From 2d50ecc2863ab5ef5f98e3c4cb9c8a5f85dcfac0 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 2 Dec 2020 16:26:52 +0000 Subject: [PATCH 001/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@2fc6c12805438fc45eebdfdf4871f59fef693dc3 --- .circleci/config.yml | 2 +- .ruby-version | 2 +- Dockerfile | 2 +- Gemfile | 2 +- Gemfile.lock | 12 ++++++------ _includes/footer.html | 3 ++- 6 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 1c74c37..41d4ba0 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -2,7 +2,7 @@ version: 2.1 jobs: build: docker: - - image: circleci/ruby:2.7.1 + - image: circleci/ruby:2.7.2 environment: # fix encoding - LANG: C.UTF-8 diff --git a/.ruby-version b/.ruby-version index 860487c..37c2961 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.1 +2.7.2 diff --git a/Dockerfile b/Dockerfile index 0c2cb34..0d0d07e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.7.1 +FROM ruby:2.7.2 WORKDIR /usr/src/app diff --git a/Gemfile b/Gemfile index c56a44a..e73ae76 100644 --- a/Gemfile +++ b/Gemfile @@ -1,6 +1,6 @@ source 'https://rubygems.org/' -ruby '2.7.1' +ruby '2.7.2' gem 'jekyll' gem 'mini_racer' diff --git a/Gemfile.lock b/Gemfile.lock index f29b97e..b787052 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -1,7 +1,7 @@ GEM remote: https://rubygems.org/ specs: - activesupport (6.0.3.3) + activesupport (6.0.3.4) concurrent-ruby (~> 1.0, >= 1.0.2) i18n (>= 0.7, < 2) minitest (~> 5.1) @@ -75,7 +75,7 @@ GEM kramdown (~> 2.0) libv8 (8.4.255.0) liquid (4.0.3) - listen (3.2.1) + listen (3.3.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) @@ -98,7 +98,7 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.4) - rouge (3.23.0) + rouge (3.25.0) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) @@ -107,14 +107,14 @@ GEM thread_safe (0.3.6) typhoeus (1.4.0) ethon (>= 0.9.0) - tzinfo (1.2.7) + tzinfo (1.2.8) thread_safe (~> 0.1) unicode-display_width (1.7.0) uswds-jekyll (5.2.0) jekyll (>= 4.0, < 5) jekyll-autoprefixer yell (2.2.2) - zeitwerk (2.4.0) + zeitwerk (2.4.1) PLATFORMS ruby @@ -131,7 +131,7 @@ DEPENDENCIES uswds-jekyll (~> 5.0) RUBY VERSION - ruby 2.7.1p83 + ruby 2.7.2p137 BUNDLED WITH 2.1.4 diff --git a/_includes/footer.html b/_includes/footer.html index 2bfda1a..e9cd363 100644 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -24,7 +24,8 @@ {% endif %} {% if anchor.edit_page %} - {% include components/github-edit.html footer=anchor path=page.path %} + {% assign repo_page_path = site.collections_dir | append: "/" | append: page.path %} + {% include components/github-edit.html footer=anchor path=repo_page_path %} {% endif %}

From 9923f656bfae666b6b4b78eca06dc81bb7261162 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 5 Dec 2020 07:25:59 +0000 Subject: [PATCH 002/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@00f22c24ac8cf0606a3da1ae0b7fcbe954fad5df --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index b787052..b775f86 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.17.3) + html-proofer (3.17.4) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) From 259d3f3f7a0d75bd9fbb2bd640486bd2f8bc3f5a Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 15 Dec 2020 07:30:37 +0000 Subject: [PATCH 003/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@bd673f04c28d3fbdffe09ada8dbbf1aea47bbc53 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index b775f86..c4f79c0 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.17.4) + html-proofer (3.18.0) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) From fa6587bc7d08f3b89794e89d570a8576c7159f11 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 16 Dec 2020 07:31:05 +0000 Subject: [PATCH 004/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@bce8c69f6daf14cd246c9bf52531d5e3fe5fdac5 --- Gemfile.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index c4f79c0..17fb355 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -37,21 +37,21 @@ GEM http_parser.rb (0.6.0) i18n (1.8.5) concurrent-ruby (~> 1.0) - jekyll (4.1.1) + jekyll (4.2.0) addressable (~> 2.4) colorator (~> 1.0) em-websocket (~> 0.5) i18n (~> 1.0) jekyll-sass-converter (~> 2.0) jekyll-watch (~> 2.0) - kramdown (~> 2.1) + kramdown (~> 2.3) kramdown-parser-gfm (~> 1.0) liquid (~> 4.0) mercenary (~> 0.4.0) pathutil (~> 0.9) rouge (~> 3.0) safe_yaml (~> 1.0) - terminal-table (~> 1.8) + terminal-table (~> 2.0) jekyll-autoprefixer (1.0.2) autoprefixer-rails (~> 9.3) jekyll-last-modified-at (1.3.0) @@ -75,7 +75,7 @@ GEM kramdown (~> 2.0) libv8 (8.4.255.0) liquid (4.0.3) - listen (3.3.1) + listen (3.3.3) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) @@ -98,11 +98,11 @@ GEM rb-inotify (0.10.1) ffi (~> 1.0) rexml (3.2.4) - rouge (3.25.0) + rouge (3.26.0) safe_yaml (1.0.5) sassc (2.4.0) ffi (~> 1.9) - terminal-table (1.8.0) + terminal-table (2.0.0) unicode-display_width (~> 1.1, >= 1.1.1) thread_safe (0.3.6) typhoeus (1.4.0) From 0b440787b2363a30ef75f35e514f6b0d5876b757 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Thu, 17 Dec 2020 12:02:21 -0800 Subject: [PATCH 005/179] Clarify state of Cypress Test Runner and Dashboard (#217) --- _guide/_pages/browser-testing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/browser-testing.md b/_guide/_pages/browser-testing.md index 24eb0f0..2e46401 100644 --- a/_guide/_pages/browser-testing.md +++ b/_guide/_pages/browser-testing.md @@ -47,4 +47,4 @@ For Safari on iOS: ## Chrome-family browsers and Firefox - [Cypress](https://www.cypress.io/features) - * Ask in #infrastructure + * The command-line test runner and local GUI is [approved for use](https://handbook.tts.gsa.gov/software/search/#cypress). However, the [Cypress Dashboard SaaS](https://www.cypress.io/dashboard/) is not. From d88d37908d7f98bb98bc6a9e70088c8da441faab Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Thu, 17 Dec 2020 12:18:35 -0800 Subject: [PATCH 006/179] Clarify classification tags (#218) * Clarify classification tags Based on feedback, clarify our classification tags as we've only applied them to portions of the guide and likely will never explicitly tag every topic, sub-section, etc. * Apply suggestions from code review Co-authored-by: Carter Baxter <32077682+tbaxter-18f@users.noreply.github.com> Co-authored-by: Carter Baxter <32077682+tbaxter-18f@users.noreply.github.com> --- _guide/_pages/index.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/_guide/_pages/index.md b/_guide/_pages/index.md index dd8dd59..61271e4 100644 --- a/_guide/_pages/index.md +++ b/_guide/_pages/index.md @@ -15,9 +15,12 @@ This guide is where the TTS Engineering Practices Guild collects its best practi ## How we classify best practices -These documents are structured by topic; under each, we include "Requirement", +These documents are structured by topic; under topics we have classified we indicate "Requirement", "Standard", "Default", "Suggestion", and "Caution". +If a classification is not present on a topic or a reference to a tool or practice, it should be presumed +to be a {%include components/tag-suggestion.html %} and the decision is left at your discretion. If you are unsure, ask in #dev, as the topic or tool may be a good candidate for classification. + {%include components/tag-requirement.html %} indicates practices that *must* be done for regulatory, legal, compliance, or other reasons. @@ -34,3 +37,6 @@ they're not widely used enough to be defaults, but are worth considering. {%include components/tag-caution.html %} marks approaches that have significant pitfalls or should not be used for security/compliance reasons. + +If a specific classification is not present on a topic or reference to a tool or practice, it should be presumed +to be a {%include components/tag-suggestion.html %}. From 219a7ed256073b268a346078ba4200cb52d75d14 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 18 Dec 2020 07:34:36 +0000 Subject: [PATCH 007/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@06a060c4eebe9b2162a63165f2962dcbd1dec6db --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 17fb355..51a679a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.18.0) + html-proofer (3.18.1) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) From b64e6ef53e09eedf2251bc833db52a834ef618fd Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 19 Dec 2020 07:34:04 +0000 Subject: [PATCH 008/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@47b4632979803507d061ff1720ce65f50a62d7c3 --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 51a679a..622a153 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.18.1) + html-proofer (3.18.2) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) From 5303e2742f75433517cdd3b262494492c5ed6d36 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 5 Jan 2021 07:47:28 +0000 Subject: [PATCH 009/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@8a54e2f21f835dcd1f48a623bbc53cc62c41182e --- Gemfile.lock | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index 622a153..5f29d37 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -20,13 +20,13 @@ GEM ffi (>= 1.3.0) eventmachine (1.2.7) execjs (2.7.0) - ffi (1.13.1) + ffi (1.14.2) forwardable-extended (2.6.0) gemoji (3.0.1) html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.18.2) + html-proofer (3.18.5) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) @@ -79,12 +79,13 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) - mini_portile2 (2.4.0) + mini_portile2 (2.5.0) mini_racer (0.3.1) libv8 (~> 8.4.255) minitest (5.14.2) - nokogiri (1.10.10) - mini_portile2 (~> 2.4.0) + nokogiri (1.11.0) + mini_portile2 (~> 2.5.0) + racc (~> 1.4) nokogumbo (2.0.4) nokogiri (~> 1.8, >= 1.8.4) parallel (1.20.1) @@ -92,8 +93,9 @@ GEM forwardable-extended (~> 2.6) posix-spawn (0.3.15) public_suffix (4.0.6) + racc (1.5.2) rainbow (3.0.0) - rake (13.0.1) + rake (13.0.3) rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) From 7333c72e731e1fb23dbbf81ba28ebd1f2803fdf7 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 15:17:40 -0600 Subject: [PATCH 010/179] Add page for choosing a web application architecture We decided to place under Tools for now --- _guide/_data/navigation.yml | 2 + _guide/_pages/web-architecture.md | 131 ++++++++++++++++++++++++++++++ 2 files changed, 133 insertions(+) create mode 100644 _guide/_pages/web-architecture.md diff --git a/_guide/_data/navigation.yml b/_guide/_data/navigation.yml index 1a2426f..ba1c526 100644 --- a/_guide/_data/navigation.yml +++ b/_guide/_data/navigation.yml @@ -47,6 +47,8 @@ tools: href: /continuous-deployment/ - text: Datastore Selection href: /datastore-selection/ + - text: Choosing a Web App Architecture + href: /web-architecture - text: SharePoint Primer href: /sharepoint/ diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md new file mode 100644 index 0000000..0c438a7 --- /dev/null +++ b/_guide/_pages/web-architecture.md @@ -0,0 +1,131 @@ +--- +title: Choosing a Web App Architecture +sidenav: tools +sticky_sidenav: true +--- + +The goal of this guide is to help you decide how to approach an application’s UI, driving towards simplicity. + +Simpler approaches involve: + +- **fewer layers of technology** +- **using stable technology over cutting-edge**, and +- **less computation or no computation when possible** + +### Why push for simplicity + +Government software projects often face tight budgets, are used long-term, and have a broad user base with diverse needs. Because of these factors, simpler is better. + +- **Cost-effectiveness**: Government agencies need to carefully steward public funds. Because budgets for software development in government can be tight, the technology we buy and build should be cost-efficient as well as high-quality. We’ve found that simpler UI technologies are more cost-effective to build and maintain, and easier to understand for members of the public who want to contribute. +- **Maintainability**: Government is long-term, so we want government software to last. We want to be kind to the future maintainers of our software and leave them with the minimum possible complexity to maintain. +- **Accessibility**: As government employees we serve the public, so the websites we build must be highly accessible to the public. The more complexity involved in building UI views, the more work it takes to build an accessible site. + +### How to choose an approach + +How much complexity does your web application need to include? That depends on what kind of features it requires. + +- If you can make it a static site, you should. +- If you can’t, it should probably be a server-rendered app. +- If your use case requires a bit of client-side interactivity, use the above options with a bit of JavaScript. +- If your use case requires complex client-side interactivity, then you may need a single-page application. + +Web applications can and do shift approaches over time. + +Many web apps begin their life cycles with server-side rendering only, and add more client-side functionality over time in response to user behavior. Consider whether your application could initially launch as a server-rendered app, with the potential to add more client-side functionality based on user behavior. + +See below for examples and heuristics to help you decide which UI architecture could make the most sense for your project as a starting point: + +### If you can make it a static site, you should. + +_When thinking about a static site, you might use words like: Jekyll, Hugo, Federalist, static HTML._ + +#### Benefits to this approach: + +- Simple to keep running (low maintenance cost) +- Can use Federalist to outsource deployment of the site +- Quick path to ATO, or no ATO at all since Federalist has its own ATO +- Automatic accessibility testing is extremely straightforward +- Searching with search.gov/search engines is easy + +#### When this might be the right fit: + +- A site used mostly to publish static content, such as public-facing agency information, articles, or press releases +- An informational handbook or guide +- A blog + +#### When you might need something more complex: + +- When your app needs authentication, user roles or permissions +- When your app needs to draw from live data feeds or APIs +- When your app needs to handle sensitive data or PII + +### If you can’t, it should probably be a server-rendered app. + +_When thinking about a server-rendered app, you might use words like: Django, Rails._ + +#### Benefits to this approach: + +- Stable, tried-and-true tooling +- Only one set of development skills needed, as opposed to separate back-end and front-end development skills +- Faster development velocity and lower costs to build and maintain than an equivalent project with separate front-end and back-end apps +- Can use tools like Cloud.gov +- Easy to see if it’s working (compared to purely client-side functionality) if status codes returned are 200 +- Changes to data are easy to manage using tools like Admin Interfaces +- Custom implemented searching with SQL-y endpoints +- Adding basic forms with no client-side interactivity are a breeze +- Client doesn’t get out of sync with the server, as it’s served from the response. + +#### Drawbacks to this approach: + +- Applications with servers and databases will need their own ATO +- Deployment is more complex and requires more skills to maintain +- Zero downtime deployments are more complex + +### If your use case requires a bit of client-side interactivity, use the above options with a bit of JavaScript. + +_You might use words like: Stimulus, jQuery, Plain JavaScript._ + +#### Benefits to this approach: + +- Accessibility testing is relatively straightforward +- Interactivity that doesn’t require state management, like animations or visual graphics +- Because memory is dumped between pages, potential memory leaks or tricky to diagnose issues are less impactful +- Leverages the browser cache +- Can use more than one JavaScript framework, which may be useful for project transitions +- Leaves room for more flexible decisions for UI down the road + +#### Drawbacks to this approach: + +- Forms with complex state are harder to manage +- Build/deployment includes both server-side build patterns and client-side build patterns +- Hard to know where something is rendered +- No clear conventions, no standard way to build them. +- Can quickly turn into a ball of JavaScript with mixed frameworks +- Generally uses two (or more) package managers + +### If your use case requires complex client-side interactivity, then you may need a single-page application. + +_You might use words like: React, React Router, Redux, Angular, Gatsby, Vue.js, Ember_ + +#### Benefits to this approach: + +- Handling offline support +- Managing client-side state is required and first-class, so handling complex interactions are more straightforward +- Clearer conventions for how code should be written, compared to server-side rendering with a bit of JavaScript + +#### Drawbacks to this approach: + +- Requires more specialist dev skills to build +- Can be costlier to build and maintain (both in time and money) than server-rendered or static sites +- Making pages and features accessible requires more developer time and effort +- Testing for accessibility is no longer straightforward +- Proper SEO also requires more developer time and effort +- Deployments: how do you monitor when a new version of a SPA is available and apply the code changes? What if the SPA is a different version than the server? +- An SPA can run for days, weeks, etc; which may highlight memory management problems +- Routing: the browser already handles this, but SPA's override it and it becomes your problem +- Caching can be tricky with many areas to maintain state storage (rather than just the browser’s cache) +- Execution environment is always unknown and changing + +### Conclusion + +Keeping UI architecture as simple as possible can help keep government websites cost-effective, maintainable, and accessible. Understanding your user requirements can help decide what kinds of client-side interactivity are nice-to-haves, must-haves, or not needed at all. From d4816e972648bb31dbe1eaa625bf0b5316630fcc Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:32:06 -0600 Subject: [PATCH 011/179] Add links to tooling Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 0c438a7..3630851 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -37,7 +37,7 @@ See below for examples and heuristics to help you decide which UI architecture c ### If you can make it a static site, you should. -_When thinking about a static site, you might use words like: Jekyll, Hugo, Federalist, static HTML._ +_When thinking about a static site, you might use words like: [Jekyll](https://jekyllrb.com), [Hugo](https://gohugo.io), [Federalist](https://federalist.18f.gov), static HTML._ #### Benefits to this approach: From e350d1954e720500143fa138ef4c89f1b6ee6ce4 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:32:29 -0600 Subject: [PATCH 012/179] remove UI verbage Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 3630851..2c4ac99 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -33,7 +33,7 @@ How much complexity does your web application need to include? That depends on w Many web apps begin their life cycles with server-side rendering only, and add more client-side functionality over time in response to user behavior. Consider whether your application could initially launch as a server-rendered app, with the potential to add more client-side functionality based on user behavior. -See below for examples and heuristics to help you decide which UI architecture could make the most sense for your project as a starting point: +See below for examples and heuristics to help you decide which architecture could make the most sense for your project as a starting point: ### If you can make it a static site, you should. From b8170ffc54b338cbbb8ed41d5c374a77c167605b Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:41:15 -0600 Subject: [PATCH 013/179] remove UI verbage Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 2c4ac99..4b6a64f 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -4,7 +4,7 @@ sidenav: tools sticky_sidenav: true --- -The goal of this guide is to help you decide how to approach an application’s UI, driving towards simplicity. +The goal of this guide is to help you decide how to approach a web application’s architecture, driving towards simplicity. Simpler approaches involve: From 1b6a351f29e938d32109f3f8163eeea0bd566a17 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:41:31 -0600 Subject: [PATCH 014/179] Add links to tooling Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 4b6a64f..00b9bdc 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -61,7 +61,7 @@ _When thinking about a static site, you might use words like: [Jekyll](https://j ### If you can’t, it should probably be a server-rendered app. -_When thinking about a server-rendered app, you might use words like: Django, Rails._ +_When thinking about a server-rendered app, you might use words like: [Django](https://www.djangoproject.com/), [Rails](https://rubyonrails.org/)._ #### Benefits to this approach: From 98402a687e5d91aebd27ab9a0e52422c6483b262 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:41:55 -0600 Subject: [PATCH 015/179] Add links to tooling Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 00b9bdc..0df01e7 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -83,7 +83,7 @@ _When thinking about a server-rendered app, you might use words like: [Django](h ### If your use case requires a bit of client-side interactivity, use the above options with a bit of JavaScript. -_You might use words like: Stimulus, jQuery, Plain JavaScript._ +_You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](https://jquery.com), Plain JavaScript._ #### Benefits to this approach: From 9e5e455678e5cf2af347e29294cb1f6deed226fc Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:42:13 -0600 Subject: [PATCH 016/179] Add links to tooling Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 0df01e7..3099c66 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -105,7 +105,7 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht ### If your use case requires complex client-side interactivity, then you may need a single-page application. -_You might use words like: React, React Router, Redux, Angular, Gatsby, Vue.js, Ember_ +_You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react), [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular), [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ #### Benefits to this approach: From bcd2972d2be43e55393b063cfe3c2719913085a9 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:42:44 -0600 Subject: [PATCH 017/179] Add links to tooling Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 3099c66..523bb12 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -68,7 +68,7 @@ _When thinking about a server-rendered app, you might use words like: [Django](h - Stable, tried-and-true tooling - Only one set of development skills needed, as opposed to separate back-end and front-end development skills - Faster development velocity and lower costs to build and maintain than an equivalent project with separate front-end and back-end apps -- Can use tools like Cloud.gov +- Can use tools like [Cloud.gov](https://cloud.gov) - Easy to see if it’s working (compared to purely client-side functionality) if status codes returned are 200 - Changes to data are easy to manage using tools like Admin Interfaces - Custom implemented searching with SQL-y endpoints From d8b4a3d9fe7c5d850d0c9bd56c461d1fc53e6474 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:42:59 -0600 Subject: [PATCH 018/179] remove UI verbiage Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 523bb12..9769fc9 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -128,4 +128,4 @@ _You might use words like: [React](https://engineering.18f.gov/javascript/framew ### Conclusion -Keeping UI architecture as simple as possible can help keep government websites cost-effective, maintainable, and accessible. Understanding your user requirements can help decide what kinds of client-side interactivity are nice-to-haves, must-haves, or not needed at all. +Keeping web application architecture as simple as possible can help keep government websites cost-effective, maintainable, and accessible. Understanding your user requirements can help decide what kinds of client-side interactivity are nice-to-haves, must-haves, or not needed at all. From 40468ef81d1c58335d93e8432bda238924faaaf4 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:43:28 -0600 Subject: [PATCH 019/179] include acronym Co-authored-by: Ryan Hofschneider --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 9769fc9..1ecf7f8 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -103,7 +103,7 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht - Can quickly turn into a ball of JavaScript with mixed frameworks - Generally uses two (or more) package managers -### If your use case requires complex client-side interactivity, then you may need a single-page application. +### If your use case requires complex client-side interactivity, then you may need a single-page application (SPA). _You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react), [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular), [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ From 618f2e903d32ba9928c31e560a61aeb6764163fe Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:52:54 -0600 Subject: [PATCH 020/179] Add status tags to some tools --- _guide/_pages/web-architecture.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index 1ecf7f8..e9889d5 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -37,7 +37,7 @@ See below for examples and heuristics to help you decide which architecture coul ### If you can make it a static site, you should. -_When thinking about a static site, you might use words like: [Jekyll](https://jekyllrb.com), [Hugo](https://gohugo.io), [Federalist](https://federalist.18f.gov), static HTML._ +_When thinking about a static site, you might use words like: [Jekyll](https://jekyllrb.com), [Hugo](https://gohugo.io), [Federalist](https://federalist.18f.gov) {%include components/tag-standard.html %}, static HTML._ #### Benefits to this approach: @@ -105,7 +105,7 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht ### If your use case requires complex client-side interactivity, then you may need a single-page application (SPA). -_You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react), [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular), [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ +_You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react) {%include components/tag-default.html %}, [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular), [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ #### Benefits to this approach: From a0f8b19ad12937580b3288249636e3edd93c56f7 Mon Sep 17 00:00:00 2001 From: Eleni Chappen Date: Fri, 8 Jan 2021 16:56:37 -0600 Subject: [PATCH 021/179] forgot a status tag link --- _guide/_pages/web-architecture.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/web-architecture.md b/_guide/_pages/web-architecture.md index e9889d5..903ba8e 100644 --- a/_guide/_pages/web-architecture.md +++ b/_guide/_pages/web-architecture.md @@ -105,7 +105,7 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht ### If your use case requires complex client-side interactivity, then you may need a single-page application (SPA). -_You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react) {%include components/tag-default.html %}, [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular), [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ +_You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react) {%include components/tag-default.html %}, [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular) {%include components/tag-suggestion.html %}, [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ #### Benefits to this approach: From 9c9280957b451683b9f46d03face6e65e46cb39a Mon Sep 17 00:00:00 2001 From: folksgl Date: Tue, 26 Jan 2021 11:43:45 -0500 Subject: [PATCH 022/179] improve link text throughout document --- _guide/_pages/continuous-deployment.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/_guide/_pages/continuous-deployment.md b/_guide/_pages/continuous-deployment.md index 11b239b..7963634 100644 --- a/_guide/_pages/continuous-deployment.md +++ b/_guide/_pages/continuous-deployment.md @@ -7,13 +7,13 @@ sticky_sidenav: true ## Pre-requisites This guide assumes that you already have: -- [a GitHub account](https://handbook.18f.gov/github/) and a GitHub repository, typically [under the 18F organization](https://github.com/18F) +- [a GitHub account](https://handbook.18f.gov/github/) and a GitHub repository, typically under the [18F GitHub organization](https://github.com/18F) - [a CircleCI account](https://circleci.com/signup/) (Log In with GitHub) - [a cloud.gov account](https://cloud.gov/docs/getting-started/accounts/?) ## 1. Getting deployer credentials -Use the instructions on [Cloud.gov](https://cloud.gov/docs/apps/continuous-deployment/#provisioning-deployment-credentials) to create a deployer account for your app. Your deployer credentials will regularly expire, so please make sure to update them periodically. +Use the [instructions on Cloud.gov](https://cloud.gov/docs/apps/continuous-deployment/#provisioning-deployment-credentials) to create a deployer account for your app. Your deployer credentials will regularly expire, so please make sure to update them periodically. ## 2. Configure the continuous integration service @@ -78,7 +78,7 @@ Done! ## Add manifests Cloud.gov (and Cloud Foundry) use manifest files to specify how an app should be built on cloud.gov. You will now add two separate files, a `manifest.yml` for your production app and a `manifest-staging.yml` for your development application. -Generally your production application will have multiple instances while your staging will only have one. Manifests can be short and sweet, or extensive. For the full cloud foundry documentation on manifests see here: . +Generally your production application will have multiple instances while your staging will only have one. Manifests can be short and sweet, or extensive. See the full [cloud foundry documentation on manifests](https://docs.cloudfoundry.org/devguide/deploy-apps/manifest.html#minimal-manifest). For an example manifest and manifest-staging see here: [Acquisitions Manifest](https://github.com/18F/acquisitions.18f.gov/blob/develop/manifest.yml) @@ -86,7 +86,7 @@ For an example manifest and manifest-staging see here: ## Zero Downtime Deploy Options -- `v3-zdt-push` is an official command, yet is in active development. See +- [`v3-zdt-push`](https://docs.cloudfoundry.org/devguide/deploy-apps/rolling-deploy.html) is an official command, yet is in active development. - `zero-downtime-push` is the popular Autopilot plugin used by a lot of TTS projects and used in both of the above examples. It is now unmaintained and archived though. Does not support buildpacks. If your application successfully deploys to cloud.gov but does not start, which may happen for an application that does not have an adequate test suite, you may have to go into the cf target space and manually delete the "APP_NAME-venerable" application in order to make use of `autopilot` again. -- `blue-green-deploy` another plugin similar to autopilot. +- [`blue-green-deploy`](https://github.com/bluemixgaragelondon/cf-blue-green-deploy) another plugin similar to autopilot. - An official CircleCI / Cloud Foundry Orb is also available at From 3ab66d6c7b05edc32e705523ec2e7ec8db278949 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 10:30:31 -0500 Subject: [PATCH 023/179] format docker page with prettier --- _guide/_pages/project-setup/docker.md | 44 ++++++++++++++++----------- 1 file changed, 26 insertions(+), 18 deletions(-) diff --git a/_guide/_pages/project-setup/docker.md b/_guide/_pages/project-setup/docker.md index 42bd6b2..70be0b0 100644 --- a/_guide/_pages/project-setup/docker.md +++ b/_guide/_pages/project-setup/docker.md @@ -175,9 +175,11 @@ have several strategies at our disposal. Before we dive too deep, it's important to first discuss `docker-compose run`. Consider + ```sh docker-compose run --rm my-service py.test --pdb ``` + This starts your `my-service` (as defined in your docker-compose manifest), including any necessary dependencies, such as databases. It doesn't execute `my-service`'s startup command, however; instead it runs `py.test` within the @@ -192,18 +194,22 @@ by writing wrapping shell scripts or command aliases. A second strategy places those commands within the docker-compose manifest as pseudo-services, e.g. + ```yml services: py.test: image: thing-that-contains-pytest volumes: - - $PWD:/apps-dir + - $PWD:/apps-dir entrypoint: py.test ``` + These would be executed via + ```sh docker-compose run --rm py.test --pdb ``` + This approach defines a concise list of the entry points to your software suite, but may require additional image rebuilding and can be confusing when combined with `docker-compose up`. If taking this approach, be sure to use @@ -226,18 +232,20 @@ Can we get by without an application image, then? For example, consider a docker-compose manifest that referred only to official images but shared a Docker volume: + ```yml services: my-app: image: python:3.5 volumes: - - dependencies:/path/to/dependency/storage + - dependencies:/path/to/dependency/storage volumes: dependencies: ``` Then we could execute all of our application setup _without_ an application image: + ```sh docker-compose run --rm my-app pip install docker-compose run --rm my-app gunicorn # start app @@ -250,27 +258,27 @@ settling), but it's worth considering. ### Docker as primary dev env -* [calc](https://github.com/18F/calc) -* [e-QIP](https://github.com/18F/e-QIP-prototype) -* [omb-eregs](https://github.com/18F/omb-eregs) -* [pa11y-lambda](https://github.com/18F/pa11y-lambda) -* [tock](https://github.com/18F/tock) -* [federalist](https://github.com/18F/federalist) +- [calc](https://github.com/18F/calc) +- [e-QIP](https://github.com/18F/e-QIP-prototype) +- [omb-eregs](https://github.com/18F/omb-eregs) +- [pa11y-lambda](https://github.com/18F/pa11y-lambda) +- [tock](https://github.com/18F/tock) +- [federalist](https://github.com/18F/federalist) ### Docker as alternative dev env -* [acqstackdb](https://github.com/18F/acqstackdb) -* [autoapi](https://github.com/18F/autoapi) -* [checklistomania](https://github.com/18F/checklistomania) -* [continua11y](https://github.com/18F/continua11y) -* [domain-scan](https://github.com/18F/domain-scan) -* [iaa-gem](https://github.com/18F/iaa-gem) -* [identity-idp](https://github.com/18F/identity-idp) -* [micropurchase](https://github.com/18F/micropurchase) +- [acqstackdb](https://github.com/18F/acqstackdb) +- [autoapi](https://github.com/18F/autoapi) +- [checklistomania](https://github.com/18F/checklistomania) +- [continua11y](https://github.com/18F/continua11y) +- [domain-scan](https://github.com/18F/domain-scan) +- [iaa-gem](https://github.com/18F/iaa-gem) +- [identity-idp](https://github.com/18F/identity-idp) +- [micropurchase](https://github.com/18F/micropurchase) ## Additional reading -* Atul's [Reflections on Docker-based +- Atul's [Reflections on Docker-based development](https://github.com/18F/dev-environment-standardization/blob/18f-pages/pages/virtualization/docker.md) -* OMB eRegs' [Resolving common container +- OMB eRegs' [Resolving common container issues](https://github.com/18F/omb-eregs#resolving-common-container-issues) From 4b59d70a269bc7238353cec15f98ad9b76d15495 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 10:38:37 -0500 Subject: [PATCH 024/179] point to example for Jekyll configuration --- _guide/_pages/project-setup/docker.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/_guide/_pages/project-setup/docker.md b/_guide/_pages/project-setup/docker.md index 70be0b0..56fde6f 100644 --- a/_guide/_pages/project-setup/docker.md +++ b/_guide/_pages/project-setup/docker.md @@ -26,6 +26,8 @@ into a consistent, reproducible environment. While we don't generally support Docker in production, we can create a setup that matches cloud.gov relatively closely and which makes running our app painless. +Within GSA, [Docker Desktop](https://www.docker.com/products/docker-desktop) can be installed through [Self Service](https://handbook.tts.gsa.gov/gsa-internal-tools/#self-service) without [admin rights](https://handbook.tts.gsa.gov/equipment/#admin-rights). This allows people doing "light" development (like editing content) to run the site locally. Use of Docker can also hide the complexity of setting up a development environment from them. + ## Recommendations We hope to have an end-to-end recommendation in the future, but for now we @@ -126,6 +128,14 @@ my-service: "my-elastic-service": [{"more": "settings"}]} ``` +### Jekyll + +The Docker configuration from [the Handbook](https://github.com/18F/handbook) is very copy-able for other [Jekyll](https://jekyllrb.com/) sites. Specifically, see the: + +- [`Dockerfile`](https://github.com/18F/handbook/blob/master/Dockerfile) +- [Docker Compose configuration](https://github.com/18F/handbook/blob/master/docker-compose.yml) +- [Instructions to run the site](https://github.com/18F/handbook#development) + ## For further debate As with any new tool, we need time to derive best practices. Below we catalog From 553695fa8196fd04bc52274a04d805153218aea3 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 10:49:51 -0500 Subject: [PATCH 025/179] link to Docker page from development environment page --- _guide/_pages/development-environments.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/_guide/_pages/development-environments.md b/_guide/_pages/development-environments.md index de0ffb9..87a2ac4 100644 --- a/_guide/_pages/development-environments.md +++ b/_guide/_pages/development-environments.md @@ -16,6 +16,8 @@ The _why_ section sort of gives it away, but a development environment should be Dependencies should be easy to install, and a new developer should be able to clone the application and run its "hello world" equivalent with just a few commands. Seed data creation, database schema migrations, and configuration should be automated. Configuration that requires the developer to obtain keys from an external source (such as signing up for an API) should be kept to a minimum. If possible, try to use a mocked version of any external services by default. Many of the good practices for testing (e.g. don't rely on external services) can and should be applied to the development environment. +[Docker]({{site.baseurl}}/project-setup/docker/) is a good way to achieve this. + **Well-documented** At minimum, there should be a README.md file describing what the software does, how to run its "hello world" equivalent, how to run tests, and all dependencies. If the software is easy to set up, the documentation need not be very long, which is easier to maintain and to keep accurate. @@ -64,7 +66,8 @@ before_script: Now each set of scripts are much easier run in other environments: locally, in a different CI environment, etc. Moreover, think of the YAML keys as annotations for the scripts. - **Reproducible** A good development environment should be reproducible across different computers, platforms, and environments. Reproducibility helps ensure that bugs are not idiosyncratic to any one person's bespoke computing environment--rather they are intrinsic to the repository itself such that time can be spent debugging the repository code and not the environment on a person's computer. Pinning dependencies such as language runtimes and databases to specific versions is a great way to help achieve this. + +[Docker]({{site.baseurl}}/project-setup/docker/) is a good way to achieve this. From 3323e2d9bc4292cf7a5ddd1db143e74562149419 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 11:06:36 -0500 Subject: [PATCH 026/179] add markdown page --- _guide/_data/navigation.yml | 4 +++- _guide/_pages/markdown.md | 7 +++++++ 2 files changed, 10 insertions(+), 1 deletion(-) create mode 100644 _guide/_pages/markdown.md diff --git a/_guide/_data/navigation.yml b/_guide/_data/navigation.yml index ba1c526..046d23a 100644 --- a/_guide/_data/navigation.yml +++ b/_guide/_data/navigation.yml @@ -35,7 +35,7 @@ approach: tools: - text: Tools href: /integrations/ - - text: Laptop Setup + - text: Laptop Setup href: /laptop-setup - text: Project Setup href: /project-setup/ @@ -57,6 +57,8 @@ languages: href: /language-selection/ - text: JavaScript href: /javascript/ + - text: Markdown + href: /markdown/ - text: Node.js href: /nodejs/ - text: Python diff --git a/_guide/_pages/markdown.md b/_guide/_pages/markdown.md new file mode 100644 index 0000000..99a5433 --- /dev/null +++ b/_guide/_pages/markdown.md @@ -0,0 +1,7 @@ +--- +title: Markdown Guide +sidenav: languages +sticky_sidenav: true +--- + +["Markdown is a text-to-HTML conversion tool for web writers. Markdown allows you to write using an easy-to-read, easy-to-write plain text format."](https://daringfireball.net/projects/markdown/) Use [Prettier](https://prettier.io/) for automatic code formatting. From 81f6f0a77b93fb4032fbb4c1b791d35f77f739b9 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 11:06:53 -0500 Subject: [PATCH 027/179] use Black for Python formatting --- _guide/_pages/python.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_guide/_pages/python.md b/_guide/_pages/python.md index fd357df..9b09e3f 100644 --- a/_guide/_pages/python.md +++ b/_guide/_pages/python.md @@ -63,6 +63,8 @@ isort](https://pypi.python.org/pypi/flake8-isort) for import order. We ecosystem](https://pypi.python.org/pypi?%3Aaction=search&term=flake8&submit=search) for more functionality. +Use [Black](https://black.readthedocs.io/en/stable/) for automatic code formatting. + Using Code Climate to measure complexity scores (by way of [radon](https://pypi.python.org/pypi/radon)) is also a reasonable **default** to ensure you see potentially confounding functions and classes. From 4098611ab9b37e141fe0c14a77d7b73754318808 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 11:07:11 -0500 Subject: [PATCH 028/179] clean up Ruby page formatting --- _guide/_pages/ruby.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/_guide/_pages/ruby.md b/_guide/_pages/ruby.md index 6f00f1f..3439edd 100644 --- a/_guide/_pages/ruby.md +++ b/_guide/_pages/ruby.md @@ -3,11 +3,11 @@ title: Ruby Guide sidenav: languages sticky_sidenav: true --- -This is a **WORK IN PROGRESS**. Help us make it better by + +_This is a **WORK IN PROGRESS**. Help us make it better by [submitting an issue](https://github.com/18F/development-guide) or joining us -in the [#ruby](https://18f.slack.com/messages/ruby/) channel! +in the [#ruby](https://18f.slack.com/messages/ruby/) channel!_ -## Ruby Guide A guide for writing and maintaining Ruby and Rails applications ### Style Guide From 958a1e3db5e7edc6ec6a5de7d68026ca0ee25f2b Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Thu, 28 Jan 2021 11:07:29 -0500 Subject: [PATCH 029/179] recommend opinionated code formatters in general --- _guide/_pages/workflow.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/_guide/_pages/workflow.md b/_guide/_pages/workflow.md index 787cc7c..d813d4b 100644 --- a/_guide/_pages/workflow.md +++ b/_guide/_pages/workflow.md @@ -65,3 +65,7 @@ workflows]({{site.baseurl}}/example-workflows). about **good commit messages**. - Consider [**signing commits** with a GPG key](https://help.github.com/articles/signing-commits-with-gpg/) + +## Code style + +- Use an opinionated automated code formatter whenever possible. This saves teams from wasting time arguing about code style, and makes it easy to comply. Specific suggestions in [the pages for each language]({{site.baseurl}}/language-selection/). From ba4901ceabde074a75dd04a0af1d0d74c83a11f6 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Fri, 29 Jan 2021 13:59:29 -0800 Subject: [PATCH 030/179] Move docker page up a level --- _guide/_pages/{project-setup => }/docker.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename _guide/_pages/{project-setup => }/docker.md (100%) diff --git a/_guide/_pages/project-setup/docker.md b/_guide/_pages/docker.md similarity index 100% rename from _guide/_pages/project-setup/docker.md rename to _guide/_pages/docker.md From 2ed9851f6c74f497e15a35cdc00eb2fdb817a24d Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Fri, 29 Jan 2021 15:06:41 -0800 Subject: [PATCH 031/179] Make Docker more prominent, tighten up text - Move Docker suggestion to the top of dev env page - Promote Docker page to secondary content level - Add redirect from old location, update guide links --- _guide/_data/navigation.yml | 2 ++ _guide/_pages/development-environments.md | 14 +++++--------- _guide/_pages/docker.md | 6 +++++- _guide/_pages/project-setup.md | 2 +- 4 files changed, 13 insertions(+), 11 deletions(-) diff --git a/_guide/_data/navigation.yml b/_guide/_data/navigation.yml index ba1c526..94caa18 100644 --- a/_guide/_data/navigation.yml +++ b/_guide/_data/navigation.yml @@ -39,6 +39,8 @@ tools: href: /laptop-setup - text: Project Setup href: /project-setup/ + - text: Docker for Development + href: /docker/ - text: Browser Testing href: /browser-testing/ - text: Accessibility Scanning diff --git a/_guide/_pages/development-environments.md b/_guide/_pages/development-environments.md index 87a2ac4..8f7684c 100644 --- a/_guide/_pages/development-environments.md +++ b/_guide/_pages/development-environments.md @@ -4,27 +4,25 @@ sidenav: approach sticky_sidenav: true --- -## Why this guide? +Development environments should be designed so as as to be _Easy to set up_, _Well-documented_, and _Reproducible_. -This guide discusses some principles we should strive to achieve when architecting development environments along with some examples techniques for achieving them. By following this guide, you'll learn how to create environments that are easy to setup, well-documented, and are reproducible (great for finding and fixing bugs). This will keep your colleagues happy, save you time from supporting developer ramp-up, make your repo much more likely to receive open source contributions, and is also generally a good practice as a matter of course. +These principles help keep your colleagues happy, save you time from supporting developer ramp-up, make your repo much more likely to receive open source contributions, and will make it easier to find and fix bugs. -## Principles +We elaborate on each principle below. In a related guide section, we show how [Docker is a good supporting tool](../docker/) to achieve these aims. -The _why_ section sort of gives it away, but a development environment should be: +## Principles **Easy to set up** Dependencies should be easy to install, and a new developer should be able to clone the application and run its "hello world" equivalent with just a few commands. Seed data creation, database schema migrations, and configuration should be automated. Configuration that requires the developer to obtain keys from an external source (such as signing up for an API) should be kept to a minimum. If possible, try to use a mocked version of any external services by default. Many of the good practices for testing (e.g. don't rely on external services) can and should be applied to the development environment. -[Docker]({{site.baseurl}}/project-setup/docker/) is a good way to achieve this. - **Well-documented** At minimum, there should be a README.md file describing what the software does, how to run its "hello world" equivalent, how to run tests, and all dependencies. If the software is easy to set up, the documentation need not be very long, which is easier to maintain and to keep accurate. Moreover, while it's great to use code comments or other documentation tools, often the best documentation is the code itself--that is, if the code is easy to comprehend and contextualize, there might not be a pressing need for extraneous explanation of each and every function. -Sometimes configuration files (e.g. `.travis.yml`) get more as scripts. This should be avoided. Instead, leverage these files as "runnable" documentation. For example, the declarative nature of a `.travis.yml` file is a perfect opportunity to document how to do everything needed to set up and run tests. +Sometimes configuration files (e.g. `.travis.yml`) get used more as scripts. This should be avoided. Instead, leverage these files as "runnable" documentation. For example, the declarative nature of a `.travis.yml` file is a perfect opportunity to document how to do everything needed to set up and run tests. Instead of: @@ -69,5 +67,3 @@ Now each set of scripts are much easier run in other environments: locally, in a **Reproducible** A good development environment should be reproducible across different computers, platforms, and environments. Reproducibility helps ensure that bugs are not idiosyncratic to any one person's bespoke computing environment--rather they are intrinsic to the repository itself such that time can be spent debugging the repository code and not the environment on a person's computer. Pinning dependencies such as language runtimes and databases to specific versions is a great way to help achieve this. - -[Docker]({{site.baseurl}}/project-setup/docker/) is a good way to achieve this. diff --git a/_guide/_pages/docker.md b/_guide/_pages/docker.md index 56fde6f..640c820 100644 --- a/_guide/_pages/docker.md +++ b/_guide/_pages/docker.md @@ -1,5 +1,9 @@ --- -title: Docker for development +title: Docker for Development +sidenav: tools +sticky_sidenav: true +redirect_from: + - /project-setup/docker/ --- Below we lay out recommendations for using Docker to wrap development diff --git a/_guide/_pages/project-setup.md b/_guide/_pages/project-setup.md index 86a7db0..5e69b77 100644 --- a/_guide/_pages/project-setup.md +++ b/_guide/_pages/project-setup.md @@ -110,7 +110,7 @@ solution helps abstract that complexity and makes it easier for cross-functional teams to create consistent, reproducible, local development environments. - [Docker](https://www.docker.com/why-docker) {%include components/tag-suggestion.html %}
- See our [Docker for development](./docker/) recommendations. + See our [Docker for Development](../docker/) recommendations. ## Deployment infrastructure From 64894676828317fac6c328854406f45c0c77ca7d Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Mon, 1 Feb 2021 08:04:42 -0800 Subject: [PATCH 032/179] Update _guide/_pages/development-environments.md Co-authored-by: Aidan Feldman --- _guide/_pages/development-environments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/development-environments.md b/_guide/_pages/development-environments.md index 8f7684c..9dd6578 100644 --- a/_guide/_pages/development-environments.md +++ b/_guide/_pages/development-environments.md @@ -18,7 +18,7 @@ Dependencies should be easy to install, and a new developer should be able to cl **Well-documented** -At minimum, there should be a README.md file describing what the software does, how to run its "hello world" equivalent, how to run tests, and all dependencies. If the software is easy to set up, the documentation need not be very long, which is easier to maintain and to keep accurate. +At minimum, there should be a README.md file describing what the software does, how to run its "hello world" equivalent, how to run tests, and all external dependencies (like APIs it talks to). If the software is easy to set up, the documentation need not be very long, which is easier to maintain and to keep accurate. Moreover, while it's great to use code comments or other documentation tools, often the best documentation is the code itself--that is, if the code is easy to comprehend and contextualize, there might not be a pressing need for extraneous explanation of each and every function. From 989d5aaae2d017f875889a5f1e950bad9e9a14fb Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Mon, 1 Feb 2021 08:05:31 -0800 Subject: [PATCH 033/179] Update _guide/_pages/development-environments.md Co-authored-by: Aidan Feldman --- _guide/_pages/development-environments.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/development-environments.md b/_guide/_pages/development-environments.md index 9dd6578..43cc63b 100644 --- a/_guide/_pages/development-environments.md +++ b/_guide/_pages/development-environments.md @@ -22,7 +22,7 @@ At minimum, there should be a README.md file describing what the software does, Moreover, while it's great to use code comments or other documentation tools, often the best documentation is the code itself--that is, if the code is easy to comprehend and contextualize, there might not be a pressing need for extraneous explanation of each and every function. -Sometimes configuration files (e.g. `.travis.yml`) get used more as scripts. This should be avoided. Instead, leverage these files as "runnable" documentation. For example, the declarative nature of a `.travis.yml` file is a perfect opportunity to document how to do everything needed to set up and run tests. +Make your continuous integration configuration as concise and readable as possible. Instead of: From 0dfd01ae246ab5fbd12c07ef6ba7595b40251cb5 Mon Sep 17 00:00:00 2001 From: Laura Gerhardt Date: Wed, 3 Feb 2021 10:59:12 -0500 Subject: [PATCH 034/179] add page on how to patch --- _guide/_data/navigation.yml | 2 + .../_pages/security/dependency_remediation.md | 74 +++++++++++++++++++ 2 files changed, 76 insertions(+) create mode 100644 _guide/_pages/security/dependency_remediation.md diff --git a/_guide/_data/navigation.yml b/_guide/_data/navigation.yml index 94caa18..8a1f157 100644 --- a/_guide/_data/navigation.yml +++ b/_guide/_data/navigation.yml @@ -114,3 +114,5 @@ security: href: /security/content-security-policy/ - text: Output Encoding href: /security/output-encoding/ + - text: Vulnerable dependency remediation + href: /security/dependency-remediation/ diff --git a/_guide/_pages/security/dependency_remediation.md b/_guide/_pages/security/dependency_remediation.md new file mode 100644 index 0000000..8de4151 --- /dev/null +++ b/_guide/_pages/security/dependency_remediation.md @@ -0,0 +1,74 @@ +--- +title: Remediating vulnerable dependencies +sidenav: security +sticky_sidenav: true +--- + +Your application should have dependency scanning to ensure that the +libraries your code relies on do not have vulnerabilities within them. +For more on how to set up vulnerability scanning see the +[Before you ship +guide<](https://before-you-ship.18f.gov/security/static-analysis/#dependency-analysis)’s +suggestions. + +In operating a system with a dependency scan you’ll find that +vulnerabilities do pop up in your dependencies, and this is a guide on +how to remediate those vulnerabilities to keep your application secure. + +The following suggestions are in the order in which you would try these +strategies. + +## Apply a patch + +Oftentimes when your dependency scanner finds a vulnerability, it will +provide a suggested patch to remediate the vulnerability. If the scanner +doesn’t provide a patch a quick search of the package’s documentation +may also reveal a patch that you can use. In this case, create a new +branch via git version control and ensure that your tests pass; that the +application still runs as expected; and finally, run your code with your +continuous integration suite. If there are unexpected behaviors or +failing tests, you may have to refactor your code to incorporate the +patch. Once you’ve applied the patch and refactored it, you can submit a +pull request to fix your application. + +## Use selective resolutions + +In some cases, your dependency scanner will not be able to provide an +immediate patch but it will indicate a package version in which the +vulnerability is fixed. In some package managers such as \`yarn\` you +can pin your dependency to the fixed version by using a +“[selective +resolution](https://classic.yarnpkg.com/en/docs/selective-version-resolutions/)”. +This will bump up versions that are children of top level dependencies. +If you are using \`npm\` you can install +\`[https://www.npmjs.com/package/npm-force-resolutions](https://www.npmjs.com/package/npm-force-resolutions)\` +to draw the same behavior. + +## Check if it is a false positive + +If there is no existing patch or version update that will remediate the +vulnerabilities, you may want to investigate the offending code and see +if your use of that library would even trigger that part of the code. If +it does not, the vulnerability may be a false positive. If you can +confirm this, you should document this — ideally in your dependency +scanners configuration (ex. .snyk) or somewhere within your code +repository. + +## Pull upstream + +In cases where the maintainer of a package has not yet resolved the +security vulnerability and you are able to patch it yourself, fork the +original package to fix it locally and then create a pull request in the +package repository. Not only does this help fix the security concern, +but also promotes good open-source culture. Because this requires the +maintainer of the package to review and accept your pull request, this +strategy may take longer to complete. If your pull request is accepted, +be sure to update your dependency file back to the main distribution of +the dependency. + +## Accept the risk + +If the risk is low, take a look at where the vulnerability resides in +your dependency tree. If the vulnerability is associated with a +development dependency rather than with public code, the risk associated +with the vulnerability might be acceptable (in the short term?). From 49975d7856a32a6f8d46f68ae2090bb35dc3dbb2 Mon Sep 17 00:00:00 2001 From: Laura Gerhardt Date: Wed, 3 Feb 2021 11:36:28 -0500 Subject: [PATCH 035/179] rename dep vuln file --- .../{dependency_remediation.md => dependency-remediation.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename _guide/_pages/security/{dependency_remediation.md => dependency-remediation.md} (100%) diff --git a/_guide/_pages/security/dependency_remediation.md b/_guide/_pages/security/dependency-remediation.md similarity index 100% rename from _guide/_pages/security/dependency_remediation.md rename to _guide/_pages/security/dependency-remediation.md From 512748d372f99b0bc8279df28eb84f711f206e9d Mon Sep 17 00:00:00 2001 From: Igor Korenfeld <52677065+igorkorenfeld@users.noreply.github.com> Date: Thu, 4 Feb 2021 10:22:00 -0500 Subject: [PATCH 036/179] Remove question mark from last sentence --- _guide/_pages/security/dependency-remediation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/security/dependency-remediation.md b/_guide/_pages/security/dependency-remediation.md index 8de4151..e377962 100644 --- a/_guide/_pages/security/dependency-remediation.md +++ b/_guide/_pages/security/dependency-remediation.md @@ -71,4 +71,4 @@ the dependency. If the risk is low, take a look at where the vulnerability resides in your dependency tree. If the vulnerability is associated with a development dependency rather than with public code, the risk associated -with the vulnerability might be acceptable (in the short term?). +with the vulnerability might be acceptable (in the short term). From 758cc4b4681bb83c8d96873fd027849fe2642fa2 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Thu, 4 Feb 2021 10:01:06 -0800 Subject: [PATCH 037/179] Remove stray angle bracket --- _guide/_pages/security/dependency-remediation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_guide/_pages/security/dependency-remediation.md b/_guide/_pages/security/dependency-remediation.md index e377962..c1626b1 100644 --- a/_guide/_pages/security/dependency-remediation.md +++ b/_guide/_pages/security/dependency-remediation.md @@ -7,8 +7,8 @@ sticky_sidenav: true Your application should have dependency scanning to ensure that the libraries your code relies on do not have vulnerabilities within them. For more on how to set up vulnerability scanning see the -[Before you ship -guide<](https://before-you-ship.18f.gov/security/static-analysis/#dependency-analysis)’s +[Before You Ship +guide](https://before-you-ship.18f.gov/security/static-analysis/#dependency-analysis)’s suggestions. In operating a system with a dependency scan you’ll find that From c253a7500d8d4679ab6775f79bb6414d602a82f9 Mon Sep 17 00:00:00 2001 From: github-actions Date: Tue, 23 Feb 2021 07:27:42 +0000 Subject: [PATCH 038/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@e06316f1def6886eb76b81fea7405bcf6c9d0288 --- Gemfile | 2 +- Gemfile.lock | 15 ++++++++------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/Gemfile b/Gemfile index e73ae76..9cd887c 100644 --- a/Gemfile +++ b/Gemfile @@ -8,7 +8,7 @@ gem 'mini_racer' # If you put them in a jekyll_plugins group they’ll automatically be required into Jekyll # One of 3 ways to load plug-ins, don't need to do both group :jekyll_plugins do - gem 'uswds-jekyll', '~> 5.0' + gem 'uswds-jekyll', '~> 5.3' gem 'jekyll-redirect-from' gem 'jekyll-sitemap' gem 'jemoji', '>= 0.12.0' diff --git a/Gemfile.lock b/Gemfile.lock index 5f29d37..7f7787a 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -12,7 +12,7 @@ GEM autoprefixer-rails (9.8.6.5) execjs colorator (1.1.0) - concurrent-ruby (1.1.7) + concurrent-ruby (1.1.8) em-websocket (0.5.2) eventmachine (>= 0.12.9) http_parser.rb (~> 0.6.0) @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.18.5) + html-proofer (3.18.6) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) @@ -35,7 +35,7 @@ GEM typhoeus (~> 1.3) yell (~> 2.0) http_parser.rb (0.6.0) - i18n (1.8.5) + i18n (1.8.7) concurrent-ruby (~> 1.0) jekyll (4.2.0) addressable (~> 2.4) @@ -75,7 +75,7 @@ GEM kramdown (~> 2.0) libv8 (8.4.255.0) liquid (4.0.3) - listen (3.3.3) + listen (3.4.1) rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) @@ -83,7 +83,7 @@ GEM mini_racer (0.3.1) libv8 (~> 8.4.255) minitest (5.14.2) - nokogiri (1.11.0) + nokogiri (1.11.1) mini_portile2 (~> 2.5.0) racc (~> 1.4) nokogumbo (2.0.4) @@ -112,9 +112,10 @@ GEM tzinfo (1.2.8) thread_safe (~> 0.1) unicode-display_width (1.7.0) - uswds-jekyll (5.2.0) + uswds-jekyll (5.3.0) jekyll (>= 4.0, < 5) jekyll-autoprefixer + mini_racer yell (2.2.2) zeitwerk (2.4.1) @@ -130,7 +131,7 @@ DEPENDENCIES jemoji (>= 0.12.0) mini_racer rake - uswds-jekyll (~> 5.0) + uswds-jekyll (~> 5.3) RUBY VERSION ruby 2.7.2p137 From 2a4c43e5c30576013e905bdfa4cc71e87d9c53ee Mon Sep 17 00:00:00 2001 From: github-actions Date: Sat, 6 Mar 2021 07:27:59 +0000 Subject: [PATCH 039/179] Merging in 18F/isildurs-bane guide template 18F/isildurs-bane@4ec148ab03c902b6b8ecf243e72afb78167b3d5c --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 7f7787a..9c53289 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -26,7 +26,7 @@ GEM html-pipeline (2.14.0) activesupport (>= 2) nokogiri (>= 1.4) - html-proofer (3.18.6) + html-proofer (3.18.8) addressable (~> 2.3) mercenary (~> 0.3) nokogumbo (~> 2.0) From 7e52debe0a14670f4ce0af61a27ce659f91bb17a Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 5 Mar 2021 12:15:42 -0500 Subject: [PATCH 040/179] Add contributor blurb --- README.md | 2 ++ _guide/_pages/index.md | 2 ++ 2 files changed, 4 insertions(+) diff --git a/README.md b/README.md index 8c64a43..07effaa 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,8 @@ We use issues in this repo to track work. If you'd like to suggest a new topic o The software development industry is ever-changing, and our guide is a living document. Please suggest edits or changes via pull request. +Getting new practices into the guide is pretty light on process. Feel free to raise a topic in Slack or at a guild meeting and drive to some consensus. Once you've done that, document your findings, submit a PR, and ask in #dev for a quick review. If you think a proposal might be controversial after getting some consensus prior, please post the draft PR to #dev (and elsewhere if you don’t think target audience is in that channel) and solicit feedback. + ## Development This site uses the [18F/isildurs-bane](https://github.com/18F/isildurs-bane) template, which manges all the content outside of [_guide](_guide) directory. Submit pull requests against that repository to effect those files. Only files under [_guide](_guide) should be modified and maintained here. diff --git a/_guide/_pages/index.md b/_guide/_pages/index.md index 61271e4..9b35048 100644 --- a/_guide/_pages/index.md +++ b/_guide/_pages/index.md @@ -13,6 +13,8 @@ subnav: This guide is where the TTS Engineering Practices Guild collects its best practices and resources for software development at TTS, as well as on our partner engagements. Our focus is cloud-native digital services and our recommendations in this guide reflect the needs of that domain. +Getting new practices into the guide is pretty light on process. Feel free to raise a topic in Slack or at a guild meeting and drive to some consensus. Once you've done that, document your findings, submit a PR, and ask in #dev for a quick review. If you think a proposal might be controversial after getting some consensus prior, please post the draft PR to #dev (and elsewhere if you don’t think target audience is in that channel) and solicit feedback. + ## How we classify best practices These documents are structured by topic; under topics we have classified we indicate "Requirement", From 6d881bc661d947f595f756fe3fe73a641f629222 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Mon, 8 Mar 2021 14:07:01 -0800 Subject: [PATCH 041/179] Remove Hound from guide --- _guide/_pages/css/linting.md | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/_guide/_pages/css/linting.md b/_guide/_pages/css/linting.md index f8d3ae1..a27aa31 100644 --- a/_guide/_pages/css/linting.md +++ b/_guide/_pages/css/linting.md @@ -8,19 +8,11 @@ The styleguide provides a method of linting [Sass] code to ensure it conforms to the rules in the styleguide. This linting tool will go through all Sass code and issue warnings wherever the code differs from the styleguide. We've created a specific [`.scss-lint.yml` file][scss-lint yaml] that's configured to work -with the css coding styleguide. There are three ways to setup linting: +with the css coding styleguide. There are two ways to setup linting: -* on GitHub with Hound * locally with ruby * locally with node -## On GitHub with Hound -1. Go to [Hound](https://houndci.com/). -2. Sign in with GitHub. -3. Activate the respository through [Hound](https://houndci.com/repos). -4. Add the [`.scss-lint.yml` file][scss-lint yaml] to the base of your - repository. - ## Locally with ruby 1. Add the [`.scss-lint.yml` file][scss-lint yaml] to the base of your repository. From 46486c64360a0dc2a71f7c759e15be91d73a0404 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Tue, 9 Mar 2021 13:03:16 -0800 Subject: [PATCH 042/179] Update _guide/_pages/css/linting.md Co-authored-by: Andrew Duthie --- _guide/_pages/css/linting.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/css/linting.md b/_guide/_pages/css/linting.md index a27aa31..d8e85d6 100644 --- a/_guide/_pages/css/linting.md +++ b/_guide/_pages/css/linting.md @@ -8,7 +8,7 @@ The styleguide provides a method of linting [Sass] code to ensure it conforms to the rules in the styleguide. This linting tool will go through all Sass code and issue warnings wherever the code differs from the styleguide. We've created a specific [`.scss-lint.yml` file][scss-lint yaml] that's configured to work -with the css coding styleguide. There are two ways to setup linting: +with the css coding styleguide. There are two ways to set up linting: * locally with ruby * locally with node From bd8e2846645ec48ed70b10110f9ebeffd257c444 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Tue, 9 Mar 2021 12:22:09 -0500 Subject: [PATCH 043/179] CSS in one page --- _guide/_pages/css.md | 47 +++++++++++++++++++++++++++++- _guide/_pages/css/architecture.md | 6 ---- _guide/_pages/css/documentation.md | 6 ---- _guide/_pages/css/formatting.md | 6 ---- _guide/_pages/css/frameworks.md | 5 ---- _guide/_pages/css/inheritance.md | 6 ---- _guide/_pages/css/linting.md | 6 ---- _guide/_pages/css/naming.md | 6 ---- _guide/_pages/css/preprocessors.md | 6 ---- _guide/_pages/css/specificity.md | 6 ---- _guide/_pages/css/units.md | 6 ---- _guide/_pages/css/variables.md | 6 ---- 12 files changed, 46 insertions(+), 66 deletions(-) diff --git a/_guide/_pages/css.md b/_guide/_pages/css.md index f537fa4..39506d7 100644 --- a/_guide/_pages/css.md +++ b/_guide/_pages/css.md @@ -1,9 +1,54 @@ --- title: CSS -sidenav: css +sidenav: languages sticky_sidenav: true --- The purpose of the CSS coding styleguide is to create consistent CSS or preprocessor CSS code across TTS. The styleguide should be treated as a guide — rules can be modified according to project needs. + +* [Architecture](#architecture) +* [Documentation](#documentation) +* [Frameworks](#frameworks) +* [Formatting](#formatting) +* [Inheritance](#inheritance) +* [Linting](#linting) +* [Naming](#naming) +* [Preprocessors](#preprocessors) +* [Specificity](#specificity) +* [Units](#units) +* [Variables](#variables) + +# Architecture +{% include_relative css/architecture.md %} + +# Documentation +{% include_relative css/documentation.md %} + +# Frameworks +{% include_relative css/frameworks.md %} + +# Formatting +{% include_relative css/formatting.md %} + +# Inheritance +{% include_relative css/inheritance.md %} + +# Linting +{% include_relative css/linting.md %} + +# Naming +{% include_relative css/naming.md %} + +# Preprocessors +{% include_relative css/preprocessors.md %} + +# Specificity +{% include_relative css/specificity.md %} + +# Units +{% include_relative css/units.md %} + +# Variables +{% include_relative css/variables.md %} diff --git a/_guide/_pages/css/architecture.md b/_guide/_pages/css/architecture.md index 19f7be3..45e74af 100644 --- a/_guide/_pages/css/architecture.md +++ b/_guide/_pages/css/architecture.md @@ -1,9 +1,3 @@ ---- -title: Architecture -sidenav: css -sticky_sidenav: true ---- - A site's architecture should be based on its goals and purposes. This means the guidance here should be adapted to different sites and situations. diff --git a/_guide/_pages/css/documentation.md b/_guide/_pages/css/documentation.md index cfcb4a9..6cb992e 100644 --- a/_guide/_pages/css/documentation.md +++ b/_guide/_pages/css/documentation.md @@ -1,9 +1,3 @@ ---- -title: Documentation -sidenav: css -sticky_sidenav: true ---- - ## Sass Comments Be intentional when you use `//` (silent comments) versus `/* */` (which are preserved in the CSS output). When in doubt, use `//`. diff --git a/_guide/_pages/css/formatting.md b/_guide/_pages/css/formatting.md index 8fa800a..05c2095 100644 --- a/_guide/_pages/css/formatting.md +++ b/_guide/_pages/css/formatting.md @@ -1,9 +1,3 @@ ---- -title: Formatting -sidenav: css -sticky_sidenav: true ---- - We recommend using [Prettier](https://prettier.io), and enabling it in your editor by default. Prettier is an automatic code formatter that will make your code format consistent. This way we don't have to argue over how to format our diff --git a/_guide/_pages/css/frameworks.md b/_guide/_pages/css/frameworks.md index 5fa6e71..e0435ad 100644 --- a/_guide/_pages/css/frameworks.md +++ b/_guide/_pages/css/frameworks.md @@ -1,8 +1,3 @@ ---- -title: Frameworks -sidenav: css -sticky_sidenav: true ---- TTS recommends using the [U.S. Web Design System (USWDS)](https://github.com/uswds/uswds) as it is specifically designed to help build fast, accessible, mobile-friendly federal government websites. diff --git a/_guide/_pages/css/inheritance.md b/_guide/_pages/css/inheritance.md index 8107e39..e62ece6 100644 --- a/_guide/_pages/css/inheritance.md +++ b/_guide/_pages/css/inheritance.md @@ -1,9 +1,3 @@ ---- -title: Inheritance -sidenav: css -sticky_sidenav: true ---- - ## Mixins - Use mixins for groups of properties that appear together intentionally and are used multiple times. diff --git a/_guide/_pages/css/linting.md b/_guide/_pages/css/linting.md index d8e85d6..30296bd 100644 --- a/_guide/_pages/css/linting.md +++ b/_guide/_pages/css/linting.md @@ -1,9 +1,3 @@ ---- -title: Linting -sidenav: css -sticky_sidenav: true ---- - The styleguide provides a method of linting [Sass] code to ensure it conforms to the rules in the styleguide. This linting tool will go through all Sass code and issue warnings wherever the code differs from the styleguide. We've created diff --git a/_guide/_pages/css/naming.md b/_guide/_pages/css/naming.md index 358e896..12ec796 100644 --- a/_guide/_pages/css/naming.md +++ b/_guide/_pages/css/naming.md @@ -1,9 +1,3 @@ ---- -title: Naming -sidenav: css -sticky_sidenav: true ---- - - HTML elements should be in lowercase. ```scss diff --git a/_guide/_pages/css/preprocessors.md b/_guide/_pages/css/preprocessors.md index f317de4..497629f 100644 --- a/_guide/_pages/css/preprocessors.md +++ b/_guide/_pages/css/preprocessors.md @@ -1,9 +1,3 @@ ---- -title: Preprocessors -sidenav: css -sticky_sidenav: true ---- - The most supported CSS preprocessor at TTS is [Sass](http://sass-lang.com/) (SCSS). Using this pre-processor means you'll get supported resources such as frameworks, libraries, tutorials, and a comprehensive styleguide as support. diff --git a/_guide/_pages/css/specificity.md b/_guide/_pages/css/specificity.md index 7923c88..1f0fffa 100644 --- a/_guide/_pages/css/specificity.md +++ b/_guide/_pages/css/specificity.md @@ -1,9 +1,3 @@ ---- -title: Specificity -sidenav: css -sticky_sidenav: true ---- - - IDs should be reserved for JavaScript. Don’t use IDs for styles. ```scss diff --git a/_guide/_pages/css/units.md b/_guide/_pages/css/units.md index 2b202b2..c2bfd7c 100644 --- a/_guide/_pages/css/units.md +++ b/_guide/_pages/css/units.md @@ -1,9 +1,3 @@ ---- -title: Units -sidenav: css -sticky_sidenav: true ---- - ## Measurements - Use **rem** units for font sizes with a px fallback. This can be done with the following mixin: diff --git a/_guide/_pages/css/variables.md b/_guide/_pages/css/variables.md index 9d3b81c..e9589fa 100644 --- a/_guide/_pages/css/variables.md +++ b/_guide/_pages/css/variables.md @@ -1,9 +1,3 @@ ---- -title: Variables -sidenav: css -sticky_sidenav: true ---- - - Create new variables in the following circumstances: - The value is repeated twice - The value is likely to be updated at least once From 2ae3160084f10f8262b54d1d7359170fa858ffce Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Tue, 9 Mar 2021 12:27:51 -0500 Subject: [PATCH 044/179] Add JS to one page --- _guide/_pages/css.md | 2 +- _guide/_pages/javascript.md | 21 +++++++++++++--- _guide/_pages/javascript/dependencies.md | 32 ++++++++++++------------ _guide/_pages/javascript/frameworks.md | 6 ----- _guide/_pages/javascript/style.md | 6 ----- _guide/_pages/language-selection.md | 2 +- 6 files changed, 36 insertions(+), 33 deletions(-) diff --git a/_guide/_pages/css.md b/_guide/_pages/css.md index 39506d7..bb2fc6a 100644 --- a/_guide/_pages/css.md +++ b/_guide/_pages/css.md @@ -35,7 +35,7 @@ preprocessor CSS code across TTS. The styleguide should be treated as a guide # Inheritance {% include_relative css/inheritance.md %} -# Linting +# Linting {% include_relative css/linting.md %} # Naming diff --git a/_guide/_pages/javascript.md b/_guide/_pages/javascript.md index a7f6b23..12c5853 100644 --- a/_guide/_pages/javascript.md +++ b/_guide/_pages/javascript.md @@ -1,6 +1,6 @@ --- title: JavaScript -sidenav: js +sidenav: languages sticky_sidenav: true --- @@ -8,5 +8,20 @@ The purpose of the JavaScript coding styleguide is to create and utilize consistent JS across TTS. The styleguide should be treated as a guide — rules can be modified according to project needs. -## Related topics -* [Node.js]({{site.baseurl}}/nodejs) +* [Dependencies](#dependencies) +* [Frameworks](#frameworks) +* [Style](#style) +* [Related Topics](#related-topics) + + +# Dependencies +{% include_relative javascript/dependencies.md %} + +# Frameworks +{% include_relative javascript/frameworks.md %} + +# Style +{% include_relative javascript/style.md %} + +# Related topics +* [Node.js]({{site.baseurl}}/nodejs) \ No newline at end of file diff --git a/_guide/_pages/javascript/dependencies.md b/_guide/_pages/javascript/dependencies.md index 83f1691..f91e4f0 100644 --- a/_guide/_pages/javascript/dependencies.md +++ b/_guide/_pages/javascript/dependencies.md @@ -1,13 +1,9 @@ ---- -title: Dependencies -sidenav: js -sticky_sidenav: true ---- + The word "dependency" refers to all of the frameworks, libraries, and other tools that your project relies on. *Dependency management* is the process by which tools are incorporated into your project, removed and updated (for instance, when you need a new version of [jQuery]). Here are the tools that we recommend for managing dependencies: ## Bower -{%include components/tag-standard.html %} __Do not use Bower.__ +{%include components/tag-caution.html %} __Do not use Bower.__ It's not needed and should be phased out and replaced by npm. More information can be found here: [Why We Should Stop Using Bower – And How to Do It](http://gofore.com/ohjelmistokehitys/stop-using-bower/). @@ -15,18 +11,10 @@ It's not needed and should be phased out and replaced by npm. More information c ## npm {%include components/tag-default.html %} [npm] informally stands for *N*ode *P*ackage *M*anager, and is the package manager node uses. Its usage is very similar to Bower because the latter was inspired by the former. -### npm instructions -1. Get [Node.js]. -2. To initialize your project, run `npm init` in your project directory, which will create a `package.json`. -3. Install some dependencies with `npm install --save [name]`, e.g. - - [jQuery](https://npm.im/jquery): `npm install --save jquery` - - [D3](https://npm.im/d3): `npm install --save d3@v3.5.5` (version 3.5.5) - -npm installs its dependencies in the `node_modules` directory. Common conventions dictate that `node_modules` should be excluded from source control by adding it to your project's `.gitignore`, primarily because Node.js-friendly environments (such as [Cloud Foundry] and [Heroku]) recognize the existence of `package.json` and automatically install dependencies as needed. - ### Install npm -We recommend that developers (note 1) install both node and npm through a tool called nvm. nvm (which stands for Node version manager) is a software that allows you to run multiple versions of node in different projects on the same computer. Its benefits include +{%include components/tag-standard.html %} +We recommend installing both node and npm through a tool called nvm. nvm (which stands for Node version manager) is a software that allows you to run multiple versions of node in different projects on the same computer. Its benefits include - Installs npm in a manner that doesn't require running sudo to install global packages. - Easily be able to switch between multiple node versions with a project configuration file or command. @@ -37,6 +25,18 @@ To install on MacOSX or linux, follow the instructions on the [nvm site](https:/ curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.6/install.sh | bash ``` +### npm instructions + +{%include components/tag-caution.html %} If you can't use nvm, you can install node and npm globally. + +1. Get [Node.js]. +2. To initialize your project, run `npm init` in your project directory, which will create a `package.json`. +3. Install some dependencies with `npm install --save [name]`, e.g. + - [jQuery](https://npm.im/jquery): `npm install --save jquery` + - [D3](https://npm.im/d3): `npm install --save d3@v3.5.5` (version 3.5.5) + +npm installs its dependencies in the `node_modules` directory. Common conventions dictate that `node_modules` should be excluded from source control by adding it to your project's `.gitignore`, primarily because Node.js-friendly environments (such as [Cloud Foundry] and [Heroku]) recognize the existence of `package.json` and automatically install dependencies as needed. + ### Configuring git and GitHub The npm `package-lock.json` is a big, gnarly file and it changes a lot. Because it's a generated file, there's not really any value or purpose in manually reviewing it. You can tell git to treat it like a binary file to remove it from diff results by creating a `.gitattributes` file. This file can also include a hint to GitHub to collapse the file in diff view: diff --git a/_guide/_pages/javascript/frameworks.md b/_guide/_pages/javascript/frameworks.md index 862ba6b..116503f 100644 --- a/_guide/_pages/javascript/frameworks.md +++ b/_guide/_pages/javascript/frameworks.md @@ -1,9 +1,3 @@ ---- -title: Frameworks -sidenav: js -sticky_sidenav: true ---- - When choosing a JavaScript web framework, also consider if vanilla JavaScript would satisfy your project needs. "Vanilla JavaScript" (or "vanilla JS") refers to using just JavaScript and the [Web APIs](https://developer.mozilla.org/en-US/docs/Web/API) provided natively by web browsers. For simpler project, vanilla JavaScript helps avoid overengineering, can reduce security and compliance complexity, and may reduce maintenance costs by making it possible for any JavaScript developer to work on it. However, vanilla JavaScript can be unwieldy in complex applications. ## React diff --git a/_guide/_pages/javascript/style.md b/_guide/_pages/javascript/style.md index 9ca73eb..7e64f24 100644 --- a/_guide/_pages/javascript/style.md +++ b/_guide/_pages/javascript/style.md @@ -1,9 +1,3 @@ ---- -title: Style / Linting -sidenav: js -sticky_sidenav: true ---- - {%include components/tag-standard.html %} We recommend combining [Prettier](https://prettier.io) with the [Airbnb JavaScript style guide](https://github.com/airbnb/javascript) plugins diff --git a/_guide/_pages/language-selection.md b/_guide/_pages/language-selection.md index acb413d..29803c1 100644 --- a/_guide/_pages/language-selection.md +++ b/_guide/_pages/language-selection.md @@ -41,7 +41,7 @@ The following are used widely in TTS: | Purpose | Tool | | ------------------------------------ | ------------------------------------------------------------------------------------------------------------ | -| CSS framework | [_More info_]({{site.baseurl}}/css/frameworks/) | +| CSS framework | [_More info_]({{site.baseurl}}/css/#frameworks) | | Infrastructure/configuration as code | [Terraform](https://www.terraform.io/) | | Static site generator | [Jekyll](https://jekyllrb.com/) (with the [uswds-jekyll](https://github.com/18F/uswds-jekyll) theme) or Hugo | From 6e0280acecee9ce815ab38ca6c9ca0808a36beea Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Wed, 10 Mar 2021 08:27:31 -0500 Subject: [PATCH 045/179] Move all JS/CSS stuff to single pages --- _guide/_pages/css.md | 900 ++++++++++++++++++++++- _guide/_pages/css/architecture.md | 88 --- _guide/_pages/css/documentation.md | 34 - _guide/_pages/css/formatting.md | 107 --- _guide/_pages/css/frameworks.md | 20 - _guide/_pages/css/inheritance.md | 57 -- _guide/_pages/css/linting.md | 48 -- _guide/_pages/css/naming.md | 195 ----- _guide/_pages/css/preprocessors.md | 15 - _guide/_pages/css/specificity.md | 84 --- _guide/_pages/css/units.md | 125 ---- _guide/_pages/css/variables.md | 81 -- _guide/_pages/javascript.md | 291 +++++++- _guide/_pages/javascript/dependencies.md | 113 --- _guide/_pages/javascript/frameworks.md | 70 -- _guide/_pages/javascript/style.md | 92 --- 16 files changed, 1160 insertions(+), 1160 deletions(-) delete mode 100644 _guide/_pages/css/architecture.md delete mode 100644 _guide/_pages/css/documentation.md delete mode 100644 _guide/_pages/css/formatting.md delete mode 100644 _guide/_pages/css/frameworks.md delete mode 100644 _guide/_pages/css/inheritance.md delete mode 100644 _guide/_pages/css/linting.md delete mode 100644 _guide/_pages/css/naming.md delete mode 100644 _guide/_pages/css/preprocessors.md delete mode 100644 _guide/_pages/css/specificity.md delete mode 100644 _guide/_pages/css/units.md delete mode 100644 _guide/_pages/css/variables.md delete mode 100644 _guide/_pages/javascript/dependencies.md delete mode 100644 _guide/_pages/javascript/frameworks.md delete mode 100644 _guide/_pages/javascript/style.md diff --git a/_guide/_pages/css.md b/_guide/_pages/css.md index bb2fc6a..31173dc 100644 --- a/_guide/_pages/css.md +++ b/_guide/_pages/css.md @@ -2,53 +2,907 @@ title: CSS sidenav: languages sticky_sidenav: true +subnav: + - text: Architecture + href: "#architecture" + - text: Documentation + href: "#documentation" + - text: Frameworks + href: "#frameworks" + - text: Formatting + href: "#formatting" + - text: Inheritance + href: "#inheritance" + - text: Linting + href: "#linting" + - text: Naming + href: "#naming" + - text: Preprocessors + href: "#preprocessors" + - text: Specificity + href: "#specificity" + - text: Units + href: "#units" + - text: Variables + href: "#variables" --- The purpose of the CSS coding styleguide is to create consistent CSS or preprocessor CSS code across TTS. The styleguide should be treated as a guide — rules can be modified according to project needs. -* [Architecture](#architecture) -* [Documentation](#documentation) -* [Frameworks](#frameworks) -* [Formatting](#formatting) -* [Inheritance](#inheritance) -* [Linting](#linting) -* [Naming](#naming) -* [Preprocessors](#preprocessors) -* [Specificity](#specificity) -* [Units](#units) -* [Variables](#variables) - # Architecture -{% include_relative css/architecture.md %} +A site's architecture should be based on its goals and purposes. This means the +guidance here should be adapted to different sites and situations. + +## Modular or component architecture +When using a modular or component architecture, every page is broken into a +series of modular components. There are two sets of these components: +`components` and `modules`. The architecture starts out with basic HTML element +rules: HTML, p, a, form, etc tags that than have components and modules written +on top of them. Components are very basic structure such as buttons, blurbs, +navs, and positioning structures like insets, island, and enclosure. From +here, modules are built with these components. This architecture also attempts +to keep the specificity trend in an upwards curve as you move down in the file +(more on this to come). + +- Start with an elements file for all tag rules (a, h1-h5, p, \*, html, body). +- Create component files for each structural element, such as buttons, navs, + etc. These are mainly class-based and use [BEM] or another naming scheme. +- Create more specific structure with modules. For instance, if the logo image + and text needs very specific treatment, use a module. + - Build modules from components through mixins, extends, and HTML. + - Modules can have higher specificity, it’s fine to use deeper nesting. +- Have an overrides file or folder comprised of global rules that are meant to + override components and modules. + - These can be generic utilities. + - A good thing to put here are breakpoint-specific rules, such as hiding + something at small breakpoints. + +### File structure +```sh +_elements.scss +_mixins.scss +_typography.scss +_util.scss +_vars.scss +component/_blurb.scss +component/_button.scss +component/_island.scss +component/_sub_nav.scss +module/_logo.scss +module/_progress_bar.scss +lib/bourbon.scss +lib/neat.scss +_overrides.scss +``` + +For the `util`, `typography`, `elements`, and `overrides` files, once they grow +too large (300 lines or more) in size, split them into their own folder with +sub files. + +```sh +elements/_all.scss +elements/_p.scss +elements/_h.scss +typography/_body.scss +typography/_links.scss +overrides/_breakpoints.scss +overrides/_util.scss +util/_center.scss +util/_clearfix.scss +``` + + +## Importing +As you likely know, CSS rules that are later in the file override earlier +rules. This means Sass imports can be used to control inheritance and +specificity. + +- Start with base elements. +- Move to single nested classes and utils. +- Move next to more specific classes, often with nesting. +- Move next to overrides, possibly with !important rules. +- Import alphabetically. +- Only modify import order for groups of files, not specific files. + +```scss +// Bad +@import 'https://github.com/module/logo'; +@import 'https://github.com/component/mask'; +@import 'https://github.com/component/button'; /* Has to be imported after "mask" */ + +// Good +@import 'https://github.com/component/button'; +@import 'https://github.com/component/mask'; +@import 'https://github.com/module/logo'; +``` + +[BEM]: http://getbem.com/introduction/ +} # Documentation -{% include_relative css/documentation.md %} +## Sass Comments +Be intentional when you use `//` (silent comments) versus `/* */` +(which are preserved in the CSS output). When in doubt, use `//`. + +## KSS +Use KSS for documentation. More information on KSS can be found on the +[official site](http://warpspire.com/kss/). + +### Example + +```scss +// Button +// +// Various buttons on the site. +// +// Markup +// +// Link +// +// .button-modified - A button with a different style. +// +// +// Styleguide component.button +.button { +} + +.button-modified { +} +``` + +### Rationale +KSS is the most common CSS documentation method to date. While it’s not perfect, +the generated documentation can be modified through templates. +} # Frameworks -{% include_relative css/frameworks.md %} +TTS recommends using the [U.S. Web Design System (USWDS)](https://github.com/uswds/uswds) as it is specifically designed to help build fast, accessible, mobile-friendly federal government websites. + +Sometimes, projects utilize other CSS frameworks such as: + +1. [Bourbon](https://www.bourbon.io/) +2. [BassCSS](https://www.basscss.com/) + +These frameworks were chosen because they're relatively unopinionated about +design decisions while still providing the helpers that make frameworks +essential to fast and accurate frontend work, for example, solutions for +responsive design, grids, and common design patterns. In addition, both +frameworks, through modular design and excellent documentation, make it easy +for the designer or developer to only use the parts that they need, rather than +including a hefty library. + +## Do not use Bootstrap + +18F specifically does not recommend using [Bootstrap](http://getbootstrap.com/) for production work +because it can be difficult to adapt its opinionated styles to bespoke design work. # Formatting -{% include_relative css/formatting.md %} +We recommend using [Prettier](https://prettier.io), and enabling it in your +editor by default. Prettier is an automatic code formatter that will make your +code format consistent. This way we don't have to argue over how to format our +code - we just let the tools enforce something! Prettier works with both plain +CSS and SCSS. + +Do not use shorthand declarations unless you need to explicitly set all the +available values. + +```scss +// Bad +margin: inherit 3em; + +// Good +margin-bottom: 3em; +margin-top: 3em; + +margin: 3em 4em 2em 1em; +``` + +Avoid arbitrary numbers that are repeated, or linked, or dependent on other +parts of the code, (aka “magic numbers”). + +```scss +// Bad +.component { + top: 0.327em; +} + +// Better +/** + * 1. Magic number. This value is the lowest I could find to align the top of + * `.foo` with its parent. Ideally, we should fix it properly. + */ +.component { + top: 0.327em; +} + +// Good +$align_top: 100%; +.component { + top: $align_top; +} +``` + +## Order + +- Use the following ordering: + + 1. variables + 2. @extend directives + 3. @include directives + 4. declaration list (`property: name;`) + 5. media queries + 6. pseudo-states (`:checked`, `:target`, etc.) and pseudo-elements + (`::after`, `::selection`, etc.) + 7. nested elements + 8. nested classes + +- Use alphabetical order or type order for declarations. Pick one to keep the + whole project consistent. +- Place a new line before nested selectors unless they are after the first + selector. +- Treat nested includes, such as Neat's media includes – + `@include media($small-screen)` — as a standard media query, rather than a + Sass @include. So they would be sorted directly after the declaration list. +- Place mixin calls with `@content` after nested selectors. +- You may deviate the sorting order to better suit your project's needs, as + long as it's consistent throughout the project. + +```scss +// Bad +.module { + + .module-element { + color: #fff932; + } +} + +// Good +.module { + .module-element { + color: #fff932; + } +} + +// Good +.module { + $amount = 3; + @extend .component; + @include sizing($amount); + margin-top: $amount * 1em; + text-align: center; + + @include media($small-screen) { + margin-top: ($amount + 10em); + } + + &::before { + content: "hello"; + } + + .module__ele { + color: #fff932; + } +} +``` # Inheritance -{% include_relative css/inheritance.md %} +## Mixins +- Use mixins for groups of properties that appear together intentionally and + are used multiple times. + + ```scss + @mixin clearfix { + &:after { + content: ''; + display: table; + clear: both; + } + } + ``` + +- Use mixins for components to change size. +- Use mixins when something requires parameters. + + ```scss + @mixin size($width, $height: $width) { + width: $width; + height: $height; + } + ``` + +- Do not use mixins for browser prefixes. Use [Autoprefixer](https://github.com/postcss/autoprefixer). + + ```scss + // Bad + @mixin transform($value) { + -webkit-transform: $value; + -moz-transform: $value; + transform: $value; + } + ``` + + +## Extend +Be very careful with using `@extend`. It's a powerful tool that can have +disastrous side-effects. Before using please consider: + +- Where is my current selector going to be appended? +- Am I likely to be causing undesired side-effects? +- How large is the CSS generated by this single extend? + +If you're unsure of using `@extend`, follow these rules to avoid running into +trouble: + +- Use `@extend` from within a module, not across different modules. +- Use `@extend` on [placeholders] exclusively, not on actual selectors. +- Make sure the placeholder you extend is present as little as possible in the + stylesheet. + +You can use [mixins] in place of selectors. While mixins will copy more code, +the difference will often be negligible once the output file has been gzipped. + +[mixins]: http://sass-lang.com/guide#mixins +[placeholders]: http://thesassway.com/intermediate/understanding-placeholder-selectors # Linting -{% include_relative css/linting.md %} +The styleguide provides a method of linting [Sass] code to ensure it conforms +to the rules in the styleguide. This linting tool will go through all Sass code +and issue warnings wherever the code differs from the styleguide. We've created +a specific [`.scss-lint.yml` file][scss-lint yaml] that's configured to work +with the css coding styleguide. There are two ways to set up linting: + +* locally with ruby +* locally with node + +## Locally with ruby +1. Add the [`.scss-lint.yml` file][scss-lint yaml] to the base of your + repository. +2. Install the [scss-lint] gem with `gem install scss_lint` +3. Run scss-lint: `scss-lint app/assets/stylesheets/` + +## Locally with node (experimental!) +1. Run `npm install --save-dev @18f/stylelint-rules` to download the package and save it to your package.json +2. The package provides both a gulp task and a cli interface. Detailed usage instructions can be found in the [README](https://github.com/18F/stylelint-rules) + +## Shortcomings + +### scss-lint + +The scss-lint tool currently lacks the functionality to check these rules in +the CSS coding styleguide: + +- Does not limit line width to 80 characters +- Does not check for numeric calculations in parentheses +- Does not sort properties in quite the order we want (defaults to + alphabetical) + +### stylelint + +This tool is still being evaluated, so not every rule in our current styleguide +is supported by stylelint. scss-lint is purpose built for SCSS and is therefore +a bit more feature rich. The following rules are currently not supported: + +- PropertySpelling +- UnecessaryParentReference + +That being said, if you want to avoid a dependency on ruby in your project and +still benefit from reliable SCSS linting, please test out this tool! + + +[Sass]: http://sass-lang.com/ +[scss-lint]: https://github.com/brigade/scss-lint +[scss-lint yaml]: https://raw.githubusercontent.com/18F/frontend/18f-pages-staging/.scss-lint.yml +[stylelint-rules]: https://github.com/18F/stylelint-rules # Naming -{% include_relative css/naming.md %} +- HTML elements should be in lowercase. + + ```scss + body, + div { + } + ``` + +- Classes should be lowercase. +- Avoid camelcase. +- Name things clearly. +- Write classes semantically. Name its function not its appearance. + + ```scss + // Bad + // Avoid uppercase + .ClassNAME { } + + // Avoid camel case + .commentForm { } + + // What is a c1-xr? Use a more explicit name. + .c1-xr { } + ``` + +- Avoid presentation- or location-specific words in names, as this will cause + problems when you (invariably) need to change the color, width, or feature + later. + + ```scss + // Bad + .blue + .text-gray + .100width-box + + // Good + .warning + .primary + .lg-box + ``` + +- Be wary of naming components based on content, as this limits the use of the + class. + + ```scss + // Danger zone + .product_list + + // Better + .item_list + ``` + +- Don't abbreviate unless it’s a well-known abbreviation. + + ```scss + // Bad + .bm-rd + + // Good + .block--lg + ``` + +- Use quotes in type pseudo selectors. + + ```scss + // Good + .top_image[type="text"] { + } + ``` + +- Name CSS components and modules with singular nouns. + + ```scss + .button { + } + ``` + +- Name modifiers and state-based rules with adjectives. + + ```scss + .is_hovered { + } + ``` + +- If your CSS has to interface with other CSS libraries, consider namespacing + every class. + + ```css + .f18-component + ``` + + +## Naming Methodologies + +When it comes to naming, the most important thing is consistency. The +recommended way to do this is using an existing methodology like [BEM](#bem), +or use a custom one that’s clearly defined. + +### BEM + +[BEM][BEM] (**B**lock, **E**lement, **M**odifier) structures CSS such that +every entity is composed of (you guessed it) blocks, elements and modifiers. +From [Harry Roberts][mindbemding]: + +> The point of BEM is to tell other developers more about what a piece of +> markup is doing from its name alone. By reading some HTML with some classes +> in, you can see how – if at all – the chunks are related; something might +> just be a component, something might be a child, or element, of that +> component, and something might be a variation or modifier of that component. + +TTS generally recommends using a modified BEM methodology outlined in the next +subsection. However, you might want to use standard BEM when: + +* You need a naming scheme that general CSS developers will already be familiar + with or an existing naming scheme hasn’t been consistent enough. +* When you want to use JavaScript to modify the BEM class names dynamically. + +Here is an example of BEM in SCSS: + +```scss +// block +.inset { + margin-left: 15%; + + // element + .inset__content { + padding: 3em; + } +} + +// modifier +.inset--sm { + margin-left: 10%; + + .inset__content { + padding: 1em; + } +} + +// modifier +.inset--lg { + margin-left: 20%; +} +``` + + +### Suggested custom methodology + +The TTS recommendation for a naming methodology is a modified version of BEM. +It still uses blocks, sections within blocks and modifiers, but with an +abbreviated syntax. + +``` +.accordion +.accordion-item +.accordion-item-selected + +.nav_bar +.nav_bar-link +.nav_bar-link-clicked +``` + + + +### Naming methodology resources +- [article explaining BEM][mindbemding] +- [BEM website][BEM] + + +## js- flagged classes +Don't attach styles to classes with a `js-` flag. These classes are reserved for javascript. + +```css +// Bad +.js-people { + color: #ff0; +} +``` + +### Rationale +A `js-` flagged class needs to be highly portable. Adding styles to it breaks that portability. + +## test- flagged classes +Don't attach styles to classes with a `test-` flag. These classes are reserved for testing hooks such as those used by selenium. + +```css +// Bad +.test-people { + color: #ff0; +} +``` + + +[BEM]: https://en.bem.info/method/ +[mindbemding]: http://csswizardry.com/2013/01/mindbemding-getting-your-head-round-bem-syntax/ # Preprocessors -{% include_relative css/preprocessors.md %} +The most supported CSS preprocessor at TTS is [Sass](http://sass-lang.com/) +(SCSS). Using this pre-processor means you'll get supported resources such as +frameworks, libraries, tutorials, and a comprehensive styleguide as support. + +In addition, TTS uses a [`.scss-lint.yml` +file](https://raw.githubusercontent.com/18F/frontend/18f-pages-staging/.scss-lint.yml) +to keep our CSS code compliant with our own styleguide. + +_That being said, any preprocessor is allowed as long as it's a sound project +and has community support._ + +The recommended way to compile your Sass code is through +[node-sass](https://www.npmjs.com/package/node-sass), rather than Ruby Sass. +This allows eliminating the Ruby dependency for projects that don't already +require it and is the fastest method of compiling Sass. # Specificity -{% include_relative css/specificity.md %} +- IDs should be reserved for JavaScript. Don’t use IDs for styles. + + ```scss + // Bad + #component { } + + // Good + .component { } + ``` + +- Don't nest more than 3 layers deep. +- Do not fix problems with ```!important```. Use ```!important``` purposefully. + + ```scss + // Bad + .component { + width: 37.4% !important; + } + + // Good + .hidden { + display: none !important + } + ``` + +- Keep specificity low and trend upwards in specificity as you move further + down file. See the [specificity graph](#specificity-graph) section for more + info. +- Don't use unnecessary tag selectors. + + ```scss + // Bad + p.body_text { } + + // Good + .body_text + ``` + +- If you have to hack specificity, use a safe hack: the _multi class_. + + ```scss + // multi-class hack + .component.component { } + ``` + +## Specificity graph +An easy rule to use when dealing with specificity is to start from a low +specificity and curve to higher specificity as you move towards the bottom of +the output file. Since CSS rules get replaced by rules further down in the +file, you'll override rules in an expected way. + +There’s a tool that can graph your files’ specificity, [CSS specificity +graph](http://jonassebastianohlsson.com/specificity-graph/). Run your final +output file through this tool and strive for a curve trending upwards. + +### Resources +* [CSS specificity graph](http://jonassebastianohlsson.com/specificity-graph/) +* [Explanation](http://csswizardry.com/2014/10/the-specificity-graph/) + +## Rationale +With specificity comes great responsibility. Broad selectors allow us to be +efficient, yet can have adverse consequences if not tested. Location-specific +selectors can save us time, but will quickly lead to a cluttered stylesheet. +Exercise your best judgement to create selectors that find the right balance +between contributing to the overall style and layout of the DOM. + +* When modifying an existing element for a specific use, try to use specific + class names. Instead of `.listings-layout.bigger` use rules like + `.listings-layout.listings-bigger`. Think about ack/grepping your code in the + future. + +* Use lowercase and separate words with hyphens when naming selectors. Avoid + camelcase and underscores. Use human-readable selectors that describe what + element(s) they style. + +* Attribute selectors should use double quotes around values. Refrain from + using over-qualified selectors; `div.container` can simply be stated as + `.container`. + +* IDs should be reserved for JavaScript. Unless you have a very good reason, + all CSS should be attached to classes rather than IDs. When in doubt, use a + class name. This prevents target confusion and allows CSS devs and JS devs to + co-exist in the same code in peace. If you must use an id selector (`#id`) + make sure that you have no more than one in your rule declaration. # Units -{% include_relative css/units.md %} +## Measurements +- Use **rem** units for font sizes with a px fallback. This can be done with + the following mixin: + + ```scss + @mixin font-size($sizeValue: 1.6) { + font-size: ($sizeValue * 10) + px; + font-size: $sizeValue + rem; + } + ``` + +- Set the HTML font size to `10px` to ensure that `0.1rem` equals `1px`. + + ```scss + html { + font-size: 10px; + } + ``` + +- Use **em** units for positioning. +- Use **percentages** when layout components stay relational to each other + (e.g. a main content area that takes up 75% of the screen and a sidebar that + takes up 25%). + + ```scss + // Good + .panel-a { + width: 25%; + } + + .panel-b { + width: 75%; + } + ``` + +- Use **px** units for when a measurement shouldn't change based on user set + font size or browser zooming or for when requiring pixel values below 5. + + ```scss + // Bad + selector { + border-width: 55px; + } + + // Good + selector { + border-width: 2px; + } + ``` + +- Use unitless values for `line-height` as this will inherit values from the + `font-size`. +- Use up to 10 decimal places in em units to ensure accuracy. + + ```scss + // Good + .body_copy { + @include rem-font-size(1.4); + // Line height will now be 1.8 of 1.4rem, or 2.5rem. + line-height: 1.8; + } + + // Good + .container { + height: 12em; + margin-left: 10.6666666667em; + width: 82.5%; + } + ``` + +- Do not use a unit with 0. + + ```scss + // Bad + width: 0px; + + // Good + width: 0; + ``` + +- Always use a unit for dimensions, margins, borders, padding, and typography. + + ```scss + // Bad + border-width: 12; + + // Good + border-width: 12px; + ``` + + +## Colors +- Use **hex** notation first, or then **rgb(a)**, or **hsl(a)**. +- Both three-digit and six-digit hexadecimal notation are acceptable. +- When denoting color using hexadecimal notation, use all lowercase letters. +- When using HSL or RGB notation, always add a single space after a comma and + no space between parentheses and content. + +```scss +// Bad +color: #FFF; +color: rgb( 255, 0, 0 ); + +// Good +$light: #fff; +color: $light; + +// Good +$primary: #fe9848; +color: $primary; + +// Good +$secondary: rgba(255, 100, 255, 0.5); +color: $secondary; +``` + +- If you use an rgba rule, include a fallback value in hexadecimal. + + ```scss + // Good + .illustration { + background-color: #eee; // fallback + background-color: rgba(221, 221, 221, 0.75); + } + ``` # Variables -{% include_relative css/variables.md %} +- Create new variables in the following circumstances: + - The value is repeated twice + - The value is likely to be updated at least once + - All occurrences of the value are tied to the variable (for example not by + coincidence) +- When building scss that will be used across multiple projects use the + `!default` flag to allow overriding. + + ```scss + $baseline: 1em !default; + ``` + +- The `!global` flag should only be used when overriding a global variable from + a local scope. +- Variables across the whole scss codebase should be placed in their own file. +- When declaring color variables, don't base the name on the color content. + + ```scss + // Bad + $light_blue: #18f; + $dark_green: #383; + + // Good + $primary: #18f; + $secondary: #383; + $neutral: #ccc; + ``` + +- Be careful when naming variables based on their context. + + ```scss + // Bad + $background_color: #fff; + ``` + +- Don't use the value of dimensional variables in the variable name. + + ```scss + // Bad + $width_100: 100em; + + // Good + $width_lg: 100em; + ``` + +- Name all used z-indexes with a variable. +- Have a z-index variable for each z-index used, and a separate variable, + possibly aliased for where the z-index is used. + + ```scss + $z_index-neg_1: -100; + $z_index-neg_2: -200; + $z_index-1: 100; + + $z_index-hide: $z_index-neg_2; + $z_index-bg: $z_index-neg_1; + $z_index-show: $z_index-1; + ``` + +## Responsive Design & Breakpoints +- Set variables for breakpoints at the top of your stylesheet. This + functionality is built into Bourbon. + + ```scss + $sm: new-breakpoint(min-width 0 max-width 40em $sm_cols); + ``` + +- Use variables to set the queries throughout so they are easy to adapt if + necessary. +- Place media queries nearest to the class they are affecting. +- Rather than focusing on devices when deciding where to put breakpoints, focus + on content; name breakpoint variables relative to each other. + + ```scss + // Bad + $iphone: new-breakpoint(min-width 0 max-width 640px 6); + + // Good + $small: new-breakpoint(min-width 0 max-width 40em 6); + $medium: new-breakpoint(min-width 0 max-width 60em 6); + ``` diff --git a/_guide/_pages/css/architecture.md b/_guide/_pages/css/architecture.md deleted file mode 100644 index 45e74af..0000000 --- a/_guide/_pages/css/architecture.md +++ /dev/null @@ -1,88 +0,0 @@ -A site's architecture should be based on its goals and purposes. This means the -guidance here should be adapted to different sites and situations. - -## Modular or component architecture -When using a modular or component architecture, every page is broken into a -series of modular components. There are two sets of these components: -`components` and `modules`. The architecture starts out with basic HTML element -rules: HTML, p, a, form, etc tags that than have components and modules written -on top of them. Components are very basic structure such as buttons, blurbs, -navs, and positioning structures like insets, island, and enclosure. From -here, modules are built with these components. This architecture also attempts -to keep the specificity trend in an upwards curve as you move down in the file -(more on this to come). - -- Start with an elements file for all tag rules (a, h1-h5, p, \*, html, body). -- Create component files for each structural element, such as buttons, navs, - etc. These are mainly class-based and use [BEM] or another naming scheme. -- Create more specific structure with modules. For instance, if the logo image - and text needs very specific treatment, use a module. - - Build modules from components through mixins, extends, and HTML. - - Modules can have higher specificity, it’s fine to use deeper nesting. -- Have an overrides file or folder comprised of global rules that are meant to - override components and modules. - - These can be generic utilities. - - A good thing to put here are breakpoint-specific rules, such as hiding - something at small breakpoints. - -### File structure -```sh -_elements.scss -_mixins.scss -_typography.scss -_util.scss -_vars.scss -component/_blurb.scss -component/_button.scss -component/_island.scss -component/_sub_nav.scss -module/_logo.scss -module/_progress_bar.scss -lib/bourbon.scss -lib/neat.scss -_overrides.scss -``` - -For the `util`, `typography`, `elements`, and `overrides` files, once they grow -too large (300 lines or more) in size, split them into their own folder with -sub files. - -```sh -elements/_all.scss -elements/_p.scss -elements/_h.scss -typography/_body.scss -typography/_links.scss -overrides/_breakpoints.scss -overrides/_util.scss -util/_center.scss -util/_clearfix.scss -``` - - -## Importing -As you likely know, CSS rules that are later in the file override earlier -rules. This means Sass imports can be used to control inheritance and -specificity. - -- Start with base elements. -- Move to single nested classes and utils. -- Move next to more specific classes, often with nesting. -- Move next to overrides, possibly with !important rules. -- Import alphabetically. -- Only modify import order for groups of files, not specific files. - -```scss -// Bad -@import 'https://github.com/module/logo'; -@import 'https://github.com/component/mask'; -@import 'https://github.com/component/button'; /* Has to be imported after "mask" */ - -// Good -@import 'https://github.com/component/button'; -@import 'https://github.com/component/mask'; -@import 'https://github.com/module/logo'; -``` - - -[BEM]: http://getbem.com/introduction/ diff --git a/_guide/_pages/css/documentation.md b/_guide/_pages/css/documentation.md deleted file mode 100644 index 6cb992e..0000000 --- a/_guide/_pages/css/documentation.md +++ /dev/null @@ -1,34 +0,0 @@ -## Sass Comments -Be intentional when you use `//` (silent comments) versus `/* */` -(which are preserved in the CSS output). When in doubt, use `//`. - -## KSS -Use KSS for documentation. More information on KSS can be found on the -[official site](http://warpspire.com/kss/). - -### Example - -```scss -// Button -// -// Various buttons on the site. -// -// Markup -// -// Link -// -// .button-modified - A button with a different style. -// -// -// Styleguide component.button -.button { -} - -.button-modified { -} -``` - -### Rationale -KSS is the most common CSS documentation method to date. While it’s not perfect, -the generated documentation can be modified through templates. diff --git a/_guide/_pages/css/formatting.md b/_guide/_pages/css/formatting.md deleted file mode 100644 index 05c2095..0000000 --- a/_guide/_pages/css/formatting.md +++ /dev/null @@ -1,107 +0,0 @@ -We recommend using [Prettier](https://prettier.io), and enabling it in your -editor by default. Prettier is an automatic code formatter that will make your -code format consistent. This way we don't have to argue over how to format our -code - we just let the tools enforce something! Prettier works with both plain -CSS and SCSS. - -Do not use shorthand declarations unless you need to explicitly set all the -available values. - -```scss -// Bad -margin: inherit 3em; - -// Good -margin-bottom: 3em; -margin-top: 3em; - -margin: 3em 4em 2em 1em; -``` - -Avoid arbitrary numbers that are repeated, or linked, or dependent on other -parts of the code, (aka “magic numbers”). - -```scss -// Bad -.component { - top: 0.327em; -} - -// Better -/** - * 1. Magic number. This value is the lowest I could find to align the top of - * `.foo` with its parent. Ideally, we should fix it properly. - */ -.component { - top: 0.327em; -} - -// Good -$align_top: 100%; -.component { - top: $align_top; -} -``` - -## Order - -- Use the following ordering: - - 1. variables - 2. @extend directives - 3. @include directives - 4. declaration list (`property: name;`) - 5. media queries - 6. pseudo-states (`:checked`, `:target`, etc.) and pseudo-elements - (`::after`, `::selection`, etc.) - 7. nested elements - 8. nested classes - -- Use alphabetical order or type order for declarations. Pick one to keep the - whole project consistent. -- Place a new line before nested selectors unless they are after the first - selector. -- Treat nested includes, such as Neat's media includes – - `@include media($small-screen)` — as a standard media query, rather than a - Sass @include. So they would be sorted directly after the declaration list. -- Place mixin calls with `@content` after nested selectors. -- You may deviate the sorting order to better suit your project's needs, as - long as it's consistent throughout the project. - -```scss -// Bad -.module { - - .module-element { - color: #fff932; - } -} - -// Good -.module { - .module-element { - color: #fff932; - } -} - -// Good -.module { - $amount = 3; - @extend .component; - @include sizing($amount); - margin-top: $amount * 1em; - text-align: center; - - @include media($small-screen) { - margin-top: ($amount + 10em); - } - - &::before { - content: "hello"; - } - - .module__ele { - color: #fff932; - } -} -``` diff --git a/_guide/_pages/css/frameworks.md b/_guide/_pages/css/frameworks.md deleted file mode 100644 index e0435ad..0000000 --- a/_guide/_pages/css/frameworks.md +++ /dev/null @@ -1,20 +0,0 @@ - -TTS recommends using the [U.S. Web Design System (USWDS)](https://github.com/uswds/uswds) as it is specifically designed to help build fast, accessible, mobile-friendly federal government websites. - -Sometimes, projects utilize other CSS frameworks such as: - -1. [Bourbon](https://www.bourbon.io/) -2. [BassCSS](https://www.basscss.com/) - -These frameworks were chosen because they're relatively unopinionated about -design decisions while still providing the helpers that make frameworks -essential to fast and accurate frontend work, for example, solutions for -responsive design, grids, and common design patterns. In addition, both -frameworks, through modular design and excellent documentation, make it easy -for the designer or developer to only use the parts that they need, rather than -including a hefty library. - -## Do not use Bootstrap - -18F specifically does not recommend using [Bootstrap](http://getbootstrap.com/) for production work -because it can be difficult to adapt its opinionated styles to bespoke design work. diff --git a/_guide/_pages/css/inheritance.md b/_guide/_pages/css/inheritance.md deleted file mode 100644 index e62ece6..0000000 --- a/_guide/_pages/css/inheritance.md +++ /dev/null @@ -1,57 +0,0 @@ -## Mixins -- Use mixins for groups of properties that appear together intentionally and - are used multiple times. - - ```scss - @mixin clearfix { - &:after { - content: ''; - display: table; - clear: both; - } - } - ``` - -- Use mixins for components to change size. -- Use mixins when something requires parameters. - - ```scss - @mixin size($width, $height: $width) { - width: $width; - height: $height; - } - ``` - -- Do not use mixins for browser prefixes. Use [Autoprefixer](https://github.com/postcss/autoprefixer). - - ```scss - // Bad - @mixin transform($value) { - -webkit-transform: $value; - -moz-transform: $value; - transform: $value; - } - ``` - - -## Extend -Be very careful with using `@extend`. It's a powerful tool that can have -disastrous side-effects. Before using please consider: - -- Where is my current selector going to be appended? -- Am I likely to be causing undesired side-effects? -- How large is the CSS generated by this single extend? - -If you're unsure of using `@extend`, follow these rules to avoid running into -trouble: - -- Use `@extend` from within a module, not across different modules. -- Use `@extend` on [placeholders] exclusively, not on actual selectors. -- Make sure the placeholder you extend is present as little as possible in the - stylesheet. - -You can use [mixins] in place of selectors. While mixins will copy more code, -the difference will often be negligible once the output file has been gzipped. - -[mixins]: http://sass-lang.com/guide#mixins -[placeholders]: http://thesassway.com/intermediate/understanding-placeholder-selectors diff --git a/_guide/_pages/css/linting.md b/_guide/_pages/css/linting.md deleted file mode 100644 index 30296bd..0000000 --- a/_guide/_pages/css/linting.md +++ /dev/null @@ -1,48 +0,0 @@ -The styleguide provides a method of linting [Sass] code to ensure it conforms -to the rules in the styleguide. This linting tool will go through all Sass code -and issue warnings wherever the code differs from the styleguide. We've created -a specific [`.scss-lint.yml` file][scss-lint yaml] that's configured to work -with the css coding styleguide. There are two ways to set up linting: - -* locally with ruby -* locally with node - -## Locally with ruby -1. Add the [`.scss-lint.yml` file][scss-lint yaml] to the base of your - repository. -2. Install the [scss-lint] gem with `gem install scss_lint` -3. Run scss-lint: `scss-lint app/assets/stylesheets/` - -## Locally with node (experimental!) -1. Run `npm install --save-dev @18f/stylelint-rules` to download the package and save it to your package.json -2. The package provides both a gulp task and a cli interface. Detailed usage instructions can be found in the [README](https://github.com/18F/stylelint-rules) - -## Shortcomings - -### scss-lint - -The scss-lint tool currently lacks the functionality to check these rules in -the CSS coding styleguide: - -- Does not limit line width to 80 characters -- Does not check for numeric calculations in parentheses -- Does not sort properties in quite the order we want (defaults to - alphabetical) - -### stylelint - -This tool is still being evaluated, so not every rule in our current styleguide -is supported by stylelint. scss-lint is purpose built for SCSS and is therefore -a bit more feature rich. The following rules are currently not supported: - -- PropertySpelling -- UnecessaryParentReference - -That being said, if you want to avoid a dependency on ruby in your project and -still benefit from reliable SCSS linting, please test out this tool! - - -[Sass]: http://sass-lang.com/ -[scss-lint]: https://github.com/brigade/scss-lint -[scss-lint yaml]: https://raw.githubusercontent.com/18F/frontend/18f-pages-staging/.scss-lint.yml -[stylelint-rules]: https://github.com/18F/stylelint-rules diff --git a/_guide/_pages/css/naming.md b/_guide/_pages/css/naming.md deleted file mode 100644 index 12ec796..0000000 --- a/_guide/_pages/css/naming.md +++ /dev/null @@ -1,195 +0,0 @@ -- HTML elements should be in lowercase. - - ```scss - body, - div { - } - ``` - -- Classes should be lowercase. -- Avoid camelcase. -- Name things clearly. -- Write classes semantically. Name its function not its appearance. - - ```scss - // Bad - // Avoid uppercase - .ClassNAME { } - - // Avoid camel case - .commentForm { } - - // What is a c1-xr? Use a more explicit name. - .c1-xr { } - ``` - -- Avoid presentation- or location-specific words in names, as this will cause - problems when you (invariably) need to change the color, width, or feature - later. - - ```scss - // Bad - .blue - .text-gray - .100width-box - - // Good - .warning - .primary - .lg-box - ``` - -- Be wary of naming components based on content, as this limits the use of the - class. - - ```scss - // Danger zone - .product_list - - // Better - .item_list - ``` - -- Don't abbreviate unless it’s a well-known abbreviation. - - ```scss - // Bad - .bm-rd - - // Good - .block--lg - ``` - -- Use quotes in type pseudo selectors. - - ```scss - // Good - .top_image[type="text"] { - } - ``` - -- Name CSS components and modules with singular nouns. - - ```scss - .button { - } - ``` - -- Name modifiers and state-based rules with adjectives. - - ```scss - .is_hovered { - } - ``` - -- If your CSS has to interface with other CSS libraries, consider namespacing - every class. - - ```css - .f18-component - ``` - - -## Naming Methodologies - -When it comes to naming, the most important thing is consistency. The -recommended way to do this is using an existing methodology like [BEM](#bem), -or use a custom one that’s clearly defined. - -### BEM - -[BEM][BEM] (**B**lock, **E**lement, **M**odifier) structures CSS such that -every entity is composed of (you guessed it) blocks, elements and modifiers. -From [Harry Roberts][mindbemding]: - -> The point of BEM is to tell other developers more about what a piece of -> markup is doing from its name alone. By reading some HTML with some classes -> in, you can see how – if at all – the chunks are related; something might -> just be a component, something might be a child, or element, of that -> component, and something might be a variation or modifier of that component. - -TTS generally recommends using a modified BEM methodology outlined in the next -subsection. However, you might want to use standard BEM when: - -* You need a naming scheme that general CSS developers will already be familiar - with or an existing naming scheme hasn’t been consistent enough. -* When you want to use JavaScript to modify the BEM class names dynamically. - -Here is an example of BEM in SCSS: - -```scss -// block -.inset { - margin-left: 15%; - - // element - .inset__content { - padding: 3em; - } -} - -// modifier -.inset--sm { - margin-left: 10%; - - .inset__content { - padding: 1em; - } -} - -// modifier -.inset--lg { - margin-left: 20%; -} -``` - - -### Suggested custom methodology - -The TTS recommendation for a naming methodology is a modified version of BEM. -It still uses blocks, sections within blocks and modifiers, but with an -abbreviated syntax. - -``` -.accordion -.accordion-item -.accordion-item-selected - -.nav_bar -.nav_bar-link -.nav_bar-link-clicked -``` - - - -### Naming methodology resources -- [article explaining BEM][mindbemding] -- [BEM website][BEM] - - -## js- flagged classes -Don't attach styles to classes with a `js-` flag. These classes are reserved for javascript. - -```css -// Bad -.js-people { - color: #ff0; -} -``` - -### Rationale -A `js-` flagged class needs to be highly portable. Adding styles to it breaks that portability. - -## test- flagged classes -Don't attach styles to classes with a `test-` flag. These classes are reserved for testing hooks such as those used by selenium. - -```css -// Bad -.test-people { - color: #ff0; -} -``` - - -[BEM]: https://en.bem.info/method/ -[mindbemding]: http://csswizardry.com/2013/01/mindbemding-getting-your-head-round-bem-syntax/ diff --git a/_guide/_pages/css/preprocessors.md b/_guide/_pages/css/preprocessors.md deleted file mode 100644 index 497629f..0000000 --- a/_guide/_pages/css/preprocessors.md +++ /dev/null @@ -1,15 +0,0 @@ -The most supported CSS preprocessor at TTS is [Sass](http://sass-lang.com/) -(SCSS). Using this pre-processor means you'll get supported resources such as -frameworks, libraries, tutorials, and a comprehensive styleguide as support. - -In addition, TTS uses a [`.scss-lint.yml` -file](https://raw.githubusercontent.com/18F/frontend/18f-pages-staging/.scss-lint.yml) -to keep our CSS code compliant with our own styleguide. - -_That being said, any preprocessor is allowed as long as it's a sound project -and has community support._ - -The recommended way to compile your Sass code is through -[node-sass](https://www.npmjs.com/package/node-sass), rather than Ruby Sass. -This allows eliminating the Ruby dependency for projects that don't already -require it and is the fastest method of compiling Sass. diff --git a/_guide/_pages/css/specificity.md b/_guide/_pages/css/specificity.md deleted file mode 100644 index 1f0fffa..0000000 --- a/_guide/_pages/css/specificity.md +++ /dev/null @@ -1,84 +0,0 @@ -- IDs should be reserved for JavaScript. Don’t use IDs for styles. - - ```scss - // Bad - #component { } - - // Good - .component { } - ``` - -- Don't nest more than 3 layers deep. -- Do not fix problems with ```!important```. Use ```!important``` purposefully. - - ```scss - // Bad - .component { - width: 37.4% !important; - } - - // Good - .hidden { - display: none !important - } - ``` - -- Keep specificity low and trend upwards in specificity as you move further - down file. See the [specificity graph](#specificity-graph) section for more - info. -- Don't use unnecessary tag selectors. - - ```scss - // Bad - p.body_text { } - - // Good - .body_text - ``` - -- If you have to hack specificity, use a safe hack: the _multi class_. - - ```scss - // multi-class hack - .component.component { } - ``` - -## Specificity graph -An easy rule to use when dealing with specificity is to start from a low -specificity and curve to higher specificity as you move towards the bottom of -the output file. Since CSS rules get replaced by rules further down in the -file, you'll override rules in an expected way. - -There’s a tool that can graph your files’ specificity, [CSS specificity -graph](http://jonassebastianohlsson.com/specificity-graph/). Run your final -output file through this tool and strive for a curve trending upwards. - -### Resources -* [CSS specificity graph](http://jonassebastianohlsson.com/specificity-graph/) -* [Explanation](http://csswizardry.com/2014/10/the-specificity-graph/) - -## Rationale -With specificity comes great responsibility. Broad selectors allow us to be -efficient, yet can have adverse consequences if not tested. Location-specific -selectors can save us time, but will quickly lead to a cluttered stylesheet. -Exercise your best judgement to create selectors that find the right balance -between contributing to the overall style and layout of the DOM. - -* When modifying an existing element for a specific use, try to use specific - class names. Instead of `.listings-layout.bigger` use rules like - `.listings-layout.listings-bigger`. Think about ack/grepping your code in the - future. - -* Use lowercase and separate words with hyphens when naming selectors. Avoid - camelcase and underscores. Use human-readable selectors that describe what - element(s) they style. - -* Attribute selectors should use double quotes around values. Refrain from - using over-qualified selectors; `div.container` can simply be stated as - `.container`. - -* IDs should be reserved for JavaScript. Unless you have a very good reason, - all CSS should be attached to classes rather than IDs. When in doubt, use a - class name. This prevents target confusion and allows CSS devs and JS devs to - co-exist in the same code in peace. If you must use an id selector (`#id`) - make sure that you have no more than one in your rule declaration. diff --git a/_guide/_pages/css/units.md b/_guide/_pages/css/units.md deleted file mode 100644 index c2bfd7c..0000000 --- a/_guide/_pages/css/units.md +++ /dev/null @@ -1,125 +0,0 @@ -## Measurements -- Use **rem** units for font sizes with a px fallback. This can be done with - the following mixin: - - ```scss - @mixin font-size($sizeValue: 1.6) { - font-size: ($sizeValue * 10) + px; - font-size: $sizeValue + rem; - } - ``` - -- Set the HTML font size to `10px` to ensure that `0.1rem` equals `1px`. - - ```scss - html { - font-size: 10px; - } - ``` - -- Use **em** units for positioning. -- Use **percentages** when layout components stay relational to each other - (e.g. a main content area that takes up 75% of the screen and a sidebar that - takes up 25%). - - ```scss - // Good - .panel-a { - width: 25%; - } - - .panel-b { - width: 75%; - } - ``` - -- Use **px** units for when a measurement shouldn't change based on user set - font size or browser zooming or for when requiring pixel values below 5. - - ```scss - // Bad - selector { - border-width: 55px; - } - - // Good - selector { - border-width: 2px; - } - ``` - -- Use unitless values for `line-height` as this will inherit values from the - `font-size`. -- Use up to 10 decimal places in em units to ensure accuracy. - - ```scss - // Good - .body_copy { - @include rem-font-size(1.4); - // Line height will now be 1.8 of 1.4rem, or 2.5rem. - line-height: 1.8; - } - - // Good - .container { - height: 12em; - margin-left: 10.6666666667em; - width: 82.5%; - } - ``` - -- Do not use a unit with 0. - - ```scss - // Bad - width: 0px; - - // Good - width: 0; - ``` - -- Always use a unit for dimensions, margins, borders, padding, and typography. - - ```scss - // Bad - border-width: 12; - - // Good - border-width: 12px; - ``` - - -## Colors -- Use **hex** notation first, or then **rgb(a)**, or **hsl(a)**. -- Both three-digit and six-digit hexadecimal notation are acceptable. -- When denoting color using hexadecimal notation, use all lowercase letters. -- When using HSL or RGB notation, always add a single space after a comma and - no space between parentheses and content. - -```scss -// Bad -color: #FFF; -color: rgb( 255, 0, 0 ); - -// Good -$light: #fff; -color: $light; - -// Good -$primary: #fe9848; -color: $primary; - -// Good -$secondary: rgba(255, 100, 255, 0.5); -color: $secondary; -``` - -- If you use an rgba rule, include a fallback value in hexadecimal. - - ```scss - // Good - .illustration { - background-color: #eee; // fallback - background-color: rgba(221, 221, 221, 0.75); - } - ``` diff --git a/_guide/_pages/css/variables.md b/_guide/_pages/css/variables.md deleted file mode 100644 index e9589fa..0000000 --- a/_guide/_pages/css/variables.md +++ /dev/null @@ -1,81 +0,0 @@ -- Create new variables in the following circumstances: - - The value is repeated twice - - The value is likely to be updated at least once - - All occurrences of the value are tied to the variable (for example not by - coincidence) -- When building scss that will be used across multiple projects use the - `!default` flag to allow overriding. - - ```scss - $baseline: 1em !default; - ``` - -- The `!global` flag should only be used when overriding a global variable from - a local scope. -- Variables across the whole scss codebase should be placed in their own file. -- When declaring color variables, don't base the name on the color content. - - ```scss - // Bad - $light_blue: #18f; - $dark_green: #383; - - // Good - $primary: #18f; - $secondary: #383; - $neutral: #ccc; - ``` - -- Be careful when naming variables based on their context. - - ```scss - // Bad - $background_color: #fff; - ``` - -- Don't use the value of dimensional variables in the variable name. - - ```scss - // Bad - $width_100: 100em; - - // Good - $width_lg: 100em; - ``` - -- Name all used z-indexes with a variable. -- Have a z-index variable for each z-index used, and a separate variable, - possibly aliased for where the z-index is used. - - ```scss - $z_index-neg_1: -100; - $z_index-neg_2: -200; - $z_index-1: 100; - - $z_index-hide: $z_index-neg_2; - $z_index-bg: $z_index-neg_1; - $z_index-show: $z_index-1; - ``` - -## Responsive Design & Breakpoints -- Set variables for breakpoints at the top of your stylesheet. This - functionality is built into Bourbon. - - ```scss - $sm: new-breakpoint(min-width 0 max-width 40em $sm_cols); - ``` - -- Use variables to set the queries throughout so they are easy to adapt if - necessary. -- Place media queries nearest to the class they are affecting. -- Rather than focusing on devices when deciding where to put breakpoints, focus - on content; name breakpoint variables relative to each other. - - ```scss - // Bad - $iphone: new-breakpoint(min-width 0 max-width 640px 6); - - // Good - $small: new-breakpoint(min-width 0 max-width 40em 6); - $medium: new-breakpoint(min-width 0 max-width 60em 6); - ``` diff --git a/_guide/_pages/javascript.md b/_guide/_pages/javascript.md index 12c5853..bfb558f 100644 --- a/_guide/_pages/javascript.md +++ b/_guide/_pages/javascript.md @@ -2,26 +2,301 @@ title: JavaScript sidenav: languages sticky_sidenav: true +subnav: + - text: Dependencies + href: "#dependencies" + - text: Framework Suggestions + href: "#frameworks" + - text: Style + href: "#style" + - text: Related Topics + href: "#related-topics" --- The purpose of the JavaScript coding styleguide is to create and utilize consistent JS across TTS. The styleguide should be treated as a guide — rules can be modified according to project needs. -* [Dependencies](#dependencies) -* [Frameworks](#frameworks) -* [Style](#style) -* [Related Topics](#related-topics) +# Dependencies +The word "dependency" refers to all of the frameworks, libraries, and other tools that your project relies on. *Dependency management* is the process by which tools are incorporated into your project, removed and updated (for instance, when you need a new version of [jQuery]). Here are the tools that we recommend for managing dependencies: -# Dependencies -{% include_relative javascript/dependencies.md %} +## Bower +{%include components/tag-caution.html %} __Do not use Bower.__ + +It's not needed and should be phased out and replaced by npm. More information can be found here: [Why We Should Stop Using Bower – And How to Do It](http://gofore.com/ohjelmistokehitys/stop-using-bower/). + + +## npm +{%include components/tag-default.html %} [npm] informally stands for *N*ode *P*ackage *M*anager, and is the package manager node uses. Its usage is very similar to Bower because the latter was inspired by the former. + +### Install npm + +{%include components/tag-standard.html %} +We recommend installing both node and npm through a tool called nvm. nvm (which stands for Node version manager) is a software that allows you to run multiple versions of node in different projects on the same computer. Its benefits include + +- Installs npm in a manner that doesn't require running sudo to install global packages. +- Easily be able to switch between multiple node versions with a project configuration file or command. + +To install on MacOSX or linux, follow the instructions on the [nvm site](https://github.com/creationix/nvm#installation). If you system has a c++ compiler setup, you'll likely be able to install it with this simple script: + +``` +curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.6/install.sh | bash +``` + +### npm instructions + +{%include components/tag-caution.html %} If you can't use nvm, you can install node and npm globally. + +1. Get [Node.js]. +2. To initialize your project, run `npm init` in your project directory, which will create a `package.json`. +3. Install some dependencies with `npm install --save [name]`, e.g. + - [jQuery](https://npm.im/jquery): `npm install --save jquery` + - [D3](https://npm.im/d3): `npm install --save d3@v3.5.5` (version 3.5.5) + +npm installs its dependencies in the `node_modules` directory. Common conventions dictate that `node_modules` should be excluded from source control by adding it to your project's `.gitignore`, primarily because Node.js-friendly environments (such as [Cloud Foundry] and [Heroku]) recognize the existence of `package.json` and automatically install dependencies as needed. + +### Configuring git and GitHub + +The npm `package-lock.json` is a big, gnarly file and it changes a lot. Because it's a generated file, there's not really any value or purpose in manually reviewing it. You can tell git to treat it like a binary file to remove it from diff results by creating a `.gitattributes` file. This file can also include a hint to GitHub to collapse the file in diff view: + +``` +package-lock.json -diff -merge +package-lock.json linguist-generated=true +``` + +When git notices a difference during a merge, it will tenatively accept the current version of the file, but it will fail the merge with a message along the lines of "binary files differ." To manage merge conflicts in `package-lock.json` files, consider installing [npm-merge-driver](https://www.npmjs.com/package/npm-merge-driver), which will automatically resolve those conflicts. + +### Safely installing packages from npm +While npm is generally a safe environment to install code from, there are certain aspects of the system that are vulnerable to dangerous script execution. Luckily there are steps that can be taken to minimize these risks. + +It's recommended that developers at TTS follow these guidelines when installing unknown or new packages. + +npm allows various hooks to be executed during the install process. These scripts are where potential dangerous scripts can be executed. To limit this it's recommended to: + +1. install npm in a manner so sudo is never required. The TTS recommended way of doing this is to [install with nvm](#install-npm). +1. check which scripts will be run on install by running `npm show $module scripts`. + - Each script under `preinstall`, `install`, `postinstall` will be run when installing. + - Each script under `postuninstall`, `preuninstall`, `uninstall` will be run on uninstall. +1. Pull a tarball of the whole package down to check that any scripts run during those steps are safe, `wget http://registry.npmjs.org/$module/-/$module-version.tgz`. + - Check any files that are being run as part of the install scripts. + - Check that the file in the package are generally what they are supposed to be. +1. If unsure, install the packages without running any scripts with `npm install $module --ignore-scripts`. + +### Publishing +#### Scoping a package to the 18F npm org +18F has an npm organization called [18f](https://www.npmjs.com/org/18f) that is meant to organize permissions and packages related to 18F. As an 18F developer, when publishing a package, you have the choice whether to scope a package to the 18F org or not. Scoped packages will always be prefixed with `@18f/` before their package name and can have their permissions managed by people in the org. More information about scoped packages can be found on the [npm documentation](https://docs.npmjs.com/misc/scope). + +##### Guidance on when to scope a package or not +- A package *should not* be scoped to 18F if it is not necessary for consumers (either gov or non-gov) of the package to be aware of 18F in order to use it. + - Example: The Draft US Web Design Standards are used by many entities outside of 18f and government. A user does not need to know anything about 18F to use the Web Design Standards package. +- A package *should* be scoped to 18F if its use cases fall mainly inside of 18F. + - Example: [@18f/stylelint-rules](https://github.com/18F/stylelint-rules) is scoped to 18f because it's an 18F specific linting configuration that's directly linked to the 18F guides site. +- A package *should* be scoped to 18f to avoid naming conflicts. + - Example: If 18F made a generic front-end accordion to use across 18F sites, it should probably be scoped to `@18f/accordion` to avoid conflicts with all other accordions out there. + +##### How to scope a package to 18F +- Ensure you are part of the 18f npm org and have at least developer rights. This can be found on the [18f org team page](https://www.npmjs.com/org/18f/members). + - If you don't have the proper access, ask in #g-frontend or #javascript slack channels and an admin will add you. +- If the package has not been published to 18f yet, follow the [instructions on npm](https://docs.npmjs.com/getting-started/scoped-packages) for scoped packages. +- If the package has already been published, it currently cannot be scoped, so may need to be renamed. See the [npm documentation on existing packages](https://docs.npmjs.com/orgs/preexisting-packages) for more information. + +##### General tips for publishing +- Use [semver](http://semver.org/). +- Include instructions on how to use the modules in the README.md. Start from `npm install`, as this is generally a convention on npm. +- Test to ensure that your package works with any required versions of node and works on Windows. + +### Node and the browser +Using [Node.js] modules in the browser can be either straightforward or convoluted, depending on the project. Some project packages come with browser-ready `.js` files, whereas others require build tools such as [Browserify] or [Webpack] to translate some Node-specific JavaScript so that it can be run in browsers. Visit the #javascript channel on Slack if you need help with these tools. + +## Manual dependency management +Many dependencies consist of a single file and can be more easily incorporated simply by copying them into your project. We have some recommendations for how this should be done: + +1. Establish a specific directory for 3rd-party assets, e.g. `js/vendor` for JavaScript or `assets/vendor` for frameworks that consist of CSS, images and/or JavaScript. +2. Download the assets to this directory, e.g. in your terminal: + + ```sh + cd js/vendor + curl -O http://code.jquery.com/jquery.min.js + ``` + +3. Add these dependencies to version control. + +[jQuery]: http://jquery.com/ +[npm]: https://www.npmjs.com/ +[Node.js]: https://nodejs.org/ +[D3]: http://d3js.org/ +[Browserify]: http://browserify.org/ +[Webpack]: http://webpack.github.io/ +[Cloud Foundry]: https://www.cloudfoundry.org/ +[Heroku]: https://www.heroku.com/ # Frameworks -{% include_relative javascript/frameworks.md %} +When choosing a JavaScript web framework, also consider if vanilla JavaScript would satisfy your project needs. "Vanilla JavaScript" (or "vanilla JS") refers to using just JavaScript and the [Web APIs](https://developer.mozilla.org/en-US/docs/Web/API) provided natively by web browsers. For simpler project, vanilla JavaScript helps avoid overengineering, can reduce security and compliance complexity, and may reduce maintenance costs by making it possible for any JavaScript developer to work on it. However, vanilla JavaScript can be unwieldy in complex applications. + +## React +{%include components/tag-default.html %} +[React](https://reactjs.org/) (sometimes styled React.js or ReactJS) is an open-source JavaScript library for creating user interfaces that aims to address challenges encountered in developing single-page applications ([Wikipedia](https://en.wikipedia.org/wiki/React_(JavaScript_library))). + +#### When to use: +- Single page apps that requires data manipulation on the front end without a server side request/response architecture. +- When there's a strong need to render JavaScript based UI on the server due to performance or accessibility reasons. +- JavaScript UI that incorperates many nested components. +- A UI with many components and updates that needs to be performance conscious. +- When only a "view" framework is desired/required. +- To ensure all front-end components conform to a single standard. + +#### When not to use: +- When a complex build process is not feasible. React requires transforming "jsx" files to regular JavaScript. +- When developers unfamiliar with JSX and don't have time to learn. +- While open source, is maintained primarily by Facebook. + +#### Goes well with: +- [Redux](https://redux.js.org/) - An application state management library. + - **When to use:** + - When an application has complex internal state that affects how the site is rendered in realtime. + - When one-way data flow is desired for performance. + - **When not to use:** + - When application internal state is simple + - When all state changes result in cheap re-rendering + +## Angular +{%include components/tag-suggestion.html %} +[Angular](https://angular.io/) (sometimes styled Angular 2+) is an open-source web application framework maintained by Google and by a community of individual developers and corporations to address many of the challenges encountered in developing single-page applications ([Wikipedia](https://en.wikipedia.org/wiki/Angular_(web_framework)) + +We don't work with Angular a lot ourselves, but it is a well-maintained, highly-used modern framework and we should not discourage or frown on its use by our partners. In our consulting and acquisition work, we view Angular as a solid choice for a frontend web framework, given the considerations below. + +#### When to use: +- Sites with heavy front end, JavaScript UI interactions (single page apps) such as: + - creating, updating, deleting of information without a server reload + - real-time messaging platforms, such as chat or complex messaging such as email + - complex data visualization dashboards + - lazy-loaded from the back end +- When the site's design specifies a single page app architecture over classic server request and response. +- When the whole site will be built with Angular to maintain front-end code consistency. + +#### When not to use: +- For a single or a few simple components (with the rest of the site not using Angular), instead see React or Web Components. +- Exporting a module that isn't an Angular module. +- If there is a strict requirement that the site should work for users that have JavaScript disabled. +- If there already is an active M**V framework (Backbone, ampersand, Ember) being used on the site. +- When the site's design doesn't benefit from a single page app architecture. +- When the long-term maintenance dev team is very unfamiliar with Angular and don't have the resources to learn or hire for it. + +#### Pros: +- Takes care of a lot of boilerplate code for front-end interactions. +- Attempts to extend HTML itself, and was designed so less experienced devs could use it. +- Being maintained and developed by Google generally means good support. + +#### Cons: +- While open source, is maintained primarily by Google. +- Has been known to implement breaking changes in major version updates. +- Built with Typescript, which is not ECMA standardized (as opposed to vanilla JS or ES6). +- Has a steep learning curve and is very opinionated, meaning you learn Angular rather than JavaScript. + +# Deprecated + +## AngularJS + +{%include components/tag-caution.html %} +AngularJS is the legacy version of Angular and is not actively developed. Maintenance will be discontinued on July 21, 2021. New projects should not use AngularJS. + +([Wikipedia](http://en.wikipedia.org/wiki/AngularJS)). # Style -{% include_relative javascript/style.md %} +{%include components/tag-standard.html %} +We recommend combining [Prettier](https://prettier.io) with the +[Airbnb JavaScript style guide](https://github.com/airbnb/javascript) plugins +for [eslint](https://eslint.org). + +Maintaining stylistic consistency across TTS code helps lower the barrier to +jumping in and helping with or reviewing other projects because we'll all be +familiar with reading and working with code that looks similar. Having +consistent rules for styling also removes generally non-productive discussions +(aka bikeshedding) around personal code-formatting preferences. + +[Prettier](https://prettier.io) is an automatic code formatter that will handle +converting between tabs and spaces, moving brackets onto the appropriate line, +removing excess whitespace, and other stylistic . Using an automatic formatter +makes it easier to keep code consistent while also freeing us from having to +make arbitrary choices on which styles we prefer. It can +[integrate with your code editor](https://prettier.io/docs/en/editors.html) to +apply styles on save automatically. + +[`eslint`](http://eslint.org/) is our preferred tool for analyzing and flagging +(aka "linting") JavaScript that is out of line with a set of stylistic and +semantic rules. There are plugins to integrate eslint with nearly every code +editor and build system, as described at +[http://eslint.org/docs/user-guide/integrations](http://eslint.org/docs/user-guide/integrations). +Using an eslint plugin with your editor makes it easier to quickly see +non-conforming lines of code on the spot, as shown below: + +![Atom eslint plugin screenshot]({{ site.baseurl }}/javascript/atom-eslint-example.png) + +## Why both? + +Prettier and eslint address an overlapping but different set of concerns. +Prettier is _just_ a formatter. It will adjust your whitespace, add or remove +parentheses, add semicolons, etc., but it has nothing to say about the +semantics of your code. eslint, meanwhile, parsers your code into an abstract +syntax tree to fully understand what it's doing and warns you about unusual +patterns and common errors. For example, it can tell you if you reference an +undefined variable, define a variable that never gets used, and even warn you +about accessibility issues such as leaving an `alt` attribute out of `` +tags in JSX. + +## How to set it up + +Prettier has a few [configurable options](https://prettier.io/docs/en/options.html). +Generally we recommend going with its defaults for simplicity, but the +important thing is to pick something and use it consistently. + +eslint is configured with rules, but rather than write all our own rules we +recommend using the rules defined by the [Airbnb Javascript style guide](https://github.com/airbnb/javascript) +and Prettier. Both Prettier and Airbnb provide their rules as sets of npm +modules, depending on your needs: + +- For all projects + - [eslint-config-prettier](https://www.npmjs.com/package/eslint-config-prettier) +- For React projects: + - [eslint-config-airbnb](https://www.npmjs.com/package/eslint-config-airbnb) + - [eslint-plugin-import](https://www.npmjs.com/package/eslint-plugin-import) + - [eslint-plugin-jsx-a11y](https://www.npmjs.com/package/eslint-plugin-jsx-a11y) + - [eslint-plugin-react](https://www.npmjs.com/package/eslint-plugin-react) +- For ES6/2015 projects that don't use React: + - [eslint-config-airbnb-base](https://www.npmjs.com/package/eslint-config-airbnb-base) + - [eslint-plugin-import](https://www.npmjs.com/package/eslint-plugin-import) +- For ES5 or below: + - [eslint-config-airbnb-base/legacy](https://www.npmjs.com/package/eslint-config-airbnb-base#eslint-config-airbnb-baselegacy)) + +Each link above has instructions for installing the required `npm` packages and +configuring `eslint` to use the installed rules. These should be installed for +each project, and saved in each project's `package.json`. + +Generally the process is to `npm install` the required modules and peer +dependencies, for example: + +```sh +npm install --save-dev \ + eslint \ + eslint-config-airbnb \ + eslint-plugin-jsx-a11y \ + eslint-plugin-import \ + eslint-plugin-react +``` + +and then create a local file configuration within your project called +`.eslintrc.json` that looks like: + +```txt +{ + "extends": ["airbnb", "prettier"] +} +``` + +For more information on configuring `eslint`, see its documentation at +[http://eslint.org/docs/user-guide/configuring](http://eslint.org/docs/user-guide/configuring). +} # Related topics * [Node.js]({{site.baseurl}}/nodejs) \ No newline at end of file diff --git a/_guide/_pages/javascript/dependencies.md b/_guide/_pages/javascript/dependencies.md deleted file mode 100644 index f91e4f0..0000000 --- a/_guide/_pages/javascript/dependencies.md +++ /dev/null @@ -1,113 +0,0 @@ - - -The word "dependency" refers to all of the frameworks, libraries, and other tools that your project relies on. *Dependency management* is the process by which tools are incorporated into your project, removed and updated (for instance, when you need a new version of [jQuery]). Here are the tools that we recommend for managing dependencies: - -## Bower -{%include components/tag-caution.html %} __Do not use Bower.__ - -It's not needed and should be phased out and replaced by npm. More information can be found here: [Why We Should Stop Using Bower – And How to Do It](http://gofore.com/ohjelmistokehitys/stop-using-bower/). - - -## npm -{%include components/tag-default.html %} [npm] informally stands for *N*ode *P*ackage *M*anager, and is the package manager node uses. Its usage is very similar to Bower because the latter was inspired by the former. - -### Install npm - -{%include components/tag-standard.html %} -We recommend installing both node and npm through a tool called nvm. nvm (which stands for Node version manager) is a software that allows you to run multiple versions of node in different projects on the same computer. Its benefits include - -- Installs npm in a manner that doesn't require running sudo to install global packages. -- Easily be able to switch between multiple node versions with a project configuration file or command. - -To install on MacOSX or linux, follow the instructions on the [nvm site](https://github.com/creationix/nvm#installation). If you system has a c++ compiler setup, you'll likely be able to install it with this simple script: - -``` -curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.31.6/install.sh | bash -``` - -### npm instructions - -{%include components/tag-caution.html %} If you can't use nvm, you can install node and npm globally. - -1. Get [Node.js]. -2. To initialize your project, run `npm init` in your project directory, which will create a `package.json`. -3. Install some dependencies with `npm install --save [name]`, e.g. - - [jQuery](https://npm.im/jquery): `npm install --save jquery` - - [D3](https://npm.im/d3): `npm install --save d3@v3.5.5` (version 3.5.5) - -npm installs its dependencies in the `node_modules` directory. Common conventions dictate that `node_modules` should be excluded from source control by adding it to your project's `.gitignore`, primarily because Node.js-friendly environments (such as [Cloud Foundry] and [Heroku]) recognize the existence of `package.json` and automatically install dependencies as needed. - -### Configuring git and GitHub - -The npm `package-lock.json` is a big, gnarly file and it changes a lot. Because it's a generated file, there's not really any value or purpose in manually reviewing it. You can tell git to treat it like a binary file to remove it from diff results by creating a `.gitattributes` file. This file can also include a hint to GitHub to collapse the file in diff view: - -``` -package-lock.json -diff -merge -package-lock.json linguist-generated=true -``` - -When git notices a difference during a merge, it will tenatively accept the current version of the file, but it will fail the merge with a message along the lines of "binary files differ." To manage merge conflicts in `package-lock.json` files, consider installing [npm-merge-driver](https://www.npmjs.com/package/npm-merge-driver), which will automatically resolve those conflicts. - -### Safely installing packages from npm -While npm is generally a safe environment to install code from, there are certain aspects of the system that are vulnerable to dangerous script execution. Luckily there are steps that can be taken to minimize these risks. - -It's recommended that developers at TTS follow these guidelines when installing unknown or new packages. - -npm allows various hooks to be executed during the install process. These scripts are where potential dangerous scripts can be executed. To limit this it's recommended to: - -1. install npm in a manner so sudo is never required. The TTS recommended way of doing this is to [install with nvm](#install-npm). -1. check which scripts will be run on install by running `npm show $module scripts`. - - Each script under `preinstall`, `install`, `postinstall` will be run when installing. - - Each script under `postuninstall`, `preuninstall`, `uninstall` will be run on uninstall. -1. Pull a tarball of the whole package down to check that any scripts run during those steps are safe, `wget http://registry.npmjs.org/$module/-/$module-version.tgz`. - - Check any files that are being run as part of the install scripts. - - Check that the file in the package are generally what they are supposed to be. -1. If unsure, install the packages without running any scripts with `npm install $module --ignore-scripts`. - -### Publishing -#### Scoping a package to the 18F npm org -18F has an npm organization called [18f](https://www.npmjs.com/org/18f) that is meant to organize permissions and packages related to 18F. As an 18F developer, when publishing a package, you have the choice whether to scope a package to the 18F org or not. Scoped packages will always be prefixed with `@18f/` before their package name and can have their permissions managed by people in the org. More information about scoped packages can be found on the [npm documentation](https://docs.npmjs.com/misc/scope). - -##### Guidance on when to scope a package or not -- A package *should not* be scoped to 18F if it is not necessary for consumers (either gov or non-gov) of the package to be aware of 18F in order to use it. - - Example: The Draft US Web Design Standards are used by many entities outside of 18f and government. A user does not need to know anything about 18F to use the Web Design Standards package. -- A package *should* be scoped to 18F if its use cases fall mainly inside of 18F. - - Example: [@18f/stylelint-rules](https://github.com/18F/stylelint-rules) is scoped to 18f because it's an 18F specific linting configuration that's directly linked to the 18F guides site. -- A package *should* be scoped to 18f to avoid naming conflicts. - - Example: If 18F made a generic front-end accordion to use across 18F sites, it should probably be scoped to `@18f/accordion` to avoid conflicts with all other accordions out there. - -##### How to scope a package to 18F -- Ensure you are part of the 18f npm org and have at least developer rights. This can be found on the [18f org team page](https://www.npmjs.com/org/18f/members). - - If you don't have the proper access, ask in #g-frontend or #javascript slack channels and an admin will add you. -- If the package has not been published to 18f yet, follow the [instructions on npm](https://docs.npmjs.com/getting-started/scoped-packages) for scoped packages. -- If the package has already been published, it currently cannot be scoped, so may need to be renamed. See the [npm documentation on existing packages](https://docs.npmjs.com/orgs/preexisting-packages) for more information. - -##### General tips for publishing -- Use [semver](http://semver.org/). -- Include instructions on how to use the modules in the README.md. Start from `npm install`, as this is generally a convention on npm. -- Test to ensure that your package works with any required versions of node and works on Windows. - -### Node and the browser -Using [Node.js] modules in the browser can be either straightforward or convoluted, depending on the project. Some project packages come with browser-ready `.js` files, whereas others require build tools such as [Browserify] or [Webpack] to translate some Node-specific JavaScript so that it can be run in browsers. Visit the #javascript channel on Slack if you need help with these tools. - -## Manual dependency management -Many dependencies consist of a single file and can be more easily incorporated simply by copying them into your project. We have some recommendations for how this should be done: - -1. Establish a specific directory for 3rd-party assets, e.g. `js/vendor` for JavaScript or `assets/vendor` for frameworks that consist of CSS, images and/or JavaScript. -2. Download the assets to this directory, e.g. in your terminal: - - ```sh - cd js/vendor - curl -O http://code.jquery.com/jquery.min.js - ``` - -3. Add these dependencies to version control. - -[jQuery]: http://jquery.com/ -[npm]: https://www.npmjs.com/ -[Node.js]: https://nodejs.org/ -[D3]: http://d3js.org/ -[Browserify]: http://browserify.org/ -[Webpack]: http://webpack.github.io/ -[Cloud Foundry]: https://www.cloudfoundry.org/ -[Heroku]: https://www.heroku.com/ diff --git a/_guide/_pages/javascript/frameworks.md b/_guide/_pages/javascript/frameworks.md deleted file mode 100644 index 116503f..0000000 --- a/_guide/_pages/javascript/frameworks.md +++ /dev/null @@ -1,70 +0,0 @@ -When choosing a JavaScript web framework, also consider if vanilla JavaScript would satisfy your project needs. "Vanilla JavaScript" (or "vanilla JS") refers to using just JavaScript and the [Web APIs](https://developer.mozilla.org/en-US/docs/Web/API) provided natively by web browsers. For simpler project, vanilla JavaScript helps avoid overengineering, can reduce security and compliance complexity, and may reduce maintenance costs by making it possible for any JavaScript developer to work on it. However, vanilla JavaScript can be unwieldy in complex applications. - -## React -{%include components/tag-default.html %} -[React](https://reactjs.org/) (sometimes styled React.js or ReactJS) is an open-source JavaScript library for creating user interfaces that aims to address challenges encountered in developing single-page applications ([Wikipedia](https://en.wikipedia.org/wiki/React_(JavaScript_library))). - -#### When to use: -- Single page apps that requires data manipulation on the front end without a server side request/response architecture. -- When there's a strong need to render JavaScript based UI on the server due to performance or accessibility reasons. -- JavaScript UI that incorperates many nested components. -- A UI with many components and updates that needs to be performance conscious. -- When only a "view" framework is desired/required. -- To ensure all front-end components conform to a single standard. - -#### When not to use: -- When a complex build process is not feasible. React requires transforming "jsx" files to regular JavaScript. -- When developers unfamiliar with JSX and don't have time to learn. -- While open source, is maintained primarily by Facebook. - -#### Goes well with: -- [Redux](https://redux.js.org/) - An application state management library. - - **When to use:** - - When an application has complex internal state that affects how the site is rendered in realtime. - - When one-way data flow is desired for performance. - - **When not to use:** - - When application internal state is simple - - When all state changes result in cheap re-rendering - -## Angular -{%include components/tag-suggestion.html %} -[Angular](https://angular.io/) (sometimes styled Angular 2+) is an open-source web application framework maintained by Google and by a community of individual developers and corporations to address many of the challenges encountered in developing single-page applications ([Wikipedia](https://en.wikipedia.org/wiki/Angular_(web_framework)) - -We don't work with Angular a lot ourselves, but it is a well-maintained, highly-used modern framework and we should not discourage or frown on its use by our partners. In our consulting and acquisition work, we view Angular as a solid choice for a frontend web framework, given the considerations below. - -#### When to use: -- Sites with heavy front end, JavaScript UI interactions (single page apps) such as: - - creating, updating, deleting of information without a server reload - - real-time messaging platforms, such as chat or complex messaging such as email - - complex data visualization dashboards - - lazy-loaded from the back end -- When the site's design specifies a single page app architecture over classic server request and response. -- When the whole site will be built with Angular to maintain front-end code consistency. - -#### When not to use: -- For a single or a few simple components (with the rest of the site not using Angular), instead see React or Web Components. -- Exporting a module that isn't an Angular module. -- If there is a strict requirement that the site should work for users that have JavaScript disabled. -- If there already is an active M**V framework (Backbone, ampersand, Ember) being used on the site. -- When the site's design doesn't benefit from a single page app architecture. -- When the long-term maintenance dev team is very unfamiliar with Angular and don't have the resources to learn or hire for it. - -#### Pros: -- Takes care of a lot of boilerplate code for front-end interactions. -- Attempts to extend HTML itself, and was designed so less experienced devs could use it. -- Being maintained and developed by Google generally means good support. - -#### Cons: -- While open source, is maintained primarily by Google. -- Has been known to implement breaking changes in major version updates. -- Built with Typescript, which is not ECMA standardized (as opposed to vanilla JS or ES6). -- Has a steep learning curve and is very opinionated, meaning you learn Angular rather than JavaScript. - -# Deprecated - -## AngularJS - -{%include components/tag-caution.html %} -AngularJS is the legacy version of Angular and is not actively developed. Maintenance will be discontinued on July 21, 2021. New projects should not use AngularJS. - -([Wikipedia](http://en.wikipedia.org/wiki/AngularJS)). diff --git a/_guide/_pages/javascript/style.md b/_guide/_pages/javascript/style.md deleted file mode 100644 index 7e64f24..0000000 --- a/_guide/_pages/javascript/style.md +++ /dev/null @@ -1,92 +0,0 @@ -{%include components/tag-standard.html %} -We recommend combining [Prettier](https://prettier.io) with the -[Airbnb JavaScript style guide](https://github.com/airbnb/javascript) plugins -for [eslint](https://eslint.org). - -Maintaining stylistic consistency across TTS code helps lower the barrier to -jumping in and helping with or reviewing other projects because we'll all be -familiar with reading and working with code that looks similar. Having -consistent rules for styling also removes generally non-productive discussions -(aka bikeshedding) around personal code-formatting preferences. - -[Prettier](https://prettier.io) is an automatic code formatter that will handle -converting between tabs and spaces, moving brackets onto the appropriate line, -removing excess whitespace, and other stylistic . Using an automatic formatter -makes it easier to keep code consistent while also freeing us from having to -make arbitrary choices on which styles we prefer. It can -[integrate with your code editor](https://prettier.io/docs/en/editors.html) to -apply styles on save automatically. - -[`eslint`](http://eslint.org/) is our preferred tool for analyzing and flagging -(aka "linting") JavaScript that is out of line with a set of stylistic and -semantic rules. There are plugins to integrate eslint with nearly every code -editor and build system, as described at -[http://eslint.org/docs/user-guide/integrations](http://eslint.org/docs/user-guide/integrations). -Using an eslint plugin with your editor makes it easier to quickly see -non-conforming lines of code on the spot, as shown below: - -![Atom eslint plugin screenshot]({{ site.baseurl }}/javascript/atom-eslint-example.png) - -## Why both? - -Prettier and eslint address an overlapping but different set of concerns. -Prettier is _just_ a formatter. It will adjust your whitespace, add or remove -parentheses, add semicolons, etc., but it has nothing to say about the -semantics of your code. eslint, meanwhile, parsers your code into an abstract -syntax tree to fully understand what it's doing and warns you about unusual -patterns and common errors. For example, it can tell you if you reference an -undefined variable, define a variable that never gets used, and even warn you -about accessibility issues such as leaving an `alt` attribute out of `` -tags in JSX. - -## How to set it up - -Prettier has a few [configurable options](https://prettier.io/docs/en/options.html). -Generally we recommend going with its defaults for simplicity, but the -important thing is to pick something and use it consistently. - -eslint is configured with rules, but rather than write all our own rules we -recommend using the rules defined by the [Airbnb Javascript style guide](https://github.com/airbnb/javascript) -and Prettier. Both Prettier and Airbnb provide their rules as sets of npm -modules, depending on your needs: - -- For all projects - - [eslint-config-prettier](https://www.npmjs.com/package/eslint-config-prettier) -- For React projects: - - [eslint-config-airbnb](https://www.npmjs.com/package/eslint-config-airbnb) - - [eslint-plugin-import](https://www.npmjs.com/package/eslint-plugin-import) - - [eslint-plugin-jsx-a11y](https://www.npmjs.com/package/eslint-plugin-jsx-a11y) - - [eslint-plugin-react](https://www.npmjs.com/package/eslint-plugin-react) -- For ES6/2015 projects that don't use React: - - [eslint-config-airbnb-base](https://www.npmjs.com/package/eslint-config-airbnb-base) - - [eslint-plugin-import](https://www.npmjs.com/package/eslint-plugin-import) -- For ES5 or below: - - [eslint-config-airbnb-base/legacy](https://www.npmjs.com/package/eslint-config-airbnb-base#eslint-config-airbnb-baselegacy)) - -Each link above has instructions for installing the required `npm` packages and -configuring `eslint` to use the installed rules. These should be installed for -each project, and saved in each project's `package.json`. - -Generally the process is to `npm install` the required modules and peer -dependencies, for example: - -```sh -npm install --save-dev \ - eslint \ - eslint-config-airbnb \ - eslint-plugin-jsx-a11y \ - eslint-plugin-import \ - eslint-plugin-react -``` - -and then create a local file configuration within your project called -`.eslintrc.json` that looks like: - -```txt -{ - "extends": ["airbnb", "prettier"] -} -``` - -For more information on configuring `eslint`, see its documentation at -[http://eslint.org/docs/user-guide/configuring](http://eslint.org/docs/user-guide/configuring). From 95a5657e3ff07e204bcab2bfd0f7f0910aacf0e4 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Thu, 11 Mar 2021 14:49:46 -0500 Subject: [PATCH 046/179] Add redirect_from --- _guide/_pages/css.md | 12 ++++++++++++ _guide/_pages/javascript.md | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/_guide/_pages/css.md b/_guide/_pages/css.md index 31173dc..0052a98 100644 --- a/_guide/_pages/css.md +++ b/_guide/_pages/css.md @@ -2,6 +2,18 @@ title: CSS sidenav: languages sticky_sidenav: true +redirect_from: + - /css/architecture/ + - /css/documentation/ + - /css/frameworks/ + - /css/formatting/ + - /css/inheritance/ + - /css/linting/ + - /css/naming/ + - /css/preprocessors/ + - /css/specificity/ + - /css/units/ + - /css/variables/ subnav: - text: Architecture href: "#architecture" diff --git a/_guide/_pages/javascript.md b/_guide/_pages/javascript.md index bfb558f..2a87b9a 100644 --- a/_guide/_pages/javascript.md +++ b/_guide/_pages/javascript.md @@ -2,6 +2,10 @@ title: JavaScript sidenav: languages sticky_sidenav: true +redirect_from: + - /javascript/dependencies/ + - /javascript/frameworks/ + - /javascript/style/ subnav: - text: Dependencies href: "#dependencies" From 2e832fc9ffc52a8b1029e9a035138314becd2375 Mon Sep 17 00:00:00 2001 From: Greg Walker Date: Wed, 17 Mar 2021 09:08:37 -0500 Subject: [PATCH 047/179] Update code-review.md --- _guide/_pages/code-review.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/code-review.md b/_guide/_pages/code-review.md index a5b81b4..39740c3 100644 --- a/_guide/_pages/code-review.md +++ b/_guide/_pages/code-review.md @@ -166,7 +166,7 @@ When reviewing code, you should be able to check off each of the following: - Do the changes respect the project's existing style? - Does the new code avoid reproducing existing functionality? - Are functions/classes as simple as possible? -- Is the code as efficient as possible? +- Is the code reasonably efficient? - Is the usage of each function/class clear? - Have edge cases been considered and tested for? - Does the code represent a logical unit of work? From 5408adb06451143f6a6a167a4c3ade460f851f09 Mon Sep 17 00:00:00 2001 From: Andrew Dunkman Date: Fri, 19 Mar 2021 12:29:29 -0400 Subject: [PATCH 048/179] Revamp architecture reviews page to include ADRs --- _guide/_pages/architecture-reviews.md | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/_guide/_pages/architecture-reviews.md b/_guide/_pages/architecture-reviews.md index 3b593a3..96cf61b 100644 --- a/_guide/_pages/architecture-reviews.md +++ b/_guide/_pages/architecture-reviews.md @@ -4,13 +4,21 @@ sidenav: approach sticky_sidenav: true --- -Though we pride ourselves on our [transparent and remote-friendly -workplace](https://18f.gsa.gov/2015/10/15/best-practices-for-distributed-teams/), -our project focus tends to silo engineers from each other. We can kick-start -knowledge transfer by highlighting some of the more interesting design -decisions from existing projects. +Maintainable technology projects require handoffs between developers, and with new teammates comes fresh perspectives. Building a [transparent and remote-friendly +workplace](https://18f.gsa.gov/2015/10/15/best-practices-for-distributed-teams/) is a great start to assist in knowledge transfer, as well as keeping projects as simple and obvious as possible and documenting key decisions. -## Projects +## Simplicity -- [DATA Act Pilot: Simplicity is Key]({{site.baseurl}}/architecture-reviews/data-act-pilot) (2016) -- [Micro-purchase: Do one thing well]({{site.baseurl}}/architecture-reviews/micro-purchase) (2016) +We’ve done two projects exploring different aspects of simplicity — first, the [DATA Act Pilot: Simplicity is Key]({{site.baseurl}}/architecture-reviews/data-act-pilot) (2016) project explored the ideas of: + +- Building for a least common denominator (CSVs) gave the project reach (more users could participate) and reduced code complexity. +- Pulling out validation rules into a separate, easy-to-modify format made the product flexible and simple to maintain. + +The second explores the idea of simplifying acquisitons in [Micro-purchase: Do one thing well]({{site.baseurl}}/architecture-reviews/micro-purchase) (2016) by using code boundaries in projects to define lines between micro-purchases of developer time. + +## Documenting key decisions + +Some 18F projects have found success using [Architecture Decision Records](https://adr.github.io/) to capture key decisions and the context to which they were made, with the goal of allowing future project developers to know if a decision should be revisited or not. The decision records are typically stored in the repository alongside the code, using [this template](https://github.com/joelparkerhenderson/architecture_decision_record/blob/master/adr_template_by_michael_nygard.md). For example: + +- [18F/piipan](https://github.com/18F/piipan/tree/main/docs/adr) +- [HHS/Head-Start-TTADP](https://github.com/HHS/Head-Start-TTADP/tree/main/docs/adr) From da698e60e72e700c9c22f47a84bf9280494c3f18 Mon Sep 17 00:00:00 2001 From: Andrew Dunkman Date: Fri, 19 Mar 2021 12:54:55 -0400 Subject: [PATCH 049/179] Add TANF-app to list of decision records. --- _guide/_pages/architecture-reviews.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_guide/_pages/architecture-reviews.md b/_guide/_pages/architecture-reviews.md index 96cf61b..169cc3c 100644 --- a/_guide/_pages/architecture-reviews.md +++ b/_guide/_pages/architecture-reviews.md @@ -22,3 +22,4 @@ Some 18F projects have found success using [Architecture Decision Records](https - [18F/piipan](https://github.com/18F/piipan/tree/main/docs/adr) - [HHS/Head-Start-TTADP](https://github.com/HHS/Head-Start-TTADP/tree/main/docs/adr) +- [HHS/TANF-app](https://github.com/HHS/TANF-app/tree/main/docs/Architecture%20Decision%20Record) From ad9fbebf89e95220b3ba5c56560866411c18388e Mon Sep 17 00:00:00 2001 From: Andrew Dunkman Date: Fri, 19 Mar 2021 15:18:27 -0400 Subject: [PATCH 050/179] Add mymove to ADR list. --- _guide/_pages/architecture-reviews.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_guide/_pages/architecture-reviews.md b/_guide/_pages/architecture-reviews.md index 169cc3c..da886b8 100644 --- a/_guide/_pages/architecture-reviews.md +++ b/_guide/_pages/architecture-reviews.md @@ -23,3 +23,4 @@ Some 18F projects have found success using [Architecture Decision Records](https - [18F/piipan](https://github.com/18F/piipan/tree/main/docs/adr) - [HHS/Head-Start-TTADP](https://github.com/HHS/Head-Start-TTADP/tree/main/docs/adr) - [HHS/TANF-app](https://github.com/HHS/TANF-app/tree/main/docs/Architecture%20Decision%20Record) +- [transcom/mymove](https://github.com/transcom/mymove/tree/master/docs/adr) From 0100954642eb55f3ac4a5d38dd7df5a41ed62f3a Mon Sep 17 00:00:00 2001 From: Andrew Dunkman Date: Tue, 23 Mar 2021 09:59:20 -0400 Subject: [PATCH 051/179] Oops! Spelling fix. --- _guide/_pages/architecture-reviews.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_guide/_pages/architecture-reviews.md b/_guide/_pages/architecture-reviews.md index da886b8..28535e6 100644 --- a/_guide/_pages/architecture-reviews.md +++ b/_guide/_pages/architecture-reviews.md @@ -14,7 +14,7 @@ We’ve done two projects exploring different aspects of simplicity — first, t - Building for a least common denominator (CSVs) gave the project reach (more users could participate) and reduced code complexity. - Pulling out validation rules into a separate, easy-to-modify format made the product flexible and simple to maintain. -The second explores the idea of simplifying acquisitons in [Micro-purchase: Do one thing well]({{site.baseurl}}/architecture-reviews/micro-purchase) (2016) by using code boundaries in projects to define lines between micro-purchases of developer time. +The second explores the idea of simplifying acquisitions in [Micro-purchase: Do one thing well]({{site.baseurl}}/architecture-reviews/micro-purchase) (2016) by using code boundaries in projects to define lines between micro-purchases of developer time. ## Documenting key decisions From 0273b6ad2b218159414da1f31bea7254ed78c0d7 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Fri, 26 Mar 2021 16:14:46 -0700 Subject: [PATCH 052/179] Remove daily Action that syncs with isildurs bane --- .github/actions/merge-template/action.yml | 24 ----------------------- .github/workflows/main.yml | 17 ---------------- 2 files changed, 41 deletions(-) delete mode 100644 .github/actions/merge-template/action.yml delete mode 100644 .github/workflows/main.yml diff --git a/.github/actions/merge-template/action.yml b/.github/actions/merge-template/action.yml deleted file mode 100644 index 66f7256..0000000 --- a/.github/actions/merge-template/action.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "Merge guide template" -description: "Merge upstream changes from the base 18F guide template" - -# To avoid merge conflicts, use a strategy of first adopting all changes from -# the upstream template, then reverting files and directories mangaged by the -# the downstream guide. -# Note: GitHub Actions do not execute with `workflows` permission; any workflow -# updates that should be reflected in downstream guides must be manually merged. -runs: - using: "composite" - steps: - - run: | - git config user.name github-actions - git config user.email github-actions@github.com - git remote add -f upstream "https://github.com/18F/isildurs-bane.git" - git merge --squash --strategy-option=theirs --allow-unrelated-histories upstream/main - git restore --source=HEAD --staged --worktree -- _guide - git restore --source=HEAD --staged --worktree -- README.md - git restore --source=HEAD --staged --worktree -- .github/workflows - REMOTE_SHA=`git rev-parse upstream/main` - git diff-index --quiet --cached HEAD -- || \ - git commit -m "Merging in 18F/isildurs-bane guide template" -m "18F/isildurs-bane@$REMOTE_SHA" - git push - shell: bash diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml deleted file mode 100644 index 727063b..0000000 --- a/.github/workflows/main.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Daily Sync -on: - schedule: - - cron: "11 7 * * *" # Arbitrary time outside continental US office hours - workflow_dispatch: - -jobs: - merge-template: - if: ${{ github.repository != '18F/isildurs-bane' }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - name: Merge Template - uses: ./.github/actions/merge-template From 3c167701606bbfbe30f090464460ea91f9fa2c2f Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Fri, 26 Mar 2021 16:21:09 -0700 Subject: [PATCH 053/179] Move _pages up to top level of repo, out of _guide --- {_guide/_pages => _pages}/accessibility-scanning.md | 0 {_guide/_pages => _pages}/architecture-reviews.md | 0 .../architecture-reviews/data-act-pilot.md | 0 .../data-act-pilot/data-act-diagram.png | Bin .../data-act-pilot/data-act-diagram.svg | 0 .../architecture-reviews/micro-purchase.md | 0 .../architecture-reviews/micro-purchase/roles.png | Bin .../architecture-reviews/micro-purchase/roles.svg | 0 .../architecture-reviews/micro-purchase/service.png | Bin .../architecture-reviews/micro-purchase/service.svg | 0 {_guide/_pages => _pages}/browser-testing.md | 0 {_guide/_pages => _pages}/code-review.md | 0 {_guide/_pages => _pages}/continuous-deployment.md | 0 {_guide/_pages => _pages}/css.md | 0 {_guide/_pages => _pages}/datastore-selection.md | 0 .../_pages => _pages}/development-environments.md | 0 {_guide/_pages => _pages}/docker.md | 0 {_guide/_pages => _pages}/example-workflows.md | 0 {_guide/_pages => _pages}/frontend.md | 0 {_guide/_pages => _pages}/incident-reports.md | 0 .../C2/c2-outage-report-2016-08-10.pdf | Bin .../_pages => _pages}/incident-reports/cloud-gov.md | 0 {_guide/_pages => _pages}/index.md | 0 {_guide/_pages => _pages}/integrations.md | 0 {_guide/_pages => _pages}/javascript.md | 0 .../javascript/atom-eslint-example.png | Bin {_guide/_pages => _pages}/language-selection.md | 0 {_guide/_pages => _pages}/laptop-setup.md | 0 {_guide/_pages => _pages}/license.md | 0 {_guide/_pages => _pages}/markdown.md | 0 {_guide/_pages => _pages}/nodejs.md | 0 {_guide/_pages => _pages}/people.md | 0 .../people/2016-Assessment-Guide.md | 0 .../people/2017-Assessment-Guide.md | 0 {_guide/_pages => _pages}/project-setup.md | 0 {_guide/_pages => _pages}/python.md | 0 {_guide/_pages => _pages}/resources.md | 0 {_guide/_pages => _pages}/ruby.md | 0 {_guide/_pages => _pages}/ruby/rubocop.yml | 0 {_guide/_pages => _pages}/security.md | 0 .../security/content-security-policy.md | 0 .../security/dependency-remediation.md | 0 .../_pages => _pages}/security/output-encoding.md | 0 {_guide/_pages => _pages}/sharepoint.md | 0 .../_pages => _pages}/sharepoint/client_side.png | Bin .../sharepoint/dev_architecture.png | Bin .../_pages => _pages}/sharepoint/dev_workflow.png | Bin .../_pages => _pages}/sharepoint/embedded_excel.png | Bin {_guide/_pages => _pages}/sharepoint/power_app.png | Bin {_guide/_pages => _pages}/sharepoint/power_bi.png | Bin .../sharepoint/sharepoint_list.png | Bin {_guide/_pages => _pages}/sharepoint/text_box.png | Bin {_guide/_pages => _pages}/web-architecture.md | 0 {_guide/_pages => _pages}/workflow.md | 0 54 files changed, 0 insertions(+), 0 deletions(-) rename {_guide/_pages => _pages}/accessibility-scanning.md (100%) rename {_guide/_pages => _pages}/architecture-reviews.md (100%) rename {_guide/_pages => _pages}/architecture-reviews/data-act-pilot.md (100%) rename {_guide/_pages => _pages}/architecture-reviews/data-act-pilot/data-act-diagram.png (100%) rename {_guide/_pages => _pages}/architecture-reviews/data-act-pilot/data-act-diagram.svg (100%) rename {_guide/_pages => _pages}/architecture-reviews/micro-purchase.md (100%) rename {_guide/_pages => _pages}/architecture-reviews/micro-purchase/roles.png (100%) rename {_guide/_pages => _pages}/architecture-reviews/micro-purchase/roles.svg (100%) rename {_guide/_pages => _pages}/architecture-reviews/micro-purchase/service.png (100%) rename {_guide/_pages => _pages}/architecture-reviews/micro-purchase/service.svg (100%) rename {_guide/_pages => _pages}/browser-testing.md (100%) rename {_guide/_pages => _pages}/code-review.md (100%) rename {_guide/_pages => _pages}/continuous-deployment.md (100%) rename {_guide/_pages => _pages}/css.md (100%) rename {_guide/_pages => _pages}/datastore-selection.md (100%) rename {_guide/_pages => _pages}/development-environments.md (100%) rename {_guide/_pages => _pages}/docker.md (100%) rename {_guide/_pages => _pages}/example-workflows.md (100%) rename {_guide/_pages => _pages}/frontend.md (100%) rename {_guide/_pages => _pages}/incident-reports.md (100%) rename {_guide/_pages => _pages}/incident-reports/C2/c2-outage-report-2016-08-10.pdf (100%) rename {_guide/_pages => _pages}/incident-reports/cloud-gov.md (100%) rename {_guide/_pages => _pages}/index.md (100%) rename {_guide/_pages => _pages}/integrations.md (100%) rename {_guide/_pages => _pages}/javascript.md (100%) rename {_guide/_pages => _pages}/javascript/atom-eslint-example.png (100%) rename {_guide/_pages => _pages}/language-selection.md (100%) rename {_guide/_pages => _pages}/laptop-setup.md (100%) rename {_guide/_pages => _pages}/license.md (100%) rename {_guide/_pages => _pages}/markdown.md (100%) rename {_guide/_pages => _pages}/nodejs.md (100%) rename {_guide/_pages => _pages}/people.md (100%) rename {_guide/_pages => _pages}/people/2016-Assessment-Guide.md (100%) rename {_guide/_pages => _pages}/people/2017-Assessment-Guide.md (100%) rename {_guide/_pages => _pages}/project-setup.md (100%) rename {_guide/_pages => _pages}/python.md (100%) rename {_guide/_pages => _pages}/resources.md (100%) rename {_guide/_pages => _pages}/ruby.md (100%) rename {_guide/_pages => _pages}/ruby/rubocop.yml (100%) rename {_guide/_pages => _pages}/security.md (100%) rename {_guide/_pages => _pages}/security/content-security-policy.md (100%) rename {_guide/_pages => _pages}/security/dependency-remediation.md (100%) rename {_guide/_pages => _pages}/security/output-encoding.md (100%) rename {_guide/_pages => _pages}/sharepoint.md (100%) rename {_guide/_pages => _pages}/sharepoint/client_side.png (100%) rename {_guide/_pages => _pages}/sharepoint/dev_architecture.png (100%) rename {_guide/_pages => _pages}/sharepoint/dev_workflow.png (100%) rename {_guide/_pages => _pages}/sharepoint/embedded_excel.png (100%) rename {_guide/_pages => _pages}/sharepoint/power_app.png (100%) rename {_guide/_pages => _pages}/sharepoint/power_bi.png (100%) rename {_guide/_pages => _pages}/sharepoint/sharepoint_list.png (100%) rename {_guide/_pages => _pages}/sharepoint/text_box.png (100%) rename {_guide/_pages => _pages}/web-architecture.md (100%) rename {_guide/_pages => _pages}/workflow.md (100%) diff --git a/_guide/_pages/accessibility-scanning.md b/_pages/accessibility-scanning.md similarity index 100% rename from _guide/_pages/accessibility-scanning.md rename to _pages/accessibility-scanning.md diff --git a/_guide/_pages/architecture-reviews.md b/_pages/architecture-reviews.md similarity index 100% rename from _guide/_pages/architecture-reviews.md rename to _pages/architecture-reviews.md diff --git a/_guide/_pages/architecture-reviews/data-act-pilot.md b/_pages/architecture-reviews/data-act-pilot.md similarity index 100% rename from _guide/_pages/architecture-reviews/data-act-pilot.md rename to _pages/architecture-reviews/data-act-pilot.md diff --git a/_guide/_pages/architecture-reviews/data-act-pilot/data-act-diagram.png b/_pages/architecture-reviews/data-act-pilot/data-act-diagram.png similarity index 100% rename from _guide/_pages/architecture-reviews/data-act-pilot/data-act-diagram.png rename to _pages/architecture-reviews/data-act-pilot/data-act-diagram.png diff --git a/_guide/_pages/architecture-reviews/data-act-pilot/data-act-diagram.svg b/_pages/architecture-reviews/data-act-pilot/data-act-diagram.svg similarity index 100% rename from _guide/_pages/architecture-reviews/data-act-pilot/data-act-diagram.svg rename to _pages/architecture-reviews/data-act-pilot/data-act-diagram.svg diff --git a/_guide/_pages/architecture-reviews/micro-purchase.md b/_pages/architecture-reviews/micro-purchase.md similarity index 100% rename from _guide/_pages/architecture-reviews/micro-purchase.md rename to _pages/architecture-reviews/micro-purchase.md diff --git a/_guide/_pages/architecture-reviews/micro-purchase/roles.png b/_pages/architecture-reviews/micro-purchase/roles.png similarity index 100% rename from _guide/_pages/architecture-reviews/micro-purchase/roles.png rename to _pages/architecture-reviews/micro-purchase/roles.png diff --git a/_guide/_pages/architecture-reviews/micro-purchase/roles.svg b/_pages/architecture-reviews/micro-purchase/roles.svg similarity index 100% rename from _guide/_pages/architecture-reviews/micro-purchase/roles.svg rename to _pages/architecture-reviews/micro-purchase/roles.svg diff --git a/_guide/_pages/architecture-reviews/micro-purchase/service.png b/_pages/architecture-reviews/micro-purchase/service.png similarity index 100% rename from _guide/_pages/architecture-reviews/micro-purchase/service.png rename to _pages/architecture-reviews/micro-purchase/service.png diff --git a/_guide/_pages/architecture-reviews/micro-purchase/service.svg b/_pages/architecture-reviews/micro-purchase/service.svg similarity index 100% rename from _guide/_pages/architecture-reviews/micro-purchase/service.svg rename to _pages/architecture-reviews/micro-purchase/service.svg diff --git a/_guide/_pages/browser-testing.md b/_pages/browser-testing.md similarity index 100% rename from _guide/_pages/browser-testing.md rename to _pages/browser-testing.md diff --git a/_guide/_pages/code-review.md b/_pages/code-review.md similarity index 100% rename from _guide/_pages/code-review.md rename to _pages/code-review.md diff --git a/_guide/_pages/continuous-deployment.md b/_pages/continuous-deployment.md similarity index 100% rename from _guide/_pages/continuous-deployment.md rename to _pages/continuous-deployment.md diff --git a/_guide/_pages/css.md b/_pages/css.md similarity index 100% rename from _guide/_pages/css.md rename to _pages/css.md diff --git a/_guide/_pages/datastore-selection.md b/_pages/datastore-selection.md similarity index 100% rename from _guide/_pages/datastore-selection.md rename to _pages/datastore-selection.md diff --git a/_guide/_pages/development-environments.md b/_pages/development-environments.md similarity index 100% rename from _guide/_pages/development-environments.md rename to _pages/development-environments.md diff --git a/_guide/_pages/docker.md b/_pages/docker.md similarity index 100% rename from _guide/_pages/docker.md rename to _pages/docker.md diff --git a/_guide/_pages/example-workflows.md b/_pages/example-workflows.md similarity index 100% rename from _guide/_pages/example-workflows.md rename to _pages/example-workflows.md diff --git a/_guide/_pages/frontend.md b/_pages/frontend.md similarity index 100% rename from _guide/_pages/frontend.md rename to _pages/frontend.md diff --git a/_guide/_pages/incident-reports.md b/_pages/incident-reports.md similarity index 100% rename from _guide/_pages/incident-reports.md rename to _pages/incident-reports.md diff --git a/_guide/_pages/incident-reports/C2/c2-outage-report-2016-08-10.pdf b/_pages/incident-reports/C2/c2-outage-report-2016-08-10.pdf similarity index 100% rename from _guide/_pages/incident-reports/C2/c2-outage-report-2016-08-10.pdf rename to _pages/incident-reports/C2/c2-outage-report-2016-08-10.pdf diff --git a/_guide/_pages/incident-reports/cloud-gov.md b/_pages/incident-reports/cloud-gov.md similarity index 100% rename from _guide/_pages/incident-reports/cloud-gov.md rename to _pages/incident-reports/cloud-gov.md diff --git a/_guide/_pages/index.md b/_pages/index.md similarity index 100% rename from _guide/_pages/index.md rename to _pages/index.md diff --git a/_guide/_pages/integrations.md b/_pages/integrations.md similarity index 100% rename from _guide/_pages/integrations.md rename to _pages/integrations.md diff --git a/_guide/_pages/javascript.md b/_pages/javascript.md similarity index 100% rename from _guide/_pages/javascript.md rename to _pages/javascript.md diff --git a/_guide/_pages/javascript/atom-eslint-example.png b/_pages/javascript/atom-eslint-example.png similarity index 100% rename from _guide/_pages/javascript/atom-eslint-example.png rename to _pages/javascript/atom-eslint-example.png diff --git a/_guide/_pages/language-selection.md b/_pages/language-selection.md similarity index 100% rename from _guide/_pages/language-selection.md rename to _pages/language-selection.md diff --git a/_guide/_pages/laptop-setup.md b/_pages/laptop-setup.md similarity index 100% rename from _guide/_pages/laptop-setup.md rename to _pages/laptop-setup.md diff --git a/_guide/_pages/license.md b/_pages/license.md similarity index 100% rename from _guide/_pages/license.md rename to _pages/license.md diff --git a/_guide/_pages/markdown.md b/_pages/markdown.md similarity index 100% rename from _guide/_pages/markdown.md rename to _pages/markdown.md diff --git a/_guide/_pages/nodejs.md b/_pages/nodejs.md similarity index 100% rename from _guide/_pages/nodejs.md rename to _pages/nodejs.md diff --git a/_guide/_pages/people.md b/_pages/people.md similarity index 100% rename from _guide/_pages/people.md rename to _pages/people.md diff --git a/_guide/_pages/people/2016-Assessment-Guide.md b/_pages/people/2016-Assessment-Guide.md similarity index 100% rename from _guide/_pages/people/2016-Assessment-Guide.md rename to _pages/people/2016-Assessment-Guide.md diff --git a/_guide/_pages/people/2017-Assessment-Guide.md b/_pages/people/2017-Assessment-Guide.md similarity index 100% rename from _guide/_pages/people/2017-Assessment-Guide.md rename to _pages/people/2017-Assessment-Guide.md diff --git a/_guide/_pages/project-setup.md b/_pages/project-setup.md similarity index 100% rename from _guide/_pages/project-setup.md rename to _pages/project-setup.md diff --git a/_guide/_pages/python.md b/_pages/python.md similarity index 100% rename from _guide/_pages/python.md rename to _pages/python.md diff --git a/_guide/_pages/resources.md b/_pages/resources.md similarity index 100% rename from _guide/_pages/resources.md rename to _pages/resources.md diff --git a/_guide/_pages/ruby.md b/_pages/ruby.md similarity index 100% rename from _guide/_pages/ruby.md rename to _pages/ruby.md diff --git a/_guide/_pages/ruby/rubocop.yml b/_pages/ruby/rubocop.yml similarity index 100% rename from _guide/_pages/ruby/rubocop.yml rename to _pages/ruby/rubocop.yml diff --git a/_guide/_pages/security.md b/_pages/security.md similarity index 100% rename from _guide/_pages/security.md rename to _pages/security.md diff --git a/_guide/_pages/security/content-security-policy.md b/_pages/security/content-security-policy.md similarity index 100% rename from _guide/_pages/security/content-security-policy.md rename to _pages/security/content-security-policy.md diff --git a/_guide/_pages/security/dependency-remediation.md b/_pages/security/dependency-remediation.md similarity index 100% rename from _guide/_pages/security/dependency-remediation.md rename to _pages/security/dependency-remediation.md diff --git a/_guide/_pages/security/output-encoding.md b/_pages/security/output-encoding.md similarity index 100% rename from _guide/_pages/security/output-encoding.md rename to _pages/security/output-encoding.md diff --git a/_guide/_pages/sharepoint.md b/_pages/sharepoint.md similarity index 100% rename from _guide/_pages/sharepoint.md rename to _pages/sharepoint.md diff --git a/_guide/_pages/sharepoint/client_side.png b/_pages/sharepoint/client_side.png similarity index 100% rename from _guide/_pages/sharepoint/client_side.png rename to _pages/sharepoint/client_side.png diff --git a/_guide/_pages/sharepoint/dev_architecture.png b/_pages/sharepoint/dev_architecture.png similarity index 100% rename from _guide/_pages/sharepoint/dev_architecture.png rename to _pages/sharepoint/dev_architecture.png diff --git a/_guide/_pages/sharepoint/dev_workflow.png b/_pages/sharepoint/dev_workflow.png similarity index 100% rename from _guide/_pages/sharepoint/dev_workflow.png rename to _pages/sharepoint/dev_workflow.png diff --git a/_guide/_pages/sharepoint/embedded_excel.png b/_pages/sharepoint/embedded_excel.png similarity index 100% rename from _guide/_pages/sharepoint/embedded_excel.png rename to _pages/sharepoint/embedded_excel.png diff --git a/_guide/_pages/sharepoint/power_app.png b/_pages/sharepoint/power_app.png similarity index 100% rename from _guide/_pages/sharepoint/power_app.png rename to _pages/sharepoint/power_app.png diff --git a/_guide/_pages/sharepoint/power_bi.png b/_pages/sharepoint/power_bi.png similarity index 100% rename from _guide/_pages/sharepoint/power_bi.png rename to _pages/sharepoint/power_bi.png diff --git a/_guide/_pages/sharepoint/sharepoint_list.png b/_pages/sharepoint/sharepoint_list.png similarity index 100% rename from _guide/_pages/sharepoint/sharepoint_list.png rename to _pages/sharepoint/sharepoint_list.png diff --git a/_guide/_pages/sharepoint/text_box.png b/_pages/sharepoint/text_box.png similarity index 100% rename from _guide/_pages/sharepoint/text_box.png rename to _pages/sharepoint/text_box.png diff --git a/_guide/_pages/web-architecture.md b/_pages/web-architecture.md similarity index 100% rename from _guide/_pages/web-architecture.md rename to _pages/web-architecture.md diff --git a/_guide/_pages/workflow.md b/_pages/workflow.md similarity index 100% rename from _guide/_pages/workflow.md rename to _pages/workflow.md From 69c6224cf4dd2b6938bc303fe230eb2beb194a86 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Fri, 26 Mar 2021 16:25:32 -0700 Subject: [PATCH 054/179] Merge _guide/* up to top, remove unused files - Merge all the settings/data under _guide to their respective top-level locations. - Remove unused files including the isildur Jekyll plugin, sub-org specific assets - Adjust GitHub edit path to new top-level location of _pages - Tidy up _config.yml for clarity --- README.md | 4 +- _config.yml | 21 +++-- _data/anchor.yml | 2 + _data/header.yml | 2 + _data/navigation.yml | 83 +++++++++++++++++++- _data/orgs/18F/anchor.yml | 5 -- _data/orgs/CoE/anchor.yml | 5 -- _data/orgs/PIF/anchor.yml | 5 -- _data/orgs/Solutions/anchor.yml | 5 -- _guide/_config.yml | 26 ------- _guide/_data/anchor.yml | 2 - _guide/_data/header.yml | 2 - _guide/_data/navigation.yml | 120 ---------------------------- _includes/footer.html | 3 +- _plugins/override.rb | 133 -------------------------------- assets/images/18f-logo-blue.svg | 14 ---- assets/images/coe-logomark.svg | 21 ----- assets/images/pif.png | Bin 11951 -> 0 bytes 18 files changed, 102 insertions(+), 351 deletions(-) delete mode 100644 _data/orgs/18F/anchor.yml delete mode 100644 _data/orgs/CoE/anchor.yml delete mode 100644 _data/orgs/PIF/anchor.yml delete mode 100644 _data/orgs/Solutions/anchor.yml delete mode 100644 _guide/_config.yml delete mode 100644 _guide/_data/anchor.yml delete mode 100644 _guide/_data/header.yml delete mode 100644 _guide/_data/navigation.yml delete mode 100644 _plugins/override.rb delete mode 100755 assets/images/18f-logo-blue.svg delete mode 100644 assets/images/coe-logomark.svg delete mode 100644 assets/images/pif.png diff --git a/README.md b/README.md index 07effaa..f0e151b 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ This repo is where the TTS Engineering Practices Guild keeps its guide to best p ## Quicklinks - Published guide: [engineering.18f.gov](https://engineering.18f.gov) -- Raw content: [_guide/_pages](_guide/_pages) +- Content: [_pages](_pages) - [CONTRIBUTING.md](CONTRIBUTING.md) on how to build this guide locally and submitting PRs/issues. ## Our mission @@ -28,8 +28,6 @@ Getting new practices into the guide is pretty light on process. Feel free to ra ## Development -This site uses the [18F/isildurs-bane](https://github.com/18F/isildurs-bane) template, which manges all the content outside of [_guide](_guide) directory. Submit pull requests against that repository to effect those files. Only files under [_guide](_guide) should be modified and maintained here. - To run the site locally, we recommend using: - [`git`](https://git-scm.com) - `docker` and `docker-compose` (included in [Docker Desktop](https://www.docker.com/products/docker-desktop)) diff --git a/_config.yml b/_config.yml index 917f7a5..6016fb8 100644 --- a/_config.yml +++ b/_config.yml @@ -7,19 +7,12 @@ exclude: - Gemfile.lock - LICENSE.md - README.md - - override.yml permalink: pretty sass: style: :compressed -google_analytics_ua: UA-48605964-19 -dap_agency: GSA -dap_subagency: TTS - -collections_dir: _guide - collections: pages: output: true @@ -35,3 +28,17 @@ scripts: - /assets/uswds/js/uswds.min.js - /assets/js/private-eye.js - /assets/js/application.js + +title: TTS Engineering Practices Guide +description: A set of guidelines and best practices for an awesome engineering team +url: "https://engineering.18f.gov/" +search_site_handle: engineering.18f.gov + +google_analytics_ua: UA-48605964-19 +dap_agency: GSA +dap_subagency: TTS + +github_info: + organization: 18F + repository: development-guide + default_branch: main diff --git a/_data/anchor.yml b/_data/anchor.yml index d181b15..b19b4c3 100644 --- a/_data/anchor.yml +++ b/_data/anchor.yml @@ -13,3 +13,5 @@ no_fear_act_url: "https://www.gsa.gov/about-us/organization/office-of-civil-righ%20budget_performance_url:"https://www.gsa.gov/reference/reports/budget-performance" accessibility_url: "https://www.gsa.gov/website-information/accessibility-aids" usagov_contact_url: "https://www.usa.gov/contact" +edit_page: + text: "Edit this page" diff --git a/_data/header.yml b/_data/header.yml index 994bd3b..4322480 100644 --- a/_data/header.yml +++ b/_data/header.yml @@ -1,2 +1,4 @@ usa_banner: true type: extended +primary: + links: primary diff --git a/_data/navigation.yml b/_data/navigation.yml index ddbf65c..54f92b4 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -1 +1,82 @@ -sidenav-breakpoint: 'desktop' +primary: + - text: About this guide + href: / + - text: Our approach + href: /workflow/ + - text: Tools + href: /integrations/ + - text: Languages & Runtimes + href: /language-selection/ + - text: Security + href: /security/ + +about: + - text: About this guide + href: / + - text: License + href: /license/ + - text: Resources + href: /resources/ + +approach: + - text: Our approach + href: /workflow/ + - text: Feedback + href: /people/ + - text: Code Review + href: /code-review/ + - text: Development Environments + href: /development-environments/ + - text: Incident Reports + href: /incident-reports/ + - text: Architecture Reviews + href: /architecture-reviews/ + +tools: + - text: Tools + href: /integrations/ + - text: Laptop Setup + href: /laptop-setup + - text: Project Setup + href: /project-setup/ + - text: Docker for Development + href: /docker/ + - text: Browser Testing + href: /browser-testing/ + - text: Accessibility Scanning + href: /accessibility-scanning/ + - text: Continuous Deployment + href: /continuous-deployment/ + - text: Datastore Selection + href: /datastore-selection/ + - text: Choosing a Web App Architecture + href: /web-architecture + - text: SharePoint Primer + href: /sharepoint/ + +languages: + - text: Languages & Runtimes + href: /language-selection/ + - text: JavaScript + href: /javascript/ + - text: Markdown + href: /markdown/ + - text: Node.js + href: /nodejs/ + - text: Python + href: /python/ + - text: Ruby + href: /ruby/ + - text: CSS + href: /css/ + +# TODO: figure out how to nest links +security: + - text: Security + href: /security/ + - text: Content Security Policy (CSP) + href: /security/content-security-policy/ + - text: Output Encoding + href: /security/output-encoding/ + - text: Vulnerable dependency remediation + href: /security/dependency-remediation/ diff --git a/_data/orgs/18F/anchor.yml b/_data/orgs/18F/anchor.yml deleted file mode 100644 index 72b2b12..0000000 --- a/_data/orgs/18F/anchor.yml +++ /dev/null @@ -1,5 +0,0 @@ -site_email: 18F@gsa.gov -org_secondary: 18F -org_secondary_logo: 18f-logo-blue.svg -org_secondary_url: https://18f.gsa.gov -org_secondary_bio: "18F partners with agencies to improve the user experience of government services by helping them build and buy technology." diff --git a/_data/orgs/CoE/anchor.yml b/_data/orgs/CoE/anchor.yml deleted file mode 100644 index 4580e8b..0000000 --- a/_data/orgs/CoE/anchor.yml +++ /dev/null @@ -1,5 +0,0 @@ -site_email: connectcoe@gsa.gov -org_secondary: the Centers of Excellence -org_secondary_logo: coe-logomark.svg -org_secondary_url: https://coe.gsa.gov -org_secondary_bio: "The Centers of Excellence (CoE) accelerate IT modernization by leveraging private sector innovation and government services while centralizing best practices and expertise." diff --git a/_data/orgs/PIF/anchor.yml b/_data/orgs/PIF/anchor.yml deleted file mode 100644 index 44de2af..0000000 --- a/_data/orgs/PIF/anchor.yml +++ /dev/null @@ -1,5 +0,0 @@ -site_email: pif-team@gsa.gov -org_secondary: the Presidential Innovation Fellows -org_secondary_logo: pif.png -org_secondary_url: https://presidentialinnovationfellows.gov -org_secondary_bio: "The Presidential Innovation Fellows (PIF) program brings the principles, values, and practices of the innovation economy into government through the most effective agents of change we know: our people. This highly-competitive program pairs talented, diverse technologists and innovators with top civil-servants and change-makers working at the highest levels of the federal government to tackle some our nation’s biggest challenges." diff --git a/_data/orgs/Solutions/anchor.yml b/_data/orgs/Solutions/anchor.yml deleted file mode 100644 index e872ef9..0000000 --- a/_data/orgs/Solutions/anchor.yml +++ /dev/null @@ -1,5 +0,0 @@ -site_email: tts-info@gsa.gov -org_secondary: TTS Solutions -org_secondary_logo: -org_secondary_url: https://www.gsa.gov/about-us/organization/federal-acquisition-service/technology-transformation-services/tts-solutions -org_secondary_bio: "TTS Solutions helps agencies improve delivery of information and services to the public. Our primary focus areas align with larger administration priorities, including: Data and Analytics, Innovation, Public Experience, Secure Cloud, Smarter IT, Cloud.gov, Login.gov, and Free and Low-Cost Tools." diff --git a/_guide/_config.yml b/_guide/_config.yml deleted file mode 100644 index 3baa54d..0000000 --- a/_guide/_config.yml +++ /dev/null @@ -1,26 +0,0 @@ -# Configuration in this file overrides those in _config.yml. -# Required keys: -# - title -# - description -# - url -# - github_info -# - search_site_handle -# Optional keys -# - org - -title: TTS Engineering Practices Guide -description: A set of guidelines and best practices for an awesome engineering team -url: "https://engineering.18f.gov/" - -# GitHub information -github_info: - organization: 18F - repository: development-guide - default_branch: main - -# Unique identifier across GSA for this website; the repository name is -# usually a good site handle. -search_site_handle: engineering.18f.gov - -# Either 18F, Solutions, CoE, PIF, or unset to default to just TTS -org: diff --git a/_guide/_data/anchor.yml b/_guide/_data/anchor.yml deleted file mode 100644 index 32dbbe7..0000000 --- a/_guide/_data/anchor.yml +++ /dev/null @@ -1,2 +0,0 @@ -edit_page: - text: "Edit this page" diff --git a/_guide/_data/header.yml b/_guide/_data/header.yml deleted file mode 100644 index 64eefee..0000000 --- a/_guide/_data/header.yml +++ /dev/null @@ -1,2 +0,0 @@ -primary: - links: primary diff --git a/_guide/_data/navigation.yml b/_guide/_data/navigation.yml deleted file mode 100644 index 50e4c28..0000000 --- a/_guide/_data/navigation.yml +++ /dev/null @@ -1,120 +0,0 @@ -primary: - - text: About this guide - href: / - - text: Our approach - href: /workflow/ - - text: Tools - href: /integrations/ - - text: Languages & Runtimes - href: /language-selection/ - - text: Security - href: /security/ - -about: - - text: About this guide - href: / - - text: License - href: /license/ - - text: Resources - href: /resources/ - -approach: - - text: Our approach - href: /workflow/ - - text: Feedback - href: /people/ - - text: Code Review - href: /code-review/ - - text: Development Environments - href: /development-environments/ - - text: Incident Reports - href: /incident-reports/ - - text: Architecture Reviews - href: /architecture-reviews/ - -tools: - - text: Tools - href: /integrations/ - - text: Laptop Setup - href: /laptop-setup - - text: Project Setup - href: /project-setup/ - - text: Docker for Development - href: /docker/ - - text: Browser Testing - href: /browser-testing/ - - text: Accessibility Scanning - href: /accessibility-scanning/ - - text: Continuous Deployment - href: /continuous-deployment/ - - text: Datastore Selection - href: /datastore-selection/ - - text: Choosing a Web App Architecture - href: /web-architecture - - text: SharePoint Primer - href: /sharepoint/ - -languages: - - text: Languages & Runtimes - href: /language-selection/ - - text: JavaScript - href: /javascript/ - - text: Markdown - href: /markdown/ - - text: Node.js - href: /nodejs/ - - text: Python - href: /python/ - - text: Ruby - href: /ruby/ - - text: CSS - href: /css/ - -# TODO: figure out how to nest links -css: - - text: CSS - href: /css/ - - text: Architecture - href: /css/architecture/ - - text: Documentation - href: /css/documentation/ - - text: Frameworks - href: /css/frameworks/ - - text: Formatting - href: /css/formatting/ - - text: Inheritance - href: /css/inheritance/ - - text: Linting - href: /css/linting/ - - text: Naming - href: /css/naming/ - - text: Preprocessors - href: /css/preprocessors/ - - text: Specificity - href: /css/specificity/ - - text: Units - href: /css/units/ - - text: Variables - href: /css/variables/ - -# TODO: figure out how to nest links -js: - - text: JavaScript - href: /javascript/ - - text: Dependencies - href: /javascript/dependencies/ - - text: Frameworks - href: /javascript/frameworks/ - - text: Style / Linting - href: /javascript/style/ - -# TODO: figure out how to nest links -security: - - text: Security - href: /security/ - - text: Content Security Policy (CSP) - href: /security/content-security-policy/ - - text: Output Encoding - href: /security/output-encoding/ - - text: Vulnerable dependency remediation - href: /security/dependency-remediation/ diff --git a/_includes/footer.html b/_includes/footer.html index e9cd363..2bfda1a 100644 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -24,8 +24,7 @@ {% endif %} {% if anchor.edit_page %} - {% assign repo_page_path = site.collections_dir | append: "/" | append: page.path %} - {% include components/github-edit.html footer=anchor path=repo_page_path %} + {% include components/github-edit.html footer=anchor path=page.path %} {% endif %}

diff --git a/_plugins/override.rb b/_plugins/override.rb deleted file mode 100644 index 159d194..0000000 --- a/_plugins/override.rb +++ /dev/null @@ -1,133 +0,0 @@ -require "yaml" - -module Jekyll - ## - # Loads custom, guide-specific config and data under GUIDE_DIR. - # Configuration keys are limited to those specified in this class, - # orginating from uswds-jekyll, jekyll-sitemap, and isidurs-bane. - # Data filenames/keys are limited to those in DATA_FILES. - # - class OverrideGenerator < Generator - # Guide-specific directory for configuration, data, and content - GUIDE_DIR = "_guide" - # Guide-specific configuration file - GUIDE_CONFIG = File.join("_guide", "_config.yml") - - # Supported keys in GUIDE_CONFIG: - - # Sets the guide title in the header and anchor, from uswds-jekyll - TITLE_KEY = "title" - # Sets the guide description in the element, from uswds-jekyll - DESC_KEY = "description" - # Sets the URL used in the sitemap.xml, from jekyll-sitemap - URL_KEY = "url" - # Sets the GitHub repository information for the "Edit this page" link, from uswds-jekyll - GITHUB_KEY = "github_info" - # Sets the search.gov handle used with the search function in the header, from uswds-jekyll - SEARCH_KEY = "search_site_handle" - # Sets the organization managing this guide, from isidurs-bane - ORG_KEY = "org" - - # Parent directory for org-specific data - ORGS_DATA_DIR = File.join("_data", "orgs") - - # Guide-specific data - GUIDE_DATA_DIR = File.join("_guide", "_data") - - # Supported uswds-jekyll and isidurs-bane data files - DATA_FILES = ["header.yml", "navigation.yml", "footer.yml", "theme.yml", "anchor.yml"] - - safe true - - ## - # Merges keys in GUIDE_CONFIG with those set in _config.yml. - # Also loads uswds-jekyll and isidurs-bane YAML data files under - # ORGS_DATA_DIR and in GUIDE_DATA_DIR, overriding any keys found - # in _data. Key precedence is GUIDE_DATA_DIR, then the optional - # org-specific sub-directory in ORGS_DATA_DIR, then finally _data. - # - # This method is run after Jekyll has made an inventory of - # the existing content, and before the site is generated, per: - # https://jekyllrb.com/docs/plugins/generators/ - # - def generate(site) - merge_config_file(site) - - merge_org_data(site) - - merge_guide_data(site) - end - - private - - def merge_org_data(site) - yamls = DATA_FILES - yamls.each do |y| - org = site.config[ORG_KEY] - if org - merge_data(site, File.join(ORGS_DATA_DIR, org), y) - end - end - end - - def merge_guide_data(site) - yamls = DATA_FILES - yamls.each do |y| - merge_data(site, GUIDE_DATA_DIR, y) - end - end - - ## - # Federalist does not allow multiple Jekyll config files to be - # specified (i.e., with --config), so this approximates that - # Jekyll feature. - # - def merge_config_file(site) - required = [TITLE_KEY, DESC_KEY, GITHUB_KEY, SEARCH_KEY, URL_KEY] - optional = [ORG_KEY] - - original_url = site.config[URL_KEY] - - customizations = YAML.load_file(GUIDE_CONFIG) - if customizations - required.each do |k| - site.config[k] = customizations[k] - end - - optional.each do |k| - if customizations.key?(k) - site.config[k] = customizations[k] - end - end - - # Per https://jekyllrb.com/docs/variables/, Jekyll will set - # the url at runtime in dev environments -- preserve, if set - if original_url - site.config[URL_KEY] = original_url - end - end - puts " Merged " + GUIDE_CONFIG - end - - def merge_data(site, dir, file) - path = File.join(dir, file) - unless File.exist?(path) - # Not every org/guide will need to override a given data file - return - end - - begin - customizations = YAML.load_file(path) - if customizations - # Per https://jekyllrb.com/docs/datafiles/ - key = File.basename(path, File.extname(path)) - site.data[key].merge!(customizations) - puts " Merged " + path - end - rescue - puts " ERROR " + path - raise - end - end - end -end diff --git a/assets/images/18f-logo-blue.svg b/assets/images/18f-logo-blue.svg deleted file mode 100755 index c2725f3..0000000 --- a/assets/images/18f-logo-blue.svg +++ /dev/null @@ -1,14 +0,0 @@ - - - - 18F-Logo-2016-Blue - Created with Sketch. - - - - - - - - - \ No newline at end of file diff --git a/assets/images/coe-logomark.svg b/assets/images/coe-logomark.svg deleted file mode 100644 index 5bfe841..0000000 --- a/assets/images/coe-logomark.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - diff --git a/assets/images/pif.png b/assets/images/pif.png deleted file mode 100644 index e21c0c1669362a03483863887d6e30a7c6376106..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11951 zcmV;gE>O{lP)r1V6BMBch_l zt|$?WO6-CtR*K^OzH|1x=RLFRJIn0uEX)GGe`e+!4rk$=r`>y>yRoFv+*-CYK-b7% zH8*+0E&lF2XB**u{h|U*Ef>p_9)C2-2%}x#2!D2xr_HoeRHBiWafyxW?m)ARiwg8N z&gs^TWfm_ztr|IO=rYW(e3aAB{WvcwF&e$1oYqEY9~C$V-)R{MJ#>j>78M)V*kME}MzH`dphGOc z=C~qK+Trb3fFFDxDI41*ayZ@j={TK^wId9-QDo8;uSMA2OZa^(Qy2%}u*l05*g6(q zO^k_@XR&_9=${b@O}*`)$l*RmMZ&=tZv{7L8kwAklcStZ+!)JLmINtUMGhVPgvrje zg_co?{cvI|Ku5e0p`rGE>uvlhDsYHbFvqn{b&^~0P$V>r(9T=>M9Om*;e^P;2hy3u zu?~)9GNQxhdl|P!1vW9A#9KCq3iQCEQGs>chtFK+V#8hGFB--I^wn1j9qnizzc<*) zR?k`Y&+;;^(k2r6fFmN4_3?Pl{LwX1dOI+dG1MIn&?Lfzc8mq+WpCH|4)d)U6?h8= zSX<*r7~l}CG_snNYnCw3RX1xp&u)=23Oyr}OUO5BE$1c=>asK+gKopUkJL0y;%hecaZ5zkZNBOuj68o0F>t>RbqXPTdJ`z4OBub32=ofid9n+Tf75G<} z9APz=;nJwUUS`=KLOY|3jS`}tdc3NeX|p2$vfW2_0-~O%0<&+0G?eMh3Sp8@~x-F)&hI zv3(SQMmp$aQv)34G#44>YS+5XwXQbYCC+q|U2JYWoi(lbUP6OB=i|3yX<N%-dfB&%V~#2Ab(UXi5!IxZog9f*s?3xP#|=^cY2gib zq>)`kx#s#=p?>nJbM)6b3Z$)z%)+3^!(K*v7Mn+X z=NL0^K_tx1^MJR-)3%BNS=B-AH%~tEeBe2EyTOHyw4J_s>uEKebkJT09d*^idN#4O zKRU;??(~$YevnU@=MA<_6v!E#wpwIxy_X`4M$@R@tm+7zy&y^JY3^oSGh|H3ZhcMZ z^NW?z9LzNA6boT3qs&v$Jr2|^5?VUQXtMybJ?>(A+n~m4a5KFOG{il=1kCe@<8;cI z_IGxpA5`?1-$s?RF}r)f`P{oAp^4@TJxxBOqW>AJeI&Fu z)MtS2U1bNIqo}m8rPF-`_};bFj)djyF$~zQU+O> zUH4MH!W~(_w(MyY-C=`BSjE+518%joR#B%kvZ*Wm2)HZfC+Xr+bL4t&Vdr?ib+V_) z7tHZ6esOq|9z8wg4;nZe?2!?@`3?{18C9^d@p66d0v%zwG z=y#EDs2{;2rLxD=!Hs|mCA$e5c|or0HHy3(z2F%2SG-WFp^Q;($2{GloQZDBPO4?I ziFZkT;?Q(gIn+FS>vYYc#Q42w;1{Wd-m_zrEE{_f+@Br-cQ=F7vpQG3g-aK;`Bsh6<`g_@U4Pdv3S>v$ zkh;~1QO?ESC4Hmh>1G@luT8S=9%?>`GABe{_H>!OLEk8SF0Rgxs)@0rUbkL_)%ax_ zM!lh<{{w&1B;z#jO8!lko55C5Ke!dQL;-B(OHzMHi{Zb-7xgh$s)ki0QQY~OCQtliC$>|lGHs_l<(Z7ebg78#ayGb z$$Q>?iqz5RePH-|)O!Yl>!O^keNW<3YeyyrdCpdvIMoqR>TH02RxvftCNWu;WCeR0 z@9Gvy1P$DeA0^#F{2!@9Ba?o9!Ml1#sdKhVA`i!sx;V-?IT^`I6u&VSBh%~bQa45> zTe&PspT>67GBUY_#5@C&OztF1)-IMnZpUYOC29ZnNj#-#EO|UmVv2TYu^mHViDl>9 z?3#N>e5h+INwhbG#GO&jMVPKvEYYmwWjvHtTT0BfNh~S!Fdd}hRb$WNpRrVM2EMjV zGN#K&>{?(ceV-_0dYc2%Gp@D#h~s0aVQa8+a#sEU3O(~X-NRA3Y@!S>U-_}YPGIv` zs%Y;6oSt;=dY{CgSO^cGZG`@dEEr-Ho28?(OH@HW60`J3`%3*+>sSi854R_|vge`d z1EO6`@se5i26x4x<29E>IM!6lS2=nmKGQkvO7m01} z@lMjy;87BLMkd2>hOhm5Q5K#(Kx&*unXB~YfRB|I$$1bL#4<_v!xzf;As&JJIbjdl zH$qcq>$&K*6%-jiaPgdH(GdBo2FezIQ1U}~HGpEim` z$qwijnLGxVYyGt7eMl^m!}j=}<`I_nHsC{TOQ}fZa?SJZ6oKu^Ki`P6W0?im9d9KC zK3@W!i&CMX6*K$G98Y5Z^3NCGvREdAKVU)=I}i>pHVYrrk(ZgFBPCfe$4I|mx<93wsMS+AMmT_1Sg+g|byC)iz24Pr5J zAZ@*x#lh2n7t%hIA84@1tCV*&)MGyKv%-AkP6y}`i;1z4noHLLzP56n z1L_gBGytz?qNhH^s?q3>)(mb?K&9j?T_d#c9XiD#VgII~G0t_U0lH~aw}%zS;Nl9?@LQS3&~av3%iX?+ z;_+uv|AET~KC>#qD{$qo^!rCfY>Un8el@vqrIF z)4FOEVLxn?cbgC6(%<$uxQ?5>OtW}Rs+(~54A8tr#wM(_)g~t>)^?# zLwfnq;`EI@qRu!kod;h5oVh3~e49iirsh@_c^4g{&gfax$NQY=s^^@#jtct^I#eik zT66KjBQeeO&a$(W7D04+-v}*y z1XR5!*wcup8%6>~q-p-{QD^L-7;e|D;0W14rpfZSJ);i!!H*U0B)$?EET2@%OfW6# zf_{K6tr%hNy510YMs1BQWIapo-2bF1@97_P#4c&j;|ai#k-=5CAK%+bTkWFyY@YwW z#NB|S%0JCCTf?X`2C9wOhU;F?qBF=SUnof3CGFgcbs}s5_*jd)y)A(`239A3w1YMg zdYfVW$YeXfJ85EnzouZfl9pQJfQu=`BD~6q- z4!9m$M(6?fOv}vFKkwiVQC*$_^X-=z^4=EkV!H3!rj8%*G=+I`p_kAfN-u`|s5lOa zqO&qytgw|mIU@)4u(lCCb7ReJ(Ew8`C(hh2-N5UNhwH4!{$OLYkFbu}3h}zv!1Gqf zGogK?L2~z^c#e;vb2->~)SV9f4d zJm91xiZxwz+>p_#Y#xTBNt9wbEs9LDw5;~3h2BGKP~8fH>+Nl2+#MN=mv(Q{5swx< znlsEyx%N)R^GMaPW5&^L|C}gXaUB;$W(Wo(1sCw2D2g<~>O6O3mbI0E$>pCeN8cij z+rzyr%dt_;+HN;TVLsI&^3cSmitWgv7b7vX{N0^^y^39U+C5Jw4Ni>E9RDs_(e2f~ zmER;i(iqMT&Nfk*h51+H;Zk*=*qJ87v2ld{fM=qvY3vj5m9`PiLcgdrs~fEl<7^r! zZEfXHXB+NLKgjk}R`|tV)RnDs*2P-W4v(aPVAvq)mOU!OpT9Aq2n)g$s$+_aY^+IC zps6!tn{L1YY0taVoo|X8`tT2|8sTuj)e9+x*q~VL%+^gF_K~&z!pv3^-+R$$=h)rG zR@ERmJH92`G`G6Ig>LeKGIi@s4U1afz;zLt`UHHgS>|HeBDrmRWz>c>E98GCQoCHF zTNKB4M(LHLBo@DWqKLd_e);Pa`MYcRjd$#6Uz`%P;e5a`NqNrjs4=ZfQCwppB0O*L zyD*Bz{@6Q-Ps0O|!QTK6>tl^7=MbIp&*NSJUs)m9O>Y=Aq=SzY-)9;}m|^kzLllXo zn3NMfo~u)2@Lv*RHOmeQHc6KCn^$$I&^x-m1tdP+d?qI<4Iwe@s2@bOUi$6*(ptketj07a{pqd~ZfL&f@o$21P8b_-lkNeg=uOf6;3jP#D;S%(WFsSMdm)cuD^3%<1@VTB*iBkZ( zMcAU|!F3(YQP&QRFit7hD2l)qI3ee2J0@zvqo!Kl$EN3PrO6x}B3xYaf@}w=dk;of zM=6*bMd2Io(kCT6p|A2sA0HTAtWJ!Xt+UE)k9I?*YH zy3F-%_mCG&GcR`!>prF6Z&3tp!YavR4FjX*bk`pIXizH~%{?UaUnqt@(&eIjfLI5&#RMS#8$j>g7OLvB#GH=JnY8f8+OmA_6?3ck@X zYRQVYB|=MIQwK#--T*T-i|`z^3U?M_wwv{?A_LV$U%NWk!49;i9rUxl?pDk=_?3ct zYkyhI8|J4O0KU^Us$hAIqHwyHkEAg}?UMWsvoJp!u1#dn)BY|n)(5i9Gu1vQ#Syj55*wBrmCgk0n3YvZ8k}zE#HbDf04F3FrHg9St+r~9X_JxoKF&lxsjlzL zRT_S>TGWdEI3OoXbV}v`c;0{rbB&DZa6Dj}2nW=*io?tDJ2W!bz!e_zxaZALUp*SN zVtL#bp@Vtg-pJr;%&K;X#TZbgON6`7td0DjsecZOTJb-#a@wVR zV!6zkjxsRct=6u5t8J~wXX^Eo2HFM>zqpoJ+p>l z-ax6A=G#9q=` z*whf5lqV9JF6-98VNpv~GheRR)`%L@-bnSuK2c-(;ExgdXQwhW)J>BJ2V#|qr^*R{ zd6-zK6V@PU*|k0Jn_>h`ihDy(d-tjjW@r;Nq&Y@MSbbsb44qji?e8wY#}0@E_&eZN z$%E+GXC$y0!jEfsry$6p~$*!-+h z;r%FkBrD^eGphQ&KvJoNNl`TJM7Jn1yD4=?M~yffYeqP|h8I~h(jub*<7aSfgjU7v zRBR1LM;)-U(l)DRTP-_a>zsK0c2RrQ1)P;+f(J!CU{@unb{k9UC-LZA00$PcAJ#Du zcE`Y|7aXg!ZBqU0l1>;B;n#rk7m^ikSe+GZzX-=*qo^m`q?A2b{RE;G7?ac3|L>W9 zrhD26xMwV!L#2T+=b&fQ6B?MRlpS7!G0c+@nwy!wQK^SL7~w2mYg||l)?$4cIh9*fQx_(GEFM23#>qa$r ziJbhv)V%-d$!S+D2YAb9pW{K3jMp-=?b)XhX~ArLd&EyFWw%5%c%Jl^=JVgk!@+58 zUrSGrm}9rdP9%Pu{`K{aE0wm*qhKbH(=GJ9$V1}_b#q35IaZEX0w3^TrS0J;m}e<} zeE_^yjhWp9?4S2G?-v?Ic!sEV?5EUi83pnJ<*yHccMA;%Ox7vFRmSA4)0?G5geQo4 z$6iX^6Hy?qCKp)#1*SwHbkivfW;cxmxDEWIV>0tMT=szfzrFj9*K)oa0RG9Tbc&Q9 zVxoB%W2_mTVF1IxuxZRp0Q10j43QR$g(m?PL&U7GFbp;V7>FWJMM$LI6;e!fj$&!~v;KF_J?cr})tYXO@iTc%FShv+6r zJygUbA0=j@W? zt2GIXiVW)02tY;o;DZ4BM>ri@Ml0i1t;4PjB@fl%fe7nZ42DGpXE`&u^zN`|m|dmW zOTWgCqm}WL*5S?yTC{Unge?I>O5U7yrv4Rfzx)7jMpDasNVFw+~P#?EX&b5{MMG>2L5%6B#f>@vI_eW>5 zB;&n0+#Rio^Ry-#L>Yd8EhC&-DvGV6`+a2wmSB;cA`;$rb#^VDcfcbN5#|}UJeSmj z&WtkjNB0PS0`$sAGSnrd&bLN5(C(p)6(X!?kuMzLZw5vIqorXnV=RbP#JAO|v-I+? zLhqN`+IWnd{J=~rMr)05E_-YioQeV{J6i|-4}E7KO>TxqODUu+buhWpiu7bEQD4qxP7yk|8p$n|WL zgeP*^u-qP%GZ65bGV9R3NlpF!(Ms4*tw=G+K(6 zqm?jT?YOAo9-cF^YtLPQbtCjk(?69`r(Kj`H26%1q^6)%u!~x%VQa6!VsAop`a;FG)l_}>J5qW@xDsnFFLrOx)zK(MgL5K}g`UqjIQmM1JBMD`Uuyfv~eUg105?SnMxEW=VhTY5tuO>qV zZK4MGm*zF!l_o28eJm5hrRjgqlXuEw>u4ND;02%fSbfQ64s4p_g?|>cBJE7zSk3L- z2W^Ck!ma)9gPDbY)1nZas0>aNy4#vG@kWyYXps| zjRWCUHc6H*&DXSk9Yq{%Qnf1Ad}3x^bp606!9y5ec0~aeZM7}?Ka#BPeuN97#Tg;n zxpr)sK6Q?8wYJOr{r(KcN9blIm}12!Vs*cDz0bgmiUw*uovSV>B3ZG-RkL@b5v}@Y zQO;1xpa>&1oe9yTyoMDcoLO$+WNtRB z&?P4ad~K9rjA`0A&QL2hH2)s#X($zp)X_)Mq=bF&`3c+=o+DKC9|tK zU1DkYBOWr*)T~FRtC>hr(ssh7(d>N7JmtKew+ySkbDQw{JrJkoT+Yq5QBD3}L2?1} z29d$NJF4IQ@0U@A4kqQSr8jB*-W_(* zkYn>+hH6W5=GEs!92udLkJ9hAy0leS;VqvJq#dVsXx8n~V;Ztar0k{|j&cr(Ax$UmjZ5$mSCLp+H#%oel#2VXvlk!$CH-T4H0^g*sV#Yp575QumCL3Gg^X!kY*?y zjV#x1M6F?A=_o-TN>{Z zJ@WS6M@JJe9rZc6_o+HXOR*(6ORWv@Y%~L>X~>gRzBqb^NNHy)otp4W)qWA`yahNc zT9Qiu_ooZ5Q=`dwUZKSn$+d4}@PfuUGn$2MCDB6{14c*7(%vM%iD?Xb!)Q`AR%{0s zkotR7yJp=I%|cr<(K+XSU^Xk-p5AWvXig3QEYd3}2pAhp%Hax~8sQiy-=0KQvn;K# zR%phW(EaidWsmO;GF;w_Bjt>CsG#PZBrXd;~Z@ z3OFVA^|gm*@wt}F3Zc&&9#2XE(^o-Hx1n2zx}03sR(}pjL@~@=4CjH+|pvK9u$?Jjrrj(2w)RV7sYgbYxsSx#+C(E5 zBUj&|qJHj)X5xF8sxCrLa{yPAJ~QS}Z+Ojbwa+VKJ~kRlCnK_(dgxXh&~Q0mp-mzp zyh63N<(^&Ek~jB3@mYB*n*vUZW?~JCv1Wu7jW699zyqb0dwvc!S=O4TaW*P?r>3}} z%pFCOt&;YX_)b)jv4A;NjYe@p$&Axh{;XFt6D#@zCRt&K^`+9JWlfa9V?8G}6{A`C5e8@N8;#wg%M@I*A8 zZUz@W94D4Lh-@=U0RKpv8ZEL;RE17v01k;p(jSZL)Z&jfX@cSWhVEikHAdz0#7mGt$NWvpA$| z)c4}#B*J{`QT^Csfe6 z>Xw{P$PLkG-ULTRE8{qPV(o(aoL*2DWq2L`9bqG9ddlZuhHg!N-NjUOt^%L>ew1Nw zVWp#M@PZD}C|&`FN2}r%jMk=L>Ut_NIK-BDU;QhQ(8dp4)Z~@Y_QDvCgGbdxN)PLm zS)MULk0h_Gu`QT93Vs!>hSj`>D+_v@aBpPL58N;L>3F8_b=J12zu?nz7EgIh%nph> znZz7FOm@Z#8aEreuXR0OKaqChv4*iEhDIj$l6ci&5qe=lOElb`Z?B9-zI`H-{UNWw zww-@rw3TD2xEcI9S_RkPL+d9Eo9B=?zwDBBfOi2i9qAby-`rug@z#nw9s~zP3AQqi z#IU@B+55&)FbEvoDmF#aaBKd!SLyg;NB4jw7GqpA7b{xm;gY>F_A9%|f1SiQ8zglg zAL4Fpm-5Qz)1$_@P`ahj)+iFQY!emI!^y^{JC)|4XYu>zHY@=LL|OhuVeZ7WR2~3v zAUHp2m`zN@(>f-xf*B;nSuHZCv$3tS6Ee0j0<04)!%#55$lM34bM{)#DWpbflZ4Wz z;{{zRDjVeQEb($XMoVxb7@RD!_Rc$6`rQ(BNYhDt zX|J3tErX*0*0QjMuLS9v+a1J4#sj6-C%)rT`5uVc;W98R-Ld^7uPo+*$YcehNDbFE znWJCCSAJ1JleUMW=Gf9?OxHX4=W|GnvtEfWa|)*Vxq2(>V=5RGwZYA~9bi0!{->8_hs#z z9-g|bg2DC~Qcp>;#ZIsYZ!Y5xA1z@ z0tXnSL*4`4SYI%*;!V$dQbVnpS1>RkD|4c=dDtdufFBwSZq_N8e9p3%)SxKCFECYI z#;>wN)EfW6W9H-UQ88Wooz!CIM8c^SVxH5ikddQ0qy}E^3E)~QrH^JBsj)U{uy}~~ zGD;oiRG=z>}1UQ(m15heIvxjvOfZfxx($*-wPA8`w9`|V>K znC{?6*xPuyhH4)bu&yP=ZN6;^Hm%Js_?gIIb92F`{^95rb}xzxJ{+~jOw$YUpr3;ONgEaa150dNw$%Q1 zxfUB~vq;#?ZGb7xv34{IE9>hGz-T+>>;eY+Lax!i8zpF`V-&HGufVAVH85L6tzhGwl+sfrGN{vA163jXZTT(1-GU z>@q*mArjgjym0KZa2pm>=83beBfqB>X!2YZ=;`a^35^S zhLy+cZ5EmQ%=PXt)DhZ7>)2fM-t3cchcD@KLXC)Z_tUHBio zRbs~JoztCXx>YJjeD^m|v9Sg@+?p9nm!CV$<^Jk96U>usp%1<6UPJueukMt|)J=lC65;zPy0GRE!t`FZKNU3*=vuDc%A zvW8XFmpR4pQ>Pp1S#uSe>qh(O5M^nf{X1Mz7=%=3m1wOzfx9xUwmdnn{N~e2hq-hn zywr!XE%Bbm-Qo{^W=lP-6b;hBIyUnYXBp}tp6}az7=UGGW z-DsU`2JTj$Y!vP+jC45}&lPM<>MP9P9PVy&lsDH0#(K`<9&ooi-Da5E++l?KJn9)^ zOf*}03;fGTwy?rdtv=YY#KTWJTj}L(@Y`su>F_1aabLi|@=2266SPDQsm z9a3_bo^18_`g0c!i10o*Ewec1tf*1Cn~yKtl{FZ9pfC=gUfXo-P#50>9>z6Z$GqZD zy}iMC1@Z0{rK3YVCRql$rOZIwJO4Icr})y3;+w@2Sc0c?jRN*9E*96*bWb|hcG2u? zWq`+hg>*S(8?a+~j_^jS7j(j(qFscadLLX8-z?q&mz7AO&GvVUEb93NAGyc5&Gkk2 znFS5{{$dny2BsKcPHs~Y zH<;nzWm*+)<1p)FCNAfd?9Dk7JmnyD8FB5|xL(KjCemJg$rBF`C8==Ujv_`#=4Lw? zkk(SaU3?-yPbV2>lnaZ$b3gU{f}jlSTe7dfu#)GM-zro2yn8H{c_-3hr`QP}X9P|@ zN8h5aY!S9C*&UwAHZT0Q`C%2~OZD$@0%q$J;lCVXqC<1StFU)Yn)H-dE}OH#Mb>l| zkXiY^BiKAMjNhYRjm{H}a-eI>ElSlL4R$W57(2UUXLd$<8!)&a1v)B17yZo!-;U*q z>FG<{knT87G8Uifl5sWVOPQwxCTo*7baFx@boT+?%IF*Nn@G3=cSI)70cIKDR2vqI zIoO0rJ`)LD%r5+0wgbmU!uEwNQ4Gf8k;&zl zm9=75X9D1P2gP!gvyz2{1D-BE$5Bzh-56f5RNFM8$JU*ZunBm;LP@I>=i#+7Tcw58 zhzzd6|M^}lw{)~O6I*6njJ0{@xr(#$2Ivn8_nt1rm`GUN67;q$cs2>IOx31Dj_Qk2 z86e-XUM$xbjx;yF$kxEj8Mupi*fX!w?K@Gxh55f~B92I_wI6gG=Id6bMcLnDxoXKS zVDkd5FVUK1lSnuZvvtn6Lhk;8A^XfEtNRJ&mRkcm1G9CB<(iIqA7>4eeu*!1iG*#6 z8}I62A^s34!!an0I=w-;9-21AB Date: Tue, 30 Mar 2021 03:25:31 +0000 Subject: [PATCH 055/179] Bump kramdown from 2.3.0 to 2.3.1 Bumps [kramdown](https://github.com/gettalong/kramdown) from 2.3.0 to 2.3.1. - [Release notes](https://github.com/gettalong/kramdown/releases) - [Changelog](https://github.com/gettalong/kramdown/blob/master/doc/news.page) - [Commits](https://github.com/gettalong/kramdown/commits) Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 9c53289..04aaeaf 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -69,7 +69,7 @@ GEM gemoji (~> 3.0) html-pipeline (~> 2.2) jekyll (>= 3.0, < 5.0) - kramdown (2.3.0) + kramdown (2.3.1) rexml kramdown-parser-gfm (1.1.0) kramdown (~> 2.0) From f975a4eddb9301b3421669e4b579c2eaad6acc3f Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 26 Mar 2021 16:46:15 -0400 Subject: [PATCH 056/179] WIP write up of security convo --- _pages/security.md | 57 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 56 insertions(+), 1 deletion(-) diff --git a/_pages/security.md b/_pages/security.md index 20dcf14..5fc5db3 100644 --- a/_pages/security.md +++ b/_pages/security.md @@ -4,4 +4,59 @@ sidenav: security sticky_sidenav: true --- -Security is everybody's responsibility at TTS. There are practices that we should adhere to as much as possible when building websites and this guide contains the ones that front-end designers and developers need to be aware of. +Security is everybody's responsibility at TTS but if you're not used to thinking about security in your day-to-day job, +that's understandable. We come from a range of different backgrounds, some of which involved security more than others. + +There are practices that we should adhere to as much as possible when building websites and this guide contains ones +that front-end designers and developers need to be aware of. We aim to give everyone a framework to think about security, and +ways to approach it with our partners. + +This is an ever-expanding list; if an important issue is unrepresented, please feel free to open up a PR with your expertise +or add an issue! + +## When Should I Be Thinking About Security? + +The short answer: Always! + +Some longer answers: + +### When starting work on a new system + +When starting work on a brand new system, it can feel like everything is going to go perfectly! But it's important to begin +building keeping in mind that things can (and likely will!) go wrong in unexpected ways. + +Make sure you, or the system owners, have a way of knowing when something goes wrong. Start by asking some difficult questions: + +* How will we know if the system is hacked? +* How will we know if there is a data leak? +* What will happen if there is a data breach? +* What is our escalation policy when things go wrong? + +### When starting work on an existing system + +Ideally, every vendor would be employing security best practices! But sometimes we'll start working on a project, and encounter a security +flaw or potential breach that needs to be addressed ASAP. While those flaws need to be escalated, we should be thinking about how to +communicate those kinds of issues without potentially alienating important relationships. + +*Before* getting access to a project's code base, it's a good idea to ask about a preferred escalation policy. + +* If I see a security problem, what is the best way to communicate that? +* If it's an issue that needs to be addressed immediately, how should we work together to escalate? + +Premptively asking these questions can help keep focus on the security issues at hand if you immediately see problems when you get code +access -- and having an answer to those questions is important for every project! + +After you get access, it's a good idea to ensure that there are also answers to the questions listed in the New System section + +### Data Flow + +Security is paramount when thinking about how data flows into, through, and out of your system. + +When the boundaries of different systems or domains bump up against each other, there are opportunities for security breaches. +These "boundaries" can be in forms such as: + +* third party API +* installed agent +* form that posts input to your database +* download +* webhook integration \ No newline at end of file From 01aca175b13ae6049a6dfeba26a23b2b2f2037e6 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Mon, 29 Mar 2021 10:10:09 -0400 Subject: [PATCH 057/179] Security notes from guild meeting --- _data/navigation.yml | 2 ++ _guide/_pages/security/aws.md | 68 +++++++++++++++++++++++++++++++++++ _pages/security.md | 24 +++++++++++-- 3 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 _guide/_pages/security/aws.md diff --git a/_data/navigation.yml b/_data/navigation.yml index 54f92b4..80bf20c 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -80,3 +80,5 @@ security: href: /security/output-encoding/ - text: Vulnerable dependency remediation href: /security/dependency-remediation/ + - text: Amazon Web Services (AWS) + href: /security/aws/ diff --git a/_guide/_pages/security/aws.md b/_guide/_pages/security/aws.md new file mode 100644 index 0000000..b8cce97 --- /dev/null +++ b/_guide/_pages/security/aws.md @@ -0,0 +1,68 @@ +--- +title: Amazon Web Services (AWS) +sidenav: security +sticky_sidenav: true +--- +A common practice is storing files in [Amazon Simple Storage Service](https://docs.aws.amazon.com/s3/index.html) (Amazon S3). +S3 gives the developer an easy way to store data in the cloud in a "bucket", and download it when needed. But this +introduces security concerns. + +When thinking about how to upload or download data in your application, there are always tradeoffs to think about -- often +processes that are easier to use are less secure; likewise a workflow that is more complex is often more secure. + +These tradeoffs get more significant depending on the FISMA level of your system. + +### Presigned URLs +All objects in S3 are private by default. This is great for security practices, but can make it tricky if you want to allow users to upload or download objects programmatically via an application. A method of allowing users to transfer +data without AWS credentials is to use [presigned urls](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html). + +#### Things to know about presigned URLs +* They can be reused until they expire + * Default expiration time is 15 minutes +* They can be used by *anyone* +* There is no default file size limit on uploads +* Uploads use PUT by default + +A presigned URL is an easily-shareable URL that is generated with an authenticated user's security credentials. They +are created with specific actions attached to them, as well as an expiration date and time; the URL will remain valid +until that expiration moment. + +A shareable URL that bypasses security authentication is very convenient to use! However, the tradeoff is that anyone +with access to that URL can use it. If a user for some reason decided to post a presigned upload URL to reddit or +twitter, anyone could use that URL to upload data to your bucket until the expiration time was passed. + +If you are working on a project that is storing Personally Identifiable Information (PII), especially sensitive data like Social +Security Numbers, presigned URLs is probably a bad approach! Remember, the only barrier between a bad actor and user data is the +obscurity/randomness of the URL. + +#### FISMA Low: +Be cautious but proceed with presigned URLs if you feel it is the right choice for your system. + + We recommend taking [mitigation steps](#mitigation-steps) to secure your system. + +#### FISMA Medium: +Really consider the tradeoffs. What kind of adverse impact might happen if a bad actor gets hold of a presigned URL to your system? + +* Can they access PII? +* Can they upload junk data or other harmful information? + +If you've thought things through and it's the best or only option, proceed but definitely take [mitigation steps](#mitigation-steps) +to secure your system. + +#### FISMA High: +{%include components/tag-caution.html %} We do not recommend using presigned URLs for this kind of system. + +#### Mitigation Steps +**All Actions** +* Generate expiration times that are *very* short lived -- think seconds rather than minutes. +* Don't log unencrypted presigned URLs + +**Upload Actions** +* Use a [POST action](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html) rather than PUT +* Construct a [POST policy](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html) to + * limit file size as appropriate to your use case + * limit file type as appropriate to your use case +* Scan for viruses + +### Proxying the file download + diff --git a/_pages/security.md b/_pages/security.md index 5fc5db3..75256fe 100644 --- a/_pages/security.md +++ b/_pages/security.md @@ -14,6 +14,24 @@ ways to approach it with our partners. This is an ever-expanding list; if an important issue is unrepresented, please feel free to open up a PR with your expertise or add an issue! +## FISMA +Every system you'll work on at TTS has a FISMA level of impact. +The [Federal Information Security Modernization Act](https://www.cisa.gov/federal-information-security-modernization-act) +(FISMA) was introduced to ensure that all government systems have a framework to handle confidential and sensitive information +in a secure way. + +The impact level of a system is determined by how adverse the impact would be if the confidentiality, integrity and/or +availability of system was compromised. + +``` +The potential impact is LOW if the loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. +... +The potential impact is MODERATE if the loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. +... +The potential impact is HIGH if the loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individual +``` +[Standards for Security Categorization of Federal Information and Information Systems](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.199.pdf) + ## When Should I Be Thinking About Security? The short answer: Always! @@ -58,5 +76,7 @@ These "boundaries" can be in forms such as: * third party API * installed agent * form that posts input to your database -* download -* webhook integration \ No newline at end of file +* downloading/uploading to any part of the cloud +* webhook integration + +Thinking about the edges of your system, how they're exposed, and to whom will help you make better decisions about security. \ No newline at end of file From fcd8da960fff11bcb20939c3dbeb699be8737bb8 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Wed, 31 Mar 2021 08:33:36 -0400 Subject: [PATCH 058/179] Incorporate PR feedback --- _data/navigation.yml | 4 +- _guide/_pages/security/aws.md | 68 ------------------------ _pages/security.md | 7 +-- _pages/security/cloud-services.md | 86 +++++++++++++++++++++++++++++++ 4 files changed, 92 insertions(+), 73 deletions(-) delete mode 100644 _guide/_pages/security/aws.md create mode 100644 _pages/security/cloud-services.md diff --git a/_data/navigation.yml b/_data/navigation.yml index 80bf20c..639d859 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -80,5 +80,5 @@ security: href: /security/output-encoding/ - text: Vulnerable dependency remediation href: /security/dependency-remediation/ - - text: Amazon Web Services (AWS) - href: /security/aws/ + - text: Cloud Services + href: /security/cloud-services/ diff --git a/_guide/_pages/security/aws.md b/_guide/_pages/security/aws.md deleted file mode 100644 index b8cce97..0000000 --- a/_guide/_pages/security/aws.md +++ /dev/null @@ -1,68 +0,0 @@ ---- -title: Amazon Web Services (AWS) -sidenav: security -sticky_sidenav: true ---- -A common practice is storing files in [Amazon Simple Storage Service](https://docs.aws.amazon.com/s3/index.html) (Amazon S3). -S3 gives the developer an easy way to store data in the cloud in a "bucket", and download it when needed. But this -introduces security concerns. - -When thinking about how to upload or download data in your application, there are always tradeoffs to think about -- often -processes that are easier to use are less secure; likewise a workflow that is more complex is often more secure. - -These tradeoffs get more significant depending on the FISMA level of your system. - -### Presigned URLs -All objects in S3 are private by default. This is great for security practices, but can make it tricky if you want to allow users to upload or download objects programmatically via an application. A method of allowing users to transfer -data without AWS credentials is to use [presigned urls](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html). - -#### Things to know about presigned URLs -* They can be reused until they expire - * Default expiration time is 15 minutes -* They can be used by *anyone* -* There is no default file size limit on uploads -* Uploads use PUT by default - -A presigned URL is an easily-shareable URL that is generated with an authenticated user's security credentials. They -are created with specific actions attached to them, as well as an expiration date and time; the URL will remain valid -until that expiration moment. - -A shareable URL that bypasses security authentication is very convenient to use! However, the tradeoff is that anyone -with access to that URL can use it. If a user for some reason decided to post a presigned upload URL to reddit or -twitter, anyone could use that URL to upload data to your bucket until the expiration time was passed. - -If you are working on a project that is storing Personally Identifiable Information (PII), especially sensitive data like Social -Security Numbers, presigned URLs is probably a bad approach! Remember, the only barrier between a bad actor and user data is the -obscurity/randomness of the URL. - -#### FISMA Low: -Be cautious but proceed with presigned URLs if you feel it is the right choice for your system. - - We recommend taking [mitigation steps](#mitigation-steps) to secure your system. - -#### FISMA Medium: -Really consider the tradeoffs. What kind of adverse impact might happen if a bad actor gets hold of a presigned URL to your system? - -* Can they access PII? -* Can they upload junk data or other harmful information? - -If you've thought things through and it's the best or only option, proceed but definitely take [mitigation steps](#mitigation-steps) -to secure your system. - -#### FISMA High: -{%include components/tag-caution.html %} We do not recommend using presigned URLs for this kind of system. - -#### Mitigation Steps -**All Actions** -* Generate expiration times that are *very* short lived -- think seconds rather than minutes. -* Don't log unencrypted presigned URLs - -**Upload Actions** -* Use a [POST action](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html) rather than PUT -* Construct a [POST policy](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html) to - * limit file size as appropriate to your use case - * limit file type as appropriate to your use case -* Scan for viruses - -### Proxying the file download - diff --git a/_pages/security.md b/_pages/security.md index 75256fe..227c9b4 100644 --- a/_pages/security.md +++ b/_pages/security.md @@ -7,9 +7,8 @@ sticky_sidenav: true Security is everybody's responsibility at TTS but if you're not used to thinking about security in your day-to-day job, that's understandable. We come from a range of different backgrounds, some of which involved security more than others. -There are practices that we should adhere to as much as possible when building websites and this guide contains ones -that front-end designers and developers need to be aware of. We aim to give everyone a framework to think about security, and -ways to approach it with our partners. +There are practices that we as developers should adhere to as much as possible when building websites. We aim to give everyone +a framework to think about security, and ways to approach it with our partners. This is an ever-expanding list; if an important issue is unrepresented, please feel free to open up a PR with your expertise or add an issue! @@ -50,6 +49,8 @@ Make sure you, or the system owners, have a way of knowing when something goes w * What will happen if there is a data breach? * What is our escalation policy when things go wrong? +If the project requires an [ATO](https://atos.open-control.org/) (or has one already), some of these topics may be explicitly covered in that process. Even if an ATO is not required, these are still important questions to ask. + ### When starting work on an existing system Ideally, every vendor would be employing security best practices! But sometimes we'll start working on a project, and encounter a security diff --git a/_pages/security/cloud-services.md b/_pages/security/cloud-services.md new file mode 100644 index 0000000..3d38637 --- /dev/null +++ b/_pages/security/cloud-services.md @@ -0,0 +1,86 @@ +--- +title: Cloud Services +sidenav: security +sticky_sidenav: true +--- +A common practice is storing files in the cloud; places like [Amazon Simple Storage Service](https://docs.aws.amazon.com/s3/index.html) +(Amazon S3), [Google Cloud](https://cloud.google.com/storage/docs/introduction), or +[Azure Storage](https://docs.microsoft.com/en-us/rest/api/storageservices/delegate-access-with-shared-access-signature). +These services give developer an easy way to store data in the cloud, and download it when needed. But this +introduces security considerations. + +When thinking about how to upload or download data in your application, there are always tradeoffs to think about -- often +processes that are easier to use are less secure; likewise a workflow that is more complex is often more secure. + +These tradeoffs get more significant depending on the FISMA level of your system. + +### Presigned URLs +A common method of allowing users to transfer data without credentials is to use [presigned urls](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html). +(Azure refers to these as [shared access signatures](https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-storage-sharedaccesssignature-permissions), but they are a similar concept.) + +There are some differences between service providers; the below details are specific to S3 as that has +been our most common use case and is supported by [cloud.gov](https://cloud.gov/docs/services/s3/). + +#### Some Things to know about S3 presigned URLs +* They can be reused until they expire + * Default expiration time is 15 minutes +* They can be used by *anyone* +* There is no default file size limit on uploads +* Uploads use PUT by default + +A presigned URL is an *easily-shareable* URL that is generated with an authenticated user's security credentials. They +are created with specific actions attached to them, as well as an expiration date and time; the URL will remain valid +until that expiration moment. + +A shareable URL that bypasses security authentication is very convenient to use! However, the tradeoff is that anyone +with access to that URL can use it. If a user for some reason decided to post a presigned upload URL to the internet, +anyone could use that URL to upload data to your bucket until the expiration time was passed. + +This introduces a "user error" or "insider threat" security vulnerability to your system. Even if your users are good actors, +some attack vectors could be: +* A bad actor scanning spaces of URLs to find publicly-available files. +* Anything with access to the client would have access to the URLs and the accompanying actions - this could include an installed untrustworthy browser extension. + +#### FISMA Low: +Be cautious but proceed with presigned URLs if you feel it is the right choice for your system. + + We recommend taking [mitigation steps](#mitigation-steps) to secure your system. + +#### FISMA Medium: +Really consider the tradeoffs. What kind of adverse impact might happen if a bad actor gets hold of a presigned URL to your system? + +* Can they access PII? +* Can they upload junk data or other harmful information? + +If you've thought things through and it's the best or only option, proceed but definitely take [mitigation steps](#mitigation-steps) +to secure your system. + +#### FISMA High: +{%include components/tag-caution.html %} We do not recommend using presigned URLs for this kind of system. The only real barrier +between a bad actor and user data is the obscurity/randomness of the URL and the expiration duration. + +#### Mitigation Steps +**All Actions** +* Generate expiration times that are *very* short lived -- think seconds rather than minutes. +* Don't log unencrypted presigned URLs + +**Upload Actions** +* Use a [POST action](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-UsingHTTPPOST.html) rather than PUT +* Construct a [POST policy](https://docs.aws.amazon.com/AmazonS3/latest/API/sigv4-HTTPPOSTConstructPolicy.html) to + * limit file size as appropriate to your use case + * limit file type as appropriate to your use case +* Scan for viruses + +### Proxying the file download + +This option is less "convenient" in that there is no easily-shareable URL that is generated. However, if your +system has a higher FISMA impact level, or if you don't need to generate a shareable URL, this is often a more +secure option. + +This will be more specific to your server, but the basic steps are: + +* Create an endpoint in your server that the client can call +* Check authentication and authorization when the endpoint is hit + * Gracefully capture the issue and respond with an error if the client is not authorized for this action +* If the client is authenticated and authorized, construct an authenticated GET to the cloud provider +* Serve the file to the client as a response to the endpoint \ No newline at end of file From b60fa09ae31e3a8d1cb3129b05a7748ae996c92c Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 12 Mar 2021 12:58:13 -0500 Subject: [PATCH 059/179] Add name of sections so correct main nav is active --- _data/navigation.yml | 5 +++++ _includes/components/header.html | 4 +--- _pages/markdown.md | 4 +++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/_data/navigation.yml b/_data/navigation.yml index 639d859..e6d662e 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -1,14 +1,19 @@ primary: - text: About this guide href: / + name: about - text: Our approach href: /workflow/ + name: approach - text: Tools href: /integrations/ + name: tools - text: Languages & Runtimes href: /language-selection/ + name: languages - text: Security href: /security/ + name: security about: - text: About this guide diff --git a/_includes/components/header.html b/_includes/components/header.html index c9fb601..6b51109 100644 --- a/_includes/components/header.html +++ b/_includes/components/header.html @@ -83,9 +83,7 @@ {% endif %} {% else %} - {% assign basedir = page.url | remove_first: '/' | split: '/' | first | lstrip %} - {% assign linkdir = _section.href | replace: '/', '' | lstrip %} - + {{ _section.text }} {% endif %} diff --git a/_pages/markdown.md b/_pages/markdown.md index 99a5433..ff6d51b 100644 --- a/_pages/markdown.md +++ b/_pages/markdown.md @@ -4,4 +4,6 @@ sidenav: languages sticky_sidenav: true --- -["Markdown is a text-to-HTML conversion tool for web writers. Markdown allows you to write using an easy-to-read, easy-to-write plain text format."](https://daringfireball.net/projects/markdown/) Use [Prettier](https://prettier.io/) for automatic code formatting. +["Markdown is a text-to-HTML conversion tool for web writers. Markdown allows you to write using an easy-to-read, easy-to-write plain text format."](https://daringfireball.net/projects/markdown/) + +Use [Prettier](https://prettier.io/) for automatic code formatting. From 2d61ad02bea2170d7cb08168bdcea0c0c96a461b Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Mon, 15 Mar 2021 09:19:53 -0400 Subject: [PATCH 060/179] Add missing pages into structure --- _data/navigation.yml | 4 ++++ _pages/architecture-reviews/data-act-pilot.md | 2 ++ _pages/architecture-reviews/micro-purchase.md | 2 ++ _pages/example-workflows.md | 4 ++-- _pages/frontend.md | 11 +++++++---- _pages/incident-reports.md | 3 ++- _pages/people/2016-Assessment-Guide.md | 2 ++ _pages/people/2017-Assessment-Guide.md | 4 +++- 8 files changed, 24 insertions(+), 8 deletions(-) diff --git a/_data/navigation.yml b/_data/navigation.yml index e6d662e..8ecd192 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -36,6 +36,10 @@ approach: href: /incident-reports/ - text: Architecture Reviews href: /architecture-reviews/ + - text: Front-End Disciplines + href: /frontend/ + - text: Example Workflows + href: /example-workflows tools: - text: Tools diff --git a/_pages/architecture-reviews/data-act-pilot.md b/_pages/architecture-reviews/data-act-pilot.md index 0537479..532b444 100644 --- a/_pages/architecture-reviews/data-act-pilot.md +++ b/_pages/architecture-reviews/data-act-pilot.md @@ -1,5 +1,7 @@ --- title: 'DATA Act Pilot: Simplicity is Key' +sidenav: approach +sticky_sidenav: true --- ## TL;DR diff --git a/_pages/architecture-reviews/micro-purchase.md b/_pages/architecture-reviews/micro-purchase.md index 225e583..e61c6cc 100644 --- a/_pages/architecture-reviews/micro-purchase.md +++ b/_pages/architecture-reviews/micro-purchase.md @@ -1,5 +1,7 @@ --- title: 'Micro-purchase: Do one thing well' +sidenav: approach +sticky_sidenav: true --- ## TL;DR diff --git a/_pages/example-workflows.md b/_pages/example-workflows.md index 91031ec..fbb98b3 100644 --- a/_pages/example-workflows.md +++ b/_pages/example-workflows.md @@ -1,8 +1,8 @@ --- title: Example Workflows +sidenav: approach +sticky_sidenav: true --- -## Example Workflows - Here we've collected descriptions of team processes (particularly around submitting code) that various projects have used in the past. Please consider using one as an example until a more formal template is provided. diff --git a/_pages/frontend.md b/_pages/frontend.md index 4f83483..0ff301a 100644 --- a/_pages/frontend.md +++ b/_pages/frontend.md @@ -1,10 +1,8 @@ --- title: Front-End Disciplines +sidenav: approach +sticky_sidenav: true --- -## Related topics -* [CSS]({{site.baseurl}}/css) -* [JavaScript]({{site.baseurl}}/javascript) -* [Security]({{site.baseurl}}/security) ## What is front end? @@ -33,3 +31,8 @@ should feel comfortable developing and implementing client-side interactions and frameworks using semantic HTML5 and JavaScript, and should be able to help with debugging, testing, and performance optimization of the code base. + +## Related topics +* [CSS]({{site.baseurl}}/css) +* [JavaScript]({{site.baseurl}}/javascript) +* [Security]({{site.baseurl}}/security) \ No newline at end of file diff --git a/_pages/incident-reports.md b/_pages/incident-reports.md index 6214a71..01923e4 100644 --- a/_pages/incident-reports.md +++ b/_pages/incident-reports.md @@ -2,6 +2,8 @@ title: Incident Reports sidenav: approach sticky_sidenav: true +redirect_from: + /incident-reports/cloud-gov/ --- Though we fully expect to write dependable applications, every project will @@ -50,7 +52,6 @@ Don't make folks search for the information. ## Examples * [C2](./C2/c2-outage-report-2016-08-10.pdf) -* [Cloud.gov](./cloud-gov) ## Additional resources * John Allspaw's [introduction](https://codeascraft.com/2012/05/22/blameless-postmortems/) diff --git a/_pages/people/2016-Assessment-Guide.md b/_pages/people/2016-Assessment-Guide.md index 1986f22..0c0f959 100644 --- a/_pages/people/2016-Assessment-Guide.md +++ b/_pages/people/2016-Assessment-Guide.md @@ -1,5 +1,7 @@ --- title: 18F Engineering 2016 End of Year Assessment Guide +sidenav: approach +sticky_sidenav: true --- 18F, as a part of GSA, has a mature [performance management and recognition system](https://insite.gsa.gov/portal/content/500278). diff --git a/_pages/people/2017-Assessment-Guide.md b/_pages/people/2017-Assessment-Guide.md index 886c7a4..60b6661 100644 --- a/_pages/people/2017-Assessment-Guide.md +++ b/_pages/people/2017-Assessment-Guide.md @@ -1,5 +1,7 @@ --- title: 18F Engineering 2017 End of Year Assessment Guide +sidenav: approach +sticky_sidenav: true --- 18F, as a part of GSA, has a mature [performance management and recognition system](https://insite.gsa.gov/topics/hr-pay-and-leave/employee-performance-management). @@ -25,7 +27,7 @@ In September 2016, a group of Engineering leadership and engineers met to determ The number one desired outcome was actionable feedback for individuals. In order for a review to be valuable, the person being reviewed needs to finish the process with knowledge of and a plan for how to grow over the following year. At the end of the review period, every engineer should have a solid understanding of what to do next to continue to improve and deliver better value to their teams. ### Fair rating -Individuals deserve fair ratings. These ratings should be calibrated both within Engineering and across 18F. The ratings and feedback should be aligned with the individual’s performance profile (as is required of course), and not biased towards individuals that the raters have interacted with more than others or those whose strengths align the most with their raters’ interests. Positive and constructive feedback should be balanced, and all feedback should be backed by evidence. Ideally the individual agrees with the rating they’re given. +Individuals deserve fair ratings. These ratings should be calibrated both within Engineering and across 18F. The ratings and feedback should be aligned with the individual’s performance profile (as is required of course), and not biased towards individuals that the raters have interacted with more than others or those whose strengths align the most with their raters’ interests. Positive and construective feedback should be balanced, and all feedback should be backed by evidence. Ideally the individual agrees with the rating they’re given. ### Holistic review Individuals should be rated not only on their technical abilities and contributions, but on their total contribution to their teams and 18F. 18F Engineering performance plans include critical elements for technical and team contributions, and of course are how folks are rated. This means the reviewers must seek to understand the individual's role on their teams: for example, were they doing any project management or design work in addition to committing code. The reviewer should seek feedback from the individual’s project leads and more experienced technical staff they’ve worked with. Additionally, if an individual has contributed to other areas of 18F through guild and working group contributions, the reviewer should gather feedback from leaders and stakeholders in that group. From 50135b9aacf1c3375842a2fa910e6c14a63eafd3 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Wed, 31 Mar 2021 09:18:55 -0400 Subject: [PATCH 061/179] Generalize assessment guide --- _pages/people.md | 3 +- _pages/people/2016-Assessment-Guide.md | 111 ------------------ ...2017-Assessment-Guide.md => assessment.md} | 14 +-- 3 files changed, 6 insertions(+), 122 deletions(-) delete mode 100644 _pages/people/2016-Assessment-Guide.md rename _pages/people/{2017-Assessment-Guide.md => assessment.md} (93%) diff --git a/_pages/people.md b/_pages/people.md index f1901c0..e8d66b8 100644 --- a/_pages/people.md +++ b/_pages/people.md @@ -29,5 +29,4 @@ Giving constructive feedback to a top performer is not nitpicking, it is actuall TTS, as a part of GSA, has a mature [performance management and recognition system](https://insite.gsa.gov/portal/content/500278). This includes an end-of-year performance assessment. -* [2016 Assessment Guide]({{site.baseurl}}/people/2016-Assessment-Guide) -* [2017 Assessment Guide]({{site.baseurl}}/people/2017-Assessment-Guide) +* [Historical Engineering Assessment Guide]({{site.baseurl}}/people/assessment) diff --git a/_pages/people/2016-Assessment-Guide.md b/_pages/people/2016-Assessment-Guide.md deleted file mode 100644 index 0c0f959..0000000 --- a/_pages/people/2016-Assessment-Guide.md +++ /dev/null @@ -1,111 +0,0 @@ ---- -title: 18F Engineering 2016 End of Year Assessment Guide -sidenav: approach -sticky_sidenav: true ---- - -18F, as a part of GSA, has a mature [performance management and recognition system](https://insite.gsa.gov/portal/content/500278). -This includes an end-of-year performance assessment. 18F Engineering’s goals for the end-of-year assessment are to have -engineers talk with their facilitator and supervisor about the past year and create actionable plans for career growth -in the coming year. These reviews ideally build on a robust, granular, continuous feedback loop between an engineer, their -facilitator, and other coworkers. - -Assessments are based on an individual’s performance plan. GSA’s Office of Human Resources Management (OHRM) has a -[set of appraisal materials](https://insite.gsa.gov/portal/category/532570) applicable to all of GSA. These include a -good guide on [Appraising Objectively and Fairly](https://insite.gsa.gov/portal/getMediaData?mediaId=614006), -and the requirement to evaluate performance on a 5 point scale. Performance plans have what 18F calls “objectives” and OHRM -calls “critical elements.” Each “critical element” in the performance plan is rated, and there is also a summary rating. -Some ratings can earn performance awards. You can find more detail, including what each rating number means, in the -[Appraisal Rating System & Performance Awards](https://docs.google.com/document/d/1YtnP2RoSJZh5IiKWVJwxyAksjafCqlmBXspCV8nlhZM/edit) document. - -End-of-year assessments are given to everyone hired into GSA on or prior to May 15, 2016, and are due by November 14, 2016. - -In late September, a group of Engineering leadership and engineers met to determine what outcomes we wanted from the end-of-year review process, and what we’d do to achieve those outcomes. - -## Desired outcomes - -### Actionable feedback -The number one desired outcome was actionable feedback for individuals. In order for a review to be valuable, the person being reviewed needs to finish the process with knowledge of — and, ideally, a plan for — how to grow over the following year. At the end of the review period, every engineer should have a solid understanding of what to do next to continue to improve and deliver better value to their teams. - -### Fair rating -Individuals deserve fair ratings. These ratings should be calibrated both within Engineering and across 18F. The ratings and feedback should be aligned with the individual’s performance profile (as is required of course), and not biased towards individuals that the raters have interacted with more than others or those whose strengths align the most with their raters’ interests. Positive and constructive feedback should be balanced, and all feedback should be backed by evidence. Ideally the individual agrees with the rating they’re given. - -### Holistic review -Individuals should be rated not only on their technical abilities and contributions, but on their total contribution to their teams and 18F. This means the reviewers must seek to understand the individual's role on their teams: for example, were they doing any project management or design work in addition to committing code. The reviewer should seek feedback from the individual’s project leads and more experienced technical staff they’ve worked with. Additionally, if an individual has contributed to other areas of 18F through guild and working group contributions, the reviewer should gather feedback from leaders and stakeholders in that group. - -## Process -The person conducting the review, usually an Engineering Supervisor, completes these steps. - -1. Have the engineer complete a self-review. -2. Gather feedback from reviewers (key stakeholders including project leads, technical leads, peers identified in step 1, etc) -3. Synthesize that feedback into a review. -4. Review reviews with the Director. -5. Meet with the engineer and their facilitator to deliver and discuss the review. - -More details on each step: - -### 1. Conduct self-reviews -Have each individual complete a self-review. This review should ask for: - -1. Which projects and accomplishments they’ve worked on over the last year, including both major staffed projects and also side-projects, working groups, guilds, etc. -2. A self-assessment against each objective in their performance plan. -3. Peers (in engineering, or elsewhere) that they’d like us to solicit feedback from (in addition to project leads, tech leads, guild leads, etc., which we’ll talk to by default). -4. Any specific areas they’d like feedback on. -5. Answers to these six “engineering climate” questions (the same as we asked in the [mid-year review](https://docs.google.com/document/d/1n0LegkVV6j3HsUJat-cda_5QmPfF_hFFaWjubpv-amA/edit) plus one new one): - * Do you feel you’re growing as an engineer? - * Do you ever feel like you’re not treated fairly? Please explain. - * Do you feel like you can raise work issues? Do you feel like your issues are actually heard? - * On a scale from 1 to 5, how satisfied are you with your work (1 is “not satisfied”, 5 is “very satisfied”)? - * On a scale from 1 to 5, how motivated are you to do your work (1 is “not motivated”, 5 is “very motivated”)? - * On a scale from 1 to 5, how satisfied are you with the feedback you’ve received throughout this year? - -The answers are sensitive, and should only be shared with other supervisors, and director if necessary. - -### 2. Gather feedback from reviewers -Now that you have the self-review, you can collect feedback from reviewers. - -First, identify reviewers. The engineer’s facilitator can help with this. They should be the key stakeholders in the work the person has done: project leads, technical leads, working group and guild leads, and peers the person nominated above. You should identify at least 3-5 people, but if there are too many it’s OK to prioritize and pare the list down. Be sure to include people who can speak to recent project work. - -Send a request for feedback to each of the reviewers you identified above. This should ask for: - -1. An assessment against each objective in their performance plan (as for #2, above). -2. A request for feedback on the specific areas the individual identified in #4 above. -3. A free-form general feedback area. - -Please remind reviewers to aim to be as specific as possible — ask for specific examples to back up any feedback they give. Assure reviewers that their responses will be synthesized and anonymized before they’re presented to the person under review (so we’re not going to say “well, so-and-so thinks you stink at Go!”) - -If necessary, you can arrange short (15-30 minute) meetings with a reviewer to go over their feedback and gather specific examples. Whether you need to do this will depend on how good and specific written feedback is. Arranging a meeting can be a good method of chasing a response: it takes less time for the reviewer to tell you feedback than for them to write it up. - -### 3. Synthesize feedback and draft a written review - -Now you’ve got a bunch of feedback, so the next step is to synthesize it down into a coherent written review. - -First, you’ll want to review all that feedback along with the person’s facilitator (if applicable). You’re looking for patterns, commonalities, or feedback that aligns with what you or the facilitator have personally observed. You’re looking to distill down all that feedback into a review for each objective in the person’s performance profile. Include as many specific examples of behavior as possible — good feedback is specific and actionable (for a deeper treatment if this idea, see this article on [The Situation-Impact-Feedback Tool](https://www.mindtools.com/pages/article/situation-behavior-impact-feedback.htm)). - -It’s important to be especially cognizant of unconscious bias here. Remember that people are especially susceptible to assume that underrepresented people in tech — women, people of color, etc. — are less qualified than their white male counterparts. One way to correct for this bias is to make sure that reviews are concrete and specific (as above). Another way is to be cognizant of the kinds of reviews that are especially applied to underrepresented minorities. For example, [the word “abrasive” is far more common in reviews of women than of men](https://www.fastcompany.com/3034895/strong-female-lead/the-one-word-men-never-see-in-their-performance-reviews). Other similar kinds of phrases to watch out for are “tone”, “aggressive”, “judgemental”, “too nice”, and so on. In general, if you’re writing a review that seems like it speaks to the person’s character, you may be headed in the wrong direction. - -GSA has [guidance on writing objective and fair reviews](https://insite.gsa.gov/portal/getMediaData?mediaId=614006) that’s worth reviewing as you start to write your review. - -You’ll need to provide a score (1-5) for each objective area in the person’s performance profile. The performance plan has criteria for each score; these plans are available in CHRIS. You should also review the overall guidance on the [rating system scores](https://docs.google.com/document/d/1YtnP2RoSJZh5IiKWVJwxyAksjafCqlmBXspCV8nlhZM/edit). You’ll also need to give the engineer a single overall score (1-5), which is calculated from the objective scores. - -### 4. Review your drafts with the Director -Before finalizing the reviews, meet with the Director of Engineering and review your reviews. They’ll check that your reviews are fair, and also compare scores across the whole chapter to check for bias, patterns, and consistency across Engineering. - -### 5. “Ship” the review, and go over it with the engineer -Now that the review is done, you need to file the “paperwork” and deliver the review. - -First, create the review in CHRIS. Then export a PDF version and send it to the engineer at least a day in advance of meeting with them to deliver the review. - -Then, meet with the engineer (and their facilitator, if applicable) to discuss the review. You’ll discuss the rating and possible performance award if applicable. This is also a good opportunity to deliver feedback that didn’t make it into the written review — especially feedback on areas that the engineer requested way back in step 1. Talk about ways the engineer can address specific feedback (and how we can support them). This can feed into a plan for next year, so take notes to help with follow up and evolution of next year’s plan. - -Finally, discuss their answers to the “engineering climate” questions. There may have been details they didn’t want to provide in the survey version. - -Lastly, the engineer will need to digitally sign the PDF. You’ll store those PDFs in a Google Drive folder (Talent will send us the link), Talent’s tracking spreadsheet, and CHRIS. - -## Going forward - -Our intention for this process is that it will be the start of a more regular, granular feedback system. Engineers deserve frequent feedback on their performance, and there have been many organization and leadership changes in Engineering this year that have disrupted regular feedback loops. Our new structure, where engineers will have a more established relationship with their facilitator and supervisor, will allow us to ensure that feedback happens. Providing regular feedback will make the annual review process a simple extension of regular feedback, as it will be more a culmination of the year’s progress. - -## Retrospective - -In November 2016 we conducted a [retro](https://docs.google.com/document/d/1VY7VEneWzfe4eMNIZ8cmIMdDG5W6T0NQCy6P9yehlNU/edit) of the 2016 Engineering end of year assessment. We asked ourselves how the process we used worked, and what we'd improve. Those in 18F can review that document for details. diff --git a/_pages/people/2017-Assessment-Guide.md b/_pages/people/assessment.md similarity index 93% rename from _pages/people/2017-Assessment-Guide.md rename to _pages/people/assessment.md index 60b6661..90fe1aa 100644 --- a/_pages/people/2017-Assessment-Guide.md +++ b/_pages/people/assessment.md @@ -1,5 +1,5 @@ --- -title: 18F Engineering 2017 End of Year Assessment Guide +title: 18F Engineering End of Year Assessment Guide sidenav: approach sticky_sidenav: true --- @@ -10,6 +10,9 @@ engineers talk with their facilitator and supervisor about the past year and cre in the coming year. These reviews ideally build on a robust, granular, continuous feedback loop between an engineer, their facilitator, and other coworkers. +This guide is *historical* although still largely applicable, although there may be changes from current practices. +Please submit a PR if you see an explanation or process that needs updating! + Assessments are based on an individual’s performance plan. GSA’s Office of Human Resources Management (OHRM) has a [set of appraisal materials](https://insite.gsa.gov/topics/hr-pay-and-leave/performance-management/performance-management-appraising) applicable to all of GSA. These include a good guide on [Appraising Objectively and Fairly](https://insite.gsa.gov/cdnstatic/insite/Appraising_Objectively_and_Fairly.pdf), @@ -17,9 +20,6 @@ and the requirement to evaluate performance on a 5 point scale. Performance plan Some ratings can earn performance awards. You can find more detail, including what each rating number means, in the [Appraisal Rating System & Performance Awards](https://docs.google.com/document/d/1YtnP2RoSJZh5IiKWVJwxyAksjafCqlmBXspCV8nlhZM/edit) document. -End-of-year assessments are given to everyone hired into GSA on or prior to May 15, 2017, and are due by November 14, 2017. - -In September 2016, a group of Engineering leadership and engineers met to determine what outcomes we wanted from the end-of-year review process, and what we’d do to achieve those outcomes. This 2017 guide is largely the same as the 2016 guide. ## Desired outcomes @@ -27,7 +27,7 @@ In September 2016, a group of Engineering leadership and engineers met to determ The number one desired outcome was actionable feedback for individuals. In order for a review to be valuable, the person being reviewed needs to finish the process with knowledge of and a plan for how to grow over the following year. At the end of the review period, every engineer should have a solid understanding of what to do next to continue to improve and deliver better value to their teams. ### Fair rating -Individuals deserve fair ratings. These ratings should be calibrated both within Engineering and across 18F. The ratings and feedback should be aligned with the individual’s performance profile (as is required of course), and not biased towards individuals that the raters have interacted with more than others or those whose strengths align the most with their raters’ interests. Positive and construective feedback should be balanced, and all feedback should be backed by evidence. Ideally the individual agrees with the rating they’re given. +Individuals deserve fair ratings. These ratings should be calibrated both within Engineering and across 18F. The ratings and feedback should be aligned with the individual’s performance profile (as is required of course), and not biased towards individuals that the raters have interacted with more than others or those whose strengths align the most with their raters’ interests. Positive and constructive feedback should be balanced, and all feedback should be backed by evidence. Ideally the individual agrees with the rating they’re given. ### Holistic review Individuals should be rated not only on their technical abilities and contributions, but on their total contribution to their teams and 18F. 18F Engineering performance plans include critical elements for technical and team contributions, and of course are how folks are rated. This means the reviewers must seek to understand the individual's role on their teams: for example, were they doing any project management or design work in addition to committing code. The reviewer should seek feedback from the individual’s project leads and more experienced technical staff they’ve worked with. Additionally, if an individual has contributed to other areas of 18F through guild and working group contributions, the reviewer should gather feedback from leaders and stakeholders in that group. @@ -108,7 +108,3 @@ Lastly, the engineer will need to sign the review. You’ll store those PDFs in ## Continuous feedback Our intention for this process is that it is part of a regular, granular feedback system. Engineers deserve frequent feedback on their performance. Our structure, where engineers will have an established relationship with their facilitator and supervisor, allows us to ensure that feedback happens. Providing regular feedback makes the annual review process a simple extension of regular feedback, as it is a culmination of the year’s progress. - -## Retrospective - -In November 2017 we will conducte a retro of the 2017 Engineering end of year assessment. We will ask ourselves how the process we used worked, and what we'd improve. Those in 18F will be able to review that document for details. From 383ed9cb4797b7a5131b255f30e294d5fa8ee18d Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Mon, 5 Apr 2021 09:04:38 -0400 Subject: [PATCH 062/179] Update secrets mgmt --- _pages/workflow.md | 67 ++++++++++++++++++++++++---------------------- 1 file changed, 35 insertions(+), 32 deletions(-) diff --git a/_pages/workflow.md b/_pages/workflow.md index d813d4b..f06894a 100644 --- a/_pages/workflow.md +++ b/_pages/workflow.md @@ -9,7 +9,7 @@ around deployments, git etiquette, and similar workflow conventions. ## Continuous Integration & Deployment -### Standards +### All Projects {%include components/tag-standard.html %} - Ensure that your project is running **automated tests** in CI. Successful test completion should be a requirement for deployment. @@ -28,44 +28,47 @@ around deployments, git etiquette, and similar workflow conventions. ## Git & GitHub -Git is our version control system of choice and GitHub is our current -repository platform, but how to use these tools can be spelled out in a bit -more detail. Note that we are looking to consolidate this with our existing +{%include components/tag-standard.html %} Git is our version control system of choice and +GitHub is our current repository platform, but how to use these tools can be spelled out +in a bit more detail. Note that we are looking to consolidate this with our existing documentation on [code review]({{site.baseurl}}/code-review) and [example workflows]({{site.baseurl}}/example-workflows). -### Requirements +### Security -- [Install](https://github.com/18F/laptop#git-seekret) our version of - **git-seekret** as a pre-commit hook. This will check for many common types - of API tokens and other sensitive information from making its way into - version control. -- Enable [**two-factor - authentication**](https://help.github.com/articles/about-two-factor-authentication/) - for your GitHub account. This is required for all TTS employees. -- Default to **public** for new repositories. See our +{%include components/tag-requirement.html %} [Install Caulking](https://github.com/cloud-gov/caulking). +It's easy to accidentally push secrets to GitHub. Caulking checks for many common types of API tokens +and other sensitive information before you commit, allowing you to remove sensitive data before +accidentally publishing it. (This repo assumes MacOs with HomeBrew installed.) + +{%include components/tag-requirement.html %} Enble +[**two-factor authentication**](https://help.github.com/articles/about-two-factor-authentication/) for +your GitHub account. This is required for all TTS employees. + +{%include components/tag-requirement.html %} As part of the ATO process, we require any branches which +trigger automated deployment be [**protected**](https://help.github.com/articles/about-protected-branches/) +by passing CI and peer review. + +### Other considerations + +{%include components/tag-standard.html %} Default to **public** for new repositories. See our [guidelines](https://github.com/18F/open-source-policy/blob/master/practice.md) about open source for more detail. -- As part of the ATO process, we require any branches which trigger automated - deployment be - [**protected**](https://help.github.com/articles/about-protected-branches/) - by passing CI and peer review. - -### Defaults - -- Generally we prefer **branches** over forks to ease internal collaboration. - If your project has many outside contributors, consider forks instead. -- When in doubt, use feature branches and - [**gitflow**](http://nvie.com/posts/a-successful-git-branching-model/) as - your branch naming scheme. -- Keep your repository **clean**; delete merged branches and avoid committing - files specific to your dev environment (e.g. `.DS_Store`). -- Follow [this - guidance](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) - about **good commit messages**. -- Consider [**signing commits** with a GPG + +{%include components/tag-standard.html %} Generally we prefer **branches** over forks to ease internal collaboration. {%include components/tag-default.html %} *If your project has many outside contributors, consider forks instead.* + +{%include components/tag-suggestion.html %} When in doubt, use feature branches and +[**gitflow**](http://nvie.com/posts/a-successful-git-branching-model/) as your branch naming scheme. + +{%include components/tag-standard.html %} Keep your repository **clean**; delete merged branches and avoid committing +files specific to your dev environment (e.g. `.DS_Store`). + +{%include components/tag-suggestion.html %} Follow [this + guidance](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) about **good commit messages**. + +{%include components/tag-suggestion.html %} Consider [**signing commits** with a GPG key](https://help.github.com/articles/signing-commits-with-gpg/) ## Code style -- Use an opinionated automated code formatter whenever possible. This saves teams from wasting time arguing about code style, and makes it easy to comply. Specific suggestions in [the pages for each language]({{site.baseurl}}/language-selection/). +{%include components/tag-standard.html %} Use an opinionated automated code formatter whenever possible. This saves teams from wasting time arguing about code style, and makes it easy to comply. Specific suggestions in [the pages for each language]({{site.baseurl}}/language-selection/). From 2a851fd79f14fe2d0cf7845f180fc36d350a8bdc Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Wed, 7 Apr 2021 09:02:57 -0400 Subject: [PATCH 063/179] PR feedback --- _pages/workflow.md | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/_pages/workflow.md b/_pages/workflow.md index f06894a..21b25c8 100644 --- a/_pages/workflow.md +++ b/_pages/workflow.md @@ -26,48 +26,46 @@ around deployments, git etiquette, and similar workflow conventions. docs](https://circleci.com/docs/2.0/configuration-reference/#schedule) for details. -## Git & GitHub +## Git & GitHub {%include components/tag-standard.html %} -{%include components/tag-standard.html %} Git is our version control system of choice and +Git is our version control system of choice and GitHub is our current repository platform, but how to use these tools can be spelled out in a bit more detail. Note that we are looking to consolidate this with our existing documentation on [code review]({{site.baseurl}}/code-review) and [example workflows]({{site.baseurl}}/example-workflows). -### Security +### Security {%include components/tag-requirement.html %} -{%include components/tag-requirement.html %} [Install Caulking](https://github.com/cloud-gov/caulking). +[Install Caulking](https://github.com/cloud-gov/caulking). It's easy to accidentally push secrets to GitHub. Caulking checks for many common types of API tokens and other sensitive information before you commit, allowing you to remove sensitive data before -accidentally publishing it. (This repo assumes MacOs with HomeBrew installed.) +accidentally publishing it. (This repo assumes MacOS with Homebrew installed.) -{%include components/tag-requirement.html %} Enble +Enable [**two-factor authentication**](https://help.github.com/articles/about-two-factor-authentication/) for your GitHub account. This is required for all TTS employees. -{%include components/tag-requirement.html %} As part of the ATO process, we require any branches which +As part of the ATO process, we require any branches which trigger automated deployment be [**protected**](https://help.github.com/articles/about-protected-branches/) by passing CI and peer review. ### Other considerations -{%include components/tag-standard.html %} Default to **public** for new repositories. See our +#### {%include components/tag-standard.html %} +* Default to **public** for new repositories. See our [guidelines](https://github.com/18F/open-source-policy/blob/master/practice.md) about open source for more detail. - -{%include components/tag-standard.html %} Generally we prefer **branches** over forks to ease internal collaboration. {%include components/tag-default.html %} *If your project has many outside contributors, consider forks instead.* - -{%include components/tag-suggestion.html %} When in doubt, use feature branches and -[**gitflow**](http://nvie.com/posts/a-successful-git-branching-model/) as your branch naming scheme. - -{%include components/tag-standard.html %} Keep your repository **clean**; delete merged branches and avoid committing +* We prefer **branches** over forks to ease internal collaboration. *If your project has many outside contributors, consider forks instead.* +* Keep your repository **clean**; delete merged branches and avoid committing files specific to your dev environment (e.g. `.DS_Store`). +* Consider [**signing commits** with a GPG + key](https://help.github.com/articles/signing-commits-with-gpg/) -{%include components/tag-suggestion.html %} Follow [this - guidance](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) about **good commit messages**. -{%include components/tag-suggestion.html %} Consider [**signing commits** with a GPG - key](https://help.github.com/articles/signing-commits-with-gpg/) +#### {%include components/tag-suggestion.html %} +* When in doubt, use feature branches and [**gitflow**](http://nvie.com/posts/a-successful-git-branching-model/) as your branch naming scheme. +* Follow [this + guidance](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) about **good commit messages**. ## Code style From a6fd9a9ec4a5d5a3e70ad41c28578e85d5fc570b Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Fri, 16 Apr 2021 16:32:50 -0400 Subject: [PATCH 064/179] WIP on Incident Response Drills post Authors: Lindsay Young, Alex Soble, Ryan Ahearn --- _pages/security/incident-response-drills.md | 95 +++++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 _pages/security/incident-response-drills.md diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md new file mode 100644 index 0000000..c186de0 --- /dev/null +++ b/_pages/security/incident-response-drills.md @@ -0,0 +1,95 @@ +--- +title: Incident Response Drills +sidenav: security +sticky_sidenav: true +--- + +## Why do an Incident Response drill? + +You don't want to be creating or testing your recovery processes while things are on fire. + + +## Preparing for the Drill + +### Finding your weak points + +First, create a boundary diagram. Second, pull out your boundary diagram and determine where your system can be accessed. Make sure +you include third party products (ie. Analytics, CI/CD pipelines, code hosting) in this analysis. + +Look at each box and each connection on the diagram separately. Figure out how someone who isn't +supposed to be there could get there, or how each component could go down unexpectedly. + +This will help you build a set of incident scenarios to practice recovering from. + +### Gathering Organization Policies + +It is likely that your Agency or OCIO has existing policies around reporting for security or data breach incidents. +Gather them to ensure they are built into your response. + + +## Example Web App using Cloud.gov + +Scenarios worth practicing for a web app include: + +* A deploy goes wrong +* PII exposed +* API Keys or passwords exposed +* Oops, I deleted the database +* S3 buckets are erased +* Site defacement +* Denial of Service +* Service Downtime + +You don't need to drill each and every one of these scenarios each time, but they are good to plan for. + +These examples assume the application is hosted on cloud.gov. + +Please adjust for your infrastructure. + +## A Deploy Goes Wrong + +It turns out, the new release doesn't deploy properly. It has successfully deployed in all the other environments. + +### Mitigation: + +Re-deploy last successful release from your CI/CD pipeline. (You are deploying from a CI/CD pipeline, right?) + +### Step-by-step template: + +1. Go to `<>` to view recent deploys +1. Rerun the deploy step for the last known-good deploy +1. If necessary, roll back the database to the correct version + +## PII Exposed + +It's discovered that PII is being leaked to unauthorized users through the site. + +### Mitigation + +1. Contact `<>` and inform them of a breach +1. Stop the exposure + 1. Assess the severity and impact of the potential leak + 1. Decide if the site needs to be set into a maintenance mode to stop further exposure. If yes, then bring up the maintenance page + 1. If you are able to isolate the section of the site where the issue is occurring and remove/hide the page +1. If this is in code version control history, be sure to scrub references to the PII from all versions. +1. Identify root cause of the issue and deploy a hotfix +1. Take necessary corrective action as directed by your agency security team. If there are corrective actions that the PO is able to handle in terms of contacting the affected users, do so. + +## API Keys or Passwords Exposed + +An API Key for an AWS service was accidentally committed to our public code repository! + +### Mitigation + +1. Contact `<>` and inform them of a breach +1. Rotate keys + +## Oops, I deleted the database + +## S3 buckets are erased + +## Site defacement + +## Denial of Service + +## Service Downtime From 27c9e2bc95da3b437b40a808c015c4b11cf6112b Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 16 Apr 2021 14:32:03 -0400 Subject: [PATCH 065/179] Add link to branch protection rules documentation --- _pages/project-setup.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/_pages/project-setup.md b/_pages/project-setup.md index 5e69b77..925a10c 100644 --- a/_pages/project-setup.md +++ b/_pages/project-setup.md @@ -52,6 +52,21 @@ visual regression tests don't make sense for an API). 1. Integration test setup (e.g., [Selenium](https://www.selenium.dev/) {%include components/tag-suggestion.html %}) 1. Visual regression setup (e.g., [Backstop](https://github.com/garris/BackstopJS) {%include components/tag-suggestion.html %}) +## Branch protection {%include components/tag-requirement.html %} + +Set up branch protection rules for each repository. The [most current ATO checklist](https://github.com/18F/tts-tech-portfolio/blob/master/.github/ISSUE_TEMPLATE/ato.md) requires it; +it's also a good practice to prevent mistakes like an accidental force-push to main. + +We recommend at the very least enabling: +* Require pull request reviews before merging +* Restrict who can push to your main branch + +Please refer to GitHub's [branch protection documentation](https://docs.github.com/en/github/administering-a-repository/managing-a-branch-protection-rule) +to help determine what other configuration settings are best for your project. + +By default, protected branch rules do not apply to people with admin permissions to a repository, +allowing admins to merge PRs without an external review when necessary. + ## Project Management Tool Every project, no matter the size, should use a project management tool to keep From 3002a86334221cc2327813ff108799b104e470d8 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Tue, 27 Apr 2021 10:27:05 -0500 Subject: [PATCH 066/179] Add Incident Response Drills section to sidenav --- _data/navigation.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_data/navigation.yml b/_data/navigation.yml index 8ecd192..f4f76a6 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -91,3 +91,5 @@ security: href: /security/dependency-remediation/ - text: Cloud Services href: /security/cloud-services/ + - text: Incident Response Drills + href: /security/incident-response-drills/ From d32b0809b950303fe74a58d5b7d492f88ce315d4 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Tue, 27 Apr 2021 10:47:51 -0500 Subject: [PATCH 067/179] Line edits + add internal anchor links to make a Table of Contents --- _pages/security/incident-response-drills.md | 37 ++++++++++----------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index c186de0..3c74fb8 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -4,45 +4,42 @@ sidenav: security sticky_sidenav: true --- -## Why do an Incident Response drill? - -You don't want to be creating or testing your recovery processes while things are on fire. +## Why do Incident Response drills? +You don't want to be creating or testing recovery processes while things are on fire. Preparing and practicing ahead of time is a good idea. ## Preparing for the Drill ### Finding your weak points -First, create a boundary diagram. Second, pull out your boundary diagram and determine where your system can be accessed. Make sure -you include third party products (ie. Analytics, CI/CD pipelines, code hosting) in this analysis. +First, create a boundary diagram. (You will very likely need to create a boundary diagram as part of your system's security and compliance process.) + +Then, pull out your boundary diagram and determine where your system can be accessed. Make sure that you include third party products (analytics, CI/CD pipelines, code hosting) in this analysis. -Look at each box and each connection on the diagram separately. Figure out how someone who isn't -supposed to be there could get there, or how each component could go down unexpectedly. +Look at each box and each connection on the diagram separately. Figure out how someone who isn't supposed to be there could get there, or how each component could fail unexpectedly. This will help you build a set of incident scenarios to practice recovering from. ### Gathering Organization Policies -It is likely that your Agency or OCIO has existing policies around reporting for security or data breach incidents. -Gather them to ensure they are built into your response. - +It is likely that your Agency or OCIO has existing policies around reporting for security or data breach incidents. Gather them to ensure they are built into your response. -## Example Web App using Cloud.gov +## Example Incident Response drills Scenarios worth practicing for a web app include: -* A deploy goes wrong -* PII exposed -* API Keys or passwords exposed -* Oops, I deleted the database -* S3 buckets are erased -* Site defacement -* Denial of Service -* Service Downtime +* [A deploy goes wrong](#a-deploy-goes-wrong) +* [PII exposed](#pii-exposed) +* [API Keys or passwords exposed](#api-keys-or-passwords-exposed) +* [Oops, I deleted the database](#oops-i-deleted-the-database) +* [S3 buckets are erased](#s3-buckets-are-erased) +* [Site defacement](#site-defacement) +* [Denial of Service](#denial-of-service) +* [Service Downtime](#service-downtime) You don't need to drill each and every one of these scenarios each time, but they are good to plan for. -These examples assume the application is hosted on cloud.gov. +These examples a web application hosted on [Cloud.gov](https://cloud.gov) that generally follows [our approach](/workflow). Please adjust for your infrastructure. From 2330a6275aaefca0c9f947a1ac3daa356a118a6b Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Thu, 29 Apr 2021 14:13:58 -0500 Subject: [PATCH 068/179] WIP --- _pages/security/incident-response-drills.md | 130 +++++++++++++----- .../rerun-workflow-circleci-screenshot.png | Bin 0 -> 19802 bytes assets/images/screenshot-fake-epg-hacked.png | Bin 0 -> 384847 bytes 3 files changed, 99 insertions(+), 31 deletions(-) create mode 100644 assets/images/rerun-workflow-circleci-screenshot.png create mode 100644 assets/images/screenshot-fake-epg-hacked.png diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 3c74fb8..73b6221 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -6,7 +6,9 @@ sticky_sidenav: true ## Why do Incident Response drills? -You don't want to be creating or testing recovery processes while things are on fire. Preparing and practicing ahead of time is a good idea. +You don't want to be creating or testing recovery processes while things are on fire. 🔥 + +Preparing and practicing ahead of time is a good idea. ## Preparing for the Drill @@ -28,12 +30,12 @@ It is likely that your Agency or OCIO has existing policies around reporting for Scenarios worth practicing for a web app include: -* [A deploy goes wrong](#a-deploy-goes-wrong) -* [PII exposed](#pii-exposed) -* [API Keys or passwords exposed](#api-keys-or-passwords-exposed) -* [Oops, I deleted the database](#oops-i-deleted-the-database) +* [Scenario: A Deploy Goes Wrong](#a-deploy-goes-wrong) +* [Scenario: API Keys or Passwords Exposed](#api-keys-or-passwords-exposed) +* [Scenario: Site Defacement](#site-defacement) +* [Scenario: Oops, I Deleted the Database](#oops-i-deleted-the-database) +* [Scenario: PII Exposed](#pii-exposed) * [S3 buckets are erased](#s3-buckets-are-erased) -* [Site defacement](#site-defacement) * [Denial of Service](#denial-of-service) * [Service Downtime](#service-downtime) @@ -43,50 +45,116 @@ These examples a web application hosted on [Cloud.gov](https://cloud.gov) that g Please adjust for your infrastructure. -## A Deploy Goes Wrong +## Scenario: A Deploy Goes Wrong + +It turns out, the new release doesn't deploy properly. It has successfully deployed in all the other environments. Let's re-deploy. -It turns out, the new release doesn't deploy properly. It has successfully deployed in all the other environments. +![Rerun job workflow in CircleCI]({{site.baseurl}}/assets/images/rerun-workflow-circleci-screenshot.png) + + Screenshot of how to re-run a workflow in a CI/CD tool (in this case, CircleCI) + -### Mitigation: +### Example mitigation steps: Re-deploy last successful release from your CI/CD pipeline. (You are deploying from a CI/CD pipeline, right?) -### Step-by-step template: +1. Go to `<>` to view recent deploys. +1. Rerun the deploy step for the last known-good deploy. +1. If necessary, roll back the database to the correct version. + +### Example drill: + +Follow the mitigation steps above in a development environment. + +## Scenario: API Keys or Passwords Exposed + +An API Key for an AWS service was accidentally committed to our public code repository! (Use tools like [caulking](https://github.com/cloud-gov/caulking) to prevent issues like this from happening in the first place.) + +### Example mitigation steps: + +1. Contact `<>` and inform them of a breach. +1. Write down which keys and services were exposed. +1. Rotate all exposed keys. +1. Remove any exposed keys from the commit history. + +### Example drill steps: + +1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. To simulate the real thing, push up a file to GitHub or whichever code repository use with a fake service key. (No using real keys for drills, please.) +1. Practice rotating the keys for that service in a development context. +1. Practice scrubbing the fake key from the commit history. + +## Scenario: Site Defacement + +The website has been hacked due to a compromised key! Now instead of our link to submit a report, we have a cute image of a cat and a spam link to follow cute cats on instagram. + +![Screenshot of Engineering Practices Guide homepage with cute cat photo in the middle of it]({{site.baseurl}}/assets/images/screenshot-fake-epg-hacked.png) + + Oh no! Who added this cute cat photo to our website?!? + + +### Example mitigation steps: + +TK -1. Go to `<>` to view recent deploys -1. Rerun the deploy step for the last known-good deploy -1. If necessary, roll back the database to the correct version +### Example drill steps: -## PII Exposed +TK + +## Scenario: Oops, I Deleted the Database + +The database needs to be restored from a backup. + +### Example mitigation steps: + +1. If you're using Cloud.gov, follow [Cloud.gov database backup procedures](https://cloud.gov/docs/services/relational-database/#backups). + +### Example drill steps: + +Assuming you have a staging database using a dedicated Cloud.gov database plan: + +1. Delete some data from your staging database. (No deleting data from a production database, please.) +2. Reach out to Cloud.gov using the [the non-emergency email address provided in thir docs](https://cloud.gov/docs/services/relational-database/#backups); request a backup. +3. Practice restoring the staging database to the point in time before you deleted the data. + +## Scenario: PII Exposed It's discovered that PII is being leaked to unauthorized users through the site. -### Mitigation +### Example mitigation steps: -1. Contact `<>` and inform them of a breach -1. Stop the exposure - 1. Assess the severity and impact of the potential leak - 1. Decide if the site needs to be set into a maintenance mode to stop further exposure. If yes, then bring up the maintenance page - 1. If you are able to isolate the section of the site where the issue is occurring and remove/hide the page -1. If this is in code version control history, be sure to scrub references to the PII from all versions. -1. Identify root cause of the issue and deploy a hotfix +1. Contact `<>` and inform them of a breach. +1. Stop the exposure. + * Assess the severity and impact of the potential leak. + * Decide if the site needs to be set into a maintenance mode to stop further exposure. If yes, then bring up the maintenance page. + * If you are able to isolate the section of the site where the issue is occurring and remove/hide the page. +1. Identify root cause of the issue and deploy a hotfix. 1. Take necessary corrective action as directed by your agency security team. If there are corrective actions that the PO is able to handle in terms of contacting the affected users, do so. -## API Keys or Passwords Exposed +### Example drill steps: -An API Key for an AWS service was accidentally committed to our public code repository! +1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. In a development environment, practice putting the site into a maintenance mode or removing/hiding a page on the site, whichever would be most relevant to your project. +1. Review any relevant corrective action / affected user notification procedures. -### Mitigation +## S3 buckets are erased -1. Contact `<>` and inform them of a breach -1. Rotate keys +### Example mitigation steps: -## Oops, I deleted the database +TK -## S3 buckets are erased +### Example drill steps: + +TK -## Site defacement ## Denial of Service -## Service Downtime +### Example mitigation steps: + +TK + +### Example drill steps: + +TK + diff --git a/assets/images/rerun-workflow-circleci-screenshot.png b/assets/images/rerun-workflow-circleci-screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..f5472a423fc7b189e97cb735c4213737b715b482 GIT binary patch literal 19802 zcmdSBbx<8ayElk)uwcOc!8YDh3Pqc8*psFboM6rlvRwEDQr?W~QbCqs)w`?r$|CBcnA<1BbeL zD2BU+yZTLY(u|B&39(k;wR>O+G`gD{(4#4C>(~Y=)?reX{(73Zz~8mWk`)N__;W1DONSPBoyssQ6k@rv6r$8sf;sd zxFUqBe+jlRuFHuHP6$e%gokHnqx>Si0uw=9K!_~GvPK3UvL^PKf?JB^Eed>Zp3r9k zI?6sCBO=1)I1UcdEaP~+WXM~X4gS=19t&znrmrwO{C>mJlXwJtd&OYa$<^)CQ)koD z)6-ibc=&Txq;U8Z7_0-Mw>^`tA~%XrF2v&Vnk7Pvun=r8P?Y#i+WT{gH>1bS3R-Ok&}QBTIs34{mK zA;!(cBl7S3|I07`yT<=qspDbgF74t3F7y=p-|_vgi~r}3|K|(;RjL0!s^k#-pH=>k zU;gV#5q9XE|Bp!gC(Qqjf;fwzim?B8pNXM%52I$lz(~L-%1CN^!yaZMr#0Gq2Mz!D$OB#obiYXGVBnQ@WESeqCo$97}?!RMW z2QL?vf30Qhq#y3>eKgSt^dBqR`^`m3Z*C4DgbRO9NnwQnFWrU3fq))V2_d9hPyydy zr6~wtsbw-z!SAM!O)Aq+TdnSYrx+nbV>vPXyD&cLJ$Ak-;=gO%u{op~%1ogpO0dDn zMe^Z+GPAg;mSzQvG(|7=d-PXTM(Jyn4ckS*5|?{3T6D79=~_gv!-n=) z65Kq4&InVS-{m5IiON^JZGohvXFX_9l36&0raheZy|V@3asxppq*qTJ0b#Erho$a2 zAh+1h1Ci|e@E+SdOG2Lu8s7lW9rc0Hl@Xw$u;@YH-QcVSq1|_fUBj~r-YskAR zoq;`tD|@avnG1NqBvtX%JPl$*Qb&hr^qMq}T@ zuQ`P0uNxwhu{fkuP{fAYSSjCILx`lj$%NlT|GM-T6O>>0>OjxGEb%(bUbEL0!ckn7snxwb{_Wm}E${8#_x9Hp9cB|A@~Z2PE2|ZpZ zh3Te&Jn+7DPKooTT&J9lz3n9UEsE#u}%tuGRr%VCz~ctu;v?`rw2)&2G9RK1NFqe(}b$mLHh zF;Nq={Fh>}h>FJkmox6GLCD4BhD2Ji*yi8S!+2?uuuXZ>5tF?O&)+RTf1aaR0L+4P&ZDkP5F=*=&yy5%>E zVH@ixpHGe5`tj;k0`5>kQ6^)FdB3Pj$&|m~u~iS!k*NCefS*>A#+Ct}pZ31dUWp&> z`k5DROS7;0`Um=<$Gc;8c`~nLk*g(-4l@2_&mZ|2R69cai3ql*cW zlhnlYZ~q=Lr*(dSJbYKFQqKz}4Y*!=%nYe0CZNM2qajmnPF1v25LT6r<~6`~fmlM| zmRsLmJr0-zKFqjmnB`h5Hahw5drn&4UhL-ZP-l|fGgM{FC)nW#{)pZl{&^Z;ul#E6 z_}hM!$c#kzJJ#_q95GIiXu#I&DI>$N8Z?{~+vivI`)w(YrDYBdbv`|~R4Ymb?BoV^ zpp)>aOdw6pUsGN)Poh)HR?B}U*lEGZO*Ah~q)a2E#NQdI`KH7Q*A~QOJ(3o>5O*BI zDugA)6k3{cRMY#c?(V4d&WWGB^S;hhsmW=2)@91Nb6xE2fEo&BIWtNy@pI}d;?!xmfv~#-;nS*#!st>zkcC+z}flP{qHZE;fXwHw2IUeON7zG zbeo)0m)X@gnMOy&r%r=l2zNUAZWA^YLmDAm7{z- B##>oe4(ak0A*7ylrI=@!@b z$2G62jdRd*{r~E(M5D2{sh1)LQihHy@$Bjmu_;V22z&ma2zl2?ElE+i?jc;4EJ{dq1u*dF9~~v%BMFP z)8fAZ2r22JvbLCYAcav_yA1(Lc>xc%8sbM?+cph@-66=In4;_QYQf~p@o_eSN}eJ+ zRKbEXbH(>q^y!BEF9TJDO#OADGxsk7=fHKTE(j-E8p~v3ti(4IH^U#?T6eijlnePv z#jzD%hr!(akqpe;<`GLwJYa!U0qY^Bmi+exD=@?N$AXExR@xbl7%ZB_V7gB$qqaEY z0;ieFcR_0BDVtC+z)Y?Mme!G<3AJyE@Pa)3ZkZ}E>UySPC4|1uLpTq6%@M7s;8K`h zjrCdUXHG>z4;wElZ@kyjNRNSeBCrIjm0REvPra{2r53^jI;FIjQRWvy%HofoxA;L# z6_Q;l+Z9Ag`;lN}Df|c;^aWxN09{##p(~3uLnSp>S>l=C`ftT`uIcCK{v`y3!7xu! zd8LI4D3g$y((utCUWCTi2vk0_*$C;nQqhio8ig%qJwPc8Y~Uz8Ua(3!7BvYjMyU6c z%&?8yzcTuyDDY1aZ|HP0(yYFXC<^~Iw~E12qelIPU!DM-J&;JiK%UFE)>id@j0?Bb zB&oMZFtGI76vUXXvr=w&qnGtBsR*O$3Pg@hR_KWmnY*Z6zZCirio!`eh`15Frf`O4 zjKL77_`?mM>n`(n_I%Zt4h(r zGK<++>id^kt;_{Qjj(Zbgcgq*5|Zvu2|w*G?mQ8&P>TzA&7{*29$2My=8X)(me@9 zN*H8D@?GpIP0E+FgtN_3C>pqX2~zn9dEf1XguzIBPpQ5HDI8LBb7}qXy|~W~o}!Ne zmw+EjH}~HiOFo;bxmqzG(4JZoUP_cgk@EbqbnXzEw1i8zQGXUGl;5K#t$wZ$ znSki_f+r?qCv-G|ko_Qa4BCFUpwF0`_^%N6V>X-NP&m^#xl|-40}^%*mi`k2DGFkG z*+gSWrw>tB)M(LfsxTN!xmvCN6|O<`S>$<4LGY!V@tlJoxAn+`Ylj6#QnhUqce=Ep z$)q&d47oj%Su9xV2VTX>{>xI;Ng*Q{yu+Ph6)W1SrQ-OSL#d3+RzsY17|rJ~>z*(L2MY?)z~!ru6<@Ar{6D zE3PD1uF!ibT7|5Hx&LZ>B4|8+x7pmOi~!eAh8rFmu2KZ%TCTzjhQqw znb`^_ab~DnyWLDu+bk=|L45-GfDVy(fM3GQr>bBA7QNNQ`>U0}9mYhGoW}~I7B02> zLd7J%`)~}Bvp)KFXY&?uH*Wf0?RA3m#c%&m{|bD1C^Bqv4!EDKHaR{Qy_k?j+-Cj~ zm2k-TP1}$y>v+6i0!S@q>|<2fwt6)pB1rQ*HLe zp*&p9nM7<%<9T09%5Q=E1|{&9&0r#Jo%6EL?$5F$Xi@;pF^bB+G^F;T9lv_*l|tVU z#rBQC=&v$+J5AG)d(_WT4e40H?KIbWcuWxrlYpC|tTzjGYt8xS=ww3LU$o1paszJ5 zcpPRc7|K7EAAmU3OwJkmR*F1cZ)k#>ikkt=WCts4vRQBVU{&kUUJ@7kaqF=d5r^q} z&x3i+G|^oS%qQ6>{6WE;tRzpO^sL&S4w1Iu@szn_zNh^JR*&~LXD7XwcOST%7I@a) zX+YCGtEFbQM}DiJ=i-8b#@=gTvKp@qhAOm5VjCQPX?B1GUu4T4EW3{m@4U44t@zDmlKcJX54658 zIu$|r7e0lcBNXd5g^wB+ojX|HnSq5(?CGfWn9aohGDU89sz^D^Wmwie;%C^f>CM^J zRDnF^?qZXRKwRT)DRo?8oY_}et^QG_7@nEX8)?I`HW#@N9&8 z+94lf};~pY#rC@elvf*t|Ic!Q%=3vo$7zeLLzD- zeKoH-A5UH6XQw85`BOcU&q-=E?EOkt5WMt}HHKi~v#%~IVw*e-@zlGn#_MmE+oBma*P#~c-Lnf(kL7mq&uY!{&wzg>&~>#DNgWGmAz}X6;$dUrk`o<- zD=#CKd&f}|=fxjY?K_fIE0%MMz25BtAk<@)_}e8n`2qi9u1y90%>kjG4R+HLALw%k ztJD@{0<)0FgigBP{f&3bPpkyVi^SjZYYp7IlOEH)+8Gyr^7{i4;&Z!aLVrF_e3lH6 za@L^TT*4AN>P9BN*uCx*@eq@H65dMIl8Rjw-Hui1vFqw;LF(CgnR&L=Od>@3wjb|R z=+Y>u7$%bWS9;y20YgH*RY=ZQ7RKS%Ib+Hziqnmj>6gM`SvuGNa|3d_235D?Lcx9!;Bj8s&^{^|Bjq}~NWohcZHZx;4_A;4$`tvY1Si=Pc z0rvp=$3&4H$q{S;6zAZARVD$nqu}0Et|N^t{#Ygv%6ugbH#!{ic=VL(;1Hz}9FZO1b`&6spDBUf%BAGs50k z=gonH4i;MC_JmlmTU+r{9sLqb*^|ythGSlKN%=+b9P}?lTxJ7R^B1ow2l=*Rez4$&^g+z&5xa!6sxniWt0kF z$b63_+ek8fA;dZzVaL1^NsZvP5QTY;oD^G)Ve!3uV&&cC-r#<9XO+ey1b=Jz(>U%A z6t*yMz?iLN6Q_GgS(`)ubaCo87%DdhrXPRZ%$WrGXeB5tgsq_0=Zd7o{`_zk+Rt9X zd%b@kryxgl_X)z+pc=-JCZx)Cu-#So7L%$ot!Ou&On<(&vWH;LrS*`{4L>e7GI$+)a-T=REPcL4 z&nBXqDSve(+fq_uLgTs+LNDA1e`>+|$>B&b)ix!pxC8?$Uued{$`lWWeD=a_+Fv-U zWiM$8GZL#ae;TJPPJQ@&pMIGotq{XCc1zhhc8S-mh&DW03n7Fz@>j${Fb~Ro09ZWXi#{3vPwIvthhT(KIc1> zEI~Ne(9PGZw~nbv?VZM>=QX692*!GN!mx$4rB7HN$sZ^+7q&6`p6+mVOH%EN5ppO6 zky&4&4*n~dnhu^;ev4d>(Oldo64m8DCBOvZ29wdO`eNVD5<-N2RkeOt~^#z;Xb~E%tSw zmYYSbfufPw`aP{!ZgCWUZgJcjnR8b(-hdQ!)t6IWotGD?SL-IzNVEfO4Qyd+LsR6O zO?3@*C`vs=yTO{|Qf-&_`ZHyzt3@j!_EVR{;#+pN`)h^f@KJ$HX zZ;KQG2Fa}5*7MfeW%PJToOH1?eggqL{7OqdYVq6DeRqL7do{#sJ}Rf0lBncPF&PZ?Nc-H)|Y^V@!}t$f6+X7ZMDx zq#MS}3kBa%U`rPCUPTTf^EuOM%xl8chQv9S<*Bg1G(Mb|b~k-&)^Rz0+12U&Cokf* z+4Eiz^jSkl%Xg!$IozfQ$*?mWlKMANU0(G6HQMeQ6oxFwsW0z6+WFv zau*)IBwq)S))$o8nrq7N8Ng6bay8GC6ErKR^hjKQ`0Pca2ITkB&R}4r-yJ={M8bGFybK z)`yUGCq_tpqsgA{o2D}&YWosVjn&D!b0FSl1=GD767*R2=kJ0;br`SteN)@)kjPdZ zY>u9yNQJA-bGqgt?^3s8j=#U?+@4IVd2mS=-qDO`eawASv+kkYC5hq_NT|NFBOVcH za*|Ptx{rK{c~y?Oz(ZDvZ7aEH;coMB^^-Ief!@b@{}Jh?SL_?xhHe(U{*lZf%kZ_^ zkjy{b%seGbpx; z{KdO8O9G`UAVJzFoX9&&Of(&=V$`9SC^~5mhH07fS+2ozs6GVG*L!ym1lJ2`*$t>4 zX*zo@BuSZ>V%8a2X*;CL;zVl`liaK!_pi2pzq5SLjno~m$(!%wSzz6*A0$|zva}B^#af(%Vm}gS^Y@sz#iT|ouD0+y zXL|ivrLHfYXHfa3dLKrswVm%_qA?yYZqzF{!a~?ap7Rs_gY}M!kitD_mf=ji3c>=) zy2*4W_|nX_-`~|9f=iQc?Vr1-*Bqm1k&MP)IMPqPDsMcbto=;_z`mXA=jiF{YcLCh z{3qyK+v4Q z8WuQDi(|MQ?UWRlxX0@7%O@e_Eb=0!GK)-ZvyH%_7N_o`_=pb$vgr3g5q3~Tz^4|TXOUljfhZ_F1JE|H_qRRtLUe$QIeU@%GAsb- zrHue^c+kv+7uxo4NBrNOs_j(>+sD0i9r?ChgR9b^R9N++K8MmWEg&>qaaR;ZRlK$1L2V=vM5TI@% zK8jgVXjcn@)0Ch2mP6ag1x4!UBv=ly;Iw2?a2jny`wSGE6G35nI7TGzkN?}Z^O@zT zQSBdsB%i1@=`;p_ZIC`U8B^?w%?Mh z4}*+!v%I?F>?!LJ;5)ScS3c#yE%)_PzK2Bp|b0bbX6~NEl%$_*0+fsH^j~hU05cov{xy(Ojy@l`X(URY( z4-VeiAOMfF;!pSW0Bg$|G&!?6EjFe+KHL!~#sCyl&SKmqV8mAyj)Xxx@Mh78Aa=N~ zYbb@;swWhsuJ@U+0*FkH>Sj1{>+846IzT0R9{Z#7{s(#BwT}i65?%fBgV;N+rHuVf zWdR4{TL@qrXZ^XlKUgg-!MX_*Nd~dyNht}8z4J~cw%eL%>qHx169bWCY2=! zPM4@%IXTSN=!D=WO+ZkQqA{dP=p4G7NdIhS6P8X|A z0nmW6yA$|yXM)1^Y?3};X>-oVLv>-XFBpek8Q^sPUsxEJAMjZX27cM(lEtd|_A}xS zT(_U}patV~5q^OxPiMFL)o6Vk!)&d#4S@`gfG=1hq4Ud&gcJE$BXFY6+$gK9W7KbL z;M*{%{E01Ptv5m$h^ptJrrs0%%8}7`{40JNicu|QREZ%d=!Ag1@Fm2|3AK%3DI|UO zCr`7(&qoqo=0q@-yi;d*)o9QaTr5WB*3YP7Fc44jr!eW|S%5me_lZkBt9v^Gk1UT= zP9dcH2x}8pO=OKAeZrngPol8u#J!C9v?ECU|wJWF&tnfd+8QI=X%9FDK{jr(+P72qB8fB;h8-8tp~}Fa0VF%+*oz{ z$!^fF@>{8k0SYdt5NiZyip8*TB(pnt-21s4Ri$AQ$|p%dmf}3s4P0v$o!JU~YBYQn z$lXWY7gPDhJW35LuP+o4ub%Dx2`uchk4yar0i_Lz=oexQl@?!ic1MwsU$B!&39`J? zB=D*-Y+_TZy-3;*LphH>CFL{^{UOTL?v8l=NlbPYH(e}g+~f9gf2U~yf#d@@T++v| z)T8Crh_BL9reZ5zbFbacNBMp0Mg|8@`7su~J{lUo+byaoL(i*Gs>)Y;>4jn|!ru>q zd^l>iJ`p`#B)R^wYg5ZCU*zw+#c%%U4u9WH@BWy$);z#CiV^YC2JnthEa5qZtkcQX zFaN%=17cD^|IHh6K&pwc7b+6JfW$Mf#R1A;X+=9)l?Au-b!+1h-St!wtCe(c11|bJ zBTT~Tt*J8J={IjVYFlBiVD63B{r3?tnDTqmeExvB6k7t!hU;PoY@?UP7$8>nUUOWK z1xuCYat31+T$%x1ts}b-QJPlW2=6+k8;6tuehwzMU&5c){%3rSsPC=7!a&C&kcY3& zS9A3a8A}6C%|jBqNxSjFT=3v5ZIBVhy_tiSJ*QOxJQ_8v$3Y#>6<;~Vwnnera}6@% zU3TroFni(@>*cig{`^mFe@538+8eL^*-MLO&W^2GKAQ>h2+Z*JJ`5b}O68k1F?1P! zq?8&Qevo=Z=Q^qwBjHn-!Vz3($LYRga*L zM6Q-JhP14A)LML}*L@T$CuZGyVE(;)X~PtxZ7c{f)v= zYEIZ<=uSwL<%WcjBwVO?FQ8GLQFQm|?g%X)@Z&`}x4*kQ>rea?bF;Lm#A8Gu&Tssy z?#3h(&UXN%?d_ryzsa-1&pBY8o;lW=KsMxYB4|Q5Km1Z&b+(CIe370>Mu0RY@y218xo2UGZ)U84fgc$A02V?AOlL41NC1v50o z=8u3B&L2IKS3p6h5Q@C|$Xs>eZxf6C;*dv_rOO*Z^%yWDfAQzQl6$a2i1`Uj?Mvbc zMD)+GUkn)`^M^)YY`_wI;u{pV!2JVDtSVU^j`BRkRg<)5Amx?uZeS>HtSieTPq!aS z2MrU8fZOzWNPL=r@KLjccb(RY&7O}{Yi=vfrR4ndKjv;;EseWx|fK z+TO~gM$C3MtLAph#6ij?T zp048Y@AeS=bySOI(m!pBgpRwOGb3@Q;%S9Gj^v0gCZYLI1o~O6!rizQc(f~js(gqo zKa%^wwy($K{IiG;EO9-(zCd8HMS$&g!y*1)k%)o70 z$>uU({(C*51!HjvJ;o#+Le%Y!COv=P8x%Sz~-ib2L_s}}q6ajL}IbQC^Kn4>t6uHle`7>sZtMc0Q zgyw5<2;@A>yw!{^@*`ZS!m=T0ho=ydTh8+wpKYSfD9Yb{28}pBhEfc_QpC*7Da~w2 z2t{IR;p0A!NvxF+?(MTU=%RSd?48LQAesmc5)P6kLsqC%u9%#@8W_nG~?!Gpj#$m>+#sHGAiQ`$d8$ zEyr~f=g%w20kz-8d1v0csjlAtAU#|X z{Pv`NmpQ;mHcz8zB4XzwF)iO<L(mt1XAVcK|zzW@;JhS^I6DzQPikDBj7xPT9t`d%($C{V9%nyA7 zXe-P$wmBV3OBDi%F1HQ4zi(n0E363gBq#~eN3I{!{v`ClB-H334N7t`9SC))c9GEA zeq4fad?qKnV3X_5qaP$cB+YE;l`e~6jHW6>A^k>hwJCT+|I*3~4o=?iRb?30Bx;Ms zB>E&0_U#ZFLNix$4jZ5%cI~55d&Tr$jOoFqb@WDbu972sh^NAbKaY2tI#gvLty3ty zdTue^o9)wmZ(Vg(BR$3W>Z^Fa7t2hj9-)HJE+-zLLTFHEGFJPMn&y3P406l*j`=Cf z8q(&lL_D#fLHIMWJ$ejg_b`;>h;vID;pye8r9%R#iG?ZJv}CO4+m!~R8Nw79o)>jy zm`rpGXo>;{oH}mUfASNGSq~z^hr$EJ7zxJLC2K@paK%$aaaVjl+r~f>1uiBC-MLfn zH4*%GB+32a&W2aKSt99)B8v2UihPtNd~e_<=0IF#$J=R@@$dNcyyN>FoK9eRH?6B` zdf$gBL}H>TKU6mdq`_ZjxwM_iwH!a*waw(E?KtR#%O|_Byzp`oAyiExw@!V5Qc!!c zQC4m?GsIQ20_7uGPs-6>i0A=AV&G8_Qc0mDXh1y?+`QJD&MoV?QOQP;BGZ}{anOn0 zk@OnpFtUOhw+5vV%7Pro1$_8yWrq>uL=aT*m(sbl z*IpFrtgwWd(~x+Fp}mARkQTr`eZh)ZMo_2%5&(pj z>h&T}sF?zVnp-snB~Vs_2*Ac9$poBkw$03KxofkKrBZynV^v5>G7%)YMFvF3nEn$yRmF} zyxm7ru_1t3KQ1Wa_cEFEB_rd_RyzEx78>l-FR6hM^BS+V;T-=nb?H1njwTt$Ltl~V@* zif06F%+3beNvd&PVMTJdG8`&$`$#6kMn{z0asOsYkk%GY0QFxA_!luNU$^o#0HI_8 zxGANMSD`uTngKGs+F{(*#hCGt^0zMvw0fUNE6-Df66y z=8@aa*O>hQUodURIL&4LfSl}EF0KHOd!^fbuf}i*#s>j)i@g9ijt6h9fJLXKY)o-r zF7v5_3Su2(0HvQ@^4R}m_}SrqCvx}=;A9cHC<6Aeq)$me*623z1sVML>-xwG;Hl}B zb;Vgiknh%U#a}{<=(cjrI3tly(d;Y@4v#=`8)j{aY^}8dni{8nC=hUS{Qy!i&fH87 zl@kQU$-)QyGOyN>r?xUNHlvtUL$IOY@t++c%% zpg$-}@R}xe-g56}85d}xczCSQ7Dz*}RqYS&m4uZy6rtn{SKHQo+ZVUa(W&vk> zl>_GLHcjWwhc_SYmlmWkMQNb2y9wmm#guZt=(1&ZFrwHYpc{I(u$uR)TH6%m2yvs& zIIt-oLxE6(!}2#TqnG+iN!nR*tS`9}!2r?^06yVTt8et>ZJ-P;?-SEFai=)25HL3Sa@vA7 z;~Jk1n^tbA{t)<3EC8Fy!1d`yd#4AOK*Z1$zhGHcP`caL4@1)yHIdU$_ChppR2Wy50p_xN5z!2D&CT; zn3eD`C{q&6AHc0NixfgQIZv^9615Rn<4LeQvNPi`HL04G-(+^)P;LM^a5PgNScit2 zdN5$k0_snu^Q0p}GlGXr0nfGWXZAZf^f?1Po+P!5Ly=lD^&bM_YvBCdL!r=nQ}Qw! z0b>`?8h@|3*s$L6nC&N>PlhRyEtQr4H+?{NkjU81#=ZbR66bi`<_N`H+a7>u@+XAT zrDR{&24SJM^=dt+i<-;1e79L^-2TqJ7lVHQOx_36`54l!32>)mZhhD}M%lTV6mC2h zdQwk5t4M+4BIhaUkE72X9NhokXRa$2Se zuB2RYnm2o8B_9nZ2Bnc~nU*B3OR;oc#0l*&sF|h}GF=Z&SSDff$UH0@15f%EZ_cDM zEe~Gaa)Y44*w2lu$#s0hv*)8Ba)@>NOD*+&p!?#xPin%jz_$oqbUZ0r4?#!u*qo5Y#E{b$fX8O|8aj~ENzsjX1taHc zAL7q}v9q^tUjGKF=3;aY#@56K@wo!q#m7aQ^^J*ziGT^>8GJ78nLiC zdV4X&MRfl*e6OeA_WgUnp&@AxH5kpsx|OYNH{b4+w=;jXpRso~+1HJNtFw>{i@+4q zHhK>5rjo;AMNOjQ=bsrPB4J)Q?wdxmf7E^o#M-(_-hh#F&$yt*1Q%rFciR7Z35|`= zv}bL6GknFaB)dmE>mpu?C8&m?_%k2UZt*w09(aU`9DrqAXKZC{*{}I@x}=w}iGK+8 zwJbWf+9iw2;n34D9mdhdKXXRXy*j-qvm3z{r#Xu9<|)&z{p{a>r%Fg5seZyL_2$-8 zwt!5)_5DgbnM%Y>w2V2HipAPgm;^wcBkNGNKYNxddd8seaa(=on&%|KC>Cx+Ne3z# z**94PZU!Ae;Dx#G;Nd}P*Jp1%;Ocz6*@vrk!945;F9=*3ZTOn%{uhWi{*O01{$hV$ z*8RXaR32ty2&`~m;d+nq$T5IiXC3AXOi*KvqI6j?h>Z9)6R{Hv`X^>VFi)m5y8OSr z3$B=@eisIL>c3}H(BptbYf=M;<|pK-z&5h(bq3~gxUy|g)eV;w$gC!?n9DO$ks3mf)XnwJ`%MUg)XMP z-FGu`8tJpT{76%_{k|(~#Yf44=|lD}mHC%7I*5s@;SrFD_wzZLX|753i+ZXyVZih# zriWR~vOwv3G%qn`{tOM(aZd2@T5_$B#ZMx`j|P4e-)|z^*k>z+BgoEt2}uNjf?wC0 zlQsm6HG|DtTeBztud(W9rJ-7BD@XSZq;?|~V&59J71b8I8})<H4v{eo( ziqe&@bF=+m>n##JMVb7=clX{LC4)LtvAzG-oZeyWbsMDcmd&G#UgloJ&qzXi>Ag>M zF^&@=0e5;B<^u#lOl(907eJALX9$fxQkI0&iU|V0r62)^;drXcrK4U0Sb+)Y!k^8| zA(qGhxwLFR7}r+=*TM);N%ikt1%5>Js<72izJZF7Q&4w1Lg6*84}bdHDNIC)r9ylq zjlj7+MWpph`R5iTP^AnNc-vXRLabGxT3x;*5cx(HocLwon^NonZ2A=qir|Z@x*P@N z;Xs}Cl+7%)P~gA~D*q+&ZI&Mjn;-x-g|621L1EJ<6gHjzF<5~n=ac|8;RX-mK;=F@ zY5qb`u+;-3h01RebaVcRYHpMhAf<1f>Q_pBBeeu( z74sRZ(|>U2IV0RX$&_}V%C`1IeH%0oI?zDOxEk0%1Azwup(Qzf2Hj|&3)MY!dhN2I zx~DcY5Qw6~4p5L91_h}YC0^e_v^Ak174L!tY8o*?;l zn@T#@V-~eI&6$GH%ZO)W0^7K>l57%wS^IGw3hF4>T$@ck)7ySqdZGWq+8-vduUlDU z^iohQGM>tEKy6S1C4u^sNh$WJ?+@O8Jn=O#0B|1kpKz4kmKkC};?so`Zlm zd9GG2LcH7Yzz_EC5~LTmbK~3?1C}kirM@nVo7XUkg6RC8|z#Bg*>JsuUp| zCWQ#OnW8sas6>lvO>|=kSAp5|P9)k%-FJ;~<=GCe$pdd4KB%=?)Ej7imGaZFUfaWP zA8i%C^OL@NlkiT5o8VLP`x===1h~`DBTblovVwq5UrG3ei|!hem^hsmcuDvMvkQt9 zwotd$=|c5hlZ!g#MHBKX^Eutn%Z9mIZJn^GZhroY@$`XZD{pI`f5>BH{G#1fw^eB= zRBx!&X>>&ndw?m)=WpHDoD+%;1r075)h}n~E5n;9xs8ctafkZ@39mDiBEn}Zd$(E7 z7OsDBb-(6^24*TkV%9ct=kS-o(Y@nG21X>_ehMPKa(#V;%#Uq+0kMv6TzHRGs)Ftv zN)G)r{Dt@u7sVe`i&+g=O@t0>4U-JSa+=8L$6nKM6I7?3IU_&BsyZlb5U2Fcj2nHE z3&`x0+Iv;bFzWCsh1{Ce%?0Meg{=;K?oGSt%sV1+n{*ca_TMGPwf@T@3mjgfdUXZ? z*-e_WF289i_jJ&jsEy1r;M%_OEMM9U-RpEz9qwy;`IjFWM+}*CGnH5c@LPPSSZr2Y z;IClICYc+_9WV!80tpHS2sZc4)WgCSwJgVXm2d`1>8U=hvJIlR%drx^z%8NN2H&V} zK6RwOzNX)Im==4?{fJZeRTcCpG{s}Fipq4)S8{_b-?MgrsU(_Ln}>D!d@GRFS;JonLnNi8mWZTcE=wG(2pJ%oqsd9kUm6nPprSfYjh z$Lehsdnu=vW zfMtjnPQQSXsYdCey%=upvr+ZoANN{}#~sBQ@tz*VYljc5?_%txQ{%N+UdinVO?&5Y z`|ng6<J-%WG%T`H&%#_HJX&RUICOT+A2?tn5BZ>wViasd zH1U%9{L?V)&|l{`GY9!pNjvpQ%@ZDL@0@8P8-Y=bmF*+vOVVG@uL}*sj8;r(=UzYp zz8cbK=w~Rq>M*6E1=_rTm7eD+?U*a+S=}V zyME56O2glDmWMnsnh5Kq!dIiF3}IkU!lCa12)HP3a7ANsoC`7%-b(Z^nJY#KWWPEj zy#J2Sv{n3ZM8D%Dg$7^#KHulyJ;zs_;Xl35WTWOBlMTflN2`s?`G)byA0n+ynxsSq zXZqJCz8*O}e=dJ^LMR~8blm;!#iM&hgXf{7mJPM9w0t<(@?R1#LZ`uAK#Wt$rgqxd zS>o5W8mb8mWeVISF|U2pkxZ#Hr3$vadv>QYW@}|x9gi9z=s{@M$uZB~z^HrhAr?u|fqyLW0#q6-#$f(1)z~r+33SYIcImWjWw{fj!j zfeCBV5UH|Ww0@JDhtj3Scj6s-meLn{$XayjX2${+2KA7XXXxgai|ZIcyVJ!b7wiai z;s5={1SU%Bm_f(?dX<7UNPboDB!{7!9rZ&%@->TIj-9G9?#z z>vN+`VtMm#r=$X6kajbJQ>X&+(B|W-Mr|PrpZ^@k4+<8rT^71x=d_r*@0 zzO=9N|9M-45-hl>BGdSa58y`BMF5B1Ny+-6xdI;wJuDFbQORK9cN+Etoa$<^qJQ=5 z!0QN%RE@z42cBMibEBn85MmZgWi{mUd+`=Fbpk{TJ%~zX6}lq{?4L0#R?VaXrmzZ9 z&k0GcHwW_~Mnxj{zoKu>cj)E7mc&0Ti53+fd9um=HI+dLq2qRs8M;OP-zyRTu`8Lu z=fngk8viAo;sa?OoM;jUW$5Nc+2}3+*cpML>HMp9sk$Uo3jq0f5(WuhpN_|pm`r3` zpmFt&fvFEWO+M$=jNkuttUp?0CDxadg5$l6FX zGe!;7${rTWujj=Ev=b`2w|8N2$*PtD8uPwJe&sf@%R3#Oup9qt& z&)+we<`)jQ0Y<0J@5UX3DQXV?QsG?>>81Q5tKlP~{BV5%rFtUdpjQ5^$wL~aMFAi6 z%zi>xxRha`eB2B7F~OYy#*!>zAHne(pqDd=`u>dvTS}PK{3Pjt_bs;#bRIAO%KIdO zJ#f_SqrpxCbUA zb=@kX-Kh&ah2857wG%r4-uG4KfE!H@Y>?2r*@)W(1}KV_%UMG!;OD!v11_;N_7!0A zDFhqJrb^VviA20>`~dmzcnzcp<-5O!4>wTi+oj{C*mLiv;`camcHmNquX^2zy3Hjs zfa%eqS)^14HgvmYS|F}d$)JXfP=$HZ%3(-2- zuD`QMc^`5l16|9Vb*es7I;M!WVELZg0;;M{%$aj>171~#Uu9V52GswL0CNM3{E@I@ zCLsV>9COSuF`E?4S3Y9Ih;aI7*TWYB0iFNcBL(H5J-h6(i!^TBIFP&Wpx*qEWw&kH zR)!88DtFy=m%RS^>ynd`<4Nwi>#i%X9bLL~k>{U(-ml(LcF&$Y<+95z^LeO)G9Q2Z zajzv(<`G96A*)uclE41?%cs%yaMU&xlnn}c4qUI&7L4Ny_Tm(;!O;JOhVx3qmTCc z*l1IeCQanD(@ygne6@{eN63T;6EsR*dF2(a3H|-|-#)HQn>O;=Yp;c`ryAhCI^>W; zoXL5KHz89kFET%-CK?(fQjqMw|Ne5o0SCyHS6(SgmoAm^<;zR8YSp4bj0ALC_uhN^g^R1NzPiY}79=YTbJQPNBjHFg)N?&*dOgzclnIeSRLdg_ zq3O92o}P1zjPr!(7Erc02eRh(f!wk*Y)3;NlMs0E#TUK#r-TPF#tNT#=9zNbamQs+ z^V8mzUcGvGLcI3cYtvqKWPuQviiXRUahjp~s+N))#70<6YQn*|;5lXKd1Sfa^LRBx zGC*{QCpSlk!DA!=l2!>an2xZP;R6wWLbmE0fry=E0s_Nd7%q=K`e>L8wM`HtuZkT% z=y;9F>f;#q8eD@0^`%wIRz=d!SfB5L$PkW^zn~@!pbGWd$T8;uyt!mi8UyTDvl(l zVAu4T5**i*{D_MT2hW3f3nD|xEYyccq98#9$xW{*DRM+pM3fLC)A)$18 z&$sUXyFS)zXl8cHRM&J@Jx|qyDk(^!A`u`#K|!HPONqUKf`T=Nf`V>BfCJ7HJvXa` zf_f%sCMv2VEh-9DvbQldvowN&qKPro*T;~eqv-8 zc(8r2{hK}{SzCJ*53~yNwi7BxxuebkB?5d?$q3bK5LV{6!l*c~==q zO~%}g<u=5pB?Os5#R+?@{+O- zzpoYg12UxvWggU=;z!F2O3D*QN{&fgkUp9NCkyje@ah{DA!&1Q#1Q9U#sazlxe*#= zTi76_B0m$|N=TGnjBgAX3=B;(S&`rhR4_#j9=r(M8ZnIjn!sl;s|cM7B1~5n&u841 zWZi7q_;~fvOiV=Sx}VhJ5nP})I1|^|3@H%OJa}PX_NpHr1%qK)O8VQ6FK-?n+v*-4 zA6@WaV9w~_f?!slK>OM*`JsJBfJ9Y|)TNE(<)K~!Wdx{a!DdjfK}q9c?ZD&8PyWX@c!2WLX-0DJA762_ z;3rp?R|1RL*c*Y_8Q2(@$OVwVU@)Kk2VKv4KhAmVPs}tV*ICVpeo;%Wx&PhezpngM zlaKM~*8e4nKjr+#SwPSNNPLX{Oqu{vQYEYz6qFE@w3zT)*Jt|~h|TXNZi83ekc)@q ziuk8|pp%wnNn$n(IYu**VR;$PyfMN@Th;fL#fU^kgV)N)_Hxz8vPF5zMb*XfW!aJUip#rHPMhVnmzdAcLH~8A@4&t;|AkZVj2sO8 zp9kb)0D%s|e_kS2Qb3R@ctuT|WgPMm;lB=`D$M_9)pnoA_7$JUdp%yGjPn2843?~r zi2Tp%;v0w(%y-`yNLvCTBl} z&x%PskA<5~dI&efWq#eyTa?$N*|awF3FJfE&3B2yEwvlhi_2RpDWdtteYBcgzqVY= zTc{EUZ-vp8Rb+_9u_G8Ej7=QI3W80$l(C;mwc^$)exG$EJ z3?}vZWq!YzOVv%f=T7Q%P)ZXMg8k>PmjvW`sGetj0DzVsF(6LJPS*e3@(H8b?ST5r3cj$3ROwE?)`Y} zD_)mNwHv?-n$Ki6g zNWPat`?HGJdA6fGo7g17De?Y%MsJKgZ`@xx_4Q_4}!g^;-r?V_3-IB8$HJ9 z=LU#ttBreQgS&Xj)*1(&MZ^)}1J;@Y+ZIX+#gAtC9ek<^&v38{o2qGdrwfb)ziTC* zAKG|77T-5-M*ktnw)=;qp-kpBJ`Q;+jDI~y>WHvKB>{%2SE8!s*A*$4#&`L=3&;JT zBi0QK6BZBb)C;q1CFGnyF@LSn`1p!AHyT z)|;Zs>_Y8^%1A=a;fwu>{Bqv69ELq8dO?*7R&^OQ7Bj;c?o@g~jZ6bfG?{`vt?Z_w z?L01rmVjEi7i5oamuOV&AJnbX=0x!flt2E=iEjQWv{1ph;yGbHU9$5HcG#&q1ijXD zjNE6jv~GDmX>G=3WvJF=*=@mQ!D&XvYe8L+H`DD0{_ROGX{q=9P0+StBmsMg^-^Q) zw5G)zp-r=aO1{Fm9~|_Q!0rBqSSFRO+(*Ri`rE@Mm3QcaLDW_+{6N@z4_6zlkqFk+ zFkSwE-oha{ddHSUZ@#Rm5(|1a+iav-l$m)PHslM!x2Yg{D?jE$3z#<@)TUh~`}Viq z9$IKwehoZ&MCDu@bwGNLZFITpVdGQc*sE8e?~6(*u&5s(l{EZQF$(i0&XA1G>*0F) z;v25sl|^K0$6k=dM~hI4Pa9>G1Fvg)Njzpb7A#c)2=8ML-G%BmZgNPuFT8ILw)Z0I zV!XE@S=#U}8PO#C15pAuras!c-q%}6_w3CFwF@^EA0NDT3-kG!oTfE;)q1b*fd}Ei zUCta0BC05Go$Ita*^m5LyGr{Em?^uY9_Yp8)yjW+O;@bq^=_}(N_4^WV7K;ar0t;WGJlqt z*ZPB^Crg*}d_}F5j*UFwuQ9gUANeaK@^Mc4pG)^{yKHK$y}XSZ_cXW?Ev7QVzSU2qQ` zje0gs7hWt5zQil5HCtcP84=r;4s2JW8HMX(RMIETmB2iwwZ;d3(9%w zomvf`_`M!)uS5{rKmiD8h`J(mE8a~RJ`dN0qj)0m$4CapL;6V<%(hh8@Gm>ufBjq= z1Va;f?0>!JL}t8_?<3@>E*Jea}2zmN+QAzL2xR_`L}D9$C* zB}#MXEZ)kEQ#kedHD{9P#vHweq#S8ze=xd&7vXbjm4zD}8>Ohxxd!pRG1G%I0=v9d z8_{DRQ-@O*`^{P~DZzVqGL2uX+tH(4*B#F(P$EWY=H(VZ3Lwh$#c>@pR~&RC$u{y& z7ke`!hrq_{S`}f->FRyjPu)r^N$M4E(k-AJu5EGDd=_QHIKzD)X(^@@7Ib8H_{*sA z!nQS@dn;b$j=k6Auw^6q$Q;$h%zIYNJs3Jp8db2u80aO)&Yr&*NFN6CvBcu;&jIJ+zUJxQ&PV&l4%E33dX4 zeD<645@&s3^uAu^Kg9E>I%Yj$8t&`V9l%q^J2oB2dl+us~MD(tB_p0 ze$M-?=5k^Vd7t%i;%$U4yD_)m|Zj7BV?Jw z)&6B3Q|9l=cLU;OAX?#%E!Hc;Iv;GjZsQK@zJ=>nXly2PG+(@HI-X+OCv_pmZDt!| z)maa~?=EdU7Z>)jX*o}HI+&kon={du zl^Ot6d`pyFe{`g&qIa|uCGcICP&Ua0%t}3HFm~|K2yg}n-(q~$R-t=B!_ ztm%Zyh^}H{sAPV^ya)PBk(V%jh%ol^KBL0$P4_Qqfqn7%BEU$Z;~`f9^&*!5aJL@!BidBrVYf3GbrGsJmJ@5@&RzlS@zzlC9vj`NA1+_7Wl zS)t3(^26*e;!d3RBI73~VQZS&`)h9fuurt0jJnqI~%q{AQnmM4|nLbYI}Zw?bysaqa4 zCy`$3rV=5+`YtBKlu)@rFj zXL^ELClkJtn57?Li8-~5$9OxgM;^}ignAl}_ejl47xM+ROLnstLA_zz!UlI59$MJc z66v#*Uk`qWeMIK5v@RvUc13VA=y02^DC^KHULdx%{l>6hLTj;j`P}2U%gnjknQ+$5rDX&3Xkp{I(QVLs;^yM5wqKWkns$}p zIwv5(~RhI5M*Nwhzp`SgMtvg34IWT z5?Lhk3}*s$!-^PyQbF8Irv>eln<~QJ5qnMnlXADk9&fbjdwb&9(fAixn#8M6PQ+!r z6I*K7OweIxRKqGhK|7d489_8R`-n?z*rxsCg92>*fDOf_#e_WP`QVA3tMoV2F$!}8 zT)dg*S#J?IgbP9w4Y?;y%t)nu(ao4d`d9+Tz}Cn9$A0O^1zx z;g*)YgH+Z#W$=P-2lz(6JL#0g?XZFp&~A#bYMcg6GRduXq! z7YzI*Z;xE(W^H6kdJPRrdgGpxP$^tjG|Gx&AZ5%q7Bceo1WL}OKUclX-oCp$wzzX? zQ*ZeK-5*L%I7gg0RB5~|XgFO_n=x9_iusWPMI70y)>@nTyhXZn>Oj%u-sg}{r=-XH zRZI|cFsFq+%<_GYd8zJHt?il^BhMH#?{FX+Duk(b`PR7%)j?#)ZU{NxWt-hjxr(#d zdl%H(@5l9S7iV*|{WyEK6=g0Nvkp6lgJLPu3=xAw`F0G#wxQoc^-Y!^%T~VF9dur| zXtKZNYMUym-xi5{XZ01+QUG#YRpU(dE`)7X6WD(;IGnRDvh?qVm&R=rZ^WgraJmWFJU8}qa}gIjpWXit=gJzEa*__d`V}LA z{S+7Sid{y^l6@648o{T80%ev$9OP6rL2{3A)|+L=T(K6q3O;l$XjBNAj^`&5l1uI~*jjM8qhB*_XiqM`EbTFunl-UBz%?FR~c=0c&V8 zpkeh6xp^D0A+28VI3U!+o9wLwrj}$JbDTbY3>}^y&J5x0YE6)o_ya-ngr99n8Gi!p zyNjuk7Uxo>j7PcMGbJd->UFxMlg@MH*j9!^^Zcq#pLdRB`aH%Von7}+iIwe%5$vl|-z;+6XlZq2jEEl~!zzjd zNi@xs9`0*TIs|C*YS}D}!Zm5LBS>-5ohKJ=MzQ+X3IBX`zJC5*!BH5c^WnxMrJ}xl zYrOx1jZS6TIUdjOe4|puk;hTWYt1R4g(CY7lj#SgMd@=5MsB;to;l zFBdh>yoJdE$K20B_)*!0*nLPglnQ$8=JAkc9g6)kgGv^>93uTwpD0$V<6kPgYlg=ZaX(#(3HklxvZ`t6i%EHpI;i1!tRa ziWk9=Ve%#V`Vl6WB%}y1w(EDMxDkDEm|`q?zPImGAt7=IP&+8fC^(zt!bAls`B7+T zopI#WzmT&<`)>V&{Eq|kr-pfPi8p&L(N_G0glJyC+&lILqjNhTB#9DmAWLpQEw-&GJk6bgL$IotX<;=@3%99f%%7KXbNRYzANrJT~lfJv!>rlA+rv zs;vy!$elLWfCAkGFHR)rOeq&WXf7}0?ctp7_pEIk%%T`5diQ>5 zBjIzW=52Q)kj@Q#GgkQ<3oXHeJ}u~H-qxT`bfd#UkZ<7I)(QLIy15YS>kIOw&(zRFi50_d-$!rYhLw%wk=kbTs~8v{isap(}c=777w z-ukYR-I%y>eb~YQ?%Z%>j3KW>WOjDHFzkxyXJxoLfF69|VMrM8bkR{Fy1wGG#ldpo zi6Hqs55n!2=Um!su^r~xKoQ*HvJ$Q*^QBv69;*fKwkMC`*cUP-uyI>4HS-*shXx}g z1mu^~oFZrWYg1H2Xn|zaSK54hGChKonC3^k4V+7UdLtnJqJoHQ%65QG`=l`f=%&R- zxchVbK}5s2j4yYkT|6%WX%W+z11K-Tr;j-6_2PwLDTJ+=1~!8@vZ=j5p&M53?sysUwCvu(swu+szHa5RWx1Gm79z zQQ!+8XJ*B_@8!pfQeHgYp_MtKo!`a^bwF9^qBaWS)vdOyF3&+}7-rQth8uYMO(Itq`=Gd-Y=w^)b57K6<(s{GY zt~2M%V2PlZ%&P63$oGQR(Qig2cGWx2Ra4{s(ijOheIB6 z66zX{(L`khtu~`O`y{^kIz2$EL%9dqtb%=26-CpF@Wphz{lcpXl6_k&5mr}+zQPX=a zvd~~$pLiT1y=${8@4~;z{_R|7AzS46t-kB>=)o{Vb=9)$$JXztC2bhx2#m}YxA4xsu-@G(KtKJ3%%V9^N?Dcl&Z)upT+ZU0sjTh-=yLkwK$kd{3>GSYb&O;GeH^drJ11WKieRRs^C5+V}7vPOkz58iqRxqe3x>gKX1$k#@Y(KS8X zv|-BGa$d(VDzB{5g{VZDF}G}| z5YjFK79z<7n5LO+n)h&Q_NRSfU=SXMT~uV+eU+2VRJX{R%?kN{ZJq#`^hp*P!`xn4 z#R(YUe{e%W_y}}q?{iQROx6B{2mA|J2l-ZFeo|6#4k{Ae|%4IKKX{b0Pvuxnn`8`8BWt*t40JCq68nV zNt*x&*A8qZRvVn8v)$6R@TN*!#3ms;Bs*^^BDsX z+fCQILjzS?PX}mgr&P7DHIqj4IF?;EMEp!^w>!b^tL+vorl|)4*XoD)nclC-r`fF+ zXQ#CthD7pnJW4=OC9QJFOdSdW*B{b2tTa`(6!}iXc=t-GN&rAsBY{yiOZ##gSI^Uc zn8%T3GIxk$;k&NS{kh2AFY(`cF+lh%P#~d>L__!>h0_K?Y~M$w5zfXI-hm0--*UO! zHr$pJJ4I;?zro8anpWsp>sfQgIHQMrC&}%eOAsN~;fT-uISQ z$7^#qYTW1`Um{FbfOS0xBDC(aE8WU(1jw8wDMPH&cd*i-s_FIvubg+jBqf?=D&fUE z030-jNa%-u+aiORAMGdUe0shJh@9_E$+p;xM*;KJsCR$ZbcBOQZy@Rqhw54I;+hHM z(0a2=>j6wU=1MEZrQ$GwhCB2oCRv^0Bmhz4+!t-ZLc^1KR(#_w4XFqZ$SWCr7l30w z1WQp4hp3BBNsZs&+32|Q9$>I#=I=7q^F8RAtY7Aaq_gcrd};(x?b)K@GV@H&Q|Xur z){Bj!XARlM6&kvE58ApP-u)B1BGihm6qQPJiH9hX6N;QOMd~;zEG`xeFmM!BeoFwW zzcA8y0z8-E#V3P+)>i=Yi>=|a7KlsGU={nsoO?SxKHMJ+^B&Q?g^dZ~0|R)`>uSiH zP!!KD%`KpBNTu6@NqXL9>=x5>l>$p)j@;%_^$U$odyY-m8hSYrsDm{j?>51jWYB{# zLT{o7I#c@avFl!`J`MTU%U%Dw- zx7}Yj0}&or7`MQrkpleVc8SRdBov+iAmdN!UXjXio1bPSO-lT2*Z5Kb?x}S4n;<8< zEDFsj^WsvR``siBT-bPWLSS?dSb%boeQj+~@>QbeW_AZyNf;{`-H>DFhv^hy;83K9 zz$ZUytQKm;cVF)yJ?xBhgH^n$Oh#&-SV*N9d5*bmRShF-&bWSPLRRC5m<8x^SmO}` z{mQdp-UUsI(s!nrxs0yZk%X5iX{dV?K%h=#OhD}Y$;C&XJVO;y7{F`P%;0hImZr0!Z>FE6s8hbuojEn7OtB-%$en9R4Nq7ULml$e-#u=M{@#* zr0MBauUm|v)o-noSK^i%aeIDqDw?&HX1s^>hFK0F021ey(w!Ydg9j_n+$0fAasVGw z!T%%KusIn&!!5$gfK)_}WhzvP$9j=#WxHbAd)9fusuWmxTU*AQDe1dV4oSU!#V~`n z8aM9>{BL2%I3UFo?gG+IiB39kFXcV0(PQZ*GL_TV%--x;A``8v!yPRQpJ-=7*r^Q-2P;&GAV#9$@0 zBJ~InW&Hpc^Vb-uy+Vn5AXzo)Y@}s9=^4&jJATKb<&1A)qLX{`=T{;s*pkRB8~E>0 zxl^;9pXjz{@I)Y;gfpW<_PpF^Jxp!Uj`1aAgraJG0+Hv%;7Qw+6`;!p_o#5Ctixkz zJ(WaXTb>Q>F(3d+Pp^?>(LXbG-+h?%Y#Q zn@PHz1o~Hc%@^gw#@r%YawZ5eOj}pdJvBji0}kW@D(`5b+dTm^3I95X1>X;bb&2`* zjWnwA>(E!1f}w#M!6fc|nLgD5i4AIpKn#{h@d*y{ zwrcEy7?@`*027H{G#gvRhBjR;cwo#>qLL*N0j0~`H+yML2YjTW$gE2+*W6>9%VbJ)P8v7aJ z_MVebXMpjX^^r{R_-}sZJVojSOg&)Qv~{5g@|E_1=p$T%j{UdME-j?@foL>YOKLx3 zjgTBeRbq3jy|v>L*Q z>{J`?$Yd}D;@AqdGN&AdxqBb0O~*Rh>})3TN#{hQo4g3|b`&r|5) zq%fDF7g3teqvnA-NLS7cO*E=Vv5>tC67VL1>)u2q&!sk}&h)f@FOX%L^7Ax7O?OAM zdmTndgonpPfNn#GMib3n70w4R98L{L$E;4aXv^x!TZ_K0#FcI5$~15s7a(M*#gozH zbH%)ze3#xUO_Q`Y0!qXxPr4 zkh}|lEV@uJi)hQd2h1lcRp7Z$fIFmgeF2fQq`+d1Q&V;HNkp%`SoR=IvN8EU78Ctp zU)iRzLJw3DD+X?MKwzhnhCobBwYlIjH=zc4KSThiA(~+jo}$s*1;S-s!2MuqOE3ySb~lFk4$mH#}#YT^+TA> z9o_*;n>?F{HW`-u&QiA0Qi>cs3$~qhec_+p3T_9(BR9Na>dy9sDL)$=(?fwENRxA- zavL3+8bHT|MhHwk506 z_hf1yoX*v|r1#!-+RcXRJ^T_2yHi>#fWhu0N*P&~2@*ZTN5R>KXie^gF$vf=9uuuK z*a9{KcB4yuwA3<51_AFYMZ8P05p}VKS8@5X84P@wHt7XVL8nw0=IfUx1;ut7JqFB2 z0y~4Qf_50q+TiMVKK%e@W7>x;V4XYSQ9#A{!@Di`1S{a6%U-z!;6+2HYno*iM#m$o z7Dp|Y4Dog3DmnPMr(OCHM8qgX169oJb5?arZ{$CK6R>)OvKPRUpKd7`6xxxVQKEng zL1<8LRnjoqlg|b#K3;W#DK?|QxNs9py@AkTdHR%;2Mcwk3M6nT!ns*=_d&Sgi+drS z*uqeRyv~;B(X?sk;+s^<6wV>9qO>b9W~qM3bG$fd{;{_QqMeo!`wBTV< zP8+BLbm1OH92W4N%k}lfll*mpu@W-S&@({QTizV=y1J$cYLBo`JLZIw9YYS|;5r4#YK2 zRC#NqltH!{AWDG+Qe9t@8-h7k>?n>znPSU&B5fhSIcGSllYq*T`+?K@yR#9+P`1e~ z6jic0Q+8ht6)i%6-~LkzIUepR5tWnAr%btY7${(uo$$?!Uf`!JYC;!eufiAfCxGCST7DR}2zv_n59j?TD>8YJ-KnNl2kYXa_ zgu7Rcd1-kxk*}yO=k?Of?+Ztwfv+d~Nx;h6Ubo&6OaW;UnJl!}VRXg(`k&8M>R0_| zF`5lmaj^9|cgT*x&K-oJj^N2KPr5aD=0eIIIZZp+q{U?W5H>!^u-nid386D>d~FVG zJ#%)7>(^LfskWYC{1CeF2xzC`pBLW~kNZ6(*@R)f6_anFv0tZ^0$}9^x7zPNq!Sx$8P5J{d=I$_xLZT$V37 zNo-3_;}J5=Ixi$33H9jn36#0rgC`jsXxp9fz0zcMD4@7bb_C`ytwk;J){G;V8#Ee9 z395uw{XEH3p)}Ih5!wDTxdMuu^%U2yZFWw&)#oH2g{#jJ3h5D8zLO_@unZpw^H&d^ zL4fdorwPoLv#Y{TcERX%UCKg5AP>kBi!_@|3P!)c;%x4Ug_Rpv>*)M7tL%@N=oo!} zG|K9I&{2l2-6*HA&umb!n z*^)9Y>rJ9CLK5_y2m!shAWmFX_HXWloMZJ0=xKmcAmPdZ}=XpDo>t>P>3 zQLbD>j#Io7ccBj19c`g?z$ztka^dF<2+{sX6|I)P15@YM z12I*I0J8f`+fjd^t&^=QQ8Y z;NG?ZsVSk$eu{$kZ^=&Z$q1hbS}XhVw$e{rjvwOgQtBx!vIN>=Zx_}yXF8qK?l%3U zIVB)yC-ZqH_#;!|H1>+2X{|xh(+;$k3!;XtH8U%WeCT~hX3;O+yoRPCZAjc@nlEey z=}%+Cc1lDtePpVVcH|!nK>Q@e`sx||f?W<{v63kNRtEv6^;=3J-{WXUo5#52!^Cqw z8Cuv;ML;bGU>+r8O{&An6zhlruy@0PBbX}aLX(5kF?YjBqdnOgYS&>?9D6NhD-2@f zf4T9&+Q%&e}UF^JC zo`iVu^KT*2*+2&$O?`*_oUZLNh_acQymIrt96D$x)VA*U7O1y~J10!5$^+0vv@OW0 zmN2n!)|7*ko3Hwtz|~Qp{3|(O%R%RM(C({|OjpwGGYQaX9GgG7O>T}&pW1~RRSP#Y zUyxaytobB1uK97%z)L$Tj$Ta?h}0YrXQ5ndFQUH*1_Nd`COe$h7MY-Ywfr}F6O4+! zUJOqA8>TK5&l`)psNoN;(BA@60gL8ZZ0zLzc$WfAX|gK%PDEPQi^`TwTWJU1uwv0p2p+DktHG{^ zo4OQ+IVf%%ksW1x1BS>xbCq3G=Oo2GnV3qtz(C&(SU7IXa$(^4+!TQ1r{fxJpYd%w zLndzhb|}szx0T74a6flqPxFwr=0uW*Xyz?p8|tM*uU2xU^(4cwHH=A(i^B+5@tEc9 z7fFENeewp|N_3L!(6$Yyyjw_oPJk^g!~_9PS+t}TaH7M%LvS$OY*=9!^{{vF$H(8@ zZfE*9JL#yI8q?*mY-_N*??xa!#p36HybWL@(*!e|h{j&NAm+hBmq+ieT*KbYSCsZ6 z=7gYr_fBBgVfDivXZCw=S5c(%*ijb4P9!SRRjc#zalDEl zz3MMh=QYhU+(RrrGlAsOoCEu&G_bL8hg@v>33stt)n4@6H}`|DUuvx1%qYw?r7T@r z-XsxY$G_3dNDN4A-Yu)-Oyn%sgoG{t`FWcrLOdH0tVpPR{lZ;oOKH}PuUf-1Ya1zT zM8n@!I6imkU3s5RJLvwPp+_QusDcRa0q23ssSbR3Jwb#9u*cwX$zMY}Myj<>IeiQ+ z(xoE)a&Y2kjUV#mCWzUAID_i_O-iIJ`H(kti}tdPxD!m99FVOqSB}BYwmihd6vT; z08{$1Q>+@LLG8GEXDmn3oSik{TRAR=ahyxwUM-OFWG1@%20oN-^`L`o2*^c@C}CfD zDK=+%YRw0?vE9%Ajot4Lygh(mnt6)rz0jlzx?&cl0#`?}6TLZ^o9)58Qbe~MjfNS6tutpU~+u;F_MS(YKKvD|5GfvmjeCj-!{b>RSeFNK$2@L8A z^oSGq1TjqRq`+D5(rL>59m6AAQ#5j226koBOUcU4J5xPReK0 z$1NNp5?ky(8~y2{wt8%xLY{kEGnge|#F?<_Gk9RpeXms9nM_XKEx;IyTj`Y=Q$f>u z*fVihyqnZx`fdccPv7@3(UjLd0ko6zZr^u0hhJlow;h`1U$pc;he<-&WSz*kZY8LN zqgXaL_vOSW2Ib3X7i8U|ysaWG`7v=FRLc?)MXh2qaAZ-|FnxZK_rTMk^(=;=Kaox& zRx>hrtj0o(aW_x3@p%AWr>pav5iX;(!1?4v=#1Q?VdQ;WtZ48yCW)5z$WC5Q6iKGh z{6`Qv`*4%jEq{9N0Exr{erMLQ=h=`cdfQ^dSymy4OC%1&lzoX-wN7SF;=1Z9kc7Ra zYo{C%2D49A4g4?g(%%4I5*ZI^#&iVu6|36%@D+7*c0*IA%;o4L^(&IXJ=52 zjWE{#bec~f90fu)_9@b}2_Za$T3mb;U*PT=xxaZQ$Cb3nrn5A`hkRN+l4(o{kz^Hs zvbH3gESEu9l=myU0x*+lzjW*tULsc++(KBMsTDR*4$s zXD$(srRWD?vEgYcA&-8lq$id_*A%zeghie=dRt}^IeVFK4@b5yY^OJ#dYjX z6~-78b0km$VLht)Ho0kK^=$GqLt0Zm?PfDM=j7mJtrIQx0ZjE58F>H(tzC{ zA!KX8ro{^LWyEC`t#s8~{AT08lpEEQO00vC59C?MixdEXtNAAT1Hee>?E7*nnDYF4 z9sEChPbtHP6*(+*MUdr^y1zNM`Z*!$btR{+mZ;bb)k$!|L6NDzql)mRI^#|uz~?3Y z?Z&%rXH3%VNVn|?_I5VxwG$*_NdVJLYv)nmuXs2m%h)oBTx8^R=&%f6f2CwU*K6YY z5q8Kak_yYRc5){~S+WKR# zj`prxq8ch8PIHj*fxjZDgzR90yg0gWxogEYBE-?=E5Tx6A`Zsi2h~*x)fjwb7|4FM z(bggIxVwRcXr3{g0B(65kcEAt;fYtU%HD|vlVAA)W1!2;*t`p15j7}F0(a6jqy-B7 zJsBx?x?2SCVBp|xw)&I%;W|QJ`DnaE2}mbGDUdaPN|fseX(rn2Mm!h8EKIB(PSAlI zXIx2T>_bA8D*{v;i=(_r$-xuFQaH$t7Sesy~dz6_ib4xW_#TFN0=8h z_K*OF?)=qngrS@h$`oS^5WLDevi4OVkE~!-Vz0jr18~uuP)s+nutFS47{g74mRSCx zTl?UFC-8}X?eTo6q?r}u;QctzbswQXr}sE7ws$|i{k-3AX>u|6pfPmGdvo}?bimTZ zi@IiGij~{2Y$J}Rn6qSc;e_rQ%~#Nm!qCmvMgY!d))@#%i2zx+8V=HNNUJR6A#Yrv zWq(goc?pl$APCyXmT)E2eYvScmL4(Z5_{?o{vnkc8aweX=QyN&0Nh@^D5&FIF;&=F zlrdo-`xsY79PMIZxToL{8fapyAdqhDQ>ym>yQy4thrfs5CbkNgVzq+|O(os*#;-L` z<@-*fg<=7B*hDxPr9p1}nx}G3&FJr_FjB<6oR_2?@>avt&_*W(C)+#CCM5f-Qbm#92*~}mi~$umnsm#F%T3Y6yd)<3Yj^nb#Tn{rusDy_y(_UvCyB1jmj4THMOQorL>4 z8sblj0tT8G?I0Gu^ev`1SP}8<(w95VMMO5&aqxKcQoZ%HjSZx>V!UnmwEDoj_P+-5 z5#cQjG?G`5(o$jEe}LP# zqj^4!JO$M{92Nd$WcjWm_Pga4nm<@pjoDKkA3t^PFJ{?|Kg3Y37h-xeHB z_WxTY{wZ%hMciI5dYJ!>yZm$IsQ}Pt;H*3mr~ik&xBiRj>;C>#5J4K0ZV(jd8XD;? zQ9@ckq&tQb=|;K{K|;E_k?tCpp}U5L0fzV+7q0(nK>uu|l)eu@G+KwZE{gs>ZaOt% z^mo?~oj?KdjF7)QGC=3e35dHk9JUH~{@TU!aKLh5(^-P#f3=+OAIn7xsVe{7a@v0^ zS9~`$_kY;rKNAAz8iN-+54LRl+pWF%{l{`2&+|wAZn@|`mRlRqnEboti2hivNX&)r zufqZ>0TY?ZEi;wvZ?j3Q0`T}k?c2htzdMP^A1A3lopS!GO~U>-$?sj&jL5$Zi|UV) z^k(Ge{oP4e{y2%I@2>U#?i>H>?~`QUaR?s>^ZwmQKK^l%ifaw?zdK1U>aTSN*y)d* zKT0_}^NoRo5&#Ml2)zLUJx~BvWb*#kyNdUkIzPv1PtF4QCNztIpLdHiq7j!r$Ou4Z z`IEJ-8H8FYKa|sp10Qx)89&*u0bisa+Kjj@!DJ%&ss*he%yz?rdlxqqXC7s{2g3(;060zL5aqDqCi!_dpC^)1LVahlTd-@i>jb%ENBq512T`ukAH)|->TT0q-y=>!PEN`Q=jZs16h%ihcdpjCyD znx`8BXd0(%o58ig*JaHgfjCPIYwc_&wAv!hJtWKLx<3eqa`zqsC?yUD@Iwm*-skUO z01wOS3Lsd_0YI7(IwWw|o^hRbkZrqz*|pWkM3Oy!RrN!2AJ`u90bw&CfRkYZDB?nc zy#W}24WQaPf&ua*D}bbEkdT68{&|ExX2ta5Jlc#N%88xhy| zA>SJ_6J>6{u5w`BvDf?J#HtM0C3br0FO7PVFkR{;%JxzJzNoZLwa5EFHAi8Zd8P^} zKVytoZ=+w)Qx!gELEZ&ZcR?hw$a#wG%n`!Vd<(hq+2>}rTvxEdi>mIw{Rik zjpF`Z852xJ$lCmtZC`&za{c^Haegqz5489xr#FJtnd&@4+v#8~AI7LmPW+**vb7t@ zQfR2933Jx_$A7f(QO_(b1m3m+jD)u}fQk%ez#v}|!otC!hyO=2s0|PZ;6MyS)w7*V0Rbl~q49x)7V&G(Ife6c#1)n9$L5}XUmW=$V zy??~WNzVNaPnxX(&09tbA3Hbd*N7@Ux|hne+L_gn(5QH-yqql??EWq9L(O}eV0bFb za0GKLPxr7oiQqe=EIR~D2XPDz* zx!~)v5@uzm5Xw_C^I_7G{k$g~-poDPvOSTGkhKu#{WEe!-MWi^$Z39FG~dVaH>MQb zGqFgya@F9tqL<(GJ$8Nu&IGd8U-_I*Yc0l^oeqOkonOoHub5X2^Hl*-Poe$Yu6zJ) zgnRE@Gp(suVpwS!YRLF36i$JH+$(E~uqloXW41Qj*Ms@1Gft7u91GYj3a9Zq{IKf< zv{HK@8vt{}XFfvFMqz`}i7V#5Id%X9A{LVR&%#dtrE(4+0UfG~R%3+9d+Ow61cU{u zRhF~Glk$9yF(<%f(p^S-4(JC@sH9V(q9NlqSEn|BfiRPok-7`7cg zD%QIT(H&)M0R6s2(=%yf)iaG25twR`wzb-u)`xiYg*herYvAQ{HVzcMJEnb*?fa_A zwEwV2cQ7)Ir}8tk%&6VsD5mv=+v8h3-&+sOrWvloU!V1X>wKOxAFAvjx7oh-(aD>W_)r<2Tcm@v7COEkXj@Ad4HKAYLa(2DpSf9aa)+SS5<+DTx|>??|hEZ z@uH30!3A=hzH0V#H^m~Hh_yD7Z~nWQP>z{Enf#Jc#fJku@)<+1MvI@US<_WbnBuQU zmZQ8*Dao(r?UxdrMudk``5Cq0KSx8TeQx?M=gN&ybe)D%eROXiWo+qY&>Z4{Fti0wx{5j8&70N^o>)%>Q(p=8_;8It4{NPLv$W*B zA8obWF{4kuSPwg0*KzB=YPoTuKf)cQtu1-m5bJrMe2Neo)ri<)K->t{KvbG*!53aa zE{)SJD-!a?`EC5i7Bl;Y`_zbH%h~U(B?+6Yr%!bK+V~HbLm{?xGc(AD$(wQ6X08d_ zrahk}YIkMn7IgfzPa~No%H%fdcRuXMdpf9fCcC>z$>AMiJBv0S#Ah4xj?u_a=-@^< z!p$67}9hH^~K-ryVxd^~pYyf5W z#h4_n4xkc$>%XaHbaQz;Q*EIE#12ypYXDj19QUZO$)7rfdr`}&mw?(n%^MKw8xvE9 zIRjClSwKhr8HlMX1v1k9pjo}yMRVxLSqA_wJe_`DMb4)*dPe_f8JqSiS&G*H)ZP&s za|00n*aFJ=a#8Q=fcG*ffbWT(-vW`KN+2?@gzgOmRKGVK5?Pj01;&72v0z318J21i zAToyn(wF%1Ut?Q{C11N>3da!KCnk~$jV>hs3xm&kmIDU#1pk?2@CV`t1C(=CBAypK z!U5%gHhI*x`B=vH23PE63`cPLyF|9?4gGA6EUv#6M-(BbGkclh+7G^RvudW*gXj&y zQl`8}y-UhPTS&8MtZ>>AgS23`4B7c^UJ=9Z8!4@VDZtJ5Bg@{1+LBvGMCR6PwAgTs z_XV^|Md-?1XuW{&=2{YGekqfZuhVl^&*kd(jCB#~&Gpe9WXY#$u&jBc^>TNwe888_ zt~LSp#d6lZ8YBv4XGQIOWARIGFvGR{bW~sg_k-%8iyt!oUI_NFN_oG?jxk@@pJdw* zJSXil=8L$+oh!#LbH@+z>*!`@)X`v~S`a>ZT6g!p3F+5Sc+1~+U>gI;@dW9XeBc!$ zX&T0UWax+zT`=w7AN+a&%xjN=VSPDRHm8pe5Ff?DNM(uMJy09($L_z@S zJ^V%SDMq^S{qw8-WezMn(kWD!y+4|P^D6Q()DSuiS=eu;^1(BaQON+I(C@G-(o zyVq$MU#^sY4FM8=?JNWH*;<%&!Utk~_q*Ro@Wm(8DxAjTohu1R2J4w3SKnS2GC)o< z;ciu0hQ6-@X*{rL1ofQzANVS3e2MuEFug7i7_GSWJV873Ny%Js&TxWq2+25*nzB-LmCkojdj%M@R*8Sd0o2wsXnuQ(u81eop zTX}NkUSM4@*Yk>Pj?I3d^I0|{$*Q${rq<5&da)?6=fgmc zlXY$Pt<#BV;0h9BV%U_3qMOr74np`S=6<9Mo(ifOL}qT?+iD!-!47H>q9hs6)>6W+ zW%i?NQdF0Qd!1p6;6wi@SE3Jfmd0D>g5E#HKtSAX*$mqzmCq)KxC8$L4{`6jN;mVl z>yfctBH?;j{U#cF7!vzH>(r*UwpHb9RVQ5ea`m<0CNa|)+M3S7;SW)R?$J#st}h|< z06HM*1R)tM8VPoGguuGrW!AKd5F$^}+DZ=RE;!05z1KWZ`V>a_ddHf#KZ zy))Bc+zOHp^;b6bo@{HJTFsgKy+XOHF2ejx28X2jU;?CB(rSmV; zUR?Y_mtSsM#=7{>><)d7jI-BhCwMHH)tMm=8}JUikG`oT+)Eu5Zb(dC_EM*v-r~CU zZ)hRS(1b|tlj$dnnn}HvZZ&+iT5zvjSLY^xnCERRXwd^=+fYR_gm)NAGr_?jx_cz) z)z>u-K834q*#ty7!dD_iw-iONSU7gU%h|oRj+ei`6g8f{H7O4tKd4(Gf6kW#8_i08 z;I#5n>rxyS^4k?=yEbZEdHPh~aCNXHm>`|KKDUk7Vq0qfxc+wIW#wz{tZvm9zug7I zb96JIy4mq4;eDedBd_=DQZz9e;R)*=GP!=n6TJ54?P+i6uu-mS=ADGuKHZVGj88mZ zE*05N9Ii01e`JmxxqkQNyQvZEes^!-mS;FvE-~*OXWrM&ms%Zi+GTiR?y%~hPtYj}Vv;(N0843;UUGxNPJV|BDG4JQuyx z$sG|ygxAhA$cyszDRHNp`{J>e$Z#l`EcMbtY10*sZj&Z!mjBaHY2mODfwD4Ui{&J&N z)IOITRL(1^3`9U>Pk%C}iB~@V|3n%w1*cTC$Lbx{nq$PZ z)gAuS5NPMCWHjUXB|TkQ3;N<$esVVX7_0)6Y;Ylh95k|&_~TmulI1=Cb>(h$ei@Bl z`5ZSP1;F0U{>D`L!x04PkOuC#(->;o(MCzJ(AN7p2+_(i3z*b@O%SjII03+@qOH-= zeBP$!MI=hhIAg^lLVvG%sO~Bt$%g8fmrD+Qglb* zmqk@;WIR#jK=t!HtnbIAFu<9l|T<$jm$>_vQ!hKQfUjQw&lgA6Kq z+8mroaovpVvyS1p2S@D3+xA|?FhheuI(2JNCy+7S!{)8dn%26xs!vG4SJAYLD?j~X z16T2s{z&kdNZQ%dXX#%5nR-6)XK3Z4GgiylfuQF59^W1ED2rNWo zXZC($?s`e|`+(s8C>R&Ro7($?l)X5R&kW`pP@V3%^79pK(k)nJze&q;?XGCIlMvUH z3Y>z)xt2RQ!uEEZg;*w#m?-uH*d7)aXfW*7Np3$0}%rHc*ZXre9(02 zyZIw)zuZKn8o)Sqc?K^yoW7yvd)|ziuavRUtOb$-KQ%ba6jLS#Ir^sgR^*%h2Mf)IMCul{??8pd0cr~__eRtg(z819 z*oUJF>E_t%m_0JFKdHShJ6eCaw;i=+OW;m{i zabWA{RMNp>;6JQH=dF(9Gs+Nh!wEiGlp9Z}#cSb!>J7H&bRRwFJPM$r?i|SMNvlh| zITc>o5L2j(nT<=QeNp2t2+z{Y%`TN(c(b2EEHeujxcmvV2T;&Ztq(I>ai)aUol9UZ zzHWwN)y83VwJV}o9SR%DDTOJ!*xmXcqaogbCe`|0bHW09i~|@^t(IK1*r$$eVHT6O zVpqP64<8wbVyXE$BMgt8Jw*n9O5v~?`9RvBhm>YN{Cg-Dbe*uW{Xv7x$NKBt5hu2B z`OnY|hU*pw>M}04%CV@pmy|M78_h{0Xn|$QVQDdgo9e+*V>6|LRr5HSs9vxi*&_-u ztT5MkTV1Qe?l7;4SU`1A>PM;=C^iB%CteJ8C|R}ebJLVBuD>vKVv#}#K*QoZS?LYF z+_1lmtIFfKb(>2-vB_+5Yf!m37+dt5qA4(N-bpYJUTuA;Qm|rxV;sEHVD)5_V*hG| zKK%&R!=ALR)hPN(o-*DBS}kwcXd7TFRhXv|(1{Mh9MzM0;^_BS2nJ5;j`Y%fLRp@5 zI`0Y1TJrX%=Jl!HaHq^E{Scc zBTXzwo1bhV3vyP6XiaJOvR@fWRf?Sw2gBIOAc8$1_jv} zSwa<;!){B6rh{Fn)FU@~SmQgDe|AYg4KI+rIlymz(w&N z$lKS6Y)6`}0`T$Y|tGN=pR67xMqa61j4gH3I0h!@O# zH%1ZTprZ&$dHVx{x$V+1me_&6ttXPaVQG*BYf+oqxA3ys+Ny(~^e$ze0wLqwh}=ql z2*H5?fbP@C1=yK6=Iv=_^*!^qJ?`shpP#--2~h@OzOo-_W}LxMv3GNKkVJU1b^r8M zluH)5sW7rLywy>nyD$25yf@1|I@L^;Mf;cO-~pxk-EwKoK!TS1hI{tA61kD*0bO1d z3iasx^eGloole~wE2vsOZV7k%-5+Mkx-B}kU~0H81^$S1$hKQ+0X@8uVQfHpAGOr| zc6*hyr06J;--PxfGs3+&AYg#ji{59oja_Hcn8WViMj|cTN>x5uIu?G-=FDRmAf8Zt ze^gHA0CGK;6KSD&?=sDNamL;CmP*u}_nG;*-e-IRW)k1SQVRDfTqcS67#pSpkBTx5cXgHAX7}@n=IAW}Qr(rZ?brZhX$&Y){)Nh+h4CL3EFYjC*nO@`>Q> z>WNpzp0JE&9zK~u=heW$6~|GSqD_{F8$yghO!TZavp?lQFY>g`J6mUj`6&~pne zS|4AwVK)td6Pgt}7CM|-b%s!vJS(wxDs-!{WX2x?N@&YPwhS2XTmxO8=IsC5&SDgG zzHP5kkH8%uSGSD4$yiVC5MsQ+YYpIhtv)5k)BIUoTw9R`gY(BjS{0IPwIPPUZ(V5Y zxDjLD3;M)YjUy=dI#wmrj-Fw_CcW=Y1}hnIcLs8GRo^aZsEGXbyl)2T3Psn$Ogm?R z4TGL3NI0PLBAl(UuVwgtX6qaH=D1TpQtoX8{)e9LgdL2p4psRdd?m;>n_cek@7jIm zuBGjlM9?F)6JT)c1Qc;2=X96J3Alq#Uay^^C*d;8HV^}~rEH`Oi_}@lmz`{+YB7Xg z;KB8Ejqm5hW;=S=l_iFU7*~{CXNg4pX-HaS|1bmgrO9S89CrIf!5mZ%)K^}7xO<<( zz&mSY*Rn=@73`ZKXcasy`fZzF>t{gAl}d-MS|WIjnq@KXNQTNT&|bOiqDMEoehI{I zWnDEm!gn;F=>2x%vc2f;ZN;$*q*iUz1+?(V9I<1CXaX%i??~mbT~}Q@#URY+h1vOl zCmj`Xbq^F>h`oXwrub~o%kLZZWXGfp6Xdu)_q+F9pq0c ze0P0Q`kv!Y}qM7L5XvXN-mwVxD5a`YA9ZLb4UrHG;YqD8m zjC?D7Jo|-RegfiJ)zMLxxrV&d7==o+wGm$F%9$e1=n?rROG=ANMeW%r>shLPh>3wcO|S2a4u^y9nSdT4khCfCPSVjO>GK z?f@7~qZHvTT_Z;e@1$0+Fe|O$5Rf@ok^FhYm5qhro3epHe-kp7{-YB!TO$N#y&_aM zdBXD#=6)kl7Ye+q;q6OKjtxoDL<}LiLc4inpv`YmJM!aPT4zk-(76H$p&V}IKo7ik z$s%FvEg?$cdKj=Srp{+DjQ2mVR^JzZ;zND8B;S=8wCn>=?DHzQKVj#^E~XDrYjjUL zN&tP`LFDRY&~}i%`%2*WkJmQfUU;f*QKHZlX#6H;ID*V!&(U;iD(&_t?-*EHoo+cg zg4w$V%}>2+exfK3h;BH(wcmGJx~HkJ^0FU!liR=hzxD-}s zeqEj)YN&kjvw_Xkp=!*CL4)yGM8`&An$2!^+m1oK@tE_wEq||+?J{gVa5GK0sBI#r zW1!dd&eomKc~1-0O;Ez+>!AQ5n@3=dufPlst^^?Qtvg<7Or9q@TQ_N5pWZ1}DyJ|1 zu930*-W4s<@8f37qyCLM4fz^oLg{juE%TWUaT9=H*mzWHDLT##-(CLnf!X4o){)B- zN8atwd)b)$dcT}*6rbSv(oVD4S6Oue|I5bDt%+A`rkI1%r@uZ8^Llx61R>OASunxp ze#&^o{W#dwgOcfEyyq`#za-S!hj zkgVSKAAt2B3->E?_GiYym*(OQ5Fh?ed|C3h9&-8KHf17EoxWiy5l@#{k+j`+|4FS5 zi1_Ur7{?t%Dc=eS5=hRnnjo}Uy zQn~f!C@_f(mflF4A)Lo3sEn}$+zEW}hV@v*h;(83AT|H`K>lv$`JtI-61|-djsRkc zN~q!yO%_&Ya1Ifa9O}NAV(vi|PkR=|!6NMQqZVM6xErG#2YcXKB)=#E0M@R+A|xAL zI%U>O(kQ@5+bn<^NsHSly>(uhLuUZW7dj+92{v*UiV;o| zus1+Q{gaHNi`u7r%3AJ|egKp)=hxV@)0rcq>z+pb$z?UmH*agiREgb7bM)YD9$)jT zoTN&?oI%5t@(oU)XkBI&3^eDeFs z?DeHJ6PkYG1-gOqiz-{0%cB3XPF#(XmANsI%v>UU-Za8S+{iO)_mC45ZQwcOFP7-!f%?$z@J z?pZby#+OfsmaTeE%z!5!kE1VQ65XU9U50fJS};DU3ek7v=>+jUw45Jj)o;UK+* zB_RFbXD2rLArm6}+WnK!8SN-ZsZA!icrHMv{t|_}!D`#tAYK*T7c z)`|c;q6UvH{vAGstAIhCJykP9LG(Pjnf#BzisY8CQ;EyIcaT3XZ;0+^%9KKvcOQ%S zoP4Ox`Sf9Ep;(&jJkQQELdZ8f0#V@Y94ar~Dl>=FSKF^h7_wP-f^~vDZ{67De^i7| zmH`Rn?oZzaKkuHUsEmCm8mcH>N2+S_@h#Cga14ckh!kIvl6z! z^Gp_OLXhTP*?;5JgMm-=2Z-mIN$+fv2MIC7g=4tP~O1;{A_vVVO( z^ZKkA*X5ZTJlJv0O9tr@MmXr>@Nv!sw6u9B&^H7>c z*TY4T4S6Z|sQ?VZW-VOQ%5i!jxF#aPf zdG7Z{Tu(}xpD;smk8{l5Gdk?nEBF<;zRV6>wdbYwGGlnVavr+&J z>W*+CuK!DeK>zmrz{&X2oEIAGUV~TJa@CgwbmfR6A@6q^(%S#0;s5DW9(X>V2$(}L z|8AGB?GI`2er!H?qnhydKHuOa2fPVMl`mjmL;o+Pd-A1yDsAy(rUj({^d9Z+)&nk{ z?%zH|wUS=1_urdPJb0vY?fl?-{=k2mDoPSGQo{`I2#8Vt%Tqvk12lN}C6oETJOmmJ z48X{7YVvx2H5bq?&I6#qlLsEZu>PCL7=WpwB=N%Gzgdj`0nmWr!FD0ne=}Je9=bX= zMnd=F|6;A>2S5X-|1pI4{}|$*iT*!^_#Z?3pT9T%Gb8?IM*RPFMkHrEOR0~h@B_7- zXNjJ4z9L2a+8!*u%;whI6|CIWKxl{v^8M`T>1pF;UdPHdRJX%7?ds+RyI8b^*?8J` zST>e|`1qhxQ}5C;Qf#=Z)>qT9Y|K5222@o?<9~U2!fZZ$${QXX)ygc~nX7GT@y~6M zLCqTZd8pp|?ED%eBC>GdD$g`DG|bD)nqr_OvPoBVRh)nJv)MQTp?B}r#LUIxb;hxG7ED%rL6^wB+H_wMwR@BbS%s>>fx?T@1^Fb056QOL%X%EFw zak!p82=lC_7Os2Q_GDzH4pSv9EzQQ$s>H^+v~HMnq^@o!*yh)~&7=`Oh#Ru`i5S{B z|8_+{sOn4eA`vf4W)Wxh;J^_T7dh;DUK<9=YT4mK`J|Da*6L5SnZnh!@k%IgM&qIm ztguN`33}PI;38}O)TLo^72Q^-79VU=lmY!!>W@xx1?tYRg0S!x}ihBi81-d*kiuz>UCKug|TNt^sHsIv&zm+XW6bxB&mZ-p*s@64DWd?Q-pU*8BjbWTFmXtcr zW+DB2u6p|t(`N%hLv~plXhG)E&>sT}IeVfY{q)^Fh^@=RQJ&Q)n3yGn=|$W?bVTQ* z2eL#>J1JdUrq{P%=!c|;rN?K73d)Ah4U{b;H(-OIVJGUiR#(ds?`0H7wUwy*kCIZm ziwk>0wu#$?7t z?pa-E)1%JzQ-MR5TVM4xTs(>xG=k4)=b>n$awA)$D0kFvo|~?VXZuEj~K`t3yP6&mE7{&>0q?Sp*a7@;D!q z$sj$F@LDRVA9PihqGa_hL0mkQ&`2H|BTc{WNtt<{`Ah$T-Myf1Rfpel3zLmy40@hy z^sMnWXxc_sW!ioziv1lw>^8lYbRN}{0mjP7UTFwo=kx*~tmLO@y%^0KBE-c0r}tcH zJc&>Igr;;Fu^k(m2Nv62a@UqY1sTp8r(`=8@U%>m1~J|rbW$hpgLpL!;F{-@uxy8D z0o!#vNMs!8Dlc@{N}o(N`7j~>EL%BNLLsjSlNX!ml*|K`U_tSsCcJy>!m-?E!-iIp zz|P5}sHDWER)ZwHm$MQ?YZ*ml(D^dMPBxmN=YjtlojDstCz7ogRPGr1wD=maXlk)J zR}ihCb(^7P&T(tSqDuP5`LRTe7?VBnSe?{3N?a!*gIYrG+Hu2kn=JUO2dLVTGBTt@{$>_I>D^5N|l>J>HE$349#ii6xSJd-4S;ds(` z^rw?HfydlJWgiBYg{D>B%vg{0#43}+NgZlhq<<9JMFLDNBn{;0)&K;iF*_@&AasD$ zqUzUoGF3RiTgz{G=7BpxXGPTIo`-dxLU%Cm<~`BIRH2-3gh3>X6m4)nV)W6$%1=sY z$8F?tB=*Fo@$}N&06Nq(8Ey;uhlQHbwsWd2-`)o|s&xDqqVu$M{l)raoTYx2=nzKc zwyV-+ZB6SoHi)mzpKU^VwwTpN*Rbn?rPlQQs_Z~jH68$-GXL`N(0R_Ry{KrWEo0&v zA(S!5GWBXi$|LJNuY`36?b+lC)T=8?5L~*hF;5Opo&KfB?1pT`}pRGAEydTo|DXjUsk8c2}LK*D2aMQ&)=0X#mOsH?JKUq2| z*Ap>%F`%)UFn(V1PU7Du<@uXGF_tS%6>MPFp+|#0#HDkQv>}3pvQ?i(@+j!~xi7~f zo{RMPT{Df-&!0xfUc+u0b*Z>XsLZT!CQm5MZ-yoiH`3`Ek)bEwv)Q&bH#*)(;J@fQ zhm4QUGUMWgkq(4>KS=!=H!9!kQP3qf!S4X!;F+3l&BEDIId~DnU?@|St-3kbz7t8h zj`*6h0^N(veZvL?^T_fJJ621ccDq`6$tNW{G5A_X_c$fc`GUCmd5yBaRlX*vwzDKI zqc1i*O`jpu=u+TSxr}ozB;#-_kWu{A%*-#zv`3rT%$RuGo#I^|?51Loy?Umxqt3Z4 zR_&XwP4eQ5Pe%ebjq7cPt7=Z#9+xJj;wn#H9~1so*%5ifV_*2vmtr0N;<*&4jA-V2 zlF;y2?$h88U6ZC3L?@qc9C7V3;;i=0GJ19lnl7MmHso|h6x@w6`)>k@t(t#aGYVQe z=^MP@DM|r-8f2Tf-0}v~g#l2Kc-A#|D|YPmieK zi$Pe)zXw0M`jm!{wN#(U?JeS7WTLfg*5m})^^$Dlb$lkv*dn5}CgR`HFtP3-+c|uN z{1|+vDSIqEBX^Lfr47kGGD{a^qx><$)5d|Rv&COdH83u#YgF0b*UTGLq=(xb3eVSG zF+%c=h-U)Mc#X63Q)CM*ivcH$tjIv4jjP9q&qh0p=yVep+j-K#{_f-99M~nM#m(xrxaQgWof5IjnkX>&F#0w z*Q=|KsMI59ub~yqkxw9JeBNQPAK#J0KdKEy2G+9*H}Gk?K?~RL@)Yx-1X9D_!f_<2 zBxc64246dQZ60s>@#o^!ZIkz^o_{OBGkFNLQ_V=}>a*0!2;uZyOp~tENu;Xv-QN*y zmEZr(e2B9Z<%C?|5;dnFJeR#mx!-zrEE|R>98J={whYFVe)mIo(9+ArEasfBcUhz5XW8r={0EcFO2Z$$kP} zwoB&PbJ)qGWP*OivzGqYDnb)0h;{Nj6)y>2!J?l~1cOIg2291v!z*{4OZ7@q``#nN z>_Pyaz5iB`9c@EZpr2ZFtt`h354-0}!wVG!Q#-kg=(ZC+BAJw@eBL~A@wP813lvwSThxMPqcn^+Y6MSyikqZO zpE-jGJF;9aYIPS2Z1<6a?)?=*-_>rfg{w=pG&6$?a4+J}3KX>l)Z&cRs>02?Mus?rMgIq1b$@w^tNsEzXQj{wuRji2|1GQS z6G+=Ua>61)l^8wp5oQv#zPnKo%HImH-GOHc#Lp7MetG!t;8(P*%xXT zjpjgYwJ4I&y=$Tno09}L;GJ}59jc5UF$>=g=PLG1V2 z{53pM7T*v4hNi+-yLs0s6BSY|2I@@Z#x$(t+Ve;GpfDoY&!DwUt#&>%|9XJ;XvzkAP#NcLHqq!C>nojzfO)c z!qj&-zIohzX?D((Zci%J{Zq9{C$9qb4h8Q^qq6-H-Z^fwBioJyM!?@lI zarS`EOj5;3$uy~IUiEnCyCTq2Ge6{JuwYieiQd_6Oh3zxP#;*=Gx#U|sLF%Uq7YgORSb*-^uM(X~$9Yu? za_n!?-0JwklIIe?8{elZU#!l}2Mtv%C4|@`MheaNh`4JpnRN)9O<&-kgv!8{$XRq! zQ&YPXyS!OAB6Kb)>xE%a6w_6Y{arLEjssG%EVZ(cWHQ?W6B4?{cDV8tHoJ9XvVor? z-J$pI>&_v)K~9TpD!v-|$>?coN{^?D?7If#zB+2YQF?^SS;4lv9mKH)hKN|+Y~ySA zC%eA!7-Ih@C;2&KgbXg+VL&4^MK90wdm@2U)MJi?I)l9oA5r~{;;qW#T{5IzWc@l! zREAW-cnAJlphfRit&-QYe==0j$x_p8;hg{Beq*ry$IZ$vodbs?(dk**hTUR<_u0x! zBdN4=F(SN!_3fB_vi`Sb*I0`b9vkIs1czuLx;^pQ^4-Zf!rgc*;O~ey1Fb-iaspP$ z6ZWL#`e(ALgrO~w8v6~8#MjJCp4(A6;1fdgC}5V`hI27b3*tVJ6CdlPNamA<(6fOL#z6!QXLSKz|Q@;D}Nu-g6xb zAr?A;>>-in;Q=9xbWN7mnE@Lw4hl;GYX?bA1U`bZhCS;|3;i?MKXQ(GbE33y3pM?2 zY548<#;dix;;fRYXNFN~_!_FDtD6y2>_-vEpDrkDl%M}>eU$={nrY2b*#mxMoZ)o= z)5hM1pTGuvM*T3aqit%7x1#(6W6LfSRtFw?ZM-tcBjDXU&MZd%fovcsMlDfz66_$t zWYN~k<~x?HaHUsM{hQ&u9ewDxXM9QGx!3E$go?Of5w`{2CV#42MpVB)D^vS$L_2?4 zTS`&r<-a}#`h7{8q_! zPXub&;1`z9=~8YwD(wk742_#Z>1kzhnPG=i4`-D{a8nq3l3g{Z{YG zD)G|ZDVd*(+C%vVPR}H!e&VkhvP-w@e!1Jwr`cXFyLc1zei?eh_M)7XPsTAaJX7Ui z&Y)T;Q5<#3Cj4aq3dGA2mx^N{FntcH-KD+JM@6KoS0*`SEx!1fCk%MOE|DO==KP@C zBTI8!6LrdIUykBw-3Fgp5=m~SeUmC_!E>8R(qEF+k5S$}>X#Pw&|@)bAC0qL?RFJv z9NMg7nRAeQzo9aUWgwzAUTo?Aq6qh!09sPKi^!{=Y*Uk*?aMDT;8~Rz<6{q5=k6*O<96rSPTLCx_l%@PaRMOoP?n`1z!ufU59ro(tA zg)&HFei;&{_D-wbWiOMOBOsAVr{sv zN%z(lZ$s0_?^=NwLDj6QhsoyHSi?C#FP2_eqI;Xqa`c~YYHCqG5uYZ2?t7Bjb; zrK>WTI@N4bFTKVXqhuO5=$0>YU>Hzx0&5;>l-DCHq(%pPQ|!P7!iTqY;KAmHoRKkX8g!b-FUFPZ@*0Fr zkzf}ooac$g*%sQ67Uzwk$<$Uv)m>z4Kx#Q6B(sjL@rJf>?~4}(I&4mo{jfnWs$(?} zgNcoPr&~c4{$eWbM)I3wV?QGSJLz|=4w8ZJhf0Img-Uta+LTQ(mfW20!`S87u-PL$ zBSkz{hJq~pKM&COnIx$X;_w7Th}*K-Rc7goRt;~q=%(3P4(I}E{+mQ)zuR&hdx-H- z!ROY8#q6VMQOMTqKr`yw8ve$ZkfJqCrd<>a4s z0jh@~A5sI4VM(9IU3*z?;Uv|AyqV|14!AGm@nFR(t&ttA{wqyud1Y93%SFPmJeV=O zZ0}QkM9kW~;Vb^SHH3wX#5*J?g|TRBY`rgBvw?CNiK3%>tjuO6Y0CUk)SlwD&X_7h3#iYFnnd0 z7GxL>r4$yeg+b+eFdzpG47IK=1V*0@kowmoEl>D0BSUvhQ$4=v-UwfAe4%ys*%aCI zerdstsk4UGCe1OiHJLWmd6^#cJ#DcaDLYe|>EtiWrik;%v+UJ^!fmO-WhvD2Ht!q6 z{40`4{zpg-cIk1C?sy~HzSeK@<=WYZG>E163CYSdPge zJj3lmP>jvduo=0P`_!8^!_;EZ$RnDMqiJ+zs83>w(wTp~a=?*=<=$P0pJ#$2%UsXz z4qh;K#!g!%EhM}ge2=f;5pjv$mMI$*$eH7S6nJUU8oPSWj@qkvE4KbE+EGMv3&%qA zJcJYR-6?~vzW0N_38Y9}%qcqC`Ru+j;NRz`OJZ?gOw(O$F~^)&Jr4Mg)H)k;Tr^tXdYWzx}d9*@M^?W$?g2WWh} zsWKxoS}6MN^N_Kpa>07%YwpWN(%-!Ot89E^;w^?DJcZ7cxq{9aXs7w>4HlVO+p@vC9;sy0*7L&LR=TG-5V~rj#xS+LrAkQ=3aA5_NMI@4ZOODIcSxdSj zWKvNV`cTzSZW`3qTvlb;1^HH#V-xevLUFy5e^D3hNfK=Q;00p(`w&i3%=IRnhyY8O zujE7eQXd5z2RsZ}Z3)NyBZ;OE&>{=#===NPm5x=k-aYrK`gc-4db~9)yWT=K3Q&7a z)RH0PfnGXBOL!IUzuCx>Ayhi(KSLbHD9t}F7ho_21_r|Pcwl0Yy;CGCl zF3Pe=uFmF@&HW+Di@7|?i_kvO+nU$m_Ajmbg?SWbD&x4f74?N;L?&b8%zZ96rVvM! z_(b8v7@wQ!V;-dCEn_igFJx^m{?w%fPlpSh-Km>nNP-AvCJQetx%6-A=eD+W5zY@k z8CVR@<}}{~4m#z99II5~X<<}(bpI!lUWss=Z_=?72MxPU z*W_iy$bo41$2WDP*M(iT*yr+DGgs%TO9sU^hI%owR@9 z|C0KtL&;qYgmA+vh$zo!X$ksU<725OU-tW*^7g$I$~RFE)*ee6f+6q5k)BR&_rr94 z`7H5}UlFKLh`doM!J605ak?nQAJ$3vKgTUm{^@LRq;2tH{LO54c9H?K`L0 z^pYqBd5AJE8Zc@lyaGSaJ9$6ubp5M4w(hWNYVcX@&x8%n#Kve3i`Do~Y#QIVog-W_ zaB_U|O&p2-3A$51Qb{BD=bR-&v%GGQBVCrN(}G@}n4W8e*CZCw)}E9m)RURXtrEX5 zDKkpUns|WmQCjJsg=)ZZ2*Sm@H4yNDS$dUaCVEhZXPejX+J`#+(?`{JlzVV0-u?r# z3{$t*AgePn>|8Fsf%bhu2Nx2b2uf?bfo$$yM$X1O*g>I?0Sd|fl^+I*1}C0jHZPN| zjlbGif76(v4}FiuDQiP@{Pv@_)5LJmq>J`UQ5a_#4dQiFi?V)g1sO3#$wK+BB4XOdC#2QDo$HLsk#R)W?uPJ7zP#_g9+0V_ONTh%_GYU zT$Spr;UMYH70`Qu z$zWVN$KKOoe_ey@8q1HbY9-ypx7#2N?K!6)-BNFE4q&jjoYd_TMzbnD?yR|1UVF$O zj)LXBGbUls1t*zXX+`+N#XC_`AL=fx^X^$SdaJq-ze6NWEJM`OpI zD;R&SI1AUZmz=tErR%SH-y;cMk`UcvPocmX_Cg+8-`yayb|IeMZnf=5vXfxaqyL#v7;{ZxUs`LCa-lyAXap%f`^P=u$oJ z9$!N$5%MoJj!T~&U)R*X%~;%KlVAz2Eizia_qlS!O7hCLJsIQkahBJmOAyW!ndpY* z^gI1wNy$IokhC#PpR7Z;qNAkEI_a}8YscsDisO%4i+b^%gK#SH-O8%w(}${$%S!TC zC&Lv=TA#X_AZpyDM3(jyS6B~uOq00tdFdD}5@?X;E#cT3>#ygXGOdsYWIy)nI;VhS zTqO@O$XNgSm&)-WgY}wED#<<>G`6y;u42qP|iVwSwht{{nj|vU?NR7 ze)q2#e@(B7N;~pWmvT|5ChW7+dnW0kan^|z=IvVk1oIo5;CpJjl|2TH1%}A{t z>MN22?cAKRmlee>$82K|3+;;{oj9-33LAoFolHVbTh_VO5iQ z+8(iy%^6FZP9USkR~b3rIpu4M@Mzg%@0l&gnk|+*DZjE-y(2ctLMCyN3MIoXHxw4& z&#C=c`(q$u8q&ts2fNqI4x737>;4+@r+G7yP-@5*siF4?RiX}t93SLPxk<6_7UEo^ zcpam-3~DgYt4CtQrA^gul&R*EZyJw;i;ga~%Pv3MZgZQ%?efbGwL^H+?4f=wZ$h6< z$eC*)YgQp{%0hSSDWJwMM`Ukd6kkQ8Z^ogqh4Bvhn{SV0M3OC~huNzy2V6w~v3lu< z4taW%R1h#dRv>I7ZP-J(QcOk78e5)=RSi9MLfxUwzFBFDw(8&Ja;zEj zKE+s=+fty-kf2a)vEOYg+)u5RWRXWNoEpoHnbTvVUc*iC8OGJj9Nrgv99J`V0Z9r; z+^U`JvH!gnBx&bn$+zbQ)9OsW`VlYl*#X?uDA(jdttmkAZA0A6cr4k3{?be(Aaa9xp2=0fURzy54rC2-*4C+*H$d%jv$+Ah-etx+^c^#Zg7{O^e2qTS9{q(*z^g$16q`t_4nvEvsw(FkL2zU-H=;vnI}z*RXa| zPVAiu8mCT@i>RR<%Z>BoGKjg>c)-U8;|bH&%{BU_AaJwTN2p9aRL0O_{Lf*RjKZ~MBQCRPbG_oCv>BhND8;>lDISQ@+PXgk0N z1F#!8^vOpG-8W;)Wf&-G|2oXJe9bdUowj^cwWJz4O1kaNLa@w15HcR!d)PWR^z@+} zvk)@n6~gkRQkHh>^`iI8t*%&US6p$ZU3%$qyXcZ7-l8+l*u>a{2w3vXOpF^hhi$8U zpB&p-p%mh*7zU)ezKF!S2WX$a$fF+kX-tEk)#cmg#2x)zB4x)&rdX5u*F7Q-`&_R3 znYJoYz135UMm?=xf@OTRI(|!UGB~FEGqdD1Rde3Q1ln+cE_^GS;Y;ZC*yfU9%j`Sl z&?)^{(w|qA-4eFTFY)2%r$3*p7F{W8P~XaiOm7!yKfU;rS#6_kYN)?nqRUlVQ^qk- z!txaaf}| zLzM>wli+Cxky#9c4ZSm*@-k!IaOn&(*4Z1uNw!Nrme|B{k6)`@HnGUQBj!`K6Yo9| z$H>K?s5-C+HTLHCWqYdDdAOWJgP|KMGt;BXKSn##a1AI`#;&bUvdvpHFmZQ7jX^i- zQuoog^}6ckXz}`Gm~%sIYFyUGU=&om`NgE?ao?RX7{JA)JFb!NH*md5YID|-)W6DD zrkn(rtrzR^tigDl#u%OUS8`r|%y0T#bNjad{n*s6+3FLoA6pvOM1o<5_YQ`=X#&w;=5r&&5YJ29FQB)^VVL>SRJ&&~ff^ zF>;nySsBE(4U{BL+~dVPXg1ixWQVra-Zzx10$72&5;?pXN^c;0x9&A?-lI(gJ0>kX z&<$3K^>XM$ex1y$S#f1`*4QJBcm$P4QYl^O>Z(QWa1f zy=U?GSy<+NTjYLrpCIDO7*-VWYaCd=a#ex*Sp&JSux(zGHmX(2^|$3>AlEb9^HDyklgS;vkev9P3E ziQ%jCBFz?C4>@`{&WtTX9{qenlAaYaQ}gUAL_K&DxnZ+=5V=fEc4QhZhxgyr^TxNm z&7ov1+k$LTXgxcSDYb0Z7{pxN>Ip<1YxlbMxn&qb#1~1;v$4nz?g9Hu{<0*M{+@T8 z?E^_em#D6DuL&e&In z!VkIPQo(wS7e`MB>Mpp(*-nG`?XP~u0U34AI5te9togmDXQIzkFDX+)n0zDQVm+3r z3}*7aw0;B@`Kg>zVbIBX1ygLg64W)6v7DkR*z<-Vrpj<`*MimQMpvfu`s?@q^cC&Z zuYdDI9Y6K%cWIydz|WYNHYxHgZ+~}t&huY-ouo@HKHC2Mmw*0s;uCRxBJk3``rGyw zfAjk5D0i<%=D_2;2|?A!=?2 zp`-_aAP@uw1lI85FXO?vl=+Y`H@iQ1WunUyFWwaCy&I9%bS*Fm#`Q5ULxxl zQqFvrmzQdf689{bV)Cr)+G~V*X7SPYO()$$$GJFW0u$!)deInQ20c!=mE|0q;w57T z48 z#G-_ggGHUi8qw8$2`yIWVbHt8!@5YNZF-2TomvNn>X{fl@ZysVi(oC1O zxzvrvMv;Bnl960jJ1sA!=-F#5sB7#k@#^-aBa8(-MqI{46?48l>^QP^*>6Qm{VQEM zp6VdkA!dEK&M3Fzpq9$%&pC#v*97m|HO5tW;*4uS3 z*0%RLdTDegy~wDcnD`q!^xTv)iipBMDU|V^k_@z$Y%v|tb*Z{3!*!Qr9j0}y%xWp+ zcT7q+=SrbxBt#iwy$|fW{v0%|NO}rZeF`Ed>y{8~&*Pu;lkFeh`@V_l-ua5l+nZi| zCGEX&?RnGN-r1h`)TduZ)dN1#+WpVuyB_xyyz=wxF8lFk{AN3G zYOUSrV{hHQ>X8pQAWc8=YG2Jm?f<;Av(NwTQJ>dtbJ-;mg{`iww;z4_Z&cd-?{)X~ zko(?iV!nfleCn?~uYK_9Yd?4yr!mH`zqvGc7dESu8~`BT_K;wwFXKNL&)QVwhR+_j52L8jp&-_Qces!C)+t; znD7&;+P2#)y{uU^A~ZkLPtC+b#my@YwisP1hLUDcfbF18-=YItRi=JDM*)8opOzWW zs8zPQS3$nfT_tIGr72eOXKU9zhHP(do5qoQ+-RuVH)DA>cUI5YxfKjO*@tez`a12x z3we~PIsgSd+<5|T2T2#@**4tNuqg**V&c;CcpVDa!uTZHsmW`o}uL~qo-H!hpmX)Acj96qwZkym*i zLT_4BZ^@A>(!gdcEG#VGQM22Q9NTJ#Pp-8i$LH~cfT#hBsxtc@DWzWQAj- z_ooDd`<5^SN~QzASE-|E*Hy_9A~l{E90OkcXsyGivecbYV@*#q$I^H&RRxkke0;;$ z6dTk|@rv&@PuqO;HhH(uL+>odnVZtmMQsk^Ozv@`aG;%}OC=DihQqDf$HNqD<8DJW zhz+ol9FVAi^DDB)HcBpzP2dXkCA`!V;umslVR^PK9i~5yK^#)RF+9IM-~)klf{$nm zha=y1p>|=_k??}hGj!RWSD+jX?Oktfg)rV2Q!|W>BC*iJ@jbgNc?urX;mXe$+A>O+ z1(QXT#<#3I0_#2->hnGypB;4%axIZiw<_|)*{4?B@3w@#m5gu+9q^%VzdzLu*n6ES zR;_j@*oTxS#=i1RY7P(I(%1JEB8`ssxxEOM>+9>aZwBQNfsN*!w89` z8~1Z3J83iZh?RO6IyoY=#@h!xqs^dj?m2_)DeX|ueswuyJ^RSxedT^R6t8h)BYYl| zh$>wpqT1!NUpb|xlFrOTUem^Ux;K&I7d<3g)q!)6FCFT+N!?XK;0Wp|ZnuQ+Cx89g z>m_N_UjpY(U-`QBpnKorme8DAoQ@Cpif@^y^Ur+We{7%f33r~Dc2gtY{k{*j$9(6H z;5Ep@@|^Hz&;FTnVsaS-ZkY(2ZS~(W+i<~Z{hKd(S^NHgxAAlT)n{BUQF9WaX2jyZe*L4*JEG=ipZ$N@8{YEI?cSesw+~Cy zTz&0{{dO#4bcd)pbCjI_=T5YpKo=Q;kx&-bFaa-8hVvPWck|5Z>A-~AIqohKVJGZ0 zA(tHCesJ?)&hU!h?LN%*^_WqQP3GMxz_pqM`dZ)JDb#>0U6%aS4Zl z2)-ez6D&wXM%TF?QKGIj5&EYSG&{SSwJb&mC4?%uq?rvP#VXK6ybNPqW-OvfV~Knw z54=m|tGvXKWJTyke`$P}-?DrwYm}$1h9XZm?bqZ36YDNw4I{Vksk~%D$P~-A`~`lB zzH`4Fy^q9A1FSqG>?i)zqwi%z|GJ-yUIr3B^qn#eLDbFfF0}QjjW*AIFZ`Ad9`pl0 z_Pf)}DK-{fgFuo5+GaAk!5e7S-R}cJ!{9QxTK2MX2whmh!P{((uu{WtPV*vdlvOP_eg*dRSG&_=B!utjx3g&1F-IcxTjWifsgV0FDJZNyDqW zkFL0EY96l~jB?up-oBc9%Vjzc4Kx#|?0>L?NThUq>;wCQ>e!n{&m@RPF5LXp4Pn<= zaKYekE^$}&C}8#UGt#%XyTc~A8k&{24*zto-hI=3{T#B^B})?k%f zP=^J`r#ZZuiYQesjc^>8dm1cpgo2>y^}CeJ3&kx-2ZZbcZ9$)+FIv zu4BC$;>*TGYoyKdYHPY>9}>rE!G)~C5s`JzSdVd4o9!MH(?9evrG+QV%b@2PcjsHH@ugsH$qylK_vo)YKBQ2GGCc)yM*k__fy zG}O0w&EvDIw}&GcJRjrjPxnWXfRQ*Vnf5FD(n!|$s90KBQX%de-txw=6YvNJoUuNS z^;DsNeWVWic$FUgOMDF;{Zu;(WE<4+R>6+@pesd0u_{w4`5Z@vdcF|BUDd~riQb<> z=$$LSu(~!}iv7i{0_X$TWh9aUo zmeplcH*A!nXwmEVTY!oS11hx6A(-BCDqk}PwIL>|P1IR>8n0oj@)d_BWleXP5)6_A z(-?J@D?=U}3g6*+hkb`?IT-Py?2!nXgWQ?c;IjXay8x-TIK9}GS+F#}GuPHxE5g8UXgqPZ=ZRjhh%OH$SlKAUF#fzNJ5QsiAcj1vh*&geR!xA@l-GF zj+@@b-skQY1WoI4<#nRc8I4VkZ%2oi6jV{RV~zZMSdw zj{v2K;)tt`t-9=A@$7P~?#$plSz3>cAkou)ulC6Le?+}(D^ZS=8V_d*I#18_GXLf0 zzxW2V`|TJ1N&Cs~`PR0=J(CawfB9}x&qb3XP8I=%iM-&O?3nd&|FkN&KE;OcAI zWfvVgGkX7Aci6vw%iG&q-}Rn$m)qU8ed3*Nzn^yIiA$>f{;ls|sm`_SZnwW}yAvOO zO&x>Fb560To|Bx9z2dSlx;%H*S%R_1Wc}#jL+yPZx|-K@y2pmETHS7Mf6x0d5SH4- zY?^guxc20!cJ;L<_oI%VT&=v9U37FmZah)9zkJQ#*X6xG`EKpfV?B?*96$Nn9#`?l zjwv5v}D@-@ilL!Lu=gy`Y4Pu^JG zO8EHazrwyqK4rP7GKMq;Kf4gsGkBdPQadwS5IB$@6mZGUD&97FywrXiJbSkB*w})Q zt2fcmHc7MjxfAq>V}QMmHZYd=@ScH0+1^{mD`%@VTiw9h#acIUt(d`}xBkM|eNiLMrJKtBd$Czkni%B z`V(t!hEf=PZI_MmwBk)Ol3+CQqyqG$n8%Z5p1oA&me?qFWvd7oH|XBnU^$bU%0fii zmRUY-I;-9i5nhi0wW*Fir>`W(9D6hg2GOCNXp}o|zg9nsk&9+Cl z4?Rwbq)}blVG+vJeL~zK*t-P*tljgBkbKJl@EwLeRri&NDpE`B6y^j1RNyxvAE zg<6$70vn<#lose<%#8hm%sIw)wZHO_fUFvoaYsbjJjR8r0U9Nxgy4`utGncmf3L-%Yj-foc4Q@>|MSkXg3NtmW&^Mwz+QTdZ82;2|?cm25A zwTIv5x?3~c%Z5Y@Z-O*ANLzC`jh78=f3ybYN9zNDEmHN`Hbf9DU{ z*L?Sn?q45XS#FQ|*AHyJgx8YcT`zqOWYt=`>mwdp*Z<=?{(bxQ$3CjgU9L4Q<9hlJ zeP?^@7d@;!^l|@rf9caJp8eFy_lnoOu|4vepIF#b1YckGC7(Nem%2^;rI z(U>+*d9hGl6pRf!w|yyF(3b& zh-+Nbam<5k4FP{W);KV$9zPnq%BBDx8liDC7(NQ?+IAyC;z9Y{xUft&T1tQ0!H1YK zxJwHy6kQ64SA0i95!RuxgW>KT9>yR`+m#g@WlXA``89$ybjwf`kRcSsWO>~M>bGSM zHo=Oc7k@WE_7`&B?4>^tW?31weAnJ4o4&yd$u519EMOOnGX8fU zXg2U(*j$5nO;L^`d%a#O%>FX$L$kFxj{!edOL-(zmR9F5&eYfadszAb zt1xtX*Q>A=cX4134@ez}f-Tx^n^_mc-ZcyDA~qww^j3%3%E}_dHm{E+eS4KWk_zCU zkuFYibm$bu`n-GCaNJ`PVXbuyV+jlKP^^ag9DV7zX!N7^4)V}bj}n*vIQXhB$Tw>l z2nz2#3v3Me++zc=JyM{p#0(xi9gkkvc&uUfc=63>Zv0$wm+<0Qf;Q4Sg&l9^$y4_z z#cNL*h8<88@#GRkduj_&8nU*_&3}t{8rnD#HCAmpg98}6pnYEIVZw*EzZY2}Nh2vx zOX)~ge~otUNWC;1a|Z7@2`rakiLWG+WQ;l284oT?>f@069%ctFiU#o6<}=__w@H=Y zs{rx{&fXU!D$UTPQfxnuxqDv=t9`mbf6Xv1)yb0eO~LU8pe@Fef_Cs!(xYseHajHd z@L2NI^W~95DMJwrb(2z_ezN_g3$ks$dbs4tXM=F`drVENfFlR5gt?EX5?XP_OWus6 zOWhAdN)GN!u|YC_(|9SlRL|ft)ippW%Y?CJJcfw9O}DgKonM)NVKkH}3? zVLiK%sb`ynr-wdL~Ja5`uHXP z;rolEkvRGxh?}qa{D)McgwK7s|zFHV?1JmYyU+9zr3Z@qgAfBBj>v)4N`K7}gyfu8AyNO&mgb9*r01W1e#1-;eVI3DhH|o?E{)XcXDKwzKe|ZT3ki zX-@LnM%zmghA;*c23~nS6ix%Kic>T5*7@l#jW7GoO{w+bs5eJ>4OuYn@*DRn;;*?_@2ju=Geu{^*M5EsU3n0a(Na_ ztnn`?V84r-B+bgvnRfJImPsAKQ-;@BPqVCQlSZxM`L%{OklsChBq_XCYC~eYLXUrQP49_Ot<$@&uy+?)~Dc)7=MX z5lo6Ws_~+SOxIhTX-c)h{Zv-*Y+4gv`rd1#F;M6q#!20)13VoK?`8Gv_cS^9Cr#V` z&OmHDtrRcJQU5sD|9aM}t+LP1Dab@Uz8t$$T6=JzD~NJmgGmubdQ+-l6!Y`-8t{iTk5o4GE>49D!snzpgjIeQ=Z-5Z$_`V;M0%9lb}q0$kMBI zW1an=xS#9;b@E{`{5u2L9K6$-~>xLo0ZDJgB@-BxGLu#<#Y6ur%h}@Mq8Z zpY8si`bo{DOP}&3U*F!zj_6N%+OyjCe8X31^gU2KRZn^1po-^MR@MfXDpDS~B$3cfK3ae|RD*w$xA6TA18dg{S?jN?t z{FkRRNwnX3@yptmKm4;k8frzx|0M#oR{*nBC#+-85UaWC8IiS|$bDOw{A%`;p{dc& z*mhE_k>xMZdb-Tj(kLg^Bk7^!J{dNTp~wM^VT>H7K9TSS!9*U@-qWUElN!`Y$ZnEs}u`uM- zkTKY{M!vdgytDMir7&A{j`5A5uWobf zJ2KA(vPZl010LT+HUg^VD_hqQ!RT=u-1l&=M`na&Rzb0PI(2oJ)>#t|rJQo6~ zfWw-X%sB zZ88i=m~0Wq^hI_bDLlT5o5X@KH^99=yO)%dBR<}rum@J5oL;g79^Yl&7pen|8Gwi9Biaw=FaP!*+F!lq_3iK8^iRx--_l<3 z_iwJM@5U>i@A>g}Zl845JG4*2CV0ey?t7M(`nmdf{l~9(P5aANUzfBAp5 zsYu1W{!MRdzdO94^~_9nzstw9M?Uy|MRxt#@BY!5NfXbn{68;lfA*@s+fVy~&-u*u ziFdyJ{`C!=Jp1=vvj3y9lGPyW`6{6`&}Y~e zNMkOPW<2AJ|7gDa;SZ{2eZ}W}b`dpR{L1tH=sHA=9vhN0hD&&$eB+mYL3`p){Zd`O z?OpGMfOt=x`{hz9Ng9L8oh;`vqCfxJ*H_#@eSP6)f9C#jrH6jzrxj77E?4oN-4V#D zGsC6q)1xPiWQ|18%Dq3oJ?#FU-X8dA_o&yH-~G-XcV_mp&Lz7HzM)By#&C>1cOLsi z|GIte&-`*-|KEPS>h--2|JNF5l4_$L@`_>=suM|9! z!S_Gb5HX@rPZca%HWKasiPwG% zw#^=J$jO12Ytn`mKD&I~$JR_E%u4>3iTHqja@I zZ?7^-gQ}lo@rKkIm!!!OOkvTw_f3_h4vinND1rt9t$W%Sk5(9W>ZVkUB4~=rUp1-- z>0-NsUY4_r`84>&L<6kGl3Ia*gq?k`?QXJ=I&Sn^d)`RO@MGRCuUg*43!`4$Lz=qj z^)bi3F^emBb?AwL)w^83{7>;pZGHvR0EVd9Lf$5u54%s%7UL1lr`qIOi?IL8L&ObK z4Ng)eiS)X0tSs|(CwdJsXbzHQfmcAY-x7KC!db<0;?${4UKh@hWmnUbTY@;4#mi-m zS4C^s?z(RcOc4L8p+~`=lC)9_nnFF?em?xx#6daq6babUHXm zgi+RUL3`@gVZo{U0No*MfV+sLYI_0M^;w`E+eLB(;Hjl{zOl)1S~@FBeXD~|+jB!5 zPU}~yR^Fa$4ffrB@X|uWZ9Sudxw^Q-OL;_Z|&ufKT18_!K@ zSK`(D#Bcnn0oUs!-(bW$*q`xnPyEsLqF227I(dB!xSwag=#Sg~e)jLSD}U^J+NXZv zov)K`QiMzXzwJkUwms_we>f?*y^;MW{rvhLy{yvjb>};@r~Tk}w9jCF$Lk9(`m?`o zPyVITp7vwDFMiPdJ}go5)L(sWd)hfKII-+wKJOt#)cnfxUfiDe)TfW)uJ`!!zx{%< z(!6(W3Q_ZPywWG(e3noy{>xAQ;#pCjeZNm__qoT%pA~oR#XH~of%Y}u^^~TU)ww~^ z?YV#Q7xj52Iy~p6exQB)gnefu>CUZNS(0j#h#L3B{K{{8(uZx6b^CcGB;A!Sd`Y|A zB^S4+{O50MU-^j7K3C0LUw{aNs5#F%)y;z4zhw+}`Mj?lPxp^cd(Q9HQXeN-W4PTF zXD=hV;*5Pw-1v6f6xaNhUvkk{td6(6)unaRd*j0eH_^R0!hppkh)K{nhV zndF9#W4Pp^Bjafu-|@Z=>|g)!U%#gLIX8?O7oQuS>wkF!bP;!xY3J(hYf-;sGKU=} z+iKL$nc8ZhGW+$f_F(Y5jQD=-1YeJpDaaK!-E{Ag+Ps#@cp0-8`nA-`IWm7v>zzz1 zLNA4yIJ1GMN6D5l7T5&SYF*kRaiS60$r20p`qi1_O4s0Xd5ynZS1pz^aR?F$Ri~Af zB|*b0&Und&GAWSP%T)W&RRha=v>Ox%L%g!Ip?!^W88-+V@l=k6r2B#RYkX~POfj0$ zHKS}VLmcNuj_vZ&2yBxIVxa+Vd^f@|MwLlK^$o{*^OAK@PH&eTmuYZ5%dWlV)gasC zKG#^c-fsI3xLFZ#-HS!JV$jQ5hxzTxiV`lN!(!XQh*sz7OZyn2Kz$?{EF%`R9}wOb zdSJNkO}#-0<9^DIj~z$@$vjDr1>PXF$Y!TLUsiZk_932M3+zjyz)i-7o-UF+&_H-^ zZ1&|S_PfR&wO9XOogb!xkvJh9nM z9N%asSCI{Qw1n5q4Bj@2ER&jrIHIBK{Xu^E`xJ!DalJ{!~LqHkMI^adT`CG zk%woI_kmc?Q&_TkW||GJA?B((=nVC88Y9l@DrP|EBJt44`>Dckka*U!q@KH`RXktB z7vbC^dKte3*f{gmxsinZa{bb8+ie~E?U6VcwM4glgx;-D9*cI*%+39WvG zh;1PaO$Qacwj>AdHRW)rNCr?X&#XJpp=vhM9jyGbPpwW}`dwPdYdiE}lypGp; zhLeBntDeuX+;uXu-j`P3_kQ5Qy7uE3Q`Jdiu(o<~SmAjZ{^-yDroH_`S54IJ(U1I` z_GW$Q<;Ue|8c=*?TXM4jt-u2ObIJU!mXngO|0(Kj|mRK)=2`=f?ldKmHT@JbrU~!ehU@egC)of7k2vac;R>w|4D` zQ|)12^Bp&;A7A@VZ*QOQ$ggRy|D9jFNhH&`I7`Gib|heKN^p!n`UyYG|M8pctH1bR zH>GIu-U1OgZ9(1wmA?>GcC+9c3T~e3@~B5V@IL!l|A7a`nc<)Kk7o=Y3yE{)de*nU z=Y8!nKjjn0RwzAjUh-G3E^n5R zu=&HkIQ!QSC%t3g4MOK>z^hHQ{EUX#F= z282dZ8AL>FV<_oOQh$}HPu^XkW6&IM`j5C?FYPUZ6yXvn=JvWT`RHB{<%QF0@5W(~ z4w@B%v1PL<-;GHO1}(HMsVcGRdJ~Bfl}( zn;7K2?a3uz(-`tTn%JLBc&@A*TVTJI#r`Iya{a*6^4(aT1c|+O>B4 z1bg8?2&vammOCv{|NOE`rSQ7J%f>xv^t^G;6kjD?Sb+Bo4cbALV^Eh0mkMf^_6<%M z8|)9W0Fj_)3(YCgXbukz$*0^nYc(_Tpja4hOY zEbTMeZTUHt%DFMG8z8$s&I}*Ag1nSL0Y|Hn>_~ z;>})qN%{Kk{`Q_;r5-FLycA`OaV(=<3|W%4B56f^dNkEW&n_W@tdWeffvUX&8Mp&6 zxQVCK>IwRgeUH{5mLwslj2wnSrt;UFU_k@PTj+0FeP&J1Yz)r>ouZAv;&zX9vzD4@Irmg2o>*O85^Ri>T5?VKH^Iq)^x4q)b=>7BO|M6e8Fa7o(*uTE1C;#o2pVQv=!K>TTpYoq? zYSI5^^S|V8UVD?<{!`c+Klh~nbd$@C1-|U@-+z-ynz5|M$9~U`wks~Xq&uY7K0m4x^h z);7A2%NTs~lbhWdp8H2HuUAxi{-9xV;agpD`t{%LmEwf|>FkVu?%S0tGY0p=`Ny}v zi^2R*7j&wI(Aw};&KUhT(m1w3=pVhyHA!98=v@Q81E zV)G49kNe&qYtMV>%g5+CUUKZT_sfg$)_LnY-cxP-wHLhftbCI$9&oSIzs!8^&pe|h znv!Kd@(aIuR(44vy>1LIeA!=@@$W0q-}8a1+TFkK>)P!e@|Eqme|WZDX9>u~zbFDO zA6duv-QbrDmmx^1xRI;BY`E+|qCkVqeOv0ta+H07fr+#3{~962`7uxbWxX5imB!>) z4+qn|c1eqSB+PM?B+`J>tH-d7*M}2st)5y2M7}Z@IhNsIDzdf){am)gle%c;nHR5LLgMTS^6msdZ2ieZ1Z*Ll01uxEb&=dZbyz?)Gof&746c?Z`&^BbAXED}<4GL~C;JqgeB2PH7f3Db5l_j0(!1lM0bYh&HAk$$-Z=BnW!&Za~to zoMakfP@+fjVHw?*84FM{t_f-jv~OwAw=l6R$?-y-0C+%$za`$vw2YUHgo9(lF|f-R z@Kx=SKoTB)Hh3MhZ{*p)=wIb?5-$q(=_pm`0NXN)=Zk%^&OS4%c+y;Ze6^jpW)+W` z^>!^wpM2f-BF494sg_gGUA9S&j8i8eX?RoBD&&vEg@PTs5{?opju~NdQ*FICwk2;c z)}=;jth3~2=@9+v-Z<=$v&2Tmdk{Om{@Ze5rRS0TF;D#565c1go$A=7EA66NEw_tq zeWV@XO;v{=vlf>iMW<^wV35;80tpzq8ochAQskHAkt2pKUvzJtBHOBa=o{{LaZ_KH z7}XfZ=q+MYjcB)GC6j8Y8CXilNPO%bX)=xj@rGE1G@4_a>e=H)!gF}d z9l2<}U3%G4yX4ZPc9(9&*EyiPA zRjDG00QdTs>D+XR)Wf9mF*torN!WT_GRC82iMLH)2%x>6xE5Qz-HJ%545J=aSWn<# zJoRUru|A(F)PSHL>ValC@AqDRjh~+DtZ$$0F5{8NtGex9<^2Eby$QT!M^*1%cb
URYpsH$Qj}D4 zntDDz>QkCii}{Q+acp}n*kgUm3asZjn?eo9S&JgZ=6RHBn`G0J&9kaGK9+uTA$iM( zKHih1N1ywEyxcgISc(t4^BsDYc?We3CVhP*fuX~tUw&C{z-XTJ_A`iOc(}Ban2gty z{``F(E+7A=&s|fI>-E|Rte4Ne`Dq)Ut%&Qkv$@=^9Wz@M?U{dfH|A*Ck=9nJEz|yv zH{l+(Dt}$_b>q5n_rB{=m6sgzWh-##uD3a(y!HjZSl<47FDftmxyP4>-2F~lw(*wt z_I8WgvO@pDjZOl-e(9%UL;|1v_lq{-vbYn`L+*VbN@_fn=fCp*1~3tnxoYpT4&eN; zzw{E6{y*FZvg^f{J^RV5O9luCIa6Nsyl0eW|IQz!jT7$u$c-2;mJ`r<5k9)6``qRB z<>i0&wjBTJEB>_j*($YeQ(o6i>nHgS@vXo6>xUGVhc>2+mN_@M&tuA;{Kj)woL#pm zc$eGWIsuFYh<@t%FDvgQc$cnOE!g4~-3Ax#m45Cq4@;b%cBia%OY@e$w$9FNGes*S zfhFC-&N%l8?WM#1KJG^!NW7ajB%t#jzUBOYLA`)3-4!8h)@vB-CK zaj`DcxgHAySNlmQ1t@v$5=3tTG`RDL^aOEyvn;bw4xm@N)Br8kXcqU;f#8$VD2((#|12!guPYS=8wX9eGI^#u@$mivjk{IrClBp$HzR6X;0pV&|n9!NJ^r9fFk-k zg8T$?1h%S7Q8FVhOTwGj1xEs4_G1-Ac5PLF8Gh8KB4>_O%y4fT0|XhLnJGKEyGr*2 ztW>aQTx2or4ql7hB{uP48+IE|Iie5psFD^pCeH0+u2ZC1KUAepu)%!Gn(Fw`e&#}z zEyho{ig{dtGy@0@03?jTyIW*WY8gS3j+@|zfJ=9XaYNycWrvm}xXp}>13(xf1~4R@ z#-xL(%-mwE*N7d0Qn;vM4;`%+wC1WHidI|%r!}Su?YN`R+`ewvvv;Y?5eEnDk)4sS z)F6(^HY{qUrwAlWJex(VXasfU0CHvlc<_x%Ss2S)22#S32~YxV+|`Um(x!7^P4_*< zQ8O8L1rjicRS)h|f=XSiN#gQEedGA7BS)=o)@QKfnR3@D00zpAXek06L5uD@F?FCj zz;UJlYnt?JeVDx5=%@d%blf;FQ8M&5t)X?S8R z+nloz6=j$;x`-t0!)6OuU zD9(kBpoQ}){Ln@3l$7;EMzAP=2Eq|Y0jY;@CFM0|KRX2K$V33fxgchv*pEm%Ri6h z$&|J^t`?D&=QvmRYTMo5p`EvFfn)3UuRrjKEg3p*(;Dir9QRU?bzyqfM?O^^kBiiG zO@H>Azf%6kkNj}l=r6~j#lX4G{r%qS=kq`D>GIJ}|7&?L@fbI!-}r++-_m{S!FT<^ z@{(u&T)E5bZyn(2tGIH#@%#^$-+KLlF92J5Pv-^X=id8zTx6U7C)*20;rD6hJ-qm7 z)4=T>+#VkA`xavKTvy8_3BBZ5Pt3>TPhIfEa-W}lj)#Y&FMsfjhvXee#=XuytNia@ z`nhs@0yO(V?!%wDpgj4-uh_EcCji5)DG2jc6+ivCf9rWkkniu`_S%h*2`%jp{@p*9 zhdtxh4yp6LkAEr_u(7f}c`8xn+oWsFU%c%30Rqfx%j!b)`FH+lIdRAK6cyz7 z1%lpgPSStUBhT5KmE-3=>9N^%y1mevD7WXEe_!*$U)X5deAg*krMxxYbWvq-b5a5R zyEne7$gAnEKlF(WkVdPTxBSivHWxqOSWxOyZ+cbHLg{B7@sRT5N1YpR>G@ANZ=+oM z(EGEOJU3uTd%?QO@Zcmrn^Shwdh2TfdYRvXG=gPqilWSk;MVyBCKHq~IWD&Igopn~ z`Zzu59u)m_EJ#4*e{2*>1r!^Xx+=3SZndTn#PQg?5def(3~*juZ!D)Sk0LvPbpW5l zZ{QwK*|6-w{5-Kg=6Pc;*n=`d8rJ?PMO0G(wNg!hkg(@J885F8IbzRD5@!#CU()LY$+n&Wu zmJzT>+Z=n{y!@sow#+%-d6UbLbTqGTl^4rK&Xn<3R|sXQ3y_Mfik!Ua<}^;5q)UtEOt};4Kz;l%+8eYad%{gHkCM{`NMa^!jFohc!iDgGhDX&(x z03*mW;|9>+m^%*D0*aU)^wGulnDY=oU=){{Ro#$qN!rJbPkZ*v=b0l|Bj_-JHHlU> zD*sw73^Isf9070V1_!%}8mmnYhp!<`EB0>KTIUC^BZ zB++VP96)FhU}i7YHo8YG0n|u0gP|<=WIUx)#8DjCwXz+X=xM}N3MATq%FqXJ{sR=)a}p#v&I2{1g9K3t+2E_ie;4G z7t;iB<@w}&n-d%BnaH=yrsOj!+lAw{*72hY6+o9XeU?_MA?CH9n(l7I9(OR`cI}udCvBfDGc!}vW$+{_Z?fQVZfs9P{Mi?h^HK{Y|GeTeP9e#ku7jo)F!qYIyhkZoQ-1lP zsE3&c&81`M=S^6B_e$=%bk9w${*QjheR~y4-c~fWtgz|ANB;D8$`c=b&PJ@mQ%>Aj zeuee1;LTR)jqm!<0hcajbXyEiyiQ5?43V)>w6E#>z`~b0WDWP`PM%u54`6c%Sk6}XBXL%%99>*Zh719zHrM* zmtT3+me;Q7!asht_vS4I4eqtA`?>eMd(qP7;3UBK?-yNiaCZOvIFdkJksn7Lx-oa< zx1aNr;^&&u>xjwXr%g}cA+kB`otq~P%6G~cH$U}|_$>bCD*)u@+r*x^l0a6LI~Z+O zY5W7MJbv?;Kb>vxZh5m)He#&2o`~|B)7fX7UcUUE*T-bkAcB*;ecmd$#rR{`g4!L8 zI=rplHZ{e%XrMf?M=-4C{Pd%XpUr9gOCQ~QTI9=Z#&zSm3|ArhciPFjHg=9Wpzx*> z-MO^DG5yxFpH$Ag#c4TqtMNAN+F3y>EqA{Dk-ucOfN$o~nWx_@JRc0Ceg0jCzBSR> z=XO%Iopn4+q2k8{NUvF<$eTd1a)pngm`7sPsf%7)>Rr=^jF26C9Q9JQI34G z?%PfkYZc)vzE!$0-|($GY6yxSZ>5)(qFA+CD{AiVS~**5ooftg&-1?W)DkBfB||4uuV zXM)OSJBwbdpMk%0>t))f|RM>Y#mOJVMjL02#hxj!cn-!fjstgY#{s&_4sIUC*(xF3#kJgD^&vUK}*?*Z2)0|J)JX+dS5 z1vB(rYgz+V@3kC2StfDigl`zjJ=gFpi{X!R`(t+cWxgLKR1z0**px{@c%^K8X5~qg zk`+jnkR+5_eV#-bK8F-^E&@#Q3l;8vpEKOQ^-5%%^6h!bb1%TF?KvLyD=cztO+KY7 z@A4@j%H-Lao2t%NxvczBoXX*VIzBtodFG5&?N|OEiENr{{>Z-1V%v#qHgjo#8$P*p zbgv-6a`uy~ciaAZej*z>JPeEV53pP4!O7i(-1$cZ{o16T{jrA}Vj0uc7rgoNcYdJ! zU5~A#FZ|jiZL$1b@WrnjaK8EEHNWxfL)P@|^=JLeqqB2Wub{O5{P}-xi}imGBZ22W zz*Y6)6`x4kc1CD)O`y3vD1h%t{_4Zre@~|aOCP1*CYf8HQ_&Jg^ zVO$5ICLAvLA7;u@{`yMShELl(5fG-0=ku>@)%|EpRoyX47bnvTe(t<12y?=hi^JRW z*oLpYez;!)3Ae$74_8+At2SoM;mY=}fA1ww7kqWG93=?AvGw=&4ZX@=-ej}7bs@}q z^e85%8!U3`!dak%kR#C@mT{kvnyx3Vk5$C0Qm(e-x*JV0i|VRixo8d#L!+q^=p>7G zXrsZqNRJXuiV0y`(+*VgtA&3s2^0B z)axyMu%h%w?*sLVHc_Q6_{mT)NDLRsNHhGQba|}88MG+e*R~QjViTXrN<~u8$>ME& zc}Of6t~mm2yoL(aAm^r!Q9R^<_VSNo56l-F5+0Hkl&cJBBy=5To(a0_7}rJ%nsEXb zPZ7Un=e8YKlI+C)d^evxSV_%d=}=vx*0X&MeW4HG5!zM3tFn@RKQxyzkqXDkLm8*6 z3N`JSl!tV5gzCng{gA!O2kW+xp zmss@Je+DkQ6+xrMw81qBpk|*SjWS_=O#>)QPma=WtR4h|80dL`2?Gr81EkqY5ZYDv zN~6e35Mmp=%mC_4@lkhPLxJxiYx}J9=y30!8!p(s5Ae|J%E1!ydz%hLQDvZT%eZayx21uUvH4FHIMi{J-5 zh>=bJ)GW*kfDzwi3b1CfTJ|hk23kP|0ZrDiAgNn%3({~6&>+Vxv1brS_;%M$Tr*g|{(fJyMGOSuL6Wr`f@VXeurESSt>n@LNxgjqf+Hz4lhg z-JT9kKY?X>FQCS9fAQ{*lovehaR*nq#`C8=?h)5`{i)~ukDfq{z>0Gza{>xq{_4d& z>FDxw#w||md9BTS^8fs?a=}Yq-JWjze(}PKHjeuTTT8&0KM%UsoqHA#K)%au&+55t z_jh>deO=Ohu3?8Uca{3_XT2z71r>jYxJviD({0P$?{HRt#_Q5vzs`+U0)3$7#yfU> z&aa~c&iUcHl~+FR>E$`U^Sbi2OTSfq_YHr&K}nG2#n1Sejr0CNUjmyY5DSkitbDsW z5U@nW(o_{Wlr|JWm$fm0XQAucQy1y3n_c5(EzFwTSPQ=8Zk1#6RUB*Lgt9KCRWMY+ zRP-c}g}X`|mxLLNZ=r^uB5z>ecHyVuZF~_G;?|0zT4`BE1&G)ga@s7;?T@sjD`l^T ziJaH3cJXfP2II*jmdB>+){}M=%!Zyc!ZWm03}n`Bd7SnvPbIA*(CWCL5`)xoZXU7= zfa9?k0ezMh{S80zOc||zv}Oo^q$LsM-12z9eB|X0Kp8(4UF+0s-76E^7rOES%P8zL ztXS+L+jeW6P~*m!4Nb547kavik%uMJ7%oz41Tdb!QgDixHrp2fZ2)Wb?%5k_n}JoV z3K*08(Vl{8l{b|y=aIh^hmm*XMqlA4pi)HPbt(%aP_|3oR-l_-Eb#hk_|4U+r?I?&f6H$tDDZaNS!UqDw~2xp9b~NKko|TSrnM-U zXv*|Uw;cfpfv^||aO|AcU8cHj)pO;T`K3FYz$Rr3!rWm_2--xpwB`JePq$uoj%nd0 z0JB6q7OjQ^Y=#JatPBKO17z_V>lDC`%qx`fF@T!!30xSbm&-Kux2@pjh`b@qe4!jb zht@Q!?2eTWK*urwh*mN7r|xWpthrace}=K18OHi)4C|*!ER;qVL+7sdiNH?Ag6BmC zs~&+O=c}O5GHnSal9RS|A6xc5LSBw({H?F>jN(^NDDwgu80RJ6 z@zN4;Zx#Rm0o}5*6c$@Pr}ih?Y*Lzsu&MdkbUWYL zxq%io$OUmW>_9+XCDby#xgX|vNtDNWIrd8erWDS#95Ei%orq~`h9w#jf+aSSY)Nn+ zNonQBLkhHRp7qqqV{k zHBfVpJA8j{VomP-?tX_YuYZ#`i>*b(zyIeYJVgNlN7=idKb<;hrT zZEtpyZOit5k538ofturUT>HH`j0B$jghwYfjRBl@MJeg|Q=9eNIZGZ+jQ%R$qis1(6 z!g)ZK)F)rXNu`veMGyL|OYkh}xte?xun`rWut6CPR9XXypd7d55MzdD9Dz6V$J~47{|w8rfbBr(F!R+hZ}z6GMw@y zSX9kEkQ;}Nc~BIt87U|hF3MBuhgd-%JAo1ucj-@06F-9;sHUd&VqtQ1xq8o)D8LJV z09avBFMYH%jsr4D3)%aZ)ciOWEm&i}6B`9y263AkL=Rm>A#<^~*zJ_T4!iY~$uc@% zpk?|1<0FIg7iD;85D((bn1 zVGV1C?O1-)cqZ;hhAR*XwXsM9YW4!sXng~Eg!}|)h6yxm{FrfK`M@0twjduRa3jMa z0x(P~khBSK0S-euY%vaq<9G@<7`w*%L7-!W_9p;J5Q_z)Z0fR+E$Eql6(;2pbp=NR z@iG%=BFFfat>PLcEraED9eY?ETM`9XN}KZ2)k4Ph{YZmyy6TLwUHkGf_Z7$EW&tV*J_vky2YE9u6YSY} zr{$A?kwK!p*#*{&|DtT{oU-xxqS9IeaFYiWI-KVQJ9?KBk}mTyh+lBY=a(pPHb3=i~^#J`jg6 zu+@r43nSlN3sfn0T|x!(76BvOjf_l+Qy$By)m1<(%1=$P6BuO|uo7E>{si~nB)hq} zd)w&j0+wC#j01HKNlicKdnSlq2lPkY+De;`n>@>IT(5cZW|wlICC9Hji)lrf2Q>AX zmQ$$~uY~Gztse7KsQ?wF9LvO$u}#`w)?_~Bv}M8*FYOEq#-B%_D!!W_ruL;tNGiDpO0Sf`B?V+@7Ml$dG3=RSDydW^SHk^-=V!~ z_497b66gapH|Ejn^Zs2)z<|B?y=(8c5Z@Kye&yp<0`BINU7A#q{Le9<0o`SFD~Mx^ z7?pol!PWf&Wfw)dD&inPQTTaco-sBfF{O|M9vYkFrJ?`P4eaHdLbG1|tC%?kGO~#md3OI*LYkXchz> z3w+poRrD%nX@+b5Yx|KCYn#{5wSHAv`6a1HSU|-g96?SURO1KvvyBZ)nudp}L~HSY zd@%!K*`JlKmlFcjQ61h zk?nMb2|kPkkk%Aznk@PBc>tw%0P7AYrjNS3bg+tX2d70qhcpg~vO{+#ENKGN04|t1 z06q(IoiYzdvtXcMK^mAHM4_I>Nb?o4YnV5cSh0?*g$l$rUBPC``V-2T; zSMEzuCgm;f%pC(@Ye}O8knTS;01q}S6S_4C^dK*-kGRy%!&n>Hev*7R{)|11K%KGx zOSCnCOr)#Zm+~E>9RpH(f7?%GyG#t74lYkif^rL;vH(ycu+jp|;iU?tY0utoks7fb ze6?EEIF7{O$!IZ7jI)o-#I1qn0HW~hn8jL*`^XqcT8$aACITQ(^$=q|%6+Q~+7#AW zy7-O4x2{_&W9#G-cpA`4Fz1SWbM%opjC|T5jcAp#pGMA=-}b!a-e*D6A%7e@h_ruk z*CQtw8s&UsI7UbovUMIRHp~0W=f?qrqz5&%{|BTUvVGe6agGTt+N3lDYn+3YtJRwe zAxbuL)SIgE<~)@OWl~t0{58jpo>L660c+Z4a9XB}`MN+t0t(V>%I5zJPL7fEhIjS0 zrfJ!8ccp8a-t_JdA2CqlI`VL-jY-$5++M)MHaX{eC1X$>E=_H*%c=FQ-U7%v9L>$w z^Z(xFjN|P1NXGH{?(&(u9R3<fX8AZ!f?9=67Bz@&*z9wb%SvxnlR;^7}979ZdRK z5$qQ}W+hNpS;s7Uea89{=u4n4fn!Gku@X_qW5Jw-vrAnT$127a&nNF+g#a#Lc2iP$zHCQ3A7g=Bn+wPPXkR^t7wxh>QLN z3q=X@IG}=gD4b}nl(D>kfQqq;ePh%Rgc!wJg=ZC$g1lL67U=Yb1v)?sV9}sk;?f|s z(+3yqF8pIQ&q=PqhrjVxN&yR5OohTi{(}Z(EEbt@pt-$tqB6j{bX5t4)MiPwzU9=9 zl&OTI1TEyWisBs;f7&15e4X=EWW3VB^`^5JmxyfPOnJw|9jyjX?#3pT$^>A}*d)r| zrR|AM4+SKACmP{N65TeaN#|`=V9$E_*1eQKzMr>xz9Nqm=G<^#~^;-)2yAk94EA6GZ# zWTl*DnlCxrloZ)PSqGkT(TQb(oN^g*tgOR_F2_m+2{gqNRDE9P4(Dx^0M~+T@Usr+ zG6WE|Z_i={%XnV7UHvv<^y%i|E?uMSV?K&Z-TqvwrQLfMGUqk~7zP`r!-&i^40+fl zuQkOg!wQnyUW&oTy6m$Qg6GqoWuowh9XE$Xw!84z*NMvg5m z83_0c^cyY?Op1)ZbcN$QJDXDE=Dad3DM3ysP%glal&I*OaDIhOo0rn{{_;7T=j4Gc z-(Y7~T)nrv^JAa7-rIlM2mZFa@&(U`Ro3B%f9u;<9Igm)lNPrubH*+9TjZR)YiH4- z=it=gd3m_>ovXGEYOA&Q;nMP9TzJ}DVh=~BfBo7?KuexiJpbwCh0l0G`P)x_hArDK z;P+q4MVEj3hzPy%E$=M%zxxlCN9fMiPsgPM`asQbIjsFo^(D}kz|oL^ZZj%NgTCcN zd#EvMs%3!NX}gG3(GD<@MKcRx6s8fh{kSR!oS>kzXp3*y1yuxaw8lvAVCt!axy7>} zK-@J@ZnE&sVw#0CT0&iDyD)bJuQCTe&~OnR(1gr(G4FYekD|h0aMo&FpsD`wFw6eX zRRLk)4lR|b3J7J@9(qxh<(~uUA#%Y@&)f zL+bJ^Ph{18$ro}~O^EuyHB)QdVqXVv?NOU&L;zHHn~usIepK?QUt`czrB6kD06r57 zh`uNjsYh`h;2l3>RY98l?OQ(BEzI_^hU5M*0*Cf+F9WDD~7$^4NH#sqFPPRv?B8Uh0oUDj>QRoDgi)&PGTp9rFP2Dvp>N_PqO7{Cy>_>R>J^aLTCk6LgD)QkZRz;@!S zEE6|mj-8=q1$JIhQx1?kP1kyf|;13HbK~4ch z#?xJ??4KkU?F@@MYcZR1|E*x@wZyY=xI0>w0HOBHF4nS4yP265KqKHYZ=8Le4h^#{ z9%FFH002M$Nkl~nClHW<`WdDmuI9rrE;AQdB#hZc~_rE z@Z>y7Uuzlpuad1#R4KIokL3O_!$cd_qk81;W6r*Cmisk_$H3QH-}kpig$u0}&i~s_ zm-Bw~0f(ip+sf?xBG1OHU1Kh~r0yEpi`cE%V!KVZz0ECq1|7cm(nG1v7k%n8Un;uxz3U^N z?78Dq%gslLW77v}T4@}AzkQ(Q_#4xHkNOhmOW>$Uz=gDcOjgNJcGr2MZ?M|LC$L@L ztfQ>@c3eey4W-9bZgpwE!h+SWi(VD;C6ru&0T1CQQ5I}nEdcVIs}Tqi z=msG*<&yxSkQ5ZE;EC^%Da%Lp5jy~ieYbJz18_JFLN6$2t5~uK$k_K4ly-StA%N_f zRv9Ru%ed$)tqDG(qZy07S- zqy?4pAj%nij+KbYAMH5b4D4$V-L5WA%-dD!sMHSY!UO>1jz^OOz131dJVv*k4&^NG z&PI7X4}F+cQUSi)9$ZjJ9=gOkS!BEHxmkAR;UjROl%{Dzpr|U1<}e>cIbb%HOk9H- zc&RRKs`!F60-Z=7MV#YiXDjDk2hd~=(Buk$pm{)=E*3S*SO>Y4d2U_#8AdNdF31CG*Pv42hLjRTH z(%fKKVyo`VH)!j&W&dh?7Uy8wJZ*DL8s0mjxC(VU^`hrA>5yd}tN42?>w>55?xaPP zQgoi`9;E#3qvci;EQMzZ?o<_^(cKB4&3H6C3zpca%Q!o^?<+feQ`Z}`O)aDC`R3nt z{NXcc=1q-!^8q|=GKl`~R@X0w-yOP2u&Uw1VT-!G{he!cl zho{RR{Ii!?tZlY$p9GKsOdK39OG8{|=1fmHSM2{l`8M}Q$Cx#n`xE}dtLX>9fsB#pcMVfVOj?j$h_L zp1~ZYj?$rS!%Ln;T<}*w(@7){=yT5}rgJ*wq2~zSpqJ6RfMuAhIZaMvM3(K(k50GENoqnyS;Q24a(@sV7Yb??wjhk z6!D+3Ru3+yRph#EWlUYKxgd^Z4!^!(H^_CYE!2)#F|V@ytieoeql5A*_~WsBjSzpt z;Hqh#JS#{eJVZfIX(6AFSL+Tl0uq$uODl*q6yWRxL>U2yx{Y(CZ(U>c*p`ZHn>;r@ zOcVf>P{0G*t;q#HY6)^kvU&T;b>qgETP->`f=#iRKpuf~KSAZ?>u*ls@b za}^+Kjo33|fMsidTe_6#Dp4&}P(T4UR^i=qn2puI`ocVX(3Suk&C7AMl;QxIX~!?d zROLwk&VayPh%5|n!mtbj3_%o?Ydnf~-kbyeX!T;hRe+3DFv$3L1; z0-T_;?i|!X(bWoObV6Vc0D!TCGsY4?g;)sAnFS)ox}5%iZSp4X^!>l64mzzKN*UaLfaUS~|5OHRBED;nlU zwUmHMXlfxPdu#M*ojErYH#+Vw-TRQ2EUT9b64rvU4n6XRm^Y?srGdOST?Y}-@<`dn z{SkTTrsX&+>4ruh1oI3oT}?egqWOZT4~H~VX>VN3X_F^Y9_GUr=k}9alGkdvj3L(s z0Zp?b7WbZ(JtMf{#SJWVl#yT`HQ`+Vc>rIq1jb%w9s??^%<3)(X#k&CEFlZWWc&6h zEZ4@fb-Dn~x{MtZ$qAI{qna zSw42Jbs^0)o&f>)tb;5BZmc&J;Of1z*P`@wFS?t!R9dMVi^=uCxljI;o-)1c6K^l495hA( zbier1k1AjN`hS(z{`LQNNSCx8?5E>b0)3$7_#NAR&-xPROW=BzfXb4K*A*;NT)^h7 zCyHzqv*MyfTM=7E zphSh+K&cd9QLTcA%Lm8O9u821GOThfK+({S5{M$}_P4bi+7lRo#}-&}1+OxUIwz-5 zGHu@-VN?j!yH#AXpa=L+>0c%v)hXp|!?*u}F6*>YK^*F}3M9PLK3S)VK}(*1N74{{ zGCzN`l?Lr2w4klxDX1`loONw7cy7ug7yn?Haqum21&%1mpLzyY;S+}71*;E!wOU$U zTEwzq31zv9l?QSa%+Z=)Xdms+5Bf07Yy1FM4e!-mp}MG`T0%Ds0Fc2qd}eFybpQ~u zRhHd)-SHJP@J+iaE)3FtWrebA@DXFH#PWrmez2^W-nOgk*mYXD+3Ab8q!3`TQIw>a z9f}+?s&(OemKZ$y0Bo+>v!`78%}dL_UGlZ^&E4N&D`u>0uq2ruAtr)zgnny@;=FMS z<9Way-9{Wa-M}1Q`7&ump|z2gS_$Z?Z0VrZKf{S@f@JB7NSpy%mjG!NiAl3Kzl2N$ zYLJU=V2&9yW7PvN;TUxRPQWHm#u)=+xZrXVCE0o8T=kF15%&-*kAOFr9{?d*%E0ZQ z?mt+Sc;5{PT=1v+AwRJKT0x!$+#IwWGPMSB=cOS4BtLGMU6V7AF7x9(6un%29T~=* zo3IQ4%xF0@hPBLyKofm%%$VW;H}3Rg5MGpi`Z3I&@{lQO^W38XH3C)uAl~DHl$+R5 z-NXcH7z+A9tQqEuE=R^qF>Xn$8X^OS3}Vd3_8B11wvJodD&T@ZAaE}3L4q}oApMBY z>djgeUQI^l$5PO=e@U@u0vlCa2?)SPC}z4)lj^le%|!%4{h1>um1ew%TGM){##z( zd|}VNedTrUc>m_CjpH}J=cDC$KmU^(=UW|o;o@(U$2{|YmAAe6#aKK#LNy6Wocokt z?WvGk;_i1iyD3?J?tQ1T%USFq)hkZTdC&i?a>CB-8x|LB#mleUT^{e#!s5w5yvEPfn1o{&A9!OwnatdWY(4<;)sK~g;RykN10(?Ljc9AVm;>tS8lFMA* zT#{!zkP5P}#AZQnp6)X$#v>^0#<7X}2Q=KdNH+zqwSoRt*s(`z8F%eLeazxqD+w(` zR8(zGnl>Nc#J0T-Afa^%jYHRRjS|5^y#g(*3lRzi^i`yyWKf*_&CSZ$~ zs1vXV1~%gT*iZU5!Y)6=4S@rl8cIG5~Z~=F?q7>0iW>M)^`!aA_R? zM_TI!WEhx%=6F@2?R1-qirlbjqK^VLLyVK-9UuwjWBovW z60`*KV)+6+-Pwjvs3%uuYX38yv`4vsYOs|ybls9?tRI$$ZL@TTA1n`=-BYf(>gw_z zSA45nwg;=6`Q2DY%q6huGVv31yK{^d;dL*TCULKm3A*NPNq95q3xiw@&Rohgpui+b zuFBikII`7>1kh0M4Wp#Yp(QLa1clbzf*M}5#9{P9(_MuGGz^gIJU~$CyYXpO0aL&S zu!3P;WYg;hyjIaQ zwh^VvDtKB4_r)%8a5?}rYXDKobR8GCAwCl`1Yc%La=||XG7AQY4GfMrhR|RxnvvI6)J__4j3oS#)v$?>qF4b62glbL+4na!7ZW`>UEK1&Rm zE(pzdX5Mq}(v|>8z$W>pmd{0>ao~^0N>{d#jkyu)AL@v2tclt>XZVeqTH3^BhQ5z8 zf5({{?q;Wz(>%bFfX0L%)yz0~2C>#9wIG+_GTj|1djT#hXk;H6-sL~Ma-QtwH}e?T zZ1lZ8snm@KOi6i;Eux1bGq%7<(1voF9` z&Kd8tTI;3>=5gDm=Xr_10VI;l%iM*3pC9s>Jn9{gYvL!9`m&FqYt=ux%KHcD_{7^f0p-s z?9*EYg*|oqw(?6)dh7vw3iABXZ~k(5&{KZpfc*C4p-+8YdF1`?U4EF|N@sXh{>vBs zy}bY9f4}AS&d+@8!w=cL>ei>9){;Bq_hX;=Lb=N$f4)56o_EGwaI$>mYhN!~7G0NQ zY#d|#9Gu?#HyR{nw~zIAtJ8@FB_ zWwG7GLLqM?eJjbLSA`$|2#S$rjj91v z7xe;DBz#%A zHXjhf7#~t+M9}5{TyRZ`%o;8@2_R*uHRA=LAj{7%yse--tOE)F7Xaoku6`gBuqN`Z zO4tVQ1dTRDInydhB{O{ikU+82dVro&Oj#);$Av=`EqI;8x@MXAaKecvm7CqPQ_fmA zlSSS_+0)ruzCC+Y`7eSMUv~8sWp;5dqFE-s%y!JGN6L<=9p!}WJIXW`7Rpqmxl8|z zMWDrp7Fx!Zao&s)tb*{eY4J2a#(8;`lbPn@sTDBbUayu-3qV)?@))1QqSGIltp%ELP^im1K_Ju z%yT{{?y8V=3w!y%u7>qu2v)Rj_Z@L zU7QNeLGLzsRWbMecGn{N)W!8{k?o=lB+RXs`$x+ox4$-s@+2VFDD;;BQP#+pufb7e zQODN4Y1!2!PRp=yiMU?`ky>}d$cuZut88V4j{u>v&c``|tOn5Zhhl0%f03sk&Gv0m zWfuyeZ^);Sula%`?zH6&RV&EC*i=4;R+-Bc<)I1ZTLkQ}NeOJqYwoXHf|r`OZW2tf ztYx4pz~?-$Po`0G;0rLjqndy2jS|uROsFqZqa#}|TjCTXpB>&W zaVLZJ1WdhUSes3_t{o`u?$%P=-K`Xd0>vE~+_exi&;rFN65NWryBAL=?pBJs1ozFm z*0;Z7|IOd$$jmh}=Y3v}haV1n(7#({fZ$2>b2d=98?j!B)p7y=rMX))Jb&~Cr-37i z`(JF_Q&olg(&aa{;|mtvx**7osJC4kR7=Q8J~!Eh49G~HV}Av5Kz3OC*xBT0cGT@L z^+H>+P8{V%QPW>^RG)v^476UV`LSgzsP%TcWJtn>WD3lLb{7}jUtFukcZ)`Zp?xnt zsiApqI9nJZK3kSKza_E$*qt~1Aax!mAp^Mc{oO}H<$9v{svllG(Lhr3d=e3US`G^E zQ1Q33W>K^L#~|Ij&net-zV_h*Un2@pxOE_@WyfzqMKS70r?>tNLF(%u>#dS{vf!wQJjm4MC zgQJ!AWK@=lgHZh>lkEoHPTi(Fa8<=um|9JPh!d!5rHv0&kx!4L&GF5c4;sH}Y&5=y zb$ZVXA#=X~XPh|3)_{px;CipV9Bcew#D2x-n@3}ksAz)fawr^u zq%JDMLw0Gj9^X=kQ3D7XBE`_Vyf z1STdwz!Ej18uvY&c^Kj;S=S{u*Np?^Xv*axif9pGOymZBMZ5^Ck^D|2m?P3AqIM=| z>}oBx{A0Yv>Pk2_23)jhX^`kqvu3DaDgJnY<6LC0H0;LFFA{?~P^sy}@ z_$(`!q~&t_5Q^`J7YqyvO%O30f~OHG41gUC3rk%<@tYW#Suqp9@50GDkG_J3>Y2#fKf2(fyaiitD>r%*)vPx+s%nqEArt~HF&%3aDJLcPX3$|$IG=; z2CG_x0h`;z?>JBA1y41Z@8iqwVqv;e4g$9&9w%m|7fmC~qk9x=Xp8?wK4uu}}V>9~L4kb15lbvl_s7*eQ{yJnQkgIv{wOLI752UUiW9TCo zgfOi*L2Hxw`q5{IEejDfkw)~lNn`qqY;T`reVvh7;DGapFk+}Q8Y#qSy&gEDq zTiY3^gA}7Y|1~$IZ0Z96dtg4=XTi3NrypSk}-=E%_&)L;kRK=;R&Kk6f#f3H#MB zgEWBDWWZp`-xeh~AFnl$xB|0E74fliah?+p0y(e2I?cELF(>{iPQ=G^tnDp&`!`Ul!J zexOABk=P=nhA?BhDm2)%GW!J)Gkv`p@hy~`BI(9dfVrXS3kNs5RpPIrP{u}uCM6Ot zp{c>z`D?Qjxg4OOHoCD06CN$^oA(x|BKaPot(L;?O zs!*~-UnB>D3irzcF5+{BBh4P@Q;DR*Jo2Qhg}bA@%X+Z`%AXt*Wta+bPcIhl&?DXl z!8;ryoBG)GliMZ6xpvdY8}dipnK|m*H`H0Tgf65Cwdhvd3_*f9bx?IWTKUe6?a^)D zexYOGk0cRBF3Kz1W+}C54bJkN34nob873aSCVyE^nOuXGFiLn7Pfu$%r*xI{3RaOW zBtF-y7mo#KfR3XAc{aO<|Coq1B?tLD9716)<3_NT`+Om1oeG<0dbD4UOQaIzD@RF* zzNSJKD-Ub=k8na7Ez@(-(}lXx9n2fihYI*8lX%(V45n$5$OA>3+1bTza(DMSrkrlR*(~zs}ZrR5Fa<{a(@qOh}LrIE6pQ|rx+xbuV4X2 zvGQ_TB838@T*~^4bgz=MHaGQWe-Cs5RFOZi#$4*;qL}J!Olgpwv9fYZthaTsQmJLf zBx+OW^c)wn0FcC&3^NM;jhhQYJW&{-S@~)F2e;#7jxd$CSk%n=$Wfy#=&5 zaXNGrWsz=Y5pBNAv#-menwPNW?~TQGiXT?Rw<0qt#4cR3 zlhzYphczMh%=e04Z6n*Vmel+3ybTUfPkYM$!059Tu{F(@0t5EFT|jHFmzKvTo9>pv_LPq&zOO#*YVqw3dW>I39y>SLHw|#G z-%9P{V|BN`O1x}#(0+uJX7D^`uM9P2qZksyj;{4E&dM4_6 zN8F_K`J}R%rP}J@zy30=l2FIRlf)Y( zm#SiwWzgsalO#OTeRyo|vUZUDt<6UFdc}&-GB_nfLXf6YFGQwY7OwsRMxwxb{a8=Ih#su4O zj=u-Ih@yeU)60J;HhZ-|3U1%S?pSl2vaVwSzz9_g5G*TXPo!ED+bG8AVv>S$wT6bJ z7GYLDbNozt%B54zmOmGgEA~GQl)J-fnaTO+j**-t`k39>Nn(2O=hLmJhzbd6nt2|I z%}^#y-kQph8eaHS%fHQznUWN#?^Jab!&iwSM}+BaOJ(82Jeh^?o4m{8te?H%?Pv+D zTXv0$RZqrm!lW&%^8W}5n}o_51-&e!5f)-Ar61l}i<2|O2@!b_v#%K_xw~$_vYPyR;;O&TU|KK`-a<{qdke zV=nA`3uB6WP6adx2*YFihK&D#-1(nLe zD3#j~%QE%9^o!s=QPLzLpadP@_hT;Vs7_kdO;`u+bg`SQn)>Ecr~~YMuU~OfTp#Wn z` z71!mI(8W)!k5lDn8y)&z4>3?Q_`(FniJtxjZdfjQC63f>en;P-_y0jU#Wnp)Cbgc8 zm=2eOcd)gVqtc}Vx8sHoOiHsSazTknv{Jrf^Tfc2^XN0q2*HI<4Gd>Z!Kn~RCVvl- z$%f!Pr#DPY9w-2811%8Zt+Sn0Nnw)G>BvAfoGV}YfH22ASb60jCu@?#ElmnNh)Lm?#V8CcFV^N-ZXH%?d$YgV9W;HWd-z? zAa-no<%TjYrYfzkh9?ky#u4Aq8n@3Q!5Zygz|`FJO%?}7O4DD=yb!+=WM(;8nP+Lu zX&7H2LBkoNX%K(A~83C+Lw?rcAY4L9EgWso7+ z#*Dmv&zzGhw%{(gKUZwyl8yhx8R1xl++XElAyNAPEPbOAx&}^ZL-HEQ;gGM`p)wP{ zg@z!rOR`ooa-!)T1zQs>mAV{a(M;zdN{aFwIS}LJZJs_jBPR4r}bA$a+%>GGqq|rSXu+I55T& zcNgM-yV?!Q9battvEf=A2}afZp<6Pn?S#>^I3Sn~miV(vrtU78chO!D?x=E&8#q}G zL#a?$r%4y=HzN6uot zS_D}nR!+&WYJ$_4lGw_yFgnL{uuVfVo(ia&m*iPY^Ve88)dxo=lr4!#OJr7Z<_cBB z+LRV(dr=t#fADUV0=|=K|7l!^FCv968%IT{Z>@*Qf5IVRGWcZ_z9}zI?(bIRr?mYO zWSx_yB0CnKD5g-9tp%J3wSc+RI~uVnH8}Fxml`ZRZIjETc-n^qZl>;pTED)PwfJ zJ$=vuFPN=k321IP*U?68GT>L=MyMHupO#Q;}-mk3U7r1Lnl+n@)xT#iZ2MUa&ka z#6RhtB(pl7{Kwz5Kpg*&C4XR6y?%vvJrM;>Klf?JJm#uDtGVDZ9+*uC+GL09o$ zgpgCO;$@n;<HJLkNb%hn~luG5Nl>vhr&>4Pv1siYM6KvE}` zuOv)S#^2$lO32GHkYTgsk(pL#oTp!}sb{g-eX zMCTmsS%Y+sbE@%Ituc{QV9e9IN(}#*dsdvmXpLY#?sD@u7wye2Q|wtxud_6h-la}r zRUKNC=~H@kI+L-aD5|&e@(i3+Jj_KQ$j*6xLYeWq{<)*)09x=8id!x%^PH;>5Ob6@ z1sg0iC(mL6boh^(FWoi~k2J^|9W4?4I4_rp7^Jn|Vr4|ZgN-X(9>S9f`zgfpp>lRw zm8#u&v{8uQpOe86#`T??k$bE%!D9LPC2eTT9YT79Lb=b8qS_z887eJfE(UjgS?&s4#y_Rp5eM@!_iy1dhyc7>OBgjmtiy~?^wzW6mrWBx*h@J zAb=MH!E$9xxWT81-P-hnLfE75S;7b@Q+CFvM}o-Ti^Im9FJm0$Pfa1oiWy^@G{p?K zZuz~#k;9iv>OIA%e#^NhEGT8IboW0ZlAhwxDyCG6zf9>_neP4#!-AXF*gY6L z>;!Cjs^&VqmaBY@?y!IQ?FG+GlJu#b1K!;X4?fP&2HTjVWlHH*j3WdV&L?3G10N_O z3`Sc0hf}<=`idF`+;(!w;fJS1Nhb>=m(%h~b<7@6_e{Ut8Clq@-+OXYLKW+ma<1V2 zcEeZZ+*UCccZLeP^xE$FzjsPE7KFdoW#f9>ALSDDG1;978xjX9B0u(^&9&5ux&^D; zvH#MHXD{c4G?y|Hbv(%Pcm$hqP!779NPm;L8?KY^Ewut-=M(H98ZI$Mos2c$sF`Gx zU14GTbkk&){(L9U71@J+pr{&b0%=dKRPnpaI@`PxC1E(;Frj%$)t3H+)Kdygf(9=o z^J~eMqp@OWkh{D+SJCL#AS{b+DMF6Jh8Yu}-cUl~=)$Wc4@6&r+k#oQ|jOyuJ=AJ@MlNb!k~c$whrtpY>gA zKdg5g=4NuOFV%sOV>cy{xjiGK-9#$K4~LI~ zFnxrWGntRkY#xv<+duSn2n;4Jsqo7zv#(whNU6M%(QZXwDz_xc{Qpfz9*D|0h>&pW z{4|?f9ZFRW;rBlXIPei*5h6eKpxrN<9Z|@A!m&DTBbjkqHB+C2`T26lbPfti-bGB{}@3i^H8Z8Uf7W z#{s^Sr$iL4>`5QG4t>6GHQ8<5d81oq2kBMnSB05v-+Un(1HZ@?865(6a?O_>znx7k=eb)Q`F@VXW|5&E< zspILB|M>0APl%j`CbhA-Nw{iiR{zomI9fxPLKxeK$;Afc{8sEbc9y*kN^@J5@ys+i zKjX*&P3Ycj8;oN1*GTJ){0T8(AZart_4z@GyZfqldCd3xost`s8vzY>xi+yjl7ijU zNc`AFTrxHZl+9V7GoJq=7hmWl8_57@tmDHgBqU_)zKnt=L|!3w^n70PEjN=#4|cgA zXn>dn(-SA?F4ooQVtpNKx+}ZV033h{WfAVBjn1sdw+CgM)C;3cfGB95hXM%c7GI`v zB@q}sU0ZuQfzD>+3OlmQQ+)t)R=4MHQpv(UO!U9%zVDDeMMri0q5aL;%Y#kVjI{Sn zJVjF&mD_-fH&E$^M#k6K?TM%a2K{`>S=NpUoVrz^Ue|Uc0qTGLe^yI8leLWM*xoZJ z5%bqP@oH2-RrOF4l@k@9x^k=$wBt@L^&3gR+a`UY>iFE`3Hl6&2xLSuTY#R`E{=&N zDL&Z4*)=uYVc0l$B21Uk`RDPuns=7=iT8sTk_Nd2<`Ke4Flfc5YN5H=xar}*efDUr z&L*(S*lmEgu zTR!Bh2r$oyo^5N)wElQ>EwAg8If$#1oe>ToiG+N2^g^h|ZzoeTpaPgOQc2_;7}ZO_8q?S_li?p)QzrkBl)`4K&7NWeLanQ3m7+ z8Vikx{OX_w3&#CzLQ4_+4E3!nrGGQ*m1H9iuzVe%)Hi-cU>kZJhNwVp0z zy!hvetm{_Hrc`PiW}-PEh`7i6WTcrovG!6X4dBj$D~kBd*nM=~=S1`wa!GS0#Hn4A zXWo#_*U~)R3K(?!TlqjCZ9gCl0<;@CF)f3~#O0qWN+Er9&S=zm73H{}rR{aG#8&tk;>eIS!S znh0ayz|dQZ&1dIm@8pAaMFD5YlJQ78x~>X+Oo-ZlS#M_uT`>o7!u2$dVqEfmJ5pil z9V0kSg}EGS2BH&GBxG=uX`%L@RaWVo&GY}Wn9P>`ZRj(T?3+YBk;}}cIX6NY|I;Qp zk2opkNV~rk8Va>TP6o&v(Pr-cDO;Bo-fZKIN4=+c9?{d}QLLkoMJCs#D0$myi*%_R zx*QFlu_w6V$B-kUuh*u#<$pAyw~tb`-$UmHm}pqzfuY9{ddy-AZ{^VqUz-!ed;mT% zT&nqGpR^6Z76|!An4VO$5ATBN=p?ng@oh^P!joSHvN?MnK>L-ubD+fHO-XaUDU3% zl%}%%2-+1IVA0MK**1)$=ZU2bXO6#AAs_q#3nU{`0?A|e+c=9sEZsW7R3d^QGTHwD zIF5W$8lPx#3IZw>t>RQq2^L068FtseSC zbp=ACW_^q30eJ%GRccL={m!3(VA*fOWw4HF5)xNj+7Lm{=}+x04(866P433P_YRR7Cwrs4@ms zYCXj_JU44}B>b|MHlFS!s{h8euNN_q(7*Dlg`gtVhge*5$#{4HfAcEE+ZvS9+}pog zLN9++~=4!N`^&}|>#wZX8B@CTjN2{Q_PdC4)^mo`X!OM@kfAzVj6 zM8t9`7o11J#JFXMDU=uu6A<`FgoNZF#fut-jv}%D)awDWG3yb(U*5-oEb4bi3-PmR z@F@g2eff#g7eEe7a6l%O9<)J?K^`W)9d+vq%EnD9l$9K^?CV0mw9as6e|1|s^k+Xz ze;D%?+saH47XGy4I$tgRZRD`0PuY0Xl4yUyRrwAWkRY8vDxM4}{@O1-e%GvOu+973 zKgrFwCHvL|B250=ywCz z{^uQSQsWuSrtmoxkDL-s(qc{t{|e&UQ=%^(eHmw|acp5=r2E0Z=25xDz0zg>Ok zl$bjzUMsy}82tIQdu0H5y{|(P8h2Z^8rq@+p7_wuj!( z+ET+sLQJnOps3KyvR`C2!DD*>_gzJnKT~Kbpzns%u435F==de!fC>uq^7Vx}O7ML; zuP39J`4A-=VV64C1{%d7s*vX1vjm6(HRvp%K{cQ*KBp~F9)UoUXvE?4 zNAh%9Yww6wUiln_MbJp9=xkdlD;G!Q5?2|ki>2naj2K?ClsUc?a#y=r2Zfcmy@*Uo zj5bIsk4HXII=#+BUa&2&GB2|_8gCcnrdXz@?oz3;@;X{D>&>gAgpEH>zsdE_^K64# zyy$ULf*qhiyK(-); z6~^_1eKssopHq9&43&OHHh*lf`ubh?L^}#uJv*2&7oh*$4yAiIM7B@> zZE6QcV+Cs%=?v*#GlgPDvCL0E7V!AvgQOM7qB~`cIX(di&x9lP||GZ!pH^L`YOvRip z2pSE@f6UDBYOaK~@;j{X41TT+1MN@fURcN%<}4`4LH5n>o%pUmi7yI{xRObzN$wm7 zjVy#!c`3WdDID}QvbvvPf<)7}<9SrdBsJMo4}OZjT%khUPN2J#$T>lfBlYLnoXHgF z|4pE-{O@Z(g&_XDoBuiOz5Y5BgB13o5kC|n)LPZ2hahketIX`gjKL~T8QF~qBEm~1 zBt7Qzs#kNb|3v~$BV!W83R=`el^YV;_kuYm;j9_AFX-BxdXknq5Kw^Uh)~9jXb@CgDKj~Tf`FWI9&2eU2M_|J1}qYmjof-Vb?li zPkifzEGHUUi^a@rmqs)?1UkkJs_A8luk|Z;>Ue#^L=a7%9aP~wDX4aQfyLWhkuaAl zmP#^18sxqPM`^q(C%!Mdx77i>B+WlTe&^qzrXzQrrp5(TmT-(DD(m3Z>l~nny%+ zdOwWupVsoaOAcB^hSV53Xvs}!YB(=*pUzQZM>{Qbpx!iQ;v7NyXO zSq-r$1kvHB16e#Va0=mswwJ&-NBd~CF><{lH9N@*m>c00t)M=Z+mmPF!LJv9Wa9vsPQobNd|4!P2(EGNEgHoIf&xSmH5ZpFv zQru+WcRhY9MN|cqdIMRFs^D_*NAy=r{ryeVCHeol0AeehJ;(UG`KIdZ{N3MqrjUrb zxft`_@;Q4C3cF!B)iY9Dir^b=F?U>l&cc3xiC}ifCm&#-Vf}u*=$Z|6`cPwyWq4L! zhm|T&;T6Se#O0Tgd68+9)+D;}AnRk|ODk4n`2LF`@`TnZ0y35wY+{K^49;9V8+()6 z3k^^8UJT4!tPzydDYCZS_|(*Y-AyeySaWWAwYVQZa43JD@ho(QKB^}6?+-2XMBQ>L zoe+DGS!mlzM_mT~Mo%VLf#bS=pG8>M@CHl7B! zao}rHKyAsm?wjb-9EG`q;{Uy`c|A1dvjj_Oc<>i47q9;JzaC0PGDe#ZErTMdIO{eV zsMdq!LS1PWF6SAXll)=rH7+E5mE6B(+So9`D(!ez|+?>!87Uf5JNv5iOrx;xjEx45gXO%=0V780#c~@L? zT&AHdc~tk#fYk7UdGjJKWtUFX5W*XjFh&Fdo%Ek?G3x28 zu;Eyec~(TK#V=sA@)gX%L-M?FAmK7}^b&oWvArt{`D63Sy>2tBjfI=X#+VkA?A-6@ zg|{};n$bIH->rvcW+mu$)CQ*GcU?&6&WwxlUCoD(VzN>Z{Moe8$1O8c)}#j^co3oK zvl%^ijmHW{6}B=1jt;aeHO!cFhj^&)kLUXJjmkJTOBLBUz-KBWMvLu6~X0qzO z9^+T~h30IV&Nn$QCd4^<&z(^?BATg&Bx60zVx?SeXPID*)5EcsLuNIXKsc?H9YpMT zI{Th-#ow5`WL~fIs1|sOGdMvi95ChixeyrRv zeGyY~yS9tfw}M`2HPzOyO8nS@zV3#;#_L6M z55%jYBRWM|R!k_Nbl9VnrQ;D#jtoLZI-_jgvoyc1Ljrag4Ke58e?hM}@6YYl<@CFr6#} zR;GJX6|!^&ioW*U`lFM!q60>KFeS0_)LL)78Y@EHcI4@(lFHRMhaY{>FRV)+EZ>^( zOAM93NZOq;h+~WAA-x<}SL2I}IC;l5}h70%;$?Bx1zI(DivXx0Z00vD8n2$M(p_`aYM@E)cAzI4~ zm}yQ7G+6giEeKS#?SLbHftf*Ia>k*tmx~TB7xi&0f)#3#^YZM|hm%UbgPBq-uhSXO zX{pvDv(mv;NdyI3(iHIJA^D)NU21X+tK%aT`Xy6@JIz}Hjv zl@#p!h6uXfV8MWfKUKT5*&o2ModAhdA9J@cyvPm&>gbVgyRoJc&o32S$Dvp@$}PxI#wA} z>q?pBErL=hloZwN{ptkwf?~y>gsqnH8_j9}1Q=H?pPrkqmzRE4b%1-F7Ub+w z<(*A8O7tUUQ^4y&oQJGEJ0fzYbDMAELED8XakH_zxjPz*z$3D&j|BrS+7)_sfa4Py z=!-f5WA0hm;k8@e*?IY#1M@9*`!;t!WxD+3>2b^Wt;mRoXR95>9lL}5WkDBmWi(sC zGnO}yH!OY}$>3x4qkexaOh-Vsex%_?tM$w-?ly(n5#M`f+j8bu%G3Jya@%xQ(t4*B z)jcqbe|Aph7XMabMY6A1wp%@)<8~wxMe^2clL%w1`{i8q5KxBSF27*T0GYh_Cnlv8 z-cVz&a8v971caiqU1|&^pOamZi@V?)+oRKejhy{1-ZYopFxg~joxuA^lhnJe%wU@| zuH%(et3>L87hz6kUvb%sXi8Ul=i_$%D zFgfgp(rPOEDbw*s#2Ai!Uv^w4tZzlpVaR%SVG34+0eVq_N52*5=LBIYoJC;91{L); zhaMt7)=(TG0=`7!9aj50P;2*zc$Jdw-6^j^^VO`f-`URThnrKCId6q@DP3Z0bGuG) zf-U@c5xdZB0nVz?H_1GJMx{3+U!9fW0ju=L8>`eciX6 zBsL|MX<=eOV#%Mh+?se=r6QO4zWUE40X=4C>nN5Y+7o6h!mv-ZRx_{% zbx`=*Y~`Lr)1SGwxvW3zap$GjoQ$@3O36{LTI@V82t#)eE!DEue~HV3vM=G8(gOg~ zu3OEQqt9|iF?!Q#e!F1P+k`wbbxK;ZU&u+bMk=`zHWA}04A3Dr!p{556559Xl-@%2 zj|WD%D<<_QlLOoUGg_V;*E%JsomQ;)(EizPkzJOR1o{W^)7ZNPT9f&#w%_k_g+py|FJFbkPZ$%H?LN&HSaC;ngf-Ci!RsH_wO%yt}?T52ndnsMTCudL|T_mFz38oy(ruBq4iX$8(X2!!lN zvcaRBPUK#=%5I9)TYn_%Hk(HUtueWu=1V=kyf&V6@J43luW@J0xPebnG80~(e%`Q2~L?DRBQ z9YhJ&dCb+1e${V)jsh^=`%>EaaGXsPFz2&qf8uZjaPKo z!tCgOt;^wur#0Bv;h`vFp#|eH&MrnoD0O>y_tHcN*l(u_?NL;cO}vS5%h;AS_716H zl0Eo=Ad4PD6GQD|r^KX+^1}P&BKm3zj9F0V_ z2TymSX>6X>30ZrC`i1N_u8-J$Mg{mG?h$_{qVh(9_PoLzdrI@{;aGHur;YG zL218&W?-S0&WalEAQE!@(PoJ-W)0D?n)=4FCUiDaKWxSNW>c2T30=HEpa9j*DY zt>Fl@G`4VLi`o@VL2WZvaZ zBazV97+sz>B;IzDYniY!u=UsPe`WJY$PSU@Lv&y0)}E1l2yao}L3A8N z>c1L{XRi71Vemc7*pts?4NV13l6;3r0s;Aa|1&EVw_BU-J4ogcQ8w;)+K2I8N24tK zkdx!8b+@y?lxqGs;nUC%K&E6D2YWi~A1~66^5#gD_!R>uLg|zHD@quA_7GOcrkfm< zVrBp_@nXo9IjrBR%ju$|se4M=^^T8oi!hY#h>nicc>~ z1Oe?T(x|8iu|AT2toB!oJCb~*J6F;w!g<6;?^b&MHFyXBrdT~&Vog@-Fpc@=UVUZ% zcLkXIFCmB-_5~q725epwtEBLvld-pRoX6OxeHzQWY<2vl#+l_#@C9#LPz2xgce>Z6 z6Jz&Ox;59|MToBHB1Z^%ETMd2Vy=`)N5fIm#TP~f;@ja+hugNT$Zab=8L^u+ra<&{rHjK0xO02+hpP>6p zG#MV-W^G4h+E454e@l;=cb(JNMIs!Q_vEgsf@#N580CXFD=j{N2I`2n!2#C`pN1f< zf&m;RUB4>y8=H>mEG-s6lOftba__f1A~Ki$%g?ZZv3Xqz*A5Kd{+`VRmOya>ibGcV z)QCDyPLP}Xm}k~q+hBBnV>J3&1@E~KSvld0$b>_KS`BrLUC0GMO0_ITg^mkbDhOEN z&d4=ho*dyevgP*)7~C%A4GGp@@^;1IOi^iY*&vn`dKB)sWz_BavAj3}g2dPwPcUP9 z$WUTqd$-h{^eg>PrEr?>l^fC+X?fc}^@(ChUkZ-4z<;}qK zCjik~Nr?*f-&+-wo)_$NR!0bg@igKil}qss_;XpNiAwvE*|&y^gG-rouz+LR8N!V0 ztr=7{%?w|LRnL!b;!z)*L(rIL)I2vlVE6tR>a%Bch7Y>um8%!`nX{Ry|`$V@%Axt-yio7=DbMUqvM7XMf@mj_o~ zw1<}Vpnn3t!egaZm~$htHI6%Ez}6#=ATVRpPd`lq?m9ZaKs>-v8b=}xt7!DZE94VZ zIoCs#?~1_v2Mfwn$_nedO^gomlsCc^#;tY6weC8t?z76`P5^}cs8%pZ6nbDM+l%^1 zXTRvK)hA2GqQLAN$$TpOF?|2)MN$wXk1)r`SMWedZ%8%3TBZl&&bxL5911)Cjwf^l zrB|_|o(Hf~B0=Vym`T~Y%QDr^j-^c9@l{&nVH>SJ85|ogXQAwrmZto?-gxWbg`twe z)NMH5hQBM|cR$m9=?4Av$+RlRqljMwjIFVuq|#dNR^j(>o-%EJHXO>PNelSnFHmh8J=^uL$sQ7ihp^IWEm(}|n^Upl@@YXWj!Rx;yFVDwe3m?0 zd|@6JKRM>}r@6fGX3gY|&i7=yF4OrOTLBXA|%#oT2e zuLrX4K5Y%8H!D_3clV`CNg4IV`^DWN&EjymA$-cb5ca8#9gsTP(DQWShbl*f99Im& z_85`oD)r1WDExI{Y#lYdznsI(F_k=PeL?%vi|cC$`u!%3JxBQeuyvMQaYfyhF5H7# zp$Q(`-2y>^LvRi58r&ri+zYqh?(SB&yKCX@PV?UG+vD~a{R_^QbM~HVooCLuqYZgf zaC755Oq@{Y&?kGGUKp9tznw3?;dhFKfl3(Y*uB*rdfv;;($u?)7?8-C){E}|Rcgt3 z>Z!av<9DX~Dm@bp70SA+w9D9PJ@?Mi$b9+evWspz)HglgLr|~uxBROPQwRNtfOOP4 zBf=_y-zaJT2Jc5kCJLQ>;*d=jB6X+yU&iCKW90RVI}M{q9(3wJ72wFX3TVo+v+dnQ zX&(0Hi@7F8d_o0}I@6gYMx(mrMSk z(uX#*U~z@)#gz;5l_Jb9ZWQecx0XfO{y3BQM|DCbUt_v*%&xX_bLfqV8MX_L#J>{$ z%%ykWVu^}i&4DjsyDM|a`lGdO*@J_D^d&O+^LCE8^(|tu8>T(Od{Y}M2WJgu=4-hZ ztmxPG66v2oWp|}yPzc{ueSFbq<*4Dx)PYZMfNz_$nbK{La~Kxj{^^aW%Q=u}Lub$0 zG3je#!+e)`W3hI@MT}K~?u1Hs0C%L5%;s0Jr@{`(l^)UYn9?~hRrAEsIcbn2&+i0P zU4sM@E7u6f?}uPZB>GDiebk!LV+Ccf@g@)HgezV?DU!T@A;Rwk3c| zgv@A!PX~yjfCr~05hSzo2uEQuwc32i!49adc7a7kGqm!x>oYPOE08mRllcSE zt1r`$PS4I)XM#D<8pJ$oRCxbpoQP5}Vp?87urr+E< zQ-*GXs%_g)$)9LLp5_@}F-tLUM%kV|5n%t?lq()Vi7e^z#Q5k}dU~y@+b0tygu}A| z!;8M?l;n8)ddGy%#E+4}osW(`F_Q~lNetE(_TJYhYm1T7U2#d+mK33zu<^m<*@3R6 zNP_B`%Yo=R@^?LsI^k=rP|;+09%*cjyfdE+=+sDO%>M5k&~J{aUd~AIlceXmT{7gd{_P9Zv zDRbO?IYyR6$oyfy5^VB%k z#!ge{y<&m-xxUbga>V`2K0I(_z4d%LZtp&W>{+J^sXOj@--rME;d!bs@*+mhp|r;rY*!#TxprrQD{IpNB_GqanPOOo6AvBFmcK!nz7 zF0-v_wBOvvyP~D%JspCDesGaSGALeI`tot?k&2Yw_B{5fcakh=V_4Hurz0Z19;IK8 zGzvd7)Fg9G3<5clIF_* z_i$ zGTzjmeU2~ip*97a7I~dI(#U9%KsooFNTpvyvqLO)VDBB<=Ln_PtLf zf#0*NM*aDpqo9hE^*KEfr5y+>0UFQ=7_~Si*{dE|Fe77kYe`+zgFy=uTBueVXZ%`{ zfQ>!OJU0=emZ`)SSY8Pa?!-rLl)vrOMGRUsPQ1r2C?7(v-5BYIupYHr%$-sPLe=Pg ztqo#!z)2ch5Lda`BaWWLfy_C$#ErZ&LcZ$3@it^+IA2{y zPpwL~MP#v~^+fq@-RQo?{xg7d1R2foguMqM>T{%akER%SV}a`(clis&LaM!!cgqrF z{m*EH-af~t2??6==1cC#Rz%K6>ak+*GlBaG4nUy(B00BBV5NEqUH1&-=*Bg<5>vph z+{)F@RxtWXCqJF^548H*`)c4o=ma+uYZe`$b|y;ALv}55PqKbij?VSExo`WP_enG4 zb=Mv2{%Qs@$!)YuSqf{FS+PC>!(kKyiM!Seu3wN3-*%vAV(V(EXU5iM2&C^X9`Gy_ z!sn@)pQTX5wO=}ZnOm{ecWsx;bGcEV)LP`zPIJ zyg@GBPxzzyPg|IlJkF~n5xklb@+DWGIa@J8Ah*n35(3%`O$$u?xPpI~n!Vf~cvv}+ zriq*GNg-p*LM5xDU6K=oNoFbObnW260hGK#y=NjjOeovmYx z8d3F50ffFM^cxIEBV0^IXe|R|9|3`GtaeGcjXoC^ia zNhvAmZXYL^X0(UFa>MyqYw$iVzFzvVtKbVLgMf3YuilsUmwFcVnDLx+`OuK{dIej` zZMg-Sz)&7O%qaIBkgyzz*_+ubeLgLnC5__>TNoy@<8(HCs*9wOeSb10r7>GR70#VQ zhM|JsV`wJWgr%s4@0=^@M(plFl%qB7hs{VvNGM_ZVzxeN_^dyUF2*4`3kjv#Q_#jw1&4`ESAOtD=&uTaVtg^-D+*_PC1;ja?b<(zFnSdD)RE0P^%R@onMkvgXg9X4E6gzK_X;(%6qvZAgJ!rx6Tkj3XfwyDji4# zRCL;gW76jY?X?pYLu-OjLUfES9O2N`UiUL@_b(x*OCl+A3@}<~8u?~X4!p#cVtyRq zfH%DHG;~E6MDde^=0Fdxs=iN(bT2pZ25o%Q(0V;86nf;}-|j~6V4Cj2TYtbkKvFZ( zH>(bM)Zi%xHJq&f2GY?CeDyOCCuDAR9la2$@jWrBS2>3o2%E?g2nT4x>css!N6yx& z9VtwhG7-EcM3DjfyIb^btU2ro9EJy%dxaoD+YsaXGu@h!eKi8vxyu`h!y7c{az4_t zVCKY@3bigBA9+GHsQ_T(}&3JGh7xQlV~ZCyl*2X6KOkmN?P#a=f!{ zCup-Lk3O|tqVUX3`7*qb%)Bn+Ug4yq(BQ|Wiin_(rG7SN=cr?X%B-=nU9q-8eD?1|Lr8`;&{CCz&K zT7`n}hwK_&%evc^g823cKc6;34hjVv;qxv70Dm^e?B4Bv9gsS8whn~%0-QFUAMJ)= z&Rq&?{G87=UZzqY-xYj}ACFvpl{25Jo`YRhm=~%x&i}6L3|-dFUXPKz*0eqGDln+) z)U(O_bJ1(dPIsNkhj`!f@x@a?*hzXEbGVx8hHsvQb?ZnJo$em-;TSAMfrqe8u$i(< z&Z!xhSCh{mySE2?h>6`hw}9%KhL6|$`A)s#qUiIVlMhM8C-Wx?T`~XDS@=n`?`He3 zP^8&-C-H656$stytKK))j@ukahp%hvRb9y1xt7uP;LEw4YpLJ2ECY2W|I`WJC(kR!-Q#<#I zIn{-s)=xkK%dsHPBBE?+#*3-mh=2SNAKJY-d2UPGf=Kl4lq*obqk5sr5i7$DIR)|9 zzgyeEd^A29AdZS_dZPKICup^?D1i0MfYQKF2L^443DFRsRV#rFj_U*_4P#})y5lTF zv(dVt3ZNFB{0wm5jYI`%!_%Ji|Ao^nvO9#6$iAQXFd;d&oY0JTrq6NH!2Ll z-|Vez2EXqo@gjYaxGW+TD+u=Re*DW^jQ*iI!i|44H#xL&3{*Z6)wGf~{Oh(Z)(Q1# zR8*)vu>didk5g3lA`{vggBVC)up})k<0`RGBlj`W7AOl1V<3Qa|6Vod{h10QkeE+- zvRtzu#?NDEu8kO21IF%2(*DVrCZ5qdbc{5SF=Al;wG^^WD(GRQw5}U7U!m1o!DMw= zM1H{}s=-|=V2p)cvF-zk8Z(m3wim?`OgQlrl>G-P9)mI=HY%AE`cXd#7sMXF>sHq$ z5MW}AXv7`8%hhK?C2#9|N`EQUfLR zPCx8y{uir@h0vOfvsL~G6Uqskg^;96i|Iut>pwSJ(uG@UCCh7dH637bgU70V~2u53`+ImC32t&Odhf5O>FTcWT@&}P9a zuKL_PZZ>cjUJzlE3JEWQm#&bo&7@)4u&H<=aI=GvL}j1vV_99!Z`YSG$E&QbqICq==##K7~3 zjD1o*dFRyLczRCBSUufpq1-5dFp~D6x9@Mj6+L2RgBN@s!W~zgvPM%cbFSWno;17S z!?A-Ne%-f>WSKkdA@sE51f-j zAKIoJr5)Qig`W0k-Mi2PEvZKfZS7uFM0S^tJsNTc0+|W2N*<{N=CA*8>EYyL7@wea~UZ@T}{K-uV@IiLCdakVJg! zoxOyew`Q-G(hUYl!EGpu_XxlWF+r~B%Is0`Ydf_!QcH#}SaR667Vh5F_wLwn+1DpY zgLi}J{bn%)6tDl9rJpxBN8Cp%xuv{kY<#TBSes3!%VgTR6mO-9uzhGQfvn|{ zA@TQa0x?;k0*Mx7n#J&chp06r0SRuIKYOu18YtI$F z>UaNbAZ4O)kAhCae@=}mANaU%fj0m2hb=@V#~2EA93H6->>|o*_Kp755~G~sqFu2q zsc?N>fSt&YBU*r)U1~GLVeu3+a&I}Qk#r@@iy&9v-VCMATujTPUt_pEoN_{{jAIhe z;h3WM!{!mB2fIq_$Qdp~rB5+y;%A9_Sd4&9jP`wiY&3t4$Rg?<^R*zV6>8186n|$5 zs{EAQuY4UFOfvk6ht=3Pz82$Q37Ib-2lo8f7bL$}G%sU)LYpSCr)oPjJ1nmqR(ck@ zK=)z2g5+yVb}6I~7us~DEEM3?#TLlbR(htRJ8J0(Sx|g??rd4MY<8eKl?%*+m{wcg zELPp~8oDzrG$1<;hM+p9fYN?x<4P6O%{{9qpo-S`fFMOQ&kP<(Q8*nJ*B$qFvD!BH z=?C^J%i}b8Ngu@cYb59lJee=uNM2!lP9pb$jx~XhfMjC>+_~hu@v`j3Y zIKDUkto(5nYoi8DuQIV$`qLQFJ2j6~vkGxWROP$1>87ru7tpnGEgnQ6Ii zmuU)897$)8bcITrImW8_N1T=a10VhVppd%Ia{bF0ABhUawDEmfw7Pe^=U;7U+o8yUlR9GbIBELXXIw^zwze<$_KWxa7{Lz}Ucl!B=8QFd zfs}T|_vKyzTdHYo>|oz4Oa1I(aUZL8j}!7Hxtc>YMyVXLM@IIVy^ZxH9)2THy*!M* zl~ink%DzVQFPZm7>%I{K5QfV4jA(;7{S-qElqado8{$UILYb+gxAxM;~7VMegV25G7J{T+52 z1R}A2DA6c1>(eQy)B>!c2Ab55z-#$7IKh^!CHYkCNing7HP@C!!eK`Bj7TCYYHX)S zmXaw75te@LcW>FE#NKj!$x!Yo6op7eC}cE;#?xE9V~3?!=mHm-gF*O>6O4ctro<^? z%lKdw=*iUm^vo8T+Y2b;zd~*DE~vOPuQ5xe{vZO^^yh~4yOg&1xA{e!VZ}(c+cKpo z#!$yUY7`jRVJ=S+g6_Km$yK%`zuo_3;f^d`?nmz@!F)2@&w$!a2E^5Yg?jSNT2_DL z;=>K=QzRX6L>bnZx7o`nj@LA_wT>rT6~N#Wz4&-h2{#Ig&?2GLtB{1fL4i5%CS*Yj!6IR2n&^38 zy==&n8{7fOE+-q}E&OtuV6=*V@=RKG(^0^9WpQlrC{3R+_jK6?%A!K)o387MSde3{ z8Rr94w6Bv&O5WJb0U)W>TkddNv)E+HM};;4DD(foH+@xqEzJj-7GQZxS0_C?xxFBe zD&+|we4VH1UP-;!v2ZyeXn0N!*|nqIE3X!@f!faoX^%psWzEC!FwrxnzpXMZ;uKcy z>c~y38IiucJ0299#MYV?IjyLwsHnQlUs8}vpn)~vLU>eNe3koHm1G(n2Rk7PF}srO zrD-Vw$2Lz)26?`ec376lEZtU5I*6wVjhe9LVU4jSq;jhH8{uJ0gJido@658Yc zuO_i2K>O{NN+dDCJ*@SX=vRa8+g%Mo8fc3(=!yO%BOid&xwRI1yAQvJClz_B~dOMHMdS1ul7m!Kp5tDqA&FcN8y}_){`-sMScbu=_ z`};8jpHyA%q2NBDP~b+$+M)d)@heDW_!LpAE$CFFQEtN2B6@R(;_dO_YA-kXt9rSf z_WFZe7Gl*+jOQvG#XoRjb$UEeyQ|O3@kSE6?|ldZiN^#@XL7!}(?^Sr%MSSJmEBjn zwO8zcy8QK1s=S$J1H~HT$ z07EQUmWL{AZ9%SdzyPAbw04rDbul=!LzMAWmW9_HFQT+9oswO1FALjYvBy(D;KsCQ z3+)SZShwX`= zlJ2tW1;Wc6n5UiIzcplBHQ1_HeKXHHhI3q+#)Z9XZ)4D_lOcqavJZ)8dK$&LO9ID0 z;0&y5!KzndL6Reyxr}wE&d!lgxn7rfTS@Vg2UPh)30+c^h^db8H2OQ`H|U$)Jxl_* z)?^u{2}?*Nc41VKZVZ5>{+Q8eI`Ge~&)WT;#E03ww=?AoN6Gkku=2&qQ4EXYvQ|`A zmFNw!C@if(l`i;I_WjgsG1PtJ9FgA75>&Kx8tjIsH3~5JIirJ@D8c$!qB0>b7~v*U z2Ab`uZj4s*NiuI2Y16`}2mM^5Yd1MEc{c{XNA_|ubpeF{3@E(>nYB6+_UFZFz5Hvo z3ltNq_yX;s(ds!G(4~cfvIzkw(;9L?l6;zAo86k?17GsM_1@?7DGyUW* z_?;`6o{Z#H=E}-nYgNFGpcLH>&iVYQ7%umAIE!T`U$Z0|i?O7T;`TE;fGm()5zfr* zYv(@JQ)K{=D)q>+hIyhw#*YOr_2}?rpW_TD^K7ZdVC7696pmR)EGz}os09eDInO!= zO=Y7mPHPAEPFs3rrQKu(r?nZ&bQAtFIwznZ?IQq`qnyd?n7hT#AY5QD$t*DQ=Rx)s zAy{sLKGY_9e9+2S*Le<61trhcGFVs(53praMxl}!5`UT;g#5vyyT47Uz!epR*IY%} zP9?Io{Ud@D=pQ+42$fGnT4Z9M#!WI_dVNK&ukg7wP>ROH5F$lj5T(^tzZNWll&m)o z5Yt2uL4M;b(k$^}wD`3TmRGD$Hmxzyqzw|FxH8G?x>cN(?b{TO+x=f<6E!P>P_z`g z{3^V88r08mJ#P*|J*E6^G;+fN;`H8)d{@?cYPhF53v-8N>Et<0NZD-LYxay68GAK# zFCy@inC!||S^$xbe3JJ7ufiw*+P$%JoSfd^%e8p4n!u%gS}|=4|kFGYP^vS-F?0Eo2j>5|8w!JOAD9xA?EMPX%h%t zrPqior-zdFg){Tm;|Fw63mbq(aBMvxnETI4fWV|V>^{~{loRjLuq#cxcN(b$`*PKc z^d8D+7nsRHaLOv=#Xr=^2u~PqhWc3)uH8cC>DN)}EJXphW3W$$1<>HT z-{V9cXk?;5|Cp1XK|w&QJ4sHOlAOBhGfz;jExWu9K_etnzAW~vdVLaWmP$g_${c*K z`{QU|9eabkY4_*TSB`<{iz)K>(i+Dy)&%Z109$B&fDg6i({2Tm)9TR2CjXQI9GM-@ zkAOtnTsuuLk_E53w-|CC*Ye8(Etme)B!c8wsa^Ar(MaPy&|urFYQnqfz=y!%8H;G~D>DFMO2H)Ld zD_{d3s#?3*1;cXFQbQ3(`WHKmE1@S&koH1|klZwsT;;TN3E;OQ+pJ59LqXKMe7DGa z)K(}HQ$@o6RWx_fvscJGK3AG^aid|rVHq<3U_bn-WO0jl>4Q-gyAX6wQtU#Z29KoG^8%VzP$izKeRK}wp>+~3v9{$P= zAxVQT8nfR`9UHBo4x76?JCIR`&vhv&j637FjVcl-iEthTnw8Ea+0-)Lx+~u1k5U1{c~O=-YZ=5{mdmS*D+lOVit@(h z-@z^LX1Uwu*YxzZ06U&DzR%X-32aCV02t2rxHI6JKOho%-zaBBUy=`ne33;dyT)_m<4KnC4 zPW;c4WeUJ7VXd;3Yt%NB={Cl;!L3|6ZTnL3b3NWkGbib-+v;cCR5Sas z8^o++9oziYoz_}!tE2%ORD|QR=B%-8rRv_L-axQQAoL4WGDA8p^n@w8Wlmm#oc4E1 zW-9*zfOAr1s9v6jX-@6RH8(?a+!7v1=I}Qinz-hZgUK0&ZBMYK1&rv8xwvIh=9cb{ ze_c@YhETy@G01&>DJryEFlaX(a7tA@_PvtppOd1Y920M@AM~bu+Y}K~z*gu8n~8cp z!GdQt3g`<2hw^iD=$6O-j=`n$~-dpf$}{EIA}c~c@a5pyY#E^(gQ_b2S|pHHsGE?MWOwye>iRi$o@ zXJUluBQRQuF;GT#ZexLzvoWbzL8Vn9-ExIJD1FMj||qcw%! z^F0w2h`=eYNj|ob8Y|e7-{BfPJ8lbA!u68Arsc-F_>5OdCP}C(iKz4^K8@pDlg{KjO;3lwFCe&<7`B1S33VDvP z@ki+8>c3;lxLQP1fZD}B-LErY5Dll@A)~#;y+P{70~Fldj)6%vyz}q~r6{5v9Xmm9 z)7?t+;Ga~?*wYK12}XwvH-C&WpUFrhJF6N+B`)iw(trCDuOr-n@6#%Qe}Pq6Xzc1dq#pB=eGg1KJLJzt;J zbFdr1{(p=hE_LvHr2oZHQ@ywv#`zfiuo+D`{yO8FsBaH$;;Wr$@Czjs_Nid9n6;Jh zb^g7wr)z(R3;3p|<8g^0(8>ikO})vdiOQ0H%CaKIHeW=HdjM;RF|ca0 zg*scr@-wo&np`pQ4@6Em*lQ<9JVlLr2E7Xm3}q}BNF`SOVW)O^`(JQa4a0k$X_UXR_J3QBPz^6 zKZ;Ch*5NV`mt~qUKJkQ8KIa}R|AYNkMMK+GT$lV=Kc$*w;Wa;EZb&0E#T+vVIT z{6|gs={n&Z7@;G^f%gUkz%hXKb z2$-omejL!gaUL1Lefr-?3MzC$M-%gS?R-rA_6n?>g-h<`j%pQcFgxpo2Gqe3&X+oo z`zppoI~BvWoj)-cb9#-OAgbHc3pjvYL+7Jh7a*@kQ_|?qg z5T1N4RWkGHk@#K^1**Az7M|-GB70ZXlw0(-ndyxZ__w;f>D@T?7Cx>Zcp6cYjvuj7 z@cjNtGP2dkW4>}S?*3l}$-f*QXq>Hh#uO%`pwyrJ?U@GhXvafGK9!|C>^x)hDpzJQ zs-fNJiUyJmw)iIzGr;QT$m9kc10eqrgK6K@_#*#1!!6zvq`-o-a53{Yy^nTk@w^9d zt^p0rOu2}m-qLi<83`5M$8;7{x+%ZA#pB?};-l585+kLMOd#-=Lf;=w zUH=x%{AYtH)JQPEHlb5aGm714&|FHjIepA(Q=>3A*;zHWET@`;rFy&s`cJt>X&X_X z2t{QoyqjR>Jb{ILOtgN|PWy5@ueCL@(Y9aH zpsXd9_EsJw!|@ot=tXA1Ey;Uc@6|WY2kwt?Xj>{^#}7VRhjshwGVcDmb@p3Bd(iDEBTp)(X{El7s-u-eMoFR(*lZd#Xal z9M)e9J4P`8)$cZOn{(b&8 z6VdG-&+-jx71Oj!AVvIG`j;*kgXQ-2Ho>9P3T~@Q+8h10PBY~~>{wd|>Yq>-AzAsEed9vyND}A9lh6>mQZ<<8pwi5wMps%@5uoWvRSY%MZS*t-0kN<7&P$pm@`&GwXCFwfVb(p zm0bF&nHcW~|LN>Isq1`$uegSr$u#OwP z`Dw3ZrykfiXWytJtCGye_gcEzRzn4OvzBLXi0Mw$F?@%yS*otRk505?>!e?JK-8RGy(qJ%c^T>-vAgD13=DW+BGU zF+Va;MO;}+{Rn=4Y%JPtk7|dkA_qa^4u33Qzv1-ltH4!ls+mZ=x|55dZ(Nvz#WE)t z?ZCndB+&sI;7H|)gDm|h<)1F9l8L&WOve%?7OuM^>g|dni=7up4nLLXD06;#ceshe zw`8k&onV98VFt|@Cw?7^-w42Hksz~#RBVw5e#5qL>J;Cwm(iifvU_>_F#EfCFz7>M zGWTZ>lk4T5)rHW;zw1FhXYbXv{C^hN8Cq{(&dHEpb*FKqoeqgFs$9NpNYtw~lNwst zDJSCk6g`Ix@!DwPm!?>!W!%^<6)0`S^5bRAoZI3Uu#AR%Ceu0_7r{GVERCI(Vor|5vnUjrsEcyd z|9m;9-Wgc@I+qQu%a#K^*Eqao4l6g2S`rXQewGLmNHZpa#5NHPmwx|bb6^Pg`Asgw zQdw0@)MqZeO2`d{t2rGINDU!pPHLoE$}tu4cE4JP<76qKAv!m)xin=+>{ARX^j$?kUNE%U`{Y66USp7 z8ec)3N&QTsB)C#;6mi+^x|oB~4g@`Q=-mv;K!|{l87CBya!u&1@e(VNNj9?L_m;3anzg;c)P=_Cc4Cd?|+yw6q77Va5>t<`iI@APX8z z`sA- z=H!-c1h(vq)GHSQ{)| zlCaly=YQKcfqV#=gEomeZehpw78AU5k#5gHwQ))?3!C_}Dr5XrU!V?kJQrM?iXj)v zN)tIsH&OkPIQ~=^qbj0J(303MGd)|auAr5Xn#3him9MVy<=)cd#0}(axn(GG=zc26 ziLD!FLY#$1a4l4+7Xxze;*{3osM9Us?B&Bz{C*BX+)wz(6FiVW75rt{sp|b*C^SJ7 zNF*0VYUv!7X50#wB!K_v=>Or?NwW8Xr<@8w|6$pikj%S6E3hs6gFcGZOl{Mo+rb{3 ziy04wK|C;bw@d>-vC%rCY%M7OcMswc&LCb0vyU{toJ+; zVuo8oam?HTPb`+d4lMm~F%_hdR^SAWuxLS=1dd37iE0L!EsG+ z`BbT?p|umC(LKYnFLsyQ6P7pTHZ?exjUZ3sHQIJv$74yu)>w#tHgS&74*Ph%CgTO( zrPENd8*>+0wubRW;FW>==kuJ$>psDF^*8>>giQS;?+n+aGB5%EcY)h-%xF%^#n*1U1tjr-%P|a?WPrU$S1JCZU-dL}6NdNd2 z;fZ=>13Bg)q6pqGu@RZU`ypifn@@JWFANX{JPyijUmu==R=>okHTDDCOug{^*zrcd zes8cuSx{CtEe$gYHni zko;qpR-0CALditqI@K;~sGjV_S0sfoURm`WPi9I>iHL%xOUqJq@T+96(3NV3`Ja{C z(}fuQ)1)@5??;Nvlqzo<{)g6zKLjNe=#&q?tv)`HS#A2j-Uwd&8)?{an(XkjOI=i(_g8I4FZGWBS<$Z{-2df1?kqDXS<=q-8n%0zfcCa@^3Di*> zG0pY#y;?XI{C5GzCcTYRK0**`RW7S#gxPj|pUSU09VpTg^S#*sK0O5nq9Z3Wn&X8S z$G9_Nvamsdt`OuK0>TBWKaTR%wcgw^P0F7xjr@kle82*jmWTNyz;h3=2>D3rx6l-nUPFe`v?r9gDXPeIPcmgAhwvHFPQqZQd0}Xz`#?C|R+_+^bxZ zyKs+PE#^~#WZ?L8ERqONcv^I!WGVGD2!az1#_jU!dkC0*oO?E?~5K<*T_M^ZA9!5)gEZg+mFp- zP?nczvDwmiirm3ASVq_&S%Aw$VSc8^q9jA36fpsCCUb?v+~G}oWErJabKhjXpV z@^IDx&mH4@LBMJ1un&xI3G~y#u_Hh1#yc_Sc>M>ZE2m{Q)WmI3T!9eH=u&E@<9-Jk zOo~{!NZtu4xSjs^0HEgRB(UIkfT!Gzo23BV2?g*X;2iSQZf##bHg=pI8`#$s5v=T< z{c=fXDI$7Y#bt76_~NcwPt`irfpcdkbDUf!OVW>#`_jPpSPvL78YnTSp6F)z(@a5? zjXf~`{ZOZ7>X6>K?+>zU{@sN#vD7A&o8~~;enG>!RDsw0*kWV%U8qRopLQV%dertx zw6CbnZqHVl@h$hv_@gXjR0XETo71wsg&oWKbvTc1^7&F9LT?#|kLMz-Lv`ao0iA-* zYD`rgR?PKB_8E>y6lD}+D}*YL8Q#3`3i-g3T?&uzbfQ4VkzfB^1+DFQ(f2K@<{;tx zKVMK<)qfaZxh5yOgM!!HGA9j>ss@2gTUXh+_uCnLkf-pq2_&7_yNbBxeVx0GC*$ek z+tOd?g7sI+(7A`|Fg6^ebS2&q-BI76j@Q3htskO{+zbrvuWNk-#6$qq|7_Nr9kBmp zU6~o-q+SLx!9QmhC=1EktBuTG$ws{%J43G%;9S`VsRS_XQ6zycc=U(_2Nzc6Br_!> z-ue*-i5w#wjRp}N&2P-T#}Dx)|k z2p-BZSn?zM{EV$#jr?6y}5Vym<&WaELw5O=3yM~8pxGsmI4ma7X! z9cpP#_N}W3kf>X-7IfHV?J^1EA3kU ztvzj5V!CJPd0;kKSQ}W`=&~H#e&B0IQyAhKnOpZhO~cqzXymF#-beAfG@n?eK1&KN zoqJe?;@sXG(EVwQTK_z&)DFvm2ZcXcg%(AJ{0B0~CMXe3-1MCAnmIZMnVZE~n-ha#D>fo_DtjrI&FXEy0_(IV=vRK2KaZj?M>)^C zBV4Z%7`2xu0>3Q!YP<0-S_cX=M^EM!LlX>+X01$UXMA`=BMJ%ihfsWP@cO5;p1M4h zDy~Xu9@|*SCcb827Na0PxKBv;s&_FE?62N^&i`Kk!9YI0nrrIyxug*C;oJT0S~e6nN>bkFCOj0G-LzB&jH!&rz%pX0^$dcVR;&K%S-(Ex?4 zOF1~IiSy*u9G|sPRRV?gI&J6vsh~2_GCbR&|oBT7dDf4K&n zz`6v9c(l%SIja+FC%hUo&X}G2Ys6@5x-7{la||DTjjcj7*|L$i9uov$?caF`^Xh7B z%U6RcU{d5nTyUWp9KQV)7;?E0Mmt7<0gg4`tC6dd23tQ9bXalJEhRTSR6%0qpEJjyc;@E0%ye)eRRNckI4G1+L7o=(bBWAfC#mZ@=M#@8$_ z8T-_rAGWSE`00M*9EF&yn{nlgvJ(BK_UUEUJN$_H-Qfoc>3)2+(~=gtQZ!V?NU za|CP{K#qI5C44mQ)r{jc=CyqCSNleuF=QQUC_^1t)_fD$`FQHMlxgi(uWq5KrD}ly zCiJDrdp+@z9D~*+L(=TyJP(p9eZ4L}$L`FjWpZMj8t}-=s1!6YJD`R%-a~Dhu0m6(Y z^yazakpsmKGxh0n!)tmbg>%E-@#x2-;h#Y3^v^V4TArgwlsYVwf+5Y9I&=)DK5~4f zm@0qoUB|W{6@Tc!kIy~j@pce+Q*Y|2?*7!4Rs)Wnnp*wUTL@aNcz4N1*(B_uVbKd$ zt6Ypb?%4{4%&4NarLBg7@^ERP{pr0OfE=E+?s~Vk0FA}Gr_x#IDD4QX?WmtBv176J zgJUi+$hh9cm{2zv`~1h1o#X76XoLD4W0gS#o}gE9`=?#fmwKduull^PrnAodQ~B`c zzE;lo&JWAEmt7t)cb`A6-08NrEO)xqq2<1Jy?wdup$C?8F1Vz8;p^Yut{I0NvR`@7 zJ?=b{|Hq4$mec>^yEEtQL0^AwdGXU8)t+wmyJp?`^4?Ef4J}65?8D(^OyXd&$2A*Ipe!ODi>U`bf%t#g9Bx+U3V_`yz}AZ@ejE-`n}m- z!oE|cqk)bFu0;bKpypZ>^w)OTrAAJA3<|miL*N1~N%t$Nv&SMe62uk63)?lTjPwyeLGT(O*8Kt{{nyX}&C%#+VpmQxfw1~43P z)xYII`<2sAJa#*T-#V_iY9$Z(otVUL590V1}b-zFz17hHOI>icu$ zTiVWVM+5)s8eoF#q^4Ab2h6fV>020%$%7d&2ud>h5b zB_$JM@T9!=<2d6xZ}2l?cf#(QX}n&zubG2qY8?=Py0lPygWk&`BbWz<2u zlW2MmAi&_re0EFP9IqL-f9}BpWd8j5W%1$#WzFj4W!2iv#H?AzvM81o0qP6@?${3+ zw5`Wem8;6Fyc(YTAU}PKOd4tGR$&8lA)AI-b}v#ao98ciQpfPpFrtsEaRUdy33VG_ zC4d^sj3(KV8`%x;+>6cz@DQ2Bx{S;AD!ig+Ts`oLzcT(6<$|t2(yKDBd(zoPSoi;(~J-XH#X(s`X{*C0E2da`8?} z%5J+Z0ic;%76NwdOps=SAG;lTH@`g?EYo<%&=|%(fFI*bk1tAJJ-i2yjr)<+*H&+0X6%Ek>F%iJOOY-XtyK>r~9sum{au-uIX>QNC8%RKZD zU2BkMyvc@s;#x+c*FC13<9wFdYB`0KJN@mEUsbw>Lt~gyWu>oNV=y~j#{p@w98v-0 z6L~7F#=iK4<0{}K@@eP_nx!ImRhb}4UXu+UWpT-(t`IY2&E(_%gB5I0qte1pG=wxp zzvn*T*s*H!l(XK2P1(pQwfbWc(ehgNDmJpU3jSgGS;Q)vWl0?<&# z`sD|K-K#27*QBTgW8I}dYR!^*w<(*gs@2I?-z4<{5AI2cy^qrda`R^y^y9r_e!RJO zh^UsCwvum(4k#b6gGPH@*_0qZ)MNdrC-kWyQ_}oUy=XLW_O_j@g^~RV^{`i;5^WOBX?L-s6_&mUk zpO?Su{pI*)Ke-%s$o}OOCw*W$+M^zNzpa3p^DeyfYUud-P!b8dO$i;gRo0wlHRHP3rmIrg8P z)Sh;JI~v%b8mO-77=g^4H549$KUG&-F0GWE{Hd=yY~BgXK^$O!qyQ(@Uo zk06f|`)WAFHMsC9T_&uF&4x|Lwh|q%y*10DTxK>0p$3Lowj;nr%`x&RUkyxTuyg5K zjTL2zHxs`m!Lk|S$TlH|DY{e-6txfRTa85NP4YD8ZZBn~Ch$5zkCQB;8)s|?p12e( z%Y+;}6MD#u0Vvhot=c6Kku@4pOVq5)@J*kf2SsVyV4aRX1Vehg1q86&PW z;x_}@OaRy$&uC&|BY^r;*|cfAT)Avj*$7ZGcVw95Y4hke>edUTTd>lxJO{c>0f21C zeB%uPstJg0-pm%?92o~^4ojh?hq#aQkV^Z|C%^vH@l%1#8qgUEJF&TDd$;IE`s5@} z?*{u^9?7LotaEnC{ZMPAPOc-jW21s5-p?8R@YzyIP|15W38UZTI9_&)H@(OiZP54) zS*7*9sPV7r3zc|sQMUn`rSo|MmJxu(40$ShjCAA@9AhZXB*){-eb}@ix`0+iIL55g zWIMyF0e+OIeHPR@;03A2Ri7ODT=1NFYYQkOZ_dn*(46NQUjc;}>&lq1!n(+7?yax4KLnD!_XW-k}oU;@G+a{7|-=@m$aCB6}B578-gn?NB;;u@PHc zZ|O?NXfw|axL06}w&u?|Y`e4yK}wxu*xqgWAzs& z?|fGKGC)}Z079s?qw`9rGRd(&y}#?TAv~20p6<%UHy_4M#+g4yzg^oTqkjkf8R&TJ#KT$>qL8FB>KTGep?>%!eeJV zTdqmQFMa=~NxH|6dE3{OX+Z%eO!Hwz3$*<=vp&FMr4T%N`go zPr^mf|MY?b_2f5{w}1FETu%OU&iRet}+ zi)OT>fqDODzr3u*CG?9Yy{_!L`!40fU;J8m>xWJ&haRv`dD_G8S6&6kBuMkgxBhE6 z{ALH1um1N>%ZpDqrR=t3QTgX5KcYPU4eu&L0|VvE)87k7G+0jj_s^E&-t*z|h-ItLvM>>v%a@f$S!O}gM~P;01YSU4GWds-*BPWt`l^-+w}Q3Bfz@+PiF>z$9r z)Fj49KSrm7;~0w?^BNNdjP2o#XACc{%3g!e1j~Gl;k{6eEhqW_L|PV8uH6y>rT2$f1l4YU;_242-5(LfTQS{MNp(`T#tU&gNmH36^O5a?#_Nq%oolF~X4xKx@jSL>Te? zcwa2oW#_UhZ~HdknR4l+OUo*rIWfRk>LIulP>lW?m@}L@sj74<69;-V*&=nUb`UFV zj-VXJ3{uY=*(Wi8wOVP2o>r{5;26`3!rd<8(7?%ciJ`Mi07}Ma=?2u$!)lD>KQ8AP z93EkZE&fX;HjRC)jvXU;lb<@(g%#NE(7-Q2sMU`OOhWe@>ak%zP-*C36j>by8hJ5T zDL(-SvT^m5Wh@}cGy#~$%OJAtw0NW}z%!{2aI23X!3!5IB<2xi(e-36paNrofAB^| z`hFCU-S{U~IfmZnuoIQ_tVj2&*KR7SR_a;a0(&rW((sryR9K7LDTo z5E{$WC7T%DGDIxLxMN7!1cJH+d%PEv)drc!&k_~rY-qOw0A6|ign;_2(`HhniYi~U zArJLHJuOfZmJ&6xY_}*9r^RIjA}8trM*i++vHeKhtU-JtRp8aiOf8K z8yS&2x>nEjmrAUFjV!8Mf<2Bi+Q(%9#+--00t@3%o(`z`vzcmy|0n3vsY!Ih10_!$ z*|$WD1HmhK25{m$KoMp2ppjX0$^$3Q)ks4KPjuWfV=5tcwc)>X3t) zxFAowC#@OX8ARIR(WCv-06mi47}Cp5c<*%vXq|}N;J*0!7e1pr{|OJz`Chy1 zl%-FXT)sT#?>qg=`TZ$8EHZ~X8V<-Ch7Enhh4wdJAryi2a1@REOwaq64awHr17^qgMa_R?pU$35VlxqdKU z&)Mf+Sl;&G(*o4ECf6iLb0Ev2-u&XD%IyJ(u5S5M2s>XL4g4=_Achl@^twa_@PRq( zBpw7Bp>tT;)V_gqa_mk-S+2v3c(@C104Cy)XNK$~zPhwCsph(1NPr5C-H}IIR6xNU zaWo8^gj+iCNCYNeBiK>F9^;@uhY=#sAZ?8C)_{RF(|JG=JvF>8U?TrsylFJ*&C5Yyk^(c?@ZElI$w9G#+uGF^WP) z9`ZpasqGfRQs>=0T)|sp8URFqOWEC)d)!zofH)eH(~K#{NZSW9V%Q&i+U0eVw8wE{ z{jKMZ^+j)za$*rBl2^R6kV8Xo3gBw<<_+xZw2}PDGO}Pn*_l2QfZ6}R{mLHu?aBB6 zR5CC%%d%XmB|T_CjM}=4%1S6h8wBQTu*;&R2tKSw$VQ&oqkurlxPZ5;^G1efKkcKK z-UQM*?lx^2W%*ZKieWJ2b!#_L7kPvI8DDnI7+z_UQ)|i~%dGnFs+nTvsRT{dQ-aR( zQ`>4^);=-j30D~7MWg$yxs)-OW$!Eu!0T@xI@0laU_73*i0TPoa0Y^9NJb>J8tZc zuupkuYaO0OFI1>rT zt=p=+E(fx*+8=7mKI55-C_XO*cmjYcRwJ`@S-b5@Uq#M(E;uEqZ5KFp1mW8xH$i_} zSsUrEXMErveS1Z|Giso`yd+?p1PJ$-RNJh)l%YbOZ8$`F7Wz6qxC%d0c*s}%w>)y0 zd!76|f4!1+);dz~|M=^orOUGH=9?)NKL4U} z_@M{QfHdaqyT>l&LvJ|7!)s0FUU*4p{{D7{&CqI8>aAn?`Pt{?_XO7K{@dwa&9PsX z6U#;qA>-}5?gdY0>C^G$pa(v+9K6q-<-SMUzC8Yc_bU6~ozqDj4crhKXpImjuEt++ z5}OIRGiLueGj>+Zq}Iv4(_$?Iw_w(gw!BMXe1qvuH@&gzoTlLS66S z06k8uo%~zB#y-GET>4X|6LhaTu@=_xPd<1zAWI+K3@&_eLQgI`3}L(gwDdCRs>UEo zaF8PgluaPXL0R*rm~xrK%OAr%#uqdb&E(y3@|iG3hPz_HYnt}NAZg`p+iM$08Z9w| zXlsn^7z#>lz3Mh(F-$#-M}t>mNO1^v|CipoHqb8o-<+Ujq|j4I^|| z#jD@(YO#I%2{dKN5p)>`G&J5G00h=E?Rc0TDn0a{Tdj}dh0-&=xsHkd&)$2$d6ty* z`qjC6I!uncGn-+Tuu3$LycYx!5mZ2gkBaDuf`9}A%2h6su43W>60U-H4Sy6+E-0e> zFJeMK;<5{DV)O3g>6z&q?(=->oSxpLX9KeCh^M-L{X3_^TW`Hpb-Lc~dFw5K2euca zt%6#BC-k5UG(0x6l&O75yDKn3UCCAd$R?GCAKM`bx0fh%tupjuG(USB@C%SJh_jEP8buisrjy{jIj^7=@ z2V#=94$hRdKC72*`q=x7v&wtRXXcLmV?O>EpOcXIHaLf(fRm;&FU_`HbtK74N;B>l z>lwo}Q)s7zWy!N54_ZLyhMIH0B#4T`WFEkcva*QQgpdU8AU6@&J{iU;u~w$ev?^ER z46U>^d{LJ9(W~QN+TT8hwFHs>`kV_v|AdC)tv=84WHwg?6i)nS()+7;YsWevRNSkcZ-5g%|#y>bI z2M@W=`Q^Is^j@T@Wk?>XFjFu-nlKw`wvZ)7ry$9#Vt>_ z4)6TX-JneD+wY=;(Kg@Qix2|M~Z;X|@6Bjy&6kQ)+p?_OJD*;0_TR)LglljEE zDkFGG)cr0vH`lBGcx>_aKI)<6z(2mHeCS_3Sw8ZK&z0Z*iw~C9|Iwe9KY8s-%lCiB zx2?|JU3U_=OC;b}S7}&La8yQE&8jfDz^xw?E|j1sCd9eW7nF4Sk7Ye=#gM!%@_DP? zDivfSUa&+3p;`WW&tlmv5v|_}7x!A*gogFY0E&h`UR#exYIDOjrfTVvEhg|_aO=<# zr|`@(|N5|GFswWyC@WaxHY}CkSRk0ehS)~FR9d3^nm2F5se}B>%yW52Fi*p~1AqjQd=yPTns~33+v;-U0XC}YpFk(dTc9Y{q1>J2*i#Rl%pFLKlXQ#?6 z_W~c|$Yt}^?SNfaCjll6;DFh%1n?#SEq@#US_Wy=qko8A{LC;k+1fW#Eerr>7Cq4l zg*03J0B1%x!D#@e&RWULG3NBOvV>)hj-Kl{U&itV$IuXRd(_AD{T9cMab&R9jR%g#agiqef>vX!h6YZ}TQ z$Cg`?%;eZp2{u%)fD8NDK)hqoRI}9d+$GsuRsPaxMl5w!jIkLj&A4%1v~(-X06o=i z@g&QpO6%e${K$LdL;1CFk_jN-g+adjqKvt{ZtHQ&4Ns-e2{-0Vd$_2BCNm~kgLpM5@8V1sJx?^Kee`0T3B2-!3=O$6YwKjecC z^)h<7r?;&KM6^B!y-y2Q^$YYNl5|;urg>rwC4GK;?r0V0oXm+xCWRo!^!t zQrgxPD$2xs$SiZq+a&u;s1%#Z(hugX(PZMc(vWCNH95=`fK^hbLhulbxBmHGt;x#6 zIpOI8zxQi-UbGp`$3pw}fAu9yh%l zfBN_>(!BZ2xBY4Po&WxVuZZs=Itg?VxN{O{pZRyLRG0gdmVg#0pStw&Tk!aoANg3h z@E&JJNisoYsSPfc1ZjT!$&V|)`ztSwznE{n@Pcyl{zGk+I28WmC6}!@5;j3Am~{_) zTzUUTKDv_cWEb~1b9a*d9!F?x5aikV@F$g*{Pypb7C1WV^qu87Kk$T=k8fbFxb}uD zyngh*y*9pgp8V)X#1iM4zx|_-diUS_Lrb#z?j&%RN}wNQ)@>ZFXkFZT9Vf84XK}6a zr%pi*72~?Bu1bmuj&J#6F(U;Q!YYy~z0%Xdpx={;wD#cII6wL?F^?*a-vK`;SC4%j zsBzXy#ioa**V3na1wPch@C5?@DivO9J)?t26<>qpSL!m4Z^mmQqEM+Ugd^&X@<^Fh zF^UC=bpvGiiSmp>tVP5i%J?9s&P`6ADj0)Jy%_|C&S;wmF&6W@9n1%PlhbMCyR2{E9^b3xkp{YfQ3g$HZImc(7EmyIi zBF@%~4E2>U_#0(g)ViU5{FV&_p!1|deVC2oID2BWzib>ID(gpj%EVw#8AZt*TEb#! zcCz$L9W2XJN6IqRL2k1WRCP;#r#hXMVXJqOa zrXDRis45?`WZV;>T-<&Z5UME}Uo;ua&=u%Nd{ak5!)J*@HEI5VS^Lc(U-{d_wd2#+ zmR4KV`sF2aEVNS@EY@%5C8g5v>dU5$S9!1Hl86-TPhZIRoyq9fkHuWWyIjd*=0D@u zy4z1>j2yQNBnKoAu*7(avFN8hFWNci983EtS{>s$k1Op^Yvds3KL6Z0>hmJsw9l%w z4yzk0oB2vyxLV#MSs* z^2a_%Up8Z)&eO{830`U+L>4xr4UNcKFwgXiHDu>DNM)#uR-P>@W5)Jdn7{JCr;ZiM zQ|43%pTF$OCuQU19G)Sld+Q*u`05v5bnEE<5chxo@lUVG=hGkaUv2@?tj=^UFJyn_ zq90ftb<*oETzSo!fX=x)wwD(^^T{VI_dkC2C)P}R)4SeZ_8mO3W?C27NuZO!9hU$r z#4db2O5jN^czOBlmpr@dz@Nuj99-rhI^lTX1=>WodoV`3B;_QRqH&8 zrpksO4Jt`pZwD+9SV18rPn0Oqd|PYYyxnBME2yC&?v^C4TfZRzT38#0E^~5TKP74? z1c93hqSUv>DtuOIyoyE~{h}c2Cr9N#pEp|42)4|l$g7xS-K{fAl_(S^t$bXJQzF6o z``Omw)*zgQq<$CWZrd`CdF3JO^?eycKBeK+$Bz&8k06sp zwnX8}hk56=HNX1+HwEpKw~kLy`{g`;1B(=)CU-a z1ry$qIYnxSdbLbq8&}4x^QCr_GFFCd-;;@;4BEe5As1z%R!f>{uAJn~{xb_9V_IO& z2=h9>DQ8bxhktw~wDU)QKp96;lrP4!c|wu=7SXbV)<`DwjWUn*=SOme#0hX%(4O*H zLfx51l~*Pt={@>wHw!kPO{`$ZcNIYKzP&5S$9aLfC*;Av%1PHJ>q-Pv02P(9e9~)&?k!Ja+(= z`<>S`Uf(GI06+jqL_t*4Tc1P85E>FsQKKT+Tr_pauXR}gLyhq&AYhruCyd$B^m2`Z zuK>>GvYi1ZEw4;zlT2BjAJ=C*nyBCBH944@w+JhL z)B8E)dp!+L;EXm@$(dJPC}6{(6?)RBjgsWu8az6Ct#HrNc9usx=)$#<61QW^#_~Pi z_N_Ut`=pspv4k7<9XzSum>+%0<8G7Nr{S0KxvzP{ZRRoY;xB!9%{=!y_l)w1X05$u zhTDj|gabt$vFYS}aT`Uuq)q~z1R4o+K+V_TP!M!^r=oVu3<@tE{7?|#MUN&rF8PC)Yo^rz~Iq^`n%iRK~i3s{z`j zLZHqNpvpGerbcn7?Q-#7>1nYeotnrMH&TcI_z#04I(fJ<3T(01`S^7C7>Q4DAc8Q+l$k zLf+XPLYt~^s(2zZNTy~KTIKGoePY{lU6UL6sYXlFbgVbx^oI5dm;rS3VFl7V-H-JM z)+&G){lg1b9q~5UZbd2ct$(&=P*;>Sm1rta7FvY#1JtMtD_abSNK!ggHtA0Oh^47q zr;L3F7;_wpnrZ6u^d*ljx9!8ch4$nwPhfI8tJ`CwF$~xxU>AUl`+!Dl+v;IEkpRye z`8jVeW2p~cGi-#4EG$3Gb}0d%e&`F5+;sEaa_rb_lJ7`0}QYJEYo}k$F(w8%AbUV(!Kb#K`6A1W+-DmerFt~52%+U z`#Hh1=F&LFv18IQ$%O!om)Fc~$5+xVWWM^XoKJ)rFAo7{=uwjcpm5P^fBQq(N|Q*7 zAd5UtkY5InL)S|SlQ~uQI z026!!Wu7~yRrKL0^FcQ+dQuu$C0qE&Gt{~ofW~L#3g6H> zLA$~+%3zs!p7^Gni6d|RA3?fqZ);@7eg5CnD(}|6U%KkrHS53E9e8o)_WJjH_@CA+ ze=0^^arN~lW$U32JmL3otxTKn(e}W5oKrsWr7PA-UWvQ-va43ES6}EC=eB&~tj>Gu z>wO0f-#V(h?EHFp@}zHnSlNfA%vMh4P?`bp%^ z!ykBIx%nf1*52lO`QpD_xjzpF!2j?EzXeazIFy_#Tks#TIt)|iZ~y#r%CG;-Pf*7Z z_}kVE z7q;{BC=7rv0Z~|7&+9mqxBe=u)e)u(cojAm{^+B`yB>GpzJM~T!sNH1I`H(K1vUzG zGLlz+9jUu&0I_UPd(ir&hoe2TbPzC!6JdA(K0#5k9%!M=>I8NMLTCsddH7P+kxq?**LBmlaNK;!Z&$f#^DuB}FWB)C&{b`v#S^~haKBcGv z-3t)03ErN*wF=MhO#|ET zO)~+VnSgI2Y$+0>aCmwAw|zP~z5x~iQUH*$y@T{#02!bmK4etkgCWOCe;+4s0eTG2 zWBmfH{(&AG4FlF3Un~cCu1|7Yx8req6aQxbf5iIMVI?yJZO7QmGC&JJjN7v!b{Z3` zjPF6x=lGwdMcVxI6wOlpbP@FDjvp<@Cy$hwW0U3h;lt(n>#xhW+fIM$e`oWqon_me zv&tC$a;DhsH9dKVI_RK-`^q3=rhjCDsRG{{aZV3-(~Fgj^F94!8xf-tt=1;qdzTI- zPaEi2qhcXp$+ozP1$z{fp*r} zVbB%!vvU`aQGnDY2wWsD^rUIX{1%oVLui=K1bB)?3iZ_p;wUc$6L2G$yr(_P!^%_T zFV71wG@F%YpfchkKW(t>z1%w=h6Y4XSe1MIKN+0_yOO>J33%Dq<>i>c8Cw1GFkK5;}+@yEHddI4)1K|>! z+ur*ORS5DdhmpPG#w}h=+rl|=bBx3~6S->TX`cz&N+&XM8!?f+{9Phj$Y{p|%U>&xu`HJ`to^xLart@OPeP_vd;y0}gP zcS-{MN9e-Ws{|%6H}`W#gW$~R+qc{z`>w5ZNoa~Yo)%XS+k968QOZ+1J zwy-c$2A6q0_6VAh&o}Lqhq2H~9psg+Kur%I-eCG0>lSHiU6M>zsDj5|{>UdPUO`w>?l(9KQy^Li;$~L#kaIFwZovlWw0tfqagElu7COCqQS&S)lfv^T9q% zKc+*;V0rsBs?6L8ZF!?Ut?DGSQr0`-jSUUUBSXif^{mt-uLSc+&v9j2n&{Hw zk$1)?59R6S9QzJEd5TO(r%>u{?;|_o_;IcYJmmSPIi2)E(DE6@l_&Y7OeGi2lP)M? zS%YJ>24u>0^71F(3Pq|F5`EG(Kr*3Q$GQBqGL}vN5!xHDQq~xOIvchVda)kHou+k-W66hqb zN&+2Fvq~6WFPDREbLc`RfldNB|!fK4CUEDSE?1GbPwurdHpQuxCnS&+yzvTut8Qe3PXx457p>7u`q7L9%7*uCnK}$#Ufk zM|NXPu>s(D1YcZ(vuv@kjq)2{N&ci>Rj3t>C(S2b#WHQJ%9YkWRWhnhrV|gKpw&T} zVl+(0+DH8gxC|ZvYOwMU5Lq~OEZd(JM?FrxDp`VPy;?_bM(>KUOM9j7IGUX~np2gQ z0Tp_eXfxxZ`q*hSG{#)Eg}BKK29>2-s73)_mH}AMusQy>f{Frup0GCnVA0d7RS)Bm zv7{fEr8&kI;Gu8ZJ`Cb1McbOZ;{i2TewyV>rxuB_(``|dqwB6_UD7+Z5Q#{i2)%f=1k9NB)PsMt+% zf{f!=rFe8~r0imA+?H*VWq8|}r3Xu!W&Mu8mvYRwO;6kJ$kW~>EsD3=vw7k-M#s0z zB6!YtCa>eyxy2O}1mOfsOsGS|k+w*Gxy{AiYvp0xNIv=7vI3}ioJe6s3AfASOM*?{ zS|vW!BwAi8h-*1ZICgzT@fF2fzU`}OIYx@}nxASFRJY?v-MZZVC=d$K%-4Vy$iD*1 zwcf~v^aOcpuB+TEM*(>889*11OkS^PV0ff{Dn~ZZZRt3F_&A=e(=t`gX=LRW{@hAu zydaVsx5AcYZ=-N z4@}w0158Dx@Y9Yr`8MQb0&S#e^*(jhu_*{Uj~^S$)@Pbonv6C3-S+p4U3F{ytr@uL zy0xuOR_D9on%mE_I{&S&5AjU8t*{@zj$g}gcH>6i)-*4_>E@O3dh4{+_nx+Qd*NIT z{P^cfzPM(#Jy_*`HDTwiUi^MFG`cdK1pc#2pwsBT&PKp%@OJN~3!MZy34HA(Fn~Xf zEO?u>YJdrs?XI9%EN2@Gi)t6;Izf$kqbWNJU4QgBqEeyaW!_f7$U@k~HjDrIX0(Da z0wV@3P^toJW3a2W5$OcSN&JgI z!`3SY+iX3a$mABg!I3&Hs6Gn3waAHeShtE>KqJ!aCqcoSGKFN~b4bOKzE&9q?kR)A zV~|h^L&SU@Vw`P6!({|3nYp=zoT??i$B#{y z`TV9%a2$|m|)OQhN5S?XbI19FVxqeeMt&9gkcT-I+IE9ds_CWS3?Y{y-o z4f@g<2D>`6A8=`gGVnXP{q)i|&h}s13Qx*cc{*mTHy{`HI`DP?MB%2reFCw_be?E(uWyKg0OYY$wz)jbB-F6w^f_ZO8pTG4_%|~Tn zgyz}+f_&$>UpB8!Xip>+))pmH${OD3%VE!EcNJciB41cCrH_4#Oi0bYaL30ed^ zcTBs-iCFu^IUq&nxDw8D7#i(!wtXJUy8;))$ab&D3L1buvR6+wtIssv?%a21WawSbV0-?5vNVD^a zaMD(J@2CCtxpOCNqKv^YWdW^)EMr=2drglOr(h7}bZ{;Z=ab9v+{&uvy!-y1c^X?3 z*9afG^s=I(;d`8U`WmTPi7u3P|MlOknRaI)eP*1@GW;eE)%aS5b2z=}WI@o$)16Kh z?Ayz)zV2knEAjU}@646!)fX2%@v-GCuXxewsP4LxKqrBJM+x{JtP7n4Itg?V=p=AQ zB%lu9qS^(pOMR6_7UisRS?s!CR(T+v#jl`Dy9kza7TPSD1Xom~T;uz(?mp>RMxccIIkw7} zENvB++7^|5Kql1lr~||cF2Dq3QSwlps4;nS+71dUH`I~b*|y>WJ_>}iQBJ5Vybq8k z{zh2vLn38-YaV5m+cv1+)Hm=oM*ieGHPF_`0-AX%PI>vZA=JvZ*D8|SV*zvotBQRG zC-HkSj-rKpmTgxX0Hpv$#y4*+yOz#I5#gBVgL^pzYO;)tuSfA=d(Sc!BxKhbC$z1_ zx|FSoqLwYT*B|p3AN9}85%6L=!~G7Cd<= z$IH@o>!Al!L@lW$g zW&qzh$BrHgptx>qJ^c5l9rLsEW!>1ia?g9786P=czHWcHaqodLd2A~6%%IR6qs?29 zxh*75J?{k|`AcCLKodyn&IlE#nf|@NAGoWN88A z5k8>?ke6o>V4&l_$`igw$_ad+b2>Gz7C+FH1KJUw%X+-;0q$e`rLE9a>Qo`e)`pYo zdM{Jqk2s=MolxY@qu17xhGc>(rTO3@|v^%)FI|&5HU_pYrySo#DySoGe zBtQmt5AHr_aCdiy!F6!oT=%ozkLw3?AHBNHsx}E*2xf)#0JC0=TN1zQTxqfofBE@K zzBQ)NbsAelYWh3+8mWBXS9GA;K^oy?lA~o)URRRM1C0~j`T-44CU7QhnR~ZrUIl_{ zu}OuNv&j8XE-Y&hu;84RWyG9w0o z)f1volc()sZ()V`fCJzcB$Pe$^Ajhab5cwYs3&A=&+OYE2073?Bc?Uk zjjqDpeVbQ{?$o7KdL5XzQIg@!nzQ*?H8SH@Jphm^Rw9v*NvN*ZguZ=cf=uaR_jU8< zhfXp=<{q6z(TbAi8ZDiAWMkXOiN5 zRO%)z?vq0gB2xq4r_=$xXq`9`7JEM-z>y~rB`uv-Ywgri?ig9fs$R_XzPRlO+c##S zlh1GMz!E7&O1hlpf?J>_w!)AGGWdgR1mI^~!ig+XQnv-bE?#;xo>r3{sb4E{WF>=% zo;T!GyFJSs<#D$iVrmbx08z5g;H6s=5o#}O6CGL_EO8_5TkK)s%>8cIG5j_55FNE9 z)E!OJ{ebP%?R*$yf@=x-jy~6vHq!yZ?69HIn&L0~r5OAhaX`YHuIS$fqVr5WSlIDo zz3^w0mO+xPeO%)u2bp&BJCO(ZEIzT=hP$X!owP2qJ;2Wjwt3%qMjTkh2&RuaQatl> zvsweK^<-HIHCOEj&g>59ZdG*zzS0Z~~>V8KOwP*q0#x+OZ*N@}xA7GP}^DTi85 z>bUOLKGx-)Vg8R7|LOAgbkg?KxfZeLxL_TUMqE0-!wQ}BYW5_KQ56D~CmmU!~5cB(EVV?)PFpaX6Cn zfz?AatK*Y3I%FHukJ=BrE0$LMhzK?hQE^d7qPlO&_psX<$XIO`&n{=6)4o&TModSq z{kPBjjSinX?&Fm^B&X9~cl{x}RRL?v+YZMT{LklYV8iO&8>(3$p-nj#md+5be<^x&HVq31(R|jiFp_-V8hqF z@V=@@drg!ISPiq_?hbN znvT_Rj%WfUu$HRK?|d7%Ws4mIYj~zYkn7K{X5x__lnqJ0@yF}`aU&K0$jtB$S_YYw zZuNj=dMLBRP`>_W)>*?Kk|yMVCjTf2$$r%(fgAI( z?HBpkN!7ZXb(cW*1N2xP6z04;hIP%Xr5W%rE|)Z8b83_?~hgOC)95RK`r;xqIrdi+WjyzOOqD>z;Hs1^qYN(=}5$96I%{Hg_h zU)7ruE}_LWB+)`OAbKkw4pe@q!C+=v-|%X!kmr_PSZB0ZD}M8Z=zZZhrL#q#BNnX9 zj8Q02hAgz~YOmMJrAcDLPQiTrz~KMHHvv4Hdk3*^fa`vg2*q{i?w^%Mz!Sm14q)I) zDTRW6lE^RLfjEh)j^Inke2>l4fGbY>-m@{l>F^D~+^)L)qTe%ZzsYXd!Kc&g>Gv}U zVbX6qdv0ZXW*Ac~Co7OQGxY{+H|?O-j0a0ju5$XdIt|=$6Msk%#lKDI_P2bdwrdPW z#(lw~L&#raKYQ=nk$^gZ&EG_c*?xVFnVfHWDEtdN3VCC9EsY&@20oClr}piRox^+K zfw!8Czn=8g1n$Dy9Tn9cN4&2&jD8Xv##YG$9y-1lJ@j-v`)! zO0@iUy-=HZGXEQNx#9Jc?T;X1){eCLltm%qYWw3qgu5LT#f|W*ap+{r$Nzf6^L|2* zexSko7hy~+gPZT1>!>)>NUv?b}$#o zRTafK8T_`PFfS=sQLEC(h$EkY=6~$wTq(W~B=hLMNiTFQIU_%GDGUgsHWgg!9|23KT&)zm6438t!Ot(K-|lzXU``%h1E)ic zVukGVkhDCbyE|g9dJJF~1{sgCG*toa?ew;M`{W&H_3pmLgttbjjxH&nglM6yKH{$31BnrG95MYvHB}o18bD&JUsqI7cL=WOIXj z0Gj19Rp?d5$*uq{^4t;K3rvTg&W6`xqCoEg?l5pByuEm(ldw9)rTn(L1LT-&)zM=V zNP}iaHR=Hj3i%;g9+DZHJXX zd)Uh%BmBkw-&baP8yPPOKxHn`BP`4F;$F}XDVMbX-bz5HEw2c;Pm}sA_MtITt^~?Cq@Nr0c*Z9Y>pb&Y{ouHZ*j4I z|KK+f4)3BSPUQ>ge~*53nh}zzS|UPfvc9(Z%=*VQ3Emji;_^LQdZx>kJ;dSAzJHwM z;$PES|3>xLvg+LON7x{Oi1(Z|Tzt+QL>kuVdDsAR(=)F|8M zdODoTSwK^w$=+y8{Ms@v%k`DAf zgLlHMe)~Ng1sPy7+XtvScTz`J+}RPFe!zg>TOcMWQ8j!?p!l}gHfv=4DYK&&R&b_ad{k}6UsR(aOWVeile<&YV$*P zP&(`O)Hd4jUKSLh0M!e>X%Up{8$#e?^DCXkfkfIt354m1t!MMP%3ynk1s_5Rpgf1)P%aE44%4!p3O0%<0ZKA}>c_Cr zNY|5&iU#=V2d6F__5OCtWbmFwMtm+|k}Vr{aYL6!W>T+gx6B_!soY?R(_&`k0xV8%#q4ojVcDmTgC+3@Q%$Fd0w zc!rWx2yyYRGQfT1<<#6zy~%ooeHiZPHdHDY0mdM zFr)f3A)tkL1sQbC1ZZE_*?E157~&S(gn?x3Z-nPfF0mj|fugNN;vteuO#qwga9Ss} z5J+-BI{dxHcmo(Er_lTlp+po+bc}X$#uhvqqS#WCv$_y+xKGW=x9aO}82L1&PXcDK z9-}6bb%RN){x{bOJAuf3HYpVtk`cj8IAC$uMda0s^i*If?qW5_FEFTwXS4InS z5QsShwK1K~Wo^T;s93{!TlC9ne!oWw^;Z5V@cizd$Z%>crT^XbDI*Cu{h`;OuBz5B zN~qGTfCOumUmH#hYQKR7MF#RBmPXS(j_Qj&V(uMT*?;?x==JD;L(NI;qz{X*Vz7nM zUjB7nFkl~q=EC!q!M_#cM-ThFNGz6RYk-zff2FuRjfR||pjNiS6v|}d4b>>U@lL6K zM)9miBHbMs*eA?IFoSoln8~3viRTo)7UmXW^jESa5e(b}7T&nB_U5^4Uhb{aZnuC#n2fcGyv#gCqs2+Ay+Wcyu& zEDk|TZp6|> z>|^tVk7&A-T@lsUWwkdf@_h@T<<)ToB}%3jcuPKG_sF`LrB5*K<+H4yW^k2e)|v+f zT5i`<`&>#2s|0Lo&x28Md3@e!=|SD4dR#A#v>A>O4w7x<;d0dKPkgVa^fo8K^u>Mf7R*15GAc;8L2S`kcPM7Uk~tD>ltNfxM->wF!?Z> zOd=9Jg_SZ4W}Hq83)Plf_qdIP-+re+QDr|WkSt}NpZuukG;(Ts8Q;@Tdz-D5sOwOs zATHgB&PWmjVzw*b?d-leDyw3RXIMkiNuOo@jIE-YfNcIZDR&pkHRJk`c?Cw+Y4F&C z{RiCl1n#9H)J^3?DeeO@K>t{ zdG}#Js@^X1Aj%t0>(FN9H{1RVmp2t%6DAZEMJj$H3pWP^-NyVTdznaLX6uB6c~&^P z5SMiAL>P8c1FD^r6KgMgtCf0tGHF{!;PJd8@&zvaJjn4oEyGa~ZK7(|=f+#bnM#r% zhG=LO67lq?ys(5gd4>PMgbFwK?!2t4!|N>3_#%OJGBE1@_zlH2(__SVkL$GBaaE`Y z&wjvx|8AuQzk_iUMl|>Ovqk|?B#%`XrvLE)=lX+IS!l>!^EPo*B{Me(+0D}Cm1rtG zm5XNz8fLwj_LmRCKHIU%nz~2i9Y2Ci(E=vjDcW|-?Bon8+^Mf z`+xkJD+o5&z7u=_$3U28!5r{nM-o2MYE_bh%4*B@vS*2rX5E&*vy+6DWbVv-DtcZ$ z73gw5XCEoW3U9m&Ix=TJ&T#h`k5QN&cGum$-zx3CI+K~-eYh+Vdd1wg=QzrSR3cCK zO`DByv>#7-A{-K=b=;R1B}xlkkZGNrpY**<2$r?&|EX%L>uY)buVynOU|*@u|EJRb z_gsZRsqYMxtL5|VjJ1Ht+%`btYVx9*L@7NGCp^>aic%(4kcT&Y{{BM=lW4*r5~^=P z8+mN7fZ(3+iD;iGWoObE(hAG%ydJ5R;__uaJOr-sxfs30ekjxj+O)YRo8~YY$(Jz&id9Al6=;0JdJYiGhZ;!uN-)O;n5GM zb(b%I6Y@(P*WL}4sOiih2RTRsP&9&)OSGwQfOBEb7+4j56AtPd#;_6EEXq}Pt6sM3 zHJLQww7W~?UFepX<@JWpF{0T$N+n}afa8x?YExW1m>QHf18e}RDdp6oB4qlh6W2lg zfTJqS9G^Jt&~jMhM`jm!edVPlYqOh7I4s?sHF6}Q&#P*C~r5vd~(FQ zhiMGEWYT3LAG$%$TmO-Z`89L9t0b43G45onx0#MjKTlzOe>c0+&!+d(U92%?BYYIf zAkqEcl?g-`J3DJ7DK()e_a8mpok?c#1H`m~<~>Qw<`kG=PsC)8s(N&5W?K}(QA|PP zOy<=|B(Mi;bOBlL)Avm578b>Uly6`4K8LC5; zx5r~P2Eg! zw`(*c^$w^1fwvn|qp~08n&*)CJzcXu06`~FUcM~T^YoVJX$4$XZtJa1;H!7eK?^N^ zc24E|(ZMz7$dAcE1=IGc)L9E?4wK?T^5|WO!%Ed)KgxV;K@K)Au>SfmI~}F`kSF-e zfF%smKvA`~Kfq?N5(tZ2+Lvfs!3wq6hbPcMlB5}!@0JuAts2Fh{!aEiz}96IP440Y zcpNcE^$bpkzGAw%t=3w2&qF|VgZdnn2qr-0N~kuW<3e_wq)%}4y|Gizo)V2T2$jd*m`LVdam_dEw(G#Gg$U@F@(CD*YV-q)8mBId#TLa zUn{`Pr_wu00=6rB%74xs+csCB%IAJ&-u*l6|1!{NACi36>Yj(|0-O9!3>{h0mA1XK zAJ+KnmUvWO@4t399UsK6pLc67_^x{`+?QNR4y_nn)j_^aJk`X{2Oh)!h~F1@0EH;( zefGbwuVStW98z9On>}4WzPJx@e7mW2pLtvvTQPrM!O3odWOG&?-3E4NAxH1eoOlt! zqtoHVPj>)e_by7okGK)Rti&M&VW`4oj`M>oU|m36X0RqtWB{|ISLX_(ACDw|7$N#&AF(S*%2MGk=gtt28 zr-i(|KieO$c1!gCXpjM{HEy@M5ZWFz+DosL8>^iZab_it!iC&XL`nu_Kg)$`QOK5= zBLr$}Xas1mxUyqBmthY#QmZ-o(J*9{Vy8|p%SM8Ux*Gz3Uv%DaN%t|wKl@cVef`WU z!`3_{FSA9$n(a<~iSMRiMIG(xv9R0g5+{klNkvZv?iN$*3*;}RKGy7=L7hreZ45|p z+G2UrQY@xFXVWa*D-%z~Lao0j>H~Y^A|9<%UIqS^H`v!k!_@dJebh+g?Z?Vd6yA|7 z7^}gdq&9#5&@OCF%7C#@ysSQ$kYViAMdP?Ee{a!ZFf+?DCpWQK0aIkOasHs$!hxSO z22lwaRK7yz%+I^T3j$w69%jvbM?}F0rcd3Mi+Sd6yC0Yg`bW;*0m)fK?Zo36fp_g8 zeHgrEsZmBPl6Y7`vRl*Xyh0%3tgn{fI>7B_QR6Vpsvz8UeQOrmy_nUXJ;ujm!UYGg zUvI%M7UX$FaGUZRJK+>^S!|)*Tnr~K6}Mmhc|y(&=9ca>^QTrZA-gHtSxiHWA)TDS z0)EKgW`$2%N#8?DLO z{eUKP=MDt&|3!g(|{Wypy zqCZ;}yk{XVD+s+w!9 zIQn~p)fVT3T_(~`4;pV-UB$+8ifRtz`|m3Q+@KW+svgk(Xwhl#=dngVDA-wOBQY

G$RSeUeI#B}dYc{~wNQlYqySboDRDm~E$l&*Vw& ztPI%?+lhd2q#8^Ct#SUVYZu|5j4hpO&HgGR10zPem0IhH1L*AeV-PA-W2=kor^})w-;6P?0^>m2=H2Dv1)vdp zRMzd!frMn?a}o%|(Q6>hd%h0hUa?8+H$IcC)4pSh#UgxF<_LU)mP9HaAq_&YIxdVL z&BE9D(4UThGUW~nf0z2)-?2tg_gNpAjBw5e~8V=rYvJT9`5(s1h}~!;EjIA~a=F3Za#cPYF-OmPL~hb+a5b zq#q3Ap1O1>h1CR!q>g>tK)4sVlG39M!_FyguDpZ&z_O@oAilw@5OObsLJe#GP;7Bs zd0r9i_mJe=SURij3!QIO?bX1W70+)i?hcENCM|V2h!FOh!L%JO(PTK)8@V%59X6Yuy$yKeniH&m*jmiV@9j2aW)KhA9{r+GnMtZX+J0j6) zW&4_K!D$J$f-Swd1ld(27zJc5^c1ADhGZLmhXNiDD;b5v@rb#b+fVy%_kB|~p+cHL zb#-VNKi%4xw%#PPh2rBg(jZzT>6Hb_Fpo}NfCQ8^$c1jIhU3fMpOMEP;mG7^9*AHFDjk0<9sT9KdUR<+?<*R z(aZQ&Nw%R=xVZ(8TUE4!A^Ud5ga*&n2zJgtClo2BX!S_SbyliYi2$Uu`KGlOl4|GJ&nr+os!wMo z(=xxmT9uy{gY+wie!ukU^Dtk*QB$ZVly46mBp(R7C>A+Sr@FrEe8e%tyM%a{-yJ4{ zzzJ03ZG6Qu&s3i--7$bd?R;znzr6fo98o_)eLGxDPf0Lb?9uviumov9$4r7BU0T54e-JAR0 z&;lKrl)moK;{bC90)GtV7A^>3WhkyZmqfd{Ho6`12YrF44}ZU$ISXeL62bJ!?l| zq1_fsQXBFk(#x3G2|hX2X+<|yzO?81yqQ+V?=Ix&vP!08qX6%v27elAfQy7E&i!O? z(Lm$yqZA>7lj`2d!B4G+%PcI| zd7SFnL9L`+)q}6ac7-=uotpT<-_I^r9{H!VF$)Fjy#WRK-pzd&LWAR7M!f$@jI&v< z9sLSTe#Zq6F2XuZZG^5s1OgU)_F^yLsl!&8;pA#aFm$OCKIp+HR%pQ=CkT7c47$KD zrqU2_inSm2hmZ8?IFd+fEx4r3Y{^Fd3h%h6H;|%J(Xy%&A=SXEH*#8;OBfH+T>gA4 z%X$0blnNk24zHs6lb4WEp0taMSqJeT1Z8inTObD`XNnr2!fFEHYaC|=^qZ*8A{Fz7 zLdK$sjA6Kz)XX$EuoWVPBeiYUb?qtH<^h(Q051zUt7nN#8cHNxsQHO3QD5K6hGeV6iRbml5wz%p;GZ*4g3>{s}`~d8gxs1AqremxqKD zD$a5+Ot6oHRN?qmONE@!Q4&q#NQ1fU=SZMqq-FjT3_@x;m8DbqbI{nB)B6CE+i99*`> zl$OqYTHd#x%wzhS283ZBa9rGp>Zqg|rIkQ(G4}l*OqmC7p zS8t6R!A*nX0$gs)MyNlS^{efj5ZJV7%mTz63db~@tOC2jJypJz=f&IygdIT!?-e5y zQlFD*PQ%j{RI~UTL;f4HXnolmTte76V^6A>HX)zmLmKEI2Ix|mtZ?{ zh{j$lLmI!+2}8B#+mP?_4z4Y=$jQe_cgZDC8w;lCNwVxri6M5}UqgKYeleTo1yM?s zpr_s4Pvue51W^qNy@Ze>N&)nIY9vUGJ|9bm57(IK^deJqN1KdW>ko`%G1HiP;EEti z8W;T=?(~pdIW<$&AfXBtFGNuoceX$1x^yyrL-tmIU2>S`4#q`ipgV9Qx9lWuCActG zK}-8XHnRCKiTTtfsHlniNnalDdhEFWxwB z`^NwJwbd!0)1=?g3f6&lfIW>g4fH!o^;a)%1vL-{ChH*3yBhZRZn{}VRBc5O9i8mr z|78Jmh_PP92Vm1CrkI~5r#WowWFvQu-wx@=9ftEL7HXD3h$dsuhrir(!(laz#_NoB zRayV}K4fNVgZ*U)OfjO~fqx?Ht#)B8OUg+7^Mp8j9BYM)N?4DxV%A<2D$yS|xsS7{ z{Jm?VJ_LLfl~{FM2TB1-@L2(wc% zfnAZhsxy`y-Rhk!NuJoPKDQ%!=8?i{@?f!!rKA2tTuGi80%Ogf`{VON*`|8G*rN-9 z|8x@X)&$;O0@)m$FootZFT$(PYb+LX$3yt}BdU_o75J@6;2P$RIr<6g*e;nyJ*J*@ zSF7LK!2PK0-5bJU_dg5%|JHoCxIFGzO+`O>_~`zR(s6P@88yvh{}pefU6Iz6XH*@d z#cRPf7QDE5n-H*$_%tmz&(%)E7RQF}b5f-+)g@Lt6)E9^K)@jo7d?HeUs@N>bBnX zrfsLCS5C-E`GOq>aLw}3OWkrg^_4zVU2Y-P-158_k(hPR)M^zq3UV&CwY|&ba70 z_`Flf!xK9d$*TQ{p#z#^kJUgN6J5kzYPiF8679h+Xok#$^NGaU?pXEaU46Vuo))xf&!!-pj5Evpm=5S1EE|K`vO{w{VVDmgD#{g55*OAGI zjFqjF@{xxwUCowBPex7~wPweljG(Vk@n)Hix31T>0@8tuwgXSo?3;9eaoj62#0{Pq z@&#t(zuPuz@zV4&1H&fgui_9uyESOt$(0wCbzvvlB92{YzxH3W+4929fK@U1enNE( z1^@5zow*9fr2WQQU9|+;Q;z+ZXN@ntxA7vyt_|bXFbK|IKBa^L*A4Hndt1Z^$VxPR zeqB&OG#smz47xzH=Iuaz5T@T#JdAkT3d)0AOp>gF{V{@5qH={zX}nF{?0%>#ivoZ+ zpVBIfJ{^H=1%|-uedC`YD~pG>+I@H{`Jg5v8SQIMOnG<(&{{vd}#qM(s?vu~RnOOj( zPv-i=T0xKAmvyPfK90Ut+>rV(@u2!2Elpaa-WRTO0~vC4vJo9@RJchBMgz)Eqh%1E z9JAuKE~G29G6wX$1Nz6FaQWeRkI7E>Ml*IkSicqsV?3%6VXS_Zq~DW5w)Xs~S8o1H zwyMfNkZ;L-#p%asuBXwlCK1f23IlO*?BP+NGFOTBX!jnT45UsW&F;H^_t3dN&;AR_ z|2XMI{YPHT^~ZNpJw7S*yg_N+3t^1@k|qqvm*1go^Xr<a&vmYx4;NoFoYT z*IQd`JuFR{aSWg{imwct;!IS3X>*!%e}B&@`j#(7a~hy^5G=%}b@QieSQZ4aSUUT- z+StEGgioqtA+MMKSK$Wuq(W#{WF5@U8;~ODbMQCiehpT1p4o7u%nBwj|MZ0+96F6S zqq+CDcLc4iK~xX%3XK-QNzDr0Tt&HEbZQz`iZ3_R#XQq*RBz#_>H6)hSaW$ z_w>OstEWVG;rr7J!b#D_E+G*!?*UDSz-P}}6og4)gwYfMkDnf6ISj3Te&yAwT5b1o zeY(f1>ERZbA@7*R&|;AuqY!W=XeZTm%D#=8Ae?7YTN&S&lx;a(_=d_Dlhs~&Zxfo6 zor(b9f0zzerF!{Sqi_;$!vGu!g5BBqmdGPH+l2KnnxFbyZ%Y7;d((Izg zW0uSE8HEm2rjd~AlE%_M`)Yw(wmSxGSLjSwO|Hup?~eIG@3-a*nigT-KHAOkL-U!! zny3P;A)?**iLL(H{v{vP;lFlN=>aH}?O9#e!+(<^wRH@9b>gfmuc==V#9k8G<@Aqt{F zjP}=Bui0PA1Y&8tPozUOKqCg0QLbwM1{e}{CZ?%z=|{boP^t>@=Xs!N7@HFOZC#yN{Oi5jr+$eE>*N(fZN|b&xHPqgDoBL-$Fjg$;_7Dra1f zm*`~C1Qxj`T>hl}fM@UJBIXNA>8qgQ?(mBBONRDGtJ3%pX zDjzh<=q-jtZOl(MYUY>;+|oY}%!aOEz3oBQqy5|zlUVk9J4W81dtYa?q=j~c_LJ#_ zpdZTeT8{riXWlhBT-*a+lC6Zze6zp*H-i^7!B@7P>CLxSPQKhPAb4rcBWPa3?F1Vj zh?wj44bHU;OX3p}wjdI)5_OzP^QjIR7~st!80Z`qiKY!rbPILqveV15{n zPw=CuP+PuwA1OzMwYjz-t4E{p^MpCEABEgx46PPTBq!=|fQcT4-1(iI_li z5leDNd>w6K2$V97lS)}wY12&(mqG-ZsTyr^ub@7I|KN&Q*i)>NF1rl(VGEHyNUO>x z0#(#D3u7Vpm~K@~Y4K5*{2ELJY@Qdhj8! z1<>+2?NkObJqiC+eaok<>02MNz9z7Zq;s8piQ!UCg07L=aHW6xDVh`iC{F-hxiVu> zsLoQ(pDC%j5^R>g8slb}+fDEJfj_Xz=18jbmnMh5UDp5XOLj4$R_dUkG|g<6ww@6l zMYborPD$4VJ~?Euq)R7{z_F&7*kWs;$Hzma zeE4s=&yOmOK?vskUiDX&o7w|QJ!W=-J-~jRMnnJm9;(mhUU#iLB@h{2`-!mk^ABUY zB$mkpfDeGaKinIGzf}fm%9k*!X{kRUN9SrM5;Gg4-utmZS_zkeUpN9sHd1`LfZ39O4 zGk$Bz5a(2m+V0~v3>9~me3d4I!6J2FFOrGe9`nR^9PYLL3eP^DOSKt%&9jzhxeX7W z0WmR&vLDt1DF-Fjs|FDP!Yw;pIE+Wr-&;dgn??LUBDB}iFMhkteOM}M2u(PO>X?8D zbMTYZC#-zi!;f#^J{@bmeprLS;!~#phLmTuj#KL2h(k)t&FIBVPzBm4@Ir;dXw_uy zc>;#{v0c2h7slj>PF`CMk_1o?bqR#}dSRGu)S>PU8S;97G6ptRVr%@Vx5wTh5<-rR zY;L}r!kxEjJ&huWmGyJ`#ggsd8XWh@mZJWH`?SXu^OW}M#O39VP9*y1yYHvZeT~Ju zLxU7N^V%9@FIFU`LZ|!)l1><@Y^yZz>r3tcCQ-g@J|*6@AI=FJdyjkmZ!xX}Ta@x2 z+lGG}1IqlbUX=_{PX2kb0!0lg%j{~DM#UCF!I4slh#hl@dIK$`oAxSQHq265(3XRJ zvr5!nlclbY`jJ>f&ta4KMnp4@`BQ9Vkew@75YsW4H^CW$tzQwko2JZ;=Z{*w@)TV@ zSKuDQrLNx<-J;99v2sC)`%sA7Z*v7AKbI}mjsyU4F(GWjpZYP680Al&sAC~7HERH5 zpb?yo`e3@7MvML%4p=&7h^q)=cW}jVr91jYSFR6)-dx2dfjc)m$9aV#2?+X|$$hpq z!Zytv_C}G;we>y4p2f}?mC8m?)rd({*SmlM_S0=hkygoDDYoE79gCMo3`n`4@303s`vkdhwN}<%U7O3NovJt#b1n!X1Md&(_#2xvc+k+7J8*@}r`<5a=R9)w}TG8>$i#O~om0|^8 zODxQ{nRNF_f$2*W*VZ2K5cM=u71c?Zdv7qBwA-lN{F%8yH)BXrC(zam+x1qsdFFV-1YefHzeH>zkWJ^xW-ZMi;65i*M}I(ludgt`4wi? zoyq-H`)v1-I(u1T7iRl`oX@BC(8uSiak{fv&nTbkx7?iUqigwsGq zrY;PisUVO1*l_Yw{(gU3;euqXcSDTRl!Kpt-O8lvoI+|4D+An;o=8RjRg&OgXp9R( zZu_3ap<*?5c91}Coywioqzr=EWAF!9Y-oZ$ zQoudoYz?#PELAA6ZWE-Jd+Fb9jVdhek>=z81L7i>n=5~3K%OHxLp&D&5hf^8Dp0tJ31cM z(I4f9mmPu938R*PNDu&a^`U~?KQCJS_r-F%qN9!C6VvfO4fJIn37pc#t)VB>^7_~q zbTv34J8f~=MAQxFoOs90HI40eF(MK13sK<@7c+y}a?^^x88in02oreD0#m5D6*_aH zimnM?lQ=`j)BhCrRMkQ`xRC~{1=Js-m16@qO~$+}v%@CRGR;YG&;fSnSb38QRIJ8r zyVJG)c7IPg|4MzLmrm(L~|WWZr50UYor1` zflipQyuV1B!e#j%ZHJhjvw_R(mvkO^lv=~_QVV@~q@L~#nxB^$<<5n#6T;WuewYt{ z?CUY4mo8XkT)m*!0}*Djy*lK(i_U*(u=eMegbG0Mg@I|ThOXkxCu!+$ER|+x8&Y6C zdrGp;E8LDuMdudstMi!!f#2cUPCoyu7uRLfE((uuNQ|%7yiZ>WTP;0#uuxby^@_3| ziIERA5Va&jy#vje3;ffQ8VOHh8n7sv0MKL-@%|P>X%HltSud(m=SjB5S4Tu612 zF}W91`ZfAWhQ!<_9f-a4ob$13Nat2IdPBfx(2PIDD^dArC`rGvWCL$JY1y*UGy8FI?+do^>4A}5Rr13>HGQcopZ)N=~ zPd2n5I||nCqm|1+v->K#Gc+Ac%#vUB747mdeM?$XBuGT0Kurq8DbZdrx62%_%@9pWaWK)axGpSmq9lV~|Cz9yzMnYW+3zIme_MQq#y{8uXq_Td!+eCLf8`jR10>oZNI zdsHguDoeX6*QPTCJ;f>S>9xxvm?C9xr}{R{c4V$qnU##&>HF0np9n&9gw}^rfqMeU zrCV5!CP|qXrcFXX#>z(xAG6;8<<+6S2;3qyyt4--mHEOe-9yi+KOD*|qw0aXdHqj& zncwm06N}6z>gc|s=UkLnHkiq588Z1m(&4cg$clTsVP?w3?V=Fnv?&-#m2jr;AooFiTu`tcmJdU60bdxXzS43 z%(iLq23>badBx7>ir%LGwnBQ5gwYZZ0l>>Mv{_r=x)dGJs0#Me~kj^5Om+kG?BHNj=X z^QFy`ZJq{~#%Sv{&a)lD@#TOdZQP>t>aJ)PfFu1Qjud36#=QmE6`!tRebI2s`6Jja z33iP`ha5xGkG<#5>VQmncZ|>xiSg=xsokH`(AjakVUrowGqpDEZpTf}eOH0Ec z8digQd0iNC=KTDvc}{UEf3mnCGodqv_Eq||x}TicMBng*%9tG0 zVK2hAP8@+mO28c@i0NN~T0yA+`LttMwpqsTob1s@Z_trxfNT8^KaJ%v$c9Ua`*1wW8H zK{i8l%6eb?qir}iLH(;0&Lc(8mw=Z4ab)yAs*wJdOe@anVgEnWY(o;3=J=$l4wKvo(Ml2Fc5s&^;eU?+OCR&tgFogzYZz^R zkG}?p%>LC=X{?>)(yu6&6DGf6rpLH57{cMvmfHV@WwM5h#aW!jZguDM9OdZp#WqUTeM&KcFFE^ zb}PSJZD&VEIqCH%3ZfU+>rLVOBYF-bpKnx>4S43St@Asud7TxOs{XxGn8fr4EZb%|dANgg@Bt#5J2ydU4!s zKC8l4UELfp%MuXZozsbhx--}^HrN5^S4a+g9o-)Z-Ong_nM>U*3p z;_gZ{kezZ3CqyH@fP@^9L9o0ii7!5>u&}Mjl`H1N_Ct3}l zaH69J>Itwavm`8V9yerp|G|5?6~mGm&s!E{&`WQ?X;?hv>R7SBmsMEHiS9@TEmqsY z-{UjOocy5EPI7n}@b)PdFQl&wqD#iJED&EGoGkiUypL_buxLR%0mLt0PX6us1LRu3 zRb?Z=4$T&)tS_L?)?{>+{_H!qmQ-Ia(6n9BI#@RA&^KtFX^TF`ooenwVm> z9<_iZL*jQ=Z?cv~^v`BUV~Eo&<0$@6M>B$!A0i9avnHp*$RL*wi~j52)=DjMLI>L3 z_(2Pnke`@%2AiT?9*}@Y>e7g8N;6jKSjs=jW?l^zs+1EU{~rzXVr5avJPs7{sQ)2$ z_a9!!cUd8ayYpajGCHLxGrO*Y&o^6MA#6+YI}7@&;SRqeHMLlnd#p6VY~M=wV;P zUy$M3r1LK+jg4>G2E)2%3=*|KvvCz$`5iKhnJv4GMQr%Pwr|tAJ)%k8QSA-8Q^3FK zpm=WTFu!{Lv$DRc)FBq*4WE%buoZ>gyV`bKU3R$^&87@dfhjkQiDJ;j+LbX-9~Z^o zp)}GHdbu?s0R5M~-RyjR`4%w0R=d4uGo1XH>b6V>9p>=``!Zj)w(3KPZsZs3WLI^p zfN$fRj2baw4b%_S{<{iku?ZNHY;&kF%dm5nebfu8G>MO^LG}@i9bS z)%vI8+@HQHm33DSiM2#lK`!n!4s*0gwpofcl|v5X}5Aj zOu69<@#riIoHE<=WIPdb^PXHriVZS>#-z&QL9x6>JxC@Y(r63+7}6stdiy3GWHC4=eF%C=5o{r z5cWr|gdnWhV-|5rzN>NG2#h`^Ma^7|HLk#pTF)I8G3jt70iEC_HmMLkks>W38p*4{ zbx01+)PuQYhS*@T5xF{`UZodX#4|u|l}D*AJ*Ca7EryCnqW)y@C2K3P~B|=XCkm5Ty&v zfZ+8xBO+L<-p&w3Yr=bX$RY`3_>WiAl>My|v1ezKz$!{~^KGGuj)coHp58$@n}o!u zoPGf=l;2+dam19a=27`>JVH`h>^uY(lrqGptT4KRCWRzE>mHjJ9;GX_oOHaYO6Vmo z&){*-<1j8STr}eMw41Ad$YbX+-5qpQ9O*yXmzhJQF8rwy;o4um$`CN39 zXWC=70a6=^H^v2FlRe??_w)mn{r24de9`O?I;v%^#if&STEh*XpJsd8`a(`cn^D~( zt++R~jDYc2R&z^5WUtD?Y7yx9jG@4{aC<0{P98gSLn6Y81a|bBG$EWmfw}I7wVhwp zlRH67FF%zu7Tg_4QV6MFE2s_IJCdUDRiw$XtFD3RC>h$>CX(TCZe4E_byNUFFv|4} z89WgBjn)(s<**9%&3C@I1bJ5v-B%ZaHJNjL0vLAh80@wt>eoXatS(G_h<&xv#zgAA z;&8$$3&@EXn^CfrM!a=_1!omhM#&kd!fdz|a;=3L=7p_j9+Tnyw#>EYu7a30 z*zAlrmewN7tDmMPc9&%hD9T8R+)Ob%83T#Q7oAVH$6Z$xf^ef-tT4yT{N39TG#m5o zow#6(&(M5Y&+J3OLyxdjN?<_&^605zbWgHWnFQ#3k%{gU4HnwafQA^K03)V9Tfi8A zfmuW(QyiZ<@vI#6AIJuDVyN1@xFsD8TMjD3fFFfnqT-pML|W*C;^>yH_oHDjeGfw! z)>n0JXSR0_#C=Ddzg(v!oCAa@s= zkb@{t8ZF3u1lveLOl$%dLH%!+%7GG~a*)v;N`=+FNaAj>m^;M^JPfZ6w)i>7H?H*Y zCsq}KJ99S|T~3*hvx_o+HoF|^vxx9)Rh4XU!#+EhKj2G{Q`rVR$?b2(37vh@!>?6p z_Y`wu`cYOk0NKs9PJOW`@T2R+9lIAXDO=14)6f~m|0;=EG zfq-U9iN0BWNJ*0LWU?R@mB_dbjAu+;g}ab8C#>d7Qr&}cyBXfQfkb{q1oRLI`gWtaOHa>}t=DlQM z|BiJ0YBSe%^1(KPVv?j!zQJ;W(W{f#3LYqbpF_ueClrbrW2>r&;u;Rj=X-NPkDt4a zRATgErZnzHS-}f#D)6VLC3 zUSlc|Alr30pR)a!+AC6B7#{+Y5~28X&MdyK2$1J9p^}XvZUOL_0?uEXP&hn2Koe%Eb8MyC1Hy)Aoujmxu; zA6g?es~62zosTvMr^Z$3*qs^oYq8{ojXD^~PSN6Ez5wE)dcpl%XM--+fg=Nq(4g_q z74w=(Yl!j~3*I@l84eVBslJw2JsE0w-dywqrZM91(fWn$eiBg{U%+^eu&}EmK*8(~ zvXHr7pj>>KxIyMFLm_T|1^g*EhWv{+6=>6BZW+H(|K4BR;Z4L7NosOAAG+HYL6;Gq zp>D78vE57KJ{sDAXl^Z)B=#6c-kJ-;r8M=36Ng$H$IH|wlwz5Gm#V=5RkNg=;?1DTf z(O^bk>l~u=X!2~-C=arT=?0)zLKXD&j@52=N9!s4 zT<)%+9xlQtzlWu|hu9;_Akue?p2W-MYheol(QcXOo5^T+k+_gA4>kEr6#w7)xc%P< z<=()n_}&PQfBt3Y{n_VAUMhOv0_tCxWOz1Ys4U$ZaOIVKYA}59_CF={X8co5bj57% za(xY2@WmseC-1j{7CDRcwpVP%UZe{Yn73$>5i6X7-Km$gCvFp5 zpnY4O+@Od@r$G8HOfS0pjS}scl+YU#jx&9deIyn!`(~YJA{h%eND))PL;dVd3meLD29)w@`Nwe0)C-cxH zNFzk0p?v1`*|jLnuDEm;pUDho11jJTAApmInf>O}(&FU`MH~Sq$SaQ1HEgxGhX|VN zZ^l9KT_a#kcF!rz&f0v#8rsjt}PCoOm{yAuSsK087v^)GecP~b)`Ou2 z7C_ugXsD3%`Gz8Nu|_J9@Mb<=E;zZ^!qvX>3LIg&U39glczhtQ8KY02*wHp;`y1X* zo>Z_^=D3oYNqHLNH0fxl4~i^RXJ>SEjFdVy|gl{_XJRB>)oIA{oP!?gATj%ppwasfzZ~9)i2-ic3S9uKnZr<@fYIc zGVftT&x2!<-C@yfIP?7b#h=;UHHv>?Jc|$Xx}rXjPFI${GXyh8MQSe2=i=0fxvuk` z(>s5V8`ABRRh?{D2Q&}K-THu@7{4xF{k42Xox&8MPoNr79|Hls-#1olb+2tC;A66( zuFgU|;~YAYitWCnSTA9^zJHvQgqtw7HwlN3?t0oKgWos=ao9ILQqw z%e(8r%sk%4i(5xOW1aHaf0TN7!*VV3ZX=1NuXM^jnEfV8U^R4}{C}}(@Lw#;yoXnn zK8dRo6nu{OAYS6YMomhyG+rhNm05D}MzH~0#jy_IO{B=r;&57rNs z<1LnRbS8r|$d2)LvP2cJ`iPpE3P5@NZbdKuu&HLpjF`lMWNtETvdIxRy3<2r z++}x$j&N&;L1*g8NA=f}_E=SkseV-OUphlccQpF)mx~$k&w{P1=v3FF#7M1^JG)#% zZVOk&wfo%z#$?a#r@41AG}wfeNB_He!MBFmhoT`Vt<5xG+~h*T=`+hg`0QD8nS<>$8|R+L2+4JGmFs~M+@_ztSp zuXy}9^U+X{<}v>jA&cgP`5a%qtqC*620F32eY#N#_#R6T#o>U1?61AkI^|<##fMG< zarMO1&b+Ro%gpo_gAkAiLtO^#=oMfWVJ)EM~c&z0S-Aqizz z9W0d|@Q%8{4&gp45rvY8fTlu0T$`hQhH!8s2Us7NZI#I6Il*O}1)3x*YsmJt=F>YY zqXar9?zo@AbJ&P>1#TI|fT`n&4)X(pj^mSJg@L3uBodhTg`^pG?>o4#ps&{wHYH#D)Pd^mrniTHSUjCUr2E& z(EHMxZ;m7mH2~gS{hORJe9|dNFdr^$^g1^T2a)Zf_3>BhWm!=Bs1j$Dv;m{uAlhzWy8Z{yybK@iX#Mc}s4BGBx^hMd zuX%F@y0sBZDd{($#cXBzC7TRuJ+Elm5Yix%3{;bpR!oCztfmBKkZttb;48|@8crh zA$O;5DbnG;4|)qE#wcc+Tc<=;4t|gPfd(JfJ-H@Ve~2vTl`msxY+o3HR?5AO%UOMb z7$VnCa!{A!vGRQ7ejx&3vfUx?_N**$RT!V$U82V2y;`sr{z*Srip`Kw5U0>ry%pw; z=m6&dZS2dqYT7JlA64OBoAcT>$t;y@QWY)m;0hEhFooy1M|@F*?yK9thcyRVx}SMn zK5vV_10J9Se{T*muZ^sFCqNyX&k|8a+!4)j)&+5gI*2K=pVjuC8M+IlnZ6 z6gH!j5{__Tt5IVuHfMopUR{)Albr$tV0FLM#7(ghA(D_WL8;+A!@4+lKwOu2vAy5y zjznYD-@T%%^Ny?ZE7E`~IdRuS$~8LOtZ4Z6^A~ShKEwj_Hr4%T>GQfDWhHmPl({I^ z{w7ZG;#U2Z`*W|7l?6dnc~H?&_43c0eo35KZ1BrRdm;IJ zio~z-D8|0zc>QFoz;8Lg+;O%3LJJth94cEb@3z}Du|EY}OoMguaM+ssFOya*>2J{= z+PxFjngPW2m4k7JM90W@)gjyxf(r#hD}lQ=Stoz`&bswhFpR$ObH<{iCm@kmMJXef zmF$cJ?6mutxyz!ZjVB98!jZC6{2d2eFbw3yZa6pV{~nwJpm)LXzX&ZiV1M zlnVm-6l#2>$=mR64_(^MX^0=HEAKIWps4ms^p7K#Q6fExKNcgUtpfg;993ZoY>PFl&!+{lre1;{GZPs2TGBDAzsMdLf32LsnP(_ZPD&2- z{Ra-`S=(rxJX`eEHPCl>>%q6m%RhpM=MC(j4J(NBZ@OP>}N>(VePH#I8Zs zJ~r->n*aWIHo!J+xl!R{vPAOQMFBbJW3_Zx#5%i5nG+DPxOm6%orv>{zf-#`rW!v6 z_%VaKMkth%rOpuEA#}XzpIzGim328hW@4UF24@i6ehItJzPCjRw zvOUB}32>z5a;{~xBmZ^Wd)q_NW9GUb5LL~EG~?~?Ef7ui$1KpsbmTrZj*$A2i36v_ zb3O77yCt`no}3X0{1IMLnok7B1l#*B)u8;hi(7PPb$1||m}fGT zm^1Nle)ZK_ux)nNFgO_@Ra+;7nu-tM<>ZT6CDj*) zSmy{xav_(ZxE%t4)q~S=2bJaDyvZBMM_P7Q5XksD%Daz_rv^TS1wkk z(u(Bh64rtP6K;vfS`&JV$sG>JoID$`8yMhZ!Jg^(nW*o2s_1VjXyjVF@ze}YCKwx0 z+XdguKsiXc>!j|dr0g8LyR+;dHxfJcMjX@skaY8+iIBtdn}Ppu=~rKy^kZ8pA@ou4 zbu3_s@KS6+8dQ4shPR7Xi{ErjIU%PP#SQ&S{<>lTPfzYZo-{6yThNnE!=Ee(AAXsv z#s&3y0qtNO6F7cApMNS9^qiEt(Ic~CQl%;cF}^`%)FTY5Z&;)<5ER>`JCRl_7ECO!*7)g*tWHrH4<8l+Gw0`1Zk2vd{OI{h(B9 z`u<@e*;=c6x=XnUr-wKN#K_Rms#9!DBH#p;8cHLL5a z=Y-91VX(MFqR;o4iJ>MZ;6URggH36g%nprKDsuZ*uC-C(*Chg|)crnd0;G;H$?Q8~ zMsn7w?0-<2UdhaVm+#_x1Ah(Ia9G-*ev4EUn=kH_@K=?>N!?pcYyq=R!pj{Sg)T{V z!6;3J3S6jtx{EtICI&Rj)?P z4g|-u;{90VQ+#l1_D#sDt>GPFHNX)OcKmq95}jv(%F)j*64p!~rS*z{?8u|P(9)p47UQ9pmu8?{}V zn_0*KVnm~OKdMn63?sE zq|Euoqh)h}W0!ys9webpbFB(-{K5{9&`0)$H9gOM7C_&Zmec74_vgY_i(V#KR1&UD zS^uzlrh=NQiOW)1%$4qrW(7O!=41h)Zd@nyXrL9V(!SYQj#YP5`v<3yPo(c~m2i`} z&MR-GRfk@D&GWXBIVHF^yH+@)Lh}&KS;&y(8dK^(6~itJP~3w#3%*+xY~{T9ctT~pJmoA*Ql_8AncYbS4Hz8|xW4O_#O7cH;XMon5E znL@}_{0FCV1G9|PLeaHCzgUvio6u;zEz}!BQAk#hN_0BB$sKoi0So>usB1fY0{!eV z$FU9#!{Z;}E4B{hs7qMmKf74Q z5&Z#Vp`nq>MJG(TB!cydNf(AfS(CPHT&himV`@gfJ?0WlCiiG8^pz?z>jE8JY6YU!Q)?9?#C-*=6n_Y;G+wW<(EYT#v#r*r>~8rH z^DDYxkWM2EGXcuzf@Qi*{lu31#V#~zx9;w>^KQ1$j}HBzT2%iekIv}vt#l+HaTE8l z<|;efZz!V-oSmihlM*a8grS38BpMA-xA-KnS)!FT`1Fo89>j{AsL|+IiTJ!NN{htZ zRo9u6IYaiRJ({PEn#O97G&>HBM+W1J{6&0|!HkXJ275iw-I-CsF!5cgR@zi#sa=X* zff;fnunyZ+pC(}1Sk)P?hF$4*!HIp#iIKkL0xPVhm1hTUVS;f-K8Tuw^)_zjqC1** z=Mc-x4r)^Xxjw1T^XiPo(o~bO(}oGlAr_?Ck~b$HD2GU{XNCsIj^iM zVlpeeIH(oQd$S*{5ZTYcP+KjXy7pbxCk>x2CBp@X<9+@jso!jIgW*G#6s7_=cEiDc zg>;LyCNQFNL??*vDFJ$GhFNGbw5Pe&B|bTPu}ychah<16sARC&_@J2-AFZo63Zwey)x zpq+cVaC5MJ-UyLel6=vDUp=~+$=;;AGI+#ASqbp`ppdiCI`D_XFj7(LpCWgWe1xag zB!B{Sqsg&fqtA_ROYhLy(X$@fn2TY)_PVZ#5_zz<4a;6@fu@7gxZ|fsR+bNEXKjwK zA>lamZP5w~GdJ!fpPEUNY3`B5+0qmJFp#`XyA_?9^uD)C63ZuwGa)Aet&=IVL5{xg zM$bqEkU9U=EOS7^;)}L?4EE=?TmuFFJTCYLZBVf7ccQ!@&&d{}$XM2?TTSZF$twV_ z@qloOXNA#M1YaI66j zSg8oE%~7%kpDha;CE2tF&95-Njuze^%?b5cw6QeZXdGGBH|3-RJ;mK@{5&Hj{E|^n zQIjdA5x^aQRQvLa&Ir0eOtyKjT1m z0GSNg|3S(_3L>b)aj*+mW7M6j*dVaRKNLk`gqnP%`KDcfb5TsefGP z6=tzS=jl5j@5groT#nRm5IDc>+x@!dktmsyBW`Xh=pLtYEgpy%kO~zp_lk6t{yGHO z&5HGo<`5WCVWjLmQp)Un!Z}?+Pwkd)dqaoh9V=R?G8Il2d;W=S+eIj27!pfYMn-I~^$yfF279IhnLFNJ_$!sq(Jq>@M-UM;W}(J^t-Ez$eE{ zt1V-D#YN*HNRQ46Uw))d>i1=NgMw+1+-Z432g1W|Q_TcDZR)&j6;YK5jn6^LqEF~*QavN?3>zY+tsr1OyZng>ysI=ytj^JFQWUmh5c?iE ztzr0(8(Fh|gB3GdQ>wau$78is(I34cpVncDIS^(csXMomX29)Cu%;}LQ@$uC9FO;? z6ggc+`5GYfy#G;Z(q75~d|#O2%j$%*)I7e} zFS&(*P|UtB1iH~+PW$d?J=b218s5DaWoH(Pw?7_bKYqQxlzKRCN}xQMzi@5%?DsGQ zNrkRHM;U(SxT~V>8{m6fvU#GT8wGWoWZ(jFEF|};d&E*Pv@a+FE_M*-Pe-f;w$H^W zos1umC=ANtYPCt}P8SpBf!wx=+<$~HTUk?cZWA2XbxyqE^3lhZ znV{7?5(U}VxDy9)WMI4^_L2n24U#A?^*3$0aazz)9PSdv=aM~9@UvAOQ+G?~I*EY@ z+BfqAHE}M%-J%6|xMs>3<{K}s)^kS-hBe%>aV7v^Tjo4Z)!@@qFxerWvKy8nD?;FL zVog-WVaE$<8U?j~!U7vsVKS102l5a2{_+$)6%Ld%-3xF2$PIQ57+8Iy=e{47_1c)Pqtb_uqtM`BU(SOSK- z)KE(~5#ts0_WV_|w=bO(Gq-WW;Gt^B0@984$bJv_A1wd@8r?wNKHjqnw*DEqnFV*? zao>8lJicoqz_EyoDA=mywN(U{5Jia%6&E*p$rJh?oOzQ*XhYHCpkH6cZRfLC8*(3K zHz^hvplfFhnW~(R?!RHB6P6(MolG#JrFL0LpyEK2_NT%Lew*@L@0`s5cd|lW2HUZJ zECtTeInYzUO$ULe0cUNC0E&*RE^QTOb5cK#|FO-_()6&X3P;^ftFMxA^n)OIphS&Q zaec)$wYS4f$pPz49`)qZg|tWtW4d0sT9>W(3h|+S+Y+0lNr@coxp<(NH|2+~Oe4;p8ZY$6qtl76)466bllg24xs;M4-yw6l; zT!9A|AS!2p1WdVQY)*|&ig!9K+XO9rNf3L7@CEzy1Gm57Io}59q(sl>DVpZ|}2fg^2JK z1>A{dLjsEQUA!mD9&Rf)&o*WXSvogn^8@aGWg~uV`Xx_^J>4BO)?=kq(rgCY^-Gz3KJd$zi;zD16Y4mHjGD=}!HJ6ndepHU+zI`PaICmqc<5a2 zn1(d|T*E$tNN}r#I4Y`3`C_j&pJupQQImz^0(oFM`&o6W9XrB`NO@zOPof@_quOeI zV!D8aJzg?1MJNCM99OMXQ4nJM^MH(GdZuAwen1#2+=^td?ko!|1tsWA=TOpGJiBvm ziAo4p$);+ENa3k3)v9#HBc*j~g&YwJJyqz4Xg#tU9WfXE*DW)!MSn(7f0`cLXh z$w(`f*ry8}1|Dc8Zwjyj6!>!gR&obQQ6+w@r1IO^&yFNPbKi?ZOHePrdXN)8HO&F9 z+6|{j%LOTvGDc>!4kV!Mr2=r@<;%Ru!nnCC^3KcL5`~}vXisC2#{cfk##ryrxZ%}& zv-hZ#*e86EY9Ds+T{F=Is_7buvo>HXMud&6Gs>e+`UY{S3Ph5^VgcY#7|Ic|CQ!s$+!VNO)luOL5wDKrfmE;q2r;IK=22H8Ik z&AxF9QRK~870__mC0KdyO^rcAn2+`x;mLyj{MzyR7gVm@XURK~V+z-gi-ym{DZJ^U{iwurR|-!WDOb^foI zXZTOdbDOj`L@j|h$)*+(`d4gZ@${PFeUSK{x1arbyOVW|yOs*!zF2oFlj7W44o~%3 zrWpya-|dg`Pkz5JS6UCn+PPQ6j(w{f=eGjdK@R=P(Ep9_rnRYhGS3bkY zR<4SbQLNlTUnUD3zKox6B!(A;Bi&6@DJyD_JA^=8leBBjYeFmBnAna14df zMhZ3h47TMY@T-o!1E4wPMtQ15-p$#CjPnwd#TWAuLT;JtZt`!LwhAT~b{&6A1#E9` z!(K<;>sp--On~|Jmsx6Ew>}|FP-MOZgzH(3TjJA$f;nw24j4B1_Rq52sfoFYHoxTa z3Cll_kX~xF-+U~&{cPSh;9HR=o2!M^P$-x+lF}}9)$&d0@=o^NIUhH%t1l!Qtg60J zT}Y4I-TYe7+ULR|yk)$nOpX!ucAjCgM8qA9HyQcfUUdUpY;V~paixgC^qlN-Y^Epj zJ43oJ1=xxUH+K1jP_=LnUxqyLL9Jt&AFmo554HC&x&mepws;F!zuJ9luV;%`KiEx? z6ypN%amFt{SD+$$$gzqKCOD78^*iR<_W(XJ_}oLLzwqlAb4LAi{Q>Voopxv65stIE z2hn1`lTguP$m^)HbM3X$7BXktNJpPsSA}o&zF@M%2;3~L& zu3Sg{Zr@!Ad8_$RHBTt!hUrmIz?#j2I(wvHeA$BPy{`Y(>lZtrg<}RI_$G{FI6Z48 z$k|V8sOb&9!K>Ey&~nom&^=4H0ly~saJr9u+k3JE%BOmFwCnSZYbWSHdF5Rm)K2QG{COj{_pH2SRn-HQyMoy6*1H*f z>F?xWO6|9$=iXv80#eVgfcf^P)hF$H`PG}{Q8JOnRbN@_m200$7Hx~uxwx}Lw#Hu< zzh7|oXC%Hv-uLeU-#^uoxC0S+=}E4U$jv5JP*BbjOx@tv=B?9!a!a!xB2Q5p&a?w!aV=ZYA zkh;SyG>mh0osuRKM&V3BUt}9R6o7G7lHp+P1^t#KW%fb6iZgurG{!(Yb+DS?oiuBo z(8J-OG7&L}Y-WS4-07xMjvE*xhfc$smV1{Wf}O}C%ilZ2 z`kTEUK;$cjvdJhfX}QVe+^3B7O|l95L1jmu7oqniJdGFuA0Vq1+rS4l~HQ+a1gyWeDj^_4b4 zPV0}Q8=7syvg(*dw79-i0+&pXD%zzGUCrkrDE>JsM1G&N`EBU>J6xj;b_M=5r$u|7 z2rZJp&`u0yT+73Qb)-~AUZ;mmD{(WG#=@4PvDsS680wdGjE5IA-BO(;;a8W{vSluv z9%GFaXlT!)-gxy92vAAPDl*>L%kPi=RfSWP*KfYzg|7UDxX;Ih2;a&=z;}eGe|uLA ziPYyTc@0Mzq)Q1{A-I;qCwO`lC?PgYn&`w$F)WwGv#c47(z;z(%|%PGqKGRehipI& zRmnEdW2_AfZPk5qU3O?;kXCz=;U$~qndvnp8H+?`j+?O_@om?qc-4T$ciSEK?W?Ar zlS&bN$cDUu|A0V0=!5~U0q*M%hcB;-Jtq z)*3nAQ2km6-7#5poGa!paO~CqD4R}8H{w@?@6N}pNXmtESOWsS>konLw~EitU6gwg zM!NpmdCkJC&Y#$^|07Hw6!$b7cmC;^L*wSX(Yg&&c!j>UQ8b%IKZ=7Q znF}}8=ih&bE?5B~Ic?6aB5*ghyzd(e-CYHmhH`r)m|etB&rW_f-;n?p z{57}SdCBfYfX~aG+kc6>MWxPXIzR6pN^9)2Zo1wlXNC`>f!z8Y2Is3!HGVT5Z3S(Q zU0A-|P2-R=wMN$D(XY`ei1?hr1j!vQ1bgI3g`gr^9p_ikl!b@H9`GTk8p8d=7y4JH&hF_mWz2V)ml)vHUi|hYX>0xd8Z};EqjpO1Q9Mk3T2ct_yBbnf@r*nC|FD8FO9-j zphXm|Q6aK=WD+CS?S#Tq!Utpn#__-!Q780>kH{b3C6UCIP5J=IA?;4FR|dcPezNwl zYMflPGTU% zWSZ^%_WcDTDU=l7TMerVTpSS7JFk7$n|4g;s<7f-f{j0!lCm^zDVixTiomE=QOoFz z$8$dg2rQU^s9)lmD?e_Q88ceF&-mh2|2mfx;i)C+mWT3*Hr9`+$W4K{Ut%rhR;D4A z3)a;j;y2jz&cSzB0s(s3kG|@AySzLm<=AdlR#w+__l?r={gjbkJ;Ihy)uVHkQ96r1 zeS+Nb2(D8L)hzI9wV}cTeOfe$m|Ps<=krZo+=@t9ER5J8vb-HCEOg%*nrY~AFZOB( zi3Ul-)4&fDz+6A^jd0!%qR5!w#0Ume6~F5nv)*HE43e#oCsDj< zPT0637aSHJNpq?G(>DNx*3S*R>mxlykaae+(ZK#r!zD4sAXIJ-KR$1@Aw>huISj&7 z6M|5+rp%!{l!`noIzLu}t}GHUKs8%biT(hZT^Q@VKonIEI19R-%@3K}(py>I^1N+D zcUVtIXLM)a+1>^keOIQclt7a`mUYAFeXkSu`&g4H1aGm}%QMIC;@_zP=Nqp?!&{pA z41_vB)jmb3HUGp^j4^%_Rs>>cCb^3X!6{I#w}B<|x14eGcSQefl@ioZ@w(rN@8(KE z@;pqwX5kf@nhtZ+HUkv=Ef-$Im|6W9^sE5B3*Z$grKj$%n8LK-zqOYBEv2r>yCQ`PvJd?4$Xv5 z`fB+dvM0R)Q-B!N*P}s2iU~1_`4d*d_U)6k%@6 ziL9&M0^ieEVH@HQ&H*bQo2+V68-mMFWXsQo+f7b5w|3H$zyyp=yhffRpzhrcnccb> z{9c&P_zKXA=2>M+*yKS8r8W-KKrxk+!A`gEz0g>U@|@tT8D;Oc;2D`Pyin{;89S)2 zZ5uva4E%^@I~xzlf>_DMWTVlk(=HR5-6J8pc;B)SH#Rsrgg$?j7qPRB_idcTk?a2_ z#!`Ip%NYji3BHenTVLD`oqfB3WMngHpZZ>mPnBNv1FYwRiV4a+)KZYpx{7570-3~W zbrz=DyF!-F)_;DE?tpJ|-1YT){_Z+%U%|=0W6y)gCZzRfzuqHz@VrO4sfxB!Wu3Vp zYRko~Emv8~WA4J;S~GP$Y zZ{R0@0bU@H)OodKLrLWO9`tQU9ju{wX@1Cc*rHiC)Y44+EgfBXJ~F7 zOF8YLZ%E|*`?ye!{X31v(w!Elg&Ak|HdZEjdnt!-VadxiF^T$}0X&+DZT0j@HLJQU zeaHS|66w=8?R`ZeOKe1ri5Fp^7Cx6KCAh3vA(XxD6KkpI;GjR7;j!59q4Ax}^|B;~ z!?nc z+-#@8I-^$r2O7p4Hz?oXM3I9Qa@%mksZq?gPkQFfu||z-3O|Et>d}*nU@u<5ie-3> zZ$AU`23jsJkS1ZpFW!9OYq$JTIBNo(?c({B_&(yXELNeX5&A1oBz--!YY zm3hVcuukyTEhiD}_ZyQIzN_{1PP&AbxeR*q!V%^zU4XnO8sb`pH`C z#O)eHSbV6UL@{@ok;vjk*xRMwD=@unPgtZstMoP3paAMdwLjO9*FEg_mXdoUqB>-= zM{i$UNVV@3j|lSxu#lJb=Ci`)tBGvGzS)$b*d`x;2IQ=-&>0x$=G*CdJCgzC5xTVl zU$WHvVSr!uQQtN%%5kER-fAvZgOTiN5wmHO3w`bd`hAQRUT*c}W#y=;iSmsXV`~cn z-&YVZpL6kcU%S$$dzEHV=l3Z8@||Ht~sp~oF$y& zOJ~w~==}-7a?Zoqgp5q9@%t}>+?DOJIU!w3}EyUPz1ICi^tYp(AHJs70DU7Cex3h9n~Nlo;BV_^?1D z^}pCXM&MJ}8OqU=d?bqAk5qT4*euwWEnp+Xbj@NvbV-7c#i$KTDZ zEsFtnthzglrXiXYIxxkRS*E`FPs+AhvNokNtPSPqCg!<-q*tfueAjez|NXaoQM9il zz1-_Ixw=>mBs+;7d|YdLPSf0Oei!D0O8Vg^X&xja1{A6(NWU#aVU9L&>~hSZhXCY% z2nh;V?pB;+oj#neI`an<*_~bE5d?sBTX~a}cdU;^%V&J9NV`UoNYmO{n)}lfdrh(Z z!$4KpN~)+(TjLxlnk-vdQuHCE(!GSzTa=JOJc=R>suo18$t!%LPe!kTeaI_+`8;oz z4}fV^*U5CV&}^ZZ(X8PsLPY?nfjBwCH>UWSRMf zWmR9%^~%wxBASKMMBw%1(WJk8%(TA8OKbGH{?_F1(&2V6{;BDmgSTTV=uf#$%Tk%a zUF6g*PNBlagd>3ioCETiSs07*ptsu#HU<0&Z+|(QmC;!QKu|cF>;X$nlL_Z>vgc2< zX*tgYONscPsfX)g5MpAlG5U9mFStKA5BdeiR%CCNXA@>;oV{j_m^rsh-__aJ+LlnB z0^4Uve5hn2bWA(S1%J<@llBoP1v~W$Tj2m63I2HfDZ&ag)b96);Puf3{A=9JsDtsX zT;ltN<0=f95&Qtd1*rLo>M?R*h(KiTogFgpqXuoJ7Z!F0jiI{=3r+hU0w!}a}G3DNG} z!8_eSg7EcApLj>FnmPAUge*5N%Ul*&4q89|MUeVes2GaKmw87nWxh>$!rh9^)qoGV z?-@R_CB!Rap&T4iz8g!#j8b|Xz+z9`IQVL%m0Cr#_CdUET5<7W;M-XEyChkGZ6@7J zO~#dyHPSy~*%MDY3yl|0F#rqWN0ki1CFj=ps^-Dk`%#|F%dPoO8SY>0(a^(|I^KJXRNXHkyjiW{0EY5J^UF)dywWzyTjUM{$ zUj74H-(8e9qdk2#n-OQ#6=-R_A|T14Rz+t|FLfH0%`Elu6VN|m`wAc>-@n2l(p_9a zXB*Ub4pkUe04n$VZv33Ep%4RG?EL#WQ(aCiph2&D7I_?(mRG#1`8@W=F=nTz;%HYd zBe7pg01bvVcu2Wj{cTCAf|)KkKZ3|o>vv7Y?a%Fe(vOd#{|&3}(K?LKw5xOZK75IR zyuR&pbH90Z+wYFRI;qRwL~x3CM09~S;Y^W*9A@!VNy6Bq-6*Yxt6jeJ{%3PIC_Qgbh~Bvp<}oVMhARA zLB?~`YR8S>Vul6TeQ^`C!FNh*ky7cjj3XZ1uC$dNf2r(W+rmlBbQ$Y8nNAGga0^TpD-<(Qk^^E;0-u;T=v25%fiKSUwjDk$QfcW#UR zBn*FYg?X{S&hKb*QQ2r-r~dTC?WX_ytblF|a9ZHHae)5b#fxe&W67zu#*JrfUJx>2 z2&rZPSMQwti`!=a{H3mz_UsEn(`3=r1tBNdOgWR(iZqP}dra9(7258gOiE-xMRDKR zp{ta=RX9&HR0mrny#OVklsIBvz~GX~i>pyWFl%*$cYpEMJh`N|6%6kw5)r3M;jJXc z;FZ%4z2frhdbwGCycUJUkfOnk#v6tun{n`g;QOMmgL|Z;G;?` z29|>;33m3`*Vw?*Y5P~oTBEcv*B5FJrP4o5^SOSQd*P*`qmMgp0pv1D|tiaP3| z@T6-IUUvI`Rk!1nA+|}ChbxQuf+ueI})6QH%Vf!@^vZ5 zFPA@!?={DQQYe`pmB|JMov%oWa=0VqIzz@dw)sG9<4pj`eS6%|-##LlOTp4Y7b_9& z{DcD?yWa;$SBlC@nCZa=%BU*b~DXgZrhT!ZhI2Rirx4b>a}?TQf`jE?5|rP#$n=PciY!T5`x$yY1@ zMktAKgm^{dx#2y5^%=n?fcgs=kIR#q#-=iLhpmF0KnlA7KNFDrM$_!okpka;NKm+Yar&}ZO#;}=E!6|f1x%t)2*=fRRQAb;f z>~YJshS)xZrWd)x*gOgj(q6Wxob|i5)4T=r_xaa?2$R1bJOPz~WQJqMmz@G9#q8$G zQW0NpO+UjYB7K0IT}$VC<44SA{WR;4-t3H>tPL?{c%t`p~4B7JnKcPpE|} zJy__|omnLX?C?_rY!)8n)4t`)!98UFQMkh8Gu~1?rxzGK{IM%~2K`&J)fK115EL==M~Z3V&8gL<~B7?yl6a^V6wL7xq?tw zrqjH{Th!EkP2=;{LQ~b(z+qQ6VA@Lrl1}x4Yn)iVz_ks2%CaZApC7Y?Dab2i&_+_s z_YZQoF{N`v?VKSd!x?s{WfJF+Nv^4sMp6u=Q4ZT9godB*bjNPN(jfTx6 z!L#EonR{=bA1t9UKuz5Sq)E%Mz|oaEfQfB)Q#ozXt_bXXS6KLJY1OXSpQR6zmY%}j z|99m+da2n`ASaBrrtCJYhdOVPK}(Q==KhshXxIx;iC}v3nkZrPIi# z*?{j3=tIudG=#|0$cH(;H9QPg<_}Gc^6pGP*^4&pq%i;g;L<#n&yUQ@k`Py*JTU{VV!voCC@KPkQ%X0^Ucp z|3cuAqr}h&)$Ulk<(b=_aU?oRP{IWV9&nC@$aqqBo0v`K%PS7iO$Dxc6d>J=XCe0l$MIb;4q$;q4+19TmlGouK zU&yyW!oXG^lh{1qENwLKw#TQqK1Y%*4&$K?qB<~>3I3pr5bvqwa9Fa6mJ~${SY7a% z#54oCQiVeB_VE!Pv%A8MPnu3Gncjr0sS2caVGxdpI|e3_c;EYrZ`!oI{e)1{3>uBo z`KiM9|Nf0_LeQ1^;G|-ETkl4idUeldB7RE6RPoH$HU6t$2vVNs5AIbs|L|x2w%U zV_^7(77*k*hSoDoO(Cke$qmuFrAA)-TU(r`l)|JF#Nc6P;Ff=l4@jRFmyiW5$r01w zZ_2{S3C9FqVLSctcFFmA~r1Z2+JsG0fPn zJIoYIBxC~SY~=RpXKI>8Op`<_O0phx%q;r0_Vt_cHVD)TQ0H3Wx6#N;(3e^ z2n$4ehuxt+qn;xc5F`QC?FHW#zq7aC5j3|U^qiHD@J%;gTu#$Y!o&Mb=R)XUf$JIh zuGmbt_lg!I%I2{2fDVaheAC`k7mmH3lBz(D{P@r$?Qb+rW#1>_>;bR(E5@LaOUkr; z!Cjd2CK=1`CWAvOEr6)uJ2`1ihLmWRmSBgs3-IBOtR`LK;*t^nRAQW@JeUD}azI@g z;eE9!{nXM$K37y8CIClpVn03un`p->;BpA3)Cbd}Qw=nKFkwV~&(U7##r6?btLD3J zqWQ_0&m1X2zH&i=yzq(;`<#Z<$7@d2Y+R!q1f6VK3sW10^`~k@6)<_ho-u$RgUO3I z`ICOKih6s;1xNsx<8#M;;vH^y=dz+y20>y}NkIR7_FnFD(v@zMz!=A4NE)@MshD!W zpaqX>=<5NXZUW1Ris0*n0(gp^mRKUg5coF-DK7VwmMcU2Ec!UCLS@C5cD6f+P+0#% z%%Vj6^p8s@;&yIQqVJu#UGPWSze0gcA0=tAZo2#!B~ax1a-m~Ow+Rn<_))$|E>HF4 z;KT0HjoDY4!B#QizNA*A)z61FysqzydwneC>wWGU?hKkak)&`-m;Q&AFL+<{+B#eF zJHz9@hxadTU)m+>5JTJ|!n850@aKS{I=`yd+&NAH=XzYisqoiXL!ZrJLpc<%)$vYQ zWB#mxRuQ}j&uc3Z6SS?-Pv)o3byGmBDjvjh!EcrW%b%1SkmwL1tTHRT8Zu zZiXkdQjxcpEa1%iyhZ;vW`$t1?&bq50}v%G*d*NbU<{xm;wM5xs-!jYIFDdkA&~yX zvVo#lZPyjrhvJ(_RdM=zYMijUUXRY;NOB{a1f-Ob|2(hxz{5HB;S7Eo;e9*P0+}=< z=wp8QU{*LMg6(dt<=t-*xKo4vcpY%IC93Q?=HExUFJCCwRT6 z1|x!EG2$`ief-N7CQ7}RzbmCp;_3_+ekMXx7I=vS2y7qw{nGFF9v>5d_;Y`$f3@2R zTN>#|h>a-CJYG2mWeqiX%p8eXC)^24^}@yYTRXUr;U*@J4viyFdyht} zKdSZK$%Lq=b^X91rfa++%m*P0=ju}sw_6zfS|2){kYftY>7uziGN^e)t(>_oERnVL zGLaP)hKSG`WMOKXzw9_m8ke~>cd62kJsx%*y@LL*j`C?39&EOh65#l2cw5=8Mtr%G zCM%B9%N$-a3sdS&4Dg%N&RocG!$aun+7pm-Vo`d{2F+lX6BvqsgaLi}0`Bs)KKR;~0;4BmaC^Ft~?wA_hxCdtLsJD0p*8?YE7#qV^zd018Aio)Q z(*6XOdZ?CD4zfKk73&b055gJ-s~Mf5+#huGh-zdS!bS5zRqW-yZZ2dJFqLPr>#(5% zre&4>_rF%YcZ>(_q7a-V8wlO-n?|((J>k0P-Ca1J?vKJt2>Bik_y=lTmnMym3PPiM z(%^MIe2(E2u2Thw^o@as$j{70`yoSZgeG zFORgZ;9E90D^khF8zItzWQys+gUNZj&H*9bcL{mT56$^?<2*==FhflzNh5fc%eJ7g zdB0#N{jtGY24+iM%vLu@_RN>MQ1Oa(+A1Wpm@fqHj;zsYnD#k;A{X?B<6<@X$OsUaEp!1*1a83a8-e!M1P^5h7u)b{qNimae)(j%kYb>V7{lGhc=Y$U|DY zzCGkC+j5Q>YYnFDl&}3<<#LXzhARjlj*W0bo>%H+HW)I9O%l5DCu)SI%4GFy@s`>= zZwRh@sL6ziGaoxQjLwj>xR}l1(eUTd^%E?5+}zuc;A|ETZ^%^fftO~=ChLwzcnP#4 z&$)Y0q~HZQ;d(c#&x^A#J1J#@a94n0S5?X@ew(c_V)~cHd)d?&5KAK;*h7ygY*}C? zgF<3;`WPf1J`os#N{2MV@U08}1(#l+JE0b*o305}se0qL9^|86u0P6|)SC_6!$#%K z!4NN(-B96Bm?re1wJyuSTwL8b3 zR~C8@6t{^P%`Nr#>ysR%AMh(mN-aK*iW;_EEs-*SGHx6O(qF;P;xSVLZD}cBG7~rU zR0G7Xq?J1o+XJq*wTOUD7TT>1=&OM?kB>Psok&}hVE~M{XnZt5^L|#r@oxp*9_OA1 zB>wedXr5sb7&eNK2tls__Cd??q@i@CUhr@hxipHEw z*I$A6SDG-a)t~Fyp(M?`mrYE8% zAdeB*3@Luhu@5gHO4F|b|L=G?;N`cs@77Y?bF{8Q z>@MG--=W0Yno(Q7c*(Z3f+5yZ2U0LpLO0qL}DRmPBG=Wj#O%p`pKWKsncrmtM zo28hZitdU_;v-8jhztu>gcycM1mobZr*?$iyl14Mtkhl;h_P2Fhs?6B#YGsU+1j!$ zv}L7#IgS5E059)_D*a~Zfyq-`zRUH#5?wuSMx>VU6W-?YFpxhS2xSc~=wV<{^ON*Md8VoMhSAyeJ6LZ8XuLgB}wK*ZkKJI_5v7x$a}rCoh8!+y64U!$q1 zhdRzlW?;o@TTja*Mg$0N%!gvSg>waou$LE1Y)|LY-Ypq~|HG|g2aZNGw}m6sU}de{ zp#zG-<#SI+so7uN#znBXof?GKgIf~EkOH&$QN(m0m@u)|R{WqWxa8|Pe}gOQWppL4 zLAjQavus89ITR|5fO)0YFxVu;Y!V&cI22NE>kwYw|pHBHeuoH1(o7j~(8}XnAb!MU1NqnJ9#WZZcvR#6D@$;G*vr{j<0^Y~Hltj?PUU>J-~9IG!A zU4e$P7&D!f+2uj)*TZ1aKJdwo1j{MSGw<7B#A!DsFND^;S-9*3izA9~4 z3l3nBCraj+(Zr@}MK|Rxs&?8b=QaXdXlj)e=wiDshU=KpC4EHO(fVx7SW&TSI*hpz za}_h6e72R$>D5Hc;iQvQ4Vy`FuRQHoA-Y`#El)|wRpnFC+6U5`<^cp9^l{j<9oeyY zT%?wI#p2wW9k^jn0TTpt1aLC_?K2~Z`WOJ>skyIY_lQZ$9YtS(QzMS=R5dVv>J$dHntNTjWMYz^dEo$?^&LMb6NnPi$j_Icpe`qL)?dr}pGg zWiU?N8bPkC1dgZGusi^sfgR&7Y80yPiTffIwoyBgEs1e}P17+V8@A$n3Q)sQX!382Kv`jUVy(DfYxO{gz+XFPr2D6`6o?5LUCHK#GEcQg#QwarKl1Hk-LP4(=%au4~*l`D93jHBBHLIXw-aqO4iF& z1og*b4sFg}U*eFOM0KiBuOmlY8cSvpm9s zONFIz1tQ-lm-EQhWAwaJVM73>71J`ce5c1ESM3=>OTSEcnFW^$!ZyW(rku5~69a*W zX|7H3Vt|YAJ|oEPa34Ep&$Lyl-Z{<>`P+_W_N~lLX(OGlp6AqD`7S6A>tWY-_Z6tI z*~}RWe%wY;2@Is9VY$G`l*)k__kBsYZv3j%JIX}&plBzCy`_|e)EsRtX2-EfMS0E| z-wa2Fci(6zZZR`MZ82_t??ggcXmgKBycbn+zA2+1vlq3gR^20#Xc5 zhobqN$bHXhm@{ibHGO$C6`!l2V_hd9SXk?+I)m{`+d*nd=!aYQfjpxJIJg7DO2Ho! z6QnT(a+ahX|GibWxA@Wn&FX-Jm7GT;m-zn6u0=W&zN!e9lz_Ia$2GasF=`H%wHM>x zASz!koTN4BDAjB&TbSNaI)vKvL&Y8@h05Z$M#*NW7O5yaV_W>3jN%jJNx&E{Cf>uJ zF5!+StGX4IK{~tx)+Y`EOS;u?6=}U{)WYzO-@}>Y@xvMMFM%l*qP<9@F4{pWLPY$v zx;YPPIr>;+b-08{?n}pn1n-E*iKb;-mb`>){)3> zg$>|akSRzM5vz)@y*Sp^#$t21eYurvXpZTH>V$zmkb~vypmp;YMtj37|LWmHw&+*l z${mp@Xq*|_e?E4*Q`+)3#?wo=nrVLiv!F)$;M%mYfG(Po7;-l3q zS^FnNKwFOPkxmB#73Jd>8j>uFBGZ!8y}2s9+L-_;MZuYpqOWCge9L1 zcd*L5!ZWD_7xu<4;Uhv)MP$Deihtnjhw3B1o{L^!S_a+jV!d^a( zh*4Nkj)~xZrM8^iLj7g2ksOLSJii861!)wxJlUbK(jSB(IScP}5IF=TSMr>DKeq;# z0Dc%KBY{t>eyEHJ6wu-6d^W$DV(`Kg_3E!(i&^0Wp#dej!h*SPqyISfRpQQ3a{Yrx zb+U>Cf09^^&PXa=ix@S8Sz>PzEX9SL%u}$r4kS8HIl7|PgFWtToT2wsUr8nHWoa(t zu1hw!aF6TOLK&pmp3hSlFH(FspTJ}WN#^h3juW@we{7BY;gb?wI+3=YRIlSjSi*>( zAm8J6Tly+0C|Hva&NxPp#nuy46+3;9-$-u%eqlH%Sst~x>W~Nj7acf7e?e8*j+Axz$s{5%PwUX+QSv!VlVdRjF$EMtqgN6QzeWm2=Rri zEhR4S>veAfZI^}2!J_-NO_b|($k(U4kM)YayDhi(HU?I8(E_8fA5hm=<#(zJf9HGO zq+{Jwz3|PY`NCbP(fvQMCket?6>nr^xsLeXit2Z)0Z3#%>{9B4V$2$vUz)y{rKkS1 zNq{w!_0-UvA3^4N!E z&wR0r8oVy;xw-HK%%M41CiSB|Q~K-;dEql)r z?ge+NM_E+SyG#R&xdc8C=?&^qbEJVr<91`rFuEHU+WeYWp_?;|#%6mFRaj!xNc>y- zUqJj9W0_IBB2mv-oQN3rPNiU=9ZYz8Z^Lt=%3)*TfT%`57!5+PB0N|arp~n?L#WBe z_Av00!fP@V=dwhV=QjsC*EPtn6`Pvx+$NA!A-nqp^(Yb04&$z0Q+J@v;2d0WV`!=y z8j$fAvMA}nhX3UxG{#6Kbm&p)5g5_+PWXouqy*ks>V)97cYy;?tNl5y7|eup&EsW5 zVd7C!a)IH|R`TLw5+{P_1V3 z_?PTp5B2FJC}8)4(oVk6OfIZ}7jFT?b`vNO|~n8NMG+W&1v?G$e$-%1+Lnsoy%skPPqmcOdV*`|%swBeoDwKlqE6 zneKI8=rfB|tF4-U??RvOG0K+TT|W6^vc7HGosfUHJ89uqy72XS-x^ZKMCwU%-E))w ztMf6P-wWR&=-Km#h0hneR`f0hzl^!|)NkK^>$U6b8Fsxv{;GKFYX6dYb5sa^fwSA2 zZaaTG{@(V`bR3)U{0|)RAH%VgOYw<22=OC3%iYV?&1>8K=uOw_x@cYM_;PG_z@Z8o zkXEU9To3R6NEXh3GVMQ0g4K54Z9b&CvY_O`8CyXnYzdSfD_{tCqeMs?8dGKd^@ba|o7K(a?4P&`JWRbY zT?#cV`aEXFd(Zx1FVmFuuW~}lRv_7sER)UgJO$tc z^{J#5LoX0>a>lxw|GgV(Eb|k=W6xBE8!~e9$i(C#gw76*h~g2L^;2w;_d;7&Gk@qp zQFt+*oJbBT)W#uajrQS*s;;{a#h)7crwII;@zsvN-~;<&KXkpprQd@)d~++0jz8VP zd~{_Tn$Ay%l|U^Gtuuyq%;?LNiYl1m5a%_`R+oioF)(@X0-PRE z1ia4O#3`F5C2wp}Y{I5V+Amt|`~TwwKqy`~Jss~u=A?7~aYeLxuMI6`IzInq4er!p zD3OgK=-KUQi%`KqkOb?a_#eTUlsg_350Cv0$<578gn#JtqVN_Pt7hmdhfm6M6Dp6m zaB+mS35zCHvazLrI8N!!?;nLNFU>>8ypCOio7%hMGGwp%Jk!ORR&Eh6%HbwW z$a2wii2p6vLaHH#`EY^RwO6^;XP~`cN3%>EI>eWFv<0aqkmOB{i{`=&*2Gpmb}u}t zCEX%=`r*IQV-?z|f4{+bD5Ms5p*HkP9u`7&|c-vitml!I>w=i60x zfK`jePNqqqLoooN0o=Dgm$+8o}P`Xn8`wC1$|RAoQ&8Rp{g-vMv~`p z)ui`)XAh9Xwdj!2<4?1#_iZ#|_Q|75_kB$l`3mf|2CY0+&L9+A~M-23uw zTZXSb#U$2=`Y)%hnm61w-}|z?Cf|_z-}88q={7b_wq8r?or_O-D5gZ_9b$d9J18|? zOKT?Emnf~94ccvsu>I#>*A^js`ndGpy*t)7&~|!`ct>Z-ch*(WDv#ato(jaTVj%=f zh~><=^V7#2b%NL0XaV@r5SPb5mw)a z<3o@L7O<~!u%!88JfpKJFLKTs(Zq~r3oL_%d>+dyizwffQ$B?K+C!S9hU-ctlD_dp z&Y~ipg5XQE<3x1&Zam9X34iIraVIvx8iymDA5Fk6r(|pxQcvW7=djC)t(+!CUdy^X zIlD^R3tGgEs||>*n_Zk)_y(gXEt_VLoSgbHd8e8XXlC~_WrJ8Xl7tMdA}l1vsoFU% z)d+3j!@15C|NA&co!ccU8tm=6Z_-#nqmMG|4p4q>XPdEaQt9hpKv5`1_&ZC76%?Zt z7mBD1A&`t$+ZH$D0g52%j_p*29s&-$o0LWkTIOE1liDkZ>Gjv|tin?UKg#F4`ZN7x zW<9H63KXWjs!A4c4hn1>*R#2GiE6CI9(HxqA&~$gg<5K7x`pYX#IBIdY!U*pEx9Ek z49)H?aUFs+g2xP`ZsCqGfah@PSwYp=WWPFG*kVc;=ZWpM%`4hdgRj`Ieh$~YNtn8<5`YVVTCCIH~emiDdBFk=LIL@4xOEB8APd!(q0es zUh3zWe1YH}F-Sa!OpaaQM)V<)Ij#JLsjtpinEea?fRzgTzjx!p29T!{&9zJEmiIQX zYOt#_yH+yonXv(@8rlfqplwdYqf{qJ`AMWEk${Y^L&p}q9x~Y4JAqYMRGV-WUw(q8 zCJQ)~6fRgR5Xj|5A=qaG6>61Pk)!gN`67pD?H6?or6(L?6QZ#hib{peVxiY47A#^4 z=?g@I(mRP`D0O;+ZI?Y>lb8Nto-_=6CS~A1Wi+-kCZt251s+vuJ6}COB%ri+04NE= z?$S}l<~v|kfu{)FzS`E#CG*v~wlKqTC5CBTHcuZU*0Z!2Sg|OKVB|gzRd3WeX(d2rK($UDe!&e^O1ZESM-^AWPWHA zIvIW51z*G67R-Y_JP!$-+GV~nkY_fQ<=Px>X54h&&d*3sj=W`pa^GdrV}jR5a`(fL z+5AIttCkj4xmOmOAANrRBf@}-h6LNdx+>15+5g&Nvi57y1{e&>McSbxC#& zZFM#VYMs<-Mo=#NHXQJcXkK77@G#s*ksCL7FO{Bvr!B=DJZSytz^!xvmK6NQ1zoGD z!E`v8aIVWc0J_sn-{wE#kZlJ0R)K5o^PyzcK98s3onGrcDVgxhir1{0c5CAdlqAJE z^^$n$;zJfnGyTqanT9=PopT`C~Bk?&?@ErpxOJDbcx zr&2zi?{NM)m5I3;17FbYYLnBr};m|(PT<~Wq3*W{nof$jwaO}vQ?n>Z&EGwW&I@6&4~1IUs_(K3 zqXZlNqS91SRr)|}Bvu}}&sbosFkA8qrRNv@z%QUAhvDaPAkbMYFbnz1s3CG!_sKrH z@N?U#x;dXPvfv6iNz2%uWam-L@5O4Re;0HQ7p+Tk>ef;p!;8E7EU!&Ff0+c+hY8jR zuB9$at!@>7H=&N3X}6l6a{JN#)L(KtXWWNkr+0uk?zVs3ET}`_`r0;4->;CCLv{KDK+(jkWa4uXUOiaehH(?+4)rOK19C{NYJ){b|0n zqf>*iZ+?IpHMpkPMPltpB-XWin8)!qO(+W6D^m;YG|&Ppdj!)MpjSi!I_2`M;WJ)o zs^dFH!L-UDB9^x*$w^7{jgJA*Ih#3usLif=O=NZ_fZ8#$B^SCEsB^<6 zq;)jHzfOGw zTfhTX#hxYy_}hv5Sd*c+fNEL$gUjf+0W`5p<9ot-LDR@iszM~;0CNYU3vPm-`+Qpa zbDks`FXPxIFEhAgUxzw;7w$1hP5vRH*>U8W&(y~@7z}>d)MsVY-gt2yORtk{NY-!dzv~jf zFKBU>cGI?1yU$F1J4_iXzMk86!W15*6X)CXK^wnUJuPVXi^og;wpob@zAZQtc0zKP zS+FG9nQJ;DZHHm&Uu*WbpKP8eee7wkmnIj-HP-Sg5i_^n;IV2z%KsSg`qqSXq=%0s zf;s*4cFA(F>b?N2`KgVpj$!HLp-?vK8hb2U|ny-W<0D~of6xMQx zXeyovrB`GQ)pfB}D|?^qSuZr#?FtdC=dnWyGsbHVq!|fJ#`%DT*T@{)fQul`hbT@Y zPT`W>yzIhZ_Z19}zZExxNy^;+-R2{JK=4l=L}GA=ggJklGg&!y^P5B~Oi@fj~3}{S7_W#VN5v zJk6@r-=y1jCNMTTz5WQnmR7UlgSdU^grIt#k)C5S7t<8vJr1do54hZSp9`v$yX#sG zXKWVb40KB6rKBy&Pvl^!oO|pS^HYb!zVYZTm>w|2yT6>O(URiPvk;OR4#wK&!1uIS z0R;r^Jf*G|czW~2Pcj|6F@0`OW62tmfe{Ep@z6Cy_L(}i21}MuPS6X$2CoRu0os$l z*u@1|&)Io}@-yY;ZZaoH4~`6}nPrr7}jXJ zI6~l_WRc-xm-d<>cf2(W=O3+^Q=T!_xVggGOE9K5;5p-uChb5(aR7trYrQnoJ8RE` zn67WDQm4j`6dnu+67hB@%G?{5!}oeSlM>jhzN7|P%;|9(@<&GYWCUe_gCU#)y6205&3Jx?~&e7RqR zX?^Jt6C7lH3YK;L4l#&m$KEbDoOYFUkdnpowOR}P8zVgq@Aj^8HV))UE!Ov`9dIy- zYCdePy8VMBPBJPmy3rXWkD`=wuR8eLaMgmms<)B*d!@P!^3=lq^1svO@c2mA_UaKd z(X+hi1ju)Y{X&{~39UdvoQx+E!R!6ew~U80!H=;q>S)3l$v*JZzN0-k(wM$CLLake zlDLCiznKiTfOl#4vW>%>9J_)lW-P_J0EHraX}jDwf};&*ot0y5;&!{uk=`9zmOnlB zW;o~^Uq7^0U;K=!9)(Rl3=)H-+!B<VulZ}(5$s~Q=Pu&%+>%r<|4D+qof-0JIZ zrz3Yo2EOM9ZPQK9I>47P@6GJ($2Q@X@Ynqh893?NWRc!_4Y$i~%%b<5%Gq=p7cL8a z9Xzx0Q|i6iz`G>XC;7q*Uq8=V2!ipYi^QVSJndLg%shu7q zQoYvau+{hpF2#*gU-yF*(^&#kKlq%rR! z>Y>6FZ?V0*PKgZj$?;Fya}ujM8CSoMN>%K325bi=DjhD&vDg-ETLdmmtXe#E^czM> zRyWaDTR9VhrPUITZ#=yk60XH!G5w!q2Z{C0YIa;&O#IHIp-iU&JF-)zV2?wzOifJB zWwe)d$0p3^n*mW>kZsluCfT6!EOF9?^UtBzle>RU-+&DPK|`cP*CeakF|7g z(0x)Q!D#-t{q;r-FCUe;n+GywU6%naAmLuT=K0U0tQ=j$T~ zji^5>WwsXXI2d(EalQjFC_a<huS(2BwYVxW2GV~AcmlW?4%&XCO?xjP*7>FD>s2D zPlGkP0)hDwbio4~&8t*ftA)$&p&7e46^*y|jPOQlUev5a1b%klBQmw}m)xf=$3y!? zE7skcYKOWu8Ci^}CJy*&$00nb@a4|+50-c=Up|1lw_CI4G(y%R7NtLnc$P$NJH!Jm z?94MrB)PQlaX!Kva@^1t0&E1B)%fl2lhUgI2$Zi7)ccL2#uWmRubdIkwlsSb+Vk9R zbi|0`7<(g)|DC_@L6Zd_?P{?Y*f9Nxo#S2>z7l>8)Q$5a497LPk1EGnvxGb#97{P$ za#mC(Ajf_3R3$V^8~;+LNhcfsr_8#wqi_XaPTz{@?YaI5LIixb33KT><-as&w;j#? zGyRXi{^mQfcg4*6lJnAY{@L2z6drGptZ9RN(j(R`=HZCa$v^RUYQmLN?{&w03-|dR z)W?eyRl`i=-f!2aWqe#K=Yh819}@egtA}%R5Cwp?$?)lr=+ggk5|0OREkYa9&#Bor zld2R!784naZ~&wQRDrT7(f)SubZCe`{CTguMc=~cy=5EGoaReutReAF-F)pVG0o1b zD{E%_OavYC7gQyO+!-JO>p62#vxf9RK(dU<`1;EFKf|_ePISEz?Q!Y^{tO|vwalTY z{5Ky6-{tN^RNc`Ldw-$CqG1mGQY{LWNCo@@oN+s&+bp)h1R9L4uMf_sRo_zn89<%zWnri(BAeWO;Kg}P-eNnNVY zK8HMGJeV|t8iy)a$)ciIXAp}2N5WsxDhkVK_GN8pH-_t*UPG$?y)1&Ur&)*f!!Ix} z3|@+M(6!HpIScT5$Q5<7Meb?>*2Y)g)8FmlZ$E4M<~6n6*Db&ItFD>q=@h=gUhuJV z=;fo*stxsvHq@J?W`U7b!`_7mCO$dSbl0E z4okCx=B0 zW|+PehZ;T3*Aep30S&)NiCadb);mItnI)Z-$I7w9TT*Wy&!;Z3GpvY3ZGIbaTY8k5 zfD{bcd$$%_lp5MIdpaQg3W%K5?h+=L62_LS$({RQ*VY8@k-PLdHQ!$hebAI+tTXY6 z5rNT)H4pC5j3^7#1q0^JgnSvc(iW@dA$|zt`<=7RoJoA)KX8cey?a7Dq!Xr9t~07$Uf+`hY(X~-#X$ZLuvHLE@SPO= zqOJOOk6Mpd+OQ@fg6aDb&UmNlhxj0;$)`r*9$P$CL71XCt?^#T&vL`JQ780FD#d@= zs7pf}fKj8KfBqHk1sdcTw=Y3?7*sC4-7o509>#Z63>02MY(`_E!X2uobR;)ayi`Dg zqsSAj*V=R%@5O9qe)tV#Nq+{gTURu9ydTI8H2{dHox|*cd#GUlBZ&{W7b;xm6vq92g zwK}`hA(5EK4qVAjMpn)k({hr_YxVgs-WHOu$I#qOGP3V3mnyaNuKtpQ0J6ohm(qeA z5TE4`e)n$;0nFu>n%`u#?V!9~T7})TT^pK`q{33MQx&g?;i`k`BdQ2`Mz`@FS#`Qc z5ZO2Tm$JJ$$#w#w$*Ts5Hb%_M>B-{u7~Ni9I`&x-YF-7;j|I3ss5U9#nI;#FH3-Iy z2x$9n8duQX{Ud@3dhwZ6Yd_WlxTl`AkVUZORG;=4l(iWqdgtglD1ya^)pBZQC_CQc zGAfxEFZ~+f!L+OYCc0lZsvFa*U&fR~Y2Dw+|6c&vKqkLcmX!bSaVG?%`T7xWFHe2+ zLqpS;DodBIEU!82?b6fIM}TLSt+psX#Og!-P4~O!E@kJ( zKQG5xujtOB#n6BK$0KsB`O@`DaAePW?wU)w5}Ee6`;Pg2{rf(e-ya|M!Ls|VJLLG` z57@md#a&8ZWX~3$^X4Ny6)@+gU;I!kPt0f=&cYh!grEMJX97F=G0sl=)4AbQKCfPU zW2{A8-l=*?qTi(y@o}ysv8M>1RK(yyKH!hzpTcxo^^@P7NnANxnikB@{h41ETzX~M`(Af1#~=0f zX}2$3jRb1!Yt#DhD44Xqa+_Iyb9{Qs>gW|ueSG=YJ6_XVE<^8mLwWG?UPqwn-(-xg zkIXM<$>D+b*=;%w(0pD9edG%##GR^+v%f!Xr?Z=)u3zjEWlN;T1#NBWbv*hlErd8 zvjB<#ib@M4Qb9Ed?x-}V#A&T!c`H#VRX>e)lnZ?7cPA>Tvu^S?gSO+fd&e+`cG9BCrt*VuR6=!M z83Slpg$vO&i*G8I1GX$)vW!?NxZOa*STzCD;6cSwplb|kk1oKHywRo)Mpzho%|N=# z*xkupXH@cL(I#E$X0wQ$U{M+H3`+_-(7>l_=(jGFWq^n-cC)Dff~``4CH4l&77YU^ zBzDbIFA5qKFQaT}4UiSq)g{8+{NGENSR(0K5)j*Gy4P_Z`Qvfs@zL zSIzj%xTc6IFWD;@MSq2cjIAB&9`*3T8JCky!aquLOKvRgfAw z^kYCD@^+_m^sVDTAjvU@Z0$!aypRiD(4lS8 zqHVFdBcFU!0A3d;Xxc7*wb=SsNItV){q7Hi6#D90co1NO{|w|Z@7_5JD1bg<;iqktS4?S9sm8G$ zb<2QH9vge+r@#NBhttY>PWU<R z#(Y;^TiwHU*m{fdouB?Tz|x$dS>=#Ve%agWq|2|SFGvDv0(bY>|K&x%%&Vn9pX^_sLk+$n zo)ta|^e7HdNL;$R2uER%7mGt93JB*ar$#G~#~xf{Y?r*5q-$%nB8dAy+M`nKTVNOS z(ze|yb}ATEVX@7T2XApDWqcj$^N)`%T^)c0eZ;95zF~2h6@}3{;gS3!1dP4l;!De= zS6AW(C(iDYa?MPy*bo2{Ozy}|~8(!b6k73!eYU#3a)z#OQtFFB<3Z>RX1APNgUfk|i z|M)?b8E6}KWdgbM^;U&!t@2@)B;9R>28Xb^sct;F@~8~y-qgVunKN$|X5R!QCT2wf z4GSoc?5nl(Bh1(SL|c=`)rKN*L{O3|1vjz^S8*EMG=>@=lFq zM=gU0PmJT*0bTpF#=xj!M6gCB)O$T>f`V*( zpRqonkmGDzOCbjr-#AMJa8TANx5ESu?g035Y}htsDDBa1;`IQ?C@066K*}WT)ctG? zZPfj0ZHG!H<17j(^eE?e*iMcrnFxK=aG_R1D+Rn2`t17yWD>+)Oc3d^{Imtcew&o-GSZZNop zt;Sc3#{$nBWKBJ863%031L05>$sr4CbiCPO z=Thc9w0yqUKS+{~aiHMAYs!{iK@!K79h)}iSn*MZXa@8lsrP!#eIg3JK=dX02O=-C{AjfM@jq5`okLq88V85JG9;TLAl5? z*SJL;f~Wy&7z>UED91WY0I%Uoit=6C%gF{#AN$g`1AfTHt3UAZzvAZX^Dp|VYcnr= z;0-TH;M*fU{grGL?RL?+F}?nI|Cwib6G!Hd&m2Fq*!1xbFA_{{pKaQ;rPSx-R$qU) z zLZ&@$wL{Zs4N%hpm$Y~>_Rco!{G=<8=}C`#NPcI21)So7);i~1a%FDCHSE)W4W4*& zkiQXUwk&2Ex2iK*Zcq(Kr2LE{qg&6+bo!tF5|^zxyvR8J(yMaIV7q>9op#@3<6L?? z)=@t`=CJbaj~!Qz{>Jz6(VFO(_q=}E3TI|n12sSIEgvY~{`qgGFYkuyoNmmf2i*Ja z`CT6#|3q+T)8CU@GTrK{*%eEdr^Y&}$#U%tOLDkq;YRB%b1i~S`{t+0J3n$<`SK}0 zi#wREUB`d$;PkNs*Js=|JhXo|tOQ&uw^LgJZ3(m`(3Ze@NI(V71->uLU9eVn8CJq9 zjI%?JhpdbPg19IKY#?J6-7#HfwVMS$byYy4E_@AksbXFi*IrZkr4qh<<2s4LOce1v#pf4z4%w z6!!)caPvaVuUI^cqrhd0S!tlj3fQQmNAZgiq{3B8xkY!ZXrSktY2W0JVilocp`yKj zI4_r9dI?I^2%%k&1MH1p!E!Zkw|;Tz8QD2z_Rvt7M@*Obyj2?$q+SXbW=R!Z}*E+Uxm>fzFhRn4lA6hB*GxbGgTSfTRF`gx&qg%YwnFjGsmZ7Vp34l-h(B%hkgY= z8cQ4N*0v=n4<(McmS?05we#RBu1P-6Qn%nW!y4L-LAc6u!{<~$N$x2FpKbQ9b%&-u zkuT){E_BrsppmBZt#b`L7{7=af()(CXDR=p%EO?(K**jC>gg z`Ed`pZ~7%SZsY4lVxgI4<9a(Yee>jB=5)_{)L1i3+>_mA?4IN}{?3nnH4O$?r*TpC zd(fUKtJQ|d9g}7zpABEYa;Din`qyWiliMeM^8ICBEI4j2osNr`={~zvAm&W!lE%)s zs9Et3SObfA)tiT7Hb5^VTDeiG|G$ciFtW{T0tK z+dAp!FMlT>jn+fP`4Olx?fZfQ6CC*-J8!$*Jg%?Y)?uJ^^2hTp%h4vdPu)75aPlv5 z>2BNI1uLW4H-Ag!_OEhv_pL7-c~Cj*jV~>SAN#eq*S+|l!^)42J2G-wpK*I@UfSmy zMgpzBo*Sm}cCBp*v?b7%z`vCQRGeFj+q|7*;pzg{#jc=EzrH1z^N$4S-|_Ng#jNGt0-LLb%!YP z`N!L&drmAT_;rhC-G!vBlG4d>Q-{^)o}vP843WecVSyfH#kSfmGxMuLmU=l?xluIzSyR`m0Ekm+?ue)s5Sl4h_vNOO`Ls+pL>ctN^50T+TlC{Bon)S>xVv z)%AH3-lOQ$57QIWvZ9(Kz5oRW=D0OMA3FQhhTJt_t8R0{+eiSQ3!S0HDu%1^D>Y{X(UmDM6p3 z2!q!kj{F96N*mP4*APs3MOltZ)v94!z}Px`lz_o?+wG;eS}o7?LBDU!i>hEx&k1CfK;Ot;xz>Ji7(1q&%Z^WHcvV`P z1(I!#^@4rixKEDSCjlzpA@h(sLZN~}S`sB+=&Cx`Q-P8w71DCU3NRfZ2c2MJB1)9)cmR zH?pmuiZYfx?qY=#aNW8rOaG*=k*D&nZ4u;}Ii4K*KI0rg(&wI1$T-rUdl&kCP63CPWL!Or}B zp*$2KliD}%i%h-euRKdnuv8E}R+*Ho{bbnrYQ-+J?0`YtX!Gm}<9ZY%!UXFdr_%YpJ|wud$~)+aOb&OF|Z z*fge-etGKjWn;g*1)#~)#G1M6%4=dN_L!T)7Gu+ zx_|b&vzj9LeaDB7OS${fR%N#3q6NAByE7|b(`5e07rqr49r4+(=hA6d#+ckCN?8gJ zxVw}z&b#RH+`Dyq8*rz&zU5|{B;Rjw%bJ;<{K|tkMm``}w&QM42~kGM^y^&Pj#-2U3&5^$B?PHhRa zCD4{YTLSAL0o^ZLMZ2(N$;vN_IM4ai1)Yk3iz3fa23%~DRpm{!EpN5SYw{jTc5_09 zH@B|8G1XBiQ0bbPtj;=Xy;Wf_kBe`We;4sd=7FAX3$4Yg{;GtkI45vtC6>j#3Zu!G z6Y^_PiSSs16O}gqrCw><7=8`l8J8UZ0o{%!P|DoSR&l7TsR*&$5BMMlUZ0HehB6}0 zEF8O05?%ZY2pM#ElZBg_IGFD0I?jPxO~!n6dQq=<$yE_Vhk;10DArX1~D~$i`E(R1LiM! z85ykA7&F#wyqHmTXIi#wS-GAqV6VpCe#tUoyHHav@m~a2l#BhYBGf3f_Jx3lu2{BF z66FlU-v}R#n~+K`arpEFvy5=PGV&r;cm|w;VAUwW)Xy;9eA6#u(xZ9S`3x!g_EaUqK#>hA2xvo`Cq!WIi!*6(|nEd+ev$o7r zj;%9%LtoO7N6K0!4WmT=|>6$H{{QP;dW=VZw1mRE*aj3^)5 zz_{nwdJL1x3(6nx+pK`6xxqYLxTt-G6x2c~z>qU`(NJps&z%VD2BKDQry-+Kf!dG@3C zDPKDIr{yWHdIvE~9$L=3_=pm#57SpOXN!mtA#j+2;X!l;59qUODdjKa6|NTVM9|>9c5ZSfB~t?~O~x%#u8@dateTu+i9Eb(*mU)zSr)FPxCIefL;ZtuAGgtqRWwPRL^It zbkiS*;nVE!ZhAN&A-ff9`ALDYW;Xmp`}6!IJ1C z_>m_872T#DaPM8yw#NaYy#OmI=k6E2eNss7eZPA(q}Tb~YO`uV^U}8+S@wO%p5-sN za~%pW(j+an)|bcim0Lr5=I?1|SF0o4)*kwdS7*m30~vq%Yu}B$K6dcyc}db=)<@=z z)y>NeKC-+XDgMuJ5>=$z%I?!%3hG)NDA}w`*=ope=!aLkYO> zHQtBIc3q%cxVorydu_DXe6p-nTTn@5No>kupGz*7^F|!k0l}H9wo%et3;Xu7-s3tK zq+@AxV;25?1Yl4q)Z-{)1{d32w=UfRqPTOeQj)}dW1zV0u}VOTod6WZ+|i;UJk;Fq z$@1KVJlap{0l2Wu@~^4BI~hgcB7Zl5UDIX&h?wm|Jm&FQa?m&}ZA@D0L;>O0H@&%r zs8sY7ffg*AZ@yWXzi=UMG%sbh1uQxMPqdn-Z+E5JU2ewuA6n6r-{>G*3M1^$?0Eu8iFRnxa6Dmox&K?N>(*Y=?m51Pp@~=QcFQ5cK4VFNH zS|hY|CBR4r0L_Ap=40Vdfg5F>H|_Q#R0ZNjpw~&C1yr(ca~(xgK#6!f_CuFDFWLXP zI{{cR63JyhF{YpqaRVqciTKep(^xiePrq~#%y|{AT`TyE(Kh9@mhHFg7ZpUe=@y_d z(rGLl2rR5m{XpL!pZ*MrAweq5mpy9Z-Uj+pP)%-Xv>{ke&pw}@@FJ?TCB1;>bUD2W_t6VZaL^>$zlu70M z8p9+b(ficnvEYs4)V@nRV0ci$SCN$t|3hEb!|XW5dFF;hnfpQz0f3x8(u9tMQVt+7 zGz8zs={05S*a=hcORXG-Xe|rh=IQkL!1E-^I`h+1`MHI6X($)lA|N|Of4Li0+?Kd5 zFV-noBwO~SPC*<}tKVL8>~W3!$~uW(!8~c})@eHhARxqT3Hltc6aX8t5`6G^mFGbO zUdhOx`M8lfNTNddv`zOh9N4aW+;eljkQk>G2%;J#pPKzVs5kIxum{+Q&$d00WDRFUfuOsfqL z;tl|gvoA&H!2z0&Yh$<)()Q@D8^b2-mxpVf{(LAFYg zOkC6QW&(O*y7rL(>7+5aBu>WkNBFF~bnvXNE`zm3XH0msq79Uq0K!MT<(0STN+er5 z-F2&QcP>E9ZKb0Reoa{kIP;nBoSct&42t{BBi~VWZk7G`yIvO=8l1L?Vd5@JpE>l+ z(>qLQwV|cL85dqs&N$+dxKZ6!ea2Zi>9a?a7r*WB^7WtmDj(f{RGdF{@T;cdlKf#h z&~CMExh+~=Ga&JIKk}aP=EFZ(j{4FG0Y=r#+VKvQIBZf1P+O ze2i0a2wROGL_D7RwSbwk{&G>OX=27~ws7O}jSs)OsOUHH5qNp?^Y;%}(v%ZGKk+jk zC@*;P`^%AE{N^;P0w*7Q+pEIE4Oqio$*xxWJ>o&RZ(wFqvvv5H=UtfdrtX~Z^#|Oe zO!sPmYIWZxAHkzPTnv!gq?bPVKgyABd3jF%`&mx_Xt|<%@`Mwonpc)7-*gR0jne9 z(>&@y_bmsqqu6T?|3vOMwvK)OTc&p}TOXNkj2rgH-}>ru&0<+Y)F?pe=!a2MPTCv}#V8g*}Vbs)y7Cu*!mq z_$d?tmbol|v*ymi*2k=iVDFHVlQnNywJza03;4PqZ{^{(3X_VA0EhrXlnhqO zZrvTg0cueSU5N8Bzx8lAd82qzcfD5?4Z)aH1YPTQho2}S9FGCI#F~RTbcv~ojeKFb zV_m2>DkXjtfJ%(iR2Ifjysg?mz^a^eM-&-J)__8~FbHa?uB)tfqu{&C&q~~YPCNVT z^5Y-vqG2FSS1Lb$#{CQ<#-kdJncq8hb!#3spvHTEJ(Ar4lP_V#wG}bwWHO(p%gJI&r zoPX)1<+7`myYdEjA@OeJ&Yhbbn%o&@Ex=I}VuRU65d>TjRHKiT zhgzP>p1U6zl(<^E0B!*W84t*g2nc6>+82cvP$cRnV=Y^BLqly&`HZYw&YR_>xFM~I zm5;kz-Mn;ZWHS%G+=5&nP_WDK*he5`X6j167F>{sLa%tF?EgLBK$;Wg#bn~AZ5n_IJ; ztCmW`SnBBF(~oObwrY0{A_vH4yyjRCAajLwx8x|l+5IYm7r9X&bBOUq0j8 zU&fCNksOB#)A0lc(BRa6X$wFb0HX4jZF!892FI57`Q&U`=k``JBfzx==Ezi!)-g)087(#=>cEXG>W-2^uyAg$Jaw@z9?UVOzhxVp}{ z&F!7dzl!IY{ixN$-%CpgRJ(+i0NddXRma=kE3xibRDg`6k4fNizeLSovi8+T?p)9oBw%S#boVp#TXC4=(%0%c3wYy_q5%%qje za{iWVv-zgC86eodt5>r#V-J5fw_LPv`tQT!E(J~i06+jqL_t*T@uYmNz_r=2zcnsa z_KC5LF2CmbVnFBH8WXoitGT|ua%=L>{Ph`i*;UukxAV$;)-|`6{+`UGfgl}98NZNNY^)@?|TCzXE;e zUcdC_awTBU<%_Q^yWX%}dGG`7SNbsNc1NlKfTT%eI>t8J6LCqx#m9CM5ZJBJeGRX| zqzlyqw7c0Eshc;c-NcmXWVbGXvMAZ|jl~QY0DO!B;-CmK2DjqXOm*kgHcPnoyIDro4%mYaDkdm8{9QVSFc!k*>BKJfMmx!b2*kq$glxGo0w9n z-1cczxB(w1XB(Us&RfTm0az!d>ds*)Z=1>I9CGeXkk74=b?2c$j8mvmR8X?+)&&{z z8*@Y;N#3&Kmjje!U4ld^-vK8)M=U;11diNl8X+^L`Egu(%D5LygOl_{XnGHRl&5zB zPC0%2Cz$G-q5j%7d4drAF0Zx~JiyF(45bq8nME1<&t$%o^B7vd4&gl+bIk{s1Ze~9 zh*cbX27G~rd|E!`u;!75{{)y6w_nN>E-Ek~9sXe~7Es1<0=e|Fv`osOf-78CzRX#z z*{Uq0Wm~CNwo-}RME_FUsvIADC69SC7r2p~`JiRF0O)jzBFgiYHaH*UQ(1*&e>o6n z;YgBvlLP*A#jJ7{q+>@qo>8M|EB$0Xd8kA)y=kw?6)RGMA29wEwNt>|FM@^0e=5cnP$DnhoCvZ4TNJXiMPVL;?n= zj9UR~THhSAstxB^YG4=> zjN<~r1-X_7zM+qTsN%t*S!)BUj+F`8s0xe=dsozX(+@4*{_65k6_jeNK!)U%9Tf;c z24lvk@S9I%S%tMKOL~*#jeYQB zuwhiHGOOP$tOw)ZTx{H4Pwo!MZ)$n%{v1zWn`ns}Wc(j5Dqf=$!f<A@(;)%o?pvCIFfG0E)T+wFF~2dIphwbyosqqIZ{PY;@ChgA1!L zjxi2<24?~C3^FJH5Ev_yEheJY_t#@j}2Dwl<%rGRV$I zjvL0x2-|53=(#O<*I)%Jva1PW#elzpbp5!8tyzQ17yZ<2-(V%>{74KI+YfUBM6n8? zrMkBXd>ErfIZhhH6u?FWzL%gn0UqEV9W=7lT0|wb4}i*k9H1Se+|zQyv9BdgRphxy zaz4d+in*)8?%U$VGGlxSD=hf5?^WEZ`%qJlPzFjlbQIW5H%# zcyN9@Z+4Ut=`4sQt@DFf>p8+UAQPJY|rNBLKI z8!($TAtPP-oXb;;b6xg)GcFF~*yy)B^cudBkvdG$v2_A6CiCT&GS<^#6Kgu-agmq% zH4l8$l2mFO89+$dChyK+d2gP5=^?uY6a8N4!;~2?UPzc~sHnmwk5Mt$gZRKgdUS9pk>3e*2}5@Uo)@-raBcUqA#>KE#TnMwc%_5y^MUMpTyI?oFztIC&M8}%M z>tr+jL-HZHDc;1_3ZTe6)pXbDYtc-*qb#))92d{7qggns;BX3nBYhU#mSNGYGOPtk zCj_$4Cr>w^ioA}GT4oARqn8hsDJcFb0a=o3eM6nYu%hCu8;{lx6V}Hz;ZbJbc?Iq~ zDl014@;Pq~E=7G)k!m`<-t;<#H`ZUb$KvP)a%$=*-%e*M{vxnxCP1td1HVahqheu@Rn`uF;Wq>Ef zeONxV5~V`rOiP&&lq;=v1dqA_7qC{Ko%Urc8X|jlMgd&0t?+7GnI5f7uliQ%x+5gc$;yFqUHV!8wF-Umj)1MV{boweHJ9#VRPsf9R|9YvmMx znEXB~>|ZTNw5+H>q_zGbKkYJ(5~CsXB;#ii^EzoYGL{!VHplCl-w6yW6Z4yFqr6MO zIt5b_xS9;g+WxS=DqZvXJme!V1@l^sG;OpZW85e&Q?uifwCV8_9A`etUv}5yS4J9c za@~7g;kgJqd>kv#f*$Y(_v(Gy<+H{B=vqVOS%+K%-@*gOYlvYq)d8RMg=2^>WJY;u z^N&GJIb29-qk{JDMrUVrX_FU>nHYz)EnQvq5p&v-$X?gf^bP0PTAe!N%yA^+v6Atb z#Jm(x3=jzm3c)etn1S<@>48sQA_$l}{_5W@%0NdxIs~6G0+BVmbHXRYB-lQJfZgwYyRKOqfX#N5Z3(m`a0f}C4b1TzTCM z<#XRY<*&%OkXf`~egc5qbEob8>VEq|TLNtf-1!nvnNbmP!K$*8H{AqnWmz7D(*?b% zfjb!qh`9J|=}Rf&;lwubhn8DM;^4Is!*b! zpf<&&$*s2&=K?yuDc2$=3YqOxInjax@WVi$y4U#T+ii#Q26>8YvH=%-3vC;E1%=S7 zjfJumRy8+cC3EqG=K}Bym!*I&J+tNj)(ij?%mQ4}DyGE;ZM99hCfOfRz@fJWpasc9 zUj1nYN(X!lvtv;wmK^e_q7$u$d;$!1ufcu;8o7%Rw^!iaV^HG(=nJygC$j;!jA>#! zbS<*oT80?ZIPrZP9E=fVqs587;KR6csdTCUHWnM59aU)`f!E8gS)6+dHd;`&+H$MN zZw>BB?sz4!xXz&1X;m|ZYm$9G8%_iw3T=XtJvNeo_!lWG-t4Ey6K{_33=wu zcekrKD1BI`^bBF8GeVzH&O-KRtIyKkf_BjF#RA6hm~k{lzhQBr+nqs?m$8kuu3~}= z3}NK9y3CoJo$=#tPl6!2G^rSCsiXoa=pkJ#s|1mZ$#V78*Roaj%CgDE8v`o2P5Ug` z1jwbel**=UV|?lYrCZY!u6XlsIopEZ#6TcrlyR0AC(b$Cpah4y1i(;q4T@|ZIX~<- z`83&{%r}lzbQmrf&s`jAAtV0`9^}+pdf~;{<+ji&=dpZHR?G?8s9RrE;Q?uo3)xZ1 z?SHPOzXf7wyZt2aBpdKTHhu#m)aM2KPuL&f)j5qN3GtEy`~-q@DeI*z`DJWsWz-En z;eoLzAeIhkxsHTu`*PPw<&~XqV4Z zUH-gYdCmb}_1Wn)Kl0$%<0NggUK1mQ=QZOG{(MF@vWvwQ^mziLY-E%6`xk^#_8qi9L0@KVN3AneMHb$%kEn%tA`k{NJ#1urT*`n7ssa$K64%95y+fjsExU0apcy_Von`bGi z&`O#r!&71$z)8(3z*5crb50&u;U0=6ik@#-L69bO zP_OY1R9sa&#!(Ww0YL8z~#%g5=v_Q6@9k`Hz&abtwBbxKrw*uD%^xt8cdgKDqt$kf&kfun%Y#hRT7Q+ zvT6lEeA$9Lbk|~Sq*8@ERib*Wb8x8k4g8D(bP0$J0bJP+nptU~vjzouWEFKUA1*5g zR+WL-%cGc?r?*>R2_+xvpNVmS9>D;{4*;4Sq3~=<8037kj0C_K0ALuIQr>m!%_k_cRtQ&Id1bl!+Uv>! z#_>j2O9^K(5`1;8Cpax~ni%V) z!4mOvi2Z|$LStzppUz+PY31v=^GAyymY4O2*=e{%oq;exctmP#VsBQMpb8C`EdG!;yc+7Pz z*@6prosW+;2=n|vHvHo%r#uTJ0^jl_Ego`}ru50LdtB&{QCuLvX017MQ`#nKhid*RyW@B*lWpyER6-!Wh^IIK<0vO;RRZb*>UEA&lbcZ>QSGU9NH%N zL~xNon$x0Pt%|50d3rrDh~$krv;wO0n_nN)j2X9dH=|W(p%-w*WW08uG#A%R$#@?v?Asr zodvE+l8TL~(|9txAy;W|8`~_nRn*C&A|r@kR^J$_FqmAdyMUI4>t*vq(TT!C9v1B` z=3Q{BOj|5U6z9_NJW3I?R4Sur$t&e1$5dFYuPQUXr8lj`cPPrM$K+K3RautL#O9$4 zDi+GHyEk!6MdQ#D;E|6`%2;;=wS1>+J+==T)MXn~*5zGG8Z9lPB_GB$nLRXEHksJC zbnLVX`NqpNS6@|D;qtR`$X$f`5>saog}R40E{&Wt-&fId_ag&@cF`8Cc;shb78WG4 ztNV<)trj?w(DeBl{xu$cPIg%`G6Ge{G^Qg;lCH_ zA?cWm&!MsvFbvtPL0O-iA|4O*>u$r{fFbIE%BX(;r5-?Q$xSx}NZS_hF?o ziKPtnR$#+^leUVou0jaNzN21a5(x-u2}0v(Gxw(~YnxHrG{azgT0mu2OP)UXc5Kl4 z+8@x%xUwCT6HHhIXf+IYWy@v}duRc%aF#4x!Y)xO0SqU~EOxT$2jHl4rvfmJ4L{i) z9=;5g>iE+7B~uAn@+|16k}rQ+8EAcGJA;3a$NqLs3G7vC6qi9L83fw# zPGHhBcE98ZD+0aXDa==$tJqy^gq6$|$D1uU$wcXZ3L{_f8HGKBnUy|e>9E67vF zplxt`84TEe&VF~Y8pj>d`jQ`>rKM|@;FJ7$?zZSM9k(m`1WxU)071IdIYuq7+maSQ zh@>j@l+Sf8C@+sGobu93@)Gx~D}6v76?v$TuO&+^glFhj%zhB0iZzC1xhh~FXVu-w zVP^UIEc7?-S1@h68yB?{wRGzCnIaHJ&B(#>0tdD~&nnIXNJEQw&KU!a(*_*34XM-T zHP@+RS_a|7%g8BhY_&s4Wd7w`qR?PIC??y%5BYh%d)&$+xb3rbY%Ot_tcMh^1YpMT zZgSk20yf$4B)^qnBxya&$2!)OQ3ZH9cnGAAl8@QlxpA5VV5}eZ zkYkm(L8?7>&L`NsCsKi4<~`?`cZ3(m`(3U`30(YVW+Ca^n zDBS-a(ngxs)V@g`KkteAmJ6@Ax*YoHuavX?a?v_KjS9k_F1R!cy*=)>eO*vDh57Xl z>>tm+q+EOBk}?-1=pH+6%kN)rqc_R|@Z5{9z|~-7*>(GE%4Q2Tnn9(M8`!2+w}>qk zt{V;hx|?oJ9h9up9Z;D5Ix_#IY+Mp;40(v2h91k3jX>CIxfF4tw*MRcPygivd- zO`+7|+hZ5cCY3Uk1=(Tg%>o|96SMX%6i;L0sQkJ!kwA%xZKF(RRnq`V*5zAy=~u;2 zr3EFx1v(X|h)=oYh&i|xSx`PoTo(B#Ah9^&8jK`PgrEfZjrGzfh$@X;T`1wwp-$h% z=gq#+G^j@_6@iN$g7_M!ck8Y1l3>6$+;{^!C#@u?ES5CLW`g)Pojl8YGp?(Qbf&l- z4%MWnS?h^Dc43m{8kA(^prT`Y0_?z7C%}T1I06W6Qw_l~n{u7Re+ei?+iqZYrfb=q zNkzDexF}*2?_S8q^bf^b*zS#v$eQeW2@9=ccoSA&Sa41 zt^s1Z%m)C$wR0_ozVJH!|O z5YkUu+<|H(E>Kfgxbz}#$C2Pgb|9lal!u_4%Co_gS1WHvEN&R{*{a<9ehjcIk6Ins zcgD3D06@_t#aJc+a-6E8#-%9W3vzHQMr{>jkuui;K&f1N?ws-;zb40V7jbhOEA~#5 zVCq-)eJIoN;&pXtK@<@!!B!P*U@ZU|fS}|DY=hSc=o-I7m%(1^ftmRp+015Xi zsLC)SpY8F<_Is66_hBY%P+J}Z2RWL|Q;Q>zcptsY)XD*dpYQCu&Xk9I>Z zR}~ZIiOFUD>44R63m+6rl2?I>(6*!v;M_Lp@}z7cJ^A8a7ORw1p5}A=_1Z76rfg`7 zV>loZ$3Zr&-_o`v_Z3oo#@QFfVsR`odd&#&Q0I_*{FhnBh|g33!0?N#1^;ARnoazp zxJgmSJU)LN7miCUb1ZALplU>egd-o@!H02TRUX!7sqJTU@sWPO99ffp=*Ul=zv&vPbwdJ z)62_;zWA;3`oli4PT40s?1AM=A9(Zh7Kgw6<9TKO1KwS918dUL_T9UD;m|i_@hX_~ zoVR?SeB+0|Xm02CWlwv2Ir?p{W)b4Dr=8joxDzD68a0+746*vAQe}%{m&Ym^S#tBs zu}kGF(4#qUtF^v$jqIW8V}J9;K1v;nZp(2av{_9jJ_31EqF9$#@{|&o(6S>jAK+Q?*(51CxqmlcM-gkFFTf7ARS`a1lEUv4ab7 zT(rU&1uU6`@{s_)w8enDG&o>@K#EGPZUX4>v=ikh{HSc9Knt#rV$}leK|qHn&j?1# zhfzR=!L{>CXYXKH2u-gUU!@-)r2{}mm!3fYh(SQ2UciOC=|@zMisGw$fKZ5QvpQRF zuO^7G?Tea*GOU%s7~6>3PJs*oI)Rp1fF}z#+8FSG*g@3iE=j8aGPGg}XwQ9t6J4}) zQ?f7Z$CbD?Y2_jyp!J1imMmM2wF>cP7$^2_b|pe?ZVx`ZY8AZV8a6enbOE~b0Ajh* zll;-S;1KjNV1zQW-zIR2TFq`=qquMNu|;<$!HBgwP?pYv050^4K!JU|8d+$?q6Ln; z8)(;gFvdrKWeomD2tw`nt-E0%A7m!*AW$}k9lHd80wTfBE$t_mG%;-qs_QtFzy7|i zGK)TNyc++draJayzaQYl{%{OwH6XYbu!Nh+PcS2vNRBgzIDh1$1KtffElA|JvWM)-2djiF%oQ}G~$VsQe!05-H&w?pNv`-?IZ zG?RB@S~XT4%Bcr%#Xz@R-MV%;lB|qzOPOk&L1m;mPU=n8@(q;U|@9rk&QAwcLX({Zriz^XP=ePpADb1IQf*b&&95( z8mL-M2 zUHN;0EPbBx!x&`T$tgssG5MyrS3#l5Yo(DILbCnUmOxtqZ3(m`aOX>)4bxFMWBD;dT?m15>`#tOd<+%U(VL+PQv5`RYkO1K>FUAg8|^`<^$1jv$S| z%uAm7*wpdvPkf<#^6TF#kK6nH<*^UB-+FS`&eoQ|KP~|m`>upl1Zt{ahe|_Te6xUd z!OH@;3yX-ngWq+uF1r9^uWn zGm{gYWzJAf*<#DBa2;A!Zo27)@C8Yf{xxwavYmn+Yms9Y)*XT!CN2N+7Mdz)Mt}nQ z!ZzD?0tdeBw>#xYWnBv(XwgR_5XvMg}g{hhJTGDz@YjDEO&>9X9@?Pcz4w&tc?x*8eKIPO+h1r5xC zHnMVTP$6A{AW--MKG8o9cYdXzY+^O1at)hN&beMKS5T3u&*b>CFY}Dy zoaz9rB<2{i-SBNjnS>8P7x}Tgaf7swaGvY-*Uz}4w*q7eWNG>2*f7=DEp-m9Vmx*L z9!j^)TR=4cP60D_=@Q&jhThjr(d#}t6sodT4*urZ!-+CBt<;7h%f>tZlyj-)P%{B6w%B3s#gAf(-G8^cm0h3kqVoP@zZ#(CvTLsMa(VpT zdzGygZ4#HJ&tWC=uf&CR#k8fzM?3s5X$JpxFfWsor=4B&|xADUX4 zO!6F9gJnULFN&+mGuO>;qr9$MsJJDUsvyPM1fIR_R=8;=;K1zJa|7UX(zj!5g?%I2 zTMLr)_Y1iRTG{7-Ls*w|U@@dc!W@8&!9grQs3)#Z)G4^8Lf^;M)XG7nz7MM%U8(Gk zQTXm=S0{l9tz;&USGMp*-U1KuXBVnG*>}oHWzx7jz5GrNOvZI;@eMZ;?`1e`b*HKk zz!u%4HrsU5veA6pRwor`<)MO>HegjUL2MiEYr*4o;{*J?(UQft`DSzknO6Wv ziyq(J>xv?1q~+5%`9`to5vVebOqbR^x@s{lbiZSC$31R{U8Uv_lZVDfIaE%ztq+T) zZd|owOF%2Zg*g%E(o)KPk>4R)p=M)=Ge+AcC#ehif<0P!Rb`XB9Gf4G%V;b`9IpZ^ z%va<`Gg7DZMh@Iu1CT_x-ncLcNNOcxz;7+J9BYnSlYN2_O|A<(8H=ai@dMRy@;KfE zp;Y`0*4$Wp2;K;G$ZOM=^5gX$fTt<)`do1=>rSTC(^|(g&jiPVb4OWa`*L}*jf_Vd zX1kp~f&~d$&f`QdX^{D({2emR2k*@t=q;<5M*?X9d#KMgYPB{@3?${B=M-gZv9g#& zpBb#!v1r>OAL!Y}04=sRpmddsGF8spPErQ`3(%cwl!QmyB%mPx>NC^!Oa(ZUGW7#+ z=yDWng1kb(0WoN{^FUtXt|z0M=ZCfkhUH8i7&Z+rp-Nu{%!O9XFN^ep#H7bXD8n1I z(f^FnJVUA38)>K3e@b4MP%277JS_2KCMNY@SMApH@7rxjdG~6 zkuKs&A16cmt1W@H1lkg4OW;nIfGdi2`WKXdab$M7>sHg84fB@u^m8uA&LLMXt}a10 z^43)Mpk21RO9Bi}XXe12E3~4yffz6QKYH(!-TD#FD9_#RQRSicy=Qsw9(OOFJLJF= zF^_bf{+NeNgES4T7e3`N0c!qm-bMc~P@^SH1JVfESjT@o{*luljdkdUf9`jVZK{h~ zl_y_4>F3keJXp?~VAF4Ki`sAR2P96<(_a4`tY>~$9Qg~$7F1OwIy&T zNT7l(S+CczHK^iqO z0gzY%QNN0*;FpSZT*}mFXnPOzjHR)1cnwN8`A|Fs8OBf^uf6VCcmv1*?C>}4E67xn z{>fhAvEZiTu1m9ZSE5~s&11dF0EN<&ps@UE8DSDINjsDsJi!fDX)E>WexO3GRg+4V zRx~S@4FSpwM`;-Z$k8Ro9in25qB|Mw)$Pgpv>;I&0f7KARIuD(OPX%AY`t28*p9JI zcBP_UX9H3Qg2nwr?WmOmXTm2MS0CRpQvJB&N?Q>et0Z zSBfpRTvWE&d=WcK-CR0GRkmO=ta91C1ctRBbWXdJgQ01xzmy(ti2eJbx2#I5dI0%Pvj71tU1Y|LQI79gL%trjx@ zqHHH0!6BbX&dFZg((DJ?)C<_-d{+j}3oa9LhjZptELh}`dwo3vWj1bJx=01YVW7&B zyRj`NM%1wUFrPiQes0Bz&GBZt1o;g9-N&!Kv3PQJdq>Qv0?rMxH zu8_5{CXrtm;?gajN-DKTw#7xOexH6&%)CVQsiX1}z(+!@B)DSzOm@D=%ePIca^W8B z%|AL&I*vix>ix=1SmT^=1S9fcUsv#(U*~~2lOIa7Bm8hN{lK`9`_zYAr6b*dO5R~! zNucJvMF!kzr?v#z5@<`HErEZ61lmB&KS9XwPTuBZ1#dMEc-~WsF>Q|fpHl+5Xdz?LLgx6x-Wp3C&o|p--N3;! zuU&h?5>Nl3bhmBqGM#_%jg{BU7glSX=^M8?xN7l@xpKSh0kC=UBOZh+*3sp|xI=yK z7r!qj{_@n6(QWG+M;$yJwD?w}+ox>_{C`Wp^{(r7zg+OLvduy}ZbK?UXfj$s#KM4O zcL0*sBHYEWmLz#|4+$013Q$N8I?(iEyx!`T;hSA8D6)LFQmf59)tbb!VO^a!w=Lz! zI#d>8Wx~Q8QdWf0rgF_&eiS>E_70R#vR0bV&0Bxp+QYkxd@Xid^~;$GSimCkv+fT~ z>04au5ZCse2|VO&el%3>$}9h@FMtgBJ=PjQ<+~f6*1&|yh?W|S;vo3ajhR9pu902C z9INnhO{;*dHru@PAd_)`Yk?ZAE!Lvg>Yih8UHO`g>&$AbIyyUsqnx=_x$3b%iAtJz zOi|qUwcaQ)@M52;5T?D{gVlPCcEt6FzUTwk7@Rw=EFWJTfWaM>28rJ?YlwTJ#Iyl0 z&?;gAK)~&)*9hPM*r){6da7l{6td7N!tIs~m^*vcEWit0g0#3%5w3hjv8o+k8B(qa zU*7m95Yf|z%NMffLvC~COqE5OE)1x(#I~bs%Z~whwa8e#dR18kU%o?k`|y5TnCyRJ z-;9s3^)`Jv8vw^`wY9jBXRD89Po-;7+SkIjz>P@&!m(`s(@@4ERu=#}eUu%+GN+e# zKC@8Zhlb_=${242t0DL@$-84l@Sy@b0+v+~bqorO*jC5SEaYPVVn3aI^hZmH6*!wj z#$#B9I9IBIEzpVOl>o#9^HEC|_|pPGa49=Bk=K6$I{`sdY8gwtfRKV3(h|57;L5z9 z-5uS4VT|2AXle1KTw}dMUpr-+^V3D0#bVHc(sJ!l`lF3WCq|#;Kjb`hbIGQ$1(HWMI?o&j z(jDkW?tnw~t$mpJXD-{oM}Cc$;}gy@0@$|Bl;;6`Y@TL}AsudLZIi}^uE()bk*1S3 zWy!;@@^@?tidl)Y@~o3ga@Ma{osh-(E*Y9-Ph>1hhg0NRfe@PO8P_Tglu9AX3Vg?k ziZRsueNf1jPdmu!-w4NH05fT3eAIrm&C1QZ84L2zl2dBsm?i}TssNn#Tik>(pJCFf zV81u5+Z=xEZ)uxit;FT}Y=$3>6`z(%=CfULo|4}1o;RS~PHhRaCD4{YTLS+a3ABNl ze~z5*kXm#}dirDbF1kfsbmcW=n=KZF?#rM41me%UYMnar){RAj3ptOqs?lP`Hk~DIaV&7=&)ul>b@r6Six+b~R;F<45ftkKq>y)&$yI;@zS)oZ*EwDWR2sXm45Ixi zy6BBb0u`Jhrz*Qf{fL#3N}Y0|Uir73(vK|Zqh8%exIaw&b2wIoi#y0T^r>JL3hK&L zxX)-sLh#&`@RYK2t~(kjBW3G$)^@k9U4kdQxaMrZ?oU3~w8YWU$7h~>BM_i9fk20@ zY626=bBO!WmPg~b%*L8hg}58p&*u5Bm4-^8);((hfpk66nre;xhD;D%thfXn`T$jo z4Ky$~Cw(HHy4l1PV82lymA9z{{BDZ?*gj7-_u(UQ`u%`K4~_biOGw+o;8t z*KB0-EU`__n*rVJAS#$<`x1EEK9dF@O&4+$fU*s4^X)v;buOR}1+}0vz6?(y>Vlr` zWdJ{d3p9$o`yx%0Ao~3n_lV^$a376B3H`f z*@G}0-}YPL2GJk(rR|KxA^pbP^nZXEc+2zB`>oIaWA8lxEi05$^KKGoncZF4}s`jb(-D|CqG_!!Fe4 z&*i?&xx|&Ra>}r5>kq9)zt7Rf>dN_n1~R@nv8wYhi{zH>NvW8=^P`q7v6i76_3Dvw zDLeODa(XYLWv%nnru-Ra^*)VI_E7#gClovBl?_=;Ya4y3@6Ly z#Z+H@HJ{{JG|Km?KP{}*)FKR?CiTL+!C<-AK9nj&~}% zvd#7xpZ{7p?#0htbSW}U%dUGpKk0t;N0PRh^3`gkdw0sJPNRy(v~iom)dO+fRB!y#}1Br3Ia32c_(`Z7MHy9FeGI>z5bOBzA2TPn|} zaDcj?TA6LX0aJaK;OZvRH2HhFD>0}AL2~4 z?4V8dBYFEER_4gJcJ){p#`S3#;8+4gYlRidhascbWoyl~W$hU8Y}Txe#fL$1Rq_Zs zFA1Ks_?Vv2MX0B&B?gzkY@-d>qMCoxfFXB5(%L0E=Ky+zpcyyF*ufL~?0N-ZvTS&m z?X}qyy3usgKW@40cx+_uAsBPUu;Z3KQI`Tr zNiX|MR~E+cZrr9 zjztJ^GyvLjTFYp;BH>~=_NzJxsl&ZM*=T&y2>2aulURcp56-gsaNkqU2JzKZD;5t- z#cf!aC{+G>a62SVn_WbRzs@UD9M;w zl4K2XFovA}xwlY}^SSDR3XzlE;?-)O*Er|+sxGn;J4?#vdg}0qd8>WyX3{SPlMKj0Zjtoj2hjY9{K!NltcGsbuf8eH%S9J<}ziSq(Xft9!?i*uH_J~j5ar|BeF47BNI z7tYD=ay)TO>cYNSEU;{6p>J7&01~DQ(+fs?YM({8bqW#$Op3&J*Zj#V;D7|sY9a)T zcYE?Fk6^{8rFk;lY6FRoq>@0>6MzbQumq)jkOgipENHVHtrD`(r#R~r9BU~Q&}8fy zKuAEWb(n&3wB``75{VTcYr6rzfVVEnrO*Ja$b{l_+XyhjEo7rrtIGP(D-avPg?n57 zU=N_Sr;I^NX_?{1Jt^* zKs$BynFAD!Lvkx~H*%?yL1NLwodnAox6$5wlTAYQ*xRrxHq>-Bn|Z`v>n>7zx`6m{AsedsS^20+%MYX;sf%{ZI|T=!x5&^NRk>l%VGr=3wv z9XqXY?fC8yK=z_E##(k-;-kTnbrF)FK{EQ!@u|xZeJfD`A!S~5?KQ!kZClVnjQ+`1 z#`J=g9g~wIB*TRVLTNcfljCB9EyA-sJG$@VJdQpgvK)K;lsPyA0d<|^l~xG4JK@IV zn52FIuI_=(0SOa#?Gk9)=bZ$cRtFw^SV2kFNG#ZX=i&4W^BOs|=2VW1Yp(g*l>od+ zhu&jBVV@umW7xh?56-VXh!5+qe|*Iqj&~=jRvwav23mHGMmkAw7=WQ_z( zV__!{uYHLt8FkFz)>Y>lt)^bv=u4d=Hf=KWGINx+NC+k^-wi!74+-SCe$r@tBY_i3 z8^&sagm==1%m)K_>ozH|J42spm1BR#ii_Q%B$j(1yKJNVy@D~ff>2Bw(kEJ^a09>v zj&0tVf9}-geMAl;{qAS)QBQPL%k)0X8z<^# zMUO5#*FOHD29AICS!Lz&p>pVc|MC~p-Wmy3U$?%T_OZ{GUl1Z$ivKajLv||ou5!F#n|J*rwna16tjy?3bDZ}r^t2yVr zZzzYn?j7auH=gRL9EU&aDdj}SpyoL6DUSxM`gjPH3x0Mn?pT*K$!_x9 zt-?Kyc=Ku53cN{VEFO1u^4J_ppNr1^U^#%Ty^ngw2Xk&q;_Dcg_{anI$@hbv_PBDz zwW~wu?ECT)a?U@xcD?h}hb?|@e`ssq@2vq{0$k8%(ah?#0q#Ee?Undob?d^mf>M{o z^@*#hMtfuvR1r)jiIDg3y5N2+Hp;%Ag;Eqi7n%~XXJSi85 znwr42SS4ufp_PS;Zp#+!xTp^xsYL|Xh&csu=IfO-A&pPGQ?li=nAfsFkl{kVg}-?x zqiHEiONs>mrce9@;bH-Vsn-E@2B@9u^%|#WLvJTwktewUCCIE>mt@WeyWI^Fr1;wF zAZBn4(rtrghj5vjUzzQr({|43n&b{sGl16t2_3-R?D~;dI1J;4>5eg4s&r0iU4Sg; z01ZVha31ngFCf)^n#SGAJ~Obhsg$3uW~qb~?pK3s;XS|5T~=e|vjHG`AX`e$B<_o` zfXvqm@b4U~#M3MmN|H4zRuH6@^Y)CcUs_UZxN2qDa`VlJ!!j5-vf~rr+5WYU0xZ#= zRzdzYbN~d0h$|uyV_DsN?!diEp<{V~VzqMW8D0r#1A#=FwDgcD=rlkt{X@ukRTqmX z`$n)ihn0^{*{Z0B$%?HHgeE7!Hdwn(5&O!$t)7U|NT=tx2@ zibI+@r;rh%b{rxCl~4ra3whOv<5|EiIp=4`#RQ~JT9k6A}gn zO!mIuw5|PK=d_<=-Ig|2E2ik5F|2!Y;`P{HDvU#`A?ueg$Q+|zBvm+(YBy%p~)NxPSbhE3(o5WYuvmIicx{p;7g+j2}^SVd1_Tidx@;zgU`jpos#zJyj zc<*ajvYk2?^0Px@4S5LP@+;vePkN z$8h?K-->z2aOa;Si+5=6#p=!a^G6wZ*W#!@b-@P1t*t4UQYuBzXN1gJa@~p=_0;1+0Lr+gV?CA1eKfbVR!2{pT z{zAOSe+-G+QnWSD)&T3L=C0gU#y`6TRHCv5U*iiFecZ-`_ax zTENY^k@2$i=9^?Oa^vfM*OF!p^=-T5=2@uRRGL3`?y76oWGmV&*)H6L&P^RYWxVp* zwbW5#@!UAgG>e`qXpjE!ci3d3xIx`GP5XOW1Ak8q{P+1ks^Fuw@D-G??9C#(dAe$S zj%h)N3*Ri7xy|NjEQ?)N#->er7weW0VubUiBZ&)j7yW(?@Xk`5dBWmZz#+&;63P(_ z2spLYaW1g#4yf>h>u{gCDvO|}hef{t%>bS~y#g5*|0eQ(C7vwX#l6-Wu`D31QhNlH zP_S+&KHV2YD652v?X-L=)e^`|k|kOSNG9l_6mUTj$*sc8DJOi z;LcWSuUl8Hz

EfUE0;X$2r!r;LuQkIse+JPa7M?loAl^tk;s7750}(X~bbL;#uK zrnJp6Y9By+0O$;A>|JOEVj@6HkW5Y+c!Y^9|TB zZ&mcO9_yVeueqlDfjBx>U3GPtpgmd$=nf?rGK4&Wa)F+p+WHLiJ4Ena-JK+9BpI|^ zP;Vqi9}lsM)ey0K>Uco+mPNbV61yK)tOQL~F#1bELf0cLBP0b3Y%5`5|LG>B{%uyQ zTiBh-I(v!pBMB+_VT_q{AYikDyp|L23K6C&)trG>JSfER7fTj(NcoP7094)ukFj8J zJa8>=uSFJg(LVxE<#KEoH%B7Fu_b7n!vewl)AYOJTAdA`BN)KQ9m_TPcXVQ|TypuE z@~g|QWk(`huu@4U6Hg_aqLQhDZ?P`zdoPDAw(jwny&}>B#ls6 z^f?_ui#ddzyl(s$17(}X`6Wnp4hilpQ!*(ejV?}%Td;P>kwM2Ka+u$AjuDBB^b`H> z_?1}kh-|!Po*{pA1G8M@q>qgaV}JO&7^09iIUUm{Tvrduqii0!Pfjt~$kQ00Cs$0U*_A(lq7 z3!D06E%&_3^-33#1zkSC;d?3pj} zqu)AL9b>hRqJvf&$d=&&Y9S;&{>O1PB zEaL%LSN)Z+i7leWx;gJF;{x5N=Md|>t1C&>kgMt?I_3}OLMoY`^RGVSS$t|AjRt&B zd7pi-Mt|XR%26+@x^eCL(Jy?x-0vPc=hdXWt=@lj$#2W9dmmW#f9%7{87IB+wi2UV zZ(9Rx4g8H7@UdF^xSeQV!IC|xVg)V=T{M9!PlQVHdry7*fxJI&7Zq= zb7a!eJjS27Ig-Y71{-a*|6ZD}{kg4yTTBBiSY3$cDJQGgY!@ri38WA>RN%7sWKvM! zA~)Ch!U1OCU|}5)#KM=zZI1w0x4C0!ybO2JUd>)X; zm*f*D>TV_%K{Io`g>zdnn)Qy$}Zmm(?{waOk`q)VhH-D30!& zL!8r{#UPyts0%n1&sv64bhK||<8a$yQTw~c|PD7 zB1ghYAk~eG3lJ`Iajm0^Bnlv}Xf}2xwu9d0Tn|K%*E}ReBvRZtE4y=1hOu_+`?$u@ zZQ$?u>Ct)!oRpu3$$hk8HcmyW?dUR#yY)e1iUWEP7~h(l7DA_Ye;DC9+zl z795TNuj%T>$YmU1bw(KhzUamAF@x|6l<9ov?WtqVIbl2$<#LSKwmHDRz+E?<5D@f% zePkbx8)HYg(6jX~8y4z1d#fIJ^58 zU+7Nq%KMboGPWV4E`8ABWTme0N!$%d<50k3sPSM9OVzyxd9gffsbMr(u zMs^7p@7j_`HCVS+S+=u|3+s2BG(nOPA${lAPzL2Tka92S>NukhkpKFgWz zpuVk_%+aSLlZI=`5G87c=yhZ@t#eGWL>)y_)=9rgE?JcCB&9CzOQiJ@eQ2TH!=MUN zaAc(}cO|r3$rk&}`+0|LrB2gZwC8PeKJcZnI*j|8vQdUpT{pOYgky{ck5{j`E)VHe z6XWa0zx*}#*1>Z3yWEMGVffy)4%_!THmlf>HSKcd-f#YRWx42Azb%h{$bFOIqDy~Q ze*OE)GZuE;al7o0+T?BCC9r;e$#3%D@IkxZjd^PXsCro5x!?YNzHCe^MmN^*0i+K? z_j=@><&Im_SdLA4Ep5Jk;l<^SJb>J(6%Vqx*1Z4WimS_yF1j>UFL%519dA&dX>9xV zFTA9zTR&R1X9JF%x8J78`X}#A`#<~DZ{^xU?{kmn&6ttRVH+;I_%~%!c7ENJ`n1$+ zjwb)j>90xGygO%q`14_^vzLF|u{c(IXz~Mes%*QUgROW_edFWe-&~eBp2pAH9nXcO?P}8cfZ1|J>7%>cX`4UU zh{cE8>qo~E<8v+jcRn#bx7u{$vh$s{$-UZk{NQK5Dr<4~-2+d94T(3m^sqmE&Y1np zA1+Vd@37rgf0f>rmeKzF&!qu=>DxzJ18ohoHPF_;U!ws*k6p8(qd)7LdkLjC@jlUPqG6@1ZR>qUUNY&K_mzh z;0abzFDrhbN#F${2qtw45jX_|&<;VDW%jZdoF+i4?lxXmhX#i2qJ9@6Hq?ccPtqkT zrfIvtS0LZ3oRSR$v7Mj}f%G7N7c`UdyNE8UWscSb0#tPXtyCs_x{rLFz35MVgL=gs zZiy{u3!t*As9T*i`W7H7b1tb{4lOcPEMH!x)~$)I$dPu~X98x+lcbUWupZ-%tR(#q z3&~g~(7ywKQg?jn1+YuZxJ#621&Rt_a9hhzzXDDPwr+@%#4bTEk_-XL=tA*oANq;j zL*Q5ggiNC?%5AeapSUM}@vyA`+6BgoY1Em(z1jVXPiBffs)ZPfX~vuBMWK>o?$|X0 zaW{powd_g#=uCpb^67o#LmuQ+P~|es+;qzg#XicpT2%-`Qgj$47_vfA$`~~xV`G4n zDF`pf4y-k1Cm})z7;Ri2*Wk9Tc{P0*>l|c_^#o;lgq-vPdDNkOmUFb93-aiK zWnWSVLK@0qoCrJ&rfeLRgva5!^i=J0#tNTx0rK56-4X#D z&VvwmSX)W#C~wa)2uA>JGq<(0apy9vtRy&Nk>?meFY3WEkcQ87j9I57$G9H*0A+SUNF@z5J0H}+ zIOToe}e=y{X_jd1Djy1j6b zpM0~&l+pI8AK#6Iq~45UR_~qlnl6ftndr>)lq(sofF#e6zA+7oa4a;3Rx=VX=9j$j z{wqj!yeVKuM{bTJw=L$X1;RhJJ~buXcJHU0`ML6nx4*Ca>ysW`K5+Iqi-N3z1V8I7 zN0-MwXpfxx@h>hd_j<-5<=BItUA{tW!}Bh>xIAi)-O4@gvVD2li(Z@Wi<$ZGs(;(n@H;*B*^Ac>Cj7vTAKbkB@|-iu^N9)h z*>9d#CV%+l%yS8Y{aT_bQ)$=j(1jur${M^;*(2$G;x)mhz}C?N-kD;7R4Y zAN{;M``=F}mtI+ScQwt{8*WfOeA25I>$^GqHAGiauJ8YK!B5I_{{8s!`_*ffo-Sv< z0kKjlCvd! z`MFb%k7a?lDp~Yqp>1KVa9vbaP?|+`&DN@^F5X?hdzi|nn8v~JunLyR zEU*DJCgIhPF#-Tj2nYf?T+FlBj=Ki+CozAsI5%zNw)#;L zTV$YQ-KEHur|V?P6ZYl9J|))bVJzUj#=xlhR^Ax^(+sghh5_(mJFNf$f~ZsA6n6)n zu#W?F`v8RU1)VZ9v_lJldQ^ZV7**$jspvb6L4HUm)gW1+{v{Tc^OSaGb zqK{4E`1N1vA!mK+iGCRbS^{YGA&|6=(a|x+fU#?^mcg2;3((zxg+(mbNMr09I)FBj zmvWWKC$H7Y#Wpi4(TDO`hMy(jY>WM^m4@@w`XtOuSH};Z>C{-EQHDcj4t?0y5<%0L zQP_VOGp)R~OIft8>fklY7^P6k)LjRw5b`@VELRzApWvNbfOGXj-O4GUL3>>0tIGvs zv>g&FT5nl~RmB2=b98@X4yab39L|9%uiI@qPvs~E7>`P1o=P%QG9a<6I4O9aAU2Tk zovg$&AHH5WZ z9b*!ij!|UfWfS>Y<$+YvJ+v3$r~3)C3_&b8=D4u$RjXrboGs$jt0%aMRUl)WvbfBv z-Xk6FTHbh1(Dlx~OaCbx|LeFnZ6#~G|Jx^8=GZ4qeWug0tsBNqnNtUKdymb1)_3xn zPLj>|TAayPB6(tgWv)?g{Y~;D|9$aM{dwK{wqq-OPAzrJ*Xt5r*87ie{NTc0Mhrds^M734{n5{q{a*IEa_PAri`Dn{uwL#~=E<@)$^+Yp}{WjNL^g4~{%&pIA#A`_2!SV@^Ax?7HpN<)v(Zu{kdG@BR4a zLp0puL!T^%?EB<$)`_nwhrRCPSaO_r#KC2YO*c$^=l}TUWskeuIdfeCW{8bd&rNA zA%C1xPyV-~iv-Vq9DR7oKK0DcmQQ^BzsuXt_-uK_^D8M40a|}HS~(mU_j~0D$#?W& z&nw$)wMF^r|NNjl`US5j5)N;F`3qwq@~!Xvw7l}2A1M31I3&Jdq47l#daO>##74PhaXd>e{xRllTSG4$a3!Ye^Q?Q@CTM>6F<~@ z%j@2Gddk_2z|Ajy_TG`@`#=3fh?q}&@$2Q?M;#uEn}dnT`R-4BF|R|P{=~A+;~!o= z#`RM^@%eHVo4V*er-jvh_dP5`+6Rw40&AT+maqNK1?A{>f216K!YSobkTvb&_Njq3 zQFHt3*LJJg8fa_a7SMo;RDrMyTMyquqU0NkSr*Q9F)Ube5!@`w>-Q{jUFhwwBPbq7dXzhv!|mS3q1rfnXy~v&njW zJ6O|cIl@&x*o!9`$A4vs10;;Hw z^pXVvF42hqYnoRNZI)_K*WElx*QI6+AYF+CuCovk27Qgy0OhHLDV}<*B8JII%-d&u zstzz5BN%L~SCCDYEX|uI0lNmL?WCRx#_b!x33@dUC&lG+;y$P&uLU?uWC@Tt$vHm{ zU>(!P)AaE*1T99UmBWMNr%u`>(PG?>Wymy)yOS0~#?>))j`FE{Ek$a-^969EE(PNT zch$;4cPOoi44msVAzCbGAWP!1!+R~G_K|?C8#9A>vifbzoZs z`yGI1+pkcPNF5RabY+MH+OCU~Pw)k5_OGDQzLTi&@U&`~!n(yVG7l*se^Tands=n^Fd$SQN4Lt5Gpc$YpMADf6}$|x~R)&T|_E6#&{$fRYcvvMri{7``Lf>} zdvlmC7=OvKX+g%I))0bRi5SPVW7RPrxiL9i$pj`qETv{4t~|7C8KZ3h_R4Rcc~H4q z+bgemBw=lzGC6-Zm2>lSl>MkXMs|CmU;3$A*ERKTK?}A;Imw?s=Y0TIqrSdn^r80$ z$Uf_|B@!PTx|A{VkcW6sTHlbz0h0TJ0s_y=QQO`L5NK91Uo^K5i9o~>dd{5 zd7|tC%ngNcPA5n>Woaq1yyc!}Ss|t+#-kf_=1?S$MDiHKZU|xW_prm;EalZPg=iTC z5^96FpUk2k$-&$!9CxHJaJcQ5rEe!w7uPxO{fMvBqaN!0&w$8?O@8_e0VMxJ;P5>Y zgM8H*GDMwKR9s!OrEv|O;8H*V!QI{6gB2Rw-Q6WvQMhY>1Shx?2=4Cg?k>%LZ};f8 zGtT3A*k|pz=KLo7jMD~SLq`85fsA;&FI7%iRrZ<`2F#|o&BGGEJ>5~)eaP)#vu2_o z?uB69D4?{@Jx2GI5O*#X>dB#r8HROxzEQBgja|3ed9URFZZE3=_hJj(TG93zhehk|5&L%UK-iQX}7aNSvs7S zK=$ykxT}T9X86$OMQ$Z@xi`-MT0okZ-=e#AaNw)YQYI$;5I`2NQZuAi&U4b)`L7q7 zxgs_86iG61I35x(nzWb%cZ6CcrTXvNb9{}){I1JAl3VLnBF+NFTT{xa!zY(^Eb!hN zR_;mpSBu{4f0M2zkUGcf4-I21c}!*;p7F1KXylg+f|X6)ZsnqN*nIEPC97R15;n=} z2LA14hiwiQ(DyzCP@AXUR881on<<5WNxpDBLkL1>_v(w(P&L_*cJe+5S zxGw;Pwy~G1`C%LMrOvhwx8d!#Mf+n$u^E{gZ{k5}hP~%L0tb4JtqkcW#3>n6s(ulZ z`o!o{;YK2~87#+EE2UQQ|LbLBEC~v9#hsU*FOSj}OV)vEMY7i)(Oe0{z#Gm%0mNGt zSuvKw#~4$Jq9AJ%&wD6oi1qlwsSRF(E<^YK7*}@vsX4v8t;CMBR94)YnyOmzmL$LzzHk8@s+;={s#_i;NlN!0y>v{M7A zBprp6Eq{H039WQKa+}GlhlmSH_R!B9X8;7RFT~BO_NF4teMML|_+U<`bZ20GQg_&( zQTew>NtkM~Onmyx+7O6xWkrB9O5R7#YMuz0bCpl8%S@W|%BKnQNQ~)t-c6ApDMS5M zQXjSH+hv!4$asS+HIlU$1ROxTvB1j>&s&(ORPU%#awKtI?2oH$Gp8?|NyP#rFTR3n zh;IYA%LwuKpO7t^DiBtLgd;@iv#T_|#@WPOiNS;xB|w3zq0`Jts7(`?8zR(xV_eKQ36x&r9&EvCL3WbK7j8vrK z0T@atx}0;eE6j_@*IwppO|dZflwdAyH8xog;zA*!*@zRdW@QoZL5wDveX)o*<2d@R%-b`HdKYqPmsz;hktl;L0asiI^hSpj>9bvNq{B*S# zlc3{@hTnxp-jOmh)}Sc0RRe5YctJY(ej^ehcGo+eqUcO?)3H1vOsf29 z%-Sl;+-qObdGT|MJGc5XR->jfNhtr%Gzr$7%3`Ly%h8Xir)^ddCT!jk5&Db;{cp7b zgJkENd)(-;%RcfytY#r31>lOB4lKueR;CJdul7bBDGC}l83Uc-OTCj+=&7%|PiXqU zJrucPleNSwcNTxAL0#=GNTgFmo3HGr9Dig*?8Uhi7g?4cVe>61vI@8IjJY1KMdDe$DIYqMxqzcEt&(yy_CSNpcJrjR=8AZPi}PFX zGcyDxRso}Fp6O$jyecbu9=)$Ny5Ko&3NVDLr4LU{W^R9v-HpIxvhaI5-o;2Y)Mqjt zK4R~1wePyX1rs@VulFaO*E9RCQOIsb#d2$_`n#R!H1Cm_lzXnU*1P=5C8AFftX^?i zvm(gX7(>mu^kilx4ZcE16W*Pe-+57vtiPU)e)nJCuhpwDQnwyrd*wOUDRhkh zjJ3ONx}NhGcvgIU>_UDw@DC!Ir|G;>gt;|L#AnQX915U1WMV8B993j$xoPC}c(Ulg z9{y61bw#kA25FFmjUx|y*&I|ucerm%RQhEbvR$y z$Jnb|NO>&fc(md8{B>a;vfGqO+Qj1_Si{R2(6DYheem~uy~k~EdmtpIUS{gyHMR52 zu5Y!>z){fZ;duRZQr?UvlE(zs?>3n1XZf_SkJ1=-zz0n1*Kif+mFChhgX8o*z#gqG zDkI?R%|?FxKi6hs0fMn$Ps>7o9FwlTFDlF*jy(z7(V?CK9e^4Jz;tRRbWv%cq$$b7 z{|)>JY#mh@q|e}!lM0LolSg;m0DXs1&+L<|N3}%`(H?LFi5Lr|EP8n)80P-XR8~Pm zs<*}XN7>0nAJNs58put3pAbz5e_3Q#4qulcJ0aXP!GZgkNy10hG*%)o!iol(@|W16 z&dTu*Bb6E272G3xDNW_qVCl7IDB-=-Z>($5BCsg;gUK7cfb#j+a@d!qvN(~D1x#)D zrfa#JT3GiODps+lU&z5_*w0dXVo`9z*sydCpNxKThQ1>JL{HQiy(suKS%rd>0p_Mx zS!dej-*U7GFF7q{*vZ7Wpak|U`i6o2S1wSd6&@?R(!ruo#c}W%d%1tx2f7;V3D#hF zKEH%R72!f(Akb^3Z0^Eg>}3>bx=Ij2w_Hk!&0H`&ns^U?M%s(~OG0%+e!Jw*5@z*9 zm64)U+!ZWr>t`*HLa;S} zR4k2TProo1JP7zxqetFZ$pymAAF5?RXO;GvR)?)g!`rpj?bV9eu+0BHnR#8^4btu%YB!kB~hR(j}H8L?46LY&v>uqGY z400{CVoPHe>}>|z9D82L)-9`{{zVfw8RoMVwxkV;8vrv_95Qz^CDQ%)zlU0SgO@Pcn~xa z>C$=r$dZ#+bW|o^|$SgO(pBGFN5hT{Q?ooc{{PD^>gm%sK=A=vHbcwf5?DC4{FHx zrpM&jekLRI{rv(abuAT>$t%)8S?^DTN;>SlG8y|h)008}h+Y{7kNn1bikX~_R8hOZ zN_E3Ni(g&-R_tdNX2-Fc<*hb&bm+3dlPr?e88o*br4S!8J%7=ED9c+pdjM7xbUyS;-0`?A`tI7^-j{!H z8OJ>@ZN!KuwaOxT>UVTt?HhtKDRSI64Eht$i&>vjX2eG`(Ml_rz5aX#z0 z*m8RWJ0A6ZD?*$T)YkU7uS@nC|6^%~A#}{%Ehy5N;L>PHazmz0!@WU7@cjFaQ+};Q zWE)3#CAg8Hra1>O1tJ7t`ACcVm#8;9mPfP&hd;Tl{1e`Qzze2ow;6Vtjy=T-UkUH2 zqaP>rUPjd@&-uZe@;W>%&Pv{3PQ($@2BOMP%UqBQ410-YN4pKV&5kFO^z0-*u^J>YCp>u^0XHXG7XNZGKbprG%9#&@T9);5J+T>0YYQyX)qt{no2lauT zXJmp+sNW)Khi+QBY{O~BU=ER8cbL>(p}dJU)!($$z?DR0@W-$?dodA&6oq?GtM z9xdqytx~;JJ89WYA+9z9i6<;Ql4fc&q)q|(BdQ{mucb_N)jC0BZTy-#l{*oyl+eb{ zDVx+^E<%>BoJtHG*?hnZq!++$ccDoWLY!`CXmBef-`9e10A632&G;gTA>P z8>z~kT`QQfyzW|SPcH(fjkrIKji+;*QhePN(bN9rqMG2oiW&HM)U4cWQ$&`f=0WPr zh2LPC7RTFL0+}XI`HdLNC)efv)stFQea%1k9ya&L2J8%h;{GaC(yMVxfIszyGf~?r z*kaK&+PNwY+d|Xdjd1ow%N+rP#WT4QD%s<1LM)Z|f84S%mR_)}XIsSmP`mo8A0{Ec z{@~1WN8(IR0&afahMGW{6$RPhzPi7;^5Cfy&v6V@@Tc+z$;R=x6QwrC2rgNW5!kA$ z{q+gG_7_E^J7Vn&jkf3c7z6fJy5+>a<6c>L;!mMKMgto`7r+i=xgk9X;W(WBH@QIL zNHdgb{kwckE(krjhG%2kZ6S`{^inxZip<%DnIkAlqgG-)duG4MfLkXlO|f%ty}Mayxm@n6kDDH z*{_g(>APP?TW+axlrp1ho9;)M??XqIZ>grZ-f=3!zpI$z>s6P!1is1mRu3vi&M+V0 ze2{6Q!)$8Oj~ed-epePn?<$P#xr0}G!Fz`Dh-9g!l+x z_ax1|$Ga7pW%^oKdul0;bkTK3a|!R6s}6_ZS*xDQOKWQyu1OX!Y|&S1YfhAJockWU zcVl<^@!b|2+D!Kgq*CIuUuS*WmeH3}a$mOQA74JO$xC`;+MHw2J29dWWIxQpYW{Y- zzUC&oTDL=`g^hqQb>=Z+_uIo8ZIVou z%&kf{o7v=F+Y#e=Y}jaa<6;4^*M&cM05K}JkkEbX``|DAvo`&;&ig;stM$Wi%S_a- zsy4nW`)3~d0{ao?FBgA(JC~J~lc$CCD=a&%a=4SE&zqmors_La-Z(e1+x~wL=;aIH z1){FXw{@Kl#hTg6s(oW?o>Sa}oE+a)r1l@8O7#Wa0FaU125$g5N=KwM&_RR?koB+O zB{JHo>=JY4pGH`%AmK5BNui40kXr<1?r(0uFq@12&Denc}W3q!o107~l-KpDM4@r0b-iS>O=1+06r zum^u$T8>~iO9R&I#9`j5IrdhfW~hxmh+ zJN+9?N>RUMa|CmU+T?U(rV#IW;AJGRzHF2G>Lob@+RV}U-Vj|W8Zlt5Iqv?h{V@*} z_^phf@!y>wu0pUudB78PRk+8}D%wN}Kt_1d0E00d2wTBl>m;=7iwgNb3ND*>XKbfU zb5R$C^M8>QD}7gDptrSL@s)A#v8${U#{t71OG^*)EfwibaoT*4WV*<_oPB3G=acBY zJm#}iBQsgIhIzPLA8QQ^H-=)G$@N-4iSVPVkP(@b=^InNWYDyCzP_4CvV3H{Ehs6s zcTu25>*1bXC|N)GyB$^y|4TI(;@9mmaPlG`(usG22F?Tc#8TN~TCGHy?P-hxmcCj| zDC>NwL+P9L&$Oq1oYr<;pcx}~`y;a>lEy>hid@TxhM%fkQ~sSn$+ce95W-5XfPW1# z!N;(KX(U;;z}&IT9_6{nng_O(eyYuf@slNHR6;nkSj{6oMj)B{F|yI_^h)0DooMUk zt0*QHD;BxP?8I6SFWvV$6MR)^&|X0y#JO&2!imRKbhu9^bvSU;r`ZPUfstE=s@ z`n8v$CJ5j*SDE`&Yl_+4r;-U?dJ#9<7bcM$s#5tWRh&gmM2>?eUaF=P)NZfejQ!_j zUEd$AhPIMv-oVFBM?7!bCW_sax3%WwJXtGsUH?ymp15z6Tg;c`ujxl=22qlW#YFbn zTXfFQQ_W@$d$IdOrwtDz>5+?7YM4W5!Z!XN+A?@bNR@qZYh z&wGumQr^Rc8=rZs-LG{2j+lq)J(6pZRr{Td9LMxxei|fL?k?|SadgFyr+9?{xeiNR< zHs-=y{@_+w%f(Tr#IyKd#i+^vfb$oECv>J2P!`Pz)u5Wy;) zu}#C+SWtpfJ)52X;e8fS5;z?JF5=A7Vl?{SHRbJAZttu5OW%1Ob?*u(dx=uf@LEi4 z_}F*a4Y9`F4_zmGZ)`om^mA~DXc4^k5`Icg#ltXLJ;HiUVn@RDiO_`FI^UxE7GPt| zc6_$5i?tht*k1brQ}$!6Rk(%tHE!C)2}vGX-@)K!gl7NQOv^x*ef6NqM8pfIYV6j3 zd)l~0@oVg@&%+-4qz^|u2XlDgcR$qDLHoK25I-LFs(|Wd7Th?DTHoSv>Hn!dUVdp5 zb7 z&1r9{y?a)X4UKK*g*9Egd;bs_aNEtI7aq|iCZ|l!d*b5OX5ZhK`Gvf-l;T(2*K+iK z#trSuFH|mb#-1q-EnwOka9CcdI(QjQwL7lUFgC372+1SYO7*ugJ7u#^KgPhr5@)&( zk8;WJ?$-}w`fiT%3tgoTe4x=Lh3q>CAJkDU?w04=hyPo6ejdW<+N zn~D0q2g0F2L7?giXc;5K=%C77ISKx*ik1-^V_5>e`sGn2reHMCiepwgPKw9);5I^?Q_W@4YMNQm!}-5%-$pku9ifPt>=wt_)w z1h4~ICKEiQj=DiC_~M4!P#vNo<#6-i0?>1-a@G4dHV}9ybd0L5R|}S>Z#FfbM40cy z4GqyyjuYPm(4>`e5AH>F4$${`E(NF-y>6{qgct`7)xDNYae#>R1(B>F8;RGXB!T^2 zPnzjlKSTp;GN{N)|Mh+nG2jif9nfWLIT8NIe7A_`$4Um{0_I~Y`#Fo40lL||WBRsA zs0__(%0kEuvD|A-A6-J!+FLR3dCT0Zf#0C-+~#AG1`YJqUZjQjabtB%HdgDQUY(Fc z^m{6yUmV)33v0;(J4#wRZCPftDna{aVh|OOmgO&UM}!mO?~;^k_n)SSj}s08`98!- z5&Vd62`r9!;c%9t`u&wHBc4t~UQ0Xqr1gEJm+EQsS*g8UQcRk}M>1UwPjD~0J}XKG zpS`)vewT!Qn<$XMw#>Mbn~)3a-ICIGR?L>MHua@Yk3BYBZ%KY|CFr7%*CKmfN7xq< z&jx{IF1*~aQJG~^bOr_v(f6@|2rb#bvu}HpCL&iQ*vi_MDmnI6Ak_*zRt4m~At!?+ zVK-uOO)53rmirE%4(pHIq|@}D%vtB@5q+O2-lZUV2fxRgrFlm@w?<@^?u=&t;;#DM zHJA#vAfuznHs#abG(#Q~)wR{EXczu*$}&q^l}E`GmSyaU4(|AK2F|9~u?s=iW}cI- zGako0RylwxN9|I7rQ`wb?Z$7QVrGvoy1nm4f9*c4#wHq4*!y}13!M$V7Tw5QXsps_ zJ~g5*@A>NF>7ApILKxS`lLjwM0(?fF+UCbFrw5%@Gtdv0rGzI-ZoynG0ID_jfSJtR zkcb+~N@MAth^xBEDboW$c;-KjH7_|X~-dce7~u!oYdw~T4P)$qFZ z3iflnmeyYrGMHJyZ}(Oa?csqv<3ma&@0X7*I4-->G@V?nVzL+brS8F*ABBT2v<%W` zDMokp*{fi2Y*Yj`F730RD!!<$8jtw;UMo1p6a~-8KX*f~PVfB!k#Vf?=*k&RiJXYV(7 zDX%#<121s_k@{INur0lBc1p-(hk`3t(%+)wx6bhg=9NL`4U@$!19-7Q$i-=s8 z1u=4k8XO}`NxoUHo9IJQzZc#)%nN}`2qpnwM%ylp^a96GLJ&d?GiD~Bc(!ZRt_d7E zS2qg7C;q&Hl;=ww+Z7DER9P@n2xTywnT$zz+{^*3%~^4V;V0NDNkBlmT^MM)qXVCI z5*CP=6)uqh%=^^~11CWf_|;F6ghc!ZPoy~dbAOR0N1!XlExC%4G_p%6Jygt92_P9R z`nt(5i8d11_{h~5!UW)EsR*6>8iZ>1*BNFF{kvN=1YQHfM11&5?$NSVixUG8$bj*y zWg%20Y~Ya>#_o(WHLmu|xySY&OIl!%h3=`|vs_*&h1;xb42eF$0HxEe`|9k^2%6h= z0Y7QxyIfpNl0I0m%0q&3NvPoJZ?vs2vQY%Pvna*6@&^%DR2qGbPM4t7WJED&o8mLl zoFU58DoN|nnls3JA-OVx0DuC6#1CPe#oFIvs_BiSN@XNF|<{SB&QmyllHjl}O zIKgdNUi2(_{excCv$*e&*tP8y`(@VdUJ8sNYE7Lr@z_5*zPrM=Mmka_fb-QBW)u-d z=?NkBLHs>`3h0y9(QEevfZA)B_;b&lT(Jzpvwehx2Y<)$9T)PT=^I+4$*wjSj-z38 zNwp8*)tVR5n^;soUhjBP*N(J5+;cxL<{-Vjl+LB%PNfH&l8Nq+&AyXW+4HyLts4*M zrHofnI7+h{Ql@I`Ci9TNzUVm7QDzkGf*)FS_C@Zy|1YD}8t1RNMMs-a$rb$4_xrC) z%X|~neVNms*CdhBtXt}w+`o#W#KgaRJcPjp|joHi|ut)bl$g9*^;mj zT^(*+8F>+IxM6u^Z)Nv9Ynbh|<4S(&_<*(RCrY{RsOF8>_f$>p5qYU34>6d?#k{u* zsXIdU6HDW7TJ^4~clWuTrmQMe{fp;9HN+1`+{yDB7@xX%)*wZ-m|?W ztnp6|SBUF+IRP`Wi%ZL=?eC!1^!L90wRnG{#pCFE)NZFW8~RJ5=Q~qhxwp3CnDHdU zb5&Wi?K=iR!pE~|6yvrV(DmbJl>mosrTjNf8HGjeao!_E@=OEou4%UZhNW_BDF~sm z*GWj`3G&K$n%8M`POIk_hDSH&sD6*ZOG{&fr4>_$(Rsh z_W!W}F7P-nD&8MS1A9si|6)5i*0*7TUD%@U^c*))7o0AEkz-e>sV?GQri*iQ;nnIDyAQ-72`y=OzyFhH3Zy;+2srwaebcT2EQ>SdG3Z z`}C=mXEe?L)rhQ6*j1d>(~_zTyI(p~@)<51G__DlFo3zL@lx(K{9`lumu@xn!jzvp z{Z}(A7L=tAD_odBRPLtc>P?B&(U#s)7i(eo$Ce|$H3^q0X;V7^Qw0Np8%I8zs34OG zk=GZ0>9v+jD2J%j+^ifmLmMe zQEU6$Z5o83Sh?YlRgn1yfJ@V{wkP23Oiw);yL@_oP7q}aM2`xOjd!>3UE|=tPTylo_sQr$Lzkk)&r{{o$y#V> z&=cq%X7R_V-`ce|=+iS#e>;wn)3eS`&i3+5y-8D5_C=R9@*hiB{yr`k!uDv<3Iv}> zEjxt3zsJ4K*ccD93VTn$_Z=U}ZvFe4q=P-4HyR}`&Ns{&+ne>2F*g-DzPIi;ONXRp zJgX9iOcm`@XL{)`s-u>&cJ5uhg)iQ43(mh?gGCnca~c;V?Jo#LDX<`xryvZm1bh9g z50b$9_mf!$Tdf~337T%IsJ^X=uuZ%HBi%TD^I5+D@2KPwRfgX5x=o(`<>c3qCdOJl zInw@)NF8Zb(Sl8h@FZ}Jf{NRpbzeTvYq6XsfQ*~tL;4yObC+*gcbd@kXWX{4DABKY zIrCoTJQ@_nE3DqQOJ3M&E{hcAD{5cSlw||z)Y$`G%VD=h*V=u@xW{hgJj<9d(PQqH zF&M?Dd6v0sT32s`uD&c@OJM z-D7PJ{jjrBlgXd#~sx>H1PUlo?a9P_%U)opO?e7novS{#tp*M!^nbD zgB@T|2wbXXnCgQQ^W_$~u*K^_%rjZDXOL;(uaSUWu~MAsY4}&8Ep`*0hv_Lz`k^)` z%V1kknT_C^p#g5KIP7+`i|JS?7N#H|<_J%rZFgJVr1%AMq>B+U=H3jq z7m#u##RvW3s9yUlEk2cr0J?N1x$VOcVHB;Q)khsT>J-Z4v+yJpoe<;Ey4>gVH6+5X zSjZ&VBxg(~2Za9fwGb27qWUm3XB%ge-1KW(jKUGcCbp8mH7r@(0mHj1+wO<{AM26i zbhf|l6X*~A<({_v-cNkqn?&`+>%{aeJx$l@WGyawXhw{6haYU4SpLxO$mTxk)Z+R& z@cUd;x=a@KY#jh{pfz0G9TrIvpb{I@Foy-6dkz~p%7d;Q0(|re-6rOwimV8gi53vN zW8w<}t2<{}UyBqHM(a*)Ol)b+zrchJNUys2YpG4v1zRGcL5uB??+)hE{WRnEAkhWo zR7j_ioT#tGN)Dw#=QeZ8YR=$__FnJ?HPC8pea~}XNwG`bm~E+q2#XJx1{$u0)j20X zO;tERoGA12lcQUzV+{JD`BHkhkSceynVn_x+;Bwan`nbg`pa-Vxn`ahkWvJXBp!kM zPY2`n<&L(U^V?6d&Fa&=HQz}II9A#q64*mdZW4xT!mTY6^j7@|Va55%dxAlpC21b8 z#rsRZQ>UCJ{g%@(|EM+N_B7{Hlc#KsK66XRxc;}3g7dz@#&_uU zTOtlWI8@>D#9=42>8an?M%ex_(w{f8#V978E&TrwPmphroMHPaa7**fPkSz(BlhDl z{}}wv)&FSc#lb3g<~C14(TB^ZRotmT9dr}heWM8Nf9s;YpE^f#`7%#jyo`lcEbPJ4 z>9OXYnWAZ+tIcjbz&cU`#o(heQI-9(?jy^>yuji>XO^eeKxa{ zUMAZJo${ySja1qdWY3pYv-|#WmaHt0{=G;M09v?rs0JSE)^@lrHnt-yNsO*HWBA{8 zc0Tf_E-+R87kwf`Tk&eO%ZzUvYz<^b)zK`6R%R&n8}Eks4Wom5TZCiz0BqugGlmW* znwIPeYvR?hDTzV%I5oN)F{?!Vu=%{0<=g)peOgdYVP3$&OjB~)xmrwPoWr_D5<(mi z*F?e|*~bb*l7#@8G0_Hxtykdl=7@yWmHFgwW9V~H-y+3${Y#yZjdX$VB~<>tNAynQ z&>BGzPEt^%fr!T+S>_4>p~uE7TBul~e>Uwf=5*iU&v<}&2`X4cr4dS9DMkY{%OC^^ zW=#H7FozH;Zs>@y25XOnEaP!ZGSs?-mm+NNRd0?rd|F>fTJFBpR{%XwvdSp4Ey-5r zPgV7!O}12ci|2kwmfBlj0cAbGljxJ&UT4FD?`I=hU1c^UEG;?Ep+T)!NC zbvApDQ9tw_7@d%djBg&QBt;!xAqJ9*)_V|Zh zpA(d!eA^=zJy5?lQmvV`7$=h=a_vY{Y{o!|!3r9EVA45KzaI3A7zJUMmi{565o&US z9FS_M@{c1TM0FI8F{UXnrZ?bwx#`&yb$=A!93zXU{SqzNN*(9R zojgB5P3clL{aD@?Aa3h z#fSVZ4{3Gt3!njTHonx-#4U#QX*Xd(QuyeVu=PJJniMlAi zZ{D}*U`AU6c_G0K;l-$`U>1vdRH!?C1^n8WhHqT_Z5HIJ6ef&|5C~O=TtHbi(ET2W zh_Ugx)(H(82n?iw*2Wf~fDDMxA!Bqm-KKHxV40zenL}Z4-~|6QeB3uvIyvq9hGdOb@Uwpc2N0q=VLTe468F0ZiyR?_DU+6 z(9(y23k3{8{0RWM1gX9+VCrGVX_hf%ap!d5Q;Gg-TRZ_oa8@`lEw~7)*8?UTZsJ9` z6Q#`tu#d8L!p`UlGw{g3LlXEhv1$Qcz-i${GKU|75L$v6l0~qIsdG)j+I|>!@(Juk zMPq;d2;WswP-OQ-G+7Mt0o#oX{zhu^4eat@&v?Le!7UNc^qwLGrIORB^c%xEOUq{@ zi9UPp0~StnuTakNdrK3XOI4!Fm{wF=%TPVV;~Rwi6ufUgSZ*f~EWi?6G?>$4sX6Ed zC%635;6eF-0G&nK#8?&^!{i3SCT~HB(b;*uXvqQ31~YT~zTlp>xgis(z4KSFBy1Cd zRl;;noPlN4O?B%ep>c-Z=$WLJK_hkO;7MJJM(e;%ntL1|o-aYdDaO0c-_ge7*zsh> zOEZeV<9aH2m;*%k>jqx$;b{i?FYj5bAVtD9e!K=^o)>{8P0!iRKhHbj(SfEWe_P8# zmF;jD;stl0snCJH#5#G|t7-PMYmR*a>5wKe)gI4jwP-qX5_yoZql691S*7jYei~5us?;KJ}S+as*?vu%jnil&$l_tAE z&DM2$%kCm|ALsVyxjmIVnZ)^A6&d<_JtP`p3yk0=wyLr8CEhQty)hQ0O871~R7BjD z8}%th9F~Ef$?gwpKG4xT^53_*N)vQGylk>rwpbs+Tl@&AGIIKPwc+MH?ZFo@3v$_C zFl${+JSmU~EdQv#h6lUHX7z zL;TBJs@kN-*}pe?l}5X&`9tPD-KiZpiLxh=+}jSr@m1Ua!|L(GcYDpxjbSgRe9Qm4 zk?WL%wJX?jnAGIA`yW)#yDlt)`7zGFmg-8Vx?rO(iGWH5dqD?noN5ttye`sPS$Z<< z7}Q`~I3?e)o^>!;Alp<+mj|?cIV$v*<*X~OG|F(G8cHL3 z;Jw;GK}u9E&U99AvBjLZytakWZr#Sx(M?z*=?+0*ew8i;nB)s{-bN`+o%^%?#E{WS0l!jpcY<-400*W3Yfc3ds8~ zkXcw1&W<>++;H#&86CLR_i>zUl~<-f0uQZo*#LUlw;bd|kktZWJU%TEu^O?+J3mud`EHTuG9wdU&(irDQZ(^=KcMdlxA zczZl?lj6QhZa4I&&=5F}X4Dg)LX11#ddzGMSEAz(w#V{YS9pM<99@22oFYDbZtE5Z zN_DCsli=;eCzCx=oeIWY~7o~w8&0DoOEBjzkY>yw#r@6nZbd3zz@CGPVi*}Rm z;oVNt*mK5<;67i+p@8G>)FL(60j!FSHOaA0t^GfT{wgyO@z7*<2zEZeuEiCl^}0*TWPTwq#Tf#eqQ-EkU&n>a0a! z5)0Ory3)z%3Tc5t7D{idYgz`cm8>qNhq^%MVEWUZ66f&oU7(P2-*hV}7Px}KbCc)r z0dqvg5l=C#M*cxX;|>)rq`SS4P$>_>m!twXO?EIE4Eyj8QaHIG(KV)>oq!{DyPX13 zZ)hQSdZe2I`S1<(drS|1H3YXAUS<-_YZSf{`5@c^iFxwej|sBegS4w|1NWncD99#? zyoZUUS9cJ{PXq!r%w-i;5EktGOBXt=l6t%CWS$%e{#s`0lNgsw+|6Te?#s~Tu(se( z2G>-Iwd`hChR8%#?Ml8wF&eI+r|PD`=9%sBuVfC`coP7A-282%n{6QMqrf5 zqzgz&HdLldW@Um>8-66IY+nD%6lJRn!5@TL`4(9`z_SaK{0~u?gtfIVV76X$BdvTi ztqKMr`zCT$f6dxsY#LtwNh*fVw`e+a7|VL2UMw@f&$h~dS;kyx(5x( zKJ=XKz&;X^j*(SEuDE+M1mS%!hpHM_7Vm8&KjEJ`#@xYjKj3?`#S>FSre{P>(Urm8--cHcAHl#37o4T(x zp>u|=_l>nOZZ7T%V*wD24H0nBVp+I7?|ga<7Ptw$mIwx(ig^xZ|6)a^ zGA(MyMl7yznC*m1zFw{cVz+V2%z55e{tK!sNn6L}grFT+BSmA$A`Pl9oZTcdfrm;o za;_^0W{NSQsCm2nLZCk)|7>O!#xglGLWw)hZy1)7z^F-w;bXsWhJ>nrsrmF3rAhHm z&0l4+7xYV+T7`cR4WT5^b({G2v%>$*ZL)A4tC@^CaXXpl9N>=FUH@vA7<#Ef)51ZU z=~wh6Ra8tmCO|TMZF~ikLk>2P5{vZWQdmsE@?fw0ql!io~Q+RBMhKg9yZvs=qp10qG41(`_n>5JzOb%j^Kj zax1|5?OsoGNHq+(BPiu?%rMg}W<0%U&Jb49_`@T0KPbA>TiH4$&Xf|%4mfa)rl|J! z-(%VtWK>=B`!A|fd}h#Pn2eunyYlQYprVjPVwf<#sY7FRbqBTwV`2nVoZ^Iz83h3Z zKDYHkkke0vlRslpN5Z)tiGdl5EvjSkHoWwI!j<+Kr1$OqiavFJcC(o<3#NI8$e;C^ zh^Qi?Lt9gk0%Hi}GkzV|Vor5$l)z#l_rO7Ymbf=gH`cKhU!a6K>+|aiY#6FkIOH&m z8b-afaswv>Co6#D*fR=YzI|{oHVVeOtaSQ<`NV0VGq81n|7y@{O-bD#dF5q`>se3y zF%8|Ax-4$H?(OH0`IBVG?Z+BOrPA1?P2kk6T7u3jcl&LO+-hY3NFj!;_V#%mt}gD@ zTSQMpJ4U^euMM}1a5Aq|(2GH22fs+OjMm3ke5=y-&tae0az*3UOe~(6?3PcxZO)Is zr%+|5!`vWF96+gqDS=z9fFnuyP}wn57WjVXf+X7JEuOfI1I3MHI9W-T8ZN8_-MFf` zYUE~Iwh)_!1XZzRFbSl4L2B&FM;VYb=Y_L+k{FzG*wC`8wJw-gCws6 zRj+;W!IkdetNqAjipv80IMpbMs9Y>}$H}X|9bnJvH=|DPPF6=AF>p^{&)L(ir8D|h zVZYIz2g_bceAi7j3A`&({9cZ;Q9fT44gj}uzH*`)_wB9RQF{5a6r{02U2R&+ZNS^Rni_3 zuqVd|@^DNJ`Hwo5>$lA&HJZ7fRO#E%@dT)AlqP->;=ZY+4ddPsJ~jZW=asr7c{wR= zXZ6mav`W>!9j6#~lkXb)fxTongAK(B<(1zcZ0eP@_3{4;-TAn}>Pr7N{mxCgw5I&` zu8G7lk7>d0XvzCZE>q02I&L)44);&xPM9eLloRanHbb=yLrlxYeJwCNurT8U73u*I z0FXa4n$L#MVVEzetrr@`5XtLGD~1)*Z-Rwi&_TqsUL_W~`F!hjNBGpY+r214NOiIepCz87VVVx*(-f!`O*3>7j zg6qU4RHM8J@yirS@vd>~4|SU`@6aUdb~yrbwDB`_>)o=OAzi@5UjI2Vs6{l2pA{h! zlVea2|1t8klXEpwWyX)tf)=Xqq!bC)orwy+x==2hOoJ#%-U$p8vH$MR2OVBAkHZhU zdM}!X^u(yXT2_Xch8qMfTU_%cCZQ2w2u-zf!%Km_V(1}JEclLOY)RB$u1p}JEDOT)G;`TkL>*58;*+ za{SuEsz9D}iWv1dihe(&H<&NuFP;2W0VrqEr7Tgou-Q8Ui{P6wzj5GGtxn1|~J8RXfRgWT6$rQxa zq>U}Q&3qH*{liD0ptyO59{(&Y5Wq#>WV*(tDQ7*Ps7JeKJrsB!kPH13tcesYq>Wj~W+Q=D6ie@w2j zbnJiAO35Lt*dn-r;zK#-&AUQ5jWHgoNLtgp4aJfhV%@S#f#xyRLsUyMvB}ZwUW|G2 zTt*_i7<5rTIexYu4nFPiGg(jC>+yW7{!_En8L0OKt7|Kz6~NUyx#vrYLO6a!H0))Y092AnLqICs4O6z6Ldh4g z)LjIqe5-5*(t6TH@oB50tVNmwf<7|9^g+UhrUaW@R%M7y93Kzpg${zBRYvcEb?K)H)=9SnuNi!T@5w zyIS{pEmfHP7)>ahG7*(=__zQ}s6OD4k6(-ApxK!&XV^ZELDT}y3H}QDF^2;|arFrg zIJ0I>9n9}oXQLS$hOtB21YMZVv{QReF4Zw^0CM>b`_{@5M>&ad)#@)kauA@-$Oo@Umg7Yo*3YK|?(4Em8s9K}1=GY~UCRf{O6vZl zut#a3Rqb#8ewaic#{2lkC-f-GagQ)z?4Icb^#sJR#py2=A3S*v(p~2|>l9yZK;G(uvVNKu4P9JuG(;pE$Ku`t2`g-C zeTyjHvx0W@xLMdgdtgcY@#3C>HytFTn@ zB|A`HriS@))SgVASmEr;(k-q`bV27W7iX??o||-rVM2NuY~F4D)VRX-o8TZt^}=u$ zc?z+V&YLR?HN&*SGbeAQZ2XDYx*dP~SScJn=PxlFV#Mu!J+t!3ESI@FqbJmVu`@pw zn%qf}w~i|4_H(vQR$N-XU#Bfkz!a^eAdS(6=3hsEKu*yJD|2+yLRA+LtX(t&Co$X` zPo8CW=9(cp@yjLw-$9z@_-zzq%M}q%4m-JNLL~OigyHK`<^R`#hxfnSA$;-*bL;=i zWkaG83O!Lq5ZtbWFcP#37f1(Ba>s7?+}%4r!x#uB{qJ;vW59DVHAXR zL^VfJ8)=+>_7Q)#2)!ARqS>Pg12t)=m&6#B|M&-SAeu22XaP3FA)Xi;n2^{M`Qu;i zZvkZpyg#grIf#U29o1dMe7R)x1%yww6i&vV;Rj+b?yVQ@ruHNT0tL@`_AWg{BL7}+dUgzm6LLT(*!giux4L%ykFdP68^9!HDDV)+QKfo?G z$oK#s0a;vstqKei-l|<>AlBueSkP?P?A~Ogpwi{CC;gV%aRaEYESdIjANRxIK@0|C zsmh_y0(S;^qq}|#5~%d6vTpKPXh@6w4y8ug4~&e#0^+bA(?fA3C0P@|>x+DU-#RzW zXY{Iqd2av)`={qK2U(4q{VXSyUH5vgTIs)y|768nH=%5tsz3U>+OdrZA#lq-utPTl)L z^m#OC3H>{`Mb*1hj(>ZpFdOFd4kC|)an_&=&aG1=FO%I^JfKV$3^ZtTP8Cb_xJX_NK6ZUxqEo_#5Gc)b zIuFPG!r`yWC5?wH@iMPwd@m21+XRPy2k}{-yWzjss2T6ej5|h9kcHF`(te*(I4T|R z9uXdUqs5h3Gf)pNCDtYJBy%Mzb#zCcJ?K?X44jgog}uHsjx&cC-$F2 zXxYJe0Zgz3VxFn!A8P_;_tb3%bGVUcVe|w8PbGG7cQy0n0}lyV&^wrBy#jIfP|D!! z=J5Rns?u#gIavW?uW7|t_I_>Gx*RB)6i-(_ss`K>jw$GdM_~ODk3`yr#4uwJ6zEqn zpH;?A<_4?9R+h?54o@$If?J^K+R7}`u%~yS0MSkx|QX!RyjSDlA5~&feQM*IgFSB}RGDJPIoRun488d8rx*{7P*Wl7mO< z@xB*<{99iSuA2_KJ@Y^>3aC zo#vmG9dDTMdf+_vL%71$pZa(|_OGzqLC$58`*vzkCk!LjWJP~5evFv1;x{Clc$9(a z$P#MO!9((Z9cRtMFK>m>%6c%?-qOKXyk>e3#@Qo2!unYJ=@C|$@Md|k>v-B<8^N3{ zRSm~QzJV|t%xBUi+n*1Po`H)b1nUn$mm9RH*cb?mWx{)xl(dg*dWb8~`5Ha@p1|MQ znI-Yar7gvA&?(*YEDZ{(!HWNg)aqjSDhk>fZ$-KJ=fSa$32VD;t~#+5avm$ry(AXJ zG*RrWL{t+=rY*6rM1O2Yad$~jkM+gJ3Wvr|;=JXIPRN38iGo)rxwA~s*j)AGJ>;OJ zw+QB+b}bt)+rO>k zuFM+Gy$|6_yNw!ZFd=uV~l@If`MYkKN0AI1!K9{s+C1LCPASnEgF&u zc}lR|t?*d7ze6)Ug`|OvWH|36)H-_B^YbiB6U40a&{IdTV#P>_cnDS7-nZV#l z#780k9`cao-~*r23TIZ)9E4l67Ur|*_EWaFo{^xo>(Yr{(=oND+|Js&O3kA-kXqL)4#b08wmht4jX6+0R|qijQbfA6GZkeVu#&!Y+*s*E*<5b(uy2e% z{-hRk5$?U@RaKs*hiV1o&v?W;GBjX=S zZF$L)ft_luiT=z-WQD&i3OA&@NI+y%Fp`Y}Kmxbk#Qjl$OXhuu$fehiDE6CPGkC_+ z^@OAt!p~}+YhDe!4&dIRqD$DsLK8XXC|wCnuqWCahp$ZaFG}%1y-we6Eo+n@$R%gu zzhtvZ!6ZWy} zBWH=VS<+>pSORYNvDj@sgPirol*eg)cHLbdTZ|&HjgeI2@XAoFKGqMdO)gyPLX_;k zmo6b1m#ep_FQJUfYrarPf!u!6uy1!UQ|m7|Es3pnKWw#WfyS*LcLp2%BQNEKXAEw^ z(8Uv%WV(H!0VC7a_^Y1P&|Yim@@C_=xqS*35-o0UIwg#SSN4shz^*9|gBp6?FJmOW zft)&wnRsl;UzG;(RX@@7Oe0Ozj|#{6K&Hn`@21-T2#kF1AxkKP+Q=kv$4@!&4u2ws zwtT~#JLMU1NGrMRKu~5q5UeiU_d-?{=ODDCzD)<4!kxyFDMPfad2UF2Mq_Uv{AyK0 znTQKw{A@C`YyvxDwVQ7UD<9c7U~n!z*+gp0I~y&T74-yas(jx75P*xAqP5=kHU2$o79-yMbh>OndsR(^(w?vfW65=2L7(I|y z5;05b0oN|^u2t6qpU;pM0D!7&k`7n8(GcKoV#-qh@Q467v_#3Gbq+%b(km05FnQ%i zz-QGi{#5#m?(#pZFhWtHB!h^&`PE-woC_)(sF73+D|Zbphgt&Hfa&6u($MqIlec&A zfKdbhjTe;y4w>Y?MCJ5|t4_iJ)B*pgJ_~HMZf>M@d&A&pmjr(-Fl=2BFd>Wh2e9|g z$)xa0pN(o#Df3rAYWREM^m)REXhck7L5Kw5@{cU!p*+2nS$ZQWi`=}GA}tP4pV~4v zoGI1FbxHNz@97z|BA`~T)6rKu@N2<$5E4vrYhw5Jn&!Kvm3oa!LD`ZpR6Mv_ADm%I zReG2y+1$yfqZ4j7f(eq-sB_GOrhvKXO@rR?(2jDR3RG6N-x(|OHN!XqJ~~ytP~T6O z>yXSkmm~Jx%>7OM$=|in6&mE|utwPS;8j>ccLuBOKdw8$3&>+V7~f%D;+4^8bT4d% zySDy(9l86pj;%K4FP1b|h$xecKX~=ye)Ax~(S-mTL+DFhl;>C_r@}_ssaH~}ALn`u zBIaqJ0g^7YcUWS|S(`ez4P5^m>H1kq~*AzS)>wj<#uz9Xwr7BcU{ zf^^`}eLSH3SW*ITbxcU(h#Cs2oFHJ`_}1Fkb^&1dpd_dv`>ze6Z%9b+M?R7bJ0#Dp!ytu4&uoUB7R|g; z9F4{*EfH*KkM?rnvO_CKW;}jMPD1mh7SXPHB-7;=&QDn^m&7%nv0&JH)2tNyxy`kr zg(x-JMoRe2G0k=OSz)+bKf{vFKv|=$-4-?Sw1<6p#2v(_ODnviKW$fr23mh_kwIKa zT9q0UjCUr0je|(ne6(M%|&xIZKEUOy(N%mFZ#&$&7 zpWmIQq=AC|@{iO5ygJFh(K`<6kd5dr3FORk5D%}A+bL0D6aGfU^h4?NcM5D$PVnhB z>wt;{yYEgH!04l@p>J%f2&&#Lit*{H(ku5_3c`b35I%Ymu@DCpZr0&oVhRM4?XsL9 zHgl)lia&=oGua1nE|)Jv?~Z~u$V7-s^$Qx@Z?OV(SU<6t(BCTN{t9=*Cq0Y~%OjqB%Z?uJt zY(oplpO}Y58&j>fdVQ|*T~ZUY*0CY(K4P<5u|m6E zrJDFgzYxs;>gvbO+vek#d~)9VP2Xo5e8n31wD4GTzoam(29t%h{~(nJk78Sop#1b$ zYl&-`O_tgW)l;J#nM579Km18a7_Dl~n5nl=Yq$8rPXuMj%!3|f?>V|=s;adOj7%Y_ zxEo7G!r>R<7kZiI82&P7YK~oe8Gb}=FV9zG6>$^2?n~S1uIDv+CCj5q?276)*W(!# zdDwu?g4cU+`#9}C*Gy)YSb^-AEBEKf`j6wEZot`bf}L5{4bY@enLmR+jbZku+#n&M z#LiyRo$WAyKO3&as-%R^Dg)^$E2Q(*KrCoh>@^?8?RPUtQOAAejRijUbZPb*)~-IxJ1+*mrB7`Q>M%0aDN7>B7-_Whl3LJfBb5stFT_0S+XXogPsy>D|7Q zwE@oNP4%!Q=DMi#Z-3hkDrK5+biL#>X|fP@-V;P(a{t}@J;p`&rtRfK58DyEn~%Ev z5^5vC$@Tm7MQh_f9iR7~ct5vCpN-1!`Pz4Pee$2S4=R9h2!$)_xH$;dZr+*EfC&TC z!wNzv09f~~oT7XSNR#a+d;E?iYd~Tyz{kz(eQDi>@5Kj6Te`5EJxzHFA;I?`z^Z~g zniK4uQ>cjW81A4?y*_I7XCwsk#|FJ9y%($2Qb=$)$#4QIC@#Ex3-TA4)-RYi9^K)V zCI>k3gG>(FoQp1e(~U?B!7Ibj0Nbcgv6~IH=Av#MsVEHwn1r(_)gj!Hn#6h$sXWH8 z=9E+SLj%Uy6i53@+S4pwU?J64JGLh;>F4nS!Od$eae`hA--^wzCzD^?;p zsX{%1WYwgbWXvmtxrG6#ZkR0E*Xm%JWElVl6(LK2tQZpW8N<6}g-bCyojdO?e zcSuEvf$ID7Ruu8E_hLV->y3EHI1Ro5jtBhfOCcIox=8Z$Dg6EYUx zR9ZTQ0;DNTRu_8&xU%2job_3f*J0&S!`75B-q{*OPa-jJ_m9Bx;+M2C5UXO}>i`KeQ7VLq_% z!3f;i*u!Xl#w#u}-h=HJF2S$-Oa7950!?C(zlyYg%+veylehC;M=@QJ6939_(Ey%^VuNYMs^+pfYO9Aoad5ZmIvZ9yKRKx_6LH!^#L$=~^@uI7 z=3f2(`m*0kx1%ziq$lpa{O{HdlLzDI7SeC^jc4eAdhznl7o(mr7x#8p%;5Sg9@nZo zolT*yk+}fEk13w<+6!JGr;X1@dXya3eX)K>`1gu%*fd&oKlOsV;Yrq5tgv=7QsH@JRKCO>Ob%S5e{&}M6d14sbo%f0U5j>wTES^B>CBrpgPL|aiN|6~VYmN!s_ zCNM ziKpW+J8`DQ8c^U8jGxaI`!ifJh@)BUL$Nv#z0}q^j2ybHwVYuKx&PowBxp722bL5o z3y6+5ak#1|Y*vb*;d`?TO3k3am|1-Y98jU1KsWAlhdpXgcG9qAxL)~7ON%RdEGG&# zMI;#mz;r5!P!Y8K0&`g*H3!sDuZF|@2p@G*cn_5F2nwl%HEiqE?k5TYugu0R0Puog3R0d zeEL@IMjy33ED2G2$lxh%WBh$10oaH?hzti|QtbW2kfRpzm8MAGr?67UTZux1wMepM zjblfURSe+wVKgqPFfy`4$Jx80xRprG|9zSBIl8)SvxC(vvGzWg(t)^8f!ZK z0j3JlL~2d^*z~r9GZFD|yPa3kE2p)Zdmzrw*zY-LRKqm}@l0&80)6I>SBy$ZzX|#+ zKN+LSH|`|aY02OoC#t6<$Un}R6hae%ZpNuur4lVf_gf=Z2Z_-4WhPNmqFLXptv|NA zH8EH-i7j*t3a^Bb;?T{04cP>Hb{sXd zz&!StwRWt9jvFV=+ZxcBCpbA7uz!#bR`2+d31w8jFy=o{%MTA7l3i6I2qCX_Vt-S~@apJJCNFZ7c9Rg){1}JAvW`xBEj?8hH)l zKq9^XXDERWsy51VZ~pk*mS6X(vV&Ziws$kbI+rg9?0ffEZ$Hx@@rl!wEO=4m_KR#5 z^B~C$@sVGH5t(to;L+k;2(Vz?bX=y2N)zjL5%{zwcuvAd=n!mplxRFmo?mU7U%VEI zza0^2KzV+IkIbLRB)9MNeK*~NOZec^8O8kw;qa#O4W`^KflWDGp=|*kh;5 zb?O9T*TakZ-WKLkRr@Q=gf|8Eje+gVLsxrQmh<_@Me*NC2j7KMQsxxo!FmA>U+!8*G{?1co`~s>wcm zOsoSQ3$`Ippa5Iei}QVN3EiRkYB`z*zhk{=z6At2hDO< z?1l+s=qc9BxN(k#(3f!uz5 zcC2D)-(75rzvnjf%ERlN+?kjdV$j}N!X|WP)YPGS1rnB-2V2R(OL$gb4wuxCwxS)RMiHv`nFWoD)tYIOl9YeNg=XF}9l;3iji9`~2BFXR|(EaNN`0 z9wMY!&bg$7T&dI>ckAYQO1pH9hKw^IJe*uOgkso)`cZ(wrcj|minLVyz}Q}+np`M9 z3qM)gN3)61empIK?2cR}S&-T6lN4-IqGw0wzqI~c2#$NA@*gLb zp>JB_a|OShcRo8~_syWwVUC zD#-x`!i>U@2U7Q-B%8ZuVFi)j!68W0O)*Ph$H-d|WNaq}VOr~Vhb6tXI>9>j zQ$--_t67-E0+7VF&=K0XIfmlz37Hv+T$>+^bV61({~4Lh36yNG;_uF)b}K^7$6>`v zhrYoCC*VtXftF+(!sSEl;M_cBED}+kX4h+eU_{Z1u8;y_xoK+ZGtXv*i-4COM z#x90Y#6q~h$>1T2-lQ*+#@a0F;EFWU;9a)I307zvvv>tCebBPaw{d1*xx~*t2R91Y ze0CnYDU=y(Bd#&&;cl9{|795Jl%O(gLGo7-7NKb}BE=~R)mY)fWmMdNDt=O?Yq zTWeX0y$c4iDj$c)VGkA7JV+d6Tj6C<$!xl>e{N@#jXE+qwr<0pgm%_4$#(QCBwS+l zp4B3oAsZD<=p@X_jw-(~(?ArN!_6TdOUIx+UBRX5;9INnsr;Z-c^u3DNlTLicjF!Q zd>CN-?{bP{E_c4Z%>q5moixt4(4fwk<6-)J{&b9#y|hrN=ZcY<=hJ`_lfCNKsm|>= zDZ=>!wT%xK4D^c6?j_I5Mk?Sq<5nTD<5G|%Q?cujvyvMqObLH_W z__vvnxBd5u`7`okj~gD_O8=fU>;J}mw#V_n|9guUnE~X561xZV$~&zR9|CgHUCW(t zI!8|@1b7C5(Rg4~w2nalwMd>ND8f3>C-HQwo#)!Sb@(BeEJ!NFabM7Jx211i^mAEf zy?o8?jCO9Ic3$tyCtizmSeuRV1R7yU;SubaNwQp*C&M5K+<0{u9US+4>rdw1^(?X= zJ>t)-x@*jKE7)Gz46@9~8g@?M=!-tSm{yL7MK20qhmd zD3gz=_l>aaK*vttFNma>RLUTnlXD~W${3DA2f=n246Bv}Oec$65e%R{G)7*X&J*5S zfR=6uRXj5j(DtZIxSp^oQr4mSWF!KSUj%OWemb}CbAT<)l6oUH+4FbxStN%9(uWw? zTe+}axXK(98Or#5a!A7u9lIP<>8>Zkm#Bfob{BT{Trx?F;Z~0eRf`Bs3dM#bRz#si z=7USb-KE9>UQg({(9B5NhVN1I$?YHAdMQE^a=1;sXd8I`!UoQTQZKsd6fa)c3@)Q=wR1n&#=fqR>%aQJ(e znnkGJC$`kr5Z_w;=b^tKXanU_LS>`AAHc+Ncltzpx^Jv2d=3pGu^O0X-$D81uo`?M z6@dMXIs0@G3rSr)DI#r%kh*7k*ocW~=cvzP)!|*?kR36Qnk#31kvuDxL=Bn)74I8tZR`N-6c~L;dwwhRpm)X(r($16CsY-mCp&6(T;Q%58_4^{O|BKy<+V3Gq{)a7pI zJyTHsqLkyfeid!;S-E-?)L^-2EuFzS79AOD;32$&i_6NkOzwhBj(p#t zDv`CeJyg>r)}9rn_I@!4JNn#rD9u%B z_l~W18-L+Y-TtlP>oWBHJ-2H_M8D$D(tg@-mJ*=aAo6;Y;_}<^O$U!9%g|%Vp&WFU zWA$d>c~iMZyzwSir8dBZROhu`kg`&w5~x6|v}a=yvp9Kh6j#Qd8$ z?d#v)si}xlIhCm_L(k60_HI(YvcLQ7O-t1;tgRug+}j>M@1XNY@vJ!3*FEO)xqf&5 zQsiz&v3s#?s85;+89m4BnDNf38hhRUyCCzb@8PSm+irfxUldzdPz{T{ydD|3zl=FiyIjU~6Q^1LTusfNj> z$Hu093y;n){eF(h+O=KP?fc8Kzur21Qh(m&uWU?POuXT|cpX(&iyffObP8YVR{oxE z`qH`B7to}8QRJasAJjEZjz|08;K#Gp)H=Ea(@%!EMtNggN##Dt!Zad7s-!A02bfv^!maH1E@yt2d{t%^?+WenzIwook;M_$2_U6>V z_g6{3F3|8*jw(K&x#e!+)YH>4{=#?LY~-?eqb2@8faiMkQU#6Y&bL_4v0q58dvk=n zWp6yT-l(w0m!%XanglKT;?g(f?^x%zTx}^QN@xCSAYLl%k@S*ag^>6fEZ zuTc49U+p4~;8l=A(@8_k%l-KYjR00$w_Te3s=McKfkJ*Sh5IrFPE3aInzV;)ZtNe+9Xu6QFlG#8eOQ)5#b6vr8H+x zcR*9i?w7EtO34gXRRFALL6B;Xpx_u%P-jG^0HxX}DwSL!uo}ccd(H(@L8%oNFeE>O zmP+Q?%>PP5U{~xaj*W|hZSk_~!4u^;hG-^?cLQ&}N4H!m6Zyh&L^-wTrO6#Njxoq4 z#I^lXf+oC6?wk-~FEC-WPFzvqdd44Fw_mtJx{Q@9F+B!S7R#Tt1I{Q%TEDuvO{)(Vh_`5HYk1&<# zDuH>gNkfp@>_U~39-ro^fG5m%G_0`8=Wm1kyFC@hF`vD# zDDr3ZBr8vF{HHqPp0b=$C((?M++5gw_4Bt_>$jv6uS61P1IO-X$3d|_xxn&wKto5I zyTmja{A}FQkm1j4IijVUu86Z3@*Hi0=OWYL*3bYg?3X@+w&d!UfvI}Q(TRYolj~j{ z5_Nyik;;0i>MyKazOT){QvB|Hbs}T*F}#*eYg0RKLiU_DyksAS%)4^d{zeD9$u4bi z$dBNVclhvaxw$N6JuEGeFgm_mS`J5a-8Q-`!n~;{@jnjgx!%~@4qw0IXx}eeN4TsX z(E(3I4kA61at$9=me^k|Q{I`z>o=_ubr+Mr$h4XN?NyHuV+u64--rk&a=+Z(kbiu; zyD|J=zU<|5HIu8MPf)%8O$T$a;G! zPwp@CIN&$VAVcOO?q(=3@Hf8mDtRw5K$xP9yXvh?q=ll@|2ik0Ufa;ql<&GZaX4Q1 ziBh&u|J*r~WVV<4CGa^92C?aY9Y*L~yzbA_VmxAZ2 zDo`5po06b-tM~G!d}>xwveSbh!Mw)H55z(<`9BFo7bX3$iBqDqyr(R)SSUBAyRey# z2ZUX_9yNb{#uAXU40aw$$o!R5RQ-Ry8`3-;zx{4HMcZ=%(2)< zK!)@YwFN%L9vkOKBua!cm3!p^su`^E$l!;fBAFUI7#c9CY>>*GhxkKwvQI--lnhhC z1)R-KiPAb1o3C^N131yW`qP<>D%W&ZwrBo(ng&d4L1@~WjYjTjeL&mY;-IZBEe33 zOd(80bPxo-^KDA;bh*ix)uaz<=4KXT(ez2g>9v%ZQ_AF@`+2oxB~|2Zt1Y2md2%^u zaxroCoy4T9&eZRp*>|0HkTi)BC~{Ff6#@Halq0F#ter!m?v)a}=n_)%#xi5KP!gzv zenJr~hJy)T+0oD^MD($^;F?(|&FnsVC(0ZbHy*+h~JCxKK2yr!WQ$pS^xzbxX^0h2U zeN1d<>*5(&3xJHNnj=Q8&cs3N&G@g99Ft}O{%!32WAQI&znVNqzIZ!@UMKaf>+D~3 z9sLXNF<2~^c7R4nW;;nHT_b<-#1va84v;4et~&cF~ixOv4H8F@V_HD8FZGi2_#KE6Kwo2^6E zaTB)}%Mt)%kh``Qs@|n3>^YA)?0~t}N#cK5Z=<<>q(6})L+a**l==?6G#m*bZ_s?` znP6s=@q0$yYaGZ@=|s`p@t88#-hXj5eDUBrI;&<9aHucyJ)9{{=J1CY^F0mVC&A@B zFH*_XPsqn9tmoitTpuS07W?^KQKLfp+ja zt~&M_F5XJoZwZw@B8uD$U9mz=-su=?f*ybMw~y4y-$?2F@=qIFy!p-tQ&VNmt~Xt- ztu3W<^gWlEFa8#el`q^S%aH#o1JODP+`|9n?|e!`E${5yoUR+0FMo|Gti9wLEnc23 z@^Dptlu*v4Be{M&d`L3gAes0$RE*#C((H07S3HW%g>U$p31TbGz3aQa`qjamqgd_r zgg89V1<^97hMbF}9EkXJU7N?r)B7RoFGOXyy;!^yE6v)?uW94|FVuW4k3Jij0bcgdFdK-3=e_oJu#N1iR;`x-t2pn0%T7b*;PF_NF2IdJ4YCRUt&vy>J1FUm5+01kvoONZwr-;_o@P&^9>cM}yvrlkoK zeZPO?5f1>nYB9~!4=67IG&_MVL6AYBWg{1>rvcu^Py)($21j>s$uyQeO{Y`O8;#Hk zDiUcH_^RPC$CT~x_M@JTFPPDeX0eiZyib; z=uTbx=1%3K+VtQe&uJG%S6gmMY-^}yYBIS((N|j`Tw_+B{);*@q%eUedg|(sJkOci zDZp}N=A-De_!ww~2DXbMT(B1MJ zG?cn4BDMg*;H9MjGp(>@dac%Mm><%~QV6mmO-ZehCMXCo+m7)JI8g6l0xoIFzy^AC zeC6kh%Fhi>KltA>P^{EAQY<+AWm$RZw- za+l2wwh+Xb043!T_c-$p&gbky_#I)Ki6%C@Mlm@GIfXrr1{)F|RyW(%XYbmXIC!u} zQ9DsoUTW6HmxL8z%@nT`N->5UllQtV%u%eWT6+O+Hdk{p_N2k~Ps>;IetXwP1xfj_ z#PfTr)<4#n0|Qb_4wh+dd?-OW`MuDatd$mn}TvZrWB1ZJ@=1x zL!`-eEszJR8Av_vFZ3-!-e9F2sc=S9-`p${F8TvOv+rq6eC{0zxBfdC!_Zx3Trs;Y z8~m*ICsG4S;@d>J_CtI?Ce9+wmq?|DKU+j6Xa_Tz9<}n)xn8?ZdN14 z@_*^D@QXz1c)wLF57irR&r_n)b}nlV8ZLJ zJ+k(v!Knkexdy$(Qw=wsvSYv+|@RmSo?kD!O(r!bApECsAuWd5xGQd zPUl2UfCY~--!6JUqexZr{&L+!pC|L%{dI`N-5sm===&~r+>4zMT5Oqie?K#$tT33t zE{HLauikmn2QrcAdi;%Lo2fY>KFeD?_iM}$?#^KK`Ke|-_cW&be?V&p*Z71qpWEK&?SY#IoJHMOp9rqm9 zF6NdnJW z5rr(|efKhKxZM2$TAvg6e*nTjJ-??ckTjwkSL>MsfU7j0(66oD=CydrERVhF7YQ}GYVj{Z1c3Z5{%vf5?=OAFS$%4fCjkHm+Xs| z1N9`?D1c!K;Mfk)&_CMGdF?rGm=Fv@ek!ji`jmEfgRG8FSlTLirE+ zNgYebQ=v!8F#B%&)2+DypPI6qYLz4t80*y_i6QZj@GMsT3h8M3BoJuND7ixPrt%!e zjkar|VEw_Gn>$0?Eu1&E^rB}$uUp0#LR$8^4J-u>ST}^xzUpVCChZH&WlXp%`36GM zv4w)jTYQd8s$aJMG`O%O%*&#UgP! zG%}dF63RvS2_ek;j0YX!NRX=YgbvY8&y~<|Wi#!3M8W|gLvJbprcb2pH%T+Semt)S zStWSqVXKlJ3~K6P9P#Rc1nB4>#D+1b2Vmw$^j6*#i{^*8=#m6w8SVxK z#fVAH34N=1bZJ|d0d-^3xTHw0Brl6HLR{!sBQYqMZunWkq|lKwqf5ev{Ns8_By&uu zzs#vz?>s5_tt~h{C3)JFgYVj-a~Xf~#9eZ|i!vmH>|YNtIFJ<&LB@f^a_oYzOD;B9g+3Fnd9!~Ye|)5CK0_|t zL{6+ycEtPRH#t-z9sFXx7Pp#*h@ZEd$qlm_j~M?)d=x_FS&!cf8=5S)>t(}s!YSX( z`@3HKlDz9>arUR)hj+|1?wrj4vF&~xXzwzjC)7$gy$A31T z{p0^4x9ga{-K^j3N|2#9^Rfj(3={djl$NV}H zHM`@fb64A@c5_er!?3KcpZM-_37$!x{?D_M6Y0EPToL)7z3*dE-9?16xxMM-|2#|5 z`2DKiUmII`%VBpAfxo}*PaY~eLSELl&0hm`qGt2&!+Hzq8mMdFKGJ|Usy>+%tZ|>q zEiPN`z`-8;llPX}zj};Rhdj?0K#uc0N8sgCd%X<=#NHqagxCcjB{K3R9A9TP|TOkR>fFfEXFnPi`?OT9>F zcoQa6oHSlV39N8NmOSwVpqZ~hP%j7&zzaSn0ULr5?x0dWrRQlc;zxdP0SQi7jfbSE zhAaqlhXK%Dq8vyRK#)SvV7^{G6!!ONd?IapLU0&qA`4| zo{m$WH;WP_34`K$RTjFma{Hr$#@VTg68Z49(8Gp0Lv>Ma1He)H2*3k0g8Y&@Mvo!u zZ19P_V2jVwG%j{TTLw8kL>Sc|p)gG?8vtJrMd)n~;X+-2;$8?NiJXuCv~voN2A{f{ zIkg*i|E6KQ5Fi0Y2pvh1Tl!P23d$sohR_cp1BzK)iMq8VJu7_LFDM@e%$b~c5@MjW zr6UA@NrY{0yv$M#BmsKRJS7qI?&;|woT+yJ!U-=6z@;R>5}q1wxoTyW-&Q{Y`Vf!U zW|g-GK_~<p$kNu$cxvaj@Nq7S)B>D_u6yiefmUd*6V38m-;ilUh zh)DI9kVN}Vp4AbnEa=m4BMAuS2t&O_Al3})GD+`xLgx%+Q;v4Y7VJ$DK@YSB`a@5y zRRB@T7($mz7tW=95P*7nSv-Tk36=Lj?igmc#&_lfZ9vZ_Lp>y;B&j4{gzE<~yXvh(H; zoHyQFdE;zF5?wd*hq%>92S3+9y~$i_+bRD&g}k;KNuQYt6ySBPn+6y2}ya~tk3P9wE22$!+bg~dBWZqE4gsykBNod zYWa0$cHil3Q@gn*{h_z#(I5LlF>I^08PZn^G2DCCowK{9znTY_JN1&i`0C#mJ&9^L zh1`FBjeMMGyZh?f=Bt4^QM38>U0w3J2I?BPk2R2x3&|92xCIAN2^C@Dt-Hve0;PEe z?3qLom>iHDZxwEfeUj?gmc{*Mp2&HvfZZKFp_>wP`ZN=e;yH%J2yUv}D3Ahvr(ADX z6W)}nIZ;M{69uk59o0j`>m+<~jfHWuZn@N!O@hU9C@zxe_2Uy~&lg0RAH{R?w3`o} zn+QbanVQlL!D0Xwgo`;m%)es7TQ43Vq@x{R(+LTp8}^t_gC%@;Vypy+ zk*B~w*8qp9Nn|IiDnt>W$ND8`^s*2%2NcsMO%s4Ep3qC^=s956fxtzOVUCRI`YQ2m zJHVxl_T7B*%^{4`qhSfY3xEWXW#r_#)maKkYg^)OQZ=Bc0$1bq@PB2PhflG##jp1@OvNv5q#+en@q%jLxm^fpq~ zu3cNENn~<6;8dVy_>5jV0@E(SbD9C@=E)ch=>g$`&Rg-qFv+ywcm8~=k+PM^cPq2s z;)%mP2|0D)O`~=piGjpPPO2$+o_TQ;NlyXwVm=HyC4H0dA+GZT`^gY8!*4bKcJv%_ zMW+=jR}gBpMLZa+JDwWqfSXXkxnS2EIEL3u1FE4d0ollCJ&ZneD8X5IB>`?b0h@$& zYzGh*yuQnd96#InFlA;nX+K2XPsE-7Up=O4Bc+=m_yJ21eY>6EE zM$*sm+e^4my96tBJ5D4yBrlS9SUo}#>7_9-#(czef*@r|m>}M1^a`uInc$eQO2PB+ zfLekcGaf0^@F2+!`)w{Ds;3h&Wr#i+b>iR`#j86*@APKt=X~wC6}y zK-OsU_LFUuWFEy^$@Vug&PKVupH;7%4=u;Us*+JomQ4^15*u!kgcIF{CK@_edAfyk zg8Uj`)hKPYkuata${)m5S|!vd!@Nj_I5`KSX}nBGyiIN#y;qdirRC>H{?JZm0YkH# zD;-0UasnvB4<-C8!C6g0xSNp2Y2+u(O_rA*>Kmdg#wq8!VqV{j7lecf9(LoL9@EBRTV>4<1#XK=NX9 zuKe`kUzKxS{JQe!M^t3arB_ts$Rl>Tqps^`JX=OC{mv|4PoaP1&-D<`Zr?rWz2zy7 z+5IlhuGP82wyW-R&iN!?R$f%-CWPfz>UCP(i0dfuf~;^#;2w#ywm`E<#Q z2hDCXWZOMyvnwvSIkq?6w7FBy{6Ti@y#3Z2AG*`$P3`8M^oR0G(ikpx+#CNT-b?EB zJs54n>Z=UsY5zCU!wZSJ(c{$=yjK=t2j z^OU_VbzK8>4b(MopK3sF818s;1I>MIz(+-H!;h6Ws+((v4fRLn%AgS5B7~Fsh zh+ST>oA--h_&>aGY^YoeF-Z-G#bHGr^>mnG5cZn2{H}c4&$AYp+(0GZ^ zzz~8K!H(d=diiYG5-*;l+zOk#30^}PdY%|2(`*A;^!VW%ZtRnYQ+W}D)ACeY+4F>! z8~1Sl0=M+3C;2rfLvNH0K#*m5)2jE7Ap>61NL~hIou)v6hlzmQ1T=a?NHXcM;0?I| zEa6YcB9PbPU}U@s?Qyjoy^#b-f-Xz2P3qXNiXp(A$wu`+2!R7g68(*haz5ZBbt2a& zVLTE_0wR%E5OclP zm9US|QS>`ZUrHwE=>VW@hKOo}u$fGMs4H!POJe`@8FlK_vCTGknE*uR&uuMRty)yJ z+X|8}x%aswC*n8jvX?%n8_BR+oar&~s!AJJJRuX7vth)`QJ~ z2MN;y0F?xjgwpFtuc--anL;6#2w_7xEqEq5mL1!(Nx?ZDFDP|{tP*$*S#93Faz>XF zaW2L3t2r6{I){v#8JOdGNIExZNE##>gG zZC5Reh-Z+)#Jn`M?PDYy*8AhN2R$oLch{;O>!_uX~dtwXHT_IX?qn7kWM`1Yx(THn*5vE$*k^Yk~r7ee*t;cfZC7# zBlMn_HxJ}Sn>%+AQUI36E5gCcyqWiWZc+lP0I^)>cQ=aRhM2nemDupdYiD-kTK9S5 z=jIK0?#216hlaO3f+aUaP+ozW06_t3Kb|Kb_q$KSvsx6##cs|10bnVH;KMr110f(4 zNB~hRzIvLA2asVvk_G|Vv`@g61gn4vL819t^uTHKGhoNIR4WM~BcM)VBHk%f2<<`D z5>cKe`C$^$3MA^Kp=-Xt%@dMT82r;bWvBq50RYw^0N?;&1cEF!z$$ zz@niiHohaqfbJ=#{)Z zc!>z|1)FZJ+$HeRW?Uj$St0|nO-Gk{OjX_)V|WO~CTOF=8uDOuE>E46lL8u%!6j(O z2QmVn&Za!bAXug2(Su~0_ELGC*u&LRe6B?f0ieeuwj}W+Jr*unl$YUty6?Y+tQqW6McPwTl(pgtGi zFiL)(W@J#e+M#4=Jh-q?2}|w4&6ULBcZAMN9IXA8DZFX?E+NRc!q6g{o)TNkUr^>y z$IXP%2n-C(@!VE`xbuR&Y}lcMiQX-?%bW7WcqXmwTTi>S8NfQ@K|-PxGNA$4BsU}+ zY_qHS$b~4O^N3^2#JuiNM-ny7jd);Dk9M>O@0l)$KbNhSfL12os}M-%7{`iah52Es zoIi%pN$zMF?U1&5tOWd1c5(nA_W%ikN6@1qH1i8(8kRUoze}X3H^YCbxeHQ)98H1^ z+n{HX_NeEWUL~UfK#aGy0pgPOI>*`%%0HEU?xkIoZd9UWs7Ho5_EOCcRk$5G<{CXs z9Oup%zBKtZ#=C@A8zFy=6f7$9YgLanBFTY#=*js_ozUF$k0DB9tPUr!BGsW?LOp;u(>Hgcc!xKipZ)lIn z@gIVR!|$)Zshk3VlF%Xu*`xo>~J7*_I@R~(!M zT=j?R;|24`jg~NWEJ(ZzV}Bq1{8#a4c<3zoBFXThUtW;}wY89-IjmIY<~8p;;>G#w zpOuR%(nMlsOTwnKumAkcxwA`A|LL~X<(ljMl=}C4*qxV9e&Ms8Qr`R7uasvW{n|Ha|b_l-{gFGHcOX3`zenvSN`t0;tEu5|9a^2^ZpW+oqjp1 zZ$0TnMIAQJM)}`O&xp0OR?|P*)X-;XX?*|{E@7XSWymFle#BumJBk4>nlI_ zaoO+S*On(dYS$1v=KXPd)FY}eq+Bih-I=rg1#RK<$Qpz=N*b0`5cf0AoPA3F)em>X#Y(5&O6E&Mp zU)3e8YoM-y`&k1`03N}K-W2+-2#&o;mL!p6@n#!{lbc?Fm-p4;$AI|S4YvC{$Gdm7 zcuu&l!q}W&ks=`(xHvcA91qb0_!11p^MUInU@Xm-$E~Nf>HVT00w+lz!KL3lFQ5k? zB1O|M0|NCzkw39bZjuMerdZY)Qb{m_e8Lmu^Qry_ZuTgJn|#2dPprAdr@R7N!58UK z07QUyWEX^1V6Ku^9a&$9Cd&{YAWsuz*e2^2tiudZmiZP0dU^x6gf^8RqfeL3NZ;y}}*s^UmABxFWtD#Ya zH%&JH*a73yBqeSmDYIp^rcba%eqzI_7`^DV(9=!m7yagU?Scydz><~#Q}pkcG4w`K zNLwAT{n+tT1H=V77^FY-hA@wfo<1%kE&)j4m^nF^@Cr%@4h@XGQobQ=dUFW46S9M? zik%aBh_1~B-Hj(qM~6$NBMbGaAKNUkW8zlx)ieYC9i*Nk0q9CmQxwz*(6-N9u}OP$ zMKOt?mdrX`8fQD_p|AzsR6E+qR!&#A69+J~NpA#Aio$MzUH z@`<`$G7?|T6MEF8eaNr=v^zt+CK?#GoHIt-M+}kVrwy{Og-}Qd7U!gpMZCL;966k^ z-*G&1$WP?_iw#I5n(%mlHW}jNxTy$M?MDKoB0MCJLX_K7u9LuUZqhr&P_hR4m)+>t zRh>-IjvYy`(XNF3X>ZnP+i8#GO{-_l$#|v>l4pi6Cb_rlRr=btI45bz{7{BoY%T*o zjZT$S(hP<2VvIY^sAD4GO)T3^-%I?ddsp+*gQ1vEmsXOtB}*ZKOZU|CO;p z84e3`>9_)w`Gu@&jCrpK0?6`hkK@%onFGORvi1@GkKB)&gyb0?KQ=4+y#2(_&q|^P z!6!&2>;FJ=Fn#AUA1H^u?YJ!2?XumHI|n~)KUNPqB1 zPAaZkRNGcA!{Y*?=16kWRP%5t^GU?)_JXH8q3p7e7m49RF3J5?!dH%%S%K_QkK4$M0ErRc&e~wq4@Ud|tKf;+c@IT3at=xpudN zwAD$PnwmDNckaFTk6z#E8mMcau7SD+{;CFkcF7fhI&QdSX4t%Uo+UQ8ffWQw3~&z& zxbaCRANk`y@r2KCjZjEH;1k=N&u320&9gU|mK>i3uCr{xFuxSYH5{BYTnKRCK0RP+ zL{9QUaE>7Z*5xs;5im%?gizpnK(%tS->0MjG?W{cciROh$T@jOmdF9<*4=)48772f zlqcqfT)0g45aB+H7P34x0Hg<^!f+mw*hCb0msof{bF8|DdbWIcAR5DU~9r+Ly)vFL1&WVB3BY0 zQyv9i7?pRFV?uohmZ>~rimxdzt7%c5vgoB_7|sCR8EaUj=vHjzruBp6w)F$$T9*FR z6G3xcKvL;m$UlLtx^vt)UL60D4&x9|Es$y2RgEZX<=SEFK13#+TO$}FGJ)| zPC~Je%6Tj+S=sH%$w`iFm%ZmTM z4hb)H7~!-V?8*ek4kg2mJhc-N&$+-Q?e$c0l{xhysWm|#_~c%@(Nj$YI(J!)a%ji) zr&}+e%Dz%2=P2iAiQ@o&+9WA1DJ7XM!CZyKHA04wbeQtT@Q`VRNRb9lpF7;C$J|d6 zSyN#AE^l73KGlAnHG&0P7` zBM(hm?$1BYnYR!kVkpdFJZK~#{?g|0HRP3f(5hu==U+PKFYPlwljFv*_rKY){5Eo~ zV$~?U{oGt$TpPbDnK!P_Wu-TeA8M;*i{nAE@v*!6+{fH@Bc3oT@a)-`#JIa_YRCM) zcIJPbpYWxfw%sy%a6I<&zhbL>4=g)wy=6J?^lJI@+BN^vcfD=&c$rWCZJZ2v#|gC+B+Y<;s%mrK2sl2vt91!M;N`CffxZvD&8AjG3c;z$+8Nr-hEme4mo*jTK zNdz(>>4jtN4neTwhMp)$nX>Evi9*|~XF(UA~87eh2Q;GLm8 z_x8*SS>pBWtzDGBZvNx&N1JDYLLwL}>EG4W5 ziJ%slaBazzdaJZ?UYTwuw2K6~_9t!B7Ch!A07g8{5uDQ|>{;8!Fd|0joGk4(Wa5&~fY=4p!Bn zjT7RBj!=JO5OBBQ!9r%BkP!ks0lValK$@?Sxeek{fRfM{%5?ecPRAayPvS8m@i9SS zSrcAM=op6PTp~GS+s(7$_iAbKs;!2*4bhibJ&N{wP383hNr3R$o+Ow19FtTI@Hf0o zG8Iw+ouEKSIqZstYCn<`k`XTDY{(ByN%`8m1cml)cwZCpYE#pWOFU*IZ~7qPBpK~< z`$f`)Gom|58n2Ic3psEkF(iWYP^ngXV_Z<4=U8q+qR@@D&x}F76qirOHmP4S1S_W> z@Sx+zb{kSC0b*_=%kezhHR~Zlzo~oeL-JzUd4ut0|49(Xn~?WW`q~gBPRm?qe+)71 zJ7|yIS5qVCfp+N;)Y4STXH)fKmB)tmpaYa0Ih|AV%2IFYSJ|A~X#)G9UP$7s4H#b5 zNEp-fB+1a3FPjKWidQ2#(%vOrl6V_Z2r;Px62@bgw>oQKdGBewjwG@SWt1@XLhCZ0 zm|l0*A)zyFoz(BRG_iYaxpF;?+_V=xfV4>ou*!=lhwj%ujzPUveBIrqx53692X}Yw z#>Z-;%EtTtC!bxS+tVfyyT z?=1`G&k4Eo(zm=nAvi~E6ykMv<=m5F5`~gMcemNs5^eYP_MVfzSgyJDhVsMDf25e) zc?iPly`T7UNSe34?4WyOM|Wj6f2}_ZN!m0lY5T2K+}lmAm%kZkz}t)ZR@XpX19c75 zHE<6!AZYNWf%|lBmUEw<8*493BGKHCyPun4PV)R5<4)Y`yvg>-wE)wNz13$y1IMNX z*}3ty*iZ^N&(9Jf!ZY5uS@uaTH}+f?0)l;Ldy8$=0wt67N}7m&JtyTNo1i5i zhns$H@=g9(6(Xr&$O`pwfuFtkcN272u7IPJ8+og=eqRlfhL%)b2UTbVKoB6%!c+P- zZuTXfTnWW<1ww*r)1KI7+oW9l&CC2T6UY_M6Fihc!blu(qEv%`K{<5kH(X|n+%W>5 z5M%%=J$Veb5O}4H5IpKcK$De-P)1f{VZR&@|rcP0|@8gQKQ!enLyJb`_6nA3131Ey=nX`8DmI=J#Es| zF~E7+Hi;gn)5N_)gvI!Dzk`;K;Q=v98|;VHNprK{*@8^;K$%jW*cm{KvgF0omU@|x z+@WvOnWT_)2gvu3vx9xE6f-c;AMX*#2WgNA$e{t+ZYSw!BtYxH6G1NpbB#!>NO)N2 zIQ=SkA8mkW;yim%o6-K7CiK3M)Tq3oIE35)Q7RTNn#;qsdXA)}#EpZ?G7JgPgGXIY z3c9He%jMh(G}<2fM6WeTE4_{|0-rW-?p}&mw9Ro z_0SsvPYzysOU=cb$Z!`)k_iaB5Erl%jt9vG^`5apo!Xd00ir~gl7#|f!vf7mG7R{g zhP+v`p+EMiEw}Sz-FA)Ae)~egLgFAvsgZk+SQJ*H6tGLvm5Obyz#D3_sEiMtK>EX#W^$SeuX1zjTfvj1rdCX&uTe*%Puxo25KD zup(&eTQ=LR*I*;796A0Q(3?McN->IfIZrSz@LfC6d(3&G*^o7KC}E?mTCVyXZ?wO# zDXx)mb4-pwG&yfbh8Q|#S?X6(XUaLO!4=6Qb*lPYX)PgEcxjC>AH{=`YpIgesR%`L zoTIzeW)c|V@uc2OBy5?Z*o)qI$}L%AzZepTO8Be?72}6FvYQY@^*cW5oaS6t_2G!~ zA9C28E}QPS8yx01<5$92y;kFc8aPQ$9K-jxJPGc*=dc16?Uev?Uk3@d<29!a(QOmt z<#-e1G;MRdO4!x62et+z72bTv^UJZH`EptGxMwHa$Q&tdA9}+p%2OY^#{*IUN4@Gr zWq`glI|Scdzp#~b&Q?+&k_ zywn3|@m=ub6I#o*PA`kFD8p5L z1YkaG7tqWl_resywE|xBY!UdG^FqL7ZVZ9^u&X?AjZ4$&4Pd(iuy{8gk0BOXY*-oDI3TURewou}_E1)nY%hUoeG$e6I9u z-j;T}deocbk_fGV1k0|DG&SY&#O8Xz8=$L~m4hmhrvc)piyS?TBNg$Gq|fL@KqfdH z8zoUIM4O)_-&{574#G(rtvm~=d?Qkj<_LjQBH`~8vKd~~)FO=`NUUTP{0egQe6k&S z<&1~4k*KIh8SPMONw^r^5ex;&fwIdi?V6Ivo6VdB*`j!fR{8%S(NR#wOx_}CZ#p(%X3HZ&M+(r>Erd_ zIqIp0K9!7e3{Ol}wmUJd*9-lE9zvRMl?j?1BW(zn94F|F8q0MnZYaWZBpn(_^etimJJM+idNXsDaz zSiT{2&Vrc>B*f6MV_4lep8E$zA%jTPOnpiny@=bExo}E zGjksFD4iQ`rfPY5iE`&T$*(GhiXmmqj2Zhg<7s9NoggW*d1h8)?~T;Cm^n@P;xVO7 zLPSa4WIkaWO7Qs`ZyNe&1Y*&Z-t@G}{~j_FCsYs>+RygE6r^;0d*Ex}m?K|W_TT4G z<@-OqsH`U;?ZbB5w(P|UT03sN@&ViUr_W?Ox{r z+xU9J{%$o;Cu;s~yQVH!T?2Iu{Jm+Qk!5#vFE_UfclF%7bK}oVGk@5@JAg|dlEeHB zp}~7CUrOB9In_&i;_msLobV44j(Q!CIUr0>5&~uhBzn4F!kc(+&YM83Asi@7z&xp7 z0v}{ymG5|02-E}wARquXvI{VgPr^vRBG?c>1=Lc3-Z#qF#Ako3&MmU!Q?)XQPv$G~ z19>UlRgWYHBqJtAT9 zJ%W7z2?10)FF>*SmKcIw39->i=tPpn;`t%5(gCP5q-u<()RI7Y=15L?ot{W8iwiO; zU63ax7fpy73fVyD3zu;o`>5NtxP-JzJ)2i&Xj}qFV2NA+nNHaQ$_yBUq%n8JB7l*r z@R(Fq;Hf2;lu_NNcl%i|n0}|PeA3NM$e|gJ1my5qy-zBeURm zEMPLk4HTP1+B9I)ely%89!99tJ|D(wsGqzsx^g!YqLKVK0gN2SE+lwbNYqO*9b~Hj zr}=osN4qEi(n}Btm=4(G{6^Ys8zd0CRzs;m%>cA^7-&;DB%>M#!%)XUaP3Q?M{=M+ zq7889Ijs;%mS?ya&8LlwG31UX3*Jw_Qrc@S4f@qEB*-{zSDE;OElFx3mt`Q#7#=C+ zSrA}cbk!frZ~k~=S-Z~sI^;khl*#-MifKraVIAiFXu_xrK~hJ9=r!%d-n7Y(0QA!U z`qy>@!yR31rGK0iumJnb5CxpZR)KH{B17dWg2NCZ2tV|uH-d6Y5KTc?3YZN$>!6;N zPTPiu1?Nii#2X3yG$50Dh*D^qI`=w>vu5<_u$KlE%)9cH`CxRPb7^Xm{I-s}R5fG* z^$bi7mmbO*qYWEe#+|x4@E93{(1_;=b~g%%)lV{BLkuM<=97ELaGgQI7#r}I(qtV+ z=1>|U%+J2hwKH>#w1~2smq`K=;n8bFigdPhV`q|Jc))R93*H*=4e>1Lfz&X}NZW`9 z47%#X?mS=ONw1GiLg0FPI~h|gWq>5x6L?8Ubdg$_vB9$Oga{cTm^r{X3fnRVk1|O9 zNV41ajo74fvx$L~-?=BmTE;djTR}!RUrNFaN%lZo+Mk-eI?4je&Ok};j_=n6Tk z&;D=>^iyvu{aJM#V}PGw+GmnyZM(CJyiX`IUP-j46S=68zL%WE8wpRY|IgmN^=h_l z=Usp2`B<~6*4iiAA&Eh_W#NPJy_Fnt2RvqX0$p6Y8JfpSN5zm*E zNl2lI7m;Q|=Jfn+_wJ@&o|O_S%e|#NJc0g|U;4$(+t*(;9=cY)EMqWlnc5@#&737! z@#%5iip`Ve4q;wtB0a|jJw;?zrqMM2Kj^FGc!b){O4Ou{e=!bQoByNRoBxZ@>R0gBQu5JAJ*T72D{QURPD&eYuRRcdK8n9?x!b<{LEtZ2>EsTStE%Xrq z{hEcpe*h7{^ruI_V88&R)3M~H>9=xP&F{7lZjE2G%%I%4$Ndg~-=f`OU$SBVaCSXW ze$Td?p85u)hZGPb7VH-NK)xc?Gi8y(-F@dRLPog>ygBWm7VV@E&Leqb@{eZ~T>*gr=ktWIf7m^z%MarGEaCpS+##c21&4;V5H6 zwTB*rYuOH5M;bFoCZS4cpwADRcO@--ep3HOG|0zfybXz)BF@j-20YS`=ZB=Xz_z?G z2o;H6u8bpPMhGAU5CA-rgtgJT?W?~L30Ut%8g?z4x_Qdut7mu*No0Lg-xx?pl)Z!9 z&5vHa&Xef<=H#)hkRAi@_33T(*hR@0d-J{>gX)jn{r5w%NszlF&yLJ0^oyN5bgx9Y z+RQ_Qx0$1ZcZ>PwJiB-vNy_HrjUk)4OyAhC%iJod z?nT7ZL3&C_V{2oa=}vgsR^=IILI#cd@s6p@Y#Pz*+<8O~VrufgG%m;6t9G44{2_yl zsnhyD1x@|JuSVWvM)(|eA2LTGWnq=-aLoS^k!$Dane2X+{6)>u&3o=cAnrF75Il%Q zvfBA7Md|YH$?Hg{Tz{@38ebQJXBg_%s?=iJDKN=e3qq1FHtU1{#pW6NxZy z?_0>rv*9Ir^i8c>z*b-S%Yy_#(2_R*I=G`d`q~jV?YD*WR&Rh60DQX#h2roA-{G6Z zK0rL6x6fOFJ)kG&o>}<253upZ6A)F3H@@By19_gW^jWk|*hLF>Acsdxr>n#7J|xe0 zdsH?-r)`~=zrwu$MRzTsG|I2Z1GKyUeZa9`lj<$JB5(izYXPqz;Y%O_zz{_;KtUCE zwF7_yh8^RD(`UQcYy~{DDXh~^$z%f)$QVHXp*Pz?RXnF1mw{USBGD&MKmEWfrssuF z2`g}r$D3{;H^R_f2f8jwc#1?=$dA3vi|5aKD;-D=Onvq0%VqoOz^Ggr$AQRS{Pwpt zzxWH^m_)OZ20t80LK@&o&%&GR>O*c@SdV8)1b{c+N84?4oDTnCxLmqQ3G~3Lfycr^ z)FewCxBua-H*(C@&&UxW4El=q$X;XuPnPSz|6||@u|v;$JvXh*5OUB;N0B7yeRF@f zx#OvjoVO)my?ou;=!whE~kI;I_f!c zJGQhvLSuUXVPwq?@@es+s<6#Y?YwByZ^?>zC{6fU`a$452E^;w=rv#O^zZ(hCKyotOV@1)x6zLUzPPoO{bm}Q2{dVP5wp;hjj zJlQU?ozDXCztoO2yfKifJfqAt_t_8+qStTot{Jix`H_cO{c;|$iI@^Lc$Gah$_%b- zI@t6k{Srtw~?jUq8*JE5{&mv zo}HlxY12^ zh#p1eTxOrBDAtmgtl$f5yV17_0QqqLV}z=J6`7O zb_E+ECEG(J^7`R@goJxGWLV_chxu%)zT!p58_Aq&YwydMN7_ZLK9eg3S;*5z`!*5Q z8ROWRc^lD3CWP7$jD0pojC|Rm|3k*ZsL%Qb*>hHVjAy&PA=qaps+8^jjAc|;1v|?g zg{<1O?`^w2t;ec?RRgOARtUwaZ zI~LD^dF$Fj-cC0A)d%DVMH)ad;R4YkA4FFkl0>)#naAq@icAv-6#$+$10eN5jLm5T z$z_1_eZcRqx5!-i9|Exh6l)`we=hm-=*$uQxxs1-^u>^d>zykGGE}H^ZO%bH5k}TDJOCCxE&CSvgy(!~OJ1m#Jw0 zEh2y?%SrMJ!5T8Id$rra+eO0PA^mt2^q{iPVZgPwKa~r_S>xQr2xm(pA^q7mkGdy9m(Bt@8QH zm*X`<--smTn>Q}=$hk=7cZIVZX1lyoKKtg`=3A9@`r>3{=RspzXnBmxCF3y@8M*Az zmKR4kUEaNYSHI`|adkfZJ^65uFST=W?NlB@hwevE2hQIIfkz^^5pS5W_XgnZeFv=4UyMk>%SpvMC+NXpTuqk2YF-uw7ULvo zD+elP{6)3uyp+x{B{WM1804eD+X)=>)jNBlSomamX|rHDR26PNu3%1^M^bkY1uAY3 z-L;e~w`c0Nvk08EHU4@KueB5phE3ZfE81LEX6<<|vabf?jXbKTAJ@n$I2OVF?z;~u z%{=m7?pauF{Tgh1XmBu}?fGwc@Bg3ck1!o@B>L~y;I**1fRrqcFHadq_h$z2_dpWu zCg1C}t0mYkOuu)eeCu(~)3?s$M@O%bAEa)27}#r1Ng=eDa3CrYa3gYeffOKET5B9fzdj7 zqjiEhWdA5jUT9dt{f%Mr(bs?CPQ<>H)YgyRajvE>|51hbwEI%MwjDXI(pRIXdSAVm zpPBT6&eb5gm;U}4VY<%R;zLhkZFfHEMs&B z2OErkNf~=*9ucr~s!c<{jI$yCMJ*^G1s)+uzw_E$g{Dg}Wu~cRYKfiTkp6ZtuV?01 zU(G~_@g~UFM1Jn0?;ZjXE`0fSCgRJh1V{ z4HpEKrib~!VWcJfeJ`1bTa~Bo)jD_sPw-@y0?=CxV|)QSTj3_)$HWFp_XpOKM9xKo z0xMBM$|^vZ`S9V^9xWAoI*?^{*LmXHbzLL|OJ)`Gc-58Fp&H_3-<(r@*I6f@24mdKWFl5Bf@k$J?@BBphDyOpN#0eD{}?_07f8 zJgSkgVD6`b3P!HQ_!ua(TeaK;?re~&e@WdF%>wZij`-4KA)teEE4Y~_o1tVFEMf?z z&Rd852i4ks`>h|W*E*Ipg8!g>M12#3cN+NiQn$M7*0#B^W*piXP<>X4-bE# zQj#mLVLyQWoZo%v4E~F~2_Bp6v~DwZA*lK`L#X3AOe*vGX|Ig7p1Ph-?k*NLyGSP@ZO2&_` z(O3B+pfZZ$dXy*76hGPJ$m4O;GDb@BchO0%edwX2ZkQOB`!_wF5}re>i$JpH!Z#lz z*VB!W(HL3T)aSxc z;bAw@$P*}DP7fTCN7DHoJ%`30n?NWQ!6rHP7$tmsPI(LjK;b95Pr=7;$1MmHR{b8X zIM<2zabFNBEb^wS=<4JO6;PpHR+oF1mH^)0}2A# zNU7ijOU|V-OR_Jh)x4Zo5-wH~g%2SJpzy^|AxDn`oP56~GMRb0k(8-D??LrCq@jI3 z=g=Ia#_6;~IK%AG7}yB5=DROp!e}Us%HK@6wWa%WT>{ohJZ|xi=ZW7L3)td0iap(v zD0tn#R#QKe17^_)ta5H3^5q_?Z_qMTza&XQ0qet_0*6NSy7-yeG#3C;sXc%2WFOqZ zkzQ>Mua4=&gP;5ysR6+;Cx1AugFa4*{$6^Rz56}}eGEbh1>bdK@r~5fQ<%qf5foE7 zq`$T!?0hAD$6RmEK|;86yT>at+x=8X&4f^v)@aE4fNR;^-_%4aj%ah&c|+5GNRS|U zQ#Q8kUku+aUWzvvhL=G%BU?*OZ@&rT4>WGsZFu_gk%FxF|4;Pq^fkw0uN#ne6@ES#|VYx-_#J>u=>K;&LN*XV^Cs zYU8stoN2jBdU?Tt`<%VwDEGdRt_I)De(s^{PqaLw{P4YaX{z!B>)k)$MfND$r1x^%00fn+s~O)DQ9U{aM6=&ghG4?QP^L?RSo`Hh3y~akM7aBk#FdP}ZfP zNbUdJX|1Brw6YsvKU2qd|Bluj^D#o0d~s8g*qigx9g9T{>t84*8{YHMv{}1fU*erM za1zfGX_r39|3PwkUbiwgxM@-lQep4Ips0fIjal~Lh!o%3WG%qi#T4BKOniDO_vGRR zz^|*E_x5l;;260K;jdTf%*_+Kd_hUl+8G?;F6g*p@{wr$BzuA^=21n>{T2*;z|u)* zLt*jsB>MwkV~o%YRH{GD7uUnHcl2EDwaO!3%{$UMGqIjdO zQX`xaKKm?x&$+qf1n~VRKxMlNOAiHzK9(dY)-=uOSynUp^Dq*8OfA~|SAA{e?=NUz zLzNR^NvC9mFO(rfPaIpDIAofEgaG&^3qwN{Z;);(wt_j_ zgbJt;so+|N1L#i-bQ`8iJY>vH_5c2DCPzhE@1+(KZoYQ}GG&u?O zkO-Zb{>5nuaKOBx9n$VT`>>0+atWzn$f458>GB~mXA;CQJj{%&>izgiZq!kE;R}C$ zaaASB(O#y?t*Y|RC%QzcxvZ`CL2JD4!K&k!h2VerTpEHKs6h5&Zmn zNlZ3HnOEDwlOZ7^#`DaVU!ezlB^b{@`>!tl%k+?Ae7+kb4t} zqZP~CW?>yLJ>Q9UYQ>?49uk)IwBG;L^;WenShT8ogLCO#?ictCh$;tzy~68-iIWpD zuoB89ZQZlYhIT0TQWXe3o=Hw&*KtAHHFKBui$2R^M;hKOXk#Z^m(1MFz-_i>|HmNi~7W5DhuY)L_m83`%!uh@(12b&?isFe45LxIg3S}hl%pq@SLp@fH zJ#!0!AA|9S;4yz`p%oX6S#b?M?O(A`O$2K5^LtF_Qt#^jpYA<2QsMht!~|f$D7+;R zha5n*PVi39l)?lnAINnSN~#Sb&fiv3`_tMMx(g&9!1Ny%jw|^%J)D z=J+*qd$z&gZhJTL8z0q_BBoA0xdmwxIl!cs9lnQ`8!~Z_TzdXQG8QP#)wX+vd>201 zvaEmCT1yIg<%yrVRUZ06)g@QJ1BxeXBq#^?n}~tfuQzi z{S6T~RllD3ty3KX3L;+|w!ix_iO4k{JaCASbK>4ov8eD8fuEuS>y5Ac>(KfhSmbW2G( zPi#AeYja3WbzAnOjTrTN?PZZl;PVnBly=wq2exIro_wZ7xGbp^{~a}P4Gv%UT3aYH z+DiGUC^jsrnRYXY>bwcNR3!tP^wp`v**hJx7}20`?@h5Mn5%!ea7dlLYN`ZWwIxi5 zqh{ctf1S1UaswlcY-}ONs?&*kd8(xK6Zw*v*L&C1x4RTGxepj{ub$4z)U8atc6v+PJ)5Ivc9dp8RBHpP&C>i)SF(*aPKbW zxaR)(9&LsmO!qjf+vd)d9GU=Ss~poI{W|vC@Vz&`eH>z=M6C3)-{Xe~F`|UYAG|tQ zY+wI;<3&P{Q@!;)Y2m%D<+G*Gm~2}FRpAXUNkhl2+zX1{%$!=;=H1|rXSyI;qy*TT z(a&_%bECx){@%Ajgm~fS-o{X4)|loWyB*TK!O@_xjf^gV$XwBZo3ZV`Om4Yi8C_)u z9eGu}%l|mvYr-?z!;_sGu?{(F5~fF4e&`g=4IkmoMX&iyuwA*wz0d!2;NNkBn*Srj z=T!yGPZ|72mw#>#fV;#=52z%hmYN3p6LyDlT+TH|R7V_b;SswS+8y-s}7b)CCZldWJvr_!r9`Pk1h1j@YDRSgZI8f3TJ>ts(ih-~@4U;sVGuMiVhKjZ8>k1^YQ}qh~JM z;f*N3gBo(KzqowWhx{A==NT6EnLI>jY}soI?`!xu;9D<_udFdHbLXWpi@1x!NqtP5 zVmH}~p$1a&Cg2AP^5=LfvN6RHTsyJZ>=r*zMoTmwk6yc9;w~K@C>XkXCdSTOO!^O9 zhMhz3{pCaGpSc%>k+Jx@o3gH1rpY?Dq){J3-0h7ldpl4t;~1~WZfEMW zH5YC_TVMb7Lx$K7nK{riO9~F8GuoH9;s2!ZQsZgp87oX32jShrxl8)KuQ?INUg(Bd z8UQyD)oo)L(Pi)bAgsFx`G>RBV5X1|B)Uj)jD7$V+L5(-{c_Xp=&TYcu!GB!P6$~FA{>*laC9E|I>9&cuU*RY6TBsdH z?U0k;TM@>rE}M9_k>v_nh=&IL8()BR8>5s+TPfgv9UWTi=|M-#XDYG6fkYp@BfH5Eo$o`7Vi zHdBI}MGGk>JzsJ+H0w?{^?k)?IYj^Cg~MFpD@s>}y26Xp#4$0I3+~S0x8eD~Ym-;3 zbb(7=2OAp-FZAYl>0&w}qn?}EM%0TKz-+p`5p6*%=CDed4sg*^k)Z~dL#E2=Ks>1q z-0foP!ggznIH(Egeg9RWt!rU(D2tk)e2FbD&BurfdVX#cmB@DdBTpY0EfcsJhsq`A6DJ1?<7e_nzC z@w&Ig>q2Y9AX235*G-~q8a{B;QZF*1?fiXXORIiS#Py6yJZVfjcY9=1CSlqdGi)I?S(JUv2Cz zWbamslas{YK?*O&8?aHhU#=|VQ1=|t%5{C-9rg{hgm z#jJ%9DLSYl@KZhHaGO_~yYd^43)5{Ii6S&cY_dm~gBvF?NKsYs0`PixWupltdbF!z z6hU~@oOY=RdGNfp2Hvu|e;A7MSe~0(!WGZS#hvh$Q+`rSLsWhe&QR8bEDM0%VX5y? zESL-?jh7-Y+FJ1QFRJ*Gb#{A6y^3djn#Rz#mQgk14N~V6%QtGGt56Z%kXQys6+w}x>hpX>y$hMvL*fSsU*=pM(lOF zU2Qhr6dwyouCIA)@W?YYd&afN!JUNM98 zX~pCtel3spG>qVFd1mDW@Fg!7xUl1=qAPw(2Z07l%`RQ2K>HCayeBr|0;iQxiBVe@ zEdTF!6IY+BU}MKo7@`RSX&9;%tC%T2Qn2??4a<2xzQJGG6jcSUiVljpo_?U)1s#SI=`-QvN9A|D(Vv|5XcfbF_Bg`1R^tYY z6M(BFX6UI`3v~(#D*?J5Ptp{Pm}Ot>=0uKI%#*72<~UKu!OMS7=1IhM?n(v5{bZby zkc;#M8C@4Q=kkAANIDu|5lT^G`YPtl(xcq68ti5oH4%#*EVxxoHezJ?EP|sJAItCF zovnH+_b4m#EH{mjOh<^M9Euu2`m}fZvj^+le+bYBo@d1Vdh_wM8gtMZdc?OXgG=jf zP~jL~EySn3o_1bVpOfMyX)R+>;qX7-NyH2$z5Med8#paI1kKa0YD z9MAVJRz(we#`@^DuV-350I_N+ZMW*%S}RQ0-agtD;Wf>FLB0L89T8r4eO9?ozexPm z@iOMoV}=JC(K^Ye;6B^+e_hF<(0`%L|GUwZjl-28=kBT7?5mmUXM#-CYnoBDrg!uh z$E=nm>%)()%VqU@sNg}|r$&@`Mz%Q#yBNtWue2>!W!Gd=*K$03pSqrwP&Q%Uk0wC? zTW}&1hpP7>&^64#&;pF&J?459 zT4L-h$;QliLICjuPk~Sp;}Ek(!N*dqOVZV;8&u+pY|Hp@9RRQrdJrYU@)a|}vTRCcqzS)F*fLJe^#rsJa{zDmsAjsgB(}9&nnMk3AgcPALj#^wfSc8)@rO z1~%&Gj$xH>7GuTkA25FD{p9zh5G-Ut!Q0)KW|7dydFPU!rOcgOv8*DA|0po`h)eE5rUtjR)X%3E6L zY*FftWbXOw0v@KFxlDyAv}JQ^V&u>o+JC4RT4Kp*aHC3PZD7a3C&;omN_)5tl9uo+ za^uC0gAe}9G)q)^Ryv!!Q-2?sTAC22<=wZP>ctQm_JT^#GqKM_AWqi} zA^K~fKmRq6W5{Mq>toChfB!gvWO}-A+S>b)v<^Ho>5i_;gC))`}#&EIrYG;VGVx%ik#M#ojsCeX)`COMhycdv4 zY;&%W=2cHYh?uJo$kGI@OzoRa|IFUf--!_)Rei%kqRoDx)DgisNF+pBMHiw4oW7U; z!1@>5@XTv|hHxc#x8j2CUoMK*22qkw$HsX~^VXI`kxPf>qJ$mTwL>-&*Q$<;`}3 zEnJd0k<;Jj+OC1^#@SW<#RR7L3q)p*aUg|Y&J|;G=dp>!%Y-CVe~iMT{UnuNAZS0S zZD$*a9Kz_bsyQtPuChc=L^_K&#H0;v&2$ce>0=A;5OosoMw+OKRs;>NM}z_0GmkI& zr`{0)2~#5UQ^fqGkS;MO&tF*>;+{JTa*xa@Jq=P868GtVv^b0+>Z6|UGC5+0shee= ztksM>=O?`{&rX)dmQ}x=1mAe0Q^@hK;9`3Zh0Sn3J$%hT2dUGd-rhkx`X|&I8*U7) zRGfkZZ<=5R#M%2cmUz~h$S1MrPx)C%&1h8dTLf9^e2>MYG>-0;5r#P#|J%2ZplcLz z-76w{A~yniim7D_wXnvgqNdo>0N^}Q`xE-Uc(62gra<8!Jgl{yhkJO8!}%zPK|;Mb zGKvFg8hqkB}+fK88?nnR-^n|a&m&$N`|;2vnLPX9=yC8zjQn$NOVoc``rf~N-F;g;?~ zM(>>E|LRa>KI7^aZl{#Ns;vHVR1=2F-G&Fp#A6VEci*y&(gIQJ){?J&`67p!@hHT`G*^%S&cs&0MCU}OK$(&&;^TI^L zTc>W9iG---mI8AA#h7EHHvq#C5@HMB1B@du^HYfaV3Mln_B;g~5qa;>|M|SQ@v?1| z(D3}}dSL!*7i|vmjoXci1F)N{B6@Ce=~5_%KjnmaEkzA9e-Z>F%nGgAp-)XR$Kt?ZGi45#+knn$S z@;*-jreF8GUf=!u*BL6Ca@{c_T^pTfk#Vv%-Wlmr zn$@?1K-0_d4@pmIwVx{gTkzLK4E>oz;9X3>iYJ579&2?`k>HcOMl7X}t%f@#0SvrY z^XR$LtNF1t0O(nGns~HM1mG^|jsFJibq-_vUs(VV)ld1W88*+fb)E^iui^f=tOC=t zz(@gyhcxD_o0nU#Tw${@O+k*MAWt&!pp??lgy4%HbXW}%T0Q;fj5y$OP1=bHTH-kw z8lmRHjE-tc!N_$Vu5D6~JfIaF=-XYrLmz9c?@M9!r{s+feE)Vei-Q%g_q9@}`b|b0 z0Aut0MBCkfYV5H*{?x=i44LOwzrW*ujroRP!822S6NqluflXpxO{cZjbX30{ zk#+LG*jI>plcCtC`o^y;8myK601HNH8okRr>LSCsu*9pxxXj5YRlHN>FiF#KqObVp z>&r0;9-deie=(Wyg@N>rYCR2=nyZ8L%|QC2YA;K?`NCIOU8=`(@Lwt(5p<&BKH!yJ zFOIw1raLXr^AiM3XPgBZ=D>r)$G)MG-Z9CfbKq{E{yCGVeAz}CUDw;9=C}g(-~`V= zg1QuA8d|I4qyw9}BPBDACX2yS@95`&>1B9Be($?Du_bh4ZAPgF&Ha>n7Z}uoHB@a; zsVi3AT1yqVK1Z(J0l*Dtb5`V(+)W@VnpS=Ro)Vw*by&U^WScY6ddpDoW^urOfMrLa zz|FF6ER)<)R&jyX!=t#^O~AX3vU5kn-A!XQT3fsvv}j_NDKk~zl7sa-J|I@P5AwPP1DOh6cw(;LY!I3l?q@s|xe$)IEN?>eNRTAV9eD&n()}bi5XnLxNiiN?r8G_p zL7rs-i~wEwn&itB*`kRFJL+*4J|W?!%1#<%C9$-4>a@%Z?3@FgRD6a|ogMuvNyp!fG!);yN`Ot4v@8LE#JSk1T` zj+K5(HMq>B#}mRdJmRk+Xu(Kj5FxEdUmO`}q886pz+}XS)e_XrYxRVH&7zudb+4_n zx7t_BNm}Wtm)Tdl??>|b?HFIONlW(&O6zEU>QTeKOb}@A#@$&gf5ECkj?MqA(`nIMsPskXG`ggM3fMc_CmtUgkVsr_*TjB8afyu5f-#PemDs z&o>E}fTYy)oN-Y}R)Mm7tf#Qz)E)h@jq{_UC>mFog?4v#ZnfsgjpU1=^O%N)F#!g4 zF_IdWQK3>|wYd=|CAyYo-zLTIZ_`8Fy)J`^;D#Lcof?_M?B$^ZdProKze$;CJNqB6 z@OK}IlYc#If<8G>c(YvC8_?C$6o?N_{IsuR_qVBKa&tAN$zlj6=0JVgiL90OFd0*) zZfYipn;t(K6?geN!NkWF*!67B+*CZOQ8;fGDE0j)qc$UQIJ=DA)G?WU?d^CSL%iSi zqFQr)+$CQT6{f+-yi!~fN_;FG_VX!OrtPwC>CC_|ePJ6yindLAKn>sY-bt0*o`~iH zkNg`MY9m)VsLz%sjEbx-B5GJ>VJ1)%Sb6lDndF;O!?@;EKZ$Ndn{6{k0!^Tu6VjS6 zwxK_~g0Uo+r6rM&q5hd;EMNzx05;D zEqoxA+KJ;h>;NLdyEYj>sV%o}0Wa5|+;jy?s%e+~s?vyCaQ-L;(}o1$UDrrhJ<8q? z5NUKKoF*B9^w@N^aJ!c?#U7_z^;uut;R4pN;EMnTdrdmbIn8Y$I>1EZ>Li$V=(%e! z&ypI#i%A=c-n7%tWHII%kDOzY`KhnPMVmZ3pQ0BWKLm`8iGlugV2MEk_n%R*M@D1q z?`+9p@WOAt4G?f)RdAt+leBN5h3jaKqmF}DGXfvT z#F5+RQ&K^^(=DZmV_o9F0S_Ef$_faTh)xN=spJWURhYZNt?fuCub7w?brPfV>v+T4^(0Wm^09PU?b@X@FU50kMB!dOF;UnmeaA|6{V)73Nrr+v;x9(LW2ESr-*1VJ8oyuT zgcIK1z)71dSuM`%OG`N+l*2>y6eF*w!Cvg8YKU68dle>m=X7laBq>{JoFQp@q;T8I z;uwQu=U-cNPwUI`c!Al8 z?kf=Uo}Z)a2P?inX_UznOf)io^L3pbZPdt4liO`skaY(2Vrko6v%kxEt#4%|!mR5{ zmoU}k0Mff4hAgcY$|-7Obr(}Q_}0j2WRIEE)@E$!{LSK$UrJS`0xMie7sMXx*8WY~ z8Bz#x4R;z+LOqW@tX}OUKDf*D=W-eA#&ZnOJw(Xt8{U<@)vEIF(b%}@qDOf29dXKr z-FH_tMLlnC%A1jNYG|c(^;S-lu`ts<$s-34eq`+P2DZ%*SOM{J;h^|tyltTrygmG< zGq-y+Tckhse(|6Dq(B3T8*_A%i2EM3d+X-^{oxg&;k&VE(6F^NxGG#6shkqhciJt1pKj8RcL3~&!8|A?L0H=-=Rh(XAt>RU zy(aTH|2Hj$YspB4R#slXO^Q4N68BRC<7{wfHt)FBnliP#7HTpxx?|^|jz77rMKGCU zy&djH{h~A85MMh-`YBm>h?IYjs5#N;62*Hm{^xu=5}f-gjZ1R5iWIm>rtXAGhbt;i zapX_@bDcrYLhN!`yAIHss)WsKLuW35!M-a-0ajW&sPk5?mZ1fOx1-+2(gWU9049ky z>?9l9HEU+hL1_Q~uvN0Rg*=T2tdqg6Dp1zP#3aFtEa`h~S>7I`i|}$5H1J?KYkDw! zS~Z$YnDqdM6f4O}+J@qu7WiJO#Sf`J`Oa}Y0D8F2uRCB!hRMS86nm&I%HU}cHk|q- z$?BwS{nm!CE-|Ao{D&15UfLPyS@^<6oF|aJ)E2gAjOz-mf9JO_(t(+zxEaJWuZ7p; zX_f;H-%`3C2x=m+D5>0p=Oso%=}6?4NC~=6Z)~$N5W^TVot}Yt&VrffpzgTv)I0*W z4VAKaoj{pf!l9P?H)ggmQE3CWS=C55Ols2^v`#g(8MtM~!km_o6ja(5LvF%UBCD3> zd=Qvra>gyebvPS^bHMfx^0mfV*b`9%A(S9^Qx>?ng09r z+qbHfhh6Do4F|ISLu?s}oHqQI&OG#j&;56#YhDoxt=#@gsuweg;g3Mbt|eARM6)Br z(Q&yA@w-#c;}19YPp|76Ih#hOPfWOq5j*dF@$@7kTroJe@kk#}vz5?^0zAK0cPx5v z7tFfYnDPx5d*TU-R^`y}cA6@mTvi49iCK;y*8SNlh)z8DT zFv*uGM1`b?Fb+Z$Ov!r2Q3ik>2SmvI5;g>V3c&=a#J`&Ho6FjB9SbQ(qrm`953a(U za&{s}yw-`hsU;jLh%m!ube?A@7uyKV z3D#Q!nTFR6(h6FJzKlO+PG~Ihr}61XMi{okxmRLe?-bO9d{`HShF(Y@sijR-lpV0Y z9@ySMQai-ll_ySn_kx_Mqj4{uD+CcSAj_XJ6 zu|umN=zI3iviyc*n^+C98<)n*Qk>hftxQ7c)hJi(H6R)YERXb#gHf%pPyd=CXC=yE1 zgFG8<2+k1@y|X82dCwgd%z-zv?PZ{D=xS&P>`J29DCgvaP^!|2pwkPfkL6X`+!=K5 z7nMrK8h7(u#(esj9ux4#b1kQqE8r&Si)P~tl5N4ec6+>HMw-=&KjHgC0@)hPYQfQO z8Yt*~|9MxC+CPLs?_dAEWTSToMnBU%I69DF60Rv$2YtBw-b{ESUootd#wIerYKzEn zVz=-<$_bxbz3U1>!^1l~+w>HC;e$+yrAvK9k;uFp6hlU=(-#$n^QG7tzGmj&nlX=| zS`YWX7Dz*|zBUlP$mr`j`POUnYB9&Q)TBzr!%xvzQdm|?CUa8H^zB8GMn_s`Vq+Ff z&G+f#qH9A|2UB5~mNRpA<65g#2iR@&+5CJBU1{9>Hru>l5lSQKp^u;V*gvT!%SHM> z9Oi#Lkc*1U+` z`6m6ITAAT_Id;Zw8$|*1R+E};ry2aZ?Z7!X8wfcTcowY zmzhN)OUbyE&vp>X$ywiqH*2I$O}1RW?Yt+|kYU57svy7l>IdSuLzSD2CU@cZ|+|`B_A&R)LH>uJdfy z)kKP(gfPxFjNOd)ia zA@?j>Bw>fAKa&pUV9qvsw5prsD^iOx=bA3X_nvUQ>gTzVQ8;+=AHcYDOxt3&OKW3T ztVV4K^l-aTQv;i#0)d5vf5PpI2K7cK~$y1XHzy zY%XS%_v-3bpCJDUX=0S(sqHaZ4L?B-N!fvrUkt+thb?Lzd)dVk3#5qC@?4eE~DMw)oOQ+>LwQpl0-gI__$3zNIZkv8vfSz&*r#} zytkhfgkAe1G7jqZsntoiR})R5HXN85-~6 zpaLOo`YB{9hS|4l`ja?c)d28qlYQb_{7{>#9=-}leqgoR=mX^jKA5$?h&hw>QRxui zyd;%}<${Ti3!?tyt{tDYIanYuMVL6E@QN$!>Yh$;pC+Mrh=^k91OQIrz^4JKu3d;| z!#iPKH|^+*k$C=Dl}UHk!<{Xl*63J@*al1)V`xa^jp8kK*-4;mC6Qzz_fYuH`lBXE z-?^uCWIq7(h;f-)mMzRZ{Hp5+eo(7#Dt!wVF?n29m*2fL_85t1_w6d*aGv`j-3=hf zoDBBqZxW%>+E}&qWrOo5Y?dD9ukY#ZbjlL&9ar0+c(JC}w1DmhKKUKNEV*+aTZotS z)GX^W8+2gH-P1ei+jS9hJoaWnc)LOulPNH&;ml4=RxC*?3Nx^!1Htu@Tp;jG&JUe# zAA #T^j7tf!Ph>#U5JI6uOCDTzhH?X7{1)dx(Lfw`4XU)*wA4rXn4$A3Gpq?pOs z1glprxUF!?`8Rl_)X6tF8SktH`YAsAu1L%vm>kwz>-29~@M~8%k$ZZ8z3C1!pf*^?7oW$1R}z`>Xcm%@pwK>m)u@ zB2Hxd;84+KdGXKvqkg9fx92ZEf2rkK(l0Q)8}ef+`s6F{Y44|TT;pPOFqu;s(K8ug z{Y&)V3@tjJU)l7Pf)j@pJt9^r7qU$Ix%d~{ZXvf$aRA;ksy6)FI$U*S($w3MyZ*97 z)Ko-acfP)qoY>4nnO&59G_v=XFCi#7uRboYdF965U(iem>2gB(B=cTrEUs%edTjYJ z)@ReSo{rF9Yf8W-Z`ktJX1}=l7g}4inVRBMs5asvQrta(uA)7$JLYV>Fs5`M*;C9V zJp3h=+b(#ulAE^G-c!qs|=v3YWYjtXfb4 z;Uxu<=^U^I8Sv_Or8fNJr?>y{{Ya<(tn|t6@076LH(|zS5eh4c@$@+RNgU(LpRtD* zd9n%2Ii8+;OtRqIehZ3JI;ybH!cgsLy8ca&QwhM+&3DDi-zf;E0@Ib8w2S_fJFhsY zt9=nj8jp0s8AR+0Nfn*u?z$gooeTlQwWen3Fz(4vPpvA9zNA;cI%=^I3rU|wp;((> zQUISh>EN^N2BU>fnrkFcDGI(MwbcpFngPfNFzdCUMg1Z!>`r_YyO_-O5P|SE1zm)$ zPv+u;D@R+gaKQ8yKHb=X?VCkq|DMloKmMs&Tl>4u^zd(=p1azcTX=ZW=`ksGn#zeP z2X;)}w7f(-+CADVDmG?xNSX9aBG2h718{!0LT5nwfaZPlg*d)>3e(oPT!9|K*^~xf zD3@uN1??L;6J(yQnfSW*;{t=AUEPjqT-Wj>uBz;M8YwJ4HiCa5s345i?B}Ytsjhzq zN6LXB+qhYVIxb8QK?BTD5TBHmX0d0zl_prnt8yIpUG8RdzQoH;jS#fZ?BYe?G+2ds zewtVpnA*CTT*qOF|lN_<@EcmPy5srbb^J2 zWRVWQjyi!WJr$dGW8Fi^(wqbEGa8+$yvU!LYyBUQE65MFBk|7UmX25qUoA&5hId|< zxD-lqw27RD56~y@qrAatZK=%O4H#BviiEQMy+$qx>T?OL%UPEPj49Lg!qcNuq8>jBvMIddpkxCEXz5JQNozYezTF2>Tkc{`2z|FTha( z^I71rr*-4Rv4Z*$#tRDBZyH;8yfRb?l(e-opJB&+4d;2Sb4TbG&@YRia-1OfQ94UV zzmT3Gkih(4KETX|Iac%dgE}Sgy4V;DcnQgPzTXYBKT@IuW}uYowuDH& z6j6HuA(h|8(5&!k=kU-_U42oUSfxky+9m(|*7b zFG;jm4!h?!TV06HQK?x6ea_t4U}2W~?Su$3bTNY4WOjS#NLO}}uU9?qN#>?N;iJv* zfth4^eIEH!a?3SKW61@Fx#jy?BDbs{2R!C^A;Qm}Rvb0ILyL&_!^i>iHMtvOUP+7` zc>1@tP(A&?p5yObKQ|U_5x`DP8~C4NwDS%PEx`}#2fK{pT%m^ubC~Em%bAGuRTa(nl_4osXRonVHGZRNk|C)FfsGxtV z8d+Sd8_wj$+1{f!Effuh2I%7C@q9)*F4q!y$K;*f`r9%_yUyXF`z)oTF25HEl=d9c zPPLPOZE}w(I2r1EZhlp(=LeF>EjoK>F#mBEnnaN58p1sr82`7DWiMPyE|RB=aOC-K z@Boo8KPd}8Mzj&+4ttPWW#mwzE}*3~uPA~C(2I^R(4cW+^rX%wnc)t;Tm66NddsFb zqb*vu8+Q#B+#Lc0cXxLuKp?@bfyN=YJHa&}f&{mQ#)4b$#@*c-=dkywTl-esy8qz) z@~$=39CJKFIg1Cy>oRI6EMUf0y7I}O;3vMBXj zMg4@1Q4zq=#26sxclfJ5qAZ(&Y$Cz)QVDcdfVHxa`Zw3#wKtTJ#uI3cIf0xk5mt$e zCZDI*Bx07^Ta+PqdPh@zKLf5w%7Qm99F+9kFGv{d5xzqSZdg60{m&w*ti2}q}f{CQoIQ;2I#gz z?s^CsHEwl4wA@s56Uo#MVA6>$S-H7+wC`hPo#OXbd7Bpv| zF4z>R{(!QGt%%xNq8_`bKMl&iV>-FuhI*@e(0l)%cJ_{{P54T@`khPsdl0o9yls?up@2~%-=p(v zspN3^05MX%)WD}y}aQ{T&V?eAm zWZ&EQ;Ns5(ktIy(he#fZj4ztnN+j{Qxe-7;1knvx+f80)RVXiU2E$G5t71!Sw?J0g z5~D%(0ZSoB$uWTu#a#z~qkgSz;A(+vWdLP219I{isA~%dK!zp9WV4P3+iOqjV zy^yW-x5nb3AK|InJ=eSAQNB~klZO?PVM850j9iRlpVLKxT?3mnySAon2;-LVK5U^L z*>(o!3O|JZeqSvAc;LtMbU#6ZBnmoQ`m^qs*bP0Xdzmx#NgnARPk(&O!b^B$^hjuO;p z)zG6ztiZh%F$aV>)6n7aPN6e44(m>b3v>C@|4ZOo4ca_)3VKMoDBFMV)i2X6){_Zg z1BuCgr%p>^?zFg`&sLx_Y~xYCSdqHb9drTv_~H!8QrYG`kI+c?DtT!ZJE8(dokdS< z5yeHG7<<)a8r#qfPZXVwtAV3lW;qR?ee7bby zSaxwtCD@4u)TQw$A<1uLQ&dzXh+D)asZHs8p8O_nE|VgneNX5vw%NFmioHk}?F#aL z)~2+X)h53c%l73s3;Dx;Q}f7hO|)3p+i|@e_}bo(n=dovpyerhkz@H@xH7Li>cPu# zj4bSTM;oktG4G8;V_{->TASVC@svmVL|J|Z!xV9eQewZY6ct*7CziXhFk01@#zKV> zI>KvV50nq@zWm}%!IZ&GF&ogejnJw-y!uOAfC2a06D^6H_lI2ueGomMx~RLqia4Y7 z)56h|)Jr@O;W|2OjE6)c&W!-?3r2p~|o<)}_s3JlY>jQ8Tgc4Nmlw$!GwOLVQ|8T62&G>%E_B?DW9niRp<@t_9s|mqn?NDnr@k7%Uu6*FF(`U+oPah;*E7Q;m5zhj|b`shT zLL;~yz3f?}&}b-VR{27lF@0S7t5I!{0VY>z!NB{$iA%&j2LNENZOHGlM5kr`7^1FJ zkD?ngUIKd%O?6s$wtW_aGc@C5o7TqBY@Kh0BKqhR7eaw!As8cAJ3+~fDQpmeR)&X1 z|9M}1dojNc9_P(a!&rHP{SN01flreN6Pc5+ELYnp%-#8j44wd2txYA@T3W?uMs)(p zwn|6-Olv}kMQ*{jt@_)*ul4c90Zay*qUdqnLa-qw z`!gNpQH3X03ZHnGcc^YJf{aykSOKz1ia>gpTpL6JS4`1wE5nWSt{4|wjz*3D*8WkA zZWY)0L)(C)l3%y-8oy1ER*AIIPWcIqne7IPSc}fuz)^FNzm*B=3@kzWb8`2@RIC z=#H7K^ARyHMMBs6-bNb|wf8Zk&Yg6<_-Q}`=?70eNbgp2-Qxo8v)t?CS|sk1xY8mmch4$ zVDbAAT8<|^!EzL?KmK6~JNKB^uBFMWIk??S4ZL%nxfxC+k$nI1mOLp5Mzs8c0hX|i z#QMlK8}vV`C+)vhPfX67%73jMkx!k(^_{s*t92?a+pWH1_36&i&f3n#j_XjT{Py}* z#htc{DtRC7N7Qt1ru{I(oRj+rVD<@UhbI$~C(nx;tr7gg2OKmz0VD$X14yrz=#V^0 zPG3hG)ercxE2QJ57eHMxTaI~>BEXURY8J_kc4BM+9EFk;Ny4`Y02sslfzL|N`R3R9 zeJ6&8cVKkpiJ~4}tl_|xE1KAV<3?U1LMDMvn64L^(UAB?Wh-84u2ifR?g#0*2&cV= zjzp;)u{13H$*`s``DFvP><%r;fIydr&h1xxTW)DLPsjD~xZvvZ(Z>(O5%<&2%fA~} z#JS4QjgBqaZk${*qzHfLS#-Wr5(uG)(XX4ZyLR`IyH2W_iVB)8lx6S=@>bsmJ^M=E zQYpQOlsc863C~nk5Vh3@I6|M=P-&8mkC3nsM`Y&xykAa=%!|0bCuwMCrV3W02PT_@ z>O3)Xu(1j#+I#zB;C)9ObeaKWl=tTfT3$b%>{JLG9M;q=T!_4ev0s)?U7q_~pW8>X zPPtHyB-6s{Yh7#G?7jI8zWzz7@1mCznsO@TI{GPLKh-oSRqk;=pdQv)luHZod!|2k z&qbI?cq7W?Uc;Hd?%dsxj7U958uH$|sunRO16wT7_@nDWukHsKUIM+sdFP?7f@IPu zWw4#nZ3T`EK}b9268nt28#?#^c4h1I8Ij7Iy%S;$zd(s$g;(+_XuQi9-0;*0Ev*(=0Clg#t)k6$>XQq?Ws zSyB?!ANHal8D%CC#c`M`3=Qq}coau-)V-a7PoUK00%DaYIS4ZoT_3e5%Wxy2g?`+`{H^QP9?m@B(H8rkr|Wd%HQ%Wd(dG;zVEr5&OM z5`0Ku6p6nz?ors&5ld5AG?ztWg@+76F3GiePgO^gy!Yto+tk~V`w>SX{zm4z+bL{Q zXSHvq`S;h&$#qX+KEA>=?P+~)J><~J8viibCO*r?*4WU#VnQu^XE=)uE*8XQs~p>G z8tTk<_+#cyb6=|HKD(T9(RmGl^r57pI}9Ji=~RBU5G!LPypdCqkXU+e$Sqg=;x8sh z6$!gj)D+PCA6fI!iU0M5D{1;v^{x8VUv-#+x-{G6{ppnlCnr>JZtD@m zKuZ9HR%nHLS{`i^u=6-XfUdi)K$d2JFN~q)9efrf=8ixhMxKnP%9V3~;EfX? z?zbk6M_NhoF47QaV;Ta28pB`qxQ)k@CU}?X{tiR+*h-f-Vri3L9Hp zL@;_~WHOsI*8SOfOg;nusG{0c&mXx@nK?7W z#yZR9R;wT49d zp?;*gXrh>K@zOxqp&8BY_9_f{E$Uiyt7VwR^A=SydFXf1>$u8NTz|f2gXXzW8I_}z zE%UT^Z`4+t=#=f{HoCsx!NzH9$EN=sSGBOz?+c z-Xc#k`zY8B8W_1tcCyx^-P)f)YyjQpxvIh4V|bK(BjX>w*d@+eo;jC z5Tw=^jtK?C{m)WC)a<#{<9Mc_D`f+FM)LgwxyOvVhu+++aY*ySj(tL6iECD;N^xHX z@GgSS)2iv3S8gsPN*KZb>%;^62H^bLZ0l<QKQvb7x1Kv1OP`GRjTs|PM@4pv|?W=Dgj=L z^awm6ky3^uu~od)fz!|}0B-t1l?{^L<+t^11Hns)Nn(67R8dj@zjM^zr<>hpE=a%B< zph3#-mFyRG$bWiIJ$5x-!P^F?V_LRHt#Rk7>&_dA6ooA1jcC{Qb`O?i93;f$Ki%y9 zy|m{GVnzoG_!F=;{{POh65azQitz5s5ydA`i4V?fh*mAvMu_A(6?y-byv8aa#r12h z#mB=D+KhFJy_0i3BPVh*g-{_0Lgx6+f|4A;d zjgiPf!d+W5KCMy}t;SZMZ@M6(jy>AXA>_$IanWOJH(K6MB@2ud9BLG`@b>_6h#J$b z!l*1MO?YxVj!V_!lPeupC$1GJPRNS$^K0OE`Bj(06}x7;Jq{3i=bZgoM^Kow-CCtA z2AMr*)aV~q<otUWI=z z6zsthRR+>XB2Vrgu;FI1#qY%+sU#=~6zKTxuYtY0EM~ahd?bL+zBnP(&}oisj9$F| zz@J7c%DZ=U^+O~xfVqzmL55^MD$Z$Nn*6Y}9pEUByYFsloCPyc`DhE=SR5K@W8jVC zV#Eo8i)^5Ms%n=}m+*_HVc4@2hY0l@mix7V?(vlrtZ9RfS~r7C8K!atDD$btZ-dN( z?{LzGZN9{>%Wtf;dl9$z8lhqNzvp7&R^A-)rHON1itx&p5GCi1*A0(ooU@;UX_h+D z+GUtao)e@r4H=B`HSr5<(}-k!VIC*seWj{xpCGSXlfxp`=Pe3!!07oTT=lvAaUHxk z^R>bymivsURdq7nIK$RlfCj=L0jL#N^rC8QB~^_gQZ^o_1=3%>k}cuQSv3#{fBYSJZ|2Mx_& zU+(^-uj9%kg()9=Y2|b);mRS}pv|EM^RBG^Gt}Lg9KL&<);p@0lK-%{9R%Yx;|VOP-Eyk0{eK~HRsV~~ z)oF8t{dZDb`M$HQ7zBzETnT9&zf8jAoCm@>;D%`Nr$6YpmwXo4AR!anzLu2$s=mA$SL;kvSdu{H!#BJ>@Rto zLk*5%{(c%`q^|c7<7c5?J=$Cw?{Gp`Nvz-~<~pY8NLo+!yy5aI%)^Ty(vRUewZuhw z&ymsJDz~yq2#hqsfFwd#QjlN7G`dw^;rJqH4@@)(%_*Df^x*ev5)(+%1J|KwlbM71 zY2_;QQZ)7VsX(+v>@`GMF}7r74{6^vNLqPU;BhVCG;Z+OUqDJ7$v9%i@uxSR^d+>E zPTQMT0-i_5>11yNv$`ek$8f^sgs$3~cCUEkI-Sd8U4LB*0{jhsjD#a;n|KVaua8RT z09go_O3YU*4x5#0#YC3mOc*sg-_Q^r$QKQVT!CBcPy9`vFaE~SR(d0hHif<~KwQZ8 zP~a9b+4@;CJZyMs;rhI@`eJ=4y87VW5|gYMM}nQixc<2ic@OC6v9C)@9Mm?Z)a0-_ ze^-xHL*O<_#b~pFF#zlp18C6eB_7n(MOQ|ICp$GZQe$MJt2N2aePoz7Zqwg~|J|Yg zm>SxI#f>JlBIJiQ@|v^n&9|MGIu6IWe&W%@phCJrD8sbeUmukhuu16Y3n$$2UR|!_#%B4Ui3;vebajE-b5D4wLS>Vak5YW)0NbMC4>hd6OK3jroeUww>5Y~A^e$Q zd;Rhe7I)x;_2&fz|LK*EGa_wZ2h^W$+!tj|6C!gz$07SI*#LzwL?bce@_g9kEdH9r zD716VQ-)ewUgIK$KG&MP>a1Hhs_{vu_QYv9QT*gM6Y<*x_SKz2p^gGenOm3I>$euLft6V06Nl^v zMj-_;^W9=^)3(OC%N{bDfdYui+g!ciOn9vDMNJrf{{UxTsGPEV=|e<(3dye^m6x57 z+@nX(=I5%KhWkvxyp~_a^z9hNj!uH*E^`{5OX^!gvWwQauA@GJJ5g8tro&a*{o76= z1DMAWlm*0*^}bJxN=R6A1EfpCi6fN5OXWYG3-=0kN}lLFHH(d3LD!T>_sKJTw&CL= zoaU06yE|&OA~N==jrM$n?T=1J;DHVqf&}HjrLyJ6H|Q#~|C^N+%Kc{-OL-b%@P8q< z(uke7XI9!yT@LtdA*xjGGH*g;FpZ>wo6lyu~7_ep3|BmfL_~Aw4qTGS_W|^01Uhzlnd{u1c`5f zF~{E6`-4N(Wkb5pV;p-V!l*1v$pVS}YHNxm7Bm!q^pWct&$>G8aRlXsjkh7gh>8TN zQfUSNvfgxaqi|J<6Jm`ml?(c+F>b%jhfh(&D=47_Z_&-rCEsQdTe-eRQv?1S_*SHZVx5wpW7(SiAo9_-=sA0%zsD>niGo zfU0j?{`W-9BfB&w!~OQAnU(p=aA4|wq@LIBs0bO~!_^qu54igxYktWZ-gJOWt)d5T zPbIGJlv-6ffW?oEPgvhVs+vMeH8GD4sY2s))lS4 zbRK_ccscYDTzwh*3)q0=v=A_0NgO6TvBD;Cap~5GXtv}p8Xx%~O5tYt$ll;3Kto!Y za36+nG)GHxkv6x7eIue~L0muJ+=9Ujo|KPt&lnT9aE9&f*)FkgCXQS)S~@8g~Il5%vw0R6X%6jP6+CG%ad)kJ*ER-pC@?TU^j*ha~K zYM{5qYt(ID~0{ZQ6by>7XSZj~w@V?C3PpI{Rr=DTL8ix#nZ= zyg08N8?~s6>J2m4ZtkZu|kRRHCyQ?}pPhjeq-?r((8u9Iu9bRx{w)fFbf- zekHHQu&PZtn@t=9<8XFRvF8=Digeok5Dn!0InHI;mQsw0${lsa;~h^Mj#c8^-DGt! zWL>KCXK*;ZV+2w5&Gbzg0RwyT%H~L*FR<|Juh*Z|%b>Sj zvPv{T+`mzO>J;;Rzk2d^)_9~fP4R8B2e&Ysg6<-{59c1xw2!min9D6nd;8-_5A49k z;~?EvyD}03u4!50dvwRPgsQ8Iu2a&bexABQjFhxX^V8DXfB3w4s8sf|;S_X^7yVb@ zYVaBzw*b=D<3HT0G6~)S@D)qu#o1K6Mq@#lkjNwyNeqvW64RaZnTFa*eLnLWU ziC@_*On>s;rTwfq2j4aL-lMDY_ZLl-?lW=BlKK(DuHSpmu2(JUNK|(Z&^LB@+dIt^ ziq+4fSC^fq{&ul_Wsr@cALdkUIgZfYjp~`f4OWP8F-$0IhlLbqkA-bS%+Si zx1JVyPrY0%2G`zE2fw}vUoKW3RC6r@I(!YErcPdV-H(}f1#_W~b3rzjr!R-l`a9g` z$-;+S?X8z`-k{BgYQdM$muLT%5#FF}Q~TVPt<}4^=WO^>g{zS3(PLBap?@y)z6siN zC-~AWC=lGz@lfXt>3}RhlDza(zbwsn7V+Iv?HRA37bAzyW1~n>gplp?tec4=k9>}5I!?V<8RpYI$+XAE zE2MQ)>GOZf0xU`X499&kBqbd*w31o}o`!XohgYKgy@*^e-Sz+8&yEh$eS)=Uf+r4~}=_Eo4M9;Ev#b0jK&c zyneD0G|gf}f4_rrNr*?E81$pJLhmk;4gi$yGF?nsu)7@~6&$PaDRvL1E0cd7vHD2a+r0j*mXy7}d0ma785(+$hG=yt)?SQL#EZ zh*Xi?E<4}NhPWLoejU^J0CpC;cpRv*3mK=WJ~=S-rrYKr4o%g7nG%Z!ma2m;#A-jo zX?aI8kM{T8jejfcE5CDy-pDo#FX!|OU(&TXOkwvHm#w0lg$~qmB5Cywhkw`S#;qjd z+o`)!^R`J!Bukp0D`Tp`Z}DNg%&%N+8=pOs4ch{5P}#=z9teWJC9C=}FXRd)*=Hn{ z*nJro+uVixzAvbxsq`&QHl4I+jE`#K6!|xDPQXuJhsP2v-sVBpgof9f(D89Gh@SnF zji!c~-R0>|E>) zp*)}0Gz7hP{Ra^G64ed|{NZFDt~cDKa9N%gmP)Im(=L$%;h~p)d3UR-CDnBY$^$Aq zYKLLr4A6)~OLl2@;xn?Kp~(=E54P;fO; zp@zMjF>hNTi#y+8J$`CYM}(K@zseD@4nU7C%hR+xy@4PX2r`ERY?hIJPN#5f;szNp zW1v_a5DCT9Bb?U-(A}QayHY0OuK+Mfkva39RkVB&EekIkmE|ls6c=+YQ1f&w+&H80 z(e@^b9Yc1Jx=rjzJ(+1To-uP4mL73a=u92c>!n2zRq-I|D(_XrY?-sJ;Z| z{XJkH|C7(3 zCJ+;~4(23xI5S>*zsWma+Zmv4NVN5@k4QrhfA=3atH{_qrT%B28`V$F+N@@tlej~9 z$B?m{gD!CgG!Ln#I;)*1iML5MWHgZ0*d~Cj^)2yhZk2GQRj|8Co})>P36Ryu_uAhDdtc=qW+G&Z2^*(!{W`IViwpLZ_%?=G&YqGLgUgp8QzDAYi zVRD|a%r4^(hTVE89;5R;24@++$nYXvl(FL;4CRp1w?0RKwDgSFv|&er;d=1zE;@M9 zdm(V`*$OMg$zVY9+es$fOD&okw+9!uSsJ7F&#%V5?NzYoJqV^ zQW@$@6l8*J1Tdb8Q_-31$~kDcpl9j-hp86g*duEV!f#Qg$-z>oBsZ60m8KA3M)T(Yc%yWaEbgTYF)V$mtgk0PiN<80! zUkn8M;R*;zEtmV-1sy*sllNu-#D4$6UOR-kfd9hvlwP*R+MJHD3YQTUeUiy zS&>kx*&h`_8u~vK!y;YxbDd!kVl~@&R&Q>TCG^CKVltDNQap`4Hvhhv#)&`Y3_sG$Unn4V)zgR3xl_7Ji1bZLkg?Zo6P`P`d{!n z3y9gn1eJM!ev@Q2jCCk?>yNC5Aqth~q`$kukAGWLnJ@yZXajTaVWrOXBTU1lz5;LpaSVDFY!AczN+RqeQnSD zOoR|mX9Jcpb~Wx=Eu8#Q6XrW{PlfE>-J)kB86HKGa?&Z;&W_h6E>@B|7Y-UuMuwN^ z^B`-S7VD^uds*_apP?!FmL!s=eLe1h!by6R=0`G2RfqZ^9rPK~>7QbWkO2W?zu&6Z z8IzaycCg8!qb$3n7tX$|LDA)wIr`xR0EaZ2u~=G; z0;o31pU5VvO!dkxP0FyHLWpPxSGyQ{{dXv>B=2fM(FddfXak0V)k zWzWj-O!UMGA`NQ-W7Lf4tFz?Hc+=%HtcFv9fD`1Kzfg1(ZQQ$YQexVyh854?bYExs zQ}nP{AHI_#V0;&-&EJ97hN6)QEw_xY9A;EsEJ+< z@r#M7EPNpp(3!ug+0I$VXtt23k4=S!D6w;gAnk|Fxhghz+u!GS%XYETRQl~n8zZOM zlM|2o6Az}^0}4TfAj=Mq#(;GiT-G1EIORud_NSqpJ8o3fIbYKIoqwn$WX9oep9yGr zUv~CyMsAh2{rmULyXCH+rh@)~{eyL|sHdakOnDuvr{aP)B+lp{aIZwRqVn1U&IiwY z+DxurOgtoSYu#A#rLb_y!o(TP(q)Q@4d2>4@$BzIiY6hRQecXaeD*zU+Mp;VO8sm>O9U%$fqM8LFCKbuQgsUTL*d)60l zczC{w+(>It^$bj2=Py8=1-v`pbVHUTpbV8VidVx>RA{D!0^p-%XmuAX!RacByiOIc^QrYyCLAPmjh_wd zj(0k$eu0rlmlhdx9;v?jmK(pzN`aT-K2KsH!78!YsVBU-75Figl%bVyrU)W-hl-{h zErAh`Ugu7ZWZOIiz)3*oQ@OWNj_0btM8SSkVYatVL_Q;1nk{;@CQ?icDUk|=kD3Aj zLH~RPSxxXi@!8vHUknD?j^_z0YJ4Rt5V!|S_r(JBayyo4lxNYZGBTtz4HrS42%^^&jU#}LurAgVNc`o}AO$M~Cw*YF0x^y85e zw=@nmf)ExH8>BXOU9&$&^?22ErEITZX-+?Ntbyr%y!kcu~_5A1xR>>H?qDdYjjENr$?(2*@bO1^>Tt~u^mW;% z>ALuaL|Ca)kGNkrU^UeNcDUbeQxiP&9JP)oCb`Znsq=hN2=xW|{99~#hT?K2HTQfL z-i3%gP!_UsKOZJpm`7^*G*4x3FWE~ptKo^Ycs{O(N*b=*JadCOcAi{=cI}63P68Ap zUSnma?3SV;h6TP^bwh{G=X{1)i;~(M_eX`CO&FMLP>HmfACjn9f#13tCDM{g)4;XZ{=3gGEsmj0C);ex9= zAJ%GcfBCR#q1Q`&_2K;Qg6EW{aSB01br+& zH7a<-xbJj_6+U}Je`|Y$`(%d2jo)m}1)cN{|8Cqs%a4A{n?ijYhi7UATx=ZAq!+fY zIuDr^`av&RlPrx2?(9#ip|s_ukA37reAIzW7Z-{zzQXu-PgzZYt&n@?LN;pue>TJ7 z7PpB5_x#ZF?z=SGgV~JznCbUpDq#`d#(Si56T&<9%*=(F_JbUJShHY<$lp1B)S7t`Zg&7wmBM zmpg8WWC^clSXFht=jg*&mXz%D(W9_~-~4}$U!2qs!M`mJ#EI^*lqA?vAucFkqL3GU2YO{en$mG z%EEdfluhiz#uEKAQ1nbt4bYHrEU9SR)5L7vP&)kjzIXndh1{G5iR1ONG^5{kA*>>^ zn$Vyn${1-^caG2$5-=c4u+}o>gNL4LeNIoxKsT(lU522xFvRZdu>ScgeUGBJr7rTm zq#}!LegPgbAKWfiAM$sjY11vRJKjGhgf|CVc%8P`^}i`Z!}EJ^@xF1_>jc{$9Yh2! zGyE96S4v3xU_Q9h9dLEoOI?ij=WFNCfK9t+&!{hQf2tY*5{d}XK%y0lw$tOSXn29= zIuGt2h}XSQ3n@T)7kJz(pv(cdP{Vh^`xN>$RCTeLMV|oO5v5PVlU38ErdgY64btp) zCDX|>33%a8E^~Iw-Utwq44dS?`c7b{@(slal#}3ZEqahr#WT}+lR!Tl^tIhiQ&-x=;c5b2xU0;JEh7(AFSQev@o;|0-NOK9B zw$Q6oJ2TPJqwI#<*s8MhagWXel<(zbvS0FWlV9TjY~3aG%sCxMJv~8er2T38*17); z=6eq5daXfU2886gOv*=GVW}m?=w_r}-$Z`dQKci+B0vlSt?ji)noZTjNM0B95-G3i zGWFsWt>p;@>K6{uMcV&_uDH*`_aH<(F9v%OT}Q(2EmGt4qXY)y8^g)pbh8Bh#w$w) zCB171Y~v@P>#A8095h=Fi{~plnxTA{v_7({^5B|bA7@T~^PuF)EfQ6Q>*0de-Pf#~ z8bRRk_0zVWJy%yjMuZ%lO$}wgE%fMj6sVg1ea!wrYE&D+alb=~&vtHLaz`Hmddg>5 z8KYJ{{6Iz@uGu%Zpe;~^sC-mbV1MFe>>&}g=LxEl@fcdxa7$#+sj&3QXei_G%Ej34 zVQ8aPzGz{Jx8J0IDaJ5ePx-2yAdZ1a$Vy2Gc&m=Tst?_1mmiltXxkSy?B@q~DdqG_ zK5A^o_&|+YkT5fur3W6DFjp-ko+d3hd?Y}>9{)Xbm?`H>!P5oB4yurJPT5~JpDekk zB~H69Zs&rVAy0;_e3k*xCP8O5O~%j=a|^24Oy z;4HqXD%Zm)k{T-T?J0Byy9KhAb!vJ7x>>m>sHWiHwiT1S%X=Z@-I_M<+1@mI5Igvb zht+Ebo=Kz98>4MLeR-+Dl%4cq3*32f$(Uz;xm>!emY#;3Y?6E%a6NnQ@#K(EQ<}{4 z_?f&#b-TU{hUeedU?@<)$n{@GKF;6GaTKM9}TmX%`ZP3f=@?G=aVeG-vk9bU} z?+N%`?xdR-hnM`o3#QKvkWEBOF4xBzzTqBM9|yAgYt*cA$UP!*TKdI7|4QZ3cK!0U z-1Zz9T-@R!DT0}7TN&O4YFT`xO?}?EQ8)Sp$+>U%4nBH$Rsz2$j*kyNKMskzT5$Eg z-D$G8jp<%VElg8;7WGS6bGf945 z_I0OE6to#ugd8TgLbcB&cunxeUA*RD5hn-xtHznJ%S8eiL0II4bEkJ$J_3QPfOfM4 zV|ma6yHF8VOxDK&J$UkYuiddC2kjC2mpX0)^1~^DuGOQ+z{#O5_lJ6;%%^1Yh-W>W_|`zbV>6o4=1>318$ON!1)>!D zHdd^kTE&GjZQF}00&AdQ7OmZ6q;r#L834Em=Rd!Ox!zhr5JL$E1l9)QwA!wC) zNYleeikVmcVrAlp%qthf#No_aIZrs4;o5R>bL#J z-*(n2*mCsp0_PkPG3%l0M&DR|yX?r+rcmh*6ZR*?tG|fG<_@As&6Xc$Vgnn#k(d~x zp|Db2gu#%GR08yx$ZXzK{__FNEr1kL)c(mRr&=SjlT`+i5^n?YjFylFCW&QYAxK>& zZKOX8tbQVgNk^g5hEIz>ubp5IdHgT^|nSK{E7cuq0_}aKc zDfz(HN%MC&vYFz+sZoBB4bC*j2U)!LJw`EKhfK~Sqxm!ZoB^;S%mM9X9l?0ySM=DE zmJXy$L-{XANnNa|)Lo@TqZ zKG?XW!YI8*4ie5Z>S58Hjq{&ODV_Rfer@2P4JJ?e307bX7ZagH_dqU z${ZuPwj3X5%UKjtMqHIFeADo#rd4HC3QwndZfE5CcZ}+pQuma0=oXA4U~Y5A3Yz{j zf9u!WpZ}njL4f5osk)P9<#AKz{M`_hAqGNHk)?mkyCyP&pkE{D5#fer=qXL&p5rDV zLi%=NQL~~a$gs-^(IklhJ-Fpmk?N<);yUsx5IWsVix&=~TYfqA)?UFku8$Q10}b0j z))=7v@|kkE64CEbeneTqLn@s~cu6X8#e+35cwg+eJuNn@`}M0dD;dmPhiyIiZnQXh zbr#2-`qwH^s;3orU#UV2d;>n|FuzAqBIyKaw+C6I% z^n9^A&RYExrJ05K_4l&J2@*^;^Fgs^3Ty7Nc{2ZM>Am)& zp53frsNcJf8n#Ec3adBkY~P4Rmfgz_ukK7^atLQa-;YQ#|EkWvc-5*I|Iw;TEuZ~n z|D#nk(g1>$Cg9umkXrs!&J3${F5~G=Osk&p75MIFrd5dhxNE_%Yd5Ec`_!1{$n@uo z=YxdWKSPd4*kP`m=tvH;ANp`k+d`R^UeLZEHxfmIT2q_ZnOwdFM88$a)*#M7nyaT4 zP(lRe)VF+iL|gsLHwOS9$r7F1t`YBT%-@ZZ`wRlm*%!+V&FE{aDZ}1`;&K51OoN!C z_n?egWpgK_f-oQH*b}m_5rH+CECgUdSrin#Pc{-@ar;J?71!K0V50&#tO{c$we)6~ zd8o+3It1Vi@bgCx5>c?yLeJ57*)vDW08LWN-RU-VbhbBJ{XGcbZbiF=dBF}-aN)I^ zo4~L>$r=e{yKIm&Bg^D{ykqHKsgPn%S<8${UPFz>8TrOg=rljh#(~rXK}IXFfrbK?VwI05?f?n*=fB$?){{mn>3gk5 zN>-n?=|h|l8ORJm>WZAv($MRoX&pKxknpa%kRxn$3$c3HfkiI29G2|Zz@jz1L&Qz* zGhMF~m)=N*Av?>+dR(HcD7HE`LT>8WKhGcpOmB6zVwKcD3p#ay^K} zB15ER-xDsI(K3bNK4ttYn&jUwL$Ce(mM)2k%?p$jdZ$g6{cY$j8S;jMU33-X%;Q^i zZd1RZ<9ZiSAw*xs@H&EH>Z2W2;9GT9EjiBMU-J0$8<$SDN!X@JXe>-M)kU#qFW+4! z8R=(5lxJm)E7EkTeriDL)7AQS`eIwH4_#*iEL?(O(t;1!?g3s6sel3I+xZS!%9#-ihYj?}5)Wl$ja4JIFS3xi@xJ`Yg`En41 zbY{;Hog#9WCuA^K&&ZKx#+?!W`>=DZzv|xAF?u4G+{T$9plCTW%a{0I5K@J5aaE#h)?ESFV z*J~A-i9m+WTV#@pswJx6BFs0y z4xW~dYu|BX!`__ln;KJhPh{|R{pkP0)LTWx)pbp{P16uun&581HMqOGyF-u!f;1YS zgS$&`x8Uv?+?@n>cXtl&_m4Bqx!jlgV$HSYsHdt@?+n~El?sSNUHGXKi$9PH_#+BveyUXKo z{|&gZ2W!un|1IN5B6}qsA|SHj585e6T@1YD3ve8MZVr>}bV*gkA4CG}KmkDhN-TqX zfjug*XGWgcX-Z{zINtdW_Lv{t(1tKXq1p5%!-No@GUY%I+!_SiwuD>nTt*%+;67{w zZs!||as!N@3(dFh=*FT13siZS+=qS`OIXhjy@pjaayxqSy-Z=w%WJ!QS+_G^0r7>a zX-)Xsd<0dfKI?9e4#5ut?nprDjiw~5AyyD;&G$0$AHNj@`}h9lV+v95!?3Y~q3Xd& zKwdoMOxCL(6Ekw6fcNe!)1fDHqzN_4K67T5lwq?PY13b&Q)lR z+x@o&v_b=D20KH6y1j)RCNuVNUHtyMMA0B3=BL8%HSUyf5*=AYI3`2Tcm?IoUwI@) z^iZ6=B|M^e2FGprOBD@zX!82LxR#w=gW=CZE5esOy@4Dw27kpeI#9vkR|ND!&4sV5 z&ViYzVsVJpsJZPya6ymsU8MMyN`U$CaxFAs=$ij2Phld4Pfq{6k^*KKvsH+f8RMt! zbBwKnp9x_MtE}eREtrS8x|j-|Nn?om<$H<|IRJxIMNFASHdNATSB7E;%de>J%cmxaAoB&%B7_CjaL{9(ugpSW&a&Vh<$Hf z;Q4SUQ6ovtKhk{mD@FEFsb``?PR5QGtCVP)`eE~?B{on*qSG*o+}Lt;l45`n(fTXC zIb8E=xp6r5l1B0@{+9hi3cOeppT_~q<#k(yphhGdlJcG76}$QD;WpLp&HD$K2RXea zZd!E2-v#p&bFv1kdxH?~yapQ8dBuO}h|owY7}TceqSPqs2Qu7GD|4jcT;ilAl2Nd9d62;`4D! zaU1=nar=%hGX0aRZ)uX@UHhYz0Tjb%7YaWZEcRE6o|2DR4P(ob#P@Z zPOrD7&5;i_afRJ%E^fYkusdg$A&8zK=Th4K>o2*9N>bK&M2W&2PqfJc840uW^4^<7 zhk5O8*0XwY_*H;Gl>G9bk0$%A+@zw{>{BqC$@i_td2=&{U-o;?EUPzVml73E4ox=i z5bkXr?rzbSAIbL0B_RBC3Bc;ffb;5W%4JXEkDC6mjXT&c$IKE3sJwOUM1&JJ!^%h5 zcY<%KI%wV%KYr;5fGt_-fSYeWj&;%L+}5m8oFhGzHGK4OS2D@EX*^|mjn^D|%sV^e zo=>ErHUh41f)>B}tYLz!LsE&^P!(wi5IMm2rZFO$^4~w7DVCCns35TqMb>ja__+&W zMCggzQx95FD#<+52;}xl8xd%Hy!m!HyMiwTPaf@<>M%n@zCWMo)n@HC5w!| z#dObM)J&h;bfwZWKXyJ-`h>KzS0$igWaaUj84XI(C4Xpv0#lKX^MUTNS+BwZty!u^ zala%m=9Hhj-FoIBF~+gO>0B53RRHm4hY24ubF3Hjb%Z=-dq|88v$Ntn?s5d$7-JH; z??H{zP@;59A5x0pAObM^M0(e7Kbg+^=vfom{xdwKWoAMm3TFGqaHdJ$aN5V+IF7VI zd2JM!S}nnG-8sbFbjM1zGjeMb6EP{8+S4+bzt@}W;&N7yPt`)dXw;vPmf>ourE&^= zgd8TNB{AHv7v+9XfGGB7ZAHUB43w0JqjRvj|m~%^~U4IFJ{s6X?mr4L~$y;3CK2P?`x742SctokA^u%Qr#v-#sMiNWt8RI;6^z7$Ou!L z{#Fb5vODXM*{y!<*s|}*E|o)zSHvktw}nrcPcw|wSqT{@{fU!^JA9QyVp3FIVl<^A zTBH_=ce@y;=1d`IyW}t8@_4mJ8o0cc%%&ThhkXK;$+3ABy<`V{!Bp5Q636%f8JCbT z*(8@irXldt*M<_gZ4*b)H!95tmcqp3iV$#g91obJu*&rt%k_ZCS)AP*P&rp}n#kMAXZE29g}q3xFOt%H3E?6LfW;lePM&;%Wv=rpjgILM zp?jdo^p-wnk7RfxLI=zSiy_jFJH2U*s)nj*`Wg~Br+iG!Sd;WuTDuC&ffi$D8T&H% zZz0UCh%}?C{p|?9m!a7W;(Ku2Y+mj3>)4XSIIAK+anEh-?XoRA+@5Q~`!8`r)@y|@ z;nKE%ZS(s1a-${uqxNQ+dwSSXWQG0$PgBJt>7E%sW*r%M)ZFBll5jbWunl;De$eE0 z>I6SSC>nd@_K)BR9eR@@aF5_=yMVNr3`cMw@x=D2p8MY8I5l8iILp`4?0~4LPj<&! z*=zkGLXVuaYO|Rwc&l?_?2hJdb(V0b{J-$km%d9^v)SdXiPwU!uN&r-?JZb|Yx8rh z9f5yaZsi>AkMEq0ciyK~kk>-Oy=g4K7cn(2R^&hICK9A10YvOYSTC`FCj)B4;Bt5P z*^Bxiis|;f~K%rKrPXs9akSWBqmycTFYrJd2Dx4h}WtuVu&DMm7;o;DxV%5P4iG8Z&(s*ZSmNixijsd0-MaIR+~iH8z@fkT(EO%l}>Z;GlspPad4pqY-BLiw`lrIEq4-5H7xP#GOU_1c{aG#RCLRk# zEc91{E^8G-HNIyg)2@WcU&<6tGUc?2K{|!@S+~luFNfPNts}Btg>nCiNJoAOv9m_P zf(vgIq)Mq4K_319rzeNDSn>DXcAM>_y19riu|D{J#8)Qkr3@3PWDSUS8!Au@+Q{0Z zsxXF@*`g1f%|^RaWv;U$15Mj!BkIKb)Wf$SqOz*=%yDt)4bonZ82h6+B7!Y^Njb10?F>Z`qM z!xH+uhH2N`5wa_8e$iza&geNtu#tSeYMK_ao=WPCworCKTDhF`?B*=61cxD9K(WzF zI-QiOgEt%huvu)qe((HXSDe#hQS;lpAj32*dJU# zu;X%9?Gzf?a(9l+`;>OAAMWjtSwFcMKQ-Mz%@&NM2BP2wWEqPup8WpqR zs=Wn+5IxH+9n|*+5oNN?e zUvD82(`~nF)qCd}mL_>dnHSD*6=Kj4=PHPi{wF`_EXdkvf=hpiz9Mb0YpkYlk1Unw zD)u06=hA(Sd^ex?@?;T#t|S(y_s9rS zh{9*Pt|EH*UY{JgZSzSc671pe-ds=?y1P+M6C}n z{g8Ndq>$0F%2=+p4QuF_m97J6sddCetYh%|cozf}ORi(5^?L@+TE-;C2UY!Y#xpJW}}A1RmICnB8)84{-EuJg%YU zI1Ods6;D`ws51v0FF?md2p1?3#IGTH6iv zCB$cxX(P`wT7jL!Mf{mMRRZ^y>Q7vY1V8eA@b<7=|6ioP#1w%}+&D(he+cUDu3=LM zoTbF7`pq|~gi$c_^)hC2dvrM358*AT_>YqpE&n0zGqs2N|B=osS+ln8Ah-)M@#m=mAPibe8Q;w99+NwS=sLHr3XPVjH2%NNyI} znR(^KB6;Tpvrd7b*c2&EB<9i-;iQ+d*Vp{p5Tg&rA zTVS^W|If&v*mYW^k1y|)+nUW%O{|=g)_=(+Lmqtj1wr?%{IPbU+ zILpH#I9&_}LWj>sLw(sq%Q9yUyKN92NFO>yS<4a*&B zFl2igmRUDxnTg~UFv$R)(ScPWh|9&=;2|!?Qpw=1+)C0IVTAop#b)8zpn#Ac{Z3{!sCSfyCj~#pu(y$# zirFYZW!SWhNw^~$rD#Bu=%m^^#U$NKc$NuLZY5xJ^usqR61d>{avZAAQ#5!n zYB!8{^`%)si^x&>7IH?|Og_)-xCq!|X&CJn3@SmWB;vc7Xy?+#Pk}`A)XMze1FLN! zWzGgCJVz4V_g6g^1)#}yXcO6BW8+9yN!^EiLmjnSft=poB7%pjNFm2~R4|Es6pz`{ za}iv{u#a>{JV@50gd`T@Fpvan5qi?4qG_FKm#IBX5lcq;gz9_*s^RsZg8^#60~!+p zC-Ltr2Us;of*PIa+(USKt>}#?46l0OMp!D&R(3hS;Z;sk@3)|2B)Se*MZY919k? zRImL-2WKOfN;KCiHsF_ql43ctuEyu$5{CYYDer-5I%UIUs-WPz;}L@!{=3l)us27Z zDlWUTQQRvr#Q>jyogG-n za6b^(1}T5)yY}^xc<5X3DQ>+k!%%-{}xmie;Ed-{OI&EWgA{q)XFu9)0sY`xiFd zYbNi%9r^W}{Q9!8ce5YhmCLJ@{vcNS)UY{cWl;&PF_a;`=tysHmL^Fk4R`;20y?~s zKy$sJjjQvjBMb)sj$wHc4Lkg^_<9$>y_0ykY+ILzSf8gT|AD{qSo_a~7m)>joz3rC zo2b&91$VL#xJ04QxoNS@z9(5>7FZ4{ECuN@{`gaAl9v3x>g8WIGdFcWEOmMHVO``Y z;bkFjaBDzx(M~$6_7Y4DS{m~)>)cAtu}Qvl+C!F*70j@8_ynl-sa6^DP^&MzgGoN)HT*T_ya%%2^~sT>#Q&(8M3nQC+a94 z9oy>R(2r779@vpu7h=ni2X7-w1k)w9#=K2aC?CS;!-vilbo-zKLBT&#(f3&^`UI4h zSa>c=}pJDfvu{Fy$0!ya>e zj@W9sSEX|?)DEx!KxygnDwrt0FsY?;cNdtmGF4~mPV#~9qDSH#gUCvEtF5bqU!anE zbHCVt=enw&zP5|?j1wPZ49}BKCF#{KUhh2 zgaef1xBoTbnCk|kgu`K++>!_DgtDQ@nlk+j;^po#C^ojr`t8b7_SvG8I=VLkYTT}> zRAGPjVI|sSLoJCH!*8cfYUXzzbc7?;X)bV**fAWChjyg(9Uh^9L^fV$h<9(l#5ZCOH`z}u!oQ97iw;`mzTAwQ4C`=PML0(nzvwb=ZMBk}J&O79-h#Rd z+k)*nPAB5#D{z_qR)O-B-+zzsP9~fIR+g+BGh@K!mf12tQQ7YorFhGTP_$2Qq50`@ z?fx&(0!``y9#MGy9Twe#WrB$z9)Y+&g$dd$IOH9k)@!IP>Fr}pl5w5mm5*!zU*Til zjf;pGc)Zv0+T26A9tN2P16IP9Fn(UGY!%DNiOGC--Hn}W?DwYk0}$7#sRy&~nziQ! z3#Nr_mIjOCtMcD1u{WQ7;F<5(1@8{aS|A=`FwsnJQ)uZV6B*L(9rryd*>!&#Sg1&4 z3I6ML=DNF@o(O=DKw>>tk0zMTUfxJFQ3jWIGoPX+l5n5j@xLeEx2c`i{HIqRlESpt zPrkL|i-Jz+ANkt4e14v02wa@}jH|3<>BpZoR9q2s*7sg;Q`~DjiZ?DAy?cD|;&pwx z^~d{jr}s(Gn}+$P=biWFPFmdm?XLIS3@|^x)_8xvqA^*2ec&Od%szJ!yzg%}V(M0G zFupg;)-qmobwiVb(QqmnKWXAlTE^ZRs!xW?-s!Ifs{KTnq!1xLE>@OSePmvf$Reo3^{MdkcC_5vc#`;k^VAE=^{_XZ7k+Obk@MP<5pi~J9bt@7|iYUGulJ46(je8~?Q`;5_RQ%b zH%bw#*rQ=)0cUub4hmX8`-O^t&)X=t{|JJ*W4y=%tU?gh4n9J}er59$jz)S<)_m$z z4X(B!YNZk-&9_?aF8-_~5F_L`kn0;qeJE0cFvX1+KP&1+MG1M+4a`=r(8HFMK{ZRv zUVHMbJaAG0cTCS;mY_;oI@~^gv#+ZXh?< zyjv%9JqeT{j<4I~pw@vMP411U$T=#*efk~#ON*Yt!iar0`eeaL?`p0|0IZ`2(_&AR zUspz8GHR8p&Vur&sMxG!rj~Np(GZ$A`{`8d8>5Leimr$pn`@=2eZT(njT&-0T$#%< z?myzs+ASOe=%ekQPXh+$1y$qJfl`gVWnUgoeLf;y?Fu}Mbz;X`)aBBJD9aMxvdlL= zTIz=GS(bs4L%-$2MLn*+l6Myn)vKs?{*a}z{zm1IoUo4}@Zd!b^9U={;O2~Rlu-r5*3pzU+Pk5nnzb@mY1xj}@>fDVlP1vx_U3!#ycWO04 zk<>s0?M8O`2IfzxUGU2Yy-h#SyKugKutqlBFX!HZj&>12W5^1Tp}GK0FzhR{`**y4 z@fZu4x8hd46PLjcS-a*3UA`?1jEETbWpI%J{+8Za%kUrj9^t#P`=sD7WW-G*eOmyg zQHqmf(Cg5q&T=R9gI^Km)xg1X#O4Zc9HE|;wWIm@dUMJFh#wmPdEdp6VA2pOm$*XE z8>|IJ7V?01K{A6Y);97ej(}bED*6O_OpWnFt^6iL`I!oH)ZOAa)s)f6%(UCRe91>b zM5mP}i<}y-6y)!u&I>vn&Wkf?k_EKE0-NWJQ5fwM2-c`c>%>IQ$*o=VFIuqa)AS2j zFa%&>p)`j{)@mkx%|`4j|0|r{i;9+Xi?pXcm}ryu<3Pv zjkRahdM2)!O+L@k~Lb*U=kr?;g{hsJy+BxW66g*ivDRv zCRTqA8Z|g|&o>$K;sGd4t7_la9#8x!S?S+I(E52exRa1u)+vc>ouU1b2 zjR^UXf%Ulg+}k4i4`$yGwt{6ygK7BVU<-bIQ(1eE=Etp2Nvx|Tl#;m_{{o~$!Z+z~ zjwROwu-3|>!ysgBieD=cZ~nOxS9&H{fSST>;UFW_^y8Ei9VDnSEfNW2{Q<+_=~H<@}|GahWJr*tz@P}5DJSe zaX)@Gj}rX{;)i5^PwxK1Y{edS6h?rUl~LyJ#}Ma0903x8IFYo}Uuig=zl!*P-(ZSO z)Uu~O?AH*70?R!kC{49d&JWye8IdbCQ!P~E6gK8Qb@*8X=Z9p^xsw#u5yR6i;`%$; zdgM@dKj!A;s?lc(N=e~ven!dg)MLa!aiy=$zln;I)QGKL(+>5`fdsMdyhRu@#BnlW zw!rMel+DtWU?YPowXNzZQR;XI^3jF5lLW5X_$W&9^(Fk;fKgt6aE+L=c}h|8oFu7- zGA}vgQld}-Un~*Ze=)N?*AtJ21`G033UzU@7#qRt@))W+WVFkFd*%Mz9yq%M7M&G> zSHEi3NOX~ehlj{h^r9zHZDE;fqIm!hg*yO#M3zGNt|Z28Sd4f}7*X|!VbEASE7HxJ zC=2Q(i@Z2*DOEFVM}3|fe*g=T8>C*TK^bL$2_sCIHyf1UCVonOZAsGAXgNqp<=>92 zIVqP=LJ)i;l_#)>d(C+Rqw2mVG>uX@&haB69+iu(=A2nq)fN(U=GQ`sv2G<_+|Fjy zn5j^=em_Qx?k^!&oM2Gp@#Q?lc}3<|Zq10PuE;+-U)y`D+hOH*{aRV6BQyVFzB1p= z3)5MWRrv3y3CECNzfZ0_`6bb5c>bk}FTvj{Ny|2_row+8=J$51ZE<}HNFG?}Eat6Q zR6Ajz*ra~|uN}H@*bt1ubF?})b40SUhVV2)y(i9y0FE)o?9r)h;eqT9@3u60$auKr+1vgd%;lr`w=9Lfy=}S zXY7q(zuc+z40y&_u1ZBOBm1>V)6gynM}|;-avd^u2_x>8YAQpJ6@`v29tAL>vRh=( zbHMwd(al;Y^RZ+yQyAzd2gqbKJBmI2)q`XaSNaYyhv9?@x3QE{a$9lVKk=xmRZNU> z328MWyH%OsQHYjyt6Rv7<*}Y9Wo~z7yl#-0kh?f*<6ibYp4fC3+`z6U-BL?4rahpC zf@F3LdGA=23{~oiRo)<3)k#e=4VkpY z(YKh%&RZjz*?xUGyKmV~PEw9z1iQ6N%Ca7?o43(G26kfc)Njr0gyufiv9r(k^)Xru zPnk^monnZ_0DxW)T*(}g1#E3P{YP3%6C_JS=~@n1y!*6yzVU8b?Tp4_#3(wuY;e(V zc+|9i3o{ilW6_Vz)jpzN74y-<799J-95xluCajJG-0WwmTHG5GJj*4@Uih$Qazcn3 za!vrhd5G4b8|vNkmvRLwu*w3Dc$6VB`aDBEthi-{$<7QnCRlZ|`(D*bEH|tvf=P7z zcWoMNcFHmpV*RQU+A@QV>htmAmkHBTgD(p3XW)!O3@3|-Q%R;ri@tZ)S;V+0V^K_> zqhFd`O;W6SSx5rQ<-D!xX3qRdV`58&l+BfGYd3F+rLc4bK0@;tnqS^m^-<-$slRYOEj`hJEw{x7^oP;RDI)a9ITZ6$S>p0uKJH)_Pk1KB<)6BI? zbr;zkx8{+;&UKk_5JqWCDUJa#vKXE{QiiUp26V) zJxv5sLaxcJJkDCwRHEcL?`Zdu5$6x9hqV_F!iJ}X@a{sEKY-K*kMK+e*bZ^n6p=RA z{BGqUtT)!l-IMcmKVjrD1N}ghy45h`s-wWrxgBRy zHuwx+n+snOLqM*mt+4OUVTg|3N-tLLr=0eaqHu%*79YmHG%yJCNOQr*j~TEVL3-UO z`Zd@J!#h7q##rf9YOo&TMXco>Gm_eYR^j5U{!Hb5kxa%EE%hADK|`-1b3t`lt?REM znb7XQ^dR>gaR6BS%!Jvhpk#_JPG19M&K(ZB^_7&tmBR-mR>dvPg!KSgOY?mXH~5&? zx!`K63u9%VAyCG+-l@f$v}RQ!B@=_U$qVL+v9qXup*xB7T|5hF=vOj(3f*l{%i8#r z)zD4gAD#%otqpojJ5ShAOzJJ=XX0U*MVoFD#DSCLYJ<(gX?~Dtu|j=>88KcLR{#dY zs-oHGQf^viQ}UmVw(tTE%`i3oko(<$0jy~*HA4NO*{nOPm?T5EJs_(h%vmoD|C~UK z-X5A@XBs$X)gBoUXO()3izvbb!`Wj8iL8h2qlm4_(>o1OGWiiTCyC`5&}+8G8P zMyE zB5oYj+leMzL^mGnIWJzBawK}oG|zf?NMg}YuYgm(ltto4aukG{8zCrtnVOMZmd7GD z3Ze0!_t?RUJlVpVg5Q=eKyWojo#x&y;)4pAQ)n-gdbzz02lN`4ytL8~$`1*vRHSkB z7WQgI*KF#+auW_3P8;}*aIXG;bjZ7>fZW!efS0@cKUn0Pk{0H4AewZw!!vJb2ya8N z6)J|n^3WwHs2tzyy|=sgXN}PTd)4~N4k`x?Hhy5TZ1Sk=bVfhr)Mt?c6(c9Kw0ShZ zbZ!?DBSUk3WJWB4i=%C43Pl2?oIY1P#VLP>LthQiHiNB%)R8P@9)xebaf(quvB(h8zW zB*8Kfiu)luLYyG{|oKk!*8e6RE||zy>8*GGH2B9wpELkfW-CV^VowL08BRr z@j`|rpjb3y2HyEMk>ZeD87@qPgc_s&FWl%Ps5W$fsJ_Zb)uyf`HefM70?L>q?kDt^ z^>J=cWs@-pAu6=QXvO6DhZZ*mtcea8k_i<9_E+Gy`6eMds6>GT0`c!!;g)Z+)pEK2 zDm=Ar^pJreNL@u_KVXlLMXRnNH0UT{01tp_pk@sFVbXTIcWwHM4IBI(O?F&0L4>wP za2H0?wAFIQFfGDXJ7$e+z@S_26YZTG zipaCb$B4_cmhHc@-7t(?3i!ZQ4PI9S)8W+`sKLvh|H-}`*44#udMEjDZ0u$ zim^*USMBe*a#ZMGXfsEh;Im zs`J<;_M};|{H)Z9dera$wmj)$nv9o`+3gf81Wbse?qU#IFqPx1?5d?qr#q zUcu}I!M;1xE(PULr0Qg3o&#uA=JVCrqk#t&(ACh={>fnE)<<_7i?i9 z_%P^ldpePSG0%i4Mm_I38mrrt{zcu&ONOW!ZQ0Umnc+cbG7znpa<-sDwxd1?C-=kY zl`d&QGKaITVGl&DU3}8fOU>tBurBg2Jr$+*EgyZjk)|8{yqoiX=k@>6ktlu!6*tTF zzN?%68HA$!K!-EENJe~HQ@=$_$nFO}2t83P74?c~Ovs1!J{xB5>4qU0DKZ_8IWpoD z59}>sKQ9!$3hCZ?!g$jHg^-y+JM93OpK9EljZ~zr&Lb}E$JK<7j(J+ z0id9gXjdohaR^MZPysePE30p#f&HtEaZDc3<@K6tJ%LG^pAJ*d*AcsWIbN6wLyXC% z-qgCG7z*N%lrC42kH`%IE}^Xbib9lWO+Embrz(wqRDX|`M`PLL=d&b7Z|ur`DFPSJ zlGWXmV_iJ~+{HUOfFD=uIW_RbY*LXHF%`=3&@G=#@KMiHL0twuYkQYTFaQ;8eQ|K4KCm7rWQo5orAp z55h*m#GFew>aX1A5oFkcIE!>V`U4pddABjD5Vv77QBmOZ_;bf;?)qyAEQ&1~1sPG$ zwVwXT0Ql#}zfA#SY!w|In;9rkllIbnu`_=T_8PUZK1 zJu;AKXyd!eaNfYKLf1#k4g4elEgLyX-$YhXU{2>@9#!NcWfs>V5e)IAGaBBB2v960%)C*N}7)(ORBZ_`baU$}X z#sOP}++s!gC0eX{mm3k5?S)Utlg7ygcPE|H1QcE%qciWOuzq~Ki5{leOR6!eP z6^VZB-Co2bpEQAiddi0|RTCbQs^ArAY{6?3_t_Q^Ba3}>dtT_H;ug2z5Kp4p)?u+W z*B?K#Q9ZC|oQ1DnU95qG8wkvK0J2k*6cvvJfq5Wb_8ZV_?ss!?h|wKc4ka_bmpyE<5RKS zKfAgP8}W!w`yAeG#+hjjSZASMo%EleUc`Zh54!pWINna^Dl8gb$|Faq>ZQ7@nUbi4 zKIjGy_j+uLA8NUSt>w$U8Aef6uh>z2on>Kg=Bkyd=aXPA+;aVPkZEZgF;?J}YT2&! zz)X%?jvzjJE=WSZmc{|@;2rx=mityPei zed>SbeO+1{2qgSz8-gD6k#(?@d+mm_Dq+tu+(cIdv_RYDH)TTcn4y&q>` zSU)Z!er2Kr%&ZJftR5qW9EXz4_yiZj{89(_iRGHMk8Z|M%G}A8bt3-;(fPNyv!+YR z1jtp;W_Ze2BA^_1o~nYefY`9tyJq9aj|z=#?kI6q?*VL6`@3~&Qh+{K43?tPHGO;U z`4S9Hft|u~>_s6dsEOzXyK-SAPcNi49C}_*<7S(Cya;D1PD-rMcaM zLE|y(di1pFOqL2)a?tnInfoG);1#|JmF>HjyVK7kBE7G4oj!m) zc7Sf&_x8R=OYg68C^@w)-qwO_{N7aFDho;Xr^^I163K;4=5 zn+}PoI^*!`!;uML<|`+gVk@^ z$e4T6J}o4HZ`A@DDB|M@_j#A{WClC1Ka2Vjk|Z*}0M(>{I#>UAoqV1=wB77p42st2 zSjdTwkUG97=bS0YmDv*^Elgf&E!B6D2W5QTRz);n%47^YcFfW8E?YhtB{b{tG}L{JY!_?(M+{7-$Cyhy>BN!7f{a3{l?16xEz^biHT zHcBi%C)!1fL2N?5v37&g$}j%@H`VN??R`+EiJ`;`Cq~0XDi!g2r8%1F#D1>?uj@6& zrbN&wK8ECBlk-`tneG>dDN98^DPaCq(zZY=dSp~|;JKY?yjBL}yBekGqrtVkf#ex~^U6DmNRJo} zU00=Jztt>O3)K(iGLSnx6IPF|P6qGj{{OCQ%Kxrxo9*Sg|GToGpth8|^B^s^e3^n(I=cUl#gDNbMvIt0+AunV41l`JH`2U_=d%gD4w}s zu6kh@?O8ha>ntHYvlTyjCKRv?wzKa9A`nzzMSAI`WT`M8>v|lW1Q!*U<{X;#aYX0n z#*f}mqieSyvNU`iTd402E(}5CqJ>%pkp)WxPL;JobCGk5LFW@Y`+h0Tr@2LuY*XC< z0ESiBw=z96;+Ef|#Qdod9Pu%@MVS7(+wJO>r1Kmf(2ki~$xH(b;!sPA(my7DFt1Lp zd81t*QA%BuTrRBBz{GoS`Kz&X`%SNr1_3ck4VkDk0-y;FmB*x8=3H6OW8&{L@_ zQ%Gd!t|kA=$@!V3J07rlF^~xF!QM2QeAQ`dkqQ%V3`7~C(kaRCz4n6b56h`O~AWu^RbA+(8!;v>mZp@tEb z0$2Doe!TCKpwmutlHzoj$1}GcZzZHY>57P5wLny>Wu&h?T8LVt^k`8jZ;RZP2=)ze z^T>qkcNL1WcZ)J@G{ThKbeIGlsbTAL6CyAfWxv~aGOb>Z1~Sv2B^(Fr=ZO7^)yu!u zQYVX`^D`j1av#P@+$(NIz}>c*Tpf@w;`6 zb`RbWCX5pt5U_Qir>0CEqvKlvXD&ZRl+oW)2v2S7bn3w*QiUdSIo%;q)O$U9x^itf zaw&1?Kcu!s6pUjWcD!bm)1bVmFl&?ty?=eQfIeJ^nxM8FwV;d1>wc+q!|^ z^IhIgdlblMr{=It&tG#c`P8y-wBc>;T8-*Yh7ZTWs+_JphYO$KX<48biUIZp1PHvU26jZD7^uJfA6 z1RE=A0;moF_*QXo)uK)|mvq__2RQoyhKGq&s)oW3+#cuMmDxsx7$hN>y3F1lLB4bJ z-ouNuXRJk;K5D6y9#tW73ODefm`Hz#$|+jDd81ZYNGGS74u}_*QHq$)8tO9R0CdaAGeqPz-C!cDw#Jt zDFzfPiB`$Y{?%fT%UmHDdF$Xf=o_IWDnha?waTRp!B)x5d9N7(5Ghpf>lkYMbFB9Z zKFg=_%M#X1`&lR^M4}}ODa7?HB@I8Kb&lc6c*)Y50jPE01f54uJ9$oxRIF+nfV_TwYkTHI|N zE!tTf*$NiGpO%>)707?_$n$lz$?@0CeZKRUp>SlSNv;928Wg+gtqSYusRf(~JvGjjr=xa85UWTWfdxtsa^&z3T05+Aj6WcCMk@7q3biDRqlqY7Z4aA_tqP z;;#SiW2x6r)&^nS%Q5bt_Bm-OmrF;UJ0rjvjBjq~k2s;aeeS__JUHz^qZ_t=X;Eb~ zRK*AT^~_@QRP2;G9;QXMnOjEY&r!DZu#hn}rM-z?TnYo`x7+YhQHfY|(}dQHkFwzu z*MY9RgdBb`Rt-^}PV!~*bqqQ|3TE_{*?i{X8hm@#>d=abK2q6c^TAegGYn5T?+>Ew zRh1Nit``!Yrl$v-+PzF@*vkJ#&QDp`%~&x@JS(A5B$p3Mtd=>3lao#m1$!)8mLEjE z<&G_ky+<`qoy>17)EgO%pgg<|OwK21Ni!~rWnbIHi}tS)6Eq%M$7g)_h%_W|f*dZc-N6 zv)=wNjx79WuyN=uO2PvTnvX^awEHk;Qik=*nbU9t9Issjk{I@gnsvfq$w}NV>1J$p z+}mC4A#w^VQdU;PvgP>#@P_>Y#$hIKQLRzhrbohzACjDq_Z5W0Kynzprt1z)Xj$kW zp-lpq2=^651u#y@J!xnkp@gG=L$IKC^z*yy0=p@1#g`RR1=3Q+N7=Xc(_x|9d zlZ(ag46orK_LsX1P~rj`;C?Fj*fEagBz{qM5a#;N_na=ThZ zdh1F!BxV?o%u049ZfTnS5hQlr3^Hc*$kOV&d^qzD5fscHGZZYFP`ZiEb~v`qe9pJC zS+egh=d0FCI>_JWd7I6gbJ14CVDC$eIK*?xnNSZ8AAs-(_=kQJ0oft<9Evq9)Un*$ zkzErXHxZsl$OuA-zvCoWfb#!+ur}0g*Bdabp8I_Dd@^# zB~T#t1Epmz` zpp{ZU_8_aoo<@Vsk3JyMR;F6sytKVOKeEEyDU(tw8c2uzZa zHwx=)FPOyriB8v*4*~h}cBkwF14bI!;)d`yfg|9xVj*aU{=EbthX5i}%5fPhHslK5 zP7ADX{e2iZN`N$EiJ0_)ACi3pPE|ThGy8X)q@#}(m2NgyLt#cAR}{Tuv?pd=sD1yN zYK|;7?A8TKQO-;3kHD+7hV?Ey(mriZPe_6PxbdzklP>doHsxeIxE~-1x~6 z5%*(!*W%*NDeJUVg#7#w0tC);QbtMUD6qEC!bIoVTP~T+4rF0tyjY8P@L!PC6m7Pbam?8C&OiIoA!(|FrZrWF%pO;4ti~ z8p*O|PsG@^>@$tJnQ)Ojwhj40FnL~2wT#5Q)~ShstZQ}lB4w39m_xXSn+2YoIij!y z7S+`V6AV1N{k#{0t~0o$_+!*|usPkdkKFs(HtM3=XzlH{;T6DWJ7z=HSX@l}8IF9# z{%@lgfnS8$;u;5ZQv#M@SAY`O#Nj0-*)XnNTwvhCb(0i8$)AW2djUobXhHm-@Gk708>VOZ@a2k~0pr?lr#0=~fZjj|jw)_?@ zqfkf}>{7qDn7j}iN`9X3mEp;UsUU&dM^(>;QFLu)YbxDNZmY2qtJqka>BA;g`jgX! z!zd0zm+ks>Yyr-|0-to71CxaXMbJcREZ#*|9#vceZOd&!c|B2r=pD*`fBNDbCZE^( z6Bq;|PJ!Ma`^muR78d)=?@4cZzT zg8U4ayBSLbQmE_xVBBaWFa#*4pYp91-eh`S=nMMhTyFjN?>sXmar-aiwJ|ZVPRT=&*?$<8 z4&7~pOmq8hNkX22}vZ3#`AxT4* z?1OOOpfa*1zXW{IVNgDjsfHF_3LY2%&i780<MQ- zkBCI1Gw_Hw958MI~4}%aePu&1~tx+H#vRU9I}%BVBmR>}<; zkSM%Q9%>GisHzhqD-6>dOH(Cr`z1N(pH{fMbFoW|G6W3}A&eRf0D}p)RqsPqn52f) z@35o_QN_6dpQvl+9BL2q#suHBM-Xi`KjT9OCTjrg@LWK}=R$>%6s*DA7EUYysYNyx zW<(b&dGDFLqj`khNC;jXA;BF58BAFXPs;u;4yXZ76-Cyl`&NW(KWdc33}7Ebqi|!> zK%{O>Eqwtsx;EA;P)`+Gsk1+eQX`(sZ3)@)<>rA`iyNO z+#Himn4^{}Ibj#8%3L-V_wr#U43u0m)&?_`fgxt>($BZu*au`OAcOfE#0OPJZo#dw zC$KjK)_|?kImZQS6~t4%DRM-lr_RC4H&HTQ0!5Aj{g4Y^%9JjX9_s{4F5hALA)x9y z*?r91TUADi+AUO5&$>+?PTB51<_i8Rv{jZirKP6RDm9<+jTOcl6GV->YmWOwK+&FlqJSX|VmhF^vxj>zT>tg);~=ECzs=>PJ3gDY5| zq+L{R_36l zD)%lXg~8}yoMc2k@B;6xCud+aLRk@$1KNwDVhbW|7ylLSpjURbL5?eI9969pQo7WR z?I=b0hm+(v8{NTgFMEWsf-cJQLH%8QzN<~qo#sBLBtQ-9o zp1ITNP(1lh?>{4fyVA|i#sUEYGEhtVdm*4z;s&%c3nvkl3E21$m42ugfN~?N>4Aix z#?13vO;g=w4yO_@R+4tMLYF?rS8pGfoE3{uUv?w^3rPv&0)!!%l1(vB56WR#aR8AV zi^>vrDHXk7f&t1ygrv&jc6M1W-cj zqHzOuetbglO{|140JsDGh*DM4derzu0vfaoy-aihs|dD{D|M3HaK_EoJAA7*CRW48 zc1kMeV1l@_(f7a&IfxH;NX7tJi?iQ*asF=z08jn+57xl``k%|u^AwMV6$SE0#_Hr{ z^nu&oU^?nm*#0$MSYSFIPKkH%is;si%5ZD;2dNL?t*Xqxh6gB6tOI4SiFAWdQ8nf1 z_Gs*=Fu8&nv>ASXR6qf=!Xryynh*XkJghDsK{r$#>%7OF5;|kH%=F`MuxZa|u-D={ zc&oXi2}mQ+Y#5gb5>Nrjjc8V*|cIizR3S_%}&RwGt;N$PhEB zJ0c*5yjVfRIY5*=JcQm%$tz3gE_LtCbM3LCP=E%r$qL)??9{pA<;0-%`|KZ0*F)dC zKbqFk!U{ z*>CEi`8T_KU{tg&bCUiU_S=Y^0sISD2(#(py*E&V93b9f+wCZ{oQ3m)ciCrI>xp+~%O5_fC4g6_p$HZ85&iVdh zlz2E(580+`g|BJ`j4?OpY=uf*0XmI*?S#+hCRnWWVvO7qKbTm;H`%egAlxLBIp^_F zQZIwtZa8N&Qv+Wx#p5;qDvZ~*9LHHRS!3Tn#byWD-GDr+>Avk5Z4pxh!vrMN;&@lQ z5U+w=jQzbrzI}_&)!?bt(r1{qw)uF8jwSXmOB8uq=dZ?dRDcKHIMFUiMT*OW6Q7vb zRSH&9Q^}(KURPuqK}u$7C;@>=9Q#=a=+W6yPXhPUrzdHWx_(ssl_tgkg*>~A*benZ zre~C%9nOZnPE`7`WLd^y7&exaXG^AgsmWX=l4YtXyHh7j&_w_jpdH(RSy34#{}! zGcqe9*eU!o9NjYOjMkuMn%37Pb00hR(<|Rt5%*-%y9JkrycnN)pZmj1=sJc%qIU%` z177C)WbXCA7|W6Lqd)mq(v%El)`z{35z|vgea~aQbboU5wK(xa>)ErmO2LPZ5G0HP zERUxFL0|94*Bb1~rZcx^sQOtp$X)Vo@A(yRIN{XQ$MYd({ixO4yRq57r@;Ukb@nXk zxzfWzhnL|!cQSmFh2fi~?WmQ!?z_o3ZDh~0iNzy)`@lFXBl1*m`5ck0!d=GxN!yu= z@cxwWzmiTx9*tC9pfp?*LN1KKb{`rHhB%tVv?I~@>>M!Nd4sL<<@9-}gxl%`bI@UH zSt+Im#|irjrDXgMFgyK{KqCmJBR%whvwOGH*xArbvg5Rvi;>)tBU2j@sTinqOAVW- zp0hU&dlaLPK<0$ogv>Ci4A5;yCD&|9hJI1lg2z(YfEo@m2aFu1Gy-J5(t}ivIJYk4 zOW+&*IPi9eYXUFnK=v{4f`>9&T~KKRMxjCMG+zOGCF40XAh$tt21yoo8NFW2vPMHz z72k-ykAx5kz~x{#pmi4D0Mh;hlh(hnS?{uj#8_@D$yR`e)@@I2e~*q-N0O)6i?v@u z1x6IoQ<3UYk|jLc<8JZN^Puar^4%sCjb51(ORutpSm*?C2&Xn&Mm1cB0cX9$QE|?s zHg-7Tlw=#1=6aQ2@IQ^fuH(hk1N{Sz1&^9}t|g!=j8b<2}d7St~t6Kk-~nJOQ(D^B@@F@)%*F}e`z z`oqrkPJ~DtZk{ zOFh~Mp5W2u&JCZC-91m}DJE@5k`)^Mk&^LnmTne zE=4$T@pjEYHjX?IIQxbA`^?1(*BXDKWtHL6wW$)O4D*Js^Xw!tX z&_rOhIS4LNXG=+%B~!e3e|TKX=8?Q5A=0rV*)8z`CevCbnrPQruz(N3e~|hSJH=&f zpK5~zwy5&AJ{lYM{uJ?$^p&eS&A{*87)sVg<3?YSVDVV;L!79oY&cKo)(kUPquDHsak%{&X1|2)k4aP#nRaVuQwXXp`O=J=c6z}sxq1Br zi_3uyO(4oQqM3!&7(z}qu%>GCzd&Kx?K`&F>_+Xqg2xz3dA<@-d|5i3b=2Ga`M%*k zCr^i5j*+p=G1S>CXti0jk(ypF<=R4O5R+|$CCJ9~G;2Nqsbd}@HQPm3k6Wa_+4!{9 z)T2UV0;}&-W)0}?Df$3zBQf1x`}JyzXA-QK1mMr*nbt~dw#ZW#6#D1wWydKdiZQym zcv+fuIw)dSd$Rnw3{Sg5nIBi2k zZqzFdapQU8?cLk%S*ml{OSI%aZ;{J`OLwwoZO>VhEGxWLiGe+qx9^vJOWS0Vn4jHc zO%*9WzYk|dk#G@yC7i)U%5uu-yd5i-WW%a3aV}Li(L(=Xn*Z@y5Xs` z@|4%aV;}-M!E0AL z`oI=(n=)!!iqopfG;8+D^{-g7lEAdmW3M3>H&iL^WNlB`wv=SC2x^sU%+&tYT+{G- zmViZc_uHwFAg@D{ug?jN$9?AX7t-MDs@GXY$umTAgP?O+p+SL{j|SvYX4s!Ck#kg#qj0_GtHkL})F66c_09juP)&#|~ zBkZ`2xFxIA3%Sg6uGypXx*g=6wO-5Q*kS4=6EFF(tj7sX_SpV{e6xXrGLIPf@74_>5xkI5Xy^%Eb z0>ws89Spj;M)F^a*O^B0^`8x8SvU7f^h-N$#1Z7wS%VDCBukk+xX7i@``={3H!eEP)Nimx0zXz;cs$>aLqGjLP7thnI8 zQFgd{A(*Ot(EQmKEaA3np(%%)xGf6qGr8!__8C)7mOTC9FHBWiE~DKT^M1CuXM_>0Adv5sqKCj zSb}Z}8?c%-TDdy!MNWLEg*%ppW*xnVDJrBVI`1v8+4P_t&;|Z59Ap7;BQxyAnKI z>>dVHKL!Hj;W$!32Hyh(uWI`dy5Rsd1w>B0E&GYaKGA+{B9G)MkKrQ|XDkeYwADE> z{dD;~yfsXg;Fz1#ohK%Cen=G400PjiV^Kyp3yXMsRKdb3>_Qr7FU;9plj69RMMl{W zl4ED)!A0(f`*_+TFQW|O{+*phNed4I>xnFPBg-qB5za2?OcRc?oqp!GGT&&ksCMdk zDm1cmbEG{NaEG=ljLO@Lv95m)X{qC5aq<5TDU_zTPcFQn6YTV^A`sk4Fl ztbokl9+YZa7i%(STIv`%rU|>9lHz_v@cT@Wa^Z^1Jkp64JXnM(YE8#Bp3+f}?Mrvl z8h?ZHpo~pGKK=ND3<88SAcgIP{M~-va+RFx_ocKln@N!1_)h5-Ec1aB1ssvJ?52lY z;ez>?YkQ(reF&!7&xXlwonp#Ke?l-Dt05i6%0OwcMOn5(_GDf;TgsAewc$MjhnXSc z-N=ian%z;rZv9~t0&GA0IHmpoqMHfa3E|gh#KywL*~Q@)y2N)^P!AMd{_I}M%zrSO zdO22`)F>Hp0%G63q6qV#=@&IXlTH_%7(Bqot_iw6oTjQyAcu2`*4IE<))WStz zbqbOrM+9yr!kHb{Gt0j}m&*B=TiZE723<=M;9|3wgg6mKXe!WL<2EMKsk7Mj!5BmX zre|QK!-u-a)!tn^2t|yW4ji&2AMwd%g+jcz^BfxGa06IxntPgw^H`g(zycp=E`Z)_ z_8oQkrpoUs(tNeI=TeqrG7y+R%- z{!aXiv~N?*xOhhQ;p&KmitCZ)cL*s z^j&yXYd%k`KaRdR@n*qY8i?;yA5@<@pE|nR`Z1#ex!|$5l5?vPpd`C`nmeto@d+^4 z#837=?VwH4?2%z5qKt65ISq#XvduF`vpVf`btSMU>%5_8b~!-vj`OWrxdR5}3Z#%a zDpVcKQ_r8$dxv?Nzpw~;l8k&mT7RXACvknuz1vdkxk!)Ue=6qpDo?(>!SAQBm(N^JKc&B8wYD$Fb7LRaQfFPvJU(so@hC3a`l0;PWWJZ> zahd6{(ir~PwEBeR{-J+XhE?XW#gHw*118INY0hctB7JEw5wVKtuuQ#?^mR>`pvYhU zqTbqLh*MK(t>zsIY5qZFpFItGm#<2v*8YcRvEI+Na#RV+rK@|**u|5n+c&f zc4vFYG)qcz@hp7j5k%#!CyeVI;~-t}A_UA?=fGa2{@A{7cL+SdkcqP^jd-`oZgDY6 zdK|+H5Ugp8M5u4Zlg@;LrGMVjLs29?#WsXD+EgZCfUmC&*aK$I;A-oB8rPiA4|Fhi z?DdsJI+yOM0tV|@o~?MQKg`WnFooWp(2vOcgd=CxA~^`$iU+{72vC9Lni)p}HkAH$ z`{!^Zn{@$H?3cUM*J9OWl6Q6#*#(jVxUGE$Rr9b0n?4l&Upn-5e>N7uLg9E|O~N z_e&F(c?i#w!HoZ3(Hak;z@{dvR#pF3S8DEXa(wbZXKcELR9A&3YkB!YjlWevTHze7 z$Lapd+Hwp4wj5pY0>3@5jojBLOW&V$NoGBI$f9RzI2dBZ`D#IA36+u|w}m=Kzc-hk zv$8&cdwkdLQ6LiN-|Kc*yMG@t>BWQ*I`{b8z;;gua8b-DRE`c(v*C#jSWEDIqqSwp zr{$2X(Gj>|2WKI;)W?);%H^ww3~Rm;h>EotG!;b=EQjI@qFyD1l#=^;Nn?-$smX## zwn6c3wUHiOsXR5`(=%h^>;g|}2*R@>ajmT0A%Gf2keeK`cK?}j?#gF7Av=YS&_v0} z4hf{{jNt~|L*r2POC=k+M@8?46i>QJiFi*rmENZi=f<7rthjMOVoOy0BefDan*DZ8 zc{1BL?&#n`sV}zO7h!VeV%b}sxK`N>rwzYD$iM#KM&Ak0c5I6WObOFP!>y|P)YGGV zU$}c8MJrmpX9@h6J5)oAHwk71=!nzaLt137c{iG`|8X}i7$QV@EN|TGrqJt@M#&Qw zD95_9`hH3Og1$|0fVV$ATo`#Mh24LB`w+REZ%ABudo<>(kwiY3a6FoyjHkJ~DLfd^ zTi#9c_$}{qsg{@*w*N05YTlD=7S`2Pe-W563i53Vsm{GLH=e-caSAui5f24lH_B{a z()KhtDQ5!-9N+{vB%T#N`6?8L`iqo;iT^q+?dx?=WJ6~YeET?&_h8FSjctpWS^CF3 zUH8S`h(shciS4G)2%ZzhyVaVGV51f+mf7$a*g3jf469 z4L&Sh1>kk&3ErsQF|htX<=fMGwSR!pu6DNVg73g-_LvJVqgwvw`_wXnPxGDkRM1qs zjQ3(J8(!y0{ACPTJHz@_1lQTiEE%JSaxJ=si{%$#JX-n6X;k;xI=4IWUsp@>CS)48v5q9*>V{an(0X^@BFm5TIH+7cXTn% zB;q;=HzLw;+L$om=kiSDN3%Eoe55Cle-Ev<_fz&fIC^XFd0*+~U5hh(+QF-2VttwB zfxyLnKG}wLp4VOe+I#cq=-AM#9GNQm;s1v8vgT-0^1Nx(UfXs*zBZ$jH9jDG-T^)F zf8=QM4;Pu`H@w<)Pww#XnGy@IRs*7O{e!r(pBy(*XtAUtPPdUwYDd&%ZZc9Bd3 z*gFdW&$fOBMC(7?R>}>s1@2X#0{I4i38^(x8uLmf=A+E}>*YX(ob>nBljj%R%Fl z!oir-FDnTjYlK<=7cAL?Kd!OPKdf<+HPYMG#WiukwZlO-=;VuaMIGWiB)lw<8h|IY z00p@2!;9ZPZejea{DLYu=8H(Df#HRiOEU$e0h|@I(lTK%LjiK+W|pjGn*M}2BTX9B zEzn@HH_b|vW&Ndrmbh5xN3T;2^7TIVz!t;LOFztl4T%{zxg~iMgHLWJ==H9_Lhvv6wN~mbSIUXX+LZKsck7rC4uU`FF7NsL-3J9 zZifZyDamG=T*ij0t;dSZrWBEJ4S}vTQPe)y#UI#zZT6*y{!LUAkRb=o)%Njoeo;XT zkH=&i+^Nag=jn|Ey42I(n0xtOOFQdRs&mRSlbBwkPdWFW{M%j(HVu~i5=K}d-*q37 zrg+SQUcfUjRLdfq+`Vv$R3Yy)QQ|9Y2yZd$!H-0^*gWU`gdB)pXy@psCxmXCAgT5O+EtbYmeqVDt z_+0YpOsb!(Pf`*=Ac#Ni0~JXUci1-a`s+KgJto|t?{?L3Io0T2A$U|z_P5qT@#|h4 zIIZaIz8Shl=HS%qcjn=FyDXyTcX{{P?DG)gU$}DAl$4ZDan;yyJ_(JC8X1x4?8s}| zu@})Hee73GED(7}GKIm~HqHl~8tH^^ojniIj!gR?zGqi%FyXYJ! zvv1o!c*FH)l%!{iPVyAOa+lR$F;K(JiCJfrfplxlSYIJ>ET9W zTXZU{;9nwo581w*&v#rm*Z9vjv|aEFT8F`%9)YRCkOvF0f}Cp@c~&&0?G{&begZo! z=H$+z#o%W8P&xvoSDXU0nX%P{g12G9gYrGhtKN?5M(8J+?ek?|(h(QFc%+5j9wsp< zlJ8rH>`YJyS_M4xdf*4{Z~o)TLMH(-8rIwC5L}UxB2h7!YK!(8222?SJsl#m^YZ>p ze>&J-;koyg4rlJJAr$&)5m%04;8LA*DcIt4blmI-5de&R(*dyVd`e1^vj-u zJ44@3o^aSJ{@i5cF5aY(zQHWyB?2g^vb|f2MfQp}^F$>7cl!^fDHFl?@E=F$3aqW( zAEL$8YHRd~v9l?m%4Cd&07FZQSez>47EpT#niVhJM4z9hQY8k_Y!eXz8D!`DyzQky zRbaYhrCmm?S0er6Lg<3&lXYO5{gbV8pb*bT3i1{5y22{~{XB|HE4dB92t%%>okkbh_$7iA0_t+ z;*PxOeXSplj*5=UgUCLfM*+bf2FpY(x zBPpH8@vZ8N3X)iYHgEJfNHxA{#5DqANmE#A(@feR=O^d(Aq}gc|8jboBjEZTOwbR-_O zLUfE3MQF|G0&axfI&_5b^=8=VzUVar_bGYJ zLnKe;^-|wxpeBsENV)i%_8%3iU|!qJ7UJxHG9&bvxperU^Y#vkA?%~+DJ0(n(jSI= zhKBFi4q?*>g<4egjO#as;=w+z(v0hoXZhKF@ScI{~DC;*qX@@(vKD^H4 zk?Q*0DcWN^P$FNIu=-J3HEvYjUdUI{jr&aH>2UCB3On{`LUm&NXH4t~afJ4dIfs{D z@2Sh%&NLg&mb45nTRQ2DUgmBZ!86aVMjfB6M4op=_}U^5WKR9|nBh$bR@0oI0pSM4H=I~R4`*d#I?@qPHgZSm2als= z8|q@G$0iPD$J~#z*3y3qz5Mr?v13RtuXL`oDp&&I*S%psl;8k*ZFR3K<}YK72;fx2 z^sfTSZs%4wVa^d;r7Xmn-eM&jSiY&uS-IIPwVym*MveRb0{oqKMgzc2#4WH_8>@ z(rr7?$lpH{C%_eMTXRMpiV9D6zK4h-z>NeyR3nwadcMLmVlBzsVYX$86SX98KrH)o z#H0KE%OcO~kye>hBMZD96Vae*)q&f;yxwHTp@1$UwocoDDE(|E#IVrXy2{e)7_8Bh zCiqh7=l&v!a9#3WJ_vDAxzZC1#V(8gfB_@Ok85ykBk^3YIuolmK#hwxY<*a~Vfd?_$#j3+ygnfHF|*X1B5 zbnmE%PYn^aXFW^IXv9xgOoS4$LQNl4zRHQROk(B8^25||CuGKZa0Am%LQqMUkcR8h zLD|$c>kb{FL5Z0gh5McI=D>(j+8Wwoh(@PjH`_X|= zW!78)`(ykkU#fO1M(=-g)gQ{tAmpmi`N066?;Y`8g{nLevDR~X@v`>G)Pm*u9eu3o zqJ|r(zxl2dTiy2A8Y0hmmPxKkSU$xoDN_x?4Nq;GeiDe698nXv#&L>lF>~i?l*7xR z=rrU@5-gNFJaS^jK&BAV(GXoyAozxoe7(rR;+YDcGd_VaoA9zwP1*f3Zk;>!n*(tz z8mF`g`C-J}O{74)@2N4DCJlOZ4?ee*F7k(P*x*^hCcUXSH?6nDEJ9meVkMYp5Cx*u zxRlETTzBY9qWN)l2Qb;~A+F`B7>FicN=^uhT@e=GP?s4%M&^0)h7@|D8E970B2hdx zvU;>bDfh} zgS9%&;2;4z3l!JEam-u6qA{k%WWTl2Xiu8$Sht@Wb3_-W{y~o8B$ar2zG{_tu4T!w z^2KE_@@Lm;F`7mbfFb@)U=dp_O%aP5T^rbb_LMKZzJx{IFr!fp4EW zuJ2~m-zYx2<8`&}Ap3gUa%0k#nvR71 zIwND~l9JCJ)hg_Fv%cnZv;&>Q=r~iIAL~Vt$?Z>ZK~r^3{GP`8?VXTA$oan??z4ad ziSEz@CzzlvNpW#elP)O?kqjhSC0HE$@DFFaCfDkheb>Tgkb#yX?~aAbXongWovj@a zWp)!t7gkql5qWQ(CWAS60>A`Lphgg!i<@6!5vgGc|I}_7S<WmX@O%7#3_1>kY z-R{3HS{N6&9trJkeZQRgA^%{EgNF92dw324bceB3Vw7=A1DjAp`)bm{FMgsC4gdW` zO`{sCy5CzskARjT(;pn#Pp*L~?oq7YYO1Bv>}I>zr+y)HFYut)&qUGDIcv+$d=$6bOhEvqu4f6&Bxh{N%I#{Rh zKLM&oQO_{Wb&g>uS*ak>pB^d#vjVbzr9VhuU}1a@JVBQ23)qn&JkoGrimPJt53KYZ zEg+rEsv7?^v=hw*`=leNI@1XX=kTfs4Qd}NFNH7c>7fFcHP9hU+)2=ZiB%Ynk(^@N zXj6TTGB>e5!c;i6%obhZGfI0;K@=jsR)fk3$d&bE(`0uf-81df4R2VwVwB=QhN$@` zN4c!|A}Y!pNzXfOVbn>Rm$)ZQ>6y7LUiy%~*tC~(5x-U_)0bD>w+_C>4If79%(X^% z$b3t%nW%)#6Bvk#bv2zf3!Y{_ti{Y#w5o8H1*5^x7FOlYfmVsKy})Vkm@OR4eyh}Y`V&w$er}tBXYb}YO-yxRV%Wv zf)_Z2dfvNGNTroD=D5m&EQ#Dz0TMYfcfC_EuX8*lQyjrPNQPt+Se?oq`KA0sp1`H! z8jVHjEojg4L`=`zhk%IaU&D%b*b~$_yt;Qvbzr9cXbv;hN4?o(nY#_b*(xE78i!NWJK^5}EpzJ}B$jWT!h<67ppY!WQ=`cU!cUHTVlwa1k zQ$g_CNjH?D*VVD~l*ecH@Y2-M_Rp61VB0BKr$>5j%w=PtZ$?ji9#u?HMrXZ#r0pB~ zND=7!+T+8K)04j-5HDq!x55-TVW1E~J7f!@=egwQ+Wy0+b2~Eb&x_hH?zmVf((+t+ zXQcD`acU^D?D?W81*&H6_Za;3OS407CCTyqPIZvzz`)kMp-W|l;Lo3k!@U*3*X>KV zcJdW3Oz?tER#UbG%{TR&O2V6S$pLZR!j%WD!>VU{C>Z|tMV`s+ z7ALF_23+f}C~CnjIGCTXB~%z!jlk}-onMlp@y4iZQ~!iWVFi);L97f`aVhBeSm*aX zf*7&~%O>5CT|?TSvDcMPi{YICl=cqH!1X+cS zsw>lv=uB~iSt`gdY8S8JN048+TJzM%BPGZQDz&sOK!YU9NMlv$+!+GRu%dIo7MDLPl0B(^P?`hPRvA-UkUo_}Unyii(s6D73Qil-_gdHPq zj>iaa1#90VbWkxT|i%-)};;Gaw)Ep3PShLr7 zjbIOEg4!W!;RH?(t^gqkH_;^zUTL~yU;np2xP=0PJtA^K2# zH4~P5+Ep1-<+I<}ej5yJ%(~6FT#gaCE2douKfsOYu=IqL{DV zpIatO$=dF=<}ox2{as{7S9E0Z*Kud=e^B*SQE_$Awl3}t!8KGt2=4Cg7A$CR0u`We z*93>c-95M!?gS6+?(Xh6{CnTiPP>maU#qRP=IEpMuWvPXvHttz!B=EGUgf*heq9$r zgz`_!VRIi(XTRc~r}Te@=aKkvK^mKwmxkPimE*7G!h{3&dC#to_$R)FvYNk=?*8ce zh`eoLGrg@W4ybNuUDMlpxjh~LjTKBbB6Opjw=T&vN9kGGYrPTd$%Mb%_&)l^MA_=> zPM$IecHCaRd!JkQbUfbvG@d^?9b2WH|2IbaZ~OfJb~=5L)1T;;;=ZrRc?qh zadc}J8GGI#O+U!+f9yqY~ zbbB8lc?&+x^3sTpO+aSJ10^fnBYwqLWuc9q+LqL$2sx6H&U4xsF1kez%jF}r1**w= zN$2YAjr{9mdyP1TQF)`h7}198t9BLYaKT?s6ldFKFXL*4Md?!oY*zk#ShIE<1xf$h z-LiSOCYW}Zi{G?jqyl)6t?AQPFjHfhf+ON^Oykt+Ou^wJf=QR&aE)-4cE;k4S;!6t zE;Kj^O0|E4k~aCP1Aqp?2(Ysq26xkoKar7c!v+Y=wS?@Nh+4TV!yS`LBJ5xO%2o5j z=b9@KhS7j(MaQSsav{1~>bvJp;$sifVHumf6hs9a&v@DCcWJN@Y;+0d=aw>O%?qE`cn z*$Cm5LJz~F-MQf-iSt4nJSM&CtfwnT$)NV^ozN-Fa*lS$vIpuo(g>S&*yF-oLAX`0 zC-giA;q01V_oxDo1O8DWQXYo7?v|6PovmJV{I5;cg0y+6z-*yEM9treGWtxp3CAA2 z(yXrT2K!vE@=<`t0uac@_9Hq~J{%LTT>o`hw8Bhivnh*Dz}pSgI1~*GMt@Z47fP!g z6(>-MivCq!M=tK;9QbOXme1<8xyd267fxV?6bDWj(NPtvlT=!cji8^9=}9(N(C~4yPQdk2ZcaERL_wv+y}Me zF`LRnQ>h~H3koaA^=yMxr=JazEYu@o_uhB&%yzx?u!rQF%SIYUP7sTfJy5n9OGy=J zkPL3Dtb_%Lng3C(@NGx8Us#;=fQp?89EpZb6<-)9Dpzt%bNx8`CnL{;a-uj(lh}%> z%PlZ}LILid{u|%)nPbI+ApoO1|ka`LBib*%P;vU1dOb zN3G@RQ?1!~N3GjAR$y)wRw>l#*~QW?nUW~0g=P2O81lb%p=5Wi^bN_3TNTGv6D=y5BLpP6BTo;25{cQ=@sKuYr!)@8Pm4*-G>v;U)8; z)kxyr9GOAB(D;{$=YoBEYn%US!CS&=!OGH;-_{?e(9W>VN8apDy!AqE-e-f`2%#Ub z8?i8US zeH$UxT}TsH%ri(to}L^WW!rYmlX#8??@5MY_Y%u@ndRT*jVIWR46BGokflKAUbVOI zS#nXDJfUjm!^Jhux_7>9R!5jhIZ`E5nCw%BmLKJ=$NFc+#w^(H(h_v75s=O`)IbyX zz!oXfeP-Syvd%|tIikRn+F3?yI0=}80{vi=LBduh%_AwRc$kFOHjuV!a^Z>u8Oj=AR7|GDmo?^#rJ3C`LYcg;Mn<&2O9a7dxPa z*iT<-Uq*S2i|GxKX?*-1oDo)x(c+LAy?=&fMy43}u(x6%#Uei?2tWvFk^OVTZ=NMZ z8T+IC-0gVt3Papjh>uM-nifxOnXJprjV`b&vihB ztPt97*sPP5NjV_N!^`QgEbFmBGs3o!T*FBN%2VOUmsb*-;G1k&N%JI9Xm?pARVaMn zkQ&~J${46@N06HuN4vq|>YodYGO%BEvHq2GDhdz&YGX#80Cj6eWA9E4C(WRXEi^v! zH&v|8a{Tt8$2`r&^5GFo6vtaAKEaRU@PtKm27W3J7bPIoP|-gK3?(3MT^X}5S*ja< zriI;`VsQD~%@JZ49TW2{0!HUp+|#LiHy8UV3d=@cYk&ENxF@gw;{JB53Qe#wv2C9xi|O&vdaS}Y@lba?ev6V&&Q2JHkgW)wut~5{ zql^HHxqsI_;$S(2p&totNL-Jlbch4+RKQbW5KYB`s)>En2c3jh$W9XI&$Tz#@moq1 zxPzn&ftAf0I@OmUG)FW0k>_S4c#IQRv6BK;7`<3^Cm=kppXRYJiRNLAIJdy-17v(U z>@ejg-=yKiaZT?A<9^wJHCclrGO9mfnkykvg9-q57}b%ElTZWB|ye!jD;{3c4}?fLj2 zNw*!diby^&qz-?!)1ZNwqxtxYmp&+&^^nAAscg;I_fWhzsU4ql*G=?pcIVkjwZnd~ zI9Q$6o9~EFM#NgZ~VcO?;Z8^gmWww%w!ZLg|7z zA!(!uj&@^C9&c-)&!l9Aqh_xG>n4TN2Ij{iFFw`_VNdJ+Y8?9PKks&)bXc2?Ce;)z zwD&DjL-f7x3E{WO1EK;PYJd(Ru0L>yKn^0wM77xNB)jOb?P8Iji)xmz*!*4C{%#0f zF9!iag2TvXiCl!$RSRPi2=X7ovH9FxBc+t~Z8+{G)x7o8(Ko?Y)ZVMA-O+1tFnyhw z45eD|fCCSPYd3uyZv@ZaBemG#yErk@`F1y!>>C zNKEF=Il}+mDpUcdb4(}qr5n!U>j%`xzuWYuMMn9WB7-wlcJWMQp|Ti#aMa=aZfhpj zYD-dV8Pt_L?=#kwDMDP)d9e6k{;m7RC~=mk#K}ovi}lJ(*b`_D;O|FDw0gh7US{)${!%}R^cU%r=%M-7v8&8~AEY2i; zcQ25ia<(i0iWeG}EEV(f>pp~T>6mGx4TbCDH}@}= zFUx0XwXSH2CP+V%GLGC?dlCHdw%eVxsHR@dJN@&kqRFDUAkhe*5sa6Ij_!hy^nltt z+D;khJKw=DL~mg>i#wsfX|$NKG%IA}UgSjXmNB7CWd5BG5Vcik!MG$V7w8IX_-ErFI7}`)d=@Dp-9FFspJD2jKA;aK|Anx#h7den>;K7WzIZE6=zMHO zwmb$|yf!~)=@Kq(J#F#&{eGF#7t#77`VHi9IWAHybi1a1e1CrR{6`e5{kU%b&#w6( zP;;arS@yBy>E5Aq=C<>-@2ZK{yR8j->kn0o7L$kPI44zxli%y@G^HGQYR8ooRa0Br zdn4q2i`3W%#0LHL>S0BZQisKTn|}CsQQ_sbxrg`=6YqlEVpMKqRH1k(?+3_o}j9i=zS z9?#gV;{q9b^kTvCt@!qP_8&4l$9V^ohEtmaFVH-I2;OvJ6=S#2F!pimaR8+^Smlma z7r0YEAkn4DA}22T;D#6Q`)DE+{aJ-x+W4W?CYkJXQ{?dT@WzhlrS#zZ`7meHK=>uy zRz(+ikG$_%?RDGj2f)viToKCtPFw@DP=gju6`>$?*Pz83TiHd|>!_20I#w9lF#on7 z_}=Ts=c7@2pO;r2D&?*9gtE-g3Xg)OW6VA=F-BDGd|6m@rijTHUVvUUh zs@@d;sN3}94RD^-<5d(~;g^kx*@@8gBml}_o>p1UjmMMPwJzzwFaQEgJdyBBNncCx zi7|hZ1el3lrsTIR#e9AJ=~+gv0W=QdqhAEsW1Wt*9t~6e_@{`0YyQO;6vvH#!2l#! zmQsF7yxsEv^$Ik%{aIszHTCrlo{`&aT1x@~axEH``a0y08hj)Z_*7!CvwUjI6Hdph z0$*{Am=|kTBD`;YIHjg`dt2#A?5K!x_v5<2ZT>8w$=rq^`kwjtgMwKSJl&C47(X0i zgwbWY%0)jw-EL1lz4Cd@Rbp%DzNCQt$4o1CLOrKUq@oZqN@PXmLFN`G%VT7FAx2nf z3&xORSzKO`&FpIJb;~bH=SLWOyX(!&mB&aQHUEI5v@kfUVla_J ze@s_ykw#3OsdPK#cV&50rD2FR5e2ceP zMO<7w&Wyba+V=m%Fskyojkqa1{c}E#KJa}gJZHck!+zUfIJEkwiugwF;r?9N?mqrE ziFp7tsC$K1oVQ1`Uk@gm0{E{BB{+`K9w&>P@3+{`W{)m^7#)*+`~*UWt>BK~ z!z+|Fo(l!GrqfS?grRAxyEyh<$csbPB=N5-D<@IUAJr&K_$S%=!eN*Mcc^1_ zNglw6U1o?oO8zYNNj|piQfqbn)sE@5K{0SF2rS_{%P;VDj>2dtBmv!DRWd@q3E3ch zx{q`kW7Jm>;1+Wr841v?*}YSci-g^hI#4ztQQ;FVFY`p>L-MzfQ4(~kU5E#Zp&5K@-o^gHI^WRTZ86r9T-)MUHT58NX~*|%l1R0VL*)A zhS{BRli36K9fHqKpxskGtRk4N+Rkg>NqgYt5q+Aqz`X)LtCcRrOGDj6RDmj^g$cI) z76(5Axmk+5{ep5cG{8{51PHFx1T8A_Nm-ruhdta2Q ze1ESsjqr2Dm70dfNh_kq;Sor8H2h(j=3LU4f;s;PQqE*(ymcdUyl$lRP!%*5<3&G9 z`c?T`7E>x|cc-xx6q{v#EwZ2Lk!LSl1EAm22YrZ>YBEbw6Yme%sk? z!cWhAi!-BfkYAT?Ch=>^0_&gJ8$0t>)B|k*krlsv7APKH7~=%44OvUe=nSu5|vhd;E)SK$5ptIgt$ZzDXAx>1z-iX*Igh9j(q^*}fN1>v)PA zSUYugwL-5i{gA&mHr6GtppIHx<5JRy+b&w|Mk}TGqYD4! z-2|gQhb4@g*WwR1Y$GZ!w;!yncW0($3u8>%BqVy>Q+eHOHbj6pGM244q>hF&fG>tV z82`d$vGxN(r-kClEaT%P$<_>tf;)AqHY^JeNJm3kwh=Zp_Y zEb&3!4r5BM(gh7idqARqtyBhV-U5Q&U%pA7h$aE{WdD*PBNuAjQVLSK-3sw=Z48l;VWY*Pc%onu&a zZP@eI6{n;J=e-~vcv0`UoEs-7Vw>)4%9&K4V z34=7miG;@Wjfa5P$*&K=I}30ozLe)>K)b+j$A)1Y{izv3Nz9rW9IS*7*~FkEs6obl zs~OS!^gA%aVQtY&DCf5-)l3Afs|iW8#~^UX(j(gOZZ?|GCI`XOeJ9I?hV@GyUaJj* zSvtAqc{CAjx>K?ae-?w6P?S4QU--yx$R7cH$?FKicZ!~Id6uiWPXb1!z?&c?s|lGW zyq-38rrdj8GzdPx?Y?Qp}u8E^sCYRXnn6^>D^Lmwj&R7vmqM`Bof4 zf~^h^Z1-->iO@F?mz+mgh~;s0R_&(i7n4(ebUf2+ezWL>TA zT+w=ZGCuEYv*QD8Z?2ZUF+#W+*FXQweAg?o|3|Nw*1!JpKY9fsH_pbGf%Z8({kbQy zdCSNS9|BCgey11T{$DaR`g`9Y3i>0{c!A}=wNz?9{m00Pu4U)n{E2hKtBLM2)f%yj z=ebq0am{C56302kbFBj5#(i`QlSLl1b({Z&8NjIhFe8@;MfNdLg>95jiGCS2&ld6~ zOAq40!wy6-qfvrCxGCUwFfm?)Vg~N@+fr-lhWCQ=xM>*`MFSk4^(@)_d84}d;Wc7a z*mlMMubvatGTtLk$`;o}$`*eWpyQSiTFF+WbR)Qs1Nq4?K|fZ&D92}l_HzW5XVzK&2_iV8gI5=@Cul~>QXvjyz z5zh6qR)Q~iEMcUsJx4C8h}arX*qm&BQF5__)le8lSA!)8&;Bn9pb5sDuGjqsObP%U z;8hFg1vB(qA?P4|JIx5_`MOaeCwM)?MRr1LQ-CC@if=I1nin#AUxTsljHY19fijL zX00gjiMvnQpZpQHY}+TGNROB&+&3q=Ag0hX283okR7;)d;K{s>*@pP{lZFyLLRNvs z{kT)Tj4tuP0WNAXVJy$N{6K9~7ar}%;6!m-U>;nsJYHV6gz$^e_ym9OGulrDsDlA zUL(szckI5+3gjCU7~-0E^^o9>As?bOL(|#p5~sjE1PRjf zq6pu5DUZuw@k70|!i*!Lo}X(Yt`fpoGyY~d(MrQ_63I=D8Rqb%WEN|UA zc+D&G-uK{)mx#~P9d zmDslM`VP30a_^fb-AaKT+$xG#7p8v@nzj_P5$8hzB8oNKLCQo3#6)60*bs(H6$VWO z4=sheNWKG~U`F0&jj%2PHMpBtG1K*QP0w`&OslV8pPy1$Yxmf~(PYXGz^pNb5ovi+ z#Cfn>e)vED<2XG&SL0(boz`G+Toh%o{WMDhxbd`^X8`9)(l9$9K3-;_T9>xeye+Qr z7!ePS-TTuBvy{kc3F5`dqI^!MM1HrDFg-z{%@Nuxk;*db#Fh7be%&#}U2626CTrvT{z!W?1kBwM< z3mZy>{oQJy-bF}%9mWV~KGBi#9K*$wDeuHx%1DT~c?P|){_W-X20a91skf#sc?l;$ z+(@APN!VD4*1^>!*TuOQh~4f>NYi>Fc$hQRPb9y7)8QKTCFASoaXm2eAIe{0Q=WU~ zhr`w8A>0)ESw#l;bo>nMAS0uQ(Sm$(7AN;Q<)vMTN+2^R>A7O0NOdv6VlV5MLLGbh zv(xiL>&FCQBLij<^W9JOIc1&Y7Gw|cV**te6^magTc6SoqPn^kw1GtORUjQqlkEBw zyS!$4Y?abaMP)5mRO*s#1xp$w@*_8`ujRfCkq~nC>=L&{wIFOVl*QlD=R*6?y|7ei zagxsJ7-{p#k>Q%T6TA6AB4Gt{G1t6pSN-DiI6_;r(ncxaEt(!T)KAwadJ6w0o#-l* zJ&_0NTYh{g%I)kY99-@wvPw5YNHu@iw*8$}w8>@Gik(LLnT@UXr-ip#-9p;(s(wd} zmyn}JzFA`y`%(fW+w9xuuTGkq(i??gtzTFRB4$I*8dk#K8ypRk<0@~XMrDBM=&}fp z?*+BiF^eX`$NOiDkp+V-I-9~|NRI$r(d>cXk%HcAr_WdWi4P<5Ni17odIOLAPkdR5 z-xXcB2K=xvn=7HB6KJK63dWf>>)bIY zH^~}$H)BM&p~s)V7_|#{_Yd*uQ!{ERV>`&K^*KAlvHEWoiAg&O?Ykn%8KlD*q-Rr8 zn*`dn?2XG|ur2bIoUgrljhs;k4p*jEGHl!3E^#-NN0xt0uPF2i6Wv}mZl{V=jji~> zPsPK>R{2(zj4!$u{MUV|oRv`)#SRS)g{^T74OGD(s?WatTFa)ttK5zl;9r9k$`O#F zhM^SS(w7e}j22v8=8=}}8Q15icxgS|qS@?j3lYnt2hMLJn*1gVg}$+jl%A>zR4U@7 zHtK(8EHRSnQRtz&N?W$Yp=~>LMb$>(%|=FO-U^gGzJ_6Ao!P~3f66JAhhwKArvRb@ ze!x5XS1M*F=|b~Pn6C&tc)#ag#z%$iMcp_R{v;VU<0Uhc22Bv!e0M!K-jiFgJ#`yqz<%eltU%RPhfkuv)!rTTcI>Ptt6;dL zxpEl`bGbdmrV~&0VAx)t%hF0 zxikWKQ?tcH41OSaee5iP4}|?_HUGzI`M&bcX$nvAZ;EwH?MKebRtc;m z0Qo`@Axj(EYZou4ZGz@v&^8;0r6!DRK=_jkz-Lm&iRLt!zqtt zhNb8Ctp6l@_|OkLT~(NtKGon-=@$@b?i2T@x7oVs6SAhd$_y;nR9Vs!gsO;;E$YSr z#c?@;4Br1mACaeO)+rep@4@k!V0#kY65p%3s$ew@QG#OTRGI5~)=h)~)E$0{9Gs}1 zEdp25L|Y)FAxXb2I1UJwARYQ}FyvAy5VgGtLB7^NW18xgLA(@H%9&W(=W@FI`}lHy z9qSfv3U|>9B6;k1(o3F)%y&*6iz@7PJ87jPiL(jp2efl>iU_Q6%lys_`A^PGG~wz^NFVxzUY?>unjRT%`cG3y!u+)*{aLDuv zMMPZj$+G~3xJ^tr3_9@n_kw5u8Go{d}A7Tqa(_8T!Il{;~{X_OMEs+;4 zGHkAXaS@f0;lH$;NPkACR*ob{9+8vdpLMgHe|^SEpb-4Q&qn(zayRI(bRqec zeqyxsx2bQ)P!?c=Q2*-R?7PNMW!6~uu9Gv-i%*p6%B+x99`ff(xwO6~@Fk#c}WJmzWoJxi5 zt21!1faa$I?J0F@l(I6e7b-sh?Pd+9JcK|}q|t&WDP~RS2u`d2S~iBgF(&$~G#Rij z1ml-PWpOK8&5D|<8x6~CQtqmfwV-93-H@9lMB8*8vcc|OuU}TiIV5mf_PRXIaYucP zaT|wIwBP4SPn{27ICEJl-CZlrCWXmv{X}0=g!46Tsy0D$wS+H>W!b zP~3cur^fIIhSobaT2}Qbc5mCY-KZyZ7cnCVP7h|!Gx1G8bGAn6dC_0*$*-ePraWZ zz68->SrV}^0nLE&@7v}7AuvQC`NI51eWvn{OaJ(vko>SY;qOko&{d#o`lpl?{|8+w zMO#!Qjjq$foD>0bb zc;70{$t05lj1+L%IrnyfL(lD?toWXvJDJHaPwrF*#?U;WJgypzx|9dZ1Bw4{YU?b8 z<4rcKi^T!xvY>r)Dfxmg{>HaTj7?CD>z}W1aCIYiJCO)~H*gdgA%>>;@!48sNy(bg zq8;R&KZFGdqafNb=(pm+VuVTbIe05g0EHYn;;(VexN_9?V#s2ZL@@DbG>suJoNMw4 z^D4)6&>^NA4iSq=DVmz@w*l zWs;7Q-7W(8rs^bdI(#38!44Rz)OH#qv{i{ave*$}ffLg>FsR`x<5Ly>U*!ec@XJ|SZX8h)DPdl7TvsH?5X&V48R$L9$phKY z@QReOVoUUO?U?gvqAcV?J)9?bTd1`?FAR%gIOC|JT45qL#jBbOO4#s8?-Mh!ZIg_l1NwM-um_SQsxA54%&UXn1zUeiDD zM6&1EJ+UZFt|i^36R+{;5wVS=KP_#X?^K2cAjCsuX>*y{>&Qp;iu*bCDh>St(a^=y z9LK@`@3D?<{!eI5DQjZ*AMzg+AtnNf;E0t*nc%;V2vIqP6MDkL2wO@o@|$EJ`iDR) z@p^k+P8!QVrfOV150o$9VQ%`DQ`)XX)}pA0mhp@6ak}?Wq zQq^39<%bc4Uw?C)>rOt3Vdn%oSOhn24S)=cRcNsO?zz~Ggl}3bQW{jF`gCc~`ZL=g z&K%{CO>E#%9|IlOjTFD*aY;l;H5%aFd@Zj33DAO3G%PA44{T?mkh{=@$rp>fdAr_V zbSYAP_^mP%0<)Z%gA?TC+2fF1Z^C}%mKeCs*Hq;V4dD2M&f4KbYd;~p-D)0hzxP2e zGPGab-lM_JBAORbpi*CH{^|(Ylwk4IZoop963z(wy08KMy`x94gz}4!WELKqNV*q_ zhOk{dZ#TmZhS-D^9(mdeIMep1a|w1lZtk=a@tEIEb$CkhclPno)aPf05=Ft3!1E*D z)RD+91@kyE5$}8wSqIWX>hjuS$UI^R1QSp9ht`Sa*(fl_ZBftJU)Y6NBF%XW*Y9Vc zvhawU&aDmG*Y_5V5O*ABE0UGAuJ)kQO&YmDSIVk#cPz2s#UCuO95A(OB-*|mL}Yzf zH)zLQw#BVpFw5nFTTHme^5>a9;6;~hN|Nbv(dt=`>EsKP7mS6=ZRK?3$Xp6Zkr%Ss zmuSuLz@FB}YxBNxV#CT`<*{OFdkA}Tm7|ehJH~dZncR`)dPLz_Av<_@ z*8$sLk<*6_-NLuqw8P@gqtm<&4((Wbo#GQipyhEBu2cA_^}TR?yv3M=ZUJ`VQ;CcA z{E<%P4#Tz0qS`y#MN7m5FAr6H>fXj)xF{0WTwf8;#HIeKHcdFxr+me2i~5U{sGnU8 z+_03FrK*eWN_%NyIXg#@>~xU<{eYJdIi+HxVe-}}50&5UlGDi1lqZ(jq=W_wEv5Ld z19<26fm9W=9&$@5+T*OtzZ8mek8_ngX)Q6fjO6gMP*Hy>u`FMoht-lW7UM71WB)SW z@~tw*yd4??y+utx7e9eq&u%gR-;#L=a7i7>TvKN<+C)`e!#ajsijboSJs!oq8 z@<->?S5Lp`?L-OQNsZO1h}78WI;x&5vyYp8Z`Wwv)A_$QXL8N|toQ6%_VFJ79f>ND zn!Iy3EAYS552JU)-f6ORA?Qw|4e`PJ;%CNRM(cXv%8YlX{EM(CUu!aEg{b9O$%i|B z1}Gq+69n?KD|#Z38$}hPb_EQ;Ur0a^Dj_KZ1o$~w)U_c2VPdh!pR)4?tKRx(>Bqm+ z4hclz515@yd?DEfUG3cDf=%9Y6ZZGf96T+ek68HorY7e6lt}OWPEzYA=wO6zEYlA1 z{TyC)7p`DP4)&tFAB7}UdZH*=2L$j1Y0j~EGp?*)m z^a?iWhSN$m;?9CdU=5BG6c~f{`?&iW2bQG{7a=v}bXsf%49QK3~`TS4yz_$n7@B{548^N?N3d*UN$?{lz-}(sDDa zAh3l7kpowVD3wV+uDkawF9fn{9fIc`%`iO(>by?dPH_o;^XR8|X@j-r~h95L0 z<5-9IL*R*ZD-RP*|3TU`=b`EAf5&?}tXpq!aP-wHB3!^27oj1jPZuqKpLfTx`|*_^ zF9k~~$^8mH7ItSPt_rgVaIx~BC#A4wN~ZK86)nuTC5DrCzarZ$z3TZ-UGT*fe?Q`B z;hc2)Yz@QxgK0;|@gR|lF80~C={xLjg;%eG=Tdr5K8yER^*xRaVB@x9MrJm`6S}(9 z9A>x2lsZo*J(P14#xbqE^X+k#PE+DUxe5w=f=Fig}E6Uu(8CmvZ zI4`fz*R5>{xY-FXtVgZT{*xB-zhf#FDc`UEuD50-D|E;I9r-qKZJ5tVIxx7Sbi?Ib z7=-33cKA=}ab52zb^L*QNA=)aP0RPBB-*PZ+N$&{Zw%ud?X<#~cj{+_%)>Xjt2Fwu zh5)V-FgO?QSDbeka4y)IDy{(b9b|5F_DTF95}^ju{={ZeluNhBr{UEuutw<6u@#ydFsUG{xfNO*)cby6LlIu1`&gV{ej>oRm&3X^^jR%?p=c9JQ&CJ&-I*t&^IJ>h5eWmJ+9a|Je_OIz7*TH zyjD_jqsdW4DV-x^ml87Ye_20KB<|KKd<6z=;nIc; zh_O&f-jOgYvXPZJiPdQ$(WC`2tETKg<-g#qV}sds>g$J{c{!Zq=QTT^6U#@2q z$x+bG#j+XC36BAus{mxGS&Q%F-+cGmXf`JBw_)~nqp-k}wrRHf#CJP(A1RLL2!+ZiFQOve06MhY$@ST#x^J{wGZ+&-j-2t?1#g9kO9&|FOnrtI54ZRI z&sg|BWYn73|G<9wuRP7X??)Gs1+es;iRIq}M(yUqD&yCbDl;L9Gbz6W_A3N_^XhG|tJx z&`0pdQPL1313A`rLNGQ~dIgm52EK_Zrrn(`BkOSzg7+rggio-XsQqnB911Y%PVcB& z1#UwM92rmo0>c6z8{IHl+)8^o5>putD~|6LhFc5%EL5aH%n1|up9@`1$t=3a!U}K` zazS!hVcsYLWk&e~WAMUX)MkzP=&-YN>_H1#V5|-`q;YgESOG(S1NI`5Qgq=^p`&HD zvrB2Q;%Ja&yCZ;jCRI$<9_IR*K1bd0)5I>}k$zKN$S-qLHqk6JIKFRs%bIzfxiDiT zk~_AuK(&yU@&r@X3jK3lcfw4Yjm=vRt05bz@?Gi6`gj5w>0pVq z?q6lDr53Hm&}FleKj>9hS=e#Agsf!GT)eB&Ps57d)7LrPsFEbv_UMpYNUBnn8Ku1G z$ONoNYl;(bgxy8WNm>jZ#yH24l8n@4hzx6_4soW_2-Vua6op%v{9i^W57CV?1X_Zz36(4oB z83T|Wv7y~iH-OFoljHH5lSXX6;m4oQr&hrFEv$`JEj0I~+V%F5&kp&>o=EQHw<=dw z!Btn;kzz8`v=H2fHr&BqY2##@qoV))$`+?)?l{DXm^1wrbylE105@?o*Bz+!{p+q7 zz+`eXFZnxDiF%3p+Cvh71&o=Bh6Xw&+SkGFqJx zV}l(1?-m69@G!SoqG-t5{Y9gHrO(P;W-n{^0V&#ql*>end(O=7B#%o>jv8Om z9O~RhG(#;f{#+df!icN6oCrS+v`w3;Ot#e?zzx+XuP z+!)%cb7ICcy?Bb`jS@YhCv;|^J%0sHrwA2D1`N!myCFL4Gbkg7kyh-|Y;uW?UR;R& z@N{8D$^Ad=CiVCWLE>AqF{`y`rBeR~kw9+0T_t;aRBn+{@+cogQc~(iV=0;KO+Y>O zmvXhKdwXaJb54Nr_9n?o-^-XG@Z&j1b28!L#+d`)C^^$u&??k4L4VR*x0i$H7;3Tg z%fVQSKEumhp`ySe&IevRMfb!^*~L91G(f36dgvECc}~?PiSdAlpsk6AWD*_9GC#~q z8|Lt8A|NY<3d;54fYUO(6)L*v@FB6GOw5d-nknZC&jx9M3^??Ssq1;FbBD_3gL3AB zI>E1KnFzXOa%$di&9*K+Tfk9LnT|TO^!)QvM+TsJGUm*Yyz~=V>{ylqUWFV*MFt?r z<0jNE&3}v|#zc7uFJVXfU?}|PiiT)Xt%zLRlV_t2jVOUnEd}Pr;ASHj5-?7J&z>fHMj@wC z`m27(Yo>tOhHXShhTCKaw_!|~cy`sL>#B>_o9BkwV>C$MW8<2x?P=!z3nTT{&#x+i zi@n-(0iOaWx}!_+LVohai_b8Ps`5R$sU6Mra!z`Fij){nIP-a|px0cb4qGe@B6Y-@ zYyJn(|Mc05$4{BkRhl=-Lp}yFr;I>GAR~|w_`(p#hMF%7>fBI9AS3YKjsQxh6$mYz zQ8~Q8*FqNs!D^FM_qz3UGQ1?EgzLI!$yz+4$gudfcZ=LTSY)G6CWAm)G_xRP0q<}5 z3(!)FC4wy7c_p=nHMd&UUCKszL1Cetw4DMqI}~tKCzP;=$16mN3nw{Eo-jTpjvW)@ z$Bk8>;0ZBh+7ul)v_L_ETSkj^9qdJe0$5*LJBYPWPg^NCb{Zp1Yi)yCrERLW+}tC>AUkm?R_^!UKZ~Z8E;TaQiYmP*+vJq5QG(hKz{F3*AgN z@W4<2F7AWw>xzzXLm6}@E47$=bWMFz9y+tfm&TOl=-u8YMUYz>@>U+V2u^rZ(Z6D> z#ly-YLeU28ai#Z!Q<90!;B~_f3Ndn$XPK#ju|{>AuUk&j!P|l7&B{Mab!}s!=#p|T zZnP&p7&{oR)MvG9V}PnCfH>nuVBus;VGdvnOZ~+=1YWdZ#o2O6e!ZJsZMtdRi|(ON zlh|%kM{<+AJ(0eNmp>1bN30$COG=*+U;>{cbLtnPz&L>xU4#c$$SGcE@Z2fi-a<@R zl|i3s=$bz0Wp6Er`OMHf^_)^Y>f$|8FgE^hu|ZlF(DEV3TqWP_>K$*K+QKn?HmW+~ zrq4jvm0=CObe}jWb>#U`SEsD;Sw@fM%ZLS`<6GHyi1AtDN$2zn4Af`LeWSnRV+4T* zIQX->*gl4#8?QQ5(s(5UOvMnUI^G6WJP)1=@aKaTS-{He=}y-)nPNoA7^!|>0Q0!1 zf5?JdMHtE@D>aAp%_2t)8{6HBncuu8d={Vj~ofj&qgdt zn2Y{wQh~d`ERr1Ba#f45QgS~uK795=f+5RuTAeGm#6gz~gj{{O>8!ur6fJa|+zuXZsrKd=)dN>9n?6UK$p+y*ez` z>)tj_*=3!tA`H3Diy)8Ai1 z6iycLUaqr1*A3nwY+WLz3x)J3FPNxNi6@GEqEP$XlmS z9mh(cQP~B29JFMx-lUZ`iXta`5Uh5pPIDSFYGjNZ@li|~J31!mq#G3Qy4udvLR*-c zHEpe+!HO}1aYjlmTSy3i$&s&(bhI$uGply#tXIcq*`i71o8uIx2f^tLijb})tBoI0 zNJ=Fcthn}8CE-B=IpSw{Yk~4GyI9WjpWz`Iw~a!t#5OYcCRIK4rBq7OvE`!EFP=f} zo&pFQ&q<(s*RqKTO3zo{J!nXb#N73!`Dd|Hzj+2e*R$$?VIkBy6kd>Agw zl=jqDP)&G>rI8O`5m?ICsr0sNg zLdf_fEP2+-Enu_*b|iZ_D1&K)(TZ`g@l54BC*FpmK2YB>X`E}xFv$&u3Y1r$NTzoo zp&u#PjIGLTI7AlxfH@v4$V0GeAD?asm{!!JK0kVwEX-X73^CnDnxuO$;@T&lVbrudq813uWgFYn5Ix5$ zZk~ihM&kmWY8&qtw*SG0rsfyMHp*1$VB5%{E*NX*@zBDn$4U8q{48(Ef?qu;ay;RF zz9A3;^2Ewx;Li|Ur|nVTm%LP%qa@Egh{Yv&%Bc@FR3ti{JW|>g1{K{VSAA6f85{8Q zJZ7w5rDTk_2M5tYM?a0W#<-UEyx~D9Ih9Wde~cOT9%wNWzQ_tTv-fB#)}zh?t5!w>~h|H5mWU)zfAff=IW!ii-R{>%{dRhJ321CePCI-*n5+n z9hb>a^U=f^vBh5=h!5T>j6NM&M2wysL*5)7H$U)t9J1Rt;>v?JU5x*V$mn(Yow07G z7V)pcw^|YGK6f5JzwM>C1k9T?is}C1DI01&chLU}8sL9$P8orWKt>=VunY*W;AP?K zKPjXldSqd7PbYNE z$vAUop$PJgES?F(YDtPAokGz;_Hw(Hq_x6fLywdJsWPTPc_?E-pt({9MZ!r6lRbt| zEY*hd)dtEcEui#x+mCM9PUQrKfTUlp7)45G*I{hL+b1;vpq)}M#$Z55TN_lxII<0? zu@ugv1c@DtRF-B1OjCQtL$^tZq`w+}g7P4fy@@d7;GKa%jT4Q)F!3@&@q~xO_O1T< z+H+CYR^+9S@h$!=u?5dM($qOoCmFX=1&k6TV~%rA>Z}!UN>H6k1sGhseTjZc`IM<4 zDc7D;a7ig`i%RpEI-1bbl)}#F>Q-&~Xk(2H{4jLT7WmpYBYI}IT9Mp^d@3)M*oyIj zXG1?Eu%KTUDvTwWjFl37!`K3V&`4`lTQcGmqr&_oUt~%=JL0Q3QevrUNe*4W1{u@y z2p&8`>B!~=IvEH#=4&xMX8|V(Np{aK(UrW_pR^4r^$VpLe2`HB`iINZAEuhd-gQ7!2CwcC?l+SP_zT4)D^zeuc!G1R&F0p9m+~WB&P@Vlepw>Lju zqgc$h(nxdpu{*~0Yjlc#zd16FzWBlDfAPby``1>9mW^~mUy&|4YKQ2*(W>Qb<(;|z zX^FPFo^fZyi1D%ac5B67zq@I)X{?~<3cml~J0oNF3m%B8?s+--b!`WMEm1!ZlZ33p5LxnNlvNE8fiPnX_Ytj@+IyRi`<9JUYe> z8?0lv$4ka~3KZNX8a8Vc4I1m{?Z%CDno}ct&!8M(OsKDIPE8xPh;AL*#p>NVM3;{3 zb<}VpDGzEMWue#)#J9QhgBUpIjVOus@IfJvKqwd@cjDXKif0Cr3e4n%Bn4OfL|M1N zMKajyNHnQA{zQ z;Kh@SMN)h`28;u;aid|8_W?m-T`2U;>w6xxinttkJ?QNuM~Zi&v)z*$s+m0O6`MrYS)2N z84viVFW_I!Klk<}$~@B*l$Sdzz<7;qrlAgHg&sGy#r*Seg(a4a-qj(Y4l z2|u;r0J_vwJpk71vJ#t&6MFX4ALb`K%oCnlCqW|#ojPP~ZfFbU%S#ZsG4z5E7$y%C zKF=g9FLlBO6|rURff=npX9KC2lV3i=0Ag9)QCcRYF?L6EM>+jvW{8Uor9712L0L&h zO~#Ywl{WEmN=LdAi%1@h_DW(N0W=iCP0uWs$vH2{q6aUHwfb!XkjQD@CvkzlWKH-d zI^!j7^prl5Qt)P>ROK_n1z+Ny-M87eBHzqev*Y7&6Z8c_OJno;JMYIwqsGSCeR{-d z`a)sR#1|KD4jLN6MvjS9^gr$EeS3MXEK0}y#3|Ea($s0urF~m%NnNNiu|;ai^cm5$ zQ+t12mvtwL_Qf{`>jbvhvEkR&D6;%)bY1w=+nn53Y6z{%2+=kh{J-bKu z&P(4WblWS#;;{4ODYKOH_NdABq}geUHR6cPdYkg7E&IejU;ZEl$WZX&unDo<>K!W_ znl`8#O&jQ0`47@%Ps;EhBh8MRuMxK%v2}$*1D(kC&2?6Z%MRHhesJLf@#_cQs%EIs z^o&7cCdX?dC&kyhw2t2Gn^o#^@!puJ(NYGVc1;_^JL=Di!zVLQ;Wv2LHE{`xkT}ZNi)o+v&v@7o*M%O zjgGDRXdAe`{Gi_RAC8NeGJ>*YY=dr!yuA#G?O$(xJSpBCGbPsQ*do@Hr%(BOu?=nX zl$oK%B3d_%A!DcMt$~eN%fLF5{Es8B@Kfi1yra2$8G(#IM&Pp|;Dx*vuxX*K#XSpd zy;xA!QcMLDWmeTJax2U9;zAVq=g)$gI$HdCfh<~-8)cxDB%=e1__UZ_AjQRQ_9zBY z9IViqkLqY)&$rm=2wdnTj~1Y8X_(6?J>tQ(l}}`(nJ|4?%+PDf#0fER^v5y&;}J1S zMw_NG&NL?uO_S!{($u&~Q_DjS_~E#1PCX&NXOHf&W{NX0e2E2W2vCLl7@1l_-9OgFonCiX}szSg_bo01jemB}kYWD`_5eIfe(d zMtR^(ewnO1DGw!rY!nbMsH4Rofj;L77ke>5BNARIp&X$sshTp$_Na*tV-Lz&Jq$s@ zo|Kd*DZGlGAxn%@IE`4bho=_Gm-?2rLM2`fREoA<)W?8j)Wp~0UG#%CQPP-O$>1fq z)V{qj43he+HmQS>>kzetj6Ttban}pwoBo&bT4-fpJmQ;mZ*h@QieknVHVl0z|28a2 zd87Y)JI{r`jkkO_7^G!_gI2SjPAM5?G;SgM5XAl5{A&;{2!~<;V*U>T9 z;*+)^@|hqx)JK$YVkUtJV@&c~1Cs({rn*MPWfIPFjd|>?Te?qm(z`!v{A?tw{M=Ai zaySMIxY&b)xvLlT^-JHt&ISoF6f}sGWa3@%U~Ci+c2ogl#Pb;H!tuFOKo7vjpI@*5 zYsQdk^&d=a0M#{P$TNn5i}BB&SzyN)iyql%i#~9HhmW|&Yy~}cyNdYj*h{KQ1BOd< zK9*ba3_RiE&jjT&50Jxzx<*FY@VJ>)burc`5wO@yxrVXmNIYk$p@OdryckaTp)a1R zv?Ds6Eo6W{iDxT$=|zlo#(_$SNb{0(+Uw22GbkRTJ&D*btHG6fh6#wp$>*BoY z)Yc<6MJFAT#oYMK`B%p8ueiQK!^NTB+_Bm{H;=vWTJ%5Rj2Je4LZxi)tv8M9&pAo| zZ|lb=GiOQ0Gvc<#o~e{`@%=q^ip$S9LF3MdEuMCh@#FC`zU_iHWE42+q6Zfv>e{NY z^F~amvh7JZ?~I@3{53i(ZZKMm$uee~^5E;HJZGPpWBnYtd2g?sn9*e#DmgYi|A81a z=;JagqEpKla^jvgjF8#q$5+R$TlS4tWy~2N&zv&#U8h^T^2^=g!U6Bb$yYt@>gF{olSD#h>?Ge^FNX{ws(;Hq?9t2R(N=BajjJ&k#VFVo{+rnUbzq z@RqE!cJcxWr5VMAg|vuK*1WXD zD=j;8j^-S>-K2>Ws`^%v8Z>NND4-}F3MeeEnGPK~%7dmubkkzAm15SQ%$NPIr>zH$ z{U9UBEDRVj5V7sX#~W)gi2;PgzmMs5ztuls;v;NLE2U0!kbx{p$^uT&ky7bz_myu& zO^P*ma;&%&dGWGghB_Ft#4{Nv)MlZi)|G7RjPOY(rcs%_DN!C zKK~Mv;*XNTSgTSRD`b)k1XTua|1iezu!f6_BG*`YoOO*VBq^lg;b|fR0nH%0eoQO& zHqeP1Mj<>*W^3H+i6l>w*(g)Wqi=PDf&7Bh0P~BsFhJGTcq{O#3}?t&Uq?XW>4Ti; zbIKAhs-^N|B4Cb+R%P>aeDwkucktq}LgucjKPYtYaK7+m&gvRDnY-}D_=N$^fk&At z)YS_m&&LkS`@vp03cPFOl?lQ25!HhbMCM6u3=tSgB$R%I406*F3N6a7Y0+)DrUeC! zMh@|rwXVK9d}h$wlI5mIBPIpaP` zNddUl9kMPDR4vT3f^kOnsN6{9hjNe&)V z;x#EUb*)bW1{UU!cm#*o_eYSjpwcUME_FIUGe3! z+H*}Udw!@d{$*}6!*#3i<%Be4LuC2A!Q%(pYJ%DF@2}wMz3V(**{V zgLbIX6}tccKmbWZK~&y0zQ5mY@!^P3amt^sh|?~=HV*yPF43b)hj?r7hq3EXzm8Vg z!h7k-KZ!L~>lP0@Inc(HeU3UY-hJTO|F}CBTz#wgtly_+oP6{l(X>h9xaPL|Pz6&y{Q9S3uixJp zFP;6J_{J)UZu&U%B1DN~-m71g4) z{HC_tCtWV=ZIBQh3u73h#dNwxX-O$5DJrEgD_bnj;XjvH87!K~M{&?QiU&t8&z8&e zCvyEISn$M&6J?;85Yr}&j~P=YDrU^AsMlEWXLQ_lgGNoIls3}0-3{gGkd($*`X;ZD zwmoqycPE|Vv|5)g(V=~-XxgZ8G}O1^>Dz57FIw1Z^=~opCh#}-65LxR^o}6_CCkc| z6cxM+%6_rf=iB}IQYgs80Ab}x3Mz=ueR|FdB_73h4$7X|K~WQRQU=|+lt$5kL!ki! zmFPH{IjI^}oTW^H4_OPOZCaVsSm_RJ#`4kb0x5{|WGJGo#S`r$1DHBJ%gs6|j|j~WU{n$At^^5VpaOom*7#u9GL0C5XT>-{ z3+h{n*`YpLcE(5f`o#cNOL_LTDdsEsI!$57fxo2C+?H{yj*Lc@zc9QBuQ~Qap(|<5 zh^6uKmJnGYkO||J$6o>)Tg@51-6qb6a^NnxWViqi@nbv~8T#R|krE0Yc$4fUVGP^_ zbFg6q!vr{q2Jb1hoM=XH=Xph+8P9~DFqa~ZJbo5b$zwnRWwJctsdocX=X!~^`HDB&0@<1cW*7=;$twmNEER3*7hY+5Rca0yFet%;{@ZB9 z`01Xq`Z6Tj+e@Q_rxd&}N+murXvs)MJ=X<@1O* zF#KTDV65yJqj%`-@g^MMjPaQ~zjRHqu~F~ds)#{Vb4y@)Y?4Qz$<*g$9Kq1y0OOk1 zo)@AmlmAx~!+_ibBd;SvXBjY^@di(~;o8O6fmI;`{lHVsCzeST8~EJ-{L=pob;0yx zC!BSm4gv}H%;)5p1=h4D2l;<;&R?&$0qB7%&xuyeo0#XkU z?!WtaoP6FDF;j;8&zg?ja*eq9;kV+h0qIrpJ7w2(%gf69**8BMXWv}8tz68%;b_g1 z%I#to zY?#(hsbclN$KU#*Gp;#$yEtgW)qKqYVc3R~3P5sQIdneC~HfAS1Bc2(WmyB2_G`QKDEld%dDXZn|f|tQ-_1(X(df_-$yQ zO-YJ@GN4B>keZ=|zX+w+;QN4+0SR)EP%0G#g`01)l_@&vvc-q*XZf~xmR_9ZG)r5Z zrcRlnAi?8gs2T6$w`YDbUEi?RkEX5KM#IKB$qB=YJPn#OYGNe=8N^;?`bMs8>*(6K zW31k-YqV+JT=8o7)>l80*9(4(G)kz!$)15?BiW?zOC^v(EJA+ut~cc^Oz8v`dZK(O zEtI21p)jK=d+V2!%~BbG{{n4;psy&~Rwx7<$`{|hnLi3K9vfh+aY4aF>B4w{w~yfx zC30A`R{S264z|doZ_yWMJvqyD@dQ9=TcABt^q0DLPGAfXC-IfCQt$k@gEH+B81%yOfj_tx=`#vd3cwscGuR;+p?#RQRT9N^S z6LW}ws`h@6glf{feB8U}m@mi-o#%`d@MM@FW(jjHDRGQ1L}Krk{^}NSF#MECF@`LU zl^H^d5r&z-n5csIH&8r-=poC8h+=A2DQrmO1G_xyr+^%t=oe7{Sah zx~@9#w}+u*wM_KQgF^}P8yZ>_LnVxUU|6f380Z&Xe14^Q09x>6F3<=T_v7K}g6^F0+rt33aYDD$W*4=8rj3UNB-&n{((T6~nHD%8}iZZtn^pmaTG zXkTsfS*h|`{Eta&EHiobrV%}#HOON#3;>I#Kd%_rA~BC^6`o*a-pcg8%T}9I6KAd7 zJ$yf9dfMjm;_Gim=N8Q?Mw*iN>a%`XUdB5^hgYtb^Zs2j5KB4L-*OG znxW?TSKoBeb$32glK7o3R!ENxd_DHsZnHS&np@(aU;QDjz5V{!dgFevr3^~{kenD0 zKTF~`?u~wVqgnjoJDbF|y*oMP%E>oA8|(l4h8S@AzST~N+JDD&V#mIn7i&^eajB_U z@#W8iX$!ZQEwzFQpBOyKB+q^@Hjce{YK44Mu}$lqH$SQvYWnCn@v7U6)-60?h)=Vm z^vwI?Tr^VKi;k@!*z!&CEK0~E4(G}fr|jo0YYGDyhi-fL&8Q_0qaXF_;XusS9qwreLNP3P#L0E;aeH?(mC1uuDhSXHPfBz*IWN`hwu zTOm+BP%=v;$%+oWp+oA&96S<~h*eY4fCnBU>0~F>$MZovFw7)H6bcM3D2$?0_e+IM z8P-jZ57gYA+Cq_&kSar+L^+dUiIRzeq8EyY6(n7wsG%UMgDOPOl*%jjDQSu>rXGro zzp3_Ep-58|1s=e4D*B8Hi=61d_A*d@>3xOzOLfNEJk<_jIjO+k%&QIB zqCa3}j|mYGC>dpx`9fl=0^jcA0cE9MeQ>)p057)y9%?{YDTaz<620f6ctFDmQYDS6 zh}QR#5q`{5Ww=d5#ghWO(IxD4f~>sA5MEH~En!YAU5iob53(ttJR)Q1b(ZoH4;0PR zXAB0Sr;7NO^OFpFq8K+?Bb9uW>HMOeN|23y&>mRfy?|n?Y$q$X2&}}|VvC|(8`zYM z5rFZkYP>4oaI3DVKNy+FHx}?w9@nW4+~`*r*+}HZQJgg{qUCw;RwA_p9XykVmfBUh zev`35^=yzJL(_mU1uKsS{Nbx#&pYwLtHX*na$pSL;SvFLcy3Zpk%MPaw?&V5#%*{g zHGb#2Ns;h?7M?M5K(}C6PsST=>3C@julEv*{nis`$3D%4?_$nXc60uw6 z%IM|K7=J!9wlct|JW+`hYT8Pd!V-ga>J3;h?`YU#SE?G$wFcc~k2a z)q~D1D(PFpM?}9~t1g=TneWGppJW~#+AO}sr$f8y9wi@-8*kb({(4=F?M|6CJvQHM zn|SK#^W*%hZixq`=n)?Jp&n_m3DWL3RZ@DN$OWAoVW z%)8^-=ijepsM&R`RdnjpYRkg98jZIo$x9>@D~Eu*1mdkJZE@cH@#L^^G4+r8#n1`U zO~Q7fn$nb+HY2*Iqqcc1Z~AazGKRhJ>W9H=u_QSwNye2kGPJ@^%CM-))xH+QX{qcA`lAG~R>ycWK#yXi-2txR z<-CgdX4guJlx>s%D{TJOR`s=to~t+xc+t$1_sry}(__k%N%EkXAOnrIIZd7*1I<)> zi`1*vAX+qU6%7>(xPd%rh;zXffQI#DgwZ!%9P`_vS+nTewoPvxET@zyD+?;8KG#4|=(?)w0xJ&wc31bPE%U)i zjPP)Q#_wRG`fL~A+g`pkM+HK~L7^7fx>LRd0CQcaG4Mp`LC1gsIWU^kRUML8S&@H9JfcEJRh9?vu z%1b2_Ih_DU`Dv>T-?T%kSUBRJ=2#(*@+6AeqUHiAzcl3j>H?1dWOm!KD4@iG8x?H7 zp&9C_GD(Wmm2Z0Paxgv$B-@$Gqug z!bx(X7z=F2=@1njA?ZXJXsXnwj$|XQQK8uutAWF6L+(?Xt$#top zurRGk-DgiZaAr>Pj(qSEA3t?m`^IB#?-4kwaT_^`HsQ>@D{_qol)OCfej*Q>C>+xW z6#SIqQ@qqBpEJ}Zxq06dqooX)@l=2Mz5RtW>vbbPj!X&PJDcv$OvQvG6F`x3vnq1 ztbtL!S5R}C{X05m;ULq$kxKb3v^b+ETC1$g4(NO|IbbpN+rXqX|)864Ikof zMM(T-YoU??1kZAC!KwP@ZGyhZ8!>WZeE7l87%}|)81eD&m@s*wPuXcC<4m*GZRJVR zTBkedR3`!k%SgjQu%QA9wr|xkR$HZ0tkb(ktfc^my}EaePWtw*S!2bhk<#IBjP>qq z50V`Pfa}u3hBXI$L*F6a3I}~Ey611}Rc-~|eO)+-jDz~dKOnvl##n-qhDwXlPM_1V z3DqIthI&Pw)idx!tuQ``vZA~f3u+ctDC$;h6?m55vs|P5(ii$sXf9R&{Y|vEq6osv z{ewh#45~*?_3&&-t-F9i$)OkdVy-Tmx3_Z$94l$2N%IDJr}C|McbCLDc`&$Dw?kVb z6vmR3VjDNq7c(?nB7#q9TlZXx zk4ub4DqA==QoEFwW9_lxIT2ROZ5x3YD;kB4YhEOp;K#C>OS)GPee*Nny5fa$?0LXD zr)3dOYcts|wZ!J`<2Z zZL_Utj!r(qOAaG~3W3YXb3|=f0ahM(dVUyBjhQ|#Q1}@;ytXRiXgpB(g^Q*JG#GCP zT5Ni~r}5@_RlSmj^6{v`K!j1&MiY!gN_ekTO%Ci#n2@Mo9g=Lb0%UyKPJd+|w} z)I)*f7s4qq4$1JvcnbpvRlgWr^JR;a`=hdildCSA0}L177s>Nj*T&Ed)249e8B@N; zxk8JK#oSk3i80)uJ8&?B>CXHL3~WEajJ&$3MUHq6n8>!v!ssV1m%%!jc~W6%6Z z?dh-EqK}Lu?YVvNP0u#`)625>I`RB({ky?BeZ58L_J^OU)`eqEJuiNL$<@)ih9k0D zHctkF=U#ieQimhE?|JO$%6;2b&4ZJph(+`6(2pwl9Kn6r4R==Vx!82Qbz<qM4A*xce*d_hq`128?(^jIz2#Snz_F3OoKfCGKC=Em<-;^3LKxzkcye3$?r?)*_unaZ+^1XYmic{?{uW4cnYJ73CAX zPnkS9#*G;r<3^8+DHF!V4CT$2BG5=DH8qu&Ov9#n5sOCm4HY1mlUW+d!=`!DCegM{ zi|E|GgHN1jtv&mV6|crhn1n##qmOvYAX90;01NJkYmsEt-}0MUDH9lXq(WF?Afn^I zgi?)(C4HM@l}h&2_OJy$9y?A=7mfqpZ zxFQLa6FXg?>`~Qu$!maXX!S;k{~~`1_^NFW`l{Qk^tWQLP=@E5sS`hD2#T9pD=?5( z4z5AsiNZz8{Lo%Xx)8ljBBE4EbwOclpkYo@PZ}ZvC<6ri)RGJ>w1-0HJ|Pcu>Im^a zjI*v8Pr8Jx)Im0JG2R~Qf~GVCVCaO0=a%Z~GPTbeEzkr;Hbj>aOJG%=3FD1?YCFwS z+DeIg4;huH@9gx~^6B2sBqdB9B?mu-zDUq(l)G;F~)eMK}hss=~P8#x0f>Ymwu>8^*tG=3Or>XFq-0Jto80~ zfHoFsZfG3ooBL3F?f?XzB=BTzxk>JHfkDllV_cKx&m3K-Qf=lzYF0GNQE~Agxw6DX z#^lw6jNT$iRWYI({1^l9!T41s8*fyPGE?aSk<&A$EKf3JFz#&469@h=K->Ir(PS2?7njT5uzevB;J_3-hsa_eYf{o?p+K&;>0{Bu#38d(^ul=Sr^jlYX zw22J-KVoih?;p|8$7%_BWq2H`75w+y{Q9Va;@bNjiG6-@YMl1N{?T6X*lv5^u^2dL zNc>JmdpFT(P>ZGwzLtX8p7xi2#JGu5qIt6>@t3RqS?zdl>YVm}-;Zyf@Y~q-pdZI^ z-#VVlKG_dXJjy!2W%mcKmmz_{?HJ7b&g9Umv_=(cWOLNV=55-Rp`c|yg zwR7yc^~T=rw8J6C#}9PsQ!||)_0ZD;D{*kDFfu6+~a!=o;=}&yB964-1n2$4##3&blbq#9gj=1y2o1M{w&@rnC0$=Q;;%xN01tlbrs1%X5}(=e4@Tt2%w@vioGz&@tGD zZxUp-ZMM><^DK*kM*LL3^gwgpO8F)w1w$wT^8T=2D7teth(h1c@+Ka(Rgj-M4kH7 zKJM3%;yxZ+^?v)!uP?F9T#yj}fo!PB^B^OT5y%KEBLc(#L6MSvD#K=$pc>`u^1>PfGj0}cdH60Jt)u0^Y$Ky^})u4MPAO|Fv+C24*X{ilLn$mU*3F6MEG zIkIv(kTTRt8avfUiavRg)3jFTRiI?NqyQIBMH(c@Ze^1?$b_|_m><{pZ=R;RRaB zhf#-Q{;CTfCtc7Uw-_({DrhO^#3Hb?Oe(j6t$Pff)Ukm;^o$FJr1=~lPPqn}QAaLh zb$hCSXPBQUb)qyQl-p$Ske5YI$7MA983T8B#PqbnUH=v<B7$OWEhoGas9$cDEZ$w9^S-dD$Q6Z_>yzd0vC-fENBZ`W;|=fL60-FN3LY zIDU5S<)$NW@kvK~H>$>?>C&NXymsr~;_wsCjMH^=IH_A388r6WJx)66VBa5e(BAR! z*a>mz4Y$XkC;!QL{Q1_lo5#hc{-kohw2N|_F#K0dY$k}iWi_VLqKSF4tm(r2H;N5=w2MP@9Q7?aap{(a7S`NPfr>BGQPhpR{aBcb z@0gSKjD7$1Slp=-sdy0sX6t_4<7^px%Fj_aEGkziZ@F%P=JegZ5d=xbP=q%dhMFr5 z+EgcCH;4=FemRbNb2wztXYFor%7L3kH=Pi*q{InNmve-+PG&m!s>c_S$$<3ykG8EQ z+rmPfATGRL|HHRqhf5#vk?7^D>$^_3xaWu4M5{%PQTJ(>RT<>#uRH?!zn1C={ae7i0K zj1->~{8mI-Y_j};mTe)k^=&hr0|cv_F>|K2G);=}9Jf7zSTy5el8iK=Ef&O~Y0y+& zF)dm}V|mdu(AFkzZ>rxo8aHVXO$j92v|)7V*il=X+D3c1cQ?`2r+R8HDRF9BzbGA! zwNMytSO``9_kir2&a?2F z$oU4)L=Zx$pQLOfFT5NNgfS3rhY!H<4hbuF%`TNPK=6>sRs=LdzuM@%b^6O2-Vs}ev}3?GsM zrBjVpcuFo`r-mx|z-xny`1w>H-Gd);CnE~)$ga7mJdA(bHE5_~jp3zKdJb`y6l>a& z;X-q{Vkm(SdGv!pBpKeslas1cL|x_(@2;m@O03`)7^$e>=PO;4p}OuHZ82^rl_~hN zaf1k1^zvLwRg$qu^7|PT&S~xx#z_fbUMS2OB^&+<{LGFvg|+$9NAXl~YJ(mihm0e0 zb!r&b#Dz&b)IVXH`l;(eVRUaW&SHQOGjP{m8nMjGL*kZ@IO&PxlZ!OQo*(psHW?f0 zBc$^1Qc+bh+?M0pxVGel2SSUEe!vIOna&t<^d^}x)*y4DDe>epjQ&A`5>I&@dFJu# z+E7FLV#W^wG1fd6d~VS<3?ddwr6fQ9>C&G)Hk@g^JclI^XxP9a>{84k$!Cm|?|GYo z>zbG9As@=P=NYoYLwV$z26^ch{kPGF{w8T1=SMskH|DZsld!bsPbk$vK0YIjnK|+& z$s`e#Qk%Xqoin*L*1o7*r_UCiUC_c<3C<)Ny!3AT#lPzKm4+bqp`LE38ohDD679WqB z7(F_*m)B|acqBD-jBQ9Cju;)?yXd&+8a!{R))}cSL7((bExF%CFfouqQdmso?wOpZS7TWHLHl7a)1r^PvoU3e7>WfuG#B~36{7Q}O;gmJ9ztl6_| zpqVlA6MN8%8#^Y(j~yLT6fk)9?99DobR5aDHENJ$fyFFY%*@Qp%xp0;wiqmCW@fgS z$rdv+GqcoUz4o0s-mZOt|*Fd!LtZjJPwLTgws<}*49)FxqaP$#EUoCGs z?UFj);D-?VhQ*0O^=3So5_MQSQKLOXB~d&RkyN7y`(#{BAXRMw#j5?Q1BPKTruE3^ zVdPj&c}htFi#EGnzQcs>*|!|rJs(}8;X38S);w{NM=0$QIbvclr*0{uJxVwVn6P*< zK({G>5P_;F*OcodNxB)F7DVv~`cV+e`2Hl}M&H9= ztSI`aR55opKJ0CgJxsgOf6j5S)x1m{zosQPA|=FDBf`vD3%o3&qocQp!65t+vhj1k zPwE=d1I9*LDpD|uw8M2exCvdg(Of(_fJNa=(c5)xGeGZio&v*^9I4*02?P%tdZHM* z#{o8u#La}O59D}Ks!?KafrP@()-T(i42JII(5l+wnNT_CL3!21VAT1UIt zbUBENV47l*!J=s9Bofa)UNR#X6jDJSniQF-QF3$w7QGK-0<++w3pII8bs)yBp!{E9|$C~)Ro z02Wz(wS(}{mg=Zg%BlPtXWFAeU~!&17L!s`g*{nIWP)FAk-a57vCS9XKC!m$?+y2g zdwN>k;r=<2vnzoxSm9-eA_DGn$iSIxtlPk={P#lRiaQE<7yU8{*0XtD3VTq1RliT! zJv9^F+6v;dyO7)YO8!>t*6@5EB8R5k@gw&V=oAW#R53)}*~%~v1fljaUVdc7a?&Ei z7KE{}@m9oH!-9m=^Nr~?py4SsfkSaM5X$f9Rx;A&XsSZi_dCSujyWT{A z=78LhsTm9PF`@CJel$GgNjf_8%>k)@a{rJt8!jeC=esK8N#EYD7}hUeOM|T_Mv#EI z-d$*UAFc41fg1xJ+rqqjl-MN|P&bMmKLYYi6cV6(27?3WNiS!l62A{8Z1bE+1 zXkVWL#F>RjrFky(I~Sy@9TVeG(>=RlL+!nOCp~@ropfODlOX<^H=&B<13F0^PEu@4 zhjs<^E;KhBF~TmnCsHZ4IGMs6)s+4M4qS@~!U)_N@s#imH{q`ELuJ+RqDGhZ)gURo zXCEoOd=YB|1|v;hq%u`%NS;CDRe_Otn4$%SsfOsstufmZXa7JIWJrRQQb5>2eq1KU z5Z`pAQ<&+j6umj-p(Fb2bQS7}Myf@D^*O3VsQ6_*9N1yqhiqYQYz)0Aw6WaT=qKC& z)q~Qgwk7lK#viaJ^?E}V>_{xUa4ivv%Q=?M4B zDlelvS6$x_5|LJw)LsY`lF#<-HoD6)&?zrbD;7qCz_ z4i#JhxMDX4(zEG4zEEf9a@WFld<9ag&)}?mnh~sRKu{D?F^q|z<~#Ernx)WmMWu^k z@)q;5CQ8y?jS=(%=#-9eUHbBpV~8$h<~$a+-6-x}m{4sTqcX`}=D$C z?;d`c@W`GSr@rm^2)}|_PlR?gl5iP$Y3Dw4fkXg~?qhC|SyZj;9=m=SOV#*@zm3l@ zTPCVIi&oE>^cwG}P#N`ziV8bW=I)MvxEgY)e?o*bUVW_o?V=Y+bh)Z037uhJi$0s6 ziOd_vDgFYMKGNJJvuzpiDwiGt(qJ!IeYn-g*Ytkm9aXiAlauJ1IPqOu(tMvtGNIt3 zl+^aeOjipO6bxTS^%0oHTsRmkt^mf-L>#)n5PG@7_G6`K&3me}o!Ob6!?d5ajn{lg zsp)ucM6hBZ7h~V67?d<{tx>Q^A3dmG_EKlVv+EC8c!{nXc(qnlRKP|LF@${8saPDSg9%Ph$VPB$w zzH_RNh&0KpsG zYbVkKjOR1hjk>lMm^bVSBM40YGk5wAZ}1);NP$N5&N4dg>sP3kp3^t|Mwk&(wQIsy@fye zrh*7olVePb5lkiWe~k?U%Q^f3%l+%n!@DH>K(##OL?2^%|GN+W<2wH_Iv8dE?7z40 z$E#Hnhc9l89r#~bkrdu&6J3ks2N@eNh1RDUmq{-yTKW(B$`@svx{(bLSUs1^Rfi;~ z?Qd;MFKzeMF5QCFZcoN`m+!HZQ=5Ph2zEd$++H7i1O0{Y#cIHQ;^peCYJ@+F7Pa|o zX*Bh9Z-GjK=M#9sO$Wq97D#gl_)o zIzK#_XK@@#&~fmh@JVM7>fGZc&voa}WxHqHYdCf^m5~>={qC^o@>Ml1zamv=Bm)-+ zhk*j*y_9)wlPz*R?^(?=^LHDbjgz#&ZBlx?eX77L^1eQ{+pK8pb;1IMpIiSpQaD7T z{>ovkK~)ivm&zR4?|nJCkgNJ6TvmDUw7&YFQ2$V!4~~PywZ!0UGp$3pBImHnD7f`w zSvTCot4Z3j&73prVkWxU+Gf1UN!wU(bedtt=lE(yUBTPoHTE}Q98O>URVH@k{a}YC=1p*xp9El?W{42dVVB>*f z-VAN-HjOG;tKN)_^cHJ=u9g$U_rnI~Jw7IDVbpINc&O>kx)G;U10%eropyCL4fh_} zF;*U!RrHD`A|7lkg`=6O_^TQQ&uRXwQ61PxqiKZ-^tv8rzt!Iug%rq(%ySEEPR+sAYL@fXT$Yzo8z@#AAU|_$j(`z92QeQ4O z?iZxr-tWAKOlXyh8FqU;wJBh_=<-{c%y8drp7u2O(iJ1SPP|n65_1$xYoq!IpZt}Z zQ4f*L`eLzY8i)fHRPoGE93CfMW@kCkeyjhYQ3p5Qe&N+KL2ox`*V=SIJ?I-lVkn2< zIg~k>&#!<>pS+Q9*#*}aQSW76!EHg}X%l8za>{Ll$!Vp+MQb3_zT~9;ad2M3QZR+^3;pHh_rpnzmle5% zx{@i~2KCvJ?x7ps1KoRDtvXXV-iCvWHZAj`nW-gQT6R*1W94O*h!lstzPPJcbv)m> z^R+n#NU!tZR#W6a%z~&H5{C%(ww7?~QLIXp97f;Qwueh1Jvw6J@w9U*{dKhhC-wOC zPCT&E@gKCslPgmHCK&Iz;FCGMy>1?UWgsZ9*xWB#+jY5duZ(1&tnW1qm?5{i#7?0|ZNfaesZppfYcr6VHVRCqZqV}&J>CGqlXH5gsn@q|{c3st{ zYAz10x62IXsh|4F7$7za6bd_z9m7<;nl-Oz%Gr#VHpCd1a(|o;%JRe_c*XS+S* zw11zx0hPi3EVi9cmhHukYEw^Of?YhtvU~8wQhk)Kuq9_*SIwfE(R%F3ejAWeM6&qe zIjPdef^kMNnv68=eQ)P+9Ocr>j0wbDyR?^@Z>aQa)aCr0*J3yK(WZ~~l_wiB4e4%~ z?X_;)ZR}TZZ6EIWoky93;~cOtGVAn5Vy)Zr7Kx1~rrVHC2QI6piX~{iZ`G^vsHq8S zR6Y(IkZ-Notj~AMe3lBG+NQ9i>neLn^oW1E6KZD(8n$pLAPE`_gn1+@TXuH z{Y5+dnOdU@_8|%m1KTQ%rX%6|yQYj?ZoeF(_N-O-_2!$Hg}wBT1}iryEK}L(>*TcX zQ%QKBe7kFYDAzdHgOd6V<$dYzuhIbk_Xd#v8e4 z;=kZ|T1jtvf6peroY3L@`cfU!<~tXgQ^GX$we5I*TdvmyUuSr8iKlM<{5(8q>{W(p zP;kraGL*(@$B8HjqhQ|Xgy6Kn8Le~v#w4k}G^rXUbb;BTYMJ{r8=cW%k2W~(^;SU3 zX?*zoy!Y3(Lje|sXzs_gg8-m%B}*(RLMEka6P-0&+hb0n*6c>ILcv^(_S$3U7X*eW zx;wB_&(~i{=ijUXVzI6=;+Ksl zeI_nhR3U|#`V#FR{nWGJdc;=RaXBJf`;*r~O^izL*za{RQtFsu_^GvH< z`Q9jpwuW+FQ~CH4JuC0|L&G$xMGw7ZB~HXHztae>uI<{YO=R%PE=K$`n*Z<8WO}xJ zm4DGtDBruh81iT0fAeSAoi)zYvW{dKdOW1GeR6KziE#x?ImYqYt&Am5lXtdl6YsCu z{iLZ5ir1Wqv~Zq6EjF|3l&J?uFNbC-Y$$~@?PE7rB-ooaoXp~<&XievdJXgy+@6qj zi*4_5Z2o{p%Ls=7E0R?wD%@<7rx?<}xvP6QMTa35PZO6L5wj=iUZKmr3YCIImN*P~ zl?~W9jjHh37O&mjvry8n6#`Y^tZImMB3TDB;<^%AKd&W*4Td2=(B{L;>sBb-8R``u zt{HEtR7>c=pxKyOpo?H`4Yg6wX4^wAj>T4A+RgVTFw8xBMcJ5As^lqY_QhJsb`*fi zAON#!qWb-R@?dNBX0rwYBsGB)%X8-CO=5cyRi5b6v>Dr44Oc5sCh=|G#7IvT$IlaZ z6?sEk#?Q~$xOQeAClgo@+pog3b7T6_>oT@ln7Cgb+0H7HxJWaxDE*_RT$~=2X))qi z4(3GaoVN4P8(E4Mt?El5CG>7 zSCX{o%r}xrZ#;kOShc>5vbI9ABRMw2sD7HJZ5 zkQ@|Gk@G?QapN$~Yi3u$i*5Tqk-W}uxhMpdr6mZZ)hGGw!n&HgiFm@MYD4SoPe#S@ z_q}G~^QG3W_e8VIivfPl@rePVS!>v3pmhp@j|vl79(`8L2+T!*u@UM!IQqB9pf55Z|py8y*T#)3R?D4Vs*)0nC%2Yh>4 zJD_`T#PAED+7-EG1p?_wbfh9}YBecLcdR&Q=ZhcmR6990*UPc;Rr$~u`WsI%;kdl> zbLF+j`HhX?RLj;aZYR0aLY9OYQ!!h#WOFcwq-j+;^i#I7&sndUy7WiBT;}~G~ZUP7|4rQ0o zXcVmJ{>)_h+tQ@M@O{O)4Tl{?TYs!Gjo_X?)S#caQD=HbH`L0-o0u3#aX~To-pK+l zox#Bxrg^qDF-Wu@Gh9}=838$QMt#{jF`g$q*>r6}1z#tuV3B#4OTsruTsh&<3tN*z zXYBYYUaw46`Y^s#H)I;ui}8$Ce;Ln}zC`knUa>#`I4AAND%BSuVZPRcs9F@O`b+pp zKW+JDagebPJeJrP`*-ErFTFI{>NfN47AR!xLcQJvgXm^C@WNC?@H$4|5$U%4G@B}^ zxLrAWRaQvyse&waW1c^^YK6teXa+rwJ*f$%E;s&<**9ZZqYN zPK;V2-%E?2HW%$46#exn0XyX~o$)lB#{F#e*J~X#Z?5i&fZ74~pgl9rDfeC#oY2KR zr+J^ot&z{`KavIrls(*OaJU$Z%U6X-1yPor7kC;>-J-0RCAgP~q7sCMlbmIL=qs$} z+DPWTP#LASC>O2?Yr0#vs;qeJ%o#PThj22vymGli*-1ZV=QW%lf!UGpj7&Dd-l$M> z*}ZyAkjx(4&8Uz}Jqc%(qQcV95!k3NS82S}YK=#~AE!^-+3jhlJ$-VnQ=Qoc@sz5N zk{8O#=#qV?@0^&kH~7no`+v^rhJ(nvT|hfD&XqXp$5)%8rjy_b&-P!!Q44f}*UPsG z>9826m8$6}rDl?!;<>foE3uQfw{9V4UOVY4%{q4bH0J%0?}wqq+}d}H(w%46c4%&P zJl7o6rfmH1V%Vlp=_$c!Z{AD7ftl(!muKUS6=rkuxhnbpr2&>Lxi=Er4VMW&qe4Zk zNpxH7?9%gzs_W(^Q-+b)ZhX&=^yFXhUuI_Dt)o6;1S<@ywBaIqB|MW4=kUNH`|&XaFcYjoQx1cFYRbrUH{UxisfAZ2;Yf zK`r@Ysi+};7!gBmJ&to+akRjo=pRf03`lq8p!Cd5)2M z&0}|#1X;qiord7SzY_wrWOYcepIf#TyLpuNXWVrorkyoe$DZau0fG8#=_zlhh2H!v4*UW;$p(}W2+zFM(@tCZj^jpqp7U_(J zuA}rD>0X?|NI1`~(M#EFO&3$>VD}_8Uj|!k`P808=FzxKh*V@eIY;hA9Q9&XdG2h~ z(E$!bms96Uty24PI0DnMyQO7cRnse`LZf=(1c`vj!q0_Up zeqg#|Ut{RQ^48g7%n3i~ddUShH65YIZo=Z*E`r!VTSr&FVAg`>XIMuqG=DM-|g!kJuRfWNOqM&3v7Te0EV zOO5EqFA`rhBrjj*fepnoty|gBc}98QcHOJA{dP7aQ4n9)iw5MTDkQ$fO9X6f4cxl- z?7Fm}rpxt~qhBf`_Fd77^$b^P`4yEte;T%T3HxWc;W+{n%+yiY?#zu8PaN z&A7B+-%B+x>7oA=@ukXxOQxgrLMV0<)_?l_@vZG{t5N>ab&Up#hFxiF+#W;`UB-`> zpRbA6zE@>WHmIY!p8nlcelhoF)wii;k;F7S6^GMHRoWvF_L0cSc{0B8DN#k^a5H@t zRURAjxX7ACQX9daqhuwfo%th)T&7qm++~(1om+1<(eI}wTur9~G!GL4JqKAk-}WJ9 zG_r59RL7ZrhZX+0P`kWYKOmWmL?Xl)_n3p6rAfu0Q>8z{^R8i&-c#EkDQB5P%_i6< zQ%fpWMp3OiWWP3f6KMJb<7=$RqJi#RKp{PQ%%4}(cl72`&mBYaG}fma<{=%Pmc)yB ze%t}Yv?7qnEGdbu{)3Qel&!ArG5%#E(8P*MgGpv$@AFrrqSyN$|3hUR(F;XxVlh_H{3dZ;de&7YtG+_Z8-&3{{jca0n6JiXt-4sTt4_*3Kdh+83f4pHBv6KCy64>W zT@@{~i(&V@FIA9dZ5FqOIrc-8n(c$$<&$J(*l(`w(WeUS?QgbJ53w@lrPTss&r$H- z!Zy^Exg1^zNtzWRem@vfZ!qP*UpAk}Mp;moyFsBy7OpOKC#PlE{jCf$mOuxYk{2oA zsQ6VehJ(EKXBV1f&-=q9{R*Bkk^Y8?q4MWU(1sKOpyl{l6v*g8@^6-t2MgGl5*4mM z+eyP6MOMV5NxA1!*{}8h)A@QdxS=Nu_5C9Z-vrFxe4Zsiq@bOU{x^iTOBK>rHp=!! zS%478{BKYCQ<-)p{SWa|$i{x*zs;-vfb2@bpl+Au##H@Z7kPyIhT4)KysSC?k0!SZ3cWafl`gFzd-*6~3W3bn|n+;dHg?l!uMyEW_+Q4D0^Ujcq{8pV1 zm58H$5F-8%5bQY)0=`#m!qxOOS2dVJbWiK<5Qoc9wH`*IUC(~m*ffyb2Cz8p-LgovEw-*fSo&Sfq(I^TI2b=ZFGajs#_v~+6 z*!53Y%zDcB=S;e% z72GJ@59|T?QIUC#S})!|<))8sI1N^1sJC>3Y?LuVegn@p2TPC8j5A!%X9rC;cfJXC zXzd_Wc$)#syb_y@3CHVbwaN4iCNI$owOuzJIArgA;Up`%J|~?Uq=UwNtMdimaE~aw zY&6_qcP_u&@?3&%5TRYwFlt$h!C}3mP@O+j(YdtBG;g)S*wNZuDrvbtOm+W)GT*vP=ur0Jm=t7ENW}EV%1g|l*3mb&D+CO z&~MbwZm{aEc&_;mv^#cw?(=q0KXw&NR2&F=d49TV-0q7|3HvyAEFaNvG`hB2fdV1{ zDmPE8qSs+I!$WD)TxL6XEIJLT9k`%XAvN(}{tc>E?KSP|nEVsddOb!!=QVJaN@k%{ zv07#_9!tTJ9r~r$?f0qL3)nDOY348Swh%j2W9PZw&S-x1*64ydA+KeH?qvt}olgux z1_FL148>|cnW~Yw9kTe3MIBlDfz-`zK!_n$?^6w$D48&2Cblh$%O0Ia_2xP4T zE){}C7D$343?a9&jo0eVLs+Nio45ztO^z0;*1Zb@0@&ycN-utJHrby;UKQ5(ONI(f z5erEcgMI&QrysB|zQ4(M(rGVRfr9&KibVLvmJFtGmXp(VmqiGSB6`0{Whc-E}NC_(th_pB=!BnRBbkPKFQ`w9{Q}PgL2yE zer|*%y|SIzVX%6h6SPWl7>Z>uBr7jIvqQ=iKcv?+qe4c%`^(WqN=WB8Egr7*NE^sX z8KP@^R+s8x);Lt0LRw+%a7c%SqC7BUw;t4FH@3V&YZ1xBHrI}*-%mHI*6g~E02Q(9 z=ZM9`9d1lOP0+0@vc>s4tVMPf?C2!{Z0vDWLduc@&ZIz61Dcd zmb5Abbc^I26Wdh%2a=N;zH@f(WA~cGlPc}m=j3er*8JlJp&%Z>-Glr(oSE#D+4wH! zedRe+)BGbiAuG;j9PVj@-7>*j0d!Ty&IgV*QdylgfnNakANI#3E{Z)N5xlMO-m*Kc z^WBe9U`dY-ci(RBrd3!mm52PzoH{4Zb0$}~7n;vM+`&~u_(}92VEwox3Zz{NvhS_^ zrr65RBHfejXl3$?Tv9^oTona7344klw8PA!ps~LqbN%yij^oTRPqt8n?lB5;m_Xk| zcBJ}OOULVWQj!?zVxAl`3zY?RXlBJ%c3k6}!sCk)bat1NSq8I{SpDS{dRv*}{AI@Y zvZ%g z_e!Y`M0|faE+8R-#imO{@Ri15pftHX=#&ByW>TA>ZAh7z#yj`}%JHo1gMA3+^k(&_ z^GB2*Lzj_VCUt02z{|m{xrKg(HY=mciD)T^>uORj$vg{#3ysex`&n;;zP4+fToJJzHn5aKE|n28vYcMoF!)2GevAvLG#x0_69Q>LrvtO=76~$9~!gqbHwOd zy5OCb8GXLJ^?fHGtbrokbnG#Yf(#;gHX8yHWu!PDm6^1CL|{~-SIY9b#HHDwq0E-J zIx!$U!DUSQB|TQw#HgJ>44IXr@02TySX1VwcKd$z&uGJwODy1y57p2zIT2Eh`OKI@ zOPcGv$3W$(_cM;D*xWvTW$%mmI_p!{;IDH`AEHA7yU+qZWi2 zaUW63S3@VSRlf~w)uS&~)H_bIxUZt_xC{n6A%PzqZ%(7?PrnkX)#wF{aXZ}K0A?J| zs}NQDdq=#qquD*pPq=Kqwv&uOCHn@^iu(wRCgqRUi~E3y{pH|EYl(s_3F^Fk(!-8Q%mwDpxaTs-M2Tl8 z!E!`|GGinoQr587smzN?@wjI)nXG$j+K{+s^7f?TkO8Y`dJBn)YAZL(F8+ROoVzc4 zVN3*$*s3~GA_GbQRneaFHu%~EHO3|h9HrqnaOs)*-qOdZuJeTCytafolh`d{f+Y-; zmc65Bwf*oIqa#$YB7t@(zp%8cE<45R5YITCW>{Yd{WkAa^A{&6JA^p8vMv>uJ8Pm~ zD=5+{rA@V>_~Kk@d9GdU1Y%p4vg7v8G&yyTU=5?5r76Jut#4u1MV0&l?Nb`xhd<#M z08Z@|p({%==o(x;Bai4Ieqt<;EC@)2R;|)>p8YV=mqHjlGDjq^xI`o{8HjBs5g-); zlhq)Gn-p;z#UOljbe;Q9L#X%Mbikxv)3G<7M97!3H(b3x^tXl0_aV!Nuigiq)S&dk z5T~%$%2NqEkzlc%JVBt5__-G9gTCQP=5U9bYmtI_gxL+f3xy`O4k5lGqBUV|CgLPk&-(RRRJkFTh#0uTJ_ppHb$PUe+fm z(iURS%YOKMWBK_$X-quHlagsdawAm9W7ZWal%-^(?ys$`2;WNLs)z-=1k-tVvmK4A zw`W;M+|DYlU_uI7xq_3DXkHt)uN+&DkO@07`=6^f>^umR1ES56c(RfAi=j3`nJg z$dZivtA2b3>B040{3li{d+|g8T*|zE(W7%I(dGJaqBx*^MXqAaOEzYW2LEb@9ug9$ z%&_fGaUx>>(@_auCa{9zEWmu)LTaa%IW)5&eixyE%c;#9AIU z=hdCtDZbN+=Bv_0+dfUeWd7&MHIezH04HyRZLa*|Sdr2a zCLRJD`}uS;;iQi-^fPx))235PF6u5Wsj`K-3Mt@5gQUVFOMf9HjIh=@AEvTmzA&J> z%cKbWVBlmYXe_h0f@*3=?^g+-!)1uV;u%Qc8FkmTw30gCYR9s?F9#!=@laXO3jdpk z65FsKislDMov329X8%n5@W#hmTq+V$AfaD+FeAU4YvwV76b7r^efCZ^{qa+RYxYSA zB6TT@`p05;3`i&Pv{`=l=;sOvyQG7HHol+VK*D7wFGMVkj=H+!R9Pp($ClQB`;q}F z0%Maq>Aa&;RgWfdatzr|Nira?UUgmp#H*4j_IRLg@**0+!|&a zFukAPHYUG2P_>WzJg7xB!Q;@02a#~ZWVhNS#FiS(m3q<8zxu}sc``YVxPxB8xv=GZ zWGzSjaPm$55GPV&x8XC>u}vQNf&smWqQcf|DMbR&9`i|LX*QG76UHc`E?)vEBz3G@ z4Pc0KuUKN{*^@<)IS;DxsJJajqka%_oac`VNe~`9N zq6=e+eW#X&sP$97_j-S7HWRh{b=Z92`$JiICE(HsVj^#E*ml44ACgcP!Iva}G50~k z-Ew)`SAc?5!l2|apNmn1`bqWNzN3`HFnLG0q@c|_v9we`--`NYCIdwbpJl|=GkRt> zj`&u8UyI^=wQ~_7VSI%uN_c**QlKG450U&=Erm>$)1(tslrn|9wlb&4|C}CUtfX5qyp0_)<x&{FzDQTc^jnCsomIGW61c@v(GAk=+EbWQ7Iz z!~IS8bTNLKfHj<6By!!zxrggkD(NSBtTDT&>-c#|{=gwaDi~c#p6A=8TALB6h>KOk zScEwkyOl_S*!{$V=I$yF1__I0Pdps>?S^A}eDB=-24AcRzn@_NG!!hI|ZYS7>3 zd`&#{ZNcke2N%J;^k|-c`aF|z8&xSoMBG$QJ{~bjEg?w3r>?QQ^JZ(P8g*%T(Ew%)0cm<-*O0?#CQ{CgK5fO! zR38L|O|zvpCAGO{?gQ@rpRJU6oHuoQu}!cA|t^v?VNn z=L=sx%eaztn^785shgmh=YHY}qVI0qXLzwHaIWjG-c_7z+qeCaRXcMK_}&UD2bd4q z2`SS92k&Cn=wymoOPArMd0B zNd#a#iv0Gg}pkyoLUu)1{)LK3W$oJBGeBE7R*5b2vjp;C+-#? zB1*=ZkR~8=!MEQSs)TjP9dv<{6T86K6_iN$`gnXG}nbbN0itzUOxPu z2dTs_)mtbl_wrjcf^g?r2OQRU0`j#p1Eg22r z!G+}bfg9LgCrvt;Z?97;w*B@C8e=fjfGsWJ1-4ioLu*6mb0|EWC zagc4ZL?rRhPWDUdVi)zHI0-JcG-n~0=|r$DC&d>eP$Xvy9i z44B1WeTY*iF?aiRwA$uv`g~sL!CGMsqBiW_1Y3GOHF?$`q#)Dkt~VFhWLmB@x4)R@Bh8eyWuDXaBm9TrWgju3FU|SJK|Djod3ycMh}5Qk^qS|O`VqZv_KU{O{lev*w0CZt zB$^F=pqtmPuZaDE>)^d|9JT(FJqAR0w!jWt*o@BaMdO*GeyjFj2*P-Vx*fq9DcAp; zMto$DMBzx#iMZTU#*SqymtNH;g!|pM%bte~9k+s$QXqRAvxc3dJAEnOwjHIY{f54{ z>LRl9<^I!LR!bzci3i@MIBt!}Yn5#`5CMnhy7B04C!j>Thv1SWmPg+uUNky=9dPx5 zz>O}Y_D6cl)LK1p#{h1d5&GZEcpA?)`zknF#K(+a4sF0nxZGa_#v1`Z{FM&i zgnjXY*4#=15W*RoOK&a6?z*&*_H4yFo3`C%eRkY%B`)ved|@%nO*m2Y*y9qK0)?u>J z+^dcz^PzpBD2$@KY@&%e+AEQz`qahrsUpl8v*nOTgyse9S6T_P$ywb=V8JRyo^fVf zi`8IES#ibQ)TX`&?e1n>nI^Hvar#fw2de(*eeRedV+$p675E^TOn=}n7Xp#nsa`sF zQ&ysITsYbIB#B4++lf3gY%Z@ysc!|2Y?mcc`32;;;a6Tk zcCj<@Z1%KzbSHBFzQm-KkL_NduV5STu zFD!APw%K2w1<}rgD?nRwI1313>l6xO&e~Y-Lk;BGZ(DL7`)AfV=k(NNxN<%hbq#wb z9y7PXZ7io(CePK-==X*OkVC)qgr2q{l&MNlVZO)+rPS)TqZ*pGCI}4*G}i;A4vo)# zM4+K{y4VDHEHZA}5QjVBvVIIWs`Cfl5!=?W2J~fIw)lQd!_n)G&J;_V!dVrO>h>Gu zyeU#ourF4xMy@0~&z$?%mkUhB0KuZt>($APdXyBXV?krm=G||z7GE+LaP#)7_?S>? zSZXvaM!rsAQ?kB9Jft<`xePxJ#DZ#kBe6dwwYSOF435KZnjQ|UiKVQ-hRs?1>M^pI z%$+A2!J6Ezz1StliUKL3@%~iGf5=1+Vle%ZBe{-tZ=a_j!Q|G{@H?`tyAO)mG~XT;zvCR%;-E>q0 ziiPKX2#~vZ6$#>;qy24(^=dljW|{cGSuP_zXfx>dZB*{@gw0#`ju{l) z)PI);`PlR9+;cM6p$C)F=biD0A@)kv;$0hp}2^@>#9u-sl< zJr9pf&X01$Yx#5g!q-Oq*eI_|-rFo+9Bh2!$)&~%ZLTP%kRTr4IAUI_@8A8?u({Ct zfOtlf+Z*mCd{MP;m0;2<3W>;SdsAElORC{H1^u)_iD%pecidGQ;QahbS=dJ6KV--l z#>4;$9KSuWKzr!|;6>Zcauv3ee3R}C=iOD`*46q&W*7}uk z_Jcrr_}HiTq)1eArH*t^*d~Tq6w@<<4?y^$w18nW`?VspIa{|tt1lWa3W&oaaGm+f zzYR?*uRVjh@aB!ZX?gFCLwRL{Ac83rZ|a9R;DmEK$DtKnAi~0&v{sDp1vZl{uiY%1 zj@S&zLaRO<)f_g9%fei4eap!pm}$z?Bu#C->~Xd6(bQv+SXw`Q>mViUu}wT8^ta+8 zGAxlvIH&uzY{{hN;!;=D&*ZLYAejW*0;4Lz*LBND%jMdq@C)-@6&|WiU$D?!?z+ z)6=>5=q@{~5QhzOPiQd8_paMra3cq$a-UN9kphCt=)xPKb@t2pS(+H^5QA*ps}9by^uHUsc7 z;#EK}Pm!Qmks-#X+A$^FYN-Ya-aO-)CkV$gRQzeAHE>xC!u;`m96he3m zdt~Skb2Yd>BcnBFKr`2@tCpIpS|&sVq1HpRJyC{hjQ9T2v%>TJ2I+Bpl6~%^?xaTA zUw=YYP{R6INrVElbB!$YAy(pLZ+v5<+FL|FK5+$19K(`gW7c~m2&oRdIdRN&rBM@; zYzk?`yHo+Qa6tIBg}j_!H3LoI{%Papcjc%G9M;R7DQUK*WUjDsYjB6^>n-Y@N><2> zB-|-(A~2~^5tx!#SzTTE-OkSM)LKty9_Q`Dqt{ynynB^P`Hiu>ttF+(a!(Ygv_X{( zOb(0SWy{;fRTJ~;JA>A-+f2btNDWzcSkHwcMWc03=rx& z!&q(96A+W`3Ri;&bvi;R0M$`iQ@QZ(-DZSxk_JWp;blT#`|b&6(0@B7{~g<+Z=n|M zj8%`82V|^Vxku8sayyQp4*rT=K76r7QOBp+CjL@fP4SCb+#l&q$2Z2B{X!#ze|3f# zhg%TXBK!>vZ%FNor?x!;)s6_kZo20(Mwj>`qXqb3EUU$Manv!B43>uceZfoY%TONi ztvkMqG?a^)T?4ZU6(y z*te)Oing-;)L(9)HR{-coU^2-qy-gWbLK$}Fr`09ygWv9+dqlYxCxZfi{Hn)4uBbT zHkkSJ9ycC(FySP%E6tLko$xq*P*idvgY>kw(O@jr%dwU`HI1TyF+a%fj$LUo%D}x4 zA=biSHA%T!z*x#*w^ZKJr%w|ivB}b#My1f}Ls`|F7j#kXl^F6(GG7u_^|zOaQ#d`( zmyx5|Z5PDCL_LD3-9{q?g)hQ7KUn|A#r!i!g{K9k|DAykFW5^V;h={$K}tDGsY#}@ zxpm!&AJ8OLnJ`!n{VC0YxO^Lg?vx8g23Bx=0b+1US&&y7s7=S-_fjvn*3YVkn-=a% zz>6j%oLyiag}*`9&S7^`9TF2ay_rz-Tczx{`XKtbl?_QFsbUL+AJ8k^lA3TA$?Hi( z0+kZVIBH)fQHq7Kr}mP;(lp~$n%$&uSVe?EPBtQ0KLiA1tTW)wle<%N(~R@h4N01@ zM5+~%4rB@Mh@;ds899a(8(iZKZQp#7eJ+E1^oRR&k`)NgbO#xnl}*WZ}LO+K~w7l=`eOWCj<0yt5)1|OLk*U%wlV1U-tG&I5FL*_L|zt>81ca51s&GtUVJx38qe3CEGN z5I4KFd3JBBYteq2?ZGAzjfwS}d9iOiZjWEa%+kwCsRE3pA*EYN?FaK+?Bx*55aOP8 zA4iv49ziTm=3%PQTv-kpMH5`GPeKYH3??L>HgfrIuD|aaqOWQFs2A2-L4RcWc&R|c zTI8F3CTR0pX9$}M<+difXkyPJh~3N~{(#7UX~g2I4P>+buer01i)!oQ{uNO{X{5UZ zlul`+yN3=5B}9-E7zQp#N_Tg6OE@4P9TEaVcMhFH^B%6xeV$jI`+VMiU;da6^EorK z&)H|~z1RA#-`b}Yl@$j)O9eO35Wn_!Qg8!8vL&d!C==#SOG1{J7m@liL;0qH;72Fj z9p2!TFEPJ!U!-`tl0@?G?WZD#$^0V=_t+Z-0PNfh5e#(xc9wsC86a>z9E#_#TDzTq z-xr*}O+S+u_yN`JkOSAd_vo)rP&40xqmxm)rMoWBU+6|P1aMmOPo&NS|M74{EO1!n z0$ykLPjtmAUkdOBG{9Nz=g}L>I z`KWZOf!bF0%(l;2JypxcQ?(4yG@OeaA*Q2iB~~IXa6y~th7j679O{pn=HrvJBM|pp zp=NFhBZ$Xt2F0zACo5$e>>%?+a#5md z8y<|jzX%uBYJ}LWUEhbWY<8vo6yT#YO^lX_W)t4h@RSE%9ubA6)CWkz86f(@IhD|o z0RVoCfe-2-m=8uhwj#%&u(ivW&AqxUU+oGL>USO0Ky-KADEx}sB_Hu|qL<|Qx-6XC zNzTkc7GcP1di4%Ip~goG+huTb{P`6laEK`RDi|&Y0Hb`A~g)MY)bC&Zo-JUK`yt$Nl!C9-M`%~O4W$)n|JgDyqhYKJ5aG5EGbDqIMEezJc8t>*F z6*=$JG$3Hr#teG2X`m$i;IyweWd6!xpFY1~xBaeJbW!Wr{>H<~NsBjtHqTYgfj3-4u5_*3gRdm{4 z@8%qV4-zDuP*gOmXtH5mCv#!#BO!AyfXd`Oi_Gm6w|&}|Jj5~R;K-d0CUZ*hY@T@h zXh}!2msS49f0`a-H$b*eAQmI-D<&%XB-G z-zSIWI4Vl&cBfsvc!7M9>ja^PGf9^|xT&x`gRHcg&d*y``wiQ=*%1`idU@!bs|DXx z_-&Pr5??;yj7vD^cO(;*4C2cA`lSQNg;dyEiv+L@za4zJ60_(Z8e%0XfnTBf=Cdh4 z61rj;8=Ek8&{4JE(o&MkHBHnsmthV$+% z^CGDs2ayP@tn@)7V-O5pu_&aLYi!Oud}O7HDPSJbu{$%h0j}{RLfKbJ;L8?($FY`7 zxz!ezAxJsHr9-Ea8_XKq zuhhwqCq1)Aarzp8osv7A88m>)q*e6#;j<$POxqQmpQUr1LTMGOV&;ocM3&tXxGp*Z{8asuF)(oGK^-_K@jZ1XL>K zE4hSMoj5a{@_|Aopk91w{=BDdO?4HfrVEKBdnb*ba30uG*S|Mmu3qk23~rc9LdFte zh-cmBNf7Ruaj$jpB9+;HkB*kWp$y(2S+s^-?a7!3Jhwrv~* zY}tTVYTok4B-2P4f9ZhcnsB++FnemqrvYC5q2X&!Gy%`6e!FUKFdg(|*P~ z%zYWgIgi)4cLlc7jRwJe3WA;sWu3^!PKp(*@!U}d$Z#`^DXY2kM0{HoeNNYx=qX=h zFbxDxc-2-3mTbI|(>1O|QILEx3QEpqCljRO|G^f{cZZpjGVPglQale^FLl zzn^YanpzX|Tvf%tx_fTq37(&mhVS=A4QZMq=HdbKSwdwQAW8*tEx4rqckYtA2ND2f z5+#XEkEKApuY3}-%vnSapaJPrvrM0Inb;cEvzEytROl(@zUHrLiqX#~8kLg6V_x{0 zJh0C&%g~SK9bRrX=4Oi~P%H$M!!6UePyvS5w#Y0%#b=0yt4u7O9r1`#1QLa^*3Gg)z2=lgezHl-8pf39Nm^k54j$Nrj4yp zW9dw0b%q_Ul#0{ungSQG;ylD=$;AiR07x91NTvR0s!tv-Q;q= zu*{Gud<|k$mjLg}oPs(yoK$M`QGtx#{o|tO_JNRh>r@L6VN;>MOdjaVIMTZo@9vC* z(XDVM$wZ(O(WhzjnLZd%B5oJ64cp>!IND)!Go>N^0d~}f0?Fsf zL9}r6qKQXa-|h7evICEEP*D72TMgu+-1$O0h=PUker&u&o#@_%BO&X{XT{06FyW6J zZjxkNa-1yW<4|~Zx$nfE2(S_Qd4#27HALqCil>s%OBL`jg2Q(s!S*3E2qecw%bBY1a7TxX@GsF*f-`y0x)Tls2-NU7iG(saAiKx95TajZ81{($#n1}neU=N&L#PMjw z>PAB1>eHecWzDcM+Vd6Ycvsw78s0M`_k#SNB|JiQFrgjBQ+-ihGJc6!dOj`Y?>Fi= z{Pt_7vYl~J&G<3Ap9HFA{3`OR)Q=~tKR(mBUce7=%~_2PT1Vq6+;DY|$pb&V$a`pr zGyp;}=@z1y<%l%Tb7>;w-`M-s`NLTL>SXnr`eYgi0BO^L-$<5S(f?RT6Q|!(_l;a_ ziWOAni+`>}l<|I53Erj->cx@IDpc!+vPb)acAe3W*GeC6=zcpiLW^g6WQt!bn$YU1 zvNPpv>>=Fv$2XaI8dT)nu#*T}hyU`U-K~%oEi2v(7#CUQy|6{8@aC(s!WJ(SW!56+ zI9Qr0Ut=|-mTvFpGRR3#;wKf*;;Z9kUx|u%F23@4rPD_^#qlHRtIFzH+c|B+hhSmX zmNcw;U2KeT%y<#BMoKE=_4*veV!=vFmJdiL&H=n77-{j?h zM^=z9epdvD{^ZIb$q7aK!o!qJdu3dfSR&yAQGDOnL+XR#35ckFI8oGRHcms=>j1p& zD6$)Jf%|79>mn`DWzwz964jfpWCEE+L>n`wry6-F~Z_Pl|`S6O9|8;PwHVOPl#8d1c(pU!Y7ZuqBgr$g`Ju?6;E>zxn*HNn_!!vHRwof%aI_OEoD6joe-sIw#CEHz2(<$hdtIZ)) zT06X=$mJwXF}~+9H;?-k?JaLOJpB=cE^tEebETP1U%p2+Xo8l*brUV=i%K9<>H6%X zMyUQA+9`alfG_cehnQ~DNy1-h6cjlVr(Ne9)HGG)bRV)cTgmc_N#~QA;#Z5YAJ4fg zYY+G%doyweOU4|BmKE}l4I>3DH>36pKit#HI5=7EU(G~( zHJ!sYV3a$T=U9T<%w?KSo%1tRLObVld3_omyXw`viCg880WHa;_e4H2|L$q|iGu&+ zRR#a{VB?$nFKKH*-SIcWvub!x*2EL2U7adlV@IDWB?QHl8B!TJ6P(UM{$#I;UAJui z*?AM=8K1^lCsdJw+$u(ysD?i`%KfBQ=H$P^?*SP~ORt`;sL=zke?-CHv4!JdJlUdOkGMT95LI=i)bTx+1;qSU`5;MR>{2e)RN8ktj zo@9Ra%~{uZ7>%wQTc0%>r7T!e&&1u*Q*mZa$oWEeAkrHLn;kBU8$uPf(sYm8#Xktv!L(*7V_Af*(4jxn zAb3BrX!Uc?TojY630W!a_JMw+06pZnbP<&6pcJBEp~)`|cCd(NSC)|mHvE}KXb)KW z=sX~ISZhi<$gMBaex^d5o-#T)%quuR;DT-#C8`Z9k*H6Y|JyD_k(qoG0UB_BW`*uH z)bR=VBMQ|&gaCX;5&XBn!UsEDTG1zCrR`2{-aJ6c1F^(47JgPawr`K%vdg?_r8y)5 z2nBUG(Elhty#@b6f5U`Kc>WY$cT4^*dHB@=whTaVkXu(q?lkzXw^;Z9|7aBpg8YwP zM*>QK0!8bR6Mw@r|7KOKV!*F!TU4m zdggz1@vn*93xyWoNk|L!R(C`EU(O236QCvIjP|DgahYDX8YoJAr8^oZtQu6nhy5Ed zWq1sJ&l~V}Rmi6gGa;+J0V`BBxUP9*yKNkE$NEEA(p3QIp%8)inOgNr!{gZ% zjWzi3OSZfi_RIF6qx!D^sokoDY9hDgO zR{Qlxg}|@Mq9%t7m9dGRQ6w5YbGT5k{x`Uqx;QcD zr)rG)1p1gZg&6tDA9ng#{zo6t>$tWK_nV#&J*#VEnc}gABB-rW;YXv&*DMgDYZjJ# z1l59N!f>9q{G^85Q!pZR_d=-SetTQDFp){88v<8nbsv22w3RN`H^5mMRql~;>L&nE zb)_;kdQh+$LPxIpNYv=dW}z(^xN8gBV3G}WzUL2#u$d>nIx$}yBqKAS0;#uZ>lMDc zW5)dr@_9&F$XsrJ?IftBIHBBQl8v^irp5AjNl>|eEMKjd5~F}(couWcw^xJJ0Ika3 zS-kah|LD{l0Dx;$QEYG8-45Nq$o-+sl}pis*IPCvVNECuL2U?2Gv1-0j|qC(+{z9K zXLu#pXH1PC5w7;DKa>;G8ZbusSwn3& zY)rSdR?h4D(cxw@K3@462PA^3OT%$R{^W|A^ZP&ZP9ghNX3q9)_5FwCrZ?;(H}&5} z=e$1{q|X}NihLZS@QbC&0;@ip4T$&|YDL4fBW>YARvrc7;9I6O zGy7>>(8Al5r8nv?B$WHAz4BBZRfePXQgqIKp5e<*4Zf{eG79<=zoQZLWrZ}UG~Uw% z0j|;`GL~8BgYF@daru>$D)&Q-fR|X&fasvL(qr_?x97I$$fr4~%*%F8JV9I(CcsVl zijkHnnK)#iw={lGpw0J%VtAZRGU?S)G^|fxzt4q*?*|~UIqr=cQ*6{5gOQqa1Q_p7 zFOJxjkeDEnD+nhu>TPzp_C6j$_!6=tc(E;SwLojRA`8iR1aiC%TC=jO`(T9gxPYgi zpR;voJ$~U&4B@7aB^~~bL+P8ZnTNSbw{m^!b7;Uzscz)1wO-r1xaQH6xbipXJ#!1S zd(Iy)RcibSEltos8F|6X zqiw_c#)QQB+7x;5p-Wjbb234@Rc$ALIfe$R*nvwa6|#hDF??bdn%c;a3`ge!5z3!f z^|R|-ji(Lf(fBE(7VW;jMMrPd|AUU+)@PqxCL)-bvlXsOqA(01Nw!Heeu@mU>Q|kx zMSyYm>C#TFq`$xNgK@>Fo}yy*;8Xx_54uam!b1j`uVz-z4544E7HiO+-T!K+6F5k+qD zhc$N8vpOW^p==^WC5qHf-;ZPGMZ*X}kj1Eh)tOcds{FeXve%9peg2GhxpQ|UhUCLu zn@+TrAxHZN<_Y_^FPu-PJDzQ7*a75b_}Q5Zu_kjE#9WXvl}{=$9E?exj;Pb=U^}!c z!jYh*=m8XV)gS%dute9{nJgW3@U1p^DQhZ`rXMyXH@bjUWb1>Y2ufdXoR`O0;j_1L z*Wlt8Pk0Z>DSXa>%Hx;ux|)s@XmIRRu5OkW@6Hx~Nl1xCBe=lAt*1ylE2@tfl=Y$` zEikNCW6-1|ki+lsb)`{E73WaaE)m;D(iE?J&PtDMMK0v=I7tHaNNC{=pv(E7;#$)+ z7fdxwh|5)~tMr5$fK%LwVuIvqqm6A=nhbA7wd_~A8ZeO#(1>`SEO%MqTV^xA6O|dw zqE`-P5sVZq2OJXQAV1!JyHdaYX~IW})LU(v)FBjnBRsY{?%%>mQ0PLmPO)g}x&5b~ zNJB!cRocjyyG=4JrcBQ!M_8#tY9ZX|Zm#?5*;lOLs0?nB-o8QZ%)z zngSd~q(V^;T5UFiadZlKMtn>hx+_n>zPpk*pm45}&}gS%M;%4Ae!+9|sYtkXFvFO;NN*sfS-s-DGBc74dCKCMy@hS6XIRSj z*z@g@bHCM0!yEbKo9D7P?Ysjq>>xSFHPy3>6r(~W*;F#@ z0g0pYi$Pg55K_{zJrRc!mDJ^M4|FF_utN3BnTfgPlMr+S90!+=1trlkmix%YfHG`i zPc*MWbSAg|u#=ipD|oDILI9#;m5(wPT5|<~;2c+qIyE5OQ}-!dJ;M2{NmV{P??($_xQ zaZ6HLkt?)NT>mL+B!6}^@J2F5LfDsOV8ay&y#>>R+K07@+204h~5iEHh1ErOZRu;EW7;P6<#Rx^SK^dK?nsP z%e9_qUzDvb)^FK;Q@KsC-4aPBPMoYl7umkt={lslJ^1AnXuK^f?5wDEzDrV>t4Ixl zNG(ZFnjcnFD$g4C4jwug(=)&GNjg63U@qYJ!iWa4^*c}5KbnxILwY}iaQkAD9u{k4 zIhxw0nV;S6T2;S3%_wj})&itxoW9ahmhPOC2xDH-;pJhZorsoIc%~Q2@RFTb=p)uOc*gQzK7Iub7t zx!lKs5A5HLcFuXE|UV3ouSyo(f5p5`mHoawjmuqME#AU`b_;V z%ZO+v%5r2^sPsUJ7WQRI>wH#^Co#y&Yy||eo4*jz3>Csqiq9^LM))sTh)PsTWcaVk zjGc}yt}xLOD^$R6Kr^W!(zCUU0#uV)WJk_>bhS2k%-4&3r{x;pHC54)*cFlkBL(t? z$I~9i^eC2CX<FD_)!%S7~z>GSA0GvcKjj97g*nQt=PEV+A-01BfIM=d18|A7_t( z5xn^C7hkUgnIm7&XEz4yEfT9p3G9{n$e!gIIN}w&KkR6Ig~~%sd_pQDPXBC2yZZG! z74(_c2V6jcV&h0E^SjRiRAh<2?mvO#U-gO#xejgV?1^t=Vpn0AqvPG%e@L8ek6%N< zaW9na9UQAf-jKIC;H2ch89q4QsnY))7*)hbXpqO~bSHPDgr{)SX%JnFmd!*6@F>^^ zn?(DgA`;CHb6O)cUf8S9btl2{U;oI%(K(?2AzW|E&?mlV`8uAp3KuZjn{}s4a%Ht@ zX+Ug*VQYY{X7%u3)#|Px{VGqxV!D@`jDe4Cd#CW=UvHcL-(P>s-IBS0{`>s93Pbivz&KKyOmfo&4qBaO{8hME{zg<`02VvO`x_ z2kw79Ih0$q)9azVhrdT@f3qm}Th~LF)wcAGL}w2V>!tlUl3QqMpgatEY!hoUT~IdH z1i5ILaXmYQdw|1|uV0JI(gJUn`Yct%S`ckoT)O z+yJ8M3{u(OTLboaNNY~H@ObHRK$@&ZD}JJ|VF#cSsLMW10onHPTRRC z>R>wyZ3m_4mCIsLILlgx1H^__F8>EEJqH36zPymt`O^KI+7Rj<2&A5nM<3v@IPHzN zPS-h+$l}mR>=gefuaPA*Gvc`|$`X~iO+HHmAnuUDrpHLisY25C5wEms-le&UJg9m* zyx7GUCSO-!o?|nhQY!3mUW$w#w())kvA2&a15P52VJk2)|GyYShFOdLsz*n65wGpw z$7yS{)cQe-;Z9($o8nTsPQ@5ap${FKexUzA1DC(-D}xF!Hm>OL-xXvs^Fg>4gHGl6 zmJ&>s8YQGQbKpNyY4R4DC!WY8jIT!R*j`S@=w^5C0-?|px0u*UAgAr<+djkEcB_=q z?|BvxZyjM{3EpeLelS)^Q(rts6>Oih9r zi98in0fbG_tkDEje%B@*b$uJ^G+M{8tDDMp)W&LAxvV}VkJBbOz|nlc1xLK~`+NJQ zFT%)KclF%53*Q9Mq^Lgzq!!qArkx#PD-}!IV1KdxJQu3uPsl*f8n19Fa?*NM_uI$^ z_B|j~110_ybJScVCvY}%ALl8eFd+pY#6_ZCT!-jnv*W+lFY&f33>%%6TQ>#jrBuH4 zQYz>`F@Th=$!u3@c;nFR5Th(cURTA{G}*cv#7&@1H-L@G68d=d!SCobQQawkLftYU zD0jRB!2+NOAzhenlsHG>u{vm4|Eb~0VZB-zQfF(&ybVNPbEbJt6V_RCl_3JbKe57qEeKi* zvKyk8JJ=N@5(OZZoTk;nX*atWDrtJ^_DMZAr*otduo zuL1OvUu55*ar%Xl_FMmMkk&WYt~mNPCu_gNoh#J_k4KI+nk2ICag4kDw#Pk|eO$GR z3E5R@%&=3I>%1;rYcT3P1+;eT=A%+Gc@p>3Cw5P+I!*UuQ^I>xQbqYI@*fQCU zhz8XAs`U_7i7*>74J>BeYRa@KsWaP(Q$^NG4r`o-(A3Qbk8>`_68{H@4ThI0CLX#KaZvB!t1 zpua~yiJ6cd*9XiMM|%H8SiU7j>+&+XT`7uiw6;cxLd8TK(XG{2#!dtfZ1esn~1p F{{v}|68!)G literal 0 HcmV?d00001 From 70bd62a6d54f2565d5478779f3bd771f131f798a Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Thu, 29 Apr 2021 14:18:01 -0500 Subject: [PATCH 069/179] Add photo attribution even though not required by Unsplash license --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 73b6221..fb919f4 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -90,7 +90,7 @@ The website has been hacked due to a compromised key! Now instead of our link to ![Screenshot of Engineering Practices Guide homepage with cute cat photo in the middle of it]({{site.baseurl}}/assets/images/screenshot-fake-epg-hacked.png) - Oh no! Who added this cute cat photo to our website?!? + Oh no! Who added this cute cat photo to our website?!?
Photo attribution: Tran Mau Tri Tam. Unsplash License. ### Example mitigation steps: From ebc13a5a529cafe6909abf768f73f2016c747738 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Thu, 29 Apr 2021 15:55:51 -0500 Subject: [PATCH 070/179] More WIP --- _pages/security/incident-response-drills.md | 81 ++++++++++++--------- 1 file changed, 46 insertions(+), 35 deletions(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index fb919f4..eac5f71 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -4,13 +4,19 @@ sidenav: security sticky_sidenav: true --- -## Why do Incident Response drills? +*Table of Contents* + +* [Why do Incident Response Drills?](#why-do-incident-response-drills) +* [How to Build Incident Response Drills](#how-to-build-incident-response-drills) +* [Example Incident Response Drills](#example-incident-response-drills) + +## Why do Incident Response Drills? You don't want to be creating or testing recovery processes while things are on fire. 🔥 Preparing and practicing ahead of time is a good idea. -## Preparing for the Drill +## How to Build Incident Response Drills ### Finding your weak points @@ -26,18 +32,16 @@ This will help you build a set of incident scenarios to practice recovering from It is likely that your Agency or OCIO has existing policies around reporting for security or data breach incidents. Gather them to ensure they are built into your response. -## Example Incident Response drills +## Example Incident Response Drills Scenarios worth practicing for a web app include: -* [Scenario: A Deploy Goes Wrong](#a-deploy-goes-wrong) -* [Scenario: API Keys or Passwords Exposed](#api-keys-or-passwords-exposed) -* [Scenario: Site Defacement](#site-defacement) -* [Scenario: Oops, I Deleted the Database](#oops-i-deleted-the-database) -* [Scenario: PII Exposed](#pii-exposed) -* [S3 buckets are erased](#s3-buckets-are-erased) -* [Denial of Service](#denial-of-service) -* [Service Downtime](#service-downtime) +* [Scenario: A Deploy Goes Wrong](#scenario-a-deploy-goes-wrong) +* [Scenario: API Keys or Passwords Exposed](#scenario-api-keys-or-passwords-exposed) +* [Scenario: Site Defacement](#scenario-site-defacement) +* [Scenario: PII Exposed](#scenario-pii-exposed) +* [Scenario: Oops, I Deleted the Database](#scenario-oops-i-deleted-the-database) +* [Scenario: Oops, I Erased the S3 Bucket](#scenario-oops-i-erased-the-s3-bucket) You don't need to drill each and every one of these scenarios each time, but they are good to plan for. @@ -93,29 +97,27 @@ The website has been hacked due to a compromised key! Now instead of our link to Oh no! Who added this cute cat photo to our website?!?
Photo attribution: Tran Mau Tri Tam. Unsplash License. -### Example mitigation steps: - -TK - -### Example drill steps: - -TK - -## Scenario: Oops, I Deleted the Database - -The database needs to be restored from a backup. +What happened? Was a GitHub account compromised? A Cloud.gov account? A deploy key? ### Example mitigation steps: -1. If you're using Cloud.gov, follow [Cloud.gov database backup procedures](https://cloud.gov/docs/services/relational-database/#backups). +1. Contact `<>` and inform them of a breach. +1. The first priority is to remove the unauthorized access so that there can't be further damage or information leakage. Figure out where the deploy came from. + * *If the deploy was triggered from GitHub*, you would be able to see it in CI/CD history. In this case, the GitHub admin should immediately remove the account that triggered the malicious deployment. Rotate any deploy credentials that may have been compromised. + * If you don't see the deploy in CI/CD, that means either deployment keys were compromised, or a Cloud.gov account was compromised. Look at the logs to see which deployment method was used. + * *If you see that the deploy came from a compromised Cloud.gov account*: Remove the compromised account from the org, all spaces (starting with prod), and all application (starting with prod apps). + * *If you see that the deploy came from a compromised deploy key*: In Cloud.gov delete the current deployment keys, remake them and add the new keys to your CI/CD tool. +1. Isolate resources: incidents that are likely to be malicious need to be handled with care to preserve forensics. The most important things to remember: do not delete an instance that has been tampered with, and do not redeploy from the last release without removing routes and renaming the instances. That could get rid of valuable forensic information. Instead: + * Remove the route to the affected instances. (This will make the bad deploy inaccessible to the public.) + * Rename the instance. (This will preserve forensics as you redeploy.) -### Example drill steps: -Assuming you have a staging database using a dedicated Cloud.gov database plan: +### Example drill steps: -1. Delete some data from your staging database. (No deleting data from a production database, please.) -2. Reach out to Cloud.gov using the [the non-emergency email address provided in thir docs](https://cloud.gov/docs/services/relational-database/#backups); request a backup. -3. Practice restoring the staging database to the point in time before you deleted the data. +1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. Choose a scenario to drill: compromised GitHub account, compromised Cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill) +1. Practice the steps to remove compromised accounts or credentials, for example, by deleting the current deployment keys, remaking them, and adding them to CI/CD. +1. Using a development application instance, practice removing the route to a instance that may have been compromised and then renaming it to preserve forensics. ## Scenario: PII Exposed @@ -137,24 +139,33 @@ It's discovered that PII is being leaked to unauthorized users through the site. 1. In a development environment, practice putting the site into a maintenance mode or removing/hiding a page on the site, whichever would be most relevant to your project. 1. Review any relevant corrective action / affected user notification procedures. -## S3 buckets are erased + +## Scenario: Oops, I Deleted the Database + +The database needs to be restored from a backup. ### Example mitigation steps: -TK +1. If you're using Cloud.gov, follow [Cloud.gov database backup procedures](https://cloud.gov/docs/services/relational-database/#backups). ### Example drill steps: -TK +Assuming you have a staging database using a dedicated Cloud.gov database plan: +1. Delete some data from your staging database. (No deleting data from a production database, please.) +2. Reach out to Cloud.gov using the [the non-emergency email address provided in thir docs](https://cloud.gov/docs/services/relational-database/#backups); request a backup. +3. Practice restoring the staging database to the point in time before you deleted the data. + +## Scenario: Oops, I Erased the S3 Bucket -## Denial of Service +Let's re-create and restore from a backup. ### Example mitigation steps: -TK +1. If the bucket no longer exists, create a new bucket in Cloud.gov in the space where the bucket was deleted, ideally using infrastructure-as-code or a deploy script. +2. Restore bucket contents from a backup. +3. Verify the bucket settings, permissions, and contents are correct. ### Example drill steps: -TK - +Follow the mitigation steps above in a development environment. \ No newline at end of file From 5425317c1920a32af18dcb976e64dda17357c639 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Fri, 30 Apr 2021 15:06:55 -0500 Subject: [PATCH 071/179] Co-writing session with @lindsayyoung and @rahearn --- _pages/security/incident-response-drills.md | 47 +- assets/images/Drill_scheme.svg | 702 ++++++++++++++++++++ 2 files changed, 742 insertions(+), 7 deletions(-) create mode 100644 assets/images/Drill_scheme.svg diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index eac5f71..db4b3f6 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -14,11 +14,11 @@ sticky_sidenav: true You don't want to be creating or testing recovery processes while things are on fire. 🔥 -Preparing and practicing ahead of time is a good idea. +Preparing and practicing ahead of time is a good idea. Running incident response drills on an annual basis at the very least is a good idea! -## How to Build Incident Response Drills +## How to Run an Incident Response Drill -### Finding your weak points +### Identify Your Top Risks First, create a boundary diagram. (You will very likely need to create a boundary diagram as part of your system's security and compliance process.) @@ -28,24 +28,57 @@ Look at each box and each connection on the diagram separately. Figure out how s This will help you build a set of incident scenarios to practice recovering from. -### Gathering Organization Policies +### Gather Organizational Policies It is likely that your Agency or OCIO has existing policies around reporting for security or data breach incidents. Gather them to ensure they are built into your response. +### Create the Drill + +See [Example Incident Response Drills](#example-incident-response-drills) for inspiration! + +### Invite Everyone to the Drill + +Be sure to invite developers, infrastructure, and compliance professionals on your team to the drill. An open invitation for your team is a good idea! Letting the team know that you're doing this kind of activity builds confidence and assurance that the team takes security seriously. + +Give advance warning to any third parties that might want to know that you're planning an incident response drill, such as Cloud.gov or Login.gov. + +Schedule more time than you think you will need! If you schedule half a day, you may find you'll need the whole day! + +Ask for a volunteer to take notes throughout the incident response drill. + +### Conduct the Drill + +Follow the steps in the drill, making sure good notes are taken. + +Team members can rotate being the "driver" who shares their screen and walks through the steps in the drill. + +Image of a hardware drill + + This is a drill. + + +### After the Drill + +You could end the drill with a practice "blameless postmortem". This is a low-pressure way to figure out your team's format for conducting postmortems after an incident. + +[Cloud.gov's retrospective meeting guide](https://cloud.gov/docs/ops/service-disruption-guide/#retrospective-meeting-guide) has ideas and checklists for organizing a successful post-incident retrospective. + +Send an email recapping the drill to all stakeholders. Include the outcomes of the drill, what you learned from the drill, and any follow-up actions. + ## Example Incident Response Drills Scenarios worth practicing for a web app include: * [Scenario: A Deploy Goes Wrong](#scenario-a-deploy-goes-wrong) * [Scenario: API Keys or Passwords Exposed](#scenario-api-keys-or-passwords-exposed) -* [Scenario: Site Defacement](#scenario-site-defacement) +* [Scenario: Compromised Account](#scenario-compromised-account) * [Scenario: PII Exposed](#scenario-pii-exposed) * [Scenario: Oops, I Deleted the Database](#scenario-oops-i-deleted-the-database) * [Scenario: Oops, I Erased the S3 Bucket](#scenario-oops-i-erased-the-s3-bucket) You don't need to drill each and every one of these scenarios each time, but they are good to plan for. -These examples a web application hosted on [Cloud.gov](https://cloud.gov) that generally follows [our approach](/workflow). +These examples are for a web application hosted on [Cloud.gov](https://cloud.gov) that generally follows [our approach](/workflow). Please adjust for your infrastructure. @@ -88,7 +121,7 @@ An API Key for an AWS service was accidentally committed to our public code repo 1. Practice rotating the keys for that service in a development context. 1. Practice scrubbing the fake key from the commit history. -## Scenario: Site Defacement +## Scenario: Compromised Account The website has been hacked due to a compromised key! Now instead of our link to submit a report, we have a cute image of a cat and a spam link to follow cute cats on instagram. diff --git a/assets/images/Drill_scheme.svg b/assets/images/Drill_scheme.svg new file mode 100644 index 0000000..dfa2fe1 --- /dev/null +++ b/assets/images/Drill_scheme.svg @@ -0,0 +1,702 @@ + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 4d6bedda4d72afdaeee7b47e9fdcfc9daba3d6d9 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Fri, 30 Apr 2021 15:10:19 -0500 Subject: [PATCH 072/179] Fix internal link --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index db4b3f6..ba0ef10 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -7,7 +7,7 @@ sticky_sidenav: true *Table of Contents* * [Why do Incident Response Drills?](#why-do-incident-response-drills) -* [How to Build Incident Response Drills](#how-to-build-incident-response-drills) +* [How to Build Incident Response Drills](#how-to-run-an-incident-response-drill) * [Example Incident Response Drills](#example-incident-response-drills) ## Why do Incident Response Drills? From 0de4786cc467414962a62ad8bd5a6d1de2276f94 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Fri, 30 Apr 2021 15:18:55 -0500 Subject: [PATCH 073/179] Drill img fix --- _pages/security/incident-response-drills.md | 4 +- assets/images/Drill_scheme.svg | 702 -------------------- assets/images/drill-small-wikimedia.png | Bin 0 -> 34022 bytes 3 files changed, 2 insertions(+), 704 deletions(-) delete mode 100644 assets/images/Drill_scheme.svg create mode 100644 assets/images/drill-small-wikimedia.png diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index ba0ef10..5b04387 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -52,9 +52,9 @@ Follow the steps in the drill, making sure good notes are taken. Team members can rotate being the "driver" who shares their screen and walks through the steps in the drill. -Image of a hardware drill +![Image of a hardware drill]({{site.baseurl}}/assets/images/drill-small-wikimedia.png) - This is a drill. + This is a drill.
Image attribution: Włodzimierz Wysocki. License: CC BY-SA 3.0 ### After the Drill diff --git a/assets/images/Drill_scheme.svg b/assets/images/Drill_scheme.svg deleted file mode 100644 index dfa2fe1..0000000 --- a/assets/images/Drill_scheme.svg +++ /dev/null @@ -1,702 +0,0 @@ - - - - - - - - - image/svg+xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/assets/images/drill-small-wikimedia.png b/assets/images/drill-small-wikimedia.png new file mode 100644 index 0000000000000000000000000000000000000000..bb21c7c444c0660eeda67147f75ad9e7f81aa44b GIT binary patch literal 34022 zcmZU41ymeSkS!M626uNI90m*S1b26LcXtnvL4&)yyClJ#;1XN{!7cpB?*839|Iayn zrn}#J{krRQRo%K(9jl@&gN96m3nzL}bun0%XJW<+-LR*Q*AP%{bsF)&0iJ}^EoQ;-QZ zFxVl$+=0~?f+|)WY_~^Epm=U#`&RR(>WmQdWBao}-wi8&X^$CFnIFzTMw(tOYRNm4 ztC^daDiSQLIZR5efsq=NSv%BEDyfe$&_B68o_iqrqs8RGnUX_QBO$rLH`PP^g!xVw z%lPpgn?j!+Nlu6~7OfQ@ZgqGgQBjcvu_GN-B~4EirYP?Qg(;qMflD5TB$P6}YA5SU zO?k12g^9(t0VrhWn9~`)f!%KmW1*M|KH~!>9T*JX5-=w|M4c3Z3h?PDN4O0L2|AL2 zK$2Xe6rFTLZ>W8~%sp;%YQ!9WL0H(cmiKqjXxQGG?*ms4&+qU3?eFjJ-h{BQH>~hc zu-j0JK}K~x=^ED%iE3Hu$XO{VK`}x05uu=?ZK2>Gd(e=L2(m#z!KOt)Awd4IAe&?X z%>QkLHZ6et@BQX~9mUiogH~imQLZ=x_HLVB>e`#O1;`mj2=Q~&2h{_k}pE#1xCY+XETot-HDUDwpi+0#Rqit67)|NZ;V z`?U12{hyhf-2dybAP>m?uZ5k14aolA*M$Qq$eiO~Tm`GSEZhf8_gLga3Eq|2yzMrqunPDY?0L{`ZvstL48&3bFrt z^8Y1?{}l6ooQ23)1X+mvzt>Cznb<>P6$gfOCr_td`@C@#~#Xh0Y|%nq-M?8xeXSime9wAIj>`43h<4j7X@QjkYMrFyyF zHH**jRs^KCvmPs1bseI^&!&tnj}!4kBAz0??Ev+az7ALEk76NN4PkJ>`1WuEA^vx# za-T%sxC5_8@kfbJ@_YONSKiLv8^qKmLU1DQukLP+DDKftn5FZGi*Q{Q9O zhlyxr$AMF`&2#&mS<>bN?g7Y?%ez190iz01Rvow)Zm>KDGl0BcrX zIws7JU(v_4H-}T|s%zfyA_edTpn-5E1VT*2j~ z!tJ)P8pt;$&x{c6hZln3qXtUWW6M*zvICpUk9LHG-;hw4F;m)l74asAsUu3?SezgUjQ0Em}Pbz2*g)d<@p> z_2XHpGhAn0na4+%0+|{cXy&U!!3qPC--X_SkHR3QoB9KWCO$(LNNZ?Z z4wotBfT?-!fj-_(7G=ZW7tb9N1)^n}%jv*kb|RTmLD|Rn-JRn4ztPuFUWEz}eZIyt zp>ycr*#+2!KpFMRBoaw&2fz2i*ZMkR5A0@W8>QMI^2%@>f|@`>;IpA(Hvn``5Ir3o z-pdsK*x)F68gUim5#UogQ68v5raHa`J;x@I37>8yp)Ic`i~f}je!IiR^*+K0XH`hu zZJ;rL!|L0)Kx7cui*t8Cte`acaQ*UIA->nKWiEJTG9s~0Tu3AubHHlDdpl4jhu6`q zBEKHj${z8zuBz40RmnMoPX0a?glvFk~Bmbb~W3KES(+TTM8Is5VEZ9>_3Dd6C(>&*+?LFax z2#>E8FL{XxrXfaFS()uVbWInz?HQZn94#{ft(#j2D1!+WdV=-ai=`*2+;g|oMZTY= zwWK@GI~yzJ75iu^vQVbP)v5Q2el(RM^Y-#!ZP@UIRk)hE$6?T?Lka-qw#DKihn}eK z|100V>7}n4@)%bLFp*oGofr;R4UEO)B%;x8 z2VgN~7e0v^*0`$B&45flApL%}qB}P{8!djrho+T9<2?jB{ZmE3V5A!C`)N<+`{F3` zAyV%R)pJ)9s2*~N4cO|B8g+yJMkM60+F&N&t?+q_Sj@wtrBpv)Y6lUB&HD&*eHBL) zGH{W>q{(!zo34~9wy_ft0k@zKa88TZ;2H6S1qb5>9wz0HP7(ZZq5PAzEDHrx0DnsN z2NTqQSXxt9c65wd1{jDWL7u<2@=AA#W>wmqHW5QFvU*UU+mf#8?wFQ~HCd=qq_RqT zi$p(+Xk0E;(?ipbl{1J)_YS2ssA@-zYr;XJ>lneMiQ}g%BS8o3{FwSB47t7g{8pxA z>d5ry7GV_`psq}T?Lt|L`;qe5hsUJdf2z_!y9=E~9Wqr0S*5w|-+dGHKM!}ndD}rR z7cHj4@Xgf$b{23t^bWt4b{pm3q!S3ly1joNt~lWKBM3F{x0E9nplU=w9)cAfqm%*0 zgo(>~x@1P=rRG?vPYn**;oDNZ@z;Vr(?95NU?l%>5bnBa61ix8m)C`SE5t0d5%7bq zV`30@I|ey;NJgjB4}R(ntABIv_X33A2w6{)K&(dVW|INLk7&W^VBIfgFvIUh?TdAL zUFaaQ!P^_=mVZ<1;IHo+Jo*bU5N;`C;q?HF8BfS$-AR<~1+XyRvQu+&CojK)OeU0w zP$26$riVc`)sOi4(En~Zj{27e2L;j@Ki=}bPEH(I#QhMpob^wg<^CKf7UF*BL-*~T zDF@UVf>zxo#v~yA=6bnACmAuvRZdQh0?OeH~lf4^J zqgqP|-r@ILaWv%a2RLDJuNFAjq@^;7d<-4ek5ABo#WbRJk z*@8`xP%x>|#9#Bv zw?6Abw8HabUh20~M<5!&B(EXL#7%vg5{hReol)IpyDxB>XP^}slR>=<)p4sQ%di&( zljARRHFZM2w1}|yF>u@Oj8(78BkR-50_o@B;Tq*U&}7IabX!zl14vu~*vU8!@HxoP zF2R|!LmY49s&DkUHuJk0M3`c~=^O+=-l3}xe-3tgA)Ww-j7<4qJGh_y(*mpe@YrFS zH|NnUf(uAPHE8;=J;- z8iF?>F(xG1h+RN@+*@TOfOpU_#h7&ZzV-@}5*XorWgA{vu4gK@s{RdsI0ylq zM0Ta#xZL;V@PyYN_*|`BkB7p=ni=N#LfF}Ani;W)?0tQK%3I_AaJiHL4ZB&Z-##ya zA*{g?67+Vra-jdgy6FD$;4o3(w~=T)fiMm4NMs1vDp3ZTVYbS&W?XV|Im9n^tR?K8 zQU5xEKod!sWHO#t9p8|)e|C~rBtRP$4jzL{@$LDpxe`HHQE{<=zUX(~OOjLXotDy? zIJFP(V;morsUk$3Sl+INF&xsYN+Mm|SSBO#;F78_U(|Fd!~xT$g^Rr1 zF0i$zbubw{t<>skKNdyLG!U*-X)@xr|h2YDa(G$lEhUjaGL{K(+CjQrE2nu1(pNkIK4t!9BjI!Mu ziRF!6gWwUnwU)|Fw>F}=BD973!SjaQyPwuy34hcQfu*ISQU$kI6t8#8-!M(&bVMEE z11C~KDACr7#>s;Xth9{!0y-D_dF_`IATOL{wS20-iUfrq*V=5{;ba!I@zdZ22LiPY zg$b9_Qk7;8VfhjjaS7=%60rqkfFpqk!L0t!=^)g=x$0;hu$RKzj?jgxt&l8po|*_hgw5%k|*rH%s2tBBPl5(V-GJ-;zO%T zr#9ZrWr)cOE9h~oV#5~rd|L>QM#LYfR2cO*lJd``{A%)fC|InZ+R-r0PQe0c`)lDW ztNd)Tj4wOX6ZF0;na&fOxWqiTnBv=RS#CXCnIkvo#$C4vIJ-EleWK|Qi-s8Xb4&vR z9W@_+PsU6}c0L`{xx7YVXc^@JOz*$q5*bUkYfy$}q zg#NX+{2@(Aytm-kZ|Vr+1fAGePlxNHah2ylJ{GO~EJO@7N!tM;dS79?c^%heGh`vl z^OHo$J_K!LXVR3f zvNy>a{I!nQ02*pvS-EI_c{=)fksVJtfPR$G+{?{lw^(309Ch+1q;ZpL+mjCxMQkQ^ zBtNvf?n`$+YY6Wn*+V z%M_*HiuMK3Uer%+1hWbCeCb=2~5 znYN2vJS87vj`irGE*lBU}bt=(U$r53f}WxvonM z=6*2Wa%Id|&izyh`vr@UT2MxQnmq9D2Zf0$m0JT!2*@D0&%Q%t#F;<({+Yg%7$`Ku z_El8o%S>KbHIkeM4`VDA_Gboa<{a^`@CuEP{#Ups!*aF1w2ZO=VX$wE8oAL=2dXw7 z<&fVWu+@KjErL-{(Q{po2kX+D@$hpbzZX3gXt3Lsk zsS_UChP^hg5I?wjq2q_F>moh!LoC6_Xd-Ak0**FUpRu$K#O=yn7ta@c~)TI-Txos{-Tb60*G zY0&$718WBiY*aCRLQmio(OhJ@lW>H|2(+Gx1<@CBR{dA5i`C|2CM0-be62JFzGxyz z_}LO(4h@l#xJS6OU?kD@X|weuMLROKF*E6$qx{<5cn87w$C2IHMm$pl8{Juo>9Ip zmUtj$;3)Ec3_z!|P+8#I+nD*pdDv|GQ-ie!=fIf$x>MPA@8zR7XekL9Z+r!%?%ka> z@ifjpOMEIN%Ri4Z(sS5}a!CsV1!sJPQIPNJ-_C65gK$_zO6F*-T&2PpK}~i7Y;>($ z`2u*?C1gW&|M?DA^Ulh0*$BI{tS{kj*V#Pwxqg`7_R?H)2Nb;55@PJAza)cUOd1s* z-KC~GJbOvLgm5h5mSa~MmNHnbM)pwxf_om)5@ZT3Ps_#gu3{G;7S)Rg6v(u9hlBc< zLxy%T=!c8!nU?xlCfHc9sA1J6+lxQ6&e8%2K9>P(D}wY_ZcscqC*5}!J{iova_Xz<+;CuGjgoW&;i-=Scm^vyAXy~`Lg%H=wI}8Tv?v)W-AlC)?y0* zjjXoi=S&jXQTj^Y2(gtqe6c0haZ>NuGj<^bXKuVx*lVCi6keWOp^TkwGR=c{@t@o4 z8g>D!9Il;HgXpY=X(++9*BSBCF4{UX0DOX1kZ9J&3p0g<9>KiNnIxp~rGJbs1wXMe z;k}s~2Q!9W5-rZD;dZYK08xLRhLh#;(8%isO=;Pb|KBQ$|%;^ z1jkrZTi3g`xMB!V(MmDSYNT<-kGTNUjHNi|BcV3BMWA-IZaWy$Dc0vyfKh%}fv zLL~(Pi9VxlW_YD{*wTlJmp+E787(pPLRpBdIZzv z@fLEDcTdU;kY)nI{N~975}PjIV_al+172lBi`nrH8v0N9EDI!zM}7f(whPK@&!7d~ z^N96P+#r|!{x|L^ktUw^|TAQ*rhSbG}|oHw_OPAWF;dl2{|j=pei-G zI5TPqSxMY4tX7AIbKfUoJro>vH~o7q+w3<64vd_;FL=dS%(RhE-yq02V{o-KMjhHy z&cUIkj#z(5O6ycqYh&Q&+!HPwvSmn&+P70^zM&bsn#8b-=Yi51zimwrH;4xu$|V!+PBcILA*O+^O9A|V^pik#_wsT)#Lf> zQL1ZYk{c~=K&aOA^H}zMxs*B3ci4(tXs)GTFdRXltVBxx(2?RZd{L=@glnqU5Vxuz zBayj^2A;|hnDgM1$de?e#c^s@%Re5Im%nQfnJVp#S_AN|-PS{8=5Kbljw4cpLmb5yvlxbH= zsektGVf^<+U|X(7=4_Fu%=)))-^~D#F z+D&W+PT2J?i9e#|a&nYqy)8!KuJE-0E}CPFe;oZ->fiLGJA?PTBUs2y^o+s1yG9|1 z-|AXi_g}~EW*+j3|4>2AZsKVGLY!~1>~GUjuo7j%;nAopSeD}`D$j5^n^l_+Ti%Z8 zx|;1&tqE$!>MaFVYr?x=wD20*Lb%_9-yeeKhdz*HDV{=*at%8DraWyd@N@S)Y00Nc zMiQUVmf>|~srjER%;{_fsW%b9O)f!2B&NJ{El_{L`7t}iEkn;bJ@yHlCOh{)8iY-` zJ;^=*zSHdrSa0i%epU2w-zVR6_H(%dPuE;(qR5vU`gYy69|LDMo`XGE<2J|j&uM4 z(#()3jqzfmQ(c`ddgTa0#o7HS2r(i6sR|=n*?s@%i_VwmgI!*ayR{gPImR@eM9OSN zf9|r+#5@py!NHrtZ?f6td3#phk42`Vc>j-J2u$!`Z49~~+Jz^nuqXH9MZaMv5txsA zzB~Kmel)!_Sp>Z=9zp^9z>0{~Z&YSCH&<%;gNk+RWSX}@H#QLjG{F?QsWa%@o2K;f zG=`)HdII#{*FNU4c0l|4=u~yf=;hh5!R2%OMpQ)i(`LO;9o&F~Jl0zo3r90THwhYY z{F@;eabQ8WF#!oQrVQE+c4i#Pra}tb3_--UQC+GgvI+>d7;&rft!t_T9m4sXy3Chq zC@Z7CvEB~$R{M`jC(vT@8pxL)){=a(wWwr0Akx6{DP4*i*iil|Qmg46F(p!wYJkRD z@-swI0#FJgS#y-bA(y0CtE~ulLPlIp=*O~YRYNf;v17w_ho417CC^llFlsr$)~p$WBcw4% zx^SAqv_&4yOPfJ{Bv84>M@wMog1Bzlqze%quH9WnE=1(-qq$zwFYV{^=9%MZ!QbhG zou0%IU-%{!SHn>{obKdL)e0NBD-ojiHCCe8=>a{xEi|%qSy@?B#iKA&*^#$ZKtxs| zQeFpw-akK>vrp>`30FK*54Y+Um69i%G>eYw6LSo0)igIFBJ9=hQ9pC9TI66YU(blX zr)MdjuGH68RuFU zxTS*&T*;5*tcGAy*U-)2h^fW6f~^X*X@R9h(y$XJe*Xn=n9c(>gT9)jS%)@kJUlwS zeUnYoSR=m^+UJ+w{g%=f5MF;S4wsn)m$_{P!X3JtV35U^+Cu zEM{l28!LM+SIg7>apzvxH%k!qzxQAaOnVaAEt&1|w1?qZj$i7mxjZFoZs{U2k(#i%vk;hp==txU9S@SxEji zmF>>k%6H~YV`fk{q#dsm8ToDbpjWqsS@O@(Q8w-CtzWn*Cu-Z*S&wW&BSojm*(?=Q zyW>)`E!I??>vbB7T&O4KG(Z86Bp6S#*ckspB~35sR|Q%TBZ*HnqIIZ-OWxgayPRiD zYLDN?aBbJ8`*{LW7#(whhO-a4e4t1~gL2Kx%#I=S2T!lzF9KI-6?nE8=bmf$K*$YC z{lF9f_|w^#|0Bn;~I0nw9)>@w^}DMF@ZScMDT1&+yER0{5CGQ)=p> zp4IHN>I=nMf6RB_;o4rFJ1=Q#s5Y5dF!b^rI^xnU;f6ZtC@3Tm?X?CjYMDJBYxv(_p z$#GqrudW{i3O&`RE_x~>!LnPv)} zNgvlvavly)MXQQpGwhm$*wU-;W56uNeMg2x$KMy zo>@hJ+BD?T-(ugYp_ybpo4 zA4Yd`uP4|Qkj*>>lAdGf^C?O$v$<{4JRaB>9K5b3*!yRPF+>$*D@qM&a5VUZ;zXUU{`%Uq0We zXk;p?-a=6E_eH61J*chGCkU=#OF;u88C}unq($-g?07&E)B^o>CmeEe_HmeA4sbPV zm|juf%Y6hN3Jr*XZA5VumN^kELGABf9E~Qpscr8#c-<7QYo>g#)g;umdqj4LWp$<$ zK@_vf5X*&Qqa0V6uVSIqK#F=AHqW*}l`&mzgMb}e7%~*r0VHJ{kBUIa_4($t#6$mA zStQD8g1+ygVj(}4JV%LG6^VL&o6{zf(&&z2A+DHRyL8HB}=VFT#vn4n? zK=f&~nA3?AJTPaqf!gs%rl+Du?a$a<|tgkKWqHaJc_e5e1Kp6}(o>G`G1Ycn6* zo-LwFUjt8@IB|}z*x>~htp$A%Po##eZ6hNFP%UiA601~~ZUmdZby^SwzFcH`CMe=U zg52^)%39X8pOp?N7H%e5dH|tG>3EUYIQg$h_W)en1Dg!014p^Elqme^msFyubwy{s zdfD2DaEu^qlN$1i-jB@6bhE9$7O5QD-dyzuTaRO0o`a@8%|~|Z6y;zP6&IJfPyFMS zTwbK{&_^;GBq3!5DRZkS2ZUQ*K0v339eQ+|5*Ar@A37R#xP*$VdKs+k+&}u#U#$AOtAFpQnVUXheT~cyGDn?~k1f&v zLi*YLxc#1nHMU=R!8%B@AV<@q<#1aY`?JuG5T)yYU#T({=|UqJAqver$jHcPepVH~ zG2y;x%dPj*8B59S`;rQ{fr&EF3l}PN;e_*6QonkM5<83;e)`l_5vAgi>Ix`XtTJ%D zBu;`u>?#IUAX8DtqzD=NmOYxK0(Q4kTWaUlbGF{-n^*gDA zv3KQVCI^r6R_>K5;x20{%(omQVn02nhE8IXkwj^D`{PhYz%r66h)!{qt>Sa--wog7 ztOmh3yui}3GAtuBd!#(0O=QdSbH8}Sd=bUR;VKfXxRUQ+;zOj(D%&t+ZN9~H%J9bh zrL|2sL(pVrPhJW?ZZLkCy}3wv8m)qS_hBlv%nysA!-w7{2(y=??F?b{HF`Jti3NtX zx9}WAfhFibBFINM)aJJT)2~C^@MyK#nBZ{d z_}iO%#Hf4eVgrs#ND+bIUk(%e_1k?}R4DgxIQyFfJY6ca`T5#SuV)aa*vIXPNFxF= z8)r!J2AUck-DfIFD!Ns&!sR8hGm{H03In6NJm2p})@f7?Y&BBESj0*$k2tFJD#>sY z43bn}Xu<>jB}&B_7&hS7S>y+tbl?<@+aq0I6~jPdlSj?+-5wk)!A-ZtcK=g}?P? zN~b0O5{Nvjzfde7bM>x=ekTG}tCuHjBs4E>2miexCu~H^65_QvSF)`X?XBm)UM4ne zzJGY_&4Yip&%Bpg*Rj?3N8G)GPz;9tSbro{S)ylq89OJ{>vWtr2w`j}5ARs)EM6%5a` zi_7h$;t=gBTXrm{dYkuIEaNEF6DMR;&p5?2WJ-jp$VsU-v#BF(GbtIHZ5jxA$Fsm0 z3ae=3oE9;_Wc{k|)x9U+!l;32*1svK02tnmwy;z1@+b!ZJym2UmPG|5rNnK&tUb>) zX>bR_1%eZfu4O6d+mkjKsnu(x8li2AxCYOeA8P@i-d}zPWA+1nH|6mj8+SVY9bq%> zQ=D6Au5_Mi`cpjl$3Y&?u?x(?d!lyI-fVmOGql>{j~>M*x@DTGRw#)A8XxpIc2v zGIDt~AeP(fT;~+R#7ZO(q}A#fvYS1d!J_8a0yDzQLwdV_gcA2L*Zbo+%Af8y#>!V; z=x7W+CoH#oY7w@PN^1%a6*Qey6+nUU(KDIK;g}w+65Q9kcXDPav76TBw zTG4O`E2D5YXHyd+h$WrsgL)F)*ZEM|3Xc%-3^eqDn2*88H|%1j(6o#!4K$H2``vJn z`}_mOWrL~Xdp!}ekyW&n*iPH=bV0A8t(wRg;gZoSwltv;8uYaYl8Oh297%KlzKe1| z3j$oS7=MjW=RJew$ve2^D6;#KYetAVtAsTk9>{lI$7ee~VtN>f0O!_6dC5AzR*a?q zhr95z+4{hs;RJbT7|*LN#o+?r^%tK-=cCJn)EcF_LI@<&I{S2UWT{Uc{2F^W-{0HV zc_sq>9naoJaWkou#W`B`!pWErlklRW9mpOHe@;9)G&V)EabkN>U-?+F_ItDT zt}EwEg>Sr`c`yp=2e=)pS)m(FW0GG7(o%n!hYe$leq|8kOKyr>_^9mE_d1QYEkFx9 za%bSnuD!AStKbY+!u#6Dukcu`9yVRE2_|mZqi78bh?txX37UhyEd#QLM_4ckgvn8B zqC2>~+?~l72V6%sOJqEo_8{vwA4vHq`Zz~M$EVAMnY;_i{HhPf7Auv{h*;d3u-a|_ z4Sv7O8cgK3__xLonkPYfb*CJGL^1ww#>ml=-CQczihhpAi z=?Xw9a_oZEQ;z;w6_z(Yk5c8IN5`X9jZWv9>vfO_G-m7Xxk7w>!t`xPCek*w+0oY9 zD{+KQ3$oaJAfz0kR3qXM&16IcDdcJJ5??n&DXUp+#&BD2oxIzA!|$P3w$DY?#VYSA zWO#k?c&_*aEfs4b*C^=8(w6ZWQVsy#=KLj~FVo?wTSrHyt_wRB<^mVSG<2XRw{uBfJFS&}xy0HB z**=xJ`|d`D_50Rbz2KRtfJAk zB!4_Y$`1H-Cfr?=(-=P)Qq8W3w8Fwduu10ChNO(^kp2 z!^1WPXF736NSIlCO(za|nUB9_|CTuD1#;vy=z0qX$FtFus(9D{GqArRi_tRDb(B~v zH-_nIqodI1aKNQs6{ndkpl$zseDya_BiYvr;b-S(Q{9s$EUkHLlXL}$wRml_DYTRH z;gJU`3Mu|gWUwyx((|g*q^r@0%qJw5YDYZr-0JbYg#-<=_VvAVtfUPSNe0$-NS9;Z z#!ThvQL8@y@i)}LEYFg;7PQyaE-npgbpcHzWNQB^$SnGD_?*46p0dLtJjIR`j(4WW zn^fEfE_^4!98s1$bzU9H>P9Iy4FA?JNE}lbQGM&!}r1zgFGB!DdJFi!T+O zL_XrDtY{@chrNRXb%UR>AfNXs7MveCCF^bhY>vLKxi0skg_9u z2g$0F75pC|9A?dEe%p}5JHAj!OFr@Bd;>HJwwQa^0UGbo&O9oyeKD58kdq!^PukNL z96AeL0$@~H{%4ugAp-@pQN&98ue?-?#mgGc@kOF`tS>$et14CJUuX#$KnkfIrlW;A z6#QK1Qu12*_-7x=;yd7g@nK7_B>b2Ycy#tDK1Va}-g1Ht2BN`*RM6&LF{6JmET zNVxVN40~%G2=ykhpN(k{9*>KYjR0j%0CdR*HI6rNDT<7`M@OWoPT{&)PknkqT>%_ITm7$2)qT{Eg0bJi zj2Aemv(qkw_;SX!2tAZKoFu6 zWjR}@1om;;aJ*)_UQTxAwKaTOT9|R#V#bQKwsp#H0djIM_7o? z-%cB+3ga|&?ECv{zrYj)y07_W$-r<+IyoATe^Eu1)*Q)1HNvHZQPvziEaSmA;dl1< zOVQ3xfp}rBDv6SDs017+wA5LHO2mdvET8lF#h41%vn+y`8yAeH55ArI8Kg6Rn5Wachy zN>)SDR7WPl71Td6T1eALa%>BkH1N>9E?iuFwxr@JEHjVEO-o(1?@lwFe)f7zu(rzz z8u_FOVDSma?O>h5v6)~YD*3)Xx^}83y#_(bEm%2~!I_l$A2PotNtRk=>6U<=_&ts*=}n z>huLi-ED+e9PEgK>2M$TxNDIWN?;||U>D-F0;pWp=!LSyxbIt*ZG;^QXQ6JRjfuucIfV>MQVtXh& zP}qG;G)55<+~r@DY1EDcpR^rz5VUJcg<}bLz=rYnS=Q)Bzsl{XG=ir;j-6&uk*bne{0-EN8IJ8eDpsRzZ;8MT7EGb^ zRm89hN8+I11FY6F!}PXEp9}ZX{kk)4A5h>1PmcT)QFi1oVjDgUW*~fC_SaLt4|QST zz7AGIj;k)pe5vghMw6kT!r=uE9_Ft<;PAEL6|pP9ejA?23x0-{%05%cNr>vont`xi zfV++rm@v%{psqO95F)4Hnkt|1boPX19S_Oy5?Gp(y$w&LS}>9Mt#vN3 zUJ+@75mE`LnCGewmz&JJOFdGY?iO|VO!3jwlkFz7VIh+8uV|kV$CrXkoe;fkM>2t> zU@$?aD*}dK@d)vK&#Gly3I;iSY1!H)SOH)c;sRSED{j@MB7?Jxgn@NUs#Rymu8kOK zU%(aV4kIFaQb!N{1ywYdu~6&*#b3i}V2vUvn$hC~xOukO-L7%wBM1x6Ig7Awny5p0 z$PFnEB(&fA_5Jfiu1*lVq%E_; zF&!#drf6XzP8!yaFCkx)b(@d+U$cL?0gzlg`+tMZ-2d(jH0IYCP(a&c3RbhaA2JKj z$EyT~P|R2kZG+4B&Sv1`W+oca=qmq(7{|~ZU7wC@Yz?e!ln&Ls z0h3wmAbOcm!f>rUL)4(7X~-On{9K$|z)vz8lqJ*9BxsBKfpY|Gpee&prn8zd#LVQ; zy*2HjR5%P8xWr9k=Q38ekd0!9tZt(1f*^u}!@N@e%dRnyDIWzIyvZfJL*+VZ>ci9m z^rq!2G74Z3xb=^-EbhNot3xzM`euPV=muSX4ipXlj(upaR1`t8R;PtqT2=Mi128a- zONWXCz(5|!YW;$(ycB|}A)7^96g`MC`BT;tK0EDD;$*p&_(NPEdIi~K=TW}+#c-wh z?eUx&HXa7>6Xw6SCO<7r9H3RAuyD!sp&9Anp+Q+kcE51NT`5}ACBS;g2J~>F3_+KR zEC2%b+Z2~ADD^f;*<4-PkwyWlj)4e(VXbz3egw`*p9KQS0yA8dZl_!6qV3E42Fsh1 zK`%TmBsu(U5b+QB%Q($WehIL@1^f>_1 z%=C&k*V|_u51htA8?>fxLEr{1V)vA;!4OF1{;W|HxZrE!S_8K%hDk)5h{a{{@=Y8@ znk9B}a*`_26$6hZpXw!dP@VdwFo>(pNCTIYm6~t;24pIT0W%WVfNR|j$>4ML)s-HE zXPe!1-FaANFetRw8clqoj$Q)zs8E>U3B3di(&60;hpTmTOZsd4~55V5I|u@lH}&52UkNPTI0hnn{LyJt7t%L z3#*@KlhngHYe-l7QH5&qm!91isQUXM=@4t9o|a=Sd|BeHKMqRY!FIIxb*LT@LyKCD z%mXJ3EFmp1e$aw3D&q(|a-F48%4~x0PxIpNCl!+?m)*ZJiGQ@+b4{Mvc-CEhsnv8I zZOKEu205~Wh`=rl!Mj(f`5`F#F%7$|bX+Gr*zsI#w#KL&w^|CnkMTZVRUL~5I(M3l#%U;w&^P|lwKmc^gBS=sYP-T- zRDi;2J_u%#{aajlb|jr=cRC%-Cw_pdg$7-l+$iLWCcF5F= z_fSnTCA;9`jKa`;&;2E&;C4oYDZ3wqYZP6iiL>W%FP?MPioGz*MGHnN^8;DHpw-hs zy8q$!@1C2a^X=Cz`kBT?t7H}UQ-mHdmjOS2n@%rs3=j~qkic@tM++R-ya=P((_HS7 zCS=5T2w-a>aH1-WDe);{1y0&@e!6PqfDpwK6&Gwz;tns0?Ow*akj%DH(AS`Iy#+?x zh?A~z8jl5E#_@p$g)eNJFYFB-RtxI3@%>AbQ0_bmSnP^W z?1o*Ekd&>)N{V!;4%RZFtp1b*a&MV1U2ZA_ha*R$>%ZB!vJ>w&e0I2<=_a0aHdZRm z=Bb(sr$UG2-RtuH&1O#b-u7rsq)8vayQTSM$MlFvjMS8Mvv;1CfRK|R;I*-_>DbHw zlB;R6n=c2NbOciWApGo)86s~6DZ;@MwBPRQUB8ITLee)tc4U|Lj3AZcmjPEiRkuLR zdU-_Z!(z96frhJ08nDp5wf*?+sFlBFky}==SxtM>3+f?7!+APxDbj$$!Sc#&LmZ5t zh$Nn(Bk-Doke^Kqo7tQu&U~fKt-R7b58tShbm#8<;C-Jdu% zGC!ui<14Nv!ByR;Sl;LkN%89(@at(KdawSPoD(QPHuQ}_%L9UcLP{|#egS3Hm%D|+ zK4igzI4|lyeHEEEh$C!ZWV#ecijV(nhhU*psaEO&WbDcKSBh~-_^rRUfu@FQUFrm)v z;761kx2;Iuo=cLaZlhV`Xk{3OzPh$f&CZ^b)eswuO+5(g!YHT)T>FNX<`NR!djL$T z2{0`!RKt???L}H9Y72Y#h^)nX0K_Aq7Ah=9!g|hR)sF*Dm||n+>q5SXyt&1U_k91> zYz>iHBhALi`S2-XUT~br&|j~~1t44nH4JJ2_B7x$1`~IGiLfo~(3I3vi8M3;5mM&L z7E_2K6Ag*;6$IDA;DtP(0vpWOYf+(}$9nxAU zk*4UF$ct(^T0#_n#Useam`;SuT&8)Z(|9>%F4GN%vatT9_75%jAI>6Lr59_2E0a_T&oYSJnSNyP)SuWw zTwENt;bw^mZi*=#BsC#&u{I6R)+Z3aT{O`A8GpwLmHQ`}Ld z2*DtZj+1{bQ~q{p%FQmaz=3~c{(pM<>aeJ~cxy@+nxRW-=uF-*0{OmKMvM7T`bNvwDmaOtt^&ja^sB zNB%40H1evjwVB9({%rB*Aa|HHqnt;F`;QO7zv*a7F-g@}Hd_%tG)>5O)Vk8VnHkCC z(fs=Lt9G!BIGDN+BkcUvR8utc>qpvS*EgeN@^lg=qE6+DS))-tkywG7@`=ttsr1w^ z6y1b5^VXCAjE}F&=4H-`ZnIAg#xZH9=lU4~&NpIglX%+pH@z68KQMgylgHYcY5qN6 z`FZ0!KUW_P?ge{7Z)gDqoOAiCi`7P=@c*~~?vu{lWeI#?`(<3=BV^bF4pW6u>RHC_ zJ=^(4jdpGxR(8xTD4%FzL>R5^c`ZhU3qG>&Om)CA9ls9{OGQ6#eTt^VQz9SYT3ev; z<+$um_BdnOgXjE$X9SjyWhau<`$Ff4EAfNAWTp14rYc<}C&3WSH|=Hd>&m-_kgQUx zv{6u)=B^!ax*Ni`LiUO0GjVSVsT+6OZ%yw0dxrMKI< zJM=GqR43H@dV>U`C?qSd$L<|PT?vWEFCmrBZ=YjZ&$h+f(gqL-Sam{u3xatmgDhV- zX;>nG8JCRAouhP1wDdI9M&FatVgZIX1)`d&o$&ju7rZVduMT2)D@_Un-^A*9JOp&H zvPjF*CZ45NQ;!go)o8u{x#4Xy$K88d%~!IQ7xDptFJw?Be+cJ0Tj|R9uu}JS*SqTJ zyCpGV8dB~UG!sje>D{sK85iOvWS0um>!8(A_xoKV9c4a^@ay_$cPrtW)QBD2t6mn3 zoP5yOIubSpp@Ll1i#|*D5suEEA4`>Wc3sV1fhhKBt4VX5N5UKLpjoekwSuhq>Ri^^ z!$W8%si`@dCFq>q$L&Yb+K*Sp{2P;XT5Mvl{X}552BrMZE$zDJNhe2Z`jV)6g2vwQ zmWH`3JbBAmu=gQQqtytsv~i8Cg`2g`b$T7N=jSJ7Oo4>kr2|gO0=_D}s8l;q3>ArPN2L@Tq={X$1#S%NN%d zuHHdrUTAf4p#*_ouDf`QxZe9fTm03Zw%v#Q)pcNmAG*69NFRRA{Q`sLu6JkmTWsv? z+Wc0$QvG4qf<1&NG#-t1!8->9?*H6mk*NIQmNjcnL4<*A#Ik(yy|q@I2#xLHMLh** z+@gs49H!6K4h{|yO7k)dVbt#4*63EG{^{@U7o94S*2_sbCT7wt!BiGlr5Fz>KkD=MoMJ;MI{SZ9wIZ0?}N^_p~$Fl zvuaPDW@y`XxVv>T_kaO?hm+-I?~UF^pFDTsY^Dur%`@IUD*poDcn8SDBqU02-n{uK zUXACT#27sp+=GovYe>WT1E8cCTaMzc&c>ox4&Ro{W0PSro3;tN1j*d(!>Y{Pqn@N$ zcFRn;wyvt-$C~=4BuS~(O)P#12?@(>WEtuW{)~_8veMJC`lgdi89t=G2yM#Ye9y>G z!35!HaG<9bS6D0=Ku4CIXSFbtpwrx9n(=NIZf{ zT;+e|;PlhOnwO{qe%x@Or4(Y3swDk2pDkRcHqiPmo>>HHpi}kn3+2nzPl-uL)vu%a zl#2KZW=$6_TiD6q*J?2i;o6wcKN#$o2D5~qS3|-@`LC3DOAcmjqF+pt#yqS}rnbh7 zwi=e?3QD?__rGtqk}LE-8vk_dCUGP;66qqiV9)QRkP2uz{QHamU$8tz_{G|>mK68# z17trJ^F09le1S?z?FI2gwXB%s37e~wo@8n}E@bE$`-;E8GgZ$&2kmDa=2Xu}d$T6X zMSn9e8H6tP50i(}k8qZXME-cMPe+285#_OYD>ZK04UO^T5W1rXPVjke6m~qCdi@;p ztYAtsl-!IDChu$OlD+;xNj`i6~-Jktyc6Gd!tSxUG%}GQ7u(G2WC5A48ddX?% zTfCG*Rf3EP2E}XPa#_@}uF#JjtfQ|VJ5Q#66G32LZ8ayKM7-Iw+Jbc69abSGGyu#d zEumM~Zj4;qdp~7`F%Z-*Ir)`UY8Mw#QI*_8l(;rkzNjsM#_*9-Y4KIxj{$rz5-wi* z($bQSUOtHIJdRKJw{(Z4HyXaUWs%~`TDN; zj1Y2vyPbd{hc@(!XbZ6o#ir$OGXCYc$t@!)`&O<^o0V)Nh9MBChGZ95iuM{&81URG z2K6ica`ET=8duux|A>UYhK@o?k7-E=+1c9i6+bfjSYfZzL^O9mPF<<+uTCF@<+)UD|wH z{=EP1oy;XABM#a2Tn32jw$(Hg*=F@A)G;_tqDPy7Noa}5z%G!yw@<^Fr~yPtUoEA6 z-R<5dgf=3ug`{E`*MIt}UZzieW{x-bx2fT$%kjiQBd?SL=lW=2p()tqkp2ZV5iFk! zfo8%sO7pGKuT(h-oG(7?ebz^XNfkDXEONH~vVi#)Or`)MItraX4ad%5myM29X2dB824jGmirI16K9D zk7p^I=DJ`RiLW#GIPAtO6j{_3iYLB2X1399QPxs5{Wi|fZ+VUmfLh4=@5qs*0E(oV z<)U1yMgphJ&9J|Lgnc^d%0=XA z+muX8q?#C0JOiI!`k%dm?0%&t5lT#k`)Q`des0q&C?kwdabr znfO-E;d0(pAN97InG9!g2JQX2@5%DZ0P>X(KG{&I-Icmw5=F~gY~`)h$uw)TF_N)g zbK_;KY_NFBLA|1*zak9fO3}(%6k~@kIRdH_@cmDM5j? z(sHjC9u7X-)26$1QvGAgsl*_3T)o4kHfBTPIDF+NLwU7FY3!@)Q{{t!#r)v)N6%@k zoE|r5UGA%Q!Ln=)23n2st(qpGOT>oC;em%gA?oS(U<4>0*ARv}cpzxKA6c+B05^7- z5pL3KV}l*>>0A%XyhjJg0Rn zSs-{4`w^RMHXU$3G3j8vGuH|Hvou?AHGG%m8xJd7xx&kEJnOvPKh3svTpb~)+`{?t z@QYPVUA^ghjKCvHssyAfz}h20U?~C0rwL}i-ae(A87MeSrnM69t?= z3fZjjCVq>Lbsk={dcEBGf(Nz8WK?*v&X+oPwKQkA2I^MvX~3DIe|O!QN<$mW{4H+K?ZFk9|Hyb9r5e#aekC2z^DO^`==cG3Z~~+uz@!$n0Tb~S2>U%>j{4X zbZu8khRc^e9Vd9kY$yv7@+k>^H_nO%_-APcC(XJdva8_^&hwBP;6CVJO=6Tsi^lJR za-mugfB;5_)lsX|c*jsY-5-Wmhd%DOhW68e{$)9vklRX@@A0BlK*jp)@lqrIy>ic^ zM$~>@c$2U)<~&g@2Ym8;qtEecDpMrHPA4j$j{-#?svj?W@BMRa`?YzNydZ`xT)<7% zv8Db4eQfln7%X21I8TuMss%P5iV!;{N{#~fKZo@kI@uE2SPAHrcN*;42;>sF_)`fv zF}gaOl-yl#7)>`-Dhxr^@S;TlrAoUIh8@n=#kYdaYdwI~;wj*kcmr6Q1nb%{d`3Xa zbsKd+khSBbNzepjKMMT1&J-bMGDkqn5Rdekrr4K6-f?HTgj5+R8f&$gElf_11qU08 zSC-cTO)rLwB8S2S!ToXY?MaP{H!nJ`_2TjAa`Tf?)m~9cc?@Q!#FSa0%P<(GE);Sc zAy$aTNjo_RFr6TENDW&yHUTR-Nd!zmK%w)rZyNJchnqRUG>%gl7fQXjzlJ-D(M0@u z>e+&-Zu$tUiMD+uv%&X#xd>L7N=c!=zv-;{#`VIvsS;@Mqd+YB^&<4Oyga&saApeN zaM1+)kJQ!Ptrz=~1=@S@;&sSys^Q77c4{$C-OHfhnu*LKGFr4nqrRuktDwIn?!KG4 z&o%K>iu7dn08Ub|iyxvEZCi5_8R@`=vkgMueb95mv+tL^f8X+tizq<)*T|@#_V#FC zgU3K&M1wmM0QZyr?HupTrOND1$-spt1peFxIOPP%fMEp@m&Nn&r*PgqFcdIzFjIE$ z&i(`2W_ThgD9LIpO4>e0lMF-9Y(TH?nw_URe#wh-QXLMOWBbin?_hp9s>qDvEkf|4 zkVZB}vB_a191mOePY{w@W$KR~EM;2>Q}9Xt-h~((e#0||{{HD%QR{9ItzpPzRc-O= zcga{yLdyH|t_W^&eVUX)E@+m2t+~_z7;?(IvwC8CO9{(o0ecKFo_a#B5Un*j8hB6w z-x)h?J0r%U`oV-gWAVL(%o__n3u^KVzP)P5Hl813{*|E|=(L{>i;#Pqv{7C;L|_RP zn9a%SLD9W>*Pb-3pDP_Mx5HKiZt34W7MGUp8tyC9Qlet99G<+M2g!z0sjZ<|$Mw7k zVxF<=zMc=QYXDL%56lmHRuh|`>$0FRzYqVzd~>!iuK1E##+jdX>zd!F!EMOj-^$r; zTxOrf*wdOBnIbBZsKru$9WND$mr)&Fbv1GbaleCGcz5)~UTBfud}E>%J(ms$9y4ss zirFX-2)gCPBBRg*xH+P#OJ73snn8#tf>1DK-SZ=FaijkD`)8>!X|Ix2edBh`$I8ra zR-VK{rvRhP`!W12xS?{8MQ1=pog9XjaK|p-S>V9q<5OZVpZ`oVz+yi=)2ncLv%^8{ z)VHLkMMHhL_pJsxf>KIldgzc``8|Gx;Zp&(3cpaCv_ZRnY5HevXi}*ixmdWtKE)EI%r? z1WHa=`O??slCSQ{ISGZzIho@Cbw`+mbU>)W@R;cS01NX94Nbh^CnODbj8}*X8wg$ z1l}~Oyz=r4lgW#L3yI-Jt$t_b@1V=M58~3=H9e3;I9NN^pp}5u;P}!jjT{;J1xkn2 zcZ$Z|e<(kGPJv$-5LKwUymZp0Po<2$*XgWFMZ=D%+>q04h|GJkH<4CzB;}J$f20cW1v#N&_*2Fubz<|Es<$?_Ghhbc6Z5IX_*g;C zpCjFtbQwK7{9v?=k14yR5I0iup}ZO@SayF5SyLc6 z5^k!LiK3LV(=fk{$6Q{bT;=pI9*6q|o6ER>%V;T>Lwq8uRE_tJB zB$8Q7y*Vd=cY~Od`S|hC_Bm@HmyCS959MS#c4o1{qpTvX@LVoksA||o)4y)HGPBg4 zMc}9DT>ZFI`z>n#I*c_|CXCuWE;3&Bf*gZiGLy^Xt-QQ^^=@>d5Lwp{#GeRksZPgc z-6RsW-EVg0Wj;qDlU>30HVx`Fl;~-VN|yQec#liPuMcNn_%be4<>P@^Fu2-Fw3#qH zR0!W|s4?LJ-6{hcOM@0{!31FVZ4{e7pMHAsHt^Sy{Q-jR;`&ww-kpiC0ko#8nZkLc z7qmgzyaFnj=j?rhOMsd7*sa5LwJQRkbBonB0Pz>6!_XU4-c7*lpc)^KjCwbk{uA7{ z(8R4>Nv+4-4^9~X421187&+YWDMMgc?7v*uTrDP_VJ4Tq?#WT7ndHPVwg$vZQ$eM86lal5u{~7;!4XPjFg}rmF~_a^Jrb)s zm0j-H6H5Vg+@4C5Qkz9}oxZlYrq}!_4fU!RQq7ylH`{5NYNMDtrmiNYNzijU;Kc$j z4~-}!P+GoBH?Utne32%lUbL@GhZ%7bq=ctoXUhui&yXFYs@&VM?mZr%j_riZ3Y@ik$TH0Zp& zP30MpWmkS#PFDxTxPN}t*AF3P0nbh4&|LJq>T9=zF|MOq>$10OIU!wexFyRUkODjd zInqHG290|;)gpyLK(5G(59;}t*cgUVI8?t>=$Wxuux+rAdl*n^rhfna{fL&=LTNSh zLY67at4&e>^=;in$N&!DAmyD5R|qJUA)V|`5)z~$(I&sX^`Y(jvrN^CWrcKox@v+J zkDpTeH^~>JLXQKEdENKt_od@VI-5(}?!LVH%RG5NUYTb+QJCgvMxXQc+EL}pM7CP+ z{Z%30MVw_rPk7sG*{x+E%kl?I!%R*UDZfJ|Gvn{l9s>v3CI3-!LIUwch?fv8l>B1w z^Wk*4IK80FWU$gzTehD=iQIllM*7ux=}dTq$w3^C0E&48(q}FzhYAAajaH*&0V~@$ z)TjeWes7$RTe;=H^Ayh|t{-aZ>mW?1!>uzR*wg5Eg#0!#u|@mU9rxF?L=J7+k^G@( zT%Xag0_ErowD8~EcXF?@cHd646T!Q&2_|oN*07OyrwN?rt5xl18oX(zbG~mm4AefU zhU-N{L_dGFacF7zO26IHmSQYs4!@@G>vb>`WIpJ|dMdBWc+97Q72S73A760%tEVn; z0fchd3CL^i!%fJI!pwj%yAHvUJ=*4f?DSylf!4_1sanbOr(u6C)0}mhgaM51Xk?F( zv{#*?xP)HRlc}4VIh)2o&&?1U!NnEE(90$*Hp5jEZv1?Hj3P=GKlT7YPq6e4bmMa< zF~%mNaVX@8nAI(@A!P*HY6F;vx4YUZ z>_lTDSEX}hL$8<=$Us^+|{yk?K3qsEU;Tu%aU4L zKMoPXsUccHK^@*QgUr+z)*|cpaWOUyz@P}9|6HG=DF8!Af8VlWWES&{TklU)PGu*M zkNN%V8g2TyEkt?0cK=AuXHwMrQyNPM-RgUMYEim-1uO=F1{h3)x*Qbue|}cWU}s4A z#!Er+)O`IPAT^goBwLz`-AC|qvCV(V zF32aOMNqGwLKeviylGMV)*&br6&2H|8zVbUi1kW2g@~bFyY4->I|Y8~sgd5OVWCs= zm_|~~RXzFp_b6D|`#-`LraK2DZ_W8n2`55(~yD&ESUb{i6qV1P}R6Y~hE z()?*}nrpV!6Txbecw=E##koic-ts4BT~|jrXRHj8W6u|K?1MQ_Yi0PZki}o#;kf?j zjKQOk(nyZaaT{*x=?6sc9~6K=_-1vc^-aR}IG;!9Rjbv_O_?G6K=$-%XW%s1kBL%) z4=<;$JbNzYzxYj~{wo!$)Gy)R@cQ-V(cPcMf6u(V1y=#1`y<=mp@4#ZB_1hotexyd zS>Wi`uLb$}p$s_WxYEDYEtmb)2|C4hrNrI$9pq^3CvwZ6)@x;yb5+k4xO1^;wvZD3 z02e73aJ4VL@H_HBh1}J0{qf#|3vjF(1~&QuzQZ?4!ho4bGNr6mqNf6Owt0& zbUkF)NCVgm4-Pi)rzWKC9d5cJn*5j8u`n@9vpjcL1sP*|`yaZyW!a4y&~^Z1#n)H3 z#NG}IzfJIy`)~e|GJ7r4W_DdoMJMO!a%3)}mhgtiDt;os)$flW$NA8=R`EeWLB3q) z`~1%c^tv8jRo=zOVjIAeQa0Np_|CiwI3Qwj0+lx#8@+K1`umX*#Om>1kPQNM|jGwc?*AJ%4 z&1Xm%$*&7q*8<|xf-2$3*!(DW;Q0+{O?_T8gONRkBDm4W__s3BM5$6XT^(}G4Mu~5i2RdDK)L#xh#Z980XOi!lJo|z015O#&ZmFKJ%7&dV88u+w$a4k z(BuB&Y_V1FdjX?*H>rn?Z9i~g>&88U(!h6s(+vt{WG}`8Oqv{^QV+8_v-Pgd%Uxa~ zJG(pD5dl6G0U0B@=2;aPtk1%^E!yRk!BI2|{H494mcc3{lyQgKmOPkDTe~FMMi0K; z9T#l+nvK1w<$u4wg*dEc&k6pFvM+I5{_t>r(En8+Ju8*->1<&ytX$tz=xf#Xqh zrqeXQgG-6qo#ucC`rq!7xgUCME56Ka=rU&OZeYNwD(>MdFh1JpA3kW@<3BFAe&32k zwJFpqw^r0HaA z(y3y;qGBfo5s{%QVOjy;K*IiuxdtYmvs!k;)+nCvNL`}M)tbZ;$bb)N#+SC^f;F5( zMt-F^hpek9^e!h=Elv79CtAi`rrCAM6mRQ@c30ceDZ4DX|A8Oe?=kSiEvPB2EAT}% z|H)?8CHbt%>y*B~mLq~{L8!!3r_N$KWM{7cWa3K8Ke<`DI`SlS*xclYHmx6ZvPa4wZj{X%>{CH5Y{y{F+BPVy~GscDZ zDWeEmLLmI7L2C1A#aYLD|`K+>y_h3PPh51B%_Y8msg!x1gPI%5%@o2dyO;m26J{i+Fw?f>dd$ZTI-LVMn z$vlaj{7$r8OY{kC76W1{8zHuG%v(|%@(s=xXDjuxJUGei-q4BE|6Qmjy@RG?W$^2% zCLZjl#+<*`E^1^nUUSa6ew9-Hd7C>#1vDgKbsAN8m)opMJD)7twm%y;#IsPdHUC>K zFUkb?z~ake933w}8RBW}wo?AaQ$5bMKMPvxE@{YrnvZI%$qhahjyI@&xhPgl(I zyY6W0=HI-}BOOU>rxdD`SfMdMII0_jGm;WLS{t3Z-J0fquJW&|fyZU+q0JKdV(cJE z(ytrR77ez=!nuH=tN&OAJBgtsVsFXujJ=k|tyh$Uz`NPOdH5*5B_*=XXHc}9=-)ds zNNxI-q_gg3EK+#{LM($=>dEZ)Ze!rst;E<3>R6!#k%7I8Zu%WCdrpCIwF-m;1_<3} zqH(E?leCwz1bmF(O#MXCzQ`C!oy#9LIGyrN=W8!Sf7?5i?-K50danJ_>8LPzl>U9tP@6CG+&)gq1~DE*_M=Y06U{m%K@2PwVr2aqck zGd+1bIg-KQxKLv@TVjn7aFb|YYqtIF{@ zgq8XqDatOP$hDx3u&W3{7zrL3nG&FkRH8h$S&+eEmB7NdDz7dK4ejQMr=)?NT3B?7 zyoB*uG0#ZNNa^@!OsLy^dhz3awfOFrUsczk*!jzV7G;K=Z+Ut8HRewcP<@M&L%Fz6 z1_EQW^dtz^nwSB=-t&Q|US0GD(A9~9T`wRPy$L*Rj{*GgPY@A5NQQQs;>X+LkH&U_ zDqavHD|LH7%8BqU(k+#iLH2gI+|1E)aQeM98T2SEjd-|g1TboD!5i-7GVz7Fsz9~S zI2B}b>uj}l*9g)l{!b|hP_Bym9+OLf!Rq!r;`P?Aj$1qx0u8d-(m%!xTCR z_*pV&vzYfWI^D`vU%YP5Hwb&&fuoc6?gQ+S8U|)Qdfl#O2ay&b4;dPHVhU;6$|D8t z-K<{324ZiWe(0G=b7&XGimoE!rmo++R6w+X0c zJw06!kR}qQA+(lM4;|(zGemcQmjG-Hg{tu}n-hC@b62KZY5Z!?k8 zCfFwhfWS!`q#?NEys|kG`|*I3QDuH@VDIn@oC|kbG(qdr5ppxne(>e}6g`-I$OxH$ zOzN#O44}BcTwM&6NjMfMrnk=c-A|+$YkgIg3(V6+>GBi7SKG1Fzejq$7FB==aY(py z7ymAp!eo0xxu_U)P?EV1YF+1ho?=6E&(NxDB0GTKiIKm1Q<$D$sw!e%bmOC?v{diX zq5yj&++k&V3tg$Zygn;NO5S`b*@w57&Sf&6&S5Zd9{uj+S?7(XYZQz|eRa8cEOS&~ zyX@JY;L^ifz3qqn;(}e!k$?F98w|7Zg4!fswT{)A|5oCc;LHUJgr0@y%DDUH>-LkD z@5TQ(B^iVFNW9J8&s`FS#VX4lKxEu>$+%7P5mTwcOWk1~Hr#p7i+l|M`LT^H&UMr8 zOELn9=SDseE#2%y^mc|)fmE9yR%4~34I>*IG5rn)L+~&LZhkg>kPOa z`OTdr0(1`w%0S z(dTO{4keshf2!V08BPJfI$#s8JZ$`>(epk#OfeX@x;+N9_*l0+LgkobnvI0^FtHBa z0CW~f`yS=1d)koUaYn7Rg`_Dii>{n=R3_2t+l^Q%VHcH~RlhvOltquHt~yY6c9g?N zp6qw{(zmkZ=qj>FfCR#AAtxGu+5B?;;>LP~V0&`Hsae`BZidBMzYP(Zc0jLh7hURiw=Hx0k*wz8_$ z&MdYu;Tww;WT@j<>QL{dmcuPmM2~RnBn=Kyw*no5(z3oj> zo~YbE@yw^MU%xIik_@?S0Hrxz*PotAIuD0cwflh0k?>upe8Jjaf!pS! zJ56L{H-1DssC#|9u}TU`-X?Wl&*BlaQM7j7&m~rP+doH)EW$wGqd}hB;r^+7 z4_#H6QM_%Opb$MuSQN$>x6L$$Q!(@I-M>*Mrzh?1`^-}@{(u6HF`YC04bjU18cc={ z*?}_k2`u_UD&Aq%gXnqSQAyDXM=-66a4GTKg;{ZR3l%Y2$82h)Cl`5ova|TtgI#iQsSwQJrF{ zt!CTNxAQQ2ulRfj&}dP^Cgmg;;Ex;^>ydmPxR1?`xoV>o(zm+?Sn(Jy>$D2wwSS}O zDRsjDzd_&AzNs!a1O>Vi`79eF$r)&&{M=6>DW<~Ru-O_)-b>%s7X&l023kmN{S+L5 z)#ow~S2|NqqlwUc!dRHAQ-R)CfC%1``(u7IhF(mC_egwQi+nLn#dCTI3PNT6HiM$) z-(;+M6@4M|m|ZbWIBuPIak&A6O6PvMm9tNQRKa)-L7T*BTi-{8nO73j$OaNtlIDex z5@?R+SWit`DccN+j~JX#)tsC*l#m=}^SQcXXeIr%HY=cE1*H(fL|N%7DjdB))*nfC z_6w$7xCPZ6?;rE>Dm0Q$H zk1u8Vr-+!-a1zg@X`B^~^oa!WRbhZ=<@`bf?106v(4!pQ+che;wy-vKvNt!zp6i|Eiq#awobg@2>#{!~K3W4fgXE$r&b z8#;Oh;x9QJRmsH+@G|@2QfXD1)G`JZ2*_jcp6lNv0@nr zNYNO8P*&0FD~sZ?!VgA3#D}SroP&0s&*gi|_`OyzEfd6Y3zx!E#pu=DL0OT_thhQ0 z0|AM~BI=(x)0mGy6|12jW@r*IBrZ=8+5M)Xl>P-xF~beXGr_F0FMsczC|*?QRgtzw z%)Mzx2`l&PT@%o*)McySYPBB1t7z~zUgXet)kpmeB#HJg1@^I}Fe`<^ngvWt*&DYtB_=>6a)Q zNOb^0#R=PJzzF71F#>e9WV8U%fsKhN3Pg?!p6^&2Dt2Aa=0BRSEO(cqhvT*ZkfGS; zzU9y5iXh~soxuys2R&`5S5Gv}VfFR?ltQY!RwJI{tkZ-%(p*!|ne_*{yJCb*0%0Ta z1Q?&TjWk*53jXY}Uhs?RunQqS@OKHCSxst=1_;!Z0fTXAaZ?{=6&s2MTsGI8pfTc{ zS=S@Fnt6o1po4H9tDnjGMv8-jBX<6JRu(GizK#UkXae42aYYpwUu&xc*`ey8&$Ngb zb)3FG!fq@}j&%~#>Q_Pn&ezGKmG;Jt)_wlv1bj3Ep*3*Ng_W)D8}c9V_fT0L7GFZz zYC4{E1^q6LYq-qsXi{E$mnZUqW;|EIV7iQ+@N&^Q`E_I4mBRyLErf0g{m`D^_64A^ zHh+KdlIHL){a4f^b8tu~!I$g94vVC;NFjcKz!qY@3sfNwRhZ{Ll193`w3c+t@5K_{ zlzn96s^S`R3L(DZwE(Ak4sp6+JKmr>+HjdDYVH!-K8_&Ao$v=__qts{F9QG#WRx;o zvLQPJLN^1=o-Pl^p&WMV)4>sBlI02evCv*mY32GYBJ@bq3evtcMKDnX0H@x2xqfj3 z-#{b!h$3yv;_TBAHz;iv0Zq#pFrmrR|Iuzddo$t9R0-QmyXMA9`(-)MNQ@M9lc44m zzSgSWDShvjTBqpK-Tp1+6%`{&PU?}9HJ{&1qrGOI&>oKcXNp~PT>H=Mp6cp)0}a%EaB_kaPto+@B3u+U7EmA8Gr^$cR_ zry{bB%1BVn58M`3IOY?+$~Qrl!j3d6(1w^7&4sFFa+@(8zW|9prcm0yQ2N>&!GQ49CfIiC(T2(5pqFF*i>USnM-8sA3`%i^!I-X^(DOuD*04%^#$5eUl!VWNqcwSLGxCM|5`y|HCRRXJO{BN`8JYAeUvJhogM zEvWR+eujtELL6do`BBPA`F9H3szAVy~D9 zA8UCmV-AM2X$R0$tj0QRypP^lJ^bFv!sqChF{ka?5YJF<^ZAcgDf6}v4DNo z6L5@)Fwp;!cT`ci9!!@Ip0>Cw@mCr*R~Cm9{lQl@jkFc*CO#NSd8CxkIu}ha0DO^l z7|J8aiWtlF|7;!zURVcbUePr*cbZ!pUAfhsExUfT17LwdWCYu4qP(P}rF=mGeAHwd zwGh;;^n;Yd7?D+++A-H6jN53~>@*nnl^162OhLHPXC#HBtfK9YzW|j`k6u7ACY&Q` zHJCtQed{6KszZIh3Np+wAg|1H@>#b+JKB*<^<7J2Ujzoeu<6vY`-zANH|i^jievXH zU|7eG<#Pi2) zoa@PAJxaIk4u;!8wv--YAStsmrC}`f;fz7sDG{ZJ+1%W80A;MVt+lx9C@pmB+qR$H z-~R&GO0`(>qgBd3>lg2RBF!WilcY$qQK-3xw5TLcF;e-ZJT?`-o`Pe+MSh+Z%cftQ zH7Va>DhsxTi@dCu)%(zEx3|qnN^V4W3GtdEyEJFZVE1O<*nj&VsdDO#hrU6Lsn7d9_LgddM+c z;g+mC6X+frMjk*l6WQs@{k7{X<(5C&^Z0BX3&s|~9&SNDzS%pgn(8S?-3WZz5%3rv z&dyNbQb;5cSSfm>r3I!GZrpLpiP_PO`UG1r8Q)*1lIo6ZE(w$oQd3id zeyJqFK*_d$-7I#YKokxC?vfpR*2RlDY^6HCIaZ9f^TlQIK7*##^$CS>2DA;KQ| z-WTL<#7QLe?X?|0<3tP0I|HC-(S-x~t367lN_NB@jpFML?|$!-m(@g?34a5EpC#$( z#9tjE$P;5^S`=P#k~>rzV|w}6s&=fiv(`*2;h{@NiF^Vjx8u#7CNzg9-h&Wd7bp z5E2qH+TDP0vJ#N9f8C=$jNZvap3??^Q+A;J3d%=uv&bfR^}_pfXx>c6`CscQIY2P@ z6B2T|BDOgutoi}s(_Y$96DijDPISP8L6HEXx)h=)4%QUr9}UK_?VrDX%7$VL@X;H| zat4;oF0DHQn6P?OJz2U_ya1)A&{%X3eku2HUXowLCNpBN7SfwhsuKIYb;jz)gmt!i zWln&g8#c#NT~kBNq*LAJ&4x09`Pq9D<-`}1q8O34K{QF|oM7x6+aC1`r75D%cDS-C zL^BwOsglu{Ja%uhldq-X1`kioz5UqTOmzEM5nNSHXV%hrs_@a}kft^;_Ti_wG8`LZ z7D3Oj0_7D@KaGOOSdbxKLzL3~f!`X=6jyIOqz0V?+N>(-+=ZOoOnU>KUcH<#Y`T!= zAD+F5Ji6Z5Aq+@jAb^4ehC*k^|In>N3WnT)T9lfGMk#`>CkIx{w!zxi*ckBz(i)m5 z;vh}TW1a)%x2o_K33Z#HBCvc8E0J&Jkh>(6DAhFPDWFVR-0|kiPBwQdAv*qQt%VFi zhGc=j+k&S6B1!|cVNxE0y*Doh$CGX0jr4;3XcGSZNT=Cyk0m_w<46!|KLzmtqLe?% zyke_4jZYHB3W85}VvPWx(q2fhnY=glPQkQB_13zd7DNi-Wsb>2@M_O8jofmTHw>N~ zMB0^J;)udB2HePr9tjB?ppzNrA@!4fatuf%0)W`9#8KS;Jm013X^!Y?82vKF zQp1NDh$1&)%lNtV3G;)v!<5JY68X7;4J9u01)};p2>>oyS-|6OE Tyl)s1_@}C*p;#kt8UFtO$0Z5y literal 0 HcmV?d00001 From 0d753640a764ba9dce1c9345fd09edc48bbd8620 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 30 Apr 2021 21:13:48 +0000 Subject: [PATCH 074/179] Bump rexml from 3.2.4 to 3.2.5 Bumps [rexml](https://github.com/ruby/rexml) from 3.2.4 to 3.2.5. - [Release notes](https://github.com/ruby/rexml/releases) - [Changelog](https://github.com/ruby/rexml/blob/master/NEWS.md) - [Commits](https://github.com/ruby/rexml/compare/v3.2.4...v3.2.5) Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index 04aaeaf..ebf2b15 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -99,7 +99,7 @@ GEM rb-fsevent (0.10.4) rb-inotify (0.10.1) ffi (~> 1.0) - rexml (3.2.4) + rexml (3.2.5) rouge (3.26.0) safe_yaml (1.0.5) sassc (2.4.0) From 5ee184f6447060d125c5dc1c7c1f560892d15df0 Mon Sep 17 00:00:00 2001 From: Lindsay Young Date: Fri, 30 Apr 2021 15:11:11 -0700 Subject: [PATCH 075/179] Adding ATO tips This is an example of how I have used this exercise to generate documents for the system's SSP --- _pages/security/incident-response-drills.md | 25 ++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 5b04387..4a226c9 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -201,4 +201,27 @@ Let's re-create and restore from a backup. ### Example drill steps: -Follow the mitigation steps above in a development environment. \ No newline at end of file +Follow the mitigation steps above in a development environment. + +## Congratulations, you accidentally did compliance too! + +For your project, you will need an [ATO](https://before-you-ship.18f.gov/ato/). Part of that ATO is providing required documentation of controls. Controls are different security considerations. This process varies from agency to agency, so, work with your security partners to know which controls they need documented. Don't forget that you can inherit most of your [controls by using cloud.gov](https://cloud.gov/docs/security/conforming-federal-security-regulations/) and you just need to reference that it's covered. The [before you ship guide](https://before-you-ship.18f.gov/) is a great resource for ATOs. + +By doing this exercise, you have artifacts (proof that you are in compliance) and documentation that you can reference or pull from for your System Security Plan. Based on the needs of your security partners and the project, you may also need additional documentation or to reference Cloud.gov or AWS GovCloud's controls. The following examples are just meant as a starting point. + +Contigency Planning + - [CP-2 (5) Contingency plan](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-2) Your troubleshooting doc is a contingency plan for your app! This document can complement existing agency contingency plans. Depending on what your security partners need, you can also make it easy to audit by naming headings like "Contingency plan," "Incident response," "Disaster Recovery," etc. + - [CP-2 (7) Contingency plan: coordinate with external service providers](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-2) If you did a data deletion drill in coordination with cloud.gov, you can reference that here. + - [CP-3 Contingency training](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-3) Your drill is training on your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. + - [CP-4 Contingency plan testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-4) Your drill tested your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. + +Training + - [AT-3(3) Role-based training: practical exercises](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) Your drill was a practical exercise. For artifacts, you can use what you wrote from your recap email, your drill document and the practice postmortem write up. + - [AT-3(5) Role-based training: processing personally identifiable information](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) If you run your drill using the PII scenario, that wold speak to this control. For artifacts, you can use what you wrote from your recap email and your drill document. The government training (those corses in OLU) count for this as well. + +Incident Response + - [IR-2 Incident response training](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=IR-2) Your drill is incident response training for your application. For artifacts, you can use what you wrote from your recap email and your drill document. + - [IR-3 Incident response testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=IR-3) Your troubleshooting drill included a security incident. You also may find a few bumps along the road as you do your drill, document those issues and any remediations you make. For artifacts, you can use what you wrote from your recap email, which should include that information. + +System Inventory + - [CM-8 System component inventory](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CM-8) Use your network diagram and prep as a way to have an accurate network diagram. Keep a the doc in a place that the team has access and that maintainers can edit and update it. Your network diagram and READMEs make for good artifacts for this. From a07185e1885cdc637c740e39b87d47261b098b1b Mon Sep 17 00:00:00 2001 From: Lindsay Young Date: Fri, 30 Apr 2021 15:19:39 -0700 Subject: [PATCH 076/179] adding to table of contents --- _pages/security/incident-response-drills.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 4a226c9..7098571 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -9,6 +9,7 @@ sticky_sidenav: true * [Why do Incident Response Drills?](#why-do-incident-response-drills) * [How to Build Incident Response Drills](#how-to-run-an-incident-response-drill) * [Example Incident Response Drills](#example-incident-response-drills) +* [Using this drill as part of your ATO](#congratulations-you-accidentally-did-compliance-too) ## Why do Incident Response Drills? From 9caf9e2f00bc77ec0cf1d190f18c0e160eb95287 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Mon, 3 May 2021 14:38:36 -0500 Subject: [PATCH 077/179] Consistent lowercasing for cloud.gov and login.gov --- _pages/security/incident-response-drills.md | 32 ++++++++++----------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 7098571..1cec9a8 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -41,7 +41,7 @@ See [Example Incident Response Drills](#example-incident-response-drills) for in Be sure to invite developers, infrastructure, and compliance professionals on your team to the drill. An open invitation for your team is a good idea! Letting the team know that you're doing this kind of activity builds confidence and assurance that the team takes security seriously. -Give advance warning to any third parties that might want to know that you're planning an incident response drill, such as Cloud.gov or Login.gov. +Give advance warning to any third parties that might want to know that you're planning an incident response drill, such as cloud.gov or login.gov. Schedule more time than you think you will need! If you schedule half a day, you may find you'll need the whole day! @@ -62,7 +62,7 @@ Team members can rotate being the "driver" who shares their screen and walks thr You could end the drill with a practice "blameless postmortem". This is a low-pressure way to figure out your team's format for conducting postmortems after an incident. -[Cloud.gov's retrospective meeting guide](https://cloud.gov/docs/ops/service-disruption-guide/#retrospective-meeting-guide) has ideas and checklists for organizing a successful post-incident retrospective. +[cloud.gov's retrospective meeting guide](https://cloud.gov/docs/ops/service-disruption-guide/#retrospective-meeting-guide) has ideas and checklists for organizing a successful post-incident retrospective. Send an email recapping the drill to all stakeholders. Include the outcomes of the drill, what you learned from the drill, and any follow-up actions. @@ -79,7 +79,7 @@ Scenarios worth practicing for a web app include: You don't need to drill each and every one of these scenarios each time, but they are good to plan for. -These examples are for a web application hosted on [Cloud.gov](https://cloud.gov) that generally follows [our approach](/workflow). +These examples are for a web application hosted on [cloud.gov](https://cloud.gov) that generally follows [our approach](/workflow). Please adjust for your infrastructure. @@ -131,16 +131,16 @@ The website has been hacked due to a compromised key! Now instead of our link to Oh no! Who added this cute cat photo to our website?!?
Photo attribution: Tran Mau Tri Tam. Unsplash License. -What happened? Was a GitHub account compromised? A Cloud.gov account? A deploy key? +What happened? Was a GitHub account compromised? A cloud.gov account? A deploy key? ### Example mitigation steps: 1. Contact `<>` and inform them of a breach. 1. The first priority is to remove the unauthorized access so that there can't be further damage or information leakage. Figure out where the deploy came from. * *If the deploy was triggered from GitHub*, you would be able to see it in CI/CD history. In this case, the GitHub admin should immediately remove the account that triggered the malicious deployment. Rotate any deploy credentials that may have been compromised. - * If you don't see the deploy in CI/CD, that means either deployment keys were compromised, or a Cloud.gov account was compromised. Look at the logs to see which deployment method was used. - * *If you see that the deploy came from a compromised Cloud.gov account*: Remove the compromised account from the org, all spaces (starting with prod), and all application (starting with prod apps). - * *If you see that the deploy came from a compromised deploy key*: In Cloud.gov delete the current deployment keys, remake them and add the new keys to your CI/CD tool. + * If you don't see the deploy in CI/CD, that means either deployment keys were compromised, or a cloud.gov account was compromised. Look at the logs to see which deployment method was used. + * *If you see that the deploy came from a compromised cloud.gov account*: Remove the compromised account from the org, all spaces (starting with prod), and all application (starting with prod apps). + * *If you see that the deploy came from a compromised deploy key*: In cloud.gov delete the current deployment keys, remake them and add the new keys to your CI/CD tool. 1. Isolate resources: incidents that are likely to be malicious need to be handled with care to preserve forensics. The most important things to remember: do not delete an instance that has been tampered with, and do not redeploy from the last release without removing routes and renaming the instances. That could get rid of valuable forensic information. Instead: * Remove the route to the affected instances. (This will make the bad deploy inaccessible to the public.) * Rename the instance. (This will preserve forensics as you redeploy.) @@ -149,7 +149,7 @@ What happened? Was a GitHub account compromised? A Cloud.gov account? A deploy k ### Example drill steps: 1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. -1. Choose a scenario to drill: compromised GitHub account, compromised Cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill) +1. Choose a scenario to drill: compromised GitHub account, compromised cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill) 1. Practice the steps to remove compromised accounts or credentials, for example, by deleting the current deployment keys, remaking them, and adding them to CI/CD. 1. Using a development application instance, practice removing the route to a instance that may have been compromised and then renaming it to preserve forensics. @@ -180,14 +180,14 @@ The database needs to be restored from a backup. ### Example mitigation steps: -1. If you're using Cloud.gov, follow [Cloud.gov database backup procedures](https://cloud.gov/docs/services/relational-database/#backups). +1. If you're using cloud.gov, follow [cloud.gov database backup procedures](https://cloud.gov/docs/services/relational-database/#backups). ### Example drill steps: -Assuming you have a staging database using a dedicated Cloud.gov database plan: +Assuming you have a staging database using a dedicated cloud.gov database plan: 1. Delete some data from your staging database. (No deleting data from a production database, please.) -2. Reach out to Cloud.gov using the [the non-emergency email address provided in thir docs](https://cloud.gov/docs/services/relational-database/#backups); request a backup. +2. Reach out to cloud.gov using the [the non-emergency email address provided in thir docs](https://cloud.gov/docs/services/relational-database/#backups); request a backup. 3. Practice restoring the staging database to the point in time before you deleted the data. ## Scenario: Oops, I Erased the S3 Bucket @@ -196,7 +196,7 @@ Let's re-create and restore from a backup. ### Example mitigation steps: -1. If the bucket no longer exists, create a new bucket in Cloud.gov in the space where the bucket was deleted, ideally using infrastructure-as-code or a deploy script. +1. If the bucket no longer exists, create a new bucket in cloud.gov in the space where the bucket was deleted, ideally using infrastructure-as-code or a deploy script. 2. Restore bucket contents from a backup. 3. Verify the bucket settings, permissions, and contents are correct. @@ -206,16 +206,16 @@ Follow the mitigation steps above in a development environment. ## Congratulations, you accidentally did compliance too! -For your project, you will need an [ATO](https://before-you-ship.18f.gov/ato/). Part of that ATO is providing required documentation of controls. Controls are different security considerations. This process varies from agency to agency, so, work with your security partners to know which controls they need documented. Don't forget that you can inherit most of your [controls by using cloud.gov](https://cloud.gov/docs/security/conforming-federal-security-regulations/) and you just need to reference that it's covered. The [before you ship guide](https://before-you-ship.18f.gov/) is a great resource for ATOs. +For your project, you will need an [ATO](https://before-you-ship.18f.gov/ato/). Part of that ATO is providing required documentation of controls. Controls are different security considerations. This process varies from agency to agency, so, work with your security partners to know which controls they need documented. Don't forget that you can inherit most of your [controls by using cloud.gov](https://cloud.gov/docs/security/conforming-federal-security-regulations/) and you just need to reference that it's covered. The [before you ship guide](https://before-you-ship.18f.gov/) is a great resource for ATOs. -By doing this exercise, you have artifacts (proof that you are in compliance) and documentation that you can reference or pull from for your System Security Plan. Based on the needs of your security partners and the project, you may also need additional documentation or to reference Cloud.gov or AWS GovCloud's controls. The following examples are just meant as a starting point. +By doing this exercise, you have artifacts (proof that you are in compliance) and documentation that you can reference or pull from for your System Security Plan. Based on the needs of your security partners and the project, you may also need additional documentation or to reference cloud.gov or AWS GovCloud's controls. The following examples are just meant as a starting point. Contigency Planning - [CP-2 (5) Contingency plan](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-2) Your troubleshooting doc is a contingency plan for your app! This document can complement existing agency contingency plans. Depending on what your security partners need, you can also make it easy to audit by naming headings like "Contingency plan," "Incident response," "Disaster Recovery," etc. - [CP-2 (7) Contingency plan: coordinate with external service providers](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-2) If you did a data deletion drill in coordination with cloud.gov, you can reference that here. - [CP-3 Contingency training](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-3) Your drill is training on your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. - - [CP-4 Contingency plan testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-4) Your drill tested your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. - + - [CP-4 Contingency plan testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-4) Your drill tested your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. + Training - [AT-3(3) Role-based training: practical exercises](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) Your drill was a practical exercise. For artifacts, you can use what you wrote from your recap email, your drill document and the practice postmortem write up. - [AT-3(5) Role-based training: processing personally identifiable information](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) If you run your drill using the PII scenario, that wold speak to this control. For artifacts, you can use what you wrote from your recap email and your drill document. The government training (those corses in OLU) count for this as well. From e3655b428a99d502fa8e1d40a7976cb1624d020c Mon Sep 17 00:00:00 2001 From: Ryan Ahearn Date: Mon, 3 May 2021 16:34:53 -0400 Subject: [PATCH 078/179] Fix a couple typos and add a prompt to insert db rollback steps in the plan --- _pages/security/incident-response-drills.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 1cec9a8..8f2a558 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -21,9 +21,9 @@ Preparing and practicing ahead of time is a good idea. Running incident response ### Identify Your Top Risks -First, create a boundary diagram. (You will very likely need to create a boundary diagram as part of your system's security and compliance process.) +First, create a boundary diagram if you don't already have one. You will very likely need to create a boundary diagram as part of your system's security and compliance process, anyway. -Then, pull out your boundary diagram and determine where your system can be accessed. Make sure that you include third party products (analytics, CI/CD pipelines, code hosting) in this analysis. +Then, review your boundary diagram and determine where your system can be accessed. Make sure that you include third party products (analytics, CI/CD pipelines, code hosting) in this analysis. Look at each box and each connection on the diagram separately. Figure out how someone who isn't supposed to be there could get there, or how each component could fail unexpectedly. @@ -98,7 +98,7 @@ Re-deploy last successful release from your CI/CD pipeline. (You are deploying 1. Go to `<>` to view recent deploys. 1. Rerun the deploy step for the last known-good deploy. -1. If necessary, roll back the database to the correct version. +1. If necessary, roll back the database to the correct version. `<>` ### Example drill: @@ -118,7 +118,7 @@ An API Key for an AWS service was accidentally committed to our public code repo ### Example drill steps: 1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. -1. To simulate the real thing, push up a file to GitHub or whichever code repository use with a fake service key. (No using real keys for drills, please.) +1. To simulate the real thing, push up a file to GitHub or whichever code repository is in use with a fake service key. (No using real keys for drills, please.) 1. Practice rotating the keys for that service in a development context. 1. Practice scrubbing the fake key from the commit history. From 665de257f0332fe30f852660e7e33012da6515fd Mon Sep 17 00:00:00 2001 From: Lindsay Young Date: Tue, 4 May 2021 09:14:03 -0700 Subject: [PATCH 079/179] Update _pages/security/incident-response-drills.md Co-authored-by: Alex Soble --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 8f2a558..11e575a 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -206,7 +206,7 @@ Follow the mitigation steps above in a development environment. ## Congratulations, you accidentally did compliance too! -For your project, you will need an [ATO](https://before-you-ship.18f.gov/ato/). Part of that ATO is providing required documentation of controls. Controls are different security considerations. This process varies from agency to agency, so, work with your security partners to know which controls they need documented. Don't forget that you can inherit most of your [controls by using cloud.gov](https://cloud.gov/docs/security/conforming-federal-security-regulations/) and you just need to reference that it's covered. The [before you ship guide](https://before-you-ship.18f.gov/) is a great resource for ATOs. +For your project, you will need an [ATO](https://before-you-ship.18f.gov/ato/). Part of that ATO is providing required documentation of controls. Controls are different security considerations. This process varies from agency to agency, so, work with your security partners to know which controls they need documented. Don't forget that you can inherit a substantial number of [controls by using cloud.gov](https://cloud.gov/docs/security/conforming-federal-security-regulations/) and you just need to reference that it's covered. The [Before You Ship guide](https://before-you-ship.18f.gov/) is a great resource for ATOs. By doing this exercise, you have artifacts (proof that you are in compliance) and documentation that you can reference or pull from for your System Security Plan. Based on the needs of your security partners and the project, you may also need additional documentation or to reference cloud.gov or AWS GovCloud's controls. The following examples are just meant as a starting point. From 6aa9eed80d5b0c352275397241ccfbdfdd69368b Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:18:10 -0500 Subject: [PATCH 080/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 11e575a..79178d2 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -9,7 +9,7 @@ sticky_sidenav: true * [Why do Incident Response Drills?](#why-do-incident-response-drills) * [How to Build Incident Response Drills](#how-to-run-an-incident-response-drill) * [Example Incident Response Drills](#example-incident-response-drills) -* [Using this drill as part of your ATO](#congratulations-you-accidentally-did-compliance-too) +* [Using this Drill as Part of Your ATO](#congratulations-you-accidentally-did-compliance-too) ## Why do Incident Response Drills? From 2d19df76f24edc252b7cc505ea07dc164a95a70f Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:19:05 -0500 Subject: [PATCH 081/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 79178d2..3d4d89e 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -15,6 +15,8 @@ sticky_sidenav: true You don't want to be creating or testing recovery processes while things are on fire. 🔥 +When things are on fire, you want to be able to focus on fixing the issues and getting your system back online and in working order as soon as possible. Having an already established incident recovery practice will allow you and your team to focus on the problem, rather than the process. + Preparing and practicing ahead of time is a good idea. Running incident response drills on an annual basis at the very least is a good idea! ## How to Run an Incident Response Drill From aabd40d62da4d301f39fb7c9fd43dcd5923a928a Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:21:03 -0500 Subject: [PATCH 082/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 3d4d89e..21a5697 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -62,7 +62,7 @@ Team members can rotate being the "driver" who shares their screen and walks thr ### After the Drill -You could end the drill with a practice "blameless postmortem". This is a low-pressure way to figure out your team's format for conducting postmortems after an incident. +You could end the drill with a practice "blameless post-incident retrospective." This is a low-pressure way to figure out your team's format for conducting retrospectives after an incident. [cloud.gov's retrospective meeting guide](https://cloud.gov/docs/ops/service-disruption-guide/#retrospective-meeting-guide) has ideas and checklists for organizing a successful post-incident retrospective. From ad7973247f0c5ac7ad80369b77e83b79751045d9 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:21:28 -0500 Subject: [PATCH 083/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 21a5697..0c0c674 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -151,7 +151,7 @@ What happened? Was a GitHub account compromised? A cloud.gov account? A deploy k ### Example drill steps: 1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. -1. Choose a scenario to drill: compromised GitHub account, compromised cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill) +1. Choose a scenario to drill: compromised GitHub account, compromised cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill.) 1. Practice the steps to remove compromised accounts or credentials, for example, by deleting the current deployment keys, remaking them, and adding them to CI/CD. 1. Using a development application instance, practice removing the route to a instance that may have been compromised and then renaming it to preserve forensics. From 0753b11d5a60530c606ab8326163c47c854367fa Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:24:50 -0500 Subject: [PATCH 084/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 0c0c674..1e6b5db 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -119,7 +119,7 @@ An API Key for an AWS service was accidentally committed to our public code repo ### Example drill steps: -1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. Acknowledge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. 1. To simulate the real thing, push up a file to GitHub or whichever code repository is in use with a fake service key. (No using real keys for drills, please.) 1. Practice rotating the keys for that service in a development context. 1. Practice scrubbing the fake key from the commit history. From 22fe862a03a72d8dab1f7e9198d0eee7c9c89b4f Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:25:39 -0500 Subject: [PATCH 085/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 1e6b5db..df64489 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -227,4 +227,4 @@ Incident Response - [IR-3 Incident response testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=IR-3) Your troubleshooting drill included a security incident. You also may find a few bumps along the road as you do your drill, document those issues and any remediations you make. For artifacts, you can use what you wrote from your recap email, which should include that information. System Inventory - - [CM-8 System component inventory](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CM-8) Use your network diagram and prep as a way to have an accurate network diagram. Keep a the doc in a place that the team has access and that maintainers can edit and update it. Your network diagram and READMEs make for good artifacts for this. + - [CM-8 System component inventory](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CM-8) Use your network diagram and prep as a way to have an accurate network diagram. Keep the doc in a place that the team has access and that maintainers can edit and update it. Your network diagram and READMEs make good artifacts for this. From d149a5fe766072ed44f29e8fc6a011c38a7a7944 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:27:10 -0500 Subject: [PATCH 086/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index df64489..8c02815 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -220,7 +220,7 @@ Contigency Planning Training - [AT-3(3) Role-based training: practical exercises](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) Your drill was a practical exercise. For artifacts, you can use what you wrote from your recap email, your drill document and the practice postmortem write up. - - [AT-3(5) Role-based training: processing personally identifiable information](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) If you run your drill using the PII scenario, that wold speak to this control. For artifacts, you can use what you wrote from your recap email and your drill document. The government training (those corses in OLU) count for this as well. + - [AT-3(5) Role-based training: processing personally identifiable information](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) If you run your drill using the PII scenario, that would speak to this control. For artifacts, you can use what you wrote from your recap email and your drill document. The government training (those courses in OLU, for GSA) count for this as well. Incident Response - [IR-2 Incident response training](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=IR-2) Your drill is incident response training for your application. For artifacts, you can use what you wrote from your recap email and your drill document. From ebab31c281b8105ed9aed5ac7a33ce60dab67231 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:31:29 -0500 Subject: [PATCH 087/179] Acknowledge --- _pages/security/incident-response-drills.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 8c02815..3615756 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -150,7 +150,7 @@ What happened? Was a GitHub account compromised? A cloud.gov account? A deploy k ### Example drill steps: -1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. Acknowledge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. 1. Choose a scenario to drill: compromised GitHub account, compromised cloud.gov account, or compromised deploy key. (Compromised deploy key might be easiest to drill.) 1. Practice the steps to remove compromised accounts or credentials, for example, by deleting the current deployment keys, remaking them, and adding them to CI/CD. 1. Using a development application instance, practice removing the route to a instance that may have been compromised and then renaming it to preserve forensics. @@ -171,7 +171,7 @@ It's discovered that PII is being leaked to unauthorized users through the site. ### Example drill steps: -1. Acknolwedge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. +1. Acknowledge that the first step would be to inform points of contact; establish that everyone knows who to inform in the event of an incident. 1. In a development environment, practice putting the site into a maintenance mode or removing/hiding a page on the site, whichever would be most relevant to your project. 1. Review any relevant corrective action / affected user notification procedures. From a79616f5f1f52f152de1f0731c44bc6773a6cf3a Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:32:18 -0500 Subject: [PATCH 088/179] postmortem => post-incident retrospective --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index 3615756..c0cfd82 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -219,7 +219,7 @@ Contigency Planning - [CP-4 Contingency plan testing](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=CP-4) Your drill tested your contingency plan. For artifacts, you can use what you wrote from your recap email and your drill document. Training - - [AT-3(3) Role-based training: practical exercises](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) Your drill was a practical exercise. For artifacts, you can use what you wrote from your recap email, your drill document and the practice postmortem write up. + - [AT-3(3) Role-based training: practical exercises](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) Your drill was a practical exercise. For artifacts, you can use what you wrote from your recap email, your drill document and the practice post-incident retrospective write up. - [AT-3(5) Role-based training: processing personally identifiable information](https://csrc.nist.gov/Projects/risk-management/sp800-53-controls/release-search#!/control?version=5.1&number=AT-3) If you run your drill using the PII scenario, that would speak to this control. For artifacts, you can use what you wrote from your recap email and your drill document. The government training (those courses in OLU, for GSA) count for this as well. Incident Response From a0172dbb9da4402eaaddeb5a31bedb802d90ef91 Mon Sep 17 00:00:00 2001 From: Alex Soble Date: Wed, 5 May 2021 08:35:10 -0500 Subject: [PATCH 089/179] Update _pages/security/incident-response-drills.md --- _pages/security/incident-response-drills.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/security/incident-response-drills.md b/_pages/security/incident-response-drills.md index c0cfd82..f651e99 100644 --- a/_pages/security/incident-response-drills.md +++ b/_pages/security/incident-response-drills.md @@ -23,7 +23,7 @@ Preparing and practicing ahead of time is a good idea. Running incident response ### Identify Your Top Risks -First, create a boundary diagram if you don't already have one. You will very likely need to create a boundary diagram as part of your system's security and compliance process, anyway. +First, create a [boundary diagram](https://www.fedramp.gov/determining-your-fedramp-boundary-definition/) if you don't already have one. You will very likely need to create a boundary diagram as part of your system's security and compliance process, anyway. Then, review your boundary diagram and determine where your system can be accessed. Make sure that you include third party products (analytics, CI/CD pipelines, code hosting) in this analysis. From 65097482ac6275f2aad6f6bd938f6c64f872537d Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Tue, 20 Apr 2021 13:42:25 -0400 Subject: [PATCH 090/179] Update accessibility recommendations --- _pages/accessibility-scanning.md | 214 ++++++++++++------------------- 1 file changed, 85 insertions(+), 129 deletions(-) diff --git a/_pages/accessibility-scanning.md b/_pages/accessibility-scanning.md index a1c780d..8e2ca58 100644 --- a/_pages/accessibility-scanning.md +++ b/_pages/accessibility-scanning.md @@ -4,160 +4,89 @@ sidenav: tools sticky_sidenav: true --- -## Accessibility Scanning using AccessLint +Building a website or application that is easy accessible to everyone is not only an important of the user +experience, but also a requirement of all federally funded projects. GSA provides a helpful +[Section 508](https://section508.gov) portal. Accessibility should not just be an afterthought! Start thinking +about how to make your projects accessible before you begin any development. -[AccessLintCI](https://github.com/accesslint/accesslint-ci) is an automated accessibility scanning tool. It is configured with CircleCI (Travis and Jenkins support pending) to leave comments on Pull Requests stating potential accessibility problems with the committed code. +While coding a site to be accessible is a responsibility for engineers, accessibility is not just a concern +for engineering. [Accessibility for Teams](https://accessibility.digital.gov/front-end/getting-started/) +is a GSA-owned guide that gives explicit suggestions for the whole team product team can approach accessibility. +It lists out ways to manually test your site, as well as giving automated testing guidance. -### Getting started +A more exhaustive list of elements and tools can be found at the [18F Accessibility Guide](https://accessibility.18f.gov/). -Regardless of what framework your project is using, you will need to add `gem: accesslint-ci` to your `Gemfile` with the gem. +# Recommended Tools -### Setup with Jekyll +## Pa11y With aXe-core {%include components/tag-standard.html %} -The setup is detailed [here](https://github.com/accesslint/accesslint-ci#installation) for Rails, but can also easily be configured with Jekyll sites as follows. In the `circle.yml` file of your repo add the following: +[Pa11y](https://pa11y.org/) maintains a handful of open-source automated testing tools that scan your +sites to check for accessibility problems. Their tools can be setup on your machine locally or remotely +using a CI tool. -```yml -general: - artifacts: - - "tmp" +We are going to focus on [Pa11y-ci](https://github.com/pa11y/pa11y-ci), which is more geared towards use on +projects in CI. (But can be run locally.) -machine: - environment: - ACCESSLINT_MASTER_BRANCH: - node: - version: 6.1.0 +Pa11y also maintains [Pa11y](https://github.com/pa11y/pa11y) that allows you to look at live sites or +incorporate pa11y tests into an integration testing framework. ([See below](#pa11y-cli)) -dependencies: - pre: - - gem install bundler - - bundle install - override: - - npm install -g accesslint-cli - - gem install accesslint-ci +While Pa11y gives you the option of different test runners, we recommend using aXe-core. -test: - post: - - bundle exec jekyll serve --detach - - accesslint-ci scan http://localhost:4000 -``` - -The `ACCESSLINT_MASTER_BRANCH` should be set to the branch that PRs are being made to. If it is not set, it will default to `master`. For TTS repos, this will generally be `dev` or `development`. +### aXe-core {%include components/tag-standard.html %} +[aXe-core](https://github.com/dequelabs/axe-core) is an open source accessibility testing engine; it includes +a set of accessibility rules that Pa11y will test against. It is also possible to incorporate aXe-core directly +into your integration tests as well. -### Accesslint API access +### Running Pa11y in CI -In order for AccessLint to access your GitHub webhooks, you will need to +#### GitHub Actions On Every Pull Request -1. [Create an token](https://accesslint.com/) -1. Reference it. In your Circle CI settings for your repo, create a variable named `ACCESSLINT_API_TOKEN` with the token you created. -1. Also add a variable named `ACCESSLINT_GITHUB_USER` to your Circle CI repo settings, with a value of the GitHub username that was used to create the token in step 1. +Thanks to Daniel Mundra and the folks at CivicActions Accessibility and their [comprehensive documentation](https://accessibility.civicactions.com/posts/automated-accessibility-testing-leveraging-github-actions-and-pa11y-ci-with-axe) +on setting up Pa11y-ci. All below code is taken from that blog post; read through for more details. -### Configuring other project frameworks +Their instructions are specific to Jekyll but can be leveraged for other types of projects. -If your project is not a Rails or Jekyll project, you can still use AccessLintCI! +* Install pa11y locally -To do so, make a few changes to the `post` section of your configuration. Replace `bundle exec jekyll serve --detach` with a repo-specific server command that detaches, and allows accesslint-ci to run on the same process to check your server port. + `$ npm i --save-dev pa11y-ci` +* Add pa11y-specific scripts to `package.json` -```yml -test: - post: - - - - accesslint-ci scan http://localhost: +``` json + "scripts": { + "start-detached": + "bundle exec jekyll serve --detach", + "pa11y-ci:sitemap": + "pa11y-ci --sitemap http://localhost:4000/sitemap.xml --sitemap-exclude \"/*.pdf\"" + } ``` -### What it does - -Once configured, AccessLintCI will leave a single comment on a Pull Request to the `ACCESSLINT_MASTER_BRANCH`. If errors are accepted, they will be cached, and not checked again in the next PR to that branch. - -## Accessibility Scanning Using Pa11y-ci - -### Introduction - -Building a website or application that is easy accessible toeveryone is not only an important of the user experience, but also a requirement of all federally funded projects. GSA provides a helpful [Section 508](https://section508.gov) portal. [Pa11y](https://github.com/pa11y/pa11y) is an automation tool that helps you scan your static web pages to check for accessibility problems and errors. It can be setup on your machine locally or remotely using a CI tool. - -## Running Pa11y locally - -### Installation and setup (For MacOS) - -1. [Concourse CI](https://concourse.ci/index.html) allows you to run multiple compliance scanning jobs on your machine using a virtual machine. It is highly recommended to go through its [excellent documentation and "Hello World" tutorial ](https://concourse.ci/hello-world.html) before writing custom jobs for your project. - -2. If you want to run locally Pa11y-ci you will need to : - - * [install **vagrant** and **virtualbox** ](http://sourabhbajaj.com/mac-setup/Vagrant/README.html) - * use [The Fly CLI](https://concourse.ci/fly-cli.html) , a command line tool for Concourse which is used for a number of tasks from connecting to a shell in one of your build's containers to uploading new pipeline configuration into a running Concourse. - -3. If you're on MacOS , you will have to `chmod +x` the downloaded binary and put it in your `$PATH`. This can be done in one fell swoop with `install path/to/fly /usr/local/bin/fly` - -4. Run Vagrant - - ```sh - vagrant init concourse/lite # creates ./Vagrantfile - vagrant up # downloads the box and spins up the VM - ``` - -5. Log into fly - - `fly -t lite login -c http://192.168.100.4:8080` - - ​ - -### Running Pa11y-ci on your local machine - - 1. Create a `.yml` file containing the job with tasks that you want to run - - `touch accessibility-scan.yml` +* Create a `.pa11yci` in the root of your directory to [configure your pa11y run](https://github.com/pa11y/pa11y#configuration) - `vim accessibility-scan.yml` - ```yml - jobs: - - name: accessibility-scan - plan: - - task: run-pa11y - config: - platform: linux - image_resource: - type: docker-image - source: - repository: node - run: - path: sh - args: - - -exc - - | - npm install -g pa11y-ci - npm install -g phantomjs - mkdir accessibility-scan - pa11y-ci --json --sitemap https://18f.gsa.gov/sitemap.xml > accessibility-scan/summary.txt - cat accessibility-scan/summary.txt - ``` - - `type` is almost always going to be `docker-image` . `pa11y-ci` requires node, so we are using a `node` docker-image. - - `run` section contains a series of shell command that we are executing: - - * install `pa11y-ci` and `phantomjs` from the node package manager(`npm`) - - * making a directory and telling pa11y-ci to pipe the results of the scan into a `json` file - - the command is like so `pa11y-ci --json --sitemap https://[18f-static-site-url]/sitemap.xml > dir/file` - - * printing the results in our CLI `cat…` (for debugging purposes, optional) - - **Note that** we are using the `sitemap.xml` file instead of individual files(much more efficient) +[18F accessibility site's .pallyci](https://github.com/18F/accessibility/blob/18f-pages/.pa11yci). + `$ touch .pa11yci` +``` json + { + "defaults": { + "concurrency": 4, + "standard": "WCAG2AA", + "runners": ["axe"] + } + } +``` - 2. Run +* Create `.github/workflows` directories in the root of your project, and then a `pa11y.yml` file in `workflows`. - ```shell - fly -t lite set-pipeline -p accessibility-scan -c accessibility-scan.yml - ``` +``` + $ mkdir -P .github/workflows + $ touch .github/workflows/pa11y.yml +``` - 3. Go to the `URL` displayed on your CLI. **Click the plus sign on top right corner and toggle side bar and press play on your pipeline**. Pipelines are posed by default. +Create your [Github Action workflow](https://docs.github.com/en/actions/quickstart)! - ​ +To see a pa11y.yml live in the wild, check out [18F Accessibility site's pa11y.yml](https://github.com/18F/accessibility/blob/18f-pages/.github/workflows/pa11y.yml). -## Running Pa11y-ci with CI - -### Circle CI Setup Instructions +#### Circle CI Setup Instructions If you want to run Pa11y-ci per pull request on your project: @@ -203,3 +132,30 @@ If you want to run Pa11y-ci per pull request on your project: ### Travis CI Setup Instructions(To Be Written) ## Adding Pa11y To The Compliance Viewer(To Be Written) + + +### Pa11y CLI + +If you'd like to test a live website, whether or not you have accesss to the code, the Pa11y CLI can help! + +The CLI requires [Node.js](http://nodejs.org/) 8+, which you can install with homebrew or nvm. + +`$ brew install node` +or +`$ nvm install node` + +Install the CLI globally on your machine: + +`$ npm install -g pa11y` + +and then you can run it against a live site. + +> ``` +> $ pa11y https://engineering.18f.gov/ +> +> Welcome to Pa11y +> +> > Running Pa11y on URL https://engineering.18f.gov/ +> +> No issues found! +> ``` From c058c91555d3a896dccda0a678df55aba17a3229 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Thu, 6 May 2021 09:03:55 -0400 Subject: [PATCH 091/179] Add pa11y-ci and github action --- .github/workflows/pa11y.yml | 51 ++ .pa11yci | 7 + _config.yml | 1 + _includes/footer.html | 102 +-- _pages/javascript.md | 14 +- _pages/license.md | 5 +- _pages/people.md | 15 +- _pages/ruby.md | 3 +- _pages/security/cloud-services.md | 14 +- _pages/security/content-security-policy.md | 4 +- _pages/web-architecture.md | 33 +- package-lock.json | 911 +++++++++++++++++++++ package.json | 24 + 13 files changed, 1087 insertions(+), 97 deletions(-) create mode 100644 .github/workflows/pa11y.yml create mode 100644 .pa11yci create mode 100644 package-lock.json create mode 100644 package.json diff --git a/.github/workflows/pa11y.yml b/.github/workflows/pa11y.yml new file mode 100644 index 0000000..b26ec5b --- /dev/null +++ b/.github/workflows/pa11y.yml @@ -0,0 +1,51 @@ +# Pulled from Daniel Mundra's blog post https://accessibility.civicactions.com/posts/automated-accessibility-testing-leveraging-github-actions-and-pa11y-ci-with-axe +name: pa11y tests + +on: [pull_request] + +jobs: + build: + name: Building site and running pa11y-ci tests + runs-on: ubuntu-latest + + steps: + - name: Checkout source. + uses: actions/checkout@v2 + + - name: Install jekyll site dependencies. + uses: ruby/setup-ruby@v1 + with: + ruby-version: 2.7.2 + bundler-cache: true + + - name: Install pa11y-ci dependencies. + run: npm install + + - name: Start up jekyll server. + run: npm run start-detached + + - name: Run pa11y-ci. + run: npm run pa11y-ci:sitemap 2>&1 | tee pa11y_output.txt + + - name: Read pa11y_output file. + id: pa11y_output + uses: juliangruber/read-file-action@v1 + with: + path: ./pa11y_output.txt + + - name: Comment on pull request. + uses: thollander/actions-comment-pull-request@master + with: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + message: '

Pa11y testing results + + +```${{ steps.pa11y_output.outputs.content }}``` + +
' + + - name: Check for pa11y failures. + if: contains(steps.pa11y_output.outputs.content, 'errno 2') + run: | + echo "::error::The site is failing accessibility tests. Please review the comment in the pull request or the pa11y-ci step in the workflow for details." + exit 1 \ No newline at end of file diff --git a/.pa11yci b/.pa11yci new file mode 100644 index 0000000..0f8b037 --- /dev/null +++ b/.pa11yci @@ -0,0 +1,7 @@ +{ + "defaults": { + "concurrency": 4, + "standard": "WCAG2AA", + "runners": ["axe"] + } +} \ No newline at end of file diff --git a/_config.yml b/_config.yml index 6016fb8..e03cd5e 100644 --- a/_config.yml +++ b/_config.yml @@ -7,6 +7,7 @@ exclude: - Gemfile.lock - LICENSE.md - README.md + - node_modules permalink: pretty diff --git a/_includes/footer.html b/_includes/footer.html index 2bfda1a..0619712 100644 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -10,7 +10,7 @@ {% assign anchor = site.data.anchor %} -
+
+ diff --git a/_pages/javascript.md b/_pages/javascript.md index 2a87b9a..cc8ef4f 100644 --- a/_pages/javascript.md +++ b/_pages/javascript.md @@ -142,7 +142,7 @@ When choosing a JavaScript web framework, also consider if vanilla JavaScript wo {%include components/tag-default.html %} [React](https://reactjs.org/) (sometimes styled React.js or ReactJS) is an open-source JavaScript library for creating user interfaces that aims to address challenges encountered in developing single-page applications ([Wikipedia](https://en.wikipedia.org/wiki/React_(JavaScript_library))). -#### When to use: +### When to use: - Single page apps that requires data manipulation on the front end without a server side request/response architecture. - When there's a strong need to render JavaScript based UI on the server due to performance or accessibility reasons. - JavaScript UI that incorperates many nested components. @@ -150,12 +150,12 @@ When choosing a JavaScript web framework, also consider if vanilla JavaScript wo - When only a "view" framework is desired/required. - To ensure all front-end components conform to a single standard. -#### When not to use: +### When not to use: - When a complex build process is not feasible. React requires transforming "jsx" files to regular JavaScript. - When developers unfamiliar with JSX and don't have time to learn. - While open source, is maintained primarily by Facebook. -#### Goes well with: +### Goes well with: - [Redux](https://redux.js.org/) - An application state management library. - **When to use:** - When an application has complex internal state that affects how the site is rendered in realtime. @@ -170,7 +170,7 @@ When choosing a JavaScript web framework, also consider if vanilla JavaScript wo We don't work with Angular a lot ourselves, but it is a well-maintained, highly-used modern framework and we should not discourage or frown on its use by our partners. In our consulting and acquisition work, we view Angular as a solid choice for a frontend web framework, given the considerations below. -#### When to use: +### When to use: - Sites with heavy front end, JavaScript UI interactions (single page apps) such as: - creating, updating, deleting of information without a server reload - real-time messaging platforms, such as chat or complex messaging such as email @@ -179,7 +179,7 @@ We don't work with Angular a lot ourselves, but it is a well-maintained, highly- - When the site's design specifies a single page app architecture over classic server request and response. - When the whole site will be built with Angular to maintain front-end code consistency. -#### When not to use: +### When not to use: - For a single or a few simple components (with the rest of the site not using Angular), instead see React or Web Components. - Exporting a module that isn't an Angular module. - If there is a strict requirement that the site should work for users that have JavaScript disabled. @@ -187,12 +187,12 @@ We don't work with Angular a lot ourselves, but it is a well-maintained, highly- - When the site's design doesn't benefit from a single page app architecture. - When the long-term maintenance dev team is very unfamiliar with Angular and don't have the resources to learn or hire for it. -#### Pros: +### Pros: - Takes care of a lot of boilerplate code for front-end interactions. - Attempts to extend HTML itself, and was designed so less experienced devs could use it. - Being maintained and developed by Google generally means good support. -#### Cons: +### Cons: - While open source, is maintained primarily by Google. - Has been known to implement breaking changes in major version updates. - Built with Typescript, which is not ECMA standardized (as opposed to vanilla JS or ES6). diff --git a/_pages/license.md b/_pages/license.md index 8135f19..c32feae 100644 --- a/_pages/license.md +++ b/_pages/license.md @@ -8,18 +8,17 @@ subnav: - text: Other information href: "#other-information" --- - As a work of the [United States government](https://www.usa.gov/), this project is in the public domain within the United States of America. Additionally, we waive copyright and related rights in the work worldwide through the [CC0 1.0 Universal public domain dedication](https://creativecommons.org/publicdomain/zero/1.0/legalcode). -### No copyright +## No copyright The person who associated a work with this deed has dedicated the work to the public domain by waiving all of their rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law. You can copy, modify, distribute, and perform the work, even for commercial purposes, all without asking permission. -### Other information +## Other information In no way are the patent or trademark rights of any person affected by CC0, nor are the rights that other persons may have in the work or in how the work is used, such as publicity or privacy rights. diff --git a/_pages/people.md b/_pages/people.md index e8d66b8..1e70734 100644 --- a/_pages/people.md +++ b/_pages/people.md @@ -3,28 +3,27 @@ title: Feedback Guide sidenav: approach sticky_sidenav: true --- - Here are some attributes of giving feedback in a highly constructive way that we have learned and used over the years. -### Timely +## Timely Ideally feedback, positive or negative, is given as close to the event as possible. Regular [1:1 meetings](https://handbook.18f.gov/one-on-ones/) are a great venue for delivering feedback. -### Evidence +## Evidence Gather evidence for the feedback instead of relying on vague reports or hunches. Have concrete examples, ideally more than one for negative feedback. -### Behaviors +## Behaviors Describe behaviors (is late to meetings) rather than traits or emotions (doesn't care about coworkers). You'll never know anyone else's thoughts, feelings, or motivations. You can observe behaviors in an objective and factual manner. This can be a hard habit change if you've built up years of giving feedback in the other way, but keep at it, it is worth switching. -### Results +## Results When you describe a behavior, also say the result. This goes for positive and negative feedback. "When you review pull requests right away, you really help the velocity of the whole team." "When you are regularly late for meetings, the effectiveness of the rest of the meeting is reduced because the meeting leader has to repeat information or wait for you." -### Future Focus +## Future Focus Don't dwell on the past, but focus on the future. The future can be altered, the past will never change. -### Top Performers +## Top Performers Giving constructive feedback to a top performer is not nitpicking, it is actually some of the highest leverage work we can do. Most folks (not everyone of course) are eager to hear ways they can keep growing. We don't help folks by having no ideas for them. -### End of Year Assessment Guides +## End of Year Assessment Guides TTS, as a part of GSA, has a mature [performance management and recognition system](https://insite.gsa.gov/portal/content/500278). This includes an end-of-year performance assessment. diff --git a/_pages/ruby.md b/_pages/ruby.md index 3439edd..0f963ea 100644 --- a/_pages/ruby.md +++ b/_pages/ruby.md @@ -3,14 +3,13 @@ title: Ruby Guide sidenav: languages sticky_sidenav: true --- - _This is a **WORK IN PROGRESS**. Help us make it better by [submitting an issue](https://github.com/18F/development-guide) or joining us in the [#ruby](https://18f.slack.com/messages/ruby/) channel!_ A guide for writing and maintaining Ruby and Rails applications -### Style Guide +## Style Guide Follow the [Ruby Style Guide](https://github.com/bbatsov/ruby-style-guide) and enforce it via static analysis tools such as [Code Climate] and [Rubocop]. You diff --git a/_pages/security/cloud-services.md b/_pages/security/cloud-services.md index 3d38637..d1b9d7d 100644 --- a/_pages/security/cloud-services.md +++ b/_pages/security/cloud-services.md @@ -14,14 +14,14 @@ processes that are easier to use are less secure; likewise a workflow that is mo These tradeoffs get more significant depending on the FISMA level of your system. -### Presigned URLs +## Presigned URLs A common method of allowing users to transfer data without credentials is to use [presigned urls](https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html). (Azure refers to these as [shared access signatures](https://docs.microsoft.com/en-us/azure/hdinsight/hdinsight-storage-sharedaccesssignature-permissions), but they are a similar concept.) There are some differences between service providers; the below details are specific to S3 as that has been our most common use case and is supported by [cloud.gov](https://cloud.gov/docs/services/s3/). -#### Some Things to know about S3 presigned URLs +### Some Things to know about S3 presigned URLs * They can be reused until they expire * Default expiration time is 15 minutes * They can be used by *anyone* @@ -41,12 +41,12 @@ some attack vectors could be: * A bad actor scanning spaces of URLs to find publicly-available files. * Anything with access to the client would have access to the URLs and the accompanying actions - this could include an installed untrustworthy browser extension. -#### FISMA Low: +### FISMA Low: Be cautious but proceed with presigned URLs if you feel it is the right choice for your system. We recommend taking [mitigation steps](#mitigation-steps) to secure your system. -#### FISMA Medium: +### FISMA Medium: Really consider the tradeoffs. What kind of adverse impact might happen if a bad actor gets hold of a presigned URL to your system? * Can they access PII? @@ -55,11 +55,11 @@ Really consider the tradeoffs. What kind of adverse impact might happen if a bad If you've thought things through and it's the best or only option, proceed but definitely take [mitigation steps](#mitigation-steps) to secure your system. -#### FISMA High: +### FISMA High: {%include components/tag-caution.html %} We do not recommend using presigned URLs for this kind of system. The only real barrier between a bad actor and user data is the obscurity/randomness of the URL and the expiration duration. -#### Mitigation Steps +### Mitigation Steps **All Actions** * Generate expiration times that are *very* short lived -- think seconds rather than minutes. * Don't log unencrypted presigned URLs @@ -71,7 +71,7 @@ between a bad actor and user data is the obscurity/randomness of the URL and the * limit file type as appropriate to your use case * Scan for viruses -### Proxying the file download +## Proxying the file download This option is less "convenient" in that there is no easily-shareable URL that is generated. However, if your system has a higher FISMA impact level, or if you don't need to generate a shareable URL, this is often a more diff --git a/_pages/security/content-security-policy.md b/_pages/security/content-security-policy.md index decf2a4..a48e1dd 100644 --- a/_pages/security/content-security-policy.md +++ b/_pages/security/content-security-policy.md @@ -18,7 +18,7 @@ All of the above supported browsers support CSP 1.0, with 100% support for 2.0 i ## Usage CSP is straigtforward to implement, and supports providing a policy server-side [via HTTP header](#server-side-implementation) or client-side via a [`` tag](#client-side-implementation). -#### Policies +### Policies The most important aspect of CSP is the policy itself, which is written as a string of **directives**. Directives describe how the browser should handle loading different content types. These directives are represented as a `;` delimited key-value pair. The values in this pair can either be **keywords**, **schemes**, **mime-types**, or **urls**. Keywords are always enclosed in single quotes, while all other values are left unquoted. Multiple values may be supplied in a single directive, they are always separated by a space. @@ -52,7 +52,7 @@ The `default-src` directive should always be defined! This directive acts as a f It might be useful to test your policies before letting them loose on your users. To do this, use the `Content-Security-Policy-Report-Only` HTTP header. Combined with the reporting information in the next section, you can monitor the kinds of content your user's are encountering and tweak the your policy accordingly. -#### Reporting +### Reporting CSP can also be configured to send reports to an endpoint you control when content that violates your policies is encountered. To do this, use the `report-uri` directive, passing it a fully qualified URI, e.g. `https://my-public-site.gov/reports/csp`. Now, each time content from an invalid source is encountered, your browser will POST a JSON payload to the provided URI. diff --git a/_pages/web-architecture.md b/_pages/web-architecture.md index 903ba8e..a0d26a4 100644 --- a/_pages/web-architecture.md +++ b/_pages/web-architecture.md @@ -3,7 +3,6 @@ title: Choosing a Web App Architecture sidenav: tools sticky_sidenav: true --- - The goal of this guide is to help you decide how to approach a web application’s architecture, driving towards simplicity. Simpler approaches involve: @@ -12,7 +11,7 @@ Simpler approaches involve: - **using stable technology over cutting-edge**, and - **less computation or no computation when possible** -### Why push for simplicity +## Why push for simplicity Government software projects often face tight budgets, are used long-term, and have a broad user base with diverse needs. Because of these factors, simpler is better. @@ -20,7 +19,7 @@ Government software projects often face tight budgets, are used long-term, and h - **Maintainability**: Government is long-term, so we want government software to last. We want to be kind to the future maintainers of our software and leave them with the minimum possible complexity to maintain. - **Accessibility**: As government employees we serve the public, so the websites we build must be highly accessible to the public. The more complexity involved in building UI views, the more work it takes to build an accessible site. -### How to choose an approach +## How to choose an approach How much complexity does your web application need to include? That depends on what kind of features it requires. @@ -35,11 +34,11 @@ Many web apps begin their life cycles with server-side rendering only, and add m See below for examples and heuristics to help you decide which architecture could make the most sense for your project as a starting point: -### If you can make it a static site, you should. +## If you can make it a static site, you should. _When thinking about a static site, you might use words like: [Jekyll](https://jekyllrb.com), [Hugo](https://gohugo.io), [Federalist](https://federalist.18f.gov) {%include components/tag-standard.html %}, static HTML._ -#### Benefits to this approach: +### Benefits to this approach: - Simple to keep running (low maintenance cost) - Can use Federalist to outsource deployment of the site @@ -47,23 +46,23 @@ _When thinking about a static site, you might use words like: [Jekyll](https://j - Automatic accessibility testing is extremely straightforward - Searching with search.gov/search engines is easy -#### When this might be the right fit: +### When this might be the right fit: - A site used mostly to publish static content, such as public-facing agency information, articles, or press releases - An informational handbook or guide - A blog -#### When you might need something more complex: +### When you might need something more complex: - When your app needs authentication, user roles or permissions - When your app needs to draw from live data feeds or APIs - When your app needs to handle sensitive data or PII -### If you can’t, it should probably be a server-rendered app. +## If you can’t, it should probably be a server-rendered app. _When thinking about a server-rendered app, you might use words like: [Django](https://www.djangoproject.com/), [Rails](https://rubyonrails.org/)._ -#### Benefits to this approach: +### Benefits to this approach: - Stable, tried-and-true tooling - Only one set of development skills needed, as opposed to separate back-end and front-end development skills @@ -75,17 +74,17 @@ _When thinking about a server-rendered app, you might use words like: [Django](h - Adding basic forms with no client-side interactivity are a breeze - Client doesn’t get out of sync with the server, as it’s served from the response. -#### Drawbacks to this approach: +### Drawbacks to this approach: - Applications with servers and databases will need their own ATO - Deployment is more complex and requires more skills to maintain - Zero downtime deployments are more complex -### If your use case requires a bit of client-side interactivity, use the above options with a bit of JavaScript. +## If your use case requires a bit of client-side interactivity, use the above options with a bit of JavaScript. _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](https://jquery.com), Plain JavaScript._ -#### Benefits to this approach: +### Benefits to this approach: - Accessibility testing is relatively straightforward - Interactivity that doesn’t require state management, like animations or visual graphics @@ -94,7 +93,7 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht - Can use more than one JavaScript framework, which may be useful for project transitions - Leaves room for more flexible decisions for UI down the road -#### Drawbacks to this approach: +### Drawbacks to this approach: - Forms with complex state are harder to manage - Build/deployment includes both server-side build patterns and client-side build patterns @@ -103,17 +102,17 @@ _You might use words like: [Stimulus](https://stimulus.hotwire.dev), [jQuery](ht - Can quickly turn into a ball of JavaScript with mixed frameworks - Generally uses two (or more) package managers -### If your use case requires complex client-side interactivity, then you may need a single-page application (SPA). +## If your use case requires complex client-side interactivity, then you may need a single-page application (SPA). _You might use words like: [React](https://engineering.18f.gov/javascript/frameworks/#react) {%include components/tag-default.html %}, [React Router](https://reactrouter.com), [Redux](https://redux.js.org), [Angular](https://engineering.18f.gov/javascript/frameworks/#angular) {%include components/tag-suggestion.html %}, [Gatsby](https://www.gatsbyjs.com), [Vue.js](https://vuejs.org), [Ember](https://emberjs.com)_ -#### Benefits to this approach: +### Benefits to this approach: - Handling offline support - Managing client-side state is required and first-class, so handling complex interactions are more straightforward - Clearer conventions for how code should be written, compared to server-side rendering with a bit of JavaScript -#### Drawbacks to this approach: +### Drawbacks to this approach: - Requires more specialist dev skills to build - Can be costlier to build and maintain (both in time and money) than server-rendered or static sites @@ -126,6 +125,6 @@ _You might use words like: [React](https://engineering.18f.gov/javascript/framew - Caching can be tricky with many areas to maintain state storage (rather than just the browser’s cache) - Execution environment is always unknown and changing -### Conclusion +## Conclusion Keeping web application architecture as simple as possible can help keep government websites cost-effective, maintainable, and accessible. Understanding your user requirements can help decide what kinds of client-side interactivity are nice-to-haves, must-haves, or not needed at all. diff --git a/package-lock.json b/package-lock.json new file mode 100644 index 0000000..97d70fe --- /dev/null +++ b/package-lock.json @@ -0,0 +1,911 @@ +{ + "name": "development-guide", + "version": "1.0.0", + "lockfileVersion": 1, + "requires": true, + "dependencies": { + "agent-base": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.3.0.tgz", + "integrity": "sha512-salcGninV0nPrwpGNn4VTXBb1SOuXQBiqbrNXoeizJsHrsL6ERFM2Ne3JUSBWRE6aeNJI2ROP/WEEIDUiDe3cg==", + "dev": true, + "requires": { + "es6-promisify": "^5.0.0" + } + }, + "ansi-regex": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz", + "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=", + "dev": true + }, + "ansi-styles": { + "version": "2.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz", + "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=", + "dev": true + }, + "array-union": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz", + "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=", + "dev": true, + "requires": { + "array-uniq": "^1.0.1" + } + }, + "array-uniq": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz", + "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=", + "dev": true + }, + "async": { + "version": "2.6.3", + "resolved": "https://registry.npmjs.org/async/-/async-2.6.3.tgz", + "integrity": "sha512-zflvls11DCy+dQWzTW2dzuilv8Z5X/pjfmZOWba6TNIVDm+2UDaJmXSOXlasHKfNBs8oo3M0aT50fDEWfKZjXg==", + "dev": true, + "requires": { + "lodash": "^4.17.14" + } + }, + "async-limiter": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", + "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==", + "dev": true + }, + "axe-core": { + "version": "3.5.5", + "resolved": "https://registry.npmjs.org/axe-core/-/axe-core-3.5.5.tgz", + "integrity": "sha512-5P0QZ6J5xGikH780pghEdbEKijCTrruK9KxtPZCFWUpef0f6GipO+xEZ5GKCb020mmqgbiNO6TcA55CriL784Q==", + "dev": true + }, + "balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true + }, + "bfj": { + "version": "4.2.4", + "resolved": "https://registry.npmjs.org/bfj/-/bfj-4.2.4.tgz", + "integrity": "sha1-hfeyNoPCr9wVhgOEotHD+sgO0zo=", + "dev": true, + "requires": { + "check-types": "^7.3.0", + "hoopy": "^0.1.2", + "tryer": "^1.0.0" + } + }, + "boolbase": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/boolbase/-/boolbase-1.0.0.tgz", + "integrity": "sha1-aN/1++YMUes3cl6p4+0xDcwed24=", + "dev": true + }, + "brace-expansion": { + "version": "1.1.11", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz", + "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==", + "dev": true, + "requires": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "buffer-crc32": { + "version": "0.2.13", + "resolved": "https://registry.npmjs.org/buffer-crc32/-/buffer-crc32-0.2.13.tgz", + "integrity": "sha1-DTM+PwDqxQqhRUq9MO+MKl2ackI=", + "dev": true + }, + "buffer-from": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz", + "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A==", + "dev": true + }, + "chalk": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz", + "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=", + "dev": true, + "requires": { + "ansi-styles": "^2.2.1", + "escape-string-regexp": "^1.0.2", + "has-ansi": "^2.0.0", + "strip-ansi": "^3.0.0", + "supports-color": "^2.0.0" + } + }, + "check-types": { + "version": "7.4.0", + "resolved": "https://registry.npmjs.org/check-types/-/check-types-7.4.0.tgz", + "integrity": "sha512-YbulWHdfP99UfZ73NcUDlNJhEIDgm9Doq9GhpyXbF+7Aegi3CVV7qqMCKTTqJxlvEvnQBp9IA+dxsGN6xK/nSg==", + "dev": true + }, + "cheerio": { + "version": "1.0.0-rc.6", + "resolved": "https://registry.npmjs.org/cheerio/-/cheerio-1.0.0-rc.6.tgz", + "integrity": "sha512-hjx1XE1M/D5pAtMgvWwE21QClmAEeGHOIDfycgmndisdNgI6PE1cGRQkMGBcsbUbmEQyWu5PJLUcAOjtQS8DWw==", + "dev": true, + "requires": { + "cheerio-select": "^1.3.0", + "dom-serializer": "^1.3.1", + "domhandler": "^4.1.0", + "htmlparser2": "^6.1.0", + "parse5": "^6.0.1", + "parse5-htmlparser2-tree-adapter": "^6.0.1" + } + }, + "cheerio-select": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/cheerio-select/-/cheerio-select-1.4.0.tgz", + "integrity": "sha512-sobR3Yqz27L553Qa7cK6rtJlMDbiKPdNywtR95Sj/YgfpLfy0u6CGJuaBKe5YE/vTc23SCRKxWSdlon/w6I/Ew==", + "dev": true, + "requires": { + "css-select": "^4.1.2", + "css-what": "^5.0.0", + "domelementtype": "^2.2.0", + "domhandler": "^4.2.0", + "domutils": "^2.6.0" + } + }, + "color-convert": { + "version": "1.9.3", + "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz", + "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==", + "dev": true, + "requires": { + "color-name": "1.1.3" + } + }, + "color-name": { + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz", + "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=", + "dev": true + }, + "commander": { + "version": "2.20.3", + "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz", + "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==", + "dev": true + }, + "concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=", + "dev": true + }, + "concat-stream": { + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz", + "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==", + "dev": true, + "requires": { + "buffer-from": "^1.0.0", + "inherits": "^2.0.3", + "readable-stream": "^2.2.2", + "typedarray": "^0.0.6" + } + }, + "core-util-is": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz", + "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=", + "dev": true + }, + "css-select": { + "version": "4.1.2", + "resolved": "https://registry.npmjs.org/css-select/-/css-select-4.1.2.tgz", + "integrity": "sha512-nu5ye2Hg/4ISq4XqdLY2bEatAcLIdt3OYGFc9Tm9n7VSlFBcfRv0gBNksHRgSdUDQGtN3XrZ94ztW+NfzkFSUw==", + "dev": true, + "requires": { + "boolbase": "^1.0.0", + "css-what": "^5.0.0", + "domhandler": "^4.2.0", + "domutils": "^2.6.0", + "nth-check": "^2.0.0" + } + }, + "css-what": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-5.0.0.tgz", + "integrity": "sha512-qxyKHQvgKwzwDWC/rGbT821eJalfupxYW2qbSJSAtdSTimsr/MlaGONoNLllaUPZWf8QnbcKM/kPVYUQuEKAFA==", + "dev": true + }, + "debug": { + "version": "4.3.1", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.1.tgz", + "integrity": "sha512-doEwdvm4PCeK4K3RQN2ZC2BYUBaxwLARCqZmMjtF8a51J2Rb0xpVloFRnCODwqjpwnAoao4pelN8l3RJdv3gRQ==", + "dev": true, + "requires": { + "ms": "2.1.2" + } + }, + "dom-serializer": { + "version": "1.3.1", + "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-1.3.1.tgz", + "integrity": "sha512-Pv2ZluG5ife96udGgEDovOOOA5UELkltfJpnIExPrAk1LTvecolUGn6lIaoLh86d83GiB86CjzciMd9BuRB71Q==", + "dev": true, + "requires": { + "domelementtype": "^2.0.1", + "domhandler": "^4.0.0", + "entities": "^2.0.0" + } + }, + "domelementtype": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.2.0.tgz", + "integrity": "sha512-DtBMo82pv1dFtUmHyr48beiuq792Sxohr+8Hm9zoxklYPfa6n0Z3Byjj2IV7bmr2IyqClnqEQhfgHJJ5QF0R5A==", + "dev": true + }, + "domhandler": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/domhandler/-/domhandler-4.2.0.tgz", + "integrity": "sha512-zk7sgt970kzPks2Bf+dwT/PLzghLnsivb9CcxkvR8Mzr66Olr0Ofd8neSbglHJHaHa2MadfoSdNlKYAaafmWfA==", + "dev": true, + "requires": { + "domelementtype": "^2.2.0" + } + }, + "domutils": { + "version": "2.6.0", + "resolved": "https://registry.npmjs.org/domutils/-/domutils-2.6.0.tgz", + "integrity": "sha512-y0BezHuy4MDYxh6OvolXYsH+1EMGmFbwv5FKW7ovwMG6zTPWqNPq3WF9ayZssFq+UlKdffGLbOEaghNdaOm1WA==", + "dev": true, + "requires": { + "dom-serializer": "^1.0.1", + "domelementtype": "^2.2.0", + "domhandler": "^4.2.0" + } + }, + "entities": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/entities/-/entities-2.2.0.tgz", + "integrity": "sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==", + "dev": true + }, + "es6-promise": { + "version": "4.2.8", + "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz", + "integrity": "sha512-HJDGx5daxeIvxdBxvG2cb9g4tEvwIk3i8+nhX0yGrYmZUzbkdg8QbDevheDB8gd0//uPj4c1EQua8Q+MViT0/w==", + "dev": true + }, + "es6-promisify": { + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz", + "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=", + "dev": true, + "requires": { + "es6-promise": "^4.0.3" + } + }, + "escape-string-regexp": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz", + "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=", + "dev": true + }, + "extract-zip": { + "version": "1.7.0", + "resolved": "https://registry.npmjs.org/extract-zip/-/extract-zip-1.7.0.tgz", + "integrity": "sha512-xoh5G1W/PB0/27lXgMQyIhP5DSY/LhoCsOyZgb+6iMmRtCwVBo55uKaMoEYrDCKQhWvqEip5ZPKAc6eFNyf/MA==", + "dev": true, + "requires": { + "concat-stream": "^1.6.2", + "debug": "^2.6.9", + "mkdirp": "^0.5.4", + "yauzl": "^2.10.0" + }, + "dependencies": { + "debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "dev": true, + "requires": { + "ms": "2.0.0" + } + }, + "ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=", + "dev": true + } + } + }, + "fd-slicer": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/fd-slicer/-/fd-slicer-1.1.0.tgz", + "integrity": "sha1-JcfInLH5B3+IkbvmHY85Dq4lbx4=", + "dev": true, + "requires": { + "pend": "~1.2.0" + } + }, + "file-url": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/file-url/-/file-url-3.0.0.tgz", + "integrity": "sha512-g872QGsHexznxkIAdK8UiZRe7SkE6kvylShU4Nsj8NvfvZag7S0QuQ4IgvPDkk75HxgjIVDwycFTDAgIiO4nDA==", + "dev": true + }, + "fs.realpath": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz", + "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=", + "dev": true + }, + "function-bind": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz", + "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==", + "dev": true + }, + "glob": { + "version": "7.1.6", + "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz", + "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==", + "dev": true, + "requires": { + "fs.realpath": "^1.0.0", + "inflight": "^1.0.4", + "inherits": "2", + "minimatch": "^3.0.4", + "once": "^1.3.0", + "path-is-absolute": "^1.0.0" + } + }, + "globby": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/globby/-/globby-6.1.0.tgz", + "integrity": "sha1-9abXDoOV4hyFj7BInWTfAkJNUGw=", + "dev": true, + "requires": { + "array-union": "^1.0.1", + "glob": "^7.0.3", + "object-assign": "^4.0.1", + "pify": "^2.0.0", + "pinkie-promise": "^2.0.0" + } + }, + "has": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz", + "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==", + "dev": true, + "requires": { + "function-bind": "^1.1.1" + } + }, + "has-ansi": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz", + "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=", + "dev": true, + "requires": { + "ansi-regex": "^2.0.0" + } + }, + "has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=", + "dev": true + }, + "hoopy": { + "version": "0.1.4", + "resolved": "https://registry.npmjs.org/hoopy/-/hoopy-0.1.4.tgz", + "integrity": "sha512-HRcs+2mr52W0K+x8RzcLzuPPmVIKMSv97RGHy0Ea9y/mpcaK+xTrjICA04KAHi4GRzxliNqNJEFYWHghy3rSfQ==", + "dev": true + }, + "html_codesniffer": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/html_codesniffer/-/html_codesniffer-2.4.1.tgz", + "integrity": "sha512-7g4Z8+7agJFi7XJGu2r0onIqA7ig9b26vFEvUE6DgtFJlJzy1ELYEKzzd5Xwam4xjHiHQ/w8yHO7KTGNcXnwzg==", + "dev": true + }, + "htmlparser2": { + "version": "6.1.0", + "resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-6.1.0.tgz", + "integrity": "sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==", + "dev": true, + "requires": { + "domelementtype": "^2.0.1", + "domhandler": "^4.0.0", + "domutils": "^2.5.2", + "entities": "^2.0.0" + } + }, + "https-proxy-agent": { + "version": "2.2.4", + "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.2.4.tgz", + "integrity": "sha512-OmvfoQ53WLjtA9HeYP9RNrWMJzzAz1JGaSFr1nijg0PVR1JaD/xbJq1mdEIIlxGpXp9eSe/O2LgU9DJmTPd0Eg==", + "dev": true, + "requires": { + "agent-base": "^4.3.0", + "debug": "^3.1.0" + }, + "dependencies": { + "debug": { + "version": "3.2.7", + "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.7.tgz", + "integrity": "sha512-CFjzYYAi4ThfiQvizrFQevTTXHtnCqWfe7x1AhgEscTz6ZbLbfoLRLPugTQyBth6f8ZERVUSyWHFD/7Wu4t1XQ==", + "dev": true, + "requires": { + "ms": "^2.1.1" + } + } + } + }, + "inflight": { + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz", + "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=", + "dev": true, + "requires": { + "once": "^1.3.0", + "wrappy": "1" + } + }, + "inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "dev": true + }, + "is": { + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/is/-/is-3.3.0.tgz", + "integrity": "sha512-nW24QBoPcFGGHJGUwnfpI7Yc5CdqWNdsyHQszVE/z2pKHXzh7FZ5GWhJqSyaQ9wMkQnsTx+kAI8bHlCX4tKdbg==", + "dev": true + }, + "isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=", + "dev": true + }, + "lodash": { + "version": "4.17.21", + "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz", + "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==", + "dev": true + }, + "mime": { + "version": "2.5.2", + "resolved": "https://registry.npmjs.org/mime/-/mime-2.5.2.tgz", + "integrity": "sha512-tqkh47FzKeCPD2PUiPB6pkbMzsCasjxAfC62/Wap5qrUWcb+sFasXUC5I3gYM5iBM8v/Qpn4UK0x+j0iHyFPDg==", + "dev": true + }, + "minimatch": { + "version": "3.0.4", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz", + "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==", + "dev": true, + "requires": { + "brace-expansion": "^1.1.7" + } + }, + "minimist": { + "version": "1.2.5", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", + "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "dev": true + }, + "mkdirp": { + "version": "0.5.5", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz", + "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==", + "dev": true, + "requires": { + "minimist": "^1.2.5" + } + }, + "ms": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz", + "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==", + "dev": true + }, + "node-fetch": { + "version": "2.6.1", + "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.1.tgz", + "integrity": "sha512-V4aYg89jEoVRxRb2fJdAg8FHvI7cEyYdVAh94HH0UIK8oJxUfkjlDQN9RbMx+bEjP7+ggMiFRprSti032Oipxw==", + "dev": true + }, + "node.extend": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/node.extend/-/node.extend-2.0.2.tgz", + "integrity": "sha512-pDT4Dchl94/+kkgdwyS2PauDFjZG0Hk0IcHIB+LkW27HLDtdoeMxHTxZh39DYbPP8UflWXWj9JcdDozF+YDOpQ==", + "dev": true, + "requires": { + "has": "^1.0.3", + "is": "^3.2.1" + } + }, + "nth-check": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/nth-check/-/nth-check-2.0.0.tgz", + "integrity": "sha512-i4sc/Kj8htBrAiH1viZ0TgU8Y5XqCaV/FziYK6TBczxmeKm3AEFWqqF3195yKudrarqy7Zu80Ra5dobFjn9X/Q==", + "dev": true, + "requires": { + "boolbase": "^1.0.0" + } + }, + "object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=", + "dev": true + }, + "once": { + "version": "1.4.0", + "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz", + "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=", + "dev": true, + "requires": { + "wrappy": "1" + } + }, + "p-finally": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz", + "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=", + "dev": true + }, + "p-timeout": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/p-timeout/-/p-timeout-2.0.1.tgz", + "integrity": "sha512-88em58dDVB/KzPEx1X0N3LwFfYZPyDc4B6eF38M1rk9VTZMbxXXgjugz8mmwpS9Ox4BDZ+t6t3QP5+/gazweIA==", + "dev": true, + "requires": { + "p-finally": "^1.0.0" + } + }, + "pa11y": { + "version": "5.3.1", + "resolved": "https://registry.npmjs.org/pa11y/-/pa11y-5.3.1.tgz", + "integrity": "sha512-hRxe9mYUqwODrlIXiTKUrlJX8zgrJZG84s0IrJnvvI8reO6n4RtiF20juTaGukjuHtH8p3tgFh+i2gPcRZSyUg==", + "dev": true, + "requires": { + "commander": "~3.0.2", + "node.extend": "~2.0.2", + "p-timeout": "~2.0.1", + "pa11y-reporter-cli": "~1.0.1", + "pa11y-reporter-csv": "~1.0.0", + "pa11y-reporter-json": "~1.0.0", + "pa11y-runner-axe": "~1.0.1", + "pa11y-runner-htmlcs": "~1.2.1", + "puppeteer": "~1.19.0", + "semver": "~5.7.0" + }, + "dependencies": { + "commander": { + "version": "3.0.2", + "resolved": "https://registry.npmjs.org/commander/-/commander-3.0.2.tgz", + "integrity": "sha512-Gar0ASD4BDyKC4hl4DwHqDrmvjoxWKZigVnAbn5H1owvm4CxCPdb0HQDehwNYMJpla5+M2tPmPARzhtYuwpHow==", + "dev": true + }, + "puppeteer": { + "version": "1.19.0", + "resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-1.19.0.tgz", + "integrity": "sha512-2S6E6ygpoqcECaagDbBopoSOPDv0pAZvTbnBgUY+6hq0/XDFDOLEMNlHF/SKJlzcaZ9ckiKjKDuueWI3FN/WXw==", + "dev": true, + "requires": { + "debug": "^4.1.0", + "extract-zip": "^1.6.6", + "https-proxy-agent": "^2.2.1", + "mime": "^2.0.3", + "progress": "^2.0.1", + "proxy-from-env": "^1.0.0", + "rimraf": "^2.6.1", + "ws": "^6.1.0" + } + } + } + }, + "pa11y-ci": { + "version": "2.4.0", + "resolved": "https://registry.npmjs.org/pa11y-ci/-/pa11y-ci-2.4.0.tgz", + "integrity": "sha512-0TOR9CfOTJNO7TpmYfPRxbNZWs6tF/iCk/R+j40kmDlEInLT+my3MHdYhDwC3OjRczaQiRgR3y7y7QqAGENJpw==", + "dev": true, + "requires": { + "async": "~2.6.3", + "chalk": "~1.1.3", + "cheerio": "~1.0.0-rc.3", + "commander": "~2.20.3", + "globby": "~6.1.0", + "lodash": "~4.17.20", + "node-fetch": "~2.6.0", + "pa11y": "~5.3.0", + "protocolify": "~3.0.0", + "puppeteer": "~1.20.0", + "wordwrap": "~1.0.0" + } + }, + "pa11y-reporter-cli": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/pa11y-reporter-cli/-/pa11y-reporter-cli-1.0.1.tgz", + "integrity": "sha512-k+XPl5pBU2R1J6iagGv/GpN/dP7z2cX9WXqO0ALpBwHlHN3ZSukcHCOhuLMmkOZNvufwsvobaF5mnaZxT70YyA==", + "dev": true, + "requires": { + "chalk": "^2.1.0" + }, + "dependencies": { + "ansi-styles": { + "version": "3.2.1", + "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz", + "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==", + "dev": true, + "requires": { + "color-convert": "^1.9.0" + } + }, + "chalk": { + "version": "2.4.2", + "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz", + "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==", + "dev": true, + "requires": { + "ansi-styles": "^3.2.1", + "escape-string-regexp": "^1.0.5", + "supports-color": "^5.3.0" + } + }, + "supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "requires": { + "has-flag": "^3.0.0" + } + } + } + }, + "pa11y-reporter-csv": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/pa11y-reporter-csv/-/pa11y-reporter-csv-1.0.0.tgz", + "integrity": "sha512-S2gFgbAvONBzAVsVbF8zsYabszrzj7SKhQxrEbw19zF0OFI8wCWn8dFywujYYkg674rmyjweSxSdD+kHTcx4qA==", + "dev": true + }, + "pa11y-reporter-json": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/pa11y-reporter-json/-/pa11y-reporter-json-1.0.0.tgz", + "integrity": "sha512-EdLrzh1hyZ8DudCSSrcakgtsHDiSsYNsWLSoEAo1JnFTIK8hYpD7vL+xgd0u+LXDxz9wLLFnckdubpklaRpl/w==", + "dev": true, + "requires": { + "bfj": "^4.2.3" + } + }, + "pa11y-runner-axe": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/pa11y-runner-axe/-/pa11y-runner-axe-1.0.2.tgz", + "integrity": "sha512-HMw5kQZz16vS5Bhe067esgeuULNzFYP4ixOFAHxOurwGDptlyc2OqH6zfUuK4szB9tbgb5F23v3qz9hCbkGRpw==", + "dev": true, + "requires": { + "axe-core": "^3.5.1" + } + }, + "pa11y-runner-htmlcs": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/pa11y-runner-htmlcs/-/pa11y-runner-htmlcs-1.2.1.tgz", + "integrity": "sha512-flatSp6moEbqzny18b2IEoDXEWj6xJbJrszdBjUAPQBCN11QRW+SZ0U4uFnxNTLPpXs30N/a9IlH4vYiRr2nPg==", + "dev": true, + "requires": { + "html_codesniffer": "~2.4.1" + } + }, + "parse5": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/parse5/-/parse5-6.0.1.tgz", + "integrity": "sha512-Ofn/CTFzRGTTxwpNEs9PP93gXShHcTq255nzRYSKe8AkVpZY7e1fpmTfOyoIvjP5HG7Z2ZM7VS9PPhQGW2pOpw==", + "dev": true + }, + "parse5-htmlparser2-tree-adapter": { + "version": "6.0.1", + "resolved": "https://registry.npmjs.org/parse5-htmlparser2-tree-adapter/-/parse5-htmlparser2-tree-adapter-6.0.1.tgz", + "integrity": "sha512-qPuWvbLgvDGilKc5BoicRovlT4MtYT6JfJyBOMDsKoiT+GiuP5qyrPCnR9HcPECIJJmZh5jRndyNThnhhb/vlA==", + "dev": true, + "requires": { + "parse5": "^6.0.1" + } + }, + "path-is-absolute": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz", + "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=", + "dev": true + }, + "pend": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/pend/-/pend-1.2.0.tgz", + "integrity": "sha1-elfrVQpng/kRUzH89GY9XI4AelA=", + "dev": true + }, + "pify": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz", + "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=", + "dev": true + }, + "pinkie": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz", + "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=", + "dev": true + }, + "pinkie-promise": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz", + "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=", + "dev": true, + "requires": { + "pinkie": "^2.0.0" + } + }, + "prepend-http": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/prepend-http/-/prepend-http-3.0.1.tgz", + "integrity": "sha512-BLxfZh+m6UiAiCPZFJ4+vYoL7NrRs5XgCTRrjseATAggXhdZKKxn+JUNmuVYWY23bDHgaEHodxw8mnmtVEDtHw==", + "dev": true + }, + "process-nextick-args": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "dev": true + }, + "progress": { + "version": "2.0.3", + "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz", + "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==", + "dev": true + }, + "protocolify": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/protocolify/-/protocolify-3.0.0.tgz", + "integrity": "sha512-PuvDJOkKJMVQx8jSNf8E5g0bJw/UTKm30mTjFHg4N30c8sefgA5Qr/f8INKqYBKfvP/MUSJrj+z1Smjbq4/3rQ==", + "dev": true, + "requires": { + "file-url": "^3.0.0", + "prepend-http": "^3.0.0" + } + }, + "proxy-from-env": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz", + "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg==", + "dev": true + }, + "puppeteer": { + "version": "1.20.0", + "resolved": "https://registry.npmjs.org/puppeteer/-/puppeteer-1.20.0.tgz", + "integrity": "sha512-bt48RDBy2eIwZPrkgbcwHtb51mj2nKvHOPMaSH2IsWiv7lOG9k9zhaRzpDZafrk05ajMc3cu+lSQYYOfH2DkVQ==", + "dev": true, + "requires": { + "debug": "^4.1.0", + "extract-zip": "^1.6.6", + "https-proxy-agent": "^2.2.1", + "mime": "^2.0.3", + "progress": "^2.0.1", + "proxy-from-env": "^1.0.0", + "rimraf": "^2.6.1", + "ws": "^6.1.0" + } + }, + "readable-stream": { + "version": "2.3.7", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz", + "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==", + "dev": true, + "requires": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "rimraf": { + "version": "2.7.1", + "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz", + "integrity": "sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w==", + "dev": true, + "requires": { + "glob": "^7.1.3" + } + }, + "safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "dev": true + }, + "semver": { + "version": "5.7.1", + "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz", + "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==", + "dev": true + }, + "string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "dev": true, + "requires": { + "safe-buffer": "~5.1.0" + } + }, + "strip-ansi": { + "version": "3.0.1", + "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz", + "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=", + "dev": true, + "requires": { + "ansi-regex": "^2.0.0" + } + }, + "supports-color": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz", + "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=", + "dev": true + }, + "tryer": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/tryer/-/tryer-1.0.1.tgz", + "integrity": "sha512-c3zayb8/kWWpycWYg87P71E1S1ZL6b6IJxfb5fvsUgsf0S2MVGaDhDXXjDMpdCpfWXqptc+4mXwmiy1ypXqRAA==", + "dev": true + }, + "typedarray": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", + "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=", + "dev": true + }, + "util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=", + "dev": true + }, + "wordwrap": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz", + "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=", + "dev": true + }, + "wrappy": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz", + "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=", + "dev": true + }, + "ws": { + "version": "6.2.1", + "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", + "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", + "dev": true, + "requires": { + "async-limiter": "~1.0.0" + } + }, + "yauzl": { + "version": "2.10.0", + "resolved": "https://registry.npmjs.org/yauzl/-/yauzl-2.10.0.tgz", + "integrity": "sha1-x+sXyT4RLLEIb6bY5R+wZnt5pfk=", + "dev": true, + "requires": { + "buffer-crc32": "~0.2.3", + "fd-slicer": "~1.1.0" + } + } + } +} diff --git a/package.json b/package.json new file mode 100644 index 0000000..b0bfce6 --- /dev/null +++ b/package.json @@ -0,0 +1,24 @@ +{ + "name": "development-guide", + "version": "1.0.0", + "description": "This repo will contain the guidelines and best practices for the engineering chapter at 18F. The site is a living document.", + "main": "index.js", + "private": true, + "author": "18F", + "license": "CC0-1.0", + "scripts": { + "start-detached": "bundle exec jekyll serve --detach", + "pa11y-ci:home": "pa11y-ci http://localhost:4000", + "pa11y-ci:sitemap": "pa11y-ci --sitemap https://engineering.18f.gov/sitemap.xml --sitemap-find https://engineering.18f.gov --sitemap-replace http://localhost:4000 --sitemap-exclude \"/*.pdf\"" + }, + "repository": { + "type": "git", + "url": "git+https://github.com/18F/development-guide.git" + }, + "bugs": { + "url": "https://github.com/18F/development-guide/issues" + }, + "devDependencies": { + "pa11y-ci": "^2.4.0" + } +} From 859acc1be22ed3dec97bb013d0ca8592abb815e7 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 7 May 2021 09:39:56 -0400 Subject: [PATCH 092/179] Add zenhub and jira to PM tools --- _pages/project-setup.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/_pages/project-setup.md b/_pages/project-setup.md index 925a10c..88d9926 100644 --- a/_pages/project-setup.md +++ b/_pages/project-setup.md @@ -74,8 +74,14 @@ track of ongoing tasks and to do items. The project management tool should be linked to somewhere in the project's GitHub repository so that others can find it easily. +Choose a tool that will work for you and your partner. Remember, they will be the ones +using it once the engagement is over! + - [GitHub Issues](https://guides.github.com/features/issues/) {%include components/tag-default.html %} - [Trello](https://trello.com/) {%include components/tag-suggestion.html %} +- [ZenHub](https://www.zenhub.com/) {%include components/tag-suggestion.html %} +- [Jira](https://www.atlassian.com/software/jira) {%include components/tag-suggestion.html %} + ## Continuous Integration/Continuous Deployment From d0bdbce50ef31b58b38a95579dba3593df04cb6b Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Tue, 18 May 2021 15:09:06 -0400 Subject: [PATCH 093/179] Update project-setup.md ZenHub is not a tool we can currently use! --- _pages/project-setup.md | 1 - 1 file changed, 1 deletion(-) diff --git a/_pages/project-setup.md b/_pages/project-setup.md index 88d9926..2ad5629 100644 --- a/_pages/project-setup.md +++ b/_pages/project-setup.md @@ -79,7 +79,6 @@ using it once the engagement is over! - [GitHub Issues](https://guides.github.com/features/issues/) {%include components/tag-default.html %} - [Trello](https://trello.com/) {%include components/tag-suggestion.html %} -- [ZenHub](https://www.zenhub.com/) {%include components/tag-suggestion.html %} - [Jira](https://www.atlassian.com/software/jira) {%include components/tag-suggestion.html %} From cd8add26e273b1ac49b04d052346240dd7ee6d29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 20 May 2021 12:07:23 +0000 Subject: [PATCH 094/179] Bump nokogiri from 1.11.1 to 1.11.5 Bumps [nokogiri](https://github.com/sparklemotion/nokogiri) from 1.11.1 to 1.11.5. - [Release notes](https://github.com/sparklemotion/nokogiri/releases) - [Changelog](https://github.com/sparklemotion/nokogiri/blob/main/CHANGELOG.md) - [Commits](https://github.com/sparklemotion/nokogiri/compare/v1.11.1...v1.11.5) Signed-off-by: dependabot[bot] --- Gemfile.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Gemfile.lock b/Gemfile.lock index ebf2b15..fb0ac34 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -79,11 +79,11 @@ GEM rb-fsevent (~> 0.10, >= 0.10.3) rb-inotify (~> 0.9, >= 0.9.10) mercenary (0.4.0) - mini_portile2 (2.5.0) + mini_portile2 (2.5.1) mini_racer (0.3.1) libv8 (~> 8.4.255) minitest (5.14.2) - nokogiri (1.11.1) + nokogiri (1.11.5) mini_portile2 (~> 2.5.0) racc (~> 1.4) nokogumbo (2.0.4) From c333229e6f484042bf54dd379424571760daf0db Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Thu, 20 May 2021 11:24:34 -0400 Subject: [PATCH 095/179] Add recommendations around reducing big bang release risk --- _data/navigation.yml | 2 + _pages/release-strategies.md | 79 ++++++++++++++++++++++++++++++++++++ 2 files changed, 81 insertions(+) create mode 100644 _pages/release-strategies.md diff --git a/_data/navigation.yml b/_data/navigation.yml index f4f76a6..064dbfb 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -38,6 +38,8 @@ approach: href: /architecture-reviews/ - text: Front-End Disciplines href: /frontend/ + - text: Release strategies + href: /release-strategies/ - text: Example Workflows href: /example-workflows diff --git a/_pages/release-strategies.md b/_pages/release-strategies.md new file mode 100644 index 0000000..b1a56be --- /dev/null +++ b/_pages/release-strategies.md @@ -0,0 +1,79 @@ +--- +title: Releasing Software +sidenav: approach +sticky_sidenav: true +--- + +Releasing software is hard. Over time, we have developed strategies that can help reduce risk and uncertainity in the release process. + +## Small, Iterative Releases + +We recommend on all projects to get into the habit of releasing software as early and often as possible. The first +iteration of your software should not aim to have full functionality; a better goal for the very first release is to have as little +functionality as possible. + +## Big Bang Releases + +We do not recommend "big bang releases," defined here as when a team works many months on some code with the expectation that it will be +"turned on" in a big release event. + +However! There are many circumstances in which we are working on projects that, for reasons we cannot control, are scheduled for this kind +of big bang release, and our partners are unable or unwilling to take our advice around a slower rollout. +While releasing a lot of software into the wild all at once is inherently more risky than a slower roll-out, we have identified ways that +may help you mitigate this risk! + +### When A Big Bang Release is Necessary + +#### Give Your Team a Lot of Time + +Recommendation: Give yourselves *at least* a month to address issues that may be hard to predict before the release deadline. + +Big bang releases heighten the risk of unknowns that can crop up as the release date looms closer. Estimate your time very conservatively, +and set expectations with your partner to allow space and time close to release date to give your team room to address unexpected critical +issues. + +#### Release to Different User Groups at Different Times + +Recommendation: Releasing to a subset of users at a time, creating a better user experience for them and a better time post-release for +your team. + +There are always going to be immediate bug fixes and customer asks in the aftermath of a release. +Initally scoping a big release to a subset of user types at a time will narrow the developer and customer success team's focus, making +debugging and prioritizing fixes easier. + +#### Practice Data Migrations Often + +Recommendation: Do dry runs of any critical data or infrastructure migrations. + +Practice makes perfect! Try out your migrations regularly in the months leading up to the release so that everyone feels very comfortable +with how they work and what to expect. + +#### Develop Mature Incident Response Practices + +Recommendation: Build [Incident Response practices and run drills](/security/incident-response-drills/) before releasing. + +It's impossible to completely de-risk a release. Developing a plan ahead of time addressing how you will approach fan incident will +enable your team to focus on fixing the issue as soon as possible. Once you have a response plan, you should conduct +[incident type drills](/security/incident-response-drills/#example-incident-response-drills) so that your team is well-practiced in +what do if something goes wrong. + +#### Develop Training Strategies in Advance + +Recommendation: Do user research and develop training strategies ahead of time to help users ease into the new system. + +It can be jarring as a user to one day have a completely new system. Spending some time before release working with critical users of the +system to understand the common pitfalls a user may experience or uncover will help you develop training materials to address those issues +(or make the system more intuitive.) Releasing training materials for users to look at before the release will create better familiarity and +make users less wary or uncomfortable with the big change. + +#### Prepare Customer Support Response Templates + +Recommendation: Develop templates for expected support requests to have consistent messaging and advice to users. + +Launches often have expected support requests, such as: +* "Why doesn't the system do X?" +* "This is broken." +* "I can't find Z." + +Preparing responses ahead of time allows the customer support team to give the same suppport to anyone who a predictable issue, allowing them +to focus their energies on unexpected support needs. It also helps unsure a better customer experience for users. From 7c4b811c1c705c6dbe757c65d15320710901e1af Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Thu, 20 May 2021 14:49:41 -0400 Subject: [PATCH 096/179] Add mitigation steps --- _data/navigation.yml | 2 +- _pages/release-strategies.md | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/_data/navigation.yml b/_data/navigation.yml index 064dbfb..f209d42 100644 --- a/_data/navigation.yml +++ b/_data/navigation.yml @@ -38,7 +38,7 @@ approach: href: /architecture-reviews/ - text: Front-End Disciplines href: /frontend/ - - text: Release strategies + - text: Release Strategies href: /release-strategies/ - text: Example Workflows href: /example-workflows diff --git a/_pages/release-strategies.md b/_pages/release-strategies.md index b1a56be..4c2fcf9 100644 --- a/_pages/release-strategies.md +++ b/_pages/release-strategies.md @@ -77,3 +77,39 @@ Launches often have expected support requests, such as: Preparing responses ahead of time allows the customer support team to give the same suppport to anyone who a predictable issue, allowing them to focus their energies on unexpected support needs. It also helps unsure a better customer experience for users. + +### Big Bang Release Factors + +There are some factors that make partners more attached to big bang releases. There are some strategies you can deploy to try to +convince partners to pivot to a smaller, more iterative release strategy. + +#### Partner Doesn't Want to Pick a Cohort of Controlled Users + +Understanding why a partner doesn't want to single out some controlled users is important. They may be nervous about creating inequity (or +a perception of inequity) that might have some polical blowback. Or perhaps they feel overwhelmed about the effort required to narrow down +to a subset of users, and so feel it's simpler to release to all users at once. + +*Mitigation strategies:* +* Work with your partner to fully understand their fears. +* Frame this step as the first of many interactions with their different user groups, and use that framing to help them better engage and +understand their users. Having a more mature idea of their user groups will help them have confidence to stand behind their decisions better. + +#### A Long, Arduous ATO Process + +Partners have a valid fear of the ATO process, and may be nervous that they must repeat the ATO process every time a change is made to the +system. That perspective easily lends itself to fear of iterative releases. + +*Mitigation strategies:* +* Engage security or ATO personnel early in the development process, or, ideally, embed someone onto the project team who can help advise. +* Teams at 18F have also found success in employing the "Walking Skeleton" technique, where the main architectural components of a system are +deployed early in a minumum viable way. Frontloading the infrastructure work creates an MVP for ATO work, and makes space for early +compliance and security oversight. + +#### Legislative Mandate + +When the system is a byproduct of a legislative mandate, there can be political or legal implications if a deadline is missed. A mandate +for a specific type or level of service may make partners wary of more iterative work. + +*Mitigation Strategies:* +* Explore options for beta or trial release of services. Sometimes releasing a website or digital service under the banner of +"beta" can provide needed flexibility for a rollout, making a big bang release less necessary. \ No newline at end of file From 061935014c749158f26445b198d1e8e60b137442 Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 21 May 2021 10:17:07 -0400 Subject: [PATCH 097/179] update recommendations --- _pages/continuous-deployment.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_pages/continuous-deployment.md b/_pages/continuous-deployment.md index 7963634..e4dfe87 100644 --- a/_pages/continuous-deployment.md +++ b/_pages/continuous-deployment.md @@ -86,7 +86,8 @@ For an example manifest and manifest-staging see here: ## Zero Downtime Deploy Options -- [`v3-zdt-push`](https://docs.cloudfoundry.org/devguide/deploy-apps/rolling-deploy.html) is an official command, yet is in active development. -- `zero-downtime-push` is the popular Autopilot plugin used by a lot of TTS projects and used in both of the above examples. It is now unmaintained and archived though. Does not support buildpacks. If your application successfully deploys to cloud.gov but does not start, which may happen for an application that does not have an adequate test suite, you may have to go into the cf target space and manually delete the "APP_NAME-venerable" application in order to make use of `autopilot` again. +- {%include components/tag-standard.html %} The native Cloud Foundry [rolling app deployments](https://docs.cloudfoundry.org/devguide/deploy-apps/rolling-deploy.html#deploy) CLI is preferred over other options. +- {%include components/tag-caution.html %} [Autopilot](https://github.com/contraband/autopilot) is a plugin historically used by a lot of TTS projects and used in both of the above examples. **It is now unmaintained and archived and does not support buildpacks.** We recommend moving to the official CF deployment commands. + - If you are using autopilot and your application successfully deploys to cloud.gov but does not start, which may happen for an application that does not have an adequate test suite, you may have to go into the cf target space and manually delete the "APP_NAME-venerable" application in order to make use of `autopilot` again. - [`blue-green-deploy`](https://github.com/bluemixgaragelondon/cf-blue-green-deploy) another plugin similar to autopilot. - An official CircleCI / Cloud Foundry Orb is also available at From 2aa9ef30ba6620aa5432f41977af7810aa49a06c Mon Sep 17 00:00:00 2001 From: Davida Marion Date: Fri, 21 May 2021 11:36:07 -0400 Subject: [PATCH 098/179] Updated release strategies --- _pages/release-strategies.md | 80 ++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 36 deletions(-) diff --git a/_pages/release-strategies.md b/_pages/release-strategies.md index 4c2fcf9..6158a17 100644 --- a/_pages/release-strategies.md +++ b/_pages/release-strategies.md @@ -6,106 +6,114 @@ sticky_sidenav: true Releasing software is hard. Over time, we have developed strategies that can help reduce risk and uncertainity in the release process. -## Small, Iterative Releases +## Small, iterative releases We recommend on all projects to get into the habit of releasing software as early and often as possible. The first -iteration of your software should not aim to have full functionality; a better goal for the very first release is to have as little -functionality as possible. +iteration of your software should not aim to have full functionality; a better goal for the very first release is to have as [little +functionality as possible](https://18f.gsa.gov/2017/01/11/the-best-way-to-build-big-is-to-start-small/#start-small-make-it-end-to-end). +A small-and-quick first release can help you [test your deployment pipeline and environments, while setting expectations for a rapid, +iterative release cadence](https://blog.thepete.net/blog/2019/10/04/hello-production/). ## Big Bang Releases We do not recommend "big bang releases," defined here as when a team works many months on some code with the expectation that it will be -"turned on" in a big release event. +"turned on" in a big release event. We recommend, whenever it's possible, rapid release cycles and iteration, coupled with usability research. -However! There are many circumstances in which we are working on projects that, for reasons we cannot control, are scheduled for this kind -of big bang release, and our partners are unable or unwilling to take our advice around a slower rollout. -While releasing a lot of software into the wild all at once is inherently more risky than a slower roll-out, we have identified ways that -may help you mitigate this risk! +However, many times we are working on projects that, for reasons we cannot control, are scheduled for this kind of waterfall, big bang release, +and our partners are unable or unwilling to take our advice around an iterative rollout. While releasing a lot of software into the wild all +at once is inherently more risky than an iterative roll-out, we have identified ways that may help you mitigate this risk. And even if you're +already practicing rapid, iterative releases, the tips here may offer ways you can improve your releases. -### When A Big Bang Release is Necessary +### When a Big Bang release is necessary -#### Give Your Team a Lot of Time +#### Give your team a lot of time Recommendation: Give yourselves *at least* a month to address issues that may be hard to predict before the release deadline. -Big bang releases heighten the risk of unknowns that can crop up as the release date looms closer. Estimate your time very conservatively, -and set expectations with your partner to allow space and time close to release date to give your team room to address unexpected critical +Big bang releases heighten the risk of unknowns that can crop up as the release date looms closer. Estimate your time very conservatively +and set expectations with your partner to allow space and time for your team, leading up to the release date, to address unexpected critical issues. -#### Release to Different User Groups at Different Times +#### Release to different user groups at different times -Recommendation: Releasing to a subset of users at a time, creating a better user experience for them and a better time post-release for -your team. +Recommendation: Release to a subset of users at a time. This lets you test, creates a better user experience for them, and a better time +post-release for your team. There are always going to be immediate bug fixes and customer asks in the aftermath of a release. Initally scoping a big release to a subset of user types at a time will narrow the developer and customer success team's focus, making debugging and prioritizing fixes easier. -#### Practice Data Migrations Often +#### Practice data migrations often Recommendation: Do dry runs of any critical data or infrastructure migrations. Practice makes perfect! Try out your migrations regularly in the months leading up to the release so that everyone feels very comfortable with how they work and what to expect. -#### Develop Mature Incident Response Practices +#### Develop mature incident response practices Recommendation: Build [Incident Response practices and run drills](/security/incident-response-drills/) before releasing. -It's impossible to completely de-risk a release. Developing a plan ahead of time addressing how you will approach fan incident will +It's impossible to completely de-risk a release. Developing a plan ahead of time addressing how you will approach an incident will enable your team to focus on fixing the issue as soon as possible. Once you have a response plan, you should conduct [incident type drills](/security/incident-response-drills/#example-incident-response-drills) so that your team is well-practiced in what do if something goes wrong. -#### Develop Training Strategies in Advance +#### Develop training strategies in advance -Recommendation: Do user research and develop training strategies ahead of time to help users ease into the new system. +Recommendation: Conduct usability research and develop training strategies ahead of time to help users ease into the new system. -It can be jarring as a user to one day have a completely new system. Spending some time before release working with critical users of the +It can be jarring as a user to be surprised by a completely new system. Spending some time before release working with critical users of the system to understand the common pitfalls a user may experience or uncover will help you develop training materials to address those issues (or make the system more intuitive.) Releasing training materials for users to look at before the release will create better familiarity and -make users less wary or uncomfortable with the big change. +make users less wary or uncomfortable with the big change. Your critical users can then become effective evangelists and trainers post-release +for others suddenly learning the new system. -#### Prepare Customer Support Response Templates +#### Prepare customer support response templates -Recommendation: Develop templates for expected support requests to have consistent messaging and advice to users. +Recommendation: Develop templates and scripts so that expected support requests have consistent messaging and advice. -Launches often have expected support requests, such as: +Launches often have predictable support requests, such as: * "Why doesn't the system do X?" * "This is broken." * "I can't find Z." -Preparing responses ahead of time allows the customer support team to give the same suppport to anyone who a predictable issue, allowing them -to focus their energies on unexpected support needs. It also helps unsure a better customer experience for users. +Preparing responses ahead of time allows the customer support team to give the same suppport to anyone facing a predictable issue, allowing them +to focus their energies on unexpected support needs. It also helps ensure a better, customer experience as users are consistently given +thorough and well-thought-out answers to these common problems. -### Big Bang Release Factors +### Pushing back against Big Bang Release releases -There are some factors that make partners more attached to big bang releases. There are some strategies you can deploy to try to -convince partners to pivot to a smaller, more iterative release strategy. +Partners are often deeply attached to big bang releases, but there are strategies you can deploy to try to convince partners to pivot to a +smaller, more iterative release strategy. -#### Partner Doesn't Want to Pick a Cohort of Controlled Users +These factors are often project signs that a project may have some trouble brewing. If you are seeing any of these factors with your +partner, consider logging them as risks in your project health tracking. + +#### The partner doesn't want to pick a cohort of controlled users Understanding why a partner doesn't want to single out some controlled users is important. They may be nervous about creating inequity (or -a perception of inequity) that might have some polical blowback. Or perhaps they feel overwhelmed about the effort required to narrow down +a perception of inequity) that might have some political blowback. Perhaps they feel overwhelmed about the effort required to narrow down to a subset of users, and so feel it's simpler to release to all users at once. *Mitigation strategies:* -* Work with your partner to fully understand their fears. +* Listen to and discuss fears with your partner to fully understand their reluctance. * Frame this step as the first of many interactions with their different user groups, and use that framing to help them better engage and understand their users. Having a more mature idea of their user groups will help them have confidence to stand behind their decisions better. -#### A Long, Arduous ATO Process +#### A long, arduous ATO process Partners have a valid fear of the ATO process, and may be nervous that they must repeat the ATO process every time a change is made to the system. That perspective easily lends itself to fear of iterative releases. *Mitigation strategies:* -* Engage security or ATO personnel early in the development process, or, ideally, embed someone onto the project team who can help advise. +* Engage security and ATO personnel early in the development process, or, ideally, embed someone onto the project team who can help advise. This strategy (among other improvements) helped GSA bring average ATO time from [six months to thirty days](https://18f.gsa.gov/2018/07/19/taking-the-ato-process-from-6-months-to-30-days/). +* Familiarize yourself with 18F's [Before You Ship](https://before-you-ship.18f.gov/) guide so you can personally help alleviate some of their concerns. * Teams at 18F have also found success in employing the "Walking Skeleton" technique, where the main architectural components of a system are deployed early in a minumum viable way. Frontloading the infrastructure work creates an MVP for ATO work, and makes space for early compliance and security oversight. -#### Legislative Mandate +#### Legislative mandate When the system is a byproduct of a legislative mandate, there can be political or legal implications if a deadline is missed. A mandate for a specific type or level of service may make partners wary of more iterative work. From dda9254a23283d5789a4cc621e4a654908243eae Mon Sep 17 00:00:00 2001 From: Neil Martinsen-Burrell Date: Tue, 1 Jun 2021 11:04:11 -0500 Subject: [PATCH 099/179] Add the 18F favicon --- favicon.ico | Bin 0 -> 5430 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100755 favicon.ico diff --git a/favicon.ico b/favicon.ico new file mode 100755 index 0000000000000000000000000000000000000000..c81a022611e981181e58a26b497d1d3345c87594 GIT binary patch literal 5430 zcmeHL-79QS6hCuK%4fWg&!%V^g)&Mc8I%%{k0i+hFV}+yiIQj{558``i5MKj#=VVOv+B&*XRY5_zrEMqXYX}J(@feoEhJ5gs0nqoX6t&CTKb{2U1h37DOoMOj(dyZ&);aoF42 zLsL@|1_lNM+tAQ}zP>(;jg6tSwA7>j!NCDCGczSlUS1wnS65M4S&7NXNpy8}Av-(! z%^2jTKi9(k{yx^%*Ku)iA>*E&p2qU>GFn<%Jo+<-TU%R#8yp-&MMVYZ?{GNY^fjB! z*x1;Rev_YhoS&b^$;pZ2b7p1+J3BjATU!IMp4KbpvZ$yCp`oE3v7TamarZbQ)kITu)0flF@@^5Tx6rJ&BadFXQ&&bFS6VFxUqQ_Mp6uH8L{d(#OQaNc(T{Gd?+4_fR+w#y;HK+~Dr+ zPISr1$%5(W>2bpt@!q!8_|;e}77K1~Z*hNrkIv3cbaZrJcXwC#%FD}zPtE`F@i8VQ zCgdt8DDbH-ihp!;)a74aUoU*dpM`}5m)&Nw8BNme?(TNky&XGoulY?TlhmP4PfuuV zZAD#O9nQ|qaD9F4dfyfQ)YKFrA|enO83}$fe1unFU-ReY=E`_juPaP+bhPML2UDl` z)tXf}U+#*Z`yBlX3k!v-t*y<)Pd#O6X~~VhzrWuN^AUd5@%%RE?d_G=YW=Zx=X?JA z{EXt_Vpy$KoSvQvhJ7W6T7TQy+o-ClLUVI7YHMpjUvK-sIWvkem-+emczAd)nxXbS z#^-tPC*fM~mfsVO{bO#J7mn8xK4ACT_eEfC^mih#{=Re${P_)Rck=H6KMA>i18k#- AL;wH) literal 0 HcmV?d00001 From 6dd6836a089d53d8a3b52376e1c827bd367522e2 Mon Sep 17 00:00:00 2001 From: Andrew Dunkman Date: Wed, 2 Jun 2021 11:08:22 -0400 Subject: [PATCH 100/179] Fix typo --- _pages/release-strategies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_pages/release-strategies.md b/_pages/release-strategies.md index 6158a17..0d9a06f 100644 --- a/_pages/release-strategies.md +++ b/_pages/release-strategies.md @@ -65,7 +65,7 @@ Recommendation: Conduct usability research and develop training strategies ahead It can be jarring as a user to be surprised by a completely new system. Spending some time before release working with critical users of the system to understand the common pitfalls a user may experience or uncover will help you develop training materials to address those issues -(or make the system more intuitive.) Releasing training materials for users to look at before the release will create better familiarity and +(or make the system more intuitive). Releasing training materials for users to look at before the release will create better familiarity and make users less wary or uncomfortable with the big change. Your critical users can then become effective evangelists and trainers post-release for others suddenly learning the new system. @@ -120,4 +120,4 @@ for a specific type or level of service may make partners wary of more iterative *Mitigation Strategies:* * Explore options for beta or trial release of services. Sometimes releasing a website or digital service under the banner of -"beta" can provide needed flexibility for a rollout, making a big bang release less necessary. \ No newline at end of file +"beta" can provide needed flexibility for a rollout, making a big bang release less necessary. From 35955b9e9b066a525868ff223cc74f886fb68348 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 6 Jun 2021 18:10:37 +0000 Subject: [PATCH 101/179] Bump ws from 6.2.1 to 6.2.2 Bumps [ws](https://github.com/websockets/ws) from 6.2.1 to 6.2.2. - [Release notes](https://github.com/websockets/ws/releases) - [Commits](https://github.com/websockets/ws/commits) --- updated-dependencies: - dependency-name: ws dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 97d70fe..83268dc 100644 --- a/package-lock.json +++ b/package-lock.json @@ -889,9 +889,9 @@ "dev": true }, "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", + "version": "6.2.2", + "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.2.tgz", + "integrity": "sha512-zmhltoSR8u1cnDsD43TX59mzoMZsLKqUweyYBAIvTngR3shc0W6aOZylZmq/7hqyVxPdi+5Ud2QInblgyE72fw==", "dev": true, "requires": { "async-limiter": "~1.0.0" From e2b274f6a8074c6322dbe1c48c09461fb152454c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Jun 2021 18:22:59 +0000 Subject: [PATCH 102/179] Bump css-what from 5.0.0 to 5.0.1 Bumps [css-what](https://github.com/fb55/css-what) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/fb55/css-what/releases) - [Commits](https://github.com/fb55/css-what/compare/v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: css-what dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 83268dc..dd7afa4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -211,9 +211,9 @@ } }, "css-what": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/css-what/-/css-what-5.0.0.tgz", - "integrity": "sha512-qxyKHQvgKwzwDWC/rGbT821eJalfupxYW2qbSJSAtdSTimsr/MlaGONoNLllaUPZWf8QnbcKM/kPVYUQuEKAFA==", + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/css-what/-/css-what-5.0.1.tgz", + "integrity": "sha512-FYDTSHb/7KXsWICVsxdmiExPjCfRC4qRFBdVwv7Ax9hMnvMmEjP9RfxTEZ3qPZGmADDn2vAKSo9UcN1jKVYscg==", "dev": true }, "debug": { From 4e85bf4138fa3fa31d1480b8e67daee87b070a52 Mon Sep 17 00:00:00 2001 From: Matt Date: Wed, 9 Jun 2021 09:18:00 -0400 Subject: [PATCH 103/179] Update Retrospective Prime Directive link The page with the Retrospective Prime Directive isn't reachable anymore; updated it with a link from the Wayback Machine. --- _pages/incident-reports.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/incident-reports.md b/_pages/incident-reports.md index 01923e4..30936ba 100644 --- a/_pages/incident-reports.md +++ b/_pages/incident-reports.md @@ -35,7 +35,7 @@ certain events caused the incident, those events should also be added Analyze the **factors** that contributed to the incident. Here it's important to emphasize the [Retrospective Prime -Directive](http://www.retrospectives.com/pages/retroPrimeDirective.html); +Directive](https://web.archive.org/web/20171017112557/http://www.retrospectives.com/pages/retroPrimeDirective.html); paraphrased: everyone did their best; there should be no judgment of individuals. If lucky, we will discover a single **root cause**, but often we will find a sort-of comedy of errors or serious of unfortunate events that From bb7b0019888eb6598db3d972ada9fccb38518785 Mon Sep 17 00:00:00 2001 From: Logan McDonald Date: Wed, 9 Jun 2021 11:54:37 -0400 Subject: [PATCH 104/179] Add the new github officially maintained CLI tool to the list of laptop tools --- _pages/laptop-setup.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/_pages/laptop-setup.md b/_pages/laptop-setup.md index 7403e2f..88c1fdc 100644 --- a/_pages/laptop-setup.md +++ b/_pages/laptop-setup.md @@ -15,7 +15,7 @@ While you are welcome to customize your laptop, here are some tools that have wo * [Homebrew] for managing operating system libraries * [Homebrew Cask] for quickly installing Mac apps from the command line * [Homebrew Services] so you can easily stop, start, and restart services -* [hub] for interacting with the GitHub API +* [gh] (official) or [hub] (unofficial) GitHub-maintained CLI tools for interacting with the GitHub API * [nvm] for managing Node.js versions if you do not have [Node.js] already installed (Includes latest [Node.js] and [NPM], for running apps and installing JavaScript packages) * [pyenv] for managing Python versions if you do not have [Python] already installed (includes the latest 3.x [Python]) * [ruby-install] for installing different versions of Ruby @@ -34,6 +34,7 @@ While you are welcome to customize your laptop, here are some tools that have wo [Homebrew]: http://brew.sh/ [Homebrew Cask]: https://github.com/Homebrew/homebrew-cask [Homebrew Services]: https://github.com/Homebrew/homebrew-services +[gh]: https://cli.github.com/ [hub]: https://github.com/github/hub [Node.js]: http://nodejs.org/ [NPM]: https://www.npmjs.org/ @@ -76,4 +77,4 @@ While you are welcome to customize your laptop, here are some tools that have wo These suggestions were culled from the deprecated (as of October 2020) [laptop script]. If you are looking for references on how to build personal dotfiles, that repo may be of use. -[laptop script]: https://github.com/18F/laptop \ No newline at end of file +[laptop script]: https://github.com/18F/laptop From 43ca7e06517dc43a8278b8e9391344d2e4d0d9be Mon Sep 17 00:00:00 2001 From: Matt Hinz Date: Thu, 10 Jun 2021 13:40:38 -0700 Subject: [PATCH 105/179] Fix broken link to ADR template Looks like there was a refactor / reorg in the repo that moved some files around. --- _pages/architecture-reviews.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/architecture-reviews.md b/_pages/architecture-reviews.md index 28535e6..ff6a415 100644 --- a/_pages/architecture-reviews.md +++ b/_pages/architecture-reviews.md @@ -18,7 +18,7 @@ The second explores the idea of simplifying acquisitions in [Micro-purchase: Do ## Documenting key decisions -Some 18F projects have found success using [Architecture Decision Records](https://adr.github.io/) to capture key decisions and the context to which they were made, with the goal of allowing future project developers to know if a decision should be revisited or not. The decision records are typically stored in the repository alongside the code, using [this template](https://github.com/joelparkerhenderson/architecture_decision_record/blob/master/adr_template_by_michael_nygard.md). For example: +Some 18F projects have found success using [Architecture Decision Records](https://adr.github.io/) to capture key decisions and the context to which they were made, with the goal of allowing future project developers to know if a decision should be revisited or not. The decision records are typically stored in the repository alongside the code, using [this template](https://github.com/joelparkerhenderson/architecture-decision-record/blob/master/templates/decision_record_template_by_michael_nygard/index.md). For example: - [18F/piipan](https://github.com/18F/piipan/tree/main/docs/adr) - [HHS/Head-Start-TTADP](https://github.com/HHS/Head-Start-TTADP/tree/main/docs/adr) From 896e6a643226ac83d2024370e8c26b54fdd72527 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 9 Jul 2021 12:33:21 -0400 Subject: [PATCH 106/179] link to Docker Hub organizations --- _pages/docker.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/_pages/docker.md b/_pages/docker.md index 640c820..a083e4c 100644 --- a/_pages/docker.md +++ b/_pages/docker.md @@ -290,6 +290,13 @@ settling), but it's worth considering. - [identity-idp](https://github.com/18F/identity-idp) - [micropurchase](https://github.com/18F/micropurchase) +## Docker Hub + +TTS has a couple of organizations in [Docker Hub](https://hub.docker.com/): + +- [18F](https://hub.docker.com/orgs/18fgsa) +- [data.gov](https://hub.docker.com/u/datagov) + ## Additional reading - Atul's [Reflections on Docker-based From b2d41de668fff18718bcc00fc8bf7899da6cb5cc Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 9 Jul 2021 12:37:56 -0400 Subject: [PATCH 107/179] use publicly-accessible link to 18F Docker Hub org Co-authored-by: Andrew Duthie --- _pages/docker.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/docker.md b/_pages/docker.md index a083e4c..cad4005 100644 --- a/_pages/docker.md +++ b/_pages/docker.md @@ -294,7 +294,7 @@ settling), but it's worth considering. TTS has a couple of organizations in [Docker Hub](https://hub.docker.com/): -- [18F](https://hub.docker.com/orgs/18fgsa) +- [18F](https://hub.docker.com/u/18fgsa) - [data.gov](https://hub.docker.com/u/datagov) ## Additional reading From e786432e473164e2b3f163333fbe00c86ac29183 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 9 Jul 2021 13:12:56 -0400 Subject: [PATCH 108/179] link to cloud.gov Docker Hub org --- _pages/docker.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_pages/docker.md b/_pages/docker.md index cad4005..6f6b4a3 100644 --- a/_pages/docker.md +++ b/_pages/docker.md @@ -295,6 +295,7 @@ settling), but it's worth considering. TTS has a couple of organizations in [Docker Hub](https://hub.docker.com/): - [18F](https://hub.docker.com/u/18fgsa) +- [cloud.gov](https://hub.docker.com/u/cloudgovoperations) - [data.gov](https://hub.docker.com/u/datagov) ## Additional reading From df12722b3ba19cc6dcd6b6443fb4d91a1c563095 Mon Sep 17 00:00:00 2001 From: Aidan Feldman Date: Fri, 9 Jul 2021 14:59:22 -0400 Subject: [PATCH 109/179] link to login.gov's Docker Hub organization --- _pages/docker.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_pages/docker.md b/_pages/docker.md index 6f6b4a3..0a9185d 100644 --- a/_pages/docker.md +++ b/_pages/docker.md @@ -297,6 +297,7 @@ TTS has a couple of organizations in [Docker Hub](https://hub.docker.com/): - [18F](https://hub.docker.com/u/18fgsa) - [cloud.gov](https://hub.docker.com/u/cloudgovoperations) - [data.gov](https://hub.docker.com/u/datagov) +- [login.gov](https://hub.docker.com/u/logindotgov) ## Additional reading From 508b68e60e65c488aa34d6812f279654e8506dcd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Jul 2021 06:25:47 +0000 Subject: [PATCH 110/179] Bump addressable from 2.7.0 to 2.8.0 Bumps [addressable](https://github.com/sporkmonger/addressable) from 2.7.0 to 2.8.0. - [Release notes](https://github.com/sporkmonger/addressable/releases) - [Changelog](https://github.com/sporkmonger/addressable/blob/main/CHANGELOG.md) - [Commits](https://github.com/sporkmonger/addressable/compare/addressable-2.7.0...addressable-2.8.0) --- updated-dependencies: - dependency-name: addressable dependency-type: indirect ... Signed-off-by: dependabot[bot] --- Gemfile.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile.lock b/Gemfile.lock index fb0ac34..1ca53cc 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -7,7 +7,7 @@ GEM minitest (~> 5.1) tzinfo (~> 1.1) zeitwerk (~> 2.2, >= 2.2.2) - addressable (2.7.0) + addressable (2.8.0) public_suffix (>= 2.0.2, < 5.0) autoprefixer-rails (9.8.6.5) execjs From 4d037c52566020b78abb297b8777ebfa2cdb63b1 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Wed, 14 Jul 2021 10:53:30 -0700 Subject: [PATCH 111/179] Remove CodeCov, add CodeQL on GitHub --- _pages/project-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/_pages/project-setup.md b/_pages/project-setup.md index 2ad5629..67bf972 100644 --- a/_pages/project-setup.md +++ b/_pages/project-setup.md @@ -109,7 +109,6 @@ are aggregated and reported on the entire project, in addition to reports on individual components. - [Code Climate Quality](https://codeclimate.com/quality/) {%include components/tag-suggestion.html %} -- [CodeCov](https://codecov.io/) {%include components/tag-suggestion.html %} ## Static analysis for code quality @@ -120,7 +119,8 @@ project, that might not be caught in a code review. Static analysis tools catch duplication, security concerns, and more. Also see [Static Security Analysis](https://before-you-ship.18f.gov/security/static-analysis/). -- [Code Climate Quality](https://codeclimate.com/quality/) {%include components/tag-suggestion.html %} +- [CodeQL on GitHub](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository) (for security analysis) {%include components/tag-standard.html %} +- [Code Climate Quality](https://codeclimate.com/quality/) (for maintainability metrics) {%include components/tag-suggestion.html %} ## Dependency management From d8db71df502050d0efedce793c9623272019b965 Mon Sep 17 00:00:00 2001 From: Ryan Hofschneider Date: Wed, 14 Jul 2021 11:01:15 -0700 Subject: [PATCH 112/179] Downgrade CodeQL from standard to default Before-you-ship indicates other solutions and CodeQL is not yet applied universally as "standard" would suggest. --- _pages/project-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_pages/project-setup.md b/_pages/project-setup.md index 67bf972..dbf79e4 100644 --- a/_pages/project-setup.md +++ b/_pages/project-setup.md @@ -119,7 +119,7 @@ project, that might not be caught in a code review. Static analysis tools catch duplication, security concerns, and more. Also see [Static Security Analysis](https://before-you-ship.18f.gov/security/static-analysis/). -- [CodeQL on GitHub](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository) (for security analysis) {%include components/tag-standard.html %} +- [CodeQL on GitHub](https://docs.github.com/en/code-security/secure-coding/automatically-scanning-your-code-for-vulnerabilities-and-errors/setting-up-code-scanning-for-a-repository) (for security analysis) {%include components/tag-default.html %} - [Code Climate Quality](https://codeclimate.com/quality/) (for maintainability metrics) {%include components/tag-suggestion.html %} ## Dependency management From 335bed9e3327270faba687fbca12423ce62c5751 Mon Sep 17 00:00:00 2001 From: igorkorenfeld Date: Mon, 26 Jul 2021 16:40:13 -0400 Subject: [PATCH 113/179] Replace anchor components with identifier --- _data/anchor.yml | 17 -- _data/usa_identifier.yml | 31 ++++ _includes/footer.html | 131 +++++++-------- _sass/_usa_anchor.scss | 232 -------------------------- _sass/_usa_identifier.scss | 39 +++++ _sass/_uswds-theme-custom-styles.scss | 12 +- 6 files changed, 135 insertions(+), 327 deletions(-) delete mode 100644 _data/anchor.yml create mode 100644 _data/usa_identifier.yml delete mode 100644 _sass/_usa_anchor.scss create mode 100644 _sass/_usa_identifier.scss diff --git a/_data/anchor.yml b/_data/anchor.yml deleted file mode 100644 index b19b4c3..0000000 --- a/_data/anchor.yml +++ /dev/null @@ -1,17 +0,0 @@ -site_email: tts-info@gsa.gov -agency: U.S. General Services Administration -agency_acronym: GSA -agency_logo: gsa-logo-blue.svg -agency_url: https://www.gsa.gov -agency_about_url: https://www.gsa.gov/about -org_primary: Technology Transformation Services -org_primary_url: https://www.gsa.gov/tts/ -org_primary_bio: "As part of GSA’s Technology Transformation Services (TTS), we apply modern methodologies and technologies to improve the public’s experience with government. We help agencies make their services more accessible, efficient, and effective with modern applications, platforms, processes, personnel, and software solutions." -foia_request_url: "https://www.gsa.gov/reference/freedom-of-information-act-foia" -fraud_waste_abuse_url: "https://www.gsaig.gov/" -no_fear_act_url: "https://www.gsa.gov/about-us/organization/office-of-civil-rights/notification-and-federal-employee-antidiscrimination-and-retaliation-act-of-2002" -budget_performance_url: "https://www.gsa.gov/reference/reports/budget-performance" -accessibility_url: "https://www.gsa.gov/website-information/accessibility-aids" -usagov_contact_url: "https://www.usa.gov/contact" -edit_page: - text: "Edit this page" diff --git a/_data/usa_identifier.yml b/_data/usa_identifier.yml new file mode 100644 index 0000000..ae59e0a --- /dev/null +++ b/_data/usa_identifier.yml @@ -0,0 +1,31 @@ +identifier_data: + - site_name: TTS Engineering Practices Guide + site_email: 18F@gsa.gov + site_url: https://engineering.18f.gov + site_about: https://engineering.18f.gov + agency: U.S. General Services Administration + agency_acronym: GSA + agency_logo: gsa-logo-blue.svg + agency_url: https://www.gsa.gov + agency_about_url: https://www.gsa.gov/about + org_primary: Technology Transformation Services + org_primary_acronym: TTS + org_primary_url: https://www.gsa.gov/tts/ + org_primary_email: tts-info@gsa.gov + org_primary_about: https://www.gsa.gov/tts/ + org_primary_bio: "As part of GSA’s Technology Transformation Services (TTS), we apply modern methodologies and technologies to improve the public’s experience with government. We help agencies make their services more accessible, efficient, and effective with modern applications, platforms, processes, personnel, and software solutions." + org_secondary: Technology Transformation Services + org_secondary_acronym: TTS + org_secondary_logo: 18f-logo-blue.svg + org_secondary_url: https://18f.gsa.gov + org_secondary_email: 18F@gsa.gov + org_secondary_about: https://18f.gsa.gov/about/ + org_secondary_bio: "TTS Solutions is a portfolio of products and services that help agencies improve delivery of information and services to the public." + foia_request_url: "https://www.gsa.gov/reference/freedom-of-information-act-foia" + fraud_waste_abuse_url: "https://www.gsaig.gov/" + no_fear_act_url: "https://www.gsa.gov/about-us/organization/office-of-civil-rights/notification-and-federal-employee-antidiscrimination-and-retaliation-act-of-2002" + budget_performance_url: "https://www.gsa.gov/reference/reports/budget-performance" + accessibility_url: "https://www.gsa.gov/website-information/accessibility-aids" + usagov_contact_url: "https://www.usa.gov/contact" + edit_page: + - text: "Edit this page" diff --git a/_includes/footer.html b/_includes/footer.html index 0619712..1e255c2 100644 --- a/_includes/footer.html +++ b/_includes/footer.html @@ -8,23 +8,23 @@ {% include components/footer--big.html %} {% endif %} -{% assign anchor = site.data.anchor %} +{% assign identifier = site.data.usa_identifier.identifier_data[0] %} -