPPCZ>;uqYm4pZ2`|NPDTnsxZ!W&{4nhiC zaWb;>S}*lzB;F4J7vVUpAL?Ar4Gb=kM|-9Iv(IsTN+SD3vu|}$Ih_pus{YE1G^I>^ z2VKRPi;`Nqgyo^8o!ljxW-)HvMEnlIbxkvlI?|+eja4XMz`@a_1KYpsPgo0K>^C7n4y2Wk$k?Z%9sU%Rw196r5L7I8C1 zCivK(s!`+a9e1=E7YP&CRuKZ$DmJxl;96 z{{i&9oS`Z`)w6F!n75dSz6nswK<(@IPy6E+DzpvOv@(z6I;eqMrAZYAQ02a;rs2e- zt+g0ytzp;ah@mmZ0>cNd)0$qsy$j`t3khW2D6Gd1g_)HB zuTWmpmOsW;txP&*AE$oZ%XKejsx7e%Uq}2rsgkU4qVRqxHapN&S{7G2h0|2ZYG21a zIA76ycLwrlbBjFd1rY<7ftToU34_GVydCGGaqzoWWv>g0l~25tOuestpU?@iiE^%Q zt+a^{VAWw0T#B6B4nsMUQS>~fm2=*mp&Q82lPPE6w_BYUJPKH+{@VR~4GHik(n6=GYFasp9jvP({6D&ai>vbFcuDKF8t z{*0la__%DmGN8R%6BE?4ubuwpK}@Me!PVU`=11IxM$VY@6^q^{g&o_jT=)&_B1SKJ z-PLb>-Li9?VHaUQ8pjcEv2q3BJ{nhm-nw$jdA(gi@3uzp8Hk8Z%>y)rQ888Du;-_# z+%U8}T`qJX+nYljGQL$+3>6a>_beH?QY7@&Jzcec<)_`gO-7o(6ezohOFJ@3>ioP} zjzvziVO!qZcZ!1OLzZc)xwL{yZLJp%&457gHo(QkmuL0);$Q1mA>AZJ+$p`6LprGg zdo02SW4Vyy$A@~>w>rIhaVH{_v6XcE#1XqIj1!x<#Est{f;G9%;9 zoVy9@Y?U<@WlroA0mZEw?0N^~8)w$l;lUal$J`^|po#?CY!h(n^N) zRf+j71Ya65pSwg6_AR@tGNAVL#ghw1bFuW#T%Ufcmlbzs1^3>nLcu=h%Ct7~*5E2@ za}AzdLm{GV)DUYvKwsi!G5q%Hr)H6OYWH1NwRYl%5Lc|ZOa^rv5N*zW%7k80YkPSN zn;oMy^yL@$6QPMcYl{2G}8{5A}ltM?=;9`l@Uu#Z)t@{Z$n_ z>6B8C*D0GgK{NX%gnvV;gt1RX#X)~p0N?6e-uX-?R=ysHn*{9Df{db(=20|-^Y&PG zuE8T-sCR*PbzDN>39^2F$whwul#g9?(@-J>9P0 z;Hdqqm^QmhA4DB--3>AORfac&L&{T8<2zgEU0nccn9U(-+QK z2twINKGAlG>`=ym+@X9K}?*War0O&J^(^5mt z46vEf)&28*IqFG`u%$``?x`DU``&Zt`IAe~X;`+4B~^&+>{#9BR8WTE1+7|2e*0V} zh-FP*0B?y?=!0WY7>N~>Lj~PZGi`D140jVZ1PMuWHtOyAvUL`h$^imRuQ+t*bYhB4 zp1+FX%s<2@=hWBSM{jL;4SrX<{hHKrFo4nOSx+{VbNJHYI~k)%5skml+AHw}~u( zW#KuP4FH%|+lN{Ad8N;M(pbB%17#OK`6;*IJ@*5DF6)v7D+s+YPkV z=L`k?H8#Okfi8+By2P4Xe5hmNNQG5oX`1cLY9Ent>?Nk+SUf{Sdim}%2f(|lnptd< zggjc8wJz583-?XgTW%H%TqYmp4w5uu^FVfYk*AIXi6+OD1=ju29L^P1vjrp6xn zhl^_lY2kr~8Hhrps8H*^79?2wjw@QhEb9G08%@2J>Xgbe=)Bh36HcmT=4uSNpZa)8 z#5Jh(#U!V-$WdRRs9AQ!);YFAExsMO*G;1NC_muveOEt~^FBeI zL7a&WYCE1fis0$=(i)QZi-F_fvNqLf+En0Ar-ggAw zdFOnWb%IMOfc;9<+{0}PuEb98Vd@p6eDZSac5jgj1i=K$;_mF(1FTXFAEuNm5!p`Y zP3pBftmz@H@g0D}XudnJ;@SNx3xK(7y_;BEg3?N!UF6z)P;~TS(yNY2u)7t8&Erbf zWQY;EtkT6e{$N*JuUZXJ(s_lsG>usd}%xy_xe7dB^ZLz%m=UYjZ z=Otj!Ra9nUOAxJNB|lRS;ArLR)HzM>AWC+VaW*0KBGv#>9^R9r_kH9!%$q~yZaVMq9|)6g zJUS*ywa=_S%NBwd#j85seq!!h`EKKK9f_%Fz2>}VqK3$_vp2PLyFD(7fs-cHs?)Af#4 z44W(j7>C{Hywi6Dpt|!jYlo+v22YTF&HLZDmMg%Py&$5*bCC*35Q_}iiAA-~C1%{W zRmbR}vYR-!)$v&P^oRr*xxK->ZxV3_-U1{I)t_h8nEz?h6W^wyR86|iC>Q|@b8>jh z$@}By#oMb!%k}S5S15Y+uiqIU)u9}Oely|N>H^X!MWott?;Tk~M}68=2Y)vb=P@hh zJBvAV#JA);y$+=}=FrQz55_cQ_R6+rYOAK`FC<}A`hM1zvqcd{%IQiKZc}^p=W3Q< z8ov{7%D_l4NOWu;$xd2+DDFuS#O%SZk=?_b?u@%>#Wz++&7?JAMc^$;Ie1t!nuK|- zRbY#1uD#4qyV)=3isu{m+rg0B93$nkXCu*hZ)fxso|-5oZM&Sst)f!|R?mKb&j`%PEF<-zJEz+GXNp&e2`3qkw9(K z&CRq&QJ7LHV*UNd-nBusd8-(o=9PbJ%m`y*;lyr-p z&(_E^dt)FKO37;jLW!z4f-_`g-2#5w`%V(L$%+Lglv}AD94ce4<6l^a*StNFD-vSF zAvUC@+4HsA|2#x0NEx`9SD(*1CNRduojaXP@Dzmj%_q-X)NZJ4!_$@;BhuLJ3s8tu zjTwqFj0Q;`;QTq)!<5c@M~jFllX+v3sgVB=Vr&R40`bj!sH(~HfW%@63M$l;zWQk$5&Cf*08x=FDT-Ea!9vTKj_stE=yz^SVMs~{L=s%8c&|h5 zjFT?(TA-myPSGo=!yXi9YSa=|%qK5J<1;sEK0gBkZg80)E9H|PC^+(9XzANC3@KiX zJ$JA16gKtu&&R&5*YDDFCbjkspwimomoD3<=Vwt-wq;G*kO+RJiqp?8PWo*M**Bc4 zf*Dfg1iK5m@cyHfwGv(Z4xf*1u}Eh9kP5xvKrDWx_hPp=+88>Y>Rsl zVwUfjB;JrVt+R_{E?7R29Y-W`p{*b`b`wz1960nr;Q=liHaHeP#}stAPZ0_#A zjZ$PP$@2NE{z!aB?>lDi7}f~anGjYLBASEA98BKw=B>`EdB%pfZN%zhSB^8sQlj=Y zx(-19c5<`7=k}P@!+6%><|-E#5zo_XSSovE`YEShz=?Coi7ow2{8t&8&^K?!&SUrR zL*#5Xm48ua_u#UQ6}O?#gbtrz_d$M|a*k(|vr6k|egcNqw998=^HU`f$ss-`8RQ9E z;z!hTnH~KJR4L5ws%WQCsn{A3`|3&Ep=>j1COp ztt~(8y&a{hR+pP;W1F=B^$r=8iIa1_=g~++{UFc92DKd|M_$>e@C_2rT<$wC45F{f z1EdjBFUl$uX*^h5ij@es#Qn79)o5YHG_S%nFIFB2Wxij*(A`yrR{E6qB>T-npaeZ2 ze&iYGCI_cw^PY~2lnvK$GeVH+Yb4O+{nPu8UeB0{&*|}P_G(q$f)@gB*16q+Yq}hQ z&+ipHE+%lCuqxFYB~BAPey08XniZ9q{&PzU-aLt|vPuvAO;MGrvu1GR+h=co-FkH6 z&YYj<@e8;QLrY&G4TK1XE%X`?_K(Fi1)bD zDjms(WDR1pK^$ibY>CrAGsPytqLNF`F5@8H#%(q#gjW&R)A+RP)+WYrtM3`})#ztv zIQK1Rc&4Nqqy=Nd5+2sud#7!jmIrL(uy-;HwK%&gf#(Bx(tVZX8TyqoAoATE(i})p z%FyJ0d2`s7=Gx#mS0F1zI?2JT+Zs)o`euw3iigB` zf4rjEOP^!9NrH8mrFc4i^l`jTl77e5k}tbPuC29+4%CGU>w09XuiJ!t)W2*VvlCyD z2b@TeNkg%$S1!hOZaQD2plqKR{}|A;mVZysp58{lmKI(Y={K=d=t|tyePtLkCB} zJO+9qjqkSwazve~#8{X1IVEt1w@D`g1P=;_EIXyf(xGodu;50nMz)?3r|}zh;wo$B zz2#i7zNn=ECsf78!foT6x%c|QNPyE|Zp%y7h7ZeP7>P&*Qfo9i>3jzpe;r7(XZ@-{ zK?l~{IW-~b$gFq)72h8a3ZxKrT?fovEJ0Q1kM1bHa+w$b<=qrvyn8aye0`jG^0yL1 z>a-U*gmW|ej`7z)!#*K@3>U;{$@ryrdFKQd|dTXs@Neatp8ZqT%!xUK1$U+!$V zmM~wnhE|1uf_O4wp7VCpVG-v(HTG?7OzosatAZy{&q6=8{&42wfj5J5YIrT?qW+U5 zU)JIm)Z!SFw~vzejgFGgZ$ivw(lAKab#!%$86x4`Q0lF&^Glwi*NhMQY^N^IqZ@nG zCRd{x*xgic4TRED2X@}zkzqBn%IL!)Gv^T`@!tmnC5t2^GJSSHY3n(yP`JeKNSFu+ zL8xij*6>`h2M7C}-7ZN5rfh@a3K`SEV-wX1U2ja&1N*+HHCR3(&Y$lY(FgMy(aEZ+ zsl~pWx?JkgMFzQL#*A@~I_W(7TR~Ml)v8?^5o~L|_3^_TNK!z%#Bv|m8)NCOSlr() zUo1Q2c0oXYte~Am`LMRC&Z1ZvV(Mjht@wuh=Q2&5Vzvc-qwo+~#6&w$(`-q6sH?ml zs7gJqnSU=tZ%Y`@MbKHWR6#vvsKjOfz`3lVwelP&85Nc3Bd>o&pm*Yzby0e?5~t!! zff)ACmT6&YdH1~GJMJ`v#)O6NeB)J$7fsIc{(nDP{O7!3wu~DrU`rK62mUMhv$C;Y zu$e6dokvWa-sd;y%Xx};ZPxYo=gk?}X`cz|GVB(2yGX8{ADsQXN=vL2jEU$ZFeW-2 z|HGL02#krr42cF`{BQj*OL!!|Xzw;&{YL$t!Y42m0Vpq@NtGr}= z^N2dm`l{Jk{EOOWG*8?nV+bxVnANiJ_jLErPyf@X%LsODZyXBJT-AX zw|>FaMA&E0pLDeQHp$UqCR{`_cA1*}1UM(lgiJ7eONTKq{7QY=k8YBFdyZb6J!}## z=7rEO7zpEHG0q4|52s6;9triIrDp&k5G`%1)j1(*6y}QSt3gcimHjmkA3n8&5^z0DSd&Efp#1t4>Tu>YJUozdl|K^uU79n`+4)I2Jj=o{Y zSGfBGz9GZjq?zGSpYq4gDCR*~g1=dDEc(d1^6SpJ5}yZ2SQQGt07`Lx^QYho$?j@m z-#Q!Zvi6fX-(=q&OjTuR8adsN++z&d_bi?~LuH8fN`*o__)*vKF*&=FN8eevSMCo+ z0}sU-gg2Y8o5oH0in}}mY~q3|rJU_-i^!>Q)N(c8MGEpkZDM90bp` z_`x+{4P7xj>njWp07Y5; z31g7U^iQI)w&{4j`4CLfSOo@CeK*eY-vpEg-9^y`2-G$(>Xuh`EWpOWWs7>oKm zBq?M=z<@HSW#&D}P0XhBFV7=1OBcv{jF3YDY+t_(RYQ1TD!c*QnqQ7RTD~f$3{9V} zsRW0SG|2|*wmi#;!+5gmr%2r}5-T zk?WwO8+LRM&0J!7f78@@p`mno0L|Hxy2gIf=#?XO9#qr9q$Er zOs#}Kn|}H^k}R5!_+=sF*OV3T?xrFndIC?86MQ#G`$%9Fe8wPB7SpLwWUhnsf^N+9 zuqLUy`a@gj7n72O{BY}qNH`EE_pkQH&cr+39xKEzpUsE%d7RAw%1-XLR_)!;$fQjp z?r**Tk|qL7vS-td9p0NRjT$y}oardZ>VNgNF#uui>IWnomardWl|DxNg)k9uThBix zr4JW$DQ6H0e571to(M=dW0EBNE2#()@c9@#aEOnBl$FAt*n6f#e#uUWzPXd_iAi*Vr`tT^;-0Kxt_u(o=a2$502V_ z{;|Bc2A`u3{aQ{1$ne$|`z%4N+S3k5A1ri5nLQFVn5EOX70eQ4@j$07Rv1GCGDf9b z&q(d(^0OOv@NW$gQ8a!6rZJ`$=sqb|BK6L&H#8FOvTw>Gnt_tp&nbJCk$A2W8FiVh zdEedbuel)%u+uKx{^4uF_!*IKA`TYtZ7wHII+SS7l>7NXC=fd%@s~Ee^>BjuKGFlj zL;KZ;Q58U^PJjt<1lzxAyw>vRQHi#HUJ&tF`cNTHl>41N9E9*^Rx50S3SFfX`A=`v zftm`9j*h1BaKjUL6+3?_%}WkSmTg)f8R8jIEXL4zCE2`|Oz$ytN2`bB=5m&R!?j6I zNM5XkE8QO{Ktl9cnXom0M?512e_NHq;lkL$=cR&{_N zw*4_j)0@Wq6p^ZIt4)0&Y+7}F5ClwgeK*a>mx;CFs^r!)aKPs;7b^3#|E0hF-wUG< z4&FrMNx8c>Z6K=VT~gS?A~^K8$%QD#8AKu6PU$uQz9-{|%b`=I4K$~!f@RQce@~HE zU)HQTBO>mLk54v}W4on199~vSOy=Av`rF-x0k^SHCM^$gyC5b9YQ22Z3UtevGLs?u z6jX&qRpYuqS(u^VkL79_Lw|V=DP9tk_2QsG<5oId{PW*zA(0FC@L4DeiyatVUEsT4 zIl)}u>M^@Z0RgMrPpVFY#hs%#tpM-fg?SS3v(*HO{||d#6_#bUuB!+Jh>FsPpoo-+ zl$4aDG?LQN-61U?76O7O(%sz+f|PW3he&tVeqLv-H7ERg9qglht&@5E2j9dm#yiF{ z?t~@>bQ2QZfE(#}D}RKr2Kv6R*_~jExj8aVx%LVtc9|_w|OR@|ZAAMGhSg9Hxx5$~7 zVvpSXts5 zp~%$4K%ai$n}_|70nmu%wV!VD4Y^Ms-pAcmxH#)0Tl9Xp)=Os}BxM@@*7((;wD?GB z{ikL_^~od_uZaZbHN-;b8P)mb9*1Q_uQEOOt78iX9*|lnwM&C=?f5(fuHyqM1R+ya zpUA4ag`onn20VD1=yx6i^vG)k-t-|QqKxvrWTeY8{{DxR4GG>lC)wPU9i&h$G>NnZ zfJbA9d)gYZYJCn2W-2)1E8WNDSmCHL>WF>Mp*Kz>Ch@1DeE-`?RD2@{Vz{(eB5BIhfjf!<81m<7AK1a^B zDQ>+G7pR^$>zG4-#rOViXQd38g;)vV8#dks`%WMu*BGk%)l0;7RCvYqXANHM#*4q$ zwP2Q5`}h%d97Gg>3Gtas0KsNliEdpa+AFo%PaCzYPdpvXvdRz}}7< zKJwF7CRvtBz1fCnNf{a;Lm=Q2Be8lkr)OR&-jm@$mB2Pq!`X_smq+V&kVTqvgq(oJE+IN|yu7~BG ze;c3Pu_0ZArot4Oo?*ju1=KNj1zSPp3Wq{PxKj_vk%+Cbm(qAW_P(~?9maj2v=ATu zK|LczB8=U3nA!CrgPi7hjlcLtv2RdrL9SysHzQ*wZTT=@DBoU;ILy-qUWyXb(S-;? z&R;uj#p~@95d$y{7BLH1Itrr672C4)ODwk27Nnm{`}{d%Ks3D;ct!e2L561;iNo*P zNWA$1^i*3sMmJ2{7XRSEk^>1=Y z4Nm83|70)%gZLLJnO{84V&Tw6ccQkGXN(l9&kTiNk1MzQ4et44kRKSYYNnmd8iJHW zJpuv(Boj>uCetha8QyiLUsuM)uJvW05L~EJsFFF+Z}7J>?G>KzI?gFr$lqSUlY9wG zK6z%Z_y5W)!~^$mNG>|`XTF7ZC*)QQ@YFf__Tg(4Y772?-r~wn#MY za`M;rwhaq4~d42m0oAFq%)hX3+Z{q0-%$Nwod7+xZ~ zFIY%&%Fl_sAEbQ+75ikF-QT^M-G~EffTim2)PD&e3&dy_8F~6TJcE*S4_?w;j~50-w`Eq2%8lW1wdsVBOaow zI4@628}rmbWQ2s}#17T(N3b_)x$f5%s-s?c=2qjk;FZ)FUvl~5p&JhYA+aRuNC(;T z(=xT{D`1;H7__(tIP>T4LL|NgU8~a)&%>#K$=b3J(@#_8HnEJ#g7BO)j={GBPmMHjfB}G0o za9Zia1L)>81lN6+;rEtj?E4MH65B9ue6|J`00>B5`pH})J5rRWM0ag6^WsBVnrv+= z7*hd>tg&EAKQYto`&lw6%k{LI4_`k9zbbbAD+YS(Y9yKsL-TG!^@@oLk?Ym+VY44~ z&LKcs;>f9l$&JX*oHE z4ZBkf;AU+-10r=>~>qbdVG#n=(Mr@mMj3rbz4>gVU z3G%J26+0A2Y?AW0sV< zP4BtGq@X98wp;B$(wXXx>3r?kXEX}wp(O?X^yh7#?9anVb(k66)*N_qpp^+-i&XL6 z#3#-lcclms0G<>F72EvVBWFQ#8ZM2f^WwyD(fM=TzL|`BTUl_SEXp4`l9rmNmLN`h zde=y+>-RP-qm>7TfY$EiGu=Nby>^rQOmFr-LiR4Fv3xzQV_pP@hdEDvB)6?8f@aKL1V}RQ? z!ke~*wzPP?7JYxUfIzr_BgEuCOnQ4DpBk9!O))F6T}E)+lC3zu?>|PDihB2sw~S?Q z#cXv9?uPu((;V8H2}$KW+`ClLGQeT-E!}36``8pTwBmifCx-<5smiE?PIwV99^Tgw z;H^_sKCmg>zQy9~I79Pp{6bHc066tr-xgiI%x%j`^kcg_i+}OxrmTs1dHMmT+8O!~!|H!#spnT_PFwm5X|^Ym9Wj4d#;! z@1`l`lfLtl@;~W~xxIAD-8qlA?cFA@!4_B761Eg)zf)|u?RLIQc6lH!r#nfNV~AYc z2DHCbopQVL)mOi%IyzMxEP+t7jnmPkwRPG4KRkN|0}0R_)p6vq9cBxJ`%v6Hu~2Q0 z;flWO=XBgE+yXT%V$X!wprzzh8HwG=lZ{RPGR=dT5K_iGjNY8XH|%nOnx#AQDxudl zsPqLuB5ode=cpL1OfY-qZ3Jh(6?%tc(2eCX?jFo`2wI$XR%*S;D2Z6gU3Z3Y|jY$?5c^s2*NlDo8-Ltz-AV*plTi>`kM* zOzR!g$&4{c`17OR=yCd8Mq8(dY@LSl;=yZF8PmO-6~!`O(#x3XJdyr&JGh7~N=nAb zfOm*A>FI$q>iN<-&|c_1NW08)A6LMwD_3KDx!4<5qm5reNee5q>Ia*_|EjcIs)Z`;4pQ<3<=cam4WV#RBMCyPnUQSS>2vFx;B&i>ci9C zQO`g7*8I4%CuZ`vH7tKw$(}fF>=0bKl|tf=p8)aaP8AB_N`8ehSJE243ibBZx8};S zU2eR6!b&}hY6-S4o;UH>YXTJwR|A2J>+edE@rWmJ*{K9l2YVqUn&%DOc$Sm0wCNY| zhekcAPU@QLznZteTR`#a08%N77G8g=J#^B81g9lO(EyWn$jH}Y1qB}whwXyPQS6Y* z3k=G4Qc+JlHTuk@Dtm9}?4eRjzti1C|iT71JuD7zdrYO}LMCCcil^IsrgWZxS5*GZ0eCdK9+3 z7NH#sYe>)c7N`3j;wOuAc_<5qw_c#CZBTcj^rXg1m2i4rlm_hjbpDZu!C)s{J{^|$ z0p|GH2eba2Ie0Z?%qGF(Zw~iD*zyg#=VIyTU8?v8^Na%LBmCO$&aVGH(TfhC&IcWz z2>6Ho>86WlY7#?oHcPgFN2F_H{7A^$aD>#|*`|rF0-9N}2fa@QZ;5Rc+gu?%4>$$Z zz)P8r8K!@N@y`@U<2)!G=mjDIcSB|xo`pv`uKI+5|M1fx6)suAEc9t9)}Z=*GRZQ1phgEcnQ6A1nigZOYnNNM^yK2<~(_rBs7ZmqoS z2i%|Cx#AR|=I%DX+ir_)mu__b489}Unl5&uxiy0xM>`2df~G#8HL`ov9GmlO0KZkr z1$9{YemWzdrk#sO@fV)DQ#)~Qz;o(7iGO+UvXLnR)ZpU-OnF@ddZAc1x4(cdCAigv zN+$jz)e5)^71q5l_Fcxa;CAzeDW+mYh?Z?61Y!U@dmxKnpV>*PRj7b5qo{&=*ejgl zplrX~*h`+2YdvZYONjqyFq5G$(dTV%redLa7PHrZS;<4M+Kn1@nuI*o1I}G5bR%W0 zWmgOgqtc;TwzL_lM;0C0cmeo(6OFd}>ZU(!F#Q3s?dKp9DvAmbK)JnlaTdCMIhAG393g5S?K zs?^BooV$;KK(KASb!-f}Jlj!8;6b{YafbJyAah|3mSx7_l3fKxxX{^a!yeq_+t_-z zrX{oSAww84qw%DIte>JRu%`-FYl#l8(JP|`1pFNLa=}`vn;R}EC<7Z^JhO1sbou_0 zm0R!|%x!Vk7=c=xCJ|Yta(B9M(&y1Gxj11wz>_be^tZp#S&)l9>uvU{$@{=;T~^fV zew!-(bgytEzn0)Ry!V|9AE?c-T#q;B1QHxRn9(IWi|g2|3d{^5a6Smw`aVl?>jkPi zWbH4TL>r}l)HZp%*<`f^aVAPiO2Mk^<~-4+CtoI|v{4KM9$5~3cUWEaQn%6szJWJ0 z(rmOm-j{A~8aixlmG98!D&}Tm1HUK(Bg$%tX%ohS!tY3-a;_&0x~Bf{dG2uT_`qS8 zkprY{LV|tvZYPF|dVpW#BWI)yEF@?6O@i+l-6W9yRgo3$*H(2PoR{}n49FU`5GP_; zeeYp1CF_KG;Y?gci`*;Wv!o=|Z9993iQ@g34NAhYM{9un!a!c33zoz!XxN{QQHv8oK6hmr`GLDz9mXbG*7oqxj1Me~$xU zRa0G$k1FjrT#pVSZ-w&5DWVawj09qSnKrw3-5L@(-#Q=dmQ(#gcd&xkhuT)!FVh2P zWm4CX3G)4tX9q%FE%w>g6=szmE;*L0FS+&wBy~bDfOon$FNRM2M;F&r%%Wx9!BV!p z(GHAOg?wcunlvfX*S!BZ6~Uw={N#^sC%Zook&7gQu?^`;+NhZrIe*xpR#AAB?#iuj zd4qo$+te0}sPBrq#p3k`3yRPk{s3c}(Xi|B;nocIasOgV5Fyr5^HkK1{Nn>!SLmE6VG!TyZ?&!#A7=k6$kakh=MAM6zko9+rA^RrYw&d3DP>|o z7*lz>;@4BSKC3+BKZ`bsYuymP1`pQ&$RB2X=8CLI5<)FM3_{FmuXrUTjt-(GpolvB zW0*7BnAk)NbEAPR(t4mX%kyL#EnESr=uC8~ex2EdR zy|=8QI`*+WppF!W24x7$k(76*~66|cAEFJCFjQ5=K zJ=Nk9CxIl zoQ)VVD!w$nTsi!D|M^4;+Q6P(Cuu`+Tk%zDhuizm6+69!|Y24ZF36>QzF5<(a#-5LX1O32dlpvznr$Iera zaigp3tRX26yqEI~F#VBkBVze{7~Qp;do@z1k`FdsI8Zsa3*gmgTkXtj&VSOssZ)6$ zG!){WV^V`5vZAM>v(tk<91C5G>8l`qaMDaLhL(M_FhW8# zmF7Z_k@N;(r~_${PS#FQt1m0Xmy`cQ2gjATD-5fbio7l8DF9vl?iVPblyW)dEUrLmWo|(1Jz47v=`HT zKg73o5aK9l{ovM8+cUJVQfDIn%)nPwQ?a2C!a$Bqi5_TvjcQ2kQ*nf*nAQQbIX5!| zpxkdLm6rZ0Y$^cGHq}OH5Xc3G%c{M1;j^!b#33KocnuzJ(^0qfOZ3=dhTfK zQ-{0w&+7oboJMhJN2|=cCzu3{IEmLY;vG-`BX-X*w&?V%J zcx2-;34C!G&JYMc%-GRlpUJ*)<@x`1nfjCPea19lKB9 z?e=)tpxp_#UqTC6>5moGZ7$akZevT2=9){fs^Y!O9bY`JJL##ukb{_ud_WrR#i4_?b6w3^*~@tU`qB+GEj};#3Q#dX zLhlOlf>N3=PKdr<$`kF1xeREnXi&BU##!cq{1r~v(Y!!)aVAk zL`_7f^S%SY7sbm|?R`UZT6K`GJz~l8XTZJg%ryMW0$ZHwmly7k4_(9MRe{#$pQ1PA z|EO7-JN5|BU+xOj;M`sFa>JV<3{^IF+o+EoH5uGl9?%ovuiNZD+fMqnrwQL|n|tR| z8Mkh#^YITSmg#_F#~$owhMn}A(omx$ILPv~Vn(W~ngwTk3)J#rts*DFWoO)m&_0+L zQVol|%rbRF9`Mp7_jvJ+jHyFeo^tj5twrbVvQJwaS0AtNJWTKD>npNKD1(aaBXhTc zabs`LxlpK>vpZp_sz1L|PMH{W|HBUSx!>b}YDd)^wNx66D!RMrNeQ{~!k~^E3dUE$ z!g#WgPcq~zBg8kY-mNKTWaH9>9&|43I;JeEz7r^TNGouu_yT-vt941$|O%F<^9dCx)` zJF8-5f!83VMkF(-6I3rNsK^;T*KbI?A;DUy6AaxE188iwTn|x5b6vJ;!Uzhi&7O^{SYaYL+2!H4d$#FMJfBVj=d?y}W zh9h=PQ2JAq-Up}6ZiP!ZcvWuLv`t|$1gz#78mn;A>WAsw7}0NY=s?jjy;tPE#YX5{ zf`4H7+%Z_rhGE?7LswL>{7G);L#6ccu}gBww=4Y%`slP34@96hV{*S{u)r2; z-_SsRrQh%nTu!|A{oIeV|Ct348a|5GxHnyXBrl6i`ZORd=8TU!Wk45JqI_ENCPz$$ z_sz|bkxkJ%^u4+D4)`LieId+I74P-$)g9ka9xmCZczKc7*Vg+ygZ1}3gLxE^eV+>y zI4=ZvKj!R*VeKy0mXGOUsrf{mc+qFoKt+69hU1$LVOYN*mVk}hohu@A%U-(;n@h;s zp@`FBf**tKRyy9eL(r1PmCB!vG~=@=6TY6?lL`Fn^Qk!tpyteN3FCNMLLSO)0JFHM zIL0VFS59@oewsTgx>%zAS#vb}jSjV-%aHsLjBWt`j;X_4;zm*R&0eprpPwm0;=lU8 zD6HRyD_*mmpce|M-H?S))Ap|j1R)z2t?6RU`yAg;46FYfhD}=$2tf0igBa^{WOhDV z5;ktHDsOgYtTERj-mJ$tdzgew^=Ohz%(!tc(W)wwz`_DuEIKn`jy~P#a)W4hRZKlm zuK5ja9L5alM?UGt8<*Vq7B04*rB&EdnAP<)Z)aYI(_h6a{xf^Uu~{0BQ$NFa=uQN8 zKtpk-vqi|Y@n-IV-WSO8SJu^y52;E5{7}GQyVwWip3PiW*4lI<-fSLIAxxC{#zA1R zY((zfY-Pr+qUx@bO07>YKG2v4boQ0IW-AZppj@ZL+>ndde6$xL+#xWfsGYbo`5uIV#b*TXzKfdh zAn+5(y=CaTHG+3{b^oYz#YJsS36>B2+8sgl6F-zD+SWdg;KF3)+cPNppI==S-f@(` z2Bys`@IIuH=<)Y_d>%#~Io{f8N_0gdQIg383saYWJI2jt$06D|k6Z?D5TifDB@v#u z)Po?$$djct7u*5FJvXjAMR2Xp7k;P9>Q~L2Nq-d3s^s?lY6{cCz`JiPxu{UPQpf2T zafSM#bm9HW#KVDM<6B$0I@P^-854Eym!^-*AdRV~SWdK2-#^?@&*7AvH61ufOY&&Q zUdGPjVZAs$Kb|(Xy3au-lMb9*wT`~FX`hC2zHwd{huuJUeSk6VrFfq;+WqW@UDvNX zdp*y)EcNL}!ERc-cxQkyfHPTy-68P=P>`NUu28l@VjUTWr>yMZtxI!lt+ zHqLJ|`gQnG$P16L*H@ou7j*9)DLQeMWEq?ini>tcjnW&nDiC1pj}7l(ba=VW%x0*d zruVRDKo{@Z%HpcBYr5I?{>kJBPvjJ;NZ?Rh5t5|(Dd!amI=bQ%uHwpJRZLC9jgi*$ zTU-(BCu@;n-<%;JNLuAI#{*r?^^1DSiEJ7BE{W#fpP1MWZ%>{a$9KjJa!^10-B@OM z?cG(iM5Anz@fVXGc1EGK_y0kQC0_;<|=04YRz76lt^V)En| z{4ET(+{1|nMNdy&H-98ttd!thyBVO)arMNyxIbUs_oLe&K{(zCFBCofFI^FVRd`{# zw}tO?WoM@A#mv6#qgBr7mw`aTX4%a54uS*4WHUGqpj|^KyYc~+uhFn475db=GQofP zi}n146Az_7Z(dlyjqeDLD(R)xkjxT_a=vNaIN3-Zovw3`(G1)SbF5mpI+Nv-{EgJv zPk!u?kN1fhmc_H_korkyu|1~`n65LbgW#6x(ECcO+|$A~FUGMOEAcdfPw4c|F7oU& zH<#r5TrP&i&fo1ZCL^WxJ&>@)vDqbqu@T0-*|h%1Zlr)-E0-faEiQp2e?t&+*miY- z9Q2$Fom-6=x^){S{S*2nd%hK323n^JRy_sV29<~R-;0rLRu=ji5ATUVCti$P(zE`#?ldh<$yrnJ;MfwExe5q=+ShGS zVezTO@Wr|;cp@eDhd*?~#u6^#`KP-JE4-`7yIDEE?_1X75T?QKCyW*jmck-cKeUSD z8$Y}HAgZn{zL*PLNyUDbJf4|J)_Np+n#QgyC1)1kf=_WAoEOa}fXZ-G*J{`Y>; z__3$a*-(5#1ObO&CTau{Z!$e@KMhW-=%sY=)<-%G*hsG&BI5V_DwoaVZ!s>~+d?6P z%bPJ_XR@_m=1vMcV_urT`mg-Mgb3rg+}ZTjZ&$g{Q3%*GgtUi0VgY8aMOdH|(o?DU z7s^p#ayLy3ZA!}3wMIG$r!6F$4dEy{tGc0(D;z0R-0bXnHV&$dA}gdACkJ@0nvb1n z$}9lH@oEpm;-n9QC26A&Zp^C65bw8mxIJ2cByav2g37B_G#bK3#`v8_@L5XGiVIA< zB&MgX0yNSOpa4>hv@UL%!c%wd>SK+9VOwRf65AHYD!p%FZ=zUiY;WEGNshQ(a=?gK zXC4Xc+tw*A4z%-lfvfEMjR%`^-I%t_rphP;ZWm4!qq=onNBj_QQ-d!IlI4-+rhMII zLZIYQsiYpd9y!UpB2CD)oE8C$PEITku8qMAG)UUdw=I4SAT2DKq2OCZ8}mITwDH|3 z$XEn|$_$7G3G)HiOcsZ%w#A2I=M#S`6|3vmIsv)aQ)D$W77FQ{KbAm-uc3~^`FYP5 zpZ-ofCpX9V$B#;m%XPjn1~CU+(hX1A+3`o6k3G1JVGzDJmkg$qRBxJb3+K}&3}mwf z$7&j@=@bMt*aWtF9TG6=_Dw>R|n$7pkYL6mx_VBQ%*s3`f5LvQ4KrKITY)ucL~WT zCsE4Wy;=PdINV`bSpYinz$?-K9M`yHq){XTdO7Oa)aRR_VYTDjyr_QDZ_Mee`U z5^S%|B?rLH4Po0e1OLx$UDgh$v>1PPxF)z{7M$=2IFL7ql*?nX)`K-C+e$!{5Z$e~_AktCNcjGSi~YSz@W-fSkdO~!9;G1?9t>n(GQ z#Zq=~`EYAXU6b7DzXdt!R*IA0h;?cB$wHo6>_yBM|DD^WjO zlIA79q|1-Z&p`P!`YzhYZm%gbXIYNDoo(M?_l#~yNpW)V-XPiX{;Xbd!-oBSm|f0& zMhi;^9)7f{McwCaH%^{{5uqyfXPyqozQW_9qNQz?V4KD!V$go)P0aDAa1kuDsQc|< zuuY!l^(`22Xaq##hJrTS+4IfE)1}W_P^`afgE*wfTFA6n#Kooq)_AuSkVF%>wl4MI zUCwBw*KZ>oEVa+!p3V<;PmWBIHnv#O6%Q%a1v!JUBxjjX)>>(9nnQ9%>{izU$XYmM zIlIZ?2#b&+@w+|I0vMf21c>z+YIX}Z$&Z$gkLb*yNKiGCWLWyzIO1i^mV~amf}YxU zSY*a<1&)`-9-j?!ci-)6ubKps+(b%-_X9MDwLsUZHj*2Y2W&P{-=@K9j&l(IBWb#| zY=XQV6xWACL+n^C3O)n|pyRe*k>Iz@l@Ml?y3Q6hIsW-aL>^tm0JF2)DC3@Dpaij1 z>UMke&#g6@7989nEW^-|{w~HK5v|ZN*exK%>AO`o`kwW-_#6q%z1Z zU*7W81D_h(gd+XUh11u0>^mMm-}-kWGay+Wa=-$ zM2;5_id=}feemw13Uh$h6D1Em83lvA#88w6h7!HK?1ZrHngr%|Y1ZV8>CI^8h{cht zb#{6$oGh*k$nycA z$KMbwfCwN5BGZ%*E@2Ok#A(H?45G=-PD7X&T?wR!xlj6+=h)0YD$uQU_w>>vQ^oCv zLl346-a`*2`q?v=L3;_AE6x6iwkx^%m$y#L2#8Um#cOS>EQ2=5Ndwpk2+RI!n2QNdw{*LIO z2_baZz`&rV!qs&ira>xu;~|iWkmFi#G$0+CRPDW(@A>{v?B`N&k z;mIt<-);>&h<&W`77ey#uga!y=_|GRSj3Az2}QvRQPIgw78c>T|9 zj8lZKy#3c>kn}*xs47%;`Oe|L18<~~C?D(VZ{T^Jjur8c1_93FpVXZ9S4&?KUb9v$ z@Zz+g1Ub>;0e;gqw4(is*VKQ8*F3h6hCHQH|22Oq@L~iFsGRDkh4EqSF1$uk1^e`R z$}?`-NVQ=6qu!IFo&LN5x5x0<|KGo!X$*%fr5nGnb1%*P3&Wct&7A9#XA2l(`uD|7 zF7pbDfPB5kQsG}e(ZBy!z(qg>$tUP7|6&>q5JO(`|Ks0rTO(i3FQfq#`YZ|~o@wrE zPVeAHG$P|A$q;Iysz9%8VVwZslNK%A3ttB6jTX|qU=<|wtTRHvbBwTt8Pkb82U zEu9~nD6!`;fI38JrEsS0_dJ)b^_7~u_1;<0BVxAkY*x)rQd|~3`x!H&ppGjsPX$KcmTQ;3APw|_7 z!Z<6aJ%#fA4q(YDXT8;gO|S7)ULbk3qO4Q1Wmheztsl}^7l@JQ#4!-RJRgo9gmvcR znTjVJ+|*Ma-ammqbpLGHdyC1HqMyYo3+!BDk)pZ_Z_nX3coQeM+E(YcOYX6C+g4sd zW7@DVP`LJ^AkDFp)BohHhSUy4jP?r$g$T69`J?7$Zu=0Ak3ErAV|5Dqcu0ED@78yz zGZUG(-HSVXM*ZWoDaxG=j*8vX(Q$wwWQFD#XC~}#%s(3~S1zo)lOWH&9_Rky*YQ6?v%_-+dp`NMbacC zQ-X`yTeh{V)S4`Ne}v#DUMxrxDa$a1d-A2_JjmSLLMVTT4-Qy)9Q5zo;hz-^1mkKs zFU?#@43v5HnV#JoVS8Mq#Ek0HI3>=AhvImM#}@IwyGdO0xV54IZM z81-a)_OrmW3sdbK$=tQ;f;8KU}C1O;1U`%wt*OdD}wHS5S0n)Az%fl9= z)1%p+JQjWugSC5CCd3F9$5)h?`1JZUmGQ7X9AR^lJqm@^T25b8$&4f6N2fUw|@Y z(xeww;XY8&htRn%gI8`nF64P6d*XRUnt>9lop%d|80p(5%lb7M}FD{9-bd|{VHGd_5gdESFCE7jm> z(Y9)@TDJCkB%SubBm!UqB=^wy#hR+X#1=%_NIH(WUARw6>m1M!$?LJOJ?iR9^W*FZ z?*j5XVNQslv@sw8s|fkSn0g`d*Y5a!x8g3)2NZQWkmQ+78CPDBoG;9fOOmZk3(T5l zUo~m@IP54tGa-uG(hjhyDj(qcc@+oKbVY`_nl&Hd+wn!fkrM|Ia8&6d1_@!ht~)>e zbU-}&b7;9_i!7qip~})$d}{p@EfOZb)W(oBl-- zp0=tXZzF~LLqa)mMe>TEX-z9Ro5zv5QqBnxx*}`@hu`+Ct}k=i_5+Swcy#$DYnx%u zP&Z3pP;-Qq4_hr7g{(Fp9TwyilHm*S$qtYmvH1+0t zk8GV?m$?$Jhtjwct4@Mn!;Y53{QFt^@~Yc!Z%)iPfspvpJhft!^eyzSpn+`#uwG`q zE9o;$N*=4CI@xWa6Q6cA;P>m#zUxH8YtyWQ5a}3Vi)ySbfR^w|d6g(FP%2ED6|a>D zFWqNKldYw^sCw^#`8AsCRyCXtQ*-+Za`c=&eppSy6-(({IE!U#}FC^*cM~$=w7dNIV~Q5hqm#NC4zLwjn`kr^*NViKz{! zgY-K>cR^_8yKl2qG!x$Vq*9vH$4i>@@iR>Y^C&3}?2mhtUGnSQiqj1xxD35rlJ?>* ze#;_XsL4|Yz~Ldbi@+#|x#9q#n6=p@PYxYryL6ZQQ+w)jMqv3o_7SopXm0~@u2E;0 z>l~O2sIk?#xhwAY$*4=V!f|z?V5JD!=yU-LT^jr5}nKi?ogR$CVf|IDAU@1+tsh$>;$@3N$JD{S)A(;?y){F9Y-} z{kN56z8F%~&g_6{eX7MGy4q zgO_;c&S-OnYDtfH+I3T&^=cvFsu{bwLj=&|WI6U)T;XH_{F2}b3D;1q4>1u}4Ht?; zq-k??#R?s(q<(+^rNcF`Wm(-`oO1Qj7rnfCA4(B}$*V2{I&%oufZb@NIz`4Zd34)c;Bty^eH z3(Dla%;*I#gA{qR+8df5m3;Cb7=$LKpQDHV?fr@m`S3o(<`$R4JAMeI_WyxodFMgH zVCw+DLRQY+h~Eh~`(F+F0u@%OLGJ&#r6bTc4=I(^f&O?eAlw7suj{;hK39)dN- zFI9lG=1<4kG<2*XThk%9>XB$zk2Ns3=UPnG7Wtil^v8VI6$cT=m0qaD8-${zOb7#S z>Il;wU&ZAf&D>F!{WS4!4=YWaiD|{=KMP)kgXUgg{u+{q*y*$^f<(A6>$iPh)Z3nc zm_T$1qpm8TWtQWE9Kb#|T#OZ*O)cGlAxQf%t(_{^SFQ6A!ucL#B>k{idnUihB=B`f zl}tQ$>Ft2*r#OhdAJ-igZG_FSxDUA@}mhlxRP zFhpsFxNE^j@N+ERi`#j1_S}%Hh6Rq+1w-{|B!05obAnJFj?3e_yKt z#f)Z9`h<{ZKvw(bzyWc+#fT(+7e+xzCBqOcjG#c;5Syl*$Y0%SgHGjhm~ad*4Trg3 zNA^hr!wQB=DEG%}U3aJP_8ZlYCbA^};U64EX&85WagrreWBUdW27LEn4@jLADEE(N zY8PFBU!oa1SBf39(_&t&k9-~O?Kl^$6y4sCp6ztGDc1BH50kd1Sti8S22lS-r;l&E;_K zIgrbX5U6!kZ4Mld11)Sbp^@ShF*a;Yq;-(%e%YGN#W1imK<-cWUCH+EGB}!>IZ4W5 zH=a6IK!)1zI5M1X>$Td?-~20sOB6rqIz zg?8p}okkr^JqE$2+F~5c2g9DWORM6kylGVgx7WH#FeWn6zrBAzB=WXEWT{L6LXnqB zmbvCfD=ILSRBgKD{?u}+Ig&5EMTtXI$Ihx1d|OFSvgQPLLVIw7jiVYrkH4X@dV!4vJvVV5-e!ElEH3b9+=j|&5;@|L{6OLsXhX#x zj$}vA{v8+YGMj;YL|)Oe)Ry>RC>Dy5nDOnS0*?sYqOH56h0r>Usq`ZQJwXqy-WD5? z{FDI9UoLGdWr|(75{9C5`(I!yBU9N(F^mxOCe%UPS_bV^QXkjM%%r{Wm6B>BgGe)84l2pWBGdD|wNBd!Blg!T`nDCs_-C z4N`+%(F&>B#LFyVntJztOZC*cX4TsfVLKMGW|8aFar`4YKz)yyGjEH4|cV7ep z_rCd{`_bxlye(7mlX))6S%pzVR4~{}LR&~A5iHS|03z*b=>8NfsD0hD)wZF`MHh_{5fG9&UKsy}Xh z8{OpQGqI;+BrsFm0Do5;_`6)x>7sC|S9F*($qrKNy`|b5u0kHEq8X@2PgM@ z&y`g)Sjk=?`#|w-h%T&9JpS;6j69m^CjW=<#^o$9c5O<6DO;?W^83VR!S_=E*i9ER zDxx$zpS@(KL(|GFEOBRbxTRz~64;pJ+=7?J^W}riBH(Kuw(eX~Zr#y)c#$C>D?7^% zThdoq-}$Xr_ESdrd#O0hp?Ml%s;e2TnlduYKAsO7bj7G}FmzuJVD|1#zQ+{bRvAiy z(b{wv1C0i`e}YjP~|&GJ)!G|%C2}mq!`Pc+F{leX^e%;*WYRkbG@DRR3(66 zMACYTNs&^eOwIgkopX9I4W|UVK6U$(ALH$hEE~i{HoVN86%4x)$IBIhZ#7XY&c|r@ z30|7k9loI+XwrUBrLU~qd*3k6d2{kjbP^g{n#F?3tm+2PL`)K3n?%yAg6K7qjOQznygSXC2>ky*1!J> zD zY&W6JUX&>md+CiytF-8W4=y$vBg$OE?uO>|^dt|&l^#O*)#Rn$@-0pWMQDs-+|)Wc z*fm`>32RHdOj6$lfjTC`cX}Xt-D+M=pZIFpapWd3_Ul6EF&iSh4v#ohu2V6hjUzf@ zEf#mZMAS@spd~Jcv>+G1$s4n^?h<;b{Z0(sKX>E{>I zai)~IXuo|=(|eTT@}vB{cfk9!Qq?i+EArJ_T1HirvmEK0FFMF@vrHCT2?eq`HDg|? zNNEY}RZF4sFWlFPsBy>H>ucGN=1Rvp7Mj+2I&YL{8nh8SyGW^CN1$UJ>&NFh+bb)_ z5T|`u5I9?<{V$~Vzx>yyDwL;~+OP5Ex9*A1_k%f%xIz}%Hz1>$Z-p}il z#Oo)imgFnn;G5S}fr%!)6op_skK0oD(L#cN3#iTJ3SE*^#cObGpCD?b`uFw6^B?S78}zQB?a0|Elg;HbdP#ZaxuRD5~t~+^;w%GF7D<5rlha*hJ4-D;jd3ZtInW2zZ6@++%ji;dxpiJR2EhBwFmHX9l{)8^EZFkZ0l|s z%0q{!jM#l)Xo6)!yIf_&qhIamFNguwFsK*k`$n%Nw%$ckzl!8o=qt>uDaq@C!X_;x zfg9qTVN@^;rVcW&el1wLgO=^#UNi)06<=wR94kQWGBh#N?%5P0ZeU?r@hVgB@6Iqp z>iCc|a4Szx#HAAetFWZ_Zyf>Z4z`4gtFFh}uDqW?T!gXJPvzqF**DRI?>v*_6QK!@ z%d;_5n)ars0>(rbB85C20R9Dddk?+CdFPzl+^2AjPsi!nk1z$JtWv4SiTs?-g{xVP zWG5cVuXvWw{MqmD4bQ>Q_>eZhCvVJ>NkCnR1a1iy0tl!H5bx11wFPdtFU3m&wBn9; zXyJ+RGV;i<44oW}>Oj~JmJIdyZ%=d5X&C=ox8~q(ZmJPw;FDf)I@C(|BB0 zS)%u4+2UXb-9^NjW%UY!=!&7Rfj0Pv{_!TN*6942;E~ba_3URB5hRJ@?_Fs&xa;Fi zg=`Y75;AXQZ%CkP8n}%e92u%&*w2?l$DVl_ZBU2(UHY15fD($HO}d_=`~y9fD-p`y z4dSt_>+uDmBA>+1#vM4*{JyrYo|;IL){Yk}Lj6^`R%dA=Z3o>nrN<79#u^*Llrj?w zm0q*+=@%L;yNJ;aH2SL1>6LP$kEck$KRxB)rjRg1&v+Y!mU3tq~U zwqfZA3ElBEKb$*+&y}~L)EbgYadW~!MPy(|Meycx zsnAD!zhx|1^jAX=sASRFJgQt|8SF!0(a|LlOg)b@^xl_!W&@+NW#=9#Vbp|-t;sHf zOGn=o9ekIClx1i_$%cMn44W zwfWmU3Wmv;O*-obYfnkaq8PH4i`+@dU5rz4|GiY5=XF z8n?80C&}`0O|q69+VzRnYLf2YhZJ07KZW29m;#;c4dUZ)3yHf^R-7L53gI`5ATQ)W zhf$J68gmv1g26VC!VCpX*^d3;f!XDVN6bqVJYuSY zUVqUj)AtO@dsN%NLatk7i3%q{XiqU0KC6J zYbFO>gi?3B)qrTf@W;neeI7Eel;WgV&6$q5WrKv9&+GQ=lJp#9MM%5@C|_Y+QF*Oaz|JRh>( zsjFPBn{rreBlKwAKp#~=(EJG*rTdt`p78q(4Z&JUjI{SremDd~c(E71^o9j^(=L<= z#WBby2$GAY6uiwdk#D|YRuo9w7i;)%t?B}0_CPZ6^%K$ji`sNR={u6N0A~IHJ@-A@ z<&B@B1I%l8%D!^9%s+AxCyA8`-#WCAP#%3lH{*LUbo+`2sr!0))dzSIR18Y}F%Mig zZy~n3;me-JXG2%f6)buzC`Ymmorna>CP`b%;m`AKM zgz7C3+jTA}2P-boTIzwPxT2~d_we2J*hNSZbc3+z_wEG6oBH2*?YRo04pX1ys_n3r zX6&_3rViXa39JF~tqFcDTFCo*Mir^?gz4MuixD#(m_?T~U-GC^q-aeGHST1eBCI6M zf{$PQU<$rNs%!7gGg>!twOzy1pYr@sfR*-H&L#I|-HG5IY3Bc7?=8cs>el{IMKC}R zl~7tyQb3VV8VLpIR9Zs1OIkocrBqOq?hfe^kS-DF2I($gv4BOKd%E}g-}`+wKIeQp z=eo}RBq&bi8gtAs?s5O>;d7w|R=h13HzM5apI+xQo?*r0OwQfaru%{)c5c>Gu-vvI zkK!l@8sLO~4SFcZs8|T8Br=RHYz+tYX zp(b;umLnI3=R&;*>Qpp-7OYlvJ&kT&P5CNb;L4ah*?VLImO%-)6Fw~xdN8*Ya84_Q zcGI`I9d+fzGNA#bRhs``&LAAsf4(uEok;lGrhv=JkOsbLJ>ngucL zS{AJz_VrPVtEQOV3{w!$7V&`1S0GuBe;IiJEIogC_T(^O`va-9(jDAJz~0Mb^Acvy zpY68&x?id7M!SB0~4zHEROmj+H3I1nL{^PC)-@x2c*yDe6nVe-ET8RVD+RX$F zIpX3+`be*HDvfKQ@D`MXMH+=kI*r`7s|p1wWOMa+sNQGr5dD#)!@!RW$l7B|Xr!e> z(|L*?>1><*{OY;F1EfkeE1JowV1XxN-*;K(91#zvCR&1GwZg4e()7yh3-!sNyLY+j zyJZCr&471XB%ADE0^t`{!ohFZDkiYV!VcFbVg>$&UnL_Sz=|*db7o{Ik&6Bi7+y{=F@KB;R_J4mT8eTU%eP*2`x)d$eyT{|E9J(Y zNsgX*go#04K?!0Ay{CK#mf^SOdG8->wue&fGCCV`@T}R#p@rJ{q;LR;q<_089C-N@ z*-WSZJOJg`-S=pTZ1-s z|N6{_?IH>~N>JKCZ1t|4$btL~^`dXcv5kP&enI~fh1GK;MoZveTMseDMVj|AyvrQS zK$g$BP^`QUiuNJE3lO8$LPSpjNsp%?Wx-m`0>XE=pnP{62DU*{I0jWTTVauj_&N`&RQ=b*Zqr zKM7lIm^LLP1ttnS7s^}%zs%VyoP)I73|$h)b8%Rv94fTEiSs_E@kk3#ijkBvjG9}tMz1^nz1=x*^QjP({j(GKv?w!W1a{vg`Ag5w0TwSqd zmif|pzg{o|v}n%cPawHC#fVNWJ7{6y5d!={W^7e#rWZY8R+$pxJ~+MHpIh652N#KU z+j@+FRN$pN$P%9_8t3ZE(Y6%vBfwX+#=wy~AM7y8kNJCDIS_CY-g&XnU4+F2(ajNy ztLDWcGyW&RrAU1UjFt3HQI(i-ypUmfWQULqz$Jnr6vc~+P0RuLD=|D2?jOhOhjund zu^WMee}`*fLI>jLIJtIF+!_bnvdO1B&l=b*JS*6@?C@WS97LHKmz+KLxAXD;UVuX- zJrlFu{$7#5*6#`Ath~kEWnj#4TpeY#dNap3S6?M=Wi;jMMJ15d2C!Tcby=3yAi|=j z&Q2iR#T60_Ij5T{i;Jt2uG9>6AzxxYVzG=TK5xD#yQD@sfglnw4j6%#=PN5^7;f6m zMmd(TlZkcY>fJ|MU%u?&8eQbx-3<1dCgU`|yYomg(o$+d&}$rA_w~mX89W^{zN_tX z9iQ$$tW*A8U;RbybG*gK=IngNa$kCqrfm=LifzZ&4XNsYwR@wuc`p?6lcl|Ct;&Vz z{=8@<$$( zPDsv#xc;^`c%BU*J*RW#ATLQa4k!@tPF6M<{ZguFT~BPG^gxcGAb~NbyE56645T3u z?rBeIeY0OAM<`$f;Pc7g40+R)cV!C zq>P=J-CUmw?{7M}FEDE!M!T$7qlnFRU^;6E+FKq(6BFW|;<2N~#o9?^%p~HI^H36$ zk8v9qwjjMR%z2fTtm((g*B@BAhG(-N_OUVAb?{(gEkU@8r8E2#W>DVAlF))XoAA%_ zha^cDpR*O4+Q38c?rAzDZJcP&ir5bWn$MXf7?&uIV>|oZ9y2b8Yh|=Rp9BetwOQKZ z?HNI`;bko;h>I6%$xke9w-9j-3JAEeXv4#~xOe)Lw#pC)Evw5MmdPAt+`de`d+4P* zzEzvRQ{(wQ*2?UDf>;5S&$|^=dPeqZa>`pzzg==<<@Vq(crS|}W|XdL)hkx;irRFk z?sTxYSKvpTMWf+_V@oSlp!M?I!XdnPb{L!;@LnB^-HpyQ3{iGATq^0edoqUY?@nz$ zbv{|1tV1cm**=Wef?Lg3?@twkXD6+kz~$ofx5ot#@q-2KHIK}!b2diW{_?QG9SpXy zGv0}Pdtuy}DRVx>Re_K;oCv#_$@t2O=saw_1mbrY9$2-q6n_-|$OlnP*(KtHkv1)i zuhJWE#9WWFoL=dh{-HZjDorLl-USC)ip-Jm4e$Y8a^Pgr1GR(2V767%8pq>GnI~ou zoaQED^(54)YPq@wOQjqS`j;f=9UONsOBKaEnU8BZmX$cn2lDDk46(obtt1Kv8&De% zKUfsQfRWt=iu;Zn(@GW!@at|9cNNG9EK|BX(Yhode6eb+IQgBzny}~P5x-8(K8?xV zuBPQez<^?6=O7Z=dq2{FC~{4rOUfW@D)v0tI1i^ucT=`xWjh=y@0`}Z(N6cK1N1C+ zwP?Rsl?)z@Wc*%#-h`$lA+9hFOvmRbc^&k35O#%kp3?}T&XSvk6`EiRuPi~HNWj=F z7+GbhpO%h_%hBXrT@uj;Fs3+T_qaY!j_tpr|GP1}kc+095n0=6|ui@q4cKdQ*(cCp`GXflG(Gnx$J_a7Ryo|#7B9u5F$ zNIjIdV~|+5USr9~+C1juIV!X8bcRTdtRCpk6Mb*#agPyj^Rj_1OfGB|eU#u4)XG9b z6&bMP8gpyAuXYatOU z5AmG*@N20+4a+XLA8Pra>lrZzr|Dpwi9rB6$Zxv@_HSrQr$;X^r|}m){9{!JWChOv zaIG9D?9(DQTExL11yl%~bRO6&4}-X8nPf63+v&Vg({vCCK04t%olK;W^UfjQ{vSzZ z5cxQ2X`qW`E~-z*m!w;!V8)l^N;@kO3yF9FAfD69py%ZbOy34_l_v4!&6N?}Y-d3%s$;?MSO}i*yOt16v{M zNnGJIaIk(?GSi!_X{zR@2QF%Xt?lzd`}neqNt_HaeCu_Q=>ve-PY8^ArDMRn3DPyE zYX*8jdLO}Q`k}QPOjxCe|5_) zjaXA-AOA>8Ao#7D>d*4W<7ciJi2AZB{ZlPxY?20y6(;5f@N{evusPIXV*mnOotxKu_;J|qhSvi8J8O;1u_akn^bt}W&78pammM)6?LI12rFo=oC}4y#1%v13b+n)mSOB zET5=X79KshNLx$nZ-sN2hwI7J_jSAs{jy1$ad5pwyUM*{e|Ef)Jxe5hb|_U|H zF=>8c%^VS0{R6xDq-5hS5B@nj-#m^@J@m-`rh4tK#~sgZ!Y20z!soYg!N)9FR-TT< zHR{6$6^5`9Xa;-H_=%O3@KM2OQ91tDi(H&{bS`#%LT;<^J6JPp+o;JAUjo2qnQ z$H$=K2@O{N{^M6`$L=V zADxf~3}0UcyttwN$7cxrF(%-;KJZBqqW*L9M2IF19`*lkuM;|O`C;0R^Sl51==PTh zBMKsw^TgwSryWxe2jOW8A1=?4!k~XndUr?^{AF?cYp(LShId z{O|4jp{w}c(fRM(`Oh9P@@BQ9NXgDYA{ot_Q=W*Glot-3`Fy8AkxdU1w9_iU4{V^w zaxB_U<(GB=*g-;njW|QgjV(hn;{&IW+!)j;y2?zd-#rq#|FUEKPrF_U%fO*QAz6bR zmRnCE;%)0uKFrgZ8xg$d#?YlF{v^h|Mbf5F%kW*t+)p`jN$wwk_kYPkHsIi@oFvXn zqqw#!yLlP8XD%@JGuz?XSSR?gq*#*wsvsp;!;MAp?=vQ*bcBy zUvFVhFWUZaf@kWd_tLgSBi#at)6r`TsOPXQmkPxr*=@mJ!3SwMtGIEny)~?yz=-aP z*LPo4Nc8Ta|CFXRQr4R>`${GMX`sH=2M{d%Yj6KQU&&oXHsP0zP0}=Szpx>LLj?I>brz_fSK$^KWyT^6e8BxS^$?y*V&oU&S)f)fE&nOunwBA;%pnJOXJOE{8 z#{=u+2=$-=$olfF(KX-pjUgjy*UB;9b_`z?ehhQE8;-u6Y#H|-y3|uzux77hF@V@e z;=&I*1zcSQ#(qNSalWjOwx_c63wVopB*9p!@*5?U+M8({Qe&1UWNt2hOm|#Y{j*h^GV~)+NMbYC zca>@s^SXRLx7B~KR=WCZ4C@`s=ajt%avpONA$ z3@jckf(cX3WYQXZ?1%duxZ&^fWIJ~cn+xU{&o^y5^g41))Q5ouj{OXWB7RIBYe-0dRJEH1N?4+U{=Wi!}?3tO@JhctC9S$jeW!iJ9x(|KV-{rLBGV zS?rjn?(f$dVxH3$y|K;+?6{c|*WJm`9&_Ed(e^yoL%Gx0%K9o9WV+&HPv?AKdAzC*HnA_CqS_MN9NyRX0hVmF#Cf=|yjL zNhRpyN#f}x+}(Q+Kz{06o;W@^-HlzbhJq($y@Chse#)7TZaulneq>Rx21kM~*x*vi zz;ztwJRF5JlNXt_sjr(K{#Z6cvp|gn?+;a zB9(7=o(;4r#ZaRMTEHO1{2G~k9J}D&&A#YM2U2ErbtEo3Jsm~h=(p(7V0^}Mq!?Uh zrf&ctw&Y2zxN23KXVw|rYoXU*Ir@*aj)qB&E4=y^vKC7n$2rSoIWVCW?w6C{N^SJx zA&NDMcc2or;Nw4Ks%@T{wPvS$z|(Ouza{uX>+1S&sbHB)yXF2~FFAVj6l92~wqIQK zUCeIgun$dk8?>xaacF!~HFzAeI?IacsFMJfr1%$MBVc>h3P57Tg=q9Agwin-2sTUY zM>AGwm;j4ss)5_Prl|v_FV&p2$Iluplz>bs*PfLJ+W@yLp{V=m9l7%r7Q#7ihjzzZ z+RdZ9Lc5w?agR|ghTlmwC+AITJTnl)2fo62n$GJ!MR49MhTOx0rNT|9h#dT3boP2+$(+a2vB=lu8*1$n!^aJw!NPBhaPBUTxtjV>3`6ev zK|Pi0w!G@o<+4JHa+_%;a_7bo;qv|6Eo*2BoVGG=S2zCkJ% zr85gh3#I=RE|>c|T#oXz?0zVmmA94RmNMEPxU2?;)sCg2pDieKZqz@ITJ4K^TJ3qi zY2%9XS;q4GT;|*~Sx4))6iD9RqT3 zTIYuxH!=5$n#!*L?k)rLR{$YUx45pi75j|1dJeiA?93usVF!Q!iBqFGmF`j$^cNW0 z4rgI(-NCV`r)0y&`sdJQ-`bFT9D?3rqwbrlo&gYn z(WhxMAS+m&l{~HxdoSkKbc;cYV&yyW@@*S~*2Ke@s60r%{2fDg6y(};kH%QglOL=O zm!Rp{8c)7H0G`W5++(h{1ws<|&VVgk$DY5Mwmh2@2DLa#fT;V*q367x7CJL*x<0R~lQ^aowYq|qc{PZs3z|&b zT8`v6yrD)&{vccMfn3EasxheCyZsVQq(5HzAhb8FT&E?ZBlCq@?i;7gf=B)jo-^b7 z`gZEVM1dv!(BhTeKbr!Z`6GbJy)yyP#KA00$>ED7?r z=T~02=Z=De&q`(Z0O`s*eiL57Mp~#jKwezIP0>k<+#Lf%Is=%T#!8~?(flFKrvNwQ z2rPOKx_MP?7UHl>q5W^?CZ!bgr49@CD#N8jp%jHXsXx)23rWzOd_~@5m_4Y}$+`D3 zc+FiPqRp0b#DzVixA4(ttGD}iEGzAKvrV(vSR%wOR|h9clg*X^@AfZLuHWA>q$06% zhyf$-T&y?lpyNUqJFMvi0^&@`ySZVt08Kq%axgER3lYcN77{P0%|*{{*_shaJvqhR zoje%Sc2hZ10v-LWJ6dR06$Z`+qahG6YUTo|GJ+~C(#Gjv|ygK9b2u$pugkB7v918G=XF508BbA`aMlpaYzRf9d8|=@=p+++`!lq%#-k zO5UCc?>qclOOTIbVL`D>&Sa1qmayJF{`>^N=k>|PA!v~=t&{^e?l5Saf>Y(yZhlD0 zqNb1dnw5Wu_5gL~M0Umr7Od>m*Mr?evP=n!KKRNO;3v4^a?5g*Pn{xy)ez8ehxT#A zOA~w(QeQr-^*dJ#JcW|g=yn%q14^6P0pq+UR`^7h?ihQwSHr7bst%(NM9M#qRss2J z{Xqh|MrcaZ@@`h8p);!_nNPfS&0_g&$o6rRg}}RFX!v)MjYn{ulL&a*x>;w z`ktyM!FyHUWq;IkU9YdkGpcxo2C!DH4-a$w;Rk&aG(eC=;0t>5*?I+-{FZNaJ~ZD1 z{Je$f&KhC_820m%j4%62$s_@SSX?}q*aJmiA!2S zMwBji`g8Ra?TVL^V9l&^EAXf}L$8mkzXwxor852>qQTGc)|1<5dRlHMWktE`yBSXV zk_RB{w#Cy}RFfQ^wd#`QE`2U+r$&ckRj};>MtYh*uW;|jaGI)E#o%^A@(xn$jJR(6 zBc8J2VqDciLM5}>PYraIj+ly~)%@MLNUZCUeHymX$u7Mwuf`C`$#Pt{+@m(q$>{~tO4;Ev@p3ILmviolOalz!7Evg7aXdVi-wkfd|qCzt!?NyW}@^} zRlEIx75RLZfZOd2^~KTsXUyskYUv&7uoz8lyGf>P$G%<_mB(Rq#kdc}3cFQBgl1JL z&PKW=^WWWjjDb|y{`%xiDP5)U%k=8P^(&xaVby#@Ms<3J1a$O|=oD;Kg6bLf@nDvwXui%z$vjXkXc zEhIvTC?=d_MOcfLo$kJm^MZp+-1A~!_!=V*?tKH4 z6tSox&&)@?$R{PMWb>2eKrUN|kSysj3IkyZHV7y$ZmB$fc)U2XlUP+_T&9^V(xP;l zggcxevY2-j_T6i9mD)L1n_lv32O5R*IZ3`z{y_< zA%Fvye>nJ+EUi|?n0rv#q)6}U14U)uzg6+aJzD)yXP3;8{a}y5!NU1N{!Kwe+7F%g zX~l-7j_i|q#v}gAz9g7Y&^zCD;~4y!0-Eav>HCR#6|sk~Dr)}J0|`yCb}lB-{>)}4 zi#!Anai)|fFLXTI0DsLAd7R3nn1fCFF18&`gLla+JoAYm8b3s6*+Y>;oS&*&JjHhN z3g};t3{W;|^Pnxcjl+@m5I9|xJhASCa~XjYIJtvbpaR}XckXs|oD1DEzzQPj z?!mK~p5OR-;vDwQIHffDS_G2y8koK|%W<{3-6zMVkga@)-J=CKEz`+C@5Hv9nJyBD z?%?7MH$7CO-KW5yiodyaHl0Y?1LK;64iemN42;j?7(Z@Gp)@-}WhH6F18z!NCncUI zM9jb=6r>dWjmelsg3sMFntJi;Jz(wThN-KWvd%N3Tx5K|3<`Suf31~WCKHQ4_NuZ~ z+YR-e)2#movFh44w4jDICfw`c{<`}(V^UuFMRPsJJJ|}QHfAO{-@1r*zIqi+(!1)n zy6>iaEl%L-{$R@6n_VUDN&fx*i88|x7wbekwmW^_1u|mD4dM<*54k7A%9ppwm(oqM zi!)B)7d=6bf~PemdJzf)W%D)rzJB@p4h%urHq!rjh6A23tK1FGfZ>m(WmjW1biJY)El@yc-NCkx@@1Wt_2JbZ&9 z_PDghlz1^5I3GL)a#mj_6K*8jaJ`Jv!3r>I31fM|mgF6skU1^a{b38@v+`?_5|xO1 zwpO@l;MuC)SKpa`ykjt)5}OVn9Z~b23ijC3lao6B_Fd>8)ki9$*Q1J``q5n}9XWxo zaE^0t*Ya5^tD0{sMGBuq#hFL+Rx;P;@$aS*aBW%^Kf;I%U8gXXFSejubTI3C^r`Am z2;F*D8}UQGQidZM+d^rONzBR45fyZ3|3$U0)$Z`BrXtP`>g1+BdanC{^G+(~se)t0 z??|4F0=3Xp(SqDu`_t}pg)FX}Xo%Ji%vaxC!e~}Tc_(e{s_b?~<0)^Ft9^Jjff{mh zBL4iCMB~iYx0|)A@vENtQcqu1kKw=)>T>c4IcLKltH{mx;EiTy%?#Nq!t5~3oyhM# zRm^1jacQyfj6C}xnZ&Nnhx=%A5W}r}%EKi;}7%~d_&=Z&$;)Jf`Xc~oZi32!?whV3HrJ1rRl=qwqu3mghA zc43rMd;8kk93Gox`N`*0SipMckU;3r)4_S;H2aRLCR=2D7yx*yq{Hv`#C#>1oxx| z5!#W!jV-r8otMd5`E# zfGlpeisSEF7cfPZO9r{Shl;EzQk@SzzKi6cur3KC+jkb1dt&(cg%8QjC>5S7!_Q=) zx`bds+*t>hn*tnirgVEtM&r$u_HwswumYWLc4`)d9wiG4iRhM76Q&Lkg#@2_~hSbpV zf_AypEMu;3XZL-jteUNG0#V-XwoONt)(Qsp*Q-V?H*f?v?unRkPK6dYh*&2>NCI{k zlA@RY#iLXMBF%&c^p{`6gpfG)g;Nb&XJKFI^%zAy`5e3#d)`IPhQ^g+}&*&#~d*?%E2QucVe%dPSmFn`3xsp zhf1}%ZD8R9=Bro<;n8D=+y_=RE|^2WHK{(BSAYfE`ozyiytqLxQnu%Tcx$C)s=G}Z z=bo|aF350c;7qX2k6psqNZX(Ym4|HEkck-nV1Ba}aP(6pF78uNk1apSAXhKYWOOSKTXLboWX}&}=i%N<^f=Wz2<6pMh;hu|q1L4*hhGkl zliOgTRubH%=Oe*tC`5}sHKRe#y#AmraPH-nSUoOpkAEQh-}&4zk~ft=;p5F)vXGv! z1m4uPRnf3pH%ha;+_$^uY^@3D+_7d3ylOGR=8S2T;zoN2*U(gT59E)WIHH^PoH`RF zvIBm(cIu9iJ&w~}SybJJMuD~2`Vd`qC0mG52D<>HoG_gholDw6tdu>NAmZv9ABX}i z;?^K8q6Ee4yg7G16hG%ytW?#5QiL6`oSfZRMgmkSWtB>W{C+j6-)`ip$1epky?q<) zBVOB-d9(LRljUJ;y98b}dcLa>CBNSlzk*9;++m4x+fGn`f8*P2Bs{{gM5h|dQSd;+ zj{G2K-dXL^0r2_o7w)$%J{l{AYH>K~UGS39{r0Dz8nEbaj_R&ieWIrtM|2=@PKKdG z2SHC}`nV+8Wlybp`f3_WLSePOo`3j6SrlwI)|F@ON2oRnHy%R;-;E&7iH4N@(pFt_XHzX(dPuVbr$<`6VyLyB-{oR zjO@nRQmbe&;J`(_B#W|xdO!L zT_q(8Hj)atrg*8F>9qS_4oK`32q&Sn7v!dGL;8$m;oyhB5qt76ta5*$+<>MB1*vvd zKO=$II21LCd})!r;c_~YkbdI0XnZX_LOD9wTtP^f_U`5cUnIw%u&K=p?QYX2b4c8? z_Lg7k!gR5gq$$4tQt#Z4P*Jj1aW3l;Y;A=H;&y`!9+fuJEn8rwKOjLLHI=WSeG1s` z;@;Sw&N$d*ArUPVk?0gCnq-T~qsy9OT207VGe|$<9vGQ04)}$v=+(VEKM?fvbXdEw zVEKWes%pDbyG(VKmBJg5_FdSj3f#5^8c`k~3S}*sYMpnQ8!+U&Cq50%h0Ee4qE-Ix zEoqq~H~St0r75O_WAS&aMnva$k%x~m2{INRQckBV>vyjwT(QfVs|;F%1iAh1b9$(S zUfW!Mnq%jgVzk)!<>ES!sJ_T5aaVFy?h=QRb37Mi2BPr7T1~XOB%%h;b{Xp22V;?k zmaCN~5*bzngFKEWala308kffwCagCy>o8#c}qH2V+#a zIli=#l9E2I2#>?krOIQ{%7WJAE5fr~t;=&aC10W9V>q1(XU@p4zLC;OUI7UM;>Gkm zWE+cr(A}Vy^Ztu$i7Udu8D;7cEp1%-j%t0}E>Xn{6^3JrEo6_+A}fn(4(K5m7q74U zxP>dY$s7BFF(kh9A(vVIPv0n}RWwV8gQ@ArTnu$pw!y@%KU;-1F2 z^K;ksqORlJ+A9+C59{Yu94nk|RSiAEvA3S~q2ri{y%&YZVFM1uVEnsF`q$ipdYBH! zAWm{%T>I{~GGaTHDt6BQz6$QgvBMv9Dtm}g&qIIS38*1?ag>G%jubypZE>4 zSs2uQvbH-iZeaE~F~_bhJsfv_Vq|Idute~KNlEP<*O+exsxbOlz##?xm4X$)`(YjSl(T~LrnQ!T zy2Jo6O;b}gx1k6S39tlGf2`;)x~r!fynb41RpUpL_JL<~^`VAr57*FVTEX6G8cDl*8-eJw zggm{l{C|1jXtNEfP2B2ePwP!+%n$lMApid=BsoQ%Q(fkqylX`a34-TeZWaBQkrKot z$9wt|8SD-e*IqaR4uq*;Lof8^EkMZu$FPjCFVx~GXU!EE<-Z#D*;2MsFQ7bHY$-&; z4bQmLdNvb8j>kRqt9=A-j0kAcmr0RmZST)-?eN? z!Ui6v9og|ehE+-g4?9U~5Ce-f^nypj*^M&N-VFoQs>CGk|J%Y%EQYo=G9r9M+XQ&K8f`(cB z>-R-wJ2oi;rHb@WFH}JN`hBq2RGs%lspOIC%|8Y^wLqvsQ#ft2qsQteLdmJgznEoI z?NyNF$aVuZVXCJ-KA4oOMw!36Lv$X(oD*t`E_gs!%5SPFQrBEyYwH7l&KYaVHLY|Ow<=ybzHz~PwtFcDGqjEo@;GY zFtgg)Z~v8N{O@!6*Zo*=?8~!LV8>$>R^ZtRi#BSkD@iieGZcUF#mNT)E0~hM@b@Htx!u#7z5fk#m`^bdEBcKTZi$raR?m6G z?d`u!=~&CA8?Vj2y zU64r_ZtpZ3(!E&pJImJ}MD8lJy|eQw#N3V0B6aQ(<>JEv>8il%N57Q6Ii1}yo{A&9vB=mhF9hbi*>afZ5AJvjO(uWWAmS;E{YQzPzIU=jg=a*d|#*GTs3y zEb9Hp7T5fRI~jYgB$Z(p;B?Hu8R)?IouweO*kG>2FO>MZ$Gb<^Wc;QhP4Padz8ScB zzFcDq`ko(tnJHgq3y5Pe^7K z`Ooy^TvOLvcE>J8&eS!tJzgC>h5bZyUgMG=x&==IX(2IxuchH1 zYJ}e(wNNp3G&^=`w{x`=eH>#n%IA2QCA|1EUX^<`ivP3hU~4%4tcc5Iu62>It=YTP z6V9l-jO;HrmTxT`%|QIU40#S-m!tJM`&N^4;l8zvVWfLHYPoCZ0{v?5)L6b?q^Ydn z#l`yZb7iw=#~tOro0D(ou{i0P-pmTdxHf3HEu-!X@}td+%meGgKR>`7P(2tPgAmz^S8>pd+EO0d853I$Wd_Vh@?hftHaxqshN{<1mz_cDJj2L4|dn@Nw&p<~Bb;w40d zmHzwG{&N}l?~ML)N%G&Z`R~~Lbus&YwuEgxC=PLh4M<3u_+y2BzI0S^$5WP3eKF>u z{ucY8r44gl^V#p3k4vX^QHziB#Zg)NT7j7^jdTuj!g#!yst*^33Y}EGw@dtGZ~5n; zj2R2%fRmIxd;<*y3>+d_x1zSTGwQddLX}kt_Wa45ZjbPC7UocPd}qBhTpiAl*rgum z`apx|h^Hx(bpei~%EA8rVzDc@d>l@tBk19jBIDK|HP0XM5+}-aMM=x`AEc;RS7-o@ z{x9My*jk)_{=d=^J>iwu$ zd%dPKg$un$ey*kma5Sf7WrCAD7Y?12rn%r{#n3`0Hp$gCKN9!HWhr}{)K9mQKFxG( zqncJ67M_^53PzG0bx+XUfR@Gi#_CgW5N5=Z{i0>Y&0lu2HEhxwuj8fNJ zbwR&k_B)r7@zBK^!SipXT_)^~yjr)#aj$^E{k;-rY>;O1-^zBgawl13A=41;CDu{8 zR=1{_ev_8<2Lt{sFUsuRsIaYALtnJ+k;SDD4pb0K&qW~%yD9qlOx+#y*15bpkxJJ} z);4smVP7h*xk; z^L{YxdQ9@n=$B3Tq_%&)UGED*S_!s*<0ESQXj!(;3A-zrE1YebdCdo#G1s?h&f<`@ zut|FP-~6^F>^o%I7p1Hdc6NShq4$MH<@N+#1g~Ru8+dmEqG1BWko=XA@*yghCHaf2 z!KO#?98+uIChWJzZ5K~>U-M)cavZ$XS791awA55%@Saq6slZ=mPG7J**07=P*Uv=R zrJ(ijM7~a5T8WPxSLb@xcPYIyC2Hpgl`h9v6rbA$wv;LNu$4DN8892G16!|9dw)T- zH|b$mB4*&_QLQy0d%USFd^P(q%4L|nS?8ba^-NH_xO80h&Y@UA(9d0=KG&De@^X-k9i7hKgHW=4nHDE+5j|6qnR2RxB2cG7|8gB4d&|kMF9lCg|Gr+ znw>RMzi-ZWEklk-0Wj|Rkr46^0L?913|QSfa#{F$4l<5})PKd({)t#zSdAQ2+(v ziv)l?dV~sGRoF%DBS{coG^7vIt@J3{?{`<&S0LyeNyW~Xd}nl&py8NjD9jE<<9^R$ zSOXV6@>uGT$Pmv5j^Fcn*IvDw{jQzX&#vgZIhpD}p$5C?hUE4ZZQHIKZU3f>%1XuN zFc8lQI}+}fW0 z5b7%x-$dp|DOP@Zh3dU)bq`9yAH9qVEME$s<)K>|sR%Zt8t4e;NS~c)W#E@}jmYQPk(iw-kjfH+p%g`8QRl3mxMULGNui^pf0nneA}PIq7RL@jdnr}t!-_oVj} z#Xn1eT$mal-5F8x78HX{U#+~z9P*A-I46Q$tC%&9+KW1iY#$T8XuH~1l#5#E{34l? zAbeA$=WPW#k96$tTVXl#rKjo9F}Fqf&VLJ&SBk86IhU;qgrOBRB-Gwzxlq+-6%F1; zHsddRKZNtU6oGU89lkB_MzUE9=HL1_0u*@*P2pxxVl4y3-Bxe`$EJ<5??vP1qlZ}x zTBA%%V*J=9ufF;Qk}o%>9GG_{w=>w*Z}`8SD57Lv)4>dWN_m{|fn~DD5K{}=ah_XC z|Bj?@sDfpHR#XO8-5Phd>DY|$n_RB#RIMx3*C;wJM2?M>-+S-;_SM&fo^%t<*^l6h zV44kXQJ1-Sb-o_szTW_p;t;9~LXiqSu!G`T{1N9JL7_43<7{li8U%hwr8lq5SDPK# z8KChI8pUVfbX?KEbj2L#BX014)E?Cw%3%E0fmEG*c$@`?h zXNM%|>asuhzdXx4?d9Ju;c9sn&6t`e+sdCYy@V++yVQD9%{LIrwT9pPjz zUXROqe})~9`f)O)-~j#U$?Cc@$TNj+p@*oZ} zZV^J4izF?L`15+;ccsV{cgYHl03(~6|Hk|-B1}Le3PX-ykUog6L{}uD*hf;wRXCO; z?TLLzZMNGi-6t#gm)pCtHF=Rl4oaXnu+AA@-XS?SagI+1@p)GU$%X-v0*Ymi5(yip*Yz4KSfi zEoI&M5N^~^v1KuR!+w{*NB+j_lD(nvb$dNAPp@;tdwH){hkfWxc;mRmiDQzlwsBf$ z@VwoDJ~6Y+0}V>S=HdhOhbrJ1^MXABg`S!Uku8DL72^46z; z>HD(s3qw{r^{ndU)-DS?<++B-$?qH!P^0sBT`dE7JBPfwG4X1>=`;2b=+y0M56c z?DE)O)Gh{KxWuh22-w!>t?4lBvUXApD^Gr4Lu}=E?6-38NtrV`XD=8ihPBSL3v#0x z)~0{0YUrj!vDa)3-{w;41Z6My{Gf`A)-R}6I0x=n_Lx>Jq*bz+++Q{*FBoIq;ofsR zKENx#(#^ttLr&+h*zk=~W}mCp9d^!@5vKZFM_e zS#~*Z^el}w=*~SqB?+KPg)An?T@UQ}A-?IQR$2KiMsTdmadkzoY`Q_`su8LVVG51N zu?h75@E30j7EW`+x=6=Iswt&^&?^uNyVfUa_;7lL2X$@m@ zEa#M>IkNNaX?7-5`eOR{H>8Xk`9exYtyxQMT+??eSA2;J0{ScrXJ*HC>dIOErA zInQ73l4F3}Du)dkA`+4^>%NQH-I&RXVJ7Ocz5OfAGi8s8Eut2iZ<-Hs3>n6_N%ciq zyu9wl`dUtgqg&KYJZzdA^!B1|X2wviK`^S6E@(%IFhpS7*js+}KQVos(YE@Cq84rLlA z`s}9p3gUE$e`>mYHH_G;7vwc(oG)kQgU$Vp$TG+p&aKWP(ThM87@BGh8R1NShgDdy zHOQQK2*jxYprkAbP}}_wb^v}*nf*v`wyGGv^5(KzMO{y6HUt3NiI9qZ@0AQPv6ezw zk^M@eUsLC4#Y?U<4xhQbci&d)3+MIT6NXj$W&PJl8)p*aZ^yWnbvGO?rm?f6JH9E( zn5}QF^())wv1l7Ctgc&&DceFYq&pPKpH8MfsTIayF`FnT?D=6M7QR_=ePKY+k|n=m zmRjzuH;8(_jgt2}JB?1Z#v)FpkRrOm2?Lc3=a6-27??VjNH zc-vKYmFvUahBx)z*OjtG*7BKf)A)#x?8EVM9;f}pB+jxU#+c|D9_xO3LE&e*-WTbl ztU?UfG|M=w!!VgT6A-^@TOk9?z^JuKHv=3R_wAGr86L*7>>S@h=$MdjHMbtCffQM4 z?#pP;Qy<)i1co2yO*B^a-S-jSZ9suXqa}cMQki6xYiQo?i{j(HukU>@dK33msNE6@ zg~~E@ldC9D(3LxJ7YJATdY$EeIMxe!0m~p!@n2+&F9S|q&N8^z=I(C|$x>@JPdyF> zcGkDm7g%K4h*2Y{KEs`D#MqN72INZC!VSQatX=#v@tV1YW)dV*1oQ!_Kc?tiRcXUL zM7cf*Fr!{{aF2&bJ7j9zLLv_K_htprVcO$KzW%?anZ0#IPVThB4!@OQp%vhH3SHbT zpl&G3f4kZ|=GRvD&88o|3Bh~m{JRon?;Hy=b~y5s2^M?U)l*(a-WN`DmcVX(_avo3 zN=C3Vf8yU!aV$^ttcv%d;-*r9}av@ZRO# zPD@obZ_r1vJAZUJzbxWeLP@+A>vRRt4y{q}NLA1%5tUqHUPv1kIos3IYAz@mvaslL zxayAPbxhq_3`YeX8UflU>ir6={sdU-9oq1#^vbUoHre5+J18~s|d6PxX}Qgwbs9cAS zKlnDxu?Md&ok5`PhpiH3p(Ekle7-`{gveQ^bVI*;RK)x49$L*#j3nYUueX-YZ6_EO^rgw?@~N%)Wygq_?=L?9Y*QQD;ZPgcQ_@*%YP&d^X3QBKx0g&@ za*|efU|H5x$$c8PyTo*lFQRH`qjQu1S4w03VSbIy1C|jNC^(+&l=^R?7e49*-NGqw zpJUj!K$1XFHVUg8V;d44eS2e#X4>b7A}#E?*JRqC9NW8Ns4g<-Q`_*eBfPc|O$>JB6Z!S`mT#uZ%Ay_*V^ zTIosmP77A&IP1(sPv=mbarW(?xuQ%?CMi|RY5YCN=uTpDdyh+P81lrNnq+H-x8vpN z%jr(uuaq(Puy8kiHgh)aN-n#bN}fXdmG>dC0t0Qbv9pOTh~?mj=u*e%wNDz86W1Ts zEW8r-bynJ(lb>^sc5{EnzxK0stI=ik+@d4fu%JfY>jlj0WpnOq1y1+v!Sn0FQk>CD zodxHJbz7aQDIgP8-Pkc`sN&}2D^-D9LBaCR9Ca@vZ4?~B&#lUWU{zCS(d7)Ngj;{B-E!#u(19RnQhO6ezA<*J*V#_N1m~1>y`aU#ZBB+!c?Na%q;Hv|nfCD} z)yiM**Tkm53)UD{XU|{f5Pzm_Qo(Jj+HY$y$>H!|UsD+$Z38DFzcDW=UI(*ux?zWk z=X-DrU-XSrkUi@}N8)pSq4X9UUg|Ur1nzsE!XYg)Bt{*`JqWoYrK)?v2Gy>(fz9yz zwR^%4X0c?!wf9w@az{JaRkO99)#J9k*08EcC$9L&L7FJZZPc|q~8@2uJj%d)B)~LeRXY_TlylwOO54&^~ zHJ7A?vhQBw$Ss(8`H~*xPF0Pq{#G7K1o&}mq z^N|Ig#%p~`mcbC#@uutpQ|=`t-Fi5$45nP)s7xI(3!}qd93rMI>!& zP-yx&(~@e4TIBrfN6(h~No>)qyU%$*{?z}~-nIWT-Twb_2$Mq&tteDNIUge3%`g=E zkhD1@r=lc8h#0$5PDzTAoHwTwBXXG2GCDb=jX8~oJ7!o$D(3LLcK`ZW-@o9qU-o!x zkG&7qb?yClUC-C^@HV~?8SbU1^~LkoN!Yl`84p9+rVA7vKr?$1d}N`zn7Jux%w8Iqq$-m&e6zBu@?zl)8mu4e4d}h-@bPew_Tm9^v*)PrXho-9|L0t|7&=2e@pxW&hm2OIpZTn**mK0et++A2 zmJl^u?SsCt3f3q9VCw)jK_>{M#&`gEV=$DtDjLbaCHVjJ7d!RXWtik@7GWCvF$n!N z{zE6aFvfdRwc0rF*on6A*JBMfF292|ZjHsB#QiAVV&&>l?S}LZChj4xcw()e6ewEF zqaep(Q&?E7$G)E51-;%@Dr|lD)XWx>4;o$`*vOVHAFt1^`3jHji7~u>VM~eQw0boPAQ7c<)Zmg+(&PB(sUybyV+Ql$RrRiI=TUsW^J6mf2#h*x&{!Wme z90Rh@8x_PLP=k}`YFuK!RcJ%Gth%GJq5LNpZvUVMHd=?=qxGvAt!=nccu59d6h$d3 zFhj`XMocELiiz>fHX1JqjpZ=L^HuHZe$?W3ADk$QC_QS}D&D$WHV0){HechYt>}S= z`LEYG9u6^KgiH#|AP-9Wl!mMXtQP01TI8#*m9Ibaj7+LfvS>$^IZ+fh7lp?CpN*4( zPGvpea!-0pI1O@HLQ^1t0eSAP6|McHQ|SJ@kskCcy_UEU>HSM1-`(quR7zU$z#W~# zyUiJ-HfQbR$QAjH$O~!{i*Oc+GI6Gi$%u&4fgmtZBPEKOu{Y@Tkc#VryT4+)o~^Uq zo}cjGxsaI|rUQ3&vaR?<;oT1+_3rP{J!nU|Hb{M124v+$tI%Gqm}q>16&@U>zHEj| z{C)rr?GaLlD7eZ{Y+2k~?ZpOubYH3mz8fcLAZ7hJH`58GY7m|fFPsI(#x%ei@zzbz zl%ip9`%|iRISj*>Pwy%cY{rKMF$cH6&*!-XzQ_6`G*DdJ_Hj!9-EjOr&x+%jOL1;o9f0ZeNucz)_6&H`OFHR`@$c~VR?k(-XUzFW>5Iaq1kyrH}RN|dKhq5)b} zFMg)%ilG--z(^udBA5%su}A=f8|`3cjXIkk5;DZ=WyE~R{0`-)X_u=vB5jqnxVdC) zMf95gklG>F`;*^44TS|@ayyD6BXe&0&0>wF-of_@97IaL9B$)Zb4~R$k<*k;X3ib= z;7*f|@k&+Q&AvF!m9J8hh#gRihRsg4Z%W>2|2oM?Z_FsV>~Jp^2jMuRT+ zAqI<}KVvQ~_(r?c#8*)>f6v;0D7w*oDp}=D-@x`e3_kmyth=?-(iuAUY`t*25A4Rt6#zeMJU0qZ)RO!Td>$-Ir&Z5q zqK)7GXAaTu7z2$fnA4U>sl_4est%uKm>cLM71}>Q;xQc9wkW&g4sFH{F*u5}oDNwbNfL^qS^0XKXGx)aFR4D9ex>;9 zyWJYj6EUeR`S41DCCrlRPC+Vj=&H=e+C_{4T5)$`tyYy-(+pyRa~QXMTp6xD0re4S3<)=XjiAp!ZO|_Lz`~tLLiWCQsx;)qcOwU zLL%IttbT+d@TKWoXs=(NkR(KEebGTqO8vyHn?AkghObntB4v&q$+0msNShWqdq!65 z68edDihi`?+WtQMtH5UkB*Nf236|~X4fYqIQOwb^QGy9>jq}&yIN>#dqEI5Pw9bE6 zs$#Oc75mMHwl?lKDx%K*iu>5L&^lvMYwLOwHR-!wYV{m+U7UlTfvTV10cRCvfNIv{ z@%)4GrUi(pjg6%H@5!i(uYIc%+)SF2-7pTNi+efSEW)I*Leg-~PiLNNeEUH`Kih|A z2Nh9T-#tLH$9o@$Ee+n@3tXe7;t^EQHAapsv3a@?!vf(sGcmFJ@$1?|g0iXr;SKNUp)Z7Strg^?vnK4$Q+*}nKOBm2(JgL6^^wYr1 z-~6#&-B}47zrN1-!`T7M<`lzgY!&tMuiiQm=$G@a(_KDc@jn}Y?o;x7?XVjPfUzo1evu&$8x`h2=`eh^vY zCeVF3MT(~?mtKMbU$X8JX}Q5*mFrpZ1Xq^UchhWvJ4J(=4(h;OG?c$%<&|;SO~C+lA(JhR3o)h4U(P+^@o% z-UvxFN&EgbWD*XB^Q7yV(nLVFJ@>FCaO+bLQI6mBO;A2*WjQg{l_!ZssT53(@wb_O zfK(hUi zz>*yxUVT?MV)TcwT<(Kp6UdVO>8<(4j`yPBUeJfX08Oens%TX5e}nU1gZ;n3`F~f= a?JXgiqoSew@d({*;AL%TXF)LcjQu}Hw#Ih= literal 63603 zcmd42Wk8fo8^=q^QW8q{l7g^=bT=raf`F8CcP%YQH&RNMprCZKbW4MDcf-;R=f>xG zA3gQqd^@tZ>+Iw;*UUZFZ~lg;D9K`DkYXSpAYjYONxecqK=J{88$l0%6yn?hWdsED zQ*%j46?sWXY83}t6LTwL1O&N|fCMzv*OP>S1NEB`9|zHK-DBsFTQ(>R9-WDsrn9sG!OBkL^ZZQT zaD09-K?6fV5c=G{B#kU)1a_8T79<^_c|h~MCnR{48kS>A5+D6B5?=Ae-C*ewr(G>@ou9`W9ZJ#Kmy~c= zO{hY}l;7IG@p3CWcUK~7iC!*pj6_yaE^U5hxX2%4ZX)N+F1%kpe_;MT;8+Sw;JQ+( zbxD~>uQz{{g%PsYI95H4!0z|}q5a~mR@tNXu>=Spo7=aq>#*N5ar)%33I-(BYHJC& zzZdtW@DoFkL(4&g+KO-e0s<2% zK?dnB-$x72%#hcc=;>;rf4I!o~jRzd~&+_h>liQ#Abw zLXD(|3j5;+(vsv%s6YK(#N1S9R58>fP6nTBJas~^eTXe~mdRm8>W=F5{v|sJp|9~f z0u3~i7M^0V9ke3f>_s|0|3`{q2!Z2}<8yo)rSa72UFRS={lLNZrgzGY(g`EWG^ zLtHu&`jz#owkk(H#;E_6*h$7-#`#y0Umnj06(zX_-(_X6OH8pn#o=>WIqa|G5d)Zct*Nq4phpjD##a zqSdBl%@D^hxg>Q0afi?4VNk35(ldKPK4o&u#PFVGiWZ7aoi^+x2D^PY9gJL;YCjmK z*%7XJZs3W0i{yh0J&GeWc zl$+lFqr#-*w><4!py3ey$+hEB#db zyVy?oMDYZgJ&8Tpf!x9DlH$^br6c@d{4x9({2Kf|d`WyNI+BkMKOTI%qMN3plF$6| zEC=>wI44q0CnhO|Foq}5rxcX@V+1fC1f2wXY2JBe(QZZd38j(B~Q9d#V-8QvcB z_)?TPFa{ZEv=rm8dp2P)XagTs8DSrW2QLcKCdC8|DP^-|D|aw-2rV-#n?ItDWsh}; z#mfbagnb@>nS^pwaL-z}_aE1PF3~KVG%pkFt>|6uBkRq3lV2FF?Pj%F9pH!BlQryT z+g*%RCS=iF^|8u8Q%zI2)U_4ZdxomGbUyBP7c^Yp?;gHtCLl-BI(7`_WPD%nw3&VFWB(0HdIIU$?CSP;rhw1=-t zDbiDENM$4%RUF9_`YEzJ_-S}bcxflJ+ zt_B`&4jT4Me!O(z1ZaZfYMW#2cu%3So@mqP%9`DUyoo&8M-w+2SQ7SNAUD}mtaP;K zz}(}CII342uUKFAyqf=lnv*I|q_m!MX7g*J+GE)$(6B=}c`$h*xt4R4tI9Oex^hyx z26YO*;frO#(%8sxBDWSC@3a5C#Oq0ee5nXIb^AW61hr8 zJWbo#jteJryy~!BsHSfCdBJBgX*Rm{bDf?pw-Hn)-cK*=?UjF}H6Shf(R!44@OuQE zY3>%VJZ9@Ml;9)=yp@(>>$+YH{v&srj$M2vJwMxCV>iw@1@jH*sP9ZPY=Pf_5%*ioJM zwm4#wSJ%%z@a*RMwWAy65Be$si`fZ*X~K~XTO1oIzHRr)f>v1eD$%Z<#XxsDiy*|k zVFBqt;xwQ=jD%=ipeB_oF$)sm`eWN2%D-_qYqP)Cz+$6bsN)QCuj$NPU*Zn4TrW)4 z5%u`smc5&M&^M-=J(r**Q}y;T{OYZ3@{G+s@9sXa2EU#Dpap!G;!03`zjmgczudy? z-GtBioZJTJPPeW8+ZFnmo`{@RG2CvN$>iBt%wYCX=W(Z6WB%P#FYj79RT zBA>_gg)N!)6<^Fv++jKNl})MlbDyo5@@1#Hve5yCG{MJ-*|lT`wb5;0pGzaD1=lnE4#k1C6d8Rl9t$`K8W?NHnUrpw@QxMG%Cb0>DRWV<&xTsI`@i zqX1MG{5yvL@cBL&0;c|*#mQ0_tf8nvEotjuOwGf_&c+TF!Jww57IH8$5qKpf^KWtB zU&3HBCnq}r2*lOZmCcol&DOyb!okna4`JtoaB{K&IanRtY@GC=tTv9c|5Wn7dZdgU z4IRwwoXl-)sPF65H?Vbf5(b0s8~X3hKm9a@n*V9Z#_``_0Rx2Ge*@uQV~6}d6>~B- z`F|;P|II(eevj*)=7jDm6HqaS8e3^fnOg%^1-d4}%g!bAyP5ynH-9?%Pf0aLV+ToF zYoMT$$e(HXxA5Oz{$C6JZc^heHpH-DA9AA*3ggE`Qe{=E%FID{box3qur z3qkG;{FlN1na$s+z;udW2todH4G|2;*kLaMf*69ll(;GsaVHh+)8qEBzyUU<3~D3{ z4B{>s6+~$~R8=u{Syk1?94sb9B#^Zf?|8aUs3I}DEG|2BD3Xahv$zT(9vyn`ysdad zeHmBX{ZColyqj5VU2SdtLAzt^N<#^F?jWj3qSpfosUW9clL#19*C*|lEP+F8N+Cm%Sv9>rn&hnDHn;F<|; zb51;5#Q(i~4<$1={cv#7^k55yyF_m1KL@bKh3N#9*eM{fD@aY# z%fIXXNKdbsx`qEw9lqbGRmx2I!pmth&n4mAQq)=?qb=lU*6}=-e`^u@B*s8NRihuJ zSN*Dz9>FlgOb4g>lwtZh*?DSFBiQ;iqWX1ex zXF1`2-A2S?qC!boAJ7YxN@vXct3;eKQvXq6_(rU3v8M<^E%Sfl43(xPJ^i7P_@jW} zzgm1l<;9kY4CY*Q{;NR@l^&PCr`z9~g^5e)~M95<|5c=61A` z9VOzRem!m5IN23LYrQ*FVNMI*t(u?mxx3P~Vd1IoPzkufy!-LSV#4X} z^t8*gwJGnsr=v_RYwd33^v?IPe&)yHN!*rJKjWU5Ter^p+*t#^UYX7;AO7t(9XJ~A zz_pj7Q={JfU=+Re8i0kF&i~cq%81ANvl1H)BS?`R<5(o>LMNH->3s52wC46 zK^o4pShXsj29yn_pNwhQR($3%tu^ilCpjII#F+#}Vhd@!c9>!zV}JKv_-w{8AR$cl zFyq6+QlHz4yg^vE33T&I;!Y?_p&U=$;r}crf<%IT#im_72zR0Ixjx{rUy>?#^(D06 zlT(|7JPA0&rM*S@(7-(uJ{kUpO=NkN&;Sk8fp4HQI!MhHIXB>K1cNae3R07*WUF&}RnQpoAsFrQLaotX7 z7=>LE;_0Mm`lLVlqm;8^z?~bIB!ATdmG@uy6SuG=bbVzZXWpG}Y@CHIN1OuHkj~W> zV^fLDB=OqX1P2y1-cGs9d%0RpS6cIhSq?C!doC6F790L}TX9HkipC*M#euTUkZiTo z(g>wTpSP!g27&OFYqmxU64idZ9gRP@J{k}#dCxdXW~J-4N>KHJ1cW4%4~ho7d&K*E z5lvF1X(UXu5c!}bgOXU+p__hfq`DIDp5Y4pAPSda-Z^ONTJPuOw%A6hd*`XY+N(Pq zQ5NNY`K!cGcD&#8?S-ZpHWm%5h5ix0vSJ!pGW zIie(3b5%F4>oNHxFJ%e#Nqe3)N@!`X9q5Rm^VTnWZMTH0lkN3>+LSB6|0fHI8Z6Xx z-M)Hu?SS9Lo>x!mf>m9HU_XzbmUkuutd;K7bq$IpE?i%Rlryj>#2AbBnblD zl$~znn7UsVt|^uaQ^jI()t>ARQQqYM-tN}_L7o}`XoF#fU-a&}Y`XDy_{D6)9R&C5 z%ZJ*S#`aMHP8-pAy&3b#FV=+$n;lQB!4apg0vjuvBoj>2O%bx69-hPEnz`&QRuk7P z!vtyi?hb?qjdW_ALQs%I@I8rV@j)wc3)T@R5~BE?9Cib&Zhkn1bZ{Zrgr}PLzAR@c zR|8y%x@jC52Fk)Gs&pH&8<8bcprfw!bf12cm4>UmFcgVlYqYc)IqFZdJn1oFpXxZ} zK|-#D+Iuxs8R@wNiHBWO!FGv3UQcl^W3nR!nDL=sXAi{ArQcRq5LkD{DvOZt9}h}; z*}o0@z0Jqr`yLI5&fnau-7FG0$>{HYH%d+}bXXcaD`H`T*5ys_HC)-O^9x?A#Oj=L z?_AVvWQA#yrsa#V*W`a7(ke&ye!wI1!3=N zrHgodq|_Fd`{BGj78t~sW*^Qz4J<_qojR9_?ZUc#w3dLzfAJxHd%^VMBA~SZ#i73uXa7n!)h=?oDF+`dX85} zcDXZ(_h(0TC@)AEe5FsDgKldJt;ugp3pw}+TH z%`TXx4{LhokP`pug##-?%O}G5ra{6S&5RC1LWKn+&I&TXb7NRccLX9+PmSI@6bMu z<(QJ+;3t=Pm@eD(Sw!P0=*{H=@N+yoVy_1^N)mP;jFwVVlJOpA9q3|!5}p4QBKRX- zlRr70ldt*!sGZQHp?9v{L$Dda@{$`Y=V!~XciePDfL(BP2=W>hwFdTN7x^8-tDUka zt&v77Nfesng_WyMc%=Odv~*z`QKq*7p2TD8G&7M1XKSr1JFWhRwEksJl1-x^T>c}i zr%lK>)y?!X%4z&9RlcU|Q=;rCiMVV?F{TNoU1UD&u#IDLZ$&gp>BCGZ(TZf7+HSZ0z=srDk)2mXuf9B2y1p=6Onhd* zZdWBxvJzFsApCi#A{?XLFesR%7yj#=(@x$lG58s%r^Z@H{+CwtP}D>F=c3XNi2Zke zy;gQ!!m(wzxr0AtFlZJ8*9YOGP{ zmM#D@I2o_@WT5;$==pNWHeoiE{(^@Gc(p=Q1xh;I72tmGB`K^2UfrR+ShhG4A-If` zlw-j)Qje~|wV&oz=REc+Xe0SrLSDga#qTPrtrxy1e}*=IFge}eX&!rc`86QfEFk#BmEKUl_xrj0$yKndBYA5Zz8R3J zH)s#p0@*Ij&R7)uI5aY4N0F%ya1%aC(eM+T;nL9cIvMTX?kJP}6kkL1hy+>tQ&!N> zqEHWLTSHw$SMukv9w)pX^#*Ywejkwmz*%#L~kpAo3Cl~!{bP((NFN@t5=D7T~XtoA$b0#Znq0jRk((1@+f>>=ao2@xSUhT z9+7ASLtTk!k-iI^ueVzV8m!dCQtpWRl&&@}7o@#Yte*cbXz@pJKtd!GcPhqJGCsKa ze$x|7qyx=tgZFUiV+W8oUByIREQ0zt)|E;#`z4ZAA1)g&8b`iJOmqZubo7wvlRcDW zd@X{^4qNYCmyM$~!s`G9s$xMXj+i#-u*ZASrp_iMxicdud_@! zM-Suv374qrKsiUVL>|T@`$t4t`a9m|0mL3pM>nVhQj|j02@fZ`$E2 z>=ud5$lowTf674pd%}Md@m<}9iDz+QJdzFRXW4XWGiN>vyV4!3Kih?TRiL^(anmF^ z(>2}_37YI3zqF15_RVk}C; zkj7!dq9p16MTb%uZRm2>@q7+yOn;);FS0<;c05sF@~1i`dn9}x`bcep(0@WM;BT=_ zJf?WJTfzs85+!Cs29{&x@|!v}7HnK73|<_Q3|{;-z2)lI|Hgv8OZaB>S2klcBe(6W z40{*!JOlHg1T0p)69+t(AM7g)+Arr-zet0c_GW7}j!f|V?DwPb|MZeN0_C~X_2MSk zvlaVfF4r_}>){FXdI8|*eWNUL)BC1S+dTDj|6M1!Gn5pfDE)7A^Si5U_)Iay`%TTQ zR{FSW!ez>~mZJ`dLe?Ahc0?Yx?JxUTCW^(qEUVO~g*q!}|JVQ=4TMHSKK^d&{a2$( zA_q{$YX+3Gh8ReML*_hi=AV=%N-@k!`85I@l(&cJZ--qS)js~QbQ^xxxtU&@?(W-) zEXw-vdC$&WDz6p&O3w=nL#l0iyKx~eL_@NCuRj*X^<8?@RlSZ=G_UJX8B*yac4z5_ z3kQ=OHABb8iKx{INu=cRo$B^5mxNmw_ia-7sTnvR% zih4OsROXDcy(h}IYG4}3A$@gu@$5mMDiC7qTl}Bs2jXvAIpaBh2z=-Wj<$R!W!rc( z5Te@;&r2)WPJCqXQ+C>KL^a;IK%}n`n;#`Ds${lU&UmAC1U)z2!rSk z*VqA5A0+CWN&dk5lNOE-6lKySVEfbUNolbqNZnr0+rK=EgdQmR62`3krzfRh@7wfT zW^pQH{-kj}2a0Ax)vEtE6>!1`Y22x$vWWOAEel^p&3HYFxa12pn-ue|UzN@?i(mIh5{!C%CG z+2ko;liowM&A-O4h7wAC+LvFTV)&EWm;OaU-1hcJyP5)$+MDm?`5cK2oN`)U)`bH@ zU8FOX@V^3qy$qY~5`U{E8z0>ZxrfB{Ujrajp& z(4RCWlKYLiRkPwR|9yiCIA-W{hRk1S-9Q=(Nq@fdAN!a30j~6BCUA+@U@=RY$NDmS zi6{sEzn%gH`F;@qT!CHnbwrSv%2K-JsO77ElN%g)`G8;`nRmdXFUfd!x(f12@cC8_ z0n3|-PbJIN$7st|((p2sxg>6DgV{RglC{31^BjzlNGb3sz^t@V1)RUz%+{LMt^LLJ zczkX>$v6!BbzCNm%~?c8{QzxJ93?|@6-g4UDk_& zH$Qd?>-I|Zd~UcG32x`_Zqg|{c1m~vI^pkzAs8LW`E_|I3{nZ;4`CbUbg$FTUce#E zJ}TY_oYrtf>Di|1b3|dO(&$Zn`mi)sS!hmRcfQ$V;IrkK=y7m_r@g8?&$nOONqqKM zyN!3ZE@PUetCpC0Sh)5jJYJVhS3pE-7<;rc53t7}P9Fey)GbE}9+E3NoAxDf^BDhp z%=q(_aN@O)kM=tMddf1P|Loyvk9FhCX&Kjm5SLy}PXcS%Lka=D#kX;np^p74-Lcub zIeqOHo`$iamsN( zc--v`yzuep@JkteXDWv-8kddCpoCg=yM+b)O1mKg!T&ux`}Xc1o+7y3P*gIWueQ6V z7Rl>Sw^_HXZ+R(9q=GKrk7kxO4_#WZc{O4g6c62YYMnL>T7z(^yv}CFP5Y`S0YZ5L zO#a1iSkim-3xH8NP?lu5FP*2r&gMLZ7|u`Y?{2U590_j^KgPyB>Qf&k3+~4eId4*{ z1AtPz(@Fk6%#Qk@?=|yNrQ9q!>zdUBH{J4N+lCt9Yj`Vr+an#Qvg4*_)U|Rr~T0OfO)Q9t(<5PaNXN!@dS{l zY#Jwn!l#9wVpwpbov|OuLl1Y-eQrxQ3_B*O=DjV;<7+L(3wOf?su*_8S}-AeFT>6Z z0BThUFf+22gv2S4tDWWk#Y?8M_s9?J#-C4Ej_bH`PpOE)2M>mE!t`3=V8!UuCmTbp zZZD41C}YJwx$eRAQuA;Yc^5|ptX5uRYj0G!?7npwLS3JD!gzw!)~=nXi`PaqS7(~$ z)=>gmOS0SnP-Dg2^}6VuX6th2fwXVc6mek=BotZK#~tj?zPsmcRFM!kN3xn5yC&GUB7d0c0G zSk4svl200Gh(H*k{h-scVSyfKLboubiDh%x{DbI2w5K2~SvednI5->yQg7yEb&uH! zZ+wXul1>1G?c(M~RL#(RUlT5TS{$IzPTYfleiWz+8a+sSCil zw9Q0*a&<1dVBe-Flr*ubz9T}=o?J4IwYGp;_apxZTA&%dm9N>64p-zjmzlNY!20Nm zr|?{~TR+~J9Eq2$S-DzEw#`z+YA}-W^Y$I`5|Ld2ioaa}E*PAwkJjzk(o4j`rSB<~ znIOLiu$!8ZECP@nN{jDV17ei+8!Qw|To;6w3KIGT-y`-zB*d-LAOK>VBHQNGJ*Yl# zMK~HCFHkRHO2=fYZqmU?5o%p{5!N%{;~VUB@-nEgkR2yI=I8^&*;{>Eym@}`Q)2<% zuo3Xc)l^;pFtw}C{`Gu4oD@5**Q1~~OhJ|;WUEUqy-}=-57LAuOTH-N0#Nme`pc~X zmu~t*4FG}j?SwZtLrFIB9uK5>9?Gu^*DZyzU@7ZShij+PwAeNGjJr9&Ple%4$o*IN zMOZ>&zUSp)Uu)Q>`*`PfN_Cuuq-8|e1-j87#)&dsA>q;ba0y3BnagLTeJ4Zv7|PVE z3ySxF_-@-H<#2cShNrS9N2HGPsM_i2wCyx-qr{5KFqWrGwSKcg3YSkCctdw*A- zLZ#arobX6tF_Y|>S@a8>hIiFRol#V_z96SgbghoESS5jO;bds~=7>A6y$VF>!(bxV zIACOHq?hX-H|k``;O_Ilwt9Lpt|w^A<8?lP)0S~0cX<@6bGAP}U$F}G*)^}teG}xo zJh~!qAT%O+c7F|)wxlmTt?PYZy#CT_`$yG`qY~Kx3O;k^xfQA&G$k=+0Aa30Orh44 zY`<3F{wea4))$S+a}d7QJ_UHr&aKVZcTKKSl{dSl3fK1WAYt8xW6`8%<{v#W1B%jA zY{X^wuxM37X&$>x8tBTs^4_1T*Le%OgK``VOMg9ZFqPtvAx=aD!$6yZQFz18M{yB} zX%+$U-)?=xc^n9zHA%Lf0mPwCJDN~*Kl=Nlla0({HA{%fx3qRoF!-uqO_!T<&4}SV z@O0X%P8an5^c{2xT&M9JP(UqHKLPjBc}l6_BJZU+Y7qtrGO4ro8MBz-{`}2K8fU=n z2HA*1iW;Kgf%Da}b1%Nz%1cJjL3+h4Gjd4pFRDc4eXidyf@j-Yr8>UqJMe2Uh{`5g zHmX0?_8ur+IhihmMeP@gO@cOE=iE9e7@c~#dWpa&ysI1r>3cY!7oYD>#c}FLB}l~p z3EY$IxV#?12_OctlyLmtIT6D+WpeY?L;8k9AdYW}QY9`&ok4zcSt1 zmG^u(gfWf%Qi()?U(I^8)iJ-q>V3#e}{Y#-T*EuXDY3 zd3#PsiwG!Tz!i#sd+Ll93g~8iqbD&mAic_{Kih{~BBD0b0BT7R6NX^u^qu!MdVxTp z9f_#1r#~?*!^8i`ArLLl4!4Lx54!Ov*fr9-$W!-`=2KDs?6a*4OYfbM&cl>QjkY@0 zdmQY0sDOYNj7LE8>fe%&lvN!x!+3 znlL{+KAkYcQ75FakeCV}`5-h0-PXC{fS+Cr?g7zgO?mOT;XAp}d^Jp#LItY4R#tbjjB0dap4m}*<`bnf(&7;Zgg;uT*|8*Ub8z$n7QA1VZF4!grIAd08u)fcey zWojLKV)k~^CauAswt%!v_oiR$!~@jGpF$0U?k3#UQ;8^!RpT6-B7e`V8j>zT!k1H` zJ(HhJqfq;man;2t&7i8*(b&jNEF5%jxVHyv;`6B=ks0g=*Yg<1s21IyKmt2knP`z) zqVzUkdjMygq^=M2YK?_%XT8-EidUa%*Mjan@&hkFSh|hIFZNa!xJC4~Ae6#f$A6eB zbcuI~_tgy}WD?LipFAWL=w0hgU616j0oXVe>}JjAlK#|lV?_;@KTiT^VS5p`Hpf1#FXBVA(E3|3gL(IW!=tO$mUbZB9cGxQ%nWA>CE^CQ{!b!2 zp>?}VukcVvKAyyy`$6qt%?b&lYD9J1zet?XH#}HWV2Wtv;vK%O?ki{`EMTN%nmq50 z@ZttjgqUVicS2!S{5&L)?q=FxU|IW8BqrzyPa$wv+lV7S-p=|UuoNwh5H}Ep--_H> z0u8LrZluPHePtNud$K#tOWN;@-t41I3z5vl@s+Pmr)`w*?flqG4K3av>aHL#(cW$+ zN+T?r!PP(-X?FR29HOVc^vmevLr`2shhB=gKJ>CR6Kl#VN^tKATddwRBLa5+e` z_W5n_;E%J0OGmsEr^hB1>AN4ie+ZG~r8tB>iV0?tD5el}aT?HI_KUMTbUxpfOyQvS z<>lj`z|w!4Yh(`Gfv3qA@>BT|TP`}ZPOsDf*F`Dkt1k%WlpCUHkc|HcP$%W7gPu@A z%}d}0?*OFgcA!S-QlwT};giM^tj*Qr(0|RF61V=2aEJO5iagLd)!S!Qnux z42C$`!WK4L#zW70~Ll`VN3OYRf4*Z`OQ=gm5YFNFb)U&{iTjaSE&}_U|OSXZlTIn^| zr5RNoXt!{`>7{qHfdQ+`a`URJV@=;%Ov;q~htf`FXpQK(Qdx3gkH_x#gISSFll}Qo zSj1==5Un$y=WNds6-5{q4(P$cf)fMPb6xl6NbV?J>N-Kwh}}!44CI^Z#ln$M|}x?1s1b(VUStxwl*$u;u?g%gPYw%0DPd8UatmLOQ6NILABprHD>=`p`DAHsBO9_F%-B)Oi>%^aMdN#@ z1jOsGd3_zd8d@=`7N;O9F4U0Q=#Wb(lYFIkmfwNB3cGK3_$h1kbBaHb89;c$3WV@q zq;*gJVy#c^!*$e+{8xX%_2>7{$UH{9{tv!T!2poXbHv*G$3PGMdHD{5Glm-OYhzG+ zH%t_3J)9UD+g}t8Rv`rKT($E}3+85~hf|nRvCZ-^sMP^=5yXgX&$^cNrykzgc-8XB zU4IG7`Pog3NO`N^g}^yxM(`9V0FM|pWp!QW=CE6T=UwSK@9j2R{u^;^GGr9n)`kEO zGi4tv0*}NyLxW!{njAH^Ju~L>+h4rb6>HT_VjwushL+85pUxE42Bv> znii;RsCx71pURkGff4>(v3{NXhgD{n0coKfil%?@rO$NHs_Bh#+ozR#TV%7SYb)$O z4R7Rdsx%oOS`okJ=PBKw$^28RxFk9xu*w{0r8kM2<<+-W^oHNGYf81QMYd;Vw5zBu zTQI4|Fq;nprN;k4c&mv3OR2NWY@%xDlm3=Qx1;8~Jr_*m`)MK$fa1F72Blq7#4DLR@wx!x-~Y^L}{LUMQhYZ^63)no9FMBjfn-fWhv)1Q?q%Y`fM3 zk4X*aLISh5+F#(4{>445ax38Zt6OSF(hsi^EDF@z0>H&a-5)WW>uV=MB{P18#=qfS zb5MU^UU1yosWMauQdL0WwjAs23V3mCj8cH1$m>VM?!!0Mf4oX1|9*)OG&27Mb3Xz^R=pIa zmi*hkzi$oVn1R`R)n4@TFE=x~zbScYJNg%v{sKVSBGrQehrfoYc@N-vv?~5G{x|$V zx`8jDjaF(6c0*vTaavPidns^RX|<7zod^t*Hz;aG9c5W$vc z`gzoJ-CnFy0b!YLgJB8!y+Q<#(DiMN{UGz`0`zI7BYDbIxr)heZESA$W6SS?sJ!jg zcT0QN+@@OG%4x>#<4?1Xrmrh3)La#ZkU7YJtEmzoES&h#pTa+4()&qY%c>+`w|2Ym zO^t(t&sL~osw#PiR5<5af2!rQbyX@ipjXI^pSs`He1{pM?;y@kDmDRLQWiriI|W>y zgw6Ol#fh&Tt@V{fiCli|+Lb$LyFa3IL{e-kU2PXNT3w$X0JlP+s$t!7-ctu1TKf~m zcQs>$jR%Bv`^~aDFz>{glc*6Bqn!Ry4Ku(xJHBX?auZH_2Y_(o^Zxn0!UzyZz$$EJ zr$p|qk32gs6n2VRAG-W}k~a~ru4`Vm-%vN}dDM4tc;SzVNjMQBOKA=Wh{}5AGbPak z0f=;?U!@C!mgu-|ekq*Elnh$qC$wD$tY2AaJv{|T43qZZKtF8&;(5=tc;~soaNPl6 zk+!flE#@v`-!w-jxgleUonM_u;Shv8%J@SD*mh?)TNY>9=k6wAKvbgCcD`Y(P)Bfl z4ybMF-TQO4-ca|{h8g)-hMMi|nVPbjbHr)Btie zZPi}8tv6cM#(+MoG}UQX9$lFB4hZi|?{4;euyHUT!C4vtKQrdSAPo}?%4y^$Z|Ft{ zVNCZL6X(rg`lz$DvH=k;Au1U4qse=^*v8Ou9~`Ea41_&Yevu#8xeN@jvh|_h)6v&Q ztDPgfW?joXrh7tw@0M`ej+b2M z;~ZleRh!_zs|h&9(yrh}#)p<}`>K0BDmgJ$q$j#(FZ2=0g_m2>VR{eSPS2O4>Ua)3 zY2QO&a0$jSc-*0JkR<>!UhZrX_B>D~P4Cf=#EOkf-2Il9=CFD|()6Onq>praBri(G zW4B^YW2eTuk#Ag{1c2K=C;%|%0>~PtfxKHn8Nn}6ihn<-N+Wx0FDP*-G{Z zVw7Ovae20HYuFJkA9ha02mQo~)dDj;-L(GkcJE`}6XAz@1_O>sD#w22MT6`_xE3yk{HY)+7J?b)Lo@Z9( zX0DtnFzPnw*%i%+{`wV~!52V&GIZ@vXDC_V`2d%_0b7I%91%@7$DfA1186c1g0d~s zvVnM;^ogmv{oNZo=T zX83@UQ0oUd4W2YS2X7!`&I(!xh|bwd_rC1*!joEHxcvAUmrQRXh2L=ph$^b?gJ}B2 ziuJGr9A(FS0202*P_L{Wmv0Xiky^VK6DAW{OFk3-eeD@dkHQJQt*&IPni*yTBBTxD zB?9pk`0(=d`Mp9C_PD72H0hr9zWMT;fbl(`RbAEnNxq)^>?Vh2*6B5)N!K!V)D)n( z-MT!+HCc=j_R7M2*$|HYh@qMj^zG1Kjeen?%RdNL-qSGe$1gQOxCMbxNPn}VxaLGK z9_@GFwx=KY{GRdRg$Fkw4+C1rv*GLrD6gLTCjItoT@|K!3?WZp0H>RN;PefkXXKBO z(7^Nn1a{bq;*>CEsKGgh*_I?7?x93^6G@3A6GqWX{rlT*9@n`dm&1@w!9`vg_;G}% zxvHHo3$jwhP8Mc=$!n!8bH}w_=gluqZgF1=N&4@?1{ddmi-^g+Tku2v$Y{5NcA{CY z_c-SM6bBQRw@yOYAW6O@k`GVj$^qGI&0$wi^B9*2m2VqY8xexlLX$6`s~xYgzQy$L zM)v@}-$0WUZBz|+)PN=!M0hB4#a@X5B4Ej1c8$w!qXq*Jvq74T-Z$jRW6=I#eNVi$ z^KiJffv4`~R?~VIt}7Ul-9vsfPvJVV*fLeOTbV5A_YMY#gLeVFHP0;@^;iv&6y=hp zKw<1Q^r(+_mK#p*->7)qw{*e0WBVM&^F;CfK*Fg=ZMX!PvAb<@-$wxN0yx__Q&9-_ zUVDm7%--Zo$~ZGw@8NnT8@CHwJ=Gb&(+1ariAV!wV;o_NyVN_am~@p`k*qqkzl`ah z`hPX@8d2n}Vdt`L3iHFeoVhcIX?X=> zg1an;OK9MZW#4pCdRUdey;Nzpebv351r&WsgWy|e_e-MnmsB^Y8!rM?76PPh z{IfuHi>yz&a6KxJ^_Qe)w{08Byc@N&43kk0#+MfgdCWGJQ3>L?JK=l46T)>b?7;wC zpn4<(0h)oUG=q7$N23H%2d8by2Fb}zqynQ=QeD)ikAM))O>aORbA-TwXVjJUonT8U zk&aW$qfaZDIFvL4s{T}2af6)ch*FFL8sBN0K(2GZ?NL8Vm+8Zj_VoalJOd%o;NGe^ zcNSJk^Q|?^hvDWp$QqP?`94+>Nr;Fmq)hH zEn8celQyFdZ!xe+rZ$kf=b5LZCUDM%Tmaq@os>@&I$E1w~HlXTB#Mmo+C~f z(1D+!DxHiMs%DlWTm;_I4o50wKa5U%c^9sII#lj0^j1_-0BPyb&Ppi;pib&H#M2-U1lf$JFLi2R_$lZ`K=tBtM zq5SSN0bJ0fo?+8C&AF}Dfc3kn(M3keV_l9`g9jd^O}B(^OT726ge4NJq$skbjkb=|jQzmB+)*wR|l4AcB(ZC2pumjmf%Rtp@>1=1j9t3@IMzFAw3 z{RfM@x*(7=YxNGh4U=M zuyo;9)MYp>Q5->D&eNo;PzUD4z)i#}<$K@9nm2FE{ZBtqcxFPkRivg;^ToOMZ1#n! z=m%;zLI)|Oqy$tShbmJQrjC^xT%QQ_`$(dIr==`@HN!%984cjmm?}>O*w7DOkuafk z-~@l%T_}j4ui7RDy^J#p{Dkd~flOG<(^kj}ak$_-1^D{;O3s)!3Y!lOpxxaQ@}e~q z-nFC6iDWvS+l9u%`E#{US~#qrS_1;x-!~8*OL3)p0A#>^ewQ|NeDhAJdG2i5xNlxq zYF%0UuA^8C8&L7wpY&BoQ2-9v zk~nY#&P@CDW?d*{+;+K}(Mh4EmkyUl$hJg}IYj6k^u-O)pp!16wKR13$*SX8#5&&V zMp0!c;DqRFMH5|8Y@5p#JrsGoO#5B3u_B1ly$kzYFa`VKcAgJ8Bo)wF|Ez!S*=eiG z38lb|4w2|+z-naMAir~HPbQ{Z?CJ?2;`Z{r?rBO?9~5|5ckph(Ewkv+2T{;wU_>*E ze-&{3>BehI?wF+yY%&F8cwtQX2U+Z%HqhjudW8f0v>w}^zlyZ=8tp_L1hOyWJj0G6 zzac}zCSAF-=FB>4Mx%QACYJbH54knSTB01DMMZiex#`*|WCP75E+MnTdfMzLeTD+- zh8CD7^QIw7R5i?JDxX>U6Q&95(as5+x;3Du;^))lY|FL`H%7Bz6ECX5mOV4|2hsFg z3TwBR$6X$zJXS3dmEniZ8xZAcE;_bQWAs)H?fTzhI?`Trkl8xH;O}XsaD73qq*w=N zMn(s9e8nGOB~Xj5+!tkj9C+96-qBJItWMyfolJe@zPVPIiV0Vg)-j7?1d1zij9Ak9Q8L-5dk6e3wkqrlSS(i49QiJ2g~ zR%^|*gUY3LJ22&iL$G*`Zw?`fhj_Vdn0QJr zoJ2OEw|ia-`q_mp9+md58wUT?vQ6uX3uJq9nL|rjZYD7D3o<-j54s&hE;fhkjs)Au zNVVm53Z_3xLrWXd2ve^dXyw?mK6h*9l9`3Nv~CK~dcFjm$>xv?S%TswOmm9eW9ti{ z)>u`dlMdJX+GGRnLT^NrnJquTVMjAExB~o_b9q2Ot7kM%M!&`?ZmE!4=Ow<=A0+}&91H{2ZNn9JUuoQLJb^yi(1 zRW<(*uIN>OaFt#^_~!Okn$kUcTl>vm`*Xkk2C84*p_~gc|2|{jGpHCHnC?gMRK?kS zP)q$Y`e3mkbfz6GCl`U&e}O}CfQ@mw_WXMHmx%>{w5+m`&wtufSp(6Hu0w`v>wnZ; z%DCF|^M@a5hz_?}C)B)n^WmPWQHP+ss^+V9YcQ)9?hrN( z2=MZbvj#T+N5di_zg5H!g}*83J(LtfVSa!Z;KkD6HKz8T0|dXPr9Q|*`#TdZ&@Bw7 zGUso9`UPY${ZIZ3)bs!IEGn8Hsf_RV=labU9wtkG9(Wi3%4YAm7R)n38Z2FxltNzi zHd(cjf=snSNpQ40&10;R@Fbt$2YV|0zv4kn1!_~^S~=!m~}d&{6I+xTl#k5vi$NfiV{Bm`-sTe=%0MM9)O1*JCK-7O*A-Q9Vv zTj6=0_y3+Vb7tNzXU@zXKWw&e@B6;ux7Kg1b@BPYv;3W-(Ze6QPef+rq^lh^_=H^0 zq`Xe((Znj-TQtcu#c`Hsy{~^MYL!if*wdRu^bE}I2S_Xv1|c2!M*$ZP#9tPpVOipD ze|vWZkI6JN(W#R*Ge$!l7y8o;hZ^E&NXt8lKbX{siXthj@D^L75iC6j$B!$ zoIe$EzcCC9*GIP**EeAq*ZWqX&>?H8ALnObRZ`4}dXy@bx%h}Ua@#a~o2dex-!V|0 z@{It8h%w|M1)lM*DM}Gn;!G3**@P;jtwjwkn1=iYv!d&3ukW*Pm)G=St3P&Z^6PA~ z;}GR9)tPfYop11|c&Ff9Uqt1iLh7ijv{y9B`Av(_^4h#!MTv+eS{Qm>s1Frj0*HcUZyR@65OkP&n(83dU1#sGEpk*O|eIbjqk_I zC^aFd*m%roLWQj=516cp3=v=4^C5c$X} z8Gc=GdxH3?Z%Tq@CdBfV?rzOAmF)uRxtEwxNdx#Bt*JkPp?2ATgIXgN81D{Gy#t7c z@|QT+RV8iUUC5n3lm|JQxCDM^bY5ivsFhh~g{afd?GDqyT%{jVQ$C=Zrv3CiFxl=x zAzRG^Fn%78I>$n!4Cpp}tvANU)Ew71epub%ClciN= ziz<56=*Qfo-?1wj>QjxA!Sd~MdZOmin`Hjm9s;fbQE+FMnx)>3tJ6=GFElJMCW?-u`ag|Crr@0{WjmjOO72zQ;OVmIszXj@*I zi5==q)sFn&5>VNOBuGJ{j{)!gVeG5Br|(d$SioAlKt<;3wsP`hax~kVg&R}8iU>{5 z<9^fZ!iKDD#+%h<>&(Y|${XtPYbM1H_mwS2-!uOJHL|O+>#`3!4X=VxZ!7a`n^hY} zeCy6g+Dn>&@BV~z;wL92`a18uZ9_KAs726w&@MZ+pow@dl&xz5@Pk^wQ=S5GIaww$ z0!KPMCb4YVJ~+Vh%_Jb-7+|ybD+$sN6xBuM{;$NZkBNa#Fc1}??9wyqa;3FTOFRDanYDf42>IXb)+c!kKt9rPP5Uc z4yFN2!xnLi(TZyzh``ze{Er}r%z`v>@aH1>%<7e+kUN|Y4Cb|9zI8-r9A8=Ct09o% z5H}D8=Wf~`wUU9DV^uyL_*T*TB{@1)NYaMXW=VJN5HCluOd&H(BIFm#i3EkclI%Pt z9CN-8jGc~NIO`LOIogs}IWCIuDWADPzYv$VRnfB-Gy-2JW<_~X0~lzv;%tT)Tk>Y~ z%7Ae5t>8c~8DA+2gVgS0;HoYIp5E1Vj;?$Xv-0jY`TF=5I^Qm9386daI>2v)A`%O= zRSH{ZW0Zh|%>*>Rj>-*k)>5l_Avs^Inv_?YFnS<<2&wknyKz%nrBvu_gYFhBemXGYoOW2x;@=3BE?>TdPHtFdHn>CPZP#*K}DskBnh8U@o z7s`XK;JC|)3GfxqjEZ(a4X^^UiE;h`hzE-Umdx(?+4=c9l7m_YbxrwKo}U)jp(4t? zPkb$p%j*#kgKyst^StE&L{)h2N4CysMg#mrRDa{4@@WJb*SCou!p%lsaF6Mjm2dgP z9AIydSwmg9xiPS_jSgQlxe=6y*sXF6>(dww<$e>K?YBcQ8c@4nryKQoYd;rZx>g5l z+cJejsRLa!(>VX$_?)>jFmArL`^zu^k|~rO(l&`7v3p~wJvJ-f zjJKb^?YLQk<}6of4H~&`@0_iav&kZlfEMH1#RwDO7Q12eIRRj3XTIt9>j@e!3r$l6 z)hg^$xdv8@xKF}Rt!dSnP5P?^bxk+)Z`qVP8CyFlft6o3)SoEGDx<_ns8rdAfS@~V* zvN=-8DO|Ny_VDoSggw`^r#jM@;sYK!CG0Mh;NK%oG-XF=COw^wZA?W{j?wh8mz6#y zb*RnO!CaJj>66=bi&-V}U-ZYM)<6@>m*@IZ*HpX4a#uf|dKxV}?M)N|(z;TcwdLA( zc4v1u4QFX9@2yI@{!m&O%1b5mg`6TgBsHke; zja8Cc$GHmnSe-Gq1QOspnrk3NV7%Z*Vs7n1gDFSpK~T|n0mTio1iUrr=;H`Uph83S z@k+hn&y@OjeIWDYkWbwBVClq;$gifnP=@+f3){wn=IN7y!o?qj+Ce=Rx=u>MMvJ~8 z?pnz-c$Y#8ue)i~#kj23()j5{qc{m9M}}Uq{TQ1*lId(8hy%!Sp87?=7@b$jy;EB@ zM`A;GM0s*qpVmdS*!u|vCe+o!Y?Kx#?~)qre%ns5SmJ&_;VGfDL%>e^RlG{* zyD`x=N!dop&JWX z%@nc0?jst5 zsesYM(rDH0=@%>=zE_QlDuLH&mRM13yy{9&B91_*QC#Vk6Ss0ShjWbUgBIx3mV`%{ zw6baM--?+49~a*pJE^Yg92qq2;xcW8AA5cbZVIWPa70;>I+A<2R`kti^(WlrK_Z^U z8e5sOyp06MD%^y>Bo5T@ zwn0*6IL{?hr5$O?c4F;lOC=QSdWF+l$=Yot7Cp+_)zCC_^dE3^5L0%FJ$f99c;zBJ zlX=0SaLtl*OCo7yC;5mAkM@%(e*1&s3)~oz6bBXK0)xI@-^2qg78|lugMX~c8IVD* zphz5t0rxsBN|REP%Bi18Lf3#dBH(Q~-9YN60W2Zc_^X^KSq1boG)Luo9f-xa}}Bteh(;3beBwjWIiC= zqz)lGD}-CQ2&$$D&hOAYB9X3i(vf{-Q@xJ`eWv!U97(S@Wqjg}2kUrF{_6~ntD;pB zT(@pZkSxdZ5I0fvr5weMzZ2`8j2i{}WlX}~`d=OfuAOLBe1-jAfz37WmILnP?*a%t z5eaxP(}lQIqUbM?Eck8UBdGu9A9*IT9m`?wF(-B0+%Mx7lNUeg6T$j-@BivA6yw}s zGr{-5`^O)%V6zOR{T3V)`zof*>K<}`|9FqY6vOcDdR>Pg)J*?$`ngv)c{6n1Yp?2UnhFOe$8*z#+#Jtd_5J z(5FMykQxYG(W@$>Qj5gs|MX1h2>?|4@V>}8lRA_L7%V&fUmN^TIsaq2eC{K(b$l8j zMe;fTz5d>2_wF~Y?Hw_$^QLcHRyFi0rIx_L(n8yx_NL{|K)M#$mjQ(Ka9`p63!}S^ zKmSRQiiV7q?@S}^EMrJTSBz#k8x&S>>iWw(w;;pV&YLX&SbHcu;Q}MFYAwkYu2iJJ zx%Qo=C`Vz$IE*`G|MGDrViST1QpcT54Qvc_RVoQoc^~YSsJe@SskgDJ^=nE#3aOqi zMJDMzEPS;;&hGG!6O@P^Lo!#A__)W98^ zQsUx+AJuqUtf<6lVHo6CnL#yL9BBXdf0KldfZq0Mk}r8KXtv#~(1?3*IZ>X0ktT^0 zmK)A|U3`z&-rTp>_0-o*MNcNKD21%jaSe&ZZ)TRJDuA$zy}yL(SL8H$HRS6AnL(4w z3BbnT3|Ip$v+>6y0#3zaz!_+BGFKH^htrSbnemhbNdTcP51-mLOxNLp+#t30S@O<3tJq4rgWN*kF%Pcwo6jUm?cQ@*50WV}d{^d_9nq%KfiIPGho1lC_W5@N9RFK1V zKlbJrIk#ynPvozFg8`S|;zi+& z$jH-eI3&W4r@_XLZ?;?isgQYxe-y~vpnScta}b}T2Z;%RXHPuj(vvHMEO#&T;}5mP zR8hh2N--RI!QEyCpc>5w*r|&w9;h1$Ie{u8!#?Ec+3{XVlVXOFCWJ+Sk*^<@cNS)g zJCy^(V|U^f9QRiZGF6HSzez?71B2|0C{Sea>xD-(^Mq`}h=7g z7At0%;ZX40v|2)%6;7F?-rw>klt&?+qY}M=1Nl*xE#NM;ovu{HiD}5&4Ef2C;kEXV zrV_I5t_MOHZvIsuO>YQfwGlHlP+S0!UhJVr@!>=Et+0Ar!Bca(YeP^jQ>JE}&weXI z_Rag}%>f$atGR81`3%|RJvM`yXel8?(`JJRP3c2O0LP_KeJ#rO0_KI@2<2SO)vfsQ zgMsL?fS1B3%1kaYF)li=DD8K&0pyQd<f)FcqAh-_m{*rDHNJH8B8lFRGLsmXlAH{}BcSLaiSq zQBbH;*6we&v5bJ6y;a~#!=^J*x!i7ho&!md*-);ok8j4^pa&eR!rDIu!6I!^b$*;) zU_8_l*C=^Qt(T?~x=ihajfp$455#bL(V1wd z6<0c+lsZIXe_jJBwMSc<;9iuLOatR89^Exp5UNM>*v~dkJm^j*&2k%7RByh)D?Xq* z1p;0}=8PbX3Xn#Ioz&X=ik4!1Fh{%6QsY(6bhgOOoge;!t~I7>{8qeN(<$m>sxJ1p za0JJ6%2CZrQFTPI7IlA;vf&x3b^v5OU8^`4w=&++-?@iu#-lb1rGc4(DNQXXm}6~l z75X`i4-Axo^upo!2EDXh1liXcUZkjxLtaW`Jm(SC$8LWd(8_B0E;W+#I2*SYrq;Hp zTe@-}yE)t;;2;1C{jnF3<~#`3f-IB9z^M2!&S|@)|L1E4c#4 zX(xA{!PT8|sCG}AWwX%gcAlOr!hHsIbDGE*5D)sEk$Ek%9Sdj$KK(}eIHM(eM!NNv zYg7IMJGDyT^s&SX@xVB}luA`4eH->rv--gy_r;l64dso)yc899Hj|%8>FvoUm9t@z zfSLe0TU+PXM{-XRl*~YKYa>D7;Mpdd$ojp2|7dhU3Ba<0WUu>e z@-0=ecxrK>3l_EJWHA{H3p`QzVC3{;vP9Ek!L0JAk>7Eg+zH5h{e&v>w|=FYi*JLETX)wX7hZS1He1%fSY%CGfjlZy1wH^HF;W8qkP4|-+KloY4%+fYPGk4webS`v<$dAWp3-JInRiTU zga7GOJ#^2&ch$^(^*K!@WY64t=c^+L9u=SztbPAU<^JnF zl7GUo@GUK13Cjm50bSGftEUCUffnZ?hd`P6Hmm9`mD2p#h|VWh6bZXGA2+$gj+~Jh z#wAdLS?xRx^t3t_f?nuNSbZlIUQ`vdqU#aN&0hdHR*YsH5wIm(owgkEr(@=fK> z+nx;@dEy9!yu&JaTg9AD`M~?NYk8GX3ojUa9kHD>=!xv^<^mJK5R{#;h3bFz5#7s2 zpRS!?xD(DjU?js!t+Mr=d+|P&z4)CdE};}h+8juGC<44M-J@@!J*n+#rUR7^%iLI5 zkwU(2Qj8>7@51?DE+jp5nc};=A?m?oeU>|vePt$-TO)lryR}^b0)H8Sr=W46@g@PX zk3B~@D*JMfTtEjvR2Xt@o9XaEM96oRf{zI->@Fu!32tpWl9c*9lRPo~T(;BGEt z0{^g!z?}s!jdz(mritk3-ul=G(>Gb?H|c?NeXtz0n?4LQW~;Rp3B;Z0f3w5@d=G%2 z`SjaYFMs5osy34vyBnA?eXM$r4 zm$NwS2ZjF%5pHpo}Z$iu; zZNPI+@a4ax&HT^Av6_vu+>4gfgrPG$eyyv>u`h=5Z2w~VP)G{V7u~?G{XcV4>>Wr) z8{%Cp!gnyajAbW=*M4(#S^OuWOXwMXv)>_vxj0Qn2hYm;0YUx_sB8T*f%yk&YQ}IH zMXrIZwI2jUFLHK9b2LHRy-I;$1Vq|{N<%jQNoE+>J@lcq1$Y3!kJq?ur9nq0c_C9d zuW{UI=fw$dv_lRe8$ed8%(bqtv=q6Y0dBjm)ON!ZFxOTK=KzfDcS}$VL0|)_JfTwg zkVz#Y(WVsJ;+&?P?|%x`!?DhQlckNhbdr>B?rS^<-cgNW-h!hgL+r@k*K;pmp8$sC z1T!el;S4x7`pfOD_&_{ooSz6f@FWdjlmOuNYrX2ig{~b~g!D{C3azI%Km#QY^y}(> zDrTEHpX?U^etEFxn`8pgDibBuydn3xsvt7r$u# z(N2GWy3!yJqz81X_4@cUYmrB6C!E(n#}fe{5}mPLei#plU&U~Np%}kIcGXem@tLVf zkO^_UI12-_Vh#W!S%`>9}RD8OU&h3w0VX1X~+Faf2X~g%0fr6_6gj2DI0f z)?xdzpJax^?n$l!5kQe7OGV$f!wM4!LCV4*d(;;vC(Gv?z144b_Qf033VYEtDDL+` zezjxCAe4n?jkH1W{W`_g;$L|^^Z*j?V(3VnPQ|5@VcS)2W@!R*$G5eTg?NDL(2E4^ zw{`wRu-Jf1qzs@F*azVzkYPvl&ILa8JMurhm*d?fZ4SN8e2D1~I6u^;y8~eLns5cU z+R~9Gqs5?YC`(_IMy&=iu0bsj-m{Yf+a_tADdZS7?Xz%3l!D%S_91@M~;bB!2lgOFhBBbep5Y1tar0*+_~KPdifrv2$kE1kx*o4?eM@jLFnPd$9^ z>azOf33Y0m%@-_*860EK@gfZJ3dSZrsuZ_ znH#qh85dXMtIpV%v+uiJ8<`n`)pFAN5Vaa<$U_IX{Kp1q{8F9 z_}L%mT#bLrDRt<@z?}C>uc~x=tY5%h4wCAm5=Dh5siXyJ_|_3PZc~crX3z z&xCV8-sR5!llYldjr@V`e4NCjk@|1)^Is1)+vByx9dGU8^=n(>;f(G|R#s2K( zTK~^FK;e%o-Wt=j)}sG%>Y^aE_5Nzi|39M`Io_0F!rie6l)w(pq?}t1yoK)=6tnUR zj0T9)xm?;xff_}j!ofNn1ctxI*%Vq$aC3rqS zl)8HjJcLCXdJ?}TkV!Yf1o&|TC?19&D`^D7igp;L#N6LNf@V`BhjiV8vzIGc=#z60 zGY6F-wH_?7OtHZ*#-F!DRpr!yJ|T{qRn_;OPFDsbh|6_Ypw}qF*8*EcJIyILV3HW- z9YTaM1O#E)5W=KJ++SF^3aoABg09v^qA$J}8K#-1*VRcg580F%y^OTsu8fT5r#7RQ zn9u4*o)-TD9(Ch@2_KUBx$V;oFV6U0tB2XBHFwix+pG#J9sf^k{sz|BYJYqinbX{O|gT-%dlIa3kBEgzlSp7`sLbJA! zMfN6V`vTz{$6=pY4cqP9e{Tm39RJ)Dc{}+0`?D0(p5<<0%h~3a%K19cISS`ADn%wy zR*jGBmbULzh~M#=*eByFz$zAxuU|L&{CNw(h!J`XBUES?KXH!bIDUw8U}k5b%drXj zx*xC07Dlt{=H!za+D>$sGe*I=rhuk!T||i=-M42mJ_1>9Rn&jeN9fG2n(55_9kINxAXE659gnz=61A+&Ok+^kgdc`q zqE|nmBw^NF<#f_cgz=Oy-YKSp6VmobE)Sn~!iBTy9&KZ5;ari)o3l*a=O`w?6+W74 zHDLNcAs-QFcfw?U)Jk2um~uxLoal1HwM!Q zP>f;WUR=B0^Wznra*=7=ERZ5D=76k%M1%VWpuN!w4$je<1<^JI?QwhqRmusDeh)7S zy9YomFAA7|g$}G5Zv9`BC4g$5bKpoKcLp`v!rnrCd31Zj;nvKzmnq`(xGy(u;5|-s z4loK_tm2UWAtwfoyO{~xR%1~qlp=Rnq>2W;DsJY!08o)B%W{9F{T?qnV#Sc~s{Gzp zoQv&ZnPm-E=JjdsfG07H2fZciy!zs_&{KsTED}bs)=`~|HcGCCW_CW%28t+3L9F@k z9Kanv((C~``X&|4ekY1fhCFA<{HOw4s2n(s2-M7u4=aSdF-zl`fXsCkps7fZWc`JS zMY=8g!7KTCXYf5djy+JqMVw*sc0-*p+%lA;RLzu(nqvl|#X0Q>g6hyo6$S%Yai>6E z$PNndBhX;d0j-TNUaNNn$^78tlpYWRb{iyVu8x%{iieOhftJb3B;6*MabV5y0)={t zI8M!HjU!1ZbVYvuB@y9PVQl395>b*$LJ)h3RYE^&`+;ATFVmGuQHTA_fQ3`*VEMfd z@ZW6(E3TWJ2YCkj*y(D)tK35>@y{+N*ebFrzN^Jvu11YV4>;bU13)-ZB3E$UP`Kkp z#ehoR_X_~s=+7xtjY-*SK6w8E^fr-OF`%+j*6X;8`ZJUoD7J-JZ8pZqqP9Wu*K=@& z)f}kw6t=hl)*^CoKHmL!{RXN&xswn~n6+}dmEjAXf}mHIz)AZGvG`k93F6l9IVwpC z@&3snu!W=amjWAQx{w$UrjopPH`K`x6GCKS&lPi+rNQ3N|~_JR`@#c#sy`3Sd-UvPz=Rbu)5qmJAKg5#mTC z$B?ZCiBl>;52l3A0!;&RtHxNhIp#?oxlRqwOIA9E!#d2?r-3qgFXW3jj@FxwxV_CU ze-uTXmvHa*&UdVo3U<^3~2-_v&q2ZE-f+$!0G6+JdX_w(E zQ2;?QJvdz@oRrT-3T4u)>Wmijc^{^Whdc%I;5W4)!~1?uCRq?wnvwo)s^3Rrt>;^S zP#Ty1FCnHlP$LAt#2dUDaVSznHOQ{hoH*lF00J#DU}Z_@Lg;FFwTQ zOM2C`zinAH@b$ut`{In^V)l*mPN+VJp?1M)%E!uxtA-{HKeTeBasH! zy$Jf(+q^J}bvJu^U~o>rByTqnaYKQT++a~cR4=$iw4*9@$>R1iGlYRtwvt+uD6bFX z#--@CO=7#FX`*mjf%A>#0KAO?WXx00mH4V!V!2!z|7fq3UP`Y-HcKiRw`aFVGz`;71^Q ziRPhC{Bl>GN151Loh%i6z_&G0`S7Z8?_`#Ch8Kb$fKv!)T4_({~5I0M) zB1#u9%BR{`X=v+Dl?Xt}OIB4vz-b|QaTNaaPYI5a&Fe`w@NpUFTyk*^cn~I-#J_LS z%Rf!v|4c<5Dcrv0dGBU2v36e7s{3v|vXeT}*%R2rqb&{)!~DKqYcPF7eCMslee9cR zTnr9pB9-O#vlX^JhY~ySm!n^pdh*MmXL0RgwxT)^m%A3XvtW$HV0OkN(z*6#GM5a5 zUgY^5+_5^LEC&g&wEcJd>cP-eh-6V`22GrSau7QFtHcFn0t@B|Cg-Pzl%}VE4w3_B zyqU#qRSXswMG^Z;3JH($+;DNhCa&>9UZC%-@B0*5cq1Z53s~FU#rvY+97p6)}ow&sEo~(IaNW z@QgxT-8fmY+<4!cyY7ReREB9pF_IRHn7#N5{_vfmjqfjFkeQW~n!(Rf3=o)*!`_0E zkcQ0ad{Uv&tQnV-M;4x49f4y(XsF-&J!p4jKxTnTiwb>N>S^^LLIXuX%2<5|P-yqQ zenCXIAGSuZBq+Va-qH&ZO2)P5pZ3jrHHg|up(xR9lSs5`5uyF)&!%(@L-dZjAHHj6 zR32ei&_R(o?~d2W9pM`cDr^h5Dt}u3!}XvaO%M9^zcUSC*9Yz+_khgj*SDx~1Md3Z zQIP+dGivg1a!2x-2&EEvUwKy*F?i5bl2-HJP3%Bg+qej#_SnyxMycH0MDNtIV}&Bb zvF-L=wRO;z_J(MCNcr&fJ>>7`{qwT;AtcMR!r{9q%3Az9NHi^%uA@Bwi zzjf?%*tMt(=7fZ+?`kYCItPb^$Zm1Ob8~%eOpXLmzs~_pr_DfI_%JmsPeGvAIcE)P zo~KsWaHdnK8|t5u#C=xSZJMRzaSLn64J=v&8s+{= zFIWTSyVF*T(a{|LNpqXJ2j{ZcL=G^w;>KjWRaZX~Z$$HrNFmpk3pZUmjYec*C=PDH z_qRMF@T{2Xa*FE;>o~3+2qq}Tp4t=O_v0}}*0}fp_|<1(g|NJHa>2{}N%{jb8ljs4 z`f+NCjKVM8hWLto8JQ1k2%O7O$?q=GP1ldR4+o=eA!ihecvKYDb~O&!>1n#=EZp?s zN(jn3c>L*aK~h~HM5#sWq>6>$Z9F7&6Uv+JRO1ti3EIgX62$Ad(Qp(s!+&{AcWuFM zZ8^iB^W5S^iGNky!1Yj1V1cvsaH2^8ulK5CF2PSclr)uj7#-Y%$(2gPT9`C^+WFXh zI(Dg?_V1K%H*&w$Fj24>{;B&`rdu90OeD{u#^<)81Hv-!a@M%dJ_WaySKzmihSa$S zvw+s-o$5NOu*(`s7F@@ZZdR%<=!XF{`pbML&;Jy#LP*b^QR>QZH5Mj+s~bG zuA6$hQu+H5#y7d`rw)xMWsy3|J8-0qsbm31QV)=&Y&fUE4=Yr5YwY{7)zxXG zW77oLhzd|?+E^_6 z`7mJWXh2nnG1SWIu!_v@{_22pzycZhuYn<2V5?tkw6 z#}|~ZqnO_wr%FZ3d60d6O0igtKzfnu8)G}1Z@>;jU)Fn|f=!Ui*MA9^;GosP91*}+ z|D=8ZnyX=)Mhf3N*#UkJTOG=41Jo})pdG@1dF>>$&a54m{IL?q%EWOWtTk%~askO5 zQho<{knY5hiMMwS*m-tP3_go{R6r`|qI!~Nx209G)krc2^bnRH9HtE*2$ZZPz|b4T zz**G7kx(!fKO4JhjKv5zml}^0z7V5XE^|7{EzJS^ui9E0kR?%p0##n~2$)lzhLH2; z%YZoiUK>18o=GMnG-Rw<;BI^H)YEYfC}bkRcHfMlZGpvwyNjX;KDS+UaVEp`(?0Mu zvxpD&oe(w_;8PiS2PpkHa2@P`5zo8;!1WOqD`K=DaRP0$JbfT5N`l;wHiAAf>UH`+ ztGV`44DShva>2Vy`3!S#Ts87U;|sx-V;sTfXJyOBzpGU)R{=_QKU$6X3j6)_u@yGq z`W@ioatu`324|&F#DnU?5rRV{=2IR`#V`29RqX=XdbLHpn$Riv138(+S*IIbC5vK& z+|H+y2qujO!A1c?>6Y}^zej>M0cl1G^G`R9!Y%QZ4QUdc>a|i zz}iEnUgYKM*0kep!y(jHjIDWLy*whINH z=II7~lj*I#ZlB<={Gg)AH%Hh|6)er1Al^K_*HML~_0Gps1MySCFS;6C;?<3haBns$ zg;J2N9)W1A-wr{3zwNZA`m6vk#4oNx?-~Q|s`XRrpje&RX-X&Rl(a1SX%&fL- zpR~{xA42E+-9XUvv}I@4YOMUo?#bmMau-I1Tr04!0m{4mP8KL&iTThC*sszRZj~tb8iFmI0yLbPoU0v1`15wi}N!iBQ@12kUS9% z7z4vX5awp+8ff0Nm{SR+`8$7o zVSTI&E5nsWJWw`@yAjEVw6&JNzr^>mp1$bkH-v2avI}I%8Ti$fpa@RiBk1o0v-PJ6 znUe-TbYeg-ky8zpvnNrnpRD!EnLEU7gSEg5_qAA?t;y}2rR@_LIk!T~r$@FND*cRa zVzC6YQkoxL?H{U0ns8TlAI$5z85Z>KCx6y&flA3J)(T&oRa1*m?G5D3V}O!YI@3L? zpGmnH@k&NAE|YUbvajJ0zaP{PBb&#f7HS`o&DD9f^ef2|oXIMY!b*W}EhI%m(1h=O5*o2nU*_9apC}*SzTAS`kds5)7_bCR*@R*#HKx3A zlo0N2ybcy98Qb1_nEfIoro~gJ(ZGFK4rCDH;C6OJ{c^MSsS!@h2Z$Pz(YcX{xp6Gx zta|w!U&1 zR8e`bW5l)im--YhgJikS_AaGLH=I3WoxyVT{yG*inQB#?FPjoZUwMF;*p?Fazc$Roe}`3bw!Id>P`(`2we22maO`5M;uw ze?#?0PSA~VsF};;YoUQlF@IhY0l2fHAegQBCz&q~pPhJ>Lb++Y;F!|jvC?lQG3R>4 z)>O-lfeDllH>P8}unS_Y0F^i0Z!tdXr4y+EkJ^!tQIR5ar=Yz`-G6c($?1oS7z&l#=bI zxO%sYAAjCh@P}fcAbPgbz=_LR-_Hb#?R4WYHt{qu-&~EoZUFP|$6S`$sq$GQ;hJ`~ zHc(8LdvqjB5X z5X^91)uDLqcj2zxp0oxIm_=qPdDb|@2vND_cU+S`x*`1)PaWu2v98L)c%iT|XTk~H z{=aSYTA$G`7QGGG57 zXnT}vbG4&^2XG(!Py9We!Q217XC8H}A)(AkneXySKy@a16V%Us4y3Et|Grl&={DW< zwlX8`-wUDsaIHaIlpoi|=im26?+I-!Fst`VU+o7%Ncdu)8U@B-K9PUlTPH|7w2ERe zy25z`V7sLj+Je6f@rfO&G0!5wh261Wrsj6k2hJHKQ1 zczosN13A0w8LR7CcKfT!{80KVVEO`PTO%apQs)If9h&Q?{TUDL&9v1;Z*&B~)*W&! z!|CK;BMP*6C1X9hqC0NmQGJ$WL$~nX2P9u=zmOiuKZr#CUNx_4_wj62jf;ri+Gt6y z#9^=RP~=q>z>`H3KDXxRNSF@DP%T;=E|3({5N^%88e5`wAh700y(%Mw1k*g(U)#Y4 zBSW2-)O_HWf~(`f`Kom_>a?F%0si{Czt9nkV;iLRC*miB<*3Ja-9Ef7FgJ9VjY6}g zv>M3Fuuei9E%R%d4gm^#{o5=1FQT_EE;^sYAC`J_a~)rUn-|w6)m634cT}|oMVp4J zNJfQ$t-n6)`1A;CyPGbdwQ!B^tJDvbuWv^pzv%6KvEJSrH3LgON6$q>)ZN}7?#BCV z=$G>cT@>7R7*V4b_H}g5jOB(?K2?<|u+I%V%h75G)OfzqtLXQrey$@%QEUoSfUh4W zlOiV)Ib-0vEsB7Wg|GtC?jXKm`+U*jon{N~8s4#oY^nUSrNPR~E~HN=0g=t~>Mjw( zoExFQgKQ|^#tTU9I(XrcJQ6b-O5nPn=6&JVL7~4KgjMqQOx-eI&-bdVI=9aZo3Qo9i=BhswAU(uUl zxmJPw#U0L2g^)4AOBSNahF5Sm4-nv^CQyHPFwR!?bn;sXZ%)glkM1ewfCt;T_+QXqaW-3 zj6bRBk<5M9k}+_4xsSOQgSDkWtof^Uu3!dd4odM9LEi06(B{pL11c#_agM=WQ*gkf zB{(x`sj-fYy`I25mxS9i{8U^@2>D)qywVr*do6F~%zbpR^c*J@d8P?NCn6h$9-N+T z%>3kLQz&GrGU;75V|qoe&tbnk8yQz-Bbk%zty@20*0N%T`?C93E+lK5{bZjalp782 zlK_h~H}m4^xZM@57P^nDYH{Vq81=}8E1+MvA5`Y5lN8hYguPt+D5CTARo!Pr}bjy=m3q?_;1 zVQvheU zYmb9Td8zRPPZ9DNO5Mix7H`19nM}P7z6ZPy&X`EL?3q~GW;0%Hk2Hn;1XUAbMH+PE zbk9$ZAV?qyax`WEGK#>b5pPyhcfPkWkR1g;W;)Rt@F0bPbMsmN1l9!!1MCjF`e14H z$7JI3(a^^37rZzGdN=e&ecGhu)!Ht z3H7J$(%_j_jq^+|L2PN(+Y3+I%7hnrdP;kiI#n&>+gA&`Cf($R!+`WCka`^scnQNo zusx(5Lf-pP(CZmb<~jrPiToDYl-5irh61A(;6i_1tG8|nCbOm}1m=wf`twk@M-EVb z6^8@u|I6o*j1MS4Ud@LpkffWo38g9nI!9<{@`eY@V+*8{bUPuAshswQ^wf%2mpz)j z8-DF`58f(3Of-QAXck0&1dF;F3VoR7$9no+a58$jUo-&xZfL3vgN|ADJM&>3#wVIL zwx1LWvuaX2CW+mfv^AoWj@1`^ichqRz^?UBF1NFYc{`G~C!hJ|H8`F=nRpCv2X;Hf z_L?XpqlJk2VaGrgfoZ%WeB-0~UEWG&Jv|jzus0S__#A^m>s#CYNMjc(clwaRTvg~Tq%42Ij1OMkj1O+m?$O+2a%iX}FdWhAxO)s(*k@pL7BmA~@I%i} zP|uAMpIAg`N`uO)3~Y}>J;`EN)(6Rt=U1N`-n%R01jbO0%FS9rXCCuOxA%*`o{Urg z0l@B^k)Z11Vvu|c9iTT0MgsjcS0LN`0Yn|joDQO39;6Y!R7uJsH+JtSvC@0XiB-gf zYy=)YvTy;IR)$L%KzkPGP)+-zp5hp%CXz}7l?*Mznny#^dk{zLn(!vIAY(U1!M?H! zPYR1aM%<&qsHl?)+B3BB2YV~OBc2nru8{lez?r)v%5>YpBM0Y^X}_C9-n%TFVCK4= z6!bp#e*oW2m;0ePT6-H5ODn&rVM>C;=r(xE4jlO=fR>@dRqfzoiLg=r*atGsUo?XL zYUCOzlM1RH`eSs4;%I=x8M3R+OEZ*mgh9{b9-y~g4ea&(P*l)-)aGr8V|2G3)9e0d z2ZD8dyn;`oJL_#3rWg6>FZ5e@NQ@zi6M&0BQRoFzP(HO;DuXp z_vQ?D$PbmI;QpeXZH~#UT8D$Dkc0A-Cc$-Ru(duS^1-X`#kuug;su-^-F}!@b(3C6 z=wOe8M;}psP{UKx*!3djVI&>jV{#+=yN{X(_1?X^!Wn`{S<2_n!|x}Vis?B5?!ju@ zXYLM*b}=i+pP()9tFaE`K?kJC@=^YE?ggMPO}0QxCX&{I=#SrVMoe#j4~@83{YK`b zcbd0Sz5A~+TQj2Phhxg&?ghA6n(Zcm*|OEK604HFHxzi<#k^oRIxYDY;ONP27a>+^ z#y9y-7f5T5eXl*aqaws_E>Rn%1jIgPXR5PBd({EeB*qn$h8A9 zKvXkvGgrBLg<^ZIgJz?Gqh9dK!DZ61a+$4}2a$n}QPmbNYqu0<~sQuG5jF!9-=nJj5Y%?s@8an%7(GF21w}{Lw5h zVT6MLV80T$(EuKD{!>*Xg6YQFn>*SFblST-iqW8p@0CxM7D!~pqrFa@k-4uoOu5Z! zgI*3wfaCTB5tl%erTsg4q!>7d>pTlGwE5&0mL*nmyCKt81bOju(4So}%oa%_WpPmQ zJiU=&Z-LUD{2_FEMvbISrHI1@>RXc96Zi}WH9e~|Y8v4L%J6Jmh8f(94$(?s!-hT8x&GfY=da*cFD3EJp)WR&3?y@-@ zZn`n6^AXQt-K0GA!M>fmb8pI{q0+Te3`e?qx?KG2KDh@`zXT&`%`}cN-wcJZ+J)Vy zN@p5cmQf&uBb}DZ>~CDyZ_sg37Li_Oq=?6#pBMIHddJdg#QYol$yD>WR(a*aloV0Lo2lrm*LamreZ`0 zMTXO7quap^WQAl`{12rZ1oT=z`5|01aKJFd*092@`Zm1 zk~!ykbUxT$EpT;^3v@TR1dl>@p{n_7YE5N5rA7l8!D<1K3s+|&AJ$0#e=24Ek#TIr zLiFX0%tArJ&zqciY;@#oRe%W{-Q0VYk{1URY{9n|)cQ}`S{6A`jWM_-FmAz8PCXx^;t858n zCS~uHks>QAQjwjEvbPXYM%jDsz0dQmeDwYO&bhAh$GOgR&OcpUZ|=AIe%-I}d_JC! z$Kx3a+4BRJlrIm(HFGa!dFByxPCTB#J3Xm9d4wP6;zMGa?e{J|q~07mp4^M-WhlN- zOL2!!q>12;A@KGA)1Wik) ze-d_$s?~*iKc?OX&LS-7tjEgdm+EcdZQebe+SRuwJh^ ziSy`Z;wm?IBgL#a6BW+b*`R!kZxCBx>E`XpSEDxPell+q1fND^U zfAMs__v)t)rmjurt+fr_UQ0^Xta5c)r83g~AGH-0VgjsixxIO)nSdDJmG}av7pRQq z0Pv571_+7>H~gZ*%!_yl7fl2j`|7bWrnn6xpmFdre*hb&5=dpw({BQ25`j9EPLgw` zT2Dap1#M_u%LJm2DB!r?m;C55T#fAn7%U6WYG^2@Fs%nLaflQ%6mF+2-7av>QjQb2 zp;rOJ@tn8qQFvFF1o!SHL%U;8h4g7^g(KjEcp6KW(u3F>;cXBFPz&C590dy>PCzI( z75OyYzX+;;V!aYzsN>M`a$pS!^bqw3`0y7Yq08O2#H^7;z!#jQfW^ge>tmX748IIg z!chPv2p7;D12y(!=1jka*WLfN>)cwTwLp85LU+`2>we#oHMQUYvyI0w(l3nx^QyD6 z9LefG-s`-|c{2?Ke3*93Zm8&KD)qy$|EfC2v^nZQbxTnV`mot0pweh;F*0O&!Cgj! zn~;)_WshM#mblc`kk7ft3%V+_uy0xplf4#~FW~MbnjTeSS-%rdiOmp2 zbqtq&yHcsKjPrOA#`z6IRpCJXlA!n4vkUdnuz^xRQwz7~bME>X|JRPoBl=Hme^&3` z20U3Ynm0ilxMMHxHaiLWPc!NL`Y3q;Xk?c*sD*73Ze2*Vo`3l=s*5j76@B0sYm)XQ zv(?yx#6vM4td3HsQZM)!@W04iiU&T~vt1LAgyDS8&Jb3Foa@oDx0 z;-5_BrUBQ`|MW>tz~VsqMqY}|=-VW+PD1=+bgQzHWoRZ|Do{AHcpp^OH|LCA+14-- zT7d6DB-DqlPPQhP4wk!dPVp>D9G^AXQ}M>pD~Q1>TM<9O#c!q`0laH z6F)q=C!T%`#K8!!$f1=%bJJb$ak=G%F3H(n{l(L4p*08YLWV|Hpb6+4&+&M&5NlxR z7VLS|0yj&;v21Up+50tA6=?!Kg7V=DR7Y90vUNKUDk?~uUhv$eP^1AF60d~wn%Xi% z!V2VipfUg9wu?FdJN+{kUAJ-<*c<^9`Du(4xJnEK@F=1YjsNGM9yXsrg1*nh4kq=g z&-QT$?{R9bNe+IB5T304a^ueK(}a3#-5T14BN8J5A)m$I0Iu-3VkBqeP$dP2$ecv$ zqfxWN&_sbNv(5yjl`ur#En`Y1Pl1#ptnkU#7!v+TBF!p@ep}-RocJFTQ-~jWp2u1f zQ>)~Akyk&DcGe9-hIVJ>N4j@s1(*!}*x$-kw|C79`i7h6_P5dxvAkD?%+UMbiVOks zLdBy!KpLZ)6TO?#RX4-%qV>^t!obMELGXO*W)Iu(XSPoO+Ep^t;rVB8WzqAAd+GT;`D!BGtwdC_ZR0a6gQwdH$U5w^? z|3JH>01C^G+%QV|2ij%DNWYXWTo;zXGEOuIwkjOgV+5ZbO6h$XX8Zk|(kZw%KVM4S zn}71&+Yk9J6fZ{dlZtgNmho2ycAa$(e-D~hE%B5f0D1y@+AtO<762LjeV@c0{~eSQ zF`Vr5ZO>mHkD&VV_K0!3G=k+RxPzFOtnNE66Z*BkYy?)i&8>rcP1E?%q;-rYFK=FFnIyRWTJExiK1aq)z9<3p^*sK+lSS@m_T0$C z5?T;rbGthi@rhQo?j@gNN(0OA62Ut@-KbEP1EB^T>WhbuE!21;PL)bkyl75p6=q)i zJC3LzH9EpXS%Oe}o|M=uD zk?U5!m(=eh+76q^Cth@sPx{nu9(UL1EwQ4})8+|j{(R%!uwDyZ@ylov?dmZMG~f?e<{2H_3Twl=m!}$hfmu!@;5SH+E`Dx1_I9ep zcBW*f4BCJWX9WGGMyVpb%c9n&tuT%xjJLAPSP~o$6NfV=t%dxnJhHqcFVr4RKoqe8 zT!$u*HL@ct(mvZ7g5?}v)}zr%#47Go6892t=^(3oKY+!zptc`CWbep}bK3oY*_+>2 zTF!l)?EabP0-~v41)jizH?kE{09AZ6|0a7inwJNmq9P=jmB}_fKv!Qtb%1RxC??|X zx+ax|`HtSM&0>LPC>Fhi6DaXwXEQTvU<}gcbI^Rq2_m643PcC`8;9RV$bZilPgkwn@{4qZ`v4;-rEO=EeV#c9Fj71Nv^R$Qr+=N1{2v_ z>w)Q^TY^~IHG)Kz7l4%O&jVeK>H$}{VaYfW`}*Cj3nE`;ugV-oc@o5rp2_TN3lg@k zA9=ck^))AZ&?770?b6dhzS?&ulS-kQ80`vem^wgaNA4>5Wa2IG!#kjIju5-gPXiA+ z3e+sk36BRjkZyM`*wtlG^haj_N&u^x_W%I(%K zAgmCw`ZcC9SY(sruIj$GtWa?3Db0nez*d@9nLG;3Yon!m>I|UtgT49^6sPHKUK#fQ zsHQ0bPETlWvEAzd6F(EJZP5yap~^6S7;y2RpMDC=YURDG=*kgt;XA319}$k)W650F-u`=hn?AUcH(B z^%(%W?vyaC8%&W8E_K_Ph_hLvA?qgrDJzTPPs9f6oa>ft!s5e`+C$Za0Mj|ZzHXpz zfY(eTI5B_h17}iGaB;qO!6y={yX$=l^})X9n?;~#hC?K!2vETJB$WmsT6VK6_9>hN zb%wLUhl?JE-!pR$7!QC!RhTx{_vyxf%c4Y8A2$~oSZ-x*=Z2G6!NnT9`fCnanwi?_ zNI-;G47Y%iVAA~}PbwH`ese|)h!bYVt=e@FGF4W343~diiYkDzkv;WB&CEnQzMZL4 z?+B*E>hTMSzvMQaFrj77$!eGvbhi=KubPqMLOUe4?P=hXH2Qi?teg0DiEjG&0XMtz z+Qqg;Ww(JX#N4&{0MO0r*}4}8uQZ(TMNOccJK6E-I^*{hu`&(A6=8tstIa1(!^WU_9=}kkmZ~-1!P< zbWOpB=)umKg_mKq13;vy+Ihy3bZ=FYvYq&Cpb>!XFA6M{rb}xMf3gmQGIu@Me;1I? zbcecIr@ztbzKVGk<|$dtBm1H&g^8#&KnwFyixJ<}w%K2mol23i4xnK@_j0h8px<<{mjPGU_w+f7I>!En z#U{7DqzFwqp;**TOLC`U>gDCFue1*f!#OoLe}iENI_^OfD`@uU?Ch%V8>gkAD#_*2 zzh!GLTTl2(;_WP)Eqb zJ4P4fJbMrwkMx#wU)9S;Iz^b@?qqoY=--iVrb-^#Q`>z)d)~Ty`|i9H78?c@x!eP& zua1MzC(5MZY5E1Clp<(n`4T5emfyQ%5ytDZ_K8ab#P4v20zN~bI1ImSS#!46kM@GmGIz1wy=wHOrJ`K2ediyNT1zM$9|JJwOT>erP zngVui)4-&1w*k^-)}Vm4>2evvxjTUm=X%uj-PSespZfk#y!$sI^ui*xmEV&&&1m>Q zlv^eDC7`y=Y=ri)#6x#|@yYQ~NERDf!}6FGwPq;b)t;eW_F3e+WumlMAa7<%T{F2= z&HDg;kSoYprGnbt8YypQclo}m+lr@My`_#bi}EJVD)uKQ+E2Ujj?lW(_=)IHy}Sgm z0hpu(WN+2V5{nh#XRn@BdFhC4Z)q)))wAsNA&u64OHFv<_6WT_4FCZa4pQ$_lk~Am z`i*PV`&_7#N(W?(KBwt(zdp|%&GEc|8r{sd&t!3r>K&Tzl8fcmiSP6`nVW`R$S&~4 zDIS=Bzzt2EC|c^kysA&taxG->!aUxY-)35bs4pqtmYpCQPXJsQznVJWhJGms=TT(QD*5am3q_?3nmn^atE=J$fqZFF&$Uz-s!5h?lA%4g z^H5j>@EE4nP8@y)>7mXc`!-k?7}pAT{|!n;E>)5*2dLbirD4R(xBY;Ur4lwoomEVUfBN>_2(Tyu;OA`CKK?P4B* z3IbVTe6jed)`sd*nLxqf>1y)am-(tmlA?$Be5=rMGJTgkSSq)hwjM)x))O7`qhjXC z`U7iQJz)?nW#-B=aVr2ZYT-_CC@igvu1m#^fGNLU(98AeB+}I4{wTAXTg$YSFE8aY z-ig8M0paeodMS17UtzuEkCoc*&Ai>;lvSO;)Vf?lEVQ(n#+3r%a!=se{}p7H<&V-3>(M1!WQ4aOV z4s7}uB0s|{9p}-_;g4xXaW7z7NLM0TU9zlXA}ba$%6i}rDLWo_XwM4vwD!33){>D! zzCQ31S~KtQ)Ren7;zy_VziwyyULib{GoLTf>w2&$M8AtI`*D47&|vbEv8mvW|0i#A zqSXaMa#?9Q?igEq*_Mlwzp6s1dPRnA`CcHgCljb3a_Dh3va1`x3{?3MR;nH2Gt?$j zSb7V(=-nDj)WbHMQ%S!is1t7nNK&q#S-}*w7f$s1f~E8!K@a@&xOIc&chelEA4%MK zGEBS8=z8;?mKiAjO&`4)QO~Mz`G~N{3AN{JdtBm&os}hwVp3^-48ChfjK;YV^i;xi zgw)=rGvC&uPS|i5!#BR*M_o~ALQa4k&dC^;0IO@DuB+%|Q*-G_JYn+Sq<9?BGBHEX z5+(1Q%nd(sBF1bx)R|!UT=FmvPx;ex!%rXjOI!MkJ4D&RxxCW7t5k@M?Rf=NXoR=u7dl+_oUPdqO&{C{Lz|kUH9*i zJ6lh~U3-Br6^GP4jfmo#G$V1Zp%Z50V=hA8p`UI2++2l8Q5Lh;aNTz)rO+qA`l#LZ z?v1+y&Q{rLUD~^-odcEYjE=0))-u#jA`S!TTu)9RE>5U_)32E7Q|wD8H)yr^}(e?)1U7lj_kEAjuLTwO4E%IwKJFjcCEW#`1lfv4rQZ@BCVeW$di`pKyD4%SyDQ zn{%wNP2y=@U6Br|tu?c?9=r#8wZAD#FSu^kvt`-U?40YwmD0vug~}vY9c(C068wb^ zAQF`mMc1kw1XTPEkoG^gY+56_OOUl|A*Wyf5knLZz@7TbVLnCxa;yl=8#;MPtoubR zI^Rb^`{BzFV)8-_;TdQM%s)YM7^OnXpQYj?VL}~mRk%WFg}X#8N1%tzZx#p0YM<$q zvEvIb0(JXG2hMQOz4cqMLMCrNyTh5nq?b6)lEvVny+MnQ8sRwLwmYgR0jJmxG9?CI zL@&q!LW6K&8+{~{+1so*)Oc(IA@LiPIH3p7R;UrU*@)mHs4Cs!`&-TpFylpmROA^z z>dlZnjzc@@a3s`1`)De7w}l-72#WabOdV!`{9b^0uL_tQasV6an`3GK4Qc~uMkC}7 zw)-<~K20+x>LqFoM*SZ*$1F4W-Qrn22F0XniE(%1E5JSV{Su9Y^T%83AX4BWc5Ag= z9+5{%xGy+0t`^!1^8QBV?{~Mx%ICmo@!og=91=TRv@!EMF--vwwI=sb2&31SH2_HY zLK`?xrOhLp@q@ip)$OGkB9kAq+!&e_BTwt-Fn21rRUbL(UZWCTf_Q=@F7JTRwn~BD z`$%#G_~S!_^$w+w>&*sGT>n9iG{|_*+J;9|xig4=~ToS}-!B*JUP1hHS}M z5_rTx^4hCV26#nL3#bBh(VUZ4&n4}T=FiVtbjW3S6!U3i(_Lc>cvv4gcdEB=zTJ;r zdr7_Mk&23UM(hz)2#}JL=h8j><;0f}qfl-@3itzvcnyjT&Az@IAIH?<#gH>(XViFq zbHGw3=qgz{EkQ;XiZjzN?B3 zwhfGi_%Q;r$nNs;k%$?2RB!1X9uKzANJ}WEa4txr1xtbYh7z+L5%xe0EcMhG(VIc1 zIhcUQ5QS9V$5s!2^0*)kqV>>_yx^+=C^4$~D!j4rPmb6U7+nO_xC8p`O`2wa;)A2O zg@Z4ijfpH%bt$sv(9eu1`tcWw|9qGv98UR9{f!mtID`q8jH3Y)APYuy`myA>^fUq^~{S2Ut#{4$P zjN7$XT%!zO5|}>Nfjz!hmIHmeb(B9kOYVIYtun$abgRm7v;AK{d*)~Sey9D_ftGSv z?<11ewc_sq@=%)LT%+ce^1dM&1&i^Z- z7)A#3anK4=>3BS)F_wWmO=)1&G`o9ElvsD|va} zk3W0H4<(2H?bl>qu1=+x>7Yv9B%VQV_+>P#m`t6#Ky^m`IBJ(GST#*}+wjuc+h z1LkMO0D>igO9b9i*h*(%5?zZu_l6!eGfY%AZq=B-@8~ff+-pq9(|T}h*Ye`Izljo3 z5t4xsIzf8*pBmi?jAOKG5|6@BtsU-J08simm>I_xUMYu13SZ10Z~P0jB4vRS03=df zp*mvK!i8UeA8)YYR!B#Ee2Ueg;6-8LG5>SnHWV+E%G;utng6SCcu~P0Fh&_+9bd>| zfRyVue?GW#JdDIX(lb;7At*0gW?Lu-;m(qj95Lk=$Qoa8L~w;dsl+=n(m&4g_90qz zziQV}L3kK7^mf?CdeBy!vFo2(R!5|@SLsie{8KaPYd0Cwn2z{^$q{ zhR3N!Mw9Ne4$kpC%i+P8usf;Eojv}{*9R^YVgEpQJe+}~@M!8QuX&(;CdiQUr|=Yxj=p+s1&lqqO%A?q?t$AyB9I3)9r#eRFmRH6l+xy#d)eUt%^)=>dIqr<5?kBO`S5?P-ctQd^UtE(ev zTLXa7{>^-9=IOzP9$6?UN`M>RCWKhpM7pC}fIZIg6q+;;sv<;#1L(%pp8wSzNC-BP zx`4%A{k~YTD4DcXYz^__tkqzl27rHU;6nNK&|U2SK+iQO@-rH0OtnGQY?6xj9R5l| zY$n+V4kZl$h*8O(_o@SDmaQ3mJn(rbAmy_e4S^4ZE z)`;^a>s#Rw|1CjHGF4c=67@SH0y{lGOxJNExuizZ99Vw=dUXlxKh5Wsn*$a?GLuki z3$JOwv=%x!`+=WP`(%!kh%)dWod0SAEOoQ?vQAJ!7_ySt$=Vh54vxuMx0dkCTC!XR;ME0wM-H8))u`_ch! zI@A{*q#|gw^Tu4do$WPL%l;7WH3EtQgzw!1_8U$-al#!cqX zQu+{%K-PNWck1Rjz$Y-yjGq}1GFBVeQ5i$17{7{aa`u&DSDHL0rTmWc0yBO)5g=8n-o^yFIR6_=so@{l&l-;|4A$H9jS1AF>5(&ivtucWYb^<1_fu!8ftBrG~u ztlmK;WSmKR{ryc2w{+%ZShGL&fS}S&d0tL-du7}d%v3rGt!@iYP|io&_0Q0yBbGP2 z#@$Va`<1#JAI&mDujk)YN!QLx>7h&)WXSdjCAV+mXZu?GU>xL^5#Rx+W3ZEc!@x-n zWFjw^3SGm2K9EW?*j|gz5)N;xALpei%8N-Ksu84y0KK(HkmB-3>2k2qX%JVg@d+Q zw0ScKHeNdantO%T%QSeF+FCC4=Z9kG(eUoV*Nwr?ZYH!`#njI;9Fhs?s2D~_)GAC3 z^*%+tj{UJH;9b{Cq+8SfL?D@-AMKLv=1gbvJDb4AD?ZKb1GlYj4RN~Hn(p}bQfA)@ zp$^zqn3kcN$UP(a@QTaRNjypp-L$}f+nZprzZx&<&}4QeX7#RKqwP48RC!IZZ%+Bn z)n0k(mSjOqsj%(QIclvm!^Fs0$If~4K1@3q7l_Gmp=9v={YTXWyvnU0q>N#ATmY-}uEou&G75*y-5*9;wYO9u$Z zP5*jQ>m4-PA04x!7rR;n+z?gR&onHx8BH?T^-0X-gUN%4xrq6-Zz4tpJm6&k%}YB3 zM#h77U`oH<)K2qux`rDg7k1vHuHB`@s9K^ni=a46WsmVp#30EMQ=P=wAIz`x`@jTn z*LiWTQt1b;Z{B_b9pAgH;QN{N64~ovXT&rwN>{!rLsTAdA4Z7msjYJ9<|TaN?S_Be zCiiH>^g3BcoKvh|U^VDZc;@{!K0ueAlKDs-979j6Pb{vv zb#XVWPPqPRhP~Q66V8%M?#LJIWQTIPi53~@*8^Kvt_E)$inBFPDGVaHl{ikQJNuZwQ24eMUJvF>7dW!Xs{p*d>w7Uck-|U znda=>@i(WrG?n2b3*e^V7yhEHl?rgEC?D~2Ta_K07HT=b{+}j(Rnlv_yk}9?Gl6mY zF{-jIvfYsT-pmJir{Y8s{>LOHc~$kjfHLyd6b}grMJcFM7YNo~(993N5yF2Xno;-B zWx11m6EXRB%MEWul3ZMV)L@iBQj&!`@iaNdmai90SPVmV7Pr+U-%+Mz%!BXtSK?#_ z+wUd|G~PN68QJQqs;J90d1p=%t`gmx{1&T`d(L6z<}?^`Q4Oc|X0Cx}_-(?>rMV&F z1|jZbEY~)>^Y?ySNd!H=176J;n~L806t4Oi%GaE$0Z)XjA#L}b#@|{P9Sk7oIZ>ZU zztQFAD0T+p20Fdd7)hK)Q4EK9p;aFGAlDjBwuPmW33usBtj84zZ#@OeT@V9;>C;p= zn7@NMX=RLhk=M^3S&K}Bnan&(xJ8yPH&&|~JA9`8Kzh%xx-^ewYLC&xDjXCsdVXKQ zn#=W8wYwRv<0pU8_}w>W#2wWpb7bPBS$=N&9IS8QdqTLjWrpWyGbwI_AvMuHTv=KN z?!|R%Qof87#Y3zXx?wU5&blV@F2vQBr|<6*hZPs?FIk-T629hspwSau5xQAXwEWH1 z|BAnPb^IwTSIT9gj+6G2RJm6$2Ju?@EB8cAoH{Ss#^40hXy-W$is9DwU>u;TQiu)> zH%V&s-InpT+OSqt84s)sZ0lt?QjOf%Fv|I$)cLB_>Z1os&m)xXe#K!-Qjq6i{E`Ct zgs`!GrXbb*PXqp|C6k#+zp=w-y13G4#_k5^@uYHzO11=7U;NlX3vR+;aD9bOVmR*k z%!{>_+Azxp`vjLa-S- z9+ePV8nUL@y$*_{e49cPMXS53IwriJn}xx&2|V^2&uP4! zV@7e{VvRoV6_fHM{UV6(%T=ygFP{@^n`@L`5HuWH!(>$`qJE#}V2Qt%aQeLtcf5f8 zjO(jcyxe=0f_N8zt5_R)S5Y!)VeI{8GPkgF5}G-0NaUpiAS z%f2V(gC;k)WP>)3qCad!-BAy)o19@do4Z2&IGeY&n!#8b8$28vO?3A^Z{e&P4M*A$ z%vO*?&a_4SI{^`ZA$vJ3Cle|qa8gcM4p6j0+Nyi%mXE!%^m9ciHyytWVb3uP-4i5R zu4|F_9-U|3OAy!X(R{kE#$glE>G$~fDGj&yEcLZLhMH=dsWL)Ia@}xznRHET394sE zxGOomBcIvk8#%CQGStwRQQ&T!_G*UOsY#_0eF{d^Mvc>%UhTY@4JfOs%bd(R^&F$h zYfG&LthiZnrH84p9;o&@W2}Fro}9BkuZ{Li;qbu3R45V0mq2r&I*U+%sPL|J{53|9 zY!n31r}{|LM(OEU=?sVP_!tTZ?y`%%cFSH)IET-%wtY!@q+0@YBF~vZQ(-sbOrDN` zl^?O;7CEWwyFE*LU#n`PpHgDOI@6jf3$1%(v^Y!(s5SFz_QM3KCTSoZKrw#F{C@6bA*PhUx z-SgOKev2(yQ{W$+?J$hpgqeZ&3zvo7@<6RVNWA9}tI*xTa%r>N+L)}ki)xAH!9GKT zlXNF7zxYg2&xw(R5OI4{WqPzuJ{7lJ9ibK-_34Z|y*x!kRljk@f1LP`m+4KLVwK-- zV!d=KDeh)T+r`!&t#P&nmrm8O8XJ~*Y7lghE9*i_s2DNIpruP5%PB$grr1gW9)V#? zmwu}G-ei|$dXXoq)=<~tA>QhOyP>u-%Wa>f$M%9x_w6I^94Wy$t0#kGmn#|09el^! zTV-1>(_y7Ei%33*3(jZy3$Fy4V`SetkfpvzVQsjc^3z!kI_+FexbLe`woGoG{L!Ic zRaeP`fbG8U;SQdeln&+JjMg{UGj6dwgZH2s`^h@w=++0ASIU2g{6QJK%+C%@l<>{r zOQukt-~9)N`H}!h@B@!(I)>xKSOj2(i-t?#$60o`7^Kf*2fi02kMm+%D4p0>4zV6z zcVrJ`?|KXj455Z*&bB>$&cQ*GRfWdU%pMgv_5&JJ067>uBCbvi2kF3#Mm(^jK z8jYWmi^bd9A0VK;x@;_8bAhny2uMJ_lo-Q{C4X zzx+eb^u&@zDRO(fZn*YrwEk;vp4)8>t-=tZZN%Q_$FyK4XAGYWJuv(~sEXPg!zTbd zC{#Kudp)n&@^faaISS63!^ z&fYGQ{)f2kJUDmYGT!%T)!W6lo?vk!7Jq6`ec+gA4H#FV=WLXe_C6?q$L6QO(}k9D z2~Vf=&ZpM(=DV35xVlTj^0ogEk8MMd-(M3)XyTYXg;oJ`g4X)nD`~e&-oAaa-aLB4 zQ~3DJNn;o>4t*ZyvjL}8t6jpR)`{k5Eo(`q>qU-vc(lU%mV8eCVT1r-**-zOJ9D9q zg70={L7RVQocl`adcK`DRrpyI8kgoHUo&KD@We+X0JgKTKSHUcWaLrxp5$e1j~B+y zwEkaFrcqu?WLLsf68}R~zj7aVULdyLBPI%FaGxOvmdzc<{}TrM;oW+=AbN=8UG3pu zD?QB|ok>9&OH7~8#7`ATL=^vU;XS#q!j<3^c3Y}ZvI{tl^TE)WsjJS9}gI@4nSp0vrf7H4B`+c_*ZBxe|T`bZUVXC%IE9i zJ+#N4*+v4%Im1!s;_+gVqktvX=uAKNPvNQfDv+EtN;Bh+S0+<1tlv8lL>vG3SLh=C z6`cB-|19(8h=0Y0L>!lY7E?CjUqQ~t^^bo=BT|jjY4a&N#w)?T5Rki|=*Z)VCw&J| z9A!>c{X32s@bJ2I%}syTHG)HafPF;1Yt`_dHS+(RVUwO|oFRna5Ws_si}Nmv$={`j ziv5FEGN*3YV{>s42%{Grp!=32WrqD7^lF((l^UG>@?l5W|JQ-YpbA^HJ7@lxa;z}w zDPuBuasPZqh|xE85#Y}T4c6TI-Mm$2+d+}DKHUJdJXSDn3+FSC+=lerwPQ}D=>^9d z^KU61ta^ojP#D%_@_lX_Q3L@n$Dy9$8yaLM>9+HcPV`}89F7|pG1V)&tjo|%y({Us^h(L=*>J@yLc>BsSj-ZL#a`uJM2-IHJl2ry2NguJuT}IfM~=idLwF%^muQ(10t0 zdqJ@X8BzhWfRa?#6yi^^2u&ZSTPSj75ymArFlnUKXBdhL=IE7ZqDcD)ffO4F+}Th4 z%C%iYUf9FJ00O3~C3_bo6$gme(<4~afgNJPtOG84%1M&_aSW8e2rL``c2Pf@o->m{@7;__w09~z2y$)*vPfqNVdt;5yXEc38 zF2xh%UV}HTXz;WV6F-^2HhTEYCyzsSCuq24_3_mLAORM?0I@DzZp1ITEsOa}`@@|l zl@gP8i@|F8PPH$dwUC`kH-VC1IYaIMnAQtF02^@s7DR%CST%b!in;F9u5Qpbbn`l(4oDWFYKNEJup% z=`pqOytII~^C6&P>+pM^TXKU_H)0R~EW8LX97wx>SSp@_G9gl|@3U(-<4q}!p&OXH zB-2veaU=B#$=5^ZCyA>Y2(+khyV3geHzcbq#G93vMCLl$;y|L}hTNz4bFz`2Y`-Dm zj$$F%BDD*wtzMqq5GiT|xWqaBC@`nl}SYuF-Jc zzy;hk0#?RNy~xAuHV=#+bUNx=HLu{6-Q>c3n<+J1NZGWL6yTb0nISoxsZY= zvaALiu({Cg3)ixg8#uQ9H3j~rV7NB*Z3P-8otSqFrr=pSLwmla^BTW>jW|$p*P#qh zY0`It-ei3Vas8t=QCy`$9}>_M2_v~g&m1paUpFJbrxQjZn=#w^&S8$aw3Mkh`vN2C%_B8|lwUE+>t|BCrzo3Z zwk;E3pz3btYgm;zwpaW0B&pMw$7>naG}R zzhU-$qfPtjp!2|+7f6xiVFx^`2r(@(T(0b6!z$Ju-tcBUNw)BO1Kv(U%pgt%&DoWT zotX?#N_+}=W_GfVp0$C>1u?PF*&A)8Tc&$k%fA>V8$hAf$?5MDn2SbJHLl!spSkoQ zA>~Y^NLKF-6ia?+ycT;jM_l~IXuYOSF!QXRd>bzB8KP_>JABrg?{6w*dFE2kJWrRe zBw4R{@I;<4*LfSK#Scn36}PULwZtUPdofHDda=!T7LZd&7pH_$b#U_Y5e~yp{5YWT z%G`W@fZi2z<1@U*S9;K9^!?DTIgz&8J|=~!VGzc|VHt=B!l4#*$o-@|pn&r58r7ep zH6;RVfGBri8^>{UNT!(>i6l!4aO^Pv5w*C*CB9^{+?OZYf^fvn+Y3jcw z4e>cqQP11xwfkw=dpe5^=@!t2af)1Y7j|rmns@#@dbLue0ovu@B}~8Eik|}AUyDT@ z7N|1M=7t~+BnB7Ek}~5! zrSk?Xj%Mg0Y6?!SpZ#zsf<-Vlf_z@dx`GExf+BiOLT`_>C3Nb#nH57!(RH0N_tleH z46;#DN|Vn77P`a<^`)8iClVZ(2Ba!QpLBLi5lt+6z3#^$TJ4FSGjgjF$(6=2sT5bj z8rAQ%|LAHMPlZ!{iFovR;RtoxHpqM0rB0IWC@6mv$KUu}aRo&=7*|1W75kgodvk(# zC0jL|O4^!3AN*oGwX3SJaXCwu<|Oa+oT#~_-AI6d^(_C~_cFeQ zK1LzUCyFbE@6~w|6jK_lgR;5s6qsWV4fu(K@>D*sm{`Ko{SJrUw+}#b(&#!EN8t{; zE0ozPm}H97tcPIZIPwz1(^Cke#5a0OI1dbET%hy9CDMw6dHs2p`y75tm@ac=W|$Ps zhLN8CPF_N{+OkI}J{-e%=gd-E}VGcIsJ;F_IB4z3G z-t}hRuqfCJmjj&eW{h#TH!4$z%=j~W9lX5kB45M&7%tmR7r^h^`Sp%`F2)X4nxp!5VrGq~b=hzj zw?0TRj{GZqK8+4#Y>#OB+ila6HsqJ7?(b`tl5#L+E9TtQC}>b-U7F6`W|m_crb(Wy zVxm99`_$^<%9l{3tkJ&bNSJ)WwL5pJ_QcwkpZ<1?vrJ)7(fi5$AG1;o!>(-Co8lBB zBX%uA=1md)3jBbw2I_1@x?IwWM9lODIc0)gPgAaLZczp{^5TW(J_+z8mZKM!$71kx z&<>yCKZ!|*sySC&9e8eJNX(~kj(K!ReCCvr?~^oYb)Czm&(E0RUD3Xb@=YMVqg0EA zcfVryF#H~;5?jBb=tJSd#rT=`pKtf?XiTn24L)AXx_&8g>Aex>`GMRaF8?niOO3Bo ziz`M>CDPdP?>*d$+g6VTtClI62X&Er@&0)pb!93T|AJyZ>$4^K;dMfl~+6?BW;G z;#EEzS;6<6#?U9&9e5!&B9HmhQ&?{h9Vb}$FX5ILt8}|}GScAy!&}tmi0Te|9L6(9 zL(wE}4ge$OPXdmHSBz+FgH9dUjvyH!8sw7LLzl*Rj){PtTu36_$p4Qg$~Rd-I<$B-1_hqA-yM>i~8NnFfY#~|(|Xx0|FHcH*WbWYY! zf4^N#VzAgL7}%T&MO4&V+J~M_?WH8gsXLn2?Q?TtCS7!7Ghf5m6vCc8vg$p(b+)!) zP$>bEFvP>Ai(0bv$G>5Cw~(U zybpxo8U-XgC5ZW1goHF@L%RtIp$zw>sVN-fUriA1BkWB?_6NyQu;s6hii3Ig3w%}( z85VFVPYx*2GBEHB4-a4A{YE??k!UBINOexzZ}9Bs^sZwS6T!Z}zklPFU0dT)a+s3y zj-AT8EiMu^!T*x?y%0~JxI&nr@eFK_zXql~M7VCiPLZqYU3A|RixqWv4@&y$;0O4w z7-^;e5pi_O%L_`9J5$W$Pk|#EH8*ET4N{q)YG6!S{6rEMW#tg03C#%t8WzNA=s^z~ z8=Dez-?-|EMeLHy$apPmU{Wb+GGTKTB~pK4nUbMb>+abWo;;qr$HXqr3X-K?*ZC0h z1#paLhO9O63slYDx!}s+e){p_rlOJ(*Rue!z+(7~4D;HH;_g6AeI62WD*nAlDR_8? z&`aFf*_h`7Cpi*adB;OUrfGV0$FrNSNho%-=*EFoB8}j6Gicm3an)^f-^Z?6LGg6# z5m$+2CK6=kl~*>Z_#(9V}pVH8PF@po(QF!Rw~slG@10sytMG&Yrldr z#O+fvjeMwtn`P{35I}h5p{0QiFa9D*wp>wB@q^{hbL%Ir#R+|#7T``-X<4Wv<=YJ@ zYWr|T?D4d=)GVEg@+q%|=l?L)yyRYW)H0Mh=7O(9GuU6>M7suV9pAmZy&oEEy%teT zjP!38C=EpD3jqx7+U5Hjx6kZq6^B+&;sQGORXOH06Y+M;x81!Svv_&3LDg_DSa?Zn z8zLBr^AF;Ii)Htn0<+Qo<5q{>KBUF|Owt0f?ZDB;`iX@n@w#iEHE1{>gr{Wuf71odtYx(3N-Yk6QWn*6Zj8mulsH zP(QwtB^B6Y%eQrVxc>PJB>GZ0hNiEN2XZJ5;3U`8Pq|wEd`1qJ>Q^;gKAt3%!my2R zPuLsf9M8^5F1WPRJ2Ld2rD_8J>p=^ z|Njk~w_E;gcndGCq1Nv_WnndIn(3ds)3&Vp<+Gy(-P4X)axEtID=evZbNjxheqJ+o z3lKjrOp^=fX3u6niV-Sv@UVaq(x_f=Pos*0jxICK;i((&sUG5=t9ZIW@Ho_-2Jfbj z*NvZArX6ewtakgj zIE+*ExZm<_Sii%Zp5^v}{p3?D&LUYWD&POuNZL5GFQOrbRUhD z?=D0DaZ+>@SVM0ahmn)tYzY{rC3KRmJ+W<=fA_ql7t(&g70?d%ilbvO3oGlz-Ia)> zJ-P3#3C;L}Mj>QPh9NhcERhZ!NN2DfxvN)$^zj)Bp`Tlnb{B0d4iP;9NQlMh1Eus7 z&G{>!+?iA!^`gW}!#zJwOA??{mZ+`2O*^745tw*hEzJ^Px?&%q6@P%%Jy*cbD&c2> zs6#ly;dcVQDeJj&*TJxAwq^1t0(HFls=Ceq;vp=bU&7XXX>L^_Z-78(L33BQ`q5lZ z@}%}aiueZ57n^}VeAN6S7n## z<1UlG5o`O2Q-UY~5qiuKfKD?DDue9Cr}a zSey82$lmVYA;k;CK`Sz=+kes)oPB@$*t)uw{>aq%ZYs)YY*mP8;#-rX_`s{_8H9dX zy}KK|HX2J1ifT1jI)F0!S>fYFeXj(WAneKsE(y>+Ble zbh^u_7qj)tX884S8rEmK9Rx8_wP_`s&%0Zn0Rxc-Lp`T%KBhvSz{SV^z7r-B)Tg%emTMY-xU;$x4%`A5& zr)=XT{bFxXn@%k*PuXQ4wK~}NzMJ@TRTx8~IXSGDccVV|okNQ@w?u>6kR+gl!&7~q z^7H9-%-z?{T+Ss=+l01*v!5Im)8e9{-dep}%AN2c?@+H-rf4q(RoS!?2z|~B`5Ykh z+n1E)3^yp=iFqqnJ+ki|!=-;>_4=ofh_{04JT85CE6H9hO+#R;i@2=MN>za74T_C-RV2aA-mS;CUW?$YI_9-W-O{|=kByytegbh*$%V8G=;UAB^OA-M~)dbLh zC_l4s*v$vW1_~!19!_7csxFyO&?tLQ_vZDvyB5{$l-w=&dSgJL5o7UB7Rb$yl93 zY$GD|U<~&|XAoJkrv9+R+007*v&6%9x!2K?Lu_+QA*br#=a(JCeKP7ib%>~-m{LId z&RLjMFr4Y^^)ZYvhq1DOx_T_N2t2H^2A1phVT_HB2;Cl--lnP}M+4y~2MK$duSfyeQfk!@ zUTyJtGJTCjnhtI++&rH*szb}{d!qpl9JE{G2XX;@mFC#ko zsLmKDVZAj8y+AhcD3*}XUm!3ofPh{WS2{JiE>pnZkqkci%zKHzo6VO)sFDYokZPzz z@>%gIIwgxpywrULobwS7u|+ONwRF=BK4c!^jr~N5`Ob}**=#;4vZUhiHH@kfH#^A( z6V}vQI~1$;ghyxaWm&V>hu5tm2Bo5k*zKvs)GaTBtojN+JIZ?^Ns;RVz1F3e6oBMNa*Jo*Eytain;$G<*U;_*UtWb@VKCDy1Z?+emeopP(%_$MrzL`k6wwBhx8*N-e57*H~I2$2i6`C{m z>?Jo^3q6;pJD5*ove)&b@mJ-v6Q3PTqEQ0gy7qd8q&DviTaa;@ncOvIry<)V6m~>) zw_9S2!1RTc@4jrk<`iEMhEtSR_LU}D6!V>`!)VG1(zs?lZFd+Gj^e3LEaNE+tqofm zCEWGEVK!(5snV#<6pMbzQb#CB>rgLkArvo5)#p$Cf!pp}mHcq_nBNzH6PTQfe&Lv4 z)VG+OXk{AJ&@puM$>+#4&fBCa6`x!?snT>{%M?ZkkT^BW1t)?YZpV9z^bT(NEa#SR zdt&m`ZJ!WfQ|Ye6CaWIxWASRw*Lj=^9t)KqMHXv?#^`A{ilTRoO_fW_eNBqek1;we zA?07GvI%>yl=8HPX(jVXi>|S9tzv&l^CyJ!o6dVx8ww7UUACLw8Q4_mgJpzho<-k(g{ZgM!=Yslny zM6E(pO{DmXD?LgItRt-iW%6q?1;cx*EFVdxavs?KarXiLJJjBD)*l|n zwbvD9lnzw129b~A*T~Yi=R9RR3<}*hT)Vu@i#y26Zom7Cxh^%2gI|`hh(fC#xy@k8 zC9K|DBv&S6h_Jp0t}X4ol0vVk;A2P;RvU?G2^-u-m(CM;{!-;4-jv?eX`zmiZn`*~kcD)_*{+7Cu3?Ya^BLmgh z_au&#mnLST9YUwu9#`8cGn6Kj7#S`9bGmj-!Qwdm%8F84?X3Cuf<4*qguT?S@3Fbh z2Qo5%1eVmg${y$1jy7zhYL8Y;)|9d9htI6E1T6yvfPn=H0G`NsNjM-yT1Bm>Uacu= zCCjit_c_^@388Q5Of>K73eTblHGL1}5I6_Cwq=pd@Sis?nCsBrpL`&45)u6jbzETHM`Ou-knT|F6#j zd8;lHeTXS;sCKj>Ya(kLYLO~XoqdCWlJY*p)&nW$UagQtx0Vd$FLbS3GZzYX^ZG$^*8Hj^1iG$`iP_ZD&oYS`q-?@k}`PG8}D#>=%ibU z{thyw%&Y5;anF2*q2`abW+S2}nYkqaBOTeshWmfJwsx)%Gd83c)_@%Q*WnK$>>h|{ z)=yY00hJ~fg8G(XpCd=osgC8=^)#A}N+p8TABa@|%E8q4FZr2!K>S2zYLD_kkqRk3 z55)!?h5q$TLRf5(H$Dw%8i3Y^0{|wM{~ATM-AL>m6jKQ_twm)N!+ONrq##8 zBPJd@7tf1btjNvBwg+4?irc<&-$7KyK>`7ee@J0;o^|C~3a4!)MzDv~!>`;pMz(x$ zSyCDN1`Oz5QPT`xJ}ai}VIydbZpLlCET&~%UtgaK(~BSYd@wu%b{Aw6q0*XrPe7-= z0z&Rn!yP*upyIKmu(0qA%tA(3!gu68I7N2w@NxN(rws`Y^e3tasHYm+Vru6*YBaTo z_bZzpNc<*L@m}E09Ix~nG#5Pv6akx}UYHtaH{Cfg4_fxW(88i^cc4y+#;?vlX&0e_}EbgDXM7rhlNwvHaA?0y5+;%9#M3 zqM4!2U5I(oAZYR{an{Gzw>T<#+|@T;9}j~b1HuQMaf!xFe$30wEkJ3gskKmCPjfo+ zKZ1M+;Ud3dMNdJ`5AoBZ_u534%Dgy+lAbYXPD7Wgsl z_XQW_&ik$0s7g;p#^ugx{D5obw^;|!k<}ze-EWZ+V`U)WDOXtiZ-XBZJHq&4=<}f|WSWF$0qDbgQKu>s}D~xlt+?1w*-<_!Nx{#A&Nv9Gv z{r0enuPutLePfJJ9B8z4fAF?)$?$AYNrJYb$CAsc_m;j74XR@CZLX)kw{bKd7sIGb zH_a?@AMfW{ImdadV8w|6bvZc`L%{8If~t-1MVv{bKznuin}yfq(N3!h>ZBfr?mqT{ zq+-y@h60Puao+eMW0r4?eAW72J1z9+qVcdFtz~(fA+0XRW}E9!xwDnG`mf{j!g<8P tU!0htyRw7oDt From 1c5a396d49d972af0f90c91c5ad33fe4e722bbca Mon Sep 17 00:00:00 2001 From: Baptiste Grenier Date: Thu, 12 Oct 2023 10:12:19 +0200 Subject: [PATCH 19/19] Update check-spelling configuration (#616) Update check-spelling configuration to address errors in checks done in PRs. --- .github/actions/spelling/allow.txt | 1 - .github/actions/spelling/expect.txt | 3 - .github/workflows/spelling.yml | 91 ++++++++++++++++------------- 3 files changed, 50 insertions(+), 45 deletions(-) diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 767b084559..5cb16ba2e5 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -613,7 +613,6 @@ unicore universiti untaring uploadtest -uploadtest.txt UPM upv uscms diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 6c3dd8d187..9b9cfd4308 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -1,6 +1,3 @@ -# Expected "words" that aren't in the dictionary, one word per line. -# Some arbitrary strings that are in test files that aren't really words. -# They should be removed if the test are changed/removed. CVMFS diracsgm microk8s diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index d49509ce6b..79a299bde0 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -34,6 +34,29 @@ name: Check Spelling # # For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key +# Sarif reporting +# +# Access to Sarif reports is generally restricted (by GitHub) to members of the repository. +# +# Requires enabling `security-events: write` +# and configuring the action with `use_sarif: 1` +# +# For information on the feature, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Sarif-output + +# Minimal workflow structure: +# +# on: +# push: +# ... +# pull_request_target: +# ... +# jobs: +# # you only want the spelling job, all others should be omitted +# spelling: +# # remove `security-events: write` and `use_sarif: 1` +# # remove `experimental_apply_changes_via_bot: 1` +# ... otherwise adjust the `with:` as you wish + on: push: branches: @@ -44,12 +67,12 @@ on: branches: - "**" types: - - 'opened' - - 'reopened' - - 'synchronize' + - "opened" + - "reopened" + - "synchronize" issue_comment: types: - - 'created' + - "created" jobs: spelling: @@ -62,7 +85,9 @@ jobs: outputs: followup: ${{ steps.spelling.outputs.followup }} runs-on: ubuntu-latest - if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'" + if: + ${{ contains(github.event_name, 'pull_request') || github.event_name == + 'push' }} concurrency: group: spelling-${{ github.event.pull_request.number || github.ref }} # note: If you use only_check_changed_files, you do not want cancel-in-progress @@ -72,7 +97,8 @@ jobs: id: spelling uses: check-spelling/check-spelling@main with: - suppress_push_for_open_pull_request: 1 + suppress_push_for_open_pull_request: + ${{ github.actor != 'dependabot[bot]' && 1 }} checkout: true only_check_changed_files: 1 check_file_names: 1 @@ -80,33 +106,12 @@ jobs: post_comment: 0 use_magic_file: 1 experimental_apply_changes_via_bot: 1 - use_sarif: 0 - extra_dictionary_limit: 10 - extra_dictionaries: - cspell:aws/aws.txt - cspell:bash/bash-words.txt - cspell:cpp/src/cpp.txt - cspell:django/django.txt - cspell:elixir/elixir.txt - cspell:filetypes/filetypes.txt - cspell:fullstack/fullstack.txt - cspell:html/html.txt - cspell:java/java.txt - cspell:node/node.txt - cspell:npm/npm.txt - cspell:php/php.txt - cspell:powershell/powershell.txt - cspell:public-licenses/src/generated/public-licenses.txt - cspell:python/src/common/extra.txt - cspell:python/src/python/python-lib.txt - cspell:python/src/python/python.txt - cspell:r/src/r.txt - cspell:rust/rust.txt - cspell:scala/scala.txt - cspell:software-terms/src/software-terms.txt - cspell:sql/src/tsql.txt - cspell:typescript/typescript.txt - cspell:win32/src/win32.txt + use_sarif: + ${{ (!github.event.pull_request || + (github.event.pull_request.head.repo.full_name == + github.repository)) && 1 }} + extra_dictionary_limit: 20 + extra_dictionaries: cspell:software-terms/dict/softwareTerms.txt comment-push: name: Report (Push) @@ -115,10 +120,12 @@ jobs: needs: spelling permissions: contents: write - if: (success() || failure()) && needs.spelling.outputs.followup && github.event_name == 'push' + if: + (success() || failure()) && needs.spelling.outputs.followup && + github.event_name == 'push' steps: - name: comment - uses: check-spelling/check-spelling@prerelease + uses: check-spelling/check-spelling@main with: checkout: true spell_check_this: check-spelling/spell-check-this@prerelease @@ -130,8 +137,11 @@ jobs: runs-on: ubuntu-latest needs: spelling permissions: + contents: read pull-requests: write - if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, 'pull_request') + if: + (success() || failure()) && needs.spelling.outputs.followup && + contains(github.event_name, 'pull_request') steps: - name: comment uses: check-spelling/check-spelling@main @@ -148,11 +158,10 @@ jobs: pull-requests: write actions: read runs-on: ubuntu-latest - if: ${{ - github.event_name == 'issue_comment' && - github.event.issue.pull_request && - contains(github.event.comment.body, '@check-spelling-bot apply') - }} + if: + ${{ github.event_name == 'issue_comment' && + github.event.issue.pull_request && contains(github.event.comment.body, + '@check-spelling-bot apply') }} concurrency: group: spelling-update-${{ github.event.issue.number }} cancel-in-progress: false