From 6fc26cc9d02317dc7c1ee76aca7f9312d108b5c0 Mon Sep 17 00:00:00 2001 From: "reaction.la" Date: Sat, 18 Feb 2023 21:04:50 +0800 Subject: [PATCH] modified: images/nobody_know_you_are_a_dog.webp modified: pandoc_templates/style.css modified: setup/contributor_code_of_conduct.md modified: setup/set_up_build_environments.md modified: setup/wireguard.md --- docs/images/nobody_know_you_are_a_dog.webp | Bin 6688 -> 38470 bytes docs/pandoc_templates/style.css | 1 + docs/setup/contributor_code_of_conduct.md | 21 +- docs/setup/set_up_build_environments.md | 246 +++++++++++++++++---- docs/setup/wireguard.md | 12 +- 5 files changed, 241 insertions(+), 39 deletions(-) diff --git a/docs/images/nobody_know_you_are_a_dog.webp b/docs/images/nobody_know_you_are_a_dog.webp index e87596e37069ef3bf755c00a62ab4a5992a9ed57..e29605d5d0a322e8256dbc082cc57cbe1955be0c 100644 GIT binary patch literal 38470 zcmV(vKNU#0&${s;Xx{6Fyj{C*7aH`#Cd{(}EH{A2q6@L#$A z=09!z_H zn?>|z7eu*PY&mvG@tmhwA5OE*kvteScJJ1I;A(HJqJ6+<~R;?7t?ipvQl~oP(@^o%QIvdHr`d z^*ZDP`wO9>B_0J_`M`PX9@dL|<$Z`F4enHdaVcFt88Ip@F)iscb^4}v+`h<3-jlt$ zllV3bb(f+)0PC_Txz$-NUm|__aA66$YenRgm)sude(F$evcy^+`131%gB@2TS%Amh z+y>m8-y1|+SoE(za;xe%jdpN=95dicZ4<{}n|zmevt-%Req6*)Eske!#G$3jiv7(C zu=&peJQo1o=y71DCjRkX6C+@J-NM8Yfy|%u^C)bpcD93J?cnjB>2zfF2XhBJnaHx#Ek0f}&Y)3n@z<^q-b zAjk#BVgJ?_LpP=cpf9k0e*I~wAF5A+YA+BO1FY|*Q`|&A#@*i=*&W^$u@SD2R)yKK zgbCxV6;x|LEe%xP4te=oKkfkaN?&mV2c z(_;$%fR{;Ai8VxO$2UKSE0CD%z=~k#n`;DOKETjm;1Y`m5>LP(4S3;YU`J_!#)TzqK`01)k&!zot@V_U6z4 z&5X{0>@W97!2oOl%yi4vFKDHm)YLh;0*^`$@XF1e141Hd>DCHAP>e? zt$1|-c6TDGB1)NGIz8pGk&!}gr4hXE@IqnAzqtOEHd8xB=U|CEW?cpQv0w%TYYlJD zV+6pfKTdiDUm6O`uhAsYx8EGcRMNb!Y^opPLJ4!K<7?yN0+?%dr3&wxSYEf6IXZkc zQ--Ww26)f^X1Au9@>Id#eZP68$rS@lC(tSr;63VY=7dmjo6is2FyRtU*RUT%j7w4r z-+xs+zL77lYnJSmqXXIgr$hWEd~`}ANvh$KScrA6xU;Rqz5|xRlm7uQzEktHc2)WK zsydoN_0;CmBNnvCmH^+Y9wzzv?ttM$Tcr#(tsaJ!dD656`K?DiItum+Z0bIHPiE!P z^A$&lS;c)hf5x(Lp zH-IF#?5m6EevUcZcRq%-gLF7ng;+JqTz$cgeFe3qVL!RbsS%pDQDW^U;%|*^^1^5Ky^_r95Ro8^D(+eV zdE8929Z^8hdDKw{MJUW5$SMmSi>{O+^nX1}H{5zwj%Vn#g$72PPQ64{T;VjJGBBDs zGE@U3yrkx&WKqn}L)f+rUs^(eM@{3j6@{8teQ6CDXlG$_ZJfg?GxVj3SWY{!itkbfY=CckwqIDb!33^N@|IR{8tJ15YKK zkFDCyQDA~EhdU1dekV3#gmiYw1@)_;sU*q7|8qCXC*X;bm{M8}tKppJOjSim zHmoPG)tgRq-ZZE8a9eQY%|0D`w-&>r=wH7a@=I^!Hc*DFPeqw_wRCcCf~$MTrA7x_P?^D+AJB!cGE^oMH@BVFurZ2>w&?`@WL5;K~8^B1_n;vE-to zW>-fB(01JQi-9 zdyIc>TC+GV+VnqaCkt%mqa-X(6!g28!OBChJHa+qC*XC_9YhkZ6*(|%{Ea*KE=O`o zxl?41E%=Iq8pG%K<7vDVl{AVCsBKe`1BruWnNgm0f7eB%0s5z$FUnM&%O}IpbDRnY z)~s}&DOdFsyFpt3;5o!JF`i!^a$RiHD6om_>_GGbVFIh@aTR^ZFdEU+csvNu#RofB zU=IufaY%7C$OZ|uL~CgaKqZmzlg5%s-b{Um_EQ}YSOp{_K?ZP!9#*pMo!Y0Nep)O# zpXI5Lb^l|8wp3r3No5JYz1b-{G$>FxSbnkuk9S88*zzTS*5i^m%Gu+lL||3iJTyVu z`W54cvUp4!HN2eQi-O3dHT3`+#~kam-Kv4F_`0yd5JYt0GzUqJwSls`AGMQS#(+e> z1vQ6*f(_zjoeNf!I%rpdj?UPO|+h)I7&L-eirA=Ue;Ayx+ z9L_{>RylcnG4!v*j@8XdJK_)ccfLcyYc;U1YXFY0gU&5Pn33*LHCZf3Ekj>vH#*ky z^HPuqGN%qI?C5TKO^{JmpTK5>`zME+Ga?JxKVC#};B(fP*T4f#F8hHzzK?3Y|3D?| z1iX86y`nry!MR~CaJ#UIfZRJrp?rT5gF^5?e*9}fI$qF5>;ECC1%u+0xB&2*^D7l5krhq zoU43|J=|%c-QM*J#l4(k^^5|2Avs@9-PmB2kT4&^o8Tu{g&A$4Nsc>zEmv+bd8fPP zZ|9)CRhi~*N72E`S2;_JaSt=d(+gk4qkl?qV3rz1eANLfC%lvYlisVzH#*y(MHXm9oF<*3n9dOavum#$b!%u=q??_=;x5 zVl9<5ZWzF&nE|GQB_8q8-4@)wGI?b~&9ibnyaA-b4Jvxf7X4^; zoKK344|yy-mc#L7OD|JGmg;Sq78D`TkMVlH7*ddH>3L ziS>AsL$xt~lvWy45daeoACf*?UNmP`O+sUo3Y9pLBdN)36a1WKL)|U6x%KpIt0%Uh zao9p8;|Gj6wF(O`djvbSv!e3xLW>13jh5KuMlX5ESJhG zA6@2)`15SKm|Lbwn~@%3zE{rskZo1^SA(o_QCH)t1pRCzKK@If!Mj6_dT6%&<`2}{ zD@qFuzzSyNvN*o{69yn?nHY;c?}2?E1VtdeH}NKw4?Cd9iKjIw{{myftvPD55R;2v z6f3tv8+_H<$W;7;Yq1lRU6xlK5xK3adfDK2!n6<#tWK{hjyT)}A9HI~ng}^-z1)g8 zD|&_FfwyG3YVm13f`8=~6x1PTzgs`vuUZiAW^zt$$D_e?z6@-UhY|3$(sa5CNZzhz zvzIGV`V$q7YMJ@v`+@`&&#Il6@bbeOQ$=|us&1=TMJaAny@cH@Aip03ke^>hE1%5ScQxBbEtp{T!B6C~7rsYFma zsP)EidS+5Mq2Uuat%NQ<>0pgN_u2F3`xcnYZf_6SIeRuCcx~Ps58FP(75Q)UI-)r< zi{J#c?l-i|w97p0FwNBB;SloIe_Aax zIuJUh3j-6Ur3EN^7XT=c8ZR`$qAH~GYlM?Qyi00K13!Jl09GB*OvB$`I{9Jojm=h= zw9wNSAV0|$8kblwkV?}?utnaGdFlJ^-upMae9r&N4W*;v#2qfT9SJAYBFNs2`I8K1C=-{Pee*Hu9*lY?mL67 zxuvw>X0AV{jYrGKm6?3Evo`rhE_`_rKdmS$y8L2F?CZYx|4y(3tSh%-7w#Qlz#A0f zwNurJ5C74SCA|hH5nq4K4s};A-PyRXsc0iQxo_SL(^|mVwM}_?rp3Qfkpe5{EWrO& zW5%Asb0c5ktfw_gyEQe_&hZod?j%mnylVwI8~9weMsNCv@M}a0t$Wf`jN4`Oz;=Rh zoB?bY!Dp#kg8uO*wNPCxFyXOYq**~@f>e5=anr&DK8MQ0AmP@SyL#CSwbk~VAWnEavVge{kXd`=Zg2W(ya^Nk-UCcGqGsBO_WA~H0ZS_QN z`U9v=j~s}1{++ID(us7>;hP$g1)ebo`W`i&)&8^UF_t!q=Eb~<`H|20h(J+T3h`$fCZHJ(VjUlV<34wTg$ z4){!80J-njmdJ1U2D92aNuy@76P=<{Eu;TG@fCJw&7|J&i3tE9>S9v9j25__*w0<& zJg-l3=q&@XdA^^bUz>@D?wUT(cpRg|Q*6=t@_2tg!M(-_g(Yd>nlEt_Oe6vN{A%<3 zT)REAewi6SP*-yfX)v?#$8MzFa-Wy|2K6R+fEdt|t)NE5tBf^5&k-qm;;`xofTN$X zZm0CRAu#8!HOJg~(Akc0cFl+>p3+T|+7PU3xgTtmC|QGRcWX#F3UPyq8drW=vUf0# zY(Q>gEKEX;B|S^zO6otj9qhd1XN2~ay?@E`-YUB-rHKdG%Fs+tkT zzfxG2R@LTz&?_{!7W=@H?)U(jQ@Z_VSTm&u_zc;}fUt6CpMoHC{uCntr_Tw&58PqB zNd%OY=Zi}QBIJ>~tCWkaeO+poHh!=QKOtm%dGhp8fj-gxXys=M^0HY})B~N>^*dv| zS)w>9XeT0F;hm2)G{TpLZhRg`GI=^zyq;YpCI8A++0fpd491V6me2M-^?9Wx_W^e_?;E__B6|y3uqhjA=Hm*jeG67}3F)(D89= zGP9z&lw~g+WN+!#k<{k=^?B~0aW3aNt&0^K{Ra>lK|k%o>&_{<5+g~^`-3B0^239) z^>jXyMDn^?&-l{}!ZkbbM1soOttM&hOWs2Y2>4kcQyT3_*U%=&Mv& zYN3{fs3!+g3R(|ESs0B`XKZ~Fix$$e4!%rXT>Qbg=gEu}-gMYMG?CG<<<3IbQQ-^< z(cME`#1}<5BYhM@LN0m&3*haeDr>k}h2dMd{cNd?~u&g6P>MetqM)w!2QkS=?OTTaTsL6jit=Qo{P;C0>=sndHGz+0}z@fU2;YkwxrRd${>1ojWe)9G*~NQd{#*k-hVT(0d_fZ0H+l03&n#oUx*3kRr=@5~(qv zcZ2-Bki#aUz+GQtR~d!uP*?lWhVmg~QsXbUdR`tZ5e^r$7!gF0eJ6ipL1xW~j3D ztHfruUy&w&TxrtQ8W5AKXhKv7cOKpUrRFoqTl z=0ZoH3ZkuV)s^NaDOpHBk}a{YdpQG<8+>Z5|kdA(^b$6 z9SFoj&S^6c&A)e%to8<2jLSzJ`t_CRDGYwC<9#lY{y*?EW;{p>o=VCv1@+lmLVQ?c zoDncEEXom@={(EPIXOO6)K(21wlnAEUni$bRhr1Br5eb}W?-;}iUmfb(rlGu0IjmD zvI!pS5Z-B(hm)oYmAQtncuZ1@_VjD@dXv}{iG?D}bhyYZlW;gfd1bYAMK3`sR4k=S+62p6d$lX16(VJCBTWmn3tIV;a80x;=<|&7{X`= zgVk(nRo|ni0cq8HdirrvJq1{rlMP}uxUCEX6$R$qLPx7Rb*}f+@#)3y1`af1+v*%Q z*j4>MLf%BqK+pV=p6x(HKB5}5#+4cLa3kZ#uG?t^hdq1h!QfcPGKnY@jVN3m<|f9(022ny7SY*CQPBfW6tQ6A!D8Ry($^S}fo1=U0uiLS#j#CO1W1J8WO9(GP^0{gna zJe9o&hHlWTTK?NX&q^8ceg*^G!yV}r4n%Oi$4-nKV~LPthODPLx<8bBv~FEuF>u10 zwC|0fzr)fFkb0!z_I%0ogdx^zWA4F_zEtj~Lc#I$Y;2E4{)!(UKLR$Xrz1kfDQU9Hkx+W6E|K_^rm|(!&4ZCdO-ft0ZXmBBE(2a^9ICS{KhY0bayg(Pqoe1xy{<1~tjw#^d`G?^ zLH}XoTz!N@56ckRiU=4tKfa&8m3_6XY1vUcoMG=l(7cZEU+L@m;?7}!&JX3-wjU~T#ddn{dlrkd(}sE9F)&o#9?8uJ7}!|aAKFeOdTwvP)KAs2nx zzN4||0R4&uX-cKi#XBjI|L+b;ae8I&fJGlV7i@ip2j0RDX!Z~KSP-sUT-w&6CUx8a z)So|3THt8{SN;V>2B;ow3M?Q!i!eqDB?oQ;Ku0m5z-Q?_dx~D<@;Rb5iGG9kZbbR@ z(NOi+=)BJ@W?CGaSJYAJcP^72<&Qh5s9B|LjMGc=*zpB}#~&dJO9rN`4P@u$}KNzK&i55*3%MSw6JnZZ^sNd zEfm>*TbZX@wx&->q?kS7H+VW*q(Dro+{|ZCL0=c6e>qmf-%d0Ek&QM)3nfrS)8Nh1 zH#F`$%Mh9q)%%fQ5p8PlvP?%2)Jue%ODU}i@rdRS*Z#!Z{u0u@s20N%^Z$7;^h=M+ z!|N$Uo$y9Nd_Wk;5a0Dhy~S*-U$J8o(112X_tPxc{CN8tq`Pc2FGncg5Hg>phRV7y z8D^Qu=#O+vK0dH=`b?W(NK@8-7(+h|!swJ$KHn*YOn3=(@5l5goAEm3_l%4PB&+xV zqukBjN~GW_>Dhs+u)ZkKvx5#bLeMU%J-ylV*T7jUBF{vx2S(R(*jf4_8p5UMu)7~@ z`W85iRFR(-RLg^XVs1zC)#hm^G1Sn|a9&75oBN3$+~c%XCooy%qHjeCKtqRa1Wuui z_QgUCdKmC(Um~(8TzI0mO)Y1e#cdfy*k}%X1!SrXp$vi z=F=B>@ZI*FsVy{xEq76Ri^@EhX79Stu(U85%Dt}cX=AG8Zbj7k)7gmq;hN7FLO)a5D(|; z=%wie3t+Wl7_hSB*z+qh&I_(@!M^DAre}vshVp~jS)(7*ZamSP`xogB$wb6JHwDGO z2K4_m-Pv+T8u>J!UU?r0-+jvjb;)0z4ZL6*dE%^LY4nxG{3^2dWF>{zk;;9C0%-z_4cSnzl7f*fuHAIs(hz^! zZlhNS`DRCGal7Xlf|eS@AJS*m9XpdMn-XnA+^t(zN)RbkVxB|#*nElRdaWFj(TL2D zD37+Y6+d>P?1u%4YS5znV?pLI39dLx-mah0rJmNcv;9bXb_Gl#=L&D8i^W8{B$)il zPVNylmm?HVtR%f@#Dq6&{kDsDMGqgiaZ}tau@Wz;1U|ms;55N2q#sX00^7nX=c{5* zy?(YKV(>$69d>xpRHhCTu9n=}6*X751ZbATPjA`T7cWu5XK4_`W`~s*TD09*9CTR} zyP^U3s}-DGf5AE-#7ZfwiA=e{MT0E!4u4!vq!dZb3%p*WCAeWj6=g$qWMFH32AC=W zWHKuqaXIX_k?;9m#&SzwhLL7AH*S`?l*MrS=qPcBCkH(C!|B>uh+tqD-UB8uHmjJo z_Zdy{V`9L3xEA&(x>e1ZiVmk_0@4U0!P8cOgenT+^=V3qVW?mb#ERmo-e5b{@w@n0q6Hn+MGK*(iehlQsfCRFP^~RiMO2$^-b!k^MEsk28^%{46&UOi*?$pE1L1r z<>ZQaOH6+6NE9CFu+!8s-*05fvG$A(A{E_RrGbj84A<0#bNyO$)22G z4v34aJWImAn-jknVL+;&4&}0ci0p)4Sg~`l-_adQDEsE_?JDe6jId2M3^gWHL*8{b z2?4=nle1!GDhd`~L*sR5AG~|Kg3-0J@!vTmTYV#2p>G@^#xX1hHA``MO<0f^X9*ob z3sWzar1v9K`EtoUG?_v?G>v7VD`$Uvt`L6IGNlojAikFpiS^Wg%NCPdRkHplZXVmG zk^jZoX*}C3S!4wn*M6Qc({*{bDW9A_E{v*E1yXo^xdMo?_cF_5Mlu6cUdD_jP{A%{{gs~yR^6S8 z`LP`fJtWA4u{6fxJdj8pbJF&dQ)W0ji+?ECcFI)5sbQ!gTi94+WoPzj>)9%!@g)EV zj)x8&hF3beve2PY4`@@@EX#}Y+XC+?_|Y!R;I#Ci8 zXwt3z#Yu3GBuD!Lei!`vq;zDRs#RNlK`dWJFb2}`R#Gm-xSk!S;RDSjR+6H4tE7s# zG-hH{17!Sqx8)#F(u`iw2M`PPcB(XY6i=G$F0I`o7YiGfWhC1kiYtcJG$ap*XwU1YVT;bcBDXXWCF1?+=ui z*2H=`RxM`)l(8Pt;!&9vt9ZzcTCYj$?`vhD9IT!>zAv9&`r9;cL#CwT9zjzb*Dgv9%P3LUZ>} zy>PB~qQ;~Bf?p3s*$yXU;?AVeQD}Z(WSaYXQ8~ciQ5Mu5h}3Sd2$RisI-0MeH$nbl z;O?>Xv-uMAPwZWWEj^tbG9&2a!vaqFGha&4o;Qy%FqwQjDb05sG9&Z_=6fk@+SNAx zN*$%}?`!JUR%Xi0D*D&R5t3@tBh?9gOZBFMoL--w*}Pj|5o--yXTW~B>&0Y_^lY% zUddF{Q{v+&AN%bKiO2B)SWQMr*~+46J$NY{rsA5`!u{38pSyxIQG0L|J~Av@`Hv7C zh|~7AxZWU*WDix4O~ti-SEdImKe+V#BLpl>Xw0pP=NhQnyLcL$@^6@9rO93cWe5-& z0ik>ENGmo^Vv9?OS=F(0mkZ>u)Z+AeBV?U9gp>1M=AI9r*oiA?55iUSbdlg<*- zh9q3d`T_*k#s}#f>R>_W``8YCuPw@7raPccDrq*~pgSv40~u#i^GA0p}Wu zE?C>P>>v;+DE=+}NWP{a<2(Qsf(%;>K7ZRmLtJ%w>PfJ!dkj&Qv?Bphido37e(nDN;*`f`luOsR7X5O&n zmuP)wHV?8^=g>3oBNcyFsmG$m==yY>?X2riai(D2_bbi?6=})Z{Fhz4?Z6hg8iUn*aC&0(~SL|d=_VE%ns zt%peAjTgsG(_hmOi_Y!TK(9~kFHbG|i3%q2-%v^Q44DExzb>l8nu$lURM!&ZIlx1v{|v)Tbx4GQyVS#-+Qd)cu9aK@ zbpVq((^bQJ|IAhs;30$9qA>{<(PZK7S)b%XypPjlUAjJHrXqCT*{m9U+bYJ86h zQB5o3s9O2Nf9Vlx*e%!^!P%AgoS#Rb^&ks0dtvG)@9_uUHSEfd;lTsVJP+ninHi9Z z{B(vw1yZW3xLvwmo=K)6beuPM&ZR$Fo^;*VChcIoLXXB-G^TcMwkbJi_@CLE>~PA9 zFTc;s(i#N;z2-#Vnk*1T*a^r0po^2l0BuCLSDA zpQkY(DN-RO<-`m0ij=4$8(>&riq5xzAfEt>#iJ0~Y_9Mo+IWmq;{dbpSoS%t9bmZ`%C)qBk8`=HqRW?Yc<$PGuX z;t?x-tBVRbyo>2~uRE^g3Wp*0rxm4w2JGO284bC6P=#ay|p5PKx&ncxs6 z{g1u4d^{~FI;TmL$KXklEG!4C&TyHRkQ#|C+h$ogtw&aXZsdgISWX((0E&}>Pbz5? zLORW!>ZZfhUG6d9O&HfU9XX-au&PoTaV9Mf7JNCrUN5XilyjTxNifTG1y?~ zY07qo>!{JYr*D|S0Afk9%79x;xoXa$^$%cLUbB zWK6dXNVQ2{MLeQsh0ifQ-&uM6KOsv;(P-#W&-RB#5aP&^q*L6f0?fgfcd*ItKH^S` zCozM1cLA+=8N#l9g?lU+CetSFd5iT`BlVR{SO8r6(21X$JkF^k8)NngZJ~e- zRvuL8d0@C}T=c?DkGK-VJ4S5027fEhOS;V=!nz-GVxqdkXq?T)VxJFXB{BTq#qxNx z38ezFp_6^vx=+R8}#oDYs0Ou*4E~ogE-%dkpkF zL}D<(z&sdb9=KR6IBoNDb8cJ{fk?Od>*_aikCXSl?ZHqSJ~wc=K9R!bB(MCR{ZJH zt7!IZAunP@K4FI+MA4&80bB*JjkLJ|b>TOV5)Ehy0=U!{wm?3QrF6mrNUwhQ2kzi66<2xq5L1j0?!Hw%)PVMFLA5M7?;1snIAUuh-0X_+iza z6`=2v=?7rJ)c^?L!pjHxJoLv(KB%81HEUuKe7lD;2Tug=$1|03R@c6D8vN@9Jp
YSnV{W0Jf6@1wNaC+ zImg&!h2#MU;^6P}UwM&Wlx_j$Bz&TMI`2fx6t6U@pI)7)`t8#7NP`XpaJe|SsP?y? z71H*bz@~MDtW}>TEgqn7DsSg6Y{B;>dQpWyuIw6=Pm@?Q-3o!RJ0WT)o%N0(fE9F1 z*W8#{Qc7m1f97pkJjKWk^^>gdXMvm1e*PBRMls9j#0+|ve+1A*w%%bYPH_XM{D+*+ zj5{k9Cye89*Ilgu?bPYe7-dG2~B5fZBHa`CqD^YD!sW&XXh=f6ahNIqABaKz$(*TofYDZ2zQ(vya3x zD<)J(O1^3?SxoK$VFt9g%)L_&v}k>j>d1x&j*#+tI+TA)w-h^SyVG#w<(6OIA+H18 zsk$+Xu%=MNyHq13WN^_u=O-!~nU<`6as$fXtb-uxP6YxFK1uIEu;Ooiu__Sgxk7|& zJ$D&_9%JF4EZrdhtiF*{N|!U}=`kvdk3>57q1BE;(3>0qd)ornX*w^Sb3_cvgT+>6 znKNy&?6hpFLG!NYv(tAaFtYft>V=P<$Ew67E{8K^$08%KnbqLW1FFt#e=naot3KrW zcw*y#=?K&svH)-3prLZVi!*N=seaOgg5Jx{s|r zd|4h&1k2)y+lnq)?l+tnEm{l+FfC9(nn=$1Ryg}lfa4u8cWLnRHS5fub3B#|@#VU# zhr9ePfTSenTG1Y-{MR5LexffiD!9;6a^qEX$8n@cpOtt} zdYQ2TKClJ!u&-$08`dVi^Cr$o;n_#ERwiDT39i4P!&wBHTSsOWG|1nML7h-eKnl_r z;9}k$%C(gB3SXCRlVi4-DiWLyB|+N*=Rzvwdh)-AK%zeT5A-=2*6DoT~`g?Nm2Vp6e62n5-JL$!*tb7GLqyEZ+fY90P0B@UuXC z&2iopN0)U`FP@6BZ(!A1+?7t5(;e7mGR8}MFKZ=cU+2f@NpM&JsGJS{OEmq&y1o2^ z_+r2U{w(Mos|Efj`i#Z);@u{KdquST;EQ$Fda-9xwV@_FVPe>eSDLUNnF6nH3!0Er z3i77t9Z4y-SN*-dfv?iwR`v`>)dt_)1K{u@CqB&6LeeZ%OPi?C#+|T8Sk{@kg#s50vnq!6I>2?QmK^+WG}f}7&{pkRx`P`6YIcDioP$ELQ0Nf1YVIWGGG0AhuD0XUS9fI z!`Q&!wSIH*q}^0Uk2X!7%1}E1`>ybG%mwMsvWFVhH^K8Ac~waIXHyMLrj zwnOgp!Uvt0&hx$Dj}*1xG5@lCU|XrCPancnvEP5LopU>{nv^4XI%(8v#J8baB+dqs z0{VVjbTYw(P#k3b5TBJ?KwY*{z8C+|HmYJ(rFQlaDQ^j7)qm~tK(Hi%XQaP6LIidQ zjr7QR3YPxe-3LKHe3)*8JS9gqV8WV!Ewi?l8wh6>>PCSGF=&PbH#B&u2F|0K8+RBZ z_xa${96Q0J-Tu9+X3I4OL~rQsKhhzOa2<2Z(GyK@`Q zSie+A5xZ2D$ftY6z){CVUens>E`SLedJXP5Ivf7|O&i?H>n5`hxrztnYs}T|%;n{N z#j}SunqqBW724>}L?kQ?F7#p`k7#T(3a1K1M#zs&2jl&8cfooOY@YTRW-hWl9Z*hsbU;X74x z6WK@X-DzZxMbM=F!;P9k?=&8KcPZuHe3s#!05?!K6BI2ASE4W}=sIZiP&m}M?cN{PbshSE~QNE{kPyW9j^XPBVdBQT}ipdUT zMEp^jxzrslxsdR5)Z;j%vnAxqiT&{++2)x}rx56<5v1P*Yab-{3i_Q1VlHQwx3#Pd z%v9iOoz?azx(_dacle`h?~229_GS4X_(zS^^hA#E3soQ;Qy`|%4eAj7juS9&dHI^# z@nmZ%CfP4;#eq@Pkv39oq^oRt)t8$6a`5Gz`vM5;8p-nrb76pswHumAA6u~UTF=G< z)b&imLjY9|Hi;nV7y-aoNksP9ysTD#x8CIs`VeQGc z{uRy=SDV4Tdj=NVr3paIWGVdO!By3SVMU*T{b0VsA}wyWRD)hRG;IMN8sh^cz2F4a zV~c=HjXx*dN$z^>v6rF#-pCHtLzBt8m zTMJqiy1$ zC=s@g8>WRyY|kWty0L72uw(5ZH`uUkKh|n!PGDH1H2gYqmARhh z)obzm29Mu%O#97tVEjYx_NPp}k`*3NupO;>xJ<<$8Y=?By6dA_tVI6dq3>le4QrW? zxK8L5qPHCGGJmfPpoIq=Hy_IKD&t=ylyO7b1eft%2L#Jd@&nP80&0H5)kur0%C9x{ zNWyndACofqFczLm#d>Qzzl6r{v=69Zj8)lX4b-s5-BB-Hy~n5{b*RkZ%}N;iYi$yU z?msKb8dEhksc;%ajWtk-S|)s5c7FgHU0|cNkhXYX&W9Nd@9W^ac~)R=iZFOS^zq7sD-X;Zm9E@ zF;NKQKvBS+fs|yM>RlqmNzWy7K>gEL;U?i` z_wer^qEsT}<d$2rmqW zq)DCuG4ZcQl0;=*nuqpcu#wLMS?EXN6vXNid4eoC28a+tnppU?!6zfXQTpxGcOKgBRD`k7^wM9Kp` zoBE2VX@;M&{!`q6u=^KO%RUR4V#$GO&x^)F^dil6%-Y&X6@bln4adLBK`F@A?%@Zz z62vOH^9FXs%gZVrU#($wyj#?{-n?#{tR8!^p`CDuLVvzX-w($iZOAhS7{A2MM~Rd| zL`7T&jE-rm5YxZw#1^VWtZRhI&i05Vl*sufa@V}FboamB8-MvLbB7@}!^0vitQ%Hl zk*Buhdq-zJkb|{Hwy<+VILx$b3B;U7YXg3o|!L#($WC&_NUKI5Kee| zzGo`_aiiRz0tYi8D$YSxA9Hp3B3V8g96?Gf%Pqo$=a7w8aNOH?49YN;w<*afLz6Lm@FU_z5w*gg)gc#b;L=VkQ zO8obV*A)O81*_)C8EAsQaHP4?KuALn5P1diJSoQ;m8bBrYZ#A0=4O?Kr_m zhr1BWZaH0a&e}Vj1gvGUQW)6>Ea}q|i5k^`U^>Zk5f68x^IH_hVe)ypYNsowxT@wX zN&a;q1fiX6UtU76+kjkb_=i_aU5OGlL8 zGD@?#HD;bMz*BvWu@GC=m*LJh`FDs0841+KgblY57~PaH^cok=AWE{a%Go;Xm$AK)f4-~D$L9=hsfqGwCd5nR|9~h zwZU9|ME+f_q&*-Dd6RW8p8y2dPr#7N86-?*n*!+4l{`tD<-*y&^6TSHe20yH!$?3- zySd#*%9SE$Z~=fEjn`jT91|{*eVK@(5mR3A=WPp(C+M|cWeT1GZ?QLN|d)G7zwmE zT^`GuQtcTA5MxdU;VhS@>4vAxOO*=nqpH2-uqYn}1WR9|Q*fN>2V6)~nH)3yqPS%^ z;W082#07&6AM$m>`#kEVA=U3eL-q5naWfQaTX+6re`Xz@`f@x z6M%uBo=`@juv8dC>IxRJr+)4}u^vSovrDE)c5VF4ArLudiUvEbK||sv)rN3VQU+#8 zm|O7YxP051KH?r1fO6yu-eS7T29<`|YW8blaG)4{4>UZkE=j7&Y+gWm9GC>;dw9(u>q8AGJLRs2;p$nSFFI9Y0hvC&Fp^$iU z3!H5k`QHy@47x}{w3w$9L)Pk58d=u!YVh z_0{zFmVZ;Z7oHi*L9163_f>3?je$5cbPG~57)b8o&HbIWWwhiI!Z0@5FSSOM2w|-9 zo*d3=|J9QaywvXyX~?5Uy>{ETLU&w*akO=U7H1(RDFiauK5C1;UlJy0cT^VL_I@*M z;q{}cP7QG_7wh6@kIZgM?68cf>IzDNE;{$>WTcm`85Z70GWp_nl(6Q4!_@_6D3~Y2 z2}Xtw;xgo3NP8}2wSkmm9mHTC@N}0Os9K$wyW|?3iv*GwEv4HA<#m%M?;d>yGM%*i zWB0eOEH3QJ_uiK1xYzBo>+OLgw&UhT+cJ72s6PY2ci^Rn zS81j*x|)}Iw>7y-o6J?(D>X5?Rib9` zziX`5<3;|C4<7x?J!u*%ycfYoW(*Uv>v>nJxGjM)Eu?kx`01o5zpiD8e|%aG1InN* z=J{jCsQXC%a`buWp?la;kCJ*rHOu}RZTF8GCpbbFXynmZr}`3Hw+94Aeb0oO24RfT&rjKATa=+^EylYFm7tY9H;+IGlbW|5 zf6ho9v5wSGN8LM6<6U&s#@3i!=w>#zK6^=|BB{OF+HN#~_@I<^?&{JHUBEILq2S8Es*!d%s{fy9bZl&)Joa?st-0ld29{JE2twl(C+4JvqqT zEr3t~*Xs~7I%2vZOHYPB>ao-CA9(5yscoa|@P$#f8a8?CT}{eUqkUNCp79?sRm}N= zS887Wn1eX^75nM*w4Rs@8|xUp`Tr07oJCRMrL|%H(sA*|awV^vu>Ah1V-3k9Fattd zu{&mf$c^EXtx(#0@Yup9=@3}S1t6e>X&@3D2^hf)&hBz%HCb$=m;^@Br-jL+$G?Yo zrEKTjPaV~P+B1v$k?1PWQrwczdyB&kbkNx#XOuWhLEuw0_SRaHeN-kIt+^{$@Q-1Q zsPMOm_YWM^u^u(_%^h^ydz+mLswE>ByA3rMhI*X@9Rp|c7#Txa{)Chre=UaF%+!9+ zyJ>BZ+zOT_N+Y@`iemdd%|VPE{dLd0ok+FR;1ZsxWuu5Rd50^?)B!iSNSLk*Pwn1Z zoihgFIZ;)io818A`!z8gxC1Jro<1)psnZnYuI#qZ1v~){toSPm*8$*TSZtOTy-AiW z&Pbc<6g7*>qv5Y3mdRf@zX@BtnG^-oHc#1Tli{+S1TE6r*USS?{}X)V*v!lq(lRN% zC6)szMf*&W16G!FYuM@R{{oezIMo1=b`aYt+K48%v!cDInp>p7;K) z+ZT_7h67o~qb9dz5QAINi#lIpH$1Sr`_mOAl$ZBh)UIs0bqQS5?yvEf$}O-f=9cwY zo`sK}WSt-i)qtmR3hH$DkJ0BTqA%_@nGZtwo0BKzUtG?xeD195e*MDOovjyhZeD!1 z=QqSsiiWe2b?GHVVHZDWU#MkMhQa;pzGJKt1y&SQ{`e-Kk@onv=XM^UcU=U@Dw*aj zFS>h}XC-!o?Q{E9FkE*~*eyP* zln?nzz5)4neh%t-c!Y%O8|OtpCRIU0 zJ?9=e2b0X)QzYwNHfZ;*oNdqR?=l?kf7cH{H(R5&;F=n!$cFB4F!dXT_MxBzbNy)9(G?Z0G>Ubn;+1jtB{N+Cwo!Ty#gpzs zN=@zcA|HfrBx^26438A2wa!`8EpKJeVx&f9 z3b)Zzq#POjWP=)dNj(O&k_ZEo=*M^p6>)P_vo&pBw@`stgw_*hb@c5qb|KG!K;^ zC6+0;e){!>&dmXsx1dD=9o`_C@^%6S#<0XJ9pcb@qClkk#q-bVZu|-Ji@`tFI5_=D z&e%NL-m30!kjN|z$6q}nYjg)#7sA@b;Yz1&N!i4T4`QNXse7^vc|-D?A_c=Je!gZw z-3G#S=v&wQqWv|st}yt+YAmh_a6LJ%HNwl=Z*~*0hWd!EcK{+SHT%no2Y~kwE9^n! z>eBphqn=V*Httl`J>;>#rbsLj7&L4?TQX^EwcZ_ur17xFrq~ae`2Jy2FsQV9G#pTg zush%3mzZ7HP#JT$NitXAF#;2ueyOPJ9%B-rNL~L2>o{=xd`cJXdnoA8{YxPRg5>g+ z{`o3eWmHMR{sbcRfN6V%)B>l&K+fD>pDXFgmZ?ca0YMlAdbHzR9>y|{ZaM)?{pe1q z12fdJM#5x<2jp%5&D+|O_i+}^{xvqAtM%nzu}PJ(Hn`mJj1KR~?trSBuu$z}l^Pi` zzYFo%=DR{`KS5(|hru(cKgsud%Yh&wQm~`Zb#MI5Nj6H;aD~?w!rqb_Mzt0Gnupr+ zF`{S3Xp+r%0!`dHTvI7b8Ft@Qw#ZwA8M-IML-=PxbGGlY{7VV~M<-WBphz{saaFD! z>&UwWGm>IGPpQHHSO3`g%?mquw48L@b>HR5mbB_JL{?>Qf;FW!`*gy{*-_Ux-VxaRLGbocn&db-#vd zN2hl*-Am#BLXLJ}eNlKJm#ds~hI!iSDfN@i+9g6Y5h0%iFi#VheO;tggYC}^6r|?+ zV#Ai2~EN5+w4O^n}|Ib6`oiazgj>c*jXKMI=u(-=}vTA*{1 z*<(`KK8d3_6YSd1!*T(-5@{OAW7s>S^OJ_aLKN^LirpE=+Q9P7HC-0+N-+Q)Nh(v& zs#gFsZC*iA8_55B6=89$&yrhbfHxqsNgeBg70zK7hf%abCf#D?k;AsI0#rI{WjVcL z_1|r84&;3B7T0%dLp7ZbKfm~c1YqTUO*yf?r@xj))=ZxO?P_XyV0tY!;H;Pf;g4m* z0nu_91}sg7kBE`LEwX;n8MYD6n0`ufOKv!Sce?sAy;t@UPU2k&jnk)}=D;(Pwm)|KxNs6G5Vqn$5nrV6OQ!AV>u zliT6nE8G6(x-fo}R~gBUbyf!xualyU84V7RCeBbe76I*O){X1|L@r5^IV4YJIi74{ ztf{GU-QGA{kDMk?lfnP#ocXGF4z5U0ZrO^zI6|hq0z>zNh)v8^H^=P3Pi<2s*n&E6 zSq+F&ba{j1k||FpG7vQyz%+0rO|{$13&=O>*9A5%Pbu!}-XKEo%hA(DP=YTJZ6YK~REe%X(@_tMBEk0-*w%$6~89F6-Jlz@E>lUec?8;oO65O59uzgTJsf2v~ z8~b90XL7?nlc@lv(qF6t^Kj_Cx!oafSSun0AaEkWcS`8|vR;^ogwyX$?2LvZX-pCJo7e#Ab^pS_t2wGb}`aW;CB!(5gee9ZdoocfG_8K zg^*rMxLiqr+wq2NL_(CU9A91X2$y^srI_IDYphOw%|*zqU(O47^!=`cr~sbrcguRe zpCIwZ;J!vhvNdnAqT59xUr%=7OZ@{)6BDtREBgWZG&s&L3iSC9ou@OC|CfuFn{u0K z?mF0;1#YN!V}tK5L5?H zJgSA(SPr?2dj?QKgNDVT@^nUls4U03{jEL4&LjSwpc-!K?h+H!4Uhi8WQTh!w$Mz} zf=c$2S8qwXSb{2I3Ha36LLoApiO<*_)EY>V+Nq9wr&$WLqvtLZm)@pd?-qVK3c#2F zc4-#4{TU9z!8m%G#!-=lj%8m-zwP%$@*lPd2^c1UxVhhC z;h))ZqokBaLH7bUsR8s93)ok2G+$0TY`v$w^6;gFDZ4&(k;5VEE?W=EpC`)8PmmLJ zCU$~3t?}|Y_FQ4S2ZN$pt&TlYWqS$(K>qjXy(-7j8t5F3plDdMj~k^LnJf7VFQd%E zFpB_o$QHTU>7YK#kf|%8G`lP$i5n@WhSUwX_o7)k51H8*!^^4j(eJ-HbzxzqBKbR! z{BqGE@X(rXEgwPH{7Or)>C^*OuC&9hOE{H#Y)t2z9HQ7cY`&i{#R}jha(^2q}-(rBILK_~jH zD=&Ok(4uyq*&Sb{5?Zq>gou>y*^=J&g-Yo0tgw;AfuW*ENv$S^nY$r%x9^u_w|!ga zn=noR>`g!07?dhKH%LPcvE==CDa8x&&e{7}s0cB%bgsWSpxu|xHU9GV1T76ZI(Ab7irPI$&YPU>@5V~SC+t6km{oNZP==z_TkdtB$SW{FZ zJBiTh^P3AIn014n!Q>^zbyR!0@tA4r)wu7_a1%3^_zhVMk`Y-(Nn^9VtDoWIE7*g; z4cW?;sI?F;GQ@TvkAVe+@bZE&ok+xkLp;MAGJegf=F|9+Xu+7}xlp<~GX#@#mq)lu zwCA;P`iU%fKY~xo&%NX;MDCF?0v-Gel@^6BOVBKAVad&R%8*+3T|3*`IbOrQG9o zC9>f6CA^O9c^SeTz5w@zF(p<_Fj~ppb=?@M4eKf%_OX9YZ}l95vJc7Flie#K{K(%0 z&rYxP#wSqNwS2ujVwoE%Vr<~u6zpUg=p^oDZI~7VGDghbo!}lh;2wz(YF%<$d_LmH z#Rmry4{k^UuD^Bb@QE;s2dLgBTi2{k#Tn*<X<(W6?xB9ZmiOOwv@~0%x@j4GZ~M}T86A; zj|MVw5;*fb6e#m*A@m1oIIlT6b#qZrWr%6t1!txJ(6kvfg?BCz)SPdhZGsjyH-2tE z`lY)ov0cIo)~WK}OHJ_Pjgb&1TD&Gq=CZ%-(22*W=Ug#$)p!X;77h4(p3jIC0> z?_&$+`#r)g>KpJK99lf=aYkoS%1Z8Kn5*6u}aYpdn0iONV#R64il)J>~BH( zBHlC%uo9`>v9=O7R7l?YPhujydKRK^ZrCGt7-4xfCyxD!5o@3T0I7q-^DSDFGHFm6 zxhNB@e&RpHT$$565ZP{q9>`oC;3*GDog5h8m58b@h1e1$XFwsL+Zz?w1g^1y3ky47 z43KW^dFkuM<`1?&V;~!A*?Wfjr!|FbivybwM;>2Sp+&3Prs$l_ENHnEk7ERq|mFyNn)cJdfG9$no5^`PaOMApPZzrOwvIO*Dl zzJG_@RhW!xT-)wWzKKp`C?$;3rPqe>T2-#mXosy+*g#>q1Cwrz9)H0WCQvJeSjQrH z$KVmqA2JjCC-+uHB~|)O!78envHb8-WR3C3kirMSnzLPRT0aZ5-XbelPYOOJt^+e> zAN}h-UjXfzCao-`EST@*`uC&v5zv-J`rV0jM7>^Dz6h^Fboc+5C7G|Cb2&*P$gN7a zfwk@}Oq*_=- z^d!&fVswOo@4r;3%R-n^vlV`uYp~VH&j!_ndNnuFd(%K_MO>aSlbEHwF zsoR7M*n&`*`{ZHVY!XcMyjoFp?;(Q~7-GKmI0C$NMU&_tK023aq(?k-woo%$A`G~F zu&^nz>!3!(Y!??#+gWb<=__d@x0;3R9}f zcP$eWV_3ByTfj-v$*A0^E6c_(xKO)gl=Eh-Z_#%}9eY0b=hWr2(yPjunMej}N+G24 zm&3}W2(^8|k}MCi2wQshTIcT1D<|!Ls0^-=tZ;Z_v>9D)j#2KZ%CSb)V}~&2Z-wKI)U-33Sky9<=itzy~1^E9HPRDWKcB1pO-Z474jikceY|?L%Mqb37ex!Xo8Xf zas>FtG#XLMqDFp9Gx^SGYmS_BX0G2u1IH#ELDYCKYQKP52Yy?o-CFcYXS12I!h%aZqyg(Si=Ku!i-@A9PK9d#7g|JucjD^>l2Qvu!> z3LE^oZahs04oF%J#YZ!g4`O->-nC)HM2I$B;yH+6VLFjO>wyCPk(|F6dLdeJO6Z&{ zkU^&9%V+aoVL5lVm8@n8au_JL6WN^#bPv(U=uJWC1GrPd9b}yl+PGf!9nJflF@-~< zo9B3TO~t8h0!XIr)?$*osrIB)JfR-%m0`_QrK!{ zmHQJtqNNL06BH6G8#n9<(CD8H@4*wt0{Pw(N>yvq_qz-50l5y?^MR4rhuRrZtNrV@ z5Sx^Q|5~eyef^U+pw1XK0}U-NwY3Uo{Lx>UPokiud2VfW z`MU$|a6yQi{cX^?3$7hFz_6GjHaUSd!966JyB4m%Dk2S6xZ2(f7s)3(_#JwP59Lgv z>1}%8+lo)6wK6+I$S(l2O$|RLz>;?7ba#w)*3n8y-Sft5{sdYD7#NKy#$@0IcD#EC#Ria{`m z>g&Lbr%*Yey9Y($2hlMdOaYhxor}G(4vH400Z9oj%cJ0{vM#QuyV-&f<4lxs(+>&o z$H)=Zc?`X=u3Hk22BZV!<`b@}!y5QXQ)`+q5({+b#SKmd4~8QG>1u(dho z><-xq6*<)iBfTZy<)5+6$m;f1scYAq>r}HfG*nd}z&7&AG?XDZa}deMDEgW4OY#fR z5utESE~f~i{Ru0kTzq8hau4qO@CLR;D*cS^ZT@R3R4nBF6%9^_r&ztog}u<{*&GqR z=sgDIb@}uNTWolWxDIllCF$R5@z6OQpEo2O9aG)m_!t38lu&Yai=NOg8Q4>n&au7p z`N>tqr5ljw9wU^f9u=#9!P(4*>oh32mF1+!2mFI?T*d|nKM0~Tzb7sC`rKaa+z+M?a^XRNRi9Yy{ zaA+xd_k2@n6)sz3Pw=oP&z$l9@qYKB8)5L!=u_Oqm)jkt8P2VHTEh=Pvst~h?=%UC zDM#f3*mrY@0~KQ$koR{~u3RNjDcA)1D#`Ceg`deQp}&&35?!W1NP$LO(vhSAwn;lo zl=$#g+O{4H>D29RmQYQ;0(_HYgYVv$LVaep1yz>@PGzE6qd4w`(46C5gwdh1Et}vK#>nz=IgDNH%fo;yf zA;bB#zuNAwmvns|cf3Ji5|_KZle$h?CV-CuX0SFnvOHIJTtdR;{-5sSE6Gm4AFv=j zufpf@Pk*2G1Yr_T;^QQdh2-Dz9U? zUuP#)y5v&$G!-dnC4UOp6;B~*u>&|q?2 z__RwJXToAu(?6zy!30Pmv zmy&Sa*?{4%3V~(v`hl0ad))mZ-L&owFAx?`FrU-kIf&gHtT&VR)^kpjdvr; zaS$pPZ4*r89jc52J91IGn9fgu;pJX%OPzSoRWG?fT8?B=fMjWME^*UPNQkCct*`OsY-! z6I=HZRSqzfpYQ&oc_1G$`2`i8(bY9IagE9y3D1Qd6FFpqUT=vZXLs6>&UIUd8aabGsNj_1PhVvY2 zy_CUSxW3!-f^F0UE(JYGUPDS0`oX=8`g&RMPRH4iT?XygGJLbTI~NAk0c zYX(yObDe51l>?Ess$Jf5hAGzNbJbMpik+?hBker*8EY1}W(Ei}KWuOUck$aW`gw#X zZc^B+%uHIJt`A8X3(MUmbBhTR2G=K>+3Cjj+Ry6Tb3pP&Qx&CBB7Zv$aP0ye)J#0t#{404{VZPiC?;%c_RUxNX)x3!XBp8$)Y1i3Kx*XyYVcQRsRkbh?;ef5tj#z@z2J21fO}@ z@b#?tEZ{y}uTs(zB1rhilKDxiOL_)}c2QTo%f6(!F3ElJb|B%JuPPL8c^E@W`sIAz zQuCSEt7KQVxTi(sER{k;k$u76|5`acFGL`!^Sw8qTUL3}mKoZ-XIn=4{m128%YLtr z#dd%J8}=m}`-xQQGD4Lg&GfT_u>TjZAZ>--e$A6q1da>0sQ9Zs+6?~0WR;Ay-0LPv za$`8TP);%NhBNz|=NFqxleh)T<9oR0kUze$qE_x)CN_vQ!lM&WnJ9a#@P`HKg>qGryhFKp;tKSle2_CCo9jiz@)~FvvS_e&S`qu$Apu zC1|zQ3XcNoQ$MR~pascbawy@G;l;esNqGlu5XA5+dusYX$UM$i-;rx#{li&L0+N+E z^5K|=`ig`g=%u5TRU)4#9}uoqPET)QhzqIpmZ%eI4Wev*HROcSFuPk-^b!-kK3a}R zrMlG;2Y76+7eGoo{XZ6M)I2ttA5rf;(?a_eSkB80orN+UJZ2(DJTyXc?yd{(>&yJG zeisiI9eD6e051kNg689Q8rs@-#qZdrXG^IXcTSbej!j8?AmWK(!;9E?k}>gJj$bps zT}vw^;O>y|1#3v5d1bv}B-ytxcoEIYr+;gYv7!zQ*LxmBT2;8n4HKL=1VncbKzzajCOb8mh`dP<8ku7~dKv9qPKiSith)GI21h3E zD}{W1bL~#icRA2{ZGKXS?c^9!sYVsCZFNNzPbxE2J6+89F0JUje+52y8NTvHg*^Q& zi;q-2Nr6o3Nv643#sl-wM`i75S22#SNJejVWHTTfoMInzc``kf7w$n7qLOF0P$|QP zahoe<91t#6b`Qyoo*>%6LSlAidVXUxz`%)~d&t%b08+Q>d2wWGXdpr*dKRz?l=9SR z1OC@KE9V&ET6AOVGpHGWC)inqZRjcEWuy5HQ;w8kjQ5Qnhpat*>r>_^4ELG2YjrAr6d(o-r$NzR6rb8`af0a zTmS7>0;FwkjoGWTFlY)S(BYv1)tTc005u2_j~7xTKP&bvV}-%6)@#BRy?^P>4JTNJ z`b)mj!EB6Bxhz>x?U8#pVpO)EWJ3{uLd9}{$R$#;4L|}Lv~rZ}*ySZkA|CS(^7x<= zXmeCJFRhTh!Zv0s3pV@Ih-#-IR58vc2)&)y(w-1JFV-aSRx&V9zz}Q6Zk8kz zS$$do$Vg(^z~1cE96aDiFmo=$rE2EgpOP`&Tm>HrLwlA7a!s zg9^zlKjU2w#ex{NKh;%BA2X5M#^DykR*_w~X8U=Ssm2p` zowwPr3+;M(fZz8_)pV=RGa^|q&zhMESw z@n&jtcn5~&=Bf!4op zD{xGcg?q$g|EXycV&n_TvRi$kT@A3K^l(%|oCFl0U;Md<1h)34pw>vF-bDb=hdN;e zeKmQsa$#LfHpfCcV)p@kUU2{2gNRo;9asBHRCKhSA4NHlGB(Y<_?!n!F*_UMzvU!gWNa4( zh-Tc33;zU`xh0?4XtI&S15{)Wwpb<`}r4pW$^%scXuG3W6axgFEZ40J02Y`fkXmjuqPTY2Fcim>-`(kV)^2mTGK)md{! zCasOaOcBSY7Tnqg^H*$;DKm63+X?_hebHo=A7WzDUx+j)Jmu>P17GqjQ_Idfa04gt zBDtcM3>Wo$b`UDTFXN6NWr&Rh3Qm?wc81M!$U`?Q$D@+qi!x6q{C;26#*W=Km;St8 zSI_`hU?AfXL<1c{fM5bg%)@AG(S0GRd?g4t@*p>ph;@5=}^ zf(A&Vap!denE*wKF3M;v_qpxUi(HhGF548R{9a$%DO8QmrA42Z- zTj?26`ebT8N&GeDo^M8Cm{*HUH?rgf`ki(ln3S#c2F7es@JU(YvSHEQiNKsX4jTZ% z?MiZUiY-fAz9;%$6k|1p{AG+dz1%Rx0&qvyRPc>IQdpHRjLfp>6 zioh;fo{m-7(isY>vf5SRm*-5I1v+VC$8?IJbM`>K;k2;&Qr$D&311CX*6+FWq|+{l z=p(kO9VK*?ww~}#%7S;$f|;Xa#2q$TBq?RoEaT=9>aWq8JlE5Ka&~?601qg!Ie?JH zVdH4o$fbpkTb8KXi1#F6oC7|gQQ(ZBHucBgIbrs2F47v!hD)+$%Vb2@z6Et6CqhgQ z5e+w(|1ED6p9*Dn^qfxCueI*BQUv5`6br}fU_t9s!3qdRszZwd0F`a2#<;%?r)q`I z7-(2I z{B!{b83^`Zw`T;RwRUoP-q~Wp6v6-i08%yL1Jwd}s+Dun3K!UArgr&YwEl{z_7G5$ z(3DAm^=gFihs^0`bd8IigpSM;C)fwybjtS}`(&`$9|kR(LES7L(s5z{3N zzQSx~z@b@!`oJkiQo)aiL5Uo;StwbF;q`VY7m2rD2fxV_!9I0C;{R#i@yB|-&T(XG z%gtR`Mdb)O8sC=>fH=$0FF}>IFIwDZ`wxr%>762{U0Jq{i0X3bEq8ckM`s)RK%FpI z^WU1b{O;yWe%u}bLNB?Cl{2QU#?$vUJ^}FQ)x+ljp=eU zex>9)Iv5l|j2vIBUTISy!B6#lo#8pxt9U^5*VvO>v&ii#rYLxIf)6RPnprhh%KzI! znnDd#%IE+@#{uAMk{x=c>Ed1G4NvI{OIymVdeuwWRdiw38+?R#OER)Mu7kcL{~mmq zE@t36Wh=1tcTa!r>(ZLH=a&H-pBR>Nf(-+cpN;oW5H!w+-UI7HZd|?Gv4Lfi%w;wq zXAmvsB>Ha}-2!3GQ+z#Y-SJW30;mo|p?>`XlL~v9Yo8kSj%_69_W<3&a|G+ou1c=v z7=2%)v^MvYk_*$2+-Nig?GGP(_h-HRPap^j%6b0G_x<%i>AE<}^! z`kkq8Fw^1`6=*axZN9Q1i~ik#-Y&RhS%-dm8{&y(akoq=9u*@s_w1-Sq9Er7>)mlj zW>?#Oo9}wAd(9XhoRDL}=bUY;5iTZkMCNarek!iqAAd_!;yXW(nTozJR~gfZ2Q+QI zSLzS0#wvl{m{*_Fn%(Xu-*i@voQ=#`#sPoA@88JEDKNENSl>yqAg7oQPPThEhh;|2 zgNZl*LS2GD6YDlap%Y8z>i+NQT1nSr+OF4AW~ZWy(|qVpMyTnot7OD)aRFgGbrLC;~0MrlOR zT>94tP-tSE@uZm&`z4+4R>`GHOh#FiEHl8;W3@YqyTvHN5eMxbTz-QqDS?QAg3a#p zJ!34YHSE{&UuE%^3yvP*Y($IijowMBTK>$k_kQ#BT4va$0f#?$GtRvg`5t$%Q*kw^ z)R6Gr8OIo(&$)9n|2xi2C+f&(>p_O4{ncYG!}E&lm^z_m^>NHT>W=k`bmsAc!2tae zn562_0S^gwAjlh@>qP|6bp|`2M!DsNzewg?oPEm6n9@I4=4((3{}-*~eH;-K-!USy z_V~?Ev7$(^DZ~{hPFwHQF^C$V`(SFi_%~I-wnc>v)(w?>xiWu?tRc>2CENw%A?G#w zc{?H>^IKD!!ROSE(p}b@(jehFmzRz!qgd zR<_xFw5Vr+ zMNvqlr-Hb7)tE50;o2RNc!k|3lv5x9<(8F!efRlp%1o+tx4}ZSiwI6pNK_7&7!lkS z+%$ndhtEt6)We=diYK=hd0FW`8o%?K1=M8pmpK?jVmTGF5@!p~#jcs)k9EQ`Ih!wJ z&LqL_p9nM+vzVjvuVS;?L{+jIBf#ZQRnWNBB>o7mQPl~H1DGHtHcm!UdabMB+t1dx zc7s%oM!m0NE?uv-VbLlzruz5&41StPhH~p4B-&zxDamIV)FX4%4vwThv=PILvopQ* zZs@zo-=F>*dP@~b{$011@}Xmh)N#zEQ6OCqL$-L0(BHcH2Rg0=KqNyra=LT3xvpnF zjvb1arcmb#!+ZxW8hsd>!d_c8+Rg)Qk5q$(X&NC9qTk#F(y--%V(M0&gMfSMO#SBH z8r&~#sTpmo4jtYUxfuLrIG5zb#6ljvT)bArw4G^G=f8M;Lw$c?47hFK>Uc!Kkd(dt z&Ya&!BV(9K$Kj0!T)98kHer^pCQYaw(IJS(nzBiKl4^zhfi1R`_qNF&Ew!@%@DOMr zU?%b41iGI3)SMOSdQ@3ZK6vuAcV(83ybU`^rbYf$xWP2yRksQUq`t8l+=QhdGmE`$cY+9zz?8b>j8P%XE95e^?uAL$qSn#T|WzUKDHrZnO za*R+D`0c$U_i5EN$na?hT5 zrT3r4tS&VFUEsG;A%L}P&ypN@uhe%spp7Q#(ZEP-i*16l2L25M2;(elgV??-p(V{b zpU;%Gc{07ccoNM*n3YEEY>{w8+8$78H+{EAui@amGIqytqHyZ{hAjoZ@PMF=qOa&oL=Bw7n9@1)tsaw=&iVFQg4nE3MuW&E{o|Uu=r>9YXzmZ?l7E z>%Q%2XNmWY@nI`E+cQU>vn92&Xw1A`3shLmo1co>u3{%<8Zv)_5}y2I=C!Az-ddqg z^BG{fh6rsm^H$p9B_U9%U^wF(o|{TK!=!%}x#$DQVKL_FeHbmRnr`X3Lz!4rmxb%L z;FxJe+(s$cgP3YSJ|=2T@-TuK-Q$vOp;F#}87woSGSo#gtd+Zfxjw>>%{gTz<#nXA zcPffP34N_<$R}Dhn%iDyOcej~ifXgn{7`B6Lb&812$S*jW6?uN0}PO}+?~-1?=yX7 zVj}Kn?^GeIe0cO6&ZL%_cNJUl|BD?d}_vjPSy{ zNnL6Hpoh^x(N6xMOZ>0=ACTM4;F3G3^3g#k?%UQ&Uvtv z5DllxgVM$L12?gE>dlU2H#=>@5S(NAyw{o`I4JAv_9thQ_9nria7F; z`X}YaoKkGq(75!AWZB3c>aW&j5vBAKhjCX-Bq+j{c6k3G1O{MiOYQ#xGexGPkk z?KN3aFuf-YX$~O=px*y}@ebobWYN%CVE_a00nfHtaZ0~HI5BBiB#6FBFTQs_sPs;!|~QV#yvb=JZ~ts8TG&AXpcyCp}Q zegf0DqGoT~joGTBnFm)B74Vx1lXKI_9u$G-74=*2$lJXFXGSqdi#>GA>EAH?eXD`p+QE)`bsoKEc{VX%sV2rvTtd8oN9*MZOw?G{0tNUx zL)m$qvQ-CySf@<=cBVckTlKItwDi|It)b@#>IucjCqI*ADkGXxGpMX}a;HDSJxnxY z%-_nJf$(A_u!of+N>x9r{QGZ4+_1iDk4QBY;FYzNc|n#lmoB&Pm+MMI`5~bJF=)Oz zz=B5Saxbl_t&I6df7;9?tjLlvy#L#}J6K}* zt=UD2b}wUkMY|KmjvzL0A(ekI84Af${C#E=kOmb&!a;EiJ|y^pZ4|50A>4K6$eUHO z)~pT?vj^lS*7JY*!2H~>u2h+BFjB3N<9~of+>!%6>n(h>Az!{(aJtt9jsOfuqLOdEp%KMdy)`7zHXnb%w9iYj?3xL(GfcvOGl^HTx} z93>KSFiCx{;F1X-36Ei3?nD*e*p&xGl*aM4B@hXY3fyYE zRJYkqK3N2MC>%7Z=Vh#GpVZGRC2C zbb&D`l!u(&QyLV@*t{y`CxRQJf(=!K!cT6AH5Mso14KOE1TC`V+mB_{WFr}oSjP-5 z5cb4r!rMBC07Ui8b5F{-6MCe`{umk$T7`fLRVb zQYf`c=P-T{{yQJURSwY;mcNT>@32XI;MSWYarGz-)3h4>b>dm)wK(T8hU3w&|cXVuf%ykhXy=o zd$z%xZ$m%$hkx9Cb0(e|m9Vu5@jW4!A)PbSecR+G;S~Yb*v6K9L()PIym#t)NS}Pf z8s*4LfdcrF3f9+2+SRsA^G425N;dNy%hL3H;j`8JrOHeB{}yLcBRp=ebV2ST*tsfb zg)F*p&2COJp#^p=g#G5dPDM73cw(@l8!|T77iJXQ&25?N^)_g`HUSVeRPEIdBB1UK zi1?A$<;i^xBg)PoRsQ{EQLn>BF0%WUeR)35>dJQXewQA-bE|j?yJ!!FPDMbTz|Y^` z86rSf$)>y5Oy@mL1>VR$Gw{nJaoqiRNgxq7kJIPwF4}HNK!G%*!>atIS9T)t)8miK z1px2Z$lN=&mJSVXW+txyPyH=&P|%JLUS`K?Ao1P17*M0kA3##Lk|Bql8{&1>5auY4 z1?D3hZNCSlMGblQd^-u1A%B`D-loDY7a-A-T&qb#NT)ew(WNE<3RWdZbRQ0!O18t3#-*-DSoy8pZ;5#jY^A+ z(wv64;)Otmmb>7-S14zhI_-k1l>ZM8_d#NQF{|&aDm;IEzBe}JZ{Ujt4@Xa&h=@gO zZ4FY{lDMqXi)du1=$Ovp?Xb$)3OdJK@4gI;4Ms1%X6L=D8EbW`gobXQ#uK$)SaceW zjmh!iNbwH+?X)kbQIS)Et%2wzDS58gT%?G%o!?0mHKc7v+BGBQud}4T%@xEW&GiW0 zDZPK>BG#>f1s{H+OOpn0kj6KW(`j*QV2OAw=>T@hv>UI8_Z5&M=>Y`n=7uIAllFrk>QS;V8L z8DohHL?sJ)k=H{P>P_>VM};>u*-A@Ng?=85l#o)!VZp|p$oA;tpJtBw8XSLrlK7G; z^sMfS#xf*d{R_}R@h;yJ^ct4t=|!e z;aW}NG8rv^U2QPC61YMG>&<8mDIQO+bp}qRF|0B=4C&Z0x4g*Tk_AKS3gR*hC2K1Z z0t@V2*$)^jW}8qNyY$%2Z!IqM-y^It&)IWk^ljp-xvH9Vb)y>8R!CPV|3Iq;yW|$V z38kwdXGM;@<{P8fNs=4tu!6uNYS2=qaX_#<2`2Ua37bGO3uDw;QURkZIK~3PtS#Se zHmr&1PeQ4EDsp&*dHpbp<%kIQ{z6iS1G*+F3cAwkjQ}c#ZTUq_k}{K}HRSF{$6?uh zSG8C86O@74qmWub3VjLhz}3h|Lma+(F$rbKa*$O#?fk@Z(sD^u)s``om@5U9YU<%` zk(9Tkq`MHJTpH}z{1r8GZ3aBGu0Ydi)t2ayP*;wR`-R1KK#kdZ zAfMc72|eqXq`9p0M_6YMecj=#rf$dL@=`nk88k<2k-IWYA*KoY6UVkN0D*hAXBC7b5^(j7$=P#Et+DaAJ57(b1T<%(<6|; zUviYGOBHPW2kDrDA8)k@TxNuj{SE|XpAy5XF1|H|%* zw1=tcCqF24mG=>RZ^MY_HiV{>HRK_~3LGQ!QU{gjB2X^L)5$y{Jugi2m=2f7*gUP{m%%qn>`wO#8`$`gHhfQ%IN*FN@FuuImC&5__qQOTk`cxOGE zCJ6_|v2CwN2y*=V!U#r`M``O_v&k;-q;N<>USA)weVsrcQ*{GbS^RLU_&hw|hzn2<|`+LD(c2?>C z1JGaEuf6}x@fiMR(@(WNkAHCa5&T@kF13hv&P$MMO%BJ%3AKxa&P+!?ZAj zSN+?fC9GI72QAygg$pAi_WOY7)wdDPT^JxkDYGCt)OP49F!lW{hU2XDlMd}{hcGTY zyTVXxVXUp&m`c_CXf8S+WAIzB{avf_!HN{49&~^hqs-<^ZuI-=h-~8Oo@1%{bJ3FaAB*# zi>Hn3tXQVRts9{A_#OaLMrZ*Pt{p`Cdli1*A$%`S98c{iT_JRRwS-eHEV;O=LJUqW zzG7{S(g+Y8+YwR0F4j8FO)f}cp!F${=*Q?-H9=7-KWB_)$pt^%)@Z{O zDzU$eiEWMbkq+m=v(q72E__ErTt*RGmY6p?4_}DDiXb)j?vv;NoJgFq84i0W*-Sw$ z4n@fcPf25PWgsDyA1xV!SL5#^(5bq;}ddOzZ37!F2 zp0hzdzcBOWIz08DFn3o@nwNakM*Y_ z(XXs*{*7Ez8UPC(e)E4;hhuFhRxTkSDKOPjQ6<4o%@F{L(x_zo)M;p=p(UR{DT)%3^dT|++x*O_Trp?3ojeYe&AK9&imC)^B}rh@l;gf!7* zR2pTGe{IN9yuFolGrlpr+eSQ6giaZlX9+R;8)IKC(@+~Qc4)p|wcDwh)_wovK7E{E za}h1hPQ+)%Lr&o6BN%U7G$I}z72V5dnEd zo)OOS>iXQ(hIDzM;YKK6sq7R6wC$5nld$;5bX?`R2oipg6b>5DKL&7=Ph_Arnceh`TqSLckMrXXCdJZ+E0lIgSo zWfo^)EVHe9D~g@ZTueL*0Z^oVKIob2KmtMc^+nkJKycDbY1(PzpgT!K?V$K>uQ_x` zx$m6p6naXbTeW6C{**n5$UX$e7^&HQh=I>0tJU(lLqi2BBAS~4?TI#boau&{C~gt3 zZBpjC=aT+qMy-56Xr*!>`z_Xha&|>Bg24`GD^r`Df682%_URd5vGz~?O*Vw}A{de9 z{0Zchd$j$D4gdJI^FI*)7G_KD2B=R~*=Vj&gv5CoBAneln3Kslba1HMXS_XyicsnM z9hTcJR5Dr|d!urtQW$WF1{JMsu>K?OkyDkK_2)f|ciDJEZnn;qj#1jzE%Fys^5+nr z2+UEbvito>@qBZrr(3*vyaYbXb(wxr(sqQ`nijmKseknNPr)XZA zA(;RJN-(X(Jhy*T;ue(ibjWGJq`s_7Xj(@(Q|1_xDDzfw%j4IXC?xL~eb>qF%WkUAQ#+iC-1R%$ zE*$SC8BD{+O9#R zz5_oGKSRc>wIvNdEKP=Hc%?_HyoVLHgS7c#XRpuh+k*kn?%z0>A^$vY3zJ16!H5?5=PtqjxMa@x`O`+ zatG;SR$mSAs%eZ3ZfMKD5A~>bMu*WtLaSad`005Y0S>Gwg*>r|-)=r|W;4)>*gMOuGAeJ`R zp4G;h5+zDPgIo`2r~;ErFm932OY#Y*N+kl|%7m^Q=fSLvIgHJJlX~vN22TDonc{4P zJu=xPazA1SDqdgdqc4g0EFr(Y%T4#lxR-pE7+wg5n6)atPKH4Zn6+3OV#_JfR!=JXS zK(D#*D#-r;2bo5!a2jx>3D|zK%<{NBLhLQglG~VKCMHz3X+mx>?S@xEBCcs1aSy%M zHfZ2pNa$&Me37(tBHw!}`c#BeMBW{gMe$@nh!gH0D^ociu0?W;07%H3WHH-mXd7}+ zO6j2Ms>G930jSul#}8l3Kg1>dsjLMG%6cDBh1b3+t+>1uVR3U1d#JIb&Rv15nAv-e zNA-u`^VXfFqbTP8R;hyCh~v3}J_urknIr zPIPnrBAb0g=-Z$F{lb}};IJ<8Bl~al&LSpko-2UZ9rRRb*r4ggWo0kLy#9I@n=i+C zlLB)L1PfIi2>7*?A%#6j(=8 z??**?uk#!u+rG};b8QjqMt#!h|A;O8HIALF=~+$|tn_zmiFqmQCdbs?ad}ybz{JE= z(Z}dE<0~8{s7cOR0E5##GL2a4iAZ|hu})QjCn`t~KbntSX&VT8dH`%O>X;M?{5V|~ z|Fb-|@}jFw%uEu)tpbdDeQ?cTW64G%zUoJtKAaRll@S%JHG;oc>?pEFnYDj=A92`8eg`pw+pIk)BY z=hlQ}Cn|#GISuN$-1B!Hyt)6Rx9oeVZ|z0}10dj|gbG;ZecYecsu}W>4GgR)pT5(3 zcdVL$jUsr+z6lT}L$*9rLM$#HK;1&BK=V`8G|iuZZ{JJ1(h6(Qv&oh&EbF+gMYOxl z>Zi@Y*fLTy4F#7WqzWF50L4}4%?7t!xzT&6yaFoBIpVMe0F^r>@A79&CB~4y5x4j{ zFSJILij@`7OkJ90VGjcVXW#KYyu^!QZGE`VCv0s+&vfV*2R>M-X@34v7qmL2%**ik zINF?AR?bKh5*N~Ao+wj7#&zSeir99xTN1Vj00^S>5H7-91g4LJy*-aXYQ>c&tVtRQ zfj7vHnE(Kj$sRO0AF}CVbbR&91I-9LTItZ{V3!DH6ntbh>hSTm8N55@s!3ngUn}0s z6Dky3{G1->XrxgR=-V6`~nmU=`9L>yp z|JdF&8QBKwe;T-L^2mfF5(OeJyBM>+KmK|LHkft*Fw36SgeU5g8m{sMq?1r{T7lB& z2gnU|FFNiR#}weq-|EfS9*<8VBq7Pr5Zjn|)(#_5f5V_bZLg49^(`MIzXKp*<(O2U zFXOvy1KzKXqLi+%r;txD!Gn^`rIp3N;ab1)E@j|jwJ(5?i3+&H@5JaNmGzXfF)_gu zV0DIpDcr0qxSX#$^w3n)l{IA!C5a4G7^a|xMzekgnkEJEd|+ zyt4pm^B0AbDVAKWO3G-tD9mB`&BDEB-I*fRV&Lk~PcL`X{7S@?1u{J^EE{J&S@oQ% zEF*XWSbY?q(R6%STyoS>0Ib_s37PyXd&!Y&eZiU{|1tGlhH_}(gyjt3gjW5HH_Aub z*vQ^Cr2U|gP1{)MXuPl>E>lRFRT79Mw37g>+=09Y(~XyBor(ugD*r$u5RnG04-nTJ zv3>rP84MZ<5I4g6@e1`fLb%dr=%8UBg>^qNrRT}v@0?5_gLht6RG6f;;larda;Uu! z1>|NyZ~QUB6_Q+xYl~;(M#N0>U*gBmrmv@@bYhbMvnWa5$;7)zw_o|$K+?}aA|Di= z+0+2@^AMS!+osH{3LVyqM^aAM{MHelE;f->Gji6SbAT^8fj(E9gRm0Xo@cgzLFP=Zr$64@*M`(iGGb1N9u?y5@qfRQ={V&9=8V zMA6PH$FN30M8sR_Jkjd*O{Fk_y%)C=^bb5C@E~%Scpy_&ZqEpAc}q21zzhj~KU{Zu zeyeOC^LPDyZQPxbY38!0I88g=ln_drkTQ)kNiu!_){wDj*z#Mlc}L%8-nD~I(_QNh zD`FUh*|DJu#vkCb7rrSD(rb{*L;Ul=Q~Xg*(eaELSTqN~#Nh5bd0#DnF?;XusCAo$ zb7H11MwCasUQ$+nh}EL!%0dR>yJ1&RJO4euM(`pYg8y+_ttpL65x4mZuOBD^rawH)?7$ zM2?XEXtm|$)j$P%Z?Gp`YcN11LG|TH^&v0`wQ`NWsDKLIKIegzrAB^~!fCQQalBbc ztsfitDI1e$(_!p>opXp!H*cJ|(eV4PDt3t^anLyQfiUsZcqZo`@Z^~t_1g2W17D}v zv@SKWB3yxTxH3MKsddI3k?|swA^Xo!dviPQ-)@qoHc=iyL=R0LOQ~L?8`xE<6{PMYOa^9sB}iAPOS(_TZ>a0s>CF{Kh2wKquq-tEDTJF?J`RUOC>o2DDZ!tWMOJ}B zB5bBn*yNfxQZlW{s%hqPBH&;?fwxa%)}6P7r{FZhCqris$fVEI9*<_H@1xD?lt4d6 z#FEBznV{KjOW7`svQD!JA^#VRKS(jM2U)Gzysd!vk^3Er_7>62bngIuH7J#-A0?Hm zbQpJ?Ty-ohhPlWqUI~Uq)^6`m@tmJpU$fA$C*wjQY+~yq zz8^s6Q0QKJF3HLxyZzb|nz`i$-P_t@}`zl@3yp za|8>%a_&ETQ?Xk&PZGVWhld@M%Na6ub(d|s5aZ%LVx}u(W0VG0`2DSf_1)TtV{#Op?8LMosGMQ1dNU|nm@gUp8tTFnR{`OIRwq?39TA_ z`1|2wo>k`1hF|hVA`GNzHI|};q0i_dkQZ))ppJ}KQ$yy5e-S#XmYO5Vq{LE6mCd60 z`$oRN#mbR|Xu~Q@e?+^7nMlL$&EDr(I^$zYH&PHZ>)`E2<^t8Qmu|MBg{_P+zr?~iBr8+~)L9wS4kG+jF( z#``q!m{VLT_C%nUV?C+r0A3lERFxLFjyl1DyGHRk38W5uqa6ET0K&xQ0Qr~I!)C0+ zs}!@JvMW*6ra}pO^G~7&)D$*d@=j1^&3bYmj*Vg+0al|{A!#fwZ;rJq+Gq#kYS1=m z)2h6I=8M96h;YxmH7`7T1@iTkDyghF1}fvb_#QX=tAK>BE|rWODK#hx9UyH~G4EPC z3&iLv%%9*O!xAHON~b`xuKtDBjng7Pi<>B6f+vEPmuaT|s*Vm6ikJU>OY1KyPnHMM zrtGMzZ_lREIycD;zu|}>@ZJb%ZHUdf26pg4DLh<*ayLG&s{Of~=OkuIhFA;BW%p*s zuZU$j=S5|S?CSt%e$cq)e_o^_+!X?_bb9-wou~#l@VeLNGuwA!ze#kyPEV*v3IWSe z4*D459hEsW-k1w}%h_EZcor-)PC0Axn&6*iscu=-ck(;B?}VrB<~m<2*$=3)%r5OE z`Gq?dNsjIkpBlkyPKfz%i~XO9CI+Ypf`jgprRP0S9xgWFsrkUei6;A$OB6l{(F=$M z2Bgsv%AXZ%v`5{nML^dJcL)boFO4_wu_I%(SZ4%mlx8+ECmJ=uYDZw1K|O)09WgTJ zkaQP^U;71mswSv^s|hjp8*>`-ILIh0JNGW&?}!3`NG!t@hzk!=-~^Pp{$kXZIC(@7 z=J?ek{KYFyD>iSsShyd*qtB(ULt*0rZf`_Y_5P@~Kki9y@VlG~cZlfpvsXydfgs-R zE*z2yLpycTK75oaa3LlNUw1nveE3TVzuK%0d&L<cNYMA81v`9z7x}#iN;)!-&6YS{Sy_Wbpc{e*3ylrLt2*(cOAyS7w|` z+~Nh{Xb=fNSapGi>k|_vf*gU^1WOgDr&z#P(7Z76fXS*6o!w9ysT!pa*6Er@9ez%F zOTqPZ8bEX>@V^FfEmQQlnN?p%OqLLPJIxvIX>gKh1^7aMl5D>H^6$q?d%d$H&oy>2 z9h^VIeJyR@8rQ{j2o}u9*I;aEUfCKE4ub5FPzwT5m8ahoD~SMbYL7DGvzv}nHYhMF zdD|?#b-1T^7=K3K>F~7-{PKY&>xyRkcEbilj=*Oy=dGdMrEzx@Gg(J~nw+k@e8G&~ z=-8)YRJsKWqSB!GnxZJe@|JTJHz5=@Xn-H&f{y|N2KI(y2c^o_%|h3y{QssGMj!~i zsG9U2WiF4upfPWZNvXwtw<6lo_Xw)h-e+6+Ai9HKz-hPEk?@;a&2u(>6LyV&ji2WZ z7wnPy?RkwC{KbNtb<83J{U^+Me000000000TTnr-s diff --git a/docs/pandoc_templates/style.css b/docs/pandoc_templates/style.css index 98320dd..38d8a57 100644 --- a/docs/pandoc_templates/style.css +++ b/docs/pandoc_templates/style.css @@ -45,6 +45,7 @@ td, th { text-align: left; } pre.terminal_image { + font-family: 'Lucida Console'; background-color: #000; color: #0F0; font-size: 75%; diff --git a/docs/setup/contributor_code_of_conduct.md b/docs/setup/contributor_code_of_conduct.md index e7d89bf..9189c3f 100644 --- a/docs/setup/contributor_code_of_conduct.md +++ b/docs/setup/contributor_code_of_conduct.md @@ -73,9 +73,28 @@ Login identities shall have no password reset, because that is a security hole. If people forget their password, they should just create a new login that uses the same GPG key. +Every pull request should be made using `git pull-request`, (rather than +some web UI, for the web UI is apt to identify people through the domain +name system and their login identities.) + +The start argument of `git pull-request` should correspond to a signed +commit by the person requested, and the end argument to a signed and +tagged commit by the person requesting. + +When creating the tag for a pull request, git drops one into an editor and +asks one to describe the tag. One should then give a lengthy description of +one's *pull request* documenting the changes made. + +When accepting a pull request, the information provided by the requestor +through the tag and elsewhere should be duplicated by the acceptor into +the (possibly quite lengthy) mergenmessage. + +Thus all changes should be made, explained, and approved by persons +identified cryptographically, rather than through the domain name system. + # No race, sex, religion, nationality, or sexual preference -![On the internet nobody knows you are a dog](./images/nobody_know_you_are_a_dog.webp) +![On the internet nobody knows you are a dog](../images/nobody_know_you_are_a_dog.webp) Everyone shall be white, male, heterosexual, and vaguely Christian, even if they quite obviously are not, but no one shall unnecessarily and diff --git a/docs/setup/set_up_build_environments.md b/docs/setup/set_up_build_environments.md index 6ce316a..4f307f6 100644 --- a/docs/setup/set_up_build_environments.md +++ b/docs/setup/set_up_build_environments.md @@ -9,7 +9,7 @@ For a gpt partition table, sixteen MiB fat32 partition with boot and efi flags set, one gigabyte linux swap, and the rest your ext4 root file system. With an efi-gpt partition table, efi handles multiboot, so if you have -windows, going to need a biggger boot-efi partition. (grub takes a bit over +windows, going to need a bigger boot-efi partition. (grub takes a bit over four MiB) For an ms-dos (non efi) partition table, fivehundred and twelve MIB ext4 @@ -30,7 +30,7 @@ And a gpt partition table for a linux system should look something like this To build a cross platform application, you need to build in a cross platform environment. -## Setting up Ubuntu in Virtual Box +## Setting up Ubuntu in VirtualBox Having a whole lot of different versions of different machines, with a whole lot of snapshots, can suck up a remarkable amount of disk space @@ -66,18 +66,19 @@ Debian especially tends to have security in place to stop random people from sticking in CDs that get root access to the OS to run code to amend the OS in ways the developers did not anticipate. -## Setting up Debian in Virtual Box +## Setting up Debian in VirtualBox ### Guest Additions To install guest additions on Debian: ```bash -su -l root +sudo -i apt-get -qy update && apt-get -qy install build-essential module-assistant git dnsutils curl sudo dialog rsync apt-get -qy full-upgrade m-a -qi prepare -mount -t iso9660 /dev/sr0 /media/cdrom +apt autoremove +mount /media/cdrom0 cd /media/cdrom0 && sh ./VBoxLinuxAdditions.run usermod -a -G vboxsf cherry ``` @@ -209,14 +210,113 @@ mkcd() { mkdir -p "$1" && cd "$1"; } Setting them in `/etc/bash.bashrc` sets them for all users, including root. But the default `~/.bashrc` is apt to override the change of `H` for `h` in `PS1` +### fstab + +The line for in fstab for optical disks needs to given the options `udf,iso9660 ro,users,auto,nofail` so that it automounts, and any user can eject it. + +Confusingly, `nofail` means that it is allowed to fail, which of course it will +if there is nothing in the optical drive. + +`'user,noauto` means that the user has to mount it, and only the user that +mounted it can unmount it. `user,auto` is likely to result in root mounting it, +and if `root` mounted it, as it probably did, you have a problem. Which +problem is fixed by saying `users` instead of `user` + +## Setting up OpenWrt in VirtualBox + +OpenWrt is a router, and needs a network to route. So you use it to route a +virtual box internal network. + +Ignore the instructions on the OpenWrt website for setting up in Virtual +Box. Those instructions are wrong and do not work. Kind of obvious that +they are not going to work, since they do not provide for connecting to an +internal network that would need its own router. They suffer from a basic +lack of direction, purpose, and intent. + +Download the appropriate gzipped image file, expand it to an image file, and convert to a vdi file. + +You need an [x86 64 bit version of OpenWrt](https://openwrt.org/docs/guide-user/installation/openwrt_x86). There are four versions of them, squashed and not squashed, efi and not efi. Not efi is more likely to work and not squashed is more likely to work, but only squashed supports automatic updates of the kernel. + +In git bash terminal + +```bash +gzip -d openwrt-*.img.gz +/c/"Program Files"/Oracle/VirtualBox/VBoxManage convertfromraw --format VDI openwrt-22.03.3-x86-64-generic-ext4-combined.img openwrt-generic-ext4-combined.vdi +``` + +Add the vdi to oracle media using the oracle media manager. + +The resulting vdi file may have things wrong with it that would prevent it from booting, but viewing it in gparted will normalize it. + +Create a virtual computer, name openwrt, type linux, version Linux 2.6, 3.x, 4.x, 5.x (64 bit) The first network adaptor in it should be internal, the second one should be NAT or bridged/ + +Boot up openwrt headless, and any virtual machine on the internal network should just work. From any virtual machine on the internal network, configure the router at http://192.168.1.1 + ## Virtual disks The first virtual disk attached to a virtual machine is `/dev/sda`, the second is `/dev/sdb`, and so on and so forth. -Be warned that the default debian setup, when it encounters multiple -partitions that map to the same mount points is apt to make surprising and -seemingly random decisions as to which partitions to mount to what. +This does not necessarily correspond to order in which virtual drives have +been attached to the virtual machine + +Be warned that the debian setup, when it encounters multiple partitions +that have the same UUID is apt to make seemingly random decisions as to which partitions to mount to what. + +The problem is that virtual box clone does not change the partition UUIDs. To address this, attach to another linux system without mounting, change the UUIDs with `gparted`. Which will frequently refuse to change a UUID because it knows +better than you do. Will not do anything that would screw up grub. + +`boot-repair` can fix a `grub` on the boot drive of a linux system different +from the one it itself booted from, but to boot a cdrom on an oracle virtual +box efi system, cannot have anything attached to SATA. Attach the disk +immediately after the boot-repair grub menu comes up. + +The resulting repaired system may nonetheless take a strangely long time +to boot, because it is trying to resume a suspended linux, which may not +be supported on your device. + +`boot-repair` and `update-initramfs` make a wild assed guess that if it sees +what looks like a swap partition, it is probably on a laptop that supports +suspend/resume. If this guess is wrong, you are in trouble. + +If it is not supported this leads to a strangely long boot delay while grub +waits for the resume data that was stored to the swap file: + +```bash +#to fix long waits to resume a nonexistent suspend +sudo -i +swapoff -a +update-initramfs -u +shutdown -r now +``` + +If you have a separate boot partition in an `efi `system then the `grub.cfg` in `/boot/efi/EFI/debian` (not to be confused with all the other `grub.cfgs`) +should look like + +```terminal_image +search.fs_uuid «8943ba15-8939-4bca-ae3d-92534cc937c3» boot hd0,gpt«4» +set prefix=($boot)'/grub' +configfile $prefix/grub.cfg +``` + +Where the «funny brackets», as always, indicate mutas mutandis. + +Should you dig all the way down to the efi boot menu, which boots grub, +which then boots the real grub, the device identifier used corresponds to +the PARTUUID in + +`lsblk -o name,type,size,fstype,mountpoint,UUID,PARTUUID` while linux uses the UUID. + +If you attach two virtual disks representing two different linux +systems,with the same UUIDs to the same sata controller while powered +down, big surprise is likely on powering up. Attaching one of them to +virtio will evade this problem. + +But a better solution is to change all the UUIDs, since every piece of software expects them to be unique, and edit `/etc/fstab` accordingly. Which will probably stop grub from booting your system, because in grub.cfg it is searching for the /boot or / by UUID. + +However, sometimes one can add one additional virtual disk to a sata +controller after the system has powered up, which will produce no +surprises, for the disk will be attached but not mounted. So cheerfully attaching one linux disk to another linux system so that you can manipulate one system with the other may well have surprising, @@ -224,12 +324,24 @@ unexpected, and highly undesirable results. What decisions it has in fact made are revealed by `lsblk` -So when you attach a foreign linux disk to another linux system, attach -after it has booted, and detach when you are done, to ensure predictable -and expected behavior. +If one wants to add a several attached disks without surprises, then while +the virtual machines is powered down, attach the virtio-scsis controller, +and a bunch of virtual hard disks to it. The machine will then boot up with +only the sata disk mounted, as one would expect, but the disks attached to +the virtio controller will get attached as the ids /dev/sda, /dev/sdb, +/dev/sdc/, etc, while the sata disk gets mounted, but surprisingly gets the +last id, rather than the first. -The first partition on the first virtual disk is `/dev/sda1`, the third partition -on the second virtual disk is `/dev/sdb3`, and so on and so forth. +After one does what is needful, power down and detach the hard disks, for +if a hard disk is attached to multiple systems, unpleasant suprises are +likely to ensue. + +So when you attach a foreign linux disk by sata to another linux system, +attach after it has booted, and detach before you shutdown, to ensure +predictable and expected behavior. + +This however only seems to work with efi sata drives, so one can only +attach one additional disk after it has booted. Dynamic virtual disks in virtual box can be resized, and copied to a different (larger size) @@ -259,7 +371,7 @@ but not mounted, as `/dev/sdb1`. You can then shrink it in the host OS with ```bash -VBoxManage modifyhd -compact thediskfile.vdi` +VBoxManage modifyhd -compact thediskfile.vdi ``` or make a copy that will be smaller than the original. @@ -281,13 +393,13 @@ create a fixed size copy of it using virtual media manager in the host system. This, however, is an impractically slow and inefficient process for any large disk. For a one terabyte disk, takes a couple of days, a day or so to initialize the new virtual disk, during which the progress meter shows -zero progress, and another day or so to do actually the copy, during which +zero progress, and another day or so to do actually do the copy, during which the progress meter very slowly increases. -For big disk images, it is a whole lot faster to create a new system, attach -the old system to it, mount the old system, and copy the files that you care about. +Cloning a fixed sized disk is quite fast, and a quite reasonable way of +backing stuff up. -To list block devices `lsblk`. +To list block devices `lsblk -o name,type,size,fsuse%,fstype,fsver,mountpoint,UUID`. To mount an attached disk, create an empty directory, normally under `mnt`, and `mount /dev/sdb3 /mnt/newvm` @@ -295,17 +407,17 @@ To mount an attached disk, create an empty directory, normally under For example: ```terminal_image -root@example.com:~# lsblk -NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT -sda 8:0 0 24G 0 disk -├─sda1 8:1 0 23G 0 part / -├─sda2 8:2 0 1K 0 part -└─sda5 8:5 0 975M 0 part [SWAP] -sdb 8:16 0 46G 0 disk -├─sdb1 8:17 0 36M 0 part -├─sdb2 8:18 0 45G 0 part -└─sdb3 8:19 0 1G 0 part -sr0 11:0 1 484M 0 rom +root@example.com:~#lsblk -o name,type,size,fsuse%,fstype,fsver,mountpoint,UUID +NAME TYPE SIZE FSTYPE MOUNTPOINT UUID +sda disk 20G +├─sda1 part 33M vfat /boot/efi E470-C4BA +├─sda2 part 3G swap [SWAP] 764b1b37-c66f-4552-b2b6-0d48196198d7 +└─sda3 part 17G ext4 / efd3621c-63a4-4728-b7dd-747527f107c0 +sdb disk 20G +├─sdb1 part 33M vfat E470-C4BA +├─sdb2 part 3G swap 764b1b37-c66f-4552-b2b6-0d48196198d7 +└─sdb3 part 17G ext4 efd3621c-63a4-4728-b7dd-747527f107c0 +sr0 rom 1024M root@example.com:~# mkdir -p /mnt/sdb2 root@example.com:~# mount /dev/sdb2 /mnt/sdb2 root@example.com:~# ls -hal /mnt/sdb2 @@ -319,14 +431,29 @@ drwxr-xr-x 2 root root 4.0K Dec 12 06:27 mnt drwxr-xr-x 11 root root 4.0K Dec 12 06:27 var ``` -# Actual server +when backing up from one virtual hard drive to another very similar one, +mount the source disk with `mount -r` -## disable password entry +We are not worried about permissions and symlinks, so use `rsync -rcv --inplace --append-verify` + +If worried about permissions and symlinks `rsync -acv --inplace --append-verify` + +There is some horrid bug with `rsync -acv --inplace --append-verify` that makes it excruciatingly slow if you are copying a lot of data. + +`cp -vuxr «source-dir»/«.bit*» «dest-dir»` should have similar effect, +but perhaps considerably faster, but it checks only the times, which may +be disastrous if you have been using your backup live any time after you +used the master live. After backing up, run your backup live once briefly, +before using the backed up master, then never again till the next backup. + +# Actual server Setting up an actual server is similar to setting up the virtual machine modelling it, except you have to worry about the server getting overloaded and locking up. +## disable password entry + On an actual server, it is advisable to enable passwordless sudo for one user. issue the command `visudo` and edit the sudoers file to contain the line: @@ -509,19 +636,53 @@ of (multi-)user utilities and applications. ## Setting up ssh +When your hosing service gives you a server, you will probably initially +have to control it by password. And not only is this unsafe and lots of +utilities fail to work with passwords, but your local ssh client may well fail +to do a password login, endelessly offering public keys, when no +`~/.ssh/authorized_keys` file yet exists on the freshly created server. + +To force your local client to employ passwords: + +```bash +ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no -o StrictHostKeyChecking=no root@«server» +``` + +And then the first thing you do on the freshly initialized server is + +```bash +apt update -qy +apt upgrade -qy +shutdown -r now && exit +``` + +And the *next* thing you do is login again and set up login by ssh key, +because if you make changes and *then* update, things are likely to break +(because your hosting service likely installed a very old version of linux). + Login by password is second class, and there are a bunch of esoteric special cases where it does not quite 100% work in all situations, because stuff wants to auto log you in without asking for input. Putty is the windows ssh client, but you can use the Linux ssh client in -windows in the git bash shell, and the Linux remote file copy utility -`scp` is way better than the putty utility PSFTP. +windows in the git bash shell, which is way better than putty, and the +Linux remote file copy utility `scp` is way better than the putty utility +`PSFTP`, and the Linux remote file copy utility `rsync` way better than +either of them, though unfortunately `rsync` does not work in the windows bash shell. + +The filezilla client works natively on both windows and linux, and it is very good gui file copy utility that, like scp and rsync, works by ssh (once you set up the necessary public and private keys.) Unfortunately on windows, it insists on putty format private keys, while the git bash shell for windows wants linux format keys. Usually a command line interface is a pain and error prone, with a multitude of mysterious and inexplicable options and parameters, and one -typo or out of order command causing your system to unrecoverably die,but even though Putty has a windowed interface, the command line +typo or out of order command causing your system to unrecoverably +die,but even though Putty has a windowed interface, the command line interface of bash is easier to use. +(The gui interface of filezilla is the easiest to us, but I tend not to bother +setting up the putty keys for it, and wind up using rsync linux to linux, +which, like all comand line interfaces is more powerful, but more difficult +and dangerous) + It is easier in practice to use the bash (or, on Windows, git-bash) to manage keys than PuTTYgen. You generate a key pair with ```bash @@ -1287,7 +1448,8 @@ map to the old server, until the new server works.) ```bash apt-get -qy install certbot python-certbot-nginx certbot register --register-unsafely-without-email --agree-tos -certbot run -a manual --preferred-challenges dns -i nginx -d reaction.la -d blog.reaction.la +certbot run -a manual --preferred-challenges dns -i nginx \ + -d reaction.la -d blog.reaction.la nginx -t ``` @@ -1295,13 +1457,23 @@ This does not set up automatic renewal. To get automatic renewal going, you will need to renew with the `webroot` challenge rather than the `manual` once DNS points to this server. +This, ` --preferred-challenges dns`, also allows you to set up wildcard +certificates, but it is a pain, and does not support automatic renewal. +Automatic renewal requires of wildcards requires the cooperation of +certbot and your dns server, and is different for every organization, so only +the big boys can play. + But if you are doing this, not on your test server, but on your live server, the easy way, which will also setup automatic renewal and configure your webserver to be https only, is: ```bash -certbot --nginx -d mail.reaction.la,blog.reaction.la,reaction.la +certbot --nginx -d \ +mail.reaction.la,blog.reaction.la,reaction.la,\ +www.reaction.la,www.blog.reaction.la,\ +gitea.reaction.la,git.reaction.la ``` -If instead you already have a certificate, because you copied over your `/etc/letsencrypt` directory +If instead you already have a certificate, because you copied over your +`/etc/letsencrypt` directory ```bash apt-get -qy install certbot python-certbot-nginx diff --git a/docs/setup/wireguard.md b/docs/setup/wireguard.md index b68c515..13ba4b7 100644 --- a/docs/setup/wireguard.md +++ b/docs/setup/wireguard.md @@ -247,13 +247,18 @@ Next, find the name of your server’s main network interface. ```bash ip addr | grep BROADCAST +server_network_interface=$(ip addr | grep BROADCAST |sed -r "s/.*:[[:space:]]*([[:alnum:]]+)[[:space:]]*:.*/\1/") +echo $server_network_interface ``` As you can see, it’s named `eth0` on my Debian server. ```terminal_image :~# ip addr | grep BROADCAST -2: eth0: mtu 1500 qdisc pfifo_fast state +2: eth0: mtu 1500 qdisc fq state UP group default qlen 1000 +:~# server_network_interface=$(ip addr | grep BROADCAST |sed -r "s/([[:alnum:]]+):[[:space:]]*(.*)[[:space:]]*:(.*)/\2/") +:~# echo $server_network_interface +eth0 ``` To configure IP masquerading, we have to add iptables command in a UFW configuration file. @@ -651,6 +656,11 @@ You can also run the following command to get the current public IP address. curl https://icanhazip.com ``` +To get the geographic location +```bash +curl https://www.dnsleaktest.com |grep from +``` + # Troubleshooting ## Check if UDP port «51820» is open