From 713b98bcaba966b71f62b31fad00613c236b3c5b Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 5 Jun 2022 14:14:38 +0000 Subject: [PATCH 01/25] deploy: ce16c5f77cff83b83eb4165ba77b398eb980b09c --- .nojekyll | 0 .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + .../index.html | 1 + 404.html | 4 + ...3f2aa60a43bc71d63f13634f08e4199263aaa2.css | 7 + ...632408e58ac146fbdbe62747134bea2fa3415e0.js | 44 ++++ categories/index.html | 4 + categories/index.xml | 11 + contact/index.html | 23 ++ img/multiarch-dockerhub-1.png | Bin 0 -> 86649 bytes img/multiarch-dockerhub-2.png | Bin 0 -> 72212 bytes img/multiarch-dockerhub-3.png | Bin 0 -> 129779 bytes img/multiarch-dockerhub-4.png | Bin 0 -> 88664 bytes img/multiarch-dockerhub-5.png | Bin 0 -> 401636 bytes img/raspberry-usb.png | Bin 0 -> 350931 bytes img/seatsurfing-screenshot.png | Bin 0 -> 67560 bytes img/strava-import.png | Bin 0 -> 97312 bytes img/usg-provision.png | Bin 0 -> 62197 bytes index.html | 16 ++ index.xml | 234 ++++++++++++++++++ page/1/index.html | 1 + page/2/index.html | 13 + .../index.html | 69 ++++++ .../encrypted-file-container-macos/index.html | 6 + posts/endomono-export-gpx/index.html | 20 ++ .../index.html | 16 ++ .../index.html | 66 +++++ .../index.html | 14 ++ posts/index.html | 13 + posts/index.xml | 209 ++++++++++++++++ posts/ipv6-on-a-sonicwall/index.html | 7 + posts/jenkins-build-docker-images/index.html | 27 ++ posts/k3s-glusterfs/index.html | 5 + .../index.html | 53 ++++ posts/multi-arch-docker-images-1/index.html | 65 +++++ posts/multi-arch-docker-images-2/index.html | 14 ++ posts/onedrive-upload-backup/index.html | 35 +++ posts/page/1/index.html | 1 + posts/page/2/index.html | 14 ++ .../index.html | 20 ++ posts/reduce-pdf-file-size-2/index.html | 18 ++ posts/reduce-pdf-file-size/index.html | 14 ++ .../index.html | 54 ++++ .../index.html | 47 ++++ .../index.html | 6 + posts/usb-boot-raspberry-pi/index.html | 18 ++ privacy-policy/index.html | 11 + robots.txt | 3 + sitemap.xml | 143 +++++++++++ tags/api/index.html | 7 + tags/api/index.xml | 32 +++ tags/api/page/1/index.html | 1 + tags/docker/index.html | 13 + tags/docker/index.xml | 83 +++++++ tags/docker/page/1/index.html | 1 + tags/endonomdo/index.html | 6 + tags/endonomdo/index.xml | 22 ++ tags/endonomdo/page/1/index.html | 1 + tags/fhem/index.html | 5 + tags/fhem/index.xml | 21 ++ tags/fhem/page/1/index.html | 1 + tags/firewall/index.html | 5 + tags/firewall/index.xml | 21 ++ tags/firewall/page/1/index.html | 1 + tags/github/index.html | 6 + tags/github/index.xml | 31 +++ tags/github/page/1/index.html | 1 + tags/google/index.html | 6 + tags/google/index.xml | 22 ++ tags/google/page/1/index.html | 1 + tags/homeautomation/index.html | 5 + tags/homeautomation/index.xml | 21 ++ tags/homeautomation/page/1/index.html | 1 + tags/index.html | 4 + tags/index.xml | 201 +++++++++++++++ tags/ipv6/index.html | 5 + tags/ipv6/index.xml | 21 ++ tags/ipv6/page/1/index.html | 1 + tags/kubernetes/index.html | 5 + tags/kubernetes/index.xml | 21 ++ tags/kubernetes/page/1/index.html | 1 + tags/letsencrypt/index.html | 7 + tags/letsencrypt/index.xml | 23 ++ tags/letsencrypt/page/1/index.html | 1 + tags/linux/index.html | 8 + tags/linux/index.xml | 33 +++ tags/linux/page/1/index.html | 1 + tags/macos/index.html | 10 + tags/macos/index.xml | 53 ++++ tags/macos/page/1/index.html | 1 + tags/nginx/index.html | 7 + tags/nginx/index.xml | 23 ++ tags/nginx/page/1/index.html | 1 + tags/onedrive/index.html | 6 + tags/onedrive/index.xml | 31 +++ tags/onedrive/page/1/index.html | 1 + tags/openhab/index.html | 5 + tags/openhab/index.xml | 21 ++ tags/openhab/page/1/index.html | 1 + tags/proxy/index.html | 6 + tags/proxy/index.xml | 22 ++ tags/proxy/page/1/index.html | 1 + tags/raspberrypi/index.html | 7 + tags/raspberrypi/index.xml | 32 +++ tags/raspberrypi/page/1/index.html | 1 + tags/sonicwall/index.html | 5 + tags/sonicwall/index.xml | 21 ++ tags/sonicwall/page/1/index.html | 1 + tags/tool/index.html | 9 + tags/tool/index.xml | 61 +++++ tags/tool/page/1/index.html | 1 + tags/wordpress/index.html | 6 + tags/wordpress/index.xml | 22 ++ tags/wordpress/page/1/index.html | 1 + 132 files changed, 2347 insertions(+) create mode 100644 .nojekyll create mode 100644 2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html create mode 100644 2012/11/how-to-reduce-pdf-file-size-in-linux/index.html create mode 100644 2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html create mode 100644 2015/08/how-to-reduce-pdf-file-size-part-2/index.html create mode 100644 2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html create mode 100644 2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html create mode 100644 2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html create mode 100644 2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html create mode 100644 2016/12/creating-an-encrypted-file-container-on-macos/index.html create mode 100644 2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html create mode 100644 2017/06/how-to-let-jenkins-build-docker-images/index.html create mode 100644 2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html create mode 100644 2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html create mode 100644 2020/05/nativer-usb-boot-raspberry-pi-4/index.html create mode 100644 2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html create mode 100644 2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html create mode 100644 2020/06/trainings-gpx-datei-endomondo-exportieren/index.html create mode 100644 2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html create mode 100644 2021/09/back-up-server-to-onedrives-special-app-folder/index.html create mode 100644 2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html create mode 100644 404.html create mode 100644 assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css create mode 100644 assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js create mode 100644 categories/index.html create mode 100644 categories/index.xml create mode 100644 contact/index.html create mode 100644 img/multiarch-dockerhub-1.png create mode 100644 img/multiarch-dockerhub-2.png create mode 100644 img/multiarch-dockerhub-3.png create mode 100644 img/multiarch-dockerhub-4.png create mode 100644 img/multiarch-dockerhub-5.png create mode 100644 img/raspberry-usb.png create mode 100644 img/seatsurfing-screenshot.png create mode 100644 img/strava-import.png create mode 100644 img/usg-provision.png create mode 100644 index.html create mode 100644 index.xml create mode 100644 page/1/index.html create mode 100644 page/2/index.html create mode 100644 posts/determining-a-locations-federal-state-using-google-maps-api/index.html create mode 100644 posts/encrypted-file-container-macos/index.html create mode 100644 posts/endomono-export-gpx/index.html create mode 100644 posts/fix-docker-not-using-etc-hosts-on-macos/index.html create mode 100644 posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html create mode 100644 posts/https-ssl-in-wordpress-behind-proxy/index.html create mode 100644 posts/index.html create mode 100644 posts/index.xml create mode 100644 posts/ipv6-on-a-sonicwall/index.html create mode 100644 posts/jenkins-build-docker-images/index.html create mode 100644 posts/k3s-glusterfs/index.html create mode 100644 posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html create mode 100644 posts/multi-arch-docker-images-1/index.html create mode 100644 posts/multi-arch-docker-images-2/index.html create mode 100644 posts/onedrive-upload-backup/index.html create mode 100644 posts/page/1/index.html create mode 100644 posts/page/2/index.html create mode 100644 posts/raspberry-pi-os-remove-packages/index.html create mode 100644 posts/reduce-pdf-file-size-2/index.html create mode 100644 posts/reduce-pdf-file-size/index.html create mode 100644 posts/traefik-access-log-influxdb-grafana-telegraf/index.html create mode 100644 posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html create mode 100644 posts/uptime-robot-website-monitoring/index.html create mode 100644 posts/usb-boot-raspberry-pi/index.html create mode 100644 privacy-policy/index.html create mode 100644 robots.txt create mode 100644 sitemap.xml create mode 100644 tags/api/index.html create mode 100644 tags/api/index.xml create mode 100644 tags/api/page/1/index.html create mode 100644 tags/docker/index.html create mode 100644 tags/docker/index.xml create mode 100644 tags/docker/page/1/index.html create mode 100644 tags/endonomdo/index.html create mode 100644 tags/endonomdo/index.xml create mode 100644 tags/endonomdo/page/1/index.html create mode 100644 tags/fhem/index.html create mode 100644 tags/fhem/index.xml create mode 100644 tags/fhem/page/1/index.html create mode 100644 tags/firewall/index.html create mode 100644 tags/firewall/index.xml create mode 100644 tags/firewall/page/1/index.html create mode 100644 tags/github/index.html create mode 100644 tags/github/index.xml create mode 100644 tags/github/page/1/index.html create mode 100644 tags/google/index.html create mode 100644 tags/google/index.xml create mode 100644 tags/google/page/1/index.html create mode 100644 tags/homeautomation/index.html create mode 100644 tags/homeautomation/index.xml create mode 100644 tags/homeautomation/page/1/index.html create mode 100644 tags/index.html create mode 100644 tags/index.xml create mode 100644 tags/ipv6/index.html create mode 100644 tags/ipv6/index.xml create mode 100644 tags/ipv6/page/1/index.html create mode 100644 tags/kubernetes/index.html create mode 100644 tags/kubernetes/index.xml create mode 100644 tags/kubernetes/page/1/index.html create mode 100644 tags/letsencrypt/index.html create mode 100644 tags/letsencrypt/index.xml create mode 100644 tags/letsencrypt/page/1/index.html create mode 100644 tags/linux/index.html create mode 100644 tags/linux/index.xml create mode 100644 tags/linux/page/1/index.html create mode 100644 tags/macos/index.html create mode 100644 tags/macos/index.xml create mode 100644 tags/macos/page/1/index.html create mode 100644 tags/nginx/index.html create mode 100644 tags/nginx/index.xml create mode 100644 tags/nginx/page/1/index.html create mode 100644 tags/onedrive/index.html create mode 100644 tags/onedrive/index.xml create mode 100644 tags/onedrive/page/1/index.html create mode 100644 tags/openhab/index.html create mode 100644 tags/openhab/index.xml create mode 100644 tags/openhab/page/1/index.html create mode 100644 tags/proxy/index.html create mode 100644 tags/proxy/index.xml create mode 100644 tags/proxy/page/1/index.html create mode 100644 tags/raspberrypi/index.html create mode 100644 tags/raspberrypi/index.xml create mode 100644 tags/raspberrypi/page/1/index.html create mode 100644 tags/sonicwall/index.html create mode 100644 tags/sonicwall/index.xml create mode 100644 tags/sonicwall/page/1/index.html create mode 100644 tags/tool/index.html create mode 100644 tags/tool/index.xml create mode 100644 tags/tool/page/1/index.html create mode 100644 tags/wordpress/index.html create mode 100644 tags/wordpress/index.xml create mode 100644 tags/wordpress/page/1/index.html diff --git a/.nojekyll b/.nojekyll new file mode 100644 index 0000000..e69de29 diff --git a/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html b/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html new file mode 100644 index 0000000..bd0ea2d --- /dev/null +++ b/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ \ No newline at end of file diff --git a/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html b/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html new file mode 100644 index 0000000..ab784bc --- /dev/null +++ b/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/reduce-pdf-file-size/ \ No newline at end of file diff --git a/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html b/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html new file mode 100644 index 0000000..f19d7c2 --- /dev/null +++ b/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/ipv6-on-a-sonicwall/ \ No newline at end of file diff --git a/2015/08/how-to-reduce-pdf-file-size-part-2/index.html b/2015/08/how-to-reduce-pdf-file-size-part-2/index.html new file mode 100644 index 0000000..3aa7dab --- /dev/null +++ b/2015/08/how-to-reduce-pdf-file-size-part-2/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/reduce-pdf-file-size-2/ \ No newline at end of file diff --git a/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html b/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html new file mode 100644 index 0000000..5522e3e --- /dev/null +++ b/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ \ No newline at end of file diff --git a/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html new file mode 100644 index 0000000..f5fe926 --- /dev/null +++ b/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ \ No newline at end of file diff --git a/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html b/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html new file mode 100644 index 0000000..d4d2ff3 --- /dev/null +++ b/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ \ No newline at end of file diff --git a/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html b/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html new file mode 100644 index 0000000..e1ef468 --- /dev/null +++ b/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/uptime-robot-website-monitoring/ \ No newline at end of file diff --git a/2016/12/creating-an-encrypted-file-container-on-macos/index.html b/2016/12/creating-an-encrypted-file-container-on-macos/index.html new file mode 100644 index 0000000..c34cc08 --- /dev/null +++ b/2016/12/creating-an-encrypted-file-container-on-macos/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/encrypted-file-container-macos/ \ No newline at end of file diff --git a/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html new file mode 100644 index 0000000..44cba25 --- /dev/null +++ b/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ \ No newline at end of file diff --git a/2017/06/how-to-let-jenkins-build-docker-images/index.html b/2017/06/how-to-let-jenkins-build-docker-images/index.html new file mode 100644 index 0000000..c710b64 --- /dev/null +++ b/2017/06/how-to-let-jenkins-build-docker-images/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/jenkins-build-docker-images/ \ No newline at end of file diff --git a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html new file mode 100644 index 0000000..9f2c117 --- /dev/null +++ b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/multi-arch-docker-images-1/ \ No newline at end of file diff --git a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html new file mode 100644 index 0000000..494a7e2 --- /dev/null +++ b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/multi-arch-docker-images-2/ \ No newline at end of file diff --git a/2020/05/nativer-usb-boot-raspberry-pi-4/index.html b/2020/05/nativer-usb-boot-raspberry-pi-4/index.html new file mode 100644 index 0000000..11aa71d --- /dev/null +++ b/2020/05/nativer-usb-boot-raspberry-pi-4/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/usb-boot-raspberry-pi/ \ No newline at end of file diff --git a/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html b/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html new file mode 100644 index 0000000..3241351 --- /dev/null +++ b/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ \ No newline at end of file diff --git a/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html b/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html new file mode 100644 index 0000000..55d2273 --- /dev/null +++ b/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ \ No newline at end of file diff --git a/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html b/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html new file mode 100644 index 0000000..1ce55b3 --- /dev/null +++ b/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/endomono-export-gpx/ \ No newline at end of file diff --git a/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html new file mode 100644 index 0000000..6c04a0a --- /dev/null +++ b/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ \ No newline at end of file diff --git a/2021/09/back-up-server-to-onedrives-special-app-folder/index.html b/2021/09/back-up-server-to-onedrives-special-app-folder/index.html new file mode 100644 index 0000000..bf57dd0 --- /dev/null +++ b/2021/09/back-up-server-to-onedrives-special-app-folder/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/onedrive-upload-backup/ \ No newline at end of file diff --git a/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html b/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html new file mode 100644 index 0000000..5183fdf --- /dev/null +++ b/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/k3s-glusterfs/ \ No newline at end of file diff --git a/404.html b/404.html new file mode 100644 index 0000000..9ab8f67 --- /dev/null +++ b/404.html @@ -0,0 +1,4 @@ +404 Page not found | Virtualzone Blog
404
\ No newline at end of file diff --git a/assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css b/assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css new file mode 100644 index 0000000..b9179c2 --- /dev/null +++ b/assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css @@ -0,0 +1,7 @@ +/* + PaperMod v6 + License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE + Copyright (c) 2020 nanxiaobei and adityatelange + Copyright (c) 2021-2022 adityatelange +*/ +:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}#theme-toggle svg{height:18px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}.share-buttons a svg{height:30px;width:30px;fill:currentColor;transition:transform .1s}.share-buttons svg:active{transform:scale(.96)}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%;pointer-events:none}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.share-buttons svg:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}} \ No newline at end of file diff --git a/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js b/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js new file mode 100644 index 0000000..93a6f86 --- /dev/null +++ b/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js @@ -0,0 +1,44 @@ +/* + Highlight.js 10.2.1 (32fb9a1d) + License: BSD-3-Clause + Copyright (c) 2006-2020, Ivan Sagalaev +*/ +var hljs=function(){"use strict";function e(n){Object.freeze(n);var t="function"==typeof n;return Object.getOwnPropertyNames(n).forEach((function(r){!Object.hasOwnProperty.call(n,r)||null===n[r]||"object"!=typeof n[r]&&"function"!=typeof n[r]||t&&("caller"===r||"callee"===r||"arguments"===r)||Object.isFrozen(n[r])||e(n[r])})),n}class n{constructor(e){void 0===e.data&&(e.data={}),this.data=e.data}ignoreMatch(){this.ignore=!0}}function t(e){return e.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'")}function r(e,...n){var t={};for(const n in e)t[n]=e[n];return n.forEach((function(e){for(const n in e)t[n]=e[n]})),t}function a(e){return e.nodeName.toLowerCase()}var i=Object.freeze({__proto__:null,escapeHTML:t,inherit:r,nodeStream:function(e){var n=[];return function e(t,r){for(var i=t.firstChild;i;i=i.nextSibling)3===i.nodeType?r+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:r,node:i}),r=e(i,r),a(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:r,node:i}));return r}(e,0),n},mergeStreams:function(e,n,r){var i=0,s="",o=[];function l(){return e.length&&n.length?e[0].offset!==n[0].offset?e[0].offset"}function u(e){s+=""}function g(e){("start"===e.event?c:u)(e.node)}for(;e.length||n.length;){var d=l();if(s+=t(r.substring(i,d[0].offset)),i=d[0].offset,d===e){o.reverse().forEach(u);do{g(d.splice(0,1)[0]),d=l()}while(d===e&&d.length&&d[0].offset===i);o.reverse().forEach(c)}else"start"===d[0].event?o.push(d[0].node):o.pop(),g(d.splice(0,1)[0])}return s+t(r.substr(i))}});const s="",o=e=>!!e.kind;class l{constructor(e,n){this.buffer="",this.classPrefix=n.classPrefix,e.walk(this)}addText(e){this.buffer+=t(e)}openNode(e){if(!o(e))return;let n=e.kind;e.sublanguage||(n=`${this.classPrefix}${n}`),this.span(n)}closeNode(e){o(e)&&(this.buffer+=s)}value(){return this.buffer}span(e){this.buffer+=``}}class c{constructor(){this.rootNode={children:[]},this.stack=[this.rootNode]}get top(){return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(e){this.top.children.push(e)}openNode(e){const n={kind:e,children:[]};this.add(n),this.stack.push(n)}closeNode(){if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)}walk(e){return this.constructor._walk(e,this.rootNode)}static _walk(e,n){return"string"==typeof n?e.addText(n):n.children&&(e.openNode(n),n.children.forEach(n=>this._walk(e,n)),e.closeNode(n)),e}static _collapse(e){"string"!=typeof e&&e.children&&(e.children.every(e=>"string"==typeof e)?e.children=[e.children.join("")]:e.children.forEach(e=>{c._collapse(e)}))}}class u extends c{constructor(e){super(),this.options=e}addKeyword(e,n){""!==e&&(this.openNode(n),this.addText(e),this.closeNode())}addText(e){""!==e&&this.add(e)}addSublanguage(e,n){const t=e.root;t.kind=n,t.sublanguage=!0,this.add(t)}toHTML(){return new l(this,this.options).value()}finalize(){return!0}}function g(e){return e?"string"==typeof e?e:e.source:null}const d="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",h={begin:"\\\\[\\s\\S]",relevance:0},f={className:"string",begin:"'",end:"'",illegal:"\\n",contains:[h]},p={className:"string",begin:'"',end:'"',illegal:"\\n",contains:[h]},m={begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},b=function(e,n,t={}){var a=r({className:"comment",begin:e,end:n,contains:[]},t);return a.contains.push(m),a.contains.push({className:"doctag",begin:"(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):",relevance:0}),a},v=b("//","$"),x=b("/\\*","\\*/"),E=b("#","$");var _=Object.freeze({__proto__:null,IDENT_RE:"[a-zA-Z]\\w*",UNDERSCORE_IDENT_RE:"[a-zA-Z_]\\w*",NUMBER_RE:"\\b\\d+(\\.\\d+)?",C_NUMBER_RE:d,BINARY_NUMBER_RE:"\\b(0b[01]+)",RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",SHEBANG:(e={})=>{const n=/^#![ ]*\//;return e.binary&&(e.begin=function(...e){return e.map(e=>g(e)).join("")}(n,/.*\b/,e.binary,/\b.*/)),r({className:"meta",begin:n,end:/$/,relevance:0,"on:begin":(e,n)=>{0!==e.index&&n.ignoreMatch()}},e)},BACKSLASH_ESCAPE:h,APOS_STRING_MODE:f,QUOTE_STRING_MODE:p,PHRASAL_WORDS_MODE:m,COMMENT:b,C_LINE_COMMENT_MODE:v,C_BLOCK_COMMENT_MODE:x,HASH_COMMENT_MODE:E,NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?",relevance:0},C_NUMBER_MODE:{className:"number",begin:d,relevance:0},BINARY_NUMBER_MODE:{className:"number",begin:"\\b(0b[01]+)",relevance:0},CSS_NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",relevance:0},REGEXP_MODE:{begin:/(?=\/[^/\n]*\/)/,contains:[{className:"regexp",begin:/\//,end:/\/[gimuy]*/,illegal:/\n/,contains:[h,{begin:/\[/,end:/\]/,relevance:0,contains:[h]}]}]},TITLE_MODE:{className:"title",begin:"[a-zA-Z]\\w*",relevance:0},UNDERSCORE_TITLE_MODE:{className:"title",begin:"[a-zA-Z_]\\w*",relevance:0},METHOD_GUARD:{begin:"\\.\\s*[a-zA-Z_]\\w*",relevance:0},END_SAME_AS_BEGIN:function(e){return Object.assign(e,{"on:begin":(e,n)=>{n.data._beginMatch=e[1]},"on:end":(e,n)=>{n.data._beginMatch!==e[1]&&n.ignoreMatch()}})}}),w="of and for in not or if then".split(" ");function N(e,n){return n?+n:function(e){return w.includes(e.toLowerCase())}(e)?0:1}const y={props:["language","code","autodetect"],data:function(){return{detectedLanguage:"",unknownLanguage:!1}},computed:{className(){return this.unknownLanguage?"":"hljs "+this.detectedLanguage},highlighted(){if(!this.autoDetect&&!hljs.getLanguage(this.language))return console.warn(`The language "${this.language}" you specified could not be found.`),this.unknownLanguage=!0,t(this.code);let e;return this.autoDetect?(e=hljs.highlightAuto(this.code),this.detectedLanguage=e.language):(e=hljs.highlight(this.language,this.code,this.ignoreIllegals),this.detectectLanguage=this.language),e.value},autoDetect(){return!(this.language&&(e=this.autodetect,!e&&""!==e));var e},ignoreIllegals:()=>!0},render(e){return e("pre",{},[e("code",{class:this.className,domProps:{innerHTML:this.highlighted}})])}},R={install(e){e.component("highlightjs",y)}},k=t,M=r,{nodeStream:O,mergeStreams:L}=i,A=Symbol("nomatch");return function(t){var a=[],i=Object.create(null),s=Object.create(null),o=[],l=!0,c=/(^(<[^>]+>|\t|)+|\n)/gm,d="Could not find the language '{}', did you forget to load/include a language module?";const h={disableAutodetect:!0,name:"Plain text",contains:[]};var f={noHighlightRe:/^(no-?highlight)$/i,languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:null,__emitter:u};function p(e){return f.noHighlightRe.test(e)}function m(e,n,t,r){var a={code:n,language:e};j("before:highlight",a);var i=a.result?a.result:b(a.language,a.code,t,r);return i.code=a.code,j("after:highlight",i),i}function b(e,t,a,s){var o=t;function c(e,n){var t=E.case_insensitive?n[0].toLowerCase():n[0];return Object.prototype.hasOwnProperty.call(e.keywords,t)&&e.keywords[t]}function u(){null!=R.subLanguage?function(){if(""!==L){var e=null;if("string"==typeof R.subLanguage){if(!i[R.subLanguage])return void O.addText(L);e=b(R.subLanguage,L,!0,M[R.subLanguage]),M[R.subLanguage]=e.top}else e=v(L,R.subLanguage.length?R.subLanguage:null);R.relevance>0&&(I+=e.relevance),O.addSublanguage(e.emitter,e.language)}}():function(){if(!R.keywords)return void O.addText(L);let e=0;R.keywordPatternRe.lastIndex=0;let n=R.keywordPatternRe.exec(L),t="";for(;n;){t+=L.substring(e,n.index);const r=c(R,n);if(r){const[e,a]=r;O.addText(t),t="",I+=a,O.addKeyword(n[0],e)}else t+=n[0];e=R.keywordPatternRe.lastIndex,n=R.keywordPatternRe.exec(L)}t+=L.substr(e),O.addText(t)}(),L=""}function h(e){return e.className&&O.openNode(e.className),R=Object.create(e,{parent:{value:R}})}function p(e){return 0===R.matcher.regexIndex?(L+=e[0],1):(S=!0,0)}var m={};function x(t,r){var i=r&&r[0];if(L+=t,null==i)return u(),0;if("begin"===m.type&&"end"===r.type&&m.index===r.index&&""===i){if(L+=o.slice(r.index,r.index+1),!l){const n=Error("0 width match regex");throw n.languageName=e,n.badRule=m.rule,n}return 1}if(m=r,"begin"===r.type)return function(e){var t=e[0],r=e.rule;const a=new n(r),i=[r.__beforeBegin,r["on:begin"]];for(const n of i)if(n&&(n(e,a),a.ignore))return p(t);return r&&r.endSameAsBegin&&(r.endRe=RegExp(t.replace(/[-/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")),r.skip?L+=t:(r.excludeBegin&&(L+=t),u(),r.returnBegin||r.excludeBegin||(L=t)),h(r),r.returnBegin?0:t.length}(r);if("illegal"===r.type&&!a){const e=Error('Illegal lexeme "'+i+'" for mode "'+(R.className||"")+'"');throw e.mode=R,e}if("end"===r.type){var s=function(e){var t=e[0],r=o.substr(e.index),a=function e(t,r,a){let i=function(e,n){var t=e&&e.exec(n);return t&&0===t.index}(t.endRe,a);if(i){if(t["on:end"]){const e=new n(t);t["on:end"](r,e),e.ignore&&(i=!1)}if(i){for(;t.endsParent&&t.parent;)t=t.parent;return t}}if(t.endsWithParent)return e(t.parent,r,a)}(R,e,r);if(!a)return A;var i=R;i.skip?L+=t:(i.returnEnd||i.excludeEnd||(L+=t),u(),i.excludeEnd&&(L=t));do{R.className&&O.closeNode(),R.skip||R.subLanguage||(I+=R.relevance),R=R.parent}while(R!==a.parent);return a.starts&&(a.endSameAsBegin&&(a.starts.endRe=a.endRe),h(a.starts)),i.returnEnd?0:t.length}(r);if(s!==A)return s}if("illegal"===r.type&&""===i)return 1;if(j>1e5&&j>3*r.index)throw Error("potential infinite loop, way more iterations than matches");return L+=i,i.length}var E=y(e);if(!E)throw console.error(d.replace("{}",e)),Error('Unknown language: "'+e+'"');var _=function(e){function n(n,t){return RegExp(g(n),"m"+(e.case_insensitive?"i":"")+(t?"g":""))}class t{constructor(){this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0}addRule(e,n){n.position=this.position++,this.matchIndexes[this.matchAt]=n,this.regexes.push([n,e]),this.matchAt+=function(e){return RegExp(e.toString()+"|").exec("").length-1}(e)+1}compile(){0===this.regexes.length&&(this.exec=()=>null);const e=this.regexes.map(e=>e[1]);this.matcherRe=n(function(e,n="|"){for(var t=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./,r=0,a="",i=0;i0&&(a+=n),a+="(";o.length>0;){var l=t.exec(o);if(null==l){a+=o;break}a+=o.substring(0,l.index),o=o.substring(l.index+l[0].length),"\\"===l[0][0]&&l[1]?a+="\\"+(+l[1]+s):(a+=l[0],"("===l[0]&&r++)}a+=")"}return a}(e),!0),this.lastIndex=0}exec(e){this.matcherRe.lastIndex=this.lastIndex;const n=this.matcherRe.exec(e);if(!n)return null;const t=n.findIndex((e,n)=>n>0&&void 0!==e),r=this.matchIndexes[t];return n.splice(0,t),Object.assign(n,r)}}class a{constructor(){this.rules=[],this.multiRegexes=[],this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(e){if(this.multiRegexes[e])return this.multiRegexes[e];const n=new t;return this.rules.slice(e).forEach(([e,t])=>n.addRule(e,t)),n.compile(),this.multiRegexes[e]=n,n}resumingScanAtSamePosition(){return 0!==this.regexIndex}considerAll(){this.regexIndex=0}addRule(e,n){this.rules.push([e,n]),"begin"===n.type&&this.count++}exec(e){const n=this.getMatcher(this.regexIndex);n.lastIndex=this.lastIndex;let t=n.exec(e);if(this.resumingScanAtSamePosition())if(t&&t.index===this.lastIndex);else{const n=this.getMatcher(0);n.lastIndex=this.lastIndex+1,t=n.exec(e)}return t&&(this.regexIndex+=t.position+1,this.regexIndex===this.count&&this.considerAll()),t}}function i(e,n){const t=e.input[e.index-1],r=e.input[e.index+e[0].length];"."!==t&&"."!==r||n.ignoreMatch()}if(e.contains&&e.contains.includes("self"))throw Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.");return function t(s,o){const l=s;if(s.compiled)return l;s.compiled=!0,s.__beforeBegin=null,s.keywords=s.keywords||s.beginKeywords;let c=null;if("object"==typeof s.keywords&&(c=s.keywords.$pattern,delete s.keywords.$pattern),s.keywords&&(s.keywords=function(e,n){var t={};return"string"==typeof e?r("keyword",e):Object.keys(e).forEach((function(n){r(n,e[n])})),t;function r(e,r){n&&(r=r.toLowerCase()),r.split(" ").forEach((function(n){var r=n.split("|");t[r[0]]=[e,N(r[0],r[1])]}))}}(s.keywords,e.case_insensitive)),s.lexemes&&c)throw Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");return l.keywordPatternRe=n(s.lexemes||c||/\w+/,!0),o&&(s.beginKeywords&&(s.begin="\\b("+s.beginKeywords.split(" ").join("|")+")(?=\\b|\\s)",s.__beforeBegin=i),s.begin||(s.begin=/\B|\b/),l.beginRe=n(s.begin),s.endSameAsBegin&&(s.end=s.begin),s.end||s.endsWithParent||(s.end=/\B|\b/),s.end&&(l.endRe=n(s.end)),l.terminator_end=g(s.end)||"",s.endsWithParent&&o.terminator_end&&(l.terminator_end+=(s.end?"|":"")+o.terminator_end)),s.illegal&&(l.illegalRe=n(s.illegal)),void 0===s.relevance&&(s.relevance=1),s.contains||(s.contains=[]),s.contains=[].concat(...s.contains.map((function(e){return function(e){return e.variants&&!e.cached_variants&&(e.cached_variants=e.variants.map((function(n){return r(e,{variants:null},n)}))),e.cached_variants?e.cached_variants:function e(n){return!!n&&(n.endsWithParent||e(n.starts))}(e)?r(e,{starts:e.starts?r(e.starts):null}):Object.isFrozen(e)?r(e):e}("self"===e?s:e)}))),s.contains.forEach((function(e){t(e,l)})),s.starts&&t(s.starts,o),l.matcher=function(e){const n=new a;return e.contains.forEach(e=>n.addRule(e.begin,{rule:e,type:"begin"})),e.terminator_end&&n.addRule(e.terminator_end,{type:"end"}),e.illegal&&n.addRule(e.illegal,{type:"illegal"}),n}(l),l}(e)}(E),w="",R=s||_,M={},O=new f.__emitter(f);!function(){for(var e=[],n=R;n!==E;n=n.parent)n.className&&e.unshift(n.className);e.forEach(e=>O.openNode(e))}();var L="",I=0,T=0,j=0,S=!1;try{for(R.matcher.considerAll();;){j++,S?S=!1:R.matcher.considerAll(),R.matcher.lastIndex=T;const e=R.matcher.exec(o);if(!e)break;const n=x(o.substring(T,e.index),e);T=e.index+n}return x(o.substr(T)),O.closeAllNodes(),O.finalize(),w=O.toHTML(),{relevance:I,value:w,language:e,illegal:!1,emitter:O,top:R}}catch(n){if(n.message&&n.message.includes("Illegal"))return{illegal:!0,illegalBy:{msg:n.message,context:o.slice(T-100,T+100),mode:n.mode},sofar:w,relevance:0,value:k(o),emitter:O};if(l)return{illegal:!1,relevance:0,value:k(o),emitter:O,language:e,top:R,errorRaised:n};throw n}}function v(e,n){n=n||f.languages||Object.keys(i);var t=function(e){const n={relevance:0,emitter:new f.__emitter(f),value:k(e),illegal:!1,top:h};return n.emitter.addText(e),n}(e),r=t;return n.filter(y).filter(T).forEach((function(n){var a=b(n,e,!1);a.language=n,a.relevance>r.relevance&&(r=a),a.relevance>t.relevance&&(r=t,t=a)})),r.language&&(t.second_best=r),t}function x(e){return f.tabReplace||f.useBR?e.replace(c,e=>"\n"===e?f.useBR?"
":e:f.tabReplace?e.replace(/\t/g,f.tabReplace):e):e}function E(e){let n=null;const t=function(e){var n=e.className+" ";n+=e.parentNode?e.parentNode.className:"";const t=f.languageDetectRe.exec(n);if(t){var r=y(t[1]);return r||(console.warn(d.replace("{}",t[1])),console.warn("Falling back to no-highlight mode for this block.",e)),r?t[1]:"no-highlight"}return n.split(/\s+/).find(e=>p(e)||y(e))}(e);if(p(t))return;j("before:highlightBlock",{block:e,language:t}),f.useBR?(n=document.createElement("div")).innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n"):n=e;const r=n.textContent,a=t?m(t,r,!0):v(r),i=O(n);if(i.length){const e=document.createElement("div");e.innerHTML=a.value,a.value=L(i,O(e),r)}a.value=x(a.value),j("after:highlightBlock",{block:e,result:a}),e.innerHTML=a.value,e.className=function(e,n,t){var r=n?s[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),e.includes(r)||a.push(r),a.join(" ").trim()}(e.className,t,a.language),e.result={language:a.language,re:a.relevance,relavance:a.relevance},a.second_best&&(e.second_best={language:a.second_best.language,re:a.second_best.relevance,relavance:a.second_best.relevance})}const w=()=>{if(!w.called){w.called=!0;var e=document.querySelectorAll("pre code");a.forEach.call(e,E)}};function y(e){return e=(e||"").toLowerCase(),i[e]||i[s[e]]}function I(e,{languageName:n}){"string"==typeof e&&(e=[e]),e.forEach(e=>{s[e]=n})}function T(e){var n=y(e);return n&&!n.disableAutodetect}function j(e,n){var t=e;o.forEach((function(e){e[t]&&e[t](n)}))}Object.assign(t,{highlight:m,highlightAuto:v,fixMarkup:function(e){return console.warn("fixMarkup is deprecated and will be removed entirely in v11.0"),console.warn("Please see https://github.com/highlightjs/highlight.js/issues/2534"),x(e)},highlightBlock:E,configure:function(e){f=M(f,e)},initHighlighting:w,initHighlightingOnLoad:function(){window.addEventListener("DOMContentLoaded",w,!1)},registerLanguage:function(e,n){var r=null;try{r=n(t)}catch(n){if(console.error("Language definition for '{}' could not be registered.".replace("{}",e)),!l)throw n;console.error(n),r=h}r.name||(r.name=e),i[e]=r,r.rawDefinition=n.bind(null,t),r.aliases&&I(r.aliases,{languageName:e})},listLanguages:function(){return Object.keys(i)},getLanguage:y,registerAliases:I,requireLanguage:function(e){var n=y(e);if(n)return n;throw Error("The '{}' language is required, but not loaded.".replace("{}",e))},autoDetection:T,inherit:M,addPlugin:function(e){o.push(e)},vuePlugin:R}),t.debugMode=function(){l=!1},t.safeMode=function(){l=!0},t.versionString="10.2.1";for(const n in _)"object"==typeof _[n]&&e(_[n]);return Object.assign(t,_),t}({})}();"object"==typeof exports&&"undefined"!=typeof module&&(module.exports=hljs); +hljs.registerLanguage("apache",function(){"use strict";return function(e){var n={className:"number",begin:"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?"};return{name:"Apache config",aliases:["apacheconf"],case_insensitive:!0,contains:[e.HASH_COMMENT_MODE,{className:"section",begin:"",contains:[n,{className:"number",begin:":\\d{1,5}"},e.inherit(e.QUOTE_STRING_MODE,{relevance:0})]},{className:"attribute",begin:/\w+/,relevance:0,keywords:{nomarkup:"order deny allow setenv rewriterule rewriteengine rewritecond documentroot sethandler errordocument loadmodule options header listen serverroot servername"},starts:{end:/$/,relevance:0,keywords:{literal:"on off all deny allow"},contains:[{className:"meta",begin:"\\s\\[",end:"\\]$"},{className:"variable",begin:"[\\$%]\\{",end:"\\}",contains:["self",{className:"number",begin:"[\\$%]\\d+"}]},n,{className:"number",begin:"\\d+"},e.QUOTE_STRING_MODE]}}],illegal:/\S/}}}()); +hljs.registerLanguage("bash",function(){"use strict";return function(e){const s={};Object.assign(s,{className:"variable",variants:[{begin:/\$[\w\d#@][\w\d_]*/},{begin:/\$\{/,end:/\}/,contains:[{begin:/:-/,contains:[s]}]}]});const t={className:"subst",begin:/\$\(/,end:/\)/,contains:[e.BACKSLASH_ESCAPE]},n={className:"string",begin:/"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,t]};t.contains.push(n);const a={begin:/\$\(\(/,end:/\)\)/,contains:[{begin:/\d+#[0-9a-f]+/,className:"number"},e.NUMBER_MODE,s]},i=e.SHEBANG({binary:"(fish|bash|zsh|sh|csh|ksh|tcsh|dash|scsh)",relevance:10}),c={className:"function",begin:/\w[\w\d_]*\s*\(\s*\)\s*\{/,returnBegin:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/\w[\w\d_]*/})],relevance:0};return{name:"Bash",aliases:["sh","zsh"],keywords:{$pattern:/\b-?[a-z\._-]+\b/,keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp",_:"-ne -eq -lt -gt -f -d -e -s -l -a"},contains:[i,e.SHEBANG(),c,a,e.HASH_COMMENT_MODE,n,{className:"",begin:/\\"/},{className:"string",begin:/'/,end:/'/},s]}}}()); +hljs.registerLanguage("c-like",function(){"use strict";return function(e){function t(e){return"(?:"+e+")?"}var n="(decltype\\(auto\\)|"+t("[a-zA-Z_]\\w*::")+"[a-zA-Z_]\\w*"+t("<.*?>")+")",r={className:"keyword",begin:"\\b[a-z\\d_]*_t\\b"},a={className:"string",variants:[{begin:'(u8?|U|L)?"',end:'"',illegal:"\\n",contains:[e.BACKSLASH_ESCAPE]},{begin:"(u8?|U|L)?'(\\\\(x[0-9A-Fa-f]{2}|u[0-9A-Fa-f]{4,8}|[0-7]{3}|\\S)|.)",end:"'",illegal:"."},e.END_SAME_AS_BEGIN({begin:/(?:u8?|U|L)?R"([^()\\ ]{0,16})\(/,end:/\)([^()\\ ]{0,16})"/})]},i={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},s={className:"meta",begin:/#\s*[a-z]+\b/,end:/$/,keywords:{"meta-keyword":"if else elif endif define undef warning error line pragma _Pragma ifdef ifndef include"},contains:[{begin:/\\\n/,relevance:0},e.inherit(a,{className:"meta-string"}),{className:"meta-string",begin:/<.*?>/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},o={className:"title",begin:t("[a-zA-Z_]\\w*::")+e.IDENT_RE,relevance:0},c=t("[a-zA-Z_]\\w*::")+e.IDENT_RE+"\\s*\\(",l={keyword:"int float while private char char8_t char16_t char32_t catch import module export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const for static_cast|10 union namespace unsigned long volatile static protected bool template mutable if public friend do goto auto void enum else break extern using asm case typeid wchar_t short reinterpret_cast|10 default double register explicit signed typename try this switch continue inline delete alignas alignof constexpr consteval constinit decltype concept co_await co_return co_yield requires noexcept static_assert thread_local restrict final override atomic_bool atomic_char atomic_schar atomic_uchar atomic_short atomic_ushort atomic_int atomic_uint atomic_long atomic_ulong atomic_llong atomic_ullong new throw return and and_eq bitand bitor compl not not_eq or or_eq xor xor_eq",built_in:"std string wstring cin cout cerr clog stdin stdout stderr stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set pair bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap priority_queue make_pair array shared_ptr abort terminate abs acos asin atan2 atan calloc ceil cosh cos exit exp fabs floor fmod fprintf fputs free frexp fscanf future isalnum isalpha iscntrl isdigit isgraph islower isprint ispunct isspace isupper isxdigit tolower toupper labs ldexp log10 log malloc realloc memchr memcmp memcpy memset modf pow printf putchar puts scanf sinh sin snprintf sprintf sqrt sscanf strcat strchr strcmp strcpy strcspn strlen strncat strncmp strncpy strpbrk strrchr strspn strstr tanh tan vfprintf vprintf vsprintf endl initializer_list unique_ptr _Bool complex _Complex imaginary _Imaginary",literal:"true false nullptr NULL"},d=[r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,i,a],_={variants:[{begin:/=/,end:/;/},{begin:/\(/,end:/\)/},{beginKeywords:"new throw return else",end:/;/}],keywords:l,contains:d.concat([{begin:/\(/,end:/\)/,keywords:l,contains:d.concat(["self"]),relevance:0}]),relevance:0},u={className:"function",begin:"("+n+"[\\*&\\s]+)+"+c,returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:l,illegal:/[^\w\s\*&:<>]/,contains:[{begin:"decltype\\(auto\\)",keywords:l,relevance:0},{begin:c,returnBegin:!0,contains:[o],relevance:0},{className:"params",begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,i,r,{begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:["self",e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,i,r]}]},r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,s]};return{aliases:["c","cc","h","c++","h++","hpp","hh","hxx","cxx"],keywords:l,disableAutodetect:!0,illegal:"",keywords:l,contains:["self",r]},{begin:e.IDENT_RE+"::",keywords:l},{className:"class",beginKeywords:"class struct",end:/[{;:]/,contains:[{begin://,contains:["self"]},e.TITLE_MODE]}]),exports:{preprocessor:s,strings:a,keywords:l}}}}()); +hljs.registerLanguage("c",function(){"use strict";return function(e){var n=e.requireLanguage("c-like").rawDefinition();return n.name="C",n.aliases=["c","h"],n}}()); +hljs.registerLanguage("coffeescript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);return function(r){var t={keyword:e.concat(["then","unless","until","loop","by","when","and","or","is","isnt","not"]).filter((e=>n=>!e.includes(n))(["var","const","let","function","static"])).join(" "),literal:n.concat(["yes","no","on","off"]).join(" "),built_in:a.concat(["npm","print"]).join(" ")},i="[A-Za-z$_][0-9A-Za-z$_]*",s={className:"subst",begin:/#\{/,end:/}/,keywords:t},o=[r.BINARY_NUMBER_MODE,r.inherit(r.C_NUMBER_MODE,{starts:{end:"(\\s*/)?",relevance:0}}),{className:"string",variants:[{begin:/'''/,end:/'''/,contains:[r.BACKSLASH_ESCAPE]},{begin:/'/,end:/'/,contains:[r.BACKSLASH_ESCAPE]},{begin:/"""/,end:/"""/,contains:[r.BACKSLASH_ESCAPE,s]},{begin:/"/,end:/"/,contains:[r.BACKSLASH_ESCAPE,s]}]},{className:"regexp",variants:[{begin:"///",end:"///",contains:[s,r.HASH_COMMENT_MODE]},{begin:"//[gim]{0,3}(?=\\W)",relevance:0},{begin:/\/(?![ *]).*?(?![\\]).\/[gim]{0,3}(?=\W)/}]},{begin:"@"+i},{subLanguage:"javascript",excludeBegin:!0,excludeEnd:!0,variants:[{begin:"```",end:"```"},{begin:"`",end:"`"}]}];s.contains=o;var c=r.inherit(r.TITLE_MODE,{begin:i}),l={className:"params",begin:"\\([^\\(]",returnBegin:!0,contains:[{begin:/\(/,end:/\)/,keywords:t,contains:["self"].concat(o)}]};return{name:"CoffeeScript",aliases:["coffee","cson","iced"],keywords:t,illegal:/\/\*/,contains:o.concat([r.COMMENT("###","###"),r.HASH_COMMENT_MODE,{className:"function",begin:"^\\s*"+i+"\\s*=\\s*(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[c,l]},{begin:/[:\(,=]\s*/,relevance:0,contains:[{className:"function",begin:"(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[l]}]},{className:"class",beginKeywords:"class",end:"$",illegal:/[:="\[\]]/,contains:[{beginKeywords:"extends",endsWithParent:!0,illegal:/[:="\[\]]/,contains:[c]},c]},{begin:i+":",end:":",returnBegin:!0,returnEnd:!0,relevance:0}])}}}()); +hljs.registerLanguage("cpp",function(){"use strict";return function(e){var i=e.requireLanguage("c-like").rawDefinition();return i.disableAutodetect=!1,i.name="C++",i.aliases=["cc","c++","h++","hpp","hh","hxx","cxx"],i}}()); +hljs.registerLanguage("csharp",function(){"use strict";return function(e){var n={keyword:"abstract as base bool break byte case catch char checked const continue decimal default delegate do double enum event explicit extern finally fixed float for foreach goto if implicit in init int interface internal is lock long object operator out override params private protected public readonly ref sbyte sealed short sizeof stackalloc static string struct switch this try typeof uint ulong unchecked unsafe ushort using virtual void volatile while add alias ascending async await by descending dynamic equals from get global group into join let nameof on orderby partial remove select set value var when where yield",literal:"null false true"},i=e.inherit(e.TITLE_MODE,{begin:"[a-zA-Z](\\.?\\w)*"}),a={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},s={className:"string",begin:'@"',end:'"',contains:[{begin:'""'}]},t=e.inherit(s,{illegal:/\n/}),l={className:"subst",begin:"{",end:"}",keywords:n},r=e.inherit(l,{illegal:/\n/}),c={className:"string",begin:/\$"/,end:'"',illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},e.BACKSLASH_ESCAPE,r]},o={className:"string",begin:/\$@"/,end:'"',contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},l]},g=e.inherit(o,{illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},r]});l.contains=[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.C_BLOCK_COMMENT_MODE],r.contains=[g,c,t,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.inherit(e.C_BLOCK_COMMENT_MODE,{illegal:/\n/})];var d={variants:[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},E={begin:"<",end:">",contains:[{beginKeywords:"in out"},i]},_=e.IDENT_RE+"(<"+e.IDENT_RE+"(\\s*,\\s*"+e.IDENT_RE+")*>)?(\\[\\])?",b={begin:"@"+e.IDENT_RE,relevance:0};return{name:"C#",aliases:["cs","c#"],keywords:n,illegal:/::/,contains:[e.COMMENT("///","$",{returnBegin:!0,contains:[{className:"doctag",variants:[{begin:"///",relevance:0},{begin:"\x3c!--|--\x3e"},{begin:""}]}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"meta",begin:"#",end:"$",keywords:{"meta-keyword":"if else elif endif define undef warning error line region endregion pragma checksum"}},d,a,{beginKeywords:"class interface",end:/[{;=]/,illegal:/[^\s:,]/,contains:[{beginKeywords:"where class"},i,E,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{beginKeywords:"namespace",end:/[{;=]/,illegal:/[^\s:]/,contains:[i,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{beginKeywords:"record",end:/[{;=]/,illegal:/[^\s:]/,contains:[i,E,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"meta",begin:"^\\s*\\[",excludeBegin:!0,end:"\\]",excludeEnd:!0,contains:[{className:"meta-string",begin:/"/,end:/"/}]},{beginKeywords:"new return throw await else",relevance:0},{className:"function",begin:"("+_+"\\s+)+"+e.IDENT_RE+"\\s*(\\<.+\\>)?\\s*\\(",returnBegin:!0,end:/\s*[{;=]/,excludeEnd:!0,keywords:n,contains:[{begin:e.IDENT_RE+"\\s*(\\<.+\\>)?\\s*\\(",returnBegin:!0,contains:[e.TITLE_MODE,E],relevance:0},{className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:n,relevance:0,contains:[d,a,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},b]}}}()); +hljs.registerLanguage("css",function(){"use strict";return function(e){var n={begin:/(?:[A-Z\_\.\-]+|--[a-zA-Z0-9_-]+)\s*:/,returnBegin:!0,end:";",endsWithParent:!0,contains:[{className:"attribute",begin:/\S/,end:":",excludeEnd:!0,starts:{endsWithParent:!0,excludeEnd:!0,contains:[{begin:/[\w-]+\(/,returnBegin:!0,contains:[{className:"built_in",begin:/[\w-]+/},{begin:/\(/,end:/\)/,contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{className:"number",begin:"#[0-9A-Fa-f]+"},{className:"meta",begin:"!important"}]}}]};return{name:"CSS",case_insensitive:!0,illegal:/[=\/|'\$]/,contains:[e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:/#[A-Za-z0-9_-]+/},{className:"selector-class",begin:/\.[A-Za-z0-9_-]+/},{className:"selector-attr",begin:/\[/,end:/\]/,illegal:"$",contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",illegal:/:/,returnBegin:!0,contains:[{className:"keyword",begin:/@\-?\w[\w]*(\-\w+)*/},{begin:/\s/,endsWithParent:!0,excludeEnd:!0,relevance:0,keywords:"and or not only",contains:[{begin:/[a-z-]+:/,className:"attribute"},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},{className:"selector-tag",begin:"[a-zA-Z-][a-zA-Z0-9_-]*",relevance:0},{begin:"{",end:"}",illegal:/\S/,contains:[e.C_BLOCK_COMMENT_MODE,n]}]}}}()); +hljs.registerLanguage("diff",function(){"use strict";return function(e){return{name:"Diff",aliases:["patch"],contains:[{className:"meta",relevance:10,variants:[{begin:/^@@ +\-\d+,\d+ +\+\d+,\d+ +@@$/},{begin:/^\*\*\* +\d+,\d+ +\*\*\*\*$/},{begin:/^\-\-\- +\d+,\d+ +\-\-\-\-$/}]},{className:"comment",variants:[{begin:/Index: /,end:/$/},{begin:/={3,}/,end:/$/},{begin:/^\-{3}/,end:/$/},{begin:/^\*{3} /,end:/$/},{begin:/^\+{3}/,end:/$/},{begin:/^\*{15}$/}]},{className:"addition",begin:"^\\+",end:"$"},{className:"deletion",begin:"^\\-",end:"$"},{className:"addition",begin:"^\\!",end:"$"}]}}}()); +hljs.registerLanguage("go",function(){"use strict";return function(e){var n={keyword:"break default func interface select case map struct chan else goto package switch const fallthrough if range type continue for import return var go defer bool byte complex64 complex128 float32 float64 int8 int16 int32 int64 string uint8 uint16 uint32 uint64 int uint uintptr rune",literal:"true false iota nil",built_in:"append cap close complex copy imag len make new panic print println real recover delete"};return{name:"Go",aliases:["golang"],keywords:n,illegal:"e(n)).join("")}return function(a){var s={className:"number",relevance:0,variants:[{begin:/([\+\-]+)?[\d]+_[\d_]+/},{begin:a.NUMBER_RE}]},i=a.COMMENT();i.variants=[{begin:/;/,end:/$/},{begin:/#/,end:/$/}];var t={className:"variable",variants:[{begin:/\$[\w\d"][\w\d_]*/},{begin:/\$\{(.*?)}/}]},r={className:"literal",begin:/\bon|off|true|false|yes|no\b/},l={className:"string",contains:[a.BACKSLASH_ESCAPE],variants:[{begin:"'''",end:"'''",relevance:10},{begin:'"""',end:'"""',relevance:10},{begin:'"',end:'"'},{begin:"'",end:"'"}]},c={begin:/\[/,end:/\]/,contains:[i,r,t,l,s,"self"],relevance:0},g="("+[/[A-Za-z0-9_-]+/,/"(\\"|[^"])*"/,/'[^']*'/].map(n=>e(n)).join("|")+")";return{name:"TOML, also INI",aliases:["toml"],case_insensitive:!0,illegal:/\S/,contains:[i,{className:"section",begin:/\[+/,end:/\]+/},{begin:n(g,"(\\s*\\.\\s*",g,")*",n("(?=",/\s*=\s*[^#\s]/,")")),className:"attr",starts:{end:/$/,contains:[i,c,r,t,l,s]}}]}}}()); +hljs.registerLanguage("java",function(){"use strict";function e(e){return e?"string"==typeof e?e:e.source:null}function n(e){return a("(",e,")?")}function a(...n){return n.map(n=>e(n)).join("")}function s(...n){return"("+n.map(n=>e(n)).join("|")+")"}return function(e){var t="false synchronized int abstract float private char boolean var static null if const for true while long strictfp finally protected import native final void enum else break transient catch instanceof byte super volatile case assert short package default double public try this switch continue throws protected public private module requires exports do",i={className:"meta",begin:"@[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*",contains:[{begin:/\(/,end:/\)/,contains:["self"]}]},r=e=>a("[",e,"]+([",e,"_]*[",e,"]+)?"),c={className:"number",variants:[{begin:`\\b(0[bB]${r("01")})[lL]?`},{begin:`\\b(0${r("0-7")})[dDfFlL]?`},{begin:a(/\b0[xX]/,s(a(r("a-fA-F0-9"),/\./,r("a-fA-F0-9")),a(r("a-fA-F0-9"),/\.?/),a(/\./,r("a-fA-F0-9"))),/([pP][+-]?(\d+))?/,/[fFdDlL]?/)},{begin:a(/\b/,s(a(/\d*\./,r("\\d")),r("\\d")),/[eE][+-]?[\d]+[dDfF]?/)},{begin:a(/\b/,r(/\d/),n(/\.?/),n(r(/\d/)),/[dDfFlL]?/)}],relevance:0};return{name:"Java",aliases:["jsp"],keywords:t,illegal:/<\/|#/,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{begin:/\w+@/,relevance:0},{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"class",beginKeywords:"class interface enum",end:/[{;=]/,excludeEnd:!0,keywords:"class interface enum",illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"new throw return else",relevance:0},{className:"function",begin:"([À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(<[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(\\s*,\\s*[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*)*>)?\\s+)+"+e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:t,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"params",begin:/\(/,end:/\)/,keywords:t,relevance:0,contains:[i,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},c,i]}}}()); +hljs.registerLanguage("javascript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);function s(e){return r("(?=",e,")")}function r(...e){return e.map(e=>(function(e){return e?"string"==typeof e?e:e.source:null})(e)).join("")}return function(t){var i="[A-Za-z$_][0-9A-Za-z$_]*",c={begin:/<[A-Za-z0-9\\._:-]+/,end:/\/[A-Za-z0-9\\._:-]+>|\/>/},o={$pattern:"[A-Za-z$_][0-9A-Za-z$_]*",keyword:e.join(" "),literal:n.join(" "),built_in:a.join(" ")},l={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:t.C_NUMBER_RE+"n?"}],relevance:0},E={className:"subst",begin:"\\$\\{",end:"\\}",keywords:o,contains:[]},d={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[t.BACKSLASH_ESCAPE,E],subLanguage:"xml"}},g={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[t.BACKSLASH_ESCAPE,E],subLanguage:"css"}},u={className:"string",begin:"`",end:"`",contains:[t.BACKSLASH_ESCAPE,E]};E.contains=[t.APOS_STRING_MODE,t.QUOTE_STRING_MODE,d,g,u,l,t.REGEXP_MODE];var b=E.contains.concat([{begin:/\(/,end:/\)/,contains:["self"].concat(E.contains,[t.C_BLOCK_COMMENT_MODE,t.C_LINE_COMMENT_MODE])},t.C_BLOCK_COMMENT_MODE,t.C_LINE_COMMENT_MODE]),_={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:b};return{name:"JavaScript",aliases:["js","jsx","mjs","cjs"],keywords:o,contains:[t.SHEBANG({binary:"node",relevance:5}),{className:"meta",relevance:10,begin:/^\s*['"]use (strict|asm)['"]/},t.APOS_STRING_MODE,t.QUOTE_STRING_MODE,d,g,u,t.C_LINE_COMMENT_MODE,t.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+",contains:[{className:"type",begin:"\\{",end:"\\}",relevance:0},{className:"variable",begin:i+"(?=\\s*(-)|$)",endsParent:!0,relevance:0},{begin:/(?=[^\n])\s/,relevance:0}]}]}),t.C_BLOCK_COMMENT_MODE,l,{begin:r(/[{,\n]\s*/,s(r(/(((\/\/.*$)|(\/\*(.|\n)*\*\/))\s*)*/,i+"\\s*:"))),relevance:0,contains:[{className:"attr",begin:i+s("\\s*:"),relevance:0}]},{begin:"("+t.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[t.C_LINE_COMMENT_MODE,t.C_BLOCK_COMMENT_MODE,t.REGEXP_MODE,{className:"function",begin:"(\\([^(]*(\\([^(]*(\\([^(]*\\))?\\))?\\)|"+t.UNDERSCORE_IDENT_RE+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:t.UNDERSCORE_IDENT_RE},{className:null,begin:/\(\s*\)/,skip:!0},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:o,contains:b}]}]},{begin:/,/,relevance:0},{className:"",begin:/\s/,end:/\s*/,skip:!0},{variants:[{begin:"<>",end:""},{begin:c.begin,end:c.end}],subLanguage:"xml",contains:[{begin:c.begin,end:c.end,skip:!0,contains:["self"]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/\{/,excludeEnd:!0,contains:[t.inherit(t.TITLE_MODE,{begin:i}),_],illegal:/\[|%/},{begin:/\$[(.]/},t.METHOD_GUARD,{className:"class",beginKeywords:"class",end:/[{;=]/,excludeEnd:!0,illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends"},t.UNDERSCORE_TITLE_MODE]},{beginKeywords:"constructor",end:/\{/,excludeEnd:!0},{begin:"(get|set)\\s+(?="+i+"\\()",end:/{/,keywords:"get set",contains:[t.inherit(t.TITLE_MODE,{begin:i}),{begin:/\(\)/},_]}],illegal:/#(?!!)/}}}()); +hljs.registerLanguage("json",function(){"use strict";return function(n){var e={literal:"true false null"},i=[n.C_LINE_COMMENT_MODE,n.C_BLOCK_COMMENT_MODE],t=[n.QUOTE_STRING_MODE,n.C_NUMBER_MODE],a={end:",",endsWithParent:!0,excludeEnd:!0,contains:t,keywords:e},l={begin:"{",end:"}",contains:[{className:"attr",begin:/"/,end:/"/,contains:[n.BACKSLASH_ESCAPE],illegal:"\\n"},n.inherit(a,{begin:/:/})].concat(i),illegal:"\\S"},s={begin:"\\[",end:"\\]",contains:[n.inherit(a)],illegal:"\\S"};return t.push(l,s),i.forEach((function(n){t.push(n)})),{name:"JSON",contains:t,keywords:e,illegal:"\\S"}}}()); +hljs.registerLanguage("kotlin",function(){"use strict";return function(e){var n={keyword:"abstract as val var vararg get set class object open private protected public noinline crossinline dynamic final enum if else do while for when throw try catch finally import package is in fun override companion reified inline lateinit init interface annotation data sealed internal infix operator out by constructor super tailrec where const inner suspend typealias external expect actual",built_in:"Byte Short Char Int Long Boolean Float Double Void Unit Nothing",literal:"true false null"},a={className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"@"},i={className:"subst",begin:"\\${",end:"}",contains:[e.C_NUMBER_MODE]},s={className:"variable",begin:"\\$"+e.UNDERSCORE_IDENT_RE},t={className:"string",variants:[{begin:'"""',end:'"""(?=[^"])',contains:[s,i]},{begin:"'",end:"'",illegal:/\n/,contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"',illegal:/\n/,contains:[e.BACKSLASH_ESCAPE,s,i]}]};i.contains.push(t);var r={className:"meta",begin:"@(?:file|property|field|get|set|receiver|param|setparam|delegate)\\s*:(?:\\s*"+e.UNDERSCORE_IDENT_RE+")?"},l={className:"meta",begin:"@"+e.UNDERSCORE_IDENT_RE,contains:[{begin:/\(/,end:/\)/,contains:[e.inherit(t,{className:"meta-string"})]}]},c=e.COMMENT("/\\*","\\*/",{contains:[e.C_BLOCK_COMMENT_MODE]}),o={variants:[{className:"type",begin:e.UNDERSCORE_IDENT_RE},{begin:/\(/,end:/\)/,contains:[]}]},d=o;return d.variants[1].contains=[o],o.variants[1].contains=[d],{name:"Kotlin",aliases:["kt"],keywords:n,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,c,{className:"keyword",begin:/\b(break|continue|return|this)\b/,starts:{contains:[{className:"symbol",begin:/@\w+/}]}},a,r,l,{className:"function",beginKeywords:"fun",end:"[(]|$",returnBegin:!0,excludeEnd:!0,keywords:n,illegal:/fun\s+(<.*>)?[^\s\(]+(\s+[^\s\(]+)\s*=/,relevance:5,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"type",begin://,keywords:"reified",relevance:0},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:n,relevance:0,contains:[{begin:/:/,end:/[=,\/]/,endsWithParent:!0,contains:[o,e.C_LINE_COMMENT_MODE,c],relevance:0},e.C_LINE_COMMENT_MODE,c,r,l,t,e.C_NUMBER_MODE]},c]},{className:"class",beginKeywords:"class interface trait",end:/[:\{(]|$/,excludeEnd:!0,illegal:"extends implements",contains:[{beginKeywords:"public protected internal private constructor"},e.UNDERSCORE_TITLE_MODE,{className:"type",begin://,excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:/[,:]\s*/,end:/[<\(,]|$/,excludeBegin:!0,returnEnd:!0},r,l]},t,{className:"meta",begin:"^#!/usr/bin/env",end:"$",illegal:"\n"},{className:"number",begin:"\\b(0[bB]([01]+[01_]+[01]+|[01]+)|0[xX]([a-fA-F0-9]+[a-fA-F0-9_]+[a-fA-F0-9]+|[a-fA-F0-9]+)|(([\\d]+[\\d_]+[\\d]+|[\\d]+)(\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))?|\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))([eE][-+]?\\d+)?)[lLfF]?",relevance:0}]}}}()); +hljs.registerLanguage("less",function(){"use strict";return function(e){var n="([\\w-]+|@{[\\w-]+})",a=[],s=[],t=function(e){return{className:"string",begin:"~?"+e+".*?"+e}},r=function(e,n,a){return{className:e,begin:n,relevance:a}},i={begin:"\\(",end:"\\)",contains:s,relevance:0};s.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,t("'"),t('"'),e.CSS_NUMBER_MODE,{begin:"(url|data-uri)\\(",starts:{className:"string",end:"[\\)\\n]",excludeEnd:!0}},r("number","#[0-9A-Fa-f]+\\b"),i,r("variable","@@?[\\w-]+",10),r("variable","@{[\\w-]+}"),r("built_in","~?`[^`]*?`"),{className:"attribute",begin:"[\\w-]+\\s*:",end:":",returnBegin:!0,excludeEnd:!0},{className:"meta",begin:"!important"});var c=s.concat({begin:"{",end:"}",contains:a}),l={beginKeywords:"when",endsWithParent:!0,contains:[{beginKeywords:"and not"}].concat(s)},o={begin:n+"\\s*:",returnBegin:!0,end:"[;}]",relevance:0,contains:[{className:"attribute",begin:n,end:":",excludeEnd:!0,starts:{endsWithParent:!0,illegal:"[<=$]",relevance:0,contains:s}}]},g={className:"keyword",begin:"@(import|media|charset|font-face|(-[a-z]+-)?keyframes|supports|document|namespace|page|viewport|host)\\b",starts:{end:"[;{}]",returnEnd:!0,contains:s,relevance:0}},d={className:"variable",variants:[{begin:"@[\\w-]+\\s*:",relevance:15},{begin:"@[\\w-]+"}],starts:{end:"[;}]",returnEnd:!0,contains:c}},b={variants:[{begin:"[\\.#:&\\[>]",end:"[;{}]"},{begin:n,end:"{"}],returnBegin:!0,returnEnd:!0,illegal:"[<='$\"]",relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,l,r("keyword","all\\b"),r("variable","@{[\\w-]+}"),r("selector-tag",n+"%?",0),r("selector-id","#"+n),r("selector-class","\\."+n,0),r("selector-tag","&",0),{className:"selector-attr",begin:"\\[",end:"\\]"},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"\\(",end:"\\)",contains:c},{begin:"!important"}]};return a.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,g,d,o,b),{name:"Less",case_insensitive:!0,illegal:"[=>'/<($\"]",contains:a}}}()); +hljs.registerLanguage("lua",function(){"use strict";return function(e){var t={begin:"\\[=*\\[",end:"\\]=*\\]",contains:["self"]},a=[e.COMMENT("--(?!\\[=*\\[)","$"),e.COMMENT("--\\[=*\\[","\\]=*\\]",{contains:[t],relevance:10})];return{name:"Lua",keywords:{$pattern:e.UNDERSCORE_IDENT_RE,literal:"true false nil",keyword:"and break do else elseif end for goto if in local not or repeat return then until while",built_in:"_G _ENV _VERSION __index __newindex __mode __call __metatable __tostring __len __gc __add __sub __mul __div __mod __pow __concat __unm __eq __lt __le assert collectgarbage dofile error getfenv getmetatable ipairs load loadfile loadstring module next pairs pcall print rawequal rawget rawset require select setfenv setmetatable tonumber tostring type unpack xpcall arg self coroutine resume yield status wrap create running debug getupvalue debug sethook getmetatable gethook setmetatable setlocal traceback setfenv getinfo setupvalue getlocal getregistry getfenv io lines write close flush open output type read stderr stdin input stdout popen tmpfile math log max acos huge ldexp pi cos tanh pow deg tan cosh sinh random randomseed frexp ceil floor rad abs sqrt modf asin min mod fmod log10 atan2 exp sin atan os exit setlocale date getenv difftime remove time clock tmpname rename execute package preload loadlib loaded loaders cpath config path seeall string sub upper len gfind rep find match char dump gmatch reverse byte format gsub lower table setn insert getn foreachi maxn foreach concat sort remove"},contains:a.concat([{className:"function",beginKeywords:"function",end:"\\)",contains:[e.inherit(e.TITLE_MODE,{begin:"([_a-zA-Z]\\w*\\.)*([_a-zA-Z]\\w*:)?[_a-zA-Z]\\w*"}),{className:"params",begin:"\\(",endsWithParent:!0,contains:a}].concat(a)},e.C_NUMBER_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"string",begin:"\\[=*\\[",end:"\\]=*\\]",contains:[t],relevance:5}])}}}()); +hljs.registerLanguage("makefile",function(){"use strict";return function(e){var i={className:"variable",variants:[{begin:"\\$\\("+e.UNDERSCORE_IDENT_RE+"\\)",contains:[e.BACKSLASH_ESCAPE]},{begin:/\$[@%`]+/}]}]}]};return{name:"HTML, XML",aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist","wsf","svg"],case_insensitive:!0,contains:[{className:"meta",begin:"",relevance:10,contains:[a,i,t,s,{begin:"\\[",end:"\\]",contains:[{className:"meta",begin:"",contains:[a,s,i,t]}]}]},e.COMMENT("\x3c!--","--\x3e",{relevance:10}),{begin:"<\\!\\[CDATA\\[",end:"\\]\\]>",relevance:10},n,{className:"meta",begin:/<\?xml/,end:/\?>/,relevance:10},{className:"tag",begin:")",end:">",keywords:{name:"style"},contains:[c],starts:{end:"",returnEnd:!0,subLanguage:["css","xml"]}},{className:"tag",begin:")",end:">",keywords:{name:"script"},contains:[c],starts:{end:"<\/script>",returnEnd:!0,subLanguage:["javascript","handlebars","xml"]}},{className:"tag",begin:"",contains:[{className:"name",begin:/[^\/><\s]+/,relevance:0},c]}]}}}()); +hljs.registerLanguage("markdown",function(){"use strict";return function(n){const e={begin:"<",end:">",subLanguage:"xml",relevance:0},a={begin:"\\[.+?\\][\\(\\[].*?[\\)\\]]",returnBegin:!0,contains:[{className:"string",begin:"\\[",end:"\\]",excludeBegin:!0,returnEnd:!0,relevance:0},{className:"link",begin:"\\]\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0},{className:"symbol",begin:"\\]\\[",end:"\\]",excludeBegin:!0,excludeEnd:!0}],relevance:10},i={className:"strong",contains:[],variants:[{begin:/_{2}/,end:/_{2}/},{begin:/\*{2}/,end:/\*{2}/}]},s={className:"emphasis",contains:[],variants:[{begin:/\*(?!\*)/,end:/\*/},{begin:/_(?!_)/,end:/_/,relevance:0}]};i.contains.push(s),s.contains.push(i);var c=[e,a];return i.contains=i.contains.concat(c),s.contains=s.contains.concat(c),{name:"Markdown",aliases:["md","mkdown","mkd"],contains:[{className:"section",variants:[{begin:"^#{1,6}",end:"$",contains:c=c.concat(i,s)},{begin:"(?=^.+?\\n[=-]{2,}$)",contains:[{begin:"^[=-]*$"},{begin:"^",end:"\\n",contains:c}]}]},e,{className:"bullet",begin:"^[ \t]*([*+-]|(\\d+\\.))(?=\\s+)",end:"\\s+",excludeEnd:!0},i,s,{className:"quote",begin:"^>\\s+",contains:c,end:"$"},{className:"code",variants:[{begin:"(`{3,})(.|\\n)*?\\1`*[ ]*"},{begin:"(~{3,})(.|\\n)*?\\1~*[ ]*"},{begin:"```",end:"```+[ ]*$"},{begin:"~~~",end:"~~~+[ ]*$"},{begin:"`.+?`"},{begin:"(?=^( {4}|\\t))",contains:[{begin:"^( {4}|\\t)",end:"(\\n)$"}],relevance:0}]},{begin:"^[-\\*]{3,}",end:"$"},a,{begin:/^\[[^\n]+\]:/,returnBegin:!0,contains:[{className:"symbol",begin:/\[/,end:/\]/,excludeBegin:!0,excludeEnd:!0},{className:"link",begin:/:\s*/,end:/$/,excludeBegin:!0}]}]}}}()); +hljs.registerLanguage("nginx",function(){"use strict";return function(e){var n={className:"variable",variants:[{begin:/\$\d+/},{begin:/\$\{/,end:/}/},{begin:"[\\$\\@]"+e.UNDERSCORE_IDENT_RE}]},a={endsWithParent:!0,keywords:{$pattern:"[a-z/_]+",literal:"on off yes no true false none blocked debug info notice warn error crit select break last permanent redirect kqueue rtsig epoll poll /dev/poll"},relevance:0,illegal:"=>",contains:[e.HASH_COMMENT_MODE,{className:"string",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:/"/,end:/"/},{begin:/'/,end:/'/}]},{begin:"([a-z]+):/",end:"\\s",endsWithParent:!0,excludeEnd:!0,contains:[n]},{className:"regexp",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:"\\s\\^",end:"\\s|{|;",returnEnd:!0},{begin:"~\\*?\\s+",end:"\\s|{|;",returnEnd:!0},{begin:"\\*(\\.[a-z\\-]+)+"},{begin:"([a-z\\-]+\\.)+\\*"}]},{className:"number",begin:"\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?\\b"},{className:"number",begin:"\\b\\d+[kKmMgGdshdwy]*\\b",relevance:0},n]};return{name:"Nginx config",aliases:["nginxconf"],contains:[e.HASH_COMMENT_MODE,{begin:e.UNDERSCORE_IDENT_RE+"\\s+{",returnBegin:!0,end:"{",contains:[{className:"section",begin:e.UNDERSCORE_IDENT_RE}],relevance:0},{begin:e.UNDERSCORE_IDENT_RE+"\\s",end:";|{",returnBegin:!0,contains:[{className:"attribute",begin:e.UNDERSCORE_IDENT_RE,starts:a}],relevance:0}],illegal:"[^\\s\\}]"}}}()); +hljs.registerLanguage("objectivec",function(){"use strict";return function(e){var n=/[a-zA-Z@][a-zA-Z0-9_]*/,_={$pattern:n,keyword:"@interface @class @protocol @implementation"};return{name:"Objective-C",aliases:["mm","objc","obj-c"],keywords:{$pattern:n,keyword:"int float while char export sizeof typedef const struct for union unsigned long volatile static bool mutable if do return goto void enum else break extern asm case short default double register explicit signed typename this switch continue wchar_t inline readonly assign readwrite self @synchronized id typeof nonatomic super unichar IBOutlet IBAction strong weak copy in out inout bycopy byref oneway __strong __weak __block __autoreleasing @private @protected @public @try @property @end @throw @catch @finally @autoreleasepool @synthesize @dynamic @selector @optional @required @encode @package @import @defs @compatibility_alias __bridge __bridge_transfer __bridge_retained __bridge_retain __covariant __contravariant __kindof _Nonnull _Nullable _Null_unspecified __FUNCTION__ __PRETTY_FUNCTION__ __attribute__ getter setter retain unsafe_unretained nonnull nullable null_unspecified null_resettable class instancetype NS_DESIGNATED_INITIALIZER NS_UNAVAILABLE NS_REQUIRES_SUPER NS_RETURNS_INNER_POINTER NS_INLINE NS_AVAILABLE NS_DEPRECATED NS_ENUM NS_OPTIONS NS_SWIFT_UNAVAILABLE NS_ASSUME_NONNULL_BEGIN NS_ASSUME_NONNULL_END NS_REFINED_FOR_SWIFT NS_SWIFT_NAME NS_SWIFT_NOTHROW NS_DURING NS_HANDLER NS_ENDHANDLER NS_VALUERETURN NS_VOIDRETURN",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"BOOL dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"},illegal:"/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"class",begin:"("+_.keyword.split(" ").join("|")+")\\b",end:"({|$)",excludeEnd:!0,keywords:_,contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"\\."+e.UNDERSCORE_IDENT_RE,relevance:0}]}}}()); +hljs.registerLanguage("perl",function(){"use strict";return function(e){var n={$pattern:/[\w.]+/,keyword:"getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qq fileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmget sub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedir ioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when"},t={className:"subst",begin:"[$@]\\{",end:"\\}",keywords:n},s={begin:"->{",end:"}"},r={variants:[{begin:/\$\d/},{begin:/[\$%@](\^\w\b|#\w+(::\w+)*|{\w+}|\w+(::\w*)*)/},{begin:/[\$%@][^\s\w{]/,relevance:0}]},i=[e.BACKSLASH_ESCAPE,t,r],a=[r,e.HASH_COMMENT_MODE,e.COMMENT("^\\=\\w","\\=cut",{endsWithParent:!0}),s,{className:"string",contains:i,variants:[{begin:"q[qwxr]?\\s*\\(",end:"\\)",relevance:5},{begin:"q[qwxr]?\\s*\\[",end:"\\]",relevance:5},{begin:"q[qwxr]?\\s*\\{",end:"\\}",relevance:5},{begin:"q[qwxr]?\\s*\\|",end:"\\|",relevance:5},{begin:"q[qwxr]?\\s*\\<",end:"\\>",relevance:5},{begin:"qw\\s+q",end:"q",relevance:5},{begin:"'",end:"'",contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"'},{begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE]},{begin:"{\\w+}",contains:[],relevance:0},{begin:"-?\\w+\\s*\\=\\>",contains:[],relevance:0}]},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\/\\/|"+e.RE_STARTERS_RE+"|\\b(split|return|print|reverse|grep)\\b)\\s*",keywords:"split return print reverse grep",relevance:0,contains:[e.HASH_COMMENT_MODE,{className:"regexp",begin:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",relevance:10},{className:"regexp",begin:"(m|qr)?/",end:"/[a-z]*",contains:[e.BACKSLASH_ESCAPE],relevance:0}]},{className:"function",beginKeywords:"sub",end:"(\\s*\\(.*?\\))?[;{]",excludeEnd:!0,relevance:5,contains:[e.TITLE_MODE]},{begin:"-\\w\\b",relevance:0},{begin:"^__DATA__$",end:"^__END__$",subLanguage:"mojolicious",contains:[{begin:"^@@.*",end:"$",className:"comment"}]}];return t.contains=a,s.contains=a,{name:"Perl",aliases:["pl","pm"],keywords:n,contains:a}}}()); +hljs.registerLanguage("php",function(){"use strict";return function(e){var r={begin:"\\$+[a-zA-Z_-ÿ][a-zA-Z0-9_-ÿ]*"},t={className:"meta",variants:[{begin:/<\?php/,relevance:10},{begin:/<\?[=]?/},{begin:/\?>/}]},a={className:"subst",variants:[{begin:/\$\w+/},{begin:/\{\$/,end:/\}/}]},n=e.inherit(e.APOS_STRING_MODE,{illegal:null}),i=e.inherit(e.QUOTE_STRING_MODE,{illegal:null,contains:e.QUOTE_STRING_MODE.contains.concat(a)}),o=e.END_SAME_AS_BEGIN({begin:/<<<[ \t]*(\w+)\n/,end:/[ \t]*(\w+)\b/,contains:e.QUOTE_STRING_MODE.contains.concat(a)}),l={className:"string",contains:[e.BACKSLASH_ESCAPE,t],variants:[e.inherit(n,{begin:"b'",end:"'"}),e.inherit(i,{begin:'b"',end:'"'}),i,n,o]},s={variants:[e.BINARY_NUMBER_MODE,e.C_NUMBER_MODE]},c={keyword:"__CLASS__ __DIR__ __FILE__ __FUNCTION__ __LINE__ __METHOD__ __NAMESPACE__ __TRAIT__ die echo exit include include_once print require require_once array abstract and as binary bool boolean break callable case catch class clone const continue declare default do double else elseif empty enddeclare endfor endforeach endif endswitch endwhile eval extends final finally float for foreach from global goto if implements instanceof insteadof int integer interface isset iterable list new object or private protected public real return string switch throw trait try unset use var void while xor yield",literal:"false null true",built_in:"Error|0 AppendIterator ArgumentCountError ArithmeticError ArrayIterator ArrayObject AssertionError BadFunctionCallException BadMethodCallException CachingIterator CallbackFilterIterator CompileError Countable DirectoryIterator DivisionByZeroError DomainException EmptyIterator ErrorException Exception FilesystemIterator FilterIterator GlobIterator InfiniteIterator InvalidArgumentException IteratorIterator LengthException LimitIterator LogicException MultipleIterator NoRewindIterator OutOfBoundsException OutOfRangeException OuterIterator OverflowException ParentIterator ParseError RangeException RecursiveArrayIterator RecursiveCachingIterator RecursiveCallbackFilterIterator RecursiveDirectoryIterator RecursiveFilterIterator RecursiveIterator RecursiveIteratorIterator RecursiveRegexIterator RecursiveTreeIterator RegexIterator RuntimeException SeekableIterator SplDoublyLinkedList SplFileInfo SplFileObject SplFixedArray SplHeap SplMaxHeap SplMinHeap SplObjectStorage SplObserver SplObserver SplPriorityQueue SplQueue SplStack SplSubject SplSubject SplTempFileObject TypeError UnderflowException UnexpectedValueException ArrayAccess Closure Generator Iterator IteratorAggregate Serializable Throwable Traversable WeakReference Directory __PHP_Incomplete_Class parent php_user_filter self static stdClass"};return{aliases:["php","php3","php4","php5","php6","php7"],case_insensitive:!0,keywords:c,contains:[e.HASH_COMMENT_MODE,e.COMMENT("//","$",{contains:[t]}),e.COMMENT("/\\*","\\*/",{contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.COMMENT("__halt_compiler.+?;",!1,{endsWithParent:!0,keywords:"__halt_compiler"}),t,{className:"keyword",begin:/\$this\b/},r,{begin:/(::|->)+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/},{className:"function",beginKeywords:"fn function",end:/[;{]/,excludeEnd:!0,illegal:"[$%\\[]",contains:[e.UNDERSCORE_TITLE_MODE,{className:"params",begin:"\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0,keywords:c,contains:["self",r,e.C_BLOCK_COMMENT_MODE,l,s]}]},{className:"class",beginKeywords:"class interface",end:"{",excludeEnd:!0,illegal:/[:\(\$"]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"namespace",end:";",illegal:/[\.']/,contains:[e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"use",end:";",contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"=>"},l,s]}}}()); +hljs.registerLanguage("php-template",function(){"use strict";return function(n){return{name:"PHP template",subLanguage:"xml",contains:[{begin:/<\?(php|=)?/,end:/\?>/,subLanguage:"php",contains:[{begin:"/\\*",end:"\\*/",skip:!0},{begin:'b"',end:'"',skip:!0},{begin:"b'",end:"'",skip:!0},n.inherit(n.APOS_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0}),n.inherit(n.QUOTE_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0})]}]}}}()); +hljs.registerLanguage("plaintext",function(){"use strict";return function(t){return{name:"Plain text",aliases:["text","txt"],disableAutodetect:!0}}}()); +hljs.registerLanguage("properties",function(){"use strict";return function(e){var n="[ \\t\\f]*",t="("+n+"[:=]"+n+"|[ \\t\\f]+)",a="([^\\\\:= \\t\\f\\n]|\\\\.)+",s={end:t,relevance:0,starts:{className:"string",end:/$/,relevance:0,contains:[{begin:"\\\\\\n"}]}};return{name:".properties",case_insensitive:!0,illegal:/\S/,contains:[e.COMMENT("^\\s*[!#]","$"),{begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+"+t,returnBegin:!0,contains:[{className:"attr",begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+",endsParent:!0,relevance:0}],starts:s},{begin:a+t,returnBegin:!0,relevance:0,contains:[{className:"meta",begin:a,endsParent:!0,relevance:0}],starts:s},{className:"attr",relevance:0,begin:a+n+"$"}]}}}()); +hljs.registerLanguage("python",function(){"use strict";return function(e){var n={keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda async await nonlocal|10",built_in:"Ellipsis NotImplemented",literal:"False None True"},a={className:"meta",begin:/^(>>>|\.\.\.) /},i={className:"subst",begin:/\{/,end:/\}/,keywords:n,illegal:/#/},s={begin:/\{\{/,relevance:0},r={className:"string",contains:[e.BACKSLASH_ESCAPE],variants:[{begin:/(u|b)?r?'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(u|b)?r?"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(fr|rf|f)'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(fr|rf|f)"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(u|r|ur)'/,end:/'/,relevance:10},{begin:/(u|r|ur)"/,end:/"/,relevance:10},{begin:/(b|br)'/,end:/'/},{begin:/(b|br)"/,end:/"/},{begin:/(fr|rf|f)'/,end:/'/,contains:[e.BACKSLASH_ESCAPE,s,i]},{begin:/(fr|rf|f)"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,i]},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},l={className:"number",relevance:0,variants:[{begin:e.BINARY_NUMBER_RE+"[lLjJ]?"},{begin:"\\b(0o[0-7]+)[lLjJ]?"},{begin:e.C_NUMBER_RE+"[lLjJ]?"}]},t={className:"params",variants:[{begin:/\(\s*\)/,skip:!0,className:null},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:["self",a,l,r,e.HASH_COMMENT_MODE]}]};return i.contains=[r,l,a],{name:"Python",aliases:["py","gyp","ipython"],keywords:n,illegal:/(<\/|->|\?)|=>/,contains:[a,l,{beginKeywords:"if",relevance:0},r,e.HASH_COMMENT_MODE,{variants:[{className:"function",beginKeywords:"def"},{className:"class",beginKeywords:"class"}],end:/:/,illegal:/[${=;\n,]/,contains:[e.UNDERSCORE_TITLE_MODE,t,{begin:/->/,endsWithParent:!0,keywords:"None"}]},{className:"meta",begin:/^[\t ]*@/,end:/$/},{begin:/\b(print|exec)\(/}]}}}()); +hljs.registerLanguage("python-repl",function(){"use strict";return function(n){return{aliases:["pycon"],contains:[{className:"meta",starts:{end:/ |$/,starts:{end:"$",subLanguage:"python"}},variants:[{begin:/^>>>(?=[ ]|$)/},{begin:/^\.\.\.(?=[ ]|$)/}]}]}}}()); +hljs.registerLanguage("ruby",function(){"use strict";return function(e){var n="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?",a={keyword:"and then defined module in return redo if BEGIN retry end for self when next until do begin unless END rescue else break undef not super class case require yield alias while ensure elsif or include attr_reader attr_writer attr_accessor",literal:"true false nil"},s={className:"doctag",begin:"@[A-Za-z]+"},i={begin:"#<",end:">"},r=[e.COMMENT("#","$",{contains:[s]}),e.COMMENT("^\\=begin","^\\=end",{contains:[s],relevance:10}),e.COMMENT("^__END__","\\n$")],c={className:"subst",begin:"#\\{",end:"}",keywords:a},t={className:"string",contains:[e.BACKSLASH_ESCAPE,c],variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/`/,end:/`/},{begin:"%[qQwWx]?\\(",end:"\\)"},{begin:"%[qQwWx]?\\[",end:"\\]"},{begin:"%[qQwWx]?{",end:"}"},{begin:"%[qQwWx]?<",end:">"},{begin:"%[qQwWx]?/",end:"/"},{begin:"%[qQwWx]?%",end:"%"},{begin:"%[qQwWx]?-",end:"-"},{begin:"%[qQwWx]?\\|",end:"\\|"},{begin:/\B\?(\\\d{1,3}|\\x[A-Fa-f0-9]{1,2}|\\u[A-Fa-f0-9]{4}|\\?\S)\b/},{begin:/<<[-~]?'?(\w+)(?:.|\n)*?\n\s*\1\b/,returnBegin:!0,contains:[{begin:/<<[-~]?'?/},e.END_SAME_AS_BEGIN({begin:/(\w+)/,end:/(\w+)/,contains:[e.BACKSLASH_ESCAPE,c]})]}]},b={className:"params",begin:"\\(",end:"\\)",endsParent:!0,keywords:a},d=[t,i,{className:"class",beginKeywords:"class module",end:"$|;",illegal:/=/,contains:[e.inherit(e.TITLE_MODE,{begin:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?"}),{begin:"<\\s*",contains:[{begin:"("+e.IDENT_RE+"::)?"+e.IDENT_RE}]}].concat(r)},{className:"function",beginKeywords:"def",end:"$|;",contains:[e.inherit(e.TITLE_MODE,{begin:n}),b].concat(r)},{begin:e.IDENT_RE+"::"},{className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"(\\!|\\?)?:",relevance:0},{className:"symbol",begin:":(?!\\s)",contains:[t,{begin:n}],relevance:0},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{className:"params",begin:/\|/,end:/\|/,keywords:a},{begin:"("+e.RE_STARTERS_RE+"|unless)\\s*",keywords:"unless",contains:[i,{className:"regexp",contains:[e.BACKSLASH_ESCAPE,c],illegal:/\n/,variants:[{begin:"/",end:"/[a-z]*"},{begin:"%r{",end:"}[a-z]*"},{begin:"%r\\(",end:"\\)[a-z]*"},{begin:"%r!",end:"![a-z]*"},{begin:"%r\\[",end:"\\][a-z]*"}]}].concat(r),relevance:0}].concat(r);c.contains=d,b.contains=d;var g=[{begin:/^\s*=>/,starts:{end:"$",contains:d}},{className:"meta",begin:"^([>?]>|[\\w#]+\\(\\w+\\):\\d+:\\d+>|(\\w+-)?\\d+\\.\\d+\\.\\d(p\\d+)?[^>]+>)",starts:{end:"$",contains:d}}];return{name:"Ruby",aliases:["rb","gemspec","podspec","thor","irb"],keywords:a,illegal:/\/\*/,contains:r.concat(g).concat(d)}}}()); +hljs.registerLanguage("rust",function(){"use strict";return function(e){var n="([ui](8|16|32|64|128|size)|f(32|64))?",t="drop i8 i16 i32 i64 i128 isize u8 u16 u32 u64 u128 usize f32 f64 str char bool Box Option Result String Vec Copy Send Sized Sync Drop Fn FnMut FnOnce ToOwned Clone Debug PartialEq PartialOrd Eq Ord AsRef AsMut Into From Default Iterator Extend IntoIterator DoubleEndedIterator ExactSizeIterator SliceConcatExt ToString assert! assert_eq! bitflags! bytes! cfg! col! concat! concat_idents! debug_assert! debug_assert_eq! env! panic! file! format! format_args! include_bin! include_str! line! local_data_key! module_path! option_env! print! println! select! stringify! try! unimplemented! unreachable! vec! write! writeln! macro_rules! assert_ne! debug_assert_ne!";return{name:"Rust",aliases:["rs"],keywords:{$pattern:e.IDENT_RE+"!?",keyword:"abstract as async await become box break const continue crate do dyn else enum extern false final fn for if impl in let loop macro match mod move mut override priv pub ref return self Self static struct super trait true try type typeof unsafe unsized use virtual where while yield",literal:"true false Some None Ok Err",built_in:t},illegal:""}]}}}()); +hljs.registerLanguage("scss",function(){"use strict";return function(e){var t={className:"variable",begin:"(\\$[a-zA-Z-][a-zA-Z0-9_-]*)\\b"},i={className:"number",begin:"#[0-9A-Fa-f]+"};return e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{name:"SCSS",case_insensitive:!0,illegal:"[=/|']",contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:"\\#[A-Za-z0-9_-]+",relevance:0},{className:"selector-class",begin:"\\.[A-Za-z0-9_-]+",relevance:0},{className:"selector-attr",begin:"\\[",end:"\\]",illegal:"$"},{className:"selector-tag",begin:"\\b(a|abbr|acronym|address|area|article|aside|audio|b|base|big|blockquote|body|br|button|canvas|caption|cite|code|col|colgroup|command|datalist|dd|del|details|dfn|div|dl|dt|em|embed|fieldset|figcaption|figure|footer|form|frame|frameset|(h[1-6])|head|header|hgroup|hr|html|i|iframe|img|input|ins|kbd|keygen|label|legend|li|link|map|mark|meta|meter|nav|noframes|noscript|object|ol|optgroup|option|output|p|param|pre|progress|q|rp|rt|ruby|samp|script|section|select|small|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|time|title|tr|tt|ul|var|video)\\b",relevance:0},{className:"selector-pseudo",begin:":(visited|valid|root|right|required|read-write|read-only|out-range|optional|only-of-type|only-child|nth-of-type|nth-last-of-type|nth-last-child|nth-child|not|link|left|last-of-type|last-child|lang|invalid|indeterminate|in-range|hover|focus|first-of-type|first-line|first-letter|first-child|first|enabled|empty|disabled|default|checked|before|after|active)"},{className:"selector-pseudo",begin:"::(after|before|choices|first-letter|first-line|repeat-index|repeat-item|selection|value)"},t,{className:"attribute",begin:"\\b(src|z-index|word-wrap|word-spacing|word-break|width|widows|white-space|visibility|vertical-align|unicode-bidi|transition-timing-function|transition-property|transition-duration|transition-delay|transition|transform-style|transform-origin|transform|top|text-underline-position|text-transform|text-shadow|text-rendering|text-overflow|text-indent|text-decoration-style|text-decoration-line|text-decoration-color|text-decoration|text-align-last|text-align|tab-size|table-layout|right|resize|quotes|position|pointer-events|perspective-origin|perspective|page-break-inside|page-break-before|page-break-after|padding-top|padding-right|padding-left|padding-bottom|padding|overflow-y|overflow-x|overflow-wrap|overflow|outline-width|outline-style|outline-offset|outline-color|outline|orphans|order|opacity|object-position|object-fit|normal|none|nav-up|nav-right|nav-left|nav-index|nav-down|min-width|min-height|max-width|max-height|mask|marks|margin-top|margin-right|margin-left|margin-bottom|margin|list-style-type|list-style-position|list-style-image|list-style|line-height|letter-spacing|left|justify-content|initial|inherit|ime-mode|image-orientation|image-resolution|image-rendering|icon|hyphens|height|font-weight|font-variant-ligatures|font-variant|font-style|font-stretch|font-size-adjust|font-size|font-language-override|font-kerning|font-feature-settings|font-family|font|float|flex-wrap|flex-shrink|flex-grow|flex-flow|flex-direction|flex-basis|flex|filter|empty-cells|display|direction|cursor|counter-reset|counter-increment|content|column-width|column-span|column-rule-width|column-rule-style|column-rule-color|column-rule|column-gap|column-fill|column-count|columns|color|clip-path|clip|clear|caption-side|break-inside|break-before|break-after|box-sizing|box-shadow|box-decoration-break|bottom|border-width|border-top-width|border-top-style|border-top-right-radius|border-top-left-radius|border-top-color|border-top|border-style|border-spacing|border-right-width|border-right-style|border-right-color|border-right|border-radius|border-left-width|border-left-style|border-left-color|border-left|border-image-width|border-image-source|border-image-slice|border-image-repeat|border-image-outset|border-image|border-color|border-collapse|border-bottom-width|border-bottom-style|border-bottom-right-radius|border-bottom-left-radius|border-bottom-color|border-bottom|border|background-size|background-repeat|background-position|background-origin|background-image|background-color|background-clip|background-attachment|background-blend-mode|background|backface-visibility|auto|animation-timing-function|animation-play-state|animation-name|animation-iteration-count|animation-fill-mode|animation-duration|animation-direction|animation-delay|animation|align-self|align-items|align-content)\\b",illegal:"[^\\s]"},{begin:"\\b(whitespace|wait|w-resize|visible|vertical-text|vertical-ideographic|uppercase|upper-roman|upper-alpha|underline|transparent|top|thin|thick|text|text-top|text-bottom|tb-rl|table-header-group|table-footer-group|sw-resize|super|strict|static|square|solid|small-caps|separate|se-resize|scroll|s-resize|rtl|row-resize|ridge|right|repeat|repeat-y|repeat-x|relative|progress|pointer|overline|outside|outset|oblique|nowrap|not-allowed|normal|none|nw-resize|no-repeat|no-drop|newspaper|ne-resize|n-resize|move|middle|medium|ltr|lr-tb|lowercase|lower-roman|lower-alpha|loose|list-item|line|line-through|line-edge|lighter|left|keep-all|justify|italic|inter-word|inter-ideograph|inside|inset|inline|inline-block|inherit|inactive|ideograph-space|ideograph-parenthesis|ideograph-numeric|ideograph-alpha|horizontal|hidden|help|hand|groove|fixed|ellipsis|e-resize|double|dotted|distribute|distribute-space|distribute-letter|distribute-all-lines|disc|disabled|default|decimal|dashed|crosshair|collapse|col-resize|circle|char|center|capitalize|break-word|break-all|bottom|both|bolder|bold|block|bidi-override|below|baseline|auto|always|all-scroll|absolute|table|table-cell)\\b"},{begin:":",end:";",contains:[t,i,e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,{className:"meta",begin:"!important"}]},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",returnBegin:!0,keywords:"and or not only",contains:[{begin:"@[a-z-]+",className:"keyword"},t,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,i,e.CSS_NUMBER_MODE]}]}}}()); +hljs.registerLanguage("shell",function(){"use strict";return function(s){return{name:"Shell Session",aliases:["console"],contains:[{className:"meta",begin:"^\\s{0,3}[/\\w\\d\\[\\]()@-]*[>%$#]",starts:{end:"$",subLanguage:"bash"}}]}}}()); +hljs.registerLanguage("sql",function(){"use strict";return function(e){var t=e.COMMENT("--","$");return{name:"SQL",case_insensitive:!0,illegal:/[<>{}*]/,contains:[{beginKeywords:"begin end start commit rollback savepoint lock alter create drop rename call delete do handler insert load replace select truncate update set show pragma grant merge describe use explain help declare prepare execute deallocate release unlock purge reset change stop analyze cache flush optimize repair kill install uninstall checksum restore check backup revoke comment values with",end:/;/,endsWithParent:!0,keywords:{$pattern:/[\w\.]+/,keyword:"as abort abs absolute acc acce accep accept access accessed accessible account acos action activate add addtime admin administer advanced advise aes_decrypt aes_encrypt after agent aggregate ali alia alias all allocate allow alter always analyze ancillary and anti any anydata anydataset anyschema anytype apply archive archived archivelog are as asc ascii asin assembly assertion associate asynchronous at atan atn2 attr attri attrib attribu attribut attribute attributes audit authenticated authentication authid authors auto autoallocate autodblink autoextend automatic availability avg backup badfile basicfile before begin beginning benchmark between bfile bfile_base big bigfile bin binary_double binary_float binlog bit_and bit_count bit_length bit_or bit_xor bitmap blob_base block blocksize body both bound bucket buffer_cache buffer_pool build bulk by byte byteordermark bytes cache caching call calling cancel capacity cascade cascaded case cast catalog category ceil ceiling chain change changed char_base char_length character_length characters characterset charindex charset charsetform charsetid check checksum checksum_agg child choose chr chunk class cleanup clear client clob clob_base clone close cluster_id cluster_probability cluster_set clustering coalesce coercibility col collate collation collect colu colum column column_value columns columns_updated comment commit compact compatibility compiled complete composite_limit compound compress compute concat concat_ws concurrent confirm conn connec connect connect_by_iscycle connect_by_isleaf connect_by_root connect_time connection consider consistent constant constraint constraints constructor container content contents context contributors controlfile conv convert convert_tz corr corr_k corr_s corresponding corruption cos cost count count_big counted covar_pop covar_samp cpu_per_call cpu_per_session crc32 create creation critical cross cube cume_dist curdate current current_date current_time current_timestamp current_user cursor curtime customdatum cycle data database databases datafile datafiles datalength date_add date_cache date_format date_sub dateadd datediff datefromparts datename datepart datetime2fromparts day day_to_second dayname dayofmonth dayofweek dayofyear days db_role_change dbtimezone ddl deallocate declare decode decompose decrement decrypt deduplicate def defa defau defaul default defaults deferred defi defin define degrees delayed delegate delete delete_all delimited demand dense_rank depth dequeue des_decrypt des_encrypt des_key_file desc descr descri describ describe descriptor deterministic diagnostics difference dimension direct_load directory disable disable_all disallow disassociate discardfile disconnect diskgroup distinct distinctrow distribute distributed div do document domain dotnet double downgrade drop dumpfile duplicate duration each edition editionable editions element ellipsis else elsif elt empty enable enable_all enclosed encode encoding encrypt end end-exec endian enforced engine engines enqueue enterprise entityescaping eomonth error errors escaped evalname evaluate event eventdata events except exception exceptions exchange exclude excluding execu execut execute exempt exists exit exp expire explain explode export export_set extended extent external external_1 external_2 externally extract failed failed_login_attempts failover failure far fast feature_set feature_value fetch field fields file file_name_convert filesystem_like_logging final finish first first_value fixed flash_cache flashback floor flush following follows for forall force foreign form forma format found found_rows freelist freelists freepools fresh from from_base64 from_days ftp full function general generated get get_format get_lock getdate getutcdate global global_name globally go goto grant grants greatest group group_concat group_id grouping grouping_id groups gtid_subtract guarantee guard handler hash hashkeys having hea head headi headin heading heap help hex hierarchy high high_priority hosts hour hours http id ident_current ident_incr ident_seed identified identity idle_time if ifnull ignore iif ilike ilm immediate import in include including increment index indexes indexing indextype indicator indices inet6_aton inet6_ntoa inet_aton inet_ntoa infile initial initialized initially initrans inmemory inner innodb input insert install instance instantiable instr interface interleaved intersect into invalidate invisible is is_free_lock is_ipv4 is_ipv4_compat is_not is_not_null is_used_lock isdate isnull isolation iterate java join json json_exists keep keep_duplicates key keys kill language large last last_day last_insert_id last_value lateral lax lcase lead leading least leaves left len lenght length less level levels library like like2 like4 likec limit lines link list listagg little ln load load_file lob lobs local localtime localtimestamp locate locator lock locked log log10 log2 logfile logfiles logging logical logical_reads_per_call logoff logon logs long loop low low_priority lower lpad lrtrim ltrim main make_set makedate maketime managed management manual map mapping mask master master_pos_wait match matched materialized max maxextents maximize maxinstances maxlen maxlogfiles maxloghistory maxlogmembers maxsize maxtrans md5 measures median medium member memcompress memory merge microsecond mid migration min minextents minimum mining minus minute minutes minvalue missing mod mode model modification modify module monitoring month months mount move movement multiset mutex name name_const names nan national native natural nav nchar nclob nested never new newline next nextval no no_write_to_binlog noarchivelog noaudit nobadfile nocheck nocompress nocopy nocycle nodelay nodiscardfile noentityescaping noguarantee nokeep nologfile nomapping nomaxvalue nominimize nominvalue nomonitoring none noneditionable nonschema noorder nopr nopro noprom nopromp noprompt norely noresetlogs noreverse normal norowdependencies noschemacheck noswitch not nothing notice notnull notrim novalidate now nowait nth_value nullif nulls num numb numbe nvarchar nvarchar2 object ocicoll ocidate ocidatetime ociduration ociinterval ociloblocator ocinumber ociref ocirefcursor ocirowid ocistring ocitype oct octet_length of off offline offset oid oidindex old on online only opaque open operations operator optimal optimize option optionally or oracle oracle_date oradata ord ordaudio orddicom orddoc order ordimage ordinality ordvideo organization orlany orlvary out outer outfile outline output over overflow overriding package pad parallel parallel_enable parameters parent parse partial partition partitions pascal passing password password_grace_time password_lock_time password_reuse_max password_reuse_time password_verify_function patch path patindex pctincrease pctthreshold pctused pctversion percent percent_rank percentile_cont percentile_disc performance period period_add period_diff permanent physical pi pipe pipelined pivot pluggable plugin policy position post_transaction pow power pragma prebuilt precedes preceding precision prediction prediction_cost prediction_details prediction_probability prediction_set prepare present preserve prior priority private private_sga privileges procedural procedure procedure_analyze processlist profiles project prompt protection public publishingservername purge quarter query quick quiesce quota quotename radians raise rand range rank raw read reads readsize rebuild record records recover recovery recursive recycle redo reduced ref reference referenced references referencing refresh regexp_like register regr_avgx regr_avgy regr_count regr_intercept regr_r2 regr_slope regr_sxx regr_sxy reject rekey relational relative relaylog release release_lock relies_on relocate rely rem remainder rename repair repeat replace replicate replication required reset resetlogs resize resource respect restore restricted result result_cache resumable resume retention return returning returns reuse reverse revoke right rlike role roles rollback rolling rollup round row row_count rowdependencies rowid rownum rows rtrim rules safe salt sample save savepoint sb1 sb2 sb4 scan schema schemacheck scn scope scroll sdo_georaster sdo_topo_geometry search sec_to_time second seconds section securefile security seed segment select self semi sequence sequential serializable server servererror session session_user sessions_per_user set sets settings sha sha1 sha2 share shared shared_pool short show shrink shutdown si_averagecolor si_colorhistogram si_featurelist si_positionalcolor si_stillimage si_texture siblings sid sign sin size size_t sizes skip slave sleep smalldatetimefromparts smallfile snapshot some soname sort soundex source space sparse spfile split sql sql_big_result sql_buffer_result sql_cache sql_calc_found_rows sql_small_result sql_variant_property sqlcode sqldata sqlerror sqlname sqlstate sqrt square standalone standby start starting startup statement static statistics stats_binomial_test stats_crosstab stats_ks_test stats_mode stats_mw_test stats_one_way_anova stats_t_test_ stats_t_test_indep stats_t_test_one stats_t_test_paired stats_wsr_test status std stddev stddev_pop stddev_samp stdev stop storage store stored str str_to_date straight_join strcmp strict string struct stuff style subdate subpartition subpartitions substitutable substr substring subtime subtring_index subtype success sum suspend switch switchoffset switchover sync synchronous synonym sys sys_xmlagg sysasm sysaux sysdate sysdatetimeoffset sysdba sysoper system system_user sysutcdatetime table tables tablespace tablesample tan tdo template temporary terminated tertiary_weights test than then thread through tier ties time time_format time_zone timediff timefromparts timeout timestamp timestampadd timestampdiff timezone_abbr timezone_minute timezone_region to to_base64 to_date to_days to_seconds todatetimeoffset trace tracking transaction transactional translate translation treat trigger trigger_nestlevel triggers trim truncate try_cast try_convert try_parse type ub1 ub2 ub4 ucase unarchived unbounded uncompress under undo unhex unicode uniform uninstall union unique unix_timestamp unknown unlimited unlock unnest unpivot unrecoverable unsafe unsigned until untrusted unusable unused update updated upgrade upped upper upsert url urowid usable usage use use_stored_outlines user user_data user_resources users using utc_date utc_timestamp uuid uuid_short validate validate_password_strength validation valist value values var var_samp varcharc vari varia variab variabl variable variables variance varp varraw varrawc varray verify version versions view virtual visible void wait wallet warning warnings week weekday weekofyear wellformed when whene whenev wheneve whenever where while whitespace window with within without work wrapped xdb xml xmlagg xmlattributes xmlcast xmlcolattval xmlelement xmlexists xmlforest xmlindex xmlnamespaces xmlpi xmlquery xmlroot xmlschema xmlserialize xmltable xmltype xor year year_to_month years yearweek",literal:"true false null unknown",built_in:"array bigint binary bit blob bool boolean char character date dec decimal float int int8 integer interval number numeric real record serial serial8 smallint text time timestamp tinyint varchar varchar2 varying void"},contains:[{className:"string",begin:"'",end:"'",contains:[{begin:"''"}]},{className:"string",begin:'"',end:'"',contains:[{begin:'""'}]},{className:"string",begin:"`",end:"`"},e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]},e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]}}}()); +hljs.registerLanguage("swift",function(){"use strict";return function(e){var i={keyword:"#available #colorLiteral #column #else #elseif #endif #file #fileLiteral #function #if #imageLiteral #line #selector #sourceLocation _ __COLUMN__ __FILE__ __FUNCTION__ __LINE__ Any as as! as? associatedtype associativity break case catch class continue convenience default defer deinit didSet do dynamic dynamicType else enum extension fallthrough false fileprivate final for func get guard if import in indirect infix init inout internal is lazy left let mutating nil none nonmutating open operator optional override postfix precedence prefix private protocol Protocol public repeat required rethrows return right self Self set static struct subscript super switch throw throws true try try! try? Type typealias unowned var weak where while willSet",literal:"true false nil",built_in:"abs advance alignof alignofValue anyGenerator assert assertionFailure bridgeFromObjectiveC bridgeFromObjectiveCUnconditional bridgeToObjectiveC bridgeToObjectiveCUnconditional c compactMap contains count countElements countLeadingZeros debugPrint debugPrintln distance dropFirst dropLast dump encodeBitsAsWords enumerate equal fatalError filter find getBridgedObjectiveCType getVaList indices insertionSort isBridgedToObjectiveC isBridgedVerbatimToObjectiveC isUniquelyReferenced isUniquelyReferencedNonObjC join lazy lexicographicalCompare map max maxElement min minElement numericCast overlaps partition posix precondition preconditionFailure print println quickSort readLine reduce reflect reinterpretCast reverse roundUpToAlignment sizeof sizeofValue sort split startsWith stride strideof strideofValue swap toString transcode underestimateCount unsafeAddressOf unsafeBitCast unsafeDowncast unsafeUnwrap unsafeReflect withExtendedLifetime withObjectAtPlusZero withUnsafePointer withUnsafePointerToObject withUnsafeMutablePointer withUnsafeMutablePointers withUnsafePointer withUnsafePointers withVaList zip"},n=e.COMMENT("/\\*","\\*/",{contains:["self"]}),t={className:"subst",begin:/\\\(/,end:"\\)",keywords:i,contains:[]},a={className:"string",contains:[e.BACKSLASH_ESCAPE,t],variants:[{begin:/"""/,end:/"""/},{begin:/"/,end:/"/}]},r={className:"number",begin:"\\b([\\d_]+(\\.[\\deE_]+)?|0x[a-fA-F0-9_]+(\\.[a-fA-F0-9p_]+)?|0b[01_]+|0o[0-7_]+)\\b",relevance:0};return t.contains=[r],{name:"Swift",keywords:i,contains:[a,e.C_LINE_COMMENT_MODE,n,{className:"type",begin:"\\b[A-Z][\\wÀ-ʸ']*[!?]"},{className:"type",begin:"\\b[A-Z][\\wÀ-ʸ']*",relevance:0},r,{className:"function",beginKeywords:"func",end:"{",excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][0-9A-Za-z$_]*/}),{begin://},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:i,contains:["self",r,a,e.C_BLOCK_COMMENT_MODE,{begin:":"}],illegal:/["']/}],illegal:/\[|%/},{className:"class",beginKeywords:"struct protocol class extension enum",keywords:i,end:"\\{",excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][\u00C0-\u02B80-9A-Za-z$_]*/})]},{className:"meta",begin:"(@discardableResult|@warn_unused_result|@exported|@lazy|@noescape|@NSCopying|@NSManaged|@objc|@objcMembers|@convention|@required|@noreturn|@IBAction|@IBDesignable|@IBInspectable|@IBOutlet|@infix|@prefix|@postfix|@autoclosure|@testable|@available|@nonobjc|@NSApplicationMain|@UIApplicationMain|@dynamicMemberLookup|@propertyWrapper)\\b"},{beginKeywords:"import",end:/$/,contains:[e.C_LINE_COMMENT_MODE,n]}]}}}()); +hljs.registerLanguage("typescript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);return function(r){var t={$pattern:"[A-Za-z$_][0-9A-Za-z$_]*",keyword:e.concat(["type","namespace","typedef","interface","public","private","protected","implements","declare","abstract","readonly"]).join(" "),literal:n.join(" "),built_in:a.concat(["any","void","number","boolean","string","object","never","enum"]).join(" ")},s={className:"meta",begin:"@[A-Za-z$_][0-9A-Za-z$_]*"},i={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:r.C_NUMBER_RE+"n?"}],relevance:0},o={className:"subst",begin:"\\$\\{",end:"\\}",keywords:t,contains:[]},c={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[r.BACKSLASH_ESCAPE,o],subLanguage:"xml"}},l={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[r.BACKSLASH_ESCAPE,o],subLanguage:"css"}},E={className:"string",begin:"`",end:"`",contains:[r.BACKSLASH_ESCAPE,o]};o.contains=[r.APOS_STRING_MODE,r.QUOTE_STRING_MODE,c,l,E,i,r.REGEXP_MODE];var d={begin:"\\(",end:/\)/,keywords:t,contains:["self",r.QUOTE_STRING_MODE,r.APOS_STRING_MODE,r.NUMBER_MODE]},u={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:t,contains:[r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,s,d]};return{name:"TypeScript",aliases:["ts"],keywords:t,contains:[r.SHEBANG(),{className:"meta",begin:/^\s*['"]use strict['"]/},r.APOS_STRING_MODE,r.QUOTE_STRING_MODE,c,l,E,r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,i,{begin:"("+r.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,r.REGEXP_MODE,{className:"function",begin:"(\\([^(]*(\\([^(]*(\\([^(]*\\))?\\))?\\)|"+r.UNDERSCORE_IDENT_RE+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:r.UNDERSCORE_IDENT_RE},{className:null,begin:/\(\s*\)/,skip:!0},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:t,contains:d.contains}]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/[\{;]/,excludeEnd:!0,keywords:t,contains:["self",r.inherit(r.TITLE_MODE,{begin:"[A-Za-z$_][0-9A-Za-z$_]*"}),u],illegal:/%/,relevance:0},{beginKeywords:"constructor",end:/[\{;]/,excludeEnd:!0,contains:["self",u]},{begin:/module\./,keywords:{built_in:"module"},relevance:0},{beginKeywords:"module",end:/\{/,excludeEnd:!0},{beginKeywords:"interface",end:/\{/,excludeEnd:!0,keywords:"interface extends"},{begin:/\$[(.]/},{begin:"\\."+r.IDENT_RE,relevance:0},s,d]}}}()); +hljs.registerLanguage("yaml",function(){"use strict";return function(e){var n="true false yes no null",a="[\\w#;/?:@&=+$,.~*\\'()[\\]]+",s={className:"string",relevance:0,variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/\S+/}],contains:[e.BACKSLASH_ESCAPE,{className:"template-variable",variants:[{begin:"{{",end:"}}"},{begin:"%{",end:"}"}]}]},i=e.inherit(s,{variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/[^\s,{}[\]]+/}]}),l={end:",",endsWithParent:!0,excludeEnd:!0,contains:[],keywords:n,relevance:0},t={begin:"{",end:"}",contains:[l],illegal:"\\n",relevance:0},g={begin:"\\[",end:"\\]",contains:[l],illegal:"\\n",relevance:0},b=[{className:"attr",variants:[{begin:"\\w[\\w :\\/.-]*:(?=[ \t]|$)"},{begin:'"\\w[\\w :\\/.-]*":(?=[ \t]|$)'},{begin:"'\\w[\\w :\\/.-]*':(?=[ \t]|$)"}]},{className:"meta",begin:"^---s*$",relevance:10},{className:"string",begin:"[\\|>]([0-9]?[+-])?[ ]*\\n( *)[\\S ]+\\n(\\2[\\S ]+\\n?)*"},{begin:"<%[%=-]?",end:"[%-]?%>",subLanguage:"ruby",excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:"!\\w+!"+a},{className:"type",begin:"!<"+a+">"},{className:"type",begin:"!"+a},{className:"type",begin:"!!"+a},{className:"meta",begin:"&"+e.UNDERSCORE_IDENT_RE+"$"},{className:"meta",begin:"\\*"+e.UNDERSCORE_IDENT_RE+"$"},{className:"bullet",begin:"\\-(?=[ ]|$)",relevance:0},e.HASH_COMMENT_MODE,{beginKeywords:n,keywords:{literal:n}},{className:"number",begin:"\\b[0-9]{4}(-[0-9][0-9]){0,2}([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?(\\.[0-9]*)?([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?\\b"},{className:"number",begin:e.C_NUMBER_RE+"\\b"},t,g,s],c=[...b];return c.pop(),c.push(i),l.contains=c,{name:"YAML",case_insensitive:!0,aliases:["yml","YAML"],contains:b}}}()); \ No newline at end of file diff --git a/categories/index.html b/categories/index.html new file mode 100644 index 0000000..c251acc --- /dev/null +++ b/categories/index.html @@ -0,0 +1,4 @@ +Categories | Virtualzone Blog

Categories

    \ No newline at end of file diff --git a/categories/index.xml b/categories/index.xml new file mode 100644 index 0000000..bab9172 --- /dev/null +++ b/categories/index.xml @@ -0,0 +1,11 @@ + + + + Categories on Virtualzone Blog + https://virtualzone.de/categories/ + Recent content in Categories on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + + diff --git a/contact/index.html b/contact/index.html new file mode 100644 index 0000000..0233fae --- /dev/null +++ b/contact/index.html @@ -0,0 +1,23 @@ +Contact | Virtualzone Blog +
    Home

    Contact

    Heiner

    Heiner Beck
    Wilhelm-Busch-Str. 59
    60431 Frankfurt am Main
    Germany

    Email: mail@virtualzone.de

    Limitation of liability for internal content

    The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.

    Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.

    The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.

    Data protection

    Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval. +Please note that communicating via the internet (such as communication by email) may be harmed by security flaws. A complete protection of data from the access through third parties is not possible. +We contradict the usage of the contact information published on this website for promotional purposes. +Please read our privacy policy for information about how we protect your personal information.

    Website Impressum erstellt durch impressum-generator.de von der Kanzlei Hasselbach.

      \ No newline at end of file diff --git a/img/multiarch-dockerhub-1.png b/img/multiarch-dockerhub-1.png new file mode 100644 index 0000000000000000000000000000000000000000..ae765786e1aeaddb2d9a037609ced422fa009b08 GIT binary patch literal 86649 zcmeGEWmFv7wgwD07Tg_zhv1e#a0%}2?(XgyAV9F-?ykXIgS&eZJZR%CZ?pF~_ulb+ z*=M}J-*I|Wk6Ns%WpmA*^~^b+B1~RZ3>kp{0RR9XONa|A0st@q003k$+#7IBLxYMY z0Dxp{AtWR(AtXd9?`UUgVQm5ch=(O4!Ky0_;rQ<*Dr0DpLMjT{<%%PdQhvetEKo{H zO9uZg9uG4xoJdF6{+K)*TL)Xg*#+ij$k#QIA2)r0;WdnvhC(|s;sR=VcR=s;)jOx% z(G(|H(~}GcfucyJxSiYATGISWk*{j`xk)SGMwpma^hFe$1d1;9O4;Qa)wKOW@HeB6ZzEsoHq7$I0P zIW>pG)TB}lp)suoXN=9Jm_rECnOkoU9KiCJ{5UO|@n`PkXtGwxUN-^*`&`vh?I=8$gy(2#Rj?u`IvM)tuS$KWPVOJg4D-V+Vz>+Nr&vn0g?yRNOD|9WlGt<<7<2c<-v>K{KKP-S5`g|Jq=X`?vCZI{@bp{pdK6O?>Rr*B!@&dx z+7}zrT9N5f{dymI1|?#gqN$`En)|K3@IDOPx{#5JK6vzlM}2OXN4}Rx(uMH+^q;=m z~Ll9q63D;J10u;2k&YOxCIQ zyR0RCvBZn}ChGuv#)4JmZt}iCQ7RCG)vPm073sy{Ng|PnqV;}_YJw;Bf7nns#fL5< z9PjtJZ+|M4a~CwHd0~QO9(3Kyif-mj$YKj? z9i~Xe3EYzxPmim1=k#A}wr^4wA+7mc3Am#&`cRBq{DX;l4}KsnqGO|$=M4B*75g_jj+b+c008%sr(LlTyfMS<>vKfo^gd;P)G^~>V3pI>X zH*GbJHMCY2N;TmTl*=z>4iwpdi(eQ`Z%(?dW>9qf8BcL8N#O(qf5Snsh|;5J{ls?= zS`-IhgbR~7h$DQDGA2_L4wDw!B`+9sG-jy5FA?+=K_MTAtre$pMD*}?CiSBrQ9vrl zc~gvU8HysbL=77$j5+CGj>84dAiS3oG38i?u@*d^J1}+eo2?GnC&1MRFw>KqOt~BQ zgM|?%sK78K`E6QQg1(75rD_mcm)||Ye29x7i9Pvvmqrt!b}za+Ib#>q#>X>}TTO3R z-3azAwNqGk+~;5cs$`6G_zq}d10=Et<`j8pY6@$Lx1{M`T1zrc6UEFSlXXs195JFchR7{j_P$Zznr8$l#E+wAJJdl&gHdWe_ zA1Ps*jhk(qUC`9jRMq6u%&UK=SzA9`e{GpD<(YjIP$=h=>tJEQN@>Gl!(9>U8gZQ} zTeLD2^t$!e{ zFX&K4>K~hsAdDD|=(gVFt@)el+jV^${6x*RXftUzX;N(W+aTGPqp!N>^s50OrqMEs z$Efx$#xCEk%kIEu(;$u@;UFB8QhaBRN$$LE(a)mfc^G-Tq6^>n2x`9xMLK;;!e78& z|JW^)E-jiS{b@vociqb9D*dXoX+!_f z7mXs$8J5SUiD?X4^j_sh z6&Mxa<=5(KwS}6s6(1|qG}$%Wmed!&)uh-e**L8v8jdtzuT(bh+B}Sp0~wcWJ9IME zK6+7jW%}g!)IaIKwg_eSz6+HMEsGKsYcPu1@*I$oEsiUSTP*3>&;59Cv_tQp3tHv+ z!u-?htF!n{3?U;cZj@AjRQ*U$&S;K;P(;W)vJdB|sro^+Nv|yG!{)($>S4>=)wuoB z21O_?vK`)YV_IBVS4GcpDfb%hs86C-`vV=S8EWjno9MJmqzQ%03*IyyelHKNp?1qQ zt~Q&tnf3*bb$!BWqos&NGjBM)ZoXP?ln3wAtMjp&wY`U=tO&iRb=giciX*YFqSi!b zgX_atpw6XE27l}r;%b^~hRF{xB`gIuH`2!`8q%_OXKF_@3jzL8(83$nFE5+hZ&|7v?SIbrI%t+>BeH z-{!z6-Q5~~+cy_{9mq=k`d`7!;!TQ+WaqdHxV&SR6WW<~^dtOMBC4Sr^4jlD;_WG| zD648HYS>LXN5Y1dGH24#(p#yb(~~mYiGkWBE zr$H)wQ<~i)?CO1hDF`~J+6fBu4-5~yiHmy=%F1OI;o9j@E-FDR;$uLfdo&^7lVPr~ zXxX{soFN(gHM+=ynUca%Yms z2rnfq>aFU!-bNkkkCBL{FyCPq5Z7=kHEs)p)g3Em>+8xdXUMyAo%m5-njiOoeJK%I ziS7(b)$vWrEtmH-T_)U#hYU>G&*pu_*!6T8bW*Av8f*r0OCO?ZBFjq363SMF^M(%> z7RxnSc4sutmaVY6vAyO~Dz%zU);u@vM+gHy&04drsJEPLy&oz}OY3D{P+e9@v>~&l zSv)tknx3EOtoAEeHm#{}UfDaIKDOcBbY)fZP*XW(U2D!Ks8CgPJCa;+v2YtaxhF_U z9rH@|lDr9QA8w!UlXEofFz>2`Wh9E+~VY>b&TI@-0j=-9XJjUTmsX{Eez1|_Vq zx9i=7ZjpE`w=GBUzubpCp!)B8pTdRx^oC;0~KEy^k)g zacgjSGy41vo|;bzdPmlu5$+EK7m_Ql)y~!0{g^y$9z7ojquFKFeyrWB@3tR%sGS3E zpQ2EYP>cBA`*|;ayu;jAx-%P?K-MGgTs7&b#w$4gGzj$pE1io!9IP6{sfD~QHQIdfa@MhT%O2Ox046c9rIxTOajA8V|yJm3QrerN$$Wfj-iRD$6^Z_*%@oyWvE2))&2 zZzk;wA3I=ZQF*#-PQm>zSSYJItIJ4p z8QIw|8W`IdnlQTC*uVAz;Bn^y7i~tZkjR+DgH#Y=AP>}=1)#N_7Y#_0Bu(azC~ ziG`DslZp8Q(}xcX;5!(cJZzl}+!<`0DE{u`-~9-iI2k!w*gIR;*^<8YYhY;S;>=4< z{yNbAeEy!NiMz%Bj%4ffuVsN3$n<)JiG`7w>3{kLH|2S)<&w8>H?dY1wy*)q3_J!O z%STpLp1&IW|6TguA^&cw;$-3|WM>0z>CE@PQvX-u|9kQOx8Yx7YW(k*pE#KR?~woJ z%D-CjFugAQ|A^vmIsa7)7Bn9M57Yl_8Xtn`#rIcjd21morwl%Wwe0l+@mi+-`}|sN zdA3^(bN~PZ020EVmE9qZGGLSEelGM!`w54Wt5#=2=H{v^2ncwJdE#OvFp|nBKv)D~ zp<@Y`Vtp1s&kr|*!lHBSX2h{xkh9e}I1MBXbJ?Ud0Xy zzo#cYV9SdcS-JIDpQl|Ip0ie2g7e~=qT|%vp2UwhxnV^D1>p{xRcH_MJ4rRgg|fYR zu{|s8mBR5hIbzSBL{(}FUGv4e3g-0u|j)edX7s~6K&T{4wDy6(W{ z8uJtBg$7|YKHzf+tBsdQ?v&3Kk*m6HbBP~GbFK>F`cuhraxsAGxss+v|4gXT8tG_7 ztFrkVVWHvw&E%Gq;3d=ItFf@=tGqeH=vR*(wY3WpyAmp1!TWm8t`2ZaPD!&$p~_(A(Whr`o3-j4g#j z4J%PJU_DWS3^p6#JQGrXS|D1qKm%NMwQ<=(c|9G;-NjB^4XzF;Q`=>@75Cf1E(giB z(>eC_!OS&VxpR>SoY-DOoJ-!LP!hlRb>D}zdeHB@=)}Be+N0%=1ZF{^pQRHWi)19e zk73^V&!=AInLLgm7$v028#l9tR3k6XH=W5B%Y-rOyk0lUY1?0NMJOkpw{-n3Y&<|g zs5@zPZo{!+INxVvY2MG3>F!z~-yYg^(rkE?wY4AXaF(9NDi%6h&^XCjtT$C+YSOL0 zoaT8Kwk7-B-|ZcM5Ce>ga|cM6^mRLqL>xz1#I$}q;r7};ZB6jAP2BL`tMfhn#@xw2 zAmMy&+G3q4O`wwqfYiuB#PsgAKWw;xzM1hb8IN@=r5_-1D`ymFfy*8oJ>m7r7rbg= znGustVOF(NsX742%{j&XzKAOaq?TF*pfZx!y-0T~{t(id&h@3%+;+dB$Bqpj_PpB0 zlyhEm2>9c!-e3&kKsfiO-#JcvTVf1%u~d%JJOCvcG&VN~se4%-Q#gq9%&WP4cUyny za#_{c5|vuhWYb<5MF;^J!F3RMx`D_ST$)wwTCN&cYVM~7F3&q(p3KB%Mnv6z4#&~j z4d$^6NE0%f7h`C3T%I^q^tQN6FDf{eVlV{tuuY4((B1qw&d39tJe|rI0k3)SOFnZeAjs>J)fMYq8*GQJ5dqlDwzPZS zFYPggV~R${&?e9ho47DV|FBMDeklur$o}!FJks{f_EsQ|KKrulHA03-$FSq7XWI8L}v$ zL78`0-21{QA8o?1xbO12es{i{g@O$&mW;u@6^5SVf4P^UoiC=+b$A|{8`;Unl(VlvyK*wXkPUv-(jVS)n)ocHZI62w zWWDhN&tqxqRio)V3bgU9i@;HnKVgLcZDGfZC=U8;qBvO^uOn>buu zpdlzRQHF5HrV+)_rdBN%$Fm2{rP?|;*y_W^e41Shoo4-4&RID?@LZvqa1^J!4Yk{u z2rUpd&|oAbct(~}WS&v$t&t7lq0%;48HB2fQ<2=1(2#?5jW*e>4zMP}5jq|m7UAg$ zn>VDC$Kl$9^Qx^)|IJg!0Z1&s^Rx{;!Vw^I_bsM(2X(j=TKk?+a?>qaqUSady=uyG z37UYC14CEo8k>$$VKnm&+yK!@%O>S!Nlr*9knj&%%FndrEhNLbqtEv$4fdf{9md% z?^GG><{10WF?)Mh${R+P3g$Z6YmVD*b}HN&`mkU!+ZL+47bPZyPca3?_|jYRF@#uV zpZD~9+0uOcF7_s>b{lxKv?6WQaGHQQryOt#5DUF1zMEL|qG_z&3ow#Uh&L#!(~;6oT}}yEyWi% z>wdmoB;|Zw*Cgh4j)`QhIQ+-TcdmPG=Ob0!(n@6ho=a)c1}#B0pbjRqpmvA_!^#?0 z-j`J;?bcVBZYm&Vm$cvzwO++90NqE7wO$OPW>IW3C1SUtKVMx3v@4Z-lK z(*5&IBprs@A0aA=BqR;CfI+wF;khYGqPLOgDyy>4P zyb|T*FJldd`5>}oD`G9s@RmX_;>gb*jm^8J!q7hnD|bPcTa6cxQW~+3R`lAULLy0|$fyjtGK=xIPkMuw*n~0pDq|%Lf*REzY z-X?i{1B*}kZjh$?(e}LNv@>-N zS8_$d2bHW62h{8D*FK^x4t&F-O^%+o*Sz_u^uckI2y#FQ7=r*Y>lHORFO@(~mJFKr zVz5uw!|xr9v^vMA2OK0#R4;61`8~%v&RMqdiFW18ZP6tn@IfzbltiZGgSxt}-*XmS zYMh_;G*{Yall=+a4H7{s()xGY4&&@kmt{p@eJLE1<2k7DJen+NZMz#+Rcqs7D;rtc zvU9WfNaqVFi6w|SEvH<(^1N?0oqwG0qo=}=QCSP#($`@833V{PRnPA9;9c$NrLB>;%YDS`Rg2?8`n;HvTJxOVuug!xqUWk<*?|&F>tO$}OoZj}Ur2)^%`owRwAs zR~24a=fg?67PsjKSp9Gq>H1&DO`TnHgv>Adrz-;<>{48C*-6^YIjf6}N!Oa7G5yla z2x^!~WgSEgzMfir*ilfkBK%FC9B&`6eD7`l0OHre_iuBBpU)bRQR}$a&u;&ScQ~d2yLepS9rkD_y_eVt$ChU0eJNZ(Y&)(8h85%dvhe9k6+4zu z%sVhyj%&8c(@e=}D_Q?|!MCt03AQUoC2rg+`t_}D6S`(Zh#nWj2kPRfM0kQc_fZlo zdm$8sd-GLnQ|ar%&G%#Q+}@J{7Bjgiaf$7KA6U61L$hpw9jt&JQ2MEwPWAkko|EW6kFhs&4yCX_bF0B_C?prHDz968FcMJFV`GMr_@`7o5>v(17X8q-B z*mp4vdd4QZmIg^SZlx=2VGD>?phtsFJ6}$6;m}>(&9uAAd-zS!(-)YkQZ`6AY=Fn{ z;g2r+wk;$LrT~fG0e-W=q&zM!9NGkJne1rXKJwVIP65m(FR#Ay9q8Vab}|(~)bY6D zg3T*-Ao+x~=Xe4e$4kI19#fYk)_k7pDMFDir1>P;3-?Kf*ood{c1F7PdV9p>?@eNq zZ*ablzYBI4(K|W0H<(SQrcG)LukvaxT0z?T16uGD{yjO0OCy#Ccf4B}6tzC52T#L= zR2k+ASFH+}KF=ax?V|`?-At96t5>Svx!#^}-1-Hjn!lKZ0O7onxYu43rJ;8}C~0GJ z=rRri%dhnQo6Ba=LGxEdfXq()sZ;T8*O>;#b+Qrkgl?l1H!a;>8y`zk*dIYJJDPY3 zU>WRN)|_!RHU-@=PSC3iClS)$wGlUMc<-f%sT~-UUwGDo5uJYCh{XNGrTVSJ zlQ9=dK*@(eKY>?9=IYngxvkR$W0r%b1h0uO*e^dn+2s0DWJZ9IGzJ3#OVG6bUdB6A z+$>>f?CC*#;QD0aOat5VO|-mItY?S>>{v-kF<==~*nPhJrco&8(91c2IHM{|>*wcQ zv7rN(=+;f`sg{CO&l!N3mMlVc_2U;KvMT+rqu5~h!wFh-%Kvtr>?5&+SfD)gU9n8T ziE3RPj>7+Bxn9fbJj96t^A{^(=0q)q{ix6lN%Gi3Q^FRlVY_L2ib$DM0Ym*sU>5&NK--qBZs-Nuc;i{ZhZ z2U8Bi8ojr+e+=|+aKPsa1AM@7iU4yA5o#w_3yl{2D7umcHMiIbP{-b~>t6Co{^tzM zN*mKYCSP?3=kvOh4`AoO3E^p_#X||7<@Wu;Cs24+6Q}VnfW>-Y0p=W&Y-vcBR|e@F zCpOplpx_77+X_g#)9PWijg^db5n6w89k^2Q1!#3nTaW7!yy$CFKk`nz;V80WSGd&o zT|WbiXgHEhT~NZ_DH7fCXF37Tt9{UH5(L+ETv_ z@4<;2q;mKXwJHj~r}`0W{&E09gra)l@&?!wj2}?t$KZ>=rZZzaap!ZEz%X5)#t;6j8qfWtxEPG4Y{xq(t@omrL6FoD;*xHMvQ2kp-VoL34c%9<0TMrLZR^wR$IE^*qfPCi zxAy|otle_?R?Ec!4T`J|qf8;)*PT16wFi$O*aH0PKZFSCElIYj&5j0hrt=Ma_IR#) zlqrA8+`u{9UF;6D1~QO&>8s(k{v=B_X4Esi>#y^q}f>W?6+G>!d|U25QVO5P$j zc5v9ppT!ZBCa?{jCpFIY=pZUl`L;fTS?FKx4zFX^O!NAwQ@T;lF-5_%uawAFHKvX> zk$a@K?^+W`#V^r$Q>=#tNd-cjgue_tjXRq3!JDFg>a;+5= zm5-Of1hD-)%oBxARj8@+@t)8tsrIPeQ}!?UhMTcqFBlGAYJ6}yc|swi*FRYd#T|Fj z2uOw7dM}H^6X$vgWWVNP{G*rlwhfvbS0If#dIfFZNWSt&NsF(?Yls?3Ljd`@#7&-Su99I9Ew0Tt?H9go*5 zpvo=gM}j>*dOO|y`F+b{BslbrhiBLT{ohv{$gwDy1!Uz<6+fFRR)Co5-#nq9In>pN zb*rVvW$Cc(@eU*hkEZR z(JTLk^Vr9~k+;c@#jea7kc+1rA?`M)^d}orq17p^Pyh$BC~O#x>ZiXH98g4@Bn84C zHbn(*(Qss+zk%DMl;u{DOr&PCe}ta60kV#i{#=~-y6RGsKSxb;pvkcX z$hdk&YT3IyQOSkL4OYBJ#M7dFs5(>&e4!+VET>-4TVd!&SCqf6hQ82Dcmtp9t6O^P zoaNyhjH5Buz!jX2sS`Oa5` zli|aI^lG_%F#GN9G52s3Q|E_Js>=u`rewA;H+61$$rar-4SPRI4AL(i!H>@90udR` zx%8>rN>SX`>S_v#U_-|6YRGOij9USH8vBzC2}m73{L=AOMgA1;w6Dhastm|r_9z|o z(+`UfAvQ5+-1wmadDt!-w1CMG6|{IU+L91>iRSxs%--Ch#T1aV=bq!SHBxXCyf-qb zV5Bn@2tC;+#j?H`K(2NPN;DLT_s)R688$wr2w-I z5^sS?&6nlT~<337aTEv-QkljrGcy?@f&Q`v&^^1hceDjX-H~s zYaNfdnyn6ycrSqozn-y?4D4odOOTG-+O0U6^t7#m61KrE+%S|>V*ltsc-^p`wrc;k zHWd^VL!&v*NSz_$B0zZCTNh;mPF?ty0V20@99IJoAHgZ|N}jt4;U{gdPax6(4j##) zZrt@frKP~I?BbkE?GQA#`ReTThLgzs0}g6}2g`2v-5WTQEYPi@mM^xl>{sR@irv6V zl-_Yk;@DlL&gb|1FORhis=YB+k9QYCDFw38X^gw5!B?B1S>Cxsi(Qte7Xg_$QN8ls zqeAZ0&>ZU?7sqbUx>Gl_MLfxfb%w#`ijT8O-x&ozXy2SXX(5ZLp#(Jel`cI$-K^hp zrE8SNr|Z_Z3-%PT_k!_<)H;)0$sH-#xvu+jv*mB^l;k`0_5mX4!xDF}ae7wPM%13E z0JSsem3e_f>>UYJolmM}Pd_nb(Y)VsN<8UiS2q8kmJ?}Ce*Z_z>xnjq4QcL~ZOr(` zFwftW(~$s}N#|DbQPe;6@pl+bz!;p46b<AtH-GRdDn$lt+{fI&EU zKqL|+Ci$O&C4XzYI6F9fI&&P(%>U<%-d~w&7r2kc*|5~7bGD82gK>vM&{gZCI`~UDG%s2v&8XHT- z|8iayw-07z(1*Tt{95Z<&ES1Ew{U*L{{lDcpuEwul={T~{HO%ZYips5#fe4n)WkTQ zye5&akCq5)*TQ0kdQkbFsliF;A}snCy>J|w?-EDmZm>o2!LzPD#o zKJsBRvSZ8LWJWI!pw4qJTjNj}fykk0dn|21f@QQe%DMCQoGxQNj0!8^@$Q^+-*iu~ z?YwUU_MoGxq zWzyNUmUA{399%KkS$4T^`E_q>21l#px*M=Z4#5;4rdpMdlh=PRrlq%(UO{35eE20~ z;j&YIzp6wPl|-Pz+8^m&jECQ(HLHhpY1|KP?0CY#5h`xKv#n$W_oyNAM8dXfq6b0uVT^%)4XcHbgy*eh~3d_^`psOknnFGp&e@& zd{1X08lYXhdRI^)uBG?0mcjAnk?f5;XHgIyn>J&W9{bbB3{lRuI#b@eryKtCw-pLc zm)|MFxew29xUP;UnCv{p!akVvsF$d;m)4HMV2}osV}cnhv(Ae$*Qsol)QzYlhN?>E zUSKxM`8@ZEGK^E|s|%jLmksa)?Co*84i-CLUWNF!w~T<3(?0rUfl^okn9zOZOOjxu zcwj$psQ$A|>1YcKt53j^8%}}GMmyHhn;RO!;LDUHXsx2ywSM%gi6MeCZ`%XCz?2T=fn?*YyE5-#_psPt73jo)UlRm)8xLschPQHEo9*8yGtq&bh_su*M# zI(UaXT^e=I4+!lJIO#yGH?}33RX_9%_rb)i;mg)FJvNLHN5dcA(FI-n}(+nR!l0;1Ux;5lI-kd`6X@^Wh5R)5s^Ok&@8d9pUk3Q%Tar_VR1g+ z3fP`O%a1Z$pIsj-9&N|%+-^n5Tz>ES8FBO2Ck*T)n`%&+JS$nwth|%VZ!=hi+}E|8 z#cVL@6n4+&io!Qc-Sc}HIWNiG&al?v8A%zZgnc){H+li%++30=y{!s%=imx{afkwJ zrt)KX9v&lxyAPtL+h^vc_gZWNU~_B~FV0QRvk0DnU=oP&^6h zNlrTQT`;b$r-&-=eKIhZQ-n;HQT;r|+Uv$AV5=Zw-LHxpJE?@s39hl2Y)f~->b9oF zdxyZ|<_UGXcA_&zFc@Jd#VoxNW;sf&?&_-A5-~e@07|tYP0w2b=xtWE%}t*b&v$`z zT$gV%V#-2<9}jOL^xM-$j7FvAi|+L^A*XBLV*yXATAAXK3C+W4xXSs)K-M6kge| z2An?qjyrZ-{V^cfcb+8v@Tmd|)N6dw zZ?mk4LcX~A-ej!0y+Cov@JL;&ZH{KTu$IsBU4QW$Z`|L58Aw!`;A+}zo+!o4SFXOH z(<65QM_U<`TI$OEJcCk6pH)1-xTfB1+G*}dO-lw%uTeEJ+3I@&vPLsMNC{bKRt7Ez z_BshnzuosL1=Ce^Y_qEEZe0ryb_y)=-c-7m6kA2ndgp%(@O=R;?0YV{Oh3_?Td#9^ zli!8@8hPb*&6-gUQYu| zEog3@(3IbI3Z-f5#LHQ05Ex}5Z8uYC;$*SVA~MSQ8O#;v@V={aLV%n2Jxh_TGbhq+ zR(UchTSaxw6uUPeOO?_P=hN1Xbmn?V^stM;1g6t|UZJC=_i%464Qf1SnETqzF7f<$ zmr)GPO`-Ed*tK0nwE#&htNPrt5>;g>TD5%&%81!ugKgp{?!tY(c0nx1 z9;L&e{^mLb(~!S^?~_xp8F0!^JHW+eP<+SSYOt8M_DM(waNiZb`fUP$VAn&oP%iFwyU$B5Y(0wo6wIDf ztLoSe=2et#hh^jedq>&5sorls@_TAE-KqCEpF)$e&;`=iJG2q72CME(M|NhF!iS8a zdA1`D$|+EmBg`+PiTOo;A;FW017vn}rQ)N9l#>t5rhhTP=R>{P=$p|tIp$8IOdb#8 z-j)Q%BbEX4ZbvW+wdJUBbyBU;vQduos>gr9{cExb6OSIwc;?Ak#e&R^f5Jl6dUjtm z9~A7+3}Mz)JagqgMTs-EM}N{z{{_^=mL?4G8v3Yy{+xx%oSwfqM|adjXt#o4u?h?4_zkM1bFVL zlEbpfeK3{aCyQsrJ<*6ys<7g{tkjGM?=)HcN>LW9svsDepZVwaff!AEM$L2n=r`FRl zn@R3~1j3i1VHbjfJ>p!EnUS@gIJzHCbPWKm<4SnPnF@-_r_IO+&d5+y0=zBkk4s!g z`zz_~aiBD>!%K`llX^20GUwe^x*xDYYwZwMlY?Z9zrD~OFs>l85Uzc9r1E8dM7KJP z+GrjL49pRp9wD{giFS(>mxmai$azB(f{AqZ%4omO64sd(Z?Hs#v!9vCR9ujS?{zI@ zt-oZOVLTjt5b*yATOr(2S|2@h%CePlKjwwBTl(o@$uP@J*Y<%o;0f)Bh4qMtZNa70 zs>M)A-`%@Ukpb_G=wc@nBpshKS#})vb|Hl0NHvtNM@`XW*boV3<7Tfio#$MW_H5;ddl}hH=Y0W;hYdZlza3Yj5ku?08m(v ze1c>ee#SLC36-OzC-gT(H2u4Y3O&M$Si}LrcjcA4@h{-FV(P?wUdp{P-YMK5f`q`lp_IFSd~l7OPZ3aG5Xt2aj=2H{gBzYv%?q zFpsW7EJ97hcvCboz8|=?&~!c#2LEM08eZ*(&3(@8DdHA#o7Ic5s5sC+`qPCOFl|Qx z2Mp+Pk+k$@?Nt_hp6>Lu`TGwm8h4Af(`C-wv2< zQH;UQuQal=+^Utjgp;poCC(+I$!(xRK7s?41Kr9B;o)?jM0y?Og~r>VPot!%J*h}~ zPLnJlCOFVkU%1#x51E+MGkI(ZM^hUC5z7v85$}@@CE@ho^c2WIJFs*9~%_ zoJ9h{MOkTy+nB55=R=F=MiS%_uxWHJi>cA{RlY{Gz#9;*6n^jLOyXspct^JzyiXPW zEsaA1hp$O_fI-7B>q@WWdmjvrjTDInCG~|tD41RFP5}Zda9Y&F1$IR6t3DiB>o`|l ze0nJX25zQb=JT*#qXb<$XfuLw5+^o!9od6PaofGf2uJz7dJUWPlx*i01T5-oLgDIE zLHCUvHRC6xiQnT#Aiu|)Mh}=tZmRV%g0+Y%KIhUhS}RHK{l293P?cr_vTx(eQ8$m64F|kAX9~m#255RXs$_P&ZsIrGzwR>`56zCmG6H2;Ao=QeT74sR zKfPowH%Y+n2e}Nm%@~#WFa*nJUs$m(g5S6X4ZBtp1lEv>?7`gt%A*a=LZVhEq;Q&` zZ;cO`)7N*c34rhQc7f-7hx)UcobP&T!`cMD1np2I8r&ftrnPyXf`84LVF=kJ`XIFq z;RCD(j#*0gtX~>Eyv|2cVuxO4_vs#x5g%5Cq;N;!t+fdXB>_JE|+xTi8NPKyda~uio)Ey50x1-HGJVERtF#1PClpo#}DqbRLCt z%WX_(EM#?HAi&(Oy!Vs?DefcK-lQJi_Blmee`R+Mb_My?W)5D2HW@6-?rQsXBI5AB z+XAKLy1{TN|1?K2g8Aq;IJVq^2b+Cjx0qYuo0L}pfOyzMWQyrcsArc+|82eA&wd z#i;0`p$6@_&%q^_G6bJH-BAdOA7GBLyt}L`mYIHo!)fyJ8mOHW{ONgPZ=?=Xq;R;7 zgR9$m8~Wlr*kM?z8>u`Q9HeVJs#lco$O7&gKd&t-wo961V1LWisZ4++k7Y`Vcd`pGH+Q(I0OSjv(EXWro_1-z=3plO3~00Wd^bUsh+90RRtoG*Jr#{#yYPw?_d*3DRK~q<9E#p&r{h!A>Sb%{5Y} zwKThG8s!}O)D8pnFD=hdR~@bk&JH#M!;Rc-rtuZpLLiXaMGVpvc~n>sPnOp62O=@H zVV#G$^ta<42`cI#HAhaz>$PTfV6sKgRy>Uwr;tVv$Ag~7vCE#i3G%-64Wn}DoWMYu z`vmI(qX}njW0`D`)k8LV-sN?F#Y$^~-`&*${+>#4?u|>UuRuSToxihO6{2nC{Ciah zG;q~&-Eye&@KI~&{^Vi&$3**SE*;mn%?ZR~U|5Z%OJBF7d`ieVpDqb%NSdBI%`S&Y z^S-2>4Dzp^-OWtp$}%9(V!c^E|I72?QEyK)|8sl}y?Vyh1CVvGUQdI8;~}k~{euu& zhxWsdK(Fn#r<<=BGdd4rR|3sUC7N_XVfB?y;xC)D^_O>Iky*dNVpHA|1`XWRV$4P? z(u~q~VcCI~Oiw)F68uHfIbWmiG51x#szqo3|8l>pe4x)8ppm{>g|CsB+9KDK1hu}w&t#t) z^zn!7kVuvv#I?W#OOBdaek8k7gc%&v3tLA7wCb3_`ky%l=lYFBT|R4=a(&zVvVL6* zjV;%q233Wajt9uI20(vLOpl%{0*URTh804ft2*uBknlmga{Ek1j~C7?+~-jAdpr$z zgRDJfpHyLx%?xTEum5%B2Q)`)2N1A*oEzH4+D>m7d&#UoFtQ~ztGOzN?w7U;LE~ju zMr=;u#mqwvj6j~eC_jo{9i}wggRJZqxy3`X^I<&6VZZkWOh3 zkj@!Elo09eQd+tPhLnb(Yv`_F=o$vz&G&oG^Lu{J<2ir6*ZW@A`Dd;f)@H4}_geS8 z?)rRIJGoe3C~fXxKnK16SiI$jpSx>YKYqqmh*Afvsr`a+unoD8gsW1wG}Axx@qv8{Q;dCCDE ztRiN8n%;fd@HNEb!~}cyK2H&^WPk5EMAS07yt>PBI7c#|M#0s41hckb?EcA`LOcR@ z@&1JCacDR(7KxvV2oO~F#n&&#6N{I-t+a{)DVH6JnWh0?cC zOIWIKx=wj?s{!V{rJU33{POQ^sd($R5{CcCZ`P6t@ zs_8Jnw%)dG{;AR6-aGS(ZHm(*s?DE=c5@8I9?2G>iPi3tZqbFGL|B9MdP{G1V!pdn zThSq)&iDfyt&aaTp9O?CFl?P-q!!oyR<*uNHOP3>Zc;^S87fUoTKwjItENnai z3~QVw_#dVZ#eskFVj~qXE-_SCto6eg_7#)IQPFaUZ7j+G*V^vGV%#Q*^#>^IUvcf- zpM2E%sxKmLa|7i<^8I1fn%Pm>cvW$LtKj|7PPnMc2_@#MynR!~YUHRsoxR&=8*jDZ zlhiznZvoGqe}uFd9avmfL#+*2czOn+^vgOb+7DQx*`iq28C^B>d#$wsoI*chRt|v+ zv9!)Q2;M{-e)|d(s%MV;8YOhXJQM zdpT1Ewow|U_hz4b>7y?_EvgHdBo9@1oh=p5c0xF)HF`CQUnZM?hXzl0ACPRG#}j#D zN{c8oQ@l@ktLPQ!*MSw+uc^^4&O`;@vml^aJIgSHw9t-vw3WF+cRHLB1p3x?Y~7Q+ zdLM|{_LjS2#jzcjN@G;@KD>o;Uk#ZkD-Bn3x`W+hZ#e``cc}qgpTDW(4QLc)IBCHm zJEh!uWzR`xGuoh3te;9FF0NXoVyOXUDK70i!s zA^VO%S59$riR0wDREPw|*VU3#kvN94tixZ_2X#eMspPr@2AD@JW@Q>jB$)`O44SA| z6685IGSn2Vl(^cqYnt6=5vXY(%<0)tJ?;M_@mWbyREtP^)%W!g@5ic6q5`PazwFMV zVmGCGr4b)>=|9#*rg9?lq^8~0!0$%6A-*zt5>8UBbXO>G+StkejOyOt zu2fnd-X~P8>23w5?S3gTCxa^q@y}HZz}UER!_KSVNAA3&t>uAVoAR0V?7}8;OSw&N z)^4f#cy#divv*A+h;pxZMEw-6!d}OruJY>P_ru@YBaa>JnFs-8kN+*hsK!H~k>uV4 zWVS@vW64|Y@rXy9$f1%btl_=5A7Wib34W#BWnDVlSea$FP+ki!-_%*M@J7AjMJWS zi{^psD((_57O0LEMzef>m-e-A(~KL>(!8^6D%#U(!^14i03tyb;_<4y_cqy@cf${P zwxF3|AUA?TME?1+17q|Cbp~^)EfPd;JKErnKj#72sgnl4?g{{s&VtAZom8i}nA$?2Yc zjskz47)(Q-3M(h1ADFJ%@;rSit_4;1s9Gmz*GrDI<|BD>ueTrj;&s~RMPn)_&z5K8 zYYXog{cLCld8~J7UkkO&WF*rX{#w5#5GZM!?bH6sk3H`W_V1+(rXfBDAjX1kN@*6p z+-w@=y8y|8ll_#F?~+I>`b!<5;e3NQY|~~5-n1ndmiO%bQI6C)hV;sR*>iRcNixs6 z)ao3hOy+%f@tRgkPg#bkg~3@bv`>Q8n$EjjJi+`QYu25pgg=%RDs_j|<9amf^~=8+ zKkecUFTU63^3~Tu2DCABD09(YQpj|E+13C~n1|sAjnrN@E*{bd9_bC33ksn{fC_(Y zm;U>qq2@#?mA}86QW`>q%=EklZ6pDrmeVSxr4$1pYf3AwNzFD_Pwx# z7&DoSW$C_UZH@kXy(T+0PI=1k_dP4UU8V=J=@$2 zrzAu|beVkPo6mI@3s12O<`g+$4}_LPP-i;1VgB52pS;-iNSJqbQ2WkA<0J$Q&Hl*^ zd-{YmhUvkVQd=%Hx=yc&ZSvpe@e2PX#C_9lmVtl{4*sm`?Zp3(29XAN|b<$$OFh}@)fbg(76MCh9UD!F9 zY#ZMlW)$Z9n(<3EtNYpst{}%hOt$Tqy!p+!1NgS_8b;{WUy<#u#!$y3aNcZjb#J(t z7tvNxWx7MrMQy=)PEBg11fHMMhd#*F(X>no^tN}xjKit$bV++h=fs8^6*a!el|Bw2 za`%ucQfE>wXy>)_aGc>Uz@9Y73en4DAycmW&X&v@1-El?OChsL5Z+s83v<(6zBQM^ zEsOEhZAC!wMA0|gX=z3r^Mic0hUUiX-qRU?#-{Njj*2@t0Pi@1b2H6~%c6yGR)vqz zAS)E{t!m50g4wvCxos+(>dvnUzMVKf2VutW^jFfODNMJ${P@g>tZ|H*fE|mxw=bmg zfmq?#K*jRfg}7xeI~QttnOuAw^Vps{7dk}kmm>& z{5)B_mRCkgjS8g1X6kLvy&L-^y=~zIU-hP{t45~UUIyd1n`<0)_JoU~?~&8A$^dDR zTLUGn_!$+sb8LHaTNIZ#Du=44A#|09?;~%4Smo_CgO*Nw?-)+lQ|7Vx%a!b#w4~ho zF~2wKz3zqq>&j*h^ooyoB3`!H^T?T9*ih{x&iZf6h<%dTD8V^pN8LK*bkS-EsF`oP zh3x!vXKfv$hy5uvSYIbQZ7yaES1)E~IhMm9^#dIRtnMurmgT+Eb-3>QeY4y7=SmNS zCA`Rge{e;X$o z`qoSZZ!wXlY$q(-7o+G;%%mYoLZ4NolNQN5@qIJoDgovq;3K4Y)^jjEb}lJH%qZM` zq0yg&Pfed_wB)s*qj@eDW^mKiNP#Wya?1qiL9Pw6{!3PJfejCkmHFLE zCBeJDJp}Z}4D2>W2tsauEp_?O5Pg@1N5iMGqq9|$S7fswWSNHIpMv9V*1My#G+FAw ziFo$oYq-A*YiB$d^Y}xZb=5KZp*Z_pFDIgz@Sb5MK?-Tm2fPOIg7?LbXJgvw0BKy2z%q7Wg4`@_bo#6?<$d z_8S5v0YT}nwNIPLF47?x%q;u$1W0om>tnF`XJFVzkT{X%%(?`sLq4Y0NB}rqCq4m? zIHpEvX+RYlHks|mbi>SV)nxmgLEN#GY!8+$!5n?cvGHy^_w+1a)d`2aC00hJzdzjB zY$sQCj_*z7d2&+iR%LO*R?^5$@@`ZpNy*v0F75SN^_K>&(R=gfn% zI~;lVnr@c4jjkvf8+%s0Guh4&j%wCG8~_`GGwTlC4VIB6G#=T0Ln58BhA4?6j$JK0 zw=_=E47z=Gkz~n9=sIdrB7CZlf!_!Ko`2*Vj0YL%3IzVc?EyrnP?Kj=OC=s!X$&$V zMc}Gw+!}oP&kzLr9NK~^LOUOpRV#`~OV>}|HH{& zsaq-yPW!t&E#5&dx6gjd2sm%Vv=OptO`~>JKd_|#cyXWNHDf60o4&3Y6oQ_q$RncRc}-rW|B)&qIBCj z`h2Vt%A#y!qA`8r_v|EC(9zgCH=`v~1O+QjQiZt~H z$Cj{UWVnkgwcXE~QxsqA14O3wZ;?4pD)8ASo#U89T2F8 zjSz=wQoLdFU1~UcO2_~KCC70Ac;EQN2#;%qwAl%s2N~~XY=ZZ0d!ZwIaLHr^v3gXW z5Bt{9_Up0kuXVS`y(Dc64)JK+iRhY<>L8#UE^U-%O3mOGdkKr*e}Fh{woa$(tzPGE z;umW?eB&9;N90(4w6(n>Zwk$)^SPK>TsrQuS$k$RwMfOH_#%PdWXA*Z<@);w7O#mG z>z^Yopd)@Y9=xYQDtNb=xcc>LW!LczGbV}h8mtoBYw>pY#riLk#FeTe!nQuXKK$fa z@?m`o9G?$#m??c99-VP^Z;7oxx#Pi`1xN;nSxCYMva(N#hbj+fHo zV+kUmdxzAF$P=_FO!4$GgaeQEk$s@&qM!n2I63vb1)(0Q8U8+Z&32&-^SS4*xhfiQ z1tXVVOgd>yoyMJ#z^$S|sjZ{NycWnAHSlSiaLodp&(&ssR>jryBRruW7G^{$k4c`~ zxIBC{aUi`06ile;1idbXuNAa(B{ghan+9b8JgrQcCS&mPLuwORNqbI@e!vQY-9Gqy ziq&Ap8X~Yx8lg)l^GlY14ejpK_hB+{ck(lemzIJz8w9K#iglrve{lB-etQ{xYXnnhrf` zjFl9Yckpe6a9;CCXpeRlCGaoz9|lxoO$+T~rQBysEgHb2Dp6e1r0eXJ)HwNVL-2)- z?|^iT#tcTYJ^`&j#z&eU@n7&3pW<2XYFxJXU`R{~yxcRj?gZeUsTOyS4OMOeY0hb* zc+@mc{%e7o_5Z!V0bhQ9?L$o}D#26WE-Hg78L=iuiR8T;NQ70nOp#*XQ_LaMJ> z+bk7!0|-96JpE4QLW{?(Kop$&d>u&jKf=^9dh=k9lL}9q#GZ?Qgj0cu?(g65O%oTJh|DX#;_#LSvA6ER{8r4>h+6k1~-RTkdj@;oJUOs z9BegB^dJS_8eoZ`euE*MWFEEZKEO8E#T)CSfrI_SKE89CpCj_yeX9hDaJH@1Zoj%} zaHpb_-~eKDJAX2Ya8pZN)m!vc_4U!yj_RPU$EKW$mAO($oHzLPT7oGl>aJ-yFm z)12Y`nyB@?N@?n8^IIoI%&drK(X$?>w7R+bBKDicDfGX|GXV1ko_x6DLC~P>IQ}j? zL;Q}2>-xNuZ=hEUsX^7E9%k=J72kk-!KiJFu~0iatV=;45j{=l+C-GbKNl4K>9b!) z(rx3dQg=f8CNBb|TYWB_jrZ>@yzXl6wZ_MY#EXqpd+6+D>C4rrlR1=A@jW-=@!SlU$=p~v-xEX1cN zi)Pes&VDwbM_?)Lr+o(n$641mBf9uL(1RQ{+A)Y6MfGiEGb#o%xU+@%L>(8sdFX17nk5R z{QrANSLk9?xsV*Ogi3z!KC19f$M}XeMpj9keW?SxQr0S9ZA#IrVve5N^PWc&KUP;7 z$$XQ0*KkTv4EuhlP6H15Mbge2@}()PC&QeCg7y{!sKFp!!nK+jySAJJjQwu+@>2~d zV2M(R&)tpn#|IGwF_ubjW74!9a{MYd6<^uM<+%=3%Va>8Vr`^G=L(ofuWnH&7&t(S z@Ns2(cZC)R%4h)Fg>=5b{UfHjqRuXU*CdjHR|qmyW*{+VOM2JfxRlVxm1X>g|G-l! z7UnQbj4EkM{99m58gBd}**4U0UlC@7V?Sogos>(g7Y{;jl}t!XbBI(6H|}faDggB7 zSi9J2y8w!w;Ug7t&swBL%!US%xys_0=tcFQ_$gk|*N?`xKSMn_zMo|UY+qysLHg}V zv(r=u;y)}cd+?+>y&~Ho$sr1v*gJvL7hOzYBbq zFLw#m#!Ybs^LCY2Fpr-;T*eNqTSunybeh7Bleg+ST)3*T0w}f{@)t{#L=;)(AMsTj z1LX+(F1LF^yhv#K7lpM66MHR(uB<1(?fcMZ#3{~+1+%Yt)qn)$wDZnR4<3$n!|C^1 z55G{rmuSz$&>uu)N^|&*U!E)zr@AzZ?6bS0`)ewVEKU*)nS2@Px*$_whMWhuCHD&u zWg?JUDo8=$kMM5Y@eCKOAWEg`-*YE0k#K$-y3|o>GXe0a2=<4QWWqC&&{zB7kH$ej zME%C}U`9xRqiz4v(hmSFEm|XvwNZqo^J$(%g8T(0Dl_R{Cjl|4SDR-5?;Wv_Fq5)4 zLSHC;?Ml)Mhv9|&;jUD@wrz;ax!r+DR9DsAWITxQ*Nca+RK5&hv*J+UEczE-hb@MR zJ`2J>E9~A7Jj)I%pg7}%IZcWvGM@5&v%bij zgQkQs+<%ZEJHJ7H_SAZd#vVlZ7_drMSZ*|P#koTw&Tz2U53D>&jS!_)Aj!zAuC$8L z;jw@)F0wpI{+2P{FPXyO=Puq_j>wW9(@!NW!LSbK%q}D7B@z@<;gP^-CumsN@eK>h zk6_Qsqv}m7pTv49rMk*CN9r_aEV10JHFf6lqMw3RE9ir4!|hU)4X0&#eY=sNJFLD} zCn%(nKb9eHqoEi>QQ|YqX2Cph%YzN{?+F(litq@wa zCmb$JK=~RR{KpZvg2T-o%@a7Udf;wb#W4T%`>+z4zl<0AHo=X#@~>F0ju?6peAh8Q z$M?6xo4Fj8(f?i1H<{w7#0Y*vk#9bHhm9oWl%esv;C%X{ym&v2T*I!5Tx4L8xR>Nb z^zG7bua28Q_EWvCAb*7ReX)0ZRAJ2eL9wM<)nAL;&rk1UFw+Rt#E)5Rc(V72*yldj zWX02b=@7}sJ>5oaa}6#>tGTQ|eV=LXfV4WQ0)I2jrOzGh?}`hXNVwu>?58#TrR1f+ zp`7N$!jm|+ycf9i_FJY=bDVJlLCdze^!=Q+RpO(xafEsV(UYa$USXmSi!jW4Z zn~7`3s?5j?$fgXQ%{csBR?y_HICoKV%iHVwrb2&PKp#5r|-Q=tI!GS43|>xc{Ac}a1315gLUL$&&g+}nT#-4b zzB1H%`dO~*?>q69xsuv-uFU8)RO)~c8h{i{%vCR%y^idTb@-m>J-t0CN2ni}hQ{k5 z;IJ2em3qq9Ny9Ra-oyUlB^>NIQCQ+kZT!n~1M__`nE?CMvmsSG4O+A7%WaNELJz?e zpTI7FcR6#S@O}OZpL~$6ftRFmW!UWrgl}-Z;Bl>iA;l+F@O1u#h+p&*g)qC}uM_s} z*VU4Y(Fw|_9_ddB7(owr{SIMlOf0FNKIh@qHk_XbUTC)}E#Dqd5}hlzPO)6q4f6Lo z8+HV?l7fyP=)6PvhYucyJ28+mMyuS0ewHPA{8f#(cNa(dfSJNC&gB7hI%woV`hmjY z7b*eLL5r>%rbQV#pDd(IyMO%L&r?_=x$;wMA}6o|oo4Z@%4mq8{h^cd&mx2rNN)(W z-zVD03w1MMajWs zXw02Xl%RCZ_L;kl)iU-7DFVtCG&s!hBy!!yW98Q`-LXdKTihe4k|>9Jb@>*~?Y|Ad zPiYxI>A;QOPL2IoE&XewXrxbRu})Lj(?a7S^9v;f7yWGRvg`TXSx8m%>lISWxr#+J z4YJ#`b$Lr)K*2+U_c${ZcbJ;TIl}dWadlfudz1%i4nAq##8Mh|y7uh}LFvYqU65Tw zKL>QBDEVtAt%qz4L7(Sf37P(_x`n6O#yc%zHjdiY6mEmF2SUt;-W(@kw; z^ha6+uRB)Fq-o^`8n)5ba*0mzh1+Q|bD(R`tjKS$Xs)*Ly9H z1oiup$9u|@CqZPt$b&rS@ z00kI#2Csd|MRAsKwcAY3&cz3`{_Q+oq(7T3o;fs+6@9 zBYsqxT=|E7fp><>+=#s7<(+w#?erLin%Uh~2LHg?Ep1J9*w80agll5(tYZ|SC`2Ep zKZEsDJDgdNl;~ug?yBlJrr|C^2SHwq8pj322=gaXeDwz+g!?9^M%R3sf?)Xx>E#wU8k zuT`}t++kKi3?^RT>=Ql5vk>=eQ!6x(crpbrf6|J4S=(0L^sjS|5*_u|ZH@!81r&7z zHm7Je%7*NGP0$K-K$)WTs1?8h%$xO^K^ybvJa;@e38ESION;Hg!0p>@cSGX(GQ*h@ z0ucowO{6yuwQf`Rrx#o6KzY5q&#|9)KgU*qmo4T!hyBI1D{0~_QPH7?4uiWJv%f;X z%Eq%_cF4s1(?p}gfi&{knG~2oe$*a{%qE*708)B1lW7v3?&;41$+*_9@Q(0QQPi~} z2p!(|WW1vxx?2d4IsX)|cEiQwkJKr9pnQ7Lkp%_#pKy1CU<^$F5w^N6stt|sZo{59 zP9j457u^`Llo0b&Y{EuB-ok7W!(sGMYiVGqu=Qo?OC*U? z*z;KS_gQM9&j3K6xtbowUQkSdCs(4tlSnsD0CczzyK_kW7a9Yorsikx{Y-fG?I2WI z>y=wh22r`B5azx8s2h6)Z(a7};vL2<;Q(hQl0=N8p3jS!Z~%?jv$f>bd5444=KiZs z&{+V>;sITmGzoJEPG@d%&us0v7mL?k4nRkuxnZyMmH5w1CnhY(=aE2B#q7oQ-2s=a zXDr(#$!i2zhTau~G#pyrmwtQq4aww(8RkFi#UbbWW~c>OV%-LEFR|HU=PE5}01WVH zlm^zEojA)w8bYmvHCVc6lrut#{y}z`o$jrIbK@VdW>D+uHq3r7uI1$A30E<3@moJE zyaV%gw^y}BG!*wnIq!O$`V*U?a?@>w9-YboBuu!{u;CLRh$*Ly1CaHAkE_V?d?FZo zKGXsbs&45mR+mhP7Dgj;mUnY(RrHvw69l7GBHMl3dZF@q+*;CT)O-`xwvEQ5!C_5}r3 z@cb8<1LG4DP-L_spI~@zn7|VQ567)51v7n<9vcy@CE!hMcdkiDYsAB@Acu zWoh#(%(yl3*xy=Qm`jT=(d#Vfc5ivp-+3h8iMn67vxymcnl~2f?hnl8%mr^4En@3+ zll|6rF>P>;jCXqvSt<1n+zhV{Za7378G&*GIzysL zO%(QdSDDJisu>!fSaobZh$r8)JQjmlFC56L?{|4V+LglXoXj41s_RmwU1?y>pnbAIo^|aX3AVJS z%TiKTIQAP1lSHR0$Od|nohz*h3RAN0hsm9ID4mKZHgH*VLU-I*vZ=cbns$tuog&1t zaER_;z8Y%fG}vYEU1U#ZEyVmnKK3b}-bPGoe}O5RUM@4JYB#BgT zv`|g$pip3fXfCslro^(4ZGY!=z5x*#K!0kGlP-h_|8~9j)hSkbU%Q*7g9+%)F~&C? zBPpA*$BZR>DK)J(qV)9*y#fhvx{4(|)ozy@R%uthI>e7Q3CEZW>nER)0mte?ab4Iy zIZava1RTQBnp9xOi?eS(p%0XDOo&+XLc@OzYqTn1>D^Ei`RU0TL8$fz0oqpm@+mcB z9Ke(OQfAm2eOrmn6WcNGu8Hm&TmfCexM-ueGO2$Zhho>(jLBLpXVX2gw!z*+ zlh`(vmXzRx68oVPO8)5EX|ceYAiH52YS~DZRYy9{w~xJ9-QcvOsEHOE#yQ9z;x4hD zi#XaBioj_l0hpfxXu}ns`4u;!tng$v6o~1ZqhDz_Z5SKS-{o&9{XMkIVjU=+FlV#~ z8qsTu$Jb+XMV*`(7j7j*gaytbzC?`4cNR81CB$w8|tPNUaW*> z1CL*^!q(Hl-96T{ZNtXz@OtYxThi3}e)wNpY-ESU(TzIOo?IqPhVviO0u02#Nw&aq zRS>%5kqZMLU{5M~EtdITbFhR%xFDWm9{HXT@Y<*u05G`DPQGU@YLzVP`k^enHI@f) zKP!-+zVA}55ROB}2wcFR@I8hchcnzbaA3CTE6YH5-5fxl_wd|68=Mrz)6m$OO})0a zkL!*Z$oGkyQ|8gy(<&N`md()!KfD(*ih5U309}`u9fOgZ$UA0l*`%LTY4LH8$LgfU zx9;R>8LS(DgIg;Es7uA^`*(rSAi*qdBFjd@)QaI{0XRN#3k%FfP5wYQ9nUS;k@u8W zdF63|o995>H;bF2Yy5U@9>MGN;R`vk<{#$-bb8NOHA?O)c!y!&J+erBCoh;>pXEYe zxIdDzo2Uru##$A>x~UtMQtPAev`egTS*OE#iv8D1Hpf!V%iP$LCk_<;DIYgT+rb(G zc^$>rR@P3y(a3m%OhG>FRW&*H07x)YCHO-G8{4f^&xh}*0>Dw(fp`VRPcf%{jz;FK z2hxY+j?fQFhkRc6K$WnZey;M7W$3s2JvPcSbNpr%EG$93uwLhL@^f!SSfPw-r`y?XDivMP;n**}cdgJr|NFVw)q1p;PKw!p?pPtM7Z_w9KL(Zt-s0itfA9Q%eEepqY8QcbxR*DgUo=Z+>P3Vd02{1i>`_Md#%}bM&#< z_8(sgy^0hjR)%!@df}ftr`HCWyD!RJ{`a^y_wqCg19OmZ>2U1NoktV_&8DC!f&Vob ze@)Q6cfJ^wr2FUAf9_mX186RXex&)sLj!~VXS)Bi*2Mn5Jl)MU7|xq?K6!>d`bA*v zN?G(3YM9YHHJTvukSpvv1nV-73hkm52AtY4`$re7DP<8(Zxo+?oFRySpo;m>lp zg!MM=vKXv)R-tnVCwt#ypkJlr&qIE#bV|^0OROo08>WYzs$Hz_75=tu9^~*Z?t=}p z&dYnC0U4urtKN7ypqIx1xD!Kf;fcrI%Y;;H6L{$EENuR9-m+pfFFQ zWpV$PM*8b!=;eXVWA2Xp@xH|}b^x6g2O^F7vuu+DkqtgDgkNiiI|3QNOU)jKfU-|(jVZBG6z@whqHnr&3;BK>N zA3!eVIhqn+JT}EY#3%_sCd%m72FQ7Ax;a=7UG6rpd4j2v-P&qSWguE)X=pZ>l%Y5UpIR0{*E6_v0p1V zpXX3<*&5X#9M^ek+b|SRV0I`xx>Z>6psu)YPg~hLvF`TO`TBMKd^|f(^vrykLY`gY z<++b1yom!|jY@TG7_9#g4?EQaw;kw)QEBMp2j~C;XPGB&ie4Q>UmU{B;9B| z&iXMewq68?)5~hpV5@Lb&?c$~I&E!*=1in@D?M)3gzlWeMSh~GPikBdI@V+FHMDmT zR$4lyI%~*+2ymS4^<$3V`F)<+rocSg9;nmU`z?ymxHIcRf?upQ8&HG(B%bUjTK?Hi zk=IVk$i{2G3jnJ*MsYEJeIx?%?+86=>adPab?x#>xmV56UBsF=ui0gRf)nVD2l|y< zELRJjUtA}8IG`%ORy*zT{-B9OuLB2N=0lSXLv?J&-jBU`^hzVyt~_|!7-BmkO+aiv1il%3*e<+JE=4fMvcvcfs^qJ+;`YzJ0! z&Lxgj%BK5DvooB!n0Nl8T4D^(SrH4gZ$@gmJQ_RP%>Xo)`m;cn14StOrt#w9krlk} zvUDimQ67ymi5&`2{XUi0I(J;(0?{XZ=W3=wQTGYvte(H~>zbJlP9sy);3MB6j1%d2 z!+g6m2gp==ramN(TbVZ5#;HZfir`0)*@i<`%T|$^68_qK0Y=-kv*2jO1^$mTw>ggm z8{(-(kzMqAB-JSjC_o8}5{_8pCEG*v*|hc~M?Z9UHAe;(&I#8`)6SgR1%m9Ax#HCy zX{B=QPx02F@<{#h3No=#x6G2hSd;=FF2sBl-&|3SQgZQwYnQCvRE}lG51DGH>aALn z09+KZ&n!!%H@MyW*GYJi{@{_-go0{+60e-@xaK2Pg?S7N41sbvDRK3*>Y;~p9|8Q| zy?R51`WM{MqDTl*J=wqBREd3~qViF;%w3+|G@s4Yt#LT=)v}|i*;-|OBqI35W6XHW zHko`)15~`W#b{~E)?S)$!x*;Vc~pD1T;Hrt^~=q^({!9JUdslkb=^8`!8Ivp^dgkX z{8xEH&!jE)W74ljHnWxb-UEpRk`U~QVZ*W8<@S)PHC+N7{m&(W+eQX5Xf&RiC0%`3 z32)P2JtK?cYWwMKJ?ypjU~>aVBOPT#us7g!{f=S-+L3JEXv^{w{Y$eXZ43N~#U*B! z<&|}jwauKUO~ACuwfP}oxk2D=KJ-=?+bNvn@oDh_JXJT5Ou>v|sg6 zQ949&(I$7ByUXa%8(st%m5x^))#PA@NQ^1jH-MR(eil1_nGqN0UFI*pQsP|} z*$(F5=8HU`Z`8t6;bSAaY*+$9N5z7O4JCH>h6s#2$V-0ym-|r!qvQ4ZW&V0*gLM{k zPQOc1niKdD^$iwlqL;|d0=e^TQ75C+|gs^pdJkrbG4 z979bwtvx;cUQa!#$G3T>YAPprQt<~m^%{L@y-{WotM_Dy$Z;%Vbg|^vUPEAIw-hn1 zo1ah4p-D(pvz5gBEX_(^jp=E#=mE7J^1LGBX(SM%v-lZwQR6F2j-Qa@q zWW61RI+$Y^7hF(661SMZAXCVI9Tqh-xEKaOzF%gqZSR9in;3VI9%c~qS1$uw>?>*OX0G0+ob%WA3A+maEWVrEpqkQ>3xWBQk@)O z2MFnJ))lNn zWR;y)+HKZWo)_Mqy*%H7BiC|mbFN7n#~y;-NslhT$4(ujQ!w(9JM&J4*_X4G&1+T* z5vA~Dd#jtUX}@FshI(CSh@SZS^%7PAf^KIP(ES8GZ5DqxWyN++n7Av+JINW0yq&XC ztBLNE*l3z)y~I*^^u^Yc3|*H8s{YZWz;)lqXf^y}Y~179Y2AoQ`-bzlI*B1yB_$!d zA6syU#dNs{cE;Gg(pz;uy5jm1PacmgLi1d9SFRPovq&>{PHO;5ocEdG@wgze zfNvh$*%x0(tt`5K_M)>gmPuq1Bad1o-NW(Xeu8S6BdP|6*?iWk>EiUd(X5)WCPvir zI@PM_*uv0V4v!?9@6c_|!HZ`(z{V*pQq*zq)A2>q{HxyZrUmLT*X!2e2T}J|zSSF` z@d}AWhimR_ix)o>K)1iV_*SOhkBBkPx>DZS|M5(1tSwyFnAx`O+ zoK`M;RGD&R98M~UTcF`prIP%yyzHEDbkLZ`@6A z$IC0q)euEJ6<2bzPkg1Rl-DtnZB?sg_48v7q{)21eyJ@|KvOfX6v}U&Fl~&o?H5ta zksG}BKnF!UvP&bq#I2tEs75nbFM#}&P!7FY9%_;9<1iKY{rX7|2a1An<<3anyhgOX z>m6GAMF=5GR#lv?5ZEgUUSyLYaD8-kr}U~sKQ-k^SLE3LM1FLzhkK)DPu0^gB^AW< zruPNypmUYa5?SR{&v z0gYKmDv$kD&Hh*2^ZGSP+~J&MtZd<2#nw&Zin>vlgB8kx+TC(7ec~r0)rOp?MIYR7 zsg1dx(VK>Ky(sI$+4}MtXtsse{7&=uXF9NoqjcR2si`uqT=UwMpk251dekIdFH=JO ziHK@9+oYpIOK`SK0a^!1{;A6$97i11=-%LYUNzBw^y?^xg`w0+%P87g!e zn-4>0_JYX(gnM@!1UvmcHm0dpa5811%uRceu9rXOGbzjcRw-dVab1Gi?NOo|9!)mN zWHOSzj_%H-b}e}5HWp4$JQr0OIqmIiuBrBG!hi#oA3ONtUd+jm#j-o;DJ8T6=lQr zR?)ilBViha?z$adi;SLjIE^#+pxNouIcfHXBzqu;HxqeE zB5p$)2+rBvC})FZX$JF?G47VYyZXyk3P1H_K{Go%&Ttm+hb6qAyd`qiF9o#hL+y;JQ(~b5yrQ z`nv8Dn=4urt>rk~Yj5>&A-B&W{E<{I*Q6?nywgQCoGg+ZK-Ho^wL)EYl0D0Y(c99Q z!R3zW?pxQXj_As!3DJ|Y7!j)|Cw)+%Rp})^g??PsP925egFfVNp}jobVtJec%SMLu zR`WnFxb1_(`H#ZcDf5}X1xq&FHUr7kjWtHTRIPaNj!e96%hza{IeIUK|5}&^I0jvVWs-s`Bx_9qgiD+qSs5k;#9?Ti#ZM3%tHa|=;80T3My_ShCAw^cM1wo zVlJ{X zojR_e(n|H};@g!`>SoPsB(IN0jKh0WmEAP$Ac{A=%}mqaeuDSjqKpUMFYK`V2dFB( z?Jh$H7d%5-sII1x=(_hQYk9}&St}yYAb;CyEuvjy(oXFncZrNAC=yO|eOSg){-D2# zqgzKyIS2)hww*lcv7gZtZFfTt!OE1TmgPYdy7Emmj4x2;O%r7@_G-jGISQ301KBBf z-_6%WM?tGzr?_9#mP&uN8rH1n3{E{d{YofTdm&Q1H*4_CA1RVpQq5HKJwZd@A2Ie+ zfzlbZr9uY>L6Zw>NXB6d>mUgq#`Niiu{mV+g4*n}=EZsD+F`^y6UX}Bw?B3V98Kv~ z=uc5@ahqDfi|sPHl`y|0z?C<8GO^&5`{+d9!T;{X-H#D;pmE-h z(U~J*f}52_!uh$o3l(XPjWwQQs=RdaL7FHF_L{x0Y#7AI`?wRFn@-sC;>AX;J-0lM z{mA%>kpo|URZ(;$CoAE_;(opcLLkxX@!7AE;VvEK37p%Pd~ge&3MlnL_sIbvnPt>K zy>p%!jTLfd4}D6Ys(3m*(HBiFO?LOWX#_SVd_V5U6xVpxaes&iHJ7$Br1@wAqL6jD zT&-9~q!Yd8jSl5g6pr$Yvp2LneA>c}@`^yGhBNH8xRKeq&v>g_G$lxBugNz(y4)wl zh!q%I4g!nM)(J3aiEgK%{5@poob-x+{Ok|WCH7up-NkHttfw^GYcF%v4TjUi$xv!m z8E)tNngpI&aJ9$@TLzs+89$_(j2w^k##E8>-C4JtBBBFH=p;o=FOkkE9enMY{N={D3_u4N9~?l#KvueBld)Gk>rC80Tc#c z9xY8n{uHn{_=JMx(1xnN2jgPl>Yom;%Hu9^OOtzt|S z^ylX$RTEc;er;8LZfimE^J3_6;|L*Z?rU+}I!Cq7Z=%4rz0Gj_TC44IH+A>aREx`Z zcYhJdZtA{46ver(Sm1oySZ%IENcL=7Q%T4G}C~%lc5nb-sYZfm#;>{yU zkq9{*5W>kjK6ra0tkWvlv{4W5mz?`FxvL|69HslG!$^J+;{zUXVb3Pt!UnDh*d_J) zf?z(c5VzvFh~__Ly5#Sf21>o6mDLn=DtV8^PC^_%O9#{)t|g+gXFGe`CH(;-G#z_Hy`Y;IATu-9aYtb z$1=S*_~i0`oV1+CPwG+lOn&KlpK)<3W-Tj(fW5I*iRfx=Iv$6Bp9z3D$x*65!AL5+ zl6|oH;hvX-wi2zyoc>dm$kmnV7?)%s{W}73h{2ynA&Z|cPy=2_NQFcvo#&B*nqB#I ztm`OEl;hv-l0ug9S|Q?7Z{YqgIp8XJnyKzT``cBz?OU&DR%JKO|1&)>+KiF~<9SU< zSD51G)N)(OUC=_NQD7`<9w|%d6RUEXhjnZ(oJz&h9qVry6l>T_mxq=`!MS#f4jF0M zOX2f7j!?IHSIF-C%{sUbbFEx;4XO19OM*(T-j+Zg6z%>c|MHkB;!cfriTtdeUYI^s z!Wc!T<)(o|oDUu8jZ1z+`WAs{jZ0Hz0?bPuh*lzfD_LLqe?9m<$@+7}Eykl-6jqQ~ zfe=rmcJBlo1%cTOReXr)UO%=){q4iFUreu`u}8m>U6)L$mec5U8Qg-a*}*GpGxcT- z`WOaU+*EDdQ!X{#nl>OW4u8%PUY*_X?Q!e5ZKfOe1I84tT*~5ScHw{R{mO87c&#%Z zuRIIp{eIQgVA{}Y+h#3WK8k&L>&A7CmB1LqZEWW{d?yE;_O2G87U?56I)5SLZ&jyDgxokgFB#Yp4x zUcv_L6$$JNvYE*yHO-3U=&(AP$9dN2*v|;HWkHxc0U8 z>b3rB?|muB{}K;!bN4OCb_Ymi^kdd)qYz!3EpkTOk@>7q$m_D=CVi9M}uB9 zpBwExi3{xSd7YBoXY*cOG#^xoqssUD9n~n;w#0{{I_S;vTEYti@Tm#0f>TY>6T8s? zJBhTFEnI}us^C&%BbFS-ZfjM@>Uf74+*O*8<$&GSr>vGfhtlOUh@@DE6B$#x zxl7`kVBTES*hZO-tg>M|&8N0Gf-ij!XEXLFocarIy_dKE@Ua-usnjpEu?< znwz&gkX?unVd&wk{75T0_lk$63=)qq%<0hUK(}|-BF299x@GH&@%?2EqrY{pr%dYY zEan4V|)rO22SBuqHtZjZo5)_sjLca{|P&PdKsZVzM5?Ru&Ry{618{k7xq&L8?~k(IL!-BADmEpyS%4%b9&O)a6Jxw zj#M1n)mO^huoPsT`^sBM3BbhaeJL_2_J=~S^8_O;5N4hnMu=`=x^4fZwzy4A?L3>% zjQsK(TMi8J^;ds5wj`IGh^(7%*B{S&7Zi0Er_{?VudUk86oM;m({1YJy$UsZiLHBO z8~=iDmL%7f+<;Di#e7;LzdA{pZ$or#{pv$kJP>?(`f1iuJqruf^CBL4ZzirD1~mJQ zS-~u}>)M0R#PYw*y7LruCtKzz)UoX{jKn9@ns1quCQf{v3*5|diO=D*&wNVhsxr_- zR4o<$aMO5DtUznxJhlyytx8c|k}sIkYncK@I3cQ{(X7sufSyde4)FU+Po#a?@Lee#~awhtQ>~Y7<=s?m!s=E0IkQv)foykHz)5AD_4XS%>smF z^|E%a`R8RCDL=Dkvinp<*()AL{Yg$5-gsWOo8JcC7Iu788moT#R-IRf*Os~p*JVfZ zhlSuA5Wn_pzlhz+Wrn?{qu*$dUz3=x;gE>FH1U1@b)>eM71otp^@Z1{<o}UW5pV4p_Z@pQbjm`oy zrKz4NEGnF?v|zGsEaY0Bof*fdipvM;1#3^hj$-L-`Gs)F_0;xxCn zi(6zH;3@F55yLp+;kdgQ(S1TWxeT3s2}lOLCQiJg>8}p@0e&&(g;bmNjxCHL03Cu1 zD>2>g`t9aSW0_vXvIjlI{;Xs3ysMO%Q6}Hv3SpO%}pk**ehyBMXv z+QwRVk`w>u<4L>2P8_@X(d>@e1$Q#HfepqY``URHTl{q7q2lnh&rutxFNdpiN5t(H zs`C>0oY$#%>uxFn@(lAwGks(I{Ian!o?fn_WD2`42pe9`-NsViw}BhmGI=NABxzjY z>K^*%9XU$w+w;9_3>3%M9qdJ7qFb^A7CFR7aSMB;?0T$%)>IfW&KVl(CMX$i**L|g zRU39sc6>kMT1^bpe{5b+blY)>Ef@vhUyjXqaRHr5<8SovabNDdq6W9ERRb}*)nvz( z?298xJB#D(iRY*{M`vW9kWFW`(^)~Vwzn@d~m`k?h_?_)o=>?SCB?={GIFHSC ziEC|oQ1J*$9!pQl^1aL7R1GpCs|(-l|8nx_KD`Zx_jZSjQvD|?PC8Q41k>to8jr3j zH7`+4dJWk2)&!2Be5>5XAoD&VoHTF=A3EC9uZr7d-7X(A@-EybNhwnH%iE*;uP8uI ziWC86E4%$!|I}7RciMJ9@BHWFKsM(1`s`Dc7cm_)Qs(AMbtG z4woJIptmWX1X{k);Q%}@@?yzsIIL$s>ci)WPEODVc|j7d|>%ZF3&erMaf%@1ur zemKgR&DGMzaM5?hK50ntJdJk_9h!qP?OnF2d+2|?z`45IO=9d*@Fj+!U5d;hgTcV3 zc}5CD-v#HQ#>DN%aQn!>ALZ27^)|ykrv^pO2V78A9eh6+P!EQMP&n*lWaLx5;tbkK*2wUP;)b+#U&IXI+r6ov;&bbBs-U`v?(V zf2ZHD2LQuIQ&-XbmpS64aBg<}>wC>3_A0fpd1(e^tM6%{UOkzZ&i3`5mdGvCezbtQW@l2vBJNG*BU9?gt( z$WEo!K2Tt(xrXRtdTK&COpePbBaw!jenn@>ZNFhAL%Hu!9YD zIhv1HC2f9ntQ=dWcL^nHG6l_&_CEa^&%JZ8leD>{EXIwoS-JN)Q+RKS$Q5nf@Khw@ zh#RWF^@Wzu{cWhZK_)oL5B_sA|o7b`rUsie5SprVLaorBJm$_Qk&9_Md|oTY3H3o8WX) zVN4MnP>3!%UoI3S^_hsF>yu+gV!?2_pcn1fZH1j^CK$giCFNWeBSW(PD$UL7HbV5N zs4MV%*|tpkA~A>|qy9KvKVNs$vCDhBjO;<-ru{0Ps`Fdhm~SV%+6|9}a;qEuWSO^+ z2#f75c-$NY3ROA!SL&7R8jf2tMto?*a#NXX?`w-ieU>(^{d4wTDx!3oikQN_Uv~ii z3j+mkvxsAp`MU4u(z}1BV;+a_G2cb(mz4mfhk0_b=% z`+DlC-oNF-D! zeK-I5@Fs}gKH`B(maZoM=QfXYkM7qVE^V&?L?2|n9lYrR!|{IXmC0HA)tJRGvDOi7 zd@%lNO#gzj7uE>)DBia*yWny}_gUY(n_3C1|9=f#Y&pW|laqmGDh0+-$H%h{%QQO)irmep|{N7cslhVE=T%FJ`^;L65*jr1!?t}$&v zweBcxgtWI~;5uRT*Ol=tl(4?=g%xu~e2!Wc75Kwi$*?7j`DOWS%85?)hS6niJcnUY zjR8nMXM+5F-@~grs$Kc0gYoq8rXC(&#=ruP3*38fB_*f!FQe3@h*!?KEza54kXY(TJ=%V@;V$jxrOB>f2l$=*BxySk-ks;FR*&$n zAGiTT{?!`)MH50%;bL1eczy8XK@T%hA>}H?*-Ax>r@OS@PB=e?XEp6b4p*Cx zpbmgDTO;f$WkV<4vZZ|_G^?|pm=pJMXmGO-pYHd(gq~QOji*%L2ggMu=myt?%8zTAxLg)7x>BpLr@=^|U-Vk;C8r(*8rL z!H_X5tk5L+Vsod;&8N1#xt8(6arNN7A%k_)KnMti#qnDik$uJ3O2p5kk6j)I zdsQ`|WXM+k&Lr*sylxAJSh%ATkB4tTmQ7X>^^*+E3zdtvajV|+k6+HR!=5F?Hrw#A zil`F)L49FHCVEJ88er6XlS|4S+%)fXnaaidAe!mrDZhT|t%xz8Ih+e%Q^?YkY0F7q zI>r9@YNK0@5I|A22`(2c)BK;%w>|be^v-M{Jzd_tr1UfE?prXpjIKhvxxhQEO?VSX zNACcy-LZO$6b^}yU@Hm6iuJP7-9Lri-d*TVPmf+GtBN`3c)4NoiDmGd!`2 zi)J<7R^b2u3O2K4Y`gmaALmKg_SH_sNM;wg#hi=3iT57LJ@Wxvn2*VtgGH))2>C-H zF&9%1e85>N=d76K^Mqi1~_XY-GT&b5nPEP(m zrC;xoB6t3a^Ma$-$J!%UtQnHw@b~ApkH$g#&h+W_F6Ik5>v-T&1#V+a!Hh}A;Clz2 zL%NQ^R$HHx$h9? z5!Qq!Xv~ff_f~Vt>i;df2ggev$fyBrH%~P!!Ja5lyXV{8}BBPU13CE<3Pq)1q)Fm+uQW(*1}VXKxni~ z;%bRy>4(v^R7aJ2EG1?*eU9vbnfa{~07pMQKQ0>Cw@5)Gj^3X?mRg+A0fiaa_wnb6jLe%#*k6;Fw zx`0ln3kOSa*qrkRG9kxLdNJNsRjjJ`o> z^KAXOsKs?NhFf=ojfnk=wf3SLFWRZq@~GK(-&;G@-M_VCT$dTEUp35=;D1?lsRXRF&~P)xI!G8-$q>m?yHr9R7AnBWaY* z)Y_kk8+uz*TVLc5i>p9`ww-4!sU?1SE#3U!BPIP1)q#BG^F7GVd4_IXxg%uUpBPgk_g|hFK&RiK(Q0u>R;3q& z@!E;2tVk@g(Nwvy!B4NVqZ*yfC~bms8PnY&>}VeRH@Lgy!F^m>dS*~4(S_zz5U$)d zyXt{VtvO?AYwvX_F>)iZ3|dsB25mVs0c)IFqppWmsc1Gs*)2Y31F(O7Jv78}0d$d%G0 z5b`7jdmn2?(q7~>ryVM;(pabeY!gjZzG^Rhynh>@&AKKx`e8^`py5^O)B802@+Vynm-dA(`W^qX{m$5wu1^&SexD7{ zNcjx>4@<;F1OYH#YO3)JI(C*tlW6c<*Rc$-Ttdn&-&psw(TV@~cu^^MUr?_=+(yt_P zkq>qs^PZK?hqwcXkb=S|zSgyOwqYeaC33J?p4Y(fn~Blbd(oxBBW|_6ZS@E-rQ?n1 zxv)mZ(?`5^Tvog8soPRet-u&goVxLdCVocMACi%`28}Mby$BwB9uClsv4HkV3vrWG0 z6EU@X^H1HJCz2I?CkW3UEm*v5LTfHORufxO+!&}~?k%sa@12!zxn3p95uVyaf$=Gj z+Dw+(&%dAd+WXeGCU669;5PYsZI#q$w4S@k5Fq`L5`eq(+bM}+*=R6%0S&9vs zm%AG5OxJj+BsyoOJt6o-J*0RqzvoT1G9h@F^VlDzuUP+^A%~LJBwoa#Ygo=NI58N3S$%7sg{GTFZ!o9ByTbFolHcTg z*%yR0jzu0tsdB@?&g)dy$ByDg09WkefnlQOlu>CV7 zcdw<7v|dW#-dnAw9l<@_0HN&=8mO zs{7nwMJWi|`F&0$gKGB`Df#}sT-)U$T zT{&Y@R9LAjBD+()_Q)pg;y9S@8f@K;Uii@bmv)_#GTUEYg3C`I)Ld;HDWB?EM09zv zP!^6myG>`neRP*hzUB=Zdt#!OyH%b}Vr+U~32Ts@uO42D0v+JKVc53>B_k=oS3qz z(3Ptq$7wZ+##64|?fhWO+J!2%2b<_M&JL}Ko+`5_W4d`MQ4`jmrumRI*^)et`bpCH z+Guo#59Ih$*_1QBx453Mo;esK!Zd|Y`Cx?46_kx=uKZ)x% zm&@XwQi4?#lV#3p%aDRa`7N=_5k5`WfCDJUH%sRLv`!oU!+ zd~wIk<>0x}$DX!p+*y0VdY@lZVPs<;e_8#w%WqsEqlvq|f?C)tXS^{xsz_yiLcx91 z9oVo+<{STY4<3v#(~7&LDc#-(xt~Q9ZzK{H610wRMyV3!Dexvohmw9#c0_E`@d5pL zc#Nv(j~RU0xh-t|3wMj(CjT-ue4HPEp8x>O*_pgN*)4$YvNYs5OSUy8U|SCR0o$3@ z^d$q`3%=Aue*lP@&pLnok?~ThD4m$&ZnNBl(}+?}^AWdi7_*jpROs_%(~pY$^Ib}E zms_*r4!!DhrmaCh!fEq{jS6h3TU?141{Z+#qt3XtbBA83)i2*#2Dws(yJT`ANGzq79-Fz#Ec*2$`=2f? za#FwD?Ttx2`7t_J_~~Urs%iq#U;4E)b4xV;6*=1ao>3#T2YqL@l90$$;VN!RrJN-d zkg#_xI-CM@rHFg5Mdlm0NZqD8+FZM<{?Ob&h()av{b+{}HJdwOUsw5;{UsNx1;`Fh z?CRzla#0qpTVWcV?ifj|_vd^%NC!!f;!t)JUGvoZVh+lRnr9?R>)2dnSdds2I5GMN zBp;OdV_*|sMa9u!8S%}TTe_WWFcv8C-PwC!S?W5tjWPbCC@+ahdiCi!+bke5ck@iO zecXN4j-uv$;%X&DJkG^@n%yWo=P?hV>-pgz>@XX^4aZM{nQLy0-K_ z&vVgP=x=S8W>rHs&)zwHXD;)O@JSXy-4w@Hd!?UDT8qPkU;a8?LVw}2-0SBL6w};L z(20X_$o#>p<=-|(?=wM%lk{?Tvca1B1N&kN9ZH7tfq_z1FO_yeZ>s)CS^RCbL}ZMt z5(9;$m-&{@rCs43*^h6&^nGhOM%B{W-atX%+4Ko$UQK^p%eOxJGp>9&Bpz*8w?ZCl z8`K4}aiI(VfDxZ_Uz@Yp7|A&)8oBPlItN()=F5+}x*pLv>}Qi0#-+P8zU10x4xDpG z=eJFTUsX?xyuc0v`7#9=dhoZ2Sj9 zHxc>8&UXd@R*aKsS3Jc>!?%0N4L#`?3FKSj|Ma$IF^_>A} z`GlTrVM*;TnmS*R&caWXerNlPhW=t)+TbGz^E0+3IS)6WnxS*a%$`li5)OfMJ#?r1 z@v8<{uVAN3%KbY#&RhygNZnXr{ycMkioHpY0B=G zPDho{{+C%tm8zPwFab`%^Qv&a;?@o_`*r&MX8u2;tsXP+lPAj&SkobX`{UZV>Dtl@ zE3};g&M#yMeS?H2H4jy-6~0%GMY68PJRe8TZ3K)l#Oe4S&UVAkA!}(kMU(!AGnU{e z-79ePyWwHj|8QN!b1XchlKek(-2eGZ{36&f?#BDze>ju=5gZ%WQ~fDx@t=-I<3U@& zB_5kLkN<}oK#1r;Wt8pif4&GqBNp6~@sUM|EBHTM>3{?&MM7554*nnR7s!Vn(DH9 zE=6DZ&+JrD1(IYf6zIPDpI27*zXkojsM7xy^#4=M{{OLP6HiPw*wVe@t+LQ@&QRil z1%Km)r_IrO@I(JSMj7y9k#Szf8n6pD&5|VEUQw}VeKVbG5|INN|8#dMSSP`=6AJ>MbY8;

      ;ubI`?$6J`5fvTrj5U8%#3`&1@1-_TAGx?y(jE4KKL%2EZ&WH znljdH|I=$Qq5?|4bMK=<_atoqG!WP?_8ZeDU>Q)SRH7kqBN1A1 zqH-0{QB0_KI@G9E(%SD$8DcPF!w|#h)zM@yA(%h#!7x(BaJEpe&e)27>r^Xc{elCC z)(7jX=uP-VtzrXTCt#AEB9#bue-!lV!~P(G&SyYGP*O|{Ibl8KbEaSx3Gn%?jAv+8 z(yUb`-NX=j7L{VY5G1P)TA0yqks$SGfFr9)L@pqX1s>q%$GTUk9jJ=(hQtDy<^amH z^gcvWqRQ!K=-A^T4~>+Pz*$cN=c5!|NH=`0X{>*9HQtd70&|%H!dP>ex-lW<)QGus zHSQ4rbx8yZ=HVV~vxF;z0op$<+KSN3f#qLAs@;jS4b?=~~bgYHZBn_i&1|C2bGFkRWl)D$F}pIm_8xwxspX02z20 z6zm~tG~t*U5eWIlsfTo7L0Dtqf+D(;*atZL92>#A{PiBGRlt=mKu+=vuVu&~M2raD z{nVuAdeiz5a8k}zBEUQ~W~`CG+XeBh-5?_&-Q0Y{r8Ok+$XGtgso%#}701KI43gRVb_!jO8af|LHj8ZRoii^R*xhy% zO@HOlI6Cjqu~5Hfv1;DPMDUzyXX=~sgj%yg0p{2{7AO)bl>BU0Fup7h_ZnYb8Dbs4osiX&@4&PHF(laFr0r(LGe~ znm&Ttf$iIM)RdS3NSKmINUl61lB(brC>5lT2LpEqnjPc~riiD{kmF&;Mx{VO#zP9E z!dlPDZkWPf{!1-W3{%#9 z__#O9NJ0-qCB~2-R3>QwEd7BfV^%B1|Jtm464$ryv?6 z3YyG`d_sRP;dR%d5SWk$F=6(Tq|h@3{OBD24O&i(Cfc1 zgfN+?ZiTM-c*=?Z(B=b#z)A@uLrIkXvP6$SEgHfqZ2FeLgi=W+c(I$>Gzz@70^*NvmeOwk~>0n9N zgb1_yu8w91>}e%iWd1APziRZrC-?9S-!45lary*7FhaIrQYBIG4 zsE~MsUR;;2T2BFZQP2%mWLXNjORqg9@U}=kk)8h7f_ji01L$8hU~oB$id6V@B<=dtjdQp z@rD9!7pD>2jY0@*{Q&nMgu3k(;2DvB3b@7=tO>Z_4(O?FXUdGE%D8uHmHDDBnDKCB z0nS5O{M}dZj2=R^5?kHqOMt6vibz5>8^6WZpip6iYJdT_Qut9`04Ecm2^67(i(nlCQy>^2 z9MVHD0o+)(emPZe!Gsrc3Iw6yDiMJP zU{y#EQUocjKW=@wCSY-4SGFPED+Yw@x!1^w(UE5f0VOpU7$`JKi&GzBsu<6a_P0L7 z6u25(?HBE*k+DUIMf~Bu4m(9#I#f@5L!bd|q6rMRgD|iB&nQ;hu8_4s;|vMu$dOOk zof~5tqp|K6VLl=&`$Znu!DhOX%z*GU8-WrXp9xLolm%Vioa`!Re#21v5oyHi zx;R8_%4o$y=ua8Tr1eHFfk`PxKKCZ>e)_%$zT)OUF`3Y2pHs*bP(qAqV{=J4FD#`sLafyLMua;v5VL^fFS9(#7h|S4Dsqn3_FLgei*(2yIXvo0` zHSeff9Dj&9kSeB3RwuCr@UpKn?(S*Z2(sb*P<UVk& zt`n$wfHOgrKt!`XCTdQg(B^PU?L~r0n@R=L@(ma_L=%_j$XgDih08WxL1*h66m8}+ zYJM@0#z+mnUqWOnzw5B9RD;hS#QbEP{7Bh2p}tw5PP}98ReRQ$<$l~VmOo&wk!6K1 ze@c{E$pp=!M}6J9M6-`~HTd29z<{4f<*c}F zLUFSS~k$g)OZ(Jjs|xavZM>;je9<@x&v=*SErgbY8@9lHl&IT1X{v21P&a?kKl_94ilWNJvEu3lhl>7ols%36y(;U8_s%Olq)e>4fdLqR ze;Bwv@ce-bk@v)65RU^nN`}Dmo(SIjaTZj8jGqhG#H0T5+KEPPghkDV!S;vfZa?m% zzk7d&oOL~^Hv5)|tE2rDtFT5hwEim()p!_d!e?m7!|^=1m0q(%{)eOy6k_6)By2fx zTm0tduvnEQrsMUIPY0bVp;Fo^dG7#g9^$enKtQm*^}%|t)iP{>Q@DmFiZ>$PDH;g{ z5|g9|^I)=#KR19@hD`XdL^Um__s^P+9;ZwTNDat$xYxTG<&ST#W z$8}djpTD!NTpdw!61CQ1ev*lLygNaPzf=i%dl`-7dY=#(2qYdMkgw$CRUrD~fy6+P z+Y~*6Mjl_l=SaZ!aFj=gMQdt`dY`y&w$Ytnt)Hk|!edxE^j}7wH7dE~028$oWjFZB zAWud%R;ZLZQ`5s`%*J(fa@tb$dR$Lkan2pa%VpYB(ATwW1!9i$J+Uy1z|RPJJACqo zsemt`gPW|(5rvyhXseS`$ILoqE?#=IMV^L=fcW11BJVpt)@s#jhqbX0HAwq2_4X%* z=S%4~R&594x--4fQDX&0&(TRucQik}PWZl!CU12<6Rw+vW^+_#8&acDWJAA1Yb4&v z2_$dKQ-=&_MZ5L;LrixW3W4W+FA7g2eS3$Vv0DJ$FEyRom$?3m#b#6=@0ScK+xS>vIjFQExtMK3)T@5nBdhVaM+}-OqnHz} z@9~jJW)_^@{zfAN^BnbE2|IP)lf$C_h^C32m@13(|KY;oY5xWb9J;{bcjC9SA5#<> zG0Uc4&4_-c>B5FYBiz>K_^*uRZfgz?Zw?))dHaf<9j*jGds0vui|JnI-*j$s9K#Yn~;I$6AOvCGa zQ-$)sJ*nT(mI@??Y5r6rmCV;YFU38W6maZqT6(9Xp=H-E2|=zztmUz=Ll=o4qsGf z9eutJPDNG&rNCLZQwScBp>87*5SzjCAfw=bCAhEX44y=4b@acH57jQ|ABh%rY>4QI zWl3ZFGOZ; zpO@zrt7Xq5sCM$PSM;-kEaliZZ=A2vAmKMomN zUenfgkg%$~|42maf2H@O+$UX(BVAe*_m$J%E>)q|XYbDl%MM_w_2aM^_XO|avm+)Z z(G((au6I6s6B;ekPRXBDzBk_SK@U{;r*AyaIy^!M_l=>X4?~qh_d?|BhG{Hs8VLXd zkVe2uV|dX63iJH>eQ^$uxP`(+OWYo?iz;g}_QUvnYKAVo=*{79qqkWcd+zDN%>kJ@ ze&F=E=VZU3=?p)Qh4R13#f5mfWzwg(J63FMY5|WEJ8gS3^k8{l#f^wkyp3o=X{ zAZ9qK;^l%2M_?YqE2yOPhZQGJw;-S zq3LqERhr8})N|_%pCbsh>=(7wy==>O-1yP0Ve7^cHqTR{9a`GZr2Bw3BYzZ_XDZ*H zauU=rMBP$I;ZcPPSPWDzi`3LZRpCkCUT$AT|Evevc&L8a7Br4E7N=05iYw$#>q>Ja zjttdeB*NgXJFq6Rl})Y&N3FL8M1~!iq}W}F1CKYyB~i~F{GP}nUC$?O$E1a}@*%=x zO(M-YsN(~K!Au+T7)`YpflH>EgVNb8y<9;JwY>bs-b9*3I`fwm(Su|)c6lF0ukRMx zN0{A|3!s!juj?{;s4HFmrF$ufmLl^0>D=kWr8=60SdhBEx{<#{qqLU1WMA!Vb^(JCdq`4dywHP26pfa+lP7JsPg~n%ieXQt)o5=Ru zUd7kPvR~HQ&u_x%rit{6;k%(d-W8a zPJ@?-VlpqkY531j$}}OP;gmvcxjQ;*7wog^wbO^R&9F!Kizud@ij=?$iDoPkfS^70 z5BuT!lK%kY5&$3gV8LVmY;KtPZ@==Wb+V52OFrPORTt9uRnvae_Yr@PZ63887|Jug zfikL(D%2*>X+4^oKYloR{%KejVY#m+wkzYS8&4QUKg+7qjxggs>ug8{&Y<8zXY|~= z$1bY5n1x-33VgX}PNc}L?jGb3SkEJYzwl(H2O%ZZM>-nt>=KxqB)8B+#)K8VfdBPV z9GDMzDq)$0dR`5Cfq2P7i^@)(g=oz!tBZw0h1x`JX|Ivv;>%)#&&fI+*+c zWr*}cZLRW!J;Tng%E3B1<6ipsEC-5NPrI0w*ZWxlt7bI&Hbbw}5{gPQgvN{BsH61= zMFH3)Fc>#R97>H~(|2*{QNX55c!isJ`hZ>&@ALT{&4owzol!-PouPP}bDhMO4M7jg z466OOVOO0Cx%xK4h2sL>o&)I?fxBAR8^8!>mZ!`V{5iFtxkChEI+Js-=>IN*yL zpE`OdA)P9UVj_n5BmUN#^3*Ja!O>3|IEp2ef0@r9h036G8N+8c?a)w-A$fF~^%gr3 zzL1{Zv`5qYF$(;K@Y1V(G%oj$Hv9kPXB6etak1?2batr5}S(JVyg$Mof&6&RSXDTLkBgxw(wih?KVhKP;N>d=Tk6^(51bR} z*KbO(=r`W>>ppI_Ka?7)P!*Z9^gHaOth8RaP<%8Qbl$2rm=p;wMgk(xS+SYEyS&jJ{}M_^4&=?U)$u)1yU-S{0vbfye`F?c!X|Q0<}aF& zgEs`v3CAM8%oD>{AS!HxflPh5#5h}Ojl|*o7TVE!WuDm9*CTPcv!$F6I|EjTJ=K5r z$I7h=%O}upe-59X8z>uZw6?V$IDas0j@12)dF10@mCvj_kTQ02ZS>>Q;wLDT4rFN9 zjhTA> zY1i43hm+ZS{SOldBEts$wHI70(%jfrkYpr8DdkBx3^40su7U|~{@z#kL%Df|(fCSj zBl_pYu72sgygRXOj{z5gF(`9`10V>X5iK~J0WL5&(%8NyX!D*v(A;(+G^D3KH@WW< zt+0rbqjFCwYr+QC*S^;meWVXhe)5Zpq!`bZ#=U+}_Ndn(i#-_+f$TGkN?kfcT%AbI zq<_`pzW=fk6rmJ){CV%HZ9lUN%wcxyQ)L*vE)R*>!rPnq>XV!RCgBp zomM4r(l>qhvtR=KqMq2?G=5jERIzx{ zPS_di&Q#@~Ym5)^uNdFm^6igWqwlC*YW(Z}#feMhh!ZaEg@1i!8*`8RZbPvL^2B1+ z+dBm5m%0_NRXx4^d#L{$Lhn(C5RZApc+Bml3no34j+2H2s$fB-CFn!oJ-bYV^1kEJ zgE#atQh@eqI0y*g@dR=*UP)dC`9yu&xrosCYLJ*Q`_UqhUD$oNwxtiV@Piut$6=AV zMs#?cFM-Hx*ZQ7r=_k2w@;Iqvl?Z$2H&iywrJ#x zV-9A|mHZz|{%MaimOZkwJ?330;+Qo@&faU|{Y4<+A)Skh!RDBMZHC^mYK>+Q*}kDY z3On%I*ShE>o6LI{7ZZDmMllouT2$#@-_TQ;U?Auh?!!I82i~6$tRS&~w$20_(%z|% zk=?0`I;TC4?(dSv%B)?QBAyT~i7XoG@Tbgwq{h%Ys5CTEmfrym#-X_pyU-P{>}5QRi_TXHFO1cwaiuGiq@Y>^P0`Ij6nJMhO96rEt^__m z28u8YTr5xaOB|bUzCc0j_>q*i@)9<=R==N(71+!FS(N#z;B)c|IL+bT*_{$LHEuEJ zV-429Q9W5v-2alfFkMSZ*6H8fvx|qz1E~e0jH61!5p&)@7er^8EjgVePi1le(5`OU zO>p3y7xe1&ft=so9A@5N%BM+ZruiH^*+$g_A&{@QZ4Yx{3VcEoT^}lO_<{q_;YbPk zI=S`t{g{FuMNm$Ix~T4Jpn~dOY2I2*&MyZPNqX{HRbEu*tDRRQZoVHw^P8HlvS(!1 zX-=vM4cSs5#OPQYPe(iGe5;4nBN%|FkZ?ac*MLuwpC9tbk*7Kquf<9dz2&yA3yv07TN+p7~eBOa6YtDz-(>3H7K%TRh^# zeOE(P4ZWkylV{(I#!%L^E4meGXL4v8;yds%l?fv3gD2gghHG!}cQ((TWJ&|y)kD5A zyYbjFEBv?*k-qA1PTc(75q=|S;?#+rcp8p^UU;~H1^zIJ-bsfp4Yc$UcZp7S4fdDGOVciE>%CZF_`-^n za!rc+^ZJgMGr#Nhpm)NP1b(j7ToupUb#0k9AJ2EW>_ste6Tyo@7+h;r6>;Fc*o~AA zaizx}%0!kpPTG`A%@q%+s)0o_={5AP}OxkJ962OIH+!UCuBRR4_BAl+;^orm6b$f=#b%K=X84W-^C=7 zf92jg3`!!xv&)vBe`I1;kiFZIdc{AUd1qG$P&UY91|c6>x*h%sqr!vliP1Szf!D(_2o0vfxHApneK8yq(QEfQq9KPICX{|@ zS!F-ceQq${Q31NR{3@g7hLyrGxY$p(7B2QYDnodxsD@ zh89A-PsI1myz^n!{V=oEomu~nWVuY9^PKZ5d+*;q7Q+=!ZeJtn`Ir2AzTVT=B(@!| zOb5CG!NRNJKec?$eONwerA?K1@DtF}%BrHt961!qbN6-8=eZu4Dd%46`&L6+!uEPV zpJ-_+AuI3!(BJeA$hkP+8pFZM`Y4X+*)UFM0c>mq!TTNAafKA~N`IgSX?0mA%Clri zsdYQwGB1u&#o!S4#otY_vm>mfykP)91TIiFmayn+B&h<@=$WCYF&G+8{eS(v4ss2# z9jal5LGraOPeR?o@R->I%`iaTThAof29OMeOM#Bi?%QxWVAV_k9e`!WPaz?4LIMD~ z%Ewjied&!X7Fy*r&-_bgErsC{~ZmMBxr>lO`>9rD>eczJ|F!^_(tr8V!pLa^c2{M zRD3u&1u<~20fTPh1>jI{Xx`M1OF$ET&7EEJJ6_a!TkzaxbeDr)<^2l zTf%A6hz;3=03CN;T=JuMI8-5-B1!8OUS(ol5J)lQpOR`>%2cFeOz;{JCSA zgm^4l;)8?ag}FJjJ__U&Is76ha}yUhMN@JVy$SRftI?bdUdMa?9CF*x*Rx79MS&KG zIxo)<7P;sRQ*ds57VOWp&GD+(jMeM?;t(W){+TLw7dfJZf-KoE{*NMy%v_N$IyaTZ7LjY%SP49k5 zYU|U)g&dYihlfRmksZU|OlICh+~vn9RdBQ*I3K^|3X-TVOD9;sR_-g0fsmrmk*&DQOAkC6E5zdk7W(GwS!~hhSbqPz6@8f-w zQ@zGk!0>HOp&x2^a@bjIXjf`h!Quiqs_i~l|0)`Dl@V9Zg_(rJ-F-uQ`5U@b@m+9& zg*&(a_f>`ka&|43LE^FhMcvm?`-$zLuSchj`>Tf1KC^<}=qC$!$T!Nc=LgEvg=$rb zFQJwu#&wP)L@oc`vtCem%Olou$0^d3I?F3t>M=0Z>O?VA0>XPm&S#?1JTf`j^0y~Y zS@+R9>)j;azQp3RVFD zY&kuyolN3M#{uA!{^ms<a7tV`r@FcfvE3E zmc7bd!Y5jFHy^+$~WmN)&`sL=~q-cWCS_O2eD$e4-awOreceGClrT)#d1Z+pUq zLd<ux|&H0sI-d zOBj>oJ6#F=36;8O< zAQ2$?_qm+^J(rI}_6hKT2*9({py#tU?!I|)xr6D|0V4+@xd5dk%Ma535vu)1sP@01 zPz^Y(a(Dj;tG<54?dvQc?7XD*tiD0e$MzSjbY1ZY8oB$%8;HY0hx2cMV+JTaFRNQZ zN}!p-BYFv_CyQBP-Q<5JUuMa^H2ZQoB3ljMxJ)uJ+yoeByuh26$K{PFkkbH-C6L{< zmk0QW#V#wh;p9EQ@-<)!N0Ltk1>xg<$tU^CGDTGtDCKTx0##mdgw*5}e2dH4N5UEQ z%lcNiG?1gLyd53_4}wP|aC!a%!~Z|69{kTs`Oit=bNhemq{!S9^J7WkGl0rXRGAkL zpdDqLj+zqz1!iA{Bv`!CqTuNCSJHto&j7$5NVuO%A^VaNc9FgGoF!X3k1lY)>F2FR zO8}GQep!x3&GY&z&^M{(Dc>fuoWt(XtSVR+_aw*~%fJDy_UGxgs79J<-X0B~rifz& z&=X+v{pJeNC7uE*%LL4gFmxYZhcrca=gFUerOM*UJQc-n%EKlfE>W%fAw4d)R~xKe znwU#DuRO>D@X+!YAJ1J)Ko&)?a!tE?t1$g^rtfU!Gn@HwnVG zAipFtY%+emzSR!^6a&Lovr_M2q_A{bQ<;y$^OXC4yBoPRCLB!Rx60&TRdk*subZ#6 z1|rN1f11Tu%$)}4l+GwIP6`!t?rd09CN@=~8JHwYAH1J#XtnRO(J4`AvRhX@u-4g2 zwy1JQk=b3G+MVsznAYf}A4Ml4#@fNgOsc81+f<}0Qv0o_CqCv~E?YtTokRP{d&>uL zPmJ;b4mo)@*vX`0Zf~tA&ba&Ai%y>a(4ywu5KYCuqa(LM`t8YA8;pg>o6tk{RhDf( zm;lnU(O6!RqM){}N*7b}v&d3I}{T})qm8&^(^m6PG)Lm_aG^Ri; zL+8C>Nluh@36ribzXDCk|HO@)t&9l4vdj_n`XjJtoQM<)Z-S!JHyG?aN{mFixWh;82W;CkGh7e&Q{(# zxvI<&OHk$15bTe*gZn?^l@xj*+2{_}6O z&WA4wwPsQ}c(K<(fG!p6cR6PjpKz;z=~>G8hLd~1A*Jj~ZHmTw(?jBp3Ozs@Y;_RA zE3`J&+(yo_ChG-QB1PLl^V4~3?(&lDH(dc0-Z1%WUwN$FQ%TS(CE%=}(AAtTik)g$#S`P=rg72I=?ju$!`LvG_S9y`f4 zlv+P+PWHt7N+6ug1LVPQW|HPR#}RYTZP9r=*8=im-~v+0Cy-aM@%>uT9ppLz0fv{< z!xD(j3`4aHjVA;QyKz6SU-dVGyZqmMucR)w>h&fiZt&m@L)LUoXnS%m!=D)4 zgNvhfP4ZQK2M0F3x1ylcdgnz+K{+`YZHs_+2kE~{)6=qY)R}z8NeL=06@k%bdO1&l z(t{X>$p8llSxk(Q_nhphuYQkWqHPO62n#;140|WDa$>yPDO2Z88P~fMzQ<==rDd0l z3e8zxRE6I^uz4|cJ37j=Y^+o#zzJ{`e3u7W;xf(`n(^`l>Ao_yzps(W6-4q~uQ8l7 zLQq6}*EXl&OINAy&JV5^R4#sUOUI(`r=B$)ZWnks%2+(dDp&(>$V`6)Bl0)7&;A}3 z;AsOeGGE@;+Kqn7@IJCLHtcnY&Oy$ie@D6iw4(LBv`qeM9EEWnC8wAdeqWd+Yi!tq zY#GEnzACC6CC7xX?ndgC#$nb+OO@NN(|ns0F203YqOt<5*2$hJN@6y1D)T7A>XuHF zRdmX7WG}E9vy0AZB%PHQk-l{A_;AJ>HX?S}OT{_`SVH`*YZP%y78VuRD&3(K<<758C0(!7B zrBb^k7?c?ajY!aSb~<+Hzwy$D$n?5sy|c)-pY{_K`gT~1>9&w>FxNMNY7WS6 z!6o@+EdGu1m4bVGNLRgVU8L`TIQ^Ta59gf+J$2cO7<~U650&8`RLwn99&W* z5uNo>=jRs3@@e+)L##51_1GtrCcS(nfw&wZLh!}h(fkchox0{Kh_3y(sy!L=(@mkn zBsxF}j*#_&xJ2ywRsnWZ>rR8htAz=Q^tB%Xye_-ggSW9vK*b-7gLp&wwYzD;4}+Z0 z-&iW^Jv576eWx&-f>Bf7;(6l1GYN#+-&MS{{f!W*XTrs7^?I~q=Km7tS_8}j`P$2O z93}8c!JOQ7k!0a?IqCi@cB4lrPOA^qQbbpna{7u%HT_n5N?xgz zQ5dr8EIZ9}`iZTCt}fWis8F}TjdTC}I|s9tUY|qCIu*xyCFI192KvdDEc^UbmgSlT zA^gHNnp47-ulzBi4)y+0vR1Y|)_8P>%zT?vbJkS!PgC6BwT{4`S&x-_ z5eQ}!_uCb60%qr|gA> zN_(79OZ=4f?J5tnKPbZXD%YF>1&+NeMRqM*XOjVp4%BO%bP6&RSYOh0D`t}Rdu&7} zzHF|n%DK?+KI#=G+2A%A+UNf4r!N^<+|=Fm>noz&W42jeuKGV<>{r_uV=>~2p!zqu z)ArAR__@wp zxS~t}>@hf9Vz->0X!w%JE2g!tz78-pz{J=$+IMxlucRi);LyqhT@Nn~qh}LaFphA< ziS-baTzaqHuPUpMPLcS|fYx@jm zvm3jCy}C(?j6NOXxp7aVnT~vrC>yBZg`x?M>`&p+7eQBL&ORYZp>W4IhyAO{v0>Ve zd}`?mIs<=Z*+wrS9mRwDqI}%kh$oxx8)Ce$DEkqcRd? zXbDEqPi{epq9Wy_FpLlv6H!=T+D_u0o|hOQqqu97uBRLVdgx2S}e;N$p{rSgnk8?F3E zxU7+Ri-q4xcj}mh?<>Qb`*$ZW$$>0k8cz9gPi9^Hc>4s;jytV(D<`U?$QZ@%6VNu@ z?RKDYk6GE~sh8C}Za|F5-1$>&<7$=_x>Cw?coW2FYWal!zq|lIEDeJ;dC|?ax{x`x zpvUMlOL4g~X(i`WXnK4s#k>$uz=a1%-utNj7w(AZ2MahqTlJDiuw0j@o8QJm@@{>+ zLA`(Hri@C8uJZO|>H~s5j7b=ek8j6f-mjf!%ounQT6t#e@VbL6IVY`r#zGeHgvW0K zI{gm6hyCV}C-k$Uefn5&bcL{wQC%aUOWPFx;2+>-#9gVA{u!62dm-D}KW53!&4hYW z>cWon(jVC0gRdlm#@*jj^vq%250zod>DM z`(G?FbSTII8ScP!7v{Klg%u{yf~AKKy+Ah!)QrBoRH%5 z)An*zFxj2-367N(=`*7wW~{BA+b7olzTy&H)R@1qWVQcGdvRMaOqYF^7`Tb%%T<_c zyxYzc;J`LBK~qL3^b!}|gIog|{4GR^ooSoS_k)r-vNL&r7%J24d9vM9mKHnfOm8^U zw>Pb^l#k9~ga|bqU%!~lOmph55jZ#~I0yS=h;oR@k;KD{vvXke^V|TXJD~v736i{r^~< zW2JX|*9A4p~yQ?04>WDQ9kT=p^Pmf|IZ-Ri1Pd|iRohyFkn|uX`Ou0%K zBXDu}7cOcs)@>Yeh@=0G{Y3%ugohr5fTPXbL)jUX%OFG=Ol2#ugohLq0qSUEo%QyUi?PtI6G(&-Ol^h*d(6vb zcV`MCrcsX4CB?ejJQH@$E}iWo?MEjR0AqXk%98i}(PcL5kc#Mpx{%7Z!_uEZdeYEj zAfdIhah2T{7a*?}Cpv1=_DjD1k zYaj9ZL~X%czr7IG@+-4cTw-!+rjJE%-440t!G)befTAUy774ImwzwL3{55UrXz6KI zkN%S96)uqC{8kWIvzU_N;P;oXn@ytgT#I`=LC=6)v^|AAl8<3tJ!O{(ib_vT>&d`} zdjd7s)#&qc8b6g^3ZGCg=|7wFyFSnPY=Aw}nZwbaD7#WlYg*#{4#a7UVkH%8fk3M5 zhD6pelbW79C0qG0_)-eTWeSl3b3irvT@k#01_lo_8L~Pi#-O`#uAiFcT3iEmZLd9* z>;>#e)@o1OS8BHS3qp5bBdB0$|8s(^@dQ}AbhgK%i0&_At@!JHpZBI(!Q@~^)bhq^ z8ix_%;|)>!FTY~Nh@Y2V*LX8|>Ybc36aU9#5!3J=+`X}0XCUGaX;E_H$)vs1dvw(MH5)O|ALA1v79B=;gaAd%fya^-MN8Y#{CTh1JOmqp92R{t< ziIJ85@qJ(z`mxxaE&wPC5WbIC8x!Ui%__owE8+P-%V1QGgHPn}ti_b? z4JgL(;U&zWe(`Ikc(k{0?#%tidRn8Uc+a<#dqtcgZi*)_& z`Z)b;Y}2n7ca+4;xUp(e_G!jAAlwXoI0PQD74$E!30eWjO4%FQ4bg%xk2dhkCB0HAKNa3?iND|q7{@1XOBZi?WRNpgiu~=CU=bX(< zY4*HRkd2SW!KRIA+4q?r+5(F?pbw5d&gn|Ym$@g-Gx%{cfuV*4&3i+4_ki62E_0PH zJwlco>iH2n(Y|eT^&Hp$s4-tf;!&T^WR1kYndBalW1B;!aZo7`RyWOT`T=amh*yjk%MFu{|yH(8chvSQ;LSX9Li|DI>P6g{l2pbv?vHSsJWuedF_S*k07|E_sQ;xm zEB~zFiz^UXqh!f+SrFTU@Lu%P!QTr>DZb)@ez~D2b>|JUK{lYmKi*UM_ew@Db zlg1#UtGJUHjfK|z2yNlK+$T$)&1bETVF`LSjw4qroS4{Oa0;O<9QT$ zn~&|=40Gbv9Z`to?5AVQmYRFm?_Zn2!W($VT{3Ceu-ffu-jcFSv%GH-)Zq} z4O^8x7So61Hv-c_bB!02tC9oKnUr(DfREUEIW5ufW$-JecdiC}rfyxuwQY)Dc=d;4 z$lwel&>cZSWGks8spr$Ig|?eSDajgYtmbWS5(?wdO!L9@U^+TCvmq9d{wJU!K zx9)FmGQGPXOQ4Tv#ixsL3n`uoA;A@pbuy=e2X9jy)6+lC00pNVh5xDa``l87tTcOo zj|iJ^TA$1&Ip{rFh>`71%2?#2UE;)ty<$WL}9N~J}Rx9m}Dj3j~0o$T7e5=hn`5b3gP3mV- z(mnDh2kVOHu`Rwx7#p(~r;gY*H4g^{J}(2ko~XO5{fwK&?x0f2UVe^Mr#B2K@KUj~ z4=tlF$P(?L-9lEFTDz4+X{yZ$dRnZ0#0?!srBbP_bYM*o$ zRi-R+5|3fT`sn`Fk;_g{#Et^y@cS{7g!M?Ae6yUK#wDUAjiM|i!2e5iZ~bbK1K{({ ze`3)`lw=`5k*gO2D1V%ud>{=B7`^OkUu*E(0TCSIx~yZ0kLEyCqkcKm5jwQO479(u z%1Hrfplb(#G(JAZzcC&Yw_l34`T@LjVE7h0;9YUc;oqPEg9M3*2*AN#0Y-Fr9}=$; z;2ebhP6o>-+|2(Fpbor~eD#|qH-LXr^>4IrbAosSkjA_O#5={gv92B zl_==#7SSEo`b}D)PEJntvL9I$ZGD5YbTkB_#+JbIRSx1+Kr4?cQ9DlqssE~=6^0zM za?JjOJEJT+U}lqEyKL_@)bd&_`hI`Dz5;)mx4V+ZqfABP&(5izI0>$aV=q7YW0F$u zFPqd$1D1w=iL^x)@>*Yt@xmtMz}bsvS+#=U>LD4Mz6@#lBnmpCY*j99{`1AXPHayn zP2JX{ivM|)+-!3lShpGL&?-*!88RW~eEUHjz^xB|f8mX~Q#Ss5wQvz%Ztw2=!^`j+ zswVXH20;Uk6KweN!m4wHl4Gqkntts~$k33nF?VO@&{-1qb5oeldF6ZqP2lp20?Vz6 zB~#(|A`MUvM@Zwq$!Y`tm@+JeNihU8*TYo18`$! zn!#YM=D!v}&GwM5H5>aO0JWKkU(QTqs`7Wy>82bNZGbdDj_rBlz(_%?HL z*xmf1U`Q9kk))Cf+WrxKo#w%OoO}CZ^!`Y2CbGr^A_ZKJ#XL-L1VGs0BA)G-Ki-fI zJ6phVQEFdxC!s=H+lP>O< z4PQ4DP^0e8@C)L&8sr&{kBp3+1uxd|vjJu{gu_>ZsDAN12D1`VY6A*XvrEI46lDKh zLSUy;<9-lNWw}bG%tUqa3ZsxyG37BvgRkcsV{b1uBT; z%6&YLC1Aw5@$6E$h8Ucn&2N zCJ$ysPzeK>|LC$hI*`5pgAkC;n&4>l7NrL>HR&w<12=edyQtH@KXr&Y;n9XyHbWUR zx*Zw{OetzObyQ)Z=L>s$7Hk|tBIHU|y4G~med($2PGrt#yNc#a%f~3&vav0W7i;|F zg`tc^Gw{#Zgx~yT;}I6|Ocba%ov_FpI#cg=jq&V)SBz7j-my1_hilEQ6?5u*?*k?_ zN@5uEc)!^O8i*G?Klh;hQKTBMr(752$0z2YbciVr^D=&#=J@(aTJl7pC3ys;{^%L| zJB;_PAMHcy%<}rMRe$k;vA*!Ur;TeomY%L#{N9HYbH>h_caXQ#S43FCs0y}`a4&{? z4%;nHQ#{`^m!AZ$suVB(avS4%sdU(7Ec;`6I*6oGSB+*9q_1n2uKi*J@5hEOC z7T+)$!};B|HVCpiBR)6=WRQDdrn6#KbNfkV1uh2P`WlqTVc3}Ox>Y+ipi|tKNYW`9 z4o@~Omc`VOa;mNBDzWgngpM!qc^&f*_Nz^485ZE_y z_9Wh|fe>`y#)Zx7hYz14+ zenVEf795p{d8NUV)UyDUh86&f8`jdjS3BEamSE|#hCv;Di|-y+y_w*C-Ds7%X%Fom zxo%EbWWLn!vLW}vIZfPSI6le7+&`8 z$SlS-f%+Y1xL=U5c^=I;rDXt9ku}PYbk8_{_2cDauj+MTCR_LK#Yu&xSb>nPWTSe9 zsV4JIyGh;^Ioe13#kys3uGTM;7#y!!-Z#@~#$$|@FcktsnDdtwChH=^9)P{@8=Sl2 zkW6st$k5!!9H*Yzt;!eBW5G{3{i+C5WauP+tzF&=)5ttX8-Boc@mB@UN(=WHBbU{O zP5dAD(eNSfrw(}-QQO=l7P=;PYkr0-gVD2rW6y;!bMW$663;+NPUkAK<7mD+_uW1& zUn3$s?hPanvP#vHeFG!uKH%xtSLD7}h&e0KWtF-8Q?erHbA37hhn##qoi2HNWnGgy zaJ>E)UOXbR2OZ0jp{DFJQQs6gcNn^FYEcepi&>!WHuJNT<`N^JgpM-HW)$6Feygb= zmgY~PZb~E%5AGbKx%6t=H$$%*JS5fRJ6_sP-k+MgfWMygIyB*aUYO;x!%s{h$p-S5 z2#JYgPWH*`F4oBfX2ImJA6xsSD=3{#5zPY=RmnB!d#*c9!Zr32ZB4|yuPZ`2)Q*#) z_LQaVBFGrTkWJbuTbNH;TQ}@!rE4N{jV{^=02yoNh zXTEB`J&}}Vvpn|%D*nFq?XiLam!pQcWyq&FR8K)ybMLnsGB6s72%5amorWZ3DxO6n zARcswq?ZJR_$L)f89OjbGUXs($qJiC`$^-Erm^sD!5L*W$*0V**bI^PQ^{*a*tX{{ z8x_ru4gWUHIj|Io&ih0GkF(px{hzyQ@RO z6smKGaQc}CH63Ax#F&9*O)3cX$C^$INMW7r$vFmfaR7$~8CIoMAG`lFa!~sk`^O+* z(056{9^~}0A5^QLR!bG8K3S9MH{GN^=~uJ*V((i!r@F$Em64nmAK$vTzou)yfm%}$ zwuuPCd`ZjVY2!|FABB8z{S%?%*0URdpdx>17GG#TGLRF$WW%EL@)>#VhYfwMGRJh= zx6RfgX0P0of#D9ymhdi%@?D!}74hqzE0MuljxL(Rb*HQ3Dfc%~ZEiEkiEMLwvOT-z z3kJxfT4?3|sjl`TSXD@GN@0N75eF z_whZTD%)Ssor5Ew)>SnQGWWwr5<%_jsvDKy9Q z=}OeZo*^j=XlcBWUs&$l+5A|+haLpp04tbOmOYug3JbSYC z>04`qx_pDUdbLt1qzGnPBTjvxfN51NFW7lh=~p?IR&}|-Ko|6fdM(<&$^Nspwi>sF zcsqs$vf}HxTCkgx{@qZrI@_tm4Y;7)>+JS1U?FJcXH?{^KNh1XO4J>>KMFSPs_5l| z6-b0>*MHG|7C*-Un1|ltai`I8L;JeQZ;HuLdC=5;g$BlS5DC%&v&n$xD~<+ervhvQ z%W)ac~RjISLI7Hd0QVU^@${{H%@#N6~oD$JhQx5+ou zMXb{KQ(dXE0DuO{Xq65ECx`Gsubcw34qQ)qocSxN`LpG zuB`fWjS394r+gz4q^J&RCp;NyS^Lc+wo~?%E&Z#{j8bRYX#dz)X_EdJL|N%pOs7i$ z-c;Arh35zt=7PPVQs|3^o)87Z$JcgEU@dAZ{wpVAy$^psZB|aZ@}O*RRlIH*jPFM| z;kYzy-1I~j7Iueqsb}P4DCq!*Ui4Xp##kX=T4qM)jXxCx#_wnDmwX@`PA@!|+rT-t zo1D=)7lq}Uf(V}zmCmHM$4^Q_OuBV%LJ?wsZ0u+)Oncf?$YYx!-_bO|pW}Pdk%)a+@ zAC6Lz!hw6%9pg{RiT}p-T-BsRf76neEh|%0y5cn zM^cC)NsrPu6O+S!fKV3=z3a=%e0R#b*L-%G^RiG5>f^7sDf6a)6=H`x{$Ye^D=`m^ zx}(y?6&mbZO@8o0W(IxdI(?ZauvBvq+Oc}C>t{PPr`j6*SGx+#_;jgRTKi+8`}?bwd8Px~f}8gau4BT-Vl*hd>5NL$<*zYN;J3gh+E;GR0) z=Tw=akJaBTtnNb>2PG>K_QS_Qes7_54QHe5wtez?7H92us52B9p_PfcUq_otxuwTX zZZB1Kk*N8?BP~v5{~g79 zxan}7sYkn!KK|-t(mQiVrXrr2RMQ?H5^gd^^BE5VK6dl}+@-}ykBES}2seg3bl>B_ zn3~&4#fwcoiH=P=neD0l8|@66M{ZK}Dak-8VZ{A=xnjl%35|sN35q1h zTIZeXQQGkgX{%Q%)(3&)xNlvdT;<-ut+vF}y!+}K*>%*t0#vYI<-3s9K?f!y9)^lK zb1_r%`*r?qW<+6&Dj|ErMw*t#wuU#%=gkIGJ{lYHt&P7A>-4XZ&6)t{J*(8ms&Fs)Nl(HiO=@rG$xyNFS@; z9F>0<7khfTQ*(ES9NgLHNHs}6?JaNYMDXrdAZz~sbWTD3f%UV_%;uk99~h^kn0V8P za&tgnfZ2U?tX4=}MDrvB;wV1EBgs0!^{POT+H19Mdl%;2917c4$gffoPpD9i52BRz zykIQzil)wjer)PIU^Ezu7WMgTc@enN6{|rEet!_PL~s+e0O%_R)W-59O``=m0JqVT zcIEN7-JAs};mzg9cM}dqmycc|7TUC%t9OR==JF0EDZ1Bj8~RjT9XL>?*i7Xdeo+T^2p?gLMQd5a(Mj!0ow8})2Jch<=Gl`Ybz zMu&Hjr>|g%_cYC@NPEaW(L-h~3E_FLvQk1~Q1#DhtyEC3a{F01@IPorZz`BsuyDA8 zzX7Rf!{>at^KCPR_+6XUe2K1lJkMkL2xq~WoH*xOIsUi#5`HC#X~rfC9flSO=@O|q zx!WFdcm8`kra#Ms0+9puG7zVupD3TQj%B44DD|{Ad(Hyh0X>`2s$KKgY|@sL#|h~$M?2Iaw&V-zL^G$(&ob&xd}uPcgLSzB z+n3v<=EmVUBUR48!7+9z^;W}4+(|e35__a?jN(gR>ym|hN1H3Z1!~ADwF|~9JY)#> zX$2HAnXwF#^3H9acK}DoTM%0p4TiWg9mfuH6>{QmN|5ZLoUBj&@>|UGO2){JcaG`} za%4Jd<%x=H@7Je5u1t{s7?t!*u^D(I5MjpdDZ~Ha5Y}2`2Z4KE#qws`vEO)I9+>|YnC@7URFJMgycqLo=+bHAiO-ML( z-8EC>cSxJMm7BV^WQ;Gez2-MC0H_$lZViwOzf=BVIzk&2^0-@8Zr~`3+X^O;d}ue9 z+0T7z+Y!k@_-NOiY6aVNru(&K&R)6J)YjZAkSfZg^di^bx1R`ik5n?>&pvj3{=Cf^ z-eRhqhq`^FCoWfSPZstb&C!17ArqR2U=>b{N-ASGNJo$gr=E(-MN_9R9IZMp1c;=@ zw+DG#L{VpL^XNBqJ12U_xRHShMQLsPNB;r^lU40i?!SPt!k`m%)t8MSrSoa-A0n@X zIB&xw+871c{1%?8IfZ>pL0Z_PjG|c2%C*i{@x;&D zv}SwR-kO`Kkv}>IOlXgI1zr;w9P1JpE$%6LYO{0X%vAuqXzJNjs0!eDu`HhJ!&Edu z1(YRIfC5A>yDKnu7MP8gu={lKh1P2F-mqHaF7Fz(^X0&qJMysP!VTp#B|BF zFtrAd0e`vSERMEXI<3!^Iai@cDLLP0Xiy(X$V;w?PkLmv^=Y_$*!_I4z)~q;pD9Xk zm6~$uM`-x>g>&mS1&oqA5{b&6w5ICQ^&ogi5o2l|J<&`t`7PzoS>D__%PPqf5UQC6 z-!M+aM&)=&szW-9fXZIxYg4`zrUfgu6}$0-^0Xx;XX0|6BM%_l$o;^1oi>DsM~sBO zD$$*V6Q4eANK2FZ0t=qw%}{-~u|p8t9RbdZh}$Kbyirc}mw`h*6cIdOO) z`sa&^8yNzw0DxRO0dD9`^c=+wt zB@lvux1AU2W2b@;riW+SqEDYKJ(poKOxK4FKPcihpOU@QSvlhU<}|-dV`92HFsziX z-@VYM&$nY6!7mgyG;4RW6a;rx67 zPq>f89K2F~d=RGl#;f2OfRyl?Hu^nVxWmM~>#$h3!5|ktl%rjuNm+3`BAtGlEMDV* z;r$?fS86cfv_WktbPIv+wZHj__R4uFr@KmhrHilWH*eQnX^@lGbA<>L=O5p89UmFD z07`HjiW6hrR(mAxy7Aj)`@$g@>-UWTq}p;_(_LWHAM)30|G=Urk1549pic^)uB2uk(%;xfoBz{koVf`39{wpLSWdCklmNh#Wj z>=Aaua%tr28Dd$3H-bVbL3h@N%cxzq`a4)B8&2wTw~^DVgR%#5_Qelaeme^sGpYdk z<;E_QeI@H&uLV;){LkR|u5l zfeALaS@L+)CT{(>XiYQrK~dH}$M7xK+VREE&YKY>F1|!U0+odMVv(x=O%|^AEsz2u%jXxO!u;pT7^*cS$cRZMcVpt^3U8 zE)bhr(19)%ct_I2!UpJFttsvGMF($H#5>mO4gBVL=1C7dsZZQor7wR+vPBcfB1R!; zKP3`>9khB49dMMW7Y&E-J|#MkN#YK#lH>obkEAYZ6@7o-=-yP-W6y^C;k@^|JNDC@ z>9x?wgI6Y?s`)ng1Q?}!o`>)QNDSlM+TXgjO60_OC7psp%I5Csb~ybh2#yl)L5%13 z;U^zoLp_q@iEgv_>c@Rt@iGxLk{R?dXUJjHj*6$^D;I~6mUpP$HEX?}$XOa5*Rimw z$Kt>6xgU+MF#kQ&z^y_GU=on!Om{IwrukZidgM=0&__l4>4qn13-vE0s+^X8tCJmW ztJk!-Ib+O#bDpw*XV_@P({$19QO~l6_U6BWF96?~PE`$(rR61LJD}7WEHPJj#{6g- zwDxtGIy5$NUj7=3B{>IrDk|*O#TNtg8ti?>j<3+VBB_qt!QrtKOaJCoL|y9=_V^wb!`-V+Fh+bwY^;&dSv3< z1JCVe^Xg^3-MiCx!??@7$w-z&8irA_>u-M&NQzQKtvK#3wvUvxS#ozIjN}Y>3SFFz z?P167(Mi&ht$B-~_LNYl;|wD>r{s^_A1awC1ut@Scp9DTj4N~O@*((9 zUQ0&{L71`(yk@%x9rc!r=ja5DG8vJ(DRHt6V}>OKEuGu_9wlB3Q|`_kQ)^4k;HB>y z?mM%}n3;OfvtO*8LroK`ZvGv8;}B$KbjV&#{j*!WC}&TLmqHJ7JQ+|q6Lh_6y-P1V zMYopUD=0?yyotqX>#Ni$VC^P!##P0wQgRE$hPG?p1Zq1`scYIpRcT#r@locz2-UPejG zot1?S5rRqcUSPwK=;h<_E)RP@nqNB?9i4*}C$Xhv{0+4&K~fAihjM}5AcB4{Ga(e!}F#_iAbHu#G>=_{a-=luh>ER>3Y2io|}M0y9Z{ zmet??eIazvxm$!?gnYB--gMvObs z*^kA>vgwAcqB>sG_T@uk&MN!CeDdD+8T|d#{t`ity>wy1jQ~KDlc% z^{BzYgD3u*O;-Nrstbd-&43Z1&l>QEs`CN2+Mkd&ipl<2+EGCtVzxBy#fGx`u2=Z$ z2@i?*Z)X@F5PqvcYaDwB)6tZ3cssozUw|L&%Lz8@;{smVY0h_-Mpy7z771&S&&y+P)DnM@XD&D}Y-#QP`n zY;kD~eQ^XC;hQ?JX~BT!_MWVvWKLg*x-XP9*PRQ>_#Zf5>>m}!HOkO1NB>Ekkf58X z*n3In!utZHA^y5^f|H0CdcU9BSx9as5O{}Nz&mVgdu=%|pd^`2|ABuwJ$2wt6yj$T zV=8*|@co6~>ooc5g++OAMb0C-Z(z)}3K`OnyW+$-9J~qlkwF|xK!f(2{D|A8_9$JJ ztPWG{cP`vqJMG3Sb`k9;;3!YVBJ1s7Nq#4YcE0f{PfVYoC(UXDwjP@@zJ;~5qw+Z$ zY!te3T*UlqkwMsJyP;0b2a=3vH#8-GnljDaP8cip`yVm}nf;KuNc)S4 zqa6u;B&fc9Y6F1^Sv~Wlv6Oni<>t?a4g+0FmpU6<=MC1~Njx&C379Tn;KySYvqQ;~W$1I%dHV?-j7fh~ggsFWiu__*`yjo?C2WZDT$pxGgU6BdWg;B{&^0Li)dtcn42_;(r|)9r6nGH?ba+|k(hQ(!A}ns8+!h$2v>fD7SD;6M zOVSvbCOfP?bCIExTS(!;Qis(S-UxYL1e&J7(KBiB;xmgkxcCVwH~_B^lUaKxM}Ub% ztubuoV#ZfuDh><08^adf1RiV82{cUr94PLIopY2N8i2?ATSm3sRAAxo0f+h(U5^Hb z>7X$8)^P=f`2qz4uf9H`{zF2RuD~GD0>%;7W=9Tz87xt$eQYbDConYXu|~C~O^@hO z1DfWTFhxc-RjyUFs0$cGp)5}_MAMoD6bv{a)u{r!Ivox0(EuM!;iE;$Xpu5nhL2X7 z16yf+_;XVH@@n(EC5yky`b9^VmsqlctNy76wq{?yd{R8#EC1$JZQF`3`@&N1Oe*|q zw?nl@4;X2=S_YTiH{UMd^quWc&Lp+quI|hxPJs-~f@g1jmOOm4bj$a1wl5#pmM^!h zF59ki{06Y8^1|)Gsi~`9{yDvViTCvNOaA`;w#+%-`iAe@rA~kCG*();1KSwp;u3Ga zADn&uhBk*lL{kIX3!yMaUSMlVS>XTHUsqlluZ~@CS7dDfu$iRep-@(Tul`BE_uVi4 z+C^OOT`B@)}42Xg`*~)>H4~Of8a$IUiWuZ7{>0cdRx7F z#(ZF#Ixv@rg^8=e1Q7Zh5;%cD=N-Xn ziewmEnL#(u|2k{*yfEwoI$Vgw#9{gdt}G&dWoV} z;MO294(I@#vw6cV4K)9Om3RwWV2C}WwW1N5sgXeEq$idJqJ|5^=xGWI7IH1rY)BKlz%aM(jrnvBXXGJ&e4b*jYz>4`xt+rH4@G=J;7Q?e^D=Zd+Te-r=!y^MVGzx z;+NaI{uN8v-4n;xN_;$X^YhC?N4+!O&#k_6u=<@}^|v?sM5mYXVk^(B#C8-t&9eIc zN&Drcr`nmoN%of)Zu5oBJ*%7D;3obZ(hdksPcXoySxjGGxBYwjq7}b(AJ30uHfdQO zyMLZu%#JDhN^Y3p<|Nj2IY_0XH`jTh5xee#M zpT5FYBMID?39O&b?b!nw5JFeb*axf-t)q07Vr?!M1MBCxm6fKL`WTsHIWro{wnTVg zZ7!q(>u2lFpRzFQ1Da$dbb;Y*#>OdFn+xZF&MANP^eVbLK`tm!S-^PfVv^=mZ2p)F zbk4gor&nXET3>iLFmG9WG)N1ZKdgl>Fx;IvJsdcWga~7(4HqUhuw}S+FAc%wk1{o2 nbHP}DJ+OI(;h+V|jsKZB*ql$Ib+;^cifXPl5DcqUS+Pi=6u$(=H#WOx-vB-6D0uw0rmZR zceDuz$oUBf2+JwRfM3kg|V9GI$h_? zPl?Gs5-NV{X5fCDI5NUbpc07d-Pn;*(8ba-#1yjQj_vyy!p;*BycYe!csrPb)`gS6 z>y5&-Uh=0GiDrkRH?4RtD2l&UB)_C#;2irQF7Kvdw-L_m-1q9&ON1N)dw$**2*$cK zdw9=0z9l^tbqW3;_#6*`6xnNHl1KGtT!>~ad3)38$uO4^560b^AdF91kLWH49O=CX z>z%iuhDjCG-==xP{kY~Z_t?hn$g{muZ>QISoKKBE>V-}#t*e)a&7+Jk+t<>WjQuzA zj1>cf&gN~>5Imsg<2*NXkdv$MDR`e)^-Iz1fO}US>wK~JI=;XiA;YP2?(?(L22@f? zZ+lhxUYT%cKmTm+P!z54DtvKXRWdG}(Wp6Yw>$qUM1Sszi|7s{OsOsa2cc{|)&4q{ zz81Q{@^zcoIUEmtg8PaMF z64=vo!>6yGeN22`#m0o|FmvS;u^$Jyp#q7q=-Z>S?f$abd#}iYziHgN{PE&NhH)ex z5vk^pw?bY(?bELMiJOS-1FK00D;fb@Vfovs>~H*&hoR4 zYOl|?H*8v+fAVanS@f)pAM*`IaDA<0RGJ*qqpC*eGmvo@*Cj_?6EV6fi$^y3)mzD@k$IAnwWIe2FG z!w8Xsya$tXWKt`QrTf!h)@Doz)yP?T+Je+JfBT%k%4)elmyfLNw43WxW_Ly4O#Z+&y;v+f9ku$FJT~IK%hH$e%l@+R<>#cz255| z)9p|3^mu4uVnWf(>P-N_GBa(J_ohL-tluQ2oWRMtN`Xg6v(stl8Nno(l#?X zi}@YLMyfq1#~I4IK^I>WXg7Mjx4B{5>vEk@mE2X~1~;k7CtlbE2NI)38W{63vHQ2{ zH)+(No8Qh=ldUvv573xC6~ho_bdr7 zW6Z5USM{HXH3l9~4u`luVt2aS(`Z;tW!!w$>#|@Y*ObV*(%wTqa?@~$X@fO#FNULF z1+Mq!5>M5WuvwhG6n;HkQ(4{5-t}dWB9K!yy^TR z-LBjo*RIhnd)_2Wpf&EC;#uu1?O4r9Z6RxXLNnK*eNH2$d~W!7`-E?KV3LM>voyX|4bToTV0s58(*kcFpCz^giBz8^ zv=p@Do4%5ce)_~5(kSvpoLg)J-1n%@DhIM)@&576R#?;83kzmC%ds2YUB+|g=H%ww z=h|*rKfC$t&a(?Nd5mt}ebVWl?%uk4IsII^>|Nw5Ii|8#iV?1_;uw*PlOmtg5>@Xe zsEUu8yL`=Xg?%z__!RW%>a$(ydT`hWsrb+F>LTbzKA*}_UE}=Ys@9dCm!BJEOAg3< zkwN)o?rUw*P=zQx4Q_dq*?J>6s85b*wi@LW}rv`X>9Q z`d8ph$ZHipHeU&S5Skx(N4e56a@wa&MLj1vJ9;FyX)#R%vpmc1Y`Quw_56B^%?r1C zv#*&2MHwPhpehxe&r-WmwG_ichN=A}yR1PNm{qenE$%yJ@xxN>&~}d#eu^`cff{o0 zs45{kp|P+DnFC%G~|8l2zS_D1(EdL9>-5^febsor42xvc!+t^@1(m&uNl)rQdq zfv5DZ*FOA~Ixxwv4iqGM{FNa`$w~g^7!|Uc7h(y5RiG<}=+|o|g$HLb>PSD9iou zS5d~y``0^o9t)+6s3Eqk)xXWY}q z=-kh}pNrClw}nKSh*ipVixl3(9^Aw^>wHdPg$T=e9=E2~m-G#kb(=_o}r=E^ROfFvxaq^%^Jd^LNVIE9r;c)HJ@f^3Lh1{ng@9 z&Qb~MhR&Dmqsapa35js7sKmHrPt81`?lhs$t%t+e~We9p__$3f& zz0w(+XKrl9k!C*I;F^6F^fV|eXg50g+G#yOGaJqb(mQ8jtZbW z&aDN(L8g9|^^=DYRBNPfNd>6T3`K@}nRh@gMS~UP1zQ7`Kc%_K(;n9x&QG+)ha1Iu z35>$tRqNJn9h5d&Nyjb;2pJzeY0aUp;4|b?(XTfYvlto`jw+4F&&`j?M|GrkEFnh< z3~T2G9(kfTvl0@TC6M}Kda>Y3jyxk9 zkL|w>4>Z66bH}Vp3*Auj*soZy^mh+Y18)O8tSGuBgQ-wo-*fo^%H7uU%gO;$+=p)8 z_r4EygAg5v-axhE?SuL+{%W{UoP9tU9*idZ41N1B!@~}2kW^h%D3@8k{q4&$HR=Fr zavEycay)EyDvUEkIhG}pEy=Td7c^C}a@Wvue!XBi>ccfrwB(JsmZ7=+ZUHV%jburB z4@`?~&!VNxVK0l^lJCwp$(@?oP1AXMAurRLYw-D1@`rT~?Sy>H3L0iyb5q^#EcJIn z|~AVJKyg zO==Cq;A>Vgn>#0uC=ZryBi|S87;G3I0)>3QhdwywC`@;%u-sJs zHv#b8$xhW_c`G0^^xdjX>$IL#6PbI%Yl0Y zw{#Tm-v_>REM2Uu99^G4+=im?7~qFfPWKF52?#D+J$Vz}*S@j_)Q_~)1-XILRHZB- zU_pz=kVjU6USOw_dI)5^q<~AXm74{J7udnkRmw~D@*gFnfa{Z=g)VdaQN+z&_A*FK zlS2{WV#OgQC@OgUvK%D`2ZxNyV{0kxJ9mFP4*Vs1`H7pGla!ECc&r-&fL#YX6c zq@<+Kbzvc4VF93ofUCEon}wHvqbuj1mHe#dj+LvWi>;HJEyR)Iq+W|h5O+7(%a>0Y z`t|y=pH^PB|7pq5^~bP)0ScYm5xOCGUFcWcz@suJze;J^dRaMu?%09>nE`Fc-MA?t zF7w9&|J$wqH2LSFdahP3iV!gHq?_D-r2gaKzux?x5B|}n;eXl`{qH9Ka_7gBGD0Uq z|BER8l=C0I0)m#Klo9$hX>ybVLYij4JhIr{(a;6H0WJIEH3ocg1Mib>;B7vl&)FnG zK%hWy|IRI4FT!Q?sXF>;_O^Aiv6##EDPkPX8ip<38AWnarc&@+x@tsW#q)sb>~YS! z%;)#6`0iu|r>TWMQTo~uSl`SdGT&3PtLoW|EbUtuz41?-I|Fi|{@ZZ^{Z>dlbp~{SNmlyqKebDwQuMcdKY5;8 zl#r{r{S7{x#5$o<%|E+E(L!L+22U@kCA=sBcb4@ib!VV{HJ!I zSCRjuAQb065J0U``^zlQGavU#S}3C~SHj4Al!fv`~o^Ec=?NVl)KK2i25Xq3IsN9g_-8 z%EX;qW;_*w# z?NDrRWC`(3zKxj2*bQw~X9qu_xw%b&b0dXTNC6S+wKx%6Z#Dk_2Ld+ z(xFy$FRra=9^Vq*%gt7toT0sPieK^NBa^-13{UX%=ZKe5D(|>0xL7<@zgHaJua%EF z+FfJ$n}thh_7Ox9%QoGv7Fh*%M6`?Y+uVBRMtqK_GiXor`)FHQ$^{fp_rsZs7-W7@ z*FeyX__BUFFmQ(6Qx9}}zGDlmi((@18$1dqTj zefzq5x{$Z8wLwho#x*(>Thmf=4tuuJqC$FhERKp z!uaKd0!&L=th)|BSqB_HTioA4fo-H$s-F#wxig@Adu1;h6n^wxiP{9u(UvXy&Zn@c zNGcYttdMk3#&1`vL?k(c3sl}S+zpFq7{kaLkPjQ=KOA}xCx{gsC<)k^MT!Sb-R3jN zdxtG`rOwxZ#|}*vn|_nE5E69o&GcU%l7Q;reJ5?&SiHT=<4qSf?CP_8xE9=+eb;goYp~5C7HGyX_q`w%C9uhJHEX8;Y*7a3R6qiPy=WO>xFID~Iru8BPMtIDnkhyt5|rSn&+#a(lHHTL&0yCF@GVb6v3+FZT(L>MQ<>@tqMYjwH4e6x zE!3FUnL%@ig{iG^mi5DMV75!}^x)+V@i>xLD?6IbhT|g?oA>f5=EE6Ho%e5zX$l%r zWH-!(a2rcJj8yy$@lxp836Jb<*V}J&l?d$;!i`3qmD%Gd%Cy1xvy^7V@I`%zg$}SZ zX)0nB(MiqJT)E_-OzXQCgCxqoOYPr8?XXh48<4Qq<9n@nCarNJgvMZ$5Vy(z5;I>r z!@RW@y;2$xh^Gf-Gf-k49Ky@3!d(khvT0WGe^}2$_*_b;c%e|axjf?I$3HO4snNfHlgBnBaMPG$HoKKYmZzy zlXgc&4378xniC%!G%cShu3HHC=o5HiD*apCfr+dxRylUY)I?Sotk&-=GMHT}eo!}D z;WIN8QP8basM^5A{d?bko)mhS6?8PUMP%>hFu*d^`@BSGBvM*eW6y?nEb8a4RLo3t;JrLT?hD1&9nvRB1AlG$jDivaB+^$lY zh(?*T;|fzHZ;2}5n!o?SSgrdKU8jq0nyDokvhs*aLQ<~H+Tv5+G@iW_zPf7ZI@i-# zf(V2*71<Z6$j8^X8rc(DY zzy4~q5q!d&k{X{0BktVgdR3-w0;$xHrwy@cht6(VnpP$w*lCi?h6Cj$T>aT(9UDf~ z<@fJE-ncKVkbFHRi+vf)ldQ@jVI57}d9(OFtLZp0^Z1>a*CPE=fQHaOuZ@%vB7)t2 z@0JdQ`mH~q*Z;xVbD&7W9-HTy8Zhl_rXEF&;n+!igK`b}2cD6WjfZQSk8YHDWL;t( z;9>I7ZT^0s5n_yRU6}Yf>m%JT zItuM>3Q9%W4V4?Z&XHBBY~OAkm6Ko2ZRsl{JqyZf%kU}8((&*JX;E7dGaiA?W-^$X zD<=1No9q#*1jiSmDm3QL6QgnrzP*O}qo*P((m04ZtBddNRxA1(&CSyU;4+wtr59W++coW}br;8?R+pD}28dRN!aHJkNB3^@ zj_MofsTNRC@grg|hWd~cM4?Bw30B%>r5loz`m{NOe&}^=8=L!cocOlS;aao?dLE*l zIMYM5FqGX!7b*SO!(|SuE17e2v~s4}C)tsj&yvY*NXU9H zE6AtKwB$A^%C}fnb@LU*b*^rkX}1a^S-t%R#tHg5C%OM7kd*Dse`nnS3Ezb#A?LytZ5sw$AmQKbOFCuNyP z+=_Hx9v6TWtNxkwVr9&ngj0S*Lz3_y70AkmJr4Kwr~_||sd zzSo2%X4qn>F5n+?C3_d)@w<~yDIMzVvD_trtZ!elcNQ;y?>wf8sW@8Tq$wlxU(uKtoa;`3aHXIx!;CMDXCOb5#V#rVRc004XSKgp z)CsZaDz`2SYVaHk_j*M~f*iN9!HR30cjSFFly30gW~y_sG(-Y_TI=`w@h|$&M|2>{ z>N_vbc_0fVMh&x*&aDYjLNn(g1`ppHr73)mnOCl!pEX;Nh4=^4wfL`R?tb+jA7qPN ztviN_uwWygwW6n&jfx{_&<#P=Tp@CFBc{z+b}uxGUwK<4qW#*?05H+oRE}g7>l(xf z7UUqGOzZS?^!pA@cHZE>D7D-dB3^Bl0^`N5;CxYQT0$hlnUn+HY4}4UFWMq}cBz+* z$PSEk=t%=93I1?Jb|^h}d5OSPz2kM;5wyGgGg(WOIKh|&`ektbB^BRsBM|W_m`7RDRUr#lK$jS9#Z5Imp0pZSeMNP#EtDA?) zi95_}9_cvy?&O6+@;3GW%#d>Qj3}Q<8a7z>rpm2G&Pml9(P#Vyb7>D>Fk1N~o?Xv1 ztjB3ietVZ-3&WlBhje;4>5!Qrl#XuWFC~fmdex#nkh=qzq}sKK&2#XL$J#CO_W`up zzgHw~ULr$gP}Ya+9$INk>kUUpVFa_p0fW)BWn^jn?qmW;|2$DAUoqm-1pZrk%Z;UW zRte7vYn$W?pt->HvFBCGA&yo14B(B|FpE!PO7qf}zPV3bGB?lWF*SBoG&n(-&r=^;q*bT;n?WnI_j z2Pziiv1rGI#{vlwo9x;Po3niSV=%2=)Iv$|SZ~AOxmvZ6rXWgw5qC9AqOiM(9PaQ5 zuyG@{a7gW}EYxn@+H~2!$`BtCmHB)A?lqQ3NeXtpsQwF*;ovBZP1!8qCQm=$F-T&w zlaOCU8~817cN*~JK00w5Mw}*AHlwinhcSVm07D#XALEc41EB)?zYNWHMYo=a?vYlH|;vH zO1FHDX~7BAXtbK*z#oI(MZ3e3TprOKUz+u*cN-NRxZa8(Ofu?s$^u9k zDhF-NKP*a;>a}8(ZC$ptz38k7G*B*^IY$=7A=eL2;E?sT$Ue7k~00w1GH*j>YQCn7Q$a26;5V1xC zuWueYQhJkY=4&aDu(l%&-F?1KBJN~5?uIiF_ZVM-w$7*cMxtG&-B(Ig$rPP?ExZ8^ zWh`S?jv}$silL%>si=k*)^+@S|Ar6>>$$rnRC<%B)2(>vIx)2cDr3C_YPr#%+1n9b zTrH)%Py`lTwLE{{Px3{%dFK*vFm^Hx0O0TX9jm=!LU}sy)k=>c; zQ!uef@(AM*MGv0SpRch=vOvSp@9kp%-sN2r~AWy?9oVKtDHmN*qPJ5OEECm0Zfs3>|4O6OLhqC_K4><%bkVS$NLPy0BA+p zvLM~x-!g?-frN%1#8j60IySV59bPrWGmDK(~ z?{ZmhLur)!v5cFX*{UqVuK_RgLme ztB&eUl<7dbT;kz<^8{3_hsV4(6~CM5A>ieQ*WS|sTYY)rd|_75j_;N;^UUe}1tIV4 z*wae_u}I&;ZCpxda0+}V&(>0zdJ_`sbp)_B%g|69m+4YFAr4t~i&p+UD9bbtGc+$G zjfFi!i2G#Nj!eKxAI%nf9NOB``^2Fk){Z zTBERg2uT*ppiA4SY7#9KuWB5}WbFxfAVR)wEyJv?Kvx~d!zCe{b%(BRYdlWW+sgr= z z-X&I2Fx`>#X;neaWEKaUWV7wHI7!#}(Zz0~Q8RVWlu!Z_C;;GOJS`wZJChb9JuagF{`yb}IFZe|l0^D3a@A`Xy&B4jEE*fS}3FDP+^`xsm0U_g$d-+7_ zk3SVHdp*O~J$_lmyGd6ibss1Cx-G^uJXgW2Hjb$UmKWve;w_{w(V09 zwV?rGz{4VZlc>|WJKmnDW2aaCne6*~hq4O9?&o|cc>DWDPUiUqFz)ENb7lAN@pI&n zM22*>1F-XARR+K*Yzn$GSY*{Ji+}tvE_1$b^HZpryz-ID3CtYLPQjS9{LPN5^ufuF zOHFUgbyrIKu)VFoc(n8-Z#_WF+7Df`S-k~@`B&Igh7V9JqZmcNL+pW9CZZ3o3_vq? zBmmp*F@W{Fx;lmpHn2yU6nGSV5J#Qzo9n{eP%c(lRRc5@gQuJH?k%cG%{S2dt~KR| z@ZYJd^;Q6+ueXA)Vr;SfgwDCu+<~OSQDY4C-+snsa?<@^(XHb0-O92{Mn*U6ShJ zC~hpZoOj%r%kU)1hE3B972;>X1#d*&tpZ#Z7V9}#mCAWHq^GKSNS_|O(ekaYC$B(j znhskv89+M-4@CGUE|nC;@R*DVHf%jYb_6_iZVoE$XhyQ9Fw6POauPgmnm zgNu`7vDrSUY^w4%5jXLf97HPJDWiwqI~~TVL=NHV`^J}^`xNY}1Q4kV4WzjnB?yCS z8#-iC42pEyll|>r0G%7r2Ts|W6dA_7fu=6G80BbguAm&nsVA3&;weJv4w{>456NQl zjOK+x-NJnE^+$6pjae2a=w#{ovpS+qn4~5#*Ee6SJYAmMAu_IpDeuv9wiEg8L z0mvK)qBfpGFMbd6WH*brP(uPXSm|sQohPD$v;swGVug~vmU@dUc_?PPiCZ!M9_mx7 zot%bTRf#RniioO+G^i2@j-asO@f_{1vsjXq9h39;!Gb zRcsv4u2iXkMySeOz|YQPagE?*YjF%Uy&}#gp^P*1AdGpD$DBsuJJG;L8-x&}%rM!( zB}e%51kPpr{Po8QX3`m-Zb7R~vuAqS`I5)(n>pB-=SqFAyQXKBRir}AP&jF_IN_9P zsnx$)!bQH*d6ww7EcW>FZ%=Dq%MvLG!UoqejHEY_;Q6hzf`{%#Cno{psb}%7{8`^k zY8~R4?*xch*+p7h^USG7pvPv(qz_&+FJ~Hst=Ty{?OyiW7o5k)+^SfJ3&z$6TwJKxB$ZsKvA zx*^Qz4cg1z6X(-WZY&`W>@QbX;@V}c5E53r7q#&g7AD5fObpVgzBh`|exM;?YKH}Y z2zr(7vmGn$ext1dg<8#I7lw^WM&q+bStaIKiVWO8`vX$Vpaa?6n>~t>wV-5dE@JjC zIw4a~kSddf@hqk>_YKsv`-7Kh_FBz}CuE}={>lmOlgC$Nuk8+?p20I+F0WS)NvSH} z@2rqXo|PWphbSH{@shVat5lSKLxTuvEL_5H0j?$_Z53*bLdIXisW+g{Sua-x%`fiCQ z=gz_B!o;Cg?LwuqwWhEIE*vI-N8Dyb#;D3M$yTuQZm4Ma2l#TL-xu44;hMt3Z3&~2 zN5Lp6L#TI+ixrr5{=&F*?6n)nvjT8Q0xqu@@Z}>H1WcEcTWN;!;Sw~< z3o8o|Wl1*8D8*g6rgi+>9BIj(%-p>NJ8^n0AG zKmh&D0R%I!$SL()vL_Wi#EMDGuykxEuSlTIM$mLSk24kRef2<&Jj}L9Ymkxk`Y6qn z8pzoDdrbO2Y7}=Ie-fJFRBBuFAh7>Ti-bvFA@gnh5f_z&r7rOPtb|UX!D=WrYA7F{ z@DPCcV|=~Tw0}#50YNLqK)^(JCs(`oyy#b%JC+KIQ8rX6lH^?Kp1=;Zf{4xQqEU%`2x zg0K{(Hscu*afcCeVlvv2`OmK^fODD|@57T#pHxM|S9Ph>65y!paxZrDcN6#rGUd(# zVsVtVqo=FGGoA)@N^l|Uf%BTGl)$6b3&*7``qHlY`bEa=l|{y*9+QQYtYhEIQIN@6 z{XE^=%ifVJqQ74@6dY%io;C`HT|oWbX#Hu;6bgVol(=X!{#|7!Mem&DfW1m|LOsRhhw`jZlYe`>geSHYZ-k1OWVZ_V$Ik(>ttez+exg#Q-H z{c?R^krQ@Wga7r& zztfqg|ALy|+2DV1;qM$b0nxvp=6ACB7u5XL2>%Oe{slF^jP1XB9>i4w2`;GE*$%_S zubGs%*Dh#zaJ8{F2uLOHrZ@wdBW$tzbszx^qTj= zMtTM2Mh1CLu0DA8B`-aLI!=$Bocx)>8+w4AD`jUT{}o_8aA`ksuNTJu4@0#_f~v-&PB{6 znc}f2K&x$jUMBn%t;?YX1tL%#8zg109n3Li94W}~{=cxeh>e2cQmvcY+q|ndM=f@?FFCDDW8F9enp=vkF z&*RI!pZ+gq7wSa<SvV%M244O zezTBDOw>@NUa$Z-p^(q2^@j7A{}ceO6vR&zIE|?_NMp0Y)Zw`gE>$HwX|@`O`BcK8 zxkU=lutzpu7=O9L*4yU&->+7FVw}kF5zF?pTKwAjJ@MwLUz2$vCJuE%YHIjioRxk@ z{9Vg7464=8eWvzFv(mL`Y6_0m;Q(JKc(dU4FL80-gt9XTdU#fDMxvyfo1~_j{%7D7 z5mBJ@^rs%PtunYnTv8tSF#Q(Qm=mc$&(Rs~31G~vxXsz+pMrv3=KLn+K?UzOdE9tY z^RGP{;U_K4#J&?~D={=BNfae&)daE`F9zf!p8Kh9n&(NMEMI8Vh_L)?P9iku!k5@e zok|wvTevcLk~3dk0Yk7h&ZYm4Qlt??pkJ6f{L;e{fhA-rRF)@|&fXO741XGZ_v1x? zhrG~C8>91U=wT<1rS0W9cl~urH2a7~zj}1UPIEsA+zAD8Yyc*<>lI(cFKQQiFr+!pNVep8Dh~m5$pn7RLFP-atwy7XU z)Nr^F9>Fd@ftRrTdc~;P$zowx%x(~t9wj%XF0+2e{%gidy?lKEH+YcoJlffy08ExTWHT%Sp`_ zj2tYo6J5g4ew*DMUoM5-@qr{V4~#_UMA!bD$`kp1tfqXdg5oiXOs@{;Nn{{ONFadD z&h5N(t^ZNIW&w$H_XjJ939od--uLj5M5N?=qUA2yGi9jAL^}2$P4~8?#Q$K%8|Qdm z3xKm7BqO`GrM}gj<#s&LA}rmk-;buv%g$&Db%e6{e8JM^dh<^6&vwRn`r3OekMs}X zNh#txf5t-VT1X(w3k2xrpl%=U)ZO@%kZ$(U|(E3rlV$=otZ#(tSW-x&0rq z@ck&|utS7V8!flh@dd_9)$%Ae_$9&!%C!V1e{)bCbzpU4U@(~FyX>h9q;Gb#$gtU zAH(YXabsdgV>-}#8G*?D4ihMTp-_|p#_wzPSs51p3)LYeMw{@jAyF?1_M_(IG zSEgMWEwlLsw(5+n=#|5D?Vvp;8#iv6_5ELH-wes%bct5_-JN!>l$o15RTDm)kw9`- z%f?W?fl-{Gi9^eav-)rk@b07|9BX}$Eo?u`pCIe&@qImrN)Tp>@G;!qn5A>C+n-DD zXgbAp#ne}WN!;NHyZ_c3RQiC?g?Y{h^i8o`s$aI|MEvam&L=KI%kMRV7)e;U@dxs4jvWQy~i zfNlDIbjmg0=i1I7y&K75EAX)Vo;OYU-H1}xURjCR12w}`sRRi~@A{ujU(9+<gcjB`KN3x^01SF%?c zU^(T=Hv}q2ny#t7Kl8p>*sb{m6_6AXwXk3blhii>+}GJ}rxrlW?-Y&4K1{8P%_Ug0^$We-7I7HIe8qV3V;m+pmRX#>JpF* z{wSxvkNOcP2d0~93#ys>V6Q4mHqHM>^|qB3&18IfdAf;llBT- z)k-7BnycltfDsu?_WJ(vWN}~Di7=tgKQUpuFj1~MnGa%a(`vbf_z+?*g|a-#PWH*e zZ*&UHQFprRjM^9_Nx7d}^hsUJ9r}W`kGxo$JzrCt5=hX|dXjVl5l0F(PFcbmo zbtPi!tBSZgMt8vYV}(7k(tl^P?P2*7ixaJ14}d_slp~m|D8uzqcKp9V$!k}DbO0K3 z)voDZVtXl-6)a{^kOnZNCT1w#CW1+W;|6&#ZV}3=ip^IMtZDHWcW&!zHidf>qGE9eOT}mp zC`Jpef~^8J3FKoQN0fCQFUQ#PfaE&corYt4FF1~yWpI$kZh*zL>&6O7G^t~=R~|AJ zH6~yuV#j+H%en8vBKqWYE;`ra%@Jb#GjrBX+*m$fzdcaWZLFS&z5=)?p8fr-@~S$i zx!x2=l>AY3F1prf>UKV;Bn?}Ma;)5)@J$%o_esiooL3l=;!!dexOF$>s~QqWR4>DM z=d#uVMs;^nTUvWQ)(H4G{6x+^(#9UR+{07jJbibUX}~?p!`&1JY?OAHxrdvH)^O-g zQ(AG)+i94~lEIb_EPvsQ5)JH=^V@T(>OR1|$Ss7h|byaFSpZ=AKc|`vNRauC7O+gH3 zW|WC9w!$L+kR6EeWwVWBiN_U+TNW_|ERsj8UA(37>GFDOTNx4JxjtIv`}+M@vN zJ)g8vOGr!x0)&|Tnl5^%S|1v^L9nr0m0BK7$6&N7~j;28a~eX z92TS;!&g+@G^mgZ*ocnahf@h5-}JQ7^Ht-8S6uPR)N_%n(zOwJEln9*V@Ii>Y%aZR z4IR<}Vl5T4#oQUghq;UA#cJIIe3YhggB(nlC(ykUQma~KXTFTGAK9USg<}IKd66{4 z9&ka0K;TlP&$itv_+^`k$7m~?@A8fOhZS~@;&<6|DT>90br7D43x~uw0E*(6MAG7ehhdLleef67DB=GHFBUh5- zeOrjFJmt>$x?EO9eY?RN3xv8ZYn>Y?WWI;m~EE!GVt?c68^Z zlgv*5-q=87VCtQ@NYe#N(_AcquTUD%qlAGxv1pNka(kp;8~dUKO35%b_wx#{om1O% z&RhQ|KM0urslMjg157^pTd~hJChKk#QxTB%XP1#jSm>nYxy<`w;JUuu&4tJzWp@8T zbc)YqJ0mfoT@*y#(=dR^I#0nOb%j7*i}Qim*M%Z2bZU{bn!9o)Q&Vl(E?^l?KTk59 zzA6c0k#J1(MP?bu4P{^*;)v#{+$y0oGh+zhOVxJ5xz|0w`Q_g1Go zV=|+>k8k$yHaoo_sEa<8Fa1idVWM~JwR!iE%24=YVBn-?CNZnZ(_m^ zE-F8Xe+ko`f0J9OqnobE7CJ^^ljI(Y>e2SSi)F1K-ZDlo4)tg=7d(jJ-2qZ9YNMo% z==t=kR|mFJcS0OVhPfr^d3Bv8vn!Lw9`It`cusiF*YqNey|CxDopd1gDrm(z!W|QJ zX*IUhbzfxEin+XsyoF^WHI$k=MR)BArU8?eKW;vlkD}ri!$e{9dm8}DJb~3KNKS+x zw)G#CGbh2vW{%#b?8N#6=GiO&ywZ5Gw@spR2ue_|SI7H{4tO4jYo53p#m4$X+Pd}+ z^C%B{mp_KDCDfNd<}FxLR9xMbT(mZ=po$JO;6B50Y+E=bgz(VaVfTswb?F)jQG01L0k$G$ zn{9hcS8_2UdfdHMTrBN1kuJiZ`GA*TC}QyFd&PcpeOX_Qrp2Y~V|?&>Vq@v`!BMWC zTd~(6PkqABzN?5-BTQ5$u(=E^3b#*P!RUUW*B500=Uo?Zz`4a*m6qfur!k4^U3wpa z?!TUTlt!R#=EB|gRkMz=Uia%M{)!}~Zj4y`A$g#wD`+m;A`73_UlfuZ^q|-?C)QUf zf>W$oFWGP7e$}Pr!c8Wjc4%gm+_IKpxzDYdkk5;g4S|nd=!p#u=IA%8($vbm4GoAv zG<_6Y*xT(^w!=rH^=@ zex}Xr{Ar(oj2vu1<(sg(y6cXSy2X-el2byIMS~MM@Y~p%q@bhJ+j#6bQVk~AyD0Bg zd7{Wzp5?DBd8Yl;@8(ki>!n+R0dfR@(IXe&1HTvWZB0Y zf2{#qn5r0BE8)-UHQ;vn$aVOL{(+C|%Hy0=TRqCOA6hfGj;Zb6y?T^Znciee@83Ih zoUGJbmB*Ujs|NMzO_n82sS1K@C+prTddmXBgqT8jS!*z4R)KF)9J7YHFEU|j0f%!m zcOvhl9VQ&-gDy?R@ANXPG#Y-M%!msS^=)Q{@^n{78O_ zewpXnCIfYAdMZTsFyfUPv5J_TdzGC_JMb?Lq%DWmw21Gyy5>#2Gj#y6rB=l8mu0cVK(hg%&w&~xRklFb(*0Vghp`=joY!h}adcU4#XbHRs56&Lf|vr$`&OE@|R zF9V{@tZwNR>WLY!&Z7X+vAT(TqHb|3+aT1(*+*h}XQ96taTaAXFF*fdiY@iYVtZbH zs_dv4NDUe&^a&Su;7}SPH#n&eIRB*Z!lu|+iJIiJwa=4Dn}f7^`!2^<7nG)|!#i&j zIs2R|IC6~uV-K5pd&T&os*8?Q#~jt=jpE%h9DzL%hY%FN@bJL*S!3#fBY6xDuZ7LE zsfxMf?POc(O!N1=&HY>ysdXuVsf5Wxc~kQmd{JE+t(BJ=bm;1uMF+|&$raM8`_>Kl z4jFkK?6hzDet(y4$9U681|ZU2rs`}0MWzA)fLGJZXUlzcdsx-cSi*j|i&a=T!l?Uy zvG*2UQMG;Bup)@4gdiXdN=UazqafWmG$?M1$o5Pha`zL(Bt6(c+m z3ERbIZ1WIsNdyNY<+S(~qJEufs>zm{`u@?rVwNe3V*ae5R)=o_(%v|7#s!9% z6O!>*U2KzWg&8uv>??U)D9Ne1AMEh4m0+}jdAu%c-9SopYR=<1H$FS*MMe>(Z}uhY z9-J4^=@RRCblW5r`M`k?xUtjDbN8&sRD@WhR!1Fp+x*00Ka8s}B9JYfsD%~=N4V^?i?W#0;vp24+Y?xo7ftX&hR7XXk5;q+P zz#$>|0d|Kqar8Iw>f*pFz{SD3Zz>vbx>JW(yJlB^Rc*GAV5z;4zRkZ*U~F2*?( z(vN!O#M7&lHslYGHhbWYh2S?eq&&^z55L{>FK+QE|jiEXnT{45>sK3rm}}QZztt?+OW88hIqkHDigJu| z&kW-1OXJP$65O)$_0C0|4}5{$mN(&d*~>jf|8$mFflGwF6^y!SC_6B>P(}- zEtQ2^3Wu^h{FeDTekHxmfQi1x>f)VjFPzUKYm`yE_H!sK zrBaQ-!#aHZ-4WyhR`^L;V0MRFYc!5<$p@ak-;O*8yLwPpKFu+j7H^tcU4+_-oXMrL z8UauO%9bMxg>qF2MnSO1*-yzuScD+#@(|@33v0DIVWFE+Gid(N)`}Mc+wSDJl zIAm)Ts@~vc1sZ1Hs6dt#y?2}ihRdJ7fA4c(6-INkZpY-u-7VcFLO0@h7G5&jAGzPy z>4cY>FC>n%XciS)&E!mPHt?vLJi+?fkDS;QJSEkwysgqyI#>I091jMmKpNb5tQUVP zkYHX^H{TtYYCrd|--_Q6bxKExzPNs)-+t1dnc4`o5zOA}9#XE`QNFjsIc_;z->xFI zYaBOq>RLWrg+T5lPt||SaI5sc;SK6j`|@K+U$|bbm0>`Tb=}T++1C|j#RL*uN*XaT zhoI0QxIQcKwPMqTt|j)4u`kMDJpvZN@vNj^w2{CyD-u6jm9lc$!I@M{Jc2_ zdnnD0?`Nk2bHdcF^BUq_mt#~KO*wqoav`G#dvbn$&WOM_B;M`lKHS0U!`E%K%+CFE zj)rP;GzA50K1$}dztP9yi->$(ulZ&r>R@KUb>2?Hj?k(ppbr2znmcq#1a^{u>TYOl9Q=>t z5)vIaTZaZgw~W+|a#L}gkSDPD7evubK?zvI+B>a0i>~t192&jZRw9poY@PaUrn_O- z)h=*+$;-aU&oBwVw>I9`s2=6FK28R79+|W`VSR z_WJ7d8CC+hb-hZaSeWOSM>SAW!D=s++Y}CW-eK>vyDtiitBcx)rlD?kszsDcMeO23 zgQZ^gef_y=V#wUv!o>C6L+|x7Fmkig-qSf(Vnh&s7o`HJwlt#LY^%MKW@2}^XwxLR zI3O%KOoBcOM{S)+dBfK@_eS__7Wc`gmU{KleX8R>`aVH15c!)k6mG7q;9kHF8IP}Z zm~QDGjgQ!?DEctxnHmZkc(yZtP~@QTzNm|Qa@uV7fzh9RV-T79vrc&^ovLPMI8oD2 zuuVf}E@b#crZ@i(YRr1xj%9vm+Thnk^Xbk>h}-!^2@z=1j_6|M@+i3A7DxIjmd3}l z22xN-;vRLKo17(FnMEjbJq^LL@1FJ&2TRJ? zh&!J%>feZSek9d_mE=&(9^EQkIV)J`-_~t9X;@kmD)2^r_Ca=1x=|QH6YE}fUQ}p6 zjpLCbQM=-7;EAgUvK!YZlvRi2lD7@{Yf!JRNn6|N2Eom|p0JGek7(O&7sD+}!`^&H zyVM7^m5bKRBb{j8g)5KIkv4hc)X=seS#TE*0D@cJMy>2(y(-3Y9ub8*hoC2DhOd}u z{I08zGRVPXUZ-;D-Z<-|c!Q;+-T|O$hHBALE%-htz5wkeHMRxnQ8gMWqLXLXZ4fg_ zlPjRgnfmLYmfAb5NNr+VhtejE2@~zn>*p!+uifq)ww?|bnAY%JN5OUN_*(-5dk3vg_gABoF`hD3KFcw>o&Y1W<8P+N9K0$4cm>_9~kv z(%tl34Py#!YVhIJjQ*lItS+7sghwUB z$Bi2gA3Zg07|FIxi|JlF9DL9<5%1>| zLwYvjlJQ?;a=>tRT1-p)D6kqEghjg_Yuh*Mzpx*vHcZRnDO0>Uz^33j6BMY`tdu=J zIsGEu+LAAsS{pof4of}AB~|SH2s1L#g&a^%9sKY+_^twf*}8wd>Akp7ZX2z)(oq=f z8b3ccd%DozYVY<SAZ`I_lSo0d!)=6ORzfkMpR1VV?oAfiIX z8)v=`@r=oP&uK_N!Bo)=dq$g<<{3^Xn({pK=r%{Cq!(Oz&ecbpqMTn`{RSH=PeFx`?pJ{0G?Y z6Z6+J&3DVQCiM_#_ki9%8Ku!9aRwEivW3=b2xTM-;Z-gcygTxI1uWI;=StDp7wN$t z&S8ZwVgi)0GK#<0S8IAPPf{in&oQ8vZ8W?%m(aJMCO0=sf&jK3U;N%4`Y0AFCdL;F?FzG#WdPI)nxnp4tF z&DYA;uN>}8f#F`a8^pl|O^*5L&SP@+q6nC@MLg>!rPXLEHXmRfcBdcI(Ri#s8t3|< z_Q2mx!~+{xCq^p2|N>?djdvg8q_VIe#08p61;fwKM{A7NU5? z4IRHf)?NW(gmSM;8N1?f3boTW7hB$S!Vv`xc8s2&0-^=08=t%QHDt=5f?M#Y-Fc6Y zbum1$tC)EwM<89E0b21M3^zQPq22C&u*NtS2xk;_%St-mnHrs#SL>#MnM;}!zZ=+Z zeZT{rs49Z5r{e>fY2zyYP8c03xv-gneOeK6(=-pM828d?GdX2J!@^RQYOk!6FdV|x z5F=(LWbhH~xbNz!O@^fCOpPJ)+4Z7jPCK6^-=!?SV4|tkjK#{9r^mbmmjv$qzxg@0 z{Q+ohAYJ8ENQsI1O5DNAN$((_SX|2v0@L>DZVe0JVx^Q|CkMP7x+$b~SNrk{-wHrv z;~MhX>lZod=(LMoQzb6{=*~ml!+Qy@x#xS|ev+Zpg`Yp7^Q6?;Ha+ za@b-B$|PTf?sBJ0rw;>2p%SHaoEw%^3hd~yaE z0Vd?8)}V@)4S?@d@k}DNf{PQcPU}8)`PHRJuX70`CjR88j{4MMUrpe<*#w)b2BI zXnN-Kv(i|69C!OZKe3}%{`0#DH`ups-Q2LPRQvt?zJk4UoCT$BnjXJzK1(=qVcOs5 zZC-x~tu_n4H~Tt)UhZ{hHGQ0D5S#8ZW`%ln&6wJ6Y_ssTGxTP1gWydQylu1M(1$eR z${PmH@UjqH0^r4Tk6!{#N)e7RvIh%S561Q<1zZl;Da2UJX*(^h-hz}55)Ngty*(@9)tY2^Y2clGR=MrULiCmPvG*O^(H9~9qR29 z!+1%z4%_A$zWxA^|7&lmy}26W;HdPHHa&q7R``NTDv|Br1itzF2t=X7+aph9voQVC z9@|L_tte*PAg5lSNaxUoXw8%T_8NQ9ZTag%N>Mdq%USjA{5L2)d%2gJ(Uig~T~-(F zxXeD&`*RLRPGR%2I907#r*c}IMEjL*i-FS+|4B@9;??QhU%|C^ zBT}9t@u?Fur;S)YXB<9H<~9Gh-7SNXd7W8~l>g;>-K6X!dpI1!?I#iKOwWM;WH+AoKWTM=9Cf0?a9+>>FT?9V(BpJyW=Z!~ z8r%|~9{koJSfL?g35Y_fJx(pog&Fc~l4M2D3vLoJ5HUZPYz)qm27vEz0`OCypYg?> zx40c982etmnX9)ey=i@RbA3882Jp*#$VC8h!aAnMM!XK+4TVFin#D-Qep&;*FJha? z!T8YN=dlwT&-ND=YHLE9)NcB=r0WTT^^ZQ!CIS^dF|$E zc|1pAB zK*T8l;^xXCWb8k-NP}_*jJbIcv8nW9)OB=jzU8& zx4g3Pe?fl(?>tVw6y?f$9+R?xXq%jF{L%zeA?rW0C51TikYfs*a)5bWGvfvzau0yF za_(_v%9ZgD4nX659iOq!e@DU`0F`94_W}ao@gvLvW5uf30T)rVkaM8;JpgRP`Qw#15JlG1`Ly>P2G!vtn^m24&FrAv;e#e!yKg^TO$qkmF$+T*%kn z$CpWhP^3|s|169V6d(h?{cL@&>C|y|C@5beoT*lo^nT%0W?9UJ&5NDqs20&@9*!IL zgghYvOW!_+L|d;EJ0wmiw{|^dWAbZMec=PoC6S{`AaC$o6X3BKEkx`>4d?q@JRHd? zzlz%(a}?i8u%C_$S9srXvYHRc-(~HreQ8i5@8NOQf!tWlS2!`a5m;aHdsj<~YbpeS zpTorm@^l}#9Jvnd$c4>^3#vUUzma{e7hukp!TyZvF6%O~l(g~U9h0*B&7;E-w`4zI%FZ{u38 zn3O2EE86d2fP0H97W7?jRKFy?Xdbo>ZNe+X8Y&^it*q}_<$78G87xb9XiF7nrT+?X zvCj%9dNcx;&}+%AgD{=Pd3YIdww)U!fqH|IlzIG`3DaV&RamuMh%<4*Ap>BSKri;^ zU1}59^$~kgseEdjUx>p|c1{Nif{VJn{F{Tx8q$&E8<%v~K)pX-DfLCQ)28we^`Io# z6A5zr0ETNJ*S+V)KIidfeP3TW)plqT$H@B>`vB&5^c+QmTfs#$qUDr88tVjeE9ACYpMfUg?av*>%4J zDJtl={&Q6ict5QRC{zrjC9bpQ)(1)!Q$!B;C6GaV+C&xGQ!JZ`UB3ZuOS$9+lg|iUINq zF)OBz)mi+CZN~{PcXfbY?L$qJ%%qe;pUl%uK0$j8n0psP-jAmn&_X7&t$R19&bCi4 zAATby`gXeBzvljK3^A_KOWu*~7k-R!<`&tBiI*nn*WiAo*W zQnn@3^0V1$yO3WRN6jJw_e=5?jP|7ali6)l2YVpmD(%Q)OSxE~_=ue)-lCU`U;8Ph zbaN4Ku0nw*V^`>>5<$P5|v+r44LR$zD{5& z_)SMTGS!+inVxEUI2;g0J|t-YF9Zd#vN5bsSE{`!(P>tp!9K;Gim!}H%lbT3s;fm^ z2I>j3*r8Pp)VO)X`Ir8bt71YW&M~I(u*1zjjGZnvXon$A9l^r7 zs>;Z-6?hqq320Bu^V=Y;lqljaGev68L|GsA5_|?~zQT5>d(e8|Jqatd#toJu)Juh2@wb~p`uk+)&G1(8}A%o9aW^U^aZ+-0`gcqdRkNNe{u+b4n zK9~0S@z8i4i~NZM$S;7w-Q*XGg-C8^^lWJ#4b=gauk%lEFGVmaos#F^ zF%BysSxEam1QtQja<%11#T&abLx5$1-4^q3SaR7vKi_RhP!&Qi#>PgMggWk}(ZiIy z`d|of;acALgtb#>ANzl@Xpu$e6Rgupz1_QoVlcSD6dwAW`ZPNJwhMw0yX{6geF))aYlJW)6X(zwFnV21VeBL&ur!t(l703GAnkL=3uW2^}^MGWco#_6OqTf|vWDZo6QW)-8ulak>T`*Z@3 z|FsHKG7s)0Cf$oT{6JvJZTjRKW8~Jr-4G#6x)%;cBaPsHlf91 z9%>lCN*=(#_EfmR`f(v2cn0aTWPEZuyjXo+XuPp?96RSpXu7|_zND_uh%QQS>~5lK z%Z!Xwe$HguK{#b;HSV4wiUC!RTSy%*~a zp7&y>vN1k&Do=f1Dl9y#TPJeN2{}xlg51y<`yxM+Du;W}6^=}* zWvFS#FtD@A2~!#O`jrM(oI=4f5o%Df#F!ozYR7;#dN-iBBM<*g##I{9^QVOL!VYTtWX3j zNJP*^`98So-~ngrvU7&5xU(-^(j2dLq+gc*?Z8te(2u41ye_wSx)IAvpQ(3Tofn(j z|7gWmiPcA-dfVg-vk<}===bLMzQp%9;d~%LLtG9zq%zuFx`ncFWQGG{UQ^YM_eAD+gZ9H` zBQP8 z{HZpVe=fJ%cuq-7w-!@%|xT<&jL?Yk-x%jg>Q0g1gigJhW8G zK&^7M9>?pY-Ii$*@0hP8=~zy57wY`h7}_#{4u(CAC+gd{<>A}-(lvQfXTq`C<3?Zk z1$jWe!lTtR4uc~h5ACq{?aAfneUn9OR)_==Z|>tll-=<#dj$MSXp&VS5_`ZS(-mbO z$UJ?^h#ClSKJjS4l9dN5Qx7u?Z+1P!$S(Zo;leBa?4PN@C9=4CP5sAp7lUMLM%Er}KxOD_su_0U7N)5LI|W z_3S!({Bv^7sO#3({kb}Y!v=qIN7a!JqFDDI-`h!f%Dw~;mh&ygavmm;MO^#rzag{| zi%|I|R-q>l$2>|U`Fu9x^>a^`?76vqZJ@ggfJI_`aqPZiif`9=9e-z)sO!abN6JHz z5A9O?hZGT$+O$WePgxKqVAs#L%sET9shCohhNu$=*dn#45LPpr1gp#lYw*K|>rb~G zR+?t(?NSdi59S+GqUqL0GL6Gg7A^RGS28V?#MY1*61FO=dkDWL0>GP!99%LVpJT@A zm^MA>GmYV9E0U2#g!D9;Mb?@PP$db@$t|E$9nqJ0@0qG=h>E; zA;hj~Y(0|wlWOA7&a0${5jX?jp0*f+7y>rCEbNJl7;#qCh9$SdNk8z*T0=GSM>8AS zjB`7ED@+4L1N8HVN!5h5bLyiE7MBv@UO|OYglmuCbBY_{Ofl$ZWs`;VaToqUx>iiaNUBsp5Q& z7AQgzl(pm;6@kHlo$A#f^{JsCz%DBP$1b*#4eK|nYnP$aGkbU!+xBDUFEJO#J!~;Bd>I#+>_d5>QQ-kU%XEta?QHp1Oc76|&__BoXt8sYNV_;SpFsleO68O7?2#I?#tB~U$aIGajzvrw`Ho{Ed0}qw^b^_mnYL@& zV~#3Jg_c2d1;xs$KG12tKKZ-4z+<1kZxzq zh}X<032d!h7X6)`mS1{O^GVR$cs}nq8Ju;}dmQ{y@n5TY=QbP87*Gk(1)KQyZoDl{ zlcWI1`)LPx7_GQ^^+34g_+ecCpAje!iW+>w{I~cvEtuU;IQA=i4(bsf z?^5Je!-9s@kn{;GIp`>SFk)&G5+VNDdBRU&j%F%#ZhVAlesEEu-}bR)P_Nb?(?$)F zpvP0|{@t12JITJajs}M2B#0Z|S0*a`YhrL@clLtc(&AX-a3^ABe<@Ml_iM2eiH*a( zVgk*`2XC@orNJb7`i^4@Yh4)1*dlA#uTv&`UJl1pF{YuKfC$Ze&&%noxL%1SvE{Jw z4bA*?#$!x{#{>J#D~Z5O+?^?}!uTh_$a#pqFhdlQboLSUa2yTtZTrP*85!HCXhif` zE(1tv8=!i6$UbVSUi38kje#VPQ4O zgFiKw2o$;H%m0dWxLWQYq~b-txRJ>HhN-F7gsn{ggFd>b*4Ve_Y-1+6ut!H z&%5NdN*{$+GMIK&fu#h&;!hKP1=);d)yHXRm-;VMh{Lx}o~1RITX;|SNVxvwlJN3~K{J7>!R;ZXv_+iyGru_+t zGNBf@7XGD7r{;?Y=vWNWfC)`K(8N&vMsfd3Tj1{RxG5xDeDWi7(J7HnjpW<3QR)~! zdkqae#ze6%WWqhmI}Hr-C5D3E-l~L-M`B^*aE91Cxj`EMXHcN(MjI%zHW`tCAeNsI z+6qv69fd)dX3?iJ+v$a8?E3G^Km~bx+6p}dvMc(v3t*2@z1J7-I;wM*@3;5NZqpM# z0CMMaO-$e=c2_b8Jc>fN`cPSy6{tLiqgjy6McDd;&5rv)mHW?AD#~5?uCPi34SNTn zdBh~SW$HJUrwwQk z^D|=qMckJtqn_Wao%#8L+w#$)tFv%UEQQ7&#F}W)IniRa7aF^V7Z4OSKGfzNqYWLQ zRjp@E)PinV=(E6#mJhFdFSiAfE2Lh9#uLbTx!E#bo&Kti{RYUOo7kmn`(l0PyG&)_ z4)`yQN1@+72$cFf=~!)EXzBv#XS{ULo3ck}i=n;K@nV@QUG31lJu zluuE0T>I{eZiX6-n3~ODXk`mp)8$?9@{{=*vB~dnqoQNAn_Om454?sr^Zdtcdn#3M zt;x~Xzp4*(w_ROhSCrm;lLHEQe_VuVe@p2lu1PSkHEMKUw}8CH(Z_D^v0YFwYv55L zr;c)eB2%G3qq|&Kgv@zH%nce@dH2Yqn`b}|Y)$#(o-p8bJgv0XaCT)wKZ5P&0ocPN zOku48!cpmLKiPN4Q)>f3Xj`ydOL3M4yFaIpQVmrF-aRy(Lp=P92ITT%XLKHr$R|+c z^>e*SWef$e`B%@WcsC^NtgMG^ESj7K$m$?ZyA0P%P;kx8xfou3Z6|rZxz+R#nNOV2 zn#Ea({I~>)UVkkjPm=dO*P798`62G`>@;PVNm#A#wRs_|=CRB4%RQAap>Xp+d>T=E zWgEICwfzw9DO}7i(Fhu)-*P(gJGjRh__hBWkRWgEy=L4enpDO$B z|DeQ>%Rh|M9QgLq&A%z;7EYIdKaksed__Q*SUH<@aqn6ljYiUBPP?z2U*$W_syjM_ z340?_V=3a#*MDr3PE@B`4l+lN3?}o)*4;OsSZe#oCMb%5hMV^u`t>bDi^sP4QJrj* z!y9dnWcitYRh!usVGJ>q3JhRq`8ImRZ5ZuJyR5B0*lmy0uOGNJXWghJWNtH@pP6aIm_c)V?ux&av_JZma7+JTMpf6p4BUVI#ZjRx zK1+|07bHaEamfG}(0c+|!hrlHE)d6C-DydgsQ%G4CI-OH$B62a^cR+4pZ*#!4Zu3b zf%1n&c;Qn{1iVj(AlqneZNmJ)#P(Fu<@q!Wf;Z4VUiJEYf+E>@OtpvBEFsi1dA@UC zjL2Nr^Ez;SAVbOcT~wLwBtN5eaYcnUr!iWGlRu(4*b{(t$=hr>F!vP6#zHWkiS7Ey zl7&2Z*`8TWP-FSwuTAu4O#-H(b2PM(|6d_O7lnV`n43JyMyLQ-F%&3ytKrZyckrmm zaXJ05{r*x6--qpURxN-1XAS;!(;xV^HpR~Oyal8JlUAaG=N7H!@8JCJi~b>?i$uY^ zPIUhzQn0^GpU09?LI$SncY-VvE7_yiKNJ=i4`4ToE|UfSdEV~_OYqSBJ80}*udhl1 zMsxd~D)`~8P}rX%#F6}zz8JVNXz-^6_+6V6`1h=3VQ#VcOt%TSFrS0S39sq@7@({s z#@-$yi?4<9e;I7Wd-OoEsLm|I(`3iS2n^*G#$&cSw{isj7@@=u0uxIC)0e!Yf2<<# zaQ}6se~V5Ge9>$huuTtd-%kj}6#vso5yk_X74{`F`OifJCQVQDw+brSQ-sT5&=Y*R zg$2F!X-nyk5q{;uRJ3eZcJWwGv8j+tQcQmE$FTm|5&CBs+}zyNmN%~qS9ec0l_p|p z@Du-9VS|srG8lbqh$EHy=ZXEX-_dtMHZq}!3=RjBF+u>`=<$e+|G%Fq_3e8;D1` z&R0iYyKIH(;c3&WD4Uxnr)VeW=n^k)022Biu>@`|={{_aEjb?bsi~FzkZ)fQWY8+H zK?O#&lOjKiS`JdmE?Ym9=s2-%o^RFuXCq}-F_qIq*b9f#;^VA6at#El9j#{QeIX!` zf4=kAzys+%<(mM;mo9Pg1$i>B#aF-sGAQ=kb~L5o_?M1gDgmqVv*^iRKI`8?N;`-7 zc0zMSQYISO9iAAMzri2F?IR?Y`XZ8qL!&_P(f(et*#DTtZ_yybNaVa>C1Bw+XnYRv z1#}YPxnmfWtozfSr55&_HlKZp5${`miv{{OxW|8MF4&oc9uT>bxC>S`FGL25s6M$@8 zzP|?O6R(ETAz7W~(3Ce7O~1$?A31K2mEJX1`m?}UFvrV2H9@b7G&8MZ$6tLMZcADQ z_AU8IHsqUHVw+mNE6u<8OUXRu6Qd&;!c0Khg!`<;d$ZNS#GG-mNHp+{>AB$6i% z$6tH8%$ne=g%3Wjn6+y|*ZVRS`HMe?;6t07HW>`(YGVXc?598Ir1S!#}U;$ z=7Y4wK#n-Z@oicX$bY_DGO>UvXQZO3g#kw7K1r+10lQ1X`f&VsleV9)GA(r@;rABw zSUzL}sP{7f448_QRp_(q)9`4=Ofe_msD@}kEQ`Sw;!>7pi*I3Wz;E(!j)+NR+nL9r zkG5DNt(`zF_u_S#4#=_P@d$gW2D~$1FTi=RXeU z12Lg{k^P<776(ZCiTnn1pz&Mh9d-BJ^e`UZ)yGu!otsd4g>rxO21iGez7y=cwe1;;&H(i7d<-z0so|5xC?}ok-d6 znA>q$%~2&;T?RyAaVl}!Lk&GF$Ly|0P+^Y1#)Khqh4}<_dc)>g7;LQAi&OW!Td1i; z>SMB)sR88;>p5oNB4S8y2TF0;qw0~R9>jXC?qNtzP>FfD*Tp)_`hq)@$00J4mZ(5E zF)8VZPkL?$ZbC^sYnV8Ml|=S2$6zbOfn8hkS33=|h2{S2OF2eoU*(=hl-{-P!_KI< zK!sqtaiM7(`$uLgJsg4eq3W}FK$F^DD3v@98EU2%*#^+ zwihk%y>GWAVLxZx_AetAKF*hiX~kuo@*f^vK4wFSc8>OOZiVCW(qcimI)ca|1I&|_ zpG5vOOw~-09l|#U3D`bv{KCLV04bNenUC_c(#Z4AuMn!U zVTUJjG6hXI8Zm3+sX~7mB^b8c#Kqf84a^@Z#{ir(8B3koKBa)!UlwH3ORfhoqBrcR z8-^Jx1BjDoaroAmG;=AwF^5gUpt?G{@B>SI(8cbe2Kx%J`;~sI#eNF@uJ<5ZR=ldr zeocF%j}w9}i2V^`;^XC_Q?sYw4(>gVRKxgDO`N&=;f*~T8;x@6a{}K;-aB7)Qcc1< zxi2HXkxRA|>dPMs+w;m^0y)8Q$R~(pp=86R`Ow@s!Xrh{JRnnZ%O#)aNv^iW6Zn$# z{Zp|dmLyHHG;whv#%yuF>upP`nb!E>i}XA^vo!&pgqJ?86K$WmjE;GwI@gM=mT~)@O6=$wY_cC_oSpXY zU}@UL$`CVv3yv-m6l#T|n)I*~a6jJwq0(wRz*Kr>#QXNGT*mkB(@Sy5PQT;;F4g)j zf2K#=bY`Z^cg*V;N-XI6<)*QW6@Z|&cz}j=5NXqm7< z#KA~eB@t)UZ;wSF7}R456+jKj!w0labzfnkOt-qPF#Om3irLJTvJ1jeElAaMlVxR8 z&BZta0w7pmDfq3&w9{M!cRGfzyj0}*WRj^#wZl$XRRJ9pK7q*H^_9!Lgpb8`W6zn1ABtCoW zAYXXr3td#V(ACNAkahop_&JZSTS;51-V2-6D)AyWX>2@d^@J)X^R)s8v&?E&6fzUS zpi*IA&DlbcXJ4M;=+}MnF^~yF7C}v6!;H9g8j-Ir(={Ky28!^hL!QYkn$rd9Kj7sU ztYazoqFd?tr>Mc%nv<1Op(OX=REh$`b# z3(*r5wpES@xR*tl2%0utvJj0S-HCm)2rb-i~jN*Q72Brkuf$)vle1j_X_8O~=8z z=j+k+?5PSF3r%b5mdYkE*mJ`U!~%QVI8g!y#;V+$Eam!qPCE@a4t~LUnckwpheOw@ zz6PX(Z#c{u=-slpe^T2_YEPty*1|vya8B)PI&IRlY=BGN=}z!( zXz#zrsylp#5~{<3`cb$c&dA6vJ@+!g8 z5aAf@S)j0J__{==c(107=lHXo0$S*Us&vT`HSpaS7YfM4=waKY{VUx=wX0$lPxv+Gs6XQ){efk)9W@SAg z8Rk3Fu(pLnHl$|z(nT)X@bl91e1-Ul!y0Jf&15X{D@pyU=Ro8_dDpq4b^NHJm%p=4 z?U2frVHtW(Bcg~37A^FfpDZ&P!Xb<>AsgUbr7y$dIyOP)L{BIsoP*gMODiro`9J~w3Z4xSWo2il9XSB0fO z(4~JftKQaI7;W+@vlxC+iQ({`3-kTQ1KF*_N`QShh|5+MQJ-|^Ku^B{u~Dx=ej+sACBSbPASPnB?QhC zIag%buRH35r*{YlA96c9jK_{E!m`Z7Z%`zl1~;(WMR`{RUWWVYK16F*B0fbt;ZfbB z8iX*&KinGk`^vf-fOWEaX0P=+eqWU_&T=8J-}C3l1#fTC`%fD|k?uCb;*%AzBstfj zI-njhs9>j^E=2x8H)A{5cPXk*q1U$2r0YQAy(w5y+^2q=4<+3+gdf&hfw)CF6+st=X@fw~8))20GbrF2g%QoHpuKo_%<((bL92P>3NouAFng z@7)@8=DkhamRRl9N>|y=)@{%6bj10fVBXEaFVwE6^Fr*$y*sQLwb}0#77YM`x7kA9 z3iUZnY#?nO&?r@Iio`Xv5%G&+oZh2;iwrLxj9MHgY#Lu zUu3S(5qqK^J`TZ14uR?23#*2zcQOxSHz#Yt;gt=YQW$$G=+J4*U|E>o3(|4zr^d*| zlV8iXPgLtzsJmaKq7@Sl0>bcN9A5QhV~~*t2+{ixRZIn8;|4c!#@M7K#n_&xllKmL z)p3>D8e!K==kyWw)&Zd(3)0(*k8rEsyY88BuZ4_!$avJ%3ELlr*DAY#>J7~oNLQM7^EROmsQL`bijYNg3JBOD{WA8 zxlxO{AobVE^qHH{$7lTbL>P)+W|5)lq>AER;K#JHa2p5=B?; z&)P&db||{i9L*0VVHE9i^iXmAV(c1~Ou^idAQn)t2BR6D_ryF#xc19XzxatVKae=O z;x65$cde@alUH#vO|KuZ-CR0F8zG+DamzpCV2&0=gvPP?7Fyu5Ml{4PhkGResk$y= zG=w^5rKsw#uSEkkZeF5#A!eR^8d}fd@3P3qFChpdu~GbMIr!p7No)lDpV)c$?j#XN z!S@ym4@t}T9kgvt4Da7F35L6VDUu~vE;sd_auRSBOD-P=zge|tnk2CE&lUE(4UI@Z^P$tD|(U-OB zcCgU2etsL3=KO;lcnx<3gOi01zO`m0V?1lZv{mP-&GFahMz<_OlKdG7d*3PF7$~E2yR@ zQ(XxYa)7>L+9M!ptEoo+$1EUK!gqdl>YuS6H>sir=?*CFw_4)f(WR^A@X&mF!qg5UMj z*cY55J&%Pwy1tEPSo=JU)e_H~;X2R05|2tS=U~xoE{FQ{USyENSF6KTc7l%)59-+c zUpDILTD~*CrI_O1X~ueQWSX>(lR=Y$A|gC*kh2YuGH85VHGH>J(!|mKqwAvkRZzx> zR9kZoR15rY^S6v+)f7VcmbD{Hh_AP}5in~#UX{89qaRCJ7u$%k;$KHEJHMMnZ!%9a$R21o;h$vkU zkdCPIB1rE=dX*|AM4E^+5eS_qy%Ty3RYbb<5+D@mgisSmDDU>%=bXE|&-;w={r>Jh z85sdKd#}tj*PPe9<~7UmJ?5FBSY+Dw^ax?Ao>8g7sB}G{g^Yu*OppDFYSfo8BP&)3 z=BuI(%MfSJsU@t=KI7oqqV^m40iE(O5%iC2j9-E|H8KU2-Ue{(J&@;(q$gx)7q4+j ze??;5PUG~rbur<^=Xje^5;e<&-NozYKu^b`-c6P8hT`qBN6M0iyJnS64K!v{TK>n2 z6ieLPY|MEBRYShV+WU@oN=q+iS|#8mHs9htNFQ<1UBqgc?*hcrjgAb4&Z2j*onZ zx%ik^oN>T9n1)UlB`p|IGprrANSI>vIPV|^*nTwF8(wXvHCrQ6-(9Ly3E~ng<~zF7 zaX)M~@}ViOGc+X5T=<)RrFRDz-q7ym*Qs#mhoD=qyPZi@wnJT#!*^>K^f$we9VP8P1YMg>a5v?9ox zGD;>73+Xr-eTizeWXf1k5Y%qJ)C{bU&uEPW?#vG|UasJ*MpE#%GIUdOCfv%zD9kw6 z>v8rkvMX5boT3|05(~m>&7hxPx9zGh?`IKgwMocj#ToB=lIC_!bKh!wCBT7iZIeYR z2WbW@6CR+MrASbT4KB?p&bM8RDxL8c;E<9z*s!|b!kZjxc?q3T%rcH;S*o}s*DDk0 za@Jm0ZU=78C`>Aducg3F%QKv3TGX9xi(K}4d$GJIYBXM9vvtm%?5`xN&z0R`o80_G?^2B0Red^?HOS#WX z-hfeh_4r2u7p1NO@?h~aMT+wcF??3G~k4{Q05Qs92GZzks}8 zj(01c{^(u%>%c8zBWNK~F`kbsr}QL|6qs_65N*G4_dWeP@)zH#MtAm>`qUYEKlfoi zdH~!J`(FC~wM-Cx`4{sJIi+c;)epkxs%NPL;tPpsAoIoLRxpL9`=_oSq=!1}J&we(lI^SJan zI+y&*LEU4QKM1so`@3O-7`&D~94T^+2u_7;%=u%zcvA;<7ru6ir&p4BkW9~!yt)39 z)^fX6_>bcV!zQ^e==CGXoZeoln*O**;Rn)%9TZj(_M+zIgDj$zZSNa|xcRI0DdIL7 z3l*IycS8+dWp4oK^TYSEJpL8)J z0=-f^{^2R}u6LfP9|dGl8li|p3T;E6bN54W^HGN;I|JYFO>^I8P*9&I&3gSpHX7a^ ze!KJvgff24k^+)EW)X;%t@rd;W%=5?cm?8uuC^nG#7VLju&>Umrbu^k(k3vrg2v9j zNuT-tRi+R4T`!HiGW1W{h^*lKh5Py}GH>qYb%Y2XT_PlT;pBJ|FscxkjjSB+&@I|q zLT-_s<_5opUfk8Ubc40W^M>F&Xi85L2L@b$yqH~P(`JD_=!cTPfI(fX!25a39 zMc-|6^O2-T9|pYIG^$J0;;rI+Cb1;N$@ z)^aT{truq@9N99qp|wDR8h|-TOa|ju(T%8PDsYWY4oG~k!tm;_(nVcH6Vt^X=5sxj zO~BvCtOFT{vADIh>IR492z%|u%3OH%O8B%}*4Y_q^Bl-}F;5`mhJ`=x!$=dyweqAx z8uX?T{Hc8C4I2Yzzo~(vEMH==dtyC&3Tx&gcM8qY?XpTUk zGpyQXLxjRxINs}_6rHEoj3!TgdSq!Uf0KzLAV zUI+>F?p<(|3o~>;lHdMEFaWfR^auq<(CKGf9wL;!6KI)5%KT@+;koiVe|?e~H$K9D zF{J%F3-ItJvREmEfF6$}bD?(G)4jIKRrQ?CEHM%$mtCyMmUmaaXh z#X>5F!VT|_TYT2KRkXf^nyJXB_T5y9t(-EO@!aHM91GO`I;&8Vo+~-sn6a(nUrMj1 zjUtRVEA5>(GTh+?#a8Kk+3N;9)T#J5kG_IuOa&1~x1Kflq5L!nM{t0ScDYhbFLrBL z5wj~tV1sTCc95ypSRIu=DTpvjiGdU-G|szklWI^_jbrix|_Kk}4*)Dz~mNpp9`x&q34?Dg`VytXJ{ZV$zYqDK4m9Y{t?*4hoNE$i{x`!aAo-Z0ys^97KS)S~dMQQL{Bhbx`~TP6fug7&xBE zAnNoITxbAKJt@M1N{?Uiw$Im6u@tkHH`C!&+1lE^y8h^IU{%UfrC*8EfIRUx6ORjd zLYD75=?hd@W{g}i=hsHlre$RUkD1>g38#vWDrREqA=l7!k}_^K7lUqy8#xviB#$;0 z0|fX!3nDhG&}%@UueVIbTOxnBb}SnEI}%to)hu6te5~v=;oJ%FDmI4d z34c{g_)^N>i4sjIcdS0}^3Q+aNZqFhz3z6Ibs07(jH&oGUw5k)GK`;QkO};g%_Iv0 zKrRxMkBk4Lgs`Pt+vU_>x-s_IxpJ{j&5sSVIu_xMFYPiWRRqT3H!i=xoYH zQbu%G3zLC{z#Xa)OFq4%@#iwIMeeV^9_TNLJB+*XI2h6vZv9&L_QX1`_1HvJmdeuNr-#xM?6WhE6d#{;DyL7;3Veo8C+ARSQn07Zf2?Hd08 zHZY`vz8*kxt~sxytocl}Us#R?bnxxTSvsbjM^o1^u=B0I986w{?E7>`6Xr`Lv*?Im za=T|vgG-lI4@5XJquHYb5}q)E?f$4O@ARsVI;a zd-^qMUq6m?QLa?u!?Fk&wTx&5yY!~T7r)TcMYi3CjxL~6%hW!18lCn0!gfyVz=^VL1w(J=1kTO8(K_PP-^72(gbs~)L`P89KJ!(%+4`(DpbnUL zLCf=I-&a^{-AY*L0RZ(>;^Mn-85Ccy6Yz%4;JjE9fy{Nfhs2A?1rhV@EaLO|=??tj zshIzc@yivVAOT;}c$p4ol~3yTg01gai%gnJ@0qsYFJHx;A8;Hn56^`@g8mVR>{72y z%S+bT(gnJlOgqaJpa&F@D-V)nY-grqTW_(^T6J8X^>FCW+`72W^x}6AOvJA5y)~yd zh9SGmIaes9vC=}yGGa}o2lMpLC+60Nl;U6uJ}aZVsY-R~C@+KEq0)?)SX-jjlke)u zJfzgj?)yTd$qT!osoPWA5hP`D<>Y-De`b~c7mYKBJ5-jf{f5xQBMK%6>ox8>hL$jk z=E}ez#O{e;&u6i!XN09fEZ>hAbPMicaI0uy~Lv4-?rSrVf(lz$(MnQ5tjKL(d?3& zqZTjEx(r2J$|L`RX}(ock}K;LMobynXFhvqP-XptG28Pets0|JjMFrMeBWn|Dq2?p z679>u*Lm1^L+Di%d_~I7j3eos=$)!vk6y8IruQE@Dp zmnA9e!fjh``(!A2+YaK^G@M!b&gdz*$Hh$h|=C9)*sjtJD2FB#vFlH

      Fh}`qveJ8ej0n0rVZ41b#hUA2?5wlp0Ta<=d2x!4bhQ z?e2RF%d;~Z$A0nx*R6^j5W}k=xNoG>T&>BN>Dqn&Gnas8HF5RGzoa&=pc1 z(x>dm-Gy2pcIpKRYzx~pLeAey=<1|+t}F1~*$O?XqyC)HBIYum7eb>)rJXif294Xc zC@je^9*wRIuYB!UM&tjMc&mT@@cJDKgs*4)@Y4!@djJ!0)O8>? zsawaLezxw*z%y;KKnUMc`YdI(y0x>jR$U<&%mkuweO4U@)N9Mm)SxQVa!e8}0_WPX= z$}#@}s^>NFb*=4%zX7PwDpGD#Gb-pgKA^z5qifuG)_Bd9=vgeqIl2!m;Ui{!MHi+` zOZ4cBw3X$c*Ri}i;G#3O<@5NODa(`R`6gu!RGgF~SKmO#Ofv_?%t!%DV0@9yZRV(# z(tI*NvTWCUM3dHXP zO(%_a z?;1bX?iOlbge+ww6sN`#=G6`}B?}u`|2Z#VO}0-lFF(+?>y( zem*BQivXm<*ww&UIWn!cO#^k37|~*{CP9gN#pR+~wz%;-o#}2Eq3g;|2=3W{K?-=aUZ(|pvy;{1N0Tw z;v1bN-YYyo%cMol={CZR#%>^S=h;{5$ITLu&D7WUT8LHfVlVqt@!!I*5B9&C!GHi` zh)jRsEZYCq>Qxr;?SzdG>a|AVW#2!K^^`SC5fONavdkTUfm#ZX zg|<^!tpr=SwgXZhDVtQ8PPeLDFU+2xHq8xmiY#?9L`d)gvNxlC(`?GrP|M4d{j#CK z#Bphz3-J}re}KNN=Pje`1@!MI6=2%<2jVNqt;bfeo&&cjxzd740d5&Jv-Hxek8ub; zY4Odb7LHJJ`;uI@0h#k^cJ&H#@^F8fWFl_;yLZ@6XUOi4NGhNWjng4B=0`YWR~| zYHh`Rgz}dIuChpLg$G@uy8f-+Z7UwZCOIM;f`{epdB;t30;RrRb7d+%ptboxB=h|Jf8AcYNVE# z{+Nd2>}1-K?3<0*)nFc?d&cEwJHJm`s2i8S>uweZX!HO;bL4xB$RuZ-TR+9-qbLLK@IXEtdfQwYVL3dyYQ^twPaRVTN=O$pztm^y zKpSHEAl@M6=80bMS-rvt#@w_ZBwcac#9GIeuC4Otuh^Ad+Ts;8i($vpy_9P}1vPWP z{4P%h+mzf`2kSREo*w(8hd0}A(2{(J+%g1e5!8@lg3MbiC54@B45LpzMCGZ{CA@fo zSQPsv%Qy1A0JO016d_@AG~=b7^2pAmBvZhRyl)0Tt|bV=6xji*O!->Iz;{i^X_4fv z|B-@Ksb~A)ubx-xC$$0Ci`>1JN$}D&^OUcc!4Z3_2&LI@a}$AJj**W!fZG!5KAa-o(?#?DTp?H6ys8|_-C7n`%4fNH+qO{<}nvqv^c%ElDu zv-iW$N@i-Ey3G%yn5{FI%bD_OTV2DNM1>0BPeeoz$|=%90+2F`g9%=-ZQeo-T&|`bwuN@@{hMh_A&d z4Dn^;Xr6Vad#rwWg*DA030>K_(PfPbeY0BKy*5K-_OViTWUaY;WhE%YdcK2Wh96K( zbT`}3a>vYyY3kOv15I06+pBlA;G2Y5B{w~jM{<>m+$H&_^@{H*2VAeg=1R-hZ$G$& zWdUuUmHQ&DW?`H@3v!`)tP~{X9X2F1RW9|tFK?Mx`%TO50XS7m;_gK89Kr|@-qao= zwCdP7g-n3i$60-SR)lY?uT_EM%R;&IgT(~$hl({vqM)WZ2t=dAuDk5M>M2D_t!UDUg*GTWMDwtgp8#;`9UoREV+ zc@!WCqnpluuI=?3o59`{aHPMW%Db{@jL_vx_iy%{QwI3;(Li4~KZf-IMG{YZ+7%>Q zqz!lhkOch%PBI0({>=*Z{7rnt7`Y5nCjKlrX!np-ngfsBK~S+C)vEe}-%BSxw32Vg zof>E~Inn9DFAquK0)B%Qm};fZ0E1tm2)PUbpK*+{mX>!mi@kj(nX_4vMo~w}%4>KR zL`pf)Gw+Lc&bn_yR(60vxWwIjsMU*MmN=Ap_KuG^GY%m4`QKawm_k`37AsAqGV2HR zgAy+A7b6eOk;S!_ohgkYB+#Ggw55hJd5h0u!2hTq+6UJ9MSE_X+`X!E@=6gH{`q>) zKc2%ia~5ZO??@ooFGuJEjRZ)QIZMxK#;Rx$v`Y=gPJ5Cjd=kb2ze6RUAwnfF)yqrk z4ByOlv^5bEzYWv0dcBDkIy(6cGuqOby;MkCxc7kHIB09Xr?l?osMlqb zA(wSv|HmYhl^|HD*n8+oeO77H*Plm?1Axe4eW2?CGvOqzkaMLW1_fwv-c~Z&*N>;& z?<;Qwrt!K=7V11R-QG)AnnByvTh~JA&02F`l8&7R1S4MnJs}BURe2Pfg6V}xb+p`E z9!Tg?0zUvkl25Jd1-_r#uR?^n&8NjR_hm$SiwQXMWHL5m6TTEZqt*4|O7!zN!{F7= z{BKPDCcO5>M>F{4-0Z;*ty*3T?qXduX@YaCo75}45Z)$N$2t)%ym>Q03HxWY&W%!A zc{7BkWtTbaZ0W?`@REL@0T9-cw)R(V34c{;y=bGlYW*}NstRFq>YXee z7`3;=`DfvPj95jN;Gdj<`VO+tyZTEbiMg3Te?sS1AUH|A)cg7QJcDRE{k=zP1Dqtu zznfPM*GDu3%x`~G*#Y9cTUqHd2a59m$yMOf7OHJ+r|Dx~G05y^$oKj4V;2&(&RaZp zNGKUFd3@m+(nR?T)Vkv#@LogpOgkXBW3hNgPdES^#!o`h@5@k@sip0G1!gH|NbM$z zdE9R()qk{c*gvYg-pJE?_bKUFKu>_elZt~{(i^CQxCHW!X2VRK7MxAhgFX%3&*tx{ z1EvK>vON?uRU{qat}iXTYk?2s5}k&=6*XUXo8F((g<5b!nlwz;=XG4_Tg;ij)?URg zTqqd;V%)n}CUHe7g85ZcZmZR$W~;hP!(VlTH+6zNp_xPW6)P!&6Bb>oIuOe6c&|I!#1(sX~ot=F7n zH12zEF2(Dq4|NIVyJ6i&%LWby+8(}*FNAnaQ%?KyD~l3?+@mp;Lubd*cwg# zxxXz`3J)PVl6om&PyI2ROF!$9gT2Rwgxd!uNzWhIl3}h7?(s_@)ihR*-R222b)V13 z0Aqglf$9s3#U61yElVJeuG`Z&vxA2B@mAAl{0JAbYO4$O1n)W{ggiZE0j zNq3hXR`=Q(yEFKUn1*e(mMA_4*DU@c<=)FWT{U`u4y`1zU|V4Q-M>ja+a{~z^pJ>A zwJ69Og<{j?E>;3DWUV&2M*keDEldJfYXt8PoY*t}j95SXg3}K+FI0Z=~i#3TWewScxJQ%>>zzM_gk*z z3s=lFJ#!0+;=aBMQ;391la3Mdcb^9Huc3{WM#F{hsT_|X{ikkyIGq^=ftCZR1Qwpx z=BQ-8xeIjIOr84p2C|xr*fHWI6Unj#=<=4L{u3*^GTEThnczpC++v@~=qt-T4leM^ zzVZCyd_eroeyGfYJ|Rkx^W)K>UcxM?=NS`R*-uOCLd^UAY0kh3wnM=-UFZFnX2=`cy zdUJiB*dqYK@sfdjh5D;q9~K!o`)|cPqi?~a>G6lDdby&u(Z@sHY=C>`uKFgq7 z0F?$I2B!^hGz-(SF!<-M{iGlZg-{Yg0q`XznAhTb=_yQE|J)bgT zEdX8Z-8@xy4q{SDp-cLsLuz4@9cX^vY+7r!{HF&78a_WpYz9!os%!L?NsbOj zKF(V#;qgD}y8A*4M~PMHK!V^}jYz(#AtoMiU4Em2(w|FBOsf38zb_8QSHCj2G3i3r zlthow|E`s)*SPf+(qvq_F+eqr$Y9b)JH|}$C>m4NNZ(-#BNtXfm;Wf!1 zk&MP(Ao8T$1_alEaobI+oqqI&JR8{M7-m7Ybw&q+;S9rT>C$hUUiN(?fi|H(Aq!U! zsnT=m{tz7%+SZZ$q$*B&2r4XDz+qcrruD_B{C>csEr|15l^!wB8@}hCRw1(m;6}f) z3|ZbLRF-`g9D@ml)+{D&!bBfK978!a6vt~%iy?2Sv3*Ti#jUGGPu&pNMxN8QC9d>B#*ml=9(6vN!JlTFD?sZBBZ_SpD zyL9opP~+Mv(bGeY*RzzV26{oo*HRysaDx22Jz5SHHtzwV4T0#U0h)*T+PeMd82Yam zK{#iikg{B%4nVgbCCSqN-5cO+dV}k3q#QvYIk3VFNV(C!g+bV+X}*}JY`fm!|BL4I zk3{}6ZBVB|Oz-dd#d#Ko`}Q%pNxgQVmQqDpB+!$EydTXdnfb*s_iL5=fT1ry=d4_5 zLNo8(#M{lk!Iv6J2AKom2LLT1oA>fl%kRH@jIov+g$rZ>xD&38IoEeH&qQi&HdMeo z9T0}S34FJVf4ycX0z{Sf56W8|Rdy<^cM@4l#FY(e!ugoV?{N|+9hqdN(^Z!I-7xkQ zAk)w@@W1~Lg$uHvwvAESUq33W{1#ZUthL;d_{|_8;a45EhGrYw?}y#3p#1X^pI(#S z>+5H;*Fpw}iyhI$hjfU*Eqk$v+W}e|*lS1*nyy`?Hx|H3(~F49 z|Eo00{~{*vApz(YQzZYlV#U8}Zv1P``bl=`cYj87%=LfvXZ)|XfA_cEhgR^v>3aUX z?f&mK*F=C#VUcb1{NMc7|MT{P6v+WtD1mMHKZIBQ?Uw)LY5u$P|CEXOPb>QG(*N7R z^lv8gU#tI5Yx$S0`~N$Kb86;~y}b5(uk}qp0vGf1k7U6|vBW%N1XsAeJm?BOvh8{w zOvU)&O4f&9;ukl+%~N=H#SlLfxk;ga{d&TDlh*kGrRwZ9M}wMs+sbJae?!8Y8V25D zQaRM`Q+ew(2$;9|_aw3Z>D>?gcWr`J;=0fO*WZ%86y!uq##8m*3;uTv|5$qgq92orrbqLuSN!(Kr}^nEcfsRVyof8^UAaqFZKY4UAQ@=hEYW4vjRt!S?DD z52V&O#!F9s=J=SV+r@|>2fd3$*seKD`_Q0b%Q)+4U5UHfHKNM z(-Qr+aV6#a2DP*OsX{|MhLvO6wXaNG70NY~)b)`3#{yh|UJ9~al(;X+{#V?>#vRm$ zpQopY`RuH?*nt_Z6Ox!HvY)Awe!}-swN|~c4v9S`J3vvlCeI-BL?=xH)SZsH<(pl; zgO4%_4N8kPM$b;CP@4Rbm<~pp(@@ue9f?WdxuG+&vGFTM?jbC1druD$)d@pynw+`Q z#A_VtttMV0;i_HxVchj6zMHJ8gNquCp!(dk7b2=iJ zqqr~kPo&{5R3Istb(G$H!t=KL9vCI&0~5|og2`F&Z#>4$->MzGK5hJLd@(j|*>}YJ zc(%X#j#(ce7N|VViFo@zHA_C9bn-ZmqHY-QmRcqn{c>JLjJb9t)XX1kb%0S=j)Jex z5a+YHVy3O?2>dBULV@X_Z14VldHI%zjE7>VVj<=44~g$y<<$mE6~X{ z++8i2h*IuS1da{R(S=6nsG6Rv0()!%gvpa zRcsIL^h9<5?Gz$vIA zZ4pjyI~t?U*CCHSP7$-}b0u#C?i5xayq<>i(efBO+4QGd<*8qcp4x;w5Kcr&t|Zsy z`DVZ0!9mW$+bVa7AR(;26RPJYq8?FH{WB~hPVw-^tAl2Cnc!uqy0h%75>skd@9y=$hr^n{}3qwb;8U#=c}E#5jQ$V3r^Ts zF?X|=3~~K*u6p#>!~PL6u*qB|=sOLqXZ_0|{&;kmReu6mli6^%{pz!{|A5$&(~YEl z(Ri?TpQm(1wr1h5+8i0r!IcX}eHZKZnAZDff*>RL=#$yz7)$T zBG)=+^9Wv#xIZ3_TJo$iWp|Ex^;e8S^0U;PR%_F12GW~VLp`+>oM;=dVJHDFwk6ML^+|K6)K!myi(9lc*Qnis|%-%w$%6!GF#4a${6Sa#LU zk2R&EF{9)>H5EfG=kt>Lr;aX7(b(zHLFil0me{YvmD5OJM_}MYMi0w}KkiPW`N>Gs z**;^u87I*IRiP$4tm33iE4!7{)ZhN=+mD*fR~*e#ka)eeC>YO8exXdFf3f`w17Hm= zw!hkTU;js7{-xkb4vl`%>#b6()aC>6YI}>B>B^Xv0l@V%pDaG{sX^UQ8vwk>flt?2 zz-D5dQ_3`0HRJ-(_1K|aVY@}csb^Zoc0gE%OGhBQ?umf6KQPbtVDfCYPx~N^H>fdi zPP_`CE|EItQ?}L1E&ZoYnLFB9JLj*RE4Y2LB>K!UOA{vGKOaz~wlQKuDgjQ+N5-yEiEs`iXxtymJwyz0Q zc53h>>^l+>YdFVzwaEn3LlV`}ah@{BF-3vieJFS$xlV?~Ht$rrQxz(PC^4>?(JnXa z8k=uvOhXE^`l@&_eV<-%oPi1r1Q@zZ31?s)l5AfH*qNOaNYvf70sL_(x#qS(s2R1dLTH+jJ!DFO|^)SRqfH@u-m zDI%n-c4i(P{e7-ryFlopQTR@9IlP{f!dR1DHB8u{yUx+tkag^yo9j|!B!ovu%9Vb5 z$EkV9ROIowD6Ag?_ZTRB*5A>kqS~ZOnt~}cOs4JzFDf^mi=Z@KH9vo($5Qk3Y)&=u zKAwY;$&5~{cU>596h)&Nf@}KjEt~D$t#Xb6F18Q7zkw{zhPQx)L7UVA1m=E7L=#^kiS>e`AR;pzxpV`4+ zbzk7|vgODSM)a0TsYEQE|nFS~)2n07W_mWfB96_^!jgkoKxu;mwHSad-J zG|gVfCIt#kv!UfR*qmRh)Rd?IIld}$qK`*8iuVRKkgFfyQ~Z`5Kf^ks%`bVSP?1~=k-U$Xxg|Fh-^Dx@vjzfdvmyL}~S2N4pwE_{ySZmg!|1@u1w`NKqL& zNBO|r2=07_`Pwqa%;qZf?Q6H2*S%Z$ujE~YecgUG)MBYS-5}ekX0foc2DRaW@ZWCX zUODn4RB`5cyRE+IRxegR2diJmf^(jDp+QH%Cp6gu^ zhfx~7-k;wCo^I5af;KgRu}>r%+O(=5*#~jwb0y3*_qQ73T#d%cJW7K46j9*4kjRTu zs~x)Y9I8AUlH1WH6L0K6KZE4a7KscoBY79Xh}nRlXD-9L=vY;xP%L8j>y;jw8VYrp z`R%H1m;0NKCO<6QiIrLtm$^5S>B4Q=oZPTp0t^-kRGC!q=*KXgns#o55{A!@uLO>o$aQ zAK#$Ss-~lw7zA22ua)8yclxh5PSEVlsimM5AZ%3q?7^n)>4+aNkZL$^+&pUxSW&Li z@43-sqA`0qF|1TI-EaZ^lil3&x{Z5F;!UlZQZ&x&Z_}E=DdGdC7XB^#rj@gqFe7LGc^50L z1nxC?ma#$|Aq!XZg2-nRT{Os955B2aibG&a( zS-nmN=-QAiVt%|;3F6T3YGySV-|glSnnyD}HSX5EuLJsn5x)d~A0Taz+aDP89Uc#W zVp|u^W6*XAq?qj)u^rc^wO=Etc^;?oJD8uGGNK#U)ITzSCi^qj%k9B~sS-m`wd@-} zXs~{+zFDQ;7_?H14tza7^Tbm7sYaDNm0AYMvEKRINoKMc+he;^1yvt({AOABnZuHF z6s?kbWu<>98eAM}H#`O`NN2Pb-f0P2@$xyMrT(C&!YkYO$2}NjOw9O?K^jC|gw&W8 zp1!G$IjC?beJ0jhq#7~)o;7#dHWUdI!xJeo9Kb~xvwLp054&`0Z<_{qBpm#7W>}n> zipeX{%ZD%?VcYBZE%6MLL?Pu#=D=)w;q9K=QS$x|>73;RQbd4*)nMhayIb$Ww0Q(-Kqv^xtk(GHH(?SuLm{^`eGQyKA1)K_m|(A zXwx#q4Q63Kb?8TDWjHIybNzf(kUde*&ayiDDkcK)BFuon+HZx}w*H!_4^FV6EAp0* zGqv-o{KZ3U$aJ@NnIfxxt`OQfp-pfO8)XXhgBHK)pl((7f?h~4kN2XGE)wH!p1vKk z+EGY#u=et{vy@=6g9^L9ip|zsz)_ZJru!HprFJAt8ci8WizegbrCQI=?XUp|rrB?S z;e{?mx`n@5*f+jE7?MK#{ukxvv<2C1c#O{%dCRR6Z@ak;RHwB6&Q4%B5fV8~1UZ3g zRGpYCWC~pT9YzC&B0G4+X|HVr`cj3Xz;ul3RdqI1yQkJY&9~W^%cAo~?+~g$ATOHF z1bSYi)`-`x&7XXCXUDxhD&D1e6eBxv`~Hy#%S>yM(clG5x~QTDiT%zO&s3R*i4GYk zC;i-b^BLDfJLS6kKsUtXoHrD|U-DT))b!2M-Lh)Ft$QO)*)qb}+jdd8wds15d24>p z`|>c~de6yKd^ij>tW!NLUvN_05Y8~RAI*xecT^xC(qOx9DDpN_sfPZBn3AfOw z$zQCR;RnO7vI-45cJpUL{pO@EaQ>^D{-0$zvu_9=x#=n8sVlHR@|_Ibe8Ev(Y4UUh z`ELVJM_74;=6$PKOK~NdTo2hm#IL~L5o{1I|ALH}PMQ8ZL@b(ruYTTJJk?R7U@H_Z z9#d%lD|NN8_@#7<)yrDW0??1!!Z7W8jzqEXHL9>c2DN;)cF{1`XDpz>KO*`Bb@Rgb zJvf?fQ{I-VO{cbIvHa z=U%THtFS9?hUWN_w(~EX3f?)`T{wQ`rSIy>o1|r z&agurv)t?!dbL zf{F*~d*pnumv7e4hW^gY*MERD9C}Dc0wfU9CnIStS0%y{u8e;6B0AvQu9;nE(d$w@ zZCMwyJIo;%cViTDP<48(W5#%igm7TDa&b$VN0}2g)^p}EN#%CAT$<4gywTuNb%p2V zX%Ul6rJFJZ39qnE;i`ZR1?1PZkC)ynfE?!Izsu_NIKI%(3_-7+>lRXeo4%NR3=|tJ zAftXVmq;hI6&gb>abhp6HK0=DT|*W988pv)`lHH)rF(a6+WeY(aE7bK!KXY#aFBK5 zmcxnKE&ZbGRW&`+WZ0{eRjX}@^+2qcUUt~f`WWBFD`=ftT!YI3XeTgQckD;2+vr}} z@tMYsFgP9c;C3#s974WBFgnLTuF(7Pe6_yQygpD~Kwm1x$$1$ua0G|dfce)}?9 zdSyDV=4?2o^Ykcm?^duWW`NA$Re9i8q>qj-##YC@Ybw^;|~vH{`H?Pq;4&W5SkR~=dE zKAOs05v36hOYsXpEfeQ6L+!5n+^`3-yAN|oNHUe^pCHd~jumS;aZu*%^~IUm!xYx1 zC7S%=zrc|%cH{sqqD3sxF%r{A zEgG#ohTH}^AnLD&H<~3fH>S_@B${LUZ2g00!UHr3`!efht$>`u0aL?4Hm=ESuqE@$ z;&yE=jsCpb+L;Sf_#$JqU1j3bmUOPX62_%a3^-Tz3zya%K_8=I*2J+fV>gGw;JRJE z#!Myi!Xv&7P#QO=eCUqe^gh%9*L=7jR9@dVY2xlO`^ZbwZUU@rQ{^I`j)? zjAKLCD$h#P2_l;alG0+EMFg2<@&JkcWGdx{9|a*YJTz*9a(VBRK%(`=+62cvhVH}q z56_Cv=9z-5i_QiyK0%nE_y3AuHE;u#+=pwL5K5YH*Xc?1`#=rGaWK9=+osi2Vok*C z@%j+cPS&f75(VqlR^pb_@6HJdjWN9?iwh4frEIdx_tPFXAce&3Bl;SEJ2N;@PS$XY7N3 z%df0>E_oF3`sT%dVL*M+q}D{d`x;9>u$OZ^28-FEx3AF#PMW$6-;L+c7+XBhDiF)Z z=^&m`pw-~VTu?Y>aKSRS|K!A~WUUYzX&5L^1c`|N|32vNaxMUmAZ=!^?%*Xjg0woD z8$%wO-p)Xsuaa}n$yy6$eFvqSQ2;mK^>Xp98cP;=tBG^?!RJ=;-vs?!1Az)hiyRTpiF7~=x~tn!JL@6RD7 zR7oVzRa!VTgxy2uUEw+Khf9kud5KPDbA7VYb}YgG;OhW4I)KjTdG0&m()Jw;IGPS~ z+07}4>^5LQ|F9#?*oM6HlvD&c zM~EEN50%@Gy>4x%o~AL|nwwQ*xW!1xuCsdNCsCIt@4D$dS5CuOn5tfaY4Au+kpO=+ zQebD&7U$I*ZT=*FlAkA*;W-x`DAnYpE;gj$=18-(jLpG(1ACaF zhpfoe=d3SoXL~>=n|pUGvauXKu&ofR@M71@u*wU5581TkiYQ}cwd z)6dBTfkk}GPqxsbbImD!SK5bea+Md2d_0NPAM>M@#(x|>{lsv`7g3Wm^Z8IEYE?s9 zqPZ*RzJvWsUe*BkdSg+@y3qVmZeP@D4tmt&;PvVmWnsguBVU1xiLUom_?b_DJAxDj zSDeghA0HNR8;Xr4j9a!@y)1Efb`<`qyX3Qd3_r1}d4`U4u$W6LM#Lpopb z*aF3hI}cQ3H+TndZvuucGw>p(G8gAwnt3L?t=L{L0Jt6^$Yw+-%Xf#9qy4KgP)<`O z`|mE>qx``)|3u%^37F zZ&`nt%y$MgkLHXtMX3bg5v_v{rXHHM5{;Hyl4%^U{%0Ljzmu-GYl@;kCd@@S=z5#- zixx4&q#WL*6a0VLyYg_TzklC`LKH=|R4O}_ozRA|X5SgvmqCnuYeUMCWMm!1U@T+H zGIlCLV;$=lBQi3KQDaQ@`3kJ+9%=X~DhecrF-oX=q<8?~>` zIV_5AmF@N+E@Yv_q&JGrZ1)3JmH5)SCdGY!;Y<^(1E-|XE(t9Itu@%j~zsIJj?L}M4PGGM$LU|*|%ZIa;nkn-%?T~^~XH@8K6Sy75;=tQ5nn% zYLF2c*puir-8!j%{SdSpV1cF!|K~zptYRBfO48WujIqn-y*$>IQ?y!E1mu?fnO$)& z<8NFw8<)gW+I|#A2Js}snDhsu9rF#LhSn8nK0lqJr8n|IM9B3mVN+T8hIKG6CF)S? zCZQ2`=jqK1`70TPT4f$3|*kdd}d3gBJc}@}K1H1Xivgca|Bii(;GD6ZV(?@%c=n4?w?tv{HAKv!zV(q4?4B?iBX?7WaNDU zgjKD7W_~(|RmOkW1_vOi+*D1J$2-rr1xmZJVrF1$&q-U?;+ZA*R!CukQCWFM3SSqHb`n8dx@8?1EwjldG4T2!nqN*At&&vP=7|Z`ku?%mN8DS z7R5@x3Ole}))HS%xHEzgdiXVT;N_B_)E>>($Kq*b+@7!Lf zq7m;~w*AO#T$%x(dLEVtIM?$BK5I(Gfw^tUnhGQ)k8KL54Wml9J5oY~4w~Rst zAy|MtzQSv1fw&RE7i`CGZR;!Dho*cQg3Jve&=VOQZeETbIm^^fSySRjNBs`!nQ_=BS&3KN0Cvf>Ue$~w5MyZ7uKXx@oo%~3ZiPR7Ln5}0PvBe$o z9Y3;@x*C;`)U5aZW+hLWw7W}eL;FMvcBQCO^Q-FZhGp&Ar>4b5?%(aUO!#WD6!wv! zph2LLi&a7n_Lg93VqFD6i7%G>);y9_Ejgp8sMjXc-%2P@zq?TXuvP*bH~SG6`X$O_ z+P=%hGxM4N9vR?;61jdm*!s&7u%^0f0j#rgaewzFKQ3<%WR4PQB{Oo8wje{&tvmsf zOXCI3!89CoCM%1$T&N$lQPaV1F&(+biJU4S7?S{?eO2+0h_l!6DCAK2ymK z9bY#%)3Y?f6dP*4xRY9hgU}vp8v7Oj;#rzZ#GZ%kUOjag!lAkxR0LvKF~1na{&qR2 z77!Ks(|Ugw_+Eq^h`v~X;a3R*OQ7a?#;_bl{$L*6h~w5SVdRptc&^6f4#IhzdFfdL*Y<%L;$i$!dl= z7sjDYxo79Bb*-3A&LiV3y`m4)&lub_sdM(|MX_URTGv#7e58BZ7o<$D3)VejFX3L{|d~-RfE8l0g-D(Xh54-=51by@*|DvJ@eU%+ zXeRNfF&aL4F&^{MM&w)D6)Y{0U4jbfuQFq@s`jOjqs!{1d!|4t1&jWXRa~qDS)V4& zk1?6b`)%&eol)qqge6lgm0HbSAMDL!Qg@=CLtvK&5R7liO7F#5F=l86;J3a}kmsws z*%+Y!uz%bPLb&V=7}}MWx2jL-J$zHu^mxfD$-P4P{4C=qbpr2pe#4+2-1kZt-dIb?&H% zUn$5wVlPi64ncD3yPF!PQ^(NzVDSl5-)m>R3+6I2&^1+Hl**?=t9;j_dBUT`pyrmd zxle^~qszo`E@pk7#uX#;j?a==UtvJ#$R#D(l_)#-^(Uy_gJWM_h2&(qVmF#My|VBn z-7R6L)oJOkN%t>RU?L(J%Z8ek3o*rhj2CNcXj@^V>1aS zvmE#A`YMDe)H*xZWfS@D@%kja;T^sYk}Ep(p6?-FGMrtk&C@yd30j%~`(q&5uX zK)ccrt*G_Xkj>OO+${6qlP5L{{Hn+Bk+AG7pLD+CA>9*&uLV5J{DYQiD4Sb?T^)GG zM8yvQZ-=rG2Xva%FmWUrj|?vG9a?p{3EP4LFQB&DV-_+Btp&b5+RAs#+fY8~@-1MJ z^f_u_3A1VV=-8fOcO(}Cgy`xfG;;z29`Q(fktmash=R+)47R5uI)`Zo62eEH)|u#0 z>epK$UT2mV2^IA#wnW$*E?D(`Qg-MEop^7+wJG1*?n!r_08t#w8US4F zjgZaA&@^>}Xf%K;RQJON`8V92so99mnMP#0=YZ5QXB@elK#0M^p{l*txE5m38BGqxd2(K%Kn{Q#Il8B~1pb_=MDeOI~Nx=FjP3zi8zxtyuyqVt{SM zOMsXMmzWgSmbDpEEXJy^Bee^Y{prkhC-#XP8){1Uvate`B!~qb_~L8P(zX45!2+o< zV>U430<>?C`*}iQjmJ1g-G$E>b(i`}MnP`VpIE>nYzfGt^62M^+wKWXJ6N0q4NP(s ziy+uFLDC!b9_DG=ZJv<@ROyo@sGCB5Cqq4+*pqwvf}EEEV2Pw$KpQO=kA68);_YeD zV+^w|z*4sgN&imwp*=^smr;fSrVn&(d?o^m;>$MYw4g zk1?!Xe}5>rc({#CuB5U5E$6*egv-j}PyxMtV|p!CR*XWcgUQrSA(Irdn-&rIg#o zYMHK1p!(R5k73aMPH_vQ>Dln%9hy8*HkWIjT1;*uPAx9PjcmWePT-?AZQ=L?X6dA> z?@)uZ(?HZBmeQM|YI2lwS+N$g)@09}oW%gc1q|o;hq}+j< z*=@Bi5uL+HZDF{|GKb!Fu@|fgs@&=eL*6PRHz{>8X7$|tF_tS8YtGQMeRZ}$mN_Yp z@3Uvk^ek`+r^mv=MsRs42;OXBrg~@Gv<@+PuYwd;7HA=(vgaOqlmg?h2vvYEv{zhRJU8nFBgt>$90X zm`#vw9b%D!hX*=M*B`;x4`u^J@nnqlEj71=AdG95@9@(q3b?R-rbxf_Gn7qY-nLs! zJz6S(cjb#(n8#P!;(~r_W?9)uzqxCrw1l&H#(LW z%6*=-8Daa^=%6A(-4KNrUY=T3%U|mc^HIs}R1y~CTzX3IF<3V)kEN+?d=6aZo6{sl zrwtbo*2~xe$)3$>Z{GpQmAD~ZA2th5md~9UXzw7WvUUq@fwtRsD1DtvaB z32G$|sH>xc{OykgBjra2uh&t@$MO4RhsPk8ol!@ZO(156{uZ+UMp^sNqMLv$(W(d7U0e7UpX^X1`_p4rL ze*s}vA!JZUF#XkdNEt=(yfFiYZv zE51)WV`@?I!g$`6+Nv3;;m({`IAMh3rJAC7fxBPH{b(?(6|~drx|K};ju|0$G|>H( zjlze;-Y=aTU1In?Z74b*NLsK-V8z^SY*4{KoKs{b7B18}Arcpw7@pe{KF~hdGafG~cH%JPjTWfo2%1R{mOvWXR83vkGSB8)Q?|Z`r||~xBF*v^Y>xpT zb;}+T$$e|W6?**_JpJ`B(<<@8|KWU{`u07{ds{u{Tc%vbdO}MLc3~x3i0MvT-_=1} z4pES5W_k)bJJ9z2E2;<;vx2uU6S?|qB+2A%$k6^~sf5%+z17JBM~OVUvzd8QW!zbjO%tw3 zxO+NoC*Ejs7K^^t8Clb?mQ0Ub^@W6oS}Yw>b3J zEGj;Q0h&>=(0Ls=iRm)4_(`ioerg<#d)Pz??tTO<-XI)a%`Wl$_j>sEii56+9b)j4 zssK1ZSDEEF?kP2h+i=G_mF3*=-Lb?_6I4c;IB*}zSmdpAB-4A>sHiHK0xPe#%Y@-^=JP&vXEVu1kb}9*=FaeA z#ttr31v#VU>y5pV)_GQ@{x@lq6iMO@a5VNuOPzgxelG+0_WI=D)1j82qe0CtK_ymn6svq;n|)6EQYvBg^N!i-s|g$9V{)?a3ve=|y6fe*7- zBn0ayb@5w2_?X~I{Bmh|KJCY!n%nxuh|}iCI&1!)^7_-sQ5mz^MAqeixWU66ARR7c zcOHh|On){Vv}*nX0|3K3dJoB9ufB3b!c>_SbDfr1<2lBICPC&>xidIEK3~{cZ4Zg( z#o$LEs&h~31L*qM=H#m3{6`b-Z-kPDbdC!~J_;6G=J56gCISre&A6EnBP(1$=+qsN zRTwqrTev+GUc?*ly6EKB!#ZH~pS+{nG8uc~tp$U*8F`u)d`37_?W5w28K7bhgL+?R z+1yb~@Jb#0c?918zS1#td6oS)N9*5%#LMMj7V|G`E8;YCTN$n5mm-i|Fz~UC9JxI* zwKYyzDJGn2*lrrOIYuC}@3Qvc>U40EgdV9vCURgJ%S}K@xuqE;-wyc5RBETn?!WQC z_cqpVg#Wnu<%GgdI`3zcd9+WUAun4->mlgvhVHiUKxM-oU=$*F4_-}fmQwD*Oz+}R z7kB&|!9Ta39DOq)3)4+AR=J?+lF>MSn(vBq4Q1s709nvsJXwx}T8E@e(P5YR<7o%W zn`QCI&zZ%kp+qsD?T`8qC{0Rmdz+(?XEoy|iYi&|^%2AhN1>AHp4H1phEo|95Vo|2O`bUeA}B z=4H6!iTEGL>FYwhgz@8%GA@0Ad0$Q-MfR!W8HWu+_822C(~N0HLs#7?)soqW0wY)# zHbiP^WO^EnF3dH4GxmfWc_~BZuAZ|-x#Hg1lf27$j8Gqf0$O@CtAAR+RehC}q6FIcy*ERZ=IeZ4Z;UXH&X0OZ)t1LLIR~;RS72m} z+(*;!yKT_}4anqnbw<@pQGH{HM#LOTSF<4XyLbpL+U)17*WjYK=QgWkX5&e2ikt z-}T;rqW$JS0|x`&+n>BL{Ot-uMj4yOGIzojk6cB(wdlvx+E`hcF8=#Ztvi^YqFhOh zI$LEGes!S%v))Oez~W$-Hs*J8ljIUAd%F$uWbW z4L2Qp0Sj^$T86i7wo_c$h4=c;%xvK+<0gS-*Z~ne{E2vvmR=~+%7Txdx_tyqh%y>G zH|3lF9Vwa+A+@{OU$&2wnUE}2IxDB(R1XG9wWK$GACe}NOit=ESuYyFry|QOP-4N= zEWXmj@RtZHl+hGv_nCSppq!?!*EmOVOIXdCyFPK&eZ=zj>HnJ(twM=`IRfAme8e2B zN;U%n&*K9NHufLIi8PtqE-~8!(+z-t$2oueY18VDjPi=%Kys}Jp=SF5+K_{FuK5SOybVPxp0x79r zg-hkby-KoMt84z8$eMN8Gcg_5Uc+q%m9`%3^R%4C;Ndx$o-&;KQ}^XGg5IPnx#py+ z2DN0CK*Fr0#?!LVPMN5RzJ`FM&k~KTViDU5r6{B<_~Q>}G+S+a1!3I;q(c`ve=lhN zc>3(^wPZGl=d=4AVgL3sf4w21ec%vOW6`Zj`X8=4y;S)68rT<=C~zr9>K~R0daP*N zdC*oRBA~a<@DB|He*7Un=b4Jnl?OYAHU4P(zce^kK`-0&}N{rT||7l1t*Zy~Z1-2Z+Ee>KBT7jV0Gv7IvD{$Kj?_WU)F<*UStTYv5_ z`g;o>TuTJ{LKxpaw@Al{|Ip04ujqSTh6bJN|7AS>94%nW&VgQj70^}N|D`X_UIG`; zP&s3n<)3~RXqD2%YoK&Truf2tEFA%c(vag!g@m?NO2lt<^`DLVYe&qPE}$>|%MZRo s{$Wbdzxe;b_&*Kbf4%m92*%aDTn5&w*jn1BeZb!x4gFil8=y!30TV}0KL7v# literal 0 HcmV?d00001 diff --git a/img/multiarch-dockerhub-3.png b/img/multiarch-dockerhub-3.png new file mode 100644 index 0000000000000000000000000000000000000000..c5d7287ee2dac4d34b9697b29ecf5db545b1e00a GIT binary patch literal 129779 zcmeFXgZgL^J5C8h)ihr9#_hcJfv4ECfw zK1To!4%5U^R8&D)RFqP|(ay}$+7u2>>Pu1ziiYwaf!}Vj3Z51vf|7{cH>u~8v_S+P zgi9#jQK7v~e1#tnPNu7352g-(srypV*#)^bBy3f@>bfr=yqdY(NOW6PN?2Y0cFlWz z<<@CuB+W_A>=*GwWZcF-N+hL>YJ1c!L5!f(b={9Yk!&m~-#z9SIj ziWNnnl2>;~PERS}5gpZrI^+Fnj6H;>oWAk)Ab?vMRTz7RWAXv86hqbWF&K{?j_+A4 zB9c)%jw8Yrm4^quDnCgz;!MhiHTX2pS=8uv;KKN;%JE(E=aqcr?IKulZ%vx+i=WIt zKe`PLt3t*NQ5a+yW5SgCu$|o5&5iQHEn@-sM3bx~I-Yim8Yma>m3nQWJYYDrviCNMpGFz)M#6t-eq@^ggt~*kU+?83bu14ilS!XW^MQQgv8ns&98B zt`7&29NsD7h|U-Y5j9^4xMknaVbqA2IX z^D=vV0n~k|MUNUm-(nS9jx-{q(u=+jwy+FiM^8tBN~B6ZygAJGxF(3wGUmE;_xZ^IWB7SN8%`x9-89|z5G z!_IX5?S7}V^iS4ADc@9GIG@pA)!FOZNJLsi;xE@~(+X1KPjY*5EOJzHNRU$b4?ESP??C)rVWjmfom@$W{I7{05-G!bu4(E(wE`&L zi`edLd}rFtFinyG6BiHnD|Y9MK{i|0=?e(fLaxMsXiy)Pv5Q|YSuV&?LQiiBsjS z)HOlH$gR$;4yUsI;>zlPv*twG|NXd6(x?xr-_z{c+M1}oX`CA0q0S$0G-0YHDi-k-$D;0!tC3=G#PINQ zrUcSZC}QU4JS!sl9Ev5n_!cEf41dDGf`AW=No+SKV$!h|Z#8)CTmR(69%t=yAAeV4 zxascHRN9?@DpqEKzUSOw00zNLrkiO_h|~B-qKjpkWyv_wG@L+lcip> zeSwJCHIgWYE%sXWiuYdi3iL`CF`VI6Wr$G|C1grJ=DotpPLzN5ri=PE zp>BY{gxm2IZxSOdVchTlU{G=}Wl(-l;Dv5DQ(p?6D6Ue0QnEt567gF?dT=6n3HfZ+ zfxPTjGv!@{;bP92gqfC^c`Yq1H7!A{+`89VHFZOEkk6n=&#zbh1@cbc94sw4Xl+<+ z0A+Em5s-Ab!sW@pz2ZynJ0s7R4@eJ!4{cncUPWB;+C>5~Eg~&y&}xVbS$K3AmZW*B zT#j7Ym@g=T57hiZ7oc0ttnXG}8+`m>m85yq6SHl@lhxD1GvdqQstHeDW%p^A zAql?m6066E&JNy=;Eu~q{|B=`o#qIcH5Xqbw5*V^VSk zlQyH*_oFhrvheQ^jn$e0t(r3SGIcF(O}9mjg~;kOTV)%ktZjaQaWj!)f#E=sfL*Php*A45x{#U$&Eqc=VKW#ozy3KJHJyZ67b9~^Bn zI_RCO@CCi^H4k%^+Kwe*<{*rg@t3I^4$K+JQ51~`nS1WTJ7T7BP-)sDhYkI8u%CX| zJbN`}|FA(5O8DIF)nh|OLPlpwgxLk%c*~m~|nL!7t?H z;WgOyxs|Wgrgge)-ecW>q|$gXV!_-SRj^C2#v2RjeR_31dcC>}P05bXk6xGSFsC_^ z43n@XI~!OZ%0B5>>|pYH8B1PC|CMQiEtW!q=;r+ZpVX^brak)pxP;NgJ`bWJVn%F1 zocrj*VNjP1W|v5}=tmJPkt>Bi8^ir%t^lQv)g0)v4!ongo2pj^e;U zsf1~_0^qOyQ-<4BqSi$jl63Y!k@Ex3>9zv{`~t!Qt`id8oMeCF7U$dURw*pTC=_JEWVkma z7LbpnHl6mO(8fz#Yo%z^_c)9p+#M+2#*7Eyt z>$M|~7+>_K;%1E&4Lxt;_VxQHj8o)zWG0MN!g9@&U4QChGVydG`i%XMA zmxpqP4(AuXYc}spYn?4wz3h7FHJ4Vd-FUp}xp6m462LWM&9SV}e75;!uplF&hkIUa zNj2Gq%9eiN+{9{XZn~oqSiEFbUFN*J3!Vbo0Dif0sC%fZf;m>3@`%gS)ZC6fF1uK| z4IJMQr=*X1rFwn54rm){8wbihUEQ@0_{c&Rp;o>%4>qgtKm6mh@?1aLsDm2I%LMb= zuYL{$%0Bmfj)L`Ep!T71dn24CL^7E)pB&^?d#$libu6K2ynFV2Gba5F$0{%DPVel_ z|PhLn<^M&576^pwb&uPo<35r&$)@K$^{qG%H zPQ^JcVuzE%{wXo~Xibg>?@kVGttRKSD(Lh&JZQiY%d#7z<_(T^ZOyv&ExTh!EkP}` z*Ul$NtK4n+x1pO9UQ4Y@(fp_$_8W%xJ%AXb7(IS9{>K@?6SN2EMdgS>)$x@qvSZZ4 z#!K&`3kYE~p#Z24c<|74oZmCN{)m2eC^DZ~4pBc>Zv(P;+T43WNn*HVSF2X9*LT{$ z9_r_7HxJR+N7#izZ-CxQ?6>&)%D3kIhv1~M?fdpzxMvLMX=t76%kW%;z#SY5 zDsYO&?H?D^iwAO(cSG0K=FQ+@iQ#S-PrzW!^<^m0nqrkU9EY6JI;Uzd>dCVV1Qq8| zDIOAU^_lAlJEQw{_#bKH zrLTzpbB{0vdk6PHSyWmYc2zcZG&Qw#vaoaZadLpAL~v;KQkqV1a0Il!Pk3pi*Qc=h z=Pgw+t~lE2aeyJ4|Z!~>TF2qZewlh#OE$R{g(tE?Ed#- z7HZ1BM4YVzs5N92C`IiYO({8^}i&3ukA0J{A@? zH#cTCc4j+Aa~4)!US5{>Y%FYSOfU&1Cl6a^Lw6=yCz^j%@;~*6nK~IeTG~5X+SyY6 zuGi4W&c#`Pn)-J`|M~r^pQi4X|82?E>EE9P`#_f8Z&+BF-?RLuZdg(N-%t4zEZt45 zHN-4!U^;`fA;`+X%ftUyf&bsD|2FxrqN+}&j-qxpu#(P#|JC}x3;+G)|1S7fo0|V^ zlbiMb)8yaY{JSJS%kNMBn=1aL=f9r96fKC(&+?x^6GZPZjdX{NBdMjBybA0Jv$Eem zcyrjFxBt5SzCX`@9}6!62PX_CE%rgh9sUS}lKFy@)(d^|iXZxz-=U(v4G%N=5c^F7c0~_Eo$`vKUP+-d4>?*nUOOIh1b7K<^n(*W zy}6}J8042;%Z&e)IS~hk7W*0^MN_aa|3C?k_m2lQ(%V`u zzkV5MKP0JtIz#}&|JW^9r`;)qb5;@g^*$o#p^bn5>ZcUtE{Ah>9cvpDf9`{S9+hy8 zfMs^aoe?C(@8tjc}gOhlzyR*=Fgp%Vn%qel)%vOYWb6dpNQ9+VTCuLfB1r* zLehRBP$1iKnnefB*NNklOauNuek-LbtX^aDeg^4Ic6fAf7A_myA3HC_1Cu}-N09j0 z@#%L9yw_>2e-QQ`5rOs6Y*4y@h8{L9@q zv^^WDf`t%~3eg)hF)3IRL0|Wx{-6gxByU(ZTVmKl6(cf*KZXxH2BOf)m+QpS4%5f! zyW{zc{T?)-%nWY3tj$8$&`p)7mfEi&`<`Y;|FKG`P9daU?`kRdyv5cs9~Bp7UXEm| z%dzOG3?;v#%K!KR11-f=5u%7RF;8sWlWJNaKf-yX<15nl(kz|BR?3fKR56z zpW(8~cQ>1+$!U9Lxj&|G;D(<4(iKFknr9nT0zV(TtXXFUV!U_tkYe$0+@0EID4f!$ z*1)B`H$&U!Uio4Ja2<@4@4(y@uQnfkM>`|XiTBh+nF{rJkVvc91Nf9!K?#(;OKlje zWg0`;mO08;UJfTu?Y7!4H+qzM^ItRUlE>NB+N~)JB{8S{fIcFkZ1?bDY^87l2kJpB zTYHm0j>B%`i(#Vek20YIQTfh;KTR2B4d^!f1hfS7x?)Iqm2jBJ{ycU4fT+Ey7VCvU z;~Ut5FC7k+xb0pG@YPAvh^<3=F{(Y5v5M82zG1fH*)?wn2s|>~?$6gLweDFuuFI+; z-8@-$8KprscJCI7aC=Cp?rzRD9j`#SmuF+(beVYw6Jj|=13U0c$>XB!lnj06?*8_C zVEe&qAZ>d%RTTHB9D2b*#Ccp7_RwS8pB$ABZL-;ZG5_`W#8-o!Mc!9F)MZ&UFu%K_ z+oPxxsDABxx$cDx_VS+*YDtG21TTL~k~CJ;6F)2`olyR)UV&%7IQ6pBq#IDP^)p8l zzJC=Ebubef;pL{vuOqxdF5fK}3`u}X`Vjvoyzs+D%jC!*qv;(^;T519eC5#UwJxYx z^||h7sYX8AN~5J2v+4964mkL_w&Ammd{n&9>=z*kZ@a~I<@cUmEySkJ6W(ann8gX| z@_j7*;X($CvtAGZxD&9XyS}&+dLm7c)ovK1AmJWve?W1rys}bF$a!E!Z46!yf~2dC zJDU+AiE#|bwU|A>!i0B1&jnMELaRvy9aUmRgeqj&>76_s1~cdyjuz@9x$IV%DM~f5 zv{eN=LDMB)4!kXlna3;j)1wF9&$QzHakyV6c1q(fpi(;zP z=d4W0)Gezf^X`P?^n`BjpVeW8a~q~J>fe^W zP~WjTZah}v<&<=#1DPRG-(%Rd)4USLzW!PEE*l+roX$y>+83;N!hw+xM*36Wk5JSJ z@DD--he6nA69p@flpBYW;B1zq#u-HbQ_tcaHVXA;J1S*?*H^D6!MZEYe*%<$TnEpX%V5g2dy|r{!Z5E~5&eKwa5l<7Y9I{`h zHrO#qxli{rvWMABfu63>ZyR!7E*U1=XHAYDR#t^E5+rak*Pw!>#z(RF=~1vAnaov7 zDCe=-6_z`>_dnI^qk{*NjU!q9Xj*x+u^S=)YxAf3Wi2A1ZN$3NZCsmvGRTTe%3_df z9{90PFTSJRI$`ML(2#5jc4Y#IBS0(1=SSg%$y{b|Jgp3YhvU{LeEl$c!o=gRjFX}G zm!%xsi~&onAIOUJ@{NSeWu=M)0UvT!&564A{uqh~VWwX3|U}nnl9C9$OGA@K(r5eXwg}K!apaMnvc3 zd>wFr#p*HkWyklqP%qHD-V&#sMeCk^2O2m@B~)}w*$JtabwO^Ek27DdOjsH4Y7{Hs z{a$0`s%0?xZ-9fHGf(KIc_vlV5KDbqWs7Um`u9qI^p`j<{S)5QO5#OmnXAU@?ban2 ziKC;qk4K6?gWLoYgV&kn&E&FtP9c7mAxl-k5Cz|r{?&-D=@-8EOR}v~P=O9(tNob* zOJX~mNn$oG< z&pb3RIGr=`AUVoj>?+&1-{deFRBgH}ck6olvFjITvDz%jFaFQ!C8`{2MGUv@O!QBK zog*VK5X&DO{28D)9-ZPs!X?dFx3FDF^&k>rDEF#{ar3A!}Z@C7Xv=m-yK&>Z3;@Lewn0P=tYc^d^^8%M3<>dQY@gHEI!N4XN_Q~f^4?woXtV;_MQ0h;UN%D~0oX#LDjQqCt;S<6Qxb-qYi* z{`p?xeC?Cfv+Fn*{Ld`wHI}IqIQ=N$4{fnpP@vbXPF;(>reH*GvEHs=Gv8>a_Bs(H z^M>w3<*Dzwp0y|Kp6-l+7;doVn_a9P^iNK)|2Q{eg{N?&QYWxPD8_YPpNwXe8VWcc zaw3o{+v5aLVT$?ze|au25qpT{)HR|bBSGT zEzf#cXQE-~pC1IN2}A`$>R4p6nAe|9YXmQEbh)M0_?tk}t{Sh-){5kw@9I=WWdotQ zKU(=TvzuknF3eOsz6C=z`;}EP4K|-%JP2v5jIxfTzPdWH3cx*yOQv;V0{#*6VQB!R z5(3)GC7@27R+f)Xc=TbEC{!kiedy4}*bEu))N*mh5mEA4elEM^kz20*WQpmy)qE@! zp=-@p*v$uv2FXr+fue>^E}z$91pPF)ON8_!r*?0(Pwn0G+=>%<+ZvrnMo1eEs~kK# zR5zQaPVSvRPF-B>dgr;VTvv!b=pZtjk_|kj+K&4wM z&i1g$Qkz02xyIP!m_Nb4o^(ap*1c> zB59vk=~wHGQ&t{soID%s8l3W65p{`eBIX+@!n;z$t$MbAzE?zJqkjD)wm!L>w#sPPjdA%7RiPN$1K<&e7lLeVCbXi z4$^Vlaz&B|G6EsIY~BP`oX-@L0z;yO;PDGuFeZMgjzCXerEHe$`{*A|O;0dLJS$>B1?H}Dk!rC2%)oxAJ<~^M` z`E}+xyoft0+8^496(17X$qUpB4)PTIy*()qAOxmvP%yS&Qnq?w_|bDKb#*i2vH4xF zP#h{)HYs(5dZfDy6&nP%oz#TKv-|=R2`qvv9|jF0A^6!V1@-vsKNXeHaA5UL{VfBx zo@?B6+E?s?3z!BTDwvkHV19Her#lGi)BXb1E`{%oD$`f<@hsVk63y*TtTac4GLQY) z>cc^9LNmVhq!Gi(?;MOKm9#Blk~7*~y*uh9gwB&jk@XuaBdhLy8T85wZK6sg3kaN8 zdsvzKoaaf>67yOOiT$Py6R|m(srxm&a1X>osc-eUg70pA6_g zb;><-54zxFH&9Tv406KJW;OEJ+_7=I8Nl7W+3$-OVp7MNDbUOee6kgzu5GD6s|S9L zCS}`c*S@6Jw!q$*_rcs3rGx7QTjyZFpQPFhLN7~mj-MeJ)27SRTVa@rc)gu=ZxN)-i{doyZ|CgZkP zDEDtfEJ6iNyOA+0;9K(XN*IbKkE$9if?ZLEx!10P%#gLW-1LEIiHvHmN6Xa9H0h=V z?>})_eg8DKalczs`%=*=w+BJ0)N`o!I?4BrwV1OlxuM1b&_*X zl4DZ(Eh3O`+2Ae=hcd*nR3s|qF3TX{?jkZ@PGU*?q9N06I7uXHfk++e@aEg+AT$T& zh)qs=zfhJ4{&RLtS%W8qo+D7xZQlGx%HuEECq5g-Ic$xK7W@+l1al1jFusTmN6=38 zp8)E0?EP;sAUPZIKPg8T0qr%6-|#>6u=*#6p!DCOgNfZ<#M1vGm4zoo`J0ak8rM$v zQ|kHG^VdQ!vBB)nPw;>C4?_fj?rT1F;pVj-@Ro?yDB_h7wyv4oGB-SFlgFawsV`2J?egs{^P{#n6DcwZ;7gl}3o|5+pF z_%N}1kAW9|%nSad;8>U~A$9MT{Zohmi!T4q04GZ%)zjc8!t zlaJJ+p!3_EJd^Qc+4JpT2FYmBq^Jz8efy6DEN^(7b|QI4-1Qsno_rVEjSI2rMVhM5 zumr8$`=iMc1iY>-g>KJx;*J(;4#AuKF~i3KURSPb{2s3*qh~e^5o_eASFT974rpj) zUZi9eW_rN<~Hu$_|skc-rsT zVp+A*Kd&2`c};(?ZOhSI{~d3PXmGf59;#T!2dwbv`Ux;xR0BO-w(54XKJ8d;|rKRl%NL|zAZ2HppNZmg!w_9w~;1+RWYZ06~KY63lE2C4wZUJ7g3w{e+@Ijtk9 z=Vl_maQ06MDGWtkL}G9Bp>^|F#|*=bu$ zFU4nB_pXCVO*i3IS7bujyt*HYx;O`au^Fd*B!EQH{nsDdfMB5h*70qeQ3+F!qD2h# zG~0j`_3*R!J=M3vl%HCo#3@%o?}7tEhr*MDtk!X4KC4zR<8;a=*Bqui1x!3%Ua$^cgIQefznn4dQjIfoc)we=^%OUz_~<5!(LND|J|5eh79)@5@?z0GFIM) z3$}g#bQ}n#$<3bfQrGkRGE<@`Yv&~9g=#?Lohst>3~?N(!RvAR?7T;wA^+3965FpG zlFS!fnaZGovh7qhjM;J*8KR4hQ2D!~w5Rk5-z(XMq1Iar7Xdzxdl@WfzU>zWDQ>LC^CbN}nte{=3(EWfAy#214vTw<-LOIS+X> zuC}pKIjdiStO7+^Fi_p3DG?BSahEET-xQUr6cmZ@rlOK^c?a3*_sFL>0fut1BQduH zdZOuSCbA4;-D&;?MgDm-u$U~IQKmMPn6c!=QlR3OM~#mk!wVIAzA%$aqMK?2VUp?l zy6IieD(?4KIP;AB`ZBjD0u^Y$PQmcf!?D3pgbHbjwCE3OG9qZUPKo3Q9Q-0WLp~eI z4YPYC8KZZ=*HK7<0mwjJ*$iXc`0!holC_0&wTLq?5HX|+Hc`X7Ua7cf+C9J+#J~26SlX-2I#jlim zr#YpUrn0wCF1vu4+F+0~0_u?Rz4J)2UaA)VtOk%_f@o?ll?02?+;-Zd91|$dmqSJ0 ze9EF8_PtS@dusX+s#*5=Ws}i>0ln^l^Y!+5cWK4&()zq~u%oGHw4m1I75DjLD8;@N z1+hmVO^EGcv#Or2&o@CVKt|Fyzo?xgb*lDmAmX4DBL3#d*%z6d^lLd^U0Y!bxXyZkJB(I#zp7gjGF%}W zn?DSk$z6g_@O+)tR%Pntbv}hFwzi_WN8-4tA;;NRr zsl{bwB*)v4+b_tV-C&ava&;&@e$m3yKfT;pb9v8DF&Hx>aT^jvLTk6ysk7RZ{=7tMTqB0OMeMSeN1Asl+-Se1L{}qS$_G|w>|ZNaB!^+ zy0uTJ7f&M@Jy3fsIN@8>_&O`&mw3d-Y;wYZz$cQj81)J@)n`{N?d8(ln!+uBPpU z3S9{B)|5zXx#vc(!7y2+IHc8Y_f~3}B5H081Qy-VQsT`2=KY**^Ursdr%k%l^@rK6 zT0!ZXDsApm1WaNm5nf$3twOCc#m8*s-;(tn;DP$g_aED}?#n!5zE7M)g&dFtoG-RY z8-JN|9%=W1ZYm|`GTBLms)xk2LhZ9JGgI6Y*z!oWP47@B4tAe|U+`PG_d^b+l{}Fylq)LbbN> zk|D9dj;<;(#ht$=XXwSy-GT$l0gqAg2kE-b!;BJvtBwBb0sRba8C=uqLh0ORj@$W! zfE_Qv8;g3|3Pxp{P*UD%h6J8EJdj|jvmTfvGtZn0~j-Ln|)`B>z6`Gxfy0yt@6nTGPp z3#gJeog6y{dtUd|r}7;S_HWI#9KQ^+vQ43LvnAp+Y83XXUF}oXD@D#~uCp2pO3A8` z=Uv9(q3}FHYwIxCApGb)nA2cG#hBiwK=n??;bAnOxW`t#QQ>I0nOiI5Ogu0W?VNEG7cxOOt2${$cW!pQqs^y_L;!7-xU^$@U z)^k(srHOA#evTibG5sR?^L&Wobg4mFg$R-QuK-%a+(jq7 z{cXY&f|*p^&zw}>f#{{QPy9t|-zN$I1=EDQ%+j%NbTHs6u9|dBcgt6sr}wW2v!4@~ zbh5VieyLlN4RL&SftEe~z(xr++npvl*^9gs{;h#XR-u)RhaO8*jdyhqjRm*2sq8^9T-71CX!R6AgKmq>9CrxD~@ zJGtbtPX%y2PDHr982&b{jN+1d`9rJT-iPtlRwyESJhPk+B<~zV!Rx4E+xQ^Ymi%nV z#BJ5H<`|RJq0jF7HZA#hB|X3*;!_6C+Lz=9W}oBY{_VaqyCQfjA)ejQXKN%D+5()% z9%(moDozWx;&jYQd>Vy)V1i<-@lxAHS`z@;qoPohs+CcbdHl~+$WcVa-nDk+Ev!-@L3Otqp|a{9X!hD~Ie zUlTW3=RX(%6u0V0JV&2@PV8^E!x8*yZ}Wju373Y*eB@3e)ZeNKZbO_9QqA(b#RkI@ z=k*y-cztcE$X9^L-KWDjt(9*>mXrFb=+V#H?VJQYw~<}TA~bB;YXV0=iNFCoSr$P) z7;O{zsn?azbUfV0PNTrN|JH&n<@3F-x^HN z9`6-yWu+#?%I$()OUtqhjqws*&h^_hAAc73rFC)-Efnt`(;DbwCQyYsx*nifZ|>GK zU2NTLxb2yntVy!x*>8yKs0^&T96lvx5$b*yFM8&3D0OWM%9krkZ^r7hjx^VI*ECQ= zrr4}m^I6^xs$LZ3_mf&LHukby{g&2FD1iZdZ&lBn`-%zDH8ZGmciB0)t#^Pq@@hZt z6$SrI!`Fl|x0s83@#!D&0Cn33|EL%(ehP!r$1OB0jO)<5bs&Wj&B)H@4s5}6K1Z_L zbSs8u$cdF}B_8Y^##77ZdkMuNZ-TtSs%%5!K8u!<7htcu?b=Ko2H4uNSVC+ZD3d+8 zHHU~Ks*PRoC91z660*lku%gcA$XZ=R=0)FAupc8c#s1`Zb**5EdqNcX11d2qP(hD7 zIiitz2FVz6InB;u7Xcg?hLPiZRv3rnVwv~l5~I2NqQU{9y5Z5-o2_%dJ!toHRp8J2 zqDf1T8~4dC8e6w%0ra8m5t+jcN>)B`+J~~ z4+^blGX=>-q_1GC_XzW$w=K%7qPFNbM|#l^u9yhVG*yM$3NXs`<$w&TKf4QaQg)&sX6!(Avc-LfGW2i9kt0^1Fxu^%&utvD= zsyK+(clGl{FFZT$L~;fI=%3IrukRB~F18`8OcE30q2>}GI~7U^X|P^X87JtqjxH_{ zl)Oph4C69>pCd3=uk;-Z035IUmz0EU@B1pjk?A~t5FI`tGkT$e3T1}M1q*;61E%E2n4 z?~_|_Nw1gFta4N(t|*E7KK-S!6qgQu7e(J8s@=D9f&npl888&-=Y&0L?<%*bvon%$ zLb`rBuOAJZ<#CHP7WEl9bowc1*Y(ZMX~7@ZL)5X(q?!Cfz6g=#*r&6p-gnrQzD6h` z;m0BOI*Y@7QFIK)?x=qOn9mZJn@w(xwXg3KQ{DzeAyua-RPwx}_+G*L)D2I6fXMoj z-&HX4!Sds1$Y>n}=eGgg7^}lNi^3S8(>;sb#`KHy!JhRcuC>mt_Bd4Qm)XtoxpHvh)oX*e`Lw!DtKAWrnn&@O0V?|( zg2;-M3*s{Ex$PF?ci65B!7K7n1#V-@M-Jnf+1@*u>?E#j_S0auw4S?pK|&dj!%5GR z)35xXbHB=}i@2-IV*10eTPxdURsBLf!c5}@VGjwuQ++f6_}zM&_2b0D77BNspP7qI zCvh`3l)#x01Sg)O3f+#M?UQpYgDPWize-3#t=fH9qwq&#j8|mr36w(w?~sdEZEd8t zWf(AUvaj}rQE9{r-bHAr8m!W&3uP;SO8aMnIR)f=cU~cBFYMQEZt0%p7)edZ)*)C-Gq10sZq(86N?mJ|UbWg3`^aZx8=MOPPeyM-#W1lRTzLg{Y2_3LK?7?4Sd7E(a zG+fbvtP{iK&s)gni#TS8Vm)I`1>UVbw8i9!xm)4S4rFfO+osr_cO4RonXdmKP~LHc z1$7Qj`8|PJ{7~)xwjdTC1XlpbawaUDhz>D$8ydsGft0k5(~m(M_4$SE#Iu4;X`8pp zeR86+OeTwuE6ep?xgobHD}^AR-a(F_(SAfZGuT>h)!xyYVv)B<*9v3aZ>ig>(7_e* zo(vYJ5J?sOU{_AO^^KOxP>R4c5|pzze`l8i-<-|e@hCdJH$UW4w@4efaZW-hfNa}m ztm6xzJ+@vH}n^cAj6AlD!}F;r)TCUJw6Qjh+z zJH2^q3S36M4>60sgln&CtCQH_-e2jx&sjxP98jO(~MmZ z`k3nfvW`)vu9r^G4wE+#z$=}=Qe4aHcgFN$`j^RlE4#m52Nq&BeNK(0c=j>qbG8=~ zi(aVZZxpP1&Wh9cLu+Lndy{!msfwL`kN+%vC>5q`qev~LVoe?J=-;Gt5tq_I_*6apFI_E{8PAoClgOiaKKSG-w4(BS| zh{Ha!esJO$Wg(7?T5_K8UCq^=cCW`;2+%8vk#g6+x#E`NxBl>+2DW`miZg0k-&flv zpW0qomfhvPkGgi#ctC)-f2Hd&EWB_+P$vpOd}%4u&A&-?LLYTMq$|Cy!%7I}4J$fs z|5*e!m-mW?i{5ZZ3J2BkPR}I4(EIA;JpHsm)HJckC3Xsw!zTnWC%z3^Z zGfa5;L{TjQ#yh^g<5%ccIayf~(b#r9Zj-<45NvNp-RR8XUg6SqiiVNFR_^Q9>WE&8 z@*)P-g&*<%GFE*U{C z6~e)0KWA%`%UDBXnRJL!vxtF#71Li}wXx>&20QTK$6r>GVP5D`XxkNE9+RVt?n3ow zjKq{Vf1Qo>dL;XIcwjfzt~^jG1U1UK$XveSW|sQPOdf|w?D+OsPp~UY8Ronjvc;X5 z)4ABz?821a?$))s`-I@K{AD04nl<#`+SF(?=YnTeLdH8m9{rN+8t~Vh4POSaN2V%u zQ-J0P1_f$7=Fb=xMOxxP(>+ zB5nU-D4z}8w9IXbsRlevk9SxAmRDO`UDxLp*NX`J#Iw2X@@y(0s4Z5Ax;G%Cug z`&Xn4LV2`y>#W^n6RLPWFI)5*MH^>(DOM0xUY2@T5@gj(TM)eY{+(bovz%ZxC=fJL z00w+H2#Z~|C4Lilr&|=$z}JvbZQdff=5fJkqkNYPI7X|SE-&~v48C5eh#7^thcE}; zbvr*6DeADA32t?a!R`n7S^s14Btwk$K3?5gCg|Ggc#7AFRN2K( ziuzSLc`xx_wn}#Ss6(Sm7k7^`CxX9StZfJPs^OxQUgNUVm+z8Bb(7JYf|Y^@D^NT6nL|_$dTqV) zRbPVf?;0N_$T^u;?x^*KW%#oUVTQYCfem?-xRVg%_&8(m)z39Sn%h^Ah09`AkD{CU zYF>|ZMzE~mtXwJ3qE;6Y1$>~jI4Ma(J6}HF3_zCIsI;9Lu}rw)Ixp6{sJ|mUaGcrC zSuy?m!Q;EE-&I+b=Oq<*6vpSwL3E3F&UyaE=cN7Sb5gQ>K4MsR!9BxYs_I;Q%JSq( zy^igF2U1jA^Rf~dxPYM1>>2vgpoZm;BB66wY}l$iU&?vnvVd)Aqig3>B`11FY$XY}_d~u?{~`zP7;*M744tl)+tRIEukvcD3-PjBZpSz0c(PIzrOhDkjBt=e zkl=LE0JcwkCeePe+NG3t>)t451jFkp7M>6itxCaXsR?@E0ev0@#a!=vCX`qR^=Ou z;4i_{^Md2N_tyd)GISp9Te{_d;Pus3)6%yIoSq-Fyrq_yTeOPGRci_yZ)3YYS2e#I zqwgU{A@JstK`#!D3FL)t&N7}J)QvSl{UvKBV)~Lg(xAm#uuYT;Wr5`E)~gf;`)FX) zqq&xo1Z<&4F_v?{^(MA69lCq5CV4YH62@1NqOh68E1BA>^1&06cjh@r)g6f%lR4T4 z0iD$I;$E*Lv|RvT8SeY{+-_vZx-gCKD7}nZ6fE_@EP4cUam+q!`ot zuGSd$wxZ)fj&71MrApv|er(Wf|ZVt)s70C|mYmVmWgUkzI7? z=%DdPAN}CP$8qD-rhcuYFi-gqLAB|iGwiYRZzThocaek)iPn2@s{~CdWP~?y!7?NmX zyx3sZVQ}e^;>7pr#1J^ix zxN93#UQb=;rNo-1y%IF9qt(cSb|06|Hj!R!gs^2(Ul97{Bm4KQGokI_bV+XA>}Ji? zDB@%q#(+JxH0eMP`e0hIA_LHm_ZPVQidVb4|uA zsx~d^Wr@OE#Q^0nyUg(F)2i?=eHEFsfdjVVIHBw)T+SK{b&NVE`x^}FHMlaRolZG@ z2t0dNoBiGMHEe76Nhd_t3w=m;^k8I zh2mA#WthfA;5AW&mOM#EMe!tCs!wo57gwL-J zq}{5RLx{)9uVG8a1yyL!?d}TFmJo~%Ez)b}#rm&6-L^L-HxQ#zh=}Bm$1T4c^^jJG zzhVr)@&-CV)t_x6>M_=OJLbTsU~bLpd%wRs=3vU!%iI3c3BTLuwF%81CIeP2STxuK zwDi=2?Lvlz$pCJ=*Xk75@E=|Q(vQ7TTTg(4+whNV$DPat>BzC)KJD{3R9~>@+`yvK zc@AXb{DQzk=T5A*N0p&Y8t)0V2kIxWo=Rwb7{UWKHAe6sXGSpScsO6`QUrorjr;L2 z#Ew^6#?LlgL}lsaJ&uaaGm)u7^_<%9^F{?TW!)F%Img2_8#=8(XRzfiUc+}zd~%s9 zBpU8Vgr;=sjE|ugIo7QO=DB3^-D5SHmoHqNkrK3u-zCOod<%Nv!#E`bGq?jyagBn^ zrTWH%s?6Z(vPf~D6}POe*j=%CHg*Iy##P#R&^b{tJJ*s8w4tk-fwKl z;Qkx`YUkON5XCcV7r|Qi`W64?n>Va$Lp@VU#Gd0wZZl5hxh`wBTkSFKbu;zNFgZMc3s&Ed;EF1MhIw_!R>E+GCk^zC+mzt zlu9h;a~o*Sv;zjt;_0vc0^nh>2)%swmVKwu)km-WK;wLe$e@V|+M+zc)9OW>zMpVH_Ud zXZ*A~rYN2$KLQ?F5!W5Ra;Bok=M!9s?T00fBWEZCJR$t(+edx;>)u{kZ|&gw|Hb== z1#F`X6&YF)2w;R=b^tVjMs8|^4kGnU1x2#6Ij%r27#&eMTqUPlks~gv2*_IUK4smN zuhkRUb8G}bRoT&$D90%6lAmt=AA4`z)#lf3jkdJKofauBMT)yigSNO!aS8;A6nFRH z?$7|m-Q6L$yB2~&a0t$u{+_+h^Ne?&^99b>jQbD9AS8FPu3R$LoO7wlRKSGzzJ#pT zu7>p;T3s(-Zp&$hxB~GhE_BQnBE*HwwLF_3w{4EClgdWA|4L$kXQvRw1GcYO)9Pp^ zWn<7{*fd_~=p)pC70@!;d9po{w>Z=1#Y$$0$=|WJAWqb=H#I?;bLx2!+EOQqeBrDI zef`$B2N`;dDX}d0dcd7og}~Z->#QI{^}pLnzjWuLIn{zQfA4?{zD8aO)YQH{D6DGP zpz#s-uddRFUSng*JUje~Gy#2|XI!E2-2ctM=zYJVkh|COqGy102)wkqwgx%(c2)9e zU&+)01QEGYnhO-B=NQs?Z0(fXn7`7NP42WX*Djwe)_ZxNF1gUt0X2`-YQSNPJgrFt z72|B1hC>QcsL&f)j&V%Hpg?=l=KQ(k<36QW(Z;poR;Q3EGw8{fuoY-k_Uj;gUxHNh z_}`RKF%IkjHGtsj%j0Jrn#8irm|R!5?1H+0l1O31#rzlZ-X~ABaEa!&JbJ+i2C36- zurHLtI42ej#JWK5aR2JQ9mUt&Mpou_)IY$XyzX9JA=x~i zOL8LVQB-vc*@7vKuu(9G1B^RWK_pxur^DxMb?t?ym*#K3>rDTBbjfAvOcSj`prCDz z2wOtF5hNjHdZ@NeaHIqyBsdTkRsoUb!fX*pPa3vrS3qc;g#JN&DtT(@r@(6rqm+j@NaI!4q zASiw66dtXKZd{^PkoP?OzKJRd%6hr%QwjZdtaMGiJJKpW`SnevL5F0?&Dp<>PH8<2 z#vwo+2_HW=Hv;c4)Q?B)S|a~oQpe#y!wRM0Kn*)5#)+_M#fF!W;6GC{)`wbZoA`V= zhs|*FF=zeZ@Og7WJ9bk#>Y(fKUGIIiE*O9<#C>V2<||P1aGh@#PXAC(8)gqjAr;?o z|N6Jh`dR0dOdBWkmy}Bz_`&19y#W4;1pQfzLKOx2r|sJ!iYh%2IlX9*mX$3{Zqa21 z)pFx|jY~ON|~e(8Y}%*KuR-hobRpd^vs9quSH228?Lrv4I$*XB0IIymARa65(P) zATtsdT5H|zEo8-$sx+uDePz_2MypHwQIx`!n)wFn(}dpIdK%AT@2!t~4296L*TpI> z7_0kJlZznoyB(36I_cJy$KWL}&{=o+m+5`NoA7o82!`>G3(Q>$(RvF6UXQvMP1KpOhh3K2NK>A~Ik z+|5s|le)jfHvKOA0uC*C!(nG^1Ct!IOxbIhFB#&Qh5{6m7N|V+%XJ>n% z(4v0@hG>bpJOK(+2}!l~QvCKmB)s%M3~XAH&3ylb1Qm`m^K+1XPLbTqvi6UXF|kBC zi&O_nFXb={>kp?B1cS6vA3mSV|AQ<`rT2}vcgt+44+%xs6%s%dm_lpnFV3H8dQj>~ zi&xSia1a$f>soQ5E>mh>kny^-jXQ*rN6!*-QCgK z<3Za0{THz58cWEGc)Mh+>P?tuoW3iLMAhpeSh4H^#fcd$93O4LfZ~Ln|A~0sQw!b~ z>mh~<|8E_&m*?1BS}f z>sM~9;UKCPrexwQP3Jmo19aCHJA>4-W5rb3HQy4q88t$2Z?^NlS4@Rh7~@R1vIhV3 zQ1Gw~)=xoM{vkQrouRETNcFYediq|=%3`@5T73k5hXa2QT5Pmv}&^1X<%h^Jff@FHiFK-h~MIQ>AHfZq8 z`Vh)u`QWh)JB`a%3ip7^MkEp*zh$zlyxMN>*H+(Fs~b4B@AE7%#?pjK!rk02b5-DE zi#FTmPm5M_PeRHFc_JiMlx5}yo|64-3C*FFaLUluMd~z^f@-Os>X)AT72d3J4#B%J zy^?&Lg_6<(^tWvj1!>KtJq-G#DRS8l&2I;?4Ni!!7rGE^EgefgLbUVT>xwNYmrJYd zXFu}WZxvn>TgHm8Iw59d9@@63?u;4~p2P~euoUUn6|)2s_k0pv4jpHN^nZa9SZm22 zQ0h{2Xu?5hVn==Pc1P`kw&AXJ=6HzSZA`&G595n6DBH6~GwJ5BI$ou_S3&&Wpbe zJ!&{-`DiER;;_!DFYe?ES7LZYqXzh;HKOWsnoN;`!oHwuA&F{uL()fWl{Fua9QY=? zYWB5?{^l8adUgC{IOya3v3snQSf^m2U4Z+Y_SdR&^T+mXkJo5z=_kmw{CC#}8%%N) zi1`E7F6+BO**7eFaKnsh+jZ~JI`wd~gXKTJJntV>NHOuF8uUv4!P*-ew1x1OE80#Y z^dH_WJN`c;M4CUE2&pPSBrDGsk)Ef@%u9=>ltA=@d1)4+1p|t1X-LE`Bs=e&na}nY zq_EKUk%ZWjb+%Ve95M)}NW?A4fBo)5Ck_NZQdkOcxJM|YH;Ia1-@*17 zddgenX6R*BiC!oZZ`RxGd!c`dd4D^Ro0E@|E}OBg!(CjY5LogmP~Jf$at+7ySS-t9 zn_GFuXT)fi0O6QB*`OGLWW<0=5MAwe-kFMn+{f!`|D5V zSeP_D?hxmBE^>^y!6Bxd5qCv0k8=y@POdBpZv*EuiY7Sekhwb@a$S)u@Je?U9alMg zXy1GglOU6@LDwg8hQB4ri;o2$C_p|2%~}G5G+VEMIcXG+S6;%xzJcL;Y92JI{Ni-E zI#x6LzJLeO%(E!`*Hst=Qjnk3J;#n?`DF5s;bU0^WL`2(Q|dKX(zVus*GMN#;^(`= zbe5}rTqg{nq|w5zwgasZaFFQ(W>AS}485aR4kjC*=rjG=S61Q2K)Gkbq{7LetiWsF zFdSLMXY9GuBI4QbZfgyQqg)-jZeGdD$~5r#O6vR4X{L|hDv|OPEAGso4Z-34IBArJ z=-+wEW#hD)--C+}%ZZ|tlQz#SZbSGwPiavjlq!%=@QCJ zJ#)X_sP$h!D~AqHI@M#ZicTVxl#}q1HH*%1ZOv{tGRG`>ASi&vX-$vN%KsBxf04Fs z&dBND=1DsN_eXsfSCIUC>1XOD(*b@a=vksNhNhpd}#d z-y*or01ENIYl*7P&|?E{J!VFqTS-hZKKi~{pk%~TXXvFXzo$&O8g*ebsbINeGMtl! zMfm&Ofyj;6&Hk>z41Ju}7|<#rP*mIIBB`ueE$qY4h~N83&!neQ4(b4fIbrAzb}E!y z?#YS%!u=uhEF#CtS}*y$WlMpwF-TpifaQNEc{$OsWPizpPY@aySF0)zU;9QU3(^x!MMe>sqUo@uS6J;&*-Q1E z}vmPuXzQSWWfQu9OdwYyG+s6ruT8l^Kcbv zO6z+(5!DPE;KD&Prs2==>Jjwt&y1FW4bEQNUL-KEQ$e^tD#)<^(&@kQcz>B77_z=~ zvw`^U_Y?DfJ$DW3&S1)}{!CTcv47-_ zQ(e^kP3`xMy0bdNiogE`zFIVbe*70Z!^H7xNgsxjO8Qiy54Ya3>Zn<&iORx>nylDM z`~NA9H2y2+barly`*(!=>(6mNJFDOh7{hbcam-(N7&K~SRQfVw|3eln3Kt+A@2(iF z{O8mC&)+@aBFdJNnoyko6j1z6?da)WhcE9j(*FN%$E?54-3f!Q!o5g1;irFNm;dw0 zC|>^W&Hdji@xPzke+YQ~6*B)DbN@qN{=eVW|B+4pHY*{t5zn2&zE zRrB&3Vkii_+D(p!zf`OVI7)DGF!5q0FRUeuYdt&owGW=WuaiWM1I5)-;k+|+k=cEGJ_1Y$?vzJzbpslP`G{y4Se&nxF<@gbY79~-N$+t}EK!A&Z^ zo%p@lM~vl`#b=0NwGD0!c~UlojCb$|+6|RUtWOn}5)wq8$Hc|u41-WO!!3z_MaC?y z6muVL#ornXKfT&mmH|ygnpc^G_p4k*oP$~)3ZlqGy>-8HI_D^=Z{uZf#0%byi`t)_ zh%3ZRocTKgrCKfz5QM;jup_6OMESZaWkpFyTp7zkjctdoEMEv~=1P;jMI=o|hik@g zs1QKtS;Ud=S1$H;Y>f?Imm=tz!s?X$bT)4LeDpkfE8E9kR012dI8*ym8gD6e!8;~w znzv*>kzR5=ko(yA7yP<&5|sX!z_87LuAlM6u+7rZr~Q<8vDV2$hURv5xX$gd=C{V| zmpDnUw|{+fzj-4tdTTRtirjOo2IkG@CsEK?>2WB#`u zn)!2X6PoG1Vh7*7SF>Xb=WwFkbrX)D-|XR20t31Cd*v64)uywg6a@sVAIsj)s#A>( z;;d272;cX=rBmoj_#6-NY7x9YqsI!tBu}E#_nt<cs0UXT^Osu^gkT;p@G8WZ{82j%-g_!8!csFMb-7pL;~J6S9P zEHl*ykIv^M;r%uma^TgOs(ImLbBnII|49ykxzhO9-AmNt0O>aDUrK+1^gSycl~F9n zB`ESzTjomb^WiRmQ%C2?a1RwcyihfX8k}D}&B~eYr|Lhyy05gYXQ&OY%w6K`W8bIl z7NDxqZai;T-)>Vx=ws*&1$Y==ym5(^0ydb0E9b6`TTo-KLZDN4HuSY2bWu3XC*BW1 z57o|@5FG0AuRNuU=8Q%k+fuz6y>G`m29wvBPzX`5K;_^j>#4T2CJWk?6rMxQ+bh_W zg$mEFdpDKqOI(X6@coOdNX;^Z!SmmW^W#RXC*q*hj!c_LWT<=l4K*5OG@2h$3Gliar(zVNm9Ik>IAkxX+(ChCr^rxy0y)Kg@ zmx07Em^~9GNu2fD?_7PxYnvyg8!p3{vc>Afg@ScCqjV$HNQa3XWlr6e`DPdmmTKdR z&#cy+j(rRBv`8seocrJr5=W9OE2Nqt2(6rxjcSz@!~XIWiMgmg@!KWN?1`xANtICv zOZ^V#)}LXRbZvKO01sU|X%fO9XS8=#1(9CR-Wh_FHn9rTZB$dzuc}B`q;cvcs@7#) zQYm)K?`LB1ha%ARJW+hlrV{D$i8?tvK`2vY zG>t+Gy*)=<0=hK3GQrUpZMz|s>13{LSZROaDpV+b#rj-XauM9TjHJk*Ce6`m zabdB6*RbQU=1q8}c;(9|hPe$Ae9hJ3-hsDQ6)8G~$n|@;`xEy;V{bx#gGk(?*wgqG zk9BoQqxyGv1U}T4yy2v@Cr}F?=wBA*uxZ72m2V{CHXT{P0^ms5@2cc}&e8MT{#L_o z7ctKY2g^0C1tWXV5Li(g0`@;#oIqYPgPiTNh1NiNq^|drX(s|t6s7QeAn{_8gyeVJ9PU# zdn`WNTMr`92)ClPw<$S2Q3N|=@E9{--O%>JXr6jLq&MQD2q5dTD!6N&W(5o8>RRki zH;E6JL!%?pzdiQPq|(BzERpvfs!u}d(T;8^;8vU>5!b_Ti{^*jtP+%IQMK?(8@q{L zOh!if5clkP{f|X2kfSI@t(0eMwU2>|vj zCML6dE;3&n%^OUO7a_e;$jHkCULa43?Y>w#luTqXS-O1-4+o0B;ZTwMMDKv_bx2~7 zo3F}Ky7L{Q?p-(remM84|O>o@>r>0lsAom;8wG5Lf@VEaA?jICG)K?9IRK$-l6Ir5Ms1@ z&D(gbrw8kA=|*F4d5U~JjU;3DTjPTmDwbzhzV`iG*e6+aigq;k*l6kGyMU^UAHF_Y zqOH!>Ekwp540_RO;QhUsq{fWw@@R&oaPNMD0PT`q7LQeKuqTJ}kmunyaV=fcygKWt zJqPUY#PR*8G@AaUc~PI8(Z@Gv@7_2N4bm<=wvl)o1@V$hvtdiyG+7xANKt1|E<5XU zau?U->!=MwPmRuQb8OY5$JTr?@e*nP#hQ)s@$Qra7#lSk`Ga1#GE9Cz39jBtBvTK^ zos3(BJY`#b-bP!cjb&LqBb(C_ILy`MGVBOhBa_F9w{=P!Ffdq@cTD$@RRn_lbuT*f zENwtO>@6542oU2kn2DQ9x`)(x`r7?8DI&h8&N*bfTGneJ6-M?zu|9F^JApUEbHF~! z@R<5OG6aTzNJ5D8GAAB4#9O~cVd9D7*gvXF{3k{~mQQ^2i^I?vq2U36&7a}!0^$4C z3yy#cxJ`d3Lfv?ADFJ5>Z&wTXxE-p-tx5qBI?qovtv*0hcHx_8HojNmA|%HlK^4P^ zEDZ1rjCnT-S-BBy#3`F-zbsI^&a7a9gQCG?z764|c~zhxS1&^;9}( zbQcP%y!Sj2>2kB3Ft@|0m0+V>TjUs;ho8RVHE+49sz@E8NX}!B6B>Y@bsX_vK-++6 zCj9dUj3x})BNNqfiXXwaax?saE2h0HRD(7F& z6#*$pZZ@ukI}00@S1m3{-OoBGG8HVLYQ23elr=MN;Kh3&njJ!iM7881SoapB ziq!=uRlvFBogt3}7X)a5VLvd*KPDHtls@`xdHbNNVwiB+BhyyXw!vaASR@xP5^k$8 zM~V3x&QwlXPBPb8mYXaBiDO$uab`BCr5y$Pc_^`u@Uf@HPA0x=8}#{36M_V-=XQr^ z`cPuWuYI-U2)(Y$(mnun*UL#~rA;hqhS%i)@Iu@_k0XAsPr*inHwI#k=6S^b5ZG?a ze2P?)+BUPN1fjywpnT7w2FP6{GB4-tDEyA(c#^j?_{8zfY%@7@9q#U!Vxe2T*(+FP zty)JGhf5L}E=|11Y>6*e7K095UR?pCpZF4CLHtv3@9bu6o5eekkNPWagDS0DG)(eg zbwg{O)dCS({TIP7GF|fza+zfU)!j`%xYDfVVb|dAi2#lL@w)h z=a_5f3+;ogRBHfAnn(_N=;E2yukCN_4hhYZSaZ#_8Y`rmV?-cqUlBICerpoIO_9v& zn~QVdw~bLv3Gs8(IQm$ z&r)RtxJaVXPIB<#cw~Hc7^}F;N{~86O^JtCHkqkhihjFNF=R#mm%BLoVHb3Q4?sN& zWeY&4k+lMw_vCk3?+E~tVm(^)5uUZ zqU*cb)G;tucX>HJUf_gP#=QHw*U66)8;5bAH?^A&mC%Tiz01!u9M$8#s>$|G;5Po~ z!ve3%CPSW2d?ANNJUBtuKWgJ(B!{6971R{9>5}(H=IFl%JfjT*zj4;FrE7w`65j_J zM~Cu$n0@qw@C8zY*0Xtt(YZ@8kN6X67Q0sYF23fAdg$>b2&JfBB%Eo`#8O$0PU4q_ zwQwi-=^Wc`!eh7hU4Ubb9lSF&>6(Jg$l3Fu=d`#R+7<|dun=$YiuMT|7?$u|^J7JS z5Ekwp|KaiGTt1PFFJJ`S_8N+qaLnngu^YFTC2|JPu0wg#%&B!itN%nAl6=hJAGjgx zfpaPU(HuK2WvzLCGrW-%pSS;-*@>Qjk=_6_dS3&JbU1wPJwV-yabnvF&b52H)H9tk zal9F?PZ_|bCl&TH zzQCGqMY}VYDC?fFtU>O~TItkt0_+OkxwGTa8%}VC;4k* zoXPx=2Q`i7vx4{+_oRf;%?L&js-$buvsCu|vnpn#2Wk~Lhr}sNT`f!azbI-U;%~+t zp8_YM+@V)4A``R~aw&vfs|5}o(v97A6<6)|YdiW~YpXlDTpfQC=GtB|?SV3MK}t9p z)7i7ItLu0xaK8p&iG8PsV7K9Tp(rp3R=LlY64g`4Gy`MvYWUOgyO{H-(SeK@sQE`2 zklgeauCO9yzx$1{q%ZL0ot)-cDSmN7CIQ?QKFL6d2N-!1^5bg}(Jzega?mI*z_(Y% zW!W*o12LX7`FW|{L&75uKI1JPe*yLx5-j)SMjojH!RU4)Z+S6IF>8z_L6Jm8qJ^=G z*K*o7vd$o{;Ob1YK=VxmTLq^s_M>9Xojh+D#*S9@)fRV4nHGGxOg{&SUtfGkf(%G3C0`7vMOzfcYIE z#X0ROSSD~Hi|7!cVZ!DDs{z9ch10+~vKPy3%ey@$c<9|Qirg?|x#(lPl*Ustk0Czm zgAx!aXd(*G5{?nr8+I~^ik+aRkKk-{{5umj7b=D6UdbleOEySa3Vxe!div{qh%)(n zA%lb2LGyg_%WjP8D(|Rj6oZO>?Vb8Ng6W=YcPD$XjC*Hc>E#CwG9v_}+{?&-KM|AP zLt&h@a&}hy8?AbSCgiNNH&w)oDX7tinx!l%pcgwHM;0uVMu?xld=YXhjix1Qk~)=Q zLE04KdbeHEx5dg|SJTL_ViApB3A~M{5v0WJ>hGn_>e$Yf?fPTaTtB*dC>#yMN6^6qX&*l5REG`nT&6o(h759 zOTE&c>-v>?wI^%a`>QXuvR}Ux{W<>oLxU}J4ESbtUbdd5?J=iaGoEU~X}*)O8#L&A z4{e**zSll+H;}kB!ODnH9;>QQ8GgK3IO2phq~G>wiF9Op_6C7y_GWj9cOKax_iwYP zOK*@b5q*pw&IJ#dN6|C@Ed{E2;)yt`95z6YWE^XTS};E^vcsT@BG69vtTKzFTr(Wf zhYID=IsR@^6Ox1RFr+NaA_-KKeInrLwvXcSHLwz1!(nc7at37vhUf|=G4khhtQm(G zDOv&8GHo2#)mr*6BQ{(pg|Ap!kLO;$bP|$q?Y&tTI? znGxuPLX8@Tfl(C|3l&=W=qOj0^rjCPdifyQEf7~~RM#`{(JPuSxiU6p-)T;Fl!pv{ zv|iigf#69CNi-9T7PJ~KL;eM*xZ(ffOGB$>Su#&n>n(ElM##n%YdgpM`juhzE?0`pNeIOc$II*G3N@#gCz_s4nyS>LV5aC*~!Kt~zgW3o=2uTV^F0}S2 z9L4x#w~>5(*6FQZeP&9I5?6Ke6YJgJm&%QdrS82u3Bs4HYMYfZ7U1xp#1gAeG9m3& z%4UkSUa7-}I-aMhhK&+*?sef!F;VTL=uk^i;m^th|m_jcyQ@=D<^> zC3qk4_Ps!`{4M6LS3mIE?d?8Y^O@x%nEy~4ss9bnTwQ}nX}~Kd4qIfX5pboFWpmz0 zE6RnM9MneQw4en9^W)Ic0OXtX=9>qtjfm9mE%3VVoEt@dV(TmC20+9W_8C5b zH@#5N&G+3h>!|zmDke zabPV(D{oWR?PRPD#j*{D__?4U^AFvX4Gj$!6#{917(3OHo92q44DJ?l#H4;ywZ9T# zOJ*A=g&6+2*} zSyr?@Pl>4l4oUK-A{~;A1U@ULkn3>*z06QcCOQjZN)zLjY3Bwk6HHlPG>SU7b|`e` zUMq|vhdJn)kKmQCemWIBmq9J*SF=pTZreh@@K!{o`lJL?E##ME#{R^g;2Yu5;E7I) zuvVQlo?5*Jtjx;vY$jRKrnex{5R&%>@RN7f1a|(kIiJN3V((_6m0M$W;h+W%e#r!G z!Jb>0_?Hd5p9Ke9%VXI*89-*p{PEH697;W}mvQF9GAjn8f9$wKjh)teb@SYb!Ym!I z`uQ}PI?C;VjJL?p?ZTdZze? z-~;isYrB#W(PePpH00%%#tASc7x)|?PL2Qq{XNKiXsM4I2$)0T6_YjLhs?X_-avsS z3O2U!Qok3oSz15lQu` z3Cz0K33A@SSzje4_Y@UDy@Urt6 zUUsk=V;aMcGuAYS1R8@1(hT}fcRa}1@kAemQn!WYA#*Ldlq#E8BbC^ryI_jzfv7gb z&FHIItutLQk~^A+#B^Q5Bpji%igxJQxBZw;uSO1fI3bE3&;nvX0Z3-nzQ`KG0%;XW zotS&aij=$X^RjK24uw{%LJv?4sq5 z<%syhjpq!`g(1RN())};wZ=Wl!OZ!K%^LY(T(x5a=Qzs4CsOquxwljk8n02`O~Qo~ zvgzVmponRHNMjFFTG@xUg2YrZWgtE?%M6l&`<~Vy+(&e=++baVNdJb5Fw1?Wi^$ZN z-y08NVtx-DgXwHuo!>s@nNM!>M5FtM^9relJvZ%G_KfOWN0a&VcEjKikUw6JfO;n0 zhQs;JyK41p0&ffg9#5V){;W2yWGdmXsQRxcI6U_3y!vse$aJ-DQx5}vua6vs#P4v= zFFDWFw<>{1jqZ-nP*kU4ej$4xB|z@0-hzaq6f;LR&M$+Bnz#Xu$T|4<97vaQ@Kk$Rq?VDYu zucnu2i6iV+hkBCOjBOylr{ET{7pHzmR}G} z#~GGtePCmi)_4fvYD(+=>M0G^TfeAJzp!y4vGQeY8mYxQBZvF#6W%4SIu@i_4zt?Y z#o6pkZzp9*uL0?=-KaO$$Bh`V?7|dpS7~*V8raU>UJNN8gTdv26Hn#PWA}o0U2SJZ zVz31zF^|n4O}%Ko4h8yJa1}`rk}~;EW_?9~hg_jRzPc3G4&tVbMot7!79@PF6M<)- z0mfT#*2MAQt>2k!H{77Qa3QV{sEu)hCy27J?=aD`Qn$xdtaw%AVHfv$k<%@Q!RjjF zGTZBA>yU3t(Y;QOV=T1<@Rsx;YMj?mj`@Rlq>1OfIbAko)H^<{K#l+CFAUa$pFSiT zSOvy6b0Mn|?<|IsV$4^5-dE)NwjQDP2gj%W-2st1WAZ;)#M9^N1u)vfG;m!Ao;_9^ z08AmbN$oz}IA(^=-cNQi!Mv*%m8qAD1cSAK*RLfHLIbZ~ps}Cq;ci$rJ{CSj$#?Fx z0Utd@BP7pJ1Z~ah7ru$pkv&`#r$1QQcr>$Oyr0-B+9gm@%Jvy${+!Ie6GGE)tRPlU(IHzryrJcD5gMuFsOqT11Tt*EVi+T)L& z!FGMAQW&`UMlcaG@tcLf=CytsE5`Mf`clvJi$aY3i%%vp+puR<;ZqX@R}Ec zdQPC*?Yl+<+?9Q}LQq=pTHfE~KylWxVeJ_x<%MJImo;l4wdh}utE21k5!@0R4X3bz{ruYEt0TtrFMK0xcCu8^LAi8g-; z!(J{dQHmn^IP_VU8WbO^MJyC7%w_Wi39ABx03_k8i8W)}{Sc`1@o<+k3*b@t{=`)D z5~)$6VAsHdks4pzARe?BVQX{JDuw3A;WQRzsiD-8}*>LBkNoz=_NT> z=y`(Mea~m_*wNSRY5W7Ixn60T8@S_7@bWoE|81%jEuM6XU8Qh>46Sp6l4sfV6@iIp z2H2IUmNWV_V~cf5q8Cqas{8#$Cz4dkWr&j}x@$jUS1=@LdUL_Jw`Q06r+Ft`1BB?d z8-FTV=ps(m>>!#vn3C%CXdmxNR&CnFTFeXfk@m+;;uF5CL2!!RZcBX^nyrehJFgH5 zhU703_`J^r=(K9?avvO2*6?OGExxrMx|9H(q3yry1uHE~Xh&63MFq&YiNB)PpG{y* zIB5{Qbd?%tRJ9^ZG2*cz!4F?G+Kbnc$UnQPHNkXh5?QF9u@@C_eyAE?|5D}YEeaps z8#m=|vWd%F!dXlBvxTjg*3RUsT*WH{eac|bE7VzadpvsOk-X(dwsSS;PG%jsNWhY z!&;W=uw!<_cg(LBC1B405HuA4(f^n@ms<3RdCaF#L>)G8hv;1_T(I8v*(@vuImeOV zqGCXJkJqC_TW5pw071@K0X}+O4pY=Iw$|-6#gp{Br?nX3G<6!HzVh_-;0=%AGaLBp zrR{q1A5>ONj0xwr%Z&qSDYAli*X{?d$WRWAz$AQK2W%zH(*7&{5~RqlAQ6yqv^IvcQVDY6|=%-Wtj}9VZKV}XwqQcqxUwZ zBBnKH?S?FuU$hq0J8|HrZ zwmBw9zq2%)mxO28SraSr3j>Iqp0Ca8{8sZ=d|mOLvMjbW!9wHbgn}k^>ofqeopa{< zMNdn{p`DBA#{W|Bf_by7AZR`Ni|=!=`RSd%g}pEH!|PZD$?fOM0jK%pPr?xQH>6!1mq1wgaus#QcjueyD9HY zw@?_Q{|;}N7vuQnuU@)uY}#@RdHS?v>H#ZCN_d|uDZK`4{h=*~*ND>Px*CNO3KfQ} zzuDI+d_>O%^87^S?F1mz@YtDHf!)*$7C{D|$kzu+o4Mxf3Qr#YFTq9 zGQBiRw6W2klr3}p4J(c&HS-F~-%2(1Jp%h(_9I=E2Jl8PJ2NQOfj}-aeC}ZVF+K}H zN{}#Z96vKiI6ed~-nQvvGJ>XH@*^|t*+Jh0u@OHPDt_|-;fJ2qmHqwpPZEd%?b=gY8!(&{Fz52@Pmurf@b#XDQDWnzqb8j`v4fpG1{9zJ^amL6-V>Mh>Y2 zd#gXBMq*A{&_RCSFLqZ163EyHZdQgkkNA1CWLQYOS>30C5>kP0U-QVVT)Pt07vg?tjIXCzA+}JRZ1nN;OCjH`+-r)PgbB>C=(Rj)`Ze@&=8D{e#I&WAGZr_$P6kJ>=KtIFqgw z_sivpmq%3P^pP`xAj{D&%#7HJC)FFHv_6w6FE$%O*Ixj%`b_1SoWTG={lhJ76py>! z!Q!9HFo=mJ0Jz((bXy>3anz=ONqjz~bk-j*PP}p=^2R>xcU-`7ZniBdWW99RQOptg8OPkZrGsu}l z>!zP@q9U7FRC+On^04{N{vs<4{N>S`DP&@7QR!OrdPSCKt>fX?rtX&Zn%Lb_3b)-7 zdntK-c9CqY;R8rdhDxDurqO%j1gFN=CA^JXS+Sj%=-~5F!5N5ObP+n{) z^U6o7;m_u|MPLZth8duW4S!G8iuSAqghZ<{@ayy}9dFQTJ_|gxZlh-6)>&RJu!M1g2i9CI8)}Jy=F)JPQfDT|r{( zRBtjJnSNtDZOuemo<28;Qy+7>3aYl=-KDm|28Yp);nO~A z`i%nZ{qGIW4xt_i*>|kK0D-RvX1@beIr%0QLA) zgth~;eJ9<|nY>pzf1@a7_v?w2NNrsdvZFo%9OuSo(OilbsW6p?xiOSb*w?NOpmv2$lP*YZ@3g!|SaY#~0#Evi>| zuR2I*)WJokEKIEE1aWOU^lsQn=(v2&?px@Unc}@SGx$W+b(-%uSv9}O1c!xo{lum| z-Ev*>pp&m{t3)pl%wpO)H{@@urG7_dH^x<~a$*bA+IVk=Iw=$m2S!$<03LN~+IpHF zU!qoY7}$w#Mhe3X?vp!NoJ<8d( zgQ!M1__wbsi2v7P_T*k?d7i0X95LF`7RYt0xchB0hTdV^+O$1~nPY@$z)j?AIBTXG z8ZP7C|MW!;^+k3RL%>}U{3AcfkeK{p&DAjo6UQlQl|HYfcRZ zi6{{MUNM+sdAfD0_nZ=kw`sl4#bekG1988zQB3HM9%X847z+R&$vG-f*R?Mo{ z+jPrk&neZ8vz=UCHV;&u zQf9n=t&!i+YmvwE@5!Ca_{$LH(@Vi#+H)O~*^M(Q`S5>kG*qnM!)X^dJ1r#3o3e+q zEhc;eW;ae+?~JmAwy1FUuN6^?@(sKms+x~o4tt^R;L~=gNS7{14-gT7L+>@9w4jur^Z-G64WTALDBs|@_xIg%&OP^^Jcj4>&CH%X zd)8iS&y2gYe1oUtxP$a?6q77UNZ^ltEy)pcRe5GYaz*(A&y=t4sdp0_wmMW7{LA{` zcg_-1GB>zmexI5pO0jv|>mk?JK8WU*zjfryGS5XE&J2A9A#mc0DeaQ!i8fBnpU2pW@2`q6{)-+lhWE&uZQ zI2}ATvfwxJ;$N2k!~TE!OpE}=76}}5`0MZd8uI`9qfG*M4Aq2fu=$sR|1l-4=!qif z0!))`>m@PU-kECt1i?Feb>oj392!X%Y|c#6x52MZ_A+vYat{CrFYfbUNF-x|1DjYStnxe%g@DfMJ@DQI~}n!g_*rCN*0 z7>uC77twBiD}U`~-3l>XnC*zbC(BsYuWrqpqIM>WA(3>vg%o<;`A6`T_YX%-d8L=| z?FNTGH~S*d{}E%HEag+I7Vzqkho5YX&CqW`7P7P_6ZKchU_reAy=OeMy+?d~W12TB z?P8V>yK)`L*PZ2|?kE;`^O*4jo%o2(RhRy{Q%`uF_IZX|y+^sG$v@zS*~s-Y4+YyI znTfTg-6Rb+O+CW`@5+TfQF=p&t;-%zaVMGmJ{z94+EekM%9{`r@pUCkV|2()%EnB@ zppX+BYPs9D+VIEB``0jJvyeP*?2ifeAA97Juqw zl!E6m(ROK}qsIDXezlfl_*9g+F!d$qz*g@0Z8Q&WDb?vfS#jLaeUxgDj}h`Gt8CNKqixVlFA{{oAC>XQ zzVFY>?gy>?Pfxy6Px`=0(!$#Sx(_5w>MD7No1|BB_r0G`3PlM|`7N^x;p{;dQXCx> zI!Om68{Nf4Es^4-O-GrjhaDpftI>u5EUx{Tsc>Eqt^A+C!MIDUBQVfORPY^T<)Hex zP+7Z&xOxV{6u_&!KAaVr9>UXZRX*+K&CoqW1aKPXyj!go3f12PZpie3hhzKwlzhUOe)?>*Y|HLax zQ>8zjaWfo)Z0drcOH27f_ou_^R0H&3mH zdaadH#mo?wgL8fasqJdtU_bpy`-I^3L&-43H z#D5O*YZ5Nvt*fYH0loE^=b8sQu0dxQULslLdm3y@jd5t}^o$Sqce(1loX93K`G6J? zGCF<@k3ilrRAH>pxUX#y`?7W#dsF=ATA}s8B*Lcd3J3lZQ;}_FGz&C*(5q?^q}Uhk zGM5TC!hLXMAG~rl)QUWUedHztTJ{B6-bNPtt=*-0x9nv0BhM&BH4E}pg1QI!psZ8; zGON_*wTj-Pg0G!YCuOpPrCrrj48ndLx4S@KOFcLUof8V)7*)A{?U==SC;E|#6pIM*S2yjdc56OF0FOF=At7_0sZIenHra!fYJdU6~y<|JQv zvMy^8qU^oby6VW=Z9RAVwE)5J&BrlhSpLw%U*{p5_mP#N&51m)bh8<{V)wkivJfNn zaM|wp66aTM+uGWYO)2quW-SJuPVVA0{JXWmeqM#O9~2jH-{+9z(Fk-ty~e1u-Zr?x z-oi=23JJA`I=*Om*$9rwtCe+OdHko@VH0*oK}l9=_muI5chS!gw}r8?J+>~-Y}xZk ztKXjH&B%w^@{Y$&O{~=o)rx3&gV^heHAR|vWttcDi+yp9Xwg_oF3sx|(w=bfMA>|8 z5{;3ai1@VMZlx;L{!HMIPt$`o`uZNW2BXE0X|Wl$ZNcRDic*Fb6&fivt9()ygo_`| zypRW7nDoVRGT<$Pp4g_h@vJ3nFF6JXeSerPEvsw!V*Et_&8_Q@Te}7~ccmLPGsAii zS$@l!c^yszY;Q1jE2IULp6+qNw)8Gt%>2K|N*f!_3T;9dl2~W>aZ*$|?1d zlm^whN|RN2XX%z<8%}+!Vjpj>4}QfuX4Es5&b_pe%?~B zOqm5>p#H@%D~^*`_uYaJ&QZH6W0;8rQb&}_)5XN6bLIshBIcjPB^DGQ`P}0 z<1+uskCtqI9D#WG)X|%;4Fq<&#-(s+XrVA0DihZdv}{ zJqZ3h8yUH>6%>S41m9#1vSop;rJn3jn=0!r5YE;uU5N#bIMB3-4*RNbZGT!#^@g|Zg?L=* z9a;7T#;bj6p7q5!k&RzfF{96J3BiOZ^Zq?6R ze_&J6e5VvPGIex)_MKG<#kM6aM^$Bx(kj=0Wv|Cq%eI8P1@TRtjQ za>MhUuYC-2AA<5Zj?&pbl8t}ih&$wzUEEbPs5z`QI%WFH0hIHK5T}-|bkOBDD09il z_dRWpWdbkr^h}nZK}}DF?d+#e!?IvccDgD_r5``VvC&cmiVE{O^Z`3x@-mU(!rv~U zY_uqMI*(6WHpTsac>g#-c*dxGqC%aR%g?}_^<&sx+5%hHVSI zwvKMDURIHCII3|F!L&*D7OqZom$wuB0?V!wv5z0#_79#`g^peDTpkEdbpLEcfO zWjF7FQoaPxudcZh03Dn3&n&~~NAlz0i~N^^=Krww6B{^hmP@9gazOLmN>szp=0$8e zl|#v67`%V#T_c`v=VFhNW*Or+Xu{9n%b434ROPrFlG&zI(|x1}rVO7`cs?7!WK;MT@ErNLFZkg&m6?ybh8_K`hjk|9I#Q^Nn9A}K=jNPV-gpt3hGlim z9>0C;)H!>UHzmuyc^yY+UhgA7=~J>4%&-Q%DyuOd`>&x16w`#WjiS$!bad!Qqq$@B zN*4K&`!zoNP&9CR;gWjJZaoC6r>Ta;tkbtU57(mXXetS~DO}_vrSOsn(;JJAG2^8*?{4v0Vcsm0Vf*LFSlE6AYBN0X$g{(K0pdTht<%rI z-#LLHf0g6`Z~N~2;F@9=_pJ>{Tb=yeUzW!IPy%1mnBd4wa{6u7YrZ)JeFW4mD=I zR=o@AQ6)hF<%u9WQ6p>|j#=|I#4+vrOMz<92rUn}D`AP6d_;02EhI{O(Y4dhJ7Zbw zXBO*HJV_bnePV#=jUJ|2lz?h3;$u+FW%prlSbm?X<_F^pPrzn1`Q6<+6^e@QZt22; zJv7w-_6+nTX@`wl(egf=yu);GGo8v`Ac{?6kG2)=jzLx5PwiFMDu%R2JSQv0&*}AP zKeY-&jM3{`udFbw8a}jCN3)*RPF>+o{Yyglf*OSLgwX`zEcCG6IM3NhM+#7G*Yq!B zmf9l=66c=I)nZc~|AYGaeYEPkeXgh6FdI9!TZR^<%8+rhpeGj`cgafNLp_YHS zQ;92<_0FUi{y3{pkeXj13U(kMu1Z>vwCLGYz*5V$J#=du212VLk`J;Qj=QRRrU~oo z!-Bc%r(t`_rTK>vgc$-oVBc*Yo!RC3$9dxX?(sYJ8FmS)J10@AsI7s3sod(x3^O?pJ@?UX7vg2B zbS50gVsQ{QNM~Hp(D-Qdh$I2i5R~;W6tCmBP^*xV^3c%)j;FBOLL>2QfJ}H(I>Q-R z^wT%cPoRwp9^Tj98*92VGJYXz+|Kt%$WQ?LwPlR!!)b8FJ^N*|KIhgZVlgkjlVHx5 z`l8XA1D4{v(ku#Y;S3H;SCty^&V=>R;12YLKuCz>x1eXSGE&tK_eX|$&07I0Q5$WS zi_pU%hCqgqeLy02e0XbNe+2!TKvd`Va~@MS#OFrnjWk6^P;;~7O`=T(!%YfY(Ac%bN?T|P;DCK114H0+p7t` zGS=2(RM#cv&^8ckXwFnD`y(QiY^|cj$UA4M=lVCQZRTl;!cs>e$%&(ESa%(`dk+xe z+X+0lsQZU`RM)F?h*>1u%A`Bq2B0^dcitKah}&jwTCJJwt(BY_EHyFoon@i7Kp@@% zaUz>=ZSdDD*NpQBr@F_~p59N{Ut1pGuU$F)yx}FgW!j@Yb*q#O2Fs(PA}i71w-RUo zK;ExPzXfPqnhO1Sd@@$f9DVHcF3S!6KqpTVYv_PZeg^Idxk+KkMXF$8wAw3GF_s?B zDzM|WsUmg3$7|wf=^02tGCTFs5WWi7;wi&l$>{4d(I3QOemr1g%*3pgRwj`hDUB&f z-TG#ClHS*_b0>#Ai)&#%A402#oz~ytU%bU%6<{84v7~92RYO|%+x8;~osp2WeNb9t zFv$n5rKd*G=rdCNTSWL{CC!&0DkjB*_q)M5O(m{C2<4R<&+^&%(#Mp!+gCsLa&@dZ@rmUr!v`okd!}#ZNo0t- z`aAuU)5rt#=GP+g?qpf4{ylHUcHIt62FLAVKSI@pL`;ZB4dmz7#U5L%?@!O^&~|G! zIj8JYQAfkj5mByU#A3EeZdOT zk(sqatUK1JW8{eu@9~hRCBjbJADMKZ6L8SD&@HQ8O0Cp=T`Q#KwEEQfB4!qCyD-3X zKDJLNbxmT5(bi+kLO+sHy{Kg|MlapjR7G^An^9WTf2B~*erAoro(Q9_!fC4$me`*enUwSwrpC?Y)V})620>WAwPiXJ z7vE{G46NxaY^Il1kJ+EwuuqJw(W^Jqu-xk{%`Mq<_9o85kT)l(Q_`I~_FGNnjZEwQ zUA|lU$^0I7uVs8WcX19Jq0fxo-=JY|Uea4Dv%bJexVT=Qusl%sosc~C%Wsh?)h^rh zcnZ1wB5%i;xh9P_QY{y;aCH^DcZ+cW_9?(C|DpkE6^qU43j91NMooDokG?J%rRuSH z4c?}3;pMt@fioN%_Gq+s2RkB}$^_}buMQwG{3l>)j)_t|PhXOx4x`8CUj6c?z}IKk zoAO;LYvJNK-=S#L#BtdBob@Mmzv3?^31;fHuFbm7+}9#^&K0Y|Q8ZC$3&HqJvc7E2 z@Jr5A2W;5PP1v__f>yppL0fRED@O#~Ko=-PU*a z%vsBZ=hswhl|A0Kk3R{^(O{jY6ySPmX||chQ@ZaCsYD_? zGgCT^e>BoDy|-4WM~{m@V@~Cs{s%X)-P=qF~-_Rl(1^qK7{xg>ze#f2)Jf?@&)4ug*wDRv!{8twqTL3Y-`||U~ ze`&mb`L%z4&F2S?*{=Gp+WaLo`Aa{(Jp}nvYM_nh|F%%|eejt5q@zLc|L#O85Pk$j zA7eEBJlX%^+1WKD53EXy3B`q1|J~ldk1_ZQpXgaqjQNG%C;zgX{Yh+kO)^La9;)OZI<{7m5QsRN!(Q_*NGUR*k{_pY91CLqOPjx4cq;{w$ zrI>dor2{OI4upu?wl*~+Rs4Y^28}7Kla1-D@(t;rgfSK1`)bVDYR`XeX5brOz*whZ zo$}TmXiNWXojSgkAJnLpt`Q&LS8XqlFIj56w9bujR+1t6$CuhiJGjvyZ+R>yeHmSxz6=zuvQH}avyVu`#KcnO-Q6vgD`d8N-{pobR#_rhEk^sl zP>+veC6*riqt)ZygBfzBcfy;j$9MHBdg$#+&;^_;5u{8fhvTs`5y`siBEQ(KmM`0D zOTy>ltBSnPzf6k%_&O*92KkZZ8R4p>4hiQTOV~X}bBa zw#1;V1n+6PSpANNo=Zyj&a+E=F+;RC%e0|*UTwqDtVJzlNo z6FfN!^lD3Vi1nX;=Nj;x^n5id!G+E567NqdCEo40+x>&dfq;BE^CCimaSLHerqCep z`ab6@x1@h^oT1aomI3*se#0XQNVNf|8?$N5X<+?_*9Z3fcKSFpp&zZwHjR>Z1i=7; zb)WyIx3iqa?N0=D7~E7oMJ9b1ge*sB{P2H`K&O8U#GQIfL`5(T=QZILg25TrKa|}4+YHX8BQ4S?|M0Qf&^q`1Zzw~i$UBT@<&&+SZ)E{fMZC}>!?-T? z^?GabUB7sRImH!fV_4_A?;>jcjn*@wEtFgo?z8**LN|YRHJAisDwunJ`vp+1ka4Gg z$ikMFZyGMH^fFWB4$_?Q{mh~ou-C}25+M_^ZcQhkpR%p7yE=l5Vif;oS2rEHkoZhP z_=tc<*87X|A1>v@_Nehf=LD9Uw);e9JEIFfb=xM`#`mLnbgG~ImkGhg6sWIcQDR=N zaXmRd(^j{{&qmjts%v*`{$*0+(-KR;kqUjnnqBv4m?)3AUKK`xv?(mMINk_TOxYdQ z6U;EE2GlTFOEvhg`~7CTeWJ!k(fcy zt@}O#kpTkW7s_n~VSWjZB!m@D_K~9N*C;k-IwE_ujr`2l8&(CjhxHum=aoY*3)iB3 z3YW(!Ejtf}q`d+B2Z3h#B6;I0o3_P`0H-tJ>W}q?nK?HSi%iK=*fFKHa9;B(;pk<}n;N zCy9%R?Y)>dbkeQ3ZcgkhLd)0aw*0Q>ssP!Dafp}9*aJ@SyVw1j55<%fuaL+m=PF(S zA@rID*o`o7*9>on<;`$@pqHoG?sS=g{5?0LM7er(=Rvv`pM(eyUr{eh)G1~yAp zac9*_ zbjP&a5u+()*B)VuA0O2g4!4n#*p`!KY22vkWR_7f{n_uCPGVVpxYSf>*G~*WuU_k# zzkksK2HO6L)Xy`bzI#qBJ|a!W2dm_*_!ME&9`-P16CTY>yY>1-*6sC1Y#LJWWP;mn z(rY%lmr9j+8u#ArTD08B;kH8~g~HzFhp8eRmzkydi|QBB7W$Pb#35_ts#`PVy0@zw ztG=r&lp|P0OPjXddSgKS*i^G0Iby;(585NpxJJ!VAi)cw!hf&8bGuChvsy+dm;WGp zf4Q<3uRT|bAAsFi4^da#naRz*dTv)3_N{l#@y* z9*J=~(<`!TLfer>hpj*PWBl-qQ|8CM$@`vsm_cu6TSH28m}mFK6_xfKqEGZG(yw+>Lyea~X=|46P73(76JxC-*lDJty6Jfxl#WK~9da z0g_&yOfRyy#nJSJkuzB+9PgQK_sL>YWU);HJ?WCjo%P9axsA`~7>o^?`kS}D-AV_+ zrqLY1;+Zk#)JEP5Zbj<}qEJX7+4Jh;ObMf7g>3gqNnE zT~GoyD7%-iA>EHD^L73A=abVz$mnHQlMOslWwSQw?1c@ll*9S&d6c|Rg6K^+W1jt& z5Vpnn^ZdhMi-{9qmP;#91nbae3q$D$g%VL@z)MF9J!3c}lSv5PUd2Pav1GirNT#gN z_0>H&ReepGNjM1`FuE5zVz>dIsLbwflf1yq*2dMXRM*fR)Voer zY|bKNHMd6fCde>F!4HmCjZS2!M%tjP-gEH_k%G-a5G=fQT(d4}(=yY$^Ki{l(X~>r zdC#QsD^EICp%)Cw5WeR%B)SuN@rc1P!(CQ8oXhso$Ab()pXap0s=Iht)Uv|`yfy6vynp?^ zXJ|@0&Nss2cy~u%3&;AKmE+8mp%O%)HvP>;)qsYmDvSH`&^+n!P$fdDW#;ldj8_)8 zGih-LH*Y zl1u3j8*l=lPlleaop6cNwXYtUd1TPDr+7F`!2n(_Yq)W8Fw*kU4sp3J)s^>SFV-L5 zIOvWtu@E+a=)GOj&k4rW)D58W{tITD23V_?7mrc{9g;IrYu9@O#FM)DF$AL4-M zxRa}%+|W^2+T5_;azaq7MEk6A7eZiAr35pWywA>qqoM1`zj&@8oEM4jZe{sM}#)1tTOemSlc+1QhM|PlU-bJ=ofXCwr7*EjSOED zc{9B}L{4f%;a!pPk~%+dIU(T~d;SVnfFH(>GgnE#qFJr>ddm2?!2`4M&Uu9Ayg@b4 z&lu0Hlq+23=(`PI)Ngvl%DuB0ypPi6j-`y09+!aNUJ}*q@nPECp}d3clV+B}nAVW* zsjK8m6P2fso*{N$*rtEGI#*_TP?4O3dMr$C|IKE^y)gxAH#87|88jVe_gFB7eP)fR zT_&|zwEqntuk@K-$Rb#AA6Ekekap+c*{Hm|_u7Wbm#j=mY0@(&`BUgoRMU>l`wO2c zkqXzZ5SSdBj1`V{o}EHIder&5S(Jk43R28!QDqFx+>y`p#*ns=xZ>Uyiix6aq~era z&6vfyuP55ul3rqAeCoJnAIvvKhj*@WJ60zEQmmSM%d>X^$NtyFiTjRHk~PEm*~;Pa zAXMl9Dsam0lyuJ4BBAVyp6WS1BG6}00ELN*i`R}ZdOF0v?lHyBpvz>+r9+n>26-fI zZbUmp6aECur1iT+D=?1h{dtGDaYxz36itPFu35RS@7;!VE$j6kiQQ)P`WeX3-L~59 zeZkp~=T{Qa|KK{ESV4>NoMz<#xhY`$fBi=(Eo;!`Kb_=H_OCejd( zzVvIm)>=T%bN$9$Q=8n?=l#Gc?9H$J65lklDPb&6j#f)sJk*+6_7|A&&hyA{L%Wc0 zr{^(W16uv}eyWijE#Qk`ByJK!J6gUVI_qUfkU!;AjS(BPSB+*g?~Gxw^_Xx*(5<>B zGQiGEeh5hJK%!p6L zM2w`6{fVBjJgT_AkIh7OfPC0{rlYhWrGShH-j&dc@|x2tbQe}cm4~g?(?V(>@z4ef zzOt}cdtV=vA1m>WzJ$_B6fzeieHWW@NHNA0PvsD#U*F7gRy|AQnO=%w5S@@{SL5xI zxoX!CL0u9O>m~Tsk_NT;6rm^I`vaU-8rpV6wx?Jl%Dc5`&KB11kM>?nb)N0abwE)C zduZH#Wap?E4|R>}zY?-_ZHA8gzOR! zD#<{sl@jFIxubu<-3r+OUtl&H>clOfQ;F}9$?LP zeshlFSTo>YfDU1PVKNT@*|ntNhLzt1j_tt!Nbf(kb99V{&Z=95DS1bA7EmZ2_Iv-> ze8LH++kAT>aLALWWuKe0npHlNlvDP$z95g|TV6~ztl5tsgZ1)n2XvSESq!WYcjw0}v&8eV{2M@#gXlA1 zYRAktZD+wZrxwloU|X3wA?U-s-M7Kd3tGS@7&sQW(t9gQP+YX=BIJujKvtSNjz`cV zuT~OLAt^?g0PpjaL8M6LiHDvM*po6x{cN0VOf?u@U6%s~SXtMR-S<#jrx+O{eiVQn z5*lLcp_S0wRg|={E$Rt1}p|-77l&9eKp(QO!I-uR-G7Js}I>mnY zz(%mDtidpMRdQ@0j*AHT{*JAZEP1CRd^gEfs`FW*%IwpqBRFBbu>_W8Xeo9G67-P# z8caBG6WGt)ZFIDvt*f~S(iq7W!X$PA@_KRdk>sSAN-QhX{Rn4B`OB19LdI{p2ksf1 zY_w4blDzPOf^=9(`^Pu2nRPo?!_7uYya=B)0;NNI?=#h&od?t#H|v~gQ!tB)>@|$FguwSLbm87>0}h``jB|-%AESpLo{|f(G!5zOevQ)c@>e*O{RU2) z%{t97njp;j%ov`?9T*d)QfFfL02867N{!mQJ$=sX`-l4ii5&p4m>ldZ&jP^~294tf zS3igaM@`QL4`=r;&1h_Kvhh}eQ@>{p&eQAvyt0_^F%+?YxQOJUu5j_!XByTG!EK;W zkS3spJ{KcV4yLy(aVVB^ZBK8Pjb_6uMcMD0o`iTsQcI?qy2J##{uC^Jy`UVL(iQB@ z_uOjH8#iKP_d_WLsW1wz=gtht{@%dR4p*_?~{494b=fcXHY5r(s5eg<{nY zH-_NmUSMh5>}1;hU2%hz>P^H1$&T2K&V@ecs@&Se%hz71L|yyNG4UJUon&RJMPE|o z`z#;hd^Ei56L=oEm~)c{1Q%_oEOmKrFQm2{&I`umWo03Sn)-Z0a4!1l3X593tNH-D zpQdCU5p~$Q*%+JV=LYE{RkCN>dn}8(44cjyo32S(1d-DRnP5#S#y77HN5a2c!uU?X zrH4|G3);i!lSaJkW*Uqm^2%2DH?q6Eee3dTrInRecJ)2fee|DqyMk!AY;PwBW6{K7 zeHUfr#p}mR$`QY;5nE z0?<;Sk|s3?F^Q?ahk`#7hQJSo_@hY`!vB5b8vgL8f?9 z&#pYg$N+59b|e1H+jABlG^PCQtdYmYG4<0Buf@y4?VRYgvW%aToM&&C&|sfSm@>tD zmF@91O}vpvo~XG-&(8A21|adCQF3$Yd3N$Mho7ElB$|)}kzm4cV4v=q&mzf|WP`*?rR;Ha%sIknYs+cAKkmpmK34?6?psd|=oeU5w)DXs6fJH+n;e;oVy`#i9? z+wNJMdTRA|6{h;p9j@T$=-GGIU5|E0Bx|Sq8*Lx-gh-q@Bl1Y?-reU>djJdCfV_(; zIWBd#06%aijCW@?RxxwVH~cl`e+O-1z_+L+lbOf1HHso z6;H8<7u+lX^megRa%B+JAw1Cwp^SkoAjawp~X(WWLO(XDwN zy$3=}>d-~;(75Tw_fzLj5RTB3*}AB1R2WDcS9}G)x(8Rpa91r78n&kURL^Jf!2qP- zWPL2$#zfNQno+WJ%Iwfk@I59KR1RSjKIiPzlOn9~+VbdWut&{e&e=^?VLD~6dF6BL zUjoj6j7Vz%Fb!%=;FYq^&mRq-l?dsM&CC97`=2@Y*=A@zNYBukyr-|(?3zo>`A#An zIZyH+{Fxk$q10mPLz;2;67l7mXOFLuI2@;%1h{d=-a4B>&(`g)H$@Zdx{W=@fhsd@ z%c$#f4J$VakcUap^NN_Um~?GDiEwr}EDsPIb$)oQgZ!)=*hasp8)n+}#&#~H2zjyQ zA+gM@z^7<~6aNjpFNF5yjkUQWrK*{uEi9RdShR2OjhxFH=ET@K`US%7YVxk1lFoyM)X~yW%D-bPPr|0 zx39;3x*d(0Seb<`k*BXY|#x7imCa$*%$O41u7$oItP9=E(wxFGxOaS5*- z?Z+z`2GLuTo2;B>=1clNV-Xd0N|5rARt0l@(v4z|F7~iG%h%U1a>`)Cbl?`H*V0i( zM~4~36-|aID=jC-&y7$R`PG5BUPGg>euuWR8b)7zmxFXhGc7h5AMfNT)^~*aK3^((8sdQq97Tp*Fwj+2zTUwZ5qq)o*D)4b zY+6cIcuNF=QTmLR1N^(*8^z0kJprR3!bqz3ls~E7?d3m=tp6?K{P$>#2|Fu=Rt=)* z)jH3bqVKCM<|oEKO;Hf|!8~*N`cJPa!le)+Tql#G6!tk9zTtc1qPR27A$4H{tJt6$ zqZ7Lq+K&+48>Q$ai$JHdsH~m4B0`mafvBUoQNJ-j@mik#^bx76(T3rszvvwPlB3JF zi)ePVs-xEj&JU*6=!Nj*@X?H0SiuiZby%-|2sl{ID>*b_vsRLAWr`j&ylyJr7bfz0 zTX}C0&o3u9tR`wwK2UgG(~prs2p9D8v@|(o!QFzW11u5mXfDK0Sx)HrD%>Pi9_NH*H@~nuQ}&&yd>=4eLgV(e z&?$Qj7_>psnD$22wN7~xr#nA0ZrCn8`nLO|@6}-X5~+G|6^&g)U{MJPGDlsO1d z^Xx*-;Bbo{meCsFxohzUIij+5mzk91aGwhOsVB+=!oiqG+VO#Tn_tYq=datA({;xMP-pV6p z34x;+rdLZbECD;6tB3)#tvp>NoFqny-p8zCJnzvW2!bEsN4W8lt@dMOs($Q1qH^5>jJ10PU?-JlB07o7gd7taaF|m+^Y&JTYxgN} zIZaGmLLc)?#jfQD=b*Lp{WQgsc24wJH%~TLSov+*BZ}Zox&8GStzoPYeHd-Y`!dOZ z6T;Nd+U3BkRDDHb6&GE-OPE}J^%B>TA@e~|&k1MM5fbH~ZbJy>MIoQtB*$Y9BF`3h z7iC|rSX&TOel#GXAHCGOE{7_nm(5(;#mQ&Z=YNsIzkfj?n|)-GCt$G??p6+!DLr;2DJffI{7@-~KX4&;;MI_uDrtfASxoQ#O&Dm5)6W z*1y0{OTFo|&1&agAIk96*({(GJi9yiIP>aVcK~IWcIR-I6D&s zLZ@B?K4pTooTP87?8}+W7!h*pi*H<)Va)6?NA2^8dN6AiMp(V!w?d(_A5N>}+iW-= zNA+uvBnF(|13dYZo}}Zi2zsCgP7aYLVhCo}hg$l?EdR9zeB{ZeWsoMPRzQ)X+{mYWmcs?KUf4C~oM~T`h-~y$R1eM^?1O)}{h7```_&DLUElkKgMxqB|w`l@ja>ijM zLxO${35hJpyiSQrS6KPm`wnb`49r*cAC;CKj+{!*sh)CxBeURDqZCTlrg^+dm2>Fn zjg2YsH!ku~GzrK0IVl8JhMR7H(@Z~#6-k_i$Kc4j#E5Y9K1U&y)N(u;(zyBfwWsKZ z07C%U+7qA$VOU+YoD4i;GZ0=T2-ob>WEd`?x#V*3d|x$hTs+=K2BfigjIz7St~>~i z{*vi66A{(9=X7qSFUxo9s{`GeLP5pWS!$Ps{G6CelIkpuKv^ENRg)iM%u)-YHj$NQ z>>A)c&8jH^N1AnP&{+*dbI|I`Or~uJsrX5sNJ-} z(zIHck5f2LER!mivNR3D_g&ukQd+Z*b5%i}GHNjengG_s_FeW7UNVs5IEAJbm6;_6jJyw(r;$02?oym+A9+y5`tBM~cSB8_hr8km)~t`YjlM_Q5#y z8|m?GLy+DuX~UV_0@cSSUrHL+Wt3CoZ_5d6P7O3IOuqf1Xb%VgAO0^lYzC>b`_xCT zW!!fF^wD6MG7&cs$7AL|7p`8+S+eDc z*6sD1-ztYbXOb^W96{>J%zb$wu*rZak;~A**3GSqK->)JQvD8BR6*yj1?cE~Kl(7+ zw#bz-AJkdjnuw&2+k4H$ZY|NxT{TM;`?xcVN9FvP_zZS_tZxs;J#hF?QS7y_#oNM( zy7W2kUVF+;>zg2-C4nV|5GT~k(dtou`NG167kiao*8| z?K>glf(LrBTd+m0@JvkC3CLGaLuxY_YSYJU&V9*`eRaGh8rK_cS;}`~bBcp;PfI(p zvO=SYNzUElc~5j66+r`zQ}DoHWZlgfiihqIj5ayah#?u^>GVWwYd`pV;$3IyIV?A8bfUpEL+mw^qX+2^^?8V(sdr$2X<8?&RmK+5Gdq1g8`_?W zexQHAcCyLlP@xlxL$E@6e8Ix%Nyui6yOoisDA4wJ;}f1y?Jm_Qh$Cv+j`aXo=miIx z$hLN5047W$4iTiFttmSk%P;4U8v^Xg-CXlB>ysq$Zcox_JIsw5nBD)Ij^=|WIRL5$|9NoO*sIWEMrV7JA#4YvUk;SXtemGC*v58<4y z%L|MdY1`rRagmejU>oeykzopaIyLEwjs?IRd*h0pQu7>jy>IIPKsQ3PTprPF${qM9 zDNMV`BIkJupU~!_h!K1HG>Yrk_;FOjO93L5_rQXUnnK@puUlY&SpPM5Q-G?QvGL@X z;3{!1L>NV?INLV0nTZ7{v;!Lno=dF{q4b52W?SM+`og+PcJF79K^CX=}n-Vh3a69-)IMmlyD};o4(n)uub}2I#iP=)mD$6 zCNSn95I&%uucrL)?)BOpKwxqOOogRBqrBoNzpl-;H!m1q9iw=>7d1cK4k}t~fy|<` zXs==C=@^^{^CZL0mHO`%avA?_lxctM655zUt7))aDCiyF!voTplP@sv{Y}m@GSb5Xh8rg<^J6foyF^q?Ey1M?c6Wi&fVJC9va5C z8D9y`w;rL$gL_)1SuO!GY*k^wwL^cQ?b>E^Z1=E|N-$z~cAq4|-vAtdD@w(OI1PHwQ`{n7jjctNI(D_qN zc|d`CWZ0X+h5M7ynA(=3;>htn5xE}&E@g4IjDZ3ndKoFRTExXrFh$QH4>Q!#vlm}v z$STZ>oZ_Kv0vjvly((PS#X3)G5iEePjZ3eG(Z9H%CuQmLb>4Q`8EkuU?E?t9c|;$x z`Xuiodqn8iY1vbWa{;PUcZ8P+^C-JXjh9Ke>m#H}@)AbVe{B5rO7_>s7k8|L7T3m^ za|~dnD1x<}LS|;S1>GMoxuFGc>1=M%?pKJ0c&d~qAxYcD@Glpb>QYvY9j^Pcce1a5 zHKx)M>A@i-98EQ#JgXeqFW7FQNrwN~A$gN2M>V#O@o6g}%yR0qX3e&!T!jqj(OxU< zx{yM}sbZE9prB;p)yGI5*mo~G(KC6q2gJxQpsd@)sObh;LjE6nZy6Bf+O>fSqND<% zq;x4MA|N0ks7RwI-64Z?cY~mm(ny1plyrx5Hw+964MPpxL!5i|8{d2O_Rsl${vaUp zJa?~kuXSD5TKyJAF5t3fq}u;W0XPLA$6?}9F5;&?Z)U7TqNJl*#!b^f+{^=l!K3%c@>$bIO^L0Q5wuTh)kCs=Wb47X&tZHJN z>nbMQlb#>0sMgv?O1VwVaYBk*xe{#NFa8ziy#yf+&q2O%L7aCPgIkiE*4RYxK^b41 z+XA-)X5AO>L=#IoEVO>+l;}9A>N4*L#FOqLsy+!~eI?95je-HNlP1%%MMGl3_g2@j zZ`)6maQi>Cau?s97d31r5C~qrkIgMqQ#^v>-TCQsDbTX{GBW(@D)isy@r-sMU&?XD zeIUt+N7eg)5i();TCjz7#QEobA;>~a63*vzQarB~S0AjjGL%#Bx9uNeeRPN`KgmK1 zxXXmh1tSz-%IeGQ5OBeTAjaNs&jUv2(_}M`g(8xyfOc-rU^JG9%q;09FXhCk{HsAx zM53KmhAONfX!jB%_u9wqsf9gI9JcG`TPKaecb+5}zm0!mTMc3&*er%A$Z&bGyQr;3 z)J<;XA4hLbfNIaNvz|$0pHk}3I|tbn0W>OUS)k{sr4$iNu-Kr8xjKiEcAf%3@nzc~ z)Np7ySX>?VU-z4xggeKR9A%N}(XK#8eyvMM?E6@o+;?bR>tcD|N^OC%N!UzXEkIiQ z)*RG1)Z$>GZMr+hez8oVajSjZKs|j7$;iDT2mhkM6G%rX z0k@t1?vobY+d~}BEHxJ1RkUr~BYf8C#io&V2*5-RHxO#~p_-x+>AI>Qq#c6w#lxw3 z9N0y`E4?31^SEvs2hvctvrLed7bL8>8ViW|s9j@>g{oP?bYWv`)Wde+Hxj}|#$&JP z5(X8*zoLVKVlxRAmGE(MfMauEoI5@NC@yQ7jk=MU9RLF81zARAs5fAp-y*KRLN#7Z z(M^v$4L@yv?3($D5I|P>(vmDD2R^eVuVUFfiy3&fFZY49-7W0os*^GNsf~!bo>Y$1 zrg_Wfzo2{5RW@DeJ5|&#A&8|f)iF!yAKkIC2@;SG7{JF=HBmKEhlnX?jqtmoX`g%t7flJdpHW;yiw=a^VP_4sLKHi!D1_zrbF zx6f&{a(X^V3Z!{;D}baHuea;(mxC zdlI*Mxk8d4I3@Vj@fWS=+o~=1?gVqxFu;rWEa2?8h3F~xp>p12^rk-d`vM~lJvvZR z2dTn{WVV;c2LqvyUyT0LhuDdjL)^+v$r7>X{h~ZCb`TvS#C2*wG$9ySUuNwbI2FqLIT4Vbs)|O2=b#y7R z0g+AygAd{&Lurt=ZaJ4}4meU}UtFle`?B$e-QK8v`JKGMAJ@XK-G#duw3#L#yco0| zgw)YGZjni{D!8vYVC*3JS58(B0OQ|Ay&rIpffOaX<+A^cgbVOB5Gu@4vatm0nbNe& zFYx+9Bdh80+f+N&CKF3TVV#yO9Zy^`Pwl%C&s3-38f6{q} zvk|ljB6pGs0RNsa{fSg~%uYS&FDF0>TyBG%ba;iHqT%i5H`fmS*;^qjpMek1coR`B zejc_3p;-MZn|VXZfTLH%@GqPED#ARlqzTXjkRS;>HF(pp^Kn)mdDHHEg`HVnfp}6f z+>!eiW1*W5oKUzmG;c2wTq4LlE5HBc@^XVK3mbR+&z(Jh#h;fSWBw-%qYM}0MW0E* zgieTwTh9*9Oh(dEWDrt58L48eYhDjai65RFEr7^zz*xv4I~3fe4)m{Pxg0(~8duy6 ziaWywx7r*XAAS=d{AH~3a=^H!J*EHruRzyxkd&(aF}MXw1UP(tsr>7IBQJp;-w|Up zJJju+zU4L4_js-vje}Il8o;5Iv>nYNNA{P(UCS0HFHh?VSKxvkctWqLRYe`;k|s^x zK}lyegW^Qp2|A(%bu9M+wiO4A4aqY;I-_$tB3C*P+J-%%DPPqS*)+}zY6z>)I-8HnLXSLe)#L zNTtPb1Xxw9Jd+-K%3?1%3F;>W9|nY(j%Y?6_k)yemousG$X}M6Cq=}mLA?r6yf#uB zOEFkf0(aZ<+%GfeyA#)FU95iIcW0!?ik8=C(EIyxD*hjcj({yP*V6Im!0Q$cQr_!u z+@-X?9b&TD5ifeR%(a4CLoN;qeo(6?ncUSv5WazT7$0NS)=f?=nwmBm0w?(uUBuX9lw!qvld(F*VF@iD5Dw}CSKjXwXAfFh77jf2gz!20=UF=K_s6MW2m>uKDWw$bD(t)eQNeUDSOcjiA zl(=y_w%TuZ^*qNrJz zdX0TNyE|H1&Gl$?1Hd0Vc#$1L$JAL6GHStR-fK@|pE&9QLy07BpVVjD_4g)K zBl_!)>j+1r*3EkQw9D4r_AsJ4PN zS&jB(Jp4RBHKY_&K$gvX&C#j1_C}5A8hAG$%TCJoyL#Fx9fph$Md#aRNywIL#h%Gh zMq9@hUWNzNVoyo3Mnc6uV9LvfJ}%lxXh!szeY;^{0pe*NhVPUAUt|9I&d1&dlA2q} z_YCTJp*C2UNjQ~Zkx;u`)p^AGLLJRcNN7cLh1WDvQ^``lI+`-kth3Mpe~MG9a(LU!K{&8ta$QOs z`qiQ$+1=D^C^lb~gk4d3P=`h;%=aG;$D#X5;`2jE*=iO$UTC1Qd<&Idh%(g{^W2}W z`h94x}J6R0I+r`+LZ56pC%ifA`%9c~R2aC2!L8&-rL1_TluRSFqj;7+&> z3zs^4@F2}GOK?!XG*KMX@l*~A`ct#7W8gnJR4FLL$g*r0<-r#yu(S{pnBZ9vJ94Zc zgf03y!N&&1D*8+NpatP2mss`|lOG%!X&mIHDo8z&987I9W3iB#3B}l$)psU}4W))I zW&m#fxp3|*3op&~rvX8XaVf_QLpDuKzh$<_{@76~gz>XlzSQ=U1v4=-4cL{Vna9ua zG`op^FWJ;582FDJxbrlIaS20>7=qA=b3MjdAPxIe%WBzQ8X5jTCb9F9~vqifE95mkvwV@ z+xC<`yx<0>M`wn`zuR`mjfk;t_~9umusB(O!Picvi&7sMzM^#=w z;rAM!%cGHS`mmF~qu*e0ykgi_#sc+g_zX<$(9UC6g`x5|Xq1<0cEyT&V}UTcMOc?w zV|hV{rjyWz3zd&41yid+Ar%gmoK{%K^7Df#M=UnFuLop%KRj!h+HqaXIU#G3G!~_z zC7QI#lRv!#D}U@WA5K+M3|QXE;b}O54SbKe9GJ@;|1?{4|IiPcFlO=5{p&to@U`rR zUdAU!ri9A52s*#QRKL?1V^L;&+2x+^(LU)YSaYxF*0`6XFC20Hzc$OExz+Z8ZAdjyr;yT; zi6K`q8zQkld|ZsIw7%ivIRBASu<DFn7Io^+#Fps@ALm{?JJK zIZqBklguV4|+66 zs$RW%WqfjAD(L3;qCYI8b7I1|S+0h-QzbPw_svRqS!bOKXGv;-yoSd2QW1Kof1ewF z8{)qn#i&I>Lh=}G#BV2k2^oBmDuhK^&K=c8jT{~vRH7zpeg6jo29~HDhOcAgwI@bm zu64ToiGo!Aar;vmnGQOoWlscT4Gl9Ar0@B3F_EUYkKd{_G(uo>hs!J&D7%B;@m^txvfOj}VxYRfGh$yVU62 zw+98Lgvt6&`D`%$Z#n+YcT3vdsUlh!XGxp&QsJLHDWsfKvFY7rydM8Nx#Tn7-VmcF z2{5ZmHF-EYsna&_MON~Ee3k!w#uKX79_BoYKJaYD? ziW{!!kLju`QTf&Wajx~k(4WWFdye{I47WRf{Zs^VgyiX-@N?9`kGOz8PD2G~b{h9{ zw+j5wj96W;i_f#}6aQyq{$HM5JPuJ=;72SZue#_aZ!GwjUG6|N@&EqGe?In4?Xf0e+T~ZElSQ`3!HgK#h{HpO?GE6de!~Fh3%ItZ6HK(VH*f_Th>3ly_^%>BQf72m`A{~~ zj?=4x?hq3s1^L$CN(P^(OjRRspZ-thJP~@@YlzA^xQSfzRKc{nrrc8f^oK$E%8i~( z7chxt^UxOfoib>P@)FJ8tjpemM?5?{c~h1UNZi=vW{7y=wT;IL#%CU2y}loRj%sQW zUsoOyqZ1YuRz{5O&vkYN9UL9qtehAbVYINYICQTyt`_h;DtTl}^!L^Dm@Ll1TX5{g zojOJ4R_A{`cLn`iZSdUj0!?EGFXKeBdw)rtzeah6?@4_kVsR#|?KqQ$%qCBzMuqqauZy z^J(SVj(i%<#iMXtWS13+>iJJpcM#AXurJmWffsGhd-T8C6}^t>*fH=~ zktgHh!|Ou)qN0|{zMf+If<($g*2CCQp`oFXrRQ-e86@e*uB4nL3A&nw{DRD}d%g~W zsAaG=DOF?#3u80rYwHg^0qeZGg;4AnidCdTYEah^Har~Rd=Crx`N`+&=&uC-Jy8C= zE0o?~(5kI}=4?HKOHY%H4EeYm08RK%ReTG05zbENp9011si-)An=r(`yu zh9?&u@G#vxW^iUMp+^r48cUTMrRH{wc9TC`^_Z2cy}Fd#xmjK@FUR zQvd->>t0r<`+OgaZZ{asg1!m)*+*WxZDhv#D}65)&-m+a9-KwPM7<_axy~&%baulP$S79{$hj?LKvFI41rcw@~w(GtVgYC!a+ttWvFov1VgOK zHnK*QF+(>w9pg*{%*+FAhIH zzsFve?x%pz@}*(C&G!h~%$WT@*A7dU$!*=WqcLFIe2J+YckSb?XL=RpW)Dwa8_i z`e+Yvg$Z%VM*W>KligN9mcQRoMo4~LQ#LV!i^7h4YQ_r+jJN0FHiaIs>0VgLo#Fj< zeW>X~?>xH)WjUSt{-HXx^r5rQn-;rU&_xL+{CSV2t&PmYgz9qorkccB#EU^1m?|3t z`U~|luaM1k;Vdx!(+Z_8AprrFA>bXl?69~TSlHmh93nm~0ZinmQPmb9nhDa)-FVI* zFym}!eP1l=5d83#21rGuqWT18qe7_!6cmb6wS}LwLMzwH%j9QMy_UX7y=Yv>s;(Bq znK{(37q(prTCH~IXO7jn<6aPYW$AdK4;|EL412Y0(Gf=d+Y=1ZZ4YJLMp(O*+tFtH zdBYiUsKE4+cgbi#*m+C$$8G#{;f8NUQl`O~5;SJ$syySkb!QuqH)k;%;@ z>_n!Qr;Qu7x9Kll@ALlXV)v3@DzT_pV&rZ|7tF2 z>6S1Aqw0v3#CeDWk@Q-|@Mpu+00C8~TBKvqUk%`U(;&%qUIADwGZz5BZ&8{O4Wtoj z7{i`6^9cylMk)w(p~1Syuv37%g#+!IwaOH)%hN4vv6JU#ao`|?*Pko|dtQ8DFSMS$ z03wMf^LfB%c0y~z=+*;3CwynV|gw*_0Rra)R94rqQUqM}-K14|wNi)ah_pi`BX-^2T%*ZO>!Bu3-o!w%i*<{!Bu z9>XoFI%!(5N;Q9wd7;DP!Ay&4w>>8mVYxi+ooL%iuB3$feo`}dS$Gs|l<|$~*j_jv zK9$DWc2(oBv9jRhC|$umN{A8N)9)1nPYXpkeniXz)K|5%~0yw_| zG|M30W*dPjMJ<|lUr;`-v9<^ZCkyTXCaJYOQ$K>T)t>tX;6HFv9^uGAQK0itmP4zE z0z+YKl4$d37Jcy7-r}EV;=V$QI4pLAJN0mshDa(Y;sN1g%L9N1hXTP6dG1%B#5fuY zRJKYZhCZzw4Liad(8R3T^`ChQwLLY-;S)NR-;$`J2X)3f3R?e9Br25}16EwraQ1UH zj7Js-t4vWVTTpfG18tavtIlm8mV;E$c6bj3c#{zITig3+{`s&;ecF3Ea4-f#btIg z+F2b}O?`=>BHvbBW$E*0S%{*3E`TO~6YrJv&OAwSnpx8g;e%?8z->CH3jrljG@GT2 zu~`gAeS9Y5n|^9G&T)(u83JVI>dz#sHPVqRF3(dYBv{fesAf+-ku4#s9(gW?3QPki z+J*oeNP%o=&Yr~#Yy)CD0utwi5T3PB1zb315EN5_hyiN`2U0Q-&gZ~S*b+UNyKa?< zCh4)zDEEg}2O*=0CaZxQ!?OFZ%wHv?V0TiByU7ggV*p`uWGlF|LaI`C(f#Hy(jBF3 zwXt4$y`QL70^RX@*Iz|3n~-QNc$t-K4N zA4t8TAh>+DLqtgc3ATmBQQ-0CU4n%=-@l|K#PKmmc+?Fkr~`@cHaQYHJ=^eur&qaq z*h^3ZFRsi>Y@M8j`MV5iKX10`Q$5nEu)hnX0jqS~`NJKU@<5sf$nuk-#Y|9O23J%i zk2zV&Oh|qUn(i%iZLQ}OIRY4tyDL-AaMoM&Xu*MBgcLBo0~1`yO0X;$fwf9Y2t%iV z;k~fIrg2UcUWqe=B}Q5>--UG@1M#3_XJ-?9q!C-fgwDfnN$zNF|6k3H3cq%}gWxUj zeW&o>=r7)5r*C+xsUL7}*l%81FkZ;vX9B;)cg)?IVUC ze4t7{1Cmn9D}4!2F2bco*vn>vEp3DfnU5p`nGf(6G-~B|=1R}j^Mqj)00H%B3X%~z z4WxHQwyHi(0=n-QSDCWYJdG`grQBYmjzJ8hY=^2S2qT|#K=VFK??D?c$L1S`B%D+3 zz(Qq=fr1rTEgGnC1pv2j2TK&PvZyz};U4j7Iu=X6r9FuWU$v=S!gOLlpXD1vqv+(& zmrVJUTj4PY>fx7~cht)a$7n9-OG;<%Q$Ws-d$ufxr%BoO%)4T2XIa=CoLDVKro5`} zR+|e8F#x}r`&idP0tGysCCD|BU-vth@#)FZlG+aj zye{pe5Xs&t_UHK{O)I=_rppKC1>QW191M#V8ef;Dmxg3BUIEpD3EHr5m+87CN{O@! zG_n%VdDItj$LPu;ioVaXrA;gWn{W%wCLF+s zvX?Wl0DL%rk~lq!bO}GXa|Dj~<880bP@h)dEDupF>&@{Rv<4k)?T7-Jd+|FXA6tio zȮuUO6a{JFPe=-Q<1qX?<-XRyx{O$3?r8t55^F}o`mV>a6M$`ACTS4n@9_v7K zhbIgsX+CdS$*-@p4|H#4^}J=1N?dyN$&sTuv-QZ9h+F?lx*Iso==3NMK#=4=PkOj1XscU};LSC@aA%qIj(4niwv`@<>)<};G5cx)WK_oYqP_tEx^?b{a8 zVMSU0+7*VWdwV_HwHaYT-PC~k^_hHEU|>%FoZS~a(5&g~Q?HWAbb+40V5~A|-~&#d zwf*nY8ziLFx!-QM&Cs8Dd>orpR@v0CvMM*SvTSE{%b*fysjg(Lth&~Z5@Hsb|JCPK zgM_Xx-x48$QlRw&G%I?>zNea=76z&@^Z3&)zzxVAO`slt zgYyw}!0K0xg9K3DGAI1VzWQF^fYdoWBYO}%sGw05^8AGfCKQdpH2+AJ46xT7BE;lG z;@&wg(~`~^D@cf7?9>375%%=DqFUL0SB?MCu+4iJG`5K7?3YkD{^q=hJWw0cEEqX4 zED;xC*B8%8SLhmjT2_ONao>p|6ORDW2t=l4xF5vi6MSS35;q}vl$KP)g$9v^Ou7J* z34R2dn!cAxOi%{J2 zVPv{sQBKFAF2&vGUkaoc#5-8+idOdAUNx!jIR+x}ku5QEV-8k*mRyF98X%UUnC+A=6vZ3>zDg!Apelu1F9 zAQpT6$cfDWt2LL`kCbpe7SGSsEH16um|oKNo={V;OtghcG)M?9Pj00g;NxngJb5aX zkgEC`CM1O=6e*szZ5f9E*gBa}Dg7C>cDw^%_VyEOXbl_3b{8KPEQ-a?ieXB4G#nac z+1p_IY*0MKjb}gewGsC-EK9@mvm8NNwAO$}iQCoYx1PAyknD@IBPK-qz?PPo zW38fA=lv4(B7TWl+^vIf<1x!0LaZv)oAH+m={kRHj@ow*)2L;)flyp5az>BMkP-+D zpxMP&cavncdwB=!0kqof>_p4oF~6;tk`>K7umqM-CS|~6Q>`bQMntIo)*G?9_OjKnz$9TK}AyY%Y!(a7foS&VKXYDL+U zi#igtmrDCX`c8#lY#8zQ+RD|$a3;p{%cm)EhF!GO(lcWCY2*XqWOh`o*IgDVah6EQ zahlq&F2h=$m^W6Zr84%B5n0DSF^xz`4XNA7@EyzoVpB4yaZUmN4;yj#MrxpWTEXT% zNf1I@rDTO}_66Yi8lmc^q zb&e1l*;3enTJGO#+YaDw0THoH?H@Y{mKfg>yTpLPkzNOLEY-#og?V`J102LCMOnP# zgg*9dn{d%HNCLm2bIPRuk;GP;?k_*D6N#g=KpI>309m)sv*h??eL#>0>&o3Cp{?4s zr22>RZE_ZE$4O&La2q=Ehy^^X?&BWO^Bqaq3WHsMzDA;69(3IP%tEAsKGknwOxvDc z_?_O+EJ10#I8>6AkLvnf-)2l8I-5cbt$jkl{e~@e6E;%ttgI~{q&j@Q^0z1LNqwnk zej9U5Swxov@LWWDzzO~?tq5?YmZ{B3gTr`|@HpNye+?cC(|g`RutA6!vnb~+V@PcC zwfpYz<0m=9$HdsgI7D-}fY_I)n2nYii1FT$ky->}u%ARyVF7f(w!lqs$3m| zT$#w{BmLK+L4^jMnYlb-md!e#mf?R6^y4y{|T35-}xoP@}j_{XV* z0v=j$2Mz=;V=Oa<`Slg955JgO)^5Jm#<2tzBUjn}<>gUj99>l}CEuf~g z#ahGU!6La*nc|3{3oQ;krf8h5G9>WRj{WVr=QnWZb+Ms)*ph@{fyA#M(UWou zMB!q?A$}ub;t;7i*13|$Pq=<<6mv%o>a5m({UG&wdZx**g5+4-4PSxa^&O%PNkjSy z^#OI)~9G)V~?zXo!>sZX#jPv_5@ z-Ak}zv%{=#zs=2rI0)M;v9TEU&5Q;O&MeKO4EK2ml?vrga-wQIOA}C&m6{C_**ePt zk+T8@n8k+$oE3KWV#9&C^Z3hecFHOZaAXsv>{5%}sRY_7HGmvl0jEj|9_*J6f)9PYFpFEHvn4;%f zon*yD4tX>f{~-eY$l5~agIbxUU-MBTkl)oAU4Y~7o1r-Qod~r2P?ZV-DB=y`N^+t( zO8cW0J&APn(w3knbE$NghvKP&PO)wSh>J&Q@VICI7BORLV~HpYcd90O?mzo_oq3&l zofe;EZeKXQ?-1XY#DUN+aP%{l|MQze@=b*t{FANV^EStE2gML7+UnA z^mWZNl273snDG@D*WU-NrR5QNMurP-Jr#2v5bkEm)2|J%f9eE+DSNuHyEkx<3)X{F zLor1P6|j%&wdNX~#*$i)Y-A|aOBi=6(8^Oddq(<5oNj<1h@QyKYh^vakwn)Q$PpG? zUc5NTf?NK^GQuKiRm+C~cUjG8@Huw5+5UteurrxOhL5Ym9=-w+<2oE(lLiF7owK5- z&5@*Sf(bqZAk!tPS21mbJ+HTu<+T(1VPm z-e%Oz)Tv2sS26}@JrIL$XzdNXA_w^Bv>wQE)L zP~;?&xv0$nEXQEkWL)NnPu|^`c83}OSeyODwHhGTt=j?wyYoyXH~EsoAwnRb~`%kF@~$ za(#SIXPYReQxLvWOq`ntd){l3oWA3^NlE_0x~QtY8i*@f*ireUgiecDzA6c@#Y47D z%T_!?l!Uw9%3#7AN2wt+aZ(7Ugcghdsl|Zl?p1_0G8*T+!MwDO-;?MQ28d8hX5NV% z<9m@ROXPeGce(Av)pmnpLYn@p10TsbzB!XFQew~%QUB02JiE`#@#^yN+w#0eiNzKm zoQT(DAnf6WV%(7SxL~Wx{N5kYZQQe%*J1lGP2}+7c*da4NO{=fS$ZE(^=YlwpZfcw zjFXWcety<|J-$pBfniwGuQ6l3&&S@<*NBgiS0XIn6C9sbp{x65`8H5k`8&9gd|>{< zw~AKEeE4viiekeBi_4z_ABaZ;B&h$I^lW2L+QxcZUpwt2x-IpfOf_8;?*?**f@h-L zEx9ky)!Dr&#Cd@3$@R!IK3C@u^*rTp>m=ufqaorEt%c;=&f{zVVY$BWQKPQi#tDMF( zof}A;-BeZ(Y^%Lp>@m5Z)LH(FKHu<`BGo(y(l`Ru9+z4s=j};_B#C6}(1^Q0j(`=* zO{-K5r>G}3S54IEE~uwY=EhCET$^#B_I0>_>6F(6vigx1y%YC0e?@HPbKfe+-!ErU zISV+iuy2(|y-a1l6Zf=sNQ5`bL8ri%;suhWs8s5z!iH**6Q;>AnUFvUk28f&cksI2 zbC0)8t{V9+J3SzPTtsz!80z=t_Hguf2=4OpKe83YMZDwEJRLU#8U@L&4R>Ig_%$&f z{lrahk(1MTakYM7t&okUANEF)k+^ZSpQ<(}gnHFRNk#W3E~eTs{9d- zh*s<+uC%_m>$ztk!EhZT;KVjeS89Vn$?UJ`k^0Z{Ncc;Rve0qac;v&>S#~nXw}rMH zxiEaF%;dCGj8HW<^6c|Rc-4`-^QOb8$sR9X=@6}32NDlZ>Bffw^-HfUxtU0i!KFJO9RdP#p67Emg&}d zIWGFUw(&brMN;wSQOBET-47J7@+oly7EE^1d((CU zsov1)$}OOY<_q!;ESQVIg*nxB@=G2K+UFbH2ZVWz!SZ)hSVFQ8gq=xgNJ!-4G-@+s zmG1D)M3}!LCFcqE%U`cvFA&-U-@J_qT9go8Gi3fm=oH2}xR$A`z{;0kti%N_KC2-I ztm^A1{8v|W4d28#UQ@jOr6*w^WxnYQHdHVco`=)Eikczj`vj#7FonANvDah>~Olc_F!wx~Moey3|( z5)_V51?zwfZ545#a=tRPi{(%qS(6(WXMj$1umMzJvnrVsw?jA|J!G>~!yyzoP;&K* zi`8-MqPA%z_C&1?W!POdbKSMIs@r`f29AMgG^=iVc8WD_hcL46@jMH?d&*+q-qy$^ zJ(xm~+X8O>J2fX>iY4EVv2R{Q$wIh~bbL8JXd5X-{3gBmG7dke$oYgV&@s81t(T(~k50 zF!uAM_V6$?5OJX7dV2Ro>NNTsEWX>(?F`i74kFVvXlR}1Fsu$`HLnF9nqxd4Z(Uc4 z;v?g%{z05Yi#Jo}=bqH;O>S}5A0~(SltE0i$uzPRA%{0Y7~93o^%iH|ffghV^N}2~ zpt`PG@v*^a&t1lxeP%xqO_*iXt4>)i$82m60iog{6CcvI1_ zNFdGg&ibpIw3V^C<>%4_5U)rgzsu;Xj>$p7hd*B`;v?m8kesAQ`EOI??qyeoTDs7Q z>4HK0=)*c4cx)Bb@!I@U+IVGHFw&?AxFS8@bGg1(bsKN^75&Rxp)0nK+H;QG^l`ll z>wAx>c&)KjExjY)!G1KlPH+lMWGemT5H8E$SMljDsDOc&5CN~Q>L62n8goHf`l0?e z9GK-2sS|%)n7{iwCWn8X-z`#G80c@^l{-{AcOJL!HEy-$fD-SK%eB70fl0#PruD1z z-2R;^&ui~PVISZZ(_biDFk&(@pf4*Fvmh{D$F~nugO=l}Mll&Sa9I=QRPoCpULcn> z&C_vzaU_*`Fk8_w5*i@EwJoy1fr$d*$=g$$KpXW}O31|CN1iQ%FmR>4qA`4)vSvmq zEJ_myMVhD8Pk_6uW>r5_;$*tRcoyU$wo-Tt^%v^My;Et}qX)w@Qvl{bs8^;f=9JRc zaixnjW%IV!`OX(@RkAxih2nF`(3KzVd1Q8#JV4+>A8yds@T0ozI~*VRZ9;Ut^s-GW zXA?0~V^vu;XlWpf>=}&fMGts#E|)XNk5mxW&-@i=L7!(8sb&RdxT6_^Vb188)Xmyqr6w3hV?PvUm`0~AY@!!rB{sVkus_@ zvC&I1Bmm zSI3w!KNb)-Y*kIhzG9d@Mx5&Lv!X?gUr=~htmn#@;De8(&_CS1X5$*C(t=3&ucenk=cW<_bg)us}C=oeJ%4H*VICO_< zd4Z&N6Od&4wUnSd+y>(~L zGA_)3J0Q-35O4zFz+<~2b8rjY`b1?3u~VPsLrWPph**OaTjO_ID5vkzdKrKZY(X7| z$V&c>%Gw)R-R2;ZeaZf#l;`UHY~x4mj)PW*-Wj;@kj@Jiwy|80l3>~>23$Ku z5nWtl!3}NM^5>~D{*Eja&9;%hU?1~NZ`+(p>;3k>(sxf=VJ}NKWJzg{FH(`c0wA2@ zq*HUz&^7W#kY8`O4*w>5Q&u2E-aK-U=IxNJ2+_Ys8AOLk9vR*X6OMhas$HJMoDL`B zB8oh}mWS+jnDEwW(C(>4jmcuP=#dj_SGo?i^05nEhmj92xHU&HH&epLgTa~4E&oBn&6ZbIYA!Y142zPkZ9Y!`+JA5e8;BIQ)zw;eA}(_L2mAed)FPBqcKTU7emA>? zO_6h)+1NY+sW1MHNs%|SJc9OIm^xX8=Dy1LE5uVb3CQP)Vsi=R+ZQ4gMR#k7iE@kb zMbkx@tVZLPEc|ZqzrOo`H?siAp!5KP1V#wNQUaUg=R8(Kz60&!D=NN^?_39yoCwJn z(t6@{U{U&7jXPWmmpE520xosBJ`mIHN4vLIIzU1v5;-HeV)Hu*|GGw%LGzi&-NVVt zZuX)Rk2)`Zpw@toEK>{16l73g?b5%8=!+8}`9c4~L z-zbz?s6zvGYCt-Y%#OP(drslvGsJVVxC3TU0}66<0Axtx{>IKE2o??NuFT=>fcG49 zC}r;&OLF2PPY$!|9_>iPKQwy8e@g)$Ksi2Rz49WK*Ag?eS!kFRs5pZRm=A>&9o;-W z`!QqL?Wk*BOHsoX^V9!O2jlL|<0drdr^Qo6gHr?&r zev*kW*|=XixbU?TKil&T_uCzWgr_CkBdTKaE>%4S3i#`sTNpOUO&~5r?}wcyMRMzL z90(Fc)9HaaUeI*&%OzGZ8+54#+WP~J&n}@hBh7Pn8r#eYtFx?FAAMuFzIo2V2+_4^ zyXUF&@FC~9cM7N((@@ald2a1A!1s5)*+MlXi{=kCRl=lH%W+ zN^z=3Jfm3e&~0Q@cI_$PP3!8=5i%nI?X6txb@q>~nl}-+ zb!JPSi$q_yYEJm#TZP61w?l{9@_w(J3QbB5GR^ls=c{k-Q%yxQ#U&dGwJpDNY z1O-IqSy3$;D#0Mij8{ztGkZq0o{5G|C3&8$F-70rY+Qrs zJ2k*mUCvRa9BcT)2G~wi(c?{>d%@l~Q87)6+x>Q>WEIHLWv76+L6AwuLCSt7nu^CM zfB18|7-D6wjNq$PWmQG^=VY6YZNB1|{WzphFC&&PD~$3BE;r-s504J(j|TBt{9IQK zpje=61?paD z06?Y-RB%*Y8iNrpETexR{_Qavn%OVjfYq*GYF!j&MIF?4>`oS6EG3^CL&W(cVUXrf z*p!vu?Hl!Pk-ZTbPBB#5waQ-)t95#=V3~r3O54m^d)i4?9?$hE8}e{BNdqlft*f6@ zE3wgIM9U)9%h4u2+8!vLu@^0C&?#+8xN$zazWnAN1%^^heDD29Y{OfiZfX+7aRp$Q||KfO2WK9r(%Z^G-E!a8X*N=rj>!X_*iYTDjAkT}Fq zME9KiH3i&x{zpRj*L6OiU!=3*E_3YIX)(2P<0K+x{JHPiFjqhOS;wi zFxc_MQKyGou(4Z4LTOG{{mEFWMA5sLea}kCNKKp9c~j&K=@M#EMgl%?gU6t#LVq2>x`hUmp~4 zk(>r@OeIn=$P>u1f!mVkN_}oUoNWJR%g+l`9$&2=|5l8n-51d5vV^9vDof1Tw)eYp z>(5BoVmY^*HgeGeU0-$wwo!NVvt zPbtSBzs-q?m3;IvU7&+j{m@k3VuZdxy&MU=Xhc%Mhp%fQNP>gG)?lfKEPQdKwHCAW zG`i==Ppn)E-RYTIxX8>rrl_~Z=nA<6Cfc9^$KT4nrHbOr6)qm)22YPx%e%mpG$7$d zXZ%}+argO_GvJyP;F_;ip%^#TQZJU_r2~C%_#4}DVzoj$LrU1p@r9fnZ3`bzPWGrz+m}?Z*leP}b(V~@{IAgZOjHqzyhG@lwyJ}-l3GQ{B5Xh{f|5b$k_2mgvR376UK;^ zi;#Y!tb**5@5}xChU%?NB$Y^cNF3 z_=MvlHsVS|zbBHYR&UN^ag4u3hacHiMojtvD7Me(0(I!%hwZq95D{#25&G40Cl1I+ zBsA)!Q9Vsr?4~~EC;Zb4?k|)*7F~k#+zp39O zS=gi{9lFh|t>~Pk*LfTls9M-F3TQ--j!ULd+rX#W<798EmqMlH-&N-qA|9lPIMeW& z^x2dm`t3y0@gS>Teb8DF8u_;|gEql`ILHr$AJ6$*Pq!7y5qg}Z^-l$qAaQDvApGxX zo&Aq}YjBaRAK;d|JtQ^Nfufu9q=2Gh(9|FjTSXfRvDLg~b#Joo3pEd%WAd}46Aw$( z6k{Iq@%^FH7A{dbSSU@Yq5TJxH5&Uv24?+|IJZ)eEAgqf*v zEwR0c5OKDfxaqo9j|Fg%+l^GLt#Q#vo)oVBqA>rS1|#vVdpm)LOW(}BQtfFvQJu+j zMf1|}e%azpwIMQxfjj@Hef@L%rDWlY@fP5d-dV0hCaV><&XR4%Ph{jz$Qn$9TseZ7 z@K&ZBmSV5?EpLi`&EDw2+*MM=i$~8&8#sZbu#)nD&9O+`1D{*2PgOVD|F`r?UMluu^&}+#;cK%Kd;&yw7D#GKPQU_{f zc&NfAvl2p*wJz9!2Rl(5lmDtI?m2iAPE+b9DvqPGUlrvEmCCb2S^-SF(Yns?=-3-~ zVy5{L%T+ouGq;&)}ny)3e*Y*_+Ygj|W+N)qNWrixw2j$VrMCIOOggC1mmsDqb@L+J0 zOD1p=&WRgQ@i9r)c~U945=DuS5|+Xm-L8uW^)AdO99gr=VCD;1O!-+i`R?;N_?t&r zMw{b4X#lDuXsMfvsirW|HV}3E9?6?J-eeU>&`mI=#+yIUWEipK?*{ z(-v`yGD)NAe7|2L6Yv(k7V_ZVv+IwCof3%unc=0?QR?e9%V~j*X&&_jAyB$3!4g8B zR7e%DRAOpbmTZP8>p3c3W{M;p5%KtRtm;r;_JUtey)4&CEzXcLwfZ(iWWZ1S-o8f( zq;%RCOr;47FA+RMwMZIcru=N7Yq}HdI%U~b#&cVtfce}bXXqyuO}7Dr zYNh2-*i6{N?UuK3zs+yMA3uo8f6phiOuk! zuzXYr%<@sWZn9ZvjF~cQcK&8fcYZMi2$!}79#2Z8U|`;|{mgAv%4S?ENyUoWl=``` zqFwr+U0T|7TC4r_vSVxsvbea`S^u||8P=NJTmoNP3u%3Np*-RaP|43Jb?boy<_!gH za45yPdS?d~aV3wClgPuWmQ=qTE){;MS(d|ebLhVa%HDRi&!nwi|Y zb?vDWIXSHznk*Tudt>D?`R)3wSHLk5TM-CoUW?H@_7xg{%ZeW{ZmFu#T$Z95ek#(g zA|jxJ`|XjB+(<{!L~hQ>JnPw;BwCxrcENnvo`N^XrybH%qheGq1Uz`hjUAz`G+5b3 zrucM(ElR9>Do|%zg?%yJk8Gi}q**sa20@Z!(!ms^-U(L^X@x7;%azG@JP&n`EZpce zQx{r@d2cpdUXt)+cLr%X(M_v>AVKF1=>tsJ;ar6IzrwvAZloR`8MMXqg{-IHQH?wM z`7*265vljdIDA_T5mZ#~=5wWK9y{QcW@(UU0t;f&ZUw`DKi#4K@j~n#MyflRC=0S? zKY!Yhhd>xvbMq3rof*bhyJm^YScX2U)7Y-QY~k>(j8R@O^M~VKU1^ZmL%g{|!@M91 zJGOkQ*Rq^Isk}4zajvwCQBPz<2*84aN~)iHco5>VD1V9gr1{D>g#iKn$kdl1?-C(m zyCKc7^lWJ=Wr7X%PlBfJ-<*>Iu)T{TZy06AJIAai63VxAoQiH>4Bgf4 ztvdq))U{moQrJ)!?flOOT|b^}1q9{0dqzwzd28olsZpN}r_SywvUO*9Vqj-wY`}JX zQkd^iAe|CFMpsu?ZfbrX`?K*S5;l!FmUNfHuka4`>WC(YD)C(ApY8Hz-?;_47gb6u zzez|urCPzBpX5%e1eT+R@Mw+{aD>9ZMt=_z!}dk4cI?u63J5E<|N0%<*n&RznDMvd zH6jr6^37f?8PxV)dw$ZDF>@qsnk=GQqE0w(**qT=*0X!VRk=Ox7i}jtLIcLePC|N5 z0&1Zpqt#H467qgMRrO#Dwu*gK~rb zE%~^WYw>X)j=bcbJ?1pnSU4m+$mQYF!nC&&q?T(KN(D>15|uM6IF$46ApG}7EVe@g zUF#lEO~PDsl$L?&?Rvc(QNH<4CPaP<61L&#@_YC`c~#;gKB<*I*;4#IODZryZ|*la zBdr%>FA|UM+c*$>4z7EjNrvGRuEG z`p*#IA1`(k!PQsDWC4t#0l+ALAKqkA23q;9OmpH}`{@Cua-SelvxOp+m8R+tU_l-hHFXgBRf+0C{>J=gSi_3fD zLJhwnBWtvNL#oCV4fF#iLb4P7zj#n$X5agiD`@XZ8aq&KWwaik_%)WyR+S~2w0xJS>79I_Ek=Zm~>P z(~BdLe_VbVy8I}({1hmqp8!_fg(8_AXU|vM8CGq~0Xao9C<3?h#Jbe(=q!vn2Eq3P ztuMul`SKrPE#V1GHMEqtliH^n4}bPQ$vjNO4L|^M>$Uuoo)S*=IK)UXw%+$(=3PY2 znm#g`z3Um08MIN;$Gb*&xIGV8bLKdJ^LOd+GZXLlRXC{fI1N<>pE_-Pe$vRGN{}i4 z)_Av7S(0oGKAS|}Ese`PJw?Jo_dskX_F;7V+0msW22RetYu!=HuUsfEYiH*Q>PW zP;|M=Y*x74FzRI;IA++f$+ui(5g%1ab%xb&IuTi7-^nF|Y_K-t&s=LR9ji!`NGM_- z*UIVuBVIB0k@yjby6H5~HGB-3Ps`8mOSBzULxU3kudN9n$pi!Sg>ClE)oWlH{uU0- zc|^GrX@4?O=IOL&-lv(bg7cc1g#`n_CUd;KG&=@18U-H={XO)=fVB5fgDxLUO_GQV z?($UsMoZ}CrDW4vPqvwcY){4OC6PYz_ zsxW<(n>+#=kbsr_?1YhV~*%cPC2JJ2#oiTAO$F zE7EexYH+;fLj{X(k-|!?48gDInO5egCp2vYU#fx4E0xT~LT)*f$lOc=zQ z4I79Kf5rY1C_^*!y)6;323vv zKoqe-qp_p`(t5`E0P_loclV-ekDG%j1$l&;Ik&egwLq1zd8JF*ieq~)~0W@y786wx$vcpx$N48$KN*ekI&ck zS05dH6ACCe>L0auOB+&Pu;4VOGJ+0UJNl^gu@-@=1Ou3IM7L)xS@e854yJOt0fAMS zq%Dsf9Bh1B1_zp4xg@ESt7cwk;NZ%iU145{D&cu2#8jl)*FBdh_cq{5^+KFU1@-Zl z^TsCYpnna&h*cN`x&11mnsKX+azFzb1Z65tXrTD9Ei~w|0=OV+$nOkUX3Lf86009& z38@~BAY0W+F!EcwV!2ySAU|*1ebpBF7+=~d$PaK0^4chc+!n4s{=kPtAa{&+9!nhD zm@S$bI*!d4a|6y2W#!h3j#QB4XOE)&gcVz~xGAUa=k96{LA4U8#QkL0z9v6Ibdx_$ z|43Jucu=hbXjKd2ASrx>O3R({<*-jlidRW+*41+-8&M#eQ9ARQYSNuxlfqJ1#)g+b z1d;?h=jP~|c!EUPqA)X9cXuI&yUNh)rWnI{E)3w~dKvGms?o+)Q*a~Y~q65iBA zPy9AFAnN|mymPZJ88|GWft!bg=x<6fm`5v_lxDA9R(DTLr4So$L(w#`Jb$ zNjhf(ypHx=x37KDf*Rvr*Tx2borw2M<9>$LVtxZqN3;zy6Q5eETJzg2dpA8v<#uf8 zrpZ!Nct+Mm1L-vl6#6npS)y~VCB`A{fQ8*yR3HJegR#K65P;x!KSzH0$?~Gd*c%o@ zMmnOF%vIZVf||hE%TtUi_>j2TO*ygxm=K?$)jzrgeu0Ts`lFjL{ZZwFIVZDEI0W~| zK;mW-5*c;OexMTqQoD&W=P7zy`V*`rQcu7#y7v|?)CHgvj#KC-Gt7xLZ;(J(HS1fJ zS9^*;0pk=`!Q5w`d`j^zpj5MTi>dHbBc?#jtm`)DOYtN#oWNCOJvxyR(nqR;+LW1e z$K*{?EoaMkaCu7BeITW&nQ$-#s0qqw9tbos!!Nl#X5SHi!0No+XIk$hZsizV2 zkkes89&m>V2PKnLj!tYVzf

      IpIAzw>65)i?*icMK8luEA0>;!4Q@Rn}}j}P%9z# zKlFRbA^43Ss{8SLfP<2g3~<}AuVcJG6s+T2W7J1i>ogy!0w;ZL6Q*vGQ{3+hdXbI+EdAU) z0lNP;?h#0U@%sl2gP7p(IE_wcf2sMDh22w*@I|1aYx)+ZrJ)2Z#JSR;RAk%alZ(Kb z#cZV3?ORamOJAsW*xbRe)ZF3=^3`C9}K?70ZG(D+P4S+(fnpZ7*0yS-xed0G$DG5%& z8g_qP#M+B`7nJ0506I*!d;(uzCH!u0YjdEtocIxM&E_S}&q&J`$6!_{(+w3KHm?9& ztnt#C9rolYR0*=XGWej|u4WckFt=|+WOt-W9f9t&>e9}fXaP80PSJO4OgGMHEx!&N z)x-%)JOYQ$%jtQmU@vYA2+7z!el@uh7*+ zM*@9)aS!n}MGjEe3`N$f!Y2R2gcxhokV#Ll3P{fKuP_EMBv_$nm12+~{^IYA{|vk7 zoV*Q%ILoI(Q@W!ooNQL_YT5EWPrl(^h&nRhtb&j&RSQ-fS1d>3% z7_`nHNu3C2hCC!8;n=}YuS+1PvX`__h!b)ss00GE38;AUoP}(3%mZ6!RR>i$B~uBY zjv)p(!(11-Q=Pz2WZebGB_q_Y`$M+hFG7i6Y~H@mJ??ofkVo z?tZUYp|mcI_-NfIIYaHbpZc6`@oKag;i+{?+F4wNx{-kI42Z%50qdP16}uv{5mntw zrI2egurd8GVL4PlOPrGR+$bI0AUv1AZ%xr6$OeU}uW5#YiX1x~Wonw!;`0>H%pvRNIdEkTk(Om^p6DTML%=2-mVS~Er+aF>rBD#go zh%WD|rF(Q4zAZCJZ8U#t&jjWr+w7rm@i)DvpkSdKiaSm%oI7V17)QV?2e}F(fu@E~ zF$XI(F^JJ06-hh>L>6$C2qu~&E+t9dLK2ZPoL$dZuYitdiW&1h!Lgn#B4(6a7B0Z5 zS`r`6D=E(OEd+PSZ_@ehJ-L*}jZM>V5%CKzzSMcZKum2s(6=dgVP9I@=}fQ9gJ$ew zU~qn)7!iK!(~z=yIVdq=7Cx`k&y`rr{{0Cot|~4F&&ZAfq}BMyU0Pl&Ldb{IJi^nX z2ZV+Fm5oPWZf|)McCLL0GCJ|OM7|LGVWyVzN}Cr49maF_y3y;G(C^v;C)Vz3^a#^r zAp82ni~2jUBzIWIIEy%qzoMiicT1UUt!EAO;RE{DBk2{a=p_V+ryuD!@%u$H$wziX zok>yB#*3DfD6h%{`f}rKg|UN@jXVB?tMw^9mRxdqe$4&uUg_mCH>n4JFC4 zcfMB&-&2n7b)EJmtpJs44U6c#+HWq0;q@9`yTIidQR&^bplL9e@o-Wg2{+<_5i`3+ z3(Z?@k5$M%m!}vPEH3Y7ldvyh(})ee?NvA>K;mGdA}<3URp|r|W;T@rJzz<)Ty}$z zAVVJm+eJ08_1x}868=YmIb-}=YBa$OH))!E zZ4RWtTa>y1HKao->x#BUuo-EWgZGO^$E==j35VN2u$WZ0zZ{I7S0pV8n0K&Bbr~hB zszB$Ab?IM3Wi2qVA>+qiHOr%8Erp-!T9*ptDIpqvhv(hidO$#?w^cs?rCXDxSRx z5@&fO{UpakOwu}ORbM2wggS|MSRc^4+nqyVteihzSk46PDT64la1}U$r(aG|N$=JBH8tg6NC@|Q4WS@u_=EVMAH3x*$hqQx<~o&o(=CID@_*c) zKN#Mb`f%9-+7|#q&tN676ClgoaB+C92y*$q=`6^Geb%(c9&eG{d1yVyfz>>Dq_=lE zMjy=;)~j%|gOceEPM#z2?^|)HL&g6OAuZza#ZNnX?${SJDu{xDhQpprtV= z`(6H~1)O zM!>7mT;4tiqBJ=G)W7sn+7;gsK7bmS02_j(t(`uFSNqw`|2NzR>Hj~t4=);Dd2lT7 z_?_Qs0YnD&oA~a5{!f+F(&QzYcjL(~G&$F}yLY^o2|vcvpYx`^;>B~0Amb@iDt%Bz z9hn^};7GCn515S+6N=w)dh~42lG^2K*i^GQ$Idl6Y7S%U_p$Q!+$0nxwzwT*7(L5? zqqt+su(Jb>DUwkZC?bzH1dux5?cXR6+>-IrGl87D9FO+pOWp5x&m{vaNP)T2=9#rzY>q{vS?>@BvL|r32mQA}#?h1qmg%%5&c)4-~l0pfi;@z%^7e-8?c)#vU@Cbt>_3S5FVT3oB+z> zAsh=iOLw7x-xka41F$XjkQj&N#1CCWlZHI0)vuj4N!Pwm*SvOFO7*4Cn(o(pi!KmD zu6YqDZ1jwjs3ov6$IAvRy1(d$VmoM?J7wnpmMiDl?AL8+?9|>ZPV3dB>!f|uf(&tD zsz2oT79E>=cnhSaZD?zPAqn<751CAMNus&-o!#IXXe^zy^2W7HjRF(J(yd++(pw86 zK2umnE?@S#59>(`6(2gu-u(jvF^GH!D$Yit2|Pj-&PB1j_$*~4{VC;z&(8TX9hOXD zY59J9_w@su$gU0g9r=0MED-z+10g1z6w(6r`U`^0rbwMY_VFt!8q?bi6(DMvBfY_1 z1RT(jr>)VKsp#-2sU)qvXfX|mN(jtY{)9kaTK}&h5a+TR@VnV9E{f8p*n4JZzttN9ODWMuDh43p2n05+&kCvp%J^{mRz4gS*Zt?oi_) z;Ni4r=MXN>vzZRWy>8Bt5+{x8h9Bz81sqZ?j{$5Ua>!q1am;##Vym+l2)zk0x2_=C zh+4>XNTBxt3eDUd5{9@Z6a@pS=3*aHRIw zWnkFgx8!;Z1gR-=UC8d`J&CCX3^NPFOKg^RMxT3c}4MMdTHW~v-?&Fys|Jer0}OGdk&exE*nRF_W10yR$Nnh}HU^M)yiMi~V( z<#2Nwz&v86g%6B=I75kbEmL*Zv}DX+^4bEP+rH;i@O?4Q5T)#1g=>B%Hn;aBxi4bB zS7qpPz!n98Db=HPvvO`Pcn4YHorT|0#-Dxi|EAiCF(3d>?XecPkG9P^?NcIg808=wHr&t=&I)5x0H?mJ~} zt2W`6b%e!5&thnJcDr7cyMNmRel-k>0w^A-u))e{wGL)JrXun}D`005{C-r@YIl=^ zl+JI1T&7ymrPaLl9MQ%>;vDN+xij_t6~6TnD@_`&5d;CRsoh3Zm2Sw69Jq`|F+uWYFsH7JK zHr_RtRId>j108Lxz?e4r5-1-m;e`SgXB=>_ zQtG&Qb~+wjd5-8cff&AS{!391PEXuDPdS*|rMqZaJ|9&R(l#gX;c9Aij8p!xejpb% zo!ik`p<=uU!ANslqKsyyotFKyHxH@;l3gkwUzgCkuqQn<#0*N>$It@|7sZdzekn zvs=i`rmRuHHM8KpF6rt;jiBCCY3Cr^l(Y(E71{JcFF2O|{(JuA^H)1E%jWHm%V}hmc*V|s+7rcXxi z+`K=nY3XDQ;t#|E4~8gtx!ZV<9_~CbBCtH#)S+9S8g)PD4YumKZlXD@vxw=cUpVm6 z3=C5`mc=Mhq1!kr=;A@{-@S^Z0nkO!4>XiV@I5&0e%Z8JMXP$x+Asq1*^c|Y_ zL#&>q7Ao!}KO)fX>yJxe-@;9DB71}J4M$(ceUFNQ{g=7JUBF0ZT=^}h!fJ}T2qvxKy0DBZekNuAD zI7*%7(sAr|yi5D_bo&unkPxJ}P#(qXWt%;1Og|1JJTL&OGmpkx7e;12{!Enn@C^or z(4Loes0j(~wC%yID;#}Y44ovil}iPA!3ExnD8z=H(TfcLi8j`<*me>wA4u3 zny97+wXdh5LduM5v2CP&7w!~wXFa{?d0%5s!0D?wc`4WA+v?^w)#aIe!Lh?#E<*2A z>Z7kO`U~ciH=Q^Sh}0yTlAtc`_Zv#9mc|I(H{x6jw@{cbh%^`e4)Iw8+1%n3lT03L zo2cIIXuMRxnAcI|f=l;pe8~bGbp)85?|R@z$O<5dk+eSrM0{<8HvxIp>Ft+Gk z1*g0iC!B57r7Z{`8!QMQ@s3dXD?Pj|8jK|89KXt>?h6-LXiK)G&TiXW2Pdl$K6Oi+ zB;|O_>>L95y8!L5$EB$knmzW8C)JLe=)lMgl|=>HI^NY%y^`ob$ndGFIMC7pOV#p{G1hVyFn_>KvP@%2+wWk1u;wZcI zwR;pJ{Oyd7_XcSBv_)SBkkT6`kfxX}g{XOpoNMB=d*D>~YxtW-c*jf9qFblcF0XLD z-CVvw1S4$N<9B6Q7eP@sfOOofMWHlyUf{PqhAam+?G42rWRA}|!%|p`WTr2ayvp78 z1AHB>8!g6WHJFM!aU{qYwcemw-S5UOaN8+W|!a@+*@fT0ifWBrCBe$EYLqr zm!0<6MtJfej#8JXlU`r9WQP1DbUBX8__)ummaWR!4qBJEiKkAxyQrs!ZA?Y#-*}1u z;ja8@_R~g}Ass3}Q%QdIlfjkLH33e0ZDGGw*h_@XFdu7P6(bnadRy!r9Tj+hU5(*#t8p>ytTEmP>_4A0>{$P5}RguU29ngT13kaM#=*BKPqeC~?UGi}~ z$Z6z`6rfK~Ia6;`j53ZL!5^dSB4epw_P_3la zvpVGBUul_4RYUpGWwmTn0ZUH1v@APz<*k2~Mv2J&4;5UGinx=>-H}IT_!-iv6B>*g zm>aS|jE)+9x3reQG5y9e7tXaA>O^gfOE^tAWm*vBaXUI8FotBIK5CnQ5Jdq1DXfq~ zHQ0-M1ZVRHF;^$U(#rg2V^>n&8=8ej->UPS7Z9iN^e_7;rY)}5BlU^9=3w7iu|2fJ zUyKXdd|aOe(Nuh?!6ZnwQV>Ny6Vnr(_98ldnM#5JR?|Tc=h^vM(b>bVZDv~)N}uPe zr4yvI0o{GkrE(syvf-Vc_;_W3{D({LPMm_yxqQe|n^_!l{9O@GTABVnCeM4LJhY<* z+RKOp!P4EZ<;H+=-zi^f23vi}c1(c_|vn&R!Hhs&I7cHWRnU#7u$V zM_f&?Aw@~#{fkP#QbbQh`&K{hI5b^Hc^e$B?-Czil9%GVr%aZN)P?3JIo3hC39nr7 zo>C`3&=|V^J3#{h)QU`u#oyTui>46U;o9b9(zAnxs`fD8>TR4w4`>#RxF&E+M@iOg zOG;4%0GWYd99%&0)UzCjcec!oV$>q{3z&p<1|Qd$B5Uj^4vkt*g34=Wg%Kd_bUcl{ z2U7o`$#G>=7bZc~Lv*sz6-#@-2j9t+|3n7?3TZW=UW$B`TfD-o zWG?Qsg!nDX+Buf_oB)HW!vcL#c!=8gty{HiOz}ko>2gNAw5-b&M9c~{`wmj$Geq!v zC)+qoMW9;RH!dXS97dY`_r5A`WT=T<6L%Lg{j&f0O5T+ajq&EDp7hDoQ?6)@1ruSU zyIzb>Vsh3^>ZB}v0v1LOXD@jBG01D87d6MgA>jBW-tk^0)-n@7LCA4-`T~Ja&r{kc z#h*;K1Cqf!tYVqT+$_Z04!0~~45WfjXa>~`6C;yu4(%ESNYo1^_+4SOMHAF}`-6I^ z$^I9D9HtqK(60KcS9(e9JH9FypqV#M%9c0@&jxWrCon6|H@@f!U%y#q5?()C(d!Bp zi$hMjnDLz`b(l=Wb2Cs0&hknu^SO;434*+8HO4JuU8^`(*KtO`U>#jx#Q9bza^(ro zF2DJgcG(;-7}Q^s%cuf6g|jc;DZ?jiokx$p6CJEMY9bD9cRLq9I|MZ0n)OcIW&dWw zM=83;0Oomc*@hPEWB}43Nm2#*GFI$5gr*Dy2f?xKv5x0VHh+S22mwfkMjBdAXEy6< z)6-@4iQcY@r?Z)rV6Rz-JqIG(qf@9V2(UHBj}Qx`Q~(B|57_uUJFdtvUnv1kna#SU zdO>vAJNlNzQu%u?TWR}eSM<{&mA8fmEcY1T8dm`>gQdv&V$|APV*NfK^LBC78(fup z(j4P1G{E%vju%9HNfZJAfP~OKO!RM!{j zP(&`@ydw$lw4|4zQ%ZnKu^^MRSRtAmd(WwA-vgF-DN&Bg(B^J|uabF%o{6SQs;Ly4ITD#;_nQd)=0fks5PE4;W$gc`u!Z6mk*ZaJ1 zh>oWK4ZGhHUFB4UkMq36%VEZjdW5qo&^gn`4b^*x(3lG3)?l46T&H`7fR$sqN3|95 zrQ7=q`y@g3l*GeiR9@9qz?7lu2p9((MFS%ID;e)7qP8hQ{d%0aNsQ>%fH940KOAcj zDr_okCQ%=SQ4dVsl{84XXm^{WVO80)SF^LaH|dq&4)fasu)3O*E~CpAsrEokSa)8d zAvmU!b@RS2Y!9jw4s|nn_6t(Mb38tLta;TwwUhYP)p)FQh(#ue@vhd7DL1)@&r%Cb zuI^G~SYp(w;^gV%^2nT5|L&2;)Og<0n!gYnqVX)duY=X|?Z=-G9P*c5G>Bmg$L~K( zqnDBJ*;I| zZO+|29~W{2GSDZfYs~D~OG|59*zOsM+A|Hk72T4&I4G*n(@bvY7&_$#v4d(Dr)m-V z%duMGE50T{MQuTj7Y&Y#HtDl??VHrw{1l=>a~(BuS|?tM54EP_6CH6{M>ES<9BR(7WZ7n=}P z2Opbg<0_MULOZ|B)~7m&e+;-$S@1p6JlQW>B3$P6nG_%w6&hRV@K33fE+%6Hme(!5b zz_rb&dIya4YYsCfw3iB_*6$lFYV`B(fAOr=4r$&3i*e6_&6g~)rf=!Vu86?ZWy(Gb zlpl)Dj*ebBL{4$P?G(UK=!(Mg#L?cn*Lr+*5m0fkg6N6On+NB2wXE70C#yru-gm3( z2H&YVCp5gVk1~8S{tO&;c930!prR)#WbnKIP>J+F7CJpCAHzlNj%`(n10B#Q(ik{BU4o3w1dVMsDtzHo;20_|m!#{w3r@jCNSvJxJ%sEXSH zOKWiAr9o@q+zJc?k504c9gTJ{n4 z_A>W7E45^(9%Mxy`1SY}D<@990k8(Qx{9BW65is-C6COVp4K~SWRsH6y{MiaXMwde zB=YI^fii>gP~&`4a~o@tJLROc*Pe{pw%ZJ^!;P$1FB{vEH>y0rUiDjJ`lK#L0vr>T z?>4=8TAtnW9UIWgSkyXcpQ9`c>i?g9^NYCq&-z+?j~jnyG%)?I84VkwDK-Qws!m2OZ8ljh$T4UhiIX!uVZ?0*>z|7A4%m(lQFM#Fy@4gX~{{C~x0_~y1d zi8&d%eELmP4MwQONQ)Ew5;%3FCVQ({zcaVseGCBDw*NcY`MTbh2 zFWK{Pb!1rl{nnh&)dy}#i>{N&PU!IiXS88$^1N*sKaf!*%<~&AaBs)$RVlJ4KdWe- z-p#NldtO>_WrWAW;<)cIx%G>RV8KB4(6D?P^-@0Acz#zuJ5yJSnGMCgkv8?NyW&oF zsD+E4W44RYOq_M7urYa4B0HC#FGdj{lx^Z10dux#A~|ioxV$184YM_IT5kC*s9D7s zr9po=ubwhE*rHa4O)>UX+STTaiv&PU2*6}n?`>DcS*~kd(WJvj6XAR?xK=$65v2=HQ~gX1_ng;*&?+pUGP6y8dVqXEREux+gaj4@^TE9nWoXDR!4eA zfw)Bn`@Iv5Vl+(3s8W)O{0E_;MS8jAJE5ZUb#9H#vT|ujH0%f3qx;Ux#5U%l-P?&kaWu}}%Rrwe9UX=~ z@=-(!I0HohI%1mOEnHe;B$rfHWTB-VLhjUeTfNl9Z??YyHB`ZtTKz0E0r4v(u~HbO zTt*NNhnyk5M(9GYx^&7#sdfwg&SVbZ&Uf>N^six6-pkjb4?=NqPzQwrN&ksIzRQsR z^X2O(F&6E6-1-QTF7jMM!ai;@+>Tx=7oyL%cW;?>NU{%%b`-HcjvXoiBF|zyLRrM0Y?8nJ{$F1IPpJdUK)!3;kk`#CG$2a*2fG(1VL;v4my1!}bJW7CuxO6`C&cC(_6Pqq!Qy)1PozM9 zg&q_E&2Tk4-mi7@Kg6P93gF)^ddbHAL~HYxw)-CgG^`*oF|$VducXp{w2B$fo||__ znEapHj_x%P*eMxXu&WO*k#K0PMR7b|h~iLRh>MFGn0rzHFp6TOu;%UV5FvQcb1bPE@%9V?Om6UqlY@q8rrxo5&NVvj8XBNzaS~$E&v?=8u{ey!i3g1c?401PEcnr14qOU4pWR&tMl^O3`LrhrLX+zuH3Poh=5Mgru%hyap1WB2J58&m9Mql`E7Hj_3c8)ME`>?&yKI z6a0O|&!n9{=BNj<;0WgpK>qh%z8$IQ4Cao&o+pgILf`m_i9r7*6Xb3T_l=Uf8NeXr zUe1F3a?l$=(*HJbai`Uk-bc0&DS)z7CWrX%bHbk!Nrnsf|KY8w;!Y^M-Dj(*0Qe;M zb|v%|gF&nqbh0END?&t;E%u0cC1cUZdcI1}ub$bBKrr*nZGu}+JNr0iIR<BMlgz)Rt{2g#|vYC<9^Q(J_ybo@6D+Am@({v_}J~RaqQ9{|PKOfBBUVwQ4w7VX- z7iUj}J6C)`GtF2$x&EuGL&Rwul*}toAxilGQ9BMAGCIC&<=2I)wf5?3nu^giPQHc#F&H05~x&VyPGg(w8DOCJAWGLg`a1$)p*--3IR+o<@QIIDR``x6|Vw>5t}9 zHLwZW5nFPzqA-v+o7JdwJ-M}zmljOzyx}1T(&jGFKqGmB7qGsct!T;|g3ygY^=ZaW z{v~m+7!xh`00;sBO9k9HMhXpkcn(Y~0n-94 z{SKbcbq_B5vZEE-tWhH8MK8_2sE62PPEjZIB$APPMwu3B_X0>yP@!n>pN zW~a}_KnL2R2Sw_328e$j?tznYsk$Z^)~R8Cvsg2LM2c!o_eDM;*CD}YmhdPr8OhDm zm@c`ANA`9#GqFgC6!YzD2l!Po{AT<3`vWnxr)UHcVc^O1Pu>;jR`=T8k z{_aMhf^k47Uq;4lP zUrSuJ1QjXjD^0qk8ND^2pso^#G5V{w+F4-@UO2gcx*s9{1ntbcR&$^4%kPxmNUatL zt#thNZbC^7Q@pP~N+Q4C>%ol8@-RJeYFNT!+)Fl4zN*MJkUjBM!%3q)tCl5-5WDpa zdpfz>a({3L%6xTNwZPIaKUh?~bhQ6E{kW(`$yU~#C}{NoWl>W=KXHBU7Lf5}B7tN3 zquEuUYR(}Sb*%!)Zqztr)zmF=Wa?YYHx1tYjvL$TD}%2~eQ4kkt8<4(`-Lk&q*M~n z-zypmxg(4r%wdAx1i>5DC2Hh9G_`+v(Krr7BCA+7L?j63SA+%) z-rYbF5k`mvqIaOz4z7gkXMt3v;ra0`X6h4xr4&zu87sUYTdk17tr`35`O7xPSGYl; zCD1=I{%gF`V3ZSKpS!Pq+1vKP#dEu$UW%yJ)P^XXw=%RAW;L+DZdXXcZWl!x*{PH zrtivMz?CQmJzR+Ki!NEHHkHpOG_c(0M}h7M)xz2VI)q)7AQHgX`5 zVsHfJj)eu_5AOh(Y1Ih7s7_Pm@EO&-5SCa21nXq?G{c1F<_{>Dr8TuLi8OMYr7@afAC*O|p z!JMk0yJE8i+ackgwT`TS&U6A)pV=WOEIGdO9>4^;iv&^ya=?2ihIkKhesd6m;DH7n zuJGEY#&Jk7vpa6BsHIRAJP-1_laM@2`YvXqvXqH_8AuvUwuDBL|wB-gBA15`|Y zI35C0t3GtP=!tPzxn762A1aLy7{z<-zM-_b^0Pe@8IBEu!M$eNVMBIPD>oOD*rO3& zd9sdf_-yW~o%MM6T;Vt$-f&#tqEprk8n18;BJ6 z>M33Kr_I>9#(0Slio!cjIA2P4XjIwf@1eS-j=v5l+5r*0?d`y$!_~YA*CW*8faTDu zJ5}CFMy<~%vv!Q?-X4Sd-)(a{=+Js3e(X)ExpY!cI1SXCb`rjqgV8H4En3c-&1Soo zyy4kj@__0aeiSAaZ!E}R21+1ajS8jRhu8;cpB1P9UVG+#mfTO`lh1NAi7_$)ZcGKf zo8jS66_uLiHi6Hoz8U1w_~x+Q=Hq?Yfrdq2a(thSkVq9K9y1#Yh}N$R%LrBl&pz}W zh*r5+qI9Mf;tL$}5;`LuO;lnBR`~TSa$kkeiz#@U>BG*=15|0;DW^!GJo*hlwtH{L4}$ zjxpXEM=lwp=D4$R1(y3+A8`!I01rhGfw=8=Ml=R&SBKfnoElwWfNGj+w?1jS{n8T( zW(LVUGGb)D5e&*KauSckHiqn|Ydw2oab-Z`(UZ#Tk)abkWRj-o;x%gKlJI-jU^*&) zf9c6IBV&rC+M_BpQjSz%|Bt|?OB#cVRGY0C&A?9#!XSYAqN0uf-DLze{(OC3bpvM;q#*V*~>ddI{C&Dt4CqGk2cDG3p&z^DYw zn)9^o8K(fjwcl1j%KmJQ`favBjdF*S=`2%>g93~1`FK83b7go97bk`hXRX?_Jn#Ib zy0-~$ycXk>Kv6RGoVa`56)muC!Yenn41vf5K8}RY46s1<5(^Mg>sC5PzQMoH8_7}B zlPEY+>6^f7p44c6UL_2dl;i6N^}@@U)gci6HNJytBq-73>|Q4ky|5?kMB7$2!0pzG zq87NNFu_G~w~8c-{lr}GV+2b36y*eTUBlx`%f{G^Bz#8uwpeb4T$EVK} z(xh09VPsxw1^$V1zvbOd6;8+|?y%G-z%L*`l*bx0^g&e(>y3@KU5Cr-7q}me7jIYq z*n_|i*u$)NLT~rk6DY(eoYke`-7ohstN5ywp-tNuVO=#jQPk`M5BGBdba%AkU*I6}v_v5j5IyyTqp5GF(T4>= z@vS<**k=!Nk-`wfQz;7Np`ZM8Y4yg+gweZTjj0-!LRjgo05MujVEvP!nkt;z2_!+2 ziJ&Stliz)2%SQPbi0$XqZP1!DQ@ zZ2D^28jzP3tT*NEq)~f~DTnO*M@h^Tzqkfyy=5O8@PGuSt z?P=^_5Aw!54F{Eq_jNW@bdu7#ldC3e4ER6}$tksK9}nfZ&hG-fF#H{$KKN3?V-z`o z4n-XqMlb#Uu=kc>QFd+nw;(E^l9JL=5(6S29ioVUfPwT7(hbrj4bmclbSR*74~?WU zFo2T7&@l?kP}22Z!*$*9+}Hhox97vVy&vA~`sU^bk@H;VTF2UtWB=`5toY=o0Iy}% z;H5l+cZv&Ln$Xg-6B*4{XMPTn%A!d-cbp?vhj7@3PNK#%g|}^QV#4Ublp7woAil79 z@48Fux`I8J@|$vIBtiKE893}=^gu;)S}c$^fN&5hVe{aT^R6q|&@jV;`{+L~;)&Qp zjM_-qg2@@&2%rq$i~0LoZ}+8%|Hw3blBc?%AQdQxW`H!;CEf7n2+?>|@-mz8d?LtA z{*vx77l8$HNzt9*EuPJ5hsP7NRt+5-s$V$RcX5Gi4=H$^ShKAYUYd*aJ>=||U429RirAjFJa*T^ ziRSfcjqUKW)GRAZNeDQ`I@8Hb%aCV_n@-0{;ShJwGI_5GP1jF@Y^P7^7c0q;>JqSlaKl&d zt^?PmIdXI-B{eRMwEHPXgd9KFOy@c-=Lbq=O5OvXRlr|t+CoSg5};RZ8Lm4C>!@Zk zZusGxmij2UV77*8#`5%iJwoj=wgcWj9xUQ{61XSYBbR|gM8y5e1)9CBpbb#s@7Ak{ zP2RRUadsfQ@be)Jau;a>kyWSMJpiA`u8YDo+!KBDleniBKABGGVz}W=e%zCl6TOIbKB-E?fbcl)w-ozQ;#{x`n7ff$&KJ?aiL9UvY?`eI4nDXV^c zt-^3{zuy2phhzSP^?7#shV60wkq`d%lZ%JDtK-6%Y*n#@Pj3YH^iP%v*QGIkgfY!( z&Emi)SZYxKp((TSaeajZ_M4^!MG>}u=ISPwe@m>Bj@H;I@g zz>ED=^1ctSQpgh6n^KJCE(JHxQhBc>NS8NC8Fx;lks<5+eN9tbo-DbQh%{`wByHE% z=PKQ<0^R~gv`iJUIIK8xnBGR;P2JZ?lXo7>cx~DOk5|mcUBE_6a2q`*(1l84i<1T1 zhN*lSnkInK>BfMp=TApqr_zoz6?t^#0|douCX!ipSsSjNEXbM|TEINw1k@Nni10=% zF6XA>ds=pzgkJL1cZ_0`9MP+-yrQ{@yAc4Ion+yOuohE2Aq7%8H0^{Ze;~#vlqJ}) z{XB%y%J>2T&Jx2LU?(+ni}YN;%gvdLS5C$OK0ckT=WX?8SYJaf(B75u(A{5HOw$IW zv?G<2JI1NLo`P)>jPcT!QE~$^J6xO)%)I=Yt$uu0?U{QtE)0t2?Q*XYIFmFI$`!S# zyJ&~np%*E(IM-SFXviGji`u2MM-$l1Dw!1)*Ho;&zL&L3Nac)Oa`t<>;?+?dw!#F# z>|vI?G#<#E1FlGxw%2JkLx99H`N&dfp`BR@uU6oFu$Za*)H<@w;pV7R36Ik#d(5?6 zypBC9(h%{U$7BJI$pDBT|HL0a0eRfH_H1hRU+37(XZ#2A!6MBmv_+}>H!S(q8S?=U zAr1~n;qCkFp0~|=X=S^~e`TLzE zcmSuwq$%6(pWnVEzXYg1P4x}K&uyJpO|hnXc4gC-{MJ@8 z2Ip!xEQ_f?L22WHqt0aT10k?dTHG@WosF;ZR`3OT6}z^h=^wZU8BMe~xl>#u57rEp zeIKQCeZiOsF9TTe5GPW%S*F;#D98*w2jq-qmXgWN1lCp?;!1?k_{#rQ&(a^v z*&fA0NIk;kq}Ewd*ge?qq?Sd0$?WLZ}Fkg^|B8Nf5>68*6fSp<^i!CDNqAx3ixXcH6ZvpdqY zi^qONh`h47XrufNhS2T<-*OoZ!7tQg@<$oypwTu{ z)4RMv^RK{St5$2|K)Mym=>WKZ{FX{z@Dkj)L$xI5JSC>IkvHMzI< z;+AT~1&+Wwb+gFuG+$;)^rqySlvN?B=+nkk|ctA5deQOt7V73&*c1MBWmhbRH zdkqIz<*NVS!^yr>n`wg&9gXkWkAm8xghIb8FPceXzMu~Pv=uV#fUWin=!fHDArAoa z;gIowvYBszDa~6X*sa4GUx4@SJbq!U-LK#spF@TBj2B$I&y!-)f1V$Gd}l-9&8s_1 z^d#}-7;JdLHiOtbScMcY`X6s}X-9bLXais;Kb1~RYb6q=2zH;7L2g%Tjt>;(NU*H; zN04l7ePb${rJtst2=o>n!E_Kk7gDy_$-5uC6P()m%K)WR$=jYXnbI;EYJeiGwcaOA zU%A=x{-~LpG92SKU^4OC=@+4;{>Tyxpu?mr0B;U$(yexDgyRSlqki__5@+vz--5lW zlF~#>Yyu@07LfXs&l`9!W{Zve05SBiFWd(;Ku!!SaOcZ2FI|xtynG&?hgw-ms?1hi zp&|aO4EA#Nq;7XRJ@z7PE%lympe#Oh@{SSBBY~dt6!=p3l%$DHGSBObjZLcGviDu8>wU(gk8$YF9hf!Lyuox--z{ z*5RcnZb+zciS*D|kae(V+*py$QG+Z%mnCkkPG#CfToxFr%sr^G z5GXln6GJ{~Rbr-p$#Yiu6gUyC6Kn!y?nXB@>sLQf3@P3v*$Tv^lO4)b-NuoLt5+gv2x?VMF{Kzzihw|2nqp=I~*D+lY%Dwnlr zhI?3O_`b=F%d{*5=7tNbWItpNbAk^!n+clsmr{>iFU+PMx{+|Qxb(?Ib$&j6`{a?6 z5|ihP25+Vb3!wXM?aKVp?*_aIn(s6=&^+287Nk3{ztnhg<`@=@zhAh z;^m@5)^R$oeXXSKE)d4QukM3a4r)J1eMekcA63}d^+Dx{ZWI{_Py8V_Glf&+1np5d z*D1xQBd6S=?nwuiG-|GEr1S&Hr%LU^9TgAmCa+ViT_JE~!~DU9(3-r-mGP?Uqf4~} zNO0ro_W2aDv-hO1>Qnf8?M_xB!2pKL?9dUuAw;{Bzjp5i*^|}QK7kQB7_GdKoKF;S zR%c12Vb2O*c6!pSsE;saBfk8cck_eu0b_O$qrK~r2LlX!%m!kG+XcyXY+mzf>x+%`z_EDT^ccnr ze|JeJ)AM!PiMHY8$3J=P9ZH%HtX1sU*ApI`ItjnwdHdKB@&WQ5nbs#-(oM@jUN+S& zF|FX?^WcmUvC#Q|`+x)Q*CHXx0(ah?a9oDygDoc3`DvkqVwM1*)WHaTm}F8LKK1I` zxV>%?4FAaLRF1T9XAFn;lR2r3@+?4!*b4q^5HP!%USF^FJep?0v!+%yg=x148es5w znbS(Y=6bX4b`wNQz16c*x64?x2utJUx z8^bl=5M!CFBMJJ)TjTZ-di9{YnuPaRKp3bjR^RN=)#Y$NTS@Zo>F5f?iU6Mj&cdE6_;OI0n-TyBE) zT3>;lBBSX=Zrc5DN@%+-Pn$SXi^4Zs7a?jH2g>12$z5B$ygO9R#cG5r+U+i}j^MDZ z$1yVv$Qui|(vx0P5sh*?;o)V-u#U~AbSh{=pm`?yC{1qQMzDlRSi37tl(Q_#B+U0O zWM>!l=>tX!qP+c~%#OW#0`+h5px}KE}P;1p= zmF#8g^|gc;ergQ=yVX9mXzVea0qRmE{bottTS;uql=E(GvG)P`MWrP=1hV^yaE1EE zMIc2=Q6RwU+AQvL0v$Y09}qWw^(FtaO92Q9q;TDHA@@s+5raE3$q04tJoZ>=bi?|u)~Y(|LZTrbINQ*Ty#uyF4j!NO#ep7eD z6ZF(38lywuV%w}VLh7dE0%L%|jud2#928I9>`08u8t6JKTHst@AII8A6#(JLm(I4sj!);JAWzlzTRz0~CNG*f< zraqIM6z0tISXk$x8GBXgs~EXXX#J~18ch3UA`KC>>Vwtr=tY2x7=FMq?IQM%*VXon zs(H+l@QZ;~{gzC+S)Bo?(>Mh>rI>zEX z-bhsoRkW&bp~}cWr#oQiNDwsg8YNHm=6w%fHm{9SCJT`@;ftq$c?qDV@|3~?b8MkW{Ebwz z$WHj(l5`Y~AEBz?E&4Bh1Zrze^rC4z=yP+8U^FbMR9s&JRfM|>$B$4(#Z(7(1ZEx$ zslT#583(!vaDP?xN*`OPi}~vuSac#@NMu=5GBiL**J`5BFDQ|i{dae6KPE|%temXY zuI(~g(fse9nzxW~#H9zp*)LfW1`q_Vq*OPulxHrUi%&}yTa)VDjJpODW9Dp9xK5G$ zHx<$m$nvT8@!bR0211*x`M1i%*>lwp(f-7FYrUs8i0I|Jpj(k z_$K|82T`JfsW#_J_y|Rz=SKyQwCJ!p@FJa61!G@tCvd5|;dC{8FOPI%=I`T=()Zlg z#w(jLH53{3=gG+C`W}vP{bVNRCdYkte4XXDm}GolnN-6mZopLUSqR1Aa1vDi!bzyn z8Sev}gbLr1%uEO^`nrOh1m5*{X66}G!Wg`?3sg_Xjb}UK2iRWvTGT5B7ET3>ZQ%jpXTvg8 zz+*~}nd<$B2xT>n{#sE=B<13b6QGBxoo$M0M1Wys>F?tV!D&R(uOHS!?~X3oqXH(6 zw#uaSlset$jX<_7huzb3>Jq1MuNj;F{Mx8P+*}e{$y*^p?|#CviO!Qkwd3+Ak?oD) z2I2lv1eCD&R#~qhh>xg3!@i2Si7}@kTx5am#*%K$W~7`2CHHSs-{KKyNZGTwE1{(z zzsvl%j0|E}UQph3DUL97Sk*SJ`zrGKRoo-FBBi|=qd@6jZ=>V7;fngtSOi%slrBgX zrmj%gsne`>a%1MrUIh}qO_3{6kTmrH(%Q~QFK%$abnY=pco8liZj>+Q0!t?n`b#K9=dZMCU)fITJ)$<8rO@1mGrqeMmU+#Nj3&n6?93@uJ$w zkR63X6W`a7PEH~HzWO^((hGOy={b8MX~^{bBRQ((N6-NDc2_^)VMf;|8OkEVsf!L* zQ1E*CegN0ew70)$cIt#>`8y)Nt3?j#=6dwNfHcEx$jYT6UnE7g~KTyjU>=H zFp=C%$`*PLf}E2YHC?p>y38hm3~kP&9FVT$AURO2wNGHJX{jWopr|6Y&#cthk!>67 zCi&VYFnXKQtXoYt85}}6dd<|o>Ifr7>;c4spMY4}9hCckQ8I5INTi=@pOw>1AdA^E zK^qf9x|uZODQ>w{A%bFbrgRMtQ@V~CQ$-{KWd!Wn!dQx|$=Ab$>xQ#!D?3Oh>|AeB z;{=aqmbFCptw>Bnsk^D~bg!GK?cr2`3px|j(RZ0KuuP#{cNEPk5Da7_+m6B5K~6(g zNm$@6!218YLHisirE%e^4SQ4o?qs8|i;auF@iGl0pdv0?DE&V1!dqRhBJ)bs&-l@KVfP#s@;>}XR zm!bhCXL}2fEBaEd+b|b>yDKmG!oEbeO*xCaqfDxwYF((;HN=RL>xt4(bR^Nq(i;*d zvU2H366IjGWvpd|Rj~XK^AA}UwfIj>NKX6^3Lq$A?HOi z`F2obp7AJpSkq~&^xF|qTfIYoN70mf=g$TH=2I#7ku}~xA!;IF@+s=RV2DM&C>s{2 z0x=ICPa+99-J5>prOwqC-Ub3cJ|We_JtZ#?i{Z|=)z8z!JL0P9uHSuq;2AaMLR7v9 z=CjlI!wTv%!G0rgU`k@3`Y9uUwVI{U%QokPS3iR%k}X>UiCVsC+brFzN*%UJ>--6R z*Lmh8;eC^(FSJRQrS#nv9SGwfYiyMv@O7`-l83b%*A~A4D4?)LUCq@tw`M;~YHL`dPHX|C@b)qH!v&&(!WViOLV`g(*<_2LsR8jp@BQnjFoh#v@|2ie1EtKRr~kD>uL=~i{YMTL zYO@r$?qa5M#|_HW3uE2tVt8zAuT_APl(*@RD@He9sjSG2g7Me_k!;3ga~(vG2&v)G zp59ErWudE@kVm*+syv!68?M)Vx##6CjzadVV<{7R72X~sO9@T})$E7mtEqmi1`WHa zN?WD3?Z~&v4Q)GUwi~*c*COSr$+#C#A7jBW3g~-%%c-Jl9Zpjdo_((1IKa%NRDvsb zH?i+30}T+^$45K10BYQOqa4gs*#l;21h1$F-Ax9kkS{9m0s71puF+e3i$tpW(bbK( z{TqxM<9fb#XE+^Ygx7k2hkg09E0#Ia>sJh6G)eq`nd;bmgtUIkdTQhZ=aEeqG+1M) z-~YsA7iiUo(9fis= zh1&vp`@?f*`cpFnQtwjzyU#&#;0n1E7{LBYFqrun(+7_MgDT7T%!13amft@pWB8DL zP56f!S#2N8!=X|gTSi^ydCgcK-Q$v)HztQaBME=Bs-go+C~rM~n-mN6-A+_Dku)>D z*WJzp!6Ta{6y?c*Djy|8##tVM`-C;C#@9L(X56s>nq;D=M?zu*Xj!xrn;2ep+6wWz zLK`m5)k-3@<1W6FZ}%)o_aDEkFZC@U@H0$O=06e@KFLU-@=A8v&p~5=nc7Fjk+kPBiq3AvFsp@plA$M?Nhf9rAG+j=6fi<7rEIS4O(G9FCU%br}==QJh&y9lh`Lu+2+W4CW5L!`JKisy&60SFFJ}e4Hau(XTKm^(vE_ zB(c=c6K2;kQh$JW?k8Bi-m{G=zG$w`?(wCoo$wgGRR4YaxMGEVl&3^}_&XM{ly^`V zd#R>w+QGn^+tE?%U}$Eim82Gk?~7qwl}XupfDfAtwCNhhxDz9ZV74U(CT3 zp+8;9Thu$A@r(3qzI6G~kcBU5E^lu|cgK}l%%X(}KDp>EetH<#YTsW1kPg?UCPLwz zcF_-m{v~1dI}u^($DT0+=+YnyF&+g?e;sN}RLUCo#wDb`&dO8e{RI@jK&0vG0|PI7 z6AVdp5l}JMw=FL%s^G~{8@Dj~sZNsB@YQS)NqG2jIEJ%CPhT^=;7iv(b$J~yt3UIs zu&d!lc2gH=Sv}WZ#!xi`1KyLQpg_JH>|Af{hv3$!3J10`euWj_S7bOc|1cS!`nkk! z<=pQ(2$@cKSTTKy`M#jVFt98dT3SFhLO!l$RGWMee8k_3EuR;Fet8V8U!E>>IJQ)(+%Iy^fvWuNmvZF|lrt8ZK0K zUZXfn5f5QjRqpb*|#&DLgm!!7ZJKehuqjw1IGK)N%)TPHsiCo3O zJM=AH!$!LxEqq4)S<+u!f)5qWX>NrCk7dM~d3)~)nGeQfx^?V)F!NS$geI3+`}#^=QP^(Wzb;_f{XgvI1n0b^B+X4>b&B2rjCa1K>R;@o;BrI zz;uMqM-3+q+%LWm{w&}xUIMu*eyiMf5DK$#gcRUvIW z7-M#r?^0jqZoZB96k}o`W8#rJVKr%wDHhrzq3KR;_eH8o$%+|^DDG6@RbUsQQ zXzqC!MB%XREXxC?{NE;=%PjU4H_a<`9$PMaS7|-`-)4}XshutNCP-3!U1VzI$|b*X zUqq{K6wP?TI}CZ@PG0cX31YMfbt>^Kq}M%6q>jCL78$Y1`686M-I*a_l8jqPAR0ab z;rr}*_S^G7RS$baI0d4DE?srJGTD$gf27HXJKxPB==xeRM7mwoRSj5~j5 zqB^b57D~I%(rTUkNnl9HE^(9oX>9m|ImSBs2Eeid-F7x4A7*jO8ZBDa$Wbx70 zZQ8i+zL<67B9AeMIwK$Lvx}-*h!gR)0}(m!9*GzVWYD~jH$qCx{RDrM-w99GNe&u; z!DHapx`?N^Gw!m~kk=9Ge%kCyF<%8WyRBOMKTJx0nzHCQ$*$eL8=r1Q;7W;%=&PTc zqmjYPF(r@n@!RuZJ6<)_L)^n`zc17b!Tk51Z@JzLFgcpDJUaDyr&safQ_Eh_KwuXV%b^_IaePaQc&=%vf=psGw<6O)n((+nM2i< zBN*-SwI=yWhOvfw8cM3MC)pMu{+wlDZC)_j<0tykxG_$&wz6gHb&`wd)w-?8#$dCC zK*FbN0e;#QyKB7hO%$Xt$o~S$`9YAA!#OAMMbRztuF9N-qs3v;R#F3aG|PtjIjN~l zH^fMGuXzi&vxk~|nOfEQHE}E3Dh>8X7o>`*vRn<>b{w}DkbR~MX4G$8O%2|;-Hn%t zA)$e|sU!)ws3ZxQzJ!MetGRJR%6%hzxiT`m{h*g>>Q9HOPeoEx74d&@69@F-hFI&! z`<2oC!62Z_Hnv1>N*OA-JKI}={ZVHy`TK$aDlK@u`Nl89Jc~B|-dDk8G9UV##ftnZ z_53v|CyX2mwe3y3>c>Er`sInLEotYrqqs|db@dw}OMR`b!T13~x^DUZwoJ|zO94K< zre?zSI)rM%j&3krinBQZ0n$GG^>@{{#mZ48!7hq!BWku{PLp%Mzg{Du{k(t?KZ=z^ zG^1^-%Y@cOpT2yq1MIWynjin_KKtWuhKK@Q=5S7uhNy0atnh_d)%5!DZPA2kTvw8^ zkfs{68=rHOv?AaQ8dHGTTD>mJl)K|+E2X1*=c+QvsE9zM%PL0|O<3+j^8br7uYet& z)9Cx+9nBx#RR=D2_Bk@Zjp_V2_G2R!iYlT!?5&*UykLDh(FKvN!(IzR_T=1@0WV1xz<)poDG=Y?h3~|@Syr;4S-&wzuD3@c{GkwH zP(NIZ`N(iykQ%yC?Gk;b@uK@}(YE8Nf7%}6qyq}btlG?ynTWA(Z9R*qL4q80s>V03 zzsVBXKAod~lO_HgQ1H(`|4o+okKOHWvczBRM>uurZ?eSSWQo7Y5`U8={%YF)n=J8{ zi|C)X!T+C*-}=NfBH9N;%~~t|9g~)zsVARlO_HpOZ-ii_?s;8H(BEU zOR@xuB>qv!jBeCGtpn6QD04ES=d4dOeDBqvwo6dBkV>gx)6M4dRr_GD`L}-+4b59% z*UwuSDb_>QgdL+m0FeILRMU^8;fuIZus{r7Qz+qty&wSrEot5qkDJC({C%_5G)*aS;P#>6Bk!t2hN@&KAh z?IFqS=Fttcm`G|6c^AG8a<`!s+rQY4%0QQQ#eQ?)oBi_8r>SZZFpg))2O9FDIu?wO zuX@dbegJ1P$&;Tpmw-bm?M6HJwAZ==bPLGiYu+w)r~?kITPTisXUjnu;4fTzB4Zy0 zfIf(ZqS-GOq3erR$HOs;WaGbTgLj;neTPB&GA`y^U@wD1t0mEM|kPWvtL;Y z-$$nogzfGv3HJ{Ipv1F515Xgb+UV2^NI0mx^xnkVUcW76pHtqKxpdu8E)`=eE0iIh z_WX|~iX|&(n+!S;X15|LB37SEHFT)$HCC~CtH9F^mzE7Ce@S*l0*(P?7!Z_g7r9Gh z07@;<378YPV()$=#E9|%*W#^RFg-O~8j96Zwd}tUSos4CZ~Zy}$%ruES?eO1(Gn1% z8J=wq%U6tlsUYcT51S2j9365_8+eosVw>XnT>xte25j}>i7mN++mb)IR}f2*&R_K- zPu0Y`PSFj?3Y_&gB{)$I;OjW9U#ONRxS4tm%G(Um+cEUtM&E<@vYPoRHymnB&$c{d z!l|2aVzKaT@R>8-7mKQ!lD+}GZrm7D_!ZE~ymGJo-?0!t?HvN6FOOp8-GMc)1JV5~ z<6QwYc>yW@6SU|-gtA4igYy=(SOZ5iQQ>b@gKlf-YUy%Ruh(45B2nZ{Fbu)WCb`l_ zWV3VXH#Mx5I&E?<16kZbGJPF6oL*x}db;>{sA5vltz%omh%`wBC3P+H0$6?24~FmH zTt=5X0HR>_#YgR!`8OfJt$^seO&Nn*N`A~oALcF68Ej=JI}PAD_aYzv4>AOfumQVE zDm`S;-7RHrSaBtLz;F23^E$wq>cHv(r}vde$_Y461l*)^=Q)2BuF1e{c~tg_!sXjv5vWgKui4rwZN5@Vd6)=c|(yMy4j{H1fR;Xib& zvdSlJT~_gyPVRjocmTA&fkaVz9in;#FpxbEt1P(o^Flf55 zzCQ$@V{^5|HArh5ajXOx>_*T08nZ|}{t2oeN%fkNtY-=&?m8%U-;E9gbFKCS4?#XT z7*Z-JFBcMFeqdkBYlnSkuV>|5^8Fr*7(QoJEWJq2bS82NaHoH79jd;+)k(5J*w%Os z-6^*FW})=M9{>~6tj#tO2#iu)YB1ev`BORVhFFWo#+)0J9LFqSiY$2%aUIh9a4Bt8 z=MgTu9Y$a-VCh`yQ{Um6SZ35Oe#0+Q*LCN^wT96NJ^u03)QxXbKRNrIvC$Ac{c~u2 z^?0{CZmC%Ng@Y?o6^u^lH1647?crJm)kG;HSlw`d%RtcyT`crH>!inn=ZFho#)62a ztzzIj@k=^*A;^$@{2}4droHj4x+FS4J*$n$4>TddybXcVD!$}&JpPe+qWHLB9YE3g z2D$Jd1ff?Lv=YIzkdiGIOI4C2n9^W!GL$kNL~yO(C=Sm!hDie+6JrQh_x!>9zC|Y> zK%#06=zN#0s>uYi(@O>VLBM8JpC6dHLS3NIpMkzI^>qK=^BJT}yDrzdm>_sBC*(ls zsGgR&fo|mb+1Llfr>fu?Uw^zxA*pR?iMNfL3*G#2rI_*f)B-iXowNEQES5gCVL|(@ zQ)TJE42r{B1SaoW?;S6_eE*{6kCOr&1#hQ)3%!&sv!jkCQ6_%GI|~am;7dy315BK$ zPTTpfffq;`c_YEB`}8(;a-#M&aP}qfCvd7c!=h$qgKOoD<;aXT*|!pKmIjCW7)z4v z$@qDz?f{?^Eh8a()Ew{FMs9IkTollRmcJDVs<>lpg!l_ zzQx828Q=QTzL|q^FcgXozT_^PW~z#ycR$JJ<(pVhVzpCwUipe3w>m|UNcxIG$I^s9PA5S3%z4XGDZt9TAJUOeWd*7HPmla)+?FOPj&v*G;?Mu*a2L`dv4I-LTTr z$xEoWb?G*J_QxRPaFCrINr>Tux%lg2M%qXEt)oQ*8uFWA1&L=KGSPP`mfhbExn%d1 z8*I+enA$%g|C;G{V72xmGIB~Boi-1$=`x?5fbspJ&T@LLG~b zj%3N6H2wN3)0r3(ZgLiQ)#Ev1#>QXN>Pgq(#K97{p#hgVNAUeyyW*oL5|V{^-iu5| z^Z0Fdpu~cq9_v+`-{9f_vF3)~JBTJ$BiBP*CD^=aVF6jbt6;VT*&TEPof)DL)ovmA z@9YIyDUUK-a+JvhX+r@a2YeG5s9dWVvdZdetw>b}b0XO5dR_xZ;j?>L?Ag+pTPZF< z)Ave*soS;^ZXXd%L|Ve{>fM>X)4hr^m+jaAta^9@Z)Kx#8ho35x+Y}XN{3)MT24Sg z()MJ(-#-tPK2tim#QWO$e~nqF4w_!VrC^K4JRrUB^Gdc5X;T>aYaf5TarKgnqIJ;e>%^JiyzE%W$i%6pxW7W{&}^9g!6Ydm6i|lS+noq!-pwm7qFZ__k;scWnRHTrs>V zIBLJFl*qBF4{=HHg!OKy2VM-0ouDYXJSRVjuVqY#rv4g4s>5`XXaOC&Y250z9IW~K z-nm28swc9Z1q{?x2@>D>&)48Kn}8U=4M5l!nwK+=ET)|vxjA9O@Mx^kf~d(_>-+|o z5WEPHo%!or(KZ)bl=aW&uqLf2$=F4XYp>#8J=@Y@k9iwGW zH*!Q<;AtzkiZ637VWkx?53yTYz~-7Vy#!ld^FN)y5fDFlKgFtf@F=}+BtyH?pQoyf z1Iwyl0O8x}iB3m{*keoA8n+%z=ao%8H}vdOf2q9hd$_aRa;#stS08h`#9(i+i_w&} z$k1@)2a`|9DR9(o9xv5*!S5MTJNnB@;JFc={tmMsAwdOg`Mes4@lbCyGqcn;+Ail$ zAINZkazDwI#>*JKDzj%KdvSdbLHnn_(*Kcua;ExDmRHFJKPxLt%yjZmn&Y*~>!+*H zC7;N%o4z#(H$@&=x|wNL>TT^J%OVeFwfLdgTaxV#oGlI=1SZ}!HDf!^^d&$QUM-F* z82jHNsF8JJP6<)2ME+op$<*^)Oq@s`1ZKO{;IY0wQLzEznfnaz3{VMr*d*fsMt;I< z%wjKt6++y4CHe$<`{_u9v*@6%=a*Jt%3Q5B9-Z^M7L>ETjKHK2WV-xVXIJ;>d@@gtpb-E=q>I^C*%Dn+g6U zN;f9dr=XLGyJ8dMn`Fym1fPP!js=qk>_=7wb1vTj_V#MZpARhicN;@VT1=1fSPCqh z8QVqB#kEtL=v!!^7I(Mk96yACqA(NF-YqVwpIc3SFD7cNWt**A2&sbPWE3RdEx_a# zcE_7Xs%jjkuz(CWCDH?cscMkCFfjP6hTEaA(B=(q_>Dq0wX$2V(lKz{9F3a!xc2xu z?R{q`e@_$(AQIja9J%)-cc);Q3nwA8yUfO|=K@4csai)r{O;Fpa=bFHG5`QZA#kMa8+eh@MiTb-{G-Wc~u&-k8c8Q zf^M*xr{EICeKkP&M^aruhBR>euSRr}FB{_foF^W_tU zt?S}$zq7?sWb5s<@->Af6di+C2iSP){ZU>3KBZM1?(q*+f$N{F0!s@9$a_am@@q%q zc`UdTW%lf*T$zuOrQ;AiAqLj;m2+rD^mCL5@t4a^++OKlcMsz2CM1?yY9c}S`Bx>& zmc@5^D6=Gkr4S3h!glYAsLq)fvX%wyckJ|v=Udp)6iXyYYU`Z*RcCCx#ydT}Sg>@K*Am-~wQHop_j{jE?R0ON#3?|Xyj{S( zO3#@gAXD)mHZ@)~`z`JreH&Wxn(XpjijlnZ-))6g;O|t|g>OZ_Rb!cZ9j{ z@ELu1L=@rQ2-3g%u>43$tyS#`F%HB$9ZAY$i)?AHXDwptQ{lwRVUP0kL-WJjB&XfM z54=>d0Ov&l|HBG|Rt8p)&IW>l4-e011DW(&G&DGF@+nLBt48nyx`@9?Jy<`d-1_<-wi9kCn8l_bR%*G9XVKb4^*PkmZiT zB%%`~z-jPaE?dF7ev6)SJbYZ6wh3ol{>=R&i3etuEah22Q`;s^z6rjdA2rr8CDsju zR0+5*NI=7Hr!sTjJUB;mmqNST1+$M!<-H$GpIGw=rfeL;67_Ih&pzPRx&^{v=jUMV zBrXRw^;VaYf@GV-$U2H01?Z#pfIn;X{32voxtlCh6jbnrn9aCX=hQRFR-O7xSc{S% zPs)9;+<(}e8LJzZYA3YOHs657ZDdhW$X>eQN#;Ek%79NU43i0KwTQw*9)~Ww2=6{> zZ#M!r#a-&`rp}zE&NoeUp9Y&`b0ZIpwC;B0NZ8EVukgFeBJ1=0ABje~8SZVa#+2C$ zVG;%mk+~n7#(Qf2)AA;v0z?aw4OfEZNJ)xZ%om~b%pFywbF%305zSFyDM3?B_1<N}rknu*^0ohUg!vK6?u%xp)8MJzE@Hv2R?O1KmY(#yl55*xt1r6I zNfZFF|4u};=jacrMqe4kU4)WC^JuIsa*2097U&rQ0J-5V6h1?6^k$1ebwcf1N0@n(1r+DT$MdqcdQ*-d`yH1+2N=ucg^@p!qMT@Y-yAsa7F|qOI{zR5OYF) z41v2p)~-yQNDhwONox7I)T}>tLQ)vWpb`96>wo0AJ7H|VhGF~{OOypj zQ^iJ!cm8;e-F~xdH$XG5$l3eP`l_{!N8+^?TFd-^dkZ$FHdeX zt4R9#{bo>lQx16k=>OCHFUt#|-~$=D+CQozfE1tiwpUzD7xUk^wcG}f5_hCB1^+a%wx>(1e(0v}%nC_nGBmPwoE zNXfLJ+La9kTM~SHRLr<(&p);@CHCDjfF&PjR-DjTTftfMLz9|8jJA5wM7Ed3hm%OT zW`fs3<2SG-6t!{utmQLYvfGqdDgHYPzzYjU{m9&Txs~+MU#qv4xpT}xuHRhDt%d0X z{wO0s&9W9fF_4pfP$8tvd%t11{4$t*&o%r{(^5J|m4)-J2_TrnsXj;%ctL?I54U*y zjIteuCwGHusZWx$QdNqctLh1}3DZb9q0s_|W5O#}NvwWv;IPAklLTN-7BF7De*-0J zPpA1RVi-JdrtK?s6To38f;*cb3yp~Ty`o8if-Q8TuF1@$$a-Pg@!@Xepzdz6xDL63?Q zRuh2KYpU??u$|&6wKe4&7tWByFnATsbD!X{DL@OlG4J~>QSFs_R+@PHJmkQJ(ECS?4CGz9jOG0_Cz!OGc(CNZ+4Swmdz&#!l4{s-M*%D z?sQ2zN2z$I_qmruwzQO&b{*UL2AS&2eSDR}0_dJ?@D7lfMoErT`FcBS>VV`{NAcvu znk`P*67svT=2*DyLxu7?PnK2(7a^w06?JFZuSAS>At6XY06uvL>g>85nFJWD(?U+4 zE^rDQcS8JTpKn!L`fq;Yngqe#tMD0_EQ|hC&Qg*K4$X$9k2MH(aBAyxtrUnHwqKw5 zGBWfusv#MN{3hAd9QiXjBI3L97hHrs{hzYfY%&4BeNAHjBxB`bWcmhfs^9@ zX@wsMAHcSh*_WF`r%>RO3)u-ClR2563VHf;)7L?!K;@yOSo!2pm5L=q{N(8c`XnAI zzwD7N9NQM>CU(oRDc&Rkk1Hng34x@dTT%afpiUnEa!s801Rf76G4EHD8+Do~(gOCa z?8%;KcW}hM?gtf1(g>Tn5kjzJNu*0F$t%mX&0;Pp?Z-|E2w1MK*y%wBshl?QlYCtfsO{CA&w;Z)N9@Ux?twEtLXz|B6V zVD8CMC5(3y5(*@o-ssa0>KpXXz&F-v1AKTn6;z*`#;IM3&k&xtRfLfn)m@|n=3nWw zUa~?LAK-^&dQf(|4*&|UQ+CYp8LC-AEz(_0iU-F0L0{pjY$+^bmeS38zQ4vc5FpXH zdDN>Z9&lCB%s1A!(AYddG{Ig?T;x-X@Kk6Kb7a#hk^fEpCFD<^IwOs!J_InM|HG<@$)ubqFF4mRrKdKuQ7%z*L{A8$5^J z%i<$=jmcpLdt+}y%s%?<)U_3fJjoK%t3Lr!pdzZVH_;LRem?yt;76Ad`M#A(_Gd6o zcaSAhitPZ}+VzAtYhRf<6<*vKKt0_-0UK#dSALwamBa^*XLMLICx{1 zX(P?N`?m3cNk%+eprN-#|MRv?p+B33J$`5U%Zknr)y8|?kpm~ar&^9AH(%ZwI+0G9 zymnZ1V41X%>>S%QasW+_F2!>^K49kbYcvt_Vre}to=vrm1}XVcTw~)XDC&`w zb2qrBXpm*DNk(yxCGl}e%4?M3162VxpWR*Tk4I z^;}AKr}}CIy>#_@c$%zy0|enQMPPjaQ;jUxSwjlcZr6TCt^L>11l{iWnk-y!su z{!p8~LrSMCU9Rg;XHdr7-(4wJie>z7d)vERe@Jkk(;Bz~5)~vapy*$=7`FIHuZ9`; zmP28V#uzpCkbzRrsQUn?omSs1uJ;?9*7p@_2S5kLy3*w#aF2tPF9IPRokl3?nIW8?^}tq7v0e;1D)h9Fl#736k2!oWWf`EnAsL zjTv9hL-KA{^dxqBDGwNW`Vb)tucenyk$p8CD4~{4fwOzuD}|@7u0L|b27cG>fns9zl*o%|fMN9@wMgy|-1(fl zW0}=ai3cA3;O^0OdaWvON^vwPW2H`||H=WgV)5#5ar#Bs^_WW--I5t7UY)|xll(^^ zlYu`^$r*+^qv~S@n?-*5Urnz?Je&CGe>qwf)Nt5nv8l2?Hr#tM;2K%3E;4wU8Cwuj zc(s#xMaE(l#OM{aM!yd{ocI`W1zSm9wUYX5yWZJVWFM|^>h0a?D_#;5JNE5z_?RlHG8;+9Cg220+V5ie3jab2;d%P-+Nn&>KHG9K zxEVG$IJllWBk^uJR#Lv9v;%xZFQ5=^I z2dw%92d^zS^Go$ds;a^A4a@@$3;XPSb^GYHJNU<(8oZXHTpfP2KKS=!z0R+KYD9nc zkSR1G-Gvyt9h!bo8u~MhYQTnh zhbQ^Id_&E!pCM>82?{=sTm+3{oyyVB{r!ExBix;--O<-hUNGmB-H+lWm-A9Dojd5b zSKm8vYT&RO{Z{SFZ$mSTX19Ku-ST9u`OtpvQdX<^#ok=#AccSOi;289 zSp}~pl>esfC`~qX5c+UNMKkF1dH&Kv?0o9ven`RpY46(OncV+4nsVthb)w=h>U2~H z70PuwrBWd@nT&|$vdwj3a+zwKR&=9_u#?=%wqm)Ak>pZK)UfPgO2}n%#Kz|Kd#cmv z^6LEY`}g*eN z_XIELi7uFnF+8PLr7%g#k@(KMd7zEHztsgp(Do^dJl-)oMpK=yS?62MrfA&r8mtYJ zG+8A)IuQmP%8QI8f555MH4+1y{UieWM=Y2VDG3YTrlgxBr|@OS)V=q@IOp*6EmpX{gaBeOt4X{=%8GLRZnPX3=EITR#%rq1`7x1nzA^wPp7 zF{)868SRg}1M+rOZI|@8UFpjZD#j!hy_=hBdES|N`2}ns0UiZT^{6`kqM&ejvBA;u zB)(&of<4Xwyd$){of+S`7cX(#sgF$KkL|-U5yB#-mzX}lu7P>;|aHU%qWQN*d z>~OGxLR3mPMdmQ=aoa+{+a)9_R{TQew9tOibpD1WmfcU!JvhxGIEpONFrLHx?s`>% zTYLrVsbL_=U5a2Yk#lmKrzpX~S$v7ah~O@x4a`XmVpi;K%dR3^QQiJkxIo~|yP<#f z6YO7gJ2E9=e$yc$R?MQ@W4tV}QQ{4xz=ROqt3j2!ea0Fs?;YX{s6>h{VU?;H?bzaHqNQJ_SsoOz zmL#&Yt)#!r49T_C6{lrX zbdq2_HM=0odP~!H!9z&}ioapV74y8q*v-Vee#-B&C4`VTe$z=kTwVaK_#n$7^DEU>U-cbTYBi`tuKc`*m z6vP#~O$4%=%F{t$g}4Bb%(dO|uEh1eyVS2e-O)2D$LT!1sNwb0^G#U^p@~msCGP7- zh$oOpB-t4|{oc(${iuxG73~_OeR=SA*2MFos|zmDU+w*X3)hxWUS@b{5&qH7t_WFBQqqaY!ryU5gTdOEc&+%(JUaB_n zg7UJ_Y_=eAaYZX8I^TXEclzv+W=h7e>_8!Uw#4h9Q;5W=J>$7{N?g~r;lR`#ZHNPK zPv!20YH^ku)f9&vRe?WPB+#q_xS&!DN-P}ZWhvX0NqTA)@!Hg)AE-ipb5j1o(+_95 zyA(8#LzlKtlK5br`kfGjHIhA%Ghf+oBFu=(7TL+{>#|})qm2$trU2aNM4gL%Vjm)j zcXt{Jh_Oip3A=m4F|wM>>sgU0bw9T~o?3aN>R3H8MrqyAS__-uvvrVBZ+|O%9KF=a z>0Ifz=mm^7DU3l`U_fS|d^|S2lg@t%rlP|Wr4emL8l35dq%~e1eB(5AzT2X^dQ}hn zJg%XQx(>?t4TpNrU{B-d)*}P^JQG+=zZ5&&p;_PyujaF^Un21%VLPj%rzu`=_>!D> zhh1frsCuvZhu+RkivGj!iJ+VYG(ZO_Cm1kn%p7QjnJHP;*+ZCpf%{EkV@51`iV?iG}} z?O21^jK>K*ls=1N9(;nwBA&irF&(#e5MJRN>J_aIaaEOE;@ZLHwzF=Bd5_N|dG~6% z%j)QMI+Tah?B#&%rh11qL~poDj&PhvM90Q97*XG8z>R< z1OkC4xwuqzv~}MN?KR(24JBO{A6*?}FzVF64Jt&Hb5M2!7tiU;suuD*Vixi`uFJ=S zpoy7F@RNCtlbg7B^pVCC-xGq=gE3(qPqg`N5osgj(|sEG>ziIt8a(#eFC|!s-JGG7ou)%N>qU5Lq?id{fw3i8wgK`(yRhQii{y?v zZ2E&#kB}Pet9@M^@~e7@RDQ??A*Q@htK%nf{b#TYf()D6VdiN0{C=tYF|riyoPzSn zK70D@9(npHAzY9V0z?H1uC${BosL(Xihj}<(oqW^-``wT9#p&0lTqr*obYGCIPt=I zK{up)b~1QRTld|xUk1)Y37}wxF4aunMC?0h4O`(Z(@V=Qf^>DHIh4J}47dy*f6&jp z@0snbeZjP5io?i%nYaY)ZZRWVx$9HnlKU0k*xy#XIu~yj#?D4*Tb(s34>B++Y^Om0 zdj_+8V}EV3MNQ{FD^K#7kII7$%t&FQ#kA;sjs09&`W~?pGqfiC#xb!u0^G}jmtS3k zmmm@*w#I-gbzO!PW64siqoMxW`*hMvaO{@-v(1!*EhXuRRs?v{T{A&y%lna`q;q2p zY>`>|Tx3`-{WXT2I%eQOq4`^kEJ#jO{lzkB9m_ugbMz_m`Q~NKvYO_1G%LE7U3Ggh zijD|d zp46%O9zKp*@!z@?{^&7wT}fJtTC=6g+wNEAcBT8H-F1hj{c;D`MqIBmgE?s}#H(=q zplpC`UWd?m{oLc#G}KHqu=nR=PEyC_`KKsEb-U%B@fj4#x=7S8&_zS#ZUUxPdo(F? zaN>)-)!%h5AA3f+>qGq0sVCBLGm&!>d;bj>bdYdmuA(-9ES<9i?hGZ%`dbSSWe8&> zj#s(=-XCyT9u%xHB_9}{7sq@vEMtkcPsA~2PMCBH6vRUaMu50|sDly591@nYGnUdO zIcplFt3N~cE9IHE0=@e>pmar-v3+2vPBHtYoVa9LK_GiI5(7Ic{-(eEEF;L2hYkyz z@M3dor4hd@IdO#co;#~R!lH^pt3FTpzT(Lx7Xr;|d&>GB#_`dLtFjuc;Ei9vzt6a( z01_Sm=l{^Bj|O+Ig|=m%C8qx<;h(NLqoPLJWpnMj`ty~yy6J$Q8#clmexN{~rs-~g v0$(D0RsKCxcfim8C*yA=`X5Th!+H76lNn>$I(p4=z_Dki(+!pFO(yB>p~GU>L2T=6mGhFmglk*DkJj-$Opl$yA}b0>i2~%HK(^D9cOg z7@yAjz-LdLR|is@RV=nMup|p2IpbEcn*hrS2P=+?9i`kXMQo#{{y6wwu%s6TDW969 zPfk7sDEgs?_m71oHId|$31xKXE1MC@uzT2m7``5=7s2!-P7DB#&yq~T1pfE2S0>^P z%%4$63&cnhJW|zhOiWEGel9&|fOfh2t04w~MGrmk@uUDu52_74BQ=u}nT~!0c@=z@ z1t5$cgM<67mDCA)`H`n5nU*L`HO^R))I3&7#$M!Lso&)A{mS7rAW@}odFu<}&ri)7 z&x@{r)|c+R{aVMvZwXkH*`hybbdflF@B-iEhFQgk)L_Y|gZAnZC%$8cFqvjww8O2go4qkb0FyCn1$90%yB_?o^b`3y zVhgROtFkCWPlDsKD?9ocnbBR7IuIMX#zTsNk)#!tv!$-EuDeFHA^itkH}7non~30@ zi(f_3!@_dYzx#?j?n*Aa)cuehqvpD$8!n$(7)lA@>?etWMj&HXepnwmRzDSd!&o0^ zoBi|?ETT(pxwESX94*(oZ%Q`i`)gzB{BxDH-!3*OUIRUDrT^WD+gx|da1<1QhRo-A z+c$B1=n3>Bao_O8Uf$^iiK(AN5Cku%%0K>c|32j`j1?PC?b1`S*tf}lpmjd5^^VZO z&1F&2n@)=k=J2N*?Y0UF-0||h$%X*XV6fIWDklPm@ild5HJn4Sz&P&ytJ{xcNjpD9 zHQapYk6wJeONCoPGxP&=)^bs->hZ#oQS`|hhT1#!$}#tP+YZd{Sq2?<^4$UY&~V!m z*m?cxXppESW?xd8#cf!4`2HdB!yCZk59;MV9JIDd{m9lNapB8va^xKIzQjw#(}#7U z80s==#Ry6ZdCu&7$676Jnl#`a;`FaNvk~6JAOW56VwsZ0cgVS9ocO1*X$Ssa1DbJ20=Icug2%+=cSF!Kl=iyO0JQ%?yZUy}WFw4@Ne$^LTfYxsy$?cKTHiR|u? zgLVE|B2a*vDFFH{Ihk=au!@_5A}H@&O7erW&;%26T}JI7{&v5!TN5F!@95q?9%|QX zAbit#$Kx?aJM$v%p3I594}np*;F8WRfd}Pfuq1Qx-SnHSxDVgneiY7?qNene!It3x zefkGTQO0hf{1cwgS5H&} zt5ZLvWI@J1EPgnixv8rB#X@6Et-pwWEN%=k2GiHq*VY%;N&UsKmtcWj+8;`QYy zAYauv+tJF3kI|0XPNeL!TljIRO2N!X(0b9K&)GXK@(bJx@rxD#Y41V-Rf9q?MaT_<>oLHp6&PI>JE;nE^otaEK?3s)}<#obN-el4(+@>0#ErT?S8)d zXjPrK5E=jA@9*-uxWm`jq$xfo z^gjdg*EF#yvoo+IB&M+&uz8nmmEA21D?QeotI5}|DdR2E(HGQnpVFO-s7|rhuydYC zeAf>qpD726*`bGq<~gS9TMaYjc)c0CGeKWLbr*&NP10XFpL~4vu_WrH9N08!$*WsY zr7*4_ZnEgxMmF!})(V@W(ax;!2d?kHPcHH+F*F=}lu?QSigo=#UkARvmJSb@AOZ;u zSm07*V~ z<431u-X4CPc_5Z1D&g(v-P>Z_EZl6@3~hmV!cAx@O{c;qfj&3HJH%^zh|xZ~NBe`Q zxixfBR=9B#T%`@juqF3N)|Pg!2i}*p(>B${?oS@`u#)8q`%j)2I$f$0t{!3e`?c)r zEZv{u2B*3_skW%uNW@9cqY(WW9d@@nUVM{&^+Nx}ku;e!EM%Uf=2ri$5@N(H)a@*a z`TJ6zK1JwKI0gZKknI+G7&5fT4c(u5pb#Dr{f6e0tB>W?!*Q-#wERwEVXxhD>~iu( zT)F8(C~F?C8kK^!awny8LUT;zbRvB33X0l$&2D(eo_{#W*mEEYBujiUtKcH9$t1wI z@g$E?i?KzKSivZBR={F1naXsiAURiFeN#iBNTFy(9nu{VWylW}8{{o}jy!vgcGUQh zLF>RH?tcFHrZCwF*>M5cXdKi%-|tuVF6-$WRda+Zl_7SyN!>y)mwbczQaHZs~DpR2uL+KzwEXv0`h%}_09(bgZ@JCzAdOG}3^N2e!cx~mm)4t^F; z<;!|*{;p&|Pn*pqZCS)>JeR{W*C!48b%e&)8clmA8ZR$spLr!H&_6IN5EU24w3C%B zC?mY`O|zhgut1#sHtV@LwYV}@nN`!up%9dAU}0cVlq@BMyT&TEBimVmR`R3BHtB|~oRgYCs zyH$_>?f4W=baiA&QAt9{OkYkP0ybHy*R%@N-BT&>)Dw$G@OQU|@0y8OLX4T&C^k$H$2}jzCG_0iN=jK64e&H924KU zd7&_+5niA*Jex_oeFM>O=(BZjOj%7SmeJ+6dC|C?*Vzxhymf|n0ZT4F*4fu-@#FNe zJNH7Q(*Tnk@4fUS>zxBnXtEV z-kJlzXH8AH*$$t<`ceRBZ@?WUF&%erZ4E5kDFWeMl9lWPgSrU)sV57g5VNv?<8RiK zxD`)ou+(VB$pQhJ+u~~cGM_iL^T9Gff)Br;=jUM-fEa4P3EK`5sRy4yQ_a7wG63+Y zsKfcSf^Y2Lr(tWl49Y*J@zEJW{d9PD-ir5(M6?}+Yy%YAhR*W8`$>Q?JHpI$6)cpM z0nae$8vtA^Y5*Q4g@w7qv1tC4mc@Ds!1*g58vyud1;AJ;f0a?eJgXCVECux^yO{Q2R+_ply2?tzrVe%-Z_OOunR9s9y~mUW07N~6F-bdfm$&pDcDDA; z!X9Fe|0*GjNndAkKBoVxh>MNbV_ju6dT9qIb9#ObJ`S$O;L-R|3W4z4a@j~`!m^snFF-)Zh)_3xhSo&PZ`%m6vB-*9qsaB=>t zZA?|s>s(3S3zt;# zf8HvwaZQ>@f6u)xq+)}GT?swgcXIl@$?I+~webIMuf;$cDGfcozR@o&)GYFe94quP3_I@V z+heS>>sGOvDmM*#mba)r@+~;eqw2Bx`RF_K#cC&YdcW3tNQN@)ZS)p>im-DO&^==Y z&WxO?-DmT*8Y|&(O>}QjLDhX0p%FYRO&TR&)hSD4J`+Psl`8e#-T&r%A=dBl=PEA} z=IQ~!-or+Xdti}o5>B7^OLQ8wGdG|H)rQIZ->KPDSOZXrzE7D|(sz;D5xhe&G}hz0 zVk(0f4)ykN_{wPo78-DY6dv>Vj}W)d7Lg7pb`dT2Z$$0*#GuzqN|~EQ+R+4;%w?&9 z2W*NPL3#Z;@&)!J-U6(~<)up0f_*g+1b=K2(pJe?JQMw+bfN10p0`1HW_yaA5@Zuf zRgzuBbuy6i#{Q6T)>#q_9|?ABuC*^mn{PN(CFV7Tgw`GaUynK5Y|mC1!1{fQJzv3g zr1CEc3^9f>Ma9(&i5|q~Jn6$)5(7XHq^0P$d=(^Ex_quvg1^&2)tygXfc!EKmvqi6 zr(fUUPV2jGrz)*#EK$8CD^(BYmdlwU1I4gj55wWc&uk_@D@Ae%eF@9cHs$+lIfS_%gZ`L^?{$)6IF+Zo z`SOc_Nl(IeH*Ltw*ZUc8CK|z`<2)88KmAwOActFRq{&8ty z=7Ci7ZIH4 zJ8k`m4sCIR2CWGWU>_j9i-i3TlK!`yvDPp{))d|X`>nzYiOZ+PemUrK?L*(~bRkCL z)@FeoR;}y?$Svj;IxAX|%l(q`y*0YbrDdMAWNuSgh!WytDz&cKX82)m@}rg>NMWb*6Gzo?;|F|_*091=J@6WOXQhI{&ogmlC_`~* zFt)2^!1Mh=LDurmubo5E-WZb$?B7fA&5*MWYtmRQx-Y+??eh_hKxn3PBTwE+G3&EQ z$DLaBB3j%lMW{7$rfkN1t=urXY-8+^dwF_nce18H8Ek)T5FzCL@OMTSBaiJ!<{#wQ?~4ZA=$Qw;yjG&7xps@Tbw@ zBRX!$q>nU5+Ov^jgL&FV#ZDGHOL2KxwBBOls;fhO-5MEIWIv`&mWr@~mM_fvSF-#r z_e3j5_yCCcyd2GjbDm-67W8qFrvo!`=R4fbI}=K<%?+a%&NA<8^G}G?Bef(23uHXM-(AYbX2n5a=D>8&)rtRl&Ek_!UX(FcJ z<<2E|^eeI@(|m*)N2y{&F{iul{y`JbacWEUx%vL+LO`_zQimlKPrb7?K-wsN+_-cv z{UbV{Ri(s8M{gQz%i;Cl*6-93%0w!NHMwlXyOJU$EqbX}ZI(FRpXiZjH&X=-(L@N^ z@3WB{eet(ygdU-nQCehnXzCtR$jIdyg#Yen@m2pKDGVglAIG zdLCFs{cHxjbHmFA_%%e&A%d1MDS;iy7Hg!MDv5*x2I{%KXP_ttgz~T^cl^#DCD_bA zz3iC%<;lxvJTIE5pI-pj+I48_Wr&tw>=!?qbSAzedG$tLY1`iGqv(i(|60-hN?%{D zV~%M5VaGt@!AkEX4iX`_&`VEPJHGIg7qZE(qjh_qE&LCz0>b;n1VBu!S*6r37)HBv z-Ad~JFv8%|&qv?bIFezpaG2%O|E*CY_x+<3TkH=9!y=sPo5LjDdOzB@h1Q*W*>4NT z`{~2DbphIA>BH_bU}hbDxU=x(bc8}hDEJffZZuXhzR`5TL2!~>uN-U3oJn2R=y&dl z$tH+jE@n{M0!SIi(-4hAVJjUq_nQ>{MX-#rZ8D^KN^G_vLqW5E>>>Y4so!b;HSVv+ z0Q5p<^zzrtXab*Pzq7qeCv;i;NqJYyB7@o12Zh$|AzHf;b+8M|X+JJOi8%U2EB8|1 zX%e_hKY2R_c|kejm~3w~s}%K6jAA!E>LRbKz%7}>llu8dQq7RCqBvJsZnd$?=bfV3 za??t{fKW1cokb@<{vL~_nm`(Nzd#B{z-3v1iy=~9r$(O~k^;Uw>vK68;~BjDd3p^n5QXYLT_YeN0%5G^o8x%Zvg3&J2_>(S?kvB)kjONdAnB`EA!iFJp#Dyy zL8TBPHwmC*0CL@$?kobYX?K>tVEQs!e?@S*0y7pHZluE{Y}W@Po@S+0!DnT<6(A4= z)7}K$kLNzSl+X;PjAou=ej$up_vXKO1X<7v{evN=%VNJKX`ilbHsIh1ibPWq84;(H zzZH&x7LX>kLNl}9iP z68O3IX0Rr)dD>XCHyDznm0LNqL3&z>#a7poLi!TO`_PG;UOPA=t{2e~>nR1fMi~gC z*GQphA)vHjgG2D`VSlE!9U%orqTIlJ3+n|A64#9nBMl#nj&FK0#Qy>jsD z<>B*UbK_vtk`Ms8TZP8S*kTLCA{QhK#8cc8xN+H?Ri22xM43n)8Q(vNm{lv0ZQrMI zo{tqD7Nx12#f&&$hei-ZJYP|Uwbm^3`j(+n70{cg-{l$_3&ne4!H#}Htn_)in7tq+2t{Re4M$8>(V5JQScVSK{&@-mmY z2&!!{!2)&R&;BY;7dXaC-mo%+5Ib>J|25uQoBTiRD~S;B2WqH8QvZzxC*js~h@~XI z-;ek&6`Y0@;}=ZrhiM}t5`dW&V8yIuputskS-U+?*_{gBifC4jwl^+!Z~no*ZzM-_ z)Fz%Wv(vu-JyqRkty4^POWPX#ngN8;(C|^%RjqJPCkCIzR2=PPA=Q8%-aJROX`7M3 z)0u{eAFj^ljkUBU-hQ}S3)E{M$$s5!f~DIJN$q1Wgy5DF5##%rc7Mnp|YkJl4qf?(9Juz{z%}-LjJ0 z=4i#8BD_C~xue)(rn~B#%9^Agio!ITCoaMzxhjvqoL`TcQYi%dS#K#=#%L~<6O>9|#bMGBo z@td{!DbU&^6Xvg@i!dsBsP?s3nqE2VaBvxEn5&wI25=2v#_Na%{fq-krAs%B*) zU>Gr18KyG!<&hc0+aSy>DffTTNH9#O7NYZ(7iw7P^nGCZIfiwc|NOa##VfhmTNX4i zTy5AjTI`w<46JD-C6Rctc zCSEV7H!T~MIHpsr2D=r-*po-40orZ7bJeahZm6Q3e(B6OHQsldVKf4EiA?M*6>TP1 z$>k!)M}lVGOO|jfJjd2vBq)YcRMiApb1DBXBIg~ozfez5NXwIo7Va+3bx4ND5z)vL z;OhL~Q^wKIoPh@9)uuBGOVi*O%=pMIo87LqD-yD98!Bw`?v-NgX0jz#@=(a+Qk6K? zdHCAk;q9}mQ9vmy?gG2%``?;OnLF2M>o9R_5$~Eu6uj{QG}@}nI$RwfZ5)3yuD~nt z$Ya58wAhmu&O=*hL{RFU zP*w_W=*4gfQFvR$tc$eWFwdG){6I!d5x}R=cdRGVpdE1(kubk!u$~Vw!3kkjgO>uWnrA(K1Sm5 z1bU!Zi&MFnW0deYKRg@q1eU4@^WI%Fsy+!a-&V%PuEdeJcp~iS4_Uu&JlzFjVIGh? zMYQU39>5Ln{mj#Zja0QiT=!_J5&r)e(}u~3mVF^5-~z*Yb1#(zr&l^G#-LIy{D(KR zuk~(lpreEi#;A6Z>%?!BG4^Rx(VvBNpe7r00<_0%ScOPH_3m}{%rsRUT4CoS1kWJD{Et<0yIwU~@$)pz;)HuHjlpw4Efr^5gdzg5-VeA8>ro6O zy%~|z(;fR6b`r)l6Xo9L4fP2F&}dZrj6+M8-XK0vaeu`sY(=YX{#HAZTz{=#sgRAT~LR?lq zTCr#F6uVabIh5PZh4|z%f#tDEs9~V1vDm=?ulY}2RfRc(&6L)aK-m{<-zNR0!*v$n z#X!GMH$Z-OGe$kmEQjb5fIyKvk8Cz#8GW?Qy!z`$7X!Adue#|#{pli?Sd-xu5s9yt zjNCK9^}-M54?~y4%G%S(GigPYm|BGfJuMwB{3u0L_kYuH0Rd1YdJb$ZBB}C*atlD& z)yG3$9D@FMsv7JG=(h3nJH#*SQ}Y8sgXNYyI{ez~ku?itFT-lH-mR%ij2)KejFJ=U zKMV+AS?P<99c6sgGbHA18c`8rEblnDEFaR584Fc`s)ry=M5h6k}EiTg?kp9%Yuti|BAP zet+XY>wj4f_e0sP`H~_5O40ld9gxwQVd!?}H2Umpbn12ZJ&q^B8p~i>5genMA=yhT z-9j#HpquT)i5rU=eO9{rb|aJSEC*u3A*P;^gV<85V9uw`oEGmlw_U(X(of+4rLU~x z&98~Cj?=nl+YFM1YA1Kg6RT}d4~M;&y<3dnLaHuwWQF*Zvo#@nHHYmWKga;C;EdD+OV8f``8Pu`QH!xTxwC{zt3d0raj z=n88=V&i`!(cOdNO}}`BSmh{q41iLEEALn_&Q^8jHn;m8N&8_V^BGZ0 zit`#ohY)=^r%a<*v2ECCltq5$H}9kT&b3|6Z#%*Bh4tNKv#0q`8ktxb*d-s*o%N8^ z%_NWAHq*N)I{w*f(dD{P?jEn>4c2~%Xs!V!LXMUE zP}SI&cDJ5?s1Lt%;?p54Qx=qD{>z(>1 zIVWBZL~QCxXhe_VqQ8^GEzx_s6FP?esapcD0A%1*6l?qqhU0#9?GP7?TXO!82Xcj>F2yGn~} zw8ZF~5pTvlDfYP)O*|7XCA%ttldhzdNEYZ8$X#q~VKYoe{;I%B5ufZ*3sTjJ-tgC> z&tR@oEH`RPl8Y9zD(MNNG-gB2fMe4T6Q64a_Wp1+KZ%u0#WSgr6!AJt-r%snSA#bV zg0Y3&wvz90YLA_>GRcJByTy94UxE6}AU7cHJ}EWTHrJ#@e12F%TYLWN{4~$v=vk}? zP~}QF7W5!en8~|cQ?y8GlC$k$Y!Cs-^u#Ob!wl!4sR^Ez+IyqUlT|kLc6SmOoh?LK z6Qj@+4o6o@(GqsFu+*wXK1+5#Jv}IYeS~Gnw=s&j;WOnl^NN(0COarJM$&@ZbUY81 ztEBA2oxK}{h&yzwgQtl9CxOwo5auEPY%NO~e!uIU7$YKJosiUD2A<6DyGnQMmi?~g z4`2&9c|iR?Tl|Z$(VtiIGQVq@SJx6zK{S*#9?) zbXN-_A7599u0{SCsebYaBjy6%SgMfyDLmyhF3r2dRO!K-|KerdoL$G;4;V=Kwj+8HI zPqY&;AK6#U)#zvHwLjbcV5MGQ&DdDG%h+4q{SQZ9E)c^%4t2S-q?d{au#%>B|R7ALV)&}ozG{BNWAL}#Ht(zrj6 zMB77D{jUE;$dR=X^NM29?$$qX2f6M6F0}r%e2-w+7ijaYfUK801-WLt0h6vm)ruLj zjWRnL|MC6u!`Q;f7oS3*D}o2Xm5^LMfXJ}V>)EO9KRVserk}$#kyBQz*qZ_O%MlR2B!|3;df?=+ z_#(Eq_IA#H7;7;`xJEumcJ>0sVdQNNR5i^Es0!-x$qC@`N zj2}x2`p4=&!~G==KzBcFJ{hDq-CF3-SX>nOkuX)Qkn}6*7MUbkz9Hye@{qI}`zvSo!=c zfmNm;Tk1G<8s-{fSoJg*`^;|z6LDuONNKG1O0dyr;4it}I-v}t#e`|HgCoc*!+tAv{*eP;BG7@P5PV~(b$2Dsj)&}H1wZ(aj7WGk4+eV@s}bScep-6&qBQ~2TDJ@QDX?k5x&4n477vBLP&JxOo3DhHBHF?A z(Gp^ktLz>+7AjtY<&+7psx&al4t)mU2Wngi{(>(0lK^YE%QMB+t406x43@a%{tVyC za)Qj8ilp)>lC|^3631h_Jitrr#?|659{ca%QmhH1s0biS!^m;ugN?g8hgW+z{; zuEA~FU3cb4$e%On1HkWA3P#Hn1#M2d!brB#Qa_n2xh&B_+hY! z$gwjt2)&XhvVGT1@43S!4OZEa#ek<`Nb6ykRmVxm+E^{QX^sJ+-;~6ikhK9*IwlG}{Pr5ywK+Gh$-!zM%M?ZRc@wcd#c~}M$M~HW zN(K#<%TS30y?WynhFX0I&3wwou1#BJYxAJ}A6s~_5~>`H1taWO1$FLM(feIzgZptC z8(-lI#_{YW_xiG!Wumew;7^Qw>h${VaXyA=-`-JN_7AHB1n}Maw2DS7V@SLesMM*U zT4N}7_R`oBkrC|XM}26uAQu`bIg4)sRYFA8A8$uShQVJW*7}*1IXD*T`Kmvv0P^XM z&klViYj}~{IqZ+!cBWXNYXfooHn6F+8Vp*4Eme?Viz7HQ1K;xtyC(i^-wttT>tM@j zkhzt&gf_;GiaTS@tJM526%HL>RvI1f}x$MgNV6YbT(XR!KY0yu{ zPh(Ar(V6@6qa-U+t*Y`DY4$E|HV(jKc!K!w?L&4}{f3xj44SL;#3|!}kkfaLHi(t! z#&}DKLq`0p0tWy+`r(Lu2Vsemfx(mXe+Xw}bl9HV4@#+X>-;e&pfqYK<8&TB#$Si9 zUe8-h3Ng{IJ+jazFhSCJ^nf{_7d9mgv5evUDfwM6433SAsIk@(0i%jDio-tLpY9$a zvBMLvnfKY4ffVprlb&>R>P24%i!nNX6rIE)1}2px_&^fT=lFwav(HiN+g!%e>Eylk zDiFIk!gg`p)0EQl#~Wght58Z-mny#2BDZ!*_e%s)Vz;JQz%(=c`Ch#yo6alyQtc@} z@`nuXU*Tn6TnaY=*kVx;1@|_d5I`3cakvUd{e|vUHAeOWw!WN_PRxA}7e<@%DP9hw zm=9<9Wge2IC?P7=INOw}Q&xwpw9)}v7^q+@Hz#ATTE{U6gOJ-evvlzE(;Kb#><~X8 znBj;uue#O#xXAg*jBmXiWOjPlzSr%o_NnDwpu8J7Z03hFfFkq=Xww?+J?$DR$~30W z=a8SiVx7>4iMHfz+qr*olWKlC6TE*`m;_P|cO9sd>NJW~&;U*%4%CuVMw_|}Sz5Kf zVsp{bC>i7-`M$P9r3h{(EP`jModHB{{0-ZH44)B%@e4{dJGn#K69f(+o(`KB- z1ZoNvb=J0{r=@MO770Y^R7o4izX&gc@#ps!g3LVXIFK*EY`dV%u;Z=Qu%qd{`f9rI#mzC|`?tcJ-c&;x8;yc5M!h$2D0TI}Lc)V%9rqeoV95#q@oQ3)<$gH7%V8 zI;=uIYqFmD<c^7%%r*usCj|xKGk%HiNuqowEsXKz})9VaHZ z6~AvG&xqvCW@N;gEGl>Ad+^IH%aPKb_6kk6(QFZUZXsSNTk?DnrnlPZ)KH_8ne-^= zc7>W0Px2HMG&}bR0BzkV+lUEj9amn`UCKpz8-i0Ql!6J3?vmbmesq2kr^SOpx^Hy? z&qP;gg5*0t=@|QUai0YBhp+VA=h#SO5IRw;emfaKY#Y<_z#EJg0QL1D}-EHr|CcFd1{l1zCK{h%&!r4i_@TI$Y~?+6^-FV9zp$nry4Ll_)} z((NE6oA=ealpBiY3}%uYvxfNRZUmBN*d1JuB=sxt+9wdFUM@uwJSj;D=1JP1&|aB- zHQFEr5}DAdwBxr;wzGJVjy}eos&cM>AnY?q3@#7)1gp@2@oHp7rR4?vKn!Hkm7Raz zRv|DSPGI=>##6>~#Ae4BgJ61*$Z<7^FALv+bFK`~?~}8}*TZxOWKo>LB^xzYZUxBM zOK}?8hzu@;d0+R>=O#mlIFi`2W`deyxK3ra3QQs6>p{zDP2_9hVQVdiW*Ohh(=W7w z)@R=xGuP4y9EOtFRY`p2#cz+_V&$(uoUT5g^E_vPz;%p$rJfms5}f7XWxn@|-Ww|O z?yhh*=GoIyow(4!orh>MLS4otVawrl#=WZ!;ADsJXvNlM&*kgr6l8*(vF+w!Pyz_; z7t;&1NbW#M#EIn-er*-6vw8dZTkta2U{m3!80M+pk2ljDP2d|FGN}K_NG{{#g>nBi z^0Ax`c78OXz+N3_mozF2H~X6&8P5daqJ;{%de7- zysEQ6M3$c@c1(-$#1ts5ErZt-KT+?(6a60B2-vEOe0~xeQDvjg{;6-r)>#?u3an?fe<7F)t88b zEO%!Szxs-On)~u|VC+&hAyR<)hW$*PjxXO1rBm|6uVBt02Lo$Qx09V9X$x)PvhI11 zL=QawF5ci?I5``ATk_4)^KO8_)lofH6uA z7Yf8;baEGxHI5MIOIUfOm|>j|ST@9is}d@y-_myZzU!6V>4x<|qhrfOx<}pVKq32u zs{l$3OIN=csQEH|A;yA1 z>oz}^jQJ#g?txuMUED|B=X3_mt(YEk(`$|d%ouwvdWx`SdehPl7w2u8 zD79^W(}S$%+})l=o7t7{h6Qr!^(TTLV;{XA%IUU26H^*Y9uuQ5QxG&*OR*cRuUO!w zz+NWGnnJLBbPZ~4a@}6nW2~#NLA75Fqjp#Y=hS9uj6q*a4dy24tt`edC_Dy3;o5`J zoC-(eX6YPb5IK?Op=)l1ocjnYx;5(X=w7iVq`bP>lIiD-qsSy9vWuY7pcBD=0Aprn zz8)yxRE~}5bx%XNG^EE)q09tj)gcDdPF9nrr~4=zi=DCdieq*nB-m8$HX+x|CXK&H z=jOARF}xkJ({WtEUUDJ_zLU`uI#Vsa+BBXW!x1&b@JrgCB-tuLf{GSaBfA!j>));{ zfLDk8NBi?(TIyhr*N{tL-kTUKk@&W?8Z1Pw1ZMwU!h8o-?319`l${Pd6+iH`-#qUE z%Os(1W}H@4>*;i|q3BN>+O9sA&K*W-wiE|ywloEL$5n3IOdfBhIoqy#7}tbU|Ej6W zc4Y(*hDRr4KUwgFr%$6`XAhkVPwyJh+`(m4wr^9uJ*jLpc`f- z8n2JUkhyQg$mDmu;(NsiMOL*~rNqT18gF}zaq|w>ak2Z2W`CgZ-{6c6;hrANRw|0+ zIXco2gR^C90+i6)@VEHt5@xLlP(ku~xL3H{X&#Dy3id(F^v7*CHYV3s2!Il#!b*|b z4ufEb&p)A2CgpSc_2jhEr!(JtzhMM?lmH@Kjiwfyvwrct-wr`J_x)zO%Ns5+n5c#1 z!Rp|43?|TTYp@paKx97C)Pgta4Lz=J*gQev5siv+xq#l z(=gNfZG$B%FZ)?m8}WLkh`S0e>52A?sJ21FhEj;$Kw1lVIDGE|K=qJ@o_B4iK0p=& zh@5sH-M^n?=zW~Lmu4{~^~<%bg>IW^aNE)h(Kc4QJ~|;q{m^YNy45qnj$6j?uI#JTzGbE6MVNTwtU7x_&E)YYpYM0p&e1|0l2Azp* zcyq+Uj@}-8&9?7kI`*$r{hn1(4M z+fX_`uU}%HNZ?Ac8!cnZ+7SjGqv7%SfW#KX;H1IC%!KXg25X;9jpG&>x+krlS3E)q zu1wceDR&dtPL@`*P~wY|mG-HxP5j8N5Tfl@?soax%k_cc=Uzc3&5_qS`2a5o+)s6Y zp!v%3C~1GOnA5ghtIdtS*GAuUqd`}=CL3%4t*WXG)?D&}p@+I|w%2w|>j5(v$157Y zg?RWqJXM@GJg)M&>cldRaa%FZTXEto$pdF!ZIvizv)3OwsG-pMlc@40jSNwfWg6a< z^(s>*$N5?Ht`GWC$_x2HP)@zQq6gwy` zqZiXX-Zqly1M}(9MzD^*?_$MH!UayHJe+s)q^%-lS20{bzM*lOX!YQ&-Uz2UoXgdT z`q4V&8uhLaW9+cykhrgyOV43xL$|Mmt9Z1KDHTHa+UYhiCB#v`c=Nj<;5c`~`gqQv z*H4jrzQ_|6#&RGKcsuVikQgHs6%-`yZ1_r8=NxNQeNNuq``C^(;A>6IR z3%s)w%K$-EO{T#oA zW6-^yg&b54#X!~E?TJ2>N)J66k_?TdnTXP6Wuzz3BJOdVZTb$t4TH07QFufyhOX*I zV8P(1eyJd^SqSUcZM>VDATy0hKF_8h6Qzb3$6(jpGQ_{IIgmX zHzqBwl3kgTIYL(kX>izwY@TXT_KZ#FLHw-|uQ7xXetG2%8nhPhnW;UcnK9RvNVe3O z|J;fHaSMAE1J4tPVYh!VJH=G{H~Bo_{CTyq(24Wh;Ary@P9O=KDry~{FrJp#0}J!x zG%?xFR*y&7xMfn&l_-{ofV7;kxeR}PQ6XY+wz>m%o<6fX3uHX5azi#3{qWnVKkCnZ zyHqf_t&8Go>H@EilGpL4Y-`|@QxG9M=WVRN9QDyaS9*-)7~7~i_cMRgPl8CO`8)7k zBkhYB6?J^=JGs!`+a&nRO4RZ{WQ>ela729aP5Ma);>PL^_i2-|^wX{K zEIEEl=P>+XqEvyT9VO1#>*JcE?yEwo3f2-ir*0&baIAKeuz`!`PVamRKeZaQ0N_H!)V=jhQdYgo{*!WBbzFJDjB8O+H>tM~7h z?3A~j%YMa2PYAp6;aJ(&P_kou3L6dj)HhBk?aIB(>kxKxwGyZ=z}P^ntD|qAE#mfC zgJmrpkF;7ugzxk-1;xS?(X6ejbgB|t`}T#i>ENoV7Nl*>rO_N@`fB$AfdLB^!&=5U z+}ul?-SY^?=QIpPER*w;?dQr&V+q^&TpBQ7RWPAZVdYEKrHHOPRGk)VFh3!g!X1#m zq}n2Opxm22HG_nfCx_7q+fQ8>KCCv_YLM?o2;ZA}_mr|lU>c;}?c`kl21@ba44Ll6 ze0yBI?`CnJtI!w)Ffz5i8s6&4g>!H{j%H_z z947Vj#8ev|M%?FBsWngk>nz^9TBG(7$92S|y$yTg5dc~qedfD;mv=r9T<)G^2;WHx zt(gat<%qf%JHs_F+ytlF-3`yQ>DzGIgV@h;7L%?9{Nx9va*PX~;38M7U&5nB(EW_Iy@aR6*iH=dm`51iTP{BV;A`xHfU9D4J1U_$M! zHWxTB*^jLJ=3L9O$vtUy480N&78@lUMn-$jby|o5?D(sl*EkN8p~lB7c8lCwjhA3V zYRz`h?e^N0Byjvl_F_QDjgBzlFY{H1&f}t5;`Vfl+>WRc_HvhIRwQATdiJH)T-7L78GWC|J`se=wKzQg(vnz*(cv5d# zjeL1&EJAH$iR$V0a*1n#!EW6*9Vp*IbzaEHcE^o6n5Ji!jU3XDu!Fo&@v=m*t>Z44 z?)Ll-L$s&O0ZwV?SYYwE4Epw21u_WcHi28Gy#P$3XWWNkj$0G1|2uM z@Z{xbex60)=wT+f+INX*CPC}!zKudStPTwDF5Te;LyERF5Haxcs_~8$KMY*e(5y{n zB9yGwHJkT6S|l7Ex80IiIgB~|!eBwsoBI>W@&4jx;s>;H9MXAM1O|K6f8_ELLakXR zSXSmDAcss9@{?8PeGfDT{(Mc8;Ce1;*SH#waeT{fmO8LCr5w0oI}xE=zxZ8y7DNHbF86)PtkI>2wQfhI9M*Sp-=m=1I71BZdDv|%k7`FUCa*FD*~U%rue@<-x(jFB>w@qcL0pTKx87G;fib#pE|2$ z#Tp~Njrzc$cQg66bIZt54BacMR-pH}Pew265$W86pc|J;_&vLwrlCe;z`*_fY2Y{O zlX`?)vt^7-NfVXX(im)YkzV3JK{T1`gv%(A^U`f6x7j=_;w}tdUB{k|75=*E)H**1 zja*3m#rca}=9B{#5!Xp1cKM0PExJf1TYFo@<;f{v=XHn2rC`n;Z*I4q8C;`j$9zU9 z>oULpcK|$+cuF$dvq)7PQfC^soa{Cjy~@%1Js13sKbRSa92z8^^JgZdV5jZ*1v5v$ zWMNr6uIocNhwgvnqC#lpesY{gJz6ePkpVz=ZjrSJN*8!FfLm!gm~run%D&h_rM(Mf zz`dJ@5!cjc>pbfIYl?WfE~c?HtKtaCz|H%)B+3uQfE$$f65Qmtg2E%dpf{uA(hASF zhJn-s$-I`R2icA-KUI;;9UJ1*TB>x9zcRS)3i3?V0oz4kaMWphqKt!6bx7kvRtIu0 zS_MBy4At#n4e)jLlZ?$&>s~vw%%>$Ej)QBT)7W8XgP7T7Aoyrb*|5=NCR5cYXX@O6m$cN`)aosd&oj*ynf}_s`&SJwniMK{ zQsiy@R%-dh{e#@Df9-AfiOy2(FsiZfAb_aQut9$7C9rT~tmgqk#5TQ$HCS;^vY2 z7_;Scd00!I%7?gly@ZWk)Nz@|3xf zAsPSJ6h4WEmea-hVEV^>LmvOJK6MG0bf2vWfhft`R_!I*4F}5co$&RBt=O4WO>OuJ zt(K4dy7vGFNdhJ{!B3u!?bh|EQIGp^AEevL2cFbnjL&ZM{=xm>YMbvw6#Mk#%FFI; zvMSq-;4oVnAeJ8FBV=)ie*JP{=p1`>Q(#dLdB3Nh;QbV8wN^0dXbJsV4fnjT_g2~v zy$|t+*ykYe6NW5~1kt&kNCjEqZ!XA@z54QEyJV)07iPoE$Yj=)AABiNE%nI95Sq(B zo*h&1Ajfo-h<#4#YZc99Du_?~6bNe#CvKf4-3k%&h|hN5XDnqnhzw;1@e$SPC{pJ4 z=8sCHmfrP$yE{@I-`Lu)qGNlt?T*a+Xgx?da~g*S8ZmHQXjYxcVwmtTd$y( z!nOM=$R=!}+M>4tH_R%bKyT17E!rnT=D(Vu{ z36AX&)8=X?hAE*tWo?t&`&JQ;R{I6ic6oKx&h7??nNTPPW{=mJyXX9iP4cLv{yMPB zg{?R1L!(AJ17BPyu-KBFsaI@;ZLps1g3`xvk^kC=2Pq3#1JF{I*OYqc8M<3!4=*Y? zZDJbNwNEX;3q~nHUfND4YfSaD`V{dM)P>;?BZ!7nqa?<-KCSqx9|946$J@^AF5yu@ zs<9*1QG`0(&XUT%c32#IcQ)LRjdubUKntn)%f{}IPo@iZVyt!ZjA{$sTO1(`Z=H5y z3t`RZ?+V9-u!mqE9aYI`=9(4tx>i;V*`(^$wq47H|wA1M5ZUn zXQ(0@N0qcqT3G~?J^(nhhB<7vbFcwz*0%pRr{T!hayyk6>2Nt=gwS~}a@RT=Ltq_E z5w;b2HUoKG0ESPqc9hsVpJx9MfJW?YELInPe;eGOV{WSt`xpXd8Rq!i*_ZI+tj7$C zYY8&X!;KfaDI(!*k`9n-ZERj&uh%RYoHKRKcHzNCa~hf{q^{NS znRQk}A1oT3A?13e1y2g+Ml+kl=H4$8(!0JXrsqZdYZo*>7wSPjT;(G2Lc!`*3Y}h& zR1@eqYAtW}jWV4eOiq@ce$h$Aa+{V)Tj}DJnQlImCZlu4!dE&*%cm1H7`MZ4p402r z1pII{E7D2gu;?n_UTky1aX|Gu>zD^8_)xov&9>FuRrt7gx>#IXd)cxel4iMD5#+pP zXwp5$>@q+gWrMV;n)=DP<4tTs*P%wu`}CwK3MgFqP$Jj{YXGtg!ACKZ{H?F%(J+rB z_}cvZ9nTV}s?HR=U@h7K&4Y+POTJ#(&Zv3%WiFa)LyKD5`ScHzfsDYt4*!csIef!K za?1kpqWB=&%)A8vnp&Jj{3A>MHJz_x-rrA<9*WG>yS!IR=Sv6aJQK%t_;oPJG2sQ~ zvV(^pzvgptA+*MaGra30tkU@!A-k%I5P2~Not?7=>sr*yMtkj`&I%JB;jTTbLl}6N2 zgGleTU<~9N$@v=O$xF-K>prqE9tM9+?AC z`3gV87;M-28P^h9vV7+HnqcWPYxtQTnSf;^vN>N@HZi%nFRh!A+*4N_AbFkm;g-~A z8GbZ+kUaph{Ew5#R^qLg7C5pD*L%R3y9kr(S6HO-HB9d`*29xas`2Y+kX9afjD zDozA>fbI`jo$+1=zPWm7C>=G%%6V+AM?Suhm~s&M+`$^0wz)2DU`dve(RkKoR6vf% z8kL6j<8HT*1hQsFVW!Xq56hFAQjpZ?su!m#hr?nxFAMLifK;0t-+Cj{duJR;qBGOJ zKD-7Fm$k!%5iBE_2R-A#NTNhD8z$@%ZdccXUv~E6dF$96SbnST!4Um=a+Dd-4uEiJ zDzCgcOkYdZSiy_W^!a-9QLAy)m}Y5_2d|;;67|f3%cQK*MTnwyvftLFsZEB#^vjI`4iO3$KY|P> z>*Qt<^g-{Beh)J+AYeNXi#w$L1UueVPzyyt19JNgUHi^^vbXgeZo>{%9y@b?8d6ie z&}J#)Pk+7a%1eB$ne02t5?*Z)bRCEXFFX`ETwAhq$U$&+-@f{N+8Qw7T zc(Ys9!u^(IA~jg$i8pzZG`4Z}`iXtslUB!xp?wsV96X=q398wai}10Qe1A(k zmDa9LQ4TIY$h7Vybe5%A;q8^79UQgjCR$U*Ji`q7Mo%cOmuix;Cg z6a7WQLp$I>I`x2rbd{G;;KjwmeqPqFCR4rRywJm$`5NeSH%N=)cc8D74R_izcjKws z5$Qd*m%q2|facJfjMpFcvpa!t!@np40=_OlQ0Y-NrEDAuDk;iVKKLqjjJHo8(R%w# z+K-@1ukC!Cuw5`W;HaLESkoV#vV~tWQm9{%c&k?S^Uc4(&ORR<{}3R0Qmp~>R^q6& zCTFQikJ>lU6Nk;0z)`hB-IaIr-WfU#1l!I$PD@Ml9Euh*R}DVN z)F&`r0&rbVf-bmhzLM+ut*}!huOr`iz9hbeHo3btZNN%AWZ3>lWy8wA3lL6QO*#(o`Ck(3mYCLyGuE!r~X)9;i#q>-ni!^?)6r<-|$;u73fx7 zt*{V@nBNc5oxqx;t4cI3ypsYeSZQswJP5Y7A}-m6GMh@ESe8>3=;EeW^yUWHzcgkK ze6VM74rY8=DNJPPa=SfY;*QNpC?t085pI6nEM0TlZ{B&c~ zvG(e=A8p3L)g!Nyg;@XMMl5fupfq(HDL!5M=-;8J(kXX1TOaJH`6zY@PUmYJ;l}x zuR8T%L?FaI*tn43sgw4CE!Y3)pG96JsP9{(68KV@q{mud^dWVXp3cLz8%cH`VU zf^DF?A~t~nM}W=`NVk1XZgnX(o!nvM9?b*{hw}e*+ygu*jwudxgNly7e z=XKyc=|R?iM*#3%=`wrTzh>r4L>pFQsw)}26S1sV>;so(c~|G*$LU%H{S9|jXE5vo zcX6xe?7?|G7VfqX6fC74kKOs4%xZo7PXjjyQ-h~VOK*<#5#V6cgUMK>$MR54K;wk8 zf*s#&yh`qISp4R~SngAv`qLStUPOuqVjmx!&H@1Erq&VT4$o=99O<1`t&{zRhs@En z^0UTq-fLSJLGCNB6F8Knf=Vqa@Rz>N^qQ?+ z?N&tdC*DNIS&#SwXg<&lU^6xZ?2~U&QhKaYnglY*wrLKVqUq40+5vo~NQDy_7L~a$ zBv@l*(M-Gx8x?1D4>Pcz?7wk&%Z^BP@VXx3s_R!gj&OD_>;WlxYAY?b!aq&}YSVky z%N%dHbf8L-zfSBgcgw)NBsBakaall1yW<(;C6hB+f3#V*Fetsw+kBnPFon|P;NwM9 z)cM1;TrQOv^r>u5OYxhEU{&Z|# zr(QGxd2FBj1`u~bas#`AR*3QN&!swfI%@9h9{Ef6Z15`VXK&d-Df>nxhmw-Pj+O!B z8^Xui11tSrkp1dkRrgRhZ~$!|NOkjl?)_lpc|HFVb*DAG)zh2H|4fcbf0(+yqJ4SH zO@nNfwpgpezw>PAHkXK$UjcOdbEa+YI}Y;Tm5qhz>NnwIj|?_vNUv5dKLmLZMK4~os1#=O zkRJ5ZUMp!#`E!AQO%%wu&3RQ!Ca=)x+vh+3S|{=;mdHE9t9K5%$+CmVSTH=m>2b4s z&QT4Ibmbkn3bS2Llz6}!KV|QWiUs6oG|dkQe|@Ky7YBSXbNLbGrI2a&trSVX&*DcK z&ys&sBi6>N0V$TGh7wxS$imv@gU%I#)vqs$dq{3Ba`QZnNAH()W_9Zvmkjw@ma}$V z7^TWR$&dl>_5gkbsPtJ0Zu4i%Yic)|4k^AY<2&&|RCR&Lj$a8h4LYvB~Ywk*cjiIjGg2R{q8l3GQ1z?7Lz%!`C3M@V%& z(_1{6zUC+2pKCrwMAgdLaG09S)HK)G%t({KFvPS~a2ROct;4deLVbA{oax-Zw%FL! zBak$2+SYe)C*n~MVJ{DEHMM9xMRmBSqn+7vTn#XRK}J8>J!W*PSZ0;>mpd7msxuxE~!O7Xx%Uw$t3*_gCbDThRdtrdnLVt_@V z(9_)KPycd#&73S&+6GkFvX%Ux3ou@8ZEHVBvNtqL(GD4x>usI~#+|-jk)RSr>rj%; zc^zYo;i~Uto*@^lu9)3wtW{ph{b)r@sm*8zd3Z>*G1^|xA0^pcnO|+TU&0ozMj&9f zoa%UZkm%;~&sElc)#mG*%k(x&(S0SmmqTnVDcJdDM|pZe?y75%RcrkWL-6s0m2J|P zZK2jQTi8j5*<{l5w)*MJ;_iC9QCqIG{%p+ReX5mM!G;EfdR^-8Ah}dI(wkr%>z1khK=2r8Jk=DGBNVP}VL#DWD9fz<-%R$&>re zb^v3$&SkxB>5g{bZuo4c9*hj%n0LdMTkDOyan)XPlh%?a2u`Dwr#ShZGwqrjSUet6 z{alHg|Mb(4Vz~j3qdgEyYOrW*t9Q21(TRGvzmUS1`4;O322qVM$(XHh;|+4~r#EX6 zij2?|`)D@?brm5Kk&2&${X@cNeU?j9TUO~WMwUF|CW+6QMtRL!)wx63VzCXwJ0eSd zj==xG1ETY7LhgED1(-1@^I`%i3Dni}pT;*+A!Wl;YIPZC$%++{ODn>^**A#25vSnD zvJA5hKAQc*+y%j%!PFjGN>2<=Vm@avTMV@c9xs#?k5zk$Fbnj72- zyzc&p!HH7TgfnsWB(!`w)dz*XZQgJ6o;hKl;1}hZGEPBaGuO0E*WVU zZ}1s1AOb$)IRnj#-*fyItC^G!uFn&!AOuj@x-@QJK6&R#8|LJCte4ZYe;oDKIQ^6R zJYDMptQam0(4MY5IEw#bEee`LPm6&SP!+ykyt7)_$%TYfaL*u0b0d-ar1?zL;M>Gn#sNwi~NM3eWq-zD9WT8^myZ zxf5^C=3;^s{;kt8{9jZ!A33wFHEK#Vk{63_(z^L@0!yxr zsW4+ZLo`Kr902}evNxKf6m0y*A^e+X={uvnSqIl8e|d?WZUMTgt#@b&6$Fvgy0ZW-{Ul3|NB)1N!JhnHvWo?ME}3LY!5mxvr2?I{_O<+;|2cr zC;zu&|6iNW=IgO8bQ6{;&YE6jtFyHB{>9w^rifKt|qMQH- z%8SP{N8&xV)755AlD0y3?+th7)4t?p3uDljrpbvT6u6Ke8XDAp`{=@f3IMx=rqGo5 zcSrwu3h6W%DU?PYpQGKTpARW192~^I{pcVig-T+g9_IeHNB{X{3^w@tF0zy2SV)}z zemDQR#dBz&m4}ejJo^8kQAiye95}X_LONm7|9n$^K1@KXT}0`c$p1ql!8|cRxGG8a z!{1%d|3go`-J6GyARM#4;?MuFJKq|SF+d3Wh%GBq!7~0&Jq7f|CL+-4-tT7_`G097 zDh&1VaKs`Of#1I!^H>u(2=OiZ?>k3>M?-_4f0y>*ljwgL&Mti@kbavmf%8eByxfu7 zs>9P*ph|-zxOCK+{KoHYcl=*R3EFos>a{SWlDrU9MDff6Y_YcW zSHDD47HaLZ#kijWnTfEEom=<`8~@o9&!K#C3n!+Rt=!W9WlFH# zAS@Zo970W2?)dlme;dB3l^l%i5xy3CO5_xcvsWL2p3)i9*-~k+)U~4-H5vPF10~~zi1`WjxKr6_Iv0@| z_T+Ze`3fCqTep{~{y`)Do7BNh(Pw{J8P0#5@XuSyz=EIxr4_1bJ2fA#>q8(xtI((h z)R;)0DJ6{k>xCtwgNTU)TXEh)8E^4OCgy#h%S##z!;VkMla+$T_yA|ttd#V(k^Hk$ z&e_p4>YUiV{FbnQ688BbI>e17qaFV9?C)U*OrCTa&A_{6+G4q1rtb0PxUXrX5$ABx4Urr2l7Zhzz%muS&A$!A7XY2M{N=Qb_sguA(&9OLzPhz z8M!v68@CVs!qvjNi`B&@14zPtfe^AZB7YD4Ur)DLOnTnkcW@;@;2sUUf_u$uO*X;1 z3Oh|kRDa)T*Nh-(4~Bs^8-gJyy|D6h%^lz6<4p{e9`9kwd%j_?NfgO%|FWmQE=meP zz8MLI_&Yif3=xWBN&FwbNJ>VIwgq2hv`{%SZLyFEAH<>jp%8yKHh8q-?D>lA`I&2< z@6qMuevjHZ?c)ui2>b1y?ZKL1%J0I`i^d5%x&~syiVw&|aS@`XVq=&wHrQSK|3#ADOebnhs}D z%J#dT`?9|G@QbOVvwW~(LV1?@GquyP2KpbWVHPnoC@*7*+wH+u`{tmhPi?tW^3%z+ zd&M5fKet}e*rSd(-J|(k?hyN34#cF>sAHNX3wrUu+n5+Mt5fv0rdq?Xyx7uiv75u4 z6Cv=1Dt}@Q2`a`~0Vdi-0`+_85LK(jni?%+5(-y|c;j^!sktyz7~J=fHS6UNDEoR( z!8-dn>)R(`kwxXcFud65d^r(KHj_MgE3Lq`FZalW@$=TJ!bCky3gSwkIe~Lm*Qs2^ zmUGMIZnKYPpPQ#C_=pNdYY4bH3t3eyitpJ3G6kFMJGN>f*N~hC4I8bg_pBD%;@z$Y zio#awzi{+Nkub&e%V-LbD%O5s<92`1PGSARjy04TtmUvT4BPpzY#3U}YMaiXEI!h6 zYdsgXqv}7r4Wr=t6)35#`IJhp929Z6`5dbdY~P3MSd_E4JD1JFwZm z-^0P-k`!ajfY{`Gt;ZrC_#LZ~HPP#cszXJ!AW#hwkQ7Kypwa zy})9@M)AqTmPU1C;V!AR*rMAyQ}u{5=WKDJ*6ReHy-Go$Rh1XiYhU~I z)*tKaPTaIuOU|;L%pQK4b^fqT_QY*N8*=rU#zg(2m_i{ z2o-`$+y+o&^x!wJrO^*W0zv{WeStdcuC*>QBfs1!!RXMg%t|_73|!Yuvs+A(PNj~fKwj5$#9AlWEk~EQKAu>Hb`q_Q==gkonrRqB5uqc zJJPJBg?P6S2nLCejogOj=vK-_^zaa3)x9sczt$eU@(5Jw*eD;#uVEH{Qy1*uZ8lwO zeWr1p&T|Tf%z(Z4+BLc5aNI|e$eMG0S)*IJJKN!i*i(mxtlglxQfEG&>wYQ8Y{ZU`?Wu5tGMKqySypkBTd%@LvnxhT1Azje#rtdr4Yj;}` zpaK`k>QAv`LQhR`Y!;Mm$*MU{zU}}awbUWDvH5`QKyKuB9OF)@Qz{fY zD(z)2RYx}6LTBM)+Ln)@%n%V~bFE3i$Lg;zDg~BT8{&c)<=vUD9cL){fawF!aF@>-p5mnjmDIXj{pl(iBn*iX z!J6koyw=K>XC#r=BkyUSaL8#@jAC|?q)_y|8v^~{Tqn}#;n?+RYTs6++zuL_WuK^C z2g5*7NjCN4ycxkN7gxt?1}Nh(A+i<%(o6|1O`TfKT($JL?xptOT?{;P-upd|+9va^ zL|VN#aW+@e5;Z~oRf9m&j@9NO*KHUSI5F^DpPov1G;pidtE}ABC4a#YS7TxyXqqBL z^aFO+=q|-}()`sQsT&(gdCZ6MP}94AWVd3)3pM$kw@-M?z38pa%QTo%-*sMuJrEyv zp4mKiIU4i$nIkVqJUE!qpkg>mrVD)EXI^V|S3k+o9W|b<7ttkr@Hca zz}T-V9_<^mD7(<9H?5FqdHCw3hl0;P{rLlCXeb6%PGuBv;fD9C?zoLgCFk|oeS#s8 zHzhB+!AWa-Ii@l->PM52I3b#QQ0>=ueaH|cr~UQ?$_Q$=VzYvfM89z)nW5ko6)_CD z4WO|Wr{hb__IaMkWYdYKKs);0dl6cE*H z>gvCRU^CFF(tl2>DNxwHTJhfDHeC<9b~tjp>~CL0gL-C}@|b&&0N@uBIHb~(U-7sR-5W}^QDYaL`V;7h*h z-jCYC8`gIVtpKFv7j#AUh>xQ-T+)99D&pnAS8-kL)RxGYBPRf#Z*qhcdx?C$ zgQV3g3xUwWFgQ2kvF)-)y&Y>t+&840%o^}PFoG`J&ELH$Ga*7x2J`3ovc-ypCEDKN z=tS1cyG03=MCGu`M8Nw?M61p+Pz(Iq=foQ;!hr2^U@M+ampD^#$@a4s)BWL7`%&T_ zvD6BsWVk(d%Ti!}HtLlhMxJb0-5uP820Vg&&QM+w*owPR6io%KnVtEHg!$m}oBBv| z%kD{ zFNeuk`h??@OZ}?yL!Q~8@4+t7I?V}clR;->A~)W z6#_otE*?sy#(=nvD5*^sbL z`$}UXnaY@Jy7tbgAehMs+$qP zIJBar1rbFOiII^;ZV=bPGYv%X5D1r5d?WCbk(s=5$Xa!u#hS=}j@4b<1|vC;4XqR1 zbg;5Df^MB;gQEzQJE0*Zjx{>N^lI{OBkt~$#lB|~i@NE^pVqNL-g2l|6l&nXLOwE- zCc2fgji0cbM1md7mkL;|cZi_-rK&Mze<S6#FFK1f+vd_#J2)x|zv z({uEAqw8Lz9JM}TgBfO@*Zd&jbFcIo2vNFwvM3Rw90d6pJqX7Myvk>T`~@7*MbY)RZ5l_dA%5mnjkMzc(}Iu1jeG^>DKL*CiDMIj$yC->=7 zO|ic7#c^Yu-K9K-k9at@s_rzJGx1Z36A8C8u4I9GX%J?5{E;tINZoiV>US+8LUXNB zR@ASTez~|v25iR5ybtNH*uY8^%1A16xmuPI3fvh8b>@gzJH{o9#kS{9KC$hv?-LITuHFX#|DsUNvVzR6mnMU5xN=3MOm z$cFQVtHQ8k*6DQB@XwWLogYybBkBEJ%(f3fmy~7cyAh__mFLo*;%JWUcI3EC+&7WP zW?XvjXs(irls4dZ9thSOLR7k7rDDb{8Q<05YQLBF(=sm#y#s=!`__TikkX?fviw$C zSECp!Q5A!33F*0tRX-A&1K(&OMKc1)Xb(P@^XeS+heyX(BbCFcUrRHyDQvrA>LUn9 z!eGfAT{%3gS0k>1r#Kr= zSH)x&Yj+{I*uB0nWq#yEFd~!BqGe}uVY%I=lNO>wF!UW|9&fW98mOJa>3Cga#rZ@vqCd6K z`m+;fG$@@dn7fl%tN|uYgoIbBFfa@nS&&+NzHCGCoO-#Ffqsu@rCXF};RD2D@TYo? ztT12h0@={7BfT#h+6T+}* zCFKZaFOz=ypo>x|B+Kgq2}Ki7x;m6rO`eoWior^PoNilU8@d7WQ1B{YOu|HAI=Exe z#KZtrxY_Y9ip zaVr=5TwvCS#EVnS^VwsJS~`XdPwvj6!OQ$fVOU))ECx(tI)v;7_we%zc3*VVYjdWg}O2ZHxk;G-8 z4}$E!;AASKO65|?s)f%p=n7W0AEx*Pcrt0%2g#@N=VtUunu)cqXIV3pXf)Kxj8GvU zUOhAtlTRC2u$u}OjS3C?at#8P_#OqiAPo#SMWkVa?g)2 z`O+CG`S2-uC^xR#^HE{@{y??(8a!pHe8zL+yT0&TFW70U2>_pydPk8*-$qDVbeUK& z9p!xbnYIFztw3tn(N)LsjueSWuU$ydwVRFZx^!4KB=MMVKi%kd)K7xOjauqL-D+jWHB zW1#C}8OD{Ti$Y zdEFUd{552cKjXEk(WTWw;>Pl%0=str+KR;)edy7rwdPv~9RzwL7|+Fw0(+Pze-9nR z`_8NCtIcpOlhvx=ybPTELIJ47vU|j29o%v!4zJl@l{U%ugVv6Q_~f4B4?Qpa?u=ZE zLEh}rR)#5UsmRQ=EWaYaAh+ftpXCJ~G$4zqL}0EQspnTYSj$$nT3feS_IhDWR(~^@ zt$@~?#G(bvv|GTg;*2NsMcelkGI{04PoJDf>QR62YBU;i9A1MAtdaQUQ$O;@{0#ei zv0Pn=971f7^#`o897o?{$_yPph^XaO#Y|Kl@duMBufo%@A%|NMi?-_$yVZ&mI{dB& zU&MgtX`cEnZnc8 zl5$&)`O&!d?GNKAr1LAkFcv74;_6{zn~`QrleV6=xu>(wG+RHD`fBbGdo~5%po-Bd z;0Y|7sZ5`93uvn`^;x_AG! zj0YYqK-%Nwbw26pyF)NGCFJqG{7e&CvelJt0Yj1w>J*2!(9s9ZTq*ZmA@;z0?f(9O zecEYr>I?@PwXoNOy2M;f9gVVL`-ss&*Hmm>;LNKae|Fn;T7fCdE=QS~UW|3HhLBOj zPv}b}U!5hQ+C;0x0u`0>BVmb1j!op7wH*r;=7l2_KV>v@w#15T3oe__2R-*R8w8r= zsYMPWQIr!Zm$qXx$;SkIR*a~ke?msE83bKxf?cmt2)rDh>bNTv-Rmt>!cW;kIU}Xm z^Yn$qf)wC|NO7UYObU3l(_nj|i0qw{w@n95xB_?}=m%sGK7fHy zT1trusZ8F2+jp{_5c$GM_`E^ToEM1BE~4P_?v@iHgx+!byS8yV1Hu?;F9Bp86kXph zeSQc*f|Z0rvvoMI`+O&CVR^2DV`ld_tcrQ?JpIxm1Bw4f(d!F-`|f^wP$ig$1{$z{ zh;D(%$Ho6fS}-YsQoBb}yE|Fg`BHEb8dSvUrv~gIr`{$Eh}>=?OW^;c?Ak;O+DQ3e z`_+6k3nkyh3$pQR0OMz%{p(_l?^La zoZR6;eus_oOn4j_WF8Cz0&1EFwPe=r#~~=_A9qtj0XY^sexKxl9hilL$9;}aXgj$% zNK*<}~*kN(LlK3cJ@;zifn zGm(7duQOY5a%}4r_sVgC7ogE0uwAUo)7TO=*NX^x!7w0oiyjCL<`&olf`fqTkRzS)j4(JQm-F%6gz^owho)daTBD1j$(PiN^^iCuRkF|afHVs_ zg7A;aiWC>5fvrTEMZZ3pRg?xj!*=Fer#4jK{Sgr}AX@C0VyZ`oL_7#m+=(-AWZ0kXLD%!7Ngd&E&6zJ)-v!TJ`EjS;~;oEJXo| z>SQptXXUfGUC7tHQWe2ps?zwa@PQDJM;L{ORdHE}2Kv}DbbQ50v2p!*uEfbKjae-C z6Zfz1>P&7L(5&pX{wZ0$3Khg`4+%2Cv4)>KW%Lf5PWV2dWFlp}(jKEui|`!0%T|Bw zxU`Q@Hf%nz@Ipipm1EK^7--IfJorfL5aZ=rkp&uQ8f`pN??jbl*naZ(AXFzu0HyI9 z&I``ib>(Om)oe@dfV?6nn9LqX@jAJ}Vh!EEciy}EYkpKKfQ3s_z%p?;`9w}kS!xG+ses>0H&!mCGaHywCa3Tz& z?D|#h_d<-?7ei+DmD5#0UP@0YOI&Rh3K!Grb4HYK|HYothYdh#PDs&W?P;sQ-*oiS z4SVMx&}3SjH;haP$Cl~Va;A@Jf}Xk;yK+rfl1sFNJd(tByQgiD#n6rqZ`}6S?U%M% z9)nJ;l;_EETgSzLR;?o!(c>;*djdT?N5$vQm4|m}&EGh5A75a_YJ4sI6LF{YFl@C8 z9iI=wL<5#jU~fM3+LM{(K$(jwwAD((K>#V^3ANW1Q~ZU@vkenfN47cRxs&S3yYvMD zaP0j@pY=+Qhaf>hSn$9;SP|HkyT<*2s~NH`801&Md`Y1th&c#+KjW@dT*^UiVL6{{ojl(LBVqUt zAt*CcNwe*Fw;blNudgMe+~vQWu%b3V&y z=`M2KWH}Hfb_xTT9q>iWat(oRJ{`)U>t0p7CgY;)+ zX(Y2;%TOdeC|q#_1wD8CTFe-U+}i$;F(sv2G$S(xh9XHpEN;JG z$@fzZF9GIJN~>_2s!46TYk{VtZu_WGvRO)(8vm%Ils zXItD&k@{=y)a}Q2x0=aZ_Dfm~H7-Td?~YUu$Zxa!QpYcay0&gp%%U}%SH}X)H4}}m zF~2mt4#6+C+(whZ#o7&SM?!wNj&Vg|-mDy;NjmikZ?2F<1Xc$Om8^ng>VB=9Da{!- zt)lL5cu;UQP#Vlj5%RFxjgQM?vN70YofqqXAap&NvLm4#LaB=|NgN^^VrXe<4 z_r9+>TEb?z+9FB|(;NZ`Sr$!r-UpvtVQTtt zaWmdeCDWkiLsv9*GMBo1;jc|Y)m$NEj)^tN47UKT(q{g#N`gAmQc0}5-`Oli$X69O zbR-3JcP@R3`I6n-3mW~Z62Y zk?9}%Bk~)}W2B;!pm6a!EfU6@m1LIUcdUt(5V)+D#GNRQTR!iig2TL{98B$3-JZ9k zKM?1bo{5GC8OYb&Kf*imthWzufwd*3t$9EcrNR^qdkR4_iSpNM6=GE2_{p!VGm8~XxzC-#c#v+2y`4fw<2dYQeWC1L^p<|xG~ zDWB_uDOJ~YO=r`028u0YRulMZn#p!<)!~>f$$B2!JIZ5Z-KeSIb^YT4ygG)5m%&^NA z2aa`^Pp3Y6HaF-W3FjaQMWEQ-Er?Adq$sY{d(5)dWLF)2meJhtvL>mm%gH4B46o08 z=bvo|yFkL+7^LZ~1b2dF{dj&NMnkPDvr{;mxwP7zx} z(62J6^gf0>oYRU(rE}DVy=gjHt*AF#XsM_t@A4~tt@0PFwj(4|*jLdS@<`HJte3G zw+{~i*iJg{)0aHA%VpKskkCj!SK-n!-iVM-u8htqRjhKbk_9FC$zUcFDUCi%iVfVYYx8e(JwcD?qWt3Ipy&EY!a1n=;V({wPILS(JiE zo`ocHC2E>Xb`MbK%0&*)Zaz4y>t|GForMXhP`J~4F*kUUq|cR#2Vo_)jaDZJI7-r7 zBTw(Uz7ukv3}3O9=oDt-?;t_q{kY%vYzz)p5od2e;|{bWDy+XgeyvD>CHZjoehC`$ zW8-4wu8~*u+z5i_gddnc8FH9Z+quXyxL8;*`>YXv`6UM6L;}EOnH2jhb!%l`2@@6a zytllB%6_r8vllCWVJ$j$Ajvk6^ASRK3~8^Iol97+mhx#P|Nq$g%BVQItV`Sp1PN}z zwQzzH5`sGfcXxt21OfyN!8N$MOF>~FxVsb*f@_e%VV=Bi_jIr6Z~o1%S^ba2ty=ZS zz2}~@&%S%RUSMJ#JIxTzxj0vEv%m0o(p6u$2)JNWo8-(vn8Fx^Lx-;x!&O{GxMINC zC1TSl`pk9@5fg0_EM&{a!gs}bgfA?AroLwptAV6`@99k-P4P;(7X{`iCn$Z(GZWpC zEWtFI0c(}>o?S*dEA{VRiAgRUv`=(+Mqu1r?K7%d{_&YYT_atBzsheNRA`N(QOfj_ z>K9;H#i@$6h)qz4mt^O(^ftorH8&wiM6xH=S`L*~g&Xh23XOBrJkT7Izg-vEC|uI> z0zcMv@L!_-eukqOcQ52-U?&}ftp0=?k|f6OH>OjQnxpo%!l+55gQ^sCHqMUl^&=b) z4&}QG>JkY!=%#Y&a>zorzlC(rM`v5z`gomB>2pY_1}qyOeepM2p}VVfxi6z;QW&3d zx)7MP!a63;Tzm=){Ki?%jRNmNL|Z89NS^55*BEG>_*yKSU@|9pd|X5Mc`((OVaqiF zd!3&4i|ECnNLT)wx*jachg0ThF82+&o&dW<*4*ePuE5Q)hs-8#-AaTytb#O>>q_dG zxJaAZgtUW!25RG%K<0=aQ)A;aK8HyJDjh*(l410_&Fz&$((|S5>N)W5y3`uT1j~5-r@Hsm43Pby4)9oAz%k|&TGG1$#&=8b!WS6-KDQmQZIN>i8;|Z6GL5t zTyqgWq5E~6)e6;emN&0_MFj`}2@ObG37KS0#|ULOOmK$d$)RM;CJ+GzcuT%2Ppw#} zA3H0G4pLtnpIiP26#`ai#*Lr@!AA}00)f{X@n9L*S)gAr}L+IM`<2A}gM|8)pLjuW# zXY;&?k}7c5H9+8(@U$V%MN8^?a-g!qQPt@S_ z&g9C(yxmWOT8Ew1hm_%L$g&?Uvq1hwWTU~ENw%QdarE`po|qgViK?(IL()yr8*V2H&lVv zB3>fGqjXlQ?{G|PB&=~VAFb48F})VK{V46|CLNS!%XIE%hk!- zecJ_S^SSyf^g2`Befpwv_s%5JzvI~y^VjsxTP;s!t~=VLk~idZ$%e{-J;L@s5BrAB z^6jE-2|^AGL~%|qpkCh?su}}HoBYc)Y4t+qduB6smxr~Iq;(%ywk{lhspHoCX^1~I zPEP1(c6!^<{|NfRu@r9U^|DLyQq1^Rxd=*&3sf=p6#%f78DsOo zqpXp{g?T)uL`p3s=DxDQGhU)z(vP)K28v5_s#C$mcK>1@bna&4)`ZPV`%eT6nz6ZX z(+96(P&M(U)G9xsxO6P>m44_DQlcwlM6mync{8N4sGD4TQq-R+8|3|xSu`o!;uIgD zd)v`X2Fe5!JczN1OKvJ)$E6&~a+5Ze;ODd}G$PEaHRN(5Lycs{@hGr8*-N{5m9S-M zdkHM^706)q1)2YN8Nv%0LNBIk|<;FUJ*=K{L$+pO@GFM^-zga@2{ zO}C)<{<<19)VLZxgo3s=c*c6Vo!LlP2KBaIS+2TT{L;Fd+U%=tINaj<27N+4wD3zW z0VgY-Tf>K0pHs;Y#&j@~QGS(N=?@7EY9<8ic9m^54Sk2><44X}dl{3r{h?qc?XvbW zo#_yaF1_;ogy(cncgx*6fMWHASfq=tYdu%9*@m?d<6eZ(kJO{;g8z0}!OVVqFYL6A zH|hJw)K*lVhs{>iN<;k1iU22LalX_TF{Ovn16^T+5e?DXzvDi~L#y3MfbBTM4(+;J z`$6W?=j;Xt;dvGuV#Jq8JQFXRc+7V&Vr(wMOzp(a>=*$SC)1#9_D!X{-I@GGJB$J# zW0Ak*J!F4>PbJ|sWQ1^dCH|8_trs%o zJwW#!=*_x@!^DT=!DnuymW6nsnsT&iB(L*y9>zG^w)WYz;>KB(2RiVIa$>*xWH@35P=zT?Iqp0F&A(IlT21%AI zY`Omtfa{a$IgL2-og5U^?>&LWixfwR_=UU#+fCx=V(@crY&QbHv>|@L%Fm%OhJB;{ zc14i!O5|s}(u1q#=&srCEqvSlJds=48LWe3jvCG6-FIo?NU6*lVeov>SEF__yd}-T zW3>IT>YH;WNa@KuS5zX=?<;hQ2SRCmn*<5CJ(l%$_IzKQn`DZ+EKu{c(ZWL98oj4G zRcImU%YRRNg<_vx-%6KO?rmik;TWHRtjNg~riHr!BZLtHC_WQ>*g@8!ll#%Sj|UNT z!5IO2p@t-}388x#iAoPvz|$M41`{!YOsG(kI|*ms$~$E{LR`o}gNGtp&`K!xm;#vh z0GH`U4!JAQ65IZ&vig=l+sZ(jsCm`)rlVkZ|;F0*y{N9VvvDp;P1*c*1Xl zwpIx54e|I`E^V!h1gN&ZvI`upNLMp#svg<3Xjznpqy#>B12kH>eTsp3e%*&{2Q=F8 zkgmXuJ|g|9?0yl_>ZTS6m{KC+ud6(r>6x~V5S*4n8A~rI>K*_iOkdBSBM#uZ?@q40 z`k_YoPE6xDCBroY&se5fVjm7cw14;YyWJlR!g(kMsr$9YXq;H*u{0ykQ9bSJE?IiG z)j!Z8Er>|`OhgboQ-A+_#2|+h@@8$%Zu!p9N34~$OQZXTcmdkcYO@hDpmHI{*<(+f z8lz?RX4D?n@Si_V(k)s}aKIGYw4 z#S*&HofUVy>JAO4sW$Ip8w4DjZJ;mS?u}>0zQ|H1%&B|5>-!?cnu+wa&xYTu?TkL( ztBv2y&f5gi={!J^x5GGtlo~)Xv1fVBo*QX=l5eFL#OE}h#%UZ{d|+UPjQle3GcgUp zd|2#5I3$lhYfWwMi);cNLy7mHhOLkP0psx((+Zemdd+)Z8-31GR1`R_-gdF}!eFSTc=#_N5{-~p8v6SMk|G>xfBhOyCQYdVSz1cyOWX+zii7R)O4b62g&}z*4 zU9H*gh%};zpkNfPJ(@w3L@7lmW_W7Ab3g-jL+`MQ3tBU1DScry1Z5p7jh~SKWKWIJpqDjuXUvG!a0j(WWk}QX7?7a z&6au&b6l=U&_}Oe4D64SL?-%9*oreI0o6^4t@&&$6oT$yvK1Y2*eGg;^cg>D8_6Fi z%6P65Kejk&bOe*4trNoF?Wc3X45j=ZVRuw=-YD4(42PkxvKVyn0pU0=?>ej8Iw{Oo z4j|wR#9y6Vpaxy@u6*Tl7poNL#=q|o(RqTnI+U_ih4%Ipf;}fs@!AJ7zPJfG;wEgq zn^5lQx-%Q+Ikr?Rp$6_AEd+&Pa^wC}&fqrGTrv_%j3`~>`{{f`llPoJDgfHOk+KHS zUG|;f(2)#qf5J7c0&2bA5_m=O3A!;DmLHY<4QkVCDe=M@_u#__3PkUou>_`Z94#+6 z$cfjqL*Dk;+L9=okBt8^&}893DIUeQ$YrIt(=&}WIc z&K)tum88gNl@_Y?h>EI9E2k=)RtNud>~BkYR?T_QCK+Q9i)SZl=*F2?p>Kcxi!4r!zNzWgVL(CT-Vr^gdtQ!_;NZg0e#eHF_(h zYV92{(~b_FamjKKhyLqk$F)MYQbWyerYib-UIRme-mC(+pSjtp^-8048~ipsghpw_ z=GctlxeFBwwXSYl7sDLvYXViDTYI*uV?#`CT+Lk<1LnJF8xAI(E0M$~V=rtD^Uj7} z5s7r=?AtHr6v?r>GfPJ0tVidDE^CQAYNgZ_Ih29WLZ3TI?85Ba(H8Bxf9mVZ#>E6{KYi6L< zIU)1rcGDo>n)VZ%D}7hag`n$kyXoCL_W=%a9El2@+wN)XwXYTrnw zEt`_&cXbTX^8M@%RVB?$mq9m+}#@#HQ)@zY{UB?8cl2#0*VD` zLWZrlZ|G`BKW0v!OZ;6$+Mn~oqW3A@Ev%cY1$FFIzz3t^_+ve;%MRK?Ia2S?EJW=P zM#wdZXhnKNpd9NDXoR31x(3g~)#3ajn40@(Byv6BM~mi;W^dxg=X;xT=_V8Ou z%T>8^B*QVz1+LTjj`+)k10%wp8`;PD_2+OvFvonsdhXmfFIU6dWSRB^+xx5()cxh) z+*=-9j)8clU`VZ{XA}XEcb_|4S@b3 zS+>!hbTA7>z8^GHOn#fT`1Bq2LT1zNVi#0+8Z61mP%KFELn&JsCzbr1o>YTfxztE; zyP=GsniJn0G-JikTBsFvYc~|UWuN#Y@%%H%R6&7u1@Xhin1Q>!7Zr;kwLnMO9d<{A z9|i*D^Ej)6bERu9+kC-F>+?SQ@Wl>0q+2oLde*cpKpN^byvl&|xW zW>&CkF9nJTHTFdg9V&yAJ|na@)JkDxoGwVi&R9Z*1pR z{mbBERo!buUlJo=EoYSCyn0q(xcl6CqCA>cv3>WT#y59db?R^T6sHkfVo39A0q3MXZmP7W1ZgV zl_r0^WV9A2^qYx)2~Ora$?&Nd%$pNHxBhGbl8Yb*dqIxV4%ZtjLbw+`Qd6+d0*S(1X?{H!WNGH zih!vvioive0^1a~t!pdk6MEuTZnXrruBZx~Wu;G)6p8R^DrOPxBi-~8v6lyn(ASox z8A=LD>wXNs;052aXKqrjtvokon!dOV0Tf<{@X6`Ur(cN!{D#wvCAVWGUmS7_`DGuc zxM}a}n@4|A-b2Kt?{7)Qn6bVq^4Q_V6_$VcYAG|=`%q2$XW57V;KCJ4dvVS&;zmR_ zZ=7k-Ll>tI6T#PP#ngiP&cxFFLz`zf(xNONHLTI+VknD#E8kqcGKd~FGgt3!9ud1B~@?aT(G zB=Z24bD0aw(XefVs zn8n#3=zxlaF}2JrQIFz4z{%ogV2Kb;sui9wwR1+(o{Y3|rban!OdV^vtKzwyo9Tv6 z??6V$8{k0IQHkE9%_sj&U1^p}qD`@_)pfTrwszF$jEhjUN)r?`xoC|DG}x_HsMqyQ z1YED>#~Gk;Zb8Z6N21F3o=H8@7@vBB0v>=Pjwc}$>AoPk%z3!h2HW#zjCE*`Mr2nD zz(m}Ju~_C<*d_A_;jwr|i+J(34Zd;E`hJXFL;M%~u&cSCo^oE+hIRZfI4*vZ_rxC@ z4Car0L&~;N;pC4S&`wUNCj&M-?=DIW^M#V+gxLi;@4FGh?H5{80FvKW=BPu6wMMQN zjU-FSC+hV-iB{!)(2yS4Xl-5wI?x--IYD&vV5}FV#@#@x>3qBra2Is>M0qwG_!i?j zFy;?E*dTUg+evyr=89RC1zYsD%-M9o}!W; zAP6mh=8sHHG~gj%pk4TRov%+KX)hRdJoWpZGbb2PD<2}1iuh;q+Q0r~YA#<;WZ3Ev zBMm1~U1bu7Z~{Bp`#BqS0M^TfZvalZY4W~X9ZqLXuno#KYj=Ly&{x{{;jy~%bhw5O z9~Ru;{i^6IFnJZFy|S}Usk@vzn(f!5uy5hwSqbs^yGXv%4mdcVEv1veWIFkJ$?Xw{ zm9lxqYF{nf?dsqgU(@V%?auiIwT+!p0B1#Bo1rq>l9G*NcL(S%)|vmXW#NU->AX9$ zDUR;(0QhNn?TGFqtNRYPY8|N0RMi4Ar+>*Nl}CyvAQu&e2UZ_M>c$76f<*NEo$|efhF8%z?a2T_X|ewhw=dEo4jkOm)1DC`-akEP z4xy;2_?l#48_MZZ1Armx{^iR?QgUrq^6NfA6x zS}ngYWHZj)4}<`or-KX`_Le$$USsav3<+t2gQAP0zp~UhZubPBYIMN_aMjEqa zAC6aC4m7nG^s>t4Y^eKVA1K`dOVx{$@3(INe;V^A=t_IUueSTMpo6Eg1E;BcEhn8; zpUUygzQ`9}AstlloBdygp`uhxU)Uc!zUjOC?t{T@V=@Zd!-Wrznhh!08mp^KoKCo4 zml=&s%|;~GnY=Bvu^mVEp8GS*-T?#U+#Wy8t-d~#x(6KQesj?SCO>E<2y-#)68 zYH!$PUj{?b-&0+k;eCKml^Qt=C%Q zCrI+xEsV}D?7SN{W3$r35mc@Tf(lq^#RMat$#+WoF3!L5xu^5?n83aBYIC!(xaqlp!P0oF4g=P1oKx>F=Z!ql z?mF303|U0m+>>AqdN(4)RXqN4fUNf6xy#uvX0U7&L(CSi%Rw`SS8j~tpWs8b=GOww zb-s!D`|P>d>9yvY`3`0>CyblruJRlw^(&^oe8{GXv)g zxb$~i4S$hOM)uX7DpF)^bur|)Is5hX-Q|H?LfGY2ygUbb8$_(eWZKfZWjvt{dJp{# zYIWI8oJSD{0glLLfdi}a;@KzZo2RSN*$Y=--@-GC;Q?Bli#QCeJIJ@Os};tm6poaP z48E^B-wrodzpu_+ee$^nOfTYT-uR?(`+WKZd8u{pV|9MLyB1G+NxHn_^SkxYCE>Sg z3UDSjMKPmUX8Ikr`9!^PpZLXhz&houfkdsv7#=X%e0%S*^TSE{%aWOx)vBMB>b-K~ zk-L#+seY~GJ@-!7-IW3r73^4V>$4V&jNFK=L=ueevI{#VxGdKslm5oS%> zS>@AjQARWaF#=&&iEWKl%BQ;5W(De%d3oyP;p zQ+R<-BMbNL9wWUk%pRRG%I)sY54@@K6>(Mf8t7<`@oOpR$!?! zky%si+rd=}H08<6CvZ77YijtOVrmWKIoS!$asv0=XSI($iaLvLZ#|r>D(5UieMMP} zK-x@6EQu+~tAWB3EO>)!;?S>Jm>!Ho!X9mW{ zd)~6sZG43azhAoCf0w=SJ5yLZxdJB`({>^&U+n&D{scy&c7~vzE|RW#Hhho0Te>7G zbSQ4=Orh#LFVffBOAjiSb`isMmS)3ZaaQF;G44!FxRZWg6`v6JMA7h*`9?y>HU2XG z1}}r%pe@mFiB3EvU~tB$%B(+D_T#D?mB9S(Wo);4DEBO+>n!eD$JylV4%FzSP(t|WZ;tv<=ZrceS;#>XuIR+E%FnmRzIFvUxRyy^L zA%}p{zMqLOo1mgZI>?E#RHdrIeC&`+rM3C)pn5a!ZWe#-UTYhZ7?(o)gCxJ>(#r#W z$3*d`YjwbmWeo@)B2JywyF_!@O%BZ_3y=rYf;jY-QH1PlTHB+n8~4v_7Qi;c?-%c< zmA8p4c{bd|%rg8ww%%Ru9chb-`Cc70pOjWEdkhq&@#yUsGr~Pq3oiIqcS?7|GUA6X zABq`8^hSME0xgG9RWVXAsYyQ{oCNR^VUNGB)&rs9P{#L!Vl1s?7!%pGx5t7k$C9P9 z{eC=FW(wLU46MmNkTrYlVf>MArFZ(a0_=9PZ=X1X+^3@u5BTllH0|bO`OmMkL+r7U zd)aSWOS<=9S;AX5=gsvwH*6dlH9^=A-WqgGUcYIT-wP+5!BuxF}$ zhOiS3mtFZp(f=Ki|IqyYS983N814;^ftTJp3%H_ilaVSYxBJOz$*Y%&igxi$3`{xy zkh7B*!nBsr20C=E-CH?W{_dYwR5sfZtC7aN#*lf5D`rbtZTkGC8e$(t!oKgct8uBp zKfzUWU(OboF2=j;U)Yd{x;GuJfW`B)0OR`SWMnjdRPr)uKbBy3DW%RC`70dcy(yv} zYGq5wI1WZsj7pE{ZE+z}5|!7gq8ziW2>F-PUQv+8!$|-U^mp)wR>YdN+3F;gt>J~^ zHZw>n>$1lYdXvt;7LqYdgf{%gRDyM3y9+A*qtd*}pUkrOpO@eijDGk4`kFa=7|vBF z%+t>^ZWGyP=tooK1~uL8sWAQ_(MM+>(XSxvbCH_Jrph*1^-*?>NAE4TYi+w{cZkn! zD;sb*t}B#J9yU^ktvL&8{Pt{dish4I*<$5IQ?dbNiNO~rcP?Zx8~*qiWknmft26Ec|gcz4N?Ex zLlDu&lE2h7$ujtd3@E9X4HevA(*JypeN#O(uP=!*GZI#MZBznK;fkp7;_h0ryTf`~G}9P#p~z^(zm|w5|;(3wsWWKhcSy-u3NGrPqEhlkuJo zjs`?lfuEMBK>KbEx4r)8a#n!d{en{LrH?Q(yV|NYeRKj)0Z|5l;{M3>Li zsf!RfcjE3HssLrpb7h_LWz|K8fJf6G+}E>6rnl;*!RuC+b0)=FG`p%oQ zA>N0g|4^|6t|D^{VMhwiBY^6qA;q6-`rmKp@4teG;1M`M{}+MGOF)cIHSqKQD3JNz zFaG!8{CDR3|GzrEA=YI1!lWOf3WEPLdcYwN0jin{p}vRSTmL!Qg-o+92nVK4^!oar zgK!93tbiD9eRymn?f)5+fEe|O78s1hJNS=)1&n>K0Q5LVD1})5+L!*1FXP4ngMi`2 zzmkuCeE_!}ShHNdyCtvwhe#;#3K;w=-TKdql^6kpJo^rF^MC&57#zX|p!ge_|6S;R z8vE}}{`XD(ce?(+T$5Z(&bJpNvIz|Cd3-olS#LeNLjGQO--Cdak3~*b_HRPq5^Bi& zPRq>oM1CMqp+-fw>1J^X+Dp6lNqNZCa&DrOZ~scXsFRV=x=e3&RXzW>Ui?Fc_a131 z^JW>vXn5YS=8MQ=e$*N%#M8*@juxCFxrfJ(CZ8pgbb_(+=C9AMi{Mhj3FAC_34;GO z8DGNdo$NsKsl%JPfZ-;uIA_4`H^=;I@Kjy^d+Tmq)X(M}l)nSfPDq#c^PoM{hsQV4 z=6A;(E~f*avpcH5rNI6XW%e{4%Q%In$Kf>E41$3a>8chHRI0pLG>X86>qwH6O|W}~u})q=lcsPih?cQ?2q`1yFv1M|xt?EI&4L#mS!752Yh zs+H<9lf}_n=*|6QitzU%pk4wjFYj`D`-e^fe;6Qn?5E7Yv8jh)O?8-M#D(k#-|aB| zeet!_xC!tJzwsG=feXv+uibA)NR-C_F}5a}1$V;XL3$#iLmMOe=zk@iU9EW99VYb( z4=%5Rihr!C3bGF76*!7AM z>~qZO5-Qp%QFHt0uKjD3Cjg^P8?57iz313cBEOxgj>Ss2XlDz#%P}b2NSV<%tao#{fIzS+afHR<`RW&0+ z!j*~a+Mt#GwQv&nIkrEG)oQH3ey9!YEgddUUwe4p`<;!v4S9K0uH<0p#uf)^{x#;U zv(h;Xs>eAIcGHGYMBg?0Ux`hE>NXPp6oE?uPE1Sm+^zDnLfF3+YS-|g4%-T81u`3w zYHj8p_C9E7wO&k(L{w$Zpw2t3&{Ybrmv@4zHscZHi;;AO#d@pr8UcPq1!}&l3`Gc23uewfI4yyzOH&YK-=-JgkQ^} z3QVkA_8j2AN3a@BR>aVEF9Z-j(n0r|tw(V5(%rPx=vU-5e-JX}uM|g5HzC%`70c-N zRXPA{a+oOoc&&bBl%xzC#bNpb%P*Y426s?~68Cs4?mwG&bkwUcdqn=pm|7%iUZ2u> z>tF?Et0-FK&7Tku70WYvyY!9i`1EM?;335`I5&+|--(^KE2Q%qlxb8kQDOVj8W+a< zj1fCC?s(Enlh5z=_}>Ch(8cKQ?vjYJgHHBDNs5;baaCIR zk>=RX@%A3K{qEj$k+>j;h993)>FK7=sSXNLY6Fl2SnTF(`>Q}WR-&m?R11-B8wHzl z+XO;QXjDL)qo}XWumxsk9V6d2<9xSG3b4nZYlvY}qi;<=l%GIuugs@$wfQNC*Jj$V z!D1tEGMnDIQowOa!~3$*QvvhGnxA2Mld1h|Md^iqgI1SwpVbz%rzEoR8pzPp&nW&# z*pq&tmp(=Rr6+Xt^)WA%7wM3cD*!gWx0x?3&wS-Q6*f<5%4ju-A0)8qZS*dd1Z0H} zt?uf+I5l-L8D6Ln@l#A0?0X_+x10gpaBdYb+|oRDcr8c7N;j{Gb@I|BII;%rqdCE=jGg%iz;*o_55uOsa+87R<4irb`wup- zIQA{?X?`ZzA82knu=6cMuZ^W3vT3SJt3FbLMQ^CecX!9ge5*~-W&LzKuNiPNcbvvk z&c6Z^Up_nU;~qQJM>g)>$Isax zY_s0lZ=8b23oIkM^?9BrxUWq%)Hfao$So@w*e9*}Zf+4AiS54fYCK*9fAJH1A|tst zRG(^4MYL*$?Yue%Pd(jq{~pF5Vxw+#*-8Y!_CY`y_vmbSsWF+6(wiwDt6)Wj4NkAt zw$ZJv9E|POKyRC-Mo;HirSEcjYN7*n48cygXl)k>RNE)rYa{isxh|whec{lNwgSH( ziX&pLm$LWRsHq=;*GHFhBMk8#R?eeIdExLNmrp>wKNPt-G#`^AE#&1w4$5z;d;F2qG}i62jTm19c?()8s21QV7j>rq zKDsn;u5@Fg<0V*K0RkK26XQQ313rhdxR+@rm(3?OmhWksta0c(=bf3Vsc>mk;~$Yr zU}*H~v~L{IYj`!IzJT*|OtJJiHZ)GZ5523ZTun#Ji@b zv>O$ebJWfztOcK%BILUWD|T2e)LCAp)0<;EJIdTM^dOvFe)k4$yU%CvjL^lmnbIW` zz0p#c1XOBZ)=2TnO@_3|nsy19%eSfGY|z)KUx0m%t2eCuF*%x8bc`}P+!q$dL9xtu zqm7K&)ga&4B)4qSroW%+P1SK;bkuYx@(~4aymsJ*|B_tbhUo$OswR%wejOQ2E-d!A z7Y~^HFdX~jlrpPV@P8&<-Xl7TpT(lLvN?lSJR+ zXfp7acL%8bq71ubMgrWg+0vGI9`{iC+U1VJa~Nng9l~W8DP`bJ4O^jZE7ic+Pj9nN zP5IT>*g*42MWzLgJ!d(tuf+XVn~E%wUQ~i1Vc#RC`6ejN=$isuMEKXDGv@N=^F1nF zJ2;eWveVJSVHS_!Tm(pNk3B6J!e^UFDq!yqe>R(8 z)5;^oOlSDtNT?CKC}S$GFQj6vZuIIS=SdQqnu_jBb<(f#K~7Jq>2hR@E~N}i6Q@9- zAAa2r@}w&&iY&>@d*`H$nyF3ChE3YutU|>cqxG{1A3O4M3&T>LlAeE~@qGu`tDk;nkJH|(~ zd5cOvn9@Jc6UmQ{HK$Inxto@UK4_~U)Xdt=53*;S)ZM|J&Ypli@WA`&;8Nqqa=cFn zN*0j2N9nZtJ}loWpkuw+Pd&x?GceoFGNsvOQ9qK9+1@D}2*%MA)0QJmA=-AH%+My6 zJ`A;ftb*#~ufV>p?Y~NV3#nYr#{q0FZ7q^&@rwt5e)SNGSpvVJF0)=+K^8^ThY%l+ zj)ME*i2Fu?nS}VhsKJ(Tv8IdwZqvky<(f$)$sD7)OJYCkiuaWUpkk%$c*&b{`C`~n zfn(*t(Jg6gG^zNcht@1tP9z}*+fqkkIms1s{@y#>l3n|ZbBGT0=4gwiko9fun{fK5 zv{3Hiy%+B{+sdZeyw!#0G;{G2RB{T2)+!jp`R`UB}7rW=&aeo)Zkll_X7H?Ya z<@^?^-)WA5G=ryKFS;6fq-nGjweQwmfs6vdD%+szF_d?A&&cEIEOBol35S+9%MtVM zh_YtgCOQEz(#{oEM|6f*V$~8U^~x% zHFP;F6T06x+LcmVAlrM(eck#f<~}VfgumxY^(?`HRcjdV=Np~I(q%U3#*cEo(?VH9vKh`=EXzJf}fMV zStp~R9fZeLJ}_%kR2wdtd?z}xU|jUWK9PqE-a~8#Uld8oxPpqi-SYdXmd6-)Fum_h z?6w%Ek68Im<1NMc#y9BJ7$we9xHx}@)CE|(22VCChL_y_hnsP3}K{coMK@o8#%Ju({kpF89j$ef@aCyY@zVqa_5 zgpw*HR;o=0EKxWlSoQR~|ddj!EIi zo%1MEWQv&d4nAZh))INSCF*WiOj)_+7uT|5FSD~#^!;kF{I+FFjhdUrT|BMJ`tP%z z{Ou9ao(z|l`aVDr5OnSinFg{_*1Yt@NFQ6Vbs1ytXRO%$#rgRRv>V+z%cCxKU(8Pp zS<$=pcNoqqHOp4tf$u8t_U@KMYo6pmBCIj{vzLq2tCO{rq`Y4;bS{rMn&roR!8aB8 zC%~3p0i{PI#P+`MFF29*oV@x1`Ev0Ycvks4M~%U0CxC)3sDI+q8AQk~Y|nf9h&--H@Ry9HRMYJ&Z)*L)?r#YTKm zQn#U$*nVMAKMWU6E8uP1C$=9}nEctlo*f?NB6x z^SfUh$mylsQ+ay=`5iePY6@DLT&Y&=%(gp8a6Qj>A z6V(Qzsfrj;2UUB30y0Iqm)OBZwapxzj67j&cwHj$lUNUy1$QPBjZv)b#5J?;80-wv&! zpLYUUK54kWZI^GQ1U?{eQV=N^9S~YdoIh)B`g*TrXrs5&ez(yN<113mHk?X*|8c2q zZ`)EpHc5_f>-1~3#r6v5h{zwB5=KGl(=r@Y-NC#xq!9J^dmbL@nzq*<;IwF)(Qk_> zkTu8|BDkpc$|_754KUaI$Q^LTOJ?l`&QItFb`Jfp*l6{Iq|+vtg3j=2`DD`2#V+H0 z)8n~f6o&&v!A9;2Y;?XBFpH7lG9BPd{bYmt6G>}HtrRfWjh`jnl{i)}8gHmJKx`7j z5w}Kl^K5cOHC}RX+&fG15Mk^1`ITp9>nyLlFQK!s{>%4(ruN1JiZ}9=ZYxZlldmV; zo!!`}+HcDAwJvq9dc~Sq=PK+_zt1NJzd;e9cuGyVy5u@9%mWBnFfSW<1qZG|1GKEX zPD~uJRV@g=0oLV}`Mnj@-N<%X<=6#F3M8=JtNX@Cs^I&ACT#M9MvCbn0+#e2(MRsdv$VS7I&Sp|whG z3x-p^zQ@-KSAo|qa1XfZH96Y`Q!UuOI-$8rayeRBXuLz@x1YOOwF}9{(Xc38t7zQy zRqA({=7Rq1UfGT8rT`^cyQ90t*#0Vg0)fVQXY9&Z-E=zVFRp0kw^oJ@ zdn4gP{OrL|pVI@D&#$Uj*ovlSSpsVN-J+ME_kN;&nsCYtXYTuF_$_SI!=rmmF{FX%i6*=tseSXpZ4I%;sMCy$= z#hg^Q=j7r(Uj;3ktNaJyLge_(dtEYT>o?EXmBv54+`fA43yDtST!djvU_Sa(9a8INbjXU`CDR^ywMHrzJTF$Pv>Sq&YeSqhg#^?F%V*lLyKJOP`+TOo}-H?Hv$gAKS z>6_UgteDal?z6HfLNKWe*uuu}eVJZ(qa zF5w;am%vvu#Kx|jx4M*G7wAAyqd>~v8WmRKxwa<%zQWMVYA-|FRqj5z;23bFp1cZe ziXC>@3)HfK-pLI)VEgRz#+DCbDqkgR3-FySu0SmuM~bO#uq00E^8i+9hfPo!duhXE zoO(N?`tspwH(`8XGY?wOxSSWJy~L*($k=qWV6#?@lNL7=2={1(@{EfS{sa5*g@4`& zk!PAsQ{eU5T4`~%7cXSE%mXyLGsErrlel&2Q`&Lf3E`1YB|CDtR{6`53|9R|DXQt( z$w#h(0NXaYWC2DL-OMYM8jiTHb2{K4+XGdKVa2G&2XHOylHX6S(74yIz9`X@ivEEyeIoWR+DcqY7p4;`C1uy*egx%{KfGIV;f1opL!kkI-b{5? zj@{3;QN5!UOCg%1XR<#DfY)?4dN3b9C50)7vsm@jta!Zfs?p9WU-v1?>7XxfUYybf zYzAE|i*T4MWVN;9h8CmfQ|R%-1m|Z|jwpC!=Yh@veKkq%8Ej7R5E9;gRZ0@D-q2vH zA-xUKwe97+>*{>687Lxxy1$dYlA`kW%1vuOIG`GdL#&EAL^5_1bE4rn?Rx*gp3Y+{mzCK1{8x^pc%ln^mtZ(IGDPb%r{x zm*Z+x$i2DGSN#B;XKCVQk>_!5Zzbph}WYatVnDy}6%#%DcXvQZS^LUFr^h8-!)D5De%+GT~H?K~P zLY%U_e$m{au5}tN^=yZQjUJkMHVb)bwHZT28wq2=be4Y2L4_D<;S}D4XXrvr!RyGF z@(tW$+WJ0vdhSqj-3XfxsK!E%Gen!xvOd!QLt)A0)Z6|QY+4D)xoU?h*0bHn8xwuyte+R5X+rNtc@(Qh$|2Ow+(zJ=+a@y=b~ z-w8s=8Q`t-ChD1T*QG2@ZFy$K5{#KG6}`;H{fR|GfABokNMJU4a#p-H+;-tuTcGIP z#Jb~ch2Yrq&Hc=rYl3v3rIp2{cbB`>E-F<-Q}lG*^+Br`qej(iOT?cx(`mIt$+`Yc z`>lSk4J(sqHh3tyxv=s8YB3K%*@YEZ~(o_ZT)%mnk`(q{39bmrkJ>3bQdP8L zu!MKi7O9od4{BbsYC2r7_+heaO;v4B8NVl~GqyVS1WVna6#LL-W0EX&Y`x6($cG=) zhyP)d9K%brbMAwu`@Mk!FPDE$Nzl&D@d*RKn}b})jFU84ef~ykm&WIv`D-{~dDY_y z0J#bFp6-poGM&x4EyjkBe8Ic9s3o7rN>P4>n0sD`mP`p8+mw*-`0)7YpOOXh68@;2 zcPGSWec}ru>;Rh)Y1()X=t3X zs zLWA`N*36WjNX9~|y;Dv*^ev`4l;KPZBbj5U;V6~mf!cA#RNeclXf8`F*xmR8P5!3r-YjvkwH`9FK?8~_bedN^EM{@c*av?@=3W^4XZx>u2+aE1QkXT@+D1&Zc|bj+;y4VL?>eWzu0^0w<^1>?;DWr zkP-nA0VM>a8w5ler5mJU(cK7wfONNnbT=%zyK|9Bvsg4Nn)l?ouD$PlAMf)QJkS1x z0}n;cIoCYr9CM8C_cKzg&4%OHTjLX;zx{Z)3Yz+A>LwSS*II4W*xQe^r^ly@NpY#n z9zR(o@_Gei4hyR@G|t|Y&tdeR+g9M7mA9Ee_GWhZOV4LW0!@ZDu>1$VPpnIr(N7W< zoNNCCX#oAy(RKQfvPK=#Pxs8(C#6d{+b1iBeAq?QQ!71cwX=QnkTHQeA{;lbCjq>( zb_yAk4V!Z8zH7iWEzi;x;%JsOnL?5U^H^fBvP3#T0fT(g+}vVn-9eN+N9zwjZ>pN4 z*F2Xk?zgm1_RDxEW?{wkKGmv;^S;3Wq$6wRNOSjPif}V<_vHNdj3UJr(|zA&l_IxAILgatKUMrrKVJ!mTI^u!Sja);`-hbXD3BeZD1wD`Gq1! zFO&uXR{Uzjq*JlHDO@y)c@7oygpuI}SKHuOLsx&5+6{g&JERJO(%>}OT>mbmsYx+2 z&uM*roOGuIfo&`&8B_!Q@4p{{aO%ZIt8Ck3#-EK8R{Lnqng04~uO;7mmb6Bvv^!l2 zrt}?v%!Q7tr9m zh%4}6PH#%b4U8eQOoZJ4RQMCAo(PdBOq3<_$9{JK7k?@Zg&7?RZrvvXn;9;Pvrc_8 zeH^-)QyLGB`e6JUI$DwY_OdP9cFu-z_K}!k^9S$R>1_G9+QKR@?~@H^6-sp;-8JIY z@ar7iyANJx8Oz~w@Y+#)$Z^?0-FX%&+X4Rz-74MbE5~b)_Sv-i>h_|q++*vTjsF!4)mShu$uv+Ns<0> zfjW+@c>n1un8F~d`IfDamL-|m6#1N|V;JG8wFN1krK6QCOV@Ntb-Aqp>>F`;q?>8K ze>=A+{8+CR-O0cmaQ1=rXn_gJmTP7rV4iE^1ev;e`9tbG_romI)V#PG4qJSeJNM~VWXU12vU*WxByM{Ej;87;!pfeQpS z+6Jtd^z+Z)!0W_rBsP#3cmMO)#?vd*WEtKO~fDn7Hmz`|Z95)#fg@*W6_I zPMEgBv{soZA+^UCZ-{`BiaimYV)I9$66IyZ^5c_loS~|$>E2G;Wy`|Ap=Fj*4}E>@ zdA$_ty)Qv>06TN}@_4J8J?@3L>{({Y^a(w`-ot;$uZ1tmPad-CaySo*JXEcL4?$3F z-7+Jl%Sg$cHeoo>E88DS_XR}TZ?`8+QJz$a@<>m-?7jLX*OS5Ry3#_26fAw;luAVr zGQNo)LMaL!%gGg3#&0+-)Uh~FlfbWp5EiY>vZfPsTEHk7yrz8_-Y(-F`B=HanU3sw zePmOWy-38Mki7E=@_lFe8y*pIkZ|xrMd|R_^LAaJD+;KOe(E3&(63bDEw47}wv$*K zz#76u9WWmkT4im@oq)J!MG%sLE?V13kQcv0jUvL#a3fV%4JKAEcim==$s*)c%hWae$^ns- z+>9jhM1mSsOFj||*qS~}m^M61ng&fy3YU6fv$+bL8QaHOc;_1WasSq>HBAReu9qmc z*?`=yzL~9~*~v2l8XGOAJQ9}rRhO`h{)CYQ`SDCmIV_p{A-xK?+<18Gk>BXE0*(%I zjOk9R6msnQN?){qxiT-0VI<;nM)h-#oBB?np!7MobI&tpYh^Rnum;hwa%IuB6E&SA ze#?2Z>;MPh<1+-H34|7hP5;R^eH3dtGIRYVIq<;V3?Iw2NfzL)fN3~GRJFPW-fun8 zNG%sw50s~%;F$;(5Nta8ylV5z#cZn$P)JO<)X&&NlaDkoYCW4SrR7KW&2@HZ^Kt!d z>w0jl7^%ETvA3XRz#r|08+53@HJr+dCpG1Ma3s$^+?*bEg@lV0_ ze6@SU7uGelsmOsXdb1UtE84nrGLiJgrFTG-$x4M6G(9AExe*E^EmAVKkS2>?mUX})gStO|~ zVLpV;@*COUVAe%%T%%^{t7MvYMeeU^MnZ@RYcErETcFa6>rJ(ZRddI zkFDGKp47G5M-C7(BRHl)K|odx?Z;e#Aq1unCh#1n zUGW|T>rw^OQ#9kCJ?FXq&Xsq+I;Js){+XbqeZAMoN$YGfd+~H=D!M4x+Y&xzU~=Ha zF=Tqku-~PyR-&7_>bC6-meW?Xgbs>IKABq`{!y_j=T;ivw6|YTOTkm`Z&payvl&pY z7hj@T^=e)PEp_hT>w(zOavy&OY6!FW7kWXmTOHp;N`V-DfkRL4P^ER3T5Df$I*NMN zntf(ZI$1+8H<0ynw`>;$zg8(0fx9d{YRlfL_?zRkr!C-fJ)ex~Z)4V}n#2}uoAznM z=0w$Ss6m(t+vP`Z#idqyxGwr!X#M8FvcI6P+88=2B#bzJdzd)rDyyDiz!X{N*@e8g z)8heZ$)nS#*jm{smXtM~s8YSSs-=30Jo@dgRWkeMnWMi3tL5Ieb1CX(ksa9`$Q|O9 z&oN;piGkiI`8gku{WAiKqV9$6s7Umw-dg~Td3hptg<{_reX!3^*EXR)7f2!UddJ!{vIKL4PnYoNxbtVVAxwYAVf$(fz-l6%uwfp zmvmonNoY3gND0`)j53lHJQsAD52C$J!i`yN1?gBdcOz8*LX{M9;l=so-4`&|dw~z} z5BKNdoAErWmFjFosZsmA5c@;_YI46uZ4uNIl+REnqbapI0rM~ZCs6U#Y9kv9(y8(h zjW44HiF&JZb3Epj;1{S?EIVWo&js{Q0dYbLbeKCwH?$TjFTtQqnIHG(=+nZ!{$!NT zicil1#lmh5{dL!_%K=SUon$_+rNXWoy!#a9v@mROea__tSe!$?NP>!4b;X}>gLFwO z(xoCZUyb30LNAguWEH&29{s&hW9}_Y!@9!v`;P9r=MA&AS@gnowtXO=khk`p`1=Kd zHK6A?=}}*WB;$K7tth-}GL4z7Y@{E)9Yj@zH2tv#vhpkAYtm0%r>maSk%ZHE&OT^m z@AjMmio=EaC@@xTge#}hCGX<1=HEDT16(FD-EAWZ>HI8!DUTN7eDY}9%7fUqu>4U+ zw+ldEM!*dFtkVv?s;x7hoYi=Ao`+=m5?0)M9JeaOlDIgqxMHyZbp*)WXRsmt#ZqjZ zJSoUKuZNEnenKhV*M2|bG=r<=)NHm5PLCkf$unMB4f!J(2BEQfS?XA^ZRBqEn2j`L zz0^x6(IRc`^@-#i30F)t{dU@>|1xZ(uA@oZGDSP*vwNXC2nC#Ym{^+N9!7ElW4~NB z2+&4deR)YMjnV#CM4v!Js;v#dB@=R-oWGn^w@oe!KfFCOS{#vYL${2TakYPNfI6@u zCPi>eSD0uoP8OVS5pS%!uF8#@$SNY$+^mmnStgPoRRkg?g+wHi{EGz;fl>>&yHhU| zc?x|kiTWGD^tc+~9V=BkeGTwD0R%@hqw4%0SiHX~M#tUKlM6qIG&m)ENT>T82BdUs zOdu`8Z<@+nf@eCW9XE&HRMUsE%fqJl@%kQ|#`+SFeoI_d%{@!P^O}>a%q}9Mz7lTMuTd6EWy~E2>{dT%CzejQ6+gtiGaDmqqKG zTm5vWJM%)pH=iP9?US}sqsZm*qGCF`ES2w`CfIz9Ls6!>7e~@8z4;-!4_38(11F|b zT4}olO3mI1x(B%Jw{uuds~EFPs;^lyo2f}T`Jh0hhcdU#JJH64=X`HEW)8J4-HG?c z*{2Cw8n6Mq#JTSwH=`N)1?*M&qes2~H|9~L>hpMR?p|sfMy9>smk0?`_!auJs$7)S z=5WPVDfDT>=emP=mVEi*@VzaaR=LVf(}p1Clde#%I);yr+akmC9d!SPl+Ts?I~|9R zr>tqK(+pwzJOL-=i_J3;@)xm%!NA1A63R4Lt6TMQc|fui&FUL9%VfTg%ArxyLVv9} z7ZwTD-e5*#gRDR|!C%PDY5HKaiHFN{9$296{kaPqP`#pg3Yp!u%aL6`+K7TsuHP1| zdZwhjP2oRI!j-p=I)6Dwp zxKgp+2;=cc9N>^%ko(lE?9?0Yok#bhwS#pmL*5~I_uKhk*vf3xKN`EAhMG$&-Ve5( z%0f4Y`(Vy0PavB#-~{&tb2PzoONE_|EOBI~ueHzw&jZI2b>aKo5Jow$!R`z@ zrMP8>YuG-iS-PrJ{oEfqU=Egb>&|5Bx$$P~zt)%!5yJ8c^$pSqcOoNBlODzljA9xS z!Q!M3Fe4M}3ZJpo7yPl=31-*ABq9+BD|1YAcNyNoKE0y4Te!TO?G{UWB#Y^3&%c3O%W1!~d~i#bv~Ng$E-L<<#f$@C>P~?AV>+ZhwvTGBFw85|g&Z`M6^7H~ zbOcY-cT-^0(Ve{?HE;h_?XgE@p(Xt6ItV9qN#F=L)>k{ITBxeaAnz^LrtXFv6T?>T z0GL6FnxiLAJT3+7u=0KX!1~eseEqG$!^}0ws)+f90p{Cl0*+%E*A)$_oIOOZ$HNq{hEd7MNZJo$#-2E@ftrdDe;IKU&q94k4bzK}u9 zzn(LCo3wD#7$1pu3Tc6^Qo?tSp%Uz!ub`FP<8loa=_+n+@KXC$G3kLF>~$i zy(XuBXqWhF@qR;Keoi+lje*DtWWrl2qAhr{NZo5m{S~xw*EjirGN$`v{zLWgb`g-X zgYxBY_m6MS>ap`Tf5#>MyyUe#3-nK3^?*NFWRf@po0&cC*zkA_3}T?hyWO1;+lTbH z;`3}T0eyUxx*w7{-_a!CposC{Dw=2SKq@DwSLwT*-2KL5yO=z0i9t1W+~(oZN+-N8 zUGbifloyCHQ%yM3GdZIQKEc}51e!|k?Hfynmg|!9R}^FE!*!fZgefx8xjPbr440dh zs8;DFtPt|r(p;Au^}UjQB1#v=^o)>ROjkLKJX_>1ne&E2#Nb>%Xb@!Qk>tv`&3`)H zUfK&8XIFD4aIW+2wukUzeXm3J947->X)I7l;RrJ(Y0~I>9;1L;r}h*NAM^aDhM%=g zbnL%Tu3G{DWgSMV@GSKHV6t`! zwNmSEjmu+p9ANysTd{a_aN@?ZG8QvnH$uF2{&_#S)xy0s6`7WQepOgne862=>9mi_ z0*PS>!w7TQXU$jL0l~Cxn)S@kfXITMJ|W0li?d*MJ&WksbFR|k8jQNBS6bRC7DLhu zywm6B@C`(cpEq+@Bzw97M8>;>bk<4r0}ar_%2ozp&JNwpQ2SDK=a&3oG7Wx`1QJlG zdaZ*bcqGLc3L6OY8Mpel=Oi@?vSshcpL#iNL$=ZOSD|&ba=7MK*3^4W@u0IjXDy!z z3}Tm*RV*C8+MQK)N`{eTnTf(8VR&ur-oo7F`v;#3p?$$#MIi7%@NWmq2yA!5lM6&# za+9;_$|K!MBFR}|X=5Ypo>K$rlQQYhGOlVW61+MYi6Q4BxX=yW0^*GySZjOjy80_gvhq^%pM*VUBi-Og9&1SB zt4cj(SzRH|y69L(mxz6gbJGRoJ=u2}OYTbtY+G|k-l%*83WAnx>N~@*nIe@c(t~9n z9pUpBi~yH)CB7$PP{&;qLvNdw@gm7SL7%a+Q2WuL79Xi<0h|;40t7jpu-s9xjEJ5P z^v7lHoDN_9a^-WiCs9OsNdpSW4KUk!G#`je5lV#BAy>0>$`!MDE^?GtttakQFT_Fll9U?r|kNLUZ8?y}jSL**OtM1i}(`MwkDu8MO4)-MWw zNBB;_oc9HBCTge-vP)r9?mvSSi{E+c^vS#V^fP5Ir!7nB7uWrmG*AXR)Ig`XS`|XV z54TpNfKOm9Ja@DyJ!2f(`+;^5^WFIBpLf4x1|9QE3h(bQRnnxn&sx}QuU}30CH+&Q z1gIHuV+1L)rEmDFo9aBS0jSE<%%R;MffG;8MpG&HB8w}5=!?+DLm%4Xp5C~Kk)D?L zYug==LWJ^Br`dp+uF(vdGUgn6L8imnlvb{>N(beYz38 z?kkW6oChJfqxWMycikx2?+|X5b(YDm7c^o?7=#LBZZ|(%m_Or?w}9hA8pe*47?b z^(51|HW|IC&aylUzT~73Pfy^p#c@(A)wFt&uM38M?)G@0K#eG z1}#`>mEIZm-VB*)NAD6BcZa&f>Hwr%jPComVtEazoV4T+^mW#ID9iJ+j0(U zN=Nzid_H_O^A>iVJpd3J2XP|9o^pL}rpSfQ1N(J-ADZ}xzVcRoz7`qv{%ey7MDjEX3|E^fW1?M?KRwxHAR!JkTTDri9ehc|OWc zHh25S=slO$l%olZ&snwA>vMyWzn{1@FVquA&F%LMjpfcR3_0qWFFvwU(8SPc9&C1t z3V5mJRGArSi_}6xo0KqsJ3Atb@cImkHN_^1PL8J^k5wfI>)II_B3t@lL>{XbfXuKLcfES~)9B|euf<=gX#YT@1B4Qrb1Rs^ z0mRaMnAFi^u}lbq2i*|^Q6ovIBuMlJ#!))gHQs!@`|04Yv{80j_9wM2zzH&K@tFJ+ zM1tKry$y9Cuv%@-+89d}SjcFtCKt^BUZiLYbF81ht$r~XKYc;x)rODZ?5(3XNyb5Lpqh zDG4KuVLyLqL@yUJCgQRB!(A1!&3=&9hQyCmFp3I!#HOfmq|%{08Z2LUAtF^Am1+<@ z{$cHw`1>`2oVKrg5}zWs&2n_MRMtOUI+veEPrbinU?UQ$?$mT)3kTGJ##Gcc*a#TtpTJHW+#6^@a#V2U%$@-C0iIlnV<5f z<1nDdlQou6vP|r&li!nua1L-BsLM+^pxC-c&CCVQ3eXLBB*ZxK87lDWg$OWTagLyOfR?nRJ&M^5pV7cfoSKMAA#c}{I={a_l(>QJUHr7H>D&=~eEYqSSf zvCMAvw-^)OedNbs{AGtk@HfYIgHEwKoXsB!t4<7L{0Bd!hDZ@6;xuoTuH=f|{vPA_ zFQdFDCk9}~%yR?yDp7|CWifQcvjY|!->MU1=$$PKRm$RY0LRcHbWYEur|z%t_wO$f z>Fs$Sfsx$LLmTbCGrji`7*!c9KD8ypz19)E=l6M^H+uKM2hynhex%*UzNyBPxsvho zO3jO$zkQGROi1kHetZpmKn6F+0K#(O3iz$)lzXwWmnpe!2d!xg!<)Kl*NRf>=V|zL=GwLH&LvSI`;0krfyCMSAU5H z{>MxE_+47xU)U5XYHGb_kCm-QS;2pN@sk3uDUp8G|M7wS`(NNM10aD3Z?A&?BX8xu zKltCt`R~g4zy9s`2b%(C%60i)8^=Gp1ZfR`O+oR#bU*(8|84sfD}YTAcnEQORG0sI zTlv>_mCQg`F(eh)^nb*rJbi(HCEbnr-yi(fbp6Ln1paq&{=0JiAACEy^V$I_;4Ar* z=@2#HG-twPM7)=Oy&m{a9(hQ1Q3WsmBf60$o^J-_59=MZob60=Psp#{JN=k0*HjH9 zX=a=_cf0M&^62AA2Glj;uH`g zi769yUAvJT_BM1igW~TOIt}kJKD(&D`nh_%omsV2pHsDXd%HRP=IVSy`bHV=^CKhA zs>$i%KN)$Uco(O?g@&#E=aDbf4SJfw-`y2|6Q%;HM^0V6wZ*bmpL@J7Ivx#kz|g+v z0yMq~eYt+Fn|4G^x6AK4u-rIndi-J_iCCD)l(+->-`vEX0SkbKPtAviG;o=&5K)8P zF{{C|kDCT<%vA)f{_olP?&6<>-G0yOt(AAMY}Qq-?E3&4-~|<_a3fp&#UhODoobyY z``5ezHxfs>3Xd++dRP7v)N2rbZ$z-3h^Bq#)rZUH zvgcHlVy2M#fq!d^b;e=ir>_zy8t@ze+~KNQE$a3fL7DGOkH~rjcfn_ zhodsmZA0P{6@>mCFZvsNB0!a<&k9<41&yS_x%wJo^eqP9Hb*{X{eYhEJZb;QzsLGQ z5*f9HL+&1zO%TAaXfQgmUjmBN{Esc}gnvK&=l3u6o>ch$==_J0DUA_%xm^&)l6uCh zrjmrfpAq=a5_vp3KQZG2Zin1KWP|8}N}R`4F3O1|;f=s;KSq^Y;W@^~-pr@3XOYZv zsOf&7?{g=AeMcfr>jN@H=#NX13jd{wH5$BrM5CSULix!qzUWR5FW)f^edaeD{cq>vTOK@ z^Pg_%fhd|5Z)(b$J6FE={!8C$y(#CM#^(a2dI8D(>wm(gq(5*Bsc|MK=PL}o+sn zl^)^N^9`EMW{VwXMHrUP`K^0j2my_nVgQ&<43n7xTzpA*2+5yI)mCfv%y!An4~e2bYZfQ;3oPT(xLM_Z3`%_>pWxg`H4ZHw>OTb=UA)v z=Qd3%&zpGvG3fvb=qt4m$b3Fvs2^JQb~v)+&J^8&&9Z6y~U8?$+(fX$<3&)%O+5r?hhOj zsjSytfk>Yn)8jyg*0!(v4)*~KLjQ&ZN3LB5(mRvk@0XiP==y8z9RXDyFb~ZZo0izp(M7EIpq@6=fhxB1@ROJR~U3_g$i`sn<0h+fcli1WU|>pu|k zjBPHiGLh-gN4J>0;JzC8vF$DkO*q*wihSj+f8DsyaLy7VWTlqOY3bHJm*>9^)C2}` ziPrMis|D2m#g!p-yk(k$CvTff*6e=%}{c%qA-tAo?Paebt&xXJhNY) zw>uO9aK2Ix$Qt3_ew?011z4qiV`{d2s&}YuCrvF;zUtc%p9>5SZ3T>>-%+x;5d;ji zXwEfjwQ$pU368^LBXC%GSY%KWn3zZz9E*S20g9o!)6EfDTU_$jJ;R9;8;l)D`B*Fn z+6_BsyFh{4M7QpUsgYN=Y2#%?(cS)ht!xIxSyky&fY3pmK6*~kSD*L^RtSz(O*AvT zpB|fMN-lS4SSLpN5_n=3sl4U#YaFX~Z_8!cO2h?1$ui6pf-f0e!=>9e`3rYq(z(04}`J~xw?cPoaMG5>%HggE=5D$K|0?#YG8OJRvbqdFJ+rt=06>$9-99y#= zVA!=;TfZtl$=!4UsAM*am`)d95Z7ILCiU|8vU=Aj!1k89;f>>VOia$_(u_@hRKsbb z#M*JOPA?y?zUt9e^W}bIn;kT;RHUiAdt+Yimz6v=D0c7)s2SROt*66HHj<7V=-V%4 zpBZ0xo*BL|>AW&$P4$H^!uXxzi5L_iSQ;KQOnkDrYGC+5Y%foJtb>Wn&=FqH2e0R` zr?nF6t!lRO%*t&#QOv4V{{f+aZJ15P8UfOxD)<`BRO%ns#_6-%{%E0MmDjrO-=(N! z`-k2ufL7{cFOoqQl>9FNuvNly`eD{Mk@BYlz9v8AJN4=YhHu^5_c@jvbbE?N+=+## zI?tQN=hmxdZUokj^E2WLIZPKQcO^Mnl0NY9Abq0n3ujli$v=?4j^C>8nCDcavbZ@M z@N|H!Vzi&-Huz>rdAk(L-<=Ouq9PbE$VYE7sW0?78jrmN#1vs|F$dM3kX>tf+8@a> z+A9EA#__Y};EJ$1qDIBF#L;9-O^6Tq6srm3Z?H@ah`F@ctE&uZ5PpM?gCu#$HyY&EHIBtm77 zNx*DCFAU8r7MOVMXTh_92~=hD*PydadU`y+v%oWSQA!EdbH^ROV1QPVpX_> zzFHoC@pJL6#rRv}e2yeIEs>L`!kknEB)Q=fJBP2K-C~~T;5tE~c`cCTD^P1*@4onD z_|~U{qck6nGUDc49Dp!M7QE(oWIr8@#Ci!#B3N&AvuCq#)b8}4w(J}kM0!e;`_cc} zkxZ?lPih?8x7wQ@BXUxwHWOyO5fS0_Nrb#)S1(JevhHEz^SN!%^#M9LoOILT^_0iP zQ2^i|xZqI*;PAXr-X^3AT}bdsl@F7~v8gdHKCq_^k`|t7V$}-s5t}=b6=!34)=uvV z5MN}p{pFM1$!Eak7%cDeq!ud$y{~^@{}ti*>Nm&9<%RjcBS3OYgVTC0j(Rp=$3q`- zA&^Tu4LQ&zfi~P~E(&mlT{T~bjI92Qjx`(f?-IEIdIiM2(UY(#(p}cucTAw$+^%uQ zGM>2}F|HnBiG zW;&26+_HZKEss)+9<90e*xhr8VIkK>0d8fak=Im-@JCL=FbN0T$UOO4FVHL%+Gm)y&7d{+VE z;&fwH-ZvM(7LX4*#|zQ_eSda3aT0?uUc>dlvijb5imM!;c#K{lhHW9p_0gAnDzD_) zyKDCrrcwW5hinkCi|o6E~q^Dolm>J{x3h{ z*eJwlA3)|?*9>uPfaZ!MZ!h@keiz%e(O!H0{FSvkcwegimB#O_N80k%?+l?_*}eN8C3VI4t>yUzx$QY@V^ClEdTt}qOIFtYZrTdm zK|vu#5yK~ld;V%WEiO$W>cvNV3`|s|VN6CD{AgyeSKH0TViHgB2?(C5JQZUPgTqDi zS-7UpoD}yKOxh0x#}3Y%GU~y_;8tOpAof~`A8(RauY^d9E~PP&&u?=2rW;(hc6Bn) z30iaoH_G~x#9$(q;a}mD$YrN=XHDKy*MvpsDMO@g0zrnO)B?3e~Y-Md$EGKkip8yT9f^-wJ==-%C_FEd=JZiOal za!OxVNnd_ErMPWmSZrg^Lc|^tz1^F=p=se=Nm?Iq*MhXkBZwcQ%hXaZ1}48vzEjZ3 zmalg1QtrN(wqG1ie&u&(cUDlORNcC<-zZwD-^#XjZqDC6fo@>n=f#dEk^$K*XK^pi zs6SC_WbfqtKH5+5G%|Ud0o_K=B@f*oQfOKVi&3wwi%Jo3IFDeNO(NT22D*p#azj(1 zRg%YQ^;a;YX45;KPnkZx%FV`rWTUt132}*cYC@5E{ab$vQv}%i)Ck=gw5Pp>?j;PR zBMn!iac77`D{eylIln7A#&(Ri#;`q9ws*o@^y_RE%Y3mgrE-}w^541yk_p}YQDU*n zqLgscp>ek`p(ulr!1xQ(|BweGUodTr{g^j}3>nSKB0wkd+q7EwC0*$gN4(Wdh|4+h zo!x&%%4pV$)w853CrDz~1_N58Dc-qwwN>?U-SVc3z2ejG&h_VfOl6!g*k!qiEuUUT?+i`*Rj_ zrIZyVH+I1?+06mPlYYbDv1bjdoh_3VV(Csd+-U^o`y(8d-v6Yn%ARRSr+a6T*vS!n z4A>kH1SrRz-1|76u%$LMdRkuA4G4?wP>U)d5|8yXak$8F;ppws5SX8G}8$?r`Pp>~g zO7}z;v5m;g?c=f0(BEu)lSmcu0YSVc;wmg*kBu@=#$e%#Bxa#Z%tvbC)<4o;scn4q zDDQ(->Ra)gh!jhix~;yHy%Jw75+>x{&U9^Mw1cuVy^GUUAZsy5@>SXhODr!Ek2IBg zR=oXO#J%XEM3eyOdjv14QQ(YJOzw5}D#I&%ahI7qN#$>B>|}%wir%gX7aH$RjszKE z)oI7V)qjboEb26xmU^f=%fhEBlnxPJ=L^L zMPxXNCSYT6=+|KU+g}h)+h^1MJU3s2KZ!X_C)w`>z^IFtJ%y)`AhmPGGlpL&7i%#F zTAoTHh=28JNbPbMIChd1P2X9sb{fUzvYs|S&bX4T6H>IL$YA8n#2@{3N_Mf;5V8lR zmC9w4(o=17kr%>!$R=oyinSON;5g^2wSrSQH##AN4)Uo=jQU%~GX|PGpN|?6ZJwJr zORgrCh;QcER)g1AW?g*$$+=NW!2h5L<}R%X#)rJ0y7=kc@?jJ@5VMZ4&D9Cw2>Ylc z)9fZtZ_CuEe_ss8wK@1mb)S`n*DvtROR~0D9Y0_G13fZ}-j$mz_N#Dk`18^a zgI6eB&Vg+F^MP-sUM24pd$>)e(!NKg781M9V)4A+G`xmVl;eI{sM0MCYCBH2*OPm% zNx@ZMWr}kpF(Xt{jUP|tT~KePZOY1P(ksVx*_c>kHaa}8PF#kvSiw5a06q#8TDF=G zRQO8d##d^6&c9dSX8NLUR)9#^H`6f#2s#THGCe;6gXoEfysKSC|?v9Dg#@rNuoK ztWs*Js?);tN9X|t`$G1+3MaLGR?idP$X-OegFq)|U9$VEN@KB2qN4Lu?!iA`Q!iOl z%48FSK0w%3+nP zrls&SLFS-5phz$Nq)Mc4Y~%tvOqsg?&t+e&etU?PCfwvKm+$3=gQtq+x9$#w9;!o& z)lfr~L`rU-6sp#nGXAFPDn1)JEaIp-_@5{fpSwG}+TDQ2Gq;UX2M7DNY@WM}$J{sX zmsP8)?ng#z{jaWzX)N)xcP=rm;3uZ8A6{Y@;4kq@w-S99RuJDA_=$*zA~@U3 zPd>VNv~1D@k-37(h{xSn z-MV+$FS?6;H^xkODe;l9Xu~tjVmPE z?wqf}tnWXeA1@WCHGUa)yGiR{r#{}&sI@;WT&;5)DpbN2Nc2;G{W<>t&$4oq{Dh(y zAt=43oO zz-0D!OnbJkW4^3Ujc3%8!|}GU6J4@T?E|G{Li_hQBt}W(pY3vE*)AC93e>6V^4DNl z#@ey`q3PW)u7RWV?ZN6-lvweo3+bijv!|5W4R@*oo_yuY6L+F?d#6v_>E*bR^dv{T zWHl#X+KXVx4%X78GC$;rBW~Q7;~>9` zO3SKCOwbGJ5-KbUtn9K|vb$Xx&KTR}3SJdZ(R;ck8JsHScB5P-`<-=^?L+K5^`C36 z0r@RceCrD4z{^rAbyU^d?iLi*H@z||;`_m=G`gK13D`h~pGCIYT5zn1@HUS)Ir&KC zwJ8)3!t(DDuCp7!{nZ6hqYnQ0yuh2iBLj`nECu|0n zdbDafh1Wbfydh+PKWA~QWX*qXn#Nt*%~4^%br^o9xYvAayT8LbuhChkF3fW-DufF! zWvP{{mh>=`9MWPa*Wj!JsKhMEdKSXaof?^6p@lKuu#i8DX;sNU8rqy%-!}K#KXVB1 z_F4PMsCvn*TB)+v;@dflviCEPLG6w5d*Ze`we6SuX(!)45uLg1JGv0u=#k&lJ*@^qdaq$#U&7*N}{5N@&y|k-eq*&c1`t4*deTMW$@21oi5ziMLrmNL=zaI$?t#7f z)z7DmS+pLW{^MxaE#g!UjMF9gn54}@_(8_VY#S(Dwj(KYVU{z^m4iNa=a3<@jikzJ z9zACFjkPLV)+zz$j2c}i$tNiv-XaoK{Vb+*L&xPqXhGC!ANQ1d53f_ni`T}{^@*9V z<@{x%-@j2K$yI)9w^@HuG8+iQrx8S55pxTOQf=^Z-if-X&;;_cD{%vr0eAW=RJy^h z2spaM$q19g=SAOHG;BN*XXr;)cYbADVfhPl57Q7K64@#D_ito>*l#pXR1E1lgrF#L zx7nn?6?J`YRiz!nSBU%D`aYjbif1M$JDg=nkvHAg)8D1pMmzW=uNr$Q)!EES2%Q<= zaY%a_i%$D>bUo?Ar+Rg?HP4KMLU^1Li@}=EI7N^4O}7J!a0Q$9aBXw$a`d{W#O*-W z;h0YAl^6r{c8~9a=dTnFlP{wE@8(LB5yZdP1@en;bf#wW==*ABuKK6P``7Rb2VBFI zhtx`EZ?Fz2$xftyFZI8^k{L{VQ`*O6O#ntf%|bKuYADQM+-`BLpZ)P$y3Tnq*fPa! zvpt6Z3IBv!Od@jjR!8asLO?qPB2gb^MopvSaFJ$h6^T3Om@+E>edOCVg#Fdv5 zxu2mb@@))?QcM8&AJ{;n#p#XZaTPJr~A8uBORVz8HJG?CB=@8Ds2MItaY#4j)>lPOXL4+Pg^IPw7-F(%`S`8RDzf$>VtURi7TaE$ zFhK(^k4StBkJ{Ur-3E{=p9eV-u%g)vCX0J+17>5XdJMOkuxF~9R0;Z6Lb1k~!(oK9!+YeLnVF}nB~LPsW+~rU zHz+(|JB1xL32}f*6A?&kZ?+TT7Y;4YpINZ-Z8&s=J=JnU>gPJYEjTtb+gseVvB(_7 z5m3}plpuT2iAZBNQ>vq&ORJ}i&J>tPD$z_GahH4YU39KMExx^s3~^uP_@@Yc#=%0_ zK(@n*UHYJhD!r~IaPd4c7l5ZZs$LO(tL=va{R$Y}th`T`qy5I!&g#7Q^GOe+0XAib zTMTSwOt3|uW_GO3KimVmox{4flX%azag}D8;0CYD$8c#AC@%dT+YV-KQ5T%dW7Wv( zbG2QR%gB8D2}`X^xgYA>Rja9598~*0A^GUQ%lT;Wu%;iia%3nX>?mYhYAJvwj<1Wg zC1Kr-aIJ;wLO6xb%7@=ar@82G)?00g+EYKnofgC3SQsw}cEZ7rB+cN56Q@)?_NzL| z{FKSZ(AQxg+-j{f%hvGEf;z3A*mz~vOvT$~*w-ZgsOL^z21ikD7a>yOC-q6AP97Kr zks{|MxY1wDu$oE632JZ#!lO6lHL_9IN=OZVQc5a)MgKB98tYOX$Sge0Rl9DQ*LQ7! z%*Kqyjzsgq<#i5BHQ0S$0(KdJhO@D~06xUpOlWSJO&`fUy^bICe-g=CLg%?f9_0hSOrCDA~hxiWwFZ4pXTzwSt_lk6-%7b-Eh_YGj2GRR` zDpM?j%ZO7Xs`mwY+clJ6VS-9J$;cpsK->fnIxCb(k9DUzo5L#g3RDSve8a`BsaV5$J5 z$#9;m8~>GF@DWPDQN*g-Zxqrb&8I&4nTV0l!)gf~Ki&-!{P`CezI3e5@FT)pP}g6S zwQxBk;Rc^-&4L6WnZ2cl6WhcROFc2`_}Nb*`gBY_eXokE~aS61G*b9+;r88&Y;`aLt!**aOJ2kx;xs`U6w#?hjq|*~U=%U!P zE3aue2p`v0D2=H1g~7^PwPO3t81N=L;_FQuf)A;zSXfrW|J$|FMY4%{K2iSrP_{< z{!O6IY>8bkRj-I3Me{qC&>AdQt96>ZbvVQ@DhXbTF?C*JD>(Nh?QOh17a$WA>ndD{yu`-rRUA*DI9x9ct<0F-ws5cJ{f5HAV=PJk5`0) z#cQ$7Q(wCGw@5M@h!iw@%7lg=5W-A#clP1D_~ea3Ssffs%~9d zE)-k&Yy&-c797?2i%IQG{j2>vWs)!iRD!%UN@Az&*#qWe1+LC1e5CKAzfzM=$xmC_ zOux0F+CR4pfs+O*xFHJ(9Yse;c0BFFq%p3m4{0Z^3xIIlX%5>mA)oaYqzDs!4CwYP;{m`lnS4gCa8|>C=LXPOi-7g zZo4MqPqH!c@_^9?RCkpxdK+qAgWoWJ{^J_B-pc>7!5gfASs|CnOW#eQRL(Xm5}5v{ z`Kwi6vA$H6R7$prBI{T->v$7?akz3YOk|Wjv)~xiGHiK1=nqEzxCL< z8JV8l#}`uB?epZxZjYi5fX&8ieRw+6%;crd?=cLTidos9pd2(SgUqs z1q7Fl0N)5KQ_R;`SS=&7iNL72@mY)8M+f{ce)Tl4ycr5Wmh}|I&3tJ`k8XhPeI)1_ z5QxwTUg1{ZO?wSkM>~!Tg4O(`fmp;$6<#+YE?D~mAwev#+9ts+i1>x(UH?E~w#VWJ zXJ?b%_E3{{H_dOw-}&}H?w@EfEP9nTEA@y8+IxstVrW?B-yK`u$e*~IH0*z#QE2Y9 z&Vo74DalNX9K#tpT)Zl}6D1f+UVb_nk5KtM1$PG4{S!o9fprPfZ(y z7o9P$6!Du(hn@1K#1X_Dtlj)N#_dJXI!B^@f`^`XpXW+o8T5uvgTO}(?^~I8#%SuV zy23e-$f#=S%CrjwqAqS-a0$x?)3$p3M;SWL_oK)>bw>@Ia92_;>u{wzIKR8&pBwC$ z|5+02L!rWaa(xCQ{ZvkdA96_fuf`7AX;_H`DSvc?A*^s#06sj8W!1KbZrHzle-%$prh`?nwgbO^{_BMbx??j`ba|V@AFjQ_ zX!hFpXb)@5?cnWu@`;77$@o>0gtN0?p#5{2dKs-;Alj(mfVyL$;QX^OOvjP;2mw;h z1nH04@ec9aa_2LGJf57ewnQibM?E^yk&nOB@E}U{@EFFG#3gAN>AWDu)R4OoF7|bm z-5i0MH8Pu<1Son*t8Ok~p@PM)qxk8{F9i-f=7!b@HQu=Zt6Gh#Y3Lkz=avrX`w1l_ z#NSDEVu7M%!rxV+vFEm!US`XCx+aiR9o<}??-4w$`r$l3Oi+fdsBZMpC&CJcME?J4 z?>nQK+P1b6YUmN9NN<946r>{%x>S*R=m!Dm9U@2%O+bp$n-m2?ZwVksm)@mAklrDH z^!7&2ckj4kyzlSt*UeZXBY)OjYtQ|xxn`dE>@`2LvfnDNDMxmK-+-T|tCaAYd4pQc z;K_EKj*jE}_kSYDG!DKQP)k&HO+IHmZHpc@^6Y4MOF?j_EV+HZm09T|@wBz+T2Zyh~BDPhiwywL6IErOpKC9raLm`{l zzeIrpT2~tpNi(8vHM2$J+tltMpp%|AZwp$`Ih?^la)25i#;8peZ8?AhM~;f~-Bc7s zHWm#|p@`2U!XP&y7O+nB{Jf-g7=09S;y48{u=`=Ic^isPrO*IRq$^8>DL2j_m#uH- z4g%pT%UqYesGH?BZxxvXy`;D1pkhy<31tH_>cG%McRWFr8LHX){ zRm@>PlfN1W=bQ|i^E9trzDvq1n$|)#M2`EU*E4e#Ra-e){Yo_0yu`+uy%wpjyjHQL zR3gaypT$FP)Rf6v$F|=v|1xk@A0x0RQv^g$zU!x(aAp-+i+BnEu)k1MkkiGx(ZUH$ z(1{x13VEn={p3m*^A;@TDBbuOMx2PHF<^u(fL|g~Q>DNb&X|UY89^2*;23V#%}xJG zXT3<#^ch>v%X`&8wOT;sOj{Wy+Sc(|W#)OK6)k@iC)JZHm?g#b>#t#REbvs$#54ygGy0#PLn6Fj zI+hZS(jR78z6?1Scc3H~WT4j3n9D$MOh=|llZq+${I13(+coF#_n$dzAJ0z<15~Y! zams#X6jbj;--0MT(=n52cFa6ZKY+SI7$u-1EP>Q87Z9q3JtZ?E0-W3-PNKyEjb9RL zXRarv9}!?5pc(&}rr+R=&5#~p5+dE`+5Xz;yB{ShDK{*f;=s*3#DEeGoXe{>GGKki z!W_cJJ;|CmZ70xt*%)9Kbm)*WK*j@3{y4-WFKmJp{yFu-WaCM zNB1z`4I6*xCuJNjin(~F`y~84^!Qa<43`9w1z}XLuDC!NcHH!I?(8yV<61PgL99Z% zjAAO-=}VaxMeB8K;9+(38A%6+E@Ovtb_$Ia5y$V1rRS{9WB6H}S2ri?bNrU+ZxZ84 z+mgleAj_FS?16r|K9EHbn4qmk#2B!%P~{aFp(~7)+Wd@|ZRr^zO3Eh7_>1pu#v8C^ z+7U`$nqlg0?Z~~qOUNqNa)!$@Uaa@{p#Lq!L5A~sS z&uJ6l*GW?GGa~%}0HIN|#!MsvCFym|29j3Har~DNh%ky)@)Icwm$(iT&JZR_k||m8 znktrDYa8SWN%{!u%JNu?kz8t~uKq>UIuOA8_$gzar8oYl=a&uwi%nUUdrt_v z=I#^&Wi1!kTNd-@z3(PYrZ9-ee<(_>ATO#$1ROY}sYconS(p*zVY;E2{q*1W9!)rS zcK4f!c4mbj*9<_GA>z1#F`=T2O^M*-ZDG&&43Wl{b@sDjDh0%xL9sbfdYro6$R^>*`kc$Xc9(3r!I6Q27flWBq;~z+O z^&5~J+KkBv56G~CD*h^lq>5{59C!O>T2k6n+@^8@%U=G|C`XWGXEc!jk6uIg zP>szyLT03X^9M@yW;2^qFKN+Ly|85{s6Axp?{i4=IHEZPMf40!XMQ=X^nEH0KS3M1dz`sQ=q4VqW!8#H-R-0oh8sbiV_ zPBoOp*$|F@V*N$zrthY|LCP6);m?Sc2&X^LWZuH5G=wk@YPr9&pvj?HHuwuBt8@eq zY8gF+RC&l?{IeL)aW%tgqVmJU9XQWQN_}^T0Un(z4>%?l0w0Bq;IDE*QlnDZ{CXpa zqNrNilccmTV2&Dogs~Waux@5$(k7Cawz;j(g*l-6L?BL#Js!Y6wZ-pBk0&L_J3e{d^;wBT$Aj)o zmXM8k-USS4C0=|BatT)yDlDceAEv5K{e$rt{&^MI*v_j{aeK}pvYAgY(})|kiEWfF zaIjwJj7iLJ(5O-+nrLpaf^dgr#iX#o<}qW`aSq*eeR+1o9B;NR1w0Jq+cCl*>E_jz*QrZmDwxo1| zJE36@&IgWXV*u{uqm-xUeJcGd-ZoTZl<)gle+ z7ym}k^>YT?IX&#(Qmj4aWvv}wC&Ip862$V6Y!8u;AQ;47X;r-RwE9%x~ z3qG&sw4t?Wz@K^?mrmraC$)Nc zx-fLH`Y>pV()bR{TI;;RvG*X{l|6OgF$S$O40+HdF>;omv?h7b@zdVovYbMEE6P?d zN>}b3K`YPWP^rpt<3`yCvK7l8Fjn%B7P+A0#!r3N3i}l%!nR1~q zz+rAHAS{G(X~?I8fH4xSpb(~=N%vjE>5aKp{T-0u76c?jNmc2Zcb>d3Yib5_I5ssC zQ{TUp1;)GDAh{ACQ5|KRW5O${o0NZFEGaXUB=2Du{b_;7%$+W;@Dwt^l?zx3URb~G z7;#pTSyn&tU`#%^0W*zb@Uc>#qBXpTHIDkId}c4+xE_XyJX?p){Bv8(co@H>nEDn! znG4f?u;bt9tTiB#ccFl*s|$%m-UwaAICb^)H3S|ErByJ}UB@so^zIBd?6#cvRTEhh zeMw~%uW*0$Rq4odf>>Pr`!N>^+@k;ul7og&(-KcmC)A_tl!`jepE1n!L{}gGKxBPY z?4147+{XN_i~K#PLTHsM)OE31PQw)Rle-stI`_@Cn$E`Qq5r{c#gAXO%UJ=3isT$K zQeRR$op)C11358(v)ai|vqc#WQ#JkS?pGQYh&p-0Jh|r<(7VG=VqYu1F&;K0`$AJD zWyoI2MnRA_ z7YD$Lqi(tgOEXcqj9y_Jt+rHTMhqlj$|^o z1?gX1t4?V(?&X3Rs6|812@b|QhA!f^uVj6OF;4NuMA%4L44%4tS{K zOrMX4&;Sw0*+~YH1((DtJE5&^PF_XoKQamCjssoD4@udE$@xi}b%5_Na|Ct7sIKVF z*w@uDpZ;2jE4uW8NamjU?joM)oGAJ=7)H<`oeRD9F!de@*=IjfsR zzx{=NYA5q=jDRS6M#D}r@a4;O{ukgr!DiJx-QkVjx-3(j!^0ukBwdt=IM%VUq@Y7D zw`%2G7}d!8KDDQ-Bs?!LWX^K`WOE_Hak1DVTKqWs4Sy#A`%mUpza4h`gdY_c+Hke? z))Z3LOni~8vACZQKnA})(xLG7*q^_AAc*mq6?<+?qQ5y24o0z0$pL=TesOH-!5|I+ z1&ZwpYY`(2R3&mKd*SWL$%AMB0&~b)*y`6!G;`Jd^2`BFQ-#@wk?;3h-cOMIf`UBt z<7=2Qt2zR31U+lDx6L@cs1Aav*doH3^dOuhOL59;>ty)=D(;}Raoe-(;o8|2ZQVd9 zUQGcZ>)AuZv? z#(m0{CT$vVmbSG{@i(3VN$SFk8VsKX^6Vb=-TtZ@VHUq=v_7Cie*1@yZE;~XQ{G~F zp8afy&ljAqtJEPugpgi4>5H&YJ1|9pFrB3uA}HLUDjXCJj@ccmY;G!!iE#TZ*PAHO zlh+bqv;gUaQonobm|q_04jP6%3hDgO!v;{RSo!c8`2TWTaEs6ke~(^`4PlT}{Z{_D zyqK2$hI>FcTj`D`k%hOOsV-FE$Wv5)Um1GX?kFc|y?|GYm{Uf!6*Z;qe5X%+XfxO7 z^c8Y0R%$ynw7oW^yq)RoKs9VYZOovJq@)uNftBX@+WwVxNZ;-PqyCaHgY^X7nAce1 z1d(`=sYNxeON+Ja$M;fh~>z>#`9dfGjf8#doN zD93l{Bl15N5u|p^@2AwC?mUm=C?{)TF=IUoOkF%SuV5dLId&i9!#8Z&%Q4qK-A^~+ zc_7eY;$&FWlig`a_B+I7K~B=Ww1F?)oxkLaANF~vd84KscK8#yXeVd47#xa8VA+1; z|4Vyq_=DQm(^tAo?_3euu$o^zz;Fi0+IKDw>K$96RnD)svzX#pH*tw5EXzzz&FeDh zrk}Z9X)y6NOyw1L0F@grt%F%bIE>efPIw1}y*&CfFpUu($b_;TdY5pDh1LlLQJ4FE zmX?W7ZH>l|7#4W3uGRClaZKQy7fzX%3xUxT`?DM{etAeQwz56O!|YL z>NF&mr(C7yJBAuYelyh!7nKLf#oAp+{Sv`uIVjHAKGVF%5Dl%W4LXAD$_yfPJ z0)(PaRd=Cyzlc^x+kK!cQb(OH6UQCszS-AEc5gOKG?t_dorJB#9=B0Rj|$32u2Me5 zRIO!zAU%g92}7ue^IkR3dY#DA!9XB##7skZd<4M;Im9WZ?TR=%vPU{J9uej89<)jw ztq2H3_A>Vx;p}+b`NN$`)+OGElB==>-;ozfY*=G>k~)BvN+E;vY5u8_G1Bq_)v+Lh zYU?OhnKr_6WOoxRKZ2W5^2By5>f^oiSHulH`}@;+OR=Prz!xKxol@Rz1d&!`XZsJp zLRIPp_c&dpgw*6nBe6NA-eaT&Ub79iKhs3qexZYUG8wx$N3m!EUPfH`!ATCBR7vI% z(Og$z*Phq)zHiYr_Gut%u`epj&YU&j0He>&@Ymt-QYLrbF)3}s?k%cT*D}_#`%PEO zP*x^N$bdR2pDuow@@jvF^7b{Rdf0YBRWSYgFWds$(zBHGBuvQRxwXdTOZb4?2WBey zfv$#k$Mjd$e(AV_j{a@Zcm!*YTMV4}9lXs$d0tM!otv4)97TA|3p&!Wcoe3gEBbr2 zKHLGAg26Ies4U!HZ^BYUi*}=>qAHQ$E$}dh8q)c%_Ro!jj+x9fRp9Trk>4@82Cnuy zic2wzOuitw*5Bv!U7}YQe7#{Wyr~aNBro{P{$6@3zot>k;!&tYSX&0QgE_63C_g&c zoC@!o`5%>f9>#4o1O%vYV*qwY z#kXgr>wN*NOU>gym-G~+YU4SH@hlzBJ9U?4#Vh7~keQ~?@QBFMlG?8g9`m1Qr^=TR zMT}?BQgclb-f%|exuWt$k$%1GV|Oe91=dzS2m5j>*LOdZqdT7@0;mp-WefJ)egDYQ zZf{!xb&*bUKLn1@IqKop<{gBTIvc8ynydpLi_vnTTs|;+-$(8TwIIfMW5iB@e1qVU z)QlE8Sp*c56zQydPyXB*LViPNQ7?9|^)~Pm8!(uCkxx{u`_81!zngTA0q+I2>e=Yy zJOI@;FkJKk>PHsGM5B;ne1s~c;B3bxWVDnHTav6<-&_F!Kga8ay}h_7Jh}e9LuSrA zKc9T3@8vXEDiQZ1g2}&B{SX+_o35f?GXdADL@$l9#Ic zbx|1}JETjtelk;xAR00k_|{7IX2H}sDQ11ul;l3p0zqYe4k{PWODO@=7VKB=>Yc;i zo#P&M4uboRM|$7$!Ax`!3a__Q@X6p>&u-LnI>5M$enmbikc4qnIUxmPcddD=z{sr8;~f zIV?hlNFhIn>0+1!F6xgqzT(!{31J0YFb)=G*xpa}yNP`);q%EzS$GeTrQCPwD!ikz z$_X1A)3dibMBUGGHI^}>_uNLQMW|Xzbbg6RTxDozQAb21YtZ4=y|Ix7wfS#WasKj( zJ{JBuuk6y7_7Vr}-?%5AYFA9Ic+!t+4Cpu#(^`^qkjfdQnty~^esurnGbXlr9lmrM z6C$J%;xcy`dtfKv;?Y!9=1|cKN0N*Zdq==B;}SbBl$cNaZs+EF=-#vcN$pyP`FA0r z4T|8ny{{o&3jvEQZkZVObIdStkAt}yKoAPxP zSJL#VXD?Bf^*1l*&%{T6pn^q{9J}#`d0s?(FzffGGCjz3)LM_u_<^r20Nko=|(nye6^qEr3Wf7 z9`xtZaWQqceK6i)tYyxX>Mf(EAR+37+%UCze zrc-DNzCv7L*E?=Wb3!QvM45S+ZI`jWnOC9Q_s+ zAF8kmAHyhG1>+AZe$-pSyAm>X1smcn!UbpjhtE$p;rZTJUOfl zG#nD(dHEV&fJUD`lR>ZRrQ_M6vojV=`Eg@XKm1yBkzHW;R>x)7sPvnciDW|k$-ylD z7;mN~7Q1UW=KUGHty=bk%hyY!9>N&d#r=kzw>aNNSsg-)?$xDl$d7t=YN!y-P*Y|y zBZ22)V@b;zNdw`U9Q@^&g95~VT3e#13cCV2jO{W!X}(FnH6*`S$ZMuxU5inTz7cyl zMG(9ax;HoR>|Q`QMKC3cOV6PVok`r8+CDxMTNYGDVks@@y*J6CyT~NYnybNjt@1t< zlDLRRN!Co9t7a&`_;zXSCkMD~{9s(#Z=zgFMz5uJZjyKGg5RjL$7pUes3;P44(|At zKo1jFj2!qNnbK(HPN?KTB6mGorexAmhoye@5-N_^em!4#ewZ1eqF#ncF;FHX|Lj)#g@kB9LUGKRlKRxyH zRt-RjUR4Ztsz6-G6lEfkDbd8ZiWaxhFv=}}T+D+2jq=@|4%^AkO6R%FHO#?ZUL0$2 z=`Fb5>Pqt^&`W#p>T;(*jMb|vqaX@|D@@J|{L_MeaRL%5({&wSuR~1S*81lYZYA6J zvc0iXuC#M){15-WRco^1v`aXzJ^1mU8e0=s>f4|LR|z)0f7Gd&fz)N0c`Ky^EI^fzj)kK=X*sz-yio%!pKLo7Ae!e6DHtoj{Z@c@E< zw@mh+kvo0{n)e%CkZCMKYt=EcJc|H^a!LO-_meJzh$gCNv1}|u1%=FDoFNsg-5QQN zOZfuAre(XT-=h)BtWXea`6)qww^4hd4;`IfY5ATfH*Hh(7Jqysf6GMsuaRVTapHwY zl3u&?W^g*bw%B!8C-2n+bg>`~ri*VA{#M0x9^}+h8z!2yUahSyd4;dBN^Ol(dGzpI z(U_vkRF??Kv{nZr@K-bUd=zxi-W{gOY)4QzoL(EjQE6phJ5-v@BqfN>!XCY+Vvm`W zM@9mpMLa9P{E2L2~fJZIlKGuv-?t+ zHzdAiFPm@Y2_|+XlV=`I&hJ~4!(x}k!tkKM1=OwRP;HVU#bP)tzUP-9OzQNTcpT(J z`QJwUGgxLXjw8mghN_~6SMz)QIsbqwGNttaOVCoc91b1N!{sRkaqslxko7d)*3C4K8 z?I%nwW`!fz@p^?!rYH)Zv?xdG+DYl*s!%BVOQ$U9uiQx(@$_VO(!UY*`-kikFx08t z)9ZS}Jj8oV=I$a6ZrqUB7wEx%(w!4njNIVWUkqTHi?$)OkW;w``!f)8FF~do77g_F z@@&x_HMLmuIfAT&V)?;(_fU#px4ltyQR9?ZKEJd;eO`RdiM!Fimers8SHZ*b`*yBV zws0LR@pkp~$bKfns&?GVPQJ*ZS3WBf9Q5jVEdFs3p(WZVTvJvp0-ra z>)+y`#1nOmzhB8&7&1t^;rvd--b~CenCk+Sa z6YoACb@2nPH1^K7>LniKbhD?l#j!>%QFyOiY?SaQthU=C)c9Xq2$_{v_iuJp6ye!yVcBtp*+J+h`#G^HEjQR49j7g!~U&%&mX` literal 0 HcmV?d00001 diff --git a/img/multiarch-dockerhub-5.png b/img/multiarch-dockerhub-5.png new file mode 100644 index 0000000000000000000000000000000000000000..c32153d2b7bb71062da44e82a868eb971c0bfb56 GIT binary patch literal 401636 zcmZ^KV{~L))MjkkPABQOW83VGZFOv?V%v5)>7--ZwryJ-qo(@(W@gQw`B8PN);e|W zse`>A>>Hu1D20qbfB*&thAbm3{sRmQ4)hTm1`Y;vxixqF1YO`Aq_v#Ez)%MMy}(oG zQ3%1n$iQU8MN~bqFMQpz%@!Sx-1U!HHU$bSLX8alBUm7jD5O{q$j}nwvE!A6qq3Lu ztK9*QuNL0R=X&e(t96NtHZqEdDJ+`#{%8>LQ#?W8kn$(FD{Pzdw-=;Os*4)OTO_QM zrqzv4tHxX2Pr>EYM#8Dji=UFal}V_DOSWr{PVcCh$lF1N~vhXT=9Jarb7uUJJBbF zv*zWfyLSLfNrf=pkGwd|Gzh`wM6C(6Qp*Z*ozm3#SG|a;R(#BM3^Hw%CLlw_3^J9^ z943K>ywi;{AMY)KQ#mhWk7xzvBF;1^evgZrU(9G6Eua2KSAw-$hmadTag7P3PLqh3jvAIggWWVbW}dfOhyJGMZbEo;YLt#AunJBLn0KbYrc;Gk1kKtJ<%aG5* zt$J9AR853v0GZ;;ZEg+quq)3LQ}J`l&2OZ7^g1Um+y|S}Ase3ohD;t+j`mn^+-kb6q&bbc}`&>pIyto#IQY zh&klUC;O5S8Ty`TMA;jFSQQ-*9Cee!7}*AVayA~!ZUe%eeUkn>Zv!%~w_X9yKMib! zyS_gG{g9`@eI}U}Kf0g1<4C`J`5^=sIa7-9ZSee8L*h5hz(Tn*dGYh z@VMiHI{Nv10jd^^F@I&FB~;2=(h@5K$47!u(dImO%4X7JXeeaqMF+`5h()91X1_(xahfL1X^x4uF^3#dLBvMkgug3Srds^7L&&37 zbl5T?`_QSjP%sm-6EofhOnLdLaK?uojX|}>j7oP9|HbQdhP5erm0?%mwXHLSxd^-f zIb7C;Q<)zMQeukTk%u-e%rvMY-MG_ZlE2`%ZJa#~jg3(CIqxOl5J@1BN=Q}Gg;ScI z)ecKXWOvkao|Hs6DG3&dW0+_E7_j3YLmG^)d#^8DfT>9CQ(ujbI;K?5T~g2^@_^$(Jif)r)5?zT~+= zaBAO)sstZ-pX6taM>*GUqO${7?Vl=|u}dAhNcMjiZwp8GFl&f?^-QNH)tl7JgR;lJ zp)_ds+_Nro2luhR(8=2`N9(M@jJ&hfkmGUI0pM`n$jz-OD8v)CU2?B_#CRec+*`XK zNIy2BmoRc8zJ?F7EtgCbnV;EGOPNFo{Ydf_C5jNM} z7-jBXf&z+-?0aAb=K`$S(7fUKxi6%Q@z-g}3wnKklRd_I*a*98A$0We@8ZP4_Ju#S zrjWd3;0&l}QzDOsh13IBl$3H7d{&<(ZkoF`Xd-Tnx~8vhtxSGY&9uXie}5zEGU97t z?_ae6n?Hz$BV)CQsr@vbfUZE)Cfq^uP2m0K4s?ZQ&H?Bs?%8NYd;ib6ldFy0#@qBX zN>*w7j{Rmpd&)F_ryXOfybCyjO=Ua#H28bRIinXoPsfAy6!Cu0pMh*cPulGYG zWgGk-w_n~6&=Oo@QfCw#NyS*QQ@RlPzGo++a`-WPLagg^BP2rwizN-B*;vgkdi;3T zZ7KIqT9);~Y145m;%9cG2(g8y-@~*;pdO9brkfd3!ys(Kl&3syXD556Qaqtv81`(BMOvSY?;>IaR=Aog88)X4c03^}xRPlY8*=tLMCbPj z^;Oz&DvX-_J$b*BL=sT4v|}!uGF;cqV`O0Iq9}y<7vQiTe2Hrf(@jM{86o>P5**s% z_)&JGognb8_}> zhJ^PO_^6)Ndqv)@h^T{81+jRZAua82Ik~7g#J$`Rd__s{I;KT};OwrIBc`R^A>raW z(7K7D)FGtF25O%QpES685EdSC7x49hT=!R2lnve0J+H7WT|lp?h{6|S$Yr9hevyn1 z=(GsB-^K70_E4lzGOA>%e$XJtR!gAWC;Zjs;W|thkZDRgR87@FU0}CIv-<(-e1)F9 zVvvM^_oNe+$zwud%8hA2jsS^26{-sw%T|@dkUyW$+nYI zYGH&^W5r1i>=ey?1xA|T7z-m`1$>LtFMpeud@0@4x+;2b_?g5^ zV1U;3O@%9=6``CP;#RlLb`x0Pc=p+S1w_tk16IEQ|GfcjYyZ0-+J3XU``+95FTa9X zXdSfyxkxMDfQI8EntPxWyzL7lMd3Mv`s(X=^x!&VI#=Py^ zyU9Fb;YppThi`>2^X0#U)ij;;LOW6>dc*atnPO-` z%Dw&|cb^H?Ovq?~r0iDG;cy5rO}faJd>wyp+Buwkqw;*yU~TT?P;hI0)xa0)C-w+l zXMB%*@xpeKQ2yXYko#d}wpRZz0b?JU-QIYrKO_Gec0H;?(QHTmQcK`yGNzqtPpUmf zX@Bct%|hui^`Q-WxpcVdY)z?;Y}wu3md&&~eX~N~<2ljDy0XY(5BZNc;$V+z)HbIKel6=yV*ha zn2Ei2&Y1N|*48D>8@8KC`&gGXb5uYZ5V$II_6dxsZeC~gZqV2SUf;gD0=w5A{#%bH z^G?trw5UG;y*n&6fy*C&e{VoSUl2lh07b|ssrhVQoKMuwc6?fO=~NYR|G&JyjC!TX z*5plc-W4%hFRsh(uU9vh+wxFihK#?_bTZdJf5E^%Z%90U|Ai@z!nxD4$akKU8=6AX zt4m5O@m9tAY?uvr%vj;zjqL4JP(*49`1lJKZaV))-W)KhrT!Z)Z(UeGBFfC_-Lk_x z!_Z{m(}}13czu<&6Fp=@L}(kk*In}XnOyQa>!`3FhK+%@jC%@neZk0{BNJ2vwxY5X zWEc&ajLcH)%5o;^eO7#aY&qff;6CsRVo>^UBzwme%+VYa&UvK&R4mFLeh=tW20=72 zJ~v}i(}DNV6gUzk-!$W(-Wm_|EUa$~T0Us%q)iA(Nh){*Yu|@hsXW;NF_UgLtEjt_ z2c5P#S|vF5!RrG$+@A|7YK&jLMaRS%Sq`K4+mPw-=8d<~d<+|5#iTupmd%tzcWl=` zhoZ^ep1YXym8|T6BiKUc_I6Izrra7*SC{o2ys4!h`h>{xb8IE$Tx97t>5N{}^(NaW zc=M1NH zbF1oOg2yhpUzNR5OHaI%Y5FROT=HI=nEGB=Q+-QqLbGr7_LUH?Bfuv95aMqA=Tv=2 zA+I{L)B%se&n)S?gb7b@lNYLH!--rqu&iO+;H+{1@va!1|A z;%|9a)~)sv;vS^5Q95G)af!wH1-lTJ_i>lI`&Kmu+-SJTv~c5bS8-_*A9PRz4yo~689;pUG;?O_pRE$UC56bx|QN-_iY=#$vjLc%;AGsIi+5>nv69d;NXzfY#^iOp@KV2Ds;01M!T>aURM`l9U(#JZz!{FR zD~&kxd4wGGccqIIlKNBJh84o;QcI+3v$Gtj){|tfP1&a#Bm})Dj92U_|knd#`_8|6Bv(*Bpv>v=#Qx8 z5A+$|0`*@m1_Q6A2T}BE5>+%}(zDD$jc7$YrJQX<8>?HA6oM_!J;IOJHo*Qcq432p z;z-}4>HboEFZ^~%DK#l;G!dwtw>~RVMKwD#tY(JUQBj^c&sqbuXSO{ILy@f{&siDG z3ki5-qsHE*Iw%s>Le3XmpMh|=CN%^N6w45@aVFC^v>>_cL5_CB$-o~7xd^~Tj|A65 zq=ct(Y0;*FAz}G8o}y$DnJ%o8A$+8|B13U7HjBsI&1)Y%6x{|m;PJFj)TB;Ryn%TH z<$?9e+(y3Ct|bNsRQ{}`;p8aIZVql2vcczD^-AhgS+R5o8@|WvOE(F4Grf&ame&Pw>Ch zSf``z4dC-F)V5_U4!%{-X3 zv#Y=v`wGA0W2Ymo#mQ`Sr*ND=itc%7m$Dtr&7~3HC)ejY<9ze*?+PvP@~Hu0cV$lZ z)vz>7*IxjLcI?HqY5p!vY8tz7FOQf5CFRuvP=q zRJdBLu>l{X^_0jEuOi`d_NHjR4u1Vw7erE=iK0e&mVTM^5xA_feXLC>6poaN8XnVm zHAOBX^BeZtmMZ|3WR+t}TKUcu{ zH~!8mAlu{EujP;Ko8RDYTt_7K}@;jHctgzYcf?RGR6QLv~cD z^WW^sq~t1ME@E>#%u>Af@iF(^+^~F}W?I+!^-H>@W4Otk+dx`nQ8nI|v%DU)T5n#^*hpQ^c6kiOk)@4kg;cr>F`^MA zZ6t7WhuQ@;!q&gPrH>9Ih? zUh;5+fZm221PU~1yEQp|=7t~=9IkB61W?ChCQnjRf%R#ny@QhL*iB@x$A#nVwnCD4!8BAKe-zkx5hR1-K9cqFtupVv(@&F(pY~1TfD3sP zZg4$J?C4%qd@K{afPL5yg*_IVrD~^@A_@>!gS1CCDBOwj{e5!DbcIMsP2h(}C5Kcm zCF>~hfKo?`);!og`cPgjlvZ?u>#O2E<>SWIjPAv@+e6ek$!b!fx2FNKPjL^^Q9tI< z8m@(N4v|f{;R|`+I01!>ESOHrx%>IKWf2vI!a1cKedkao+IrG- zE5Fh-_5@d3`0SV?0z$7>=iV3s%F^Fxkvun_Cj$_eV+Yfy?6u^Y-4Kt&<%CaB1V=Qufruk^#u}1V51*`8R_pkiPrcxwxk68B928$c#@RCLDtnDOSFjbN`5MD0Q>{NGKFQRc95F5 z0_%=j%3pN_{J005_GJ(gGS>YMbw3s#=(_^*U^&)Vit3Z4%rJ4L;P{%XiO=m5bO7~XgpcuO6+;xvIedFq_UrVK1Z&H zFuW@a(m8CJsJLf{E1^8hE_mrz9THZ<>Mk#(nP1W`@ri%8@i`f>g2nqWnU6KIN({@m zsrmZn@Itt0kZ)SS_O_#CvL=d;+yIpy}@VHy7 zmul+E5AT<2!Yw3P65zeOeXHf?kYUN%-x^5CG#QTJoJ+%fO&3RBZrm`S(N~#31?S*5 zzF)pa;v=x{#3a4=5e{2^#ff4n_I>PcEu`tA(NRP;CLZaLgjc^a)S<|9RO~mGHb;cv zXwm#2S~blHnEAAM&C#_6KRf15lrbKBnuCtsZAmBB+=`l2OY|k`a3Aq^jC-bE2;Gen zmWtGGusO`nYvh%O2&ARCL2N(^AbfVIFR{hrh)38Nt(B^Ctkjsmph{h`VX6Z*vtzcr zqlRvDs9N8`Jwpf5Pt-)U^w6I=Rm;wK@lsd!U(@`8a9lPoMy2Pd28HkaSn`91(4#TS zxyNrU@6cy?;yfq!sSL3?f?sGu#|1H5%U`KFo9vShCv$JU5xa<{!LW7DX->r)kqqs# zFAY|lWF6wi(w)bL7k!&jAr(JLA_J(zlB2k@VnYd!XRv%6d>_(bQG8aG*PeI*NQfQ& z4VLjgW~kz8Vfu66^GG_k?o71`SI0z}kGQp!hs2y1=OeGFe8Z_YazPAM*}V{8$eO!1 zco*C0W>U`)QL84jTuotVABMD_cl;^D>+7@iF7wgt+TLN{RVj$*s|Nz;afWI2ndl?j zJ(i=~JaxV+x!D>Rg6Kl-A42Q$CW$6s6x&(zK#TZt=@$;tF<{$A_kIgV(PT|z!=mcV zG7k5pTKeeL1la|`Iy)!@WOoFv-dlh!#Y?i!!xpPw6p zeJTA_W3(^ns@nVIXU}}*Plic%Q&Ue2Rrh#EYvo{!bACyzp_tPkw>;`TSAObu>8c62(h?=OO0#}9MsK|7b3gp4eYD*j` zk);5F?RidyD{qfUr9(7utpTWXqCi&Qftno}I)um~DFQqPO;hjMI{kjJBQ?u*$KvH4L716Ysp_BVbwG5!K2`XrtBdBFd^~G<58j zbdUZ^t_bk^UmxfeE1+!-)fc^D(~Y&}7&vlLCFnw9Xb#Isc)^zVXlZ(WD*bj1o;Krr zAq4c~mr2yRCYG=dxiHD+YiYir)|VcVg-#s;9&V{BibBh7$Fui;VtFY`XGSSAQ}D{^ zV=L~GB!1&~$&cZTm2z6CffZlbe|o~uK868M{|#uarW&0~J%1LsF42Xf zS6Rt;a&aLZt?~~6%-%Xu6T-Jay`o(IpIU&&CeDWDW)mMDqJB!sa1|AVSVI=;Bl*8i z(<0v1gfLw8Lp#4F@rXCgz{^6(`pF9GD-fNJCqxYFQNMhlsqwXhg@J)({Z=QJ)706B zO-xMuPpQ*uceCold|A_uJjYB*!rN-aRJj35BiVzEmW}NB_3Mj^TSL+B->V9swxN3M zlKBw`##y4Fv9WFqjZH?T%W#rX!!wppe;+4$0)3A_LxZTU)``pM@1JQ$iLjyK;Uqx* z`}jA%y&Vx8yj{}W2sCyT6_u4*XS}4Oq)6hV4u*lrmZR|lR0RcvldCgPODH5;(mpEx zUy_i{Z^!w7DIz3P)cq6)-h4+BxglFy`WI`Bh(TGLCg)AIvB{_E zrexv`4Go2WDVu+{tgJ-t@9$q}FhgvzC+&M)X_>^1N=86cX2DZ8XUnn=kyaHIkv)2E z77zu~*4CL>T#cx`WsOFPGei)!c4ot2Tq6Zxs1 zdmD-u&Gx)|Im{h;v_BeX-cHG#>@%w%C@4cJXU2mMH^BLZnv4>0?Z;#eAzLKT{C zLKY@vC5q*Qs|g9x{p8dTzVg7$e^Jz@r>R%Ch!_4*goCotf`}@yFW#9QiLCIcns0fJ zQsQ%u-r|Me6E9i(+qv+I7+-!ebmY6KgwzC!3otU;$(@;!B8;dU;-$)vmMvJbp)I08 zM%9}__J>lNb1jt$g^Bi#Zkc4dY=VgS_v{D^a!qoyrr%{`fTcj`WefqjX?p$8Mo)xw z)e8uX3y&K!hnhwXbq2e^(6+o3ay#UE`=pQ(rtR;eWZxmtM5+}yeMfk8U95)9&LgU- zZshMOD$@};4oyGHJ#{cij2ONt^jFUw*Ga#~WpRj&aGbNAmZf02$M21uvHc|v>=7d> zX{$3xYPitw`TJ9WJ0$HJ7U`3Wm2I02ZQ>_8lSHsYI~v`pzK}n>zT~|O2iUX4&Bm^` z9b|&;yDkA7UTA7mH0)(RJpG3mvGvc&q5U8XCzv~-eFMQ3m)ftK;SRSwZu1>~IQPGB z$EaE)ppG-3{@%>C-Mz)c{2sj)CU16CGlTOUbPCo-HuFh#g{}*4KeVbl=s<6ZgNx>e z9R!;ggX%i+wn$A8T$H>o683IoF#Z%$8M2(ApF+=V0n6KhiB!j50!#g>?Lyg&-AXID zfHnu>94npIjC79hJ{FnZ`n2kQYl& z4Ncqli_-$@)pjj#Ryw+0Ou;#yfEe>$*~iAK44R9;albJYoQawcia`~s)sQ3``CfuOccDt-f%`9$4fFxfut__!Z-{)BW)q0CvV%+RFi8tl} zSFVk4?`r@WD5A#upI)5wzz-7#HRpOjJg!;@u4(IlA_NZq%U`zVtp~0hkm|E+Sl35h zSlNg@Ozh0A$aCw#kS;_jAi(x7E)es%8}Ij!`FYGwwp<5Q7RcxGo_iWkOsIRr`4&n8( zu_0>Sc18WyrFwk4MKGGf&~N*}2+$a>KXza?e1VYMMf{v8F_mPZ$nDZr_t?6t*`Y~PL1!n2lfSm z+SD5nY-V{m3f16F@UM&e{ye}Fnjq#&w%-{Y_hT6)t2-!@Tod#Lp$bJ-RDUqRaM?oG zV-SFcRq{g}=lFiXnaGR72h9X8ZzM>F-g)G^9zx~Gzj?c9q_6HXQQ}uaQ-fMt({?;K>#sRV zPO5d-hCVqv69oh1d${!`)ZJT}-2XO8rB1WDmyNX?{no=HqQl0lRAF^9E?-#KzpnSn zt-FF;&$%pn@x(<~1QUKz(knKQ%}Y6!{QeC;O!R>B@1~k9*MWO5{>X%miyYg%{c(aY z&P{uH|D1$DTs{9F6n-#YfzEJ8gsf(}!6YStAnPswF{k}jA~kt_Yb(A*j^9^B!B3Bg zTnbWv=sWy_(ifBkDGvhab1Po;xb(U`72R34ZDNZFelGo}CBP&px;7*1*9{g3QJpt1?i; zzBKc(Se_`PYTz%_qg;jgCV9uUr}0Ei>YVIdWqd}WoF$%SKrRSzjoW)GYZ!O;LFYTN zXF~w?p>r+YPq#!h1Vx@_G0{yeNLj5=jkpdwC!&uCsyV4e1uI02NfhcUP^3yWB3bA% z&k8n6E)wgVyeJ_38;lT*x6M9ldSId>BzO(f{UMZg#IOvwJ{O8QaS@8^DJ zp7>bFm>LDMQD^f5! z>rtQGW%iTy5PakUn(COGZMC2NTA$X9J}xHF0mfEZds>GvhE6x&EmJ0fGF@6vKqk?U zQc(Iy02N-?cx(a@M?i)}O2jf6&F=G`|6Q+93-1gPD}$VrwD~~V=u;uk9tXUYe1}0B z{r(ThV*Vgk#Usc7JL_(xH#_zg{cS)18-t_4Tj+}G1S5LR_EKp>UYYeu19Thqo4e5 zUfzzg(8s%d_fvy?&~H0~X$HN{)7}1(a4UfB5N@AEStKO8J~2@2hBKV?Lv$RO3WHq-G`wX1* z-=257@ZgYokbxOqT2~v{xFEqYtf4x;z5N63K2NYh1LM_y9;UEI&Ju+pa!N*_lsC#8 zFIZ3V1PC?!-n4Z+ws6D2na*47)x_~Fa$qm zQH^>9?{CM}8a-}HG-l@6AZdu4*->;_G2X75(F{I@Qb6X9bjbPH*-$m`ZrE``Cl*9I zxc%Py5It@WHD;F9LPOrJf~a9h!b|f!)rG``9A-bCQ^uLayuD$)%w38=B<$ZJUcaYp z_e|}gt9d&)L2S2PdA*+;=_Ia6zTPong`o>@?IENK*)vUP*2A<*4%dL7$A3<2O$t40 zizg;8AFspBotb8>3;dAeu)}$dyOEO<#^t3g_fc7Meswdd`=&R*Dr+fKov6;3=U*pW zpqgV6z}+cD2s=b9|DMD9-LPQfAS{W0Oi+-=(JHCQ+YFldbY?_Q8l!}}1&v+%y`9Zw z6C);(rQOdV*sXiJj_b{9C<+$P&2cWfA;PM)Bd$Qn^eU3sc=)C!v1Ew*k3-R#M3SGs zBZW{bzcGj3{jwi4XqybQxt`C0kVHSKUdX@uZ9iXb4-Ul;rhKYbX$FileUQZpoWcFu zkn__5VUk4wYOvKk-zzjs7Rh1v;{;#mknFY!wOt$BcjlftVR3WaQM|m&cM_yXhlc_b z=pHq8LFV*sHSp;Awm-`*R8I7L=9P1gu>y6tTHg;JgcOjLw>{W$eLr9J(g?v~l&tKq zp=NU2e@Z!HDAX}o!O$O2L{d?s<6wJQGGkme-f_Rs(-#fa;e1Io{PUbjg)aZgFeIGe zIx*q|r;;|!6hk6!po9q@gEO&%%E%F;0eqI5?khhEmrO8tVMQ5ff<)CAnY)(yX&{*i zmM%hoVTb}1VeyB&LRM7xSfEzgvKSfKQ)X?WV8NbJ^{BRwr9=~L82lZuwQ+p#|~Qf$*CYp%&#m z^FzLWZGchW?+g-lYY1vwj;~K%0jXiULWUgC7SreC_af`pjuK6~2LX?*@0b*)iKH&! zinG<^n&*380oqFag@2Md?7PU32-UJ|2mxnyevwVO-+YC!&l7^Rl<4Xz*nM@-^BC0jgb*<c{9=8hb3sAIEoI|yhk&gOzPwpHx^|&-0@XLCq8;DzMpS}U2jH=8& z`k#PAS+BiG#_6Um$ib31S5&ufqo{4JH6RGOqcvP1-eI(s_elRDJk&TK^A&y3M7|k; z>#+WW>@n>7*PM%tz=i=nRh6GRgO;$mh5BO^RVb!!)W(Q~wCg=lgYjlADzyC{LT^4- zII+$|c0>0U_H*}Ibb9#LWnqn zVs|E+KtfI#FXHoJWV*s|xCPv~nSZ5-OfH~$Nz8!=FDvC1Xiv;wC00&sV5b!=G=A124zfA*fwXxc|7o z&E7ck?#|)(%`9pcX;!n%ppfsIHb1a0>U13_T!ilMY!tRvl%^lJl#1hXH=ozviOL^- zd+T`7>|pS|H!K*)w$y=*DtJc=l78YJ8M^d*?jnZwKd$|7+uGZ10iW;nE&EsAk$I0& zw>0pN>+S|A^|K4&H7q393bnD(Cs$W}1@s!md7jSbqL7o5gS=tHZF4+WU>m?4v9;)q zzhl}ycWilLa&m}ZJGjhma8tVX>Z?3*HVK2Ga6RPosr$HFp6HymTY*Y`N6sFfgJ~>) zE8X`;`%juby0t_!!~lk>k55!~G+a^_u+RDGcM5d|y}&n8FDMP4Q~MetLogK;bdUtr zvd0EMFk$abquLoUE@mh_$QD_cn+uF$ZbSRmhh5i$o387mdyVazo9^GH``cPnUoe_H z2mUMH9r6vY;hgaBbOCD|zlVKNG2n$(%UP!NZ6$~mPVE}8b7VS$lsH?-Nsr~)^mZt#NNnEPrAEG}BAsdwGOO?DCcus^bx*ZHAF0Y64e6N@t zpE{okx&bKv^6lspT*544(hgd=3Cd`P*r9`Ao`m^XYuqb##=@6Ds7xMLdZzUqq1`jPN z*SM>IudfRx^oQ$I`L+!sgDnsqjCEl}V|TX6*;O;GqP0{lW|Kwg_q%;Y)6OHib5f7~ zDK^8Y>$pZ;Z1;$t>cR4F+e$Nr4eKJ!yu?x+BuO9lz1b7X+}IjV^3eKtu#$9$V`!2C z{`731uCI7BfiJw6m~11_WW+&IVf#h(`|r9;c^;^_{1fond772<3j_E>>44$q6Y#8w zggrq%;UCSB@oq&w6e$I&*gm8%0ys@tgRM=0i9*yR!3M!a3xvj_Y(Dyh9b{jylgo9P z(g#K@9yH^z-KIMY5_d)ci?)S%yH{>$r3Kne+1r%U0f$bXONj%ioK-g4!tUj;QxaX| z2P23mLGpq<353q&PrrN$yMMxZ`OtI%@QS2{dG3&*ZGRPAPJUMJ;_>VA58uPLdhBeD zN)0xD7xYJu_-L*7ZJ>N>3Dtvf7AW=&JO+*cYisEKHH#lCSyy;Qn~fr=^5cMWJ(v-7@{LCgB#EqWLX0gu)P9NQfR3DLv zMfae$%1ck#ytDO`fQ_74d>_CNQ> z6FhIvJ>` zxdUwc?AA(bXP;7w(skJ4;Ra^c%j#^n4eLD*lnO-!^eTKE>Dl?>^FX-WxADot{mLk{ zQ-`V-2zXxOx`pk&*MTG783S~|G;jFPK*O*!gQD4M?~}-OJ&rGHt-l;XDwyu+MrJZ5LAsaB_bsQUC-lV5c7pBn@c>3jvdWA&-x49l)YAlldb?y9SQPo`C@< zPW#$CBT|xD`@FQsuM{Yr*{-hy@6Ru|H`||Yz=78oLU1rbSQy7+fhS|&2afSe9d*wW zBBg6X^DYQn41J&qL~p;_cZcZ}-JQco191Hi6e0t7!a88WnFolu9buHXK)xEc z^Q4aB&@ICi{`X^Vs1zrM|aGTZJhdPkR?0H^(`wwA6O zhS%QjQpZP$YZ$OUf-cy8z-AzQlihZx(Cb0o{xEZgW}U`oZ)0T&wc|%zV-+WfW~~h! z$eFvP0X*Vw_&o`n9$#_&w@%}!3`067LP+)IQvw*gkrt2&Cx^lel74weP~b-{$#Bnp~u=U-$geT>sHy*o$sbeXVx& zr+VW7AAiV@R^GI?fBYShxhr`4^#d3IqP=9I?@xk6HI@LP4j*XI798OotJ3UflQ=KL zCRE#DQolVFJUpU>#wNSId@Q5P!qviY9VVcoyAoTO2 zdv~0Y&ue{pdinwc>wMK;c@r57y+#TCD&E<+rjK7TSG9WtgTEZT^n)FL-VX-xsZNR? z6_tkzb9qRXM(rmx$hd%&@SV5VPF0wp5z(!x_ZA3s!p4=}v^h)5~_fyT$fV^9tWibzxxg@-ZGI6;EfGJWo{2WQJIj z{(iiYka~|c&5C7Bk-JT^JK8#jy^-3i`s1=?Jj6pr&)=sex|TD&E{!4Yjc(Lv2AXkY zMd>hRY$b`ipwToIpyYyuG-eyHS*!5IB4Fy=@%jg^d!p+FOH^j+juP0ETod&IDWogH zl>Zj2yQeek4DQyV*$aQjqXnKkNq78VwKV>e&=G%cz&ZYsIt8y-JXe?P%pQ6YM6Z=} z5A&vf#>&>(s=($>*cWjJnrxro)rTFkd^@aP?>#ubr z(M3AXGOI;fVn8%Q*ziV0nl;u5$sY@93yYsHIJ63;HuTHPJZx`9eIdhYH(4V^aq=st z+%l=~Y6rX2ndY6RM-s{JOApZa^=hZebkajl3{hb@Fs6+^$kuBWCuAm!=3m1HjV6X_ z6sKJ5gn#jYy@h7MAH4$5X(tW4z8dA|CAs2T3wY2^-m;cE*Zoa{_T$0H{_dm^Vb-pJ zNBsnMB>$E2gWpd^pyO7$sXEKBizSEa$_mIl=Dfk}SAkIUchsA9l$zc&gAvR5Laa%2 zpMOiwAZ05$ql#5U*z^$fS=V-I>SB-Rs_~WLoX~e-RoOXvtv-g*<*?t^$_*6o)YrPrcH zU3J2 zqlc&c8#Ve`qkhSMp+((*^k_OK>c#ok7*tUVX1M-HK9R?TdwF?Te&C1rG#F_ncRS%M zG$imOr0jEV;1UsR5j}H(C=7Uv{9DQ3uPh(M`pW=4y>DS5xty1SBLpNG$}1?89IJ$@ zxLMc-4>xwWEwmSo;6Bt^-JARDvE}u*Arm5Y&Sitla}yBR(j(3(Uy3vvuQ6W57{I$d z1U#4fJsaq&kLO^<*;cgeA!%U$>YFGjSBjqu~M6D z!C=7ql3L4kZx{;?4|ql+s0O;D?osXU-w9!Nca0K`XT`HqAMEgzHe146&;Lc!Sw}Vb zw_%(PkxohJF6od7h=7zL64D{4bT^|B>6Au7kS^&M-6`F$(LFl1_u+TW`v*rn)U)rl zJFfe4-Oo|qBU0fGfyo)Tblm7RT|Yk`PFW|AtxhL#jlrh(qcXlw1j`%vm7}4i-cL z_rWd+N8GyVYHI5X`+ojgTWmb~)l@(h!a!RsB7Y85WSRLFpI8F4>pgxoT* zv9XaeoDu)wmuQ=!5+x)S`uEbHDb&>TRl+Pg9CfV90~U%wPK`oIa}2 z;h}Ny^WIa>F8EKSlAbJo-kvtd-K3pnt;kOG5U~NqkFq(jA5vUF*(E(%r-iC^FtNrD z(tSn;{1FRi3J2_~?^k27_{B5kX7l&g?WsAns{>$qD^d;ixzA0@Jk!wQW`v|(FSGal z2@|pDgO-_mDv5~`mDcWy#m8+?g1MG%M6W>v_h#5V@$O>BhPKGC)pf3|e}7V(UpNb~ zMEpZo;1wGDg+CMRWj0Irv6byGyw7LFzZLPfVuNmrDM4hO-*Be6%Fs{H&fVwpI}Y#* zb)USF>^_-}hU$C4uD+4}gVbb#P{s&$@S?6YxdJM!mT-AQo{y|alrOH`9%5gPZu%x&y`T`1^SqfKLyQ*JYtCT`W7;~bIivW{Y2ywqE~o_79T z`D0Sfup#p2T)1QWMQU^R>5l+PBlFJG?@o!wh$qX#iX1CFBxDIKepT7_D@he^_rF@q z&kSyUgylIFo-tFrJo|Ux%Cd+;mNM+*n)FexusUsWTIDvCc~pz2b&A^G*v<#J}qVy-3V~E}5}?xVgqH_yT`H z{DqaJ;GphZN@a@6&GbO*-B)tOhM^<<@{gW!m$;*O!01CK`YOXj=5y2cC5-R4N$1h5 zGVdU#j%yyGH6>kvfOl1fJa#0eZASQ^_4t~KO*^`Oqx25kk^4B)Uj=*}Ab%b|R?A^Z zHO7A*(4WsdfI~CKxEpOKm`_2*T>w5RvxmsO1b$-W15C{$vgNG@@NK;c^t<3` z1mxN7sIa!obz{T+%H7E>qyA8CaJ_lfFow|Z)QD#R40 zeKu)Ux%`R^%|zb-nt~}%C+D`d;tN^2z&g*yI=~hQsOi@-q=rMA|Q>2y;E_dnjHUYX)Ja zR9x>9&mwm$rEjkjPL7BLBm_~rzt`1?E`QmD291NP2#kCmTmj&qX1en;+Uxj=ov4PB z_-t&h^Li-@)wziY!N)7@?hWW*^4~$<0mvpIIr!mTaH%&o7!O7`DEiQZB zfxkb18?@Bf(NQospxoYik^hZC4|-HX)|Z4d`WmgWqG8c8Pk?fhwWC;c#uwN$I@uFwEf zRaN!pkbN)^n{|xO3?D>ri(EI~;QqQ6LJb+H4gRP#-L`AT#60n>)V^WY_~gVqM*s9X zrXA_-Sg3FsH4ciG<#79On^7>)<0I~=KMxrs?FEDukKLqNahvJ42hC$X7#PE8B6!P& z%eoLp6oB~a9}b`b-hW=0D32H1_~0zi@HN4V4uBYFTWG_|48lY1_}WEQ?_?0`)~nr@ zIXQn{jiV%CFuQv@%ROZ)uq{2trl$D|hc%-t;|C02dyahn0%m-Dui2(dhEWJ@WF7eB zP2GW=*F-jSTl30AG2elT0Yfm1RZYn%uE%fXOH=c7*&JTcjv09DNvi)r^!yib$rc{B z4G4Aiz&3|HO`BQAbI^sn8fIxx*pBtVFY6|`6zIs&IE%hg$7c6>gXUO%12fOEHFwUz z=-Zq5-!6tQs?norLhumdzp{U*-L_<_1=fEB8UJLL7*A-8GE?y5s*MCh=HRh-gQ(d{ z2#aDQ&c3akc>9=;+2Dw?onPwus@1;!N4@(%6$Is3>b)kL%|jey_Gkp(-*d}9B~|o{ zfr$J4#pGIbNt%LdI9nP+FkSVSV?X6AO4uTrxyxrC0)=eFYRiXDW#2{aLr~m34kf-kU{V{qNTw zezR|H$jeSLT3gyS^d>bo|AcftJM(z5H`zNDni)yi{Nl}hjUV3%Id+}@Nl|$z6Y-~f z>+x(y(ufGZr&JZ&)OsTdP;Tk5QWJxHd$gxbPQ%|EBS;aPHo%m(FarGy97R0wu~Ce} zcV6U7=VO$Cabxm*w(Glt;JbesyNz(!UKaW9hY1IK+wG8d4}t4{uz_(gyW{AO1Hw*R zw?0UX$P?H<3Au^M@Ub9=e~8h3!_%ggG5}osmhiWE(`n8pd>;k0LTUZZ*vVD>Z#Jt7 zi*@7o?TCYN(Rj`#$TVAg#i=yMlkbFgwCs+rOcM79{zbNlCM~V*y&#urc!-$dnA2C? z2@u;RuMY97a0t*Y|4O@w>T&lC>;0W#m&86&q=2J>+FnsN4j(%GrER@ITIwI{~nkps2Bv6~w5os3W znRK&(2kHjcDQ8oF4WKe#c^Rn)IOqQ>+{NUl9suV(!+%g{?Pw|7AE>!3&o3w#sO@N|J9l=dUcLQR^v8ltbFe&L3ysJik^r5QRwL39R~w>pBeiF{hF8>pK!Juk<+nar}u^qK=qGFrUC}| z77bm@-y{SP<+m%G5WJZKxZCv$*L~hU9G)Ww`wEfm<%Z1w1r=I8stzO*#$Mg~D9_Wa zP8niBbyEuqj56D@-JkSNhS}NJPLk|>@W!O?Xrm?ecpr;M@r#Xw%B_urlO0kGXdOUM z5!$zKK77UDEO&Y#HWGxDNvEaj^b4xJN?C>x`b63s&P~1;7HUB3kMp;-Hn%1Z{lkZZ zM>6=s!c=_ihpKMyRo=N$o!8L~r9;n8Bn6?&Jq|E=RigC-g2~29O4w43dY^oZOf^ffv&gKZc(F@Nk6|U>d7Fy>jSzu)^fB%oMqFjVG1O69C?#^5mNC{ws~%`H{WIg z(;p0jI*-wa_PIl!L(Ee!c{=e>SxVp#C0wsw@c!7+o6|hnqg&7DDP01+h?Do|xVh1N z;m%A;QOSXs6zQl6&aWFMoie+5?32X#tf^fMJ?>eK@J5BxRhAUV~H?)#eEE1(v(P@BjqgRg2PR6|7$;5(&3fG~ALoOV!Pes79S3X#%P>xHo=f%n)_`?t1NSvjO!doDR`Q zTwo-y!FHIMdcEa(_P&*^il`QUtVq^#Oq>`&EE{EpT1O}B-(F9+xaNRIVHNqen`G)t z+U3Op#?;P9ltHM3i|l9q&sEQV>D~*4VWn|9QYV66Dn>N&ve}>lFHl7`>fPeT3_G6Y z>yMu}cS*Gz(hC#IF0j@){OHxdl#9X)xXj^`UkF}1viXr|9k&!Z+%%F=$W(ll88nkK z7id3dzsB+NTw!D|LHwKzFn=*WMDRgLqxU5h=nvJrLATAAuqfBDrVR`2^G3ADINDbN z46IAJWsKghX1OjaZyCjG@;#pz%`0xWHXRWzpNe?M7*a-PA}geSo+kHv>NUsh@1!Wr zzg7{r`y=l12kVoHgS;#9*o#tB{YB-5bJT@!=@gP1InW?BhYUNI1 z+MG>!RdffA!Nz{QjNDh*d{Twkth9_AVgeqX%JNg^oxnk(K{MbRvsYhkGMlnEe!4;; zkr&938UK!>Q+Dls3H8V|r4f9N$Y!%$k__*eXFw=zU(hk`Ys0(j_lu4vdkwhlHDkVRVeBs! z3Ujy`l!!@=`Ok!f4GQMP8Ch&K+#X4JdzvL$>IxM=#8h)?mM zwyrh@ARN28nE50(b^%lf=#T>k1~^F#4?kADXY+Xyyd}c2Sai>@Rr!b4s79A+RTYsg$0m*2=|-EtPJm_iG%$ zk^=KoHc=MeT$vGX;N`!3r7E)0UahBG;`#Ac<5{8e`}om8c@3mJeO|47IE zn^N7qIy;Gn0+`YJ>JH_{gD6lOzdeb0iC_V2@2CcdIKuVP$r%$s*SH>>g(TU%_CKv} zG!;)5y|#o+L${ikokUp^n$+3t5r3_#P|5sU0N^hDw2q} z7E5LRx5ui>$8?sm-^4ZO?2GMZ3F~>)R4mlqJ^Q~JiVshJs9=iG?0Zd|z%CTV?)|4- zpi{9yEZE72cJ&xFrKijKbTZ#^6cr7(#-6!2aqU?vOFjK}o!AK~K!?!M!zuN2Djmer z401tu8!(0Y#*E3s=dU=DE^(%$#}}d4J;{mRWAR7B*%<9%cs`ry-jYk|xYO-%s}cV9 z!zFW_vM_bD-6or|u>`^|C|)*G$pJ={Z=XlAA`)&#scZhgl7jksDe`2yI$y^JkxHZx zPvkn{lh3H?l_oW?2mVx68X@pGF#a~VjEa6$hV{mjVbj_pBh}jgKkba?CASqaKd&j2 zIByx-M(xkcd%;hHafhbT3Y1G70Vd?b_j{zfpZ~^O@U)Fs?palOaz*&1U_uJZt+a_# zlJqh)=E6+9Vv{T!TWRKrB{i(L*#^UvzpN9}(BMn|Q`u$fiCEB1`ZfOy8E%sWQntjm zTpS`moufZ-+z15e^LsQ?IK87+3HV}8!hm@kaf8j*Nx7vHE!;t9B-Jk9d=G7z8q?6E zoYVfjn4%3!z|~xsQ4H76m9ZOEdvYtzW2}FP36F}{{URD)D|ae1Z@qw6wJBy`DsB;6 z3^PqYXAb`wH|@cBf-sRD!WL-BKF^M0e=k!fuL8;KUEk zMJimk;AI(q-V~_x&@xxvb>hx$_wO>Cw{~~F*t_4VRQ6E`0;Oq@MR#4DHY>(9DI=E*$xhZcT$nByE~9f(tlIZV zLh*+@4|@v>DxkT)Ex~~bqg0x#`1oAMU*%Z6A>>clIH}+@$I3onGA@a2cftg)5!%Nw z+t$c`PF!?UDk`e(lM@_Z69GPAzQ8gMM z{1QU_O_bSeh)QUju}Q<>X!FT$$Q>7AO+zMN@wf^5k@d7zm*IT)Ay?bV^k8f`kgFTF z)!Rr*t~Ec5Hp&IfAYhoUx^^Z8@O*{H5082?a9vYaB$SWS(UW#`0U5#QStETy6so0` zXTaL5#|WlV-yk|?%1-ON%^>< zM-7k0D54}KmemjS4Z$E0PiSrB6Y`XAK7wjAH!9&fG{oz)W>-69%-pPP^%eyGKtD!U z2y!uN79hhCpVmCyotu5{ZKXEW^e-V8xQkzU|3gXP`CJ28#7f^28YQTcCrE_ft(}yN z!QDNZ;A(E)_WK}6vmI~rUE_%6JHxXs{;oHGXoU&?mLEu@43?N9lWtg3zEdUD-D;No z{N8s!lzPNXFkv~D^&j<%z9${J)iL+J1LIvX24;ks= zUD2qq@vZ5#8W5EtJ!En#z1K}MO(1%5XNS+JoE!I z7*Y2$pS64L&KK@g1pe;F-WyoA=pAY-wmyW1KG;RtN)-NOo;I!DCIInagjO}s< zBrw(x@25;u^A_9}nkG1dHIc`bMWDruHGUd?PRkz|1blUBOoBC(6#u$owna< zbnyr2__#9!!(?e!4AZyjtW4Goksdedh(P>#ZcA$g{SsgU2(&W770G{zl~FYf;$Y{h z05srrZ6GT9Hz8vx4M>1`SpZpb2QE&>0W4)>t?`Gu<`qXs1q$`fzc3{G0~o#O7YF5< z5)-BgvoMhydej^AsMuZ+YKufOBX32TQC(-QN0*lL=^W{GA-Ij=3Un@jIClmIY$a2) z94^&3Zl!&gSX#>e@$@MHbmfkr+YitVIoWAr=4);fTQ&#^3brf(x<6;)3krwKz0Z2j z&y(u}4bxTM%Z|lS37Q(qOWcJfx4em0c|~*9PEOU=q0;`TLRPtXdFZcRF=Nnrv@;pF z?P6B~Mlb>mT)ram(9k+_GauR!wGrLFt8%P(9YD$4sFWqZr1p%bK2geG+(zLpo^0le zjuxum8=Hj|Ou(AtI9Dt$;BE)nh%ErP28O1MR&nTwd<5i}08gYfZ}E`MBplr&)!=td zUdTT*>L@JBk&JNT+d0MYsinxiET1QjASF?Ry~(P}knMLt=)vTy$;@zS6Bq+vCxY=t zUp{K9*YGob=&n`PWRlhBfxL<}o*c(LzMzSV&C^FCbGlt49dIEN6Dy&>Qb9u@7BmJr zny%%eIzLMG96>Es;F(Ny_C6H0Z{lm+IOwqWAomJ}BBG+OU3EdSy0o!xF}XuX`Pr=&vueZ|T!yg}Jn!nSGmQoXmx?S2JbLYG^*U;>Lm&6q~7yf9=a=DCrU2RXFHN2i}QIS_dggSoV`t zkc{R8J0jiY%+j3^Ho_qb^0o~WPM7K$(z~oP+1@9$!KUW#8|DK(2PQSk#aLVR#{NMr zuzjYc{77Wjm4;V8FaJX6bqH}g@BdkVKM;~^3rNQMwg;jMG(+xN`_P{H4d%`0Z)otB zGlctZ&e->b(lZKP@x3z*laNk7&l!eK?<|%-~N#NeL`V8ob>cV3bXZt1a@N*8aJ zMMe164_;eNTp$=OP*6=e%WsyTF1Vn|S)OXIyAm|}a&Zx^lm#`LmhmvPuxxo9KgW6i zO%qNpP17Hg)STL()OVW7v{hO(#cw;|zI5JCc+jffOxh5Hg`I#*F!znE?dLJv3`?eq zh=p{=GRp^VEn+0WHJQQ3`KQjM#XtLd)4x8e{0;dYehwTI#q0POBtWV&sp}Fh)ZAstUsLkE=@%tQ z;DQuKK-<@!Rw!?WgSn{H>J0XnteT;V-wsM|x3eO|KW3BB{E>0VShE$ANI*KZvU$y1 zJ-_GnNi&Y8WLw;DzSJmgEd~Jc4G_Kc?JZK5yB=BwOV~U{++Mt7qY|c~XVg2`oi-S< zue;hNziZHcYozX$uu<7I9(TbaHY8nWy(i5=;rcX)e>dDYyEpyHx=Sx%NHjgDEf^Sr zBCYR**i_VmrwA;Kw;uIbuSZHHokdz_ zii6Jr-=8!#){q0KWrIdQqBcv(LGrvcbe>-V@i0OgzALHUH6IQK!5ykTY9No#<@O`@ zkvVQJo`qo7stm~faGaR=_+YZHJD`6@c-I<{l;3{{x7tC5A;3Gx<=Ro>C|C}XaBk~9 z=S1inxl&%b&x9C95 zL_`|9CQLlMGmmdW+6Fg8V{3^C8l9i*8_4dgtl+;PH(Y=K6rd16VS2ImQT#Zg1|GPb z6@3Lhk@whHS46P@xOhpQ>r+T)#lz$kRPARQMHsD*KzYL{smERsuWtV{Zk^KhX8hmDMAtV&h@PY~-|#*>HB`?eGvK2CV3e>G57YQy(542FS@~`mvXX!tCbm zVZMcxfUz1@uxQuyyTXqg0hjWlZ+1KEEhx+akQg!oiE9(-tMkc|3GNEbKDYv1>_0LB z$uGR>GH?u(al&d!3X1k0+xHwD=I&18@3)qm77umn5vCb8_uK2M$aEw*@*xNunYuXy zFHkX#I2)D0%f3Fhg7?n0QoM3M3m#k4qZ?Z{4iqJC^Z*r(7b$!YzsXOibeVsl`a2jF zBSmqHXsln4oK)|6xe6f!-%^6Z3$G3*+i$MfLE#bLJ-H08(}C+%#HRh)X^bDOew|&{ z`8iX|h63dp@FZ~4`<)Z}Acl;46Etio@_WG#hpU~i82ffg&SfHV^pngEj=hMWgt8zR1l;HxcsdC-d=FzLh*v|GQ@Y`KJ?glQ; z2Rf+(YudMOH}GUZPHKRn?&y7pKo?Lv_?}J+Elu`P@QB9C5FMk_7cCc2_U)~!5C%Lv zyoR-wnvu5>FwC)+=*UyR2)25&a&f&?J8KHGdMTNi3U6`QX~DF7(n#s&tV^zAt-yl= zZ}QOFWb7K&f1mPsp-NLaS;dX{A+sbuQ zcE=rJ3>>ri@PMSG5wk-hIcb^H=;KF1y(?|zHGQu6L4mG>6^e45mvmAm17m&!V>0U) z_XjkqkK06G_K3^FnX|WJ1G-#8RdrF+=F`XgLCMzhi8E zQ~lXvD1F5re8%sGes+cjFu;)MUE&!cfWKM~bRO%qM>K;YM69)8&c-cRkgHXY|DjZ! z3i&R59!q*8Co3Q?@pVA%tssHqLPFO&N!i_CUnF*AWu?DrlS?`kt~fjx2CqQ&RKV_? zM?0f4n@_gfTd*~3my27t-BenMg$+sz+|ivo%HaPbP%L11-l@XL)q@soCh3LY^bj2j zj$tLiu2NjvK2t8-j2TMNT5)#pi^h;}i=ZFxxWqo~r>{XTXZS6OBv=mhC$V}jE+zCJ z-ibfE-_}>c)v5<;v0mEAc#sZ@#E=!PIZMPDSCuO_ZkArzw^ez&UoUAD1}0n|hB<_4mT2;kvdxy>*q3Ieuv` z${2foZiFv{ZC+6)3|bM`DnPy}NNc2_99xO5xQzH^*!spXkWf}PYHf&$;V@df|{IvcC8v3vA)3)>g_T0HIVJx7Yf!>w*4V zth5_4u%cwa1fM3GsrUHEz*Y6j@y*~2)pMRI+73iPxt(J<{B51GXf%!EOIV=2Xe-9vuN2dfHB8Aax0!$hnd*@(0a$ojy=lgoKjs@1oP-Gnxep{@B1ZT z&BVDN`B$A^Pl-DwpTdP=m+`yy?Bh~%<~0u7B@^bA?`0iOlg}h4lkd?lR}lyZ%|JhE zThU5+i;~G#9}c9jjybn=`5UONdTgIR4Lv5qJ85lf7FEhCPB(2;{{2DEe#<o zQ7ifs&K<6}C-C6#`u-m*XAHzr7@d?-T=j0xwnscsW@K4u(lpp-XJ>}+8l;TO?l%gJ zFf9FqwExvDZtAD*n4rtnDO1cnJ@$k<8EoO)u%ka>b?Tgf_vRbl#1Mt=yVjKEKUw54 z3lES@vS{Dh;PT(D;kRi5N3fW~%vO$o({bc1@Gh{io96sg8^0&eACu)={a;RnxZ}d{ zoFv!33j~w_$#z^ff8(_bE9}2iyneFe;JbrNA|E9usfA8HL;Lk3N*-{tH6yb{-$(~J zZDcrhG;XgcY-g${l;C=77Rp3{?#Hvu7B4f!j~cAjbyn{p`ccYn52hP-ll4FTdZ}^T zQ&^6mRTn?fHMozbgdN(qJq03H=dB{W?C7)lRZmJ8pBu%KIxz^YJ#v1?VSe8@?2bV< zEQ#C7VU97(%+8Jgm||dG95G?FO7I~f(?(3nr#jy z_2WGQ`}HWo%Z`00B~bV2y>N8E>na{YpY6Mmr~AmKQf^1>#Yx=oHTiwV8*&D86kx+g zQGuUG@_--k-@f;Xv;j3nCqDN-uO3!Ce7dk6(}NLd zOSF&d`I8&TQ$If$mQtJ}w3WpC{!1qw<2qW%RoiO!s9`e-N{M#) ze$Uue}EjMa&EuXow zmj2?ZQ1EvMDl&xkL{P#WE33BKD0{am5_tY~BpR*w%)@H=_2?%alw{T4s0U8TB2sR1 z)*&NLmYzyq9WTbj76#C-PG}UYVUoPeli3(v1?hct>^#}EU@Ax%>3qbvjJA#3`c-&No|(f%E+j+ zz6&y-Tpq86f$oO5E6psi?7bfLPq>dCFb}eqW2`Ig=r6}czrh>6Ofb>^$euZz4l+xOeRP1nY@x=#B#l7wS^O8Y~HPp`o9! zN_oPr5Bhb*(X~`ixuL_+Dsu6!H&G3xSj3B(xoGT!ylP}ryhYzZu`#>m2C{;^>1uzK zyF)5uK6V9;{GfCew8bHJFpp#LRNK<+80z7gJg+Vw5gKsR%&%nnD3ErM6vaZ5mj3>$ z=HaJPxOSSblp=x=PSt0%@OK@JGTEG)t*#Z*$(5ct?~pbyj{e*x+*Pp=rBa*Z6Muv*sL~@zaOdpB_90Ebmt8UtKWF-Dc$Yq}PoU zRZmpk$~tM!Pmv#>?Q`!c-Jpb7KVP{PYK=3lF_v{ws_S_IPjsm?WnagH;li}|+;->w zz#;`TwEq2mGbs;kO7i(xqBlTD^mH7}(2NLmXwFFCXKYlyobe3y9lodFx{#u=}!?6mxX zJ`{r_8O9$_u4QM0o@Jre=@o2^U+7Yw;g21vLS_q7#aM ztpC|dmq!vleE=awZ;@Z0S*fpZnwa|0i>-P|6;P^~PdN@9x|^-GJ)pdpDL0A&y31!V zpeo{7p9}jT&xE~jpd%dvoxU#xZxE|$XqXSg_s}up;mzHhPhLY;eaK_%=lmo18c_OZ zeaVvfjYHMa#bBZ7c0Im?(*FAP5OfW@1p^ZOZTz#dv+Lga@}8NpMThm9ZJ>S34%r+^ zHoaPT`Pj+YEc|^Ywgh-Uwzm8;DsB4+eD<7;+h-0JPnLjYVUS#C?xg#T4{TxI0X9;< zCc&N^Tq5HvBKq=z%<^hXPKALh7HG}h-ya<#QH}13b=Lkc$8@KCED?|r3wwM-tIcpW z2ifO}Z`<+3mLqQ(B?=+z!0yPlhr6lw&Z7Gssl`fAwwq4pM@r4K&ii}XI-AAlMLP(( z*s7b9+u_Q`31C^8>vb2QFBK(ZgGqWnC9g^V;xBdFh;4kcAXe$RC|dfdmc;w=pyM{I zIo;xge;9)&8N)RU)bX`Y2765M_DiWzEeVhe%(q7kfwJJ`qu8<9bSVii)>ynK?gvXD z6@Cvi4TsTE@a|rARLrqaKH$~UaM^VHxLfj3Gl`9QW$Rfj@}Ok!TuCl2c)_q4DBR*u z9-CC%{^W5?oa5GGKcD+zjddXJbF=MT`<%o3;0QuLoGVZzL1Bgu6Tzou3JI$vpMBeg z2OtyHuilGh`Q3iyWhS3Io241Pl^81gP4e)#-C}!% zZ4^EtsRix!FI9#ZDq0SX%#*y?b7Wd4mcO}QsG#Xk>s3(MeEp|7gM#*B?0IH`8cHGP zlj5KE9X%p}(FGgBa|70%3*F7d^(CDd(SMbKtj9eQaudq(80~s!S_g%y7c(jkbE@lh zB&)z45?VT%8=rME_91==%DwuNv8f_ZEUuCh8y;Og(WZM(Sfz6W4YI6R5KB8RVNXom-(%UWB`>9&3L)Dtn(-uAa zB))w_6g9Bom5;Qw(1z$%V&ekXC$dp=ezB3q=4H~RXXkRYN3(3UP>)x=PDM?HATY|R8{y-S9Ydq5^D@ceySlxjkeN@n*wdQV)l|B zV&S04kb4cNx`EBqXz?Jtm56_TwcQxJXe2dRO5!oC6l9Z+pLLB$uon0D zWiee5Ful8UPD;EG_I&_Hq6^AtHWD9v^V&J+lu1mSc~op6r~~6jnl}6gF~T3gg7tbIJ7(Np?n&$Tn?UqJa0j*F@XO{J{du={tF1%^VOf{YOMGliIMsFdAXk?&;5&v zf<;PZO)PJmZ04KDy{``Qg5`7veo$ufoNK<-t#!iGF8dVHI4@zt8Dma)Jm~NQ$7?8> z&-4rPvma95VJR=o4Hm4;RC17u{WABbXQgsX6W=jH(-aFtol z6QJ*WdS`WIK6|wMc(@c>H*u%hmDSnvY6i;b?hjb+2)u%BTCCsT2H!+il-99TYVmx< zkPfm(9saG7Y;w3D(k}sA>|u|(2nAFUpJXjYr0lW$QR=_2*kI_Hu~rs9C7`*iT86^3MW5tds9hP)8#t{f)}9b} zq}ect6=_mez0-N`YH+IDepFt8aWNnrNQ*PBx6E%L^h1T zHPD+O_ylca^*v^w%u|~!Sj)vH9Q3ETt~`>VykU!$R^iRGbCh&(EAgC@>o&iCZ-96l zMc&+m?Ni&vqg!@2RaB#zON`IZ=m#Hm+v{#6#}pm4N>4e5u7 zioLWVuxvB#`vO^cF&|(Mp8h^Tw~sl)xrvnGl_!43b30ly;hx<6 z$1??6Vs~p;Vy(P}iW*S0@P5&E`-}a*19?x^fAqX!^Va{7rxvgD;R05dci~gE`J&E5 zp)X9Qp=^w%JpaS@mZiSjJ^2i~3w>;((Bx?0qji$x5|wA%sbc=8Iky~}QNQriy`~Ve zRq0;|#MQy)4`4PrZzK%>@=EgHE&AVqvCjCSgT>%E$;gsD+(K)ElgrU{p9nF1{)X>d zJFjjZVPpF7+h2hw|Mb5rNKi}gUM^)V?Ew2NvOoBe-XTZXtAX~$p}dTAAeJ1KAiRr*>1QANux~UGsUllsr4gRu8`{WO+v%z=^NHOVJ20@ z<-K|#IR_7FXVbwCAndR`G2KK*Es)1J^IB&LB73`gPQ;MNBUI$umTG`JlEHK1L#BEd z0yK|7jjYp|;|M((rL5Z_-L(pd2jL69RpJ*7cu= z7q|wvDC?$vru6Be_MC$k)Fkpn=6o(OVaN1CM)6f-iHR&rhB>K6xBbg^hro>t@1iq5 zt0f3=hU7YjRmn6Rz&U`s0X|hW!C0WH$TS#}g1Hn$ zyTb<9#TuRQB+P*x%4-sHC}{ZGq0x7GORFnbcoa?9_)n9u4Zgjm-m|Qi-jCtrEfFf! zYr;LNwm;*2tDiei2KHubYSehMOl96fvt%jee;9I0TYQX@s|>WY-3N}Y!uykKoDc$8WIyq!H}%4jdS zK0Kxx5@KY}f2%p?s?R(xBH5Z%dV#95eM7 zl75@7k)0E3gpS1%;aGSYiTa1mMX!aQ3XzCoJu^wwc%s@g?3#n8JoxfrD_l6mD29k$ zS#UW;%g%xS&_>j7r{Ke6a<|OX#-Q>~p%!iyqXh@qy=3gsr;Y zOh6T}?&d@@+@lp!UTis2*Z>jBVvHJI&_w3F#U5oNnIyOak93PU?t6!|0x}aS<4yqG&O!<7I zw(b%C{0WhQq`Gs7b{P>IZ?bH#XymS0;m{fI%%(rbfFRGI&ld8xhiL#u}Hd2B}nbI z8JDyyL`pnB`k4f$8@_O9LJC~T|7K7tt4A;gJ>MssV()jPvW^Qwtco*z;tR)U13tU% z9Y>xqk?8kQ-T@PW8vHOsHd+Fov*C_hywlh?lJp`6$v+#40Hvi>5Ilf(HGw0zy+eK_ zf6B?BZN{Y!#iPX6(zC|gFqE_W{YQPN@k_pLrKI9aesU>?)8KxuxY!YqDt^ze4%xmi zjbW~=dYrFpqFs>TIMD$WhL#TuSNn>jk zFD|_J_6sWk*|xEnRQ3BCb_(2@nwkbgLAtH)*J6W{U=wTs5fO!!^q0Zbq`gmMzXs+pB83H&ut|Tl?0C- zeJb=mWB37!5B|+!M%T1@%Ixdrm$8%n>@!|xPjQ(7wM)ZRnhBRhZh2fJ2z&MO%h`K8 z5Qd`a7}F0Ir$*f)Ew9z4M!(1IItS@cs%O0m(=*p?stY#D7qygHXsQ!vyK30LRae}RZI zAdo6q-}+EYleqx5OX+V65nWW%r2E^N>3Hcc>!ke));kHl zW6Os0HKjNx;i<>4E?$3Lt>nB}q@s@&`A5VU)_AVut*eGzaIc{LKPN`>QvTC~-g1Nt zT@M{YnS`56QR7q11ks3=`Sp|9>*VE$EVESAY6?jMQVgjc@mOkY-^k(knx4QCc254D zDBqmoChew>&@T2#?Dor{zsWmn-v8t2tiz&efHkh7q9`Ir*CHw1T`JNgAYIbkoeLrz zE8UGWEZrfwbV%pY-OU2K_xRoC-oJQ=g~Oh6=FH4H?{AQ$431WuEF}-`CKC-YY5B$t zN?=8^QehH3-ztfWnVc|verbwI`Hi!;zG97#Cg)7o$(orf{~bsAvfN)_;s#4wfH=HVxFP|65<7XZ!&)l1q`!)Uuu zjE(tw#I!s;|8Sr9aGDrO(Nm#&5Dx5>Q^x)IyCn~Dt@yLQG;!d~&&m!u{#icwL*6xt zl8U;xhQRU~Wja>M4ygiatde}}xwsbx-;Mr_&%m7l3C~#YH+_=O1?o{zZQt4nWW#Y* z6O%Vnd1+^|)Pn<$Y!3t25h=eD0x8ZJK+Qc8LqYfGG+&XGzxq4u~FNcnnSI*{50fahk#?2A;TFLbL+42f#fxv`5GF| zCijqJ#m-ui>zg1tHeTM~nU=Lp_a!U6B9I&_6VrD<@&i;Z3g7E%RMvfl5Dg2nv)m|t zg|SKj^x45uGXbC+ebNg-PE41`=1VE?DlAWvx})bm^pVk2Z|XiK#~EO&k?WTRz`1peh`rN@oZwI1T=_Ea9e?9;u4h+bh8F&H zdD1M)`%Ku%l;G+#=k6&ZWqh->gKX8{e9P@0fwiGS43j^*Q@2X!1vPc(wz9MaZ_v?8 z;*6v&iSNI@!3dHbli(Wz`J79-n#I)(NVZZSY@zrxwWoA;|#z~pCl-6v$$!% zM_LAa+i&`w(4%`o#F@7$R)I+nU=Hx2#uH*rk4QPZe7Lt7?jOZSdW5s%Z1L&85OA&3 zG3P#vVJJO5sW090&e8DOQst*1nod#ttJO(DmWJl>2IkYv)~jEwV|e0(VDrqt>JqWb zoNjCi;(@D@g<|16FsQ{s+r^J{)Xm5#_~#AEHdyra_ulWZZ3gfAI^l$9MCC`#7W|?V zc?)_j7F5Z>lL{pi{OLb3-8j(P^kuCbSL`$6sr#|hl28;AzgY=iEB?}K9Qj?nqe6xD zc-`u^KaB%eVm2%HUnn6q?@Oqs3SshpX}9rvMbt~gNgX`7K~98oA@6&F+Xyj|KC8W- zn-?hF?wdd1Q{5aUj!kP;ISM_K6^@n8EmbrO!0ovNeL$ye?R9i3kY_anT}p0Cb_?zT z8h9)ChSY+GN9T>Rl%(hY56I>+eh06s!Rat_Z1(CC=`5iAQ7OU(!uFs_p!>NPPfsp2Q%q6? zNh3j^*tkv@zvPOv+F{uJ&=f=IZ{ik9d)okab|qw`9Z(z!Mgch@?OBUnxGnG)-kb8a z298f86jK>@2AoBjbU{40l+M!{;xh?K2Voya=$fT@DcREZ^Ul*c8jEB&^iyGI;hFu8 z82oF`rmB)fAY=tB0#BCK(9?zAndrD?IO_v56EnB(T=V&!%nT$fprx}wT; ztBHY$I-U%t0cpO2F|lan&e&9*)jGkW&PZPP-v?Tsa5Z}GHJQq>Sfiey*Lu#&jT&{< z^#9~o!{g-w7ojI889lVf8T&(1?t*iDQPVhu)>@_{t?$cMescGoRAchUDF;AyU0tjm z>HgP?T{voa<>chFB^DXT;n$~}siPT?+_=^LLV(Mi{E+)a&3tZ(mdfL|5*u%W@l%;e zE|{0Bs>vVRW@hUf-dgY0=#&|@1oMndn+^W*RmOrk*w~HwHtv7^&8-Hd7NKJwX)}mX zjZ3LA;b33=LL$;juH-4WKs#Au!usRe&rpS2ijRXVRPF;=hCzpGR8tOGM{(O4m*+od z!Q8VnrBjC|DQLUTMA0#b5XUVvXzma3Sws$9@wM}{ovBu-_n{6Ap<{Nq zZzHE926Xn#e$2ipuwp71h52N<&zwrbv28Ga*7TV9xh;yqG1P zRAcT_2>N{q+r)@A`P$BhLrA#Tu|Bgf*SR|6_^QYK?u9DHot@&y!LWtT#hs%&Jc5z{ z{Pu%}Ur;~dp|I9YABvAgx5OB*bHh&ibu!@)1!{{QJEur*PRDX)sh`=!H!w8Iyt+ghc#y6 z@(%AjsQobxkAIfzY~g%o-i)XGbksfR7bn?6y-IWGMH*1s@(QDluWwVy;n{MM<|>^B z8)0~+KPzZrj^628j5$kB@3C&dW@#kmBi=AGH>k?U{D+2Six*A5J*Mv!LPfr74$c6o1xjOmAQ_mypiFb~c9OiwP(v|@&6>}{xC zhd`9}VN`eZ3Wm=T&GiD)8{5L|^E|)tt+ww7r0O+@R%|swXJ584gjt%f@Iu&QeF(Xr zbW%y`1@C$z9TjX;mM;tqbieSiG#G@i7ay-W3pvI{RzQ_8j7&nUd=?AM8M!g~!z`X^ zW&d$GwQh0G#2RMnC=6wdbi<;Re4uV(z^eDHBDZMxl{FD|^({H#!4;Ex9-2(kz4|@3g5^<{HykjG3sH zsWX9uEp;G5B?x$yeD=+|`MT!k14zxle&OI>FM#Ze9|-C|Lif>j2StC?z5nD~DM2j? zBBE1`e~wQp!nX)ClcG!FqQ0kXn*!)iGqq9%y8b>g($ zB5PN_fBR@G0GIJ{z*K5NhwC9)LkO$?KK;S_yCn8&$lt59{Lh%7~qA+@@au&qMDO|FFtRayqI@O~u`qJz1THopkrU`3v(gAAJ9)rFhtHYG?? zIeQ&z5SH;2a{pod!E}tUDr&TUEqmED^qI|Y$?pmFdja2{1xj^Zw6h1dL{r~M-_ALp zEzv#(tydO9BW;&%`DA8n+9*?lGHsURO8xqKA)Pa(U$4bIPbT!NzoceryjPbSs1*U& zwEX#PC!CVCLd<$^zMwD>@;KB+6LjBa)`v_-Y{rDMa?$AnbYZm&ww$IpwTSZqlgvUz z(1$kHxJDnVUiPv@M~WNXMsNi3#0&?Ddk+HyJR^!w{+BHE{zoDhy%gy2b9 z9AT2w^}Vi)03I8O1?#kB5=Xus$a!KC@7N=R(q%87c8^w(ox2PY*ePTEq9yAwOm2Z zHWf?#PTj4AC2;n=wt+c?i_C1)wiSAnCF&A+Du#l?BvXN}K&*jprAjyQ0MT_Q8|CKD zae>Oc3Ayb1z(2+~IEHd+sak{G$_|m3KYA$iG)gN2<{Ip5Gr#1H)ZdU6yz}6lnxpa$ zoDrgG_~O^c_brasUDl?!?UZ? zy5szAb8Ye~EI|FIs6G_*2R0sUNAni`o=16fzLXa_m)AeV{K!&C6CsvqtVTdsSNGM{g*?utWS z;4SfI+;_}0tx)Ns^{?9pd3+C&7V;r85^5Aop|eCLALBY71(_r!CLIs8#pI&Cc=gpD ziEayTrude0oSHRV31PEFME2QlJ^2;0iU#Lntf53!YUZ%II#aW}n40D3!vwuCnEo1n z?lP4+E@NC!DA?id#(Yco%X=5ypX^igO>_!vx$R9A%!l%Ln45*Zdr1s?}$tZ;f?Med@BS^HuF)4 z;C=?P;*Yf%R`_Dq9>>28Ljc?J(nv%_z$y3kPLUF0Zaieubtl227EAi&ad829qI>y! z$J;b@fl#p;y=lS?2_}B{kq$@WIp$R^*GW@N(mJ>CLoqT2e5v4$$Md0LsqJ#x);xkb zIdhmmIN#NquAZf=1KIClO{9Ox_=~(}6k7*!%GhEloMU!pDKTwBB^vksK=sX?i4Wyq z`(dJRhyXnMWmqOZ0n;;Blzt|7X3VlJ>KGUCG1yPD6m}UhX`{p}GQy8f8uRO*h(D1{ z0@jUa>uPB*G*kcnU*zS=y;*pq5^J-Ay7g{tgMz7|00nbY6o|&CT93mUAQjmc@0d-SFW7*9QY)nVh7*6e&ZDgZn-ie_`5mo0R zt)z|}Zh#W6j}Z)Gj*wN7iImFjR3}vrp8k8OWYVsg4nhp2g4rtu-DcRX=|Zqq<$%QC~>ij*(0Y^Tg9 zrd)MaV2j#c@bUU`y z1@o-Dj0Z%nzH#(R=z^5|BN%uN}g4{FAv(Mf06I@0y zO8R2{*bK;8Eg#$uKc1T5kZ+i8Ch*y|z%hZ*F~F_lu}EE)(GpcOB6v6H7@24!bR?I? znA$@6VM!^NV&$I}4hZ59_2q_IENU!B%HVyLgKtbNm{3w*Au}%cGzn0I4mAi7DB#~( z27a&{GYAPLh5H_oD+b@Z2Wm*sAtZPpE_vs(X6Wy%-REDkcRtek$#apf9;M4wTR-TO z%{{W>hn3bnX$yQTRa4VPl5mhc<3?ABjf>o6Nqa3klR&k5w?*7I264mSzQy+J|Lalb z|yYLxbk>}jL z&lG_{vYkM zqY+b|5(X0GVY!Ym52Ro7=JZ=?c4=_J&*cdN5Z-9?A$rBVPNg?a%qSaH{T>G1IiJd2 zp$3i9o5UC}DDeQ^7ZIR+;rY}VVeE}*RYO>etc&WMmnU84&E4ra)%o^om=lX!3`%+Y z6MA;*zC|p6<(A5rP(3P@zS74X^Y()x?(M>5+?dt5o|U*GQC5A|1b2@|f=Q{K7Ksvv zdV;a&0LLqu+>ZTfye^5cXcdDWr9;)dY8Mj;3jC1So4QcSfUCpQFjMzqM?RzV5X~xy zvdk2{u-X@jW{olww@MM1rD)T#8_6(t{-O1NNZphejhEb6+PV3}9v9n`!t4AZ&#Q_L z5j%n&;l}c%;pdW@zPy#$W*P9)9QcTwYkArApUhr2LharD>(8pzCL}60=GWh2?(!o$ z-M8qkn61uqSIfef&y?=c2M(azypkAXou!562ofHJn2($)b~&9*msG7ffCoJ>@w6?qiSb#-4JQ zjvE#t76gc`{=2jXKa-Y32x|>~@u@SMeIek;Aot5<2eqJqw^xvjI$p+l08dVgp}cz2 zsQtIF+EJNja@mab(f-sy^iakVBg5n{4bjh^VnOet8|Frv6x<4aD){lG5%JY~5(T>A za|scBj*qs)tlP!@bFx%4wf+sK-)@=q=NMC6HJ+4&!XI|V*7A3+5OJ09q(u+KjgMDN zOxhyQ^iil2aj3#il2O@5v`GmlFY zhTFx+d~RI%VJ3($>!+{GdU>`*%ChIdh}7x$JDJ^`0_&5j;!CqA&+OViFt+4a)JErY zt(m5VTjPz>w?$q2V68Xj9SLWx64^YB!H4S|4YhT*)P|`WXap>?36VTYk*K6f+IF-* zJ&kFWuiHuGmh~B~d{9$o5if&iUhjOYRWz3hAk*SkFzn|EGV#WGF@~t(ft4&P>A6=C zTJKUaMo}l;X@2cb&i4wpC=#V~pZ486DUOz%h06U}EI}s%k^i;0OlKM3&YKZlFUXZd zT$JxD429A4;+A&>$Tp;H6na`_TQR;0z8~ACDD>R zH>t@D@XI9<+l*Ofp^bB3z`!=mw+C@D-mq3$nC(_`s`gVT^ z!EJY?c4_n3M?soRqWAnmttSjjnPGIC4Y>}ul^DWX)aEaeLZ?5i_hNePl&f}i;m7c| zp>47<{z;tZvKJn*z!Cov$SaNqQammH%RQtddvk_`6<<=c#>D~+ zdMXLie`5haIXF#<02eA~UIRJ30*x3dbHP=Xow&>ugh2J7S@oYd?4UG*M3!!yfUYDM z<0NXV)z~&B9df0(RipLRb3uC@jf8c(y7({BiR4+QGf!BR$H$7mLd)OkO`pheXFqPe zx^MD+;>tG3SX6$$w7)Ff+G*rJ3Qy{jgYMAf@_pz1oXVkK?fUj@1@VUEWa^1BZnh|z zI<>OLEB3_hCp)iB&UCLa0ySg8-M_1+@jCq|OnUag>fDa1DMyYsoUm#=S}I=wY}@tn z8_(LC+xXj+rM?|8H5duGx{biL8v9^Z=@ zGgcCV0;Sfc%ozEleW$c}E0%9^l30<+G`7q?Z625~o!;m0#5EN1qA8g-{Up$r^^Sco zc2!-dL^O=&Rjv_Ga*s}!qCT=>#hUiP=9#*!*(8Z9+O$2Q{2FB7?PUGy^1 zdKJvlAWj2*DD^i*-mGyyL%pWb%eOZ`yC7*wqT1hl`=$}R(E+9yP@ifdn;wXKsl*XZ78J$4SAlQt*u z5TP>}QMBdkFp?J|4r47s|6mrZNzXg&;A`W38~HK^c1f^FZFf}a#9u)9%G%^o@~?)H z)ix{{3{$E2fM32*zn3`_@iWXr-0WR}o#kShW9%6QWw5a|@59WLYn9_)#LOyqoNHh5 z`7M_H(^2yP|7;EtVY`sdTrN>;vp{&4C%>qyaPYXY0?WUntr(Js`j=!y*d|N_&Ovoc2+-kBQIeKBWo|Y3(qY!6)Yrp1Iuo!BsvlRvX;xt9YFc93t$i zE-ikSg3e#qJ+Bmq-F%Yh8Qb^CUAbby_`~+M;Qor*4=e$PFJ8?Uie(IH=D|DIRc z!$5`XD1K922?%oDj-r(Q-T`dzqXqEJ2syo`uImbmR`GJ211vcRe8AQK{@>M2C#=A zkZcNV@AAjJT+wu-S?gVEVuDa)2aeQ8Ffqm0y0)$E8^rYDmfd0~+ys3rM(F-TK{BI0 zOJ#fC)NMjqjDS5kVAbR&sG-{Ef)nVwz55tTH!lKB(z^BMS1+)Is@TB^QA~CljWpoY zcKqcJ=?L*2Pa$>zHAymZx4qlgmIM_X3TzTemf9PVo^xYD-et7ATTmJMaeb`AJe`pw z%s|y7Knv^=!S6>pDF5I)$<0rdLT+Ns!G$5*>gyx?h=F ze#xe$0Oy?J9$Z?~&zSUg~>>wVaAifL9nU#!XP2 zp(FOj1ZabipsA$F{WlLNLg9-Z^1+d9VS+;|pu%8)&qqjK&~kZT3JPDKT1X=kwfu~@ zyH7cHQ3Z>;uieZZ8$Dr!y)tnl+4*g4#5ug`;2IpK6Wi<&w z8y$IR_QfygQPH`vsmZnt2W{Z(_s~m85gMT#U28*mB1uo>%)qm))eh+X@jcx~Kd zK&k$EQZBVmZL=Xh^$C_;)7XuztXJL7dTQ66zzUx_WM@86U}sL4+NhH1`-Jt?`%(jU zBDY`puH^cqQPAo5$lay#m9ObpHTtQphqa=GaYX(pt>bgAF-{jID4wRW<36W&hbU^8 zLNx3Wce7rwL>h(Q4fJT+cn144vPtsP+bkDE*3LXr<9~($OGQ|kw#%kmJS;_zXKK1d zpi2loHYVwG8mC_=x42D8N&pQ4XCmC5+RQGYXKgW$a>FQ&Q{p3giuY^cgdPE@6J9(N zr(XK zW%_h=YWfJ@R*o;}SZW&Asc$mxo3*o>x)Bm$Z{`&$mKK}ue+_)6>AQQNqlvyZkCs3onGOl7x70f?c95(PnytOFK&&9`3)TxL$l%+FDR7CeBn81rj#0!DdL}|-M2o?xWjbT5U;^#2;r2@S!Cvhr{Uc)ND;x5S zfmy-zy9!qvebQJbuGOp2Q;*-lQS)KxR$Piijf)=1e5Z=kbf`f|n*iyD`oLACEu?0h z@29d*_nkrR*!kwIQ63Jhw%IjboHQ%4hnm_`i)pM}BXf>r#7#89Kc%Ho1-9#nBV1!c zN8->5_atfFawk26ianyZtq{n{h0S0#e z!w4JobD@`5hvy<~Bx10Wzu=1%4xfE{6_myk?rqq=!7|%n#CFB)`_Fd>n<?XaE z)xr{SVJGP`v5&&hU+2b;>!t4GkzTM35UpF)ePZl$67DG*t1>8SUYtBHbYjl9O#`Xh zeQYf8hdCJC+AWwCoeoTp5=cqF;mol6Cq)M6ZB&u#AwnNca7Hi58gE&+w;_*Dw;GgO z6Pymh2`BEiPvGY5*A6}VE>5XR35fC+Wjn{?qiZg$=+(idUg;^pJ80CX$Ep>*`nGB7 zIqw@^3ozJfolSX~Pn7J^QRl^B^iDa?3qA62W4{Z)h^rKjQp-2uU>elNh%og{Sj+B- zEg(d3JI40Zrw%r$l3Z*Sq#UQsJtq%9nAj63K;2wzA`b@NMXR&0@#D8Ji4edL@2|N~ zJ|1q9NlLTuD_FTNF!Wh7O`@(HvG%(}S7J)3(U1|L16r;(7uP$qYfcb1V!C^O-hCBC z$j%^{q*$Bn^ev+9Ktd!&>)eB76J%od?e*2^WS#$v1?j{UFF3&{{}>=QhkER2!xw(T zu_7eME$s5+LxL0Fb>8gdyfQN_`6$!mQ;JhEV|$}ryXxEP25$1}UGFeH!8e(`t9>8t z*LC(_TIHbvn05P+pGXpGb0N+MHhklNwoAi|P$O+8ZEm#tB*$SLt}_n`7nzU|(^5H{ z5~byt$rvL0OGd!g(ycZ}RTp%808tHeBp%VH3i&FQ{=v1b*C7tQA`7Bn^DQ_ST zEo9HFXg`DiCEo)X0!$>z@cho*ash~8?@q_g77|!{FC}(UW`M#lQ}$sN=%cK2_K-Z< zF}#u>N~D}`xgz;(SU7s6i8S`g%$vjCztp z3bKK{glnxaFDF|rX2(R;pXeR6br!o&S1ZQR2RmS7`GkJG;Yj|b|89l=bIAm3x+p}F z@?x}oD>OTZz4brkYy50xS}%rfM@u^PfMiZOtp8)5JA)gMj{YUfhyo+OSuPhp3;LO(Bljukhts9Ao(3czSVAoSs0H8gz1l(zX;CkCesu2**1Pbt z!NCyp&6vTSQ_o`WijiB)MSK2CBX*fF{iHpe;acJS>pg+_cD$0g*ut$l*t6co(0ldE z4f5OR0Ptf!W?B`OHXK-_Ip#pN(m^$^z8SDFjDB8!%#>F z{F03Jw#5mA_6%{8y^-ymPdkdbX*p;7Bt7YTDHj!1&fo=e(avKU*-MGsb{E}UZ;o$Y z@TNXv?kL~M%~(fb1r|y;arAgnuB57b0heCgVHsgVN!V2+>e(_ZD&f7}aS|igOAcjw z?$&z&Cg!u%dsvjiC-pgV8lskYd+2v>rd{+)73`mafGGD7sC=vh1_)-T{f8?h#oP|R zEDMeX0a9TPFm(~kz0d@NI!_T;^>ylhQSYM_pj8WbW!i1-fA~~tx7N{EX9lQ|SOLJL z{7|;nPR>sZ-q#W%upP2#2VSY%I79iZZ>$yj$OT!Q((%pQ{8_3$NL!(Oc8_u0Ux$`Lm~)D# zaqU|4lOs9+cd`9Z_i;o%B=yT z+MzXgz2gQ)b><9E#c-g)#ex-fc0H8Q#yK}ekO)Z@)VtYF{mj1BWT7eB{V+zB;`@(L z8)q0szwR;nd1$n#VtFG)93|A5Oc9v5zY=jF?+g@2^k^Gp=lZ|wbLs!?o$ckZ3e>%f zUi{jX+jOz>DSSvR4jpy-2Vc-cD#FVni3PIB{fmjVcaF{@J5H*5Kr4TKoA4FlP3S4I zi_Rl~&Frf2dHDyDCovpD=gY=c{#l))d+l$!DlSyM7CA>d+YpxhgsN zsk?bb{FWbWdY8HD+R#eWhFq;*^g%9VZS0J0J_3sO9fzb-s!!4}<=o>ihsro?_Pc8s z30-aGU0NDZ$&d7$`tFo`aljzrphilzQRL0ZNK*|N=|6at0rKc^k$6ov<*?4;36jh; zjGxZovja9D#7mRDyV5W5cT0HXyR1Vsl;A=C63nl6n4(|Xc>7U?8Pi?qzP#c7w+033 zwD$Ew^deCk_Y^d;$(5sb12R0FbW|iLj~hkZSvHQ1Y7K?edVfn+H`=06o>2c?>y13?P(o-G0v#pnN3|NFJTv%N(o5-9$maV=kE zs0}yAP;QLCTLoz41U>)7@x*_6AX11js#q%|8Hmn?KW|q35-Okb{U^nkx&_4IVkAHO z>WB@?i@>oj!ex!@q)0XF3zK2_&DO;(wUV7RA*}q_mscWuhkb0dJY#KQ}j-?qu;=V$t@C#+3Q8b>--0%IkwYC-ic_Z zy0$qH3y1a4t6l%fza|hvmFJ~Q_ZGotNi4m#M=r5KLvA&B#S=LjV39M zkD(?c_-q}n6ZbYu@~K<+sYI&K%fcheA>XCa^Bqs6tRsObr9 zTS?cMjO%HV#VBR>vu`eSkBLq?8u@os*D0`ltE8*#t=O3Yv$fQ20!0&=x_FL~Xe-nOy&V3+PB%weW|u?RHcMhV;k2(5 z#Zo}T?BN~H!=oCZ?JH&C3yXz{q1h>&rf3hGKec^U%%(e@=%PVcCSVS z_3x@#FwW!Unb^HPNx>Nl_WZ|sSku+UQtZY_e{P29RLI^b;LeAfx?{ZB^z+imJ*$_A zu}*tLe6EbLP|?y$Z5>9REM=Yu`)(NXMaCfhmH??-q|~e|ki98Zmu)Ljmi+60{8Vp` zyWcC+Wx0>JnDe%zNunpwQ$lPzrb|vFb(4U(ExiY1-ZuH1nQxRb{5zh!kwiAF^y0usop6<98jg|Z z?7Y0Zj}P&&VldnD_;8i)Ah9?aD=tztX)=!TEvVhqxu?v zq3i}wRH1+?x8i!Y064feLKU`TJVK{mj)ho{sfEZ1kIVK|R8;tmX3Y$y2I2u!)jI(F zfltPX5szifoOKuw+s7N)PB=WWEomgqm_S3DF07Ll)rHS*Wg<;7gV-Q<5gD*rFS{WQ z6w5v7&(yARX9vvD&nS#wBf5ZVFa6i(pTs>|<=a7PhMzz6M(DrmgtY3|)6ci!@-3}G z%K*zVU8XZ7fQO2Lk;BKR3WiIZ93p3Ow;+NUUI+`mD*)`jgvo0N7?)eC>L3nRn~b6_ z$}g0}jeG=-&#v83nlT0ciyYGD>yy6Qt?{_{U;1tU4J3qDMTriZ+{0uGD*+g`)M zwoX>Kpm$@|)4ds^M=MFCCEaG0jOGs~a%XC!tgu22vUK<%w?xEoi9F(hXss@=C~R(h zkGxB{kmTmHjke_SHUQA(7t^K(OzwSg!A92K3{=A<;B(TI7L%81Kp)r4W8yFSnYye4=-<}?$V4yMqs&dSW zK`!aTKSpEgTps6Rpq!62f)9pX`T(dtRvZWt5^@msQWd6|eu$T>v5N z>Azh$04fC?fS(*n;2Ta%grEEk2V=0_?Ix~-wYOmaj2sgDU(M9&X;sNy7bAEpdG9hK z3DUh3YJK6+PQ9v`52P8(_0V59Yp!%P=(lGgw~{z7^%eN@tX%eAf7y4|n8oh<7+w1& zfHM;%)N)5=2g@lE_p}9;m;WQ2b*Q&pVQ%mhgfY`+DIa3>6AW;24m#}77p&X>aGYW7 zx|QjLqd({seRw#WY`~nY7+}9$o871V4TC>ZC?1RN;lv3dxJ4sC2F>Uu>>HLYuI# zesS_CW8Knp0QKd*y#W8QD?V{E48H|e_`pUw)jtKNg~9uYKhzc73Ijg*(|^d%J=LY) ziTXuf^sQ|Ise_*;vWaVn;MJvnM%_EnoA(bVS=G|x^hMIg2eeKAYG}QbKm=5f=Kk-F z4YF#xav2&PE=t{qt2DR7*7NBftZ>|vS@b!+cDPG-^SHxLktBC`x{S!5Sr^~V3>JGM zLO7Vf(gP5FDlE=b8rGoDPP6tK8uXZD5{>#bd+$UyXRTPY7b3Lhj|$YCzh*Z9ycT*r zREqj~qgh%I#Ahw`W&rNn#g?#3K&IyKv4(o&=jb{_7~iaI#Y2OgGk_I2tX^rdKb>J( zmafBHr(E=)sa$u`T7TEk{dD>U5#xzEq+gYDVVt8X(6!dgOXEAIJ<`2J-;hXWy== z@vUrG+!x>A7?Muzkj1gj9pn}=XVksm39oDBb~#TD-QopFy*>r@0#dhw%9|O~{mkh< zES;o?FHOdLmADL1kEm=wWdmmu)O$|WVdp)%(ckrs;OX^VZQCB?Lv?XE)f+)v(d&dk z`w;-iH_(3b0*Q#tRMHRJNZ8;Yw9ydPSvjp}a6mpy1TiVJKxa)0p!^4YGOUmPkq}P* zW_q#%7a~VAi|MwhLzjHLApr6VlmFORG|Eqe+MDskBjK^_Mn~=_I_#6V5xUY;Nd`J3 zSIF3N7J<8K3OodVm#azX%9;C)5l47y=Q9eC_;k(L7FFxrcnfXE#a5aZBYu}`oo?h0 zH=HJDHw)B{X#uA}z2zRX%53K?+;%l=w=M>D8EKN6jeT zAy%fZlOFJT_k&Qh9=;}Jg;2dDP_+efJ9NfN!IEtIGGBxNWqLE;{I}@Z;kjU<6;2rZ zvy1h8i?OObZMTA8y@6C~Z%vp+H{vQ;iHy@bdYN=nhcYB!7758u`Q6k80+|6|tG;1R|8c z1P|?VGQUQG&#|gel4r=T*n?>-PxOLxc*;@rh~5QBmr_sThX>5+Mawc`mqD7u*L0 zx+9LI@j#ep;Gut!T^jbnZ@J`Uc5soz)8_@OX$U&b^$ArojV{!<>^eNuktMnEEmuo zW}|o+NS%~iRk`VJlCMw`8Kq?HCnK3KEB#9hCfz1nz|7OIJH2oM178vROH*zMrj}&K{d<2gGWR+Yz=FY28 zK`cp9UqXOTm0#FL!BfwJos=o_f~4Mb*b<;3>qGw0H<|R?UITc^hSmJk(+<%GPGEZk zks%}(BJ`yFBE!vaNepY<-vtZr!Qs2xRk(uHcQ~1BB1_LdN;qAHeT#G&Cq6zto1kE@ zE?`PN*Kd0cx}A-m6&2jS%-mG9pZMT9N@lTKr(9}}_D52R`iV~Y$LoHDsK!Qq;O~~+ z+0(x&G7t8gK(}S~=tmgY(>uf%?p@TRAnE2`Alm_Wq9Qan80MmHVDr!=}r zrLz)78mW&Ayk2=W>cx^@P;h$D=JOx465v$glEQ&ENcOZ?RxgUN{Qha(@$7iPlTNgA z-j09hG*X9I1NUj!`gvHoZthiyNrt{~i6iB6a*K2}TN z89%XziLd!F0gxx`0C-V)y7Ul$Y4bE4ukG`}w%kmvp2bu+3m?|8`+_zbfPYzVJNUER z=8PH12|ie8G7f9pR)B@X&_AuplVEK=U*Q;?-pV0NF$eH6Aa1>9{K`I+XYyw-sp{%N zZX>zoTzHbCXVm;9KgW6+=V-U+9bJ3KcA7U1zGH6?9S8OLg*7g6$Q4KrZpmxX0dVj%_ork>XeK(ki^TPDW=^LsPO&{O3*HC`zDr ziZBM8)V96V_z$MuzHY;}|7;YNGF1XV+WvFs0;d^QwAP%s`TC$k3`;cPwjh(m!W_4k zU!kQ1oAokoTaw3CWnk-7-m_ym&$^qyenRfq-hnJ2DiaVZt7|QXdc03e#e|2zc&z_S z>ECl)#iz!k-*gsSGQ3N9=Ijr%p&03b!=Yuw1((en_qr^y)0$6jwH%SxtKs zs&7>OpnL`XV6|bm%m!I;<=KJ|yRP?oVC26_RXZq-vIA+;>f1)pJU3te>-}tMwXJCW zZdia%uQe>@VY4yLs8}O{Az`LSPkp)mVZ4_QCMAGxUzYd>`TNN z#UMp%5Bg3+KrJXmp|;9ttP&K&N1T7xJ^GRm%Mh7SgHmLkt0iBnE$f*&6@CBE9`11o z2ceK~JH5^eDGgp}6twPjgLy4GB!2%fisW-G0yXa|QpY?^;#a($Lq;srpd?EE(7w%p zp8oLt0eo(h?6<#E2n<~!cPx;jM<^nFM}_#vc>zpG<@fHUmNa*t8XSQ)SHtmpl& zQA)n$;fs-U-${?GB~*WIVUuJscq|ZVo?qndp`zvAfPXH&JM)OTvPwfqAE4%VwzT7% zW_w=<@n4^DBj5m;=C^x>QGf*?Y(Wtmv64E!RV9I`gE16r9ae_Q#CJoZxvkDXdAD2w zclwsL9Sr2V)75ZOz|uL|zG-&)rz!YkCi5QmA6Kdt0KcmywgC6OFChym0Ob!Gh7WJ8IbfUD5&>x-pb@#b~ZY?Kb1r`C8}Tcr8{c877<42BhOKR zDheX~yHd-}`}Uq^6nHQ+&5pe^PW=$xcBHcR`ohebk-85CtMB-&`?1$@AdJ`gPo^GH zz3&k|5Qo%J{j3K4YdsD3xuCB6;nZ}YHMyzuXa+&KtGEis9*iL-{U}ABqw|K%IzhH- zZ~iyJ8*f{7TAb_=76ogE1J_7xrI>^|@|7fg-QL!7XDx zoCcd=csFyrt>iG_eL|hfE=cgzvfxP6deiyC6=p0a z8`}5h{M%_xlrP>sdW_*n4zNU$yzJD~({BW~zp1MWzHbdmDW;?RG0T8p zVfgU89921HDJL|iT@uEPKa>WSx9CwdbRa0SgO^)Rq; zw{`+Uwk_zj$woQ7cD-Xj5xLiA8JPlMmzvTMkFePEqK1YPd|i!R)LG$-N?15Nhn6Aj zC8G|0r4MN}Qc#};=b>+O;0#}$%lT&XU50ZwD+p&C;8J!@zFg3gzA013l7SuMZpHUEB*cgRzJ1% zNzzvg1A_*0s?;B^M@cSbmy|!l%nMA2#}vAtBhx7{$t@}Rp3gd=&71BC)Ssm2zpcGU zvhB=Q7LC`A=WbDMZlak8x;oyrUE{MxRC;;E-RMoEQE0_*qN`td?LtvIy;;ha=n{T; z&)h7oNcDT(V}Uxm znK@@^^q#lq{o$0|m!7S%F~o??H_Xc4%ON+5hDgD;_OAkv5du3<4_Ug8KdggCBs#_s z2RqPMmH@U{II)x6j4N(Ceh9f_TAAl!DY=mYJKpnmB>s>u!sXV8r{jpyqHB?bh*8C*=g`X+ zs=VQqW)^l$){J)A#hAWy(4Xf`)@B%=5b`47BP00dO*CmNJ7D+r=z)W*xmO3CGdCg| z>8hCo4w{w5Sc!>=^>;JGzw2y$!Kv>*36*n8T^|I!%e;|-KO-sADd;)BHCKgN+C{y zz^7@1l?0ollY%TFIx#U1*?75}N^M-qrTHvV^_W+pnt$6ay@25prGX7Mbrii!Bv~F= zgY*4LpalBxhI`Zc<|c>19>Gcp!C?d9so7vkZsWs;%LO|DoX&{Vb0>(h8Z=g=H=fOM z=3A=wg`4xif?vZ3C+jb6U0f>~>y0n8(R(7UKb^q##3pCaX(HWJdbMfA!gueK>EzZr zN+7rKNSQ z1f24EZ7`C1mZvyuvYeb)LfG9}dE=NhyZ*FEb`K729?VV-l}TbgY&6}eY0l2bMzkVc zFA@7-`u;=bs&FdwI%NucMbs4|wW?8S`xMet7imu2Q%Vy;$m7mANknvYjH3`GOY61A zdEahmm!pvQx!ukcy2~xRP$4-A{-Rm$Gxa+{6Or&za)#gvv2-c^dq{Y5|5AIz2z065 z@9y`*(UpAw?S3=ySpJm4*EAPf!l7aoKa?}NL|Lpb2?7E4x7qV`ippAaXDqGa%^N@9 zH0StZ#WZ5tO%2T^!zrY%LyO%xd0U%C!>sSb&!aB7=~*k8izRJ(jZn8(C!gNuo2KJ+d^LvnIxsU_U6jEoCS((f0!>~UPp3<_oG zw7VnlRNot5wQ?jlkRmWfHvYRh=sKl+F~yJ8r9)Lgb+&n>r0jTuUw^i<`&>=&Vs|#^ z;r^!du=!IX;tEH-;67mM4Al&(WGD?yHlaT-d9bT7yKtnpx)S$Ag#0)3jpHnf2m^^FS7nr&k#-QR}s#IY} zv}&k0d29G=x{u)TCxIDzyI=}=+?_4UcF99IWJW@KYA zXKp0NP*Y{<+{YXn4OZ)Z8a*YXEIzxfT+3fy>7H$tQirii+`KbRdRakyd-RW=)7OKP zwEBl7-Fse{pq_~rzd80_7ky~VOThiPXmO`C5{J>G63%oirh6*&P;}0~%DuHnLHMN+ zi7)28WjWMxW^@d-Wk0~W9$WbN^Id3fBWK^Nx7oVkpDX>n)v9p>^TKEGYT@ceXr{>> zAy~J(&D<6?zanH1aYhU`!Vx!%Cs6CZ85d)QCA&y|%f4-Fp8i$}iufnc2+aM(nTx*j znTQ`H3~~e4L0=KMZR1d|0Ct7E;YaH^kKRGNd!W1ny9~6e6YetMsvlErElQxodC}`V zdo}P95q+#PBUO9%j@nWSMlpNeq>j*PyyF`~v|I~~r!60Z+#oRjJn$UP9uAkL{0psk z^&m8fxG^H|DE$2?M3PXv`eCvXzxA1dgf1hVTNVpH6DC{ESrjzlys5=}R+u{Q16*fv z2&)jG!{%Lm(X4+&?s^YF#*w+G6w0lz?)1dC&aa1`P+cEmmOWrj%xqr`^DsbB5fY)- zfFxUN)prWuRt~_de5jH4TGFiVUImp09tRfo!Lo-4jYF0b=z*dt8uM=<=u`Z^1x-B_ zfhac@uy=T2ii!&%br7w#<7m3+qXkpVyJRQ|>-aB<(a*Sd?kYhHv%YS*X@bc( zvrA<#eCm;ll%=*f-22tIill7ID;B|%5c4C(_ld_O*Sl4m_>@E`MMbRfiV99Hp4Hl4 zUugMUmY?xW12zBcSM6_L$9x7pm*Z!Hjb~`zxkBu9NqtDj%bz*&e!_f_*Qvtz^r*GK z@_MHYGb%Y*M!Y!no2uGNgR8)8-nI1&#b0Td80F>V?$LX&rxL_ph0rJ?Ux1>vwz(b& z&JqK+W~oKo-``IiC580r0UC}J`6cGAUhw4fnsLz7?%ob{ z293BmQ>vH}GT<0dH&^L6Scl66>1@!{@#8){EgoS5J@e&YDzx&4KmP5e%@BF7Y}#IlDhlS&2@Uu2z4}WMf~kQ-V$V zim!;t%QGWiyS1;{C247z+kBr85Pd({slX3jE+L_vQuo`Glm*qj67!gh49e27(l69F z;8Tx`&B^x2X(Xw-_jV7^3NWB|1`owI?SuG-^^t`IGK_v^W7BqedS+U(h~bHaPe#hoO;llL#H-r0!Xee)X&@^^_13c- zW$bxHMVUoK{Zl?j&Z5gZ-i9T-$F9G@Xg3QoGfO12`|m$Ap=+M1p`j`BmEX^m$ln^3 z5QqmL8=II6kB@@^QO46auByGt&x;iVcHl=lIkh7Rii=YvN>2Jhs|1Fh_Z z6{e9*U^`N;KUBahSw9s>u=zWA&2UQhh}~vMDof0j(Ys|S(ev{Qa6J%IxVjb`ecb;$ z)S&e;FQy8|cQ@y!gwb1k+{iD~cXYcQ<(a=M<(;_!ZTFc<5r7tRbE~s|Dzia2tS^m_ zN_~{<*`iU|p!Fa%jyLC4;FZZp|=~cfzksXE-Yk3Lq`KWS5Ef$ ztjRk8f#e@|f=NkQ^;0(UeeBnApS*?L+-j(!>64O@&d!yf?&zWw{Ye9IZx^OZ2HU8D zTKrH-U0Vc+h=|=D*43(Qx1-*~h&biZJ|&S{buyJe3I6b1uCc(ulAn!l-n*?0lmU00DJuFO4x2X|>w3C90%FmoyRLesEwmWY%*xOGfB7%u( zZVB1c6r<|)*L1ZyarRlsptQFa47K=v;`mEC`-m1-@Fp|z1sJX*g8WLZY@*AC;51_J zlPI~LZ4xKq%9RQAs#YpZ6ewr9q(YXglFB(!g!w2)6D-V7B{%h-$%rHDpN+c)elMUE zLH?d!D}`zCoy~8_TWj*_56^EM7y2?MpQV20lv&;!1r3kCvh%y06~_7I%5@ouhH~vD z0Z;i!aYltmOma zAKB>nI?F(A9s+m&#+~i=m*oI!dg0gM(<@Qx*8*b*!;yAv2nvq5^=weO+~lvxJcQGr zC`*&V{o%C5&F_Ixwzyl3H!DOBp%2D-rGpAE#D2~;WRJnUL8`l%dMx)ZA{)AM8TP$$ z@1;Npk9d7OS)L->bih(9Yr$kDlg>TFQ$rSy*r;l6?4we1mzUv>^Cq~E=Pa%>-djJc zn8Cci2vW~I?9x&^m~QR^kGhX|?w|e3Vg%FY(F;n!>5@~!(Lu8UgwvfU*Le|lm+t#y z9Jk_1n@D2NoUuUC3vS+#EVeo4?`aR`7;r7YTW<6Wf7A|*U56(o`6=iiw4yiPH=xs< zd$GP3dzNN$Urf=@jvwqIU(KyZ{^~h#qe}f)6QB3*GHQ~Ma=59}s@}Hpt&9(jQPm8s4`dw&rnvs(GyvfbY;@7{(>$}qxcUsG-MZ7GuGj3rSI`e10 zxYu2ldS`cg)?_LLVR{Iy(z7u7@(HP4rE}sev8fVx=I$7R|LB9;)H(EqlrmI|AyR{P zGyN0^ho+5RC5Z8y>D z(q}S7=gn9d{bPvme=Kh1TJ}213f~EX2?}l6Z%Pzsll8_B->U&E5m~zt!IOQjtqm1j zOullk4VIw#OcG@LAsEN5+In2tJtp=TBI5mf)NGJ`++!d+hW7X5a4UDmPv?T>o&K-K z=4DJbC;UAF1EzCZilM|D|1IFIgPN|aq0^Dbu{qV~z_ZDs`!055S+>PK3Cq)AlA9jM zpAX;`0&Zj0)y~iyNsUBkTV?b_C3jRXb?(4#llj2cU`rY+KhKvwtS#RNBiRiX)0wPr z8*ZeuKCBC^69<33`;2$rIP>Gq6OZM$0$6<(Z!TQU#j!#Q4MrySKaK1)m@j!Qvy z`Vi^-Co|Kp;Pq?K$MN!HSm_*|{n{-%!)G-@Gbn}eCr{3K{-CyD%al&kRY92Ym1sP4D; z%({l1sY2lVo(SjTg$Z>=xZmZ1ob5A{(}^MyLC>*K+2&z@@$|P>#I^JCSLWrCEzGU3 zzY)(eGwct{C33uHWL&$B*UQeU(KuDtU5KWSre${?`yyTEl9^W%z+pC60`8GSz;0x* zc44Z1)wS4hYqAQ{NHQV=lD6;`7w^{>YI&Wett~S{JaP;DQaY-??H=-PCFg`$CPQv-8Pb2n&Z>>vNRX z1kFV}EOd#|Y~QcGVvq{;%o6kLq_!Qb&Hq%O#s+n2=k(%s`mIVTBUR*kWm-A?kt@5i z!^wDcMhQ7Kqc)FZ3mXgW$!D-t`_ZV5w|KavPP3ib)sDf#RDm2$C)D6(#K7XO zmY+X$)}jh*Z@zwEMKm-Wp`=1dEl8+eXBvo05~^IyKQ=X1_C33xi+)2PH7i4kBY1jp zO2BUZ&aI}VzRrT9EJx0y?{B1R3TLF#q1BO1`_&|qM!64}i3tg>V}dpL;gN@nSK;{) z&B|v2A^Yc}vynDN7$EBxu`$Fbv>h-H*3Fw?_i|re=4w#U^}bj>=V0 z5qH;Y0B)c!g)6!@HnzU$Tnz05J%Pi4KQjMW*)hkcXn-S&%|z_V*e7#fxkfUezaZi?-U`A}R}mpK^r96(Y> z8tgH>26(Za>&w-}RL4LJvaWLaXhJ^E_ceTc+6@!U$I-b{C(GQ-y0xLZNdYJ?NTsae zo$<9JgOQ4gim0)r+|Tz~{$jOFyDX(Q%S2zj_j(da#`dEd2X6PULc?8O6?}4{+m|F9 zt4JmBD>=F?w&%k{Q@2$GE5cr7Q_gT%(u!>SvPt0?X+#2sydcth}XG@)vhm`?$!+mL*@L$9Igo-q1DJ zn^{m0lF=$!@NXhBFT-bv&m%(>v60nH-%i1fzH8;JOLjT$w?1$AqGP}4~z{4STr3Sp7jnq#EXlf9zipBb23{u z=i6;DQaFSh->Eyq12{Rk?RNSIh3~eEz=x5cOnhOxqSKv&x?o=0U~%d#k?7 z?&DQByUB{H44DeoxYb;Jz)ivAUE}N2Sm#6doCXJ&pKGfrbqSmXf(~W_>Dd)wYKyMX zfEZ$RnEAFbkn~ALix|?-klH30v3;zv%ww|hoK}vY)5rV%XQ$EF*o4E{6x+i5nQ)k# z+@HO!RDbc?pJ#7(eJMiea^i!GV535HbCoxyXs4$|adj8_Mwh8xfR+1CuYo}_i~v3+ zg>!9tivgId8oS|VftaMNe=;TA_WKv#gh|wxtjoRH0?C_Bg@4|ww9w0^T!c?(XlP^; zIeqPnB$UAsVks#)k1Qc+-NnDl=1=_mDlkKQKKrQV0gaC5l)4A}-hJl(p`n8-bdm_T z_4J;L|JXj)&%z4+{5Y#ZHu_Bvf7+}TYkJ*j@IN*QHzb0A@j5K55DMX7Dk|b98~n{3 z3+Crh4>3ehN4f2cK01-r=GFbp1qEKPeZ?Q&3JA;y%;mqxiQ)m`eaS-6|LHck?o4lf zp;4AiW)D6#k{GSac;-_u2|MX?V6nUDBP{Yl?dt6{npu;QO%aS7IhY5)Tf5di;PD9@ z26g%Q`8n&*P&roYbTx1Jhs|T$98B3BA0p(xzlAVUM2lE`-L@BYus;f&hiH2xwUE>f zeYJ7&mjNz0t9U{%;OlE zD#=At4CDt3dJ1qwOT)GXKMbr_wC-{-dAnevj|w-KVt>3Jk4|ou7NEeTx=nrKs;RPJ z@F_{$c=Bf0nnc6nLmKW$Sw>P#q=_7N?SCjua=#XvKL^#89PY4L*Kh~ zoKkg;bDvyKAQqlSj8r(GGkrt!wk1^$!{0-0UM6Elv%b)UYTZL3J}97U;0gbEz?9$c zjJqLke@z=EHv&Oo$J_~2P(+~1vQ3#B4aVh2eREC}hH5;EC zY9b0q7S@7#^!nc3I-S4y5wzIwfFIe?3R{{pWT!I z4BN20dkG#UOs$Q@-)WOT^!)gC0-@Q6hHk8FYsHr>0HEVJ^>6r_RRz2_b+4dxvtI*P zjj#mexkSFtiM=0Qs@EP3CW`a5{1F#G`jUi(u3h4#4rjvA@;f7#$!5~1mzh%phmw{Z zDR;3kVs3+tx~1lv9GhT6YEK%)8%RP`wlnj;Q?2}``PMjEsut)65G!3%A!p{(nsEe$ z*YpD=zN-JnUQO3!^<2g%M$+n1q!^~}`MBZV`JXRtN4=uL>LnW)eP^$^tkW_lb+Mg^ z%&yBIz|L!J1bH)PMO>9tfH1F77l^8^guHa4w|jqkUB3$zK*e`{dxHlzJk`1J=7sO3 zB7^N`$+xuD8F*2sM#eRLrGG9~Jt)LSJomHw_fW;Aq;n#5k)-Pq1xc~a+3y@U|AA*_ zOBae7&VoHH$txLo?bw_a)6XDX`1_+lfl64H?mZ?zXd8R@=LmB5d-BoQIrBffzl9y* zq;TMDKxAUpX%vkpWtWzzb2zv|hKCb%goWUj*q!1DUma1+#XyYh&rOqX(IvjJQ=A4n zL(%_M+xXZXIv9L>S%!zEy2gTWG-}N$ltFEbA8c&)6$_H0j(&^l zI-7=vj}O=jNw-0=CxVU$Ax^F;b+Lo#sx+XK$*NH<(~moK_jemiM|BixJ5x~wz6KB` zvG%6G*wlEaD9e9uk8!~Rf#hAbtRsUFJ}8=yy962GWu3?pmN7cZ9vT^uHc`QKFqO^K zl41jmF%M5C6!k`#e|h1&?y z>h+EFzC^y1+%&J$s)gw#k#SV82qoLpf0{J};B$Iflx* zzj@_b{@e=_6@yf`C-9Qnt}{tXy}_Q3bf2^u*4ta$@JZ)hg$W5c6n$d=BrlhZO-&!G zvBtCpsKOLLGaYU#udF;d*@Y-+X$5I-i+J@=KkV)5WtMxm4Ez?7(b5tCAJ*vjuI4Q7 z@6s_{TE;xNUJ+co(eb6%?O9GmMeHzDki%wC!S+OvKag#trKJ;Cy%_=62El;N85ffJ zWZ31R6RLx0f4Y{`%ky(Ji|;lWfB*f8S~1+EA9S2$OTwLWUNMNmJ}leijd400`1wby zW@4!M7$^6OBh8~8;)jZnE~!DU7NbzhEF>-CwkC6V{4ilnBJAF`7|`}4VwD#_=h8cP z2V>K*#KW;(Q-Ru7iA+V>aN^!fJ#Qc1`&);HJ7l6HqC_?mH1y4ZZ0KU6;N=PfU^TVg z2&Y3u4jPPJ*IkmQ18G=G4W_?Qp2x|}6TP*Q0j}B>h_M_yxp=fVyst6R{BU1=AEyF} zVMvrAWHNeULiInikoO-L-;qU>fC>kB>LU_2Q?xP>%Rs>6%&DWJGd4Dc9W1e>sw8S7 zj{&~v5&jc`L`+h_pO328Xs-NnUyZ}qq@K~(PXmBW{a&uZkBS#>vEpIcC5}1PbJ83A zdPc9ey3-p_F%{MH9&w55m9K}}Nut?w9l{4{G!UNBGYk(UYH4tpACMGqwm(=wCTm0p z0}vxg8Tk%SsP%K&60eART%cDt7o@yPL1u$yXs75`GgO#t9&k<~qU37VZFVqZHCWB? zj3mOBj?+XsQtwe;kpt%PpZNj_ncLA*K&J6JTnK{aVN4PUaw{`aS}4G8@;;`4n!Sj| zGch&(XS+aRQ)hxJhKflU`Q@vQj+lf53g`j+F;b*|wo9fow-0~yCO#r8km=M<7qqvx zueJz|ILCO4`!))g!XsBZ`J6Ti)k*ir!`tro$_ThTd11+hcL{6&M+E==ZRH*x@37US zNanpHY$~5D4SqYCF4PPFhSadDsVOj=F&8{|LN*37OKX!DVq;$s4Mj|I`OKaUA*>x9Ezr^d^`$#+hY(D3WS#!Nmt) z$U^_QmOq8%0tIm_tF75GZ{Mz+HtV=3DJg~S)@nC6$F9=JA5V$tWz^T>ClV3@TK%ZM z34xbqj8;(#J;^%0Tjyz%k0@1=PZN@~v}7pDQ7{<3;{z&OJo(+(W_eW=p_KU^#z}hP zj4)nIpmwp9o~4yeM^=D?*=S~AUsbFXWHLmLA9Ozc;V|Z~s+}1C_iYh6E$%bsTAL=5*ebu#8uYcb zHCCsS&!%!|aF*0-E@B=CMdTLyf_}i$U=dn69{Ig}T@LR(f+x(njiL>>3UVZI8m81M ztX5t6jh+Z0LBxsX#h%F0{>;h_;}36eF8gNE`0pmy#K#h1Sr9Z`Q&Yp3AdpN9mh8=i zhR20g0HPzOs7L|Yub8*E%G%oP!>e>t(4}`UmJzUC+h~?1fQ9gM;^y^SwK)Y3lg4Lf zXKttS^D{;Uz_UhNR(ZGQm6?6TaR%zbT&X>u%VJ|7Xvw=rbAvk#Wl2QhG)8led(F}| zfiN8{oefUTN)-aI8jP;eN8LrWSbHFUz1NmxYir9GUQQ2){CH!^Zg6n%)1b(gT|7(@9YzszKi}rOLSIN@mm3@ecS2o!y|Jf~P zov)Nd2&#y!e_H4Ty&7L!Oj;~aT?X-ZgbuOWhu1^&?fMF))hI5{GAijl^?%MNAx}&C z${NFeyp~>usb}`7kG-PmANhTI6h2Ykn-(-ttel_sB)ib3qxLIuDdmpT5Z>J368Du) z^35Lv*f0_Nfs*qnLT)yx(i|BRYdyK&*Kme>Zx%O>PxBD_bXL!z%_$>F@5EeAHFls> zA^P`_{EPJTj~g96Trcr8J>Gd>Z?1*EK#7m>CJFg$a@s-{01Hv*(ajF^Z0zq3)z_uR z&4!iiLUA`MJiSBaXWEH0G_O`?!A24Zl}>t9X&DbZITo%}_FpXxm6#qBb(ycQ9X;ls zyUHpfk~^?8U(||ZOL};o)BU2dtSfb}&_DS`++qHsq>)CHd?r? z%I4qf1}qubL8op)cGbwjY9ZVlY&N9(^!IJn%_27%#b=6N;E9=D41Z3rV=}mP?6po3 ztBLwYF}b+^X#x?q@&ma#M$~pPa_P_Uhoj`JgVREU3Pv>SfoC4<6p7Dov5T-h2>Hnb zH>-CR?r$kd;F4=K_0lRaj3?v`wVu(Fy}Jh2vD1k}Ja;tRA9+)#D0>R72gf?5ey{7R zL0Kd^{+FHhwqFoqw8wWa`+>*tJ=7tz$<2>IgF&F&>YIMynM$@~qTX|Bovx|y{TwJR zG}|MIqtSDWrFl;f^S4j{qkJw?>&;M-LBaWs-3t1I}=LC7bU#DUSEFUbf8_91RB0$KrfBXjTrj$ zN>{cWSvKJn}&MW zkbE#-dpsvo{O>$7!otFu1}_A#QN-%bZIlIRNBKMH>d%^UgtT}iw?x(MoE`;)rDZBc zUDh;E(9{2=|0>CpT;at~;i`D7vJ9~*g<4H5(9(st0(s3lML%0gM3&Ac+ABwrAT}yV zu&`+XfyHp2cvn;*NFkLswOH`#Ns7)(;By${wcUD=XZ+vO``eQ$#4?L|!yRonnMljP zyvKPnK$A2fc(#an7eL7k45mKN)LkB|?o^-vwNV@y`H`3c9H0fE#9eO9LEY&iF>p1G z&SH1hF4bH|h&V46>;nrHuiZ|$H+u)4xXh@arDF)5ajvSW*eM`Zr}`^zZ;as;{H2PNsBdxspOR%wEc$Hno;%w&zW zh7_P{c$hVtnHb{BPI9t=cHIKSuQtOpk_cN{Mm;cEJ6g6{EQyZSgZhE9W|yDgbcU^8 zXsHq^NI_gT%Dz^OSUWgy99m!duq?V@RuyS>M`m_v*o`X9%nJO4<*ftwRCb=Z?^$k? zTlEnxy6Z@V%!-mYmgEqQM9RR8(Yi z*ug8jkHieH)fCPG8m-6U5c<*Dx(FV%+!lBO-j6J(eG!NiDPTO3F;m0$`tacju10P$ zega5Bdw;n@s6Gw#lVkPYz@NwV530wk3tJ1$g?4oG#@C#0;4*5IziVy~lMoy*!W8OS zxjy|{n7?r=a!n{1L7Ll;=?8=+vieJA6pXFn&R-SPC&Nqr`Bn7|Z2UJv84{U}1K zkkA~goXcx_^|NWdrVVgw*C+RvUl+>g1_dwc8?Q&3^h6GtZZTAu>ms9b%#f80II zT`lIcS;&RWYv=7FHM2VbNw3Hb10gB9OY16jVD^$vOplMTK) zODq$-9bve;Cie=6Zqz5?Rih2@m6!|UR@W+E{%8Rv=G>UaJ7~@DY4J zOc7i1ObLulFj(yF#^`5eW^74Ra^I~V5ZA=HC8wJ48`>qC{Aj{O5fDG@{{B2S62cG)hlC8LC-$N z=+f{nH>ptSOYf!1GNZ%4GePyzqtm9aLufMqOHaChF+B~j39XvZ>~7!%J_fjTf$9lx zSStcqCe3@FjW+xeFXCVU>O%)TCxKq_K&2KJaMz5@Joune!kU$>3#DYC>DmGBV^R5_CY>1J%xxo(1WR1eS4v`t*9!^NR-VG z`3@+%9q1blokazpC#HOKngC7c91mSKr4@YX-hLjY^|5V^g_RgiWdB$?{_Vv7It zO8xui2V9AE(P`vGS_tOz^K;L8h6q--mFLBOPwm)pZIk{q4H>C+mjl!7IjyL+7(Ym5H!|V+|svASFyS#b8 zIcd=^!rs%v*@j}wC=eBX-eP!*kUc2MHhN8GwOe~_*z6p;kX2*h`io~J3$vRn_Wp0k zdRApQlZPmqP*^J&BQ#o2ssQb#n6E$tNaES^39#bT(eRilvtopG=<8X9F1o_p9v!CX zq4vK-0w0T)r#B|$JO*eAqyP2SO^m{%H-8w1WV6D(<8DOE`?2XnouasDOc)lpT5cAn zqL}{t3)4n;@+YIMv$iT&E4-TdwE}P&_`&EGqCHqQ{N|krwu;N#?%z zT8($L%i(E?rAULk92NiNLH5u3FS|l=MTJ)?CsGPo^KqP;S)QKF+ zJ&ORl-Rl%Tptg(VaT3JQ#@mi~NlnTdI(+%uGoeDpXhls8>Bu{K-kC53m{_g5X|LY8 zU(T;$J$0KNs**IW)51o{a*$W!ZwSu1IZK9CsLZ3&&bWNUqTU^g@%BfRqbG`=XyEk@}&R+3x@=scW&l zVp%)r%g^}wZ4QFZrzwB%qnE+t`^t#vQr5I=!DFv)y^=lbYg&O5EIZI(Htu`XLyPYj z;Lja6cf#jTS>gg`^Z4l8!J`Po32EcQROa2WQN+-~LJI?=UR+9w4Yc?xO+e5% z&tw80qwh=LPn?`=5L1zRjaU|eM!QO&2=z!`uL2M>)Z%v?g1B-4bey`8Zr#LE!{~gj z<<+m2LUm^!-qM#q@O? zE7h%Qnu67L_~xG}u>xO_bcNsumWO8W`pSPVt#pfwXb>a#5pfst%D}b>6T$QecMp*h%y9*4JOWPW9MU z(bUo^inYAOB)#ZZMeZE2nZJteBtu@xt|&e|$ms_(8?LMB4yPi`^EDvf!~m!8ln z5DXsU(D6C0z34WM`a<36Z)fz#V`=9VuBfrpcQqoR-cPE0q>R+x`qlCXkS7-N>1h73#qP#%u$Eb` zrqvR1ANUw!f#;Z3dY7l{%*-@Pi?b|yoh0g=_UuBUQewNI54%l|)S;dbf|C4Zb{dHq z=Owewv5k9O_1ebT$y9t(J7DPCF0$2JuPb=WEiWt8ghB0DZ*V`_gx*OORv)7X&sC;` z!{pcSR6)q~QEMZub3R?AOI;gFECau`(U)NJ@7ovX!CoSx25(w#tcvGhXGEEGr#z(B zUHio0^si3sXO<^ltKZ>p)ueO0{fku4Tv}R6z~{*eK5z!&G-~qXgKty|d2Qt&Z#p*y*|rfZ!f;xznw6Sh(2}E3G}5o&GMZ zZlch%uM6ujC-B&H!E`N~k(qV!vi|+^X}W<=J}P+vmwVayGjKJZWwD?rd*!>fs-`x0 zzm~bRWoB7HNM$8A``B%l4)9bCgjy(T)a#R}jC0+sHhIU-dtC0S83FFO3^3Mn&C&<| zo#+;-yHok0U@QTmbHz;IJ_c&9_AhSXbGbEs7KBB}}aIas7 z3-Ce8VacMxLyq!OEwK&25?Mt>VRWevxW!H9#G0B~!4jFk<#|euSQ#YXcYT9&bAIm3 zVpl&Y#Hiu)i>>@r0mVqVdBS!x(32an@!&TR{OyM zY#Wjm^di?C%8w#6kn7pZKSJ>alG|9kuPq<>q~@phiGp^5$PaiYCF-Gox+<~X#+FYJ z?qx~y(iI`}Twb98E^!J!RJ+v-WZ<#4e0cUm#Nt&~OYDQqbWDn!_GKP>aCb&OXg6Tr zR99BkRkw{JF`yC{#PCKxRJVs%wcyT`Ij>nFzy^0;kP5i1SMcz9U64R8&WnNc(AC|Y z13V~mzpcowNA6#dvnMa^*;ibc@3kvjNZ8!1CI#nT z#+l?%L&7rE-Rek3$Q1PG4HTiUn3Gc(Zv3GefW~L&5WmTqLR~wYWRa_1(A(kFvB}A3 zdmZ2lW%R0M4khG@;^HYz*Rp$w*lxOac|?8mlXZ3u+4)I;B`ncDAcZF zs=`)f(u3EY6JIT_isb$&i3BcJ4-WxlTKV*hdi?D9T7b*@Z^>;|k4jcQXDU7hNf1|c zh<4B>UvENheRb!a>FVmL==e zSKglWl{RPU^!Wv5%M|XJ_&mHs9!)#Sc?*}gWtW8Sv?xuR?Pb;dfU3o51{}K*#wL2Y zt5vz{g)v=h8R$%6q4RFB-%4L%LO}u(_V&l_eIH)v5 zu%Vi4)$4D;ta0UT|1B|@)2bUfhK9D+EY>}^>{Zk0YYb&O77I}^c_VwthFe+B!d3(Q z<_>sCTs-ke#woX$ZZ^!pF)G!HY}M)Tjk8s%9c z!|A<4<*nwscl|Ch_jQ(i*XJ1QxaAUhf|t}^c<2{`=L3N+Z;FOM$lpDbn$bBmk<`M4yq%F z6W(CS!jVE!eOTUE>6UYF?`x{R@8W7K^!zV9w9U~Hjg&ZVkJaF6l&`ihh=gL$$5T{c z_nJqoZ`T(WnR`O&ZrJM&b37OQvr%E-xHK$pHlXoKm*bPyBxZHahhvvsis#%bu2aLx zu@E_#%{G&tF6n~DkM^bnr-dPtsN1J(;&q{sY0CG-iy> zanTixNybh2TEKzOU#U!i$uqkBd+?G!En)~??}vR~ElEK_-c!4zai;;h8@{$lI`rr)C^=dAuF^aift*e_~1{e+SCuO#yJu6D3aNS-A$7%de7`f9Ro`G z*X$;f36Jkp&a>N3#qW#%f}Dh2Xl?|e?i|`@Yw|o^I@=Y}iwZa)e4wy8I?)h-{{6A} zK2uJGBKn(XSa{;+Z!bjOI04ubtEWKC5m`(A6m_U#3wpf=AWlG6opk@U_2Q}6&cL#y>K3Y zA5-9ku^Y^(Ke9EjhFkT^fx4RwD1Q=HXm!Hn7ym1Ed$s>C18HWj?icSUyF=&}HY+cj z7w-Dq!MZJLVDOZQsR)?aqMB}#n+$t{$U#i&su*z$dH>;qF);kp-`x;vTbh@fD|W!sNMR!G^%ho^pv`$beL)*JZx zR~ny7IA)c#*+3!TW4+AmR2Z7xo-gm}?Kj!Ul6r(848={|>pdSp%2k9Vo{u9(S^aDC zBdIfYjo!XW=w1kvv1-R{G$6m_x`^}LVvvFOMrv&ej|VLf;_Gj2k{|k^JfAHSuJn}% zUU_i;odm>GX4?IaT@nW2n162p+tS5b#s^(sAdLl_q*c0fNjFh)uGJ7(5NVE z*f$k}CYhn-y_(azyKOzYl{I=fsF4FlJOhJ;)%OYePzlO8hfX38LB7=zS-Z!qy5`Xt zT{Ko)C1B)eQNl&p;NdaOzjmtuAhHFjcP|A+_nNA9LkHG7BVcj+7IV2Wvfk?>1}O0L z$p!u6A8wCq99COkiP@qzQ-Q8fk2)um3?wYgCKte7=2fe_81vH7>Z~ppAcVL#4fUz4 zbY>5DRghos7>fXkHSpppYN(KYSpZt|@fAzzN=jJrnMbyOfIuFsD7&a3<=cms7-w6G zaKNE;bq{RNS*97LHSxYr_<)L@stBx_ZY!?94cK>DTrXYG)YY5C=Gztk8X({W4BRVZ zJnTkHsD>0f;4_a5O?^51&;CP?$79~PsNkKACXVexv%Qii4X5?~{@q5(YaqRcJ~F@# zX8rmXq1&=atf^+H9+7&&w}RID)~yPj*ByrSR|D?4p66V(*bA1j*xl4%Q>cw%#2ztF zA&1HeL&YQ`up-1k#8UX$&8@y+S%_JuMpPoOC3#|k8?cRSTaj&#!APwt=&NebDh2?- zacF3$3qagvyRJU=6VOz>(Q9Op7$g${`g>Lm3!ZbD-`B z%B0;5o0A=mks#og6yrR(t^E8x+U}g|_bgWx=P5|MjtozWTY3nj=qzCH0WS3esg4d< zc(-=;PK=jPn*c30400yPl~yK*mNt+M%20$n)svK@qmxhF2t+>3dw(eItcu4}wD1he z2+28e=S5T&>@llB2I4s?t3_1Lsb;?~e@RtI!&pgjblwOw)=}2#T|_h?R+yfjc2-YJ zHD~v#nSZyCGICm|3W;Yv#ROD>rdEH!JAkk4w@+|q_-CHRn{)P54`)7l6@$V_mXC&4 z+mS12uwMex$zb7jN+=nh=v2K+dxjzgiAak}BZ3P0Dc zSXs5&k(8FP+v#97DWnN8e1FCl8B{5w^}h74^EqS$vfur3@4}t()6V26mI`(6-KPLu zwKcq)7jf_P^FOEH_DCzGVO8%Xm0(pGd>}+kF+uaz8Lp~{T-xb2vyg;ukoev^r!CBP>7cIRHFZ_poSEPR!!)t3 zt>|4SALg3@ioMG3p|(Qr9I*V{{#06cs*9T?77z*?!Eh8^mccBC%|f<*Tw<=YCb8Vf)aZyWUIa7Za5V1;FqB@iF}P zjs7FbQyFOr1A4OqWyMd7c-fV()Y=>O{`Bvu(lmMbu$+>-U|<%<34uTJMQ*FwSj5=+ zkl?bb+S;|;*7dV<8Wg?%(R7tjQGH(Z(d?j!B0`gCnwcD8uWdvS?V3mlDZCs+(55z zbfZzSuy)>lisW?sdUd{AeINojQC`&BE6eUUCLj(3?QD~WZbP_tX$KIW;YYj&o#iHo z*1)u_`&~-{bNV+hKqDbx+;ZkO{T~hRp|a~}s~hMzQ0Vkdzbx&j<;r&Yn0UA#UyCf6 zld9l2n!rDv#!vD`AtJ$|6%30)IBFJZJs zr0S)L`h_&z;SK{&fPh!(z%WgqT(0_aYW^TuYTwpfA+jiL-{}_=Fd!g`v*DHJC9?!K zK8}F+th>HO$OrM*HVJnG!+rZlOW_a{*FFX*{ra7h6s_Q*9lCvs8zDL_br#t3=l%Pb z0kte=WJCqIn}WzWIdMJkVg;I`W6-iMD|O$9)KJ2HVNlR3lfb?SRqpKXx4L~yVAXF8 zr9N5)n)eT3a&61f%>!w)tD)vALx6V#;_NQBk05@Qw4R@b2OoB_$YiK)2-KH3bZfvV z$#1{d-bO1M87+(hn90}R@3#*XCMHP#^P{;$yD75iDod6Ei(cH$sVN=7S6-*;23Wga zh7Bc;vYA=fEXR*cAIbt?FS@zjJZ%f5K8fd$cq`+@5rRY33C@G6(u@|*A8ge2=547n z4@C!%+>efo$N|w(@9!{hiBMvrk9%x?j^DY0OM;VjWO8Kif%FkIZS0Z(^!Clo&HDPA zzoNmXkB;8&rZ|*dWiVc`Zd~_h+=sTnbLpZh4i`vyoS%T2>Vf=sb^Vj3SK@F51PlP} zkme{WC@E=UW*cQ}b;|_0E&vJwBs7W7j|`xjHM77F+bgf&M6o?li4Idq$9dy~CiN!D z{acXo3&LCmpi)g0gCVbB5G!CXng6?~{Qyvy13phdXwBIN(|64^2H&uNW|98K2S?y$0hQ4g$J=@`o|DP+sw8I7;kFXE`nM*FlBq)I}$9N$7t&(0o@KE1!MdEZ-Ep#dF4zv2)PhjHC6 znLp`d8jW*&S&_W{Kei*3#kz=vDK@gZH+eG>RAM(P(>T8N0oAI8hCv|~f#Xc=4Jz;@ zkG?m9IguP~F@r@q&G9*UmPQRqK`3gMjEseq2yi6IHoIoDD0~w_!>0HkN|dcLL`8$N`DDLIjo4_Y zs`~3?zTDH)xAYaTNZeiD9(Q>k$KG_UYur{6BY(pBCImYAz1LT0%EmB8t?z`9iT~{A9=F4N_x}sH7>L=Umb=2tlxY=56`< zi}WWS%;Q4d(UKd7%TNB4O)j)qV0!+eg= zm5<0RD897WgtPmO&&U18tsY5gz{xF82kk81n?TM|2UG4a-0<0xeDvH3bU&gE^8Ga~ zOu^(nkj+UWle0ZU)v?@UH>l^Wb|7=Gin|N{jGfSJO#x?W{|l;sq%Lc%}=TFnrL`;872OO}E!r0(X|^)uLO5%=2F zDUyz>irWwt}p#^?VK2CM`XBphcMH785xa^PWtP6+^GqLVs zv8D7jFlFMz4*5FxyY$YPuyI!4Nn{&3{B`5o4#93vtNq2ki779%yl5yE>Bu1KF-o$! zb0J{}w4vvMeeVal14`2~(_dk<99(b_=ywQ>1B%ndmKGA-#pG!GVh@6EEcFsk+{7$A z9J1M1E~N8J&w(#1IBO?S0H3dbnFGT!^gsIE%Wnt3u_~e-et8Wnz)Ffl9iN;8lhPi= ziE1_dy461A)3q1R_Y7}S9O(!AiA$aH3BavHxCPFK{M3OHH#b<5hKnG}N&(e>zJhac zh%z|R0^#rpRmeIkFp6q;w1U@bA(2cfEtUa$eB(_4K5&<*4yq5S4#M5IK9^~{@8uGNN6Xb2qAeE z#K_cN73#;nDhOJuZnvza>@;_z9Kz&mvf5o(M1+ZniC@K#2LC&XV=fmrIylgCs;WeQ zzkK(ne*H_#sGmD=mN@Z2%wA9aX`1&{W9ZHE(0=E(@{a%BlehLwtQ<5$wCAgoEC~;A7lvX#a43Sx zL2_%bv4+M}a02#`!mFC4-jLC72oMXz|1xmm!ee+z)&PVjfVdeOAAiCQIuTX1MJ&hs z;?gVkCdW}!mE#XbX5th~aI}|tf7SB=0S6>D93ZRc0go{DIj5=iKj%VTW@r4Tn0tLF z0q3wc_Tx#Z_H6}JLUg*SDyMm`$ub|$*HREhfqqn%0)^s;U)zX)9ErutnZ5+a^J^!E zci%R5YUVXvM>G0BaYYmbfR$1^a-S>e^XiD2m@lO@gX~94ZhQea&cdoctNnbg=!v36 zXC~wv zj~4|V3KbUSPs6hQdPvPk)=-1y|88!ndxAf+Oj&)=G zUnFUp!@OCTAfaHo+9lD)!Og09IKQ~Kt7@}ARX*!rTkUy{N8@{u6wN{{t@!+slJ4ng z604z~q;Y%8Ssj9&+nlH7UfQl7Qbv3`6d3E8cMQL-tk3{%aBsTOL*nr6Sgdv@WY2L= z>8NWKJLNbc(fH8-En6rK9Wj9#X54!>H|*ZN-Vuq}=;r1}D8eT*MXtj2B<9qui!BI?AP3`OKtp56$7q5Vd zjFM86KyG#=7G>H;5(<(xJ~=9Q3BJlr=H*IH#b@YCQRuu(-&*VFcnj3cEzQgX1DR5g zKydwRCozos*rOwtO>l7pr}#|!5wCyJh7Bsi^%bBG>_6KMoZ7g5geB(iNuDw@*~j~# z>&H<4mTKY%$nAb_Q>FeY7l;q?co-H@1AICYyZm4MU#Kz#`jmZ z)7v{Vd2?Hc^+lKX;0%s^c9hyd?vR;z*nQ zWd~ZKN-k2zqKJHrD87E#|Mh*}YQh?g?%wy0%~9(?akA=HwbYN{KjUxTM4>~esan6z zzViu{_IvhU1jBalJAYt)K|CeP%SC#K?@R@|vKxomNX{!M*%g!#JNCStRBVo|tt{U|DKbVHz_^NJ^N4L zA1=333xtt5nx@`=)*%YVatZ?k_mXU!5^6C|h8hNSLqr_>s26o__yLy^$->@50&FKT zKC%o|le*>3bcc0&IIQ}dOR+qy1d-VUvpAIYT|5##R0@f#-4!_s#|Q(5wi;^Soi`WR zC~s+@zG>`Ugrgr%8N+3_|IKztb=Vy3SMA|G#{oVZil``TMgN{WRD$5eMe+4925sMi zuMVp)lZtZ{Ra=*HvlPwDVqwDw|#-~r8RCRO`ce%Zcg_}mpSra>c z%i)9FCNyh>h5?Voy>{pW>41M_>91cDHS?aRgSzg*&4{C=hhHVz-7RxKK5})ZlL-1U zUG-F8$&-?ZL;w3E?Uxvmk>W?M^6dQSTu;+aEft8(uNM8TyK7oPb0SnaV!HBH!WB5$ zusE8&5gU6&jj-+~Bfht_wVm7lv%jCvLCP+pLoLWDDV5S=@EEx(Ce@^eurDrD>nOUr zPj?!cD34H7H8cWu#(sAB6JCF|LHh|i_he7(*dR83vc1ke7Y*6(aM$$GBmHD&r>3PB zHb%tWI^GjIGCPSDwJt{m!p}Q%*$hrfz|f!1J1_Sgguc5B31LMLvvu~d7{P9%Qr>YD zl$PSk(;aa_mPM92z6OT2e;Of^-CwveRMAB9Cv3ViOz6vMuEvq42}@kTQ|KUg6icrx zt)W4iZNo|a;qW^(IVGL8BD>^IVYg?W{uFX?Zc}lHiHd&9$}-i|)Lj00NwBI)zMe^-_bEz(jZ^OUkdqi?@iLaGLu75L#G~@ou??`Z1v2UoIab1afykhCXSr& zcie5m<>g%9G!i`-AJeV-q@-E0xM-v>X5!wL)sbAz4Xy)KK1)JUknQeqB@C@eJ7l19 zT5fD4iC9aSsqbWs^`)bb^xl{cH7+V9&?fd;01X?i+2!NmbH{bm;1~s=v}ol6>2Aw$g6{+P9G^?>>;Xwl2Tu z?(UA!k+ZxWpWY^!6%l!Y>&iC!o$NEWunVtVAn{Dxe?Kw;wr)A?YR$x#U0nNypZ>Qx zHcg^kq9270Ikp)WxV=MHM`HA-5XUC{cTY)1)t&HV&Z)a%jH}p-nVy%=^i|Vxki;Og zGvU3r8b|!h2nP!bEGU;=Q>Q^kC|NM#i~s#dFS7|P-9}c1mVP4cJGqX>pkGn$qp^+U!b$3w-tFkY!oxfJ3bZUT)bp_ zy@c<3%oQ3#eS!wkAq&qQZxY>e9#=TE>Rl+0~9_}o8v41}c zSq;dd=<6EQrU@7dj~(ug7V(3@uCq6`rgi1}{I)z~=pp9tmK*Z=%yu}&i$4p#rCB}} zsg4q(Y9s9u#yO(u7+6K}1q8du4UbzLM5eqBTV(9LfuR2zB_-d)Xsj0g@5Y?8k3wKX zb<;iEU~G4mu_E&5KaK^1GUU|-(Ge1>E3vIi*SB+D%8O1LGsf{mEgyNs{wCY5g542f#zY(`gxFIn&_xfk_h8k&Mr+Feblw7>pc9zKk(zXWY*X?fP?B9I zq(CD#Gb@XVoc~MPG$Z5<@ch}F3fjN&BX$;L1TPq;Aa783xV)y8HdjF3hO_68*Vbwb z7ROsRH^Sh|=U%8O5xS=Wt`o&!DB?J(NrG9JSAN?@k&%(h4YBKs!HR*ZGNsIF0j+4MYNWTy<%;T|{vDsn zE^J7dm)j|ossYBPl}4ArZjb}c<)>fiGZ9oq-1OLb4w_bb8{VgCpb>Zp#Yx>3qsb>q zB)K8rmVHi1LDpU$l~U#b!D1J@TF~W$Q2oqPY-@jdcG4R@Rc?A_#qV!pgW-cq(YiWD zlvPyp9B4C1$jJKF+YEU#3BaZw6@Ka*nR|rLMj`4?i6Ad+B8z2Es*>m&Yk2BQ%6BsH z0^^Z&niJZh51dc8!Iah?v8qsexyv##wUn{Ak{oGwv>l+{V~5Rn;Fz^sIIe5Im@4GC zq$KcI6{LY=m<=uZZ66-C&0+~G*B6#{`duvsPU$qKrOzjxZxEpx2E*CVMN-Ho2OyeQNKy5JaAFqsPJL0s0u?IH@Ck#A|d!c<(Yh!p$6riBd>khLc01g z2e@C-25c5+l)IkTl8{hHi)X;VcPGi~=;$D!B5nH>jKyWQ`Mj$7@5~JN;vigIOYrWa z^=fz@dz(Sw)G}(#QV4#NpYF}&?)hud8tuNU!0o*w*^gh?LPBNBkZ%>FJ$#L?L$h?v zo}B8>QE!97N9`SZh5ECkVcthm#x8{5bpF7|6bX$oXQP97>76RKhPqwthuX5kL6ob7ku4 zN)UyO4Q};2YvPMQ$0D1wM)7>`#9!<@Rd6+Ew4o8dM$A#N&a}+PH1)khtBi5Tij_(? zB&wEj|Igsso*04^b#irad9ecCpd&Y^vX6gX%}EU~^b>Ui39bwRQrZs(0K%T}mW18Aa#r-#sVToqhLC1hM&Gk)CbZ zE0xxlH&xxoj_T%d@$oc?*(%KHx>Y9P_O+Xzz-!ZxEZm1&PuOe-Xu7AK?%=(-8Bo}9h z66d1lJ~v{S|6E657NeooO@vv{C}KMO8XMAVF(mTYkGnvU`bljk#lR!uUK4Sg3Qkp; zxuhE3CDFM^a-ELSsH3m#A#XTmuWn!+68pVwzWy^RDsOOn@9Kr844>B9y5jmF%;P1oB7|ugq)uIcP3?*GNf0J&-d|#hnW+l@Ow`NlI<0hpMi}Ty_K&xbPeQE|8stN?i+p! zfkcK)va*hR{$2XW`G-FQ!LF$ zfy>;x^;>61e|LE!!Kzxfn4C($hD48B7D?1i=K2qN8b}sNQ73K^RicH8;vk8!p1*WU zFUeqgu^{#MSR zM_;kL`^jkha_di44R62Lhz+vL;Wxcf+a%H-BS_>C^M02ddJa;`?_c#0ugq}WDfk2* z({&1LXrWtQ8(_G2&ZCYtbFub~{=nHMc9Dlm=&5oX;i-@`fY6D;x`<3WRBWy zw$cNQ8}FGX9cCj-4(%hOHq;C>QU<>^t<`2{<9nS=D>-Xfoo1LVVaskp=9?_l-yctp zn8V7w_V`&1IdQ>kIyq{G)bNs6Sa-`_q-Fk}Kkei!OUjGn#gu8y2>-~)Hw?!yS8WX8 zPKL=Kr|K3RZDeL5xT1pMVSnNK%a;(_6+yJx;jt9#<+6o>(mO_-Z<93L~rWURQ zVhr93WK0re+#R!tH^ET&ea7*q#BenA{kBsTg=o;uSl-HE!{J*gKh(&z63;WX^NXu& zuU$>U6vPJ^x6Gc~5CN3yn+Oitj3M(L+q{)t1&((zGD6Ab=kHP=%Q-qaCg2)an?oJJ z#Hr{x&PA3HC3OxY5$p>ncbi)fl+tnw&$AfcD zh=w7W=t8&A4=OzMWzM!r=P~;!++N)F%_rWPI$A4PvQ$zYLzu1}SDBzs1YK^zVX9Ci zCqI7(K$@IKjqvK(6Cx!H=F6j}2Ua!#(D&=+tjv6hUG(lA>))OzfXGhnBRH}Twz*i1 z-Gxh9Hkm~v`t&jNVpJpbe~2z3b?=g$D5>wHPiGVDt0A5+(^@n1c`x8=YKJTI-xFo3t84arzq((!+p3Fq+Na5%|n zSw+IvkhePfvrXugR)ejLbuOw#o9k3$WZfZADdiqZ{)V0iuZMcWv3p0s=^D5Nfch>h zt;*nLyL@fB%$CP$FbR6LUbm9=CH!h`gTLjo>wZ4(GDRu4cAm43&Q=^N za^$f;kBw4$uzB^Xx;jB7s^d#p#9=-%2_Jv6wlewbPSxq(A-6K}%V(R`>1o|l#Qx*v zf=8)to20dfpM{*fqLIW#-cSAf{Dy}gJ_tCeO~3({_|cbUvp;=cQ(-n_F~y-+QsoF! zF`X9=oWok*viYgi8dnYWe$eKZ`~lxtSxPJ32jXrng({BRS?XxNISYF6bLWSK=JUju z6<&wq>yXqwSBur&2}bDCL=`WiQ=w;O%1>x#MT9{-hLugR(?EP;R$bl9Xqme0mInV( zMD5n8BWXXSnXr;2myuzV)cUw4@yK(PbK=ZGsk3%3S9tD#p!YrrGYhlh)WMMydm?@k zeMt_VkkodN4(<7m40eW;ma?j+p|epg)7hqrvhQ_YkoVZ8r~WX+(?&P)b$ifIc}9{iunZ;k#7noqdHzEl`=5vE-0AZ$lSUbDY=EwL9iUDIaeGH(< zLr2T}`yQBb{uCCn4us(|EN5T&zt~E3qwi4j%97e9d@SlvPfxdB`Lix2vhT-;8W752 z$wI4E_C3GLvQ^%ZO_B5NpJNL?rO7?LOXuWsP!>bkQy#ks9W226A+ zWVI0kzPtW3)mCMdxeyz=pKTow_DJ zZ|1si_YqUKt*HV8=Wj%8=&3U88zte%b^>n|dj+_8~Inf@zgm5!au8(`1Q-52hR9mLoDoH{xxX zqv_qUH`J~TRDbOwmW-(rAXFIz?0N&d&4{Iu%i`999{9h0KH^t4fnq<^g0<{aE61n2 znokZonT|=a{ExZ?hn$;Xq90t+ul)ngP~RmFxwvIOBxmHaQSW(zReMa!Q6n9~?L@1S zit~;5N*#TD-#8m2@UBhu4xPpxGyS6V5I4Hp<79DyxK=+l)|-X?bI=xbgGf=zg?*N<(F)swRgm$n4sD1nxe38OG=OIs?L-vPRi^_oRV{9S>rN#TJLv_&z z84Oypc9NGa32?4Mcxzhi@x67z02I734YXKGA$QT@Of=N37W@8nt9i$CJx5`M44KF^oK*kx^40 z1COyoY*>u8E2*U*+#pm{{r4!p zw74s+rWv>8>f~-%)bd$mpZ!uDzVY2=&B(B7^wRCWrrNtf5zefFp54;&a=eGVIf3n? z8Q-+?@vC&tQ(Hv``v+v1oH+H)J}!|CxA9*A1-;78@3>2T#Ny6Z=-@Zyro-+s)x-9~ ziV4DqPfH(zO{~m$;!_o+SV&4q1JOfm1bOS%u{*Qv1a^O5lWGOBp7vAAytOO;JMsQ> zAylFGN(AuW82TPwL5Qb}yy$xS`nW(Z&o)<`y(Nu1C~>t=iQ04$eo zwJRn)zY?f=#1{Yh3O$?>pr3Jn8pmBR|&f6HCGW08yQiXcbhA&T}wz&(^E6$ z(*&Poue9!&@%6klr_ZD!Lqv@-naFIhoS4)*Q&`D@;Jo(}d2Y$jF-?uEg7X071Z2)nbuHdI%YMlsk7FMyAWuoM{4x(1Pw|pfpaGQp;BAN1D6Wf zGxpF~r`5FJ3M@E+fW^YtHTkUSdNgq7xSEe|kQN-!UVrJ|vGKQ0Q7A+vp#vZrZ#S;z zdilTZie@PyYW>9 zi+C9^`c}ZiymmH$#ehG(@~j_y$q;kMyS#^oF5M6Dl;L~G1>0@L zo!ZO>MWG#k`expDVTXn#=ahnYQE2nh)}26gg7UTmt*rQUTvg9J1T zpT4!|zrJ`dHBjby?M@;TJmSMAlG~?lf>c5`OvWej^0!5=?*?+2a%Y5tH^09o_~zII zQpCcj#cl`y!Qr&^<*4IhO%tvbVSIwLo*rpQ-75F}2|S}Kb*A#=lB!8kW);gqPUj?~ z|N39r)y@m`2(o<|*gwIiudK`Df_b;m&|TDnLcuV>wV5plRLI3@tw#Km29&zVP2W|R zf^9YOR@bQSI1lUL+Q4`x)RMRN+ly$n7=QKH(T*kE_tN?SJ$kq?K8N)k;&r|KpVGMr z!E6pm89kvYWuuyj1((NL>2UUk;+eU(kE_Xx3~`Qo1Pk8Eh^7R=+6&D%UDr6}5nCKp ze_XL+r$QM8(v6JG*3^LnL%#vXp;#|)clXo%3^4*lfr!nOB#VGvDd{_SK2agZ8RBfK zLBm?P34PyF&l>~OpHZfz33}!eR$32qVow=G)z9klJktPZ8@Slk=XZPVrxNnBiT^=I z)*Ev5%VG)jLJ`r3#W$kB=^bs?&FmbxJAPqEWFaTMW?07hsw{L@X%^OF z>AGg2X3?aJJlas`m57+Q#-xX>UEe|)jHQlqiqdm}u7*Smj!u%b0ulvpYVz&pqL_D0zL+`%T0j>`hOhaA?k7 zl&i?3B`~qKmj?b=bq5*m_8f+K!LoaWv$p^Gt09MF`Lw*tj|-6FHloR|+=r=Uh;+c} zMTtH%-tc~@5NZ%`S9)*f$$u9l@iHYpZcFuk?t(C@MDDY<;K7)j)QCS%`GIdA+~X7u z`DL!;XXw-<7m@6@`C6c4E1>kh7Bt!CM2s80lmBG>I<6~5D!XJpadkCgk`pW;$Lc#N z!>%RnmCSG^#Ip0>noSn3nthxdUeWwF$5`KSjv0gitN}Zk`eGdURvEf<#y5_yxY~hF z$Sp-3n<>yZ@0fnT2>8T`3C9 z+4x$J9^M|QU}AUG($iW8)g!*XIzcW(vXQ9Sq~*X9_2(+ESVYFvDZ=XfdA5%O4*s+A z2#MTrq(-A7KidUz((0@4-aXwsGErlAq@V<}Fef))$0cjMqVj(tJ3EUKFZv9bfjHQ^ zZs34mBF|cod{9aUSWz<1acAt1$sCk&SlGdq#B%O*_O`e|oki{E>Qfnu*fw5J_aqwo zQ1av|b)?lSgty%FAwz%+!|{CDiB;$e9=)?9E% zqCufOMbZ1>Qu8g~cI(?Hb8Pc{h&;GDMAAOT#We?@Hb={)@WW}$?hQo6ccs3ha8%U% zKSiBcleE{H9xc&dzrF(^6=HC8Ddi2$gdzO59u-P9pV}eKNSEt&YYFo!zia%AcA&%3 zee9?{b`wUVSZNMbN*2YWu7&gS^7Ag2A`T(HkH~Zc$7jQ>(;<&CZq{KZiO7qgk;RcP zx;(Z{9tl4xmPK8;{Z~^iKtg5P&_BcbUZq^Es7TexMbv2Lo+BeeSeOGz@~=?k+74uV_Dzu;5yz zn~^(!67f7u-g+#&#f<=acL#OOrT5vv#PuBHI%A#hi6Oc}a}(LaM~qMW_-$ncPZSxE z=-Aj4sM%cdPjuM%#nS!Z6{ww~B0zl<{m~ik;glXMvF}geA&+HHY5#YO0cve|*37f% zMmKW*({q>FJ*dG+vWov>YUFmP8bEx(Pm7+7WtjF=Q(mVn-2!i9Z?Nbry`HyU!jVdV zx)7^DJqfih@<6xAUd+hzgzz~IjwG#@FG4C>9E$6AtPE5D)O>t=;5)YJG~eQG9}3|e zdwsD?M3~=~W@SBk;N~BA@{H!=$J)go72cyrb#z=Gc0@1lgGsdWGdw3F4HDlWH{AkU z{QS(5F;>r0i$>*)PuB7>xiRRM@NUI-pz3i~7 zT>8wAiqPd<b1a197qlf3GoIixjMq& z{}?w#BSrUv#Yv_H(&e^sdER4fliUHQx)>fnt&ZZJ!p{k8df{{t#HOEJpGS)#o*4P8 zVM{X1l+@p=H=d5=4Npu&h1`0Nk85U^wosQgozNrpj1kyqXy|DRaqq1?h?}o$dNVFAcV-73j45;nEfDI_N0rELq5^PbIT*H z+~hego-3L6cGm@CDTQJ>zusbzF&i_nI{g`m-f~iU`D8N@d0FUrc|-hP<4aoU+9bc8 z%kfHyj;c*7-}OV>Wn>+)@_O9?@*E68mjcA*=0I9tZ?F94xn^2Jhu_}Xtm#4DSxYUa z66~Qfae7^pQ>`#@S6p%DA@r=j-Cq*|ug5qLkm&{pB%s+?>Wu~JG0eoC}q(P{l6BV{TByDJ!!iOIT;MA#b3}+X94+PC?p0LdO3+Nu3 z-pikx*gu}Y-l0YnG~M>`)9w}R3a^sC5DodjIGN}A6#5;p^yBp-<$KicJ1SENXtDz}b%)%leK%O+xOS~wowGS+nFup7TZ zl(uSBQClFCBj8m@U}Ah{0=YhUy)g2(c6p1eWiW@Ey#9?g)+Lf#hdd zuub<~+N^i|ZMlm+JnZYR*Jalo;uJH&Yv!Dlu^e z##?dLuuMIvh&5(P`r`~X@}a`T>Unw|>{O-T~&l z=cyv2Gt=QDyy7LMA-S{kVijjoaSR(}$r-dfLK%{Hlv|!Kj@L+LS)}^LobS4Rk%JG8~Ucr4I7m`ni`)p^YkQ9L7oFW)Hx66z~mAt%!SHk zVo{{kOztSg@KfkbRy#2TU26$BnyMdXXPZC&9`!mD4ZYlJ&b{g{rHqWs(?5ThK{R~; z*z7$0HVm$79QiuKR8=P>&5nzwbfE+}qnbtf~__QqHx%-~s6R zGYbFvbDm4~%Qqx3u*Sog2Hav<=<7rc5(+X&qpguKm&X8}>FCue1Rsu!Ld1S?D_ykS zeW6=v`(RILaZF$BYsl?7tl^=h26_A4l|x9;o3B)_7}HUPi;~BF^lcR+X$8J+(zO~<%Ft0=oB59YXH5Eyzu{x`e($u&dp z>jgRgY8K2tXll_DAC4M`LVy;ER_=2I$jHcFfIo-BQKy@%IjFqXxkT@$*Hm}LumO$; zC3Gn293K9zG=B)i8>|V_!#4m0o9EHRl-c3Fp6B%lurL(H>H)zx z&k&MA!gJpV)WsNQNsKuJ$_BM4VhqYA7qb_jzW=mANB90^hP%wN;~pM`@OU`L29HNICrpam6la_h)LTZ+sVfd9w;Ifh@9fP|T;yY0T<5HZG6R zm(&-&!oUUqIx<-$H$H#@0aa$m7U))ReYborAOEVTaIT`V?EosF%uMh`M1!(OawDdp z-pA*z%;f|08JU}ldrcQ6PJ0YP$2`T2~Y>O$j_;~>R| z;(#*E^Q^e$B<)Bd5<7*T)?v`*SxQ-V2Z6@s!hdf3IOb5x`K!ORUT;`a8wS&|rN znI0bV)0vD_0OfbDbQBX!oq9#_?M-G^=c1tuPb@?g&sDFbEP1_ncozZq!{syi{PSWx zHb^|^YF+*>k6e2@_EQf(WVJKBtsJoGuOt#+^-<*IZg)7}=o*Llk`nuv`qRYF!Fwg> z+i42l{4!T=yQlpe8=Jv(tG{h|_|;_5oQZK4w@bHc+(vKN>OlPV?(Vm5?UA-)s^BdI z`lsM*7}S6Wmr6JiD86Vi%#4+ku>bt|^YF+|*iEjq$x?NJ4S+9 zaJ3WY(BpL8TpQ>lHtPQ=K4A2}Ju_Zjk)?(Kfwc*>(1)KW=>~5(<@NZkNuDXDi(=w~ zis;K7&V!~rP^#np3QOJQCyOP6%Fm$O?vUR&A1=zlW?p3Ym%ex|00iM?my{5Jr0@Dzjt8~ zXI59E0YC$+i2z7id9;3J4zzIHZBn6J!onej>~+`fO9)iYWAx}%^k}iK;E_{I6~wzU z&}imX}|F1^%yZ0}wr-ZCNz?^MA=Dyf%gIkHe_5Ig0=8?d@`UjlQ9f zScFb3>h5rIbY&T`hXU+7v$7KFq1&k+r3!5}K6z;DXDf+;9PUAGuc3iog~so&5N@4; z6vCkr-Tx%t2XXEW;6J)w4-k|w+hb@zy|f4cd4V3n!L8~#ka~QgQ*`nU;x0Uw@o~3h z28shU7Z~A}MeHLqyLhpzT~3BH^CjXzuEFiO$^1c|w{{9VDvQ{ydlE*0+&hv8%U##X zW+BY?Dv$A+m12huelPDlVHduUvx+&2OqVm#(9~AwJV->WjDGFJ=nWgI`Ov^Q6r1BA zUTYgZ-L-S7d5-i)_L$6+>>Mh;bQjo4jC*VtEUA$yO! zD5mij);s;m;VsqGo2QO=1xk@$00w$xscm`S9>Z^qrp zdN+mMD9YrPR&T~6JN@^+PZOk%F%#&OZ%lvR%IM_T$VzfO4Rth@G^?w}yqca*w7u{xUG)3mEn*lG4+N-_Eec#Ln6PhQF(Uatn< zLR9!!M2eGbin`8a?>lhg)DETsJN#!HA5b+d!yGW)|S3jm~ z7iA-Jyzyt7Yp2S5!}(UUZs@qQ*oVKK3{9!?#F3*Qu=6O*HcCbhU@(G}f}D1?^XaFkK*X z5E-4UVH?Ko$kK!ik1%%~Rl49MJ?r$ZwgVdF-Ur?Q6O8%!rm0=GjXCfS5la7p*|^*` zq0Xg~?&wL8r0X;OLwTX^l2D^}W zcbpNzlM~QKvl`W+fVt)m(i#v!L#o6x$mc#g{#1EO8fo<A0XoPIzIJ`YtMxDfw3oAR@t3Mg`wlfN;= zGMIXLJ^|Ci0c7^WFu?5d4`vmbIt+6_$l2sSSQhyKO{pLk&LSD62~|0n>UMo?tfWQA zE_h^kesyKucS*TTz3s6U`FpZdBdn{Q8yZDbw5RTe;hX8rZ6vdzWEQDm(=HM9njvq5 zTImHQ1k`*Ac67i%A)+@Q_%Ylq#pMU^6&*r7sXK6)m^}XZr{!Uez9nHUWxpKqD`+x%ok# z1P*&?2oj}(Xb8$BVL?8G3p|8L{BF$kKHl>hf|2&T9IBDsp!DW!sw3s&n-KI}#{fnM zu>T&1Mf*Jg@@*<$k$iUFWsGp+^Z=5t2blEXhP1Y#fcp)=Isp(QXZE^H?nMg&SL#Vc(+Ca6UqxeD;K!SX|Mx)ea3p(2h zyo`O42ou~kj^u>j^(*>(0Qd}rxz+9D=I5NL>X48H!100t})>lCNztLCJIwAaeQ{EOS{i9oP{dSwR%x>2!~pE@XO5}4>Y}7X&2xc zqM%}}(9$(a1Z00DJ>Sp)r7ysvNx^?2P%6*Q9cNhQ?#vfCFH&9DySQqecb=)3hDNUV zRww=tvxM#6vwg5TQ+p8P15^<)HM)$imCUo})|V53<8B%L<(e9H5^XC{8)7`kIi;=4 z+R%v!^#5u~{~P1d(pQCMW`IZ<6?gz7c8jq(=s?>#1znrhzmh0r0bQ?jp}$Y9j+$?8 zj<4D{plwez)_C+lz+e>Mw>nv3(Rv@bN4 zz|dOk$;y4d!>`25Igz)Xo!;|i9I?L?wr$NM&hh|Kf@{8{w&nvhf7Y2Ri?qeOK4@nm zHOW#tt0nL%sC=MG_)801u*=@BD(70`34~hkRis`28S4a|E2+fx_OtLhYp84Nr6vUUQz6-Gb36V-oyHEdQFk_J)o3^m{%a0Xu6-L9gI zlkOTHMGDs@kHMB_GYp9?nr-lMju>4?Tk<7GLpm%X*^h^YX#*oif#JC5ADBvd(zN4yBm^s{^)6#IB@puc!O6DJK)U(G?j zZwhi4$G@`ZjyzL%A>O&&jKdYNw-{?|SxGga#l$#m759Y;$ufA@cfg2S@VhqpAB=_x;s&2%)CrT`S!Sv1@%8 zj1{tV=6f|Z{I^lQ({|%OMNM(n1-&1n{=+?|#iJ(y=%JUbA05gBRt+3EiWp5yM{z=K# z-?RCLw)5ckjEVR(cHF%7RaVx6bONVjL-SfcK>@S)xNFZ3Q*n^bj#mql(E*UClbab$ z$Q_Pc+0gE;i|qJ+*tJl?NpmfECW&*)b+Z#wc$TOxCIR7r#)BHVeu{Xit8m(*Sl~eJ zw$IqlCC}R8O^UT|eGCkXWQ3T7zj{Wv$Nmmm?H}3Ae89dm4Ml*dhz|n|DqLm~o;-TZ z*>2%UMYFm!a1=2U`&~C4jt6}bgWP19GJs#~Akkb80JtsM@7i#Azu->mh@^D`TdKIc z&bLvKKE?oC3EqM;eOC_}u}Pn|gxJ6^I`yUDFZ(xek1*OPzU!9f_i`FZ+5h6^(Gtm- zaEKI-#CixJlLWIsS&|kuBTjF31x#|%f#PKNZ(-(Zn|n3zJ1}r5Ml#Rf9W3&O=9p+A zx#T|UL4VX{_#*rffGivn<(tpU{^! zyYC9-LCJ6oz0^e7kpky8m_u~7X zqwa7lruHWI=&ot_DNn>99yhbOol8g)KVXh9^Lq<0*-)r6|4s!QK8y?u)mPWo3;^0Z zNabnc$T|S#u*e0iZh!eis3|$=9mRQMc0b|3Nm&`_tZ;^F2WPTe=kX zWwWI1s&inse*`h-AVbo`;BYpI`9>={{;TJP0U~ArGLb4WmRZP^+nQ5k?ze%Z5=zFGxzszTHeYVP!~<^ z0Y|80DLlJN_XK`SQtVm-S6r(qz0&&clPGxA;ei&KQ zffs)O!R&A0`v>u$Wi8BJbc7H+8s3FyYE6<)eppXMd2a>1Irk+y0ty^z3`Zz_9)lx2 zQ$i4K&a`DUkH9$2>`CLoe9w4+!+FZZm9N5j<8RkYUA+!i%Rk*VieR9mIM$G8{u;wa zjX?#6&U(OKD`^u*knQ9r{ZaROb+Q)+nv_K5PF3S^CUk}^cIk|@SY*{l7TH{|V-6Dj zIpxzQxChtq`$wl=g-VqiYcxe#4?TtdoQeN+eIc3Uf!S`MC(h<^dc{GBxi!U3 z(r2m+_xvUnf~SZWPaGR2KOu~7FAc0IiSqABe*2;tffEItot;g)So^TF?pr<2o(9LH zB;1`H=^L)PRA$e6Vs_29DM%h<;!v7m1&db^U)@=IePYvmeE1URCKR%7+%{g;1u5pj zb}8W>d>+w=TJYtMh6<(#%7@t0zVR}Psd@{0<5}lhC0m_ZVUo3izHiLpMbz)vKu#@E zbH4xHFH>fqt(mL>ww(aP$+0%&SJFe;@=0J0p8*Snr%P^ajoa}5-y1A4d(-y(9N(^&swxew zy?OXvr^CI-YAy8RvJ5k!%x)9+&!X4T-j9^e^-}bs#~zWF+9RTKtHDw2RUU15CxD^SJ>-%u3zOps25qqZni&Z7j6yy zpxDrLqHh|#th}X%VbypLyWfE@&)zIgl7>K|$q#~QFE;9UirfJ&ZQ+Fwj5WS65K}R| zCgCjUvmCeRkXx9T?n~G4l=-oBuK%WJDB++htcH0Tbs4%)8A_7j>E{`?LcAlgQ|`r3 zHVIkOq4M2yI^#GT@!T7Sp8ZD94%i`+yW*uP!o4-KUWjoU{zTueFB{P)G;0sxrkYG0 zd5F3>l$x=7Q~}$s^G&oi9y%Ab-V{u?>ZT+$;I87dgVbhAerf*sphXPrJvTrxx_^I5 z_mK8L62X()>W4Y%Dc#jUnq8#&(hnw%Pvxshj6NKEsFiZTZ|WcZG9?oF@JUG$xoM{L zqrMBhGmvRXXVc6pi_jzyR9-+d*t-vt*I9JI;SHIQRraiSWuxnGupjoaCIli}&>t4? z@a`5)L$E6*>R%UB0kc@MdJg!!Fyduf11A!zqRixG6 zf3buJ-1YE(!PQR!!rn8jZ1i@{QU|?$`X6{sxS8^c?7TGGBD>@^uG&8OpsM$kz>z`T z1&o`$cr3S19BhpLK^0*kM98r#4Cx?_OkK6zn+5Ag4nbkoqlRX^(^-W2`aZTs%zKRN zw<>Bz@lrf8VGZwjT#Hm1pVi-CXA~zgka0DXM|ql{?Bhb4a+3SOy>|egh8*JfoSw*L zm3L3_V>}@thkE%xhLM~V)3>MM@1d+^uPX@Ce_u8vCbiA;vfw1L`u8m8$5O3*qSSZ2 zC zZfMa!1@+Pi+3^3_<=nxj>9+Hb3r;y*h^n6d7!|xvG^{0K!1#%@)@m^dMGrJ^K`JIt$cXFRyuKK5k?F|b0{vRzs;^q>EYnM+>hI;DF20P5qI3fx*E@4DMv(geHqpj9t~2 zzrhh!E?{@rldIPFGF@TLn|WYi;MMKZJE7n0!{#I~L)q9t{blU*4eP55>6MQQEd@p- z9^&#-@DECw`k(iY!?&#dEMh{C_Vx79SD1L8;?9=n^VLRcJF#!gxktM~-^e7}p^!F4 z`l+0HH~g-78wX!XSITQ6E9v@5nK#G(@pI%{tY|lROVuO}m0w(u%#_^0cNB46-M2V4 z@{Wntmvl~bvI5&X0J70}hU(fnVhqaHz%}ol_<%S}@OoR)y1ShS=okU6u-?vQi-M^c zfc>#*G=7Z89Jlb2`GVG^UllNF;BpG^1t9&VFLaxICA?EX2C9c zf%i8~Y@xx>o}panQ28#RB@%I6&ogBCBkJ1+!nc=UQ}xvgd;5Fzh$MOVUd}jUwxw0g zdkE}EAee-O3euj+nlA=)&?L71?bCDSnS(wl$&1jTtwFZ#%iG|z+>|%=SHFZ~eVas7 zPDZFQ%vte`kho)?=Y4uf(t9w+ab@+a@aq?%aM-x7`B?0*({35U3y8^>g2hOlO{vy} zdIl9y#+bWb&(P5s*Rd!&zx~6ZXKL$)Sb^;488qyyc7yP~6{Hh3IYJ|$zVZs6eKazT zp)*7cV*#@MD9uGLG4Wbli9c&?2ue7ZZHPIjZ7GD4T5bs@B1F3MnS9_sje=$$Fc!sN zjNu=D-a`|RG$?%fCSb)jd15e?U6*qNab&e_o8yS2-}BJwaE)O#(Jwny1I@(C zC=bUP@^a{oHH5O*R#L0NhAm$(1R1=m8q41?zahogpF0}ox-e_x(-fiFeUIv~=UHc} z^N6Awnnf++Kem>CDE;IH%+QC*2j!}00GTs27N*T{Zwo zuHL-&s(~jTv#^?r1@jbCv0=Or;{QJ*lJy9>+q{beUPb7$Lt%0Pr(D*7H?9>S;G3rD zz^UU+KbJ4Tqa7c%#gAEF|1)}WOO_2PEoTPt;8f)8Xd?Vcf8HZ=5c=J-gG5Q?fP_xS z66uFJo-&8QU${Q4O#8sn@6H!4??BWTDS&PH?4@vpnwFNT>t~0?D6y0fo%WFM(>I1j z#3*=VW#7r}_0#=cT&N6DA<3NmLu-FhI{ne4e5{TdrritWp{F;2@W(&4T))R3rAmau z;2xt9nyL*)Pd)>?tU{%4KS%5y?d|;;XD=ZYJvMN!4|5*AQeZ;^YivZ_3;NGm1*3L{ zIpt2&EBQYhYyaGTPh+lR=eFKJ(jnLgvBl*s8q~e2AFnRu%aN8m^*d_K;19$QH$N@E zf{2n~Xj*Us{`Xn|xoikqQ}VTgKNld=+fe?NcsN()+}7^NcdkM%oXD%c_m<}6mAi+? z9s_gb?N(MQu_hzV5?g<5PjP7)4rRbL-qs#e9Una;JI2|`ZI1e({>U9Ng-2aiYC)TG zHeaU;=Fk*WIC<-l{j+)ru7wru3YT2hp_H?4n}bT}=;K~O-;>+$9u^S%zy!ruJ4D&a zU$gt@JFDxdNwC;cXa$8Z50gWIQIkApIO5YffwvxIKf*oO6cvH0wx7>)ThJvv$Tl!l z);~BmK!k;aC!pO+aAFhk(G&i!U+9HD0SU~g9e@JVl2h4_AYPQ1)9yJaNugmuvsF?US zp0rOuX4&WAO$RK;>KjRelm%~j0|@wD`%Yche{9*=8|g*i!SjlQs|qX>tip??&_eWM zBRObw?!5J&jsL}fl_OceJJ_WuSmYrYTA%Tuyb%SQ-kcupXy?E8#7t=wzO?0yCYn6g zD$kb2nh?}af9=ylHeb>xD5Af>^$-2w)B9Wj(1K44RpCYcEq<^F&dwM7E1p`;3Ne^f zute|naD++p0xAO?UXQUz($~NDyaMUa(g=;3C9+pq;yf+4H3|8faV?w@s&X*$}JyMqbS!UL*zk zKGk2$2P-fZIxY+;e3_lsi;nF00{=wEH10-KgfFUWTHc~9F`Y+%5|$%S2rS_`eb`#-9TWT;O<2v zPRq_i#(g>-?A;X>tXJ2Db&GLKAGa1gThUH?=U{QAS2gj6vE7J`6V3b>{_3`;yi5tY z@5n4Ld)DeNC)(?ke*+5R93+`(9C)<_rTi%)sC1+e&pn|+d)*>Bkw2)0xop~q;HgX6yz_Qi$fMc|9Fdr!tA z&x_Pi4kXpjeGbkyFxF)6hl&0p5L&}VuJgMNdpXS^snOL8PjOh6QX4ro{$IYpDQXQL zB}?z@pW$m2D=D$=lN zC0$JavXWDpcfA5&HYN-sbA^7 zQ%pccRuC@AKPx#^jL}z={Xi zAE8LDCv2{-zkbEXduq|DK%2lqm&9XZFXmfMAi`+p3nLos*8LDY?9`zH2YpMnOH}qE z14h=*mG%jI|9)8V)f27|)$cfyet-l{vfBxNs21Y^mQ_}&lpSgaq!CD-6X6%$tPvhY z9x}mQDKj#>!A1a=71RqoDnd_4e|(=2kK~dF@Uj4Z2A&23nYoWY6j)W$YUTurdfs*D z4|jCTV9WuOm^94OlZ3i%#JtqcUuUQFl7~FKwBpMrpvfGA6 zB6W<=3PNUh%*Xzs3uEpx)p-d@wry)wdeT)Nt_9UzukBpfte%WAX46B% zfW&y;%K-1b8&}FJ5gu_KHeWCR+>P4(@Gnl;|J}DWQIqMYoT;OKj4B*puhqg0bl!*@ z)fSype@y;;I7Rcq;*_~w!RYs)xV40k(8M0VZSM$0T z(Ovz^pT+YICspc227MXOyUycwkhJOS;C2^cZ05)(+85Hse=p#DWbLk8YgS&+qG76G z^{|5o<5XF)GPaYoCqUD_AwRjtDqh-Y5C1-+J3-f}Rlrz$oLTUkvlRP8QEVd-l?RGp zES`98lRWwfft z{J^odm}bze;VgN!iS1fYY;j+R?cK-8ntbZaw%a?h%V%p5aQK1kp!#g1c<>RU9zUK1 z9O}Coo`|x2JZQ)eOdDZ`7+^dx{eWH66cOw8Sp4}(JZs#H$~^IOu~PdaxuowrdG}aU ztCnl(l3OXjLMDBJV37Ztmx!dL=wEO73nsKf|GQ;=_>RzJ}yb zL-z}i&v4nT>HodIh2t8RY!sgTFUM^|*;YF|^Iwhf3z7Y>cMy!IGutHd|=_%>!RzU@fb|$ zqT8hGSYDa?oETAjT7QD|t1Pi}H3^Mn*ARq!KKp@xH-4mI4w?LXse61aMMA9cKz1Ah zFPnZvuy1m)cBmN(C!)Dxty$MJ6Q^AM*z9+E+V}E4?V5A`pr4`uXBPIZooWjp`rxY$ zKqN~h0c172aT#F5;}1)L1kkzd3~(Y#@ZyF4T^Il^fLuC(kQYM%p1-dLULyXa*Fm*^ zFoATfgt~ao#M*U7n#=k&lkREEqIKSvdj77rD{U)C_iK}5qkDO>o{AHC3O72sO4SYF zq2@YN<5z@fY3N%{bPWw=f3}|n-(G+F@J)6x;t~a|J1YuyD)5a(MRYU0p^?QRZ_-{L zNnHDD`!WitmA^-aMz>B-Mr*h*HWQ%{xF>$Op9l|k^EaI~mDgirT5Ezv0h>J}c;M!{a%adwkv4rilGI9Azq6oRl}bgA(AaLW9WTur zML-tWAW~((&|O=uMqB)e=0)vAr=o+)AjMOBZj4SHaRm1iCGQdu&xxaX9ISpk_KWYl ztKW+tjqD4BCRel-{#3v*Zd|qTcW9g?T65-d{T!&J(%QgMWc|-{Yr$v}iEYp$GYNG( z$-7W518Jw4#Y2k9EHbnZS=CcOK zGg@2IT+ziLm}F!#TXKs;@xhy-Y#LO`%Kk0fG2S72-1Z}TRGmB#&tLq*DMy6kz_>&|pEmJTZq?TBw0+Oc5yNcL-V=lHzCW z*UD7Z9>n0_LlnL9FQ8USnx2wJ0@<8IsWa4p_*{j*>i6zGbta;QINb;kapj);*_|%D zVM!gQHU3ODHxry=J#${gD#gsYo9e4HZpO+Cot>@lC8MQ(a<->eQ?AA)aKO6k*Y8j1 zd!!8@rn<9mHL;I)no+NbqzT|swq?R=b@lbX!bGxqd}Z4w!<~z+rH}8Hb{Dpsf8>C) z82NvQ5+brG2*EPT9WwKlKFj&yLBekhzNxZU)xj!sxXj2ro%@Xz*SePAz-~kbe$kXa zCHMfWohC1tk09cwnH0thAm7}woCNL}{*Nu8aPWJs)dPT+MYb3Es zSL+`-6HYfQYbr1STIrKoKy!T)L5M#jWpER$irY%m@p&ai2CU|pCNIo+WS1cH^dzs; z61lp^V3pyEv8$`_rFrcOZY7lk`h+-_f#rH7nc34?jm{Sx4vvIk-GFY3XPd^oz0sk`2 z*o|EhUn!2602__#Vw=k|tueETRi5lNZd+3g4~lShgFkLfvAFVBi;kAEZBJZFez|(< z>1%$TLcpVu$IK++r4XOlu0Evy4I{RH?7ps^(@Sbf^WT#^Z{>c%#B8U{p6;}nCrEs1 z^3dz73zP2=F7;JuIb+(Xm;;d z2EX$nd+C3gu;ZAMn+V0+;o$0Umf#vq=tlkgMhofs$!2I+%&-NUpSh44r5@TlZnL5~ z;`nxj-e}E1-JUb&%FOB8Lb?2kRbIiLJUiA+(}l|`Nt{XJqu(uToeo$_4}@w^?o#lOWb>zl%4Bh(PpMX_z-Vxh8L zd&3#2sz!#dYoK?tc@1EMzxu6(?>?t;)4|`fH9`37Da3~=k*KQsLy?kW+&-}3|9Ow% z<`ewgZ!aW~IpluZ-JtbP_$B#$i4dI)>x-fphB-+3HRF$TUCl24r|@UnU`GL^y?C4H z5z>8@M7z7(JzUaBW!Pud7#XPno9SZlDj%{l+mu^V5&rL@Wo7Jl<@rUEY6P_`M9uA8 z7ed4_W$QBO23C3xCm}9`zc&Ns*|x{;mu$=7h&$pY+(fyUCPw*|%6j8+KQ(>69ZJdb z(Z1WY9w3uu#h7i|C^?pe2#?k8yE$RSU!+X7^}bW8_2#GA5Mv3)ox}Ua^jMqVOnPj* zAc>nhZk#Q;AKIi@N}n@htFidZ@aGHem5AB35ZCtJz5+NO!+o-?HpCr^6ydOmodIje4j{>uAj4-#q`-Y_iFqx@*MG zhsLd9!}cihMc;p_xWWzd@OZVs9jS>yiBn;|gP~xz8@O^q2Fc&E!mCrPl;=ZUZD7X! z8F^WDub+ntK7y*dfoY8oODsF=6L^HvIIJ981(v}(&G{yMOXuOIpQo>6>nq(sg)TN* z#L8vkjE*Aiy>Vgw0ij#wp6CO8ziv23-!Cz1B*s+;uz`_1`clr^avN1SsG4f{8_0 zDF}CCc(q5N#MfjgF?$Ha)dj>IJSCbJZ1ERYNY&Vow1pvW9A#@6j9p(OmX}KG=G+t2HQP`y&7}ji_oG=>RSJdjbT(;5YOOy zc_T-)-SS48IDLCn4}7tz0JVzA1i|y-0vRF;Z{k~214-Kl9WvUwuNgu!AN|i-`G{2u z_-)@bcg|X9_5_PIJ zaENsqVJMIU?V+puR*ahcKyGVsg(GQJxkoTsq^((SR|Mel1J5`;Z zepx6`k$jvtD%cZbD=`fjc;h-UUiziNRDj-Fo#%^8*l<0u-Y(`elcfzFrQ@y9pUoIy zHrE&5$Kv500?D>kYn~t-5ca9cua=~p_+gkvw3C4DsB(b*Z_bBwLzP=~8&(_2vSme& zH?f|=1F}Ct-k$mwA3iMRGAGQW={_>GORr_~JvN))TJ$Up5I6V5db5Yi?2?a2$T4kr zW6mbI;ZyoPgkLQl!4Vryfhtej#q93Fy6q!4?Je*H;&>n|58YRQ7t0!0OXsW}!850< zHY9acvz~t+!7Dn!w*{q%K$gE}i5Vn+=`WuhbCT>DyOi?xgkScU&*SjmL`{ z$ygtj5WYtck9?g?+avP~jW!39U-c@E^$!I&yx|TWd0EIaM2v~89`}|WtQ<`gmrSx6 z@mAw)YnY)BDf74_?XX=-Eb+4G2Um*WeMrnk-e=52t(C0I`*#HlpReRmF!avZj5t1) zrgKXZ-DboKMi8w{_-R>I24d|LHl`7x2B|eU_kQeQL`yhpP3iCg+nC5FChdd$zd_{V zwjGYqksKXgCHPIers+Y>+d)ctTY+fDlj zWOX{8W|IM%dsnN-5Ze~|o8{r1s6B9t_TQSP>=25)*g?co324{62E{VF^CsR(;&far z7j4g^(Od%B66pCW*g^Z}<2#!EuJ4+5MYyL5FiwB04jyOfTsyIzK!1c7e9r;!kzmqW zjbbv`+k$qhs8(OG?9p!rnpP63FSafLzHJGTM$DJ(nO&Iy2384{gyr=a-Fm**l9MO4aJIWi~anG$y8m3Q+yP|M~-&Nx2 z$9pnwGE_PYTT;~pZdFiH;*CANo7{>@IAFrFA(DgH(=%wW-o~Q838<(22u+_f`j>R9 zn*eDK%^~Nv@uuHS91?i_7+<{xZpTn%8TB_3+Nx#xN24jna+6Rg`|(03Ig$`U!OD5S z*nd;%1QyAl%4Tf$liORBV`Lr0BgK3wh{j)Xunl5*+C4DgsMx>Qc%^trF^je_;zzV& zkwLvrfvn3W&gks2FLwOe)#58Kclmoi-oVF|!T}udZ~ZcH!SM!87E=EF-S5Lt*coss zlw;_X2&03Ss-d6&E8}2<0{p^LrGOVeAw3=FHb}KJE)`Q1JwQ&j?UK;^4Fo{zJ-P{y z>{~i%%YfP6K!5dP9-iJVXP)HOrafaB&7WIGqG}8L7w_UQmMkia4h?g}pI>q`7V*uM zDh0?UI}LyOO{)3gsxFbrLNhbn@1f;iQf?N$Oe@I|Npp~s%0i5`Wik{d9g(-~$|?Cc@-pzHglO39w(dsMyu-O4G%y~tZ#aaxcSGJRbI$k+ z&_IqTOKzo%1N8cEXvk6tla0Ww{}8qEO!|uqQuX)bV#+;Fl0`xP5;Hq0pBn@}dQT2c z-V5!^##2vvNnZN~i^Ej&9|e59T2|dzBmI=z*~~>b8tlYmD5|!rFIwdvJZ4iF1v@*J zaQBT`JChDVIm)u1{Dh^%@UikZ$HJlyQ69ec`t>>Ewf6SIh=?npjixPEHbkGD$lEnL z7dkrsj}|~dO@^~K{o`$%c%ixTN^`~Pk@x$6v zf7M;8?^bA}p6D0dWP)2+uDJajOYX?oxLLYG*kE8go~;G}5yqNf9`peHq>3Qzz*8oM zz0uQdsdPzmPK@o{g8Bt5kWc-g{1*OFEw9`;p8|z1D;dm3c>eYE^(!U;jFSvj}>N zi(B7{;dV_893}w%i}2PYhrh1@NNgfH-bq0YF$R#uWPp~vsGJypKxSg$k0|KXLgX$wvssN>^fu7_pN`i)^qgB zE##<|fS|sq*6!D}=g{AG9yYPgMzOQUsS96|-=O*08*7RR3RiUS=~bCeS$ZAfBo*~p z$0){OX-N1oaU5DaCMK?=HSa$c5)p>9>q$2C&Cm+$kkID8CCjC19vhcT@B7Z&lI#Nx zSGY|)9WK9c&giY?sgWlCIq`VsD7NFE*aWUM1t_4I7{uH>D9$^p}i@Y zgCN|TXGB5UwdCr{47c^|9)_3|P}aNlU|U&vvB9tHHVR3zhH@|Dq_;$O^`4u5dZa?G0oayR%cR9UD;FWaSW z>ETiQG9liE1D(~~x;|8Af88^hYWH}@<00#w7B}(kW~cqKB^@4D;{hoN75-B7>nN*PrS$I=s|%~Zrhim$ZDtQQis%4wZgeWLE*1g)md z+#eQ|+~cE2s=6Ep`mg=6rww|NkE8ZBmEydEXC0!-kw66@IqVtJIX_WGaPIi$lN+CL zSFhVZXyzH!d2B6B70Q*A7FnqnIsi5gRBbbpZY4!LK-OZ)cG~OjP=A%6~MdmW7z@ApY#~5I;ITw+FLkq9;*^#{qqb z)F|K1_tW!&`q*(1N~PmFb5Zg00mB6^a5yDoR76Rejesj;LkOshYkFum#sZY)^6kbS z?pKxG!}feXLUV)I2{4UKervH2af^v1cy?3Z#^H|`?v+Pubg>01lR=?u)Y)Q3Ho`cr zy;Pw_&$(Y!A_*yZ7%VTDA^A4U@vMFQRo}^ZD>Y>UO~};-ENyKGfc6J#?G89Vjn|dW zUv3HVz}HEhk5d&1CdtI@qaL0^@!yvg&QTtt zGVQ(=4c5cM)*S5FdT%f81N*&WW=V&+#{r1sfXWAy8cG+Djs`d56bqSD{uf>;yEBj6 zD<@j!=l3Ep0|Wzf0pT;3v*R^UO;g-yA=np2BqM9?u&<}asz%K-ZS^5yhqD!@zrADY zC{+GpAqodj?HpAf8~$+&VB_6xBIC9A_cL6-_+V$4q)Fg0FA}YYbjLu1aYSUwh*uR; zQ)5qYM3eGO547!#6}SAVzBRjOzRVFb>nQ&~i_QD*oY-D0`hj~3yR+YyV~25|L1F#= z-6KynjHgU=RZ+?`PduKY8Gcg}CJ2u3Sx>HkwwS2sE6lAA)h}S6_9!$pQPiIso<9d~ z9W3X_371(asRfAtBpTc|RdeUT5pe*w)Y zuEuqjUiHYSoQz3*+A zg#LqS?jlE3^Kf05*UA*$P&)pDHgr(|jVPa$L zT<#13<`Fob+R1Dx+bfVkF!(cfp2|Cgz|BzuXa!(6cAkWWPe_u-Gw6VGpPT<-iCrEm zG!tuyNL53ERB*fL4YKY}2iQL^pyX1HN=SvNe7wQ;M32qb9SP+yTZA063VlBF z8!ny+j=8PF^>#IIVA}FJ@dS*pP=Mf&1!~>@vnvMt@~waW{@v_4q>wR5_zr4&odPa1 zms%3;c9#kH^wR%4Be^Mo$4O`WEkC+&bJI)+B3@O}*hrlZn3)8>ejx~3M&2Ezn9p&3 zGk7PDaRA9<HKIJN-9&4uce+e7i$esT z0k8k2pmDq@$&Xb3*-v$J=u=33rif0a8c712b6p{|$BC-9s}9f{qoY;fnvc5VwISK4 z605(t^75`1!!KWC6bA< zM$Ms=nnn~hC3#6o3kw1T9FU3#B&X0+9ESM>_r_7AvJc!lcx$aCt zL_BWs&K_aS*1i%TYTIX=VYT;ihzmY8>*VnDU$);f(Bb@9={0Hyul~^`+F*)`>a|&U z=&>A4mpI{<=)!k^fpF7>BQay~Bc9-apEl8mE<2C9g_Uv1DSP(g@rZpO z;llT)))SP!qMO;W!t{DdNGSmka(?II63B}@*S;DqZ;Yv#1&9mmPnmcz_UYo2ByO*g z&22_(K%4B;2CW?a$53`JRdI>yz4GSb_N?1mwXKnEXUc>1{Dijq#B;c8NX32L-+up> z{&NrGm#=rCY4+xDYWP2fLRIG?OGEt^nvV`v!7qOc|G^8M5=fXH#QKT7P5LBt;%vZQ zxFkgLNog&AJVS!8b6@(CoF1N!6=mxj66fyYgQslONLBkLhhjiRz=6eK4+tG6066tH zo3`_u{w83Pl)}^+@-|}u7-l->%G0Xt)+a*sEZb4HPjE>A(wl&HtjPe^Tz8N9Kt9HW z3jx+vaIYunJGVsGwk=y~`ctVG)hNI?e4U3^mGR0%$|1;z%h2`C!&#qCALOW?PF)|m z9`o1W(X6)wbIzX4P#lRDmX1-!?gXHZ8ij->Qe)lrmuS$fP{)rS;$~tVEuY#?LTv-w zI1i@sV&^@(noiDxQ0jhK`3r_42T5C_k#p?Th+y#{>n@}G5*Ty?if9r}j|Yyc3c{?L zV=8s*OKTC3Iw=sCMoCtqVYd{v?PUuZBD1w=Uw4|9|fO3{vmxv;3i zFc7eq?;DZ)9<0PqV=3{-{<{1Xx~uyDWD!Rv7rR<*S>(WRYe`{GNS>4XLENGhx(&t& zQ*j8k#q+O165$|2@rFnbI^DU*NO=<{at+B_f~f*-%Km^|W%yG3+}shM-j3eNq(nQPV$( zrHDW1XOHu3;;!3=FH}bGI3(a=ZEYQvFHwnW%}xd)@rzhz-GmA7g0<)g!1YnJlXS6i z=fAP+ZTDw|9b8+;!GC^9Nv1bc6AVhbFBvue^wbU59+y$~P!bn{I0Sk-(15g>oVtUn z1~`pos*F5^l}QF0bN+YpH@7%{9*9@19sLX|aJiBpdOw{SzVBrd44?od)Dfo*eRu|D zePpc;Ge1+yz+6H?F*7q70L=Kae@p(K-w7rrHp8=jG@}?&T2Mc?usQ`Na!v8QzrdVF z+h!xaBjnBS2oV(3o*p4b#EwV5u=&+r7Z-Eig6KaO!@5K71uCYVixw&k5jhq0ic%XC z9>1D!ogKDf$zAUYwMT6T*Jr-xu|RQdN`2EsWhho5obp?%Uw4t+PRi%R`O{12u*IfL zt~LDD3BSL|8g$vcRtjtWptnVESDodT#J86shPc01^^DB7>-!F09+jZPu=JScs+li@ zQk`DN{`9TcqoJ+u#+Bht+l@u?8!D{Y?&0ZQdvfLz#oQ6ryS~!&SFWHwyW&RFhsEQe zebKv3+Bdc7_eOshvUCH-116sOsk6uSoLateHPE!&)9~Lj1Rp9$08dXX-#F{yKNZad9lfq^4_p~PJ3MN6WebI2&~`-jge-A zO|6gjxzk3C9U0MPVx%)!mhdyYS`o|jo??7GVnQAwxio}?OEQCq zI6LIfttiYZZiliV?ytQ%5>M zc>#Y-`K@?OvD9LiN0Z6~egP@8%u)wOE}LyFxV)YfEjjh`MNim0+&qPwO@)sAvA>s$ zfY-r_%MdR{91BNZV(dg|G43jWXIw`o6>Q`!e5YPO0Z_&G?dq&5iT9%gK%F^fo4X)k z$kd7G;YI)Y3n*n^9s?$OtRt+;`Y>A)XBadI+dj^F{4FUDp9QB-9G#+p8_ScmeBbkh zY{Is0Q}iT?8Yu-!iadoAt26dACVm65y9=+^!h`-a&8(Mr08=%y1!T{0%?E(wQVT%< z4kD<4?|_GxLqFFWI40q7FM(WG0bJ$@?*96VZ_n`9hz#OlV4%m|k+#^wP3u~p6S2sz z-`sW!3SHe6t9H#4!MKt&N7t*ibA;Sb%aKmU1%5n+TK+HTzg``9q&X@IBc zCrF^Qu-jU8_U&YgeFnb><+Cg}0@2NN>lFfX3V$}INu0lzz0K;mxZ%@;NVYfvLVl;K zonXx+31ozebG}+06SzH(hYDiI;PwAS(^-c_*?nK15D)>85Rg!TP*=E5X0hyD&m^MF-T+mOx>+Rl^IuM$N~ba{z|H#a|Li(Kdd zrTm>90_9<^8bM@ZwG{rnHh3%91j)J{R!}(jf)YIBqHh(5AnT%BXBlrS!@BP3y0`ea z=4hTU-_K`n{S)=m>m=I=5b1W;V0XQ?^3wTW4(}z7YL%-j)Z>MbkBzl;@A;B0rIVhviTuHdHqphs1LE?I5!2FUA&VT>N zA6AQ9*7BY9L4s5G)|QEUnjk9poB(f?(2m{AFGD}RrD%OWxp?oRbiLX^dkrq35p7bp zcG^zp&=<#Siqxci;z&a-$*n3U;wCoy-cSPX!>z4G*Z9g;USEcFEg_|NhHkWqZwFz| zmTP|48#NMnz<)=F>I&+;Y7;`(wqcH8jd{q7?%R`#$J_U!Cqj&UrDC~UgOT3R zF%o`CY-Pq`%mQ+*)4d{XRgPtPqPWfUCJvTS({weV;=GV2kIzRz4uu749hDJcbRkr~ zBGSt3mDZj!8vw~96_qi!HjL_DJYUVEcJP<6Ic@qPo9wcL7`z)j^FI$Md00kis|#K8 zg=Zv{I8^PX{3bC@6jahy6b|Vg6*)kB{lqEdCTd%PIm2T#syF<%`xYeN zVR=8M$D5>}`2TO)hrFf06Ikr{tHYHnoM0Y+~`SF9V` zAk7EbPG2$;2!MWhD;Es}&#JWe^xQ7qlGz=Ec_h$anDU^H^M<#{B+bE-+}i>*2o45w zf%F4do4DxBb%N^_ob(eLG4i*x9OL5;fv+P10ha+~9#E7sUA*uCyRxFLm)gi@V}|QA z4W-GQ^QUt?DQW6!W{aO&@9kSM2Ddi?G?y3?LKLG^)!3hGtMomUciFjyiBm$nDSeSY zCMoGbn1+?O+*)Ou;eaHR_SuX~fSKM9x(<)&w+$w80Ibc!@(z!8#p^ltIweXKFy+_v zxL3G~8TImm8#k(So}6$RWPE(}V6XSf^ZApoBWMgoh>B`hBvDn^%P3ha7qlRFn8dIq z2*rIQ9Zij)ugpfGT=dzOB+Bk-!7OxFJFCKEG{f(UX-0J2l-ga7&n+9Z*PY#Iv~vJB zoT?NBj>Qq!dh~UD+*9hU>9v?D=r@v7Il*{ZNOZ)8Z$X9v^4x%4B4Obvv}Ur+zb=QM$jI$BA}p7KBvP8LIX8+B5RUxP4`F2%de-; z28H>BG8A$s^Uhr9h}Y7oV_14ER7Quw=ToKc8zx7{F1jmN%25ZZn>UQu?A}PrP@lIS zQK@LojOm^4D5vWY^+gHDXg?ezFghwGdy)@V>KjhMDktBaHg8Q|m`zTYQfD(3iuav1 zi_+v)rsX$_zSx7CwKiHuTDV_l93(;2&`oB2*FRK^emg1Fi_H;=A4zyf4JkHf3wQsp zEi!1+7sONL{NV9{kD|}1daLgS67c@laB9}n#?%=TQPf}<)5XSzv~2x7eI;tFPSYyb z!~4?${#@~+7^}$nUzyMWCIqFC5*5YY`vE%Md(-{s!mla!v|452mkTmbD8EzVrv#jV zuxA1xBU83|<6Ar%E@Dr4U)Qt^oGHIitL{au6yG=SNhLBG(y+=~SJL&A%P5)Vj?71F z*YGY?orF!5!L%`yuid?U*A{=kGe@v3OxnxIm?jYpb6+dd67pu^$5XD|;ScF?>9~bL zQx6b}?2(4xT{kXykg=06Dm4q;F>Asw)Uj}Y656DR9+x0YbHCsI^E&>8C|5U~N>2#s z=cf7YKJrKWqsm|Rlv_lJv{Ou}=GyuC4|2xIK`J-%ns!@gA$o}e!MtvqHs zIE0L>-T`@*tvOR>X;NwudS4l3mtJ$G0pG|5EjrqF{hiWm&svc2st0JhgZlz2$L;4| z?pBWx)a;EXXrlKEI2!G+e_T&;8Bj+oRf_@(3K%CX@iy%l8vBaMIuRrh7{n0_WJaHg z|J~7L{&(ac#clqYFXs~*+7u&c^goebRUPjWSn(&c=^C9nSW}Q{?sn}MLNJIB!uWO#O^WVLWODK@o5Fr${c$_4{)%b4+xuiIInNrD43@rGS7yj#@R4MkPuaGryMz zkDW-8xPEKr5MQrt&>Q@f4}(S|f?LKbz}MN83$98@C)SQ~OP&luO~e@a=Q2~I65wxf z-OirS3>0r@Q781!ib?g7{cJAA0eqGY*g9Zr4yxhe;@&*>eZ&D`#rvB2)!0Z-UtXjK z#(;AIZ<6e9wPLc12MGaoZLrX|8%0YrYD?v-D4(KbngWsd@A!D6KMTF%fU$p=Tadba zwRX-Y-`c6OavM!dZzfpjNt}o-&5w3xH9y|ui>3aIyY`lb{sJNa1e3QUU9-VvC3$(u z2M&%p6zX?IMI38(u&7|ok^!f)HKAhfzZJkfGUeG{`IW20h+T}NB9fZM!cVM@vXq9R z*e82u=H~1a=6|MvknGX8f?5<3bH_wEwaWar@Q81!wpM6vfl@w3am{%1sD*FQ`;GPK zchsirQ2{5nzf%*2pCcf60##E(>zULETyDAh|0bHHlthw4*4w4-!YOm^X<0lT!qyUp zf{Zeu?bGYFmZFpC<G^#Wu zV!ub2AtgwiJk$Nccb>yI7M^a+w1k*09$vpUy0~>cXr4t#Td;CZj#k<)hizPnS{Cc+ znPp#4SXA{+uL~Wg5`>&h#XqF*T`uk+7@{-Gfb6QvQMdbWAjs7;YdbEqHrYd$jr(hTTs zh=UDRSTP+uLII-ob?@5|KWf@lJ0)A{UoE{(dZO#PYb<)(rJ3O|^&?ftNSMFvlKj8g zw0N@~lSLiYx3WX+qdA4mI1wal9l021TsB9PK$$fdoU)oZ?@gb%ymZE`)+4{&{5v)l zygT7;H@?uADsDxdmY)81c{!%D^VQ^czLx88)|plpn^Wrlcv;AeIPJPzhqCx^&bCH+ zyRnHrv8RlQ7(Zze76H|JV##sh;1a4NH3RC)h1oRUpK9aovq{pLpYnJG1dQPEJ;=A1 z<+1wV0OIzY6SJ0dL29?9h#@Yl2=>%{2ZpQ8^gkNY0bASuxrJ! z@kP#WRJiisIxYZIDBxB0M*T*>j{5;uvkxnB-qeed-naG7a;s9BRoHXG^gAK1u)dQBRJaq0coH-{Xo#} zrn>7`rI_HN$VK>OrRwP%<%d4#l8~_XoA~mb<`YdVO#qk>&2S&!27nRLf8X(JtY-aF zrc0qy_4Rq$EJS)0OWq(y(#+ht6Sf}GH_RS<9Sl2t#$OH3Gx3iQBH9w!YE@gi8rIO5 z{NAsigKQgh!I=yWS@%I)Fkx$bn7BzH_zD+hyT4{*)BV~`0MKSgwv1Y-w%;s|$=b^5 zA6M@~&6XR@(>XMA=++kFP?`{tDG-AkwudlLEN3tI!Ph;s9)uz9?3k6{pd*vk>uw-I#Z#nbu&ZhYfwH_nu?JviIW2k}9i5yE0p%C`jNSs( zehmNqf}(xmA0gh&#jc&3Ivc+0bD9N_49^F`2PGTMD&Gp$+{y#4_+7|TJwi=X>G<^w z9~*Nb`lrhI_ovvpG^jocF5GkRl}CCs)JI~@y--RImmIviv~!vVoM-S}$tTYysZj^x zUB-iM-qKb$IV_5_$Q(#Bu-!KP@Yw$%oYF7*orp9**Jf9{D%pdyIGy-3F_CXI?!+0Nx5Vz#KBM?WgH@03wFI?v-b_=_Y#;yChDc=&FgEv*ATz%rA z5N!AA=_0Rb`Zs!nG5yLOP=ZavX<$sSA5*3*#e@+7imLLk?{sacFx5{={nJGoWB#~4 zX7|rNAJmvqF{7`z(T>F#)IAo=_|5e%;m<>2A`is`4m>IAfW@`V#cl31=4;c-3-|MP zZwcD(#0n(UY%qI2%qZAW1V&%I3Kyd_71H@zk8Pj*ia^?Mi7@?vC>lL(&d(GFtlny#jLvIAnKE+BL-gTwWrx;{A=N*2jbHi zX=EZ_Ga_c{>W0AqBzf%gtcGr6@5ODgDZF~=ta$MxK2PPLtI59rwDn3lRV8ur#SJFl zxUbPnD$iFlX{ecgFAIh>*x0w@J3sXvTo1hMYz8}tH^KF}1;Lj=>W~9c1-@H4Zx%6N|&+f8ldzsNq zM@pkYs;ee2QT@%oihhcaGP2=H+~6_)FK1wM@zw*K`$~M_HekAU>JM#XZlXYyTKRXm)2iu@iD*5LE%zP%mwWeb89(*Pi0TJW{%tp5OoBcid|B&W0% z4`lFjK@H`IS9|G6UZru`P2=voKGF` z38brA`(-^0q&mJ+$t09w&Xm3%)J;h>wX`?|d2tQN<9R!Fn6TsI`a0t*g9DoCoSbU_ z$7gC~Z;<29F#-zd0^n>rD3)~(*s5~0S@K#-@dU~mF(KEh_ty)g?Q6?AG<=`uOqg4k z#uL+I1^WyyA(nt% zJEppx-3yc9)abScRM5}-Sz7vh5d?+WpOYaQYA^v5G7U1-4wk{>wW)NQ?pf2a_YQJA z(NrSQ{#+n~{a0l03eSjE=;ipjcx>qPlC0A?!Mn$t-gklvwuk>3cAG55{*8s*?+)Xu zm+D5f`FVS8-(IaC)7ZgHMnwrSBp}W3;0IeOfDwi5wzhI&3Yz}=0mSt1ch)E!Ba6+j zy#fKS46ng6IK4&7G`z3@U}$gB2MaJsL!&R99UUEi7JcrbLG!HXQ79arAbxI!Kt2K9P$mTysmrGv+2m;Auf!GJXh$OYKz9`1jqrh=ar zW(OxHlN4m%-{P;#l1^im3!Ix>4>@IcpHxa+hDE`%vH9&B!O_VMhOxb>w+NGvPvv~o zN&sC;V^uR6tg8n-Zyx}_y3O!Olk6m}xEYW5J2&nRX!p6r)kK^2F930tpi@B~;80zy zCicmwsd_fTi0nrGOG5EQ{t@_QAV~?EDY}vC&_5a9OM}$`K(=hLSqILb$czEc6?`9i zcoLWAdOuuWVbD`@j9jjvYtBQ_@?1LoWKQvt>FL)|Ej&)HwkZ%Dn z7uGD6TX5PvL1*hdMoMHn zt$AkSn&X1|S(FAqqyPT=8qkK{Rcc7Os55~ZXAp^vy`YZL(!l?@uq}(b8xqJ7HZxTf z8KJc8Fy>*}gI(LA;3KV)x~uf?iR`KAZeBt_uN@nXVNanMY;6w<-9LgJI_BfoSNgv6 z9fhr{n|2OO4cRGEjE)M`wGc5+jpe&NUiH6()ROya;zUiqIPnzrwdB*iQL%i2*l0AXvTq7w_3 zn!stTh_`^pXo_G(s`*hIiT^)P_Y8TQhd;@NT;0ZWHMmjm$!U#s)5elt&1WQMFa^(yOy;K!f@(9a zx+{s-nZa;tow?XFGOVzz-+C(9(Kr0h;F*GGgI!H!yS%#cZgy`6KO`!X@5jSCzI1Tg zXC>-m=-~ep(HdU5ty7h-=K=( z+6yCQ-0{|x7A9BB(rZQt@Csi@RH-QzDBtD4So3r3;}(8xxQI);H!=vN(BPjcM+HTE znauPC`&mEkbz9HONHCy|9m!ACQKA{eI zeB-hNVsvx(#AkC20>yLx)J3EX95`hj zXJy!1j_n|@@!MkTs+60Ek$TGiJTwv{F4~jlC}39vSNOG(L=OyhA>9y9 zPB;O!0u3dV+l^3DGi?mQ8QOBy@KMll$Qi6l$rNROJZxI1)9WpJlxRH3Kquvcg#`|9 zq~KbVwV}}xZ0f;jex%9D_}7Vd|0KiP~!Jh`DUIcT1y|Zs|#9X*N5}oIJbbNzIb*2I9=C=2&KYo z6>Y)(zV^Bg%O;?fp{eNvyC3aBMlOZv%+#gU+qec@&f$6>P+j zYJ0>-BBqX1v?mw=M@Q^;^Gf$m&w8@&?p|3gR}#_X(Sfcf|HCL^eVJ*YK}bjEx;}fu zK}uR0R_Jr_;$W^d1WwrMz$+3H_{j6Rk3jUikE7BN*00fG`|4r%*b{f6P~lGiJ|w*L z_A39o9R`YC+2_}*fTGwXWLn+@j7_$q_Yk0rbz*F1MI`~Rl+E&`)=a~$6Y@WQd-^Nx zd0}Qa*ckbNIQLW!ap_V4%vl{M#UmPi7UeByG`A-qCpTI)`3{8aOu)u4zl6}$_TFW1 zUE4K1sn!$q2QVCi-WuJ7iY@Ymnk~(PnMR7`##?GN{ft_BjE4&*@nAsVS?LF?&NBO1Qz;$&^1P8rKSYqlty__M);cEq#t_?x(j-w-6jDR)9)JUaWaKG#pPHS~S zF3a+dwycrR7*@mAk!rY~Ce4 zwGVv$YhB}U`{$uz9-*k4--Hu!qzFU3DOk{L+Bw}Yq~DaGdv7(0VE;^yU6uOx@@w&K zXY-j;#Ty?&(;ugO%kQuU&J8VoxwtE54dlWDg5y?GQSGztQir{?Rr5V27AqkydsX(B z!k3L*aeQ6s5vIS5awZ#_ymLKsx*4l&7I_C)4ccf*5QR&p)>jCF()WzVR%2mOFaG#D zFi@{C;mRn*^F?OC%&0QAS^9(ceqdeHuBFDbiZ?4pT4nd;uJWY_mZ4AZKt6BAWmbPb zdK<8G(rwJ-fR~gKn%Dh0(@j7`$c`QeLAqMIoobBvDuxQe~t|Sw%rUc|n z?hJ5DY^k_3Mjjh`2luCMBXqoWImFgo_)Re?X^o;u9H5$Omn02#!+aG}YaEDMQ`p*I zxxN{I{E45j0Z>RJk9tNlpSq4;VU`U9IFgu=8=#KQxsC$cUuQW78bHueOD0|VWg1}i2HQ1gU9 zTqywHH4;ft*1JAchixU7{{9^AGH8>vZH*FoQLwBLUuvN%ZxZ>_<;z!n_ha4#_dx~Z zetmU(OF(@Me+S@xX!<9oH+Z0N*Kv$US6cgTP~8ZaV=G~`3cuA@ubX|Yxq+}c26lEn zb-gf9Q?6JnH?cNy%CYAjEj8l$OK2*SHd(^Vu?7Fgz&)D8nM{HYD!<{8;EY z0ZaW4(~=IPGO1Raqf)ejxII|@S)2a?=^;km<98u3E4Nn<&!90hSBao< zjR4yz3MM#s{Xtw5`kLRV5T zM`zD=c8JLF4Lh6fmI`(XU|E;7dGgg+&IgbBz>8<pf#Qn0;3Y;0f8)gO0_=rp(9S(TOowS{@w8YQW%3cspR#9BK#r*Vj z_I){?V0nfM%SW+?S7`);_`i*+?>hOu<dZ#k2?)?Iq2rBs#Qto{a%92n zL>nf_ft%cCYEEoS#Fk1T2w>7IjpL2#Hm zv?R7AQx9%fu?aYsM$_{U= zs|NDKm37;ZEYCH$i3=oq328+u?w9SZ8nE$#5zfR{Hw!xmPzo6}UAUbu^f)MlOMl0c z*p+RULC*46#YFah%LMa5@A=+>xzF6ZnV={;O(?_-p%<pATJT!FcRg8^o`^ss7x{(h<00+G$dwAb^tu!O7|Ke)PhS=K zjpBT3Lt+m_l7xT_epl2`26|{8T!Gz4+>c20D(_0 zIALq}LypGVQZ+hb*(^$I<*T-+pfjbe@dQ%Py?w4lQq)Nb`l}&6BI%XX8^t3uV~S`6l_B9Z^*`;pyLK-o6E5m zvdH-DhxzPEXe)+(<#&nhXg7bEU3|=o{wZ1Rt2>90u1S^z*ufdcN}Qe;Qrx291+vm; zYXu2MYs*v9Qq3>`3|zYqSeDG!?o=HW#qTgY-S~*C9yIE{VgIj{c-5uJi1ECnI*$&v zyj1kRDst2Z#u-g>jP7wjl}I-9=1GRPyr%ZJs&0{2M1IYb;do%!b#?m5k+dawVd2qa6&MV8sIx5pLL8^6kcYOmcPTs(6J#8Ga03ZXm z9B)x5zb2`$zQ+{3?&HY2j#`^7AZP5)Oi{b>ETAxykn3%NVPcw=Yli{l%@8@SvQwVb z0a%)PNLKr3`!ykZ>j~OWmJksz9Pd!p3Zoz%76^S60!3!L1f+jMG1 zgqIrJgCm6TK0jNA4l9hClkOr(t(+_DomhZmlR^Wi0dcIm&0)qe_tt~-yD*>wYv9*ILL5fl_wB_DjC zMLa@&eACA_itaFoS&Yq8`7VE}E0<-4s8i=q*oll>`T*G;=PWVCu>*g;1yt}T9RK@Z zMZvG*X$A}|E!JTOV-E${qhFVQiB8L&8<|@wm)OVntO?5%k*_HnWVWg-?`96}4rW>o zB(U`cc)L128qhu#wP+L$O}>;p+uJ>Bh>%mtEj~xD)$2})k#nVt7|=+!H#YnVKw0+h zafAe@n9^~j^#rSf@Wd?|*x4kpJCtrtWMpUfcgtT;N%=)Goxe~U)YHn(N_-ju_4v<% zFeP~}eujJ4!0)Ls^DQskopwhi^V&jis*GX=c8SwnRTJ~zsJ4PNwi0jKn}xvnCe4nu3jf{41W+yrfSU*(#g z>A!ncm4>&bC#yO)KAd#(!bFynRn=1Gd;0T4wG+O>En*;KXg0DjWs`hD$5lt zw2LQ?*rv@@MG#@Kqt|AJUA`O^8aEY+$GAZS+2rArtDy+8D)rv~Zj)l66b7okX9t$( zh3YIx2H6^-ag>BhTzxePy%S|GyB~u|vOt4KPkOJ6+wptMNXAXg(?n4cUY|qTt^_Tf zQ&Gv(ui%s4-!yasf=H?CeQh= z5sW(MvW6=fHCHPxY(EOST-8WDzK+hjcz@#)wlTuE^qs3EY@ug5r|x{bIYaK(6X_n( z|Ab#vk5UmM-e+%~54*lvdawqhp%T~6ev$dy&=#Sd8@?79?bRO_<=CLvAE)%^M!H5e zy_x*!H_zWb@HyqXCsZC;wrls0VH@j`+Y#8(1&y6<;%rBs*isqyQz1N(ZmG%_^Zv`N zTKABAn!5a>YYWB{<)_q&hC{;u_q*p!g`D zi<1_q3%jet6{Bn$4^#_Uc>tG_a%t0gL zSMOS5=uXWT!XYOx*;CZ`9KrA;c0suVZTQhHD*f@YwY4>xJ}0l}!SXw*_hSOA;-okj zY^gqkfW%noaAkddaYeL6WN<|z7^>6kvR;)9J%a1O*=V%if^vXnuTIJy$I>x zpuT_p`XO__zs}=W9PDH@wY9m;#YECEL3(@N?c&hM|IZ6xZwr?k-^~<$F1ENRXnXR~ z`Dl*nZ7}^%ZFxxm7e*w_bO0E)%eB!*i6DK`u^?3aiCrBjs9YX@i@_PLc!7eP3YpW? zs`UO-?0N|&RVMO84IforOyyLZi&VjTu%xAOh-S{9k0~kt{2DnS2qtI;(w?FSE=`Bj z*ID;~l`a67QN}=Xr0v{^IFWQ|-d;zLps7jN?&xcA1)>906l_yqz$lTv>;V4xLAx{MB^K*cEPXvLadRn%o7235f zdzulcReS2FVS&7^2!L#_)r{J8e)xE%AKBTEW$ox#Q`o)}W8NP{%H(dC(sW`^khQC6 zP0vvikVR)j5in-|0{AMzNALfn!1~Imp@k3_7n@$)BcSv3b{C2xJ^+Yrh=Pdo9a-CH zl#Sti?=FC72;|4!|^h%?fYHb{~k30v=7EndFn zzdVGzlzmjPjtuXuane*@f*VuPYuTEwW$@_UU@hb*C1(I+T%Hs#JBn6i zzu;nG3cMp8#DzuuJnLY}CeVppMFrqLCrrJ6t*=h?1k^X|t+gPbu!D_!SG?CmwK+5$ zyMZP@ve?286}>uFi8jS{nBgHAtPGzim1qs~BCC@+)znzA;JhDGXYLpu^_OuQ>L-X0ymX*lr&bgKppfmiumb#(2#l8!v zgb=}hw+1P82|bQB#sugq1RY^V-bx#p zl04Dz>*4P9mInv}8N13$fN<$06bVeq@XV+)hV??RUPRJnCpS0dzi1nC@9%%#6LUVq z!TV7RSPJ4^W7rYAPJT4;M3n#AMfrcVEH}esYq3L+AL~-TO8MNoNi`Pa95S< zDsb!5l>IP}u}+$h(L=e-D)Z|K`d)n2LeiRjif{R4-Or|4eXpXrvXcG$7m+{zoJj>M z5qeXKZ(bk>vsrXH6%|F#+OuLJL57A6J?ZL?vQ3k08ANsu&pq)C#^&Qclmj6ZtR5~l zO_=BbCt_0!(|UiUPs3j6OsblDKi?=^ev=Ue3Xnn&#MG)oaSstieg#@&BQbx+2noH~ zDAX_swFxEf+~EU_8GOf7n^-E~cAt}50bygN#lU1YeA%@<;bY{(c&hAyllk`n3_=*9 zvf?;jQ@m`L>E{OHBs+UMfn30c>9rdq@U+Mt$0e!bHiw0n6S%5C>tKei5RX!cBp@I_ zaA_I8Lw~MDH!=Lf`T4p2O^vRls}<2xYVm{V7@GQL*Jf7cJ;11@%uI$XRlM%|iO~08 z8CSobt$%tVb1cbd@%0%NQy77wcZ6i+TeRgWr|GuyC!i<@l0$hjJj~hqQ?1m%%(Z*) z*--<5Xj3!W{o)L^(K^T*)q)t`^1dI-b(mUzv2L78O#*u{$xO2man^|C7~p?X)eelPOH z1n|P!UiT?GJ@oA`M^h^3#&NoxzOSjPi^VBVw0RY9b@lUS){!+b=K#6*V&T&m+JA(E zk|vyN{X-29#QfIyZM-w==zaLB2iBZ+AAOW|&%2M7o`*=O1YdvnpZW@to3~}91p}Q4 zV^@RHo;h`0SUGmiehqJZ2U)=P+GO#g#oXp*9IH|*X0iZ^^5!YMmHhdRj+ej|l9Si^ zM!3#<-2ya}bsu5*{?o+c#LQRepBITX{ExLrgd=Wd{m2BbIicc7(}B4SLBDqqz#N6Hl)g6LQ0u)OM3JNG}F~?@rcN;dxj=1P+;}-kMm=V!|n@;{U2XuP{s`U!W=0p z{j^?Tpnm1xZh0BgpTN)MDd_i^kSF+tzrOy@kgbGFZ!NWxa#?keVpPgxcHf$J#;Mis zOvKEW+KR;TDt* z{8a13q0DVU9pl1G$?7{@zuJD>pk7F5@?g@~R=%26Jy3{-X@s7kZpT3DRa?}I1k+A8 z2onH=uwB-+joqtf^Rcy!k0kwY58>_U0af%z&nJx;|8<MHbHuUNRK?A3V}fWDwGaMf?p+TT)^YWBar?Eo zQto{^Qhkl7(denjT^I{4_Ae3g)x`S@Z!XOg#%Nevd+jqLU#&jj#Xr&Gg*jy&pD{_w z(%`vL9pD6ST8hQsAGaVFX7Kd4m|@7M!?+q;?XVoJN4o6oCV4>TISn+;w1#@j$rTus~o=r_zFxRt>w~Si-g!9}UAb^WZv`yy@BsfYT zKrkLys@LOAV~uTIb2uDyqgzyE!o zsdOL>4i0Yo_8*Z-kwqyi-L}hUV-A?)U03H^LIu6 z^tbb<4XvS;7OSv`aB3w`k(z|TQxbYU5UB~hGLa82RNtDKGHGgR#z%ym|2D3B{P=)c z%;cTFt)$xP=bv9cPn7)-C@uD@Gjqhk$~=gRu`#yXY2CKziF+nEcFX3|A}jm2xVTtX zBS)w3LZ6lR{=Pn$8@YqJRL3S05BJJil_GZv7boZ3&#!YqXhR-do-PgJzjxq71(bbk zH*_Oh;J!jZ3Bji!_(%&vZL@xzDWNg@W?j7PrOEd@U<}*s=9VStUq4dF0S2~Y6q2PS zk{(0UH*bbfd^*d=(lmkePVg7DALW;BL zFRX|vD^D&YwI^t0NEXV(Y`?N1;d!X#Vle&-yJ4dX$M*i8`nt$+dkVb0g)UMhducwR zKt*-0y&q%AzR_Q{HXQUcSKIGq^$a9}MOy-e1 zDFX)Y7|RuE)z6o53D5t{0=*j8)Pd}e;d!sMth|X4pU(Z1Qt)xbx6+@q)MeMD0;ZUZQmfQrX2_&&Q`_y$Eo_lyAtLLDz2ypN;mXB-oG6=+C7p| zav@X_aXAd;BKi0IIhcyqz!AL|s&2S~LOMG-e&&*P%%z!DsT6@pixpQrnui-3NDNi8 zbCCmzE5y>uT*5=ke_cA75)bcPlUdHEw@OO*;X$-H{fAVi5QPnX;$WGJLzlm)Px&|S z!X8P!TcD$KaFsoaFFZDL#r&~_hEI^?yW*!t)E$&>bIKxLS)?3t*{2tz>pH33`MwE@CRNq^kT&l-_xZyD9a_CBFMNF$pqR`d|3JBi7UVM>iNgd?R@sz(*rpJT2 z&QMq{F_#t!zUWDhRHry!>k^hFWjsM4O;2QmmipT0QzR|l++^>B5ivO9UY;wzn4RZ1 zz+>6xYHh8K)(B;Lr?i-0hwJbyBj7IykB(3G-voc1D)v#{cwO0v{h5BIQ!?1QE2g`V zKe6w)ZNBCl|3!pQzStVadHTwS0lJfqPwv1t9%G!HN1c@c^I^L8k<7l1E*E3wAXW;a z5z2huY5WLZ5%pEuOqhx$D4(^>1VLa+zV{nbLhA0*b_Gz@zj3HHYzqL54ItlpF2~L=4BN{{?ULl!Dx7 zldW?^{>v|-s_nKx6QIU}iRj7610U4=y1FTn46iNOj4Df(JQJ%oUJ${* z3k#88Qc^Y_x3CX6X)*@iHXQ#IHp9x!E!FGL%XjK(8w_e(FneZZV&{9q{}Lp z*;oWf*ehoQNR_ankWEhn015Oh=)P8SltiTtYQDmLNgjxag-<1k=s+n@%!<6MbN2De zUV=M}X9yt|$XAqtsoG|2>aQ#KB7k`lG(3UgTxbC1L$tl%#$Zg;`6dtpn$&3~1dH1! zK%=H4Vv_H$I`%0)5jt84-koF697N}&>L6;^it>#1>#REz0VdO8PUC@ZV4@{Qn>|6) z@bA=I@X~oo+wIc>B^nMI-xkf%95n@YM*bw($Y^=X&9O=R^fVQOQ;XcxkN*J&M>vBuoE?!3MDXx5`u+T7zn{svu4``A{ zki2=T>Oh1XG;d&D_E|x>xw%2s9-#R41q<8jy8ty6KZkeHCbL?n@poG6>Ytd&h$DJj zam`=*XZ~4;Wn3q6f|Z{b^FJvz>p2B3WTa0uC%+M6erYMo?cJl=XkABE9y3*mDl0IO zQmgi%QsWe(KH5Qo!!M%dv$9)-xsiFE5cYC^6EvCz+N)5$erg2eG+%q)6*3cJ3O;r)=0j5Q&Xt_@4qj$ z!GWXL`MCx35|`PfUf(f-r^iUK+`)LtZQp2KRiKUjtz=1VKuQn)``wJ4PsN5BkT(PN zM!mzHhf*}qvIDixX{~EaWG@7lQxb`XFLFNxY|faF4fYD3?!Ubm!(*+cE;hQCC}Qh> zrmE{C{+%WCqV!Gp7pb}!C|W%lxsvhXdoAqk{|fkNXHQZ zYp}t!f0)en z;ciB?vpU}N3I7%=58Y<0&(fiCG#joh(zeojf#@N?f!3X+79R}XYP{+c%B0a{-Y(?( z)jsSl6s6@&uz%~*%m~dqzCD%OZ$I_eg)@4$nke&%EYl*m>0-ZHEjsSrAh-p7q$mCx z|2vC=f*3C-QNSZ;cxXRY)XnQVV~gBJSdiRlULd>=9~0x(COVhhcIvWJejE45M~qHX zeYvBdNo>cx64leHcgq%ox!xkyg4t(_rt0UFcnm}<80!j3Ac1HCgL^M1|Kd>Jl3ya! zf;BS>V41f*_nT@Je~Z^f*6JFhiTo?y%)c`t=%t2}_KV&2YL4vQ_@vY~KV+LuHuA)J z>mY32^knp&x!s4BA&zelWr*_rnG1xmjv49&M0LC?Ilpm8qGZ$=J=3(bzr)77lZ@)xgnc*u$ZCY z)w`fGjcOCVvZl3DlWF3Odhv^X*TdptGx2y4Tzy+x&NnZ(cz7b7rIn*;R2t^@)wy4M zZ@C;f?ozdOBYf0=nyc;|9tC4*PbBjBCh|9^8v2|m*-}dZe*>5b~ zE{cV3LwA?-=U8UIwNNS%zCOX7DD(b&^aYxdUcJ+D$ZQ{G-HG?l)Prf?};e&Hqe-Egp+)gtII2dgVGvSmE2>grvW8j~e69KJ&N{I=pqeK4Ys?4!WP>ksTQaK2!NqjxEF zkHkuIMZ|5gf_1QN%e)kJEET#PYyG>GbVPf;#_P-cU-ifWP>5o@xFL>i1Eccx(ypr! zt1SE~5exz$++eB}G*gaBhda*(++{spTOU#M-eCVPim#-eSzW#L3Picevo&y*deH(l zn#|4pD_+Cy%e4l+3(B`XuP|0sqQhRKk~3`YS;uaOb-#9Iy(MDLzc|(NIrw(LLpEdg zm7eu;>zYDEP3%5;Qzq=i86#JOKQIZR&)XWi>Jfi;B`m4T5Jb+j?0<%$4;pn}>Jt0tahwizEUabw)ByG-d4zy+~;MV<68C$tx^^l z`5i9g-RwTtQtG{adnYb|=-54;AjaALyr$I9tf_csRbq2z;0fcOwYy89xiT6j zZ{wGFB7Ea5jo*3pBdO;|)KglEe^P+ae1U7L+qZ$Q> zgEy3@RKHLDaC{hwbM^fwypc6W&;nwg> zQcnQuF||Hh9;bDSs0!Xqxg$DCCAZD8xSz!4XV)^}%MVM9ZYXP>=wIeG{TUisNkV)S zZg*ial0AyS7xvgma%gDcE$jIWd`v#yE~|X(miYOQwU^i1nFKt)IdNx<1oSE2PcXny zLhWw|O;TrfrP_sEvsa_*Jn$ikm-n_kmzoFGb{U;*V~4&?hUvYJB0vv}awus;RU{^Fbe=Y35-3RKV%cY>%& zGBNt)IZ+|`F+#nb3T-@Dod8&N&xSSKN;-G@u3|)Df99_++>Mgjji)LHV+D%^@P$sV zsbc-szlTg}hl$8nA&x0`qumY`&i@gaR(DdPox1~ydZ>G-rni|M4Ybm*z1Z7j!E71G zP44Dpm{jYQG{77eAHU!U-F>h*HA{Bb?KUj%!m1wI`uVXBBDTwa*^%U#SmZG_o7DOUYgWh2!FC$xW~t=Wh242E z{&eMAExc?G=!c)6)}Dzti0>Pkftcgv=1!M?faTHm0(Y6M@E z+l)j=kwxtltYw(o7}~Xoe*W(dt-WNhU4Jb_GKlJ%bNU%}L0;zvgH8nKapx-yND5ZvqySDpre$@>6j5~CzH_JgAmVZ6dr2>JR*v(4Q&4=#Ic+$Ll>YH@;5@ z`4XBVp>G#E_2-tQgJrD9Z&!OogqCXRsCBM;bvq=1;K$zsoaSwoORYSOEX~Y*hq0(d z`MY8lGCkpE0^Db>bMguZbi6dSjMmMRcgfJXdT~n6h>2QjL8?}fk#|k-;AsKz6O2mi zaBXL+^z>|eeE7{Z<$I6E=~!7*2$$7%zp&U%jXeQ@HFdEASJHZ)`*K@}c{Q_i5V)6L zJz-V{UIquEXxGChJJ0rCc0IcPbojKVGj`4tJSp;yfnas@4YhqMJ+8&-;;_NHAweUf(Ki=lSKAX5frJcd-(5hnAI85UbjAi9)~S%$06n_YfgH^ZwS!Z zY-LmityIs%KnOX?k2=^y^cQkbgd5EK_aauIxb&dWUTYV%S2rVQExd^Wr`E;=lbX8J z_8-W+EhdKb7tA&65(nGaFzcG&Y=ebDu=$#$@d)O1psO(7#30aCOAKCwl$txaU4yi= zKQ-JoFgNT8#I;O77P!7WyuTPNWZjWZsKN;=^%WjTqeZVgR%^^zj2yB}?@W;uczN$; zYDw*vuHm+aRpbckyUqWn7r?UGh0bb(v(Aj>j>iPlIeG1n#ptyV-I;mG#mKGi={?lf zi=Flrk6q8!>-p;8lHxv*_w)sGLr9bF8n8k;md3blnOi>&6Q`Gx~D;p7@ac>(}cN2+c#6cEV_8%lLbY6DR zHj5;sIzGNzzbYpbuOQDdQRQ+W+qu?!U*BnA$j)Fv9Q}yetsqwXu1GS?^`%t2N5xSE0ocQVB&?vc0aM{WdY6c@H z_8N;qO^Z~TsL;m^OS)ucr=|FJ8X^6!ic674Kybo*K`12LMZD$P&vTzdY-NmAjKK>J zpbhl91Q5n-|H#w=3Z>k#ouac&l%MsSd*{9|ezdlW#62nL9(NJgY66Z=I8J&xXIvU& z1^y}{(ST?Ftkc^mBbId3%eXW1B?EoL7YA(4yk}BI0Nh5F_;}6)Z$@}SJdgE;`ZDHO ztmoux31bW@Ce%WiYrG7IW)a+2jM7)KE=(R(=eLf67kqe^&ppV`UPnb~PCTxV`=-S~ z`iuj%-cdwDOCdzR@Jr#ok{J{-=hy_N1><%p0=qn=zDyAigoqtEhz!TU7wFFQ) zi(aCKuxJu+{k3g#V$?@FQPKbU6mv@j0FM>RVX~qzTARXdXCs$PFK@pYZ@l2$@>)673 zu$)=d{Ur3{4ytvQ{BO3mvj+kW5!^Y+#I)nFR^hK_PW&u2RKpL#ciU32MmuD5pY`T+EszjjS*D4FUp^9W;c8mncBGY$fPD+cULN4tUo#h=FL-=2-@{WYW+lEc6Cbkl}o3IYiUqp&O}RjbmSJ^?8Si)Ik- z6k$jF@MQ%mV-9TUj#v9K?AI$wNGWzUY*(EykQ&BN(zx-IJkDo@RJO)vgV~*MN2liA z4}AnD;$#fd=Ic>k+>ETO&bvohVmm?#+k0~1?qtJO`kWhxEC6>B+v5N5R2)4XUcX(- zMN6wN<8>8WqrX43ro?SwQ0H->Hnj$MHZvFo()(zE^wGvpL#$Kht&lMcDKU(`Z< zUkk*RTu>_ug(g40;FQ98HA|%nIy`i?2qp@I9`x&j((tX0f5+3YflaGn?RD2_pnDw( za|u({Z$=9A|A(h;&by?ez$Qin^(gRLrbs_kMzaCffkyR8*E3aP$a#c42!-{3^a34= zYFtapgU!iWx~ZEYtafc$YSeBc#MtIYfP{p^90E?rt=R%Y(y;;+o<%!5LeIZr8W|9i zN}3lI1mTMc0AB(GdL4Icb+3k!8{7z6WhVFOQ_Zt5USHCJK_&k}AazbMXs(5U_G}*t zikt;np)FP2#Wl+-ncfr9+rKGb*r0U;XSAfy^EMl1Y_07*tWKl`)B7EKH&!ry{DEd*6Q3ktO!LLOJBbnOJX z&AvyG_Y`bH0zl2@F^#}PH3ZCMZ3jWo{cyj2vz)Qjn?};n{J$L-bRbK~HD$8Vmw~!C zNQUvNsJv@=L+h5E)!fzPn5E=P?@0w0T>vEoC&lVzsYF*}4*rcdx{7!N5BC!WF^921 zYx9jk_5eK2Z6?lAIndTNlqr%K(vb=5>i@Yxh|&)`DIYI~DKs5}Y{W5UMNj28eXzNa zMJ4LpyK|c}wQN&Wy0*P5{e-?%%zu{!2f)XKgfAF^HkA{1N>pNYA@GY@2?MVV@^wwh zUF2qnGnf|e;CfGNTfT&R&#QQHXEkeAL(N#Bc|0wVa7ixAyb8i$V@}a-<_#k?LL9g z@;TWV`?vHSiZ`i`Lbs>`7;aaV`VeNPc+Xa@A|x`n8d<6jn=$xyJpV=B;^o+|NZFLq zzin3WfH8b~ezEIc^5U|g>892hm?|#Ip)(cdQf}INC%KUcSS#kO%wC)yBj9b17bTzr zq;*>Yl8n6r{p6awSggAxUF)PV3N1YcNi0c~C3vSuyKt_xBW`KCL&U9NB_ICvYkeoB z^^wc6xO+)hFVo(5xp+J834njVh#ux*hn(MB?yWjhC{WE!6lU>?t!+8Tq@WQPwVt$jJq`p&_ai{$*i}W{w)W6nH18ChT5|X_A zu)u1y*<4z5g>0IT@%oVyFIe*uM_&H|<{p4Tr?4RGYy%5&QyF|e@9s#r^1}3lZ<=xl6WI1jxs#r>J=^GxP`^8 zJ%*!ZF&W+5wW4cc7DHG_#l+20!mH<+NRYOTmtdpk-1RslvO6#oa!=*m?8!d`J1RL? z1#jNO1144NxyYOj2xY>2uL=_)a+)IZD+e%v-qa*UyCcZnQT7#V-wMPd5}4~|DTDXA z?T4Q_dwhLe(;R-m+)RvT&7xh8FtxNx{0Qeou;ZICL{Z1nU%vhE8PP60d zcd4_8-OKQU>e+}v#JV>4{|Q>hHKVBQQ>7IZ5j%|s%yA$fykq3rt(6YFfH_Wq{s#5R zam9;lHF#(JmdQ%jQlIvVS;|o4NWtKo2x4V*cLdn(^ltUXzOoJF*Fs+H+@VsqmA%kJZi>vT;<6S$?psOCB9Kvnt z#Epja^U97{8+T2VthPFoj94pei-%KV3hZ1rjo#w#C)l(F&Lo+!M zPFf<57r5X==zP5=;#?DjIM^DmU=hiO#xQGpUjPm5H)!4JLC2&SPkR-R1PAs+5bsZ6 zvl87zr(Escd9*ckIaQF8lgn$Cj%7g?u^U-~+lJW>7=yE%FeiKfhbK7^@;e!JWJ4M& zPRq#X@C0Tcb99iC^EqKtcWwtBih_u`?55uCt?g}s`Qgz?yi$=c6579SW$taycP;*{ z4-3ZF>)rZ3A^+3lezq!~4T=|CY@CG7x7HN^N?%Z=L&*G|=@}?8u>sln#yU_5N;wHV z{D@RFH&Sr#f8?%O@7g~mM-GY`C7T`?>l#B?99mqF%jnlg>OPT0t6cwcHLMWp>tE=uAtC=&#qTxtR>=_m&nz z2C+&vH%Nc)d>ce=Q47PQOOTSi-d6OO0CNwg%)y~A8RI&(cDY69An6>#Ro5A9Vjd6I zzYydFXzwOKyQ3<7?Bi{Qq^s29@qZU~#%4A3NSyLzhY@kksx^>Rj$AQcISXsLGMxZ# z=nOA6-L-S6twF$V5t`7O?r`+gwsFl*SgVrh7c%(9%S;i9j!9UuIJ^b#nPYGes$LdW57)u-8<nBt7y#fy4uC*z)Roq-YQr;VGh&P zqH}oXCpE0q;67bLTOYXHHc|c>oT~aDD;uSio_09i5X=UWP;U&8Ilt9m5Sd{)h-vbm6^5el%q{gr8{k3-c!1C9d7$=8*oGDI&cS=G*MI}Nt)$+YK=uf~i zUjwo{-a#R}v5c{E1qqt+p1(1aSvb3NDD_}B2}(L345wn=atG->`QnXpgb!5SZ8v6PqRt8bhSZ%UBAxh2pixm5-dzTom+h7y6(zqd=(?fRP6#frt z_VY9jz{a;GHApxe-FTC`c*%GwZ04>bsz&5>CaquVq!jOy$m{AIi;V9Oq+I>MkfKie56?c> zm!2Pf)>}YK3VK`4LZoATNlo;LJCY_&Vx{xK9vV6F>|-NrP+ZjLS|=?=gjkax?=ozm z)2{SAU>0U=So|DGG$@02pvuuh>DZrbpWyb!ssPs&uicfMt&4i_AoAY@b)xRC;VTD| z+!YW0b5}n(RQx#UHI=gONOBMcz33{jSP zTKlFwD;=J(eonuD7ll8-LbQR|jh-@-KgW&$zj;4i`yb#7Sg?tqF%4P6^}y<6c}OD* z23~xE$jO{##7Kd+iQ~!#JSZ2z{{^BzO%J9{Lq_v&obN zm#fh1vO)282x}rxVH(LX@isR};eVZvy_ecz3gwvoj%_CzEZ12NnkV3+D=ZM!Y3va7 zWoe0?M2bVn&fga;}^|B37x3J64PT zNS$fPPaWNc+KUUGOm8PbXiUH$T^d-m_H4@k;=dYtxF|G8=U%nWWr+9gFWcfqcN$AK zNyPI16E`B3>99}~(U+jqwdKy`B~y$hboyk3V$RQFH6Qyi$$4+z!x*XhbypXbIL>J7 zRGYG-F;Go$Gn*=iRBNJ34)%zzs(Utbw3rmow{db!H5sw>v@*-A!^hMdA7UwL_}Id8 zIzttgGiP=)cI>==scCLO)Jsem*}W#(S;Jg8FcBXP=nj-ARzRqsQZ?h;oH1Uo!`{`z z-?b~gYEtikP~8#7`pJ)p9yEXP#s4HE;EAS5A zy0zKv+NP=9*L&4R+-!F^Q^HYjSXKYIBGrA;a6rmzhHJ)!N{{$MPmJ8w@7~zcc95+p z3s?gMkshm}C$5yg8kGDK2c!!5h82MCy{dtKJ@)rRKc|AtBb}pgJ!wP;^oV!I7p6N$ zHT%>z{x#MdT?|-Lsd74_CB7Ek+l#^O#IIXnlA4n;R!Fo}X!nt~nLh=A8^Qw|VRh8m zBI6=t3E(*~o`X99PVOb6ECK6G>rO2!U|hrPMIJj{3-BKd)%M+OVD(DVKAWx)Vf;CP zU|6ZK_I~J|K?j3Eaj+pg(&#gmDuUEC*fDZ~N?gk@b>ZVv48Xh)|FkNE!v?%~E4Dks zGyFz?+orar^tx_%HAi^jCM5PX+|O;dY7r-_S(H+w|F~?d*=6|+jam%6FcUl5l+ew3 zV)5t`kUMgt_w!Oe#B%(7tpZ{h z$x)M)_Sr3*KH6S))rF>HNVGiTK8zR9W9U_o5)xBTD0t2(pj<>viCIdWV~Bpc(Nw? z__3?zSif(kt)ylwB-pYAHQO5`xl4WGn3TEcDhBBj*jzM&GmB-VYrjHgnymZR_&;K} zQh2$nUbi2wV@?M6w}q~ZNSpt~y4UvaJHu~T4$7$YSX_Dd z(1jINsWQ`nB$vcJPU)v!8HV8b&5R(GLARFon`A6n513f&t>#fPW9dozVgsxdDTW~P z54#!+ud2s)=dA-uT%(Hx!OjPd1;BE<6@pX;c6Mp$dO{GUZVF>~AR}oQumo7zUEPcN z2Q7h}qbQG1xeouqdq}L$1q-Gz@=UKLhv|W7>wz2@J9d6Mq{AKygh&21_LL)z?3Mrp zM514Mbsg0@tk8^PqO(69VOtVN!Ppjql?ON$Fjw0;L0mn+ZvqV068@lU`DNvkUeRo7 zWpX>&(2JgJ-V2|coH%7tK{C_ZC3n3%eWxA z#MJy}nAhihwch%kxcdprhLv07=S?*HL^E1qM0k{$bG>aueB zTc7CUzss8rSLM{c&&ydCdq*9Mab0cFI5H{9J|Z>*9Nv<`1!J6pZke#O?8P0UP_0Ec z;#WuI&O0h(-T#9NPZU#89Qqipv%e#ZO@w9Q@EL7Kl>3TlzuYS+U#>rn(@@f=` z7lWae<)+$Ub}pV6hU6RH-nYN86kw3O`40 zPr|*Z7im>95G8vqWrw|%dAe_RM$9yrcQJ>~kWLx)54G6U%q&C2qk8J>;1;DR%ikGn zTLd;>1Hs<{_l-gGQXz#--~pNLp@BhUBXAu2IRy*4>4OwXHCN|qMydR_Yz6?k4NUFQ zgLzcBBN$AqX!ubumYAiwwG!;cB>~X0Z(vR?=2-C&Zkzm~*ZkRe(@shST9wsI}^ zM+C2bYt)eBL1CAWe$PyV#ij$J*8;!ZwdsRYv-Ot089_q(L7qvX zv%SgelH??eP`<&)%-Jqkd*%K?6gV}BfCMSIs2>wNVX{SkqCI1NscBfd38iSAyCd(E zqo#i&6$-!cM<62nnwnmdM%DFV5q(4Nz0VgkHnmRDc1F4b@{n0^-H_|wUsUesJgW#s_x>`Rhwqu?u>Kx2W89hW-gd%{ zUc%F>ig{f*yQ@xVCby(x#@6EEO3bmSeb-Zsv1mfv#w)?O=4I8<{li*4mUU|35lXtYql6@x z4_{Mj^z9}N;>(pyOXh^%1jhsm>LkBm`}|b+yvHKIEvqBO%LDml-C@&(&h6my)=W6a z!l>?qD2=}1*J2irc$w2%bF|C(IKh#{V{0regMN3|*d!(Qx z9H{bg{NDGLwT!+ijaPx?nuFQ_3a40R)d7_&ScegK9bpIQ(#5FWN$NNX|XIM4bOX9JSUAf8! z$xU|~Y-MG!ZC9sbhjFo{qk9=7nRIuX19L-R^~&n4OxK>tw^+ApI&1b}4l1v1-G=z+ zc&qZYn_hPUz6^h`*05zK+t%EBbscB1t5Bw!mg>i44QsUsCyYIIyq@wYkT@d`{}Cw| zaizsapc|*~=gE<<&dI&^EWP+?ynQZPA&3}v$su@PL449$v3u<=9{8OJ22&ji*dIXk zY8u@Gf`i-VqG(ZU00rvpc)eXg6F`0r`#BLl;7@^SRB48@H(CN9qRHvqt(#ITC6?lV zFvLyzTvu7`!vJ#X;=pQM2@tuO6L;TU&#QF2%hr1mJn6?JfWA}Sv&vevsfgewfke#> zpcP-O0uH#28--`^GId31!db>PKV)57vzYs{(`b!A@-j{&e!aa%C-X36qSv@Z?qO`-{VkZ2i)<>PQ8C@Ub;;i7 zXyILRXr^OXzx^OyL zapR)1G^e#gurlG$wYiTZXoUYzjeKeEKL4mtJ!In*K7iG+rof{0FYUQb?2+qgdyZ_b zT9eeB#h**uhBL-B1#Pcc(to;2s5@30_3ODen9QP;UIph5#7byFRm~Vkd(m2oKvbWM z_s16B&Fgob^&(R(RvPRWQ_a(ZS@muqAFT)wfxRxbjt~zfznO(DyS61H6D9VSuMY6H zwt$I-bn(|d(V}P7O?b}G?d1yR{G@#qf0Dz`ZnxzTzB5({oarO=0qLa@ZsSR+ZZGD2 z8@CUT9!+lPQ}(X)e>!4!;r*~N!Z%@X)^?xfR7@yk;0q_T(gG>KZ;1AVdG{@*PUPqr z-71|5=jy$8yb!dv*Hh#Jdi>lS^vAxLd`eKFv5!w61@W`Ao@zZ4}vmqrp(? zRlb%izTx~1w&67vur^EITDQ+by8_TZ5|^{>FHW1$oC$8Ff$JDtLfg=OY?e~Y6cK!@ z)|h&vbLRkagtpvpOkX!R{=q|JjGHm&E4M*g_x6u8N4T_Z4QApX+9sL5_=Q zrU-5fnv~o_P*p(Q3@oyrt9fS+RYl+DLa}3sp*r$q-v(tL9jJM>yw3Em81JppYgNAi zTei_vj9pjy@>gjEV|HKTL^O_`i~5A~+C#>tnQbnj(sXabu3YLU?{n0R6l%-8 zjjPhlkMUn8<*ZXh8sg5!tEzXfSc^B&i9(0W$_+v|Mn(Efk_}!CR#nw`GwtIortO_G z&VJFibdWqnh1`NW@LY01fFr6@TB79J7kh>~wd!cBTjCzaw1BM9LwQSdnZs~;kf3Qe zS`b?LlGDDSWc1Niy5SoimZ@AG3m-2lSznu6$4?8XM9rKSDZ=fGo_ABn_2hMK44q9j z^?y>sRT4EOVheWTE-hcX|9q34<`fNJ+Y$pg%8~8ud5-RO+Llv2eHI?^j*RD)e>WfX z9l3W!zli>b2trgQCfF&9zho$9P`EVo-|cSwlfM@Y%r9%KDTJ=NxA7;z zpE4WH+zA59XAkhbBrdsInf+UXXnV^+)gC3?ZS-`PE@N`M;|h;5bGozv=a$=Ss30l& zz@e&uhetR`dFgv!qHU*bqT@}8cJ6it1KWpTuc^11f0R@TBwgsyNDI8Z=Z?KqlXhK? z&^4aCqY>ZIZyfwko_kr`TwFuuyH>1i1v^h0i|)otK2y($lUo}9q7F)y&h91mm%ib( zFxO9P*koYP3=dx9HRie<$wwA3jj$_od$91%{k6`LU3}5=UFR{O5K~DM_Lpd_+GG&6 zDQe^2jdJbqvZhI$VwS$d@ar<=>X|F>E1f6M=W%-U2wD!Yz~vJ;$G$O|=w!EyCIx8URS-aq$2f?TH>(YtSVj~X7eh-#^X_7xna7u_8VK2Ge z*XsLdN%v-?ID?uPA>QxIeB;)_h=g45ovPY_CvTg1D!%vp$6Ooq<$h@vM}JVg$Gz3d zqWfI!j^&Zh_*ixAGQKm*YD^lb(7r^lXGaoWIV5R36@IG5RrGF)nn=Y{FTN;ZC(}LA z>rRcUox6GVM1d`i-b=W8$vx(p4dVyk;jbc(IxKtPz^pv~nOCj6_Z$o)G}p~G+HWFkICf2@wmxYnEbpug7571rqdm={9-*qi@v>age)y^2+-Oc~)y z-W72*4g^v0Z*X3*vrU!OjKbOV^lzU9hut!)tlnQxbJP?I%h|kq4zpcn)|?&hcQZ|< z>^Ab!1ABXc5icfs7WcBV;iR54n`igWJ-s}g>U$7z?dX}jJ!=zdHaY^t;JhksS{48+k=I5lwk-LL*I((xdAIdAwEHeqR>{X3Fzc6^WQ1;75 zp|-u2dFcstX<2fM=w8LXdzE}$!l}0Wj%pk_K-E3c&;&+?yx1z+0!A| zDbdcbzV>Wqy(9f0VBdO%HPJ9_->|aSLSyG*{t?# z1+L~cAWw8Qq!_vE&3n7<%L^497#{Zp-%N>Xl%@aVI^}u)W9kjHCo}~g0h~kub42+* z|NN8J>Jx%ff3_S#ofYC7jSGdDFi9#zq1%jp^dn5#beT1GyZS8`y5l-!z3eRq*zP?H z7U~RNQhD`H^zWxOQKKPR3q+oHrELEe+EDNi`|@t058~3;O2m(Dp6LPkmZm>Z--{vt zFud6J`Z4}0uU%D~J>o97Fp=V!HGQjqKS)!?@m@6YEFC4B406f5XyN<2+JT5$O`U3hEr z@p@-U`3K{FpNdVP_S8u3vL*G47l&U;n+G#_fvHnmH7?(`;|AClXa}C9mLD{mKT80S znT6~#LM?VpDS!5D)tLRkWA{@!4OK^l;(q%)7gWz@z&l|91~A2%`Cr@N?BLHX)(W#S z?Eh$7RVbKNt(4Xs2J?FwUuBvnISnr7;(#aTzcJA4+pyVq*a3e(A%?ZtC6>mC5F1D`{X{w>pZg~6^&ZHPc&e+^)YN(#EiS|>2&LERSxS2{NE=t7oGu= zUpxk<8|>qH*w(*2k`ejW93v5wqEfhhg1wWaQGTtZ%XmiP_Rb5b=;g<=6JL$&ERth| zOS%pW5R~9R@6!cd)|ZNSG-7r%-~G>& z(wRzvg`_YJQ>ABqGBQi}r#r%1-{a#Y6T_bJ_gXwTSGFL1&1mVMG!1pPS|R8YZVO1T z?oX`wfEq`B^UZ*aL;I}x=_ke_ylHN!_vv%p@{+tceXlLIPoZ+UU~hA?P4RPw3@i3cbMnv={KL;y;9b=tKzJDB&fMq_%XvQ+huV#Ns+?Njv zm-+2O9u3H`KBkqPzD0PzUhf)ToYo6_lD#Z%oGuG})E}3go+B{&#`GpV7l*uaqRI^XlV+F&<(gnQ|068XtTz9~f>r&E zJ;@iuxjQmjueD^pk%Q{rmm?F=P4yPBU2l*6jasC}@EuorV6pM5UcqcMZJB`;Q*;de=(#r-Je zJEHSyp9!U@fRh*_vH~L*zZqGLVlT+sRNZrhpAa9MuNa_B+_hmd_<@K4#xUGnYCSmY z(ncik_^8_MZt)$3PbXDR@*_LZ5NuTw_JxBp(jSW9Lc@xTg6{TCjotm`Aox%pko)D9 zs6?#xn6)aaMqyWq;t)8xY6gX8nt_r|ZS2e#rPrqE=89e8)FtV37t61Vf&G&XjD93t98y;AN_!@te+BI|cspuY$ z6@QxTUNlwy@s9Y>=HS%#glE8~y77!sF5q}rY@#mub5GXAKn-idwWde?Z9f?~_vepf zonN|t5zthgU#`rX^ZjC z-Ff|p=PR(1IE*|0*BU<1yRQecA8>l^f@>5@s=z;AQXCLTUX89_tTkMDWV@;;zLPWvz`|9K#H%B zW~T#>>)9^tYU1nKDpzHO@9~qnV+qBv$|2{1FgB6(1MN=^Ja4Q05*X6>+ly>m!k6I_ zvoo)*jXZzTiR~I8Ozo^Y;7SoMk<^05mk=2FXuSGf!tq9VV7unaO_#fY!P){DnhIq*lcNOZffg8aQIRh9|LRBg>Hb;~tH9VdUw zqXAz8nVf;~xWdLd{}Rcz`!-jr^V}%*n}LcLM(O7fLFT+XCwm&f9|1hJcZDFcZM})> zw9--ANDXhmNXs`tdWQxwzw*f0J$j!&^DvgnrS5R~vkx#+b})X#qlRGQWYRk*?c+bH zLFX3QqpdF=tz<6m!ZK;(>W{}UG2NZNIYLVu&`sKh_HUn3o=qK;_P}MxZ!Uhp)(&rv z8Hr0M0QkgFLK)U9gtGAU&^C1Lc$G3e?Ls>wLLaiS6MMKU`wO&!E!O}F&^}oL^#t9K zba10vm_4ZE7Fcy%3_`2HjNL%$r#B7k#^fqRkTRD4)Wz3P0ow&sC`i3>$yg79<+oad z=R~j@DGsdSiQMnsRy{)7?w5LyLfcugRcp?7P!|!X)&pkvC zdkU1NIyR`Lj@iD6%?kU%N@k40DF(;Yv&LQ6spEN(hL}AA6z3uCQ&})yIderozkd73 z8@WGpc^({=xlq(G`qj0m_|97VFu{aSsmpn@mpp0Fgb$84L9JJQRha?@@5Iz>Cy8;i@Liv>q9EF`Y`rR-=IOcl=E zM}}U!j!)`Id13G~hmwn(}>78mXRIHCO=Xel{=h$zH%!y zjoji>&C}WWJd=gO57c3KIWtE^4x+{FM!71prfw!d^-0+0jMo%0GcZ=(bx~18;-vbU zxmS%>e1JkklL4a{YTf#oSpt_bcGG?4PLoT}8VBG$JwPZ~Z}+@fz-29JT%Mg;zV&_e zeFj5Jh-Q$Oosf~eIOSPMFYa)-7@Ie@WJEfmx-L)VNci^e%ycvoaxKc8sKW0hjLRbM z{LcsZwp%Y45I!Hhi%=pj`uNR@xf4?y4!x)I>7JG6{e8mPUOAis-+9W!zHmY?O^|kN zc$o@@sJ)a&31bbTcmRKVJ-cxEGcSGFzo0C0>3Gn9hZ8{l@g@QYDUz0sSa<~123Sqi zL<~7R-N_$UL+aamDy@`6sFi=u zfN}F91=zpdQTbUktFyMk?2=pt*w2-$-O^or1lG@1!#zJxXT#3i5A@Uee_o+mNcg+o zn21Hb2c6q%3IE@hRj0y3PjdWcyZ`e$ozNY-`#GOt404vDWT235`X>8^Df_6b;o#6+ z(qo*^zb9R+q`og8FIBN-jcLnPJ_y?YX7m@Ic)8l zGO7(W?e1&(&P*kRa%{=CP@POg*ZJWtg4o@?Cf8`YR9v(7 z*vjHXbXfv9L8+h6Ziccui`u+vWsU1A@l|oYSvR3UZvVdTGaUTY6aQX~7p?iA zs*}^59y})P!}zK>1N;YAb-!+S_`h(QTrL{zbCC>b%h~Z)ur7b&mP`CC_}qP_LsD~! z6PmI!y4e`o2OPzO@oLFMSYy7!6y;xjd&q*$UOq3P{_gceXBl&AiOZeH4e$ly$7t%_?i= zqALz#{aM-29NgYm9VM}6cx?F&a!V%dIJ&eVY4BC(KWwVz%_O1Xb+=okBs1zsU+g(A$=;VDGA?bmT^_Qp3=@GansZkqS#6Gw&#fGxU)!GFvn*FH0XDSDwecY|$@| zoU|HqbT%WJL^lKv98tt-OL!ptz(DM zG-^^j(c#OCL(Tpic3iI08H1|j>t|B)fv`iZF1ysVF9BmA40m-mW5={ObiFhj z!tk&$Jm4S-ImZSb8jchDd2{1BEPnloyJn3k)>tbx9aZ7tv6aR?)0ORk%eIuZ#K?yY z?JC)w!hrK5Y)7<#{1CaGvm-T5P*Hdio)OHqia&nzkG-_<>LUA1b<%$NEm=DhP2*%)*Q z(?*?3ba2T*dPg?WeXC>;O|WjGjGFZDnV`{aWF!-eLQLZM?~fOvpI6-bX-dY)KuqDs zAe?kv(2(f$j29nzS<+p_$w#x3S{-SMbwjt$&-x6) zY#T_J)l%`Y(}-Qi#&5D0R2dc{IZ52l2kw&m_J5E56J;)52|dAZTS{p_1hGGTg}W*7 z;1ajA#QZ2(BRsFJEM*~VAp3Mdgj#WsiH^6lM6ox3*vHn=%WTuNc++mshD<%QegOM? ziIX7-7ABGSRA=!ou=neejA!aX#I9;M^NmWDD{c!jFM~0DKDQ7U(Mjv0@p^uw?a&6Z zVtgVzxb7Wgbw!l&Wy*3m*pMjtUCj)l;M6^Hq(T^m%>GlgAJW?=A=gQ4^$es-Zb)N= zdfElViHKSBqKgyH-4#E5;5mI~d;kptq&Q!TojRrZ)6sBsE|e71wA&WuzSHxy6dlEh zKk%tlZ-ev5g#PmkVs>Y7`IoRVR){B!#g141KV+HeK{w=ZA8$u!VW>Rnj;dAk--WFE z_rj-GnZ$vLe~G4WqxCz7bi?)TgRflbeE}2qJf}Ysu7Dc;k9A^CEh7@>g;#ZWL=u=u zvP7-=>j(!}oo8sx-{v#+c;ov{^bPD@ec=~b09@Xwf1Jo;Tle+O!-_FGk6!mSUdK~1r zS67ryyJ~~Aw>ofJdO<@yAuzrQb`VCXa7FY^(*)_3z=rWlGUR-7c*4W=pqFUJT*|>u zwNyRaZ?B6!K7EMoFen3yfj-|l*x3s;h;zaYlow%&SZ z%D8JxWKWA+g3=Y<+J{KHuO&s!(;J9Y{;1MDe4_y6UKO?JnXd1r%r{oyu4N$S_d6X# zlk;4>=NibNr&xZ3!NaVcO{Yq6d*c}{h|2+G~PJ2f{3-CvY~&DVs-o9 zRh9uQ4#B#YS`Pn?ph8u}jzv36!$>5d*gO+0rwIijZxD;#1hszy8%Dt<4)Mk6Nj>)c zxqQmByy$<=5~EO)>w}8`&!8!EMm}WnHg-DtccdBNXJit5eFuJ3Uo!_h)oSxni|Cws zUCyHgS>}h`@5svbCM6UJv*qT3*vA1Lq18Qq0zDH?zFwj~6rV0#(&#w-Lg%kuE8-$+ zDI}*B3i84gG%t|ixD^!=X-^s-`F@GQhnw}E*+pQ!|B}gJDOzRdi zwj-SQq9If^dSGW^sk+NB*rpSkXZ>v)!3RNbw9w%2V}7uWpM;02Z|uA40N+QgvK{i! zV!?m@9E1OUqI&m)GLIxUo2hb%iNeQ=_H((GDGLzxxxD8Y?jToQyBBp~5=CzJF`-NC zycdmRDzH`7hSjf$nm1fZ@}33dU(?cU4zOg-H%gI<*#iWFB)GWehw)&&MUW0sY?lAq zVDfOE#F42(`^Za*%HhP94a})IcTpFu0sFG$;k5~o{1HA;I~ygE55G*M-wOVJFTn5fMGCET~>O5-Z*a$hCsp%Zqb14)!-^-PAp$Sr*o%qe4f7sp1pmP5w1o=TCs|3A-oRnog-xELG2MU z=+MZcMrw}h_A$>BCC?RJH012Ln=WDZJ%$dDWG)A)`3L3EKnyr;59kOt(7lPYp-N#J z_)YAgp|==+0}-uXd;x0GntcTQq7uZ3sAAs2k`Qta3)3$mmYg%nx4o_;r1cdizUo+_&+NK$9E42Ke}jnsOuM|k_-;w z#4^mcufyMDVtE;*jQeHWcl$rLR1ge;Y>;hVi6JleMdKmSqKZQ3uF8%Jl1uEQ^tc-^=j^lDjX8%SN>=En6 zEGmC7&eyb(M{bei2gy;z8##gAS0&bo0G#u#Rx)s2=@EB45#u!rwHYNh~*LY#gyNGRn+h(ozrpw!Sf-28=YX3OpF+f@?9f zIBX6dVs=L0$A(Q7cJaT}-!f_LKYxJotoU5UN+dDwRU7q1Lh^roO-;6xB>2@66u(fG zXo5>f+-{GPiwm+8{ypXu?ryHCD_ej5d7u>h{6VMg!r8sO$e?##&q(C+SeVDMecL!n z)D!Y&Ps`I9oq{@(wG(Z0>*qF^7Or&! zZ0JR*bRP0@D+(l~T$)zw3(JZRZ_?6B&R{xPrUV~~3RhIWHaKfAU_pO+NrZCg72{lU zwpBCZBXFF>&^ead)d@%E(EVWKEWnkqc@Z(hcam(U3EM)|gBeiC)A4LC9!Lh~@~qP@ zA3b%InW+`lm2<60`W=h_X{`Y#Aile^0{C_MfaHc6sPP%y0#*YLTTYGJtsyWAiq`Ts)!`fPTbMmFVgHePYAgzwz|PUR7` z{GzO^_@7w!L9EN$5uO1;^lrgFYlFY5>sC#Tz=Z3Sk{+@%A`(|S&C4TW4U{M7qD;cUQ zo`2hmB_v?v1Y1a6RwL+FdzuZP`*1uid1ZkFPx?$PK>O-6j4RYMSX{jCQRx^yZ5&g5 zszNvOT-TY;x>-ah4&^7x{X6N%r;L{_>23J5cZWgr=DXXYQdObAjHZOY5ZU%1hmZc^ zaq!oR9F@<4bOn7#na=mu-esMHXlxt<@B75)$G;;=Z?iW#G7~9v9B+&BBtZQ62Oi@i zr=kVOGDBHMZ2WSvG!weMEQzrM9(QwyKYhUFmC;QN;$sfMPm)ZY`F4ftEy@5A1F1y( zOvzdN1qtLXcnChRI^J@jp>*+`7*(3e0IyE!4x>z9PzQI%zu*-&w0?<)d-irhPj% zfeD_b_#}v6QCaMxz#uk7V5mBUds0(M=x?<8*w)0M;XP5W5O)yljoNL~ilo>3p2k1@ zw8>OwYC{{eY`ZG)C7slEbvInOwc|Gccrd&|y7&TS) zGo7qt4?WU1>}C-1je7$WCvKn6D8EwJku(v?HRu$$M>ru(IAadG#)@H*H%kBX`6+bt z(~&*OCNHTbENlPEdP*`q<1@VF_wLDZP(B7c4Qek>;j3NRw0Zl+4@F&nfJOksLeE(?5ToinyAq7~81WWRL1<&udwbpn8 znW%%Z?ItEkZ^ja*NtHAee0MjqjABOJci+lD!qpP8G~Ud+vQQAAC+RYhGr66|XjC7X=m$R|zMnn3l>5{og_&jSadwp2;-e zE-Mz4ev>4p!k~Ja$>(^z9;FytDQEQxyljo+ zrOjjrOOi-f(MyYKxhJ*!pHGXvO&*ce{LSaMJeCJF5qQ7-DR#K*49B`*iGnB=?Ct6y z0!s744PC6?ipafDVEF7K}RGVTMjmCEmuS65L2d9Zg{{5LT(lDZEeRIh;pdaD>A->ofopgz6dRa{t zMATP!`13*GR_Tdp0P)`ymmfs|Vu!=CIfR}ml{_Rx&%S)Rjmleu*5Rus-f3;qI!Ndj z>Lj~ThB&;j#z$@1>Jc$le^YMJW8AWIBxH>Ys>XLd_f+_niHfB~M!F&?iAD$^DisueZc$t~CQN(0TtRD68Ry3C@M+>^5 zGM0j3zWuPT#yZ9Q(&q|66nsE3pQy299iRDY1pk7(*Hq{Rmre(C%?SeD8JxiTxKYNu zaZA#05zr^Ordn330Z+39D9}@PYRwFki_pFPD`h6$1LVI4pqJZ{w%bDF7MR}IO#m7X z5P|gn0+h9Zha0wIRMqL3pj2A=IhPyo9Ov8oUc4J22?Ynf0>pC2xG8rm!tYWmn~F9K zzQO@}bGN$vk?a}dF@BUAF7|#m$0AdoU6d!z#3jJ#+}zAslB`(SoIg9KL4&bX)TMdH z?vCR32UrbB$H1U(XZF+Zw#0racCLJxF>-{c0@l$I5eAs_R8`gV;|mvl5{6N($Eh&0 z$|%IlD@ZZW)qUNrpep5VCM#Cbgij)e#}ierJvwbd415k$ePEChXi@v;T;Eb>a1sFL zmsSI*XO^==fXDNur=v6dZiqS#onD6o6FaOgvW%oPvFHLbu)sWdD3av$8e4ss92a(;g5xNioQPc68TC4#zib|G;gIz>&s<8s@V0IG=E*s0vBw`Si^&$>VbaX7l z-%xnF?uA@Tgh~rt)Kuw6FgoL%skYoUD@S6gM{)SE;xP&^iiJK<9NBN#(Rqhsg<*Z6 zBOG@IRHrBnI_>Kc)izi&HBw`BrQQp1w?>q&ZYo%VK9jDB^_WEuu+%^e+c#$(Q|{oS ztV2v6KRzJw9%$~x8GeeP9k90hQQ2t{lZjF6fl)k|c>cA%mVkn2E7>qxgEs`1GWBpk zq`s~Lq|zsxtV6BhaF=!$I3B<7Hg>dxr#XX?J<%>!v!>{x!Pe#t@&X1nuFT~!wb$qO zs5+KbnK~{okJ_{qSsnu#VK@W?y_=hF7&KK2PdBv1c2(a~z>*TZ}t&aJH9hCt92w_GV9AtB`1984*FH5Qx8 zi$fZa>Dx@Iia&oH;g>r9Ebeq$_in%)QL%)M{=j)HyIaH$-|Wo%RuY! zDjnHXO3J{Nra6L!d)0R2Fy@%@#dDR}iG^^FA}9!#iH$9&&tHVDukeXY3{KU>WN5*l8jT_bx+feyK+G{t3fD)%~#P$ELYdAyJ7-X#1;ldZ3_p_8-L zFj-HIpCO<5p$~UZn9j|~s7)2mVt37Ah#)fC9S^ocX=BP+%q{fKK~I7{86adj4rqBi zPI`87r?Iz3P#9fPQ*>CpH`olC-*Q)rFSSx2M2O@dX-FO5Z+rJu*mtQkK<{2wR4Sm1 zI}asuPz&uE9`W(4PWR`R4wSE%v5ZF0iW}8>m3M;wd(@|MP%##!ku>twxEH~dg$>5U zPUZu-8v|at0_a524BpW4nfwiOYG~9^5?755rk(iF`|DoYUl_Vvf~qu#;0Ep6tPU~E zCcv+#^1SumR-t^kI)VoJRpt_d2Z=?lK!zSjq86Ls_?-VS9&qq`78j|2%^yKaP22-PhsnSH@EBJ=g0@J+SbQ37D-0X5n{^n;eW^ zj902Z>Kg4D%59bdtWJP4(7Cuz1;EGtqlt_X zc0phf?2hm4S`vT$ZYAukXu2O^n;_I`F_z9*0G{g?W#)ALG*eUa3Nn$&;4$01^y_lE zSuWJ6)dV1?;sGS=|M1ZLWP!)F;(C)&1@NpR`M0P%oHR{f z)%Wjh*m@r(wr5tRlfF{kMj>^GgVV!=-cN1>O=(>{#;4*|$#_s~xoW9f8=i;v*n32Q z1XvTJ^dl4`#Et$T1=HYq58ZMvDTHx8{n|N9rP_iCC$%p2;MvvhKW8Mz#f`_TdJgmF zw`47Buafz*8Ol<(D1DvKy>$3#5#G>Yj8`Z&zsIBQJjW-Gs!_at*|q3?$>yKwo2N1O zA6XaN1;SlERW^!($C@)!LNU4od@KP{`Z}b4dLkJEtWW1X7vNTgl zAbz!caVnqEj_1I9r|~*G=}i>@<05= zyxwz~t==zEQS=W~0oXc#yV(OA0W&LaXwM8Qm-DG+G`>_wR7|kF(EPvwN{Uyh zv5M7T2A~eUfv5&<##johte29iBWp(C`p-0~RX6}b0DOCbLqycKdk^;~2q0NA0kndH zC0xLCMx$^c80FJ&2Va=%e(2mEM63sxD?=A{rD`>Jz`-V^@`eQ73QVukVOQ63a^^i} zlcbBc4~hZS6KAdZ-AcWT{?RU6KwtpVEBZkURO!6o<=|UwIZBHA;a|nWUc`vbD`4r? zN`qN|BjBP+jvynYfAp9R^-D%~PJt}tD(D$0n7J=4e9yyn)uf68pg34*P%<+M1kjU` zE_!c%HI5wJI#*Q4)L>^5qsG1&8v5j5kdu={K-9ClOU6+unNbpK*6TGANIl3lP^{W`kp_Q{*u++ z*0UGPgAShg$F1PfB1t?1Cfu~$WN58+dz*?S4kZ-56x84S4A zF~d&6IzB-CzX=RcY`T3-?LDL*SLtuq^kpjeD&Mz+9G_<9;QJ^WzH_2d@{v#n%6Kn+ zi^11)&%$wa6Y^Q*1~Kor8_h!)sA^jyTf4Gu<6v>CVt*a}0rNeoyuI>SGF~Wp=h;lh zfI5RknFfNXTi9kmv7>oUA;QMtxdyri_5w*RK~vWSM1hS{o0n@X%*{qf6qNmT0GtCL z6>;(LhXW8px<2w9^#o^ITl5?a(MkYe3=rY~k(#-DQ_w(80_=PZ8*w`6Ufjo$3X9wt zO|D7GNbc(DQQ%_X6hoaTw`z3%J%U(owH8u_i3wnp-@U>l0H)I`1|RUL5}^MSKcz5Y zteXa1W%hv|9gkk=i~w%ql?qbX*yxwMq(;E&^%en@up2-+7di#$M=F)57})C*lqi?? z9!GP(-j3?f4yO~m|1->L$p?Vcy<(D+Qj)u}fsY0- zNJ#jZiknEl3fq+3$xE#2&t>X$uh(5~zBE2FH*-YSU!hlcQV~FrhWW}CMfD_CvGE3ue{J>3Y=zcJyMUX2Jj3eTegFIuAja=O@vu~9hz&)^Coh7PZhI2P!*_541GbmFKSv3w z?%)`epn~Xc0SyRRYjM(Fd6jORNZ9{08Xj0b(%a+!mhxljWp3QU9A`)^l)VmTW1x_9MY7CE?sl}ePiHnV$PPZwBcsOROiz9?!A zv=3uSoxC-U1VC73w1oEm(}zHfKO2k0y#1>um>2d=jALNjr3pND8(?Hg0b% zdDkzeuc1@iR6$U!h-P7+$C1$xw>~E&U?F0uKaFz5zB;(6HL|^Yg>gufz`p9Gqf7Z0 zw8ZMyai-N(_$0JKrvo)n#|ifpu-)u<^vVcRm|+D#&O`v&5Q#%R?BlC&02DW1;e$Sa z#0Fks*g3T3ZvDbhbKv3bZq~dSBX_7Wlif6_9K{S32QH4S$=AkgT z-Je{JBa|)(JFl4 ztLXXfeg^cz&q(rECo#8Jkpsz`4m?Pp@q7(00mmChxVJFFBWIPaNA9id#$U)AY$U0z z(vyS_!j$m7#RiEM5IDQ3<4IyO=yn|^?}BP`+OxYDXe4ZEympM&T^!n2vk%~uxG4%` z&uAFpgQ&pMU=w4*^P)f^!{y!J+`Rnh*;PN;d#ZNVSS5>vD&rUUx@|G>FGYTX`zj_> zc%0q*r@yFrpO;wG>P?Bi@a{&7lOe+UtQHk+u37QA9NZ|aHo8i}&Mn6E;JzUC94MOF z+hWT8)Vp|YqDx{8ZCxe6OHBzD?*4?mp*z!ZR^_&)vC2TJbU6%P`(oH}8jQpVv-H#* z&14`NvHLeK6lb!5kv6+iRq$9_NIG&3_B)$e?`h2Nkdpdn#Pi2}RW8sI5Bg#I-h-PI;! zhOM?8+512eqZp4EvCF`(UOu;Uy1USsX~ww~GpQzGI%ryNby>8{9eXA9r6ra}r8=e4E{(t{3%4lC{2Lo?&7$z-z*RBmZ+tQHl9 zPITu^utg(_iAR1F;AfU^Y)YKRDf6}eyEy^9AFI*U81`bbIn-aQ%)FMK>Cfk5Kwcs& zPg*}0BL3uydm=9PCAUsuyfvqK71S>V{#CU zZYxT!vT77B*v2Zea z`uOH%x3@5YCgWJu<|jN(UX_8sitG5}r7^td)z0uCXfx9!$Js&)XQV)*&(;rw*iWHT zlZ%L0X+SuESU%`w2@nBFkT39<{JtMVy$-N3MJm}{?i99eA;|FBX6_Fs6p^rJ8KWOVByQB! z9KB*}8&0s|O%r)@ilf(0yVNn%G+l1oz1C(S5GnZlH75X#6fby@6M>GZ)%LH6jz=>8 z6WZkTbg3QX%A1`bHObVGuH-QXYnh?ZLEVGyhtUk?@HD3-Ha0elaM4DOJsNyY8@;ua zR4T@fo$7Gh2`SHmZKY+|0a@ZKPi;cl1Umi0-1mki#=kUFWXUi<&;F97EB72{mTRI$ zj`2=N?~P(*r_zqb7C+=q=5#d+hxK}Qaoy3$kT*Ac4@3F; z?>6Y)8!urnp~YVYK+_hZ!R(38@`)1Go;}m?GvedjTR*q@D?)X{d?rToa?3R9tu0r~<>l9Cza+ghQSgTeI700^RuV!G)cX{&Z%ahdSSV7S^<>b$9!!ts zNsWE23!6$^r;SU{Y`P6xLv*?bc^fp_a;uH)jDH~`@b2HkaB$?Gy^xkNn^GDNUY22t zxOZCIlV?qkfv!I#qSHYtEL1BV)sH$TD~)z*A8s%>Gbdday=>Zf@l-PMJ{(?ivY7&@f57!PAe*tBI3X}l z7PAu4GS=?lCCHjD1=>PLm}!djyjlTY$!TfzWV|5UpMkYEmv8iYSS=r}cpU+0CDI=q z-0Ib5cAP2Szx?cV^?bHiXTk_b;)mavwU7z3g$REK6K2P4I3B0tZ$Ey(3T%;LymvUb z{0!N_?%4MAe3A|#@r%4YaY*LVBZ#F8qhu!p*Ued|)j55c_TD}Cj_Bri)}`ZhLhG?O zKRG!l3pv6j;PO~x;$T>%(()93$xMsutsRP0t=45|bHB}P&(6^ODlTF~zOug2XJJ#i zcX)F|lL*PZ@fLN%b1;@N*=k+d-2*MlYB!JtiRR4C&R>q5c|?*9MBqQ`>Ht@2Y!N0U zlfm*Q`5o#~wT|co<%+)Q6!I9Q4%nxgohbyBsQ6?%l`r+RWcQIe&zvo{#}B8sbXvRzl)cgXy%G zBG>udrzaP`F`?&H7l)jjoo&x?&fD)Tvxh$j&O^N?A9YxgXd@G-k>Cf4nuQKQ>qp*Y z2%kTNX~L2Uq!O6#OZHh6h{UogMma7Fi@MnEh;HJ|P?kaG#%4MCv&o!(Ukx34^TVm2 zMogh~bDcqsyyx1F7s4_bX2soKbz)CNG&RIT${nX(G0pl={$QP{;jcy=)j}3xjVP-@ z%gGK;1>1#R!g?Mh_B_f>wnDDUoGwdpzm)nJZR5V$@2m^B<(%=`gU6}ME9v)tBpT6IBp%9zZ-EhYvSA!F`Vhi&) zRIKszvDzWbiziQyMP+U6uF#71@$ogH+Dp!Otg*Z8F|;ssX(=ATY(0f4dW9Hd{>hr4hEgJ;qz=?+}RF6z?ssd zX_oq7kn<5|)pJ-0z5J`e!Hz1{m&;3+Lxo5d6VPu4Z5sWtM-JEjj_>u)vYcpoV1!S7 zJ3Cw7yk17TRh{Tc@D&H~eDMdZtKptKa5`!YcC4xEYs0|`1vq@BZ+Zfd;prGO>FkxC z4>_c?{xSI=LGuLx^C23EGj5XU76YhJwG|j>fVklZj36YZrtSxHz%(&kdaF-zoUA=C zjPE3b<5}taMvcj|(7oKDjT#cHF!vfGT+`-KPR8DABF zvH0~X!HhFWs9aL@sr|7v*TuEXVgHETv^U)Z^XWem>K`kG^DjRvpov{`xBNRvVguTi zNl%(DI2--HDQU}yZI&NT>n(i66b-B#!s4b@5~awEbn>m+>K#675q_y z#~wx?5GT;)Zda1)XR%PuE1SUk$hzVj?xQ@A+x~cW&|{L}=5t{nT4Mr*QLb4euw3k@pu8 zix15iblMN;9$Q-?evg`cd7{sfERf-Q=`|QlY@h?@o!&-4V{a0L^^06miy1|)I z!g>RASa(!QHQGSju#Hn8XzG!hn_KyN%Y)F{l>7~2+b#T=^~!kPKaysrgYG0b()WQq z1Uw#bSUXprwA+T>rzvv>n@Du0qfLs+=z~74H*Q(?xR)>ZSoME+!nW@g9X@RvS8}f9 znGdiT@m}ez_yBet9Zb)NlesWRY^X>Lutv`C>@NA`fVtrX#=cyWY*{>A8 z;d<+t_P9}E!zx<8$EqFn(~6b|67>i@ZK_%|0C`_R0aLQzSs!k8^(?Cnb?3xJnB;K= zOmRoDNo{?Ter^4p{XsFkpbbB2&Dnbcv8%iZKIyx1E!U@XXIG0E<69ygDRaK@MLE*_ z$!vZ~S?oo$0vs#nu`}R?66pLvo51{g^4s*xbYWqs{z69E;em?{Dxbx&V*B+{!B0s^ zqaBd*Vx=q6tL8IO2HNF_MdL*})SvSKB41pQ=5%s@h%GP@7ra9q75d%T^PAekm;MMm zp^o-8YI=HbcOD6Mk7EXVDJ61p2xo& z9^so>TH3#;sOU`m^$l!tE!oAKgW69&77Y-Q^Yf?Q*w}2BHE=pSj;bvinJ{}@o60Nf zq|s2>X1H8EhT~?gKAM+6Y%)_vNYP3+qvL4{3kwZj`o~&p9C=&rPIeT9U{Fv{01|G9 z26;m~)bBg7C@TJN4y{V1{R0M%^YJ%hQFxQ_&-UkoAJxN}B${r{W>S|}^P}UFhr&}E zfKO(b*Aox`k4h*oTxYSMq4(|RU}p}>S|GC}ndzAl7KY4Wx!xTheP+8qC}+Q1XK=hP z2ZX@(r>hSf8^yB;bCw}iv>VuTI;~L!nJ#I%UpqBYkGZ>Y24pAMJCI%t5CQ7zdt)D8 zAzr?;Qb9c@zVUWbr;+7{P&wqw?rd)5l)5?a11X@~;^q{Xm&eHh6Eud;TG@b$`37)K zNdr*zx>nWFxExdN>d$uDzVI&9oV`h`&?aTi_=lyIDd3PWJWQhmZI~F@OQsa;^JC6g zs&~M)nD6L|HW)B7H#eO81NnWHGI8L;$^r5pV5e1Ww6BQrMO#U<-y6I@pUR+T@~-s}D-2DqvTmi?Z*%t$ zv#}g9;-pb_vpXkr1ObpRy^+zhjW^OO&DYu{yZu`)XT~qJIZd~5gE6%43=^AAE8;T zJoQ|!DR1P5LA}eM3Nf*+*Ifv&kyJ!FU!P<}M;F95kczP)OJji{42LJ~3Y*ccYQK6d z1KlvU;9~PKFPDt`0+P{Yx!xR}-g0Mqyh{z3>w~E_+SlM=dXM%~Mn~4;7Xd@`2Q8kB z&!KP9d7Q{TAy?mZ!T^p4%XNj-3YK;rJ&@$t@Z`&f4#S5}H8P+qjvK_(YtkE^F{^k{ z3ppMfH~Pa>MM6BEDs9&ZtT!0;ni943z^D9d9Lut-N(-}>4}z{SeOF-n;w)fOmaKkx zm=Hy9Le;L-pi}#hqG1F?IMRB*~Z4xg1_3@F)d0cW~x2ctRC=%R9?Ci}^mVNlm`n zMBoK36g0N=f_8h^)&3%pX>SxA)q#?e^p#0v02P-ls;S0g`|jbPA@e0>&HZj>bybQD zFYjMizP|6ND_F9lk}5T0IpuR#)13HjCt(3S)%JQp(bl=j zZ?hLi9LLh$)bYA^9!=x$??%FQHCS_F#~Q&2U6ztpY5Y8FoDM`_Tc1Y?Z3y{5{h-BMxr zP72vt2}ZnUxJB;inyQ0=#@5*M^OkyJ*6y@Q3%7!S)JYW?rG-?oY6G&?`$PtUHM|-} z`9yhv#0Y%hVLr##J>= z6gt`r61;H*^p}UDyX+69C&S5AoOo`<4kzrN8`yP@-VX8Oo@slQle9`MNSH_ngb9pI zAtEE1N{{GL-IV=48Z=i62oIk$0w$(BlQ~!}bl30Y7Sxt0HT_GrNqQOi6YytjvTta-y{V#(V&mY|$A>W6ifl&6E8WWe>k_s?dJ0=~EC?YE5Z*9*9 z<$V5rRiKpKtU^$+-QQ<6(93nsYdX{%+NAm!PR~wg(v_xmeYO&4#k&FS@Or=>9=2MF zBoq{qKc+>-X9+?`WCS5V?-}u8DO6~*+zr|eA~_)W(iwwc)Ui!&ZAqDsW9&2ygm$JkKVwQ>vYF_dW$>%kyTE+@9N&6BeAL?F zi2#@H~r#0-%|2W0&kvPkO{f|G}YugwB5r`wBKX6 z-x1{kzFPXw&)NC8tJ$5%SKmn{jb|*m`@71=g%sFYYjWryW=}S{foQnyaPLJLzxQ9A zms{6}Og<5kXx#~jZ*6UDrRCIHWd@DzsvXKE*OuPS)ExGaZ+VpSDHlU;AMcKOfG`~~ z@W=Cr_cOLey>(7iQ?M!7cQZ9^S-}gO5o~(HquX@AvdV)aM2|V28Upon2PSi7%X%x} z5=x@3;Mr6ZS$AS^NymZ-NkP2NM`LzUyh+f;$C!6g_!k-(G!ylFFR3^Q;AP_|?u2PS zTx~}Wg@wkK5i4HL(ca==G{2HMW!Ivinvk-L*Yj4|nF-t> zt{ERhSV%0AaH{55e(w*pg||x$?NSuwmw8AXXx(ievv|&p$>uxedelqP{jlbAYQ5=r zHga_tO80KO`UBW3Y4;X3(wF6^mG?=f7V)U`OVJ5Jr@;2LG79wYc6z@8*_FxD_a5+pO?kQs z=|@eFoI`JR;{oM^gIoO1?zj8>hmQF74;7ht&ob}6BLYX!=iL6_C<<&to_=?Ae=y-y z^oTFu!j$Rt{4oFpcXTYZVX^gwzdsCTOFqYWnuC`%R!q74D=B|CwvJXG5@Sa()`v6! zhY0WcQyo^vX*dSW=3XG-`OlKo8T6YX48NzT`|9~=!h2}R!M~OaBe#DC4i+YXLA^7^ z|BB1*k*$x@2G>>5;>Anxg$Nlw8DP8vm-f!?!CSAJ<0}GQ*ASq_-|6+@u5O;z{0Q%; zMTMik^zU7%YI9K9u_Yj(fK%%4<>`j+bhW=;c|PRB3W&5toQmS+TB)$lcB*~$-~J@L z$i9JMD6f<0#6MSuq2b}(g^9LKAU|1DT1tariYF*hDQepMyn{fnWop}dwtnTr4pa<%QLC81`$-!nrx zx6|b(0HOyJQ0(on(u{=mw1buf)lA5eQ>2NUoSzG%Cen4i?hH?dP$m;6q z=ya-s0ROG>Y?Js9A5WYN1JIlpqUZeq%_gt(kPr!V40=SQe^pfPOeQYt7`>yrVBsgT zJu_aE(MBMa-|osEUK0Zblrk677A1|g7Z}}OgN^JSHui>BpTO5)4LRU5_;AEQ7Ou#75G5!Lx~X8!%`C*sR2#pj-jQT`kil2!+z$GdDF4bp|!!_ zyo4XFmL0if@nXZ0!U4ji{p^V?71Er zC;Qcvj-X`MlEb}UW?wQ#qd)5+3EIlsG^sby#PzosVt zfJZl_-|{lY;W4{K4(vz~a3*~F+L`a%V1K`8my)(n z#lgWovp6fvgp*}+rhR=fgVeE6F{mC7W&ok9cSO*2W2k;d{}6z)*ul8g461RT(5~-* zzQ!?sva++IK_D!jzi*~Y;{aPhOPbQj;@g30QO%njM2{EDq`!}TY46}-a^!x@Ya2uX zu9J6kyyfHpGFC%FKSxu!XGHuk{6b9EuK!375PYHRivfJKPi94S>#OG+ViB2HMS1UF z6c=VU(csP>;J8n!lli>Tggo+h5Z@`r4z`Wk=rJ2@!&TR?G$|_f7IQAhDH(WocS?{I zmX{L~L_}pI^attv5SNvn>$Q9z2vus%@~K7tzBKat_BEzTOY6OeEpP#%+M=?OzPIWa z@69cMncN?{d%H|P1S=mC`?;ujNU@Q5`$N9l+kA%tR3N#M)_sM&*y@N+PTo-U$Ipm+ z=L05cU^0_2n_6;m@kjT!qv?%^n7rk0axl$)Mhwf&;!azP!Trjh@s#kDJ(QvBwQqe? z&sKLLK_}E~L0{x~??65(k^cQ1u5`Dty#aNT(MIvT7)EP>w=X(9H&zisfoz$yvn_{$ z4pK1X%zE)Bdu?`eG7ovQZbO+kPx6XJzKvYGAE+}}>To0M^UA5cL6Vl?M!}2=A2iKi z!F+n$`AVABxme%(;SDtVx%{Wu`!_&imXdcHG}eQiM({SZ7o|oCNl+KhIXAV9iks8W9lSr?CP#?;jw?&$>PI6Jj*l6` z>i3Z`-kPsU3DMcka!_wLmm)Zhf!)in*f^FjA!E{GKp=*J41ciHhX3+( zOYsTW{Dpcp)qvFo6~78Sv~(01s7?k?fPqY412^!$BnTtvPA!^(NB@5N^Y`Uxszn9O zqZ|BBv*o8A*bAphSw;lfA)-rX>#c!y6S+bqHUZ%0(}C8uJbh+Kbj2DKj_E9tdML#`M1Rcl&BArGP=3YK|p$`+Mz^ zqshky9G@VS2U!{YP!{P<3MyMbY*@-{z2p8EBNv%jeVH6DdPW zn3L*aVb^#^c8GLgR9O zSazuLPD|wDMsF&)?%*Go>;3ik=0`WLn-wq>ZHI5E$)$DvE zF=4&-nilhZafWsRk>SY%^#Mo;Liu2GTo?@;d`4=6gv-U;LSbn!-0|7!!t5-@2Y>O9 zJ{*31u4G(XRn^>lGFH!FL-mwYwWoQ}@ibmBhwgD3z|aN@liW)8J$nS85SAW))l`qZ zecFE%B$U-#+J3jnK)(l6^|US`>S{%lNS{e`WhyI=Aa9EtRP zBueXW3HC!cQojpG_s=RW4nay}uq!|3Gnx2oUtc*1(NY!P@(%^>YAyz|*L#cz@KXW# zK3($l@^p8&-)F8rbOb5xnn!1pCyOXbDUyzc4mD z2DpuAOBEDwThE7&m&xcFK!Ro|%y3_~29&aL+S=9| z&(4O0WhFa6#eEg{DUh;?(Py4B0SbtWoQb)rVXP(-b~_+?4At6NGAf34Al;sbcn_Of zkoOT0{xhid1UdgX3UEU2W@^No;jfQIqIU+Cnms8$$H${WQi^O$zkWi-2p3Lbx1xy_ z-;D&KiWh`psM1>2@zEFu^W$7=e$or!p?97Q>0wLTw?kQj6R#uh#8xbp19=YRFq+Ya zlcy5sXTrJXhF@I2;qxHu22sPjr`Zq{x!IxMF*iv)9A`lq9ZY)ykTEEj<$KFhtQ*_S z_9ba{)9ST%9{tFSEdEW0(S8>T#AJE&bU1E-Zv%6K*<(!snhFWC6Da1Vu3%OMW3XaB z0~!<8Gm5L!ZU8#2_Fns&?NB44AQ~(OUVw@nL4j@>Aa6|7>Jm+>Qt>}LeRW)vPqa4* zA_&smjg+*cG}0lBbcb}u0wVRJrMpBxq`QQb?(XjHZuSoM^WOJwabcfl=FBl2tsT>*%gakJU?hTG__w{KGQS+nmwI)Tw%N9GK$wl?_>jd41Yzj1 zwzT$+zj}rs*XflUA2t~7uM1U4gk8g0n!R3t>n}0G!b*Q*GA&=MbX+upF00Z9`|;WU zc8_Bv@NW9SF0S$RBClL+qQa-uDShZxfIGAAqBoAAL9Y)q3x#F&%3Zr7Lebsiz9UBy z+a_%@qo(;5ygU-=F9dA=NV={-uKy9n(@w}1g74B5Mb-;Az<0bl(yFR)u{EH%V$KxC z@2^Bcc{g2o)XE*jHoF7_kg?0JnyKiG6oLuIgrV*vwaDPx@c@QGcM~%VZ6jW)xBA}JdxY7gSo;@Pf7b*Krz(UOJ;Es)6Kvk_ZMW0s&XKupHh% zu3SOX&4z@(lV!lNF2UuM{i-aZ{4L3DQ0QyiZ!Ugq+N(v6qP*C8sRjoX^{%-W+nWZx zb%_hPp5J?(mpga{u&${lOgO1yjVe_8+({Md|yLP&dc&9pmLa3CdosSv^^ z;!@|lK^I8*xlD#e@>!w699)$!HD5w>0|T>Gun)=8XRi^0a+2nL$KAiGzuipJ@zA<{ zDVna5B8L!ugz%zl4^gtxcelLQ9*t4{AZhd&Z_TMVHkzf-K4;U}ME5*WKcUE{y*i-U zNRT#2d%S?%drr-G^mn))yD7G;kkLbzbOcuyj@{cQ^%-TKeS*T%-OeEVWTp)uCcJ@^63A!cJ~5~C9P$9aUmd<# zSxe1cV|AKJig@WcJALZ7@Bm(mqmQ!KILXn{_^!;>)5ceo@Wc(1iLeyzT$f5T16iai zaG=0Hu)p?pFm6iZSh zwUnWG<_$v=1J{x&azAl+K6qe-A{3sgeTpRbVx zr`QvdlSMa)fWzTb@_ke8$YtH(;55HUaKp1!JzFbL-cL@+#1z-N-u+n@5};ZzJd?HJ zbQPLYO|Px8D%&Tj}VLDj5xBd}w;Q3+2@P=rie=gYlfHF|P7F<~Gi@pL?|n~LtLClPmY!UD6s`PGFL z4L$8H@e4-3Scvr&W~!X)0rnfE=SV$4hdb+))y4NNp#*!jG%S({s18b#XV7AI{v?_C!M?|Ge)ML{>jS z4X>D;oSk?zJw`oyI--W%i(o7$K;G(c6|{Uhf!{J92k@r3%l)I_-FMKoPS>$db|qFB zk1cz!>IpTv2vYHP1REz6>kIXcs;hs%Q*gEzq+q2_lAvnc!K6M2{Te`hln0u^2UK$Y zKrmrAuB;d-;^PoB{9D|I{z@%by?xz z;)I`04*O{s{7j*;8UQ|q>zQXW!kbl#VK~JPE|Ew71;9{6r3jva1#0Q zSa6OqcNdxeF^k+B1-eld8hkF+B&7Im^aZ`4E6?^EXg~liw?*0g^H(q`0qF>yjU;&(yq>L zeho-9U;4S)zP)_=_F{K7U?9RJC`N=rBxxu^T2awSf8BlxR*Pyo3G;I3S`^d<+<8bY*?+XGc4jBrUlha0v{_oE-n zd7SLqpK8qw?}Z!s#CLX9zVxnx!!dO^MVfbDlS#9I5$Z{MU_U2(+7kd)AsV^BCo^?i zu%_rSP(`P z-rx7Q1(nB_{t{x5e-yia?%P$K>EC64@x28RwjOvne4v077Mf{_E}AZjONmibY;r?G z7YOw)WCh~3fwxzf--k#AFqCBS8ykZGj$C*ikV64v21pGJpcMLjOQWR)0*~0t#Qa`a zE&f`D0hDg@wy6qQS6h<`gX1MNbxr3d;}|_&-f1*K-fx>g>9(ayNw0{%a(%x8#7rU- z*^g>iNtMwo0h@-Sv3IrALM;6%k8<9`F`xFO5K&YuWFy;FRff5-!arq+iM+$vFz~xT zhny=x2i%|5_5m@kwJY^b1M3aGHEv>cj6)ek&3fK=OI(Cb*koYF1*7MHTVUgm(4R==*XSpCF@2qiy2m0 zRYrE?RP=QTQriZ9=PDh{D~j(h`GM&dY5aSI`8TcuSaeB53)>O)hA>~qwa)U&zQHY( z@Z%}EjAB?rlw4L-U@iKXkZe+-wE-^nmY<3+qHka;bgy34{8Eeg1t26hy8U22EtfTA zX9Wf~=~Z70)-`K$%|smI)0C7e_bV*DwciLNo{9EX)Lj{L*3OY7KUnNZ%@5_F%k7Eu zZOn9(7lhG=`El3EKg>Q+k&urO#54qTJp7j(6ihrrnI z^ZBn0vX8#_P=a)d2=;fRznRqwds@qVBA1W10TF(CWZ)Y>{&Z+?J`;d$iTd;LUv+dS zkC{LLc_(XBCQG}gDQt{K4T7CY|78|6t?BSVw@W>e$5Rmi(sJ8Tf#O&0%=Sx+pW%*Y zaz3J$Xvx~@kxD70XV=zF>EF<~(%x!D&eTSuKx0iRvQCaBgrWfy)~otTjaTVtCY;K< z(&I_@S>e@DIL`Hfd$i1+d;whc;J2HbxQ5rM*G82YD-T95fO-XlM30Ra3g2#=-xKf| z6L1zNY#D#X1Ws1k6+xEc%DOeCJT%gA=1|5GFqjDdRv5@4QNVfdvnzAFlr*|nR}u6( z`^!ra7;Qu3l~sD|s+Xc)pRjk5qs!N&!4ey25bNvfQ-7K*6n~xR^?Zp_2VUk~?#G*cDpwXJ-O9>3l^e#BW~R4iu2nvv3c!1ccPzND4w9xB0P2`}HJ8~!bryhNd)|e1BOyGH2s*`wg}rHX z@2~TmYz-O9yWrkEZZniK>c>U8={;Tub>Qs?l9Sw-6n=g9cfun15|lK+6Fzb@ps~gIXvwO#l~H zg31USh@%Y|e|m6I2Gzy!*^zUt=N2~rHPvb7 zu;AeJ(_Y%ce)Lo33!i&NyOTbP^Vl>$7TV}IgWmP`PnSJR7rujX!DWn1S~osI8bCe` zRwMqyqdRmkE?TJgjGhx3r*xTo+B+5Uenb6lT!rSQ0wUgzGlJWM%7TH6pmpewhwiD| zc2?gKmLJ*QU572wx-Itpo$<4or384Rvmd=hS2tS&$wR`hljEBq9%z?E=0p7BuRk3q zip4R9?|j|1_ZwMf(UWh>5G&h#%pp~%=|sMiw&dZR9($)!x2?;NG;$wUlY9p63+Qmc zLC$(yYelBle1c!+^s`{dlr4vd7 zU3!Lk&Vjb={Lub^54LR&ZLgF>NjS(y-@E%_mR?fs0lkE_HF45u!{k1pBL+O|*hBlL zp=Xj$S7j}|^`p7ES22ga>30TB!9%^uLe_Ij{U5JYVJK!?I>NhFg&WoVD(DV9z53AQ z?qA63$y~l91;d$}3%BP$YYpDn=SsasND63U^pxD{<^pRSLFupL;KUFs_dfRB7~BA= zvG07GgzPr&fa-YlEP<(Gox#OsnasZ#j+H3X0Vw%s^YZ$VfYAH2gBqO*!)D>{D`3}i z)4l=X64tRG%af@`~@R_CG6Iwc1X3BW zyPbD-K0hx_3XE*cXtD+SM{=bK`?XKGn6<}qB}-fwsINjLbAjI8g5>B9`oAJm$@qo$ z>fuz)X#UBhS!-se-zK}9|zL7 z17g}k9Ko*xIw-o#Sh4P?L(=hO@5f~!o}`OvwbazKS@)Cw)`AS#{`Hy3?JSp}H(eiX zesN?6d=YpN8s|n7-Il+loI3RO{JsI1Z`JWX%Dd~s_IC8*Y=F@Kf)5O&UFn42vhzJ0 zZ*&qMvzX0yq~1Q6f)VcSGN<#TZTuntANeedG;07De$Y0n)7pmBr?=!oK#DnD;p1&w z@eaE?(rh7l^k5d6gJGy(>hEXbbY~J26R8&{mONZaElb&)Zh2hp|fJ~ zjv6W<@At{vgDvg*aYm0V1bl_674yJwf)}iv@7^E=Kw$HJy*y7B{Sa6gv~vS_9W~40 zrn5RoEhU%SS@&88#x(SUfa@!#5v%WGo!6QrC3nta}Fg(U(PS1Z6H67hx4_5jWvTpXFxdoOBN1qJ}-@oy@yevCA&w9cp z+_fTm_{q0Lz2`^CmCwDzOdD`zAIi6HG6~C-Lfa1UyC-dVN?<*Egg(gufJ8_=vp|i` z?3uS!5Y!GvPko?ox|)Ik-^X)@vg(k0{Lsk*$~(%abYSRuHwRE80hGY#va#->*+%Kf zZVI%iSwIxa?jhp0N4)3hbD5UR#3~Q_upbDTwVQ`=CCpHXn}Vzd`n*juz>r(%!M?Uk zJp4I*1OgJDm#PiF{}m&Y+iYtzG*GuFkasP=tmLeM3vayRpY9t47z4ZK11}m0e;cuV zi{x#_n>7Z8t3U3!Z)?WTY!R9qCcC^od`AeV)(mazf#D@boS6_^+I+ z!dpTsD})C{u_KJ1Rf(@(>7byR?ozk;e&GOX-&69H>*b}^%(4g3NL}=!?bP?Gzjs|< z?2;1wF-*+f@8By~ZX-_Fa+2Rv8>7P4Jp{BKP3o%s;YDhsD=#aF_xL3@T4 z$2cG(Qc)R5oXmT_yTGxQBJsyHH6=4@nBLOH`e$|Vgqs%vb?{rGr-PLAkD5K_tWeqB zLvXelUww6rM9P((ae8g~eRiJYV33Vw z<(dAiz{SSOPqge;oLl8DcmW+C`yG|Wp*+C7v$C>!pJB-?tD|Ktrm)t_ardFS$dxtz zHA79qflbE?LWH;J+tvMD+f~@HfFbqfu5ZKmghd;1mA=+G)~dHAsy$luU#GmKn%IWZ z2RRdsuwxP3g3d;6&#(H?Ds#(M?EM=Ea#swS4Jf{OHu+&e-^1FQoYr)nxLxw{@=C=t;U*j4-F8{;F+Av?;9$od%2 z((GMvn&A$dHrQe!G+2~;d@}o^bPD)(re$uzTN|7}JiK~-dng$*bPC40*NH6oCLveP zerlb%V+o{i8hXDGhZw?4`b6GCOVT;m93STd50|prcGR3Os6YTFZ5zd=_uP!+j!#I4 zi%l=a7bw)S-Hk3Fl8ersUeSMEsZnsVcl!ECHmTYH) zf|r#)9NV+S+e=^GGr%Iah`SRK5+^*oSU&~knpY}uul z$H}Z;?P$@s^yd_^I<7o(BAU2%hesvl`VSz^P8T=G`g+ZYVSS7cA#y^(UB(bB#x9~n z4i6<3EcZ@Ecu__nt0C7(r8(K(x?`{0((Ya5Cmee#eva2l@{+jG$uf(zW*XBOc3(8C@99sn#Q07^_I9Asc!<7Do3XEh_jYuYmE{<ckkG!@sUU6-1Gy?|yN954r# zLvc&>O_*J&CX^=g1-7icQ~7V}FQFim$Tuc^B|`q*e<<>};AvXO^2&O{8{FWvsX+c2 zCe>!7qN;+#%fo)=1kP&ttoTEMz+6dgy0D|%r*7BaM1{WebR23jr56aR4icN}jJ=M& zjfXRCkM=HwXK&pXg9wV6y<=YNtWaKP`bx~V}bP;IePOc*Fm znR&m+gp`wSPjT|C&^G0438cskKB)(4{HbE}|u(lN{(MT468Py6=N$-JEoDi6h zPWJwAU%6XU^z`+)%uTo0UF_9=AL*t!2&5p2{E=wA{I^9PBK~o)_SplZ-S8cJDhFf- zgIG?iJFj-nFBDTXu4K>8;%in?HxCT-CAU?>CmXrwoPI;{cNcqw=VJ6jGD-E*cfy(J zVl+0>L0~KMJ4%h@>SzKtm8hyJHuPrj96&RRr9825lUk;wmV`cjT8~+Ysj_Ss6fx4k zDwSAy{?FGZMffWnAVDA2c!u}+TD1l`^|tnRgzX;vnyTZI^bI<})CO!#DP@o&!bDd6 z9-fvvS}HQ4 z9$uMxcIY`efCGha!!=TwuJl{E9-iNLNYdZh7w1RrpyKzYN=Dpuf;N{3g zvv~782O}i~5&9c49D1B+WRY`@WBRut`p&@3Yzgv#iMx>8v!#y{tYXc%DrLc+kdY1h zB=pol1~XZ1csHByf?pKhfce(kE7&=6G-NC%*Z;#FJw6`Bg50A$d5ojtocsqPs4F!C zLomjb7@IelgaQ4Dx%Qdi{+)q=C^77qB;o3Vf)DwnaAGxdiNW@Ldj0Bug)X!t#7lCI ztmKAjzd1KzOcJiKnfoi8KLs~FfhM&CIRl?St;E4@P9g{i*W|4npOE2j_?-PI&|myl z@ay*#?so*g@;ie`HpD-s!sP0(B+yY`a@#wtxx5H?eX(u-bhiJz?uG?Vc`GdA4TP_$ zfPkE!-m>ZG`W6B}={PCPQVLGa08P!Z&5qsiKjf_{}+|v=St#=Ex`wM$jS|L;QfTRnurNWSD>4C`!*8PUn)%>!KV{h z(1o4${h0*%?9bZTGWB1D7_4KbV*2H&A_7&=l*{01?JMCYrYBX8A@jAG(MQjJZc;;gYpRC_Y5DkieJ_cBOZ2P#dC0kA`;Qk3IW9h4!d8JrVTkE=y^sM=t$_f7 z2zIY^*qCv&wm#4tv@kOxLT*+}T<9z&t1|28)f&iDF8%XIBW~}|*;(ta;d`JU`rBZH z4TPpDnwm;qzA)}uS^cri;Ib6sA(fNTL7{~F;_dwNn984)?&Wse^;eto9q`ufx!OB| z1q>v(pw9f_=fPJC_+;opDN1XY$_pG>2mvp!5+x-iX$|KcMjslg`};P8eNUHlo4qo0 zXlX$~ij6y%1Q`Dye~x&xBxZ!Hyz4bMVQwHoKtGdV|8v%!LaV`rJw`gv!oVXGtaa5d z8lTt*X!sbAq03Toa$=YbsFZXS^&h0@pvy`ip9I8~sH&=lHycv_JL^Q*oh@N1nku!} zkGi(XN&-KR0?4SF2O&~ZGeb*wZ=zJOm>h&i&nG<+=`_8l)(+lks&|@gG;vH8en8L8 z+Wdsrj)=aY)~X$q#lLwbRdc3+Z0&hqjKJNmVA(eID4o-+OR;%ws#Yp-yKswA{G}-h z1WZ+Z9oDy7YRsFPKrY~U!Fjq*k`x-72cOc#g_IL%qzI`YD*D@1UUSgZnZdY*bXn){ zGHu`>zB%JtVI1FN0yUHqPrSP{q5M;A{$w($u`OJp6yUi?nRtsY4HH2r%caKDCduYF>*!kHRKg|K@p2%Qk;|dYc)B8BT zysQAc(g4YGC0^3#X79GTDSR(d^Q7zK`KY|x<3y@?I&L}M5v~0nGHb8`s`i!j?1jsH zf=*41>kz$9wjZ>GS(`U&++w(Lcd=xn`m2GWHXRIfQ zK}FVG4Z>_%K`M-iL(`jV{QzhLwHr5#EEP&Qemt>(&$CNAp3yBip zG@iFL_?MZ%|7igXe+X<|Z6`t6y1#+rf!*~@Cy!mF^_1i$oCx#fzQG%us(Br^w9u?4Y*m%@K2E>K}}ctbE`M0 z11V{#slN*gC6RU}a^Rx{%fAPAAwIKnpoXaU7JOg&C{9C9zlts9%;ZJN@x9OC(Ls&uAI)3jv;4 zmj0iBlmvn>X1S3vch=`4EX6tK*?(SH$x&ETL@&S;zVVCZ5)Zj*huvpsgKM0}R^ zePe#&R=#;)oX&fLzZh936~5!oYs(^JQ2Y2sFva=Z#}xLyQ|{F+`W@ZQ1B1P` z0YB3?S;;nD^vJKX)hSF?X~yz_NWl7L2At5KOn&~N(FGJf;Q2B7IrQ%JJucoRd~Rzv zqdr7Ie2o;1$o#R{xC^(x5_~-iV3Y&%EXJE4t*R%M=?(uP)CazbPO*RCd?DR5Y4%B-HU;5eVWq5Jwf^T+@MpkKH!d$c6ns{Q|6F0r!{Agco z-X$`dw1&ERBy|NTyM)GZ5VctijR;Y8XWPg349)+6eYO4yK<2~1cFHebu>L*{HI-fs zk_F8-aBnlh0i5c1Q@P4^))^oH`r0+AGV9$c!2bC%PMtds|u`RJ$zQX63Z3e$(Zl~AP;PII0l_Y86;`-pUu7TVt@`DooHHMoV z8_x%B5G*NEdo*baU#9>uf1=swP;WDE!5_M;fV=zqO>w8Z6 zeuNO;*gAjBeJU%n&)#rj0JX|U91&O_Pj4Y$AbW<0nuKQBpPMh$&#QrbfJIhSiRJb^ zRx{MbvnnhcNa4#Uz18zr-JAwAz5Y56U#RlC-%dQMJ;z$z3CGeO`(oy6^nOTCtwQSb ze`KWeuDv?%0oH;7;d@%mGQDk$UR!U)5zlqdg2t`6bAE!P-$8-q^D!jqWNxnpvNfJ% z{E$2vLB^gA;1}Pk{pHHd=EE!cIfwh&)-7;sK4$@#pnv=aWNjX&3DdlK4pTvr-@3Z! zY7ZAA?Gy#bye(-#Ld~<93}lWCIzzpKK!g$RZCXT9{$FxESbr*OCRV|QTVd*JbVPW; zvwv@Zc>ne=ob_4rCVvN=^&Wo57saG^(tmb1if3y?yySiS@dX9~@(+Z_9h$Is>BwKB zX|okd$Hi{kbJw4UB5ACpNBt39;9j(0EMY{Qygl~uKK|3M*?Esih{;pgNJLR1z`1=u zgYGY;{;8v8xtWK9!?@4X_`I?_Je-L?3MKXFao_K&?wcU7nQB*o12+L+o@f#B6y1R+Z3NP&-X-7F}N}?E6vqh*gw3p*x76}jvhT-~(Pm%&_KRsAj$JSRxBEhv zq;C11LR`v&%|8mypNd&IH+#RHrmb)jMc7;a4bHold(NZD69^Ew_cJ*FopvXas?TE4 zQ*@Qj-E1s@^<}%y1dLuW!KnW#V`s7IH5$ni5y0(WIhW8gnLPt*iaoiENmzkmR;vJc zaqBQ_tBehdVjwpHL*M@O(*2H!&2n>hI=ByeY~~Hzhjx)NGTNIV>}VqqnD0!5H>;3# z(^5yl&_gs#fRB&x+$f22;y{%_5lPdcC9i;uElKox655Dalv zZT@V`p@5Bm5@#$?vB!vmMvb+KT`?@w@CIxZkLv(#V5Q+le7h5(%!}|(#9H>x1*s8R z8|2-8mg^k<$_X8s794mz)&QPrMDXwLY!w?oLO>=P#%pxHNWfv!*R}pgjb$|Z6vy*N zf<3Yec`bg%=0p9W9WM#m4g8A^dV1D zvUcj64NX^=7#GbkM_1R;OUK8@D=eRMaq#ih7P-k+=OT%b5XFHQ)Pa{o`pjd^<8#G7 z1lrWUp)V0coK!f#V*EM!?xjCmI@;@e`SkyQPHVj62%k;MNw6vXq_Bt;@ z<>lqelZ5DMXdx0WpeL9)?hGg>CrCO4UYyK6MYtM_ZwkNt+PE7n_*&r(d%?w1cfy18 zmS`biNc0|CPr47GXSX-$jf;!!qVH}WBPBBKIsp(DooqE7Q-A#UHZoGdsSZt&JjnB1 zOWuPTRk27sO_*0t!u4+k$JOuh6eaQHE0SsTu{fXaC*fb^srIB%xiNxUZh066TpAmohgYuxap*)62r6eK1aV*aw& zMt@g%5>RS5El8CKta8FU@uuoF6a4J3wcN~i0+DB7vTST%EJK;pI>8#tXBfAx9EzRR za+R{ghgv?--{)S_{kQI7b6z=XBQ3KPSCgZRG-?SvQiUF?yYxm?v*o+}w)LL-AAoWi zBPy_UUGvSC`8jp=oYjI?*#G&=kh;;Npyvj(QW#edI8|1i9$*)ZjIOpP9twO0wMPG= zH$Y`%<{&~)I^ny2tyqV7kGvU*e4l&hGjBdTGLd^>aM!rb)P6+=OxEbs(5=G^skH3b zKXRmZqhq{AqfDJdA?+{f=4qXAzbWCoPZh@Jo1MK`PqSaQlcbG}6+}Y#?tnZea{h{F z`@c*X5)RaMl5izu_hkE+1RUH||5xWLZcV38-B~{y@(4km0}|qGn{+|H1y zk;Sot4fR)wy|QE*W{XGbVOM2mIGclraIqfjm12faz{A54V7K8=ox}Bse@67yi#dPu z5Z6qOO-)7o#`*y%gj!lrwhi#Y-@hMudK@a*ueWV7y*nIFV^w)!N+xF#I20fhLoYOM z^8v)YXxRw88ukkz=PW-357cr012Ellr`g+BtFWu5MNHW0kG30D&91sN8P&}LVc*8j zS&(;U*fBym)98#JmBAY-LIDRArr1Y&OCKae(1T|eyrzlNN+XGvyhZ-fB;j!HCV%ri z746RkY-XRGq1Q1|_Yk3jxjJ%-p^T8a_HJ@iIflaDG;0CznMT^U=y6J)%&dF7je3P& zB`_wQqE`!JLKU+V?{chXISKS(vRduAgvLALUKXZ-hVzcr0 zlXF3F>z4f<$wMU^Zgw1Xn;fwLbol;X{9&?n?znXWYKCuUf4mR_UcOIa11^8>Dl?wc zsqD=0;}mQ}H*|_ZV;-kkwA(D$(D9#IiGUhaXb=X^Jbk%Kp6`R@8+5FC$V5EeEL%}jEqnelKai{#(6D1#m%wVU>4P2M9 zme#k|cmtBw){Odo7TnhR`=7ObL>sapC54}#+wQ|a#!6aUE+o8Ax%$F2{*Y3>a_i0oABdZ9oRo79t+ZEG&!2X z#`0N$gdlW6Nlt{oAEhP;O$9+TGi} zRM;>qyr=hlycd?eW%A{R;wZ^l;FsyPe)aQ8WBtXw9DMv)Hv)OR%dqF)iyebG{NCPP zkHg41j7UkN$l;$^-jgu0XsMQjW1j6tfc{4{a9XT9bjr;%A2T5++;gKo!OelEi1SA7 z$P}r3=6lVPlA_}GMLTh3B5?|g!12|86TNY4R)Wis*2^!P70Uz2Kd(AAt>Uo0it&~7 z3&W4158Z4%q_Ldh7YJCl>et zkM)d6UdRQnv2kXH3T%6GGy8Wr23iO_OG(L2VhpHBk!wH2e&zqlp4I(9b4HILfNw(g z2i8D(b}N-R9s<|?Z$bu}-Mfn`z1iV~j{DJf;T0(g3L7DXHK^!;T;~Ez@KQKKHMGn4 zd9bkq*=}0QUGDQiXX7x`OK9Cql8Z=2*TiLfK^$Ynhu@~OU%;iDp+4&9Se2{2(t4h{;MGpXKwx`cM6{eb?+ z&3jwoEfLIcPO~=bRUki|a)O)!+Y=IF_n#BE+y@_V@zXP8pssafVeb3ew7Qj*X{nK! zi9qG#4s@|B6}V0Y6(+46RXX!zh>jBl2ajLb9rRBlqCNDQl7q7;2V@IEU2<0QiH?_Z zpI#GYZHZuwaHn)^D*{sd-QglJS`&P$GE#*ls#_Cjr=(<$^e~%&NQ?;mJ+|7`_U39s zK~@Klqnu2(ifcWtc2{0upZ0%gnmKd>3=al6i(Uj!{X!a_P=IZG$A_4a?gtyvr}_t& z>Z8(nG+EZuav6-2$egVc!Au3C7a`fQ?)MA+0ha$z1G2XHfbCa4ivyX*Zn15fn1>oK zymi;%pOqc{4kx)_cbRGa8C!yVRKGl_TQa(R=L`rNevX)PT)VKcnXd_n-gId-a)&eA z+1VMnOOmBBQLX*;oxq@#gm#+?7awN7!$K0*whjemYMpuJ=5HNe%gB(GYoQ834aTFnb9P;~f75m=JKBrZ^el8}t#u-WFuo1V<+%ukjqj2~K>I>%r9bYh~Wp(!VJ ze|Z=nmB_+fhky9+rOAl8MaYW;(-|vcJU47jgzY~8_kMNwa7c$Ru>G85(37>V_`_pG zxdLqP;i_huTPK6xkqVDB*@6rHUNreegM-hlW_#w-r2R`0#NT_@|?E6cC z_Bzw&%n=C9X>yp~>otT$PnSrc$i&_!C9Wml8%WROmz0pE)!Ma>Vi(Zha#?aBR@c?# zE~cO4T#SCRs5)gq&+>wpwN-%r^mO)))nT_!Jyc1t0J|z*sS~7CVAmEEmb815`+NsR z|Jw}L1Z!1iPVlp)#@Q!Qw3K$|MsuLJU`45a)()Cp*0xoAdSUpl$4I=wrWgJ}VH9Dy ziQG4^l5>0Q&1=jxPidnK?=MI)AAZEfMv(g+d*a~Z(vj>>q*Q4=wo3K+q8ct8q-e2O zBu3;-_0Ny~Z_^6WFV{~bN2Vqgp0|+PUuER#72Dgf&SXAYS+P6tucuSqAbpS!f0 z27^K5;!Ema+S+A+W3T7d?2k+=P{oO~X1@Sj*Uvxsi8%k-G+cG$6%<;>qd$iE!{5=8 z?B5h}Kq@?$mNA1*4|}8{38IdRy||3ho;Pf*Z?0}{8J%|mgtviFNPFFOAYzmX@5R68 z-V8E>0gV0_ARtUEg1vs>{kgn2oqKGK31gE6mNC^S&n5-l^k{`f354LI7tZ>5WZLs! z2s+aRG9J|SU@hjCS;J*(XqS#I=Gc3g4!jY{Y&6}K^M@XL6$yZ;Yr7}+`yQV39&GpC z!y;gGF!&+4A?_@P;WtW-wuN2!^sII3BMC6Xqg#$d%?MD zX=l6IO^$>a*4BoTM4;ZQb&3}%0dTy*zyH}^@`H3);JkWiU^5G<@-{}e5m8nP3IJGP)^yO(8p z7fX?hj81`ge z{UuDl)exfz%Kr_7Uc}WKuB6bDb%XRs>@(NLEf&a4uLVg}C_3_ebf@v}!V=ZDrh~st z%v4mcTB`O&-#d4JlkW7ki)BtM1b8Ehznmi7UF{~6FKU8|0Op52{{5sTlNemMrRjJp zq-yvLSPBg{&&>3?wiI;gOkl0;PA@XXcRS$Ew~YZAj64r&(0a)v`PnPh2+`&kmfp1r zoT2++Jq+wup}RgWb;VJ{7^Mi>)bcg1zKn!EHc+ zNlzZ+(!@GB7#P*|^^=coyFq#|^NQ zcxurQO*-j1YU4|VpQn>+*K)0Dfq_-)e3u`1f_2WOa(@v-zc&buUHch$SZg!y@ADeH zSIe$*L7L|Ky!%mdOAg)7K#~rg0K|*#cJ%k3^zH20DunJ1oIy0so6&cEBD<&cr#ok6 z1Oi^BZ6DnGm`>)1?I|%(m)sv&&&AKLmET1uze7zM>^kp^#}T~haRR;)lR=Ap2k`Dr zcoJd_3DUO>DQ2u5$=yT$PDY^n8)C#*B78`D%Xaf?_bdX3H-t}XM211aGSuwzdzE7qMT3%JR?>gkBc@BD6Pcy*6X zmMA=H1G(;PHX!ZDjb`o!6d;I8NIM+RId^j^ z2}T*d`!8BZryKv*3u|^OsSvYF*(~w#jjw2QC$xCslvtq@RXRKa=|Z?6(PZt%%N{5- zu7X#5BxvA>S+V!MGGW%Phx;m|*BxEu2@XR1A%i=-#l z@dsPm=r*>KSKSQ}#Dg8uB+(I+MixxN9wc$?pokuS^`2IY|G|B*pZEW>N5tlE|B66t zwfy$PAObEF#q_^=UBs29znwqXXGk9ip7UOfdfPmAPHsmOWHOvg13b2$#(~#m#wx7+5 zcHJO0>tsQ-XvMMVRQPGv?>V^sKX6CAyYi)pTWNWGBJ7HiE5Wr z>G}21x$JKFPx~l!$a?E*yt8!+Y+d_OUvi7#B0aI^R^ULjh^^djjp*?%Qs-uI-!B$R z8T}vM+ZgGI36$|2>~NP?!i8Y+xXe3t<(u{d;fK#3KdX2%z6_gGT0QmPw*`4C6|j-% znVU@w1>frDkb!!g&&Uj1@5mFA2M8KL+j;ynuY@(WeSTYEGOT}ayZ23kzhFGnBGZGU zJp@g0=4dUC>1N~nErcE;N0_cyF6_OKJ_a9Kmtoy3yYGNy@t0c%aPkwUot$nHJ8bT8 z&zAl!hl~DLNz&{UPh(SOa;<-`RF~E5(lHHNl}4yLT9}+0u|Uq}9Vxqb+Nwq;{}^RS zL$wbZZ4X&(?F`>&IM2|thr%d_(wi_em&1zMx8sJhcf=jPJ_?(y1>UEQzc2e8|1Bjp zJwmeuriX*KL2u*y^MGqf=N!33=Fxr$iQlgau2{DPb(~H~o>#+6oqOrl@GS^!G860_ z>}?f(xHO=%0lW$LvO;#yL{DYW@Zs(5jHoyN^`&VaVLBaxVNUpOcluRV$-KisU=Jzk zvsSFPTf^88HWqmJj9jpSIpoUCzU>a0SCeqOfe`bxW11hWnj|=M z4vx|R-3!FsI;s{hNg3sE)AA7(X$XDC?I)90 zcDmm1c5zB_=wVN8xxM3b9Ym92{yl#pQd3huCAG=k^V_G22OcBv*pUD}buzVwzVSCZ zp28%X?+t3eKZaJiL$XbaFAa4}tw2oE(!)z7qF#`RzxLT0U{{Q!%CXk8C3xw4f!ltnb`ofk4m!j!cUU zJtbxFq-gm8kEH~H)qUtj-MbDfrefYrnz&5A42nd1)Rqxgy9kH|DgdO*4#JGUfDiXR z3ES^seBSbS1-&;ePS7c~c5y$bM^SxO#PjExF^3i#8z4$tTwEwvSl)t^BM(R?bB zVpP=LOq%+|_Yyxp1L+{fEz(mlKkhn1i!pPsTN!?N1X3H(%*T#^v*z4lxGnqX@#H8q+VQB3 zR$`C`i*sxYBl6Se=%~K~jo2L}guv7$pzp`|{LDgxRs_8~NET>oYj9Rp(G4_!9dR$T z=%67Y7PR*+i=arYT)LgeAkUT^{Z0+$BHnC51@Lc=?E@Hhf+}*Qj9@usj-VOi(@=?h z4UQC``S`E%XB$(FinlniQlI9D#gcv1tg?z)AOkkG@WfvLXA0@Sg3QMW2?+_fjR}AU zC8K;Xhq~Kv#>Vh-Rd&T(xhP8lMdU=V_B*}<@G?b`xbkV}i>l@ZYG2(hvilxbo|BXe zmHBz^>xC}ClN-o)7*|bjZ{#Oexi`6Vl5b-rS$<*>}GhKu-V(gG~;qFw2V5QEcp!@BwB&f|S|Bjl1uSCLkn0I{;F ziVZ}!`Q2w*K455E#hxYS+;}FP_#@ zoob#GK{Qt*!r0#zUMN_H)E!u1Qf|8XQcX?cbUo>%@4pq4lmj>7ze{k-ucWG2wAQjahX;nA zMBwz#{hiF~?2X5 z5>Z7(G@$goeL2uY_uPDdcFJ%Cz4jMsvs!Rimc(hs^S28FSlPk?N&MArz@{Aj`c;M# z;IE`wkdxBWQ9<*8mWA#MHCV$GF_m=r<;%mRJ(V`U)Ts9!bw@Ky@_d_;6->$NNicNl z{k>MWdR;{j8w+5r+{JxK<}SF(F&;F{je0K<9GwF?T3RCz1fccTK?n#lPr7-QMbnbD z-DK?01?_kMt2ozuSjjTolrt|z&u?M~l$K7PZLDSA0DDJN9y+rG4N)htec6=F(&qES zJV{?nweMW@wqVavY6Q`-(!I}ZGSty_7Iza2DKH(?p2rl$4Zb8yIc+U4``7(b~o5EV`DbyT#>B-EsaeEYuZ;pC0)n7)DJUW>NJxn&DJ5S8M7l(z zr8h<+IVtHDP!R!XiP7ENqq|0q!M69=@4DVU{L2eAw$JmNbMA9TMeVhiTO%vnf_AuH zA3UD2p7q|6hWLUHAgY)fP6n(Unt$91W8j_TEnc9ImJaJX=0Kf9Fq19Jcp>@3GoQNN z6tC47KXtFAs`ozKh%GLhaBN(@B^}TBLJn1#o@A|QV{9x43{ryMJ7>7@Ops+ltoMGm zx~(}$g165JH1YgqEYTw5E-dQNo&4_#5Yp*4BblCDeMy?W{u-=5+^DGNFD*Bwa!Eim z$vX9G>6&i7Lh#TBWJrv>AKMb;Jp1ZM8LeZqSy+=tYGu*BKd{P^bP36sMN7nmW9Ll!WpNuf7e)tQ? zMkORqQRON{Zn!ML&h*H7$<^l*=Nyy~!wp7<_bc10)=G`W@ZNQ+HKCq5_oSuiK)2Bp zuS!>fA2cI$4EwaU2LfFdrHoG@a;{DOIW0MN59=Ll%r!|DsEG=+GJ{$BR}!e*9`bHS#I9pa5_O#JX-o zIANBH-H^nN(FnN%%V3EzHU zXebTJVN6O&IO)+^mWiziq|RMdGhK?}+O?_?Qg}_A6^P3S=4n$bIA?82c=mNY2|y>{ zhTVr9^MYfgL{BQ`K!OLzl@?rT2FpO*Tkmc5^Ud?Tz&;^-9y$EiYUe_Z%SS<6 zw)6?q4qCY9Jjs?M;q%~|kWnOHlhon*KN2veo3(5JM=18i`+)KCF4(c5nmRI@w~utX z%$9BS22<-cvf)q$LSE{C3ZmuD{yExficTb8c|N5w3Ha z!Y$l20KS1M|Q-bZ>cp zbZsCbEc6?{61aY07e^)wgF_ZhPty;`u6iy?Ynio=c7Yu}dLMr#k79UreIGP8#SO>z zfLTb8qH^?7g?xP!KuukhN!W;g((j710RO;HAp2S>Bn~aHbmH1Mp z?8X_#e`ps~(_G=>AeaGlxdTk)g0;r~C{InfJ}82aT7!=_CDo8dj83^Fo=9|~`o(|W zs!SOzeiSYnuAS`Y1nkS>`7w#7ZHW34L5JCY0=(UQU5kcKpNJh+r4%*akyVQfN4{$j zrX&eaC@-(Lhwx#~fPB9HK!Xup#vr)Vq9q?kZmOdo2Rcr$JTo+;F1;P-$d_XeAt}8V z(XHJ%2dd8LO(C`Lh=XR2jOLQ2z!F!a-ek2~;rX|J{u#1r3!e||*W2Ezs5!oJuxehl zdFb2rh~}tp{8StWG>>=ZD3CCm!7)E?JI}U+DS*wtJZ?}64WvuFf{a$~geR4@vgdJm zW%3TT13ut$GfB3aGIgIt*x&tQRMt#u1^45^(S>QFU(f0bcq}czx63Ph?)ZgCXnn!j z7FtrxIczg;-HJjLed91e39k(#2eZ|lEj2E39op9eWzX%k_1yY7icBO~)TCsjp19Ux z6A`fmWyQ(K#zgf`=us=k>Kc^9GW|ld3aT^`b9JE=B-S zA9tAa9I!sN=O%?+%T6&SIiqrua0~KxbIF zU+0KnWDLmWocD!Mfqxo_0x#ZYN#;-G$Cs(OSgO;lT;hm)PqslGwlB8$jECCwJ~E^D zrs;ql+1`|r76UnSckWZ>UNr=ehE>-2Ir|mhmBv8? zvGM|Sw3O{8_tXBNoo~+AWD{|*Lx?j-?AS1P9SL|mbw^Fi0OKO1yj;}cINIH>bQeNC z)yOqKP;ORvzbB(S&({H5qYUGdhxr;QepIQ5ctq1Ib@Y&a`jNI`b|8|{-@lHD@7&tDVKO== z;Hu0~>!U~x(QDxNeU*MlbPb$*06pD`YSTsz(uDFYy;5afZp~~~ZgaG^-}S_i$#1? zhLuY_+x>YWO3!+>18?c9^MYja!8#_+&gTab%*zoD!y_YugOgusJ@_nHnsNu$m7$8n zU>y32l%>`T)y=4PD8eUD{_u#IB!8C4vXp5qf^!F11&PAI#|`LU=m2;4dPqQ>P|?jn zzWRPbI9~ujhgU3Z7GpxcnRhn&KP>*;%CcW)xA(LO`2n~j1)3eqMpPCY4_Po;Rd&aJ z!s3WvqJzTP1_oCB%Hc9_Bt!HI9o-I(hnptv!sjkdkH(ei1lo3gKg0c83c`d{7K0{w zwQyn(q(A|NYujXS(3&^xBt8Xo>^6C1LYaZ_NIOV{blPivDSSYx4^lx} z_=J2J=7vX5Jun;t>m}yP=|LtY`U>$&(sTWqO9k-jJ@<39wB6VE%_HSMV;15n4!G}| zttwKR57kLYy6gmbjk1ZQB>eerHX9Y>f0s2ZtMn(iSB;b>y6HZ!_2vKw1_~p+e~&im zYUDtmM~_OPc=1efBOF91vRj<9%u2iOx77OOWEg_ zj1Za3o^_kx#-N8mj{o5c(cK+4uIX|+?i@@p88{IdV+3Hey+ zSN|I%n9J!*U3_8M(}sq@b&;PAPYVnNrbZoM4p{0E&vS)NJqV3YRog)E)QiPGl~AkZ zBlP)|=Z)X>oQu)a))(R7k36NH4%X^v5oi<>e~^upMz!bSWebK8fB|t2v@$@rZW+r% zX7&|}!spd>ol-$&8V|!C0h3Tlj>n83$D?txY<<=J+ck7*sjN?Y7FbFALDpG0@Ca?J z4)chA=q7rt-Mo1vtEh+yK$4x^J0Ug){I)V{uky-2txE6e5!BdY4zR~ypJ zy3?IEv%@SbiB1X!L08We6}enoUD4uifTsYqsRNSAqxlfb6j!Tyq6npM&FIjgv-xH6 z{Y5yQ+X{@h5#yEOU<+b_3h=6ioID+el?F4Y=L@#O*@yvP5gM(i{a{&%60bMUDvL{eDy7?aEL4XO~V66?cn7BkwQQ-^J!>TEo2LkCYu!c@X zy1Jp`QD9POVkynPa8z8E(0*?2<2* zrT7XM#%ZU#y!XfcN=MR)E?PK`tk(sxLpOZ$cHa%kV7cTxs7%x=fx69=Gf&*{e$c)e zn@IkG-p0t_i49}8+*p;MBI-c>&gB-nH!l+{<&!V(`5B3Spz|PKh-B2C<@&Xd9L6xt zGeM1vuJWmne8;uDI%l$6GCr>tr2EMd@%}!0Cr(weY|v&*fX+TCyJB7L7psoxk%6Fo5>{4UCq@IZgh z&tEtkv*V_|h0aocC@7dzPD-o*oM`Vc-Z1O$-6T-nK}y^gFrKL$#>K_yOczkkI!Fi_ z)&H`H8D{nvSpz|c5Hm?F6&K;sil{l{oSqO>9x*Vy-dlb;PM7R(63+Q>Hyw% z&l25N3>}Wkye3DvbLJVyw|)8)@{spYGoX_@VRpPe&6To%-PTT&8L(gZA|jVO|6z}& z&AIi}2Gtx{xxT}7CB(G%S+jIk7{0C!RK$SC1(G*PRJaFk!yTN;)H6q zT*t8?r~lmmuq@yw0_*EQ=N(HX_q{2;8LwHOm7XF7{9{0_|2M4`U7a6G8yNJE=_tNP zys8|Sa@~}gGSC-uyb1B;FoyY5B-=P+u2HjoiC?k&{2ARV@Km+oemJaM%s`E~HHTQq z)yw&Qw8dkiT(LN$w4IPhoAy63OSyaPJbz;nIEl+8f8P3zdU13uCG)eUiH&oZxws0F zTl44qYKx-XZ0T^E}dvlsbi?>8CwPJT_@y6cRbJH|^7 zxBuZ1XF9s~D2FqK)vWHJMgIN43wTjg+=^L$$e|z=2 z;Hs87;_oss*oXLo#mqhW<%sPRL&JprY$37e0t1bk6dAxcse3aFbyN|I2pb1%HV_zo zk2Vb4<3@7N65m<8rJ&2b<&z-y3>rV&3B-XjyQY-iEEuVZls7%-5#PO0WS7;hXM&&+ z6mi|UO%Mvg9qR-6UBqWZpGx+{+qKkSm;w0%maudt-; z>Kb8<$kt|@ao=sPV3Dxu-5D1kAciqV@L61z`L8ew%5F!6jm2Y;(FuvHpEXPlRTO;e z-ZTONMS#04@#s+@x1*O-&Bj<6Nt6aAZ2|C^n>Cp%z%hRApeYFc+i7i<6d3%fYJr&n z_^&w~jSGOqO*fYvB_p^RVhy8;&p)w&c)z@@Xp$4yKrAh&4~x?$snzb-{NHSpf$|G8 zumc+4lrdD`Aq283)PikK!ZNHo8-B`zRUv`D3^dP4B36$Hivvf;h90=%6BYtCQ&;!i z;mBie!=3Z14u%N@`#(n*ue=~0x}v7AJaoG#CU8T1&sLIv4!w1V3}yCejs^&_RGF^Tvg z+4nicYL8;rc%b$LK6czu2TzgCH~lL5y88$Q>31ddYmF0;=ZPDbmP{IB+i0< zzfwNN1H?SE#UbNK{S^R94%383gac}XJSZ%HLe~j#4Oe{^G&C6ctC?|BjRL1<4K{1i@{Nv;0Z+?c_W9q^nl3;7MZy?rZM_dB6i34A?9VwE2){k=@KJn^R&$@`{&$%PLG1)NBSh zJog4W`fi_EtM3G#`|Biu1W8(oVTzT_N5-2n%_ZdtuUEUm+!XcHGFxZax@BrQx`SF4d<5wr7A}5Co_!z@x?)B%3ynK3+CV|8}|= z#eTo7+I{%}XgtF{@PC|6Kj2L`?<9Kp>A&vSYjVWSf4?!Cy;l2%9Fq(&`!cI>D1cdR zi7*vdX{zGg19bQDQL%$D)iqc?wVhc+ZgGyz^RWBp_dcjK$v8A?f7M(e3fu}hOaGP< z0$>g9WW$W1jwR;_*2~rPqOWRTwexZ0>pBIca|CUp= z^0K9lG)>Qjb7A5ot*#qwl7A_`tA5ezFsH5ml{#_c=aJB=GAix%8tseQ zuwizR)7Ja*;U>06A=#gjZl^qF2Mq3WfRqVIkcqQY+_}pU9C$q3oWV=il*u2S^|^1< z{vFFBm&Leajq6^48?VV<{u1pr2W@LKMWSGfgGbh%hASMt|GqhfI-X8|S(-4*$Ee%} zb7KO|bW^iiwL5&0n^+!!n?7Ly+8TPWu>#j&sdrz;1N*wZK?PzR?XSSLvlqF)7z+6@hz97Lu-eGTnT9Kp8bSJ|8_GVXvg25%nAPxYi0tTXhb+>m{LkGGKl49TJ=Y zIxvB!tu{o;(djRsid?Mj(!W0bBCMTVj3owTg{VQ~>Prg?u70CBlHw{wWqT%Z%C^Ac zyRr`|Dysme0ifc8azWLGw@ zgEUkiiBPsPWC2phocZgIDOWrOS_Yc}X(B{eF_`OhY;3<&?m(Hl=}D|b)iqfn+MKF# zXu+8XYB2*i3YXlw+M9q9(B-jjEDO3;iF+|5Uxm~Ep9}ENeHVM9RR7g}T;~__fZr5f zT;INZvpoCKEpoIV)3Fi62Y-hGCp7cXgKQN|)ph_0L+(H2(zILp{VjJSiFZ%rJin%X z&=oRUplR7D@?qhY_jk9fkfU;Xk)qC3m+T)|MBopMy(yKEZOM%pY3G4%u53my|4#Zn z;q!}aRmU_JY;(@)WIh9*5bqq$+-2dY?b{u0X$(o(>o4O?w*&3ZYsU}>{xjuIIDq@S}T~XWwLXyGk5>5{HTBEh+Vjcz1#=+}%(YY(RX40hy zM?<_c>&?#tJ&Nvc9{>(P43COn=WQi&;4nBs7J$sh6=43Wp(&*fM?D@WX+I!1a6^zZ z&`0k+zZw*|r-LO>OulBqXJtB(`0`0!Vl>>*2)`W`kv+$6=?JdyGUd`RiDQqK z+t^WjigDJuKrFK&_75hXQA6ahGggTCdJ5Q)fooV%(Sqx}poHN2x=1R+hS3A_?pAW( z$EpNoR*=rwwW@Aad}4p=?oT+xS3WvJlH5_542X}SGat3=K`-t{1BvF;NI|nhRc>7l zt<8W5k?BI~&&Q*q<4tB&xeeJ@SP-+;?Dnl4y*k*^)Ci!_H&JJ9O~_ zU$r|O2t=O0f4>4^QWXTvhlKQmU_c%Ok68xC&rWmZNMtRbLGoX+{Ih;R5wrj*OOxc+rMy(FD2 z`f)i9(r(r}+IsY~0qPsDHy4u{XVC-+0fWXv!ACFn>08F^B>0_?%=F}l7k?>tGEQKC zv4T0-B?k3bUGGo8JSXJEsT;^ca-4RoouH_li>52+UYYqDQjW9*{o|p+KfiQGkVFoZ z+mXL~0z|Li3>}=@VwLrM-ZEeyn%@kH3Ai{Qx2}>@_C#w?a(Z1&0P%)wngy+lxPwfU zG!bw@03hk~l=brZ-GjC}ie%KSkw4>{L5T#UwfKF;>6cicC9X#JZ43Tb9PP3CF80M`K!ZWWC+1^Z2^g9xey z4jSAKOA-xVd?_$trJk<>C;DvmJ%A{Wa{Y01<9LTEvX`W!D(dRNe$>`KB=dD|3}@Vm zSZUs;KvHy1E{+*HGmhW7Cd*@;rlMLsnE97Sfsb|^53XTZwca%1koMwo z@?<>&7m7f^FK{9)Gj`^qBXzFB$6z(x&g+UEdr9Ftl0aYLLRI_w7-Qt$lIsdefFOpod*&Eex@Gpedx8=wG!dK7!1!=CW& z1G_~L{^VUcI;dRe&AJY2LncNZ7>59@^_b2TeA5ZyyPg+Ilgf!>r-@gFRoM(pn9@=S z?ZUv?^K4&Lh-NHR z2Lhq?VD-dK!`+owzT*#BoPUMo(O6%?FI!y;T*9;~byb1qzIupD#CcX9=(|5*Tv7$q zb)5r*%w+#o3*XiH@<)40{(Nq z3|oW;hlj(Ld3t(Xtt{3IU4I>zfZabP@mo$_9w~^(jlc5Z!NLO}u>&2PBvIjt-I?CS z(DZc32eC&3$9E9a%!3^2^n%a8R%jhjs@ko5O8moSZ3(8x{qdt4rv)V-mj?`RJOiw! z+KGrC=i-bOlmrlNhiL>XR=$WHn)y$`yHZ~TTd|6x)m~a1|3$D!I4m{i&m$_w_z$@xjOiGs*^=#^gg6ExG z?t@flXYkEf-zN`5oi)vAxjr+$)%*efNyP8QyYoW3>-e;}ol%#%!`0<)>BqJf^k$)a zqb|I7h1xiH_lxh##s}UpPZQj^*g}u)K@)EMBe(3@&lV<*WsBMa4I+9mLTI5w-jm$b zS~Jv4x3bYrK(XqUYE=nGnMHsVH>K();2yTm!^!CIpp%{>_meFhy{R@if`|xJKg`r7 zv89-kuEai8(MU_NR*3hy$Z5V>ho1E~7y*A9`0y7{p4`RbFW6}5ZWqTs5H)!FGLNQ6 z!JPDb{&|^O&a;h3kq`nI8mNvMwS3WpX8r1QlLwa{_&8O~9%A4v@>aUM zA)S+$3K&$p0m9xf<;rji5IFZvn)j)b?5S4PEG?R54IcLHN4tVuJtitO1tR7{cNp97 z=RkSZ7x-DculFS`WrVLcJ=1Pq1YIs5lv9H;Pv~Iw;uCo~nLbknT2tTnlA2-&9KFav zY!9#r5R;Hl-*KDV^|YLN9eYhCzz&9jD@5QV15%M{ zO4?1Hw?&>Lz}vst>*8i65hUY zmyRdvUnM=LjtkU7$vH-vg4&4tNd*lO3rFWAHh6GLC;&DW0I^pBJ>VUIws8+YYhy-e zNnII)07WkuyMcPusiPJf$+ctz>M~&~ldVl6hoA;M6x|y7-Z&uc=K%H+&^Z$`2%5aL zH`CvEkTjUA*)&il51L32#o9zPnyl==7;+_bE*jV`SoHpg5hfzs5b??MJ};cD{N?VN zJ!P+8OD^p6*(71{r?=)^CC@1I{LsW-q-3h1rrDmBJc1&ef*vFk1WHPU4_2eIwAO5w zJ3ZOtd2`!r0!VL=j-K7P2!aYnGKvRvtmzpyZ`^7L>rJ}U-5R9L44&Nx)CfQ69fd#n zLwDta7hQrB-P8Qw`awIMq=L5l3JjywB^$cm;5ml09-G_`u_lMthTDY+==CK!RA^CI z2*v^O0JJgpeuZxbwrfAcy;)Z~eeBSgDR9VbUxZ>=pq3y&f|+%Pw7%#iiVeFAv#xEj z{1dJt`IcS|eiRN=sgR%Q_w~%KDy5|bX~a3@ps$rO>3@n{(N19#&A51-8GBedZOw3k z2VUX_xrq&-2+#8i#>rxiD-=z+*>lAe1)mmX#_*%#R7{g6ZO^C$phWV}6Ee@WunwL7 z^wBnBcrmR!mtB7O??+sRatjUHFhw^KB1z~es{^v00wDLcb|6?Lc4-T2#R2y;sAsb^ z?5`*wzXkl(AhFBARlWb4&&B8h#zNn^*Zd)smEsL8(OsstNIB0Bo93X?Nqg!_4;UM! zk=YH|w?d;?Uy3m+KD@1@UO1gFxahQiQf623J(B?_L2K7v(QvJ~9MwAiR(`6PUUxv( zZW^MW9Cr{UegGiB!sc%)=z( z1mY^wuO{{c@7A7jszmEz#82>GHwjXypAazZ7%TO!DJhSD1pW9kzhT{V!n(ozl=aVC z-Oo>?_pWVz`yS6|f~RJaxenZl{byE3r@`S|>{8at0&f=Bd`&jk!N2Q_zY7Qj4J4Ca zi!%I3)Ysy&I!XH>zuQ|dPXNMOugQ(4uGcEu+-@L0WOh4C3JvSsX=fyI-=BkzSGp5e z=v7rmRdjtwGHPbOHj1@eK!7P2NY}0Pz9LL{cmN;W0~AP*sPo~>d$nekmzS5e2Otd~ zc`_0Rx^n*hyA~A%X)2yuYy{6Zuu{;`)q?}ED4_onKt^fx%Q-58yD^NWp*k6dgC$pQ00)&Bew_*>I_`-jF4ac%1!X~o)-kv)2UmZmit zBtZ-^X^aYqxuE@m9}Y+&9|3lU`_5Dk!{paX^%j>Hp4Qc%=biY56GS5|vEQ6^2SKB} z3=SS25_Sd9zPZjTKib)!?Hk|=^1p+wW(wU^D72i%knz&GigIL~YK*!~Yy+hOw;9B$ zq9dduJ4;zL zMyXt1J)8Y+c-reRvqSff1^4hEE!5=bisBhLF~snAJ>y+)X2T&dU^0;-1y%-r;FC`S zIh$WwsQO-qB1>@aL<;QOPU>Vtq(3qTH?hT>J@3KJQ1bXZq60LszW`kCAu_y^SpW|BVsnoxU#+ugi{Mkt9-E;ptL^Z6})QE2+Uq%5|YDy z|8@Xq=nJq+u(Ua>P6S+8K$%RrFDlo;8up?*x8(^N=>IrE$(@gF|K8oIJXNrGs6v^L z&NtOl-9$vDg-QC4U~$^Oh_@OYlf9> z13fJahLt%xy;5Z+`M8kmyAf`0Qb^v7EWtDRTcTxsN|&<9P)n`@SzySb($FB-CxF;9 z1z-y)cllZ1j}hXo0!tR3a<5LX1J$i(&-yo)`oIQ?kg~hzf9{Gp^vLY!pYtK$hlB@K z)`A%fw{MHjNx)M+_Lug~#tHYcuCW!Zr(%k4+^7iZA8=KBh`>(y8-<;~4FWVn7MK;) z&Q6sMz;`S0z$<9T$IDw4wsKHXAc%kqN8pppKW)Df;HFbc!C*>lPp`cL_-kZqy=gbW zZ6j2*--^;L&|o`y*0Cb_$bhEu2YIy0KhU$TsA>M~OY3ld=Pz|d z%`skV>N1mGjbMnvkuB{pueA!|wtSM9CU}}67X^tV(4| zTWz7&mEUKA7)?AMp#*H1TOC*QpUZ`O60jm;mi{R)2?HpfwK^fE^%uV&2x=m77Jfula ze;`f#4xldwfOi4d!<#^z5GQQr_-cU#uU5sN8-1-!(n#w+4`F_N6{mM=T=eg0=0AM( zr5Z})1$jt*#W&g82k!<71Bn|!4P3InU$oLTj&E%z1|~l0!PBW086ysTTEhh(GDs5m~r(Gkc2R zJA$7J;A_)?EW%ck%Y_R9)&`iNBDT%?-~`?vhzx;j{wj(-(qZ89dvoe|&gT_h+SmtDzTgoex2(I6;Q*=V&j@)}jy$5wz-S^!y231rj! zw|>KI1A{rh5sCu2pcZS#yuzlY+tEgnFjVXVF6e6&tJueX=vd56zr4tmblwsJLeD_2 zGV7(yH*iAT2Ub-C1RYp%`GMMXf={iNh^pLq)K7wdB4t*&^YTZ(x;}bx_t|qg6+fc8 zN*0k+?N*->Yu~TBPwkz$=$*Z*@ILt^KUdNHW~`DzS1^)F+*-`kTDYu@vYC@NZ}iKW zNX+Ae)KL-awoD#h6LEUIWIBRm%JJfKPv!bDLG7Io_Yx6N!W{ z%43G&ilDJQR79xzU0Ht{oiNx`hb9}jvzK+Klj4@*y7MUgDr+is=%w?{WaS+_6Sw=~ zpY-9>kd@p?*BRsR>~H7yCoC1i3Q^Ph`Ih|CR1f1`sF>_3UfgC>kAzn8hWZtINn}81 zjiFe#>Ydnib2GCm61bK#R4`ORj9O0bBVD0#((*#JHZFE#VmyQR$-cDaflLamu#{AA zVR7A6Ay`+0$m7T1d2LpZvkPQZ3YU*y1?Kz8+6RdNL|FBsh4&M7cNjj7PV2KRpN5^! z>=sHcuzonHazS8{oMMs{rRK&CwU2Q3h5lWeKpekYNh_@`@#C1SBfFs9QO@u7+x?+` zTaFW&I-q8(4CI4)XFR29VZ!ZPtGNNn}kX<;A~3Wj;16%)-`AG z3xS>+i^>nhQ|jN&0HV)r$`~KYCQhFe-()5IKJCJjvNiqkQz$+ZM{naW9keccHia%i zqTOZzAz8oHn(9y8&g=J{^MGG)=3a+a`Z%0zPu$~a00Hf&tIJc3~g(T7wfZA-(nf|C31 z>yBRvH7{$)_*46?IHC@6;U59xHA4jt+c+?*+m_vLal}U;8{H-v7)Nw<(Wf4cts5H; zGtOq$7fAJt{K?oM*E6w~45(b5%ol2n=t;@>gMSlCvqsXlGuQX!7;?F|2w$3Wzk$ux zIZMN-24vOFM7f_yr~yOjd0Hme3_X+g3*~^`zMz(g8qu8kGPl0h9K62U4yBg)g77@^ zahjMrBhut@Jyyda7S84`I2t?T&TZ4m&4`UJ!V@jbA*@xil?;acQY?B#zD(koP+pdNO=`S9Zfz9Vxo6b{`QnS`89fscBE)6CD&cfFR8@|tIV8^hwc-uviW zW%$wneoI!;`!`neB8tEv16oUx~5hD|&Q~#6=@dwQGh?aB(^dVif+rDw#zN6e# zqH4@9zJp6X!H)W~IXD@IFXP1-M`L>wkHy)a^vQZVo}274K~>nP%;o6Xy|+xe1+7Ef zSeRO)1zbMbqkbKVM*5yrIrqKMTbeAjnDpsLpY$A7t=rN~5o4m4S$ zCE}UI%O7`gp(8vHWcZ~C7}Z4mO4}}v-+Y9IO6b;YH927lU2F>zSbpMp(!zEv-em%ya2k*Zulu ze~X<}co(M_jK0855SKT#TYzty@A);z8ih$~Os?|5U<-V~)dX|H_$WMaIdL9+BxyIo zRJ~eR|F3^c&nT>PNC$FyWYW5LhE!^Rkb^x!u0RZ`={h7p-Qb9N;@>zePK z=Dj=*7L}clfz)rSySHtH!(DugOO9GDU|;KN5Tt&h1CneAbjXAS&|uowKPC3rucp(I zJHgt_;>%Fg*Yw`k&N6&tz3%Jw)&_5~|FXuq#OIHBq0Kb@i1mZ4`JuyH9aHf?+|!-u zQsP7*){X+X3#nP(i8(R@9T9wSiCjjy67=cO>%HAx2aOHCUgbbNLtc^*Ye~&vT+MoY& ze(tq1TgnEG-nry%yzW7b5R}vde-QewKczED2gbwMP zcTW4(sMRpGKD7&K)im3JUsNK(qGJs;k2t51yDZh(@JLR%JMEDi zaK8jjPg*1cm%%U+UikU*X2Rp->ao|@+L zZfADmleW&VEn6AB@yg|@&pcc~4IMmz=l8|x;mD&oOg_jxB5gEjI3xDNhsxz3SFco6 z+QtRKs!QUWFMN-=aVxv9=+aW1_a3_y7@gKKQBnPO#?6LE+)c>RNTwU|ij7(uQFrwB zR~e^J<8~f7tikvA0~W+7eck4|FTHX!Yum~SiFJMfYI6X3#nI;?a~XAdG5m@y@w6}T z)BC%_?j6Cwq=YLbATQ7Aa%lj;j$etAhg)<+n|XUPa|K?JJ49(M8tr?@XF#@iDL&sY zReb(2?EZ+>v^+6ILFkX&|y4%FF-1Av4vr`fUn8eqIJIDW&A3gq>@PhUxn_N%}P*1JI zrD(N!{%fnDrHv7Z%MuFs?KvtXh^z4wejF!XN26K7SFYGEd2p=IJHXKag4#|wJeiM< zI!?M=@e$8WG%OR7g4kv}ofV6;AB#Uu7mykfoJyh55kaNAzrN+Zq|8^nqqe#hL{G}f zCwD7P>Gq@N>Lym@nWjUBtCyhTLBbj@Icx0}Z7OwFNoKZ$9*LeaQ1f#|#YhoN+fc@q z>2)_YKrc#W<*s<3osK5*(h}bvy%1kE!AU0v{+@T}H;_BCs(#Y8oy^47vM$2VQr=*w zPIGrwQGA7QA+_*sWn-~z8>JX5`SSryGeP5?6p^{y!QgbTaF<_Dz|7K;1TKpU>R0uz{a9L*k(g)Hz~k^4_)AN&;Jdd9jOU68eWBtv;3-P*Ni=D=VwU`;(!@@rO5O(e?XPcCj`; z8JEc3sL4yPSX)B&FC-R`*hP+I6Fd$du4e*cGe!rjTYR=85iJv~Uhc0w;J}Z}IIYi} zZD{Z@Aj`8ylYc$wfYeTaOS}b$sWQzWkgIyer!wIBpaO3+DLuJuY3V9%7k|-#zD#Tg zxQ}rdn521(_r}@PPhoblmD!sR7cKZ8B(@J0%_me#$zbFp=eM@Ja>gO)2g7$bwn-q4 zjIhzhJwF4;$NN5#{^QB-$ZiQmP3+@24_(@~jgQnWyHk-t7Dq=(smV>CRgpVbgfC$^ zFf(fx6O$ZWGlQb}tjXRt} z4-=UzUS8fB-@uCMK@K%%hZh+pDRk6KMm)GsXRpN6N7Qu@?aV6k`Fcb|1S1nu6X@5n zv2m*sLqfJ#J2~Nj4@NO%%O+pvWUjhBn3_2qeJ5ACiXE7oP)ZY%_r!+4%5dg0uHi$7 zGYOloA#~F+Q@9)~iYEnU+Th~aMu(#~&iWcn?2$w#(LStl6*N!a zjh$wvuSs)Lvr784wY|*9e=JFDRc%7!HB+_!b_&ncTZSRtYbSqbgOkJ}(#2V%*In>G8xxy~`>gw$R^tA@LEPn96(SISL5<_W^&xOblxVRxsqtYB zgZZb=w?#!q2ptHz3cpD0j3lOxed6C|lNpv+cfj1+-(P;}FrJw-=?A)`*DncE5@b)^ zq}@VGOcZgPz#{zkaRBln5fLU)w^t$QvU0t>ql563f(B6u{_u5gb{?IFmkZ8Ff<&Vd3My|{)I^-V<|82 ztE=}R+tLzC@B@>B3&fG3=efE`B%fd{$+PC!9exMIk!Bq>9Tt{)Hv6lAk&UT|6f}>C zh?VK)5JL9`s(X=KDkDdWk38D!d%UnbjMc_|8r=1j=Ds*ddU^(75xHm-%6S$#Q13Y- zjjKB+-5<`G4qg?&7wb3=1UQsRk9t~&I=rh>yTbaX2i^Xj3 zZjLRX@DnwBrmKTo0`L9HGLv&FP*9EGT*`3sk1n*pK_5Megt9yObV#FK_-G01Q1y8k z%~NgT8R+Q`8mOTpT)DZPZ9T@}nO(Tim!Xj&y@WmF;JI0F2Lap1OzyM5p}${Dh` z@7S1Gzdh%9jOw6ZvAvl^mX9;sz^8xu(D2s`*}!qv#?;G}oNQX_?YZMmyuAC4zK@BR znX~gPdGABsP({56Td(DdOkr00fk zG^^CF(~~Em=L$Q9+jvq61C@6rTk1w_)f$K5+_#CpS0T3QEQVsWCs7@nczft$$v$}q zTKFc1R6u-IY4bSO*J|iL4Bnb2jBJ4X7Ej?W{-oidADFckK_eFA)-(*dcR1p^!}Djp z9#(QuSo~0K$3dwU^ct8OJzEAE=!-q4)Sbsx6V1H5YOt8#AUJHT%yYdK839_!f9IW@ zM1f+BreB@9%7oquI-k|Kw&OsTh@*xE9e?zVhQlSOOM426&#>~l?EBS3l-J1P=;9=ok4Kz_NY@wRqY6w1imJ@^jXccoxV846NH?N! zlV1NnRdRO~)%p{*Ei9Jx5$*zl{|+FZX8tl!%N+}!g25FobE;1#Q|?fgokLZf^t;cy zG%G&G8vwd92d6rvHQe9%&@PMf1q}e!F!*(7F?V9r?SJwBY{dWy3O_6b0 zOJr3$ODjC|mu^#$!ar4+oAmmOmn|$Nt5KF|9($Ufq}EwwE)R0i^BNM1%JSZ{ zM;-85pob}%;@@eTFf?3$Tl~b;b+W;pBEzleT+;J^#@DHbUFKjRP!a^-eM@|aeif`F zco~=#8v96s?YGVSZzY)Tu`(GhlyV+6YN@GlpxC32dKPqt<#XWZk!W#S+EVa}Rgsg3baZs2>DeEnYP12v zf*leq?(2z!_MN`L!Ak=Uy@}7lvE*g3+=b{n7pajJ78cc)!|F~L+kz!N2?!N@e`bA2 z?0I2ym!Cj5v=ZbtKf;rwK9>B56EW;a9kco!FIC!KhAKW{E&i|lhWi7a2M0SgMqhNb zq)3qsC?C(2p^lXO^Umd=Sstk+73(Nyv(d z1YY{W{lZ4_T2{muYWIlk28WOD7n~}u8Mx|fGMt}gxDAm4Fi^mu;Y57a>r8eMw&3T> zuqNz_I-z)K0>V6AX=#`pN!ctfMF=)dZUCckS3bfMLb$@P8y;_x*U4N?L}>qyueS_~ z>Wlux6$C{Pq#Km(?o{dSF6kJ$V*ruv?ovXUp@t6W29@pxVdx%e{>SgV_y64AoBL+o zoSE~?IeV?WKC$-Ru-=gFccz}6sKQMSz3?_KQy<2y9|kw;|Fo9w;P7u4(*&Gt|4^|K>#$# zUbl;a(8T@ugcwW_2wsVQ7~x+5)<1Efa1&(RjuoAV;t1N z>vnrE*BRumB39-zcat*4&Z*7BD+BuD%K;?{Zc1)~Jm3%mEdR}au?om`;JtxB8&~eX z+DN7oZfb;``Fe@jo3=;)eKJ@^U#G5Mx zXk&z+5<`A-%ppgPNo$Mrw%F0M#=l}YaOAZdO1TV+5GqZE&$JX{EVN#R}kSeSBnNkmBr66-YJR1;52OLM;b z%gMsdzW2%PeuJMH9QQ5FuOiTPZgfbdE8rT~>Vm7Q`GHpD&Hef}cOvL*YAR8e!t*m}F z_wiY{h$mKht}&T^b!TZ|fd`wb>a8YUs&Tvb{0IE`SN^QuoF-C7)S7Yn7CZ)CK)LAi z8=kiT`bcAyL57poV`?TuL23_Cge0s(ni z+d+Bu?J42Jf7S;?SN^@s0^{EUy@hoQl-`TlX^AnI;p%|6Sq7DxBHKJ3ry@Vn}k)*Cf5y?P8JhlzkZ?>~tf{LjQgD#})yJbD!L6ahLS21*_gXG~VRV|$ z0iAI9TiouZ{z381CzBNChh&jmi?R46M9E6J;dkN8^ID?oJ=(i%E`(W-iB7_15T?e+ z;~0y3i?ZWf`3OCVyrr`12{nhADy>Hie0pg>kmneeuc1e7;eCemHOo%?+$Is*YYvN? z4{6AK3x(sQ%5%yh2}$H`t@dw~eqJk+Ut^mQwg{i;CC*h7yG(l~Fh5EASwa>Uf6F}Y zb%~>sftb>V?RXNx)Fzm(${+uH`=P+tl^9Lqju`FNkC|~$GZQ0p^>%drR{Ql6RPuWn zvz3OVKRK!4!`x<@)nIku=u1AxWt=PHVM{&9%eLFnYRwU~923iSjJXvB)wrXyngL2) zO8j#aN)*e&T5`mULvUP0$oKaxWg4r03$w`Enj11mn+vJwzc_cgKEeL9QmwrvBFQ3k z^;8*wgh^;oe$y9Dxjp&$`k>KCG1dROWioB(^FEi{M&cgiYv#zfRx2rZ{m9fff+NT% zwy##^)-vDY)GH=Bm4gRw>7&e+0G`mC`^=`F>{wOAWI32zus+xvlm&W@#JuU_TnQSL z$lc|z5(*};7bGAD|Ist>xbQM$-t~?&k|l3{J@I$3aC-UIOe(3}Ij3jX{n{L!kzl9B zQ=D!U&`ii3v|XhilwCjZ@H_NKm0L$Z0v7S!JbaImWNy{}aC7z8m+DT{f-@Qu2D3XK z6m2&WvJ;4cCgH|hUL|*!DV>NxaF4;t#U~`)aI2)9UVWua4`{Y_tRj@mhHt;Y~_QELp-Wu15 zka6+9ee%E{JbzQMCU36eR%L=qu7f5a;i^&6PR?uJf~dJ0ofG#*teNJsRep2yE3181 z?3!wl#qW<050MBvGY^mRN0=m1CFrdoyhaD-_wNy{?R55Qh?_^mNc->>Dq8HXO`g6x zp(gb3ivk9EI_9471ikd(Yc*rmeP_XVMKt6i#3!U9G2%1ij ztn#d1Ib0UqCV%`i1@^LzJ{;hgrIQn&AQ@3#=JBEqUC38!Aqq|Zeg|q0~0s?9iFgJk9 zRF}Q@FkvRM)OP0Px+TeH(0dzvbK^>4GN7wjDN9D5y%Lr>YN{-L1+w#gXNXHF$7!1M zVaMfq)YuDWDi#-wIFPDoA`x5&vJiF3aM`u3P3FD%yC@WwINrW}H2z>MPL23ruISA$ z5J|;R{6qGS;18|~)2c6W4kE9lbNp=}G@PaF5@2e-?%QH)VO~DmxL-t@U z)xN?R{)#vgOXta)v#tuv!F(3$u**&qKV?C@DzYYRWMX={o7%fEa;EqZ+m37E-IP$_@{*%9})X50rK-3^G6KZZ)nV`O~=e0!ph%k~Piy*9l2!HnJ@Q^S3hU zVyll1@N^A>I4tJt+tYx}8e$7{w|`|>A>OtHZ5b-jXY8$q)Pz7=8?E$61wFsFCq`l8 zlS;NQP{OFxlV2F_+F#$?b-POT8%ItM`hS?kP6_rmoD=!{kh7SPa<}LvOLwowZ3OA9 zypERnrDc(1sQ6a9HRa~LOvbVv{jE^2nfm*rROYdhCwe)l+V=t~X%$H>?blw12og^w zk6I}!TXBu?Q!CfTMQ3%w(nzw!uIKtr33k;oa;J4JMt|6-u0ENvb6Ru3(7HG&oo8L3 zxaJEsYyI?dc~;5VY?qH+A6ick*@SF5s$_ak7>9UfkQ0Off}~llG^P`Aa*yall*~&s z@ZLR98kYPfNRhdF5*KE1L3x*BzMS*x2BA!D)OCWW7o>jyq`Uzgqh3~X*$LwQDWA0% z__M(8W1>3xa)v8!rVat4<}oY#S#7OtZt>ZxFZr&&J{k8Z7k~EE`XJ3PLyCGt{>l$a zf9a6=oG7yqEj{TyX*l{{3-q?WY8Nv*aIw(mAH49So zjTGFyo0EX2GSammQ2O(gOW196ULG!Htga@dvuPhV`x8&;xV$L71{eJT*(m+Hz_jL& z-dFefXw0XXZ5&~Af;=MjZyjZMAB0{ z1}v5Jhv48o{m}NbiUjv_)x?u4#}?Qt(OCG{rCH#0@z`EsmZhxi;~j2!^P+WD z4ph#4G3-)RDu7SD{nHmT7&?;t?C}`t$+K2DRXZV`7-$I^C2eKjNAC%Ss7Q(Nn$<*( ztC0&GQk|fSxr$)hy&NgoJ=WFXFjngNTBt=qB70UOrZy(w^A%M5{bki4Cyn1=mq@Jt zm%j!TOUVJx$yQL+RiorBmEM9lDbqK85XSD9rcA%icEe;mmm|%9X2q_-M0^POtVJxE zyw;g}(pW1;@E?Xir`R5UOwmFqKPQr%~`hLAWXrODFm>_o(0;hHqP z-MQwZD4X+=8WPSPnKL-8mf9Nhz zDO~^KYUdB>BAXmW;`)R3A9Po_n{9L?glhr)xiUv`+c733Bto}7m^CuLv4;~31Qa|mh>Ey z7<4-!R78DO5nKxUfll6ZG%J>o_$_xR?SgUMXTjIy0Uo-wGgX4;MYClfrT#J8$8nV2 zaEwU4XMN%2608e}yaj>N1MfRo2--`wVr4{`U8Ui|_G{z_iaAg3cA;Fd?(C{|li_36 zsqb|VPBpm;(Ik}64#mSw?3U40*;~t-#aWp*?&tlSMTsb~$;|w6i`-dO*tU#;ip4K8 zw(YeH)BbGGsCTRFr)cZ64R*rN@`3HjoS&2}=3BLWojo#h~I z?Wclw1JYXb>7Y>|^nOr2$V{mpg^7RAsJ0NS1n%BaSVDaW5t^(^6hElN&J@xgnFF@` zHhF)Z7Dp{CV1On?%kbkN4&TRBIQ^Ez73Bi*c!eS(&t~86Z7207unqK+>*j#BUsHXe zW|e0esTv;b@xo1Oh#mzoU7yZp=UZKg{zB$hTIV;juA}q0PVIgN4yj>%@_g~wMsaMc zhLB#xPnlu-2_enEG{Hg&xY$}D)TU3Cm|x7pM@6zauC+e@(qvC(4R^RRbR` zYFVPhT3yC0bLm*C+%Bjwm3nBr>*G6ktzM~Z=a#6Gb^FtR_XKM+*{A~-5XL4O`AK=G z@1DBG!_}1c0_)>PzkhbhRQkZZerGY@@YhC2&LHM^o2Z8ks)!Gc# z(QEL6twuDg6G6F(D7j#3;c6QYPIxxtj~WvYzva8nI_`k z9{aRN*B_gPN@7cs_P;Ij7vZLjF>`IZynCsW6 zkDpZtXE?TwGrepMOHva&nAI7Yu9Dwx?PFn0O14!f6OzVahdru9b zkE;E(-7qdD4{88$7PE2zGV0|r*=k>x{&V!+iO9IkVWAsg__m6Qt@YeliGCJzC75;n zeKTdw)zyNH7uL*nrnbmEGP_wltOw&(VgjHw~QV$9nXsh#WxwMsCcF ze}7cy7$fYh`HgR2`9MsMHFc6n!91t)OtopyE`A8%62HOQZ+9U6SGUXQWuwscMcvHf z{LV#2K8;M98oA3%X#cr>hjFZs*G%7vOx5b)J;J*KWbC%Ox5#iIzpQ&sX-MKtM@GIC zE@*j`0*um?b%)G;`J@>+;ZE%T7^75P$=LAVlzy^2nYMzo{I>0Qn8&b5=kYzlv~K^Y z20_DMf9jNIrPP5SOBu$TnEPdeEka|gZM-c(R@7TC!3 zRRHLrdPY~~p|8+5I*%w|1weVzqhL-9Qlna}fqa*9j>o+HT33IRXC8i)*AWktH$=u7 z4_gO_DW7!1_xnBKzu)~V<;8KRye-M1YGzV-3v@Tk;?M0o!>Cg|OI%95wS8j|&|2=9 zV45AO$<-2tu`L;-e10}%Q6S7D)K}v8!BZWK+=8Tz8R{F?n#SCMv zXWnK^y8KvL&YN4CNJ#@3)gw8rfDyLyc<{qJb80bBA~@w~Eua|Sx}O@3eUy)-Kv%O; znstOxfe^(PwFhG43aR0==R$ zS4@l@Y2MgluHUS;lDWgBa|-N{jafN7G;pXq*_A~VMSxQ4QXF7#df`j*l@s4;uYg#mapNG5ij;Y>jZZm45yX z9-27=I~fVmo+Z1@i2s`1`&1c7=5$?8y{jQ^eY*<1YZ$OJHeYP(`8e~)B+{~(6L&)( z{!wf^`pEO(ge1MuIx_fBc(Y>?M%1Jw@k{Gbrhs~&y?>U2`4&uh6+fmm&FGJSxB+Ye z5V_1$GM==%Q60@Qg>LEZblgww1DhYwMFnThAwMKuM3bGQEzY{>K{yWP|pRA5Fc+qkDP5{_W)xd_@{ox1$pi#!S-c z!{>>UV2nSgWeL;cjIJNn5QM8czG_zo_lUay{5(S!$$MZ}~5zlPDJi zL)hfB3ci)2%5i5Zs{ImWWXAmdSuXFJ9aqIN9%;{Jkjl)K2iLgrE`vdf_x`Xy1%?Jrx-` zEv+Q-@L32@Tv$G>+p}_AR7+U$1#8t((=ZAFXZc{q&nnQpT~eA!Oog*)Ml;hE*aSyt zgod#zbljO&I^qy*phG?QD60>+Y1jaM3 z6c$wMRm{(4X0mE3JC}9;+W6Ve{xd3d898YI z>kZcw#t)vFD(0LI=Y7dW?I{fc3~;8*o;+Bafb!&$h^PX*jEQ}e=6cO(UGMJ`mMex;iUUbn#;F^1 zE)$2B***wbT4u_HsouO$ncl-|T|>TuJ5CTsQL@go z{Pu-s{tJKg*!YmU@3Gm`BH7>Oc=CJ@WCNpqzuEEfwvm}X$ChH~DE`pfLt`fv<4#E0 zH|VXI>V4SD4&<%bBP6^>!$A#uV}pvDZ@ntPku}a1>4S;$)RRs?zZn>(utjlBDyTe1 zr8V9ZM&B)q1MSCG)>##gPKq*0j&!$uJVoEf(*1Nvk0%%CF}Oa#v%4{Bjof?BIuff1 zneVxWxOOsV1bg_>1msu+W@NfMJ5Q6dN$rEU)`|`x3&xh1oAfD`c|>2`^!ri=+^G!E zPqG=`P?D6e-k{{yuj<)RZBnGoZQr;sJvHS>e=QFfm+ekPx5{#wZ3NG4(~n5y9caE9 zRWX~i*vehjj4PqjP7%vhr9-xR0=en4?#aZ=o|~J0+N`vP14mSucD$%i5G-}eCe`E} zz}m^Oz$cg+)3?T5lR4&Wv+R!s7AZsZ6C7~h0(uVpe7KoLRWEv|;6szPXB5q2@M#yU z6dC)tQ~WnPI}ZNmq0ZGH7n=$fQnkEQ=Qu)4f_8iedB(sM#e>%;fx~@ z)0E@EgtmE}(3MUX^Os>Hn;*?E834dT7{PA9?(7!rW>@cOJFU|Qj|bU^j%nh{_DirUl%jn!FtlUI8HyN3hRMQ~Pf z4$#UANod}`O4u&rQ`da0O2zZUm<^Br`L>YJA)7lGg^TO5P=JBKn;btkDKv>=c=&=O ziTgx1X|naBGQq0_t!Hw>b1$<~(9JH3d|!K8cHYpIMdtgFD6C=&gI+m z5=ommN7m6+Lgpk{3w6y4*I$h!Tu;^fGL8hLbt#!sAFE1=n2;=}wM5qw=DWojiz1bV zhx86r?i0|mIWvcYwqJMhGQ-Wn+Re`sTR*elvQ5Xm-sRghC~SR&K}02ySxEwHE@lw4 z^>tgirf@#^Q@*_!*GNfX3$I$F=xTVQc?bEN&BeRyy~a~I#t`ITNaQ6?Vn1qQ*dX;j zL0-V9y@An)u^*YQBdv#N>i5Bx6@i9kf<-YwWX3*}M?OAcVz z*`$$ob*)zhfqj$x;|rI&@D`{K2IB;n^%nH0Ms)Idv^g}%NpG;7a6Z^85P3Z)p1(G60sCQ0fgL0T z#T4c4n=NXSH!9bQX>2Zt)G_Iek&MigV|LYYT1d)?`)*;|POWqviQ6AdRA?3_EnKh7 z)l46bNo{%!sPoTs^|CX>@r3&bnS_^EGvb}5^#bfyLAc*@KBc{X(lo3!vlrjtuf;Fh zI5#O3Z|>A~bl}`PS9bNDhCdh|D-Pv=tWwvrWE2Z*B z-#t0;aKvyj{0XPdOgvWn$}+o`zi$xuPg^(s2$fEIH_fpA7_(=N;5CF_3xe|oVS7WXV-fycTXF6c zm7#`tlD{s8TFM8rb+(nYu^mm!rF3_EoGDV2NZbUKc-3_S(g~fFm{}i|GUj)>nB?pO zkQX)2-fjwH1Ec}h^5M^4v#~Zu0!+4FJn53GsCeMlC!Pon<6V~> zG1M{h%M#gOel*nhx!ienPy7SpB}>-0KU~NLg zJv@QFT~r2RD=+KKSMt}W7p?4$8kMivyZ=QktzPvVp4PV8mw{0j|I0`S%38W zM*7TE-#kHYr7NioqhgOD{;v(;V}#7lxzt3zdB=%1Be8e6!n@B;#cHB?R-1)=fA94a z;HY(;84h?PrU${^E{(#v4@u#Z`%-h}Mg&}uIyt;}m9lRricbGV;UlyD)PC(@rxwU{ zB9QrU>)`JVUxbH5gUJ{qC0oo(l^RQ%dT4>;z1`} z+d`1I0>>8N}<%=}#c_pKPeejV{=8MpVhr z!gsB|iwsdL&P$;CW81$^eGYCD$};2;ZzJQQY5}0U&tldUTme9g5A^4W`sZ<@;=55- z6K@usAUve*u{V|N9m%ZSz!cG~4LSg{6YM-eYyh_Eq$7gCUy;-wakBOAWdo!Juv*s; z^#B^A^d20>AkmQl62y-b@PEETBz^1C_9&t!5x?&cYS?P|J)b|NCl)tBiYEZ|~FE5fc#@3h23(gF_4qNbwL*+KlwLiZ8Q|eaxtv2n=jH_|d8w1|O zMe%*ZPm|bSyJ3cGk?VA3xw8WKpuzXIv3%+iWi&zd;wvUFj#X?kM$-H~?;!mjD?b_u zRr^AgB+!g6FI_a|V`m}fq=cb7Mzc4!k*>AU*lw2g_}=NDMai>Ps{DAZ#$0AivXa6S zP6MH6T`!-(%o;0$XQpprk#nhsMP(K}_$^}c{LRK4vGVbde7>gcRJLPg z56=8Cmit5gTCCvK1+F;v&WP;ht(cp(m}1Dw%*n=!GxK}*B@Go-a(s7|&2U$=o!5i3 z!(5>^AL*7}+PhCX)V1_C(#el%kW@5=sznUGU(+?GtT9R%jSOz~d`oDZg?t`QykZZu z=PnK+@PuVMWx^Mb8@P+D$oXhO8a#+LNdo2M8GF@yf}W;p*+i z*n^rY>nrBaWeoEHkLo_@bEs}ig?b z(w?#S?bwGBAWuvh(!ASWmgS2fWPiS}7*hRL_PzMeHH zu;`sHtk0hInSASh^^@OMMwsPCkXvc7^+t&uoUe)Ds z^%wCjKKDYD8ZRDQunCuP*NL0!5|$mX(VLzSvcS$*o>3ct^jRLF&s0;fvFZ-7F z9~}P)a{5cx21*mKb~X@@2RC}y{qG4mts;3XA)N?zZnQzdIivp)fXvGu;nc1-Z2}Z2 zpy2$@$#of8ym}N*aiWR`3`YMz1K~_e4g;6}`Hz8HR^G1ZA;c4OSYo(X^m`nNcjk`w zsTSTXk=#k9K9fk9zKXOjgWG77J{PVWRLV-CLrDJUP$0Ko(Ka3wB~bkIT5s>$boynZ zN5^WVL`B3x+>=V=?DMV?PL_Oswe))biI({#`)OGgn8DbO>otyn+)46)a0SE6D_5=r z^2mmTfT7{|VLAx{jOMG)ZXfO~b*ZWrBR4yz2FAZ002F}A6*yDjM*u8K) z4JWX4uXVA>GjWM^PGLG0Cv_#rl=}lPu31r?6e!i+15>=Z|FD}w%pS!~D9e=SHI;a_ z@@1ev^YtdI_W*4mZ(7k9wKw<4-ha^C{D`)E(RkQZ_tM-^f_8oeUN)dHFWkNW2X3kiEA_xO)`bNxK(O8$; zT5njnEtLtc)BTePT%j6>^vIq&4P&*+8g{^YTpEFGpL5?=odCO$7M|EWaphz0HMcYd z=&*T#Ba9wh9LKS6lET>iegzYVn=Csl)lTLSF+3Y|`fCTMm^8G^Oh34Xi|WeATCQRf@d>xbBMxWlhv{mW zU%O*~a+QoJCa=e8T z@T)w`q2*WQQ0-tJ8?5B5A5Pl@N_TYu`{)FhkMTN+;I*Q$LDQw>I-#{65jOXGWSh>y z`0MgMtgYGI7Rrf|P>eb;_NKDzF~ zyy%a&ZpOyvwlOU=d6D|PVd*;1c%k1*iZEXK(D**NDAu-|x6RQ-fnh4IS+!QKmHAvObU46To@S zqlOgPN6a;i_kYn^(&X>lAUq59L0WAA5e z?!QaFSao`J5gia=N80B$-Gz6JX>Qj%WA}T;k0C%>Q8@L35I3Sp*gG5Y1u@N6qGsIx zIW<W(-mGE8jz&3Y-v(tqtrvhLLvlUWtRWR=F>_+R>SaI0=D%%!%K!b|q#hOeC*o z9G$Nyp>VtdngLf`fFWwr-l=Z>2=-**TcH8QJ~o0$Eiu5onGK}CT3stjgp z0PkiGAz${3HF%d*sICb>V};u}K&XQkZx9P`sae7fAiXSL_kmr?uf?Q{5b_kCS^jHR z(OE9KjS7&+Fu9Zf2s}~cX);MHTpa(dURf>#%ax<&U|A!&yH2bK&5C*!a8MJ~dp_h< z|2l&6W~zxLjefR-C?s*4@7oDxa~x3=6fxKzEE%F<(tP!J{aPq;MDlw+HPu>~q5YtC!C@X>fnI?X zIEyU%1y)wLW}UapMB~R#>*IHngkLo6|2%~~M+&&+8?W&%JhaQzY?)=N=re!ClihIQ zQDVg{i{pe!OP^llq)u0o+OI~pv^@smMKI_A`)U1QonYLspbDuB=E>00uH`rX5GCOh z^jW8avv`Q+9y=h_?@gB++O)kc1(k#6g&>lf-Qh-*7%*O)ne2a~7U}w4pJleEYmBM5 zCV#{=Y4h%l$6Fd6j6Y9KN9AN}V#jl&s8+_w%?`yXRZYeYiZc+j$Sx9a+m*X^*Eh45 z+faNO6r!nBavavTHTO{Rm;9g;^R;J!)ma70y=j&@ncTR*c80Rx+JjIg>5C zq@Zu6uovQOCA9mukb;hWUaK7sH@M;K@@zR{O5E$GIisNMPr{p4dTy1z(i4}sJnZ`} zoK{spFBVF^DmhT?WXVcGL#up1l$qN2pGhoq^+1H}jYX=tQGW`HT|0B*P)dOke?{7axnjx~%NyHl=4>O7Wj<-{! zFA?oFLVt){t%UL1P+S$mW_|w29v9TdfI5S37=*T3m6>82Bb7MPFEU4Hv^)wXz@#V) zZ8+$?A|d_VtaYeW?WkTF+tO$!{zt`m;3}^|sf^Au@xz%ZuLPZ6#AzO`0%zoQ^YCU^ zq?tH$E(HrkLJn$QOL`dpmoQRd$^=!enuF{uUq7K>6XnY5I~$ja*d3=W^csitQD)*Y zvdPGFFas`a8qSBIhQ$=~wN2&)tAo7VsBN*xE5-9V0;@sKz~7vG1rTBV%tig5x0!-8 z6)Nu^Xn08n^VTITQlRhm*000*UhcE_FhoOUj0fKLoCp$Q-M5aOmyF?NM_^=$uP9|o z-V1?*D9d-C+u!cQ)<1&#DMlL7E)%cAi}5y+y6VTdPV_7)O4oVyhsoe?b&`Re>b1OK zVt+(@Ct{B%JO;?e(KUj>S5I}l0ug&|FMy0>+XX&Aw!E?N6+hptt{(L-FLnTppm#u5 zgu!FVB*w{WAg$@|Q7Dt1xB%x$2~|DR6-1y*$c)>DcMbao8Fc~*mgjB|V=91>*I4W) zM?9LS!tM7i%(Wk-R|{Ebd+7CR6gpZVUMd|Mv97-&oOMTN)CG!rU$OBd7k+lf5w@6{ zv(z3?P`N~g1P6f(sCE1ogJ+?eT0ET3tg_Z_7wBKLec)3wM_vZM`vE2_e8zR93JXQ z7D+JiIJTYS%SU54#H0K`li)pTr+Pt)1ulUeSY~*-hSu|Rt6tz!O%H!1lBq|3$idi| zA|Ig}gWQw{he||Vx#m}%<~o7<)B4#Wg23ZvC9X`@YmE~e7z%rZd&cR-1qRFmdeiX z_i+X1__f(2*JK5X#KbEcTS-+i^y)*#)}lQP`Ef6*GXIXF%&q#RDZ;pH{PF+O3&1!r z$N-;gW*$+j<4AX2mWrDcyN2#77?##S%AT|plW>2BN$s2MfK(4lEbgNQ)W1c<cytgyClDfsOY zZupBOT^G_)+e z9$j?ga`h-*j9_awhgsCO$L0wM1N662xB++-Jt__F_N<{Uj@~l*NQp}JFCwEcW|kJF z;NN&(o+$apCsm+6->=}?fX*OUDI}Jq1=0klyLLI(xOAd&MamX)|ibn4{3-PHE^Y{Hw_xHtTl3l;={Fdh=Xe z`OZQ;$zPwtN|e4a;Sp!^oaCXlMw|XwKTRfV*72r%UdKJ1KGQYsTlu~o9o-&x>dey0 z`A4RK@*^{Z!O@wV0~UL)Vb~2<}p8rvl_XPPN3?# zJ>xHuV(h|6bhKw^em)E(atbr3wRxN9Yy?GvFYpIiR`PDV<9|ydmD*_TxAZktAT@;2 zA|}HvgB2g`w$zq#=e(7`jrUlclWMa?h_XBELoU`Lw2skuhtFDtRbLpaq>@CJ0>bCQ zNq_E{TtnbAUgH>GB{=4rLjS4Vr#iKcw#6eQzmS#b7QaIBK|0QpPkLWG-h|TctVSK$ z8_+H05r-M-`6sEnnYF3$u+LW)k~=6od+x7(8)=LoBst_N;`E1Zf z=+=nP1}~W4(_LSw1F@S~Vt&D7^Zceh+P9Ke(UJ9b6%>+9S?f<<1R>(^M8qw3O;;nV-q1^%c<#ziiSJbDTNZG^gpc`*%LcMo)EE zR;$=mj187=DDV^ZT7q!(A(7;e*{|8V^%&chD~8pA+jv!jysyaWQg(zZcQTwx>b3s|cF^RnM}(7aG_pnL{2NhH?-DKUZBwIXPAozijlgeaLt zlr~AF+!V=eE zcB}eubvcxUbRpUT4QSg`MMvq)H$`ro4Vkc zKxo`({#NtaaW1p^t?YV;LnXQJbUZRau3qD1!}@muBMvC%k$qp&(H(&U1nbo?E?TNZ zLHBQZrIdD4Z*&)Cjjv;>9SX;okHi&^TjQU7_Bi_$8+|Nlx$11_G5R>>thH&a8=#vT zuWfyi<=A_5sbuBQWsTGOppRa)eCSmmSOp^@@G=s6l3OpY(AF=Wo*}U;Hq;n#XaUn2 zZC=f6iXV$(=r9i(9>aWUK$E6}@^z4EZKSXb&WT64X?Y2nuw>fuHb6A#nBlAz+5 z>3Wg1`}01K^J-J)(*aC)BTHX75;|sgam~?^FZTvBMF?HovtLg{xxq66<~}pkyF25e z7QcmCm8xCN9{2~Ut`lc4Ub`qF0-iV}X(x~|%D9JQPElF^XX|CC;0KfX|Lb8_ZV=4Fovr$4K!9v;$rx>cPeySe-9Bq~cNLJ65Rjc9?JQTt_)_n7 z03ELYFi$3!7vG)J8!>zAG|!M#jQ95LJ*340D-n+ap8fYmJ!CX>tXneeELOSpz%FIxG5rG%3+#hL(_pYu3K%#~G9! zpJWk#-*C!rd*L?dC1`6^(4_vu!ocF-=NVBImb@QU%mGPWMKVEiGu0HxDi zbW|u*Ea+lugj2kY`c``Vlm{VINqt-(F^QVsnc!Pkag2(F0W2ohK_yBsmGe{ zVfpdbgU~>G;Fq3cON<6Y*x13K4O>ALPbzhrE9%MiRx<_nj{aEdsw1!AAc=`Jlh^^T zZp@x%nY38cAVd8w2w0cGYz`m-EmX%xn^7(-E&_wL(l`J4=D{&E*^@G_%+Zd5mTjG=A^-+v)J2+45a<-&TtY}q9;dg_>)xj0wE~2{fWP7lFzjiPOBv2s5e>>m_kl?o zW}~}voV$<6czG=5-yZobw8a6IQ1OTu8ZOC)2kxWHe;AMVW%Mb){xATV-d^PW>}Z9W ztdT4$3oKTq`tGgVv)xDYZxdQ_gC;ZB?D){=I270>is52ABx{T=9bW#spOp9iqv@)n zs%*Zlf}pg7bVzr1zo2wUD&1Yu4IF;>=?-D z#w0F0aT2#`;|<+GoqXX`RmBHP9xJSO&{Lf!5rJ)Nb8}=*54H3ZFONVlFq)88ls7VT zsF+ZCqHLszjE*!KSt9Q3m8@v4j@;TZz0l1Y{`mEi-FNXwZ(a`k4qzkzobbx4nrrzdh=syB!0(USj^qHxWXQ*URd(b=?u6($k8sR<)A!8(cwcxPFZ0ITal5G4fC4KyZbwk#)M{krNhOLr`PGZE!unq zByVk!7R2N+N_0tB);G+7#oY5+?EOWX^Eqabudb+UUNXpcJzy1crlwHsRH*j-d;M&e zP^?{tzF2G1OHZ2-xP(gro+w&>$v6D!Tabo%t4y3F`iTg;i2wYarF>)z@>|64If7q5lt^b&kZ zbkZL9ii#WHQyM1>8qp_TB#7+HyDt~%hk-Zy?58o3thr1|Wv$PztrCax826E^k$?xh z1z^iCQ=%KO+~jHq+#7&_qNKPLU!jB)$A`vOV>>N6M+fgOrZ;hb_v1QniRqph*)gzm zK%%E+s%6Kz`q^Tf9&3Hx@>xbapmaoD!FVK@-v*d!ri}8z56KOU=tbB<9TD^{JZ-AO z_EeSTLxH7%v5gJt3$9?w1%imB7ref5>OS4P0b+4vJjM3sTlX&3{!5#f6%jWKZ2Thr z4f6yxLVG69UOkI-c0JS6I4V}>=NsoLdl|3XgTFbl==`mDA4e2JZwPGkoSdBaOd*no z3#}x;Jx5wvVbtbkGW??x_k72@B{d&j>TjwB{w&rGSmjS`Ji|F$n7CyG7gD~yccrj@CJ{QO~oG-L=x#=zYIcnN>0GD90(az-3oZop1a6xH<# z1YVaTQw8ss0&Wm<&65|tI-B62prCY<9y_>?%&%p;n`0-7Ad;-(x!bz-+ z2CBPt%5h-e0C<|wVGv{FjU}qjgcctK1vvv;tY?iDx0(5Xe`#_IUP8P9@A#V4$XSJQ zv2GP&UWPAWt?hE;#Dp>gtw3V!AumhdeG5SdhZLW3Z)6O24Rm_*@1oQ-7AZGBrz9d} zVsdi#&%*HqF3 zoT^iaN$H*a{cmvba2IqKJhFe9{y+qVINgVr@^LA+3B!^E!Cu=2@p640dh%d9Ilro^ zvh_)K(uUP}bUbC1%{w?6!8tiq0iRuPo4!%q>s!tiH504qp~@Jyz{2JKEH)5;WAf&v z$zqc!6DzazQn}988fo#C1jSss5xIhb*JfsBY{L8qz$BBl4zXlvpO>3G3}Uj<5j>iub@~O!G+j<|tWCjlEXZEe*zg^6bKNFpKRQu0%t$h)Q2Owlz@he_tC{uc-lLj*%Za#}@FNjV|9 zZNAJbHako^OT*e)8i)O8#bIF%#Yx%$3V9jP&+f3#VF4H-1$2b=CN9fi+E9c22TW3t z4`#TUE3ErmZRW}||B=@TznU)NhtJD!CDgkZOn^LFJ`=&#UtglAbyE0@Sr7jVJEC5q zgbp|;I?2n+8!Rty&sFcC+K4{|D-XhX6koeeBtjrFX-v%Au; zg86%LLy$p$MI(lQ*bL_(Y+}LB&J{N=%@G--ljw<`m@kk(O!{K=K%!eVa)RcYl5Rg6 zee`VE^F>QX<8c8^W?Kc5Cx}?(8Wy<&UIgb9=a)7+=21a6Jm5}u)%tI8BkLrC;Ryy@ zoXmF279YIOwmlS;Kl~u3snU&j5>@G(>wjZrZtieC@IUM6#KgoG9Lr>uamw@Nd04yy z`%4SL5fu~c#cA3Bz&`1nV69yRG}hYxJ*Q*9D)=62!<;hnBs#L#b=~mqtMXR70e%M7nTq1}%BOqu+ds;!067M&c8mM4OBjdJ z@kmCk1Es6os{ax23j~=P7_9vGQC?sDhd;nJO+_5Nt(pj!UKTG+>1lO3rm$vM!p6Ks zIV?PDRC(;W!ER;e<(x`1;x~4%oVc^Ivclq=nh`YZ%sN`wj7~}-KviM5um5)mQw-_8 zFOQKUo1Pi}A`xb<|2vLJhqZwlA>#Y0qo`SSh8j%&!Wubtk$a34O1OVfe;o>8XvFo* z$0A#cZHkb} zsRTCrD6Ry5Cqfh?0-W+1V3bm|C)$3DEXE2lt~8}=4K`1O!vYv0WpSknp=n=W_6HKM zYL!MyT(@jBw?c#BZ?@B^Q?$6Lr*Di~zCYW6`#r9l7(Ly)+%~a#BauPpXp1#}eoVyz zk({gf`u8m4-)tK(=hV~)YheOss}JPn^z+FB7*673?F9LBV{9(-XNVg1R|omsiouWa zv(31#Jr^uJjQUUxVi9kAvfEQB;Ir+s7|c#ya}RPys^_3&^JdWOS~8waP+x{S+{x2g zh{Hv?_7S3mksvbP9)HwKLk^hlO$7YZp&mOMv%Y(H4)Zw)AgN05^^TjuFUH6wOkG;GGRz`4sr&9Jkx;Kw(zpSH9p1qiSZ+QLSF@(?GtlZ6>^ys?5 z#)aRH_uE_-?svUc5?Mc5s32*3%++tV%uD|cTysTxM3K~QObY^uJhFe zI}gvyW2cMZOW>MbbX(=tN^~Q7`{zkq?Tw1h($el(M|x&hw#T0?WvpoZEPv)3?VS0UvbI^(Dxf+Mf-gQ%;0YWL_Hag zq3bQu(uqk)z1(AMSgaoF-1Qz~CG|JZ*KjLTG&X28X-x--^m>(TGMQy5y=Q~KYK%zl zMoY&TdKbPJLhA8~?CzHK*%TgAiA*S;*E#l9(vUfI!U_hPxL$E^q58aXQ)j>CIKWRy z_3DlPi}EMmf_7lt%e2VkIXdHzFNJlTaz7 zzrCXP(B|jt=5i%bYu@WyCQACUu4#XozwJVBM@{`R$`bw;PWCc7WF*Lj$8NgIrkVNr z&Ou-Q?wi@NRfE}M;pXd^CN3`Sq{ORKiFZ)ro&pMpnmY5niZhv8gASN_m!Y|pv$T7> z4tv~D!vA+=B9nFLfM1{}JNfZgt0_5gmyYylYKmCIRc8YgEh&yRhs|CC0l{M`G$snz zXW{2fg-z}K-5Y$T=K--5S*}eREj`#E{a_Z-B_^+iQ^hz4U`og0)&?2u>Ge{*LzjTq zpF%nwB2~`3^5g3ozO<8auT_zs{rJ}t>fg9<;L+>kO@>b*Ge$bQ4C^@gU9gJc)s=r` zgwzcMjpTkU$&RxXbUWMjI&sR$`4>AL7D`paufY=FMYZ$-bA7#7r!jDzb1*bI+{D5? zv7>_=orHfd<)mdSOf|12%E(i6#z4rGLLC@*^%4@1jF4DsC~N3^w2*$&)zx)*eN_p@ z2kH5lgNb;$leBKb6%8#dNy=KC$?xQ36qEB6UPMKztj@I`*xMUCl#cBk9bnIK9x~Aw zTyAzX?hVtK6pPK6Rk73aC)ta9Wwk7zuV1!PQ{P&sL9ab}Oij@9i;EsroS;FDRKo8o zK35qGk4Q@7OaJ*36O3Ng)6;WauJ5q6Z|Qm<^XaUKM&A?3HlIr9C1$6(t0xZ7Wx>mt zim12Ua*W05Gp<^!n72`zojzZAO;+Wx$m8j0N72{9?j9E>#^fB4s&jvL&(UOrIF!I- zB;LuVrYmJWnhsgU5HZ_1UcS7(4)c0f9i;$XWVw~*yD60OQ&$h;s`>hviH>XCjEn82 zlc}Z2tR9L?NgytUpE(Cs7%x34_WsJPJ1u7ebCo%ovQojO2o4S=AOu#dKaB}}mC~_@ zZcQ@E=WRa*hA8WCr15hyK7SsOeOuqUai6^<8Kb$(K>jZbnTEzsRWXYS9y07jpP5Wm z9Ag7lC0D%N;I-Y3v+C+Ftl0}>uj>dWE{!=$@$akXkq2b3?`Gg{ex?f`)x|`wMx)oB zJbq7DagQtdT&8LIaftdetNvi8M^zXqh7(>qL4at2OzF^3%qIJZVM1DqNDC1e` z$8XyoORnqk`=vEli;P?)_{lpu=#VdOFuopc%0MpdvT(wD3dhxB*pYt z?CkBKS1@Q|(QIkd@_JO@JAb02GJAh7xp$VP!2~(fOBJ5f|7u*CPY121d3iJ;3GD^S zy9I$EA!lWrw{EMRdl1qp)vrN$Zj+3RqANkHmzP5{0bTf;)N(*33yIFi8_qVwI* zu8O#Lkp_Q?1+TNh;)v504C-HKO6HmxED7gy+AbxHWp7KJEpi26`b z|7ic)duuz(t*)q)Tlb4RXIB@^t$!|dBONAQyKO^4jQ?_=zP={rrk`rQz9c8_u(`FM zB(q(}V(oufXs)jnmGq0xfBxMT2+hj6szY*RZ4$aZ0Xh05F=hI&#Uob`3+kOl7*teM zKK)Zp1+l={`F!%g{(PM_rQRW%2q95ZZ*T+Q;uFs8EZJjXN=u8z(;w#G(PZV`(89*4seBq8|UX)6%9$xYo=6dvvnUu6z|B?&Cnd$!Iu%47v!5jvRN2CTE#dySThybvo@=mX!R9R%c|_e%SSE z_18=_>vvd}_y^6F=J19pGb~)JtSw@A_*7xHbg2yQU@$o=q5*S^Ke0>$W_`C3S&0P# z2!(?;T)0t}S)Bv4Q)1=e)cEJgK%(Q^5f!b1$-hbl*>Ge8-=@aKxf(Cl=ffSPFhVGa z7U45+zk2>FUhl!|uYwu)G30Z{Ge=LuD*9^umfpNYx6{!FvdM)Rmc6-6gA^l5A*RSZ z1P`Wk(S!ruMvsdYv_sLayYW{r{D&ou1fJWTVpxkVOLzqGmzLsidP~d5!tDI)Y%U(& zi_u_=`AXZ@%fiCBx_@H3^UKf|M?-x z2mb>#*T=4tW=&2c06)dLP8v|~JT8@#oS<16yk20KcS=-#|C>R%aC#Po_P(QSQNL>x zLPDY*_eh~dr;BgpF>gPzvp;Yj_#L>#>ZAPll0o&$kMw~gci0npUN-})BRnWE)u8Iw zisG-_7}og^xqk8qmf}$WjUbQt)%OM07#fKNwR*Bo#{UH7*%=%SZkgoffuSUWgy9nAhU$Bs*>2`jsE71{C79$1YK_B;T{7l;Ci0SA1R>xv; zexoF5Y7CCDUZ0M>CYxMdW{w)%Y|;J)OTWu(PsJ~a{wP65L~x*=10@@(LWHH@lMJ!u zLhYEVjQ*2rJ2{wz8RM=--sBWT7TgH?krhepwZTMZVGA{r8%SyQYMpx$y zW}k-*zJC3Noj1DHfP$k=&BYbiWUt)?=HBu9Tr<%srjfI?XAH!tB*t^T6V=!Ey$X@y z2Se)EzT@Y8$|$sNp8m$b+@LMJG&YtHSR^JOR-O?A6G&yf^2?sAby`OWY_+oNCbE;s-F#X=`{r$$l zHMc2_@=F<91xX3+)WzwD!#}-K%7&Sl&#@IGNfuUCIJn0gdjgaZ^z=;r=CQM}{r6B~ zjf#;Z$PhI)e)?8VPtl=h+0J<2`(1Gpga;83ajx;gDLJ|9Eg_+}gP6#{$(IPQwd;7j z|J%7@k+EO++p{S{&y*;b0@Bg#!yWj*b})Z))>H5I0 zuN%q_r4I(&6nD+eCd{sSeok597S_6vur`Q?uXxXJA*T`>cQ^XsCXSOkqN^|3p&=Jn z?RRQ{CR2&d$4{T$xA|NmEtJ*Dg--e?thVGvDWW&OY3Np@$2gj|;i;_R_)=lQ4$4By z#!0yF?}d182n+CS6B*D^kj%CwWf=x#PtPY^=TOucw{zTz^<-qvKkgGH^Eq$glcc4+ zLVU%>A`)#mujvhG_4?}Jakj8{657K!j@yKMk*nPBm6Tt#3jFh4V!2#TuHl6CpH68D z7k^<}3fF~!8~ocJaBajg+=S{C^GEXOTwx(6+Rr7~XnIroUe(U2qsPy*q>k`HSvWX2 z_wAkpORH9++Pp-bw-wW$3NW=V4>nCi87RKHxD}hOFYyCJb_VUs82{&zc3G{Ki?@kQ zNC?KmiT0hv<#khKcM$gaMb5}CCc@#Ly?jsZON>$6mJ(ixHJUCucCD*FF3R?whNM6h zquEVpR=pvSX;Jb(%aRPEpRssB*y z`x!?*l^&kOX1|hE% z>+^_}g1W_#*r1Dshih(BRMg6+i)AhzZcIF)4-SUp7^`)pAyXYQBu%?VM+g$ybg8Ma z!yj%+X(@d;%*PIHT?CSnlR6yX+gO|Bjh(7YA7}D&_x@AIIYOf645)b_$U%_`0?km? zos)%)-F84!%I@wVh0i%v`1!>fG_>`wybQ>0SllEP|EpKGKe?&X3MEkJnOQpRswTX1 zBqGWjqbYkVraI&aq7rSH3rC2&y_bdy5<3EJO8eH!FXpe)bSy3ZoeBOv5qf+fA|ld! zweqllJ)fl{QEgumWYWCvNVmjCQA1EH~Vosj0+wQxviTRwncjt{* z2Xu1LwmPL2)`^LUyPpn@O`xfo(=-1r?$TQ>uWsT%1-gfD2Ts6g2yOaCcfnLXmJ0mi z6MbU5+*YRtII*DG6<5Yd)kBvPVR-Ckz%_fNO09`TB8yZ;8Xu`cjDXcgdwS|~Kp<*I z?Ak<9x5!-j8}AsW;6p+JUR{}1M=?PTz?N08HA5$%#`G*o$_Ae+d9P+J;NfFt$>0|jCZdmvIw7h(Qby?6wot*VAf_xWH?cVCZD-QsS8hw5qW`bqER z*xas7r1HHcdxOsQ(b}K);QVVUtIHVbv4Hv$0tqN9D;vNwD|$git+4Mv29#K}UXU43haUgN;er>)$0+?|#Pt zQr4#Y$i_<3aXZMZpI6+UKbyRby@A5Y;fyNTCG$UVtnjRVud!((%>k4yif5TfhgQzd zd9D57-}^o=E{T#!-XT9UupRx6QARF}%I4_$8rn1iqhn+CVu0POwo17v@e+xwNGpvg z^!D_`f~Bxu@nc0kJx{TR*YZge;RpF%^xUx$6sC68>4h;3jvd|{d4H!CXY+&|tRqL? za5>s^Zz4ItEp9G7vr}LEctI>_(9!LhArS=8$IMZd!^vFzEirz-v6ApmLj)c*FE<`y z%{9#P3D9IRVPQhqyqs(K64 zRyfY`Nh)tj#$&*lwDp7(F(i2IbV3r~XBh<<8gA;KhuP(x_VyQK_RvUw|CcXxSXer<3kGGC_W)5Szb&#E%K1TcI9NS096i8Tj_@9G&7sXTo1?>m* z``3t};gJSbW{7fltW*LFvHH+!3@&bc%=-R8Y4fc~>PrmN@{0&zF8zj1Fk}R>0Z9^~ z4{G3K42_Q51k->p(`IW%Ceq`+aJYrp^!0aqw58lCLB#zlI%L2`yUmqxd2?Y5K4qy5 z%A%#Ebq7$aPMdFl17w3PF@ET#?M4^6Q|D(e1`Ws}?+~Vo7umXBZI3a!43hoy-}{>- z4yzVmA$O%1Cc_H}5-)Sj%*w&E zcsO`C_wxq4f|9a2nn3+5&=5e;w5%xUNeCi;`meuXsUlwKoI9iI2avAmVbmEWec5kq zqGK(W49vE+-}%&W9(|trrIoTB*M-b};Xs@PEZaPz{vVPP>WDw>9sH^uM%n)l4r;{w{N#P*`Nkl`iNm#M69)BnnC zVrFKvmpNl{-X$&YmJgi5)Bmm7km4Fg0{-P!0^MMk; z=I)V{7Ai&QKkx06+fRNP_c8z4a%}7DA9R6SDex2;fRh^Z-@m{_sE3j39Rp}TT;$6UnkmsYS$cZ2Nll|M3;eI9Yy4A+U`1=b` zC1`3i%u%E^WWQOzq?f@?QrDAoQDBY{zG5;T({DGc`WY_}1_GE2cozlq1AqlJbnn(l z#fM0TXE82w6%w0#hlAJTvqv9dz{A9TH;|d#C!L;{uMkd9X=orp6c8?J;vVQK(9!7; zi1@n7`bLjql6EMd@@=W5jTpDaf5>cmxNp~#%NO4PcqS+AO?={e%N`>HrFw#g2gi;h zyE-uBM1QP#p3~#7z`S8)nb{x7EdKZTb`ud(8OMt^Xy|5IuJNg3$Ss!95HY4;Xk?oG zw}x!R?>~`Q?Cn9RPtP*kCnp*^Y(*6K0e4G@l2W7sq=zY}UcA%ug)o=uH3jdOJ3Ies43-o_41@GJ z%`W@{rRV9PT-oW~H3=wf*1z)caoVH9ZlglJG`f?!prLs;+J?Mg07UWjXrTcJt@8L8 z&p_Y}3K}^DlTM^QI!-)a79Fv$L#$G*_x@RR#5DmaL1sfvkNB|$JYlpYO*+S&_V=c~ zn_wSiF}2Q)z(9v$z1m;9{coNhNze0%+0(P}Y=X9ZcC{kDX{LC)d*FXMOr)YBvBKhk z>tsVO=iLS1Yyg~g1kFnBoA_-YssP;aJ&SJB#Pob@^^V4g!R(W&_L%BeTWC^be~(}m zUZyQSzSr7fy`X@~#Ss#AFU%v0r#E+TY3n?zxjHa5OT4+cxp=b(|9!(&WfAqQcPdC_%zW(C~>#Svq`?&+>898&u6hkpZ|q(WQzB;yV@b&~-r)bb`v#1g zi;ReY5Z$Z}4Oe2>={KYf{o{6)QR1?U6DJ+0{>wimK7Vv=22D-+l_0;P;)2%Zxye47 z*7hxnPF_}VLl8ssKV>LaV`Jm(*%(Y}j>A?3*;>OQPQ}lA-*V+?%^2Y7OWOFNdfR`< zq|N3e4;W;bwWXxSaRF=kVfREDhj2ICKVkxJ!P9v{t0>*TIHbCIy1#zWIq^ZUvvG<66U{a7k1;UD#p>*CsR!4 zAF8kCqoC}Rw~>>QA9NVHbfIcWVZ}a%T zPX7al?!1jncVJr#%H_)W;KQyqePd#{%(BPTHWM?gBHTe~SLqHFdVG2Wq%}s;-kx!C zY$dU`&oWby&PSky(JE!EQ}NbecbYGI$S^Z0aZXZTcTc>7xM2Qn~G`X)P@9fe!%0k8o++pyLOe z4)buTsw}+T!cfi1M=^i@Vl6!hDRVs5=6iuA*At*j2LfzxtnG#uu`@!>N}B>7f<7h6 z_ud3xd~!D{n!K^}50gK>Oe^B!o%{?SXr)lVN9tpLlD%eES3kSCFa_YbIKPlege4wA ztAvS%9njXcitlW(F4?o^tdhtZ)q}F_aJA2!?!N7DeJI)vUOLd7f`PxPA5bnkp=0okrZ6*;WYJ* zXjWGgR6>+DpmEAXQKo8hAC!(aI`YcO`C8RKG&u+PefM$vyw3>~Glcv4``gsIoI?elhPlJ$KRH)nv%fDF(Q=89cPR}K2cDk3;$HVl=`%Ih=VBPd z$hZM^EC|@gX6SWO^UXw`v)j$uS3Zl@$w42t)sB5rbuKO*$F+WCoa$LSCVdqdWnWUD z`mKeTr#~k>5c=gu5<72NA8ZF@b5*rh+lTC%W$f+Ao)N`PqKm_eJ~A(7?UmOr^o74M3xO zPRByZn3&xkr8Ez}7yId=b7FkDyv>dL4P%^v#a2j+Moy<64i#ERY5m}M)bVWm^zJV0 zjKoj%iM5x~oopgkXNthYWVbu=rTGI{38U4L(NFdKvrQ>rM zOsqFX*2bCZX2nHNF)waM-!}?_$1bZW?=`^8hAUjYz#7+d;*p+IF>f(Jh7hA5$D! znh6FP?+|2mwl}gG&J@~?t*2pT=>E4US;n6eS1r^A$Iup2M9l6Bx5p|+VZK*wnFvJ~ zvH+OA0z#FF8)I&nmJO?=xJuI+j>KkGE_029TG8S6Y#gUj&9C87Y3BDe-9(aYb@?#$ zp8ic7Lpx*CnUJl>85~R^dA;A|wsZf{epcr$;|)wGOW-9BC6(u3d#Evxv)^T%hSAhf zn$%eQGhXRN)tyN+e44owUylf;)6a(Dky#Sw&pgWNY>yN_Q zgs*(RN`%*>k2Nk-DQD|nI2DBGMMBlUC~Ip$7x+hhuXVU|G6V#Pe>7Ox*;#LpkvFH4 zIKiQ07bxW5;ONX5`j;x?gA0lzz_KmCRrT5A6k2`bZ0-q|V$0D0sVNi4DWE;$ITrce z^wD1C4G-6DelzK=ub;yQT>`uNjib*RLEKnN`xVi0?Az~{f$l~jd4=KM!bP^V{kSZj zo~m!I_|p_?kLP6c+juNzmZ!QvakRU;+d1180@BpH=qH>beBUE?wj$r$EqQ7xs<|v8 zr<+8ISdV$%{KD!X`M5FsIDfp95lPVPs~&;-6(WhjYmyeKoFv9zEK3LvAMi}T0A1lf z!Ook_y(+cYnGJ|5HUXwx+7kOIHJ`>ybxi*yl{9HWWt!Hccu`pnZo_jw2w7>B8fqd}=;@^t< zgYffm}u)u(Yl&CcYL3XCZG;Q4Q9c`86JP zE3KZ2;6#m3(GSIQ6_2@T=b)7pJ)l_N;NiR_#WfRaW4O85!SzK=eX*XI3HZDXM~{m2>?rWc#G9vD zva8~1c@$XhJR0QjMHLhDW$DyDd=57?`d}fY+KqbNoS#Cv2CVA4cbw_Tdz>|%-WZ9;|1b6Xf2qDkx8f5#8~%~v>Bgf z&2zxA-n~vq{wXHwh$YNxe}0L=YDpY?O?tf0=n0z5POqK zC(K%n5P*JTbTM=EJb&G_DJ(pa?T8u60~@cAt`V&y?sacoR&ikHDcfjzTYGSfNN&+V zC76IThAEgyX7_LYmx9^U{^(>c6nDh`T!| zrRFPLh=he(@(Tys+utV?Sy#;C(9kHpcakLp>MjmWR(3WWW4fa8#XFIe=AeapPs5$w zZN{bM`G}ask;_MKiq5X?z?^kX#|hKln%~Q#R{<}Kd{IrSy|P-b>}8~uad>=qm{n6k zlA-{hwUlVMdJ`|;fh#vCJndFC2X^!}L3!~Zp_|)`iRY;&G7Pb|M8v>gb@L+v;HO8Y znXs@n=KXfrh$dq%0gZ)GF`bD9^U>S;OREVxD3Z@Mt5{Dv8OsjJEMpz9=%MaL(m$bjGNw9o zoc>pyr?(|xP-wXgT%LCSh{&%ouhjQq&334q>@+duo}>+e+M^k@e${~g|F zkX8Md@>AVRm4sxRAwlR;^ghaI6U994(LaY`%ZgDO?NPs2EbIYkC1W*pkNcnm3k#cR zeuH1z+l&nz^E>{%2P zz};q_UE@gq=NNK?=bCciyQP(tXVTXX_F}B{l0iuXMgbZN=_$w#^hksQMfD{oQBQh^QU)Pi6vKCzUC{@>^m9Fvew=ZA5eD(UZ=9UHyASJO$ z-tA4aitk-gfQ@X;@<@H)XG?4*LbSHi_np70!51Px#OpV>S7lx^+nCRwF!Fi#__%k^ z`B|I#+l{p0JF==)6%WI@@^g2`f47wbg7Nv;HuL>Po9lv-u_`ABR~sNa8EBQ(zQ~R6r38XKgqwMT9l_&fD*9!;y5Qq`|@K|*njtE}}(3Vdltaaie z2H=;HpZzCgU-SiNx$NofPvP~lw6(?~O2ZvaikdG-jUjiGy0b^*!QmPP2=b>WbI9B- z9oTVW+a-&;WaD}n&QHB)3kzkS#uNWy@dj|Np|`u&GkSaPh;jP!7Hg{xB7}irq$Hns?h4(y?E9&T z#9^4Oo=e+bUbiYf*&_;NKcOTP^7|Y&Ukh;Pj)KZ(RJXqW3_A~>kdTJoGV3*2O6AIXENn(Bc5BUF*g$9`hFZSUB}Ns0{^*;Shjc7TG(9ZcuxWG@hL z)^i3H+D6cpY>dgD_t&~Ynt4xrrpXfh$kWgcWd>DVlV9Un^aGE_RQeCRDrTo*EI*=E zBq0Wx&jSKe4YJB6MBggfg=bttmxg4!H556oXxBB*mG+3(sZds>M~2uZIrWycUL)E= zefIs>#f?XL+JArNWA1AI-V+}_o$ebkr?ckIJ`V%hC~MH0B4(Tz9jV_ey#cgL#=IVi zE9iz{FB!x|0uD^#@cE$H`+gqH$l-hlQt_I%Z6WDVUN*U`vVxtc;;N{SqF5T?ZzXh+ ztZ;OotU_YdX`hZn6`89KyVw~)lFSx<_fB0IUmbY4Vv*to$HXj#UW1jzCdKUqB#iEC z87G%eU^BMLA(d(*kFZ;QqEBJIvy02wMv?t#7wn$@xmA_h`@eW{oEZDT~r zXuRZi@JgPrn4c6uMs)jxUzKz3-~e(t?{t6casl;+z65-%KS)nbvI0OZ4@~!bxOd-q zin)!+c>J}a?-S*O$AT;b%&jA3qLm8sf=6_0oGpK76NMV{hfY*!PT|kY8`93+ z!fD!gk%_j?I6>3DsDQRDsrvzb(ak55Ov-LwgNjRB6j@Bn|CyQOp-GP6vCYjb9hHx! zY9h!`R`)Z{4pOZ?G0LJ;R{ss^{KhLvZsk7!-()=P*FA3Tz`9(1avM&+be5!BFQWKCBDeSIML@_9kwC=0LCo%6cH z1}?>c!jW0XK(J>C?y}G-eqp~f-XfJ*4fjB!12=md94Y`!nUz@)21I(x6Va)%q|{iD zdc^@b{G2t?G!3UOaEbm{D2*m0;Bd0AjDDAaz<5%4I^sd?u(eMJVhr61%&v-lbIT+y zt)OLU7WCPIYdtS**BL2=(GrGwYSWr__x2_h)YOfPjX?h|4$4{8;1JU3P2DY0c+&g6 zo?f;Vw$&w6iusS~Tz=rz110F}G^SMq{R?!5hhO==R9c9DS`45RZyn-!&B>{6h`xco z@@Z01l38@f0RaJ^zh5S(&5}qRmXd?kRd+d;Q@Eg76tO*;S=RP^LBL8$YCnpf7=32h zfk-hA9;}LFa&Jz!kz=q!YWdV2m75jryk^pzEzjAjZ;@mPLn#PV<_;i5fL4zj`|)v; zbD&-v4Vv;1E1u~smY08e0Xh}1aq$0hv1QI1OEY&?`?po4s-^bPN|vLrkb~NX1ITIB zv*pt69H(HxqQlQso)R636wz8kBccqouGN6*!|!z5T+9EFtP5zKfGH?nJi4u49xhEJ z@160z0!8Hwh3Ne}tH;GM+5-C~?(2m6NfI^XViB`$SG-GUG$94u z57`z&c6F+t$x2!I=kv7_BkndSe-P<=wnLRf76->qf9#4fyI@gE5WWW84nH$eib%*9 z_}Yh!fzC`noYEV3h6Mgw5yt-Prl~nL==TFu_2In{FSwpz6bV*z!~JeIpRSUFvm1#G z{=oANs;UMuMl3n#l!w!BVXmdUxqMwo^VnuFx#HSGNxU;8K+r-F-#P&K`HV$ThtPEi8;IWPo5}Jq!NyQajgw{`?18 zSJ*f>tmgA+b_$K15H1Lf<$Jl8mxY_5qh60|u&2lbJ+C;qgrXiq@l4KvSsV#+fL^~Z z5hs^bf89UizrTM7>H&E9PgXNd$_NV&&HRz;cR0BIv4P&%*^m!XF_yG$duwRu$XV6- zp>w+yFThO-z~`Qg=V-PO)U*wA>UXcHn8DA;qu+o3!{sj= zcg@w~<7^uw4|ZW)YqMyl`JS^PH1sN-Q0yb9OMZ2Ixv<6Ig1rE>as~SY?jz_r1Xt+* zl|9ZgAqy215|aP#zZXFsQ-5o@+tPHEM|XGgx77IoH=eMijuW)e3Gn-e2G5d!r;z`n z=_^5K^mmHL8Ya;L2BvlR*^30?vm~<>F#dnj-_K^-{HNk|94=Q=b4#v z&Rv7T#?MODBmbK#ETvfblRm88E+;q7`~;n|{>{7?mC%42>lYGv-D0c0VjIiNt^&3N zu@?`G6MLdSI3uc}0^YK|!8!sVN~@K%iJyU*10aEx z%MBr!k^1^OKm?D8vzc9ph^D^=P@%P>BL?zk*^e%~L`KHafN#SF%KW-wxDF!@fCln* zAWXfoY3rKe`KRxgn3#?my^v7?FaU_*tV%Vmpup=L@)pb=pn`1V%bGQW2@Xu``AH}8 zfDgy`fbRK zmZGaSGA$_>0K8hYR{3o{pStS6^b~`Mh5qj(Vi=O0RgCE)bYzq~wMh|0O|^gXAibE9 z9YIY=E19CZyK^9=@cBnAnpQBAzijBNCZ$YD#_Z=x;+pg-Hg*^a3QC1jFQeC^6oCcA zofoj|&w!0BGFm{TxyRJjG+~wh3|9zNmVW+ZB$}Hu8cxiu-{QG8?Xqehp2B{;X%XtI zJa|%92rs!zPCKCy(>1s$ozE|zn{1=+8$YL3ncl7d3o9xq%3#f=;W2(OnuW$Y?p&-> z(BKe4tlv+~|L1CS8cy>OAaF5Qa@35R{%t@oW?a{!ISTFL*(}-j3GtS<(SQ%SSKq`z zTVj|BP2B>sJ{cNDn|Z0!ROb(yskslCXK{3XTg7E@dY%TZA}IorzUslWmCPDslGaGx>Kzeio`bG`>`qrvS;unf;m{iWy6 zuI1qQ{4IAw1jN9uiLpdWJq^K-O5^n3PK<8lF&;rL4ch;MJe=_4n{_9cy;ky3Uytrz zhFox3vpjrBs*2x??LEIPhWnM_^BYX5^VU{`jvvk{VtDK>V62MWr`@6biF94)u&R8Z zSosY#rK-;h8-i*zRWlOPQF$v*+qa3%ej_S!JtN5^5S^RbbZ=;`L#hllbkX@ppthKKwLPQCIqM2?hxw@*INtt3rd zuXC$c0Xg|{7gv~GIKzP91sdh4X)aK7`d~a&&~xbY$|N7H-`T`o3a>|a)ee*CySeA_ zdD;eqAGc-Mrzzw%7QnoJMa19LJs4ke{hx=3vqEoCUP>Y2FaraiOcMaDdUt;>@Gwgj z@=qsIt6#HcgmjuF2}>VKcmT}UJZ}3)EiEm@O%I%vdD88W$u!k8E)S~l$VkgO%c5F& z#(o90)lYgpLRFBMwJlqNL$V}h!5;vT0h|Nd2cmYfz8rkR>7$(n4*-ss5$3^Un|#5v z0lJ>{w1?L>miMyY(`5oM>%k2t&YrCVKywQ0vDm}OA(MMu)>TRkwt`@$otl}gf{&qv zg&J!~G{(5#)4C!sM`Xz=ROgQa^3%C{Dc`u-aJPMHiwv9s0F}YVPe#BV3-VH)PW$=H z%B2yi%vSgnu&7T(_VD(dGuVFd0il z%5{Hy_3Y-vI~R*U-6bU`)r`1Nx$8tT9W?h8vfv{2a9Ku`S<{fxLe&%;=|N+Fz%pt# zN}H%rKR$X>$VpE@4HvZI)Y0k{N>cs<dC`6FKS}Wilkm3nFq$|u-yX8}PX%inZO&2#lJKNhoX<}w=hQ;b~eNk?F;Ji;j zuy=4$_f6A6Xgd3L5=O4|Kj91C(rL)r|l+?zBrw+mEiOXziZM1_&=CQlUlsvciiH6Wnp+PGDwC zd*yFM`! zP58Jbs$%Ei5&fPd0PxVga%nSExtFy))S*veVP&V7q()xAH1ze)+y#dQf|1C7=F0hq zXd*isKfhjkh@LL<15-SJv49d?9B37QL0hBTyzAy>PTl)q72ZASb0Pe=w)VRF?F&{& z4Y-KdjyLsip-L@S81bcBl3p#qK&OgZlo-tnvU04aJD~m~jVZdt+Nyqqg(-p#ar>Hv z!XXB0nJj`7=jD;qG>8=}3L>JSw&xHg@$j@UzS+kD&F1fiL$un>o{1JjL|xrI@6m`M zccK4K)D=|v<>2S9VcR=G#%5btT3w0~z?VZWo%~nG>+0v?Ue3Z!ADbaC&naRl&`^(`DQcb-&iMirGlX}OIyADGWA z6l8OF!ybG(_iT6FS#Epx9GShf`TzUxQM+DyI5v*6T|AR?L7~~(yY)%rrPo`QxieGi zd_}@rtlxBk%@aVVhZVG=BD_{e5i&HW?ud&!Js&pe^ALDjWn!R&D;f z%mKx<3P_v0rA<2n!r^<>w7it2D5;$YEV%9dcoyY+>}_-D~j z$fZaCCSP-Lf!lpO2m750Lw=jG&J$?}B-zo}2bdw!c`GVXtA;{JD3xq%H>>Fnzjo4G ze*po>M1$%RKKkPBKxLD9xqG=VPM_f64%q$}8L{i?xB!8gTjul3F#hhz6qv%7+}f%O z2q3$;BQOYN7QQDT5H@n<24^|=wrE!l9!(nTJ}7v5(LA;{Z-AHtgdKoB)c2o)l$Q9Or;q4|IaqMcnRhIWhdaHG6=!kl9Iw;ec<0l06XFz7eO3|4$+WS2OLhZ zIV(*)&g7@&TbmI_W_TEBuu{uYbObKF)W_5EWAXUd8q}n|+mLu*ByzCywyrKb&+D`{ z0bv**IRNO$rIZ{(#*}R3KRk(8fz5OuT-@3>(D&E6Zf)m8{HtOVHeaFB$SXo;0w7*` z(lRD30R7n_^!%KXlE+M%fnJExco;8?CFur_5P$u2+>lVnEqJ7~RLf9!9Z8t!2`~Xq z2suoquB&HN6F#UtxxCz&N#1*U30*6#v5-jQMg#xj-_dkn(FcRN_shw$*ir|nf!qVtWHn>p|)ZKRW& z9B|s`Oia{3I(K?~9^GT^g)X|Q(c<)wo-7axj47a;OpMRd?!!-+K_1reG4Y6AeIO7{ zbwM|3hGp!vU_5Octkf!Jul=^;umJ)S*ap^lsh+r{G&>?ViN=*<;@8id0Wx51)tO)T z?__5%Cx)W2)Z*so=s@^$kxV{BRv+5j01Ri7Gb{e-Wf6hH{_xIA{|f|Rh+N#3a`0g2}$EZyf(Jk9G6?eTmS9{c;> z`v`8|?j3$Bqg~7ob{(!2|8%tUm^|BOd*frJ;(r6nqQ?~xP_m=p;bmH7aV*@x)jdwQ zdBQ;#ycq3b0%3E;2`LXraUioFiA0e6{_TA>y0O%mM(s$xhjIF-;9iYoVkKp8PQoXI z=O3P<1*SNR@G!8JH_h=^>3>-znby$}V9PK~z3W7EVV+!8x!ly7R+7VOowVLzfTah< zHaYD{ySw9aeU)nPIBE5yB7eU*9k2U=iz@)Ac>dY*n5j%fEv2MTEYFN3@S2gqVdv=} z9t0La?`q9xK4iWS%UKfKXEXjYX#rn0z2)1fH0*I{vTAoGmu=QsJHN6qDXP{A(9&YU zhM(F5D+^~f20lvGEu|2)-uDzu1$@zN^u$V^mAa2I@Dxnnj5AwpblMvdf<>gCou@w{ zx50YTH|!d6^jPlq?0NPUtEe;O6D+u_6_vE;9$dgLVGnu4ot+_mwOOVT7#7b*A+qI7 zH8tfgE#4d(H`H$O?%ZY?9-N3pkc>L}Gq;L)vkDWSrcQS5?pEe6-CPJuCgVXktzSYS zU`=2l4*+xyR-uJ?-_THo@VztVyBs^5Hb(x{i%|Fi&J)VTxWiWxV|K^i4Q z;hampMA7qy6+huMIUbi3Fq;gyZX5!rpLr4cR!dMDIvP`3f=eXjkj3f z@Sr#puVTWB5}3ANb&bBP`o(!mzi%FYwMEGymJMG^Hbkz5a0JO7ErtvuFya91Im-?8 z^<35gjl)9rywA;>MdxGI?P>2R2;zKUaxUAzAbWH^btWBSZ zkSQdqic(Pqb#G|5c>8vAJa@m`rLub2$W6uZ@7m#hL|}2d%H}6r!I)|-amr9Oh6BAv zf0zy2{H@rxigBC#K`2kBvOI8Jd^*V@c$nD`&EmS;>M*D|>L~YyXwXN?u6{XBf-%`J z&ah_pbf*U%d=5SFLae8g6-G!E0)s^XbJcu<7Je0^sozLkK!(IIk26Qc;N3zOZx zXJ{?D(c3B-@QF6@k%gt36Ot{CN4<=VC}d1@tZ7@_4C|2c^Dfl8rMeM{T$vC|aHlj@ z?&=FhvO)N##8Qo7ApJrx^~-uk0#nmPVA)-P3NgkKHPo9h;l#Lv4L{ zW#h9W(-VQ$J^Hv^W@>3^&|S!(-ReHAXj$cTi$`hEKQP3cXr*hXW7MNXSW6cyP}6~% z5XnH#mZl_KUN}nU{N?~gT~(%z#9>CIhRT4fSpi`P2q(@j{{W81`*i4G%Dm@wm|CKs z8(Dm*?#4rekjy?DI2{X0OEWV>-@QU5{IE#4)JF31_SSN~Rrv6m{LMGSuoyUn`*+Fr zbRLqPs|ALyTjARW+HH2xSQf3D3K|VZbm)vazG)#;iXr)cnVm_BoBXsFkg z?WdNRG&MKRDsFxrKPZ}~5jEBKXZ*c!E1$DzMBdwH#t`k~>jVrl^Sp!!x_OkhXW3?_ zQ~y50c8^X@kJR+^d#3s?_E*9HaZ({XZZtC6my#DmM0CC_2y~3DSY^GPHbOVP+=j|# ztCpkeuI8!(wS|oHYjr`ve{<#G~NFv$gyXZtpuJ+4zv=W^K9; zT=0B|C*^K!o@ugM+2GdtG!D)f*uTz4%e`t^wUjdc`$=Y)GWU7onL2zck0Z%T^ex@N z(-vJn*}o>gtyX4JcIw7{`QpFFMLqBI5uyc$!%Z{QVqNmX5FSPW#uvBLcDk`OA`M(V zvmDEF9D=`n?rz~3%xy0ZxUBT27cOTKi=wy&xGig!?~3u}J^gNP*+EQ^{n;xSFF_`u zyY}l(0i$ZA0IZIFwz;*n?#Po%tX1(n3NbokGU+p0{-CI?HDeOhfb~qk{$~t6a5EBK z|DUx^pqRnYvsw}3UivUFOYr!qM(CE|Ya_=1S8kt-T8U<$=)7V_xp9>xLE+i)G&j>zI}GYZ5Oq?C&Lk z7?Y5BRsjq*<5tyKv&iIt!96ncAls9*7q`-NBdM-#kLUcQh3i}=-hX|?jg1gq+)Pd) zYpTN#Zyu_dX!AsM858k7zq&jL$ZgA$M&v;Vv*ni75aofaSfuL;Xq+x-muk0+1iZsh zQqYiehENHX;e7A-=?OAzx-_7TfjASMy56uW7dun@^fK+?$c?NNd*Hi}jmMzl#(X$j zDj@fJ`4Zu|_t)S>d1ZAPGvob;Nni{oZHu6z>t^|wG-u3jeL>R`N;q<*8RWdkdD>aBH3_bI6mI96i2Fe!4VNY4EETW)gYi}z%sff#ByHKvea5j= zr>#9-N-)2%@m2n$eqY(ThNG=1{)@XyN^)EZF6sc3qlNy$H*rx12roV>ATGt|WtYVH zz2s-Jc*UT(2_0!7u?267-@1+-IW;xaZ}wpAipY*X1~T^@v~bX=jQ^hW$)ba*&jO)F z2x00&h>caOYtTD>iRJZY>{HbkV<=NVTQwd2;TS$f{3hC>H*0a^}c# zwMI=@Ox`OJ(xP6k8>TDJcs^8|xZ615(|Y}SaXoXsHK+mIs|JrAJcONaqMJvpGK@Dj zx1L)c0bpW@tRA4wPc`D9>bUp{9Sz^OHX8z6JV6WkCj1(8om%Mb9cY+39)-nkhEG=6 z28Q;XbtLT)9~Zmc?3tOd;_V(k+^-8Hi2+oaEl)a2sTYM_yHT4Wn{2?v0w2Nm^Tfm6 zlFz9;1-@yLg1!ZFbWhk8;GR7%=Ft`Q298L%sHNWWDQ6f@Xvo!$2Gi{Bb{UY7PHdkj zb%CI)PeXG*u5+ZMZa(CW|MQK}pmbz?ot1nyUd<{Q8#`VMa8xkMaS)6h6nzRg$Q zc@ynj`@KEX!!cRzw-6nBc=u4(h!G5Ou4l@fk`;{occbv5Mxx{-I|~m#1heUy=-(hR zK|vX+!WbE9K}hxlg#`>PP~mLXp#rDL*)G&3A)|lr`6F#E{j%uZqR0J;wI``JC{ENe2sApyo}@BEFs$<@i6R1Xa6m}ddk8y1tX}E@Z zn;jc)r043T>%zA6yxYe}eQ(DXSB-C!gw>n$$pO$uF+uNK+q6s!Y?q+qR)lj*isbrp z>AD344}8UD&}t8x(0W!)-&g0vBp{FqjtR{=#w@9PlxB7~k2lQsWZjYX_TPqFgV#=J zJ6*KBe<c3{|H~3haTaU0V;*!Z=GzF!8q7OuaME%FFR#b)w2*i zI3L$n8!{JF%D(S9vyP(PU9qu=L8ChxBP||X1_sByTlTDGOSoc4L>)kwb!!AwWS1eF zj!I07{NBGw?Prq5s9Bk5_B%P*7vyrzEH_P3G7tG2oL*dCwn8ZDkc^H`^IeNV8y5;A#)aVu90zYLj z-r6#PAcz{j@LiP|mf@$T!@#OykKBBE@V>JL#<$?X3%E)Ql=U7d8t9Kp_c~KnfBe{W zB9~upMNqM*-i~FU7Uc_rVNV4JtHw&nP|QEvyj~^84=TS1Q2{74%6AxypAf|&zN8CU zuq};LY*MFFaA;!=vtj&{04sHcCEWeywjWxv9m{o~-WIxNuRC5cUYi*0hUz9!Mbs!` z-24a5cqxe3@01k6h4`4?Xh;L$N!sraUHLxJaG1{fvvPlR z>I0a;tzrGoXz`FVIOmU7ny3xl=yVNX^n^n;%QFdi?L#AQ82oZQ(e6QPbzoL~S>~UqtiqV~*1S8E-Y6 z{v86g$Q?76^%(Tr7k)2o>2+Sp8w)H z-K*L3C$@s_X7%uAsm6&^B~$IqzqkCq>lst zObF#L`UQ>M(*U-ZRxvIe?a0~Y!`kYF{;0M!>0Tn!He{E`*-hrbT2c;%vv5k&OhX*B zdl${;B%9AHD-fbq8hIe|Y6pBVC#`6Y@fwh%tvcmOI_G(OHc7+E9{mM958=Y2yRvn- z@^rtU$_Tc&D&2Q@O{T%=P7ffuy&;gOeKlQJH0j2^LnB;mRBPi_vHvG?yH*{I}l zq;_PBHQFMpa2V&Drw#avl3#G)TUeSKbmo;5KbT`6BO?!aKv3WZCUByF&i)R{^eV6p zd4de_ntxF|%Z7hpH2(22xwE#%{IYw7%S`&vv3w;iLnUa`0OGNS?SL6Bksn8M*b_me zUQ$@Pt=4ucSE}74``KGi=ynY?0e;A~MAOn;wsI>+92-l(U$LU7syYHf8*Lj>LWu>D z0=7TAKb_3>;9?K(1uA}u%h?{`eGUyu1cQtPJe7x%Q>Gy%{$HRPt9xQqyh(%>pv8hZ&e4|Z9(BItP&9#-;G1hF+ z@KxLN{;J3h#0{wgaptZ|*3o8_Hnc9Q1?{n9Lc@`7IBIG(jZ9eVmef}~FO9t)C(}5=2#_@k=)GytiYr*3zwgug=6BsMvCr< z*jSG(`v1}PR|ac$p<~w_J&t0|vG;JU@9c*D&F^;Dp$!~Azq7wmMX%Cz9tQ*we^c=- zUleB_M0-ml|6EtcNNHztb8LwaE!QusKcWDGnmI$xCY+FOWC64nr3Iq1qLLi>!t@zg z8W)mT73hbFhR!^xMkXei2L^TD-TW<^)@z&DPk2DT-IHg5ugBTus?eBI)ZQm)*bRO`#+uMj5-00ckT@|Q$^w~5ZTm@ASIKz78jx1x|8=o zVsBqP2R*^W#KdWSzLFYAlz8#x);6=po$}8g&n&nsH-V1{bO~#Y+?%&n<{5tucxSDb zzK#Cy1v7gXk;l~=0-K4xgiu6;t{X?9!lIX`UVyU}k-qh|q$>G%DBMS;wtpfe9deG+;G79H`N_sKxn}n9}TciKG*` z(|$bM*@2bQstw0d@ec><87~Am$x3k#=u`lP991-HQw~`8f~e0VV2p@fr80D} zw_D_FhIO1jK}TU)bxQ6B*kQ>2F#IhYhUUUTzLIc%oP;^q`r{_xdwYrY80IjLpA+dmU}Y69q$Hn^={ zG_Mij8E{xaUlXCcZt=MIHWF&K)Zh}qanP1EL9=D``nfqj*~h@41l~kvN-K@leJMu0 zCjT@87I~#Qu0#xtU>|dU2!pfBH)_4sv&M};tM&wwa%C9J^b2os&=O|#Z#buwz9QGN z)B0s3BG!bHwo80bhIblGb{Hqk_rx+X!*Q!)R?0Fg#4kNbjTryo7*|+W90c}m0G-P# zBpy^Ydv6rfK6|X^Quh#0NW&^>Jbm% z*vVQMx@U;*&i7VI=<2LjS;BvQB`mZam*`=M1f5N6x|?s{Bk{Q$ z{LE&l3H}{?&GV|ZTboc4wj`iEf`<5b^!_P^2)ypwus^f6-vtW=VlTTY*iul2Q}Kg0 zL+B;kB5AI_sMiTZaQsS~WcNoV?n*!-e>$_$y;`+Z$KSm2HBf66{V<=`Pcn(>O9X$H zI6#UYq^O7UT!tb@7MCqa-}kk{`jnZfcSHEVzWF+o8|WPC!^oc%zj87Tmx;ewtsS%6 zZL$7$$+p9E3eC!0YH>+l=PbFcgP%u)x|+Xfx;i#on=p=vSCb%i=eK5M{RwcPiMc6? zjd+utp)9N988AZ!=-gjPwWY4TXn z!xKS6=)|c*5+%vDXW-;ohTchKRr&&N;+T zNCvj()Nb$fVDGr3Y^V#G&31Ca{&uu|ubF(UkT`MxmDkasbDOX5;>(jJl%qh`hn_Lj z+Z|w!n_`yD3j0TPSr7b7DVF&GAAZTNgaRN1y9RA#wP^{S!|AHm7`@?{g^l1+A%-;t z4W0`1l#2^?J88)CR%9-ATiBEt7=b(eq~bN&%%r};(&LkT^UOrD74{EAMPm+&>2=-o zi3QUmzz^7EUtq_^PP?|~KL0voDQLJ}56u>5G1yfChFpIviy1`~9Z`C0uAYtB!_Z7$ zlM%gtrxh4a=xED5YH-ebnarT}(Ue2_q~xTx0Uf4+6itae+kv2ksnkDLH8+2$XYWuc z3a;+;q59`@ZyX^m-TL*QY+)4v#*{wG?kPy}Ut7974LyeG^Z$h8MiXRpWf_4@Zwq{c zy_!c_<($czm%O~mbw`^^eo{~2(?G2JG01SHWp8gUCpT9?ON}X-0Kh@a76V2To`R|+ zI-`l_H~?Gi*|Hz#vO}wKMZU!eJpZTXtgpc{ZmPV#MS)K}=Mbw( zC6p@{RjjyBz1xEVKYYfbYTC zvbLF6btquVj0Y#UT1pbCbT3)=Su`C|r)h^Lv=wbg_`#>=_SUjlfwOHm)?yY=$~54& zDi$P>6hgl}NP=bmrf95hKc4X+dO!Urs6(~dFysj1wCzZ0>+F8=_LAu_2-W-C0^9qP z5q|38Bh`C#^z_LjjM~4fRkIW}sp;4bf*ckm{HZO?tNJq}2@WqLwG((;pk%zfo&HE< z?@t$ZCo9Xp&rjyR4+_i<_x zM;e7|3P=J@xt_6slv;t6x^*L3f!caSxptIj6zm_$o(9o+wAYCCGGiQU$6qHjvV|3A zz;`Z;pGiXDgxT~C0^;Q7x3}cwHm@Z8;L&Cw>s8Ygd-h#<{0}TJrasI5)Vu)#TqqO8 zx=+xaWrumFxZ36CiVw7>ZK61Xd4C?Sz;n5)Gv_$G5$ZQtG*WM`%OlMB3vX0xc`g0; z$GuRh$#j^H?k!DTbMoW!S^zT0UL@QR4T7W5@;KwzlrdK>o0t!@dpH{d!!7G z1B*CQ%1Tv@e%sYnaxJ+xerfbr09UjeNPh=U_WTq{qH>1Ll8wwo!_Qn1GG9s<@Wo;A zAElPcV%AFb*rXu6GRlEEjOC%=)}7$vn2eM$s*sGGbK*Qwo9{gQ zRrP&L&<2mwHa)0#8KtFZG4a+dS`g;^e6)yOvv85X*;$O!`yerLb}p_BsH>5goD6Aw z+$Yl-_QX9M{VFD&vKtXQET~CrR#Xq$tmVMvA z4Y&jATYBXNm+^oq&&;f_IPrc0eL>;=^XJdM%|r)qcs*@&ml1kLB9JT$c;6Pu^SdrL z(?%-fpWRyb8CzdC;yimc?7-O7^E#crYXf_yJokQ5RB~!0H9^oAU7*Qjqa{L6f421n zco_L_9A5S%!w)CvT^}_D1_p0$s&WsPs%B|E7i(P1VjvZ^>rIaLqthg16pbEqZa@Kl zMMGudgv)CC>CWOx+K?nX{lvJC^S_&qNI&w_h7 z@ppOab*vkb>oPOP69R|VV{gwvduF-R7&fu!Vme(&S)q;u(v`)S14nndkDSNH#y+&V zaO3iL(g+728SJEats`yQCdhle5&zs;?3{U~I_oqrKzFm%)*>9z%n!P9CeM7V;qO$g z`%u?0r&M{G(9X3Ct@sh?RQ4bDsKigzXn+5pptw+MQUuQ>eOBDTA(b+HHz)rVm&+XU zJl)IRR+#(*L~H{Ab|sWFQjm5_^lNSIkI%lV6{a!%{$fjvTpMEHMyKB&35A@Jh8LaJ zFWtdf7oO~L+hmNFn&X}f$f|I-)&)ZbS?NIxeiPMjYXWObEUhzCj7$N<6rZ{;*=O0_ z9}7H@1ps}mBsBf|Y|6|`kXTK1pesF`XyF{tr{Ei|SB=Iisp*Le*Z+{9FbM6X-I{{g zZa`?^cO-4Of69LY7_whPTtzPxg}OcC_o|q%H<-H0T5g^{UO2`v>h=2pea~c5zEhmD z*sDu1R$qpzuXY7?{;7IjKa?WSe>@uN8u0=%(BcvH89^9G@5AMQ(fXqjbsT%W2J##l zAcnY;#~mgea5uOU$PRMVHksAE>{0m=UUFnAF=4v*zQf}294RGzg!&s7G#fsUl$b_ zIn0%xxWPgu3=3o+-53mOqLA>(syNjwE$gFvnPk_NwJWXb%z>yJyVc7_@Z=peu5ZSm@ zng0sWO-%-3C2}U-5|~WlU}2xZCLP}R347KU)1eXzf-w}|vEnxY5`yHp8|doDpe&^u z=Wcj>?i5}gmqtfDGN2hrv#tLjPb1wZ6!v|!tm`5vEWA)=T86R$l8yeU+W+yFiZ1!D zD(GMixX3Qh1T(p04rQL&*UtTCS?w2b56@$0J=FErqaQNS)P~*u7gC^v3B+LMTcIs; z9jb`VPvEn7mCEP*G~kC4@dR&gL!N?flyxMxGby7rJ8+FZQG70&_laI9AX9+mh`I#i zp|Lv~B(VgH9&AnH>_nptee2$5;_*0sF5uyq-G2(m1w7D0HtV7SbQ`_s>R>ViPl?*$ z3MR^FwJ1x2Nrj1s5z^g1)TjJ9UL;+lnTGn7qO*qLF=3SQY~K7!d%B*lv5ft~s>wG$ z>VG~(OnHPFCqp9xIklzX5;+>ZxAr82Hv5Aul|rU@t0$wJC16Y1`Q%d-GE90h40r-60Fe@_GCji{XAm)-sWr>k zd|MJvYp&6UV=+@^%Bhd|$J)>9+ z_TMLEk&r>>b}(?;1Sz)50knqE8kwC}O9-t!ga%OrgQAm+*A8u_u1E6qmvy1XSKZpU9uE+=cY zybZ>2UN~G5!+mdFv0yyICm?{_!=wc0BGf8 z_VnMYjqapu4LtKt1q*19R_=E(j+dL{La^Q9V0X>Vt#jK1pC00QxiWjsvB69l9b)?S zxa&eZsFezBb>XPUE0Sj%b--2_7R+N3Y5r&ebTwdE#3e280#+uSUN6|DmcbG%_@?yg zy8MObPL{PNIW59HXxjwvBd)ewuOGorM&N@oNJqM zc;^f&3m;EQ`GE{izRRu6zUx&!vOt6m(a3cV?k7naxY|_Vyka_J$wJCar_qBH=jZQ| z6zmFQv{*us+JY z*PQIwk2|VRP_62*sFUfhUD@Z08|uS$lAm#ivB^bdGoxL}R~MXa&HKG7g!5Q;%S>A* zc8=IqY@PU^sGd>aS$Y5N>5N`QfNMExNAk%><sm}B)R>4>&YfakZB{FI^K{=DzK$g2vpJp|N)wDNEHqaw z)e#4MG#;A)f(`yosr6Fj@Ec|Z@o#f%l1P47ai8VUBsy@>?;((9lDwv>c?n;BZT?4t z51Ei=v#xo|U6`iTB7g6fH(uqT*7~qegtR*wAaIWgt~(Q@3L_aDYkwgrbq>8p71{5 z6n#x!UQG6NJEbPqSwD#?CAIQ}Q%<-tZ1f;9$zPt-CuS?>+D&#!aXQLnL!n4uIrB5| z-y<1gZF!zTzg!V=Q@GGe29#>BS9MJze#wa(lTJGTqmCA!6R{awk8)rB>L8u5o}-b1 zC->9HypmUI&Z4|dnyxg~qi^jtU}kj+E#s zomHGIshD5HNca8mY;-8;a~-3OdYv5x7%Aef$f1>?MI(Q`9})z-K4QhjdN$rTD3Gzy zX0Y@m4z!y7yS`6kwc~$kjVpr@SKzx!;7$O#Bh29NL=@6#gfi37k-9EEFv=vbTho`d z-aMbz(D1CbWdWrH0|PxtlpOE3L<2|l&_!-f#?)^*>=4>Y(kLM?vPdS+l-w-8Cb8Qa z;9!^O+_DF(|E4wfbc2?S(&eJ8gAUGy#%(x(Hz-Y@vBK_v6Id(0&=YrVTxFP{jMwEsvc_>M z5^}XlwCdKocha+qi&M%%H?d?Uji!UQ^C0pIu^PvXvbP((K)_qwA2yI~+Ep448k(Ub zPQT_QLP410lS0FQ%51l>KubaDwNs=moB14b>*czqK?N=eljZ=(@)*CYH!hNC)W2hS zX*rkkxo(dOpPc~4>GcI@?W7ag)3zmkbq}_FSQ`7JnIuOnju9l%C2PrX^E|79M$KmF zQ>4iFFKAP^tYNkQZMj;+u{6F=T(8PB{hjB_NK=G>$)G{XPmT^sRVi<{%0j>WHi3*} z)XP|aGND8sqMPD%;K<8xt8(-0thhMq3)PI-r>qAYSh$4S3tUj=$o&Pop_BRZ)mD5g zhSwFHq*SnE{A9(O7G*)vNSn@+`Qzw{z`RrOx{IOH{Eiu|roUQPHJiC^qe?*4f(&BP zbQMUqaCEpncBo&xzrdOH0z+z{YS)T*Dn(n=(&RqCU}MXE$ij z>n7OwEpBD`tO`ow@&yBe;%Tf0$}nRxS$b>?NsBnQ7{@n$oj@Wwon`Yp6=1yMfzxrL z2gXnQr1{u0;8w7l`_7FL@FISYvIirK);%}|OX^i9#E9N(-=9)EN+9UWcMXf(;iueO z<ZRic3i9;eZ zu`y2<2HzzxL)f*PkJqC`r5e0WtfNxCeoxFn{mK^fjG0AjoV_QUu-$@*;R798^z;E& zxo0fRU;&+TFAU}s4*z07QvEajxwAKn}-SarV`;`O&M!ab>>9f~$3f&2%vn^nRec#Fxi zzkfX30z@JUw7X9|v8rx60A>@wF$3mc@9W2an3V>@dBY7}_jL*&0Hme0mI5ah071Cg zzkLUNUheLh4-vd~-7XnfLQc-4V~*uwZ$4UPvDV?D>n*zsn`KLMVE^hbTpE@~fFllb z4>kX6|4@}DlPTPUj?JXi4y-TZ>}=b%V@pf)1I0xNe_=(HA`6I4mRSJd3|W&yjtki@ znkn6}Q^6V?P8{yCGdy(%2*x}*@B*OQeP<{QXx1iet1t~!v6uzQa2>SSre)x{#vewc z_ooN`Gr#2A+@4Z9A)xbpdh)awz0d`zceXsKo{dI{{7gDw)Qj<$=Qyiw(cwpnRrW`` zs$LBvg{FofzK3d(i?yC7!)kc^8A4Aca8PgR9k&V0ONl)HyZE%5;Bm_6v;uu~#IL}U5rui-3NaRbBf2_cZFV4Fn2~d;&^(AQZ*(`x%`c_qC)wBAuiWmZ! z@Xt%pf9Nzc5{Huc0)WcvaVr(R2^cSQJzheTq@?7M?jOp{wK}SNRO$4v^aZB5$ls&{ z6*SO#(TJZgeqE2fm*(ac8lX<0k_2UAEs5D1M=Lbyb|DOTp09Rlilh(mV@f7J<6%<;F2jrc@l>;DDqHB8iZd<&_mVXZ=(Xj! zr76&31)?+Gyhq`(yvkEUQFZn4C>Q~9=2||!t2;-tHHxPCASF`62uA+IIVy;XsSga8=5Io zq$=lmeCYR%klQoHU(6v~$*=Wgx`B0kAfa z%%vfQM4&zD{r%%b+Rf0$z}MD=%CLcfuYALpP45u{xE&tJCS++9fpTVqh>zJ|_kHA> z$6pr9c{18<3c*1;EySow)H0wnBvT7IfJvtH#y%C@gK9VRmgyxt`9cY2Xe_g$B61b5 zrq*=?ZIRE$Y8=ENqX{Dp4v;lDsf}4c$b-uqcXJXZOG|3HnW^%=cEQo<3LF)W0>dvf z^Z0cD^S}DACj7Y0x4I2V1dI6%Gl*F+jZF6KT>Ix6f%7CB5p;YL78Yi281hfy1;`yV zyt*iO+Nd+4qM^hrDe~Myt-=9-TuBbg^TC8mHO}wcsJLt0{3Y~rjlfd!g$(%))-PEq zdBy+Yev3Yz?&YLJjAH(AhoToxZyK+MY%zWtdnW-1&Q=lszW<+ z9F=nB*5RLzlXqX^EF!&fu?19K?IxC6Jat_Mum#K1AKeSahBg(}U8i_HCtK6HTZO4- z)f!2Eye}QR2PDpq0(!0IoJoD9>TQJ-%&R7K!i_OzRewWiwQ3vQ5%|yx+<-sMCxn&s zhz7Hn)RERD?PYLUm-`Ek3pZHK=*tq7kM{O2O=7BDvu~27)V~xWc$DK<`BfuQ<&}F9 z_aI>{yd_t;q{XWr?I%S3D5s5s1*g6HQ`v#rCdIYLfy0XRn89v7NLa2;D+v^vOv66m z&fQjkoI!8@_8V#_)_=cPZ5`IRm*XYL0$}KuB8hDP4P1k|CNMiAIY6Yd0aJA?q|tZW zavzpzLJ9!6E;^>6?9$dWD?XROWvr+V62uyu(o)A&lJAF^^J-UPJc@T5jXk%eqDffZ z7DFl}KgY4xr1+OE+2GhgrHZn?JTH5zf*P+YgT+jO&wI|Z|N#O(A z^ns-W7#r7m|02Mj10*w(Ae;~=0I4uhfI4R|w@A$@nrQCs_aD=V#y`tngtLJU11z|& zgB{O7PL#+!5IWM)z7pZ|2973xBbLcAX)r>c=yCcMzs^kPOc4{CdlxgKPQySGiFXHJ zET1kd^to-ZVf*9bqw8Vz-0rbnDg!=sqpI z>F3#z)V=BKrZ-Dr%T3@`-Sy*#*8o9?WF+ESKfmR+KSTh3WP2@J{Ni~0g$|B5J3B!W z#imH@L~GbcFqfp`Z-{%2zZgCC2Dlayqy~z4{Ygtn;d&Bz6D`!`UtFc;WV2Jr;fl}7 zrrPon6|1+zfpFhGBFVa6qqO>hj4ZhP`UGTBtgGiywPW8 zSKHKk#5qu6p^O`nQcxLZ+01&MUyTS{ALcS>bfi%ig)M;`R5JZ%o+tBChmU`` zX(NdMSE>LYYM}MAQp%K9Q&T`E6%=odH3RJX=i=KVv7!DxSMj(A;xV`|ys$Sc&R4g@eDEySp(N9N_@11aR>;Y|Ser4dP!M z%7&QaKvClusj9)`F&I{j(R{WD^fthYGr?|VU=XR}zh_{yU~Y~LT+F``b%J{49gUet z%iX#k7*6XpSfnT#oq6}DAyj%990pbqS6s^R1~73tU@9r92CE;UySi5GEoO;;SsB;` z8;8q~&%M3Upx7973&%$O5iwaJUAQ^EyHd}$5^$uy>ywTlrr%jEau24^(pz_NchT|R zY^R*wj}7iKu2=FqCWXzEg(mYmG8+nhvY6NzYINS?Y$_*8(1n4vZ@~p6RQ4UWdLTJN z^#>Iu(zF3wQu+Bh%lXZa8pe+UPRst83!W!g6trZ3vIXYZz@lN|@1o)-B{c926foBib~&x2WE(5DVI~8G1Zo3l&QNdhQ^tUzx-BGc^Fa~qDFu}DPRtWg7U`i z`qp(cz1?J>VoXMu6d(ISZi6>aWoa-_OUUuMNE9c#BYNfV(0(2tp9{3vz;BKM|C~pu z+TNdEk)Ajo3_5MN#g#qq8i6)FQ|N~*^&n6RxxhOlp82(L0|+%DLdk44gF@`XsZ+tv zInM;637v2tHU=GnfWTZlPQB%Ic#)>o^l#HCykfiV%4fFH11A70Z^(LI`7<^BAOIqHiJD35wjXLMmQ%p&$ zl2fVF{18S-#@;F)`!K^;_HT3AM5Ogo3@-N9udwvF2HX>sV6&&~$-%!jWoJJD()F59 zMZ5gMOc_uGp+KPSm|4!j3!ca4t$fDT!@+BS;}LK*>f~*pYkMGLX^ATnnQ5_DhzS@> zp+LU{Xo)Y%joOu!J(OMh;9*cP!U%OkLy3~?r^J@YRy$Dt68E*f#sFXmS40G5jGze1 zNTE8N+3PgXp%C*nJh+TGM{$WAXhNu{xPmBN+ygC&Gb>0e2lC(XPlmn2;GyoP5}IRb zYOltkn)Ea%dVlZ>6{!DA8`*z56L=e6;{fD@b~-IEkp4|rSYEz%m1JzOxEljlkB=KS zWTy>PvEY>1Kaj}H3&FZ@vr^9S96JWnqvk&w(ofdDgyEPknDR6_6YRsOWzI2_ZzXe{__Ri>g0xXXp8E zmmv?wl~xpTMnVED?EU@yI9QX(!t4edbQ}&2ER{Op>FM@*073w>@4}Lbostp#A}{9R zgp}#_&b8mA&Q?)mpiR_+8LR1rl!yIXa9F6Z8vN=~!^FD%pdt#macMR-W-<*cDgZ_R zwM%|JEl^OuL409hWx-wu5$la4>;Tjl-TP_j|4i20B?9a|evF`c1LuEKsTqq2{$pws z^+bmTE7tqt_2_q0lIq=RkM~%%Eg>MLZp{2_mNq!)+PRoCShin{ z6pMsU_mF(nQ5=qw%n=U=)58PY22}B^-!aeFuyRMtUBSALw2Z>>Qm%_(&&;{or7jH@ z^mJH%w18FEnmJy9AAFu$0vMd0$IBaowFl=y5Ff!O;e|OSrt6V zC!1R|KkygYp6j5WksQ*Uo<$4T@SnEfTvBj!bJwCY5;-VS}21X@R1Hi z4OxvFrGY@=9T=M)DTFpU-*SS7p&niQhLx$O~4h z%QoKGW<`kGA7J@uGRu$$v1(RtMVpHouIh8F6Hrp$+sXV4#|@xqQ>nkANGaIQ6E&YT z{C12~8GOZh;CU6X{}AE>1)mor7`8qL!cNpl3fyZ#u~Oi?T%6rO;_{k!d%K`oBLSXr z;33;y%nmjm2?gs2w;X1b0z`hG4MJrkbr)Xv0aAlpIJDK9p{PiG-xN+S9o$2H&4; zxj$*o1||*RL_D#;&Ip^g+7`__PK5i;+Op>#T1@d@SJcp~7PlMH*BE4Z`bn%fxOlNY z6XY5w!oSl``2h=aAg!bxz5c{+^U~mxJdRi9l z$U-C=K;5TZZdC9|4fCg9jXAiFxRb3d31=&@3&3Tc>(+-3CL7T};fM4)@1;^G5>HE5 z_KT*UeZ?`hAMrl3v+?~vGMC|UIkW*YW?veYhhOq;JZO2%{P-(U(773&cnWa*F64UExueC5HU!`mz_?$KQ<)2jpSBimC& z6278_E%5-fN;8PA($Ug#IDF*TLT7rRj`kL3!ERE68sqPC!Xx?6r_nH|@?dxM?K|K; zuNniI@&-dz#)xikoJ#L^nIfZ{gHI})^Bn`6ymqBV^&S7V=ooDpmKKQ z$&qPH*hONjSbl-AaQkwr*V>$QAqWzE$RFwKC6dkhq!wd9{`ab(2%*MdDYgA}!g%${ z>vlEn+u^@jnZsW(BEL7qYb!q}CYhK|&^WXIFq;HK1|VP5u~JOwZ$!ZdM7&I9wVf+3 z+n6M}IPc->ggyCT8+I+TPzIr`C?>#x0#gFrsRDM;Jfjnf4gwD}aFy@w0(JMmz+iTp zD7D8d(RHzwn!;q_P9>N@VZezAoq6iYk9X64dRd^&4H&GnPMAKfX)$< z!t?XV_jjt}wl<*kMOITC4`jgZ<+AE_E?;gKEv`Mlxg7xnyWp32RJI-aWRq6^-YQZ4 z*TvfI?|W^sTs@`=K!m0UeJ{-qwB~s;WqN=kfp$AxR8*2DfRzRM=O@_1E@`xMp& zg<(ZVeS^?5N=`+i5QLn^y*o%2u14@y%Bj*j{UuXh4%9O9b&exI-Q{-O`O4)mtn2+y z;PYqVYwUoE6#K$t?<9^@BT-4nK8|cDJMZJ`JO}9<0OSEJAy!mhihyO+np^jlbMU=B z7#x(nx`;6J6@1D7wT^OZNLL1mf9W3{M>qsn&Bh|6d|-K)kAHrAR;mlf)h;&#mlvRN zdRtwi=BuQD#8T_qrF$|L_?pBTk?O5e+h50Kb>;8W&}S6#GyWK42`(qg{s1PCZeBM7 z&f{X5DcxGUMTzAV(4B)$OK!%27ofjU49zj!A{D$LSM0|?O{FS-AVL-Dm5{#gIFh`ppo$k)QDo>y)yJJC5) z;OrNJ814A2N(VgTWQsci?21XCf-O%!gK|71-%()Wg}RED6L) z&|2z?fg9LIk8+vj(_n#We?ZPk!v^;v^~2@{qXpBI?jWpXS3d> z<4JxG;FFN@zB8{D0PspoafA9e;%AG8zIEEaTSA!eSwrlo0Li<*?PRv1Yys_=Jwq#7 zfWc2__Jxm6h-e(VJ08a2x#_8NCfU$?>_Z9iRqM-O%qOzTQ&JE(z8Rd19p*x354Os* zjjh%jIG!YH#rq#){^%11UkM4J&TG~H?8wfE`gW$V^uIdJ2BBd1`>S_^Ya`Z;y#8INVSF1F$hkn5gl4L;u$FQ;jVpmG_Gz z&DT%V4Lv-(@oHbb(R48tfBMT>=*sz32uy=LDu2LY0?22Rxy%V$ecY`tu1O9Bod3v< zj@wLE(WKIPOwUeF>o?`^*4Q(@XVrumTT=VE?=6M^n)zg#AyOu!G871)!a^ld|A?8; z4*$T0A;6RBZXzQOWHCe__02Ja0xu*-U%s(o-$|$Dkj0UD#i)RNC=hU+aWmRhE$Z~J zTz*7SaWhA{kV9a}Xst%sL%y9(CHq!jCw<~s)5)XD2^ju1GuZZC$jgwA`#Vi*8$Y%c z-whV81dusAFAai^7n%|y`<8whvJc3i#~DV##f-OJGtiaSGO-nmx=3M)DQC6BVdTB<+-%d@H#XLF+I?v3 zw97!sOiGj}T-=^GG%N&Do5U*7fWXqrJ$`eOy3SswFZ=eQLCYrz zcrb@at>%99BKCNV9T#_bZJUPv`UfI`TO(+?Ee{fvhUqhUZ$LK6{-HN5Z7udKg9dko zYoo!sd|f6Me5kE8o1B*!cXPYy(-5s|RTcDdsG`y10xyn~4;h(ZK<+a@8yc~)OucEA zqy4E3S9BjJq_7x*>SHb|;81vPnUL^pCsSK^R{g+$oZTx?tp$rm$ip3(lw-f~0ol91 zysA0|+(=2W$7)*ewshpbGkmAB@CPUV3fX8q6{iY3x7~+u6~)ur*%hE*NqOD2K}c3m z*4ot_HY+|rh6T@TcTYJlW;{Ypd0mrO=do#U3xX6N@F@7#saq4`!L0)bkh|X+R7Niw zSWH>-2nY;J+wm2amRpSu6X2*YZ30zEwN=bih$z;#9ev4ZA;;BCP+c z9@_#3|ByjLG(F?YEW%;~f>sqJ)cEH^T{ zpHShPB!UjrH;*ulx}`Vq79V>IG6-EE^2E!8%B(|BTH%ss?TfYovHcVq{P-N6*HvnkJJKd|a5s;z0t4-N7|Zjqni-nBLY z!YH^^ogcPY0Ac^jP~K0o>q5pWw1`6?=jhHr;d~V)YEDjdPm9v2`Zo=pCKhk!#tHG7 zyhfDN?GZU@V^P0{-dImk>pNB6f1pTQi`7c7hjn&!(hrYOaZ(1}h&{${C-R0r^Kx~K z1;M9Wp4+IT3)gSJrnEkh$%Ouy{I@s^2GA)&zIf&h4FMO4AMOSU21>Ja2(&wk76k>H zp_@Y$ArV(1UraS{>Kx`2^*$ogjb%&?&Xg2?SbnS1Vj@aGL7}O&vH>mPO4P_4VJU+h z*g2in!*}5Cee@WM7&O4b>u`ULgJc@YhE5}~@4$|;@yPrj6jdBb{T>*qqc=-%itCYW zlp~eJr+&@a?Dn!6qt9=wofa;m3@=J}y_NqaKl-KC^cwc}$-74=^rd+@$A1*`^s*?Q zTTX$JV$2vG)xMD#@BpcHHbR1&0rF`Q1TJ#)^XHwjG^ZkIUz0Oc6hmQIC&)HDA|V-O zX59{v@%%-9nhC#i>J}IKFTenZ)gZyqlo zcev=yK^UU9;Zr-T$)io5r-sPGAm93|Y-euo&kd}#@yYz|1V-P|4JEN|p8)HyTOe@f z1Lwz^^ib;8`E%?)aTRm&_TA(E6qc1xfdt!6CE9_=Cjn5*yqjb5LtX{o`pU&cqIEU? zchYRI>Em?FwmYtE)Aw|GMP)^h)inrC(UL^A9;<3KBi$aEOh}Oy?tdL?&e3TE!z9qaD72QFlg{g@V{^GIy(FH>^;I4fNx;q z;7ERQAVEfccz6Kei_uAGUDYZg1JH&r$iq@vwkv{7-kyZGxO1ZccWuoZI;q4r4mm#v z((iM8oSZTP;I)Hn#sLUYm1h&y#?EW!TEfM>8XXiA!}P3X7Ve5-StS#!{QSZ2hlvy6u-^_!1}+W(;N^s9%b)>51lKPrZbI&t zj(COS4#l>e8nnyh{ z?FzzQDKF|fyEm!94gvkq2WG>-k$hDn-4XDRDdckz`JeX>j8alkE|wxwj;v(*`9@U~ z$C@)ouo0_=0YPu0sul?Ms_6-7F}N0POdA+L3b>djx|Ai-3JnW&7L<5LMpjUnCq?v+ zUd!?y{y@HNZK!B|@%V!E`3aj*07BZxXkR9TLAjri9)zB8#%5K|)^N+R4akF8HxgFgBi*$w~T-coPI|^b+h}diOb2SALvRKX-L&aJfg< zc3OVT$*xQG%v|gcq z0eRp0t+Cq1evxM(NUVmfvLrkLo+Z7}s?RoRHlDaORnnq1i z=RZ4NA>c1P!P~pPfq{;8Hh^!e#%V_jB6C1egmd#{`Kxfu2fYlfp`@7Pw<;i#z?#j- z=T8P**J}=ct1jIbw`awhOehZwP61a`u2s`+%}d;Tc7ncp*{?uojpZj6GLXvcC}(YL zY55ixcOc<_@6<~;JR)*penxsAeNMRU3R86z0uzI?0W0n28R@0WX6EK#AODs2bT9D< zxBfB*hIg@6l<%Q{#kr6qCpOI(Z6wQ)w-EaKbq{=5kcU<{|95{V>| zl95@1;KWjcreqLm%~kD{I)?bHzE46+i3L|{T5)8|+`=Lrn2y{UAXx^&z-vFq>pj4Itf8M1H{sF+Wm=l$xW zGY;svN~^y@DhzYp%unWc}{w*>u z6OfQ>+;7m)v!)N;@suS0kA${j3KmS_%!lofpF=rO!l=lwBQcoDngRm2lHZcy7o0gs z1R;Krf-}A=dHvn-;CK(WfFp;p78afTv0#{Nr7{6m0pD%w4h?L^gYW~~!_v#YkLP`x z)@%mrv+zrz$Ne!#$CS#Ug}ZxvMVkmYUOy;O5J$qh(`dd}?V97x3kebslF~A91?@~` z1%tx&YLkp@H&A6w&Mj?OTH_3Lpl`agti$sY@eDRL6f-|ax|mYTIxU&O zJE+1VBlqrRds`Z-5q2lcpPkUg=6!$k{SUUXxEMIJMM)!&Qa}m`&sY|1gIS4*9orJtn_$JbtkPB!FpLSYdHGl9tMkbA>Hrs9{ZadEM-DoVhTeSG}i*M+0RyX#1J z>nZg;#7ML?A%L?l_|FU6gsdzIK|vwlU%WZc=b24^$_Kf(Yx4E!$hd;eI8ECiIQHhMQS;|(;IitmiJnR5*Q})^O$2m&ctjUrL~lfUU+wX z9jKv+i*r=7JS=D_cu~5C6@vMV@pLk3-B7F9r*I&+BEXNm%s5J3#VPY&%i}Mrv-+)W zT0}7)U-8Ecc-ES!0!_i|AZz)^zKsd!xlAf}1ZJ?4D14=dAL9_jcEu(hz0owTwBS?c z{~q=Pj<|LTiz;M>Y*%hl3fcjcZFA|~`!hJvT&})X;$hAK-n7}l)JzUF^ni}(I=CVnAjbir^-XzT1pR7hVu#s=BJ z%DIqUCNP$~eMW$%2xa*X{uR2C-TtsI_MksydMfqv@)n~9E}c#hb(8~t`H0%4&YbDJ zKz{|Ydy&3{--oHS?pgG{ z#=?M3ZLRxHStrfST)uzYIBWl6uHgt<(agFU<57X$Qo%0WDMFM&^(KlXfYcRk3!rm*m%^G^aD0prHKv#V#l~ zc+`BO)9A-A5EAm#{BHZ6Y zvaXF7TXVs1LX5i!$mBE9D3GqCTxFH#5w*Jo%m{qeaj2-M%sS{rSQ1LZ-S>$I8JH@- z@%6l`y#H=G&8YVV5uJ9)@#Fq}qp_}(iz$M?{|nf0nI{1uAs)MRenCu3`4Wrg>3xo9 z)5@w?^U`}sFMg_=9N^Nzrk}61OkYu&U7i(_UWy7%$J_dq_NTEm3EPugwNx zJ}w?8aK~ga{V9$w;~hQ=C%(m$XqQ_dI2pLZ{pkr36Zw75D5IQKzIQq9Z0@;%7C`D$ z-Nb|({CLnfIM*MFenLa*ZxTOw2Qtes&?FQZ&`|VkxuqrsQ;Zt?zTqn1afyOm`2*dp zzSLlqg;F>i^jE<2{>exPthHz8WFj3+T7+<;R+qROI+ai+PLLD0SHuAL391#Ds<=1J zK6}Hfzf968C@v3Z47N_tbc@PL3QDtM_oOuT4#-xoJg+(V`RO-VsKC2&Ka!7;SRum> zc^UnH@$=-`(Fd2=53mI~H}h_Kpq;E{zCY z+^ts(q+u-o&f5QP;BM@-g1U3D9`7q#{~12+s+%sAZWxZ-BPCUr_tvd7xG~liPS6!- zU|OQ^J0g_u-ctkwboID`=!7hXPXC*Ss2&}V-5sC&M}mm&Egs&Wb%no!ZUZ;}$Zw+1 z&9Om_Z>#uZV*lMqq~=WY8f?HWoFFRTjSnR9)ju|es68hLvd+0Jed>c`v^S?p+#K|d0i?@yXm+;KR%ZooWo1KHhmiC)er@X1VdpHPgsjA`xaMnZj55_#p z8v)23C&&j$Z}n1JOgcoV`hr@rVlwAYp(5|xxGE!Ax}THOeM88(NQzO5hPK!W$xP|# zxxB$Ro$)0Le%Tx-zK=5^_8O2UspA~^L|R)7T3jPy=c=Dp(dvzifbU~=bkwsSK}EOT zATCt(gHe_PInLc2bxnFM2R?&kHh~-NUMSfqj%E9(Z1Uc9!t2xT+MN@jOlSqXhO^Bg zq|!1nJn6o-hSGa}QWMJjC0G}QHbgA@`$W2RUYOtuWFlsEJb^Wj-ExbLd|L?#KH`fi zW|A#IDvD+PCt{CcKI`1R8GeDP1#!ixdTm1It!=AidyCKpozMc@$%*Nnr7BmoqT!bl zzUi;~;6I{BcVd)?kdRR~!DCROJy~|C zrG@*WOIfEdjw30IBgsSWFATI!cdx`iu)4Vh4mcwKC4rE}ZTl?_PJdR;yshVp$7eF1 zd)r+q7b^<6@h5S-uk%NEY+};m3yt?Sva*Y%|8TT61mh|s{h~*PXR|%}Zu~WdvDJgh zM>$+n45ze^WWlsrqBxLKC&IUWa{_lz|u1hAjY|0U-tI(-L9uO z6%`lZ`W?D|{|yefGHTB~5y9rBR+w1z23Z)K&7f%zTc{4m^5uN3=>X1?TiGbrf(c@A zK}o#_8sJN#l(xoyfqorsrcD{sjEjY$XAl)*G7utXHFd`WZXp>!o;Y~*|9k;{uHKa` zP|~`8|H^JXg9^?nzLWUS10B#Ncg*~#dyDg~zihG@Oo-AS5#k^kv2h^tIIA%)!FLNc zoB(#P)sFZI5sPsDFXOGZaO~ssE++>^M`fI~PNhA=`!8S80rCrcrw+6|p0N{ljq z*lMq?z*GF)z2A1$u017Z{%g!Qpz|`*-&kAI#@245_edQ;1Wzk*$mzxnIA!}wegla& zR*Fp2l$7Z}^EWv@o_mo%ykV#5^8LHn)Sl&L&nC3JDL?XjkkJ+F5m$bYiHpI&!i3#s zs_Og}NXao*ot?p4W36Pl%{S_MFKsL~c1m*cYMB2DFiE27_5A+zw{rlJIV*m>{K>~z zrZpnC5HUKaR%n60<#(Jfj3l%86$Tq;BntyW1Nqe@3L7i5Zc}PDg>m4#1aXU-08~yK z=?PG&4qXh7A-br$K@3ooi#uv)2MH5IMPy;*lshJY%6-S(7+qS%##>5B9nb)0NU zN&tgcds+N-g0bPP=6$0-fv!|Q&_ua8R{7S>tMI>zeHFk5nS21r0%vx3V=qJ<=9HJT zM&>hd(J>k_c8~RYCW>Q+wMnaV=u1^u^afKU!^G7N47t%~BcC=YAU=UO3CVbz=`m@8>w*E|n(KA;bwES!CVz$To{sjL zCW>&ckSl4I*Gg)8^lG$=b$6d28FY$j8C1eHZV`X@9%oym%>A79u=M_9V~3wb(6u~R z>s~+RoV9zF&tR<=#S(33i&`$NmOw_{jlFf1<0_JcQFa`>8VcHgU?XaX$)6I86>>h( z_?Ivtoba^2?u9QmoQ9%VG~zbYUY=~==q%TtR(xT0@{_-~)98V7Li)`v%+K0Splyz| z#Be5)j?bVm$qy`owDNX)MX^LURkC40Qq#gwbrWbtLU+U%A8!aX{^4~vL&MGY$^V<& zAwSSu3P4FG>SDm-e+iMh?nuuP7zI;}w1DXM8g`kF>yWh2kEVoDD-5QcCY*7HvPkuc z<61Fo8lP&5%@Tp-W`)ULVqks9&C3VoB6K1=34txbAh+k`H3*3XD~gtZ<4bMYJu?&kB=~)dE#ynks|j%q^r+li;*>8aQm}A1&ln6t)`aGFKZ5 zJmNBws6>-o1fQ~`wV!k{uP(OtZ^90&7;~1vZtXmqmA2`^cF;YBNS@YEE)WhP10XrAM|EU{dk!vC%ag0xa*z9IR?w61P?Kz zl+VoK;je5R_wV2AL(L{Iin;fLi1~GowQ730L6#f`0B%1iu>gSi>yK~XWR}*kDTIn~ z{|)KFB!~88r)f4qE~wDTils(d^xYIt;4r6(Cq-RNws^qx`UQY;Og8nDlnRhZa^Cro z3y4>-YN<6EtG(C#<^eZx@E2L~36YRe1A%Df5Bpl+v%3MH86Y#S{Hk&oDD=h$q58_J zHMO43xBEP_bW7a4_2V-W6wcWD?p1yRX2`B?MI}y8XFgtqR2>pi63f~So5+O(RN=zBOMA!F+7hG)n>;(2hvt6;EmFevqv{u-njfD0Z$Q&)au;C zOXpoymL7vMj)crRgqQAkvnWmoF-(~}20NxL43u4{&Qk*g^C z<$i!&f1wH6w%eLTgI?}{nA+CrFa_;$PJzArqQ-A^*XY8eXhh1^Z$RmpO)i#n_g%Vt zrOjboi%gXRtvrvwmF>W2?rd5#-k(<&l5)<=|Le@j+LN!iud9}b5A%IO_D>tu6fUA4 zOQRs_3~4b2XgcM|ptr;oO4=e0ziKR9YIy)N6oTkM@-NduU37NGm4)hkHB5mQ=5 z0@*3V>*WQFs^}=iV_-x*lbNJ%bz?PkU_=n5({IG|4BtiJXNhm|`-bumq<$^N zPBidp{K57}?`!D($EBUZ2}X@w;kVc%JrZfW;2){E2Uk#|XVK5MZt^)UWkF2d)`Lfx zR^JWfP3x@c2}>66Cp0%V2PUcps2~5(9TuWTmkyx{S-O5x_M7gcnZH<;dq4c&^q;cx z&(^O*sne4~JdUIaxRPnY@J{zp#ws7yMnI>EEN;s^vuyj(*3!Z~ez#B-uz$)|FdSEP zDY&R2KzK`2v+wTV{`ohliDEER&kX1)X}?ogUcS$orn^eXd0E1(O%2l%uE{=egM1qoA=D9%DmY0RTGl^`jdOnrMUBlS9XY-Duu=+Z#M5 za1LyCOAa1ugCP<_?)dLa${2=-n_qy4Q>>>s07%V~+u0B@5)yEz+l7QhZ0$#+f#|HT zwk@b}PjIHxxiIZ%dzvq_L)*jq+Ms>*c^OI;)1 z#*_UZ;SC7+W}{0BuhC>IDJJl2WDY1KCi?dErTzw_f*0UG9aMc#*nyL??;`B5XGf>j zkAOD~t*b1414H9=il3u%G&2#2;ZMM}44bIrknZcHZ`G&u8g{I&cAS>a$J+$@ogv_P z-0k^20#}Y-?5v%ez7V<0q0C^0DFn1^sSQwd2mi7}aFRxt>lo?umdh!SN z3DI5`%bROddu$~~P8Igc@|GFPfQZUj$K~wGq5&ru87Agv{?!4rXNc|TF({;4!}hNm z8nunGdTxD|3o9W1!HrDi)v@ff%gF)w0xVl6mlp1W0Qo?X#1ssV9`U)c0v3b*2NgRe zE$5Zxya1Oj7 zuCClRu1P@G1&SntR&NEHfHWo32^f~uSo#-07X7nE^?b6t+_8MArKf+F{;5nqS;n2J zUT`SYZ4AsVdUbhy?Q%XWFz|yNCa?5*G*xX_0k{j5lPrWxsmS@>Kg|OS8UtR`FDSwP zkb{w7AR-~$k(x>*0*oih4cgDTz^AF)6ia!TxXZ8`u|}%jo@5^wnji-2ffvehmWDol zHO?ozp0D{Mjz`np2c7-wyM1Y96cB*XOuD43Zq~8_HRibdF;QSq&C|vK)!4?+^64aA z`D%RJwd&P{@w=_rV;cGCVz<|6PA%*YhO5HZ?1<(>Q{7`u88(a~k2q|p%R4S3;ZkJt z$q4ALQ}*_{2|Zu#T^ng>1qKD_R+|ybrRYAL2^-fAVSxE+jL8u=N1drYJaNib>;2>9 z>uQr_10(MMj3`Hc*?$rv+KI%jQVSMaBXl4Q*W1mi+HK(jXdngrkDouhc+uAOJKHeo zS_S?{_`i*Nbl@cNFXnhEx;rF=AVcNpF9=Z;xPN`f%(L@#qc zUbDt@(>>N3(UIRv&p?eGrR^Pgjk`4eL+zH356O%A&<8biB3}( z-1mGLH!-G)3#RKzJPtXEZb9XcZ0L$)Gh^$HOr`?2rw(2h8Vm}PB>T4#iQe=4&18MC zBTdV2Ql2EL4brc$q>A65sPZ`Ri!Usc1!l3T_Q(K@o2xP<0YUbD7fTd^%@Mvkxh|+s z>K7({C80xM+?3tDlGR=ve(M|S-EL z&O%(u7aIniZZ{!2+6qxPbHSM5uY!ss(AeR{4_lrE-hvU_*~ph5s2wAtW0VXNMMbLe z_Y*h4W#&yToj%#};{4jAmm`b5>kivxBNl?+07O19{!dcchp^pmi{{DbPs5E10RcfV zO)!BDYyo447*My)9#{2kiU+ww^vJ$9UQR+n5$Fn>@ zMKax6|F#|}`nhx%^*J#DGkuC(k=|31)^WlT-QPWn1BouuWSJd;j3RdZ(_9nL)2SYPxE$ldCwV1bo*h@mY;IA_~5VZmZ~agwhgY zm978D%IWJLl(k+?*FBuCi~wlF)1}Sd{uKbNHV#fZU1ROsmIhZI{2eW&iaWwm>#BR6 zm^!Nk7%zn7cD(I4yfbFlYDgn)05A+nOHmWD=zJcGl7E#40hCo-q2=z6~b z#Hs1yUTk*VpU)LSSPY|;!m=NDxrK*;Rdb4n8zR6TpFSwK6F4~p21@s){{8kq1IKgb z$-OjF#GYlOCOM^Wy72=HS3S01d~s6T*jTJ@ES+bkylZ@Fq3=w?nm$zzh%H2$J zNA&+W%s)5-HV=sK{S1g;nruQv6SsF|`so6YFDyheXNSjhZ;;UQE7~(_;&FH@jAZ~h z1~_hPZG?02+c0J5^ur(hjk7)B)gsE2P51Ok*debFtq5ZRd#q z16m0Md=`tl8p=VYl7BZ#@7KIuzJ7&Cf*Y}9MJ2=(WZVJ^G!{( z&k9jM*Lz-v&WBKW07;4v&6HYo&1;26HQU%aP;pRv86ld%!p0o|^P2|0qb8{&!gNgH zcis6{c5@H^(4Rklj)eMVlMHgNq-PIaZWC44DERHYq!){Y&F^tuQ`aG#n#K{i zZjY0eYr=(-LYa^Uw5c#;08eb}847_*P?&K(Kfce?KBuH44GhVW^Ad2Kzw^&s?RvbA z1JyegHkK;Rzea}=4;l8<@^IalXas za`V&iNR4P<0zyHps}M{6V5#Y4$MQhI|=_ng|lHgKMj1#n&NLAx6W+C@II)q0J> z7NSw49!a(2k!{=TB_;V4@L8!DCc=-@3lu59dh9{ju|t{iY4+M;ykTM_n0P1#9W6s@ z>e%Q}l=I!9x3o-OGB{!*?6kQ6O!#vwm0h){8 zT;l^K>3qW%FhIBi@#a48_q4R(lQ6=+Af-HA*jG6&A%W=~i0TG*8-R6#iH$vS-V;X8 znksMT{{l?kFS6<tTUxZ9YPu z|EIG2_ORL3d7kF!qza=P zz$@GAe)*xoU^IN45|}_Yc=wg&s{>ZgnmL`C?nL=bfo~r3=E*V`+7J%ubF2`bw>aEA$K}{_>XO*!l5`S zJeZoEJ~%koIb*I>p?Pdk#m?4Yqg6!|*JG6I%J=>by1(%7_1m{9t(ABIPQgxap`ERE zP^zh$q22Ncg#YzV%b`=|Xf2Ee+turFkFK`lvw^vVW$wkly0U*b0BmY6$S$52w_C$i zILoXKk%F#!&dRXFF(xRvLYysQOf@d~P|x{T5bS3}C$I*!1o$u;noE zMnQogDO^mC3^eLvZOc#B9~f>tovT2QB`53r2Iw5Be0n&G?d$|x?!rAf7d8#Tp%Bol zWI(L=7zPH0L2CqXefLiXc{^89syIiQ#{fsdA|o0a%v0DsIM{j0+w1NA4S2~HJEK`( zN?S0Nfj#T`*`xMf_N$BFs0duQh=>qcYW}YvtDK#NLC!A#EZVZr_}qnPn@jUEIH=X0 z;wQ>59G=b|RT0LYhK7K7YW0w+m0OVS48#jSv+0)ey7}`Pw|A04ZYg;5->ZB>`e#sAL19E<4t{`hRA0M|0 z{Hbih4>&*C#Cic9GJNU=e3a(P`xSZ z-E_OivNup%6jlp#-d?S7KUh0-YYe;t%jNXBr_bY;D@e;R$Wp=TT|U>yR; zhjxJ@E$fh0)K-KvuD=6-Qi4fL4BmQkO8O9WC^Ud4I z&s+a;%fDUJSQ%)}Z871Y>Z|^X6XImu4u-pkTq<~r-`gPD>>&Szglx2lyE4PQvoHJZ zcCPx4zZ$1GsB~{d!$lAmP9lu%7`YM`;msq(%fj)6nSo_g{=az)l{vXbV@FboSWl&k z66%VlOO#C;cTU=>LW?O4H(JPh-S}Wb#&4FAblk*lLF-up&m!zFyoUNWi?u5xJ(riq zzA8zfWKx8syIOJsX*u7q)m*tWIWZ{KjuMvgYf7Z@6OkaAd4o{7nkHcsKT5oir#rQP zbbPkO0a1g!)MWS|8Tsv7Acc(q+FuKgKxbHrxBcIyg@R zB2MWlKOmV=;a$Hq_@@ktzOt4R_9un=je|*S21E)F3U33`;;0pHiHWyj8CutRE1;5+ zlIq;C^p)pLbxhH_vdkWoZ?=bwY)zju;Q;9b)o^}Q6XeM{avVXJTUMs?5$MOefzpsV znKyK})EdBWuil_gfD#&XhRch0&p=e0Ifi33Bf#I=Sd$`9Bc*6USyrvI-4~FkyADJONeJo{%-Wo5tdf#hx8^EqW^M^Cxd@lC}ny(Kgs$Cp0uy93z zPfd!RzWH*iX>lAAWBE54x5&%mHylFutdp^}SI9S=Gw2xgXw2`2zOrj;2ff?V@L?eR z^CRn{{|m$l!?ovTBFWGEE)V{!k`B?Qyv~;XA1y%1x{w)AcJce{x?y5}Lx=I-O3<~WcD%%>g*`b9%FHW?A#f_CE2}Ox zEgd5|?mw0y4|PF^0?LmVjP>2U-A$m+U(ZP|XTQ#G$&S6^zd;V{_zTeGWROuu|DoAc z0O&>Fsn)Y;x%#DyJuz^?lG1aC?QrSJ)LbCo<;iN->{{L515k%JH z)rp-QC{j)s+8$br{w^Gq8&sL)2XBp}Wycp>CP<*=e|s9RwCRSV0IqB6tc&75yaEvw zJY7CaOiWAdwutIPoy;vR2+AC26Ma);YIW}EehK-B=UFeMjL z^jfqY-~IiYr@Y6MDA6kcmY=)MW=h(Acc`3}V5YQ!&KW2-avE}#?&;5xE}I6;Dv$H# z?jwdjrTH9Ms@Fw;3{`}TjDlWvb_~Way6v~1vS}EuA;mhkx5;XG=hf82Y zCS05A?n~|Qn;AR|0bo91`wYWZ;lhPZP0yT_m9-4(Jl-&@ZaXq09?^@%c=!x=Tfj!+3FiIleqbhVd&z2sN}+X*2WdX@1SH(bdd# zZ+`M)S?U3!Rn5vq49%E|ob3)f9W_(B)c$lzq}y&}-WK-LsA7P8IXBg=4H1yQ?G_X? z-!HPPpEU*`fL|RrMV8gL@yxeCYz`m3^TTci=+rqgGEn(PVE1)1J4d@@0Dqp5~=B7FRCvmJu%BZFz5-k#q7QtZ5;8MMFNrvNxsQE5VpkWlMhVb=%PY{|a+X|w zssvb?NT}pik}Q*Fj2*Q71O@LO4_oFD;FOI1He;lF>><55diSkpoUDhDY9uwg7>r^4 zMV6NDsLET&Irb{VTPw_bilWiW3k=VC3XWalT|9Rim>?)Ig2o*13Tt|LPjEzJ+jY!z ztuu-D8J`vX@g!6da87YoJ8TYYvA+ zSW$?t>sm-j34ra_Ll$Lc11j2v(0R7ObS9$6LZyCLUSjXN?u7$>Pa(_Y=VB%_t7B07 z^9ss`IfXPMk@IUC;Mu4tQjSVamxld;13AF|bDF2mI{6ck31kV_FfjR5!q>-zw=pe# zAOXnVgyiMlqlAb5cko)gC+vsP4yatiq+~wRwU;HX%e?$qQNaYRGW{kh%GgBW5oeO& z>02A|_Wk?z;Lx#BS+|F@tNOBSdE}Jtp03lK>A+<6nlF-bqZhy>t_w=A^)o<10ogU( zWyk7E_m}Doy!f z9?ml!a@UDW>GRoWJ+H2Hadj?)q|7?{8a378*$QfOYemziksc=k>zI(RP&ueM5*XB;N-Q9{{7kzx7RuyZrny(VfEaDy9 zWCsug%kGo*#xBYtsG%X>N)*i26qJ&Avy;O2XU50o3O4in{D9)aV34ibX2liqp{Hj5 z2QgNLnDvj1yIUK6ipLqGZSE)>qVO&uKzrTR@q}DLUaI`Y_N2L9A14nS^uv%MzoXVS z?waWl%+##uO;qysg8Fm_58Tt-sUVEp&}B+M)fji<2Vz(5bkJdt`7f1bs9~^+A(WWX z^3L~#NV$@TN=g@hHyMC+9YO&&IfjT+eg?Uj^;9ebT6^U0`@ zvbn15JpX_on3W-fs4y%U5hHSKuAgX8Wv1@QXIs^lq@nUR76zK8~lC* zXw0UQudi}XZkNyF!>K5A1kQimHXG=!p$5ZHDr(!ea#tukkOHJ9JycpU&Zeu!;S(Be z`r2qHQGU`rM4z;U;lLw6Z&ivc#p_;8G)}Bsbl}(NG7t=(@EUSBsZdW0lR0S#V{{Z2z!d zupmk>aBb)0=Y}+y`~03_V;wCyHhhcv=E(#?_V+LUHJFU5I6cY8$!htv+1EL7Z|h>; zmh-^V=bpUg0!0At75XS1IXP$2{$$cyMgU&px$qK7_&WY)!_pV?P} z=$74BE6vYUAby{Twptzwf(tObB`5C!G$qJGz-GBsO38^HUT|KF%U~v+&Q^J)2hG|B zJ8*Uf7vSrCz(~u>_OrM5Rks#&l7r1|a~=hZNyQ^(bBQ337M1(T2ZACHUr_?e2h`#; zh33CY%JTC{(*Zh2(ulxG2+VQ86DItVDHwv-#awiedz4amK6hp2!$5=oh>^8ZLji1-xV<7*gT%+le~Ciw({+pa7+sG z%Rlb!Bj=)>5~qX?RaF2 zy_xxqznN(?$yuuNaI-vZ7S*ey4;-Clw#oPeZezbWposCeISMwb}Q)wnC0(mQTa z_~(Qb5V$FWnwl7EXCO}os9q%tOTFU-K8HyUU%5K4+egFPX$27f}4ho?ai3< z7y$sL0#5-@o#&RcXo)Ldw`Kr{zHy57LP1%?)Y|IoRAKO6mvt2;NG9IapA^m<#KffY zfT`KzY5>f0nm96f$2o(!``e#Ou!h#`)czw~uYu)cSIenA4f5mEiA}#h9#%l$Pf(^} zyw2ZpxZl77S`G@XRAp&prFgi&zP4{aUkdsERM1xX=4SMct;T8oeJbwDc7e2<+?-Wp zq?@lPKN38_9Fizo>a)CHDohLJr9o0ovQG(%2bOv7q>TVuPH$xur=o1vmL<+zU}PD9 z*0}gxHGAfEs>rr!=_w3=Zh73Zc%<;R|BIIjtTo>kQ!T;C!y_QbmTc2dja#a_cEukt z0!F9A*p5kG9zcHpjZ;omV~WQWEiOLs>ECdsJ2(-ziIBV}eU-ZU!u8{|*qdRLWtQ{Y zC2K0$4{6P*mO$WxNr)@zq{X}WE*=P{Ev8T;P2zz1C2yZ<$mh3|q%^q3SW-tPqpPi= z-&bW^?soYeZcPR6+-Vlfc}VXDQ&CW)q{2j9YHw$aqggAW6H){m6|n$!u5Y)v!$-qB zUTJ!txdn!+R5l_c4*UczI8g6TQY(0$w=m7%8g0f4a8P#kFi}tkA1!MG0@Ti9@i`9I z3P8>TtolhwxZn>HK)v!5=#pbB3u-sY8kVewly^L{3ej+JMXjB&!ASrLe_^FDM=vK7 zHntit*G1KE<&U1d{(FV9(7b~EI1;pa>p{eF}lEn?W2BHR`2j27SGh!T$k69iM7S?D7Lr1O)z<+eU`+f z!;q`S-Iu@CRnh4Q;*yG!sKa94a_j0M=K~OA$=E3a0Fi08clvcGS49jDkErHf#gZ`< z!2f|B7~rmh(NHQ7n^~QjRqjdfvBklyYER}tYNltPZ(m;K!%sN32Kgi;{Dm-#}&p7>qX=ZlC~e0_V245S(DSL>6j< zD{*58Q+OOi?quy9f%--0Q}BLs3O0x&h?`(831Cw#HXk7x)$)(pCq9mbSO6ph{`e34 z3?k5#5OE;mHI2Vkxq;1jOne+DU6(vx;5aj$F2*OHDyA7y!jFo2fj|0va*(B)on4p3 zZ^&@5oUwL6yXdZ^X3?g`qosD&8aaJYHOIC^x0Ze*U;; z4*lfYfkT!29}7W;Pqj2>$Q~k|CtWz`R5r^(?Zsnq#o8^e_lG}Y?ho_8hho#WUte>k zyPk^i-1lPhlVJpUn)_&PtJ=@iM{Lb*iVI@Puv$<=XR*>biT z?~1=3{qF67i|4q{fK7g*ZhV&+ zwc_QvvqnE#;gApE=&YNoGTF_r)AYGaPD)K`Z$ahxjsjsf7?|#1WM|*H#Yu;44<-B2 zmenKUr27!JKD79BqgpqmJs$D$D$rFVbJ%>6)~L#>I60^)_klg*DgSkI1{cZu_@bMt zd+DCvW0)|t(tI;4{g}7e=*{KPl8HN-yR%Uz>lr^>YP~CxG`|!5Fs}&_pz?yP7V0=0 z%x+kbPs;XI;EGjikr})n&lp)JJ1$o4*@@j8Eq(`vk(3|g#M(_K=R;GgM!Nf`GJ<+C zT;=c1cs;K6^3{Cx(=cuO`;|DWIxW_as8+{HBF)Mw!RI=QU5^^|l<#S*8t$A@;X`b4 zKJNZ+ooc`&HG_tRwPW+cFo_pOi<{!2+p z{bLZxKX=~{SgF%*+a|Vij_dt+rPJqfctUtj*E~GK2^(PIzalT@-j{4%)zJz~<91mq zTDhilK3<~L(0B-ptl9DR`03XB*5tyivEeVj#D&9oe4*ifVPF22l zg}=HdGGKEVoF?6kQ|z#+G&v34@w^H_K|$3T{g=a>4~m+$k8YbX&&UsEE8rvfE;)&3 z%h6G7=6nr$M6-9es(9bBp`4CXU#W$o@r%Rw#*d+R+i9V+pTPd{I%o1cgsil$od(=o zr=FcF%&b5CE`A^p+DRc%ZUghST)aoCwOsmdA$BU57&T@}wZnhD!O@@C3hd9wcsZJd zDS^$jCR#;D>)Dyc}qmuaQ25E+<;Wb44?x+$2fl zvv@;-pMP3ahovf4?S^J^?Ur*AaXL0d-yM8aD(lx)H0|`*5IS&zK%NNm+wxf=!OkWz zdgLhiH~Ve5JYhd|_2|=e_2eBVtSN(=x~JZJ`sUVg+b4gQ*TbMl!-p2 zREUn^#R5j3*z;vg+Woo}Di3Avx>f3{$cQjFYBoXn;aAuy7UAc2fV2=Uo9O^;MmH5@ zN*j^cNwtvddO7yYF}9fxA`()5gv`4*fW(aVaYsX8McGg5H*%nm(gev;B?!RL4^ofnSfY))8Kb!k>1RQ8-@)1~PGR z1y`Kdd1Z^y-wukcXKhJ&G+*zpt?7lG-}Rb$FEqR5d(vU~O`Ah)oNGy0$;NC(P%($< z`R;a-wufahKJc+qyuE$Ps-vxO!y$MWJU14gMIbXj!|a79k69LtzQF@95xWo^1J-ct zssv(@`~Y{}u&}U9a0iy9Co&X@3D20>GRnjFB=&agD+}?VcYTY3qGxFM0x7dOtnt`@ z*2WNz7#}EU@Aq>x2mS%c!WR2A-D1H$Qsdkdp=+2^K_HP33^&e9V3)Nf z_e3NFHhj@*oVN>|7B6};)vfRCrimll=n#v~4WzEtDBlRFvl&(dKEV zS8VvBBH~EkyKizdE$j*WiM^Y^n8?rHR6Nsg&unbNolLBrN~)dLgm$&~cDyQ>RGGF{ z3#D;?lMa73QuwLbEE09{&$7%gcS{f|f@QC`d`Ca(x1R3qb4=di*0WobHID)}gC($$ zz`kQm)QTuaS%*MfBu08K+G-G~tZ@CQR6WeY)N6jYl75~VB*cWDNmMDDv8Z-2eI<$% zYvc?i!LCG^;QMGgRpEN*$knTP-jV@5{^RvYgi~bRi}OlKOX=%3kF7Qix0kTV z_IR(K`LNuDhlRnFdyj0=pVjTbBSPntt03vws2f{D*cV}aBck|G@{>X#GnqF!XY%D4 zsgtSc-rnZd+~fT^(<_wP9UX$WyOEh3lY{e^n6Y54*+=gixAyA=?K068gwAR!Fs|F? z4{~8aqxaAJ$byRmDV@oE6g}`ElDRc?&d;}C(Tf7KFP5aJ>{Q0&S#mfwpyq0s#m8N9&RQl;~;k4>RT}F zvTa7fd`+(9`;n0s5R%ov+mU+_VFtDuQ&-bhm}?Dlj`J)*ZSWNgJi8b8C5a|_{nVZ5 zV|!D&k8elyr^oRwg8B0D=&fe#iNbIACWsd;E%)~gT7oYabGO3fPY)!`&q-TGZ~4D4 zXg*j66RDge55rotQM0o@;F4ry%CO(rZNpR@zS{jc=P@mUX%ZAA5zw_PqXF|Z<0QfJ z(R<&a&QAZk&f3qzUmp+$i6<^7#;N+XTM@TMDZHjxSSKg8Tc>I7EMP9futk!$?xkC7 zRY&;;PWLw}(A_JSE1Z(bn}VM{>ad03Kzy`%=uik7K}77K6PdXJ2W-am@q8GTPOzvW z9=>*Q!3wVH^k=wLOM^W$W=&n(`Z1bAHVL)qdk9e-AAD|ZR`#Ph8>AR4AIq+Huix}% zr0lE1)K>azOkuasA(+_%MPkuu9lPw8YX>-Q+^zj8w<&k+R_pSU?ha*_oG+%tnSDRd zWg3!mD6X$&ANKA@gTxI7vx;^``FH7j!}uA$VoH zIli}6p9u*|oqn);CD3{)tj;haQwVz>W+ko?LUEBRhXNI5CO#Y0#&szg>wBxL5&TAc zRa;|bD*^k%cr0Yh*E>q3p8K{qqeK4Cu-rfuf(6q$vLvRKkb}zkymp*xoZ= zxY3xl%$5?w;1jbdquYD_(g-D{e`(LK0ux>aZBIAZFHiGe*O?RJM=+DXX(H|~cX9qr zx8;R*+tz8AT;BU3_q)Zsu35goOEIcBZ=ClN%;Ymk^<=4;<9MOWLAdI682{GH_j~1V zvTz2c(p*P1Z%p9|n0+R&HY%6kM0Hwlw3eqb-;-Az_kHoAsm3{@wnt-v54vN*D0z8lyw7_KxpL9I(1= zmv^l{+`sE;aKK#7_Y_TRry@iQ84eDcm2`f05_V5Ku0YNB^zq-DxeU4#dm~upHW2PvO$?RSL@XOF%$~8??Q;d)6(~-us#q z53l7gbDx(l*cJBwJ?yugNTmc3#Da{$TyCjnI(QlMvZ+B>@1XXJ6i&lWVi0!vXo zV-e`Td~Z~U${uGpdnH}$mt)>YS(_XhKmE)GV$aQEC~H|46=U{4S^%Mq79BBYDl%=m zU?j!&2J`KL+0bxN?=euUwZw`*+% z1R~qT57zP&oy}y4pva%%QcZEG%dkyPOO*#!OphWU#|n@BrSmZHnRbVB?c z_DvqyZL~bBl7QSB1Ct8*$a}(M;U|k+^(1Ej8?)^^Yg4!8VOA?5o;5Kuw~$6K$=8l7 zWs?y2E5xnD&HK!5d6j9z*Nh&W)Q!YHuCQeqdRXWACWaA}B*bLZryNcsa(nKK;RSu~ ztl%nRvI8Ame_*dR533H$x+p-by496sy1a*HdHgL88%;r=m-@W{ z4fW4~Z(*Y5GqvR^VpBFpCPl>?*xLKKnli`m_e;66Iwjk*yWO<&>v|0Zgp=zIJO!qa zhE$X{+!RNMj)c8_MMx*Y`Q)nlSoxQ0>4_p5(XoTRUR z+5TfBB7Q;hXsF`)r-O~|1A3j%f~v`HY$N~3`mM48?FwSUuherbISzdNjBOwJx!N`j z8XM{y-xzwABR~_c8Rp}?hRIVXPzEpr)~v*>X_-VV;@6F}zdfLl;u)kB1e2&E_Ti+6 zia97*HsH@5rMzY}IU$s;kjP|fyjdAN+Vbg&g&l7Bd~cW^f(3YSz$6xNxp!`BxnI#1 zC~OIHzzD=kBQU*>DDbmmzBPteKOS%S^xL&eI~G7-yvOwE_K{|e;6(vT_bWrNZnbw_ z5($$-u%-Jl2zS_12INI$FA%cs401m+4o*Ecrl`}^`7@9lHlk@M#v{6Fs4Cywmrhxl zKqTd0fK;~7E0uh>-qO`(xUFZAMMzthtP|rQMPz$rR6#4k4~dEE!xs5MTpLHwN0gu+ z#hT;@5wO@sUnhN}&FSXWc|9q&xOx z3io<;D<%!W#`|abtdQhJ?pZnM1C%uGcOR-aKDSsf=8+ z+5TCSH`L8Qz;{@$pY=Sp@b2due4i<0bd`0-T4+iU8qvo)hocZLq+Tu_SG3~aC+xfA z+UYoRGSQP=}>D6Ow+@nCnex@p=bgoVV!ft2@=V?p93I z#cy-b_iPn29BEwtSs+xd#N^LESo7oVr*4D5XEVE%3DbuC zg8dSS8J~u~IJ3)NS9UU-`~*q{QUy9|WzY6f-py)804@q6kYT_P$z=>HcwyzFf~oRb*^x0~hBq8rs%(5SJ=i z+qS7+>}Kz^e)vu>*zX*QtVr?*JFq=N6Yt;?38`;DldlS z0`pQR;?&Z5lc{fqdTGAJ&yJAbRm^jqv5QoGrpHnf*=9>#sLt#Cxgx`quIgE$ZTb?# zTQ&{_k)R{y$F*ymm(aVr&)NP?SnEwCSb|0#ix^r~1B% z5WJs`jv698gSifip5+X|$Hlhfm=INvcGryd@nG_*Bia-bba`Dz8PhjDvnlS_s$#Y$ zkWi`V_wNJZ>{Omj`BNHn%0HvP*>;2|UQ+KD=prS@w2O;>us|;uc+k(#Ebe*9`XCeF zos-G_cXYqAb>q`JUlT8mlGYvkzuz7d7ka%LAzoIky>H=h4z~ofGN4!|P?tf|e{6}& zKOw$v*Pe&#r_yEd6o!YDm3&A*x^YEBE0t~iqu0swFAU>R?-pl{YOxO~f~w!<9Rns= z@`Be{e~lh_J0FPU4XPYC1#sy&DZAD?Yb{HQ#MT`%#j_!H1R^1Cm+o2CEIP=9?7 zTd$Z_CDnhM8k*T76(?j-{OY^+8&QT#O+!r-)Gl8)=>`MM95&Lz%=nSlL~h}6G#Sjg zZ3P0(<*?w^gl4^=)%sqqVNSk`A4w}HR548=ED26>jFPs;lY{Qx8Ifqi!e&^P3xx>Ij! z-6QVAo+!V){%nLV5h{9ezI>WR*4A>#QCmBsxIAKBxtZ;a^@;N+D)Wm+Bu4n`Xwq;H zZMp~_sWt?&Z0$Ul=Ixmrn~(%|3ut+>FBzpr);PbTwY_GrwT9%`ExA;zF4~8elvp*W zTNKWw6S6mKIE6K=8h92}dwub&m)n^C6kr~io9gc+Nw#EDgNd)P8>Z-^+S%zNJ2B{P zu%P4_NNg;ChnSQoA8YuJ*@^{?)7z3Hh=lNs7h3Yi%ebmV7rXl@;>PI<3qzapv0OY@ z0^z>gpQ<3;=7ptv!n{RY`j{nyk@@MSGn;-qkpbT<+RwNfy8IT}_8wchKAq&32>7C1 zn(Kc5^jo7zEQF|FW;w8)RiSH#G!#$(1Bz#KFF zWxX0U`@T7{G;h+#psjPhkD1ewrx&m*ZA@fY*=lg$oi4$Y5!zFU?>{A%8ZgbTRyg$p3Q1p zO*i}&ZtqrcRno!PsC|iaA)b z0r&c095v6TI(w{=$C~HaL@B{0?$T~LpxDFC3mOp?Ti&6yDoOEOMCOMW$<%KVEJ9dRB0rw}am z;KG8Us)93*q(U``&eb#;9i}vkPm2N}B^13KQw<-Pn|rrXVAv&5{_njGMTIWC=33H6 zl1{9Z7lJ9S%BvS1e552Qs$3A(UN%GU6KilF47&zu44g*pRvH#>xVF_z6Ix= ze>5)X{JqgU-yI&$20{AQ{=$Ou%YNnPEPhO#ar{52R!p9y%$LFW!N2ru?4XO2GVC!P z!ENt#tl00Kp_amNTv2tUG?2H7p7reGXC-tDAJb4BxLbU(GL~P7PW$rVJS{_rFMu8rTA1SjVnZ^j#HzXwX?{woPPS#q}6l`}i#0vXG+x()rbCja1F!e>!7ad&(Vip?ZG!tZ*kuIb{(r1Rp5 z+=r2bl5uWy_^&SL@B&_XzKBvhu3r`{uuGcyAP?g>dqLqPCjfvNCiz<_vt?^6DX;jk5MT5J)x9n?@`e!95 z-z=YxO3eIQHa|*){}kXDec2mkwEzY)eu-!_m}JaTZ$g1j;fnN2+ZqeUSpgUQlzTAtMi%9BKp$( zacf-}INPn4|L1apq*)G{Q4Gzp7JblVCeB*4P_}>^YLGurSE-SA)>)8|c+*A|{>mYa zXvD}?{N+DOHJhVQzN#SH%2K;t3O9X0+8IN>o^RC$LqlP-LWU45MzxuUH?E4h4QhkS z$^%!LCAohRe;&443Z`mi&<7pRQUz;hyr5@yR^FV%Ih$JV(9@OF@`Tqe-OjEz3;XMl z#82Znh=M-i+i)b6bf;>Bp|3HcCFoJUqHo_B9ZJgjqVJ}2*3Qkv56{GO73+AD(a2Ko z2D9PSAA`h0SE9hlJ(AA$3|%r`FXQ_`(S_-VE~$ zU60yLCau*F+nBUTm53rXl739$Ma@=q@)s~PqPoDTV0)#?7Nv<4%ugiQ!jy$X#Xmy$ zZ%Ej>F@n#Dtvp{|XHR8a)>||rDrm(wBDZmD#_qA0Et5)1&Af4i)teL?>W66#E8M4) z8@kZXeEIR`0sr}3I*&-zzp};NMdzy+8BG<7d!$QtzTOl4GQQP8VjCTz8+&XXgW9{%wBQvJGaa3A~-U>mM;`;W5Yq3tFG ziP1OCzTGHi;PBP=o8No|-7F}v)5djnqpwLkz;%}2^R5qSil=qDOCtzU%Z@m+K26_D zSQZiNxu>wu<9G0=go?IFe!x6DyrVmjv6nl5T0p}%es2fYEZYX-3pgoVIy4$x^|uXG z)nk`zxxT)%C$?%y8B$ox;B5VV@q>g>?P|Cow(8geITSlQ@jA#F)Q%@P5Lg_8QE$HCOCeG70f{iY#$5=zelY?rDRK{>n;-+?XHF5y z{M8%SpU{wt12Nb{IO105k)In zABqCKUCFu>(~x6E6<4RyVSjBxTIK_@IRsNnqE#4K-rjx(DxO>#nSh{&1%!|XMWJp^ zR$7xhA|}0EK}2hv&E^9cnsLLMX;^i-EIr(z`fw%e`)y-eK}0J9?1}Gp&f+ckA}-;g z`R(Iy-yJZPK(swLaSoPUt;!o-X75%bR_nawe8b1mXRzF%k25`?|EvvR?!cbJ@d2(y z@>$bwUc%$~t>3&>oHAv+1zpA?U961Dgc zwd|{x%%H*BuO%b!)%mk)#FV7kZwN>Qh-ne9+3sj+Y?;hG8>niwWWtJiB1Vu#5X>Sw z^Q1iX>T7$N3aQQ9Aqvbs*#WE;Nkg_h`=5WKVyIgpjK*O8ZDohR3tKa;@sgIJjuJOI z%Ay|KrSCS()@nn#XYDGvZKJu^MLlvZRv+KmJ#4uq7r9!U+#La z**J`*V>vS2`mVQGt8Lq9JeCvP`ol3rLLd#+c0_RxG%bX>4v@>tS$8!hmD`%wP;GnlO$hY9lU zojy05`qUcISJtIW{m7C`(!=}ib6h>S!muIXSF|6xzT$;pMln;NDl)mk-fwTV>bKm} zvtO1Y6Ie^lw=rrwAn20dUSdD_jvSf6?T+#B>otGhR#hQ$kv37 zQjRplt;}hB&(VpD_KDSbaD8LE;UI&E5zhG6Z<&g&ZB94o)_;RtBCCNy-?KvaIJKCdRkAnw80K?&{YE6&&zyKuXhS^j0`37~ zT5Lu+{4IjQd2ai885N-;mzrHou~db9D!G@k4)qpYI6g~YktXf!yL#L`_#TE`H)v>R zfhk_BpIyL}&ZW&cSJ6X7!MkCHN87W3_f{l5*sKZF?XG#|hD>D9XKX{4C$H&mg{;ri zu@HyeJu-AHZi=my%`G2{*c<5&UKF_M9Fj0$K}1PH8O8@qODrn-W|%T>RI{)~pNSRg zwcpaE${vn5XCE+JYLr$<$7Ub}`P9W)IK5ku<^N)#X4%Z5>_Q)@=|wL5?cwZ#>{{r= zUOj)~J%pO_9wU4p`O2jDbi*t+Jq55OXU9l;L zr3`za>8Q30Q6ZNTaGg{CmSshhK$rR-Rrl{<*_EhgK{_X#XZ;WVNiL-}}%rgPQNA0VmVx9ouMaXzlRAJgzpGASJblPM znTh)hpiVd~?oiR+jawC{N+zgGs%ia8BRg8dv%{r_WAf_KogTMAj1TXVC55*W01 znVI$cORT_*@mHFe{8U}u-!k8K{CY~dMCRIb4`X74sDFAak$zKazg8}bc@g08{=hRj zeza+eeU35f+gG~G2Rv@tRY(4B1M3RqqJ;2U+W)2~f@Sz@zF{e6YC+tHC9C$!R|Wg(rpp4tYoErBYwc52srAy#M|6IIl;JLMzQp4feQojA zbtcqze$_PHQ~U2Vw2mV$orZ#Fy7y@H$R8=Di29b+U!EAD#Wec(qGT3#VF|)1rxqn* zovDY;p4Rg8o!4O)J$$B`uL<;G*8T04n`A%4XoU$=Fa2SQwRs#lbwlEY<{&n0UgoC1 z@ZDA7=yl`(Q%~&grOMZA0qP$R58mx(Zjm?yx7xNUIzuk)nza-Xn-ik;AoS;k17;W1 zx6dp8Ae{D=)F$r3t3$OcY^O$|)BH{)Zv9ky!q)ujifM1Oy2f}SE(VoQ*PAqnNU%6A zqjd^a(N(M`12k{Ge$MDccibqBmmvGi* z-Ulb`w;@-5Zl6a9S5JP-61C!o8f;tD)~TD;bN;k@jMX#7JdT}r-Do>K`+7pwN#TsR zj3Du^5V6GZFTXG)`wK_;wRp2%hw8-IiXjy9lkHwpKmWr8t0ZDTU$fi1A@oFrk?6}r zH{R%&)0;^XX-t!z)O#(14oH$kFn-aur&rsX*ioeMrj2(wrl}ojKloJQ(H`33Ek5O~ zm0JBv9nb~oiCjKH5~_=iGu4_PFr>fMk1h=-XUwoGfAs{7WEwMS<`f?!VIvHLk0_IE zLc?#&lFG~lY9H)xNZz~&vGS&$Xb&sy@GqI#i2R&F@ZI5*wf9Ae-Zy=kyN(6=FTOvc zk%l~ItrHZnFzfhx`S>00Hs8H@-#VMtj^JD1y`sn|WvV5UPyD0eL`F1GULI{D%^IaI zWr_s@Np`yaUsLFPhu;pBM*mAG&x_sco1v^|YQ9dXwYb!YxWU>wN`p@-y9JhSnqF82 zs4Q{!^^a#(@Fx#*1nlE&iia6Y!-CuFl@f5jycprcLR1|1aIz$7jFzk-;4!2YEV@PD zn7cKcn#@;Cxk)|ur?j@(#+>jMqSav9OWUhG?tD`nk2GuXTy{ z(#gu#2m?oFstZkn@@D-p*km0+p~YA--P8pr_8A+=bGXENALE04R)zhiv4`TWB_0Qy z!kpATkj1+|&?)>L69y^I2G4{XLhU)sG-E>J?*fnXCX8B& zE##zS57Y_1ibZ$2%0K?;3E!6`7yRU#jf&{%vyT2uVUyr^WMATw1y7DJ^9&nXzji-f zy^j`yz%@Qq?0h#rCmQ}1xgX2i;GTew2~+oiGjKR zMQDcS8=I*Q)XNR5CyP)wuf(J=W4!W}Ms$*#Bst!99`?>1h)^?ks+D+$oNqCH&XKDS zB-$zo_kRJ9z4$9cV+m={Z&f-IUe93{_({V;mG@G=x@k-q zPOXk6QVP;-hvhuFl{i_^d?ySr9chr)LAoo3A>k|TW%5Xly)p-488NFLrDXP#qk)yQ zYD5@DLgJU->t)9jW8K73j;m!#Mf=C3bK{e=PdIDg4r=o*{ zr!6G_G*l*Ox*@rh;(&R0IC=#|sIGvNW{Bwpe*TB*x4!+x?0DvL0jwJgI(qP)TsAw1xay^ITA`)gDj5JRbXAcd+8ktA1#oHK*U< zxNYIFuX49c9`dZC_BgW6#ese?Wnyj27`lp!%(voPqO~&1@^N`$ZWO!etH;|Amj!j1 znU&;&k(uf_7ETh`r3GV+a|7AolM1Mw^$Z7Bj?^3D;VbAIqv`PvzII{+l=TP49>kJ; z9lwhW*ObZb<9g+(7mc1T-nUvMRUa~8witRM%$+-)lIb7L0I%>>Rm#2NUPtCEua*y# zm!%JpZ@E@^vFPB4F$qlPU}L#xY3=5m*@8KGT4~hPDvkKxNqm@5CxPrki|D<37JNo8 zdd}=9*|NM!=2gampeNL>b!EEK^6joS$QFM+rG}jPZ|Mbv${A9v}seBjo%DQ=6s> zCwtGzoSIY9sb|)gLFDZr(0w2=oTyg)xRcz<>)pn*#3s|T!p@C&!x6M%RTFiUYQ{IJ z_4}eQ&7t*^1_Pr43~_G3+3P%is5ZY&+hZv0lTU;SG@=f6{+Xld(WUX>=FT|-s?BFS zF{f*x)>=Jh%Ogc>2+3KOyiY1{t}bzC#;u+s(vitWkgA)J{D)@<-*}S|`5bf?qXD~) zq(@vIm#r)+5#Ejbj}`zdj!7lI4vSVB`wm;|qc!EtKu<(qgVspR#3{=y^V0tA-pUuS ze_-`&#!*)28DH6X(>!q}L#1XyS+~E1=9RJaROwO9vrOFke8!*r|1R)}dkFjRP0hJv z{mKab1#i!>7{cx!$OKVN^;51f+!l5h*DF>5`Hdx_boa4hcy?1nH8Fp}S+~?qoE*M&Sg5+3*d)$nN#;Ig~< z@n-}UFynjk16NBs7h6YjK2csSr`TU&e{D(y=rW>UK=YC24=a4nJOx+13AZ;tASv?~ zmv~M)Fgfhr;%H3eb@Kg&%1+_Sp#&XzM{VW!ztb6Ov+wCmYaG3|GSVbHG6T_?jNrd63v=dR|k0{3|;rvj|I9Ln9qMWasP-X_xoJ+JP&o5ap8^>s3{KrDrkJ z0mI!`%{84VrD!t_JN zBByanv7@f4zLJ77en(}oM2_vi_F}2xf+m7lp>0xK6&0eZg!kUWBJBl=GG~zcB3qE< z($WP=!zx~MI$tyk`kYp+wA{v}@}M)Z>VkA;>tjdWkV)${!B@d zyYdQPE&3!%mFu>TB2eL;k-3={Gde5uUhdOz5rXBaH|0%|hBU4P=WSCmhjrPMFU7({ ziYI0b)w?w3k9B&Q1RcH|%NRp_&_BR!GM=AInp3&d#RtE2d)0=9GphQ+lfA?XTJRfI z`*)#h$`el7KTk#A-0d9@=LcS8Rj>1Dx~tQiJUAP(UOh5@wDo1CJQ8+KvzdL@X3%hE zL#XPrlj5=eH4;3}*1@1?9Lqbp{esKeU7t*XBVJ=k9Z@0>M{!Kqx$!0_vGNRKDe|_1}3w=k5*q z7^}ltrb{auppjxRAZC9Pn;MXuv}_kcr20`xs}FV3M92y)t*JW{vwWtoq4x?)LAUO8 zc}UpArM|URbvJDK_Yp>}T6~VRRmoKM3@qGWmcDNt>+~|VxHsK{2XT#cgsZeM%`KEXAL9$7|C zx1fi8NieUw_n*)4E^L{|PVK}6)F~0UyjF))*laW&WX@d%9M5VWqH7xNmVSH1cHW!_ zer{{SV|!>9o^V{y@$p}v`*%tMVe63SusjKa!$4As)nH41t+8B@#5JJY;XiruT7ah{ z6mB<#Q(Ej_*Zywk9%pD>do|rqgwlxohE+CyB#e=4mT3m|Rd9P&0d5Ln@9IN{ZPL>- zhT(c2?z)iDm4@cF&%5)KE?YZUJwzpG^{X+6v@z`lPVfE@6aB!?hn7dbp^u>BNn#i8 z&`6HjMt!1y7*rj!^4G$-mJWGb%khzK|00>gc}}OszdKQ#Rc%X#FoZuxWQ~m1s&|GN zkjvzLad$O{uV_PhK72WUnJLWeJ3k=uB(;69ysj{4LYgj_x?E;i3U?-RdYxsu=% zSXJo*9oLr}@?Q5HnhW_QVX?xqLr?S6tG+?aQNWU9{bt$Y$&J0izisu($SIs5<+aku z)?}w<^XJfCFPF;-&+^A^T3+hJJH5NwnU4c`GEd}G`@+jA`9FLo2DOEr;NG_#Oo{$% z&eyeSA|x|vcKk0o2gzId=Jew(@yytTG3FnfG}KQiF?S(X({GB@=}6{d{%Y9aozI34 zMZ#0RDdAN%hhB%^@zCQfu)AWYZU;}`eExadRYjO)P`bl!1e< zn9YOaZz3Tl1ryt#Tv>3K&iZ#!>t~F{|CZyOG%{!g!B_^y#E*AUi<-GLa_@AJIsN{F z#7#J8gk9z5C7%Wm_$zbkkGuE}BMfWAjs9XC*Jyd7JVUqRj}v%UIdPwuA~S~fqr7_# zb-aF7*W!mbYYI*2$fG*b;**nR6L-=W2|6WzS`+bzqkR+EH%)#7zZDN`FpwwMQ4>g) z3SpVluM^8waR}m5M*ZRMb>iC$Ta|Q()QeOd!j0vPDlr>k>S+J>&s(jt<+`sa%H#cY zcw$UqeRGJ(VzzQQYgzl7kdq9~NBKiYOy@*&fQH&pm1KDJB^p&vo9l`;i}!j9R?zQ zi!WH#$+f#(f>D|~dPNN#(R%x9daA^@t_Ho?Vxx>j=?T@IKHTDeFSD`rjL%xryIUB= z&WawUlbpBByzWv>XW9R(yVHr3;VeGy-QQg7+Njvel6A^0HteWc=Si5}#+0){mW=8K zeB!2Xt0#Z0U|QdPSn*~ZB51Hw-XuMuabkfJjphybj#QN&_N0`Uzqj3BTI15P+&A?R z<8l`wiJ%#rVyyxT2;R2G0UZQDbm+jUs%M%@N@DJ*2usBS6@azsToJSa!h{`w+hV3F zajtVVCtW@Xm!8X~t6)WwzAF<}acuQ%Apr_algML8ZlEsMOgGKoO}tGO(3(K<*-PPgmr$r3(|TVzU;;9K%~b@IHHG@4$Z)v@9C|F! zzwar6^nY4m5~5k+)hhCwek0YzpdWDmzQPIiQ2qDf7t7aBS99nSC*Kg2Lrw8Brun`q znzJ4Dt~)m&baHRW1-b$*|5?0A66LCufNyqo=FKOW{)u_?k}gU+K%kh{db!B(mmsSkFZS%NN<8@8qAE3ax$JEF1MVokKcQ!{m`u zVBRzrNJTnO(j%vlIGdwmRg~O7`vd3YqyRik4;7HD+$G$vG>O|+s->Fp3CY^sv4Bk4 z(5d6p_13c_P5C?Xv^jA)zl5BGBT4-szu<%byv)%DJ{oq)u&_Bm^U3GRsiS4SIOipjz{SrO+xv2C;VM)a5s!QvzH6k z1MQ==dONK(GHNx2vdOE~bQ z>NQR1#rKmG3Mh1vqI!6pG9CF*-V?>9*pX#G2Y@NU{(_d~jP4#mG19i|iT>rFu*JOq z2rB*WSg?J3kzqLe$<5?ff3Gk{GP^q+$Wxr+cl`4Fq?SGx?IBb5V9k@14-DjSxf=O` z-XUWZJhHj^l49;3wx(MI8gzQ3gidY9`ghk%XbgSKH{B&Ck2_{T?4r3WNu9O*|A57e zOUhEN$<764Zq{iIB*D4@y7OWY=_SMF0|uqTJbB>e#*b=SM<4H4TO}Mln1uR|pNn@$ zr3MpAQ;ASz39++46;|nvE22jqi)!_M%&5b}^T`h}@&03$pSXU}5Q25U#90(}`58ZV zVsYxXuRdY+pQpQXSAZ7~%s(dwv4{V&5o(Kx zj%69#*k4TxDm7m~lj+JZ0bsE!68Or?29>*UCU=-txVB;xKT&_G(y~%Wz#O zq!si_N~!tE*&rRC=Qt^+$`UMbZSU=mq{bK> zX|Zb=>Mb~>;7&%5onDLmO&$P$>`1aHx}s}2%1lMm{tfMb9`p)fvM{n}Im7^T@*({F z(8pF8<~JfD$xd>u2tAE&>r4CBvWKI!nj603Km)4XW6;u6+lr~f8=sh~HGIOSTh7DafCj7j(l{q+ip(^P_?p*iy zCB|$|S&vNpBH>Qxp51^;tXGZrl)JWkS$}nKA>>yu-!s7v(E&uB%H9B;XG)?r%pblQ zp~;q~A=KK&pfAbvxt{yRf1SDLfa#Sgr^N*ak6Y?E(Q%S~!kCVmQ@h5c7A+-WbE+zG zr(ad&A=mkE$4X~~^T3bULFRo<4;U^b^q3MF`l72-K5Dgk;}^HjJCf^-JA0tc?)O|{n;$AY&|B}s6nq? z4+FpU&Dpg4Z`bu;bch#Pl!{&X_uzlt1O9nm5oiIOna%)&*DZAhZ2pW6Vte6_b^ieE zLE`_Q90;V`Ft+_$(`hye_Sv!H!#g?@9w*-kY07}aXOWGxrxs5`xF*4Olj*|3k!;QH ztjn4X7?d<>X*sJ25fwk(9+o+}9=$8~dpZMsxt8)FvB{dm{5NwgLHGWbN8e!4Uzi$R zmfe+keQi#xCtot?DM0w<#bPgvP2q;qz00lr*laht!w<=9@jm>UmZT!X487tPz`dP( z+I)>#oI4inhE^kW((SxTvZ07s;_$Wl?eL2q^rg`n9TY}yk{K%Q3JR6Bs$=b5^R;V` zHtXg$!#NWaRfy;`KeE#vSd~qyLI0uNX}>>CM8QV>dWKcFTh@?xOWNWy}AysQ$b zyIzC%!~(cB;!YVW+gGV?|J!f15!5Cos;ZY!OUsnQ z?g_)-l&PRJSBT6X*e|WSU4}zz$-;fXzuY2S+e&O!p2N~GeYE%)H`PpASyp6Q8eU>- zQgA+bOlr)$U0=vjo7#pjs+*thmkzTg_b=*#LJIwa=MKsGy^)rXe3@JZ^UGTRBm zu6c3hS17&nOiHiCC1Y)~pt<%p-_ypPwyDTNcs=2d5Wh+M7`RZ zIUQjq52>#2L+JL{hm~JiJa%6AE4Z0syLUdi!OZ5%q!%z4zi%1PGcuAE+u2hC?uGLP3U<%NV-za7ki{*+rG7wJM0 zItOH^xwi@JHw=sAEBm}xj{>5IY|l%fTkC({^P+Wmbuudu zLvsLhEP(^XT;%^VvVvIL|KD%{IJVe4>;j;@Dad!{aDW!Q<^HLgv;iy_)kSH6yO0 z*-%(Hp;y7=VE3>}UY@WAnUGAhx{gFb4+^mv9;nkzL-jjH1vS|Ht?40i>I7i&g zcbcjG@g8OAmckl5=R%HZSJ~1A1WD4`h6*K7g63a z_!CSAC}*@Cg1sD&$3|OBu=pUvPjS1~i5v#RIMdB0Y*CEh*)%fWjc+Lbd#60mMbZ7m zN&=Z^#_?b(iQ zimfb;w6sjQDdPFSPhNrsx1-kPo9mn9ytFf9*^=$w_b-*5y<5?!+QSs~JIwRgW&B$` z5)BT+pzzm?IDpAwE!K~q+-%PzYPgMLoHtV@_8K_L&gF$50uHM?YT3>;*RY!xiN2ZZ|1qLc~>1^ip`e1cpS+!N5P?M9)H(aWJTB z!8Jf_yK}O8W|h>f5%o3!6?>Fl^#Dgns|;tjZhywT%VW!Uv@KA`@$5yl-I5<@-j~3( zVQpwyja_U&s<5hA1z40sD2#scK80qgX%N;iEOqwyg11iO9mYc0>Khju>_CT&d$yug zcA4QufAVsIV~-m1#yjwGT0l15M!pV1I;Dvdq**E-Z4iH0*;kiS=J#t^r}DmmbWV~W z0eWsj^_32Anmk;bX2ikK^7OROkUmrZUStrt;B~n=)Nt74_nmKb)CwnZRkL~5E3W5g{aRer62EOHVg28ViSI18 zdUxUBV1QbMWd#L1`QNsiKqd?02Ii{u4a$};5v@o)%kDwxE{4C*35_9JKb9IKOOG8Pei%A!Wq3<(r`2?`uO$ZoFAHuphGun z-k~NZczPt2*pbe>`zdGbK~w{`nAoC@2)}I(lMTPP)zdj0#3viE={q0_VR z;|a`-`)aR^4xR4aw>AipL)Y`oka&#;YpuhnWbIb-b-8EfN72(Z^Dlp=+Hc>V&79k( zOjE66(Fu1tudgNdtKeL~B{dCvU)}~NC8u5pFxiaesu^lg)pHJ8WJh9A_%)L*Yd>-( z=Y^f@7x*=eHo`WLW16Mi@NUM^e=p6ypichOE~8JmA>x%@89hOQ{Jm4;Pt7Z0`L88uEy6@{^9o zsG4!MO2p|h(I99bgNPgIs+X%ba4g*3u9dW`m_3oJy^^b$P`6qv=$g^}VRsY*FNafC zG%xm)=d@5!*(4)by0a0DO2gKfTUe7fh4TwJ!VI>|O)!QHn~xhepK!G=TrNhJ`kbbc zE3DFYw%oxx3%;)1*QQzVTMZtG?UPceadq_|X3qd1u&{r?7+JDbs#%ftk%IbRbh8 z>f_zv{-anf8q= zR!iCbw->-=%kV1(#K_ontIB1WSJK&ZxfHFK3bNh!z3ut&e)~zRUCKy_iiIsB@Fd5_ z+)agp&_ao`lIb4UYX`TZ=5cev;<9tK*H1&+J;bTnHXl(hqlQI^fjehB7W* zW-W2r;aD8*oO=RBO*AEq`)~Bz2Gxbu&eUR6-vgRV9UXWA;%GuKOt119kY!o{X_U&k zslAo9)8Y0~7)H~6NZUMX>1gdZmdV|IP1<{xH?tjlDgG_A_kL9=pj>qDve04jNz$6f zl)-m(c1;`$-xfgufhYn&+YTAb{%|=EAk7{h?@LO8^*m4;?h9Nn{JawF??4J9r56pk zX7qjt!X9M;S_;-G^Qcb5YQRLUg44LY(#w^JD#&r7U?byJW(_0J=3sZnI`ges9Q1rD zv-`3c8sF`I$N&s?!IOT(DwQZ%Ua@}o+|kuD%#|Isd7r~uR%}O?_HlPoS@*6wyTihy z=IZX2C;>!CJ2ERPqigRrg7U;pwdY+fn-U3dl#<0kr9Oj&w~LWc{Zz5rd?55{_gu(( zozNHi9Ttf?-BR=d!K~zLb}k(bh4&CCnoaa3-BBy@hINcJiynDYZwG0= zxVuwtWmYoUd99Ti-PBi(?45H1(o&JBptk=m>DjG+E6^j=O*MpkDDSw$&wZ~Q5UyJT z#=Nsi(=d>o3--8D+Wgr$?VY6>s5l1EZ`iqoT_L)_?WizlU+O<@gp{@dPZbGUTbnL( zpb$GLSN_u8rC5@`9LzRZZraw}={5u`?pwNxS~vE|hQj9aUfA!*2}2*HDQ#}3ScVho zk9(`jaA)1#lo4>RO%syRT_p=%$6HW@rT1Qg;E!O!NN_mS>khl7>-1z1^PztTu&Xt( zVKZj0b|p9Ue7Y@=ZCT$A%Dy?29vRD_rT|}9bTDYfUj*td7!}1pgtRXS z@#U%P5uF}rySEs`^W`>sE?+Nxm(TFH1Bi$L%46i@fQVnL=lz;R2ZG7jdI9y>$F;8! zfH#2D#}*_K5AcNUIC)^+RaHj2H|3i_hXaQ4AvGmZy@`sVPP1HHlJ^t)49^@X_1GDZ&bFoXWRs$rrl*VD+-c&) z2$&FoaOr_(t^9z8BR{{Dt(0+Wet&u5ZCj|wiF$PMYuCo}{;<~}KXOA8Mh-n0jb7=W zg5m;xA5Wmq$!0PPQGceE_j!j~IBORCj+W54X|<+22H1XB$Su5qAqTcn1aXACv%#Fm z&z>fi9D4S54Umm{$Fqj+Pc&W|`rXa}VC||}C+HrTnh(j^YW{nld+f-hcBvaVP0h;6 zwuiPZuiL%%G(YAX;xjRtU1&4U?fngyJ&@Ao2c_OS;gi8D7;aWpR{L?z8h$$tmnK;+ z^sA;UgU+ol7f3wfS7|%6vc<067kf`y3c=Jwc_twOYUNU+?6QNer}F{?VJj}~o$>|& zSi}shwOyC7_|yph6m}tCud9J#JRLke$}`7A&n`Q4Up^mrq-KDZ`e>haelA(tMqsMC z<|LZZs<y8qpfOs<%*E0R2`76%BkLAvIt(UgE|XzO#oN}DMO7R+7C??cPQhNO z2BpE;mC}F`r^Eg<&&DONB71Sh)$)?P+f#$hslsO0SoUbFa({p9w?9~3%=O@&|5_P+ z&%{`u8}rWEZmVm%htL_j(BYhZV94hoL=v9|m2Li*bU%O? z1e)tRKceK)1MCn0bC>=3Dmv(uIjEb=wu#|%bFj1YW*1WKJ)`QqJ}efMYS*;j#5}=C zHU6W_dPlW!=NuL`4liky5l6_)J7I5x*8Zs>4r^cl8XjzK5I+`~uJ#F@krA~J>1r}f z1IG-6RY8$zh*Y@0=0_o;z6cIYO9YHdK&?Ov6fpy9|m>lxKX6iI1&g_(Rg z-4Y#zXZg> z*$guK!DgY_mF6qzTt4?-H!gdlx1xRS0#cP)%kIU&8bl-hH5(De!h`4|an-ueNv`IT z4I%S|ndv$wGBH#VG@qI{1$*7zPJMXE14LVSd3o4gw#!SFG?y+KIF~O9a;uy= z`M&F?Losqn)lM(6X!q@uNp&DfZK|hUx$Nzoe-2CoQ9ALtHFa>=k|y}&H#qMDk2Dj~ z0?_M260d(4;$5|uTgLi!M^d#>q$LaElReO06n2Bl_n85zB5ApR{dMy<&Co4JH03K>PRa zVyF0cw{YlCTTg}=h|Uw;quGTVqTdk!Z@vd^Kn{@FBp>vy$nXWVKLE& zbUNFK^eZMGJ%^o2MC+0#8Nf?~-=;pc8k=rFme&En%hmBSFEdK~DjLgW+lZpL6IWv`urE&7W?#d^zvgoemU2PnE=Wn2WTV9wh0VDWG>iSTFQNFcfqt4qTpw#zywE z0pt!CD6t)nv`2rrTm;{;LM8R+H)%e=L`@e*)=ZaqRFaG^i$1bqOAE{DJikrefZr3D zNoSZDFo8{KkNilqYQKmLiJdB-SB`uMu{$sfP4mUM-RgF^$q39YnOsS)0#8%#!n$## z3KlTlXLkxXvwp75()U(nUJqmXS_!qk75;^xMhMC-eoRg`xPcCvFU9s}o9FVLJzG+Qe(RE7cV!O>p;MNOO1^aj`8OGm%m_Fur$ zeJCk8MO)Ji8!a9M1qIn3k36FnUJc&9W}N@q92FIDix}J|0d8HhX`cmvJfyBiGvDV9 z(a%H!i$9T&k*(B2O4_^@Q33-Q{6uc^E`m{vB4L%oq7+*ty20Yebh6cG%o?-}2ry$< zmf^`zIKb8Jx@pZ+4Z|*I8+S-bB}7rTU6 zN=~-+jkzUORt;g7g11oA+jRq6XmBaIVIOAQTxi;1Y_wbXd9}OKd9gco)Jl z_uH)e%QzsITKT$}&^+DYEh)WFNN8{9D-AU@ZK#MsnfqQT><*Xrq6;tqa0G08sg-S) zqEM%sM&|_yw=WoT>?RiSq(5Bc23odSX%iQ9j(|JINceJau`WFX82P-&~; zP&CEWeHMV%!J4UaWjxk-b+s{d0h0fqqEdf7xrq%3qN z6C2FMM^^fg%5r*!yM54mz8zFqiai9uLXLc}tjst-CEU$!c=a66fZhJXc+gozWAsTj zplI4ic+aX5eEHhtM5>C+#c& zH^k=AdfC?9D7kz?JQ7h2{oYCIQmVP(?C8ra)F z#6$$Dy)|jH%f|Z#pc(>}t_IzH0VP~zCRXH@>1{U8Vf+-F+hTr+8!)ZRyymLA)P9pg zd>Iify9`v6D?Tt3X&UrUxb|SE;dlyqP3FFjU;~uBPaS~vG~@Q%!Q`|Q|BX-7?;eA6 zgqE39otALv%8b^&S})a65Rfru2M;y7eTp)TlA^EnR{mrt8R;=$FveO33*&ir@v!t> z@G`H-!=e=YOh+F9;*PU`+i+d>67&TP*CT%-&!?Iw#T&O4H%Z+0A1`e27a+`!7MpH? zb5CqLaN)Mr@4?){{DFYK-u_HO@Uerx2BNe+$o%Ol0vKb&a!}+n`k1M9@6gMBdt}AY zXRK45;LTq77djKGw*+Aa``VSqaa3X;E{~N{geLa%6i6S~h|o~EWY?Ny3Qt+_?$Fx4 zV?mz1hmuPt#L#<^z06|t`H~4%%MY%B5@mlf_0C!mt5tb?9h@O2OAyHWZg)Jr>pB2$l*rwo-Lm3bq` z9z<8vY3hb!2o0l4AE#lmXsXdVoq|XV-Q`cJ{z#1 z{gYPcnZ9{<;|Fr@;sis8@8}JbaKKsv5chZw*EPJU+t-iFs|!OiTF>lbmt4RhxsD;=xt; zPT0Qg=}iDE7iK!$yDjwy1Z}K*wPJWRiuL>|mBbl9n1iJ@VBrahzNt}O`GPVU{!|(a zDQUb5x+=ajK2lR&L9k_ZR3FU6j4rZM32l9ObI)a`*CY8q9%IX2ICPW^{3JC}V@p!Ph?;WG%)4bksWzh@=9qLo;Pp&`!ig4N_>Z&P}9=- ze^5ioRgtJ-V-OUn*w_)!p^398o@A3jk5B$+vuJHfcJ_mQqDsc@R4juS&2+O50pon_ z{mQR{Z2;S)Z|O3Jh7KkSx3U{t83U^N_dz!uY(OG;Qo>)neeMZVubuYLTKLzgcJUk3 zk^$?(zKIhsgx916`8S0{+t4+a_Hg&bq-?>Sc;P7wl|~OuYi`~D!lmBNzQ+U=6~m65 z0v);w(dJ@n-qybBkLX36r&n}ij?*MhgBApv4>ga&k{SugzyRxVdWj{voOcuVZ2E8Q zIv(LZup42p!_@pVFn;1Gy?Y1f3|7{zA_rkwuFIXKY|+8uC|T4x-3zk0y|>%ce|=S& zSkov_Mpc~KREQm!bZlpHY^<1cnnuu~#K5yuDB~6uz9k;>S^$Culq_h*b9e?iGG{YF z?5xUZ2FzE>&s#%R?}{#28|=s1@Zu8Io186ZzeM33|KU}s@Z;tsZ-QIkKLbPQ z0wo77K5}>&o%zlQKJv-MXAUiH?H?a$(IfkZhK`Z3tssHjUIImJ!ug=SEQBJq(Ap6w z8gCP#kTderDXF?<4*7bt?zH5I-oVrHm^GGfDb5=<8n#c#{O{ps-mJYZxt>mF)Hqed zg*W?Lr-Br4r|SwmwA|LWAJGfBmwDuEB5Ns=e~@=|b=&vbxGm@E+IAM#EcpSm8ka>D zKnb*qs6@fl6Zy2LI`Po$5;h80@s=VRoI6XXaR1nJD^Ol6AS* z4$!2z$fjCt2XNiu8Qqbk*n5&eyNA%DOjtDR+R(7g#%y-A z-2nZ39@~Q7iTF7z1UmAZ)4eTQl+m4e2r@%78vxjd*%LWCy`XChwTHXxh%D%hnD_A| z2FL62fZ|sKTbXEri6VWmpT+8=ciMFDB37(Or|Rw$^mGn64aE`xC71{R!j21JXS9vi z2X?Kx(1Y{oN+6`&))XW8{sizUiIBiBg|LX*GX0v2{?@3#&rDvKHEcx8D#<nKnKRLT`|GbQcz7Z z7k+&)Q0tcvwhSKwLl@xip6|9;967lb%(5_>tj(po;KBX-HFKRvo+PJ(H)bp|f#Fnu zcTm)b$+Kq~*U5<~ZD};)a!Ly8!^)zA!I>p^PuY3Drh(fXqg-tEB`*0mSOoWKqcbj5=>9P2Keg&Z@DAmXO_RK@M2Tjv5<#Wji~2Z0vo! zyVfXAf=qABJ+BMUr)ZX#@;QbdB-AaqZc9Tk5*r*Tf=MRb%CwlfS-&V(U<#c=qwvW> zLF)AbGO_IHl9J&iQ|;W6W&;ZXr3|t5z`l>JhcohuHtC1ss%mj{sCr19C*pms^3RR} zt|`D0oA8}HgiahgcvP;#=`$M>Q)`5p97yGlpOsIlwMS%Uct4jv!~f35U$cDfxqX6) zVYaZgx~t7PGACbH|2quP8nRrvl(bA|`m+CcW~4-S zJ5D}5U3!jEE<5LMOil;h>gwuM$NO@q|BrwzXQDAw9$T0dw0W_df>Va!vqs;)UJ6A~ zz9)Z~TaWtUd>8YdDN63L-aOuZ^4vZk!vdGUe}R40WW;#4Fn7&A<6>0VX)c9Cwymj0 z;vT;p?+$&%9p*vD#}xJ!c1JB+M_osk6r{mBB>0w=>ejWzP2V%VIdl+{1O7m1-M-fZ zMFM7yLkXu_<=#8wN@;I9*ObA9;!6_~##Wm9zb*C(s6v*Ljw5DES|xb7`1F&QdC1hx z{=v}74GNtvR_0Q~F3*`)YaaftLx5Ws6>i|)Vq=b({1$9~=j0IPEf_6&blbo1IU&$K z%cJ(84EK7@u&UsWh;zxJy|8_Zj!2V>V`hzDXzwwS6m}}{UqbIV0LG0!jx^g^+hqnF zG;7EtH9Ng!PK)DSX;Em!Fjw0ywU$$`SsrbVpiD2wp2vTni#wmgFN=8b-V*(IPQd?L zhG0rd<6Z4zI4Kl4S2nAk*VwSkqWmUG%LIx6v52|#E0h7Hq&Yy%K zQ+Ds-IC>mEB~`v2>hTS6<)RUjVQzb2MaR=U0-g-w!xkcReFUi=I3D+?kTMEC=(#l^ zbDI6Uy0&&t$8^DMB-)qVhN!Qw{Nr!+c7R)d6^^(s2YI)h`9)kc=jf3s^NGxeN_#c2 z2JKtBi|7<(J}t<|i&ZS(h-ceuE4*SKBDm<43D`L;kgDU^B7Z{tu}p}Bo_=f;((sgQ z)$H+|s_9?(-@16!DdVzs>V5m(RCKYW8?1S)9ufmbIBY+k@jham=VDEKens^%-q(@E zDUFBrDtZ}uFlHkgz4Yjg#CD;rvggoKq6+m4$2xstn$J<{3snj^E8^d={C5X<^dMl> zi|oq-5uD$9(aay1pFv|H0*ay;X%T8ZACBFEq8}679Y8g9i60O+DOtP-qs|(zp}V0# zQEVS<+(e6Q%%e^}>($D>c>G>kJH~$P#BAPk{5*mVoN^%IR_Qavs7Ud*q-5pK)Z+49 zdPD6eZK+>^-vTQBnjoH>)*)uiA{xB;=mc!C{uHYpMdPvRvFvsWu0V;%+k=QV{TdFR zvap0+ieLS>HGzd!3z)VTXJE4CWx#nD`Z@j7IA*dk7e6%tgvY!^Z{%qr^g#)WQRS^#kg=YB_I9 z1xSHPM^LV+Fk_TIel-0w^Uj1PcGQ7F{ERUfdb3Gi2!bMxR-oYUM~k(q91q_x; zR88r@Pvf4+h!$?}VqK7i113!DHrPjK5Fx(D<{!-v-zi9h$TlCLyOh9UxfVwRqp&~E zZ<%tBIoAwdjM=Ng!aILU@{N}KBttw+rt`INup-E%eeHWqAGD7}e$^5-3`#ry)0}F> zRwKn%$!*S4k6|R*L<+29&c;lJBU)eZM46uca@EA$ienzlrmSZM%Y`|=rlzGa()!xY zM;|Vmvf|9`qideSO7WpJ>@InP0h~_thb}}-!(T$ioXr;o(oQ@#T{=3-1-#Y1aR0TN z4Cu=o8hWi!VqmiSH{wH?U=Ko#ZKm9dOcFnV=U0yGliG;EuUjW7On|55>hcOx<2i-^ zi56pKrcF%|_C({Uu_-Zw`4ed3*$_j)ASSs!`0kN6vb;CeucE56wLN&I$xR$LEd0gG zS7Z4OZ|N1%`TTNn@C2-9+ho|q^YUcmgdlsb9nO#rtPxFV{*8KF`eG@=Q$>?L6&z{p za5gQ%D0$-Cq)2)R2bDYOlaq~@i-w7bNx!0j*Ry4oL~g~kp@2(US2V-mA}+x(>gL-( zqc(3cpAr2vDWmbh6$xO6=s20p{=AkpOSOLRFX_8U-1ui9^+6xFAFoEbEvk__f`7^P zI3}y*4IOvRxmGIkW`~qlT{rb)6YT8slEtb>f#XF9iLaWjioLQnX*nYVv<*8FJ`i=Rm?4Q7Y6QAGk zj^*bUn`~t?d5&JaH)EM|JNP^J>KQ63>6Po_+ToUhQke@wbPNf z|Lq0v?NAS=Tt?LP_VtX^%p8zhIF_t>XMQ0j4@7zB2^ix6v7K7uI|wAC$N)wEFJ(!9 zZ+cuDIRb_5=>cwYyzq+lfbiZ~X#sd-ChJ^Z8jkZbRJ`ITlZ3EhQVZ2WUSEMvXsbH< zTaLWSkG%Y$r_*`mt1a%DytKW`)sC8Rk)?YQLeE=2jA5cTe_vhn%?ol)f852Mt>(V- z8)9pE;>4r!+pXu9pZo4KCem(_>4gCs(eB&xsHuj@oYKc(%dXZE5)XL6| zZG?jR3ACZ!J8iH2*PMfiT6~6UE&>|o(c|Q0A^z!sdYA3?rZwQ ziJ;9p@?smX0A18Oyv{ggq`#Q8TIQ63VHFKel%;9dJADCz?KP)Cgycqj^G1nq*Uy{q zh+Y!uW99J#Sscb*`N}TY0`bo*%+oMo$RjQmDklH0oQa_*!nUKX4#xvt9nhqJi`(=2 zqTJ};$y-ug5{iPHae)s^nYl&>aeJ~uWKNRAf1xZ2!eEXw{(Maw{*WqcQ;5&OAd{6 zgLHRy_rQFI?|FWIiUW7n0j|`9*06Mke^C*((@ZrBugJ&+5y%yce#^;!C=j|lI64A{2K#@f&MWPD z)7aDm&SuVOYSQAw5dK%%hgV!hqe;tbY^{oabrjK9Y?PPJSl^5Z8SDl{^XG;6qLciB zg0Ci%)CPuz(c~d169wmU`wVAyo{x1@?~p2H{JRaZTUvDN69vGr!}+hJ>}HQV8!cFQ zJ6?!5n@}2xM^O&!i8ym4bJ)-wuv;sP4#msJO;465m%ig)C}lH|&k7y3*!r7I)@UWj z$zavr@upszULdC?@8^HbJdp(4$kZj}PnQrXPKQId1Qiu+pW!LA77R1A&5}11N~f_Z zN=k2RKELW0dMR{^?`u@KdPQx@`0(ic%Fp+#EO?MbO9HB)@=8+NRp?LDsYDe)jKuFt zm%B#wiz#?bP0eSxGyLVt&j(lLesUbVKffCZwnE1tE;Ijy^d3lefnJZ(_^@x?6vdeL|kC9KWT6IN7WFlhud-Qgqi60bq}`-?Y;m#F#?6{%*P(%$o{of#KC!OO8Q@!UYilyPpa_Qk zZHAi}T8-Il@o@8b%Wd4>UNfb{@bzq-o>C6zEq=NmCtqrfwL1Oz^a>+E96Kyv*Ng!i zm(4+l-00zcdI$a4`Ki&9ud&hd@&0{=QQRKhwmcWW=7Mvfb*s})x*o@WVOH-*=9M?U)sF#iuyRsZl&_)Vh1s)nGqH6s zvAirOPx9+PBriR}Q~IA``-;WrycJtB5sGR_0Gm@)G&pLSfjtfAk{>^&)vK!%mCK+% zR=*5aRE+JDk?%dYLPdf%H?zvguIyK*DX+u9!U~w#_=Nd>zm<9bOB9@Q4h$JAEG!OB zIh0f?dZZ4tl8UPTZS8D-uU;?%zgATodVEY2_at&Iq-agS%$t$dCGuZ8Nm*GLxPL_# z>6lB`%ZRuaECQ%6`9fCPXw;NF3|8m+1W_f2{ae5x^fB?#0v_U2Qvg4(vWLm;29QN0 zQx{@HiHA5kIVHU-+G*TBN4t_28>82l-l7~(a(r0#z-A4y7ZpvJ{neF%-4e&u7Yhzp zMkgk&AljJn8$2@kF3AWk4=U;4pE6(}-!*W8r>)>pquMc>@zkyD|) z4*+MLuPJ)@=LDe_Om%Ad$bKG+io$Zr%dU*M;eU!3G|pf2Tyhvu(f;Q6K@f+uv+N`7 z0shB#Z-noi+t=)p!O7I_9v&((`hDE<2U8pQnS&(vZv*H{x`kw9kYeEoGjuMmuVYb( zqlPV5ud)YElqk^yJGpws9tx^Pw?avK4yFuQs=|8@vg?2Of*j1n#RV{bF1Yx2YNHOv z7*D2!QZy=K4N7`8?4~6#wIr0R729h>iFzISW+LOAT>7lhUn)aI6u}W86wfC~PlSw~ z6fUgDauBFeTDrI(LScbC;>U%hRDQz-pSZX*Ihl5|v}M118K74a8u=uNP85}PdC4-a zsJOek`>U}oaXV3Uqf{_~ykttMW+rUP0tEJq%Q)#N=XWR&FUy9gEN# zyq@kJMfK<)+Rvc{+p1tAPg;+W8C0%fh(Pt!qk93Zdv@p5d^X~7KcZvtni6IRnUj!| zA|>Pf09goFS&`N8;+H?OQvOuvkM~HC{JRslA)!UDFD!sG2C6c6$N%=>GnJjw6S$f0H7Bp)TSmmKIMubLH9GGMboP zma|@>z%smvg4MFIBE={FB0$_dQFV@dAJ8GyQdB5DI!6~9@YB`!?bl(Lv;a7lJOyvh zcPKwl%tBda`>fusN&CkS=dpOG=bT1*o4TZuV|8X+ety9>6`fqV^$=9`Jc5q3 zukGKXkB@Df*5KW}jdw%*=4w9%FWGb+DMEv)%1RYaF6y-};oL7X=xRszwwUosRVm*7 zm?va`)S)B6(+rK8E^g%(l{Iw%^g6LTW`3SR3CUZ?9|8pG9KfkF+O^4d)u!iA+6u8t zJmCsBC^3k1)|OP{({PX8Tuqp5C1tCTT`)7~uF}ERcVPs&GY+93Ke@kpnVOmk6TV%s zs6-_s6jl@h2g>^&6N##3f5Xi}HO)(d5nkwz_H)uWmBo>r?x*)&^#OI z{HI94-wztL$ZskP8lg94KLK}dq@mi=`JbSbDlI4HoKZocf|lCoT^P<(YKk9#`O?_A ze6h*T>6BY#iWLC(PYxoTZG^=m{!EdW7)RX}mE*IEr3=xW`n?Bd;}aA9qbF2iov%Je zk;fZ;zqoKfxP;@-vd^r$zUHe6sp-9(R0bd7@IH^ve86L3dzw0iF+(eMTVm5da3RbX zSYHEi6McPy({+=&rKN?#%DJk#+K!7Lol{MJU_}&q;@l)5C)KgxjPdSr{pR6apwQ(d z+~w08z$UsVs$ru2D*p){B6GWOa*|U}j{lqO>mK-A`$T7vB26Oj{iHGJ@xcK8-p8t6`B$Jw|#bLi+^YQOr z6QvP7d}epdoe`DjtSoUc_m3JWc6uIOfa~auSMP6+xliOGT4ccDzCju4lOu8A{sE zwf#7}E<-9Dhm<1Pii2@vyj?@{!`aCmI%%G&saYfTK+%)zM7ehluL!#|v%=)h9t*y^ z1Dx7)>7x__{I$8}Zd~RfsgjPCw2IS*xSpu3dt>Qmg)C=chwKY$z@Qj%@0N3=`GPal zVodz4^efxe$5k(I#~WS!O3mjzS_9h;{T)Wi? z1BV>#-bN(7H9bhtbzY9eIN6g;%A|<6Ys;pRS3z4bcjn zf$L|~{hD7fNpX?JCosNGB^}&uUW_`S-yg)R2@f%wVLdY6$7Uq-Cm?Rqob_&X7*wLZ z57<5WFg`ZdPerR%X){4t?Q>W$OVT6VzGHdQ1t+D75OwL6I?}Xc<9)d#9)E-md%~2i zX#TG#j*?UoJ&OMd=`9N3+WnRqv*CadC|+z^ANcgF7i9!=^y6@eM|18R@z_mR>?_~@ zLJa)x*3;Y5o4;hnyPGP@NAPRj2McQLnz>T2HjLXB=YSfp?%W`d2;^wMLxLE5zUj!| za13>8&kCuQ{NRE0P<%CWN;dHRiT45Jo066|HLgf3sLWEIyM(ZC==b}xZE`KFu$*S$ zezHCtxWCcB+XGE$is%~{uF!r{5N5WPxowSSR|V^Hv~M51BQtoqCm32wF;N*!D8s_h3=b-gYK3AKaWlDZAn?v2$L-8$evkpH7jcMJ6%QB^(#_d_FI{o6(| zJV-%~s=7c{e`E-cysLN3p#jt5;5Zuu+o^-;YKN=TcWGghI!NBB&>W*vr4|Zo1yT}U z`nN~yLBl;iD-G4F%wB?O9Axizm+)rRmZnGd5uWFFI0IuJ(A?mucZj(N2Yhqen#6x| z;d)D*L<#)Y&tP~;TU7zBs>Yz()n#ueQ~I2*dcAMNm7Yp!V^U(;<%u8Z(;(KS8;NDw z5G$I_Amr@a+&JRLbv56ih`}UAi>|L+T#dJbaq_hGI$}Co@88_r(Iqp7wQm`_F51w= z<}D=A4e~rqRuk}eigZQ#is;I*sf}dy{%hY75f#01I|1x^Z>w<7r3<;_%XD@fNIIHu z(5iD&bmzc`4nD+Y1IV~4@U?H+a?g}H(#b^bEx+LWTffMBe7LiiFxehT?m5Jp2ww_g zsgpK14m|c5&Ey}wUTWf0v)A2$#pL#$)ocH7zLUAXjMf4ix|E z_Dy>T)EMmS){m(PU`SSNi)@mUnC8bBz3TY*O{1r$p$othbv?Q)jhue+PiU_^wgDE7 z;cA8!1ElXIW#&9-%!VJ;bSr%UHnL))1vx^yUcH}x*)wf}O1>!0A$(D=lgnb>e{jp7 zC%!)(nR+ciO>YC*E%nK#TiHxPT6V2xYY#BJNtx>wxg{h~B>y$eh)p z=c5Br;JZ`GZ57>wrZ)`%(F95gFUCr?5 z5AZjU+o>*mBBqj#Qt!b@bMLX&17IpC5OKabUmBO*JAAQho&O8gZ-c?HRTa~C3>~(G z<$>!>XVhGk*V}BnzD+Xb@d@A^E5X&)4V*bpIc=WLdcL?L7S=0OM#@UMRQ@D{jUH5D z{IJeF5`y;|7Z1Q5GzZkmXT7f2KhV~`Nn0j^C&sPXBsw)cd`Z8sWUzP65v%!XIf#JU zZ5;FD(n>zfjv!@Wuh{Cg6i_zDjaS$?IqA*U(@g~Y_KL%6nD@CYx`_-rL$hN^XSYhD zc7XOfbmpF*l;12CRXbfPq}2d2B#=$pod(NEzfipCC$%qX^#dI};lm4cv~L>TL9@~_ zhOsV8m>p)n<)q6|K#+p^CFGTMF+6<>x^<(1QYH$SEax#nUGChZ(=YBXxM`P6*mQG# zC|$AZ^&pmf&ae)%Ow{hbEQ*s1j_R~ffS(yvN#B`Eg0%+>4Dg*SIXpVR$75a`2N74F z{QYDyn%omk6DKJp_1C6)V!8a#>Smt%=6>Fo;e;&dGL zjydQfgptQ&r48o1aik&UcmY|6AeU^kwY0X}@t5Z_Jh&$0%CLcio%kFGzG@L%c0YLy zB^`$uwuY+zq`D_~2G?~UHI9+ewMe*Mu z;q968xQ=F!Q&Boxc1h}bKg!aps-|p~;_#^8GcbIiV4zBiGaXUXQ2Dai7TCrpB^DZ= zla4Hgj4z~V@m>pZlGj*(O^&OsIP~bU+*8DC>UMX|Xn>JP-o@E~it^0#{#gg+g7NSTUS(ZVQyRl``9@Vtr-u6$R_W3og^;nF zDzDd1{C2xvk(&%Uff0x>14O>$Zycp3i-kMMv3)3G_=ud6KC_ayOB-h(&+ef)6Fi#U z@_(TSpg^qne*3Q-#7&IW%e%)??MI5NiaT_KkZk|A_DfaypmIFWv9+|_Nnl?#fn^Ju zJ;^t*q#bJM#XLaC-4QFFQc;O}&-0~mc`eB883*K0f%4mQeY`Qnz5*;PvSz|}Iigk3 zNok!OZjRIpguyc#V|PiZsX0Ark`VDu7qigYlMPt183R9T?Z({7W;>}3M&{?MX#4+G zn2&tn@@i#kaS2)eaL7S%Y2{6UxAh!Pw=-0LJK5afzZcA^*^u{9!)CfV$Rf|>TU^Os zhzhB0yuGsg=0*cq@g$qW!&9FOS8M7n^iC)Gt?oQ!0AF;D9MlP%2xm!DncJ5Q zj_$1nkU90%AB+=}vK%&gp|SO; z#Hy{&tF)uK^%|+oqofpy$?aizc2Cu@rJa zKazyBB!B~Z+H4N>t$)RaQdS;MF@WwT0(kM1Jv``P(8@+@7zOhGya20fxy^UW4_#ed zcAczhN^F1NnwI3Ww7BuvY_~QNO3W;6#lT-lA8^k}n%b|Y4h@U!C=3KtpQY3l9vc zSJ}M;UXkF?P{6ePo51*c@=T$h4X(f>@xDg=g+1!zL`wfx>hu^~FOrVSX@`SBIDEvu z^!HblqW9eczhhm_e-h9(tNw)WkBs4?t?HdSC2at|1%4pv0xQ|f+IkD8?SU+xqI>a= zC!T1)8;(Qgd2X)R8qoad_V~r?rFGktog~v5Y>v60`f`BQ%u?+<@~G+hd#&c(*-e|U zt!=cau4hW*h#c=tWJE|daL^c9EdP?>ioU$v{K1vN;!Ow8NTIyY9s=Am6dbHz`{Qu+ zu~wCw(fV8jod42ZSfW~OaikfYO~R0rR^AdAe)*&Iv6FaWyg+8?qq<^8t#r~Kn+>r# z@0Pd{Y@PP4q=?OnDZMJ-{Qz*Iy?KrqIBh90-z#XSbUzUL^jzySCD=>eufuZw^E__Z zU;|9fY@H#FkHI;bSI3`E{wds!TsBEz zH(-g&tCkx~Ul!fx%tmO{onMAkBt!jsk4)w_LxxiMRI+}3RNQdmAlP1w$>n+4WbS+R z1=>BbN{2*+?EsUnsJQssn?-M0;kQW}p$=;o51iiTnDV?ZbRd;A>R@m0I6hY88yTDI z?t}lkGupx_)o9aYMbLktH)?Fe+jdjG1SkAy3O-^{Z`yFw%o!Y+kY)mx)bB`J>Yo^6jiF@M7pIOO2$ga%WhQ?^AGG*@3`*YC7GF9vYrcQP;%15c%0M&1IWyZ zcT`;AD9KB;FWP^T$8y!Lwzyhv9S9vwFqQ}PPPF^~fq)K!Lo`?zO@+l7WT-4+)S zE}yVuYTz_mxZZnCMMPZuqJKcev%&i{n=tA2>SdVE!%MKJE7iYriP0j=L5`b(nrvFS zhLvUm*}-@me! z$>bnHs5e-)0x4c$gt|aJqbtU+_pGE^5FQ)HzV{0|qs6UVWQKCx)aa0e>17`pCJr{q zOJMj^RxL>u3P$@jBscr6*`5C9v~ddSL90RM_LqTa-KwgxlZPx%cxu{CGQ!v272hLJ z_~~)jB9jH7Y@Lp60FzM0lXlIFFi53SPEPl92EMU5LffM$l8(}}&!sWSk|U0DQ^sbV zh}SFMG43z+-%QNt^%{QywcYt-p*K)g>jz-A4FQV*s0pzYg>uS3P_gRY$4e@!s$9%# zot*aS!T$UGn|gg?z5dq+8!>X~&pVe7nmNC%1>;bO<>MzLsR_0h?+_b_0MTeStP%#a z>&<7JIzz7|WiQyuL@U<9f@&w~jBR;~rA*Kme8Zt-lY!pF3 zoZ)d@={;fM?%xvF`a5Z6!=z`jABd$&YAXUxvL8TUmm`0pus5L>CnA6`M#Ykx2Q9G1 z$9wLShBHN($K*veMHm;%2XC_FG~)gDSrtTP+f?`#={ke%v?8 zh{DOr8R#>!Q6^d@(ih~_2QNLu=QQ;Rj0H-+N5plxGX``mx#W6@Y+6D>#H)y$Yif+d z?dL*Y`szwqb>^Fvnz(>g<>!zN#VrzZmX88fYfw&^%&(b=b!-6n69NIkY0m7D2CC2+ zmzmlD3TA-VOfTw=N*De}<_~Mv?<2s00vA!MZ8@8~Yaf#7ai`K^XPf!`yDzio=vX_Q zW~H8l3~9T$&z*H%8+O8=J_MBFn8(`o%yNbPIv&^0HnKi_VGvT_fvmxEc8HkH=Yi}S zmZ0)1Ax5K)KKTdD);MVqr`1ScQ%2%<-c}}E?Cq3bp%$@mTAh+S!`p#DsktWDi$b}q zPYeu6Yr^nKipqV4Z4VgS&L;{~?~7UvslM*(L}TIMuWB7tPO{5M#?IM&_+DC5vl)6v zr`HHq*qL1+(R@^J&|uP^P{2m~IA=(}Z9k6d8AAfv7qeiyZ;?JfQ(}rLI-NiZS>G_A z`AjVk`z>nnn@QfXM{gMt4TBPVb8OrnO*+p9KaYl;I;_A&qZF^VC}&|SPl8j%0qcv0 zR^B%kS+Q{$2!8_xJ_A-+QcC96Z;~uvx&T1%o5~bY^urAD57F2U<%kFs4Q3?wn9<63 zeY2&iQg7o|Pp+B0hs+YcG@vI9%EnK$gF0IxJZdM{?RDYZgEAMq1O?rnHj8%E97w7N83->mOB7t3x}_as3u0;Cv5fTaxPP z*u;?VL0>{#-$37L_6cus>8j$z2L$7(85d%2U-LN1b-P(kmnYH(=R=V1fy)Jt%?K5z zq(r@8TiT(j$`xRt{=xnpi`v-u_+U8b<=Yhu6Gvfc0+Yvr;pgT0-YNC{;O~WkP!c^h zWj&^5zk<7G00y3ZP^ZlXfKZ2XZCOC0?}@^b71X5%Y-{uBfMtz~^DbA_X6Tz|MY&WJ z5lHcURYSQe-oZg9P10(`z(k$tb*JK7tpT7CsaovJrgkn!@bJg&g$Sv^*|FiOTV?OR{4P6&;-{ z5P2Mmc?i+Bm;>m&!NWf6#3=vk6os;pCD)Y!@(; zMx^QQ2bIUh4~}33#BNQL79y0J6*umQ0-2nmq7+cut=e(adrnHIF4_^=Ggd+$=XTz~ z3pd)Es}kY`A!&pu2_roL-KP0`K5ZzODW##>7t!CG~)?If?VEA8$#-VZx%?>Wo5 zk`CDafWljciZx|waym9OeF&sT*Q+uY4v%YXk$_)H_2LXH7^ z4djwtz}pd<-UVERpyj5Kp1PP6Y4?{*ACb1MoUzk~i=CnM#Dm1R_~gGu)usq_HB1Jx zsPxLJYj(4OfhT;P{2M*tJr^^!;Qq^DeNW&IytfCds2$O1S1EP!M$3vz=wP0^;2>6(3$ zq)f1Ql{yJ#c+IN`3T$oBel2pK5oIrgx|)|ffD8sUr`#G|&{8{ej=5ng&{7g0j=yVU zhs#Y_mo+Sb$V6Qkv^Jy++-Zfnt|5uj*hVD4zoG9+-+)zf2lR8^A9?g(FIUB<%3 z`mDWyWd`I|{--MhclX!D^q(vB?>8kEU3RRydV4RfMs&0rmE|?|1bQOyhX2MI9N$g5 z{4OeEmZc9F+8P*yXYv{#2jpXa&#;zk35?<;1QUDnVvraX4T>4SkG@4A&TlLToSjvN zPfB8P-+b4q{(yzG!$8u%de(Ti+=;^EG!Ezf8f?DY+q>8t(m)hKA$@N?fa*wT)oA_Y z?JFyh=xDO58Uvebwc5KX4Wo^XJD~Gd_!6pf3Svs2Jp$E}E#v7$Wr`+3y%iVW@BaZu9_ z^&UB399^Z>O(ZG&kq2~~|KQ-2pg~x-5U?x(out~SSFT*QDtJrn%coC#nW>GM>&^B6 z4#y_N$$ELc4vHia?t*RQ=kxp+&4^Dx?y{)-%-2+u0%U6fz(R)N$M^JhJHT{Yz8bH) z8dLq0PWoM1-oD`+7ndO`Q=>MfGo>W|kv|dub={O-yMGKTB>>#muHDI+cBy#1`{DW= zVw!0>SXXf+LH!yLoD^NYU?Z4l?0mQ^?C6O2e0Kv~XPBEi_A|m!|CX2a*NuVpzm@+Q zbV%e|t-dJNZ4L(9Vu~YH9wn7hbe6oPMJQ@ygeV!pnLR)YkpQ;=%^%$5K@;iNTiD?9 zwRiZTFEupq`qsYgFsP2tPm4)8Fo9PC^zP3kj{(|aCbf*e>XS1Ce9!$}<1$)NWAsFT znisSLGAOF63+U?-RaP?g^#Nm!k}8+)_{(n4lr!>A(ErbZHTc=tewyutzc^7&{ht>a zfkQ(`Y_Kum6&_!Xnp7h9$2`Ml&kdad8LIhngZx&&Aj;pkuMOT+OK^@I(T zn4eK@L8<4BshAV3DzSwNN# zyl<;>t`QaMmy`s$_rJx`FNv4Q?2Us!nJR2e_ z*lbi)iwA%A;(3RLhp$vjzk-9>mVXXrt!WMWL|)qqMttb^V_n#D5Rg+*7(f;p9_p|b z>pfG-dE3856GJZtyYZ*Upzh_R8LS^76V+GR$)_!m`?9E%&yPuJ!YH2-p zSpa`9pdJ5Mosoie&D$frr{eNWWljnWYQk?FK-EG84k_QEfG`zs$I&S<<>fZV(;In3 z1tnvb@~1waHzeSV8+d}ixFaH~LkMtOI4)Z}Ad7$ptFt%DC-P^WVK%V;8q8oLBn=kX zi9Gw$I=38XTGi7%i_pz#)l)dFLnGI~2-vY@v*%(TWd#~k^k)YAdKB>kD`@P*7#G~~ z8-Gc$=(O+!NRsw->pW~F2~~ct`$h(U{Vo8YXv*J5bd+5vOSa}*^C(XsPM9Aqvh28N6N}bHyVCnssk` z4@z}!5?bT%C6I`@lACO_1VIKpoP%Udn2y9`B@Keq4tjgmaoQeV1A0)!1x*E4GdZbu z39{VLwtTIvE42 z<=q{COR6`&W3qC_@0Ck8x@mY1>{@vI+Yaw9F2J7H*rb|4tvOhpKTp?$gZ{WLsr^*J2Oznx_4Qkgucp|LIft77SG1Do4z zryi_a$+lM0zSs#4Q1-F0;Xk|T2)VD)dpHJ${$+vp+*P_a0j%C2FzVN8x^6ys)IUsX zUG@Sq^6gxOPj3U_4%!(kHUP2yaXW1n;qs5;jV^H5;(^-*%>A>e&zASzcECPx{}$No zcA8L@dx1c+cf7Z@dxnu-Qtvxu@rjH#Vmua|X=36BCqQgx8E;R>sAv&OhKncLe6t=; zA3zK3?qxuS{&U}o5<@ec%sv{0`KIai*~{vvuuuo4`sQ%37M4sVScTFA_J45E(9ppl z@T9g#V>2;N;3;bk_z4H4uv@}Ev(EsjKlkqrJ-?wAf~a0uM`^@fxy-{{|D0)!$y{6z zV;;d`ItL4Hw)*4+Fgsh_BO!mKpj`V?T2ViJ9JKXS--$%0>2gkl3C>?o*YoOwuKUr4 z7X`AJrI?Iww*DarH^}188Y-`|lGNQpE52(1LPy_c&|CW+Iz506A_;>qf+}+q^{py`Bl13g`<*gRDw| zI&1=Ud9f!Tw?Go(Uvkm`x3lppwpSx6#|ROPOZ3%rPNIF{6!MP*n0@;+VA#?NMXUV~hpEMs~d2WduT)aNWtgb*e9!dg5~C zl8x#8W=LuMnLGHt{Et&v&z7+fM}_iK7;uBpwHok&tT6#9?+tmrGMk;>Ys!QXp9ZUr zZABi?A)`@9d{vT?o8DK&qui;m!YpYvf$G~x;C<aX`H(m9-@&KO81LpS}VO(mK7Rnl=k zwSE$X7A#FDtAr#Cq#S44NkrfeJof2GlR`d)g@vq9MR`X72Y}t>Edr6xJ{~eLZ~6FJ ze&`4U)YTvVv!}5(r=3;)*yZ|VJTFw6MzO2+;z92zy!p@yKHTL1*@xj^Vv{Ezq<=N-`H|^)Ejps6dfpO5yjq3UiOcxo z-DoTH{aa+hHExt;c?ZRu#)JkD85tH($9A0DTtEu5Ho|K4QbOCEn*fbmOpNC{4*@yh z^t8nV10SOkm}SluX)DIZ$N!_Fz3aOn^8QA1IG$y5nZzAz_4Od=rvtW&scDkJy98s< z&QNnzckrZWDP3v!`s;proJi*N)#Ln@-R#xUw@lY#H@~Fzj>&@FLkPIN(Z9jl`<&TEf%4KW zkzTh;x}r7P-!QDZ!%2LrhAE%DL& zppJpM-D2NvTx+Apk6*D3;&sWDmO-n@svo#eLw-sd?*$zI=5nKJpo%>|$a+c!iaKyG zcLI{$gv+K-zML=-t5Nw?P0CJ;TaZ}rEPplcM|WU$bldJ$yPS%5G#%c|_Bd81!Z1iY zD;}E$BSbhdkXvu!vM_M)JLOwpI@?3(k>J$yQJ)JBV5tr|X-g{|LgF>W16uDAWT|8I zoay?I|F7-SC60x~ezXFmxA#u=12AnBzf4x)Ov1!IU0rhd`rC>GG$XHrP)B(6;e!

      +S8@s85ltDW_E*2}mLSbXrxxK*lPQ2VVE| z0rH`zVus($w_l2y8z%q#1v#t>XbNd1*k4xrP4&R&an&{)Jb$5VRM2%_;QZXUb$rZr zhv*B+QoGw(dnRV4dYd^F=>Cn5sx$w;Rw~*BH{DvZPtR>}b%uqlDyyCRw`j3&*kK7J zI1HO$&DzG6C8LP;h)ezlDC=h$eScn)2+*p4&QI)s^5}XUn`fN7r&PYg)Myu)=cPan z<*2M!K{X%y8kQ0%K@29gWcKJlmWO5s#T_?i?VrxOCI;T$*nxf`hUX;8u3fDh{sbd$ zWBe9A`;;FD@1%xwu>meW2*WYoA=DFhqIf!KE?#c>($LqUb=>j-9;pDsogG!EN?*wZ zqe^mi@&m%p<@O)p9uWHz+43s#!9-)N7D(ZF=H)W3~^#&NUlM8^@{ zqfC#HO-U%Uff$_-tAA%uO)+?J|vD?4v^Ok4ezp&^o$?3%b3bmZW(jkj^|Ds z4~D~NXucRvHD1N?``TqbU5fLQ(31JHufTk8hKDwR!I|yvVnaDy2q(r8x+qU9_jl^yD;=BU(E=c>P3_6V&A0Fi-kky zZk3Uu#b!k*JV1K@{(W zu)|xFb$*|F0+%IcL`FtN=xJeFmr3>6H7$$;kQ#l#?^3)*ZK@erZAtg`iU6Y=2>}we zbP_{cO3Vl?!&3lSXQ0DlEh5e52H)O|c74c2ZegYo0JewoO<8Iy-fHuLKv>j+K18WI zYr+quyCXap!>leYm|kfeENVa76vu{o&6$3zL|<4{=AZ zvCp80KA7ja)oxF>3p*NLT@s@Q=RI?Ca^21=#nqd4HG%8)wt^ojx@@N4D^64|59jn> z4NL`#rtS61pr8KysHi+*mO=$3v60qn0e6n37mFyFiF1}CnY3_S0pUA7PZ-<7nf;G0 zE8PnxKGdzub1&tB;sP9ZVpC#z3al6IZZ8;$%1U-xn@%>xkT^2;KWOyA>1 zXZZJStabvqQ zAgZEr>~$#l{AIzXHJ80rJi7h=IgkC%3$S+jUxVZA(?%3J7&{JHPC;%?o#%SG9#sPh zJ_B!JO?T{XI?G`~mT3ORV>e7u{k!6+!`W)JeGY4D>rzdKUm=l4@}5$m-K~17s?g-G zHNV#m$$V~1pFbb4*=8>sP;haDf>GyOT-;}_Tzz{hQH4Z4@oyYW%&#?kX+d%NbS33{ z!c9Vdn0)R3-s;KZEpvgK{&cwcqGu;5o7J2c$@dm&^l(V|u?-h1J|UdfeyjiYhn2~Q zY|~;cEUhCS;m1kqR^J+iZkKHL(#p0jmkBN2g@A`#>)_15t((IHstq6ARab4}~boowBHBvCtMz|MI#x zZo2aM_-r}Fc)`0q_!~FFdT3=*;(NhEo2@raJEUTzNWsa3$yYHkbGY78Kg*~2#z|w$ z)zJGL{!g|Y9ARa~Lj$Y%*pcS{L2{@sukRZ?Yts+CH7*a5B*93o&LE^uoHQXe6-kSN z{$OPcCzNdE7387f;7beYqdn>Js}0iD!|b!QnzZS4?+1xf*xX_fkkLb8#ps*`1ahUP zEZ)B3d7yY2!o}tL@lJ_qYwY;!bg~V!CpiWHf5+*hA<9JySPhMq+m0+SxXj4NR(l+g zu=eXV1EpjZd!A9g+W5(MBkwb)?VQip7xR>NpG%N;;cnAr3PH&YK-7g{*eQtDksxR$H7j2F`4rzeSJ~ZkB6;^mP zwDt>(DlvNPzK#ZVh@^rfLPhf(a^YxZCzx(Uh}A88<0TKrBz5vT(jnmR@CmxWEbo_d zTC(!!xAcHw=KY{`+dkf#!fgp36h&BAP#1aaj8f5ZK~&N9K=cB#T$4=f1(OW%QJJar z_Y^5EPW3bm^r4${G2yeCIU4N6P32B*Yk__)nX&DvNcdcTP^aa39urg#^Kenrb`Yc$ zB)QMz;*0{ag_5RofT=eWW1c4y6`bguJ688=&9VC7=-%kvZ5dR}XQnyu`?BE>UtfQ4 z!tpR4yxR|g>8PTXyjsv+@dOf0PXRR#tb-V|jNp3vFz~ycBM^D5@?q=w5T>=wl_z+< zw~ZF9Us`mS_}~c(>D}Gi+sZ)U$HqJU@7e_5+M5+eoJS^RH`_U?Qr)%~VCJKg#U15` z?Tl_l5Dx~g33Dd;pktz?U;5`qDXskbi(ldOw~nyM$StWEVZ&{01_sW@no-i#=x+p| z(zBMJZDsVAAE)mrCrUq|%nxOj;^Hd1V=HG1oL5S*aWCxa@-7IPhDV$bw=vMr+UNcg z()Cd@N;phP=(qL0W2TfP7zLC|!#7PS5>z-J<@fKye*Z28I>g_AamCLimO|IXk-2~F z-EbdP7J*C&(g*edo3+Uma5>*@mmuMR13ubZs61+rdfH%93@J?Jq#$5SPEVm>;k9?( ztaMsSV^2&^k6bW7Lu{Ro5_z^gT$V?aqWB2bP2ughb)Y+=nPh;GP+M_NV#Q}$ySS@A zyFa)cn~-j}n5JmHziyh}g5ywA9%Asm;Kme%tK)|aW-*!u#_*22j~In-paeUv`z}$= z5Fch?H#UCOH?5vi|1tc^`}R`N!ou=yDGMg0ZyzFN$_QO!Z!;M0I$Lx*_~LoFw{wq# z3rG_s%B``<#g6Ac{yuC}>-(YItf(Y927MlEu|i@Se}u}c|N2F2P#E692+712!^8?* zD;e{?>|?;qC;U;sYt0O01uY!q{Q3iCc0KqG6kAj=G2IUPK*ND2hZ*4c5xsf=5>#&n zZYyU>IowfVp9f1&80eL24_A%0<<+XtqUiI9U@(3Aak;?%_(nOP>nBI1#yyA2a^p{* z)-$#R=ffN|X+8XPyZE+)M>tt2Mwpp%|GS;@?s3I)`HTWR6L?VeZX$o|1EY858cd0S zZzLbMt@?r`Fhxb`M^pI{p4G>bRsA~a6-m&GR!nM;`agzkXk#ocD;W5+izRl9w=mdj2Vuc@q7M$J8;n)(3DT(G0l2a5Me0#sw-zq1utv*8QFqnPZGp~P~Vq3Ts= z^oG_R>>chSw@2YI06lQg`NF_P&jG_Ysp2$BZRJ-^)q6ZvbH%?`yGQ4tQr>52E3pYF z?cL+jEYjjlXxYfC7k9I*9w=`_y8)9Fi;5#|WfhKX%pKd-e5&VpzU8p2cU@#chZnSZ ze+qh%&6OxGc3f1rfq!AP(v(51c774C0{Uk;mMO99G1lBJj{8FzoTU?cB(_iv z0L~2_%6TWJ!hS#$Vq)mh*^?wOdY?N50I5SZNDMM&B*EyjDNQCLUfjgJk$O}=(?<`H znHu?9NGNJdtbM^`(8{#CXO4)lni{($yN$_FkF0M;n2)<(^VtT7&V`=;N7Gq`Wz}_E z+gmB6l}5}f2E-C5m?(S~**7bbH`(F=bv-etajyc9T8|*RN z|Fq-?h_rS8uDHEFz+tmYl)lhXP^a3#I4lwI-B0H7y2)>Qz5aJ~X-0>fj594a!>lv7woW^S@CO1iA7nAyYU&q!>J=AV^XikU|#K`51 zZjhyB_hHX@;`pq>YKH#(`ug7PuHNG;6G7jINq6!U$VraPFN=a$0eh3S!QQ%Yb&;U3 zFbsXZ5?o_p!MZ%HDKeNgFSZK9G?va)B)RZCs%7It@a(Y+aN^d40;6JL9tr<4YMkA@ z2bDUlE!t11oguti#-kp_ssY;Ej@cNj79pFrXJ^9oOCG0vCLWdFY9u9DDVEUFPmUs=Q+7FUeO!QH>Vs zPb~SeKr0UfH?BocJ@sB;A+V1x35$xJ&YfeX(r_{0T6`CSrj zJ6rYToCDnuA^7fZ?YF3pPIZN^4?HSbE2HoK!O5?hi;%rMXNA<|c)6fhl*MLf zz2}0DB#2GKER17oE+~pq!QkbaE1G~kXal7Y1(6pT*bB&Evmjtoj!vtorqz+JOTR8kXLKb{{%{h&!BwVNq^!C!`2?qeST*Cj!MLg5{IE(_m+@*Q(nAM z{#Qt-Q(8w3Dz1FRJ^?w-tYsF=_?$xk1_l<>$0q*&*#7=bB~UTl3+{=)6LG0i{Wba( zrg1ol)Bnt%$M&#`3heXt1{V2GJuyKz@p)+AO0GfN28kY9aP!^`A$n)E7LK8rt))_h zc7Pl}5{MtBX)kpIPoa*;b9!DAVr?0fq<> z=0NTD6|e1)IYYZAPDVzRWMD+$dKX^T;JO!+ znr}M^>u7j-qpGtb0-5ag1g*O3rSHSt>V}+pgR_6TiwyH;Wko&1xhS=_K^Dlb9rm-8v}GG@NmX+}W>U5&>C8auKb?SCWJ)KnqWqBPrlVBVPS^@y&hq&WLH zgrZV{X+(x0GKNHl}TQk7pu-j-QC2S7z=I0$fOB zWap9d#hmKE-Q_?z8xvLkaGa_NI12@gMH^Kf6c^K5J^N%fFHd^FO}u&Ar}W-kTU*<5 zsWMibC9l$U*bcZ;X5~xUum^N4?5Ogxu%X?yN}Qsn#^VND}7wt zS%1oj{K}}_n85cZFUhNMtk7O|R_|d;(odwWFR>$E%8iQNtl6r!n$v-H%xHg;$GXXl ziQ)Nz?e6BxK=fjrrd&x;LlR7mfFuRbdNCX;Pd-^Oh?gV%ImJ!*fNn9d7j^5vm4-x^ zJP>Vg*Zj1`933YF0XOl+0A}%Rr1uNcQ*~9ZxYU+ke%e^JD6`A7bWu?;_y>_8Y&Gv! zbTT4Q`JPjmvPGHf9>3(tCPNE`tx~SKfsl9gpB4dC!)`+66P2z_BoD%rk+-8VM&z`*8$Kv8+>Yr-fqz}8uvG0xe2pPFCT$v)}W)F=?fb#O~;Y(+Tt7(4BD}N z@wgqp4|4Ssc3IpJ{!T$4(+E;E%8iXJk2kuyfOfwTLtLy@?YB#7dD1R)$W3`z68$N# z^01VHvcWcb2dvi7n4i!2`HNXz)5ctq`DVol9@L@Db%$)j7^$)DN%@_f^WiCpoL29E zs=QfU-kLYG!E~uB{B`SZs^zrxVi%a0P+KJL`?j@j(RCMu#&bO(q7ZV50^UQsB>&{I zDng@6q?`BKVWZcS%N-I+e1`S6tlC| z&b`mPbOA;g-V#P}_2|n-SIh?c7+%*0FIml1F#rSP!OJTwTwl3hd1?CP@My1lVoacJ zMye^_zkU`6kf9Q}9mwhEtWvo&e{08#Ie7}njrliZymZR}ptDDdIWlPKFwF{T8m=y{ ztAGUvos!=jZ=1(eg)vp>q~#E#)H?G)Bqj4~LF#)XgTjo#)DW7*bZb>w6m ze9ldb{%EFr-pP2~CNKc!+57ZJc>SVUta33`G(}0-d^WxUZN`B17YwnO3Az=yth5XT zEvgQboJLh%uzBNshaWcuxfdoOkf8ck-TGMHSVma`n^vYw+uSp#F~~jii}YL&)>Mydm3s1{~cMqBevj}O%&jBXvSVEiDZ>Vp05-AdC2yZ!ym2AFa-pKo(l zIR;Ix4H+10hvaEalS_+tOPv#+SgJ3_~uL`WGq` zd?rH&1BI#3cXm-B?I)La1#oYWswN;ZGYj2dOsnAg{iN9+s?U7LA2}UZdDJ2JWyZ|O z^Ia7eXazu6xV>1>jc=E+N_Pf&S*7i=*1eH&$biE*fA|kU@mFHR*WMml1a&~ZZ19IO z$2N)>P~~cBf+9q#O@MnoRlTdHdwg*|bdK*04%;^z;1bx$omt7LZ6$(5KP@?kZ~V#Z zyUyY(xJ>L5^@)J2>FopUCqzx1b*C zqmv5@;OjxlOK2lnP^%BpVn7WzbjELKA=NWj zTjbPgR{lq0)7%*{Av*WR_S!co5B!3%^J?SU+RovC&fjr@8Vtk2XP7h_a= zMBCV$H;`-;g>qgUAj0!FiTc&|g#Q@_b=iRfkefG0yuJInOl0b;G3~^?kD41myWF#F z(0;`E^%!kJ*2(8lQjkN?Xjsi-8ri zy=NZE%A!bw{ol)9Vnh3>)7_3ufLklsLsQM8B4)(Yk_@M-=q~NVw5abH)!H~cB|1H@ zyr&2JL__Isf(%da>nt~-A5O@qnPYNRl}+XBOpN}7!|#j)T7b)2C`ktldLS@Y zW^|+-GP2IzfQQc-H}*78*Fh`~6w*PUkk%9D`#hn9z9m7_ zdO`#~*bF+|OjxSWwz}{0>XpWH6Zx{n!#~YR)LK-k8v=C7DBp$381iBW$h9bzA0J(9 z>|L4Wm2^y$=(9QfPIoEQTzz=#B*R!~pFOIbQUC(u^C}clQ!ft+6WAB}a>i%|G zz`55iAnx*MNc36QBF*>azb54A0*~_ZNE;vlegTvarE~I_)X!DOF3wItms|E+(B?$< zX`KS3q*O}Odnj~iXC7aDi$JLsQp!&_`6j*QgJyq0`Lnv){<|d88&T*d^ngOxesHyZ zarL|CKQ3;rxe7O$7L6sjy~J1F48HZIFcSGB&uf4_F=R3|@*~U-FQ4@2=!m7Yk1nTQ zpPzfMJIbiE7F>22+gzVr6bpa7t5vH=YyeQzi<+yeR4Pi=@&67Y)P%qGBhS!ou005cHbT3r$Jl(N$K-$4 zj;`QVNE3L2aG%O<^nPYAWgsm+zM%Ivu zQ$~BNl%KHC&c>3JyM?q$VfdA%5rFv#T?y1d)Mz>T;#=#-1P&d}$>joz<&1qt<^m@9iNVtiR z*?8AWi|+3;B37#YX;4;C3DNK)f5cHpe9gY3!;s-osr9U#<0u3ASl6;7{sc}I6I&2r z2usc^o`J)yrAEn*mH0q$dMkvAhL1e}3RJ^RtWG9MLfAYuzb~w9*6kkl@W`9e?VRk^ zOXSzT`&>~>N&=~O^j(XG{T(-m(q3=^TeE1^8qZ9&wJFycT55y!di32jsIx_p^1mag&{2y)0OFJ6t0R7o# zz#t*!x%={=Cmb0*Bx-tew(BP2!AzX-XKr8eXMsCrWjiJP^R6>s>^|S>pHfy0L>Hnnqkc?N2&qEW0Q)G)#+>GR)MzS zMmU_$6q*b3b0t&MKO^4P&;!r-T|e99IM;O-d$p@77qn&f-ALf7Cb8c~5 z*{xyJe!|@?{%Lzi&4|+hqSwmd{LneXg6?4d@bDMaWmXpHn2Q(itL7#!uozDw#PdCV zv}0ldihSN-KSW_eZpwe`7aG^e{{D6tX7Mc0RM1BFc7sU7xBNMMkGlT(7ILS{JStEDB9)76#bLZuWJ!;fRDc!4#2Y$S%eSamG) z5{E<`7361vW_W|FY+PRZ&xC2vIJERMWYTW?=An<@DH*Wlz->$c=Cj3HnDH(@uQa{m z;k(9%e3&>87Y7emUBxSuR1^lo-r-Roz}<6TGsM~5s`2q<$W87lWrB+)Y#nu!=E`Br z#@wD6bToOzO(|B~&gOLjPU(i$(;}d6FEBM=AbMWKM*~0BFQpqtSLgvIj%F%Ze zKoQ6kV4Yf+kg_SyNIiVEm)UlL_nqm=MhYq>nLu8wGh<8gzKbQUHeGuSMzZ3BOGO{d zE>O2u@}9n7Ro-(`$fj)zno(`^{9L=Yz&gE#AK3KB&d#bgIztAelB%7*0*#H0VV2R*9jJo)9eh7=FsN@%EWb5*K?P44Bn^3pP=UD!rSb(J&q3fy z52Trq2K&fKNCdoeAljd*MhgVvukN3eArObvUWMouDNI~=3^A@#N1Aozk@*=T{SXL+`u}F zf8hICt4+cFu;%P=Z|N(}yF87RHADICGX({c^ChK*h9=;=;ru=$Z6PBgUp2dlN=+4Z zbi_FSy^_aBNs$6t)WFg5Wx#{vbh<8ye=3U1!~1@=kemey^tk4WHD>CfB6*C?Gmn}q zKkydAZEvDsVv02N2pNlV0aLw*g5FS|3;<;Y#5EZ=kyBHLR%VL3ejCX|Csf@qClhY(BEbs;UNA=^T>0jm~h^k z4=1V^=xXPOv2syMZN$*|0);L;Htw(aYgATs5@bt zm4IVb%NiSZZx2+=jCx<$!9hvD=bQ?J9VY!nHPG!#+uM_(N24o4W)M=Qa=hU?g@Rf{ zh{t;#u{0kR4!uPb3W{x3JLUNE>vOuky|_3zZCu>hHfiT^su|T8MHDe*1+YWn{+oNk zWwm_;(gamBs=b7)qkaz{qnjm$UjKhy0A;!*J7dwnZK3$DaKD?YLZMvMc`mzlA(33r z{ny}gDCsEV3iVd;ftR8&ToXXIGmM5oqx1L3dF;2*@c`kMs6W4;bJxQOM--O9*WgpG zJuw7R7@WjdAz(^JlAh@~1j9wO=eN_=^U|7{O#}y)`XsVJLic}4?+da1jE`sK8gm@P zy}VrWfBg!fqHp*MVqOXu0Ys(CE@pE^bgn44hq)X8>=izvl90pA22ME%T(Kpb&6U57S`4md}W(x^Pg8q~`uPWPTUA zCZ^c66+HGy41C7Wx}rPDPta}d)rXg=KOZwz!4Oz2GtF%G+S|kgy9JN$ho@PI6x$s? z?b5aWh$ch2dP+Ax!R0V;WI_AE{JI1{vJBkTxN>+(p)76A@Y1gVO($R~LI;N6mtZha zdjyK~HFLKBD*SBymlQipt~Q&xmvAGz`-;1U#eC0RQ*ZXSJ3$cxU!)zp0Hgq-qEkp$lf1)dL{(q;OE={)VtFCNc4EvK(LjreA$2 zNC1F6=)W6sMW}_SsmGYc9@l&LG4>KVSj%U6&ZjJdB^`g))PyfD69Fw48f>^8+=J!} zKw27Vh2hghMMuvfDoGcVku#xolhkDmShE~k8MD9}N#U&?u|Xlga*6>KMaRwmNbN1# zQ`LD~S8kxpjHO7vHK2;dSLRG8icr7Z9$Hvl9=_K84rb-jUy%WJ0x^l#feW0FIayU2 z=92eyYdA68f0?P|#_cTT%iR%Gn4MOUiIWGiQ5SnEGKGNo2LHtClIc~rjLc%yEgX1O z>;U#&pub|ZILtv)>7L*h0*70j8B4)N7nh&m`m4|FgIb+gm~G=SzxPHuwAOl$rtvFkFxQVJXNR)-#9#yt zU<}`A3_yem{YUJ$>R`_hYEs$Kk#ah(bGpzeV{lW9PgoQ@`&^6Ace|DeG?`* z)dD95n-%(C5Nw~fN?@c~CVqc1!C6)WF8t+T3(IPnXr{Qr4?&IlR?l0}u zj)wJ%RH`pMl^^nj{~^%L&;AUh0qCZMKi$Gg-&%o%fwa3Ot5;mx$4ea-d}C&H+r$X! z2|`jChxQHPlH#l9am7CUK8KdT2f2kA2iE7nx69|Z%isP8AS{xmp%ozyEMalYCpn>I zUhXi#1O{H)2H{IPBPXZc#3Jhc24F{F`beQU!2E4G<$?V$T>G1LBp(N6&f`}X*AM}^ zbAd95$nqB!nbA$dx4HSnn3$j$%aenFKne>=fG@NPji~rz>Ile=Qk9o%o=@4k*SwJ? zJkBisZ~#cc270n6S69edlr5jF--zH8S3k%IIlh{kQ`0BJ zUj9)o6vNp_w!%Sf9hWeO!#v-PU~lDL-5G2U1UnW7u4d>B|4mX^&Q{5MiSbK&T|{jq zWu}TVo!v~9-6@+vGA6dEGn9`yI+hfqPF=0kN?-0Ktx28 z*?E!@ygl`i)6ocS*q=-Ncdx1#|^0D!v6t_(UrE!s;ho=NbYCCRh5L@Atz^3EYa`BX^T? zuNAT=Xtl#kcw1UFGkAt7A3uj?_lOTNC z%uaSyBbJDQgoFh6*d=Fo`4|p3Y{*DR(xEn4PzyKM*Q7dh??9XB5Bai6U~*-K^bx3q zq@;^o_XhQQfg%9NI8f!++bgaZ6MF{#C@d;0uCq}QwtAHDyilz_O{W25qL-%`Y+y1a z;c<0TQ>zoub>DvO4B}L>l{Kau)xEg7Ts^tUrZiPg5cXVee*-VSGTRF}gj-e}Vp*bt zkysGR=dpbingtyz(;XF9s|L;3_@hb-#+z2cmo|!nj)-Y2>-qW<>N5U#Tj$zGQc}O+ zVOg++3Yc%^zDeD?dk_rp7f$(z%)i`G$c2Rc_b#57sM}>5}5>)l+@d|A+bD9UD*IhNNTO+NJo~N3ubwNna+-B8d1&jB3lA0_WXT?xfIo_eVZ!@18to9D)6}BJh7CoRJBlguv?-N_r@@ z!N@WB%(fvx+-4I#sg`p1L2$T-_8u>g&nW%-@o!%cDT|4H?{dua0&)4+@9@Xj-m6?ozGOhMf*ij>6!>G7u0lPlf zA(K6WQ6B;Tu8-eMV}Q%>CpH2M zLcxD_^2K1a>En!dEMt4W>fm)-7A2@x`vONA?jLprAOV}5^GDfGl=Wb1Wem*J?QVDNfDG{G$wG_h68<$P z;4Ilwezd7?!_}dsjX91QYqveO-f?Vv78QY6G%?J{E+WNz%z3*(yE1R-e54p7D5_Cp zgwnmkQ1NZZ-CDOQ@c?VkU_OWE-AICMSpk^g$tuY!=fEoAJLWCCv=3DgU$GT=F6cDM z4X!&VUG5ljv9-6u_*Mjk=4Bl0Y_?UV0t_m>H)hwSj2F zXL9mn7e2Lrjp2Zwo=L`YIX!)ho=bReK<7(LO{x^QWIRJ3S#&ut_;<~5bZkxnP!?3Y z!+Z?D6%D%6%aa5VOKDnaYSpq|Ec%N$!2Jv`8c?BZK(*|flI2f4PCqI)H)YkCnABgr zQ=yU}9B7UEKu7qZsV4lFl>-9Vo03HRl8SK3O9#G0>4R~URt+5k4OJ2 zKJ+hMcu#FjjotYrZdgP?9S|A=w^2Z4W4AB;AF!Uo!KxVw+)f|wLG=^x>r_AVj&7Iy zdE(sgnUB@>hZS7?uiq`@4vX^lsI@P-yjkF9>Hkd4{61)DIbUuRJQ3#xacS|@{waHT zU{2=(MYx>n?s5|@i}_~|#9dp@mBPSEum%5k#CAqh!e2+6tHPD!!&%@x=ke~A|ClpO zVx~Tkg7G07rgM})`Npa=KR@VEDIXv%V+vD>qrzwH<>VNgo5Iy6^6hs@r3!3J4KFwrz*e01U8XKk@iCz@2NR@!UMosVcwB8+PBQ&& zubw&CxhPkyGPqghTPe3OMT38fb9q#;03B(86c;uSCctR!U;8I9R)K*d`n7bTu=6kYlz?ra|P3E7to&;$DSKu}RPs{b71(nn89*MVw*B%KIHk-#6j!@f8 z75S5L$E+b`2u3U3NhN}+$igl)=zF1Y2+(YN0@eTXQxzpGAH!ODTy#5XhK3}_$!B=C z#2}~CjZH6GqhG5Kyj_k4h#kVZMQO!vq~PucDvN~Dy#Nc()tzRX_a8U>*HmgkNcIR4 zr3%=Fct0^>E5`Np?NI_*MKUs|1Cqa0qoc2hLLgur7LZ*&emWmKnhp7oRU)Po%lF=^ zEyJ(lTd1TYSis4%@h>8?C@&sxJ&mPP{06o*SH}#XSA^4?6?>{I1?U>I8a>pxRECZ$ zGsWFp1f*1H38_4LNrlu|V4N+!OlO8i$P&fmJCSdnReIz`)!HNACPo07qDxo| zB$k1aW>BC+E^PN|3E@DA1<~FxSd1D_6i6ZRCi%`%w2J~Brn-T7*!Mf9?|!;H2X?CG z6GEQfKc_6~wAsZ%EK04cTs@chq^YA}^MTb_b=frqnAsS=|8s<`X}j}lC`m8T2H5UjsxYNRob_cC*GUG6kGd{uy9 z7~hk>)X(Bf`_hK|EWq_P_*FCbkorE*4)e+|fTbb#K|YcK3QRI5p1rO9LG{MVTI4%2 ztJ90^gXv6Zh`G5QE$)QCP$0;*1PI(@viDMqfQx65p- zJ&^TH9oelgOusj3x>m*caBkqX(x4u=+dvXnW4f~D3oL6RGxuBN4{2(?roCnUViAf8 z>JqXq&p?Mr3hj5Q|3s?h(dk4P+QGr?0?hjKX7r0|@@ksHpLb~C8^HVw>?3JEz}U=e z1*Fjo|sqAlT$<7U=A6|`rTtY6)f$!BVAALw! zDt3oZ%s{cpe!LFVZa0xipSOOo|CGVtA)2q8f|Nb-ZpjEo~TW% zJ0CuxDh~b{pPwg3N$5m0{rV*@MN@P43LfdXw5EO*4E5o)wRP;2#L)%F3W_LQ4E6_R zNvT_jNER09d4jcs8ipxt@Q0p_JE5U!O?HTYcJzTq@xMCm z*J!zpp(6?X-W;Ps>y1+Xk@7OB5yd8fSH|kkfRCFyv%9j!O?;rWv zDD#1gzG1EP%gxpor9Z8hEOMg+&a(L*QkFz5H1S2c$;KJLzOCW~GPP>a7@toZgRlT;PDoD<9oWmNDU~5w)jWK$rR#mZarg8yF{pWwDGIgx zkIg5)GkZjwuiU~EDVk8_BTeAoq`Qi;-D!o@13loxx1VMe{7iFjWsmXQM4H zEOv`(AaD2AMAwrJ<;AE?<%taq!FFw(Og4>5@0eCWvf!{ElK_PRAVn#tsbfIBXrAEs zBj<4MC~giHyk3-)w4fB;s}@#Jp6BNIrK$q@3uu`E##~?D$$qe!n&GJMn8NeA&nB)g zUGo4EMrLc~e*-^cX7AV^Rt`55gxb3Pp0=64z;D1fYPUlZgXHgVF(ts(2tXJjPdn8_ ziP`jp6+r4zi_}lYY4lb97hpsFq?l1%WS;N_&{bRIG*?ZZ--3-=ux-i^P^(qUS>875 ze5$|~YTGq%Mf7rNQ8({CcM(a(qO`5iGQiV4frH=0dy2q^duV)!&pIo@2dJ&jfJgWx&75I4owM=~s4odPEaPhK8P zzzijbuw126`N*_(ay6n`F??U#_q3YlJ>o*oIr*_a!BH7$kk}<}AKN(&T z2aZ2s4#W{e29FosH_86IbBAP4?F$n%2D%7$71^<&pF$HPQ!X*SM%RovG8>G+Jz z?2F2*+Lixs8GWX|Z;l-7A1UH>&y-16$# zkTe)af%SgS_7$uuPu-x9jRLj!*kddfelNf;kIhlB1SGAMT_C4qsa?0fbU$-kH~H4B z>S0$um2;GjP#mIsFxcDM%gxP&P!J)OeIf;FuxwU-kC=f{wZb>)l?eUUK7+ijo;qCI z+~I97bGAPEx{_y8LG)!zJk?JOp5Y{)Qr66RxvIBz$36T2Vsd5wgQb-PSfVK6pX;*# z$}zAm-3VA~p}`(7MP&xVR;Z~3tayi(T@CW?eXCQR{c8T~gBHvWv`F5;-%dRcBctAr zzzAL7^tN3&iIxeCo}iA-%^4XEFaqJgTeG6Ium*r9Q#E{?!R{QOw2)f(Xr-tn2~l2% z!ncP8Q)BA^Woky*K=6G9HP$P*(&4I6c^I6R{+s(Rr&kY8;FbjfXaE1-WTu%R-3WeM z;AI1oIa(b@ZDN~%S|GN8>Q9W3Y65TSV>^W&j^l0)x{0ha|8diSEF4PjHt_rZ$GHTIdr=@8FwND}ub%=2A6Y8QA za56(}*0QO5bOZ`T|Jhu)($Ud@4Li(?6e%DV5bPWoglRFOq^ZgVf zSA-DM7s2aETsDwLlAD={UOo~uu(f^`MD!7esUz{;L(sX5CJi{AG8_C)9UVot7Gfyzw8Nr5LGGo%0VZ2(38VjaQ`oE6u~!0zNq9@Rz_AI1VIX@p#|&~b8fgK zco%{A`VAZ^n=&}yy3eMfqd}y(MbhAiw`9+`1duKKx+TX?GjypV4eO-KPqw&M$l+Mz zc(gFD>>c3GdY^94fLrn8<&u9hgUgCKI%ouZC|jBz!}o7uG~$A9S=Dh8eXzz zP(KX|A&`Fk%f5qdk|`H_%ywG{y3>S-OopVWyE}1g%fVz)!vGOZYzLhN|JDKwVL#Z!phqs z!1})ER7yqk3|6fiQyZfjUI@0Y6?2Dn!K@W@DrLAFOJ z+D*VH&D#F2>l`!f;rCdvSt0o>qW>qJ8qKS+)6mAvH|--b?yc%@Dk`cjoY;b;lt=fXNvA{U0Y7*2(8B{YKbRn);4js%sp`gVvNYMUUO?PlS%NTX8X#uPeU6 zYUt_vYDuR&r@=s))`j}~@UG4N@u>#*YUeZhx3j41SMggLb zFmQ6xZCw|OhHb*Me`N+hlK^0CcH=5+8;DmVw{O7|Ns^8$wP*1>|Cz2?CnH-xNZ{U| zKupmr(T};2cIkFM>jZ)UOlfe&s#BpP*sbO^Cx~4(xqi%@LE5uv{Y!?T7*^ z*<~e}+r@$Y*q`zfYO%g7E~hJeMaO~yL%Xss4M{F7vffKvwPxr` zSd=8wyBLU;*_7;HOG0i5>y2UE0zlb|K)U}E2DzrP1!4qwb!{0dZ9=gNxu^zaf46EA zdr*G^`2()6uMcQQQQqgQ1=K@Bq^DJ-GBC;4Tf6VM9O^bDfMo(YWGOA!-SEtopolNR zf=!a6Q9^>-c>yeMOiNH@slwnKH@bEam#}Hp&{;E81 z!^YyJ=*ebQcb#|OQTpBsBv#P5m{#+epgz&bOK%C{O53m5RCFo`)gc2yTJ8q|W6 zqDrr%EY!`t6i~|y(ShMcOnN*u!SlS{*qDNr_tER^p``BNrSHIyoQCxm(|jOtM^i}^ zYV%11adVLwTD^y3UgoEVEgDr$r~8uAAyekboePB(`N*uVz_U^KCwr{!_4#xWuI{#H z7UlYD31G?w-SRK+JRL4?B|t+*Q;qDS&#?OpOUOhLrBqr`-FoI-`6BdyYVra&1_aJQ zQ3+mcg-T31|D&&>GM^S-WtqR`K2(eGs%anW@+lJwypw)WW!uXLt;hLM1o))GfQdJ@ z(~5ZeG=F3iPyq767+~6D6f@Teb;I1988?+ypG3{^${?U-4h4Yb_5}-T}e~ z=x~DlWu;X85H6A6bjl;+c4r)IDVF^4MF^|Rbzj5=)+iwZHOL?>zO=oE*FQKLlhyU;j9q@X^ zDBiw(d${c4(3$xZEx$MqL&9i;kU6AaWqqMy3viIp;lX zPo0ANescH+OeaH8SIMr8o4n+0hV>UXcGhbNTNy{}N@y9=VjdpNgO;P%gP-+EqY&MD z@DQdK4k%tWsbn*Fdz2#i2W2>DJ0`~30nZyp1s-+5?+9+<;{KoLqnAP+8$JDS$>4wp zkiNk;4{F&N$#|IjQj!4Mi>p%OVj_yxY z-0;huUS?m67kF_p{uQiUF%ZJ7d8D`hb~N3>|1rFX&l({p?TFzIw{7aXwNk5Lz;M-P z;Y9R-9Ibu4QbPAZmRF?NbWZ606nL$Gz&2}H>)l5|c@slznRbCqFYmnd?mH^MXOMs^ z(`L*7tQOnO8bmNGT9X5t++Z(Z2G9)H@9_p%I4lJ(yhPTQ9@8gJq({E9^23MvePe01 zymwOsX;uKEnPg+ddHMmHB5RP>kfcZOxYR9WRH9XvuKV(s4;q4WV&13EFRn+(p!uUC znAdmw#+G#{*3#k??n@0EUK*q*v|pLfU3J55=`)QYyl%^E03C&jOSfY;`csY_m38Jj zw4ehT5OoSVeps#>ZeIj0#eR+^=aj^T_skU4`k7A(d=3EdrsGKWp(oO4C*2cjt0giG z)XWa;&mB;0u-$wA27VI_7rlL6CPn0)-b#o%RB-u+UA?w7NFT0-VrA~zH`MP$EZ{P` zq7A5)KY6FNIC*@YiQ9cCJ&vFJW*mtAGtpQ$dyLVw_szdqrmhIWAdWw7ZVYa1o=q9u zb#sOsDacmM5lQ+ygJ2`eMer1zxq#GC(F!p{TN@eAWaY`@(9B6y`^(KK?+pRHc2l58 zM3Jsl^S^lZV^m}%Ei~UC*&Yj3nWs@?jcN0q-{b-U7MP3>>q3upfP8NpdH!#Qqxdn1GMH?f#EA3x6IPSn!O=kiYKueMpP$1H6;H(zdlmh%L?#serCVEu z)m9G3e9Oy^OZ+d2!>1MZ$(H~2qu)G$@%q+NB>%?xRB=qT&{aB~=<#;2G_gkM^pwB> z+;;I*TtZs-M+DmBA!%7znl_u#LSrE}Tz{d?$Lpz?LtLgs9F$seQm{v8h((SkaO&II zV)wvegUd*FAGIeIp{2p6M%~ExwR%^}Zx;&USMK-sjMB32@!kvS z>G?PgOqeZM?+HbvYR%Xz87nzqirn38?rh4d*P`g^5+6@aOI$@NJESM410!@0TOmm5 z{HShjrX@rw`e%zXLe+RD@Gl&%?7#n>4`&;bno})j+?vebHa;hmX*uA-p76wn`HP|@ zrm<93)Qc+{!gzVLqOiFGX5rm_^+;4J`H(=R^JWMmf1MA#Vpx7cg3yXHhwtU_<={`{ znLXW+k4lIogJE7);LYYZ?8xApU4D- z1b<0W`MrW*8d(+=I`eaIl-9IpzkOx0%^mFP-mPN~7M=Z*l;#6xjVPB6Qg{Cdkz9%3MR&^<- zZpjw^uFAo}!U9|%?}@PTidb6bAIT0aOwG452^WIFVg#^kf%|5kz!9Q;_eVe&R}KwE zMI}cFlV4Ythex@F5yJQf_b~L6tnE}9L8eJt12Z#MU>~cTurLnpo<)wmj4U$)E9 zMAQ3+lVWC$hK`l7vu~&5BU+X-zQ;53L|_jK4G4hU#@>GW?p@cw#K2lhK`%nO$7O~81m0(g zqrXoA+t^qjG6D8`GFl`*RbR5C{DkZZjcuvs(*&JtKB;SHtk3pM{KD9F*j#%`Cf4$sx7AHzOpp+=Al@@a; zF73woeIK-)+!d+2h7qs(g^iv26WN`ikbbx7weCZ+r6(BVz@Xa^MNDRHSeF; z(iC>CVKuZwMm%&8bnp^AK0Og`qvN3cU3>FDNkuEKw_By`;(AnJE#|uCsNrn0&|wfn z^lzposO{yBp}~D4{(Z&a;z~ycsgO{oVVT4yb}l>y28QlC(*sTtzKGS|9|3f=rRAx3 zeTLc^JIL+?6`6^dT@<|EObQB)MShH`6K$3!$BVTA;l7)jI^JG7z4r>7LP3 zglvNi!x9ODk+P%I7Fz{QVeO%3Vq8K4YwL*J0&!ra%Q@GT9l}cFVPP5Q`tjfROnur3 zHe13@>h+Rl`Oc}YCpZ)SI5|pk{DaxuKN87~W_}F|3n$5ySaj$59csFw4E-4%&O(te zS;>Y@mA3n%z4u3Z!7c&+-P%p>@Zd*ome}uC;oyrHU050UF(wWKG?Mmq`*?0Kip+!b z5c&0(#au)VY~clDK_&CaFd_Pb-E@jf<}OmV<@G3KzIDlWvBdJ zkht?rYjvquR}KHd%JQMU?Qbqo7k4(YdvI`L?|fdH&)mKB z10>N&D_Pql-Qs8rV{rZvYj{4wN?b!}C7TC36WN)AR`|sE0E5P<~b8~x- z{lPyWKS6oB-L0ix4BdaMw^Av;udjb|^qKch?|pOF@NP*Pr@$b6m`eWQOT^R3v-U%9 zZJUWqb>fh5N2lP~#aWzUr_{vXo`s-t?<-h9Z&%Z)y{kX0x)+c^I}~`;VGa*Nf1%ha zEI&;mues9O?)m*K3exAlE4q!lIT~S)F+$jI+2{(t#v|e3;peJ#dcAUpJs$AEhCiAl zTtfYQ%dok%{o#y?Z#Cl!{9hFXd6wOIpWfUs;pH;3&R8#R$6>b#feO!P@ z6XBf*kDz1q3i~biAJSsc@bR@WrxL$Xs|@t`4kAi#_W!Sa8VrgO;V_^uGFZKJfAJ5iGYw zo?qqKFZ%hglyXMgeJq_Ed-j$;Ju^S=yOLm|=jz|+E2L_4cbAZoAZI4^%iS`{ruA07MzALC6&6DsgVM5N{(u`5Eg9u zwS$8p2RYup1R_tEY`ahw{(Ci)j}C6#N3O?S#6-A8U~vw3S3wl2(8Bajr<9JanknU& zLNu^vF_D@4JUl+?o|uRQ7EEJflLnW4)_;9ev?_?IWlM%DLfll;w6AhXAjRP}HpPS? zO?5A9c*q*zqExu6;~DckdxP0&n@{_!XL=9a)0XP>EzQlRHy297oG=1^J3IZg7iz0= z^YBnnQDFo&T6K4Zr-+yOMQ)n*BjB6*S!P@gFV}(}j?%OThm#Qyk;%YGe7wBO5S3BJ zqi<#wvKFl%Dwg|qOpc#_xb1mjB|51!@Nv;H$a2;153`VE1JB12am7C)4f`FFNsLjI50^MY5Ad_6Q-4rZ3x>`E3kvTD!lq^IX zF+`3=_yXZy9X2z<&e~_^wpj1K!k3mAsQ{JNfn@0CSDz?52EjA!4Yqy#<`MJLDTVhH zhxfI&xBCSlch$T@Bj>P!@^gO45?ok)z1q2b)!6sF2Ky)SkGYigHyIxdE^oVFTu!FI zf5E@oeCz0jUop$`YtfOsiiV%c|D)+T-5weq= zm6hzh_sAaEd#_~gea>@v@x0~ZIOlin`x@VIUAc?t^5N3uT3;=Z#)d!Bhc~M1SIO1* z)H+=#@e^8QqfD#D#-0}y6?M*B3DS5tz7d{@{#uY%76pmH$jFG8KEic=Bx0Mxgp!J! zNhLoo&-$p1ac!M6?s=ch>Xhtb2f{CCcg_x1>1p(B2H$w-bJky9<9STbVJPdSrE%_5 zdpeTdeZnew(KkHoD^%;mF2pJ0CP{if`1iJ!i?j1<2c8v#JwFxUqAngI3!yj{Icxle z*+j7e=PfAq6fBb`$oxv4@PG?b^*YZ3F|=FYO(3q2UCJ0lYj=1U5-JbD^c4)7)Y8(L zur$8a*7oY&eexiNAp7H^ZV&zz5HgM#86Nb;QfK9rq1DgHxXg3oPnZ5icY*aPe@2Fa znoXh>*Y1!yP-7u7G9SVEf&UhFN6l=d-{NCXo*W##r<$wUDU6LJRa!L^v{@lg-7t$f zASSAr-tX*~PWZZ@!$@(v;yM=f1qe?j>h+mF z9_N+nR4j)5aIdfVFRL9rTV#2K*mywu5eID|l{$B1)Yl)pcU~!c!-b0Vm8AI6>c+=d zwu3WPi)~Pw>S`7rY`v2&a_ew}V!GOKle?$q{%B%mO*N0@yzZF6Qq$b*%9=qs9N2!A z0oC11dQcO2d5O^1x$k}73XUy_x;hCjyq-K*+(n#guaucC-6k<1z{HXe6ez5nL5H9MQoDULY0OK;x*a{$NFs|{=}e2RkX^d6;eO@6TxJYAaF z_(L=r>h|v+?b{S9YPygh68elJIy$05=+!3UaTNbV!Y6>Kl~*&A_G;Pf@7*<6w7vFS z00=Y;h)-&mJ6}jg#vuMo%`KJ~pEzJLC2!>T-d(t3B-c-#DerV3`#k1lMebGD>sQWX zAlNwTx=4B`-ERs}^3qoBM_Yzgt)P$2{AW zSFcP=%+vDI@1cB(Z8*TuP5tlb=JDxiq;r5d8eI!GcwkuA6JCZdY(lP|VZ5B%U0MYW zS`T;kM^s9mGDix3>*==WJY-<_3Ij*@?%{h!{p_Ds50}d=-Tf39v3^Tis@dK<1$L-| z-=JN+(D-tV941r!!6FxL#KgV3xQD3!TgJaLHYy{EpChD-Td5rBa8fck(~TytXD7 zR3HqZR2&Y^y-xG_^efELDMRYGJ3vy>1%~gi$G>qu%p{GX*i1vEzeGr#S<=koxnUeB zwsVj@;d4CT0$xk-d_q?`I5;l;`TpeoJ-ovYhx4O6YR9!ErB;b2?~n8TJsu@>oFa-) zoR*iBhaGgUW#wqu*>6$cO(iNPQ&VFl$pe>ndO$1DPlUR#x!l^GBdv9IFl>7VL-Mq1 zW`?pgJsqlycX27qhBl)7SM!x_^p}pi-+J!9-k93vX`=pt@#Q4+?V)~>T!()URWy`IE-Ptx9Kk;}a8ChRQd42iS@nh9x-0G8ijjykET4d66xz6^CpIbu1oTawX%As@S$EazSW`ek^5;~RU>`bne&c}~;;R-W7 zY3o>8Up8}!>9QtIVE^N#jnzADTHd`_(ZzKGuinMIYjhbS3r0=mD*fSj4-bzoVIgnV z{^MUPyp{+e=Vy9AyBp7n$;8g?{bkSE-gd)huZSIQXS%hb?>XKB>BQz--s-PUQ9t|n zAN&d1j*7lNJk8V8#ksDc6|-k#9+sHyp@xm_{mT{j@X80maZ5X+6G3e25CmQXtV=}_`y zL6K%C@-zY~H(sMof49&!y0Li_* zqUl4^OVxE9q_o-QznxU5@G~-&pA zJ)jY6toO=oT{_@BKcT0uwkzy!MpX8gWJ9ukt32NsSh}u~5Zx8Vny`0tWS=2rSes<; zJh~fp;ltVg%P{=kB*p}?;BtKqK|@8MTr#}v_PT`axzD43&V zCLWfp^Kj4b@PC{^Ln(HrX`AB}2&xlhTndF~m$ohhsdz*K0%d2Er=+T?(+-B7yKCen zg?A@8ySd$?pbD+5WW8nVApGyOh!1vsReYVPhpG0LBd2$E%zdmDU(z~<%kj*nyw*f!Wwz8(lzl0ZT_u&%Fo3 zR2LP~#=jPF(+CGg5l)k^U3zn8^4w4SPC!6l2xeB*uUi0Rp=JCinVqgY=uEwB`!=1G zGe`jGW7?k^qF2}@7NeorPj`f5P4OI%e^}Cb1)H9UBzmA|O8p zmY3@8tEi*J&s8e4Ev*LgpYqsL^8uG+!aq@=2Z;v7TcuRY~NA2!XWbc9ptE&EG%95|*8 zOJtu)`!(*soGE}E4(B9O4%%yXIUCsrde{Ve8fFEOqz$X=Khp`Fi#S{l!gltMOj zo>7RD>3=sKo~KaHT@t9}$4oozGOml92KcL}X+bMQsZC>bX9vHV@f!W9R=q#`&1C$8 zH*&JfnO)RnW205Y0+-r_?Ed-<(*r&xF~aHTKN$d%f~R|@bB z^bK$d(xS_Mh>j&>HO@KSKly1S_Bfo%lMFuz<3p|ze~M~8Bk$d?a^|;VnY|yMd-F{q zO{eu8;*Dc39cwi%Dk02P^vjj0;c9yzdOrJq{^ee+=!JqnypojYd~lQ@49D$plBTf! zt)hZ2EKi>f4bJxEN!5T7+iRq5V(lId9@aMxpA%syXQ89dTuBK1IkL_cb`j5+^35}n zgF$yE^4PP?jZhIAwN}DyEt0RcbCcw ziCTXZnodfy5srYyhcB+X@Q zx86St`u1sNbeLXpj<0V*mTNfYUnIlO$WZ&>GQG3&Jaxmx3?~`}I&4qt89LzbY-oVp zM@7XYKKG3K_u~_D&S8WEMx6X#_98A{fDj&hS)BmOY2+}DRkCaNGT4$prA||-W zg3Qbxh7`YH;_Nxq#*of&KR`sX<9b#jD4)8meNcDx1 zRZ(4eAXMF{XqMzIHg5C4IBBkf9~|a9DOnqVv6dy;*a9u%7KTwY0jGTqC=yo;3=dZ5 z0?xK3q+()Xz%9Rio|V!z-VqCL*0wNJLA4Z>K8t~af@S3LXIRWf(~ql=ugxb_WMv&5 zU!U%Ba&Y^@{hj6+hvjiEH1+Sn%SZmx>E4r-k^PUGU-|+4V@ARxxf)fgR_3ob$vbnx zT~g`a!-?7!z18FhWl+y9&WP?4`84xNnMxBuK-MJjhg#au#DMIp<G_rJP>Q1y z+?!-TmlYvgX2n)LsS50h&DF@q^R*NzV-32jw+qHjYuW36#lZc6!lZ$9blL%JU+>X# zJf33pX@Lh+6su;<`|?uvkj(r2y*d$Sws(s8>?5}!Zc%EUPi zvIq(Rxn9ToRvwPx`;E>~3mcmVnel=ip8vMqGhr4zc^;o~eTIRCe#dsZofUytZ~P%I zmyk^0+C;eXw@K!-iN*AT4r-!S& z3~X@)3n`(F`5%}ocgAejuEZTJr&}tuJR^AKT*6Zq30XccLwl8xnenzX^;_lqrFW$5 zS3d#P?vC+*AcxHE{Oh~EpSbxZjCE}kawv>$SLGRCGHL0q(>tbPkl?#mw>7r%0D70z zP#g$*u<&RmI#x!wpt_5?Pok)#C1Ig?8@gD*GW`VN32!|nADmb-9;;FtvB#j$d5{tZ zzGf0a%)59`grCO9C>IPlA%(X!HNh$mSYB&nIJGEorn-~T>Lw%W)1|9SX6Mc0_sTKL zo11iY^q0-CFvEDiGXAHNIQDy=gl+`P%Mx_lIUz$^OFD@{MwMIsUBQGV6 z+nOx)jaqpnm(uv!Ru47xzviHpiMdH}b>rBQR;;I;Smh=6A9$gST2A)85N$>eP$wYz zLwSJ>z>N^A65m@Xxi`|5OnhnE-hI% zWr8Q6`F|1_*uO)~MUES>xQK>#ZnH>?x^1Pg!CH4Z};f?6Vo5^z_zyMK`cb# zH$4XUlqG?mW)nU&e5H_)UmAISj(()21?2nNh6dvN53S(aBE3%v_|=_SCv!Rh z&U*^PF3U-$QMX`OVc=h0kz?WC9qo!r6TE7@vLe|7iqalMpRiZmae3q^O}R&iC^4 z22?j%u0M$%<@$(qxyLVI(1UeNnV&XqdXkimQ!o`?j{$ z?eAQ&WOq|$C-lj$NUQrC6n-&C@PaAA(7ZvwIB4DVjFb((sYwiv`%I3VC-w+PI-j8UB6M zgbIu^ihmw&kR`!;*TyE1&*{_JiR0SZ`uRenyp){u3S7JR6zzrX&;%CNo8;3=hk;K( z$&zU;Fl<~8QeiB{D z>!XEvuk*<9lwW4%iZ<93f+KSDlHbARU}>3r(*N}4r3U)96(6uh2KG_pX0xbwjBfJW z#lp!bn;5-Mi1u1WDm5o9Bz{uW=k{$?ZMBvP+2?NtdiSQ(t?ax^2okQUMR+@trraL2 z{XQ7c52wW>|M@cuqL;ph)HC=XkL+a0t0&D!ez)qdE4mei9XLD&!q#X;=SOOGeEEY1 z=JO?i&5OD>blaFL#i|bNdt2otrJvP&1zL@whAt1nsolwv`fvL-dk17;6hC`*c6q+P z=C(`s(9pzX-8US>co`YLym#vkI6CB0bZt$^LnWH#2U5~}1WP!E&a}1nVlv^;v*}nSgb!`RzE^xHV)9j;J7ED@!C;`(R2w|J= z;o+fqUQWiZhv86B5s_22)O@4m`<<)FVq$NbPPElK3m@!{)9nPiWDQU$YB zQu9r>N=u)7`0!!x@G!lm#7FG%bclz&sW?(G)ShtT?W3pMcNF}8L)8!+J5&6;vV3@E z>PfU$)J~xtZ&}y{KdjKT2VB$c3(w0C5scQ8US6a(c ziz10nB3Q4LcKIfP|2-6=HbDyP&YPZi$!m+?%Ju{}`KyM4f#!-t3FEXTc~v#3^;U{79KFl&#>ilPpY*?3Iz3UuB{ zQttZqU-6{nlY}Hcw3By_=Pw7$BcAMfUERGWq2A6W0##j6agI+Ta$WoF{K%3Xa(Z!b zCAX!&lsLmyHTIQN%QK*exVb8oqs@W3b1g<6-MhA*VBFkFlvhMd-spOog8*W#U+ zW>L`~kLoIupY^4|K*V8a(e0BsnU%A>xxVb~#^SM>U!D0avo%o?zw5sJ7#37%`b$U{ zYJ0PpDZcxaowIUWIlsL1TLu&Lrjt2PPW}yys9o$+PF}8FpiqGJ1q!JY5N;q%tHG+7 z_p$#sA|)YVz56)9d|snfKL9^%(1eVK?9YaM+beOx`{XTVR`tu6*wL)(mW?A-MdqqM z%hP>PDeN>*6Hv|7xLLWgx7&DmTiau&XKT9r zUgXCx*b(t1K3+8&%{xhz*F5szTuY4ZX5$v16mf;ZNSszWIu$x2N^Iv`@G z-(1Ha9(8x9Irl@Zc-HWKXslKd#d9nL=@fb#i5fRoP@)l_XFIlAAr6%q5KGFuMeF|^ zl$6G&q|iV64+ZM=ry32tg`SsgnK++Y{wf8fgI2##;qkSBXE)qR0ZYzgM_&&sh1?mC>15n(Zjl;Zf z|8!FkCAW{QCMjdu(#-A1_H#JA%7Ry*PanHw-(7&*~ z-oGq5m&bB{D#7aA{0IvM_XM%fX?GMZ@=;YbKJ`QJpeSoyVO39_9EDaeWOm>Qf$?Qm zxdEBmcqu6?ZUA4u(FHBx!;K zQ=Uz}?s)D?ngPy5XXP{+Oo~JkZ5Pci5dp#50g(lJ+42(fGtswh;o~PA?7&qnd>g@O z#X&|7ss;TPombD^zuNd2Ua1uxo8_L+t1P#fw!~=K@mg1l+Rbstz}7SP%!Wt zK3CyvouNosjP3&CfPC&?k^bg=XncM8?gk8r04RHqRXLwpT#b$bAd4j3{FI8aMsLlM zUMy>+c=PpQIS;5yB4xNRIXrXxVl+D$%!= z*l--AJ=WJ!TlyOqc_SNiS-#V7c^s=+p%Ryrv^q4p2{pOfN`9Zw?oJZ?9{BuXgW`z} z67icFPJqU}ZBA3b<(zqdgIo9$gY+@gv;cp#?e-m1Q~#}$qDfN@ zrMjbhFjcJbGxEe~(>z-PdmKP>!fE)>Xvv}nGtZo&}Wg;LjH~1)WrCd0DM^J#Ors{#x zk%gOhOIBie{MFyu`6rK5YEWp!6R^P_b2u(?9azHHcs_t!f_-p!%$Ay;ca8CFZs&6Xe5>&{p7pnTF*nMn+nbKVgDtK!uX#Bj+fGkv?7=L_`vTiuC4~k z)Kto5f-t5<$yWZ0$SHh6`b<{bU5EPyrg1?GeTVl+kL$Zu3?$3*{I-&N` zoze@bEOPr1#)SxCX`a{Xyo4Ed>H^6*wX#B-LM0&TZjR%^$LGGQt{uB)Zk{MFEYcp3 zLcRJ2QLoaI_o%HSl@O$qk1iJuBeT8)hNZEKgg0IVTa~g%n$if_1TAOve~Tgj^j;Cm zHvWX={>>Wq_Tg6F`dY`mzF2Lz+gL!7pddWY&dxXlIa+Lf@4W329zl@{+f!<7vb@E= z9VRPzFN1%tuUcGL}>!#FaBD$sC8o1yg53hMn#@~*HOm*y+k&7SkBb+i3wCf zk+1}k-JxxZX|?y4%VAk#=D#v(N+`X7?eW};OkrGg9J!M2+Z;U!M`cckDRi{Follii zcfNCZQ;9TOwWV)ORrrBE^W{sQ_~iJ^%0hV;#8^@-rGU%#B=yR@W75W!?w~KDri){< zZgq&0+Lg6D2XfN;eMT@2NZizxXfr6-87>!XkYYt3bR-8S7&MH{pFxP^?CSbZ8!c)r zUoG}S?rO(8vY=$*1~6Y-Z-k947-%R~Rzk(k6u!{5{cby$8J5=*Sg~>ZfVk9FO}@o;-Q^;^^otCNXU4;((T$W&Viz4o+76DV zdnsP7_dpup@K_w$ad?e8FHB4@4-akCwz3(yd|rrJa*vX%LYcikS-dRQ|MK{kPtSUE zG|3!dLF~wt?PP1JnGWOB&KgPm<|m&$KjX57q%sV5)>bfCx6~ABJYV+O2YB1%Xs^|L zz9taRmKHHFLP9>ze>jDW*H51eQ|`nCyUpqxuR#>b{Q156;27v-kPDZV)%Dizytuv@%n$^M40m^T0xnda(Lsc^2G`+K!Y<(OZveA|o$fq9(uBy9@w#3S!vGs< z5TJ(4^#uRIjq?f%@9U@HLm#b@iQqrAN3{S_jHTR#R(e=(^KwC7-DK7yO_pCC(! z0bkSR@<6y96wdz^OzLAv$wP^)l|HEbYZ4iCUmqQxPs^>96ecL&?9Zp7f|1ouTyfs-Z)=iW)tQ*l& z^Lnoce{FZYgHv8OZ2QU7jbeRr{wjaimC{Cm;MENUCdYUCXP3d!yyqo`@YxFIWO7V$ zwfpv+Mr7eQUy(6Sz{#%Rctw6lkEorf=qDW9aO;C!K0XzNHq-Khf16fdCU~PI$31_2 zF@DQHjjzj%#-oLq&0QRqHabi{pzfD{;}`WyFGE8=1WIeBx$_8MripwW^8fW}rAvpnhXG20VzcS{V&>;qREk{8r-CKq*p4Na!)*>FZT54-fZfK4jwr5^GD-xz25( zYT7h+v>Td15M)cA*C?VR-`LqDHrmJEP#@1fX5Zj`B!r)|3YDLB@c#R3+UFH*p)i^9 z&uKj4C&S6=-d_fuB;9gJPl{1;S|T9TN8Sj8s;HR(sy znhB%wZsF#@yXIE?Y%J_t9NlBG&#!(|eFa(qsA!g+`zChU1nex99eKJ~T>iP#TU zQRBD?h^uBiXV4_>9W96Rqs&uT@J%5tf7J4aqO3jU^m4zJ1(o$gtr>>4=Yb6*oTu8g zsZlTN<|wQKav5CnfY)!ly7byxiD=DZd-}8L$1UH%*E%n5frsQ9+hJ??$B$;p?`KF9 zGMse0VG5hSe?TG5ma8>W zC4D{fFM~=G<60)Q3ZeBeku5n<>%+X!nijx{g|Dx8FHg6Y_FFOd%B=A32iuG80I&8E zBy$ZJpTXNuS0@-(iEd-I>l`ADA+?o>h zW*K~FS30N46K5Ymm)VGD&2`@>rZb-{iwIRB2?>*5*jN-bd5w8b;`X@ZjNTYmZf6Bl zi9q9?12@4g(&%kt`%S#`ftQE~NC{xJ&+;t3$j_`oZSL5ux*2n=rKRXx=)j6RdW;&b zyJaAULVZj~N!->a;8YFUj|x0BGwf(qtzW!NSi{o9_Q?>r+LyQ5+b*ncYwyPDmX`VR zu{^srEA^!>z%i!NS6_ zhoDcP&120bprRFd-*4&=3zBQ%mDR7`6JNQTv-tebwKor`2*dkFkr4gTWN0NXQDe*YH#N1pJPrYf8vNRjEgh57?B@};Rz^;>7>=L+wXnn#Xs07860Ebim$ z!@$(3Zz#S39Ju0llLutFsi`YQ#u3pGav+BW{*Wvr5(f`=a1=HvXg3m7uhe~*Ha7lK zYZt^@XI1%9bIihxjaD$kr)~yAVi{-==hYlVtBEmCRRdo~`%zl!dYq$^Q@iUm z3sVole=8{|b(AasK?7 zU>O~VykkE>y6*C8{2?YPRL=ljY-4w*YG|xLErt{Rde8*40Om7qrCw@KJ{wd3i2&-5 zt^-Web=n#2%0B*$(PG^Z(+AIN=+DecN#odQzB_l&-fG0jo4oEM?LUMnk7)TG8Wcsa zad|U1__cPVgtH2RRN;^O*k1k#sQ2awqL#WEb|7MF1i! zb#7p0L3Q(Y4CQ_1XQ{&*ujStSc*qtDv!j4`jZ03}onaTXLf+Dx6#|{|#5?chDpEeP z(oU5~@I-a2Zh}GaV)V=&Y$(-yW?kK{>3P||iXRf)NsqV`6SH?X{WC4nG&J-LyAK2X zPSHpG=hSkS>;N%tPr2EeDx=#z-E;KM^uR6P*EBqLg-Q|h4(aK+GM;mmuLLUF&Uk@W zii{%|xM~sH-cFjy&owr8_W=V0{8$%IqNQlFZrz-klqT<6@SLQiq#sGkVLNzPe}V6S zTwP7|?dUztNT%5>i0C?FTrx218NPVV=R&ejmW!jG&(Kh=tR<<%3Sr;H)6=veL?FWA z%|jw1A$^D+*CkyR`iFBP%*}vBzTrH;-yoOFhw-|54Uo*bx;kDv1nvD`ba0Iw*p}`e z9LD)25yI0^5OJRa3KJ*f<)CngZV$ z6LO(`*u;vAe0PL*G(0x6bUv^?K${9C9GLa2<1+aYd3|}KXMk5% zmD}H{8+dx9Y#%;P9_kNC1E`TN!GZrhdK9NROzGPy2J`J0UA-;j{tbX^er4U@=A1;E z@sNE>3eDYMGflMP>wMQYpvqHz934j>50}tYDSzhN58ZT=JW4IExmnaafAY1wHjR_% zCV_Yt`&^yPZ7_^!G&*32e&q-QGu;iM0w?SXGc7+p6`7k; zq_Q#@+Dc=6C3K*H7(sDRiDA6>xhF07_~+g`8X6jSZ7>c$=HNgL{n4z$1;|)Gl(kTp zU};TWXo6&?e~Ja5y}kXDnC(N|g87gb^F$Qw$@YG!Y zK?yqC0B$8^@GrL4Ur4}H5;+G6WvLlPrP;2{sg{sdax%+z(r0A!A1!u&l-72jq)^$T z)F*?89da#zV>i}ser`GF{BJBWjYU6Nyf$8#%c|w%*}WnnBlFhU{e3lq3RO_P1@ueh zj1Txnibg+{11O^q7b~gvk`e_4rML6(J9GZSzY}r93mHDCq3w?v*)HHTBAg^E zEjmBaOB0e2o|TNuqcZuKxZ;uwe;m5$KXY7zhOdYxbkakVb(2^I~s< zw3fftwF=a8U~mQfjH)urhL>b`N?To7-htSJwc(H0JCzQs(nazGcCBuLueE4-l@)wRQa)9$|l zETLk|ybT_I!Ppg#XX8+q&2N5-zazV3{IhEH<{6f`uVdrJ%~ zomsH^q+o{{x@a(3h{M!p*xz+_=3H83(yqfLU0Jd_B8_oo+m4+eqT})LS@GbYyMme7 z?ho;wRurBSCQmp$a6ufzqRygGW$!mRsY;3ro4Sv^cbWwiM#ytBFb}-S9eu_t_y*KW zAmEEx{hEu|W)RzURDY{;i%s~FYrnYoYH7SN^<4wyLVv*7g0S*9W1>y-Io0%fs8Te@ z;uuO+MEQdrVuFXL2&AYJab#<2YbIv93v!x5cYGtj%h5d^%>n4jCX&rdk#vm@$V1y&DADy?u2mB+U*-`Z5z!kU&A^`vf|T%PllNzZxFV2lz~3a@ zE~vh_v7Me;EzZ=sAc0Se_6fc$+i@e<${GsD7zAYy5!+N&ghdoTd!_IQ<|Bjr1b#F) zG1B5Qlae0}sRql|jv#`gA?LhOfYL6x!_=7sc4jJgQh#J*JiE9kD$*I|+ZmpmZEb4u z`0(EPX=kK6@l6r+yps1Xn<=GYI0-pr?}fu-AYPyqs`9lmKdz7Z%Pzzk4F;c^sBygC z%**$C;Sc)_2;;8Tl3!3?ZUiG`=Rjx47*CV9Uh(~UcXPSVKZpZ%4?LizUOaZ1dzbkb zxeM*~v7uo`BzOYB$8vNcwJ~VXPy@g-ddIS!J|vhQAXS7E4ty$k=)=WMh}=Z?RJ62y z=BEc!R9bQBvJ+9i5!-ylw2M_eNm81{at-Zr9$PVod#(&qgkG32PDI9OD|i*T1`w$6*+jZ zd@>4uzY5Wmh^7A?&zhmU2V`B!eNJeG&nTXK6Frmy^D*Fy$XhHkQmr44v~bV z2N4a%V|#IR|36fwzHGMZiQ*7h!`{^Z7AlvlZf8o8s2rKvy; z@f^zz#TUMmuee1_Uj+|fl0HrxGKQiYUP!E$*N+=o(PEM2p>^`ReWiAbi}aVl@6Yzn#72lftY-@#pjc z!C#8le`Xn*n15VdOR9BtaaC+6AV#~%A!lc3J`XjMWxs@{m)DD>+B^^WMzqAp$dr+u z8w}k5NUbxs>{R1HDU#YyEY)qF_5H^41r6!v&uE<7+z4dp>6&Pb;ct%xw%mV8^=ev; zJD&Cb-E~Fb;zCvR`I##E@PV%COKi0lw2wkF_FuO-Qzpk1QF7i}j0=qWqN+!kTttNz zF0?qPg6CF7XP{g5-(8kRC_f3!ZWE~w_tDl|vMLpxZ1>Wv8?3P%CKk@Q$?^nOX-hU< zG`J0XJMZb$HkzxMXRTXCIEn2vtpCmww#?yUzLMi9x~F`&G}40FpEufgU0GirI$JN) z$ceXebzvpNJdtEE)zs{DOpV&L6DC%3`}X48<7=FeMr2KiJGrD}$He4p^PEMnpH2MYYTPD6*cSz4$)GRu>$L?PGyu;42KB?I(a=+lJaH=S_ zaVga*dq#;W-5Q%x=*QU8?c~jx%keWiZ zf+oUv>_c%)P0;nVN1m0rju-L=k^D5%#mh$Oo;iK;T?_nQ7pbj7Qx6Ng3oO^LsdhUhfwO{)ac#mS{Xw@*K_J_7c)Cxs~ zl|kfFxrIKG#`iI!qe^)NEczb$>FteOZ@+HWmz0ETj`i!YOXR zj##y)EU_>Op?53&Kz9B(O*lkdYn+`{n>+mJh3vRqG39i$DtFi>8w-n$q2Ytz;NXer ze6J4a$ellTG~G{2I`kv##>YO`xPH7F5FiO}vb?d6oHOjtrQ_mz*Ti_=V|Cq#^#kcZ zWT~bFmC$_qx}c0LphFA2Q{;Gf_{Fo-Qe)aa0hJ{G3R+y$NX(7uMQ3?j%INm&uV#Teak!tK3ne9`jv0u6d0uditA!>j9V8M zW&b!tw2^Y-Lrb(Lr}#zX^?u9CL-{El>bD?d={h)|cfi4(nZlZP587(ooehYi?|rgD zX2%h5^YK!IL*dw&@0zDaC2n$@>O5gPU>*}X)?T+Hr}&2|pi}e8t<7NxAxt~|r(!*% zie$v!30~3d^3u^)nYv>?|3phoqh;zJ)5*z6QMu-3sFmlA-M+}xmRIm}%E^28aeM^( zQ_Y%@{rVq>>kc@6FVNg--O3yIgm;$y`#ZN6q{h>Vx%%e!*DCt;{PIzf8P~%;c&|C~ zhQ-Ia0#4iv-mm+$(Zl||;3m(lsq&nR!8|+A7#8qwM&%uxcKHtRTWHU^f%dwL@_T_TdtJ9K-g~~ZEKVNTugb}_r zJ!9i6tqIf3L^YMBY6`2Sg98r4!C|l5LtuF#=C5B~#~dx{I!oWNi`^mEEczEt z>jOO$B_%b^cK+Fjwic^u!;A=TTfta*AgLX)5%^+Y8d;vQ>Umkw2-Mats&~qSN$o@5Gl9a(k5|DU-dm28dKJU#Kua*yRTEG$Q}&e3L!Y;ZZ#F+aq_+FTqF;o;%6_9Y8y zS+I+UgqN2qv6Owk*{h-PsBR1);>OzJ^lyYw!>dAAeDPq-$b)<}1fl)b>p@LPolpI> z(AL(LqQ{(sC(5;#cKFZ3|H9quH{$rRDeY$CIeE*Ayj#=h%y+kR4iBE3;GMYP$r&6N zoFFH~ZZ*SGw&ZoY&q41vyR`SWlg_05IbVKrHL`K_XF^d;%}|3yRfOZ^!46VBDTngM z@$vq?0@Xg+F;Wv3V@*KF-4@B_ef-nT&Te9Q+N{KN)`*O2nuYbLo{QlFj7z0L#V}v` zvrD#Jgvj_*$bMq4u7v~1O?;Z2&3AY;n2^>{ZV;yVnM!Z#Vc+^$y&_VC-iOo7Ohv=| zIfiENx!x(Vx{>5{A2xH3il76QK>iv7O7s_}6Ng85)*Bx&&rjfj_9qJkZ*NL@^;f3;wmN8c%zfo8(}WBd)z$Z)i&<0I6HWhnK;i91^+vpxMg&L40|=}WnqDv z6??zd%qP9(?yqqc`4nMItG5hIkgqIVe(?nUJT5i2Q%oUtblu>>3&$(2uJ%h`PJc*0 zklg1%c7n9C^Wik^UpPA>n^vFZ%_u)!MfiD_CWyTbj|)x{TH=37(P6$4Py~0JYX9!r zj$|#hmW|cniTUYD1oa-d&C2|PaYSS~d(896Zw^+@#bai<}Sp31E|=fAWoGJ8%8PLV7!i5oM<+|n*ZC%VU7s-Qcb z5Si%c?=R3yr#Md#LUH{_Nb3W^Zfk3&V)IL>yU+adU*`J$tv?tS<^vkps_% z;X%g4#uisL2FxaD3QUjV5A6l+^B2@!X|MUIRJYZ2Ns^+`+2*IjC62s+98zVyp@;fk zPB-n@hfLkq;;BJDC!~{&9rOjYUK}?vSC-d@Zf_5!qfxM`q#0Ho{Z^TaJlY5nv6+!( z_=PV1%jF)os=1D+*{?#BV~XG5n!Gga5_*Pw%in*a_N|U}oa~R~Y$KXcs9m;-PZ+r3 z`h@&mPq8jXV*Bc>UKEf(zzL|TY6z3rq-f4QXEaWIh?N|3cjR}lU9U~zuk1-|zt~S3 zCdC#GNz#7??=v(#!>VwsFuV8i0(GbHgqLOL*$3BWMUp&pUq;UV8S9v%w@Cwzrt=$4llN>`vCZd8KzCfop9+MDt}J|o$jnD-Oo?s>)rr`=@h zuuqT6X+KLZ*89_)S{@4akDBx;^OJQW5djz&D)YRU7se~1yI8B<$vvoXFQ&y3{-MIH z{orQK(nW4*ZB1q2QQqTy*>?4=`bUzk?Ssy7Qof~qvMUu0ZfVn?_2$J-NKGyumi3h@ zUbeNi>+AXp6X{n1#Zj42+?FXt8`uVY$bOIPRAr4gw-9Dc3Fa|Or*b)Cx*DC4bgJr> zu)uNrBk~ zbVSrGHdhxF;b>AyR8J;9q@v`RK!}Pjl4loN(kK=bp0oAB9F52ZD}Vc`{(iaZ)jtbM zCM5i$_?csj$E4D|&-=f!Xcrhlv0-iFK^HPys&+4K<^9#iVUGv<6tgCRs%i*KTsgPx zooziQt8vF*Tk!{(Tom@9vLWA_wlfh@w|+lrOV@3k$q-EZe%7D-K&&8SiM%03jVh@i z^@GU_)hWHe#KcSFcb)o_vSX*y)9FZ(TOVBy&=o7DhIi|3^US+*BDREff6pP3J=C** zEcBXs95lUaJTcopacaO;-!5KMP4>CS_>ojU`#HA5IMZ>-OnXNq^~i=pPN?yUiF_d8!g<2>59T5vP03=LnaDDi7Gus6%MRx^g8`#=3&gwG zf^->qdHGv1j~$SYBQ;0%Yu}QzSZm{(5OTq=@PNB zV;eg5AnFT8V~12jz^20S?DTYH76Inxr)q7&G3O~rPlFXJ8j|AzS}Gcv%X?H4Ueh71 zt*sZQIHgE?{+~kRc)br$i_b!;Bn$VcGlXl-55|m&=zA{wPLLP;Pdg_5$JJYgMb&+A z!zdsqCEbmLbc4hQh={bPG)RLqLo+ZS-AH$cl+q0XgLHQ{3?bbyz|48){y)$2<^94n zFy}fKb7rr-)-TrDAPI~`{;8Q!ohg734fsFYiWyWAWults=1c|;k4197|2_tY;$rvt zN%%PqRh&rua?c`MWA6bp6K<$)a?@PeVa7M*T}TICUk}L1Bj)Id{=xc7~hTv}|pF+?Kwp$-Wk`WUbo zroar3{!;9}k?WPUQcLCk0KlNm0eGo=Bnd4Iv(bl)6MdCMfKKa-)=T`XL{d-uJK!67 zWA!^Q9XT!qcI&UNZ>oN;*#OUu0RqaXTr)4mRQTOIT&`77ou|M0IYP&>W-z`tzg(kQ z<6vYTh*SC7yB)(M7Zy+0_)x)+W`Bu&4HVG6jf;z`u5S+E6*$={n;CLI@qP}$%F!&F zSI7RZLiF1Dt|Wh?7}YXrvV~$ieHGv!y;*cxKKuJ0kSvaQZDj{|er~5~+m*>X~jvq;1c^h+uaQkd=*15_1>M7_NMR%XbW>ZshVmIiWqWt7Q)U3RyH7X3A77uKv|jQ4-nmr(-1^mV9#2C9ES(N8Y5}oWNMcOu9*n_RB)=PSlP_tU>mtM@5*iu9^k;P9X3MR|Z(!>sZu{#W5>r_C zkE%^@OGbV44XslfE=kdoW)RY~pQn9kMdFv&x>GajC6YXmhlNYo!&`lxELERok_e55$u0Y}8UF z>LWbHmCLH-;^bXkSbbM4$(!w7=DxDGc>7O= z#rx?ZdNDe0$JWpCG0)?yQN?ejmwHzT&M}_|=2z>#&`4ngwauFF#i$5A~9jPMI#u?p}e{kCF!jI}fN$+jVl9qx9>Ry&57F-Pf-iX?M< zoY9cM!b80FkcFdF-<&WVzZ=gDKSnQ%6aO*avxzt;9hwmE>YY02wrdCOPm`7$yQEH_ z;;4TbK%FdkhZ}eB?>_(GwdxMSwe^}?xTH*2_wCNJu+7N6)0TA!4atmEXOxxWvzo$- z&+DGo2M#pNILdsW<6fG9zqhMVI8$%a~>!~7lmEm4G&8l@+5u_U0ok1x1I+mois zU#_GY(3HIWF)H0~cYmN&V-PXP$S+c?PB(WHYZB|UNz65F;%ZqDj{5EM(Vh-madUs` zzayLz3!K637w#nHK)yt>=ah^+g;xa97Zp-xM^L1}ncA2iA%pj&;KKuOgLjqLR;O|4 z-OIEM`Nb`r>`QM&f|IkY8`oFM|6@T89(4n6m)|x!JlD3Lr|?j4ig3rW=gsI5Z~rIj zV7!C1R=S^SDcm+;fyZGcV<(ZGsNLECHOvjqyuiDFZV{8o(m0S@WMPgX2<=&qoi@Zy zAGUh5OhKZOPY}wMvwofQ!(s-M+SJ6q%mXohCoL1Rx!fjAFNTlG^6RV3&{@(SP)=9MgA ztO2g)n?@r%lPKlHa{iLH>Qp#~qkyKFY2fDJ0Le!mc5SBRIG%;x$%{~Hk9HwA4HMIVdHzyU z_{xA@9~lRq&w`|AO(&a6-nXCcgT4(*%(t6rlSe5gk_uD~tFz@tUhPDY7GuW@P|*v= zQ)a%;mJiYxNPor(i)uVB{Od#_YCWN(um@SJ@*gC}B`6h3Xduu2_`^1^R9BZd{#sDV zW}UpJ3TyJ2n8T>`Xi>hBdf_9}`(K;ky8mDWcv=m=Ppt)ov3}U3*_qPQEptkm*-+V> z21Z0WzYXM^eG?hTqGS6s?AGFsi>YO*!{ zFVnGm6E}YAL0+?SAX3j&l!){V?Q!qqCP{!#>Q14`!EL!X@W}s6$0RP!|B&>j?*)@7 zB1`G*EoTuEs#@CYa!-PIX8*RtXJL_aXm7XVz#c8<8aDqCrSa6Thu5Q-91KC zZEchigC9O6pK)0nDOru3!PMN;ZDH1&MRYp*9UYYWjl**{wk+P<_&84ff*J8Dw;%W? zcQZ{NjmblbkM>F4GH6v4>n0zEfM++gSf1RPKA{wKa+SJsMKp z84hK>a99n2dMf1DgEroJTM36p!d?6q<1VQ4V~Z9`1>?-ITcwTFrCdj|oeG z@wS@^n$^GAByI>o&jf4CccN4>cn-o{WZiyA@riM;>ojeO?)yDvtSH=+)iF-$1oU?K zz^^c*p!DT2OpT=SlLQCFhq2nKW4PdlGO-E2Xg@q~=7Ib>8pqg}zE%gdwzT~b!+grp zq>~5X2U^8gk^zPKfTEanQe&_)L@(Ad0Z%f65BCMgG6(to7?>01gJ0xAvC#aVk)QMx zP-h?MbOfkyq4}Rq6MxkAyW7oi6Llmo4fxWjB4OTvCuS%^fh#~8(C9bc2Vjsp=t@J2 z=^9>#p|&qxUz?fm6%hFZOl0F%C+gQ$3V5y-R5AR!npp-8AoDbQVKYZ5Ke4odN}pQZ za7OeC{>Z`ua~r?p8{qtK7uNJsMxQTIF&YP#n9pq7N*?}XY)q4CQ@S}aX!Vl(Qb$xqmpG_I8)bW;8z zAt{c+NQr+F7jME$#W}b7n1*cPKEoc@H6TWxw$g47>oN^9UStj>&8+J(9uePK7vamK zbY+RbYr*J-;~uZLE1CgO+Nj?f!}hs-l#C8zkGa#7n#S~nVZH4#29*o`-j+Py7{nlS z+QTN2{uNT-Cu`0(wa)k2FhcQVXBmw3&K{N9s5pOoBFNU*0lcp=9%O}3PB9>pH{Ud$&)$dP~XE?S)=PTd!A0opdyV#m#J8h|w6llLK`1T=q7f$lMQpF2Mhm`o}ScDLhwi)IOJ5 zl5fr_!ii;$=-eAqbnYW7eJEncicRv}_`=oFOm^J4O#5yBZsy__*NBUxrY}Arl9=~d zY?zEu9#j&i7-3YPPodn~zB>%bNAIuq4r+6}l+HjZjwax@(1n>Oj(Zxb{)MQso)Z9u zq8{sTXk3mClSSG}-;Q@B!Ft6$-_Ib6P*6ulLJj0%yR=rTTt&*tV_YfJa~`k$J#qu9RmvqC9_H`5 zzg*y2O6;yMIE6GQ<=BDb(iB?@G|tXi7ROgtW8#Cv*96ZZ{SxJ`w0-ZhjnzbJQjaii zdR}@a3x6r1&4i6p^Sv(d5;#2k>8;mTv}V~4HV=3UV!gNgGxwAWQ8l_OG43Bpv5@H} zd|`G;%~4FnFWA1~@0`HleUzg~TX0t1o?v0C{uR~R7eVR@VMc&k@5f@SH@Q>OogJNH z&8LXW@!>0WU*Yn0Q_`CAnSKGpYcynUWGp6ZezRrv9DK=*z0kHlZ(%kq)E#Lx-(o48 zOP>~y(TAAV!3MNsTBA;=T`lSB=AZTO{@{)FrIM0TZO1=zYQSwKKv48~BIlp5!RUG$ z)xHfqSrQ6 zr)f-6OzTe2H_|DX%d)UFd)ZxIJd`hEOtOv@z_|$Teco@%b98%NdkziJb$#mZkg*4O zdXUGMrCodO2~`sNdxS}iys+LsmLEZlx#WF#fv5qZ=jPzD{e*jGAMBK4ncoYS`rFj7 zG%2!aNBQmO_q^=VHH^Cy+ON%er%Q{Q1G7GBkeX*|$GP$?XT-{at;m#sY-(y{1=j=s zNy2=F>K@|zpupT&h zCJt+6KfF}cZA(MXgA|cW6s{=79<_$U;fIBV$Z)mE94_d+EWnGB4m879YV^~Cu`iW8vGylkl9?g8PWRt30A-!@*w zqw-mz$D?b<4CvfsUOFt;tiV$&k#+}sOeKZcLO3GRt3jq|hl9>ej{le8?3EPj{8RCEnR$rl*4dn*2f>ed~&jchdEsFIs`w;11w!sCHA_PETmBO z*|$57irI=0+Kyz)XCl3Dl;G8ZSq|97ySlFh>oN6yDM>*sqxkLLU(Fb*n5~kY)4ZJC zCvfSX&&+MM=*IqdA8n|T8@xyfA#1|Nrj=g3 zSZQ!6N*1F)5M1<~^3OyLllsP)2gxVH@l5KU$c@ATm%g*#_q^Wext@}VE~)_uX***w zy0Jt{-Q!CKK6|nXBDET@PUN?N2rE&8$7}+u^!Vp}Ep$5l-Kx1Zd*CFnM2)v+;bR!^ zy2FF!s^JiWdU5erqvYRh=lQA;+$?Tc0t9CYc@{aUw*nm7W;&_WcqA4YJriNc0ywsY zP%ZzT?$^I3>36R%)xF2~QWID5tKV>o$aI;J!KOKIhP}oDRBT=auKu3yZH`DYTFMe( zJ#`!`4~%;{WqP!D9g}?c#gMGSTRT}LOO@Vx67-eq!26Z#IkP_7?9D<&^y_>Rx@yY8 z3q2H5uBN|-k?741-gj2@gIT=Hqk~O7gSNwp!tQe{3ZGaU7eh4Wpw0gPt|DZvKc*0ORjyBxs0!U)LFb zs(D!P=g>5ufrRc%l>#?y#VBYNPBCh2OalpX6uJV^1&UFyn=3Rzyk2+F20;H6cA&`= z^d~@L#To*1*xXL*_@Xr&tR!XaeKy;dXT4WSU91xs=#tWClxd!f=*yj!SJDjmJ%vqV$wkaZS%&kY*Z8vtqG?h7ahu zwePLCk@m303JNh@ehejX)8-)0>=I)#UqT-cqQ3kx=($0u{UPX#PcVP+b*Dzp$GE4K zT)d00TijC^C|G^;H&6TaNdVumorwYVvbXq!3i20nG+>qB-!UvuXit^ zZMX31O(I#1*cTR&jeBK)%5+5aQ?Fn6T)i&__8+9ybJrC%>j{>^w$|xBk%51OJqD5| zj|1XROG|(429GzB2B_`Q4!eqUW=$0F{YmX0ZM zNcUV}R7vA*v8nQ`ZhjtU!}Ir|F@`jiYgaB-?k3EpGK(YI$;fIbwI$lfCE|K6t=f=J zaOV?axgFU(-%Z^GgA-i=LzERY{D9=f%%IjZ1E^{@4EnROEE0GzfaXa8OuwJuKfGQh zy`fB0h{J{v%A!dZSix@lSc}?!Ad176;>&+2XYI_~J}U|v9f4N4hoJAW3t_d43#-m1 zB_{(X#VC-(-)Z1pVzly6YbhYEHt#1?EZB#2KZ%0m2*yAJuYf>c@V}r&-w>*J30!kv z)Uek7C2=x+!M|Vh<^y9E9wmnSXr#pw{c*2U3db>+yiY?vI?8r!t?$OHPfF0L!ZV?Q zwYdu=AZ@ij9d63LDr}MY;zo7DD(5}zqLQQi{aG9Ss6O_jsZ0*|li3&*2yZMSkAX;* z?JL#Vfr1KiT-XeqIi)}3ni^60BJ*$7WWvPELLdd#>lSiUx30thwDM(pWr9hC^Vi;6 zIq6u7(}Ltv!CoH<$59wEOAlpkM}TmR7B}G>SQ?()d)8;YDLe%A^{%u67;>o(>VwRI zEARxAbHU@ANuaNK^a;l(v=3n`06GDG14cXDDB_|K5AUz3H^8n5uOvYm84txG)K=$s z0;DH;*X^JEC-jf^kvCg3MU_(X&M-OKkyiYe|2}MLe0&)b7Bjqs`u5@e0`qVQ(Ip z07Q;e?sb&NNn&rlghc(*cZek;$-MrG(Pa2Sw|6JV!qM}k?bKhp$Z&CUHOkkEYI@kM zW;Xh&vm{$V?-ItYNR&hdaqIIB%+ey?3|~t3*xGt){}8)|(l$r4#|=~+CTBmX3R zCUcY({)pk|)lN_VxTAc(xH|6~$B=r=LSY+B6eBAZd8cVGG;3|Ba!zcZq+j;dQM*i- zk*fdk>$lN)x0kX!KRoZ*|NH`8zKzcAxLuxQVW7+~7yBwimeZwcU`prrX=9+_i_Cxm zKI64KTqQF9%iITqA~E+1*O02XNxBWHNh+;e^4)y)GL`kTa6G-Xp3sAz z)vhciXSW~z5q}8%cEn{N?yPQ$f;Wse39uK**dQ99>xjA(LNR)t?Q?H8T|xie?Xu!C zMOp{Q{Jm=jL6VcoQloPf0hK z%kik8qj-aqoIiW=Jk1$LbX)KjX8DT6fY!(}Z{y#Hn0O;elnAIA`OEJE{*>b)N6NPV z+Fgz=_s{;1H6st=kr@|3<%$Q_EiEvvV&)-qSmnSHE6~+GipF8!T48pghY9JnH4S9K z(Bbtc$J>7&aL*-X<&zbTvYe32YI3L@Y-I4hqRVLVlk3R^==$+Uk- z`H1Y7fo~*k0wFA#A78ty*|UDM_9Y9uZ2F}kthg^rGanjNa{H#C=WOhNhI*oh@xr$= zsahnVfbHw`jHv4FB@67AdDb|-`GizIx~6BuAwk-4UEbGhV|T9EdjBczPMdR&lTbbKW%!Wk zHLFQYmJ^=$Z1{VGmWJ*i-}~Df!>Ha6eFFqZd)=Rm`w+xO?pfMxalZJDk@cdYfW!B= zzm^-Si)~{InYaai-8U6c^U5dfN^7|M&Bu;B6A{(_wBSW7(W{pDqiR{CXkY}9o!(jA zaTN&8B)n)kpV!X(wgb-McI>@4irzd%D0+D&O8t8+IW$)wT`u%p$_{^C(ZA%=Q*8KS z7rxpjOcTum)91RI4GFWtCRc;6%IE5se2Ex;msG1`etWy4U=biT?HaYQuGMd9XUyc^ zjdveP(-X2Cs7`@zlCYM3f;;0rijxy`j~9&5n*YYOzM$Ykr?k7Fs?nsfjAx;&~zD}>7R@;;6QJrYkRE&w^L%R@*(i$by)%f** zYIU{rG?iOB+-K?FRdsd7jl0toIowx+5JdtlkY&ne{z4ezJ=~=6V%le3#L=Y;Q$$wr zi>N@kx#;%~FQprUTMA}=UBA=VB&)~%Bw&Hpr=I~WSxZjADH|RywSWTHX)QIo8dAR$ z3tZk0`}GQL3Z;WslzRRviC}lX_@w?rF>$59oCKP<3)iDvpI$aI1XmKbS3mzB;)Ctb zokvbYO~spGd_;@<46Y8pJx;&>P03Qh$Efl%W3@HMw*hZb-vw2@tQl6kM;V7bkOtXDb8z!Z4}|8b3< zQ0|DPqcQt>hHo5Qc{2`;ufoNBDWK%P%@E*#R*2E5iUysrCRT|x##Yd&Y`GxOx;n5| z6r5fiL&6`2j+RnDCl_-__6lI;Q_51VBrehh7`=nql!|j0J*(E+f(Wj5!bNiOMS_y zUs9e#H+eQoC7I^6FeEckQ>b~dhaItB>fKnjY!=|YQj*60m9|!|ru?*UWu$VH?e^7Qag4isyd$e2E> z1!0o2!hop^hU)hBTyk&gbX}k)L*Mo>hu=FuTcp97UfZHmSnf#Livo;)|2TsG!h)T_~XJT&UDB0k8l?1 zM#6rPd}ieatWXtuRJ-%(Lh))Z>8g8f@^&jB)LRG1=S(3ImRLSQ)6IX>>g#x^=gGa3 zA=l3Ky7_5pr%(y(H}58PI@J+h^)Ky&7#<&YhlzQvSm8arcTj_ca}3TLE@5p#a4@+E z`Cl-pjYSOD*g%+F$txNMeU2`&_|_n#zCw+jQ22XT5qgTpO;2ZO$Az^`>?d|YlCG&M zo?*#gqNuT98gTg23Ddmyp;5e4r>raa4m}XvI9iiW3ei#b8C_zY(Dz1cb7Hts5^B}G z`(O9LZipQ)HZ-yFbqal+0d@E#Q|V%^R$bnj zmH~{P;iL|R*OssNF!YpGG*De9N1h9a0z%`Tq23?u2+!L{`pzI%g1=q9&nXRe)kV%j zEJM=#ZWD~LA|Rqn#kj#`>P-QBO%0+v|5h?mqN0Y1>TxgPj?(!Lb<3K07x~;BjxjU% zOQVgWd?<;{Xa+~ZDP1Kv40wFiwHZcH2^akKkXD;rNpy0dZ$uMtseSwZWgBRp9Xb|q zvSxplnf*qmA(;;l`%y}CG5T06Qw<5qI{Ur6?-^K|Cz)mMFpIwO|M$dA_W^1~irjS3 zo#&)Kx?U%vapDeZyy_qbeW^Yg@NwNVv|8Bdj{gxwBf%?R4Bh(kj8s~tnQ=+-{1cuJ zA&n0u7mxq(S|36(r?X|hdtdhr)?al(j&phjn}L|V=<9uu#RC1qLW?Vc#2wx-&h&-x zZE5cR^8#eQT2ZPYnF|)Q|2-Pplc4KFno^ z{Tvb5g=aqBP}r+;kJt^!2po@$DLM!YI@i%lbt0z|VigP@G5rQrFCg zDA$;DvbG@HW6NMRbh5TVMN}^jtZbDPmFf$VH=)=UWDvyAzDpL z^2Q}fV6UF&kb*d3w4;x{s|e3t=>{G-jts1`3@MWkfHAFh%}f%JR!Js4?eu4_I((_m zt{aA)Mg|W-h%dMcdQf^mj8aAL>}~OYK;BZqEi~m=E6(_51%*~D!GokiMdBqh0weA$ zf2B_~g0Q!~SM_SkasiaV>0ACZdX!2dnYQQpg>Cvh+&&@QTl2Lk%{v-Pe z+9`DVWlOx^Ve;ZAeD2ZeP`Kwl@aHNVuuU!n#_VEmhNRc%b#mblbgE)bMMErk-hxW| zT)n%jZjtP9{|9YCWh6bhPu>-t1VkXL%|m;a8)2P=~NvBBru38#PJ z9zpGi%s&g=wFIxh^TI;ass>+2Omy$Lg^u8QYT>g;uReWqpC;_9mCCW(XED99Xrvce zS!K^Vzlhie)dl^Njg31PeigrDowb)ONjEOjt9i3gA0_)THb3bdsr)Tjig-B5(&=m2 zz3p1OTbzKc0@aUOpa{2*AJ`2u9SG606Cd@)6&-Lbg-rffJ+a{l&5TK=BHdT?z=`7; zqmUecvhuQY&vCy0;Rl(s!t<+p+LPC3ZE@=p_UWlzvy4&WIu3J%p$0=2>PWxwDn^d{ zwHf1p%Lvb`z&pyG4?bc5pNRYnAM@&pwF2|5cijTZr1N_5BiU;kZqy&SGVQMArdZUf zdiyOgBbcm!sh|2W_nk)SyJ+FpV(gB@jD76;&$c~Qe^Tl`9*$dn<~7lBm1*}KcTR{Pb4%MXdSSN<7~zOy#Jwygm`aBg#ziO@llXvL( zKz~0UiGU~~A3BkO2UK|7bSEv$a~jNsn)1XY!pfStO8=@y@Ut62gU?3y4=GcQ3O`0D z$o>X)hK#5O>8L}aH#5Cf5BZF17Z-b~H=J_yMHQ~M!p#pc{pI!K_?I(L!8IeM-7l#I z+m69UWn@cIVqUAyy!`g;mU_6@%F-3O!AY*9&*p9=i)1KPDqXvU*DOzBPz8o%?)KHX zn^BO~^x5Zm8Opqrbwolg?J-d91#?x5vF}|zKPywS?x&8eKuSuApE66nmxY-D92Mg* zExTDrKI&_|eRN`-s2CPO*J{gSm1oHF5a(XJ) zfp-~Mp<&ryUEcSF+p(~>dfZ!7PuhRL{q##Yy{+tKtI7J9v@y4rwhuNt$PDPm=!U}* zT6;$xqok@C4AgvMVOwF;xzF1=8#3>pq^#X^N9GUGI~?`cc4&7_#S7L>|11;P%+1$V zPi6O)KjJc`Wm5(HFGjD=(P~d1IWla)5G|XG^mg-Z!sp*;15O2BI?<`9*yOU&25m%E z%Pj?n$kHIj5Qh9du>-qdDh_R63?F@Szxopt+K7Put=VfIFn@rSqRT;bo>u}Q>Q96e zwg+vq_PoVD%i+7SQbfI17{E7+d;0ZYR>{j|{7xdfFW(#^Z9|AlaWY*0Z1?$OU2gl> zt%$c27C9}|DIcYzm2ler`{B7S2|G!f7f~V*&6C^g7sALgcnmQnA74=i9xN+kMQMND z44ft)6F{Fo|Bx7GD>NvQq-yC((XyV0|Kc%!Yk#ha!EDVhiP9HC2J0zQn<3DzNnuaA zBIbg)O~+6K5f+bb7;_3Dl#oj1QAhS?x`sL`ITl8^eRUN_s9v^CyS{H~){RZ-Ar>c~ zU-=Yj331~d6V~1h0}ASYt9#;PxkBUL{EU={Bikuv*JxteBFHu6Z->QaCB4GeBjTIX z3D;peuHa6~2}gZQO-Q*-fC@w3b^i9Ux7|FTHcU=gw~ns4BZ7X0URdm*o~zizxfkCz zq`Z;cx`>X`9Ip18R}rzc38bZ_5B)qF%8aP|2_9dtB{17tCkh{Ce;RWUIw$gBWN?_KAk&XGpG|0&F#c5Jk31U+nTm>{m&F8J&vQ0F z!gLnlV_%MyU5WVZ@hJ}wyu$tOKG)jq8ir*_lK#U^|JOs}rBe1**hbhawpT>QCfBpJzJhb;A z1M$xSbs2@F!vVa*ZSc0voxRkPSv#Y2k^Obfai?+J^Bth{S?gIEfP7b4xZ8(5UCR@$ z6c6VbQesY#20TeD)H?!B;*q-+{=z2d#22euMr!46@3Kz6er0u78v1>!wPBEfLX~v& ziw7=OFrC=2%_)V>y2;REwsN_03qHtqL^SKlf}EcA0I}> zZD*TJk&2?GO}hE_=EKk~WJ0d{Eq)clPIvV$zqXY#&(4eBMHe2ZN#$dmijx-liqNi@ zxC25~f5Hd9@^fwww*LW~Scm!RrQS1NwD_2Ak4Ers(7qYK*#CBv-FjZ?cMjZQi}4c8 zc%y|$9Hox`kz~{$#w52~E@*=jVfvwo*3bXB;QsFq#sl>J5BG@$)j~|rYnD#)aFm?9 z&i3fUfN74na0R*7;f+giM;T;}-IH-9rcpvtjrJgUK^qfzD)p$i?%*vZ>_^mJ> zphPlZ&UIO#uU64B+9zd#b?g)S)a=59tno3~+6;pU>1nCnAOk{t<2rS^s)j*Hz@p%;!Fxz*Vjgm z*1OM1xi{uz_>6D#(fCJ~_n0fhe3a7VB)>k%a9X_Q##Q#;iSq@o-q;~%V#hJlYgwi` z%@2~>PeW%?^mL)2mh>!hj8a7+vVK)-C{0pr$AWI+Frm^)dyz;)9-F(j=T#*W{wL`_ zQeVMBtjI`svPZg_Lb;(%T3C>W))-2q z;O6AEK6t{W$&0O4jE_0^URPNb5ZNhMW}K!v_Se6fEmz~44iL)L@)_BEACHY-?~cQH zuzdUTgg(m$a^@J!9<#09N1!U;$`e9kg&nK$V)qMZB=eZNyZoiV2KVbhr?W!ud=V4( z`;Hg9b&Mm^7m)6+i9cG2&Znp$g&;1T()u$eD^$JrQ@=K&Jv6c>tB0To-~$)-+S!sHQL0c`H?fCx6PZPEz411)r!kevT`?Q>82*)-$+!-bR@2gQ(_ zUb0?CTwc%}%Qo$tfD+#(LMR9(S@MR*b0*3*#w6Kb1A@`SFQ{$TW{&!hJ$73l`!YdN zNN>O=D^MnFNo##=*145TVJYr%>=vtn#|5%7nwaeR;xKVZvX|+uCBye+uL{=P(Hr>4 z7pPLv&w07=h;M%X1(nH~Iud#_;5j*yURsRqdPn2+n*UY@8Zljb0z4K!u4juiNA_uxo7je>ph%o64UkXhq4<^jT7Aa12jMo-Q?B z0?EJnSk4yqX`S*W=fYp>j}kpTi|~i!O?EhV3WrYxp-h6ewEMzbTyWnwsJ22bcjTFp zc6;0f6$EId*6(hgIHo+}@VSx87-RdL5d7x-KhC_<^;4Gl9$^`(d({TTZ3o;ccrbg> z(L~ji`;zo3(N}Su&zQ~oh5BzvKJC8AwEL?t5=EX|DsbLc9Zw|IsVVf7nR_NfbY1tG zp-#i=>OH#gyIOLY9`|yT${Q8C2 z2=+=m-6Osyl4cow<`w|SPmPTlbp4ZkxhXqkx)}L$eQK-VrMOA=6yklrhFQX(C75c> z#=#&gBldY0fybT&&UfcJ2hmT;(kbN|$^n9A(TLcJDj$0LSZ*p@kzK_bZ z3yC8HJzm#%+zQ9O^WXUUI^nkF@FqEEQL^-Rh@cyvp`j_mRFQF%@;3QPvpT*X(Wd^} zuD?g!)aUY|JRNzr=~73=?HvoMH7QXwvL*bcOzz4s_Od+y z*{VzU`OoY{4oEfZ)C_d}Ho(M+SXq*BFn_e5A!CrG%H(UEMK|6b!)5%E5#GvI#nsD) zz5z>Y;9QajjGQGKE?B?G#IC>$STRmKnSbb;v4Yh2 z@pvB0iwN{TE#|chPk7L};0;DjdQb9s1h-bqOC9t}eG{FBRyv@!D0c95U?k{~!v`K^rLuEL3u8)_QBJ2AD2Iz#geXcioV z4$$U==DE@T8EU|-WDLaaX0S@S=}|Nlcb7%t5_*L8>7dEE-=+V1+-QyH9L?hOB@3Zq z>s_X%fu+tA4yjB^VefnZUH7%w?*kjx0`Bb+NZ7L9SkzEj9Wr^!L&AFN71e|q{)ES zTT0i`8zXKQSG?xV@doP#Snzd$Khsl0Z zN#!doR`gSNeJLw~2SiuqSo%3UeA#&X1wCz@AM*FY#o0L^&hLS=$<4Na(K?3Vpqy>5 z(%2EpWEk;!8}eUU&)Q|o*k1zcN*oM(!}kAd^VF?yqZ@Q9aGt>wrdI>K7l`<8BXnuV z`M8(%3|%W)8Me1lLq3vr5zMUx>`LD|_S1Rao(VGCU0R=(hA}jVg7NnwSV$h4qf#s= z)%y`zp^w+OG@1!KSNx@B=jP7-5<%H|Uy&iHVC_Y*%4P|x7`>1r4z^ATT=XP^vrBYC z!GAqC7^l9_Qwnqoa$nOFa^N&lZonMlVLq;vhLX>)JBSDrjRU$8Xz=t9;(gnh!|Wv2 zW!n*id{vr#3`s&vp6M`7uP4-fn3W;JB_m=Yyky}#qaTWQ(-}3VRhFQf8@k)TLSoK! z9QFAAd+@Sn`uF9eqrSm^xVmj@Y_e<40{Ea+K}LBfUM4?Us6#K_Z@6MXb^1^yy=+Qs zQK<+Thv$VfBK}3U1S$AtdD=fZUoeY}cNu-l73^KceU}w~koA3pAXDxr-g0NN!X(Jq z(vc?S6EvgeMGDx@tYM4C9&9hjAL9OT@6o}PzpSpf-=LugjdcU%^I}_i=X36RB#KahZ1;>i@EF0IrAin%&mi{7D%7Vq|JIr{559w~CSoIcg?sXC?dQ^$WVij6Ly?^XBQpFW6 z6yqd=gZ6~u-6_JhHT>n;){fasVviLlYUjbRbgbZQzW_n;ksP!!B1Ib~t-39Z3EhF6 zOPu_(cIW}!v0kPTBg*o1Hg%SE?wN)$z>h#i)8WO;ax?*ruabA;2H5+(d6BSt`CUo$ zgbP2_F(NqCG^vIg0Oh^AwA)Xsd$LEc?s5a@srNp6*JNY~jG=^*a=%8Ve@OK(9zR?1 z%KkqjCCro@Et2h{Wnx63`NbCdfG_J?X7sU@afkc?M8BaSX*=N zqrctDy>&rPmZ*$$6 zpyB{h$~pd?YRC6on$Ne#_*41VQ(srmpZO5Oiz+De&|_AhyY8Tvt1I`1HPFpPlh@uO zsojdMKPgRoY*}Y-OUmVA%!diCmT%h6rOx1>bDCwht;qS8_RsTQX(aTL#*3ULwVoVPRVerH#f5`-|X?7;zDnnF&y z7@29O=a!eHa{#rq@Oxt~elc7|6Lb+ z0<7w6?s={TqQ}kL-f}Q@8?0S(%&)BBxo|u$E3epWr)99#CV+CLWg9c%(0^HK>hrjdtVQA>)?(qcJ@ zLHrUK^CZ#(v%+Z2Be}o7ynK0`qu%Q`)UMu?!=7Mm0C-XSPH3r#0)k2_cbOnz>2c*- z`rQL%zK?Y)#%uE<{&zwqTz@9h&(QUcN?f*>N@ zIYK}{KtKfqq`L*_6v@%u69E;G?i@L~q`MgnqepDd&FA-g|0TBF_qKD+b)EBmorp^U zuM27ZH;=p`!JI*--@je$3Sb$#uSgXc?r|;}UwD12)bzv*wL|`V>|P(U58iIbNULV=JxCQc7+PAoRW23k>K-dTW&MyhwPh@C8-iPb>OyN22!h@I z!u1xz?Kj@GM2!rKg)!b1t5zgzG7Je|Ppl{s5%$3wN+$&S!Docb%J1FW&Or0+Qz6K} zWblFg;j(L3ce4%f=qLO%w}$L7TW-0R;gAE!=x zXd5t1JKp(u6MHyZ>Nr)Wf0&?M$UD!Mz)<}%PrZ19)qHDU90erQM*)cGfEHYZNP(ns zr^^D!%r$m~qZeD~n@}aCiwrpOC6~7R&(9%I>=>O={R|H)u>eTe>Q+>>v2tMPC&- zYE@R>^6Ej|lAj_zYScz?fu zQ`07u--TNst;H0r+f%QtaY*bmYLs-%4T6@sX9{$3$RJHju;T}x1@b(Lc^1prET3{0 zwpZ2@ch_5t_;ZBfxsOQ{5Wh#z(=AZf-H|tMZEYPk$Kc4wdh9$T487}o_xP{{?tPER za`wHEL~u9f@cXi4hgPZoz*V}&+*Q~2sRez&QeffX2ExRR$OS4Sz z-7rb37OFj0fB0hSWZ-tXWjx^-O1r?&sz+F4Et|tE0H4aSVc@V{_)hp2=P>R2*v^E( z(mGTzwdg`!uSd7*Al0CV2$9fKlb`w!Kd>-74EdgG#a&*uw4n?+@(BB4*eWBL*H6Z( zcVCLim5YFRWYyKi5HdNeu0WeTp0eJQo{|FUSQE4uZjIlIe}hqIz$?gQCjFaLD*k{z zWSBYg#$U?HZ+HFIUG%7OMl@lUU7jJY2>fA>krhTNb*5(BQ_i_i3zCMX2(y0HFnWXh zbzW580(Z{fkGLdt*O8wu&NPFk-%CY{%W7R-e9tEtz+N?rIan3&4cPtiWsk^WIQ`>Y zN*1s52u<5QmjhE@&@0f}9P?6wP-g8e+&5w*T*HNuY3Av(RqHSTFHK~{pI0=Wy*w^3 zRXaFZ4XxmhThE60_bYwsQ^E=f^UmLEfE;j}#DW>{x};S^=P*CPD^>lcHx1XMI=l<^ zWP5M>-Eiq$qxY1W#uX)fzp-W4&4|8X?=u`0&>0$A^3c}|B|=HT;*d|aG*uA#-=UV1 zjq6+u=u6=q@#Unn`4^STx&dg2J>h#~-!_`7Ra(Os7!hZs#r@W>OR8ys9yy(D>Y$5a zA@{_iEnPr2p=Y1DY7g9?*VGy;`8prvF@UtT87e~11`n{yZ?FPO=3VfH@z z`CD1X`eXy!@wbm=a#Y5q+fA^{3*YPGL^$fu)jzMlv(@arml?;omo3cD+iTI4`Vz_1 z*>g8O^SKMjD4}4{Oe&n*GwxaZcN=wPzY^agMjRbGL+Ojw)a!Pmu+%IxOhXU5c77}| zEIUu-Z5XalGk=dgz~iRr?JL+eyZfYJVn?Ao;V|sk96HZFZ{3m=mMJ>+#L?K47B zkq`&F>#NV%(~<>v=*XYJZ=i3l%Y;Sj@T;sDkpSoN}lVtx3-8 zV_klEs0wGc`y7G2&o5qUQ{lzqXdEUQt>ZnpobojOO!(K6g}j)E_&Za-(x+5?zSAM{ zQXAK2;{WJ4R^O==Wt?5oe2|saJXX}7#?$gliNC7c;*CS_DL+%SKWoi9Y1CK@O#)Wc zdP3EbZ)5)@++-xxE|&~aT$w#x6*`9Spm8#u^{Kbz#aq4xHJOv+#-|GHXqz1KLp0k& zrS}r;m_ab6ejn@Gdg92bRcUGUSEc#qHpW&Y^SV)PQgCU<4eaH&)wFk&fkFeE@C;P> zc~0c$njFH~9yc?ewlN?n@m9)A;rS_zEkaRjUQu?91;i*AW=y1VjVrlJ*MORg-2J7f zkUrZmplM}&7k&zPsOY1uTE4C^yC7DilN^7!j^p3mb6F(NbH%zjDEf6}Fzq?hWf$}# zGkvV#5zW>&aOp2Zv3Ey!1M}mw$n_i#l4ZZmJ#Ze1KTGRP`fWGMj}DNGGSb2r$1 zm|9_iGFtM$EOtJsxq^WS!7ylE)Np4X42wqZ?q^oULP5+*@N?IHC)be1~iX#gTG(mD)%@^#?bGGaD}MiIjMifmD8~}=+?Mwu!Ik&7h^s}L$S|j`ZmAf_&*nV$44lZrhNH@ z?i(J>fOX$%SJNKyjzJZb83I)rIksIGai6rfUd~?u@J>&>T4Zm^*6f?v4>XTV2TZD9 zm|b_zvMFDP?03W^$o$qDUF&-PZ)@&Y=O4-P@prJMpCv1SZTC0fz`IQj*OEvMFj-7I z$&(jTte#5&l1}xjJ^-6fYU!-W*+WPr0DI`eDwt_5`zNftjo!kQ)6=82qNNJE={02{ zUYZ9mfT_l&ruIlavUi`Q{gZa@VIeGZ;Hcugs!7T{QICC}*^yZqj;Bt2PApfkq0Jl3o;}Gii1Hx| zip+cFrqW#xU5GA8yl?Q%~(%~(gbf@#m@Tx=w-$!UnajSAXPHMSV$myxm6hLU27V-!|?o^L96BEqI*Sj62__ z3;fW1wn&3i*mjH1IqF*P`57(Dl}WTavAQSdN;Zl17;K4K-TmDchtu(k+Mjb_uZ;Y6 z%r(r&Uqhm*&%3Z+{1UZoK)Hg7`hPQTj3xvR1~|&`erz-vR2s52A3h@2U7;>5jAv#F*v{)&RyCwLpy5^)C%H%p_=05|x_-(qo~2g07bt1rh$E}9@k)()NQ0ULX+wA9NAIfRl=Gj8tX*G{Fjz$`_zR@dF$H>#L`)-+sFw zCBkEjD~6HvSM*b$v{Un{PqvIdopQLc-ttV_HB9NI&{@T^QpuevE!Aa@Thtt&Lf=zd z^5G-8v@0rYpFs)X&pJkXUnt#$DLy!La})DikEuugq^|%LMT`VoxQU5Lx!eA>{f05{ zOLKjJSahv%Z`j1sne^VH1s*=C(X8M(#ul9V9u0qQ9|N9N_&Gpf^I7sA&78%2ZkVW+ zv|YT9WPaEi2VT6?0Jz-Ypu5?ynkUq1{2vx{NB)+s z3})<=m-EH7wDho3gv&oY-wUg^JnIzKnoD7c31i1*g=Y3DZYQe+qJS*rX#QECYPB2 zq%%%X;)91gC1vZxP$c_*j(Q98)f3dU8q_j^gPPzuKEoF;_irG-J?7Q@48f~;&}rRq zei@Rb`SOmrOBsYh9CqXlx(*SaIM;=t(WJ~XCkiU&?^KuAexy)eltqLY>Cc% zw|q*6|YGlI#%iGoYx9w17=v-Y14gJ*(W@YDL-ru@g56Lb7e?zMYY8{*kvVuGU{yTOmX#dZ4SR3QyR z$)>i##*E6?hJxJ$o-mphLO(^)3Yvfzm+C3!Whnj zm?S)x=VyGIHyK)Dy<{y=>5vPb|NViGfE$mFVyqaC5cxh9x*AGe*%0%{a+hl*>#`h- zONKMRr@sZeYYp7+CAi(AK0h!vMM@1f*V^_RbYMF;#p03ZFs30vgO6fyE{WzxuELuN z$fwCq_B&9y&EI~W=TiCh4Vq^!I==Zg;7H&SxWlw^9!5A?z&%zr8#fDAO&k|tYZ#y1 zHXpi_#(MuDMG^nQ8qcZp$GYF{D8a2MCJ<=u5>1RtC3cN4DYOwhVNP*;yxeu^*r9kKpNRPi1UajO@(~8>$MZjNEvXjIkG9U9|GD5(59|lGi-8yogXUPKR zw2qy3bgKc82pI(o_s;1N9X~=r;g{3EDB@wz(Gt#5>$(`4!W%EO}cvX~I+7x1E#E;7PZXML^yNt#J z(C>6)kMXIfsE+ro{iW}{mNmeknR3F=10tmaPl@x&28A-YvrOfO*NX&n;8x;OU zmw1B^i~oIi!KnL3fD>L9FrapvNWBOaMNJ*8j4WLSG_QD%bPhnz3+vZyHL>3wuPBhN z$3X9zyjD7y+Yt!<2W{>M4?=2%St7g;_yfrY*{?v7&lOyr+$r|-);bjYc z-J%bnNL?)g9*EFtMv0=aWiHbKY3Z;sDEvAXM>>}Mx(5(7Kq9g(Ya(g#^%V<5VWF-V zkGc#{+i`omO=J|^#M6-O|Nd;j8bmLe(?sTWdRp(kLoRa>iHG>PjFk4fu7aG43ogi$ zLL|OCT)s}EUN<=OWx2o4b<4Lm0OHJlA?Y#lYbe-=Q_F0!UqoqiXIxE87`h^AlMd2P zOSsZ>ndcT=Z}l|}a<0G8uSbN@-=_p%$I1Q?^Y>(P;B_xWkos+RiUE|`oVw*$=D-8{ zudz){zE_^m+v2NN>VMS}^tPm;(a? z4=-HILDVanNA)+s-}-a9wrX?fS!m#ya2afNZ+OKs08NTe4m|ki&DCwB~Kat2|wQQq(F4X$@RcSS@A%e}9tZb8RAi zwFG~;?4?jMHY6-Ud7>EGiTt3A+Q+so4o*HX;j#}K?cNhR^=vE7RRec&Xf zi*A7ApJl9P?(U@`ZF!@A3ou&1=~?!pOL7;q`hH6pMgM}F43+w{R2@DmQetY4%!o+k(7hxy zBtDSyobaw1c2`8>}<@*b52oHkxHx>Ulb+g?<&cKfky@T84b#|v=ZV!<0$6wAe?b+;y&r!^; z@xk&?C6~P_$9>O|0Zz2U?PHOP?G*>@Pa)zwowk2*<(*tGo+FxB+J`IFYb|Q=0B} zR}~l`i?8#Q??eEw;QdGY>g#%2=Rst8e0gi~Zfc^a4-YB+N5b;BR~+H+4=Pq7iQ<_Z zK!~HfgOE0_Lg z79?a@gidQHJ`rAxf9Lc54!R*f^{T-XSi14bx?*tM{B!8{)@Mkm5u`pd5!TWvCyh%mqiJL&i5vrm~bTh7-Vc2+JJ_=ft&iX>2a%Q40 z>39pw+tC>(9W1;zwSJo+Q!ZfR?)){Y91>=j)_^f_{H;j{~rgE;l9x|Q$VW$i^AIS~|8OySM}mw0-&Z6P!ablQb+Vtz6KaO|Vb zulcbZC~UlPt3{vv*(T~F4vjA0M_qq21k2AdtSj6ud4#^z_fySVVkcH5#&5A0>BM-UprP+l1PuY^Q|)+$AffNHx1SMaB1XJeX($@oi#aMuQ!iq8nBZzb-59uEHYJ7yl!j)ZSZWSuFt94wjZWRzU&i;5KrH1-i8(WolhJLF!UTEiL!UIRg ztEISr=$s}G)(^O%h3q`LIv6Su>JSl1=IfQ4G2o4Nvl>zA`9{Lvzp;AN6L%|Yc5Ua0 zQ4ep$b2+*r{Sj#L1nJ+FhsPZ4*?KOKU9&CpW`DnH%5lEJb6KYO;(G|6|J=LkSo&~f z=D>$sAEZe!()seRd$`5u{?QC)ieqDAht!|PHkG@MTctV8e3Ym1{yK&~YW93)gl24R zF3P^FnPJ)xNd>$kD;bttkLa*sK^~YIhF%Om)pNd<1;Tx|fqbbCb{?!>ZM1jUdFI@f ztzT7+Zo_m~uAo?l)tF2TW&oe*H}v?f2IuJzKUS4DhRg`Mr- zD_9(6&x)OIP>j`}F%DbMa{KepWxj-&-Y7`vM$ZxiUkyQaz55KVn90j};mO=a>fDM0 z&;G(r#pFvwk||2PC+hI+vEtugHS)&b4SM04I<716mZy~BpZk*svNXEKF>_!QC6&aQ zBgKY#yAvN?smM_g^BU7&8d}twL82gQo}7((Om?f^#*OlmN|cQ^li~9IW!_S}Q>W#X zxK$GvlJsOtA0IqIHx_8%q~5X)g%0M!*%G?7gNIsw=l-2eK396NpYQ(*VoLqH4IfFT zy&YU0aW?7yqiI=|vpenj53>HT$5vdssrk^8o!yg0?_bBb&iIz8@BH6u%$=oR&9>%F zmU4^DP3z)ES4%qV{jxJCG!5jq8xS@7ClM@E=p{Hy{IRW^Y&fp=Jm{ScrQcc$v;w7aK2W|Y!}f# zQCIxePM%UiSoQ1X9RpJ2Imr_VvQh@;HT4&9Z=SZY-CAv@FS{rxT#4~;I=;(1_>-wK zsXfhsWxDSX5U{2)>e?QWbf{*W%7JeWq3Vh>dH%_v*3T z=T7x3&aUNF4RTo<3dTv0;){3vFRCgun&qCUZQ6`Gn_t-kgm7RzLyd@5IOud%zSPCu zR2Lon)*7&qHo`I40Q-V5oDvzBu31%&)AuV;a!K^;1l2#nDbSVpG&h{}j-;LmXCGRi z4}-6ripNFHCGMTs^D7!t#heoFu!;&Da48QMrgT|F+Aay{FrjxWhEE!;!pP7lyKD4o z@jfb@o?35t7v>i=t}fI1{y8-ApG(&q8J_wXMFGu@N4zS2h~{?$c%V;OnhkG`&C#3G z@EWs#di#e&C0p(ua!hrWaa#Tnra@hy)wbya>svqlIz%6y%#HYvmgUFsf)msB&;!#+ zGJQ-!NfOFraT%mm{&snZ%M4qT!q6s$+mk!cO;bRNE4k#ThY$iZ;dK=BXQFO?WvZ0h9<@KM?(;k&i>SwptDD?n&{4(!1Wxl%fE_V z>x$HC4RA=$T-qmj1$?pVURDIXb09q~E*_#x)SrM<`kDq87k6}QELiOmTB7;1WP06k z+9*`rpw^`O&wJUIPER2||02a!>&+{!f}dS&UAD#@NP3ugc|A~9SKryYG$=QRmv-nY zxUQf671Yp77yVvQfvNNB4J_jqWD8^O=%{BJdTLZDO+U|ZmHk=`hT}5V$FcgGl~mbT zlNWWyi^c`=6s!ZMXGL`RoaCk0^>agiWZ~65-1*NFsUViv*=9RRj4G?)HY7YdM!d>; zl>&lfVDh>mBO)St3X9m55=K(g_Y7&xhdYv^3t8?4tiC}Mj~QbtyN0paJdKNE@! zXZjj=y=}Z+out{}ug3IW_K%1tO5#{oVD@9S8cGjlUj9rNaGVeM@vDwHCPrP)=fj}A!yI>u5&HLNETWVD0Ax)P>cYaAb{%h57`ctTAGYV^erh$SPeP)fgCA8<0l8WX8 zUVn~r6BD(OOK#Fm!~2o-OVl>7ARdVQD-an#DoVK~RuyW?9v8gm8-Uik;=4Zv@<9jv z^05!_)>v*I>~t%m5EMX;B@7Cphy#(_XI+=O_qrwsY_;RHxtg6uv(Vz@&$LTElPNaL zASUChT~U|IwHrP$p>JWML2A6-*h`2h`y!0$_s=j%3c}gK#vvFk1lE`Mz)u*{#}roS*w_pxOV01y_;``NhU5bXn=M4MOs=_MYG;T~OALdzOq)`j#CXm`r$cm`Vi!h3%3}y>QPWz2cx$iD zP}bR^L1Y-p(&6(i!5?2LHCi1i7jv_w|IGrp>2)1*yv|OZg%J@x`U=60ummN|xXp0r z3qUbeEf7rSOFC@C@3L18hIni9U1LWY-mlB;fl2#*es_(Z$$v2|yZ+8X$UotEuX6=< zvz!LD+P?_0NcH-*%+KqfNm7n!(*3;L<+}JR zp{;?D&e6>Hibqs*Hh!-di)#&H!k>2P(KmcNW;sJ+Bf+k!k=poo;r=8=dOs+`k>N)z ze_m}Q#?kY=n%$oF$a#^s1mx5qKcOR2{=vK5JyHUj$>?k52f1X%%2Hk0c9ARE<`z7E$lkK6Qn`|a&Sb}UAJ zy9`N;@c^JwUX3mH)Rc5H?0LuG7B12C?@UH<zC`aBhH15+>!{}|?v+oV5;=L}F8VvICGj{5WZd2B{4S6}@-^y# z9e$f!Sw=Xp`^yidX50?c{K4&KeG5R<*mNJ-#I}C3@_P&Yj1D= zAvXM6g`r2dAo69Evh3LxAZnY>$L3t+L$A0T7Hb)6J`x+$Id+-?fqSpC5vvTk;&(d$ zhsqKYwNzqNpHK#?P)PFUCtgYyL$V$iQ@V$uP1Fpwmp;~1!_Fvbt{4@(q_2RZ?Wm{WThG&hZh_=M=^h2*r0tpt_ zpe9?Ui1Tbzv6B}y7FMa>K%v)B(^Bjvm+mSr>f&g7e9uFWp5=Q(5y3CW=Z8z~2*sIt zTS1wNz7dnz{*>ql7S$1^y9SgkXWSH_dMMrfJ=k3v&2iSgiNfC)jY^p=gG=jLYpNu?Sh4t<+p z_J_u`qhtN}C!n^wB6F^`dqANEhxOxT0!sU{b)>@l+Wq7>$y(q)d8?*fG++=WpFm=F znS_;GC_mRQ*@SiIZ~gbLR_bwjo(KtVi(1WMG-C=$5N?;yB&!V0=SRqx{nugT& zVabVV=!XAzrdwkx^xOT@xG@~VJqcHvEuPUlc@6Wrh<#Loi8#r~&Hg9XK!LoL@?Z=^ zT@LX|rj6d`Z~isr`^WrXyE@`C|PDvpFTaMXFa-z)#G2VC{_Pt;`+*B+0x zQoU)|*)$u^ea-EVwyv@OH+#^9rs}MH?8uIv9JKxkC{V>@{@r#|U^&y;N1|V6Klk|e zZ)sNctYFAC1~XSu9(Cb_FNMds(mTG+l_f<78a192NhNHF(>=wQX!R-j%y~l+%{-~u z2NkCBI()rKMfni*0CGymq4O`r;YGyb@EDK~bzwl5=uaZpwu7Avehn?w`s3Fee{df2 zjtLL-DC$1mLdZ}HG3yr{uwuNDZYYwcbJ;B+V5>iZHtg(6Tdyq|IBrop$?ak>*h}vt376^C2)7j9a-`% zed%7%_NJE8aW3UnYYUzpLCZ6?#*@_TZ>P8fUgBY@LP7lb0=0$*@sQ9>hrI{gy#KC6 zlu?nd`D4p$r7y8MG*u<2_V^%NR#(ri10!jN-MU1(Zv+luk+lTOYBRkv3$b0q49hzb z#-5cZi>E`FKQfQahoL-=evhmo{iT#H1{SCvd=x0Gq|O6@9OI2$4l?t1-78eHXhI!9HCj`V|1n8FQ)G}GrR+wx7M#e3L#JJWN3GNM08HO(WZHjbNto3w^HFt}Rhv*%ft>$I)y^55zF4wKX8S z{#fiy<_rM_@HOsnE6(j{YkS1guq_YxYL;Sa<;e7z*~qX_lc;!${QUfFW*XV$wxFe# ze`8{QK%r2v+yD|HqTl9f_?m! znaxf2U@)cXSbI659i0=7oCjSIl83-Sh8F)v;4q=-mP_fNmYYVGQTr`Z6bl~fw;(|c zX`BPcl9^h6NhY5St!~4q*(PV^!;gNx7Re`x?+Eyka^07E1yIQ_BC0DvaYY z<12yI^E-5#OQSgNwMxaaqmWl%`B!K%9w1KwHWF~Z+FVY$wGiDK;dj{BjZ9`;UBiG= zgc8TcuRqQ0);sSY+%Y9S)j>=y_;!7;M3ZUYXI{xa0T&VP(ESU6Bs)7ebgiC}cHf&> z)YB!Mt))C~GNf?Ee`$1{73uJM|6|)<4#c>_4gut;f_p3MCwsO}zlzw^_i2;aD7edX z3z%O*K;8mUQpU6ixhBs_2k8)zLIo-93szC!STND1iK-bk{P~}%=t*}o}6Lomyu)8C(;%#vrAc?y*{;1 z9YMC7VrH_=c!gWD-6Sp^&QkM0rIVpZxio zuvN?dj-|2w-_ul7+}p=h4$2os$VSjetsBcm=0evaltTzl*Ui-+A!-9C}M#ys<~VdRAL=1eOAWQB9+`bB&8>me z*Hb$_L{}+?KPrJGm1`OO6H-Ur?X1{hcZD}^IHt#X!+v*)TF$3dl?ZmH%;Ey6X8+SG zrG9az;gTxu<=6{$U%b-+(-q=BLj%=8JL)mB{ee=EVc42~r5gonguv`7}1f zO)u_vPdS<6VwumSghbvu>yesZ_!|2N-$DET=oQ@3HNOch8&iMOA&U%hXhZ$}{7_fC z6u+O-dtqQ<*LZi?&Z~Q7DNDV0pD^?}SRKC1huoBSpzCbUO<#2Q%$ResuAS*6f7!#R zP}2vKJ1J*q9^Bb98lA{KlT?bo*~Y&Q9Eg!mz8V(kB^?YJTYBuFhn9&XC-uMRs_fr# z?V~r9Dj!?_rLbv!%7akh|9Pbs3_rFoc0ml(>VSez%3#V&^bd{s0^G&EFQG$jGaUfU zzpV8rC%!whuL|2|v)&(vCrI76HE*7;9n>a%PgpX!P|dx4(4al6`tMS9*6-QCCa| ztle&_cU{MLEUK0Us(a|U;KqCJbp-6S9JLoxLorEZZt-(J)iUsw>I1d7Cs2#O$^xgi z4LFZxZMbOeY$v^Gw;&t+f+v^zh~;VQ*vNI&{Ly`R{A9|GTp{8)YND-o8(&@ldv1P? zUyM(WN)k_>FDTSan7xjd&YAsr8x0Z zr1-?dveD_{{t_Pzdh$LLn|A(Gx780=E4yksGN^UxX2F9}C2>$1+k>1B9lkv(cf27X zA|ZVSre!3Gi#8eG;*KCom#`F&kdPRipDq@NwWkfAh8{{~yWh&YM?3dG16I|p#xw(e z3LfhY*K^RQum=3;Lw(Ro1ob(M%v-VJofUZ%u0P@fR16{Y%eD(f$@1%N;qJP3@2(#h zjQQ0v6c?_ZjS_h`d)i3o48G8-uBkD*_?uy4YYR&TnpnA>3qh-^rk)4cvsI&W5+s7w zZ*;rvvxvf{n~%}-q9kBuuW~OjjuNiO@e=0fU6zy3wY;eIyu34FjQl810W4_-{eYmaK6DaVDv#bfz%T}VJRZ;EFa+!f;y zL1r4c1q(V>3>}au?3Ll7#iUj(ut5++M#J>S=b*LTPZMki!^g%Kbw_--);`QcmF15E zRj6JMf)^g4O`SrsGy@`Or><8;N2_KkGs?bT!Tqu0ye9&$+o-$gKs$b;Tp@L=h_50% zV{EC`C@guO#DzWW6XlDCjv~og&krN41<*D1AxLw+meXvK#Gr;YY08mAF7|RO+%pT; z*M@D94{j-T#_4_XpILPN80t&=V<*Fb8xM)R!?-DU?iG+V7Ep&9_ue9U;n&ZZuwBsG z(lIg>{G}?g)X~d^mPBLUdGFi$Lzgel+!$Xkz1H*&$;6k_3$tIaCXQZV4DmntCf4%J zLTHhJv}j>%8b*urZmfqeukhlD_#{U>-9S1L3==mk&ED73@11oueBJyVxtPp$_I0QS zi90$(Gvf70J`K;ye^tAJ!#rJESJDxE*Nev;3 zu55W(mvX9^xqvjW{Q_e-;fIO@MrH4j9PDvY8}JnTer9ArR#q3+)O?sqMwho=HdcBr z8q$Kk3Hotc*qmxHbRAe#48JtiM{7cUZfJh)5vubcp3G4kWGniXU5Q%ubbaht8b|=k zNcMciQ*uYnGuKv+VoQX~@}Dzp>PzNMq=g!x%jm&f2Ry@=)X)!Z1zscPzq-ChcZtHj z_Blo?RN$@(8f3Kg9v7&-2@u&od1vo0MyrMRdQcW%d&e>hNYJa zI0cQ-9C2xLdSxR1z(JnpJ7xXjUx`CX1(ifNU7>4FvuS$v(Sq-zeFFiiZm)e`Fq{v~ z&;B$wO2Bz7xNV)tI5qt4=@FV@_xR4H1UR=w>ha7q>Md@3oqT<17BRLXKZ|4ts4rK{VHOY?GmN9_1xhh7u){#L;GGL%$Zhm zWrQ_xrDacDoU)q^g_5$;JJ{=Cy!fQIF7QO~#3ipczNF_tM}swY$9)&vJXVIBBgach z#Bu2>NAAZc$YKD;hf<#<;c|@8@p6X>~SmZ$|gmuJ()zvrbb6bb|LyFnr~6p z*MgU%|LO3u_%qKwW2{-$-2a^9K06>O(0{$DY)}LaSoK87*L+tTC@Fj1;Sz(kX#2B5dtUFm0 z56nAz?(UvkVX55df?sfHDJdyUkj~A|f9K@ZYjzp?UOVkX&ZCuirPPt?m{+e&Ujmw+ zpU1=ihFWPD7@k%R(>)eWRk2j*lIm$?3HdPgM~yCHf%G}PNw=hD$?)Y_`lMK*JGPPC z$Bw;3;TT-V2<0$50s?0^wScVY9-GlGilj%PhPRn_Dj#wt1@QI?XNs2}@yLdV!g4;NlnLHfqWRsXs#xR0DX>1GhEOIXvu`e;v)*w_5Uk0?svPm1xc`MH=@4t^_oe}3z!px}P2@(NC1f;5fV(L|J4 zP!4Bw-CTUhVP`IGzb)adHElk|W{(=sv3=}8BrlieE7aJt~WSIf487Q*R*F38ARr%BFt3f1)Jd||WLy9-P#TSDhAp}~u$2pHYeO<-J;%6F0LG9X;a5y`f{Cl1oB zZz&-LilCk)f1~ZWK#Ur_&fFGXj0e?1qWLW)L$q(a91Yb7KN=WRpxc7aE(f@KYmXKp zAq$`Bnf%vO7(BLF#5M~kTrX&Ut$%eJX-^1e#(i+#2aD2tT3qpG^HkH;GPslrm%c2< z$i+Ozb$zCO5SZa`EOERaQ3(qVCtNfquF=bve_$6M5z$a(4LqrIRv$j1VY2wXOkJqk zFlG31Wh!=%ob+Ggbawy@N;v)%h!mY^@b!F#%k!IyKhgEy167P_XXodb7#D|o^3gkT7#e1_g<)a1?jG(>U~4SF z!R>N(8^Ng7fCcX(e=plk_WN!hV8btkN&8-!0oNqu?3(COxp^f^phxjA!7k;{Nr5}& zfCj|G@>nz=JS@zRTpmANz+1p-By-0dvo{w>@%+J0UKFwUg*S(Bq{{}q%=IJrwq5G! z75n9D9-#8p~L9MMai`fb3c1}*Pc09&!TU$R9HNLvxW8yXXy38A0 zngDh7HuJWwKIRKtLl!4Qsb+%Z6}2Xoa`c1}Fgo)IqwQ>GybT4co_2ogwDp;{V!V;* zG>%HQIx=M|UD!>+u7(bfC=Zvpajj-v)f6X6d&#`e{>^txoH`-(lg4-;t1*BAns;HQ(=rZUhSx6(ltu_9FM$ddWjTh|!xWZRu31bgOx7-nx(u+ddA zSP<5fx!`c+SZQgb)Cg@8_|hBK$PLz#8;Z+($sZ6tlkrGE!~Wn&z{}Z;pJefYws?QV zyz9wG<@trv)Gq?5tneW=7!c`}b(;%G?oucy1t+{yJWWEf;6riG$j~5$w?8} zsZ}=D-sB5qJfHMzJS&U@WbU;8#A@YC%Hu_WEO(=D{nTl!=wcW5LjN z_l)ozU*!)Qc^$~oCJUG3iDBt!TotuGC9lRsXw1F6CK>Xvi;vNs8?VNrviJ4Ddc)YS z_FQPtFKjo76bDrHc42e83!$*kYjyR#C9M0b2N24i@1z@@#eXWK!W$FrHWU$C96 zA#x#h;%9kWm8qDiF@5Wy6E4-*;czR^+k|3R*EMEZK*ML6;nvN1_*p|j61fm0!;l0g zrj2faxOv$QSGa0@7YVi(i|z{*sa++~5#PY7k^C+CG@e_k@u1`$qrIg?8gRSI%kXGW zF1*o4KY7Bbu#kL%t}t`RiEYjzKMYGq#S@<6Nxd;#u#Oc>99ESs_ zalvV_feP9!5-PMq4It{$Hb4Km(WtCa+!gfnl(YfDFRF`7d`ZLukWQ z;T(pJ7`x-yQN(kVeL#_kgH!!wL_0D%+RV(F(P}I+Y|jb_sJx3*vH}5~!2B^fi-d&S zaUB1X&-E?v;WgWF1803zzDVH58gO^k?Q(>t%kFw>-FR=W3iy%)A@qAF7tmB~a;hK_ z(Hh4UEzfV{7fjtz$TkQHyIVng9WN3SXOzG+AhW}pr17ULO zLZAZ|2;0`dZwpzRF|cDyuF*L*lb23=i{aOoci&b0-WW94^*EtNcj*=9u94YOm9y~p<4hSEQD1^^jjKK6M0D@;R8Hz)>4NJr+TZ_tYl+L@gq&RPZxqmm zjaRk%5Q*zzJ=TABzLj94T)CTUMea4&g+Oz2v=VWWogLrceS6Z=2tJcq_Fa2Q75Rea zcj(&@Hl-@6N5}s9=(Vrldf_`l?j5>(5}i(4!N8*zZE34Otr`kv8sJwC$t zd&mGg0^~C({<<@Ag{9a*L|7t|JeA*0Fr~RP2rS-UyA&M|@M1Jm3~5DFbiUn%@!QdI zlHbLnQTQBCQ=@1YsvaFlOKDGo98VSmA4hrq{`;3NrjywijDYa?=Vk*4xL7Ccw|-Z* z*n(@Ck~6FucKNggeG>A7={S%BJ{z?NTsaCqLH+a$(-Fph81l+5A0>Z1#J}p<7Qzqx ze=LBCP;GS(!|Bz~D_ZLsLPu!LKz?H*Hh}N2x3f{-n?*V+$43Yx1?rCZjE85nexlpZ zOepV)Ff5vE)>SJX0B%v4lMzVaaqSYMuu!8;}^fcNRBpU z5lGXQ?ei7heqKaXdu;(ciDBL2#> zt>|yib>foO9^;r{Jv?!wR_j!JwG+n=W`Y`A_$PV2z4vL$--?629U7@kx6N;<=rYW$ z!S6c}+cKcd#n)QQBS$y)v9c5snTTFrtyE!tN#e`w6k7 zE>{1|*VAZsbff$rjvlQu4MA(6lgixZ8Y5t+*@D{FeRU`ypqnrARLGNWtBsrm9muDcNhL7`dx&#IpH=-x|(WM|H!Q zcxe{pW2@dT?U%>>zV!QrJyY5m>fOFStQ#(3k7PdzTWgZ_Rrp!wvq8e(%_L;b<3EQ7 z9(n-Zr#+g_j2&W(Nh0BiLwy&{T- z7mfN&BHITTQq@P|nH(V#q7w&+Vz~DUAsxZ3JQ;g~Df@6m!-^@oRkXYNCvZCGxEK}% ze7b?iWT;;oT*noNscb_G#WL{&&!a1Ji8*FBjcaUYQY`*69t`A}BXJ2;3+>Am^RcJ&V?!rzst2>KY2@CAT%n@&)b zUTV_TCY~x*?#b6s{czZ%EdtwCKU$i5iSXIhR@&P;1Ev1+;>t?U&O}AGxhnf}hmAow zbI*QuXj#M7)|%~pKQ6G6DESmP)|&LaWQe7)mW#Hb#`7uyiKu6S|Iv_IQIK* z$K9n6ki0;|NEMKeZn_Bg;$n-#kg>$}`0oC`TKyh^PLzrfiLVvMKKZk7qb9~ZAEp9+&lD@dG?M6`Mv7Xur}ipxm_ z4+eYqO1NZq@eNU92o;lU-K2ka|G9h3oj`~y2(9knbUz_~wg6PcTMPx>N&cpz42)^+ zmfh7D9f7&OL&&>)n=#;rR=J=p`Xi!ZPd-HFH{$4s$%8?jVpX|`0B+MKD_?n~UOF4$ z>^HhBnIf{x&dD5Ct?iA0!+lx=p7|{*9+L{i&C27n{wj%BNBrNc-f`6kicHwy`-53%bcqSYQz|ucV*|!gg!W7`;~9Ro9?|H zi?yXv7zj?QD1-z*+WN+)mI}od6I=oXQFB%R10!Km14}nIV^Azl z);aDzt;a%#EvH_jxTp^b@p|bIC^}*=fRi!_FRo3$y?E`1dEd&QQ7JxBI(WfQ60Pi0 z;_+|ix9qg;s7K6E=h6os-$XYOnN8w2WtBH6mvB+6VeA_%ji36YLKD`R8?DjDy}o2k zMA5?5gRn~-j|JD@%90?0Zx=6zoR4CdKqQf z2aivk&bZU4c)odMUvH;}L2}dj*tt^{N3SDybZ2z5D$3^{`Lf!0mZprd;(Z*iv&0$s zzF$&L(he}xM)oqZs)puKy%QdYuev+LpbUP!$~bD2y?Z&zVd(OjSaaK3|6iX;5(POs zlzB&^dt}kLM|gugb7I@3C`u+Q$<}v7U~`QDm?9;)(1a+o%6`r!A)pGXu zUmef)%{eE9zGM(cUxiiIJ$YKnlokH>Js1RrROg+4>aq=a&dGV}=4E!(GoA!a;2C%O z0@8lNjk=CL-tV!z#zcUTM}Bh&sT`FXGVJVDEEq`WoPeqNMzr?{TYEfJ=lc5F_PctA zbpS#huykl85fv3}+RErJxf&`L?HP1?XzT5*>>?dvu+P# zxdUh#fR_;geMfW*^n2f-?S?tibMZ^l(~0-lorWTppkVOiq#7?j|N1t*Y9~|*tN-kb zQ(L6*BeO)J@r#q8`BELHFHWN1EPV+k;VwY$baA_FsgQgU<*{{k^>&k>>p4w$i0vrcRHDwsi&fX4X$k^fZ@2$b1`Vl+C3Ze z5@O#Qt~Fu)n?L=ksQANA^+cNY0r89t`$#0aS@Uh+e$Px9d)qdq$046ieoOHy zGJf0cKH@g4Igl@Xwq66Gl$4amiYFwuz+40qKInlc@_f>!K`=GU+y*<=qu{sQ(mktop zz0*S)j$NMC<^Z&@1%~az*?s&bC`DS#=vBn8EeySe`g8$2o6-}C2Glkrty>Q^f0vgd zTZq?UT*mbiUppmp5JYK6Aw|F6{R~}zKjiE!c2MO!L6tpD?q{kQr!>mxsQASAI%ZJB z^;-%a*|^sG>TPOlcU+zuQ2)tkKxf6o#N@BUY`X% zi+llpa$wHguU;yLhjRygL5)$!xee%@mB+=yC`UAlWO*{<;$_+}Zd?;%g~Rut9!Zx3 zL!_^r1*Jdv!o?_vMP3bSR7}6rUw-BNdX9GYynIuz#ziG_=0<)?qy7By-ow8qZcecx zxB$?YQi5a zra32A43=tFu_X~fw1%z zQ4d{Rn`8oThe<^y!=G?b!QBc!Q%W=Op=&l@U@8-}v+dma$EQGyCdHydPlnS;^bE;@+6Ls2j#HLik@Zt9YlAb|0yspK&MDju^Y5GdM&PMJ=Nx4ME}Iw66aiG7#MM_M*}%{D#7j#% z2wZH{D#-MrSkxgWk8HGr5y00KT@2I(3GE{AmteRTXqc(=QGK0pyM0e--r zUt5W~Y2g3e&|o%KY2fq8kRhEK^Oj>m)!&-z1+`J77dUw@##@(kE! z8$MtFU>L~BTqC>-c@;>_)jNf}&S*C`y@u%2`No0FCAB^t#h|9VxRk16e;mMl8L zXCK6qe(}ljavSC0(4MWjw^0ZfdJ_UITJy!}5)w+%E`WjqG#40#`ywrwAwQ|0u&vN0QS8e_EV9~xi*E!&AhcdKt)BXRx~ciq%e&>L$N?> zwp@NQ?@s?d2D}S8YoYQH9~ZjB$aH=t2kpohzI`)0IntYN@w_F z{G(Ys=)~FX>@a8y3;{Sh`+!30IYR(w^JUKoGoM>=zsS}0)y?qN_4JNj-j8SQ@T+&w zz8olZw1FeW>f?#~dOwE`DMz`UfzL~CZ6;)7yN132MM%8|36f1Gt`ur#0Mg3c5L@F0 zurTJoxK9Op==s5w-vLI55pN~{Jv<0F%>uK5*1CyqVC~B!kSFAEvW^I6#5gz%tik%= zWoYMzYcR@Zz&p34crJk>Z2sSJ)71M*87zx)n{nTlNPZH4y$sEd8u7Q0fqAa07` zl`wQC=ZWi?lw>n#H2+r^mdfwO{P6hroT7ZO?bGi?Ql#uxlOvA?YA0gwop(o2SJ#KP z$mM!1SRm+u0H^tb>+^w)t=BDxl3P-P%a~P-^PTD&6X1n8&F6hLnK>X1Kaannzohwu z>PYjNv@8Cn`uSNsung?kL@my8em$;&y^Rrr@xDdh3E9wX!4iPT?Ijcy(Gha<@?HQ_ zRl%KJ{Ik9ZUwun&=Y5{L0WgdeP;#ZC5E6Yd-jF%L7OXcSr&OMw;PW7=wa7{RF+M9j z%vYWK<>Ub}VG|-J`TKdKW0rbfXX)}nw%7Rk;|;r&(Mi~Cn{YxSl3E2LXc(*V%);2! zDz!nx2Vq#_bS|8uc7fPd_UElE7~WW@0SqVTD;ZoC1}i#M8`h zgw2tJA4t973G=S~H#t%8P|IQI_TehkLQ~Ur*7_Vr!b$ZqnB1X1*)`Vun~QAJp|2?7 zzxifm{LPfoKMae`z%?@j2^!=<4T)RC5MVE|0%FbE@U~s&w5grL3kH9~g7&OL`CYdA z5Bn&elFbck5<7>V4EQxHP3?^V{=|rh8)WrKI{dGnd7bd-R=3~ z1-qatwP^Z;IP`ZruviICg^F6-=QgukNIb| zHcVNBq)(Luxh>IF7FE{r*Jfkv%C<=hvb8rt+@(k-#wc{4mYGz|c;?d_t^!d#`Xk*K zX`uZm=PO|!OUr{7^eTblqdu|_v*@DUxAztsoXpmaUORk*iP%BPI{*h#l~IgiWMq;W z5|lDCK)n+X4(q6m`N;i8cS{%RZw5LRRl}>QI2dMkNq){>Yi*=mGAC}7A3shs5_a9` zNjJ8hfMTgNFATM%x$}_hV_1uVVqA)u@}=E7@i(W{D2Cpj4b{X^W2rQtwNDfd!-&0Q z%%FJ1=C|Ui=cP4+hG~(5PvUr)l`u^YXUdO0QiA?XjJK0Gbd{w~{HVq%RuMdur&qM^ z!(-CnYEVv4I2eJTpxuFID}1aK`xk5FxAPl6fFq0}zpbM5K7ofgMR*NvDqcr~DwI_I zMaCguY%?V^5z7B>hDio&xb8S>@PboKRRik^$WP3)o(-S{psz0uLA!Vr{=e@dfMWxz z4dBCo(L>iXwJs6>=zr*{90n-TxkR*HUS4OTwL2bHVT^#b?T=!tgu&0r>Hkb08#Eq2 zw_KtZ>a0wmcjvkfS9Q+;^~Bo|%~-ciJ0$AIe4914nEMp5)6t~dM(*6`bLZx>gH6xb zAOetClXKWD|9DIhiL5^aF~_}$=UMi<6&3uu5>-c>6%FW!dG+;}HnWw0N=|mRJvCth zfYIG6^|J?@iYG^E(aIjb^~2GI9K*fQt&4 zBaWv?ia4~6fc^;N?WB8)Yaxs|ekj;tS4>}Pfa~?vVyu%ZB*5SfymhGjgY@6qF(i0o$iV$#{BHkP=L=5EUhd)yJpvH*aC&qoObpe6I?OXRpbeq5OsR;W~ z7XfXq{!o0+i-&Vkj1$Jw8%-lo(a&TZ`)oObS37^tz(>#Gj4WE+I2!bYN+ z_5v?Cy=PegTWezh$SVO1yT%uy5(%70?%+Gx*59VIUu$;D2_!rBKA)fU0EAHHTBQ%n z6A1PizOl0^&g{Ncq+j<#c{&ojQ|xOl!_dh5nEzJEXS3dwR;WPp%w>DI5~2mH!8iEy!jw; zv0sdnzmJ&ORGxFgzKuW5P&u#6|4ENEw|)?RbVlcA({7RESFtcI{Om2wvFr--v5+CQ z%VBIb#(x}Y;@8$P%-rlwef7MD7E7q_`(avp8iNC?tT`kaX_?6u9E7Rqk*(B>IUA|? zgzL~q8w3V}j%HgD7m<>L!+RfEi44;S5BY?TDV|i5jVM3*P;BdDV`r6vMu{nI0*bI= zDSA;KhidD<)lr}IHrcm6E{$HC?_Wr9w*SD%zGS5lp~+(*O#l}!U}n&{eEL)Y4v)wF ztPya%dwsVf8R;vTVU<3>w;U#9*&}t4!u#tWqX?9JDxyQIYY@%(TghNneDMP@V{_|r zEE&qEOJq=R7=QCP#Byugr_bJN*iBwU>fy_nJqg*t7b}I=UP?q~J=e0|lHVqYYhi7f zWlTb}wy-l8i-rWPWeSz?axI8g&dgS6qcxJ_52vxGk`pCyxIx$7evbvMTTBUVWy&^K zQ}IyYk_vtwI;WE|xwrE%)_t$?4cV+_oUFtucbj(7p%BNsOl|r!>`)5TEAp^R{`I}; zhOY0RkPsbb{x*ftnk`zAxKY)n%$uR*jYsfILB7?U%p-W$;7Qum{}6utrX)S^4X#sUpfl9AR<-_*VoW{Aa>?(idcEH9YxvAC`V zm|Xk3d;-4>k>c!Vya)C3y3%5)IEcrzPmA+R8(ek%6aVHNrtyFm{PZ$> z%<5d@KO1Ox`!}6;NhdIQjspOkP~~_)2P$?M*BVq&S@nWD@W2=k;W1)6N_lMP`6Nyk zXz1ssIZxIi54{O@OW-@kD{PEh?XtYaDh@)0NwSzh0|GnS&w!4C_6)87y^6_|sf2C% z0o?A7Dl4e3uzd5Yx8xXrDU3LPNp;4PSI^rM& z1yQ0$y>J=EL0r@~-~u+X0N}gq91JPigy5yyUtU!yBwfTJS=oNaaPRDc9|g{A}3mm9|lR0W{T-O=n2{ff}zC3h1KS2`&~ z6)NmRlEK|Nu;?5GuLHZ^BhqQ#Ld1CIFt9jaKwvHKk;)6%Hw=;qW?UY;6XTN6%^P|t z74HsU0^>q1xRvctZs5KspJi`&(A_l9!8>Vt)TBxtBdlSUOZD|g2&#?E!A?7EGb|re zpTvv1uQp)|Q5W*-eYG=%V-*xx)^woO{L);X%5!6Id8__Yh9ad)18GLt^liRVlH9wN zN&<1ekBwYO75ICI-(|FIdTVyou@Wwaob7v*#tSdSMitvx{-pShdvr-LG)W5Z8sdC( zN#|o>u#*qbw5NKLa;{fXO(z@uLXUmx?aj-XzHRHQQV;EzI^WM;$>q!`)z}Y)W;Twj z7YrI|!Np?~`Z>Pr9O0I^pn)b`9d+@MeyjV)W7>;843Lf01)KgSQF(snhG4Le;V-8l z{=k<&DZ+RW?w9yP!yWy*ewn3b0ZRvz(wORr<&60Tu{d(nUaa8-dU1Z}FSCMhXgMOj zwGGy$k6u?7@8LY3Bvz_*$blig(Kx}Rw88-GwuYm}!x-6|2s1k!qx5OGu&x<*42RLc zp~h}LFLz*e(QO)0q032&g!K84;cDas*9O@m>uxD$<#3S2+VaQ#s9wErwsS#;KU$7H zCDB&CwTltvlTHGM1^0+0ll5cdZ`JLSZA^ti(S2mQVCT@D%yk-MW*y71SR-q)vIeY6 z_JM*xA4~)UN^J${51MrsQ>iy$(Pf!-E|so#5qcow)mDc5G*^*ZxL*PO&r6@>@rAC; ztvfz#xGD-si|Q6oor1@)hlQ?I(J#2k2RtPzXUw(PQp`RXNo=kxN%(Rm{49mfWr&bA zE@Xh#U>&LNy?mK>%Sy9sMLr767`+;|WE#*(T22JP9IoK>?!SJk7U4re)GN>BQ(R=V z>~GsewBZxAr05VKCIgT;ujeKp$FP;@i=E4N?r#M!Lvl+2m-El`R$@9s&%?|WoTyB~ z9)DKO0+8dkWv*ds|2;SV;no??_>3b!&fuv6U7auvE?{Co0o!%&-MWUsJ7nN%z1^CA zzIu_s-mdO|6MJw?jQGcIR`ZjKOwW_l)k=2kP+p{f1X(9v5D0Ys}0rEcn0x?5IyxBbP&3w@r? zQ>}=Le&M@|9O~Zwp^Pf1s&tzkWAIp%TR0FfdhYn>xIXO^^{VPdM@BwN?Y&6mcFQE^ zf5w7L<_KcRW){hDGaBuCltHjJ&uyTtW{Amnxt`!*h6h)PG9{(vEl4tl(CudzNABj{7(tjsU|<6BDLdt6}_ z&!@qiLzW<*N5BzTcK0K~?)>%&jbhA)`ts${JGL_hO454=N}A$|FhmN>{5ok0`?*?Sc;)xtW~*h^9v|c#qLhTY){CW^T9F3tj6R zFsl8xwml_!66TQZe&m)4>0KmsuU;(;-+w#RG$vf1f@hOfm2X8Ts$=VcBldz>Bb!#2 zb`kt9Re{+O`c>@shKU>=2Q@Rcmo!o;k{QIl9`XvO7zYUG9auc%cZvrCzT(1yr%cLT%I61p6QZUlsR|bvRl1lKO6u0b)$S;gxhq8(3KNj zbjL8p+em0$NED?)m0o(cFUYt7ab&CM0t{ z<-ZBq9Qhg$YcxT2Ze?pC6hf;$t+{NzQwL**)H$NxJY=P2_v~Q1SpbBfE}sG zF>76gqYotM8A-+O0zt_*+v^!?1|*M&&zqECGoW&~!)raBct&}@1*Z)9Q%j3XB!*(ip=l>L1S&W*pp(!@zPqzBc;#a*nZz{WPIjO%{HAzbwuhfiGPFbbN{BP z;YAxJ3P;8#rj*HnekjUO7K!i3C%hS{aUCeR9G_E z``nYkKv5B8_M}L5mPY2#t)VI&@!uwo_i#g2;bTpaHd`Us!Kqki_NsB6(=Hg-k_vs{ zTpaea)(5Ql<*c+M2bvWqIghs->ywPx-GGox>|HZlh2K+$S{A~xeTyZY=C(qZkpr5Sj?9Ba7jjg@%OxfR$?C()F}zA_%^U(3tj?Nn#$DX= zN9Gk;bDheUg=ydJkS7cpmPw!ixylCewF5_Qu+$P51asCGWmmVk_rC0I<8k~|Mz|yP zY#b}PCdyP@5=o1RMH5svAAL%!QLM9E*8UZLsJB}z&y#c?@EFY6l7JK7GvE+RIzY|c zJ~_tpz4=DHP5RXa%KV$kA_jwVr*n!ihqRo8>ML|PoS31w>hpZs&ru?wb_Qi4RC`U+ zmef-^+OH4pUR-GX(x0QwNcbu}JF^ohkp^<%IkyfC2QD?-75bOV!#-#VA#L7mRJQ8) zHdzG%O%*T-ehUI?-8zyBOY8TWm&H#{Lr?o?0LWqyR^NDge%OqsK$wEuGhtijYYa zw{SiMR~5o1EKS#d9Xdt!ZSZ0@fK*T@PVIa)VKD{Lft5ONr3tP(V7}843)lnzGHU?n zvG28%%!`Vl-6pB1>>XH7-~@iCf*bXPKC9ThxQGY_`tffMf)gTZTt+UZK(Q4Bn#R$= zf4K^8Un%@6FBB@5uN=#gDY9vg@W5H*%c2Gn{F9DIQnuG$Uw9)ugwbKVTLLoM1H3=KMbg{o$S;PQ+xoEDq5r z9mnmksAg`86yK6lbcHLGNAz1-Q5D`{YZ{g`uxe;ts4ub5e85Gg`JKIum}n-s`;)P0 z^nqW+NOn-G4q4-)qs|u$52ggcFXew|4!gfedQyG~^tUi*nlIA2!Y5`X9B`H|M6Ru< z{CcsM;8JL#qTaj~-hDtum*b)z|P==fU{}*jZ_+`foe_pVgD{0UcDnn!4&q18{HQ9U}2Anc3 z5m}3bZH}Xfx4xJ*TVDii(M?nFF=*4IU+{Q4!yr+%FXL@vi)uV>3~4iQ5CIRt*V0!gtmdnDau51*9tNtWIaF4Y0Q&7siDFiK4}6YR==pH?3&d94gWz5;CAG%a({Jk^R&$N-J@g8xq`?KiQ zn}bC?l;fOM?lAx7K`Ld#5RuqD0Gf>0c{j21^H*(IB7vNG<2(xeIhS6B(1(~NuiQQN z{sXx3DAO!0S(qa9b|2mxW0s>{4zNV$AmD1rhdD=HjM{l3BW_BKM+D$qZ%Vu`<5dM- z_zrnEl_uDM5${s#79Jf_mn|fnlch(DY89RGPte!qJg?5N4H*BvYlyP>58Tx81kPh> zXm1F_d_IaH7#VN+ZT?p!_yB=q6Amy>(PExz)0(B(XaEBF5|ZUc z^lS(*CbP4_{2GDr1BhrevPA$vu7GgaPsM%pT*A?&bIeKy?Hx&0q9qfdYi{S*&JSER zwlTqnAGD5l(0koKwxs;F%Rltl;??Mzk&RJuFPBa9a{oCpuScTPp~wz#W-!w33HB#& zN2-v%cgd0Hd(_qS%Fr^&q$m9@g!_wyCXad#4M)@Gg*2UfSLaYlZ;8H~&mbZEs3Tj1 z@0066YPPZU8@8pA(!85#Mc!0;W)){8#K1L{>ov14i=#|^Btb*xBVyVCpuE`I!lQJ< z)%8&rH;fG5t_J>wR85uwI z230zHF;y5@U<>JbjllUrhuXicN~$IB&(y|iR#`N~F&4t*s9Lx-q`Y)lhl0`ko?|O} z%ivs961@9sJ5J~n4+;->h|@{m>}`N$vJ$-2S}F3=kq%T>^Y zPr!O0wvMvM_b9YdM%7wNPJaI!dDe8aBNYCz!nGb8`aiJtu$<-$g1=zmX!|6U8}D~m z6?Hr8K~tab2eRuzo(w9hOri^#lMb6D9k$RCivO*iyvd2!ZoRAep>;j0?YQh8}Hwc_HF5$-!`$IgIXDelG2rHpygaxBDR@A~lJR1moEtK#U&j3|^22ESA28e}~S-iO`8oimEs z@g82aIkvNq1&6@i!&^i~@v+&r^*fiJ?w9Z3<8WnYV5n90sXMIW5-c5T867mH%({A? z6Mr@i|Dv$*c6wtRK8Rm3kp-W${y}w--v_;d-sg14(z$av(+Q|+tXo-p`m_J*GaD*@ z57Cg_$JfA4k#U!1YDf7vXAQ9Hw>2OAILmlxB;Kg1Pa@Yo^SZYDL89@hBO6HD)G$xQ zUuMB00kP$uU(<3N_6^jWGDtTu53Sjbsv2wr+0>Upoz(G{IEt z4@7=h-dZKSOG6C+F}bL_Lz-?=IvYB@OFsyB`paM|^@QH!rwB;(XeFAh%N(0IO48Nn z3KmMfZz(w;^KbxmA+;7Y$Eq{08n;6E&8D2Ny(EM%wo<+e zCT?+eyTDyC$DEhqS*2>YhesNZdX!c*&JD9w zdbbQBHF9sPr>8i62RezyKhQN(s28y7@5OLjQ{O}lt0z9L2mGT7_UlwugCJyai{!%i zLbY!GKT;hzM_!SbT-Wu-xE-Sq{KaRqS~v4bu|I!Rp%ga>WSRC?!*j^oVFRq%uT#1Byq*Nq5^y#AtX}^872I@BWW$DIS}E?{%|OX zvYnDW;N;J>DM|5)O*!W@Vl4ze{P;EE)8Xl+f01o|-(PoHev~NkgSR!fGyq(~UfmMq z6dR-bDvd5PH^-4S?XUl*NCk54mZBXgBCj!1zfT5^{vfvd;&7;t^V^cPnrS<)!TV}lzZ9Qyjj(&i# zLoE?3{#Vy&ot^SM-^8(I75j*1($_n%UBPt*s_%TBj2xv-brAHNblyx37t zxjMh^yfA&)NNOPReUuiFjHjXkisld-GH-IkN8T?*?MzB&wUuqb{5uk}97WmA&Zs^_vMGtYwWxxb+5X<;@4kOy z5uUM^>`!4G6rY|t-ALAEY?WShN@W#iugs;qoLjr^Xv23KFTePi0fvBqCv)Y#;|`m~ zX+8`7q2)c?K*Qh^3WmT*dA1`Gy&&Ma_wYK~E7V0v!Zms&J4jpA;`8?Fx>fNP{)b8?;p2aZ zmG%Ow3`U}r!*k(fqe#E?ma_Clq~|QYl-4C5kIM#m&PS%t$gEy8L<*Af=+l!5cX z?gwMtw%@F+RHSFH&*_pQP zQU?|?KzN?Q6#G4({zPyf7q}0h6n?7mTg1(eL#i3-shrgNWL#B;a_6sGIonZ}OqxA& zwTL;bODoL0=A@XZXn2U7$D_T(8<;+=XuQBG$X1QWj{o7HDP!k4`a6t}Es@#IOvHIjM(b7t|N_|+)^z=z)i;!7Mm>Gqef< zhs1!uQ70PQ_D4)h_)X5>0)F3%U5&{=Rx$Y!+E$Nh+NUYT5|CV{7MR&2&KDN#{W;h; zd}vwzbW7+HKbk^;8<`J{lg+OQhfzxM)w)4-Q|z@X?AOa!4mW%F?<5cJliYf{dLzkP z@wYK-i%DYZ2y<%t?Fc=?##$9$_FQ=P4(tYzMe$wEvzHi79J$`SLc?Ah;S$_cAm#CE z>))v>XCKGfrZO+ID}?;!7br5MuJEbLKzvy=Dcq~5+mW=if3JE*&8P~S86 z!(FPm#zO8LkB!Fq$5iC(>ks;}%3p8e1ZsS7s2bj<1zuMAa=!DE9Cm!F{>*mFB$Pff zlq>yec9wk?pNITbxV3CtSFu%rtIHTZtue6g3hQygMdA}NWLC8&IuiMeIl}vUDma5d zK%bXTb*>Ysn0Tt<6P!vzV~@QUO-axM~z;e<6cvjxGYCfCp@J%e~p5mem)rNzKI4u zCPW^f`96FLP=zw2>khWbh0&exg!D*a1D7$=F(hd$e}&|=gFo0sS?E(PL5O?jx6pBO zia;)+*WVq&U-bv|1R_j|{Jkza`(o1n&JDxfao(SUtJF*77gw<_^1Uya_&g)#rn9i> zmXKAjKEzGHtm!~}1PMzoCdVIc$SAR+_I=>@7C9G|C-rrUGx?UhOVW#M0>A}`ZK*ue zjH4pAkh^F;dYlkslq?*7U$D_!xk}S-1jcKK$Mnq^aUt>2_j)nLC2Uu99(&3xH&LaF zFK}r)Q?RcPss=WXg1@eMkir-?9}9aAU%SsKpy{ZM1|sL44+P9J*$x?fkz4+#+MRPS zl?5+(g)lrwiu_k^LCu*rCE-IDR(YQ>qWLb6R!8l+jkS40;8!I;a^43HzRUvN9S#o@ z5kXeezgh5{|NicqV&tawOSs$|5QksR7%M`S4(*JT8=juBBHv&@SHr|sC|j$N%znBw zg6Sd0(1t6v*&~Z@7ppgIL+5k4hAd+5y~j$APV`ahM9tl9*jK;Zm2a1uS-3?ttizH- zL|uyO*k;?Zmin#?DBXlzZQT8qkKqg{I$}aYAu~@&t9Qat#}4DdVaGEzNnpnFx_BqE zo@iB-i*rVw`l&u!-{i&FtlMwcw^bIW7tP*Ty*H|^#`lA^$BZ+NWNW?&YvMI8ulbwB z!j2Q_i<_Z#N0qjMeFtnsu#(l{M-`hfX1|VeLgS^4Klm!|CyD1ej84bbvgV9(W^0m` zv$Dl!PPbW?-T!oyRTaBk1-JZZ6OW2hVKjm(w^wdw&W<{4Z3ZX&xmC3|na#Crb$8x1 z$cADWzc;$oSRQMiyXO^9ITM3@%{V|k3r7Q1~*9C zO3xF^LW|FdF=NdWewL0Hx51;rHLTx#ZTnW$_CuR;rK;JZ#qk$*Fj)%=nM#dUL@+L$KAEv2XijDBiNL+?)J<$G3g1WN d`oud8j+kYtfH^AAw}=4zP>@lPu9P$h{6AO4#9IIW literal 0 HcmV?d00001 diff --git a/img/raspberry-usb.png b/img/raspberry-usb.png new file mode 100644 index 0000000000000000000000000000000000000000..81264f43b5781620d4ab1b3f60fecc8543553c7d GIT binary patch literal 350931 zcmeFYXIN8P+b$YFU@1ymizP*b*ilhJkq!xpidX<;2`D8o%t zno5&m0@4u(NDoMW0HH$&fh45tiN4?az1KPC$JsyjulPf1dxe(RlaKXO$u+u<8=jU$Ma79a5e%(3+<5=vL+ZEpf)sJ5VGM6>!2mV%3`z6TT5j%%&oOp6ks7oz!-~Qc<`^i%K!L8pj-cJlAE4(D^ zT$OBDh(~$5@#-U*BC#;IS7e_bbC3VSa|gapne*V54B};nqR%)>BaV2`>c*n!UYg2ny!(%P7fSHG|lj5x$vj-f1Vbt#Xo5&sUD0sNCZsb^c6^+ez3#h>BSm*5J}JNXE-` zDRa_vQv8k0Xqm`kwW0?iMW1|hi;UebfAN;yyxur8&|G#*M7Krw;MnVwwWNzn^C{ol z4UTQYo&8IwvG&Ut!Qszik*g$;>&zZemvyG}T0)DE`F>i|#bgPb^5z9oaktCDNw3bW z)-MRpc&QY8AV6IA9gF>O@d+>JrXKG_gN4%{YIkKX1TRDd2 z#(tAJt2};SeDA9SU$47wF7mUWIY#oOkaw{<)ZvGI`W`(};3nRyKo2?hiKDfm8<7m( z6(gMzr6>NH5&2H;ybK-jgRG;py@rpJMc?jxz3tjQ0wizo&7!X3`KR3|M$WpX^Zxvi zsO)7LEh5$ZfcGKdK!dd7=BJ)PzlD=QviTw>7i6uH>}wO>hdAysT(ULhl{7NhsUnLP zBc3M}r&~TXz3)}#6*I4N71APewbdG_x^!;npUT6RGf5M*#gPviQ+GU&yj@vYRVnNv)Dc^g^7{o1JUtd?`oQPW!aioNN>Bu0qEsSqk<%&jXREu5;jk@(9 zUvV2tt1C*sP4>Bn*BI!KzlcLEcw3Z(>R%0!+meNw>J8$?!=6RAI_fUV(R>ScVvpE)oS{R7vY0egae`~UW%XD{nuF&*@tRQQG*9NAIg8b zAe?M*ct@=9_2huV5-A5Sx#+3O96$f;kXK5_#XYOa{=0P(Gtb{jv277~Bf^$vKXf{_ zOVg;sLO(#Z?Sihy;TMsK#wA^*9tZTm_VLehp3bP0N*g9-n-sr7&PbHXi#(TZYB;GT z6QAJsN%rKP?+ufKR|>W%*Pr;bw?K&BWBpO9Kx#8m%1^BGoBi0{#9ApoA=q|&EcDyJ zg#OB{8ad)!cy09xbemq?ld&r+M^^rD{^RDo)_YE8X{l0J z{m8s>Ra+$j#oakyD(}ByF|DWacSw*%ysYMgeS6(lGUGnzW4d*52MP9p1Erl%=hd6 z;O+=(X6VJ-GAn$Q{buwnq5sE^&p%eX_ZA-Meo=U%sLXmkzF(ved>Z>gD&g|woa3Hx zp2MCArM9I50eU|Z70;Q!rS-`4;}7;c zFxff$T(&2%)p=SyO?5-9SOYGpF5e(`cyFn%MaRqU(W7#^w05ZfCHGWzQLV~tt^2v_ zzB`%DHSJ$IS=rltCS26XE}vV)Qd5s+Meh>Z+$FtJMXm<5g0$@IZ9Ux?@M2cFN8;U2 zw`sR=H}w)tH>GyHj`Zm>(?iqB9Z4^OZB$PRpFAwBd@Av#fxFyiodP>6-Td@ESI;|g zxARIzyoa2IoLx~*J#M&^HP2;h_Ps!6d4By-)mrtv>6_b=j)06i8N=m&+m;s&29+&( z4hILV2ek$<7UveShvbJC3lfX@i_3al3c?CUb^p<`3p}j%SpmIoK;OatY?eV*gV`Q4 znXGH>Q1@6y7_I-ny#p}gH^wJoMtomY`r7TV`(UrQ(^WEI@2%6NJ~Q8MYt>(mIVB$y zHYj6lK43RcSQPwV9t_c~@d&A3A^yx9+2*sy$NJ~&((R>^k@=s9P@V9H23jE_Yc3&) ztC`C~lkB1I!w-*0$BgoasOF?IrSzIj}*!J5@Tr zI}SL8u0)Lm+aZ>A`Z)g~{g>kPzkdAn0rEn&N^33R`3)N@n?M`uFYc_;m8L(=o^xsV z{7~LNBRkT%aenWtp?_1$^u=2)m`QR=%r&!XtM4CNn|Ys-V-;T|kCZ=^P!uPmR`Yz1 z+J@7jvr?nt-mCi*^sAiKQooG*^-#^4H71lAmg8|5yE8u?9yfb!{966faZ{z^r}9qB z+WTKzU7ajft8Z$TMZ+2opMQKEf9cZIOFy5H4YdLmK73mA%=T>b9B3X&%1~cg2uY<^ zQj@N9rPty=!n2aIGYJ|zDfk0K>vHFqYr*%KzkEgWMWOf3e0%y$GKJ_-Ipg^bH@({K zev^Mw`LkX_)P%ZU?mgw3%ArpcQogEf+M8YJT+bXGnH(_;ovc}_iN22YOe_t3&2Bg@ zW$W7c+3Du+VTx(~(ZJS2Q^S8hbjo}Uqkt4gp~n=Sz>h=z-uCxDf7jqMPlpQr{(Ah! zahZ2|SM7C}p0{nrp*<^}cRjE6oXRDo^Bu+9o2JuS+T+u&mK3;mWc0!GG3$xCy}G*S z2&n(5TMlb(KC2@SLfsf{r0_LMmU&+zxp8$up23?&*+oK=PkP*(A^3KDgC6*nXx zjt|@OJD-IbZtMB=b14P~1e(`_77&j<3hetHqd8VC#Kq2A?O7F=uLWzBcbj3e;}f ztDoeqfa^W|YPK_0O{qvL$;U@mE_Ag$@1v!X8QKh@PsL5I+@zFAs-JGcC~)U@BxZ^l-@9#HR^*?s};C zjCou3ErY_a>GcI)6PxC@G-rGTG5PDv>`A`mGAR(M;J{zE?n1~^H3gIr9~0+z;oV-; zfniEWjptnAB0-?Fj3iY*-e_75#yH}1cxr5FPj)N*BEAi-AK}CLi#_FoazGWwLunfd zqN+CC?N>njQAv=YD5&X3NQ7)Yfx+B!4r{)6Xa#SBg)S&NfO=~$1lrNGgg?qyRqqcu zlD;c)?tS*|Z5F{BQ6G*!x)Q8ic4}`8efQ|bIzdY$vKLhA9*RPdIHRMamBdFsg(1-2Hf5sg7o%5 z>xCE|{8d5^IN!PqJ-Gi@kpM5lgEm(!_8X)8UH5CMoK{gi2-~rL|9%617dO4@=Pvx~ zao|70gB}3^zIsq-aB#3nu!aiC-yN!^tE&rDRfnppp8`spLWlYU+zvVAgFf`TlK-mb zoGaSd-_tk16XmmitKQpAsK5Zjg9o=7`uFGed%A{r{&!10=znz!=pc0K4pdD=75eYG zfkzFtuIgEMhPZm$obyBiV+OPVQ`6KrZSd=X|JSYmZu0k|H_)#B#waB4WB}~HNBv(9 z|L4vB=Yzl6y!jt(s;TPyXPf_V>tBx=K)3q-A7k-*pnqKjMjE!m0Q&D)gYAg_d}nL% z?DITlzO^)fWw!MZ-ddK&ejkBz;rxUX)oPbOAS00JxikNS2rYd5o{t?4q-|{SmMnif zJ^APN2ZKkBpKyv3R%Y(+*nRQL<3#F(y>+r12_HtbFC7*bjhksM{B>X~(GTh=yP*E} zQ>({jj~Z@F8BK_fe|W5}ruEuoKD78vII4s6VzXpmkXo@m@B8PmI6On`uR~xz9sv)sd9`pGhY&Elwn#( z$iJfC%d}?SfYUpsJqdRbdsSn8Xa={PFyjyC-eO!w+oEk4Hv-!$U~lpZKR?PRwiOfd zlRh8<<8#5Yck&A+=89MIm*;ZktQDxU##Q7K`CmBs+_`Gbd(MsK5KeMYdE1F1{s|(d z2=*bOPc8d@s`Z z7E^p>^U^#*-<4zKvy;sc7a`AzD^{&MjhafB{x(1in%iqq$yt5n^}FoOOja&il{npD zmu@>X*~9G?>wQ(274f9r`W^Nyvp7o~tE~M1!;2PLToVD?v)XD`FQCVP+5;1E?6B;v zvfpLJ%(y+6=Lm*dQG22Pswdw=WUi~<4Bj@b+(Y=m88AyHJe4;l@arOjI8iYw7+1&8 zoXQoT_Nu09MFh+Y`FB|nCB7%Dy*O0EdfG~teHvFP6zJiV3z_7)vcxUI4Vs=L>eycHeO=X z|IKE24z9*s{HDCpZ2uSy9j7thxE6+59P6o;ZK$s~+x2l+Xa>&2(zd?)eQ)AI=8se zk?>CoH)9BR(+6X2ypEA%DX%LeiBfg+);rIKIYqqTzvJJMe-7UBS7}(5H4&VIiQVivBX`+Wy-h5?8t*_$QPx($gS$MbM~-?m8v6C=E0%;h<-denr(4l z9_3cgyw3P%Al+-{Vq1*WyHozW1Gu4nh_mp%VyZS2%Wdhi-}&7n3rF7L_u^N_?9zlJ z%uZblOIAYO{>=J^EUp+jXz_6@2bI}vXJqJminDs{wf&}r^Nf@s`Gy$yA{UrZ=sf9G zx0i(GL8cN@dy~ZJ>K?ebj`+}UFRba~yZx=~L$qQ&ZONV^G*ZgLOrk&kv(@_7`+<)c z)}07l+!WUpx!YFWpMO|NYEG{H#iL1A9b6c`G0`g#6QQTwMgOo`3RttTJ>QK^$ue(8 zpSDo_a#C7)w+p#7wO>5o>G2p^lxQ}$+aPo>>O$IO1jqPYmceWTzEaJ7x{aG$Jc-M) zp1yCO8=PtBsDeHYv0t1toi~;be42yj7Kds=CtF9-EmhMhpClCpt-fKtN~mh7cvftN#vM5uc3^xy5SDpNW6Sq7e1kDMa^wN!y- zG0;xBK6(eB#;tbunPr#4O0QY#a#{s1tQlvs+p}~<(dn1jGk28CZ$ZfK^Y`&4aUJ=g z2h68CGw)Wmzr_TUr79JIk-aw(BUXvieKpBSXm_(ZyXot&s;$n(Xw984fwK{eI}R1J0fL!EL`KZPiTj9wG-2~qeY64Z_;t| z28Xnb`Vn*HbIVmKc2Wwt{KqL}4_+j-cCeK?>FhRs22Xo)`4+f9 zN}-w(S*VN_?I871(#3yOHJzxXz8_e6N=$cqa8YbxaUtB+tB@1GtIJ2uY+-hTT)B_C z2MuMQ+^_>C7ySCf$m<@8+8)Ck;o+js4)34FO5whWPakF@Xm-<-7ZS9X`Ak zKgH8tU3;Pz-wUBdq7O2I3w85|UMiW8Jfe$J|BY$!WF9R5uLc>ynKLHr{zy9(>BQ@*8u5D!8vYrg)Ex?Cxa|V89y7*_NLC@W1 zTm`NCRG!i%xC}J28M_&;`S!<5(63UN%ALD>*CAE|J0|ZLxC*j1i_;G%8D&9N-yOz7 z{}JAp;w4;JLAzQ{Eo#Ebz*Tqe9 zb%UES;R71?X{Xew>EF2_5g_Z9&7__Ub4_hc>uKmFYMtUY9J+!M8 zo_>>Y)d%E%s7uS;$>l%mTQzs<$E3Nc^5A*I+|B6CE9>~mihf@C5o=Vfq2`eg@#UlFUnXLo zx`p<3Z3*Jy-#H($pWlCwd0Agg9drw_QhEcdz%HHgI%H+FCr;44uzb5y2B}@DxAlHl3{+)BlT49)`8ssq33tZg4ysqgmp(F@|=~$Of zC#b9GIjqc;T_HrPh z(SNzhyl<~i%vMFjjk6+)cOjjR@Y^j`iJh@}q!zPjO6DO=XwlmOB4GI`We?m0>GQx! zGbnCPPhpsBftE107IwIy*EHMtr#|**KJCgIT^wm&U(J_i{`^k1K5e<|!6X+epe+|x zUE#f2e~$WSot4DsypkTS5C(!xUK@Vnm1Vqqvq7oIhzM$u57{B-d)?r^#dbAyN5akL zD&8Soj?!yjFp?c@H|dDF6umcX_=Fw9e#IFXav4`o9i*)!Zyr_MCnYXi4(c z#Z7XzIs_QrN$$8qI%9xs*n`g1+1fycmQ!3_KqrOZB{EP_;Pts5dS|bUfy(kzpzRPr z$N($xDP26_A>L%4y^6h?DFR<^P~|Ap6K;C+bK5FfH4wGd9D}QF)o6e^AB}f*>Dp4 z*BtSIIjRZGwRC^YI(WI2cNRj z7nId6V;cq#D~4{h^5`TL>K&Kb#>s<=5=n>aj3w7$UqIqsjPnF7l`9LS=Z_+Y(o!x) z1J>pcTl%NyVinn22=ZP8#NY`d)ve2xp3(zXg$b>3O|2H@Zb4nzsDQ*R-k-Y~?x0zYI153>emB?Pt+ z@fCY0(4$pZ&_tiTM0z|bQ*WAV#$`IBmrUY1huVofBIo)k25;W*EpE8~eChTD5ow8Y zU;OwCAXv2CpmqELymOD=I%R>FY3R>yVdpIE*@7%nahjxGC#DI$ij&+dhBi%%^teB^ zDyet<`zp6iNA5CS@FRZclfz!P|LOnZLrTsj@Uwcl{caO~Y>r1#; zi!**qjcT6%|9O->rglWpnDKuhk@WqAyGWsW|ZM!Ci5g4txy z$Mq%2k*8%pq7tV<<57^=;?O7>rR+X}u`F9Vli|GPqrq=bLQ6ds00AI?DqqL-lV5Q3 zH>5YNtpjLu2#4m|cx_Vxs9Ar>3HFM&=g-KaCfOyEIT9@-fV(AS!u!dO8O^t}3l2EW zozKSQWlC*L?>qC+W0^|?HoyX?c z)~N4z<`sGF$ls9AF-7&Ujw*5M;x`gX$DcQfupSdt{vb=sDe2aHh%O9^`17SC|5JTT z+~10kk{jLk-}-D|%@E<(6|W>sf?s1eb%4K{I>JgB()P|yV~v_@_BNXnzO+L^g+3^p zc1Cj@nH@=|2`ls_p>T*4t}}L05WsWiyYk-h3z(;w!QT5s076}oyy>-0$%F&uBk%x? z6iECCo8%gju7&bj7}nWv1~+R1JiiHD|3hWeG)mXD3Q zn*arK4>#jkUhh%`i%dLQdw}21Nu!;7Oep22z`;!DJVie^LhzkS;=0>cm(TN|q??Dc zn8fKgyDtw~EDdpQ`8w$9IDdW{J1%Stou*t*zKy)f`%0t%RL1@09BOVk-xilw$>dvl z71nF_A?Czsx^;VZ5zCoT4u%4@;!ZwtLS7`?C=A7|?uC0-7AX)b2RFIPSV!;D)^y!~ zn&`5~QmQrS`LS8ltw~1H&g8CIrkwBRyB!AxV_ObSI=%iTQk76;S*79=C+5G9)zybX zQH`_JKGn-a+(B?A2+jzVw)Fc62xhuDS;MB2;D+mBE5Zz ziV=&c>rKr?ZJwJ)zI$XRBsnC+BAkFg8lyP9n7N3OvGxdj|yUm5vFeZ#{%7? z-#g_xu0+tTH^#5!Uo!hFD5A;ui){H!>rVV89vB)2uRP`<+Hxjw$Yd38KuHETgLE3$ ztI++X$4dg`;6}k2lAtsnv%CrI_ZQ`YviH!TwblO!QlxCd$#-j%==^T_Fp)g47ozKY zmO|)PLk&?S-orlSsXeVXE}lD>N>i-D5O-&?qC;>`$SW=_4RL zve6+CyWL%6cF&2q$g;vzIf6`iDXB47Nb;#@m*^dgBxNO55bbyK;+Px+>%8BjDbNz* zolp!_eF-NwG}Ew6+PO_ik``3`L?tzT1D*{8A2gr*f({z<-%>{bmB|voU!w>T4kHHKBx^@8=QKe17nqqV+*5L|ZgiPPNjsg}w86 zj$X?1H<78*3QD$(W)Vtdr^{`_R_4wXb4u^;g~&sZv&sh2JF3zq@^g1dWCSH7Ng9m3 zW6iycNg%vb5Ye;yieLF~HDNhT(RfOh0t>|bT*k)3=>s+4f>dB?H3Vh@=zdDO_w`gf==KD?4EGR5@ zlKYe~VBd)dj7XRbT2%q>)vYxUd7j$)t|}=ju2?cCcu4S(cpQdpfa?VstYbeW(WhR0 zcm27?3zx_L;NHF$510XOm&kjfD(yCn9%QX3InOX#CTOFCJy5 zzGxXr*Q@1;dx)$e^KCz&-RHT53ak-+927gU!L8PczzH~|O{mPh6wG71UZRMci__!S zo}JHSl=j3)WE1`GX(1R?T|35c~P__(A@fxX{x7*XZj=v!9961{bovu}-~6RMHY=A5u>s5sqBA2-)$ z8S>xK2PWoOE3YUGh-KU=X=lb5$3Ht#NR@Fhbea;xL-X8ug)z&$_{s=hA~)max9yB9*}^6fTidv~A5a?*Xha8FgJ#~j$4(bV<94uH<2EjlR@u>P8>&8B ze3KOsRlZDI&<#3BbU}i4_7LZ^bt_%w!4D9PDnFrf4i(*OH%`bwu zIiU+mSn*{0FhQ){*S&bYL?XmNfw(&MIEu5|da&4~#Qd0lk5V$*|J#}G&Ij>~@i#|4 z&Gd@q^PZgw8@#*t-9rVrQbwoO3A-JT2k#t{sFWQod1!98S$8*=xEB4LZ~{``%%4Ku zW+b(jQ{ibi3_O;u#6P*#D$paPdre1cG5&7hRtq=)3t%=ACc-ZB5SKdCAQpgLtdvL0 zBQD6ai}Y{P6!FDc=odg{Y%F`vJSYk`L+0myEiM1W*V>7{+0Pa}Sf1zl^=!gPkj%?I zoBTq~d-rVedJQ^*0cKk0s}Ve-qb^Yf*!fKd#Y$@oX>f1Z3SLFhsuyMaOg>n_Lr#^Q zz`OK#^4s>whI`X@-41?w=~=S>m@rwVwU*OmmbFFqPhnhFJgK?E_VN_bKAw@tdU|=) z`V?#;Re3c4iQ)WM6q{%59vtp!^7UR(X&iW<-1)#KfeoU)%&8aAsOmOPcb+Tnn&oqe@J@h!Z~f&4J}avijWk5rqQ{4e z{K;Fxl1CiEy%!zAL5a96)fzxPW+b^@Nz$H7B^@tNwk}4dpYcG_p#N`+;V#bK_2G}_ zNhQ1eK-5R$x<^Cf6SQP3*mK`1?59@dpL@bvH;C&!jBzW>vgl`P>6-N7JHmDiX0k`2 zNSQxmlS%i4Gut(BD!V5+(X_iS?WuJG<_X3baiVwk4N6gTW(HW&e^H0cS$wSreq%qi z2oVWa;bVq{tng-(3N(RYrz82%C@~rJQ(#DKCRt%N-{Dk^6qS#eb2XI*+TjI{1#Pw8j(=GjtF6mRn2cUk2~G0FeEsK zSkafAxsx$`R3D_tp0SL*Ju)Zn$RMcfUef~>V%ro&I%<3J)hkcMW5nnDjQixUhb-{K5UqpOSF^QXQ z%5>p(FsWp}2p0egzTtoV?gGf5`n0HUG1(Tjvtf9O)JF0aSDCOARfWz~(J=?0wBk(S zokd^3R{WABFK_SIOiF){irvMQ;8bf;b0i{4pX-A`nqO*4bq|!HoHE5;3)UCXIwA9*f z#Y{_0_vJ2Cx%qpC&3`x=y=aZLgFEiHu;KdW`>?@FRIoy1`F&%=4?{v}MD1Vzf)9<= zdp1|yoaWX&AO5|$pEX}m!8+sqeZ8C>Q|-*JXfnr49M=eTY<9|iqp)mo(@4JgV4?ZP zavt9+`q0|PuR+|Vo-{xJ?PKy&(||}xT)QbPKD6x@lS>Z_S?0Tc4LoI<%fEhO3kVg5 zo2^qcWwr=|FX^M%G~fY$>2BA={rPsJMD4EvdJXc_(}+G2Wm0H`>j}fiOtGmd%fyw| zM*VZE#VD^qM+K^WZl4;zY#H*E$RRAV)?#GK@Zr;lzPcE;*u2;2BxDG=)`axwxiYdZ z8tf?Hkt4XJku1b{UtXTuq`YG4l?3ujJ3m`p2NOkDZIaFSj`Q$zX=TuTwP04rUI#R|p{lCk<@Q+l$}+NCn0ec>wSU@%i_0Fz8&F$x$8Yk4D2X zn_Dz%2Gtm2-Avp=T$jN*kz@8k()~Aa5PHn8=tEb8WWigAEmeuIaUUks#mw;F)`_fK zMl7pGV0r;BG;8oXBHMop4~$9%&)xe4K)I%Wqh?(koX@3cfN7$5sE5dyfuJ27m`&_w zr_d+{0vfOWJDq>~_*%@ZWe1DUQJRBbPiU`M4CoCtSsF&I42pz6Lg; z5TNlQU`UPimqpem>Ia%R#d7Dm+VoX=NB*V;VL@4Th8^SXtqKFJeZ;xeZu@#dq)4La zQ+WNW&2ItzttM%vuZvO>xOLG-#W);=jzcwSx8SmAu-&pbV@7=TPgA4O`m1fZqgkb?r2Llo7lY^tff7b!H1={xUW- z`k%EXxjalZafoOr@Gl-AVFf0qV!$8Yd4`)~wf`vGx#=JnKd@0#__dTC)Anb1C#0z> z0)^q~3-&=yuXi;y7q1#pD+Cn^xFq;D$SZy=h%dz1K1j-#(02%Y#T2nBGUpO{$HowI zXB5R~HtFpksYdz4c2g)qfkjr;wJ%-CJngvfL^taBM^GvKX{uNa&c@{ z9#@lDk<{`q>8oB&=vtv-h%zjw$*(|Di~w>0RaGP;8Aj}bBUL7b023qoS~OXt48_vb z=6^ud7*drkC>)CTs8IoMc|Z}=$ZZwOa@`YEiE|uzmuX5%)cjUhYb%rtY?_;ZZL!&S zkkN_L#rZw9!CUJ%Zy|3P+Ht(e7HS0)rBHqwgH|9?AUbwFL{P8mOJc`-vRRh1Efkbi zuDE7soHcZo^cR{mdTReDsiTY@>!%`UQ{E{K>|;%ql2{~#Cwzvm9Dp+pi*E_LYyhq z+Z1FYF^J2m2V;W{d>?+4ROHu)<#vHq=R`Qy0S)BcXq;XIM%Fr$ zv1z)K%p#ZYyO*)eiGf0RiQNM<@We}r0LaSPZTK5{9S?UT@(i(k?5e1~)lo4E*TB1j zR!fuLnp*4LTm!?9Ay@XPmYW%=mTH-)cv2&kk7>gO8}qKnQ%h!&XH(aaRBK9ohkBFO zgwz0L{5z~({LP|Qf{87F@&T{P?V~TpCMEjS?s*ftT&BryF#nb8u|++Cv(86(#!p_!^74$9inybJbh zT%W$b@*x}Eem^uytk#wWb)7+!2xf>AbC+R$UsW23v%Gx1o#4kFd>j~3UENT@X8|77 z71I@ooa(yEv_t%C3KPSZYnpAQNoGW*`8XntMlYgjoQ{ecpuU_QjLk_<_s-f^UdO4E zsk-tHBW~x5?e8hwcHCNEruPj#Duzxw}HDV=y=N10>-zeX;&3eO8+) zzAPumW;MyH$Rxjmlcjnh{-x`iARQHbuPK+$5t+^pWj>DHHqQ7SR&wlbJz&cWu(#s6 zs7^>p|G&NS6tG>~J1JYz*1%#mJk)_1`o#UJN-eFM!yTf)AEP^SYDc+LQpg~S8;8G4 zCm9NM_T&Qm6h_%<&aN}aDTqC_TkK5&6n6>n!(41r{jRp3m%p!b z`b9H?z>etB$~?}Xu3BMG<{Ki+DdXuDq*$*g8Kx83ng?0T~W28^gvUY4s zJdhN2F*-^~4kBnO*|qpZw!V^eBT377+j_iUgx74&47bEM_l2KCq4?cOihhy5CV#yU z*B=*nH`Bg^Ux;J1{8pTgY(cqSDFRi+(_DS@IOE$@5<(Z(Zs35F%#55kgMy!4JferAml`dTB%7 zr?V#BI69SO!eGIi%rTfg*+G$&ebGF-ZP4Ku)3BkY#*n#&my45V;jq;1z|TX^#Pt8H z-80uv7kvN2{9ynJ>g}5YdB3vXrU^rCVuxAlSK;+jpLdfQO?*_m5KGE1m;xLLWdu^_ zv7)_niU|fCjpFuY{uw6$3yY+`lEU$RES7J;*?4qf<k@sa!;OMWXh!@YXTN~axpISEOd1OZD_r7^cy zyAML!^QC+ir$GE%=fI7M8g6KQfMGsw0?AV-VsZtC_RFj{m=K$K;LpFihhp!36>y5x zy|)dsHZDuKLJf{?hbrr6p>U*F;q?cLqQFRY-q`RlT$f! zDc|@?C~ZRj&$1zTB1a2WF6>|H*L_sX@g%uro|U5OgRSkkfXQIhcL;MLzaY68tMHt5 zC%@x@rV8_}L`3|RO2F5Y3$ycdUniV;2`0zFX?R^zz%JMYJ54`e7-upomQMBlxthW; zK6>;G-wjwA)%_2*v|gv>Z6n5>G{CnpcK-lqzTu@4Xh;r%<4X|FY`grQC!{C{CoxV6v31g2;){yly~7`jZEtxO)k1fveo5OUD-{=M z{7hKID2oY6OMuDjla$Byhx>TzMeif?d-@%`xpO&5_{O`0szkOOW^JXL z>fAgr0I|W(^oT7Tf<-(8>qLB{N-Oc(Eq}!wE1tyl;#0)tgp4{$9c+PLFcb6mV81!2 zscbUOJxh71+KKkhmR}jdxqWp!^@iVR_sjk;nwca@LAHUQNVB2j15MJe6N1j3vU-Y-EC?XqpZY(!GJ#=fbFEmZI_>K&2S6(|yH2q;FJrhxq z(u!91bSHdJsQEBJ^)kkPG)}vJTOJ!?cKsv0I}clk3~Xqt6Ju=FOF)FfG4YgnkE|01$d91^vRZrDPQx*9=XCI{}5XlZ&;Dn z47jszEuMsrKMNtVuE@$PU8Tp6)nHm2kcc6HcebBeZ){fcmEPS)v%-Wn%uxqAVUkas zF(L7gT5-RV(k?Z%VnQ17iNX2HFm?l z++-ynfL!Jo0H)QlgfKgrti=g*PpS#Wj@xEZF>On9bTLYR>q1+UTCv@A&?A{Pqq3+c zRJ4EVMw4D$Ez4>3hW+9v^as2GCPgLya! zYc~!k>XQ=@@~Rl__SJT|fTW}%jA|OYn6J`U%x+eSgl^91kQxy?n_{S+Nlkn3^0*1g zB40_MA(D>!rOB54&=WJ`-SpDi+@?EziFcLfnnYM+J3m)R=45a#+iw|}X7~FGL^SGG z%IGfvKI>8^1v<(QkFi^_#R*K2;!FN~S7Oa~_Au>B1pfne)$S-*esPYCAfTT{)S=CD z6NOeiy^JxFEl-AXHy=_MN#>EPNNo8oVslJPHui$dd#sg-z>+G;b+Le|_sX{=Z0kh6 ziSLttP$ZR-F~k_#RiyoM`<*KuN?;B@KuQz@Gx((T&~!7wkI8Dd4!*K)Q}n7qNZJHr zF^96oWU*>x{24Cob$Z{dFw8p`-i(xZlQw*%^vKbd_6m$A?W981Kq7_3QjdTLkW>vx zjIJcNM~uS)GKm1GzU<`uaw(ARTTph}io|XWtMn9H2C#f8PkYP2PV2&cCpM^&BtwBT zhbSKX2Lrc->N(ze)+BB_d$TW`Kb9@AffeMP?|pHZB)-Q!a&4&ACNkxoR+Ss>k&TR+ux&^Yp$P2q+8)1#kMQ5U|bVbL*_8A`X_z z8mlk{VY?qtsMO|&{6j%@fn0zh(|cm(QX_U-MkJtcb+ifU{0|mN9#0UOzN0K?k;0#B zH$Zj}0fDob?Onv-L?dW`?%Qq)B-SG41XLP$LqTo+Ff(|`SW^k`R|*~cl5CBimUbGG zVl8}qMy*n%Q2UKeVlD~SFZ&6--7Yi_{{3_niyLbN1jzQ_Z{jong-cgJ18G|y3QJ~Ao2uQ#~PQMS8UGM zCf3<#0_=mqM@fYk?hx2{SHBtzIXQO&zuFbLR5uCVP(Ugam};>T&$sV-{WI{Z->7%M zmzQ-dp3dT@jzyQ-PpwW>s(Jwla^2!x#r%ihk-v$YOmaR1(~Xny=sSOuIGhe`Cfz*) zQH87*t_R;~H)q)aB7}^0Lhx}I=kBMC1|_AtL5Yjybb4;_WvV%*ggAYYjn{4ER{!K| zY2?@ENL3`{B5o@P;8ts>4=_iFdNPo83`Iv8-X()B+8!DkcKBNo(*Jl%!ozlUvYqXf z3z9NMaUbKa;|9V~IT{jPbIa@D?de%eG>LC1XfS+6{(}GM%9~w&!86aeOrOowD@(wN zxE61n>Ke#(B}z}%3xj># zLp9Y`+4NT-gt3HQ@;=uQ^DopWLJV1n&ZlJ}i&b`RK2pSZ1eBH_qRVQnFxxo)2(;+2 z*yDgtTzc;M&XZ z$-HHpiz+j?BLn?MCLsDLZ9?}r0i?Uk>TwES(H&d_S?Id2_1ONJ_LGIA`!iE)_n)>~ zIW*B<8<~%30s{ejo}sN-jStqt4)Y+CiabF9*y{+ad?KfQYSTKfE6se<4&!o{{$`$K zpVQKHNKytfdg?EH(EYtc0x+duV@td783}YdTfeJf2Oo# zhrbsIUDDUrYuV=XxC@1PVY+dlE_WAX<$_Dn6Eo~ac91XFU(tEn!SnLL?mXj01F5fWWVR)%(}?a zd=86QqRFprs=#gR5!mrb32=JaFb=iF-PjBBa0aT7SP(c64*W<1BIgSm+0t*)8ONFK z+1LW;*6Qnh9>EU;eg=|>;~y}w3-1(cU3A&MwIJuk7zefzpBIR^G;qJDE`8O0@BgCi zy~CPHyR~rx!@13B<$?0XFboo*1hhv5_&fb zm@%&`0VW_${CquG>Hvc-8t^j;DXg2E!~XGXZaH@egQfyreuexZWgIx*_k^Qd6JP0DwqJD2U&k1Kp_WAh}+HU za*phfQaudw-%rkXEFc@cWP=&Ce4zlCWB4hKUlnS5Ouxb`tzQ_)VCxb?50-Tu4 z$ggo!SqhL!!F#O+R`K6_hfE+gp+914j)CXU^fd8pIhaG z@Sg7r@qe>}M;KJ^fS|1`Dm3P6pZgeMA{2Yet7@9skMo0#;xJ>;qzz@B2X2>=T-y9o zMFP1e9&dX~sDKRcKM_c{|S z%ily;fLz?{PE+N#$(LPzIt&KbE$RM1EgbL_W_|3OmJgu2C_xXUqdkB zIPx@^uF5~7>uRpZ!1?tVWVkY3;0g4}O(*ViR>vorLWkRw!YLz(z zPa`nb$2U=NeJ}o&CxRl6&f!&xEQ;zh5t8vCeO1fzFdLIdAe)&S!qOgjuHPi8Cb7iU zVfWFwWRknd^m(y?;gT?~wStgI@O3GOev3Oii%N7^&`VZU<$ zjm__CKJ{?dV0Pq1H#~nDC&>)%d+&wu>*g-6i64ik8!z$im$;Fp`*k>s@1H-~Q@Y zBrD`^m8cU<*;Bb$5zi-betH8L=uJa5Q$iG6wI@~cWRWlO&&|sMRjqT&EeZnVWJf!eXp=#`U`a2XP(?3U@)j(B>9adO!BvA zM!!HdH1WEQZe0M$M}a{Z@(98^VjIdbsHD5x@@+JV>#M3hUBSM_erejS(_3^VioAZQ z=8(-b|C*HMl#k(uJZKi59K2&u{zagkN;c5)OjqBWH8HH|chAx5!3!dy((oK}*xm^7 z(gb@~dibpYGYVgb-5+cCF28JHzl36?K2tAR`mDq?m~qJW>OZ0B5L|+Ofp^veexb%O zzRt|_Vrn)17VhMM!kvOG4*!y1hbZ3N`)u=3C)~fU4D)aW5LleXuJduF-%ZWyBQ#M7 ztEjO0L$knLaxeH4tZ)!+TUrYWhJ9bl1D*CC!&ylAQ5@0qStn}ONUB5;AFLJ>SK?Ju ztPmr>V*7npYX_$pg@VebWr*r!GY*7OWOKweXho$Z2?Ht!t!TWM>51Z%(KomJ)_C~E zo^a^OF&4EJJ%MyxEuSdh!BnCkOr~m8flNnL`yFoBMc#!q47WkxUC8HhO+V@z-Q8)W za-25lTl_L~pDG*dBK}x{%}e)jJMhp=@oCRcvzYOt0}o`pnv#&T4;k@4RVX}k2uDfX zc5yLUM-aw$LnpaRl7~nYE6s&g`mEf(VnwrSnevDtRzHcBYF=Y^PsV?*e=metqy{ap6mc&=1sps0d6jsM4}jIypTW zpDyoJJyZiUmrZ!Gu9f%$N9aaKNnrI*xFFJ*h-^3&C2tcFGb<)9!NYDkFn|G>D{PdH zhfY}{NDIo$9pp8n&n8E;9AwWDAp?J^s+3J=Fe}!@uUG`ckzNHEtOYTjt8_PbR|Vte zu!nZl-Ex(C8|M7Oft=cypVeegosC z@OF|Gaqg}CDs4%DRZ1QQY$}P}Ks{O(j`%P>t~PWi(hEO*v9Q2`S#OGsy*^CQ@XUjW zDAjuqm4Ef76|ifMfE~R~z{g`?Rs7CNHP5?qoHW>K-@(^T$jWsg+NWWg&*G|WL)6<8 zCQ#>M;11w_@S17kYSrpQ*qV`(b?us;7r?tpfpHm#4pzPtr1MNtA zYNf{t7%K(dfEPUZg!Jt+i@bzmW&DP?XZUV3uz|a(&~8!GpMCR^&sY(|!Ke{69nSg! zdTcRjwS%Q->*J8=T(8NDss`?=#Frh6#2q4|s{m=QqTQcWqvf0qSe`EZWIPlGL`0$H z4k02)im^{QNCw2UzA<^Li!3ts$XhkM)*53Oe5<_wO{o*}o}Ii)PWz&ll3MO2gsy-8L-?*7~s zRRpCOg)S?JT*?QvJWnddT&iZEm`wvGb-Srd(JaJAr0h)O#Rh9J&X7;fyE1rDixK61 z`+3Qs$uj)+m*VpL@&7HY^955N_Cv5|$YizjFe%}a?Hd&3 z-ytoZvV?NJe+@#HRc~@Yy+*Dms9M#)em?MH=ne}bY#AN-lQIw`^o?HJPFL={!tJh8 zr3I12+x=H+g!D{#JqHI!9XUAZFk?EMBW3- zpk!T`S~AX7Qw&Jm{pOQ7Sw){7p2sjWG(i3%lE*Q#;_vN6YR&KrgvUgOyQwGalMDw5 z<`>VEoXP(ZVs}r+U9#4d?FKr|$gcbSQTDE2++zqC#3nh^_95$Y&lerv$o7}jj_c zJAt-mXin9^rK>ln0uB?Tev)? z%6k(^YNzo7YG~bA-;=LG`L*Y?K8MGl)?P-uqc|CsJ9K9v%^Wb>nV7L zCv$L@<3xG8a4 z#Tx7Y6_v&(32Qj=MhKQ0smhQ|n*!omh9ErFN8XN=HR-!?ZbfR%^?mPLTNXd6vLR}?mG*HEmAE8Y7mPG+oWcuW27Yd-gP>fF`; zTz?u~q{xaTl6+*p>U6l0I~$2BGuAp*`M9viam#HeM{cwx6ewUw3V^q;Unyv3%w**cK@YNNcM8^=8I5G%Tv?!+klqs?8KFFGLv=Jp7d?K?xu!NiB%8sBhkUMGmma?08^a2KeUsD?-=#z)gjYM!Q zj;LG}qlQ-0Ub$4D~to0_Cw6EhEI@FE2Q3h25E^=Rj6o(`F(gCoF< z5W)(oyoLwB^tqmPx)uSd1l;kt1fbvSqD7}QegdRE$#R$!YO-5ONOWaXRuo@dA*Xzs#|37b z?T;unlcG9W#Q`hid0czkJnm{7-*d`&_jllqdEh)w5w2AFB6#Dp(_SwuHymc9n5Qb{ zq4Iu|yx)_&Y)xMFWQZuHB0!6wg}c`5~V%sD!EcAqwa=t z(Itznyx~}h=+tzT6Z1vXOp%Zw`o!a9k?%zvbiw$o3nIA}^16$NF5%Zii4ac38o0>9 zk22Y(V;8SNn0(ZK2l!4~HW+%atl?{5YwYg-StjgcJ{{5j!UXLj&hyt4Tc#7}4d{%;%kaX)9JXVm%c zOXf|fDyzF_=!z!OF7Yj%WFSwNDMH6?t#qI0#=LEE4S^`>Bi_D%>i--9G%;!Ol)5f& zJwd`z+?-y6vfh?G?7{6V`)I^~obD+^Tx^c~RF!L>y7(RwIbDxM!k9>t&v-=IS`N$g zo)zW2_nTkl;5Z7oz~ME!az14-c+rQ?fk?EjT24t`;q3E~a*hBrB#HxkGT{5P$MczQ zsGm5M@KR@59y2@?x)*}U`$Y;`VEN2Pyt;%$IDOgy z>GF<@d&+^|SqLVp^@(P*!8V*Au<3OtT$2Gi$5m=qt?Or5JS*hIu4nM-dXb0>ZL??Y z0}($CK7QqgPB?RF4*}uhE9+T9dcH0*Z&PT{Ij!XnR{Ws)udq@ZtNmQ9d+6Tn4Aj#g#b{~1T# zxbSCF*Lvq*E@z{p7jVY?|730Q0?#a}onW{_Q8MqJv>#4FXIjE!y+IV5qibsB>Q27; z&z*G;sTE|FY6X82@478PhpO2HV)mVxHw3Km2gpWJtq`lnpVizJRUHbgq#pty>nUGh zX@)uRFl|uv$)bH#CQux+uUS*e#Ey>a_1}=k;DbkaT5yi`e6V?P_#O3H7!*2dEjMT72y=Qz7cZq*uOv@e(w!xj$erR@`K(`g)z7Tg^4-Ds z@?=sU(H9$nGap?rY^-p@ouM-q{<<9DKX|!4p|?eoR5l*K^TvcYKnM);bhI%MJfuua z0FD7_%uuF8@imCmDn%W=#US@ghqp~tIR%sUpQgcn?m9sel6xZkG37BN4sM)jJ0v2h z9Zfnk*2d*po++9>=VqhBwQf@cRE=+e+J@(OrN)A5bLVAqxA^lAPeA#y$q zB}j;ltw;B-Nyj~`!g!o=KrX=xYJ7??%rpDR2kAN}OXiDEoH+w~47R+J+&i>ivyH<` zU~J{Y5;Nrg5Gwpg@>UT`as)q})jMrlaScl?UmBjM;q@0oC+LLEa#RIS0kp4Yz2g7b z+a&fKOor;>9tA&$fi8>!n;$9>q8S~1#kdJ~O8}3W*X?BMqeB2o=b(IAC!ZS9`8FvE zHK-+QQ*Ig8_5H^(PlxLNz z{*=?F{%JRvzOC4cM;Fa~hj?>rS;NE_BnvwIh~FIC?ZLwP6v+^b|HFE#&B2Cd_%zM* z0L5O=y8QG1_5zlCsNO^jQb*t-6Mw{+bL&x}Cn!-XK`~3fx{JouHmP61ejkHmYJ3w` zlpR~=(-+QxJKU~L?T@m+@18Na_@3u&c1~Zu(Gd_7@7!u}T zs@Xs9E_lxw!tWmIReZLyg+GY3g8uP1tmq(P^47^m6-B$Q)^s}#aT9K`-MoLh%ba|D z)CNx+5xE%T7#oGhl*Q9U{(nDQIOx646yYuNnOx{rh&0KfMtm%eF2{@3y2_9-KpM7?8h^VQ+;Aaw z=fSJC6<>up{8FlDUvlO@%1r~(kK(4!A0V?F{;j!2fDzo^_MTnc8d zSmrhIeHv0#Ycx(i4++t+SinRq@CGz#6PSoY8mwrcD;=`oiz4L?+mVH=fjv}j;$b4j z4_5q0$U~0)QBxyCqFh8;$4q7`jquauz0>v;*GTNMH~xNeZTk^vuXtrY6BNc*j9K_N z`wfXR9S@MHrc>o$KYgA%vY`f=T6qCoOEPs;Src#rQ@%_B0G?P<4oPZ=a^^Z{$y82 zw9q)O^YO4(ZOcuae5eMe;i5{%X0A$I6U2gPt)r8!4|UqJF<$#&&wVhxbz#CzM?ogW zSzyNcePm3Hj>n9vp@O7=IAI{5sR$Nc8$?oUXN$+Kw;L|MFW=Dg?epV3`}}VEHIN%a zKbvn&QZ8V)K2nGMRs#RH`S1~Q6mD+T_6BC2U@O_!K>E1LR~fO4{?XQFQ$rs#B&5r3 zUYc4DDLKSF)hG2WB(K;8mz%_41PxAxpf7}~l`O^eClk~Cn&$Fo9)cew+K^HG_ShDiFoAgiRNOOX zy`O^t!(5HPijr%V3sZ#px&36f98yU703PEZ$Vv<(fkEl>D#si787oWFn}S5t7dupq z4cm%TBI#*`qrj;5pZ6tZeU`MszJDS*=LmM9ZiIPEr4zxhdcrVyYhF%`%=cQ@RPsDV z>FeU_D0#@S#h6j)XVe^Rp;&6!N}cbW%QGPL*$PVR0o|)8@ou=FpIw5TgvOmw)-%5O zn>tIK3gPc<^8SXgIfd#XvJzT^w)^zrtar|rz|(F#g(`o~R7U)IZixR(a!Xz?5T(%V zw2fn(Apq@}g9=^gY*5B9kE$M$;ZzlBW(tQjxG$1%KCL`tfQ{u3tFh_WgY-S-X6GPs zefPGC;9dbFq$#MwMsa9FTg*e`2GuSJc3wRXnyAKiiI;unqUFG+dh_Kp%)sJ5-bp!r zoG3qGXlEh&pGLOKSY099|7%7DM_cwvUcm}TB}<+5hA2z#Wb5euUT4LzeA1G2z^d2C zo0G4iZUnRTClfQiwq-TWdBFaS-T!@`+5=bEQobr~fw2Uagqg;N91s)B@#*J-O9 z>g^b}0nV(?hPh#;_bl+p1*(_=qc-vpi$C$U%x_C*ahLRrudvqGiIBCTIiU!^E3W> z%4;7^q(0Gf{N2L)boGt@dB^%6w8MY?uyP2P;p)edFPUHmrBt$X zl(V#+f|D8GmJDRmjiyZkMIAk`SeJiSsz?d^)|AOOF%5U1Q`gRAvZU@Lx0kT1Q0bh; zwsfWj<*o(;cKoH%T)!5V2X;l3Gf&_^&NBqVKng`O-!)~HS3bwv9+}yGEqxRH{_iDO zUcI(MTkcJ8*PCVJT7P@x+k1C^9FYqrO&N@P*M9hfJ~}(>`wRRz!r;5& zEl|X}!mx3*7+avvR^G=Z3q#4msMP|+(s9b#saw3taO%PP;)&g@BGHTvaK{77g#q~W zH~^4Do&j(u2QHU1MneKm)|17iipcdyNh;304ua%!4h%x#yHK?{LPunx$=F6{jZpAJ zHp2#_kB~A7aExclNSDF=55&5nkaXDS!s>2SIOo?$ zR?k64k{`&S*jB6pCmS>SfJg$N4g9W}ej12zQ%hM@AWXG_P?zt_vJMPgMO3n;Cy|7m zwBDZ#8wJtP&aj}`RbY;)9L|HGZpdq{g$h<7t^zX)azPnB9#eXGG%?7+gn@v{X&lNU zg2>uxuduiwvh~F;)hkGI9eUSp)Wn6R8FE(Uz);|4}6fmB&aq)pCi*A zs>2%O=hfuT!gvcjyBc2Am*}%d)?EYVsVHgpVtme!Vh3I78K{?B{}4m@F)s%ruM4&H zyJwS6AELI{55qQ=NFE+rit~*{8u>O8mg4Nm)F7FnnY_WWi!GvM7^^ffaJ}E8Xy*?# z_%IpkE+^hct}8FAMr1Q4B^RmQXZCZh)pRB=uHNZY6y|M5o#nE9)$8%bhTz<4X(DbJ zNW(L*8TBm6P9zhVeqy>2vm$H$f84%P)`4K~kpKoT|NCxnumR_=Rd6#zRf5c0j^mBs zra6C-U%5RBj8{U7R_0a%mnDgQENxy$Ybptnuc#G+be5`o_5Kj6mzO zPescsyW6Akw(A~G6_z`eB=!eZ3iQ5smw{u4V&qpbK@_bHSB!jLF>+>xT6Xx28ewcB zH|9#yCI5_|RCNpMkG%62&Oh~enCM$S6}+>7TXS!z!h7U*rENMVfSIm=t;ZDW?mvT^ z&Y|?**^e*|!%uf71+15UGkMS`3UYN^&2bd7R%AY$%(q&tJ@RlU(JlGN+C>?u7QA5( z&`~Tlq(Eo)>0KG;mVe3W2ha99lRpb(DKK$Q&ei073;lin%D?{Gz5Bml{X`_Sh%|<1 zg;>R1!MnCqLUU=}_}(c={OZ1(`jSC!%F4%$SjhGn24MAY(57Y<9ZCvKDj{rZ1eW7t!Z!?{=>qR z{{L@UYY~G*9hU?%3eu9ad5aA`yklQXs$X|FnS+~( zVAc1P#fHqdsEt_-nMqjkLPgj5$0&yNo_tt@t_EldvJ#w(1wG2g%yK9_7bFXxQ$aH$r2x|RyhE(R724? z3y?fY&cG+hQ`+?iQOBEt7?SwLnMkC(Nlmc~0XXY%^BPbGE*l*`trP{*M~L)MxpCOA zi0Ri>=|4M;Zl`FU|IcU7PHmhPU&0FKX2mzc78-`E zQFDY4*26{IBGQ+6rUM}1#E%q0Kuo@tJ*f(P=(b(4ZfdpesY$U_OxhX_hVd0FAjVU6 zW`U72Pp$Bu5s@YRM8m=++gk@kz65F7`#p#>1N{*FV~P6vm@Q_S!mou8RVAvjt6TJ} zl`183O6wX2Xn#y@85egjo}~|*CI;tP{V{2o**iTWmO_;^KhkSLN*RjpzX1*_^mX%J{

      D9qrgO8s2`=j@> zw-%?FKSr^FcI^4{=tS%t(y{J$Z$^B5A9=^U&1|{odU^4X`U#cD(|5FEm5s~VN6YEC zA+$oW0w+-5DshiyIiVS)WXW_c@m@hqK!0wHf@%-gQkwJv9VtWCqwCPO9Rro&VuN@- z$$pWbj`%Ro9Ss=%aw7PnyPTapb&o78a0R=@&OtK>8Bk@0j=i?tqN&f`B=Q%PGGT($ zCg#k70Xt_T1j4+3+Oot~78mOv2x+&AsSPAMEH>2`&V!nUnz=o*YOrdfHY#~c7GvL^ zehd;+t85a6S6+dwkcJBp$K3#UVR8t;F|CZ%RvnZ3<;;D>34NsV59(FEvTnjj)(AJ@& z%xrYsiz&2Qf~2{>|21Fo$@FQmr_2tv_@mjID$GhTLHwizjJdDlDp!=b_(4tM7#yASEw zC_Gh1lVVc_>wh_}jtXt%zAJq~qgYRNRrD!2vGWQQ`SJeiGnFr#Rv#TY1dd;Ux^b7* zQed)guzbmK4pKgv9x(Jgxo1;+*BL}Yli@DKn$w!k)^Dmbo4WZ5DN0+@a(Z^>RwLbk z-8-W@GR173PgsP&`-6NfDN``uj0^0;uXHPnGbU6ziO-CU|7oVDysa8q$F>wN-6MtE zCrvRfB8Ol?F$0G?rlg~$B`i_f7`HwqEvkaC82?=D$D;6yh13kBdd77YS#3-2`utn_ zkXwyJ#}217tUZkZl1(x(5=%H+2J#)GLaUWKBlf!A*h4i z9){WEZ{K>mRy3ml*sRyV=BS*ni?Pl;zjebdC70lyJpu1`l?Tk6Q0qFb10ihMO>y&m2Zs1j_HNZ3b4N~<+RXHdHkDq$(Q<|o=0-!pf_)YZLKl+z1I(tg zPT|T&jaOPKzBS|zUWbS$B5-zKNmNr#JunnHy!3b=z_YdUWo$j_SW5P#x-E*IcI9n& zP*HfGP$4Z4wk+pLs}C^Ggs~cO{Z1%9{d&qAvm)?cJM-3|u+fSjg zV|`M%X`keJN1P)rEO>&KVOr1;K&`TGVLTXKc;!LxTVT^@`}gNS1PN`>`Z*68yW=(N z3eH-r!*_)z2nB2pL5V{y=98p&;@|+|4RrW@wUE|3=TUwc+=cFq4*BFm$g-2c9AZv? z?}JZES##7E<=1eo*!xjSbd+sg&gi8n>wdx(bdiE08&sdFA!l5*t;%Xm&PDF0-;&3Q zi}YGUaai<&d`A6TIyZ^YlB+YPK?gNPVcF=4sic_EV?nh_s&0}*BIY&)zIZL*w>vw+ zW~d>}n$*{M2Kv2FrjC6DwgK!8)5Xbn+T@8X#AcB~2!kJ~A@hP&2y=T zUJm=eeFZHGG6JjZJ5C|dCM8_NYHAwvhRkS@!w^R}|l z?f8WYbSV=to}K#OmMTS=iUcqLE=EdCjF$ZT%8?5XiyLEqxvh@g=zzV&I;A|{^<#b1 z*5wEta@2W<#4G+f#w|ilHBhER%2ZKb#cHNB2m@pxa z*G*}%9mY<2IqhZEo8PRmGrv|lDEed@_AAVV8#xkxwB_m2;D-DM2VDBrKe|@yGPsGk zN24Q(+3el>Z0mu}9>Q);dfY6YSCI1`*a-g>Ge)nExmNqeWY1G=q0jzpYFhM1$p?b< zgXxu5PqPYL`qmc>`alfKe3QF>bR7ZK^eRCZh@D-rtRnG3f&yO)wLCe?|? zAC9j<>URFfR@Lun>e2iX(3#>>G5-6d)-G3G(=<6251D&s%RY$-rbHbjg*^9XJxZ+f z%}lx*aKPWl!*6diggcpYD=E@JhaDHIypH~xa-({e0dIM|el+2C?U%k!=83q@9c_z?OFLm!dgE%J#OCUa;`>R)4l`_=W5&-_AvBg-U9SABrTsvl z%jE^}AAv_Q;6^smi=P;*LYVE#g%Dwty~ER!xy~o9!Z!ay<3|5IOF5P8>8SuY?Be2Y zuR@b00=N-HVo&;dI;Gs`COuIoSyCM-1v%X5lQ)2#TjC**EdZ$*_t`u!WUo3@NwY`S zb}L?Qq?W(c;%}9sZ2b7+LGfGL0v$mT(Os_T97(2q$PcC9M^Y$D}A|&=kl`Lhz3NT5e zkXs9-@pqbj?c&sek){5-R>%8)R`WhFn3NP};A?EAlP^(q@iF%d50mpo&>FrZ#YLKK zIzs=vvtFAg`4FuB8lgfKP@3))euTIMRTb4quGS-g87 z-z(-1)Xe36;UBJvJjf^W(>ZRKo-+owt0OtGFZ79Vm4kU%u|Ms$-OpYp4`yYguIJ>z zkv5LyhQ0Obn}$D;C+?WX{c4#fr|2!^rDNH_i?gI#BHNtT`vThs(dFm^!rmSoK2<4g ztNcBoQc(=eh9_7z+{`&s5YD`xi(J0;DYzqA;BWAo*T74{p&LLeYkb>ckF{aP4u)QF zz{1cuRKWM!+Q`{6wymO%nQ^Vx$hX)qEPI%qB+&OBys3?>a<+X?z!?kXgwj*R!<-8N zk80);iMiOe;G_)*T`K{C9@H9ZdRi!%+dSx(I`(T9IB84s6my?u8;$s{jjfXz8YWQD zU4VUhrhqA&1W}=PL?Xpk!~p zc5FJ9{PN}mLD{7tIo^EKsn3{SJhOutPL2KH>&TkUDUTfNrMAkUQUzG}#`SN>9Htl) zS{SJ!CV$Mtqtk~)ORptqqJz+|+BZq#b_UFPvR%Yk`t`0o4Zk-R>+kwq-~1p$y{GKF z{_U&DYp^MAFB`o>sc7F`DYBy^f4Q8d9EK6Z*oHmZaC(4}%xJO?d@m|HQqg)`SA7jI z_!~2o{PIQ^LrM=EE)hs{!O%8Z)#jY7jdxF57cQdW_&?ONio)yG%r;qTAL+=+jDIy4 z9)Pq(xm+eAq4%wNODY=g;##agiqCue>vJBJ*1K#zA-;`mSUUgb|7}efVP1w`J*~AU z0l%76_r@N-)3o+RWX36X)V@<-ziLV&S});z8g0QY#+BU@nMBrU-Js` zz$+bhM?KkCv7GwiI_-^%`Wij98#scm9HEh-=`tjCU;d~}>RSJjulxh5d7YrP461z? z%T+=Vk~H@7>*h+a<1n>1?{0h3j~%(*Q1U9_*!;QH!_{8Z=Fig?YPsB;bc=c2!wJtL z^~c`zsDqaX!f&veU6|?UWI!TEF7F#0+Uq(Ddu&zs$}FB-{ARl~gk>G&LuiVgTE<|E%o$>)x~I^q<+CGXy8wnn@u z4N#1-B{juld&M{O?P{MbCx401yYO-R>CJhSFS(mTdL~FtJ*{3uS;nH^Lt{<4Y`3e% z)&)Ymxpb$5?D(-girMMbvRVQLxmYS^*4g$(K5}6arrjih?TZFSPIP%Y9u&yz8N6BR zXAGZj4qt$r0X;2z*s`mMyr676R@SY}U;dd3s^FTm zkt;=68LI+f9jBQ4j4b0R~w#C_pPIoXowG*`8^M`KM2Ni-2{qTnL|eoUA_ zYb-#D!;liOAG5{fwU*NR>bvs)(Lf{EM+sLV1+K>#xI2lhXU zmG!R$Oq<1(jg~DB7xbemA=Cg?AJ4T|Uod0kPGYw5xV5T?y?mUc_e=a#JmFV(5Ui5> zsNIxGvYX^tArbr<0A3mgMP*}8>6zL)2j3p>m9-CVu&X|Y0K`<*B?&Ks=jqIU8?yl9 z9u>ENTitOal;eY(Gb>{dmJ)K@#2m#U=gxevNYs=pnWM53K+Z2t9H2_e2wl8>c}^s$ z0tA663K}OZp2v}`a4rX*kO)EsIF}7?%;xK0e`x;n;GXW(fPFy*qqiobZ@1fGe%c(VY^kb&XoWR? zB3{)5yf6!0hmH=`{f4e>3t;in4khQE^ zvrl@|+av_JrC(VW2VoPp+E+TWPx;50x2J}B3+2#u7C5O{W@TM)IDKBk+W;>B5r!q&rOL8R!M<-!PB4h)`ISfY zEW#En_FF($cN<5qzd77yQ7CC=858qinwz?ccXz_0iyCoo_X4C5>7^@V^MwcUPk2Kt z@5yG>E_R+(n1h2~R&0Ogl{QcLkC{^r6xx@FSX9}XSXUkEljpT2l5B(DyXEDyyR{lz zFFSQkwdX`lA?CgklU*NITbNjiJ)n~(P==t&dLyFL1JoMP^6#hTZvZo9dk6Ov?U6s} zd$Bx83j|3etm^64?pjshL3L!_<1Z&C!fWQ@Z3WMZTV7m>-J-K0_1%NrT8gzpx!3C@ zk9%L_26}}3>C+UbV0_0+acy4QGP(*AA6;HSCm7TZ&^?pq-6w1w59d7vv$UQd9(D#NXSUAZ#RwXXXYwIG0IQoL{mW+*h26V$O7Z3Pe z>4**_uC)K9$PPmU|FU3+}wc=+#$95}|UW+aAsA;O~C8PdWa07Av?{QNp;uh&UqL z>S`R^=0Jaa1suqn<1Tw+h0K1_2P@1gG=v|ZUm<+OQcN;lO(|G%DFaZPt2#L`YYW2` zl1Ugs*m5Sc&1WIbVyXF@bRBu&yzS}Rim7B&2CoU}9I&GrB*xr`+z~q;*14sR7F=Vb7=7wROzim~AmS6q; z<19`==7e$DdU&`go}~0 zA2duD?*1{%Zz;l4B;`z$SrHbE60Xd%7X1xcd^7AM>?(%5ygg90Q$MiEA)DYd6_-h+ zDKO$T=cFkJVx~?T{(#1)MGv-2rci%nN+g~{>M{t_uVM%n8Qt8$rUd>s?_i3yyPMdT z{dF`r`E?E;hX60dAozaqo!$)#_Q)Q6zTAXcwgO41JLf63LEkit72SAj8V_WZKgFQ9 zk2KvdGw-8rW0qQOH?^J8?Dyt1fXSD40v(?$ka5ko7o;=0__qjQD=oh+eh8sewSE=H zGDNZMWRzZVMvlai*U&>=tTmI&WELwfQy-dOy8mSsK=bX|4h~?vR@dG%hupAU0g9@T zOi&M^&_)7pSnl)c?-ZjuGFYef$z5`p-$UpZNdXgdVu=s41oh{u&!Bi#haQu zP}#)iS9{=w*!I%vn5hZ6^NkAZlobF;X?fz|d~_5w=P}9@2h&TC3xYiP0g{h58Wb;( zmokB<_Q`LDVX2ESLCGRdW`Q0etVsH?TTvBX%agAbqQu?6$vZwb-zJ|ICWqV*24OQy z7i>cpg)}0H%2^-a@{sTCZ~ow{D!;hPf5IejW320*Q?IVuG;W%j&PsT7f~g8EFq|6h zsT+BKjzrgLd0|8~P(e(T`kKvJP-HpXK}b2P&{NmJBGjC>%^B z;%`~Se1KqIaci&`6NYD#?Mt$4-XSGiwF z?(6-R)d5qOii0uhV~lq={_^nFv8_h8lp$c0kiq) z)m8nrmjR;9@RbI z@@;&o^k1$62G8*x83wu(^^%2iOb|8%v~04A6pe1_Fv*#&CPn{>!Ny> zCOL%d-YXfbRUHy_BH2x%v7@BJZ!%+Tzl-K(Vb4{%pvDVzYP0I69sYFrd~n<|2@-#Q z=XtGw0cHIV!{0xieDv9MEhFM~PnSo0mLX=%4RY69q-9rk)FIsilzuB6sE+*m^`Sad zupo35b?j>_6?Lt20nKzM*Ng8Q?diR`U$KG)R)#ISnx7-sZnj4^CvcIW*1@+H!Q<1( z%|EK1OQ4-RXnpe(I5gMkL}Emb|Kcxi`V8POqU}pBVH~pMMjl0W$7AUdky}cp9Lr3@X1j2tXQtCL^CUGZw zwENZbT!gpxcLY*@+Z55(Q&*sNugj#sTE$%%~4Us;4uEQKhFwZHqi2$Eo? zB%9DAoADvRgWI(UGFDa%oO3y&5BI&z`K>rZL3gjHcg;y}lT)oxHTM)75IbxF3=^-nQ?wxJti>C@6rHtky<%EC#P1hGLi)t)u*;Ap2C$%jmaq( z?)pF|Hxl}qS5Tg0u!3Wio%XKv`_|$g7Rf`h_r33Zm+QLj&UyNeg8+PQ9>zQgLEjjqHHP))ri!}T^Vvi< z-s^g)<5J7yd@#V>WS7RKk7OTD5DP*GVWUq;#WKrt6>~wM*E{o}`B-K<#1(?zu2^Wo zX8w@U7%c_OK(+Bf4h8a@M|Yvvb^h;7bghVJvs0Kmq^4QZmqcvoq}%%4;OZ^-MI%jgf?LOdz`E+*S%fu9 zcGt$(xB^u+kTT2R2^|;L3E6Dj<@rrQ`F2w_YAxm8A4Wyol_vk&tFq7YzE|}6{8=f~ zDlE>s`~s}fL!8Qy^tQ~1BS$JPhzMtDpWirx6mkcF4X*iUI{vy48PoV)Did8v!!fV) zha%9(e!(RlRjhAzc@-8fQlo)%FI0fKw2k7K9fHi183;7v4;N6%o{WIQM#tZ(MVG|7 zNTpwq`<5zQREDemGXF`e1mSXOQqu9rz@3$c#tJOoLuzCYbs5h(Ut{m zLYKun&Gl4VF^S7XM6x|5FQ0qz!64uNS&ur*i32$U`8_=6X8+eOn7>p&BKP%kqCjYMeWsfqPvHp~8S%9pZZD3BPt8Qed0c{FYYrDPz&yW<0V-rgbr| zhXa9SG^D1#V70{rMabm1lt+RVp^k5v;^r;2PGk=f!H4oBQ46N^Evo)kJOKn%54r)NPMzY4`q(#5KZiqt4oA+@ zWoqLCJ(|4=Qxx~^*dub7h&p8GI}i6Nnfvdw9rABh4J%jOEPo604Q*f9{9~cIOw}x{ z&fs?C03b7ZBH|QxALiV2X>OhN#PHALP4} z--p{-urA*f5)oeCZ_S^3`k1G?+;9P_T_bCK*j-1OWKta44)`Bvz z^idm4*lKyJMv&;U_0!kax4JmSXU|ZX;U?36_hZkPh2F%oeMRv__VmAc*7-Z6VBf~7 zpQ@p(ZbS~?Bmcl0rN2sVJV67&nA34wbu$8v#q81D&e)ve)~rB5ebBPi=CPm#Kb0j6 zbAmsWUfW9UGz;_F_TStw?F%8H8NFk{5hjF(I`AnA`ZftSS*Ay^>hEK71KX7saNG1U zH`YEJEiI0}h2uZO1N3wNwZEX5n^XZ-S&?|fh)%B0C+m@-sJwfhSEhDWv#He+e&KH- z-alxp{`t~(u_XbT#$y9C*i1T)w+>IHLZ^K1;v=@mrtC@o{@&kzHd_YI)|-?S(@_&P zq_kzS{m$z+VyRtL1>-FN%>Q75Te=GAV!kx&N{|VD&9VRS$*=7<7dQMJBYhYJO|b#8 zw?qV!5QpKA!ETMW6l-dJ1Q~w-6|Lum1feau_5~VsciZ!ZRN+f4qAs5N9SbiX7&ZVsB*-&m|Lz^e$s`V(4)G?<#2i?7ACg zw|qynrz@g)XFGa?VU1?y=gmp&T_aM7EDCEIgULx?Ew6>^FIPm|pCX^bt@Qrg`d?=O zC8dfbj8UKMWMX=bxeYcTj?d&ST3U(+apK~$tTtizjEMe33Ziq;j?N}3x%aSfXu4KDsAIGU zFx1t~RENRX%rTc(l0>$T9v%%2@&$Jw1GTVM<8Al zA5<8yngf7LW{}{WF&%9A5P0H-mI21`!8B;}-zrFLV=|58t9n{FVG*dP^tc}naLsP? z!c8Rxx47}|BMG3TE-%bRG;URnZ@!la&%TS;IoDw2$NiJA70$CmbHd98h|s?S^a`cF z8ygpa!qjK=r@XLF1;BwV<0I*5@Mk+ge-UYb*VgpqFYe8Z-JuQ*Kk80bYDl~{gc2L7Z+>>g@3G(CcIu;l#Fv6GKI6^cmz@iKo4CH^W_z_R%|=r&d6 zZh#2pX!~$)&v!rd{ujsm+xxg5X4Qi!wyJsp=+$yTA*ZgMLr9?|sn^Q&bH|7AOozE| zNv(Arlr+oCM4-D15%QX0E>%+pFJS3ji?vBoqH!hX-VO?VEP}OJl`DXM!D=>3YRI*n z(2}U6I&=qF7Ln5EZW`~YMpn3vx2ZL-xI`0u@~}=?OQdd!4W@(-gHf&Ps6ZbP2J^KX zizKbcgMsx4DiM<i3-nh{s!6(68xfcr2N6FcYu`gppZKNuH)G4-023M5z%?G(4#9kPJTPW={F+eS4dlC-E$Bncsvo7TZKgpyJ=1Z_BZrb zX!QR)NVPl4BhX&}Cu`ZGwEp)AxZ}UVhZRYdZ$n@*cDj??_zm}3luN-hpbDKT?=w3U zp%KbxzyLzRq@CtCOcgeH<^#JgGTAiDZ2=t7HX{eLVdi1YF{)ELQw&$0Qut~TwSu6O z<;(YNmC$w`)meO#>>Eb3z%Ro+G+|45n*|L}^*Q*;oy0Cb_}PZl&$gUlxEl1gDJFii z`Kx_+s$v3xs7%gfe=Bs=55DQnPY#3Aeg@;9UwFpoMS_)EcIL9m3RKeGf}f9o`j~O- z!OXxAmZW%Y9>x^?j!%O27Cig;SBQ2Y6fro^& zoRh;af!+kOCZcH7WGsAr=;!j9o3t6&;UnYHVs5a#v^ezWXi0bF`jHLo7i+e4L$nXm zWyI_wK8*>DRVvsHaieU@|}fhM9du*!=NV9b{dcrsCscO zR9DaErpKvdV;rBm$^g_v`ZXdtjWHL<*}>yFNRkV+y57*e*Soq}Fef*lU7 zQTsj0)W~?ngAkNs=frLo-E&UzBuQ>K{4*FB1nW1oBN>;Up!=6a@7BPJasD{wBNjOq zzL=dwx94V+{e8t1MTm6Ygv7CTUOuf_@Gl_*==Bk;{>--nTktMx1z*jf$8U!#+So!e zYnJ%6d@rLo^1JyTsokU6ef*33bPZEQZMYc`j=w0{@MU;i1PGdMa45q-z25SO15d_* zcW8P+2qvS`fxg2O#E_97@knb{&W!n(_0k?(E0Ny0Kn`EE5@$WP|wt? z5x@hZ?XgXb70iXVA(qd~RBFUaWdd%rKELs5d@SXm>Sp!51DTFT?Yx>#3>8SnK84G? zNNmC`T@=|r!1m}~d65*~?t`XCp+&_T%?Zqn@r;xi!IT;^Lg_N3Af%IoD+Q2RU!m%0 zdrXT7d+<{J&F?tE2Ep`oqc9&W6fmkd%{p?A5ULT93$aB|; zJ+rz!jqOZ6>o7k8NCLN!stzeTg0ur-vi>p$oOa9edfLtQ+Ca#>NMVz<9VZff`BDrx zcWmt78Vk(8`0{GVZN7t>Kf7Eg@B# zXr1dfZCtT3_KCn~hNr)WZPZ?OSX9vVWAz=C0xKfl8Oj-?`^n4X_9@r+%KQ#F2+sro z1J9Bs@qd71afDIy+l+R9)8!wd08Lq z9JqDmCcF6u{!NZE4y)HmZ*55B-?V2)^8dML8HT=^GJH;$r}461j}iDkmo0-&|SlN z{j|4`J4{LJ499No{#o05-2!VFx`o+-Bb_`Ob?jXo3CZLyL~t?#wMJOcH1?jHDnnI3 zwG{dC+9{CJh*@rBAzZBp#=ety_7vT8J{QOC&*VA(_>HM^TR?!b zG%3RPvIaF-u{aJ!gD=;Q3d4hRK7Q*CM(%>DJ2|`BDBT$`rUJQn3`N;~bf3Q_3F^8- zo?|pYXg@wtC+mgC+v5loO2WSNFy1T#sGLKvOS5r|sfMj?3TcCFQnZL3?n<4!tHJB$ z<}r*HNckEP*Rc;xED{r;^oh>O&cuKxyxYM%pjt031kDamz&UwR3 z2+XXur>sbd2Y-DG5@((jCS9O@MRs$u*PGSL*8hS&ObEI1{pehRn9R?Fk5F|b3&L6* z397xr_@SCGAv2n7$fsz!#B^Gi?)Z&{uiWc0%~1??PTq3f1ga`$$VDrC^{~IErWJ3hSMi3C7;dXWLW|-r5Yu)TiI`RL_ZF$#jkY*YF|-yX+M$i3 z_V!?=%Jd*)^h)h5?YYctvOPUpWyl`%-Yap9GQV=h0<#)c#8U-?l&N8%K82`a*q6D{ zFANn#vEDeC0groLL0t&Re5z=c&~J}1nW9yJi~3dTe8X{@?OjL?f$3%v7q3m|R$UG8 zLv6E>n>l4%OSEfe{KQTw#2kAe0W;CF2Y-&B(7H!N8@JkAdrtAqe)*x65)D!9BLe~& zi@9~a*Am3T7Xq_6X6=qs=7=TIYsm=rJV2O3FrZ*?Sfq}AqumxS9U%|qYQeCTh8F1A zd~Ip?a}nJ5j1e%y60Zf!_Yy>NzS=!A+w()t0O|GSc~xt%5bBjkrK}C~prV0J^>`}< zeOeQyn?`@1_|)@xEG#JP-nrp%x%_w#$U4)jxjMc~A`I{2l_XEn*jyW`m}mleLWh<` zn`?rn>P!~G2aP{x!X5s0$Fj=yJ&MqXOUG<}Wj?*=3O}{Z8c!T?OPkbXM9jyg8trtu zJXR$wct~sIZkv_;$DeEe?WFSu`Tx_B0{Eb{Z_cw%t^n7-gul$MfZz8GMFH@5RfoAK zbux049t7-xn;prmv&8jp=P=1{9qZu1|;Sk@u)&Sy5SxIV_3>&Om>^2%FfTsReb^Au%Yekd-XzSS9Lme_e1iVMU^ z235B(nHO>*Hhzqs@=H*wtY5j*{UxHSxucnR4cp!_Z8PZ`=q~i|4+)JA@g6Q2RbeTD z0gAt*>|Ao#Y#$rAF<+tku`c56$OYJW2ct?qDczC#H5G`v~$v@n}W z72ZEwU*S|?Y~4H!DZs7`$JlS(RuY2P{-S#OraT1u@g;(V!Z+CYKE$)_>slp&FuJC* zSKBR&+uzmqtccO%_Q68QF2}&ew_m6z;#zB;2&B2SJlDM7^k{#mSKZ7LRV(^BA4=9Y zKNwb+ZQNwO*8FvL%d>vXRa#y-nXWyVLLEs)bTF%%a$ixM(|4q8;U(!I36BN8?mKcd zowxecR&Px?x10Iu!TX4bHQSuFiHMlZD<9d~M9z=K9FGNOzp{y&=!EeiJyux1;(Ey= zJi4i1&1_lcn%Mqbh^(-!a~it|RjjlE+6>xam`dkWSrqJ2TL~K(JXuUyu06~=F_Z^n zR)NPCF}W5rWs=_CRY;%|#{9zB+N=lz=6-PzcV)OF&|Be$gv85)On~Btv_w~g4Z)rR z?bvih;Y5Y0Gj~K**W_y%IVQXf5bp?CaRuE%K`@?~U|1@MK7iPyLK?35fma)Lo`ouN z#NIU!gRd&mILObO;xBz&W6D25b${J>8jkI54z^=*cdBce)F}F#835rvLE;7BdG8ls zJFCgdGEGZYH>+t}q>K3$ySiFz7jAg;2JYd|9V^%*?@Vc!vW4`ONW*iPOs*3bF_ zZtFe71=Y&_ob0#b6^eJ(&|&X0>tOCP0%up4rQp_67%pL?CPr^9<_Y$+*(vPtmY|P| zrZEzMi_z=HpbZPuZ};FCc6yBT?!E*gVnp%E^0iM}h3iWn%XE|Vb#U0&*_3+PyrOb; z3U@7IswU0x@%`&?#TXLj+V?0bgTDc?nrpb363%ynhb%5MXip(XQNDN4+U;xd-50F^ z43HZzSkCVIo!P#pTV(=rQ=A1--&nAY-rV%(ncdCs|Bx?wpFa4QukF-lY9m6Z3#hx5$Gesrf7A)OV};x7OzOP*>c@; zaxcAFJx}}2B=0>?0@HII*c=fCX8cU=>(~N>SIMWfMMAOy27Y52k}~iyAX#EaM}>Bd z?$C4vlX=+{CHh*=^ZCSRx2|$fLT6crouuAIbLvAuvM1(SPu7-EgAn9|R>udRyuCbL zA@(>O9}2kz;5A>pt>EbV6bZdi(^_V>u4f%CyvveDi6;Ume>c`L5EW)D!hwF4cGG_P zr#FUK@XQ4(0JL#V?*km4J71WdID*XKFY#a1FYzPxs$GXh9MtUtxbgt&CUztlAX@<> z0u$i6V4(rK!Qa zq73J()iWV4rc_bTvLfF<`L?0GInt)bk$j!xaQM=z>$gECio6;ngjHIl!I6G0PRPir zt6&}9HPsd5kGtoHV%#($VF{SVfe`RC*(z6zHPest(es*9P8DaWpAA%grsWA8<2DO{ z-k^Z=9Tv;?SlH9K=Njg1iYeRQVVbC%9*@?1~$PUil6 zu(Xq^{OJ@Z)bfLNvHiVS%i)zVevV~s`_M>lWMvI^o1Zsu zNQ9d}N**m-WNfdfrIq2PyelfVXODVo^HLch1M9+yUTEFzMsW2CJ%YewQ|4peSIK~U z^SL@F&+!!H#K?|~s;Wx0352LSVogn9vGbI&8XMJ;rjS1yQWG#VEgBnvBcP3O+JG#vEdkBZubYj z?y(JuF`m7X8<3uEx8#$5=#wvi{e-x%WMKTK0DXtDPj0CkkxwdYT3<+T&puG zX=#!SM?2_>%EePE9>P032CQdCD>zP;uwAz0^2ko#lXN>bENW_?ibQR2LY9;glNu*sONF3~kzReeOf`8cd;|{y{xbL}_E;w{)NIUP5!Q-slyg zH`2lF(1b^mf=mKG!e}snlfHM{DmNz$V(!gt>nb7MHan!Nw-n6Dc_UYL_#<&g5uik; zL()d=_1a3f2iCMT#mGkyVzHv7+;i%W-qu+7RG_%@p#QU-eE*wH9H@pgzBR1 zqENncSU6p}n~3nKv9u1S?$^d+Ogl%<^D>Rej4SBp48!4YoI9^-d7AKR%@c)eX>Cs5+cq$=Q9ts*d+F2g%AIRxPalUl{3s7j zsGEN~%r-ZIjWHMYqPsijZd_}*O|?BD-;ed_D&LpQb40)MRL%aO<#{yAJm!j%*piS5 zbW7+%e#VyQ%i*ZAdyWvLNkNi&T~D-_cSXTV``Aya#qnj-q-8Oil}E*}2#+r>CH+>d znk{!}3#mX!o6zSh`V8|)J?N4d+uxvxCjtXHhXoIhJcBfLJr|BUdcptK*4o#tx1y_e z-WN?dvFa&n(#9STrCGd$iRq2-JDNsnN}D4ZGN&iNO&|aBBEIAQ4`;%%fwzNTMN$-< zfFS+Kw*Zr8q1JL29D#aI*@?5B-$>_7?-RSd4hLO@0O-v+ft20wy)zo~Tv|-lC4jjc zN@n1l9AC%%I` zs~y3ovoy_O=d=3%akv3>yH~ROgt(_vb$e-PkS&4S{PF2OJxR&LBq7VY{&}!Nd1MP` zb!2(^lk&4Y=S6AQ9=>iNMenhbiw4BSdGS#0~m z{xmkMTG#}I*5rGlr)R)<#qql1k%AA=hrw|YvIb=%y*+C5OY`YcCeqK}-Vu<(l0-+Yy1YmyZmmhmFhQ+P##gL5I-+7YnFB3)Kw}OpP-_ z8CYZR7T&f%%i>fMkm!TZONOkIQ)@qCS3m7+T%Os7b3Fd`z-`JeO_SjLu$e{B?cA5Y zo72|(%x24^;}#{K!1^-4Yk2Q+!b(0)DY5-QKl=uQt-rSCT0i&;;&&VaS`@(sw>II< z>9d+5%o3Nq&hRW7t#+Mb8qSK1-0p4%(>(OuI!B~@N_iPvKPrLa{b_s2O`Jguw{Do9 zO=M*svItFdV`aUEyW(s)=WwI`X}0>*g_Xqb5E)F*dfKBz5`s%|ff55dimOFf(oT~-0>^@?cO|a@vF_RfP5o|!&o>IAlAYCE!(~%>H^WA` ziBNGRCPhlQ=MDYfuh8|7kuOv7O8C4{UuRf3h~In@tZ=Un}mIYn!-2(Oiv` z)vaH;wS(EX%^Be#X8QJ$zfG9=7+8E${2;&5b^C$w>}-Fw!iDk5hzsR+dKcAKe{W?s zY&!3h)NDF(Mt;eF(A@ZziDeP=qPnF9o1gs19k;Lswq%NbzrOY`)_9&?hCzRbcSFZ; zK&;;nP?Fb46c+CPDOfS^p z%Op9-p)WbxK!VFo!i&~3y~&0iSugx&vy7NF;(M_Q4*6SNhAn$s4$K_Mo7pgVcd_DG zl=HDcL-62lcwA8K}aXot(alK9~U&5(QKWc_$c(mrkV3VG-`V#ir;BolrY=IS8TKo`UVKaP( z7h?s{{wX_U%RRTVYpzx3FLNu;wJk6`5p_&tM9uy1EzM^;O#PA{ySCl;qNtJZh0{9( zoDN{&5ELEb(wq=~I$ng5Fa@9lclduxN*$2v!)U_m4APFyZ^VJ9$-AH{$pWs zb{}nn?&3T>*zg{)^-hL*z-PgpwQj-FP6@UDc{n@$R=Y{Jn|*a||5L&Y>T}K8=c$2% zF@+_l#ndFYC4ydv9{fGG{~ zFc*$-J^)E)E5-I3+>enBs@U~oH{NYs1k7pCk=gBcR zKN)C&@kPDcYg@~0+>H~~u8TKaLPv^bUSUU6x7li*TU|dw{D;Y ztq|EBke~BI+&xj-UGM2%zU@1bRWr8D0Q&RsBOY-+P2qKweihVIW0l;e;SIfB7;qV* z3>61IWr3(0+x{I$^28WHyZv*hE^i0LU_F50!O2Bsww@T3|MNHgNhE*@!hscyxC~M; zbu_W;Q?AAkezl6W^S~OA8yXgsd(q~*n#@NxQM_85%V{Ecx=I{Vi7(DKz3X|S{p%!J z9~ANhRT#P6qn^NankcfhuB%N45}u8hFWn$Zs82rT5j$}Py z4U)F(_FP@BEPIod%BbB@k^^7~pi=w@=F(ccc@k)(RG821RGy>s?N#PA37!WJhe;%S zM(_`JxiWvoPZ*8+WW>uG?=%g|<1?cQg;WXOEfLpd5)dPvr4byJV?O5#=`~ZcPC6Yj zq5Peu^;F*w9!oepVy%e*tIGjlLPA9+v?kIfcHUy&%M_cxyQv?CXr~PXpl;c`7?MSZ zHUVE^j0wn|^?#+UEi7EHJMtn{H*bfRtIhK;uz`{=ca})0!^AH&z;W{|^INv}iTk;x zU`ORzgbi>q;AO}8RsbFwv%LJbZpl7hUij71i&t&=HfAHK~ldLJk0x0TwO{Gk|p&cC(?PRz>nj4|UZ-wP+7yd%QwQ!Mg8 zk2BjM0pBJxi8>4hM^euqhx>2k$LLezmHUHE4<#!8k6$@)fq1u4i?zSre( z)_!--izXs20^_EC;QLNE74}@Ip(Y982{K{RS`qTYes?}yU2+;sb6yWQ_gnll`Flk4=F}i zngg}av8%#a#G{E1P)0t}PJ+l`)`RgyJM6Aq$bh)!>#7C7%CblLXbTD3|7^1%AA>95 zg>9&eT&uChM=}6RNScg8;dFPotmloL<<2C?&+Ct3iSlHRG8B)2J1k5It^lTWK}l67 zWumh+e~xgcgU6>;GhfAeV0J6CR?1;W!F+p1mCaKPoVe@cJJ%TK1(tdoNjEaa7s$X_ zobzD%`JCrHlyBZY*I!sRe-x^6_4`D`u~=#ecxI3#1dvOsCILcfzyX8W$dmZN@#~nK z;fR%;FX_gNFl1#!RV)vZ`GN{2=O#_FW>`{0{!yvA=|Ds8#9l<1HlC=Yb&l-~=O4cpsPyIt&0s5aJ>) zb$p5weB*@I6lxl^uo@hJKCnF4z6eBOxiN?EH9Y(=nC@t-)>|=e7yJ^LqWsB6?#PCp zAa+9JK#a)1ZDxws%Zxt;Lx6a%H1LAX((O^a%H`tYVrM3(xLLWk-@?>BMSqwhP8X4454AkxLq!v8%^deKnN-bc-H{02z)2XpCC#_ zyd*x^MgsDJK;!HO1z;M%W3{~3mB$g!>RFlT1l=d^_&RFC`z|#3XC(hl(>?`^hfp93 z|7njalu`eFqPw;!_wOTeF(END`g9)4{O(^e=ETJq&(sbA+-6(8~ap6h_)> za>~q>PiFUz`J#H{jeNQNXPyJ>c)r|Td-x8mjpk+oOpchs7KU>Hx~1D7evR8khnMo> z6bXbz--E=zAMW#m$WMJJdKzOGzFI+msj4}=1i+Q$0yDGGv4S0M%&Nr~OrG=$6NL9H zroVkUC5`r^Kh4oCfyhV=koOOGk)dvJ3UdBv`Ix+538OOTVl#3cUzRz0IP)qR>7*$HyrNEBe4FlV7$eYHaesf zBmPTSE;n?Rr3q|@y$?YBiZElazqkY4h*>t6h`}e2ky966P%x%9{$6f_4fgk3lkS|71ZWj8KB)3a-vcT_8X=o+ z11?5BoTo`;8;$s1u6k*^4xj`fO&ts=c~ zgvJD4`wQ#0#CabRY#n<$IpQ7P_ydvyo&7Zkb)0-{3T~JXNKE(_A7QF7Zbyp8Vg6H7@IlUs5J26 z|KI&_@u=nbN_qmQ%w&1*+9*X?fZ47nEB?!3$QkJR>O0}eJf*_pegilH z=aqg`z0gWr!6`QB=v_dw;7!a${-R_ouYL$&RkNPaW!>w&d-tE83K;RXHhMqs z23x+L(kxp$*m8@Q$_qQDPkeOqA&JtN`zY;ISd%T5-8B!y82!lvdRf7#QjBEM6EZuU zwx5WrYkh|+-6BdY*O}kDxnpm}yZ1w_ED>q2t$N--xd_;UUKJg7j#y@{#i z^(snp1K;CvuJ>2HzB@+K4p-3r5imTb<`Wvb-fWp$2^<~eolG|u`;4;=ey=oQT+~IA zX?<%SoJ5pq740Gj1vUV4Qj$|-vIj)!<00@0|Ll$3T(U5SN*9$FgLSn954K+PLT~KL zHH>sqMO6&|1-t(3nlK~K?c>oK%4v5bG z(`w-{H*US*?=CN=KlD!;=4bg*nF^PFC9HHLWeC`B_=xIBdKjQVyUXJ^o1+Zib8pnyy9JdWqZD5<5Ms*0i8}67>%4>8uYI)OTNq7IYUt=g}($jtN(<$Vvh2a6#GJ&(x87r_90D zBnMQrKV^WqKaR9AE#!{A^FeKMJWLjp=~waj#JFE1ZC>CNAW5x z?`&1tE^h_EmKv|oXx$J|5&yEj9gP@qb;hr`h6YBjKhy9Xz_j1!nBGjxwNiw7q|y;E z8o6wkU7P{?^HW0L*Bq7;#ZVR1qKsYd833RbWm;1i_I?-I)YJ4P62atr!=~||x48C5 zhwgn|h2KxhKeCk)1RtpzPeL8`Ibd?#Ny0#0ulxbnjvJ{q;aXmC&sSEUM3GAUP9TZ~ zF}=t|K6YLpm@1OEXPYT#y`u#~3BaKrkhj=kpW+{KXSXhRjLu2DN^SpFzW07PKsKV` zXMJa@)Hg+0Rflq+{2z8LwnecZhlPOb9k0cNnM<0CRn8axrhz_?&8YNhV=1gssD@f` zm2|@%ePZ;sazI!((#c4!SZ(YxYW0&?$Xiyhv)Y(e$k=p$_4GXq+oV`c6zx)-;wJCn zx259sS^ANx#{Bsyjrx?R(Z05U?cwqYF`J{6S|BKTi#=l`|Y4n=(e4Un;?Eyj%?ow=8W zkfyD>o4$s+A)sqei|$5M0q?~(ZwLKh#HWI+8!0XwBNcH8{@9ev;X@SViqF}+$|`SQ zepaz!*xF=8g;e-Q5Dcw8RqL=)07k2W3Jzz7ZRGjvkm_fQF^BsAdxpw&pFS%>Km>rWjEwFL?2O%aAORc&9!?+1s ziq7UEp-F=H%l($@X9P*{sVH9+%+V@JX+s~1VK@Z(pRD*FU)$!Y2(#vOE^n)l^Yq(H zIwC^H|1aWuGCn|EMy&Zuk3z{nAM38jfbc+m52sA4Z+*6#<>Tesd`AO z&-An7#!Qr*@T0&_xmq2!j%;rz9z1a?cSB$<=>GaWJF+3<@tG z=3vAgJ+JAbt+;H`inXYygMIVG=|~~1HxcY*J^(YlcocnUf8U<}?%4k03j9p@a^v65WdTQ9z!!lMn;b*b>-~T>caH@|gU; za;)<@1pxKan%5p>O=*gXC=)V#G|hal0cg^K+ymt)1OmM#JMpYfuw{fPIg?sdJkZV<(MP$D8T@ve-1J2`aH| zI_dbvOLAauOTncqRe5CVb2pQam1R*SDQ+aMjeVK;?4CEbs-FGC==)d+_J$X^A^BLQ zxbMaw-bkd9T9RCkH|l3D)l`f#zlrJ3+7Rw5Y&zJNy9pwD^?&*%cFMWEp-KR(`MV;2 zUrvvXzW(tKEr9>>qWTYuFVPoLwJ)}=`W+`kE^n0#XP!*A{W`f)wam2A%}5r`m~%Uu z9{t(B>eEGlWg`8}O)_0)d{iW-`AP|FBsnIB)|djo56<$&Zy?A>L%Vn%)xh?ymQDOD zMM@{|nMh^6C;Cjj&@KIe_u_eF5_(x%Z(!kimB1u~7$|s>`ko^Q5=fET=B;M>2 z#>x3xgRslSxJD)Yp2(?FVb$QAATRHkn!qUg^V5%wBjc-vn3bUJ2ZJ^WM4OguubVh$M=!VhFxaTow$QuU2eJ&wXJS(`=O95(S&r!opg-8goo% zJwew%2rpD{44{Jx@alsdINd8FMKQ?-TK}a(Ugef|7Kk~07JRIlfuf;+f7w|B15Lte z8{B0sGOUNbNA+-}f76nmz_JXsnq5K0+kTd}6&*l^H$|4%v0;f@eNM>YX z2{5qlp7+DqO5TA?^op50lf6n$nz^SA88ZG_l7CXp+(jh;tnzE(=R=x;L7(IAPn|j_ z7v1?(ziI#TCwPNP}Jb}@ADeUIMR`k|E;BS~^0}X5up5r5i}^E-DtK)+Kr0?_Fo04<@J6NBikTmd<+H(Kmyl!TDc6QxRy%&Y zS)-ARw5xm{b!wlD)LxP$Tgb*$FwzuX)@jl%zH%hrQye80ut zA>fYuJ^yU=4e(}jq;J9BTP5EIU;=%Bp7ag5fB#DV!|ATx7Qbi_2B^2(k_6%vBYWTW zLj`{b1FK$ZF#SfAhK-bBm{xA10xboaMQIHJVPi}EEH9Tn)@7k_T~e`HC9Qd>iXI7? zo?!MIYK>98ey^sw*k`L4tT!Qm7_Z$BU<&YF{$>H*NGWt09W(=jS+4|@vxLT@bv`PL z6+my~S_5 z(ZYu#3o-7i6U?rehq&9^=b-7L^j1Qea9lP3xB%FwTHnhZ4OhP&f&TAqz1cilP+A?h z$g(&G)^{m6F^CA(e9tHQ+ywfvLtkp0;{qacBJk|RLzFS2=2p_6Z4M zhuG`f5{HU#WxstRGn-CM;;`%N+>-@vy>HRFsaqj} zcJ_K@V(XEJ)lFI3%e^5*vK*rr=g`?Hpc{=bGpj}<03<@7>O}Gx!5rxP= zf1^FtW@v_Uwicp1T3$Z=OQV1FO8#)#;4p|*yCk-mZTLY_AgsgMJupcgF}YIXGAH2Q zg+?*im#6x06d@f4RE2L#pQBs*PeZsDXVk3_8**1UwkD(Kc~h$YrlJH>Yp+g>-#NdQ zD+b4j*P!zq*VR#^2T>;DQI|MVpy-sAD8;Z-nulV9_jB?@MVi@z%GG$G@Ff}jgelPZ zK%;(1v-aXx5baW<^f;5*9JCWK>BZ+VaBBcynhi9CYNoKpE4I&@XuDcCig~kN!$sT#bLj?!80v*QX0*V8t{D(y zJBkYdV>dsGhoB5>Kb}M#aQBaTA#lE+?0(ik`54nI^|f#t^sCd!1!pDjHKO$!*5HkC zCfi-=Pf4w%s%o}qK4=sNi~lj&si9#I2bu+DVF$J>-MFVEttELdBqixfTpj zj%Z~VKHc=)(FmJsXP53N(UE<%bYm-PPjUB1b|p~%E6c{zaK{{qve^zyFNNhcCC_g$ zHO|d53r}Fh>b&C9jn$4P1P|+E{E~c7d3`NlYg}>wkAD=C6KP@{S4;;X5DqfOR^3CE z9=p5QdAS|vwK9pk=8EbX>uxRN&E&_3V=>V8lgw(+rwQ1@ctsy{nawHi5W8kJ zAf20%6jjk;J|I&&k}QIp7{4x$IIOzV&D@w7yd%c?YA!$FleLuyF&J-Aj(;N@H?p%< zL&AUQhwT)tHak$iN=cFbwUFI4k~IWOnw=6B2l_%cL?LyqIjJm%#b+}*g_Ow>-7%fu zxHyf0KDm5~!dXlC$HvHsK4Ez<0&nCkK0kyf_<+HRUP*v%vqz!n0STZ*$Ly*QZXUmE zBQkszs5=^g5&D$qpRWYTy}~HV=h!=&pY-DQe7qReasAiIu%Qjr=p-Sn!x-jmqaE0t zO}o7VASECQK^SJkZ-?i4SthK=Rm#3wr$Ir;Yv*v~rx8lCKp2!MwnSTNhPi_A~r-wBEfA|;R zgr~;SgBe4R38O;1E-BK3$dB*>xP>0!(NiC^in3;&u z2ZAiGNx!8)XH}pjLc4iN6jNFbtm-{A^juKN>cyzAC@ky zPmYm<=tHZL`vv8o3RX!d@%ZjsHLE3Xr-*Q^t)SF#sJlm}+|S!MKx$-LC*bpH7*7qP z%X$J*ICpBRJw~z=8YyTcBjO4$5NL|w#%Ee(_w}?9zI`@T?@&fS^Gm&~fXn^+@arBo zgEsq5Jx}F^x61n;>NxWJy-V5TU*uiVbeWs3iMl z542XTy3a$oj#M?vLTmK}s^2?UbbuItIk6G+Tx-Tr$e<8M8cL@jmXA^PF02TXeF*gv zpMHv|d41!%s$9WrP58U>hql@1}bNN!ZvC|c<5INj_W$7lB zH_yt#T;zvJZ?_emuqh(Q8wUT`SmgHW|M;c<@6-G1s+`ICD|&Wb>}xCC87!5l8M_p(NG83(RyECF2wrt|~X2=!un|A*uKe;-;(xHD9E{^{c2 z2ai(U(JH?`<-lAQgP4X{VaP9gD67%Va*lET)UVerak?m1LkDT#BF~u<0d`^II_{rto zX7T;_D(NNRiIW!;5HbnLTH{2OR@F=stdZa#baOrCUmdY6HH-HP*D)C|s% z_2HF^gm<%jqL!{_dat0x@k$}CAk)|}h4)l+;r*)yWcdBQV++FM$<>2P4mO4MPc1Jb zTnYc~DgXOj_c*UxV{t8mZ+7- zGN>e1M=v`_atGMGWi#$$i?!POmSuxfm)I2Ppw~0+i7%`CgEy~8HQCyAr+WfFPdCWC zd>AKu+3uzAVMuTbayMNtGe_v??aTO!nZM-Nvh+amUC>bsuVk|6Q)J!};VIrzU>@H= zpeo(DIb5$_8N#AEM2L!5z6SVt7x91i>_a-)@e=zLl|Py0Ecx1?L`7tZBN^?fHmI36`#a)hKzUoy&&)Mc>IdPybU`(l(@G+- zL6bNf%dcq`*_zn3zF@DrA(m(TK1NGNCzW#H^p&&!k9htcM}aUZ<}Zkip6$#q`j_r1 z6bC(}rny>{IF?^~H}aDs*KPFP88QZX(r}~P_o$Q?NJj2Htad%+*h+v|^Mr~=`=;lX zYUmdboW)v_FS%-Ef>>!NF{9q`cJd)V&eC_kU`qW=6VM#%bUm*M4I(Y`#~qV12-78& z?YyI72{*0w-q(s&&)ln2-J(lSf26hT$TupNEDeZNQR?Ws2)~VJ*Mp;wH2HgAbAe8I z4zcfQB9eT>p)NV0c>VpW)E3r;dcl(F!wBxNu80MDKz94KRMg?wDTimhGOwi-|6N?K zw@cb({mxYyv9>ts?E*~dgTa@@jvr<@ay@1jhH$sr_rA*35by5=3l4&mr4e;9wFcc< zWKokX=iB-yXU@mT-_sBqjlL&s<*H8?`0Ws>mY7M{< z`?!TrM#-Uwf~AqitpKgm<6FR^XdCo56n4?%1B2UNbR>WE5u%@o5+!Fbj*UqqUHP|n z+w7%sy@<$CLpXp1M(ST?RpmP2Tzv<^=`ZslaRZ84coF{K8Wke@1ti&!P-2Po?xKP9 zBawY&z+)QDrHf~9>TON%h(`gtJ_G)r*Pvh$?kN_o?R> zqF-O|Z<#&v!qJDXQms^(7FoAz`X_Ak<e=xn`k2{ZRA$RiUJoL5IWDo1th{3O-s2|TYbZa;VntK z-31LTh}Wv_K9$?p){7@i{J7LL2p#{9#r{AFpxT5w3l5x^ROztEa^$xU>`>~c70K(# zFS_(f5R#c89|LeL=NygY@u@uV7@LD)Tr9gH0>s~?EJl;HIno&-<%KN7;S6|%24MU^ zxIXXcmTO~|ygy5aJfP3?tl_aS?UOVCxxovyA{95jcVSKr48-nlsd~OHW&XGL{~oM= zywxt+gJoW6YML`2pd;#v$`nBAt=*euW)3i9Z3qYZqmtiVrqOOO)^+VN3;6LR(P+n6y zirFfnku8G0GH6*LsMsJ~zYxxm(vV~TPE5A)IB{VPmoiin!O8m9xSxI4e>lez-j?@z zWeAP54<23a3qxh3=8ebk;%Vpno<*M&wu~o72LBFU5bDi(z?Gv6(jNp(g4D)39_bRu zUTQdE9>vzF(60`RFB^W3dtA6g+vGm$K=?BEQnE(;)lpcR^5~%1X#WKLw+z|e6F1+? zu&;GAJh!^n+Tp&pUbRlCFG(1w>>YbXem$j7IZNcp@e^Ka{gx^uq4?Av zJ}`0j^l*h=79coJ{<3i38uwNmO&vZZVZ4f!HD7g}J!Qo^_n_8IABQc)c$v~NKSnI5 zq$V0m>8f8aog%(`XI|dri;XUWa$X)HakDyhS6D8lcL%({=#z{7mSB1Zw%b6^Jifzt zB=riJBEZU=g9V$Jsd$`m(N=$^l^Ximhn8UPIHN3+BMDPS|C(|v$h9K*v?nU)b=<=y z$P47@T++<4IoW#o@rlVM(3wKqsC~06qSnxlWh9C$v{Gc@;imKg5c9yb6GI~8ZD4ia z)-C6$4vnKmiLd@U%J@Er)emBK`j_mk+bU0;Pa@RG z+&{fOC@7Tp>nU^Nq-{1DPs^a3kV;&s^#!zw7beKAZuNel-?+VLc!r)9H3r90!PiMJ zxpN)nr&tq-(T^Ct~ZM(T!T1;lnm>WmG&YNx; zPjB)4b)u`SN;!Jh=-qd`q~3uD`(FD%mI}S;CQHSkPGSQLbLL7JC?P&QB33ER_q~-d zbj$NV1-DGAZchP58RKYXM%Y;UK5U#QX!SBS2lNl+NTDiJd(~fq2h46t#knPpX$AvgZ=`R863orNsSj*QzI?6XyE*{ zL%xIrs#7)2+N-n9{0kiy1pZn1+HO+AQ4xknptY7|CsnZ73 zBYU_$#Fcs+>{W{QyYDA+@=bKB@T!3B|9FBWDV%A*uuvV4E4q5Lg$lX6Vos1yEX)B!BQfr z=P((c#8eHfH9op_sYx*!Wip8Exe&+qEe|d^Z+V^C>YHp^{OkVy7asyw4tR{MBb~%~ z?85D$EPdWgxS5_oPm?lBTa^ivAygQEv_9VLr2wcwheHqdIfiLq-5J3Zu0yo6T zNxHFZ9I-vWSiU+sq=VD%;Z$TXo-@buf_j?q!E{15J>N8R>;0)mm&)HxTumWPUrGtc zI9e*LC!Y~%kSL<*ewSeRe%W>Z+7YtGsJ_phM4Vxz!Gt3q-X?KoiWQP^r6DcZ8lmX- zL;m&aKBmr1b0z0}e zB`lIFJ%4pL(IRK*k0rp&7ggq}b{m;6d1OpJGg=em2qE(u7S^;CH*W0Q$?Qzfx^K#B zZMY4a>Z1$2(t(tcsFpS?6&o~}@kJ!8mO2ox=#-R)*i3%$YxI$pPlk5`4KD^GUKf?U zs3Gz5!d|uTl|C5V@cO-E*n4&3>&r0uO94JHlB%pny5=N~VBSG(CY^?G+%BP*Zd*C& z18`KKwIuVr37OH*WoUfX(+)rs-QTFHm9K5Nb$?xk{IuuCB>Z1^69VrWZ_ox1ujlY4 z3qwZYKh@eq5>rr48zugcCC;lz_U)jvMLMOu=IvOP^1AMC8LuD(iumYNY#z?^ z_fCX~{`O63m^>ykG2M~-+G|U7)tKsWif>K@Zys*J=r3WKa@my@83Cdtj?qH+m++ z%fNdrNQ!SMwX###{zX+64qaEnI7#t-X}OcG{!m(qzfTGAr#$FF^hH|X-;e;BSB(K% zfdargX}wH{;by@nkob*|GDf)fWo~i;&n?>f-W80vsgM7|AwqrSdmk5hU%)v20$_`v zNc~*RGiv|#Vt+$Xa$u`8^#u*KbA_)0kerzg)-K)nudkV&8i!!$Ly{#uE@+z!E&ia_ zc}#|5Gp#Emdk>yHGjm+dugk_LGNEQQx5E$Rj(m|tTn_2%yiMZUL#oRXN}vdqPB}F6 zc5w3mc&q(yzaR(s#}nZR^00@FAw4Zr7iC(?-ox)l3O$?hG!UCUTxq>zURy&2bq({m z%71|d-e@vMQ3R)Ns@0c6M+8Me3JAJu&4`ywVz-csA#0Ix1v6M1b2!a5?QX2@;i*&nr8fcGnuuu7qkyRk{Tg&3H;q?@eu$k=Or82_%zPOt`30{p;=EgY=&c zLQn3m-S*Mvxn6=^sIG4ZKng$>q{fxNpPf$9stY;?YAuoOdH_0Vi5YdIJ6ZEeOuD=RqlUr%<%Yx&R5ET|Zvy`_Rm zNkQhKvP|1#1$@b88fBW`xs{HdN4J+=Og3=sbPJV$Q z&~}0GOYfH3%vKY7WK6|;3!-BaMm2CHJXtwWwOkzXY-u|Nb0&R(dxRKZssRn0t!CgtU~W{^dxZZ&O!Ay z##du0yjGzD9zINS)W$fKk|zJTj1(}`dKX2#%265U0I}#z7S7b;17kNvCE=Px+FsFT zyHxj-w6Nd&_UpFPgo;wLfhZ!WAs)W<8f?BRHY?3ANXeX`n(X+?1*EcmG+A5MR0|k& zddrAzs1|gi2t-su-vcgB2_5tT;RrF21GfRVqakz;onF&C%&a;9{-?ZMC`LPRTL`gw z;M(sz;EMzN@7>WW_j>&v80CQ4!KKzf$!)|CNW~?QG?JnPH7)+AiPJJ#d^s;`TIHSe zCx-g&u<7)sfWpK&ZA6eA0FkI3`wukjmCf!D_00M9iPSk18EUAP1w{G zeNZSfd%ETllfUjvK@eg%Lr?W7v{`rd+FO2yUaj9NKM8-EX zxwIKimKo;FocxVz7cp{>uzf1&W~EG|pm&IO)i(#$+(Wqus<`Nd9yS)9vBKHZ5=(UA zTe6D{S6*YLscMjD|E(6k9R-tfFtQ`9Uk-7K3jh(AKZ+|MXh0qWb{!W{1YMgBtf|JR%5CB!Ouj5SJCC49Y{V8hdww%Vu z*Mg%qK2y~?9kD%agG=jn+C_7Kw*hXHx2U(T$+6HpgbFeT0U@reqNo0Vi9F9^z4e=Y`f zK7vUFYy4r7>TxxtURz}Uq1RbTH#NKO>fsE?Y{W|}0^#CVN392ylGgLBJCYQ>j2q5i zEi8=#`Y1AP`(@)yqf^$~cU$IW*sic8v5Cc%Q;%wa9DB;!<^B%@V5hIJZ{60a0_dPEYyH&l;wQlK+WI>aR-CYNIODG&_CN0g_wn_z~~MVZ9uXRo5Ze zBJUN37s(^s!Q z$2`9`U})(5Fqzk5gZ8=#HwkG)pqTwPMn&ZU%Ag2(`{0dHkmLc;enY`Q9EqWv#qn&4 z-h;3(iV1k>dGFr(WLpxO zUrZ7Re1^-}=j5EHwrr~_1KyZAY;ecd+QhFu`cFGtQSKqrnZ-~x9}kf|>jAGm zafoB~g?=okQcCsHv~WIy=_I+Sv@0b5u`2=d-pl;Zjd^Tq*C+5b4-`YmpVsPuLZ%d& zolJXK?ppB}ZaUwN(YOeo@3hGX)al3rMx=j~Ga`1l8m}w64`3h>k4xa)MOH)muoUB% zhQzxoVtMg@d`~J^Ulm?m7#{G5rYMB9+cf~w{z>ZN{!J1=+yOWmmF7oUXBb32fCydz zZmq42wXp3L69k16|c$*8Mig ze!-ol>@$MArO&Gkkb-V2xZq2tA26h_b1R%_G(L#&i|oZ44(tqh755)A{_ZQ7O&m|I zPgXEe_4#J31F)2YsvLOL-A(~7l7e#AJFxsprT_~%ho**;9a9L3MRLkBtqxHm*aaa6 zb5m|#oEN?;>+p0T@3C?uWp%vzHL6e04EB@IXZMw58h*W#UNjsYXeVQI4yC0-q2(GW zvP3T?V+g`E>fIXHeL80D^C`MpcJCv0-3QBPfT!z4Wp_wPCo)Zl&MwgC@5XM zH+rsK@~#>TkNs;i3cxBOUb?7!953p{+?quLqdJL=vu zZ1ZA}!3$BD``-Hv=@b2TP#Xi&`8>S7lUx8z#zNKU#6os~QR}-%&fRAv5b?dY5d}?q2dLe$?m{T1KzEVc-Wk1msEIZ+;8S!tZ>gV3nZd8NS_6CFM^4qH~&ShL@u$rKWPv07zgYDIc%gGMd^pY znXw9Ib&Cna$Jtarw>5K7J2;$$polyxf@hTUDNDX6DJvMiA+92=adPgV9vddIcwfHy zf;%}S(frQTX+@*^Fq9Kv0_+7tf`JBc@4Yr~=0k75l0XeE*r|j9;iWGYd_5~2%SMm{ za)`^fiC)jL^}^&r-RQAMnR0+471i|{t6_h!(pZoKZZzITGX%wx<6AxelRh*NKSs{D4FYN64CJ7 z+5hY1`G}rjAzjhH!USN0L2@y#)vH67z(DxY3amhb5ifN>@_2)kV`TnWY*|C0^*pVZ zT7d8Z$L%-BGP9q~m3DIH6E13+wImo^4UV-4f}iQ8$0dWwp8@2lqY;oi`m0j1hJ=ZX zwmclk#SDz_&E`HzQ;@$McgV60d2Psh?HYoNB-HqGh~lr za$tuF-wf#4-{im&Prny|IyHrjUD>DMoYSZ~3%Fc*`lQ|#-~a4nj5SE@5OfQZwX}Yx zb5b`zdp!pNA6}Y30rV&}MkS`oTElZ}JAz81f=U+swEut|;1IVNj-y%Ac&30qn~cFDvW!%?GOouU`> zi)S{ocigTs6Su+_gR+Lrm#SDrpK>lZ{vcc&KYI`TL? zul8BC$d2B4lL}P8z+DtG(Yf(FEGSPccYE$o^IrFFT8*kjCi}kAdtLWKr!J`1sNXBm zmVdYX`{HAs^v~{OsgPv=4cWn?3dh@f3Dh-lElD(Iik>!=6T9AS4fCN3=K1|ZIxBti z$<}Ty$aWtER|iciv%IkI^}w~w#|Hm{k3hdyszrpnIetM`lR-H)^uxuZf79oIfexJ5ARXZdh|!DHSY*CQaq8Sz$8k2Jgo2iLc< z4$sxh%D~5NTOS!&C3OX_uaB>^cWMv`xydlqx}Bn7LtuFpd~p5MR?`Ci@=mD!Zg%62 zz|LvM2C`k<34*MIRwnj>#(UV}b<5({N8LpHfECb@w56@FB@pEl;xmL|6 zY-+`vD7G8@imTa3?i}B=8mAG%$M~5>)yOSV)Kz9%5!jzkt5bx%Ayi;vTWSee%BTKBG4{aZ5|d1n?Q@U91xh!&PMaapS%< zt9%lbQq0hnjN1B=;*=Pqn!FAkkKbx*lu@|9v^+3(KtY#z-@3z9ecn6tWERj*MByCt zd->CMz;c3n1c=0lCQ~^uCH{KN56^xG2e2hIqKJ*vh15Zb{o9ETq`{kOKcQ|3s<|G@ z1}4sAuKVD}dXNH=uaT`HCv~}>$B&vs;0|Y)AUL1dt|uqGP6bnYi-$brBi&xv;{u*m zn{T`)ZF%#S(-XD$Z{@m#Ox`%bE)U=o?BrHnx40$#q`23>AW(Z1Qy*_?C}!l+Q0ur~ zkWSHfL)J~xP-)Q0;w9t`E~)<#!#~qMz_-tmZ{ha~$frZpIFs2)S_TQsG{AT%GxA)Q zP~=c;dO@HMa^F?}8h@6?0hb_9S4%1w{&gMv@_V|Z{_fccO7uJ>@@v-4dX{O9Yz=!y zAXr>0NJCjL7yJrfQHxP;I2ztVJ?lYm4z?3w+P-jm!!IicGi+gfE%^3E_|TI<;SXxU z#=pMj8vC9YmY8++?Haz!{L-*ghn#9q?;_|;I~d~E!q9warzH$Wdz=N|5%>z~MWHX- zqyyp3B-f_+#kE;$bY${Q@16K{V`$V09ghw~RlrwkzGk2q+34|gz0GcMLsMjm!@LSh zAq#A$jrS{9Q&7g-p+`Mg4Olw0wl?{$xav(1>(N?g6l75V-zkzaLYLyc6(6Ht7yQs0 zsYLP*<{|$lQZ7PtcBoLB${T=9%3rM8iQYa=kTZh0`XhYeqAM@@J~}^Bn?htypA}`2 zZyM?KaFGdW6>^F+L#{5yu& zeZVgoFo}R7sWFm7s_VZ}Zhh{)LsBcZi!QYrUuwSCShBA(T)CrfpQ#vJ3{Bsa^+|3x ze)NusJK4E8a1w5?-ZwjZBS_5X2K{aEJV-ja^A|MPar#qQqCWLOvA!)FzWH~0Ho4z; z`ayR|ObJ#3+kw~fb1d_`x%0r?M(YR0*FW-K0lv~h2odf0TH-$eB|v+xi_MP^KV;Us z2*pW*S0iRCzFe`$v1yAJ1}tLO1t-9BN^i3ukQnBcl2b`d81ZXA3hflS*D)OlBN$V3s51&4y$G&G>Hwa}l6%NJ+kz2%%h->`%=kz5>)uS>% zGuGRX6r%V1fW>R+lQMau#&eH5_EEYB{ufPAkBKzld*lGRfN$HYMf7wAMD2ijUsRwi zTAo56;7a%dTBlPC`gm7cJPfhs^pwQ^f^(LQL z)Ai+w;PnZpFE4on9O>35{mW?hVN>I~?0Sz?t{sv)iZ?`$c>&cxGQ7^CbAF7IxfZ~A@o_bZyC#0N!2im38tvVFXk4Q@e#lqqy5^znT#3YC> zW0KiPs-8C8!c`oBDQ>bxGj?Wh+kY}mIXb4j5&tE^n(P6B>d)lG(P}jtr;z>=9@Z}Y zeJ|RaPwCAxT^7`1J~cH)p%%5({t$ef0i%;zN~8ea=T$T(6`WE~vMd zn#W73(ABaLlR9GKIT zDS=%NNYMQOS568hQ>6DTDr2zE545yY7tXQYB&S8n#49Qg9AjUT@(d@l zGi<$VvnorH&oCa~cs*uRJrUpSlH#CA(R)b#VP?*K9zKs5W8Nu;UOD4WpOhj97{#PA z=sK<5wntI9Y$@4jaR%VzWS(Sv`o8pyt)DfU00A2_q9*lfXD&08)? zsMwr4Q5C(TvboUj?5G#@`jxnK3@+i?6}kU23&0w+%t1ZV+sQ&3c$9xDZ_g6&y4AuIBdBt>f}ou1cK2Q2;P?ZpRnN&e+2P`w zxPoLyK|PQKUD9`+L?Yf_&t;fnvLeZI*xtGqIV>|wF{knT&R~b=0x%Qf<~K6AYsk?* zgm#R1C1^6r@!S`>a?BCY)c9T3OsWiB>)g|~cO4VsbO<>(ecbh;I+pSra`s`3@9+9* z^QR@@%)$6xL+mj(FBEtBZA3v_hhW;m`f}wt_23jxP!$Lzw(0J>*}F}K?sXp5*} z*Z{I;?%y)vJz=Y7&s*ctpgJb@`rFva%xERDvlil^KAG#EpdwR>n*3adlZ2=TPag%z zoSx+O38n{pqnSy5g?=45ixJD_mI{;>x}c@+cT)r9fD&kl<8-4;;1~n)F_C|?A>oLc zN(yXb^JL0i{@#hDPj0dZ9ZAW@Ai1Nv1cxylj%6g?`vJjR($ykhi)q1j&f&$2zZzC3l0iCqSW-%;-gC@~=8S z2IjxT{6U?)o}u%!1|aJKTBGk2;4r9j8leU1ux>8Z^aO}5I`RFbk>}3iOy$Qtb1M?D z8LD-)W4Z)^>xXzAJKvx%sdLkZwhtd6Yh&bf)T3~`S)Jvf;8t6JD-LSv68N{+&Vdu_ z+)*nDLb_A$AXNy}L`YD5O91K9WNhX|BADE_;@LzJn?EUn7BjWh7TXg^{$-bY5K$yJ zg)|*v^Ojm%<_SX-7N1m0BNi?RUc~X(VWVYGk~9AXvfW&APQ@WxVuR*5%_y$D4UoAF zm+`tl2HJMT27OQBnN9Sm0JUXO(3!4poF-%Q%sH|D%)0f*&)w@t1k{UGfaz0{)AbJj z1lU`RW7vP<<7*uR6u?-~JCq$i%qkl{QM}Dp8iwC-OaKS9_75^GaIjjUCyM-JyFG1N zOPiQNd|6T#y^051t!0xl6dvAlD9!_m)0);Hha=xE$-ie|e6G5eTI|Kewjc9|#bz8u zsNdsZ-bmyoeyNLf!AA4-$;HWqdogd#7k)C<4SX5b4pPe^XhDaDm)llma3JAaMH%;u zs#{F$B0nr|k~(ll5pa?$i{))OlzR_8mj?f6Rfg&8VP-}x5@a1$M{YYgZ?`8JjW3Uz zmZ%AQDXMMdcEn^2Lm2-W3Vf9 z{d$(*26KFSVH`@?ezJsePJ`>V;nt6SCY+>b@W(1C9y_Js+*gxM5E*#%cFIVdcJj5) zscL9oFi{xjYZq#zLA}_ywu-Z{h~Fqm$$pdgJ*jLqaa5_^1hQ8AK~0mCmjP5i2Wtp*Qw;^)#k;zgoDt`QYBDnz>JsgMhi{0t+qt3E`q#$>J6pg7;+vh zhe;~oG>V?JK^0hM$)b3@x3+jO=AZf6svv~e3oS!V`6NMWMJv?;XE5<=@+GmrFW3zC z{#PDT0-M3TcXc|Ak;;p|_D4v2e5i}QOLiTA_@Y9{de?L9vjRHIx7Jr)sb#?>5h$J| z<#uh!$fZ%3$yNa_N#7c?Jn#!(?e`n43ZXyx<%HnzuRCv>f3%woj3x%_0eqjg z)$v2flUInzFbV@!{0Z_%K%c+~lw)M;6YVWqGC#aOQwJ|3rHd??1SM@fRz}XRy$B^OWqSTPrvGdIZlSkM=0et@#qH>obW9s8Olf(mER5HPw`i>JVEh!;irwan8 zfMuCo0W~DIBOL4Ua!hTf-^$6*3dAXr{eqSPixK{S3BwmPM-{YeDS*9QyvJ(R$xlz% zF!qi~{Plghg{kfF3vZH(T*o1&Rf2NZ&)~JBwtUjc69a+TFL##Y*H8&z!Z6jfv6VAS zqouDswW+Ooq@Zxhxee=Q>RF}I5+68`J7IqFA#2FV$DQ!i(zKB6iMXbV_oJ3-E83VE z5LnJ8XlGn6Z2bl*{MuK7c>FMXIC{M}YPLxfV=C>;jrZt!F@BaA;txR|x};jSDZquQ zZ!ZDmWYy*e(~S=qOqCxBp+1%Reb{4G&%*aKSzZWG=>Yharm6$=mlb66lKg!}+=rXK ziagN@fp-G4@7A{(N9F5thh(pd8xfT_fKG2?WatiPW(COx1L^dVP&yzRPtXQ; zy^>7hd;of-6y(4%WfE9(ARSz;5uz_oHW@tFZTRZD>Vlvuya*7B&JkMzUeo@{IIoXf zN8ef1)PXHL(C^1M-J}wqgH{b*NJY03bVhU+w>Ku6o3eJs(Yv*Nc1_vdJTgYPtc+njN9M_)Ii?kh$^hgy9YY4NbI4gKc8ePAOJl)Pydn z;xI~i;%zkZM9)lGb}2f(e9v*Wm@ z(+m*>vw|`s&=k+2;?E;J?1KgbDdO|sjK5Al*Sx2^VX^1dXyKQNyp26!awdv6r zVKdbA%aF-ta3lFav7F@gva%7iI1d;);#I#@y4lc^lew89r!=FyqFu!6Fxz4a2$+94 z#2BAc-rV{K02TmesA=8-cGs$&|DVq6gl_rhW_jANvxD{FwTV|H!VL0VukA`y|0~{JipqqPr}{%V8E)Uta%y87aAmO4W~&%1fN@D zMk{p*y+#8$V-eYU77aEeM{q)#?i!Q3e`9j=`@=~T$ZVN6$S zg1cI5OVii;U+>*>p7;yznQWR^FA9$d+Rr=)^jxKO=_7%O8rl&)o7sROWJa+ybp!Yb zBttuyAb3qbONK+jJNldRoY27tQ%0kzn83b{;U(^JGGGYb4;dFW8t*> z%21f!4D!=cnGopKgd|6}8z?I?VX8|}3lJ06a=q=5fv}Bqnc~Q^bq@}sC=XcU{H5*E z+{&Hn)rROT>#odjVx<1#z(031#~)C8#={(u6B$CC(P%iW#yqW4&u6G_J<*x_`oAF= z#of+Rqc9ibb)%Su4n4~kgZ1xUb={x&6o_fR-J2yxnY zj@8>HvuB}~%2S?~Xrv;JzyiH3Lu2>Q8+jq@>3R{ZXY#3*aAtBL)yA)28`uyPZ%~34 zst%GH#^*^#GG2|+elrrSM8vlGNoDZTdoVy0yNm2sk$t|iZB z?ryvOEi`H(C31tdO3N=aQs*`$ocbMxp2{F}gn7^G-DQ-9^I9pnIE2rOV>)_|$YJJX zn!)!<*59gnSx{H^l#E@`kK@qV{8Gzc4Z2) z|A5WDL5Mm9Xr^%!%Fd{-1VmUNQOR#WuIvXO_vpZ%=%0Cy=wXn8%9W`i^e{Rygej`X zS$ZIC+%Ra=RacFQvfdOm-DYOMKc?69tETF0ZTcT{8%&=(7q6i^Pqsi3qI&#?1xxVt zSBkYezb=jNA3Kl=he42n3UcDF`Wpj{Bn=7l($;o0bTHL87=*^aREsxzWWu&%{i1F$ zKUkN}(WTe5f)@RUw>Nfr{ihflwAO@=#C98~ia#|OWdr$WQ+=$%}y=>`SdxxSPVJ5+>3!FU9h}&}Xc5IpcjH99?ac-f5}TgS}22!a~xj?8ga=*Q%j!sg|l^#*D(6=&Q}?AIOg} zVCJ6UQm^_hjdaHpgQSo}#(U`cvc=NA|KmjK3h^rczSN4XzkB8z!Q_}YESoY{DNf40Zsw1Y~XJd+V{hsh1cv@ z32T*;ZML zHx~tQU18e=X-?F2ubuVfWGp9*jdNUJ@VXmSr}trZmQO)u*|^22fJQiMNsx%{d%B^x zn$=Gl@qi{#wrhc$zJm%1+rZ;cuQ(@)WygHj?{;qcq-hX08v$X7`>ZxmZ648jvZ!t+ zyQvjqU8UdkjRL5ph734`HF~OE{qFO`)=x>jxBfg!3)~YYu^;AANvu!O(Ze~8?C%Zx zq^lT}J)e{#4;R$Zi1SV-@Q^_;rSA*C$Uc^Cgh4ltQ36@1lp5?Y4$i0V15}q|mm1D= z^Ytdr;;>E-E+8d4Wo^$Kx^&doSsNpLG)vlo+1OouWgfZv_pf`aByxdH4vLMYfL8e!Y^^vKAYb>rstJ7As#7!n}QI+x{phfYxr1X`^#l z>l3c7Q~jMBc>Xs<=%w%uDPZ@5F3a)`CtI|asHU6{7LdhYD0RH9yEeLL%rw`Qv3oNCf0wWMJIa6!I(O)n&ZTGv~pFR8RU#8{* z?}0c;Z}n{I;=eQZgI3Ck%uUX`v*rb1$19we~v51e4Sm2*T@4!^s(lnNk8>_^n#+lDZ;h68Mz4JdyAJSWFW2dbwxK(od4v9UDg$h+e;%Q7DZ&;D30 z%EoxR?1uyS8^!^-eHQ)CN1r%paSy#ZRvWeE4xo9!*=RG`s}3`#C6;3r_U*g9;4k<% zv#>8a&a>;VL((T_L`O`rv*xyA3-^)N*3b#6BxRhWvt9rXl1&`7WdLi7AT5HHY3&LF z?p13^3eY9ABAZyuDTA)Oe&|lIn)bg2+pnp_yOh}qXzWc4nfxrJTbkXjm~Lr=O}15%?I6{}i2Hq? zfRUVo)e#&9jwAVF$8Y_Mn0sBrK5L$+vzr4l(-$8utuG7&ug8Afl&0n7Qb3@J!n!SM z-`P)LBW0u@}2kJ%8PUK5j4%p>DZ8)J-02x0^~`UsK~r=2brIbqSIm^o%SDp; z;Cu94-231*-N3aeO9L2wG}V)8U2D3lGyg>u(B>&YU+#_9aF709ti5?S)a(EF zUx*xQIj14ZkZMjT>#;MFRO%E?i;!h7q_UG`m@!F_ETbf3nMzT1iXnTLu}he-kKHiD zU@T+%-Ol;G-=Cb{=b!I&eg8Ut%(=QSuh)G)m&fz*B(+9X-b&8(q3(qV`4M%O>ZD>bmq573J$XQ2R5y`g36hUgF(-}8$_m@)}90{U11m@CXX0BHO!NpR=_j{Y! zi&1v%>s0v?rm9fEq7skRj3vGJLoQO>sDbU?z+P2&l{EBLD~+1m+ZgwGdpe*QwCvv`Z7<*Zu3v!uv-+s^@RtHU~yd~bFWuP(5)}>x!XCD_XFvB zh;L&W^nHcq0#~!=D&IGy(CJ@AFl7@s3u?B4-$0(V6=Hj`rc@TbAwu+xo%`&!Mb!D! zl*@KB_1^j{<{D-!8CFwN+20kuRgGA;pInEIw}r{xXJiw7hTkh-rw%w=*mZ6=a&c(; z%*2Cv@gQJA6B?G#z0Dac-ZVVnL;p?Pqu0O(>;Q267CWnwT65d2JJD~ky~bPioj@r; zseXsPb0B zCJElPeTfXJB%TN7znnS5p=1jQmi(TEc#yzz=1Fy^M)mz?^?P0qYA{f;);9Q?P@L!f zVsv!m-I}|S)8eBN`QqwD!}@`qdbOp2Ubdg4n8Iq*kQvK7i{SY1-a2hXK_KU_7Hs&J zu4t%vCxG;-30CVZG!(6sA z>Oyk2lkh_JcroaH#Abd^(*^ML60SS(%y3=a>aYg0HK-mh<(6f|oM+mot=N0H49It|)=>vL9!x&$j>scBwI#q$qvYAdr8`p%hl8cW z%I&i}x*JgPi$iXwv^=jNL8sVW3L`p-D$man>euP~Pyja^V8n1rYGxas(yC{V<)1|kYp1!kxcg=f76;mfWhcPFKy3bp$H>c!s_ zL2f2<_Oq@-#h~^1s$f{OLdkouRuZBaRCnCtS*?oR#blB5upzbCcD>ctvLX4P@LBm6 z$}CHD4_PDVJ2yGbGAEbfHvLfwTJb{5ap6yTY&JgX70H~o*2yM)wGwAqj~&G?UU$tf zqL<8v)(2l{Zd~5!)DT_EJ-RYXHZR^#Q#^d~&CkEP?f#7kx2@ZR_7zOqN^?R_2Qu$% zQ||Uu-2K4nlSYL^@gDvDgDL+0z0ZeVdXZ^@bH%H(bCre0BlCK$C}XKL`6z0|`n2^J zI=AGl7p=r&;ba@ZTw)m;R%r-}iA0nZE(W;vQc9rEt@+UPdDUEWWX8|%9aoSFe^8G= zglS7fZGdm$VCw7$DK4?!KefrwFSbPNoe-aZdWeDl=T*;=gfkKqBtLy2qVE;M4c22u zXr$7Y;k1qVspzz65BJF$Q5-`Sr5^%P;B;1fljR3Ja2SAAiL-!bPv3Dts0%waF0Vvw z(GHb`Sa=vVG3s z8&Qd7E?%}Zs^5B$Q2CLKVW|iuNg^u$a%yB!i302KUsh}0EcO+ax!BCOC@=?$J;xgx zb`lKPt~a|-h}KhFJK!(PKus}4lwkH#ye`ajC<+KN=y7n+f{tM^sGov{W#9Q3{a$Vw zP_twy))C{)xknQI*T7L5{wchWuGM~VfB!nq&BTn!8k*?6?(4U8a%eY_muje(2^hqq zcRriN^a`Z7X5@HD%^x;^+t;s|2V+2sW!3gNkV|0gAXko?xeqz-VH#ykoPjBkgyu#0 z_V7{L&a0YG-%z2+-p!AVhVD7Dyj{APsszn@*!!-6iXr`3HdzX4B;mCWdV#2C$(ezM zs_AfLcL*#EL@WX<{IQIB}(w zd&?B*i>Bfhja}%N27Y2tdP-6oiLiM?A&?5i{CHq3;d%?k z8{d&Y2SzI=F4m-qC?S|4h<4Uo;7Tb$`tp@s*JrxOUjO&bb^vmU5db?;^b~+g3e?AL zm+GR#=M1~N=`zLYV@X-kQj%E9CmQ>EME#2=NEgbK=uU!5^%Hk%emKc59Biv2?W>@; z)+mIhE*Ha0<(n^2 znP)`wv+T3r^%F`w6}5X_<&Uyexp64K47{xXx0pMFsuOW+hIJW~Yn23hl=1<@=Q*%i z#bc2iqv<3+{i&y#Hv&5=DJl+T`W_c^MTB7qxjq|-D92~n2#IM6%~T7 zz6Knlg`aV0chzg2%ec6$Q}#8IJt?Y*hgM~3bT=P3OZbzlSHF=>ibAuUPr<>D5*szxCfDU?{m>u$u|_k181+0=0`xR~h1blSjCf zFO;$}30vTc`9H*>VOj0^w>SElkK1jVe@2N~ow)|Lw^mko1Lsx(=aRy#(Jj;Rm18b# z3`|R}Nit#D*UoQb$dtB9F0Yt-NdJ0i)y#j;U3?o0#kjP=y>f^(us7X0Cv+Ri7+z%^ z9?Cr%eJeg&rcgF!G7vK#44tWQ+oZUe{IQqmq@qBv#z$czAF0OeIg{%|Hv+=v%Yf*>Rrb=2u+siYle)|%5aEh^dSL?e19wfI$N znXs0c;>-NMWe6f*dJyv5>R)71LgY?iIS>J!sBnXKKiv>qK_a1h@X@!3t^;y?vhP-5 zi=lmWy!>iX^zq*Np|Yt&Tz?4mO72a&h+Gf$5&b_LTOxDgfVJnF7*D$6m56-0^TLQ+ zPe4)Ntg1GY`Ytyg6vPEI%5P7{;B|U?-T$oh(CcP>l+a%Ek@x=L-EVp5!Xaz3PD?jW zMc$Gw$ZhcWuJ)X0{w0i6l3r57Vn)6xLpJTPfVV(p-{aAnjJov3VM zoukxNon$#5yN~$RwG1yfpl9z&ZnS$b`KW*yG_qL&tyK=$pG)e}^PPG_J#B$Lgc(3# zOk832D3oS3nU=3*YHdHA%%*Q_jQ4XCiPtaVL942tRDpx_w)7`f>zUk^*vQb`J3f;U?~eq{$N6C0eFN~5f>3L-+u(L?kM`F=@#Qp;ACYSPx8+a{Bl9ZOiTx7pt~q26 zdVkiP8dr5fK3!(|dZ@%-EOFO1A!W1b2h<2kQ5q_&=Kq6~vaG`xxGueXc> zbeG+mxR#$7n$PMQZi;ULbHoTL3cHzSLDOmuVlR&C!4f!KXZE=?bCXb@4GLl`?}Dvp z?}Nj;j$+s$PyuPKQvq>4^U1ESz#X&y1u(1ZKf%sJIzxc?tmCXZ*{U5*@A=*rt8+C7 zs>c50E+u9XP~1Jsi^}yBStsqoB=Pj5DEOedG$BjT>{|r1S=&~r_r1zq3HL=aXhJ5% zAg!VT%q7&1JZuFrN1-1k40YDmkB5+cOTxqNEKkJ%y~;s_X}^!Yw)FPuhGV}^CuWGi zd&3Gz7=ZlMDk|7Bh_*0BB9HarC^F1)V^6dYQojDybaFb=B*#m!!qYQ>?1#z{0`;~d~Lg~ zcxa6D_8QVv%i|K{*;Mb`cCS?7a4A9M9HHC6NNS)YcXG3EZZ!rF*uO+g656g?z+&1k z6Dr9_;7k5DM$o)7u@Nc+{Q*<#m3^lXG_0+7XTwXc|L*tj$6oDmX{LN}GhJWr_UfBB zCY4)yRm)&x95zU6g;aJStU0MZSaP$tLb>P`tvD?O7(hWsqU5s(gPpGgD85%(qz_(J zEq}~bYKPu}uD^ZqkgV^0@XFzXcMd(uG3r(bjokC#;G?yPATTwg$yNV~-v5_-{|((- zZNpLaSXCU<>>rp<=H5XIhKPa7t}MuK|U)YwpUFmN24KRNo-$&@s_6Sr?E{Qkc*!}51DOrTi}+fl7$AuCgSZIY;O z8NB>Jw`C{eUu0cRpOWmDd~d)9gj~RQ{V_aRd2)uk;e>;&L0(MAZeMc%6w{ zP3C*JuH7uXSQ?w(ha|^i=x3szgyhgujih+to zS#ukQ`GYUKs|1>@h-5?-()*xzg^o=WP#Y>t^ z>>GpgZphxXV{t+Z??GcVW8<4Mt9=UK9~s;>n_R)&bDYF2l9BX&5iy9h##rTSQQwy> z%{H{rTva@tV_iE1d`6?6 ztHU@ik22%Fm8NJZjARhD$hD^fue2^|v=BA=xti(}_3ojEYmVgAFhl1T6}a@yC@69~ zxRT?snXiDW8@6CjZ~b-y_0iaMYn2N_d_^$>VJ6%WBzf0T|ofXe@%#~b6-*9WUwd4XuD6(r!)ma zTI^uH?mdmjn@g6_sExAuYU-Bq=%2NnN!^`2lgHvpSm#X{)HG0G9@XC#?b%Wvo$jlh z+W0KygmudFJxzh}pcW}>*P!O7#Pm_PO>V{!`00u#-xTEaQOaJ zHlKtCiEbKHB~xm(9AkF&M?eA>vVYb=yj|7JjU_%!wJDl+e=X zZ-o~*`B7_rR0b6HL06koT0uojNN^*jPaBtk$wD(T;9a>JY=GNODVVjdJ#|F(ubqz* zoXeU&+DO<~nvZ&>jhl2U-E4plvT}UA<5tQhb&V$u2ka_Kh(+xY7u~1<{02DYtW|*~ zcfh5$|7eGLn(t+#Pca&P1b7!_ELTm>l8gl9?Y-Fa<0#O3_wlNpU7t3Pa(X2qeiZsn zj}#}doWzuAHPGo2T~zfVz|=;*G1Bqqc!hUD64!kG_K+o`+o}H>!&d+pzVmnfX82|V zKf+$F$(A~e#f1!pYfxgQX8_CAeeh; zgr+E$TZT#HmRpgQ?8-Ywn|Bis^A1#>Tmi>5REIP=Sa~HsjySTsKv*|Qea}G19 ztzEgZ%ks%MwyxRz`!J(b(&!9kbFC)qiQ_5BK^f-f9*ePcK@TmQ^4el~%_V&Hx{o({ z{mrl&sb+JzDATBkTu8Oon{=-Iv8x1L`(FYNRbgLOi_>8dsXmoa6nY8oty;)aFI!_q5Bu?zLm!VsVqQ>ueRd-8owC8Jhnmp(n z&9ruPeYLqI4dh4G771k&HqM3{qN%|oR+k80LJdn1qHeRQ=MFag7)!ZOK4@mi=6Xah zKxZ1HdvVIUVybx|9uRIN_0K7bi^3o@dm)bh24huI=c=ryK(FICh&IQM4KCe7hpBHH zqJmT4isd(fx_6;alb4zA9)lI0?;{V>k3uS(e-lwKC*3vb2(k%xtG|~ z|H3m|%X^`=uKoIE-y*Km%|Kx5lYVJhiv1y7^at6cl$Emd1=F&T-(n|^?Rr)-p}>xO zNZ!&6I#LcgZ{khH7u&rYI7e+tW?DRhTMVxJqs@-4ORKNi*q)oiog+uM69ghu!H+F0E()H-S?1md z!+&)U5rUv%rbL`WffMl1?#H<9+yesM?r-OJIoRe|w8?uyYQ#_^);b4k8_>1nAj9rj zzLT%F+CeTfb&|aqgz;9Rx#66R*?zDP*b{ z^`U~t>?<*m%SQWql>EIuvl<*zC{zz6W5Vw`;$tI8c}bU0A{q|&-cs@Bi#393auBGX zQ#HJ65l)N4D4k_jtiy)rb?8u}Eov{;f~I+h#f97`e)4#X6cfjH1WAP^I*~3&R!~T0 zn4~zbF`f|9C_MgCkOvIhXZjN|gZp+3%vUrX@Eeyynwz?V&D6=>$1WdQa#KQnn#q_Z zdNaQ?QX^02V0t)Q@0NU=p`}QPgAwJ88`~=1ES6n!mlY%@FW+(ep6gnib8>rXNDM+E zOlhjLyuDmJFw25_zi>RU?2o9J%$1}0K5Tp8_+9*_Zt6*b|J2h)h=6N;`5IhjRmYo_ zPtMqM6P)|F@k2I14nb`qV*7|DaTadnEX$nypZeI+`!TW7d2X}{Yt0~!>p+*SL8^` z4L{DK_9TC-TirNH(!!$BDrU5(LbW*zuNhD9TEu_&&>GLT77ETt<>!?u;b9Mu zOM|7p3g8=j^y}u03Qe!imPr?1LoQdwRuq(56r%z<)rKreicKmhPz1;X@upveBsJ-? z*Pv$|b;r~Q{$7m+YoGJSJ|B`e5~8H}VXj})BAs=5+V+b2Kk%JrR0cBn_QFW*?Sq&3 znMSRoGXK3*tqxvNKN20X-1g+F{fN}3v;yp|uq~r1>WcM5?c-d{Aqv%4G5qf81ZY7x zso*s~>QyY8|JLY&oqnTkYymB270T+b>VfqoD97eoYoQikFbag~t|-pY?tB!Q`@-H` zPPtq)uGPQx>4MpeoFuof$hUHbJogi+>v3}HumjegHW(S0JMM2s{4}3w|E7g`YC*A{ zo8W&BjEYSF+0QXYuYe#+qpT#%)PB;iQk*5^+ zakO0mJ$pv$Naty$+FqZwU69@ErNRaf3rQ5Ifj?A$1=xMCSOmmQMiDG?9ysL=^?k0| z;`7jr`6BqT*t78DtMk%N!p>YN(*AhpS4fA|12092s24{>KEvsSQ> z^$esz=wW);UE1$ladkn=hSugs_)q#Nd^DfWh)5m`w*uZDaob__OnC;9rd96`vey^jWP^-Cm0(J&lKlY>m81= z&_=QIm%?Thd`sZ9s8kx`La>?!*W_1xS?v%lJGVSO&b&LBCRB7crY>Ewo7er?EC*NJVfnv$!ba00KS!A7`P`3a5QvTd ziy%5Fb56%6^c)2+Z+=*Ijgl|uIT4Sm?bjYHg8O^DRu@7!P#{8xl15 zYW1`n)xp{3g@`CiX7IR8;RAQ6yQs%oFbTQ1}W}FkK>gqiq>bU9ev7Hw^q6`a#qCRaxxa?kXzpy z@%%)@&MQZ%u$P^k!B(i|G~N|EFnEi5IMrkA0_PgCe}yv;2Y!=*)|)yIqEyf>Vj6 zmLY|N%ea!R#9%*mS?8N{z623)n>xiOVg|}6WaL-iU{i9P463jIejaTFubuO#DG!*j zuk(CG>Y`>Q9(Jr8Z;NO+t77yQN5Zc$POyt`ubR@Bt`Gt$W`=1XsQ$T7J|I$ z&5#YSh2cAsgH`=f&Gj#nG;z+^Q2&LyWSY7$_G*`?U#5OY77*?^c?Mo?^iyrCnwJ?& zs+!k#&);3Kn9$_d8InyNPWBzt^i12f8}G>2S~uN_X*BNatA3W_Xd-`VCG1=7?Dmau zB7FIABNjdU9M(D9r>;}!NqF{V^Q@P;;?@$A$7zcAqYrNT3(c=5)?};4+u|g`CnF#c zUX8t0?dY&U%*EueHz=|Msj2l|YDLjB4Frl&pACKe1Hyr#fuXh4|8W*+!|;8R~Opwre8_qB;H`N|tFv39H&GE@(ShP~vul z!Snm-p0r0%qGurX8i5BjqZ=CHMHdh9fln)x#_UoiDCr;W!5tWKHFYhP^{p*vGaBoN zNVsG{j)Ww9m8jI*Zst`Gl>gS*Mq*NCP-n;Tx2+U@dRLO7*tV12($zr?FZEx8;WqyJ zzbWXt51nyaoM_pB;;`>5lS1+!E<$}G2OE2bm+rRriCp06QK1kckCDtanuA)Ul-HuC zejDX<^ZM1}4lxAlxL{7unJ8#;#(JH!AoROLunKErFukv$h6mWIMXX2%!%l;g0|zh_ z=LBKHwU+PvkGI*&(2hD+oM7`_iJM*X8ypx|NmZKeW4m(OIE{vDy!hDha4@!k z$9ptP3E?vt)~XJOxW1BS(1Vp~QHOi8K_q?}3WXxdu~9E{v1OHbAfk^*zb8c zd1%Ll@k|7}=3shbQz5rBZ9!iJLkWiQZ#AXjkc(xb?d@%ze$4M%Dr$p8TVJMq^Nnpf zFTIFslNx=5%U#L!**rf!5I1MZe39Ybk>O|(=ovx?dujc>vTloIz=qujoNI6MzHG9l zu=N&!XXG$O|M-5Q@n6?v)z;=Zh}BR%Rc4mQN!+B-@wWzLOs`u@Zk}LID72S zl4pJ)dS>ox$>&(xNLBSsYZvzqKzC@4o0j&v`w5+0__?z1yRfG@$DEBUu?#n<`=@RQKWPt1QG%21aqgE_ z|K$n!_%JP5L~R3&%D1N#{0rmQ<;Rky%vnam}vuq1s}XI#m^z z8#PRkYve}bivvZV#^%pHf{@v_tANt%wv#>-u7KeBdd&&z|K`9ugW;(Mh7zhveP&0* zMAi8L-tlDRjVF5K?Lg9NWVnmit9oT>_Sn6 zW)`irA+X5fSk^&wyIApF^vMp}1I2GMfSKJMJKYlhjPtGUh){51ULhaM$F38a`X2bqbPfomLYe6Zr=>+`U945hA5 zXvz3clH5GjbcvB;R&{!@PS!YTqrG~4`e>lTHmp@EK|Ra=LgDtDT#EJDM}NLRO7yb} zqt>jU(9F&D7>u)~;fAx^5@?s+XyqB%Jua|u!Deo-ygb{2xFGCSAq)~|(4VIMN&D@s zDSwZ_g(A1hP*d~L&3geg_0em^VUr}9wL&22#jyM0>y}XK1pnpWh91(0V`VqHz8NBR zkCEx-HAGt`B_o)f=ZoN4{}=*Co^0XP+<1!1lU9_6rM(_$YPD zxUl=0$wGi=<1tqRq|u%aa}@H0vMQsS1P#yCkOZEdcx4I7n+m1Y1En7BBfab~1D*qO z?3TwZ{ipXo3^}NjFr0t2QXnL$5MZ>xIU)}&9lQ{|=Se4%@^aPmq_ ztP+IyWEa0C;|UyQ_epPMVJr}~#Wn{Ep#theOAFxci+`oYvSg&h!R9b^hDf+zK}Cg~ zy_A3Vj#zL^%mlg_QD3X_i@aW~SIHR&J}N)_+-?364g1ltt~X`zke<5gePlB~3*@&h zTVJDyH#d(vCT42Afc%GFixR5sW=DMNV2h95+8kBnLHAz9UKI+9jGY5p_LH0=qb(FccWs zUX|HJ)2yi7 z{`Tn?*IQNPCbe-*EnFkTAJs_~{>9}eJ0=y9163o@vxcXl-)4BsZ}IS45CMFfETX^6 zK_kn+dg81A{LD})f%Pm~FK3G2r5kb)6qGa+EfL(g=@jN1Kkj z&jv<6?5@HF>vWCQap=~B)iqKk$U29?BdJZvGVc%<7jJ62_}i|vgz>pMEwK^pnExe( z(B;y=>Q&xvOVKSqZBdjLG;DlP@`MS!yjMJJvN1j-OMDM~KImI}DX0*!M>~4IbqKv= zAaAHbw@7~ln`xL51FxEZ?SzX71k2jHHADc?FMjg5YLdM8fao!%ACg2+t>*z#8Bn!x zHKYZh`)&+xnxw{l>A|o<&2QiW<eQEg{b#)vf1D2d4TfENyt#6-k4JD2Q9b!oF6YAnq;j>6_g}i7MV^0{ zxIQ9YfIsCQCJvn7Ej|GxwZZU=>2Lb(?1JcYnQv&7OA^3Lt83|nk{uLXYSt5ra!ygs zQuBHi=O?cwKVRr0mU6&g))i}SSNs80Db~ZL$Ys3AMU8yiG5ZZ@Y*-SCiYh!hz@9mz z-H|I#Eg#mKnFHO(D^a^+D3+cYUUU8!_qPbJ-WN3w*4ELbr`OY_IEjIPGAa|XYh!`mK1uZk8>ngXv&LY^Ux$lI>&c(8QpKf<>Anc3Nq0y20ZQXoOc5&l! zUTkC?_&FrMxB0U*g)qGujHW(+wieXkUibEG=PU^XY3v#`naBTPX%fbzTn#4>-wbA)*4&F@$Q6UZSM$nb z?fk}wV;fd@C+QSi)XqUDZzqlVY*ESTAP}NQWCjg6Il$I2WD9qrNY)heekA$6m{j*dxkF^jkEU)nC(Dha1{3LE=NXrMng5_B4kA#uh8 z&b96nt|e`T+vw5o%nn4!{qd6Ia57S2&}wsQP8X;Bef!&+tuRR7E9u=SUgeH#??y?b zBsj^N8g(_1`$0MgA8O{-#ae_}*ecxbzvKBP*o!AS8Giad@Z5)hm<(qtdr#@hq@sR* zw$mrL|2mES8B`Sv106I2yPv(UhCQ+s^s*)6#gU^~!0_#DMk^a&*Ez7q-laj&S`Wh# zLLV3J*HF`&l7AO}a+qhBZ`e&@h)+;DzQg~#2{xA51*H`oM>(%fBSZAR3KlX4*xgJO zsUK{y>oI;{aZ*w?jSV6GN$(_jxJWIWr31HD0|+9xNweV9$6fUKP5-BNem}<|9|-k6 z6L?`bH;`^I}v*rh;?}S*|*?^y;HA zeBq8+a-WRCv=;{nw80S9C+c<1!GNvZN%S+uOr6D1R+_XzZJB zK|Yv7C-?fa`%XG zRxrX}ertHz_+l)m&cOgybl|5>7buS5_Pb#`8z19ZREWzb3+%?%Qmm?^B{}C2K z=p&}~(x~X;HTADAto4qYnoOBArQBF++=p4q+BiNn^o~pY^|#@e&Gm*#_=0;Z&U+hn zl4|`}({HVH-1wvUHt{!8(+bzD?W|wa|0up1(kp&%EH`Q7vTONZ98X)TU(+BQE|fHC zewg-Uqe1mYI#nlkp~1*qN5}6rnK-v`k;SOM4D%sBWXR=~6*xVW`03@5c7JwYsA&)^ zpsd8<+&a<>L75`(l#tcv0_C}dm7DMIp#N8wBITPvQ94@K(6To@v@cSB^7eVLo26?J z=YjH3YwW=-#KIZM?B#R^%q-gXAL_1Uy!V!_mOb?k^UV?Eq}+;DXdeiXT7LHv?wqh` zK2}w%VScCq`qZY%Wf|qvkOZKXP%TecFHQNHKk3r6{Umxl3VXk`I+DwIg6t|qqL_v% zpybI8W}B9H7OTb;%TVN*#y18VDf9H3rNn~@%A19tRl&fsPjQX^%Cq#rRE;CfxFE>G z2V=L({1`9B(W0Wb$_tn~{7djSF5Q(W9?ke&;Sckv**{Z0R0)Z1nrqO~?*7Bvxs4y8 zMDqEm3l-=hXGj@d@^l%N3wFX5822c5*SjVjB$C0_Y7p8@Gb}>9cZ7QY{bdbVyKKHq zffv@LLkIBg*W_O|DBXpHLA=X4OBI*sLt_VjWt}(Sh0fOALfydL7glQK>tQ>XHLxdw zh-*wY0Nw5VALuT-zqNYxWlWO}NgRdM5EsovKUo2($29mILIHI5-;DR4EH|WTmPoU9 zT#BTvM#?%a%VrWxSh-?JFU++3xNDJ$WD;lTujCyApFl;qS*>P%{8eBGU(@B#~@ z2719>H|Q$(3PnWWoWUdn3}C7%lcD)JP;u1#w_1=`K z*T~BXhu%6e9!I1MDq*etKfAA&x~lx2`3g5#%zT3`%&Pxv(P+MxS ziq3R{EJ;boI|U!`jFO|E-ou?95fRV=)-x-pPr$&)cd#n6u$H`0_lL@nYUgJ$ww|Zz zn|4fm`}b^FpL(gJHaaA{mZ!(@TEV0C40}lE0KSr4RIyk^dhfjX_V6_eeOeGf`ooy_23F!DXc|S6l9)V}4jnou9*=LJ?{>Bw6g#q6W{|mM>ZCdF+ zR$CEJcYS@iTIFOQqutnaEs6|1JVi6f5z|o_sdT|yQq8vdh6|}}@R#dlrBsx;yK8S! z4VF8Hpy*Xphw=Aw{hn(q6aSH~4v{{~A%lNFb?OWrThFO#yJc?3!8YGo{nqA(9(bB= zGT>y2u^MmUZu~e4DrY&Y+WBYM0mcqKmBTWjbWZ8 zzsS3n5cnw$Z3!UgGlHCXI8?lEk9f%!R%wOv;h{c?n^U1?BYSd3`tA&tg+Se z={>x&mCAN8q6S5=>q#$cCBf(&=A@N5SluaSKn2+6)`@>z*Frm$84NfVl@8!9?)vpV z;eiSgg+j5oNR(`gTw00O|v)|F{G#1P6Sce z5~i1owH|5C&MoO88X_^@{)6pNh)=p&|KavN_@2%oNJO;swZ^gQ?HWX<*$gVNb*O7Z zWxuX$t)=JjmhMZ+6C8?=n;|vlrxe_4#Zr-cT!G!kuwCZq;AQL#?G;@F#O`NVB3hJz z7dT6Hz%q(&E=}C=%2b#*>|~9764a{$x`wcKQ9ru#N28LeKCF)Y42~=w45F6*@b|Fnb>;oLN&Ci=V09H-z2=I=E!dUn^?S?PdD|i#84ER;1oO>G zr?sxwHVW@EFT;`gp&qC@V!nFXKVy(&EOji3j~fZ*3>rS^2X2sYWyjavBiZj8V(NYl zR;Asq?x;`{FkT#~N%7@(=S8mZG}=eK2(R$y3%?!Jm>sD^oV4t=I7@1s)qxafZcH6V zg?~J_3)-8zj0Jym_k=_Z+{njBC8UxNHcUU40I!c~a;FCiDw9~ZkmCOLC(hHNo~2(o zlim)v>9xe{%<{CzVN}0Y1z@{n=xo-gz_-b(l0BRUQ2^C#am~^=^`;b64CVG zkv^8eaXho0{r1yJxYYOClC17|b!gxgK=xdBkiGS5ND4#}1?I{>7!xdY;lk)yg0{gD z$$PV~T4u5Ga-^D9jB|=h*j686AV!Vi%K=d{xfxK*s=VQ+ub@dnrRwZh^KKtQ zKHn8pCm}eJs?73if?$dlHXpqZ-@D{rQv5NbBem}K+##d3LtmpJ@E#6k0kx~$PCi)( zrGq82N{Kw%Kwg5D>uX6@Sd&@MP?%&`M)$GD?t!h(NO`rf$4`J&ZhyH)J!K)7SIyhS z1(R-g^wnw4YaI1wzm+JG8navWp@QcP$RqV#9Pgx%EKjeFnH3>DtE*kTjbo}jD5nv! zsAOk$Zi-pGL{4Z)@!lHf!$q)0Y2nVN3yC#a3u;jw0UV>C!M~c$|5Jtvas(*IUE6UA z;7G!49ao9@Z}JMTnrvyXmUMe-vm8LkOkp?w!oSN8YV;}24yVT*mJa%7O87ISaw_3t zS~um_OI&Znx9QX>lZ51-2}y3bFTCo5yI(btEK9_*C+P!z=2NC){2qsi`jS;$GpTWy5OI*Nu74wT#7u4I(-xsE|Bq``L#^ zShYPDy2zp6)(egxRxq(nv?xIY^*e=_lcX_IdxrE^4A}l9GmCj2CCa$omdT$9g(=F* zA!NMmfKs2h$R7~{GoJXBoBs2AUg zmOvTHmN)YAeN^H0!WXC3X>}^;Sa8fq1QBO&nnlKA z(SIHz%3GUmR`_k?H?AZPImWcTgOt{BuAD^Hf~9Is4O+)ok6@sbe)ern^)X?x@@n(U>MtlB?%uX7`lXsM{4W!N~_k zZ$rvap3xm_(shE852g=nv9_T31yDeO2^@-=V*0(~6lYXYI^6xf%JG9q3eReIpM{?< zj49ye+pB0_70mh4&0g%Lq{MfEdYy(HCI;j6?W01?aN1t2i$?Hine_`tv@hf;SmGG# zw@>&oN^fuPnGcOnA(XU_I>8xDtkCP>;i6y#Dh0Ig^?^&vs~?5y+z)JNwiv_1n4kaZbo?YgMfIlfXi-{dZ>v>TDNq zy^o^cWOsJSa%IEt5z(QaE(kvh+5o_PNMe zpNK&TQ2IznXL(yTcffvW<1W#FopSu%&1IDEiq1kEkT)92W3-t`H@TmMkM?3#Me*ep zNHGMdlgAI$ZFYu6@r^pKTMa?T+sOb)|M%vFUgka}k}*Z4A}SYT(~Dio{O)7s6UIsFG#us92BUCO~-DV zs1~9=j~S+yRo?B1?V1}Kf?3dtOSc2D8}y22*8^FZNGld@H58}uUFv81$iu3~`Zi$s zY&n<^NCPgWijxNSdaCZMH}~J@2p&J{20av&Q$BSe4bP_(5}{TJS=F3Cu+$O&21%X1~+avHb2IYYAnF= zOI2U+N$pg)AYu936IRO`1&{Ei!i=OU4bPPUU)s(>2OZATJqLe!sjBMEfh07w-B)(! zKg`|wcbnw{^WlR5D?c1Kg9*`Z3G9m{tD85Cj(!V&Px}+uGkCfm%t(kYWLx%UAQ^Z< z#h8Q2ng2)V+#td5dsL;{9+dbBNyf>MzpA^}(ZmLjVL|9&Cs2k9d}!Vu;s%s;rD}`u zF^9*T2qtg(DUQkXmQi*x@&AsUilTHJTeVCMRA-OUad6XeeW?o+zmo{UfRC zA6)vLd!9B??P@7@Q@np;tblx3A`ab{Mm0kCc zIeHBQBIzX`!X&{3E#fA%__bZ6qhiNW7b!RWCp{u|ltx*JyugzXW40exZwa<|qGrIE z2c~g=F`-(&Y}1PPR%q8XYk6kpn%(C82;%>ZRFJNo(>e0f|1fm+h)wQiz^=x%ukn7= zAAj369m0_WKh^Ky8{hb6yG>4D5a9U&+{KBhV-(rEwwuItRRKXF(#8uVrUtfyDku)7q$S%_3RjDG=(Ks-58;kA8M=Q)4QIstfcC8%8)=7FI^cu--#Ka2i@9?EJbK}9)e;=)J-?Th8;`8TywT3 zR|YHuwik!6A`*w>$Ck^feW1`b9u8Tdkx%YQO!RDw4h${rt5s2aB?7F@?i@7}aQP+o zlKrperl*2^`i&_oa`Ii!CsjI7vE~%%(>0(}b?wBP5br{{VI(xM?R?tHcDc!aMu1HPRbYP>r<}Kuu)T zJRF4>t2T81%+cap8#q5zaQ2PqvAj`#Ju5 zFIU|Mxe?0QIg1F+Lu>TS0hYG!kFmZ#@GlumJt_95*%Q2nGnYKd^ZKf&+y-vB#r#f) zxGm32b)Fq7oxU+d8CHN=qA04beL-jAD<2^O$58#PoLFK-1;y8T0&tg%INM{GrF6kZ zmHwpemVJ}@oaozE4!!btc(DFmyrs6@LW1~Ua+caggqt_Lg~##D*n?=9``N~fNzqEs z<58H|G`5Z~YAaDl&Z!o6*`$!V*Hm0Lzg;&db;?uoeTa#Xd_5Mfxd{DR1z(2NaG!Ss%fMCb&~ze*-jc`-~4@pYv9txL~V_)|1JXKt*Zs<>8CmT}8NgqtKrL837UXG2mY8V&5W3xMoI47BDyh#!Q_ZasSm;_R{x|6E0v!AKO-<|h zQ(R;t$(_IUNH*dxfyvvhj2f8|R(2Rp+m(?RjK1FxpA-0J!TGc?ov&ejkm++nSAP8u zbw}o4?!Ce*sq{d;-hJb!r*uq=lG21X3TReYkuq^^S*%EpC>N}kS?(k1twuoIMKnHE z@cCdR!jiH3|G0b4sHW3)?OO#!2S`w6C{hA4!l+1*p+h2~qJzL#L1{uzR7!wI@1hjx zA|hR76p<1GQbG#|gbpGQdWV3779b%cBzZ5Kz4wiC@BMsw*Sq%ne00U7Dc5!W&vKl< zuBPRuRJdi=V-W&wM+C@i95`Pps-w$k7&^RXt zc623`EV<{BBsE-Km3pt;Ra2V7z^`l*>3DY%>2`0R*s`=dY%#W8gnW#5VQxWMFysnI~n&-Gam60bZce@C2i=7yUo>#P^=Q4d&0qEx=c0 zx+NAiJIeZ35{$Hb`q_3_qLlYDPyiRuRf3D??rtG!nEVomvtjThjxozfdVCgz_C zSI5TaUt4r-ECmT;5$swAS|?*Vy4Ms;EWRvLJs>gvXOZ4b*Z_m{F+f|6 zIY3DK_{a1)d-*>e(u%RJufLP&OtfKWFk+KPVtGzI{qT%B@r;_Ij+_@txp)L!bCdg( zk|x3OjmlT(6t?+M}Q1}dJPejqWmDepn~4h=nc zvW?MWsHBOgPVUr;Rt#oMtM34x9RAg4;fBvx;hN0#Vtbc2 z`pk+k){>TAZ?4rpSns!E4)#}gqEKXFK4>&3J_dmt#DL9wv3-CGL2Rdi9XQ`R1$2J^WyKLC}r7mLhf*^*^cOzqz1W2)PO1Bb*s+4Wb2 z2N-kDTV2A%D8y0)k8pjKd)hqj#g1*iUrVXer!Vz4+z$Kn4W$A@?2_IGv-=x3 zS8WaxqwLYX=|9;tAqHGXkS$;+!60ZDED&lV9LNbUiL;etbzwE~L8uMdsi|YHb`sj^ z1_9jSmq4NiCg-vLWS$If17hLTU=Ts~1ltxr>fJ%r@|`-D5v=SLUJ4HI$F^25i@Djj zerIv$>(seei8rt){&ee(MxH|JNa$mjD`P4w)`v;Vk45^;?JiY5rz4YzCfwz`tgOGq zlL|aqazenLOC^M{1h7zcQ9R9W&;moH9#haCUNKN?RC9W>viVFtIOZCp0TzZ3%uLFJ#~}YWKZQvYv7ft^3FD| zzHx5C%-RAsAs@hoJ2uoITO&7b^pW$$riyGa8+d}XmA9w=b?<{#e!$ZQw&jw~{&Ju? z3jBpzUl149UZ1eOJd>5ZMZesDuHNd;z!$&+(Pf;xpShgD>bTa{moWHWKN=0(j@jnT zsVKF4e|Y(i8nm9{%HXwC`7DW1_y7H-D7p*(*1*t&D6-x(cN7_26lSQf)fR%s&NW^1 zcX(lQbZxw@-%6QK@SQk!?~Z?X<9W!#wsuDSn~*#VMkF~*vV?4EFYkT6*8m}NiW2q6 zP=I2g@TDOOxo{+2R9^uypy3Us;iPjOt}eC8LZd|ChwlC9g2?xY%>$$lkePDBH31M6=?8M^X5QcjX=(9QbF(F>znsf^EU~Kj z%ew2gz1?*UW0K0>J%Ay&{G0WE%vS&lV0oNqU4HL>FWIXgc{utb2fe{4LFI^?Qr7sP zvy}nq)3OygfmFdLHxYOJwqAcA1t2x2fjWX3-#b;8`pA*b`{;TL zXoVY10d3CUPUxJ%hd=%kI+p@I@%R4t5V640JofAzuB=x-Gz7$@UFb@g?mkt(wk0NS zB?L?ssAI)j$7B{0j^TDcw({XH86h3yA@#~v4@%^%hOibE6!!{tp7D5Oh`m9YgIWQS zJn7y`?OE~QSj3}|);Nq@ISb9nPEdPN(a#md^pE^nuLXJl`V**IQMN_k44~#U~j29D1z}q+M#dC-2Aknjsob+!59u7WWZnY_z z^OKR)j+uj!`nDeLNWu2NHSCI-(%B=EGmGYLW^97v3F;GKV2%?HAvC(3;(i znraH;(?mGLLBUE0!m-7vx&)5xmKD6D?ILixQqTeYDnVq5$17@Y&=d0Po2Ni`Mvm>! zBAt>JZxS8l%r1jMsk~sYQ%m!@M&;h)p3ku+?{*+|FW&9-R zu-mtzizk<^6}4rIWyiv=B=|2c;l-2J^-Tkiy}nnFe|7JlkqGm+v4|h7@PAy~Hw2!k zy%;mB?O(b-E@G@11X&$R6#@Aw^80Kka_0OCWbf}oi=snbiXT4cLu;${(thXGLNyNE ztyUf$PpRMw10vBcDm>_#`1Y%zg7bp<{{PV9<)OCacpX*mL#tyVva8VsitbY@X#YWQ zX^m17=zb9qO2^y|96{dEED^eA8=e@|%QK)us!0+#tx{r+kFFgvBWH!YUrv1o9cDO5 z5)RR5MmrI86_j9TiH9-C5q&wc9RlX8$2x1uWS|sy~geA4(g(&)WHq|k*;V; z(BZ#kVFKI=+&fiyMNc;O@&4bU%ERfsO7qJH=BTv6_`LyZ2RNVRGb`>ReTdx#X>zC>>A2dsGHd81=bWd&xE!~8-&4F z5B@jE@z5baWKw3-zK?)omjm&W!eiT={EH|0L78!bmELRoGhp@N*(P#kl6#*RbluIV zye__L2%%7?wKT>pLuFRc4`(Z$I*TR_*Lx52HSnany7&<4MIt+7QRYLVMbsgyqBU0| z#*1r-d6?0|EhduhvC>02NSp6X(t>*eZSPOw+G5xak8-$kn z3HwSloaXqtOT{+i?zg%J|AO3+4J4b&{l9&R!ssqLi+f{}%`0#g=D7x83n{X>))t{_ zy?vX=)PtI@MfXA<4SsjJ6$VbXoB9X&%Gv`QPbLe(2-ANWINNRO=?+Lti`9xqc<04- zXqLqXwQu#e*Yz{zSMIdUl=0)<=W^9wi6Fi=IU2Zh2;?<9Z7%S*qw!W6Q(q){d3X)%* zgLRd0pjVWbhm!P4g>haqHNbXluFO2jdpqiVc&uenJPM_WYeQBl6T^yvvEbQ?8Y;;L z+O)tXN86vTo!R-}WVmTdBjze5w1r17D^}YBPRxu+@>f2>{NjDg#u$w0N8NZ_XII-Q zyi!zEH5yjncWy?GMCX-N z*VXA}pFLUMmz4bW?TZdn2#22ld=z0I=P7n+wmLa1)^uYB4X=E&xRg4Sp@cpH^;id( zkbdyc{Dt}v4uT=9?QObQUu?9pmM^hK`G1qH?&f(gUgIdWhSR#i2DkBTqpv%URV?-{%z@pE7 zEjKU^5~zC%^5C~6)mmh+AB1&^9(TwI2A`pSE9+Jl5&wg-u5`b=RhxaLTUMXuZr71# z{MR`!Vxa!atPgJC8JorNTrMvv4I-^OH!z+T(ur^v7CubpI)n5=z3GDqBvTJ z@-<=vhd|q`R*UR>2EcAE*}TuWU|3K}#a}H{z0<(hHFt!(o#^FltupP6f1M)3;iVG<8A;kGGzOZnW z!0XS29cgi*$VTWH6zj$q$>x%UZ*i49dCFc~{FIPV)GRLxuhYij=%6t|6VakXF)j}CDt+!y>`hjQHE;BGZV0)a4p zAPVe(TH(>N9Y^=_RNJh2;TA@|CIN8Aa=)Z%+W8Yc3QfuZR`hX0g{fAT3-zBgmERY2 z8m0k2ULO&aT1_91g|d)#%&{o*u_KV#>~=GQeJX-FqAROF1Io%~uI8P~b!Y;IEN81ZNg;QOK3*TJUYsyP z6%_|y3hQO~U?8DUaj7CZRL3Q)(t;pMsTjqGE+(~ekl@j#Lp$F5l-O!C93WtgWay8#({eboP^-+@vPd{b{Aa#w}01%?t=%W5v6RKS;ZsKUV8t&UOW?X`ZRd-hlXfCrj&1kyC9r=_ zbRDEVG0#-C^Y@dU*CV>Zd$LUmBw^tie}nk|JIn>7K=)HH#vUm)`kp}{P5%bwGx_ZR zx7x$smnNob&R3#ti5kCGY$B?cQoGEpodN4HH^1|xw^^oNy*?>8tFcdum?+%60`2#j zNB@V+ubx3)p_cTDsXI?|6AZwnUjmPp@adh;d@#w>0U2I#+trNK=PebTpXt&3itici zK(3WN?=+mO!VGDwHcRA;1)HSbPYWg;HB=|QS1({NTGS!NXT9p0+kbuN=yGaY1{BDf z2>91P*}AE8`}DvkISY6<+r%LT~j8ML*%~%Xl__ZpP&)EBxernJL{(N(onH9?g?~ z)HGeO>bd!*6<8Hs%JpM0*ju@AKTcdU^@4oY_wovP?LqdK00v-9`$=JtDgeb3&0}I6 zDZS7H{C7i()uW)LqYM=yEd8vrZyQOv#5~hWp=p@ZEi8H@cI^RKh4vYG#MB&2Al$Ih zif19DM-pdH;-}R7UJ5@pl3=VI(bK^E8gg6iXplU2IxjMBc+f&gZGYfHh4Q@@bgSoQ zNF>2Wf&1s5ejwhs8}l~>kXLPZEC0K!kjENO0QJ990Ii&e_dt^*`lz~(+b20CXM3(J zW^MATACv9{5QF&;a*n1+_W#KOXy+T+Mp+^625Ls^7!B6+9QyHUrf3)YKy?^bJoE4L~7Ue{QEe-S><=#72)35H%a=J z3b8#^eaviW;2X|u%KxJU?e4cuH}eOILLKb^9KzR9C4O@84QP z;JLd)i)be7tV0D!LTP@dNCh=I8(!}0zb4fEQAo3ETa5Uy0|2n8mrbv!$N)KFvEUKm zNZU8hRL%AWNpnexfAo`S{Ww1!$F96gI5-7+fr4mJ?`RDFewwGb*+AEB>;iD81$G=L z|1tR)XaBwh*e-UQD@jG&$FJSq9|!DqT@Qu;E_e#4!o&Hu&E06*&wSbQ|6p2?1b`s1 z4N^9|4$OAvrsDekD^ZXFZM*?cu>U*hFYrG|f1_`{VoD4m`9EjE3#x8u{A%y`|3^vU z9_f`F6Dm;OS9hrvPO6{uwe95$6$9J>ysQyFb0QP7is}4XqW%mCNPML9o`_y-0gRBnn z)nP}stj2xkhwOoL{iLF>5A&nT!~Uaoj4}aalgQL3WH(IAdt5-7l{yx&*>*0i8Z0Lv zkYr?bY+gZrtTAYtBQN{KfCH~c8CyT3uN-SZ{7g>O zx1JPAa<~p4H`8GMs@lIUlz$s+_XA~?Hv%+^?g}r0^QVx}EVSbyV(xHnooWWod;{An z6?56}D+O6IlV|r-nKAO$6BkE5OAKX|NRPEN|*d`L^bRA&l38z@==$e$Z{-$%oWy?fWF3>|2;uiPA$RAHr&%qjnvD# z%R?b`&1Fm;>CY8j?1~aE^dRht%J;vq*TZi0l$?TJ`|i?hapI*q^;j&`GS$27BL6DD z{{87pz6!1K23zd;7zxqO&@<4RFl{8U1u=X}P00gn5Q_m-T#Q7kiqcQNz20%VEbeiS z(h2IsXTT2)uTr=kndF?uuvfTcxv4F=*>(Yuc@yj6BIZT^xzvC7PdBp0#=3)8LGHPN zn|`jaQ;RD4&OYN@?rgWje|Pr(8z1KlRu zedXX4lkW7xt! zT;1Q)xdg}cSf;!0iAYgxP=?5Q)I^gr{JG8I@*C9JZFNXyttCkbfm@*1PQ6(k`cFw> zaWiV{rG}$Z2H^FTz+Ib2PE&yODgsY&K(DBBL|8j(Tu(qS_@(1_ zLE^jrPXvj|6}N$pfCuGL$&Me!@8k|G;<12@g#T+;el9i#e}nSm?cH9Yx&I3rKwWY< zkuP*!yE*TFoePh$Y0?#Uk zKiIB25+0z1@&_HF-4wnk08JDV32VKBh6($W{m)##vSdVh>S2L^sKveJV*jQ)L>P}Z z_HX4!W4EP;4|^V)32(MXw`;K4bD%y13juK$tIH_$lGl|FfS{JbLr{XAP*UJi zy4S+{yNADjkt1Df%C<{T@r#qZdzT@70{YrBWBRXZkI6h#0NGp^w!f-+{);wDQwt~$ z=kgk`u+`gggtQUwU%CaZZUKZkYj>JgU_Eb1Y4*X;h3w3#g7|M9|3i}7FkGF!~&&g$-_O$gQ4gF2A)CVnKl9{Bn z{!khXRuWMB=mbn^AA@d4p8|Hci#lIC$z%ur**nhUtkM9{8=nmV=TFmf?W0D%+u~K219Q|=0>UW2G&A<>hpQ>*H zU!*fhIf@?+bD`Xu;-~|2w~abb7ez57Q4#nynd6_77_eGW2I%1rX2=+Pz#l5~&D!S3 zBuh0bRxGsoD3PC5ze_#jivdK}Y!g3FQMJ0}zsYK~zID}aVq3omdnu_csxn> zGAbuL4~j>w0FeUMw*(-~|7+zpb;_On+tcSp&W*t42$0HMOHsQ{h;}yls&a z#6K^$y}A%x50mgv00vC+X86M`yvjtBdlZ=XA85`;wF7Dd-Lo&K;OLb3$n!=8x0c-! z29xP|g27yB;-3L0cI+h)`sd2O3k#15fmi*3&7MwszRBfYzZRnDcbnVv)U}V*I#L-f1IfA+3xlX>`fE12Sh)A@ztGVQYj_fA4P?^e~SwL zX>+?EN**E{Ldpk_PTND1{eaCaCAd`csm3Ssx^16Z6G`-dJ%Fzz=9?_35g3CL0&pjz z#udPw8)6U&W#?r&!}r6jkAx+-*eYDnO|UPFLmg5Z`n*oThm=$5U&1QZ&d#Pji5Xl39=8$JVg~$+M9|WB5gQu|Qy5z*M=uT**Z=4Np>Sl+ z##mrregL)C)a3r(0%-iV4EZuU7YDz&pEE^$s$l&i2+@^|Mva3A|MJBaQ=(MnrV@(} zEr@mb*kL`)q1*yZtbqG}JgN5I?7NQ7v{)N%>D)+`CXB7u@VvX0nRzS->>BDGIoawerrc=q+kDPwOj>OLEKCZU$c>{EGs}DKIL|hvNza^ zH|?nst(jLA5hd?93lRgiI=>n+U=mjB@vsMMF1eVfw8rjC_WB3Tv>Zb7-?o$t{yTKv zypcwgZ4xSG!L~lIv&Q{F6u|f!?-^ByYu5h{ePHLK zb}p&Q{(ku6Ce_DWR#l9n@SB213r*;vyakS zH5E@FfvmL6{&t#%>zl@ZTGCE#>jMXB5n>`mA;`iVx#@Q6n(^1VA&}N>^O+y_)IJIW zqon^;^uF2peSeL3XQ9)b_!u`lItns%`nytj#eB-J)6QgJ>|lG*`=XGFPi^yS$k(?Xxyr?Dl`x)bv-h8wCgpHx}9VdY3d# zF&?)v$2e?GW|e1b@ml55dWqM2G53jcSL}|vetj46tH=1tkzb4xG+rF_{wX$LQ^r~O zoO6anl&tg9nkA|8Uu0{zQ;wWZsTbk7sC+;`3i1pqmtpnwRmzPQ@3AW1ye>VpjkFu| znUByFGP+WE;f2?%&DiV+bHHM@`}IQ_JnZZ14%F_kn;XTW8>JWTqpN0_)k}f&i7-Qt z`W@*wcW@uqZu_^DTv=81sh+o$W@p~I@{Qx9ATntbE%e={r)>?USMGjlvum%7iLpG@ zr(<8%bEHG7J~gtvZkO+5Se`y#VUex>b@hGD59a&N~b=R*>rZs<8uv+rr9jpaji9$|6xL^1xAL)~&p z-0Kfli-_~P7sJTKF&fvd{85FLb7^LqEkj!>(1XwPtPE%Q;UVWnoxxH{6S z%I)5#lQUfGs{U=#6+Dj zgVr#$`GL&CrsRuxl!Dz$?DnJkK8G!2K>}R2u+0*@)+xiaudJ)lDwykH(d@8vsAn~iJa^8N zQfF|1)rxNPNrb|fThAV-kJR){cFkc?TdC<|{dieVSEIoGS>X&Ze8^OeinaNbvCd80 zY=*gQ?9R;?sTGEdl4gz9z12g@SDnsf4>g$Hy<2Q?2tDwD`Tn=9fY%$jYFGD@-Pd!Qa_4HAcWKg@Y*+8NHAj=n z*p2sQfcY8wWaUP20k%IeqEx|kp@L>WaAwKUsE6$(G~@#6Bh&r!9UOU+i82{%0hGn? zAVjI71bBH4Rr@pV+1N7~ZbX zzEcvSCMCIQK-sZO3i0 z3gnjb8V{}xr};ZI+e(&gE){TS>VBTHvjtrhavc_u93}~+%k)}C7kgT4t)YBOHkgp; zg1itIFYCnGy>-eg=L3cmi)V9A-t1Leq8Ak4JzLe?my+m5^&DQ&AyJuH44l;>N5|9c zV(&7Cy}Znrij8%(nvDAKxRp!Q#(_-Cq zG|D-!%uZelSYLWB8l`HFT#_Rp_a)OOmp6JcAT1*WrC{1Nd~&V zRzhTUP+N%xOpN%WcczR)(LI_qW+Ob$xT1O|k`{IzFFS6HZEswISV`)x5Kmsjm;yxU zW$mf4J8)i27X#0`?XUN`&bdGiN z2Xmm+&&kSn)sTcrW3*arWmeNsNlvTH>bm`l8&0Ezc^v8~#{L{ne=4^6@tR=TsNa;6 zB}WeBV>;W%7?CI)Rbtx{w5u6-T7bO}tJJ~N0Kegj?|TB{P+%~zRh1nYTfK32gCNas zGp$Mfk9+D2V#FteKLcYaPn*+_IdYQr-FmBfrJ7u%g>jK?I3uR01E2&$IWn+CR-Bu!6yzYVay#G|LXVh=#Cp>V8av<%D9bWchs?WH znm2FHh$_a~*${1{o%h5*#n=<)Q*s1d1+W4X(r$P;j`+zMO*M13jg}+o%u7$n5b3hU z2N2iR!dMhRdwAL)@h`c}>47oTAv~e8EW7uB zF+UO`3-*EC^F}UpQ-7<=Z|32OpS=~z+Rh&WAKHa$wb0~X&&c-a1-~G0>y0FzVw@z} zyy+8^(vPEmx5{0rnTw5Ey%XR5;{vN0&wf8zQRZT<7s!v2EZeg^;Qfo*!Uc=zQ25hk zZP5K26Yas%oN1MAMJ6EPKimS`5U2_I_T4$0SYr!rZ;n!HIfVDm` zvp#KkghMgql-@D-15QWZXxo$bn}Ja~6lVMPV08Cv6@s&rrsM7Q39N&S2G{D)-ZszV zy|^ha%x!<3w^p=XziEE@pnWwQr#jx|66W2nlXuT{!@SdCL4fs5pZ`7KGEd>MS;ZT{ z)~LfArPy+MUjEpvrTjtc>x%4LDoVPWdYH_hw4YPBS1^6?N`5c^^*t^#Q)`C(TpPqC z^ceF@HA3%QsM>=p^f7g;pjs1jkEodYLTtOLS6omhgPtGa80b`gWc$TN9E>Rz2DB13 z{Oi^Q5VhvRE@+g~DIO8~K?xD2*W;f9|G}do^L#&2MgM-J)U@`@NQeMqY|RDU#YqSs z>63s3PHYewn%CxWbosp$1h#flBR1-Tip5sPV~S~24r_c5JTGLaO&E_GwBYr);JetV zwJ^Ii0(ZA^;x7a5x8pi9t9z_p)c z!lA3DEqPZjU*b?Htg5YQkSLY3JGdJ(6}CrG2x0{5Sk6*>rw17i@2n8Qd_gb?_<_We z>MOllgWa>8l4K)x?kv0a*JOs!$XX7G_F_EFQcvyzP!F z0^D)^_Sy^a&e|%pCtWU^&J*hRBKbjWEp6r&FXSL^j-YxT22aDN*bvW3Z1sn+dMUkZ zlIq$g#F{-6miIQ(Vj~tRnyTW!c$wAiuiE#Jy>$3N;1>EIzp1|aL3!YgtM)iwp&uF+ z=(Ov(lzb_~uOIhb`ZTSc6#U3dg<9T^)hBxT|oAQt{*#K&iBfn_w2*qS>aGu&| zdegg*YL$m1c8s*7R@}HXD*J)Qa*kl~&m;v6`C zVX(NCDf5@d(r~lPUm26TWIV0+n|ket#6;om@~c7N^&Aub2hE?Wz1J2kIoaA{y_>-D z;n)jqOzyXG$`}EvFRx;p<9IORmr|loAufVLMSAxsVG4G z6O5iFEi)wtaqDo*@Nl<{Yt9w+CJe$xbo^abYrgtT9$i?b789P1QLtP*wBV zhJ$ravzKSRF1KR#r7UrYvAWvt+a~3ob28>zcJ#b$p#jWT@LVDI=R2o|+`-ha(-5T_ zv}C%I8jr|{x)Yawh})(HL3NQ&o;(TQA%HpR*nlL{+b|Mj#odc;9<3HBqVh#Z`yLnj zI=WPuYrU3(?2B6@b=N=Y`%*MMY0e()93%@qKZzx@Tu`f%5d}V#u~H zdCqp;HJqfaqy^vHX@lz?QFGNqx3`bFx&R=^_}B%6%Q}3EC3uA;He|2Z4;QrZ4gtnJ5;`nN#7(j_yz_34Cs4sO7Tc zrN~)pWX}{j4Q5$Xuuh`9TMOADJ2vzMxUCS|iL7unjw?&|%=~L`5sZs}p}c*Gb4@>2 z^e1&*pJXT}%>HAJp1kPx+Puy{J$c9?eZ`!2X}C{gzP~$#F12YUMy|h7m#m^Zy&0aJ zf~+Dfk?Rd4J*J|t5Ww0D)}LSMV>3P?ixgj+H zXpQG3rs8l?YjK*&(~zjOFo?upDUiVg7+zcYyz7V7FSy5`9G>Zv;Ss?^nNjR_!h!$&*Fq^1R5=$(W*uFdi?D4cpa&Buj)#?NlftsP1r6NTf)K)Sv#L()qf=qk{iR}opKf}(GcFi|%j&}8YGlFYZ-C!IhH}8hm|tJ- z8Df2acOhm2&h)};P|uCVdp#N5sNQg&iRI8^F(NWQOdax0aF=my12RT~vBNTd>FghG zJt=H`WuomKMYH0GO6-%BEJ37|AXC`OHcj<}m^EJG>X2xWdpL}i{i0~rMi-d_z1--I zv+8?f#k`tJGbqJdIKJnNH__b^@L2n@s0s{=X!mogBGQw8`*dUa4R>7hZ8WlJzIQg1 zqF0YZqI*8JaK~@zy?m&)XWW>>+J=zjU}Ha_y$ddT0-OA>TKka2lP|SD$@|(!$9aWoLCA>+5nH zoMvmRu?O(3W%BF$oIa*>|$DO%g;CYlcBS2 zDvnonac2koR{zsALGAl%&RnZa@ellwz^S%Rac+Hf*KHiT{tFD@9k)qS4_uI7Vh_$* zJqTpBG}oCx>>#?hg;>C>mk^om&kV3KT5uf>#=Zps;tG?$TF#q?Fga-pE?N2y#qzN| z*~XNnk*>LFCSkd}%qu<+ZSh)ySKV`_8|CwUt$i`M%HbmT@@kSepOUJ6XQfmYDh#Pd z_ie;WOaW#li;%C|rLF3mQQ0~f+T2IxO=`5RGqILjUaNmg(bfpqc*4n^^PgKn~ z%i0)Q(Y0iBq?WWlFa3IZ`L|7NYu^vqev3zzJuAl3XgGKaa_(FNMV?` zDh#25oNT{8`H;W=S04@Scl%TqQE*l~MbMlnGgXS;?8pQ6bZE@%!4ZAN3@uNypj$+v z1Q)R<_vnK%sR!7c^51+v9^9qRqoZ+qQ%?;$G#*Fs`;8Po6*e6fV&p5B9k#DuN|QPl zw!{-r5H(^}MxkxgU4hX&JK4LXBu{nv5DCV4)CEO#Nn=F?w=bGC{iC2e<`M*S<1t;I zKc7L=-=ppPIUdz$odtbZ(7y-^lrP$er>T@aI8M1NZY!?q^Kjc(sRvYl~^-NoCde>w~xP1&cPYBW+pP$WVpF!SAJ#0l!5Gvb@y%033~AGElrc~_B%slFa>D7WHL(Y0LP8>X4zhFfMM`Z{AI>M~pCq?xfGv zSxPlcPL*58;Mwl89qHO2s6XZ6W1k^`#?6mKf##k}dc7Rur@;B_fCmGK)%SzPu8T&) ztJYq3RH?i=kxO?a^ZPYOL`%|JIF(P2n_f{js-`JiTKf62`e)CJW$egYzv*v?%GnCv zZ@TKs9~)9uQe{13wpQZ7Vr3vY!@A8^6L>ab#PGAe1kXp6I!9jY=%IjYCbT9(Q11L9 zBq|KlYHio89ff&B+&kLjUx>;l=?B_>?q4ySqf6N}iO-fYD59~kS}x(@L@rUll8%cm z#`{=`ZPJs$sj?Q-wow^n_s4z1;3LxKmMIFQOw75-2I3cO27S)XQqboF;8$! zGxNJ8e^qk!bFA84q8sYb(dye3#~8T6JxRj~Vqy?bg9$ka&8=OEg_ zoSS#3U~0~vt+8H*2W)BZY?qqe^J|M*V+u<&wl#Ez?507xx5Zwod2_Lt8BnyWAv(Q^N{iqCu2i&+Fp`*$NJmM~H`A zm|}7-0j6;!ZgF`u4{7A{C#E|0OcgB~=0WaZ_b*~#5=S7PAp2zVF*MCBB?{? z<`EHAuxQd&I{c%|O>w{9v<&QmRq_ZfsZdh}kbxto$t6{Hfhzo26(Qrb^$tYBX|nrB|yM!5+-ic}OPe zFs9@h*$W{ezCHe;xt--bui=%nMuaeK0QXGpqCB@Pw(i{ZKZn~~xC&}5(0K=xNQ065 zf{kzUX{GOq=OSPqSY6GfG42!n%{j22al}0D_TdAmIJZfMK*T-AIMwDS;bD1q0zuy>!7KKI z4QahxTs(^|GxG*_C0o<_H&^4t^x<$)mE`YpA^I)~lkW{7lsYye)!~o9@i;ANUNC>M z{{Gq4b?Nh?^#yg&*$8Ell>W4fUj4jj={puy@M_;(zUt&=l8PMUkj1r;pjZ8M{2wY@ zCf6?uCG(RTLoYc6ofQ(WdryOzzaZA$h1$NJxK%9JsHaCA5`;a5;b@J{{0l_A8=ls4 z1U0OnmdDD+K+j7Hv|pD>Je($WWsL-PSx+wJygBgWkJ`tx2Tza0_X{(&aRQjKaf6cK zKGt?a%Y(hB?z}kc`6s>OKqTGxX+q@iQN&?ZQi8T3du&Zn#LbA#-;HUSTCH=>FZq@| zx?W&4nTnb|;mS-Jn2!0G^Q1R=G0gLpV@BoFXKi`*!aANT&6(Te41Kw?*$Ag$ojKz? zh_XBc;m4pAxy#e~G`R0zLbsbR;GsDz_gGXx_&}Rw74ua~K<}@RXM(Mj!ic0IvaE-M zvlBX8|6R2Ta&2+IVr2RC9<8(Dzn0=v?#v%CECwPLHcd8+z5cjgn3^Bmslzny7FlSr z5J(f5!nR)$O4Y>v3V?-^p9xReqgAmXJ&xB_X1{yPR(^ZhEleFnpY#!oAs$92u$9q%IQnW%hA zk}0To&_tXXN7niXWr{fj_T6z}BDXtT2a!7dQj^6Xs0*dx)ZIz4V(pf%ju!qVWGZ|? z*P$*fvezJOvp00a#|6swsSexw@^JR0;g5)N;eh!Ib*lX#&=lQkr#h)qxvu>=*_mDl zoyGPZ^muP5WFRvHLYrnd-(OW54W2Np#BqT#=f}rk!BuWa-vw;-Dva?OHorA_j;*^k zzYZI5LqUC7jXV_&z#p>h`tU9^+)-NM@zL4|3CS_F9L|zC9-HJf{-Q#QLu{X_PThK^ zb??FWZH8JT1W| z>=0<$z0cZr^HGN>$uwL1cBR(&h#lVnhIpRe#-ChZEr9mjWl9ueqxlWyZ1 z_P9Ji1AS|u<1tpRBPu!{H~rEuP4%Ou{yRynB3s+>;`3Lt1AH|+-(|3JkSAx`K&&oj ztU!dMactoA!5>js&TV0e4E?p&FYdQN&nky#V;Kql;|>!WM6HKDN2 z#xbftM;8RVNaV_bz8F1hd8X!W&Z?iu_dcA z9JzE@iG939_(qeb`TN*>3_C%wHg37)V+W-HJpu&s_SzgeXsK=8;?M^&Sp%b!T?Vkl ztr+d4GUCarh#mb)y>ZnuvKvr5)35JlANiQ?Be% z{nJ#gdm8YjU021<-b(exz%{NpOc|(Wz~?L&3((nCEr)XiOs8b~Cp%qY&`_obbFLKT z@!(B2uQOCb4I~lu$wT!65!1Z_o6hePel|bqr(oe5T?$cCJHCH<6B6&4>4G9wmhXD`5@58<-{{`pMkuczg^#rDQX3jiOj~hH_s}H z$HtX^k(8#^>uwBpFIP9o{1qg-^XnvwfhO(rt|l;Q;f>MGq3P=Z)nGvbdA)%<~AfPfz3mpLo zJ%kGu1Cf1Q zd#}CL`j?d-6UWMj$=1t7&-v$uw5vHII>y?OZ}h1+U24|Y@I~i~1|rDXfx|Bfm8L~x z3OAtVP@}N#T+UY+8Y!~H${-bdNSa`y}@m(^>68mnrw;m?f7`G8M93` z-cWgLL}*3gHhIWc`E2ORsZcH?W>@XSW~?`a$O}$U<3+y*ziR(AmiCVfL6L{ia(9xO z78|tKAC$K?wof0k>=CHmc;iwv3NJ;v&1~w8p7q$1wY+Q@P`(6>gZsJ!l_n zMr^gi2!^QICeESJ?6G$L%en4D8ni+wvZQ2vRpL`SzEG8GlezS1Gr0dG1-nN&VAAZIw<-N7%3D;RCap<^~g^q|Ex%u>D}u+ z1Jzf@fJPzlef&?Z4Yr9>smYF&rk;lwr{84HGe?FPO9$B=I{H|(w+YHJ%NgX%DKAVT z@lXB^TZkLm>n+S5MmY6ks4584^Z8O~xyt06rIZmkdd0Tn6l}pAm2FN_B+&9uhCL;# z9MJ$vf;Wo&R>~yy?LiV=A?l0+J5Rf@>CWA@POrUBy1RVNK|4J(!7nXC3ackk^mree zz%B9&?bTl6Kql%!hmUFCPEW?tHWaosjzB;D?zg$qLDT1nkJWpCvjf1bQtExwAvNv> z>j!cc4jpVJkIIt9WHaxcLvna~Ej%uxDA&I}j!)HA zG#F(XgwDUJP%a%$VlAK_G3N{Ff53J-J%w-w>Ig>^px+17T3t|*;e1Db^u=(h-J@V{ zqL3Lq_qr-MtD)xSY(UWh_*Ny;6p%bEL3sQg^!|{=@^@0M!RcEs8V_i z(^X!%q7e*|d`ow5^&OOgbIuh>1*BxTa_+TZf8*|6{VkC(!#e&%6KOfbWcqPK?g}}p zwJv1m8}CoB1p{+bb_`pI(P9CVZ)3qACTHUe$+w@uXPiZ_YTHK&(y)N?gsi3!1oql~bp=0IB zy-y2shJ^Uk+W{FQo8BH)q4>4x?KOe^tkLV~g{b4un~?OhMF8r}Km}CR8)5}icP`vi zu66uwT5O>vrxM10H#TCkaz-7~gk9yv%Jg^aH>E>2D=SWw<^<8>m&biKjrL6}dnea3 zAm`1dXrK`)xCOzkK+?y2GZl>rB;em89Q|;{1g2=*IjL1xpLau|qkUeRQ`s4Z`Z?Io z#{g~bimpT=?r5*IJ(2^)vb2zdn2ZVI!vVlh{q1MxWVHyv6RXswaHxRm$T@x5%|t?1 zXn6yV1J*0xM(f`6@yt%&g%hw%d-K3%VrJ*{GX>9#`O)F5-t{|O1Mh{)R?83Bp_S|e zS1EiB7rba(oxx*jn7JL~{;5%#X}|Hp#|E=RCHN1d2OXy4BsUw&0uNHiT7fwHM!?5N z#p1{w|Aro+^4I2O08bpCo>;~VmADCAkdT;`xh0VDZBkcD)Bqi+f?Z`$2|itoRQ%?u zcC-6~uJr}gsjfI!>r%ZM{+UkoEx&0ZM8;TmRtn zBR39j(hClq5`C`3^(^Q%B2ZJDG^!V9B3Ok375&7kxHWq(TK!qu?nfju*+Q3znz|#r{3A@DA-I zFH;FNFH~ZpKq!T79_Kgvae8pfbao1x9y1kDXVh=kZW^`6@9hpDmQgvPF@BLg+TVp` z_E^vs08RC}{bP2tZ&sZoT6>6jxlYM{{Vjy2(rjzn+atJ+?b){Enn`nrYPlSe<3fZs zj%Eg%rC94wMZ=Zz%jKNWs7TFcE84_?PNja$>mUYHQsqb+Z+q&u72koDMSS*amr{;} z_#ovCryA25@wT;k`?YBf6oOy=5nX${7Fc))y_m3YWe&)bi$*TpjSSq;po%9(F< zP9f7hZI6^tv!2uE2U~9IJd5ywFNFl|dG_v6K9n_wv~|1fpLS4-i=R9@Is*kArZZBj z)m~q2Eq$1krhLn3ywAY0+bu-D37NDNq8ZOD2H4IR(N-}fqeJHV-es|j|pXf@FYrEQjgz)3MqR& z03%e-j!tp6nDcf8NFP!P+}O}^C~ggFSH>R@t7MrR_7*}QK@nTO%n7o+Fk~{9E%BuB z7If~B)3LTaaU&-38`n>sNB!jm(D%7vLMJiJ&`divLy6Ky84wasr4`noadflhh3QxJ zot2O4KIGP489vOP@q$h96Cyn#G$JfQ5xQ~&!kK%o#(oYz*Kpdvc`-6N&Uh+S>Fn-} zb|HY(r)|4$#$7k~+EP@5EXKyTS*I7?EAS(5phcYdt%h3;T?v2?6Dk{0YvR*>{$5c7 z9^^EG7?$I^HUMD4sQo)~)wB67f!NrQZ4a)Bw%j{f=SXU{-6G*dq;sU!GD#V7Td17e zxh8}&hhOB=H1(mHjui8_09g`(hAe@knaI(zbp$YaX(#*;oI$ofH+7bq>zW5VHEVXZ zn;Llc?22LN<>n(vKXN+=c}X&a^y?ivk#?GBp;vq^Xx_LY`OW;zaI*v`vuG!QjkXy~ zt>2q%=0rbPG=QDy?^H2AALRKZu6@G^rA{f1zb7<_N3C+_!?k{=pEJik_`%2O!FTJs zU)#qyek8o>ptSPdBiqKIVY~RdUpXFPci;GU_fz#MgBAz7qoQ`-4LYui={%p?ZFs$w z4#n;^$L(HKq?3RF&`imQ_mK1%|8H6(;J=t|4m)tc>IQ!3Aj+(f6VD|Unc4%- zwKU!fhkeKobM*y1DDw$sOdV`KNx1gB|Z*+M+bkj^kC zpB{W0)A4$^L7yxPXR&kc#lsc)$2A#Y^HU`p@92c%QElLxf-^x2Zu~*CA)I^{woHY5 z23gx)MQGu-O1tM{wJ>%3);~jcheL8iKq`|X!WHoCnrr!vhkWH=6BKFWr-pfZK$uac zEcwIiixBNQ_7#tPe&xi)ZA+w$eaQa5kTrF`_93V5dbdu%aKY}!0tvpFY%E4FMzHjA z{?fji_rlVy9&6x9ftU_U!F{ubQd#F;rn>TA7dK*~YOprD`mtCKs{sx3G-BYYGMH^a89ScdyQgWuHYvxK2VRB?h zY7~@jSj|b9i`a3bF8zoYu!onk0;)~YnP+=#5gWEs_oEw^cR@!aGE*uI_Hnl1<&e+_ zeIo1J8Oi#+=|SDV+%c}1ZOssZD0lrNIX-b?K$wq{VX}%WAq!g@=iFG)WVDj-o7Nz5 zLLV7aQU}M-<5RavuyT6Y)c&g+c!~+c6>DP>I$s12`kIRr@S+*&e9C7Z6%rw!X7oWv z;s*#%8SVS2q@0KCHOHa*E6{)~2y7*!!*X%N$*t<1SsV@OR#vgLKTcFt9V?FPe{cS> zz+lv6)lDj>if=PReRMknWgB$XGuw-{SmIMJ4qJ`v7y~)8BzwfSP72^Uvp8~Ssn*KE ze|HPe(A&j+OTvF`e8QbCV`vYX|2*91C!5A9dg>FixJA_t-jJ&!eysF&MO2(jhVM)h zxod*ckF*?4Wy+AVv)gUZ>_~3!$=7F-_1h5bG^S;yW^d*nnqKn7VM9Q?C@7nCUbUEK&C z;bo8|7l}UG`tJ7Lh-JWWv$C?%Iidk>UA?w4QD5?29t9zO@m8+5E7{KWYydCkR9a*m z$T_TJlP(XmEoc5t!H%d6tRL;@z>nyuH&ShIX__DJW>dNL9l;OHZ@ zlySP5lsEqxUT!R^UGFNJ8CmY&GWPO?m{ z=n|cZIt$_Qv(P^N`8pAs^~`>iX5v(6p~t`&Z0Tf$ypzjf`v@uz$)&n%FmW12|*3JOCTp3Ugbkb&QMmcl^qdZJ1YE<}IU`U*tIVyOEG=k*VbF)2>xj z_?43II9DL4+9lmr-IR|trCw5~j#LNp4YeiY)0Az+I(5`u>XNieB>l)SazvE|O@KL~ zcblpGIDu3&-iQ~|XxDR69C0@Oh^FM}fy;OJyiXwm`$itX)^h71AHKwUdz!$@v#ta= zk_EP)Qvhx3ZrXQp(h{TbIbdm4;{Cd+9t1d2^wc|Uem>Y*_hMX(3Q+{5NfANWGy@3& zs5svPcT5-hv$w-xhc3SS?)CeDUNKSa?OE|}7jLEh9eJt6KlzJn>(k!kMp3z_4Nr=$ z1di#19Kr^-I@>EF1Q<#kL3r(*g-ijVRgzeTj^P9!N#vAlP;Ly`7B8Yr?bg9kdIuvz z-p=n1%G)Tq@f1Kg%JT6FQwH3swu2XkCsfb~M|%9x_qfzE9qo8u$@%dqqrAh6LJCmH zw;^$Xp1JHLHNvdXgvGd#Jx}C-kbdA|T${>5Tn)7(-|x2D%N{6ia?nm6zB>^I>ECMz zIf~#16rdqs-_R<+lQB?@39uL+VffZz3A|l_16B#EQ)aipZi9i>Qu=XolTaZz)fP_5 z3EZ6$S`Gv@l*k+MXTQ&aH28iiRy`2OPYdw0s%w1=Ww5V8w0Zr-F3S0fT@;_oZfLxSzq<^p1ld6_GV;YHj3y1~%pcg0j z_;l=qY9TL6{=zW8qM#U_Yk_g)5xS(NprDg?EZ*CO(3;m?IQG9mE;<}S&;mgL8D=;4 z-La`8u_&Ea_xn2S*q?6>l3hl@e2}6Bvb+Hnc_VyhtHmOZDN4*NOdgo{!a-vph&M3l3pu-4GAo z+iD4I1Ed(+WpZ4M(&jDNkdeM%kf$(ew&gAs6j)2O0FYT;)uQg`YnlrMUffc zWkp3rm9a8;X?=fr9uDcr@*A6QTu;PqC#LUjSni`|4!XXoGt|I{F|W|A*khpUfH9i^ z1|4Icwta$Te7v9gAiQ|KeitmpPYc%`B2wB@X}Xo5qNe9lS$?w52f$0Oq(f1gLvn>m zRG6G@xVGSl*(Q6AG-ITQVJp8KRM`m@1V&D#_B4DsU3hKX-TOMb)8JU(4q($30|lEK zb}iimN&_4qeD9_3_0~lb6e3H;-5JGoH@?)gS;OuF&>fTgQi zngwF|1&~!%30S2~FaYY0fS5&4v&fb23>1Lt4J+v5dR(}n*Zy4)L548Y{8}$UJg~Th zs;y{X9{d1!1Q8!4`pXK7oG9-&*PI;QZwXH(PpRafInRp|{Xe=>$~tPYC&D_*Rscn( zjOw7?kPs)pQD?3g6c{g`^bIx9`%c-B?{qlgQ49UH8O3q7(xs6jeY&f*(9 z9GVO2Dhx#s_S>XInKlX6bL{@ z&mIDlY0-d)10?_)F{hdgv|4j%$tDtV#*(-_0HIAJcCBhQ$18WZZA{4t3Zc{Z5)5Y= z^~^tIsM#(SSoB{J45Bn|E%t-DBN`|~?Pl80Rg+o*PFnJvf}Xo1pJ#a>Kh2^bEC94q2y#om~-kwjvZEKvsgDiygQ-nn4cyg|*yR7_f z*jY^iOk~aHcydIx&ja$lpmtUl;e?LD_qy7^j^6 z|A~B~%oZO}e}&z?VjWjF0IeeRxaw_t%E%|CQ15F`3mb;+<+BgK?9~$lBl$26$q&g(E+1#Xz1-0D^jv@&ln z&7>;oOPi6`>$Qt(0*Yegzi3wNy z{JGjBq?E#S{>0+Ju@urP@q@Or_?QYQ%vL-r=*F~Z5k(#)?o9azNWJtIcumq7Zc)K^ z&*<5>=nST4RnR>>0?7SGB4Pb`1KQuc)_?uL9u-{l$rHj{6Wsv>$?v0-b0EwdgA*V7 z;@Z@nDdX2ZiztQ%2DSyLJ9a_9e94BJiTsl|`i5fvllOHZ=s6Q6K3N=RN8%Ul=*mcQ z9G?N!rcE=vdE$OVUxBM0%~t$PemhT~Ttd5pKL450x8;X4@i@L;eI^>dWJ<{Lk>c2s z2N@zIgqv>w^9PB%(00KFt$Ko!cx>qXxe{?03)~Z=0H?`$p}9-dT`?{;;$92m*859I z`W*85zxYQ@PdHge+64kJr75aiNAknMU~4f9w@ zKjC)VCGJ=&uP8RP+lX7fKuTipx(#4Jluvr^Z#6+*7u+zkp+p`QKujsD5L8wGycB2Z zWU8f&|_T%PNKU7)(zh}%SGK`&K$+ks?QZu3pYuw7;u>-$Tm8Ykx% zvmIQv-0?dRay5g6X3(XO5O1a8(}q(|BKfE~n;#4W?v*kJtY{YDexZ~F1L|2`du_P( zRvG_Ns^Jtv7*Fk!!beQA_u0htUoor5KWf2CmT?A2(o(fAknXwIreyaUmei;qhI7M~ z1`#;=h?Gj%mI&=5{1gNKNhK}`y@nw2Y3_G@APx|zQ_$9$&_QC?^1 zr=MONtx9ELqx{}k5>+9Rc3HKa%5fA;cc;83rysQqP2=S=L$$~xDj}^<;n&r@>>C?u zkuh)d=~VY6;Dch=WZIFu=%$CJ8CFopmT-R2H`HIlp)|lsPHlZY8wcZlRB8GuJj&hL z^_FUs13q5p1PuPe)Zy&=A?)x6>HJ6@%eC!#$5>GQ*E0ml*JK-}!%nWh)K_;*GKk$+ ztjOd^!$}0useXqz zd((GON~8+TJ=di9>$SQ4^AY(bwzr)#qy?QRaFJG6cAK>B*Ljd9hRPVDFGQ zt2-k&I=-jBe0q&LR_ChuL47&-JYeaIk0o%u(BS%x&BMa@-P_f)$`t#5gnv=#Mfnf> zi+{P1H8>qv_<>RlU{)63IDo-_9Be=vPmuKqOFF6D@krfS_yCLvn(6BZ?-rStsZbx2 zbf{`b2HEw5W**KwJ*Xoz+XNMfvT(+FksfmN?F}N?C+D4qHxdjiy=bO(#gdA+9srPI@Y%3ZydR=G|A&0;1>eQJ{&%P#@ z=D#ysK##d6VmKVpB-x}W*X>J~W<1=iXV}kvf(dW6OJqE8#^-IE5NDUjE?L+~gPNz@ za2qVVhMsM0URKuo2JYjmv16{NuxWxSG#Zhwz=GbY>xDq_1m#u*)y-+sZ05}yHxRXf z8yNPX&Q%Y{KbIB%vgGdL?sq<_N)PH*0!|ESlzXs|;W_K1^atJoIfwAvW<;A?a<^=P zJVaH+y9Ke9HgPLTX`a(fQUS`e5GnMIL#Dao;l}L|o>KJeO|)%ula8KqZj9-)hjr+J zTP}|Yj<=ZBZ!d{{HXnzPe7AyVxeysBsW?l)i&R|mvTJUCnJT^v9Ba_sBm4;Wwy^%a z`}yoONUiYS_1jHzAn%3p`&9J4%?a&OXX*W4L+zZNnM7zZ|UZp><8P~GM^ z9_{acgR96)>-K(@x_OqyrJCEQ>j1>_pfyS^N6-K0WBKc>=r15fPlS6+DYxYeDH zB19lw0jf}-T(K#m-3J0GXCM28@hb4Qs2+BZWc5=#tl-duPIBXrLm(4$s+Gwmp(^|% zDtd@d8L(-Thr4EORqEC|HGe2AGok*n&`kR*APEv*i6t0d`$rpoVqc3uVRxMN?@i`1 zh5`A?gUdIgVl_ z_(fWU;9A$y7D5f7YrYO5vo)8JYl7^~sOJF6m3|;71Ux<0?`FvT+kJhYsem3dL)2@> zM?Qe`i;2y?u+1mAQ;TD`JKY53sL8J~Tp`reULU(~nGJ`5RIkqR?;S1nM-O5fOHQyEBD}wp*={2x$vHs4&<)2?F=V1j|z;H)Y2M*|5RS%qQ zJ{}~JmgtM(W}Xfn4L$1I7E#p&)Vo+ZQSSoIJ?ID}*Nkq4w6x6!=11hSJ)^l2G#V=>%ZF z<-C7-?1PGRkHwmkz?>FYskRiP*nl7+4mf345#`(8i!c9m$^V^+%Kv>hKTwYdi8KoE z{7;RLD>}iJRElJDg1A8}sG}M|tE;K{Vp&?BY}Dub<86*2rS*60&|f3uEHi)|r+sO? znzP`Yi+Ea|1DK$^xBim(*QvKm13tOt-H~XDdRwL>3^`x&EFj0*d3NcG6JT+8RT0aB z0#T1xQ_lN6{uL>VIw~z9`AqLC#vhi0c3>0g*na*L%;@LM@gf$L~pjOSn5j1RyoXb1P-%v?#PXl*GZ*0<$u{7 zkq6DM8PU`E;d7$K7teG#vzVC|3UNRVF`Q*-&0`YsmULo?SI7IkcrkpvDqma=7$68g zgBRu(0p@Wtr+P~s;3AhG-<(2^bE-!=ST@HGBW&BbRf##ub=%D%R@xX3W|Nv>0E zt-;)9M84d2)n+v0=A(!FhyO#he9+^oj{+ks;s760;eZ~vTw7Xp=;ks2f?Fj{+1SsA z#ikF)pe*d)yU$d(b7&NDF)4BjDU|y4dY+3;XT7h=dZm~dW?$Qj56ZhHK~FwD-$XpZ z8#T6F0W6$!ER`@%x+Aqq;N`UX1W|F~|Dg!~8JkFuOKJ0lwd%zRZ?d3l$d>jjaH~y>8?)jAxPx z_obg{Gua^b2Xjal6Zd-08EAP+xjT}v&H^*Mx`3S6zejjOtG$BtLZy)JB5$U0)vFE( z@NjeRD|H?0_W$W*7j_>XU$L>aemNF`2N=yCy{~8CM}4f)Toa4TD4*J_k_A*V!&Ui+ zkh&N#l8GF?SGFe7P_&xV@UmT5%8#T#8XTPOO5|B+kcM9YZWsvL)IoZ#LB@d!)_Zeu zFFV9}q}*aBGwQ7D#b`y>h4iVc_L-{~lZS+934rQ~q7EhTAt${IiLCs76dt1xVU8NR zTm>2%4fMoswBrT&!HM?=Hce_U7QRIK;*(tLaW%X-IC=lu8t{46xs@ztb94b3!F(rfHV6 z(yd2H!Ht=^&r}m{wmxqrD&lAA&U!|?4wrLq2Id>$UM>E!q_fZp527(nshLOVw^*Tp z|26B4u^y?pK~{YjYz_1`du2G1S!JQgT-qSx!p?TR!~ozrb?Tx&q z$-s*ztE~lWM5dYsjTKMv$=V5F)*bYLduK#>N2j@%_geVs&UpO%X{6kq7hdj-UcErR zVN)0hnye8}dTnx;KWgS32Tbtg8P2UjKX*;`!07~Ams0u>6RSUZqKRg$d+tEBYDcoh z?hpcarG1ZECzIjaNsN&(O(#0ddS`284l7Rwz=Ex{}{CBeZg8{jJ zmy3UV2-dmkGWfnlRr*=LgC~$fZT@9RjUSS`CsE$44uY%`I^x92b5vd#nU0jFG2%L} ziskI*IpGTi7aTh4{fW1PUd7IPR^=Z7g5^7lajw`h@(pg$4F4^W1IF! z()?hov_0vVLw;*Wus>IYfNP~pZ+VyGOqt-X#+@qDqQEZcEiT4a37xmdUkd69SgsBh z*}HLzY2^9sH;DjGqD`UbuGw?WK4k z9nc^Ep1@D*>CA~#j|H#vJ!tRw?|jMnZy@N>j^hV@7EzTd+i~yOQ=2TW`4QdzNKp#; z8TWh|_gxW-HQYPfF}EWUGyZ0wBH~z9_Age83#ocLzyEh$6OO=Z!oJ15S(}kgZVTZ; zUa)gY4qXt@X>aP}_Wl2<*Ti1qW9{hgc6{wdOmHaCXeca{2%z-Sw^l)kIgT~jUB1F0 z{nbJA&mwblmc^Z?bAR(dW9vU20+|#0%{Nj}`&aw2jOkmH^F{U&*# z#>z4z!*DsE4AoJ~WmItzVpB`P58c^3eTz%W zi0B$KnBh;##(!*ASMBz_(A-{Tr5r^Rcb{8taOF>RM=|2YeC}P zbS1kTrb=ag39ACSxviX3tHjN6#tk!XX89*4TS1Z$ zz7+~5E7pJ^X&qJdHW3jJfo1GItzte?h(7xb_jdl+0d@_@@!E?(MD#nbf@F$Taj-wt z%J!`FWsRJ*^VV6fKu%e^*flfyR&U}6C|A>p3dzgY~vzSh(8+|@Kw(B78MWxrXBAfp%R%TnE&Ofyg6IUy>?!}f^>ZyY<@iW9{lF zlyreP!wO0{Z4-ZOCvuZX!`t0Wusq0)foL>#J49%t9zwdD3ltzzhl|4W;A(cX3dMQj z1i{{%<=<}<&9Wt*7%my zH12=7mMMC9D|UI-Z0l2E_4`+OffKBjvmRp`=3|6cTZfN?2p6t$ZdEVSs;j?rV)xe0 z5AGW5uN!QZj_oauS=vYoRp^;n;M6W;PiB?Dt9p)b$3ox@f_4L&yY4%KyT45 zac$3p2YD`Z!XofGBZ>H(TwQ^=dL*zUe3Y6F3cv;};Zv%JUyn4lvnh_BZj*0HVX)1w zB1?N92A!}-)2QcLFM-@MaNd|ZHa%@e^AWN=rN1q`F!{WAHFYzT$ZV2;i12MTrDh4r z1_7nCGf+yGGKD7k(hw!~|1@+4cd%PjcDvq93%jQa1E%);bm&LfKLux2?VRp+OaX45 z*bNkF$=)&!8@08Xs)(|kN6AgH;@;J2(+A=?zXAyR&NydUl+xT|?cKtfJxa=B1*PBg z)sa@(6wVLZvY3cRiuif=sV@f6%FUe0z)o+cFYg|9p`n++8|r5NZo4fq^f32rMd2T* z?xAy%X`p7fY+t{F7ct}$estt8@9*@cXRpzP1EI!_rFRw^JZ{{eQyU-?I-qxD##Dih z?;GJR2c_kMSOK+#F#)a$^~j1mb2Ft{M<1*8MBjkl9ku>89-KcK0u5RT#gr}XBhv#a zmQ5Gy68TZH&~3gYAT+e<$M|Rj)co4deQL|n`$v|_;)AC{XjC1!uW@-iG3ZNT`Oel< zoKFzJ=TdK)-}D7D-}DK`>3z2YBsm}cwOK5E%x4Uf?lx9kwMN)^#1u`?l12ZypT_+) zYnMsiIzTw6wz-!jwaEHxEQS6&6&evb-S9O|XBW|tpGroT652&L0BIt+y~F{9uE8Ax zXCQufuj5H}ltkZ7pAl^+m4By)%f_;|L;<$8;HGC=D2CE>w~202kTY?nG(5Iq=Z;|I z<5o~4HE`VLV`2;c$`~_d43~faWX5D+n#%!;>i!FAZ|Jdv`;iK(>5E9I1)>x3%@_Z< z@@CLiE#fYr-+;iCN&NYM37&MK2`FWN1%zcGH}|!_Hxh6Y08wURGx=^KGA?+(`D^fn zxOmfmXhRtm1UnE=OI$t&K0nlX|7Q#WKR#X|Uz6m$KHGhh78dd+0$&`(J&5*y$44pJ zkUYwq)8?^{rFIZ$uBETn*7`>Ec5fDfuolW-(>rl@xEpP%Y8}nYZo0G zB5Z$U>prQK7XPD@#?7u^E~{T(@LlA%e(a{^rFc!_HaYf@55U3C2-7!XKI%S}Gq>cw zK8hR}oLN{+8^iROyJZ9{t!lX)vJ~JiBTRmZ_LtoFZ0gFko4xiJmm+C*eW&q(=2<>k* zoxi)jRBDVt@3p2UDJ_*w-LIh%3fP~+PlTKd(U7#tWqBf}Bibbp!UR>5{vj*f+terY z=79tT25A52j_s^6Rs?wB>Y^zq4%+Z(;^JL)(KfQ`@7~7>zOxjEA#I}1RjctEw z;#Rk_P?mKrEWq$&Ruk)XVuWOMS|5%=}NIWZ#ExN+9u=QvN zqSjcy)}DOn#SzA`;O?WhK!MpH7VwXsor+}G_@ugAiLx1TDY<(nw0zF|vyI{df+Lc= z6kk{%sGokSOy1fqUf$LPX&JcQ*um4BE5a2ABiJ~PqoY5ilTz!;Q3ykLj4rOw?KaasXcE6HNR&=wF>Ukp0 zD0fAeTiTw@n)&MCD_6$l3;gu9p8L;bi!~Vw#x8LNE(eV9O^mHQ-;91j$#cUXx9B_l zH5{Y!6D2sol-_Bnr}kT?Q~e86lzwfxVqh8YwQJ^< zLy!{MmiP-_l?v*In@zsahZNxol$&m_>4x77BukaYo1+b9n)Js$@jrKeesp5lZZ1SL z=V&^Uk;M=ngqQ2&;lN&zteBYUIbazP#<<&kjjY)8fFrs|ZY|-5M7p&YP zHYYvHre0a3y|9Sl*B5v;D1kO{s^*lPFCqx3I1`HW#&%p?;?iLFNQd;K>g^coJ^$;Z zqK)&enhlrVNNL%T2;CkcVp4d#yuP}ituSDNCvN!AAO6_9>)x_E&6k`KdF7}bn^FS9 z56n6h*M3-_2hYyLyjuQkC9@#5TKI%za67KL!yv;LK@3aCfU?L4V=8&kK`5*GyFsoe zT%6~38**u{`4q@n6bF6sX(J)q6GE@zIAZfwyHT@k{&yin8=$rbE9p19*r@Omc-eov z^Q0b@w!S0L=N$Vj0$d_KY9H3SP2~#VJ$N8;;nGZJ7{$b-jku*#xcvJoMo+#v@aX;H zC;r$j;5WQrWjv6}HBg7#Iz>j+I6HWGB&=>AUoRcIc|JT>tb!cOjz-Yt@{G**-avWd z1{WWD-t1`%*Uk8pW})_WN~FX9Hec6}ivdRU(dsUe#9xGdUprr5Yh~F_6oBtdzjh0< zqw1ngEAFY=kD%W-x zUQ{Lv3G6WrorecCtc3I8s$s8{({Z~yN>|o*>Q-~sxP*8g)T}9@_YfxYBB`vgI1m z@cJ8%dciXOk*-UV$&Z;hg~jy{;t}i(!QDvKtMS9HVE!5}pf7cpk2A@-EryzpxKVW6 zf^2w<@}=-Cow4j!tER3{)R02c=rI{p?Boj_R|&7?iJcP_9hT)U6+3Ky!3sK9A-uXT z&wM@hQ_YG^(tkxFKE`@Ut5V11in^hWek0rHox#Q!g~1*IElO zi^y)WLk1=stw;N7Z&^LnsNJ_!X3FHBYzKFm-?Ak45nsuOMiyixDJ{F_6XjKqZp^ck zTv+oLvBdSh&eM|kLOBlVjwni|Hf>g9%1V346klFmz&@-r{gyU39v7R`%)^IYnbKlT zwltHG<-js1WAE;q$TAC>7JC$;<0+}Xg;LfOkBcr&_|1UN({p_z0jIfbjo8uWkW||F zFu!|0pRLOF6?-4XhJ^p{V%NQrcyoy{6hBVZc;9Z2sz#`Sb@V}TG7*NBAESIzj7xHrAo3EamN!@wk%IV*X`uXkDE!H>TQC0Fb zlcFWexk7XmhcC=OxlzE3xrR6Fibm;{0;yLj0^#~~dD1ZFms=|%jMxZ~V7`2?%_uQOQ% z{Cuv*Fqnw*A|>FMPWN{1#%6UCNDY@wEMLApsRW~4{^3CyYe0n3`f9SJg$QB#ldhDy zL*4x&__IHAOCS6BuS?!GvbKTNkztG@9e}d&ch`7&(id{WHoR+_F-K-<*>6&QNKfb=Wi|YB}Zg0_zE6 zJr#5N2h3o+ys2{;;<_-0ycwoT(;eBgWm9kgq3ZSiQF5p;>6!R`a8ldN22FCR(4p-w z^)Y5CJ=+nj#?6`t=l61O%&v${vJl+4_g)-AYi2k)Dz=!qjysp;@C#e4Qu`rQYxH{Z zdtv2Of5!KV^&<4beoIx`Zbdlthpi1m2TM$PO_GkqlvC8O0+ratzj7|oT5acEUAL+YQsiRsQ0x&lOOXw$ zWKMz+vc4B_&oBXfh=Et(M%7gfzE6UDPUV~`)4dNr4|3mZsJ9UE9A}+zqDZ|GUM!S< zz8V>pp#rWZvN8q}4~$S&oY-%3fT7+h9f(}X2QGm;AEjcrLV^wsB;4y(B8!CO!N2pZ zW3}L9Qkl;!vcGGkBZTp4P!4(=xcZkDz+{A2_`}T*XrS=IK?cV5Ig$AHv&|GZhYCs z&nvw@yS||(S2NWeSM3tm?k2Ib@d2VRJ14_i6ni=7lqxx7)k>Mk_NL&ZdDqo{B#%7E z!yta;x><4rJv#_%CXBN6AbSu7iG*12Gs(Z#&wnNO2wO*8={6cyCHihliCR4TO`K9?~jV z9Jk>%xbqR8sV8x_-9s4H+Zt&!lQV^@{}Fy&;h|ekQ{C}|Vj)J>y=LKc2KG%)+2(mA zy^2>$zicHyWZ~5a36|1dZl}CVM4m522Tdl|2&z_7@9C0Ng=T``HT>ux%miXfW9O|R z)+I~5Abyf_`E1Qrqtq$S2*u^S4s)Im+r59JQ9Rm*?~oY7Z(z1tEn_JnIQ~~}r7Qy$ z3EJ41^hzx>wWUa9sXVHtpw*HLT~YMjp89xGZS?Npp{%M2cuNSWjTs{`*;AKC7TTT-C;p1wAL(k~8uTXSOM(LV# zi*vkEJL&vyf`RcPt6X>&!KIl9h4&;=2m+RGmA7)*^2(Sb5#MV?oLwE0(wL3ggxxg)D!OvJNp{<+vb;O5v)F5z@D|5Nj z;e3JL$DXj`mb<$?Hd8T*9A(?DdL|*3yCQz9iTUR!E>Q*Eqnr7f4mV5RaZ9ItlzYA! z?P%fm`RT(Q&(29Dz$T*&vPacq80=Tg^Qk@kuU&B|c)xWkz-I2`EvfP^Z&J5xAHy$- zL$4t2yvTAre^ZRAb;Tu-H5qNQvHR$Ol;x+b`mQ6;bxx}MfRA-BOy*q8w4Ujl8EWlb zLC0=$9#+gSZrD`5d$AR-ZD9FM--S)te_=~2D`WeMn1dii(NzvB!~2}ScjbAj8c&i( zQba;Wo{DhfnRc-5&@%6VffPGJVk}6~YDL~kdc#zy=4pKh$U zDq%qPuQH7YIRvg#5SgnB)u!vTDQfo`d#okYZnP3+IkMu0cRcQ0sn`>XQ7GQIrz`ZT z8tLp@l{;?}dL6DLZyUIN`3m2MJMXB@d*!4B-?W6{ofOM576Y}(x98jMeTZY# zD$r~1mUC^o6<6iToiNedQ16E}U>Dr2~Tgd4u`REYTyW2q{e{jpMm!E&bG)Lw9k(D%(p z+otMSPbCFD-UAhLU{WaXUq&bY=*7i)RFS zuFSyqx9f0p>)m94^is*TVjB}UA;Dpqun!_AXd1hwh~@fyDpplL;qynS%9Rfh`*TJ$ zDy6EYQhZe-&MhtRtg;1{RBz;^#5U0BsvEtAw4I8C|HIvz$3wlp|HDbBXy_~+mEYl)I+-P4fM>p3IrmrzH?YwJgFlBVQjz(h-? z)?rttFN{=KI`M+G&N51F=d}Daw2U^JX572X>?5g84~?c&qu_3aR9*zJ*<`hvu~Ppq zrE2D?z?oQu-AwHilUb)H6w|Nn!b39<%etMGVu8G}lV?oa+Qo2$BH!*X!wdWPP6VQ) zdRLv-_jqh0NFrcq8g}g7d*$HQ#?;}g85brUHYwd1w*Gd`!uVcPrQOoIj>xVoU=L;I6*(fSTzf{_eiPJ$lE z>02z>bOl+n{iGT}3k_>!PEZC*O#mu=RrA+IB2!8w!nW~L4`^RA&CIrYSyHsTumHP| zckrwBHn{ZR#-hF!``d?ytPcb`slrj$b_M`VU}tTq4ma+5Y9{lmj%GROZImQU>92kJ zesE>E{z}bT4cc0p;J2i=<}$?ZrhnGGpcKFN%`w|puK3L8rj+%GdKE3l`qYs|1~ zXRfSjVWV}t?U9=9kkGkb?y=-qBs9?|gz(9eM)+)5=_Pf46o5CiMF|im3|)>cbEGZJ z)O%@qN?zk_oq!hlH@uWJY)OSWn%SG4dAW7@Y@Lc+)!f1xQ03B3zq32)p%bolm~io4 z0qJ|#i7As-s>Hjc(|y%zIAmA#T!V1r(S8D~<7A^OWV34FUDy;I9g558eCFF%KWURU zr@yQK6nN3hubnr6#&0o}S$$VvJ$O?V$hJH!@Ghx0%#KAX2m?W5}WWJ#;{=-bg z!Dq^Q+-EmJ5)^~m;Zxg=V;=LVO53UH-n=Ci9DAow0*G`rTd$9eIfmPxPm{;L$n3$( zSAHAOcHeFhxqY-1UoESqA+uVj@R8l~_zf#)f(bOm){tpPfK!K57WY~{dwLgQy#imi zO;(43&voO*cx!$4>R~%YtdDe$#39U`g&qK^2|hUO_BO?_<$5m3`xR(g38y{qhe&@y zr>Bq4RSVd8PqWs8Q4c=;7iP&@RdDm+p8{S#TKCKL4kq}@g1-A^Mu@-Mlb>9#dp7<) zZVOZ~5o4g;s?Hr634vh;dY+Zd)8Xbaxc%pTWo|`<|M3tn6GydO9`^=izd+ zNJt+xbZr^+n~a3dHZ%T2v z#f7Z~X1Y}q@xOmw+%HFd!e_!lZ%ZpY4 zkZeRFP4A*C85#O|M0vsfLk2DmsmKHi0Q{3dqlTj z?@z``P`i@JAd|x!qr>0#z&NsfPx^Ao`aM9&={0PR9{9x4Wq6M+8!``IVZPpc0-J2E zG%6lhb`87zBDt^5namuz1@|!InJmQ~AEDZvgYTkAYxWG-bkYp3Nm)HahTymu4PI~> z3^I4#^9oW{&4;IMeV2Nlmiw+bUqOL{mLpM?VlQI zgbT!?oC9Sxk8Nz)kU&7VJX>Ao9@jNQm#)&s2o9Okr9>+a_F!?;c3`?to2C)M#hz62 zr|-(u8A2$o&1m@9_{-#qI0xoT+t_-w{1iIMEAhKEF+iYVBOeJaB&+1G}+o=WI_L%Jtth{p+~(g<($;<7|DZTL;UnU=(@8&hWY?SQUA?-a4Dr)%pXr*>|=4Ke$>)T(Y%+vY*01 z^sL$kf4h4Ofa}U~!nN1B^WQrMhc4+!A!G6tBF}9j_Xnz<;V>UqJsYz$jPS`yrA`h< z4R38mJS%3h1l|;8e5`bh9XgLn@;-%AErH(cc>7G|_7Io_*6@du=buBgY^eRG+LV6m zo_F+~%srdqr6y(!VcqRdvu+bW4Oyg0!!<2j?UBOgi0mtfV|LlQq|NI6RvH3q%Yl8b z$o(tA9BEW0Vt-N;jZnY1%IA}e-D!S;r~h!fM|aRru4!DJX?!p3;}{K-cU?s`tZz4e z{d*WQz3{n8%@!}r^I+y;N4QE3TArx?a(c&LZ42WtLcGs0val??0tv6GHNQ_x?DXb& z$L_h1;gjiU6b$U-5)1s-TA8atw#du+{Zl>L(kFYwTZgw5%qN@=w{gM6RFj4okKSFXSTd47>?(?Ni1DlA9BPw6b!&KI=-9`KDx!DYSD=LJt{QfZ;VryxMsJ1!Pr z7IdV@Jm$Sp^b3jFpH>4R3^nz3UwO-R&4W{xWqpoU5BkiXX(exeoeR4WM){kVzIE~r zAv6==V-ur$pbW_tiE?xvWTlreQV+~yq0zg203MBzo>?Im{u4LC#c_7arV1cH78{`|^6PbOU8B%c*UJv+60;^>YVZTiif&>4j$-_0;1x>$+IMRk8Q z8A6rk?BTkvZxilu7=nU_$Gc}|!k<3!=$ym|L&a)Ttfst_+U~GjbrswQASb2u*lC}L zupZu?PH+SZZZ~^DI{in8n^n7&0{gsa?xq_U#K`6pB;n(@^=i$a6}s|rVK89~kg(kd zQ04fK1AeN#&*z}(a|>^d7fZRIST8$tHl^_Pt|iXvxYM z@|+^Y?Kz3+(t5K&b|`zt4e2y6lUWGstm6gKl-uruc%VBjS#2;4Z%r+{vDn>P66&1T zz>o4(Id(2}X%e^Q>Zc~F>A(4e?D83IzD!sG6W1yqY3+nFcX}_*zLpX6^V#qbCc%sM~iF^V?|^jDm7il1+_mHA9l`xixe8np_m8raT0=`PW>wFb}jf&;q8yh zG*_Riol0cPw5cADGI3_uX-Z%#uzda+nWJxO{qhjS@cQEY8H^?v+AYrOS{S3yPHNc< z44?FdhS3UoGq9mCLyW4aQcKXe7#yl_nH@??e1+SgrJ%g?uU31Btbrd!g6o18&Xngw zk;xcu4)%@oc_~7dk`mwkT|3oD>r;pMP%uV+=9sI$ou|0$P;){LmuJYHmX8xbmK z7az6{ktli$*)*pKqVim->3clc=c3DyZpEI+qVuljk~3Up8M*?yscVmeVaiwz0J#^xb@b zPX74W$`{M-M(5#i)m+<0Yk_eK2>bKNpBKE+fzG;`w{NJ}dD1@k1?`E-mGS+7;-JsO z-`^VUw2V490&nQ=OB1N(OD;4)fhx37?6o-^VD8KCf(ItVgD*C(-9mPng-bx@dHGUu z-S&W~OdL?3~7`xIFpQa z9tNDZ(!m!CIldB^S0g_@95rjA94|gGHT@_fXt>`KuTnuyrj*EBl}$zh7s^?pQyM-c zvf^lr=rx$J((7QM?8KqYOfTg-JUlk=z-86$Ycmhm@#s1V_prJm5O@`)!$mqmu7j@W zRZ8mpzERYx&MoXvrP`#Q9C*~pQ+urOsS|8d235F~M}}O=?QvA$2Q5!*-t60+p@yDdOc+}c!qc*Ga9Jy<7kQH>rhZ6BDC8OHuvwE;4&#CvT4+aC zi!Ga@2y?hM358tSj!pyeky@;hUt>Z~h+H+59v z>Gl1|Y4xo+PA$Wv-Z1JWAjLGPj$Uk zAB(x@hIkfm?nnS*w!WvceO`M~F_x+wL}T=n-99S=iWsm`OHMRiDJ za?_XJd>R%t?HDfms08I99ZePPqzk62_GHz(g#QbC`N$HAPIs)=6k|H{`e^8c43P#* z%ZXhrU-^1>Pa>V)c8zWGj!U{dcmnNu>f6KPN3Mg!fL%`Bd6B2sMkGhQ(jTjf1A2Dn zrnhlM)p4qs-pHTl0-SY7W!(n!jsaclOmGZ~O`{?6K4szum{`gU} zs1d8Adn@voaL_1GbzYr*_|e!*nqTkE#t!+mI{$8U{$rxu$3qil zL07<$++IAiOCI;#J(P1)*r|sd*$*?YyUsrAS-_{}!$9*$)WUoC-@MaAclZhVg4gTk z%j1tlvU40u*lD3IsfmyI#dP2^116JAU3UrD(~5;$J_M~O4KL>gKcziEj@w?=5z2ac z_+e}shS;s8`pCTE^4Y|lIcy}xWo{^qH1K}%-l_#e%5!?z0>z} z1tamb-*K-T3%LCr^KU;|Y8kMd#N^)BdyYQ%&c9;mwNiK$E@pT}#;oBj<}T`VB5?t? z`I=R0to`H8)sLkU4DyAc3Mj0~uxydddCdb+pCTMJ@TO#OuROdHg^IUDko zzx%fC#hqo+jFN4NG{O;|lSOYr!xh{Xl_u^q%WO+Q3!OdF?xX`k=*89%fBd@i8_)Zd zmOY=0?Iy#flaCC4NS-A&R0X;tMGsnh+^T$?`PRR8B92M-hygYNGP4!5Oyq%H7hPu8 zZf}H6=BdPO%*1L&jsb9|eaA~8V!3?ZOHad+q?d(b+@BiRp`%MDRRfdZWd%J1b}{E6 zL}o=$*{4)S%lmR=VrOSPsQKZ5)c2?d#D5gl$h$Cc!)Y7NSvPLUD z!gwO1hGa%un1!z7@gohNa9P@g5bnqYWRcozBztFt?#D!HkAY|lYO(FgeUU@9-Iv3U znOpSz z#Kmblw&}WbFvMEgv!P_o!CaeWbprD64WrUJ{8BNlWAiwDp%2jqGlG>Re| zt(OX(`P)7fCU!-hqoH}IdGlV|&8T+z`L1N(s-+Kc$nFzkEG=!yb&odeJY{^QPQtl6PqG{Q{-cp5X_3mQi|Eq|!+}hd zPBcNce?AnQhYTBbRvk5;T#fUe*FxyR4r&z6#fK#U9Oee=vvFo{jb_tZs$3}jVi0dm zm~0%Nkr^6z(a$Ym@l0h{nQEUwJbHvQ@H$jk@0|_lvFb3XL6}3>QL!y-uTdo{eW$UH zTFM4~Ix=FXDTv4a+^UWgw4UOfVq;)iXq@?p>4p>j?<#I);s%nR)EdEf!`OWN@_d@Z z^y?sAr%R`=@DTf_El|_R;}wH9n~EL=jchi>OzO?6n!_=N3^a1`jn8hVyxs*?ev->k;7n#Y=A$T)8|mx zrB|a(qiUO5BAS_Y*QfLiE2ZyJ#Z1OWT9()~JydO=}T`<;& zv}^B4!?Hj*rrOCY;9m!;M}(jyV3DlXq6eZGT}#%M>-1SG8~X(1)l7j6`L)O8Asl(4BEJ<;6oh zKi%qKN*QG)ZvLTHsl~?P`^2%P% zKk(C-?)-*J1<6LsHEGSTqvmbZ(to+-srmjt;g;XJIvw?wDe`}H%hNX=worv9`dB+r zAPbc$ZiLUBY#eW(*#I=mvuy?MLZE^+gKt@#d}(6Teg)N7B!aJO-2*l=XfIvzKA4`C+xIqt_)#GOOp)ZE*ird<|yC@+ZX2D>V<{c zr(Hi^uOKPNo1IcCqSKTd(2@Kum9yWNQ;D7ni-iv1j=Z7U_YLRWgiaW&8kP0>Z1ugB zIB4)sI@*K6DyMJFwJWNud0ICFH=uX8gFW$EXR}?>Hv)KN?-{Z6j|?sIIG|<<`JzMYyn=Z;C6f)_HH|7^U7R0m*J~ z%y0P7a6sF8HDuJgzc{W>1N^@jQVy84Q?MO-{q?NfXI-2Y%K$yCR1PSnmfcAg`{Ql*bdx-O){s<|X9#U)*6T=Q9* z4xl|A9jv%jkW-X?_4yVJqP4B;Q1x41|M^JsKXcjxMglO9#b2Kns3eNeLMs$smhqd} zB$>*ZssE6M`#2Bv;;1!lFdMLA_u(mb4W0#|3$k}V`zyIv69`4T^geKxxnL~`^Dl+n zIU=g(UBaP0|ImLb%aBd1gM5;Yi~n$F;9XT~hY5MU@WG zLiZJFRM{Pe1{ZQ5oF)3#YGA1WK2B;2`SXqMv@|(p8bly$GT4VnCR+2nG?)za2n z)4i_NMU|fOCa9SiG58UwZu4yR2auMSx3@Q`Qar2k^P_FN2z2}=DmwY{(&x45v5btR z&(90C?MDIWg#H=axGjR6OokmhB@O*@;z0k;?*1Rmh#uZ20~S`*rosko=;1xx@!Zvz zUS9FdFO0ns2-F}jjKywSAHLKD^d3Puq^(R`8g4doRUFfpjYZO#?Q>0kJ<2mWPn8IR zC#HLIYl(DU^9!f2`0aV!#8ZjT7nLxE!;1Ta)C(v=e>d~3DcXEu7mm2d7}i>1zlEpZ zqJAGGk=bDfu`X%rRDTy?lbW93Qtez%t=B|qJEJ$fgjAbSB6Qalh{=0GQgzWQH97ze zrwz7h-@f?Z*OU3p4^)+ghfCU6*=o|PK$PhCux0)q|N$FelPiWkkDbD=v2m z{e>M$F5AP`Ef5E~ISy$abBQL!SPn1eLGq6P0es9c?GCa7{X%JmsprH8IUlT*baja6 zjrdJ^_o1!RXrYJeHFCQfe=LNC^2#mVsfD>u_)S!z+=JS$#_RvaW0C6eXrppxC@21I z@QC&!17NCS--_#J0rmEAWL_zc-L8%1g+Dpngl&N6*}Xen3f{+$?p^s?7EGuaNVx6^ zA*G*5nyV+hclms2fP0TV08c|t3+;QHU9Q;ol54q%04)00BJ`MNQIW}h^ya5g_;u#v zMP&U4&1V_{9DSS7!@TL+#-;;RgIprwAf^z8crdSRh^?v0i;zK)Lhp`~npWcHL~Zvn zx!-u)6$v4knjd{^fBj5GB|0(M|2dA)Y~#O!3JzN@7OyN)KHoA&Iq%V0qe*+`{blW^ zyMS((g^xCZVM7cNk|cGRe7Ay49R?ue*DDs;{!;I7+r)aZbli(Zb<72r$9 zZ1CsL>R0d)*%SS;(tv3UsEd^+j)2HSJGRrW)m|P4Ku-u@i}A7DdB=c<5TYadj2=PY z-lYr!E!lzh;l^~upe9fSMAi3TKJ{P6X58PwhKeJ%B?dbtvUuk+`xUNkGa&8)Qel1W zF`2=iXfl=N>WPCl2doPG^6NFdR`T!Lj+S8xBF>3T3}rdP&UXrBenYA0d$;>*$ZRRi z)OH9V^@{IGc!L2<4fGnaE*&`1(1qCiU}Thjr1jIwn`+Gzr=w$e@)#SaO=}j4sIJ_$ zy$_S)>2p!k<`usIKPr9d7Z?nZTy?Z87H7p#ic zs}6#W0GYX9mE{PmrU*g?ec*D8D#x>sm_6y`4Z3>nP()jXf~MN?vq>9}YdEy4KHPb_ zKXVjcMfk7~pOqw<_z-Tp=Dm2)`^jp}27eeWyyPveOL~SW?Z&Mf!g}e&!?V}dk)S)w zGP)W?M+A(P%R=q^{>es>bYdISf_PAh9C3ZLEh0!Fc?{IWX&YV_^(j4GTPdASGjUrh zo!=?a_84)%D&wP-AomOZBm%7O3bJp|buz0IC%uMg27OiZ-uL`si(WkU9k!=dk!na5 z5&VRAymtA2<|$g^Z&-fa=gdM7uYM6dyO;y>4AB{6p-HT23b})FdSf2#ke^|b3w`qK zKSCAICTKEoQ~94vg_!j`TFq$6xi!lBitxtmj_+rD;k*koG2O1O2+x!>BCAkag4Yn? zcgLG+sZ@>JQ;oXfGThV(Gs-mEq#r?F!y<8#Ee6JdOl+(n7~-?oEDR1?x<4sM?XYy$ zxe~mb$p(ntUU?3iZ{^4pVHuz<&C{P|jL)mKndMGrtC%B$KF0e@NGp)ubv}|P9z)~HyGwdMG z6(iH%X8R-W@)Pc*rdK&yms}@obL9n$R1srhv=DfiG?2=)pAV{L77Cr-TVcM>;0Ryg zn(6|+6OVnT<`40Po{;s>x#rgYf%pM4U(bt`7103WU*pVM2hN7!ejxfuaod_s z0if+|PrK5+h_81`FaK7{YvEO@@A~6O#_xKWUWv|4767Dk>+}uxWzC=7UWtm6-eYP$^qnE$ zJMB#5gf@dDD!5i6<#q=D$s+y5b+kSFH~S&1adbLk;E&ulci+MFc0u^V^Jn;@CMqdc zegRmDklqD2raX4(p{6zkeyi3!g_-Dl352jSsElv4FM2mT;h*7ziw`BHS4o9DL6P$B zXURDNW0VM7dT6K@mIT1AkmQso%}PLjw?)s3nTF*vT^RacLcO8yYPj+^X%N4vig4NK z#}UIkX2kL^O*Tk7{gsOA;i2+KKh|ndWW^8*O~=c0iM|xal_KyL-3JeHBV(t;uhBy3 zUn^BGZ(dDP3^4L^_z%L6>~LJD00Mh=XmF)|4MV5~YBG>H$apzdb=WWFZ$7B;3R!ix zr2)K<^O4N!%3mNUkE>>lcIktx{(TNfQ;K@++j2UMf2{To35sbC^_dx*xEXZrfxvHF zL50|$BzOQss>rl-NBP2LJ}#JTudXzS7XMOkMW3OMo<-0d1<#rNlt}C zgAPmG2HWbBjjVQT@5T?;+-ir{@(Q0q)y*SzPA(oz>Xoj&!D3lYa zD-rNnyqie`e2m_G8Y5j9LGQ2WS>;2~!9mMeQS_N#7TBR+%$E_}B%xQ+?V3-ig`4}E z;6}IccD_Jf9)OG1SY+c-?JbU9K(g0S5fg9v~hJXB!L*JGS1)blUFMrhygW zKjP*sbQ|J&fxwnpG7kyYkp23PjwFa8^PI|buI=$4Zc+1=sdbGOC~XC!NdtrpdNG(y-fE;OTjbD&4 z>E9u)#tdB%dS01nRaENe)RCB5n`sW zGCw2IYWxz$$EP6UMn-UV|v{xl2Youp+<$Y z5j%oSg=q5izIU=bBr>7!kU?idl{$mwX-Rynf+6}& zdbPQD#!k}q;AWAgUfmc`l7>W_{e)kpov)+mQLQ9e$*g*ir9S~8SyPHus=(8Q*9iLl zyy~u#W8w9@yK*^o-}tC&J$ml&1~voYva7#OM9j8gvoUY~;|8$WT7*ObWdHHA-SN9H zIG7T|J4mxyQvyoI%VT6SZI#Ev$4z*(Gqe7CKV z5WF)0DjJHF4MNcJ^5j(??N8w6+G*FK;)*EiziG+d{k}<F`K*zOq=rL5Gkp1W2t!HL+deJDt~2RrQ(+I@#p?4;SFSO?999A1fG8 zlH)inAn)JzV81~h0A}iz3v$vD`fRRRHW)U2T6N^|*TO#3Ol2~fy65X!ODPxNqrTIA zHyuj2>SJXqzuKP&E8Vs;TZ+-k;i>Wg2hHML0vEC=#zeL9F#_MK+9BI!H)4KdDl9AY zX;LoULr`#9@H{VtD(|)S&6DM8>fkkg(1=CwC$aU&b3C`X5Af>*L zF;txhlXKm#Pes@`PDP~?*}oC34osN>)I3(Tv0U(gaKO<2lLcY0LviUoRQpdMhrE=n z$V<5w(DI|3iHl^CE}=mTQ1%ET@_DWLZNAQiV`}sk&%b{B5yj`)w{3vyK!6_vlAgWu zYW)tOW8(NU``9_SSJn0q5RvM+kKRS(qK0~cuXS8v)e~4Q8w6o?xsWaBL_b?6yI2^l070~+lMv)Huv_=He3$2jgr^8r!8PM`8 zf+8zun4mOgs{AZy%zgiIaFZs7>CGZ`2Tr`k&YSImqPbB5H(VN-Bk{&5XSQiUCd-f* z)=Y3Oav?2%Ft6w<{A(?CfARPe$SLE*E3gZ-&-GSRwPS?}GSumwG<@s?c?th$g|X8^ zO(95>S!8YCDd$F2JGP-Y?VuYr@Zk?Et{qs?P=-Xc2b7Xn{#}8Gg)&cIyiTV^M<4k6 zrtW4Lxx4(4_S3i!&Ir)AkVi4uxR)i)ELb)Tw*06Az};&lg>gW2@_i5Np1$6HCjb16 zHmXyfML<1y!DX=X9c#T9!%S_1**H?OM2;2nvZv;-VAK&ti>+d&0$i92Cq^-pw?-pYhC_ z8xMG4V_rS=3R1e%*thIg9?fk2xz-TP?az4k-fMuN#g{h4REtSXoZe7oAHdB=6C)_m z(?}!6g1r+A^m_0n{TBADBbRCp|06NpHx2|GmSoQ)IOh=J<}vRA6hr|txao!eWL;F3 zPpS~BrPpYN-wbydk-i%R{2+%5#OD}6%H4Hv5!aFpEoCtFD_-0M%96w_wD&AuGSEox zcM9$SD9*N7actnPt?0&2kj`viKV{=)3?1Ta)0Ex3rR+l_Gb8(CqN8^B=o|)EiUNJm zB2?k{!YsKPD}ZWWny~TJcldtMM0!CjG8i`3*?uPN7VS~;IEiQPEsWK+#3X?Oka$Qfj$6wk;Q2(O;nb+RQH3V}k>&5TsJoM$5- zw>RNmzX!rn)?Qf`pC*E}UE4uEz0CyvHYFI77>swRe0RT6W&(3(JZ1&4=f( zYuU}dgRAE5mdoE$9rkvn&fQ5Orwym0i%iv8!1`>Kdh=fk3)wj zL9&ikru++{m$m1!B1V$LJP7xL3>CGbGCI)hT`A8+GCUdRE^VoZaGA9?BkL7U+&rUL z?C>^+_r}e+D|xhMF=5xH%6j_RH0i8~HPRhDDIH3zmj$X^P^6~SgivKR$y*vLiOe>) z^U#?6&_oZ*$Vh#$ZeE_FC8n6v^JF%bs^j%lk z#sSs!mg($Y5wn;*a-Aaf9Js!zv@ZSQ3T-nvrBk6}Q`FD%Um=KkFgEud`U4Z~{cqdv zqEZm>Z2X^@fqLVC-%h+>V=bv#h_2n{ej{cwqt7t%SkMOfHj`S7Z5k(3a1|kDy4_U5 zX#=u-ris;nX)=w96k3R4_rdqNp$2u9nc~flJoBcIq$&AJ=Z!HO7rGc0iKZ`wJlL4C@t)**{;Q~3Dp-7Y^{XCsT)!Y7N_@FY8(YLJi!)d6d1 zD&}X2wyE@-9ZK?PcZ>KZB~h8B&(@@@p6K}{-bH)4c_1t7&R|_!Z9%an|7|IuZmk(y z-Ws#ROh3$P8QZi_&qWG{z1X5m6*C)JDDaO?u6~1acsi|ZPGFyNc8j*f$xU?q2{OHc&`*aM-3XQcolKzOlse;sgm>X4aX(dx(#AhsmxsdSw|F-b)0r zYN^*U%=4ObLyfuEyQqEBJFJ#NRub9lld7+NyYaIZKvuJ=y-z?`!317EOc0G^# z!Dxq~TAI((`Q$Lnjq92{H$ctjr}-;?j{GY#+jZ`sB};+I#qE-HQU9ZlI`9#<125{E z!&l^+!KEON=vnk=WU&aS;U&rx`FkZ>f4u_*ZN&xLJ(jNTN^@!y7IME@qU^<-P(L%xr^Q6sGF8RLV|s;x?O8rCK!tK zzZ9+#w7%HCZV$`dZ0*~dG^_rz?`-vP?-JksM*^Z4r8W+&D!XHJ*u_d~JE|>Xniz}O z`M`p*KLfK4HECyIK~+tKR+-7}H-4utbsd7z$lPX?G=s_6;B%BB+e(_2#SaI}dIlhJ zbSw-rAlcINI4Gso(r7m|K>9Ge{+x-+ZKEetqp#I;lkqP4QEZ+s<>86BJYVC-q?Z zOe^gFn0nZ%&oF1R=33?TiUom)MLQ0cnJkT5HocIN0W>?e<6+Xy(nR!h(#knvZ!Kg| z+{V@+RT5HI)eKFlzhgQ-1C@<;=-NE}_U2oqxjL%9G7kllbIfLbLKtF9vXL!6zPq;FvIA_-SE>>YbWvIoWs@ z2>CT#Zgcb}ox^TmPRF(iR9EC=YyJ+a_xzoqJuCg)pIuh=Nbr0dyLis_Gp&S*qp9L!rg6iHfXTd(uD4iBYf zUu%^Cuk}N4aeZ?H#cryYx~%6m*&ZtWz-X_I*)y^2j0fmMS8)z}c#KgiKO-HmlcXDe zR61KyWDfJa*FXJspjG(>6F~T>MS7CkI;Z7)tOw3;gC8GmRRmb=b|00<60xs3&!bRe7*c~WGB>$ZfLFnq(eU?8c9_}3#HH_ z9Vmk6UrhHu@|yZ2qRL(`yEPQ$T1koIGU6eJgm}6MR)Y& zci#tZ1SDGh$!i%07^>sNq~&0D(AZ%20Cbiqn|{^vFN?@IF}?@-%3<ZK)o3?JR)+ z!473w$fm@9IMD$^^Pe6RXpgQh!UgHvZG9q#3p_i`LSr;ESbKGftDZwc9~ql2e#Nel zyIN>z(^T_6V+P6EUbAycaWK%kY?!awLC@huTL2;0Ns5K%`iU1>;}@){K8yOlE*(CB z@P02{g?UcZtu3%HV?ps&4`tmH#eul(i(f`$r}lBzca-)K+xf8ca`MsgGc&>n$J=r; zf*V2zV#OaKD}#Oou0S(V0=)n_nH{Mc>**0G<$^bPf0|18&nJL}dE_9>goT0wLqb}6 zO|5;`Teor$%-4jJfAx{tQ}a!6?zwY*>NzFk^icz^yif_%w8G~2)|=vhW{^XW1Dp%F zNu)mvs1Ug;7M6tAbkY??(8>Ukt9TAr^{9f}DyG@bACn_MIkNuYvT6rOR(WT%=uKcV z^YLH6s9Z26*+RJqB%^uvV$%rkC(^_OuZ?paGJ}>Sf(|qtoCgY?w3B0<R6^19hat8^4{) zO0zmlh8iw>p#{Yb7Do!F@gl|4bCpc1L_vh9#b%`un0;wx>&={bHC7{2MS=~tgi30< zdtBsi0sJoZiA-SK!Gc`^b&oB&7_@$6cOpIeA)oao+KPw;@X{SH0ITIvauBO8KYhF zN(uWf-@do-{tH_8Q?WIlogcg_z|D&;`U)Fpa+@&%E#PwXTa~Cx+*XTlJ4Hqn?hXsb zz~9TgM0}9nfTmSUYI}`$&v1Y{Uy>J zT-u0V0ofPc3-WNlMFI38y2DW3G-%4|W|!Ca!PrC^`){dC2(mt!zrUc0xKtsVJy2)m z97}f0Op*$seE9c3djbj1{HaoML4BM&M))|9_H6o)<$}Jf=3iY1GXClaMFOtmr%%RP z7sw%-Px{d-PqMsm25u2^fLx+f<_jQKgfUsG8fV>3k%QZl61eJ|70`TG=&u}4?uIug ztC?Nr)4Xi?4&rQPbk%0*zCTiuB3IRG zzc&BWO)IY%rSlzRmwye}<*#<>Hz=?CbpvWap)Q5OtHWcmQl8E(N1hrO;N}tjs#v8|{Mz?dGy+w7Q-OeWm~`}V zb87zCi!=H(zZ)6evp0af1`{+c*{M4q~w{ zJwbEV$A7|IuiOj!F!qPRkD(hQ7%@xQEdW9S4Q!%PF%3_IZq`9qgg&jlf+?EI@4Lv( zHokWImhBVz3@#Z!Z(|xgUeGPBX`|QBE3a;}TI8qH68htYFEnDS-Y;S*jQ$AHQCHze zakKM@!x)YS^!sJKIb2r>oI1VK#?HXIzpz-oS5uNNrjlwTQ_FAOD-neurY1Xt-+@f^ zTRa>@<3%)Q8Xb-zhe=C|N`nebT=>kac70-?Ud>4rj~8=nOoDIV21ypi7w-L3H^_}9 zC+cVg!c7j$R(y6h9}hTA^!Gsm$Q@|9eZe;2@XkBhxU(DvFS{1x4szerZWewP0oGN- zIWD(J%T$+v#JKAbARQ3-+or3aw!VY1=<%-avBaK%+oq4j51${v@cwRmj*G97^65)JS3z2T!@05iC_|O%?C4o+clqX837g;*pRS3mHmN^rd zM}p{*@JsXEYi zb4&l2?92ZblRZ-CgaezRRxFh4DQU|QbA9!g#Stz~rjV4A!FiEd^8jdK zqpBRN5L=m8EUAr>^&gXcsFJsPD(vv~jG3xqnxiQvgTD>rGxhgoQQiqCp&y%YA`@Mj zAn2;!vP5bWWs>Sv0_n{?R&0s=%wC_wStH~CN|`M{%}8p;1!X5H+?24VIH=SpjM#jd zX+eQJ+?uty4yGDIdv?n%dij2S@Ge+~;NR^d5O!`QUkG7(jyk z%>AO*{grk?fxWU&Hz2=Cjl+881B*||&J0!sHpC#W&wyE4W$h(36=Y*So-4~}o>7t! zXJdOHN1-4T%viWyQ=p})Go+>?Cp^?ZeS7GnBI{?o<{#42oFX)sdrn_k3XmCZ2a*}t z1JYbmVWmRRtic$cd1XMJ(!GmflWl{&yk06*Fs*k)w$t;9O*7bOUv#LYULT?=!ma#U?QdcrYbX9--^ zoTbFv>x^NTTf=)rkr;rLWzA*+5|}q5A~X=I5!vS)hx8fPSXX1tsZ+BK6*vk8QQis+ zr%hz!Yd_H#N5ah z9JjN%`r+4@dHtqZB$d{u-vyZb3Ym6UmP6j(@{yM3FTgtef+$i=@ z`$5__L!rNHShZ5${?Y5m4{L?9<|Js(*PO040)lOf`wf&S=(h4TqYd_a( z96t^kakpotdtD#XFJ6>tvywzy^vd9k>|^tnD(P;^;5lSNlnp_oHv5q4?OKMnCMnTR z2wZqC+n{N^ZwqrEu(_yI@q=t2@YDTCLXdmmJ-h%US{-FOZw;@~%RoDnxaHlc#`4-4 zSj5l70{@e7^t1muCUk61?|I$>?GCCnT?IgUDWh#VI?F=CKE3PtTET%@+HW#5>AC8I zAEQ@4a|h7$-c`PHG64nUkr?2|x-t7{w){y3Pq6s*`&^&DIA{Dv(*}jJLJ*SoyuZBA zvuUKhH|T9XhYQvT?;RYvaKGW39qPc|L4?T%J15z;?!7o2#vzPmV-X+3$%o%JLIOLj zp>E9{cd)w?HFX&Cktx%^Zai`a_#8HHN))t=Zl!FTy-8jlCz=v3|7;s|`_voSlYMu| zPT^2sV0=SGxAfU9E^L%x;9agsxl&z~r=-i{nSp>9g@N#*T%XNuW*H>sxBrW~H;-!i z?Ak`_1ddQd4Kfx{d8|S}3doeyp`t~>5tJceP^g4KW=KMiiVT9Fq6TEDf+9l*h|DBW zLI4dAQIdcRF+dm+kOT-M5a8VOefzY1zkbVSowd$7=Y0Rbf~9M*^Sgh0@B7--Opcq$L5cDb5blSsdgpD`5m$P&t zX8Kfuib6xQ*-75!>^DdHcL(=xn^;>Qw`M1Ly&0_OJ$ZJ7`XXh@oRYX|)O-0u)|b?L zIa0T-X6H)gk{m(c zKdc1)GiNDNc0lJkusHnb_nmjuap8(T2hDU?$GvsxpL%ro`5)4(->no~Yjpm~Q$E?W zT8?=4ss5(R8P8P|FQ2bWw$aL(ovDaEPyflGxs1GN3$?<%LlYCaF&&@r;j(z1xO2?}qB*c(GhEs(!m zyf;|EIl|Xp{mQ8e-wMyhWty1G7p_^a57{WR)^+2kE1Qqkl#O<#%A1Lj)-<;VJoN19 zl)imqzq^^J;M5{{rQzgD?2ky(GK;vA2&Y`HKjJ+`19;{?SdjmICcan;Q z;_gq18kL{ApZiBvRa)ETbTyXSp5n-w45F;|3cBaFSA93I>mx+_py1PJ_1$~;t}fMl z%@o7CV{u9J`8wQB+pgfMui&QcoN7CkyY`@5=E-k1-puXWy>S-zw5TQM1#l_P2SPL@R} zd!MctwLU8-ckb?_SaAzv0P$7E}WVrQd9S zCOt4Rc&;Ft-F|NFp`jE0xd|$xwm8JeyS}C4Xy?riurLhk^PQlg>&Gr`zEx<~zpDIP zdb*loRj*H+uT6;`N$a=_->Xj^KAfK=_MCDZNh>4tJX3>#M>-&{n{7UV!uj5Q`-5MX z4n9}y@d?ZGf#0ki%1aQeEsIt$K>M!RaNnuZT5_Dw~qG9P5$2dV9V{FzCE^UFGH>@w58){DfPZ1_I;5z!+q6QnS^UfU+C+h<6`1 z?fXj~Rl0E(F!w0>e44S3p|V1VGK|@|68L}fwTHi34gPoi=RdgGYj{t|j_k}a%vlBj zI5V2Aw`zPEXYB0#rt^AP)$vo#L#!L(T;#}szVE>KZDiuRUU7$?`r<-b;=OS0Gw%`z zv&pNz$iy_cBi22c|F3(6gVSI7?)Uh|35*2BH_>{PUAyXufRl9ZsSoh0=7zml2U*LQ z+^zE_&Gye%MY!BuhrfEdNYFcNv-`-26YA%7ZR-yGxJALf`AgTM$=unJT6xn*Jzn8L z>5q2;Clus6f_k>B-hJZktsBQS7)SXJM_rrxenYvvw{5RBufWZ+5W zEWi_@;~*;VD9P5zlpU>;?Dr^Uk@0;rm9S9wFO+$K^?ugq!NVF>J%N(=n*K6p5$$o} zU~c)XC-$VP5o?d{f?>hB+Mp0TIw8M=^!kj$sQ|81+!K4rRO8V8Y%8w7hsn!@_(xv7 zC#!Z3;%A!nMo(Y12;LncT>NH+<#{e!GL=~LC`2+~ETPlc=F7>H2E|_f4tlmexprXw z%=p_+h*l<&U&a|I^avef%d2{pOWg73%XXI7sToxUVN()=WmAug0<=(lz}YuO>V%vz zg2zU?xvHqhfp4FmA2fidn2J+#g5U~kf}%x-#!r7SFxb3#4fQqnCUdy@`Xgli8Q^sJ z>jSIb?GTm7Tb&~)2AU|26+4fiU%Gr#nxMU~XI0iV=y5x|uuQPs6hb*=Z6)HpzKb$x zm(YVx1h^MDL{<#(lV<{=RpmV*@5ncf*nqc6EzqguR(|t$$MPlO&+tJtuOV67S`_5TyKq7t*p(5o4{>h=GX>NdS}i;=c6kqix^l@1gx3;dSMm zX`7NVBn6CgEqru-_LN?Q1D+zIQ!MYZ;4f;?Q&;}`gZTZM5T3q@bPlfqVB9C0Hc!5O zpD3QWMZEjLhv?-z7@4l1W??9x-_MS9EefkQou+qC36+*oUTM!!RC!3qqj_WOp{Xqp zh&vU*&l!3H8+4)@e(v8+Ds4K?Guiu|2vkN-OE zD^dA2MlltT_cYlS>t^m|HbF_nXpEB2^^I%4=5WV>tB@=+Xc* zSz5=56#iHpRZyL{EYcU;Jpe0)q}3GE)BhL{;RL_8E9 z!;q43F{OK|oLyv32`N8>6Xd}{j2}yBQpJX;hAPjnWML7e390RXHwh89!ach#g{bEp zO_T28Vej(HkEtu!G~(lAEr*X7Q=OjcR918i(7vPv!^&vjlu6!ZM>UN=9LP1(AKl*J zAvlaeR0`59uJkHrde)r3)dZr#sC|7Y#fLJyr+?|Yg`7=?b^d&53^w=vAUC{v@Ok7w zP=B+VtGTBE9Bbq$;?M|rGZQ>St^9KnAgVD1er z<84Qso(U_`t2~Qz*z6SHY2{(Yd)blDmDe96!4PW}gP*(8x4*9LOW82P?ib&YCcK@7-he&;FWO0Xk}z`vV1zuSuz9h|PBR%@fi9CX6m)DYKW_P?>XB}V4BN&u z5OA}nyK0Ls@wr4q&G=fFx^atUzQTsNH~bV-nYf-2!JoQl5mjN{L%nxn0$-CBatFqFV4gt<4Vp zQ6K&i-$fOWNsCI2%lj7-spDiRB&s<9|TQn%vdR&aIJ85?z9(a!$ zFT8s}ilZa#(xQ+=UO<2wj9peTLPz>l&NkS-oRrKeAr|MZ&*DOiTbUa;pSnZ@E~KvW zXjL+#QpjsCG7XhoCD)FBc3|M{c04yPZtD)t*tRbJ9_eOTc{=mIre3~qf8omvt zcFzOJ;zGrDg+(6yf<(?wdX#VY3C1Tbb@u=@7MgQZx=?H%@(!wtE#H(hLTX$9t^kMn zqq&NK`i499|Ly$$CG0=W#`WBt!kJrPn26OLAO-0fpygwmD2Hb*i{0B|$*&N;csU!= zIP><$SGr<tg)@F}ZnkuA8fo(lEO|Vm^xD=Ag~m$%YQ^TCzInQfdv@WohiPa0ZwB49 zXHFoW=lYqR_QD!B&foIQu^}}+QBDgC!$y?$lsod%Hk=Z*|D@Z-+u?-Byj9M?mWGzu zpI=gBuWMRF0x>CNg`@N{3P*fNVvCuCxi0 zuOrPxCsjdq(9cZ-w75#nFk#9?jvKX%d5=sXW2e7?PvTj9^9YzrMCur#f`1@$R@{^q{sbH0sorV|6LZ{KJPX9ykYa= z2Su3VwXzEN$j>QaIIFrUHv8q0Pc9j?c%}Ss<9#1b5g`m-_t^9F(!i|vpq3#okr>tL z>AQETFiM4`NJh5=;{x(vK@r_fiBIS~arN%hDt&0qWleoLB&ReiI}$lHTRlKws!OUi z;*Pz~RnR@~(mZKPgLizudR%$u*0&8)S+W`7bXoaDd?cGdsaQKt zP$p}?k3Es`yy|UVlV3S)QlM~;SkIUI*sE|Ak6LE+sfwSJv4!yFI8HZ#wwDWm;0}!k zs&&&QBz?F7wMUm>NT~%Z!<^Q!<(y{UohP~mUr1o~PXu03)A*`2o{hHl$i{=rd)LF4>2rb8V_VzVA*O<+`mb(yl zz#vIsUkSCl{;UQJ`DB|C*2l&9#T#9uZABZ`I9l_Hde$@q_| zhz_H?xKnX>im_U6zGgc{BQpltqzqPX1E&)4+9t|M<(*zV`BTe3mFz$3(n=m9AK`-u z^5}*n>&ROdAgj=%SVZyVlt;vV!e#g)p;O{M{{rijOQ%S~GXuQc-fWMOWQh^kQJl>X z-@cgh;v@N!Kc=i-#QY>8Q2mqDLK3iI$p%aW%dH#2rB`}rwHGa&8D;G8{eHDZ4B=*n z(nmpC4W<>1`QQ~`C zq8=g(>o#uOaIJrObU|5#So1m!AD$b2<%&2$|(w-$G$n@+^aFGh0gDfV4H_W3vlN42=#p&pJ0`^q#G^W@NH#E6`e<4 zieE)rn!QC(E?rR)$nGg{*1gUZ(q50?t=}n9Wb*y;IFo>^tIdj4mo+Ks=M+xqU_h+ycM1Gmn+Nf_tw9>sK0**)g9oX5iZ z=~ktC4EP#FPdp_&YW{R$pJ+_R#UmN>NenGqnfHg2OTz|pnX{LZ(kDJWeLZ+v)%S#6 z+$YoRu{XbKRgLhxB0j7yE=@lvf<2fTn$Z?>ORpmNyl1P_uGuSQhiK)6m}AO@2dI-& z@5rXf*2UHFy1a|TPvh=I5L}SR^HQuj3Zeon-jrnL;@V4&To_;xoSOGEy-fLgq5X%S zu6yhhiqGmB_5)r*;tGRe!QljW=1YYLzep~cIsft)rB+ir*L>UD;qRZ=~v@skkbIgtXdE<)% z6*5&aD6#&e$<+CMA$tlPM=$BN;LPrZv{>AT;j9oer;8QMG<;uhXQEB zKEi3KCSEczTu|2LI^%9d#DaukOomg@MWKpcu|_1A0-@bMmTHs99xNg{DJ;+G}VKkG294H zoEK&s_Ff)@BmW~Y0GSdpb{0HKdr)_m@NE- zG-#oV2{DgaP=Hg6m8`o?N@T%aV)?M1bxkX*>`f3ABvwQNA>aFI$fg;qAS&dtrgcq# zrZBMjD5C-&E~w*|@%va|EcPC(zDgIb^kW;#1$IDOz1fu`5aM-XQ!XG0=z44{*&inn zQv{phh{R%Cq(=l6lckXp)r|LY>9bOVQ8I;DM^C9N)ZA_ZI~O`lCnYlWeFY3*DDI@m z5ue%mf~*G$L9ib&|EkLL-u1kO=cXNBujss_gq7gC7w#Fs~%2`s7^(VN!x z;h7|IL<_%lpD^Za73Dc{i>yb&qDAAiuO$u2Du{u;xmvw{ygB~844FQPMnCIOR#`Fx zH>>&JEs-pJFe1(P7zTHN+vij-O-1M*hvne>AzP%ajXv?`9Y7hvE%9m}_;`MBBzc#1 zxE$$3#_BweC}{rVY>74Gy-!fT8Q;dKeatOS?4GmV%z3y+xL-GW>!(iKjT0Mk*Hroq z4ovN{3HvPb39e8&newf9H)s>dh&a8?WkdDs@d4*;<4Xq8_3+4MFQObKWRzfm4=J;; zYJ9Ar#nnoVn>CZn{LB89&^+(QKg2U5t_5L9=bFSi{~K35U?6&$4kheewIc3#EJAPXtNC z513DNXZVvaw8Z;j%9gzW`r@KC2ZV@uAU4bI+w!!5?vexB>jDQJow;MuLh~#QDSf8d z7;JFmmv`1bM3qHeGM3TDO2?;k(2QI3?099nuAcnI!fE;@$~-r2e{3lv;|^)@hw`_5 zqV9&Nt`u`wU|~c*JJ2QY`*xf9oNlN=@Ao+Avzf0|A^Nn{1g=$_45&ri&|B0kZa&M=_G{cTnesaY08fni;YAaLf7U!W{r)z zU2q}=^$BUZ1GEBb&fFVZ6VyaDdvQY8O-1sx-EYSoZS=~YcAyte651>F{Dy*DN-((^ zv>?YUs+87uV+Y=Ge8-taVQzQ(S}U8!1I7m0C9EyDko(h`4Z_0~RDE7W6xk}-g(MqT z5Wa+dyywyH%i1mL&*)gnMvzBHYjRim1`mA$h4$g*zvZPBWccs3sMl2volvD~fIyEu z%OQrjjuK}THd}p)#TCib!HO>W%BW?ymJLx=9Sn*0{b3=sS47_)1zXdj&zr3DCxo^5XIXmZzw#t>gK7n^N-+BflsIt62@Gdy$b4?qd)_M!Yp@#I}PLu`?6;ywbUQ4P- z5n2!{oN-(Ij51V2m}IL*PNxC3?+8(e5^nXMe0@ElLu+{I&fjDEho3;zeGgq6%}voq z;G|a}D)WU}MDDeCbceVUbL43Vt{kR^v2rsx$EfbIaY zsV^pr5fc7|B3O`w>7zmZgt3)K+m5v+r~APMLGM8i*(+hOx4uo;@BJ#lgr!~HQ{Q$U zwwnxlFtF>I?#(+nrSyX1A`BVX6bK*^7dhbs*nmdcRG`+gKMRgj zq0dw-UZARz)2>g&HJ3a$J`kkhS;-%l47_vUGk=;IjF%~t`#G&xcOFkxx0ILckOR-XJX_13QdG%~Xr;cZH9QSPAY>wT50vL%jA(C2H zOUADk?dND^f{f}8#uZQmC_jT^iPDYxI+MN@^J%Zw7B@MVNh<(h)PcbdVqkGh)heJ2 zX*%%+v zlF1%6>iS%$S82Y01BXB}{H=_i%NXYxQd| z=nC6|rscr`@mt(y0>EM%q>F#o;|q3^v;C@KH0>ein&~%5niy2L_$ISAh{l8}a6Taj zZjbJ7iqvV-KNP2>50BRJ;^ufHzxH1^dawDOiCe#7{Can)Mr_W| zezGU|P)v)Gheo=_2h~;G3<-8hXEsB~E9j87*AN6gLMN=DWX`rAvoH5269JURkrvS) z+1LhlcX7`qN=J6i<=QY;Y=?!x7Y-$gYaj5nOHyofM(Yh&0j?m-)e@T!2AnJ34m=~j z>i4N7`$RffAwqFawOX55@OH>iKKr)zz|eN6?Wx&$7Uoo~iq&T;FTLeF1ZKD>s<@>0 zy5x2dXS204W=EX>6)`j}@qTAigeOkNB3n1s44t;b7;zr16Au2Y7XO<9!B2kMQJ*x* zrQP?2AJ5B9lOSX<5GDjq(I^@>2@d~$al+|`eEqDqtF$xQ0KL%LtjGOfq zm1WQ`Vw#b3Dl#jdH6JngdW9#78{3~}8EyF0Uh?&6uip?L+G3E@i#Ke1y z{Jj~Zf;|jZ9WF%8n%P19BI|y4apbIIoPB>Ia(~30x2EQQY4Ny)wJI~1#qw`BVuV#wNJt%)l0?mE{Ok1lV15@#1z-i-fvd4cyL)_kFb z+=?FPd|~>j3sM@3Uo*NgDC# zd(Y^D?q^MXi~E52ekMTttN1#Ntz(ZTXa2jM z@Ne(a#|jKOHzKpsu(WbrY!;ywJ2OBa9=NaN;A5LL9cytNhKfthQy^>I=>K%;oiY*^ zz=pwtaaP!a!+E-yp7eYlXFO`pKSg|s?QGO_&KN` zAALs zf@$%{&+OER)i+LW?uKp{%?md~*T$r{5UXn>SIzkeQ2AKr@_;7f^P{(wok;wmJ1ayVo-SOPE7jkbC#rtSiZs7#zl_^`J`k1P8R_THm+{ zVLy2^R$2yO?69rq+U3XS^RQ5(bn!2GG+;{6p*Ra>9eWQ(Zs9m4 z$&R^19jl9h&N|a=yt3!E0*KKPtj>i@&(Quhn*N`a`1b>U{rt}N`$G}{J5{R|yb_y9 zm+X*|jr-bW(M`tvc<{F8VJCI;&SEP7YoLNNSu8=X!v) z$@sISlbYj3S7Ra9p`GCt^o`QQdT5lfYhb(ml5+n1MIGbpI1{c1}m_JzCpc{o#Caspg>$R!3x^>w5eVE~!=hnTYtRCYozVZk=|6x(`QV>K_c1)&E zpjOy_ZA?7ofQOKc>w;pCeMUcEQ zVQb;e{(~B21lkU0Xmj3lf*!5_-(WW@GlEg7r`ocBiiZqxR*(cE+h`G^w~$@MK8r7{ zc^%GL*8~jTP++{R_<=C+b?k=vnkM>>N5emO{g2Twb7*@;Czw@F8dv4CU+}5ndMQ$i z*_)A8Ayazdb3;30C~1+yRg<$XCnMPoEzI4Yi>^jmIc~}LCE4|?uf95JjrQ>3-FsK; zbG!UM6um`ec|$+)a39*3GjG0)nBXNvfojBc`j}uo#-;1FNhiulQ}kO57OuP^C(xl~ zPjYxDRjU{L`GO5eU{>@WR^8X|+1YJPeRW|_a5>roNFynWL);e*MG(}t<(hhiY@cWU zpB(wlE!Y4!V+_4|Fa)X1O9}jXL*?db?6NFT*o@SErnt~!Y#IH;&Zc!N&TaAi6=u(A z^wT5iIZMUe4#y{~oR`oIvIVqWO5&#Jn&c2GZN>I^S3pW{ z9Kx$L0uvAT_2DNSVI3bln-d;=>K^`eAeqdqMLZ$E%|7JkE@p;o@pJ zxu@SB*lLLsHb>nJN+`Ru^J@u8t?foWl&skr_x_u2zUQ7icK8ASod-800R#H%*T4f# zby=>%iu6V36o6z&XBnTrCZ*oy&jeXTsV0{;oDUMY6>e+C3FkHr+@FN7!g#qgdNlaBCipKr@{XI#b#`WPk8FQ-zfBT22+ zr=$Y{t@6tm3H5xfSn*Aw=D{qadI7^3G0Sovoto7qb_oe|y4RyP`V>ufJj;uNueU0Z z_#4YF5q{NDnt4IpkXWqXakEs_UHwf@Or9klL2J-mz)?AJR}-w6+P{5$9LjbH98{RJL=K;qIWTz!@(^H;Z4iiDRYlHHXT?k7+JKA?5w@9uq z3bNDV-};l-Paq8It|TFKtazN+h4Mmv(W$DXwP<5B>|7-q3ornQo)t{5ZF<9y{o@4b zufO~pKHmVB%&u*k-&l|Xmu)Oa*t$T^Y@RzoQUM?;XaF?z!|Pb0+Y$Zt1+~hm^tcg7fNtZ~s~8O*4yjOBFlCyU?SK+iiWSg6gG6sd40H&?Y6p z3+q9WB>F`xpl=~?Ey3YZr}8(Ed~QAa%}I&7Wwc1P;;Ro1B7GCI-T*2@#C#RvG5EYc zFFSl7A^UZBr^AU5rQg`7QQBkiFH(NrW3k5uN=4e#BlJu>trKMnMc6(KwHoHf!v~8l zPD-7Lm&6I?6Ge-a5P=4gpusVh4OgGVw>YHal;XWK9z`mVeJp0V^?b!!OU@sj?|Of@ z%Up#d{vvpdJ!Y9fEvQg_;Nmko?2Ve8OT6owt}xEx+uziDe#l(SY|smDQ`iwP{%n&9 zW&K1|*8uY^qzR#uIc$|ehDVDYgWQy0di!gy>gVT1XNWTZv4cQKGxx#lg!wxx>-}D^ zMo{rs9OAP66@u?(3PC10B8$($s}gVXFIwxnWSX5#IbDCb&zmiecuw_%v2P;pL{hvj z#nlK(@5=_LBdF!^x+{tT0LX01{bI_UtXMwp0wA2Jw&QUDE$ibm7mq5bowc#r?PRCc zlA1a$PW)*{S-aMl(B&J;jmXU)-{#4L^r+8~pS_gXmqTUOGk7ApHt+Qh4PLrZt7vUq zZ1|mLngIZ2d;{LN1z@toLiIC(t)*TPA~#SDpz3n|*0HRP`l#JHA2OY1Jt+h|$xq9e95@I~Z#w?pe2itl+H2XcdR ziW%wKCXep3v(-AMrQkIC41rKBz2_ znrjO2kG)+H-(pAzyjXwu0IxhFp(b*A`kwdb zzDbEYed2&SZ^G+2{bK5+{Bj46W(T4<#%Ded>GI98Sst~5>zOf}Sj{r%P7I1yfCR{B zA9Vr?kVOvt2)k2K8E9e#MukeqoDPQ#%DaaD(HGFe$-?wPl zE8?u=CJ!^)o@JqL0614vt)Vco^32rN5$WqUcS?j*MJP*I1&*|H9W7e&+X7L+}f-0DP@)gy=P8)UW9L}Co(rxeF8(_soPhT%i&5}amKeF&XJ6>odDTt z36QPGvtUS zdn#2eZ~^yf8ua0oXh{~qoEh_^f2rg)%Yq#A(jkAkYEn4uq#O{F6~nL#vyZx7<>Fco zR+v++M~i?|t`&s5?`t7nFW(6!-D)UjS75@qU*BNH8Iw>&F48RO_l@+5bZHp*HQGhN zqR*#~M?IH9|7Mn?5EbDrIU!~iHq*UE7lz}I%XQ@IlKFRhw&|nhDt5O>3K)+pX5aMZ zY5E3^Sz}CDPEi+@dC@v@dZm*dD`o$TOS_`e=*h_VbaKpKWX-F%KzhMm_jg<9(X^f2 zp)zm#O?%)e6JBo_8Q#zR}Y3KgjL<%(`xxY zCV~GeE_?b4kdQQ57*qlZxGT2ucw3}4x;l1kBs&|{C6=dYHWKdY^dGRN;5jeCNSz+O zC6(#%x$I5t49($liX@wLs9mu?#3Ai2>!FVjm%il25$(lYu3JaWQ9faL+mUVVU1M^F ziTkoA-kmGkuj{vg`O8gbA2}y^C;s76@<(HzV~k3{OR_v8=MH!h?vuBH+O@W`LF zzIH8i`#ikD{Ri|N$RuzDp@Gpaa&ZE9jxQ|In*7<4#iRB!UUT`of3Oz^sL70l)9KxU z?NIUP2p>8*>)pa0xs{u5Q+O?_UGsPa(}KMPiQR?BM9)NOjeE%ebp^>($gz?=)7wG`o*=cocX!OHh&YM*EpCNf?Ff!TzhrF)|VHE_C>u&SGv})q@za;th zeRj|_o7CQ{^~z}c9AaUlXRwP&hmsYc3kNmKhWk8EH%yXtPE3yRF#TY&_R2UHko-UU z{Efu^PnW!_)u*zxSE~yj6qZEE+K?ojAATx4=Tj z$ygimf0X)G-buUXyH|F+Z8326P+t6D&xXD7WA}V^;9s~A_PW@H@V4S~WPzP88Qzfc zQ`RIFx5}j1siL^YX<kZj#__bVVIy)E2-@pc|42Qc2YY%v z;};K&gLQ2^2gZ&L2#)U4zaM(AOR}LZ(|a3bWZ~)oT|jTX`VA+W@(7PQWHB~UfgZ|) z=FiI}QVEKQTV~0o;*+w82!p9O&=29lN7}O({b&L303t^^effHv)YnJlzVwp-*hN7? zR5(t1e=kMIN1Yk0Bwg_X!Jy;xc7KrsPJ)bN9w^iH_xK>WN1n6Gla`-cyi06!NT$GP%dh) z8?1pZHTz|E%iCsK$az25F%_3>Eh9FKIdhG={ql6YmO>qxX_$yY+E}@VVpTMM@?MrU z-sgYp>Cw!g1jR5Es%obe-$*wWKv@na76(B2vCJl?5$_&p`&!Js!E*IRk`=*@LJ|cN zzLLpvN;;Gw3%nSdUfpFadw+YRJp*6L%;}q!H15FrxkQDfcvaauk>(p&Tn8Olq@B2& z?sP5g1>IgBTzq|DH@B30axW^M%vbf{mF*OB=uXd%Hkj&isdbf^(Iw|!sCvfzc)P8G z@zjk2JrNOkhNbayb_h&x;sX3v>L5o%U>+<)#ZE$wZ8>MF)s(CitD=L|+Uhc%OdKX7 z=sL#_Y~Z9f+5^H;ppBce{as~SdP>@a;A+;;Mj%2yH8VbP*GUs{#LIW6A zD+Y`QH*F@_M>;%pIK|fq>;CSzR#nK-JX0J?I4Pd-n0(HAS6sMACF7A=Tryg`okCSifnUiCCi31bQ-vxO({zPb}X3pz>cr;$!kae$Ho1k=eF^QoIcc*MXW~)ZJGRyS63h;-7^lK?HUOI0= z!Y@~nW>Flm+_zvX)mBRqs!d4KpJC*iAS7V>xwruF+y1pn5>UOp-8`Dg#{=Y=iVvUL zelF(#f^Q>edoG}}s+faUM|9`kV0{(`v4(j#g32yiglM4g3elg`oR`?Kray=^Wyi1Z zBF{JT-))H_R?oLxZ>;btt0O#gfI47j4jgM-*yCLCNoZAec&f_3vb|=cbW$+e zD`j%Mh�EYMd*=WEGY&W`s8(XHFprc%2U7$w%HPt9-4o0^I#zIsQWsElBF%nm@f1 zx@AlF&FZ8V%}$KVsSo`|Is6X(+ecKtw(JK^2rK7`#*1LGwJK7q_si}K$EnRGTXAIp7c{KK+j9ucA)2=sIK2X4#eIkS*xWUt;U?&~SI<)w zyj&2|N~O39>{@ENPQLSWvesC)q(?bx90g>F*01L~a7C%4O|jnTv~SUp;6oU!Sylxy z+51I#$~YanPhY=NymfML1CUxuRu3*>c~<_rV=T?Q<)& zw|nFI9}{bNm*S%T6&i8x5#xZp9`5C!lNV(0XqmosUkoWk;$r{^XN%(!-eZdlS?pu} zD+-GqyuMC5`-O+z$SnXL&w(Z3S;!R@aQJR-eS@znj|?^+SRwDrWL%qixZ`sU@d>-o z0kvBk>oj-qEGzh2ihXg%)nCogl{}$R5XqxvAki4oZ0)t_C;?5MTAy?bEAhdyhWP*} zwsXNmKPgEYXsA*+N)YlA-a1%f0K=k?ZVm09f455t=&+q;{?%(n%0ov_@INoC8YQ&l zS&DcN2R(t1h7#iO#E>P8s9RdqOua`|F4z#7_(@l41u3nF(&<5=U2Gn2A}apS>M5e> zi(h7kONPe4)d-@J0|@GrC18%_4CEy!@^Sueo?q=bPJ8~7E;$iGVxy_(l3=TD{cpM& z?=IfIVS5__S}IAG_;yAjP(@`+0$p2-)x2a^&GQbGF^kBKQ&S0jB3cEd6pT+R6sNQE zvyHDsxxKJ%@ZHhOMiZ+B>7*AZbF-LU;YXzDePjy>v=+NgvGpq(i94gBK6p3+ zv>j`kfFE|4p&fF(^A7AQt+eUG|I^gRf5lw?!sy=tW}@}-E3n4oYHHmrI06`CY8Ee* zEFCD|`nfPZJ-c-X6=Vm$gm1R>kMC&q1)Wz&jr-^Z_&)vmflqO1R#4fn2C-}Qqw4WR ze{@aTz^M0Ci^-b+$FcWs?h$BhU`v&{LIN3PzP6{)l(ojP?)C7eZFdx?WVTte-ki=) zF!iluXX>pVt1j4B$=Ybgza$e8l7)U=<#XKu3p=m7lPMm}P_|EtHg8BVDrJBF3g>=~ zv|{FG3>A^1mX|DV1-w7>7n%KEg8LI}UlEc0T_>#A0O%^`Rr2H_A<91J#w{q4%S{3- z02k?4!yko*ao^ZAPJS?VMj02U2F{t)4@}=;AeJ-q;24s(*vT|;u*#Ny-XS*~nTZRD z;5wB9CLGghka)MqCZiTTtYzd=Y_9M@yA^vc5Y`f?u`4-#&j9@>Zs@xwkGXmum3ka~ zMDAgy%yYT`hP_XAg#jO&PTbGwm5v$kK+dv?qcjssk9NJBjKFAwY{=M@$g+2AiFMq*gpdhc5TcZ``-sA`3%>ucp#&BK%H=l^bIg2f?Hd;d=z)geYSj z3#$AC;O7up=|eA;(WCSFPNxxNCrKm1IYiLH*eTj0HQcO0E4od{Jg>_EqlWCmlEiK= z+=3r;p+7A0mhk}Xjfxm}$6z~eDcAgBmO`N4ex|v^e@M6eOg(#ZJb-`qx>oU0^$sV- zLT0``vSQkysC**SM9@BSTC#sAkV31BBBM^K)!I){^GI@i@vhpwEbYao$6{+d;T(PD zwxbR@8J}3k=g%p+=|p}TY!cGog;I3cExedRF`p5ZCp=Rdv#}a5x0BFBaaze%ucIz# zROYD;2T~}(AT5^wJ}+pF{*wWbik$sNamwUtAp4##rMOU)RpwtcX5xU#@w7duFHiUT zM$s7Kapcv`ekzZs+e#s_r>d(Bas-#y(>$oD6UI%qI}E$9p16cLgrU@`4)bIDea9s% zVWJEFiBt0?CrKbTUCmTdP^>F3$2=EqLq zYTPV0=G7U_(VbD@xUW&{a9hWry?YAa<63yW>xh4Gd5sg~b0F|GqFjEB^nR z_IG)qIchp_1jIDZKgn9~B9Hq2Vz)E$D{`~gXtl=IVLA2T{5W{EWR#8pxf@J?1v5ah z22??1#~77vZ6#sF-G$bu5(+AGRRd@x^|dl;EGzgM%GDa3p=pRMFe}%PLJE7^CS=MX zc*fz|yej{S1|)w^NjMDiFXZp~U%OMJFX3i`lU{dn_{5n%^uO#UZ3%14gV)CUA3BgV znOUT%l`!tkd#g>0*X19p6$AP2kP3kc$pQD02I$|!zfz|-qV29^s|+dV5G}&KVCNZC z%kw~p^d)L)%raWZ!$@(>KS&w=f^Xfq`WqlMkta7KEjK%y7%N+9R-I$LKhH|>?F=L2 zI7gvxsh16}h=7^9x|u`lA*de`IvwpqmdrQ%usnAW=K(k3b5Y!>5r}mcl{10SsI8A2 z2N{m`&}%Pm;3ZbHp{@cASXTd!PJw~g&K%5Lrsi@G*boMX_O(0m<~64H=t&^{AOlu- zHD-A_ae48}vgE(jz`*8##qM&RjSxQ*yNZ(qXEOv_rj>#M+y%yo%p$%28+u@r84oJ9 z8%P|id$blu7&?Eh;;~NM>6dEj1+G6|fdVlwZ@=xS+CRj=I`;k9=dFy&n*ReaaMYs2 zACaSLpn&@-)o}9~2vBq^3Kt++K-?gkQ(O{{C{m8_bAM_ZL5-?Sl7305=#LC0Io^zd zpq9Xhn>kvP@lG#=;y64{rWI`8OOia(j2J$ae94$^R{mD7Kf5@Uf7!u76B9tYV6DEd z>6GL2M=GPa-QH!^rD}<_b+pP>68odtF5k!fd&AV~+ICQg7RSg_g@bDXEFQR&EINgu zI^&uU)Ma%ooLAM3j2NV|gj-7Yy#lEk3|n~Scga(VaPecTp#)4;61tx0q zDcO=QG%eiRSpAwcMqf*Dz|%m|eqOM8Fntp66alDbw-|nhp}93TzX+f4ik0|GKr`V> zZ}(AFTmNs=!Ea1cgEY$WB=SY_0{8BBin?0Z$f+g&fK-Eu@a@f3WM<6hh)AW62P`pwdisB00@Fj-iPQs%S6; z3aqhNCD?K@vTtfuypbfkJ0_f}^1QjwNsS=hOcm0AR$ZF2G?NcbINpnG0ho4+UI5(r z>D||kd9M$+LW-^cC`Gai13oUb>)#8EXWZM+udrgjw)wIcj^n8a8!L39JKs1T0@XcR zrx_H|m?L5q&S6U&isz4I%`$O4iQ;4;E7@NI7u5U0W~ivyu8Ur-Kqs$9R%$FK8cRTwWU{M1r;N`jE$B_i|xqV7GTn#|TVU=SfFCDYA8d81VzO;2*@~! zN(og|N`MFgrho`R0YOm#DG^aoDWOP*1f+KmNazX0Py&P&2q6jI zMW8p+N|`e6&fMmeT7x!w{EJCB2n@05PCIh{8tox8Q{JDv14rZ&W*-|pd5+XEh&DZM zGC2o%+#h*kR%IY~&?GIzm54Y|5a}q8#?}8aNvvx@8kJWmdU`GOC4ln@mjciRpw%R>9+ifn4x&3(A69>N6baW@IpArm# zwz&U4<%;hDbu9o1Qz3`IEDzN4?|)GGzfcoC%#SPwqouYUxqB>H1qZ$$h~=xj1@;|x z1zJM#sk(!?{-*gx?913lYGaO#$I}lo6cd-#P0xa&fzn=G^yV%oVdP@ld@>>S zcT=mNMmbw=_g!j8xR!nHt2%?!s{Mwf;JyKuo`lWWZJbV(1G!SVL%$&EiXxgFQcUlb zMovJ}l%JXd+OXxdVCR-8_(X}U89tWdXLllx#hLd_BFn0E#F@WpwV@uIO`X^<(1Ivg zg?3G3Vu~6eCuoJ=OPE#($SpP$D3wM)mjts>SVF?RAMd+jQ}xV|(f>^vI}*VjHz%yJ z*}gkcpI>$W=E`jJYV6U!PfoP(ESj#5pxwX(b9mgQ0U)s-uXWF$x{pqbQR8*u|Ev~H zpuR#jBFS?$|BW$b)p{_dhL+Z~-my4NzhAznJx8o!n}5EDE0ANi=(0T6Uw|fjkcdj> zfx0=XhYt}k&fhS|m??nZCJ-f}scB?(RTP}Ju#O7NzwkpPL~?ue9ssbn1-@bdbEk|A zfBwCr!?11bo*lvY+#GHTV7+G8A3T~^%zXiM^GoB8uTb4getKddRb|h4c+!Yj<*;@~ z2Y&o!=M}9JT2D=FM6mZWfTE03D{dY7B^>9r!xgV$zrY{lu4Kg6tJ*x_>Daiy?r&dI z)SlWLd<#?(3QcP-v=(+)nW@tRxjV7UQ;<1xPwfES_)n;Cdu-t9A|QSGw8ONDZ@(|+ z9(u}^XgP(XjZKvt9Tzv;K_Dz-3+Ubz)j$yhJ8Ft*UdaMF*hK+7b-I680->Aqy>$3Y z3t-Q1fHK~g>M)+e`qcR8o-OS&g-4f48ag<5oz+U-!Mh9OUnve z(#9BdD;KInA{B7iG2fQv{R7Z~13&?^|GE)}=lA8Fw1(5%)Nvhzf1fq2@_P>+gSnz- zkfQ_Q`2#EO1Aa4T+Yp*hANKq7DABLh&(ZgM@d5Iyz6Z@#0ceknzK^*{_8o%L%{h#; zk~Vzai=h+PMpoF(Lw(Q9>*DW(6O~hGq78+BpOpY=0q!wBMnS*3s+4<W&17NAvDq+R{r+-R?N+ha-T}E?qMBNd&+BN{;O<6St2T&gA5Ds@+urCp zzI!;*;Czhvo9@HgW-l}$G9F!TaCLoT-Fw#B&(sD!L(21pBQKYik#4su+V=+ zDnC7KYDJ%&;trp>moE8#tPy3+d2U~t&n1*|p zHKq(tjOYhUx$Q630U5Zi{2U)9%qCtj_ATVj^{UG0h#R6-4Su}pwtqL8{NCO7fBmF>XqUWv zTAxA+yrdB8m%Z}14`J-m_vy;&Ro$2QMbYza{mJj}t*=$1q;0p96uy9;O_-DA3^V3! zN;KMHe7&LlgVQ;P_Zq5%pf3FcTUwfCS)zGcJ8dx0mSD#)HM5AsJf#iyNB7WDxUbzi zLg<|7Snn3sf@2^ZVTMm=VwXl&S-z%}m#@ES@{~sF1XggS1Byl8SR4y(_EIorfJllTS2;(r@)f3+KXilk0J2Je9N}zJby7&*^*h!bsToDWo zgUMl)w|QY!DbSvS=+#W=hvZ;Jf4gWV%OdS|eE9p+*V_wzmZhGGLo*`Qp;r~L4J8Jv zjIjHTua%$VvTyTKCa4I=KxnGbZ(IAbYb4s0Z)kR~T|D?*@m7WcQs8XVac6ptv_b(4 zbYQNT-F|H4$TuOEq3}(kZ_DpY5BZ9oS9bjO)X#r5VEtb&j^_`l>uC-vyn<&IVx6;B zmVxarvK&?NQEuMJx)1eg#G zEuEr-R|_jjJGu7{>%M1;>_rP*K4T{NT0&C^{z$25($x~s42I`vWg{iau4R_7k9}&& z^u)N8mL^FI6qQLcD-f>E`KFW?8MUA-oe1sy9+uMTvM)uV=fBDRmT>Y^N!LY%68dfO|1X|3!|~f=&Z> za7+f~WihoV;BtV+;AYipmL|KaGV`po+}M}lx52WV&MJt*o}{0-JARW8GnkVJc5X|@ zDR$~+Xv_|AmBk!ACZhV|KlVHrg~o$tV^te?{r0K`h!b~vy{YH17kGnucW#vci@gDq z6))$=&96LHTTzfVN%+yhe`IpI5_nkY%aYMj?46Qnp&AwRFT!Faac`g!1Ih0dzyp_y zW22%iaIP5os$YIl&>ZWF0${A1+bzg8ib{7-E@l*hL6f8x1sKYHGp8-zqwu`-e4a9@ zIwv;P|FbRFSpVrq(GoGG)Sy8wN5S^}Wz`4k4ySXt-2%SHmk2oYgwA~LX)D-D^%Bb7Z9mKlbI0e{GbS|x>WXFL=CG*? zukJ~h@Q8K_Em2c|Ldb?c3$}Rz>>fBUHG==8Xey}nI@aiULo+dPfuyfChQ8f_ApFxtV%km#lQTTELK zKx`lMG;v~xqUx?Dr-5D!&+bfH)Fx^$4#OWtOFbcOe#QBm0cbHy)8kykAa`~MX!KU)OSLlc zf0`3(S$6S$=`JLO>5TsXy-8uM?`Rz1pLu4iA}5U06_=5b2+-u!LOv1`d6 z!+@VlQsp$92f34nr7dAz3sf$5Z-TNnCnLcnS<^bus##P#F8L@?u@2;1)6W(?e8KxN z#PHxj)Bf($lOfqd4RmS?pPg?@P-47LH20oG)r-9y@y|dJyd=3-1KJk|M*ZE%5{kj4 z`IFvEIgL4n!m;JuX`#MjUsVxhuD1f*(LFCa>VAg9fBkEFzYjF|557K5yv=cYM5~s% zY_GfHbD%lBq$IbJ+4@?zGvwC$!HJ@&i-ec@VS~U?mxZHGlT5v(2lRsUo#C;;TQ4$?aKeN|9E1OxQ}RqN!hlHph#Vi{P3AO9tx{ALupzCVOa0`*R1Of&dK1F z*L-F~dur=x${Io4Ln1oTWjWXD4zl^|W{(qPNwqok!`#8Hr=8r%{wo$}_B|<|b>s<{ zj1Gh1IYrTZZ(qW0);Q@W+_Ur4>ADJWS@Dmk^yxg6q0eTZkB1`4G<8P~5?@BH~k+pb=?Yf(XdL?l|P0=(p4duhNI9@QfdrP%(&j6$)pxs!W9)}~)*Twoow?Y8f$ zf+yWh_8x@7xYr>A`zH%vzMNYWOCy2_1l4x__Zs=_>>hTrQ)ty88GVSMJJWElvK8jD-6t z75eEQe^HyT(R?mN2R+2)l)*gYu1wp3Dq{{oG$*;)r(sRye!RS6B^!g>I?JSs>ffrp zg_cfbw})CfKY`FSH?iJ~z1 z8u%tNsb$5exf^V?PX}fXO_)}mb-+g6D1edpWr5ReyOqcJkNiX%9su$E*&wlo$q%$z zuU9EQj_^@3@}Ax*eHbyZs%yCjWr*7T4OA6s8}`KL64IQAnqpM&&c zSCS&^bBXj~cC$M_V7~6SR>I;v_(EtPR&S8o@I|4{q~TTxmYE4Ji5piL&5(l{vX_r+ zNJa~(lmDY3|NEQO!VQi=k?ZA4)<6_Q8M#Mm2Ymr7oQ;!-&a`o&iCJua=tX2gXa_7m z0H8IW;RS^t<$e{O?Qg}WH1*?-xY&9d^NX%Ss`$vegWW?}N67_B@VTaEm^-MZ{0TEM z@Ei_hxI-wqNF0A$)8EhfaxD7bgYYDLOz93iozpY43mT$hpfQOtq!L|1`e0&D@VR}Y z7S3!e(l%aS2hE1|C_CW?IRb9~l9uv`}%WDlUk5zV88>>-Cjrmq!uzXyg* z3F+~858G(U$hmm`tdhu=T&vdnLT~EV+^ST$gpW_dGi8f1boH-2vU?v*-a`t((w&55p{Yu4|bbP4&>DzlgIN|%^s%1z~0f=wEz zY4>nSLHS9x6=lP=S!VdTw16w*(p5?pk=dwo((iQ7&IPd|{Y0(p@^W&mM>o#zk}Pe< zdY(+$17S>FGV^wgSkaU^1KK#FZf2&;%s@#gA9mD&2dt=V}v9(a+{)oSe6YyD~X4qBn+5)%#BMkauB_jGmAOB86FR# z{0dJzIahI^^25X>Rzp`tSiJeAUb!nWu)#+~4IQ%?VUbSuP2Y2UW-@4$(MUexwhehmF;*9wIEVV!!+mFca}14g9pgk6s(R8szwEU&@H%%zfn}e z9!gX9_$k((%T(LbL(%Qv`EWaxVRTwgWUeib9;yP z+>xt!qY`@4bb3&9bKFNp=+c9{LVrio&VzWN>w8i`J3FF|F9(0^MG%xY%Ti2(Rv=#2 zKWpJU#I3U)(vFWZ@`-%KDTFfOhOc2__GmFbD=8M;ICE5WNuou#fus5|HF#j$PvT>D z%(o3Kz}m@X{m7kFUp)I72;5w2Dmw-r1xD(2Rwvp!-Xd1NMwmlo-?%eP&Rek(VNl~6 zrF?rm(81}YP{k;z1H*cL1AESQhS1j@BqfU|8apm0lG`6a*)zKU;4Nge-WyQ#^e<(c zN-^kox@1}mE7+{{CfeF@nR`4=E@|L2EMhM#UV0kkgYIp$#rzHy`?F z1B$i1a1ud6n*(S^*IfUkWqq9*Rvqa$R2WKm`$e#>L z)8t>rV{A5?eZ(F@-%39r`+1mIS?XC}`8Ucw)HVk4<{=rT5vFxX@V(z8bnZ8`hrk*E}x{dpFTuEdKBr$yn~fJichSN)9Xc$?*JyZ7eC0p zL2jRcby-6O5;bGW%9`3AjlBWFm}_O>zuSds_5`I_(^WX|eW)*c>J*AdT!kk(!;y|eK^C#{KZ>8OhNuLV8QDj_j| zmIQ~!KkSUH+!s-?GQ~`IJxt*d5Os{T#(V>!{L}skinZ`Vl z|FBvx>T_A29IEb>4aE7i4%h}TS0B5%GOWsNhh$oyKgib9Cw9?=TyE72ca%TUP#(wJ zT$laLLqdJ1GjO>6b&Zq0zr#wNxh#iC(9e#Fjalf-@6`l=1^yOCk$ zb#!y-`yJDfE3#Hi&o<)P&6R@rs~TWz9L(o}f+33OVH(>}IX$Gm>>YpZo}r`MlM~{8 z-EH=+S*D%NY^0lRdb{4r;sYOpw`tcXv2!1vLiYzN3itxbJysLv9~5dQmvY)F+te8A zg|Q+xd7RW+>W@Y;GY-XK+Z5t_+w?UicSd&uK#Q8JwDi4V0mg z{=F`>G&Cp3uF|ycnwagyIv=DbttjR0r#LryrK-?+WrcE$vyi$HlvpEqdMY4?s5|xs~g~ z8{)QI$FuWG*zF#6YI4-ksJ4{g!57`u_ujS+896#*(52g4nuS41)%)ZTH+}~|in1UN zcjsRSq1HY>jA0d`g=`$#mUl*P5(fuPzBLkmO>KQGCy{9u)joPM1$*M*0R_lJ%P+xo zoPLjhT)4*WvU!bU(3XHZS+G7#utF@GPWsyCQi~1(327h2te9ly*(9;c3I^bd6LC59 zRajo06j>fJ90G;XRZLRUWq>z69n~ibhBUbE{WxjIH|X%Un9u(^bo+;_cAS zhOxPzeGDyde%n%*`J^cxo>Ivu2HX9f9=1M}LDC;&KNA^vHJ@_hSpY95ww;}U{I#km z;0i$=(^Qeg^;&@Ft2U>_E%`(wJH>B1s5c+=fN1jKcANoG=in3hkL^ULQ(d(x_oHPg9TqOv~iSi!OZHn{K5ma+Mz7G zmvgSwvI^}BAdz-IMk1#16-(S4%VWMhXJF21IbQ?4Au~W&A}jp&(6y+bXC)2N z1(M!$Z^CU>m(YR3st|S@M&)U0230PX%*NzD-(*&}lZ6-Y(OQJE?gYX_i^{@p>za}p7~V$>_-5!mO^Oy)3FXZPd`x0huYcZ|zq8X--dLk&Og?vaNke$r4T#=;|x=&q=IPZH`j7*&y6_H!zl- z+3-Y46J-3Y7)EL+mqS1DSZ_(2O1G`EH{ zQCYF=#x5DsHlgZr5bC%6Q~QSAd}~cWmfa#`+BFL|1OhI7GLhC<|LR9i;8C^Y+1D(U zQTLZ>0N3DsB1|N@xbq_PrSb`pDu8h@nA@$1v5VAqjrJYPpNWkDVyVPpM6@&lr9q`~ zTPEGTF>|X=`-<4zGf2$cwt1}*L2rqw6n;?8qbWa`rswAAg`q}a|8e%2@e$d^FLsk1 z%Vj2^z7yQ?+kTE=iRK-crOE#MBKDB6K9Xr$o5D#9W0&cWA3dHu?V&H$XC7l`%Qerp(jRXR&R?~iQ5&iVH!LypG9|r;vgH&BI5XxB(jtd> zT~EVCPq9_*QcS&9KI&$o-CnsL`RLw;O44A!RZ5C*q2 ztu$*DKCeow{`vocxQB=Uxm~?*gW9Z?`g9pr2FcA`y*4v4c<((?!f7Hz*jQsasrIQc z`sW@!NfR2Q##;&2e{dzfRT-)yhC$5tmTY+;`njtwnvt|bJx{N+V%SCP|OwcIn;pag~@z=z0O?DJj2x<;U z(~pDXT>w-Dz+Sbi0jKs9K;Hi^tFLx<{Kdv`(dn+YO3^z>Znm;~|1G>Ba=vY*@vCYv zdAO6UqO8bw0Pp`?qoOAQU)~*t!(ry@dk^{hTu4GQOd3;6#W!1fYs?(ptJJbHVXy{u z;1HN_?%3#Lvb!gGaxEa9mybqS>E}VK&lM@k?DZ%;?I!nxpz~GJy>_r$Lsi#AQ%;6) z$(DR4pe?LpKj#eJ<4P<9B$_kws{i0z+YooUJ#^Hl?Zt>(0m*Iu!)RrrY)C}z=qpY; z)I}L2534f-t3Ny*^xvTMe6H~@+ zc7xsReb_Iz(H_&T$8Y}#4rWM-KZzAgzrT1i+0Sv0qqJP)jsqg8ifTPV4Kc!E7D1s6 zxkTtoDV)pjiQsY3@|bt0f_K1qDyzBiDZNz76m~nn&5VnrQ*90eQxBP$dD=o!i%RG4 zM*WX8+_%aff5acd0=NS9eu&0(;M#VosaGF6_U}QS|GwCNBUEpye|P23L~0ohZ98?v zgA_2>@ndlfYUEeS@+SP>EoR`05y zelj#eN}=M3a3XstVX-k5-8SU^nnffM+4c!#IkBT$U}s_ly`hUXok|sD^wp|nEw6&E z&wHMm$kvY!iazTcUKG^dsqN%k#gC$Wz>>YS-9@k*0*c3F9x}{}H=9L-X$Phcn3^|~ zVLfvo!OP#xf)&R4oMdI6iYaBiOd%I(nSXLjL0;}9kfP0xo;eOy-&V+b_MiEbf5C8o zjsP-VMKThZ_?89G{GYC5O%u72lEI&)xjDb|&(waIQESatF`bS~r!p&PPhw1WH0e3d zNo0j(;Nwjp%sYj|x&2FK_|#D4ua*ax_;j>N12^YM5Dw#a#*b-R2=D;{{(Tebv!xvG zk|}S$5)rP_qkH+MwoCW>h#S^2NE$hi*L0D@-3HD=_HkpJUnfnDs-m3R%uhT_b;7tb z)f=?uSXrNgxiQsh>)Y*`a@+l{(fB{@i8@e_t8@UyDbdL8zJ~G($TRZiE3YUt zteslB$pi>c-IvDJkf0l97t?m@+dY&(0TN`RsBrYtyp1>0suxbmPv@CVKhnSpyo_kk z4Ihxq`|=?>{H?VF zh&mBvACw#?wbVnPKRoLO-_QCBcSp|;HjXLQxd05IJ|+}qd!aiae9odL8b5bzsPSCG zdw2oNC%CMC&}i-6n5386{(Q!JT9%Y_QCa>Wrqu!02pwkajAG$cMt{-uj1K|VV)f~i z#zup|9DG_zQ||*?ktZESUKn2V$)1mUYVMz@t4In+pT6;h@ujasz&PD_UNltRYdUGd zC0i%NG4PU!kd2%As@0ay6w0#W3yCz0GWoS~*QPib~;n+=Ece ztn62IcY>7wp@dpVT=@y4is<1VCE;=6&(F^_`6xMNAM30R{KmIQ9W|~7((-RQI#uq! zea7!u^}rkz!(0n4Ty>k-I5R!hS?t@t*w?9Fz#pMNj5W)e-3ju*{^r48xy{&O-}=30 z9qu-~IqQy4R1`T-))Yew8e}Jmr20iV< z{dU!Y5KY{<9f+0vE|$xtP5pGvD~KUD^*Ruk^pEe8p8ztD_#lao+syyRpzD98=~|M) z0+)vzsP^BEh5-P^dB2LIaQS^zZI})u*ll(IeAHbLn0w>QJXCnq^+OJk)E z8LzlRDLEAo$#uTT#}a&oN1%rX_W12u3b)VVIzbd7m2ZxDl_OVmO!;5CnMjf{|i)qg!WDe?DIOs-# z>mKAYB`(AbzlQ~wm_+1dgf$6YFNvukzSv~Cl)&`c)O24C_f9>Qx=_J9KLs0-U(K0& zH3ARH%K+p9t3EExBNV7}f4kOilScrX{pFn%$*;Lf3>uMpedk!q%`m2oW5)^;39%(y$Nmq7LR8?E%sDbgc7!oY@KV#k%2ss-`-f26I;=vH)vA}{5k5G(Ysr*OpLd6FKyivvJ<w z)uZmoYDz6~R1amgvU;Kf&{}Yq+xD@Ct2p7nXQ+dM2GdC&?$;sKC%+M=O1EVUpP4PF zH$9a4T?Up~8U8!?Lki%fs}Bi>8ddiXWIYGT8=4;R|L3KSb=bZv=~^q}!a=)A9(vpp_^ zJ+1IDEvPtb`2}18J0FC|9SUCClEf|(jE-=oK@M`fAy(BfJ>*`v<$j~3dTYTB+{RbB z#1wU(#gjfN(y?@tQnJL&qpiKs-A?A;@D}F!d_Db?_u9%qhDUD%{`}=s6_kVVc<}8n zHor3vMM{K3}7PH2Maju zZi^8e@O(C8K=W8#GDdBs@$5P{RPS?jqw-0Tq@X}uj?{2>%SRk?zmYR$C50a2I=MXQ z*grWd2s_|=ZY~EOWQ$PTX!degr5u8KoId)emclr`m0LHKVX;+wZX%7#jK934nQ8zi z1?%24^^hHPv!#+OB%UcEb*t?Zq!sYwB`%9{^g}cH0%%--Io& zzXGSf3Ibdcx^|05G@fgy4OUmab5;xSN6G_+ZVL*@cjqvK8`8!Sy8pUB!P{F-zKsBg ztiZ^7W#M~4@~bYu3&G&^`W<9qni`7xSy||HE$EC{r>wK|OstiMsTJ{BE)IxAc`@l? z`99}y{5Lzlf)Oi81iQ6_{IMZQV<-E1#fLLf26Qi_jW`vmyVUY&%8LoSMOizQq8iZR z`rsHSKqT^>lb7_}-6)<=Y?)A=FMs%V>u~8R!F0CEsk_^#4aKAdDMJ!N%M8eC@FHz0 zV6{YMRE+*v*qu1qHCO5`*%*x>baV_tfch4qb*wM zN6q-k-aV5>e;k7OhdmMo8}aac=;=>zFm@!1EQ4N|n|J_Ui%0IjHsxnMpa~E- zEe@Eaf0*;dbP7bUt1{r!shEio41>%T{cT2eqdkA=7eU-S8M!e`2t2bW+B&Oxw1j8N zuM;#>R0vCeB{#pgB#1)#i#0eL-VI#GE&k*;KCKeI8irRofL{7l+uNr-M}@e_^{Qz+ zzXpbFy>;IXAAgguov{7_E`{YAl9bRZ+~8_0R@XvRu}zLRzoC6o6cKpM9_Q|lx!N@S zrS=S&9#S6LjvyB^uGbD-HeHbxck1q$t*STE8CF_uxbGq2>Ixb4ZfQK{oo!?3d3|EY z=|gJ*H#+JaZn684kzk5x+fzlpib#O)EHGD_n@|plYpPhz4A2h@C(q+bFqwMlO?dkj zL^LozyR-OY<+~U632;Fq9aU~~H+uBi(n!H=-{~oM8OdQq)@w%)vt$;gJA8$z&nulU zCG*0jK)AUH(mo!;hJS8R8(w;hLt*<9!dhc@1}z=imk@fTkF+rRA{_!DVhf+>=}ZQ- z9#3<*w;Y#I_g#Cxzl6cm&Rt1t#ABLwus2b2<>ejhl0FPx<1aDAT?3Gj+ND6= z3pU2JIh7!_F*xP07hQYJI1#ouz8-i3{p(V~tbNR{y_pXK*$+j8k>FvR+yQGExWT4Z?N_S3&6am!V)m9GM#**yn^gFk z6dRlKaS0XsX{~+Bj%HRY-Ajhb8W#zwG|)J{p(DqJw%h-S5kHq6BznF&4)L#~yu%SC z@o@nFnd+Bg6_Crn3~i{!;yk@76K+q>!g2l%TN>FmS7l<`;fEr_;$k!inoA9I8p9;k zGfi_O9TxP+-4iN;@JN^m8~-qZfF#L_`QOwoVB33Wu+gdCH9t=r{*wGC>bhBu1MuRP zH%&((+g^O@zw!E!%2my)5Z9GN5rnf)d%u9|B`IjQ0Vp>yh+i;t3UWm~A+H4bifte3 z+tl%>h*TE$5&SW%#6#0PIf~2EZrvw8RJtt;ABd#=?yd3yB>!jn**~DnfDdWPy>11khFU4QV}fk0 z5Y&u|Qk%54m=_a`DR#45Dv+t4QbpJj+aba|8_xMNb!&~KdVZSg$<+~X193x>+5_HV znB+_vG4b9%>Mnx{VEK~L+l}5G@5yUr?;8f<@N8Oc>NPjUZoxvMu}mk}%$9adFHF8k zex8EluM#fv033O`{yUxUD@^2&P}_I9Ft6lLH8Iz3qu+4rFlPrehrFy;h$M~`la|ugG-0}BR(&96^;*^mF zz+h4;K@ebZIQL3y!7_>3YZWlM7<2i{-7hbQJ4p1=1=TsQz4CJ15u}8GZ|Ja>$D#IF z&4TM`is$;O%+~7K5#pQc4jX(ri0{=-wyIi8pAM8bj(mmKytU{7y8*u*^d&qKZ^Ru% z5V^=+tKc;B%z%p3=;z~{rl;&ZpZ2vs^XhX;Cy!lc@5usMBN$J*Y%xm0SQU0wqwiZA zFDy(UOZ+rRrHqPsg?&>)$WP3jF6goO?4IkZ3@`}3)VC={yu@6-y=Qx93T@s@6eutp^Ci+Ns6)T%{97;9aQEXS)hWe$Ct zJZryI-PO=VG~RkZUr)Qre-eCtedmj=mrz@#stppxw@AOf-lhw}eHpTphRs#@to!#1 zVxmlOBj$pmoNQex_1iAfA&6Z^byBFzmiXKO`{=r9A3m znmQ~}xSIoN>I=c6#0YG??u_={!L4k^M#Rz}-5j|^s{#5lS%GN3<8m4+4UA6q=i88A zoPxeB+@eRCzxATj$mdjj_BwBwN&r6L1n?aOch|pZ1-?jr0Ko=VExWv4pNoFfh1|3& z!cA%WlcTn>7bX%_iBg-495x0snvIj*;1Vj1b4Ub1Dt+@n9r;mLF{d13k@xj=*^#4w z4XQsxKKfUM(RWf0A4pV$0AaZM2xfhRx2GgMy50UR$0KA*d}in$JQ1czqoSV30VUi# z&-cuUplSGhdgy^qNP+)o3#H!j$r^F@|CFW`I*7eJ(Fj&7cuUlu>|dGy@0!StjZVW{ zqgDE#iv1r4uQzY6fGjy$$=+0!9Y0F%?{Z?%E?ECdoOVdj!;-o0GUxb27M#@ZH1>aq z(=5GFzx_vX8mi@59f0|7oA3hwZ$M<;h1?Q;}7spP$?~e6G(n7FDVrNqwApZ8if{ zHES1}U;oYqgjY_;tLi^-F3cb@nT9_6k7l=sWa;;nNK3GC|3Jr~R*lRWquVV3(+ za(Mr;G42}i!?ltJ>ywu50-}*F=S@3e2X+ODJ;j+s_F2WjmZ(hCH5=`w`+w)r zwwxD(Y)DW}-xhzFK4fJG48goiOw{8&(~TH^Ju!8) z_H5NN7bX=dvGGLWlr(AfRq(sIMbxb74J*Oo_hiblZ>*Wu~qoUh<3n`1O_0pGn(4SuyV_)b$J zCZA%Do$Lg5W^u$ZHa!JxH)6E@K(kdAnxn zF4QO4ZnHLyivHxF@7oI6Ix>0Ec6PG^#@g(OyB8$dFvk`6auQ})OJNMeE&62i{GNokOZl0zW(UHgRg=h zq@MyELU*bETQ2@u>yq-g@$bsxRq0BOm6hMw$hr3muRC`x5tFvkYE-RdA5d|xn085e zyl69;G^%<-wE!-iir?q9KVU^6O8E`Uze%_VI~kg7{|@Ae-f$7V|Nl}x8OYDd+IFc< z`M)YCv+SDA#t`6_^s2AfDUY}B z0}PO`-M??)OOSjf2ndw`%XFXBc_;V8A9>7{`1V<{IKlEpk>&Q?6bSi*q znwhOYYtT|J4d08o2K!PywR?KzjL%g1&xq-PuR|~NeDZM7G5YB2=wiIN^8GLUwq=pN zKEh@+#_8gzsF7>_xuV8zNjaSc*^RJvVdP)RN=cU&ABo7M2BqtEUDs*BK0sPVJ9gO? z-BL3mB-`yBtsfQew6x5rG+6h&wB@PO)`;Iv*WFg7><6kyq<@N#6HY=)Hgg%FB^$N~ z=camHp^Zg16UuKagBawu0I7zO6g!5-s64Y)zxvu2(@N+Gpd8NVm#;~~pNjxI7L)u3 z5nny}*re*K6P(57we{t94Rz)cvdQ!JdEEOUVuY*gOgq1TpFyWKssO7rK2t-u+pSR3 zSl$`QS=&TP1WnHc$4*~{t$mI&+j`xQgKpVSfdsWg&=rXls+{fQD-u$t;6HI5U}lX! zBGIR--Z+yxDOTf99u*wHPlocH7rQw(#-$ClZ^mxSZ|z4DCf0VqKEGYo-=tthaHCMX z;67rjnU4K}8vTZoS=PnPJf`pI{6IK60+^A`Tr4EW3&B!AWfn#4#t!mel#3=9O(L1+%7i-IH9EW`d4NVQNO6$rNicsJLS<#_Ge7R2TKN{cw)SMIm(^;E)HC2oZ+)$J0402| z@v}ow8cjzzobrYEEymOtW!@w+47U>FUp4Y6z4b56+&4&(8ygci&^pU%H+8s5L&(h` zh!+z}iye}D=2zf~K2qcft1uRzpVDVzrXpLJo7Kx>TZ#gjaTN)X`%z9DCd98{?`%}H z^YxyV9leAjAo#;Kh?^HOK|IJWiaXnzdI%7n?-XTyQxvpBwB5+`oe|WycV@AMN>YMO zH@Qqv*T*slfVEfa$YvSd8zHGrV&K2cHwx}z5LIjiwusQZVY~TFO!i=`KC@#H;7_+j z{F_9)ixxW%sQKIh&TPr7K0>phT;%z*_##UoMZ-a?>PG3q0|!#x8~4se7bbX|(gP%& z(Fh!N9w36`>i`*Pxq#aO0E!d;xIl#AJ_m9fPt8*bq?Z70QLI+pzyFBmJRslYUQCMj zvHD+MeN%xa4FjgahL9l(22fKr!pvAJZJe%Fc=Q}=Ar z+N?VMgSn?ILGMn*O~0ogY3n_>wR)vzidjTo=bNc7T{5nkH%%VKo(4o-TXhAOp|*B_ zV7)xw2zQha+U@*e1;7~lnLt7&>F~^`I?xpD4gf|D>msit{)m?7jgL)~9fx;wri2?} z*+c44|I~XMy^{GEAfm3T6AJ@=0&JO<`pty-9B3_|jG=yw3ZEV@i0ke#eBWsvE9;Gu z>rfF7M$;RdO+mU(?A9K3YaJ}Da%3>7&w~?<7)aE(IVQLcp!^SF@`rFGumIi%iOeS` zS6*CB?3^HPh$*|{u}S}5y#Nvf+`1d)=r+W~ok7}rTD?r&R)WZiuX|zlUY7g_o zEMJ)ItJ#q69RIEj0_qJ(&qShwC61Bq#s3i<_S^3Iz(PqlAmA!nZ&6IuQ5KwK<6J}A zY{p)&86noboer1RF)Sqh6IuM56IG_jneXt zj82SalgCyqvHF9JOg3f-a-N@IX}=47ZhdET#rt5 zFF_DRG)<1Grn-jf!0ia?c4F_0n@6CLO*UliX3hFg-#&R&irQ_FaI3=~gu%hip`#BQmo0!iq!|}vI z<_jM+gpb2Cl~=-DugeA03wmo)wX8?DtpfTAiLF{gW9j zw&Zyg?ilqz*5epa_^#z$xQ$tQR0;MZ=kdKIA|eyTc?aDITTTsj8-2Wv%WNT{y%rmd z=R4>X7|{kibDwNu8pf(_gc}{~<^qHoKK~9i923L?MH|YO@;mgi$X`yr<*3H1sh@9s zop}*Q(YVBrK~7K8+3i(a+5Ak?STbz#LGPZ})T3lP*_&&v{!)$^p8T1_19J-x>X=-PRy}Lx%MySvprG-ivSv3R#L@ z+HK4$iE9y&3|ScYuANvLMM#wu07fD4sraODgXmKER+H_8Z^8}Hyp1M{f8PE%{cV8Q zq|`37MoZnHjNy@)V^`*9+1z5rYVq<6#yD`luG-HW7|Mtk0`#dh>{_aW7HRcP3{Y7# zMq|{y?tnpk85HX9>^yi+EI1fF4LKCwTA72i#;3B!rqUt-b$8p0!|KW0UGAd+RlR0M z8#tPnI5M{X{W)2}RUbrL*`#MkS(Iyskh<>G_f-}%fWTWJ0|M(( z-#>nT{f^)9I!Z^Wqt`w6eO>2uUgvq;o7Ym|e8d>=lQXapDY!HdnMb%6oPLx8-#Q`+ z;{2-$o|k+q`-C^oK|hR4IZ>Jw<*7vzdAWx%lw$z<)Ci=mJ-a{lJEOS&_TBD(^~ggcRLai^08z0# zwi8GYCGUYfe(3%j2_Dd&rMDMvY4GAu9VkF&Y?cmp{ol{sbt&A?F;aT605+C8>&HaG z&M+X4wzwRAd;$7ry+#hxr?>vlNk9oMPW?~5fpcWM@{DgT!w=WM!N<-{-DOgxRWA^k z+zeJ8u7p-I4s?p$X>X4ve8{#y+>M?{#zccpoy5dYb7#y)rN?SqmdM*~4 zQ|CtH zZ%zS1Q%wjpb@Fj%-mFBOk6GN_Qh-^!H)>-T=g$j}5_#$3uTIXWHtBf1G5cZ2S*`czWT0&j*9w@OxJ1^g|)&(#U&l=W3zL z!hL}ro2&+#Dv?{7JB1`VlCG$n)O?7Z!}C5l*Q~2;CH?Ln_TMX=+LLc2w$2*afX|R; z;~H)dvD!wQ^#)$$+$Y#3JO}EYLw6Ibo8oG6;T9fqG7zA6f$qdLsn_i;{@4xOD1i4( ziV>Bo4tL~#mTd7yKX-u}H9W$~17P43@2}S+x=vM{&s+1m5LWmovILIVu2z!2Hb1aS zR@-zq92OSuW%9!`9|;hvemqfflU*A90p99pG#YiA5j${ipE>eBc(FW}C95{-{pnPtqxbE6#K0ATo^`j&}h;;h5*MirjV1ELB0W&tw{i%z(ne zsA%v>e?uG5+J*jra(|kW9HFG^b~xu#2M0lJY^xtwPcKnM=w)E0Pj}sJ-93~U5|%1H z@@$YHl7IbRaT7%Dw9kfOWk8MVua{^VmzJL{z1YoS-I|h>FNR@?3vM-H*j8EjjDpJc z?@pzT=n#Jl93UGA;d#v)n_|NosS7Mw^m}iZz-}otuf|uOFbqly{tC+4g z-S3YWM~aK`u;S{`Sbgas9CG-agp{e;*r1##kq#vD%mqyw6*D7e8-PYQUhMP65`PQZ zq0`kPg(8zPu0!-VJe*G(!$B?9~o0v2PJ>Lt35xN`^ zRJo|QoR&~*uDhuv^B8ipNkaN+nuZLt3O@OZ?!2#lY}W)hpaX;Tweyd7Pi*R334KPB z!F#Q;Lz2is@iXi6SOQ+6_}d`LLIQVDFO+ZtWu$Ca0ynoYuv)3G|V?SKS{{wX5~lNGx_1^)On7ZmPE} zwhvRi z6fkt1*DTnP*G$292Krj&FKXq3z_CRe=(q#oNW#`WVDKj6%W@csQKc$6;51X=jJMYm zO%@~>6^(-e+i&QH9~d*A@3!H!c#Q?6wns1p-Sq2m0#|>$1={FS5A^toy96q~F)3Sd zah+%cPRFUwB>Fq7e}+hq;(ZJVlT%9W+Q6I@>>Ptk^JN-k*9kTnXvoz;J}+*H(|}L$ zQ92ZgdLCavFDJX4xPI($*;UTIAAlc`;pMsw_jKL;K2lX&U){=2D-ka-WMv3ee3uzF z1lU}5X(KkVrx1PspO0m`2H4YE{pf}M7@5?sQhi}->s;d9Pn&IKDF}5znp42GZSTT^+LqmqZDYt0^5dR%%rbskJOyYT4da{czu~ z-R#Y%Etc)VvC?K3K|g6S)TOqB)c2!`tE$rUNvW5oc~2wQX6*f8Z9u4tiOHyZ zbzca7pXsArnKFO9_Q{c9gZw)xseqt$K;$ysf8r`6$`kGWI~H^-MYc#f%%TlzjvKOF;nB8RjnV@MtJu=IT)4#%8BI~;BYCq)DQfEf2l3z3h|s!x1w9if{&BSJYOR$Y6gH|AF5_gaDeYgAJ5P zl3eHE%nqHO&*Lo@yIAhAP5MTtLW-rh2LYRth=5>-F|MqZ0r}Bt%Cl*mhs1pDg$wMn6zesUFSvEelfI z@buf*tJYYObh#MDq ziiGW@MDO@@0tRP9YJ{&&?B0QK;U9&u!o4%T{jBU82ZXVe;f==ihqYM6$&tcAoD^8Q zmiRisc4T^5_+&Uv5VG{sXyd&iDeQ=K$0cijVRjn#V5iWRMREHplwpMq4D;UH+toMBJ#?4SrdzKO(-rhW`Bf%ZD)K8P)ne5d*V+gN3vAn8YU_QVoXwr3~9U=5x!X zn(fehWk9cS^`bi{cXC&HwURy)OB9E5DI&yby~;N`&>h%{kJ& zobGFjGTI#JdqzRqx)+}BCL40odnCwr31(Aa(F8A+c@(WgYQ{dMqs-C)R~6v?W27ov z7B2z9c{ssYScgMLZb7hfMfV}NH+4lWjF{~^5jp{PUJ`n8#N4K;EZl0SERAGQ)v#lE z>JA{}qsR;X?X8Q0A4?bQOWXkIB4f$6_CLL~@BIIEU0vNJFZ}X1PEZz0feQy(2UNK( z?R<1y#ngy4<#QAok9nj#&=?L|9WUKP^Y>ZH<1 zMXSKI?r~uy*L~OE;{hk*iCd>P2Hb-O0AA=%&vDaM-E3qc_vjHg)mvl}+Y?!JJ*F2?<24_HxzrFyBS@n;5;cv<1?Lku;ne4EA zrQuPhR&b#3{KF&IDWQLptmD|Y zLXjojtCL5SVvd1_O@fVqmYC8CU_{;+FfxHZy(%UT;%!mb2iYuBs}l>Xc%7;+A5ldp z(}|v1`}(|2MdXA<*+I0uiks8{z;UAi9ec3E$WuplrSMu{;$Y7mt>b}GuYG@|vBkbk z+X=fclHp|h5R@aO9~)#e!^X*DrES4a=J$A#1?w*J2rdKM4hT0IG$tqE_e7!F5bC@? z#?3hIN7Jqer?XI@?PAwTw$4n z{#+uRj*EepfEXucPiKUH{UVzh8<9H}s|j*9-`$6JWLx&~zc{d7ofQxpjGrUvg29$) zsx9JtunOVyLDDkbZuA3lrBG69KKB^gZ0-c($*3Ds+2!W{$hU-{{8j;7yKE#Og>q@r&A(#gv1A&(RE0Xp8mAS&yzDbNM~ zY6k!EZIcF4b|wHfL+6R#H(Gm3eM|s{T8|S0ynCI-LEWVXn0gR#s{J%1eu}h{+|g=m z;e0rPo+8alg5~UQtwoa;(a$mt7l%NK9<(Rg)Pp>AFDGfqmePqw(6_vZ4e5<}Wk-QU zQ-pq~SGF7-W$OxWlyE+;h^LxHKVoZm0X{tKKYCYt)j_bAv{;4o!iV(Z3YZ#j33&pQ zMRC1PVInF2KlgMkWrr%(AZ4wQFKo<=4FNIt*8uuY3aBd||8L_0Q3y2@AYlQ<3i zmb|U8AHGT|fKZ3>7KOrv8NErRuKuO&j_s%AES3p!8&#Ir2UL==?EBwVXP4*Z``cZo<#X#&>jNu>S%EY}pvju)CLOd*E~*C+Lim zI$hnQ*vcI|ct(60+gmIm3We1pm=B#89IlUK0FF%&5c?#cCc^-O!^Y6=`;`&6j)M1w z|77&|E5QBrCGNyAS90y$V$ZrG(4CRX=LK@7i2<#F>R5DT#5(KQ&WX8gyMaj-HPE=! zNL9=wv>~}Wq?cE6FMfp;OYP!uuFR$?JkVzANtVK5d7opT$5o@ODJKM>qM08y@uqj~ zfPiwA4r|G? zKBB6lZDrq7M5%5A*mvRRl$D{#Sw()#^!>UAp4ZGh=2ne@eq~$cJy%9ZZ+GJ*^tqJ9 z6|V5{roRX}dQ&>rM<1;v@715wr{GF9Hh3MbW0b{d95qj>n4^E4Rpa1rP*KN>%gZnJ zi(CT58fnD50)`}}RK-&z{@ZQxzk}OfG47s#x7AH1@sVU3;Qs2v0__c6Ge8aP&XxW{ zN@${)j#L3*35AF>JRy~D!}vXSY$k6y5?7bF#}A!xalEgm=D+A5fX~+u3?8*onyj`s zbwNzd@?q|ml9-r~SmSy0sKUBGur+RaGVE`lS@q%xbBTmcGES>v*E4S~27jSbHh1gZ zj|^`}oo8R74_o{2QgtL;z4aaOXvdUyOv{9>0~NE379jGon`nz6O-NG%rgj_;uZs>{rSq}1WILKl(b_D{aW!Vi#iij{1+b=U?7tl zl0o0FkYUm`Hp(I|^I@hNYf7KQ`JPM7CfBlOAQ3mvxRWAJB-ui5aD3vOp zsQiO8GaP~9}&pE2cwocoFIq#jq=7ZX&#yomwkCW*y8S=c-Fb`T79t~so*!7 zo;AN^R;@s7sS-%52F%mzLuL2XAsIL~8D2j7tY{k0OCCpOG#Q;#{Qu;%)QYP66S$x4d(6`IywB1@KUhYQ5}n z%gd-MyKyzk#?=aRFtt;f`%-0$pGk3T?mPX5i0DQanR!)absKI;>O^_B$7*W-cF>swrJVIbq=8;7wfJ z+e&1a>#kaTXvVx-VCNmy7jHw9Zu44MqyX;j7`XfRr_^hl+$#vDsSLpUmQAjH$@X(5 zuj5D6ug0ZUm48Qs&zPvF8_Dm)G9>#jGD^vU>5 z0uKGhxK&9f(NLuuE5ni(4-pOvM{Pg+P~&=!gUIX7(hZLO0wM9rx6UTM9D6{gclw;l zorlR6q8RVoDQ(KiJ$e3dsrmaWhh-s#%64=wPX!H}qk8e?gvLhT{(j$X#(sdj-}t3{ z>GU4jMHpoFt!&`pRKU`-jK`8`!_`wYrU7|Ik3Gk)zYgZHtSle6#&2lZHkK=9Qo0@g zFg%}~_yY{|Q6rH(E!E61g4cqhdPw@jb!BFqS$P|TG@X)nl z@;x?W=W>^rzuc7}x;M4K3rgpTkl&NQ;!<$A>?k1w(o?l;mN^hZJ>5JacHiuA1S`AL zYgD_-C+(8>@}af2JfO8!J}t9)L+?ZpYrcO!vkPe_8r9&EVC95{ZO+DP2Ujf|3v=dIlmJR*M6mh{9Dmp{Rycns0Hil{Q4 z!)(f79f?iQm11%K_SgSI_SU3uYsDJMs!o^t-NndKhA@K>Qw& ze{+jQCo7WikuZZO|B+}RAa<3WPRYU48xvpJ)<#UJDGx6NMvt4fPor9DUt+6bb zlJS3gN+X_SBkIPVWz%?9KXf+zu299%#?x)T;w?JO=DiuBF=sl$;rnSj8&YAW5 zFZQDulGRJ%JCPwxh9U)GzG3G=*Eyv|PyuEf%n*u^YajJhQG@GHg)}iPwCjTWxgJyL z%}=4W;$O)xFw*!)RTwa;WI%82!BlVTSSvoK%v>NAou0!A7KsY(PA?+}7O6Ew`*mpU-GTxhoEq9nE+*$;pj8MjJSO6`~MK zl(YR#DGXnWD5vm)^`C@Qe%cT0O+^zL_{}7qQrR;rc97k%YtLYyF|LxDGel@uvJj zMjo`=9R~)ZuZ{ybBFan}I{0__{@E;(LP%F`o!ZZFwidSJ^m50rfjop5J_<((jyGlx za;qO}tu&K%q!`yICYHV3_6s`)#uqo3&+bIp(C)E6a-AW37YRd05 z56o5Y;;EP0_@27u;3==g zJ0VzgNQpuaSWHlJ5;sIChU9nd8iH5SHpFv5m0i{!VbGs>q7xl`z*hhvxXT*HYl4uTTDKY`I^z*<9a?xlY!-XV3YB=I7vy*_uwcR zWu}&$R(wL9V1PJsAt`OlGN1VQ3#N^v(nIl$J#Dw_agCEVo!=#%Ku35QUF{Nd-%Hp) zT^&-lE(OF?6l;%DF~kq2y`z}5I8bq&QE`fVBC>?XCJC0BFyGH5zMtb9L+|l3kv7Mx zXV+LCnbV-}14r)EC-nBIPw^=x^xRjneKEPHzEd&Yw&~la++}8ZA(n#4e~V4=lADP= z%I4oLIOI6Tw~F;SzczZBz^^#I{`2;Y>6uUSH_pCiWm`eI`hY*3J6cE%!N6}Fgb@Rt zD*bYo^ZryMM1B0MXNHsm2R#b-5o1n;y&e>H4qKM~MN8=nqP3iI_FIwh6{*wAD9cbZ zlj6AMWf8C$+BJH8)~@`*IW5tk@-XHrypUi+W~E?^-0GF$|d9Zd67Be zkD2aJ`vxx&ic*-r+C-_#?RLS(t99w_;IE*H94W@u+D1_Lv7a|zX zTJ=bOClcT!!~| z!-^EQ?uuDwV}am>vyl_^5PI}ypJ|Fw7owKG7uYyEsWQ%>W?3I0nw?K_35&Dm)1a<$ z39ME3SUMVHv$8JpV;5Pwh4U~H#`BykYP^FXUnA*V%fPnNoC2vuzMtt~%H*36!UKhv zMqzCQ(`#U}y@xQ{%A1hu`1f2<`r-PfvqF%{7HWrREXaH1G)QcE;@V@O8!4R+?exxG z!`QMw8AF+w5n`9_09jR8-QAHjuZFlu;rNm5D<&d01k=TQb0-eYK*XFtfomOuEh0<& zJ0Tyia_tZ_F%dl8rG{?;-~s;32JV~iJCdGf&w`9W1RX=~@#VAH9Lx0_V}qpEBhSj^HY}eSadN0yT#T7}apHK})d^6~InbZ4 zw2@Vfn48|P<`lgyx$dn>yUmCI4nqV0IaavX8M5t9zcP}S(-G(55e5y)k3Behqbh`ydM)+{d1|*yp4Q)$@pG&)Z+(q>F5bIqTg=;zQ4?0#ih*if z`N(a!$Ofs$5Q)KkbOrw57W_=s!PR4Ee3?MyDng7LOlgs;Q+I{>TluTvwPdN*NC`=c zR*D#%wSWjZL^v0S*WINNIMEYYbNf=j>$nw9RCH4!_zxb&d`am1bNv4Gvr`}Ht#oPH zPx?uCVUl$x>L(E6M*6-=>)27{RlL6E53Cr3+K$R{bg6p&BoIYS0(QHL9KOc+{$fNp zH>uZCg-*($Ehy2B6)Md(YiVw#Xxk>v85$`{Dlku}V?q;k7Za3|CA^O|_{RDBPayFU zvsLJTMc@K6)fxDLc^kNZM&V#3Vyn-T3qJ5@ct&GGU`3KJ?L}= zqierucIN|G&Uadec6^KvsQO3MEQJJ;c-T>3NoBftQSUK|?u=Uigc_HiUJgL(BZKJ=eZiL{X&;O0 zzcurDrVQNWA~Uq04Lx8s75+ypCC82#KvR_ zQ6K36{LjiBV^q1gwIc9i-aeHAM6JQX{x;&P4u{6y9@`CuH6iNg6=Z2c9BeC9vfqtk zO!xTAUeq%CDy{n`D8^qFmlGY8k7`k`7j8bqfDCb4oB-vEnbdv_CT5~%Vw=AxR(F2eIbVl+TI$#2`K5ENM(hXUlt%882ZJ65p4AW3Jmk?4;vxM zEEvkfU(SaocIe|-Rbdr(*4seVdoj3zS_^^w#qIYIg<9FOPLiUMiDKrLj9$IyQ~Nd~ zZv0X#@Dh`J$GeEw&Sic!4FiQ%q1ZTP40TxyIfT;lVnpo0gA|A)1#db=ICkO`6k;)h z0hNt+mUxy@S|}AB$MK58GaFy2nkB!|`^X7h58M(yh2|)3z_r7rH@L=F}w?SUC9Bk_VSDp<2kYLE*O+TzmAG=c3-5?*(~m zU#XU5Q!~fMOcW3kn<4}oH?fkQ1u7~=PW{g>uu?s?>-=oh9jasf9z1CO!U{NwOeepn zVk`@8+mC2~7?HH(XaXzLDMHO4oA_N9Mz&R>H*&({v9+a&!ddANP^}hcUsQKlVh34@Qw}<+vn%jQeJFMm1huVyaQATAx*xkq*6VbTEvQEityZ~!$l2K7PYPtF7hknv~ zDrjNg-aD&J_Dv9$nqz0IU4~sY`=YSKRuOTN6>5k)2Q9-8lRrgZuwt=djhjMko_zG6 z*OK^)Y>aW$CQ{t{{DRBE%=fYSj68D5tn9nn0C)hZ^4=RGA6(2{)PEI@-)098iVO7m zm^qzTUzffGcNMYMQ1QQ@@FUuL-Kcee8LRUqUtY1Xj$f-nhUKubyBBb|57eE?-~VRv zYJ6S>z%5e!PxfCwl1jKNey_*yyUy_phc9H+1lDtoxP$D?y?k`zpJ^@MSdfs_QwTZ-VD;KL~s;97xvq zz+T4OdM0-LN*f@21B%B|Kg~2$_Bh>y6g780`}Y%S88MHw{}#kFIBbs?JV!!WJ)vWV zZE}A1ImS#lmJ1K=f7$~!+52ZAEBOqb# z`X?bdl>X=t4hI^Ky0#a=%MY$Y3`yUc*mM#d6bx8cw*-~O9;q>lpuh^-O~h9&G1Q6w1P$%~3TUDn#6jSKj!)A-o*=P5^V`v4a7IuTwVYm`GN~F3 zGy@K-m#p?%p!&K>omr73RB-@6ks-vTgXECdF6B3<vluy%LQtOmactD5#GXA}npf;MjBD+$L*gluX|CdC=>*izx5Z7q zbLWOi%(L+9Wy3$GYv-aSibaV@iZ?&t^Q*Ub+6)-h-qADjT-Nr?y@G^ku+=%6I`d%rSk-c1~={eWy#vRkbH>@zl9ZpP`PzeuZ4A z_(-@L%yZ(zXTx+vXaZ+Q1MQ+vvjLUuxpdm4COJdex)5iE6@^5zg56_*g z#X)R-DbQ2wOQV+Rcq!aDQNBw?{Cl8zI+KUwJ&v)WKN;fg-G9swo2P^>i}!B2n29fb zj`Q`<>|hsG4dV29X3VCHK0yt0oYkdOb=cxR=LBPeuYqdT`Uf_1$yiOx`t~vQ-B%ez z&ZCj)QjAn_OwjaM%LtJjmNs?Xwl=1xa7%fNK${xg4kQgv+Tl#XK*o|o9JWkoTAGpn7y ztLRH!@$Cq|L;Lyh6vd@G5<|)ZpKtmn&ZS5)rf~CG!;&;Q@13;fi`~d@IzZ_%c!pqV zqvCj3Xv&Nw5-8h++VFE-AlP1x$kX-bDb80om74{@Q7+FBC27lqQ${+M#kbFF07&d{ zh1kfe&vXbhV!$jyX8ZP?8I*>w_=L<+htb~_2-PJ->Rx_VM+otHZ2Tns2uQd zQT6|PDzDbPU}aZy=h~VqM43_L$vJXPwPi>cORF8Q`wXv!Ru}T$+NLn~MkD2o0D z6E_n60Zc^FAv%93dN^>}y92p#cKf|%>dwhpu5agmG`paPj`jDRyFGE<`^rB`fwVFs z*4|*a!_{XElU?ir?I3=g1$t1*kQ}}6685c_MvKO%I3z{j_NKaQF^G&Ie%FHyYa&^J z@DhG_G0l!uF^gzA3}R z>kS1*bU7L@#QuqRtoj3EQ0uJnU^u%~K1m>&FpJf3-}c&UVHWv9*`{EtjDNkHt@RnY z`=A)Z#XcHlph4&}<$rZq{FeR%hlU(bNh>hh{pl0^tIbqe0L1fS05Mk#+3E;7K4IBk zcBI}v1I}6Uo3eLV$3;1SV|h|>DHniZp6i>8xVF(jpFqkrBQ)_dP$#h$Nu!N8%xt*N zcROW?OHR{%YYs0neHFdXo|a5u6%m6DYo%@mVO8a#gkPgy>8Wqe@!NzlYiM(~%BYN) z=Mg31+}&U>Dqwr1xxvPBp;NTJ677)1irPZ8%86`^GXZ+~tdvQP;=vhOq5I{L1dUU2 z7j-F^xe|*nh7PdIQgdb{mnA?QDd!!d#JFG&b@o!U&0Z@FM2T@0)_1UdUH#yH1vx<< zbIo1ZEo?3)6z-_XV=bI@-)x%>h~co7I;fv@v9qpkpwYk31H(U26=TCd#6G4fTn)f` z^Ge5T?VqX#Sk(Vj^>o&T153Y_Fv$+|P-=C|#EWYoj)md z=gpR|TtQckwVzkq3(l9YBCAO0BbaXPoN0ej7f? zl^d3Ke=pV_7U$X>3#z;eFlx)Z64XrvfZRUs`T94n-9^Qj{!E;=Kdl_?mXmN7{8Y}& z`AkA9{5q2US(3=P9(^Ro#w!Mf7G#2|X4cJqN1(ry=4QEikE6zFk%MIVuUP<5XACEY z)PY1F7mLv-_T9wOX^E6t1kZH<$z5?g++qb-D~cWa`^FD_CHQn(TjK}|AYMkjv!w|P z5Nl5>VU9?%!P}HO?I)JmM(H?6+=f<(EFj3?JP7f2l{M-EOPe6AX2Rp3j((c?tn$_K zIL%`3D-al_Q*6iB73f%t*56wF0aQYd${m73PrajK=u@5ePY!!+^{vm%zYo{% zQt|kR{jXB-@YE;Xnu<9tcAMh8QSB8F#vwHoR7BlXYvL|S3FRqh1 z*e^gHW~2RumGtJEi6P9XV!47i1;h1WYyG+~&&Pr>HeI4G8TumxjnX!+7sntNd6Anj z#pD)30<&*W2xN| z=GtpfqKIKY6q5y(@}vU4okA2n4H-BM1Sg%6_*2K2iVrALnt#Rb{EL(R^R-TnI@8Nc zVw&yesz4U`cOm^7l^>VW|BcEM_00;Ig~h)euhU|PD-fDa&{`HD>ZlN`)Kfp3My;r= zfzGaGG2Y%5rcAxnHs<6sc6}uJt>dkM&O{+v*q-29bm#(Dky2q?_nB&};^{UvrPw&Q zf^;#-G7f6nYA~HcN$%hUG9Tj|YK*W=6tpnuQzg@!m5uT%iZ;e~TNJGNmO~FZ-jy`L zwlz*m+t(+4QoEHzfse)tG@C{`3qibzd`yP$Y-^UNu$wKZF{>|)z0KADf%E>-lt!CzV8i0L%@o)< z6cjV!n6mLtJt?+JlOX=fFH78ThU(Uy=b+Ld6`4xI9Iw%F_~;@GUlK2p0+XFDm&cV# zZ71!PiI3!A4@&&h5G9tGZ9y{Io}&kFz{&bA*{80k*k6YaD|=F0MHts!q&q#54RKGT zVC0Jc%~C&@8l!DU6OD~C#^d=Lzm>Pj;GdLHY83l7>jD=T5G9J_3J!=WOi*Ne6R7L_ zj2l_`jWN8Iwl>Pe%y{&uVpmVkv+IWAk2em53#7aKZ#iaB6#p;xk;EfwpnP#TqE#cl zl$k-9W%#I$u?O2wv)>kZ!c4y zW0B=kT7EEMSY{=0ji;1+THwPm5QTlqb0&U^W#k1&PQBRq2nojusKPiVALye^o^YSK zj5T|qn9lhT-JDmbc1xFb=%(#BUHYxD4zaJCAboc$`dF;+3Wnbx^9r>@Oy5|l(2LAf zVI_>ia}^|NnIf4rOVZ6EaQtJDoa{Wc681HvS?(HRuOB)%mei?1)10KN|J-A#*0gfC-)fyFZ(~0V zhz(g@H1n5 z*mw&;9|rqM_c%nF10=AfM|bt)%lxQss9+=p9J7qMSF1@XT3#>&hS zAIAL>s~R201fqE=O=Lx}0W9iEA^BE=Kn$^*rod^;p;-|ASZN@{nj(uakV2_{Y#Shx zJ|DEARDZ4;{kUOJWv5A^Rnxc^Kn*%ErfXm}KMJuVKo6qp7)k zI~LB40qrGzooNNdb%UF=HojVBH_z+_y_(ChsUL7HxvJg8uHeC_L+(oJf)ldmdW6Z3 zfBN_1VtBn*3mAQD?m2V0?vvUMou{m24kkBK2!%Uc3$;2*6Pue!XfCFt)%PktCd&ve zK@xS=L4hN#CJPUm4}R?FH>;XTp-M%S1-=!Vrz`=Z@w;N)|GK?J^;3ExDzx{lbG6Ox z^Z7gUF`B#*d!5kk>-BKT#-h1zGaIkMBQoX={h7OK(=HuJ944mo${4#$zh;Gc8c5rI z?uf{gZ53~v?`eK&S#tDx$>HEl?)lU`%8%@Fo!cbdxh3_i1bF?M-SL*9AYzG{NFZu* z@Q4}?3)pq~ZdW-}-8yDuGv(yl%JYkHbZ9fB!S!wZ&j-z_Gw|#==P>dw)E(b7Ot=!K zX;tn=#V4soBVBPpeWMNNZITX`ZMCuBZTPFnqZVAF+bj;jyBAwlY_tEt1YVS7J zOLJH%k}{V5)`z9c=eG7dDw{Mpt)+cSsBxmCYq+s?lo*Ed?}w-vWWoyPLO}jhdM1|0 z_TodOAgPt_0S4^OolyZ-a07irMN_}hxx*3;=jvOjLGbqjIQSY|nlUhRKtOw{t#k-s zX3)?dRR9Mj@4ShGPpR`RjOIu*7rX6Q7W)j|Z^mU|(jDd^+{SJ;Q)|njU61hasV@Cq z3I7#FIM47x`csSNJZqh_I#My_8%2`!b8WjEKk6&I;8&TpNC?=p+83ieY!Jtfrv_GF zeI2S-dAm}^Udhl1#n0uqiE5|uJ+HEr(I9bbg*99;);G1yt|Q=}@z9Z^$-9Yb5OVh> z2lzw$xjo|}Nsaz5=Axdf9tA!Ln$AKr!nMH7fjWv!uEV7~nUPbWOYTO8MET}|x0^7+ z&7IqMAaMIql9@2F-T-sjRP{6=Xeoxqc}XLD$md#Q@J;g7Z5NL8y32*R>4 zsV-)_t>o!H_4;)XKB`pFfNd1!a>mcR(mOJA{1y(+ zV>Dfedez>H_+;FI{y;Qn)aE-x*3oOcRloU*BcuZnUuaSn+y6j z2>VDHr{l)&H3QVg*K!g~1wejiv_`XS-MAc-gY0$n3)@W<=#1WYz@>$(gw$nS{e^RW zJjkeXzKt+q?eE|LpI#qs-47Y|;uV8^x<1I}?q^*C<)iMbd!3z6;_-9YhR^PW)28~Y zI8__u&49#a%!86;uktbXfB9B2dN@v~uO66u_`soT_Gp(@&mTe-ExEIBv0V}X@ZLwC zvR%xqSlHFA0Op;|9(|`btm)2a=t<+R5?c8=vESt5KS(_F9IvKK6!WysW1{G8MKCCC zM^ZAT@Je=WUZEy_FG9}P-WUeSlA@SnbZkq>fU1EP{)t{EJK~tj2pzWo*jB#AbPp-4a^N`9@-@;UcA*Ai% z@}&D;=iSKJ&Tb0^wVQfsQ20RJv>ObdqyME_ZPZ^D_K6a1{LXllCTMxTM2$U_egO_N z{p1Q!X&ooj;F@0kVduu}ZDy4z>JH*Q8|2LgzCqdYTLX~dY|>@%Lt8%pr^7RUBl|Zf z;MW;+z#o-FOjm3G#bM?mQe4Yy>=QtZ{w!AjXw^!>k@2JNXR-Z~#)?oxFI zZx5I&uqo4K;T_CZKq-5wQ0W%b`EGq~rBa4>5yj*VCFFG^f?@h5#Q$@a1xVkVfs2DY z#uU^ayb8#Lsm~d(D_Z4R2D!l;HECt9jEhU5Oj)A?Q7jMC;^rUfQ`uH;4}C;Q^1@b{ zb-DMR=eM+0mK9HgbDQiX#odG`XfZvYz5YbyNo_muF$&NgTGJQR-V-aWjAV{s+Myz! zSIWyJE}!4Gc!LBqyEE(n<;V18HwLI(_MT=oyQgpVK2sKKek&c45OnD5Kw=Su^=+ch zlt?KM`}xChhkkK$dU4EB3ZxNXhPaI6%y1m}?iZWbqbU67cGub$!MhI6emIaTywo`% zvpP0hKS$f7^aJ+w)ReZ$g1COV&(DSL#}Nb{O8@ZA8c3(ju=2%h%(zs?DVl?Fc+b;yKn2oN9%f%Njbyzldzwa$6Y3pjtkB9MeduJGM^f7-s6&m$f}th*D< z+-!WB7-y9wStmwgBw_B=lbH8YY(BXe$Jk8TiH+?Fb@zI7|LI`n>QU*W9k`b>mJA7u zUD8z6$+S7>{cCjDr<$1&w2ntZ;y(;Rf+WknF&_0t$?Ak(I??}W%p*rwWwfBL+HE$;8pCA)F0JO&ihyc*sBoKLeTQgj`Pa1|zVPLUtZr-!4HMR~1); z>C8(o@QRlx<_l9K>fe*n+(JfE^O4c5CkrL3E6_8Gex+gUJ3HvM@J2=z$sIL>&a`ZD zm^(qbNMGH6osj=lSnST|bPxq4eiwA0q;}TYv=LO*k1`r?Qn4OH3iPwou4o#M| z{xxf3!Y+6Qa+ylBz(tK1sj5H0Fz0pf(H%QTb_2v|&X))rf~)>$`{QU;0kZRC^*}U) zN^htibnlThg}AX+sJ2tQXExst9Ks~Z!cr1$9y7yze-G96u$sG08aC$fL$rvKm|tL_ z|H3-;=n)xZHvRolVIxh$>)Y+sUL$cJI;#kFPWlM8`B% z5^$Je@)ZH^PX8|u4}7X`ZV5M@(ubN{um2>NwUee`b@Al=c-I}=8ELKhE9u7r#5=J* z6O0tY>Dd+StE0F$8I0ij&n*nHBNRwPN`( zNXJedEK{M-xlyEQa4d$A^09z;r2h4tNb;VtTYhW(&WH}qG~6z*p?AvUg!D0+Fy=p% z>QJ-FYd{x7rG_na5<58eodwp@rgVwIQau(j!McbfT$Xkb4$)UnTZVM9e^h-ziu6{u zxIKN)3%jRWzzUr^g?w#mPLdRYI}L)AKl%wqQ>^=A$2l*O2)h^W!!TZvbOI9ec}^EX zXG+CqW}yV;xfItXXg7o#m_@dmHzvuDOyaO)? zgqE&{@TxiqL0|5ycMydaTGM7XN@x=(yghf z)X(`A^zkY~V3N15z!^XAopn?iBOP^@;n=r-W>V&Ej3Viu-=;}yO40k&+$BxO8&&hCcurMW_vZ?g)4P|SUZ9x#R_t>C^{z5U zRa~hq{JN&`xX8$L#*^IfAhY65>P&R>7voIz3{}0bg?)b-5oWetJ6m*u|HYZg*!e&9 zh2Dz0=|B34KR$3i{C<7U@$_R?EUdUbt->WztOd#ds;Fy+gq zJ=@W;t9$mL)nCn&fvb|8bX?nWOztTh!|WoTv`0N7k85#7^)3I~zJN$d{%N@mQfff> zPd{XQ$>s_G$K)=H3=~_kG zRcthef3gQ&AvE~o4}iYz_z#VoxBr&pOCPqUj}@4#6y_Wely!|oI|C4g0dniiaeT}Bbnb>w@f62(}f3gE8`GljX(4N!V zExxI%pQ%uS=3dT70!faH?VR!5oG`QLG5WZk#+FwfcAU@JdC|E$V|EtGoo(_qdR4Uv zQR@)gQjm5a)5O(O&+2~A@6J*esF<1z{(qVtn(uTz+Pr*9LmPaC$Th;$#6$Qkda6({ z>0?Sl#QdgF`TL1?vtao5S0vf?zK>e^o{>}&6AN3(QPdya#02RD!DhMVU$G}v!C7R; z5T>OUCPfsgpB%*e94C*Zzz|&rJ0P5y?v$vf^B_g-AbKyVnc+bZof#Zol&1V^I15?c zfQ`q#7`%ZDf9Yk%y^f+d+LPtNqof4t$_B{lc1~7hJ-s}kD;BEHy-ccQdU(eUEt1Ts z_i6Xd>-{WKZkaPi<(P(j)Z+_ZlQ>ZF$$LZBV!-|yy)c0D~fJN)%@9%&j!3_JQawzQ>Fra$q>tAktYgPocb&*6eW2o)>pXZcLV7H z9lJT@0+?@*_q}|?>!%SkK9uBWEeYGpYci<3ZCuayD#V;x4JYMYkry$JV7P`aolu-Y zdy^7r1H&H@1oj}2fCGWnylOEm3xKdYiKFD4J3tKRcWTLBh8mO#eU_Bd=qO4{*QWNOnImbkEd0`ua zbkq1HW`_=~E<4Fl@SLlqzj2Ec2o+{BJ~A`RaIXnrh19V|ds`bBN(Bxc=0$#U5IlbV zN2S-J!CokjrVOQ@xBVV zoUJE#%9BbLhN7Mh&iP5WuOh`?eLubODu3nQrw^$7%AedLq(%#cUf!x#Q+udMryAL`sLTrP_O!Bun{?J%dJGk=PR%)HMX#ndxEO^L>`hmlILf ztj9TDp_k-cM+h_T=>13;`c#V~uUKs(TRjT15vxJB9$%lr^_o}?e=tN1ac1^oPS|cJ z)6kYt-pG7wge)6coNacrj3fB(>>z7*&M20G`q;&6%rLa8gXaKpNh;DsMlRPZDvYs*u6yqiU!+_MvGe=u=k zUGBOfFp@Q?o``pAR1AQhmbZ*gw~LgcCiwA#+6yzUMtucA12zrG)#AvhkgX|_3D=zZ zTb3(Jx?{RekB|4PQ1HaTbJb!i|M-t}Z`eCDni4u)aQiC8jR!ycP+L5Ifpve||NnM{ ziE^phR>au6Z40vbX`{2LZ&lSG4}&-@ZYQ5bINs?+8*80@egFI0dt%QdMT1rQgN{_i zz2-fHByFRD^@BGOg&@0Iyt46m9MG z+iUpQRXzM`eAk5AK$S(RZ_Ouc56KF)`+au6aJCd`rWmZsYqM;3# zp8!?)f5@n^G_3Vajpd+iC$-OXDz0rbd|=D$fht||q|qYD>k**VQ97;;7$K%ufI>Ye z4{ebY_VFO_rONTsX1Dh__gkF(0T)0HR@tyxW>%X`*1P<-oHKmJJaE|)zzkmR3U2)m z9&jAM18Q}ErA7doN&t|6Kyu#eVE`Vm$szJTk2&D1h1RBOI|0YfNAzW{GBv&Al5}Rk zSA7-L|5(d>sN4RyVecG0^kADdJsTcb>+hzeA6unl?wg(w#JINYtL9b6y>@ixD@Rc6 zg{CUUM6RY%pNlz{n+odwqjJ-D<>syr8s6VWT%#Vb404kH_J7mz;Z|^2hWgR{pMEO* z&~rr1LT~%#&WxMST7*wRF8YZ6G={9{yF3t=sJwuxsoa0PbbT-V*EYb!cSK2e?H0FE z`QL-Z1*JyeL66j-8=BCKr@>c`d^rmO>uKfV|2X;sTG^rEv48aCf0c|aNt^lk+tXE@ z=&IK8ZjQJ@SCzf>j6lwR4!W{e*=G*Pl8z%~jkzvmnsu-Rj26G$nYH%1C|B_K; z*yf~*m*OkxW2eto#1uHVh^iI3RN>^TsygKT!nJx$fi6n!WvyEwt%M9(@xN`gH#xa> zhvW*DB1l_Ie+Sbt*Tg}mS<3d%)A+-Xj*J*urfQBj>mk%QF?D;fTg-dL zJEoO4>C-aw=t}I?lrrmSg}YJTY44|uT>>PD3l4Y$yJbmS=lKpm`IaJK@8Xt-Mn8x& zpYb%t-8c4Oacj@Au40kd`{{QBe)9Tu?XF^=hv0i$DuLdEEVtIPcQGqc5Rpc zG(724(b6>v_K!}>6yX@Poe2p=$T4!g&+$a1!o&g9A_((Ks)~9;KkHQd-^1B=x2#x+ z<3xSCV3q@8Xpsmax&){6RD*q`TV171`QgKP8OF#zAjEH8vnE6exvV0U(7mu(f)_re zg>3Qe(DbzqGCB9aU0#{@$yRWZm?@D@qB~zYOX8|{My5D?FI3*p9!KcG)_;WLhD3%L z>0+cgTxTibHDlEwA)(CPdL#DG4~Y}_TPLptonEtKu_BEhk6-c2uw*ikc6&{Sr|4L} ztogJTYc#A03IpkGj{GDb7xv=m3G<5@{fRv$wvfw4x29RqfR5XjLjU}(IE zqU=bYq`L=5C+O?35_<03$Eq=*sA3h8kX_AvMGcNr?95cWdQ?wPM3SgTzBg$Uv@tun z3dD~Fm@1SG4VdFX7K&A&vJ`~}Yuo5cFJ~0f(J3E6+eVVXShCqB+Qg1@IB`-qr!LYM ztA=tD)f-7DI{($xNd1@5cIw!De?uD@FK+;x3e(TPO}re#VRSr7Hu^w^)cF6=CmB4M`+1J%rBDbcP;*SzIp$R+O-%%MTy&d~kd`Uv)lIS#=FEH_a`^%vKsoNM+n^xcR=`dWKCiVT2&1CP`WR9i9nJS&M^*$nD-@q${PNa2klU@M zC4Fp%XxtVO3;zLGt0{M9E7Xgk*@2OCz^kKClgb|csbdv#--mI4rU`uLk$&p%m+v@& z^tJZOi}?v`wVb@mBcy4LmlUhJ1)Y%>_aj!}Zd=#ka6?vkSWdY2kQMIrOo)Vrw}ChQS)AFd_aA%x$OA_&H#A zM{w`Awrc=2m4rHLxj73c6NF+EaBq5IT|3}(ZCYQ-b)C8j7=8eFeD-tSvU6%i*zHZ9 zs?6Flr@$T2TQ8jqZGDrPexkuRh^uWJp0WJ^dhyKUm#q!s>XC^Tja<1mwS@PDVTns` zV|7u^`LVd$;Fh&Q;n$$B#CtOrt$!_7DaW1Ph;fF)~k`#P9lq-|o)o5$>!%kB~l2kPCNa&^R=< zc7ZgBk+QRSsrZwyt(kC7DDsnSQUg;ApWEX|hQGwC-8;f&^@TVZ0W`c8)k};fikK-8 zTH>s?8uVUxRP2*RU?5T@Hurt6HsNg+RSHl83rXjTtIdMzr}@3KISOeej7IRE$jTHY zRG5jTt5+?jg|F(h4P-i?-0eHPPhWSZh0lOkH63}dIHlMn2%@>Rv@Rk0OG zd3pir!e6TUvhW&~WY!}cq0U2}4amMIblj1`M=1`N1b|QANPv*&731P782U)1!qu(AuF;dC6pWEgf2h}kel=tG4Yg)z zH41R7c2a#B$clKy$)hpVgAsHVbdNfo$~&FdSC?7unluQAgM8_C<@5Milayv4RVJkq z^KJXBxQ@;YB=QXmO&XIvdQ85p1-; z?hBc;p%sr>TQ}FZL<{7eOQ9H-TIHAR4QfzmNyQWFPnGu8?t5H;OEkJu1#*h*Ldrtg zPI86{jm>Zyg*1AdWQPjs>uGE87P5lpJaQX{Sl!?SK5>R{#q5j24jF z?QF?nM2Iv)Q8CaoE!hYY#7SS&3BO+0%(5 z2Fa4vS@+VMJf$7jLN3IP<`x+kDTl$Syr(tI_YKPp6C={esW4V%2t{@Irf=adje#$6BjMgjw_pz-52LQO-JS7C%tQ`Iy>D$ra z9qGHxoz_<#6CS{wg$P;oXkb6%#ot7X-ZO;JOyh}Sm`=g`wlO~=%Xv%j*7tD#$X-Hl zJ@A_h*bkQVw0EWf!%i*9$%0Ppdos*JzG(>gEz@-hSP+j_Tb`OaxUZnn;#_v}Hq|Gu_$+t zwo&@q0E}}8JpDD`FE=m!z43_MAAYxRR=*oon7yz4iwW{u+1|&1A>MZBSHKx+`02{S ztH-{)Rry70>LeKXu>ADwPKf9ImkYzjJ@-EceK4|_yA*aOJ>A9Z%&dll22i|=j-=G- zDHGsti5`9d82wM)Sh+dhvRPm5FiKjj0%+b?T6o?e)7#?C+lfmbwyT_YcF1(kp>y@=`Sl?Hr>{3o6StklPaw1Rbo};|5Dy%5rd{j zhX<@}=K_`WR-d{0#g3**FVsCiNFO!%)8icvS^pZnF7W!$;Q;ZCJv(u}7xFOEx zr{E{V`Chtpyl9M~O=B(lr!*fE7>;^0d}G>Ub=JY88_2Z)QWW%)RX&;3cjAPz*(B!v zvfX3)(8_+|cceEs>Ro;H{7uyEkfFxebnF%1go{XMc;j(8zJ-Ic!5L(Q*t9QrTzasr z1jRQa<>lb>D8OqiSblw&=tV6t1Yka!A96)GonrzGsbxLEdP5a)Fv&^_*K z5xuEZvzaiHaR?OGt*oLB`HTE(xp@;{-|7bhSK*((M-DP3FOyNw<$ zEUSWREk{%^KPFgv!-;{c9qEM-Z^8>)3luKohA=Krt7J6)wF~uknSuRog_zgKw+zd3 z9{vr2C(Dn^8LgO5rY$OIcKUZx0{uI*OHJ>ketj{Hczj)NLL)R=0=1A8BujDQ;r(&; zMOr{rx2132wLwk2L}j0DsR&ybaJHFc!jC3{tBB{y4nGk zvQ<++r&g|!l94fujHd}?Yw0p0N1NsY%%q%Xv?xtrsCPvau!kK$%A!H~LPHoB6|&7( z7+cTSvPl5Nquj=Ou@HpPTgJ8x>vNajQUu0onuvbuMuo`lJ@8Su!N<`@&qF}XS0JrI zlE-Tu?OI7Rz*k+1V{s&H{c@Z2K0v(jCP>6lR{;s%G7cL2u0R-lYH3*7T8;gxnsoZ# zJ6KgD>g#9!`xjCajMNlCZqrxJyFwYxP2xnP6%|+mI@`uxGI>>rW;?uI8X_uST&snc z+e+-9x(4wA#}tRvsb_{*N)a|5WdWa$9L9vF3Q%@N>3wrK{dH~6(ojpnfd?t9UYYzo zvl4C|k5QcJ4kfmtpf@=B38Nz0*f?sdeeg%4a}-(c7Q2s{WDHLpJClG{Y}{UM zl>CQv9sG}F4M&eHiqFugV4wKPsR2%i>VN=M^unr)dOv7u2e9zvalu$W+``$%$k6F| zGv3Mfxn_Bb%Z+(4el++y9#ke8)*3shty_ieT}@xm1+27I0uT zrN52@a#^CEB~|XvsX7na1ky#dbG_{r>vtH%mOanA7ElpZa^zNkistVxtRnCI6mBZs z6hCqN*8c6BZ0&=abYbn>v?!hSKdduBosYAQy3Wk%*(A;EB$;H=^D9!OK4%eTdbM0u z-dsw&H}UVg?76hlJfr`wG?7yGq~uMJLXe~SlpGjFy-r=$&@Of{u`J*RSstPM=H$LfBFv6iKW?aO?1{p4?v`n3%|rrlrtDsD9aAj)c;qzxd+m*ZyC z4d%lE`t?*Vw3pt(SqBEyU}zz5J%e0(^=|;UZ|A8=C*Xlk&_$ZsKVV>9A>t$ONP;LR z%^E!8t^;IfsivD#z$X!lLmzBMYxW1ZwiTHLc6?~;_g;4K9`VdjwWe;dT6|kp=^JTD zxO8e;kT<65%kW8{y?I1_`8hES>i&~38LigzRaa58m$hx^`v~;J#8JYXhuFFjnefdq zVi>{^Sbv~%^^=KRPMsI_Td*m0;7`K8*+Guivkkohw6A>0A?!|leRn8LBdOrd1p}7R z6~K(~3+M^hMc%UM^s{rF$io*wI-Ag{dS}8$oP=w;Bzr)5J!?k#LHEbi(Mf>y=eFWu z%uT>JHKiT(3ym;*c0{%I9uF?y=kBG6wgZPt$D$?#gzzr6U9BLRQYy^;& zsBNy04C93;fgyeU_j_3dALrK6R_ofb;EJb=S6L>Owu?OZPiBVoNrd3A1?!AY#PJPa zim7DK51Awy&HjP<1HM3lS}ZOs-*l%rd{&a7(Eg zV8g11Te`_w(K^VA)lkwoSl*~L#;!GzO3#4Fx55>hi`C3;uS)l)avDf;OkD*x)dL=@ zFrs@loJjcXNc|ef9+JR^s0w8LmMMY)C;x_ackkLq0lu>b13`I7nc5Muy~YW>cF<3~9W&Z3RFsA+$DQ0!$C z$s|8Mi*fk@kIWkqT!fj)UltT#Z-MxR6bITYlgb$s>#XrU$j?#|)<-0L6%?qndm=0~ z0`#)CmcBzJLTd%*Fo5NOT4+wXUM&D|Gl(%d_&YpT6{vi}Mn$kbeE2yYnob5>n^;__o3iQEQ!rk?e-eO&2H_*n; z3?$S00aO~*pK4o*3-;lTOZJAw3o_7GaLeCR=WRDf+=*1zJJ zn46R(QWc{L**#n`ki8AcrjdW}=jS^cRu<1bOY>%1!LBakw&z9n% zE%xk1K4oMSBPg8b=vBv=YduK8hH5$tbdR6KmOWvB#X85lJ}fmg+=^rzH0i5iahBu>oS~wL1AVq%q&wyf7(F8`BPFb{Obx0mVWxp2Lp;S zZ3n&OB}+Cu;tI7uQC&;V@V{>qHM33eS{1l<&g5+(TL;w)%Ta2IN8J=|>nO&-UdGyU zWf{5kqyh5hj_jR%lqMK8D0Wa_U@;x~FD0<2b~vLVwuLpkEjSP z)flqJDa+h+AIgg9CA_Uf)rJ3|hyf--)j9kncqn6PSCqX;nP0=v9KGq_ zH;l@y2?rwd>$i|>{zmjA{&i7S6D( zt8OE14?#4g6bPa(bM0O>C< z(Jt!7J-rU(M@$C`9soBVR38MY=S!euwk=jFMFSvx^wpJ>FF+}6e!hIam2)}v$r0cw z3=B$remLol5ZO$VxQG}OOat+xpX6X1La`M=_sjzaB4!)S0vpG(F4D}Mk_&?p-| z1a9JPI;OR|sa^b4_eO_uP2}4nX+Q*6?#vsLCj}kpkJwrqJ`m6JEB#}U@L8`%*iF!k z`4wZra^*0P&h+rof76-Tqe{QvkGj6Qb@ug_&BANv8P}ZJe?6D+XHmyn(jiFKQBu*L z`;t5FL$pC%pDAZ|wg=A`bw4(tKURlvAIx3kY8quibK?(#<)4+mE31Iq+poDX_8rY{ zsWJrXg~h!v%S401-wC^3^0B(7BM%#yt}f~klAhA9zYhGgF(KV|@#__xeTyvyHc5jE z&=;TNeav!wvMv8MX%@vhOOlnUoVP)ph@>(H%xE{tXz{qM$=>;FQ_+Q3B z4S6T0ruUHE*!dh++2=trLB>j<5c$<9hOkAA-?E#wr0YdnqHp;#cCEsB6Tnd0Y>0Q7 z_Lg=Q1Im%L1d6Uf%zFsq&Y$MZ(n6xeYQ6@}BU!;eUg(f%G%~)>c4k;4&$E~Zqpn9^ z#i|~{-daSxG}@+a)szM)@%D)piL71YR>K5(s|rKZ_3-ug4SJ^6c+E=>I$+|YG!+wL z$OPvL28ej{yJqVhQq423pLZ_kJVjA4Ta?F$xur|Z8R13`9gC`GMuN6@KY?sMxw1sj zCZ^fpe(_*%EFlD5h>o9>i?X4FqF(#uF|}pO*F3PAWzzJc!&!5OGNLUDm^}hmNZ-et zRlkOLc#NJ0(YJV^K4fZz*-+BZ7czELJQGA$ z*s^Zen~bk{kZy#WriBVtcF+5^OHxn`^i#z&pLb2G6C%eEsasv!5#p%wNb2-56IkZS zQ~U6F%Q>ZG0W3hCqO$Q&R2)*^SlPcb5YWu}QDotHm1&`Up$?ukQ zE^lto22a;kgemmnmLl>l5d>5%U4xp%JtQ7&-H(JvF3Kc?)F89?QDsO-tQQ@sN0aMa zrooOwMmP4Lqlg+E@}6~2<2?eyjb9SSNcyX}e}_zP2n+T8fFZjV;XBt272-chc6GAG zP}s6_f6ba2us$`udU3^Wb~h=xUfRkj?39g$vN6cYTd zp2e6o0yaej)6bq9=Ql>5UV_%3L;U9^hion@DoG(0Zn*$7Y7kvB1sqv%3jD3;$BF{H z=}fiLs6U<03Y5^OyWVOiGI8J5E4K`C_C%n z0S40pj2GW5ES9fnlWw>A{8>{bTRCXoFRv0ny#0{0g`^F06*5HXkP-otzh!KPv)Pec zFoudII1qWvypEdQR6QDJN}*e!vvHJku2|jNZQ5@BMZ7{J+yyaI8Z9^UBUuN|GbsF2}?11X{J67)tva4o)c2PR_@s}@OPjwU-Hj~TKI{0 zqLEY@NQl}xt7ZaBR%+0=;vFvT#EvB%J6_=hy6xn*UbKS^_ZVzX7^@0O4}VI?-PPf7 zzh70JW?I+GvMzTku>>wc(CUn={j7VWH^p zgHz7x+N?~z{E@xX@ujv<2OtISZS8o4vJ~w2DE=kW9Fvxnk*0Zxc|Sc(zyIdh)c?r> zIMrYlv?=^vGR!xodXh0o}ceLVX3Wi zA8c!>yLal5amNq?(|qM8?v~!fheessHP4w17Jj;$tZ6v!y|XKIGTE4WD(>X2kxT%z zcD~g8>jD0*&Ybe)huu^H5Kaw*vUu@cm?oXA)~NB@_Me~*wR&3%8MjMr3XrC~Kg7Y0 zQUH?m>1*})xf`!qgztVxid+nUL+Vw_w?AJ3`15l7_~8FEf51y6Jp%ZZj+p>8S2XPH zFb&MG%O$k-wVEx3Cl8bt0z~%hi_e_^QBwNYYwHgIK#9F>J|-9cuW-6%vmo0CKf>t} z{u@sBvSQ)tvGl-;u+zdj{2Q~4D!2i-te zI9CXwT&~2ywWEf&|ezhT_p?dTSl zV|6fR`=+3%P2P>q{!-a}x$6E&!m~{ELt9<}9$tP|<<^#kql9H3U5Al0`r;&EW{0w6 z83+&#KkP0NayEDC9O$s;J}N%`>t*yK05JMr0d;V4UJJ*t#>#C~=^+nJ?_4wI3z)hF zCochzvVWOq^!%ZhGE3BNcc;_Ijnw;>P;&^U*qNVEyN{zDK{nem^mE(h4KK^vBqrv# zJLAeKP~7~_Bx=;0wkBKJUG50t8h+U`^4h=cBP7D+@|zL*95lLLE)2+GXXDFI!Y0OKgtU9?kzb~1)3N$djyO$vfgq}ub=Mq0#inu-J~h)h8mY4J4I&>w zl4ud!8Ge`g`*XBW13CD&-oEkR>aBW*0;4IPhsMjm8(T>`_vrh^wq0hMPZy)#>a$Dj z6lDD9Y()Yq+c)ByVW&3j?2A`iVo&UGY)jWACmCr6l+cZaZb)R^Cr@-y4)N9nPo3&YHQY#UGkaGh8E76nTJA&XiZ%xg1-zUKkW_1b5D@aiS3w8 zdI*YhhJn?0Gty3aqY>bI6({|qvmd9wMJo5nM?wcFoLjX5;eN|uJBVZl>x*>B405nqy4 zr*!v<>-H^0o!PoS`RB9#w|_A^VdS~(uhQ!gqaRN*r#D;!718D5(ks^`H(zJn_^6QB z1`-4Dv$qv+HiE#bkRf0zL}uQkWPS+d9|m4I#V%h{2NUNY>l-VwgcWt$@*ZV}xJc;+ z3U~-;dEzhlo-1*2HAbc#9Xz&tV={s4Osrh% zCyr;*{ct6WxWD^uY+KP9OCTy>Hy4#b!WTUdmNU#n1`%jJ|yHRB63E##l(*Yf^i^e?QmvunN-O{ zN;JaAa#j!<>00%P4uTr8t7EiD;20g|AV6G{&`wJ)uSl35VTjAwu<*+^1|)ddg@^vw zmIj_f8B5dI?q;L&OkxmuF3MKXTKC3~E>Dh<{@dG0C#AV1Rfh1BM_0W~f>Bsd>`=@o zw;Hw~?XgxP9uD7X-|jP+!*?#oS|7^;?VRsWgzN>u79%6QDpHUWczA(T`)~Z?gOxBz zjH9ALQJw3~Q-)l(akh&Jz28ZG7OzM{H7%iO)52<^;MHmHi8*uAJpkW;$cVXYE2fVO6yvsd^CeSp>}q+KB;Tp<1I|`hJjy~?*Ydv3(kD3a^D%afJy0Y$9W4o* z6tn|yiVY-wO&{X4Vl44=#p-D{(?{eU9C^)DxxwFbZ^PUd2K!7iqv*FqWBgkUDp_9Zx)_kknY4xChl#AYHuK2t9Iu4@6hqDayi&%?b2iZsc95Wh9~$X&b2?XbS+gdRVwne!Ai61 zMy9&D9$wr5Z--J(R*KI}K0TiMb7;k%Du#a^+cOI7*?a7# z7HuViy`OELd~o#%{VPH3F;W=&#P(#@^PJVY!<%$|H#87wC+yRia;P}&mcUE+yjPvq z>`UJ?eom}I9`CBOED+62lDf~6QqAUT;54OE6ENqDkty zP7$>GJA0k=|P_P;>?#JHMfa= zMXv4lo*S7Ko&Pl9r$kak^D$mlrZ4#5cnfThr>*WEy;#h|XJk!u@4-TRL^Z(qBN9+M zkAxgJi^$G8#%dcYJ)V0NTW6o9)>d%3q88Y4Tnx9Bgf2CX5g&P-^K*}VNjD?R`+>)2 z(R3q*QoEEU1c1y45pxUNL zMvy1R=_tV8Zm2uT3lv{>kX>Qn!TRvM(wR>?;%-$JM#mu8{n_kEF~ms0xroHArPkHK zzIucWSDXg(=dB$H%<;?FkXZo%zqaBExz$MgUG`N{;MSRA$L{GdgxvjDxavb;j4N&l3zv+2_Cw0c<{@x3@W zH;@>s_^yyRN8$KmDfDVo34^RG>>EJ>Qfi14>nO7(4g$&8qxaUITO;9f zfhcLhQAM)|bsG?J<*Bio!LxyAy=o(R z6xA`?B=IwX#-FCn<5xPTpn;g^2pfXb?0zO)RN6zAtiVg8UxvZNHFt8La`Z|vsASd- zi-OPXw6>ha${y&kVhfX&7S?mJoIR&+WanWZNJWNh58rxP9bXMNRr`BOslzbd>hMOCm* z|7a+r5J%)nOh~!3wY{Q+qoacrRs;x=ApV%CGL$4cO8T8VvRlf2@u$`bj>@_+j;}JC)`OAj)jJV_T_s4n!~$%K_VML1E=bPc_ezPf4J(>d%E!koYN*|mwc1S5n@M?- zal?MNqF~QeUHP9vd2^X8m9SWBgaT50jOby*em4oLt;F&~_6myLL7(Krj-hMGX=Il? z6v_sjNVir{0%AN_wb|^Z#o?nc)H1C{AmiE?LE=X*8ll92Qv!CKh*&bKp6K6P#rQTn zNzXZ+Czz_*uVd#5%m-YNrjc6hREKMZ)yisBlhWB?Il*~x-K1uK+}K-73heyD6W(Xk4Dy?CTA-rV}XgJBjUI`kMHsWYZff`lrC|#$(l^ z-dsOV?FIx$V#+1v!VMEKK*T_l{EVfW+{ko3pg`Z8briOo;N|5u)D(aqF{}7d%sXvb zXZPu8r){eKXQuTW4t~_xlVb&O(S>c1p5@Q>rh0izKj9fOlXp1Kz{ft^co-)6r5=0& zv3>)6B_Z-l(mA29a@fGtdyq0F&6G51R_o@}zOe>{|D4O8cd*AumoC=t7CkzjZva{j z8c!}m#{Xy={3?DXGuX$>tRQ3e!XyY} zgtmsBw<&}_k5DQ#zoho%lypQe`pnTH*@(pZ{V{Kfg=l*tWF;n1ZP;wCb+V=!zedRdj#++l(vt8roaW^ z-aX{I!;;(Q4rw8N28qAyBSsX$3utu@4Z-JNE44}IdLCW)i*iI*Zz$(8fIn)dl?{c<7Y_jiks<&Fu*{LF`bX2z{M*nl`W>&HT2+~!n z)A{oIJ_CsE>a6)HFH0RCCYE;f{~zw&JRIu2{U0ubE^8@Eh9Q;fiZEnnCJ9{;l|oqt zqa-`o%}BCk7%JJRB$aiNea$jCodKDMCb`b7U4_Fj^!ExI03v;*=h8;@Ps$9~stfTNsP6=yS*!a4hzBoL0?qa;^?m2jzw(U>_vla~>fUDE!~oz=mWkO5SyhWB9Di@u)d< z99^-|YPjU=eSO+EU|8;~H1Td?6z_ma6n$;QxO!)AEGQN_>T-8_uzLJ%ERtHW*?Izj zy=8(tk*hP><5K#AW0}vXF{%)G(P{T-Ubc~O<(%Q!G-dUg=4*xhGw!R^)wxl^G*;wk zTMhd`=_oHWn7~}i0DYwW7M(7*usxOw=6}OSX_OW!!|fA=K#vQ+?>=+=@sgNjm0MLR zRNOr_x;65#`Ul^jv_B5nhdEL;^Lmplvk=*X8Ta0ZTk?M~{~4*Wyp!=GZ(uoTC%Yw& zW=qWRuk)vlNIaa1QUoXl@xTZ7-M;$C!0J-K&FQ!RGJr=LZniWRp_QGy>cQR|&S7Gb?etMds#>gBD+_xTJo39rmc0n_a$?MAXc4Sc%i@ z|GbiCKuyfNS=|kP*SJ^J0;LCo%>VFV*yZDCo1bRvCQFcg9Xbf=$IV@NKSxz517Fvq z*-qDSM&}Q20=$PqC6GH6aW^p=9Ls+9?*}ZkSKrp+sz|Ry6%W%ssf=`u2_>dM0w&B0 z16HJ~%h!XYw_95BOn&s8`B9*-;yAkL;Zac_lse!nT@WkeYrdmO9t$0q^_%rl%WIiM z4ptd&Ip0sK&O%}wV|V6NF<#xHTbn|+FjT~kXDyZDyR|weEPkveZu;E*aTjU2VT|dR zX%UwWgO-mdkxlb+_A_Af8{YQ&uItsewpLu^GqUv(<>5bH zj7CrM_;X=iMIqKcBJ%txwME}0QVTvrHX7%v(bEE|qqdx#0;KcyiZ;Ej`8N{MgLjvA z%eShl@lQADcX!N)InE`{d(WhE)+H>~vs)CM;JV3r`EC9n?d|eQU}BZva`!H@pr4Mii&bnC$AJO@4QMtFc&%f{P)?SU3($?VgXv{iG^05lYv3Z?kp z_8v9&SX~?4D{oP(m=lz!UU!%JK%dgx*^A#L4`$8njnZ0Ma7)gC(xu-+RH_yPQw^zv z*M6~{(mI2qk?3k_=&kMM;t^9SJ;UIm|4u(z3!Dj!9f%Zd_IoF~_xt$h-t!h{Svfi& z*<^9{HQE_T{j}*r%Eu>0YWoe2rtSP_RsA?-66Bn1mfY^|l+^#+g0yNr^vP}pF;E5G z)G&a^dW>Ef?LSsNFuJxZ?Kr9vhxGD^E$=Ax+H)29Q75>PH?%birv5qZ{P>V&LEYr@ z_nbCOb?LKJ>fQSsSGs%a;oQdL)^M7CNfb`nAt3T_t>*2!r2L?EO_YVvJ zovRcd*qR@?zH_ncp7~BPJ8@EnZJ9nhDGvT$c{$Suuf%hOD#Z8(w#LxnQAWE<1MRU$ zIrlsDXVaia*hW|BjAB7iL#6N4R&rNq>4W0C$tzE_oa|&&`#}(`ZS{0`oa^Y&+N*#H z4*sa4-^Sp3*Kd{LsOj}N&)Zv>0v#;%UU|2vI9R%{{iYyeF_IdH&(#YFfNV#vA0F4N zfu2>G+QtX{!|S>UtHO?i zHFJvh22EIpu(@#37EpSRy86u|`Bf7?!K-1BTKbf0X=$)M0!#{`4Bri`?T@cS9x=Z7 zE)TK;uVy(RV58?Rx+IE9Nb{z2xf_+`I9Nhvf59%x32Kw41^CH6%-Vs|^rNpdaa6=d z#}l?|10yp!p90sKOztvH#;hq{P2#|Ii)ci1V1H?CW@tE&;b3|5!Y9Bpu#d2QtKs)Y zsI|C&(_-B21E_)p)n5hqztwoZ$a|)9Gp`T4lslOs@ZwvI663G7ryu-K1f+uOxAefi zmRsP5&L`{l+A>bwR1=PfA=b?0){NN-4P9KgY?nN6-7-}2bKUZmFRcef?cDw%;O4lh zqf^-*$?W06s$UmXvTccI%d2{S<}Ev?@|jdvbeAnpElt)ZKPJvesIE{Pp+M^lU45-V z`sn4LM;2>*mzJb3_wLMdgJmTbmm9kbObrmJPCQSezL3>?f#pWi9FL&LJR2+eJ#q9@ zCPCvKr^D-UvshH4wnmeztH|9p*i!w~ZVQ#B30k^QzGxbr+ly(Qp zZSEBZOV(cMH0FkMGQdCOdzaW4G(=dL0!6r)9@ktE%fG`Gp)74S?{#tgP~fztWg&*B zS3UtEEW%_dsHQ~}+~3$bU%Z}u%d$$}OI^LKxUBRt2^mt&*e~o6J0*s78LnkI!@XHt zw5rUx*4_j|CZQ$r+|QPG@C8@&l)4ir?u;(vG4hw^V2| z;xE^tV|c91>lGDLc0Vh=Q)rs+7Ew|d5KBsAS13fyTC$6W{UX4Tz$P*L3zm(M{pmVG zq=hNh%R>QZGf6l4p|Y*h(r$-Umqe#Jp2tra+&KR;aqiDa8fZME?PKa|FG@-O) zDO7204L0Lqp(X$2m};)(&{tV6OR_FmFN7gb+*Tqc?6uR!5l?fnwt_rRpAFjW^_8YjpYuuw7e`W>6Vb3A%#Mn+*R z#I+q)`9$5bK7EwPNR_EBn(?wAC?MR(aZaZlK8tfbsdS^wMIOrhel_{@^YE9DS4y(K zo#{7-_9ldIiDz-D?)nM1O@0}cxyGr}H%Rf^#0$>YI%pa|?37sCU0&VRG@vO5JggLQ zoA}T;5|mjH_K~Y14i?fz)Ml}F!wkK0Wg*s-Wg>O>=V4#s<0)$}sVeYY>V_yU`FxRr z*3C&}g=#QwED(WrcNd=Vs>H5oaU~c>u?sHwL1*6Q!M@d$dQe{_C^j239+{v~9(6FC4g zoTM1Z`NH(_@K*(y_gUX1BC|xZwM^?ae>vQ^Fy3PqW6Gn=d|R%sXsba7xr7aDJ0ZKq zZzw@v9%=lwE_?*imlAG^nc#0#DWFEqlj!x|(QSFcoL1elpShqjjYY&fY5S9i$L0T*PJb!L<>E(z7OlPYF4Za7%9lCv$Kz>{-{3~ z_$jc ze5)Dbz0q@5)V}-Jq^NyMpQ}K6cPd`NMgK_GhHLgpt=+H%1~7w_m_H79WgKd zG+X?kzL}4+GsH&nCim*~&}6s*?IR;=qTr$J^ym4|j>AHm5R-=s%|XfDgh146#g*a# z3bpx5#^nyAP*L>SylU}?MdhLl!fpKoUjW<%)Clj=;GX5u;A7E}T&~vuul+v_5ySG} zo_Ad%>+D$5ts!)sH)Bw!cibRJFZK5>XZ>q=8wvb9Rv+4L#BH4CPT2T1k{2f4K(E53 zZ48eHE2FG=h$=7?c``JGig(rTE7*|uc!ea^%_l0mI52m=DNM`3A+np;$lpZK)GpY| zMIN~&i!hT#P+#iRUD7>l!>$x@;Mf_RfXm00Do^PkxQ?Otf}to6?4g)#1_w9=jUm*( z5#ZCujEK}fqO4g`sO^Cq?R3Z~8flXn{teffKVZq0kS1?sZ-&PH?jHtIQ7R(n5H)S3 zK-&#j`vqGH)P&$aM1=4l_PdPfok$86v z1NRQoD`_D7iE=W(9BsV};r`!9y5|dC)1%Np1PKy{PAs2$%Xu8S__gQWvU{0MIN>2uH!!~)@ey-RspMM6EG3>sy@Sc~z!d z(BZ?g(sdsdJ3?efzR1Zq4N`->mgB!EC8|EOIgeN#fY}{1MY7^u|XVY`-TM? zNJNv-=}`M1go^b^lv8~zE`(jSy2#oF@_>|!OsJ|?HpEQno@A76E>#*ga1WFc7C`eg z$HS*4_!q_Vn5P>`u;vgm7fSFJ^^m!M@9ZV$LSy|B>Q>PDgnwlE5C=2r3qEizDGl!9 z>xVYWa^^&FXF9h;cwcldI##Qy%lUWm~VOz7J*4V`Lj+1tNyn-#ba!l{hP7n zL$0-Zj6tTCh0aAj9%=3_SJ2i@PaSkNdSR7e#N?19+~@Ke>y5gGkrOc2n7Wwx#uDP~ zkk}WXR2w5FYudF&=_J^@BSd<=iKMOb3S=x7iChwSNNNAJ)t+a7a3=GhexG7`Ic1i- z>UC6)`^L`+=%mw+*pFmvG7sqMpwAdl2vvet>@m}3t0ZN=rmg7SvR-+r4Fk$Q+sMff1o;&sp%c3iCzq>UurHmGt17H6jHBm)nRW zNd2dxNT|ZXXC0~6?v4a49i$(@kO!1;y(p!+!{wG9*qw`2Y%6>hMq!YzTz@OKOS&XZ6#gkvjh!d*5V3C(Rss;pDI-=58dXn9i3eOD>h)Zv} z%su;B6vu&0pZ*1_3P78Z|M}wRkDbY*e4I=#IItm_7D0bO8Y;p7*q?2faW(BzQq?%RU8;wu7GCli3K9qjV zJhRArK-S<#^!4K4In4o7_hPi6#7leRC3)dZS~Me4$uYhgc7q|%74fFr65pC5eZ2~izesi*NbfdX_;7=6%ke4zCG z$&a#A17dPGeDq1q$f|kspn*apLR@9m;-{cTR=Iz1F1Rj}}lhUIuu9j>UgL zo|J;VNo~U|%kXlgd;`>bKq0Vpcr4Sp{C$`Swb?7pZUc z_Gcrdwu9nt70Dj}FnLt2djhD~c1I%6`!@_w)NUryFYO$?*gmYu$-HlH+c;Dl{f6Y! zPO9}ga!bICRo|R<{Q;{@D(_~4Kl=Un2|)yXL!$!%sS^;)d}z>YAWXMAhQ`Z#&8N=j ze7C|7wmX|pl?iz2__HGH{G9LD z58u8*dr(JGBGm9gFLZmwS8si>K$69RnpQNrnVt6Foan>ofX=oRe+tS0iX;n0xK^(P za+G282}`J$w02G~MMF5wuU5ZP{~FYA2g_soNI3d`0}1apPel$VmQ&J%Dl63MlWf^m zBqBN3ALRFVsW%jib&wL}lXyw6keyan0!=j2xh_N{7iCY1+Gq%=dLsO_!+$`T%fS~x zZr$-8P=Pj1f^?4PJATQ(?c4Dh3`3u;KQ7 z6f$VWz7Fr`%zaP1y#1U-7Hlh5U>eFeJNz-uUZMn)>V)bv)vBm@T~fJl|04u63SM31 zasnO=UuYj4v?HE->m9bWlxOBS3}j|@>@Q<(6|00t|63?H`yAKWh@v7mH>p2r7`ax1 zT!bguZ}CST@>M(&?b>3C(sPUpX;Z=bE_~iT8cHh=6rK}Z@^f>rAkXEUNh>|F)FU6iUg&|%*(7Z$&!^WJ?R-t)_IgOQH{fV zM_0$|>6}UJSiEU(Epxc^0BU-wtuCHfWEB(hm`OaOC}JZrd_;*L^`_Z>sV=fPFmTmf zs*c|KsvU)Y^Q z<+_Xq#nW!Na!b#UK@_$ z@c0>ZikOs&+eFrgNp4P@Dx$wfzs-P%ti3vu?ubB844?BP4&dGAP@S2FW$x*})FNvi zVJ~UGJX9Cp5v0{$({>=7-^nmNEHD-L3Wrsi(V2k^U0!|kDhR7NN^i-}FepHl^>%E; zBULFgUP5hwblayvda}%BqgOMC%!DHfGDQFZxgXM2ka@C1cjY|#BH*SVr_bLLvD-fw zt?y!K+xy_}XCgicXsmxp#NpsI;Evza22{PUw);ftLjI2K%lDYvtw1&OV0R7@4&do+;RKO0BYRWG``T zBgXg5+Uj8(b&EFzBG_cfle+Md93ry5+c3@FcV%Y$t(oL=)K~qZ66>TF5meEV!|qIH^aC(b$%eCd^0=Uzt(ltia*W2K5sh7t|c=qDx<>8tm@4B3O3)^d%?f z@^I8~2g@bEP87$QUUp3T23CAL1boG66-SBz(*eN~PL^%w&bP1rg3T-2y4o(9_s;=! zam*_Zqp?wLb5*t70#UVYeebHOI^5@(|AP1L&F@@Ve8!JiHk@b8cKf5$=l`U>|6c0v zt_$!_0s_OtNfek8e|>f5()2Oh9m!;E^TazjNz56lA9}5Ix`aPrvhp?@9ugjFk}gCk zhYJymM`s(OLZI#^qkKZBLiQ^VibU>nda_M9^${9@a8F>Q1 zQTrA&O_c)}5!dT8?>_cFFKy=y0TU3Clcd8%><{%OvtuJ0imDlcx>XeZscPflJTya;eXI`|Z+`V@WP0fiOfB1Im-mjzvw{T2`DlwoI0o zTI2c)6iK-;VVr?=n6P%7UyuNL3G)oFB&%ZeWI)|LD&HxFeOJXDnSwyrIcxkrKLi>! zBhJMJS)W6Ms?y1Q2c-nSM+DzjpTB*5|C?c2;cc(NRQ6)Yuyb$OqbesYaLMs5Pw4|2 zlP7Z(Xej4hegTxyleD$0R~4@cLiC{Op3xrnc3-FxLf{y5oq;J?uFpUSyqly4>UX$w zaeg)!>72QH+x2-`?3w_!*jzWFa8^B2n^pS0k-T` zUQIm0-{y04sCQ7W&uLDE|2ee2J0Uu<*b49$<78i@bM;=;&iC@SBw#QujckA0p=+Ml zt@fa?@BMgRh(Rht>gT$?J90%m4>qKS504KvUV7c8B8_Q!VaTIUw>HMDupqGII%kjLyr?Z#?PDh4hN9qO`8+n{ za}~BPpdmm>;k{9?EII;Mo0Ff}rK<$km$gHPHA>e z`u;vQ6u;Yd>Gitir4#K$IM4>zE_anHCqVZv=au5{(gu$S zrLH{@)O}9A@RSJD`uWLMle||L0yz@|`RXr(BH)COBxLj<0%=Ca2~&!1<7%uT8l?He zL(yrYCA5u6YZc`tN^|B2Om^LgpA6@WkB15ZD%o{9));t@l8S-TM-l>8Nla@8ESps8 z#YbGFAbs&B^H(qX^Ae6D{R|8J)^m`zs644V*cS59zt~8oKoOUFOv3b5zmF3uPCLUb zh&9t<f6ehEQ8p=sTgQ%?TAQL2IIBS3?-oG`8kiEeU6c9D{AfjA zbDrc9iSgQcr6g{?lg#cKT%!Frn2JN#!PkZ%^yJIj9lte^zWsh!giT|nc24!XhZMii z6Lnd>VaB%*(`h%9;nG&*tL(4`PK|9{{K61x%_%;Ik~Kf&s%Y41;R-XmGt+EVjzaw{ z+bFnp8WK4Zn9RQmuzr3Z%xli&TaD$n*V7jctiJwlyf-K~coRgK(Mw}T*P^Ys#B=dEP`>N2UqaWKoUxdydP|3nDg&wC z)q(kKmL9Y9cE~JZx=}}PLh5BTZudRhMb4&vR3FJis3_x3ib02?~vOXEw)7t(!gjHF#M4{#BeY;DK+%qs2>#eWr-IQfv zJ19eV#KI!UWixLi0Qs8Am;r@X;r|~UNBE>R^`#y0u{Fr~&3}oNxBw<$>3yvdzBih6 zdptOzW^&qZrdFLH!RM!xxgjD`@Y;;8VES3tNa?pOiOs6Y>fmD_ZiQar5edw~MA z(A#&vOM_(CSZKr+Iz@@Jh3c#K(-dJ2bJ=WMWK}{xy^Y0>9#bb;Le|D{$}-DO!x2Ta zGG2$Z#eO{~()uEHSxiwoEzO%S@3_pjLAf+R){yEr+?sG+CD2_@e`)~F$|vqJSC}as zo#A&yZI|Xvn!{nhG=e9knQN7nkAGA_T!BPvA2VILzkShdH(WO;O!2eMY+_eTXx4?f z2prihDk;Kg@cVE%uEMvU{N0)nl?%GP@sgF-+0*C-HL?2 zuD=sP#<=>o6$%m-QJK)crMgBj262ODrp}edcd*nDUz#aqyx`q@f0RKMn60vU64LP@ zJyz4fTR4tf8(RlYcwCb%I=1zA6w0@-)s~(kNBcv?@qWm}%(Yha!7Nb2e8bYt!II)} z?*Tq}qAQv_Tc0Q+OF4>q$c?@X-R(*578Y`)8wML7rKRc&*C#V`s6t!rbzJHmHk28O z;VVs_6%n$uzJwj>Q#RMI!yA~H=yb)ZLWjmVFot1v^vIN1cry$p?(@!D|C*&)Ns&|{ z|C|Wz8G7RW;!xKHHFnaznh5A~YZUv;?2tdt5gpT=dPC-w#(KFt{0@Dl#=z8uL@|C6 zKgvHaQH=k*446<9FqcFL$qDL+a|(9=s`zec6XSh4J^k#_@xL8UB~>P+gkUMkJ|jBl z+Gfvf63MD&QDti+R+M14A6#P>H7y-W8Bp&4ftaVpi1G*h<%gXsN#`OZjwd{BBya|0IexA{bJKT85iee~Cy~o6lP>oRoll-s+Qyg4)-srM3EuqtK_GAy|_y)vU0T zj*9O`Qgdtu-ycEQeX@p`xj5RIadLWDfWOBK9i|v?_C4P1itTVhnbeag4(6$CkxVYz zr5VlnzV-uCXb6R7HEEZ=7JfI9Pbji1&v)JQN0F2RW}&4XLCyR=rGo9A6?XzHA%T#Q z2c>pRqJX<8mA;BGANZ(gU^daTL!XPgB<1;g2TJ@51MJ)QTi~ZQVHsLt z#37W9Vc)FcJA6~P@B&$mFseid7HiBzT-!cTuq6Q`2}&$#bav~4SP(W``iZ)YB$)>X z_XWH~EC+TH1OxhB-Tf*M5O8A6ulbVFuH3Ka=>z{PoOkdZG;o{d^WB$dZ2hKCe4t() ztVT}p(YD%JMC0^+#$h9r0nV6S&JYAmcW3(`mf?DKHsoNkisTR`FO!(YyHMX37iuO* z@4CL?k**;GdEA{ZCIu&Pk+Y;f9{w#zGb-Gc-G=h*Nq&`{u)|b_X`{<>GcFQN5%s^% zU9=!1*iCQ3&(FT&DErVnWvI#tNxoTqKm!)a_Hd~lZ>VEJlQdD6rPVWErZHTEE|3+Q zKe$FGFq+<1GM*;kuXirChjU&us3ziu_?sd%NAZi+*^cu@)>w#I8}c}+R2e^bW8fa} zWQTbH9_N8iX_{F7wpd8K!|=R*y8UTfFMBU;M&w)+PNPy8u3o<>4ZsgIN zeu84PPkXSL>0Pb!2?hvh{~bChA)*x%79tMcOA%LiUIRRwc38`7f2GBxDgYV zg^~K(vI+N_4?Y!pZtb?q6mILV?eb|Mzq>k4R8e?{gK^r$rt+$@Ewmg6914{Bm=Jdv z7M4VL%G)%uPXC~&c&hJ`x_3*&ds>a30IG=&SFEF&-*~9%%}j6vrW)18VlZT=-Qb{Q z;T@C`9wK;R0PKEuO>FJlJ0HaQ4~qd40QG@lG8K<&r?F7i>jsZwzwi~VL>gTmC0CBW z2$}U6n67XMyGhU(8#-b_@k7y}pMP9Vvb*lb@n>5)_E@JT)O$r5Sf;42i-#Zn*xfQj zZh#bZ-;tj1szzUkx5F+8l9K7#wEDWwKH$Ah<2$CeP&$Yjs?T$EX(Q9Ba4(#1}7(J>m%M z?3Vn#*gbgg7llW^iPo`n9ukO3xx`MWe~ZJpt_62?x8-r+<1_Jvzr8s@#8ZXp8rn^; zDM@6R>czWQY2T&_Hye`W=#GpIIugL|3{dZwfb3A^xeL@$x1A!j`tq7jvh{&#Jk!u# zxz|T;|D_zez{K+JzmAq0xrpjx_E39qzBeI*r?@fuIk~oxopy?ofrm+WWmN8Y@H?JA zqR=+7=07@}l0!}wpTV+!x|i*^5`n8C2{0ze+f2aT8DTjpaMwe4DwVTUd4PBfd+BkH zEZB{wh7a$=Bh?|b?}&C#cpJc?NMzq73_kF3n$LaR7Hq?u6 zlld&dbk4bBDo(C?@22`x2?Dyd=@FSLtsCR(Axd3L`3E=P&j)D;tz@C11S7`Ti zEn5EWVhOg(j%XsNl!=+6DfM}cpZCZxMMqw(G!}v^pwex#)qVK8dlI1f!||nGb@DnO zS`SGk!GSItzCvnX_;q>E_RN0u)&{vzR!Mj^zm^#wvQ)4$y&E|2MHf>W< zOr7&aJmR6sK9La!sFIVY2e>~An?o0Wxh!ltF@`w0@5${9m->ruDB(ZiU9st-$Cp?7qb@$-yo>VeW*I^Esnct*lYmXKQ^e zG($nxysul;rq9-|`ef=c@(vu+=jG=&g$=)|wpfpC$3Z=38VSm`iG6wR&syR1kWZSj z?bFjm#dz^}d3^*FCDP3$&`vAIXx(h4yEN0MOl3KE&Yg~ijY%?Gi-+urUeDip2H91+ zhBZG1U=ob?(ga&RwR4Lqz!P!LOo{3f#Lf7%F{lg7HYuDZyGPHV24}_ZA*AXa1f8?N z^gYRO-GH506D7=zkxoF>xl&3$n+3Yo179ha$KeGXEJN$U$&pj9{|b|RXIuj)W?R;; zK#;KODBGLmu$oDZ%4Hq@(e^V&R!v04j`QyT0qyR-<%=BTk{bAhnK|IZ`|^uDPet|n zqszZtNCP71MqicyPY}#T?Ll!t#_h!h{j{$+Xpfl-PX6n+xfI}@M`d^CyE`X=T>@~u z_!axf4rsuHtU|TBE&CCJ0ARl`EsJfEzBdCMz+NRr0VLh@d(F-vS)Z`O<@|gf_5C8K zq=VdWDGM3%Q>X*iz(L~-2(*wyVCqGDOYX;XzU(flfQtWw(|rr?S{s-_Wl%_gRehlJHWpToJmOJ<9-LYdygt zo~qJsk8ynZdtoRFXBOq~;N)8AGahaczN=<@VI1{Oy6o95M-RP$`(ChQf33rOgi+Rc zCCD5hJfq``vF10`9=y+_a^Uu?~Li9OQxk=`zx{jm-h{1iGO?;JE?7n2DXE~O?K@1PaZDCE5Pp9 zm>qY+P5X+zyauvkrw!3~M-I3?Q_od54OW2cq*#OZcYoeg5?D<=iI zL(L$l-6^1K^2gyLg4m*}R^ipJBs5o&=QMZYVkxPlz>Ow%iyJuS z;p{ist=K0hSAC8cghjGVfZ26lKv09`VbE3qs}HFe$zBd22EB(_i`uF1Oda~v? zzdbkw!zPgUJ=#DG%}Ul? zX$hr-L>T3(~nT9s6PuvV5s*usCN}Mg_A9PV)5&hyPYI{#Vy6 zHug7bk;b%(UC*5ly^pqy66>{Qf9LLr~4Y zcitO7O1l;@y};%qs)Zj;#0PKfTba0%%Ot0Ixtp?uw*HT?23`EuXZ%k`-mHx^AFR!3 z1tw?ex31Pf;K(dmt@;Wayv(}jIGUu*mlV9by~4SC6#G`(Bz8kne>8-{!>q9{UuZFc z1ASQiZ3^|XyD*7@nTgw?e)fPzHCyc_RaLny&GG1da}fq}18x%=RN8j0)o;>gOrNfF zHZ~u5UggZdw$~&=Ilxg|%0GoperW<6zQqMgY0Ed8ygYonJBIur^>f-KH)5~kzE8mc%OJ%B_02dywsraXh`|lq}H72IQ z6P34~IkJN%z(?)mjE(D(Bw|LeuOxQdQ}S&(8d z3vvyB8C)CJOJE{9cKyTjorj@v+D^MA5ADADgY7RGlZU3hjTJQ#E7k#HmzxZ=DCHv~b1i;&zt^Wq<-vCwofm4((uI2~m1# zDg7V%>Mf7D9VE0gCxpT{E{yG-Jakx}-H~rmkf+iWYkuiDl@u!YoRM*S)+~gYrQriZ zplIB#OG(gx%ekpOD#n!UXV3)ltr>sHxiinzNMf05fmy}TU=n|*`8Yr54B+5H{*%9z ztbdg4|2o?x@kdMy!ALgvLIWSc&=5G$>YJSMQ|uV9;m_~JR9t6bbizZ;4G8riaM+6@Nw9XzywOEwACWmA9a3YI zSrm_U3P3Ae=aP^DMHIVD-Qs~#VX}Sb2z|zia|&Syv3Uj?qdA>L1Ih#((@GGk5@5z& z)aLIb=zo9OX4$MRK$|_6q~kXmwZ;xw8!aKv06Rbgr|>==%zM0kvHj&h?$q()q}SZ1H681&HA%Ff*ygZUZJL@jhBsz`8%viw}S7zoHdkK#O8|hd(P=BZT zi$Jj8OGM-lRZ~HOG`g0W`bKl+mXol4OM|TPndMXXlenv;Y?@K*`jUWmxfGj!9haxv z@d7IFgo|wLu=h2`1~XZ+vrXE%Bsp@RzV0P+f^I3fry9ED-dR0cFB`Q-i-&eF6F9*` zGX=0^Gl3&LSW~B!nR#XKKLNH0t(u?v1Uyis!7qq4uO2-(600InXrdHZcE0eABF7c4 z8(9reZ`5sejgX7q=CFrC^8+Dya;nCTp_;M~tlE zu_eCik&F7>G6-1yG{>SEFdB!#FX;n5X**_6nI}TYB`ld#AVrHdLppBo$dM@!p;BLK zJw19cFs+s%EBBF0oayCuVM$_Ivz&}?_SgTicKj~_f6V&QD{wIC`r6Y&XBYPk_5=ch zX22oljXVE8u)KKx2e3YIu?FmuXcvMGuXlpDIVRu7n9=@H`)UF$yS*%H!$ygtmiGp8 z-vN71lS%=mMF^z{t*#mef{4Ik zCTA4XWC6?u4sB4#wRy$ed)Xz;#FlM#ZQDDLdyl8B<3&mxNcpT3mnG4qlClFwnRe6< z%!SFfAwJ*jJ}?LmNXx=~kfwrV0hdM#YhGLJopHnrJcBOG+V8>NEnd*Z5cWr61S3dG z{7!%^g#Zxt5iH1n!e#F?X;yqW`%jJAzvj6bE$jiVH47xLb_nnne@E|ZYz=#jo<0P; z!oL>d6MB3;=o$uPcsfL$aB}1qV(RBKwQncg$m*?rDEPkJ;C0?kV}lF z2y-Y2>4gP*Gso3Hnvz-I7ceCNAP6uPYW?~jfGP#x7FdBt_x(}2D@YREU|N!k&oU}j zd$=S|D=2Q#LMQFcxu3=nQ^dWWzL7i(7~3rVo+X5D`yILSH3#Ez80rvi)h-}_8JP&j z+o%x;4P2$31NpSVUY{(HRE!0hr>buhLMNQeeKpRfbQC3-s3{5G1cTo`=bnY!$ zun>G}PIKnE4rXDh1s@n@zdNLSvfufB9w(=AogwP9}`KZ$pD z)l0nxc{p_Ocacs}_sPfnbE}PwBo{KF0myr%7WI7!p5is$nzF zt%**64R4EP{9DxU-dS4*%)UpXHqCoZbczO3;3Gfo{B61$6lL~U`EmL%`h`SX< zXiJ3;%ULTd5Fuv7747B_+ZuTlKdSin)5(veLOlKal=g5Tv`wc>wVS^vszi8Z;!lsp zX8m>G(FpMYFYVdg1M?lEnt0WRB@UMPOaHlwJ>tL?0y^&kD1Yr-eWBilS<|8;W`S0L zsVXvsMoJ#$3QUkVr`Wo}{ty%TvmxJH!Q%uu&MFE%NVi@yL_N8LP{e6==@v7TAXW{d zQI7`Um3QE!r#47Q&=j)H$a6RMb1$J#$FOpfJ@{t&=3zIfw}|8!Ym>JJSoH(08%>lzl)WUa{%dGe5~LF0`+z`NG%S0rEb_d`YB`?2 z{(SY`R3=V%5RO1oX8K1HH)IgLWP4pbTC{JevLAHz0|(^Wv+x7^W4ZeViQTttUoIZN z!p6QFY-PM%c8fXm^X#j+P#jBhP>`O_yuJcQw1(S63=Yro49tlS)D|jMv$U?sRNHTI zJW_v~wuX&_m`)}jbJdg0&inHh1mX)o>;2nLsG1Eu2T@T;1eT9qBwzpA=2Pk((>;Z3 zXwI-(^Zk{frF|i2Wc1=w@aT~lFYV1qcjP^8hxr!D-+9Qr+2fkiTPv!Jp8OVSNG#mD z$}Xs~SPQlsuE`_FUxWjuTv)$XbfpJjHLjKtaXD4F;N{#j`R>NJcy82AQ)Jhyc&e+f z>5i7Vdd#+ebcB1Y+nGrHG01bCQcua+hQkow<#{%n`P8EZ)o@`2S~?T}A|doTV+Gtn zQe=g!+ISM)z^i(qD%vby;;YC6$8uNcy@yldXSrz;lNHI6Gj9fq{IIXG@SN9 zCsSQzqDIu8<_nW`h}1%wl2y;Z(O^$TRCYEIr{_l&OLtBwEf%kqw^QobNzjZM*`_IL z_s@D&HD#WBoGbxTJ~MNQc#L=$>@(=^)8b(ix`h0+^5uEDPXFvmzs*1S6^?h=xr?Um ztzz`l$S2BylY#zOE97c`Rv0z%^*M~7?w|$mn1UJX?<81(D=_~7H~6t@{~?WoIW9oV z{L}U;VDBr)aMfZcG+D^$iOm_VT{cZG5*fus+%8;P#&^FgabUho5*1@EG+)P*hEWw&Ax4Q<1v!tJLSiz7I&fMgr=dJ*bP1eoAiGixaXKaN?@#)C8q6MrjWTNi> zT|2?Q&v2k0T@~OTKF&|)PXWW6zeTEK2{Q8zjBom>qZjZ!;W^S=r3%~W=_8BUK`Kg2 znN~Vx{`t@uW8_Vq8_b~)9wL7eSXgg`PEaE?=@v(g4?G7N(wydYr-(zZs=_;J462)W zRq&zV^X5!Xh?3F=%)!UjoP2Yna8zbgKIL}4uMH)fBbsvP3A|_4`I+IQh#X5%r%P@N z9+m#8KZ!@^Nh&4{ELe>e1mtUfgUR66oO*s`@A&Go1UGl<;*8IKEi<|G@4+~q9K-)g z_J@YOAOHHk`G(iVLQoZsvzGH2O1F|vy?wxAz7IA;qFL&U-pTi!nvonH@G=a9J>fW| zSS^3ox+`u@u)4oX5rM~sVw1TSPgdc(<})i{g&O*4%wO=Pfh}SbZJpb zv?^3t7W8FJZ4Gx3KtI62Ldj=89)3pxB-6QFX2L~aB$6_=d}R3VnU)Ctg9{CfxaWn?&9*MmgRRU~YD)UUtH_lE}gZnkhKFzwDo z7Glm1r@?m5{0v40r@)T;pbHseerYC(^DkA z@?LGwb?IAhpC1EGxBN4BRqlq}_-}&l_IDj=4nB5lUTtcE2A^u?*QY0&1>|pisj$cw zI|P2Z&F-po0T(W#-l`vyT6cP;>Z|C6ah<~4sNg_Y_@T|-GehO$pvD-t_zE6!V~({9*(6Ma5|o#|&4(AKsO=F|K>hSHp4$w) zc?pi(nwoVf#O{PkR`{#C>vRg&9dz3#ee+AI)&7i3hu0H}$$O+vKxQ%Qo4P)xo=xb~ z%%6rW&DT=3YEuY(`oPee{fEX0(aof0>Z~;hI}Px=v_5eH?hjfiVHLQ&DLnWa^fKGr z5^VFZ4}0tlUhlMz-UZ@4yK>9Fc5r`j_6wfxc3U3+b0qWO)de;nBQ|GgVQHhj18KM=LgA&0)IEMSK6!&;Cq9Rd>i zs%v0cxU@59O9cBa=A5&6`J)V(FI^cC$@)KT{1`ts{bwfWlfzueI%C=_yA4}0w|Nip z?Z3(BWXP%ohSRu4VFL}FwvG#|GyXIQ0$A-J`Mzh`@Z!sU5o7&-o8v22H(w9Z!yYbF zZJMrFwH{x7c2}<5eTQ#;0yD8BW}{s;1QC+dc$?)*{#f{B3lrXEL?>L*fTXJD+Wv|8 zJ2%?!YLAgX^U&eni-roSAAkhl-lFi}@3-y$50Cs+PIg$i2Lw~wvyUEH=L2u<0k!*I z+Xc^FaJ!4`B73vVps_RSmBI1vG?(E{ca{E8KgcILtlXj=1XPb-l!tog*Uaul7aP+T+iDU>-fo!IAoH&?xrfcwZckaxPQSP|Ra zjJewN%P~`W)s@xnZKY4vt$w>6dv3kM57R1mmvZndVP?oC^|EAsL%t@kV#SNZzITD) z6W1CbZs9^7iYMWxF42XE$c@E6Vo7O(15(JlS z-YC3WE;M#_H9R zJ68VccrN$IMz@D2xE>!`Z|;B${&XVZ)bp_Y?@P9Az^_>S?VlPqBjUT{HU17OrR=^i zE6|L560ULUNp8DY5X*HVJPjX=@e!O8@;^mdu8{dGlzOY|OkbYg@uU4S8C>7W0XMMz_$isz08&4n)a6?Q@*QQ=Q8~i{0indu* z)R+_r0}<5bo;9h+!>}L^B4)y+!+gGW;XM0}rXJvInx;|X>?Em|DrA?DRAw^<(^b3P2bwDa)h&HwRn zQ?K@Le-SscwR>&EyLd2~%#Vba4Nn0Lk;yEa5#en-prW*xN5!?xpWD7477Afn>nr=t3n1SfEN zCFN}fPawJCIQpuo&KDl}*h){yc~&hP$R5S1;~l1qF^itBkE%m>k#i%h9uS2#Q@Q%> zy2SB9R9Q@L16IK7r?-}n{=??}uZ>>=)B7YsZNbdx>(PCE&`CEQgyCR=W)qzFuCAMY z=SkV`}70VbD*S=ONZk&$6!>$!5YBg}=GPX2qsILKd5aNPZ~& z6sLiC;%ob9M(V}i*tsmR%-2SEmrH0J2sFOAr}_qj+P~7n@C*@2%xQ_CGF z;eSYA7$)3j`q3?8sKjlbzW4+?zlZTI#6|eeX8xIqFz@$#UE6-PYu0u6GH22Mo+0Tv zRCsC2-?n^zEA3E-bz%z=s!5rM?I<-?6c+D!Hw$UWK$nT`dVF{f(OMxJkca2eW@*Hw zIZv{CK}@j4>NfKKj935tPY4YDz$Eu~hzhMW(xO4?UD?t6I>HcoPgIGk!N)DF_IL^+88WjX?A=3x&H~I|M$xGuzvx^U|_)9bm=wYYCm!JQiQ%w@NbW$ z5<$Fkhe!qixFMi;m9Vpsy9!4p&ICj~VU(FxO|@d*#(p?Y+a8jI<@Ha{hg2O8Z`nF) z${F5)7r}WfHqc{7zOFZUD8#WK+E#m7> zoxELXChB}{UMieg@AT2|Ecdy$I%@1u`f7%B8rkBii3%ybBZy3H#uQDa4;msYa95V< zT%(RSwn`ZF0z3Pnn#QDZ_`sOX?b^n)R}Ys#tj|@uKkM8kH!Ssy(oDqjYe7vOWf3Y; zZR}?*+^kie^(D?kDHF1a{#p;_OCnVt{-TpOXrEl7Fb5kLn9Gy>Et{Ll$uFgsXUW|d zDc6xpumU>4lZM`AFk6K=mYR8y$>xhMS=|L*)kltB zG84I(y5;+o9)8a_MoN1Rb-pbGxaFccXh^g*)M2^~(HZKX&MCuRU=?e1cH$Ox5rwm` z2TWeX>0(W6lXHDz(uj2*Gl+T@dudiX$`|?w*Q64wtyzus_Ii4&{^wtxP;2MczLo5J zN~lF`;XB*^{O`!eQks;Vr=N0x-fgEZn0kra>D^J($+WE|IH4NWmc0c$xDY;PI{daU-!yN zOZcHGg|)cXZsq!oI@F$Zkorf5R^NCpxUpY$-c_2=5uZU#^<4_?8TLo@`x@uQCgPLJ zduaaBT%BWzw)0*Oz#+mW@aWWtbN;)p1P=`x9CszeH`BNCrxH4o0hic$tLoGu9T-c0h#*)drC+&B%>_?_Y?@?FV9Sl7G^S0i9ibH z=hI^-puN^gC;y5=G^p>;=3I%0aTb&m0I*l3verP@f>Ym^ZlqW#b`Y_$cwg} zc)6a@>UnH#Kn9_;a}S`DhOBuO(omF#ws^q{M5*E(1XHRl)UL@=}{Ch*RG+Tve7vkhzXY?vsuvB$3(M8g+Y2*Uhm@x(6IuLM3cjz7%L5nSWDm3dw) zb8hu)W#23n?m9!Q(g287;Jh-Tl*y9Q^`M8Z&N-l0Z@L(YU5t^z5?+wR+NnRx38o^q zqr*s6UEKnqzeDnXnN2iCTZr#$n>7EC{Nrhg%d4Jk^;gRco*z&RSbL)w1I@2DwUEEh zw=Ia%r2SDne2RBW?tn<4h6cGq&hBY4ET+9ehEfYtYBN7cH(8V9;7P%&DtUJB0hmv) zg&udgN?oJWt7)uRcvD~80wph`%~I{qTa+K~WnBm-|U9yXt#EpEAT_Idx|rN~Zr{4$@wnEU4V~ftC0O6l=nA`a z8(@JI!-{y!hhh`XnTedjFS<5vWVQ6BjDHG0jA_0<0DY}X_jQWg;0;&Le-W|QV`SuN zPt{c0;Pk^I3w3{&%~f+zd&d6NFjVJyF@EXZn$-3!Y|P$#=a;PEjlUYbX%Vn*nBk`+ zr+O?1+dPj|vce6Swf_D2>b9-sAA3!oCrl<%7&j+_-qYnLVF7khew9lLNe63#KT%)xM7=Q#@f1wKhPIr{G zPx0#=Wi1;Bb-7c5sS%^}7s5|do-br7*o$o z<_{hU+KPq|now4-T?BK@h?!9TB+W9(%!y~3+=X-Q6`laV$*)pyCc ze1UudvcKxQYk3F1G!>IOP$GKgLP)56YF5~Ss=J~ve6+YJpuu&nsVnk&N5in+gikPj z006g8T%xPjVzpc|b@sDrHz3+=b&cv+`hKZ!X;z(9jVjGd!mWI=mJTmRQT))t8^6r^ zTP4IP*ndfuwo%DF2M;P=S_}OPT#jdYHTd;L2-l&Wv%=uibxgAb0{>4^E%oe=b8He% zs1+r?w-Olkb9Nl+g*1sHmx#h!4L2XeIJw^TIP}XGIpS7Vnm@-$67){Yj4ap@wS)IH}QSN@U(1mIyBsts%p$`{422}HLpL%P@IRBXT)$JggIpiPcg@W zp7Dyj&va>p6{l6cYda<%j`2e62nE6)T$>JDn9ZQZgETBG-m;-a515Rugk1W+Ox~Upm)t% zo?y+}Eb!EzhopB&~Z}Y?q@Ym-08)-~bnETbL+-;}r54DtYlN@y3J9BpDUZ zZj&-(DfH+J1?+Dl#e9u2g8Nidhb`sK*D9I(-zNDc@D`sObH-v?4ljE9kc!LmeEF!j zVKCjcng;NeEb=eQyWW>aH*;fP`J&JO=&W+hq}anX&^)^80we7x={>5zBfchW5ZdRu zRXBxHe&~_i+(BNlKm-*y;+t~@L$0Q@#AI?bbl=OVfgb}Ib!(4LxEE3POutclpN7%A zrmEC^Qz`0^_9r$=D#NAeSvz}FNoEog+s7Q1ST4WUH|@TpGMYexYBh73>Cam8wl7?e z&cEi^C1d4@)W&siyNd0S2RUSF5**Wdpsf!YW*lHE3t{;n#jbcl%9kiNcz~jx<|hpA z8|)WmIc341x5Kp3oSe4m!D_TB^5)isJRUYx=xyMvqKCqvv`o8g;XFZ5;#TY1%k z6X6l`LDF$A2YxwIB|tnrKc7$k3&}_p@^!1b-3X>rx6T{W5Jnpaj<^1pRhbzIj7`O5 zy0?9-`cf8VdXeJRHE*|`U#_o;c3zbTzL+R9Hq8_|+k+DIj69!oCpptii=4o_o zUui7{CN-O?XEbHhz)*n|(mK7v%@r>mRqK+=Z+MDj=c!@SvJh3EBWt&@iy)#gCPvUN zui)VSh${-fgF+R=74}2+InQ;xjlRFrlaNnwAj4Lw@8nI>opvzQgl}YKvy%4d0PEbC zr88>~bk4ek4FPv7nKkbM&ms{;7Jz#OxrhhuX zjk5Gv`v!EBH#%DkL7PM_)xF&T=)^zit*+?meN}`MJQGl<;>N7|=F6}p*lJ~=5~D-b zU7O${7ldJR3?q{R*OpIU)Er}$=S%7t7z*woc1CFC#mXBjA@U3p+}y#Sw`K5{gPbSG zMBX(X)CNDi-uNw{EM)pL(o)HFgD>5A%If=RZuk2`Y22ci2%BfD0?41R2LaxWMkk|v z4R*D?s~SYo{O#x7XZYlx3#EA?i5&6ZQ^a^O2mfsVP$CjFgx{P_c-0e zglBaKSEM@P^?N%x=77Bbpo1 zRjMDd>7;v4<+Bi>_oodn+t=21=~Wq2Wv_Fv)Z3glWyD2CAr*DjZm&()i^vOAu)t3jm9YIM%IpY;KlP*jBCKiGbEl?+o>h##8h=t~O zG=FbMO5;Uy(Y7>3wX1XXmFU3WAG;rL$IMSryN9N^L&ivLbSSl`R`;4btO^#E8EHFi zLGJsEv~dx8m=b;q?|Rmt;#Id)P;$_C1WI+@HMX_>j(5{U{pPWW^@idH|LZP*LJ1D+ z(ywjwya@EfLn{YAM`@SuE&c?WVFlx=LWWopQnl(9gp{h%*MoJZ5-4ly;U#|P+J~9m zU0+6&Rq)yA+6O;K-oJnra9g9#JjuN@%|}LO4v5tH3HKr1YEtOpJ!5S&4c>yx`k4e7 z0-~LIdQbV-32pR3yUbwjiE-OXNwvr+qJmI49jdlzQ*2D(| z84Ek)277vTf+e*$BT0kguLPy2AQGZKJ;F?M#KUIFd%LK?PRS&rMk6~^=< zXVZ)9&0mBE%8Pau2VUj}Q%EINK~&${$<&I@okUY*Azv3=7{L!WVCIeXQ|QCj$>L+p z^4wDHusS4B6I-YQUpxdv{eyR$+TXgKOUSSG`S9EXJgT4ff0(~b3objG?V-ujKJ%b*VdPTm?!hTR*9>ude(j8=y zsWFUnBJU19GWpAy0H!nfp}cZ#l+Ai%KG)VkLZ|6-UKaoLLbYHMSTRN?~v)W~@tCam9-_Yog$(pIT4T@ph zfbj%L!Z9QT(WSZUN@}HhNCMu}>R`muT=RWtKy@_?P8|N0Y#EJ_EEu){>xPOvoZ?Qs zyZ`<2%#&gS2-xMT3K3{Um>LOlX>@8O%d6YBWN z+tR%Lg>{eD?kI+YwitTcHex{D`^z(^LuF89n$gjw#O)P)+u}T_u`AgxN;#JjKlIhR zv4LGxgn-t8->^TTefRGFsEO&Vs(yGCs0dJF5@C99ueHc7U4O={f#t z-)(p_Ry)sErj93Mw1w+`D8I#ViV>WTLIEAnAAe#%-!nv}d~H#}pBb%{*Av5HxsdWSCZ>&u|R&F_ilC~T7=JaEEB#%_pz z<4sU2V}jkupncrFT>A(_p>v;LwSu}K+6{+7 zWyCfU52^6hmVqxDq29+-^8(zlNC#{quIl{gmUqL$UnSiJSWOnJF|(8;q19?1>vjlE`#_yc~Sgr^vyoDRIP6!<1En z)rbWMlbAF+){#yn7ogzNV&3xmygK(P4jgMpAbwRSaATeAXOfw|9;^C($a|qolDWt_ z{LSa9v9GbOB;_5VtXK|(M9Hp^ra^N`IaloGj$oR7g*)4-W$awas!$<#M_KXqeEN$Y zdBN8GCgz^}cGkE?^x^a{MlE-~|DE`!{QIVqcvgCu+QCb3m( zAv4h7I?uH=#ggE%z+fQ<4}Dx4{h;CgmuemJZKCd<%pvsWF!T4@TU-mNb&|hXzkFZc zaF`RmiLwbHQjCh&>f8qu^kNN9`_rg*1bB`{4#R1E@0y41K zVGBGmaYjK(948kMm0YlL_m)4=`BxcNFDGABP&lAiGkoX5^yz2l{?;#?3;HOJN9d~O zR;9jAIIA%;QJjA3A#6)5+a%I1gO_KkS1GmSSle#^9hIV;%Mar0bjOUXNv#XHrAxL- z_3!5xXHk<>*QvDAIlQ{0`O1S+`M0<);u!q~1)1Q2fzCIxt9*;|k0cLppk@9ulkCXJ zoE#`@DTCQ$2=qNppFbYMRzB%6?nSlo(VS2w`*e%^Efw-}YnXyvCOHjLOul!EbO%7> z19~N9+*O4%zj*q)7uWLU_AG~Dc~`+P#>qCG00kYjMY8e zl6m0$#@%RB>Ag$&Y{jz)WdgodnEhR#n_~Aqf_YD5`HzBuyWy5A3{Zh2|L3f?DEEN9 z{E+k-SYqZ_lqQ6Nykki&<*bPOc>V^a0xviKGnM8XjiIt_J7y%JfI@$iSQ-u zS2=92xN+~d1&IIIruy%H0?@T-U_+?cdjLa66X!d~8pD22pm*qNn=I*Q_@l7wW0_0y#9@3C|)%$j+zt6PE*KzyE4c{oyBF~hUC4A z(y69mnwzJZ4{Jeh5#~5y7F(HNUA`ELryjX;TP2zw0E^kXH9HMzICt;b^@!B!W1dlU zT?6d#Tme2L9n|!G8=Te!&a9c@7K+WDhuz~_{XMn9(s5hzY*DKg(T z-InU>+Ac1w>N=DXiTKIyTiLF$K{5ll=pzGLp%5c z|9r|QY0FeM$3<&YuD$M4ymuJ`jxmzJ7>dYM zUgAx6)s^^iSZI2zNC&?+;x5eFa>Muy6*4FaHZkpvnR{8t^e?1}SFzlz^r7Ujh z(auG0yEt;_ea;b_ex&v9H(vXZW(2{zzI30a1gIjty}#R=IXWBpurhJH92uhbWN$aU5ru z!z{920<5>D#-1#EB%GE&oda-ZZA6Lqg>R`^++G~B&TL3}-N!ir@2UZDCf|<18@Bk` z$<{lT#D`Rlx3WlZpIe+mxp!};ls=JOx1l|g1DlGD^P1y!^;B?mcx9)9aqd7NC-3K+fT-llo7&*hZ@O=kJ=Yill{=T{7PczEHRH23O2OTY)Hz{_ScL{RLyw`ATfX0bbR=B!DmT}~!9u*hF|U8EmUW)c;o4~GR~UNVK>>!LIFBJ%g$l2Dhd;LN=> zVSB+1!Xy11ZV)1UJjtac$NY@u6tOmX`*#}pQ*KwmD#w=-R}9v#7%(@8{DE~^`@@RBsAQz7}W^nJ_)P1bl343A#)Xr4Kv5C_0oPoPQs7 zE$v59>p({$qCPLoOFNK|@-Q=ZiY-KhJ;}e>AcdqVNmQ#>j?BF$$h8gf(U20!m&OYAMA?v;xv*jd&fYvLSN#X#XU^VEd@hTEgGt=QC_KW{Y;NK3t znMqVncaagxtY0OUW@8ig1R^dAbMan&q5@f{y+idN?SDarfGu1e9O$dSb&qC zFk~)Db~~e}x}?c_!{$^^t^CXDyH2l(Rhx z8u09!7i=>SJDdVQdc$aE4DUtJ!>&-mJgTKG3EmWT9pW8+p86K$wh#-c<=Y-I5Xq8O zvVeXNgm14UA+kt604^xyE$Cg72D z|7%1OS0XUe9kG~`wGsuA6DY3UTiNv5j$oVV9=FxA#7tQr`l7sLgFOMmVk8wN$YYr1 zdm*jc3dOD(ygZ73UM!q}*k09+T!(!7ddtV>r9EGwL#sstiFA)IJE^XO_0=9CNjHKX z@PzQQ%1k?~=ub?j>)NInXabr^v~_)rC9?;LVeRG&?1^WL++x~`-83+F|Zi{@}fZUl*EMTo0xa!wa3O2@46T1#e~WNiLB`ux4peu+=`HQZ8c zpX~ECyaSLt)ahtVldbDOD|l>sC;cm+j$ zWD+TOBB3Nk3NnAx#5+hzCGFOmPEuxkda3Z`@<6{3Kc(zs#`V7>SEV84?^-i!b*X#-UliPNf@? zsf)CU`>+y7Q_jiTb%^Usp?0ZkW3urMaa6o1>GqX(BI5TIMwQv5bFvGol4I}F2^H_Q z&S>r#h}SgACfSX{Ii4R3nHt@R8)UD*aFK#_F}npyda$bFTXNx-+1059ll_i@skG_U zZ@)H!Q0>?-BxNcXwdF?6a=Y4etv5jT=^UOnhzk+F7U*Aj{55Zdk)8Q`GC#2ttng8% zEIXYk+8?2t0&F8IKU9q059JLD_iRG9`J=|J+Fm_A;j8b+frSjGuRehEe+GE8}EDO8aLD6rVx1bH*NM146^8ZNh6nxTF?!c17(s~=^xcX zdMnAI?esff(VLsMDs1M08En;3Lw#D#CUdYR{ z#IaK10nUsw?l=`cT}Cm9u1wU}f7!^{9!A`{O%w6`&WSM)&c)tBg)E+~o|v5OxVg8xLju)*XqrKH_Teja` z3}g>c%3P)SiFmE~5fc6Q)cN~&*5|{-o!-BaToAwDeyT2r*!uiaxrJ}Ry^Af>u*%@6 zEK9N-)0OW? z|23BYBJBSttpB&OeU**9hBpG5lymwi0z18k*ZBbxgvdqTl!1B9aGb-`+zhV%w|C*& z!#oP=Vw=f>!|1Y|@58o_N>5+ocK>)_@%-M9ysyqJn`Lq`!|`6|`ii*@%4T?dZb}S$ zGALjrGhx7Qe}1>&`Wk@s?4fB1*rXUGjc03Mp5L=U4RKke#fyg7_TQh!6=TAtSr9o85qkKwG#$Flr&76o8 z$O-Lzwz4p73%6f*@(jndqD(tZGeDP0E8c8tdq$|7`>>Od$1V>rZ{GDhsVed)yR5M0 z$5T)AV=FdCSw`6!hPayU{#jz3$Lu1Mm}w>Pz6oxSKFv36=*3Ca zMvty^?%O^>p6JWCI_hk)+!IK~e0Q-hHt6!d+B_S?VyHa|q+d|2#->UCgjeg{#z7hq z=Q-&yK1=f=h*r_zgGfniSFp`wFb!#hH|}#}gd-hvQb&Fs-a`}aL~)*wDa?i*$`&-) zB%{dg#dd(jru;J#4bkcWW5qxxt#9@XAp;$y9;0;k(@4y0QrZqH10!;89@9T8B?c3{ zYejEOr;2_eAv z5E8Xi^r9k@*ohtkYUgYH#WVT|DZVsD>>fyA`TKU+#gy^kxE=dGWSvCs&41Wia>${7 zh(i5j#il9D<=YSiAnh=3ZKLT8OUa;azhHo91wx%-I6S!LnWk6uL})qXX;ZM~Lk#U= z^X;fT{mv2NIkc872laLvJGmUrJV&cJpkJ3Kh<&*;XVSbs=Sg7n~2r&u_-;EyZ9&2b+vjN7@73h z@lg&yK5<|ms8Mhft7Em`Ro9SAqKuj6gl0IPV#V`x)CFA zu0lp?@n?5+%&Jc6$Eib_-b1YF^WuGn>|3MwA_e=8`fQ=e`tRYB_RBo&O| z8f9Rn6FXHAkiNqivh}vzcVDJ|9N^71+w>W7av%ovSiVDgBpQSp-Y*jXB7bsw8@bU7YxIL?YvXBG@L+$LrB-zsX zadQCRGyck;n<$4DnV-&IGfnw4qft_1`W;7Cvkl!IjK$tRE!*O^$s)OYI$E@StY?z9F=bc)kf z<}@-L>OKeDul62YW_yts9SJ-dIA|GoapV#ECPcQ)-tzvEuMn zuA_49-Y+(qr~~>N#*3_@gfOJF*QH3BZO^){zo1hUcbo>yLy!<|oc33qFBnEg55QFA{VG}$u4aSYu zHthTPq)Z`*6BJiE&BQ2wQ=a3TEvDH>vXO>J+sk|-v|T{XinCK$(zJ>)WI>ED-2u7o zZJCKR*~iNXck*b_n?p@dr;L|RNWF8kKPYXoNm0zUjf~?{zuu3DZ#3YA^==szJY}_W zBH_SYmVR_AaEblkIHA5*bcYG^%L+oqQ8BAa5M$M@qWa*!viO#HvzA)VFt@>VNubw8t1b9e!1L+zF2L!a3dd%D}jy zF`P%Ft3M?q-^=FhI%7+CHP}H*S3LQfbKLo?k0Dt<3|KZ~Q2OG+v&8>CS*XeZqgdtU z12o9$?YTn8Oau_I#?Gm#)Ov@!qWFrH<(7t;I4`o*=0b>-g9SyRn9=)lU6 z{&eAIC=`v=S`u$SYWTL<^h&k#mdvxlrjDLVVP>}w(kU6DJ7~mjx!i&DAPxmP(4Unk zNGkuzA8qUj!z%~*&OXB%PposC4qs+uGTLz!IL5PJRvZ*``u-1V4gvg6P&}UXkMZU4 z{e7x*zj1On$J|!Fot@s^@grW2Wpmlkj^jRf7yB=Hcj7eXU7zj+gUSs5si~X23U(#4 z9GJG1hSNpGR)w#b_MO)KPU(Y3#j-JVEY)^nO~SzW-!)EE!r-GN>@7Ukl@<*(29?K1 zcj!q~mtL|rUB-=D^@!B$GgLE>i_Tdkc*^-s7BW|I6KmfI&FMp>2RxtX?_j_4=~P16 z?fTPURLPS)hCuZ|fE46^k&{|r*Gc`BQfGJ5tky1LXM9%KUkb0bH zoA5c7z?uUO3p~bNAy~S&f0|;$6|~sSMjnJ)Y+wYkZv0Yx zDl%D}pMK|)C7M1tOXql1dp9Q*wf!I_TDTEv!#oUj*bvpYKn3V}t^0V|#jg_BB@hW& zzn8eok_MXsEjt`+2t|50KrE(qrWi2?X#&pPNzCc71F(jN%qqRKg{g|EavioT}EiDDeHAQe7%^58C~%e?DSrT(z)hM z%xq+nk4h7VCtQ}~yD=S)%}q7MfN^8RPWk#OIj#@o8Po()tR5z&fIIqt;kU13WOPm| z&j0%#6e*Kc;HlHoV}dmuU?z6yy@ulGe)ZAKmpK6)y~o0-#D?q^f2vc(rT|n${9|Uo z#fm%gbs=3J_Q*DKcI0sL(!8WF5_2}M$0z(>Ri7qlq_cv^RBDkcV5q--*?gUun=({A zp?Wou0tlk)NTZN5Pk3$S)Nb+Sad+U}_*Gkm7Vq9WcjieK#2=XjgaOoZ%HnG$WQU>0 zm&%+tjdk#%4msMZ^MWM<|FJ*}@7c)=1QWu}0Sh}4Zv^(Ig*$83B?6}zFe*2n;G`R! zoPWx}V!&XLI0)c%EC|QW4{SU!Ux7wvV1XyM)32G zo%_%%m6_nsYTXMogHgz@=W-)e(_<&R90U>PPUc6yMsYm44kNBR=DYUODoJ)5)Gv8x zOW7ptW~CFbq>Y5hP0$R4=8}AcRwga~k#C=~Fzycqfx%qW8^9@S?1xrbe+XL+v3fpS z0r)o(rUQC{u(bR{&7e^I=k3T;D4Wf;mB`0vnjrD)zqN46>B1?Fj#$2O@KI*cQUV~4Z+aKLD!f1l)b?g97n`xa zgxd_V-Z`K)0X_c|7{vIc^yW+6OOr^anPZoaDa{T!d2c7rcqmaffulbP-yK4Weg12t2Daid6O$jzdQ*V@VwOL!E|$TDVR!ipxl zw}Ez${95-)sSeG&IS|@aXNJc%N>34~J2o+_E)$%tea}HJ!2kqZ;$HIaV7If16X9BH zuOc=B>Rh6Jp^fc5_PrW7Hx(}HB2I}{SpKlG+1WynM|IzGJTvpaFBMZ??uIlQ&kfKf z)MM9phYg7j%g(j%e)5b;<~xv}0;_Jc8qAjmSYp-EZ6eykOwdwdXGY!w77AqTz=r)V zIjj@m%kA^CpA#H_v6qQR(u52^h4lKhez90;!rnvf!oQku*3iR-gRl93QNBz}WoJUDx*s%?a{#{q_vXYD z6`;7D4VN94l@M}QKopGXqQ=Ru9rgd3&!CM=0s?=Bdzy?y`x~B_sIjW7?X!nCnAlXI zX#WpqZyMEvwZ46~&K?ztRzaCmtki=NC}k8#d$6KKrHUF5NB|XDK*Asb8B0-uA|Rrm zOsNGy3?V>dCJ7QFVi>fTggHzxkbq%IAR&Qw2itSb|9u8r&xd~M>RQz#d*A!MuIqQX z)4Hd5(?7nDSlX6zg!f?+ex#f}_*V0AzuA;ADT6%M`Pcxrz=nm)`(Bb9%t34si#{ye zaLsUA1fvTk3{V{!koPd@XUXqhg`|zIYqWc?wJR~jCPsd1TgL@G{F&fN;Mg!a-=FK| zU{ThjoTVj4PGPRMZh&UDy@n^zuE_+B;Uv%7dgZ*SHEKFi-F(8FeQcQ7w=3P$16(zZ z<->YOt^ot{0W4Z-F*n``6CWUXZ>;;#Z|8sHW4Wk`bxWpK7lD8tI4dd$XAe`-Yv{*HjB5r&gP?LMXxVHN*;(3j93qj+c6^N<(&XEM5l~FFRW6% z-3a~SXQ%v=o>k3#FGHv-35xIv29H$k4k47YEAXhQqpF|BEtT!VOv(7wvg7lt8(?SB zd-Ph^VO$kL6n{Cr9k!U=Ubs$ zpOGdr#iD0#Rn9wfjuO7)4F>l=(ICRU{$Y)wr?z(BWOIhwm5BLNJ#&r*(Lwn>@CI@R zW7xCDd0u%K7s>9CZbwOtJeh1_+q$_$K|SyJ@p(UBM4r@U%-=9JTbv_+8;C-WL80Wq z0OAn6BBunHD!}da=QbU@T*3qHp~TN5T!FsWj=gNaPmjl7AG&TmA=%$ANPPG0UQ(-cN7 zeLXvO*J^vLMkDumaYqzl{d=RKF1=IaoZrX&sMat~Dg(cvD}Ait6s&3&*Y_6H-$*#$ zCAb@S)c`%V>Lv8L%rkgOG_vU;MeEc|ZU7A$J9QHr+z33?)JzY(Qce=Uv)CYdau`r9 z)Z0$P5`WmJA62nTHrX|+Xh4zuvEJIN#(+-R%F@nDUrMXTg=lZ*kdnQE!rmWou$uCZ zBzYS~Kh(&Q*BdAU#~04U8N8>*-yhL7bVMu!@V`R4L$5;$bt3T_@D$aOx5@PWGxV-e zGmV{}r&5=`_A?4Rq}j~vST{Yg53TY`{b5vYq)*@UD{n9{wjGjk45E=*87l7qoGl;+04l;v^1zN(5x7Ck9xUvU;!$zLh|LY%+mA=(xo3p{`E`$(s z)D|K21${43U_aMWY$PJTzVP7Cb_J(`m@-;9tGV8#DcQ-Lrh82kI*Jb zi)!^3uCGb(iZ0f9fN>gXE!}K;Ra-}`#kqn%HF#FdoubfjD3m#%@O+A!7ntYJg@+}K z2*o&y+QGod2r9LKo6G=XH=-I|K|lDGQsT^Zejy&_k}T8wfr4r!7IK%)=RJoZ=0Qj~ zWL{Bnup$7o7`8xkBsZX*b|C$3m}E zcNNI@n(FUIhiSYW+?&jZ7AJVIB^(nZ#kc^o7@@ox#+}qcBqy$w=`$QmXXgA^JHwAh z$VI!3&}O3PZ7u7Y+;(%P07hUK&7K>~b56-s_CS^Gd@zodfoG*CW+^u#YUS^`=c|S; z;2{K7(Kj$v;1+EiG|>ZcUX$xX(G2n*b{$nzzsS7j2FKBd22CuH?znQ{^WZpTmN-&ZE-CtDVe z9GmBSeZId3nDT*LyUx_iF-9Fai9%p4v~?2it@N&{?%Uk!;p)@t4TukLfW^ZAvXW@n zGM7Afa}CX1bsj4~RlVm*p9H;ed}E(UV^(d5Mv27_bg(o9oV3 z4gn-yP;Z8FJ2J_K4wPjjka@>lf-SEphxSI?@K!~02cs%QXScJa zZ zf1RjI)W?nD^1i~D>U0W9J+sEV9g78FI~(Y{L5S;S!y@1jik5H2@|BZfJWpE#f$&f% zUQW-;?0}^+8Il6;bI^2TWKZTeozPjRxz!5uj(le=nO9oh)j$Kb)IQxkR%m)r&OMC? z+^@2qLToulPSp6?mf9HgBqLe_pN|+HcJ#(YJ`M8Epf3FsPO1?en%NT!HWB=(g-2b- zECpMq@-GaM0$L@jhMBEDq)!NB)Nd zx~gBrRg@`SNHf}nej_tubJyP9X+O~tZxbmsuUwo@p zYZD2O0==NUO}qVO3SkzQYvv36w+8Df*We~zP_J86816pPIQr|@6)!Kx%Vd3E39aZ( zc$WM{Q28*zosJ+J+FUk*p>(lozV1}{PHW-B`b65UaZcGOiPtPJ2!8?oN*kei88R~# zjqwsF&fpOC@;Sn3S;@zm1%{A*S8&!za_P}hnz5OekG*%^d&gU|p<5h0u)JKyP9Eln z-Y+{yd^Yl39eCJU!|L?HxYFNdsDv6|t8`gwr{$E%q!bpXNBViI`U3Rn7dRK=j%T~5 z0%z{SFkrJ>WtHG@Vk(%Ie#`rCn9Gx+x+8uTopzlU3|?F{yY%yG=Wp?4DtAjId#rSP z+6dKtgPohO&9$?qFmrN-y@{b1B$&jPYG)hYN`~#fLwJ6D_&udCj-PKH}Xs z8Jwmole~uZ0DlUsKHV7#!^c#?oal}aJqPbIC&5{4_LSTo(>KX79%2;*&?IpxJx1qb z4@?b?0pu?&H+#Lkj&+v!iWWt`sMmc}ZCLF6pWUpgkU!A^v)Zk*T)pIVNi@`Z)6L~s zU9txbB^A{X7*rf0X9T0^JO3!hH)FaR$~R~#fdjuubXUgMD|3mJ-A0DQ{~04HUGfOb zo9d@?0C)#yZn_;uT{%?rU^$Bbgb&J+62VXm8!kOzbc1c@&$kiA;^d!txCdZS zH`LzVQ0XGCn{cKa9!WW6v*{k+zb9d5mwzMjT`wdc#p#yLrTxL-cMO{S!*1@nYDpHH zg_#aoH$t2bEfilf2lj0jO=zDUlJiGZl}rmKe9RUY4_Z-gYB7YJ7i&0IW2ZX6k2nXI zWvU}2vr3XwQ3*(hpLBE~`@o(GCF$$P04E=#rW)K)*!uXwJ)$3Y%nuuH&MN(}7i6f$ z;QZXMGIU9HIO|*-*`OSCmF8#up7!z#Md|x4>O2G!`ScvoRvB18pvZE!;cymO)Qgo? z#NougDR$)k`B~kYV3BXxeMDD$r|U|;|8eM61oX$S)MshWU%GY*&gRWK@S!im!Lr4B z-QI`^#5Cmls6IP1kzE zbO==Mn)K<#9XvWPGp3upTX(PM2s>nrt_UY24u zdaAk{Qe1<>$Yau|x#(-P-6D>00RfRT$$C}@7y^fQdqm~;*{{wcvf6#zT&|RHy5`)r zR8Du^R!9VgI`#}^rA-d@xwplJoO!a#pYYwSRu5ugJT_(I9#8WJ$xqXx^3l{MxHW_( z#&8Gco2NnX62pXD`PsPJ`q0hhN9S?-g1~T_Sx0|oboAgx{=*mNfvxJP>nO&*j3bA)sMIry1g^m1}U>H}D1#YZg190JZdN;|%V*BVXu#FjMYBOj*vb_8dvpL0!6b z%x+aVu!=UPbOL8=;Zdl2QWnc~p$wW2<9}vR1C`oSw`Z*`9;Y$H@Yx%D}%uHz7oWls464D9Fz67sv6+ z#lgNRR|p*!j*_?Fp(}sqd;QjZ0P6-!=+u_m(q(3v5X6nPM92MHz#S$Fi(P}RjPgZq zMa}8VQvt584^a$CE(|?2qI*@Eu5KJL=4f5?rr7XHv@e!u-1deXbtGm6%L>x%_AQ9g>Vchu9UXl$2)gl>P>|E9eUVv>&901X>E ztqFs;Yr-%Nevw_`&oi9)<{7ACvItBh`&>`AUb=b>^llR($*}QDPYl{DYB8Mkg`?PP zE^=NlzMz3f(mk$Qtrp$+`-AUX3d#${%x21h_hspcuhK>7PMWJvk5BJCMD!@WpuE&n z7@$4u{3s(Yq%qgPQMU!iH&Ad5zHi&lcvN6F0Rd4gU+Wj!B1gku*f!h_q6I@O2e@ig!Y%t)-Z5XPrj?r))C!0V2VNM1m1wSo}dqPZKJoH z_jVKyjq%c#n)>@pdm{CI!SUB@NI>r0eV|c)T(|59`skrn>@kt-vTbk?hlt&1^yBpH ze0pj@xA|87@h^6N#zX2WH8*+sY;OM^fB2!+jn}U+-%v$e1Vni?cdN48FJd|yS-o0F zz4nplJxXrPx0xSe-e=b;CU+@Wf}k8cg)!jVHywZ3l>mWwL2o&D^d#0OT^wY(CHDT- zIMwf*;CRitcWlh0D2>Oht}-=Kdxmjft1>3k1k`pQYqzfyng4kmc+Y{hsl^p){{Nl;A|equs1$Wrzpd3 zve(z~2tjxtXfe5tE$D0vH(zzm$?;5|zYU#>rqk%1CN3LG^yUwKhtchcDE;cH&B$A$ zhUd)4Cx8GxKG^lt&9pM1=VDZFz%bzu!d9jT_SSfFJY)N8Ddy^4;;w1!pguVBP)CH6 z?EAuaS{{3=OuYb};$mRF0DT16xy67Ff$ii^=K9aB;M&kx7oxGc3iOvaEUb%% z7Z*Z+|BOn@4NIC+|Np!whPa@1{YLJe>TiJ@)vW3rdZEn>(ImHW1sNdg}$m#LCYt+*apNRml6E zn>&oG4p`lejCuXJ$+}-aBAkD5Ad&2-dzxW*=yr_)ZGdWIEd9(uLRlV#iDX<&@m!*& z4jt<%=#40nlry*KAW&**2}2P~`&Xdpr(mkmKyV2p>?uUY=;_JX#6-Y_t(fS$ zhtDB?W!Xy>d(=Jqm1;GIPxjPqI)!W)9j+`P^wqlSpc-8p&q2Hve(f55%CF~b>cL$g zonFd<2V3ZQmjnwJe2nE;z@#@JPx)1>bSo3T$ZdLNYdfaWdN&zhq)f1~w%fdrE7Ys% zg?u?Bx+6-o^xAOMrQ#ivuV)oLrBgKo znSh&bheprQ7QnF(*C1cXrV$UUh3bGU6s3G)lE27iEG;k={{OOe5Y0P|>==f_UMQO$ zg+>iNcO8iO#oIf`wm8jit_C$YbB;(`wD!cwP@L(ikoe)MQzEyFyoZLT7`4?RPY|b; zve9t-_a&xRM50uLbEkXEf5oXc=*50D$=U-Azw=X@=uk)Ol`Xmk*C@w@aa$PgTtJ#y z8H2@D54GkHOA4aHILLMme`?cmnmVN22%=6?S1zZi(crp|2Iv3m&r6amp8)jES_XR0 ztAXC7AA#Oi{{!^)RHvy$kHnn)S38FqFKkowg)^;0;>ObL0bGk6ZU=R98bFwu^ikFR zhi9;q3S$=Yis_i?5l_+M1d9#$f2-O&?UBGUgQOoEQqr0GGmUhfww`P1{)^`=*syRC zWh-a9eYjlP>snirjnmm%Ld)hsKNAy0o*g&s$2i)qnKL~BXn{8ABhUMm_Z_y~O2G)ady; z^v>8+nu5!4o((&A_%uS__EmBk;q08BRJu#e^9B(@0jQi%^Sp}>cUW@}ci5_U!1Lw- zo;P_Q;Cr-2t=9A1SGaprkB-FG_(S=og6ogisV75%jIc$7(p20AyDWQ7K#->QzRCMQ zgPauw#68v>b8!gGDO3#3lMwpopO$`z>AV~MAQ6ilGc}_F3kLGjv(zWmS!xPh{&Fm? z3Gp}1yZ$52+g4>({5Q_~*WnJLCHnHaex`t8+`^#nrqx+$VOa?fwSzy3+R}+Ul$1}R z&XL%@rmj+Q5{+J=@XbJta;F;4W6MMjb}Iw!p5qwd-ou^)rR3w74?r zL&2?k!0Nr>1g?w|eH!>BU($<7jCW2?5e754hB)mS<>#-~2i*z0j3lxoVyq@hLiG|H zpg$00dHeLLbCbX}+*gO4o1LWs&NY)iu~MdG^J?o106Li(-+l(_0Z6dAI=h}&o|bw@ z{aWMc&)`=w*16EeIgP(`rzxsf-1he-84nxoa8Wd&d`2Rj%PnL=(oc ztPRrCeutrkIpkc+VDm0J;L(@ydzf(I(uF?;*#Da}^)q#vI(frWwX8h`T<#!ET~F65 zT?9byGZ68co0)z<&wm%v9^QO$e_-Qb?VNA5bt|iFNFYsJRFPPbJ;cADt&@UR#YN#G zklFr7o_x;PV_8i&zl%b>TvaHSb_;wsbn0O-AR)?N=%ewwDM~VTt zX0fDe?S{j*Yup{JBErHs+x)E)YT#xxJs@jO-@~_WBz=^%uY)u-9E-DwY!&5uGCg4Y z+LPohamjiOZcX7On|q@-R@RzkP`i|8$>pJ~%pJH#Vm!>0aGWU9F- zCuRk=U3@G!&%hpfcK+>{5U60lztN;<-lfTVKlB=}!-Zm`cgB>VK-UiI@?^eYO*naViafP}uC0;5Vt$NMSLdr`#>Ox& zbYUyKUqa({PHIUGgENrdFyExPI6FMY$1hd<07^W#LBXaA^?)5vifWQRX_dyy6KwT@ zY5qXg9s<+GB>I#Z=*_x+IJkz|LW50efbYm9TPAD}x-)rFJ zs8+SPU^r2Ssn0U(a_-ag&>zOx*ca*6w{^;eA64!8zg6v}m8>dB0U&rfQ3VGzwj-&) z>oVH~7)QgAP z%uB=HMfh*yndBCyO?za(^w8C2f>fhS3mxh=Tf~xxpq|Yva0PD$-?)HZ)chgTJi+Hh!jR1}^*2-HLA2psU5R`UEQy{>dr2RRH1}1Nhlypiz*#nwB z>B;=E>Rq1mW;cqhL;ZszA5blVSSSSoqX}m)z5?TEz##5{7tbleC!}N&U(b4a>(unr zHrY@y=`!LvqzAqb3YQw*T+I8M=#3JqiQXIRvzW~l+wSRGp(AQ67Z#jeRi1F3;7+H< z!B5)Q>Dp3=-Ukmj3(GQ0eUy8i@k<8<&9Ec~=g7=C8^t0B7lT(7UM8hj5yR&^tg^un^G@WpHTDWeTFtKTPR& z%sg-xC%{`cFRV z1>l>NM`<1^Ad{fV{Argg#_sNhdYb!phQAg3Grs?;CIcXAZ$`A7fy_0eKLKfK4OJGiq;Qfd!i)SAvAe67|AqUmu8<6W$Kr7 z)#6il2zC&~QIsEH)EXQzjO8_vVL|&_XQv-8r>WV?X=*s5qEpnPSs#7P!n_KJb3CKr zAfP!0m*uQI-;49Fb+^44X@>?c;pzJUO$CrS&JTl28~&EHODZzQ2lf77{-B4CMjbJg z)?io@a-Um5D22Z(xx{fOF{}(|jcTB`-j22}Trv|gc)O=_hUIn^M7!KokD6Q;0#lF& z`8~^*GefbMqISbi0cotmS>*tce8Na}CzcA1?W+#4k0^?aFPP48V}(uXtj&`VRn{ z;IIt*lLx|E0RUg*s`@#J@ZUghTbe=S7CDyYvp%GWdE-9s@^`D6_7nO`6xYcpu=p4k z1mm>)Q|?nQ`0tH3B`7A6;5qtrEg9y*vOy+LwQUh+mp=0r60NS~xSJ34cqPflwHlD` zvLzMA<%0{Kk6M06q_(*_e+*NLfvUZ!QV*>PO|9|CfEv&gIb?gmStqsRO`cPw?F<%IOI2uoSTHqHpGFaQ;ClvQiB0P^oy7E&&a&!e(6<5ja-b#&#ChU# zg8(BSigS@uN0t;*T;{#ZN)vqxv&eNAcad7v77ju*;#2M+O8yE{OVz4&37uZ9lqRvJ zCSqg?B^n#X74!|i6KcC*g})X7pm!lYVhFL_ z_rmI!ztvlbL}kZXM(h4#b~&p|i#cFAhIX1ngT+ z9lD7Ni=r33<4u8V^^qSf?R>;m8X2w^YF7&b^4LkoP}koy!c~{)C9r zr3<8H=lL--Ru*2GLFliI@E~}L_Hf7NpDYeW`&0J!W(Cy`uF6Y^ZeM%!Y^(j||NGNxjhuAD(=J-Y@YV!_*L|dluV!vmOl| z3byp7(l>QyOZS`Q*C?d-1b-OMPD>n7Qo%nBvoc@Qj6kdrVT0_Q@i`%1Se%HiG;wJz z(W_p2@9!*i(Z6xthLwh-c)YoOx;N&Cq)b$996EWOhJ9Ux!-a7mcqwUqF3s2w)&jFnGy$-t^+Acx5#2zUf+!k#kA6;YO#e3fhTEZMo_NFT*mo@DKplJu4QPH#BF2X(O3*h~$_R2{dfSTjwqnF*f zBCaTICuq+y1P}=2I0QdGMqE+`s5k(O;N0^D$?*Zq3$cmyjK?-Ba};e%h;z)?nr~w+ zy+M80)f#@iD1@$fJ)xDG#0UF5PSN6^`%*&DVn`m5myz}@jFAakbA!vG_Eg=3r&xd5 zbA9&btp7rICw7G$i~ZieasRrp)ZloRk<#=u(}H@xjf~SOzmf9xaDqpH5kf4gvTE|I zDF#{UCpcln4z}ylo|bj18BLuR%LG8w?gOIseUMtHixkd|c6_p^{mp7huevjASlXdx zq(B*JQCs!%7FVZtiD0L>Z7X>uOZrQfcq26x_0o6F-JI2UUoC25xG0v{dxxeAa0Tf! z--9khM+tMH3_z{M(uax2SaW{Ecl?!Z;@+$4K!+h1#pg$cKwpj;8bY-RQA7q4(wklrAeiXLDk}jh{ zpaL_PVS$~T)MQ#%aRGn`yIxay1e0q;Fzx3MqoM!Asr3;CYKphHymQQq_1@|F+aF@1 z>1!4-u9!)jJ6$O%Wy1_CycRBqV!Ono!PEINqGtL%Vt+qK5VW1fUW)|KXnZJ;9DW8% z5$lQr>$cMcKym>#L~QGyE<5m2E4K9tS=V?*Kt?)FWwM1S)2^c z%vZtEfH@n-&d@QgG%CuzuA+CEV_aE+vwf=Bkt+(&uJR(hVxK=~ru!1VByD>p;KQw3&7u3;P3hLSz)x^;up@ z4?vKKP)u$<234iWd&1iU1CusHQ-&EQb4Z2Hdy-|9a8j?(9!^cJw>hi~=)cB+C*d zrh!1Uy?O^yo~&R!b6y;383NNQRck7T;f3LBbDg)#ibM}uch6+G%x$^ttbR4VSn2z{ zd38I0DFQ&7ddlvgK!^Ikp1|`C*o08W6y?$@(&#SvO`Msb=Td|tP_s8V4ZOHPh--#} z0*rhn5VOsL4+#%}j{R-cLU%qc9VMX=$zf zBU=MXQ$>WNyy;QjsKsE`>zO|kOl1^ zONn$@&Hf_|dq|io{;U|N*)eK0+tgz7BN(xyEg4ckl{KB#h*4KbLs+aE_5ZGt&O%oK z3*Ci}9B~zA35Hj%;evJYJiAzhXal`%R^$xo4zwH zlnM@=52>xWFe?&XOrt2mF>WV2Cnuiw$`fzw!ORAJKuHt3=De}CC0|_`xbWQM7$&Rq z`@7_%@+lAAvjC&67jHag?pNuE13{Ox7wD2^zGkUs&Msf&*Id@CtkS9y$E-}&Ife@C zk}adGrncA$e!+vF(-+rP=f1jl=)D?6rnw|oFIjv);R!&2jw-chW92gGEOnW5G@y-k z1b~QMXxX&Kk~omDJu7WFQcbLIaz3-3ulXJF z%6`^!ZNm~TE{6aj)usrs60KSb6{TArMB4%8FDR34?uNGr5TY`EsKC5#O1z%zZ-ME2 z41XU7Bi2{Gq=B2-2b^STe>fBmdcf?SJX|r?a@0Z{*a`q)YEZ#olJDg+3np%D2#O+& zmwJt%%Dq1;eSSxE_t#U6%)de2lVJBA2RXW>%zwBZfV{VARAK}fE?$mcYv8p&l6|9J zDf8_g9-;1^pzNAX6Sp1R&J&#TqUEwbFoc{6Jz8uMMf;_+&-K~ znO4?a_VW$2NDKa{XF6ra%Y2L3ZW`|9$4q4Piw3I^!P2e-h3aSD77l;r&9+6AGYND_ zx7m3IOWBuc2uuS2dH++G>w;ZQRD)Cs(Azly;Cuc_iRvu%@D1Z*RI|_12!#l*PgR$UDRvB&yeDSAaxyZ>`NW)as*#Rgn(kTvp?oZMdx^sKM^_Ee2p)LxXq9IxZwB z__KalgQMY>5A)X_Zss54!;$UyHC{sEEpKC)eL-vUamoMalC~FC3viDTV1%=X;$@Kc zW6&jCnp(%ppePplS(OFGlb}mF0dz@&4m|3f_%G8Kio>QKyQG=;#piXBK2SITx};Z{ zx6RZAl_0~SdOJ)26AfZf#b4?Jv=gKL+{WFOqje8_I*dZx#S^=Nr8j599k=c~FV$?) z#I0huh(#CJzBymkwR1KRDT==%)#;2#3q3~U8Dgzot1?ul$5SRW#?NqValhc5a=1B;eilr};|-X~z6BkRP(YpJ$F+FtAk_SV(4+qfRJ%*Nx{;MKxAEV+xUv5gs0I{U5U5W3v_Lg@WPmZ94+p39B@n0{ zUk+3g9dxCEQok*J+`O;+lcN8HJfu-Fk7*UC1JzCHK=nH&kYc)SDnzfozm{#EU#m@` z@Jgli?ZYDi6JWTCtn6#^?|VouTKvuHgLUwNurB@CqoB3WP2CZ1k~XYU2de+(cpos{ z?42AO?y1(7uP4nqz3Cb$a`Z%x?v14=m4ZhwsP4hOV+c{K*q)==giwh(;}nqB%=CLq zuW_*pfX&?icrl>KpLuF5Exn0#LvEiE>3~@DqgH5NyNjhD4LPJGcn%HWtq~FP6nO=pZ#clk zP#K9T zuCS2k0Lmv8KLzAnqXv0{&7Y$Af1jupU8d~#*d<*Fx}n1S*joO<_V9Z$RP8amy@z~c0_ z{+iMJn$A)d%Og_u(3R|6EckMX3)Y@Wv0?o}*79@$_2v^FB7Mfak{nlB6{V`HHtN)y zlgVZ^3Im|c{_w@Ga$=l^q>px46?aLKr7_Ztl9ww%da?R?#Z;}2s zCK%{gonEL!pK_N<6K1G8_Z`Hm=0r2hqM-A}eY@If72LndqIh$@L!j478xR0(B`&d5D)cfA1lvB_p zHXfLe9JsFBXn-30Pn)#QaVraqxUb!`&?61nONYN-?PiZrU9<|a(1I-js{J5|a6(8h zl0Hmi_wR}~4KW;QJkPJK#`uR-A2e|EmDn%PUrba_@&ilet5z{SoBe|syIdw+vC9mU zNyi(9=9=zKy+hyDV9bkAMHIWN?xZckgW5fc72%04qdBY-ZDPrMsc0L0lEaU{2&LXT-t#u?!J_uHlOCahgq0hl=Jaerx~jHAk=O%H6*2 z+}Ee=Mb9T}%Yf*eu+zhDwepN?6FV1II}~92{Zi!QIs4g3Ouj1fc%&W4OVAksqP!5~ zgXxKwB9pDWQ8y{@Ew?6s0c^X%# zesu(xKo&|o@j*qSRT}f_e&3R6brP9Ym(=Ial!!G_Db>^S-}h=<)(%?Y_U)49mGLH_ zO)v)4lewRx2~&wm6R%vVDqwchsV<1hLUy#nlyD+>o<{E+8V%VDChSl!WmfTNVBX{u zA^>jB%wnZXk98(k_<|}^Yk&y`y-0w{Rfv1`GA`i7=&)NjKKv`}b--n1SpSeK_=p_~1VjFV7*S5&<;OUgJg{mjZl5+w{9i&b?tmb!%;Ke2L zfZy%c`IY_Nk^dLP84u^zCMJr`R>gduOcNrnXo~u=Rxm>iV-5j?HB^j+ItB>i;jw7- zkS)|ahl40}7&pgLqcP(O z1#3f5xbE|^{P4s4Uuo)5@^YGbGFZcy2O!>{M_K@Sq&4^Se4}6C$@bJhSq_eJEYloH zA|s@S37a46>+oH-gBS?mk275%^pI8SZot&P8!@_*mx18;a}gc?mB z1XR~@FnUs#!Z0s9DZmEl5PLcfZdgsH^pkQ!#E;>!3ML`-FN*hCd4i?kackr0DPCH7 zRj-ub+m+yc?O!mp?mS2))rcpq)Id~|veP;9KW}j*! zRCSZ|v$r!K0Hqg>?*2|MxLl~2c+f8gaYAaTM4UA|N;X}Sj@pS($siDO>O&U0j@Q25 zSZ~mkuQF5X&fdQ!n0FI1CswzCG!8H!J1lZE`>~RKwft(n(ifZA5SZ@>s^AH(2D!M! z45;$bUm)**Wso;n=m|aFUWE$*UDD~|(Xm@vn>8w;s2a3ABi9^bUPnB1IGA=zpl44}J7 zpi!FofpFw})j1d1zBmK=QGBF=DQfDP7*c%xwCA89F%p^|iHb=d`{ELe*_*<_O>gIE za@KCJKM+E34S+E)f?qU{=SdFkpnbLk!ly;lO5X<+ zY8pW8RUPZ`-3T=cN(V25tzd#UFm#0RR`av%iY*RO@uq$S@@N zpF2?9*5~^Qay21Zi@> z@TR81WS1`#aOiD2Wbu^jFp!{G6#7ygzXr4uf()y573f!~*_;jZOwfY3*`d>w z7aChO_fYC5_1Pj*Fr_H@HXVlx|1xHMSv4#lly|lsY3YZQ;B>^Lf*^0YXhv)_L#<#u zHmIBw#OIM*`BPJSQ?f6mkd9j5<>Jd#?@gAH0~mKVfTy#qZcrNJwe}+rt7cx?U^~CT z;dq8|Fk09n4$#h`^C(AceP08b_e3wm(3g*Y;m6D(d48bbEE}JfJ|B0zUYZ*Ipo2l3 zMT2Ap1PGGoIV4_vaueIvuB%+>4>@quA~XnmBhcXZdJEDHRM@dG_0i3=v`_tAo5Xuc z@se<};VHH8N;hT4`w~2nDbSxe)st%dImYonv1)dteE83xUhRNB%_Gic2uk1| zGoH@36{SEPfO=grLKE;|AX*cR=Cv4QUKq+By6)r5&zPatKD_`4N*HIUIZ_ zKPt8i986gY;K`v0{vLh-C6p^?j8B3RFn~&_X_!~HM9q4E+lx*zAQ@c227r1_;cv0t zn-BK|_X(J1QWisKL(`Mu!E)Z5x2VjD$r(P!STwhPySik_8&R!Lv`_P_{$x~@sU7qeHpB~8B$&=g7!N6o+)*aX_$tDPomb7HStw|ONmP^1Re#^r))=`TG` z*lM{2SLo@0YH1!MpynxKAOrs$>ml2%AKQ=rI_7mvQ?rSGd)KbNglLb0_GRgLiZP|B zSw9>&KY?vZBJ1l&10Din@Vfql#M-5G;1idviC@|Y_T6-MC&RAYyXF+7@2_Ir?H-An zKA5wt2wKejM3)U=@|G9D4O6g)ls?s_@B^%~RhIPz5w@cu9%8Wod+=3Ril0C&Lj$UT zlFatjxCWr!zVjsqw==>AJig27)*QGq4a-|yX~oo$r=yNvz**Jy;@14HLUbC#GT2gn zEaRVOtnllXn>T64Bj7GKrBp^c@$Rm%~cJJ2Add_{G zj*9uo5&G*<>=B4`YvP^p($u%UT3dSFih5efNSG=0? zW;R?k9$JSzq`A4S33rX57ns4QmU)F}>mWaXm8aV434kD<^sxf5E=HWxfiT3!C<_0! zcuHAKO+gshZEfs%RRFc01nj(J3o{Ry5a~B1juq~!oJV+g*#%<<#F>-gSdZxWR|9N#{jY%memA*&mRhLS~ znc%9*GTObIpmh(gG>un}hfcpwyjm%0PP;@kecAhilTAd}gkhWE^@pV}V+7RTFjUK_ z5ngP%NIn|Ftgq|^=kw%{QNQ+bvO1^s6YR^NKMSgsC%X`flO50{dAp(x*sZ*rQrwA^ zaIyy_-P@4YU99a%sd^AWpS^zVq)pO;ec{+GZ5!5*p52sR}!bpyfX>Ba;F`pd9TUNBBJxe2uKPYvh)ZtxroG ze=UgAtr|7~5xgjI+t}MevGmG}mgJK@W_XPneEw2g=n7Wbpi0Y?yB2hjItTqcDPF6q zC_&XY?0E~=-5$isNX0k$F(M0b&xbN4t31(y%5mLs5ep}RmJ@3xFDkv=R^~N**eH16 zI>oVWPyAW_g_3ZIv^^-^oX8^_IsA^rx1{2jT8Aq3NWr@#6g<-bH|PGXllIC6l`&5x+)61n#DO$ z{c=C>%Un>qXaHbw0J*qQ>Qq-rQ}{8cFI8ag=jXf9 zp%ovS6blv!G@N2UtbR!W;;*aMXqjjeuh24pXINrQ7P^#=b?nG!&o*s)wGIKd>=Zk* zYk;42N}A*Ql!DX?DI%ODDJNL<5^IK6ILQqwmQi^^YmlAp0$rhd0?W>2l_{p-o^6}F zjZfRQXvBV*l}AjBN|FM}S?gloqZb}RYVr}ek^2_A=9jMXBcx;xEHqT7GW-qL?w0BL zjW?y7J%qc4t8~B}B9hvHPALT2fehkVrWaN^GWqr)u>3^VgYV{5&|bK5A$nGe+K2xP zuvD8Ei&IcaN;LYbC1dq|mvWAHe{_4A;+40CIxQBzN1E80H13b>H$7M^=!-}w(rlru zi@iu78*XMJAWWC{LU(}wEfORkNL`;y^m_08PEtRq6h6>jf^z1V zORmo$pFP`1jf>o!Wo*^!yY~7EFZ2NDnf|HK6K&ec_tlBM;^R^BNh zPNjvU+?n2T8&J!U;+-AR%i@`9Hyd21#cPG)yMHX2ZB8}9s6;eKYrvr>Y3opeL8wX+ zET2oG-*5WD_WK zoB7hgOg6{xdnv2=v_Xn}pC^zLC)pC!0SQvgEplF4~f%i=N4)5UMRPyUFhctUwQ z)N{LL%VWv)BVGh*h79d*p~4rmOZYd@J19vt z=|X#Ub5N71U7}W?3Ep1#uQ6Qz&JA85a!MXdK;ga&GDoW_?2qK+@8VRIXgENXxh@*j zf#(n>t->aOb>mgcshG|en063-6s%wBK_mIK5vbWQA(%Pi%2y0ehJ3RctXH}|URKuK zm}#VMko}F0_Ttq8JFFx4kD0yJ}yTL10Gq6rqZJ?|AK0ijtkNVo~wpK3LPT<$m z9Q#$MuO?IBy!oT_9AW$Y=stV>^m~bI{_}&k&ehe=UMI6PD?{aiWt4Y&S$K_ky=42D zrRlgRJ~{$avU;d<7^O?`vQJl@1HIMY6F8+1Vo>~u=y@?04t+rGuc%oJadm3AL4Jrh z;m{k-92`$Gx0uNYD9VsswcT=(PlL50dUH1wD9pflWJuSEUN|=G0YcA^9oI5u zY^tXP+Ze*$VMc}N6#K^`uP!@X@2`E>zNc~42wZMmO!vgE^sV%N>3Yhq?dBYEmI`)@ zBpGWsB*&Iqk|kaWf|o9~191DjTLXJ^kYZfMh8RKEJg+U`XD2eH{E+(4^vtF12yLiER1ogMOdm3#;X z3V#>!iA~MlmlMi9q9I850bmfz+VdQ&8^|?2v)8s%DqdXuWBoxw^pX=w+dw|JvDX06 zH|;@mv2EEBO&i2qt>^+Bx7m0KQj^mY09 z@N|3Lm127@uvt-7nnRO8l`u7<6l{MMfP*m#4`#>|Ff^Y^kuCLq_X$nA z9-C*iBq^Xz28`J$ATNjgj{=RX1PXNRrdUO#q6}5BQNPk=ak^o2D!tC;fugol@HZQ>HThB?pPQ|L9BF4$95^t)&0 zfBZhc$2Ry$*Sa*T3;IEM{);&G%2%R0a&}r@ZMJ`PcxGCtFL_JGXCw9>>K#v5b_lv> zDjg|?no3Sao0Xl;;{oM!C$MK$OtPBU&W+a$#3C5PbBYV3#UJPY zKhEAfs;RT>8*OXr@QP5OiVB!2BDE-kRz@LhwMIov6%~~sf&x{*$UG(4bwp%H6%mvn zwWz2O!XPq9qCkkq5D}S$NEiZ1AS5C4&fe#y&-1?LJ8PZq^f})@E?i3&E7|+L?(6zZ zS4)AsA+jABe7C)kTI#-N==!PO9Yud2zncHG`~<1)_O`#quCJ=`k;F9RogO=~vtC$n zlt*bgnoPaDsN`i`ID@ykAqC*w=01v%>mP-Uvsnsp7h0O zkX&H%PvU|Lg@5DsL?&P$rP%=9ooAi3*PSSHClo<(0bTPM-d|)ekZ0bzySZ0^-Pw1z zUeL-JJ}wL*yDU2#Ci*+VThaevtB_Sy5*O}gSdmkIry_6gS+|pQw55L^`wq+h<;UF$ zHx6h*lzi`0c+JqGu)`i^6;qBi9~y^8%Hv7{+aiD27b|6}KL`633bp+K6J`Qnz1<5d7k^c z!w4ie{Kvj$U`GHJo0c_e9vjgd3b`jo-Tm;#XiiT|!+M@u*Bvk?xf4VS%{HIC!`e}& ze~Ap6th8hT*Jg2JYl1(Gnm&n@WE=ITPQihbVgPNQ?l=Z-^_vOcex*AcXlZA8(>nP; z<{FK~8Qujf^AYy1^&`LNKDGL1T+hr6w|n)1s*|EbdHs3+ND?@h{ttHEpR zK6rVDez8E2Es{l^26!KkUme_LKs#A?+$}fmMg9DCiLu`K;D-N0&KYC@6qsYAU{?_M z^xpI$x~b=6y0#**P0LAq4mKkNXMZc!q>i87){FWJgV3CzZzs-mw!VI}Xfs~Z`efrX ztxRC*!z}I2rrIs(ZNons2k}Pq6BL&v9!h!Y7R=@r2-qx=u0n&KR{YFdJ`lXVJl*uu z?}qP;KI8qkIiFD-tWhsETjJyEsH~?b)GBTNNP15a+2ITW3eeO7miY04fP6(UALMvXoFPcIPbw(mZPqitB%A^!6aW?28fF}? z!Y6_)Blu-L5hAd*x9`RDvufr(Xf4hpP-E zV=x@JsVhG0w9B3ch2||%bTBG_XvO~%+8G0MM~IXG!CXK*GbvC1Wq3}i0#EzjhUXL! z_g=b%(dlAuANa7H)k_dI*m8{K{js3V7dVR)G?jKd%X97JD-Ro!={y6~Us`2^KLnC$ z#y_fTXqBtVlJpjs^FNhXTh;l`$q$X6dvP`~_ko$d)NprsvIJ+s$-d3GN2V5K7v%`W zP4Zs=uDPk>l0P}3j-d^k1ICxH9WT?46k%=_*XQi50kcN22WAs>73jPGL@%8LkeK|- zg_r&b(*JwwhOQX+f5AYVtN<-Zno+Mhav6EF-n9NsHt;+%yu*fnd0F(maFI{;wxlw) zv|>B3JQqoFss3awNSZ?9$bdndgq64chIGc8t)88;dnlGVyV(KeWY8^)u_% zk-2?8*?kt*=eX?s#yB&#FB&AG#qHi75AJc=r(?3a#S&a*)ivl!h1I#+r+G$${@FJBibIS|I%pt`k;dR{!}g%QK&`<;KgjZ!f*++TA}H z{%noKEk@((RpTS_|9W`+Q(@fdZ<8zI9mXB9!JdPd+>uiQ1Vt*{V+V$$XzvzyXFoSe z?2~z`eo^zgOPEH{^b_O+am!{W8rY%=R`R*Sz`&~-WXwB5;n%=KcJm(%u}-<4gTPH- zu~Pr`uX##i^PqO|JJI&Jz;?jJC6*~j;FH5*d-gO~*8MFGlg-;RR>JWuNPIoL;MxZ_ z+XC7L+<8C0*!Pt7ZadRKf8NOgZAbj|Tv^MywReuNVias+W!SX-0#H3VQu6!cIgXWR zUzqNvlWt=rao@R2!G@-LJ>A8TxZ_b}%ag^(*X1eRL`F^Tp3Py8bg8+kP52`ip@Q zxTP1E1-H#ZW2ZjsDz*;mN$T$Erd4ii-#*tb)Onn&rPu~ojsUHNyFnf)47hNYiL{NL z^=(yyAc&vcknNM9$N92_7p#XU*-sH7UMNK(@%P6AuAWEA>|hU}aC_V5n#Dc!_- zt`mVA@kVs^^5Wa6w|mWBT=M`Pa}E zduF=oXh62c*_nhraz=rBPhDVR`&Xak_XJQJh9-@cJX&|qkfLY<9xdJLx2#jyruMTB z@?T?$a&im8q58$rg@DDw9IQk9OBY6poVjHr(A#gPo~hn4enKvVV9vqd1cok zDy9IT8leiTevqZl1%ScdVKm+f|4?PFsKr)M+DjkzoIA@F>h7iNX!7M&eT;l{Zr~1$ zk)vgH8+Dxw(;lY6fr^yY&OAce4)*IFD0$rGk#;&)vf~c5vaw#{8an*3;q*#|NLUjvy6trEYue_wQNdAP?8(sFwpQ2V) ze^?ND%&6n{v-KZZ_1US#`l}&cD!7e(g_^3I{9<%^J{}61rGw54)z6oyzv<_jtk(bN zivYp`?dP<;ncL-(_xGr`=}0)TRMM*-k8JEzB&0Cy z6AqD;vJ^|*Fvu|=DJnF3;uFT~CzJG%*`943_=r~0UB=7q%OLf@7R#%A(C#XW>+AHw(G^8-Yg5UeUpWZ~vsrN_% z8yh=}e3mIo!|Z`O>w$RyTQk{K4}#LNSun7BLlCGL@S-3_S?X5cZ`2#~*%FTJF=AEkWa%_A7eqOa zVP6wi&!&9rQREF0k;vI9C&$CSiBXCh;q8#^bP$6jz;Yl_%wA^9tJN2H(d}_x$L3Z_ zcO${b1MHWgH7a%%?x4q)@@d}N--e7#?&RmVcYmVpGzT=aLPkyYC%cxdBpfX39+YRB zcKph4uBfc9lGJ-Zq*u#b_9!${)sYvadeERGvj7?OcUB(IM0J5`_n%Ee5+yeCtaIu^c`w0VxK3NCxY1gO8gNQ7n2gRuZmv-V?ac|a zj(I_$$kJS2b=;#6kqx6I0Nl#y$){__H-#wj7d(Q&;ME#%r`P4)c#w6wDcuGR^#Yl3 zKbwz{yxcbFsGs>vPXwlJ5+FM}Qx-ICFVAYcciYEzm*mTa>lbbA_){t{!GQgp0~v9B z0{h56kl#}Wfz&%QaxVG3zZz^w2mUGb{LZMl`EDE!EJX!CIyUS0Pc_{s2e_dDEh{iJ zU3CuyV=8-%_Bl{EKT`y>PiadP<=KggeH;YaXa&WqJjjG}ieqThDtUqDe*L+=#0EfT zJUo-s`BJclC))S^o_~hWXV6`YLo~&&=S!TVx}kGokSYeD&vSyR0&1d@lqGcu}QhAh5swxF2kD=hcy3ZRPeE z#!_&q;b9{PLX|@xK(*%8kL~}#$OUp)y!Ytmz0t{k)6#SdLpr`@ja*v^wu+y?fC?jG z-`o4*0(%CSqrcctch|xLD4H6daeVbK|C2a^!6oMD#vfDa1;SjD#KQV%_wzM-HNYRN zp)XI?tyX8Ad(M3Cd(-Bt@KaL5(DRlSZ}zXZG`=zQBl~rk)%Eh-wJt1|O)s>hu)x|? zzh|{3q5*VbuxTCV`LIZWe8qy7cN3}8XE}F5sZY*tqphmh=g)g;;s1k@E&xk)jFg4jNn^GCrA)fNZEpXXlHhvEGyiarmf0FTM=K6U zi)=X{+$q{Z6MPrU5i7V+$5Wp$Ns4Dcch2(Ih9$+MW-humD^a9|8+tv9sjZP;%VhKk zlS7v!1ucim*W+^gQf@odwYz;&CS9EN;KI%7%+~;;n8+W41-pXcKL3QX0&(9*sRvJ1 zambjY^NPJ{e!yEUa1BG(^WLaA-k%LB=TwfanND<{kT~%*<0Sd&5*Y2 z803T=wu|Z<89TP%k!$e!I}DPWhi=9s(~noJjjq|V{ZrpbiDG>J+uqerv-L1({Afkg z^&zhDqcz_5zG9_am)JXY@9vL1+c@FZke$r?so!$Z@PN^~5xP~!??GL&65N}r{n=MK z<1X3}lU5Se#sC~ack&Ngnl0FH1k9z)SDGcX07t$P2{QJSW!%nS7=E36&bw53VJ#4ScX z8E~6BXdIPWSgfzO>0{mxi~lV*+c)gF0TX4hr^;D1KfbrbMt$wAH}k~ z{3yY8r+;9Hhe3c1Cshcj>hA2z!>e1finn8zd#c&4Ci@fUgdGND9p2>7?6nMrbbgKU z<^TU=HSo$}DYHc=8T4oKYqslNeXBU{x8@H(RIi`p2uFKp9V~|8T=8Db9Jy|Bi+|eo zdXEd+8_MEpUVBp#53`QDC&uI|?j%_q16o`M_1qL;f@j95(8k2=7~1OwTepwD|E|qu$!fzdWjp5B)M{iBC-&p=m}jO%=!2 zIwuT-IP`S)i>h!A?7MV3e}Bc~E|Q{^ZJm8$M}O!^ZfQMr6wW+602WpC{JL_4utXH97tlYjFHCgHG1f%TK(0XS8g^RS^6a z)tjw(a|j)zyvYbB0;;-10eIy8;itrUfmj?k9ReIH9x(&kaw(PZno~>iuY@v7{iVEH z{tjZ7c(XrRgDpRMyx>?ehC*m8%M1+oBjA9VeVbZb%btDRJ;sxkUcnSlZ&%eEkH_9F zve<*1D}7yR>ebN$gWMmupPkL|edg|pW~}g93)D4Wkz2gF6`a+is+j_iw#A-m*@^1^ zISK&CyQ?bz(s&0L^new9nSuTo{?u=O3U$V=b!)>9sOHwlwu{@Z_)%ZPI9Bw{7Pk)i zKJ%AQ4t?u*ar>z@#f@z3$J(_~eM&?8v(~|96tysUy9q^IDl1#ABoD0}^aPyHxlV?a z74z8ae;MxECB{1s8q*(uK5q zRgRxG&*;s<-m6zCe|o#9m)Y%x8DVc&8*@tqGV%agCjDFU$|3`05k2N&L}DM5^!h(o z_!n&dXaCa{;gU3O;MM@?{)-?j9yE2@=kw{$_gN>YJs$_2h0t5RPmlRIBx>pq(EUco z9|sy(ZC&)?debS=wKd93G$0r=jjEjNCKAJBM=H$wvqfL8ay%TK2$F3x=#Tn;=Y_sw zi*+w3o6Z*Y9$3#j(D!Xi&+dNLJ;{%4)3E;)nkb62?OGlhOkZf6Dq1w230{_bVd}d6 zZaJ=ubLFCCF&$Kv1l><`;5ecwn(5 z^@X+lhPD61Zv}kX=s%c$vN-<;OaJ!f?1^lfB$xL84u5rA@i~antK)7gw%FA*{F)u}>EYVlJTpimc<#)BMSDMHgp& z9G_~0+@UWPgh|HVE6(_RmLnRsRT$$W>p%CGtSl+8B`AX(DT*~9F4d-&a0kb%_b@+8 zEEOoIqqa#**$=5!y0s^(;zYBuxDt!x%yXrgiG7+6=dk0aO>pWGE30a74urFgwXMu` zuD;3CJi|>TJ3B{~sppg@O2%Em{*E%c1}QzJK=P8=nzAe3)~2tayep+f3v^j-w)NUp za?2uuOKsjK>k$q8?oj&3{4|=0%5_*68m?6cyL<>cV1j?boO*7qC9}(>{6E-tnz`zD zwkhLd;`m%Nm}jM;ID~~~CeEQ1aZdNOK_?1&N4HpRquUHVZ4jnhUi;nSKi_}%_|vab zH@|g_`D>4*YsAElN4{Hb?i~5;55KuZ&ir`c-M1azthj$@*Yo?YFJ_hqpO%!o?WnqL zz!kVi>$zH5{EVKpJ2t52+;N;5Dc0NsadcM2mN{9$_#W7+J*l7 zlwdG7l0W2qly@uTecXwySg~q6%db9%InvNNk$XNSk@rWa4H7!;CgTr+m4d05R#p$1iP`dlOF;e+~51Q9RgD?|u}0iT9oR&`dVVF^9Cd|cT0Yx za#PyASd)A%O+U>;rWuHwrwu`Jd9b(+i^A3fq=w5>YotpJSWQ1xmapzJ2wUj5AopVX ztKd`HO8?*fihL9F%FfNE@r$+9(1T7e~=8XH$ zC9ULL)0bHKfuL*G4#vNwCs(QbrPbiuXnJ&p5~ z`}b3lwHq}bGH|)Y$KyTJDxdPg#0u|gZkjc?RU?~1KK8a3U4r79(+0;GRvWR{NOu0q zbleVo(@NFQsJ3zxG>fn`OMyo^h-85dt4pVm6sB10qi$e%Iig#dX6bJ8|Mj)}>r10O zG9bY%($$Izyoa`5>Y2t;3{erG1Qp|W8WqxmD&1JBB$hz;jP>fma-JVK}D#x z_8Z?(j+s(hkE?fR5iX4YOU<8FWqvknD?CcfUxvf2d3me2!|}WE+r~dJI#`6y_Aqzd z{xVjviN6t&YHkQjf|*&;WS^JD(DX)AR$!KtF5hBH86Weu4md)En%RW4>ZiJgZ&Vby z6C`(I$$g*^EK&g;c`EctKtts$Ww$kk470N_WX*VIH)GA6KeGP!Z_fX`SF`loi;N6L zF^#01!eKBFSz3r^Y9~>hx(LVAk9$Z1m89w+Ki}9iVt;?%W!8w7~t*l$N{clUvPM?Iy!aKi{`Wi

      jy|ftBivqq?{JPNm@j|2y%`%=PmG@)T(TQ^E|qn?=~6X>Sak-^=l)hE}J69 zXiU+M41GTa^#b9VaTNV3Z8nE+iWH+G?A27+|62S{M{NF!B8(W2^sEdSNEpo^oPzTi zO!XwB9|P%)M0AqMl4nCGs+Ay^2A7gyOv$M$%E=w8+=y4(mGm9L}8+x)1xFN!@sWmu6;n{*wuBcE4^0B@|=G$GH z?>ZMvSU~H^guAPRCB_CmA)ddRd4F+Rzy6~8eY+)dv(HEG)BPHZx)0pQ)jG3B>ST@S zf`yUr;$$K`#qTY#wZ+E3@lzWiR<-koD#|1t9;rxKH-4#|oqh15fQKR~mYfLpLu!IH zouJ!BfV*h=31~LNLnAJfn7c=6Yz)wq&E6b4hcB0iRI5XDk3M4l`S1mQ%3i;~Bkk6x zY6V3r?VPr=%Rpmp6Z~PZ`jVC%p`R6S?ChEFWpvVrqUO-hES4OFtFYQmDl#)7WZ09c z6bHOZ-~XaLbK?@8Z)zAeR|0FDwi(XMA#p`?L;+^fEba52&X4`& zUD8cIk@`<<-}F4Qv@bPfbUEZIg)3>JMz|Kn7#`V4Hlr^2j7p4%-sM}Xo@Bry6Z8#l z)!lOXSmSUy+OduXX{U;?>U09Cpdv#&H3#kHX=fPvIW9QYEJe*bJEH+m(J+`^E=xvD z!UX6SE_na;e^=7~=U|quR$H~c;&6y|=P{XB7v%K}l}hk69|upup6QAVrP9o4fhZ3T z$-wJZgoR;12%rK;UxlivEN5h=1fv&+U;!@6=p-2xjCEz~~QY>Vzx{7}GuFI_^jg~cPyjiwae zDN*M8tPja^nOItt?L{WF?cl1#4u8x=$E?cU@U<2O!s{3-+7r{IPGQrO`>$Ap4LPT# zL?(64c|yc^JyMuBn&O$;gtyz6rmh@yd0OSlQ%{w^=~zU}uWfqbbS%c0wJJtdzhF`> zAxn~Is2hZ0rP&BmLPk@exls%(qCxP~PoygrtWx#d?8}?qu`;x`kob30La4dF3A6Uy zsGZ}%j6vcLnohOFb>4-w=s>eH^`<5A+x1I(J=_L_b53qn$&GNztDScsIe7JHEI%k# zKcp9YG~sTk*Uqq#kUn{D0hY)acZV>od?qB;^)jIuor(hWN$flz>`gJIJfN7R`xhVhDI%x%mYe(rDu^Gia ztzvDsNb~cJ*EI90!m6)e4wXMlcF=^Hg{XyJ;;P3tP?!(kADCV`L#*hN+ZBrCgO0X? z*@a=bh^GW&Revi#2tQ{9B_m7JeDY;`-0Ui0z3FGibr zlqb^fF?w0H^<5A73k?+WD1Te1fJZ-Zb~ygVo4XImNX8Mdwn8LvSQd+xF=*vFM)o~# zuGv;gY!cEhCkT86J?>C_;``s0B^(`$8r`%$3HjryJ7lqU{z0-b&Xx)o?oef%SQEvi zvHp;&!i^9i=$H^85t&nCx$p>%fK*~2X%`-8#$mM>Dth#THQJ3q73fGZ79KIhYGkc6 zb0}dXdl}{CCyeAEY5n%_EOK^`XHm4v_gZBC^SxTqqk0LOy(tr(r3lEbZ*2*UEQ z{Szw5g%i3N-@IFGFSKJuR1YLD*xaIp&<}EEuzXs=snl((s_(yIQ78AWT4uhsKDOnE zHK_<&w?S?VYrpzEcJFr%CYkllIbrag>VPsfc|2q(4p#7>6*LQUV>6K~8v?I3 zjil_Bwx;r!`h+aP2J_GLSFf;c%o5y;Ymr-j{WPAWqu*#0%)P9^D3a*eW(d-HE;)OY zFydTu9?KrK?2~&g-D!|;6%FN?=+4{B%wa8MH*+%4QJ-6X7QCSp)Vg7>n5d2-QAYy4 z$9H6k-r|$A9!>~`h7PONJ2)10KWkIJjT(|GzA}cgJO%<2tDUy_6i|^JUGf31B z>b5OUx3}&s`M{7qj*Ce`+_>C=jGp%ex80$k-WwbVR+Tr6ROq-fSV2-GF`^DF;BD?u zJU^;nJ`!t2y+`2yTAm1noi(tE7PWTnS&juzyQqkJC(;B@tM}D)=aOV zlfN`p-KuxAzy^s1H2P`tP;*5>2D)Tash4&@forRinXDJpXf9LbFtvyVvz(bBYk4-1 zN`k;47<2@O)nO@GHrE3&!|Fy+a4Be}IOsSA;X#U2463%~5VyeNSBYFo%1_Zd>m<)y ze=d3;$=$j}TkA*G$~Qey?~D=sb=W{xGuD}B%sLjYQ6A8|MPnwHF_>3EH(&7G6}DBQ z$!x*gIZT2{Q;T2PvmXh(_Dhq6Dd-&sTP`x3vfMsxY<*9U2k)7Mah(3|35LeySMsNSJz zON^Bw2ht=YWq%0I1@TM6Q-xeAzhd+vy36kmt@KX}SLv<&sR<%IH>%`sUY(&0-yA)V z`~eqJt4*kYrsEpxTuAK;1g|J5G`BDhK9Pw#fuRb$c#Sm*Rq!h8Zp`N2nwO}uC{VGa z;G>qJ{>}^!^UE>a-dac9i7;l?OcZRg&3*r2MBZuCJBGa$$t}zoeTzQ!SW@o^hZneC z_d&K*S%u3X4^?|nKBR-E=Su{53;fT~`sQC1JXq7|A=ZR)Y5Cc%xbIbPy#%8}DkU@> zQqRL^JNV{9{sH0DyqA776}ZN+*k z*3Jz66B@qk!mUPxEnT#dcEb(CqR8ZSOm)M!on2a|o$VTWsn7{2^z$!2i}#5kKckUS zUa-WI7T<@xnCo5TvEd^Vx<=@z4DoAQk!skH#d3I;+~~AJp*^|TkEw{z((#n=25*aw z?Y2l`bmnT>O#0h5!*4WSSzD}+IazMW`6Fvz%7cjglo!nm11i?cwsz&B z7-zPhe$?6byoctTKzE(xFy2VxWzjs^aC)*AWrywPZ%AYAd-c>kNSH}*8)3mgqvJZ( zzsf-gcD@o+=p+dpgK~~u{O1b+L#Jyhz)C_y?huU&3@3p+>`dq$$?1LkmwOY5ALW7q ztP0k&#v$UGX_r`|spq^{y~$`|t^`k28(mL^HRaw6o}z|gQ}jR}(BWyEZe=X_6V9kmTG1_`vm8+^ zBcB+NEbIxY3s>dVzRonx^jmG1OC1^7>=@(fxXNnp{ywP<0}kBC(x%ZZt`R=_bgA)C zK?zeDz5}O7*;emt+QPVXUKZ-K(w8E&*Np53sgmXsMa+ir+}~8KUs+wWj@@@W>e+a> zu+}JjTUv9W`{+5YF@$6(tV?hzg1I<*2HJ5!ZPLd+SHY(HL6fIiY30r_qlT6gWaOKq z$LGmSBkM<^QETk}UUO^-4(6APVvpeUG?K8wkEiMCm5lRX2|Oqu_F`;CYaC~^b)W{b zR8gJ+jNqC(l*hd$_X>Ta_ev_L`Vf-DB?vycye}7UEf*yr9^4@vQZ|1YBY2+T)kz54 z?GC*dZkK3frfH9yT?s(Xud*$DM1Dz>8H zN~1|@%FAALNO|2N3{e(UwIoCFfIdTBmssBJsG-e$)hCUW4 zEub&ZU$?pqEc?^uX8bub5+Yo7179W#v%1a=!@EDbkoei{sSM!(es-G;mS9YEWwmr2 zi2o+HgZfv|JwC>Xn=o-`# zk*OVFjbp|>_3UDdrs@r!fyXJbq;{ygQ{*~gjpNc_7U()U;NlMO~9SXB3hBLLu6N#ioBXVp zgJ-|B`m^I9jp<5z7q_74PU%^@6PnmP6JG22o9^!W8MBe#>wX5OXgUA+*Q2#cs^LND z##F}?Ot4g(PV@I`>D>T*gVl&I8SzgW?@3J{8QnxF^FgN?yc$SN03jnYGoWTC0MQWP z%%~ng^&C+q&oyS{%n+och_f8RK~P4p-gf;s#l`@B@@Qfc*M*R?gg`!gBR#68g2Q;m z3Sio>)Y=^`bS|<5B^UO=w5S*XPXo`$Rp&*#e-%DCjIeYPJ?XiC>JGJK!ySrzwAixP z3I~|mn;qZF;d&j{JtSWv&~fMggIFi1!Aj;EqN;lI_+>&B@&c-FMO2fzqe+isR+OZm z`6+^UbovRo!hr6cjj`B-06r=i%(XVD-nW_=c&QJ)&l>9|^F{k3dLaiBEQNKZ%xU9!< zFJY%+4i%7MQ;7|v4D1s{=?~XFl5~=sKA&T5b^DV3Q?gmIq0=YhEhnPZOY@yP%QbhR zm4S6G$-+(Rgmd=%qbrl~^|_p?L`t%7qkZ2fjqFWjRi8hC`82gxIos6y1S>36ms!F6 z*4U(J8!WW`T9e&wKXeV&Kx+dzbYVRZsSRzk$l88x?`r?im$F7n_{|(Q+ejZq?;3}W z5cM~zwkDBn4%Q{DyF+M5CdF96?jH+g3QO+gUD$Q6-Rf7SLb9GwYKprDG7ObyJ&5yIeTuzV== z9@E!qM`B(;GlucLJBl$TTAxX%uU0E;kT8BjVVx|wy@$vH%$iu~|7h783RPQ2CS0IbkL?*LdyVT>dH&fOE-;iaL^gHI*rd zEaC~C5(965fL`>0B6>h`o1t!Gzn*v-dxSWx&gveaH!^6_-jE=e)RH?(D-hrj>34ph zi#0M$g2A0lfcD0duIDuWoSmP3WkoDGAsUr0Hzl}6YJ?W>U|d@yx99Ol6;JrFkCjBbQUCVk$_e##G&GR3$n5=mme>i@Yj{!?3R zj*M|87skmqYQ|`GsG1c^Zg_=-+-$D-g0(O?6+<~U$R-pI`!!IW$>oeIMU?R(&%R)S zjQj)gKleY)n~SMK3hMUiuJ?fcn`vV@{bU-AZkfMVCTko_@7W|F+6he(mzIS5yEm&5 za5Z{v!QKHJy@-g{XC@-|^u-J%%8V#8sqJAgvF%aH7&zTDI7u*f@kGW`Rug77*<`2b z?mhs_72(wr1d9y1G^EHRm8Z^JjWead)PaDNK6$aDIq+0t8couaqrkmP|D3?w_m=^U zCZR6zDT{)of}*_mfq-Kkvc1+Tkt`Zn#+rk>dqY=)9f2-Z`Z3Pl^8Df|c=a2fYwk6v zj0KLg^9J=D~on-&X=_w&%FDaFb$7GKQ}vcGQ(g$EQkU)gmGjKop-Y{35dpwrj!{XxDA zGb|!f8+Cg@r$)SugJ5luhn!%metnh8eaH}R$WsTr+NVw#0Z;H;i0J}LraCJV{f%;& z1)K4*Sh1wHB`z8EeQz_hp0Ejymkr5zB)3P62hQc%w4*M>HoI~;m{2A1I6`5pK7pdA zaXbHArF2BybPau2UZ#^2V3lwT)_ZP;7*wrIO1NGiVPeHP4mn?)sYXV84vFr>JR{;} z%<3fv_D=V>1!ac}CtQS9g^_Vyv{CFmr{$)s@=8lGug)1yF^{kjI5%lu;d#y<6buOg z+<@$|#@>~KnmCygv&Ct&Jk(&gEN)%ohjSAN){loLj8MEx6Rb>uNT!&wkC$*dXKN2d@Kjmy9jS- zB{g9ll~+dx{Fb>duiDT3Rr=L*P>^z>VBu6&iPp%ijdU(KqIyRwO_CN4E9#leE3hA< z-=^HRfMTKoWESm3FA`TtZT!>$bep;ip_5u3V3NFzVziDjtv#gsb!fJ7^vE%8M(#IU z|8~yhuK&&gFz`A3D?fyRTxaDpPH%EN7!(t$XfcYDmHCmMXQMAob5UZ)e3g?&?AVCs z9_HqiyVhwvpsf)!Tpf}Z_16wx!F45gl!)t6F%m^^a>dRgAymc9w(ZX=O z{V&Y7C&s%&RJ0+eJ$(p@MTg{^swAXzca@>4O`&g*7Y*x1H*0PM4$5zrbnFwdJEe9L zH|`I`JrT;0l@77O5{Khkv7G<*~eU0)cP0@mZh^`-6&P&2qkVkZ>d4Dy>Db zlTxi<^_3cC`|MXOEm#$Me6Li2U%fl0xMt42WVFagu*L^#4f*2wG9Q@WgOf7uCxQdx zLk=9n7ujt{DvPdwG*?zHB#*WnYf<)Wb(`&ZZTaWHO=fw<6pOs@`%~R!@H2d!YnTbH z{>qpMaeO4Qag3APbSOzH%yk@b8WlQOm`Q(PGJi{6vCxnSzY!PJ(pSZr&+b*674Ymn z{~$_rO{u!&k2XE7TXWiD1V1>U{4XfnBdU$6ZZvJgQo?WLr#CSQ4%EXH*+i`~oeOgv zUfm$q6fDz@J_!53t2 zM)fW?!A7Kv%9aU8!1I6@9+-mEnu#`7AMX3jar%BmoC<^IY^ps7I0+vIopncoS_^OmuYrFIm` zI1PK>#ul=wx5*m-?b$}Cwrb_?5}SYz0r4@n&l~PH-uK|}`iWgc*=(-UpE(PC%vo28 zW32|8ii|w_ahmgUV|E?K`Qgtpv3~GC{ClU4or(`wN44Gs50lvExYdQ4E7p!lqiHt& z)6wZB&2uzZ|5u?jnX#dHWx*{EUiE~!=zPWk=(rSH%QZn4C)_w>-L)1lN{XZPd5^dl zRs@IJQ6=rnwsY{BG=sD_IGU~EHwxbTpO zIkZunf3(X_wK_3$3l{m3;|mGmeo)%ez?9~;<7W&jF|n5JpZlqSN7(tmWGVVIBzZc} z6#xEpx+>V2@-B;`U4eB+&Jy7ZlZ_@O+(Y$K6-9zV!oU)XwkKTMVQrj6$fyx|p(cIj ziLg;YuA#TS7~Ix;St?;KUe;Zp4dkC220%-ER)15&X&O8?V%{B>xtO;_oAxxS;_~JI z8-noJPi?R1nX|V^r~VMLvu;m$Z$^z>GJo+#Co@Tvjb8VDlUCep;f82ev@+l(OdMRg zS6dN-Y`$aE*3aUvVO{UXCvJ6^SfDk>7CdkO41Vk27#Gt#mhHAm-C`cX5g8LOrJnf+JLT}sr@}`|mA+*dG^sA@# zIJ|vOdy4=o9CTwLg;ezMaG*`&J1V^`hdy07y-;?N6Jp-v^v?CK4~MJ*;$jMKwAhh7 z*sG%Va&awoDJG9xbKj@)bFUPG{o2^Zju3F1>G^~_Z)BqZ=0)=tg*ow|6(gf~{!+T~ ztUJ{3r>U2PzXMKT25UB%VGT@?2gX9ok7CRAdq+d|lqm(ve;``vXnw@M?GcV#^;)PB=z zw|?@2H5TQMobBakUmrY&N2ZM84&H{RYEQsR+H44VDvfx$?a|Px5^3^O55(M%*TOis z5gIkIepIcl=shM&$0m{UU`3VA?oJa{qdvzeJZMS@4}yi_0cq+wP@EUtY+|e>NF&_& z$rk=_bM!dZQO|(GoY`FDic^BHt0~nI?MJngAF<)LB%a2eaE3e(U@^Edz zDmY9CltT`0N&MG@%_tuOFm&4WWp)NZyk*vF^>a`PE3Zx3)$L^U1UoR&OBGAc*qKg^ z1e;_srCntNPJb8dFh3@5c$f0J2&-O;cXk`72VEFQ)+^#$)|X4pG?;K{KQPt!X?=)3+(XH#P z*pJO8Nme{1nWt}4?y8TW9BpiZ*wb8q?Vhu#>u+6tAJ*yQ@W0-o_aH8 zgga4i;UZ5~-960qxq#hlk+unJMb)xjaYevV4=8?h`$V>?N zG!=79F*kk}iXH7K8S`UXHi%;MuuRDk?K_d&(w|O`+74;s?P|o?-=?iRMIhPnX zE5Pwh@%*AVX)z>?!}j?Oux&=EqrcW)a?ofR?U+cDksFx2L|&&8z)?qyS{PX3R%D!o z^~ptzoX~&6Ga?lY91Z<+Sk*jZh!MgyI>`)xY-SK$?R?q#`^FGd6{_5!ggd?$JU$?9 zEQ$Ko*;FrIh4b^&faGoAnFMI#JZoXR z5|bD?9&#BUOlz!{iOg~%WxX8ONS;Z6NwfHlW-cV_%A76tdjhVV>8uQ}g*^@XIm#0o0*=o%z-LG)3w9$`pfrpxQllS}sqc3JhyIrB4UnZQVrlZ3cN&6Y@bf8zx( zB3JQYcNRM5UgADXK|OR(=$9D@1(UkWt%x%NAPHMMp-*jk9N7c9a3cl%wZ4I8hbw`} zMsz#x&Cb!|Pnb>IWBbiXX?qPiizqIDLv`nH@#Yr^ZWPBD$4hp!Xn=s-A|@m@5yRly z4=4va_z^YFQ&R}$EsxTS9I+l+Fa6_TSi|NXt8>6p9Dv$9;2=dB_+GKa1!$Qv#IGk!v3#gYiB2KbP4!Vjh{s8NqgZ6i$~?hm60btrrqx{ zq!Op?`80AXixNc7)2RMzSl`bcS+6Kt^A3q9X+@B!mkz*XA_-`E zICV0S+;f!sNaB1e-X^$c{@mT?Jmt~-7lv{Zi3a1c7Ah?~FN zX;}15t~)xd`I~tEZb5z>U{S%H4sHnlMmvJ(X50ze=$R0GGjsV**ehTh$uit%BwG@VMnmIAk+wFQ*%1 zqGQ~HjG4DpTg_m2R5JVxCvHGy6gt6T-dIPPD$&rUXJu4^dBy;IW7LN?wFXNj38jsP z?9hN~ubslI5;AB={)SI+|K)M1scy}wCHK9Ee*oF$%Du@c9ywdN*T|e~6Fu0EIgAcQ?vv^Db0f(=;RWmaxjp(2mig~Kn+Xchap@Rp zj*iIwOW+AR!#@XQuqZv*xKWxbiQm$e9)Da~!F5f7N7`4#oSu8Py+?au37`St2Ir@| zKh&D&)mWtTwn+$}2UHJoKt7HWi1GHE>t$Utmfsz`8;bz-SYakO6si%&U9vJjw)Ic^de`9a149X$e_Q?$8Yr z^t~o^S_^lt#6Dz}nvlf?A631p>BG*hXs6<%O=W85#%;D8@#Uc$MibTYSz%(PTDR0d zsg_fTvfe5iR;)R(5nIEj0x6uHDU(~x`2id`u;FO1XGr>8SBHTsTMWj>@)T2DdRkdT zd%4zk^oE0BgS9x9???G80dqJ1-A}hlGTv|hW8qIYgIDWt22i#m`SMcly4u`V)W=;R zxo|Z5K$ypsjsrEa3M=WA#@=094qD(xt7Vu+xy2q8b$eibcSKX%5h5ks)5mY~GaTGM z@`}D}8&ark;u;xZ5k+#rr$En!rF7&+l^j5cP{Zv9_e zy?Inq=lcHL9(%MN6)IHGGNcxPT9k-XW|FqFq9Q~^4JZ&16)hk#Pf2#IXhf8#h=>en zi;9R40g*XTAVdaQM*0w^2Jd+7pp&Ax^u!3?`49IK0Nj?^q%8QeQAwnd%)t$3Av}|i!+`-wHEOh`lh+o z=%2N#&FpQbfVr}1)Wk+G;b4k4z&}gbQQE?J4CL+;X&?2s#O{3Nyc^SLaPZEME0vG? zGKZ>Zvi@{>;Qi=&XUw=dKwalFO;?RpPe~6^8biy=#vRnXtF@Vo66AE@8p#t}Z_ZAy zPYaWbMxp9Ko6@Hs5P$egOeF!ryv4wU+xjU|FG*niyTnQO**PtrE~+#CfT-<;CU zzrtVPq}^eUUsM79^yR{SM|A}uySiEt(e;OU4>mnUrQYoMQliq&B5qwN*6 zi_`VD5rg;84wAA$i_P+B8~sN`k!b$!wtT2*q}E92(O&mMo^|StpC9~N;8&dDF_E5X^lenunF9x3DH;ZJtztU5#0=X5h#BjaodK3qwQ zVK@E}T%6Z{lsiz*RJY|rx~qp!`jpp%3fLzz74T|cfjfxgD+rW7L~DqCLt{LL;n6q| zLwA%mdY#0cV(c0M@5g|}TMHu1Up{bagq-0H6k0lXtGSj6L zbugEjT{>h|>ptoZc6wip^!hEmXSd4W-PauXw#mVDcUTFUskZD~br3~U)Fd=!y+jUB zoxvxqTk)j}<~v7*QQ#V_3+ls40b?H@4f`3Q|ZW ziK!sxJ2)j5Wy9(&hn2Ob${j4jb)^p@;2xtu-9sXv`vH`5!i~xb0QUyDm|2>oY7!cm znVvTpjA+O1arIC0QGn?+<|d?;DZ&-#6f983Lw!nh9dk>`W;blfw#gDFU_1U}|NqZO zP7X;P&u8;0Bl9;q6W-l+gJ#tg>N1H;`_*CZq(E2eyqbZhGPRVbg~yR3o4ran2^}Cq zyNLat3p})h1ohjc0tr^TZb7xB)YsW{tc^fqtNB^t3VVu5{r$=~A`&Tf;Ko-Ev!D&d zUJI!m_f+ld6Jh=3ZGDqU%wBFSLAfEWmYr@;Lo+fE&`X2k0{3 zXlNwX3K_A^MAfpDYQbsFDv6`Yj!eC(vIw${9emWY?uTq}Py~xa9s_uZZhm8L=sbb3`aLZ>S#Ryt^&so|7;0Rl&a+Tv@!vm;s$# z6W%{R>ib0F&^UGBWxrNDve|fPx1b_m`qM~J$eQ4&(^co1Pv9D_MJ)OG>(@G`VsJ$% z+&zsq($XpO6>rsV3R%Tg85sVDIS0$g_GK<69zvAr4~rpufj00AdwKG{XrGG8+79=fFvrIp!XV}p3&>5G^V;}h??4^aJr)|Q1jpfRa zS#;2*8!2>CD<;(pAS(G-?vcnY{%VvFh?#s*c%V*A!;g%hjo;aY!iMg7 zx;6|DW9RR>#6}WvtVJ344=EhsULtGR zJew~HXjNWbGZ*15cK-txVb*C-GV)1J)~i8H7Q=a)IBYnA{PNCqu1B(iKYnjnP@jz@ z^^C**yg3UX@Q*Q6L8CHEVE)q1j|W(mM-2=1HCuTT)B~Y|y4d93Iyc=oX#_MVx373NT zf@o~REW4y46O4M%kI6um7o3RuM_-gE-Z>BGRV=qp19tvD*GQNrzPkWAUf@lJ6p_S= z!re%?lHGS%3M*wlt1Pnu2J*WDcd5$>$SL}}oO6X4(i$Y?D5B+7Dwv-&S4A`Lyx&Ne zDo848D^*oYrbSSN6trQU8-4!**zggayR-BTvpjUZXOycmz>{}zdF;4N>Tg>!85ic$ zBH#rI`qZw*~2B(k>?_Bw?e;q4>vPqWbH;1f-UCZGat-n)1O|uwD({6D|>&4 z#%@`7m~&{}qH^oqTR9>={$zY=E1neIAJiQEo*{4!*20H$ehND0k*;%$5|jEN>DL+{|lPGq;px< z71u^Cj~7l1WBhUl6`~YG%x+0W9C?&z)8S>P8`$uYh|mJN_bkZqM@qB|6mAN7Un^z- zUg=t{qkH|N)<}@e1x=K{s8o$V$#|&5{73r09$K_ck9*k%kl~xDgvg51`q3@kNa~+v zM!BbYOrH`*hF|Q1VRhr5K3D%V!(w9ZQ0Lz!??GPzE@a7~QzO5IF+vbggavee>)Psl zl=@C%+~O~O(_;kE$X!ajjXrE8=&G;mNp1C5ZRd)c!W{Vq`QwjOoBXqWJWv!+Zno~; zj=E2Y*e!Es{Zns`P1@J9&#JZ~HUPj5|* zJrg-4zgEBizp1gfh&BxU&cvE$vugrofIH_rbfdYc@d6s zJ*|opI!~ni$xMMLMQ>NSFgA0okm`w%d-zVEFF6>AT?dyb-BNu1wP?z@w_tsjR7Rl> z=_LNx2ZqcK=!xifbXZqab25C=X;2rh6bwUd>%o+VagKiDvAFbAZQsop@ODT&YBDOO z=6fGllX@rHMWw*TLY_Wjix=uT(a_wGl+NDc?)+#U^^nGgG-kh6zE7U%Luzn5BlwTV zr(3<3-c+%!y;p%Pb$0s`^b(AP{nP+*^N6) zWnC>ek(ltHIM{JN^I_DS9M7fG-!mM>>4a&(ndIoZpq(M5k~jw5y197O z>%Q_nm!)MTHij>7_<$ad=*U|(`Of2}m%Tu@cqPeNln;tPZ0BVP>cY6Pl$tnl_s;=w zFy_$9^do#d_kBxnBoCPN>_M$8R~q4ry4hh%@YAIut41Gqq~yOFC%Pc{M`sewnxI8h zRv!%{$st2>%u}LjKqPU0(G#HV5txAeJm{|d8E#Zrat2%XYdY#g^$o+yMc*(*Onr)e z%0B)EZxNI6+zQe?w&G->F&F*E(KZavoO)lC$tkLvYCqJ_YEDs-rdJuI2(G5MxD0>X ze|SYfp-=6f78bfclWNNbIJM2Yw{fmy&mJ7UU;@-$;ru$udc5G_>Oa2p@%LX?%(nTH zpAUy|dNNc^HG{^|O!mHP9NTcw1oeay41CAS%1&Qy$7#9tT>Z2Ld0J!_AwQVeTR0-`Z7a)D-AqrZ=snX^{!Mpf^urmBT>YecAONXN56)dpxR+>TD^1h7D| z(8*R5Et1`m5GF5RhJxgiz}Yjf2r1da;Ce^TR{TAsMK|T6yu{}cnHyAPIjiNepf|5r zP{RkU#3{KGJ__|HnIrLxc6RbluElxd-(eb1F$R*tjugs7ZzV04}|lQ->~3I)?ANo}=}eMc}Bt@=I7t2#)m^(hBkkm_oIR4Lc+_OAox~_ zhFkbq=Fhcv3TH8)$7(;NoC~p9kW1S2H>NJ98aR)QL_!Q3X$I3%>=_ugf+FR{=oq~? zYQAX$cMo0L76E@&N)1qRu5Zyb39&$rppEZWUc*?`q?1fiNy&g)6~lL{yA`c;>bx;F z8;)vbm-kPeKnBeA!P5Ym8FxD1->edq+;C_2E-nVB#tW8NM!LuG{QSyg4=*1i0ua|N zlG++6k23uHp1s3`)nDPwO3?qZ!ZqoD0Ai*4+E4F3y*$B93>_LUtB`;-#RI@+9bU$Q z@F$FU!wN(}P^eFMkHo@=6kW<|i*i+BBzL8XEJod{dtXX)+(&LaXpj;;4Z9mrt7Fvj zmosO;L^LTp9G~h*`*4Q5f2n0qrS91_uv!2n=R1sDHnF(U7^X<39WkdSOpk*Hh9CwpEZom?>suU|Qx|Til`)qazq3!@IpmK~REoY8gP_(rJ0}@$BQz>3q`7osEt8%GK zAz=H=!|_ak!aeDNc%+>l9Xrm}gb+JJ4kOG2IbSlJ!O+*4QzLy;S2p15 zoTt2>NumWRSYN5zKdsOCSA`Y*|e z&c;XR$6c!yw!AieSpNDI-~RcX+cp#nH_XiG!S@zdj}YU!;)6^5haGVbHziDIJcNbj zZ63J}BL33ziLXL3uIY)#c=+iyas@vfqX$nfRInH1Z$sqPoTY!L-Do^>$n2JgI}0v-;o@JhXMtHwT^PEX zB~CBTEs|-h*GTLhZ+G}VR`f;sOYh_6fX&hIab0I{FL=nVeEb8Ec&Tm{(qXUX8{^Zr z>dn-&{2JnOwz$)~@h>YrTxXOLz}8qgiIVa&ZFH8WRNF?6FtM~L@Ft)wOgBo7(M2;k zcRjwtu_C~>X;f=~|1c&YH2TmBWQ;{0sDCfAC|wV^3U4s3<){fp`EfM{9)yp0VTi~F z|Eu-ra}Hkn2Kn)!9`%doYxZWm81qt$?QmMRGpG8_o5$-anoW9hp2t?yowq2h-udr$ zS6n_!Z562MJ{{D>UDUjmRviQ8NJYlQ%7N1Gq}o!IBH0wr2JGy?<%;V+*mC~}6F)eG zl^g5hVMl+?6);5nHLMfz9SPFS#ex15G0}VS&O!#`Ce}E2D@!#g;$g#*VvTYDU8mU! z*nRj0@Z}UltB5v|zs|KlmhjJ5Ou{d_3|A$6X*JXr$9nuct}X5v{&z6Ywb6JqdC@h} zbt8et`N#1AzUSW;JUfVoiA$}EN#9@40HP(X0RM2Z>qv8h&`An9v0Yv&BlX>t^pReU zb!mFEBe{^qj)#^=g_HZ(-yfudFGew^H`5Cju_uxuN1GvzC(j7#=g4UwtS;}h;nGzD z&CSu{`uZCg&n@vEG8yUDu$ENKbD@NveLZh3epKk7z?{{&bvR_}9$oX<*L+*E0dgg} zvQ+zQr^Z#c@!D0lowYx{%KvoRZLj&2+qUo@o>zpHpHs+M&Ribw68YQ#0uH&~Lb)Cf zQG-V3+pk&UhhK02pKib|XW_UQ($Zj%YE^0E+ts&9S)6EdJoOxnMlxLqa9a5|R6PWj z!qFzYoA^Kz)tehVta)BpnRHcdD+y883TeZaO)rRQ=J{f-$M#fgaya~4g5TN6-2kaU z7)10PuD*rjf(!^+{!^%O7>$6zO@J=oW?&b_00ntwAc;P8Gw}jzS`#gR0;>?2CVBSu zTkA85LP_|t)6j86+>{S>hMeY;ia8Gav_85U%0hI(%f?Xdp*PV|(3Spu5Vcc~3HKOf znT!xoi<~eIbcX!!50;$eN2~3u@P|@HR=v07fpwo8U^Lj&H*uLV&S%*kck>ytW4reZv$; z1)hsB!^q*iplOYKgs;R*gqWf~Tx7nQm^0ZFJaazu{x6d|4ym7cz5kRXRoGbbCb zd1jZ;+&}b=t+!Lp&E3q(d%v-Gc11O9x(!2hR1@@STM~~jS{O(hgC%zr7J8~0*02*C zh5IP%`KDQ;Pc#n#_Weru06xgpLTAdo8=Otz&M2*?=kZQ@RXJlmEaBnu+c7tZ`_AUb zG8y!KiAtdlEscAr($*A~gAVB*sT9D0T3M_vq9M$57{D3)8APGcu@ie-pAPAiRGXpY z+Ppj?$dNj&tftV{aG&-U?VDxyt;_%51O2Ue>h7xB#rY8mAbzuxB=lKX-3ZDsRfvG5 znd=jc>}HfIBBoB%-Cby#T0&cS-uXGqmTUOcSR`!mcK#7Dp>PD;8@U%1H~OAL4SIEi zN!ag9jFcbSm|X2T#zfULJ9W?N`|SEu232#8B%fG#q{#9$$zU(ND3U~j%cIY@`9#r` zu6#1`&^|0yQEJk{wZ$*$TYk>+%5FXXTiZ%|bdQ_b1HZX911>^v> z>XcWFwG?(zM3dmvD}i~hzZ-4K$eqNQxXp{;CaEOr#7IdVx%og#Tg~1;!RkKS}*m@-beb2@#*M6EPDI$TU4O{Y$YXp zP$Kj91SB7`u~!|!C=9-PV_l6uKkb;v9>hqz@we`HqB%2kA}hB@uy6BmMI~2-y53O+9EbZ)>as@ z3V-4!?2-l5_Mzi)X)39o$JhuqL5`ZGm+&bwxo8Uj@ojR!{nGET4(<|re%vhCP#{+X zg~GFcBB=$kr+G6w!8cSD+3jI%(^HrOF;gGz-1#%?;L7!q7lnmB*e;6LkkwSf-(Q7tgPpH}kM~_ZL z`+6+;Ap=-j`%z8d)}SJh`C`Ppgt*$-4*=5MILYdHTD`$S8TayK{MuH)9?B>GI(R=?5 zlvPN11&TqSo;ljWKqq50oYul57&a7)Hx`joxX^sl7&gm};h_*4 zSz&$;nXhO{^UOHJ|=8(rrV~L-Req3Xvbi$2+O5SS_XZTIW$JJV|dZ<;)dC}Ifk1XS9uO@ zhejj-+V^>&cnbzA<6_`FxP8c=t+R&~e-!>Hz5>9jh8 z2Q63154fOAp#LX6PMFjw{JoUAh~?uZSMs(`Ptmx!Aa)$A&+JWbRo*PpNLvJn*63i= zZXRj;iAm=o_>V%GRw!Jw)&V-R=m7_vzPuiajOmqU46>~3ujY(~8oL}4uc=aaEVatC zm_N-qM~U``hlR`Px+KR8RGa`OG)K4wJtrFZxOHf3!>3l`jSl!yAh)Lu6qOxHM2aJ9 z_rpC5*&>b-t&zYAJfbx`y(W{el zz`=hQkP|_3b?K0LnOd2ZPT(MkbMU3}rhoe_%Y}2MKGKD3g8x;f7P(fnt~fuu9S@Kd zp6@&exGHLHuTcd5V?HYL+1k=_8Aei@u>B@MJHdkL)mj>5oYIM*R3+U-S%&4eI~`OV zAF6>V&Gw0_L`|ROe2)grb;Y5XL}XA7Ou2aEcYZQ}8E*nYot^uIk(qIJI29{zI>~^A zOcBFTlQ7Ps-VYpQsIlJX1J;| zg(7?DQzdSqiTvCqt9g~hDl0N#xSg138gKE_8_iDP1b8AGd-18o z25Nu^491IvY2?>9_C>N)3_lQ>o;lDuolfmY$dW(|b~I*S+3=DMmM^ngz`x=<{ryYavRqrit`GIdWMV>( z60i`n>Yl-UrOCyK?^!1j7YB68tWb0Yr<|Dz&xgvyKhAe63t0sLY$)}n&*ZNqhZ&I` ziu2wrE}p@2kvV!T{-~9n|E_i?YT3?m#SRwk3_z~U9UtamZ%(s4QOrUoY8=cG(U8_Z!NGig(C3d(kZrA+{9A?RJa`C~WljE~2S+#PHu zR3Hu`Z?fP#;rYgj>RP%cjnDry=0mbt%4A0d1b+-rkEZysMMfC5Z#a<();?JRC3#_B z{xat5%T^~T5rO3j&xv;Z;b!dB!2D8pA@X{$H=*&tcqSWWtXFOtifF=8)jWyxLHk>j zVzb=9XNce6ATXHx-$P%<-Wn~K+5Y#cjlR^=%ep?kS(~MPv3xhcpRD;~xUdc)4Xyzv>5$lT&BEf zD+maIwO4Ohb3xYLIp3-+CqtoIQ3m8MUai@?Z`UiQgGnpyU32Q1=-+?u&fOb#4h~I2 zDtIy=Mt+*^K0sRWN(9m@g;t#0l8B`o99+$W$!+fbs+@C^DnOD3RagzQ6Z{9K0^mhA z{2AW_ZS-FW^Sw*YA7g>=^L+GfaSW#=fYGg}n|GilAwew+GxRRVDq)iTmG%ytK5pCn zK?K1YDM(B^YOvIb2~?@SofNA$Vzd;#n1$kqZ4xo6R^u6I^OXwOa6U>wmK9_GUv++0 zQn)M**eU(ADNbb)Hc|2muYI{im)pqx*Fi49i^XJQ7n=e}UAywn&zJ-8KF=*M9=XP? z+U7)A(5>0i?WBBwdbld!0=*oPzry8&^P^&_Y43>}cMedggY<;?Jl&YUcLHF{0qav+pGEt@|`xsx|rz){LTbx6AEX(i<_4iL!tt3q`D5^zXba0=s$xI zMJJHRd~fNUr}QsMnw|lvIA8Irl5MB&Mp~|&U>2HX^Of{I+AtK4>b{UM{zh}xPXEIx zI6(`#$#4ebXP_8DE*C@`U;1vbR3)i7t1&Aj$g(284H$iip4Xl$&3pB`DTWgJXj7;- z6Q8pScEreOm!SQQryjqf5ue2+vH0?F=CeSwu{xbW64CZG$Lt1{yzg4z;r$s*2Qv?N zYxjs`W?$Ordg~gkQQG8LpB4tecag6DnzK~0cZK@cE9@T@e}1~Ty7}HGvr}UaUY!!Z z&0igCl+$@r=-D`B9^)(LW2u~L(dM<2>T?S7USl?=b2avI-m7evY#^zr9lG2@j?SqRU#|Lg^r*WH$>`2^@71P@7X> z@^~hgOk(8UaeBE0n*EGAkAcjs$ly(qAEIuSeXtN%Ly_=8_LmtYo5Jn?%3Ye;U-Oi5 zgzeTQa$pO@;g_ zhPdfwRs(B8L4aE_uFa1D@5~4#!}5(pwA*^LodGhPJDUJf3t1!@BP~AvzodDtHZu8P zx#qw1FY#EE_yuWep2Z3Li(Yky#4nXsw7U-(Z(G@ur?Jz?7ny(l-4jzwPZuQhbW8u1WB0G^_$0&N!`3$=UO`M~_&4(YFY7#Sv`1t=_>5!r z)HtGS@UxXDwJ9@z>~Jj|3??}+Sj?e02xYeR;!9Q5LC>!kuMB`=S_JI#w`UHztqv#? z3K=4aNyK<2M&FkDuPmE-O{=ASYDFB9!LSLuf73l%kcqL$3mriV)VDCJfV9O{8Lx6f z1{0d?5x$%YwwhIqGyXfyi?+C)X0WsP?7p03hqaD8t{GHE|V}7!z|g3`6wMC8c-j_L$M>s7osetm|w6++o6qCL?9NQ ztyQL6%aM|Foh`~XMklQAK$XvyPyt7z<0`MAUs>6g&Vc};D7by3KDn7!D1$N>Sc(9n zwvb<8dX1#u_0H%Ln+Zx2$e$;trMWX+^p5UMZzZ7vwNpL2QMFmAApQO8h*i3rCp-Gr z<Lm*|};?UX3%f}}t{yH5LTESk8n(#95ER6w+Rr?hRP!hSl%_GwD1uH+0_cbg~ zY0?NLul=C+>i4*(1a%P#PMn)~Ok_|8V&tG6cOuE>LczKx6{k+sA!qC3J5_%#TH>`($4NB6C1V*Cs{_*vkZTsP}9|LLG}@^RZi#>7i;879bG@Q zK)0%MOcKrE#m^U7kNEm;bro@W4%zIB*`g2{0mz2Z^=!w(o7p%^0P@W@wS(mHP-?L} z&C7v{O-I(_-BN>FdO}0eNa#mek*T-*E#_rJz&B`Ls^0Gxj<4vU-o3S;d1#Y3{2T6@ ztcQ0Vk9}A-+wx%NsgS=!3}2yQ&57hb(QjS^OZ>1Wtnsj9*H-i8X`&_vs?OTRm>PUR zxEmp>y{J@jV-dc`BW&J)E$^+e#@Bm@=onl+SO|B8H};N|9wG*~K+`+R(YIyqxODen zPGPO8m4KSCsdGCJib^W`vn!F9gUYBdD&aehLLCNlclD5?w*}#Gxs9wHg_3a1cGvofTo zg8{KLkc(}(Vh%FICA5PBDo(>TDEL0II0F`KsDLGhmt?5thL-6_5=#Hxtpp$Sk|)Sv z{;dSEwStGgV zq~=GV52Jr!d`rhp6;=BCf{}%V=)rF*14;XjY3>v=hPV5wyND6REGYZ3{D>G(Lv!An1Dl%N8r=9_kDs zmG@>zRh$X^$-uxwf>a^GLh>}wctBKnR)IC-J6Tz$aoE#%xU=?`RkH(9 z9b<^-qyw;-fd+1TmyXuRo3?;-ezm3}pQO%*H5wBK$bhQ^MopR*km3;fS@X7}`Fg6W%VQq(Vzz4=ip%PIZ)Sq5vq5|8!k zl)Z{Qp;N%#1cZ?w*=9Mo1FkHXyPe+!0(U>!t6!nap+Mkt2Cdz>h8Zn!h7Yd1$KkjU zJ zA%jeAEEWvvnC1PV^;ylBd*!$ai^cQv?X)t9(bYJUpx2<5llpr(oDHS@QXL%>dSF5? zo*A*aANjaY+xOW3_VC);hnXK&`s07)S4|4uo{27deT3$*HJ{{Q&c1k8;ovtt48jmi zJpfU9ZB+Pnl8C>qdg^D*v|$KmD8dtgrHQTw2)iP; zi5#wi%+9#%6d{XoXZDdCBhHyK4|?_e)fV|Re1Hk3Mc@2{h#?B{dj z!t+um&Cvm<7%5{OnTCJSyk(5ir*RDIZyZq z`oX1QygxQz05^=HA59&E7q5lhEk9TERo#%6)i-ThfBaP@BI^@ z`<}|tG+Ah;Pp9dnrq=83_J+KG-+7S}Cia21gkigD&}2AA)nQ#+>N@>}Z>cFl9Iaa= zAGRY?I+FTyE|UCPUFaK4586>@C7v!Ipc`2)Z+W8hQBL6kZ*J86l-X#8?}1HiwOo(6 z+uM*?cZyiiT{utKh(k4yGLQ8u+~8KxVi@^ZHUu`#SeUFT)>9vM6-VW&+Me+|$uV2zw&0)HVT0WNqCZ=D zfyG6s*L5Y1S9%uj&`h{j&D|DR;mQZUAk}^R(J5}nM0*t-N112T7SydTzvcX<78CZ< z+}+Du*I=mAZew%|_A@%Bwr$roI#OtOQm`+TX%~AnJ(%)l-1X8QCOf>}N4`M1_uw9G ziHdZk%$UnA-(~Ee%)RnhwI6PdrnIHvD=n!j^R+IG{Ef98j2RMHNr&CYu@^=|S0v90 zc8@2K_1e1j*FevsZX6JXuJY#>u1zo*+(7ahn~*#h4Kg&HSWg~%QM6;>7+Lq{v!tn= zR};=o{FF+-l>c(I@~6S~$K+D9MX;!rsXxffqd!+S=9XF9kr#q)yh_P)U6*Sp)#u#^ zmkIhXC2Xa$lR&|VIO8)BU_LeEmu+xeG&5BdO)ZM5%C^Ko*@=h z@)K8YAayv}-uJ{F=S6$mT8F6DDcJY+>8HuiVKvUb9v*rXF<_y}+5Aj@`AS!soZ69?4=(myHJZd4iK!lY^>l=PJ|D%aK><_5B~6 z_l%S!|B#OR8ROg(?;Rl55uKG5`JuPy^)JgteVwM=+d8^f5O*r-{3zN?B<48bKHzs9 zUh;Do(@4%i_rOySyH3-j`<2)Dy=|}iRm?-!#8f0Q9D9DIIDpF$=z`a3Z!GL6!8J#G zv17jb5ZsF<4{eUP$=+Cs!GqZAG0S{5&FXmDE zN|R>!wsBj=#pjS;u3}P#x|FhJUgB6;(QxzSERk*foil4w!$}R{^TkN@C1#_cRb=dE z`gyF*0?wrCXCJy69P@A~`AZ2q;g9NrT_MlbMXn4rms4I%bs3OT>0!d4uelT7GNdGV zSH`Vi-J2i!|G?r(Liys8;VJp}O&!*Z9ZRaow65WWTUp1*WiKw}srVhIu zuRqm&ijJYEPd#LXVon*kj{Wi8tudb0e=^V{hCX-u(7oL*fl4fO7PEP*H=6fmE*K~0 zUOcg4hob*WdY{TCD>2M+90Bu#1G0RSEV=&R9fr*4M5cpUhhkbE#*bV1--mbufKs&J zuvbP{zQ0XDXO%P}1a0Ao9dhd-GQA?s0+}$67%rbG)l`i@&tGH1zoqBd!M3s2=(D#+ zy0lqR53`?E=1aMK*JVSs=$6{`&K^nDEbX4w*mFK>XZq*qU%WZxdFn=f%65&k_V$nT zM5R-0j+=bEfbKeT2-!e#I~}mXxipJ<>MUt^OZn)#>$3cF1GJ@cTgt@e(nq)Gi?h0G z?=$~p?3ui|TO3QxHoL1I z?yFzWZm8ON%trN>e#v4b_YfvZRQ-PY$f{WZQlRxPbGcQ$z#+KIZ2=cHnmIR2Lln=e z15a0mlH9_bkJ%_0swK{Tx5SUZR`MBhtmXXD`ORqr>(rukE%1%Zqq1{oQE|Au>?o{( zZWgo%7JlFf7Tm?R#0;@u1g|g)Q~(e$(S8@{G<%WTQ3zr&U)3yzNO`;IFOe`^>Z;=q z&+(1Ri^X{Gd3MASYE0%St-hK57EQw1G2~Xqrdk!yHVZ&XPj&70P<6bfb?5ue4Kp?A zK2(kb{+hWq?tO?J>ogK{fE1v^=7+ZFntIGAdk?fMjoK|~1=pE3o0VGG4l@5cy zN4bJszJgGAIq0M62Lp_oe8RnSd@UxYty@!fg&7cbnVueJ_S&Ow@ri@4QP_0i7o$uq zZIxcF${p@%_`-GXcKIFJT7-D7kD(2@VH4MEJZw#F>99EOL!S9&1+R=JkZi@vM{7uo z`1I^}%-oiQTfVa-H|~_zWDQZne6=c#k$jv#R_m80eXPF$!kepFB}*L&CTa}1L2vPI z*~x1!RwY<1Ap=t02>a(fQbr%iPVYGM5?L@UT8tOqHOOx1V;0n@-6DGJ-0gZPMaP~) zIMkw|Ez-S9`hKA~o{KrLd#LD7fk+9+>)8EG4(`(p6=lkd`~yN3$=L4}d%7n87RNc+N?6)f*kZ;WaZd|DdpciG$gk9Gf1Kl55uw1SQ! z$DB+2eBxc(WgdY>pWQS6KIjI>5#Me0Snc<(cWOIwSl(!%m-1iwwKQe`AO0K%HYYmH zea*i!(}m;_$hvLxzSyo1vpe+RX5yYauLRhsF}{=XL{xj=KRBcC0xOoZcO&>%@dk{O zdf~Q2Qol6T#rhYfZgBJPx{Qs^AMl~yA+rwTvK9t!4gRM$Dsn{$8jqi{I{rlNz(XJW zuOX@LfF_wjIM8=Ua^ZcX~*LwigO`*q-@2X5jN|AEpZ0v(=`puh*diW4=yPT0x480;62$Ma_ObpYCKQFv^($(jzJIIXu1i_9C$H0UmxdK5 z1Fkvo@7gzWHzxNLD(7rF9+W-GS9O#efi-M-6@%2d4w+ErBt8V@d%;+zm{fm}irVtQ z#g35D-6CEf4WAflVX4uraGB3TlFUmtyr7N7mw$T7aw?}EoN_tbXr*HXM%aGeWm%7w(37p}C`lrkaT#K3>zuoZ7xknhV>J zm3wledjw_n%V#xP?hs86c_yKE>}>V_Gh)mEJwW)vIvdS_z(RImp^}#$l7z}6;D?z} z0+3&CtV5QN8Ww5cfJ`u%I>P45yEFxht1AB;d9s1C@4T*3+vM_Z_AUHzXs8r_&78b) zK&;D9DChMxZ4+8^w8{M*X%N$N^ZB1F8R>=&d7LkedFB=KzVMfHr#FMS)Tu38-$e0b z9ZnOXdh;FaCh_BCE>B0FA6~iWs;Bt$wWs8uRFC~fh~!5|;<^sfY5`P_RN7Pq6e!~M;dV4^(wrY_eW%sd5 z*e9T9qXc4<=YlR+^9gA|S1e;t(2?k^l2LP+V8Y!GYBWdpvf6j`DaGHOZm5`TKts8^ znM>XG%HN#EZ05iE>b2`2dNQKfRT>?>b5e`kUTQ83P+*g8&9^;ideHo4u`xPt@Mqd? z_t{@4l+<+z2M0aL%1kXWkiwsIex7($ACoh+l@&h$JDg2j% z^;aT3o)@hp8K>S>dE6g7!f$vLkEYVs$%&>dU+iEntcN}1x3BcCa)w_drr;kt2yoZw zLtV$CWc@KHIN$EP+kn^6Z$yK?`h#*K%l@{Xj=s)z!aS{^7k%^4l<(4?LzWj}rOX4;vq8KW%I(K72Y8dWak(nYN7d3JY(9DAr>9 z!t+M8_{gzDf~h9;wQpl-^r>@AI&*2RYRbuq6rfJ$ywTZlHwAnfzU!C~YpZu#_j3F; zLpA7bf2NQ1^3^eqT=KDwR^qDsrLf8--{TTrNtKVyoQqM0^f~?VgraExo)5Y)dS&g) z_m^m$Q|D%`iSBQ_!`v}5_fc)MduAIgKda>R>)fP4(`PrEJt=&d$?w*<;5F>G?^Ku9 zsgUB)0#&JzOKNL>tlRHQ+|s)hjC+C-ofXb;7K#yk3{Kl^HiJnNA0w;g-UZ>#4@U@H zJk|&(=T_wuyNUB(6RA(an|(>IKQa8BfQ}%Qv|I!;+@rImul?^aEzM`UVZR5LcL~X^ zd7WILL_746UXXA*4pkyUQe}lwpXZqm`jHZLJ#o1sXIEHy2F0bMV16KlhbCei5S0c8OFh7AKl-SXhYVfLSjgH^_e#DOY}e>rSFqc z9(oStFmO*nTNfgkoQ4^#O870gAMW|P#{gw78#Kxd%g4e?WGsETozOnZzo2W7c=1-t zHiaNlS`Ps}L0P+qjAuJ*khAcZ5*zg*SU7uIWqgV#V0TV2VB}i5YGh5{=OL=O0qZ1W zlY2**N0y9Y(qa(xg=Qgk*A7?A*hFAUf24QLjV=20 zmoEs#)0Qd$hX2SdV{M7+xM_v`x8c{B4YA(f4(?*Q9oN?X7WL-!$p#NC`-%*qO`Ty6 z#-TS1F}Tl;35z|}be+O8yas>X16SzMLf2TvRZ>#u0iSQy-KT_qEg}o87`TN%Ad0Me zKKF|dGeh#zbyTag3bI(uNA1KnidslKl7iP^k((+O=th(m?1>A=Yr~8r@Z45j4b#~M zUm8ke{xfeYc`S56$6RhECbV3U4AYnQlEpljDfE~Xpf@p+HqGf6hg0M@6tRj@BUeg1 zrl9HJr_lYZ^tsoLNeF0hJ!?=fa1?9tjjQbV|GJk_AL=}auihs`h~)6PK;@Nn+8484 zHm@W}WORkFRf;-c$&ib-Lo>g{XglfyTZCnNxewtVRkHyj`(17%fY8 zJ)sOPfraW{5N{f&|0)ESsHZYF0VeF4ELo8!6GXrr_}35-tbDLW^o4IVOIjJdwCXPM zY;zL%^w+LF*5A;w5^(rcr_5@uN9Cu9%@Q{g;V{c2fo$gmGui0QBXfn665U!SR}Ws6 z3u#m?QU_3^&{b5(0KQ870XFp3ICbn|M>RyY6(+$em=Zc)rdTSq{w#TY}##`qY)m5498yu;c-5j#9m6O~=&1>)?}Yg$yW_!R(pD zvI(RgKU;ZrEd3y2W(*XY>k6}VUf8hpd8m1}dc_Vj^lxo=dbr;MF* zHCQ$wZgds#JPHw+-MX{aE5GeuH*tu7Hpu!OT!Sh1FAH3~aj-RVBBL#njvh~v1ZoRFs?`m{IsbnHu?&K@*&)Uay<3m_#1W3ya`pt_Q@qB2Uq8sle8PPB#Y4V&cqI!C3k}dj|Eazw`juMi)5>OgDQ7U zfgM3{ROJyrTVb0e{cru2Vg0?VF1?tKbi?VjsZqs?9b=Q&z0s0>B(v&P1|=0&;-*(A zwO5)!Ui~PKcInBBcLLw*mgCko?aCGX(VHHUCO>)i?`zTHYvX?yD6=XK=2p+NHAB!! z!jdt6ecHUUDJLdx4*%BDw@w!~a(DDe?kbFFaGKql#EItxrt-?Ic?iCVw46Ih*JP_Hn(S@DJi;Hm*5*smW|c#oJU^$Y-fE%M6t?^)N|QOU#I*B}sX9MeqJ!gKV;|e~ z*10Jnkmo25a3+av;2j^}=PGdFClELM4tU&X!`Aa-n3@Fobz|S(Ii_PQaMB-!yOG>2 zu4wAK@E(L2@@M%M0fB9dOE57GQMQJPk-6K}R|)qKDRv*YiIXdYe~XbBbKe3PhZ=HS z|EZ!t#u8-Z+#bYNqgwNF^uzamk2X@9*#U{Jtj9xBS2fUg`%Q*S z?HOMh{;bl8$#DQ7PJCg~no>hN*)I1Dc7`Jd0umvUV|>hbXA@47r%4u|>kT|fqmLsn z#g3v9oq@VYZ)0xPcHS`(dCWvym>cccv-4Os&hjDysW287q2mc{g5adUaoHS1(h zl?e9!%pQ`APcTMTeoJm5dMo@u1$X&e2Q5g6Kb`2VikkT*yn4%CqT733uu}k zb)zc7Z&Br?aC8xQ{Hv*ztrGoNrL{e@;q%85zte{!;&TGZH_0CE9>2e%|F{z8F(lw zmkB$&V%vQYz!J<_;Hru{?Im8Q?cA=PQAksIG7_q1toPv|?sVhA*oCKdd6-J`sHi{e zWjX34%T#?I+HVN(`!6@-#56m#ibY=FYj#bQ^fQeguN$2<^o6sb5p%}NMh&*`%dI`v z(1Eo~;uYPbXg!*JKtt13aSI4*Gq2@-FhS&zNW}L+?WoQ~8Sqz(NL86#V6p>l4WSZo%J;f1ZcnI@}Cd`ZnTwGnMtx+{fnZ`fTXe;_^ zo*@@LsDI4HU)kUHG6B+~MW3$ygCyq$g6bJXAf3q!hg!O}(+{NTs%{8ONUCSLco|#n zygXT*G^+D3p*u0pCS0=%9WBSr)438owb}V{XzlXrz41e4bykYWj=dJRW87`fRV#ug z*YCl`*x3QR?b_~wDUhIF=wV`hz+}&094|87!M!Zf>Gh+j0DSZ|mu^s`WWCp@2t<8n zQlp^3AW@2jKf|oo-SXT-033MkqDvnJEz2?%7QpM^hUp-er9nN-QVcTQw8A=Zp0TfPgN z`PYc?^(V9Anru82!a_+Z6S9_VfmgI|3%|~e!CeW-QE2o`_E*o9pv;m@6s_d0y-ef@ ztqAJJ$1E>5ix{@B2$7V|CQ-b4He*PkLuTeU%g3q5lJM*EQ)Y$2`Lo5z0E<5Qlp51+ zeaSMf`fCSlH@gRUm7u9ui}_b-V`Um@#YUdfJ6zbzOXrYGDv^~N% z@*gbhe5@&{nZoJ7_@mW%#H^hY{w1`q$#s-Ab5hC7a2`LIxvTe6h@jRP<9Ued*502? z+)o-GcA7LD&eOr{>SK|}`E3VJsZX`KeVL&}pK(_S$*yw)1n%vB|0JLEKZ5oJxtY55 z3)c;rAdr)wiMqrb-sg`2=-c9g@ zw`*z8w|!Yn15|slfHlsE_9L=}Q8N`aP>+fZLMITS|H5eR@V3bK?+kD`{P^gVrv-(U z0UEeNSuNQa{dP^Cp(0tbGge6KBgzDoRguWDr%U-0>LNesgr+GbBSJa#;&%*M&a}BX zGp6D!YiHS#>-*Men0Mkh0nPrpr$ny4|( zcH)hn5k9S&DM!a8(ZvG_guOjG-?RKFHPBAdmBY@TF?po zfR{bWCCVqRqwd8Bg~oT}%ER_D^VA}7-!;@d-3|p&-rn`d9Ozd>Zr?eMXa!E$8-6q8 zQ#b--MCaAYMY!^BI_9|j5LTj|ZqTWGqTtD4v!f5jIUbZz$EIAa{U5lJ$E+Lyz_JC} zG&4Kzw70*;A^ePhGswzWz`a~rt9f^97S~2BmkFrOAHLBw(cU$F$03-iyq(h|<{nU~ zNz~|e%sZ%e9R@qAF463VBP=a&q`(trPC(q`J;^m3g1fq(b&L-uD$B?3QficQ`WVxm z^~}J~U}wIwUqkI`@J;_3q0YW7{7l4lsEAfTzs~L?{vK*(ST1 zPX*pJEu{UvWv*iRvc^iru48_sx=|^M|G?Bwc&FV(b1<&oq)lsmB5~&pT$OF~Gaa5M3JrMp(-h*3j>;I4_3lWEi z1vU~+%0F6p*OB)NGQ;%$Ryb7vM+n_xGXt*CX!u!5W5OTwLi`I!v#i2T=;eolq<<8p zDMAPEWt+Ayw-m=h4M+PfI66z3mJiIOheFR>Fpt`lvK6Gc{&;0^LP>bBg{XurSPf?~ zAC(F?i%vP??HggrhMh>Bfl>0vF!!(HxzkR+yt%XIrtYD!BcjAL+f$kjvJ_Jm)eCp!7;JM3rkc52`|D?1i~h(L1*CrvI2*_zN7S# zsMfdrb$?wX#aU&5=glET@a5ReOzBa?0K={!!$NO`y38FB#7a_zvnA@UboX5R^e05Z z;#G-u`aT2|WPt+Ij$+_TvI(zu2A=cJstQ>MP`)|ZGO|+^a{ii@2p#MuC|*yklITjQ zMff|c1h(w8CkKftpP&u%b~c$^k_7iC^>JaT4L?D>&euu;e?#}nhEQeCLn>2%ZAu(} zloZ96xvA%&S_JIERbj67$H(7v+>45rl)gKtnfiO?c~|F!Db-pNG+~G#}}C@Pwt&dPo!+cUtjIrx2w*bO^)Z8`OGZAOZxS& z*N>8dPN~pLV)G8)CeeiVG_nNaAV1Tv@z1DvUYwI&>ij_vR%00ApVi>ZQ?=s^SRXzz zqV}yRQqV<6pSla|pLF(G_G&OtEkyZ1;n$cTI+?2b?swX`Bh`nzkACZ z$b`dWZB3|Kc26WU;M1cWrUb9)a`?(YlJbCNeX(Vgp9CX)D5+dOXoO=M&Tehyp)igU zt7H3i558K#35})H=MzgoplJ@NwGy-AH}mQ_RWnlNA1 znOfWyy_G#|od<$=1|91gv1E1Bu;=sR$6lgAPm#L zAlmH$MX1qJrpln1ZQV{PBe^=!m0F3+E#;Ts%2?fm=D})6FwFUa7Xx0m*1)NOOaP!`q9cJq! zfP6mrAwT%csCB*|>f%n)@#!k+Dh~PQf?#=)04{l!5~WRCN2`HzBUvEskQy;B`4f@^ zyOQy~1u#Ap5Cps&go=MTJoAOhqO$T-6$(GR`D;YBYb9X<<#QEt+Iz?Ory+&-tP1#W zG0?^^K2JbaqYdJ142E>ubp%hx|2!_Xv@cae%5<5-y3zEBib23IdP1!y-YTNpGzsX_ zt}$oe+O2+)&nir`c(_yH*M36SES6PoD(_Z195YU88UlxD7*A|LF2|)EiY_v%Ml9tO^6fPeEDP?I*zk>^b{>F(p_ zp!7_CTs&GT`?UGjyo_BMQHHi z>!MD1c1dm4@3Z}1*6gI@KvNT-xj-9|#|g9FD)&M2L6mk|-7-G zJhAjn527aUZQujAx}V)gN)w%>1g*5)12Vf!c!|9_Pr(8vMgSSb%J4fIjmxy5_`mm75zAYwd8job zK~LaO<9y73W+9KfXT>|*aJIwfz!z3|S{K!}TZSJu3%!$A!8MP^k&sh?7k6IKz4j}{ zLj=k%{H|7C0!hjB!w@@^8Uu9LhZVT+35bCo-q+&${;rAOK{Het?-eRHMWz1y+< zGhsGkA99JiM|fy=#F0NPn zutrngv+!kWxW8AIBkAG;PeA#jw|9Kyp$(k?uTLX3Yu>UY*ejG}Kj2_i88mvrfjn_n zE|a3XMWVN^5+ua~JKHG_0cG<}q%Hg^rrC1P41D12#vcIyaw^>2#=<;j#UOLq8d{Zz z?E^A2$mRfBvt-!aHx=1~_+wU;Ih@x5%BaeZ&ng@AZfb1bMpnSrQ*e*ZEGd#to=wiF znlnQl?r~tEZqymREKWxWfZ7`fJK-W;gkEEt{D5XjRL}Vj5{_{`%lyu)rT1hPNP@OPsh|`?HrmAi%+!xPw4LQx%Bi7@sPPWPL1r0HIe5S=z7E^ zWvF&9JA6J>$|{btou^UiX~RE;?Ud=tFfz8Y7}+Meb{{Hm(ULgXkZi6)N&miiw8mF0 zEeU2!iUkBx_Lm?<&ma`oB>|s+M!}vX^h4J3=7!6uYHmq)G+MhF=NBlp%9I9PsINA{2=9 zMXd%h|7xhQ^TNA?Ss<77@OZ04T2>$s&XS!3V9&~a$1@q*S3o&sUO_hb4dXZHQ<+sKyO6tgvK4oY?T-C|I@q#1j@NtA zKBl+TXx>8oFf}7Lra3=Hs}2BOTAnyxIoY}9F=I0=u#LIh0;gPQnD&xu?u*H;5FY7y zU3osJP~MXAtV@$jyEGI!|HFo}(z2UWwfnGdwOj&?02eM*(7I|Q^TgJDJh2J!w{&0h zY~eZH#QzuvY!O?;oAU$WJ}YL8x%?;C&>V z)|WrF5oZ}ze6!^0iCa}bv&frfBo`Z6#HOaF4{fyXj&0Yp#O_kLpFiorK(XKWu0i{v zsc}vm(ZqQ%V>wB)7xVTSHvWe7d@JZ;1Hlo;C#S(N;Cc8=xn47-Nv$UjX_!s&9*k1j{X_Tw3EQO zvLHTX#lPc^LkID~3Q13FPdT9C_8sh0hU4{%@UkedU(g2qrbVm*6tfDJwl^Xj<{VC8 zVtNH!yXmE)7F~8Zb2JthnY*}I_PeI$O?AL!)&@iO8b9E7JPhtuGQ-N^! zSzTr&w+Fe&;-A=&+OR$&3>O3E1I1M85Qjat^+_;1z+M7RXu@-ke6K^xc&*y_tAaaa zbS6l%r2<+{8Fv#68dVi=ZjpLKuY3FMt!`1$N=S2LzZMn7Ax)~a6Ust38%Iw$doqfX zq8nQ%GhXTx{KbdvBff&88r|_CjZGqeU=pMX8c&lo9dkUb&pQg6KFZkfrD@r&-rqfo zZ$>XR*%WB11ig5ZwvzU`=3f}Z zmluTibTM@?U$E{}K{~<)am?kv>04`j@auN&Pf|YxoH@D&U$>(Oe+_kA{~4%07pp~D z3q+|lb^k8|r0!SVJ}&(%fczvOu{`2F%}5oXBM+MwayW0WDmW2~=Pu6j@)^2iIWHf$Nfqyg7V$QiHtbcASd8^JUN*@|cdz z)2LV2)2G#AhPfY)oPA-1%v;AEI<@6YN7O`Sbz;by8zIS5sXofP*m%jrpCsYhsaLK_ z?xapnLScCG>y;ex<%Z++`Hppo^udYq{5^1|raG~|$wvMR-1>mzy~X#WvBClh2G=# z^1I9B@ev6EL(|bu^Mw~25vjECYI~o01ED9ahCNR>0$3`%1}X@ z`!L@^bnsB+V5ufgXDl{VO1C_Iz3jOdO}faIqA;{|;ZpTCj!SCuHacqjf8sEjgM24w zdIhUzer#To7OU-v0A6yN4}hET;|rqEXa(FM1LCau6KIdQCY_K~P(Bior@l3*V{x^%g+Gi?%Op( z>-+dJOA<$05Eu8W-kA$_?UhsdYg_n7Q2Diwm*V@4|C+S#-Wt<)xW``p*^PACEOaoQ z;)uExc+478tE*Z<+p)LzQ@JI;VRY7u&~n66KKTGuEbTQQ%Ya*>(stoy_AyW46K5)G zHh`|pMs%$ZePEYo*k}xIQ>VI`lc#(vV;7pWPojJmLK09TJ7ITgp@>$|_@oRRcLJ2v zxBeUIwL*j8V=iwqVm&o&rIM6V8j-_E^%?%G8L_yih3*o;iVe0o1%fq45epq!f4gDK zzcJ7Qy@&Bk+u+ zNAW&7jSs>Sy_Z8>`RMXn^=Z6g_7}~j&L!Iim9q0RCJJCLOMG_o2GXl|{vTiapovP; zsq#~Dvy@I&Qou0<7X5aB0cUT_lZ5aQCdf1sDgp;m!JlPpjt~xLmsT59TD*&KN6WA; z)4~~pNZ+YeVk0njzEa?qo;lb+x@9<<$x5JjT|_%VeyYd;;6Ud!_*T}y%Nf+gN`c9#i zlSb!ImcG~RLBAYU)jIGN)0M#k!qNaMiUH@ika}{HZbxjpM9ZuGd@?6$E__LQC!7p{ zBNC9;7r^|ZZ$%7T9{qXD~sr?OA+(ij*Ea_bF79AOPA(6vsWybmD3PkuiA=950Bv)o;Xnw`ah81pgA+hG~!~CK2SX3f>GgKv7cR zE?~*KMkGjV0C$CWH=@lsWRtRG|vDVWvLNw(zeHC@D=uPTouIhVnzZRs{DwLMro~5 zF1J@vlpJ21W5f&5#!Wh0w;(y|;K~OJZ>Ve^$X^{?yDem``3QEpkHG8PnfcOc!=;1& zp4i)awP`--2aE^4o*sCZ1DO~;GEfQYeN1m*x2~0hOyiOCe;H3y<0X>yBmJevgcDA) z=m8{8Uby%J{8~eoPrQr;vQwWAx<%n9#h1w>tB_r=&`krG5^l1xEbQMOW^<^t`%u0W zx)RzRn>s@n&j#>fJL?w!Vb5v~rZ&s{;b3^o>!FNY<6w{S6F@np%{hHC8WYLHCmB7J z^hh*ZkFP3r3JN&A9b*v(6+9-har8e>q{t}MeFA;Od{vQK#i|>skcLQ0pb*NWG$~~e z2^-XWeV!-C5T-e?nSs|5&ns`)@2BGG76L1GJ%HRNj}}r{XvZB_o!kExXu#6V*_oOej!5nXh^aKqrMe2qiNt zIk8`95+EwI-pGQr1@LsFAuq0Ue!3g_9nyx+uHGsmhz01KM5q6$ zrQf;_)jRR6YB~VYka;^RHDlmpM85(KUb?1BW*e5oc|H`1yseHvQog>&M&7pdHwp~7 zNZ*gx(5Y1?lPMo8N#hTkxzHc&tO}u*%0{C5a;8r1t4nq)0y`B zNmo`H$)h{&V5VGNKC)ugPRW5UJGS-7>k~Yps4TIF!P~`9d4TK#U1J}A7?CUNG_!wk zRtCB{lBo9k)%0F`lIw{tTtSkibc7Dp1}N)9&>`2VX~V0?RfErSGQbM7vD#RG@A=Nw zIxcLjF3&-=|MA_6)*}#m(4$?4I%Q6N9K`Ru(blgr%CHW9*%$ghc)MyJ(Uzm6rg5_8 z$bAJCskdje4BP-Ya02*=rj2mDo9QMbr87@pF87J18aeTI4datRI~|f-p#)OWug`PH zqtjh`oA-0y9l54aZw?!Q&UL*%E1Hi-!|KEaFa9b1-<5aM5|^}MQ@Fl$ z(BDVyNzLVzy3?Bozed+8q<72qrIr=EzEeiebsvcb z9n_`Fem#|6>n;zQJH#WanZ%d|m_mg_qA)-cWQU&I5(WA&&Qj08mF+9)7nclIJ`5?$ z833JEA$$~R;a6wXtR!GW(B~{)49L$1~zpc23xkgDdGmjy`Sl4brqAj0>6tp}9`|Y$+PIeMk-s zo<2Zch3f@AsR0`Cl%u+*fjYoa8UB+2oqU@QgAt7rU!kDAsU>AfmRzjhZY1qlqAhEH z7u+oyu``y+d0|}H_6*g7OEI=EUY}OBr_hFz?PU|p z?eaq{SNWp7nt8th2@8uEd$FErS=E=&WF-QwJB>pxberT4h09dMA}8hB%kA^_9yik2 zD(UcuzZHFYXzKRJ|_ikx0flpTk>I*ad`h zKZebh{fPX2BK)eLg;7J_``u*O%f8MDwX;d{(`80(C8_M)kP03_+JKYqsl=0YIGXGu zLwgi$ma5i(_p1l}#xOznD+1h!+r-mL))PGB(r{3xe_&-m`jptzk_>5Xd|q)_y716aY?S<4`hG z0*?;*5kBe!!ZH z^tlmXLE}T7`u@KU58`Hf+kEz+Eg9T8CxUUI#zIt^uoCe=o+szd;W7K>Y%If+p@G=G;^ z!(#w*{eY6lPVP=&{GOsHgQ=CJ;5IN`W9?I@&X>{sm`Ein1);=3#2+x6KTd9h!DO1~ zzYU0^)f6ti8VU`54S6*E(U=~cRpvA^d~fECx(}?i{mp`@~TXfj}Q|H;q>vYoO_QYigKSwRcp5Fg2Mu3ILYh-!l#7Xlrh8!T*?V`Vp zv?_EI4Lm1)aHkJKB3W+{A_GMEv^~X!Bi<$m8K8T#$-EX?Q++CF# zVAkZ!!FZL1H7l3p(cTWR0Aw5S;sI?u@9 zf54F6mC~U|pk0Ru0M!D{bPE6#}@+> zNUw=l=o`_Q&PI0v&HD5mC(MUy)1y*>F>2`5hY|F)j*gDVg+{f058k?L?^t?h{4m;c z;?2m(>$eR}<|*>3B}QWLw)M=aW?Vcfl^BL$BvBlrlGtn1^q6NmkAY4HbGK8^EUy~T zRVTgeFRZop_b@hemM&Da!RZNaI*Z|zn4DEQMi&*}_C3fYg?1k4SeT1zE>h;S77-IU)-w z#d2z|&!}?P=8`LG+g2DpAk<}E{Q%*J$K~aX1Pxwug_BY;hfz0jX0oZQ=yoj-AtF;th|{(I&~+!EV=^%xvSEtns;jUULfTQt|BV+I`v4mTQ2nvcoueXvhpL<;Uar|X## zP~rwP>`XEpcHq^rDxguI$BqaZBiVddQbN+$-eXSt4&cMm*bAzsmin}7&he;7GE21u z%tY))h$mJYxrtww2iO%qmPs3hEJ(4x$8V*5_K<5IsElJj60vy!qz!CPk-Wv zExv%nSPd7gmAyEp=e6Io1b2nvIOmm-n9}`zatViv00H<=-vy0u+5l2Mf;ax0Z?y(e z=`Lg^F^6mB)NM5%)ZwwnFG!e=R-76LyqR~RPwOiIxi`=yBO7xZn%>d@1)m)zb33@D%#w%wV@Dpu8ce~m}KdG@3ydLD#c z@Uw2a-c6l#o$M=3)NoeeV@8a>*66}Fdatw(P*&Rrb=r!03J#%;|r~8 zTwXcV_~njl-E$PTU5ljG*ibFFkAUO^h_L_mtHol%oMYU|VYRVjqhtjeOOqLTpF2O^ zd|RDXHaOnDJGF>4=FoKPi*T)|m6aNx*fVLT>*gs92pO*4;5q7IC7id+l1$ZIbdJ;- z7jLMqhF#F%frlLO6Aq&t8<&gGKPi2-@gBO6P$&DGD73^?UQLWcEy?u36->MG=KDDx zkycH7vIh7+dS7mk#TEWQv9`Q3Ta3YpfwwGHTTDe?4}a?+Hu)?C6xMQM^?fK&A2!$Q z(Hn~fHXuzLK?sz3zDY8{&gFX|eT6d~|MQC$A%piH@-8>c_xL6-3ltFD-1+Np6TF?P z<=QNzmMDSaCr@#^Ta{s>qgW>IR3{hNkmOnH+Lb8B=KsA4fYB=fqeF-((IxG-vh@tt zMQ@WkK1FZ;b?GILk`>WUGc$(9%x<|Qr#@!NO?CnB=hgM==N_88`MLm|m1vm#3t;`G z^H8*3pUzC2zgl?u*6*b8`T{GohAV)Nk=uLy{`^mVA%e~KB&_$Dq-iF(n^4*vq_OA! z!JU6j+FH$>Z@6W>G%R_&>$0B#*AtwqQH|X6&Z|4G4#WADPwZCKMirtH_jc4r_CQI(M9vR1(# zPfO^vz{`$nT@+34daYuV)Q40SU;Ra0%4-MhlK|a@=h`%z9sZwjPyzm+RR;`TATIr; zQ%N*|gG)7V2`vFk9Lbcw6L7|7PMDLM%A+|Y7LBdHr3rA7pPn$aJnJ_PFHQ$Nr9vikjg0_7|2VEHBux>TfPvG& z4Vlb{XOgQ{|FoK>U%KO-uZW~0TBc0YZU%g?D| zfUz$4dR_cTW4R(x9~d;SnNF=X!W4bdPc$YeA}IGrM!D9tBOmhX@3loP_<+7k-SF$t z3#p-3D5G5&^wgs8$q%+51}?{_Q;ffiV_Xl2QKFN}tl4jDT!rZ*L%1 z<7uJ3Dmo9t)(L)wmUp3r9mLIc?aAv^?R3lSaOQj3GTciY)T8xAW5-g=9eF|NqKw{l z%Gcn*l3?yC7R-)nHY|a<*AN-aqmW%Bw|Ik1+ z+(>AQFA4ki&i2piMo`{xJ$6P4cP3#@2EXyf5TXNiMm#h z@2gHw>n;x-0iFv{TFDuta37n{NS$rW^!-w=3J^8jHlXBjQS;O z!YsoUnTe#pLxU5Vc!LdEtp?;9yxtsWYV&&}k)cr@e)=1~brmbU`?Qj-1dMbbFhe?& ze3{kxHYTKie?PH1P!sI+u>Z~^C*}d#4%Duj7Tn^wm?FmUb7s8U?0!W?=eI%n|G&n<)u!a1)X=9%jH*~$)b~I(_$TeHv z8=`;eNCE;jeA`a5j`bktTe*9HADF5po84_g(-JaW;D6#% z5WsVK&bdf-I|>)0h0A^J*YSFfQWJaDM;&r}%=qlQ%(yu~2faPz?y5xlGhg4k8$?I9 z)+I8WvdQB&SgOA`!+A=GvP!eJ28`GUe?kDf9eTKbLf<#RHXL;NI1OeVuJ~rvjl}Py z>a{2PB{0?6o51IxA`-6;n9T)uv>icpA=J(6BU+bX{nZkm6U(g{eA>7uux5=}Bb3UAX}IYN4Ff4rHqT7q2mME$+JBCiaQ{{=LLZuqt}ohGP${ zFlh4V*v*-2dA$2Sx|4BMbC(mN5=I}y_=mU0yXi$g?Gc@GuRJhsHvfsj{q=!0_5}4; z@h1-d7=F@$?1k{t9WO<;k6NGq=HvqX-8O(hRKNFnIk=PmN=Dguw){1u1v0)AJzpQ* zl%o8*DMb}6O!?+Q1~{nacu4U`H|=ce=i`A4Q1U!-yVM@b$@xT3vR4~BU;1!Xg$Fs| z%?B25J~a>yffcNQ@rP%cgm$fr#<*R;y~0^M2N}3}9FKnPsA#!$U}zOsk&a0#&0mNc zvfN_zFLN5}=kzt&wOGKQZd5e>0gi#SvIa_?!`6`YWF8PS=TO?Yjj{#svG8*O&cMdk zkTg;^Y-){#R>)qd4{*7wmw2Cm6AKLicAP_QO$iG z{>&Fd7n_DsV|raHgsvzaq7x>VYB)_nl?X5VqU7j4*kxxc0JJ89^i6dEOlxX zhW!a?T*CBMx0Oa*^v3$i--VA=UUDT!)dw+O3(O%~WclxHc&ZVpQ|sSrw`(yNKgO*G z$TxZCam2`Y{Fc@f@NVgNQXUCx1{YH@lA`{s1;O?sn+Q=&7tXa>Fw(+b1F) zQNP>rh)9}#tKQ&~(|W3Ly~gP8PaG$(AW596-4;xs%yGliT4=0MQT}jmdG!D)=JKmy z!v0`uKiW@Xq=`MsWl?{w>%Dpa19;QUSU7MhGgeId_hns$RT-OWE;wFaPbG_n_q5#D zS=rEo0p7_3=Mn8ts?F>iUhA>#Zq0r{H4^nf)C7v$EhkRFUln|X*fj*Ur?Xm1l`SN5 zPN>*T0Qo%B`jnjq5iQRvaRm*}stnRRBfb9hWaP_vPaLzd2Vd8IVE&<4OGnm5isa9$wZ<>IH1svzGL&R9f&Jl z=uRtC#D~ttAXA~*Mj_CwH(S^%02f&y6U0(3Y<)1u>O!eMZ5&?`opKvAtx>WES)6d> zY~fj2X2LCJ8qIH@@=o<9zh!^Ce)mbYkw%2DirOuhtpj0G-c_ zhlQ5ntUE^xvOfOpY8u?Ti)Nd4(72`VT=Ht~$?dLQ)8;M&0j5aV8jLW9qK;n$q*jS2%S8K@lf`?h`e+j{h`UFe|NHX3 zM+q5KDM#E@%^!NM75(SWPu9A4H9mWuv+KVv|Fqh&=Hr>1sy^p?OxvJbH)C+}>Y3my zcht9w8vEG!pO+Vv`wu_aI`Z)o?&VzBDKMm9w{7sI!1pyV-!AIsg4F-MylkJ|x2uj2Q+>4eBX)o&kmh}HWOZxq;pNs<`>+yZYhR-Gzfyvb0y^Nh_Tc0@vesKG2 zPL>>Yr_MHT$j?KLLhmYy5WhJviN&``zAd)9gycC+gp0|U)^}rHx_uElj~-xs&3G66 z-q$;;Y+r$>LZu6tC|sDqBPh2Ms&iq3v#II;lSkS>p=|8q0IWB`hu|DZqj+wG>odEnpg`&@r5-h1-O{{siW#a;ja literal 0 HcmV?d00001 diff --git a/img/seatsurfing-screenshot.png b/img/seatsurfing-screenshot.png new file mode 100644 index 0000000000000000000000000000000000000000..3186bacafff3fa0d3adcf7d1ddf6984ebe9fa540 GIT binary patch literal 67560 zcmXt91ymeCwuL}~1c%`6?hxGFT?S`x_uvWcGPt|D2MF%&9^47;5Fq)T-TmhvGd(@k z-BtDOlY3u;ijp)kB0eG%6cng5V^h>k0*hP4({=T2_tn3OESoCaWk3clhBwG6fn5r0@j_iWEv#LR7;rn&{$JUQ&p%<**e%(X)m%35O z1);9fUSV$+Z)cXmKLu_oiKcZMe0uFU<8>^Va+K3U}l;JMN#HeSb-6Na45JFaACq@x&(HVzW(t zV}r`=p?!x2J+z}9LmRnWcR5-Ksy6lZ#_ziPi8FrSa(sL&f+g8KOHP+MK4Ql1MEG`l z%;9f@ZHOhAmY&|bzD~%;&p*4ihVSFC^|<3jtiLRY8@kkJ?NIgCPrDgZeaq@&XlOT=GiJx|^A{X5HHGdYsDI|>vjJj{fGa=-Js_W*u= zVrQ|;82MMj*n?eN~kdj#+(U(8{Hd@+gqt8BNTRiMYWlI>53~qp@S8zJ0?4L>H6Jh z>P+nF>KauOB@EloFTft%AC^0?Q<^g{Fu-$ocyu;>baZsRze9r_N=7(r-KWvL!}a-d zSbjcPQ%lSCKm=x5Mh0j>1~m?;ls~+f-NM51dI3_(%FZ4*I!dQexj1l1rT7K6r|r~o zWbvmPI){P%}$Qp%D=X6B848 zjg7Zo{O86G*rlYURY!2@%tkSi#)}u`mu~f815{~l9-lL^GbQVFf&)Y?Eop{^huMs> z#IYoSS-z?iB8S4n+&lhtCMGY>aPuq>Ip~FjgYD$W28*xF32Wf7tAOC#l$Q@J(teFk!0WaR&k4{{a zl9_Xl-Xhb44}P7Uz(s7cMs|%28_W;@qq8YX8a10)UJk3TXJa(#65u+k(Vz!LK0ZHx z>rA_|<1vz2@0z~habpu)9|Gjy5@W>(*im;;& zdhQYe_9N189EtQ7WmFL2`w5(=-g5;*qKex)?inS4J;}gr(dF1F z>Oay}^Ac^|_|@l+9&9&=gE;4u3#Z?)4vrx?vROKc>i(;NkMu)~xMBCFy`LR_{^DV7 z)pElXc)fvAkIbz(_Z|*~ zum?gRU1zgMUuD$Yr5iHe0ethfk(VGi&9O~?D1}K+rCQ7RFx}F0xyIm1099Mx`Mpcq zUp(0z0GfGXgZ{apoBz1Gt@2a60HOlgz93W~crcRTZN{?ke2JpxeWeldvU|PXi^oUt zcoaH6MU0?3_h!%_aM|q_p+43o^CD5Sm9Mh4t~NG^pSOHD9?pM;ZT$Gs|LFJP+79es zMff7Gwp2{o>si(dye|-afgx|<+Z*Nx`%s>9S(Y)qnYN?%e z<_~ai&cj4swkJ5IB>-ss`uFiG*u@3I-roLcRM|h!@8u!Cv=r{=cgJDiA;STPAaLwJ zXV9)0czfK60}sdMS5|)fvf+;7?d^RvZuAFZZ*Q;l@1K|J0Ze7%;aDOodwWS>Qfmx; zTs`f@f&cz_v$D1AkMqByIQ#h>wYs{x!c8AotiOrcXs|17t~58#|3Q}iFjTPBF)le2 z>f0|eB&0hqU{zOsB*5B<7#SIfy#O;M@OnkT<9$clu*%pXcm-7e4>-y`z%$hOKD$gz zPJ(~7z@derqY&|hQ%J`aeE))Q(Q&JUgo0vvy5!@$JAeSJk^0IDrP3HeZzP z-;1@Z+}xo6R_)7f#N$m>>wVuHffTwM1k=+euL<#cyz(H1yd(CzQzaDkf7jV5k1hD%pb#0$4Ess=a z_y5)jYysYfQMUn>iHYgo17B?XVB_QrPD#POyT3OvHSMEMf$sU|9|8DMP*gMlmNMta zWUI>$>f2(aHh8f@Gc7Gmq+CM`Hy=M%bbXs8fL7h!4fJf!|vqM^3qu2>6{H*e7+B0!Yt<@>a&eT zoPYKOjuQ-hdqFjJs420nN=}`go`(4VKsb-*6IY&SO4F$K&lLb1!6RVPW%k za;iWB)B`D$c3!hC&HplrakkY>(%IQrreT9V(xaB@T=(R4{K7(**i%zr7|ZN?LLjy@9gO_sWPnq1TJWRtV@|5*bON!52;mTL zmzcTs(SQR)B^(yDmH!B=RK49QJE4Fl{G!dL((D%EmxuE(w%E0VVcZ}tVACCpX{P1m zh!v|z;eLQ3pO~KByPH=YZg(%OhztX^v6a28ICo;ND|c?hzdf_j?hfosTEq}+w=ZA7 zzP^O^_UAwtY-MdN+NR%|!DUti7ZnB;1W*PRY;juaY2{P=PyRj)IUxp_z3S`!6G>IS9Kkoo6 z!A2A8S=`ijB0s6n(0T=fvXz7dn zzufE1!EhS)OobMUm4_$Xra4kElRICnJg>X^@AtW};^N}>r8(Xi3c%;mm`cqe`IBXW8}OB| zKFKqpp0KjXGU=A~k)rhPX#FA8tQpudg5#XZYqp&x^C(0#oD>NoG|oXumhDfVZ~h3f zNpyW?fME|1fYEOHK{F=ym57(s1Cf5;-Tw#L5Xy(<4 zy)V85&(@p7pJ&+L0ZAm6B;;%>12T`zKFPGWomju@SzT`#ZL^e!(Nc3d#FOJDEX163 zD+?~Lm-@r;+2#Btfz9Y_dzldZM|wXRG{4#Y`jwy5Ee7I|6o2s3`W4#@%BQxj5mpgg zcYN2bWhxe(F8-}3->m>%je*DF+;hT{2mpPCUo5h^x9R6NQzxxJk z?dn2T9h_&DE79s+#wAs$Vf$IT!#P?6InTZO#4`Dow3=lhsJidb&(j2}1mu^21QP_W zYI-dL9)!#AX%t24x$PJ*BLD+YD;SeW8HLZ_>79Jm+L>z%8(0630MQ?>J9qBPW`bbM zrV}El1?p_aKw4R((!WPWuG7)o@)|e{5ODI9(66tUnTc4nOwoM<7S%*jD8|OJH?KY0 zeKedjHGAaIyPGgyQ-hZ;+MC_;3CTmJk&&YN3lsN;jzZP&N#vJm|7IU~HNS+BDZF)B zCEjw4q8hZZVH#@Uu5k?r(i0Fb5h3_Ljq#>VU$i>dO`(b2-<)ZbcsA>|4na=!aT5p0 z(RG{RJ;FKtp*=RSZ-bww3xE3zY_Z4@QogcA7QmBn485Y&d0g*Fd0S&x>E$%;Mr5fdh%!}L(me+eKd0Eh({}Q*I)-;pXq`~xC+Iv4cQ&$$ z=?K$3`^br_{cwaGW zV1rc^h8DuAdhXt+@i6bEgIRF-i>_vIZZmAeuhX zGOspKtC%LDpmvjl>3+?hrXN}zV4r=i*yN&SjyI~=kSTgdxzu(x9m&_Q;JQqPw0^JW z9OY}!>z=%u%#pmGuGFB{Vo$A&a%t1&=yJiFvmA|&6mtV*-R-VthAWb0K9N@8P1tc0 z-1am%eG@R8j9OyF6N2)cou{t9#1&%#Crwv*!7a%&B0F?e(ux%mw_LHYQsXrg?<_5O zE)PdIUUA9<$JL(lu)6QzkjdGxp0-IN>vl$`${OD;xtr&UgLLG>B(N5*MoAGhE;aiV zDVQ{tJGy^^B@j_q#&r(1#=kTYvva(1)o#gdSAyJziC}~te3?eM4)|gXI9?6fI`S#D zak_?WrqBDF6Fk2P(5P|jXK2&!^o2rK<0+k>->_SHJ&m&Bo5t|he55F#|1E$o%sV82 zzkix+2P3>2NvQ%gCjaY+ zKL)cHR&VXr_`Dc(1OyT_c}?2hcKPD`su?W3Zkq>}ltbQj0g~xc7Uf0o-I1plLdFq( zmRU{}$^p3n}WjzoW0!gsxzg^3||&hWR>LfW1MzyiAP?? zE9};3uz7pP=#&jE3@Jz%`y!7bSMR< zB8-k~g_bv{sxF{a4kp`~4E*O;-9q#kMPss(Gm22nqcE!2z#*3Xr}Ji(&z@XlVXqBKZb8Upe% zxxJkxy!pv;gD8w`&%S$VPb{B*Y^re+AwVlCESv0Z*jVW&ivtfh=vFP`?oApWG zMpGJ&>$13JijE|gF+eimJaX5e7#Zv7t27f&q*O@>8Cu{3@FcsQb{tfW5M;~S2jXY z?ADnB;S~4VbK3|^m0LXF6ltX4k}kf{ZT-E&1~t0pJt+l(F14^-j{PpN)5D}=vRCxdAmLyTXrtB*eFjakOQxR?_3!&ZY0oK-9I+ON;@mA4tB2tnDaK@F3Y;X934R3vhBaxE zco}!?wH<>|)RK5P!NiKIlyhy?UUMiBEcX}HN0$P4Cqm4qEGtY`ccvTy$P)#s>xtvB zP|oSvYcO}*4e{L%-pHicGOnN5nTg`|4hqSQRIq%u?>Scs$ z;Yx(yb+gG2j7mTBcxYG^Z3ad$^Se~TQjB1~(cyj7V8q6pj;0ON>keZZifoua;*AAg zYBQ&v^Ie&KY`>_%Qs#WlaJA(T)nH7IZ&(a^ z2-td%Ji$I8uQMVT!7|p0P-AjDkzkoBhyvvk!Nt;7Dc57xAbLSV1k{0OM_gUTcn;$^ zax{OIVIC&|8d*V&J9F^fFcN+@$*vLbPW`=#^ORQ$;GO3>I!;KLR6{;*J z8xf8QtxUWDcYnrW)wVOkwLQrjH@K?ka{pdoy^XdQZpkB4|{%Z#P22ZJbk z``1f3ay(EZX>*1+cZfC5eTLYPpK`*zWXRVK(Xli^H}P6h2F~=^<5M+j>f^^r)2VkA zqfR4cxrd52teM=*5&LYF+=?+u$?MXfqJe8|WcnmY8Vur{c(gD=D*@9a5pF}X@X>EB zj%g3?zjAM`bEJ;zijzn}?!(_~nmwS@hO$1lx<-R5OUNNbHk1v!PsyAe%>6E6=xeqJ zq+QqcVjr3V@@qc1?9Ry%9Gpn!k~~3+(P+fjgCc5+ima;;*WR&b9b_jLKa$3ntraX= z>5=V@%C@Cbuu1s_ymUD#`y%T_5!uNNU>?cto&5xL6DV+CAM<%+Mw82U72Lxuisb4th%Y6(;o1V6Q4Q zJ>5eS_G@i5!`8eLUE6da;9v+d7$xHB~`c^n|RDdTmqdibYt+(5*w@P zTqgDO>xmnTXHI}mPgJwFEKvB7Hy#d5;3bn^vOblPXFgd}fiQ{5$FMd%f4UUin?{8< zJo&WPIY%q@?()Dkga8fU8mIwKWKL3-Ytx~H`dXy7E)_7u5R9{2MEsK(VFqqyT4Ec|=i7CZVlcOg7s!!0ES=sWEN7WQmKf-6k}z_ss)z(F`efs1QRY;6n-CSRMvNP|5vIh^ zA{)+`BOJsKiCEF8$AVF_4|ro;RUzt?-qm-Z($#+{8q)2w&Md*m-;N z?V3Q_s|l46b|;uXLMw0BH${SD*ZFtbF_4w43(3R5jBcQ->4OlGIgY()Mmq6ebBgzm z3jO+ASy4FQPN)Fg3e-J^*}JTHYBKC9Nt6;cvG-_}wv?ra*$`E6mtIkVV6k&bhLR7> z$7h(4V`t^mPF4v+U2Sc&2whR$a|DHDV(pe1Xp~GQ25U?fE7&0AA_e6^TCrGBgeO`{ zt#o$NqbWa+4EP;pE>e&D(o|j#cixjkkiexCSR66!dUeXp&6TE3{2!C6c^Gv0(yZn( zOnHkK4e6sZju?^IcNCaz%<^J-whF#Np?c)1hOdSXU7_H{(5R97rUHtkb%tEiR&p7NRVsnjLcu2CHpP+p%&Fdd zk`mo$D&Ou`I@bD}gCEhuL9XpQ7vmf;K;ZNt-B6?bZwIlS`nyC4Z^S67Lpnh?Q!pB} zMDWF6+6T4oV%|N}gEA#}d?!?RVB@Oa7#RAxG2L_~1Q&i|b4#4`x>YtYqG+n;L10f~ z&`E=@^dG|;B26&MlUx19-v4U>#<)BYPHu9uh9{l%B-7}mkj<(H9ds}Wcf7?|w7eA{ z;orK#4P}e`Zs1|MTZoD3{h<@Lo0r#$Q~#A%TUuIzpH#qpX+>+sf(T_)*2QGmK#drv zIu70bGM`am>>aZHmhrtJId?qQl@FIU0=vd!Pa2);3*zX9g`Cxx*`Fg)Gd!OKGyrA< z1zC2HU0P$^Ib8uoeD3Q&QaF_+z#~&!oXfTeML?*;%?2v7VW}C$AI#oSbJI=0?BplQ z-|zOZUP<;)?Q_0rhel=O9}sJGz%~tWAO(`D?kSg23YJ#sCqxkG9s`lM?Om5Qh602A zQpb#3@!U73oKWUcyx1m%ma2DqVg2(|<~*or1g^Sb6M~m%k7etbG@KB%By#bQ!ANKx z%~*Ppwj>j*ArnkIFBuepxB*k|4n(XJYNviSe-s0!Xu}jITP(U*7+2}Y4mPFSU00>t zUTgn`jgDxcljrg>(#**<%Wnz#``+jn+DetXg(IK+N4QP-1F?_u@*WGjcV5!8hv!UA z7s;~J%FT#4K`_ZSR4pyxWWBDmoGE6$ZL`IK;$S2CWDH2<5j>q>^=6JwXGc>KtgG3o z8E&u#j9f!K_3{XBgKvQI^q?~#Zc7)o`dWrUF{4A? zRz4ba?8~mTGXogu=Gk{*8=_^Ug$quPPuRW1|GYqKh4^Fl#L7J*zoc%8Hq5oqhCUL3 zWA)c(C{|}lc18@YKq=*DK2}6iSYOR^! zL}$v9rh`j zjR*c-nSqwx(_~JyJs1oP7+4?ErvHR>^FA24zGRN2f4Bbma=9(J?Xk zK(Q0>jvjqa0sVsHqm7!0($RrbAudIb_$p*gBT_0~P8nf4S`G!qV59Hq(sr@nPysbT zgP5SPTUZ;)0f{hxO&9w}-d3M2RiH(vhVV&n@M+9Sg`svS_=PK{Z3uQd_W%w$tDQE* zk9o;TgqnLaV*50UroR|b2R~$@4o0q0Dam^!IL`G_xCJFyt~dS-W!X1eN7ubvLk>&Z z8BbNOQ)kQa_1j(>0xiUhvOO^V$d-#ZI%s5pfOO$JXd&>5-H^J3WL$Y)pV^X5L1TG> z1OtkYCq{8FfzbM(-G&SQ&Seo7Wo+G@DSs%&%H9-)C)TntFF|Qg&l@O1GI(SSsVY*# z5K8*VrA8^-ZWmFrK>_U1>J{_D7k5-Bu{0Tq5&}u2&~8Vrs|3Q#^TtV*e=%=28? zP*Do=thD~_ilgW7aI;duQ2C{B6_mniR36sLAkD?(@DX|OTmxXS2FnM6eR(uw@llD( z-;vE>QVV3Mw#CDP`RYu1jydQu-Yac*TB`-Sz+_;FwQ?S2b<^m*wbl@TwPn1Khn1cW zCFP#VG)-k;s(w+2Yte!bYD#_@bHNo*?&w>bwv`eiWK_gzoUL$1i@jPR1bAbu)g7$PNaHkCrb=a zBh_br&9Cpv7go&Dk1A_oi)h|ASrELa9`$kYz%==xuC5NqFf@0V@ln&gPP*leMP1stz%6AEO>aCGgZP2gNH1kK9o7%f49Byq#>jz*i`flTIkk$v z&k|{rO%KMB%Rgjy<&GcB%+Dv%R)v3hM<$2sMQm*&i3%!jv*Wd(_{@16xsF+*MIW9f zN~6ODFlPgt!okO^6!^G~rZ&-->g;=BCmeQ=rm?-Twcg`%pa=N{_H?NN!-UqIW|g-(dc{YHE1 zX4H)dxI~1`A~5QjF-uMiRw^nbt*@3jxgP4YsWwUv_HxSt4I6_yTRXS4inM=Ln*%3%FDH}LoKQ9s5DW9sz6PlI_iY889cIteJ-7mfg zgg+r0PcYRze{?(F<6^@z{9TO)ZCD?UMdqPYJ};Nx#cN+=JmlOGS{S)eMAu&Y=^N#- z?8Gs~t!e!(_Bdi$r8gcGr1(ZzcUA)AqBajFDFn6HS_-;4Dt)XJ4UuS+3>=&S|D<3GH#>@qP;UR|(H^p4jt?JWVeuOk>$M4UFw2 zas)cs>U(nepbwmpDS{eyg9I3@8Gb_EUzgl@s>uqq=tiPYF$hw3j;+PStdm3NAM|k+ zXT8gceF9~t`Q*?Smtj*p+s+C$zJ3zFq&?s1)hm=%?KBqCCP>6BkG7yhR+nZPaBnV9Sps$~qB@>h8e zzL^NhevDX_Qfn$FXHo_Ma6%v<`{>X(JW&b%_#miAH7*A46c77xhQI+@yYF2VE(`Cw zg;+9-hKNQ|^30XF1e*tA1cJ9fa*6Vl8b6xEsoofZ@((psofn~DyDLFMy1}>fJA`9Q; z+JMEeYRxrBT0cbx!MKg7RQrIQX%*YEM2J6(NdD?mL>tExkWcBE6*GwPiHeZ%6bMwe z>vwh*8HuiuC#!WKFIBzq>}EYlw%u{TUF1e5T*1C{Rs*T70!8-F*O^KkZqSpW* zBhmsF^t)9Ln_0PP3ZV9XtZd!Qy?oJ14Eat#zDHkab#g@5MHvdS^${=)RUOeRE3i#Y zt*^=EyATYVAvQLFP@l+-$JzOiw-N_+t;T;ON{*}>sw%K8)c}hZC z&#mMaJt-RuaNaSSsVQmmpld7h-8qUwa9X$m_U!U@giSLlX^_Ix@7Xj)vjN(97P3zW z{G1iGd$KC{9D(n6zG`{cM<@idhL0mVG3sHvt01t~Qy$~d$qxO59_>%Wu*KhM(_t*o zVH{f61+*6eIWmP3?@Qx*drZILPcOO~05VwWjx^e0awe?z@a%1QT-)c`+_|K)3vu;YKSL_g8^nYEz-GSn`E6)a!n7&9Bfgq2&#p61%0%PK`r9 zV-ViL3B&BF!AGRn+5XFTD%?bT}c z*+7tj*=J!iqA8y)!2qghqHF&dbQW&nOZgkJ^dKD?i|;@$i0BXDBQA^Z=g( zZCG4MMsm*$l05m+a|bN?)#c}zoPEABP&dq$f zPa?O{Mz>Qa_&(x6t)2}`rkY8FVotyCM};aa7_bnRV5ljqizy7W6%*t_v5Zj777*ls z5?+}WJ*_tV@x_IdP_A^j{*Z5d_~@uCpzpl6Z~zqAz-vZEMq>+$4;&mEp1;aVtFAA8 z{pthMV#abGKcXjU4?;@N@x`GyM)S_$5$PQ6*-FsTDVL*wc0Cs(K4Q*?lMTtQ0HMi zivnhnMq2yuN-tDzZcZvTux(8S45aMURd3X9v6=(1nSMjgV43uYOO7=Ycm4@cQx_t) zc|WbTN#K*U)$9v41?z)?-LJMq0p%9Cs%JhgmW$$Tm!AdtSb>{^*%#~THKn~VSIL&N zMA*EsNR?LO_@XulT2eGEx?~x<+{(m6^x^|R76B^OfBGgs#|KDk*4EZcvDh)HapVcXXbO_ws8x`4+PXsnycb=^*N3=n<+ZPLygx(fnl_(lA@J_iMU_hS)d~* z`k+G6W;bPHwF~U{so+S{g&G93rQRiAQ&(bA2_&%Y6RJft8@rfRVU429U>E_Sv?@~! zr;R7RJvaej!d6j*%KgM7@e9~dQv@ct9obsbdR(x;C&c$Zr`aOOf!IAbs0`bkwO{^| zePLnYzZL*oSgq>1>S|;_!ud~J_)lRxD+#EP0B8cF?DchZ#{77ICb>|9K3|1456Eyu z(eeOkrhE#c=-02pfRx^}dfv=PUY$O<02aDyQ%**!#kvU@L3%_TLZGl3#c0@Yrh^pg zC{&ZeLPwwV9ln@T+regPXYZrN&nr--UAi442coL+mkWY6iV~j-6fqdT>sH$A8U~*& zRp22b3{r9?>+0H0M8z6Ai=BknA_({!qbb#dtXTWX z1_Uam+JgQ|Si`-^IBWtRp zdIe{}=X`frB?h?U-$lXVx9lJXl^{tBYk{B&D%r9uEo=rE8*C^*m#Hf&%d|?>uetik zlx-*!8*-(!veseS$Jf-$B~+ocnZ3kr=zVeHlqxG%9@&z1g_5hcimJ4?Zc`U_cs=Gd zGo-kgXgg+Oda7Tf*TBgc;F2Dke5&?~8 z-cY2v5@7#(Uta~Vv9YUsZBjJjN2!~W6f)D&%B;CsncLfc0CIa(=2SKzA%_s>kskGg zsBJ)+{;y|XbJGx*<;wFOvP_q@Xh4E`s!0G=sn$@fN&43~!;!N-<&|Uk6XkmBGe~?O zW!roxcCQE4AMM)ECZ?v68oCVgkZkdcF32`Zs!uV6!zQOpW21Ct@DWDOpWb;@MK-#K z%8T<^uFJZJW*8N>3*pJtW+Tda`#=g}i2E2^&L6teU=B3&00nGr{lpEvRwq;(qgjpp zCU)I~(tQnr9JlC3A*g9r%}_XPR=uh@`F_O%=sq$!b)3uDjwx8GNiozRo0~BSj3gVj zDSPDp9*cX-Ns&)wQnzA|-2fUVC(=dHXZP0bs5hbr;?bf44`W$7BZfT4T!eKy#(~S~ z1@wPp0Kmk=0%}}b@V~ATvHWiUhF3C8P{65uP1H2;{p;z@EMPJM27|2}9ft=7U{MHp zzLCN^ovpAX$x#U$@lN;l^n81(63dT2E7ehEby>5+Pokqj@Fd}8c9BFOHQKxDP-7=0 zZwYGoCLUidr^80gt~B|Ipuwg*3>ULK^Hpe7(x#53rDcf#5kvDP zMSX28DnQZzI@1yJMnHKI3p0IhYKQ&OtbRM~-v$IFD7iYyZ$|aNze?BL3a$<)N)u3B?VQuUHs}H*P z9TK#7p-_b})^~Yn1%6|P%E_)~#1zUYBQX;nMfOAILF2bqQC}3Dh;Xi87ZuzXSfkBY zPPn2pKTDaCjY&i@#_o)YjB3T-goAKUk;x%-8XfdZ;r&GUL4aBsfR>-w=N*)p7ow9b6r+y^EGU(TQg4%gVhp=Kzqx^`JCU!}4^f@##j{2h{M z#}20)^_Mh2t_*ZT*^5ox3ILi50Ef+&(r(1yncqg5{pe=T*kH2EW!V%5B5FnZJgpgB z+Xw-fR8^!B@rpjeY?P|JLSeL4N{I{l37~4^sWGr}pO!1Ek9SVcbwk*l?<^-DYJdHw zgqg2!nQOl*ao?eOp>*!$luN$*-7Hu5!F8Z)&a;6$mO7f07%`I*JA`X4ZzkP-y?rNs z^-w0<(AGvDgwR;>6HArmMo;S&pBQoH?3pSOjc7LIXGftU-JP%O@K%mXdnz2mp z9Bl?T6x}}EC2l(VH zr-?6#q>7`ln-*;CDCFs!dV2lFP2YD($PCQbxQ=jD<5X-L9*AM0>9~DA(EBD63_Azj z_0_D|FJk)BR5LMjyx})Lpvhx713w9WVv>bi07MMkB${dsN14(a%tt;7AbZ`Wxlscf29vOiL9{67y z#lN@?{W|^?YFVjHE!us0;kKiF53BbvNMb5XoOpjjt)NDS5wyo8B!mJ5Xr}?#i(^A8 zN*wq^;8i4#!0s>NWU$xdH-*|**L8$BD09DcR3JoHv27p2_*3+jo2UEp18H z)4W_18A=Z%=@S^3K4M}JH};Xv94BPtxUJoQu%iI0yG!!3=Ivblxxf^u7(8kLjPb+Wz;o|u_iNuLc%XN+RcNY$JnirzW*9N zl|r4|ldl9q6#y*;r_y@o4G<_#Wy%#}SZ^Miz9UJHl327*d&e5HzokNiXeW=BqmgJ{ zlO(A)A0s1AFSDkd0ZBe6YS;`g*5;*n&f=sOhfFtK>J`LfF&7a{} zx`DTL<3xxGE^`p&)9yXSHAy%WqeJ!9F;J8rri=Bf-KuEI5|UK9zRDO6-wMEXp$fxSS;e1a zYJ+s@7Tr1)AxsVN_Bu_>l@-vM>D$R_P)4S>AY)rWs>_B zenAb#S1Vq)PLqV8_h+tHn?tmI^4@QUvWCMxN|2T#n=+LY!Vr`5td7pDxo4t?`)P5E z#~>!(4+pNV5 zL4MyDYecYmE!R5N8xOVseaTWKO~>+W2mVho421X9a&*;!F+OzyS&-_v7&cZ1`xO|n z8%8#n^z7s_7~L*9d0EVZ%xH76(;Fhycr=dJ=t^rWP|{Mdh(OL;Z6+CK0Zmecfuq?VQuhZIIQkRY94S7pbjQ1x@A2$W z;X>A@iH^9dlp6H$qmxvHrJRuvtzT2R^y~5071X#DN9q5s1yJmf(Ss{tu2PQt+7R=5 zVgl)3?i>&R4OAQcHC1>2Tx$!ceS{VZWwkI;jJ4d9 zMcjJzi_)hNwhz?RHG_c*@(#vc%K?&8rS-Zn<#~ERbkqUQDzGXPT(G zOyVBHV~8&aT|oL;jPBhGh27IkzIb>6JkVFzD4^$`+tnombk$LoBuP7o2^j(62SsbR z5ZLZy+t0Ye0htNMjbPPBGt3UBrRUH!0j3hJ{Cms&4rg!ba@C2&Ni#DtibPJ|T!J@J z_|r2aBTY)AU+AB3%y(yO+Vnp_0TrH=0rFbVz30!E;6R)RyC1Qi%03Kd8k=fz3GmlI z5}SXqo;-u{ahBg>$;$bU*(A&3e@}Jd-AvcU7Pq0Gc)+vOq7hGy!-EMzgV8tUna z>K)DpWibjo>ZQfZvj3y$y5q6@qc##Lqm;e(p4r)y5VFY@rIZlaWM^k5qKxdlWzSF{ zg|hc7JDc}>fA9N#KK)VQ@jUnaz0bMMb*^)r905Mj^JOtRvW14+EpbJQp$TR$8Inna zT?d0m&MPx;ix1V0lMf3|UtvCxiVzOj9r17cW;yex`NBf!cIQPt0Hb4d_qBoNuYX8Y z6vSYB%Y|V}n&l>Ag25DdaR6pc1u52DjW!E6>*!k=Mg`QdX^dJ&mBzeA;u8FX@TLp# zxDnua*u|u@Py9zh77k!AUmP%?%sDkeTtKJMBP%@KR?bap?w!#v#F2Xops3CAu(GH&Ei>mJmr!^K@wQ|1LMwE~?z zTz=CZg+J$La?)tn4aI0_S!?u0-R`_|AT(n|B&CE0t%UqP=rj$C%f3k!x{Lo3ZWN2h%_{?c;Bd^x5cGr=5e#Xqe;I0(TgtSp; zQ!k|t27i%ezN1ih&1ULmNu^fqOw-xwS<434k-+rt>A_;Q9=)=~1MJ>@KaC4UGW1;>j%r)-{+U4dk#uf8UWcJ(AO>G#tc4&c+V zna(NZd8Zn2QB7<$@Q67rT?P+;&ELa~B108g@^V#!x3MeJ)ox)I-F~xOw#t8j=Xi#k zjn#vm>u~?%H@>p(5wipoDTQiacqSjyWa=a_Zgepjr?+MKQs zI^~{sq&VBrI14z3OUT^X4k`Z0L_I~Kv1162QTX&gDDm5b`so48Whwj5OrcLFE)zYO zjC|&EG+J}GlJD?Me33a6PiSCAk)wQrc7NaTK8pZ<(uah-fu$#9*YtwEJic-+=4n(# zz+2;H4arSx>62xR*@HeGY15MxeIT${N=ccYFge`hh`*hBS4l}p{@zBu*$HR3K+Tlj zr5~YkmW`i3mi|8cK^*v&`w_^ASsuI$a9RSUqVeC)V#^OYtsP`$;g|U8`-{3EB^W(x zAPFX->wJ{`E(nGNJ1Vp)(ivzuV{!h%hM|ony7q#6!+)FCqHhtxB(<1$lfCG0q{gWGvdGn}YN@(3EFThZ0ls!B!UtkF1#{OW8g=gVwGPyDBNEXVQ z#%8MYTYXbfpM+?|&fd-j2yWX^oim7j&Q^Jo#JWpar1aUcma)&tuIsANWayy!4FWj# z|H^${EWU&JT{;-S#y)p$`1$<_&c&}?!es>1ABMm5nsYd!YT|U)?2LrW%u`_EaH#qt zt6e1)1@UC|L{vSKddBnG(jW561?_*07F!NCv`Zb`h)g{hsHS2}=m%($*0TOdGe;zS zeZZsSW?{jw;Ckh0^gowcV|AgQbKw^b#Vc_$7WcfGZVCHql~G(5QW58T&75GH`9O>R zyZULzwR$nJZ@6j`ZMXY^Sbi>j>A%S5%I(xaqCdrVI>Yy5Z@}YkEw1R8{kf_qzx>cx zuIu=!DcLqHaQcySGLbNI3zN41L%2=qez@ODI$&$awJoG`lacZ1JgEV#Fh)x+O4_xE3h zXm@yc2*1y!Hv8C6HH-Mxty}iT`wrN0<~}gLEnMl36R|roLJo+Yr{nR#)_kes4}N@y zoh419xl-_-@aQWY(1eN!69Wea2S^S?E~0jjtLsRf|L)EXjE&;sM(Z9muo!YbkVS(uwQTfR>;c|p;*{ce4#1(y!EiQC-MCHK1s z$2_;cj#NFRf-62HMyOX{;H%2laP67*cCxLa%lnTB^GB{r)4`jÛnRZq)1T|h(R z+O2BpmtWjS*_+6xZ=*!;djfe_Xn4+Cg%8pduWuS6b5t&)eU-rs5|+c>xXbKXd0*#4 z>1_%pC#MmCNq96TPX4;Ik^A>~|0_4BdO`u|DI-ccH2GO01(DQz=1*k{itW&S0`&vUclV_Weal4 zlf&JbtsX9*PrD61rVNchA!+yNkI3;xuuQwQhE$+RmLHJ#DL$tMH4ATT?f=#;{@$da zrR{7w?roY+xrZg8kGl`)IUHW$_@~(kiC&R$ z(kpK;ItbG6IUF3RabQAWAMyb`zQUOI(VzVu{YET|{r+I-fL`8DUud=Hj;C-1pwcMz z-pxk_ATX^i{$#w4#Al1m$B)Q!>Ky8QZcOYok|{;ep2zT9RyAuCZQLX<_CA>3Us95x zG`az%0&RUhr_YbUgRBjFuAo!6q2#lpR8)=hA#bLy zqLbn1ExT@Yvw>4i0=J>x_O}~E!^Y1EzR8>&8&vefF5%e>I6TIisH1@vrpV?U#{{j{ zVT`#Z?7h(!C3BEF6go?O2;I4aFjZx!`v;U3nVwizLM zao$_BeR}$w@tw;QKYtd#QTj5foBsr>#d$vUx(`F)JF&jkqYAQD#1=bPKqLq@3b&wz zlbfCTc=Flew|Dz+cf-Lr=KgGF1j_MuIpgiu8}??vh(!?Yr+r(ObkM0UrlMwmnbgkZ zqK1F>kV8hY$kW!FWF`T?S)qGicKAIJMJ>;r47!f*S*jhD`6r)jhk4O~Z2zDTys@I+ zMET5X)o5T~Aez3Vx}sugCXBE1PxWM^$9e-9E)i|J;lp><0@*j#>#r&(DAcT#^_Ez) z;ef#kGDx61-3TrPtCJM(!)5dyk-^l_-%muM<4#vm5?(ECqCGh|dEp7c>Zz89<$2D= z_1U@ZSg}79gOq>X_+cPt6tHPylQ~dM0S1oODk*}^;seUvX$M~(0=0(RHY~t40vyR& z7iG>46h~BPrxWcCiBJDbo)Op%7j+=xhYEP#(Mq%}dyRWi$a@AkCpf@Qw(NP0y%>F3 zv-~l+#9{VU{n^QSF-uIl2Q*VRKzYTr)X zs}ERQsN+SpDg5}GOBqqfK?8MN!S4smS^i*dZL|^1X7PFDk`(`fNX%O^g~Dztxj#TG zh{C^Z*b=|a9B=m_(-TN2sqnV$!-uK5Bw*HSw%7zZLs7Ci|az3+1(qKOY3C#f>BFpuO29O(cUNYUl>SbD>IQcVLJv-InU$c}RhMxMF z55cspaNRdVeYQn`Nb2e}{U=C%pC8OZ`n>)=-{12&b15(^$9d*HnB4#ScPPz`7gLcp z{x;7>$wZ=uU2HMs`Qy&dDjz-$j@Asu_bnE78FG^rHcM#CMXTBB=nSb0;|Zqk^?=VF z4Q`g>uQKJDp!2)B72^`r!)47dg;C4H`850VdHs7V~E|X+b1^9qbI>l@($Z&Z#tN+Q|4@2#z=Znfk-L< zpv9+d@L++)rd{K~gSCkUDuj=UnoivdjBAN~*Jn?`k!9R@cp6=~ZxXBA^|Kn2zDd6* zjz^nLsQ#@_MkO}xWc?Sd5JPgWa32E9Y$^n%O^p?T$MT)<3>bol6 zO(i8N9Uk*aRzVCMlrrbC^XnnbgYOqjX3l~6fyb&@FSSS7tE$KaO z=JVdX1n}5Q4q}eS#5V0}rQ-_%8g?$df@bvj%#LTsT#q-qko%4Wc;)i6Y#M?|D zI`*=qMGmz~*WLQs;Q9n3Sovvht)-(kp+m*GjbG8oh-%{Cn+q1kzrW*Qi_liBIXzs3 z&}0$outNcD9h6<|yIB(H!EWbsG}C@>)3K`LM)SG-WeuNDlztD4X_1{3N-uz}rnJ)z zuYtRfBxrI51~fglV$<4P8nw8!SBVg3W zdowIf#QmlP*R+WHva(g^g}l^EZXYcE;?3Ytv55R(VvQFro4B+%P#?p=6c{Qp2}9y6-r!5T zH5iFz-r^Wj6CUdwW5?9$sgfbc@G5n28tQiclN0caLiR+i%hrjQ7*%%Tp|!QOBim3X zO(RJ1w_(pT<@q=9{bpS0mw+sXl*cxiF}=nI2mQnN8p$#20UsfwFbsso*2ZeDK1^}I zNj*DWgc0r(F$b)@Ngo-I^q3y~9-jH3t#K3NPe5-&F>f)bbN$7 zPbV8`E?v5WPA*Ux0s`W`U}Xh`2E1|H$k{0f;UuiAtlT0Rv*pgKdZ_oez3{bWI*7{t zPv!7E67g?1HH)bp8-aYDmll1qSzV1V;4Si?k@AN`s0|2e zCu%W!jAGXgu8pxp>HplWpkW5c934lvq(}9Xv0ct4R`s|1_!4_RWcB+Q^9Eno{Km-V z)~(9TItd{)jJNIrmB^El--I!Ow@oRR|9(&X$V*VRa~OX8Tl2wUT9l_W`h#vXpXc-? zOboz8g)Bv!)=x&O2;?p!i#haogYphO8=zmH4X81i0gXWrwhRzc(nxP7^_jyJhW|VB#_!2s*Fv@dy;)yMhR)$koYO$@_woJk@y{cC^OaR|`ifZOLBz9Sb3= zpE_RyuRs$H#&tYvyVCPud3RjEr>vDHvGE%gxlgYM6s8vbpodw@bT^HmRZ5#tA2*0 zxY=l8ixjGe_J8v1_q4<#{Sll5(*p>E$Q}>u!*DQMfAyLMAutCq9EDX7)`WIJpsaIV zEwLM~Gq4~eD524A2Oq2)eG|vWnF2T<(O6nuE)5an?dNkF7`waaN7u;r>C>kHy~Nc_ z=i%YuhwB=G(cl(_@gL$^ckQ}ix%v=H;x1a?mmPx|$&NUQd`TBU_vhOUCqj9o%?e#D1;d z$gCRnwGLz`{a2$+0-1r(mj`1Ef0@ufMdc4yBgrYjQRBgl+GBd_qViu)X2nBY?R$WSZqE{+kQHbYz9Gll(PU|p%gA>W=6-`bnJLUNF5tWlJkS? zL8(DSlhP$Vy($V8=Mdo+7}?T~s4W|>IPSg}58!wXIx)ff`)RYk_uT%Kr$r3cF9<)5 zPZq!dR=}Pb7x{X!NpIrSAAEh*iM$Yz6PwI_3z7ZNpXynYb$7Cf(|^@qF(-jzTWH!q ziG1+7W7z~GBtnadiVXH_mF^}|cOmQ^8bKv$*_SFM=DE-R;?M6uFy@>6)#qLH({mh- zHgK5^PBs_xP2E_asr6JTszPwALiN^2`?B`cTL8=X$cQt-W^vbOa7LL4G5zcSynCfsGDB-G!SVJsqAbEi$ID-`S;QKVj! zSA7@4kFUvo&2l4u{Ro+ysj8}muP67--z{vr;>5>?b$2&k;L63qrZ=p_yacqxi3^V2 zl#3#IbQ*OREv#bgwajnLy7kOp75Zq;9!18-UXR4|bDFuKDTiU8q6M16p#npH;EC@; z;U;#nGsq(?2D}5hXc(wEfQP}{-v08rbLSAlLhHF92M&ZSTbfF@l-AaZjj9Qe{>Y_% zqxI4zinEAWLN%t7v-7lWvAb?Kxn1ScByuP4dE@=GCWwko6bpF9SE1x@*d2-xKu`7I z(UAkVB|m{IfdX!D=l*_;R~20TdzxESRU%aP)Ya97a&9_5IqYUj(;;~Fn}LHV2|REg ze5C}r8?}Vf1;}!Arn`Cih8ZY!!3#-suI~!cs!Q$atWub{FJ}P+tHjF(i^-8WT;ZRY zB_2RDjMTeb2czZ^NICWEUh8euO(#zg)B#*x6|4a$5DMMBX((018=*p-jZHgdmfnhv zGXL|tGD7jXGIQCQ>2^Q!k;L0G?ZGL8o8p)ilT}%br-e+MU zLe3?MTsdcn4Wbcc`5;p9d03;MJN|Z&BmM&?1GYSUz~vweOlJJ=Ir!;<9Gn$bD@4YB z7xFaR8yp`gAaP6n=pe6n8Ox7YfI*O){*D};FZO30kXPio)onK{rtGyz^)>dn{cRi| zT6Z5lYm>39WmXvX2x>?>!Ef>{Ja>_^KJR@%Fs`njgeGIVf6?NKiNI}N)x3+2f6g^_ zaWoU#HRk1ABr|noc$=Jju0-Ubys)tFMJ*0tX{#&~bu$I6)^iP(|F+BIryT-P37!#c z^gXA>t$ji|eVh62*XKUsj}^eL@24L)HQ#29U7^s^)5~M-%jA16^IAyn9phPPz^en* zjH?m6iVwc_TnfJw@J8;~PPzGo>IcCXitMs4vU>D9F`-RSU6-VO!;P8(P~rOT*TYRf z=9m}@Uz2f1s|H3!UV$lT2F6QVT2~Cjt;5mT1mrXgMvn|4&nChRxP#C)qjo+f|Ev9=qyv_P3xe#yn-x0=OgFcUclND# z244Rj0}YC*k&zOMa|o?ePq_bQ-D(O?5% zB@*$aXu9M$<6D6;h09uMGr$Pk0J6(O+yNe2%FDbwP9YH?bC?BiosAIv&qo#pbj83# z_FUW_S+0m^hLzP-plc`GS9wr<2T{X1cv?b)ok+#=mG#^6&SGU3C0sY?kryjmC(9Qv z^upSPOX)}ye+Z$jiutz`ao6Rn#EpIhqUq1(m@dbF>SjJB+qIJD8~dU*Rp^FdONyU4 zMiw(COKSAPazhzc+z{Rr3BFk(-QobM#7IFF%Yz@dd)Mv!iZzXV@9`>rf3Fxgp(dTC z&yxm-TSw3^hp@&ogQe#1dy8E5KVFi8xv-(!`wp_gxVhRxT)*@%Lpg2L-blBpKg70q z%gRk4s9^EhkZu7=j7})XvM>f9PowTcCv>om7et%ngeZ0Q2m3q^2NCyqB}5T@Ld3=b zV(vipnAKI!l$_NFkXa|d@F=gf`!C5380sWC zL`7*D8io*1iLl$!zbiAvbL==f14+VvTxtuE_e;nHvyer2IJr1WpPfkqEoJ=tt8mRs zD3?lwJA0$lpZi(#Xsk?Y22uls{qiO>@sWn!BMx|L1Fs(MMknQdZF{j#Um=Z{g#BzHV}L!?>z^Tf z9?#Q-WQW5%U6zxkm6gZbMpgJQfU#lsEDS z&!ek|9+;bIY6LOe%*MkVF)XU~gKDDFZ*7Y-xj(`=%N%^feXrs|cAB>YCl?ng4SIT1 z3=#sJBqB1DqS8xCuRt}Ct8)<|160V0@Oj|du0-4dMgM=F1kCcGve7Nz?I{BRqTlsC z$*Zb~yaYA>2=VdFPmd1_O3X3UC6<}vb9v#{z(rMpRs<=pan6vkNHVf4j+8ldO>vzG zf$EB#mAWXb&EFqpCEC(&hQWM*zFv9-$4ogzk+~j)IXN$%j;`!EJ3F7YTy0fmdl!IsV0df_DSv3LDu&7p)Zb=%{8uoC zf?(eDRv*J-_;?AA7#06*G|tw|_g%QKE1Su1cqgoq7R#|T$XAi^L;c=T9Y-6B4TVL! zc5d9EM`&TKF<~bR8L|C&nL{=wrY@)cbv!XEO>QEy+G#yjov`wcMy_ zN+$o%T3g-eRyNz62F~0A)il-N-eQi+^@ESBj;}(j%#&py!)qXS=eYJcXIXvnk9#Vo znz0$~4scA+(a^T02zH~e#y`U+-`|aG`i~t)cNLmeiW(YGL(6Zjr`%>|B@W5)uIBwT z%{Tz(>Pi#tE!>A<*R(h_oo)}l?AtgxELz15DoY_%|8<8k8tTZLygYf}JX~!CUJJ%{ z=d?vWbep!XnWJ@;f8F~aS|yu=Cb^%w{?6QM7Wv?Q?04=vW5>}G1eK32tS0r%U*5Fv zlw69&%&<0G@wOsXwDPmGHn`ljNQrq3`%zBsqR7X-i@l{D9C*waPkOaH68}k?oSS}l z6==@jFJ!N$8Q0@Twi-Eu-^92Z!+RLx>x$&sH)7AEZZf%|{bSK1b?b2US9uJkv+>+J zPrUnyOP$6KlZ#@V#MfTa$o?Ej$V$CYZKIMsh*{eQv37ZRxq0zsh9(rw*sqBOY${4j zZF)X?)Ev~G>*~f8{Atggc^v9g!c>AIjmxpkokW_fo}Iuvhb5=Q^n=)jhx|dvt54r< z^jxm1u0I~yEyjO$p^EHSG}=Zd>1t1bR&Z-hL4i&~drV^vXrXyEUuT~;+ImilMJjuI zHz_r#^P^fa@FWOhgQ~O=JArMUl;aIHPQn)-HCp!g_;}w%1uw5%Dg3?L_v(+Q9F-N7 zY|3H;7%DZKhHiK=U3r4rh()T4-Er{JNYD&as}F=iOMDErTJY8nepN*{NfhQqg0+($ zlP_Ph{CaH0O+jgeP(Nca>RWs4xO zyWp>Ich+{c_v=%3ODVKpXp+t)-12T_%d?kG)aR8s@HFk#UD$RbF{o|iBOtLhn@HGt z5f~=d9MiTZ?gLjvG-R)%GMn6k=cf$qz^a~+`wkSz& zU8#(Ac5--E?%VFtb1pFPWu1@qV?3+Ym-)I+E;Zv2Tur?az_{6_E3FjYeL$rdTo-Nb zLHpU-kv@B};umA|t2({(cY6Bz`5!Lpa#a+$T3Z^DT9&@KXli_*!iqN^6z}+!?Jf7l7TlLyuc3-X5cm5oEc397@-=)GUH};8JazZ6~pZirY?9UwV z%U9c|76oqh698Tf7tY#C=6$_+wD9tY@=Fc@EMc`wEe^@;FV|mn&F&{R9Z*rbj5*wE zFrjfVC1$qz$CMQ1m=X7KNV6htG4F-%k-2TK(?jP5cf+UW?#d@-z zeMzETSfSbLap2{7Nr+1XA7K{6Z&pUZGSXq(xVKF6Gp-~LF*7@^q0@f+t#`7y=gPl7 z{zuZ3sT*BjrAT zGn+Lvk#NC!C1@DjeBnvW%RjF-y8QBS2#L3iivszjq#|I51{$=J%}^p0(DMoAEE$Vu zcG`*4Snz%(e(z~}nN32)eG_9x=hMx9J7Is)(<4Yq8zdJVq!ZpN|KSigyCF7InIe15 zg`VNGVOC6~fF=6&`?4}(5)zWUM5V$68zIWej|O%brmx!G=1ZWvYn=Rs^Bd#u7J_D0 z=S-&MW?OQcJH6ZjCi8u-$}2L<@e(8F=3NIEb6zpOP8Y3{{X${m*`R5?CK0LfegEDE zZ2D^#8M@r(Jo_|lndtAYl9aDPc!2E)iE1rxlO47A-l)ElkWUNZ9=7=wy?xyhihCo; zfhGpE2lv<%O9ZuYiDAwzd&b-f2r8j&-1TcY?a7QbBz2{_mYiBJT)XDDvBvyg(Q>4u+uQzmtoD< z>V0%kpF}d1ayPFF`zp7+F+*tP_Nun;=Zd(^EM5;@Y))+I%hzZJomH@t_xJi2=Daj$ zU3)9DU9m1lb%pT~{o;P?`83KgiH0U}>!g3LH$knI6ia_9rte-=mQzsCJfTV>Z|%P1 zNotUF+4t$-E7@OE*dEXf$VnLWKD_f+R7*%nKhTxd{B4UK!Fk~j?-}1DKMuN6)$_Nq zN~a#??JSPHkMkiqkqXJo-;3^RyYJ=cE&>TW#8tANG^51`ocO=~bPIu~!Q|AY7QYJooFlaH!+WmE`x?X2?-ryA(c{6t4w6G%aa3F{JVNBny%E@Y^v)Vk? zn8%C1og?@uoU+52`qpBqg2e=9clzFgrL4_jiOdb<$Zma~`J z{rycG8!3xB+gxX}$n{+;ybZo`2S0^@hMt!m+H6s zSIK-cdM*W)THpXP@>rI|=*hK>{fXHn;t-pe+ZP%i&Q+=^W6EdVy+swG7E~pZ`O~_RvW=#*oKaVodxBhqU8I=rim3V_)1B#Z?4s{6tUpo zTRs0ZbL)z)p9p1NieoKx>&y*jTTPtXhu7t!Kc}*__!H96Dze7j@-m@uJl&}S>{`fE z_8}r^Yx%#A-NdINZx^TX(gwxjzQC7V8Qc&zq({(F;w}CQ9|V{hfA}M^rj3 z+F#~;h83qxMX}?r0trc}$(upukFW)Fhg}MkInriS__%7XWIbXWueg@H&>85v{vrjV zQtN?j>S}BMNaT_rOItQuBDbBd9((ZX*K0RSHs<<5==20X#q|vlQ>569bPI%}IA|Z= zxySA&-Gjp$WYOHcNb)*mFOOq1mglNQtnhL_RoPRk$9_0+xZT$@^=?`<_INywIn9fE z-+D!udj5rc9VS)bRX_an@HG|&67JsCv05oi{7(Vc-3q!@pImVs9IU>TDSrKwYptA6 z?!BrLyScrE{l&li%<@|_EBAN=sfN1Gef~w57QDf2axuo}V@SQvS8S8H5E`PYn-UVAqo9B&5Pmaux#1L+X1n%sHv* z*|0?<%SnFe5C+saIXN%>e9fz!p%?Jfu*6_hF1U^BVV@eYohilW3uVI~c8*%r^Cn6m z@<}*YEZ0?NnVE;*Q5p1{?|szQMI18l0duaByb-6==;K~*xe{$Np8r=|W=Yr8ySSK} zSBC>zxZgRQh`AAv_TIAQqo|u&i?6zPr%kcNN92{*K<&R3!G|WwcP2$4At(eBTDZEB zXQwz`Tv=Tauy@7aYdRJLYScbYV>p3yUDE$Uu83&VkN9N?*L%vzf#(IsF>mU;DB58O z{J`9)`!`os_NQ*ro$|LC=d5Njm}r-&nV8dqw7smKCDXeFtS{_!cGJfY^U?IWjVdG@ z?2L(hd|T}$#wo{YEwL+AI}Bx}aW?(nGC#wPtf2WQf5)_9d~W7XD5k9hlQ1}0->Gxm zvSKEd`&?!5{Jdbu&ECar6*>l+dyj0c`w>rHQ4TN^(+cl=HZaYz8MAcN608e9|28-|l9duwj8 zQ?U=UD~R`DX%P=KZa)7?&PVW%2NQoxIqe?WZS4n`URbW{8x# zYh)CrMC*pFtE*eH-gvaJopweI)v@dTbnw7ee8opoDj%a@hWS;8<;ub35P3Z(iJJFC zKNgeKhuz=4d&eW#<~c8z`llPSyq+-EgPy2X{!C)TXqe@K#6DSoo{PE0;|HWc7C7e2 zKa^Zds+(iJEMTND$zmq?(Ctn*7k+V6AJuC6b$Mn%%P6SWL4AM5Bjqf))s!6?vDmyE zbpyiM32U{yTc>?+Ifa+z`86#YhK7bXMVJ_13!$7yBA07TcO#JxzvouANThEJcSHu| z+`^Exx-pqHR=u-L5Pe+xV8Ul!+k{?vjpT?)joOxIwvygDi#Jbd-vs3<&RaL*Tb;ZO zOufxqV%LmW2=y_ee2!;T z{+2Q>-F0|rXoaY6(2A43rb$lCNkPp_Okp@I%I=a+d{Y2?NyMm$o1g;BMkNjLrzk; zI(Y#S+zbhd*ZGQ~8zj4YNhhzO{uo`9PiQf;Y+FIvU})bj$Gm~#WWqR z4O3Y%G*^iGz~1})wSorLiDCLq=vw$*S^=ys*FH|abiFRxRar*;t(4}?kt3q$&#TVn=sc>$ekUIN(3iwY{%&m?J;Zr(hfmzQ^~{_|zVrF%7RaLTfhuWT?7RcjoAatBGRtd}dy zTd1K=^&+QBy;X62o-@k`jf4GnkT*oj6ssKc00tto)CRhyG6mBCFDg%=O zXb;r}Xs0YeEND<;Zy|eR0mFMpR=KfJqJ^C-`ivInUzN|)K(zqDJ_2GjNZz0v9vB|Z zKFt33h_m4rT;;qwPr*{-S>pjKqy%&av#ODJ4CWnBKM%G=!5%4yCn|KG0wm4`u&C11D$xb`>8fwylAOqALu;}$ZbZ%j<(%lvF=ZoKTlNw<`)Z3JHTsrRy zecL7W)ADaVh9FKCep3#R!H6FN<}ZD~B;BJ>j+N%p1na{aq}+;J=`18APrU4FZ%+u$ z2II+maoVb?Uk7xj!##yf%ov!dl`H#6ZX(M17t72x^JUh+SJX|9%RF6EEUz5OB=#*v z-)6oX)}hlkETqO9tL$tR-~{NiBk665yCeAn|NOE?CJKvx+RWK_N0BiEHlblOBYwKG z6BH7@po=pHg)y9oCPBqa+fmeT0=ek)PkpnFwY37`bi)RBVWhr;Av#5=URTLT)UiYx z^^jr)x;=2mjZwE0)H~3`3WHaL{e5lx_~(#LDAjF&0;3uF1Hnku3EctLDPP>XK!~Hw zbEp9a@;WzIhS%n7@?&UdCOwR|^=b9^$D&=(pmriH@69mM>1@!4%I-b|`Qttk0Y^p> zj`^IO&osCN~RKKj)+Q`XC?oo7qT$&r7(sD^a_x6V|wt9|PO z!x`N5k{ymw)5M=rDM+1bW%Vty%DfE6BxP!?~V>zvZp! zuc|<7nuNt$DP_ZZT}rCZ&ragqE!KCM(oP~?n8%ne*@WCeh_eq#RBrZge#mr8s>Wbw z;o|w}szMtOVxJ`xSHbW4jFY}*tp?LLS10UyJjurMs}GF4smXT0X|{F=h`i zGt<>&0k$5kV}#KocvjV$$7-JgpZ(vazsgFIpFe*--d+PKA!H@agjukJF&O$hZ~}okr$ilC@c2eFKI%yTU(Q#*;U{>I8J_TkP6;%U&_)Ay zAOh6aMGYC~OU^k4Hm;)Vg(!1<6K4_-wb6R4381bV9Ig)0##842ihjwozP7BkAs#&v zF!7E5)t-g>5~%quIv?t!J2+pzepR8}nx#7vLqCbuGNK$91G_c~+#!~~KuLnSr4X=Yf7=${qgQ)C)nRW#M*e3dR1S>TGQf?0y z__Fo*m}s>qYs9E=Diab*_i!mmw-0~Cc~$i#L^ejb*V(i7wCKkuJ6rfSXQnyf%bEdY zOVE|OE#_w|om~{Q7x$=yb$RUAo#kRkDqS?!(siCsIjR=<1y^M|HG;ETLkYWb6~83u zFza7Sm$ne^7u)r+d3iT-{sDiR^29MOM*&d!c`F`pCw7Li&ETv^q6tcjL#} zbNp=HtF({DPP2HQTZ#u=1|HZ88i4w~`;hkS50|rHNnt!voW}*RKl)+^yD;Ha@FF#( z&q1OOC}S?c$WZNKioXwZV%wor5s8jvdD;m#pxaqkUZ()cf*mn0f@3!hC_45}+YzX^Ko4$v>3nNKw91d}w>!9p^- z0h?>k22$Z~0GbPS8>0S}B(47BDeQA4HUm9o9Hrs2XMF!DeIZorg9zFPb#~w=HZw&@ zrcAr?}? zz(|Sfrsbc*+`PP2BwK?Sr;(}%Kyqlv({(Od2`PV!od)i48}Q3)l*8j8iMFzG8`oUM zKk{s4%Ipb}G7BkpvWT6{?)0{!82=^dIxc$tpgh=szOE$*0#QE=T9yBe z7=n}m9-yAFGO$7Fw)$WVLWZ(hYM5QazyNelD7Y+yP9q5Ifjpc>Vjz(A{wxe^m zM*u|L0G33{N+BCfBRL5GiEQgc6951xME{hwg|`9FAp*vBGN85V@z3+s#Kd{u^(IJ* zrS{W|BQK`i0QpVdr#m7?h_L?T-zc&PgfYoqwVz9ca-CcBx;(S2g7)6jz9A%%mv}|x z;(xaco4;a?XM${jQZVH*<5kWH!S`$NjoCRztL(8R-X<`eC)0HUs{)7Q`8Oru{<~3! zgJT`z35O|Km;JHcMSi$RlsB>`q{DZ!EArAScYdA;j8pX`z76^>fpR%=-~4m&L+fPo z?+cudJCTapC);!^pzcXuB3O*0m)Z(vD!Ts)T0!W_fHR+fpr9Y*CEPygBW@JK(a;Tm z2?coSv~sV3Xcq&6NP3?hw)}QC@4_zcHX$|Wi_yn^MS&d9H{=UUP3OaJZrcm-Qm%74 zlMd86IyzGTV1icb_Q%(~gKzw;IR_U52@%i(2xI$sFFBkIo#UQzv?~q||N2F-^hbGs zX|(E!e7NbmnP zDKYoe5Ow)sp$L5dor@ug@?2y`iHfnzPvX}1w4z~QKyAtt!!9>N|t& zAVMyAIw~?|-$qcvt$MzitGJ#R8r)T+mnaE?Nh*3aPCmj)*mG6WLgBH$nu@Sy3bT>2 z1V(#X(L4hhpn(CjRuD@C!+D==_C2@%sp;s3&i?T2uqcf>w*z+NOFJ}H)9r5Cb<3aZ z-eys6-|^dUIzDqf}QgzGH9 z+OKk47|UQcRDwFHgSn$P^82z7P)3gnKkq7ICKWG3c>}c#ixzgzf z9=uR}@JaM#epy^-FP3g;$r`I!8jJm^hE}xO$T5t==zw1UhhXzBL)`emqjdjR<=csb zl3%H2&a-%vvA#6sEmn+BJsvSgqBp~uzN@B27nJtm_=6*UfqJq$=aYCQjN4)f5((%@1;+UD*rkYn=ceC%ODJWXCZ1Fn}efr4JPX~YBc)=DOwEd6fW#Gx;JiqutNs?2c-_2%77|lt+5+7OIMWr7 z7!vFT4v)jIEl9Yo{ikTV`14mWioq1Vum-q>~< z9i$*o$^BO$YItv5l>~UluXfdTs6bBQT_^Y~7=bLZR!5ag_Wpe)40EUzN6M@(A=MJV z7N`-9)|=>{BEUidJXBR73aF$2YomU{j*RDC02K0`8!fo|>u0CWK#+reQ{}K}8>sh5 z$-TF}yh$Yz$BVU-Q&Wq0OTCI6qEa&a)?7yUS$Xtpin>dmhy;6Ptv*NyZYXLdGs&Ub3+BMMgJqhq4*Oo7YIA_oXx>dtbUXlLUXVgz z<2nMsVPt%IeP;#b-&%*8PMyc#W1{lu6h<4#prr^A644Mys7hV!T1v@l0{U0P_^kV! zd5l42wGXHZ8^|2csiLZK|76|AjIr4fO_{VmivY`|g(r#qmE*9QYTk_<1z?j%X5~640mnKidz0BJAAG;(e_clD)yv zl;n6HkXOwyWwIdsi-BM4!^=}`odL>pDJBkx4 zc{&FtGP+~HOOTRkf@&rOK_-NxPSR<7^sj0R0#jaW(H5^I_21ldx<{xa*>`E9%h`{G zGt6q|K?vqT>`gm5g$qHB2C5X?y-$s!Xc*@MbX;u%M;l^aIjgty0x6mWnA8|l*l5zPUGJh#_P6oK4h>R6*8~87c^~YPiD;`frZ$ZTlQ%uN) z5$5W#u{Cc`Euy>x{|AI3?dKtgS{pD{j0dIO%E`b7m_Y`9fP|FVJJ%Hk_!;6=K9rU! zHzcD_;xTzdi!|&oTm;j3AhZ0hRPE(!3Wq8-o?dK!<007I0cpDrqu!w)DpuHCJYa6j z&c+3aIMNQo1Qb?q092@F$JFl*kX=4g(-u+^Mh zpu1v4j^TLEQ1|-#<1Qom_7pBQ4b|tbE|>Gh{1mb79@{cmIoLW<1qa9g>@cagWvw%l z58~kFAw@H$!j|gDoqKCg$ik?~GIP1d8?Q0J^iJKBvbR~JQAz;m4#maamjs_D5a!q8 z@AgzMGuvrs5j&R%_U^ci7iH|WbGoFl$lu^roxSAm-(u!APXZr95MyWI$1N5iOT)ZC z#(BY9AC*v5&kriuIPb9EKN+_t;@wpbxQg-c&Op$V-o#GBkKV--ISHo&`z*z}n6FHk z(t(jid|YC`h*&Q%h>r-XT}7Ngh3zDk~ zBqF+bDcqfVQpF3ZHbX^WlDiIGVpRH?(7x<3kGJW=xM+jx7a}(sqjLK~qMGQr)PKff z9S_Twh18;~_ZWO9E~_X7>AoyE@0WQ7Bv8Jr3$NdVZmm*L$J+uurK0!T%8mmh*qz;N z{-$iYyrwHAD|bmhzW#zA+=fYpxndN5|GUF>=S%hTgUeG5tf$^?{XaQAo?ptE+y8Q! z($-UBT6E2@%;5FBr8054b(w$LRa^`4EMAJ^8j?uK5uV5E>Dn~XjWkGicXxMp zNOvnpw{&-RN`ruibcd9HAf1BJCH2jDzU%dezXZ>jJ+t5Q{%6pU$TN;uR{{IAV6t`3g8y3~I>ILbQMjEc`RB;E+Q`q4A8 zufC8x<6~~w&cUxKemup=M~IxTF@PH>Een1Y28zuY<#Npku}b;Ve>dFNsHgw%S7j9I zs}VFWB1Q|C*^D|&TDV)dWuy!>J@$5WZbEmXcOBANy`IEOXswB8NoE+Z=Jq#6g477j zcvCe(Pc=952KLAAH;)cyaFa%(Vk%lRkyHMrw}g)$<&Ou;5lRUBz$t`2o0_=h-9OXxi-S>T;TH}FqGJXqkujy~dk z1{@+=7(sWipec0&{2A5uj;e3boKB=5m9hX`avfL1!}WElKzIxltRnLqsUBL?-W!!D zE;*e;n1%$=NiNgu6{W6j<}qvQv05s^#?AokzJQgvn4(%T);7tk)aJohL{vX`((J#v zk(-Yug7@8pP9GTAQlcu9d41F?G7!F^gl5g&%26f5%t`&KdL@m`SBYQeY+o$$Xthbh zQp<9X-ggPttBj^Srwh3cH^<@PLc`|WE|Eoa zo%T(&*F~TppSi-Pip>c%pA}e)nkGV;+z8hMC{@kU`x>p@?K6J7Gwy$r!i`7Tjb#~# zCbpc(;fQL{z48a>ouj@#WD42%inXs8{pkNK`CKpR0hb>Ugbxk`ZgF~9Vu{%v&(O+tD|JQ_ng9HH8pGGVv)(f0D0~#HrHFvuBqJT+liLLQa^4Wjyu)_^U$}}V z|KPu+#iOG*Ctqm#LeODXBGd3V+BT|mu!E&F=jca`(}KUdB{W<&(#oC>gzZG51eqC{ zoQGvJczP)AhjlQgI#S^A#(ZA!A{qv=rb_AZfaP@bTZY%dazfuFOAF+vu{8{mT_|*s z#~6S2jMtTssOZ?ls)}L^6tbsWyjG4k}$HZoZ@So{8)~W?Xp~n!sV}6VFES~47;HEB3 z83KIt06ZveZf+iYE1TZ&9GUS$P|%o{{QJeayLhE80oNQ49T4dQ#Q~%%`Tx`$0EhjT zu?)204$fbQB>bv{m`)8G0>2A^A`j`(!G#vI(M`Z7V4Y@YUY;5ALJn?rpnXk|)W!5R zHk3-Ax83@%CUGkA?f$S&kA_=&(cvSkzJq)wasLFPUZ(Sf6Jrdz8d#+RnUf>`Ed8`Ae-&l8Wuw?Ot!~DCQ{mfZVbIr}wN7Xh!=Rwp@mJJ4K)IS+ z{5UQb`3%;eS!{1OvyRQQ)2-c1U)$#bYEI;}iJIQeowMJHh;3?1z4=K&B+XhqHj8|LC?`D}N=eAX*}>xTBEh>QY5uQ$T6yLk@zZk-3N{hIr^df4Ig zLOZ4k^$8MmA122YdYiY3N5_^_08i{>HX>0eRD`opTnHXBB;Llz$jDq?J7EFZ;-!Qs zUx}Jt=7=A}?gI;LuepM1C@fIb zF^3bIfuyFBWKQ&JZhbzY6HSF_!XK=)SF+}Bj@bhQUwDzQO6FwsD91d;F3oC&R0YOX zG4eM1nUv*N(6N~nji4X@(V%62$>8PVL(Fmk60=JtsC-Q$JmTT83vD^SbX}QNC~s>% zG&C4_gnyz0>?|$2223xED(}jU(Z&m?-ovO?&esra;+oIZfu{&4YJeKKWDa1cMGtX!^VDst`UISyB}J!Iy67-EBr^ooLh{=`@j{2hDVUmBn2JI^VdLuF z{QlR}g{l$NycuFjSH!yU1saw$bVFf!)!$6M3U4a@@Jlt%!7CG7Q-yiIZJm1R2{$8O zR?T|u!0dE21xHQs!7^2uEzh;y?e3yO<b6Y1eu&YYpVEgm%&s>xYu zWNw#oI)!e`6V->D5Y%ONdarkao+MB{zlZ=G93#JWjE*) zn?5dKXJTqMk^0!WL^fKzk1;XGdnz(>@sB2l%=XtFCMJ562GE41c!Q9= zjs)1;J~=BJee~!zerXcPq*V0W)Z>aDM2&$RROlk|hW?=$ZB#)!mcNM&Ne869b-iXyQZ3Sq^8rc$r^>Ky!-{f7F_-=c#E{k~Kxu<31Inaofx-Cj=e)m1-QzJN@7dJX6)W_%Wbj!E ze9gZ*{{$`}E2>UvVrz}Lg_*Gf3l1!_Xd!BX?1d`$U}fGgAK`k%EQDdx?Riau?GzFI z^G-)cM;!y|p>Te;{CRTk-Un?)9qIVH87|=6w6c=EPd$$oVEGG3vAyq1mE*f70MjJb z4!jVf!;Z#%+SgZ0{&rhaLjVc~cqJyuQ)|DY-h;8eCl*(^n_(kMtZkPT(8IJRcd?T` z**Wh>`AhX)p8-bIKpA*V92`9owqmf&=w36}B6JlyCF2|M8%H0wqCkDy;RpP(VtN82 zqNsDFnN_S+4)7v{r!XyKca7iRV95jJk2wJXz_GXZ6Xvip=wD?c9UqQ72EkQ&kRaY0 zqo0kD`6mwToR_Gl*lipwTq&~O*CQ@}n33xw<5!4jAb%FgYn6uO>|D}W4Zq%_>B&3>V}&ccyEKc!>oQ3r^jv5=edu zxjWv#v)@xVnPDl|==w9xoTe69odu7_AoD;03mypglH|?RN%05vP90fDumy6Gn1Dbu zhz!!!)uqHmE(T;0#1Kfy2kzpKw~4nm5BN@4u|w)wT46v<0ufLEb_LSzg19jtY>EmA z3F%#E|MW?v^XM-~1rrg0-x&e|(_-)scXoE0H&kBj)tTX zeUzpIIwXmJ01+Uf0vSF)wEz(df=vNHO^A{S^jrf21HaiRPg74+LKQDk^x4)m>eJ9SLE5RC18-(lpBvmktskh&vbvk{~QDVB{IU zWZr?HvdYppC3F+vku!R`5-ONVG33zatYUVG^b7(RT9|vN0)!1^1x@xj>>@be^)%WO zR*O#m8zoh_;<&336590qMUcgCMQ9sWoPmnr!Rl&{(iy}eKnzzReQP^FH6(K(~3c{ey({Kty3fv9B!wJ_T6> z5FH8J+5nLPA;6IAYQPl$S5;dyz|Yv(*^7RB2l*l&0qJA?hb&qe5(Eo0dpw5#zl7ks zySrta%+7Xpy@=%g!9b!0z8l0+PnHPbpdon!V6Opkmi_%-W5Dx31YWWDEd3zWFbw=l zAPxi)VM}o2fbShRz9HT|1CjKsYA+)2Q5%_2Ah7b^-;hKbtoZ+Y=s*!kueTi?jRcN; z)l8Aa0szdC70V&|Ye<0s3>Ie6?jWC5ONJpB4ap0MWH#LyXq0np#MmSQ9(i3)VV6cEH#EXJewluBRfT&WS_(DbBGBl3#gDa-N3i}GfiC%oH_8m0mBC%be=zJ z6cEG#It7A;gZ2URAU)o9;p0C*?yozzBMt7jg9QYF8lXri0s9cFGbCpKSfxST#7Z22 zM0dzjhXNOL4OAES>R{GM2@r^Zhw@Px*#!^WT)|aEF|xU*$CMNw?CakxV2yM-4S{|F zlyR^Z+oE%GasV|LAARl)2A7n8`7S`S1-7Px*7W2g7^NqJ_EH58{wGLoF4zeG|1JV@ zZm2^S` z3BC%W3^%$~-KS4FpQ=G+Cjm}&h!q{Ai%=G*|Ao6^1#~3X=@3%`ScB`8D^w7XFuO7f z4eB4j1_AKLy|6UEuHvl@o->GISJ4p!`f@uvJM~;XU_r}Qef=ZiC67{csI{a72Gn{G z&j+XvfE6>Q9(-aR|87qUN@~q!0#JPb!CLfT>JGdP6>!2rUa^$P;-J7gt;&MG!8rrA z4^Yq1mb@W$Ze>+f$O3_P6L=p(Xie}T0l*CuE1>SUf#V2Rm?BW~oAi}G-Gk~=3RVY{ zamFOgHW^$OqTZUXV<}Wfw!7ojntwA4-Me`h+6M2}=)tv$ED;eCg#=4$nmvTmYDMhF z5Y<0V?C)>F%>S{DpN)<61KT8-US!H3?E1!TWtcD?HD5mNldx?xxIP2ImO&OL`t8|q`9ozdh*5J`@MMAe5CS(?5f2nK znCKD76R(qCuSA4%D|J6Qulnp~+q(UO=#LuoHb7$bqU5%oI23W$X$H)Lmmu1RySAG0 zw$c5y#*u7n&h7EX>UN+`2Kylo1hhEp%=?vHi*j?9p~L*+>e3xcD0M`O8gTIO0Lu;z z0YswZ@N!n*$C@ccSs+ettp9#oa`;q86G>TYV2V(O&D1;;MQWSG_(kB%NvYoc*;lx! z7@zo>!k#4+y2{!B?2TSf`GJc9hV=<0$-ZS<5@~3+#%M#DmGsK#B4N(-+Fm&aqa zARHLTsnswuYf$~bnoY+8U$z&oeRjb4e$Kr;Z!Tk+Y6@!e&fwMc5RGBz?Y*_kP+?`O zVKS!V^y0y`NS-2d-+hMlJv#AFF~cc`CVM*0JM1LNG;|Dv?tpZ8YV#agK%^-Bbe_Y{ z$M|Pgfr%8Qffoy398(b0{k@7s4t{CH_!C%bvC)Yb=)rHCmQIzlP}7zT=m z0{>+O9ImdwoK?4vW!k=_-V8isWeDs+!+G{2FJYE(Iz(HSae`5HAwrWFwvhRskp)h|+g$mQ*2IL&deQu=mrHx?6}Hq6@u-0Pf4zHoc>Gi;Qu$V!(f1PZh(Y%OWs93g<$_C|79H?>4l5Zu zVOjdj75S-dZM=VvWDsfFf~g0Rt5(|C*ky9_Y<=Ngws{W)r*IPN_fEwrC9E3TnNi3b zMQXgA4B&s^(DL~*@1`uMZ#^xF=O)dL__i~ql0ElyVpVoyh_>$QKzGk4=Nbs5;FZm_W)Q%pPF>hBCqoi?jxfdgNN1$JKok`>JB1=4W+DYpx z^-%vMa-;An^KAYiJe}ZqEhAI9lmk?0-VD{u2UEc}#7DeEp6luTbmNFB;;7}6+0z~B z8NJPh$x<36mR(LP7j5N+uSGe+EsN0x)Su1r@MLmT$ZQNVaQeP56Gz&^8Mmllh3~FO zwvUx@HKJ0dIY)ugg@CLk?}elmOz;M`zp9YgmRV4y6UMh(d|>GlO|?$nl46pTdC_LS zwcRx*Am7LRH?(IE7Wu11k&*pUgbCC^!DXf;?-*hU6@@xF(33xj5A|1 zE}O%&#pTki3nKeySA+$xsTtn=`4~?#WC#PDOxqZUUxd%2ffWHqk!}lrfR^#=XT}dC zgV5=FZ@rwuQLXh3w?^zjJ`6ldCF)7}-YXLw zLtx&^jRw!P`-5$-wcNX8i=+Uzs6F-vcA z_Q_z=k7@Wk++DbX4ql{u;??^sIQhnO0c5vt(zwWbZWv2uQ+k+QZXYk9DNgsc1YLro zX`8mXuBY$@lwW>u@Niq_XQqZbA96Z&L9f4kH98ZmDQ!cfT>!^yBCn@E;LK+4Zuc))24@Ba z2buYmynOy3|1teQiv5t141=dU|I*ml81}kfFGnc(tCKQX0*p$Faj6&~79YkgSa2@GvPSD`WCohSZ$rB}Ac1{u})f)jPd!14HDDWz3w+C`Cb(u-LnFn-sg zj#GX^w~}O6v(jl8gL8enMY&YET?d`sIyUOoww%37S=mc5`0=u%iN#d_*i+b#y?-O@ z&JC#C{<=Cv(j3MJ5=>g;X+m9TX4aP+EQpNVee5qxb_uAZPWx3_Y@dA2m^ec5^SySw z`nI(4ERg=RVx=G}b?YhejT@->Te|h3jS(KuwfUP14}?Tv3y5lx?R3AtpR>Z;U0b7yY?=Fqz5|LuD@UD-tjmk&2ygMuHE>5Fl7Z(@a z1G70Edy(#lT0FpVL~1izgFJhJFNOV8K*kP#3=w0Cgn&G97PNyQV;6JM?VL~hc+jaY z*_szg@e{Gd-Zp2zm_aaDJW{7a8lJOd;D<>k5gS?u}!UZC$5yxW04 zT!M8*-H0219fh%n`H^qm59Cw43u%g1I~R&Z;!gUXaI#V`Wd-t5oG~&Da4n)gSDPNInO$vm%yWlzU4_=Y+s9*3hTZJS~*UumvQ%$8KAD z#sd5{SwRSd>W2ME^WS}5+!<5~&X3N9E9~)aVOHGlp&2q~YKk33-_vFED;2n*C66-Z zKSGl`oI_0z)@jNlqr70=Lu2DoQ20K62lu*~_>$%zu>m^h+B~)|iqeEX^+2u%K$GC( zzM_XQz;a$EcieHz9OACR2Fk`2!4;~;e_QK~wyj*}2=yp(Jw8%$G*O?8=DqBLI!*Vm z3Sq^Z0y=E`*mQGE>vyX2u73&3!%mOZFw3|t)@K?`mb3=34aHl}Xt?DCLkKFMCtAld z67mWdHVV&!!Wwv&=sLk$V6?B`;Dg&%28F-Zz)mPvtd2+U#k(X`Qw`czz8b#1+9EL$ zM$v>7k>hLz)y+BH0m*JXiNf{wOi8reiA*m6A^LmOrh?=)ITh7wIh_PwTsq`GVYtDd zg*AOBKwQeyUR0RV^cZ+J$Mq4J(Q-zd@wT{g54+-`R`?hh72fjMnk}<(N>e_IjkP+2 z5IMp;TQ>xcTG4LBwR}A~Pf|%fYEs%ad(gz(^WGS#RSEs*V~CEPo*sC5ezPRSZ(2-$ zFA_!;)7K`Ld)RNeua%33A!{H)9}j3?L?dd#gddAPeJ5e`A2_6jQ({jgqL%M1S@(RI zIbwP&yqZAKwI+F6hI5a>FRx|au+OH8Bx^D)heVgps}XOCl{OPWeZv!Nr{tTEF&@)t6quEBRQ=tXj;4h*p@2 z-)h&BKry9xrS8Hht!tHR;FP#N){Q=|d2$vi9DgA^<_WR<`>R@t=P+p=(cE)k)NE~Cn!!#@J;4{r3=N20F zy&>Dm3ab>GNu$9qqf?|_#gr*d?jQN0935ZSHCL!=yIrOAE)|yWp5(4f55aEz%gtll zZo~avhp6Bn6iFsyu4EadRoDS^{VCkvu7XhYPSY)0l%Uf-PBdH+v+j~#oeejCe4!ja z_n(uOSmQshUOD$35h<7Y1Uz0I`k~w^%Qg=M1x>E$U8zVFtB1Tf>I`92mxN3AtuU*Y z=tQ)A>#jt)Qj-MRT*NEc1NW056$%M!0c~klg1JSfGZR+y<8xPq)1rmTfIpg6s6?M2 zek?q;=yY#-f#)N|yujv}FVgGg19f&)BU&`fp3hY=<&NcFRbNzE2uIvEp#i1=eSzTH z(^+q1)#1J=TKMB~QXV-bvvm1)+D_-^jKMHP^NxjaY7CauX5?_pavFjxF&eNrfU;ewprG~Tk;JB8_^#d zW>wkvD*Otiim!Yin=uWV;X&xeZ1I+~VBB(Jmf2~dcP#_+9oeM0gb~3!((8eF-@LXC znAyf?Qp7oVYm=+?sPmf;R6_?A=A(qoauWsS)A+Yu!+o1RWPiMQNidd!xMNfIWtto* z!r-0XC=Zf$u&SF`mo!j?Dz6W;|5EVci%`eoakt|}T!q1JjW{1J;C5hC&TFPXo`5s; z=ZkLtC+U{^QRvX2kwY+5Zkc!1(01o(fROobLebat=h{$LB;j$!{`fnI3HMJPGo#RL zB=}0SHL6@vOHvi$l|~Qn=k9XJh1CCEZMRs()-`?(TXOoIb2H(N^f}F$B_UYdQH9ID zzN+e#cDlbQ+>Df9ssv@SI%k%@IBg$HnR5x3Xp%E5gWtq~N~dvsaPwK1pnx}yYSvH6 zv?7hwzFmqyq=E`^>TQ_!Xgb-iQMl&{@&Yq5@gHsY*A!Xl*O?D=8Lw6%zG0|d(@2Jy zsR<-!Z6lH6mN2kN67xQA4Tx`AGgeyPNM78-7|E5$l|^99bPF)kAI|T=d%Y^dM0zi~ zd21X_4ZjkGK0w@6FoSxb#GYS{5!7xKaFzKFy&mO6I7`;mkDwh%d6<-%i?xPH*^6(b zDlxk%4tG$|Mhl&hiuSDrj>;l!SFYs8N)wX&aZ7XVD4!bkIuXHiDZSG8nyP61g68{aYCa4@F#tT%4AJd z(b6F3NK7z&WUwwwel&RJgZzQ8cKAyUSuFHKyZV-;f^V!G^6T^KA=ozMcUCW&x~anE z6E%rKjE9T{3N5s1Vi)4#tv5&gL$goQd1X!x<9f z-APl*v=3ola>mxg=T>R_6F-aj4y$n_yu}d_T7S#n&T}5aMS%UI`KgbxZ-T#W>HRRT zqQ1oM*r)lVafHwbxMqfYsImCu2g-LS4(=LU8LX=N2UqE1cdcW7>sqseMg5N4gh#z8gwZ zH8fbt@0yM~15^fAt>NYb;zj|lDm0wf21{uB+o50gE-RDyj)Xbmh1w{6ir6$kkFkJN%ql2+Em}}N2&1oo%Uf1vRp1*mU7NSVRwlum)TYj}>#gv4xxQX{`M&Lu} z7jri?Il`#tjhpqlmF68moCnTZ(Vcu(o#J2^_0Px@wCF{za?0pK-&Wc4BE>j;YbD={ z3Y;r_2_Ywmal2dG5;Kqf^tWAF=3^Rjq=Fp<(z~Q2hGdFY`05di3&LwPLiz5e`A1Qc zZ8ziI7sj~e0{vKjW1tMYqdad`ggo~QH~#gwj%i$Y#e17r;vW^yAK_XPGJ5~51cS9c z7{JI!pjqf>T2K;e{;XDD`tB7*SNS}bhV{oIW9NDdo{IKR;sIY2m)#MSy%USJT6#r{b1a z$-ws;^`m^9!i`m|l`~wNWHIV5I^xAC!4VL=(e?sOx+ca;pyNF%E>zy9IJ4bHZ&mY@ z&{ub(e-v@x!Tv5w2YuBM-X>k{GdIUhE5QuRpcX!Y&L55w1Lb}6u=;312ldX`+ei_V zgW$0>i*i?v#HH^nXu1#h^Wy`4=F2EFe`XgfyfN1+8xg#BX1U4QP#WIzBQ;1Zb>$sA z;G&CNi@`j_k2=_K$k~%JTELL5l~Km=iqsY~A= zfX%4W@@WXuqfjAB zqb2j|>MgdqyafE#9e4&&QBjAt5B&W6y*dI%zfQn;Hf&NvPLaMfyjSf=G&469w`OJJ`^}50 zbm`bqv_bRiTm6<0X?wNRhG`iZ-U?d#kL|<5R~rxOw`V~9ytBCp)v^-T#Q5)}rY4I> z3gr)RA^o|~%U@K%UpugxmE8Povo33LgBueiQ?yG__~JgFEZF=5cmji*zxT+A+0@oP zo$=iNJc3568!SA^p!MBYq?~$tbS=>FZtfIg{eY`t*&Kh{ z1bz9NjxD-ftQalp<*AGr5hdh}^rjRkj&*1W24!o*#p#3Rzoz1_@vkO6NG5OtlT)0S z7MCla)X!xy?_NNX2kfeZUjw#z0deWqIJMe0h|UspLa_o8VZ0wyyUu5AGr7)vJTt~@ z+vEmdXqZB1PUfNsi88-_xMm~^xY8gCD`~N>yh|b?o-k2z+4?Mao^;KxYPF=jT za9-g3#iT%|f|w^qa{ucH#LV+JOa6p4yyLDb(pr}b#^FF8y{HLu$w@|b$>Q*#JTj|gnePOGNsH*-is2cTq=Eju|Z(`lG_$KYnj% z@Lj_s8x{_CI<48T+fT_&^6a--my}uBKW0v(-U(El%<3j$Ykm*KxZq7fp|9lcdVfj= z>`$Fe^Xisg6wGfwxyqU>b@<ob{r+s6ICDCG%8z>Q3P-?6ohWl$~G@9OveRB3Y{iRbXe+zp;L5`i_ zcy0M~ALm*#2zzaJkoZPpfSDI;N`NB1uU^mdZ-p!hHU`9ZEdf$SN>%DSqvQqHjoXT+$ftdCHs8|w7E zDc=gq{z3XkzoDhunygd6B5J=w(^nH09+3E9eddiF^4c;K9DLF6_O6S#q6WCeb|;^i zm1v#jl^FxX*{yJ2N9-CH8M$S5^z;-2v zT8IcNbMToA()FRtR!^}#8oRKUuTcrOH1G;9`ElCD*5r;-(|K`G%WW$M& z;StT;UAu(hzZptdlzObkg_*f#mj@nsnp2(&%S~hatO~y~Z}LZZ&b&$`*3JJ^NYk~- z2xZ8&5O`Q?{JlI%NpWXkzP(PDXj}cWeRhU9&2v)5#+M~L7T?x5?k9!J{qEhn@29so zH-iJCQC~6kS>rEXHZVR`NNdzddR6srS)6^B#Hx|cI>HeLkp&nj2Dq>p$KyQA0S%t% zdj0S9{FJ%SxDNu|>ona2mCls$UZFT{Nw+cjF(ctKPaZi}JT6U^lL*tmk~KJQy)bjA zBjwv!)>wz=B6qaPmzf;spLPAPOtk8!rF-M(Cm(H;C|jBoKD0y}FZ&4c&M9W6VenD! z`sujWO6XzsQQFSi@P%)r@U7w}Cd+sxB>aSTtx~(@Ys`fBbFw1_By2G|QCS(X^JZ9S zSz41?$`2iX@-Tizx;o+gH7cxHMk!R?>EhV1G;nB_mNj+z5U{UG%U#$dTilT*&CC`9 z1Cd&*<_kuEiQ7R%J~y?;c+X4UdZJV%XoW;YRGP<{`e3YgU(f`u@Le4%c701e)wTYBB(~p#O#qiiD7mv#XsY}TxwLXR2$QRbTuu23H zbMqb*2b}JdYdV6XG+fUyFw>P`BALEg^5tysr|Ic&Ms2^C8XqV^;m1_=MwG z)9QRYV2B03JZ!Hy`>T27yJ5!HT!Pg}NcEjge00U>Mq2aZa|sTw>N<;-GuC25R8bf` zaLJtGlDX0=?AxroSd<1xf;cMGsbtW3WQ*+Fi6(wLT76QTTM>hQ2^)Zo8^IZ_vWtsj zK6XkPq@imc+!=2k93Do195fIDF4Ah?DmKdVKP^DQEm`I}(&x<6MEtV#&PmZ3Ss$NC zpB3EosINajKn--@>4vkVV*pcj`R6*M>Lne6j6Sa+KQ9J$h8LV?1EcR*Zt3bod?9+h z4(P`&ps~wRt+dNQ@bmKvamb*0m|(R>r%G=g$QyyejI{cRs#_X;NbNQnzdXBl*X(OC zp-9!=)P~ZtU<-THIJv7`IqfJb-2DA;9Ic5v1I_Z9nLS!=<698<`_uKI^)N(*fs~rK z#YG)%l`t+_vVq0h`re-~spkaqM{ucQaG>HZuWk&0VD~fN-`N2IEtLJ!l)pdzymP-f zG3dVe>4<`3E_PUGt@)dTNtRr{^OW@V3;FI0M9lK*mkD6~OXoSF2Ti`Uuj!Y4U1H8# zlP6UnU7&=`ZriJoWRTtTUf{0c@^LR=))`RsJ}r(|mV8^9ZjW0=&1b3`EWI%tTpjis*3(m%7VqyZT34ObG#s14=u_$1BAh$T~2(dZGlB#PI3ACn!odsFs3;SSi|t?)CvZPUAseo?eg`@ zpKni}i&tKs!fRMry?+49TG#EH6?bKUTJI^r&G&3#JMqC}mvh5U(qkXpCSG3v6lSP-3+ z`1W-Kef=}72+F&#Bt5V5AeVTK zQI7jlLjz*VI~j6o3oPY#3&~}EzvJ{8P>y!94k_R=3qp^<e6Wu9iLN`o2an~zQ_={1I!d*G(R>_U=l(dSn6ia@$w_(vUnnO@C zERG~V6+zU{O?ML2D42MgpooN2-soExE^= zPP_5sq0@<<&+RJAILZ^<_3JghDVVlPtu)sl13f1Y1%xw$wp55lES40bs0?~|yK!0A zH{UtZxPQ?VG5kzJQy=?eGUL_Gx?$Aysm2p`H=on|rnh ztDm;I>dP%fJ5u&BfHKAJ^(3+W_Y9O`1Nz1~I?-Fm=XP?X8ba5+svRsbF!M*;LZ8(x z8`{SB-M@MQ`Grooe->ZR+G~L~3DfUz5(4I0Swrz`Z0H$D`8~dJ5le7q(k#~eBA>`z zoYM-aSpP1vs1r5l88AH0_gQpTq@gy3xN;6x9^>2M<^G*_Sd@KC8}URSG547!9aM8C zm|mw-@!92uThmc*L!kk+=r6Ox;x35T5Tuh|% zS68M26|@IA4IFL#_)hF4xp*Gx`Pvy!eW? z(8Sqav9!GB)&*>o)H^5kLG)RujpFC8N2+VruwFErt#yMg{-ahTNUCfPo3kLyrI(>H;sj^^tJDb|kR`EN~G910sM)gwQC zWONx&R=!VKBmuDKf+dK}rCBuWPS%=f>l3i*IzB%BZwjUVi6!{}`STX}_Q|xtTDLC_ zB%&e^Ol1BqOJt?R_8f$qZGlKJA2$pmBbje}afEX5HOQR9AU>w7PCkkSAI64p97av- ziQ6>bTBl-~B)MQ(nQNFoacWX)CtSQ;;3wb}&r}W_FgK`Hb(Mg1am+ zF|mT)FM=@Dl@J{34*z;XRmLTyZK;y72M@HdICZ{6Y|qEtp8FH4IN3f!!^xt9Tn$W5 zceB*4*h9mgbdqYN$%`xj@1m2H*pkb#tx?|nNo5p6V`Dy1AuHVL-=JDM)DCmC7|t6B zeIKv;^}{JggX0w?tn_q5YDi(D;TT7T0-laiL{%U?*N@vFfhFFxln9q1S@Wo<`bEyp zAji&H=CIa-stPZA!ZOx}Owp_k@wO*Zm*v9lVuqa(5qjEGq;AhcSvA$Cdk?x!;c`zz z&FS+gcHP%RB#FWougnG@Ni3jb2Hiyk^+w~+xgE{X_@DZ{AQpW1XP;&r^4jc?TGgpg z`m@pYcDd5BpfAj{%q8ZMxiFa}#3TN(=v~;usGKOa;@L`^2oqUkbW#`&8Ld%(82z?> z-rqN&jTO9q|NPkk3MDXI^>xYtcfP9o!;SORLjV|a$+`7$9M+VG4a+ut(ymK`rF&=i7SRkO!G*-dQR7aWrdddhyzeg8Pw?V0VMde`LSl+N-e z^fCuucebTSDwGgUyx;L%jbO%a?mtPgyahz>ipK}6^|d))9dpQFAJg<{Y2do4gfa5+ z9b5`j%rm^OT8|?lB5t)z1TVb%t3{GZ9h5WLpmb=B5_~Hvri`hMw$N3&D!l6XrKM`(K{b;NOYlCeNZK!WzGITUwsgXeg zWWZ6NPmhYOqP@Fc?+7HlJ>3`q?SPYpxoAV9=d*BEzKfN=J^_w#hTYcqLuGu)OraQg zm5;{8Gh0ePVDQF_`{%@mueX;aqYM-qAXnjIU;8N!2|CE+8Nf^&RJTV(MiZpALjh1vSR19qgPRPi_!wbiNh9gnAPuhrG9idFnpv)X&nstiWpPEbL{ht zQ>#E*2CI=_tbX*Ki#e4bbl51>LDs?nJ6Dmqqh^))btrlrr&jQ*8;?szff5@>X2%XJ zTC4cJqKy$Zc7R$9K_N**fKSq1akhu^%))k{C0#u*PTp*3ihgkQod83-7j%Z?Dr8&B9Kh%#r<-*=l$}s+E_yf?!~@OOoW6yIlYZ_`8l~Dh^PKDQ<=JuM za1HVVJeen0?W#+XeFn6S9?kI4BJ`{2P09n516%A@MOR4hJYp&Z+a7iCs{6?vz+(TRp0$kg$TJrBkTcQU;hyh#Htorq=14sj zpQpt%d+_J>;lH@shJfqZWikF<(4MoCpf@%(p`VJ71wFdg)z`h{MB|iYv|u&u{s=BY zTc5>VRzbtD{IxA2KcCbXBxiEG5~$Z`cUoU`hvr|J3=nG?evrT# zk$8P!{uKZ*;Qa@hz5bZq-LHcP^9E^c@Q6t9w+EcMRyn#J1R*!?lhh-IqiLRVabT$z zSed7j=k+T^;o>*|GP&JC#Jf~!{x&!Q2~(j(y?VISCipOA7wX5yTh5A6)#6zlPm5Tq zUdMXF?+OvZ+*N%xC|`P2OQ>b&6gfYpA|jLKwW?M%v9Oq454!uBfkVyr{!`nV%WJ~1 za;F|U=T20&i}zPk@~>kO9f)%`J?EqiE@?8;`9@S2Ox0K3oZdAML+5N{TCH;|?{`d? z`oK0`sPU*78jS^?V&AIuV}hBJ1CZ#U^hF+Rm9Qn#2M*EmZMw6&9b31TXEI156d#Xv za(cQ25;l7M$?`6Oz^Lp^aPEE1hZ1)V?ckOc+_1uOW)6&RsH39U1CKBe_=BE>gMtL} zJ%R;UTPDwg6H9|gqeu@ba{LJhED0^Q!4Sp{_Zk9?oqDwX{hG_{$8Cd*>=T_HV?m6PItXrD8%(bC8Y zeXnN9dNH*i{0)ntXDF#}P}%ahFX9dw213####CL({6~gEMcvreg0w5a?OmK*iSLO{ zHZT??=l-G?+Aa6~(=i2k2C4~N#bIUWPMs>nz7YZk^$`_m4qamx%HyJ*64`=fhJEQm zBHnsG#T9CGD3&hk%OaFr-oW*K4QqDF|F?H7cA0Do@Eh2f#zwcEzFgO5Wa49DeFKBO z=V!9+_x!%U;c_baznq$mfDpg)8&_8I(@iKdkg8ckoM_ouTeHnjul;jh_E)BLbc^i_ zZF`GoAIPw4CvZc+=NTd4GP| zwAST$IHnE35ejLPp6Pz2t2&U}Khf=TOCd*p0N_~dBc=;UO7M?JFY8Xv7$ zLnEz2Up}5gSd1ZxG$5a)CIv&3GX}|}(WY~rsIhCdO`j5F&`+kywxUwCS>|Ma|HVX^ zHr1+C_^WKg63V$QU(X?}gL~Mt9g^*0zCKHj&o`Gg5+6Aq2i2{LCT*+XT((z~Nru;7 z%|=XZnA#hwSMfUYq9dqSZZ+e-$QT&z`?FfH5niwV5&GN|)R=f3j|SeD*txl@hiNn} z>)jCp1F*`KmfYU)zx=d}J3a8eJ_D$oM6ba_?weTeuhsYNKHM;Q5-G~ME9=ZV-1=7me{M!i^PlLGun*ogDr$*FipKpboZd)*}s0z_3{2eDjqiw1y ziTmTf!zJDg-uwM-q%sN8TFM%Em~x8g@AoTG%Waw8ibn5B{&9TWJk@R8(RmZ~ota$F z%d-XkTA!(&UI()r`A1AaNZl)|lhJGw1xI~=aYRK-hF*7&&tc1d$S;Uvu6_r)a$%wY z-%M_}@^Ou3jb#+sS3~r^pN?}#r|a5IVq`hId2{;=C&Jv6`U9w^b1y0N-BvWQg-zBE z%?mV_21#fsR!tV}5~p=(SX43-CKfma)%Rchn#9xbEafgMw(S|iZklIkad`<3Sn_V8 zuNp&e^R8_T_yp!12pMssp@dCM(0*s$@4$7kCBlPRYGP;yB;XGCo};0n z!}HcY}Uv%B_>!{1-W>K;Qq3$XqxN=K_`+5=X z-^WvU=c`p#5l59i!4jNq#Y@aDxaou)ImMKgQpI5;o<*xY;gk7YAQ2=(?c$nn9{*r$ zuueyOAtBx_!}i-pw0(T%c@`2b?jwebD4wt5_)3#$f`8Tf{%B%QFY`)#MLI2;6@LD? zsBkc%qMjq3Yvn_7DO1$s+^M2ZWRGm2C1>`l$)9iWi{Cg5bL`g=Lvg-x3`=~+*k2Oe zEF5BePZO3(cD>UbRqJr0wpbx3II5_q<}zAIE&N(0gf?{Z*Rpt0u0lep8NPJN?M?Mk zgF(sggp01Zg)xdq>%CI~xSh{es_p!k%Dwv*c%xNUkGexixO4NT_HMy7zOij(;Pdm7 zX!kjI3k`r=!O-+{9pfHLSwSq zsp_g<=~l4KRGHsA`y24+`ZDkm{;6b8D@-Ns(+G=^#RgxN4xY_5$<7h(wG%p5!|W%L znj_TGF}SEyq=J8kEq9Nvd!X20;_K9{*bAoi&qPU;|F5RA42r93wlF%_;O-FI2bU0n zySpX01@|F9aCdhnSa65n8rE<~|k(@?B z#jY3_+oOO49`BdSr89z;5bN$zGvhvW=z9D0!{##}O$i7I^|^7OrzS>auP^ec?~1nN zzx!9!NwGY~pY$qQ=y`d~M$jH4SYr?|EW6Im|7}Bmj1H?8v^vOWb(N;EmM#Dr5ERJC zs^RecyGWD{!{0)b5H{1^PWGWa&Nl^VA_g5CD)FYS@H=k$vw?Gc4+O{Q=_(#;E*~=H zmVImAVn=^0Z)^;nzxPztjS}mQDye|MoYxBR!e``I5JvF$f*@dPqN#fN=lSi?0Ol$E z!B5;2adpkj_gxtW&hkwbTi!(0J0?S40u2uTD;l`HZKzO%F{q1Jz!nnI3a4ttnz-Vvt7N#YWbLfr?fReePx2ndS zN1?Fw6X4gWs@mN|I2kQ1IVw9Pk5O7{9NW_B6LX(5!ym~LGrkGl<^?$FE2muC^n!{! z!&Z}CI{O$X6MHElbhnv+0BFK(bKg~8KMUl-1yEOUuRQAy@b(2-sDAgB2*|Uf9vwN5 zR7wiSHLd~{gccP)WW3Um(!imOm5=EgJs=3&qdy4`O$MOGb#`y8^8~u9!PS-HvW|)bwrq=%!`;1<8 z3HyWL52su4^r@;*nL26xH2QG#r>QVmQF+>ed%WZ7x1`!SL!C8DmJ~T{Np8n5z{1;P z@@6JJwoYa-0sJ7>t)5;pdskekQp47NJTBxFsL3zBT@+dLJa}&A@rK68Qd21Qg!#^& zGG6x6B}Q(RUVP2GBnf&y2K+R-CSq7U%~1~P6bk<&s#i7cLx&j6WhD1lyv^*(ZvFzi ztsNBmt|cP=O?;XQrXOdTa3_>8o{~3Nz6*O<+r{5FP)p3CzZ2Y2WO3jba$P?dV^fdN zJ092OpK3g}aLA75`?=^k%R^_S*TBe6Cy<7&Z?+Sof>D;8ojI-uV+q4uANW+&*P_DN%l0p z*>4qPOE;yn!yk?aa+kMuoEw$1FUI!e4DWjYL*;!(boXgt#zf&otrRyA*IV9$sz|j} zL7#~1JoD{O^heVjCbo9lsHoBMr+`4U=D4eiBt{%p2?UAw-rV&X05 z6*m&`PvF0cupHqlG5EWFr^vJ`sTj_;k`Fk&_|uze#k83O(Pjon#SpkYDcQWAFUGb< z*XH9FA3Pu@xtI8oXZ5Y(Jj#G0*MM0ps_VJGM{z(MYqR2Ut%}I|!KzSM zQ^S$`U!&#son&(gxs`_XF|?!p~7XJ)OEX)<{9#GanjdFB2zjboR8Pgck6Y^sa?&+>o- zD)>*s-l3ON+CE?Tr3Xh}x5Rw*D|95Eignmr7|!K-ID{257v-|v@O|}KcXV!(suI!m zOc^}?l~W=Z(1 zTa8U+BR@p+CPM-TODo`{+}AXR(#_h#P8$3qX3;~Ly5~)nP3`v|kPOiZj1roGa1cJW z9Z$EoTRdB0r;)Q<5~fCKChkOys84hGYDx!HNemK@OLWT^vAzD)vqFFVf+0`jUe5)O z=_We*E@=xgJ{3D8=s?S9JOhI+8fg-k>85l%2TvQ1asR<}M89w;XX>!SZ~rwBH`FE^ z_MB9(UI9%py2(j=mi5*2_VeO&o}o%I@~?n2^=2gnQP5&NYh7F0ipyyhD8`?bHY+Ii zM`aK1zI=SJGSzWI!=06Rj4F4$;YxHYoKJB;u20=@gBVLQNCoIRyG- z)LTiJC^%_)WL?KZGJ?Xw`=?1OWhM2$eY{;UtkGtbk*(>4%54ZFVvU&I&qnE~k0VD9 zuRaOo`u+uuV{gKuBJ6_(rp!k&2N4+!E$b7KF6T=n^h0KWiy2C=vlDc_q9{Aeku39w zTmGM#@eGae(cc3nBd@PxiO(h^Uot(bFpDh;BQ1smDMPRFF*AdL;0@c|Yyx;{7Svtl z72pgqJpSg8ePGwp$$T}{+?_qXtMwJie1vY7l{+nub5^kkEagK8J{jcm5J)LXf4SJ+ z4iH1iDpf9IjQS2b-REFwFdb2&Pjc+@w76H9YO~24&OTG{y(mphjr)^x9i{w)CxjYX)Hu+#zl_gAHN^#p2XVKUOh99Za91;r#w}`ssIj? zNF_e4To4@2ZD}*k(s+0B{8;-gYOmh%2CMt|+rKWLo9P0A#~E0|3K>nnI7a$yA{CF> zq{j7GIYDv7^2tOrfOZXNFW`e)3eq)$BX^;)QuHCEkRjf5nSbF0$Ds6Hm=s$l;{)rC z;qj%OQLIyj=7+zK($;FP0q@c|v8p4z#*efZ@=I*L_peXGe+$O>{>eSoX&aE7tvYhg z*USccm!ooNc2GzWvyr3`ePKHtrdn%6k|0DNob5`A4m)-mP44V9j&}-+_@VI3aJ&YS z9+j_r6;Pd$y_D?=KwHKOq_2uvTIaW>8QO;r4T4tR$Z1_^TvIc)_o0cHL07+rw8#9J z$qNZC?WBsQ%I|OQPGEfnxrsg~X;o|lmWRm+v%2})W`dHA5n3EJhyHZ`WB%D+a0L-D zb)r`mc0$jtfg!w*vYENSRMl~}_LsD?{XCJx9NhjqpC4bceM>x<_puv>=J-rU`KKoDv9!=H&;&4#PEMR9XDyV01UugU|7u zZb%kkxuJ^Km}4NK!k|&;xNi_@fahwDiG_Xmq*D))*IJo8i>eTj`6I^;o&&oK$iL&8 zpg?aK?i5i_JtKe$iGwQspjs3*ezu-U_?moQu2|^e6f)$=%ccra`1;`~4yV~NH?}bi zg2<~)R}}WmL4b_QN0hH9sF%taLK-(L%p^60P{Cg8ht!KPAk54w%^V~VOIG#4(-j`E zX(ER}Wxv&X*n(Z8<0x>aeW>6$Ht_#h0R6K4#K`ZG+<6JQ>Y%Y4`BXZC&rr9oV~E8H zBB&1*YWdj2j@I#rv2^arN!MVI(w^FcEg3m^!PdoKuMhsVFzS|M^i)p-`YI1P^C9F6 zv#zc#V#Iu)+Er<;)`^DUei|)@U>_J>0F`klz%ZUsON@u@(W`s}lU=#sa3rpAH#n>PV zy93Xa3?aMcYfJqzCMBI=$s#@a*r+XHMlSEh$!-Nc|5mq1oxLPnG6ak_JzN?8(+sfoH5mj%Fm8>qYFluj7AyKDtNV?t)sO3veMXZpu+x6n%(|cw>{!a{ zEV2B}gay$@#|KLxz5X@S7I zhaLS^7=;0qIZ^;|JH%=J{HS^WBNo+xX$CYOyG9|1d={M;%Q29W`*l zLMw!s&(1t49gdf`!>$G1t~%e(GgM}bIfGC#BM9%GS2*HJBfx>A2* zRWVG{@;*QHOdcw(tdsv==UMkJW40dx=Nn2ZWGQtKf$HlTC`%(>H2Cj%qs8EGM?|Mb z;C&a5-AF#_gcR1IMfMx2L=Yi;eSjryoWnCcXAz-@d)xw|yg0`Twx|`e^Gg5;E_Y_` zIGK$(E;d#_A%uOTiSPZPiUKjE{nt*Wrd*-Yq%>o%YPnR6_7PEOwBE=^g|X3mGBoN# zlq}qkBgNQyU6g%=bMHd1dW{Z&8p<9?YTMsl$`>*5<96VLWF?Dsw8)x#WCUBQF7T=* zzqM^eaU!8f3@UFdmZ!s(9Eq4Y81Z{-!^^1 z(rL1wy9+hU`zRgmlR>aa?a*Frx%2Y8wNDTU_F4;QQLoa$K0i9+NA-4bZ`6>*asGE~ zK0K`2_R+pzL;oZ)-HaKWk_tVF#)Axg@{6>AtnZ|m7#)chELk2Y+gqcdLKfHc&Lvk) z$MQNd6~yGRiGP`pOh=`EmAtZ4VD%<;38S#{HV-tUG zCCFiz^Pfh~bg!Z%ej;@NJQFW!py$ezLRnXyBso|A-zMy+6OdsY=Sh6na z0TBU6;vIhtYs7W(@Kot6<;2uY%jV6O#B&XKi#gXV?1)h}uWRS$MmujJ+*x-TziypY z7}z4-?y%8~bE(c1Xe{xLWgPe9P94GoI&ze++~4055#}nDmdTk@qdbtzC0mp@3INtb&8J+P^ov`&#fCW<)J8GM4fCbd$u>rzXk>1SfGv@#zdfO$49Tr6 zFUw9qOEpHAG&@BMsHDH*SLeON&{2FAXQ0uKcA*RD$FVZF>o-5ub}tNUnqXDftyIE) zdBm@81&fo&)GjH-D3?YR%KExlAhMLgkP=z)%VuUD=r9nAtP+1+KVpA>d3hdS4(_-) za(nOm&OM+#mqCNOQ7wMJ>pMpfxWoNZ10BI*HP?fIk?MO|8c>GuUs2PZWN4I({J| z<|NKk3}y6VL>#-DAy$>nnG9I=r$=RD~t4DmBnb# zNuXzD#@a^p`>ec~6Q;zgki*xj)m0J+4);%c0QEA=XCAkAckn`gGzI(^eMqx9O|>Mn#iEig~3%xD~NPaG!Sr>&=_0_!Qx%{M<)}JJL^4d$}316$gQ-`dx^u zz5{UwLNWvkkodmPesrO*x}^ zF9}X9kz({b7`;>ufnW#T?EV1*^^5$a)6n-cy14ai3`}XkdvkwcV`E#zPH(_518zG1PW80S5F?__xdlP!L5IkQcjqbP4nJ z)$)cZ_wiT5^71lrrgwtiqC31TDNKQ(eI%&l3n>Xb1t_EmkRzo^=XxJ+RCdz3Uw+SS zEA)XkoSvv+E!v{pY;B{syU2s0!mEr7(O(h$JmD1AD3hrvfrsqEzNZfOw&3W-Bo=a$589T*A=rtYAm zcwi{g9hHDxwathYiA_#KN4M znIZDK9`*}-3%b~P8RB>PZ(R^r=nzQ55K7Vd(96QLi2YtN7B#Uhx{|*9UA$9F@C!hx z50h6oDd>qP=$SjHjft}I`|rn$g8Ua%PAxM^Y{|*Uwue7{L*IIw^sECq{ww;hl8DlL zlv1wcoRQ(AT6-V5IYv8Gq6PODpb&qI)RK8=!}EGyf4pWIjj>47%EVH5F(a*L?HsH? zIzlPE%PCgvAfhiCD_!KY0ZN}@SqvhD?^z&u-IW{_#HvPYEU{4Hn)MiLo|va>VvKnLDgRFpU@!9Jz+cIGtEzxmp*33 z_IRGqk#txFW-{6j#)|&*{Zu;r@dkUOcxsBfG^xsVh=={X`1f48+FJs=Kk66-16;Zy zh&-sNgtjS-{t2>odm|eCd)2ud0#^B?xd=ao}Pu|Fq4 zxP_F!3dv_$x4=+L8^ZRcMwnlZBVJ*B1U{pEm;dOPd9W~KdbJ)nSdF8)ny3+0=RTTC zgwspSK)#tM>(rw1z*K+k44tu_*GBOH1y}aKm7Rk6KVwpSik3Eed73b4kyBv}!NiOM zPG&aYt9@lK8J*c!6>Q|rIMZc@gq}gNN$*DYKbTULyh%P0+Wz9AXe}2!N&ERK^a$DP z-AvHUa<8M@B|8Xq7%d&bd%S0;gD=GC@AA0Jw(}#kMIJ@Ebk3w?$eKqSC_jxMvLbU( zVN31;0H6bm6G4DE+R@!tq8MpF+9Eh;5VSKO8D01x*N>z6QO}qZ+Xh=tf1sy8RuBKb34TDvD-yO3-OaAt zt*9_1N;E|de$mGmEe_4R&CIvKzjby0R7A)?r9zKOg~}s8A{<`}=e&Gtu6eG*Vx!&W z(2$EIe=t`}pQT6-J#SjNJa_zu2+VOPD6$;|U}jEi=$h+fzkpeiw(E=|4kc;gNRY32 zBLs$SQH$@I+@UjRn%{@-m z#OooI}LLwsZFr#L>T1H9rvv^ zo9N&XAR)=5E0%C_vx|54N$!ziE`JV~kP$i}1HzWwW%-P!fx1`9dWhFuAYO?6NiLaA zQEdP9K@M)@SfnJigJ(W0uy;P^cP0}Q=CMM=(~ z^b26n611`z+o^Fw55m3mgrb8P8qWo+!?mdDp%7xfgo4vv(Le4je1@bR!gfNPS zV0G&Ly`uDs{Q*!mDLP%DK$LmI`4e^^S|Da*A(*(e$%%7?7Bxdr@n;T3jUQ^`fCu2R zHr~J>MJAUT!wD&x`K54&@i?O%Ul5z8S!=C7B%VsE{5-v1cgD-yunmB?+f)Bu*4~18 zqD$zV@&a>vQV|UTYS(GAQtdz~zB6#iJXHF^FG9Nr7P0_8rqGLb<+jKUKOc~S$8RQ; zl;E^yU6@3Jql(KK6zbwM1IG3^PD(ba ze=n}OMn-^6-8*5x?+hT5hCe;f->^)FjrJypton6jMB+R^e28s$g9~xz?fCkEmd~H@ zQ$MZqr&#DrwR$_?O0H5&O8B~T>^6ORmpDYB<*}&yUn(wJrG|$w+RyDv1~#H&tlDPL zIe~e1s>7`=U!-SmBu*&a`X#kz4Z|6Xk>8nMYo~9=pFO`m2k!pPuhB*AeZQ8V(~2t> z1rU&>um4}PL$zV~+H>#5(-iJmzToBs4agdP1nz*pKYf6#xb`vp9|56i=jL$?i=E4R zc8uj>Oa6u|mpX>%);mxr&K%_QvB+MO!$Oqg{dKy}=)v~=V7P*rJ=}LH_24!5r zEmPm_xgR>Wo<9J{C|r)UvI^9pwK~*dEm_tYGwoY9rE&0)j93^C9aGXsaDz2+%TKRt zcC(?qx-@NT{nzj0NjSeVGMOvd0#<91NKCY}cC2dtf&U$Ue7$IW+SG!o_((O5W{}w( zA@1eJFoI3j3X#e6`$k`I22&XO%TY?%DAuCaT=m?@JQrGsq#wu=IH7xLL|Hm!kIm@f zdPNZzw#M5TVPyRN48a8J(fR$%hG}l;*AbL~0kT)VYb%GdDtt=Y&W@ghqPm*Es1SNR z!f^GACT@FXu5>1DPanWcA^?1GZ#0Fa)#IGR!_zaVyjnkj*16s!yH;#5WSDn`Czy^& z*d<0SKgE(y^Y7iWZ)Ihrv9B*Vzz~*F|EkQajsxp322tmpnRA)=#1$6;?D?b@@SENF zat&Q00|~WM#osjaaFR}ETIjhyIeU*ILdrjsR1XzbJGEqNU;9wX+<`#^nZc+j^4GnB5Iw72xuzibCLs1WqpK7$t(yZp^kt9+?lK88EMk2BF`x z{Qt`EaS#O7nsZ$)!8OyWm^#!;+A;ILV=_##>d=`EU!!t7GOj!SG1y{;8X_|~>;D_g zy$j{xv!UDZX)}~pBh;?=yr+?(#~okgT5eqNbimEr%na9RN(A81pm1*sB>>d>CPhG@ z;Xnw?HV~HD`t4N+xXdGgeu++a%ED5(jX82$a?)zgkxKP6x0O|N|8B+`~9UR!<0-0)K)v)-_DGh?m$ch?n)!$?7z7o9%<@mSx1l% z|6$m3uQd8!!VP9plcHu-`%YJ2=}rL_K^->5_J?3Mm>@#BcWv=Ay@SvEBl8Bz5ON+o zQk?K4#uTbVQSV>D1Jn6y=iA>^x`X{*Yq|q*8Jcl9!4Vo|a%)TqT^6^0>mTL4!vd>4 zF|t@E-uwj z=+N9)6}{}3&ZkOyEqC$3;7D&7$|0;zMeP$CSj$e+I#E|JgR_fnX3q9n{(-fuJ%8!2 z&Bc&lmG&q^o`L7KWKPZwGQk-^Y@{`jk-mBAUf0+V4l7AT$J!~MhGxReoG}4Az?5Lp-9a_2}J39B+a9Ib(@KjBk71xg+wnLsO+s2av;RzARm@g z5}US7;G*`tCf>ZOmM40a&Ne-%RUjy#2EV>-L;c#CjX|8;GBcgFmOyF*uEKn%&>Cj; zH7%o)6BL){1+MXV#eZY}rCQeXj-0h_1V@+6X^#9C>4|lLI=>`(_IVtEE=kcVv!oZW zlI`(n3bT*h%Yr$SFK>=MRQP@P-+%0Hi&wiB|NaZx5noU$@Rvj5WST&XlX9^jeDMge z%&yfV?ew%L8D23pICpK)7N?k9h^Fr^xn7b=ld#D;rump;EtXS1ptvnvfPz<_6WU-} zTz?2v(l*vvZ@b4nWCcsGC8MNE9mQahpD-JktzvNP-1>Z!FfN$TUeGcy!NOP;n6DOF zn76JF%p?LcBr#bwFuA@{$rX-xOGAGQO-#_tNl)B*I zXPKns++T2puf8)cu~-q)(@(ar#dA;^(X~*ptE&y!&nB#5>@_GM2I*^8zKc|)oBj$O zC!j3XJU?)RkBF)yxu&=NbW`Tn6OfFn*AFczHXWgWNAxsPulDu-EdQ4*n6pJ7B_Qf_ za<)V4LfmXwSFAs>5cSZYI|P{&CYR|`b1jNNAFp!jY1{o%8aRXPoo#?Ie4^4^XCXN2 z>xV`p*^w14%3Uj(?DQ37<=#!jc0DFSm!ZyuPIR!x`!ujNP6mh9f0l8xfyF$S{sk7rIR%~`{uIw7n9r2Ii&cgWYkDT7Yk9*qsG2E$S+beaaz}r#{%5mVAAMwcJ+G4N zT|!qmCc(5FjPSufh=VDXc7lB*ys&U&U{c@{1B%Q^MIR6IuV1Rg5eLEuX0lpFdLW4x zhf-3=Tsle?GIz!=eDsdZK=>3+DHkV%)NowT?YyF*g8fujX;12IX0adPIx=sE9204E z76^1)jN6`9K#5~nk4O=OKOx~{j5dYE#Lh%wQ9q(6C#9AQ?j*KdMZqczluM*|L(2{ZQ*`$f~W*{~aa}fga8v)i$wB2vyM&b?OUafwi{DxMbfwqZ%axJebN6q# zq7&_wd1U*R5&9E(glNh{BlKkEdX^!VwUBcVRc)0+AKpgavg~)xbRDhf4S2Ov%F$*~ zQ_QHkrPG26mirp2JA4xxGN56}U3RBPzJ1xf0`$q?$sYRa(qnjQT4f zy=9`sILC(zIR?g#oxnU!^H@ol1+va~9=HzHs0BMmOim#?n=48MtM9zAmPE^DjzUSmoQ zHw$ooq?N=5!9wH9lvv@B7pan%D9w<2d2u|k8iIA7Pec@b7IT$}YrkIge2v0a ztc;|2_ZVPlY=`6T?i%!F!bpZ$4qFOaBo%dg!rDv@$P(sEas!|o42(=_Rgcl-fb61Z zay1Uw$z=SwzFk=F%cDO}>l5yQB-%OwR&xBRmW#KKN7OS2Fw+ReW_vJ_VajSlxJyN> z@)+%;r>Bs*;Ed>Dwf7focnWl*yZI3-?~6O$pZv#UOwtSQkpRW4AuW-HFd{fm46!T3C)S?{933YMgFe+zXICmyAq{_&g{Lq2I3^ zZhnXEq_vkBEGTxNl3qLT&44du4>c(txn6KL_`Qyc{W-S4}#>889mwM zD-mAjEq1lkAag#&j2ZRsEe(~NVV$mPqrJDR+mjRKXbAZUFxC_nHeYH7W;nst)5u;= z!uK*lIT#IA<2ySAY3vVQb4fB#$L4)Aq}BjKYRqq!@Gsj)eo;X|LHCk>L|c}WNQ|{U zIro&*7cfSduVbJw7P{4+A&|Sb7`T9#D%d>CnQ11%kY}jJSatDbZWBtXiPwtjb5)p# z#*4Dj`2*oc=*0@LiMbEoNs}1_M>nye&3~0_LeUOb@R`htK6@lX#Lp6^LMz$ECOvic z&R+4Rf+7lV&{j$My2{}~M29Gx8f*JI83;L0CW5coRhP}Vv66!nlDz-wzc)v94jW#9xqFs!eYR3rYV;kC2rL=YyOAv%~L>EZ|# z#{8wt#V1O-)YvEj#gno!*(9=XKvz?H|g;pS=9UwVh{6RWuJ1OtPF zFDEIc`JZcEKkx<)QkBP5Tc`_&frQ*@7wVXXH6(U*ndEVRb+U15p50`zDT&!63feUF zik*}8p|^O4?w7HP?HHrKs3N1UeT9zt>K?O_ml0SJ4!c;wYzGMjK=%tFR@psc47gOtBB?pe#Vua0sXK;nnhJm1@GZ}7*FhpenO}#G zQEmj0XjvIsn9>lrr?EH3wL?~xOa6D#_}6sh@!}_F-X1?2CpXbEII=fb+Z@Y|-S?+W z+c+Paz!$|z7@sIlml4HQlC*7WKMJ;s))1rcpfgkLxNvTMA6W$gq-PpgGe7M090uEA zz6P_(^{-GXfksk^>|=r@du|=)_|?WFWzuDmd}rQ3rcb@9k^>J8 zS-L&au~j_f?}eYqOW_#!>eHSwX;vM$?!Giy=+ zmMlhk6QG>8%UH+o1u4u{g!xy@i^6=|+=6wCeDSybee8~V#=I9DlBc%$9%kO=EguyQ z-(izwFdN)adtP=|$f`QQG6{*SH?Nf0^)JTf4~(TjBIo+q*ES$fdgdm;Lfw&0FLOCm z8*&+pOox=vCkF%t)JFmU{FOOtsJ76nJ7%AuPBJAW)%nN zWev8Rs4_ohl^m!Ot9{K<4A19Uqe6jvCTh{RN&5LRYctW3yGpCbSY(%mfI%VY+UOK> zcqV{d6<&lq`i*x0mXZZLWk*;(87!;bVf}<3QXEZE{a@LLRy-s!5s7(?hD^$jA%%+5 zL6}r?5Lkp(#A`XHW|ZH{547dBjAW~#^WTy7R7=jzadqD&UtC2yy`5#V`UG&eVYzUqAqbf3&Q(vr`y6+G9D)oTM<+P@ER z{}7&^!<-ETwX|X#bEC}4EC>h*jOVpnGi(zdZQZ`;%{0P-U0KRA_7NKVDe(5v`f%za z7Jbb}u?Z^CgFUv?`-`Qh3|0qY&NKa8Q!QYpQ1b{XcI+Uat05#{66%Fm)c;Fb6pR>g zyA-C#=~lEhm6HC#n1{-Oa#b?;mD-1~FWIc`b-?O(Xr^9#C_ViK?P;U5tR4*-tvt7Z zQWwM-n~r*>aaD1uKi}VO55I9|Kuq*v4>^nf{41mmmY76Hxy(rTM`0y3zaZ%bN+Cm) zJtnv?rLG=gh+YW@xy7~M(}m&66(=hDD|f<9a{X|m{RS!~;~`qN9FHEBR-Egza~5AH zY+Ol7BpQ2l)T}`meRNSIOPzBy{`CV9?Rz>Onk%0vyZHOr@HvHVtMg?gAJWz1B4<&f zc}PSDo3N(eeUb=l-Qv|l#MxcC@Nq*Bq%w`0R3qZ5t%oFuMj8+F&N~qM zaeM|u0&dYTGen#ouYbNlBLEhHbC%IT9^N4;uka2oJTxaOn!!)!+bJM;=XL+Rt1;SI zU462*J?|O#sD)fl&yH0TrmcR^-qaLxbC}x~_wAO%*k?eSCTxK>dnLFebtk$$v!x#~ z2htKxgbBYt)RK!jZyXU2$Vh{ZJ<%zn*ZjFjnbEMrX))04MBKnZwM~|RWy`QJRH&Iz zRg34xMBRkRHgh0hF@rKa?`8PYZw>v-;x)Si63VyQ%&&J0;44mlMk ziwH(XGI}i>NWSVf!@Nqx8pIv}iHev@tpo5h0cOz_ETR;fL<~f#FsU)+@mCXTs68z- z8}2fBeAa5o36JV6Jncl9;eIT~j$-Sop%R>#8%Q$zV=;=?B-SDC2afGKb-iMVNyZQ1 z6g-WEGqu8964A^?Q?p8j;D(YYQOj{@L?}LZ_LpGV;YIZ@#viD#mZ#L4a#-A!<8W1` z+{a(SjL*Yh)YYwLCXzBK9x5(F?rnXEf6PL*b2rAKVJ+>y;~)^&6pa&&5z}2|W;jyF zWi0C7J_9>q4FvKL4!UG+QXwT;ZJK(XLUa{hHnl&B)06*KdT7PC9$_HEE7R&1beQW6 z0t6%TUn!tO^#zJ@OA(OC$E*oR-b4o*>PLz=1|Y=a-=h^UQEK_?=s@P=nZq$g1_ONL Mq?9GA#f=01577WZmH+?% literal 0 HcmV?d00001 diff --git a/img/strava-import.png b/img/strava-import.png new file mode 100644 index 0000000000000000000000000000000000000000..562dd727f3fd52faafe6121d8cbdc6566f5d527f GIT binary patch literal 97312 zcmZ_02V7Ij);>%}R762QK*~X?2tj%aMS2GTkrq&T?=7JS*bt?P^nmmtgx*6_Kty^c zR4E}q2sHsh`A6@0-+RCJJ2(82OlHs8vuF02wby#qGejHcsZ(ENzDh(yM6Icz@|cK- zJfDb&6 zlx6K&AbQTLG_Bs@@+dMh!Yw|Oq>m|DQS^>A(Tt3y#xInHTQQuYgLP>+&&JMU-Q|{A zN1fe^#PN5uH_@5a24)}ApoY0iSFRTrlMl7p0a?lKk=`SvpfE^PHV$VXeZ!qM&HwUg zgaT=lJrgOZ5$B@^gRdfo~T4*W$?Q@ zcblRWdwCf?bbfh>p{1Z$&$xb_@+z_JO^a;lVN@PrT0hx8)pXF+ zCAv>2Um+qVrX?aJl!ys`M8wQQHm~T9uSTZDH$niY7)MUY<=wQJ$#)!{qDG1 zg%T>Lyfn;wiHI1uf4_+}A9L*zbYjlg_^IDhT^$))Pj{hbcAn4eg@W9@exHX(E=Yz@ zbhr0=#u4Q1=HV+71myhFLWWTOT@B#m_|wGC70CHi*MLLW)5o4eTu4kvm{a~L2M33o zkDY_eV->Z(#R6^>Oy{bN2M$_My|1U6|L@C^e<&sfcqsR$lmAcs zzc2A$GWtHw_Jl$HOXlzP|5^8c+nfEDKK`@*|H}MZ#KgndPhRBjZvId8e@Oivql|%b zkiDCkinBXGaej|TTwFp9@Q+9SucV2uy^pe|J3-J-{@aN9G?TwD7qf65kmZKX&@8%A#d2c%NI#?Eb95 ztw(EvXNyR9mbb(D&!1@!#|l~8#X{UeQDiF;hzvo_nL!VrNa~lmx2}?0;dnvxj~`|X zR~(u`)76QH$!;qC(?`eEoAK+4|9I$kb3TR$pPf3gD5bxm-dMcs{jdF~(qADXp}qQw z>pn+$rxVGjYJq+5f9a8kxZwpweqDU^*YYmg|JEkr3)Ri|L1sbfd;eu%R~pH$Xtan2 zz5nNNU*U)sCngy+%PV;H-?|`fAR=~dpoqKm-v(dJqo^q3S}XQnyI5l2;6P6``|BOM3Btz2k(^`M{NA~bD!^sLOfvu@adylOG%O;=4 z1zPqcmQDNNIFo$yy3&B=ng_Ulyc0oGWLL2tYXZwm&l_SZhJyKjBqOVNXtF_xG zs!~5Mgtph-Bw3cmXy!~VaJEc7D9LD?s28|>wGWvc{#T9T&@D8pRcbE0h(`XHLwX~J zlp6qm3F}r~|A%=}zI>KfR+DaL5NTEB%A=e|L{4r;7(Qs6AqD<5?am(mw8wyGk-ra#z4KsY9MpJ13zD z?HdnIaj!qJyf4-Ydl?Sel!iU!S$Dq|EJ;&?X8^B7=fZpt`#i#z)&>i6lmQj@t4(dG z#wCCu{q9DG*reK<;GMrlGK?#P)}U$J)mE<>XFpG6OTgA@8&M!Sk~$X6-L3^t&0~Fw zgN#)La8wCnpHPxtnhlcW8d#}!{HlJq(LO$)CLmZ}FS%o<&erAQKvCI~@?{|g~! zo9ecwB6v-omRVBe5$64^6Ipq$WQNOF6Rzn^OR8EFUjz{Q&Rnb=*++Zf;4xnNJoGuq z+8R#?V3~h~yWKi&yL^`H4Jjq7VCN*7+etr)v(?}zUTqs#=*q07_+N+LvS^tV9+-&BDj0Yw^s$H;e)|F_ zeW{!nZYDq#ep#1w*UcYF27^eIYMF)XBePxC3Q|CybTcGW(QWGy@~iO<)kE^@DvyNk zhy$?Eg{Q}-TdyQ0dac9H>BS)_R;Az59HD<9+)crwZ7OIE{eLoqAyiVtsMQ1>YhCUV zJCfwjQ_#c#tGHU6>J7E6(#eZwkqBk(_ASH2a8pJqfLXj9sTS%1-8juqI^Rj4-={Ne z3yq*2i;KuEdFe+hI=i@bn_3}SFv>eYm*v-|8{>=CByZ|sGj^nv;$9)ICh)Ap(bIwt z%!YX2JQT84?CkF)=)W2*z9q}^ZyNsSO?!coh4K9ODMrnupDrdXbZ0(CDHJvQ87}70 z>iNT__PKM1`PQaL^Ou&h3p~37y$0XvO8zT|65Bu7%8yzR+vNGWapS{zaBi_xhJ^5o zK{+Uu*K5Z%cVCh>6i2rno)q^#rvg}TodgCZpUKK*aO`KR@;+^u&6K-yYd%&p?K4Wc zRjV>DkZ8KBf@0)r%zE&EmXzS(FPla9CMiTRLGj?pp8KnP?!#71gx=w!a*8k;AbvtO|v-)ajSw#|LCpgEz zqNv2eFBm?Mg%AEb%cpzo!`+k2y2iCnvRY#vRRHI!jh8}d?}K;-3XDvL0`MgbFPN_! zGkUSZt}%qHg)6ym{_m6R*>uC6e2l$b~8XTW~e{JFxt=pogM_A>Gf1-lb*z1?S*1Pqtgv-sWpWG0W z6ApMXcQ8EN8-lB7hyqE7p48gLpjoqWcn`yYMF$>Yomi14ZO6}{XXiMD1o&j>!U_u3@)tq%XeD%e!CaZN!_OFzfNgCkOT|g;)&!z| zZu7^(-n)V=n6?Z@c)7H9Ut)m-`|)hu2=DDPkFjR|t+jpt60w<{-TEbk@Pw;nL%1c) zD>?O79~|$&qA4z}8LH}a(RJ=J+L~>VwHjn0deu^;<%4KYl)Y36LhS~ zujQO^Te&eZeG!yw24C>Sgux#_OPikr!7HN81FM4#>4PKx_z;RrbQ%{Z(4F@Kms(EK z=vQXd!~JCXEyWxr%1ksG0yf8EH16OJHi!ym$ZOCjXm})Qw25UTf_%cfesKh7Mlj}D zOQ}ZOZeUJ4|7SxQEzsg^IMVdojiOV>u(wVGAv=3C7hFuL^E%voQ|?0xO}La&7aCTN zzbRSsQEzz3%MF(Q^@ghuy}*<2(`>F5v+E!E*;QsOtL>t{Shs`jo0Q&8dos&LxL1qS z0p)=lPm02E^SJ$;7S18LgG|4zfCQ%9Dt9$Kl8+MVSW4n{lFQVOHqjUBkLwJl*B;kp zxP_G}Jx>zcas<^Qa5dE9eQk=>L(H(ct)LsX$+Vg~ex}uIhGLiaCQ%BM_1m?8vQrNAdfmS;IT z^0eDNu2tm##wYnr2~oTOH~FncF4rqS_K&mWl3FjC#S2poy{Mq!?w0VSlfsl*CMg3Q z*oratSs$MEVv~+)8zJ^=VmMV@6^f?Aw!K3_BGeR&?2 zq+b`6V1dg-X#m~j36h=VJ*YLP>Zu=$LG4cU95Laqkvc2%~ zz1&~`o@qvdxi9?%zJ_N+i&@+y)rn#3*7PPxhJ<@!XVjZM7SGf&LEt-zB879m3O|%j ziDkeHw@(jKQSkV4+P|Hp)pW%k($UY(JbY%B_AOUww{5{k9xYbh_r#$^F$i*7DYPmcP^^$03yJF5*d-QID#w{vnrGY5VFtE)wVF z`{8akxjg>i`x0qcU1H}KE5K@=<4G6@eXeZ@Pu>5 zEOvXw!pG$D>;PuZ!!chnc9NTt-t(zp5y}-OC-R-506CBW$Ww3UV6^lKa}$T&d+~xM z;_}=xe8j>n7>|xlcyU-#RG&c5U_iZA6%b(E7GeoH*Qt<0pdEcIoCOX@qUBvh+Ih@X zIAlpA=e%Mz6cOf;oiFZ&hiK1uwucsICEwpa7*gmzM2QZZo#d9tQBZ^D3Khoayl?;Q z+z?#4_mufxuQ?QP)4I)rNXiG36|+LQ&U&vVurnee*0*hZ9XOhI6Hhn`i^@!?Kt3&G zF7^tSc~i~Wr?v5@SD8pj4)-}_Pq{76lu4NQNvE#CY2-0SB{p;LayTEYu?uc8y$O}o z?XnKzia4k7*RPLr7xGFv?bfH-4o@Y!AtlmQY9=q&2&xhYt!i$ z4%;?a=1Sol0Q1`ER<&#HZT*DHPh}tdP#(B_vD>;zb$eZ0AJ;f4rm1jooHQSNE;~+C z-LkRx8l+k^rYHMjP!{u`{T!PCgdSo%5bh1hGX5?ZA;r2s&o<~f^;l*+7R}-oTsJ90 z6;9VPJkj;2y$X!F>~>{TFpR%ZW^jfE=OZU1O#%)%KQdLKBn!>fJ_Mbv#3^Wng=yS3 z<^xQWnKsDY#N!fEQXKWpekOFsTzl*@A-ck~v6qv5uF9H}D~!3ULKLxNZ2~P7irOwO zD1CLdkUs;f`-NKGhV^VzSyeq}Hf8>lnIctGZ@0gSNafnKGw7cQ|cLHvy& z5++tzo>TsFOeJOMY@c88GsidZOUzx%7-w9@Fr<$&_-^YyVK__mH`P218fne1nHN=58s`TRkH@)ozANuv&iKB+(!kL@2z!->Np3*rZZoxL8#!2K*7>S zKa-Zor+RhxgP79~BVUGp*rD1s+iQb*IV-^&9m#)R;CQoW)O@B_Nr}CfT!Q1@6~x$j^lw zP!~FW38X3Mnng8xG%h=|Gz-95EumqjW*In3-i;g^Q|nOs@j|DY>sSOv0@(OV0cYOe zVITG0@Y-(vH>&)DbVh9BD2E4faDKbZ+HZv1+f-#P6c>v97FWnFy&7M*PjF+SDXivH zN!v^q|Y<2H7~yF9x}(EKio zYz&f#cDnLe-gOoUxzSmI9d_3v`xYoRn#5w&>{lP*8v5brI8_vBB)$Lr>%IOS`C*K1 zdW^aLHVO`PDz<2d6>|q0jADdlW1&t^Q6wECQCEM%w7fY6ecfy0^P6v32IHq`_g_g% z|B|Q5orjzZ|Si*DAt^1g3v%|UB?=51<~ zA!|%o`Gce=dR(=W;3y~k6-=g=IP#KW@xe}xpXIz&K(fsnSFRur8rknz>-c0JgvNq6 zO}EL>Hb0ALzm72bB@Q8TXc<_H%^s@(TC-vsmE;i{Ck#JJlpO=$J*8L)s( zY%L*By0FU$GJN(yX0q3>*Zzd)*La)iMXFZB4bzxb1<*Hj8su(k8tp|0*qBh-P!AC- zE1Q@?Fn7B}Rmh4>)+Xsa>~-Ie9@9RJO+YigR>+0&>~Tb=NmB}Eizm*;^sKT{v}lf_(C zMUVvQi=oTQlpdce6%;rO0MRsj1B>NKLRJ^CvZp`bxCQQk49Ob*=a*w_IW)l9wX0EC zfeU@>Bvb6n%{zv9Y8fD3`utG5uPx&TIrfLY(!SdkrKDl6OywdL;1HVNraVW|}EWUpUj!hL$wCHYw{qwv8`f=QSH-+Z$&z;|hc4Lbv2M zTvsn3qweEVMh8}UnNrfF^7>i?FLFxGs5hD78ZA9K_=}_I**s6ie6t{Sp zgI3Dgz&uImSHsUbz(ApPJ97X(`uYtMhUEJui3AgkXgA`$gZ_zZTfJKA4k>NLE#L#Z zY<1o9q>BlGqqSYs(Pla^DO=r89p$F@)ZyEoz6!&1xAjJnV!)X)m_7DzImGojNR#x# z*+sJbGb_WDT9c2s@FHrsJ{I@o;OJ^D!lPx(?cfuJ`_!z#V;+nT%*W^Q#xMw-OYY9YyB&a>t%kJ_YK$FSTNwNS36(@jtUbZSRpa|*@_ zhgiEt)$X7MZCRfh%92W%YDrQ!; z;e3cMMnj8+nrNPYJ3^SMvCqeH>SPs7#BS!)kg3Hbmio{$e&-mHHqz2B0neC#Q znZ4L#1B|=QmeWZsNe97WHc=Fy-neiRXvn^E%h~sYp&54jJ__eCHbH{Zn59`WGTbJk zaDJF1cf53Oznk$uCA{%E`$a99A037gOT{lm(WsNK6lIR~VBe1_cJ_Q=Su1Z?NcgP$ z29bkViKC%IR~f^>bsBW4RWV}wi==2x|NTDR8OK@WUVi3ECMhoi!bpIRhNO`?8IP6p z$y)I{x9P4k(TWEZ6M$K63yu+2Xy3~Hv=>mn&C!AybONkX5x7nWNBD!+lBdwmNh#$W z_6Or0_{qHNs=b_b^;C%*Ic*47`2g3sn$Z&={3H}JYHLO5RIvK`Mc9Q4%!&HW7JfpR z2FQ6&?fQp&pV6Fg0MCc_pMSp8P=LsAMk&g^jcp-d@DZbInG z6nLaBQjptr*;`LogiSW>lxmS9=-Dh=iXXD`VV^b}vpmAv!)Rt~Q2l_o26(+|N%V7xiNp0S|k(1x0*Ty&#VV zN{Vo&^D6DuDDPs`lnF8I@QbEN=-qLQHP~`P^OK6H(+v688Ni5F-LKNEXd_VPe6T$G zFLQ^%v+rRvcf~fA8;9a_GW{NG${%7B6y=X?O6Lhq?H7#TseG-&2PVe8?Y9)Arsd|` z=lI25#ib|FmxRbOV)U<@bVq`}^h|^u1^p{qj=~G4;!$R-P|@y%?MR2pN7Pp-uduU;@99}Dv?&6(H3&k zZADB5yWG~mEOBHIA@b+;+I>h1zIbMRQsn>2e6h^5iDF9GmOTc+V@>yyk&T6;9WQM? z;am6kWS^e1Q+}TEe6K+1o!f19gq0tVEU)2hBP14O{|?;O#y}nBJi@LVieK;mh}Y5m z44+k2hfrCCpMMA#{nZ_lM>0CAY#y`zaFR`3Z{$TqVb<~T8+JD@ZOF~g{XRzt)fYy+ zp)jS%7(kn_h^Doy?nD&Y_*?L|>+)?))$*imIS9tU5ALhTFoLbnm4m&A0ADR4OCW>gW0Ax+AL?=Gwm~n-c ztlZz5y|%uw=eM3#q+W`87(QWQI;~yF_~3XJ6j`3~4AX}9NRUCvX*7gV|9XGdY&Weq zy#MQK>e$na3PMI?BN~9NJDzd$9hx-h?N=P@bE@1aNcm~vQMeJU656h7dsZUB7T!uDP8Tg6 zLO^t8yag|gZR4%1 zPDCZ$J8hV(LDB~-sZ+0pove{GA)$CQ6(^honH9)0gW=n82N3+O+?^=scb~|S=5yQv zr0D!c0Ro1Q3ppOcawS0dM$2UMfa0e=q;PG!cYY^>I2y>V%G-<94Xl$Y?6!Y9X$^s` zV?H=^w3yL?mml`EpFf%jSqMuEH({ZI%YA!aY)c{kAdmaZLMe{kx&_8d`S>VyvX&to z*AmZt*dxkWX4(yayXuZ~-alucCVAse)K3FCYSH+$Fp};nHz2pZlRQgz@0x064EJ6>~FCgBVZPa!dmUb|_ zAPfBDZ+E)ZzXG}G>|qM0W}8athL4_;BEpUs3C$iK$WJqTy*Wet4q zC~UqZ)u~B6oaNo)ywlAY7bmlMg(Wjuhi^5CkZ_p5ULEboS$Oj0=`#}k_UVqALg5ki zNU%jqKzUXntOd(C8q&+0b3srj)yo^U`Zwr(e6^0A_kj*{SWWwg#CN?nOWftkYF#Eo zM64+93+nLe;K8F>ae{*B4jOU6uwO-ic~d@BV^RyYs*e@I7gmqhmn#%9NF7iF+=D9LP7%mYM%>zB?8jorx2H?>~x@Rwy83 z6uo(EZBxcDG=%4k4duN68Kn))R094h=%W+9*PUV*BPhaqkcH84%p947zV~Lo6trM- zj6yUIj}|P>2z2K%^Q|ULC*7NG3H)Grv?ec|3x6%HSjMYPOAmx%+S_5&YObvFfrNl> zkPfC~6}TsZ3R;TL<%GTQ9eo&(qZ!DeI!{>__~R90!23hXDYWNYkTrzc>STY-ogRHt z=})eY4@hz$e?B(7xI~5K3SUP!KUmHyJt3Mjz6!nu49zBsl^$6A*!GCT|0XR3~lgYHXuJB)UQb9d|^(dn1F$Yr|vg z+UWJwjUux2x{r!^Q7dKX1S`y?W~jX}bCDPbo54OdKa6Rn_>!3m1O+0>z2N9f3EFvA z#7=IC{Nws7shHV>{Wt-Cy|1q!y=#xhbMh|upkmI|x>U;#ih;@VYmF~Cg8$I2R`Hqt4$3`;B;^m5H|72L!s3;Jahi0Y~@ zrhTBUZOZeLDg`EG3;~s#=z)Bc!eMXWr`+kLDU)(@6WrK$Tk6S;)7rb<-`$|402W?Ip)F%Pgs_^o;CJ`Z&seOR8GFAy+}RB zB0S5>F6Lcf{#wr?RA5a)34hFacPkBsSu^9Ng+5Z+e!e+UdngMThPgJ@h6h^u2JzhY z-*qf#$nP=$64MVY|bnZpUZw?+~ zpAr^vYzfLr4E_pB@O*rc!1Qtd+@e6MYmwwpev+Q>;=^A?vN9zSVti#7ckoZ?a9NpS z>uh;A+UB)80!rKPh*i!&f8S+rnWKlZDwD>RY;$#!lz< zR)L*PuOYc!81ZH$#YR^|@^8vF;#4V<Gx9FdaNOv=_ZujAsG6 z8k<9CrFJ*+kCgK$Pqj)CYHx{(9`@AG%Hc&4?puUCK-iZ~#4l+gwKtB6jKrTI-=ug- z%R>E#56HQvQ8GjKn+5lKuMP#HbgqX>n2066b<~RYW4`~{-*tR?05pnmgBDs11Il)w z9D}X7b6aup1W(3g;{Fxp=Az`aUN8!7BxZBR!jD4~z8bta&cyTmOqJ{DO^c!Pv)VDe z`V@z@-7f8VXK;;1bi$a(9)3jnKpkeE}X>q)i#&!j)L?Ds=JmMBh z{3Lsjp8kTd!lBFf^uDq|_){5TXUD8pRlc7l@Y4cRnZeB;^uqd#d7nOJl5*#1nVQn| zWELB-X~YIiCfz($Hpd*PS6_IIv8N5{;;gK#t=el^@x4~nN6Bl!(IDRjO~W{WK#Qul zBvwG5-r%?Tq>bQbvw|R^$;A|8$`FE-%KY zmNp?@ZtRvw29A6bIAz_QFtv`$d_Q?ol|?+)e;k@gc+`Vw`3z^=CC>-zczkF(N|3F+ zTL)d4em}p-JApZXW;v$e&a-T+7!{*z)_|u6-@vhvMwmGGw-_hCovXAR8 z6%SV6l&oj4hJf?|?k^s`nv0juyH1+q@<4E~h;5Hf2BkjE7Cq}P;nhm;^Bnvd#O{>4 z%c?@=CQD7mf`7noY21#Vw8^{iT;ln+u|oC1p0~*qL}JBXf`RxW78@fm6^CXvKlJR( zMRB_DvTpF@d5Of^lFpxT^6BoL;x5}BkREa8eTAvV-S}auj+U`zso*q!Z36CynO|La z6o@G@DZ9Eay>*s5E4`(0yTjiTRzou=GSld}(AosgRU-YFerZ8zG72(h4w>wg(QPnc zcdaxgZ8GxUfy*k@bpf&FyVBqxK#l=t@{M_U0aBS$^!r^c4szEG^KXyoiSxldd=T9cu zO+4Z!W&S|LZ!{qIyhn4R{+dcu_RNE2&-VB;d8FooGAw=P<{t2RP1DZ%x^pCkR-!>C zxg&u<FOWoBo8BoGb>X7q2qP0+&6pQ|eR@aE^`pCibrwOV}Z2hxwK#!HMOM~(7}S@M;P-N&q$GvvI| zHdT=xlBVpgu*B||l<9#fVn6Ici;|tG+6QL$_P1MP=LtD*6)|>)gY|*L!m77oHf&D2 z)|A^L5y1=(j(=pnOttr64?nhsE?aMRL=qwg5z+VFMd!q9MZ`p#?M<^>GFw1u_-4Lz~ zd{0M2RPK|~l*I;T-`oKpi}<|(-t;GmF@-Pojpi^buR{r8>8+Ni`XRcUaLHH%H$Xq_j2yR71bfX^;azF8%&kpduA-bDA>NPL;4?!KHXc07RZo3g+C@uGPgGBw-ezg z=l@pGx^JE_`AG6ndq%BWaOU06!-NDS5>a3d6ms^7L9ja9M+GNPfBPukmItTQZjlxA ziwau^>-}QJK2z&YfMnALL6I)Qc8MxOw=4I4s z(^hhFZ@SNNnxmR(K!Yz*FQFHFlJA?FLjc<4qDC&$iEm^rI3|z}kfQCy2-KK>MC|U! zi`tfrlu%vV=Mq^z4i>nWhy^$Hju*^va~zc$wd3qvQoWxGI`M)|}ICkc{;Coev1auKZa1bUR!yPVOusqbp-8&dR4k{SY6SH%s>A%8I&u;|AS9=fY2;H~Vo?=XJE-VlD9n@* zcr;$KPUcA?`{D}(y4XvIBnxWuA_)ZG_pJEbIqzP<-x>%0=^|_%19cj*3qD!fOR({K za|7Ae&1k*hZDPHjB#iRV_s+h%H`|sA{p08e;Z6=1r}gew>Hd%wl-aFYPngUITWsE{ zfS{AJP9@70(`%?OHd$%6+y9k){Oi31GJ^` z((&qv0P`<2A(Z}1R!vpDIQ19*OlzVW;`J>uU-iAO40A!r~4oJzD zdMTDbMVsfM-r0xL*lw3puWd1V!;Nr%o!?U_VVJ$?2wx-9l&OHxR&!#p`;r<7XO+ zLz5#5qhxtwxAZKh&QA;Rl4*?-bE&?mnvD6FW%EPNQ#>a8EyC-FN!-P6?l4zpDG2Zm zv}rF+Ztxp*UV^S?!7onB(D-gbo{XMJ#ci%}Z=c}v^18VZk|vzQa)I2y8L5zC(SXFZ z*g;5hi(YQ8-h5Z#3PzU0u@Afzx#5G8D56CjSwNJ4zXn&k(R`0eN7L^kIb| z`YWliMWafoM>Sggwa#NJGNRvvJ}bEviFs`AWpt#Oy@enT%t=3k#nZwRq6G&{+^fc} z;Vt8+cq>aIo}jY*n<3kU1t<13x*PsEpa_%kY$@Y>*lAV3+3ui>8fP33nB1 z3HPuaf|{zV+t-My+HuSMp_CK2^V^j9%H;gS+Y81IrC$wg@C2XtYBqUaI$WVQq`CWS=AGnfUtr2H%`62`p+Jv2DSv?p+&Lk|? zsb^3a`sJ_)f}8wPgt7+mA|KzDEuvPy5khums!=$0mdy8LV_w8_A*H@yUti(ejdbS} z?AYwIqyYhLao3Bxj90>=YaMIHWM|Xr32c-!Iy!_M_{hE<{!6Api?gz=$ZuzE#3LOf z6n?S>T&tT}sO0w-+b!nhfWhkY3+?+?^25%- zpcsgrzz=-8V-yw7X0#13qD)o4_7LTp0e8_L9Z&C4F|zhY`K0yDT-KD2m6}{b*pA8b zcZJ^_8wpAlF#U8*NNQ1Ue5E`PlL2g3cOlo6EaW|`+XyVW7biC-KX@1p=InAM>L&m% zG3%y7elyIx>T~$`=%iTH`8T9AZqFq(7nKjsf0hy0aI@c6-2w{VetAjxXP-egr@_sm z@1vz%i(x{aDJ$Y_hA#G^zNWFkBY4!OGg5PEQ{}!b!*q8s2TTsa(!Thf>wL@i${&pv z!XA7#WfU*}s6Z9aq8sVnl5Tyg&suAshV{ZLQi0mHXF)UWmei7lZ`YE+9{si?%rxky zB9)~r$>KxqAnY1#y6`C13xUQ~IfsDJq6k~PWJUDrJ^x8q@^H{)R1BG{rMuc&Q6=W2 zCtTCbQPUAOS1dkcJonXP4{@7292M@QvS~Zrbgc#-rGFQ4&RHg~Tr2s3VvZFzw2ZyV zJhr}AHjR>*n4Sk(FeL+IM!$#Ch}o0_i^PwuU<;tC8g2B!L)-ep)#!OmwBcy8zW^k< zmV#zp)jH{5$kQ<@U1oY{Kyq;znzirU;K7*2KAAlWRkIG0wiasHzR$8WsThTo@qGt! z2wr|g9>L>iUWloaOaM8cObARsCqVRvtfCZ2+)iluoKJt2M8{`hm}^C}!oxy60xM?h zLfC(nuQY2+uM}c6^g$BjCjhvPIqc-KAbh7SNeMq}JJkZsbad9L^=Gzi3_%|s_*!GEW zJ^wf~*x@7k&e8)qi1m2ru)sYr`*&f;(8H150h18dfn<8#nW?8nwF6LK?{x{Y-KIQK z;=&)|Y%QU3e|AdoHIek?rK-;CEQTeV$^K-VR(PUuL5-X>rkzDdRH|EHp6Jq`G+vmy zegScxgtlk~Mc^1!hSWx>Z6FefwsfXx3oQJEJd3(SV6CR>F9JZ^K#TTA-`4d_SloJm zbRNaW_pPx?VeV6n7t>jJ_Wt1UT2Ost+d2kTF%1A-Ti4t@+p?sqm%9!>&HoM#Pcfjt zPHU404!(bI*DXBxCC`T{-bb8tbaGb!XF6Rqi^&~-_3{=cAd>1*P)v>+G?9|-FJ|D9 zr)!6A*uyF%afilnN7`RN3!8_PLIO(8=MS@rjmym^4j&=Du74gMnZ?Z%8RnLbmKaeY zly!}a8l%29zre;%oXj4Wh3B}}e30(@b^mnb`NnYXc3csGGuYimarz46spmZM>*<(L zQ_M-VwQzi{=zNokc)hM;*fu&SeE=H4MW-%8+ch;zToHm6#{visT_Ks& z(zc8AUXW*c;WnmSQZt|Cs9;x+|%Ggapro(}-VS^W!>?S&oyb zx?}?Db;Lb&>G@LpCtA4^5-Ks^lW+OYHJ)@`TTczp(|^M40?N_5*T*8m?UFu4H;|VZ z-hR1oqw}ERkL^hs#1!yUcQQi zu2V5w1)OW`!<@L+yLAn|iqG674UXbbtM5%q3SVg|#GU&6UI86@NR5Rfwg^W$xrLBt zz6tGT80(yFv&1Pxp5$b+cy-gk=QhNsM6F;T6?K!zBiIKoeXZl^b*1p}R*9aXS_W1P z{cuYc%&bbvM&WGWIdO4BGwBVd=a4$5AtzqG^8U@Zjp|7wnPju-69V@tgSD^AXk>N8bKyH%6J?G5;peI#5HdF6| zM@wc1h{e{!)!HAzD~>#EVerlA+pJ(WyWHE@bA@^TEo5Gpo*<}ooUHQ)!uav;6v|f3 z{dxb#3g(K77Cj#zCeZM(_taO_hv*?Br?ajwEh(O8Q1@s4k=jEvmSA!GBbR(wI$n$?$}*Z_2x$m5?>{SqOGS)N;!Bu6|!OT&Z*#+W8%D zDSc9p3*&J)u{+3ocN*%xyY!65N(aoVezt=n#FH*ClHoE=XmF3;#vWffL-&xTI{e+x zR%vwCPE-v)0hg1!hznY$ovOMn)U^5>Qf<9L|A)05F~{Kbd?<}ZBLmdh8f;Iw~@7VPbnuH9`sB{%%)ikj>FR~-rN&zbuNiU_HSXt(SI?xW9|fFKH}_}k4X zQNlJg+Ts@dN3|-QE-><1MsUzf?y;Fed!(a(TsE6*cV_ApzYQkY33(a>> z5vw_MM$Y{_n`3gH%J|s-Bdm z+q>+}@?H5uW0&U3;bjH1w-zyluWDvA_qZ}jp*9M-#C~tNh{(Ol70X#L;}g`zly;o3 z;4GBfv>8z-$W;l+`YGNhZXx2V9hou*#WJiaxSZ(@`4+uwKey~+Z{L#B4THh+WI-9V zdO0JVv`&*E&RO4e5Zbe{;_ADHLJoHIKN3noG?6?sb;zxzbxA7tMeP(PbS#o};Kf^q zMcPkUWm>!AgH(>agI9o(9c0Jn)Hj$~+|0uC44NObpKi;NTv@H|xWHo^DdD4`$0tbZ z)lqFo>e=TMO&Ca06OUy~jVNYgV2x7jPc{YVEm#S3hX2+Ek1JlI4<$jo^|XZKEZ+wb zO-_Flx?=s19zEYG{-YkDS&4ABupKb7aNKHfICq1x! z82cb|NvSf4BIx{i44dHp{4W4%o?Fn<*Du>IW!kutwq$~yBr0+1Vm55>Wbiy|@Z9>H zI8U*#cUUZT%vC;UaE(V_wcwaSu5jaGBg}A=QG?;*1%bXb>KV`dNAcdN=9t1AbJHGOv3u~w zZvj1|aq)GEAzX`;?(V?WjP>@?+gC(-3jjQ5P}4EcXxMpmvC?=xE}Nz9Ai7 zuFv9d78rMSLt4R?ror?&F^VE|lqNZ#d32iCQb9}4XmzfglG8nTN&frZ1=0KCLQ?GY z>LvLsNuO&2FM$e`%c3ZJQ;HT}bD9KUXo8kGw`{|5g*HtVrHzWk^n3>7tTih|o>EdeEysaE8_=31uD4&-QZ zQyx3kijLHSSqX^0e*@%X2CtHf-#H#kM*}_g`)&b;TRA}=moN`1#5H`V+xWH!2+kl0koEXo$}>k4QdMB zcCf>TbBms%@d-jqHs zbRHlZ*Xk}NxgNyvo|4H%EEq}%_9}=a;xC(iol}<3B*o!UHw16#hGU%bod4p>2a=6j z=OGSQ*gO3aL*8nleZOO^BJ^VyI?t+Q@7vH~H)21R^Bb8mtzW>qC7;}DFBex_v&UWL zG*nW={q~N=Et`VZs5PT_TAWO-=DRf4W@tUA+6Z~Ul*${7n5@tG9DaUo=70Mo7>;1r z8t5?Xm2%$(ES7P+_Az1J;@2rnSdX{Zh~AK*pZH$1)mGAqke{+r)_b~B1{5~61TH5& zA4H`pR^P`BDckMaX@cCGcGgnJTRm)r z+A_~7+MMMp1Ye(Yy;Las`Wgi#eMYN0q(e$+W*prcngvIA&s1)8x+R0ct7dAk`n{wQm@#5@4o-)O~D{jn(zMv0P$s|S-*@NAI}Uh zijGYa`YjSKdvNWkc*MDpz!Se+y5`>@s zsjvS%ApX@e|Nj{f)D3Qs+robRj4xwbi2pQrU%>if{GMmy%SDD6c>j;1Yabcz5r{ce z*38#0S<&q@UBtTo(^!Uq3#MQ1O&@`W_5FYMZ2Kl%W^VH@M;D)KNB+452qK6kM@b~0 zZ{)mx$ISW5{tN~H0m5)FNm^LlZ_0muVKE;P(A!u4_^xXBnSl z#eiWgJqLaIe|QJM#i;eal%9WQF~~}QCe{o~ZvJC8g#(zXe|N&aJK+WFzefV#B>cM* z{@n@xGPeI;7zu(++4b#!caY7|bq-i~!Cx4KnoaV*=FvD{|4%=ex(xO*lCi9U{?7j& z)}vTv-}hIMPSC(~|8O{f0T^ixtGOR#Uh!t>Ij;LZefB0=LG*o1&+U1ufAAp41^{<@ zcOJQa=daMf|NP&7-3+*eAh(JRS3S}H+1P(M0?)ewF6fV{rvLTu|NJOe{=7ubsDvN? z(+0}!d2gi8cry$t5txAo+-Lx7ap{R+ z-=gPjIvO(lweMi1THkd);aIZx@cQj7K>B1`rLo(kTjt_Fi5f)HjeLHoL8;FXUxC zqs#b%+naho0wthaFtgYAkY)4L?5Mrv2%wTQJ!Mz^OOm0X)j4ssdN5NmG(bAGe6W-Z zezgT^-v-s^-*L-z90A)LM)wLXcYs}Kq^LVntaN@Dj4OWSm14J@3qS(I4|9`?jKK-? zTG7SHiY4kw0NAA=79wHhZ}Ul0o-^!NLU_Fbl}P?o&Xh@bF&ASb-GFdAm+v`{VrkSr zngpo!>5~M!+btGrX=FNpXjC;ocrXOeTOS+v3@e)5#epNY(OSNZ16CMc5m+EmI4UfK z1Bh!SXg}L_sLkE=SZF<#M$s$2|Y6KZX*@^cYxDoB(YvvGZ66v)wG?jIFlIhJTXo)Iy;^o>6kirWdhLLKgTm@q=Q8LrU^?YQxw2p_lUO+ zzkNaNT0C4AqxD!Qthu2EJ)W&T+Uz!;4`X^|F}A8DTO?0b=LR_CgJ_-=qB8gn(7G*Y zPpe3)mFC-G$vhCn>70)DP*Fi0Zrf)d9Sew{k0x_TpP!#&Dd}-PkL*rmjCG?WreO`A}S7$r$A>y2J< zKyB3;3#t8Faaa+9gv**h**hmuq^J+4?FwPnS;~fl^WReIINCRXQn@k)kGSlyz(2Gx zr_S!ts{OqQD-^XqT=T>FXKdN2+6sNRLy;HYkQ32V)lelhG<(e}X%O^x`P||#h zGCt?VNs4?m9Q1;QXLt~K%<8`k=2m)p7CK^Mawx4Acu_fyd<>+j?%Alu{9(CV}w0!EVhsT z<|(+tfjGRkgn!EY69fRq0>*2w9C+L6L&?McHc)aIem9)7wYxv%t++(Pze4j+l(Djp zo-Whi6leGzC+Z75UK%R=HZhbf8WIEc^73j&adF8+aU0dKSuj2F$Jah**WG=#oSdsJ zel>5djO28Ir1k6uhhc!|b(EO`oWn^Qvm889RVLg>eL5)o5aagNX+BGQH(@%dsn)uw zwu}M-`Q9P{to-}Y7wVN1|E+03Xh9$CXG=ee$I=7q@Xyy+fMUz%<{5)sc_Og-lfH~ZL zAYbHwbWJ?^yY1?B6?%JUJ=llu>?FHWCF^@J&ZBavOeo2Ctifn$Zpy1XUoeUkS^c3V zz4kA5$MeJjR{SWqRku6KwGr!<<9bk*FpsOz{Rpcul>P>qQXw_b1%KZ4`eY~wQ#Ki9 zr#Wa=yrA{0KZVAlYJlX!z*~EVVPd3|nD^-XpU8~(3c3q-)A5OO8I^!_ zEBLZ;;~X$^I>GP`>yl&a+KHbR!@CQso?*L@#K7vjV4J7(-y8rW3TD@H_xAV_g@SO8 z>n@z8f|C`yP8ewsCeb;e)pIG?*~L0D@sQ2%xD>1AZI^6P4_?>XE zI|3N?w(l&c&r4!vBK+5dZ=>s_XwRR>++p3gb^svpaYPu9*pny}7e6cjSZV-grscHc z$XTRf%`|!M1dWCsS&AvE&yFNPzRXvX#t#)Mbqo#1(QN}n<9ON@#VBAUl!TbgUpkAMX`rD|DE6jvI5@Vw>X^(As9owIpeQJngqBh6*?y z9}hoF&OIjRct^$2DNEcS;pYBXbst$pCHk5ZfGX-fw{1rAYv&iez@0_82Lv*AejzK6 zGPj{ZL|&%pY7DTMt3MX%tUVHgO~T_W@TAqELI(WW#{mY3fy?&w7Z}Ll8p2J`iLXA^tdPSBS7Kjow9WCjJRA6Sa+Wgc-r8OO zws^Dx&~db{NgV(drtAmAR}EGf*=_w4znrM`cnSU&>MmpSBl5|#X9rtK%|3Khpk`B*l_X)W&lIb$byPUT?Tn?Qti7M9 z1_N3pfx&^A-TABR8S_!=h#B*v`su=N!e(lMl7>P!=*gEzK+Z~2WT*hWR}(N>i1 z@`N8Af!JHpF(LN-p-CJA-;0kee`mJWS}c4XKlv>LUAB)K+R2&IvU{gs)vztFkHJb=y$F_qPOMpb_&6rs_ zakhr|ri>2ZHiwSm{Q|XeKxXqx+vy1;xw!=_A+i#MFm--tymE{!r7g84wwj>k{qa%A zrk?*z*KWaEClh<3%nJpT!@Y=_z}LLg1!-RS0M@~o27d|=uc8ud1JJu_DrhuA<_S+i zibt0yLx%UGf2fC(BItWP+x{1;#;gRsray|KGX_es$*t$ZCFkQyCxa*#>BUq83b?y$ zN6}VVB5M=%%9H8C6-l*-x6T=*9`|P!NgS4L-Ce(xQ+&ElF=Z*t-?N_Vq}*K}B$Xjs zj7?0mfWhWJKAFE?I)-#UtnRZ5I3;^gfi`*7CbbXIq26SAaf;ql+r!&Q69eWSsG1zo zdIBRVyQrOWxC?V%`67HNJDG$B3Qr^wn!I_I8Xc zf89yJ5Z+Wr9-yV`^q3Rq+9DA6;snUe4QHm33#f1clMEj65(aL#)hfagm~^zmKW*6T zFI-40cy~O2)Jfw)RDeClnOhCVUxtwscJYuy3H=SRk@`zDAh%%x3Oc_K)>bLw^X!lC z?pu}N+BUq%t8Lgzf3lercD~jN9BR9QjD3~0Inb4RJQ+QmtLHa@g9{rz6PfCoe*09x-XQBGX4*m7iv{S$0$M_<70x_Oji zfAWYj6%&zME?NOg3*OkWYd?AHg^@E(A@SJz^Al!2t0!Qg#5}e67nt1{0$~2)Oq`}K z%N}mHY&Q&VfPi*RJq`5N#VP?0-{eK#4%?@htM?B}(s+^33+L>v6#H>54L3;pHvl-n zFfn#Br|Aj>rcV;iO zWNX=kijCS}N4&yGk12?VBGLT2Y32%23WR#^z{iJ+pi5Hz+j(7g3rY?7CmAPe3o^qeJ&*y-e)$J4Z*RTv zYT4a;_-bn2(FEhJ?J9ph#p!c%^RANGJ_dG+c6tF*rDMgFgtxoef9&n)D!IICG-oad z3C^ac+TG$@tM)s!7$U40Zv6{#aUQbrgt$?Y%?^Hb<2`g;Urv44PBhR6-Z`VUm|W%O zT=6JLbpZ|eBZ&=^JMWaL*@46h1`}Bf42<(2njM$*ypM1Md~T&D0Idu@*(%py0C_v` z#M?%e5i>%vxCuY}5n*!G$F21iRcxR>r@|k)2#GQ0a8lcKHRUF8S}?*lZirsRhtBgs z6AiLu5cbi<_=M~i@>YO!1lb|{3~x%Nj>{jK-Vb%zrb3K+(=7W=ds3bquE%wA3bT^R zLNCj(JyTD)?@xQAXfrSU&M3B3AEt6S4;+Myo3aO#Okd|1JY2rM61S9zqET3lNK>Mp z;Bjv6%r}v!s|EnWL%qLZHj4M%`vHI^J|~~k50V^CNE3^b-SWlrYSrM&#jH1#-?825 zv`d8|#?z8Xm1Tyf5X@|x=Jqs9SJ9M#cY8)hY565z!t^#}JoZ;h8o-BEs=tbAmUgE( zRO0eyK*nd3A_$$W*GPJir``1B7v43nUD^URi|kZ6R$uAf5U&L1U#os-So11Kbu(M4 zeK{nfaeG(b85j<=XPp`1Gfon@a>F`|Rgg_s-62m|8>joVsPDD|6rC_$jm7&b5)mx4 zKKbSK0?Bt#t+;g26I&x$*MlPC;6=r#ggGWH<1|lgF+XHCF2}j@734N=;Qba}MX=pa z$S^g{kX->tNSfHBSMxkh&CJ^rlSPDc=}UxP8BFuYlc`uiF(htuW;X!JbSpcgd6747 zzg}rEJdlvxse!Lgo=b|;)T1`RwOQ2t&D#9#tENkk$uUFH92IM+`bl2X->6v)56V<{b`_dahmQr%f$h&pa<5{>1Zcn$l&yxjZ&`8W&vbdFKSm6ne-lq4|}OAwH{i@B52SGWt6wxcT+1dMx3epbP z>CBSTM;P{o?SjE$9cnH-Zv7G+Z*)Q(wqJaCjzCIDNPRGh=evx$$= zH(4s@-z4Inoqvd1CHr5_zlM;Y`}oSr6^ZM{uRj`k$M7ZheVTY{(9jxD1qs7u6K1um zlRv%@xibzx#@S-3r71(Kn9+m&-i$e;8aCVa@mR@bEwk4zB$b&|cH=}YHmav%s8lp< z^X>tZL%WI^VZ`gP3M~NM6#MF6I!l;};Ce8pU7n53;~!kx!`cgOiV)i~ePTdI?ui^y=p@mO&x4Y`X_?KWk2Ca5wEy)8@Acd8&x z%)Q|sUmv8GsxFMZdji}fbhYxT-AQc(YVC!8u$QM7ejK8So8Xec*tfjZZMw7ONdk zBX0^`(4{$9*Cs@jKpyIDriN@m4J7g9`-2t)suml$L)>Z)<9_&SLae&UU@U3gOegU2 z7}S6I1kJxG6FX_(BNiOFX0t<*a!r&6zv1}N3gPsNpXLMeRhuG{`V{aUH@627^MwOo zY@uKh&&zKu7GAQtdhgNrO^sXFQ4||&bBrEx37q->k~@2tpZ99D@jC&x+-rk z>tY`6Ad^TKfkW6I-jus8X}A+}yF~b{_udsWoQVv#OC`@0>V~TfjJ>+=YnN}SzqGcj z*!lfU*X_VN_bHz*Y-!EmnsOqEEzt6espB40AkN)QZf`T_aIFU?_M(%xv9(-U{GC4Cy3V?7TG`QB#|oA(zOs5AA8GztY@G!{>^sX-I3;czZR*S!hoc!yi*KP->r zmAfo-bK%kpy%2))t;4>Kg7$T<6k1PiQ1s^y$WkXB%z4jjKH41p=2Drg5b_IzGvq7h z;h=Bme<07_2Dbf?vuo^@DgN-Q-Tom;>srJ{>ujJewl(?Et+R)f7N`BLAEk|~JD7lbfB_s|3K)@~x+}@9$kEx-m;~6ZQHQ63F zcEeQ1Db}?L==YTYlW|=3y9?@kJ=N}aP~v8#{$>vuLlVZI%5y%K)6BV@4-XzL+i~je zUC+0)2~>}NWB?ZQHeH)}_r|LzDI zhs&fbl`DN$%cK;@TQS}g?303wM~~vF6Z*N7@IMbSm48hbaY}4-94TWBVGxd3_?QYxcEC_ovAcWArn#wq{tybO$)PBZqPt zZbuebUAWY$9fnGl%8!2y+!u&J1Ek)Xw|G`GcDv&grh>(#b zhC?t2{gf~oRcXSq-X^oy=PPG)x@`qHi^kKd(O+!pIj?7S)yMnF=^rOZ)OP#pRF}T~ z)!vBi3oC3poS@Qahc2|isCljYR=`WsV(lzRwces>z^S{cr)cy+FN)n<`CFTt5{!{3 z&>%QU7hQrHqeErebsuMnnx;0-bC1CcfetR3VJGqo^f%PY2A45b7~GBrSVqh39=;It z*vac2NR@uydGwA@Qd=a~Sw!7{d@s$|DRXAb8-0Xsm@uq(mkKsygS+_1K7Q~;g)h z#IaKuPNa|Bvr{jL*$B5FayM2iLH9Y1U0@{R8F4>-IU>jDLNVC1W&Y%uTg5#&7;`zb!xfRiWoL*#RUnN^ zqmW-YI#pxreAe}vG`Q)4zbfrggxQ_Cislc6pudC5O<*nr2s*YfA^?4X1!Vc4i1U=j zKCdmQpEE^%ZRlUO2BgeN@7vK2a;x%w^8IYQ@SfHOy{<@sQnUzJhvTbgfQ)Wwe+4_% z%hyo+%J@@qm;EFzgXYk3ZAr4dSWe$=P|RnylU2{fsE#hvjW5_D>AX!j9|IF!-FFpd zn<=?6ULI|}xgrJZ1$=rxersmuocR(*nHCZZPRs=iEI*${otsuG6RuedmF$e0?d8r0 zA7GMSI-@pSzK!8NWgscMKObSzABr|QVA5)?m0;1T&?bhV$Yui7iW_W02Q&zzUTj>I z^JF!+OzKXV_!C$t3;aywmYwUMO1jF*AiO>v(Y~jpQH)5r>PCc^^W$kt6KSyNciDL@R(MML$ueDd9X}c%VIOBNQzB|->$85 z)dg`_`)CrMLZ^QsRabkL-|OJob1vg&VnB7#nK zo&*4;leyy9BOO4qeof|l38^!m8zvo5+eH=3`Emz6#&*8~D|si@Wk0XNg5=mf)#kIK z5tebJHZ)aUD}-g4wCnI0`9Ns{jjxkq)0c4pg3Ki z14dr9{%k@n9idZ-Rui9h?$n#t7i05_}y0+~urdS7Ov) zQ=1=agO3kRjRoRuoDUB=lsYEA14WfAPG)3Uy$K&8e#)wnd9hlDr^4+sgr!In8q+VA z00xy|J(-TuXyH7rek`j4?3GiZRCDEyPA6N+JQddnO_|-!PC+l3b@)Nlt@`rnHBT2@ z;dotm7fMcaDvLpUyscm$)H*o6q5~8uovY%4QKBI)&rSF1cN;9Aah7Rg4XOFR1O#F+eDg=JFBX(8z+RA)vRGf zYh_Ya5165STTQ_no=yE!GO6=>fF~z~vq6%dlNuQ3@Ck0%kPgVC^7NH&ac?NEU+~l; zQn->`k{QTG`4G@ivV8ZmWu)0Fy+pYPOWO1mvPPpoHFnyI6ft68)rdMz;pitRl}%d@ zXk?<-svoTvPgC+uq&8;mDWrB(HtrtW4CB1i63|n^q4YT3VndJl4cPfhb({%*Z2sgz zh=p(PX{dF$kk1|EYQ*i}JY0s=3VFT7Dz!vhHWf_8Zv$Q9RE4j1!ww_y4B0@w6X>e& zakQwy5{}0kaxfFeN{j?qZpvX)Lvzw7jd)%Qy2W4cv+~_wUQ9EoCd`zo^-O`O_qiWO zvvE%UAjgmFt9rLy%D;m-zceQdK z@>iN(-D+_*{>c_yJwbQjSZ;L&(6+;fq>n{0b`9385>AMd`rO9pjlifEUe@)3V zphSkc(nKvYMy0k2K|uJ=oS_24%t#=%-jv*r)dPfUf`H|YmhJ#J11us)1bo23Z3$1& zY>{93{sKFX568y&ntnU4p54b@eb}3e-HVc|l@`ZuQ8Rk*$I_pRB3Ex*9S#jk+H0*V z3N$$q{PpqL^N)YL1xF*9sFqf8Nw>iKCa$;S#c4NtP>fdV4 zx=m*iv|9M+#>T=L%$NG_mCT7Y8I?;5KRF#WDnBL;<5=yqhhK2*YfR&dKeItc1Yr5p z#Wi_JQP55wP@aCNF8Jt*BpxB=ll|5#nYEn3dYIGrc%{nj@x7h?fxvpPcENz;$Y<%p z6~*Natd2xSqbSH<&?l5@I%qQfe4nVt{OM;& z_)5!h2C=U6(edMP(TPiWKg2s{%o=TiNlrTj9<1pA=e2egc&80da9yw2lpq?_?a!bh z>~Lb$u_#s`y@N>X`>8ClA35WWH65rMCH`c&5bJLX6m5zj@3%vJ_^S==)g%>(D{G-5k8MN4xhHpsSGh3i|(Uc zU@`rp3m#cNdmG1Ssjd?oG!3KL(hs?S$+SK0Ui;Id^9#sqrp{Xfz@0}^ET^#q9bL|= z1o`*7?i!|(xkKjlNc)gO&Y%V(n|IWtrG`TrdCEiIK$-W9YVSYAC$o5#A82k?(Z07{ z<^9%QdI7ww#KzT{H$KA0z`IN^yJi7ccYA-KByj#c1K1HqOe}>j_grv*Jq%5wU_~H| zr9WUIlmH;F2T|N|`_2^)y{Jrw>yjglIRQHZENKP2xOTTO!kg8#slx;Gv)?T~(11L;403I0+XZ2o%;DOKSD6tlUhcY4JsW6^7Gh;g!;&1iS z0S>zpBsgt*Fin$J8>ml;KD7RoqW$pH#t-f**;lyJYJ$N!c+3XJt^Tl-c&}K;VYd-` z;U3h!DcQRx!8m0FahJnc>5f=}M(?-LXK(5~o3)N&&+x-Z_`V+^&k~`_-gU0Y*f1tO z^e$|3o&-Ma%)e*pTgE5(g-sQ_(=b);5sX7~RPC}naq)*gnb*~>2bEaV!S?!GOexw&X)evu@Z=A3@`Z^qR#o5C#q&9r-%pfR@*T5?G^UoR4eK`8qs+ z^jP<6XhsR)oXg6t#nqWXobgh9*-8vCgjl&`ESViwp+IKp0H0pdamBO`dRKrK$^0G3 z5X79g0gU*@SeF=Vk-L}nWnr9PLaqF3+uhy zpHdnJ0`|Xvqe~=Ji$-Le*)}%_Rv;R2aP?tfDvUZH=4yV!VG0rfPQX}(LoWJ4@I~j! zui~) z*VBJ+g1i^LY>yPjP`n)#9_v|R^VeFkeekH+rn!qgd9~Hye&L>j0p`AN-=}$qzMTr^C!5M8rwVJJZUk6-vRwcu zuD8*&%lbuOX*&iG2MX4{R7R2oCGARVQF;R&+A?%mqk~jNQ+Lw9Rffub@%T1>Fm1dwS#^mbq83FN zmd<*Y9{|q^n|Zl6DcPFX5gFRJqD`;WEG5~c8_FIjODqE@Cy;Uxzr>?b*?)n(sZg+m zc>Lz0M8u|)Yj+p8)~!WZulW*6%p(R5e>pIG4aytQeh>r-YmemcpyhPDMklGR&7MX4 zu3CRI@-7MG<1OBSY??hgMxJTm9ck!oRWMuNrMV?l;$LwcEsi-ahI$z4SAMQf4vyUM z7Ubg5BJTQRvBJ0DmJnF4o#S5G#4L9L>ZG=^Hyr2I(O%YBFCgUVyIL;-;L;bvrX5z+ z1Hi+^Z*yi!=H~Tj=nRN;*%2vdeSxCiqS6RGoYp5Kz_##W2{mIz4&x~wh&p6{oy4LY zrl8yd9-PYOx*C_}K!K^wjz87R zzC7rvpHkq5ErbD`<97>nFRR5`@y@Z=aEvS-kSrt}E1=MtgD8DKHL)*7)|QyJ000Qw z{@!EqHh$iGuAIHSnI8xQ($-rnY}}${EX7btM~|dANgg(pol}^UN=}Bai^y5%ba<`A zWe|}I!jfaiz|trj+(@?rB~9x1<~?VA5t0u2eFST9ThX_Mq0h#9-a_$>MwDnlS+m3gBwA+++$LqUhEQ@BuhL_@*g@Kgmh&4xF`y(QTXvp2^^DhgBs{El zEI+g16gf-tL0hs}6YwOBW0QbuzNJ^qQ8nGv?=dL=yiqWBD6b1%F*U$BM!c7@Ui5fc zndR#kcO6)(x}`{ktz$ea#x&68DWC5ywm)nN{cH#5bH8mo=9vb(%!>=8WL z8``=vbFo9%eYHg~+Y;`4oA1&dyIDOteT1@QR#f`X1vF=9x_MayS>Q}2|C0p(7+LAT z@A$;02^R4{>0yKqs8O4LW?#+@5U_p6Ios${kWg!E_W{acGb6;dixGGPvd&d@2cYi( z<<;LW$Y&yO^p*~CfR6Yl*G}5+WQ_bIv8YGCq2GsPcK~<80holbk^*!s#Xqta=o=9` z^8();FE!u;AWykqi_n+ozIl=fcz{F($7m#8X+ie^m2?>giwp+K1{P+8Ot;^WXWnyG zjRP8zF>*XP2iPP9c*EL5=lkm`uq5~fkn%^R=xuU@4Lr%m}nHWQp{0|2L|=ppl{^LUVy)K@<>Q9 zSDwf($ZgT%`V?wP5;ae5f2?TBtb`XE9ERX*R`)>ArAUA#fwOHCc1eb)*B@h=U-!N{(s{$&XgVCJ>T7o=CZ zx7*V7SG;>K=wC~zN^OqHGC}*t-+Qsvw4ZT1W+8R1PS{G9M%{Ct4)KSb&6*xUsVYza zR^KCTB#4A62QEAu|qg4aD> z8^5R&vAlqN!3w&jpKe6JQ`T~meaLKC*~^mkzAEdr_Hty>(hf|_xX-ZU>r$}Z4-n^0 z;=A39yWl_{I%GX~d?qbWF<+5pJ0X&I@^rg)FXgF<9A0_$5&198nN3FOxjGH!kvu5a zwas%Pg)_p%dJCb-VW=(f_3F9XVj#tulbz@*jPTk0 z=R*3#W%Xu@riLRk9dfvABnbN|o<5v00{fC6I0G}3uRkEb$I(W^h-!NzPC-cX&vy_Q zed0sqU|ozBkMpk#uiGJ3jlv0@5wQ=vlL%HOoKmWz!rnhF^q(G?j;kfpko^eUe&pJd zxYH6%?f<5z^Jw$Gb~vOw8*1gs1}YV(mk1o+BKG`l_k2BXwE6gk?9>LO786rC@k4h? z*@3Pp%7_la4_X|Wjg{n=Fj%OfmzoclUwbd2i=yfSRJPT;Sr33X zR~rt|U$902j;sS5iQAwT8Wy&+DvVy~{AmHFs&e@Ubcu|pKd~VofvoVK2VJOhsyt2S zZBI!1C+s8YG{9(nQtg+Vx14J;xvQdw0>ZXm(G(IvNVvm@BBKE=ZcQP|zM`KudI^#C zU*KFlarY*q#w2RIeKkNXdV6!)ghJ@H6S}Kp*Y7J>N#b2G!_2+6kkcZl0YrN~76UCM zVkSR@E(hoeRqjA3ZEjwgQ`O%1jlp4+e*mH=XUbZo^99afSKh3sSBnK1G9T{G&`IcC zxb5eXES)Y3v^k`-d_>$+{gPAs=Yv?Wz?fNGwI2Jx!Hl^m5Ma#Np5r;WP6>ZCPANpy z`0kzr*Z`}&W!op?RYK0VMESn=D;$G+mqp@(j7VYcTxXGs6^-UK1?08XvJ=-(o6(3e zLGO)y0+G7TU9)6!lBf@q)kxw_J@&@$>$BZV+$n698z&EN^LEgeWVZ*j!XBIQ#!9# zlBtaxLy;jd8#@T0eO*^C^tG~1-#F~_-0l6)$;X|?(0BR6BDXh@Y+ukA{6D6Ds5+{3 zIn(#b8er4P`V4Q03o3lufoY9o+W5j3`I9vrcfHkvB27I$gSP(C8WL!(qycI{XY(~c zPJ2_&5e=X5n(sNLWs0Gos#a_~o;vg{2i=nM^AH~2)z#zvNZ}a~RMcj4^T)cU3YD%F zwVL2NtGr0GZCCu54%4(5`>d@)ZO$J=XhhI*A9QPL){~eUb-F7XS)|^;)&_n!d!5E` zzwrm$-P^*eFR$zy`RDx2yY!0iml{rxjrOA1jM0={E1&kjqdz`UQAJ|#5+EHAXLwSE z6Sr7@ESg#ePAe7OmA$0>=~@^$`_ujA+(<>{!tPs*K9ud|LuW?$djCsO-<@q?Iac9! zsJ^0AYVXdiy%%UHFjscIw12Km*FX1a~G z-5qT#GGATHuZ${mdxHx#FtoXC*PWaVCx=IkP4x9ZRzs=VC`|;{$U@ohGXmDW{F*?a7YK;3?na+IY ziuB=VOuVoxEaIogy%Qi%Z#Wuo#P7U$xnEck=TT0E0H4~=iy(}oh6}{s4HI@xk;Zhj zB@-AgG~R{1jAgXsF5CQRUdGv#tD7T+8taZJdt)=^e{wjc4I4mUM8wg!yE=YNq9FhT zhE#<%%*krgKxHrBtl&7UmUACZiLZjYLHs4e#(_K_C6U1R@*DSS2_}2Kr=e)K|d@Zih7!_GSHt$_cWWC0cemk zD$u8VnLtwSR?5xP6@{-U6X>l2IMk6k4~{3RN(9<~;#sC|;rBP0%{2VkD{w#84o4%g zIxO_CL3qilv}mO?l4ByA&@1+VIH*Oo6A70VLHJLb^T{eT+vRs>pdi)EMTz(Y>Z-}W zTyUmHgFDxmvN4%tL)*-VCooA@5qXm|CzQsiF4_bz+|0KDC*MvVY;UcmdFOz;RSt_s z^d*9%=4+j7GMjO_pw2NII@hD>%HmAO1C#in2#+t8@nY@1(?a&~K(tF5MTJYFeS^uY z>we$MgML)=I4p@T1jK`UAFR`PC;N@#m|cezOAME4fivp5G3)~r83U4ovsd!oxf$q{ zk+X3#=Ci?5R^T;*QYxKAOx)pw`Z=y#|C|%QYgs&cyY98odc^u*rk0E!^%~?fN+9 z&&k5BOwnJEWMAt-tFtNwSK#5z4`yLINX{M8207490%U8pM~P2SED%)(Tp zuS<(3qjKcAjw;AV#LlqtdWT|GSAJx9@rKlzttfAesR&LN-UQqA_&JLU6NK@$IIX1o z?5pSOIHCOjT;a{c@*1i4 z{kIy$X$uq5;UggCTSyF~y|^$0!w1aFS15qml4LJI5S29p0-QA=5v4`B8;}x3oo9L`ZI-`)8-;#$P4T9 zq5GSSFwVuBkM06Wv{lDA0w&mx^UK?pH0~jPWUL)y+a)ucm=4Z>(&l#+mq1*!Jt2C{Iqa3E!CkY(R$FWYEbyyL?eiIGe)85=2e-NoPUlMCt z`%S>JEMBV9(ZxZxIN&Zy9?ZCu*zQeOYU}-TJB_o+VL!XRq^Kvb1FI4v)WLVc?b_e* z2LLdZci6vI#>s(OxnN8M3^%SLRcmPsLscx&BZ z`^3<|A5nrs_ z>Kt)Mvn=!ZPbnR+xmS*as&_^Od|)L{p!!GgkHg5`=X$B$=mSwDmejP zec$Pyp1g|gJIs}_O|jp!I{n8HC73NmC~@vK`}gT~GDi;ubSs+& zZkHN#VLtR1{y<6!KJ&jo;~7HZs|^*trYU} zSq!w5XluTLP{SzU>FNQKp4XVnDk<&FD+#BY(K}40Z1V<^a&jqFc5`U+v$BP5%=3fi zt%Lf>&xhA24oqfu4@t&HVT#Lqc=O7`C_;d`q84@BovCqCvuQnK%p%P|c@(_VAZu>A z3@ET;Wl2=>tca3Wjj({CdkRG=720u_LjnnSRCJn6_lVz3aK9cLP0l;utJVkbsaACtbig6H6xLweA$-qtKIkEWm;oAWcn-2UcKx#HOt793c zig6n(RW!TF=YZvp3&;rPlOzUJWcoOYz33*xKzAnG`nfaEem2=U7U)nmZn(~}Gi3mv z#P$IVnpyqOYj1*#U8O=IXa#l?9`_yH*e*=nAqSkGM_>`VEVCFtapM5fvHU*kz!nA} zx6IMTsC>2ktp1df7CGElR=pSumI4%8AzLa#sgRu3y>`p zstLcO*8D_VJ7qy_tYWhE#eMm~@Sx1WEjy(?g~;bPL*oC zjYv_E23=aX_~ShT#E~uc!5q?0VA?n2Sc(*t)y_7?JuexRKBt!IJO??MB3V4vYb%YEGxNhX|6V&Cu?FdvN|Y*wt1=By$%T5zW) z?Pz;ideQ^QTpU<(YzwTO|tc95pF4i77+#szgm7r1e{#3TyhE7QGYTM zom3Qlc2b=ZF_E!`8j)p-&%=h{24@RM6-yoU+k_VKw*IdBaDz{)-*u8bm+3$X%PaZ# z=-s_kG^U+r2pGuB&QC|)L@zAc`G#l3Ds5y6xTAL^O=8&NF(!xKf`s)$DX2iwl#c{9 z27aN4#9^(5NLMb&oR1ygif0r>rfK(5nYB6heZG}YT2|#PfKoess{BrbY$LCu-t*l` zB^1&YqJFcT#h%TEmu&|P5y?f2C<(+5oauu%6*>8$?Ho8w1hw2I&T6E($LKQ$MKaYz zUo1ban0lw*e3A3q<&NsfGAE__hT1|l0vWcZY15s0uLu4&LF3d0Pp3+$n?~1d$tb5g zW{+PBc{iImZ-eGg&yQI2b=p`oPPV=;iMul%FT@_Ur#jE78-?9Z?-lG6M=!hp^Kq}_ zTe&^i(EG;%nSAr-uJbuv!pZw74*=@n;~c28fA#FQ-YR}lQ-y!B(>P%lALXQ7Wr_vL z@b_D!1`5i@&U`OhFmV~x?$M{J>MuHqJlh>`9(K(dm2aX`QZHUBW!zU2=FPk8gP;)M z>yFls=#tpKLv_jOrm7czlXzuQXFOaGi#o1dQaH+*IXqG8J96@U{afjz@vC%9dV`kq zVmpJu#3zvkf`U#Vd_t~L3vlZKe$-u`r;VLvMrwIzFpX~_X#X_)5-QMW<7e( z^XjKFkIn;*yFv+IUa!MbzatcX#apTtpj+$=F10<@;iOWf)<7=1q$a#YUTQR z9G(YiKBM>ODJa#i-go!QiqKbGVLd9mu=>8ED4;;Uh&PEjBZ5Zj5Fe6duEiiRL0Uj~+&Qdm~DGe+*B1|1#5U(BuZ)7gxgwo)MQR z32#qG0f{W|OPM74Y<=~U5YCg%aGWv`dZo&vN#=@20i13#O`d%R-kP=g7R zhjyoN3tD|=NS`~T;Ce1tM5VLbC$Q-It(PouHAAFz9VBpw^rDk9Tj1}zsIZH3ITVl~ zOnK8q-G0%aGb2^anzY9tUE3GJ9E3hM@ZtDETiq{?H`a3fYU2C_2RH0O`a?nt#2MHf zUUn`}0Oc9Vm&dC#|3tX#*HMCB%NXlakriT0D34zP`)!y+z%9v7*usk88GEC4R-11Z z+TE}GK}4w;hO(Ve1YD-<&+aGjM5^BidLGDRR-&*>C*hwPVKtk6#8$3;svOHkHXh3H zs&pv&;EEa=JIoWtBkuM7K6ec@AFWQ0cy}*W;GlVE)!mq(IfZ zdl8y*m*I6nV(d)v>|Xwf97(ewUCJ{gBjebeY1p90QZM;lG$d+EZ=4&l_h2sp4bnn& z3#liMd_LUn?YW0uOy9lGd-BA6Q*M+oxtY*+?c3s#4~J_s8DE9J#Czd=Hye|P($Ci; zQ-ffG^3n}A{oG@ljhjZ8?vmWg|0vU&^<92@vbT0UsZOikGw&*&)94qgy#9V8pI-8+ zvp&cLWxWx4@*aqVzfx_$~5 z3-8`Vxb5Qm2wpNOac=@9$3(3y6J{Zn7>^+fI+F$Sy0pQ5Pze?OELc*b!%xq!9t!Ps zMRVk`PJ6jb7?XnR-5h3seV;52UD&o2o$0t@mJZwJ(5b=+xZZ@DKh{C4-$1Ha>Pwb?^osxc>Z;Cqv#6Za%)FOt`!-L1*k!qFdAFHXi0X-!GAB z8_X#VQ10qkc8yK_`IG4N&mB^gGTm=(-Xv1XmeAtr)Yug-r%w9n&flPmOsnU^2?V{} z47*QLpm46V9L~~{t(*(rx4k7G9vZymV>y)bqKWjRN-{c)?VY(Vvz|YX(yl};+|_{6 zI{+CWxem$9*Je%w%Olu@ecrPeMNaE1*$#BDEu_2?*@jR9AjS5_2+m}8M<6j9NQdJB zED8>dSp|oGQt#eovVgnYvgZ42-7=*9r~VsAE8|*tAmp}yLA`d1fp)Q70uEZ8aWq0XN1KWPUoO8(akxaZ3@) z@-;mOwV;4YsJ47Xv_0{%ap{z|gbk17N}`+T3kKnGX=Rh=p~NA^I*Whd$%7Z3h26wa zUR1|E?C;t)5^6RzLcbp1rpS62={7y}Q(~@i^dItsABd-F>`kPr^Q^~ewAEcikYzHr zK~QbG+^$1_d)KF>p4$Em=~R)6kDlY%vK6viuFPFnCMj}G0dP~*{i3T$Xse#M+rl4| zMxudp)a|+232qy&9%XPcbZd%l?0x+>QkZQa|HRo-@XlQ}{ekqQ!tHS<;+OaB8GVZo zW_=Nk#7(4H%S$S@1#$5a(4mt-P2mj;=>O4v)#-ZPd@3d37)>;Ap`B_E8+6INq%%42 z80JT*+#IGNNx#`DI9<@1@Cd=TMCJvc&EQi^yR=PEj33NB!w5T-Zl+^YFPU>6^>`6r z2A4FnR*nP9R(>e*f{E_T32ur+E3Vf65Y5u;AUvQZg$<_o#MSy)F043a7f>QP8*UnF zQgSH;z3UYMS_r?~F#{02uJrF*%cdW3^d}?VW+<4Gs-j+5(y0t0aG}%}Y1bRR7F8NI zEMMpa+p-f{kXd6p^2&usg9^I*^mbk#Y7EI(p5+Mb1|i1gsVH1evHk4K#u?n^INSud zA-MNlj~E7olhS{zb$^q7$F|G6Ge`j8ZpMR}Il?~Q zWXdtsdO<3VIwRE8PDfvJe^bK6H9~Ik}zG^BpP_tmqTE3Xr?RW$!u$T^@OU@cT!_W{r#-y9JW8K z{OY}d%wp2HDvQAtXIzg$J(^Ntuj8%kyFE&A-q^5MC(FSk@)WZqCox`zl6yP`ea7lg zy59y~-Pd`XLj5T2i)x+j`o~0(^$GOlki@jj^u>y;6ZHfUGlTB2pNpXD!Hrksit*r1 zhE>jBru8#rGUj9lw9e-PA;;EVT_?x!q6Qxm-DkM(Ftg#sZ1nIvhcJCkr*d5v4hQyB zufg~&{^>lz1e4|fGsj1i$dghX-f)1FM|^7hS=XMv)|EETwG8RKuQM3SDT7D7WpO<^ z(&v^*9ro2u%W}q}MawzaZ)yssUAfd+adHQ5d;lk2v$ku_szfIKL+$z1$E?lNi{AM1 zW{usiv)p&RJv1hoH@R@z%4{dU_1*H&I_+;+=cgSWHQ|h`#_BnA7{YU*9*-OMI|kSv z$1Wp(1d$n1XX2L{D_%chzRV(xQp$U5`sCkA^w-A(qLlGymFG^@4hL)BT4VwM|J3;M z2;J*qju)+mhl8f+e9h`u!aQvQ&{!U#pUo&Q_3ir|`q~wPu zFWZu?mm!p4?1e&=1@<*|NQW_~HeG%R?b>Z=Zq$36Jv&*uiy4YeicP2RI>`@O5$TMe zyBWsRq z&#HOrP~7cNbVoA@9hduVabgSbK;}NXOqpZt zTQ3#hCl#1)6C&uA^AyXb*uoydp~#(*vB7uognIi&?UsMDr>_{8er4#2Obg5K5U_By zecs!?8gFn;ZR3!9lnTHj@=r=cC;_nx&kQ#h? z_YrWs!%RRP%xwnxRGPw;2N||M@QlC1UL9|w1WA-4CKUNf**FC1MGxxg_zW`b`iK2S zK?XWlCiPka{n-3=2O>%E2>@XO9$`YTdw$D#?o9N>MjVRaLa?a8M;(;~{aXxwkR#8e z+GH{0TaE=!mfnnt4UjQ$#(J()R(3hi=eAp(qJqi^UzWg5kOZ4YPg9m)Rt$rAjav`Tf2=tcT0((M`^fNBECB@U_n!x4DirQ;ytmB*&OeOuhiR~2Cf&C%XZ=nyY<19x zzSVu|K>hWT;~xhgulEYK5R?4(8o)1jp5A7Iwz&pSx)GpXb4U}L&40cJ@`Y{RA>($k zZ?ya8*Z(*?1ls}_T9qa}7PY=MU*pDPt;jTVfYRCiT5jybiV6HL76|O6 z1FXg+GLx9N|Jn*%?8AqK%YDfU0FzSddf!GA6b9qc0{?r)0wNfO#ooXbcG+KlIQclN zxg{(YvsOhwZ~6n(idW{4n(3d9$|Nubl}BxrlYbt9JOOw<1D{HRbbi;qS`@<p3{= zIEI3^Ij(9s=l%6<+%Wx`CDo-&ATg9<9DGoF{_7RWkndo6h)Q+31$X+*1tQo`nKtG& zcpl;y?X< z8`9^kS5YCdYs39_^#52kzpjP=AzDN*D`Mm8lu;NKn z8UVTf?~8vPAx8vL7ac}IL+qcg{g2;as0d&&-ckdB%Hp4E?ce@ZfGJol zM78p7um3!b2m_4q3@Tpz9}M-2(Z+FrWA+-$`S)kR1_EP<1@toh&K3c%TR=R*b};P0 z@6QSn1$zX!s44ERgZ#hGPk?1>Ejo$+_my9dh>?T!h)G_B{L3Q!&p!T(fxLlbC%KH# ze|uISIRNtVBVzu4PP4$!?RRU-XDb6{%~1nCW-U5Z+||cU^i8Zr@qeBO@v;H;hT}bT zA29yz5*&yFv$SPICR+lQ=SXMvn$7reAj=9Mud(NG*sS8L;A#_e1Ob3({GSi|^T@yK z`G1>Hd?8>8#XPvXh4{PGDZvZ5UtOL#x%~O@|L|lE9}K6!ic$sDKfL(ogra!5;X*q_tq z|7O^)OOiBZYd+Y{g^1S%6R?9-(FFH9ag2c+F1cW59OMbJ?CyhloN6lPnTHa0&zUwfB8Kx7Vk}fGED<4S>G7>nqWq zloT#kNvmx-^l~xs6gQh+EzR6&532kItRfb`LK5UZYKo0(J4~r zgW#jcuH?avA(Jo_KYC@&5jFBL4G)8L`tc_()Yz2uKI$SOn5| zB{Vih8+Sz@T`B+b7X6<$9{qSDkojbWs3!@j{Jbaq>)wco3E_dFKc516N0gxIm|Ns= z@R3fk#pfL6tpd5s!p-$%7x20}0e?s0!*e7_z%-Enr%A?BN`5^JAT%`k-7O4}3+&+6 zf>6>i#8`k&rk`s?3h$%hN%I+G(j5%S@#8Z$t2x ze?@I5_Y7?|Z1Rqefg&f?f9XoRvB!XVm*cqD4Qz$GV*0y5jT0>aL;)9kj4?p3>;eo1 zU7u$upJF@G*@D5OqWa5D;B zf7*_4e73)+S6T-^5mERY56>h0uJ(JnAj2t_%F1H?Ih~;|g{Ao5`eL)(7?`z;bLtld z<$p{XI4(i1a2XdexB}Qfh-8RoDj_sF8p+f<#{qr}LyqB7-VzB~VhD z^l35W^Si2Nx&$H7&P445WQxE|d1hhk3HY9DX*1@PigH8)+`I-(Ti#@O>kKYX(`Y;> zzHPm|R=fh2Q0et(tLYu0;9lFEh3rsL?6j@NapWyBX?q-4B7Qy=t_jV5#@m0GArO%c zvjBH^Ua)p`Fw>nUlilc{WxSP(6yNcU*kq zp~Rmcmp~mZlX+u_#irk+CB*7B12j{v4iy_7uBX(yZl=@&b%zJ-uhazhB`BfIc!K}O zt0zB#U1)mv-g)(NZ4$r++PvyXMXhjZ@z~EPmH``;-XuSflFSc29JvbOl&aKhT*O)@ zrR#=TJSTHZM>Z_`P&}s@^0E7JABGd6kFE$n>rp0_uWkhaak>6=J0r>nHS|?2 zs)A;jk0R}_OU^MJc)mvb(16FhVC8vnv<~B^CWNG)fPh9w?RC6CGf`*H1|sTZ2Bs0n z{ek=&WbfnVB$^V33Xzj zFMVT0^D-hmYT5HN%Y^|s3Y)+nc{8SNmb9paP6ksXq7hw_)=mO8kj(E)?7h^*V``Z= za?0)wv0pb*33za~=F zazkZa3wq*ve|q!7QXa5VdT_AC<|WMSDi?t9=~3zg@EZ%@eQIMf00rswsXt=|32;)? zd=5X|&jFia+2z+{Ce2Q;@#pEJnC1XI-Wevu!x^QF$a%sPqwVNbq<5Tz*MX8QK=P(z zl&4nyZ|kfFM7Si~ICEeQ;F)wsVS&9_&5qCSVx6uMa6$S>DSB0ayCDg(GR&u3fK~(~ z6!`-WR|g{jYcLGh6{UnVQ1oLusOBjHa6rC`n*|UOCyOj^xsU@GS-EA`Su)L510ZAO zvia?k+gXj(C^nEbx(76p?*aCvGmw_>kopc1T__2jK9i;?s-KtjID(Y-kJqFVlkJV;ved<*yhW@|>^z!T1m?I9(2I^}%e0nclM8}+_@g0E+8 z1FZ*bRd#2}Gbj2JAI8qiwd7EP+U`P!6aOOdyrGK2xe>k%G0AV{i( zQhW8ES=3H#n2Ha<*k89|$@&TbG30G47>=UNHPDz~`CSkj>%%VW+w05INpvCqn=3{P zjh(iIdl6eeT;qF6$9ep&Lc7hY2k$bd z^vOPR&&~IiZ`-xmnfh)F9B1V!0#u;(%xjy>d0#H%wgn*770RG=-ril^xzsGtqGePs zqAb!pwS~Evs3GeD+F8K`qESi*bylO@xn^fWxdxH3BClyNzYOU)uz(V5LZSA%6m}8m z_p66TLSNpuUnVN9L?1!%)E<4cPA6WoseQ2^{AhtL0?GD^Kpn3KMzzvcq zm%qMM1(+@zIgaZAu0i^KJT3h{Jm3-}i1?rA5Gq-lQUveQFQQ7 z)-fLw>6n-l&Xx<-Z~|~Wn>_ZJQRZGFx5KjGi@#VUMQN`xgr%8j@tw?%3R&PZ`tW>V zXWIMQ#|r%EDzkT0XDnd%PEzj39}w7WDrJ5iO_J6d@?j)xAY}AtuKkWFbNEeP#BA^C zHkW>rbklZB?e46Pf*^L1)@?H45%M~^rBGpUI#sX~VVvXgPvt>ou_EB|wvJ zJvcDm8IqMux(bzZlZ*-N;`v?HFdtJaGm_uW5)3rP@_!FwR$rcy*phZfQT38i0A zgF~Nrr7m^J&wB(XCqv(yPOj7oFr<1(YzATsD)X!+?Lp_Pk>8S;QX_$LFO9@p=eBK? z%1P+=`W26LwysYWE4?D9O}$B~RyttSVpjzFwz_rUbmM8#z2Um9P%=MqI>epA8?c*l zJ^7AB6>^SC?fL1YI;$CXNym`=)e5O6^=lO=DQvRGf?p_5n9##k^KZrzfoLB8O?#Ik>CS3r2 zyh@*GJ<|6k&s-NS)gE=6iQph&ISZMO3HcIT5y{D9F7(glFN{yNUVLz9*zdx-l*oR_ z*3joYi6}JxgFtBNT9yvAm zqtA~MV6SoL)mY`r6J&5(stn~wGA*ybj&*|QMSoww`y^_JSmZAur>LL|{2xmZQwOOH z=3;Fqx9C#o(W~U46^`cfl~;1w$jdW;05Z_1JL#~w4?-1``s`l7wL#`bA**}61mOe# zouIxt|1#Z%uXHU`(}`zK;P1Vpl8#aHd&!}VH1>FJvgzp%Wh%_4se1>5uZ47~Z6`I( z7lQi>0Gt3hiskEYnV!IMF(j<`X4RM30^uw)=(pEH>I83>SZKXYw%%TiTJaF(JOU^f z9MBm{v(JDVdfDJ`rMz)UT(lCYE1d!{ufcLe>KHer%=h9*)h{5stwRFw>K+vuQz5y- zv$;vlgCX$;6*;g7bh?+WN*gY8q+vRfTE4^ok$Lc4*e ze^Eu;V+kpT5o2-Rxze>IN^`@L{*M;GEvrFG9`F3O4kalnXk-;F38KE4)|(5}^Jlz$ zo|n(9NyX=$bW{X%kH0hhSQHb?VFa6Br#(jr+k*glY0>Nh{I{;y10zec*%6@4;`rE) z*`P&DC!Xx-^cR{h2@QNi60LL5~X2Flt@M^^wD#Ao2 ztLJXYWTtPe-Y8u00U%A&XAZ&JmmF+P)HEK{lyUC=QuPBKmJA3=54nFvR$(=;wYH5G zwn!*5FL|uJh!IYJET!6e7%dh?%`#$^Ss)!Fak?|z1qLX|3As;&J{G`DnUjrAug+hh zknlN(a@$U*G5F70A<0SjJS2#6*>cA-=m+F?X@;(O&c&sViG5~wO8Dl#A@#Y_w|;`L zR-(_02Wk^;(5aYpcGD_-PxAnweK1{UZ4!@_oPCxcH4@ey?QBF-tFG?p(8I0qO7Up4 z_6=3h6{{TPDUEuRr0mh6>C@b+y?iKT?fZv0xTX`rz4HKDcV^+J9s za^r68l^wliB~BT|)U~KMLj+RLo5!!@mk*lfUP(!YwA#^+8!g+>0KvP2L^7JMWt(H= zOp=Z2!l%_>dzEyH6#JwGL0ry)52 z&M|}EHSc(}Kn@xWk8Cd%6>boKPIJ^Ed5zFei~GQd;miH0#c42So$h%ix9+pPtBk9P z1h7`mDG9H&fE;>t(iG+Ot{=Gn7vdwEpY`&34gzz#uO$!)mkl)-~3f=bgIxqK~mX*vT zl>yBtr;M=`&aw|25b%VrNH<$koDLk#64=xn!fV@l5-wol|rYjT+NQRkGV*SdJ0oCRo^>IylKC0d7CQsKLHe3**+5G=&B%E1de_j+rS1oSr5RWiJqF>}7|dB+DJ^ey&L6*(CLUXECb-X)-96R7 zK`WCIuipnm9?udXu^`x#%cx4jg87sVMyhV4eBLR>wB$q$PZP>dC1E7og{>Ni4vInH zBwA785Et;8WEN|()>eHTe+Puyq|yf-fFby1K4{>f_9b6#Ve*}F#Y?o6fx;*v+?g=ehj8@ z18v-NHL{fgIz)JrJTy|0fO?9CD+%xveJ>6MD^}Y^x&M&pGp3s8&F_v@u%9FirVHCm z@o82FJHK!3qw~K+wmt;;P$sel2XPp(e#9d!faAtpQyy!6=7~B#p#Y$z>4x=%%#%j8 z81in4PS+P`H7MT-LJ~$*XOs#$f(WidfY_LD-5%gReioys3CL4)Wr;mg!$U<;qrZW;FUjV|7>h^h z6ln6c{>g(HzI%1$xJ(*qH=zZOU%k1K?ijv^WNT6K2Qr!(EiKK_(?x9aa$KKvsxeMU zUMG1d?SVaxWc0B!0o@Ui@T+D9^U}}nz_~I8Yp=Q>s%`x#rFn{{%vMg+*56j)ZuC9# z%XG0S^x=zi%R=fs4{0sW?aJd`-?uLVs%%XQ%gSt#UV2CKU&-xMV-Q&M0hsNmSzi(sja-sL!@Gb{_LIvT!}}BAZxuU^LqvRoyPg6^bCgV%4P=U* zT%f&v6SEmdA)Ztv{H7aAMgTP7bHkl&@_goT<7q9q26A1x=L2TC;T%oz{H}zWk>Iwd zEOw-e^af4q2%UJ`;GEz8cod$sU%#FtaFlbYGkj5w!j|z(5I$uVMaj!-zK|eQX@yMT zw|6ho_S%t3q;yku@47lXu@l91 z<#tN~`4^LyoXgF!V%+fenGo46X;#R~H7;LB{gR%-tV8?~>N3SYL(Br%K_u=5UY#E{ z27PednbKx>Qwkpj6$s>|FhPPlxql*2%WO#DnG*qwf8UOV|5=M!|Gk>o-cYvgS~fGV zzTZx%;@<%9TlD^i;E;KRrLFJpib?@;tElangDObLQY4$-AZU_S(DK62ygcnXsul5- zyd63PpWW~tW!VMj(Lo$a^$Flb=w7C`!~-G9)P+3|?SD|Be|ZV&2L$^dqE*MH#RpEe z`3y^c^U@VJW6R(xd1HCZq_ln zyL}EOFqKZn^L58%hegtW9p7+bgwAUJ~lHW(aY2`BwLgea~nUr71=;IvqfY%xgc<1`f#0GJ^Q59*7P-~q zz7X`xSwLfQKEk~>3DUu?HTv(5`YDY*c#E+|OE??Ey8|Iixdyu}jH9%NM*3yCaGGS< z6$bSVEh>*pRNzvM0LOHXPy6Z7v&_F_ts62P)h)<4PAjLNs&s55z-I`>Y5x zx|Gb@t8kIM>B7o=S%5d`WDQM2+>IzH$UL207(#UK5meL3gtY?xOE)sPB>J~8qc_*5 zcQ*vw{aE)_SqV4=nV#{sEW9SJ-34M`nWvE^|LsP)b2Jg%nuRi4I(1L3!PirM$ z-@-H2lk1jEy?0d|NI$QvWa^{4n*q|F;R!42@-Mk9O=mRo`cu4dSS$GIs`#bPLE4}} zLw!ylX=Tqs$moLys4OVTJwUg9$|SZoWd7-i)^^n+6sc*jiL0!J8pS~M3PqLHU zklO6&XG={kab9(j+Yh?y(RDkLN(8%wejr98vs=`1_BwwgFDWBeFP~pm#4d$eJ3C_ zB`Y~IK>wJWo+#*Y^sTCNo5c>CB@J4zAT#aI2}s@L(l6xPb-OfPSrB%sD=90NB3Q%` zh_YQA>D{t67(#$`>omR77j(y??Sja!!{}VE%2YP@0{`4+Dc;-p0tgiCjlcfR^W0lF z>aFW0uZrd5@UqEwU98UqARvwe4CDGK-n7$6TcYd3rIQb;{2M%dURHPHmVs8?TjwE0 zMf7!%X6aacPDHcpr;SF(0uFPNjB{B9&M3k!K>}+t(VIkT-EHHm!0DqtGKe-U&%AGclXD_6L>_6@5_;dq{>5hrNPz5s486#o z!fpB0P)T7uv-KMEi4(bIA*5QqIa|aqV*p*^Z?bAaz44PeDqaQ)Akb$4Oo7E)2Xu|x z3Jodmr_!493)Tb`L2$e<6$HXQ+ZVCI?fJ4BUr+C>eNRRj^E0?amgI)1H#-|d7R0~4 zS%_p)7v-(L8*bU|>AgJ>yMe!`wWu3Z3^#qq@aEFm4#O`C6uN_)KE?^2s~-5s)8LLO zzI^8~)vYzJve=ir3kNuMGVu=~#T>?198YGGx;xDFQ}tyV!MJWfD;*YQH`|Wnwbrr& zXj^dnDntN93&$j=M`7P)jBN{}+V0R329L4=)&F9>nsR*A1{5}W_79fjH*`ZdNv62W z2ks7ASD<^Z{OWW$zz04@B1^Voy9G#2g3xEpz-EYakg}RMnH*@V^EqYP)6x}RL@>j! zn3^2v3Up2yo^F#}e#eI&A^ni%f54Jq3T;XOf=rE@^T#y{7VxY z>bZC*AB08S&Ihu;UI#c6^35#Zo5lN6YkneYJjerA{m9BYzhfw(#|iUQtTE9rl*a zN21R`92dRy(dHb;$e7%nZr<`+^>o`!dPI9jn`o+_pa97jkY7MRgu*5>KhfN6DA4rK zfWzQc1N9xL27lgN|KUD6l0+y}A8{XPA35&ukkNqFuO0#9GumXylMkUz|2RyZjo4-Z zMZsEfR^Mhj@;$myR28E1V5KU*iH07)CHxwhVXM);Em<8aRTAAx4uqfh}vj@hT1I-UZ&*QYcwW?@aS05Z>}%240W+ zi4P*V6Kq+-3So_d5wa|RB~AGp-l{dov(-&GMP_aN1JVc^g4{&vc;WtYxb_}Gp?nk* zdwTBy1m;n_ywQ5ALa_};fDtMKg>0GhZnLaW<65u$rfkGtcYs|YtLbNy{~xRpFvvp) zW*6~`2hxv7SJV^@vEzo8r6jJuOQe?I4#9e;wg<(%{1fLheF zV4C413h(~p?ahe=$UVd$p8ETQ0#h=OTAExk!JAST^Ov~#7x>N}nF*k81A;=@cfsM5 z|Fa@~&TPovz&vR%LGw}zd?+Ed{*s^oQaM|xXW4ctedd}mkU@5E~oo6cEu5b}6{_x*QuX#Cd-K)xS?I^1w8JF?Ja+g~R!)H}p4y z$i9MDO2Gg8w?Jx4F39foqQvmwKmY8X^N8FMk}$DcWy}1Lh5ENs0lNx!m?IJQ(Qgsn z;8&{2&~0BWkNkED4nUyz=2byR|FES0v`%0igl?3V(dxthyWt2UfGo#H8tfE*GtyuF zjjM)iqt%D0iob<;bBIHh<40uL=l{OUz;cA(*c07u4%Yw8T9D)9<`8fdmv;N}U-P4X ze=a&q3t5hz4TS$ns`}e`ov4uINXwLl`8!+4OhA_7|4p(VEAs#6N%q#5mgbMiFDijF z<;KV@~Wbi46XwxC33{w-( zd4dyQE18}`B7Kln`X+q;3I~EmEzxV#Kmd|ZM7YB@@f@&7)YdRMwKmB+LSB~eATmh+ zorij0V*#z@u~hVpnw!lmLu;l$!H8OxsIcWkp5vpuT`L)h#uE~=+nYNHJpI?h#hS5k z2{vqG=db7R-mg%}PAU~1=F6!s@A}`wZDoilZ>D6xO8o%A$NKhk{gNHS)oR;~#?ZHX!7-2bG=;aYmFLtT6@Oyx>z9t@1 zZaH$V%I4fD78L$&_+x!{&S)#VPwm>Jfj}P}5MprrrY}4^?bsL_mz`17<9`;~p+6h{ z#duXc8`Hu2)X%FlDrTcImagO?Crm|2HGwqn)2lj}nhhSos7K(sM!dd67q#93?QRgV zy)88{U$pYe)GRrB^4@hfJ81~v)8d)|eJ()P6uNkoKT{NcRcHM*sZ^)VOLw!D%c+y@ zVBEx0NCA!LB;1G7__?c1@0{4d02f?|uK`hk!Zmf5d{WZwO(YkxSH1+&`b14+56$N@ zA%&t0@MHARbj_1PNxhV;z810qR9Y+-;weseK&v|=_O=hD(95~+@7;IbUU)Gr0hz)R z8ThCPP^Dt9*DR-n^h)CkB@sx~+Gy;Sr^leSgqg1<+Wh9rbQ+>iDw9iv~v!m$y zGg-m|nehNctyg8%|8h!6;@A@bm6#edIabqwLMP>J+ig~<_qlt~yvB%u$(&n!<#;UJ z;(2OU5521o-LM!V0ICjWyZRAH`hJmfF)vG> znhWN9_GPx$Z#b^iS#*>kFuWC>3Fh#aYd+=guiwYfRdw56kbEKH9|$m+as(oFQA?jQ zCV8en^PnZL4Y&(gh@1iIPq-hSWcpuQ9z#1oSt6-X2$}V%0hFOZ37^sE&RvVE&xhlo z!5c-R#bzHmWdWpw=&edaf(|<=RbUvV);sf3ZtEG964e4;JnzTcP*0e%1xPvxGkXdm2V^A(Nge$lC0sMDa6ECg}CK6UQ9%{vb!dBq3EXRwr# zhNDHJD*0Bf#j)u;*7rP@ld%ux?qKvvs>9bYQALL*(tZp^@$ap*o&4%OCfDtE@>bXR z6HmMx%wj_XQs+YvD(vlU{o`xI_Bw<72;8QXUOjicx8=?7PU$js+x3h44aLBT@@>F> z^jh!%c`&!sNh|1GbPp&LL1Wi5A_}H2QUI09lPyPenT~_6te~w-0tAqpPL{jo^NQia z1DpMc^2c_Qc()Btg`8@)zL(hAQ40cYfgz2oEGg_2poK8VYhNiRutICWigTI{;42bD zFDjAJ;I^aEYBh+l=Q@8lt0diiFtL;hR2NwuSbTcP0_i|H;Kr!ml-AOH)zMZR@8!DL z>HN{?Gu%a_U;ENW)jS{_B+RB=rb}{lX5#S8Ir=M&CDIfID@NQGWd>2W!OfXMFK)oX%Tp9cV~PGfrRp3&w2p>qK6)obWaL5aaN z)DEZ=c~Rdx4W+@q2j_G0-9o)*_>xlIV;;bxtZmf;y6?_6BVGBB2zjYxetyAKpvVdu z>U`T@X!!D7!mI6`CBu_ydg<_Hu@y&b87LUHuKluU?}cfs8y@8zQBtop3NuL(ycKz~ zW3|H!Lely9qBU?;-+H$8C+-+s9D%$>^{Y7Fjnf_PofN^?r4-!;rv^q;2Nq^|P`!MU z`!S8YQL9O`(r;l2Nw3bV z;nvS{r@>;Gzh+N8E68oJ{^d)zB`2ZqO~11ngl2ZK+H7LicjSu9!fxHC#ld$5i!d(i z$Ly8-Ue)!23c6&TbGz$*%QX~wgwo#(pvcAUh6Qa!up{ouH_lAm z6{bC)&!|pm- z;k7njn5NxM%?O4bB*V8^M$G#x^bl&KfzWs91o|<1k;90QYM`TDT)u?A)vX;+cmg9CYO6R?Xu-vh_KEl2{T~nO{_Io zgL-DZ?hJK~4>tqg)J+_DJl@~PU^PDePObdtwU&MqeClUeX4Bh&zIE&_`}R|swFrN` z?2x|j!n1B?@AiG@Zo}WbcXv%F*h)SheltEe4x0YNgu9h^xbxC)$*Ky!E%%5lR;;sU z_p*vkL|h&SN9lici=b6)Gw$wt?vfn`Puj~klJ8Az;&J^$ewN7NS9*+_gBSJ2q;}|% z{OOc;lLPO3b50W^%p2MBi_tNP)7H$=h*U(d{Wfc)KtN6TmJIf#=z(d#4^Eq%uOAwG zIc!sDOE5gC#HFH*cu8rTKQg3zE{ba2$xfJW@$o8PB61&%o--<>8d_%?W55RFwu{6<}t7kA90 zAFsW>Xk zhER<>JIGCw|FBaOo?j-yJG<3{;=JcB^Hjqqlitnl{rmN;V$zQ$($Lj(YD&hSlp9g^sks*K~iO zAUGx3G6ME2GyxWsm}3;0b$Bl=>~OTHpfR65|20h;bGw%T%NfW5+$pz!i>AmQ$whY^Lu#T#CLnT7{8t>H=MF5j@{7Vfo-H$kLRGFr%2&1j_3YLsyVZO^`W70kHc$cL&%Nr!rqb9@g zo6h}PWwwi3lGU7&nO>Of?SV*cvYc?O&zj4aJNznQbWXWiduNgqW{Of37JpR+ zLhWxoFs!R}z$eb~w5*8*RD8*%+wj6JodW};^^uZhS&w?OU!sU%0<9oSm3~kEuBz9x z(l{OM^zT|ZB!h&I+dk&}CM}h*<m&Rk6-(RuTbn-t0q$;m9q0SPkH$t&Tc zsdA7jQU4L)F!UC4Pv$_in{09ZZ!5$-@LTN09Ar94x=4@u7HmNC;7T1ddwvn8SF=;5 z$Pe%pqgOSq&f1>hO?&*Xy-T@lw)@c?zV5(2*D<7a9SZPKg6!lgL(A<6&GNT|E9>EB zk0ydx2XH7@gI7XmRqHQn4Hw7My7=4;0klY zamflZyfoe<4S=TUJL|dX3&2Q~f+uqlKNjXP86>!%VD5Wm{~%`k2MBT&ZfsH0(AxbP zBqFbqy&x;1{1Fk1INP6$-=_=+_#q(M1c;h`2ldXVV;K1*zH5DLc;I@Ks^V)i2g#Pqw0D}^=5xjVlQ#h^Tt?gx?u|x0Tv_G(0(TtrG_PrB6t&mb zcpz5|=OtH;%l@N)4fO))l@i)<7%CBmDp}Km*W&cSTlynC8jV>|LR4fCqZ1gqVe#;! z-LA;_V)P4j=CEUhuaRGh7wWYtNYXl4*br?=rTX$GEz}<NG^0MDy6K zZfO#RW8=~`60#dRHWI_TE=RNSASnMjDlXY;Er=kBZ|8*#B!J-yXC=EUMPX2>FO+Bs zT61oLvIZTO-B0upL^Qsy(`9DtN&C$@A&b_P(Bgy#dnxISys?vh4v~VSoF0(=33I>t zS;o>B>m`a}nKt+8y*r)#9G#knShp>)I7Zl%r_EV#f01GQlVOZ0{X<5d)K+B#>n+* zFcEJVvyhdiY;IjL<~tA@YkJ|W``=V|TBTn#IFDbTEovalQh0c@Xbx41X_=mO*>(%u zD&|JE5-d5!cOm23m~_LzJ(cy64NFMb>eV)Fr^8*!+;lzcn+J(`maUdhhaS`>$lF{+ zDC;0)W$r+C@XR(c*<8Kv(Utc%$Cxl`aBk2#aM_#cP!!J?{2gfwqguzl=r&zd^kUC; zF44B%lWT)r(an;p?!kQzxjyj18HMpn7%LIm#y;DuJZH0Fc}#0QC)Voz^9tKMh8^PE zQAt=E>4why=H4&P|iT3-m(NKL{<=L1bbPMcqRr@gVm zJAl;*)0087))QGHK0j&zybZ{@X6PSM^n`?xux-5 zHJiMo!V+Nw<}}L!fWvTO(TDGjNuOC}InAg^5rW1LQ|9Yvg`B%n>|ip2q3%d*K2u&N z5VXc-qFdH2Z6!eIb*ZP`0$Hlo;IP(aTJmhtwx^53!jLHm)<@cHtgA5I`x%~JQ76me zXqFSXMkbJpB_;03D#OOU!5|vs!O*>|{TR+EB83DeRr=x`L7`5C)YIke%))IN8IM(M zwLQ{%`-R0CO9*Q7RKALmYRRo;3p`N9;Hqygx|#BjEaZ-+S`;)3tzF_X5{Qq-sBqyi z1nQq8oU92bDP`33ZpspW9&LAnqH{wiMDw_M6oRag6^8106csK8zc!k!B%G>K%JD8Y zfg>NTw${|z`dzkidDvEtxY71F-Ke27J=dUfbglpsT^hI+ zdv&%;Taq=LlGM9q6B^XSi*R&*x!3jZtS?`joPFnQak2?-G!W-tq@-ZBIkK zq^L%=GVvX?r0Pe$$D3W3jKv&uO%|~Jwl9CdwP-r{g*8Yxo4;qDvvSSsD2_?XkPrtv zg{o|h=;=$mIh%O=HsB>lecPg0u0B=xD6SXGfvVbyv0j6?g(>`%_gEAy5TqX69V14V ziX^gRAU#MS%qAT!cwGsH$hu}93E7=p>-zWkvtsn4pp+hZX9MHuit%u4pDNlPy_%Ju#& zTk|8zlmhjpl18cFt>`8Zq6GA5V)1<`QwNk50v7)#V+0<35Wg`o*ZfGqH?Jv__8~|b z6Y^9bx+W9o$y#Sg{R*#XAXFisP55Vaq|(06-Y)Lji%$BXIy8>~32 z>RqpVY`o*0KEyoH^xj+}iG`!47!-jQRJ?Y7EEsHA}m!!&`==g>XMXDat zo!XlJ4!|saUU0XYDk591#6LC^E_a=DuKVBd!rCY;i@b1y?n{elYLJ%;4M}4JF zgU0;g1XRYd^xNmA>&u#brl2!YvO&DW2D=VCU>XGs&s=ddh{~y zFDvAnaNLhGJw}8wu&EQm6;TDW(_`5CnKKEI769hkB9xeVqaK8rw|s!h$|oiSp}xZshyg~ZKZ`um8K!avym(tYE{BFU2#1SB1;Hxc z>o}rYY>r5A2rlh?tszn{HG54>4b5ZW39tA)E=Gm*W!X(H>8m(;*zn{~ehckH(W%X! z?*aLjI$pBP3AmoJ@;<){VRm_X8A!LvFyDx4TzGie4uJb zFeWU22t+#E7`DJcb95V1%+Bh=OqI(fRh2#hEg)qqtx7D^2pJ=0pul5Q^|9qIy(HZ<6B_L_4)vPBsDjIetH-&Ivo zP8d>u-sHrr_0sYXARx8ais##34|XCNRT(Y~4z@S&SZ()Ag^6s@M@v?+ zuUv|XGL(ED*5b_m&J)yl<2eRnNlxfx;Q1p=3HnOi6s}xy($r+ix8x3Pd<20L;+fU4 zR3|ixYD5v9fGjW6@df*c5-xIRFb2f3&}%!iwUb#3leatbVMz78k@>cM65pI!F8Ten zVGLF7=TcXHrEIxW8x0;<drT_npGCXWahd1gH3h^zR+rTmgPOh z)xdtYU%!kcKnrlY7JhXC{!XlesMN!drVCYm#h^;HT=_P3@r<?b@O!ieFK`9d&1Syl2?Yw+CLS3wZ!f^2Ck1x%=&FvTj)HGDwqdZqb~ z4ZJsY@u6TUj*O`hbpIB@?t+d+&1u{OvRL?Rou~O2H&@bT%m2IyVt!-g0%qvV} z-(yif;xT-y$aZFJPaC1jj|dAItg{mOa$7gmz^()FwSUSa$~~o8Y2*bm*7Dt0gARew zez!r%Hmg_X26yL>iMuOvx)L=vQ8!dN1KNkQiCMHEWC9xpq}_h~QL&g_XA+Gk=4v zKu=xND^bs8*qkoZr77JnQOKxQ%{4f#H6Gybh9_f*GA=a9kxAHO`5JgfphimVW47dv zSsT;}6}}0nR{ROp(na3Ri}{KXxN}*P76^T1-*@Uaxg{(OLo@^gY^V04af8_xq0Iz1 zCQ+gmED8=qXju}z;%Ux`2CNyO!Ijy3zDexUQ&en=A0Z> zhu*Iox+yzU3~rl|*@#Z@S~qMdA`xp&eKVHN$3pyThFzywv;97PMEWeyY6Ed400+|@ z6rK51&w;&a4b$hkfL??)QzfYF_w*qTG+wWBn>6y%nD{>4CdVl~@6;|)5URn0BJNv!7vE(t@- z7xnx6lvAqkPvj|>evZ=xS`wsc73zO(!eYQ^*V}2?vvKJ*d4W46X=C`rRi!mt9~i!2 zM9BL24-zrNoL-Bg_}6OVL&k)b>p7;38>owwsusH;-`yM25&x1i%X;+nhcEgZtJ193 z^bwK06gq3-MHK=K9PPfJFqu&k@;gk=aFH~t@`jQ!y&uXoS92%`VRKM5rd=4$O;Y94^;ZY(!@)`!}WguiN8Ty8JDO>I4zD7KEE-b6l8oT7ExL-^~*L+#^!g zF(UGymwdap6<`5j?p6NXSU0AWP=HWV)~No01D1`%w5PH4;K{(G#Z#7nwg@viGQFM3rp z@KlDN>=nOzCF%EHY^D*Q%-*?stj}&{)CUts4AO#-ckux3x~jdS-gP`%wp={?mnjDzK5u)GxDmBIUm@-8A z^O@`W{mqMaA1K*3Fb)~Q=1|q~fj3TPDf6r1@0qML#k5u|G*ljX@-p|@6N(^P=e?OX z5|NtCNi4V%ai8m%emD{Jv&gJDBV{+kzXpcksh>`i^t*hJezSl)P;@7as5twiDAmJj}rU<+7{};Eq9L|zQz_JA!R21lb?Au1gDaO zd|zh8aJoG`43~>*z#FwuosHh7*h8m!p z3q-73bZD5GF3ZTbN_>ej=AVCz8Ns?k39ikkKu0>)AYN{^6@e?ef535g=qFfQs8KkH14RRyx?KSPf}2z zHAQLsJHW!EGi;{OGb&LI`}H2G-2xv9((9?(v}=M^sG#FL6ic%TERR2!dB|b08FN*a zXkX`U%wFB;ddYXBo~!A3;f_S3B$J#`;DmdyeF81WV z38Lgs=LJvtM(*!yufKQy4!F!~cE%^CVq)?Owj8H<@@rm4Gln%=&pe&nr)=Kk@^Dpu z6h2l6kK6+~5QLbaYw{~fh8Qh0^`O-^gyZ}tW#O*Nkr+P5*nhQTiGfT$r%?>^{G@Xg z+fl^LSB(6?*k_WqT zx6Q$;K9FHnIDR~oGT%vnlh){}bW1?l9e2|AV`b8VvRTOIzTq0qc&^{Q+2-;?Qp|uS)GdB(yGjh1V2F7fe|*;M@3i z@6pZEusaM%wjShkqz!13eVQ{_Z7peP{?NjWF;i-nkx1C|LF0!B#$eE?X(p!RF9d8G zE$lp2GAXz4&x>&Vbebz;y3UrSVK{H>QYAOSTPg$QY|jT(@* zTWL4#n}9oPej`Z}GjUzYXTP4iKi9HUUMS9Q=GjM~4Y$EI-5aSJGq`zwLRLa;bg!|O zVCnf_==+vF=EA-VYgWo)xwTDkyUXu1s-vfhA5Hyh+iitcLv^|NnaRTmGh`9!!4CFm z3<#f;LYs!p34{3seC9&>dh}*p7n8p{7_Fsv96FW4 zo_p1}&~Z?^U_W!0>VCn3dJlrq0E?{L+_P_gz6 zgKmGncr?hrmbHK*z?3qE2jdA2rt80r1qc z$#UZf;t_*YW#rskr|sQF+s_*_K`q6wR3vk)Vm$frv6HeFu)Cmx4>OL6N3X80feCPJ z9Mp7Z*V;u28A0r^oPk7utihCu!=R~L^!w3o!xA2^TP+EA&J`GjD|)3kv_l&2PX{y& zQUMk%O3<+gp$>r8F%+Pj3ry6pOLR%5A9{L%l3F7jBT1XiX&lReS2d^R;AHs)4yk%L z30dvqef~_&A)%fX<wz3UpqmratP$?wt;grC#+DbxY>49hd2)47y-*{2`aq?0eyy z!X(XejGvmdXsXHA0NxcCM$D_rFgB%wj)A5?_W3&gYrtE)RLM;KTCU>Jwx?R#uA}s` z+lrPR8meDC*zQZIcezJak3(!rsWXsM=3IZVPR3l*r==$w)r0$S?~;#UF95TDw5H3$ ze*dpsi4^@{kZY5++eRW)&V-86)d4cDVR9%bzsH`d{zI(Vjbk#qN5mx)kJ~BEvt}sd z#4N;Kt^>O`JR-M^z9Ki0jYWR5t@dT~#^YUbPDXvCFoJr?>k;%Pj5s(5=lzi&#I*Po z`qjb?sL|=FyhPIcSvr%_g_#jTj*z>$<2H&FKN?=IQ7Z!1nX}dH;7oP~^sl(;eY` zgk-RP6~A_E+Y8G&R#hN^N-fZHzVqU=ng4vy-esEkcD|Z&o|WvATe$b4c=6FriMCIP zNrDKg>2RUXn-iw_M#Q(MK#-^B^AJw@S)(9~twp`@&uPYiv);JLvNlIjgJwVWy5^3OjQDKGV``E}lK*AaTuH=hk+e1)kL)a|_RG;#gQ2?P(Ech@I zZO{?41B+u|93SroOY4akBfYq;Rn?oIAnq>>%72w3gLn*@k|3EdFYFR7qUR$yCgR@* zfyh_vv#0Rej?)IwU(xUdP{;xQs{-#`6_eRlhimf2r^i7H>B_1yuf!Mu*Bdeuzt(ar zsDh+0DVkRit)}mG$q?}VQY-wfU0f{64nZY){{fQZLnW6yL6Q%2s(rKUmO}=6_+-!O zKiL$w>@NbLazW(#4)-6h$oS?P zw?HMz2j`4I8k&;;`_1EgJ0Cvqu#qh}BENyCm1o8DXF!byWw%`i^3~&p%<%^8-o`EF zbR_Xn@>XTuc;W5Tqg}+_Zw6O!Y8(o^Twk$T&Qr?Em!c4Zb~hIe8a+TDxsj1TUD_#{ z5K7bFLOoncD~y0eyn0@ap|1$R6Y8I@e^THx!n(z#b$pTs)xGVtl12GmRcB(;jQ zMUdF3rne2Q=K|GW1lHjP<_aXJ0rSF-n5b>b33-v_#*qd74+~VFE)5o5pAoRww~4|R zRdHKPdrzwnhF6aZV7Kf2^8Hn_wXja3Wn+CKwA&fBJ`q2f6cF&w` zrwwq%dMW!8Kn?qoFPI_mi7RGli-#+}}{S`3i&PF7ipG^M%O6?TB$|ST3 z0tEUvpN9)I5~#9&GOH912B2y7Yb1`7xrvfLl>W6&}Z@8nU$QI#Eu4r zg1~bs@;fh}>SE}MVrvd?=h*V9lLJ`bk1wVeP3mKB;#-xc0Y|_MuJWMiToJR$RE@O* zze*`g8|p+q&A^_N--6Y zzfIr@E0OEOEFQxqn=sKV3R$`zPGr}*d(-ncz=R(=$9RYGeyizWN*mLYdYLXj5l!?y}@3 ziOiRQBrbI^8rZ{gM-KfG)VnIZ0f;}&QBX|PJyFnzUYXi`Z8ip(=*hzEi&ttKi;9Qa z8I_fqF@m6-NW#8+9?+{f~y|tQ&D(^H%1FpobB5K-*v|se zTEkmlwbdab_WBwU7tYPB)vbQf0QV`)KV&B2ZZGZ~hF`%ZhvUpjFYUEp&>mtAakxG{ z+lLL~!m#wH%MBOHgV}35kBHA=pYf5*`N(4S2{eL?+d3>pv2vD;$PT3%Lo~EsZiV{| zFwo;nD@!(fUtz(LdE!zxi5;^)HZ@kGe9P3*1+dlKa`CwgnQ6cH zy!RzG$_wiCohKlsK0hv&Y@)m$?zE6eMObzq1}t|&W#p*YZN$(12tMOFL2*~~*=qAF zT!r|=huJ-dByp_V2+hy!j6y}FeUM&kaiL=|={}uL#!Nk_Li3VblGC%4m?j(NN`A3} z2QJwbML_>VzTxjU={9_Ff`YFrR8zONoX^~~8SA5I4vjJIt(6O1>WccWp`<%hk6+6( z%{s(IIR1Xcr0yfjPWS}KRLpl zD7}q_)&|4w){-}Gfk`97&o+xh0qszj*FdolUu9T0vO8U1DSHfGR&-hYXhRQFChT|Bf$M5EjN>^iN<|%x@*^T`Usz!7 zX;r=vYa^cPg1hs$Vo@_ILu_E`mIKriz8}oFNaiV)^uMWd$m3X(TY$V`G0aSH`yv#t zAfMx0B=iGUo{JAsYc0!VEb!};=%6wD^Aa{RGPOsMR@H?6$kGydRJAe&*ek)9%#t();6qUlbip^>U#C z0*fz|$gXy0_*cax9#h5-JPoVY9&e3pc4UWpK-yQI7rl*{nxrX+^jp^BA@Kc;SD<6W zg5jA<5Af|;dUI>7!FMq1)>HJEW`g)d)_kF5x1_9}zoL-x{Vjjh$(?fp&{w&pl`g#XH59M3}Jp}~4ad{$%0b_;H-%RGnA3Q6U{qOvnAI_nI z(on@PwVn5ue1w+2y+Fcnj5#r_i4R&T>kcOpfA4P?DEEP^ACoXf_jryzIcl0L=UT{1`GyHig(CbCf2YbPGf_gsyUKE|+g`&c;_kK!-XnFfX@XZ? zf^IP_zAH7UQN1+n_S)vinYPf#m$_X624|#{D@bwHX41HY8?FEZ0h^NS{yE`aNNw|t zAep5xzAl>LwrY*Mv%qD7TU$Dsm8D}DRMw3A!cysfTc}x;|6D}VB;=9MXcbO_LHs}w zUTTXAW66cmn@;LW=6=t;0UlOQmv{KchP>4Cy#M6XxKj~tcj>KMw$*wgY&5qu^Mb8* zoZLhY?OTsaD~qx{IwZwc16gozmbB74D;*NsF2qQqKN+COP()sR{|Q6{Knm2|3p;`| zt$ck()shdvXb>S6Jxt>~( zvm9P?HvH1A##a8t<=&O=bV8!dbf-wtt8muU%fhx-{;PmDSMM$lWqr_4wF~3mrfx90 z31ZWQ1e7gZmlr`b)Gi$Tp*K?C+q|D|F=rVG2qY_aAC*!6yhal6j{0#PrUDucZJT&x zGFI!aeq`X>RDjlI2TjT7;GE2Dch%Rl0<754xJP18AH#(};B%pb-#evr z5!fQH8q@$9?QO9=oEXGKJkI_i)wg=J`pv3;mU(iP`S6GXT1;~?rJRhdCgO~>$yaz> zc5@jlY|+&}Bt<%Vb`BVz<52#%6!C|#}NVIA_n8+t(8zr)$iS~VRos8=y9|gv8?)nHq{0%1s%HI zTbFGp2PHDoD8l^2k0(MwMr+te4uQra!|slpoEqAUzq#naKz15VW|O9)UP!@g{y9ez zIx8oRGLGz<=n8!!yW`4HbM+QOycR!&B-FW{Ul7mKDnpp9>j9t4Tzo!d`tfjP?aC>f+tfR$V1`KETO`l8 zC6$}37jk8z6D$2YvM_Jq(o+7?E;0nWJ1>w4Qkgn7mp$LWuh-bBiw2{}vFr}}vqwHG z=`kq;ZG%V(pUwL3E0;UejfI`u>~f<--ov>J2~PAk2oC6jxoxi#qT~b!4H!JlhCS}s z@8?g+rmyn{e%}a4WHfy=@E~hEu_bj`^Aq!m^Q==ZNm}l1EzCRaT7`|~b}%uGS*3>z zzsL*U1OCY!Ua z>|Zq0FjE#j;9qsMa^mSQLO#GB$i?ntY-;n+6iW^2`}uA;Jo;=suM3q(ef3hi)z0e- zBU0Z9G$LiTKxib}2C}`;42gkOU%T~te zTs)}D&W62eRQ3i}=GS)=;m~99|^eT7x_oty^v*?uc$!KKUzu_rPsqx>m72>Xhg5Cb1 z%J`BC-LyJqep}R_RN2`Vd*0Qejsv=4vlL#>>#zIDhgHL=yd`6CvKpl(=$aa&lDDlH zz0yo{_yQ7{c56XXhR(j)9_)d_GfQO-Iok3MWxu$|epx5NgP2@v#^zORL;V^ z33n8+TWl7Uu-*x0tv9_wLl2Y`Y33dEyp&%<+w%Iff7w0Fwl)WSKt9{?6hkNIiEliT zGPLIsR8m{K=@7C&*<(o9hN6eE-7!SC3$H%7HFRg@7mGSrxzKEs^GlI&nYn>8DKQ!T ziX?=g^nR%Z(qivXr&bl4ccD*t8-=Jd5)7tsrOgh8lF|M-`P&paRZoUzfj@o$dN4|~ znl4THf|h{^`r=Cz)ebTEMc;sE+f&L}^8ixBTZTc!PNrR0=5K*6<4YA(lg{%?4n3!C z86KaUk<1IDG#g#*k~y1k#&WG#k{`P8^(GkU=UK6lpW3hpR^p-!UkrOhn+GYry7_*PkXx4)nfbI9B{k(kmX57i~b zlJx;42;%*Rj%0*PkY?3ie((}PSa{VF$hZK@Lad6^RJ;`7y!$d!s%9&dvhOJoquBAY zwBTPxcq(7iy=fkFJ3(KBdEgD}OP>R1K&EUb&mvp7z zmM!$MMB!xNgQHAZ~NCeXv{h#=%e_hSz%W4ZC zBC{_88vgy{{h!~DJ_A)8YgtwQ*GTwpzkvsM4HBXMcVOTI{=YN!zemXb8)N_L-u!=e z<-bin@V?3s4^b{xWL$WsRgM2h3&;A=N>Y>aad7Tz@&BBKo?nTw0!T}qna}KG{{`{( zpLt$baYCK+nH8oDoOY=JE>zDr0t`eDl*QOd=SKM7v!$LVbTbMP6o#PxdB#LY04pd( z##-Qie}MnG)NRjnCIU^A|DRc!6-=3;;yuX!6^QqrKaSt?{L5TP@b63CfBuPou#!H5 zDL*(Y0{?&J;J`d{aDZy@AJKIGH&{-TQ13HThmeHn|A&L~OtfnIW2pYWZ})$@!vA{F zH|lv&W98BPx8?S~Iei$oo@D{~0YwNS)KS#_zSJ(gMEBSK*GQ4Q0 z!T)?}MV`q~z1yx7|CdqmPlgZ}8{ljN;dT7ar#3(aoZ6_-6On&?@c+Ga`nOkn^${|W zD4GA`Z@ra;qEjo5HXqL(2>C(v4+>$T<%ip=Jvu_*rhZTMcSNbma!KLxNRXWHut@?A zWqXV2z1$C>bA$jbyc(+++69mEF+{8J>@2>=zec0d^hRj$U;3sCH4fu+o7`bMbqZl# zy*K+>s9mLL({P~rjQEKBoM76~=IwPSnJq)eKkPu|{LH+Buv(nwlpEcBx_OxAPX6;> za6Y%{8~wOhj(KYQq@C+`lbYH5q(QvkVqj9)vU^&_yVJAWJyD_-O25&CAv8dFCI!N= z1%CVo2t*P~y;MKlar-(Y!oD|3_*BLhigXmR*eI5-QbO_ccvsSMf=wm&Rx9xQaG?SA zTce)O&~94*@7t(9FzpPX^32wMONFWKj?shjqCRb-oZAcjC;`ck=UA_+(aCrmCF2SJ zPmxhqWT;}L^EvkPh!4G!(KlOGtG9e(fFJ96+|u~`F@#J`-RUD{R+{s-zN>;N8Q#?3 zJ8<;h-`H0Dr=wSUBv9IaK6>Y~Aev{$9Dt=<16TIOV1k~L_S5}?TqD=kV6r7m23c>4 z4yo7s$V|xuMS%UlXQD^{kDEy-4F*t12+ib!q(4IuG_v+@6Wi1ZKR1=fPur3y+YW*Lqzf9~}9 z$FTElML;3slhhD@0+!3nDEj_)h#R})w%3x{dN1<4a=PaLVM-}7pykHI4ZL3}@Kbxi z&Fw|VO0t*W1EcBFy~J2%GY6%T+x>p3{cZaakM$EZr(Min%6}fq-(jQd2pFu;7gcB> zVkuY8v!^csg)KnXBu4|Wv=Sl78@Kk)&*!FfQtC^8e*xPT<0JMozR+%k@d(}##WK?? zADrjoMELolh28I6_wm~(zUPM?zS9J`kI&os6NFaH6~Io4M&4rDb^wgd2HoBfm;l9> zrTI(Z|ZFYmJDd~)XP2N;T1pt!%@S%aEEwao%0{$nlq zOu5OAoD_G~w61!zS6tLd91y%~?I!UeyaX0e@dLb#m0$n}f;o6d{u)$EH|Fck z>KoyHqcqsApmT$Cxd=+5Zj@-nx?GKB&%pgzAjN+4R<-Ag5#7S<$2%RA{bhF#P(uAJ zyW-sL=ef@b)6om*e-N{NH7s0#i*_q;+~Ybv#QAZtF*5&Z1G5fb4(9#fJ?SS{jZQhh zbDo9!(?L0i($#3uwc~PDWp5qgxOMNhaeRqe3UwD# z@9P_v>tveNF2gp}-|i*JpMsKy`PR4cl@bBgk?9JyYv1UuCQu{YJ+PR*O9T1?BU{z=JJKGZ){yLhq48Ixt!%hdnP zrSI`a`N}roOxC>2{6)*eX|IlXrsJ^3M)RD_xrelN&1plb@md+1{b5OH^wpx)MjwiK z);9Ex%I(73&n);)eRVBNQq^;ipTXlxum9?ub(kjyO-yG;{n{CqJb^!o?qSn5XOb0Z zRyKcFOO^h4aq?Y{srQ#o&ycwr#~DfVrMO(nQT|SJ0&iqreMgS*lH8Uu>DT$xOG>x< z#kut%KEkH#@ef2O86C9zS`kmQT9c{YyY4>qlW^*kxQyp5-Cr%(e1bi{dq_BAwVqR$ z$tY}(Onne#&8$-(tz9#rDH%)InYwm^vD6D_QjJ|Q{Fb4G{WN~l^4{Ssc}~B7AuZFs z;pw)jvF~G;VZH4UqDJPUx4e1XMbO^*j*R)n&E0t48<(6iJrirPy90C`O4}C(PxaR& zGV`A5)v4FA-bz0Y>Xb>>uBG#T&3h*MI1QEf+`rM=R}xrcic_k!aAP&nr1^F5DLHN` z+?sg!Jvmv6yqleJ)hRVRNMGp7+&a z#6Oh<(Zbg!kGu+e>=zefYsSYPp8KCx?89uB(xa}$CUD^xV=6#Lq>Bo>bP z6)?`s&q5~i11E}<=4M@N20;{@`}uwmy35g&3azT=0O5xt&<#4yyg&3xL{k$W+?8y14Yaae$R#$XT9|igVK; zI~>o6YgAygnIjxtdfWn#7sex(aU>NFbw?}9>Ed^we;=bPmA-@HY36b`rUH_i`Ii)Z|>m^4APXefP}HQT}VsD2&ehHq(Ca4n2yhD z-D~{V)ndICbnV!mmt3GdL;V1cGA70KL9tFz?3q-DtCzbm|4qnRsO@~TM>Nal$@k>1 z@X1UGgiJUANvxfQjS?aqL(PcKsQu@gmj@AmQM@~tt@;;?Vxq_3-la+C@qR2vPEJj1 zYbRH z&#pr@I*(44S~!qvq0&;-^cIck(k3zWpm(Tyz(!w(>=EG2Kwz{$+Ge>jHswZFb9Hr~j75mSn= zWI02+bGpHJbGG_!-(51ei#Ky96#e5?oW1+2C+!8~dva;Zmb93XlRbiC=K0&7gKvgX zeOlk3{g9APGgXAfCXRjmmvN2rAuTm)5*httjbYu}SfgWuuJqK*u}r7iXb~y%#@)Nr zD#h7O7N4s~ceVz_Lb;-7z0>&vFOzmPi&m(OiG-unLf*G|N?9?@@5sL2!j>oG7U_8q z(efpJq@-hfGISI{gkw#MLaXM}_&&!Wax;ZcMapi?h6j=JQFBjVG0Kj`I*&ELzzhqR zed^(F-%-1f%5dv8yAt%w^4*dokA@K;o{jj7M1cQ~#~h*G7?La7gSU zM4?C$E?fE8>OFm$fU#^@%d8`?0soFJcrPg)L4eD|LoG?fVey-{;~Jp{o-HQ7^pOpZ z2#_d0(5z``_U|I$E>4`ZmfNnhi=C{#hfgE-i>1k|T{W+{55nD{d-wmf_ts%iN87)@ z3JQpbB1o6gDI#40(k(CEj3F=Ud&NazX>7ej0js%@BMzf}eU&wlAx0!c zR_IUTX*<#I$IS+e+Wi%W=dW>}Q2e%+1fNwA}A^W;RLkw9e=Vn8RU7t??3Kn$iud8lE{j^?) z;e-OwdO35J3Qt~rWAlSlfa1fx7guX{y%yqRROFyyW>%-^Zc??vGKX+g1P@{Ry8Q(y2@^R*h)!7s)K2cA+FVDs%Z8qg~JgeiW^ea zF-`HuIIH;#DEO@4ef%L;_DjHmB4bX2Pc<`agK(mb9)tZzS<*0#DPX}HMIcZXBl|GH zyp^y*lkrCr7XAt_5c6}aNg2Fk7ehY8jaDr^8$1k;v)SviOE@3NEojD6%$0;TU&l_& zWlk|DXO#Ikx0CRd;_oS91x9kRRYt5AxIRbwQ_#;;U)+xdOgw?JooSN~Ur3c7VgGJ3 za|w|F@7rel?V)5s16Uw!wTk3gv$As1^_sRP`_kK-?xGVX*99Xj-3~F5M-q+t#1Y?v zyv1XmM)%mgm&NgD{9qgq_d2aUJmgv z7dw~^MAztLw;E3;$tMU-el`XgrP`kU+&Q(Kubv(+bu7~;PP{UZK7Jl!rd1^xghkAC zrHXj+@c{jhJ$mctH7kA$u+ff^8I=R+hSvo;)xiXfz}Ct_tF|EYUAXJRiN@UViwP z;z`(>jNZy6ff3sYTpZG=X;8V_5L1MpD4BR5P8@(&Mkh&m9{AoCzggKSf>c1Vj(6sb zF1NjM4`J`yehF;!em$*CfgJto=W~w;yp`iJlUXjE%8hS}pOF#eQSrDI9?t;;D{<{i zw<)#=hv%-8CE|;rf{4Y2yuj5N5V-8R4B5^?IDzKT%@{@Bx9Gl93}`1!eaN|S>;G}| z3Z3&46{dh=J8ueiw&T!ljA!~VNP+5lWrAmAQ=4iBn=VurypFg6l%RLqC|`F=zH{z8 zc|2%;Y^E@@lkQ7j$c^*V9Mi0V3i^91ALAX`L-2!M#tpw5uX75|`5SSO_6ZyYcFg-y zl}oops{{atsjg{~?$#e|xmoesS1I*cRflyZcW$Kf>KRIABjs@}MzmYhjk!eFN9E2)c01-BI0*yw#~_}2PZ8IvcGyk+TY#IxWP zHVNmy*Rhl5z**X|;OYXb@jE=keYXpH==+B2)BY<-iS^;6wI}HIs{3!t>~9l=&%XhH z$!Rh*HvZMI1UW`02sbNJk3b_+;9T^GZv^a>c?@xcZ3&%_p@l7WzsSq;|4PiFcI`Y?|41w)LAV(4i_ z(Dp=KOLo^yu?Am23?~wI<0O=cUf*!oG-iAS{=DC64XheVFuAmV<9#Gyhfd8L>5NY{yM7`qnr5THS8veNX1--8;wQICQ*VASa6@k$8T8 zbNij>?Sl;!KrDQtrpnO=GlQYC`I56=&akiKb9IHQCm;)Xx#*rgC?ue_0;WMr`hjqiY(t-?h5vvYN`45zV^tpdVje zxD4jKWsQ^bI8XIPVj*@rJ8`Y;8@}N_c}UHGalAP^Cfv*M4XaL0VZ3|!ajp#pbH>!Y zyC~Z^A%xw#3;w|h(T2Nae_S2W)^@;MlsYe>F_)#`Xce8S`kTI}ZB5{Et{>)9#a$-S zlbQ6+`}rKLi_1)bNHl@luV#GkY5TW()$lFyShpjW5DP1x>O)};7UwR%u`I^B#jM9i9z9-sO)@cD0^8C@jMhZPNaoNc}k#rqvLzf>l zRB&2ut!j{U?)c1?cmniRwT65&i7{r(OLFp2tUAkcGqvV8U50ZC$>sSOwv6|FeiS>s z&f2qKyelE|*|;s;PZxbeAP9s=cMg^vD-6sZLV&ITllGF}`u*TLSA$4EnX4lv=_%4Y z>S3uclV!AsC8iIlNa5~I|7G!v4*LunVUw0gmON{*zH%z`kD{*T+NIGBN@0<(n$q%9 zg@O=#2AE{x@M;x*I>}LkN)LD{$Ki|bQ^hJZ$l)r;iEt%edpdwwAG)!hvLcJiHxC`qFzImq|Zeb_S;No zUfeTAq>|pP{o`(oMxF|y!+`7aox1Ex`x_d`^phWVUor7}{f*P86tW zBx9Tz)=ljPdI2>Z8bp=lVyumUk2|QkGY69^D@(LF_d8(8oGr>zYNZAW2kkLG#w+H3 zIN$!f5*+qOCvwi6|G}8W(iuj^>k%MRJuo%Sp!AB|p8`AD`qeY7kNq)Ti+U6j2fBdR zDuM2BNcsbt(Z&K-kKts{RE;y5tVP2ZG&$lcpVW=3)ik$?*NvDF)_^D`{z>THb)c(zy^G^(6w$ADXj)SNR#~PYW;#YsnfuIb z&dURXHfu@++a6$f{}z7-Cc=(<@}>+a2<9LDgL4`<-%5oK8k%TDM}N8@5mHhM?M=QE z-YLcJHjP$VWQrp=JG(YMYFLW#d*K&gSdN*ezd0C2D(_zb`D@!cO7Vp9T-oy{GeB}J zHyfH+Yd4ND^E?G~B@lThMR?=G>8YG(3HL>GPwd4am3NaIj#;8zuIjsiVaDp0>gFTtR~kFG}XUSkFrfcj^9^SX$712|?E5nYqt37*;4Y-BM|y;Ef_{Upr`>b9 z=s?kZ)}LYNuoIHB)qY01Dq~u&Yj*~t1cNSnnBb|ndLPxs5eYYCzc>Z7=Y0ER(I1A5 zOER|^BhjMibTNy~FU)5ix{V$|X+yjU^&+E+aNSbx0|HI66tKmL?dk3xN;|x~;Nake zzd^4kam9G^TLa<0-Sx&ODHYtAK>@S2G$&F$9oY7_$vDN&&D^Vw+OjmZkM;H%3BS1L z>g-Py7c$2>qzyT;p73Q6?Ko<#(Y(J(_(Bk z;DS(=#sbNB;;uSe2d9<-#eCf+V@+Ot;;{hh)08Xuu!A+=NX8tmAqG?JwcT5~MZ`QQ zWbQ{9kfnT{$P7EHbv#dC({G4D=AYrZsHseo`jV^o$#)einm2GM-1$b8C{#7dJW-i% zF)j0SwS>xdeLklf6-q(GuH5nKlg7~3!G2uQ^O+@dM}5^_IAxF#39x!4YzEY#f1R^C zRW4L_bV{$eb*soab#J^CKb!kdP`dd&BL<2(NEZZvGt1x2NO2 zp<>j%;WqXDAy{OpLqYu={9K&Vl#}hD0!C@+{R^wg&4Y!p=kENa`r4cm)(0=9^bBOd1>w&Ucw49?y(>~0M7+A}Zh z1QmbY`XQL^C47-<$&Gv*SLER4=qCyaVm?}@o;t40?9}M8J~QZZydG~*=;Qmn-}b#d zC%bYu!};BUK~HPQK;VJSG;M1rTpV^lU#;jkb`>EGJ6X9hf?hgY)+e*CyPll8`cST0 z%hcn_?B8L74Pz|#2psPsExn5TKT5omZd%e%X&S$`?1z{(Nc8o-qC;Hdx6hBnn%tO= zWNF{x=`=_QZjvR?b?!bPE-8rj;*fm|NM>*u z40_FU>-ek$5b8D6iU5ZsRpmyHKD@U|!#1paw?D2+bXZSit!oFN_O=04yyKT|m7vz8 zq;^7wnk2N)D4uG(n#<|SuD6T+{`NG^|lvWE6aDr>zDTawo+5gljPss9v0S$*r>$4hc9TLmKQgv)Jtl`JFCz_k0d7%&T~ULz1Xo zDEy&Wp(=ItT*MyKbb|cA{DD2Fgst)>peg)oRyEB>dv_J_NW1itOyFd?Y18!k8f9us-SwYTR%HjQs6giCaPV+;W}D} z^R(UYndvy9#r(5_P(kyp+?QCKLHWXhKMvT_3jUBVNuIo-1Y5qogZDT!^v9{xk@i-! z6Og;P%h2~UmydL5PSxJpthvLp;s^2kH>isa-x8Rrk9+4`A_6GMJ~a)3$ph5;zDl?m zMhiOL1|KZ?Fl9?!5Pju`P8_gt&t~xmz1tbdUZ*Z+XJ5ZuzaDhe>4jTRmwf+U)){0Z zvEci44$!eyRzY9&C03i5+9rJT;@bmsZoWrXFMa-mnJ{1PRYH>q%NqAn%iA;L9m6|d zolD-RFy`qrgpJ^ad`RzXcSKc=-&E5 zQE?PB4ho_0vVkmDo6`Cr=?wCfsE_s{ec+>1=tI4YB@hV751-nw8a0>)LDEz2@Km*g? zy?<4r`f^MDt8)+`##|X0ROCFA4_?ISf5>wsqMSVIL#S^f^tJ&Vmk!T9+mGb7nOC@_ z-q3)|Dz8xie5|m0m0z=i?!DAgR>D zqxNCAed`k|sV-Q&YGX>*fX;pnc|k+&TQZ#_Mpl_^5@t>4E)-k{De1rA7(W{WvtK%i z&_O5Id8#Qcp@N)U3xcb3&aDp-{x4)a-|?N5y2p1!Y}@?QcP>_uPV^r1k}AXnF>F~4 zgowXk$XJ}>UYDXPY?9c0hzL%bij~odE6~rFDlV5HfTn(!-viGNu+16n^4b6z4{V9nqGSHhRSYc{j>L(7boIb$q#h?5}4y-FoQ0 zebrnl>vXqr$q~?6PosRMYo>3PVk`Opu%K2t(T}O2?yyrHLa3VGiaWQ#U%cVI_P%G; zMIK|Y*qFEPeXEN;SzvjQUY(Kdo}A6!?KVO_2nUS>&X3Rp!wb;C31ZRt&4Q)0vLeV{ zbV7DjkqLsa<#H){tLjl)XIc=puGZnf6vD!}zmGmZGcN^~zFbzfucX)9_x))Sg1?I> zR`cZI=+&UWL8JBNFshTzJ$Ww?uD-9=*jTxkTY8RwFfZ(d3v>r&AD(88yMj{#A0OLv z>x^#6M@tD0C?xLL{Cr07^@+Y~4#<6&?08I$eSU--N)nKv?7aiaOEJn-Ot5iVYAWh6 z7M>r1*j~i%RgH&hyKV_Zxx!>Tp!mV-g{A{~X)D%Q#_H#SE7??Lr7*G4)Aior6tvRI zpeR`}<^T+W=M8uiUbVwlspkf3p1PTW!ZJOH@Kd@alUSEzQn`jFXA0kWLNEkwBLgc) z&JKWFV@lE8VhCHYv#VkBgeUNhaj0evOv6eI?ygOb#D+lKZOX3FP97$vl3nRdoCD{v1Qn87CzNx8(mHphUzfg90^j6-CibT*xI{>4 z!F%WHWTYA<*yAS9KVDE|jp&gv(}I(D?M7WZD25sRf1i zGBshpM5?sOo_KmWWGPl*x<;`-3$;Yt$T;n7h}R>ipSO`B5F+k)5JEzj1J6~v92Pj( zi#=^=nFvO#@Q$nmPmo%Ui2F(sRXAHz!wBa9py| z3gYV0kW;V4J0&=t+fHx2e)7&=EHwMNWzgNDPR|}GWM&um)I~A(YOd^-+j5MC=r;vh zKotHH=J$gP_%nO%Fpkr`^8#4>Z^i`E(pR4K5wHif`FFINSrNB8f0zvy?%v#^e7|mU zp#J90$Nb>I3|#tUJ&J(&#`AG6NF3MC$MamdevoC`devLdJeT(>dxI6;q}O4)TBG{X z6#4VaxN22R#P>`zSD|TQ{^JS)b!9z!9qmmVaIM6D*YCGsb^<>R!($hAaT0J=Ub77o zY{0dxNV#6{P?O^{?xx?|CA{0==CImq{P#Yd*Y&Kv|Idq&8DmZTTTtw*NM;etWw(s8|F^YYYnKGkU zZUr?ZgO8PFLr!TC!dDC`l+7x&rS5w;2FXpPCMi~4fD$0KaZ~qX)-%Arexr9tBzR_u z$GJI_cCZ;^!It<-Vby4@Tf(kMki4U`wyu3u1TTS3-eZEbZ=m)&L3U$+??~=(#q*Ha z=EeGWHodBMn8l9!bz7amqp}Y1I}K7nIJ(tVJ3p^yI)ff!U|q^C;B#@2bsY zT26r$F<&lI+?TkTywZ$bEwMiDe?Nq83^>~~1V5i! zBcAV=i?C2UHkMp@E7l zvD|gvAnbj4fNC{dPWX_vsb>`AYnrfm?euxIlg|-Xo_tsQBVUxXJL30DorTKf9VI{A zm7$_Ja{D|Marw4wc-|jZXwQ5=o_=->LD?PfxJ5}AH8C0U#eLQkt^e1kPQg12N4nfo z(rmmhO%^6g%x2#FNg}?e#wV1U7rhq~=i&=Qu8aLWPIa(#ufY$)VkuFVd(INoi>A|f zju)dnpY5-*=VRLs7dZC~;%;W9LC6BeO#nnzVc(Ta=ImXU_L_ho!KkC;EQC)V+fTBK zv!zg@>jK@rlts@DW>~|d)5Xf%wjjU_O6~0Q)g4tfuCh5tSl1WaE*MLUxNsvUC+-TS z4w}J@$_XX5+yI(|S`{e};Q333_sJ0mSQN=bsEu9Uq%@oM*8GhDX_PjCx2%lNQCVwv z(A}*i*ZU?W^88@nSk)-JUE#0hC1u=*L#b!Mi1^BnZvr;@Z}YEa`!C{WDSv)iNOu|x z?T)m&kwph>75#xL^K)oXobK2x%*!RmL8b!d;ojC|3QXK*gAz-Lkhojs8f>8pkL5+E zpX-XSUptFgzd%~WcIE<8Ky7$zL*&zvGQi@QR&TTXjz)ygjj?Rp{HhG7eW!1U0PT=- zzld|eaN6kHLqO{cYp$?VDa7|dc7Y)bz)x9APYYS6*mzMw2M*LGB-d%4q{BpH1rdY~~Q0u&CvM|+}Y zcYD-LnkzSLvS1DM(Vw&YenxM5$5+I=b^^<>f-L#^#!dWHGYZFEqnF1Nl*IhCV{FE>mmD;! zQ6gbGUxfu5t{-?hZcN05byOH4F;2o&^Q%O$VNa-cL;Diy>!X(oTklh`1F)U zQtm?pCzgftX5*HI>;6LD1Y5WSg(i=l+lVN}lcS9dVkX?9e6Y!yN<=g3>Fb}y7tF~D z695mz)LVY|uzs>o69db^Z*Zdq)N3_`YTp?m;3SPAeZDxee*9%?xS%^np9M)kd_ z*K&4G9W&HA612h_Z@Kg-W-cKP4j@;22EA_a|#|bLNefc{XZHJc5{;SSs3Mp~T%gL+9Y6FBqTs=bG zhwu+ER3#3yB1H;|))Y&bKAE-Ky91P^E?ZH%>(;;$*%bIGR%NJpu70`Ts|T7~PA&-w zSQevvAuW}@KF^>ZHk5wjn8fh6QPZe{$PAilD`Z}AmkB6fyx1i0t@1kG-*+C9F*QWN zUUc^o0c$2Ks@1Yd)nJUIsqsUTl(mb!VzqH$gyGFZbiw8XEN>q29`+tjPWa|f-1%}t zGhPL9+r<_2KwzZVjefYhqp&DL;xTp~BOk zIN5ZKpA8xq5Dw_7eWm4qNr%aZW=e1h^?|bG#m~!U=RTsnghEwwl8@R#HT@!q%MO|P6 zUnttQzVk*n5Sr^ATU`%wLhEmvFW$h!b#RmfiruL$cH3qz2~Rlhu3PMr0JdVSbZ_;A!46)^?#vGLpOU*P;RKGg$;QAK#Qg~&_xo#P z@}O4__JSy&j6XOj{-nXcm14*9y44?-&q!zBpjn{j=4kBunRnChBaBo%@ljP0^Hs>Hj@|3%xkkm&=R0sY zjd-xlmhwDK5yP@PbRTR?H(_(t1n2cxyrPVyD z{sepOK8z_C0fj-zRi3Sj=^m3?JpoGo58#{mUIv_m+Kywo1LP1a^u@R>cK7zY#d(=2!_Q!9i;Y!xGFYMyOG7K5jWT%LioUV}oH7PwGE?WpddICtT$ z>b~lt7t^D95bc+z(;Hy*v1{BWaN+=0`5WF*dUV0>Og?7Lsk^zi0LPFskjzP1gNVXw zue@m2Hb3UM;NizC;Bpc3WBLd>z_7fej+bGHmUce=MLI}1EVP964ezC*aE^PzinMpF z&qZ~vVhVrGlzOSb;xh{Gn7WJAXl2%i8fiFfE~;Rl>W~zR2M-5&*#QdrxzXVaJiC8f zfUNs%i8$yeymm)&;6#wr%PTTL*yQJR=On^mJ41tt2p{rSUOVF~Pre81DUHpxx@Q1L z#Yq}VGT0HRp@hOP#}>;_>452ck7Cr0&nNThI%I@0UM z{x1AYj=YWKY;{~jB;mPoeV&Q-GN(c3kL;JCU3hY^(WBIoW?lKaA=^@ury_0?%Zx|(AerxFCw z-2kDase(s^?A)O?U-BeiU!S@^D*e;FQ%OCG)udQv4{F>&cMBR5|M{%=_sWjoz?o+h zlw*7u8>Fa#87e3cb8d2Xi%Q^;lHKE~Eda@#itW|JXw z!2)^uCY&atPMj-EIVF9y5JFOLW{r~nQqqc4?62w3(@U0fkuRE@XJL=o^a2GN)9y~- zpDF5tZ5N?WcT9@%Y8pWpx*2+DHmrt{t~O(xl||;Y=btoKEWn;R>@XYKlk(!B!LFr5 zsK)KOU?kLY4*`^rOoi#o?kk**d|cQNVu|Xh7rvZfft!{b(^?@{DLg%#$4iVh1MiTV z&1V}Ci}Z7Wf`u_<99CR^)ws`7Y9n?omy;wpO5^4ZX}3gBtK_?$ zJ>E!BB2L__Vp@V*D3TVY_rsCRf8XqjFkxaZiczsX6wD486};NcvZM~sWGJj$Wit6k zV)6B(I}?eQK-qTOP_jXe(@LsBKbq2+2zNN*NT~jLs9TZNK;(RnQ<5kBFC|xT8gk;R za}|#2OYUgU1K7|kuisU*18teT-3dr{5jHAWu~uSJdqc;7tKN`vW&0 zmW~%H$F*p-J(NV3T5@GC&bNO^4a(4`5V5%(uQM@@LJGY}*w$heP^M=MkJwb6#=@?bRRp9S^;f zBHP#KLQ!6FKNWXa!|5<76+MMdbK;7ee7jF?f=@q>BWrP5_H~?l$W8otMBBr-x*whu zM@munjC5}+ft;>RJ>e^D82g-n+z?VCCl`Zk1V*cK8lYYn+te*1n9OhL^r8m_q(Jtf zI_veK|s@QyTcvAhbl+-RnHXcbE^HrQkmzqNBpMX^aY>isgB2cT>2_JeWzS=Bze9=@{>hLC z@gWl0C61NT#HD)AzB>t^?Wh{^q113>)Wu3?x;I2%SW+uuR)oC1;T203d_&Z``1B;! zyrjsiT*|T5KsacFCX zMaY{Rq~KLZ%%A41?U6Wii4P!%4PmEkkUluS&W%@Yqjk)Z#==Ad=e+Q0NeltlFvoGr z`EKPPZ$hc&x}cs2oyqSb?e*6Uo~3fTCt@MZylXBS{gew=bJc6?(Zr;sfieBkJ}0A$ zFVlez$g`MI^M9uLy0!81Gjkzm3V-2T5B%z#HoiakG(0SpO^56h@g zr<-QEO<|0rsPgC%%6{syW=tEK>GIRAf<}Za!<_vcn!X?m4Og%==*>p;5uBjZWuM-8 z=n))?(Z1(3>scrP$QyO2Hr)b*wz{Ru0sH)Ooxz{H=Bz84$EP5S=s|dgjO*V%(SQ&3 zsx{%RPH6e@9ce!NP$yKUjb%U+ki{FX+9}ELN#5!=2k%F8doF=--0bF{Fyo3?yT){hzFwnKKq4Yldj%`_iI-75RYjS7!cwYyn z%Kp}?vM5(+w@0-w5f=$s5oCT{aziX`(x#p_lvUA#xYzo(Jfqg*FF9!W=)v=0rhnIt zSETMf3?S^Yo^VHQvNi1enRJ!ks)pI<0}ZWBX1+#HIKuYNdUvi-)=$ejdKZ0xn_t75 z$I!Sr$X~Yiae50P^zzm=7f(P3KE@rQy_H%kZ1_ynNxIKa{jq_kWTbB|q~MR|`)d}R z18t2ZmXn{TxAx0==XH8wYutRH`OKu(=M%Pz9z;?(t0o*;vD4DXFLJX*c-)6P2wP=i z9xg}MqdkoJlHAt}If@afFcOG9QO>OG+^#vbn#UkaIG{`l_ZS|8G`a|TgI#&D%1BGu z4UA&7>}|UWW6!cq_Kwy`vS5f$D?+a%{bpd7f2G-cUgw%aMVe$pJJ3oMHG}!z}YA4P7EAa6S zuw03|6ag8!>D78C5kI@Sjo0+bJ?g((y7$(uAAR46&7B4!x2Q&0L2M*yImR9z8UvrvQhB5U@R5jj`M#h6i|I(LVg>nwRQxZYB)M|@v(GDAW?&O$V9IjY)S=c%hoWABq zRE>wCgMhT^Ocj=V@=5KyXcKC*Zv17^*>HtBJh`=p66$JP#huJ3e92EqMEc_a`V`|s z+VhDBB&iKj`YzYl<$-FR@GE=*0hgEd?dpdK01<}?2Bx9p`#D2nB6#d+Tu=`wtU+e8P#Ch!ofWTYd9tIxU_SQzoh3U$OQ2J~e zX-;ML4YP&n6+G2uacJs$G$#4k^lZLz5bb;k-cDjiBW@P|kDm?H^7yryu}i}l(maf1 z@Y2h+$%N7HOKkuYN{KX9fH&E$L(2AjPp!RV7zqJ>8fY_tyWs@EeG4;SONj1V1Gb#n znepHRCe=`Dtf`Fz!SqSUsw6W}(-lDSj)KdTCzGW( z?Y<0CCvNk$=KL<(!2Ks|>yz{3bsrrCv4C5VeLFrd>7AJJK1jy%LzxCwKkz)7|3_-9 z?Y7M*B}GU5{&7~ezAw}eDMR2&^QYVwz{k1;5pcCb_rS*-J#IYu^=_PbX`?-4E{7SL z!OSJ^TeQk`xNWv4*^JV4dy%-)Ni3o&IRCg&zpwdN7kwZ)*B+Hut~Bx<5V%YtGgTqZ zMq-{NB-2WoN98N6p1Ci9x32ygwls$*k;i>4%oyTkRhga#5^v--191U)vdb?^C=K#Z zM7$1Pls^EXaDHAgO7ZWgw=01VZAxGRx9zN*Q!>XDk$&}$Imf0JE=MUWH3q6XW z6IyYT)lLHnAF6i{R9;mESn^3{vWHFM#}^cER~8$xM=!MQ(CuoCYInxBp3!r|Z}s|2 z480Jpami{~sucseQehut%aRHmoBCn^xH9m2KHgvTe%wd@yAJz0Zk<6xh*Sf>N_YEi zif>9*g}ug^zvHPk1ql5GYcHIPD~aF)L;1FV?T-YnZeyq@bhMwQbY>uoq^qaVdcMZC zdwOMq?+w(_lq@c;2M`1wYQEkl4W(U5h!9}|aa91+BI1TZ)x2;O-UvVqOdt}x(jM^r zBCVX7nHn(C;MTGX@daJt(_KWBN?1~x9U1yu)$G8+@p(&K8{NzJOfTYnXkc9Mlo9cx z9ZWsWJ*!INE_ZD{`fRvA@&=Q^1qx(Pl7!C?9pvoQXuXVg;a7ztoDBbcE;;90qMou+Wg)aQL24l|KDc1c4UvUlsz*()3RS>qLI zjz-st>UrYrK&12L5$0IeOtiAYLan3Xhm`lG!FB6@145jeKwRU>MPRSvm{(a| zmIrhW7ISishE;$1iZ%8g3$la0lj6o?cxXAA8SpB5avH#WKV_1J=Po4)c6D6u40Mc_ z@m!jxfz1E`=d?qsO<+6}zI|+P3-H>m##;VD_*DL5MmkW1pip=t)}v=>UC5|{6ChU z*WUF4lh5OF|7)bA-<0A#Z@$_slq^q+`E^*k7Vd1_;h3Yuzmr`QUSL2OeZdqpqgQIs zYi4uTV^X|LSO=~L0Hl54jSWndR`v$!dmB}o1`wHO?BvA%rxpL#PrLu%FKcw) z0s++x045LXmD4uj#PTNN$X6rLj&PDrOC zm_@gSg<-fmi$9-?v(oz#nf_sql^mZgc~sb92@r}~^CaRl3oX#AbDC<};gY_;&-;Hr z9#~p4f>>12f#D5e)__X-Kqv`Ue~j?Sh&Z>&xixV9RODUxp^QM911Luu;frN7O_kKC z4O+#|zo%lUw9Qd5BNzD)JYUEw@rNAYA~~Wix2A2cM-in(7&DOW2$ddo464paw=^nCe08x_&jKrchvX9=b*jUOO z@0UrvgG8_ZD|ESXn16tkStYY`A5bg>> z@FJP>Ajjs#S_IG2gAAIVls*?3pq-pJKbla$?I^6zrr0H|I3eO1yYER4Z!@$*fqip% zRmQ%0Qp2px@3ADck~dPkx(WE!LpAeur29Yr{jhSr`9_tp`9+Smc{9;k9%$JJTa~5f z!W#6)z~$yy@~+fwa4Xhs@~j3V>7|St00W327WVeot9QuwVTaX*mvI0%l*7MY3=9?_ zFwa6#UuCUUVyv@W-|dkMwr7EjHS~(fL=BI_&ik25KOl*E{*`sz59s%yxK=a5iY%v% zer<9D&{a(Yx?&OxSbf)%(79_<1YoTJYM@>hp*oPHaf23Tt;4@eaL-E09i|KE@Kr*r(T zQ+EH~{~nwF9-IHiD*k&-{d;fn|Jm3m(~2g|&@pS?zR*>q{tpiB<45$v-yA>-aol^GrxxR;zHRg1aGiu{Yg`QPWU?=I+= mvytJ?HvYq#l$9Ud;o@m`RJ@t{#PI<5laWyTR3i4p?|%S|#DAIq literal 0 HcmV?d00001 diff --git a/img/usg-provision.png b/img/usg-provision.png new file mode 100644 index 0000000000000000000000000000000000000000..5abe0f6d74f582f421cf14e1e6c20301a03f2d06 GIT binary patch literal 62197 zcmeFYXH=72*DgvEL`4u(6r>0OqEe*yW-`Nq3{oge3%JvIzRZq~i#s&mbC&1=rQ)zwyKIK_5~f`WoU zs$1;rUBhdXz4HSXNu*7b0+b#S(!pm^~1a~z#vj0Q^( z{$}pAG8LNdq0=-g&mNu>dKL7v>HY&MdcL;MG|Lu`oL}Sj&foOEk+Hl&|AygQO}OPo z_=yXP3b(Gm>uR`4skkA6P)3x_)W;_$$0uV9E>aY5raVoEaHReq&>7dN9$M7)J*)Tu zHt39f5KT|8V6;eF$^2XfWo$5MW1B>)5=(q0kO_lEkqrheoLmf~_~8CQoW=vfxp1Fi zb1yLW78gav6E|5t^B)U59sXipxfh;2?0d4M&1aXh|DZw3Qh{#UhN44)Q|HTxpe4l| zy9=A8XZcv2`z#PAk=elf8oXUES@XkKjz4AN->DV36zl&$)e zqvIqyet7SlmVJ6FZfQG5T<7yVkXc_XdSrqnrAD->>rxaf2R;Sz3NB ze?7^2F=zEG#ls7NJTXskIk(OGg7>H&bqG_L*`K$z>X`jB`PIH$iC6DRU)UMYX}M=f z2(3_O3cqw+&M#^3@mq=KVNqeDwp}vL<)m9Wqg)1;*MfNj-WK4<_pdGdAX+7aW&Awf z@w7w##N5KAj)V`%i?Z~O9TU%m@o4u1MLs$Q>zO&_QLD>*E@M0Tf^}E({0NTEZ##I; zGVz|J>-z*eI)a(^*p_f_Z?iets_LV(-*jNSkf%RGrdajf3((}jBeEi^1<=tl~z7|q$)=4+G0x!Rz zy~1?LP=(T%_A5G}?~6jqhVg=jdzsgVZ(!u3i1W*mrt` z>%uFl9I{x>Gt*=hTe7_>`Tdp6^B$aUsH!$AGN50qMUBLKsU+v1chOC4;e@5;tSe;v z0VP(Nf!#4^bzJ-|ZTk645%gQFE5$`vgf>A1|DZVE;DeCSZWLTuBv@7Y}x3q=4u-3_0 z%-PY`58DgbXejtq1HI#-?w+0&do}jOyQye#Ne&4`y1MI5L@@YimF=0)L~)sItH3_c z2y3I#s=B80RUZoZkmSZb3-uzo#^xxiy|H_koKJKhWDIFal1ZpuIrYl2`cbs6g7+gE zzD3~?VGiNcXI6yfTtXLnw77mfPB$FA!~UOPW>MfFgE-ZDf8;sFcj{ zN)!Pd>J6Y#X)Ld=uWy<0dQ76gq*Az%m)zt~{`>D;DSu%&>(%tr24}lYQ!4S5{Ythy z`6!sLC}ho@+N_a_CPY+}`RA*Xffws9nTK!ublS2#x%^3%~{UT z&Y4;A7JuIVI;O?*@r*{)cZw&s-l}&AT!V)^%?{5_ zn+4MatA(2jb_-_jq*@c^)Zb>FygqbYQxJ8XAyzZi=b^~6a7RssH2x>0xt=+T!)&X9 ztBR|}3=9mX8O$RG*eoM?B0VC(Y<7~Ij)C7-2Cvv(nUG0%1rLRXj6SH*3ee0Ra#?QL zmGD;r)7QO&d?E!+f9ve`8eMQaC1K~JZ$Ij2HV~M3Z=ht<(n+iT#_)|HxioK$JiWvW zmv6lTOAd&^!hWUiV7(gS@bvi~EO{~6rG|EKeX_~u>T9O#Q=+E9>w!}R)dJpJ;-atl zLRx-_FWrXU*1kQl_r@RYZ&K%6_oPnIU&!C|p!$IGpz}a)@8)jwYQ^o_Sqw4VJvPEN z>vq#GAZ(Ump^A59tOq_MTs3$dD0<0}$(dW?`t32Nms7uDu6B#|h_=71vPhl<^Ga`@LNFD#IRE7nhNk7r9@)EvGody>`oMzMzdYvPSEX7SE&a{7zch30?_e zS|M7cS_bi);#g6uuO|}T_UgxTNCz|x+7&;q%Jud&drK6rrm~e`4l`zU=y?V7e$}4$o z;@3f2Z&T!k{;W@L@;c|b5~^;RSRVc@yx;0uyO7Rn^mW9E6s;8V+S)p6Gf6X!Y5nPy z>9snygJr@`!Y!Qan&u|MRx&o=C;nS%oO%5Wq@m#``N;DKL{R3kkXMtjM7?RJyhvFa zBt+>FoZqNTK7P}Ws%Ev~;C-7LaiVx~>~k@G-g%zCor6>B3Ws#HV7c=BRCv)4)L(3_zMF={abYbC^~4x{*ytEZShzm;pfvL&~* zhUvg)jdOWedipHvE@myP_wu4M(Hx(aA9`Htjd>)Xl{|dIJNBX`ivLi{OtDJyA|Fav zePMoakKn)gjg-->y%jTOq54Ago+=`CL69zM_0i`?buzsc6B!POQ!S^V@liTx9k&Dv zC9A&o;o{@s6+LRUHa(6BF0uh63@+nMMzUv)r^nKf64GYvO%m}I6uL>Q{o1g9geX*wBTrUb^VH~m z0?TBNI~S+%Wy+AVED(Jv`9j!DPS}<55}ylB&pLmA@&pQ%43-|l9T>bLEwzmOy!?np zdF9=s5HkTIP#w>A%MJhey@*lh828vq8>`K>1TFr=htlAQThoC~nm@lxJWT8=Dfn4% z!Z_7cbJ}N#HP!qFoZUraiewXRt&Zy3Pwss-{p?xIdyr7U{k#h!95wCO`dR@m9dM*x z@0Yrsy3E5yrPg}ZhAgtb6?B-CMXf~V2q`7G5LMfnJ{f)YF>*0T&M7QVDzD$`@3^DI zKw_X{l;@gu|9SMF^)d0AX7uCeUgc3x?WQm2TUqhW-O;!0S}cj{DOWtVjdqrozUV#9 z?n^nV4BkF-*t1niX&0TeBM(}xMG&e_o3T2I_?s#0*Pu7(jBAY?Mf}WvG++X%(!KAl z72i}f&^BSH^FLt2PlT=AMjE?ao2vBooa}`gzcNO+p{F6>>|fd&QyBrF0etxKjW|V7 zh%OMO>Df=wW=FYV#gX7QFK6+TmGrt`sEcfFN} zu93<(mH1$~{bDlfGw=uFrEg~WfcNpm#!$mnON-(L@O+Zu1SK;CHSk0U{8CV|QJnbW znS$aWCHvpcPbjbdS%->(BHV$3=Fd7tz~}ML2jCBo{_~Ui(`yPk;6G;IFEownui8`x zY1Dr`Q_BJGC{*?CXlMYRdR87bHm;ubZeF29cF%wU`j-!$ds0wbeqlO&td|WKT z!~I7UFDFGFLoHqIJ8m8}+)~1#!lFD%r?|Pf6+EnM<(}NV|ED|0D{ZAu*wR6|T)5^o)rI&-7EBA4` z7M5<_UWzS(*hzke-ra^u>IeN9l!aH*dO!y zPj?E(jmbUpwDGv(=Hg=G>ZSD0iYxrl)4yK+GtU1A>N@z^I2+z|03;w_%7{t*F8SM=-z1NxAos+^)6LoYcnP1mI(R7o9salC|0!kokC@VJ2?>$g ze~SHH{y$}&|8Hb|FaMu1Ivx(dDq0*5PwB5delPp8zJkc{_W!01|IxKSN&#h4I;9}; zx8f?Ddfb{VPeGwVp>bFBsV^m_jxOz*x*zJWuaqd?i=;5MY1HiYx za>dL_kMWNOF0+6Udj~d%K4QGRF`+Ab%#b*^#z2JJ@ zVcFH$Ge1Z_P$U2fL-QgTC~+zkp)B%!ioB8K_yJ7 zYJ9LI=0|g^KHCc#j25fIxjrkIaTm|Oxl5|`+X+nSO_Z)cxiw5xd#~yDOT4@MJi_w6 z_T-}0i_TAcQg(e;QaiPijphM^N}m^B?|6>>ozBe zRd;JA$yg}wH!)(&$$RE{?~dexr`j;%rP!F%qwl$UQUB=OxysGv(=JOr@fw$y55r#0 zzl{j|V{euR5b14EDfz|od$Mv>^H`&6`OkU6-`td020Am2K}F?zuZ{YkTq?#x=~*7F z%d8ea7e1;otQAy@3N8}yGj0fFa$queC|jqZ*s9%Mn!_))^D{b()vQR;X>|Xk z$82ud7q4Wh63V}3+(b`9X_k{hbUa6(nz9b7_m7R{R9qrOjRl8-5Qz54lvAA7d7q^GP6%=~OT0+##JeMX)cj34Z+x$G_vbP~5) z;`$j!)9=t7cBm^o$-Y-;6~nJpvQ}8r*YGJ|K2jRf#_o0|yD0SUqpd*|#(X$(ZTm!a z=SiZTwsjtw@GHH==jYpiw^$Yd?FkJ$YiMN<4P~mm{@Td30T?-&OM1=JbIe~_XCPA~ zjEsvPUG;U64>UyAloE?4zRB$j3&v%!OJp2jQ0DW|(jbR&`+;Wsn+ms?K1m8AHASKkD39PYuOSVH(qwlQ`v_98AkGs;Gev$^=M!KSS+ z+vkkIq&~uKrfZx8(+?6(UmTmRJFMM|%~4v!IY75JhEZ#_sy)befx(}CaT(QoirrP6 z)LaS|KX1JOXG5)lDrL%f{X|Q!+KyTGgASdR{E1HYJR&*d0>=(;D=t<%iof1vT+#Ad zM^(U51=R_9B4A{pDfVawff&<$Ugcp^BD1=J%vZSdw>h=H9vs*Tk$e|e?98lYe&QKo z=OeFrfhW4JPb(`-kvJR!_e5%=iXb7N#FdS#SD3Nlm`D(5QJWkvD|GedIoM)fvi#)m zMsb0cr;rZqb5LYE+xAUY7x^UjaC)NifePOtTQQ02WkVRN?O5!@Ou37k` zStqX(p`YMnrWMgu+;G(0u)EXkh)aIq_|$=^ko207Ydw2(_z6FhnDh1=?ccZ0DGhGp zV)I@ea|I`kfzulBp7|da4qRV2_X-*>(fT@a=hJrffrf6EyP*2e)A+fX@|*=%6g+aH zV5Y>TR2f~wvVC(VaL6c`WFK2rzm#EKYn{t=IxQH^=2hK9Z!CH7mG^T0G~)hH#ywA` z6_Yn+VC=IQ6ijsbv%nWu8JJ1jb`u#5CE3;N&qe4#&I1NzxKt?vN}Tn|nX@Oei z#l*D+k`r0=rj|>lG8praI?BdqHN+@E8v0=}i3e`eeNmai&N|NgGrR8opy{sRo$bq! z;og5;n?F(;Pq3Q&IxP!YH)%M-H8ObL%aq|2(KpSO0=MD*RNcjdaCOgd%?b7w`S|o87>{ zxnUB+e83zrh*}lolnV@<+V3;QMA~%M9=?GaS2+lQ!>d_PivGBgKGSOd$2W9cl66R5 z-B~c9hxVgB=x@rcVA|&)Af3ue>vt9Eh!mfe-i)@Y606rYaP2U0?A?HQLUz`WFi&c09Y6Q! zfvSls%04~4xzJ{C>s}Ctl2`wNCM=hSkxSN^E{Pq{M1AOT7=_hNs_-gZ@!FyG9MJ^7 zAVZ|TA%sz-pbGho57?57dcKpAPk-7xUA`GVLnh$`^@iGiTof@&Qn={dFkbDQS725r z=Xa~R1b}YKS*(N!_Z9}}Yxq2E2x%uZ+iOUJ*7C&Pa9iR-kOFH4$7dsCy(64|;G4)t zXi8!pa5GG~N+pGmA}Uv#rq}N}qNECv*B;5UOISbnHnOw7<@&J8du=L-5I(t^I7LKJ zFBX@xH|C88R#!R5vbPMED*0_MET}vuj6m0nXSVBc;Dg<*kavr2;FSq1Yg#Uu%h3|LmbruEav^YPMN-Be*&S@DJn9yVP z7v1+p3=&NotXJPc=iUl@%FaEdkwc}mMP=2 zK6zQu+5BKI&UrZJu{W;xFE~X(GkESKkMb2p@hzHEFct{{|9Fg%1~so}rvK7%$<5_h zO!@ZQiVYQ;HRy_MI}tk=%Sc!hF|8hk0;Z43dzG1f-EPSEz#NKpwrd@-l^r@_A zF!7$2;{FB%Uqkc_Eiw=B6RBS2QT`<>S5a@`cWrYK0gDG^NZIyWB4b~9>3Q65DLMQ1 zwesX`AYqLWfa{Tdn<5kar|l3aE(oQ={8S482_}h<0SbKiEW2B6ao-jA)=s$)D`(ZVeIv}Zj43=y z5KJG~8zyhlbspRNhm&{gQ>oO^48A>Dew%RqdqM#2+`+(v?G(!g-#E>fX{m)d{qNJh zRdWw=@T((h*bU}|M#-P)db@B{*Ju9#l#VbJDIVpY2ECSC>0FNS|D5I^l~$IHdkf*s z`gvn+Vna@^-&xcDJ!x*;WSZ@B1fHu6M9~KZsDwy$_h;2tcW>6wb}IjE4}yYNmn^Cu z&35cXRE%5)MmKrsFDC`?_AY2~&!imrrsrv4cz5R|d!+u6Q)y+o9^1iqqL9Bhx}UMU zi}`QGR7uM?dEN*ZltILp`f@m%&F@3HP2+=|SZpA(h$ZFeKx9Ow#DsBs1y?hlYrO7< zeV^cg{nmSmN`>nbCM(fZ4E(*cpGTSdtfjfbbs?Z`o5I28r^X8xe(UorB{;uSGfvnW zcftSL?ZN9_DHpiZ8ZJG3%kobp3MxMSpf&BcH-i@bHva&K);$CG&i{5DDNn|J1zhEy z7gV-?8xYfVTFOw!?Hp!-f7XG5=HVlXbo04W+v0=ckN>-z{~Y!Ir^^|9(JkN5VD8qxRfJpDo@#fQHR1Z!KmIeYp=VBB!>!Bf z>d_LoPyfCvK`NB={ol-0zTQ3YyHa>u1=J@lft&01y4SgZ9i+5izVN$Bc7*}TYvTAS z@Lz;a5TF1jLN%WLOPm!@6^~r{?SE`PH$^ZNGoXG<{Ez=NS`$Fix-4TICus{Kk3u1>0|5d9tZ+7lUSk z+kAy3xFeEI{jqboClxjwn@Pm(Y(^|u{l)p`cB zvbe3#=M`571x;5>V;-#DQlx%AgLOj4Si+TSV~a%q@L8>V)~nDH?=OpYv*=zx|8RGz zd8hhB;&?uh8ox3x&>xOc)3cAFFjfZ0vG=p8_Te_go_bbYEl{PDBDcxJqUpl)+urt8 znWmVMbILS7A{rAUodSb}YcL+{w=M5}ySUyfJyWL61^yXJ7Yg~7fqy&uZDzkm;~ZeY zR6cclTpeD5s`7 zJ67%O4%w*Nk;R_a?bXhA41FSm_7XRk^ifx(!m9z74@hq#mZ!YPN8?L-1Apw zu_)A{fr$k*T^2;L!o7tyz!oPCcZyp(rQi}m#{j=sSUWfYcVYKAW=pz~R9=2`_;Q`m zJbuaR@@K+@JGg`!l)dm$ixz+LqpNow3haKy0n8fMEH?X#kg?Rr4ToKiot??$4)&BZ z|8=gwO-hk%?;VrCfmSK+RS9{_Px3J{mMG<_!21#4G{?cvS_E!=YOTf0cQ%awW5Z}2 zgYR-WU8z6&%lqFkf3wui^nk-ZtzG%t4InLCljW*Z75T(63ly%4bg_*30wy7{z50b< z9l&Bhbi0QI^{@wPu!^@a{Nwr0OONkvT){$|ng7cBGBcmU;aB>X!jcvI-c7xnkCbW^ zl2p0xZuyrvdCC|p>Et+bz{nw&zYuoH@1)-izt;&5XkSj{Hoh|}dQrbZecmqBQ#*MQ zzlKB{6A1Te{E3oXraoO-1H}$I{OpSUWrB}}``mXX9xmMM+nR4zXDkLV;8XfwaCq;< z06aU_KAH7U?xOVG zcC;rIc@Js6Q}0Pld*(fz1v@~`zo2SJi76uciCGA&a^*qq3mU^8jH$!&w@O!&+&^#t zXXH6c|1}P}$?xpg33#az_#jpR))lhtvDtrBIrst0tnOh-cGd^LSci>l9}#v6o|oFL z>kY<;Ed}-^$zG0DXS^W{W;1r@-Th{57_MT&^0n@og|a`7g%w?;peQ1@cz{^SRa@hA zrx`-FY$nZr3}sk$&63@@4csFhC-Y5f+U(#}>_X%oah3|tpT~stie_!xS&VHWwY`C9ntcdp|oP!zngIsJ2?)X zV+M}jjg-bIgg}1cVeUSjF{MPxuD-w9uwGTs5%a285?AOZE#4Z^k9ZRi!gO7p3gFiF z{3bTCX3c7S-JdV&_$A8j;tALLoPhbr2?Q*20@=~EkViSTw(gMrV=C#L*4v^805j`erI8qTjj3KM6v?~d zl-2N|qNL04^Ks)>F9hr^KQ_j-iOp!vRBWukhR%y_uzk-%+H1xM?S%yH@yQ>z{gSE= zmGzuj@?b?8d*SRW%$>BAbGq$m&H#aHW3Uf2*KK&g_RWgq&F@d*WGNw-vD@fGL|Hc_oH6pQ1^ipwwzRm)vLt#14F#POy%h#}}kL`m*5{Keu2w z3*g7oh_YX|3w=EM)~6~EyTSQDgu{0R4!G6N(b~xc(Vp`kQCfg`T>F05NR3B9Kz*Gt z+4*&LMX{wcC^e>5>5{*84TO+pXcMMAC zS@_2QFL(pFhgdhQDbPd;k7oFtMwL4mcr*kO&3$JHa=e=tkUyT~eX=OakT`eX{h{bj zJdz_vwaOG*?n=as)fS29S={+*g6KXk(0)n>z#YC>CnDY3qd4GAdvo0j)#8>vAF#_h z#%_RT8lVk{f_9myLh7)I;X5-0#?o9kYS84zByaUOQoAzgBZrd57-=(nCSVpe9iTOo zyD#x9`+g(Lq_|nX&}3HGws;!+Rnq~#JkZkKt_&RRJ*MT!K1|S|QQ^_<-U$-|noGfP zv}!$~X;n~^FBou`nZGXAXNrT?yK!?7BK$4(=3rod_FB8Qnvb#67rQ1abvdkD2i;n_pmer48EU*Q&LP6m$K_k6On*8VbeY)!q%0JI9J5FBHVr} zV?SLE6~nJBcV|JJx+4-ju~t}Gvq6d!GOwQ$uHEEu8hF)xt?P~V$)|F`w~4*=KE{#6 zh0aj&rO`J^wos^PWaO&B3Lh^SShPYKiLKZ5b>A9HZq4j?XoM6o2n4-y0**y%kwpuw zy!%{eviIn?xBvDKU(U2|ZwPdIp)*$X+89C!ofO-iAIMZ8FivQp_?p~;{{yZ80s?Q#%#DJ{Dz<1OyHn&y`C9^ZK&S--;583|% z6wt8=f$KH^R_Iu*1vo0h4YN9zp`~HZU%1ur?(_WY?4oH>T8qJ|RpU&&XJ~Fj2mJ)I z9&O)*&2`+SDdFyixhccwAcv?L@z;RbC_4jZtMqWa1_{+f*KL4Pxi+NH<90)<^sV6T zf{KatsT!@VypYX4d1c3NMy_qtWfm_wZ>3S0f3b!Ak39!oe8w>*2<(Kv~Sk<1pgWGr>)+gZYF!7M}&f$a24crP}-* z=;oX8jB_e#9Qjkf2TRkBew>zXmaHvW3U)3-!vrkWry~DK> z>oQT+3BHFP|E^5loNd8=(iHBU5UTtY&)@71*wwXrPpc_H=opLR%pv2@+SNHt;aq86 z;GWxxqyno-yC#U3bD@kXTniZ3BxE4_?_IQzf#rSuU%-`NB3 zgYM~xGKs?l21zN;yEukWjFrGO;6`z!xrT#PEpfmHv}m{US$0tsZups*%d#HdH^z~V zg2eXboPMlRQqz7hKG&i1oYh2>>R&i%{2p6~E4{9651F^|RJ1dS%!dyLa)O_;Xx{qmG6)V~b+FR!j-?&lsoR5x7V%y$kTi0OPEqT#5gN6;pZaOpb<_#wA(tlNn(<@3IF?aGL-(rEs23kme*J)!@)a`OSe|wzi*02o5Vhmh%9enXl3UcjR$?b!8geZJoTgyU_cr@TrJjj$nR-}Af+9CC+;>dB3iD7beX`CS2R zd(P+NA6J=V0ev(1)fOQRS)5>5e10in zThAqocwX1aOu8uKLMS(;g$vNyJxpCtvFik%{~q?Eu0nmNj_u0xBk3q7uF!XWh?S78?e4czzHvscbZhKYW+!xO41% z#*5qe&k&!YLp`5MDFIe$UffOh-F8e&CDI(oo}}sZi#R@7_tM-9-X4Y)j9E*0+pp}@ zXW)3JM=LZ}*f}z@RnKzk%F^h=^f!)53wK_^K)sihA+;O2!*L$s@js7-bBCOJzTPGY z1-0Q7$wxaRYEw4GOW@NV1UaKFqyir0{(B9|V~1Cj{=J8u5u*oJ%fZxX`hfN_wzV;M z+5r0e_6=3vzc^TpT=@Uka>tH3|* zMQf(ag$jQ9riVH~oWwySrR=dA_(44Qa*Gp&%T4N-A|UUfTsfFW8xlR29cYRR(D>KM zwyV8vLtPlpis7;EO|q=PEC2<>%mPFxE7#tpV##yQ3BSUXuFO2MJG4_Krp8*57CQC3 zn~NVC0q*?Zw!j~uM?aSS@FIT3++qP%e&?zkL+No|jnD0ktzaXN*?)5$x+ zR005{$#?DL!t%#jJ!Riz-G}L^pwJ}4^Hgu^4$p47W?r{{dmh+;zbVd4-k@m6%2;>jLm&-=dX_1lnwS6P^RvG5Jt3rIi2fvRwNZU_(w4X@@sDV+63lbn6xBTz)^x zI4hQf5>R`{nHNa2faDeaJemMZvAWCN>ImEutsM&CdwR()UyjQ23!n4M>~8BrnGxuG z4_nPn7n>7O4qT~r#cy*Y6g%mL3o_=}J*^rm!>t=gb%^IGQdZo$I}!T&EW0ge(mkBv zlBlT5*Vk8kw^~`TK)AjPU$;SIc>CJ(^j(VdRDlQdhi-xMYw*>Aioi3+G2lo}@wUBR zc(J|BhGOU3-eh?s$#(_}_v&Om9L^>e^ZX=Lp;Ojo9wq^R#P8EAz>lRd(U9h9*=p=f zTtp6vS?G;Rd!3t%O2;*saqU&~0S@p?MZHNoF zf}V0x`Z1s3RJazub-Pg9qwW1=9039DgS(+zVYS=udJ`mX`qk>*lutS>uCH|L0t~kT z1_RSX$GK@Y?KQ9EeHS88-Km%5Tam1MG>fmdGjE0xwxux(Z)38o0F3mO7Qc3yRk#Si zLWIO(o9-`=)M=)CqrETKvEr7)vD~WzRi1GRRRGq7A7`lnf$yojO3K2K`T-Y2seXac zc*nnQYvg)fW8e48)FcKo*o?s#2ZHa=!)Kd+lP}s3QRM-IBRZCVvs+N;FAu zLKb+EphV(+sJ+-t{abjy)Z12B2t64ez}HVyc1!VIo$LheG*+KdfNm3Gk^y-|g7?Kr zH@J6^4W~nQjjp%!?8E@wsw&@H}_fdZyT2=StR<5L~(tUspKCN&5f+6 zuN{6pXAY=H@yQ4B?^8vamgluoI!fpUb_0e+OU+fp&OYrwQ;~chbcwC0k||y#FGa&{q`*yIGf=Ps5Vz9 znGWNO7QTk60l|n14Nwdlop=FgV;Z;F!Wfo@D~^Uva_N1WL(LG@FH2)hLBt6&5W$a( ztq4e0hE4|_PHjM(fZP7rlV!UYMoCC4T_zb}PQEV&Ci(_$D3e-%M5l#rQK!)pomQSH z;8Dm=+GE~BPD%Z+$gLtL znj;jE{%}W4TCFmQ4|59XyMI(Lj?U~`aX#kG)l@8vzr0j4=ErW$D3gj=F_88ZXf=M> zm5a2g4g|(4=r)x0hGXhK_V@XTA0c!gmVmY1Nw093T2*8<^JMX-Ih<4`#+YM~uvGA# z6B#*Ng)eXe57q32iW;5uiir!HVrM4oaP$Ozj5 z30YNbaLiSG|#JOE0j|8(8CvDKMVyX#Z!>J`r8Vj|n+>9pEUm)8nHoDX&{ zLpqNM5FeU^nqngF!LUsFhW~oH_G-G=lfr=TKtz!LB&&!SCI-mB{lGdiL+k^Yh!9;9{YIZ3XWAM?ED2%4Sj~&F zQ~kR@N~9fRgIRloiU1i2C1pD_pYtBp*adF6HaYLr1%F)oxCnIXw9`oS=PAe`hf=bS zizy5xu$^aPY+>iQ4SOMu#{c9N&igmePV?( zu61S6A68nt?)va%_O2G%bSDb*wNG!&KpJ%y)YQFu>JjhA$V(tCHsYuk-xz{FwAyGO zQj?Yj?gInCPPMz1auGMfarsV{CJ$Jlvn|V9$zl%yp!`*b!gqT zZL=h;Bj)I~$GFDWS?R>Sp$L{N%8HUHx}KB(-dQ=WBvh0q-9sCHy_XxB<;g6mRaI@m z-VCS4Um}-f@L27J{GGuauggy|Ta^GyXhE|p1!<2mf)ap>0&qT@u(RQuUdch>`LH#c zR3&h=;@1AW*+Msz3@{@Jk6wQD+D@Hh4+K%$ixbPXoq{rv1~o;CLYbITC;-b zu(ntH_%{n&0XnCg&00cTz|8}grwiG{?e|+CiuX}M#$0FxW zKFhS~a>I6)2~}rw3~UmmMh+Un6ug$l23!G# zz(Tw#RueJRK#1gWfEjotJkf-$FUaxM?0?dXv6#P^DCN>4$2F9#6@8MJSDV+TfHXoT zG7@&CKr?lHscz}Xi~bBidec*R{aK9QXf0vIwb6IZ8Gxe>^jGAJ0&=Vpjf(4dwmmn+ zk!zggU$Whb%TX+&rFxO3(%<0O=0kS0>Ew>u(5l%xQeeYKhGkC0L+su&V-}yuuoaB$ zLDd+6m|beJ{Ym&N4rr7?U^6jB?*Qs=g|{x4Om72`_xd#S5r|8 z@`+w}`#s36?~lED@F8I|r-G|c5G6fB|>rVJ00%p*(Ew{FY>>Yy&X}7X~ai>!%u_+e~*463G0}yn?=T{?T z4ZyHDSF^8(q$_XiA#3}Qh7|Gs=Z|$4M78EK{ElEz&S9mGD&0780VNRETdUQ~iz`4@ z!+wn@AX01 z`n+kZ6Rf5W0TVG;nwj*Dn*!sfvT7$ix(nf`xZggk3;teYxbp@W{ zy~{T%S1>}-2-2ufx%3mJ;ni{Ec>@tygJg6nw2xma0V7PR$hU)~kTMKRn8_uNzug~K z4qWZISf%{6McMyZmVuWCWA&a0X^@^|cQo#?)@fa}aA*G9(~FTObffERcRu!hm2Eiy z==}Rz_|h=fE5Vb&5-BQH)NRqJ9|Zl5Q}hK-K1d5U+c}pV1_4Qj^a-OOJA7z3FFxrJ ze_Z^|Bt{WY7450GZ`9n!VFMp{>)YzyG`5TOQBZt5)->eCGMM>M(`>M{>6mS{pt-gS z1Wp_JE@^xvZj2Sr+l3B&m4ANH^M243P?>lAK`N;oG4>D*m&Y$wx%wlj;JyPq0YkkD zJBzTu5yXwJR(u0tf%ZMYli|BdFJ`8}(>4Ouwg>Nxq?6l|PJeu~ew;b~frD~y z)M*n#SC8z`uO?6|$nC5oYFDYcm7~p-a(!}POO9Q=FA_91F5@Mq)Xks)sZqUNJ9Bt% zJ>w0n)6H$zw2LY}x%JH_*4qXb$ffE%_mZGOnXv;mPDg z&sUN0{(I29Zu5gWkHwW`+M)Ye^}A%elexF&kkShKS>9y!X#byRk*{uaxQ&W6x5_5h z>XoHs!OO^O?POc#_3CkJ)qOjKPL3Wvu4?x^oSNrOw{5lA(F+g1!Ne1iuER0P?sE<{ z%v8r;-}ppRzoXks+SxL4hxF7*Oq$DQ&2YsmGo$>>IZ|?$1~{<4^#P^ z=U$Y$y0%p>vOA%BkY4fPuaSnZp~7-z+`-srbV`oa9j>`m@PVNiOYwz09C=FK5hLF4 zaQ}Y$J1u(lh3RV;r4L2YQVHJf2**WUWbMyS7C>s8{WU58%1aV8hM_B(=4FC0*_9e9 z%#bTHfYF}9d%r$#Xe#ZEnhadnOVjS(fS^&M6E0ky8DuWy9VjM|jDu-&VKy}`o-(13zK&@nRnnq4aTR%_UZ8)=+?9RmmQ2D;a~_|L4_E8eN&eCX z5IM3`uPGD(v}|0@Y8u#yI+tn|gX)f}Kf18N`F+17Pf`m(I4iA%zF=Uoa_4o`QDTk0 z7r&lN?>89i!0}SqKvg_0J+l6e0k%KG8SVSdV&d0ayezh$aoBhHnH8C&ipRecH(oUHt-xsP*P6%_ zwvkBHY)+s9c%P)mz^);XZMQAZudsd8$N!~)IMz9sbCJ;lv3i zBGaiY>YkSl!I<@~y#!K!#}&gNX!+}sND={!*fyi#s+@;mQUV}$o=XaAc2jzYhWh%$ zX?#6$qAC|&Jje6^GX>(_shODjZv45}vCjzXrKYDHmYA-4;`3Tmy$W)$?&8fwhR4E$ z>*o#Tf>p|yWtQ3KJqiY#y+d7hO4(vPg~sH{tQU>Szq z*m-JKiw@pOV9;Gxc&vA{eXE}iekq%kPcO+k6yjdVeDim1?cqc2Qkc3%>HWFiIkO;@ zdccGcKFurq6%0P6FJq6>2QM3(eGZV4|K!m9pIFmqA%F+{M_lJuGh(P7)|0@CWU^PF zLO}MO&hy=W2zW>XCpUkJuo>~Z{(UW0fLMrTdrItIbp0{0sVf1{Z5io&mj7DHC>6`` z?Q+RX&3{)u&IL_V|1X)SA9CFF=M)x_kAOTGY+=oM32<+W0X%-{do)15;0B^0!`dkd z4gk8&1@E_T;o4LDmM$M|MME)2AY^09bvV|J$uI3IS?Wy`KupyIRDic*Qp=9NCkYT} zPEb4u8mEx;`Pk;-vXzOQw2Yk2=Hvt9+LZ{`qvJ1Rs&o4NWPTe;L^Ti-_tuaie!f6# z1jk6;{9o+7WmJ{h8$GJXp-YgCO-Xlmmvnb`Hxd%k%?9Z%=?)1cq)WPy4(aYqcwhXT z@QnNAe*52h$N8dTz`I}8Uh%AF&1cTJP~QT?iR_t+-N^?4F}UAou$g6eI+yr7#c%)_ zp&0eN7?(UuZoe;Bd7LT|FazS(<^K8hXk#!U_JZ52o&_M9lnFuIwdq6kJ$bRe@TpAj zYOkznp|SnJu3f-+Q|j)bNbqoS5=9RI0IN{#0RGJ54QJaa@)Le)ph56N!jHydA8flQ zV7&FYtyacW#X9{7R6-r{CBautyCA3AL5;TcMBLEGpz&=xos}f>tz4(BAtDWo-qcaB(op~6iHu}06 z@Gx26&x-qJ+lctR=H@N3E7WwFoeK;kel{P}4m}C%(wR*pSo#6V*N1(TLfINXB-$F& zKP!BQniS)Yhh?n_t&+c)dF*X5SN~cjiF{V2VslU$IlL&_cR{iMMqPE&rl=_>M7;E3 z4)!1PJC@(SG(*yW|H0?(>eJRx^7oEFSe1#U+aKvFM=MQE`72dK+k%g$V2dDbx6-%v zM&au4mX`;8a{NmGS?}yiquqD&mD>^bb>Ra5f<3zv@fv@IzUcJC2XWh*8n`Zy-r;U;da~k+60fwUZM2{wK8>Tu)|6lf3rcf zKcKlIZ_KBSC<2sx<9fKWD(uf(JC|GE9Rfm7CMU(mtw#)Kw_dnOf`f^INNh+1W&GBl z_5Mu7z)qgM#6afngZe5;$oi8`^-d)I_;|jgk3+Nflo=pjf+)IdDh3h_rqcnQA@_4vHA>P($s`996r21p^>Z6t?ix!nhL-}St zKq%4yZACJ+c}Ps%T^~2DUV{XSIkAwPBqRFz{t*@wzlFl2z1SiH-5=x&oT8VcJ)V^m zWet`cJ(VB5Sc&h39ehpF_$lEG!mZ&|#!rK3Zme9 zhQT<}m9r@8RKQ!P6>93`g66gMiJoW$GSgU}HqIu+#j~njx3l=}xb-mu{*JqJLfDH*-B{3)-M}q(z z@)TL+zT<_JTQLKI^TVGazA8P8@@Z8D{D)qmdB>>z2@1^pz0PKrG43s0S?`XxM^}M= zPg(Ix#tXfzOBJG{V|Ty{0e>KVa1eh|!T&rA+;N)uZJ!w-SFGWO&8a50e1WIq-*sz@0VKjsmIf`HtUZnL!1ab{9Uv7Gq-YDU?x3%OXJa z(l0JMC4NpHSB2`hYocFgK72MVwt=`kcqkE7pRgbOxC!;~_OSixQ`N1r#5vkXZ^?`VdH&8JGDxB(o&qzTu5&!4@5=;(AS19WD z53gkorb<+vM34Kx|3(hcRO0-_M|JP1C*G_p8yMknNK#e)#<;h4ddWc>&FD& z9;6(uw6AD?vQ{JKLk6n{_}-pvJrNLq`l|s;Cy+zV1BZ%-h8cXF9T31Gtc#aYuozqc zD#rIl;SYxBx9eGh4Yu>^!EJbq=s!DDd(+bJR5FczJ1_Q7DvkqW8V|gz0I`~GU$je- zUIx9-nt;s+kbBM0jwc)o2g2NDL4brD5KMfxJzj2obO6ev8~_9;O^4f80F7L=|DzZgge_%CDh>d>&)uQ?D%pW0BXUM5~zgYLa;)*5lvF zhbdGtz@iYGhCl}AG0EqMh@yrtoA24EhDSs|gK(^ucDs?l7dJQd8Uvsdiw zI8)CQ_4AGd#+i`yH1rce&D16SBqO!JV$=bgfbjA7w|}D+u>pwkIf#S!gR=m8(+8<~ z*f`J`evmsHMiP4OnkF2+-d+R@B$AgwUvC3d8-oGW3lu8ZZ9s$ z68VMHr*?r{nsyK5%0wNYSlc_$G`M=d^U=`b_X^aYHN&@L5a~RgW8r$Qs#Ee zCdY0H#DB9Q*|qgq-vC0=PNG|RD%lmviDu3A(Kx?)4LNj1)T2UD4*6O0ZV)G$bK(b^ z-#kHx6}6$%7%u{a385azg)ITvOu zPdxHNrR+SL@r8s~9a4Ct*kigwTPh1JjZCT6#FGy0?`7r)UD_#W(CG~DQK?I0vjvvE z%t_7J_(GU+*l(t7c)#T{DhYJoW`ufPYy(HOB~NmZ=^=(Ve)~l(M)TJ*Kn2_u5019| zf_QTyH8v$F68vM#4@iq!J(3*d*=eIEKs>I+qea~fowRcB8)KrC)PftJ*@&W4pv72# zu>UfN)SHsn7jTyd4N<(;^wx=nO_ZDTvPKHTlSmt3vp(BGeY_ukIJ?&H{l|XhnSUo* z@ea|$m`)Z-uvaps#JX+(D^H3Vl=iyw#K$*oi^}BInEFuqt>4ja&=>YvH8d|FGO?ww zI!A1Hv1JEq%R7yu@%}y6 zfZx+Ri3^ykFVd4DMW_++X(JSBso~Y z>->-V0YJyB2hdlmamT+h2ekR-gd!_?z zlLA_ljfD*R*J^y~0mWvZ>4`e-oBui!SphAY%v<|s;r^fR%pB{W$0r6P5Q`FZF#c?A zY0Ot36)LNgeFX;y$Oxe5X(-E5T|NV19bVU+*l1kVUclWYncFcA4A>YA1FAL)K*8_{ zfR$$790HbRzF)*6u>gkPK2P7E8=0Obpkpv!Bbfn^6q}iH>xF3QvUNaq&|o_7fv1lL zkl+FNP-PusGICFeO)kK)v&cx=ox}CVH)u?W>N~}pyYg(>uUQ9>4+Gl8eph5@ zo9WU-xiq!`hrLD(qclzjdjQvh7sm79_IvbxlGsFp1eY(;Rjnso3^#hC1q1;KH;vm{ zDG*RP3V>i|#;bRIhH^uVie2 zq`z!T7m>(-!!z+@>V=8}^WakLfDMPyU~9(iS&}{G_Me&7G}l?nOv7H<@xM z(Zu?o;^V{)(+4?=9X&1HH#TW{NDNQ`q^NXpQXYKPmWEGj7cX6?=XxhpU&&uZ;q4T; zuIbryLb~it2eQ%Bh5>bwoIb7aD(v$7CVM&)Nt?7zNT}~<7XK*D_t;%c=AqPKcJ=-X z{Cr=Tp4!-qy~r|Vu9@Ue?-*19uCdKWve`_Lro*Y^P-Vx7Iea&k5>7uLkt%#wo?wEr zXVUEi)QBN)s@~v7V5og6EEP?Gb5cC}$7SVa(*Dg}bifhFAOhrDkPeD+6jR_ffgo%@vf#S6JQo$Q824U8`G%d>FUNiT#Z8en2~<^1*8%bt$|rg|+F?f@LEopX~Q ziA;I~oW#V3NE<)OdL~wtk03iRCio#gn+%jIBq~_Ns|5@uS60V8pxM0>-tL$wFW|kx z^P#$htG$;*rtP70dhJfb-#vXYA0g8-+;IqB=k!rUiqaq^6iP^cT%$(d(&k;ERamNYmp51Vn607_AxtLj!|S)+KjHs|N0`93}cqPF}F@g(NFa zqV^Q00n=-OOKe%x%$)|`#lUBZIQ-8pyUJnnd|O^8)mMgUOkEJqh)PY;{@~%F?=FK? zV&aFZH`tn>d&PpxmZS-XHCjf*MB^}(FdC}?A4Ht-s!^6yZVNS<{4gF)nLBX?5EJe3 z#k#c!#N!~d>IYTRgc5mUP{^L3zGL>@i014xYLD7hJJ?5zckom_Dv(K@DS2lma#`#x zX3_pqC0rmCTD=&xoorZez1gq>im{ViiVZ`_ax+Lp)i0N5{Rm+Q)vo>oTgK;+fRb;y9k_Cm?b!Z}c=5tJu**D!E7Y0z zpKgw&FEqXRvE}D$QLTc!OI1XXN0_LCV#@B2b5#-*joDzWqqHWY+j$XNm4pWP?!2D5G)yWU>Iq1X z#)BIK6Itf2kv=DTNku|hlY23-rFJ|1LIpKx%tL9uGh^5YcUZ@xiN-EbEl;X-k)|l7 z#8%i=d~~S3k`G!SLeeQL`o`LvjGZWf(P<=M*0!_zJkHK@stX^dgpW z80Rt2t2#60sPX_qG4A3f7Xj`T&TuL;i6Hy#OjBN&i>6Nste!osPI=F%Pi2joz!p(; zjTgCs8X=eK6UnAAEKK zRB$1%ErX;ggl6%-2IYgCXC8xS>Cnm7nakXLVq02!c+7C))NWgj!n0ixM&=?nJys{g zBl6Pgn=XOL8Z-rtEmh5M>TrZD;aLU8RK*Pm2SU?QZ1@M;N@hQi&1~B}UUa_Zv_p1c zf9y(pcnY68QeB#h#7d>F#^gz4C1rX*x;I z*=O5Br{ct9w{!)|2uWW=`f*%`bHT(_*=U14AQXD<9Hw^eWNGl6+OPx-o0Y%>R+brl z_EXhQofr_`*?yN9Twm9^>}&>F2Q!3nxic=wl;G^SlcenF-Tv|sV}tRJAd12#N*D)? z8w*c%@xUP$(YC{gfT5yhfdw zn;XP#E%`5?Wuo5Xyc(*dS3vtR7#d_)A2sN3(FA>3Z#8*upjvNA6Icm<$zX$^(Yh9X zHs*=0o2$QZ&q|1BWv(M1tg&D%RZ1}KTylyd7UH#a{>gZ@vD<>_cCt@PIw8boyqbp+ zKZ)c>H+lXZrPv?S7j;T1d}Z63E{G?rs7j&;&t**?sV_fz*bzC{BsEEiV|=B|QGTxI zT`tM2XqbWn()x8|x7Q6lTDq<;VuVj-u(!=T+Eu9uyCGoS)>DV;nk>_R7xi;v%7D^nB_$*36j6udaafb!PsI( z6?)bWE7-C%UiS8qL7H!$gfK{|KBGB7Frx_8XYrbs0I~JkI{NY9s4HDYc0^5#nTi8C zcIo6vgYZ6bNxZ5jwW$y6c!?|ds}10`qQt!|^*{qZfa=x7LS)eJeRq&>1bZdc{V)>Y z0*xZMK&)mxDxynwPcHh((4qA*X_wJDw@&PC>V23&@_6-pdC_|QxvO0er!@_j0=~aj zxksaapH79y*$CvY*u4=gkndd5?!os&{zdCge5wGS7=i_$UH%x0JsA&GV`x>~oshj$ zl)-MmxqG3|lUX*VkeKaE3x;kD0zca%uc}&^)>Xw`Ry=J=t@UV-R|n zA_i^n*3EZiq${Pc@sPI{kgyOVLI8IG9MJ%bTVXn114(Lk9f?$_ud5tkw^P0IQIRM- z!uZmblOoi0OKJY1RL>7@u2{GqJrRL%Tpfvo^f^s@Klu95j3)`XN_A`MfF4~#TE=%| z+;uvK+C7)ism%Eel?-{o=XQ~1wO+?ob7R~?_!xvLTO11njI&&(L5u##2A4OIP=aCJ z&9o)U0ab0wVq0VviJ)k$u}{Rwd1%>ZGbvc+uT;`X_G+2WKhRVdSAz>NjyUzoE_Ngb zs(}Olt8^i8)ZS=F{EsuCXwm2^q+W3F;fW|=!}JSs>{!DR@0P9_5r(<}oBC@ywFT#) z@bpFA0KqCRz^{pls3G?I<(8V&GKz*v0WnS=DZ5C(^pQ7}u z*4%RhlE!16XM)(B!jB_~Q1|_9=4L!kSNw}(r_=Mf6bdj}1w?d>_#zwF1JzU$`X-UL z#ga?7B>a-|CVeDERTfWe^4fSJvp{+pe5ZHffVqpDtu(!>iW9=Eiq@GC$Sl^Hf6Bc{ zT_xBE1b`F(=?MU!d>$;NV?#pgVbp&Zd+ii+%0o%NxS5JC3#~2;i4u&OLgeX|%PxHW z-b>LE(lRDf5NcKWJg|AQpso6Hi=75xinri-E=}Z>WN`V!xTu^xq0tX?_>b&G?Kq_y zX^5yt90!LSY{pZp0$kITv#i_Z+oK1?zu z&rH#)PGNn3C3sOwZ*j3O%}$eBQd=siVL*x;NV;)4>mJ?HWl>jgJKv=m@0>aj#Zn8| z(=cLh6C!1s0$-I7tfRH+yR{GQnUtLEdY__U`}`Df;Hj^ucLhyZ%s-;+G)f^0=wYO3 zD>IltDn7hNF%et065p3wOWVf-EdT-sK2DJPSECCcGB}`_a>3@unepsa4=bbxl*+)9aKwx)z{tmf^(P85m8NoCq)HQ*5TGk4&rgbMm2Lyyi&}_phWp@8TNpSE_f^DH?}@)Qv=xpmgCHZ+C$k$nE* zH4?(k0v#HAJxUgMw&~z*y;ZsfC6!}~&%p6*{L*%?1lX5K_Ju@bR#?Z{JgV&2^eg`C zPeLyiOpZb3bjb8Yj&m8h#E}8R?<@S>g4dnRBbMiNrQ-MrTp2Emx^iK}ahOwE`qEy%KD=yGKV* z?~K4|QF*#r6r5VtrtTIlzn*_6(LQiVeWwG|Rn9-?hcfYrOK%2(1 zEIFz-aQY(-r>fD?^HuT)c=_76z{X&FWwTl+8FZt7>B15`_|Eqj0ke=0Wl_{+xcR-;J-q>~u@4ixJiKtQ+UO^u$8qP-rp{W;t$~Eu*tdmDw@H#t zvwccNB2~U<#|zl9trdGdi8nF6cB-@aH<7K-sb0>Py>CP)1!mtCnvf9E<13Hs=!B?l zg%tv79wUrS^SXrnfIVh4Na`LZQR5lr(fLh{tridj+f*fmxg@~iv*!s8+BAS9cPed()PSTgzUa%p} zEo--xMXl)dcI-J&q><(D9Hx-%S76vG0q3trA*zHwyY-i; zA0Q-4-1Uk=h+;PB^-xMIB}v@XEN$v)(;ZA5y-Y(+k4?5sO7$9WDOr)d9Sk)q^q$tJ z)NR^J8#8D~l6eT>a#>3mKGvY%INP1QtXfIknQal(?_^1L6`AYRp6R0oU8SB8^+xYJ zq8gBlyvhP(8qc5+QEw`>GGhyJFL^3vY0W&H1SRES42=oEA{|A7>mRkls=lK>YEh}iZ(p9myFQQ z2;6e*lN7_cR-*1&(<;>9V3RF}OzAM6O-`-b_8$wWn5gZYmBQ*};#wyp+rWyK;Km66 z*>OEU7*1FBQPKVlYo`z)zI$mb2MyQrFXvcxz$8{flwKL;pGTj=bpxL_5t{q|^MjU3 zCBa+(EL32g>HS;XWm7l@U@mxOOuH)NO1AIL@W1}8h*4||6^>`2rYjKfTVeH?KgAos zCxb%k@D<)~6}ttXHc{3ZLj9D8{8{o4iU+RLariJTpZi;_r8E;L{w&y}oB_P>zp5Z? zZ-83Ke=p4We?cFv{%ql|lkD4)nPTK0$?vm|8$@`9DE5r6J=fLu)+aU#as@Ev_?eI5N7joj~ z@KQoh=&@fvlIM(NCk)#cy#DJ)@1Y@???u{Ibmky$o*sD*{q(e~G!(+aoB0EE?Z1B{ zm9qj*b#d1kT#^0jk^f%!f1nR1Da|S>>VNhB1)+am77?7n2yW?&bEE=1Yaw!LR+vTI zcCh0T|M_`&ku1DXyjo$fl?hi52j|dU3HOV&-DZ+Id^nZ57OYg}*K|B&LE;wj@G5mI zmeKHwKW~Im+6_-03a~Rj)Rcj);)-B!&yS2*MKzt{9{)g${{q4dVzGfFRId%1%=zzc zT7fuRN;4Hi_R#nJJ_E;kQuC_ z^vq3S&rElCP2LZae~Eg}3elS(#*+NC21+qJh%qk3yP~&hzV#TFeETCGpuFGfurSN% zHb0F+av}~bHs1bi!UBq%tA_s+@q6sXf@GXaq?fMk04e#vH;G$bf37CWSPR)SUg;R^}yieh9JZdyBwQPW;dFA%x zdcsjHYrDJ74~b$A_uU`8U8|s4mML187r8Wc-0E8u6OvS{ZdTo&lyJ{Ikh#!`BEI8T z8L7?F+eUQsKOQ3h?WnYbK_vMV4i3@#^<1$KFeWsu2B_DT`(PNE@<(mmom3b)uVZA% zO=uaI*=0v{%jaFgxWqTV4RTa}K*9IQ|Aax=D+ihm?q6GM zwI82$Fx@m()f`AE=mg=L#e`7lIP_QL?pX`xxk;ZS|7YnA>r*X~6;x(^+8_L2l+Cu=n;pq7Yi+k$_(=9K`n2CE z(ZuQIC)KNi5ohZRjpA%`YR{BaB#<;6`P29vh-vo|syoqD&RVjJC!MfDAr(o9ZoV_` z-39n!D@;u*b+jP$^hhOrng`%8x6PU*fzBVh?^rY_b;n3KA$0fwMK8$fnszydO@hmh zM+P~NR=&h?U+S>#)5=&pgeMh%knIVG7HOdP;2OtO|5u@Sp!P#7YQ1GeWlummRBU+MJRl9~~7Z zIzAD|V`lI6epRY;Qgl2z(!F7aN*YsWzKh&zM=76X?i~Y1DlWg-!8L9=-xH$Bv3_wR zdqGlKBT-ihw>U**!5^0$5Pmr=N*!>j(RvtH|bKfH!qM87TeSKN^NnANU$ps|fD!Uo_;$6|-xD z)VJ6(gFW!%%Ncz_#xCfuB#}(g^(YBC?;-DCJ7H*%4Q`tcJL2v*VeWPe9}`L}k(j7N znV~%w6CTFjVziR9Y5o|v^0Iw*Z<=rA^DE98>cSKAs4&;*a>S>Ou9^$%jiY6mMd41Z ze-o@LR}!0+$xqT)yW16z{-spS7}D$w#pD5q<7tz8ieszg6#EQkTcagMYzC*_ z%{CO)E^(~zcfI*iNj8W9kDKMXT7_LYpV=^P~>9P*j$XSey zH1B0R&Jiozjm;4e`Ue7)R0KIOQr&#|>`&N|e#VpD5!tI@@>8=A%$Ha$TmE@!s=BiilU!Y4{h8x! zdAnkfR|u8C>&QmSh5@{BFzsl0xtTHV#}}|L8skf}ghC|!`Eko3vFjD$c3~U8^Hy9Gs*(0y#T@^f2*NrXt7gP?lGBcaYBF?wsg* z(O;$(ed&I9R)UXn0PAxO+j>5U>opOb)PQK$zl>~ta~oMH9z>6VX5tO%3l$3V3^*NF z)ctcuJ46@SELyl4ur*IeHy4+AO~`;BmX@a(Z8Rwsn4pCTRv?#&t+ttVm`NEJ~%L+$8mL@XoR>ywE6-=q<&^1FQ38E~n-yun9YcV60Sws&4qh+@aq&<`|t=vxy zjulFWc4U{*gB>LA`kE6pX3>DonPzDgq|56h1!4vT`|^B`aFkxsFxHxoG`~n4h+!=Z z;Mt*tv_Xw}2n5Z1=~UgcXYY8G-6?x3F#D zGIdF8VM`D0oy2a;6%Q>bn4dodVJpwK=dDMWu-t^;U}YZL9$Ec6)3Eo2(T4taNblt4 zA{D3SOg=<-!z7gV3lRuDOj$CXMVrJ<9a11C3lw=H-5YDlf0kB|lUm8*#w1E$!M3{x>rRn%$O7zI@!2ye0zpLc};Funfd-f?~J~%+(@% zMe8wIn>+294tWG(Sn(D7osM2f%t*I7_D&p2C|d>@gfTC-%^beT5|}6#cIRfUGe;>I z_BBnJv>*u++#z~)y6C^{rs2fv!ddJlqd!NSZ||pXivgS6^^4AzD8}L6G4x0JBio7L zv%(c~az)-wy^~$?#aZl)ZrQzLBRW!XVnhhUhoE|5eCv!h*T2t1Kz)rOSn}w5M1YUb-eNQ46T9kGhU{QAz zrUru^X=+d7^u9y-YkVE{X1Xvg(ll!)u{SO;(-3m{#U??J(JQY-g2-8=ug)|m-@>}y za3eY1MAnT2a?az)rguO?u`YOwyqe@RjF9S~Vs!_#(S8qA9G$?hi#Sd`Bn!m1gFQES zn>}1!BEDQ^!P%K7H#Db8N^k3xE3gmJ@(V9R?(rxy zrBtg4&(I8N=7{Xd3C*}g>cK4a_b>6E46P3*Q9MdFH6Apt{NH)e|0VRCZb}5$qZ7E> zVE&IF3omOaX8R~nudpwwn`EjQIt?{KR+RGJ7=7qQmRYOA0=SW9ces7e#jnvjv0f7{ zfO!uj^uNDCvn1?A6%K;{OSLSg z*rfhq0p~+TPxWcs^DF83#{kQZ!}`d&>3RLz`~s2--7g&_{MP5v>wcZD>V=6h^WoOL zNIB)Ogx~GI2qcANRz8LiK!V8|6%0t3Ewdoa#@&%nr$Di1_!z2bV;YusaadZ30!JOA zq-#AcYieek0TBl|pP7R@@=}kvX<>JBLbY^{?uU?^U%7tliQ?G$VQ!@P>ivE>6Z>L( z@RsfcPS&;4ozMy9HO$w{ju&~%G8~-d-q-_k#!bhzwS)DG6;zlv38~XC=4X-Vk=()- zZ;9R&>$ccZB&D}DGL;yiA}QnWF;^Q21uDis;R-aBE6%Dv#E9u!zFY`**<(K2O3{!< z3ScY}Pzp)md~msqGS$wW8?ckUpmvR;#_n$`%LVZN9qWwyJ|q7Em-FOL(bh#*f>lrk-~aTit7TfvT{IhvO|sz2>Vh?SVa-~$Ah|vW zXGL1t46kL)xyV~zlH{+j*cTgOb(J9u<$KX|_AQ5z4YB2fe|@Yi45DtAP7#`Bx++4{ zz2#CM$LEiw_jVo868_Jvb^}Pum3z!WSb#H51!8BC&x>&`opy{6p)%45ZTPu**`3CY zldS~ZR22`Y?D<^@)+wt;jMEl`Y~$Os%eVyON}0u=DBi^hvJ@>azA4F)<)j01`vtqF z#?rTp6$MZKU;5Uthd}t;>;@iaYKx1=N3@320uf9^CzrI@gD$*)(h!ANtIm z{=TP`q=}~|-9j7z&hiTRqrJu{Kj`&X1c29IlB^^@K{ftuWM3sZJtW6n)jw&8e-EFe z<6rK2$C32H?}Dc8q+;Ug;gnMG6PS2?cKAx5`q=*g^8nT`(Zca9-*=t3;iIaA+i9@5 zxY0dziV5e-G0FCH?XKEi$j<+8AgLTtXr2wEx!lf_s9&q%uiuT~K7~d{Hq8G4OaFV? z74vzpuLgT)aNM7t{i?BzM!Tc)w1j7!ro@(KBh)E$^63EH2*FOw;`@ zqxf?cYNMsF#A-z{wbB2H%KtA|Uf?_j9xm^otNcCC4x%aUB9^LQQ;7=Y8iaiKca$^%;xYe>A(qDP0o4qM+(U{i z|BC!xQ9$JF!~3=_{S@5)Y(NeY&>~#vkbebkFc7$}H3PMDe-GRVK!|4)9bo$Vqrh8s zn1QAf*)T=Y{@!*Lphad>xc}N9_$7b{Z-Q*@^c(a}uK2VUAieJTZIMgm^Z`x(uQUG| zBLDw7^Y^9l-^~1fw#D_} zNQTc;2f&+*fL2vzXfTR3ZGMpH1RT6(>x(1lYNb2?a~Q(6^Jd9_=XZG_aB<%7cl$5& z8SjpoJ+Ge3hq$&9R627*iL^_&GNtmBLtv8ro>nGOLbI7XjztO}fyY!HH)j(s$ZkncSmdASVxhD=o@uCzJFgu&G+(8K8KwDf$cTB_}z_oAmbLhj{_tA6GoRs z|N8T6FfOb4ChL^0#W{7`P1q8?eG|#b)Egq;VsTdim5d*K%kS$(cxYG1PP#D^Hq!+; zzuVTGL|O2WiE(BF7q9$C*9zzKd%QmZY}V*?-KN#n9`BAv_ukGYz1S3aBDfZW zab|M>-13HKkW%&R{^8gUH6dLsma}zNj(a0zR*rM&Rb|t9#Ct|Q-wWF-J)4S8XP5!6 zlXY28B?QU|46BPWNhj}(uN;V=yof4 zbmOqP3x#YirEtUL@11oF#sAIg3&8hl;RLX$d%ax`*((c0WN0GBUU^9nfLRmrK5`9h zr71}4$?_gso@e)CwP8nq2en@d;PDpHx@;JT+_@GC%F15sGI82q%KHg8?h|2cn}F^# zJ$|rer$!C{uBh8<3Vx8u>U`3lK$mP+QX^3bocNv^Rhr@ z+aEEp47^Y8Kjz&Ch;V%#{g%o~=_ow``gzl5bQx}y<+WF0G^DhSaBR?VL1}-C7Fk!E?lzj7GDDJ-?qd-$5sbD&x+Z~-4NdrZBLz(rPW)5RLCj1lRA$sCgHeKruB zi!Zq7zTyL1{&8th(YwnGn8-$7d{H zZF=$p>jLh!Ob_i4Cm)e6YC8?v^N=NfzH***y@?<2vZpCyRb}+y#oVjAQjOM9j+}ms z;m1!ZRXChJA7O7Fh9u1_g#{t2PFA+F639 zDbp)fMVTI@fAe7cW6)CSML=F*F6NsIFIQ3eY3OOU~TsQ0V3jzMHyCwO`U<&?(Yf?9w zYR(!9rLUC2p~V9>GrP8`_p`t(;Y3aQd*9r_@qa^mkt$wAdPWjcZQ6h(>fN>@&NygM z#T|jsNEDU2=Z5w92eIwT?QbGvke2~XtHi1=FUE~M^y`$^7Y-X&h*0=WzTU9-$y&^M zwp$)f(H06f0~P7O=`Sk}M`^tB%t*k6HJFq>jPx6IS(oK6Pql8pwu6|XnY%_FVRW4x zuRGALm3AZ_b-}Y9%l$ZXHJx8qBO!!tQ%bkiFKAIW{a5YH5~x49#$s2gG*Vqeu9@IK zB&@Bz)X{wWXRPGWfw5}O?2p|~Z}%`aTmob-xQlc%&bmOPf|u#wwaGq- z+d|gqU3gI|U3K2PG4PtxK)6V@T=j`D8oD@JC11~E=mgt_%U;K`;Czh@gg;)e9{GL) z-JbZi3QNn9*}dq*^f`b}o{8p&dLRLi&l;-x{ovDo2Ea1;>qkt;;WN=#BG)nDPjx@$ z#RfsW5<2E78*f;dePVpOdnh2+eH+xCphgT`4drVLj!jZA<_Viknyx!D^L%)X8Am~y ztb79w`+P@R@|eIhi8?^mDc6#VE2}9iyve$1^ar_HW+!_{Duku?8^66u2Bb^r<8CS3 zwch(%VD>MByy;-?W-7YmeU{x_w!!OnVjQUAwvu!t zRD=DMX;vqNQCrqCW4Jrfv5PHRGwEN~C>V0>^Sy2V=9Rnc-$J5s7#*y@1$mWRVcB&5(O#u#@1vw| zp<9fTcf#LU;D+2++y{him72bArbXyd%M4ap~;$pIP{Eao4o^rxEudrbx9ohGMh;cE5ib=fB7c z_@sK1G0tl0tx{Ny`d-z!a1wLCNxBmcuGqQ}7w+c&9S3l1fO9xP(90qqP1hgBEYMfg z<>D&Kh>X8*1la}rV6AhMf$Fv zw%U7{He`4adTz$uM)6(JBe)L^S&4lCGL5jjjlB2}3-%y?C9N)4!I2+*$W2zd94f~R z-|cq`K96#Lh<7={tvAf5eWjos@sbMvNZ1LJRR3D(Z>T{Q+P@7QvO7R+8)G+%*RwT6 za6jys9k1=UYnVisOgQ2vIkpiI_zs!%tSOBc!fd{KJ!b;u^X794CF9Ab9RobQm1r4W z{9o;TXH-;4)U6YcaN2rv9NU$bDa#QQE1k0ORI5LmECVVO2-$f!jGLZy9~NGX659 zNLLS@Iy(x4LR7Rg@v{R%$Hf&l!hE=L9X?E_0~)n>72?~6O*d?#p72H8VS zg>=9A)ziuH%iDd_TU131@|2{|b5rr^MUT@}BSZ_uIUny+=?emF`@(377UvVIl@(qoygHc#@MB-v2eG%bRs*e`Gke&=Ze9evsW`GfZ#+Ld*PW6K zHWen8+Up-&Y8L65SpD@s0R$rm06|f5!HTvqd#gt0;whkeYt8C?zAnu5W9q0~WN~S( z{`K&yn%>u7jmu6wcFl`|I!m&nAn6fCv3G znhykwzS*Ks@!-$rez-hw=}!at1HtH?qaQWz|JtTtgv*{Me~yfU0;4zn&tm=0V*R~2 z{?B?=)1G1B5GW@inW>2@)BLn@ZGrqIopm53>TRa^_p6Ct97LZ=Ffb-#7GD} zmP(_bbZPYPlTo<}fCc`VX(r$yRN}6AHu|EQOYwcnA?wAF?Ggaf37r$UfXAYb(|w-% zSjS2ISm~OJF;f?PO?wCX_5{(yn!u=S(t0~BqG8yUI=?*>snv=Bg}B_ZRx2*}vlXI* zJOiW$hglhY(ypPv{oE-*$m&}Oh5Jfw4z>W}D0_av)i@n!qVXn6w(c0H5zzcDl$(aZ z3%%X6Yr;@C>pXV?9?EuJzd{)U1#(^XEXvz=uRU--&8u`4@oQYKoM^6U*e}$dA0b1{ z>9j|yLB!CYDNT=gb@$~{TlRC8vgaZ^(!T3&X^}1mtJ@3Tt!nlQ`jH^|R48cx5kNBr z*+Qd0a{?L=k<^kJ>l#dluB)e`o?w8&7ggQ>QOeYaDe`J$T>ZM=uS9MSdS&(*&?Z>A zj&&PqGPiFr0pB?_Y@8_^qb=U3Kb$JMZ6RR>v@au1T(B?Cn%iS%R7HI_{X}FDed__@ z@@c6xizdO*D%)y@_`ci877Gess2)#-mk*uR4^iQH+iXlPMDRmEIq+hBA6s^>g=V#f zIMTjkI1RFu2dkG$SdIGu>|@t>da#8&KNBga_@-+N5I=&W!!yk7Ps`wyhBoYY;i5pn zQJSGc+qD_+WS4sur8iv>v;$n)tSp4mg4PkbHWkCo;CX2uYlR6u9^Ps-%i0zi(I*2P z#umNL>1l=1k9*7mK>W_FA|6($3R=C{Qc+Ri0YE}&=aW7t?&sR@HCz&)B}>&wh|T!!d0#v(+up)}i+7!iy+FJ(gZY4q z4B7xAYY_9G@>O)s?rX}rrwRGgHnPa~r;H%{Od$Z0jogZre6udbp-^jPL?9zfRNr+W z)+d&Ka%%d%mj%>3%@sOjG!GNph{56{M-7W^@aDu z+x4&Ab@L%|DD;dMVkr(%-YYyosFZy6*?i+iPI@0a@b)FHr}L!%CR#!adCh5@m3iLg z(%Tl(pL1qzRHC&he{@#+gfPB=d#Gp~rdEL>e7pqqn(!uZIgw|S%7^_cl(*FT$_;zd zBIS`G$FawC?IrsR-FtIx+j)jopsgFO1;KcjN~2XlslpKQShZ4T7)9M6fWsQwzXaNp zN*~`pYYA8-&Y{|BBM)cP@`JFUnC>0D=DPfM(|{R-*O?=CgsCLMeUY=#tt6s)^g|6I zHT~8>%-zGgM46~`9{|ZxYXHQo=*}t}!i2_~?MsSjZo642G_Vp3Kd>vK;8vgN_F>!g z3h?8jj$>HRp41K|%0=$H^e*4PH1-u;OfY>eea0u{w;c$&YK${+h7T1Glbi#nNa^T@ znwNM%Wa~?#qh`tgfQoXId`@=CKIOydw=&#KqAEBDvN!`hL6YotK+_u}H3FF_eGz&Xaqw#FNcnRAUBrqe)DM+>Up-d)p3KrIS2zHHp+dd3?ciKUuPbbUqcfTKSqgGpNKvM5%8tbLQJdZ0G>3`Yyge zZFb%O(Co$IEtZ}F+Slni&o!k;jJ859CISp+H#jmym`t7#8!N77<9xr^iwHyC91R!4 zVnY*&L?(F^ERQ;WC>VBxrSAp-v!s%NbB|ioMdA!$} znjg?@iTW-W_sZ?%96Dc~^H3m3iph%VCQTthz5g8ffUfSL;X%C|3%$#hSa7>gm<+K% ztEtU8>|5T}bxvO~XdB5=kXsu3Q_IqEgv7@3Jt4h)b4Um1pqR5OY|QTq={o!_bvQ|; zDt)?#hM%q5c}dW{=)C@_`|g-nsV}6DklRzh;Jfi+jRoFewfLj8yB>ihuW7<%u5%uF z)M4N~trG4=^p2!73PMIeCw*`1IIN@Lo`+`StRXwA`O27feB<|qm^h(p#|1Py-w|Cm zE`gcm+AZqc_L(qFtA0bi8Jcp$bq40o~NL{Yeg9qj5> zGE%M%ZLH>JsEz7J|q43!c~S-1GPH7}&at$ap=rZGoo;r6Be3xE)K1YBkF~@xFNF zBiHusMc*SuPNv6++iGq11Pt+>;L?m@AWF&aqMgR9l#dWPGd<5=R0=ew_Lc`R$>A40 z4T`kD+ZCmKP|N(5hI)T7kluY&4=HZFA0R$prWTZVSS!q{&;ady3hGjZ{D}wtyC7?3dj5Vnh(%HTV|wQF5NK< zjZy{6eJumF4y^c@l!eb-a9-|7ELZ(Brvos2| z!r~#!DWu}LolBk|!-}~i#tfGErSZu;S(pw1E)msiqR!$wq1iUEnevP8f_OG=?U;IK zw+*M?nkKErkcbR^)SF)cf_6R+Ki9W<_36rMO5>pKfHZA^Zr)Zy^Yva7JQ@Kn?0!Ai z`1!#eQ!N^7pN4n|COb*W2mDzs^EEREP*Ht;i=dCY>;)af^9>K|XIwWg+{8Y32BwKNd`GY28lhQ{!e^M( zQD$=&&Hm3~y9(t^Xd4#qNFaX*({{ThIyquTzffSju|BySxA0_Ah~#GO^~-aSB(|3Z z@&Y2ekAl8pdSLM-j+>Hu2g&Sk*g9F~sPZ|$0N%+#=t~84Nc0KUtT5y=OjJZCI7~FH zv-ZL@CfzOy=|q5uA{|Q!{bfydIT3(p9NKlXFyO zh@{C!Sk>2sEKo;|>{kz;q%wvI(?+5a6+N+|HJ3%km9-g%rZu4HiS;t?rzO5{63F6G zQpOpQYC3$2rqXEHWeK~!>~Q|kyvJqNSN2TaDo3?VFr;|ZlkZ8P7GLk4kO>KC=QKWF zUk0|!D8BC{rP!YAS=)!@3Uz~wr6wsy;(d~3e&InTPH`%OM-oG9B(2rQC4nrck;^(oDz#H=+^G6q#v7i2xBW6HYFcgfHx~U=wr2*@fO*)^OBuv7o$^`l^iPAV8t=H=C$kN z!JD}+pAO~~tjEDMKD8aLR;UoFSK7Ur-PIK?)~>X5;Vh#q7G4ebq!z%htec5conu}T zBf>ShkB&JGZC?||<}!#Vrh%Z|%;CNqH4bchU%OHIynaRF0%>OtGpvS6sj+~3dgx0q zXEj^+H!9xN1v5Vl9aDSnN9_s}NYemLRH=YK^BrR3OXwUaYL7I|_Xj22XWjOr(wx)n zW5pxh-Cl2Oti2k9C%3eakBk|MRTVmXFyAdz#}z_65b2is>f0BCoP@EQ%_c%=d)&K( zJ0I=pvi4o@Pq)zprRhFcS7@uLw@Mz|b?2v=jjE?Iwaj&q1jM3Z^>Vn`l-Uq8;}Gl$ z_(7tnSJTL9Ck=?4-UCvn?{QwQU~fl z8klN0Ui@%4TPFWozM)A6y|X^|4(T+w+POc+ep6z-xaQZNlQOWxZy;W%mA0pAeF-W= zQ*k#%Xz58*d1^w1;uSLkFkM-b*>E+EK3LilNPxi{)9)oaLQPrpk6Pfbch7$~U2N6d*RtF;<-VviYJ znV--2GFp?PwoiP8H{O4ay>`c==~%yw=rFa%RM2u;M{MO|)((Ou-`~0@d^T}&)Rq#3 zair-!b_E?;mD-2{clK|Io1M#PBOfQTZkuNbb{pDN*@24+MR&igVcW}3Gy8ItIwD^i zkzM_XLUXXJ!3+pz%^X{ZXdAtc`a^Bp1zhoMMe%T5A&*JF2Ml!5BZc6MYjc}U^1INw z#i2l+ZBo-!ps8GINY@wDVUgS^9AI}q)yB%~OTGV&kAPO>ErsXCSlBiB%NsO=!o0#V z6;{>Hre{enam3^&hG(OD2Mc!$QxX;N?74*~L_Bs<5X8RE^eJXf_I$U?Mj2UW;Q_=> zliG-`hm-DPCqyQ7%Z9!Q&32XaN+;4}*Y<^Xv{b65mI|NK@JU`Y#r@hdg^AybJz*}5 z$`A)$#vzVfZPxGnKS;94Ja5A)EuA%YLNqsdeFn-`EgEy)89_XQKR*|sRRR8^w^%=L zz_nws=gPH+46X~Y)b#wG3zLen(X8kTuu}nOand6$xfIuD!tq%=V#%qdKdu0feUiwZ zs65wBZ+HvT8m+)G)k){+UoP&8q;|h3+8#F66kMLS&mMOzeSTRjW#?TH9V3nT=g{q> z`bAvzBL$Q9cWHuX2&;nGm&)ceuSTxU5$=iJy3Pfii~t%hea_O!zS7j(MZooYE5W$ zsi>%h2!egPeHGrG{d|Lx)FAp6OS;))DX%btBBQ5%3NLCCBM2C8xOzknbX_c0usScs zqdW4jq^H(2GS9Q!HL0u}HgV;gCSxXUjorG3-?0=fV?OCMa7#6Rb-?DY0V?U1)|pzL zImuOOfoX>q-q*MZ`RF`5R@-LAwPPB=svB(2?J`P};du!=!n<@3<2EA$Ftu%oYi#64 zh0TBQ(3oW-7y(vyoW@a9rPr4Lt&P+;(Tqh{l`3oOvbQt#u9hy3kPSn#W}Z%>a9)1T zMSR%MKo=+Wnk&RJnlc=>9L>yiNAxC4^1anb%bU3$$g)^nC?)WDvUNpqEZk%(-c*Zg`yVB_UaHN2&|I2A|PsMG@j%yhq z*MscYFc4Bo{2WFovtb&!s*<81|IB`m^#^5mGV}HvojFanZSzff+s71IjwC00EI1^| zy7wam(8eP@3Yag5mMig0-)%Xn4d#Jjk?hZe(!N?@PNsJR(}Wq)g*GHrknf9G!bCs# zC1+kYvCP3}qAJ)OX^2m8OS_mD<72B6Q_ccv~yiS zS!bg#VoDS_{9{a@6d$4ZDDC6Aj(cG(bJ{WKFF`D2f6X{H@YG2824Ch~`nmge3E$3n z2cX}DXB#N)O35SJKD@!F(C;0!YYQQ4j2tk#TBQJE%$>04qFx>EGaYWwSlHF&R2!}f z*;d?j<3#PtRg77PQdL2G8m^(x_JaISfuncNpY6}?urwC) z*;Sp^jyyV(`j8(RfJ+tQh|rL8d0Ife2Ef8&Vo~Xrz2hGfrUD^*nOi`}^R7LFk<#zN zacgg`Wr}89f{*lU5X*~37u$EuO}?MzY?~>W;PjH;1cb?VTf*Flr9CvDdAE0SAp5x< z3Y0Qbk*PO~&^x47x8p~-+g^laqr*pA8wPJ7OsL=W=hQjGvJka+|D}niGU+tv)@C2R zljkM{VmK!hTr(2U0XZnuuXE6)WFs{G8m&Ryr=&awP%QJd{hVTuK| zMyHdEM$5qa+pGY z*P^zX&0KInnR?rU^PerMzkV=hBEDW{J6t@sRCGig;@T!05xMPF>&el6SSo?1{H5We zgkzks^H=kp2R<&+XGe3p)S7Vvt7Ci}bkT^1%(`1X1y|E(A;SXDmsFBl{yHh7g_N*@ zVvU9VkA|fw=!EULh|zn_sE)&ADgMw5x6(l|Q<0Q*d6*=n| zc>Rb5-&^6h=`vqPlZ{5af+cyeIxDNN%X{U$6HNteO~t3=hoa>nEhnar&IFMI2RCO; z_gQZbdW0YpCyLtkx*8M|rgiVRcB56poyEQsKS$>6xT=U%L~GG_2_ibmj3S+r!vlOB z0?C#qs845x=}z;PFE__i!)xVd{Fy?{k#mNRggmmY?zHLbcQ-uJO|72Fb!#iz%6hmM zcs;;wfAq(m35-)|S0pXqD6gz4LuZWj9lEz`D10+~-@NbvEmPW@VM6Isc_ce5P~(d^ zr}m@lyjQHMQinB~uc$+Ja$F;XJ!h*-vusA3c5YmWX4DwBt?M3B{oBf#pH?bPY$h#8 zP1$@a;B3$e2fX49o=K8X>uye}+7Uczf!ZIe2Yrp z?{vGrxlsc-@Lg3folfrBHkX{0K=eR5^xEbsLhfr48HFJWi`hOIT0d!xd}}s0P<{O+ zhf(*$i0xJacloi=0^NgDwv^8JjI~Ne|Ti(oxu2h$EKn!NHnJss zk^K*?O#`@GA;W;*YGja@t_Ctk4&?-N?)|27vGAXOgplI)?*2dN++}mC4&uwd6?wgc^tvP`N09kvC)Kq)j(Ei-6{uPdZ2 zqgP{3zUkQ!;l09n!eT`M1?7Eb+>s}S)j)IG@`Wv3a&Z>^i27vREeqxal%am00j($+ zC>Jg_qK1px%g4*P((8egyTA-GH(ZrG>{Zv*e>DK>C!s!fFC)hv#wG^79X38=Uoh>W zQXM~;)xT!$i^=Pu^XtUT#TCXa7y&61e zMajDL#btjTy3bh5ugnC6|MZS9CSK3h*!ylXKx&@apQQHkY@gjITe-KHX+wHHSIr;r zem5|br?LMv&5!ZnBjR#T0m*e`C`S!pK5leS7XRwj@BrITL1Y+YKa)HOV?XZ`n)IKp z%bMmb>t#%CT%Xpw~7A)G8rHmqfJE)O5!Mh(ntJZJJ<&p$;*!Zhd#J zVGS+%#TT!Oc_2%EGLoF|9)9ERuSR-@Qu)mua2a~YHefL276a$+u{m&{^bO#u9A%DF zOvpR#csXa9zh^4S&>csQw9=}`DAji$df=GGsxA%KN-a{(=AC+z?7_P8Hk(rWOFT^k8cAoVy0 zN}l=k{Z5w1c~9>HBoOGEyorn4BRU(6^iFs-U54R$Rw-}1{bq^5y#r`%|7P+2rj~TA z3a_OBDsItCMZlU(l}6fAwKmnUPwe;uMn+u$p=gP*Ij2hN04J3lx<1*tC)PB05=ba2Ye+aD= zhI78u3VVJOgTe8MK`MefEV1|9BRYo}p!@}F!#tbSBM6XOkKp2_IK5`{swaa9BRzIY zHXBYbjA0SQAtvPj125in$l^6Q1~9ezC`Py2n`gFLe6w!re&U{KN|~A0*5^wtmw=v} zipxt9hzzZYG4kR-5ERv#CHP(uzZL0tb`0tlrHFu32V>du7c!=bo;WE z4_%Tz`m9fvV~4>;FaNEZlaX~h#n4qYyv?u1_k-Ee@QeT?^#T-1S~wO++YYO%$1ppy zdKDvtgbf%5<)Z(1o4*?DWCDr1(mBniTR`Sc%3VGE+8$(tv;nv|T2=fu5XM7h{CPZ# z*WDx>o<|X=QI#}f>6wNL1>m2St*5ho@m>L>$#Y1CO7W0zHC{zoUOE>_rF3FM0J(WCrbJ#U+WF1iUgRJ<$Sfc!Q+uHS= zXs34%RZdq)*UXy9yC;_Sof}WSH?18y0#>u+GcN7?`URyf4~*;qL&FMTd41C{{|i@S zR8!9;wu-|f#izM<>@tDCr=CiIWs^nvsE$|TFG1Er_eAJ$FjzZ@^i1>0szkodtW=T> z9=Cze7mvI^R>P9n4SHO94A-Z4Lk1c8YTRWm{G!?WwU|wyUsN?z)0BT~1zf&yY?pnV zaVWC~LrL#w(920d&P&X$5x@usb#=xXdb>znuYa`^(RA$$MbOxEGc91QL81VpX~CfS znqybo8?C7WC#>>nDq@=FL2oOohQ`DEt3WE z0!AAE@H3wY1>fN~M_E+A_t?u~?EQ<$R=hfOTK9E{c}7zY4>oSg!kodTn-(|3)j-&* zIa?D1GEcZ9;Cl-OqkleQw4bN7 z@XkF-o+8&E|8U;M&Rq{Sxx!t$_E<0X`YD;3B%gF@aF#Y{PMZdnAKyag0;|pVF(6;N zPg?(GaWro9!c#>p(NIKwrL-lVi@dkMQ{%fr7vn4lb!$YhvFj3J*C%3#Bj)!3_-c}% zHw>1vYYT&-O@e*wn%=a|1&d2spht4(1yD^X{&R}oktR(TSBnjP^*No6FEs=p>w&b_ zBl%eL+O|Hllh^@3pXO`{?=s;CBVlInjQA7Dw71lY1G=$$`Ej1*X8BjW0Gw42jHcq* zU+B=1pn)7~qaelcKy~7M)L~M~uZOrp(4qxNtv4_E_F$eYa%|2SWM~LQA%r+nH6o6Q z8U&8giAupN?7j~s{dsYDg)0<;M=W?JLCwLI+sQ_Zl5oEwZdO3@bY5dp;`7P? zMj?du)P^s~ME_K-WzhLFqzu?SdF8P%rXLz9bv9uZKBh3q$g59j&vu)}b}6=W?qRBZjmX#C&o64l1kkD~~jnk#cn1D)quS;FY6`pD<+)eX1hM zF=S}7S}&L87I0t@rVZ*C?Bsw|4q`n?GIvW2?{#R33D~arH{@c$|EhI^rDcEqn%pqR z9-<)$sHSG38%q3M78@e)#ZU1ev+4>p2d*_;YrM+~gg1+rs=cT4 z`insA_SCW}y=>KXC3$=0_-izi&fIld&Ag6_J(I=hpJ|IA<@f@jvkr@;Xu{JE=Nbp ziL#c4e8Bc2@;Snf=bPjcU3^34J<8Nmz>iH_`h}%oE~}LPN0r{eK#WzvY}w&!vglD| z&nefX1us4xVLRqEkWH`>VI)agNV-Y~$9I;KfFUu80UCyx`=8dTj=+{pEbiJ$8pakz z@n^7{=TVp!QBQwZu#Quea2VVhxAek&G%$J#5*PPk+EEWdmC_NNKe)Bu>;{TH{-bic zj_rAS4->TM&kMMpr5)C>r5}fH@LTT`uS1T08+-M1 zTJpjLX5agAGEbJ>Y!`Q>bu*1vPX}T=KPJEI5P*I~h|Y!STeMsu?O}?LA}g@}s`uA4 z&1^~|M&^J9!iTO%NwZBH*))}j{V=SVM~d{Zn-x!Q`Vf8jfv>!dce-rY+I5#jE7e42 zJUBXgK=nku!NU3>qf$$3gs^N+$0v&2tnYJaF|%h0CfY{-2KBsh8J@_fOu=} z*rcXpjEYtYQHTmnftdX%#h_M|Iy@B|FNyZ>4Eu@C3H4#g@YQu_~|aV_G_=E_vloI#(*GbB?N7f6lA5J{Vviog^MR(PN*Z}F&lIf zqsJMMgKSnj&k{XR9<`_rH+b>o=CP9SB1K`UXq(_ly=~4Zb;>Na?+mMkpr-t+Va%+1 zui?mCd;9USY+LrEThS{zm5@i2wyGjD`C0)9hP6eWd<~I5UydzHzq2f3RgkD&5{iw5 zse0hC~I z_N|^cb6?+nRczEa;|o91zImEw#zqW%HFqI6(JrhuE*mmv);v!tvBzWk&TKJ0*|Hv} z^?Dju^c0aBf^2JdLf`RC;U~z@pI)c&49U_?rZzuy zLu0JI^^<q7d1o5;!McuYXy2^s23HKyj|T|JA6^td727e#9~!`OFU zJjmLQ)$+Q+C|(y!bAr!>6RhgF+wX#2Y$d_J)wq($l9nE3i_}|c>s54lX-}`oV~+aN zI#DD8oHhe6p*7-aAi}y2}xGy!`k=ZY=2*wzsqIt_@AY@ZzQJo ze$Od-GYr!cU5Aak{LLM6?c73>tZUY6Q#5F*@6cpINl_zGinOuXmlDy8PP7og`^myRpgcv@5OL@8Zks z1q5y1w|T!FTXb7k;w~c;)W*NgZM>|w7wOXIFUXSyK1vA+@DYuP^zhY5>V#A7f_Yw& zeZfr|*fco5r+B$?^B7b_zd{n&9tE?VL)5hhqNZZL)2%R!eSzFsZbdapxG6*i;V z_Ur<-bP=7#y{U|!8?@*K?@h8iU-fVUow|W*mq~;AWhX!6L<%ZhW3>0114_FXyCxfQ ziV>2*b`tr09HX%Ao*O3ASW#&fSCMLr-HYk%xo;ucc`>Oa1+q+Kv(T@Cn+b;byltWy zMl4g20NC?@GK@sIIrZ>$%tIE|x$P`dq zU)Cv|$?{Jofoz7)R*>a9Ix{O)k1z9#7bHC<%=_pC|NJN)-F;xw1?p!${bF7f{p}+m z;fBt33q98-n^*isLqC=Fm=uR4OX1i)bc|VQr z$rFb28z;5#>@o<^n+G z9*Fsyz|}E}LTe;L_u1EvgazNqClnRB+m3!NYAJL7h^$vZM&ia1+3559!WYsG(03qh zziF~C1Pc$|SRGXo@11Ba2b;Vne)d7|XFvx6B2eL(9QA#OBJMptmOlFxvH3UlgZJ6| zIf|-HT1z7fCa3vZwiC0q7i=H<#o6(Z84QCnN{G1S*C#{_f3G6)Y~FhCtXRnXmS{(+ zqHqvD9I+itwyxI;A=JEPPkeh-Z%Q@g%+A>A)=w&Kznb4wf z_MuJVfc6cmq^k)paWo~D#_ww_IkB&W!6d$h{ioOuH^wV>aLZi&wA&&O_!a&0_W!t0 zJa8dr*NZxm|HRh+?2PieO}*9Y4+Va1DNy)r^2zA+H>^WdIFqeYup#j*Bt*jWKd`eE zaOB!bOU{HpJ$W3MVV9oD_a{c&Uje+%U_y{W`Ohu04$P=R^d3WcEizC78=*qQ^z)w^p&tS!I#~<*4?JFU6D;<4cIneUjkib#6L~td{|Cz+0Y{Cq z&5$4;0X%{GU`VcsGv`762{%J>}IQf960-<>kaY`z8yehLp=uvE=BhxGQY zuGaqZxISq&O3t?(o9{+OlIMrB3)~zkiudvyP_P>*GJ5g-_13v+T5{vr(86xZO1BC= z&*V$p^;4M3PDl4*pxqg)Bw~LB-uh0xnYJ>OV(PT)hw+y+*D4*h@sDJdFKH>ehm!8p zWWrWo68=-C9<;5Xx=MAcczgG843QV&ZVMS~d7H05E}r%DNd4kWpm{Gr@yYDk)>Hq_ zUtKhE{x-TjzhQAm47=~o0*mcoO%qkg3~5PHH@eaj=$r3*C2MtW3hAj3aByjO3Zrf& zs}Wfhi{6}kfxM&5;Xdg!be4AU*}+-HNFN>nf6Sp2KgpTX0@_=T-03{);>>Pi3T?x| zMxs#B_pSH;tdx(x*+)>J$|yWO^QZTd$xcg25S@Q%Seo$xsHF-|5<^<4=BucNy;=2U z%XIx4l=Vk>YK0KZ1QLdI=%?nl*Viid-&hSoB-Drl(JxhxzJJ)=y@5E{MDvQci<{oM zSF7`i)9{~_Dv)Irw8aVVvI^6yg#Md0*rZK%bY`^Zzq+YUqS*;W5%)k#5vK_B)`?dS zan&!f(b$I7?t z>Ice8+Q#qthAb6HgKhwR+h}VOv`Bmp!IDu8(`4Gh=ZaUFNmrdZcS0IAId}waHd3ti zb+zVF_7P}JRWeN;Pv6mIPj*1M?BAX#iFJ7bzj?U(HUc`)Dh-&SFC)jUTz8#5iyr(xU?b6Vm?w3 zK6>wTLTTx*@yqdCT@Agg>Maq}hZcq7$3F@P(Ck)$`L;$Rqji!T6Fv1adFm}rdddXl zcFzmWn#^?L(6!Dfq-kjqqRVxV{6l6P$(0^h;6gmz6wHza!pMlt;y!XTZ^ixZc@W0u zqg0g2$lc)7&-GX4sg2yKY$&s}VYb*<0nK{9NC2;6rudN~>pkg%IWgnUPp`VZq20VP zGiZI$?z!T+lmJ=WP_ui3SnVP%8M1MwlH_a)k+~;g==uDpO~yCx5Glfgmo93o%FSu& z!f@_nhR0^aD@|9k)U$;q3Y3E;qTc@~KS>Gip-N7-vgXI~>`lEm({A15Ymj<+itN55 z!zX&wW$D<$)0ZAkur7J$VADv1=-a9JQZIp#OGnSv+8X%{Tyef$fwEqNgp`%8_RU&~ zb)&JTK3GKUoM>|-|IMCW!*)@9wTWd3on(f?oa>a_Q-Q0uDg8>m3uOCeO$jUqd@V@D zKmSrdZ;QZzJ*PB)Go>WNruuYsIHyMuPr67i>>TD(_$j7QbsA)vOm^Gqlk|0>zTRg{ z9VTO=X?t-vH`kw&!)Rrm`tMQPiT|ECoq)DT{08^xbram9p+qGm@?*N;<3&m}Vk>CJ zBZa#pEUhC5D9p>_pf0J?h?VSPvHRye58(uzQwt8WA{mFc_G3EEAEI{fGU??Z#<>#v?XaX^;{&Bu zqJCO4Uusou-RGq;n$BjlY0{_`v6)iqAs&wFJ=Lau=cfF4v*SPF31b(85b2t&94NbDXk@i>L6qb`J567c8R8U#me@Z3alT^4_%pn`c|rZqhg=CP1!>rEoOcz zy__xxb|6vGXu7{}X?NlD5(6z>2b-DF+>r+wPc%y!R?z!1-Ig~KXSC!bX-N%X;Ao#~ z39Yu56j~mLCKzH|lNKfLLbMFEa7drLE)BD#ycKV+8_RlEA;Y^E_G zxpr~OW79ev%N@Uj@frM^HLUGh_oNXFHeE1j;5R~d_$6`E+5Cj$3|)NO;<4f?ts9GK z75)07Ie+QW3vjfN^nIC3JVP~RmNmNUT2>^kQn5k!X&cpqLnHChqJK=a!Se)|j5Vdk z-36RKdKx7j7e8x8)w;$MEK zsxw~gs?9Vp5!yNxf^Le*T>EXYwO)Z1j&unwo^CBK0g)7!jp>YOMiD}zV@u5|NLpI# zUibdddCR3!2=;1qnMiZ_CkuYRWUbVg5Ol}ugEW7B=DnN+#1dMio_E3nSt z;d{!d%R^=O8^zCxmMxKP^nCZISumBk zk(@pe(?;6Z1;113p7FUBuUEoHE%F>fD?yzd+6yjij@iS0X9mPqDjaA!mgW?}73L4e zGR84X#4llQ4|t%j#^CvaDJ8zwg++Pfi{H|i)-&g21D75)=fUtwl||tfFsCOs55ABs zL6fy|7O)c%-L0Qf?CB)Bggdo-_kA5Va^$$Hg-9SOHrH5H=LvTSj}CB}aB~~o)L;?0 z(7{Wn9m1S`h;cUzMG-C{?cGzH)_X&F0PUkHJ;kZk1#k`28@Q z^Qds-fc=jFRuB$)nH(qA{u3i+aNsk+8u$9BXYP*CyNcPCEoX%nL)e<-CQK)OBr5g1 zwm;MGZCEqXUQTL0>DhzbaMZbfdZLaz?S&7SKlY&-nlBx4{$bz|bz4UVcY*k|dv8yb zN8z>XfHunej$G&HAD_RVB%2GKX|QB_TPc-~IpV6d`E)QO>Zy_+SZhKT&tLoJ)5L_T zd@2mHM~*o|MbYnTDo#mTXZ+qHp0VBj?y<46M@%ya;E? zx3PH+`6o;4UKnfKFB|shwxc6NNMTnZA{^+5^&E1oDGE*IDlo7HC?APT0@ji^oJcu8p~G)%kO)^dzLa4fI=;&XC2I{hb6E0GKg*mcK4~KyNV+@(a+lLRKNL!3XUa}8dplsj!Rr}T%>Yx^jer}-@6W~*0tDS=?a515iZ^Y6Lnj`11w%8 zqxMn8k`a-`dG1H=>t!ls?H!yp{i-j+6)KA}5&`Ko?k9u0wC3pLcN&pQW>`1&)tXTO zPr55YIXr-4U_3E7`kNk3z+v?id+mpRMM_Tz@g?2sEypGfK$ zxj2)t#)*Dc?={1h-nRO~YBKP^eK>3@e9g9QtARNnCJ<}VI$@>V*KxeiHo}QX z!CfQ_J$=57f{to4oNjCHtS{b%f8IQ6U(>(EKNPtoFUTxglRIR`lPc|U_?0s>!;Ry|TsJPBX#s->PW?L~+j_!m1xG!S163wQ6RCVv&BlEsn(j2M$dhhQ`u6T5H zP~anb`clr7oUTBY&P{-+Z|i0Wi;I#WyP+r7gU+8i z;Xnl=7Ubr0Xx(T($k0ueP4}!|D|)tH!?m@qYykn|Sz@}ETg-C-Zunc67`$(BURwe5 zlWB_a>1k)%G_q-rOv&ZhC<8HG2Hagla0hC{9j@k{QYwLveTP9vHx=xnx zL+lJRQ!@45-6FeQkXESs{^Uw~-j!Q5?(o=a!fK9J&fckb?C8Z_uWWgoxcaCLZkI1= zdJ5z5v~5q4AKp`h4d!J(b@}(EjEZP_Jf`eWe%>u7DIzO-G*h-4*gE{Iqi6rwk2aG| z5>;_8!-V+WNw|ZfOg7DVd`&ERaaQJ#5#44~{-cxH%4BXXQq5JGs>5(LOWLr#>xxLx zir>Dv#LL%;#W|V%oBI^y=${u_KBf{xcg_-9r+tnl8Zj3vZmC(FWgiEzm7~KyuI-Tz z9D~`8KM|BWi=W~XkamI}r4`>~@+k$?j2UT*vVV3YTDHWVyty9}*?XDITwss#nMkuq z){na5i-}g9UrU^voFv)i-DQUw`u1=4~R`%5*s9r@{4cASNL-Fj&j}X8e^1Et@Yb|6%3rbc>Tj!_+*!_fz4&`3axhbKmUi&( znb?{3)Ma*m&vY5gH1nuH?)OaBNKm;MuD@5%A6vF@>y{?-uSI?X27S^m`FmDbtV|;p zat_j8YjF<@%5IVNd)7?vejdq?*neLN4&HlgS?Oznzu!v6!#m5A3~dj78}=A0GyQVX z?^pZq7SkRiCIOsE zYjd%`t$To#*|=jJ$NFnjUT`Rlb#VONWU*k-g)vT*-=l&v2_C8S+jI^vXct^3>G!Cd zOnc^x#lKD01Uom@94`2KRGmA^2#Dct(+j{J`hRypjxLUKW{W{1_}^Xt|J;{Xl`E2c H`ucwXMWK|_ literal 0 HcmV?d00001 diff --git a/index.html b/index.html new file mode 100644 index 0000000..e3528b9 --- /dev/null +++ b/index.html @@ -0,0 +1,16 @@ +Virtualzone Blog

      Seatsurfing

      Seatsurfing

      Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

      Visit seatsurfing.app +

      Compose Updater

      Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

      GitHub Project +

      OneDrive Uploader

      Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)

      GitHub Project +

      USG Blacklist

      Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

      GitHub Project +

      Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

      I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

      September 3, 2021 · 1 min · 118 words · Heiner

      Back up server to OneDrive’s special App Folder

      I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

      September 2, 2021 · 4 min · 682 words · Heiner

      Unifi USG: Multiple IP addresses on PPPoE

      My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

      August 16, 2021 · 2 min · 353 words · Heiner

      Raspberry Pi OS: Remove unnecessary packages

      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....

      June 7, 2020 · 1 min · 126 words · Heiner

      Analyze Traefik access log using InfluxDB and Grafana

      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....

      June 3, 2020 · 2 min · 397 words · Heiner

      Export trainings from Endomondo as GPX files

      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....

      June 1, 2020 · 2 min · 323 words · Heiner

      Native USB boot for Raspberry Pi 4

      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....

      May 28, 2020 · 2 min · 416 words · Heiner

      Build Multi-Arch images on Docker Hub (Part 2)

      Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

      May 16, 2020 · 3 min · 443 words · Heiner

      Build Multi-Arch images on Docker Hub (Part 1)

      Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

      May 15, 2020 · 3 min · 502 words · Heiner

      How to let Jenkins build Docker images

      If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

      June 11, 2017 · 2 min · 370 words · Heiner
      \ No newline at end of file diff --git a/index.xml b/index.xml new file mode 100644 index 0000000..0566526 --- /dev/null +++ b/index.xml @@ -0,0 +1,234 @@ + + + + Virtualzone Blog + https://virtualzone.de/ + Recent content on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Fri, 03 Sep 2021 11:30:03 +0000 + + Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing + https://virtualzone.de/posts/k3s-glusterfs/ + Fri, 03 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/k3s-glusterfs/ + I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. + + + + Back up server to OneDrive’s special App Folder + https://virtualzone.de/posts/onedrive-upload-backup/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/onedrive-upload-backup/ + I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. + + + + Unifi USG: Multiple IP addresses on PPPoE + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + Mon, 16 Aug 2021 11:30:03 +0000 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE. + + + + Raspberry Pi OS: Remove unnecessary packages + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Sun, 07 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager. + + + + Analyze Traefik access log using InfluxDB and Grafana + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Wed, 03 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT. + + + + Export trainings from Endomondo as GPX files + https://virtualzone.de/posts/endomono-export-gpx/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/endomono-export-gpx/ + Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. + + + + Native USB boot for Raspberry Pi 4 + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Thu, 28 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. + + + + Build Multi-Arch images on Docker Hub (Part 2) + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Sat, 16 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. + + + + Build Multi-Arch images on Docker Hub (Part 1) + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Fri, 15 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. + + + + How to let Jenkins build Docker images + https://virtualzone.de/posts/jenkins-build-docker-images/ + Sun, 11 Jun 2017 11:30:03 +0000 + + https://virtualzone.de/posts/jenkins-build-docker-images/ + If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. + + + + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. + + + + Creating an encrypted file container on macOS + https://virtualzone.de/posts/encrypted-file-container-macos/ + Tue, 06 Dec 2016 11:30:03 +0000 + + https://virtualzone.de/posts/encrypted-file-container-macos/ + Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. + + + + UptimeRobot: A nice free website monitoring service + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Mon, 05 Sep 2016 11:30:03 +0000 + + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). + + + + Fix Docker not using /etc/hosts on MacOS + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. + + + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. + + + + How to reduce PDF file size in Linux - Part 2 + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: + + + + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. + + + + How to reduce PDF file size in Linux + https://virtualzone.de/posts/reduce-pdf-file-size/ + Wed, 21 Nov 2012 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. + + + + Determining a location’s federal state using Google Maps API + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + Fri, 10 Aug 2012 11:30:03 +0000 + + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). + + + + Contact + https://virtualzone.de/contact/ + Mon, 01 Jan 0001 00:00:00 +0000 + + https://virtualzone.de/contact/ + Heiner Beck +Wilhelm-Busch-Str. 59 +60431 Frankfurt am Main +Germany +Email: mail@virtualzone.de +Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. + + + + Privacy Policy + https://virtualzone.de/privacy-policy/ + Mon, 01 Jan 0001 00:00:00 +0000 + + https://virtualzone.de/privacy-policy/ + We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have. +Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible. +Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties. + + + + diff --git a/page/1/index.html b/page/1/index.html new file mode 100644 index 0000000..a59d8dc --- /dev/null +++ b/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/ \ No newline at end of file diff --git a/page/2/index.html b/page/2/index.html new file mode 100644 index 0000000..5a05063 --- /dev/null +++ b/page/2/index.html @@ -0,0 +1,13 @@ +Virtualzone Blog

      Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

      I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: '2' services: webfrontend: container_name: webfrontend [....

      February 11, 2017 · 2 min · 287 words · Heiner

      Creating an encrypted file container on macOS

      Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

      December 6, 2016 · 2 min · 356 words · Heiner

      UptimeRobot: A nice free website monitoring service

      Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

      September 5, 2016 · 1 min · 120 words · Heiner

      Fix Docker not using /etc/hosts on MacOS

      On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

      August 28, 2016 · 1 min · 163 words · Heiner

      From FHEM to OpenHAB with Homegear: Installation/Docker container

      For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

      August 28, 2016 · 6 min · 1084 words · Heiner

      How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

      Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

      August 27, 2016 · 2 min · 255 words · Heiner

      How to reduce PDF file size in Linux - Part 2

      Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

      August 15, 2015 · 1 min · 75 words · Heiner

      How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

      IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

      November 20, 2014 · 2 min · 372 words · Heiner

      How to reduce PDF file size in Linux

      Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

      November 21, 2012 · 1 min · 98 words · Heiner

      Determining a location’s federal state using Google Maps API

      If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

      August 10, 2012 · 1 min · 162 words · Heiner
      \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html new file mode 100644 index 0000000..1cbd18a --- /dev/null +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -0,0 +1,69 @@ +Determining a location’s federal state using Google Maps API | Virtualzone Blog +
      Home » Posts

      Determining a location’s federal state using Google Maps API

      August 10, 2012 · 1 min · 162 words · Heiner

      If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:

      function log(s) {
+    $('#sysout').append(document.createTextNode(s + 'n'));
+}
+
+function getResult(results) {
+    for (var i=0; i -1) {
+            return result['address_components'][j]['short_name'];
+        }
+    }
+    return '';
+}
+
+function getCountry(result) {
+    return extractFirst(result, 'country');
+}
+
+function getFederalState(result) {
+    return extractFirst(result, 'administrative_area_level_1');
+}
+
+function searchLocation() {
+    $('#sysout').empty();
+
+    var location = $('#location').val();
+    var geocoder;
+
+    log('Looking up "' + location + '"');
+
+    geocoder = new google.maps.Geocoder();
+    geocoder.geocode({'address': location}, function(results, status) {
+        if (status != google.maps.GeocoderStatus.OK) {
+            log('error: ' + status);
+            return;
+        }
+        if (results.length == 0) {
+            log('no result');
+            return;
+        }
+
+        log('Resolved to ' + results[0]['formatted_address']);
+
+        var latlng = results[0]['geometry']['location'];
+            geocoder.geocode({'latLng': latlng}, function(results, status) {
+            if (status != google.maps.GeocoderStatus.OK) {
+                log('error: ' + status);
+                return;
+            }
+            var desiredResult = getResult(results);
+            if (desiredResult) {
+                log('Federal State: ' + getFederalState(desiredResult));
+            }
+        });
+    });
+
+    return false;
+}
+
+$(document).bind('ready', function() {
+    new google.maps.places.Autocomplete(document.getElementById('location'), {});
+    $('#form').submit(searchLocation);
+});
+
      \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html new file mode 100644 index 0000000..800e55b --- /dev/null +++ b/posts/encrypted-file-container-macos/index.html @@ -0,0 +1,6 @@ +Creating an encrypted file container on macOS | Virtualzone Blog +
      Home » Posts

      Creating an encrypted file container on macOS

      December 6, 2016 · 2 min · 356 words · Heiner

      Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

      These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

      To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

      Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

      Choose an appropriate name for your image and select the following settings:

      • Save as: The filename of your encrypted DMG file.
      • Name: A name shown when your DMG file is mounted.
      • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
      • Format: Choose “Mac OS Extended (Journaled)”.
      • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
      • Partitions: Choose “Single Partition – Apple Partition Map”.
      • Image Format: Choose “read/write disk image”.

      Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

      \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html new file mode 100644 index 0000000..a35662c --- /dev/null +++ b/posts/endomono-export-gpx/index.html @@ -0,0 +1,20 @@ +Export trainings from Endomondo as GPX files | Virtualzone Blog +
      Home » Posts

      Export trainings from Endomondo as GPX files

      June 1, 2020 · 2 min · 323 words · Heiner

      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.

      Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. Doch die Antwort ist erstmal nicht so toll: Man kann über die Endomondo-Website die Trainings jeweils einzeln als GXP-Datei exportieren.

      Gut: GPX (GPS Exchange Format) ist ein Standard-Datei-Format zum Austausch von GPS-Koordinaten. Aus den Wegpunkten zusammen mit weiteren Metadaten (z.B. Datum, Sportart) kann jedes Deiner Trainings rekonstruiert werden.

      Weniger gut: Ich habe mehr als 1.000 Trainings aus den letzten Jahren und wenig Motivation, mich einzeln durch diese hindurch zu klicken.

      Im Modul-Repository für Node.JS, npmjs.com, gibt es jedoch das Modul endomondo-api-handler. Mit diesem ist mit wenig Aufwand das Suchen, Auswählen und Herunterladen von Trainings möglich:

      await api.processWorkouts(filter, async (workout) => {
+  if (workout.hasGPSData()) {
+    let filename = getFilename(workout);
+    let gpx = await api.getWorkoutGpx(workout.getId());
+    fs.writeFileSync(filename, gpx, 'utf8');
+  }
+});
+

      Ich habe das Ganze mit ein bisschen “Drumherum” in ein kleines Node.JS Programm gepackt, das Du in meinem GitHub-Account findest. Mit diesem kannst Du ganz einfach Deine Trainings als GPX aus Endomondo exportieren:

      ./index.js --username=... --password=... --year=2019 --month=11 --dir=/home/john/trainings
+

      Die Voraussetzung ist, dass Node.JS auf Deinem Computer installiert ist. Danach kannst Du mittels Git den Code aus meinem GitHub-Repository auschecken und den oben genannten Befehl zum Speichern Deiner Trainings ausführen:

      git clone https://github.com/virtualzone/endomondo-exporter.git
+cd endomondo-exporter
+npm install
+

      Der Import der GPX-Dateien bei Strava ist relativ einfach, da man bis zu 25 Dateien gleichzeitig hochladen kann. Scheinbar gibt es aber ein Rate-Limit – nach einigen Imports wurde mit einem Server Fehler geantwortet. Nach kurzer Wartezeit ging es dann aber jeweils wieder.

      \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html new file mode 100644 index 0000000..0bf10ab --- /dev/null +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -0,0 +1,16 @@ +Fix Docker not using /etc/hosts on MacOS | Virtualzone Blog +
      Home » Posts

      Fix Docker not using /etc/hosts on MacOS

      August 28, 2016 · 1 min · 163 words · Heiner

      On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.

      When I executed “docker push” for example, this resulted in “no such hosts” errors:

      Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host
+

      On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. To fix it, get into the running Docker Host:

      screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
+

      This took a while on my machine, I needed to press Ctrl+C for the login prompt to show up. Log in with “root” (no password required).

      Edit the /etc/hosts file in the Docker Host using vi:

      vi /etc/hosts
+

      Note: Insert after pressing “i”, save by pressing Escape and then type “:wq” .

      Restart the Docker Daemon with:

      service docker restart
+

      Detach from the screen session by pressing Ctrl+A, then press D.

      Docker should now use the correct /etc/hosts entries.

      \ No newline at end of file diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html new file mode 100644 index 0000000..974b407 --- /dev/null +++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -0,0 +1,66 @@ +From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog +
      Home » Posts

      From FHEM to OpenHAB with Homegear: Installation/Docker container

      August 28, 2016 · 6 min · 1084 words · Heiner

      For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.

      If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.

      OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.

      To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.

      Option 1: Using Docker Compose

      There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.

      1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
      2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
      3. Create a directory for your OpenHAB setup, such as:
      mkdir -p /docker/containers/openhab
+
      1. Create a docker-compose.yml file in this directory with the following content:
      version: '2'
+services:
+  openhab:
+    image: openhab/openhab:amd64-online
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/docker/storage/openhab/conf:/openhab/conf"
+      - "/docker/storage/openhab/userdata:/openhab/userdata"
+    ports:
+      - "8080:8080"
+    depends_on:
+      - homegear
+    links:
+      - homegear
+  homegear:
+    image: virtualzone/homegear
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/docker/storage/homegear/homematicbidcos.conf:/etc/homegear/families/homematicbidcos.conf"
+      - "/docker/storage/homegear/sql.db:/var/lib/homegear/db.sql"
+

      This defines two containers: One for OpenHAB and one for Homegear. The OpenHAB container depends on Homegear (“depends_on”), so Docker Compose makes sure that Homegear is started before OpenHAB. Check the paths of the volumes. They’re probably different on your system.

      1. Start up this composition by executing this command from the directory created above:
      docker-compose up -d
+

      The -d flag means “detached”, which makes the two docker containers run in the background. Skip this option if you want to see what’s going on.

      1. Check if everything is fine:
      docker-compose logs
+

      Option 2: Docker without Compose

      This option is similar to option 1. However, you’ll have to start the two Docker Containers separately and manually, making sure that Homegear if started before OpenHAB.

      1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
      2. Launch Homegear with the following command. You may want to copy the command to an executable shell file, so it’s handier to re-execute it later:
      docker run \
+        --name homegear \
+        -v /etc/localtime:/etc/localtime:ro \
+        -v /etc/timezone:/etc/timezone:ro \
+        -v /docker/storage/homegear/homematicbidcos.conf:/etc/homegear/families/homematicbidcos.conf \
+        -v /docker/storage/homegear/sql.db:/var/lib/homegear/db.sql \
+        -d \
+        --restart=always \
+        virtualzone/homegear
+
      1. Launch OpenHAB with the following command:
      docker run \
+        --name openhab \
+        -v /etc/localtime:/etc/localtime:ro \
+        -v /etc/timezone:/etc/timezone:ro \
+        -v /docker/storage/openhab/conf:/openhab/conf \
+        -v /docker/storage/openhab/userdata:/openhab/userdata \
+        -p 8080:8080 \
+        --link homegear:homegear \
+        -d \
+        --restart=always \
+        openhab/openhab:amd64-online
+
      1. Check if both containers are running:
      docker ps
+docker logs homegear
+docker exec homegear tail -n 100 /var/log/homegear/homegear.err
+docker exec homegear tail -n 100 /var/log/homegear/homegear.log
+docker logs openhab
+

      Option 3: Installation without Docker

      If you’re not comfortable with Docker, please refer to the download page of Homegear and the install guides for OpenHAB.

      Configuring Homegear

      Please note that if you’re running FHEM, you’ll have to stop it first. You can’t make two applications connect to the same HomeMatic I/O device (such as the HM-CFG-LAN). As of version 0.6, the HomeMatic configuration of Homegear is not in /etc/homegear/physicalinterfaces.conf anymore. Instead it’s in: /etc/homegear/families/homematicbidcos.conf If you’re using Docker, you’ll have to edit the file in the corresponding path of your host system (such as /docker/storage/homegear/homematicbidcos.conf). My homematicbidcos.conf looks like this:

      [HomeMaticBidCoS]
+id = KEQ....
+## Options: cul, cc1100, coc, cuno, hmcfglan, hmlgw
+deviceType = hmcfglan
+host = 192.168.xxx.xxx
+port = 1000
+# lanKey = xxxxxxx
+rfKey = xxxx
+currentRFKeyIndex = 1
+responseDelay = 60
+

      Some explanations:

      • id: The ID printed on the back side of your BidCoS I/O device.
      • deviceType: The device type of your BidCoS device (cul, cc1100, coc, cuno, hmcfglan, hmlgw).
      • host: The IP address of your I/O interface.
      • port: Usually 1000, you probably don’t need to change this.
      • lanKey: The AES key used for the communication between Homegear and your I/O interface (for securing the LAN connection). If you’ve been using FHEM before, you’ve probably disabled AES encryption using HomeMatic’s configuration utility, as FHEM doesn’t support encryption. You should add AES encryption later. For a quick start, comment out this line.
      • rfKey: A random key used for securing the connection between Homegear and the HomeMatic devices (sensors, actors, etc.). You should note it down somewhere, because if you lose it, you’ll have to re-pair all your devices.

      After saving the configuration file, you’ll have to restart the Homegear daemon or the Docker Container running Homegear. Take a look at the logs in /var/log/homegear/homegear.log to find out if Homegear successfully connects to the BidCoS device.

      Connecting OpenHAB to Homegear

      • Browse to OpenHAB’s web interface at port 8080 (such as http://localhost:8080).
      • Select the Paper UI (this one is new in OpenHAB 2).
      • Go to “Extensions” and install “HomeMatic Binding”.
      • Go to “Configuration” -> “Things”. Two new things should be detected automatically: “Homegear” and “GATEWAY-EXTRAS”. Add both of them. They should be indicated as “ONLINE” afterwards.

      That’s it – for now…

      Congratulations: You’ve mastered the essential steps of setting up OpenHAB for your HomeMatic based smart home! Next time, I’ll write about adding HomeMatic devices to OpenHAB using Homegear.

      \ No newline at end of file diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html new file mode 100644 index 0000000..afc90d1 --- /dev/null +++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html @@ -0,0 +1,14 @@ +How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog +
      Home » Posts

      How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

      August 27, 2016 · 2 min · 255 words · Heiner

      Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.

      The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.

      This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:

      Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:

      proxy_set_header X-Forwarded-Host $host;
+proxy_set_header X-Forwarded-Server $host;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header Host $host;
+
      • Install and activate the SSL Insecure Content Fixer plugin in your WordPress installation’s admin panel.
      • Navigate to Settings -> SSL Insecure Content.
      • Set “HTTPS detection” to “HTTP_X_FORWARDED_PROTO (e.g. load balancer, reverse proxy, NginX)”.
      • Navigate to Settings -> General.
      • Set the “WordPress Address (URL)” and “Site Address (URL)” to your new HTTPS address.
      • Check if everything is working as expected.
      \ No newline at end of file diff --git a/posts/index.html b/posts/index.html new file mode 100644 index 0000000..e443ae4 --- /dev/null +++ b/posts/index.html @@ -0,0 +1,13 @@ +Posts | Virtualzone Blog
      Home

      Posts +

      Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

      I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

      September 3, 2021 · 1 min · 118 words · Heiner

      Back up server to OneDrive’s special App Folder

      I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

      September 2, 2021 · 4 min · 682 words · Heiner

      Unifi USG: Multiple IP addresses on PPPoE

      My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

      August 16, 2021 · 2 min · 353 words · Heiner

      Raspberry Pi OS: Remove unnecessary packages

      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....

      June 7, 2020 · 1 min · 126 words · Heiner

      Analyze Traefik access log using InfluxDB and Grafana

      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....

      June 3, 2020 · 2 min · 397 words · Heiner

      Export trainings from Endomondo as GPX files

      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....

      June 1, 2020 · 2 min · 323 words · Heiner

      Native USB boot for Raspberry Pi 4

      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....

      May 28, 2020 · 2 min · 416 words · Heiner

      Build Multi-Arch images on Docker Hub (Part 2)

      Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

      May 16, 2020 · 3 min · 443 words · Heiner

      Build Multi-Arch images on Docker Hub (Part 1)

      Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

      May 15, 2020 · 3 min · 502 words · Heiner

      How to let Jenkins build Docker images

      If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

      June 11, 2017 · 2 min · 370 words · Heiner
      \ No newline at end of file diff --git a/posts/index.xml b/posts/index.xml new file mode 100644 index 0000000..2c1c586 --- /dev/null +++ b/posts/index.xml @@ -0,0 +1,209 @@ + + + + Posts on Virtualzone Blog + https://virtualzone.de/posts/ + Recent content in Posts on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Fri, 03 Sep 2021 11:30:03 +0000 + + Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing + https://virtualzone.de/posts/k3s-glusterfs/ + Fri, 03 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/k3s-glusterfs/ + I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. + + + + Back up server to OneDrive’s special App Folder + https://virtualzone.de/posts/onedrive-upload-backup/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/onedrive-upload-backup/ + I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. + + + + Unifi USG: Multiple IP addresses on PPPoE + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + Mon, 16 Aug 2021 11:30:03 +0000 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE. + + + + Raspberry Pi OS: Remove unnecessary packages + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Sun, 07 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager. + + + + Analyze Traefik access log using InfluxDB and Grafana + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Wed, 03 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT. + + + + Export trainings from Endomondo as GPX files + https://virtualzone.de/posts/endomono-export-gpx/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/endomono-export-gpx/ + Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. + + + + Native USB boot for Raspberry Pi 4 + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Thu, 28 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. + + + + Build Multi-Arch images on Docker Hub (Part 2) + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Sat, 16 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. + + + + Build Multi-Arch images on Docker Hub (Part 1) + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Fri, 15 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. + + + + How to let Jenkins build Docker images + https://virtualzone.de/posts/jenkins-build-docker-images/ + Sun, 11 Jun 2017 11:30:03 +0000 + + https://virtualzone.de/posts/jenkins-build-docker-images/ + If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. + + + + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. + + + + Creating an encrypted file container on macOS + https://virtualzone.de/posts/encrypted-file-container-macos/ + Tue, 06 Dec 2016 11:30:03 +0000 + + https://virtualzone.de/posts/encrypted-file-container-macos/ + Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. + + + + UptimeRobot: A nice free website monitoring service + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Mon, 05 Sep 2016 11:30:03 +0000 + + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). + + + + Fix Docker not using /etc/hosts on MacOS + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. + + + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. + + + + How to reduce PDF file size in Linux - Part 2 + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: + + + + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. + + + + How to reduce PDF file size in Linux + https://virtualzone.de/posts/reduce-pdf-file-size/ + Wed, 21 Nov 2012 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. + + + + Determining a location’s federal state using Google Maps API + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + Fri, 10 Aug 2012 11:30:03 +0000 + + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). + + + + diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html new file mode 100644 index 0000000..02b7a62 --- /dev/null +++ b/posts/ipv6-on-a-sonicwall/index.html @@ -0,0 +1,7 @@ +How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog +
      Home » Posts

      How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

      November 20, 2014 · 2 min · 372 words · Heiner

      IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.

      The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.

      1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).

      2. Go to Network -> Interfaces and select to view IPv6.

      • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
      • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
      • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
      • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.

      1. Go to Network -> Address Objects and select to view IPv6. +Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.

      2. Go to Network -> NAT Policies and select to view IPv6.

      • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
      • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
      1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
      \ No newline at end of file diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html new file mode 100644 index 0000000..72879ff --- /dev/null +++ b/posts/jenkins-build-docker-images/index.html @@ -0,0 +1,27 @@ +How to let Jenkins build Docker images | Virtualzone Blog +
      Home » Posts

      How to let Jenkins build Docker images

      June 11, 2017 · 2 min · 370 words · Heiner

      If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.

      So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.

      To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:

      FROM jenkins:alpine
+USER root
+RUN apk update && \
+    apk add docker sudo
+RUN echo "jenkins ALL=NOPASSWD: ALL" >> /etc/sudoers
+USER jenkins
+

      The user-switching is necessary to make sure that the package installation is performed as root (not as jenkins). Next, we update Alpine’s package repository and then install docker and sudo from Alpine’s official repository. sudo is required if your Docker host is configured to restrict Docker usage to specific users. After installing the packages, we allow the jenkins user to run sudo commands without password.

      I’m using docker-compose to start my Jenkins container:

      version: '2'
+services:
+  jenkins:
+    build: /docker/git/docker-jenkins
+    volumes:
+      - "/docker/storage/jenkins:/var/jenkins_home"
+      - "/var/run/docker.sock:/var/run/docker.sock"
+

      The build line specifies the folder to your recently created Dockerfile. I mount two volumes here:

      • The first one specifies where Jenkins stores its files.
      • The second mounts the docker.sock file. This is the key here. It allows the Docker executable in the Jenkins container to communicate with the Docker daemon running on the host.

      After starting your Jenkins docker container (using “docker-compose up -d”), browse to your Jenkins URL and configure the job that’s to build a Docker image automatically.

      Add “Execute Shell” to your “Build Steps”. Mine looks like:

      sudo docker build -t docker_hub_username/image_name:latest . && \
+sudo docker login -u docker_hub_username -p docker_hub_password && \
+sudo docker push docker_hub_username/image_name:latest
+

      These lines build the Docker image, log in to Docker Hub and push the recently built image.

      Update:

      If you want to use docker-compose from your Jenkins Docker container as well, add these lines to your Dockerfile:

      RUN apk add py-pip
+RUN pip install docker-compose
+
      \ No newline at end of file diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html new file mode 100644 index 0000000..93207be --- /dev/null +++ b/posts/k3s-glusterfs/index.html @@ -0,0 +1,5 @@ +Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog +
      Home » Posts

      Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

      September 3, 2021 · 1 min · 118 words · Heiner

      I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

      Read the tutorial in Hetzner’s Online Community.

      \ No newline at end of file diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html new file mode 100644 index 0000000..5696e69 --- /dev/null +++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -0,0 +1,53 @@ +Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone Blog +
      Home » Posts

      Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

      February 11, 2017 · 2 min · 287 words · Heiner

      I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.

      First, I’ve added two new volumes to my web-front-end’s Docker Compose File:

      version: '2'
+services:
+  webfrontend:
+    container_name: webfrontend
+    [...]
+    volumes:
+      - "/etc/localtime:/etc/localtime:ro"
+      - "/etc/timezone:/etc/timezone:ro"
+      - "/docker/storage/webfrontend/letsencrypt/www:/var/www/letsencrypt"
+      - "/docker/storage/webfrontend/letsencrypt/etc:/etc/letsencrypt"
+

      Next, I’ve added the following location block to each of my virtual hosts:

      location /.well-known/ {
+    alias /var/www/letsencrypt/;
+}
+

      I’m using the palobo/certbot Docker Image to create the certificates, using this shell script:

      #!/bin/sh
+
+docker pull palobo/certbot
+
+GetCert() {
+        docker run -it \
+                --rm \
+                -v /docker/storage/webfrontend/letsencrypt/etc:/etc/letsencrypt \
+                -v /docker/storage/webfrontend/letsencrypt/lib:/var/lib/letsencrypt \
+                -v /docker/storage/webfrontend/letsencrypt/www:/var/www/.well-known \
+                palobo/certbot -t certonly --webroot -w /var/www \
+                --keep-until-expiring \
+                $@
+}
+
+echo "Getting certificates..."
+GetCert -d www.mydomain.com -d mydomain.com
+GetCert -d somedomain.net
+
+echo "Restarting Web Frontend..."
+cd /docker/containers/webfrontend
+docker-compose down
+docker-compose up -d
+cd -
+
+echo "Done"
+

      The script starts CertBot in a Docker Container for each requested certificate. Because the /etc/letsencrypt and the /var/www/.well-known directory is also used by my NGINX front-end Container (see above), these steps can be performed by the script:

      1. Using the webroot plugin, a random file is created under the /.well-known/acme-challenge/ directory.
      2. Let’s Encrypt can access and verify this file as the folder is aliased using the Location blocks in the NGINX config.
      3. The generated private key and public certificate is placed in /etc/letsencrypt/, which is in turn a volume for the NGINX web-frontend.

      You can use the generated certificates by adding these two lines to your NGINX vhost config:

      ssl_certificate     /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
+
      \ No newline at end of file diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html new file mode 100644 index 0000000..5e5bddf --- /dev/null +++ b/posts/multi-arch-docker-images-1/index.html @@ -0,0 +1,65 @@ +Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog +
      Home » Posts

      Build Multi-Arch images on Docker Hub (Part 1)

      May 15, 2020 · 3 min · 502 words · Heiner

      Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.

      Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:

      FROM amd64/alpine:3.11
+...
+

      Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.

      Dockerfile.arm32v6 für ARM32V6:

      FROM alpine:3.11 AS qemu
+RUN apk --update add --no-cache curl
+RUN cd /tmp && \
+curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
+
+FROM arm32v6/alpine:3.11
+COPY --from=qemu /tmp/qemu-arm-static /usr/bin/
+...
+

      Dockerfile.arm36v7 für ARM32V7:

      FROM alpine:3.11 AS qemu
+RUN apk --update add --no-cache curl
+RUN cd /tmp && \
+curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-arm.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-arm/qemu-arm-static .
+
+FROM arm32v7/alpine:3.11
+COPY --from=qemu /tmp/qemu-arm-static /usr/bin/
+...
+

      Dockerfile.arm64v8 für ARM64V8:

      FROM alpine:3.11 AS qemu
+RUN apk --update add --no-cache curl
+RUN cd /tmp && \
+curl -L https://github.com/balena-io/qemu/releases/download/v3.0.0%2Bresin/qemu-3.0.0+resin-aarch64.tar.gz | tar zxvf - -C . && mv qemu-3.0.0+resin-aarch64/qemu-aarch64-static .
+
+FROM arm64v8/alpine:3.11
+COPY --from=qemu /tmp/qemu-aarch64-static /usr/bin/
+...
+

      Zusätzlich wird legt Ihr eine Datei Namens “multi-arch-manifest.yaml” an. In dieser wird angegeben, welches Image welcher Architektur zugeordnet wird. Die nach den obigem Schema mit QEMU gebauten Image sind nämlich zunächst als AMD64-Architektur gelistet, was natürlich nicht stimmt. Durch das Docker-Manifest kann das angepasst werden. Hier am Beispiel meines virtualzone/compose-updater Image, den Namen müsst Ihr natürlich anpassen:

      image: virtualzone/compose-updater:latest
+manifests:
+  - image: virtualzone/compose-updater:amd64
+    platform:
+      architecture: amd64
+      os: linux
+  - image: virtualzone/compose-updater:arm32v6
+    platform:
+      architecture: arm
+      os: linux
+      variant: v6
+  - image: virtualzone/compose-updater:arm32v7
+    platform:
+      architecture: arm
+      os: linux
+      variant: v7
+  - image: virtualzone/compose-updater:arm64v8
+     platform:
+       architecture: arm64
+       os: linux
+       variant: v8
+

      Nun fehlen nun noch die Hooks. Diese werden von der Docker Registry vor bzw. nach den entsprechenden Build-Schritten aufgerufen. Wir benötigen Post-Push- und Pre-Build-Hook.

      Der Pre-Build-Hook wird von der Registry vor dem Bauen eines Image aufgerufen. Hier müssen wir QEMU laden und ausführen. Der Dateiname muss “pre_build” lauten und chmod 755 haben:

      #!/bin/bash
+
+BUILD_ARCH=$(echo "${DOCKERFILE_PATH}" | cut -d '.' -f 2)
+
+[ "${BUILD_ARCH}" == "Dockerfile" ] && \
+{ echo 'qemu-user-static: Registration not required for current arch'; exit 0; }
+
+docker run --rm --privileged multiarch/qemu-user-static:register --reset
+

      Der Post-Push-Hook wird von der Registry aufgerufen, sobald ein Image fertig gebaut ist und ins Repository gepusht wurde. Hier muss das Manifest-Tool von Docker installiert und anschließend ausgeführt werden. Der Dateiname muss “post_push” lauten und chmod 755 haben:

      #!/bin/bash
+curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.0/manifest-tool-linux-amd64
+chmod +x manifest-tool
+./manifest-tool push from-spec multi-arch-manifest.yaml
+

      Damit ist Euer Projekt vorbereitet und bereit für Multi-Arch-Builds.

      Im nächsten Teil zeige ich Euch, wie Ihr die “Automated Builds” im Docker Hub konfiguriert, um den Multi-Arch-Build auch tatsächlich durchzuführen.

      \ No newline at end of file diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html new file mode 100644 index 0000000..9aed749 --- /dev/null +++ b/posts/multi-arch-docker-images-2/index.html @@ -0,0 +1,14 @@ +Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog +
      Home » Posts

      Build Multi-Arch images on Docker Hub (Part 2)

      May 16, 2020 · 3 min · 443 words · Heiner

      Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.

      Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:

      Einen automatisierten Build im Docker Hub konfigurieren. +Dort könnt Ihr dann die Build-Konfiguration vornehmen. Zunächst muss angegeben werden, aus Source-Repository gebaut werden soll:

      Bei der Konfiguration muss zunächst das Sourcecode-Repository angegeben werden. +Anschließend legt Ihr fünf Build Rules an, nämlich eine ohne Angabe eines Architektur-Tags (in meinem Fall “latest”) und vier weitere je Zielarchitektur. Vier deshalb, weil wir in diesem Beispiel für AMD64, ARM32V6, ARM32V7 und ARM64V8 bauen. Solltet Ihr für andere Zielarchitekturen bauen wollen, benötigt Ihr natürlich mehr oder weniger Build Rules:

      Die passenden Build Rules für die vier Zielarchitekturen. +Der Trick ist, dass das “ungetaggte” Image alle anderen Architektur-Images zugeordnet bekommt. Dadurch kann ein Anwender, der “docker run” oder “docker pull” auf Euer Image durchführt, das für seine Architektur passende Image automatisch laden, ohne explizit die Plattform nennen zu müssen. Ein Mac zieht somit das AMD64-Image, während ein Raspbian das ARM32V7-Image lädt und ein Raspberry Pi 4 mit 64bit-Ubuntu das ARM64V8 Image. Alles ohne weiteres zutun.

      Das war es dann auch schon mit der Konfiguration. Ein Klick auf “Save and Build” stellt die ausstehenden Builds (hier fünf an der Zahl) in die Warteschlange. Meiner Erfahrung nach kann es auf der Docker Hub Infrastruktur auch für einfache Images durchaus ein paar Stunden dauern, bis alle Images gebaut wurden. Was schon erledigt ist und was noch aussteht, könnt Ihr unter “Recent Builds” verfolgen.

      Die Recent Builds geben Auskunft über die noch ausstehenden und schon erfolgten Automated Builds. +Ihr werdet sehen, dass die ersten Builds als fehlgeschlagen markiert werden. Das ist völlig normal! Ein Blick in die Build Logs zeigt den nachvollziehbaren Grund: Nach jedem Build wird das multi-arch-manifest.yaml Docker-Manifest angewandt. Bevor das letzte Ziel-Architektur.Image aber nicht fertig gebaut wurde, können nicht alle Architektur-Images dem “ungetaggten” Image hinzugefügt werden und das Build schlägt augenscheinlich fehl.

      Kein Grund zur Sorge: Der Fehler “failed with error: manifest unknown: manifest unknown”. +Tatsächlich wurde das jeweilige Image aber (hoffentlich) erfolgreich gebaut und gepusht. Erst beim letzten Multi-Arch-Image kann das Manifest-Tool dann auch erfolgreich seine Arbeit verrichten und die Architekturen verknüpfen. Lasst Euch davon also nicht aus der Ruhe bringen und beobachtet die Build Logs aufmerksam.

      Ich wünsche Euch viel Spaß mit den Multi-Arch-Images im Docker Hub!

      \ No newline at end of file diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html new file mode 100644 index 0000000..4918cff --- /dev/null +++ b/posts/onedrive-upload-backup/index.html @@ -0,0 +1,35 @@ +Back up server to OneDrive’s special App Folder | Virtualzone Blog +
      Home » Posts

      Back up server to OneDrive’s special App Folder

      September 2, 2021 · 4 min · 682 words · Heiner

      I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.

      Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.

      I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.

      To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:

      1. Log in to the Microsoft Azure Portal.
      2. Navigate to “App registrations”.
      3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
      4. Copy the Application (client) ID.
      5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
      6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
      • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
      • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read

      Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.

      You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:

      curl -s -L https://git.io/JRie0 | bash

      Now create a configuration file named config.json. Replace and :

      {
+    "client_id": "<client id from azure app>",
+    "client_secret": "<client secret from azure app>",
+    "scopes": [
+        "Files.ReadWrite.AppFolder",
+        "offline_access"
+    ],
+    "redirect_uri": "http://localhost:53682/",
+    "secret_store": "./secret.json",
+    "root": "/drive/special/approot"
+}
+

      As you can see in the config.json above, we specify the special app folder as OneDrive Uploader’s root directory. The two scopes grant access to the this app folder and allows automatic renewing the necessary access token without user interaction (which is essential for unattended backups).

      Perform the log in using this command and follow the instructions printed on your console:

      onedrive-uploader login +You can now use OneDrive Uploader. To view the available commands, refer to the project’s GitHub page or type:

      onedrive-uploader help +To use OneDrive Uploader in your backup script, you can be guided by this shell script snippet:

      #!/bin/bash
+DIR_FORMAT="%Y-%m-%d" # DD-MM-YYYY format
+TODAY=`date +"${DIR_FORMAT}"`
+TARGET=/mnt/backup/$TODAY
+UPLOADER="/usr/local/bin/onedrive-uploader -c /home/username/backup-script/config.json"
+

      Perform your local backup and store it in ${TARGET}

      echo "Uploading..."
+cd ${TARGET}
+${UPLOADER} mkdir ${TODAY}
+for i in `ls`; do
+    ${UPLOADER} upload $i ${TODAY};
+    HASH_REMOTE=`${UPLOADER} sha256 $TODAY/$i | tr '[A-Z]' '[a-z]'`
+    HASH_LOCAL=`sha256sum $i | tr '[A-Z]' '[a-z]' | awk '{ print $1 }'`
+    if [[ "$HASH_REMOTE" != "$HASH_LOCAL" ]]; then
+        echo "Hashes for '$i' do not match! Remote = $HASH_REMOTE vs. Local = $HASH_LOCAL"
+    fi
+done
+

      This bash script uploads all files from the local directory $TARGET to its app folder in your OneDrive. It creates a sub-folder named YYYY-MM-DD (i.e. 2021-08-30). For each file, after having finished the upload, it checks she SHA256 hash so that you can be sure the upload is intact.

      \ No newline at end of file diff --git a/posts/page/1/index.html b/posts/page/1/index.html new file mode 100644 index 0000000..1bca100 --- /dev/null +++ b/posts/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/posts/ \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html new file mode 100644 index 0000000..50eaaf9 --- /dev/null +++ b/posts/page/2/index.html @@ -0,0 +1,14 @@ +Posts | Virtualzone Blog
      Home

      Posts +

      Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

      I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: '2' services: webfrontend: container_name: webfrontend [....

      February 11, 2017 · 2 min · 287 words · Heiner

      Creating an encrypted file container on macOS

      Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

      December 6, 2016 · 2 min · 356 words · Heiner

      UptimeRobot: A nice free website monitoring service

      Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

      September 5, 2016 · 1 min · 120 words · Heiner

      Fix Docker not using /etc/hosts on MacOS

      On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

      August 28, 2016 · 1 min · 163 words · Heiner

      From FHEM to OpenHAB with Homegear: Installation/Docker container

      For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

      August 28, 2016 · 6 min · 1084 words · Heiner

      How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

      Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

      August 27, 2016 · 2 min · 255 words · Heiner

      How to reduce PDF file size in Linux - Part 2

      Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

      August 15, 2015 · 1 min · 75 words · Heiner

      How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

      IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

      November 20, 2014 · 2 min · 372 words · Heiner

      How to reduce PDF file size in Linux

      Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

      November 21, 2012 · 1 min · 98 words · Heiner

      Determining a location’s federal state using Google Maps API

      If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

      August 10, 2012 · 1 min · 162 words · Heiner
      \ No newline at end of file diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html new file mode 100644 index 0000000..90d0f18 --- /dev/null +++ b/posts/raspberry-pi-os-remove-packages/index.html @@ -0,0 +1,20 @@ +Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog +
      Home » Posts

      Raspberry Pi OS: Remove unnecessary packages

      June 7, 2020 · 1 min · 126 words · Heiner

      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.

      Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.

      Nach dem Start habe ich mit folgenden beiden Befehlen die für mich überflüssigen Desktop-Pakete deinstalliert:

      sudo apt-get remove --purge \
+    x11-* \
+    gnome-* \
+    desktop-base \
+    *-theme \
+    dconf-gsettings-backend \
+    gsettings-desktop-schemas \
+    gtk- \
+    gtk2-* \
+    xdg-*
+sudo apt-get autoremove --purge
+
      \ No newline at end of file diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html new file mode 100644 index 0000000..1c33057 --- /dev/null +++ b/posts/reduce-pdf-file-size-2/index.html @@ -0,0 +1,18 @@ +How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog +
      Home » Posts

      How to reduce PDF file size in Linux - Part 2

      August 15, 2015 · 1 min · 75 words · Heiner

      Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:

      gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
+-dDownsampleColorImages=true \
+-dDownsampleGrayImages=true \
+-dDownsampleMonoImages=true \
+-dColorImageResolution=120 \
+-dGrayImageResolution=120 \
+-dMonoImageResolution=120 \
+-sOutputFile=output.pdf input.pdf
+

      Hint: This also works on MacOS. Just install GhostScript using Homebrew:

      brew install ghostscript
+
      \ No newline at end of file diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html new file mode 100644 index 0000000..ac2665f --- /dev/null +++ b/posts/reduce-pdf-file-size/index.html @@ -0,0 +1,14 @@ +How to reduce PDF file size in Linux | Virtualzone Blog +
      Home » Posts

      How to reduce PDF file size in Linux

      November 21, 2012 · 1 min · 98 words · Heiner

      Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:

      gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf
+

      You can also use the following parameters for -dPDFSETTINGS instead of /screen:

      • /screen – Lowest quality, lowest size
      • /ebook – Moderate quality
      • /printer – Good quality
      • /prepress – Best quality, highest size

      Update: Read Part 2 of this blog post for more detailled file size reduction settings.

      Hint: This also works on MacOS. Just install GhostScript using Homebrew:

      brew install ghostscript
+
      \ No newline at end of file diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html new file mode 100644 index 0000000..10db6a9 --- /dev/null +++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -0,0 +1,54 @@ +Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog +
      Home » Posts

      Analyze Traefik access log using InfluxDB and Grafana

      June 3, 2020 · 2 min · 397 words · Heiner

      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.

      In diesem Setup gibt es folgende wesentliche Elemente:

      • Traefik v2 läuft als Docker Container auf einem Linux Host.
      • Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.
      • Telegraf holt die JSON-Ausgaben vom Traefik-Container mit dem docker_log Input-Plugin ab.
      • Um mit dem JSON-Output in der InfluxDB bzw. in Grafana etwas anfangen zu können, wandle ich sie mit dem Parser-Processor-Plugin von Telegraf in eigenständige Felder um. Das ist notwendig, da ansonsten nur die numerischen Werte als Metriken übernommen werden – die String-Werte werden standardmäßig verworfen.
      • Mit dem Telegraf-Output-Plugin “influxdb” werden die Daten dann in die InfluxDB geschrieben.

      Traefik konfigurieren

      Die traefik.yml beinhaltet dazu folgende Konfiguration:

      accessLog:
+  format: json
+  fields:
+    headers:
+      defaultMode: drop
+      names:
+          User-Agent: keep
+          Content-Type: keep
+

      Damit werden die Accesslogs im JSON-Format rausgeschrieben. JSON hat den Vorteil, dass es maschinell leichter weiterverarbeitet werden kann – wir müssen also nicht mit GROK-Patterns oder dergleichen hantieren. Außerdem werden die Request-Header zwar verworfen (“drop”), aber die Header “User-Agent” und “Content-Type” werden beibehalten.

      Telegraf konfigurieren

      Die telegraf.conf habe ich folgendermaßen eingerichtet:

      [[inputs.docker_log]]
+    endpoint = "unix:///var/run/docker.sock"
+    from_beginning = false
+    container_name_include = ["traefik_traefik_1"]
+
+
+[[processors.parser]]
+    namepass = ["docker_log"]
+    parse_fields = ["message"]
+    merge = "override"
+    data_format = "json"
+    json_string_fields = [
+        "ClientHost",
+        "RequestAddr",
+        "RequestCount",
+        "RequestHost",
+        "RequestMethod",
+        "RequestPath",
+        "RequestProtocol",
+        "RequestScheme",
+        "downstream_Content-Type",
+        "request_User-Agent",
+        "time"
+    ]
+    json_time_key = "time"
+    json_time_format = "2006-01-02T15:04:05Z"
+    json_timezone = "UTC"
+
+
+[[outputs.influxdb]]
+    urls = ["http://influxdb:8086"]
+    database = "telegraf"
+    username = "telegraf"
+    password = "..."
+

      Wichtige Einstellungen sind hier:

      • container_name_include gibt an, von welcher Container-Instanz die Logs eingesammelt werden sollen. In diesem Fall die Traefik-Instanz.
      • parse_fields gibt an, welches Intput-Feld verarbeitet werden soll – in diesem Fall das Feld “message”.
      • json_string_fields gibt an, welche Werte aus dem eingelesenen JSON-Objekt als String-Felder in die InfluxDB geschrieben werden sollen. Lässt man das weg, werden alle nicht-numerischen Felder verworfen.
      • json_time_key und die anderen json_time-Einstellungen geben an, aus welchem JSON-Key und mit welchem Format die Logs den Zeitstempel für die Logs-Einträge beinhalten.
      • Im Output-Plugin musst Du dann noch die Verbindung zur InfluxDB korrekt konfigurieren.

      Das ganze soll als Beispiel dienen. Beachte bei der Speicherung, Auswertung und Verwendung der Access Logs bitte die geltenden Gesetze – in der EU bspw. die DSGVO und ggfls. weitere.

      \ No newline at end of file diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html new file mode 100644 index 0000000..53118be --- /dev/null +++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -0,0 +1,47 @@ +Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog +
      Home » Posts

      Unifi USG: Multiple IP addresses on PPPoE

      August 16, 2021 · 2 min · 353 words · Heiner

      My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).

      By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.

      Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:

      1. Create (or extend) a config.gateway.json file

      Place a file named config.gateway.json in the following path of your Unifi Network controller:

      /unifi/data/sites/default/

      You might need to replace “default” with the correct label of the affected site.

      2. Add DNAT and SNAT rules to the config.gateway.json file

      In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.

      {
+    "service": {
+        "nat": {
+            "rule": {
+                "3000": {
+                    "description": "DNAT public.static.ip.address TCP/443 to private.internal.ip.address",
+                    "destination": {
+                        "address": "public.static.ip.address",
+                        "port": "443"
+                    },
+                    "inbound-interface": "pppoe2",
+                    "inside-address": {
+                        "address": "private.internal.ip.address",
+                        "port": "443"
+                    },
+                    "log": "disable",
+                    "protocol": "tcp",
+                    "type": "destination"
+                },
+                "5000": {
+                    "description": "SNAT private.internal.ip.address TCP/443 to public.static.ip.address",
+                    "log": "disable",
+                    "outbound-interface": "ppoe2",
+                    "outside-address": {
+                        "address": "public.static.ip.address",
+                        "port": "443"
+                    },
+                    "protocol": "tcp",
+                    "source": {
+                        "address": "private.internal.ip.address",
+                        "port": "443"
+                    },
+                    "type": "source"
+                }
+            }
+        }
+    }
+}
+

      3. Trigger a provision of your new config to your USG

      Log in to your Unifi Network Controller. Navigate to “Devices” and choose your Unifi Security Gateway. Go to “Device”, select “Manage” and click “Trigger Provision”.

      img

      4. Test your configuration

      From a system outside your network, try to reach the configured port by using nmap, curl or a web browser.

      \ No newline at end of file diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html new file mode 100644 index 0000000..ab8c030 --- /dev/null +++ b/posts/uptime-robot-website-monitoring/index.html @@ -0,0 +1,6 @@ +UptimeRobot: A nice free website monitoring service | Virtualzone Blog +
      Home » Posts

      UptimeRobot: A nice free website monitoring service

      September 5, 2016 · 1 min · 120 words · Heiner

      Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).

      I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.

      \ No newline at end of file diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html new file mode 100644 index 0000000..0cb0bf7 --- /dev/null +++ b/posts/usb-boot-raspberry-pi/index.html @@ -0,0 +1,18 @@ +Native USB boot for Raspberry Pi 4 | Virtualzone Blog +
      Home » Posts

      Native USB boot for Raspberry Pi 4

      May 28, 2020 · 2 min · 416 words · Heiner

      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.

      Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. Nur mit diesem lässt sich die notwendige Beta-Firmware auf den Pi flashen.

      Raspberry OS 64 bit herunterladen

      Die 64 bit Beta-Version von Raspberry OS findest Du derzeit verlinkt in einem Beitrag im offiziellen Forum. Lade die ZIP-Datei herunter. Installiere Dir außerdem den Raspberry Pi Imager. Ich habe diesen unter macOS mit Homebrew installiert:

      brew cask install raspberry-pi-imager
+

      SD-Karte mit Raspberry OS vorbereiten

      Hinweis: Dieser Schritt ist nur notwendig, wenn Dein Raspberry Pi 4 noch nicht mit Raspbian oder Raspberry OS läuft! Wir brauchen Raspberry OS, um die Firmware des Raspberry Pi zu aktualisieren.

      Öffne dazu den Raspberry Pi Imager und flashe das heruntergeladene Image auf eine ausreichend große SD-Karte.

      Starte danach Deinen Pi von der SD-Karte mit dem Raspberry OS.

      EEPROM flashen

      Das EEPROM (electrically erasable programmable read-only memory) ist die Firmware Deines Raspberry Pi – sozusagen das Basis-System.

      Das Changelog zum Raspberry Pi EEPROM findest Du auf GitHub. Die Beta-Versionen ab dem 15.05.2020 enthalten die notwendige Funktion, um Deinen Raspberry Pi 4 vollständig von einem USB-Laufwerk zu starten – beispielsweise von einer SSD.

      Installiere zunächst in Raspberry OS das notwendige Update-Tool:

      sudo apt update
+sudo apt upgrade
+sudo apt install rpi-eeprom
+

      Um die Beta-Firmware (auf eigene Verantwortung!) auf Deinen Pi zu flashen, wechsle innerhalb des gestarteten Raspberry OS zunächst auf den Beta-Channel, indem Du die folgende Datei editierst:

      sudo nano /etc/default/rpi-eeprom-update
+

      Ändere die Zeile FIRMWARE_RELEASE_STATUS=”critical” auf:

      FIRMWARE_RELEASE_STATUS="beta"
+

      Nun aktualisiere die Firmware durch Ausführung des folgenden Kommandos, gefolgt von einem Reboot:

      sudo rpi-eeprom-update -a
+

      Nach dem Neustart sollte der folgende Befehl die Installation der aktuellen Beta-Firmware bestätigen:

      sudo rpi-eeprom-update
+

      Alternativ kann eine bestimmte EEPROM-Version auch direkt installiert werden, indem Du sie aus GitHub herunterlädst und dann folgenden Befehl ausführst:

      sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin
+

      SSD für den USB-Boot vorbereiten

      Um nun von einem USB-Laufwerk (bspw. SSD, externe Festplatte oder USB-Stick) booten zu können, verwende den oben erwähnten Raspberry Pi Imager, um das Raspberry OS auf Dein USB-Laufwerk zu schreiben.

      Verbinde das USB-Laufwerk anschließend mit Deinem RPi 4, entferne die SD-Karte und starte ihn. Dein Raspberry Pi 4 sollte nun von USB starten – ohne SD-Karten-Workaround.

      \ No newline at end of file diff --git a/privacy-policy/index.html b/privacy-policy/index.html new file mode 100644 index 0000000..ff54eb8 --- /dev/null +++ b/privacy-policy/index.html @@ -0,0 +1,11 @@ +Privacy Policy | Virtualzone Blog +
      Home

      Privacy Policy

      Heiner

      We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.

      Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

      Personal data stored

      The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

      Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

      If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

      The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

      Which personal data we store

      You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

      Where we store your data

      Our servers are located in Germany.

      Your rights according to General Data Protection Regulation (GDPR)

      According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

      • Right to have your data corrected (article 16 DSGVO)
      • Right to have your data deleted (article 17 DSGVO)
      • Right to limit the processing of your data (article 18 DSGVO)
      • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
      • Right to data portability (article 20 DSGVO)
      • Right to refuse (article 21 DSGVO)
      • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

      If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

      Where we send your data

      We will not share your data with third parties.

      TLS encryption using HTTPS

      In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

      Web Analytics

      For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

      Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

        \ No newline at end of file diff --git a/robots.txt b/robots.txt new file mode 100644 index 0000000..c66c943 --- /dev/null +++ b/robots.txt @@ -0,0 +1,3 @@ +User-agent: * +Disallow: +Sitemap: https://virtualzone.de/sitemap.xml diff --git a/sitemap.xml b/sitemap.xml new file mode 100644 index 0000000..11682ac --- /dev/null +++ b/sitemap.xml @@ -0,0 +1,143 @@ + + + + https://virtualzone.de/tags/kubernetes/ + 2021-09-03T11:30:03+00:00 + + https://virtualzone.de/posts/ + 2021-09-03T11:30:03+00:00 + + https://virtualzone.de/posts/k3s-glusterfs/ + 2021-09-03T11:30:03+00:00 + + https://virtualzone.de/tags/ + 2021-09-03T11:30:03+00:00 + + https://virtualzone.de/ + 2021-09-03T11:30:03+00:00 + + https://virtualzone.de/posts/onedrive-upload-backup/ + 2021-09-02T11:30:03+00:00 + + https://virtualzone.de/tags/github/ + 2021-09-02T11:30:03+00:00 + + https://virtualzone.de/tags/onedrive/ + 2021-09-02T11:30:03+00:00 + + https://virtualzone.de/tags/tool/ + 2021-09-02T11:30:03+00:00 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + 2021-08-16T11:30:03+00:00 + + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + 2020-06-07T11:30:03+00:00 + + https://virtualzone.de/tags/raspberrypi/ + 2020-06-07T11:30:03+00:00 + + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + 2020-06-03T11:30:03+00:00 + + https://virtualzone.de/tags/docker/ + 2020-06-03T11:30:03+00:00 + + https://virtualzone.de/tags/api/ + 2020-06-01T11:30:03+00:00 + + https://virtualzone.de/tags/endonomdo/ + 2020-06-01T11:30:03+00:00 + + https://virtualzone.de/posts/endomono-export-gpx/ + 2020-06-01T11:30:03+00:00 + + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + 2020-05-28T11:30:03+00:00 + + https://virtualzone.de/posts/multi-arch-docker-images-2/ + 2020-05-16T11:30:03+00:00 + + https://virtualzone.de/posts/multi-arch-docker-images-1/ + 2020-05-15T11:30:03+00:00 + + https://virtualzone.de/posts/jenkins-build-docker-images/ + 2017-06-11T11:30:03+00:00 + + https://virtualzone.de/tags/letsencrypt/ + 2017-02-11T11:30:03+00:00 + + https://virtualzone.de/tags/nginx/ + 2017-02-11T11:30:03+00:00 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + 2017-02-11T11:30:03+00:00 + + https://virtualzone.de/posts/encrypted-file-container-macos/ + 2016-12-06T11:30:03+00:00 + + https://virtualzone.de/tags/macos/ + 2016-12-06T11:30:03+00:00 + + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + 2016-09-05T11:30:03+00:00 + + https://virtualzone.de/tags/fhem/ + 2016-08-28T11:30:03+00:00 + + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + 2016-08-28T11:30:03+00:00 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + 2016-08-28T11:30:03+00:00 + + https://virtualzone.de/tags/homeautomation/ + 2016-08-28T11:30:03+00:00 + + https://virtualzone.de/tags/openhab/ + 2016-08-28T11:30:03+00:00 + + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + 2016-08-27T11:30:03+00:00 + + https://virtualzone.de/tags/proxy/ + 2016-08-27T11:30:03+00:00 + + https://virtualzone.de/tags/wordpress/ + 2016-08-27T11:30:03+00:00 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + 2015-08-15T11:30:03+00:00 + + https://virtualzone.de/tags/linux/ + 2015-08-15T11:30:03+00:00 + + https://virtualzone.de/tags/firewall/ + 2014-11-20T11:30:03+00:00 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + 2014-11-20T11:30:03+00:00 + + https://virtualzone.de/tags/ipv6/ + 2014-11-20T11:30:03+00:00 + + https://virtualzone.de/tags/sonicwall/ + 2014-11-20T11:30:03+00:00 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + 2012-11-21T11:30:03+00:00 + + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + 2012-08-10T11:30:03+00:00 + + https://virtualzone.de/tags/google/ + 2012-08-10T11:30:03+00:00 + + https://virtualzone.de/categories/ + + https://virtualzone.de/contact/ + + https://virtualzone.de/privacy-policy/ + + diff --git a/tags/api/index.html b/tags/api/index.html new file mode 100644 index 0000000..cc81ed5 --- /dev/null +++ b/tags/api/index.html @@ -0,0 +1,7 @@ +api | Virtualzone Blog
        Home » Tags

        api +

        Export trainings from Endomondo as GPX files

        Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....

        June 1, 2020 · 2 min · 323 words · Heiner

        Determining a location’s federal state using Google Maps API

        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

        August 10, 2012 · 1 min · 162 words · Heiner
        \ No newline at end of file diff --git a/tags/api/index.xml b/tags/api/index.xml new file mode 100644 index 0000000..fcf5f96 --- /dev/null +++ b/tags/api/index.xml @@ -0,0 +1,32 @@ + + + + api on Virtualzone Blog + https://virtualzone.de/tags/api/ + Recent content in api on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Mon, 01 Jun 2020 11:30:03 +0000 + + Export trainings from Endomondo as GPX files + https://virtualzone.de/posts/endomono-export-gpx/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/endomono-export-gpx/ + Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. + + + + Determining a location’s federal state using Google Maps API + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + Fri, 10 Aug 2012 11:30:03 +0000 + + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). + + + + diff --git a/tags/api/page/1/index.html b/tags/api/page/1/index.html new file mode 100644 index 0000000..ad10d59 --- /dev/null +++ b/tags/api/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/api/ \ No newline at end of file diff --git a/tags/docker/index.html b/tags/docker/index.html new file mode 100644 index 0000000..91f62c7 --- /dev/null +++ b/tags/docker/index.html @@ -0,0 +1,13 @@ +docker | Virtualzone Blog
        Home » Tags

        docker +

        Analyze Traefik access log using InfluxDB and Grafana

        Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....

        June 3, 2020 · 2 min · 397 words · Heiner

        Build Multi-Arch images on Docker Hub (Part 2)

        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

        May 16, 2020 · 3 min · 443 words · Heiner

        Build Multi-Arch images on Docker Hub (Part 1)

        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

        May 15, 2020 · 3 min · 502 words · Heiner

        How to let Jenkins build Docker images

        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

        June 11, 2017 · 2 min · 370 words · Heiner

        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: '2' services: webfrontend: container_name: webfrontend [....

        February 11, 2017 · 2 min · 287 words · Heiner

        Fix Docker not using /etc/hosts on MacOS

        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

        August 28, 2016 · 1 min · 163 words · Heiner

        From FHEM to OpenHAB with Homegear: Installation/Docker container

        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

        August 28, 2016 · 6 min · 1084 words · Heiner
        \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml new file mode 100644 index 0000000..e182fb6 --- /dev/null +++ b/tags/docker/index.xml @@ -0,0 +1,83 @@ + + + + docker on Virtualzone Blog + https://virtualzone.de/tags/docker/ + Recent content in docker on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Wed, 03 Jun 2020 11:30:03 +0000 + + Analyze Traefik access log using InfluxDB and Grafana + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Wed, 03 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht. +In diesem Setup gibt es folgende wesentliche Elemente: +Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT. + + + + Build Multi-Arch images on Docker Hub (Part 2) + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Sat, 16 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-2/ + Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. + + + + Build Multi-Arch images on Docker Hub (Part 1) + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Fri, 15 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/multi-arch-docker-images-1/ + Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. + + + + How to let Jenkins build Docker images + https://virtualzone.de/posts/jenkins-build-docker-images/ + Sun, 11 Jun 2017 11:30:03 +0000 + + https://virtualzone.de/posts/jenkins-build-docker-images/ + If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. + + + + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. + + + + Fix Docker not using /etc/hosts on MacOS + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. + + + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + diff --git a/tags/docker/page/1/index.html b/tags/docker/page/1/index.html new file mode 100644 index 0000000..a9f3732 --- /dev/null +++ b/tags/docker/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/docker/ \ No newline at end of file diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html new file mode 100644 index 0000000..9dfeb8a --- /dev/null +++ b/tags/endonomdo/index.html @@ -0,0 +1,6 @@ +endonomdo | Virtualzone Blog
        Home » Tags

        endonomdo +

        Export trainings from Endomondo as GPX files

        Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....

        June 1, 2020 · 2 min · 323 words · Heiner
        \ No newline at end of file diff --git a/tags/endonomdo/index.xml b/tags/endonomdo/index.xml new file mode 100644 index 0000000..55252b0 --- /dev/null +++ b/tags/endonomdo/index.xml @@ -0,0 +1,22 @@ + + + + endonomdo on Virtualzone Blog + https://virtualzone.de/tags/endonomdo/ + Recent content in endonomdo on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Mon, 01 Jun 2020 11:30:03 +0000 + + Export trainings from Endomondo as GPX files + https://virtualzone.de/posts/endomono-export-gpx/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/endomono-export-gpx/ + Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren. +Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. + + + + diff --git a/tags/endonomdo/page/1/index.html b/tags/endonomdo/page/1/index.html new file mode 100644 index 0000000..67084a4 --- /dev/null +++ b/tags/endonomdo/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/endonomdo/ \ No newline at end of file diff --git a/tags/fhem/index.html b/tags/fhem/index.html new file mode 100644 index 0000000..10a5341 --- /dev/null +++ b/tags/fhem/index.html @@ -0,0 +1,5 @@ +fhem | Virtualzone Blog
        Home » Tags

        fhem +

        From FHEM to OpenHAB with Homegear: Installation/Docker container

        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

        August 28, 2016 · 6 min · 1084 words · Heiner
        \ No newline at end of file diff --git a/tags/fhem/index.xml b/tags/fhem/index.xml new file mode 100644 index 0000000..e7be4ea --- /dev/null +++ b/tags/fhem/index.xml @@ -0,0 +1,21 @@ + + + + fhem on Virtualzone Blog + https://virtualzone.de/tags/fhem/ + Recent content in fhem on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + diff --git a/tags/fhem/page/1/index.html b/tags/fhem/page/1/index.html new file mode 100644 index 0000000..dd69fba --- /dev/null +++ b/tags/fhem/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/fhem/ \ No newline at end of file diff --git a/tags/firewall/index.html b/tags/firewall/index.html new file mode 100644 index 0000000..4f81e62 --- /dev/null +++ b/tags/firewall/index.html @@ -0,0 +1,5 @@ +firewall | Virtualzone Blog
        Home » Tags

        firewall +

        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

        November 20, 2014 · 2 min · 372 words · Heiner
        \ No newline at end of file diff --git a/tags/firewall/index.xml b/tags/firewall/index.xml new file mode 100644 index 0000000..cbf2544 --- /dev/null +++ b/tags/firewall/index.xml @@ -0,0 +1,21 @@ + + + + firewall on Virtualzone Blog + https://virtualzone.de/tags/firewall/ + Recent content in firewall on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. + + + + diff --git a/tags/firewall/page/1/index.html b/tags/firewall/page/1/index.html new file mode 100644 index 0000000..60f97fd --- /dev/null +++ b/tags/firewall/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/firewall/ \ No newline at end of file diff --git a/tags/github/index.html b/tags/github/index.html new file mode 100644 index 0000000..37642d7 --- /dev/null +++ b/tags/github/index.html @@ -0,0 +1,6 @@ +github | Virtualzone Blog
        Home » Tags

        github +

        Back up server to OneDrive’s special App Folder

        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

        September 2, 2021 · 4 min · 682 words · Heiner

        Unifi USG: Multiple IP addresses on PPPoE

        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

        August 16, 2021 · 2 min · 353 words · Heiner
        \ No newline at end of file diff --git a/tags/github/index.xml b/tags/github/index.xml new file mode 100644 index 0000000..84cf181 --- /dev/null +++ b/tags/github/index.xml @@ -0,0 +1,31 @@ + + + + github on Virtualzone Blog + https://virtualzone.de/tags/github/ + Recent content in github on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + + Back up server to OneDrive’s special App Folder + https://virtualzone.de/posts/onedrive-upload-backup/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/onedrive-upload-backup/ + I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. + + + + Unifi USG: Multiple IP addresses on PPPoE + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + Mon, 16 Aug 2021 11:30:03 +0000 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE. + + + + diff --git a/tags/github/page/1/index.html b/tags/github/page/1/index.html new file mode 100644 index 0000000..62fd514 --- /dev/null +++ b/tags/github/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/github/ \ No newline at end of file diff --git a/tags/google/index.html b/tags/google/index.html new file mode 100644 index 0000000..9d4564f --- /dev/null +++ b/tags/google/index.html @@ -0,0 +1,6 @@ +google | Virtualzone Blog
        Home » Tags

        google +

        Determining a location’s federal state using Google Maps API

        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

        August 10, 2012 · 1 min · 162 words · Heiner
        \ No newline at end of file diff --git a/tags/google/index.xml b/tags/google/index.xml new file mode 100644 index 0000000..7e0aaa7 --- /dev/null +++ b/tags/google/index.xml @@ -0,0 +1,22 @@ + + + + google on Virtualzone Blog + https://virtualzone.de/tags/google/ + Recent content in google on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Fri, 10 Aug 2012 11:30:03 +0000 + + Determining a location’s federal state using Google Maps API + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + Fri, 10 Aug 2012 11:30:03 +0000 + + https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). + + + + diff --git a/tags/google/page/1/index.html b/tags/google/page/1/index.html new file mode 100644 index 0000000..0ff466e --- /dev/null +++ b/tags/google/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/google/ \ No newline at end of file diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html new file mode 100644 index 0000000..4ab31c0 --- /dev/null +++ b/tags/homeautomation/index.html @@ -0,0 +1,5 @@ +homeautomation | Virtualzone Blog
        Home » Tags

        homeautomation +

        From FHEM to OpenHAB with Homegear: Installation/Docker container

        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

        August 28, 2016 · 6 min · 1084 words · Heiner
        \ No newline at end of file diff --git a/tags/homeautomation/index.xml b/tags/homeautomation/index.xml new file mode 100644 index 0000000..6f3a28b --- /dev/null +++ b/tags/homeautomation/index.xml @@ -0,0 +1,21 @@ + + + + homeautomation on Virtualzone Blog + https://virtualzone.de/tags/homeautomation/ + Recent content in homeautomation on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + diff --git a/tags/homeautomation/page/1/index.html b/tags/homeautomation/page/1/index.html new file mode 100644 index 0000000..8f727ea --- /dev/null +++ b/tags/homeautomation/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/homeautomation/ \ No newline at end of file diff --git a/tags/index.html b/tags/index.html new file mode 100644 index 0000000..18e90c7 --- /dev/null +++ b/tags/index.html @@ -0,0 +1,4 @@ +Tags | Virtualzone Blog

        Tags

        \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml new file mode 100644 index 0000000..c3fd9b7 --- /dev/null +++ b/tags/index.xml @@ -0,0 +1,201 @@ + + + + Tags on Virtualzone Blog + https://virtualzone.de/tags/ + Recent content in Tags on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Fri, 03 Sep 2021 11:30:03 +0000 + + kubernetes + https://virtualzone.de/tags/kubernetes/ + Fri, 03 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/tags/kubernetes/ + + + + + github + https://virtualzone.de/tags/github/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/tags/github/ + + + + + onedrive + https://virtualzone.de/tags/onedrive/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/tags/onedrive/ + + + + + tool + https://virtualzone.de/tags/tool/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/tags/tool/ + + + + + raspberrypi + https://virtualzone.de/tags/raspberrypi/ + Sun, 07 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/tags/raspberrypi/ + + + + + docker + https://virtualzone.de/tags/docker/ + Wed, 03 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/tags/docker/ + + + + + api + https://virtualzone.de/tags/api/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/tags/api/ + + + + + endonomdo + https://virtualzone.de/tags/endonomdo/ + Mon, 01 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/tags/endonomdo/ + + + + + letsencrypt + https://virtualzone.de/tags/letsencrypt/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/tags/letsencrypt/ + + + + + nginx + https://virtualzone.de/tags/nginx/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/tags/nginx/ + + + + + macos + https://virtualzone.de/tags/macos/ + Tue, 06 Dec 2016 11:30:03 +0000 + + https://virtualzone.de/tags/macos/ + + + + + fhem + https://virtualzone.de/tags/fhem/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/tags/fhem/ + + + + + homeautomation + https://virtualzone.de/tags/homeautomation/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/tags/homeautomation/ + + + + + openhab + https://virtualzone.de/tags/openhab/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/tags/openhab/ + + + + + proxy + https://virtualzone.de/tags/proxy/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/tags/proxy/ + + + + + wordpress + https://virtualzone.de/tags/wordpress/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/tags/wordpress/ + + + + + linux + https://virtualzone.de/tags/linux/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/tags/linux/ + + + + + firewall + https://virtualzone.de/tags/firewall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/tags/firewall/ + + + + + ipv6 + https://virtualzone.de/tags/ipv6/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/tags/ipv6/ + + + + + sonicwall + https://virtualzone.de/tags/sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/tags/sonicwall/ + + + + + google + https://virtualzone.de/tags/google/ + Fri, 10 Aug 2012 11:30:03 +0000 + + https://virtualzone.de/tags/google/ + + + + + diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html new file mode 100644 index 0000000..3140e02 --- /dev/null +++ b/tags/ipv6/index.html @@ -0,0 +1,5 @@ +ipv6 | Virtualzone Blog
        Home » Tags

        ipv6 +

        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

        November 20, 2014 · 2 min · 372 words · Heiner
        \ No newline at end of file diff --git a/tags/ipv6/index.xml b/tags/ipv6/index.xml new file mode 100644 index 0000000..7f14bdc --- /dev/null +++ b/tags/ipv6/index.xml @@ -0,0 +1,21 @@ + + + + ipv6 on Virtualzone Blog + https://virtualzone.de/tags/ipv6/ + Recent content in ipv6 on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. + + + + diff --git a/tags/ipv6/page/1/index.html b/tags/ipv6/page/1/index.html new file mode 100644 index 0000000..f481736 --- /dev/null +++ b/tags/ipv6/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/ipv6/ \ No newline at end of file diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html new file mode 100644 index 0000000..5a1b566 --- /dev/null +++ b/tags/kubernetes/index.html @@ -0,0 +1,5 @@ +kubernetes | Virtualzone Blog
        Home » Tags

        kubernetes +

        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

        September 3, 2021 · 1 min · 118 words · Heiner
        \ No newline at end of file diff --git a/tags/kubernetes/index.xml b/tags/kubernetes/index.xml new file mode 100644 index 0000000..cddef16 --- /dev/null +++ b/tags/kubernetes/index.xml @@ -0,0 +1,21 @@ + + + + kubernetes on Virtualzone Blog + https://virtualzone.de/tags/kubernetes/ + Recent content in kubernetes on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Fri, 03 Sep 2021 11:30:03 +0000 + + Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing + https://virtualzone.de/posts/k3s-glusterfs/ + Fri, 03 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/k3s-glusterfs/ + I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. + + + + diff --git a/tags/kubernetes/page/1/index.html b/tags/kubernetes/page/1/index.html new file mode 100644 index 0000000..8b276e5 --- /dev/null +++ b/tags/kubernetes/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/kubernetes/ \ No newline at end of file diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html new file mode 100644 index 0000000..27803fa --- /dev/null +++ b/tags/letsencrypt/index.html @@ -0,0 +1,7 @@ +letsencrypt | Virtualzone Blog
        Home » Tags

        letsencrypt +

        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: '2' services: webfrontend: container_name: webfrontend [....

        February 11, 2017 · 2 min · 287 words · Heiner
        \ No newline at end of file diff --git a/tags/letsencrypt/index.xml b/tags/letsencrypt/index.xml new file mode 100644 index 0000000..3e39831 --- /dev/null +++ b/tags/letsencrypt/index.xml @@ -0,0 +1,23 @@ + + + + letsencrypt on Virtualzone Blog + https://virtualzone.de/tags/letsencrypt/ + Recent content in letsencrypt on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sat, 11 Feb 2017 11:30:03 +0000 + + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. + + + + diff --git a/tags/letsencrypt/page/1/index.html b/tags/letsencrypt/page/1/index.html new file mode 100644 index 0000000..eb73088 --- /dev/null +++ b/tags/letsencrypt/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/letsencrypt/ \ No newline at end of file diff --git a/tags/linux/index.html b/tags/linux/index.html new file mode 100644 index 0000000..aaae9e7 --- /dev/null +++ b/tags/linux/index.html @@ -0,0 +1,8 @@ +linux | Virtualzone Blog
        Home » Tags

        linux +

        How to reduce PDF file size in Linux - Part 2

        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

        August 15, 2015 · 1 min · 75 words · Heiner

        How to reduce PDF file size in Linux

        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

        November 21, 2012 · 1 min · 98 words · Heiner
        \ No newline at end of file diff --git a/tags/linux/index.xml b/tags/linux/index.xml new file mode 100644 index 0000000..242710c --- /dev/null +++ b/tags/linux/index.xml @@ -0,0 +1,33 @@ + + + + linux on Virtualzone Blog + https://virtualzone.de/tags/linux/ + Recent content in linux on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sat, 15 Aug 2015 11:30:03 +0000 + + How to reduce PDF file size in Linux - Part 2 + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: + + + + How to reduce PDF file size in Linux + https://virtualzone.de/posts/reduce-pdf-file-size/ + Wed, 21 Nov 2012 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. + + + + diff --git a/tags/linux/page/1/index.html b/tags/linux/page/1/index.html new file mode 100644 index 0000000..0ff8618 --- /dev/null +++ b/tags/linux/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/linux/ \ No newline at end of file diff --git a/tags/macos/index.html b/tags/macos/index.html new file mode 100644 index 0000000..752c3b6 --- /dev/null +++ b/tags/macos/index.html @@ -0,0 +1,10 @@ +macos | Virtualzone Blog
        Home » Tags

        macos +

        Creating an encrypted file container on macOS

        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

        December 6, 2016 · 2 min · 356 words · Heiner

        Fix Docker not using /etc/hosts on MacOS

        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

        August 28, 2016 · 1 min · 163 words · Heiner

        How to reduce PDF file size in Linux - Part 2

        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

        August 15, 2015 · 1 min · 75 words · Heiner

        How to reduce PDF file size in Linux

        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

        November 21, 2012 · 1 min · 98 words · Heiner
        \ No newline at end of file diff --git a/tags/macos/index.xml b/tags/macos/index.xml new file mode 100644 index 0000000..b9cc72a --- /dev/null +++ b/tags/macos/index.xml @@ -0,0 +1,53 @@ + + + + macos on Virtualzone Blog + https://virtualzone.de/tags/macos/ + Recent content in macos on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Tue, 06 Dec 2016 11:30:03 +0000 + + Creating an encrypted file container on macOS + https://virtualzone.de/posts/encrypted-file-container-macos/ + Tue, 06 Dec 2016 11:30:03 +0000 + + https://virtualzone.de/posts/encrypted-file-container-macos/ + Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. + + + + Fix Docker not using /etc/hosts on MacOS + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +When I executed “docker push” for example, this resulted in “no such hosts” errors: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. + + + + How to reduce PDF file size in Linux - Part 2 + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: + + + + How to reduce PDF file size in Linux + https://virtualzone.de/posts/reduce-pdf-file-size/ + Wed, 21 Nov 2012 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. + + + + diff --git a/tags/macos/page/1/index.html b/tags/macos/page/1/index.html new file mode 100644 index 0000000..91d260c --- /dev/null +++ b/tags/macos/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/macos/ \ No newline at end of file diff --git a/tags/nginx/index.html b/tags/nginx/index.html new file mode 100644 index 0000000..500db00 --- /dev/null +++ b/tags/nginx/index.html @@ -0,0 +1,7 @@ +nginx | Virtualzone Blog
        Home » Tags

        nginx +

        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: '2' services: webfrontend: container_name: webfrontend [....

        February 11, 2017 · 2 min · 287 words · Heiner
        \ No newline at end of file diff --git a/tags/nginx/index.xml b/tags/nginx/index.xml new file mode 100644 index 0000000..adc42ae --- /dev/null +++ b/tags/nginx/index.xml @@ -0,0 +1,23 @@ + + + + nginx on Virtualzone Blog + https://virtualzone.de/tags/nginx/ + Recent content in nginx on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sat, 11 Feb 2017 11:30:03 +0000 + + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + Sat, 11 Feb 2017 11:30:03 +0000 + + https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +First, I’ve added two new volumes to my web-front-end’s Docker Compose File: +version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. + + + + diff --git a/tags/nginx/page/1/index.html b/tags/nginx/page/1/index.html new file mode 100644 index 0000000..e4f7b1c --- /dev/null +++ b/tags/nginx/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/nginx/ \ No newline at end of file diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html new file mode 100644 index 0000000..9b2244a --- /dev/null +++ b/tags/onedrive/index.html @@ -0,0 +1,6 @@ +onedrive | Virtualzone Blog
        Home » Tags

        onedrive +

        Back up server to OneDrive’s special App Folder

        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

        September 2, 2021 · 4 min · 682 words · Heiner

        Unifi USG: Multiple IP addresses on PPPoE

        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

        August 16, 2021 · 2 min · 353 words · Heiner
        \ No newline at end of file diff --git a/tags/onedrive/index.xml b/tags/onedrive/index.xml new file mode 100644 index 0000000..b075f92 --- /dev/null +++ b/tags/onedrive/index.xml @@ -0,0 +1,31 @@ + + + + onedrive on Virtualzone Blog + https://virtualzone.de/tags/onedrive/ + Recent content in onedrive on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + + Back up server to OneDrive’s special App Folder + https://virtualzone.de/posts/onedrive-upload-backup/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/onedrive-upload-backup/ + I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. + + + + Unifi USG: Multiple IP addresses on PPPoE + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + Mon, 16 Aug 2021 11:30:03 +0000 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE. + + + + diff --git a/tags/onedrive/page/1/index.html b/tags/onedrive/page/1/index.html new file mode 100644 index 0000000..7d60ad1 --- /dev/null +++ b/tags/onedrive/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/onedrive/ \ No newline at end of file diff --git a/tags/openhab/index.html b/tags/openhab/index.html new file mode 100644 index 0000000..8a67b66 --- /dev/null +++ b/tags/openhab/index.html @@ -0,0 +1,5 @@ +openhab | Virtualzone Blog
        Home » Tags

        openhab +

        From FHEM to OpenHAB with Homegear: Installation/Docker container

        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

        August 28, 2016 · 6 min · 1084 words · Heiner
        \ No newline at end of file diff --git a/tags/openhab/index.xml b/tags/openhab/index.xml new file mode 100644 index 0000000..eb88ad4 --- /dev/null +++ b/tags/openhab/index.xml @@ -0,0 +1,21 @@ + + + + openhab on Virtualzone Blog + https://virtualzone.de/tags/openhab/ + Recent content in openhab on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + + From FHEM to OpenHAB with Homegear: Installation/Docker container + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + Sun, 28 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. + + + + diff --git a/tags/openhab/page/1/index.html b/tags/openhab/page/1/index.html new file mode 100644 index 0000000..89fa59d --- /dev/null +++ b/tags/openhab/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/openhab/ \ No newline at end of file diff --git a/tags/proxy/index.html b/tags/proxy/index.html new file mode 100644 index 0000000..ea2cac1 --- /dev/null +++ b/tags/proxy/index.html @@ -0,0 +1,6 @@ +proxy | Virtualzone Blog
        Home » Tags

        proxy +

        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

        August 27, 2016 · 2 min · 255 words · Heiner
        \ No newline at end of file diff --git a/tags/proxy/index.xml b/tags/proxy/index.xml new file mode 100644 index 0000000..8739084 --- /dev/null +++ b/tags/proxy/index.xml @@ -0,0 +1,22 @@ + + + + proxy on Virtualzone Blog + https://virtualzone.de/tags/proxy/ + Recent content in proxy on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sat, 27 Aug 2016 11:30:03 +0000 + + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. + + + + diff --git a/tags/proxy/page/1/index.html b/tags/proxy/page/1/index.html new file mode 100644 index 0000000..4c5083b --- /dev/null +++ b/tags/proxy/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/proxy/ \ No newline at end of file diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html new file mode 100644 index 0000000..e37fb0b --- /dev/null +++ b/tags/raspberrypi/index.html @@ -0,0 +1,7 @@ +raspberrypi | Virtualzone Blog
        Home » Tags

        raspberrypi +

        Raspberry Pi OS: Remove unnecessary packages

        Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....

        June 7, 2020 · 1 min · 126 words · Heiner

        Native USB boot for Raspberry Pi 4

        Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....

        May 28, 2020 · 2 min · 416 words · Heiner
        \ No newline at end of file diff --git a/tags/raspberrypi/index.xml b/tags/raspberrypi/index.xml new file mode 100644 index 0000000..cef5958 --- /dev/null +++ b/tags/raspberrypi/index.xml @@ -0,0 +1,32 @@ + + + + raspberrypi on Virtualzone Blog + https://virtualzone.de/tags/raspberrypi/ + Recent content in raspberrypi on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sun, 07 Jun 2020 11:30:03 +0000 + + Raspberry Pi OS: Remove unnecessary packages + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Sun, 07 Jun 2020 11:30:03 +0000 + + https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren. +Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager. + + + + Native USB boot for Raspberry Pi 4 + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Thu, 28 May 2020 11:30:03 +0000 + + https://virtualzone.de/posts/usb-boot-raspberry-pi/ + Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian. +Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. + + + + diff --git a/tags/raspberrypi/page/1/index.html b/tags/raspberrypi/page/1/index.html new file mode 100644 index 0000000..97206de --- /dev/null +++ b/tags/raspberrypi/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/raspberrypi/ \ No newline at end of file diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html new file mode 100644 index 0000000..78284e7 --- /dev/null +++ b/tags/sonicwall/index.html @@ -0,0 +1,5 @@ +sonicwall | Virtualzone Blog
        Home » Tags

        sonicwall +

        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

        November 20, 2014 · 2 min · 372 words · Heiner
        \ No newline at end of file diff --git a/tags/sonicwall/index.xml b/tags/sonicwall/index.xml new file mode 100644 index 0000000..4764d95 --- /dev/null +++ b/tags/sonicwall/index.xml @@ -0,0 +1,21 @@ + + + + sonicwall on Virtualzone Blog + https://virtualzone.de/tags/sonicwall/ + Recent content in sonicwall on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + Thu, 20 Nov 2014 11:30:03 +0000 + + https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. + + + + diff --git a/tags/sonicwall/page/1/index.html b/tags/sonicwall/page/1/index.html new file mode 100644 index 0000000..8eb9f2d --- /dev/null +++ b/tags/sonicwall/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/sonicwall/ \ No newline at end of file diff --git a/tags/tool/index.html b/tags/tool/index.html new file mode 100644 index 0000000..08380e0 --- /dev/null +++ b/tags/tool/index.html @@ -0,0 +1,9 @@ +tool | Virtualzone Blog
        Home » Tags

        tool +

        Back up server to OneDrive’s special App Folder

        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

        September 2, 2021 · 4 min · 682 words · Heiner

        Unifi USG: Multiple IP addresses on PPPoE

        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

        August 16, 2021 · 2 min · 353 words · Heiner

        UptimeRobot: A nice free website monitoring service

        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

        September 5, 2016 · 1 min · 120 words · Heiner

        How to reduce PDF file size in Linux - Part 2

        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

        August 15, 2015 · 1 min · 75 words · Heiner

        How to reduce PDF file size in Linux

        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

        November 21, 2012 · 1 min · 98 words · Heiner
        \ No newline at end of file diff --git a/tags/tool/index.xml b/tags/tool/index.xml new file mode 100644 index 0000000..c3e1a92 --- /dev/null +++ b/tags/tool/index.xml @@ -0,0 +1,61 @@ + + + + tool on Virtualzone Blog + https://virtualzone.de/tags/tool/ + Recent content in tool on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + + Back up server to OneDrive’s special App Folder + https://virtualzone.de/posts/onedrive-upload-backup/ + Thu, 02 Sep 2021 11:30:03 +0000 + + https://virtualzone.de/posts/onedrive-upload-backup/ + I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. + + + + Unifi USG: Multiple IP addresses on PPPoE + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + Mon, 16 Aug 2021 11:30:03 +0000 + + https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE. + + + + UptimeRobot: A nice free website monitoring service + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Mon, 05 Sep 2016 11:30:03 +0000 + + https://virtualzone.de/posts/uptime-robot-website-monitoring/ + Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). + + + + How to reduce PDF file size in Linux - Part 2 + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Sat, 15 Aug 2015 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size-2/ + Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: + + + + How to reduce PDF file size in Linux + https://virtualzone.de/posts/reduce-pdf-file-size/ + Wed, 21 Nov 2012 11:30:03 +0000 + + https://virtualzone.de/posts/reduce-pdf-file-size/ + Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. + + + + diff --git a/tags/tool/page/1/index.html b/tags/tool/page/1/index.html new file mode 100644 index 0000000..520c663 --- /dev/null +++ b/tags/tool/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/tool/ \ No newline at end of file diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html new file mode 100644 index 0000000..abdbc3e --- /dev/null +++ b/tags/wordpress/index.html @@ -0,0 +1,6 @@ +wordpress | Virtualzone Blog
        Home » Tags

        wordpress +

        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

        August 27, 2016 · 2 min · 255 words · Heiner
        \ No newline at end of file diff --git a/tags/wordpress/index.xml b/tags/wordpress/index.xml new file mode 100644 index 0000000..b682e2a --- /dev/null +++ b/tags/wordpress/index.xml @@ -0,0 +1,22 @@ + + + + wordpress on Virtualzone Blog + https://virtualzone.de/tags/wordpress/ + Recent content in wordpress on Virtualzone Blog + Hugo -- gohugo.io + en-us + &copy; 2022 Heiner Beck. + Sat, 27 Aug 2016 11:30:03 +0000 + + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Sat, 27 Aug 2016 11:30:03 +0000 + + https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. + + + + diff --git a/tags/wordpress/page/1/index.html b/tags/wordpress/page/1/index.html new file mode 100644 index 0000000..359da1e --- /dev/null +++ b/tags/wordpress/page/1/index.html @@ -0,0 +1 @@ +https://virtualzone.de/tags/wordpress/ \ No newline at end of file From ad645c0804891efea5f89f22fef2615da54d4d28 Mon Sep 17 00:00:00 2001 From: Heiner <13085858+virtualzone@users.noreply.github.com> Date: Sun, 5 Jun 2022 16:17:46 +0200 Subject: [PATCH 02/25] Create CNAME --- CNAME | 1 + 1 file changed, 1 insertion(+) create mode 100644 CNAME diff --git a/CNAME b/CNAME new file mode 100644 index 0000000..828de51 --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +virtualzone.de \ No newline at end of file From 88ed12b03457434dab65a717dc9adea485d97994 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 5 Jun 2022 14:28:47 +0000 Subject: [PATCH 03/25] deploy: 705f37e54773f88a0101f617f1ff42295785dc6a --- 404.html | 2 +- CNAME | 1 - categories/index.html | 2 +- contact/index.html | 2 +- index.html | 2 +- page/2/index.html | 2 +- .../index.html | 2 +- posts/encrypted-file-container-macos/index.html | 2 +- posts/endomono-export-gpx/index.html | 2 +- posts/fix-docker-not-using-etc-hosts-on-macos/index.html | 2 +- .../index.html | 2 +- posts/https-ssl-in-wordpress-behind-proxy/index.html | 2 +- posts/index.html | 2 +- posts/ipv6-on-a-sonicwall/index.html | 2 +- posts/jenkins-build-docker-images/index.html | 2 +- posts/k3s-glusterfs/index.html | 2 +- posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html | 2 +- posts/multi-arch-docker-images-1/index.html | 2 +- posts/multi-arch-docker-images-2/index.html | 2 +- posts/onedrive-upload-backup/index.html | 2 +- posts/page/2/index.html | 2 +- posts/raspberry-pi-os-remove-packages/index.html | 2 +- posts/reduce-pdf-file-size-2/index.html | 2 +- posts/reduce-pdf-file-size/index.html | 2 +- posts/traefik-access-log-influxdb-grafana-telegraf/index.html | 2 +- posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html | 2 +- posts/uptime-robot-website-monitoring/index.html | 2 +- posts/usb-boot-raspberry-pi/index.html | 2 +- privacy-policy/index.html | 2 +- tags/api/index.html | 2 +- tags/docker/index.html | 2 +- tags/endonomdo/index.html | 2 +- tags/fhem/index.html | 2 +- tags/firewall/index.html | 2 +- tags/github/index.html | 2 +- tags/google/index.html | 2 +- tags/homeautomation/index.html | 2 +- tags/index.html | 2 +- tags/ipv6/index.html | 2 +- tags/kubernetes/index.html | 2 +- tags/letsencrypt/index.html | 2 +- tags/linux/index.html | 2 +- tags/macos/index.html | 2 +- tags/nginx/index.html | 2 +- tags/onedrive/index.html | 2 +- tags/openhab/index.html | 2 +- tags/proxy/index.html | 2 +- tags/raspberrypi/index.html | 2 +- tags/sonicwall/index.html | 2 +- tags/tool/index.html | 2 +- tags/wordpress/index.html | 2 +- 51 files changed, 50 insertions(+), 51 deletions(-) delete mode 100644 CNAME diff --git a/404.html b/404.html index 9ab8f67..4d16947 100644 --- a/404.html +++ b/404.html @@ -1,4 +1,4 @@ 404 Page not found | Virtualzone Blog
        404
        \ No newline at end of file + PaperMod         \ No newline at end of file diff --git a/CNAME b/CNAME deleted file mode 100644 index 828de51..0000000 --- a/CNAME +++ /dev/null @@ -1 +0,0 @@ -virtualzone.de \ No newline at end of file diff --git a/categories/index.html b/categories/index.html index c251acc..8c026cd 100644 --- a/categories/index.html +++ b/categories/index.html @@ -1,4 +1,4 @@ Categories | Virtualzone Blog

        Categories

          \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/contact/index.html b/contact/index.html index 0233fae..03ab9ad 100644 --- a/contact/index.html +++ b/contact/index.html @@ -20,4 +20,4 @@ Please read our privacy policy for information about how we protect your personal information.

          Website Impressum erstellt durch impressum-generator.de von der Kanzlei Hasselbach.

            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/index.html b/index.html index e3528b9..a482ff4 100644 --- a/index.html +++ b/index.html @@ -13,4 +13,4 @@ So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

            June 11, 2017 · 2 min · 370 words · Heiner
            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/page/2/index.html b/page/2/index.html index 5a05063..a0ab461 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -10,4 +10,4 @@ function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

            August 10, 2012 · 1 min · 162 words · Heiner
            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index 1cbd18a..2ec4b85 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -66,4 +66,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html index 800e55b..22a3c4e 100644 --- a/posts/encrypted-file-container-macos/index.html +++ b/posts/encrypted-file-container-macos/index.html @@ -3,4 +3,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html index a35662c..96a503f 100644 --- a/posts/endomono-export-gpx/index.html +++ b/posts/endomono-export-gpx/index.html @@ -17,4 +17,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html index 0bf10ab..35b9c9e 100644 --- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -13,4 +13,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html index 974b407..a8fc2f0 100644 --- a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html +++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -63,4 +63,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html index afc90d1..59b315a 100644 --- a/posts/https-ssl-in-wordpress-behind-proxy/index.html +++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html @@ -11,4 +11,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/index.html b/posts/index.html index e443ae4..b141fe3 100644 --- a/posts/index.html +++ b/posts/index.html @@ -10,4 +10,4 @@ So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

            June 11, 2017 · 2 min · 370 words · Heiner
            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html index 02b7a62..3f4f207 100644 --- a/posts/ipv6-on-a-sonicwall/index.html +++ b/posts/ipv6-on-a-sonicwall/index.html @@ -4,4 +4,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html index 72879ff..ba54b9f 100644 --- a/posts/jenkins-build-docker-images/index.html +++ b/posts/jenkins-build-docker-images/index.html @@ -24,4 +24,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html index 93207be..7c51d92 100644 --- a/posts/k3s-glusterfs/index.html +++ b/posts/k3s-glusterfs/index.html @@ -2,4 +2,4 @@
            Home » Posts

            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

            September 3, 2021 · 1 min · 118 words · Heiner

            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

            Read the tutorial in Hetzner’s Online Community.

            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html index 5696e69..079ef1c 100644 --- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html +++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -50,4 +50,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html index 5e5bddf..037812c 100644 --- a/posts/multi-arch-docker-images-1/index.html +++ b/posts/multi-arch-docker-images-1/index.html @@ -62,4 +62,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html index 9aed749..4a43e34 100644 --- a/posts/multi-arch-docker-images-2/index.html +++ b/posts/multi-arch-docker-images-2/index.html @@ -11,4 +11,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html index 4918cff..689eaf4 100644 --- a/posts/onedrive-upload-backup/index.html +++ b/posts/onedrive-upload-backup/index.html @@ -32,4 +32,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html index 50eaaf9..ed1246a 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -11,4 +11,4 @@ function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

            August 10, 2012 · 1 min · 162 words · Heiner
            \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html index 90d0f18..d95f13d 100644 --- a/posts/raspberry-pi-os-remove-packages/index.html +++ b/posts/raspberry-pi-os-remove-packages/index.html @@ -17,4 +17,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html index 1c33057..aee4e40 100644 --- a/posts/reduce-pdf-file-size-2/index.html +++ b/posts/reduce-pdf-file-size-2/index.html @@ -15,4 +15,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html index ac2665f..49a8eeb 100644 --- a/posts/reduce-pdf-file-size/index.html +++ b/posts/reduce-pdf-file-size/index.html @@ -11,4 +11,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html index 10db6a9..ca721cf 100644 --- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html +++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -51,4 +51,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html index 53118be..bc7a59b 100644 --- a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html +++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -44,4 +44,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html index ab8c030..bc686d6 100644 --- a/posts/uptime-robot-website-monitoring/index.html +++ b/posts/uptime-robot-website-monitoring/index.html @@ -3,4 +3,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html index 0cb0bf7..6442c82 100644 --- a/posts/usb-boot-raspberry-pi/index.html +++ b/posts/usb-boot-raspberry-pi/index.html @@ -15,4 +15,4 @@ \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/privacy-policy/index.html b/privacy-policy/index.html index ff54eb8..99e3399 100644 --- a/privacy-policy/index.html +++ b/privacy-policy/index.html @@ -8,4 +8,4 @@ Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
            Home

            Privacy Policy

            Heiner

            We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.

            Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

            Personal data stored

            The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

            Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

            If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

            The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

            Which personal data we store

            You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

            Where we store your data

            Our servers are located in Germany.

            Your rights according to General Data Protection Regulation (GDPR)

            According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

            • Right to have your data corrected (article 16 DSGVO)
            • Right to have your data deleted (article 17 DSGVO)
            • Right to limit the processing of your data (article 18 DSGVO)
            • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
            • Right to data portability (article 20 DSGVO)
            • Right to refuse (article 21 DSGVO)
            • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

            If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

            Where we send your data

            We will not share your data with third parties.

            TLS encryption using HTTPS

            In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

            Web Analytics

            For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

            Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/api/index.html b/tags/api/index.html index cc81ed5..7b5702e 100644 --- a/tags/api/index.html +++ b/tags/api/index.html @@ -4,4 +4,4 @@ function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

              August 10, 2012 · 1 min · 162 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/docker/index.html b/tags/docker/index.html index 91f62c7..9a31c13 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -10,4 +10,4 @@ Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

              August 28, 2016 · 1 min · 163 words · Heiner

              From FHEM to OpenHAB with Homegear: Installation/Docker container

              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

              August 28, 2016 · 6 min · 1084 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html index 9dfeb8a..c271d4f 100644 --- a/tags/endonomdo/index.html +++ b/tags/endonomdo/index.html @@ -3,4 +3,4 @@ Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....

              June 1, 2020 · 2 min · 323 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/fhem/index.html b/tags/fhem/index.html index 10a5341..b0740d9 100644 --- a/tags/fhem/index.html +++ b/tags/fhem/index.html @@ -2,4 +2,4 @@

              From FHEM to OpenHAB with Homegear: Installation/Docker container

              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

              August 28, 2016 · 6 min · 1084 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/firewall/index.html b/tags/firewall/index.html index 4f81e62..60e647d 100644 --- a/tags/firewall/index.html +++ b/tags/firewall/index.html @@ -2,4 +2,4 @@

              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

              November 20, 2014 · 2 min · 372 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/github/index.html b/tags/github/index.html index 37642d7..4311b61 100644 --- a/tags/github/index.html +++ b/tags/github/index.html @@ -3,4 +3,4 @@ By default, USG only allows for one IP address when dialing in via PPPoE....

              August 16, 2021 · 2 min · 353 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/google/index.html b/tags/google/index.html index 9d4564f..1d13d79 100644 --- a/tags/google/index.html +++ b/tags/google/index.html @@ -3,4 +3,4 @@ function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

              August 10, 2012 · 1 min · 162 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html index 4ab31c0..62914d2 100644 --- a/tags/homeautomation/index.html +++ b/tags/homeautomation/index.html @@ -2,4 +2,4 @@

              From FHEM to OpenHAB with Homegear: Installation/Docker container

              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

              August 28, 2016 · 6 min · 1084 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/index.html b/tags/index.html index 18e90c7..f5b862b 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,4 @@ Tags | Virtualzone Blog

              Tags

              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html index 3140e02..72b64fd 100644 --- a/tags/ipv6/index.html +++ b/tags/ipv6/index.html @@ -2,4 +2,4 @@

              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

              November 20, 2014 · 2 min · 372 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html index 5a1b566..3b61f45 100644 --- a/tags/kubernetes/index.html +++ b/tags/kubernetes/index.html @@ -2,4 +2,4 @@

              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

              September 3, 2021 · 1 min · 118 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html index 27803fa..b556241 100644 --- a/tags/letsencrypt/index.html +++ b/tags/letsencrypt/index.html @@ -4,4 +4,4 @@ version: '2' services: webfrontend: container_name: webfrontend [....

              February 11, 2017 · 2 min · 287 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/linux/index.html b/tags/linux/index.html index aaae9e7..5265147 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -5,4 +5,4 @@ /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

              November 21, 2012 · 1 min · 98 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/macos/index.html b/tags/macos/index.html index 752c3b6..add080a 100644 --- a/tags/macos/index.html +++ b/tags/macos/index.html @@ -7,4 +7,4 @@ /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

              November 21, 2012 · 1 min · 98 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/nginx/index.html b/tags/nginx/index.html index 500db00..14cf348 100644 --- a/tags/nginx/index.html +++ b/tags/nginx/index.html @@ -4,4 +4,4 @@ version: '2' services: webfrontend: container_name: webfrontend [....

              February 11, 2017 · 2 min · 287 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html index 9b2244a..ac22f20 100644 --- a/tags/onedrive/index.html +++ b/tags/onedrive/index.html @@ -3,4 +3,4 @@ By default, USG only allows for one IP address when dialing in via PPPoE....

              August 16, 2021 · 2 min · 353 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/openhab/index.html b/tags/openhab/index.html index 8a67b66..a897b5d 100644 --- a/tags/openhab/index.html +++ b/tags/openhab/index.html @@ -2,4 +2,4 @@

              From FHEM to OpenHAB with Homegear: Installation/Docker container

              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

              August 28, 2016 · 6 min · 1084 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/proxy/index.html b/tags/proxy/index.html index ea2cac1..ec15f4f 100644 --- a/tags/proxy/index.html +++ b/tags/proxy/index.html @@ -3,4 +3,4 @@ The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

              August 27, 2016 · 2 min · 255 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html index e37fb0b..9707b86 100644 --- a/tags/raspberrypi/index.html +++ b/tags/raspberrypi/index.html @@ -4,4 +4,4 @@ Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....

              May 28, 2020 · 2 min · 416 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html index 78284e7..0085b07 100644 --- a/tags/sonicwall/index.html +++ b/tags/sonicwall/index.html @@ -2,4 +2,4 @@

              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

              November 20, 2014 · 2 min · 372 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/tool/index.html b/tags/tool/index.html index 08380e0..fcebdf8 100644 --- a/tags/tool/index.html +++ b/tags/tool/index.html @@ -6,4 +6,4 @@ /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

              November 21, 2012 · 1 min · 98 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html index abdbc3e..49ad56f 100644 --- a/tags/wordpress/index.html +++ b/tags/wordpress/index.html @@ -3,4 +3,4 @@ The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

              August 27, 2016 · 2 min · 255 words · Heiner
              \ No newline at end of file + PaperMod \ No newline at end of file From 3a404c8477640a7c498379f55a8f405fffdd4432 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 5 Jun 2022 14:32:13 +0000 Subject: [PATCH 04/25] deploy: 3876eeca18ea866ea8c69a43910fd2754727e03f --- CNAME | 1 + 1 file changed, 1 insertion(+) create mode 100644 CNAME diff --git a/CNAME b/CNAME new file mode 100644 index 0000000..28bf5bf --- /dev/null +++ b/CNAME @@ -0,0 +1 @@ +virtualzone.de From cb7f80e740e486544e588cfbebb13552aa3fb3f7 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 5 Jun 2022 14:36:33 +0000 Subject: [PATCH 05/25] deploy: f38b07dc7e09f32e46c2889f0e193df62db4b8d7 --- 404.html | 2 +- ...c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css} | 2 +- categories/index.html | 2 +- contact/index.html | 2 +- index.html | 2 +- page/2/index.html | 2 +- .../index.html | 2 +- posts/encrypted-file-container-macos/index.html | 2 +- posts/endomono-export-gpx/index.html | 2 +- posts/fix-docker-not-using-etc-hosts-on-macos/index.html | 2 +- .../index.html | 2 +- posts/https-ssl-in-wordpress-behind-proxy/index.html | 2 +- posts/index.html | 2 +- posts/ipv6-on-a-sonicwall/index.html | 2 +- posts/jenkins-build-docker-images/index.html | 2 +- posts/k3s-glusterfs/index.html | 2 +- posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html | 2 +- posts/multi-arch-docker-images-1/index.html | 2 +- posts/multi-arch-docker-images-2/index.html | 2 +- posts/onedrive-upload-backup/index.html | 2 +- posts/page/2/index.html | 2 +- posts/raspberry-pi-os-remove-packages/index.html | 2 +- posts/reduce-pdf-file-size-2/index.html | 2 +- posts/reduce-pdf-file-size/index.html | 2 +- posts/traefik-access-log-influxdb-grafana-telegraf/index.html | 2 +- posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html | 2 +- posts/uptime-robot-website-monitoring/index.html | 2 +- posts/usb-boot-raspberry-pi/index.html | 2 +- privacy-policy/index.html | 2 +- tags/api/index.html | 2 +- tags/docker/index.html | 2 +- tags/endonomdo/index.html | 2 +- tags/fhem/index.html | 2 +- tags/firewall/index.html | 2 +- tags/github/index.html | 2 +- tags/google/index.html | 2 +- tags/homeautomation/index.html | 2 +- tags/index.html | 2 +- tags/ipv6/index.html | 2 +- tags/kubernetes/index.html | 2 +- tags/letsencrypt/index.html | 2 +- tags/linux/index.html | 2 +- tags/macos/index.html | 2 +- tags/nginx/index.html | 2 +- tags/onedrive/index.html | 2 +- tags/openhab/index.html | 2 +- tags/proxy/index.html | 2 +- tags/raspberrypi/index.html | 2 +- tags/sonicwall/index.html | 2 +- tags/tool/index.html | 2 +- tags/wordpress/index.html | 2 +- 51 files changed, 51 insertions(+), 51 deletions(-) rename assets/css/{stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css => stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css} (99%) diff --git a/404.html b/404.html index 4d16947..fe60d6a 100644 --- a/404.html +++ b/404.html @@ -1,4 +1,4 @@ -404 Page not found | Virtualzone Blog
              404
              © 2022 Heiner Beck. +404 Page not found | Virtualzone Blog
              404
              \ No newline at end of file diff --git a/assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css b/assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css similarity index 99% rename from assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css rename to assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css index b9179c2..f5b427a 100644 --- a/assets/css/stylesheet.04baf9e417763b21b2727e500b3f2aa60a43bc71d63f13634f08e4199263aaa2.css +++ b/assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css @@ -4,4 +4,4 @@ Copyright (c) 2020 nanxiaobei and adityatelange Copyright (c) 2021-2022 adityatelange */ -:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}#theme-toggle svg{height:18px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}.share-buttons a svg{height:30px;width:30px;fill:currentColor;transition:transform .1s}.share-buttons svg:active{transform:scale(.96)}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%;pointer-events:none}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.share-buttons svg:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}} \ No newline at end of file +:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}#theme-toggle svg{height:18px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}.share-buttons a svg{height:30px;width:30px;fill:currentColor;transition:transform .1s}.share-buttons svg:active{transform:scale(.96)}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%;pointer-events:none}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.share-buttons svg:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}} \ No newline at end of file diff --git a/categories/index.html b/categories/index.html index 8c026cd..49e124b 100644 --- a/categories/index.html +++ b/categories/index.html @@ -1,4 +1,4 @@ -Categories | Virtualzone Blog

              Categories

                © 2022 Heiner Beck. +Categories | Virtualzone Blog

                Categories

                  \ No newline at end of file diff --git a/contact/index.html b/contact/index.html index 03ab9ad..79cf831 100644 --- a/contact/index.html +++ b/contact/index.html @@ -3,7 +3,7 @@ 60431 Frankfurt am Main Germany Email: mail@virtualzone.de -Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws."> +Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws."> Virtualzone Blog
                  Seatsurfing

                  Seatsurfing

                  Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                  Visit seatsurfing.app +Virtualzone Blog
                  Seatsurfing

                  Seatsurfing

                  Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                  Visit seatsurfing.app

                  Compose Updater

                  Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                  GitHub Project

                  OneDrive Uploader

                  Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)

                  GitHub Project

                  USG Blacklist

                  Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                  GitHub Project diff --git a/page/2/index.html b/page/2/index.html index a0ab461..77045d9 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Virtualzone Blog

                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                  February 11, 2017 · 2 min · 287 words · Heiner

                  Creating an encrypted file container on macOS

                  Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                  December 6, 2016 · 2 min · 356 words · Heiner

                  UptimeRobot: A nice free website monitoring service

                  Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                  September 5, 2016 · 1 min · 120 words · Heiner

                  Fix Docker not using /etc/hosts on MacOS

                  On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index 2ec4b85..c50cbea 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -1,5 +1,5 @@ Determining a location’s federal state using Google Maps API | Virtualzone Blog +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">

                  Home » Posts

                  Determining a location’s federal state using Google Maps API

                  August 10, 2012 · 1 min · 162 words · Heiner

                  If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:

                  function log(s) {
diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html
index 22a3c4e..a59acd1 100644
--- a/posts/encrypted-file-container-macos/index.html
+++ b/posts/encrypted-file-container-macos/index.html
@@ -1,4 +1,4 @@
-Creating an encrypted file container on macOS | Virtualzone Blog
+Creating an encrypted file container on macOS | Virtualzone Blog
 
                  Home » Posts
                  Creating an encrypted file container on macOS
                  December 6, 2016 · 2 min · 356 words · Heiner
                  Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).
                  These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.
                  To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).
                  Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.
                  Choose an appropriate name for your image and select the following settings:
                  • Save as: The filename of your encrypted DMG file.
                  • Name: A name shown when your DMG file is mounted.
                  • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                  • Format: Choose “Mac OS Extended (Journaled)”.
                  • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                  • Partitions: Choose “Single Partition – Apple Partition Map”.
                  • Image Format: Choose “read/write disk image”.
                  Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).
                  © 2022 Heiner Beck.
 Powered by
diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html
index 96a503f..2f24036 100644
--- a/posts/endomono-export-gpx/index.html
+++ b/posts/endomono-export-gpx/index.html
@@ -1,5 +1,5 @@
 Export trainings from Endomondo as GPX files | Virtualzone Blog
+Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht.">
 
                  Home » Posts
                  Export trainings from Endomondo as GPX files
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
                  Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. Doch die Antwort ist erstmal nicht so toll: Man kann über die Endomondo-Website die Trainings jeweils einzeln als GXP-Datei exportieren.
                  Gut: GPX (GPS Exchange Format) ist ein Standard-Datei-Format zum Austausch von GPS-Koordinaten. Aus den Wegpunkten zusammen mit weiteren Metadaten (z.B. Datum, Sportart) kann jedes Deiner Trainings rekonstruiert werden.
                  Weniger gut: Ich habe mehr als 1.000 Trainings aus den letzten Jahren und wenig Motivation, mich einzeln durch diese hindurch zu klicken.
                  Im Modul-Repository für Node.JS, npmjs.com, gibt es jedoch das Modul endomondo-api-handler. Mit diesem ist mit wenig Aufwand das Suchen, Auswählen und Herunterladen von Trainings möglich:
                  await api.processWorkouts(filter, async (workout) => {
diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
index 35b9c9e..bda1426 100644
--- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
+++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
@@ -1,6 +1,6 @@
 Fix Docker not using /etc/hosts on MacOS | Virtualzone Blog
+Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
 From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
+From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
 
                  Home » Posts
                  From FHEM to OpenHAB with Homegear: Installation/Docker container
                  August 28, 2016 · 6 min · 1084 words · Heiner
                  For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.
                  If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.
                  OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.
                  To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.
                  Option 1: Using Docker Compose
                  There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.
                  1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                  2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                  3. Create a directory for your OpenHAB setup, such as:
                  mkdir -p /docker/containers/openhab
 
                  1. Create a docker-compose.yml file in this directory with the following content:
                  version: '2'
 services:
diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html
index 59b315a..5d56567 100644
--- a/posts/https-ssl-in-wordpress-behind-proxy/index.html
+++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html
@@ -1,5 +1,5 @@
 How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
 
                  Home » Posts
                  How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                  August 27, 2016 · 2 min · 255 words · Heiner
                  Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
                  The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.
                  This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:
                  Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:
                  proxy_set_header X-Forwarded-Host $host;
diff --git a/posts/index.html b/posts/index.html
index b141fe3..55d6cee 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,4 +1,4 @@
-Posts | Virtualzone Blog
                  Home
                  Posts
+Posts | Virtualzone Blog
                  Home
                  Posts
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
 Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html
index 3f4f207..7e120d7 100644
--- a/posts/ipv6-on-a-sonicwall/index.html
+++ b/posts/ipv6-on-a-sonicwall/index.html
@@ -1,4 +1,4 @@
-How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
+How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
 
                  Home » Posts
                  How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                  November 20, 2014 · 2 min · 372 words · Heiner
                  IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.
                  The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.
                  1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).
                  2. Go to Network -> Interfaces and select to view IPv6.
                  • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                  • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                  • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                  • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.
                  1. Go to Network -> Address Objects and select to view IPv6.
 Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.
                  2. Go to Network -> NAT Policies and select to view IPv6.
                  • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                  • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                  1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                  © 2022 Heiner Beck.
diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html
index ba54b9f..aee2367 100644
--- a/posts/jenkins-build-docker-images/index.html
+++ b/posts/jenkins-build-docker-images/index.html
@@ -1,5 +1,5 @@
 How to let Jenkins build Docker images | Virtualzone Blog
+So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
 
                  Home » Posts
                  How to let Jenkins build Docker images
                  June 11, 2017 · 2 min · 370 words · Heiner
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
                  So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.
                  To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:
                  FROM jenkins:alpine
diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html
index 7c51d92..96988ec 100644
--- a/posts/k3s-glusterfs/index.html
+++ b/posts/k3s-glusterfs/index.html
@@ -1,4 +1,4 @@
-Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
+Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
 
                  Home » Posts
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  September 3, 2021 · 1 min · 118 words · Heiner
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.
                  Read the tutorial in Hetzner’s Online Community.
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
index 079ef1c..0320af0 100644
--- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
+++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
@@ -1,6 +1,6 @@
 Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone Blog
+version: '2' services: webfrontend: container_name: webfrontend [.">
 Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
+Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
 
                  Home » Posts
                  Build Multi-Arch images on Docker Hub (Part 1)
                  May 15, 2020 · 3 min · 502 words · Heiner
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.
                  Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:
                  FROM amd64/alpine:3.11
 ...
 
                  Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.
                  Dockerfile.arm32v6 für ARM32V6:
                  FROM alpine:3.11 AS qemu
diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html
index 4a43e34..454ab6e 100644
--- a/posts/multi-arch-docker-images-2/index.html
+++ b/posts/multi-arch-docker-images-2/index.html
@@ -1,5 +1,5 @@
 Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">
 
                  Home » Posts
                  Build Multi-Arch images on Docker Hub (Part 2)
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
                  Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:
                  Einen automatisierten Build im Docker Hub konfigurieren.
diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html
index 689eaf4..29ec57e 100644
--- a/posts/onedrive-upload-backup/index.html
+++ b/posts/onedrive-upload-backup/index.html
@@ -1,4 +1,4 @@
-Back up server to OneDrive’s special App Folder | Virtualzone Blog
+Back up server to OneDrive’s special App Folder | Virtualzone Blog
 
                  Home » Posts
                  Back up server to OneDrive’s special App Folder
                  September 2, 2021 · 4 min · 682 words · Heiner
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.
                  Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.
                  I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.
                  To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:
                  1. Log in to the Microsoft Azure Portal.
                  2. Navigate to “App registrations”.
                  3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                  4. Copy the Application (client) ID.
                  5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                  6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                  • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                  • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read
                  Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.
                  You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:
                  curl -s -L https://git.io/JRie0 | bash
                  Now create a configuration file named config.json. Replace and :
                  {
     "client_id": "<client id from azure app>",
     "client_secret": "<client secret from azure app>",
diff --git a/posts/page/2/index.html b/posts/page/2/index.html
index ed1246a..c2205e4 100644
--- a/posts/page/2/index.html
+++ b/posts/page/2/index.html
@@ -1,4 +1,4 @@
-Posts | Virtualzone Blog
                  Home
                  Posts
+Posts | Virtualzone Blog
                  Home
                  Posts
 
                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                  February 11, 2017 · 2 min · 287 words · Heiner
                  Creating an encrypted file container on macOS
                  Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                  December 6, 2016 · 2 min · 356 words · Heiner
                  UptimeRobot: A nice free website monitoring service
                  Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                  September 5, 2016 · 1 min · 120 words · Heiner
                  Fix Docker not using /etc/hosts on MacOS
                  On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html
index d95f13d..c06f2ab 100644
--- a/posts/raspberry-pi-os-remove-packages/index.html
+++ b/posts/raspberry-pi-os-remove-packages/index.html
@@ -1,5 +1,5 @@
 Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
+Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.">
 
                  Home » Posts
                  Raspberry Pi OS: Remove unnecessary packages
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
                  Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.
                  Nach dem Start habe ich mit folgenden beiden Befehlen die für mich überflüssigen Desktop-Pakete deinstalliert:
                  sudo apt-get remove --purge \
diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html
index aee4e40..3f64a0b 100644
--- a/posts/reduce-pdf-file-size-2/index.html
+++ b/posts/reduce-pdf-file-size-2/index.html
@@ -1,5 +1,5 @@
 How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
 
                  Home » Posts
                  How to reduce PDF file size in Linux - Part 2
                  August 15, 2015 · 1 min · 75 words · Heiner
                  Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
                  gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html
index 49a8eeb..5509b0a 100644
--- a/posts/reduce-pdf-file-size/index.html
+++ b/posts/reduce-pdf-file-size/index.html
@@ -1,6 +1,6 @@
 How to reduce PDF file size in Linux | Virtualzone Blog
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
 Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog
+Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.">
 Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog
+By default, USG only allows for one IP address when dialing in via PPPoE.">
 
                  Home » Posts
                  Unifi USG: Multiple IP addresses on PPPoE
                  August 16, 2021 · 2 min · 353 words · Heiner
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
                  By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.
                  Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:
                  1. Create (or extend) a config.gateway.json file
                  Place a file named config.gateway.json in the following path of your Unifi Network controller:
                  /unifi/data/sites/default/
                  You might need to replace “default” with the correct label of the affected site.
                  2. Add DNAT and SNAT rules to the config.gateway.json file
                  In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.
                  {
diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html
index bc686d6..53d8228 100644
--- a/posts/uptime-robot-website-monitoring/index.html
+++ b/posts/uptime-robot-website-monitoring/index.html
@@ -1,4 +1,4 @@
-UptimeRobot: A nice free website monitoring service | Virtualzone Blog
+UptimeRobot: A nice free website monitoring service | Virtualzone Blog
 
                  Home » Posts
                  UptimeRobot: A nice free website monitoring service
                  September 5, 2016 · 1 min · 120 words · Heiner
                  Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).
                  I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.
                  © 2022 Heiner Beck.
 Powered by
diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html
index 6442c82..e487e9e 100644
--- a/posts/usb-boot-raspberry-pi/index.html
+++ b/posts/usb-boot-raspberry-pi/index.html
@@ -1,5 +1,5 @@
 Native USB boot for Raspberry Pi 4 | Virtualzone Blog
+Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten.">
 
                  Home » Posts
                  Native USB boot for Raspberry Pi 4
                  May 28, 2020 · 2 min · 416 words · Heiner
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
                  Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. Nur mit diesem lässt sich die notwendige Beta-Firmware auf den Pi flashen.
                  Raspberry OS 64 bit herunterladen
                  Die 64 bit Beta-Version von Raspberry OS findest Du derzeit verlinkt in einem Beitrag im offiziellen Forum. Lade die ZIP-Datei herunter. Installiere Dir außerdem den Raspberry Pi Imager. Ich habe diesen unter macOS mit Homebrew installiert:
                  brew cask install raspberry-pi-imager
diff --git a/privacy-policy/index.html b/privacy-policy/index.html
index 99e3399..6fe7ea8 100644
--- a/privacy-policy/index.html
+++ b/privacy-policy/index.html
@@ -1,6 +1,6 @@
 Privacy Policy | Virtualzone Blog
+Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
 api | Virtualzone Blog
                  Home » Tags
                  api
+api | Virtualzone Blog
                  Home » Tags
                  api
 
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
 Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Determining a location’s federal state using Google Maps API
                  If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                  August 10, 2012 · 1 min · 162 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 9a31c13..c877cf1 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,4 +1,4 @@
-docker | Virtualzone Blog
                  Home » Tags
                  docker
+docker | Virtualzone Blog
                  Home » Tags
                  docker
 
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
 In diesem Setup gibt es folgende wesentliche Elemente:
 Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html
index c271d4f..22be408 100644
--- a/tags/endonomdo/index.html
+++ b/tags/endonomdo/index.html
@@ -1,4 +1,4 @@
-endonomdo | Virtualzone Blog
                  Home » Tags
                  endonomdo
+endonomdo | Virtualzone Blog
                  Home » Tags
                  endonomdo
 
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
 Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/tags/fhem/index.html b/tags/fhem/index.html
index b0740d9..54a46ec 100644
--- a/tags/fhem/index.html
+++ b/tags/fhem/index.html
@@ -1,4 +1,4 @@
-fhem | Virtualzone Blog
                  Home » Tags
                  fhem
+fhem | Virtualzone Blog
                  Home » Tags
                  fhem
 
                  From FHEM to OpenHAB with Homegear: Installation/Docker container
                  For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                  August 28, 2016 · 6 min · 1084 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/firewall/index.html b/tags/firewall/index.html
index 60e647d..0c2466b 100644
--- a/tags/firewall/index.html
+++ b/tags/firewall/index.html
@@ -1,4 +1,4 @@
-firewall | Virtualzone Blog
                  Home » Tags
                  firewall
+firewall | Virtualzone Blog
                  Home » Tags
                  firewall
 
                  How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                  IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                  November 20, 2014 · 2 min · 372 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/github/index.html b/tags/github/index.html
index 4311b61..e650987 100644
--- a/tags/github/index.html
+++ b/tags/github/index.html
@@ -1,4 +1,4 @@
-github | Virtualzone Blog
                  Home » Tags
                  github
+github | Virtualzone Blog
                  Home » Tags
                  github
 
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/tags/google/index.html b/tags/google/index.html
index 1d13d79..bb8c5f2 100644
--- a/tags/google/index.html
+++ b/tags/google/index.html
@@ -1,4 +1,4 @@
-google | Virtualzone Blog
                  Home » Tags
                  google
+google | Virtualzone Blog
                  Home » Tags
                  google
 
                  Determining a location’s federal state using Google Maps API
                  If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                  August 10, 2012 · 1 min · 162 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html
index 62914d2..c4044a9 100644
--- a/tags/homeautomation/index.html
+++ b/tags/homeautomation/index.html
@@ -1,4 +1,4 @@
-homeautomation | Virtualzone Blog
                  Home » Tags
                  homeautomation
+homeautomation | Virtualzone Blog
                  Home » Tags
                  homeautomation
 
                  From FHEM to OpenHAB with Homegear: Installation/Docker container
                  For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                  August 28, 2016 · 6 min · 1084 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/index.html b/tags/index.html
index f5b862b..6670d86 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
-Tags | Virtualzone Blog
                  Tags
                  © 2022 Heiner Beck.
+Tags | Virtualzone Blog
                  Tags
                  
\ No newline at end of file
diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html
index 72b64fd..8048b2a 100644
--- a/tags/ipv6/index.html
+++ b/tags/ipv6/index.html
@@ -1,4 +1,4 @@
-ipv6 | Virtualzone Blog
                  Home » Tags
                  ipv6
+ipv6 | Virtualzone Blog
                  Home » Tags
                  ipv6
 
                  How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                  IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                  November 20, 2014 · 2 min · 372 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html
index 3b61f45..40b59ef 100644
--- a/tags/kubernetes/index.html
+++ b/tags/kubernetes/index.html
@@ -1,4 +1,4 @@
-kubernetes | Virtualzone Blog
                  Home » Tags
                  kubernetes
+kubernetes | Virtualzone Blog
                  Home » Tags
                  kubernetes
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html
index b556241..a6572d0 100644
--- a/tags/letsencrypt/index.html
+++ b/tags/letsencrypt/index.html
@@ -1,4 +1,4 @@
-letsencrypt | Virtualzone Blog
                  Home » Tags
                  letsencrypt
+letsencrypt | Virtualzone Blog
                  Home » Tags
                  letsencrypt
 
                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                  February 11, 2017 · 2 min · 287 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/tags/linux/index.html b/tags/linux/index.html
index 5265147..be78b26 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,4 +1,4 @@
-linux | Virtualzone Blog
                  Home » Tags
                  linux
+linux | Virtualzone Blog
                  Home » Tags
                  linux
 
                  How to reduce PDF file size in Linux - Part 2
                  Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                  August 15, 2015 · 1 min · 75 words · Heiner
                  How to reduce PDF file size in Linux
                  Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
diff --git a/tags/macos/index.html b/tags/macos/index.html
index add080a..99e59f2 100644
--- a/tags/macos/index.html
+++ b/tags/macos/index.html
@@ -1,4 +1,4 @@
-macos | Virtualzone Blog
                  Home » Tags
                  macos
+macos | Virtualzone Blog
                  Home » Tags
                  macos
 
                  Creating an encrypted file container on macOS
                  Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                  December 6, 2016 · 2 min · 356 words · Heiner
                  Fix Docker not using /etc/hosts on MacOS
                  On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                  August 28, 2016 · 1 min · 163 words · Heiner
                  How to reduce PDF file size in Linux - Part 2
                  Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
diff --git a/tags/nginx/index.html b/tags/nginx/index.html
index 14cf348..447186b 100644
--- a/tags/nginx/index.html
+++ b/tags/nginx/index.html
@@ -1,4 +1,4 @@
-nginx | Virtualzone Blog
                  Home » Tags
                  nginx
+nginx | Virtualzone Blog
                  Home » Tags
                  nginx
 
                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                  February 11, 2017 · 2 min · 287 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html
index ac22f20..8209a16 100644
--- a/tags/onedrive/index.html
+++ b/tags/onedrive/index.html
@@ -1,4 +1,4 @@
-onedrive | Virtualzone Blog
                  Home » Tags
                  onedrive
+onedrive | Virtualzone Blog
                  Home » Tags
                  onedrive
 
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/tags/openhab/index.html b/tags/openhab/index.html
index a897b5d..577fe77 100644
--- a/tags/openhab/index.html
+++ b/tags/openhab/index.html
@@ -1,4 +1,4 @@
-openhab | Virtualzone Blog
                  Home » Tags
                  openhab
+openhab | Virtualzone Blog
                  Home » Tags
                  openhab
 
                  From FHEM to OpenHAB with Homegear: Installation/Docker container
                  For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                  August 28, 2016 · 6 min · 1084 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/proxy/index.html b/tags/proxy/index.html
index ec15f4f..9574ae8 100644
--- a/tags/proxy/index.html
+++ b/tags/proxy/index.html
@@ -1,4 +1,4 @@
-proxy | Virtualzone Blog
                  Home » Tags
                  proxy
+proxy | Virtualzone Blog
                  Home » Tags
                  proxy
 
                  How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                  Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                  August 27, 2016 · 2 min · 255 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html
index 9707b86..d79e9c0 100644
--- a/tags/raspberrypi/index.html
+++ b/tags/raspberrypi/index.html
@@ -1,4 +1,4 @@
-raspberrypi | Virtualzone Blog
                  Home » Tags
                  raspberrypi
+raspberrypi | Virtualzone Blog
                  Home » Tags
                  raspberrypi
 
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
 Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
 Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....
                  May 28, 2020 · 2 min · 416 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html
index 0085b07..5e02749 100644
--- a/tags/sonicwall/index.html
+++ b/tags/sonicwall/index.html
@@ -1,4 +1,4 @@
-sonicwall | Virtualzone Blog
                  Home » Tags
                  sonicwall
+sonicwall | Virtualzone Blog
                  Home » Tags
                  sonicwall
 
                  How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                  IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                  November 20, 2014 · 2 min · 372 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/tool/index.html b/tags/tool/index.html
index fcebdf8..559124d 100644
--- a/tags/tool/index.html
+++ b/tags/tool/index.html
@@ -1,4 +1,4 @@
-tool | Virtualzone Blog
                  Home » Tags
                  tool
+tool | Virtualzone Blog
                  Home » Tags
                  tool
 
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  UptimeRobot: A nice free website monitoring service
                  Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                  September 5, 2016 · 1 min · 120 words · Heiner
                  How to reduce PDF file size in Linux - Part 2
                  Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                  August 15, 2015 · 1 min · 75 words · Heiner
                  How to reduce PDF file size in Linux
                  Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html
index 49ad56f..ae276cb 100644
--- a/tags/wordpress/index.html
+++ b/tags/wordpress/index.html
@@ -1,4 +1,4 @@
-wordpress | Virtualzone Blog
                  Home » Tags
                  wordpress
+wordpress | Virtualzone Blog
                  Home » Tags
                  wordpress
 
                  How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                  Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                  August 27, 2016 · 2 min · 255 words · Heiner
                  © 2022 Heiner Beck.
 Powered by

From 3dcd42b8610c598f44d6bc2e0e94f83eefc7208e Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Mon, 6 Jun 2022 05:33:34 +0000
Subject: [PATCH 06/25] deploy: a38994afdb2abac8e1342834fcf1b8e77c837e3c

---
 index.html                             |  5 ++---
 index.xml                              |  7 +++----
 posts/endomono-export-gpx/index.html   | 13 +++++--------
 posts/index.html                       |  5 ++---
 posts/index.xml                        |  7 +++----
 posts/usb-boot-raspberry-pi/index.html | 24 ++++++++++++------------
 tags/api/index.html                    |  3 +--
 tags/api/index.xml                     |  3 +--
 tags/endonomdo/index.html              |  3 +--
 tags/endonomdo/index.xml               |  3 +--
 tags/raspberrypi/index.html            |  4 ++--
 tags/raspberrypi/index.xml             |  4 ++--
 12 files changed, 35 insertions(+), 46 deletions(-)

diff --git a/index.html b/index.html
index 33035d3..f7c7c7d 100644
--- a/index.html
+++ b/index.html
@@ -6,9 +6,8 @@
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
 Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
 In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....
                  May 28, 2020 · 2 min · 416 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
+Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 1)
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                  May 15, 2020 · 3 min · 502 words · Heiner
                  How to let Jenkins build Docker images
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                  June 11, 2017 · 2 min · 370 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/index.xml b/index.xml
index 0566526..f86b79a 100644
--- a/index.xml
+++ b/index.xml
@@ -63,8 +63,7 @@ Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt di
       Mon, 01 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/endomono-export-gpx/
-      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht.
+      I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost.
     
     
     
@@ -73,8 +72,8 @@ Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu
       Thu, 28 May 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/usb-boot-raspberry-pi/
-      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten.
+      Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.
     
     
     
diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html
index 2f24036..4f50cf1 100644
--- a/posts/endomono-export-gpx/index.html
+++ b/posts/endomono-export-gpx/index.html
@@ -1,19 +1,16 @@
-Export trainings from Endomondo as GPX files | Virtualzone Blog
-
                  Home » Posts
                  Export trainings from Endomondo as GPX files
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
                  Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht. Doch die Antwort ist erstmal nicht so toll: Man kann über die Endomondo-Website die Trainings jeweils einzeln als GXP-Datei exportieren.
                  Gut: GPX (GPS Exchange Format) ist ein Standard-Datei-Format zum Austausch von GPS-Koordinaten. Aus den Wegpunkten zusammen mit weiteren Metadaten (z.B. Datum, Sportart) kann jedes Deiner Trainings rekonstruiert werden.
                  Weniger gut: Ich habe mehr als 1.000 Trainings aus den letzten Jahren und wenig Motivation, mich einzeln durch diese hindurch zu klicken.
                  Im Modul-Repository für Node.JS, npmjs.com, gibt es jedoch das Modul endomondo-api-handler. Mit diesem ist mit wenig Aufwand das Suchen, Auswählen und Herunterladen von Trainings möglich:
                  await api.processWorkouts(filter, async (workout) => {
+Export trainings from Endomondo as GPX files | Virtualzone Blog
+
                  Home » Posts
                  Export trainings from Endomondo as GPX files
                  June 1, 2020 · 2 min · 341 words · Heiner
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.
                  There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.
                  The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.
                  The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.
                  In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:
                  await api.processWorkouts(filter, async (workout) => {
   if (workout.hasGPSData()) {
     let filename = getFilename(workout);
     let gpx = await api.getWorkoutGpx(workout.getId());
     fs.writeFileSync(filename, gpx, 'utf8');
   }
 });
-
                  Ich habe das Ganze mit ein bisschen “Drumherum” in ein kleines Node.JS Programm gepackt, das Du in meinem GitHub-Account findest. Mit diesem kannst Du ganz einfach Deine Trainings als GPX aus Endomondo exportieren:
                  ./index.js --username=... --password=... --year=2019 --month=11 --dir=/home/john/trainings
-
                  Die Voraussetzung ist, dass Node.JS auf Deinem Computer installiert ist. Danach kannst Du mittels Git den Code aus meinem GitHub-Repository auschecken und den oben genannten Befehl zum Speichern Deiner Trainings ausführen:
                  git clone https://github.com/virtualzone/endomondo-exporter.git
+
                  I’ve used this module to create a little Node.JS tool which can be found on my GitHub account. You can use it to export all of a year’s trainings from Endonomdo:
                  ./index.js --username=... --password=... --year=2019 --month=11 --dir=/home/john/trainings
+
                  In order to use this tool, Node.JS must be installed on your computer. You can then check out the tool’s source code from my GitHub repository and run the following commands to make the tool ready to run:
                  git clone https://github.com/virtualzone/endomondo-exporter.git
 cd endomondo-exporter
 npm install
-
                  Der Import der GPX-Dateien bei Strava ist relativ einfach, da man bis zu 25 Dateien gleichzeitig hochladen kann. Scheinbar gibt es aber ein Rate-Limit – nach einigen Imports wurde mit einem Server Fehler geantwortet. Nach kurzer Wartezeit ging es dann aber jeweils wieder.
                  Importing GPX files to Strava is quite easy: You can upload 25 training files at once. There seems to be some rate limiting. I’ve received server errors after several imports. Waiting a few minutes solved that.
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/posts/index.html b/posts/index.html
index 55d6cee..8767a2a 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -3,9 +3,8 @@
 By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
 Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
 In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....
                  May 28, 2020 · 2 min · 416 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
+Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 1)
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                  May 15, 2020 · 3 min · 502 words · Heiner
                  How to let Jenkins build Docker images
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                  June 11, 2017 · 2 min · 370 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
diff --git a/posts/index.xml b/posts/index.xml
index 2c1c586..d803b8c 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -63,8 +63,7 @@ Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt di
       Mon, 01 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/endomono-export-gpx/
-      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht.
+      I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost.
     
     
     
@@ -73,8 +72,8 @@ Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu
       Thu, 28 May 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/usb-boot-raspberry-pi/
-      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten.
+      Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.
     
     
     
diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html
index e487e9e..17c75c9 100644
--- a/posts/usb-boot-raspberry-pi/index.html
+++ b/posts/usb-boot-raspberry-pi/index.html
@@ -1,17 +1,17 @@
-Native USB boot for Raspberry Pi 4 | Virtualzone Blog
-
                  Home » Posts
                  Native USB boot for Raspberry Pi 4
                  May 28, 2020 · 2 min · 416 words · Heiner
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
                  Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten. Nur mit diesem lässt sich die notwendige Beta-Firmware auf den Pi flashen.
                  Raspberry OS 64 bit herunterladen
                  Die 64 bit Beta-Version von Raspberry OS findest Du derzeit verlinkt in einem Beitrag im offiziellen Forum. Lade die ZIP-Datei herunter. Installiere Dir außerdem den Raspberry Pi Imager. Ich habe diesen unter macOS mit Homebrew installiert:
                  brew cask install raspberry-pi-imager
-
                  SD-Karte mit Raspberry OS vorbereiten
                  Hinweis: Dieser Schritt ist nur notwendig, wenn Dein Raspberry Pi 4 noch nicht mit Raspbian oder Raspberry OS läuft! Wir brauchen Raspberry OS, um die Firmware des Raspberry Pi zu aktualisieren.
                  Öffne dazu den Raspberry Pi Imager und flashe das heruntergeladene Image auf eine ausreichend große SD-Karte.
                  Starte danach Deinen Pi von der SD-Karte mit dem Raspberry OS.
                  EEPROM flashen
                  Das EEPROM (electrically erasable programmable read-only memory) ist die Firmware Deines Raspberry Pi – sozusagen das Basis-System.
                  Das Changelog zum Raspberry Pi EEPROM findest Du auf GitHub. Die Beta-Versionen ab dem 15.05.2020 enthalten die notwendige Funktion, um Deinen Raspberry Pi 4 vollständig von einem USB-Laufwerk zu starten – beispielsweise von einer SSD.
                  Installiere zunächst in Raspberry OS das notwendige Update-Tool:
                  sudo apt update
+Native USB boot for Raspberry Pi 4 | Virtualzone Blog
+
                  Home » Posts
                  Native USB boot for Raspberry Pi 4
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
                  To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.
                  Download Raspberry OS 64 bit
                  You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:
                  brew cask install raspberry-pi-imager
+
                  Prepare an SD card with Raspberry OS
                  Note: This step is only required if your Raspberry Pi is now running Raspbian or Raspberry OS! We need Raspberry OS to flash the new firmware.
                  Open Raspberry Pi Imager and flash the downloaded image to an SD card.
                  Afterwards, boot your Pi from this new SD card.
                  Flash EEPROM
                  EEPROM (electrically erasable programmable read-only memory) is your Raspberry Pi’s firmware – sort of a basic system.
                  You can find the changelog for the Raspberry Pi EEPROM on GitHub. The beta versions as of May 15th 2020 contain the required functionalities to boot from a USB drive – i.e. an SSD.
                  Install the required update tool on your Pi:
                  sudo apt update
 sudo apt upgrade
 sudo apt install rpi-eeprom
-
                  Um die Beta-Firmware (auf eigene Verantwortung!) auf Deinen Pi zu flashen, wechsle innerhalb des gestarteten Raspberry OS zunächst auf den Beta-Channel, indem Du die folgende Datei editierst:
                  sudo nano /etc/default/rpi-eeprom-update
-
                  Ändere die Zeile FIRMWARE_RELEASE_STATUS=”critical” auf:
                  FIRMWARE_RELEASE_STATUS="beta"
-
                  Nun aktualisiere die Firmware durch Ausführung des folgenden Kommandos, gefolgt von einem Reboot:
                  sudo rpi-eeprom-update -a
-
                  Nach dem Neustart sollte der folgende Befehl die Installation der aktuellen Beta-Firmware bestätigen:
                  sudo rpi-eeprom-update
-
                  Alternativ kann eine bestimmte EEPROM-Version auch direkt installiert werden, indem Du sie aus GitHub herunterlädst und dann folgenden Befehl ausführst:
                  sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin
-
                  SSD für den USB-Boot vorbereiten
                  Um nun von einem USB-Laufwerk (bspw. SSD, externe Festplatte oder USB-Stick) booten zu können, verwende den oben erwähnten Raspberry Pi Imager, um das Raspberry OS auf Dein USB-Laufwerk zu schreiben.
                  Verbinde das USB-Laufwerk anschließend mit Deinem RPi 4, entferne die SD-Karte und starte ihn. Dein Raspberry Pi 4 sollte nun von USB starten – ohne SD-Karten-Workaround.
                  To flash the beta firmware (at your own risk!), switch to the beta channel by modifying the following file:
                  sudo nano /etc/default/rpi-eeprom-update
+
                  Change the line FIRMWARE_RELEASE_STATUS=”critical” to:
                  FIRMWARE_RELEASE_STATUS="beta"
+
                  Upgrade the firmware and reboot:
                  sudo rpi-eeprom-update -a
+
                  After the reboot, the following command should state that the new beta firmware has been installed:
                  sudo rpi-eeprom-update
+
                  Alternatively, you can flash the new EEPROM version by downloading it from the GitHub repository and run the following command:
                  sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin
+
                  Prepare an SSD for USB boot
                  To make your Raspberry Pi boot from an USB drive (such as an SSD, an external hard drive or an USB thumb drive), use the Raspberry Pi Imager to write Raspberry Pi OS to your USB drive.
                  Finally, connect the USB drive to your Raspberry Pi 4, remove the SD card, and connect the power cord. Watch your Pi boot from USB - without any SD Card workaround.
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/api/index.html b/tags/api/index.html
index f49a318..b8ad3d8 100644
--- a/tags/api/index.html
+++ b/tags/api/index.html
@@ -1,6 +1,5 @@
 api | Virtualzone Blog
                  Home » Tags
                  api
-
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  Determining a location’s federal state using Google Maps API
                  If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
+
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Determining a location’s federal state using Google Maps API
                  If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                  August 10, 2012 · 1 min · 162 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/api/index.xml b/tags/api/index.xml
index fcf5f96..4fb2e81 100644
--- a/tags/api/index.xml
+++ b/tags/api/index.xml
@@ -14,8 +14,7 @@
       Mon, 01 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/endomono-export-gpx/
-      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht.
+      I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost.
     
     
     
diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html
index 22be408..093c53e 100644
--- a/tags/endonomdo/index.html
+++ b/tags/endonomdo/index.html
@@ -1,6 +1,5 @@
 endonomdo | Virtualzone Blog
                  Home » Tags
                  endonomdo
-
                  Export trainings from Endomondo as GPX files
                  Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht....
                  June 1, 2020 · 2 min · 323 words · Heiner
                  © 2022 Heiner Beck.
+
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  
\ No newline at end of file
diff --git a/tags/endonomdo/index.xml b/tags/endonomdo/index.xml
index 55252b0..49648ee 100644
--- a/tags/endonomdo/index.xml
+++ b/tags/endonomdo/index.xml
@@ -14,8 +14,7 @@
       Mon, 01 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/endomono-export-gpx/
-      Seit etlichen Jahren zeichne ich meine Trainings mit Endomondo auf. Doch seit ca. einem Jahr gibt es mit Website und App immer mehr Probleme: Mal funktioniert das Einloggen nicht, mal werden die Trainings nicht synchronisiert. Bei mir war es Zeit für eine neue App – ich habe mich für Strava entschieden. Mit ein wenig Code oder meinem fertigem Programm kannst Du alle Deine Trainings als GPX aus Endomondo exportieren.
-Auf der Strava-Website gibt es einen Artikel zur Frage, wie man von Endomondo zu Strava umzieht.
+      I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost.
     
     
   
diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html
index d79e9c0..cf1185a 100644
--- a/tags/raspberrypi/index.html
+++ b/tags/raspberrypi/index.html
@@ -1,7 +1,7 @@
 raspberrypi | Virtualzone Blog
                  Home » Tags
                  raspberrypi
 
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten....
                  May 28, 2020 · 2 min · 416 words · Heiner
                  © 2022 Heiner Beck.
+Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  
\ No newline at end of file
diff --git a/tags/raspberrypi/index.xml b/tags/raspberrypi/index.xml
index cef5958..05c4255 100644
--- a/tags/raspberrypi/index.xml
+++ b/tags/raspberrypi/index.xml
@@ -24,8 +24,8 @@ Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspbe
       Thu, 28 May 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/usb-boot-raspberry-pi/
-      Darauf habe sicher nicht nur ich gewartet: Endlich kann der Raspberry Pi 4 von USB-Laufwerken starten! Und das ganz ohne die weit verbreiteten Workarounds, bei denen noch eine SD-Karte als primäres Boot-Medium benötigt wurde. Möglich macht es eine neuen Firmware, ein sogenanntes EEPROM. Und nebenbei gibt es auch eine 64 bit Beta-Version von Raspberry OS, ehemals Raspbian.
-Zunächst musst Du dazu Deinen Raspberry Pi mit einem Raspbian bzw. Raspberry OS booten.
+      Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.
     
     
   

From abc1322409a9958efdfae53cc33798695478bd10 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Mon, 6 Jun 2022 06:00:07 +0000
Subject: [PATCH 07/25] deploy: 6fc7c97a6a452e6059ad0f00fe05a882bb34d47f

---
 index.html                                       | 3 +--
 index.xml                                        | 3 +--
 posts/index.html                                 | 3 +--
 posts/index.xml                                  | 3 +--
 posts/raspberry-pi-os-remove-packages/index.html | 7 ++-----
 tags/raspberrypi/index.html                      | 3 +--
 tags/raspberrypi/index.xml                       | 3 +--
 7 files changed, 8 insertions(+), 17 deletions(-)

diff --git a/index.html b/index.html
index f7c7c7d..e0da1f4 100644
--- a/index.html
+++ b/index.html
@@ -3,8 +3,7 @@
 
                  OneDrive Uploader
                  Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                  GitHub Project
 
                  USG Blacklist
                  Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                  GitHub Project
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
-By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
+By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
 In diesem Setup gibt es folgende wesentliche Elemente:
 Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
diff --git a/index.xml b/index.xml
index f86b79a..c31f855 100644
--- a/index.xml
+++ b/index.xml
@@ -42,8 +42,7 @@ By default, USG only allows for one IP address when dialing in via PPPoE.Sun, 07 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/raspberry-pi-os-remove-packages/
-      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.
+      Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
     
     
     
diff --git a/posts/index.html b/posts/index.html
index 8767a2a..ea63d02 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,7 +1,6 @@
 Posts | Virtualzone Blog
                  Home
                  Posts
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
-By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
+By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
 In diesem Setup gibt es folgende wesentliche Elemente:
 Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
diff --git a/posts/index.xml b/posts/index.xml
index d803b8c..78e1157 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -42,8 +42,7 @@ By default, USG only allows for one IP address when dialing in via PPPoE.Sun, 07 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/raspberry-pi-os-remove-packages/
-      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.
+      Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
     
     
     
diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html
index c06f2ab..022d900 100644
--- a/posts/raspberry-pi-os-remove-packages/index.html
+++ b/posts/raspberry-pi-os-remove-packages/index.html
@@ -1,8 +1,5 @@
-Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
-
                  Home » Posts
                  Raspberry Pi OS: Remove unnecessary packages
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
                  Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.
                  Nach dem Start habe ich mit folgenden beiden Befehlen die für mich überflüssigen Desktop-Pakete deinstalliert:
                  sudo apt-get remove --purge \
+Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
+
                  Home » Posts
                  Raspberry Pi OS: Remove unnecessary packages
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
                  You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.
                  Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:
                  sudo apt-get remove --purge \
     x11-* \
     gnome-* \
     desktop-base \
diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html
index cf1185a..53926fc 100644
--- a/tags/raspberrypi/index.html
+++ b/tags/raspberrypi/index.html
@@ -1,6 +1,5 @@
 raspberrypi | Virtualzone Blog
                  Home » Tags
                  raspberrypi
-
                  Raspberry Pi OS: Remove unnecessary packages
                  Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager....
                  June 7, 2020 · 1 min · 126 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/raspberrypi/index.xml b/tags/raspberrypi/index.xml
index 05c4255..fa29a9f 100644
--- a/tags/raspberrypi/index.xml
+++ b/tags/raspberrypi/index.xml
@@ -14,8 +14,7 @@
       Sun, 07 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/raspberry-pi-os-remove-packages/
-      Kürzlich schrieb ich darüber, dass es eine erste 64 bit Beta-Version von Raspberry Pi OS (ehemals Raspbian) gibt. Diese gibt es bislang leider nur in der Desktop-Variante und noch nicht als Lite-Version. Mit zwei Befehlen kannst Du jedoch ganz leicht die – sofern Du sie nicht benötigst – überflüssigen Desktop-Pakete deinstallieren.
-Die Beta von Raspberry Pi OS 64 bit kannst Du im Download-Verzeichnis der Raspberry Pi Seite herunterladen. Auf eine SD-Karte oder SSD bekommst Du das heruntergeladene Image am einfachsten mit dem Raspberry Pi Imager.
+      Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
     
     
     

From c469a3bc20373fd191f8661e8769ddba36697003 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Mon, 6 Jun 2022 08:03:05 +0000
Subject: [PATCH 08/25] deploy: 5fab018abf46b292a1280ff781a4a2c5b8686e17

---
 index.html                                    |  6 +++---
 index.xml                                     |  6 +++---
 posts/index.html                              |  6 +++---
 posts/index.xml                               |  6 +++---
 .../index.html                                | 20 +++++++++----------
 tags/docker/index.html                        |  6 +++---
 tags/docker/index.xml                         |  6 +++---
 7 files changed, 28 insertions(+), 28 deletions(-)

diff --git a/index.html b/index.html
index e0da1f4..83d5572 100644
--- a/index.html
+++ b/index.html
@@ -3,9 +3,9 @@
 
                  OneDrive Uploader
                  Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                  GitHub Project
 
                  USG Blacklist
                  Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                  GitHub Project
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
-By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                  June 3, 2020 · 2 min · 373 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 1)
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                  May 15, 2020 · 3 min · 502 words · Heiner
                  How to let Jenkins build Docker images
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                  June 11, 2017 · 2 min · 370 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/index.xml b/index.xml
index c31f855..64c0318 100644
--- a/index.xml
+++ b/index.xml
@@ -51,9 +51,9 @@ By default, USG only allows for one IP address when dialing in via PPPoE.Wed, 03 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/
-      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.
+      Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin.
     
     
     
diff --git a/posts/index.html b/posts/index.html
index ea63d02..de01440 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,8 +1,8 @@
 Posts | Virtualzone Blog
                  Home
                  Posts
 
                  Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                  I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                  September 3, 2021 · 1 min · 118 words · Heiner
                  Back up server to OneDrive’s special App Folder
                  I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                  September 2, 2021 · 4 min · 682 words · Heiner
                  Unifi USG: Multiple IP addresses on PPPoE
                  My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
-By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+By default, USG only allows for one IP address when dialing in via PPPoE....
                  August 16, 2021 · 2 min · 353 words · Heiner
                  Raspberry Pi OS: Remove unnecessary packages
                  Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                  June 7, 2020 · 1 min · 161 words · Heiner
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                  June 3, 2020 · 2 min · 373 words · Heiner
                  Export trainings from Endomondo as GPX files
                  I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                  June 1, 2020 · 2 min · 341 words · Heiner
                  Native USB boot for Raspberry Pi 4
                  Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                  May 28, 2020 · 2 min · 404 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 1)
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                  May 15, 2020 · 3 min · 502 words · Heiner
                  How to let Jenkins build Docker images
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                  June 11, 2017 · 2 min · 370 words · Heiner
                  © 2022 Heiner Beck.
diff --git a/posts/index.xml b/posts/index.xml
index 78e1157..15af720 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -51,9 +51,9 @@ By default, USG only allows for one IP address when dialing in via PPPoE.Wed, 03 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/
-      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.
+      Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin.
     
     
     
diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
index 4b52fdd..a286c20 100644
--- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
+++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
@@ -1,11 +1,11 @@
-Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog
-
                  Home » Posts
                  Analyze Traefik access log using InfluxDB and Grafana
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
                  In diesem Setup gibt es folgende wesentliche Elemente:
                  • Traefik v2 läuft als Docker Container auf einem Linux Host.
                  • Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.
                  • Telegraf holt die JSON-Ausgaben vom Traefik-Container mit dem docker_log Input-Plugin ab.
                  • Um mit dem JSON-Output in der InfluxDB bzw. in Grafana etwas anfangen zu können, wandle ich sie mit dem Parser-Processor-Plugin von Telegraf in eigenständige Felder um. Das ist notwendig, da ansonsten nur die numerischen Werte als Metriken übernommen werden – die String-Werte werden standardmäßig verworfen.
                  • Mit dem Telegraf-Output-Plugin “influxdb” werden die Daten dann in die InfluxDB geschrieben.
                  Traefik konfigurieren
                  Die traefik.yml beinhaltet dazu folgende Konfiguration:
                  accessLog:
+Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog
+
                  Home » Posts
                  Analyze Traefik access log using InfluxDB and Grafana
                  June 3, 2020 · 2 min · 373 words · Heiner
                  Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
                  This setup contains the following elements:
                  • Traefik v2 runs as a Docker container on a Linux host.
                  • Traefik outputs access logs in JSON format to STDOUT.
                  • Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.
                  • To work with the JSON output in InfluxDB and Grafana, we need to convert them using Telegraf’s parser preprocessor plugin into distinct fields. Otherwise, only numeric fields are kept as metric values. String values are discarded by default.
                  • We’re using Telegraf’s output plugin “influxdb” to write them to InfluxDB.
                  Configure Traefik
                  traefik.yml contains the following settings:
                  accessLog:
   format: json
   fields:
     headers:
@@ -13,7 +13,7 @@
       names:
           User-Agent: keep
           Content-Type: keep
-
                  Damit werden die Accesslogs im JSON-Format rausgeschrieben. JSON hat den Vorteil, dass es maschinell leichter weiterverarbeitet werden kann – wir müssen also nicht mit GROK-Patterns oder dergleichen hantieren. Außerdem werden die Request-Header zwar verworfen (“drop”), aber die Header “User-Agent” und “Content-Type” werden beibehalten.
                  Telegraf konfigurieren
                  Die telegraf.conf habe ich folgendermaßen eingerichtet:
                  [[inputs.docker_log]]
+
                  This makes Traefik output access logs in JSON format. JSON can easily be processed by machines – so we don’t have to deal with GROK patterns or such workarounds. Furthermore, request headers get dropped, but the “User-Agent” und “Content-Type” are kept.
                  Configure Telegraf
                  My telegraf.conf looks like this:
                  [[inputs.docker_log]]
     endpoint = "unix:///var/run/docker.sock"
     from_beginning = false
     container_name_include = ["traefik_traefik_1"]
@@ -47,7 +47,7 @@
     database = "telegraf"
     username = "telegraf"
     password = "..."
-
                  Wichtige Einstellungen sind hier:
                  • container_name_include gibt an, von welcher Container-Instanz die Logs eingesammelt werden sollen. In diesem Fall die Traefik-Instanz.
                  • parse_fields gibt an, welches Intput-Feld verarbeitet werden soll – in diesem Fall das Feld “message”.
                  • json_string_fields gibt an, welche Werte aus dem eingelesenen JSON-Objekt als String-Felder in die InfluxDB geschrieben werden sollen. Lässt man das weg, werden alle nicht-numerischen Felder verworfen.
                  • json_time_key und die anderen json_time-Einstellungen geben an, aus welchem JSON-Key und mit welchem Format die Logs den Zeitstempel für die Logs-Einträge beinhalten.
                  • Im Output-Plugin musst Du dann noch die Verbindung zur InfluxDB korrekt konfigurieren.
                  Das ganze soll als Beispiel dienen. Beachte bei der Speicherung, Auswertung und Verwendung der Access Logs bitte die geltenden Gesetze – in der EU bspw. die DSGVO und ggfls. weitere.
                  Important settings are:
                  • container_name_include specifies from which container instance the logs are collected. It’s our Traefik instance.
                  • parse_fields specifies which input field is to be processed. It’s the field “message”.
                  • json_string_fields specifies which values from the read JSON object are to be written to InfluxDB as string fields. If not specified, all non-numeric fields are dropped.
                  • json_time_key and the other json_time settings specify in which JSON keys and in which date-time format the timestamps for our log entries are contained.
                  • The output plugin needs to be configured so that Telegraf can connect to the InfluxDB.
                  This is just meant to be an example. Please mind applicable law when storing, processing and using the access logs – such as GDPR in the European Union.
                  © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/docker/index.html b/tags/docker/index.html
index c877cf1..95b0f99 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,7 +1,7 @@
 docker | Virtualzone Blog
                  Home » Tags
                  docker
-
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT....
                  June 3, 2020 · 2 min · 397 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
+
                  Analyze Traefik access log using InfluxDB and Grafana
                  Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                  June 3, 2020 · 2 min · 373 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 2)
                  Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                  May 16, 2020 · 3 min · 443 words · Heiner
                  Build Multi-Arch images on Docker Hub (Part 1)
                  Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                  May 15, 2020 · 3 min · 502 words · Heiner
                  How to let Jenkins build Docker images
                  If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                  June 11, 2017 · 2 min · 370 words · Heiner
                  Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                  I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
diff --git a/tags/docker/index.xml b/tags/docker/index.xml
index e182fb6..58e19c1 100644
--- a/tags/docker/index.xml
+++ b/tags/docker/index.xml
@@ -14,9 +14,9 @@
       Wed, 03 Jun 2020 11:30:03 +0000
       
       https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/
-      Traefik ist ein im Docker- und Kubernetes-Umfeld häufig eingesetzter Cloud Native Edge Router. Mit wenig Aufwand lassen sich die Zugriffslogs (Access Logs) von Traefik mittels Telegraf automatisch in eine InfluxDB überführen, um sie mit Hilfe von Grafana auszuwerten. In diesem Artikel zeige ich Dir, wie es geht.
-In diesem Setup gibt es folgende wesentliche Elemente:
-Traefik v2 läuft als Docker Container auf einem Linux Host. Traefik schreibt die Accesslogs im JSON-Format nach STDOUT.
+      Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana.
+This setup contains the following elements:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin.
     
     
     

From 4b035f7ae9f3ca288b37bb5fc4985f26238a497f Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sun, 19 Jun 2022 16:08:35 +0000
Subject: [PATCH 09/25] deploy: 62c77230abe0c303b7afa515a27cfdf135592c2d

---
 404.html                                      |  4 +-
 categories/index.html                         |  4 +-
 contact/index.html                            |  4 +-
 index.html                                    | 10 ++--
 index.xml                                     | 12 ++++-
 page/2/index.html                             |  9 ++--
 page/3/index.html                             |  5 ++
 posts/alpine-docker-rootless/index.html       | 49 +++++++++++++++++++
 .../index.html                                |  4 +-
 .../encrypted-file-container-macos/index.html |  4 +-
 posts/endomono-export-gpx/index.html          |  4 +-
 .../index.html                                |  4 +-
 .../index.html                                |  4 +-
 .../index.html                                |  4 +-
 posts/index.html                              | 10 ++--
 posts/index.xml                               | 12 ++++-
 posts/ipv6-on-a-sonicwall/index.html          |  4 +-
 posts/jenkins-build-docker-images/index.html  |  4 +-
 posts/k3s-glusterfs/index.html                |  5 +-
 .../index.html                                |  4 +-
 posts/multi-arch-docker-images-1/index.html   |  4 +-
 posts/multi-arch-docker-images-2/index.html   |  4 +-
 posts/onedrive-upload-backup/index.html       |  4 +-
 posts/page/2/index.html                       | 11 +++--
 posts/page/3/index.html                       |  6 +++
 .../index.html                                |  4 +-
 posts/reduce-pdf-file-size-2/index.html       |  4 +-
 posts/reduce-pdf-file-size/index.html         |  4 +-
 .../index.html                                |  4 +-
 .../index.html                                |  4 +-
 .../index.html                                |  4 +-
 posts/usb-boot-raspberry-pi/index.html        |  4 +-
 privacy-policy/index.html                     |  4 +-
 sitemap.xml                                   | 27 +++++-----
 tags/api/index.html                           |  4 +-
 tags/docker/index.html                        |  7 +--
 tags/docker/index.xml                         | 12 ++++-
 tags/endonomdo/index.html                     |  4 +-
 tags/fhem/index.html                          |  4 +-
 tags/firewall/index.html                      |  4 +-
 tags/github/index.html                        |  4 +-
 tags/google/index.html                        |  4 +-
 tags/homeautomation/index.html                |  4 +-
 tags/index.html                               |  4 +-
 tags/index.xml                                | 38 +++++++-------
 tags/ipv6/index.html                          |  4 +-
 tags/kubernetes/index.html                    |  4 +-
 tags/letsencrypt/index.html                   |  4 +-
 tags/linux/index.html                         |  7 +--
 tags/linux/index.xml                          | 12 ++++-
 tags/macos/index.html                         |  4 +-
 tags/nginx/index.html                         |  4 +-
 tags/onedrive/index.html                      |  4 +-
 tags/openhab/index.html                       |  4 +-
 tags/proxy/index.html                         |  4 +-
 tags/raspberrypi/index.html                   |  4 +-
 tags/sonicwall/index.html                     |  4 +-
 tags/tool/index.html                          |  4 +-
 tags/wordpress/index.html                     |  4 +-
 59 files changed, 256 insertions(+), 148 deletions(-)
 create mode 100644 page/3/index.html
 create mode 100644 posts/alpine-docker-rootless/index.html
 create mode 100644 posts/page/3/index.html

diff --git a/404.html b/404.html
index fe60d6a..497fac6 100644
--- a/404.html
+++ b/404.html
@@ -1,4 +1,4 @@
-404 Page not found | Virtualzone Blog
                  404
                  © 2022 Heiner Beck.
+404 Page not found | Virtualzone Blog
                  404
                  
\ No newline at end of file
+        PaperMod
                  
\ No newline at end of file
diff --git a/categories/index.html b/categories/index.html
index 49e124b..9a80f23 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -1,4 +1,4 @@
-Categories | Virtualzone Blog
                  Categories
                    © 2022 Heiner Beck.
+Categories | Virtualzone Blog
                    Categories
                      
\ No newline at end of file
+        PaperMod
                      
\ No newline at end of file
diff --git a/contact/index.html b/contact/index.html
index 79cf831..41f5847 100644
--- a/contact/index.html
+++ b/contact/index.html
@@ -14,10 +14,10 @@
 60431 Frankfurt am Main
 Germany
 Email: mail@virtualzone.de
-Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">
                      Home
                      Contact
                      Heiner
                      Heiner Beck
                      Wilhelm-Busch-Str. 59
                      60431 Frankfurt am Main
                      Germany
                      Email: mail@virtualzone.de
                      Limitation of liability for internal content
                      The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.
                      Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.
                      The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.
                      Data protection
                      Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval.
+Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">
                      Home
                      Contact
                      Heiner
                      Heiner Beck
                      Wilhelm-Busch-Str. 59
                      60431 Frankfurt am Main
                      Germany
                      Email: mail@virtualzone.de
                      Limitation of liability for internal content
                      The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.
                      Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.
                      The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.
                      Data protection
                      Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval.
 Please note that communicating via the internet (such as communication by email) may be harmed by security flaws. A complete protection of data from the access through third parties is not possible.
 We contradict the usage of the contact information published on this website for promotional purposes.
 Please read our privacy policy for information about how we protect your personal information.
                      Website Impressum erstellt durch impressum-generator.de von der Kanzlei Hasselbach.
                        
\ No newline at end of file
+        PaperMod
                        
\ No newline at end of file
diff --git a/index.html b/index.html
index 83d5572..c817bc5 100644
--- a/index.html
+++ b/index.html
@@ -1,14 +1,14 @@
-Virtualzone Blog
                        Seatsurfing
                        Seatsurfing
                        Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                        Visit seatsurfing.app
+Virtualzone Blog
                        Seatsurfing
                        Seatsurfing
                        Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                        Visit seatsurfing.app
 
                        Compose Updater
                        Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                        GitHub Project
 
                        OneDrive Uploader
                        Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                        GitHub Project
 
                        USG Blacklist
                        Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                        GitHub Project
-
                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                        September 3, 2021 · 1 min · 118 words · Heiner
                        Back up server to OneDrive’s special App Folder
                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                        September 2, 2021 · 4 min · 682 words · Heiner
                        Unifi USG: Multiple IP addresses on PPPoE
                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
+

                        Setting up Alpine Linux with Rootless Docker

                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                        June 19, 2022 · 3 min · 447 words · Heiner

                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                        September 3, 2021 · 1 min · 118 words · Heiner

                        Back up server to OneDrive’s special App Folder

                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                        September 2, 2021 · 4 min · 682 words · Heiner

                        Unifi USG: Multiple IP addresses on PPPoE

                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                        August 16, 2021 · 2 min · 353 words · Heiner

                        Raspberry Pi OS: Remove unnecessary packages

                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                        June 7, 2020 · 1 min · 161 words · Heiner

                        Analyze Traefik access log using InfluxDB and Grafana

                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                        June 3, 2020 · 2 min · 373 words · Heiner

                        Export trainings from Endomondo as GPX files

                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                        June 1, 2020 · 2 min · 341 words · Heiner

                        Native USB boot for Raspberry Pi 4

                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                        May 28, 2020 · 2 min · 404 words · Heiner

                        Build Multi-Arch images on Docker Hub (Part 2)

                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. -Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                        May 16, 2020 · 3 min · 443 words · Heiner

                        Build Multi-Arch images on Docker Hub (Part 1)

                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                        May 15, 2020 · 3 min · 502 words · Heiner

                        How to let Jenkins build Docker images

                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. -So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                        June 11, 2017 · 2 min · 370 words · Heiner
                        © 2022 Heiner Beck. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                        May 16, 2020 · 3 min · 443 words · Heiner

                        Build Multi-Arch images on Docker Hub (Part 1)

                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                        May 15, 2020 · 3 min · 502 words · Heiner
                        \ No newline at end of file + PaperMod
                        \ No newline at end of file diff --git a/index.xml b/index.xml index 64c0318..1dfd312 100644 --- a/index.xml +++ b/index.xml @@ -7,7 +7,17 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Fri, 03 Sep 2021 11:30:03 +0000 + Sun, 19 Jun 2022 15:00:00 +0000 + + Setting up Alpine Linux with Rootless Docker + https://virtualzone.de/posts/alpine-docker-rootless/ + Sun, 19 Jun 2022 15:00:00 +0000 + + https://virtualzone.de/posts/alpine-docker-rootless/ + As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux. + + Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing https://virtualzone.de/posts/k3s-glusterfs/ diff --git a/page/2/index.html b/page/2/index.html index 77045d9..b5eb44a 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,4 +1,5 @@ -Virtualzone Blog

                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Virtualzone Blog

                        How to let Jenkins build Docker images

                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                        June 11, 2017 · 2 min · 370 words · Heiner

                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                        February 11, 2017 · 2 min · 287 words · Heiner

                        Creating an encrypted file container on macOS

                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                        December 6, 2016 · 2 min · 356 words · Heiner

                        UptimeRobot: A nice free website monitoring service

                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                        September 5, 2016 · 1 min · 120 words · Heiner

                        Fix Docker not using /etc/hosts on MacOS

                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: @@ -6,8 +7,8 @@ The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                        August 27, 2016 · 2 min · 255 words · Heiner

                        How to reduce PDF file size in Linux - Part 2

                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                        August 15, 2015 · 1 min · 75 words · Heiner

                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                        November 20, 2014 · 2 min · 372 words · Heiner

                        How to reduce PDF file size in Linux

                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                        November 21, 2012 · 1 min · 98 words · Heiner

                        Determining a location’s federal state using Google Maps API

                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                        August 10, 2012 · 1 min · 162 words · Heiner
                        © 2022 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                        November 21, 2012 · 1 min · 98 words · Heiner
                        \ No newline at end of file + PaperMod
                        \ No newline at end of file diff --git a/page/3/index.html b/page/3/index.html new file mode 100644 index 0000000..d8f530d --- /dev/null +++ b/page/3/index.html @@ -0,0 +1,5 @@ +Virtualzone Blog

                        Determining a location’s federal state using Google Maps API

                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                        August 10, 2012 · 1 min · 162 words · Heiner
                        \ No newline at end of file diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html new file mode 100644 index 0000000..6f8d9b2 --- /dev/null +++ b/posts/alpine-docker-rootless/index.html @@ -0,0 +1,49 @@ +Setting up Alpine Linux with Rootless Docker | Virtualzone Blog +
                        Home » Posts

                        Setting up Alpine Linux with Rootless Docker

                        June 19, 2022 · 3 min · 447 words · Heiner

                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.

                        However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.

                        Download and install Alpine

                        First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                        1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                        2. Boot system from ISO and run:
                          # setup-alpine
+
                        3. Reboot and install the nano edit:
                          # apk add nano
+
                        4. Enable community repository in the following file:
                          # nano /etc/apk/repositories
+
                        5. Update the index of available package:
                          # apk update
+

                        Add a user and allow her to use doas

                        If you did not create a regular user account during the installation, it’s time to do it now:

                        1. Install doas:
                          # apk add doas
+
                        2. Create user and add it to the wheel group in order to use root privileges:
                          # adduser <USER> wheel
+
                        3. Allow users in group wheel to use doas by editing the file /etc/doas.d/doas.conf and adding the following line:
                          permit persist :wheel
+
                        4. Log out and log in to the new account.

                        Install Docker Rootless

                        1. Install newuidmap, newgidmap, fuse-overlayfs and iproute2 tools, all required by Rootless Docker:
                          # apk add shadow-uidmap fuse-overlayfs iproute2
+
                        2. Enable cgroups v2 by editing /etc/rc.conf and setting rc_cgroup_mode to unified.
                        3. Enable the cgroups service:
                          # rc-update add cgroups && rc-service cgroups start
+
                        4. Allow your user to access Podman in rootless mode:
                          # modprobe tun
+# echo tun >>/etc/modules
+# echo <USER>:100000:65536 >/etc/subuid
+# echo <USER>:100000:65536 >/etc/subgid
+
                        5. Install Docker and Docker Compose v2:
                          # apk add docker docker-cli-compose
+
                        6. Allow Docker access for your user:
                          # addgroup <USER> docker
+
                        7. Enable the iptables module:
                          # echo "ip_tables" >> /etc/modules
+# modprobe ip_tables
+
                        8. Install Docker rootless:
                          $ curl -fsSL https://get.docker.com/rootless | sh
+
                        9. Create an init script in /etc/init.d/docker-rootless:
                          #!/sbin/openrc-run
+
+name=$RC_SVCNAME
+description="Docker Application Container Engine (Rootless)"
+supervisor="supervise-daemon"
+command="/home/<USER>/bin/dockerd-rootless.sh"
+command_args=""
+command_user="<USER>"
+supervise_daemon_args=" -e PATH=\"/home/<USER>/bin:/sbin:/usr/sbin:$PATH\" -e HOME=\"/home/<USER>\" -e XDG_RUNTIME_DIR=\"/home/<USER>/.docker/run\""
+
+reload() {
+    ebegin "Reloading $RC_SVCNAME"
+    /bin/kill -s HUP \$MAINPID
+    eend $?
+}
+
                        10. Make the created init script executable, add it to the default runlevel and start it:
                          # chmod +x /etc/init.d/docker-rootless
+# rc-update add docker-rootless
+# rc-service docker-rootless start
+
                        11. Create a .profile file in your home directory with the following contents:
                          export XDG_RUNTIME_DIR="$HOME/.docker/run"
+export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/docker.sock
+export PATH="/home/<USER>/bin:/sbin:/usr/sbin:$PATH"
+
                        12. Log out and log in again.
                        13. Check if Docker Rootless works:
                          $ docker ps
+$ docker run --rm hello-world
+
                        \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index c50cbea..301984b 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -2,7 +2,7 @@ function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">
                        Home » Posts

                        Determining a location’s federal state using Google Maps API

                        August 10, 2012 · 1 min · 162 words · Heiner

                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:

                        function log(s) {
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">
                        Home » Posts
                        Determining a location’s federal state using Google Maps API
                        August 10, 2012 · 1 min · 162 words · Heiner
                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
                        function log(s) {
     $('#sysout').append(document.createTextNode(s + 'n'));
 }
 
@@ -66,4 +66,4 @@
 
                        
\ No newline at end of file
+        PaperMod
                        \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html index a59acd1..b917b18 100644 --- a/posts/encrypted-file-container-macos/index.html +++ b/posts/encrypted-file-container-macos/index.html @@ -1,6 +1,6 @@ Creating an encrypted file container on macOS | Virtualzone Blog -
                        Home » Posts

                        Creating an encrypted file container on macOS

                        December 6, 2016 · 2 min · 356 words · Heiner

                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

                        These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

                        To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

                        Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

                        Choose an appropriate name for your image and select the following settings:

                        • Save as: The filename of your encrypted DMG file.
                        • Name: A name shown when your DMG file is mounted.
                        • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                        • Format: Choose “Mac OS Extended (Journaled)”.
                        • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                        • Partitions: Choose “Single Partition – Apple Partition Map”.
                        • Image Format: Choose “read/write disk image”.

                        Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

                        \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html index 4f50cf1..ff52e59 100644 --- a/posts/endomono-export-gpx/index.html +++ b/posts/endomono-export-gpx/index.html @@ -1,5 +1,5 @@ Export trainings from Endomondo as GPX files | Virtualzone Blog -
                        Home » Posts

                        Export trainings from Endomondo as GPX files

                        June 1, 2020 · 2 min · 341 words · Heiner

                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.

                        There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.

                        The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.

                        The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.

                        In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:

                        await api.processWorkouts(filter, async (workout) => {
+
                        Home » Posts
                        Export trainings from Endomondo as GPX files
                        June 1, 2020 · 2 min · 341 words · Heiner
                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.
                        There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.
                        The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.
                        The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.
                        In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:
                        await api.processWorkouts(filter, async (workout) => {
   if (workout.hasGPSData()) {
     let filename = getFilename(workout);
     let gpx = await api.getWorkoutGpx(workout.getId());
@@ -14,4 +14,4 @@
                        \ No newline at end of file + PaperMod \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html index bda1426..6e93824 100644 --- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -5,7 +5,7 @@ When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
                        Home » Posts

                        Fix Docker not using /etc/hosts on MacOS

                        August 28, 2016 · 1 min · 163 words · Heiner

                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.

                        When I executed “docker push” for example, this resulted in “no such hosts” errors:

                        Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host
+Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
                        Home » Posts
                        Fix Docker not using /etc/hosts on MacOS
                        August 28, 2016 · 1 min · 163 words · Heiner
                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
                        When I executed “docker push” for example, this resulted in “no such hosts” errors:
                        Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host
 
                        On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. To fix it, get into the running Docker Host:
                        screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
 
                        This took a while on my machine, I needed to press Ctrl+C for the login prompt to show up. Log in with “root” (no password required).
                        Edit the /etc/hosts file in the Docker Host using vi:
                        vi /etc/hosts
 
                        Note: Insert after pressing “i”, save by pressing Escape and then type “:wq” .
                        Restart the Docker Daemon with:
                        service docker restart
@@ -13,4 +13,4 @@
 
                        
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html
index e6ee3f3..b1285d0 100644
--- a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html
+++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html
@@ -1,5 +1,5 @@
 From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
-
                        Home » Posts
                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                        August 28, 2016 · 6 min · 1084 words · Heiner
                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.
                        If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.
                        OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.
                        To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.
                        Option 1: Using Docker Compose
                        There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.
                        1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                        2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                        3. Create a directory for your OpenHAB setup, such as:
                        mkdir -p /docker/containers/openhab
+
                        Home » Posts
                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                        August 28, 2016 · 6 min · 1084 words · Heiner
                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.
                        If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.
                        OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.
                        To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.
                        Option 1: Using Docker Compose
                        There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.
                        1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                        2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                        3. Create a directory for your OpenHAB setup, such as:
                        mkdir -p /docker/containers/openhab
 
                        1. Create a docker-compose.yml file in this directory with the following content:
                        version: '2'
 services:
   openhab:
@@ -63,4 +63,4 @@
 
                        
\ No newline at end of file
+        PaperMod                        
\ No newline at end of file
diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html
index 5d56567..8d1ed4e 100644
--- a/posts/https-ssl-in-wordpress-behind-proxy/index.html
+++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html
@@ -2,7 +2,7 @@
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
 
                        Home » Posts
                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                        August 27, 2016 · 2 min · 255 words · Heiner
                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
                        The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.
                        This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:
                        Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:
                        proxy_set_header X-Forwarded-Host $host;
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
                        Home » Posts
                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                        August 27, 2016 · 2 min · 255 words · Heiner
                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
                        The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.
                        This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:
                        Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:
                        proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;
@@ -11,4 +11,4 @@
 
                        
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/posts/index.html b/posts/index.html
index de01440..e7da394 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,11 +1,11 @@
-Posts | Virtualzone Blog
                        Home
                        Posts
-
                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                        September 3, 2021 · 1 min · 118 words · Heiner
                        Back up server to OneDrive’s special App Folder
                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                        September 2, 2021 · 4 min · 682 words · Heiner
                        Unifi USG: Multiple IP addresses on PPPoE
                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
+Posts | Virtualzone Blog
                        Home
                        Posts
+
                        Setting up Alpine Linux with Rootless Docker
                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                        June 19, 2022 · 3 min · 447 words · Heiner
                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                        September 3, 2021 · 1 min · 118 words · Heiner
                        Back up server to OneDrive’s special App Folder
                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                        September 2, 2021 · 4 min · 682 words · Heiner
                        Unifi USG: Multiple IP addresses on PPPoE
                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                        August 16, 2021 · 2 min · 353 words · Heiner
                        Raspberry Pi OS: Remove unnecessary packages
                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                        June 7, 2020 · 1 min · 161 words · Heiner
                        Analyze Traefik access log using InfluxDB and Grafana
                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                        June 3, 2020 · 2 min · 373 words · Heiner
                        Export trainings from Endomondo as GPX files
                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                        June 1, 2020 · 2 min · 341 words · Heiner
                        Native USB boot for Raspberry Pi 4
                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                        May 28, 2020 · 2 min · 404 words · Heiner
                        Build Multi-Arch images on Docker Hub (Part 2)
                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
-Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                        May 16, 2020 · 3 min · 443 words · Heiner
                        Build Multi-Arch images on Docker Hub (Part 1)
                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                        May 15, 2020 · 3 min · 502 words · Heiner
                        How to let Jenkins build Docker images
                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
-So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                        June 11, 2017 · 2 min · 370 words · Heiner
                        © 2022 Heiner Beck.
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                        May 16, 2020 · 3 min · 443 words · Heiner
                        Build Multi-Arch images on Docker Hub (Part 1)
                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                        May 15, 2020 · 3 min · 502 words · Heiner
                        
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/posts/index.xml b/posts/index.xml
index 15af720..d96179a 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Fri, 03 Sep 2021 11:30:03 +0000
+    Sun, 19 Jun 2022 15:00:00 +0000
+    
+      Setting up Alpine Linux with Rootless Docker
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      Sun, 19 Jun 2022 15:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
+    
+    
     
       Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
       https://virtualzone.de/posts/k3s-glusterfs/
diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html
index 7e120d7..600ad57 100644
--- a/posts/ipv6-on-a-sonicwall/index.html
+++ b/posts/ipv6-on-a-sonicwall/index.html
@@ -1,7 +1,7 @@
 How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
-
                        Home » Posts
                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                        November 20, 2014 · 2 min · 372 words · Heiner
                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.
                        The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.
                        1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).
                        2. Go to Network -> Interfaces and select to view IPv6.
                        • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                        • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                        • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                        • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.
                        1. Go to Network -> Address Objects and select to view IPv6.
+
                          Home » Posts
                          How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                          November 20, 2014 · 2 min · 372 words · Heiner
                          IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.
                          The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.
                          1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).
                          2. Go to Network -> Interfaces and select to view IPv6.
                          • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                          • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                          • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                          • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.
                          1. Go to Network -> Address Objects and select to view IPv6.
 Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.
                          2. Go to Network -> NAT Policies and select to view IPv6.
                          • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                          • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                          1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                          
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html
index aee2367..774af52 100644
--- a/posts/jenkins-build-docker-images/index.html
+++ b/posts/jenkins-build-docker-images/index.html
@@ -2,7 +2,7 @@
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
 
                          Home » Posts
                          How to let Jenkins build Docker images
                          June 11, 2017 · 2 min · 370 words · Heiner
                          If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
                          So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.
                          To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:
                          FROM jenkins:alpine
+So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
                          Home » Posts
                          How to let Jenkins build Docker images
                          June 11, 2017 · 2 min · 370 words · Heiner
                          If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
                          So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.
                          To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:
                          FROM jenkins:alpine
 USER root
 RUN apk update && \
     apk add docker sudo
@@ -24,4 +24,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html
index 96988ec..00dfb1a 100644
--- a/posts/k3s-glusterfs/index.html
+++ b/posts/k3s-glusterfs/index.html
@@ -1,5 +1,6 @@
 Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
-
                          Home » Posts
                          Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                          September 3, 2021 · 1 min · 118 words · Heiner
                          I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.
                          Read the tutorial in Hetzner’s Online Community.
                          © 2022 Heiner Beck.
+
                          Home » Posts
                          Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                          September 3, 2021 · 1 min · 118 words · Heiner
                          I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.
                          Read the tutorial in Hetzner’s Online Community.
                          
\ No newline at end of file
+        PaperMod
                          
\ No newline at end of file
diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
index 0320af0..6478773 100644
--- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
+++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
@@ -5,7 +5,7 @@
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [.">
                          Home » Posts
                          Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                          February 11, 2017 · 2 min · 287 words · Heiner
                          I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
                          First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
                          version: '2'
+version: '2' services: webfrontend: container_name: webfrontend [.">
                          Home » Posts
                          Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                          February 11, 2017 · 2 min · 287 words · Heiner
                          I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
                          First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
                          version: '2'
 services:
   webfrontend:
     container_name: webfrontend
@@ -50,4 +50,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html
index 26341e5..b87125b 100644
--- a/posts/multi-arch-docker-images-1/index.html
+++ b/posts/multi-arch-docker-images-1/index.html
@@ -1,5 +1,5 @@
 Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
-
                          Home » Posts
                          Build Multi-Arch images on Docker Hub (Part 1)
                          May 15, 2020 · 3 min · 502 words · Heiner
                          Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.
                          Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:
                          FROM amd64/alpine:3.11
+
                          Home » Posts
                          Build Multi-Arch images on Docker Hub (Part 1)
                          May 15, 2020 · 3 min · 502 words · Heiner
                          Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.
                          Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:
                          FROM amd64/alpine:3.11
 ...
 
                          Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.
                          Dockerfile.arm32v6 für ARM32V6:
                          FROM alpine:3.11 AS qemu
 RUN apk --update add --no-cache curl
@@ -62,4 +62,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html
index 454ab6e..4260f82 100644
--- a/posts/multi-arch-docker-images-2/index.html
+++ b/posts/multi-arch-docker-images-2/index.html
@@ -2,7 +2,7 @@
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">
 
                          Home » Posts
                          Build Multi-Arch images on Docker Hub (Part 2)
                          May 16, 2020 · 3 min · 443 words · Heiner
                          Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
                          Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:
                          Einen automatisierten Build im Docker Hub konfigurieren.
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">
                          Home » Posts
                          Build Multi-Arch images on Docker Hub (Part 2)
                          May 16, 2020 · 3 min · 443 words · Heiner
                          Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
                          Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:
                          Einen automatisierten Build im Docker Hub konfigurieren.
 Dort könnt Ihr dann die Build-Konfiguration vornehmen. Zunächst muss angegeben werden, aus Source-Repository gebaut werden soll:
                          Bei der Konfiguration muss zunächst das Sourcecode-Repository angegeben werden.
 Anschließend legt Ihr fünf Build Rules an, nämlich eine ohne Angabe eines Architektur-Tags (in meinem Fall “latest”) und vier weitere je Zielarchitektur. Vier deshalb, weil wir in diesem Beispiel für AMD64, ARM32V6, ARM32V7 und ARM64V8 bauen. Solltet Ihr für andere Zielarchitekturen bauen wollen, benötigt Ihr natürlich mehr oder weniger Build Rules:
                          Die passenden Build Rules für die vier Zielarchitekturen.
 Der Trick ist, dass das “ungetaggte” Image alle anderen Architektur-Images zugeordnet bekommt. Dadurch kann ein Anwender, der “docker run” oder “docker pull” auf Euer Image durchführt, das für seine Architektur passende Image automatisch laden, ohne explizit die Plattform nennen zu müssen. Ein Mac zieht somit das AMD64-Image, während ein Raspbian das ARM32V7-Image lädt und ein Raspberry Pi 4 mit 64bit-Ubuntu das ARM64V8 Image. Alles ohne weiteres zutun.
                          Das war es dann auch schon mit der Konfiguration. Ein Klick auf “Save and Build” stellt die ausstehenden Builds (hier fünf an der Zahl) in die Warteschlange. Meiner Erfahrung nach kann es auf der Docker Hub Infrastruktur auch für einfache Images durchaus ein paar Stunden dauern, bis alle Images gebaut wurden. Was schon erledigt ist und was noch aussteht, könnt Ihr unter “Recent Builds” verfolgen.
                          Die Recent Builds geben Auskunft über die noch ausstehenden und schon erfolgten Automated Builds.
@@ -11,4 +11,4 @@
 
                          
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html
index 29ec57e..4bcf305 100644
--- a/posts/onedrive-upload-backup/index.html
+++ b/posts/onedrive-upload-backup/index.html
@@ -1,5 +1,5 @@
 Back up server to OneDrive’s special App Folder | Virtualzone Blog
-
                          Home » Posts
                          Back up server to OneDrive’s special App Folder
                          September 2, 2021 · 4 min · 682 words · Heiner
                          I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.
                          Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.
                          I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.
                          To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:
                          1. Log in to the Microsoft Azure Portal.
                          2. Navigate to “App registrations”.
                          3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                          4. Copy the Application (client) ID.
                          5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                          6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                          • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                          • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read
                          Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.
                          You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:
                          curl -s -L https://git.io/JRie0 | bash
                          Now create a configuration file named config.json. Replace and :
                          {
+
                          Home » Posts
                          Back up server to OneDrive’s special App Folder
                          September 2, 2021 · 4 min · 682 words · Heiner
                          I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.
                          Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.
                          I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.
                          To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:
                          1. Log in to the Microsoft Azure Portal.
                          2. Navigate to “App registrations”.
                          3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                          4. Copy the Application (client) ID.
                          5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                          6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                          • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                          • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read
                          Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.
                          You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:
                          curl -s -L https://git.io/JRie0 | bash
                          Now create a configuration file named config.json. Replace and :
                          {
     "client_id": "<client id from azure app>",
     "client_secret": "<client secret from azure app>",
     "scopes": [
@@ -32,4 +32,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/page/2/index.html b/posts/page/2/index.html
index c2205e4..dd0e236 100644
--- a/posts/page/2/index.html
+++ b/posts/page/2/index.html
@@ -1,5 +1,6 @@
-Posts | Virtualzone Blog
                          Home
                          Posts
-
                          Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                          I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
+Posts | Virtualzone Blog
                          Home
                          Posts
+
                          How to let Jenkins build Docker images
                          If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
+So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                          June 11, 2017 · 2 min · 370 words · Heiner
                          Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                          I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                          February 11, 2017 · 2 min · 287 words · Heiner
                          Creating an encrypted file container on macOS
                          Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                          December 6, 2016 · 2 min · 356 words · Heiner
                          UptimeRobot: A nice free website monitoring service
                          Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                          September 5, 2016 · 1 min · 120 words · Heiner
                          Fix Docker not using /etc/hosts on MacOS
                          On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
@@ -7,8 +8,8 @@
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                          August 27, 2016 · 2 min · 255 words · Heiner
                          How to reduce PDF file size in Linux - Part 2
                          Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                          August 15, 2015 · 1 min · 75 words · Heiner
                          How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                          IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                          November 20, 2014 · 2 min · 372 words · Heiner
                          How to reduce PDF file size in Linux
                          Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
-/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                          November 21, 2012 · 1 min · 98 words · Heiner
                          Determining a location’s federal state using Google Maps API
                          If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
-function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                          August 10, 2012 · 1 min · 162 words · Heiner
                          © 2022 Heiner Beck.
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                          November 21, 2012 · 1 min · 98 words · Heiner
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/page/3/index.html b/posts/page/3/index.html
new file mode 100644
index 0000000..3409aa4
--- /dev/null
+++ b/posts/page/3/index.html
@@ -0,0 +1,6 @@
+Posts | Virtualzone Blog
                          Home
                          Posts
+
                          Determining a location’s federal state using Google Maps API
                          If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                          August 10, 2012 · 1 min · 162 words · Heiner
                          
\ No newline at end of file
diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html
index 022d900..b88591e 100644
--- a/posts/raspberry-pi-os-remove-packages/index.html
+++ b/posts/raspberry-pi-os-remove-packages/index.html
@@ -1,5 +1,5 @@
 Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
-
                          Home » Posts
                          Raspberry Pi OS: Remove unnecessary packages
                          June 7, 2020 · 1 min · 161 words · Heiner
                          Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
                          You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.
                          Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:
                          sudo apt-get remove --purge \
+
                          Home » Posts
                          Raspberry Pi OS: Remove unnecessary packages
                          June 7, 2020 · 1 min · 161 words · Heiner
                          Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
                          You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.
                          Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:
                          sudo apt-get remove --purge \
     x11-* \
     gnome-* \
     desktop-base \
@@ -14,4 +14,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html
index 3f64a0b..f3a55ce 100644
--- a/posts/reduce-pdf-file-size-2/index.html
+++ b/posts/reduce-pdf-file-size-2/index.html
@@ -2,7 +2,7 @@
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
 
                          Home » Posts
                          How to reduce PDF file size in Linux - Part 2
                          August 15, 2015 · 1 min · 75 words · Heiner
                          Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
                          gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
                          Home » Posts
                          How to reduce PDF file size in Linux - Part 2
                          August 15, 2015 · 1 min · 75 words · Heiner
                          Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
                          gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
 -dDownsampleColorImages=true \
 -dDownsampleGrayImages=true \
 -dDownsampleMonoImages=true \
@@ -15,4 +15,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html
index 5509b0a..03a6593 100644
--- a/posts/reduce-pdf-file-size/index.html
+++ b/posts/reduce-pdf-file-size/index.html
@@ -5,10 +5,10 @@
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
                          Home » Posts
                          How to reduce PDF file size in Linux
                          November 21, 2012 · 1 min · 98 words · Heiner
                          Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
                          gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
                          Home » Posts
                          How to reduce PDF file size in Linux
                          November 21, 2012 · 1 min · 98 words · Heiner
                          Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
                          gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf
 
                          You can also use the following parameters for -dPDFSETTINGS instead of /screen:
                          • /screen – Lowest quality, lowest size
                          • /ebook – Moderate quality
                          • /printer – Good quality
                          • /prepress – Best quality, highest size
                          Update: Read Part 2 of this blog post for more detailled file size reduction settings.
                          Hint: This also works on MacOS. Just install GhostScript using Homebrew:
                          brew install ghostscript
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
index a286c20..c694fd0 100644
--- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
+++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html
@@ -5,7 +5,7 @@
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.">
                          Home » Posts
                          Analyze Traefik access log using InfluxDB and Grafana
                          June 3, 2020 · 2 min · 373 words · Heiner
                          Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
                          This setup contains the following elements:
                          • Traefik v2 runs as a Docker container on a Linux host.
                          • Traefik outputs access logs in JSON format to STDOUT.
                          • Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.
                          • To work with the JSON output in InfluxDB and Grafana, we need to convert them using Telegraf’s parser preprocessor plugin into distinct fields. Otherwise, only numeric fields are kept as metric values. String values are discarded by default.
                          • We’re using Telegraf’s output plugin “influxdb” to write them to InfluxDB.
                          Configure Traefik
                          traefik.yml contains the following settings:
                          accessLog:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.">
                          Home » Posts
                          Analyze Traefik access log using InfluxDB and Grafana
                          June 3, 2020 · 2 min · 373 words · Heiner
                          Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
                          This setup contains the following elements:
                          • Traefik v2 runs as a Docker container on a Linux host.
                          • Traefik outputs access logs in JSON format to STDOUT.
                          • Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.
                          • To work with the JSON output in InfluxDB and Grafana, we need to convert them using Telegraf’s parser preprocessor plugin into distinct fields. Otherwise, only numeric fields are kept as metric values. String values are discarded by default.
                          • We’re using Telegraf’s output plugin “influxdb” to write them to InfluxDB.
                          Configure Traefik
                          traefik.yml contains the following settings:
                          accessLog:
   format: json
   fields:
     headers:
@@ -51,4 +51,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html
index 183ce50..260c864 100644
--- a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html
+++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html
@@ -2,7 +2,7 @@
 By default, USG only allows for one IP address when dialing in via PPPoE.">
 
                          Home » Posts
                          Unifi USG: Multiple IP addresses on PPPoE
                          August 16, 2021 · 2 min · 353 words · Heiner
                          My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
                          By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.
                          Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:
                          1. Create (or extend) a config.gateway.json file
                          Place a file named config.gateway.json in the following path of your Unifi Network controller:
                          /unifi/data/sites/default/
                          You might need to replace “default” with the correct label of the affected site.
                          2. Add DNAT and SNAT rules to the config.gateway.json file
                          In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.
                          {
+By default, USG only allows for one IP address when dialing in via PPPoE.">
                          Home » Posts
                          Unifi USG: Multiple IP addresses on PPPoE
                          August 16, 2021 · 2 min · 353 words · Heiner
                          My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
                          By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.
                          Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:
                          1. Create (or extend) a config.gateway.json file
                          Place a file named config.gateway.json in the following path of your Unifi Network controller:
                          /unifi/data/sites/default/
                          You might need to replace “default” with the correct label of the affected site.
                          2. Add DNAT and SNAT rules to the config.gateway.json file
                          In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.
                          {
     "service": {
         "nat": {
             "rule": {
@@ -44,4 +44,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html
index 53d8228..e046e78 100644
--- a/posts/uptime-robot-website-monitoring/index.html
+++ b/posts/uptime-robot-website-monitoring/index.html
@@ -1,6 +1,6 @@
 UptimeRobot: A nice free website monitoring service | Virtualzone Blog
-
                          Home » Posts
                          UptimeRobot: A nice free website monitoring service
                          September 5, 2016 · 1 min · 120 words · Heiner
                          Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).
                          I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.
                          
\ No newline at end of file
diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html
index 17c75c9..eecc906 100644
--- a/posts/usb-boot-raspberry-pi/index.html
+++ b/posts/usb-boot-raspberry-pi/index.html
@@ -2,7 +2,7 @@
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.">
 
                          Home » Posts
                          Native USB boot for Raspberry Pi 4
                          May 28, 2020 · 2 min · 404 words · Heiner
                          Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
                          To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.
                          Download Raspberry OS 64 bit
                          You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:
                          brew cask install raspberry-pi-imager
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.">
                          Home » Posts
                          Native USB boot for Raspberry Pi 4
                          May 28, 2020 · 2 min · 404 words · Heiner
                          Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
                          To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.
                          Download Raspberry OS 64 bit
                          You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:
                          brew cask install raspberry-pi-imager
 
                          Prepare an SD card with Raspberry OS
                          Note: This step is only required if your Raspberry Pi is now running Raspbian or Raspberry OS! We need Raspberry OS to flash the new firmware.
                          Open Raspberry Pi Imager and flash the downloaded image to an SD card.
                          Afterwards, boot your Pi from this new SD card.
                          Flash EEPROM
                          EEPROM (electrically erasable programmable read-only memory) is your Raspberry Pi’s firmware – sort of a basic system.
                          You can find the changelog for the Raspberry Pi EEPROM on GitHub. The beta versions as of May 15th 2020 contain the required functionalities to boot from a USB drive – i.e. an SSD.
                          Install the required update tool on your Pi:
                          sudo apt update
 sudo apt upgrade
 sudo apt install rpi-eeprom
@@ -15,4 +15,4 @@
 
                          
\ No newline at end of file
+        PaperMod                          
\ No newline at end of file
diff --git a/privacy-policy/index.html b/privacy-policy/index.html
index 6fe7ea8..a2fd6ed 100644
--- a/privacy-policy/index.html
+++ b/privacy-policy/index.html
@@ -5,7 +5,7 @@
 Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.
 Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
                          Home
                          Privacy Policy
                          Heiner
                          We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.
                          Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.
                          Personal data stored
                          The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.
                          Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.
                          If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.
                          The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.
                          Which personal data we store
                          You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.
                          Where we store your data
                          Our servers are located in Germany.
                          Your rights according to General Data Protection Regulation (GDPR)
                          According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:
                          • Right to have your data corrected (article 16 DSGVO)
                          • Right to have your data deleted (article 17 DSGVO)
                          • Right to limit the processing of your data (article 18 DSGVO)
                          • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                          • Right to data portability (article 20 DSGVO)
                          • Right to refuse (article 21 DSGVO)
                          • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)
                          If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.
                          Where we send your data
                          We will not share your data with third parties.
                          TLS encryption using HTTPS
                          In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.
                          Web Analytics
                          For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.
                          Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple
                            © 2022 Heiner Beck.
+Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
                            Home
                            Privacy Policy
                            Heiner
                            We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.
                            Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.
                            Personal data stored
                            The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.
                            Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.
                            If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.
                            The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.
                            Which personal data we store
                            You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.
                            Where we store your data
                            Our servers are located in Germany.
                            Your rights according to General Data Protection Regulation (GDPR)
                            According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:
                            • Right to have your data corrected (article 16 DSGVO)
                            • Right to have your data deleted (article 17 DSGVO)
                            • Right to limit the processing of your data (article 18 DSGVO)
                            • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                            • Right to data portability (article 20 DSGVO)
                            • Right to refuse (article 21 DSGVO)
                            • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)
                            If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.
                            Where we send your data
                            We will not share your data with third parties.
                            TLS encryption using HTTPS
                            In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.
                            Web Analytics
                            For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.
                            Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple
                              
\ No newline at end of file
+        PaperMod
                              
\ No newline at end of file
diff --git a/sitemap.xml b/sitemap.xml
index 11682ac..de24628 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -2,19 +2,28 @@
 
   
-    https://virtualzone.de/tags/kubernetes/
-    2021-09-03T11:30:03+00:00
+    https://virtualzone.de/tags/docker/
+    2022-06-19T15:00:00+00:00
+  
+    https://virtualzone.de/tags/linux/
+    2022-06-19T15:00:00+00:00
   
     https://virtualzone.de/posts/
-    2021-09-03T11:30:03+00:00
+    2022-06-19T15:00:00+00:00
   
-    https://virtualzone.de/posts/k3s-glusterfs/
-    2021-09-03T11:30:03+00:00
+    https://virtualzone.de/posts/alpine-docker-rootless/
+    2022-06-19T15:00:00+00:00
   
     https://virtualzone.de/tags/
-    2021-09-03T11:30:03+00:00
+    2022-06-19T15:00:00+00:00
   
     https://virtualzone.de/
+    2022-06-19T15:00:00+00:00
+  
+    https://virtualzone.de/tags/kubernetes/
+    2021-09-03T11:30:03+00:00
+  
+    https://virtualzone.de/posts/k3s-glusterfs/
     2021-09-03T11:30:03+00:00
   
     https://virtualzone.de/posts/onedrive-upload-backup/
@@ -40,9 +49,6 @@
   
     https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/
     2020-06-03T11:30:03+00:00
-  
-    https://virtualzone.de/tags/docker/
-    2020-06-03T11:30:03+00:00
   
     https://virtualzone.de/tags/api/
     2020-06-01T11:30:03+00:00
@@ -109,9 +115,6 @@
   
     https://virtualzone.de/posts/reduce-pdf-file-size-2/
     2015-08-15T11:30:03+00:00
-  
-    https://virtualzone.de/tags/linux/
-    2015-08-15T11:30:03+00:00
   
     https://virtualzone.de/tags/firewall/
     2014-11-20T11:30:03+00:00
diff --git a/tags/api/index.html b/tags/api/index.html
index b8ad3d8..f624451 100644
--- a/tags/api/index.html
+++ b/tags/api/index.html
@@ -1,6 +1,6 @@
-api | Virtualzone Blog
                              Home » Tags
                              api
+api | Virtualzone Blog
                              Home » Tags
                              api
 
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              Determining a location’s federal state using Google Maps API
                              If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                              August 10, 2012 · 1 min · 162 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 95b0f99..64c86da 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,5 +1,6 @@
-docker | Virtualzone Blog
                              Home » Tags
                              docker
-
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
+docker | Virtualzone Blog
                              Home » Tags
                              docker
+
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 2)
                              Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                              May 16, 2020 · 3 min · 443 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 1)
                              Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                              May 15, 2020 · 3 min · 502 words · Heiner
                              How to let Jenkins build Docker images
                              If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
@@ -10,4 +11,4 @@
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                              August 28, 2016 · 1 min · 163 words · Heiner
                              From FHEM to OpenHAB with Homegear: Installation/Docker container
                              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                              August 28, 2016 · 6 min · 1084 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/docker/index.xml b/tags/docker/index.xml
index 58e19c1..f7bb3c9 100644
--- a/tags/docker/index.xml
+++ b/tags/docker/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 03 Jun 2020 11:30:03 +0000
+    Sun, 19 Jun 2022 15:00:00 +0000
+    
+      Setting up Alpine Linux with Rootless Docker
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      Sun, 19 Jun 2022 15:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
+    
+    
     
       Analyze Traefik access log using InfluxDB and Grafana
       https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/
diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html
index 093c53e..b10b94f 100644
--- a/tags/endonomdo/index.html
+++ b/tags/endonomdo/index.html
@@ -1,5 +1,5 @@
-endonomdo | Virtualzone Blog
                              Home » Tags
                              endonomdo
+endonomdo | Virtualzone Blog
                              Home » Tags
                              endonomdo
 
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/fhem/index.html b/tags/fhem/index.html
index 54a46ec..3bc9a04 100644
--- a/tags/fhem/index.html
+++ b/tags/fhem/index.html
@@ -1,5 +1,5 @@
-fhem | Virtualzone Blog
                              Home » Tags
                              fhem
+fhem | Virtualzone Blog
                              Home » Tags
                              fhem
 
                              From FHEM to OpenHAB with Homegear: Installation/Docker container
                              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                              August 28, 2016 · 6 min · 1084 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/firewall/index.html b/tags/firewall/index.html
index 0c2466b..4589937 100644
--- a/tags/firewall/index.html
+++ b/tags/firewall/index.html
@@ -1,5 +1,5 @@
-firewall | Virtualzone Blog
                              Home » Tags
                              firewall
+firewall | Virtualzone Blog
                              Home » Tags
                              firewall
 
                              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                              November 20, 2014 · 2 min · 372 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/github/index.html b/tags/github/index.html
index e650987..d52809a 100644
--- a/tags/github/index.html
+++ b/tags/github/index.html
@@ -1,6 +1,6 @@
-github | Virtualzone Blog
                              Home » Tags
                              github
+github | Virtualzone Blog
                              Home » Tags
                              github
 
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/google/index.html b/tags/google/index.html
index bb8c5f2..b44fffc 100644
--- a/tags/google/index.html
+++ b/tags/google/index.html
@@ -1,6 +1,6 @@
-google | Virtualzone Blog
                              Home » Tags
                              google
+google | Virtualzone Blog
                              Home » Tags
                              google
 
                              Determining a location’s federal state using Google Maps API
                              If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                              August 10, 2012 · 1 min · 162 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html
index c4044a9..58fc9d8 100644
--- a/tags/homeautomation/index.html
+++ b/tags/homeautomation/index.html
@@ -1,5 +1,5 @@
-homeautomation | Virtualzone Blog
                              Home » Tags
                              homeautomation
+homeautomation | Virtualzone Blog
                              Home » Tags
                              homeautomation
 
                              From FHEM to OpenHAB with Homegear: Installation/Docker container
                              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                              August 28, 2016 · 6 min · 1084 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/index.html b/tags/index.html
index 6670d86..7cb8b16 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
-Tags | Virtualzone Blog
                              Tags
                              © 2022 Heiner Beck.
+Tags | Virtualzone Blog
                              Tags
                              
\ No newline at end of file
+        PaperMod
                              
\ No newline at end of file
diff --git a/tags/index.xml b/tags/index.xml
index c3fd9b7..8e061c9 100644
--- a/tags/index.xml
+++ b/tags/index.xml
@@ -7,7 +7,25 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Fri, 03 Sep 2021 11:30:03 +0000
+    Sun, 19 Jun 2022 15:00:00 +0000
+    
+      docker
+      https://virtualzone.de/tags/docker/
+      Sun, 19 Jun 2022 15:00:00 +0000
+      
+      https://virtualzone.de/tags/docker/
+      
+    
+    
+    
+      linux
+      https://virtualzone.de/tags/linux/
+      Sun, 19 Jun 2022 15:00:00 +0000
+      
+      https://virtualzone.de/tags/linux/
+      
+    
+    
     
       kubernetes
       https://virtualzone.de/tags/kubernetes/
@@ -53,15 +71,6 @@
       
     
     
-    
-      docker
-      https://virtualzone.de/tags/docker/
-      Wed, 03 Jun 2020 11:30:03 +0000
-      
-      https://virtualzone.de/tags/docker/
-      
-    
-    
     
       api
       https://virtualzone.de/tags/api/
@@ -152,15 +161,6 @@
       
     
     
-    
-      linux
-      https://virtualzone.de/tags/linux/
-      Sat, 15 Aug 2015 11:30:03 +0000
-      
-      https://virtualzone.de/tags/linux/
-      
-    
-    
     
       firewall
       https://virtualzone.de/tags/firewall/
diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html
index 8048b2a..d5dc1df 100644
--- a/tags/ipv6/index.html
+++ b/tags/ipv6/index.html
@@ -1,5 +1,5 @@
-ipv6 | Virtualzone Blog
                              Home » Tags
                              ipv6
+ipv6 | Virtualzone Blog
                              Home » Tags
                              ipv6
 
                              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                              November 20, 2014 · 2 min · 372 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html
index 40b59ef..9a4cd8e 100644
--- a/tags/kubernetes/index.html
+++ b/tags/kubernetes/index.html
@@ -1,5 +1,5 @@
-kubernetes | Virtualzone Blog
                              Home » Tags
                              kubernetes
+kubernetes | Virtualzone Blog
                              Home » Tags
                              kubernetes
 
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html
index a6572d0..92a15d7 100644
--- a/tags/letsencrypt/index.html
+++ b/tags/letsencrypt/index.html
@@ -1,7 +1,7 @@
-letsencrypt | Virtualzone Blog
                              Home » Tags
                              letsencrypt
+letsencrypt | Virtualzone Blog
                              Home » Tags
                              letsencrypt
 
                              Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                              I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                              February 11, 2017 · 2 min · 287 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/linux/index.html b/tags/linux/index.html
index be78b26..f3cf5f9 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,8 +1,9 @@
-linux | Virtualzone Blog
                              Home » Tags
                              linux
-
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
+linux | Virtualzone Blog
                              Home » Tags
                              linux
+
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                              August 15, 2015 · 1 min · 75 words · Heiner
                              How to reduce PDF file size in Linux
                              Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/linux/index.xml b/tags/linux/index.xml
index 242710c..75b8d7c 100644
--- a/tags/linux/index.xml
+++ b/tags/linux/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sat, 15 Aug 2015 11:30:03 +0000
+    Sun, 19 Jun 2022 15:00:00 +0000
+    
+      Setting up Alpine Linux with Rootless Docker
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      Sun, 19 Jun 2022 15:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-docker-rootless/
+      As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
+    
+    
     
       How to reduce PDF file size in Linux - Part 2
       https://virtualzone.de/posts/reduce-pdf-file-size-2/
diff --git a/tags/macos/index.html b/tags/macos/index.html
index 99e59f2..62f85c0 100644
--- a/tags/macos/index.html
+++ b/tags/macos/index.html
@@ -1,4 +1,4 @@
-macos | Virtualzone Blog
                              Home » Tags
                              macos
+macos | Virtualzone Blog
                              Home » Tags
                              macos
 
                              Creating an encrypted file container on macOS
                              Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                              December 6, 2016 · 2 min · 356 words · Heiner
                              Fix Docker not using /etc/hosts on MacOS
                              On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                              August 28, 2016 · 1 min · 163 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
@@ -7,4 +7,4 @@
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/nginx/index.html b/tags/nginx/index.html
index 447186b..d917707 100644
--- a/tags/nginx/index.html
+++ b/tags/nginx/index.html
@@ -1,7 +1,7 @@
-nginx | Virtualzone Blog
                              Home » Tags
                              nginx
+nginx | Virtualzone Blog
                              Home » Tags
                              nginx
 
                              Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                              I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                              February 11, 2017 · 2 min · 287 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html
index 8209a16..db62c4d 100644
--- a/tags/onedrive/index.html
+++ b/tags/onedrive/index.html
@@ -1,6 +1,6 @@
-onedrive | Virtualzone Blog
                              Home » Tags
                              onedrive
+onedrive | Virtualzone Blog
                              Home » Tags
                              onedrive
 
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/openhab/index.html b/tags/openhab/index.html
index 577fe77..2297b50 100644
--- a/tags/openhab/index.html
+++ b/tags/openhab/index.html
@@ -1,5 +1,5 @@
-openhab | Virtualzone Blog
                              Home » Tags
                              openhab
+openhab | Virtualzone Blog
                              Home » Tags
                              openhab
 
                              From FHEM to OpenHAB with Homegear: Installation/Docker container
                              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                              August 28, 2016 · 6 min · 1084 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/proxy/index.html b/tags/proxy/index.html
index 9574ae8..ca89b71 100644
--- a/tags/proxy/index.html
+++ b/tags/proxy/index.html
@@ -1,6 +1,6 @@
-proxy | Virtualzone Blog
                              Home » Tags
                              proxy
+proxy | Virtualzone Blog
                              Home » Tags
                              proxy
 
                              How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                              Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                              August 27, 2016 · 2 min · 255 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html
index 53926fc..c67dd94 100644
--- a/tags/raspberrypi/index.html
+++ b/tags/raspberrypi/index.html
@@ -1,6 +1,6 @@
-raspberrypi | Virtualzone Blog
                              Home » Tags
                              raspberrypi
+raspberrypi | Virtualzone Blog
                              Home » Tags
                              raspberrypi
 
                              Raspberry Pi OS: Remove unnecessary packages
                              Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                              June 7, 2020 · 1 min · 161 words · Heiner
                              Native USB boot for Raspberry Pi 4
                              Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                              May 28, 2020 · 2 min · 404 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html
index 5e02749..3663c54 100644
--- a/tags/sonicwall/index.html
+++ b/tags/sonicwall/index.html
@@ -1,5 +1,5 @@
-sonicwall | Virtualzone Blog
                              Home » Tags
                              sonicwall
+sonicwall | Virtualzone Blog
                              Home » Tags
                              sonicwall
 
                              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                              November 20, 2014 · 2 min · 372 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/tool/index.html b/tags/tool/index.html
index 559124d..9949629 100644
--- a/tags/tool/index.html
+++ b/tags/tool/index.html
@@ -1,4 +1,4 @@
-tool | Virtualzone Blog
                              Home » Tags
                              tool
+tool | Virtualzone Blog
                              Home » Tags
                              tool
 
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              UptimeRobot: A nice free website monitoring service
                              Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                              September 5, 2016 · 1 min · 120 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                              August 15, 2015 · 1 min · 75 words · Heiner
                              How to reduce PDF file size in Linux
                              Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
@@ -6,4 +6,4 @@
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file
diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html
index ae276cb..c6bfc33 100644
--- a/tags/wordpress/index.html
+++ b/tags/wordpress/index.html
@@ -1,6 +1,6 @@
-wordpress | Virtualzone Blog
                              Home » Tags
                              wordpress
+wordpress | Virtualzone Blog
                              Home » Tags
                              wordpress
 
                              How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                              Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                              August 27, 2016 · 2 min · 255 words · Heiner
                              
\ No newline at end of file
+        PaperMod
\ No newline at end of file

From 5b459e5ef9f1e3ccc4972fbb6fff99b27e3249c4 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sun, 19 Jun 2022 16:12:00 +0000
Subject: [PATCH 10/25] deploy: 68b43516290432d6d9e84d55b4cf21fd6f6b657e

---
 index.html                              | 2 +-
 posts/alpine-docker-rootless/index.html | 5 +++--
 posts/index.html                        | 2 +-
 tags/docker/index.html                  | 2 +-
 tags/linux/index.html                   | 2 +-
 5 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/index.html b/index.html
index c817bc5..f056e62 100644
--- a/index.html
+++ b/index.html
@@ -3,7 +3,7 @@
 
                              OneDrive Uploader
                              Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                              GitHub Project
 
                              USG Blacklist
                              Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                              GitHub Project
 
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
-However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              Raspberry Pi OS: Remove unnecessary packages
                              Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                              June 7, 2020 · 1 min · 161 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              Native USB boot for Raspberry Pi 4
                              Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html
index 6f8d9b2..c515b1c 100644
--- a/posts/alpine-docker-rootless/index.html
+++ b/posts/alpine-docker-rootless/index.html
@@ -2,7 +2,7 @@
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.">
 
                              Home » Posts
                              Setting up Alpine Linux with Rootless Docker
                              June 19, 2022 · 3 min · 447 words · Heiner
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
                              However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
                              Download and install Alpine
                              First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                              1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                              2. Boot system from ISO and run:
                                # setup-alpine
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.">
                                Home » Posts
                                Setting up Alpine Linux with Rootless Docker
                                June 19, 2022 · 3 min · 479 words · Heiner
                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
                                However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
                                Download and install Alpine
                                First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                2. Boot system from ISO and run:
                                  # setup-alpine
 
                                3. Reboot and install the nano edit:
                                  # apk add nano
 
                                4. Enable community repository in the following file:
                                  # nano /etc/apk/repositories
 
                                5. Update the index of available package:
                                  # apk update
@@ -43,7 +43,8 @@
 export PATH="/home/<USER>/bin:/sbin:/usr/sbin:$PATH"
 
                                6. Log out and log in again.
                                7. Check if Docker Rootless works:
                                  $ docker ps
 $ docker run --rm hello-world
-
                                © 2022 Heiner Beck.
+
                              Allow ports < 1024 (optional)
                              By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                              # echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
+
                              
\ No newline at end of file
diff --git a/posts/index.html b/posts/index.html
index e7da394..3f1829d 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,6 +1,6 @@
 Posts | Virtualzone Blog
                              Home
                              Posts
 
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
-However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              Raspberry Pi OS: Remove unnecessary packages
                              Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                              June 7, 2020 · 1 min · 161 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              Native USB boot for Raspberry Pi 4
                              Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 64c86da..bbfc59f 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,6 +1,6 @@
 docker | Virtualzone Blog
                              Home » Tags
                              docker
 
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
-However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 2)
                              Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                              May 16, 2020 · 3 min · 443 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 1)
                              Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                              May 15, 2020 · 3 min · 502 words · Heiner
                              How to let Jenkins build Docker images
                              If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
diff --git a/tags/linux/index.html b/tags/linux/index.html
index f3cf5f9..ed43678 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,6 +1,6 @@
 linux | Virtualzone Blog
                              Home » Tags
                              linux
 
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
-However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 447 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                              August 15, 2015 · 1 min · 75 words · Heiner
                              How to reduce PDF file size in Linux
                              Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              © 2022 Heiner Beck.

From 0ac98464986eaab8b715133f3ba59dacbff47b75 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sat, 25 Jun 2022 18:22:39 +0000
Subject: [PATCH 11/25] deploy: 2ced3157805693fdaaf95b650f546771925e071d

---
 index.html                              |  5 +-
 index.xml                               | 12 ++++-
 page/2/index.html                       |  6 +--
 page/3/index.html                       |  4 +-
 posts/alpine-docker-rootless/index.html |  3 +-
 posts/alpine-podman/index.html          | 69 +++++++++++++++++++++++++
 posts/index.html                        |  5 +-
 posts/index.xml                         | 12 ++++-
 posts/page/2/index.html                 |  6 +--
 posts/page/3/index.html                 |  4 +-
 sitemap.xml                             | 15 +++---
 tags/docker/index.html                  |  3 +-
 tags/docker/index.xml                   | 12 ++++-
 tags/index.html                         |  2 +-
 tags/index.xml                          |  6 +--
 tags/linux/index.html                   |  3 +-
 tags/linux/index.xml                    | 12 ++++-
 17 files changed, 148 insertions(+), 31 deletions(-)
 create mode 100644 posts/alpine-podman/index.html

diff --git a/index.html b/index.html
index f056e62..c2483cc 100644
--- a/index.html
+++ b/index.html
@@ -2,13 +2,14 @@
 
                              Compose Updater
                              Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                              GitHub Project
 
                              OneDrive Uploader
                              Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                              GitHub Project
 
                              USG Blacklist
                              Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                              GitHub Project
-
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+
                              Setting up Alpine Linux with Podman
                              Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project....
                              June 25, 2022 · 4 min · 840 words · Heiner
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              Raspberry Pi OS: Remove unnecessary packages
                              Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                              June 7, 2020 · 1 min · 161 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              Native USB boot for Raspberry Pi 4
                              Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                              May 28, 2020 · 2 min · 404 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 2)
                              Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
-Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                              May 16, 2020 · 3 min · 443 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 1)
                              Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                              May 15, 2020 · 3 min · 502 words · Heiner
                              © 2022 Heiner Beck.
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                              May 16, 2020 · 3 min · 443 words · Heiner
                              
\ No newline at end of file
diff --git a/index.xml b/index.xml
index 1dfd312..0ee3ba5 100644
--- a/index.xml
+++ b/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sun, 19 Jun 2022 15:00:00 +0000
+    Sat, 25 Jun 2022 18:00:00 +0000
+    
+      Setting up Alpine Linux with Podman
+      https://virtualzone.de/posts/alpine-podman/
+      Sat, 25 Jun 2022 18:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-podman/
+      Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project.
+    
+    
     
       Setting up Alpine Linux with Rootless Docker
       https://virtualzone.de/posts/alpine-docker-rootless/
diff --git a/page/2/index.html b/page/2/index.html
index b5eb44a..1f5fd58 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -1,13 +1,11 @@
-Virtualzone Blog
                              How to let Jenkins build Docker images
                              If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
+Virtualzone Blog
                              Build Multi-Arch images on Docker Hub (Part 1)
                              Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                              May 15, 2020 · 3 min · 502 words · Heiner
                              How to let Jenkins build Docker images
                              If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                              June 11, 2017 · 2 min · 370 words · Heiner
                              Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                              I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                              February 11, 2017 · 2 min · 287 words · Heiner
                              Creating an encrypted file container on macOS
                              Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                              December 6, 2016 · 2 min · 356 words · Heiner
                              UptimeRobot: A nice free website monitoring service
                              Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                              September 5, 2016 · 1 min · 120 words · Heiner
                              Fix Docker not using /etc/hosts on MacOS
                              On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                              August 28, 2016 · 1 min · 163 words · Heiner
                              From FHEM to OpenHAB with Homegear: Installation/Docker container
                              For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                              August 28, 2016 · 6 min · 1084 words · Heiner
                              How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                              Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                              August 27, 2016 · 2 min · 255 words · Heiner
                              How to reduce PDF file size in Linux - Part 2
                              Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                              August 15, 2015 · 1 min · 75 words · Heiner
                              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                              November 20, 2014 · 2 min · 372 words · Heiner
                              How to reduce PDF file size in Linux
                              Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
-/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              August 15, 2015 · 1 min · 75 words · Heiner
                              How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                              IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                              November 20, 2014 · 2 min · 372 words · Heiner
                              © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/page/3/index.html b/page/3/index.html
index d8f530d..f6c4875 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -1,4 +1,6 @@
-Virtualzone Blog
                              Determining a location’s federal state using Google Maps API
                              If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
+Virtualzone Blog
                              How to reduce PDF file size in Linux
                              Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                              November 21, 2012 · 1 min · 98 words · Heiner
                              Determining a location’s federal state using Google Maps API
                              If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                              August 10, 2012 · 1 min · 162 words · Heiner
                              © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html
index c515b1c..dc92b85 100644
--- a/posts/alpine-docker-rootless/index.html
+++ b/posts/alpine-docker-rootless/index.html
@@ -44,7 +44,8 @@
 
                            • Log out and log in again.
                            • Check if Docker Rootless works:
                              $ docker ps
 $ docker run --rm hello-world
 
                            Allow ports < 1024 (optional)
                            By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                            # echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
-
                            © 2022 Heiner Beck.
+
                            
\ No newline at end of file
diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html
new file mode 100644
index 0000000..0f72756
--- /dev/null
+++ b/posts/alpine-podman/index.html
@@ -0,0 +1,69 @@
+Setting up Alpine Linux with Podman | Virtualzone Blog
+
                            Home » Posts
                            Setting up Alpine Linux with Podman
                            June 25, 2022 · 4 min · 840 words · Heiner
                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                            Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                            In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                            Download and install Alpine
                            First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                            1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                            2. Boot system from ISO and run:
                              # setup-alpine
+
                            3. Reboot and install the nano edit:
                              # apk add nano
+
                            4. Enable community repository in the following file:
                              # nano /etc/apk/repositories
+
                            5. Update the index of available package:
                              # apk update
+
                            Add a user and allow her to use doas
                            If you did not create a regular user account during the installation, it’s time to do it now:
                            1. Install doas:
                              # apk add doas
+
                            2. Create user and add it to the wheel group in order to use root privileges:
                              # adduser <USER> wheel
+
                            3. Allow users in group wheel to use doas by editing the file /etc/doas.d/doas.conf and adding the following line:
                              permit persist :wheel
+
                            4. Log out and log in to the new account.
                            Install Podman
                            Now comes the important part: Setting up Podman.
                            1. Enable cgroups v2 by editing /etc/rc.conf and setting rc_cgroup_mode to unified.
                            2. Enable the cgroups service:
                              # rc-update add cgroups && rc-service cgroups start
+
                            3. Install podman:
                              # apk add podman
+
                            4. Allow your user to access Podman in rootless mode:
                              # modprobe tun
+# echo tun >>/etc/modules
+# echo <USER>:100000:65536 >/etc/subuid
+# echo <USER>:100000:65536 >/etc/subgid
+
                            5. Enable the iptables module:
                              # echo "ip_tables" >> /etc/modules
+# modprobe ip_tables
+
                            6. Check if Podman works by running a Hello World container using your user account:
                              $ podman run --rm hello-world
+
                            Allow ports < 1024 (optional)
                            By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                            $ sudo echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
+
                            Using Podman and Pods
                            If you are used to Docker, you can use Podman just the way to used to control Docker. One difference is that Podman can group multiple containers into Pods (that’s where the name comes from: Pod Manager). You may know Pods from Kubernetes. Containers in a Pod share a namespace, a network and a security context.
                            • List running containers:
                              podman ps
+
                            • List existing pods:
                              podman pod ps
+
                            • Create a new pod:
                              podman pod create pod-web
+
                            • Create a container inside the previously created Pod:
                              podman run --rm -d \
+    --pod pod-web \
+    docker.io/library/nginx:alpine
+
                            Starting containers on system start
                            Because Podman follows a daemonless concept, containers are not started along with the non-existing Daemon on system boot. Instead, Podman recommends using systemd to start, stop and restart containers when the system starts.
                            On Alpine, we’re using OpenRC instead of systemd by default. I’m using Podman’s built-in functionity for exporting and importing Kubernetes YAML definitions together with a small OpenRC init script.
                            1. Install runuser so your init script can create Pods in the name of your rootless user:
                              # apk add runuser
+
                            2. Create a folder to store your init scripts, such as /home/<user>/pods/init.d/.
                            3. Generate a Kubernetes YAML for an existing Pod by issuing the following command and saving the YAML file in your previously created directory:
                              podman generate kube <pod-name>
+
                              Alternatively, you can write the YAML file manually. Please refer to Podman’s documention for more information on supported (and unsupported) Kubernetes YAML syntax.
                            4. Create a file named pod in this folder with the following contents and make it executable (chmod +x pod):
                              #!/sbin/openrc-run
+
+depend() {
+    after network-online 
+    use net 
+}
+
+cleanup() {
+    /sbin/runuser -u ${command_user} ${command} pod exists ${pod_name}
+    result=$?
+    if [ $result -eq 0 ]; then
+            /sbin/runuser -u ${command_user} ${command} pod stop ${pod_name}
+            /sbin/runuser -u ${command_user} ${command} pod rm ${pod_name}
+    fi
+}
+
+start_pre() {
+    cleanup
+}
+
+stop() {
+    ebegin "Stopping $RC_SVCNAME"
+    cleanup
+    eend $?
+}
+
                            5. Create one init script per Pod you want to control with the following contents (adjust as needed). Name it appropriately and make it executable (i.e. chmod +x pod-traefik):
                              #!/sbin/openrc-run
+
+name=$RC_SVCNAME
+pod_name=traefik
+command_user="<user>"
+command="/usr/bin/podman"
+command_args="play kube --network traefik /home/${command_user}/pods/${pod_name}/pod.yaml"
+
+source "/home/${command_user}/pods/init.d/pod"
+
                            6. Create a symlink in /etc/init.d/:
                              # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
+
                            7. Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                              # rc-update add pod-traefik
+
                            
\ No newline at end of file
diff --git a/posts/index.html b/posts/index.html
index 3f1829d..b851f1a 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,11 +1,12 @@
 Posts | Virtualzone Blog
                            Home
                            Posts
-
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+
                            Setting up Alpine Linux with Podman
                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project....
                            June 25, 2022 · 4 min · 840 words · Heiner
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                            June 19, 2022 · 3 min · 479 words · Heiner
                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                            September 3, 2021 · 1 min · 118 words · Heiner
                            Back up server to OneDrive’s special App Folder
                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                            September 2, 2021 · 4 min · 682 words · Heiner
                            Unifi USG: Multiple IP addresses on PPPoE
                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                            August 16, 2021 · 2 min · 353 words · Heiner
                            Raspberry Pi OS: Remove unnecessary packages
                            Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                            June 7, 2020 · 1 min · 161 words · Heiner
                            Analyze Traefik access log using InfluxDB and Grafana
                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                            June 3, 2020 · 2 min · 373 words · Heiner
                            Export trainings from Endomondo as GPX files
                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                            June 1, 2020 · 2 min · 341 words · Heiner
                            Native USB boot for Raspberry Pi 4
                            Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                            May 28, 2020 · 2 min · 404 words · Heiner
                            Build Multi-Arch images on Docker Hub (Part 2)
                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
-Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                            May 16, 2020 · 3 min · 443 words · Heiner
                            Build Multi-Arch images on Docker Hub (Part 1)
                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                            May 15, 2020 · 3 min · 502 words · Heiner
                            © 2022 Heiner Beck.
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                            May 16, 2020 · 3 min · 443 words · Heiner
                            
\ No newline at end of file
diff --git a/posts/index.xml b/posts/index.xml
index d96179a..823c44b 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sun, 19 Jun 2022 15:00:00 +0000
+    Sat, 25 Jun 2022 18:00:00 +0000
+    
+      Setting up Alpine Linux with Podman
+      https://virtualzone.de/posts/alpine-podman/
+      Sat, 25 Jun 2022 18:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-podman/
+      Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project.
+    
+    
     
       Setting up Alpine Linux with Rootless Docker
       https://virtualzone.de/posts/alpine-docker-rootless/
diff --git a/posts/page/2/index.html b/posts/page/2/index.html
index dd0e236..3f86128 100644
--- a/posts/page/2/index.html
+++ b/posts/page/2/index.html
@@ -1,14 +1,12 @@
 Posts | Virtualzone Blog
                            Home
                            Posts
-
                            How to let Jenkins build Docker images
                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
+
                            Build Multi-Arch images on Docker Hub (Part 1)
                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                            May 15, 2020 · 3 min · 502 words · Heiner
                            How to let Jenkins build Docker images
                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                            June 11, 2017 · 2 min · 370 words · Heiner
                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                            February 11, 2017 · 2 min · 287 words · Heiner
                            Creating an encrypted file container on macOS
                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                            December 6, 2016 · 2 min · 356 words · Heiner
                            UptimeRobot: A nice free website monitoring service
                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                            September 5, 2016 · 1 min · 120 words · Heiner
                            Fix Docker not using /etc/hosts on MacOS
                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                            August 28, 2016 · 1 min · 163 words · Heiner
                            From FHEM to OpenHAB with Homegear: Installation/Docker container
                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                            August 28, 2016 · 6 min · 1084 words · Heiner
                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                            August 27, 2016 · 2 min · 255 words · Heiner
                            How to reduce PDF file size in Linux - Part 2
                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                            August 15, 2015 · 1 min · 75 words · Heiner
                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                            November 20, 2014 · 2 min · 372 words · Heiner
                            How to reduce PDF file size in Linux
                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
-/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                            November 21, 2012 · 1 min · 98 words · Heiner
                            August 15, 2015 · 1 min · 75 words · Heiner
                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                            November 20, 2014 · 2 min · 372 words · Heiner
                            © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/posts/page/3/index.html b/posts/page/3/index.html
index 3409aa4..f8eaefd 100644
--- a/posts/page/3/index.html
+++ b/posts/page/3/index.html
@@ -1,5 +1,7 @@
 Posts | Virtualzone Blog
                            Home
                            Posts
-
                            Determining a location’s federal state using Google Maps API
                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
+
                            How to reduce PDF file size in Linux
                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                            November 21, 2012 · 1 min · 98 words · Heiner
                            Determining a location’s federal state using Google Maps API
                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                            August 10, 2012 · 1 min · 162 words · Heiner
                            © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/sitemap.xml b/sitemap.xml
index de24628..ffdc926 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -3,21 +3,24 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml">
   
     https://virtualzone.de/tags/docker/
-    2022-06-19T15:00:00+00:00
+    2022-06-25T18:00:00+00:00
   
     https://virtualzone.de/tags/linux/
-    2022-06-19T15:00:00+00:00
+    2022-06-25T18:00:00+00:00
   
     https://virtualzone.de/posts/
-    2022-06-19T15:00:00+00:00
+    2022-06-25T18:00:00+00:00
   
-    https://virtualzone.de/posts/alpine-docker-rootless/
-    2022-06-19T15:00:00+00:00
+    https://virtualzone.de/posts/alpine-podman/
+    2022-06-25T18:00:00+00:00
   
     https://virtualzone.de/tags/
-    2022-06-19T15:00:00+00:00
+    2022-06-25T18:00:00+00:00
   
     https://virtualzone.de/
+    2022-06-25T18:00:00+00:00
+  
+    https://virtualzone.de/posts/alpine-docker-rootless/
     2022-06-19T15:00:00+00:00
   
     https://virtualzone.de/tags/kubernetes/
diff --git a/tags/docker/index.html b/tags/docker/index.html
index bbfc59f..2871e56 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,5 +1,6 @@
 docker | Virtualzone Blog
                            Home » Tags
                            docker
-
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+
                            Setting up Alpine Linux with Podman
                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project....
                            June 25, 2022 · 4 min · 840 words · Heiner
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                            June 19, 2022 · 3 min · 479 words · Heiner
                            Analyze Traefik access log using InfluxDB and Grafana
                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                            June 3, 2020 · 2 min · 373 words · Heiner
                            Build Multi-Arch images on Docker Hub (Part 2)
                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
diff --git a/tags/docker/index.xml b/tags/docker/index.xml
index f7bb3c9..b809b29 100644
--- a/tags/docker/index.xml
+++ b/tags/docker/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sun, 19 Jun 2022 15:00:00 +0000
+    Sat, 25 Jun 2022 18:00:00 +0000
+    
+      Setting up Alpine Linux with Podman
+      https://virtualzone.de/posts/alpine-podman/
+      Sat, 25 Jun 2022 18:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-podman/
+      Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project.
+    
+    
     
       Setting up Alpine Linux with Rootless Docker
       https://virtualzone.de/posts/alpine-docker-rootless/
diff --git a/tags/index.html b/tags/index.html
index 7cb8b16..9f89f51 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
-Tags | Virtualzone Blog
                            Tags
                            © 2022 Heiner Beck.
+Tags | Virtualzone Blog
                            Tags
                            
\ No newline at end of file
diff --git a/tags/index.xml b/tags/index.xml
index 8e061c9..da1ceb9 100644
--- a/tags/index.xml
+++ b/tags/index.xml
@@ -7,11 +7,11 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sun, 19 Jun 2022 15:00:00 +0000
+    Sat, 25 Jun 2022 18:00:00 +0000
     
       docker
       https://virtualzone.de/tags/docker/
-      Sun, 19 Jun 2022 15:00:00 +0000
+      Sat, 25 Jun 2022 18:00:00 +0000
       
       https://virtualzone.de/tags/docker/
       
@@ -20,7 +20,7 @@
     
       linux
       https://virtualzone.de/tags/linux/
-      Sun, 19 Jun 2022 15:00:00 +0000
+      Sat, 25 Jun 2022 18:00:00 +0000
       
       https://virtualzone.de/tags/linux/
       
diff --git a/tags/linux/index.html b/tags/linux/index.html
index ed43678..e286f32 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,5 +1,6 @@
 linux | Virtualzone Blog
                            Home » Tags
                            linux
-
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
+
                            Setting up Alpine Linux with Podman
                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project....
                            June 25, 2022 · 4 min · 840 words · Heiner
                            Setting up Alpine Linux with Rootless Docker
                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                            June 19, 2022 · 3 min · 479 words · Heiner
                            How to reduce PDF file size in Linux - Part 2
                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                            August 15, 2015 · 1 min · 75 words · Heiner
                            How to reduce PDF file size in Linux
                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
diff --git a/tags/linux/index.xml b/tags/linux/index.xml
index 75b8d7c..8ebf2c6 100644
--- a/tags/linux/index.xml
+++ b/tags/linux/index.xml
@@ -7,7 +7,17 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sun, 19 Jun 2022 15:00:00 +0000
+    Sat, 25 Jun 2022 18:00:00 +0000
+    
+      Setting up Alpine Linux with Podman
+      https://virtualzone.de/posts/alpine-podman/
+      Sat, 25 Jun 2022 18:00:00 +0000
+      
+      https://virtualzone.de/posts/alpine-podman/
+      Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman.
+Podman was initially developed by RedHat and is available as an open source project.
+    
+    
     
       Setting up Alpine Linux with Rootless Docker
       https://virtualzone.de/posts/alpine-docker-rootless/

From afbcb919f02feff1c8ee432380c2db085600d1fe Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sat, 25 Jun 2022 18:29:16 +0000
Subject: [PATCH 12/25] deploy: 844be413d2fd3bd6eda9503bbfe9c04cc572c779

---
 posts/alpine-podman/index.html | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html
index 0f72756..24fadd5 100644
--- a/posts/alpine-podman/index.html
+++ b/posts/alpine-podman/index.html
@@ -2,7 +2,7 @@
 Podman was initially developed by RedHat and is available as an open source project.">
 
                            Home » Posts
                            Setting up Alpine Linux with Podman
                            June 25, 2022 · 4 min · 840 words · Heiner
                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                            Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                            In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                            Download and install Alpine
                            First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                            1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                            2. Boot system from ISO and run:
                              # setup-alpine
+Podman was initially developed by RedHat and is available as an open source project.">
                              Home » Posts
                              Setting up Alpine Linux with Podman
                              June 25, 2022 · 4 min · 840 words · Heiner
                              Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                              Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                              In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                              Download and install Alpine
                              First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                              1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                              2. Boot system from ISO and run:
                                # setup-alpine
 
                              3. Reboot and install the nano edit:
                                # apk add nano
 
                              4. Enable community repository in the following file:
                                # nano /etc/apk/repositories
 
                              5. Update the index of available package:
                                # apk update
@@ -19,13 +19,13 @@
 # modprobe ip_tables
 
                              6. Check if Podman works by running a Hello World container using your user account:
                                $ podman run --rm hello-world
 
                              Allow ports < 1024 (optional)
                              By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                              $ sudo echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
-
                              Using Podman and Pods
                              If you are used to Docker, you can use Podman just the way to used to control Docker. One difference is that Podman can group multiple containers into Pods (that’s where the name comes from: Pod Manager). You may know Pods from Kubernetes. Containers in a Pod share a namespace, a network and a security context.
                              • List running containers:
                                podman ps
-
                              • List existing pods:
                                podman pod ps
-
                              • Create a new pod:
                                podman pod create pod-web
-
                              • Create a container inside the previously created Pod:
                                podman run --rm -d \
+
                                Using Podman and Pods
                                If you are used to Docker, you can use Podman just the way to used to control Docker. One difference is that Podman can group multiple containers into Pods (that’s where the name comes from: Pod Manager). You may know Pods from Kubernetes. Containers in a Pod share a namespace, a network and a security context.
                                List running containers:
                                podman ps
+
                                List existing pods:
                                podman pod ps
+
                                Create a new pod:
                                podman pod create pod-web
+
                                Create a container inside the previously created Pod:
                                podman run --rm -d \
     --pod pod-web \
     docker.io/library/nginx:alpine
-
                              Starting containers on system start
                              Because Podman follows a daemonless concept, containers are not started along with the non-existing Daemon on system boot. Instead, Podman recommends using systemd to start, stop and restart containers when the system starts.
                              On Alpine, we’re using OpenRC instead of systemd by default. I’m using Podman’s built-in functionity for exporting and importing Kubernetes YAML definitions together with a small OpenRC init script.
                              1. Install runuser so your init script can create Pods in the name of your rootless user:
                                # apk add runuser
+
                                Starting containers on system start
                                Because Podman follows a daemonless concept, containers are not started along with the non-existing Daemon on system boot. Instead, Podman recommends using systemd to start, stop and restart containers when the system starts.
                                On Alpine, we’re using OpenRC instead of systemd by default. I’m using Podman’s built-in functionity for exporting and importing Kubernetes YAML definitions together with a small OpenRC init script.
                                1. Install runuser so your init script can create Pods in the name of your rootless user:
                                  # apk add runuser
 
                                2. Create a folder to store your init scripts, such as /home/<user>/pods/init.d/.
                                3. Generate a Kubernetes YAML for an existing Pod by issuing the following command and saving the YAML file in your previously created directory:
                                  podman generate kube <pod-name>
 
                                  Alternatively, you can write the YAML file manually. Please refer to Podman’s documention for more information on supported (and unsupported) Kubernetes YAML syntax.
                                4. Create a file named pod in this folder with the following contents and make it executable (chmod +x pod):
                                  #!/sbin/openrc-run
 

From 1694b41f244bdc0aa3a9c4a84828878beb9b0835 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sun, 16 Oct 2022 17:26:14 +0000
Subject: [PATCH 13/25] deploy: d97e26cfbf6f171cba699218b7a64a48d6dfedb6

---
 index.html                                | 10 ++++---
 index.xml                                 | 14 ++++++++-
 page/2/index.html                         |  5 ++--
 page/3/index.html                         |  2 +-
 posts/alpine-podman/index.html            |  3 +-
 posts/index.html                          |  8 ++++--
 posts/index.xml                           | 14 ++++++++-
 posts/page/2/index.html                   |  5 ++--
 posts/page/3/index.html                   |  2 +-
 posts/podman-multiple-networks/index.html | 35 +++++++++++++++++++++++
 sitemap.xml                               | 17 ++++++-----
 tags/docker/index.html                    |  5 +++-
 tags/docker/index.xml                     | 14 ++++++++-
 tags/index.html                           |  2 +-
 tags/index.xml                            |  6 ++--
 tags/linux/index.html                     |  5 +++-
 tags/linux/index.xml                      | 14 ++++++++-
 17 files changed, 130 insertions(+), 31 deletions(-)
 create mode 100644 posts/podman-multiple-networks/index.html

diff --git a/index.html b/index.html
index c2483cc..73d994b 100644
--- a/index.html
+++ b/index.html
@@ -1,15 +1,17 @@
-Virtualzone Blog
                                  Seatsurfing
                                  Seatsurfing
                                  Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                  Visit seatsurfing.app
+Virtualzone Blog
                                  Seatsurfing
                                  Seatsurfing
                                  Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                  Visit seatsurfing.app
 
                                  Compose Updater
                                  Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                                  GitHub Project
 
                                  OneDrive Uploader
                                  Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                                  GitHub Project
 
                                  USG Blacklist
                                  Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                                  GitHub Project
-
                                  Setting up Alpine Linux with Podman
                                  Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
+
                              Connecting multiple networks to a Podman container
                              I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+When a container was connected to more than one network, outgoing connections were not working correctly.
+Consider a container connected to two bridge networks:
+$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                              October 16, 2022 · 2 min · 274 words · Heiner
                              Setting up Alpine Linux with Podman
                              Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
 Podman was initially developed by RedHat and is available as an open source project....
                              June 25, 2022 · 4 min · 840 words · Heiner
                              Setting up Alpine Linux with Rootless Docker
                              As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                              June 19, 2022 · 3 min · 479 words · Heiner
                              Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                              I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                              September 3, 2021 · 1 min · 118 words · Heiner
                              Back up server to OneDrive’s special App Folder
                              I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                              September 2, 2021 · 4 min · 682 words · Heiner
                              Unifi USG: Multiple IP addresses on PPPoE
                              My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                              August 16, 2021 · 2 min · 353 words · Heiner
                              Raspberry Pi OS: Remove unnecessary packages
                              Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                              June 7, 2020 · 1 min · 161 words · Heiner
                              Analyze Traefik access log using InfluxDB and Grafana
                              Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                              June 3, 2020 · 2 min · 373 words · Heiner
                              Export trainings from Endomondo as GPX files
                              I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                              June 1, 2020 · 2 min · 341 words · Heiner
                              Native USB boot for Raspberry Pi 4
                              Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
-To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                              May 28, 2020 · 2 min · 404 words · Heiner
                              Build Multi-Arch images on Docker Hub (Part 2)
                              Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
-Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                              May 16, 2020 · 3 min · 443 words · Heiner
                              © 2022 Heiner Beck.
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                            May 28, 2020 · 2 min · 404 words · Heiner
                            
\ No newline at end of file
diff --git a/index.xml b/index.xml
index 0ee3ba5..339ac4b 100644
--- a/index.xml
+++ b/index.xml
@@ -7,7 +7,19 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Sat, 25 Jun 2022 18:00:00 +0000
+    Sun, 16 Oct 2022 17:00:00 +0000
+    
+      Connecting multiple networks to a Podman container
+      https://virtualzone.de/posts/podman-multiple-networks/
+      Sun, 16 Oct 2022 17:00:00 +0000
+      
+      https://virtualzone.de/posts/podman-multiple-networks/
+      I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+When a container was connected to more than one network, outgoing connections were not working correctly.
+Consider a container connected to two bridge networks:
+$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:
+    
+    
     
       Setting up Alpine Linux with Podman
       https://virtualzone.de/posts/alpine-podman/
diff --git a/page/2/index.html b/page/2/index.html
index 1f5fd58..4eab078 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -1,11 +1,12 @@
-Virtualzone Blog
                            Build Multi-Arch images on Docker Hub (Part 1)
                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                            May 15, 2020 · 3 min · 502 words · Heiner
                            How to let Jenkins build Docker images
                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
+Virtualzone Blog
                            Build Multi-Arch images on Docker Hub (Part 2)
                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                            May 16, 2020 · 3 min · 443 words · Heiner
                            Build Multi-Arch images on Docker Hub (Part 1)
                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                            May 15, 2020 · 3 min · 502 words · Heiner
                            How to let Jenkins build Docker images
                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                            June 11, 2017 · 2 min · 370 words · Heiner
                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                            February 11, 2017 · 2 min · 287 words · Heiner
                            Creating an encrypted file container on macOS
                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                            December 6, 2016 · 2 min · 356 words · Heiner
                            UptimeRobot: A nice free website monitoring service
                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                            September 5, 2016 · 1 min · 120 words · Heiner
                            Fix Docker not using /etc/hosts on MacOS
                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                            August 28, 2016 · 1 min · 163 words · Heiner
                            From FHEM to OpenHAB with Homegear: Installation/Docker container
                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                            August 28, 2016 · 6 min · 1084 words · Heiner
                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                            August 27, 2016 · 2 min · 255 words · Heiner
                            How to reduce PDF file size in Linux - Part 2
                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                            August 15, 2015 · 1 min · 75 words · Heiner
                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                            November 20, 2014 · 2 min · 372 words · Heiner
                            August 15, 2015 · 1 min · 75 words · Heiner
                            © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/page/3/index.html b/page/3/index.html
index f6c4875..8f4bd7c 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -1,4 +1,4 @@
-Virtualzone Blog
                            How to reduce PDF file size in Linux
                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
+Virtualzone Blog
                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                            November 20, 2014 · 2 min · 372 words · Heiner
                            How to reduce PDF file size in Linux
                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                            November 21, 2012 · 1 min · 98 words · Heiner
                            Determining a location’s federal state using Google Maps API
                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                            August 10, 2012 · 1 min · 162 words · Heiner
                            © 2022 Heiner Beck.
diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html
index 24fadd5..f96bcbf 100644
--- a/posts/alpine-podman/index.html
+++ b/posts/alpine-podman/index.html
@@ -63,7 +63,8 @@
 source "/home/${command_user}/pods/init.d/pod"
                          • Create a symlink in /etc/init.d/:
                            # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
                          • Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                            # rc-update add pod-traefik
-
                            • © 2022 Heiner Beck. + \ No newline at end of file diff --git a/posts/index.html b/posts/index.html index b851f1a..fb5d670 100644 --- a/posts/index.html +++ b/posts/index.html @@ -1,12 +1,14 @@ Posts | Virtualzone Blog
                            Home

                            Posts -

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +

                            Connecting multiple networks to a Podman container

                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                            October 16, 2022 · 2 min · 274 words · Heiner

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project....

                            June 25, 2022 · 4 min · 840 words · Heiner

                            Setting up Alpine Linux with Rootless Docker

                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                            June 19, 2022 · 3 min · 479 words · Heiner

                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                            September 3, 2021 · 1 min · 118 words · Heiner

                            Back up server to OneDrive’s special App Folder

                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                            September 2, 2021 · 4 min · 682 words · Heiner

                            Unifi USG: Multiple IP addresses on PPPoE

                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                            August 16, 2021 · 2 min · 353 words · Heiner

                            Raspberry Pi OS: Remove unnecessary packages

                            Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                            June 7, 2020 · 1 min · 161 words · Heiner

                            Analyze Traefik access log using InfluxDB and Grafana

                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                            June 3, 2020 · 2 min · 373 words · Heiner

                            Export trainings from Endomondo as GPX files

                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                            June 1, 2020 · 2 min · 341 words · Heiner

                            Native USB boot for Raspberry Pi 4

                            Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                            May 28, 2020 · 2 min · 404 words · Heiner

                            Build Multi-Arch images on Docker Hub (Part 2)

                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. -Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                            May 16, 2020 · 3 min · 443 words · Heiner
                            © 2022 Heiner Beck. +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                            May 28, 2020 · 2 min · 404 words · Heiner
                            \ No newline at end of file diff --git a/posts/index.xml b/posts/index.xml index 823c44b..a804fe2 100644 --- a/posts/index.xml +++ b/posts/index.xml @@ -7,7 +7,19 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 + + Connecting multiple networks to a Podman container + https://virtualzone.de/posts/podman-multiple-networks/ + Sun, 16 Oct 2022 17:00:00 +0000 + + https://virtualzone.de/posts/podman-multiple-networks/ + I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: + + Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ diff --git a/posts/page/2/index.html b/posts/page/2/index.html index 3f86128..8f94fd3 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -1,12 +1,13 @@ Posts | Virtualzone Blog
                            Home

                            Posts -

                            Build Multi-Arch images on Docker Hub (Part 1)

                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                            May 15, 2020 · 3 min · 502 words · Heiner

                            How to let Jenkins build Docker images

                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +

                            Build Multi-Arch images on Docker Hub (Part 2)

                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                            May 16, 2020 · 3 min · 443 words · Heiner

                            Build Multi-Arch images on Docker Hub (Part 1)

                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                            May 15, 2020 · 3 min · 502 words · Heiner

                            How to let Jenkins build Docker images

                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                            June 11, 2017 · 2 min · 370 words · Heiner

                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                            February 11, 2017 · 2 min · 287 words · Heiner

                            Creating an encrypted file container on macOS

                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                            December 6, 2016 · 2 min · 356 words · Heiner

                            UptimeRobot: A nice free website monitoring service

                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                            September 5, 2016 · 1 min · 120 words · Heiner

                            Fix Docker not using /etc/hosts on MacOS

                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                            August 28, 2016 · 1 min · 163 words · Heiner

                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                            August 28, 2016 · 6 min · 1084 words · Heiner

                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                            August 27, 2016 · 2 min · 255 words · Heiner

                            How to reduce PDF file size in Linux - Part 2

                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                            August 15, 2015 · 1 min · 75 words · Heiner

                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                            November 20, 2014 · 2 min · 372 words · Heiner
                            August 15, 2015 · 1 min · 75 words · Heiner
                            © 2022 Heiner Beck. Powered by Hugo & diff --git a/posts/page/3/index.html b/posts/page/3/index.html index f8eaefd..3e80e1a 100644 --- a/posts/page/3/index.html +++ b/posts/page/3/index.html @@ -1,5 +1,5 @@ Posts | Virtualzone Blog
                            Home

                            Posts -

                            How to reduce PDF file size in Linux

                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +

                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                            November 20, 2014 · 2 min · 372 words · Heiner

                            How to reduce PDF file size in Linux

                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                            November 21, 2012 · 1 min · 98 words · Heiner

                            Determining a location’s federal state using Google Maps API

                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                            August 10, 2012 · 1 min · 162 words · Heiner
                            © 2022 Heiner Beck. diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html new file mode 100644 index 0000000..7ba851c --- /dev/null +++ b/posts/podman-multiple-networks/index.html @@ -0,0 +1,35 @@ +Connecting multiple networks to a Podman container | Virtualzone Blog +
                            Home » Posts

                            Connecting multiple networks to a Podman container

                            October 16, 2022 · 2 min · 274 words · Heiner

                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:

                            When a container was connected to more than one network, outgoing connections were not working correctly.

                            Consider a container connected to two bridge networks:

                            $ podman run --rm -it \
+      --network net1 \
+      --network net2 \
+      alpine /bin/ash
+

                            Inside the container, the two networks are connected correctly:

                            # ip a
+1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+2: eth1@if17: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
+    inet 10.89.0.7/24 brd 10.89.0.255 scope global eth1
+4: eth0@if18: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP qlen 1000
+    inet 10.89.2.6/24 brd 10.89.2.255 scope global eth0
+

                            However, pinging a host on the internet only works using one of the two network interfaces:

                            # ping -I eth0 8.8.8.8
+PING 8.8.8.8 (8.8.8.8): 56 data bytes
+64 bytes from 8.8.8.8: seq=0 ttl=42 time=4.075 ms
+
                            # ping -I eth1 8.8.8.8
+PING 8.8.8.8 (8.8.8.8): 56 data bytes
+...
+2 packets transmitted, 0 packets received, 100% packet loss
+

                            The solution

                            The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.

                            On my Alpine system, rp_filter was set to 1 by default. The settings controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.

                            You can try the solution temporarily by running:

                            # sysctl -w net.ipv4.conf.all.rp_filter=2
+

                            To survive the next reboot, persist the setting by adding it to /etc/sysctl.conf:

                            # echo "net.ipv4.conf.all.rp_filter=2" >> /etc/sysctl.conf
+

                            For more information, you can take a look at this article.

                            \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index ffdc926..312736d 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,22 +2,25 @@ + https://virtualzone.de/posts/podman-multiple-networks/ + 2022-10-16T17:00:00+00:00 + https://virtualzone.de/tags/docker/ - 2022-06-25T18:00:00+00:00 + 2022-10-16T17:00:00+00:00 https://virtualzone.de/tags/linux/ - 2022-06-25T18:00:00+00:00 + 2022-10-16T17:00:00+00:00 https://virtualzone.de/posts/ - 2022-06-25T18:00:00+00:00 - - https://virtualzone.de/posts/alpine-podman/ - 2022-06-25T18:00:00+00:00 + 2022-10-16T17:00:00+00:00 https://virtualzone.de/tags/ - 2022-06-25T18:00:00+00:00 + 2022-10-16T17:00:00+00:00 https://virtualzone.de/ + 2022-10-16T17:00:00+00:00 + + https://virtualzone.de/posts/alpine-podman/ 2022-06-25T18:00:00+00:00 https://virtualzone.de/posts/alpine-docker-rootless/ diff --git a/tags/docker/index.html b/tags/docker/index.html index 2871e56..dcde4d5 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -1,5 +1,8 @@ docker | Virtualzone Blog
                            Home » Tags

                            docker -

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +

                            Connecting multiple networks to a Podman container

                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                            October 16, 2022 · 2 min · 274 words · Heiner

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project....

                            June 25, 2022 · 4 min · 840 words · Heiner

                            Setting up Alpine Linux with Rootless Docker

                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                            June 19, 2022 · 3 min · 479 words · Heiner

                            Analyze Traefik access log using InfluxDB and Grafana

                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: diff --git a/tags/docker/index.xml b/tags/docker/index.xml index b809b29..8071a44 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -7,7 +7,19 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 + + Connecting multiple networks to a Podman container + https://virtualzone.de/posts/podman-multiple-networks/ + Sun, 16 Oct 2022 17:00:00 +0000 + + https://virtualzone.de/posts/podman-multiple-networks/ + I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: + + Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ diff --git a/tags/index.html b/tags/index.html index 9f89f51..37ad63f 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,4 @@ -Tags | Virtualzone Blog

                            Tags

                            © 2022 Heiner Beck. +Tags | Virtualzone Blog

                            Tags

                            \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index da1ceb9..fe7cd33 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -7,11 +7,11 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 docker https://virtualzone.de/tags/docker/ - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 https://virtualzone.de/tags/docker/ @@ -20,7 +20,7 @@ linux https://virtualzone.de/tags/linux/ - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 https://virtualzone.de/tags/linux/ diff --git a/tags/linux/index.html b/tags/linux/index.html index e286f32..e39eb25 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -1,5 +1,8 @@ linux | Virtualzone Blog
                            Home » Tags

                            linux -

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +

                            Connecting multiple networks to a Podman container

                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                            October 16, 2022 · 2 min · 274 words · Heiner

                            Setting up Alpine Linux with Podman

                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project....

                            June 25, 2022 · 4 min · 840 words · Heiner

                            Setting up Alpine Linux with Rootless Docker

                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                            June 19, 2022 · 3 min · 479 words · Heiner

                            How to reduce PDF file size in Linux - Part 2

                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                            August 15, 2015 · 1 min · 75 words · Heiner

                            How to reduce PDF file size in Linux

                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: diff --git a/tags/linux/index.xml b/tags/linux/index.xml index 8ebf2c6..73614ab 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -7,7 +7,19 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sat, 25 Jun 2022 18:00:00 +0000 + Sun, 16 Oct 2022 17:00:00 +0000 + + Connecting multiple networks to a Podman container + https://virtualzone.de/posts/podman-multiple-networks/ + Sun, 16 Oct 2022 17:00:00 +0000 + + https://virtualzone.de/posts/podman-multiple-networks/ + I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +When a container was connected to more than one network, outgoing connections were not working correctly. +Consider a container connected to two bridge networks: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: + + Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ From 37417c4a1a72813bf3b68b7b8ff28c2b0d011c26 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Thu, 20 Oct 2022 15:55:23 +0000 Subject: [PATCH 14/25] deploy: 4b60678af8462ca641a99e4dbd7dfca9b04e1768 --- posts/podman-multiple-networks/index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html index 7ba851c..21fb124 100644 --- a/posts/podman-multiple-networks/index.html +++ b/posts/podman-multiple-networks/index.html @@ -8,7 +8,7 @@ $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:">

                            Home » Posts

                            Connecting multiple networks to a Podman container

                            October 16, 2022 · 2 min · 274 words · Heiner

                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:

                            When a container was connected to more than one network, outgoing connections were not working correctly.

                            Consider a container connected to two bridge networks:

                            $ podman run --rm -it \
+$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:">
                            Home » Posts
                            Connecting multiple networks to a Podman container
                            October 16, 2022 · 2 min · 274 words · Heiner
                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
                            When a container was connected to more than one network, outgoing connections were not working correctly.
                            Consider a container connected to two bridge networks:
                            $ podman run --rm -it \
       --network net1 \
       --network net2 \
       alpine /bin/ash
@@ -27,7 +27,7 @@
 PING 8.8.8.8 (8.8.8.8): 56 data bytes
 ...
 2 packets transmitted, 0 packets received, 100% packet loss
-
                            The solution
                            The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.
                            On my Alpine system, rp_filter was set to 1 by default. The settings controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.
                            You can try the solution temporarily by running:
                            # sysctl -w net.ipv4.conf.all.rp_filter=2
+
                            The solution
                            The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.
                            On my Alpine system, rp_filter was set to 1 by default. The setting controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.
                            You can try the solution temporarily by running:
                            # sysctl -w net.ipv4.conf.all.rp_filter=2
 
                            To survive the next reboot, persist the setting by adding it to /etc/sysctl.conf:
                            # echo "net.ipv4.conf.all.rp_filter=2" >> /etc/sysctl.conf
 
                            For more information, you can take a look at this article.
                            © 2022 Heiner Beck.
 Powered by

From 4f75b3c42882cdbdc64362178d52e01aa9d32efb Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Wed, 26 Oct 2022 15:39:57 +0000
Subject: [PATCH 15/25] deploy: ab2e7e703ed49de3a68d70e7228850153e2663d6

---
 404.html                                                   | 2 +-
 ...1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css | 7 +++++++
 ...d02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css | 7 -------
 categories/index.html                                      | 2 +-
 contact/index.html                                         | 2 +-
 index.html                                                 | 4 ++--
 page/2/index.html                                          | 6 +++---
 page/3/index.html                                          | 4 ++--
 posts/alpine-docker-rootless/index.html                    | 4 ++--
 posts/alpine-podman/index.html                             | 4 ++--
 .../index.html                                             | 4 ++--
 posts/encrypted-file-container-macos/index.html            | 4 ++--
 posts/endomono-export-gpx/index.html                       | 4 ++--
 posts/fix-docker-not-using-etc-hosts-on-macos/index.html   | 4 ++--
 .../index.html                                             | 4 ++--
 posts/https-ssl-in-wordpress-behind-proxy/index.html       | 4 ++--
 posts/index.html                                           | 4 ++--
 posts/ipv6-on-a-sonicwall/index.html                       | 4 ++--
 posts/jenkins-build-docker-images/index.html               | 4 ++--
 posts/k3s-glusterfs/index.html                             | 4 ++--
 .../index.html                                             | 4 ++--
 posts/multi-arch-docker-images-1/index.html                | 4 ++--
 posts/multi-arch-docker-images-2/index.html                | 4 ++--
 posts/onedrive-upload-backup/index.html                    | 4 ++--
 posts/page/2/index.html                                    | 6 +++---
 posts/page/3/index.html                                    | 4 ++--
 posts/podman-multiple-networks/index.html                  | 4 ++--
 posts/raspberry-pi-os-remove-packages/index.html           | 4 ++--
 posts/reduce-pdf-file-size-2/index.html                    | 4 ++--
 posts/reduce-pdf-file-size/index.html                      | 4 ++--
 .../index.html                                             | 4 ++--
 posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html  | 4 ++--
 posts/uptime-robot-website-monitoring/index.html           | 4 ++--
 posts/usb-boot-raspberry-pi/index.html                     | 4 ++--
 privacy-policy/index.html                                  | 2 +-
 tags/api/index.html                                        | 2 +-
 tags/docker/index.html                                     | 2 +-
 tags/endonomdo/index.html                                  | 2 +-
 tags/fhem/index.html                                       | 2 +-
 tags/firewall/index.html                                   | 2 +-
 tags/github/index.html                                     | 2 +-
 tags/google/index.html                                     | 2 +-
 tags/homeautomation/index.html                             | 2 +-
 tags/index.html                                            | 2 +-
 tags/ipv6/index.html                                       | 2 +-
 tags/kubernetes/index.html                                 | 2 +-
 tags/letsencrypt/index.html                                | 2 +-
 tags/linux/index.html                                      | 2 +-
 tags/macos/index.html                                      | 2 +-
 tags/nginx/index.html                                      | 2 +-
 tags/onedrive/index.html                                   | 2 +-
 tags/openhab/index.html                                    | 2 +-
 tags/proxy/index.html                                      | 2 +-
 tags/raspberrypi/index.html                                | 2 +-
 tags/sonicwall/index.html                                  | 2 +-
 tags/tool/index.html                                       | 2 +-
 tags/wordpress/index.html                                  | 2 +-
 57 files changed, 93 insertions(+), 93 deletions(-)
 create mode 100644 assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css
 delete mode 100644 assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css

diff --git a/404.html b/404.html
index 497fac6..887e995 100644
--- a/404.html
+++ b/404.html
@@ -1,4 +1,4 @@
-404 Page not found | Virtualzone Blog
                            404
                            © 2022 Heiner Beck.
+404 Page not found | Virtualzone Blog
                            404
                            
\ No newline at end of file
diff --git a/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css b/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css
new file mode 100644
index 0000000..d069614
--- /dev/null
+++ b/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css
@@ -0,0 +1,7 @@
+/*
+  PaperMod v6
+  License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE
+  Copyright (c) 2020 nanxiaobei and adityatelange
+  Copyright (c) 2021-2022 adityatelange
+*/
+:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img,.logo a svg{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}img.in-text{display:inline;margin:auto}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}}
\ No newline at end of file
diff --git a/assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css b/assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css
deleted file mode 100644
index f5b427a..0000000
--- a/assets/css/stylesheet.daf1f4b84c20ad02374392191048a3c0da01a241c1dd7e757f9f5ee61b878492.css
+++ /dev/null
@@ -1,7 +0,0 @@
-/*
-  PaperMod v6
-  License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE
-  Copyright (c) 2020 nanxiaobei and adityatelange
-  Copyright (c) 2021-2022 adityatelange
-*/
-:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}#theme-toggle svg{height:18px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}.share-buttons a svg{height:30px;width:30px;fill:currentColor;transition:transform .1s}.share-buttons svg:active{transform:scale(.96)}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%;pointer-events:none}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.share-buttons svg:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}}
\ No newline at end of file
diff --git a/categories/index.html b/categories/index.html
index 9a80f23..ff3be40 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -1,4 +1,4 @@
-Categories | Virtualzone Blog
                            Categories
                              © 2022 Heiner Beck.
+Categories | Virtualzone Blog
                              Categories
                                
\ No newline at end of file
diff --git a/contact/index.html b/contact/index.html
index 41f5847..1c84179 100644
--- a/contact/index.html
+++ b/contact/index.html
@@ -3,7 +3,7 @@
 60431 Frankfurt am Main
 Germany
 Email: mail@virtualzone.de
-Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">
+Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">
 Virtualzone Blog
                                Seatsurfing
                                Seatsurfing
                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                Visit seatsurfing.app
+Virtualzone Blog
                                Seatsurfing
                                Seatsurfing
                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                Visit seatsurfing.app
 
                                Compose Updater
                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                                GitHub Project
 
                                OneDrive Uploader
                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)
                                GitHub Project
 
                                USG Blacklist
                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).
                                GitHub Project
@@ -11,7 +11,7 @@
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                August 16, 2021 · 2 min · 353 words · Heiner
                                Raspberry Pi OS: Remove unnecessary packages
                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                                June 7, 2020 · 1 min · 161 words · Heiner
                                Analyze Traefik access log using InfluxDB and Grafana
                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
 Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                June 3, 2020 · 2 min · 373 words · Heiner
                                Export trainings from Endomondo as GPX files
                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                June 1, 2020 · 2 min · 341 words · Heiner
                                Native USB boot for Raspberry Pi 4
                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
-To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                May 28, 2020 · 2 min · 404 words · Heiner
                                © 2022 Heiner Beck.
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                May 28, 2020 · 2 min · 404 words · Heiner
                                
\ No newline at end of file
diff --git a/page/2/index.html b/page/2/index.html
index 4eab078..314d077 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -1,4 +1,4 @@
-Virtualzone Blog
                                Build Multi-Arch images on Docker Hub (Part 2)
                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
+Virtualzone Blog
                                Build Multi-Arch images on Docker Hub (Part 2)
                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                May 16, 2020 · 3 min · 443 words · Heiner
                                Build Multi-Arch images on Docker Hub (Part 1)
                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                May 15, 2020 · 3 min · 502 words · Heiner
                                How to let Jenkins build Docker images
                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                                June 11, 2017 · 2 min · 370 words · Heiner
                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
@@ -6,8 +6,8 @@
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                August 28, 2016 · 1 min · 163 words · Heiner
                                From FHEM to OpenHAB with Homegear: Installation/Docker container
                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                August 28, 2016 · 6 min · 1084 words · Heiner
                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                August 27, 2016 · 2 min · 255 words · Heiner
                                How to reduce PDF file size in Linux - Part 2
                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
-gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                August 15, 2015 · 1 min · 75 words · Heiner
                                © 2022 Heiner Beck.
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                August 15, 2015 · 1 min · 75 words · Heiner
                                
\ No newline at end of file
diff --git a/page/3/index.html b/page/3/index.html
index 8f4bd7c..5eab662 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -1,7 +1,7 @@
-Virtualzone Blog
                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                November 20, 2014 · 2 min · 372 words · Heiner
                                How to reduce PDF file size in Linux
                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
+Virtualzone Blog
                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                November 20, 2014 · 2 min · 372 words · Heiner
                                How to reduce PDF file size in Linux
                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                                November 21, 2012 · 1 min · 98 words · Heiner
                                Determining a location’s federal state using Google Maps API
                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
-function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck.
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                August 10, 2012 · 1 min · 162 words · Heiner
                                
\ No newline at end of file
diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html
index dc92b85..2ee47a7 100644
--- a/posts/alpine-docker-rootless/index.html
+++ b/posts/alpine-docker-rootless/index.html
@@ -1,5 +1,5 @@
 Setting up Alpine Linux with Rootless Docker | Virtualzone Blog
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.">
 
                                Home » Posts
                                Setting up Alpine Linux with Rootless Docker
                                June 19, 2022 · 3 min · 479 words · Heiner
                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
                                However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
                                Download and install Alpine
                                First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                2. Boot system from ISO and run:
                                  # setup-alpine
@@ -45,7 +45,7 @@
 $ docker run --rm hello-world
 
                                Allow ports < 1024 (optional)
                                By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                                # echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
                                \ No newline at end of file diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html index f96bcbf..d5631c1 100644 --- a/posts/alpine-podman/index.html +++ b/posts/alpine-podman/index.html @@ -1,5 +1,5 @@ Setting up Alpine Linux with Podman | Virtualzone Blog +Podman was initially developed by RedHat and is available as an open source project.">
                                Home » Posts

                                Setting up Alpine Linux with Podman

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.

                                Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.

                                In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.

                                Download and install Alpine

                                First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                                1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                2. Boot system from ISO and run:
                                  # setup-alpine
@@ -64,7 +64,7 @@
                              • Create a symlink in /etc/init.d/:
                                # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
                              • Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                                # rc-update add pod-traefik
                                • \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index 301984b..02a8b81 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -1,5 +1,5 @@ Determining a location’s federal state using Google Maps API | Virtualzone Blog +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">
                                Home » Posts

                                Determining a location’s federal state using Google Maps API

                                August 10, 2012 · 1 min · 162 words · Heiner

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:

                                function log(s) {
@@ -63,7 +63,7 @@
     new google.maps.places.Autocomplete(document.getElementById('location'), {});
     $('#form').submit(searchLocation);
 });
-
                                © 2022 Heiner Beck. + \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html index b917b18..1226c67 100644 --- a/posts/encrypted-file-container-macos/index.html +++ b/posts/encrypted-file-container-macos/index.html @@ -1,6 +1,6 @@ -Creating an encrypted file container on macOS | Virtualzone Blog +Creating an encrypted file container on macOS | Virtualzone Blog
                                Home » Posts

                                Creating an encrypted file container on macOS

                                December 6, 2016 · 2 min · 356 words · Heiner

                                Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

                                These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

                                To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

                                Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

                                Choose an appropriate name for your image and select the following settings:

                                • Save as: The filename of your encrypted DMG file.
                                • Name: A name shown when your DMG file is mounted.
                                • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                                • Format: Choose “Mac OS Extended (Journaled)”.
                                • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                                • Partitions: Choose “Single Partition – Apple Partition Map”.
                                • Image Format: Choose “read/write disk image”.

                                Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

                                \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html index ff52e59..8c843fb 100644 --- a/posts/endomono-export-gpx/index.html +++ b/posts/endomono-export-gpx/index.html @@ -1,4 +1,4 @@ -Export trainings from Endomondo as GPX files | Virtualzone Blog +Export trainings from Endomondo as GPX files | Virtualzone Blog
                                Home » Posts

                                Export trainings from Endomondo as GPX files

                                June 1, 2020 · 2 min · 341 words · Heiner

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.

                                There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.

                                The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.

                                The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.

                                In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:

                                await api.processWorkouts(filter, async (workout) => {
   if (workout.hasGPSData()) {
     let filename = getFilename(workout);
@@ -11,7 +11,7 @@
 cd endomondo-exporter
 npm install

                                Importing GPX files to Strava is quite easy: You can upload 25 training files at once. There seems to be some rate limiting. I’ve received server errors after several imports. Waiting a few minutes solved that.

                                \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html index 6e93824..f117c57 100644 --- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -1,6 +1,6 @@ Fix Docker not using /etc/hosts on MacOS | Virtualzone Blog +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
                                \ No newline at end of file diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html index b1285d0..3c1dcbb 100644 --- a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html +++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -1,4 +1,4 @@ -From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog +From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
                                Home » Posts

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                August 28, 2016 · 6 min · 1084 words · Heiner

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.

                                If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.

                                OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.

                                To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.

                                Option 1: Using Docker Compose

                                There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.

                                1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                                2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                                3. Create a directory for your OpenHAB setup, such as:
                                mkdir -p /docker/containers/openhab
                                1. Create a docker-compose.yml file in this directory with the following content:
                                version: '2'
 services:
@@ -60,7 +60,7 @@
 currentRFKeyIndex = 1
 responseDelay = 60

                                Some explanations:

                                • id: The ID printed on the back side of your BidCoS I/O device.
                                • deviceType: The device type of your BidCoS device (cul, cc1100, coc, cuno, hmcfglan, hmlgw).
                                • host: The IP address of your I/O interface.
                                • port: Usually 1000, you probably don’t need to change this.
                                • lanKey: The AES key used for the communication between Homegear and your I/O interface (for securing the LAN connection). If you’ve been using FHEM before, you’ve probably disabled AES encryption using HomeMatic’s configuration utility, as FHEM doesn’t support encryption. You should add AES encryption later. For a quick start, comment out this line.
                                • rfKey: A random key used for securing the connection between Homegear and the HomeMatic devices (sensors, actors, etc.). You should note it down somewhere, because if you lose it, you’ll have to re-pair all your devices.

                                After saving the configuration file, you’ll have to restart the Homegear daemon or the Docker Container running Homegear. Take a look at the logs in /var/log/homegear/homegear.log to find out if Homegear successfully connects to the BidCoS device.

                                Connecting OpenHAB to Homegear

                                • Browse to OpenHAB’s web interface at port 8080 (such as http://localhost:8080).
                                • Select the Paper UI (this one is new in OpenHAB 2).
                                • Go to “Extensions” and install “HomeMatic Binding”.
                                • Go to “Configuration” -> “Things”. Two new things should be detected automatically: “Homegear” and “GATEWAY-EXTRAS”. Add both of them. They should be indicated as “ONLINE” afterwards.

                                That’s it – for now…

                                Congratulations: You’ve mastered the essential steps of setting up OpenHAB for your HomeMatic based smart home! Next time, I’ll write about adding HomeMatic devices to OpenHAB using Homegear.

                                \ No newline at end of file diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html index 8d1ed4e..64b6411 100644 --- a/posts/https-ssl-in-wordpress-behind-proxy/index.html +++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html @@ -1,5 +1,5 @@ How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
                                Home » Posts

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                August 27, 2016 · 2 min · 255 words · Heiner

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.

                                The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.

                                This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:

                                Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:

                                proxy_set_header X-Forwarded-Host $host;
@@ -8,7 +8,7 @@
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
                                • Install and activate the SSL Insecure Content Fixer plugin in your WordPress installation’s admin panel.
                                • Navigate to Settings -> SSL Insecure Content.
                                • Set “HTTPS detection” to “HTTP_X_FORWARDED_PROTO (e.g. load balancer, reverse proxy, NginX)”.
                                • Navigate to Settings -> General.
                                • Set the “WordPress Address (URL)” and “Site Address (URL)” to your new HTTPS address.
                                • Check if everything is working as expected.
                                \ No newline at end of file diff --git a/posts/index.html b/posts/index.html index fb5d670..8834f8a 100644 --- a/posts/index.html +++ b/posts/index.html @@ -1,4 +1,4 @@ -Posts | Virtualzone Blog
                                Home

                                Posts +Posts | Virtualzone Blog
                                Home

                                Posts

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: @@ -8,7 +8,7 @@ By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner

                                Raspberry Pi OS: Remove unnecessary packages

                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                June 7, 2020 · 1 min · 161 words · Heiner

                                Analyze Traefik access log using InfluxDB and Grafana

                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner
                                © 2022 Heiner Beck. +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner

                                \ No newline at end of file diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html index 600ad57..9a37509 100644 --- a/posts/ipv6-on-a-sonicwall/index.html +++ b/posts/ipv6-on-a-sonicwall/index.html @@ -1,7 +1,7 @@ -How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog +How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
                                Home » Posts

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                November 20, 2014 · 2 min · 372 words · Heiner

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.

                                The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.

                                1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).

                                2. Go to Network -> Interfaces and select to view IPv6.

                                • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                                • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                                • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                                • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.

                                1. Go to Network -> Address Objects and select to view IPv6. Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.

                                2. Go to Network -> NAT Policies and select to view IPv6.

                                • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                                • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                                1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                                \ No newline at end of file diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html index 774af52..2b0e428 100644 --- a/posts/jenkins-build-docker-images/index.html +++ b/posts/jenkins-build-docker-images/index.html @@ -1,5 +1,5 @@ How to let Jenkins build Docker images | Virtualzone Blog +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
                                Home » Posts

                                How to let Jenkins build Docker images

                                June 11, 2017 · 2 min · 370 words · Heiner

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.

                                So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.

                                To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:

                                FROM jenkins:alpine
@@ -21,7 +21,7 @@

                                These lines build the Docker image, log in to Docker Hub and push the recently built image.

                                Update:

                                If you want to use docker-compose from your Jenkins Docker container as well, add these lines to your Dockerfile:

                                RUN apk add py-pip
 RUN pip install docker-compose
                                \ No newline at end of file diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html index 00dfb1a..07eb1cc 100644 --- a/posts/k3s-glusterfs/index.html +++ b/posts/k3s-glusterfs/index.html @@ -1,6 +1,6 @@ -Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog +Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
                                Home » Posts

                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                September 3, 2021 · 1 min · 118 words · Heiner

                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

                                Read the tutorial in Hetzner’s Online Community.

                                \ No newline at end of file diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html index 6478773..5ca4ebd 100644 --- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html +++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -1,6 +1,6 @@ Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone Blog +version: '2' services: webfrontend: container_name: webfrontend [.">
                                \ No newline at end of file diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html index b87125b..7c9e2e2 100644 --- a/posts/multi-arch-docker-images-1/index.html +++ b/posts/multi-arch-docker-images-1/index.html @@ -1,4 +1,4 @@ -Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog +Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
                                Home » Posts

                                Build Multi-Arch images on Docker Hub (Part 1)

                                May 15, 2020 · 3 min · 502 words · Heiner

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.

                                Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:

                                FROM amd64/alpine:3.11
 ...

                                Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.

                                Dockerfile.arm32v6 für ARM32V6:

                                FROM alpine:3.11 AS qemu
@@ -59,7 +59,7 @@
 chmod +x manifest-tool
 ./manifest-tool push from-spec multi-arch-manifest.yaml

                                Damit ist Euer Projekt vorbereitet und bereit für Multi-Arch-Builds.

                                Im nächsten Teil zeige ich Euch, wie Ihr die “Automated Builds” im Docker Hub konfiguriert, um den Multi-Arch-Build auch tatsächlich durchzuführen.

                                \ No newline at end of file diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html index 4260f82..23ecb83 100644 --- a/posts/multi-arch-docker-images-2/index.html +++ b/posts/multi-arch-docker-images-2/index.html @@ -1,5 +1,5 @@ Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">
                                Home » Posts

                                Build Multi-Arch images on Docker Hub (Part 2)

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.

                                Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:

                                Einen automatisierten Build im Docker Hub konfigurieren. @@ -8,7 +8,7 @@ Der Trick ist, dass das “ungetaggte” Image alle anderen Architektur-Images zugeordnet bekommt. Dadurch kann ein Anwender, der “docker run” oder “docker pull” auf Euer Image durchführt, das für seine Architektur passende Image automatisch laden, ohne explizit die Plattform nennen zu müssen. Ein Mac zieht somit das AMD64-Image, während ein Raspbian das ARM32V7-Image lädt und ein Raspberry Pi 4 mit 64bit-Ubuntu das ARM64V8 Image. Alles ohne weiteres zutun.

                                Das war es dann auch schon mit der Konfiguration. Ein Klick auf “Save and Build” stellt die ausstehenden Builds (hier fünf an der Zahl) in die Warteschlange. Meiner Erfahrung nach kann es auf der Docker Hub Infrastruktur auch für einfache Images durchaus ein paar Stunden dauern, bis alle Images gebaut wurden. Was schon erledigt ist und was noch aussteht, könnt Ihr unter “Recent Builds” verfolgen.

                                Die Recent Builds geben Auskunft über die noch ausstehenden und schon erfolgten Automated Builds. Ihr werdet sehen, dass die ersten Builds als fehlgeschlagen markiert werden. Das ist völlig normal! Ein Blick in die Build Logs zeigt den nachvollziehbaren Grund: Nach jedem Build wird das multi-arch-manifest.yaml Docker-Manifest angewandt. Bevor das letzte Ziel-Architektur.Image aber nicht fertig gebaut wurde, können nicht alle Architektur-Images dem “ungetaggten” Image hinzugefügt werden und das Build schlägt augenscheinlich fehl.

                                Kein Grund zur Sorge: Der Fehler “failed with error: manifest unknown: manifest unknown”. Tatsächlich wurde das jeweilige Image aber (hoffentlich) erfolgreich gebaut und gepusht. Erst beim letzten Multi-Arch-Image kann das Manifest-Tool dann auch erfolgreich seine Arbeit verrichten und die Architekturen verknüpfen. Lasst Euch davon also nicht aus der Ruhe bringen und beobachtet die Build Logs aufmerksam.

                                Ich wünsche Euch viel Spaß mit den Multi-Arch-Images im Docker Hub!

                                \ No newline at end of file diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html index 4bcf305..219e0b2 100644 --- a/posts/onedrive-upload-backup/index.html +++ b/posts/onedrive-upload-backup/index.html @@ -1,4 +1,4 @@ -Back up server to OneDrive’s special App Folder | Virtualzone Blog +Back up server to OneDrive’s special App Folder | Virtualzone Blog
                                Home » Posts

                                Back up server to OneDrive’s special App Folder

                                September 2, 2021 · 4 min · 682 words · Heiner

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.

                                Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.

                                I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.

                                To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:

                                1. Log in to the Microsoft Azure Portal.
                                2. Navigate to “App registrations”.
                                3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                                4. Copy the Application (client) ID.
                                5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                                6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                                • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                                • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read

                                Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.

                                You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:

                                curl -s -L https://git.io/JRie0 | bash

                                Now create a configuration file named config.json. Replace and :

                                {
     "client_id": "<client id from azure app>",
     "client_secret": "<client secret from azure app>",
@@ -29,7 +29,7 @@
     fi
 done

                                This bash script uploads all files from the local directory $TARGET to its app folder in your OneDrive. It creates a sub-folder named YYYY-MM-DD (i.e. 2021-08-30). For each file, after having finished the upload, it checks she SHA256 hash so that you can be sure the upload is intact.

                                \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html index 8f94fd3..4a683da 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -1,4 +1,4 @@ -Posts | Virtualzone Blog
                                Home

                                Posts +Posts | Virtualzone Blog
                                Home

                                Posts

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 1)

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                May 15, 2020 · 3 min · 502 words · Heiner

                                How to let Jenkins build Docker images

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                June 11, 2017 · 2 min · 370 words · Heiner

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. @@ -7,8 +7,8 @@ When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                August 27, 2016 · 2 min · 255 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner
                                © 2022 Heiner Beck. +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                \ No newline at end of file diff --git a/posts/page/3/index.html b/posts/page/3/index.html index 3e80e1a..d218f2b 100644 --- a/posts/page/3/index.html +++ b/posts/page/3/index.html @@ -1,8 +1,8 @@ -Posts | Virtualzone Blog
                                Home

                                Posts +Posts | Virtualzone Blog
                                Home

                                Posts

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck. +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner

                                \ No newline at end of file diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html index 21fb124..4b9590f 100644 --- a/posts/podman-multiple-networks/index.html +++ b/posts/podman-multiple-networks/index.html @@ -1,7 +1,7 @@ Connecting multiple networks to a Podman container | Virtualzone Blog +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:">
                                © 2022 Heiner Beck. +

                                For more information, you can take a look at this article.

                                \ No newline at end of file diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html index b88591e..e6d6c87 100644 --- a/posts/raspberry-pi-os-remove-packages/index.html +++ b/posts/raspberry-pi-os-remove-packages/index.html @@ -1,4 +1,4 @@ -Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog +Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
                                Home » Posts

                                Raspberry Pi OS: Remove unnecessary packages

                                June 7, 2020 · 1 min · 161 words · Heiner

                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.

                                You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.

                                Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:

                                sudo apt-get remove --purge \
     x11-* \
     gnome-* \
@@ -11,7 +11,7 @@
     xdg-*
 sudo apt-get autoremove --purge
                                \ No newline at end of file diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html index f3a55ce..1c102b3 100644 --- a/posts/reduce-pdf-file-size-2/index.html +++ b/posts/reduce-pdf-file-size-2/index.html @@ -1,5 +1,5 @@ How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
                                Home » Posts

                                How to reduce PDF file size in Linux - Part 2

                                August 15, 2015 · 1 min · 75 words · Heiner

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:

                                gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
@@ -12,7 +12,7 @@
 -sOutputFile=output.pdf input.pdf

                                Hint: This also works on MacOS. Just install GhostScript using Homebrew:

                                brew install ghostscript
                                \ No newline at end of file diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html index 03a6593..e55c636 100644 --- a/posts/reduce-pdf-file-size/index.html +++ b/posts/reduce-pdf-file-size/index.html @@ -1,6 +1,6 @@ How to reduce PDF file size in Linux | Virtualzone Blog +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
                                Home » Posts

                                How to reduce PDF file size in Linux

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:

                                gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf

                                You can also use the following parameters for -dPDFSETTINGS instead of /screen:

                                • /screen – Lowest quality, lowest size
                                • /ebook – Moderate quality
                                • /printer – Good quality
                                • /prepress – Best quality, highest size

                                Update: Read Part 2 of this blog post for more detailled file size reduction settings.

                                Hint: This also works on MacOS. Just install GhostScript using Homebrew:

                                brew install ghostscript
                                \ No newline at end of file diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html index c694fd0..5f3589f 100644 --- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html +++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -1,6 +1,6 @@ Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.">
                                \ No newline at end of file diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html index 260c864..eb7d885 100644 --- a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html +++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -1,5 +1,5 @@ Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog +By default, USG only allows for one IP address when dialing in via PPPoE.">
                                Home » Posts

                                Unifi USG: Multiple IP addresses on PPPoE

                                August 16, 2021 · 2 min · 353 words · Heiner

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).

                                By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.

                                Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:

                                1. Create (or extend) a config.gateway.json file

                                Place a file named config.gateway.json in the following path of your Unifi Network controller:

                                /unifi/data/sites/default/

                                You might need to replace “default” with the correct label of the affected site.

                                2. Add DNAT and SNAT rules to the config.gateway.json file

                                In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.

                                {
@@ -41,7 +41,7 @@
     }
 }

                                3. Trigger a provision of your new config to your USG

                                Log in to your Unifi Network Controller. Navigate to “Devices” and choose your Unifi Security Gateway. Go to “Device”, select “Manage” and click “Trigger Provision”.

                                img

                                4. Test your configuration

                                From a system outside your network, try to reach the configured port by using nmap, curl or a web browser.

                                \ No newline at end of file diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html index e046e78..60ecd48 100644 --- a/posts/uptime-robot-website-monitoring/index.html +++ b/posts/uptime-robot-website-monitoring/index.html @@ -1,6 +1,6 @@ -UptimeRobot: A nice free website monitoring service | Virtualzone Blog +UptimeRobot: A nice free website monitoring service | Virtualzone Blog
                                Home » Posts

                                UptimeRobot: A nice free website monitoring service

                                September 5, 2016 · 1 min · 120 words · Heiner

                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).

                                I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.

                                \ No newline at end of file diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html index eecc906..44a1178 100644 --- a/posts/usb-boot-raspberry-pi/index.html +++ b/posts/usb-boot-raspberry-pi/index.html @@ -1,5 +1,5 @@ Native USB boot for Raspberry Pi 4 | Virtualzone Blog +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.">
                                Home » Posts

                                Native USB boot for Raspberry Pi 4

                                May 28, 2020 · 2 min · 404 words · Heiner

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).

                                To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.

                                Download Raspberry OS 64 bit

                                You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:

                                brew cask install raspberry-pi-imager
@@ -12,7 +12,7 @@

                                After the reboot, the following command should state that the new beta firmware has been installed:

                                sudo rpi-eeprom-update

                                Alternatively, you can flash the new EEPROM version by downloading it from the GitHub repository and run the following command:

                                sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin

                                Prepare an SSD for USB boot

                                To make your Raspberry Pi boot from an USB drive (such as an SSD, an external hard drive or an USB thumb drive), use the Raspberry Pi Imager to write Raspberry Pi OS to your USB drive.

                                Finally, connect the USB drive to your Raspberry Pi 4, remove the SD card, and connect the power cord. Watch your Pi boot from USB - without any SD Card workaround.

                                \ No newline at end of file diff --git a/privacy-policy/index.html b/privacy-policy/index.html index a2fd6ed..fbab859 100644 --- a/privacy-policy/index.html +++ b/privacy-policy/index.html @@ -1,6 +1,6 @@ Privacy Policy | Virtualzone Blog +Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties."> api | Virtualzone Blog
                                Home » Tags

                                api +api | Virtualzone Blog
                                Home » Tags

                                api

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/docker/index.html b/tags/docker/index.html index dcde4d5..b624378 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -1,4 +1,4 @@ -docker | Virtualzone Blog
                                Home » Tags

                                docker +docker | Virtualzone Blog
                                Home » Tags

                                docker

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html index b10b94f..107cf62 100644 --- a/tags/endonomdo/index.html +++ b/tags/endonomdo/index.html @@ -1,4 +1,4 @@ -endonomdo | Virtualzone Blog

                                Home » Tags

                                endonomdo +endonomdo | Virtualzone Blog
                                Home » Tags

                                endonomdo

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/fhem/index.html b/tags/fhem/index.html index 3bc9a04..6bbd1e3 100644 --- a/tags/fhem/index.html +++ b/tags/fhem/index.html @@ -1,4 +1,4 @@ -fhem | Virtualzone Blog
                                Home » Tags

                                fhem +fhem | Virtualzone Blog
                                Home » Tags

                                fhem

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/firewall/index.html b/tags/firewall/index.html index 4589937..d03db3d 100644 --- a/tags/firewall/index.html +++ b/tags/firewall/index.html @@ -1,4 +1,4 @@ -firewall | Virtualzone Blog
                                Home » Tags

                                firewall +firewall | Virtualzone Blog
                                Home » Tags

                                firewall

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/github/index.html b/tags/github/index.html index d52809a..2affe96 100644 --- a/tags/github/index.html +++ b/tags/github/index.html @@ -1,4 +1,4 @@ -github | Virtualzone Blog
                                Home » Tags

                                github +github | Virtualzone Blog
                                Home » Tags

                                github

                                Back up server to OneDrive’s special App Folder

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                September 2, 2021 · 4 min · 682 words · Heiner

                                Unifi USG: Multiple IP addresses on PPPoE

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/google/index.html b/tags/google/index.html index b44fffc..a541924 100644 --- a/tags/google/index.html +++ b/tags/google/index.html @@ -1,4 +1,4 @@ -google | Virtualzone Blog
                                Home » Tags

                                google +google | Virtualzone Blog
                                Home » Tags

                                google

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html index 58fc9d8..92751a1 100644 --- a/tags/homeautomation/index.html +++ b/tags/homeautomation/index.html @@ -1,4 +1,4 @@ -homeautomation | Virtualzone Blog
                                Home » Tags

                                homeautomation +homeautomation | Virtualzone Blog
                                Home » Tags

                                homeautomation

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/index.html b/tags/index.html index 37ad63f..76685dd 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,4 @@ -Tags | Virtualzone Blog

                                Tags

                                © 2022 Heiner Beck. +Tags | Virtualzone Blog

                                Tags

                                \ No newline at end of file diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html index d5dc1df..8d988c5 100644 --- a/tags/ipv6/index.html +++ b/tags/ipv6/index.html @@ -1,4 +1,4 @@ -ipv6 | Virtualzone Blog
                                Home » Tags

                                ipv6 +ipv6 | Virtualzone Blog
                                Home » Tags

                                ipv6

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html index 9a4cd8e..747b519 100644 --- a/tags/kubernetes/index.html +++ b/tags/kubernetes/index.html @@ -1,4 +1,4 @@ -kubernetes | Virtualzone Blog
                                Home » Tags

                                kubernetes +kubernetes | Virtualzone Blog
                                Home » Tags

                                kubernetes

                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                September 3, 2021 · 1 min · 118 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html index 92a15d7..a848348 100644 --- a/tags/letsencrypt/index.html +++ b/tags/letsencrypt/index.html @@ -1,4 +1,4 @@ -letsencrypt | Virtualzone Blog
                                Home » Tags

                                letsencrypt +letsencrypt | Virtualzone Blog
                                Home » Tags

                                letsencrypt

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                                February 11, 2017 · 2 min · 287 words · Heiner
                                © 2022 Heiner Beck. diff --git a/tags/linux/index.html b/tags/linux/index.html index e39eb25..aacd460 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -1,4 +1,4 @@ -linux | Virtualzone Blog
                                Home » Tags

                                linux +linux | Virtualzone Blog
                                Home » Tags

                                linux

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: diff --git a/tags/macos/index.html b/tags/macos/index.html index 62f85c0..c60bc1d 100644 --- a/tags/macos/index.html +++ b/tags/macos/index.html @@ -1,4 +1,4 @@ -macos | Virtualzone Blog

                                Home » Tags

                                macos +macos | Virtualzone Blog
                                Home » Tags

                                macos

                                Creating an encrypted file container on macOS

                                Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                December 6, 2016 · 2 min · 356 words · Heiner

                                Fix Docker not using /etc/hosts on MacOS

                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: diff --git a/tags/nginx/index.html b/tags/nginx/index.html index d917707..9212645 100644 --- a/tags/nginx/index.html +++ b/tags/nginx/index.html @@ -1,4 +1,4 @@ -nginx | Virtualzone Blog

                                Home » Tags

                                nginx +nginx | Virtualzone Blog
                                Home » Tags

                                nginx

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                                February 11, 2017 · 2 min · 287 words · Heiner
                                © 2022 Heiner Beck. diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html index db62c4d..646eb8d 100644 --- a/tags/onedrive/index.html +++ b/tags/onedrive/index.html @@ -1,4 +1,4 @@ -onedrive | Virtualzone Blog
                                Home » Tags

                                onedrive +onedrive | Virtualzone Blog
                                Home » Tags

                                onedrive

                                Back up server to OneDrive’s special App Folder

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                September 2, 2021 · 4 min · 682 words · Heiner

                                Unifi USG: Multiple IP addresses on PPPoE

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/openhab/index.html b/tags/openhab/index.html index 2297b50..2bb1f7e 100644 --- a/tags/openhab/index.html +++ b/tags/openhab/index.html @@ -1,4 +1,4 @@ -openhab | Virtualzone Blog
                                Home » Tags

                                openhab +openhab | Virtualzone Blog
                                Home » Tags

                                openhab

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/proxy/index.html b/tags/proxy/index.html index ca89b71..ca658a5 100644 --- a/tags/proxy/index.html +++ b/tags/proxy/index.html @@ -1,4 +1,4 @@ -proxy | Virtualzone Blog
                                Home » Tags

                                proxy +proxy | Virtualzone Blog
                                Home » Tags

                                proxy

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                August 27, 2016 · 2 min · 255 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html index c67dd94..a23395f 100644 --- a/tags/raspberrypi/index.html +++ b/tags/raspberrypi/index.html @@ -1,4 +1,4 @@ -raspberrypi | Virtualzone Blog
                                Home » Tags

                                raspberrypi +raspberrypi | Virtualzone Blog
                                Home » Tags

                                raspberrypi

                                Raspberry Pi OS: Remove unnecessary packages

                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                June 7, 2020 · 1 min · 161 words · Heiner

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner
                                © 2022 Heiner Beck. Powered by diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html index 3663c54..230457b 100644 --- a/tags/sonicwall/index.html +++ b/tags/sonicwall/index.html @@ -1,4 +1,4 @@ -sonicwall | Virtualzone Blog
                                Home » Tags

                                sonicwall +sonicwall | Virtualzone Blog
                                Home » Tags

                                sonicwall

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/tags/tool/index.html b/tags/tool/index.html index 9949629..dee7713 100644 --- a/tags/tool/index.html +++ b/tags/tool/index.html @@ -1,4 +1,4 @@ -tool | Virtualzone Blog
                                Home » Tags

                                tool +tool | Virtualzone Blog
                                Home » Tags

                                tool

                                Back up server to OneDrive’s special App Folder

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                September 2, 2021 · 4 min · 682 words · Heiner

                                Unifi USG: Multiple IP addresses on PPPoE

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner

                                UptimeRobot: A nice free website monitoring service

                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                September 5, 2016 · 1 min · 120 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html index c6bfc33..649608d 100644 --- a/tags/wordpress/index.html +++ b/tags/wordpress/index.html @@ -1,4 +1,4 @@ -wordpress | Virtualzone Blog

                                Home » Tags

                                wordpress +wordpress | Virtualzone Blog
                                Home » Tags

                                wordpress

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                August 27, 2016 · 2 min · 255 words · Heiner
                                © 2022 Heiner Beck. Powered by From df4c63525aa5edca3096bec00490162ae21b1cdb Mon Sep 17 00:00:00 2001 From: virtualzone Date: Thu, 27 Oct 2022 18:47:06 +0000 Subject: [PATCH 16/25] deploy: b0074ee99c86a03ae73a6d9e2fe01d68a953eec4 --- index.html | 7 ++- index.xml | 11 +++- page/2/index.html | 6 +-- page/3/index.html | 3 +- posts/alpine-podman/index.html | 4 +- posts/index.html | 7 ++- posts/index.xml | 11 +++- posts/openrc-podman-kube-play/index.html | 64 +++++++++++++++++++++++ posts/page/2/index.html | 6 +-- posts/page/3/index.html | 3 +- posts/podman-multiple-networks/index.html | 3 +- sitemap.xml | 17 +++--- tags/docker/index.html | 6 +-- tags/docker/index.xml | 11 +++- tags/docker/page/2/index.html | 5 ++ tags/index.html | 2 +- tags/index.xml | 6 +-- tags/linux/index.html | 4 +- tags/linux/index.xml | 11 +++- 19 files changed, 148 insertions(+), 39 deletions(-) create mode 100644 posts/openrc-podman-kube-play/index.html create mode 100644 tags/docker/page/2/index.html diff --git a/index.html b/index.html index 0b5a9da..f5ab26c 100644 --- a/index.html +++ b/index.html @@ -2,16 +2,15 @@

                                Compose Updater

                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                GitHub Project

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)

                                GitHub Project

                                USG Blacklist

                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                                GitHub Project -

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 852 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                June 19, 2022 · 3 min · 479 words · Heiner

                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                September 3, 2021 · 1 min · 118 words · Heiner

                                Back up server to OneDrive’s special App Folder

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                September 2, 2021 · 4 min · 682 words · Heiner

                                Unifi USG: Multiple IP addresses on PPPoE

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner

                                Raspberry Pi OS: Remove unnecessary packages

                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                June 7, 2020 · 1 min · 161 words · Heiner

                                Analyze Traefik access log using InfluxDB and Grafana

                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner
                                © 2022 Heiner Beck. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner

                                \ No newline at end of file diff --git a/index.xml b/index.xml index 339ac4b..e04f3d4 100644 --- a/index.xml +++ b/index.xml @@ -7,7 +7,16 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 + + OpenRC Script for 'podman kube play' + https://virtualzone.de/posts/openrc-podman-kube-play/ + Wed, 26 Oct 2022 15:00:00 +0000 + + https://virtualzone.de/posts/openrc-podman-kube-play/ + In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. + + Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ diff --git a/page/2/index.html b/page/2/index.html index 314d077..5b5b908 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,12 +1,12 @@ -Virtualzone Blog

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Virtualzone Blog

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 1)

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                May 15, 2020 · 3 min · 502 words · Heiner

                                How to let Jenkins build Docker images

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                June 11, 2017 · 2 min · 370 words · Heiner

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                                February 11, 2017 · 2 min · 287 words · Heiner

                                Creating an encrypted file container on macOS

                                Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                December 6, 2016 · 2 min · 356 words · Heiner

                                UptimeRobot: A nice free website monitoring service

                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                September 5, 2016 · 1 min · 120 words · Heiner

                                Fix Docker not using /etc/hosts on MacOS

                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                August 27, 2016 · 2 min · 255 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner
                                August 27, 2016 · 2 min · 255 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/page/3/index.html b/page/3/index.html index 5eab662..f1bad2d 100644 --- a/page/3/index.html +++ b/page/3/index.html @@ -1,4 +1,5 @@ -Virtualzone Blog

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +Virtualzone Blog

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck. diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html index d5631c1..8e71baf 100644 --- a/posts/alpine-podman/index.html +++ b/posts/alpine-podman/index.html @@ -2,7 +2,7 @@ Podman was initially developed by RedHat and is available as an open source project.">
                                Home » Posts

                                Setting up Alpine Linux with Podman

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.

                                Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.

                                In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.

                                Download and install Alpine

                                First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                                1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                2. Boot system from ISO and run:
                                  # setup-alpine
+Podman was initially developed by RedHat and is available as an open source project.">
                                  Home » Posts
                                  Setting up Alpine Linux with Podman
                                  June 25, 2022 · 4 min · 852 words · Heiner
                                  Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                                  Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                                  In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                                  Download and install Alpine
                                  First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                  1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                  2. Boot system from ISO and run:
                                    # setup-alpine
 
                                  3. Reboot and install the nano edit:
                                    # apk add nano
 
                                  4. Enable community repository in the following file:
                                    # nano /etc/apk/repositories
 
                                  5. Update the index of available package:
                                    # apk update
@@ -63,7 +63,7 @@
 source "/home/${command_user}/pods/init.d/pod"
                                3. Create a symlink in /etc/init.d/:
                                  # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
                                4. Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                                  # rc-update add pod-traefik
-
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/posts/index.html b/posts/index.html index 8834f8a..81635d1 100644 --- a/posts/index.html +++ b/posts/index.html @@ -1,14 +1,13 @@ Posts | Virtualzone Blog
                                Home

                                Posts -

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 852 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                June 19, 2022 · 3 min · 479 words · Heiner

                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                September 3, 2021 · 1 min · 118 words · Heiner

                                Back up server to OneDrive’s special App Folder

                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                September 2, 2021 · 4 min · 682 words · Heiner

                                Unifi USG: Multiple IP addresses on PPPoE

                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                August 16, 2021 · 2 min · 353 words · Heiner

                                Raspberry Pi OS: Remove unnecessary packages

                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                June 7, 2020 · 1 min · 161 words · Heiner

                                Analyze Traefik access log using InfluxDB and Grafana

                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner
                                © 2022 Heiner Beck. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Export trainings from Endomondo as GPX files

                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                June 1, 2020 · 2 min · 341 words · Heiner
                                \ No newline at end of file diff --git a/posts/index.xml b/posts/index.xml index a804fe2..a967dae 100644 --- a/posts/index.xml +++ b/posts/index.xml @@ -7,7 +7,16 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 + + OpenRC Script for 'podman kube play' + https://virtualzone.de/posts/openrc-podman-kube-play/ + Wed, 26 Oct 2022 15:00:00 +0000 + + https://virtualzone.de/posts/openrc-podman-kube-play/ + In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. + + Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ diff --git a/posts/openrc-podman-kube-play/index.html b/posts/openrc-podman-kube-play/index.html new file mode 100644 index 0000000..dc1551c --- /dev/null +++ b/posts/openrc-podman-kube-play/index.html @@ -0,0 +1,64 @@ +OpenRC Script for 'podman kube play' | Virtualzone Blog +
                                Home » Posts

                                OpenRC Script for 'podman kube play'

                                October 26, 2022 · 3 min · 483 words · Heiner

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”. This is due to the fact that OpenRC is not able to identify the exact process spawned by Podman.

                                I’ve therefore improved my OpenRC startup script to be used with podman kube play YAML files. In this post, I’m presenting my results. If you have further improvements, please let me know.

                                What does not work

                                The podman pod create command features the --infra-conmon-pidfile=file option. This option writes the PID of the infra container’s conmon process to a file.

                                Using this option, it was easy to enable OpenRC identifying the status of a Pod and start the Pod in background:

                                pidfile="/run/${RC_SVCNAME}.pid"
+command_background=true
+

                                Unfortunately, the --infra-conmon-pidfile=file option is not (yet?) available when using the podman kube play command.

                                I’ve tried to discover the infra container’s PID file using the podman inspect command and using this value dynamically in my OpenRC scripts:

                                podman inspect --format '{{ .PidFile }}' somecontainer-infra
+

                                However, OpenRC doesn’t seem happy with PID files appearing and disapperaring dynamically.

                                What does work

                                I’ve created a pod script which is sourced by multiple pod-* scripts.

                                The pod script includes functions for getting the status of a Pod and stopping a Pod. The script assumes that your Pod’s Kubernetes YAML is located at /home/${command_user}/pods/${pod_name}/pod.yaml.

                                /home/your-user/pods/init.d/pod

                                #!/sbin/openrc-run
+
+name=$RC_SVCNAME
+command="/usr/bin/podman"
+networks_=''
+for n in ${pod_networks}; do
+	networks_="${networks_} --network $n";
+done
+command_args="play kube ${networks_} /home/${command_user}/pods/${pod_name}/pod.yaml >/dev/null 2>&1 &"
+
+depend() {
+	after network-online 
+	use net 
+}
+
+cleanup() {
+	/sbin/runuser -u ${command_user} -- ${command} pod exists ${pod_name}
+	result=$?
+	if [ $result -eq 0 ]; then
+	        /sbin/runuser -u ${command_user} -- ${command} pod stop ${pod_name} > /dev/null
+        	/sbin/runuser -u ${command_user} -- ${command} pod rm ${pod_name} > /dev/null
+	fi
+}
+
+start_pre() {
+	cleanup
+}
+
+stop() {
+	ebegin "Stopping $RC_SVCNAME"
+	cleanup
+	eend $?
+}
+
+status() {
+	/sbin/runuser -u ${command_user} -- ${command} pod exists ${pod_name} 2> /dev/null
+	result=$?
+	if [ $result -eq 0 ]; then
+		einfo "status: started"
+		return 0
+	else
+		einfo "status: stopped"
+		return 3
+	fi
+}
+

                                The script for controlling a Pod “xyz” can look like this.

                                • command_user specifies the user running the Pod
                                • pod_name sets the Pod’s name
                                • pod_networks sets a space-separated list of networks the Pod should be connected to

                                /home/your-user/pods/init.d/pod-xyz

                                #!/sbin/openrc-run
+
+command_user="your-user"
+pod_name=xyz
+pod_networks='network1 network2 ...'
+
+source "/home/${command_user}/pods/init.d/pod"
+

                                Using root (i.e. using doas or sudo), you can then create a symlink in /etc/init.d and add the pod to the default run level at boot time:

                                cd /etc/init.d
+ln -s /home/<user>/pods/pod-xyz
+rc-update add pod-xyz
+

                                Use rc-service to start and stop your Pod:

                                doas rc-service pod-xyz start
+
                                \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html index 4a683da..141be01 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -1,13 +1,13 @@ Posts | Virtualzone Blog
                                Home

                                Posts -

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 1)

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                May 15, 2020 · 3 min · 502 words · Heiner

                                How to let Jenkins build Docker images

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                June 11, 2017 · 2 min · 370 words · Heiner

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                                February 11, 2017 · 2 min · 287 words · Heiner

                                Creating an encrypted file container on macOS

                                Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                December 6, 2016 · 2 min · 356 words · Heiner

                                UptimeRobot: A nice free website monitoring service

                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                September 5, 2016 · 1 min · 120 words · Heiner

                                Fix Docker not using /etc/hosts on MacOS

                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner

                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                August 27, 2016 · 2 min · 255 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner
                                August 27, 2016 · 2 min · 255 words · Heiner
                                © 2022 Heiner Beck. Powered by Hugo & diff --git a/posts/page/3/index.html b/posts/page/3/index.html index d218f2b..64cb81a 100644 --- a/posts/page/3/index.html +++ b/posts/page/3/index.html @@ -1,5 +1,6 @@ Posts | Virtualzone Blog
                                Home

                                Posts -

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                August 10, 2012 · 1 min · 162 words · Heiner
                                © 2022 Heiner Beck. diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html index 4b9590f..9b97944 100644 --- a/posts/podman-multiple-networks/index.html +++ b/posts/podman-multiple-networks/index.html @@ -29,7 +29,8 @@ 2 packets transmitted, 0 packets received, 100% packet loss

                                The solution

                                The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.

                                On my Alpine system, rp_filter was set to 1 by default. The setting controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.

                                You can try the solution temporarily by running:

                                # sysctl -w net.ipv4.conf.all.rp_filter=2

                                To survive the next reboot, persist the setting by adding it to /etc/sysctl.conf:

                                # echo "net.ipv4.conf.all.rp_filter=2" >> /etc/sysctl.conf
-

                                For more information, you can take a look at this article.

                                © 2022 Heiner Beck. +

                                For more information, you can take a look at this article.

                                \ No newline at end of file diff --git a/sitemap.xml b/sitemap.xml index 312736d..3b76011 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,22 +2,25 @@ - https://virtualzone.de/posts/podman-multiple-networks/ - 2022-10-16T17:00:00+00:00 - https://virtualzone.de/tags/docker/ - 2022-10-16T17:00:00+00:00 + 2022-10-26T15:00:00+00:00 https://virtualzone.de/tags/linux/ - 2022-10-16T17:00:00+00:00 + 2022-10-26T15:00:00+00:00 + + https://virtualzone.de/posts/openrc-podman-kube-play/ + 2022-10-26T15:00:00+00:00 https://virtualzone.de/posts/ - 2022-10-16T17:00:00+00:00 + 2022-10-26T15:00:00+00:00 https://virtualzone.de/tags/ - 2022-10-16T17:00:00+00:00 + 2022-10-26T15:00:00+00:00 https://virtualzone.de/ + 2022-10-26T15:00:00+00:00 + + https://virtualzone.de/posts/podman-multiple-networks/ 2022-10-16T17:00:00+00:00 https://virtualzone.de/posts/alpine-podman/ diff --git a/tags/docker/index.html b/tags/docker/index.html index b624378..03b8924 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -1,9 +1,9 @@ docker | Virtualzone Blog
                                Home » Tags

                                docker -

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 852 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                June 19, 2022 · 3 min · 479 words · Heiner

                                Analyze Traefik access log using InfluxDB and Grafana

                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                June 3, 2020 · 2 min · 373 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. @@ -12,7 +12,7 @@ First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: '2' services: webfrontend: container_name: webfrontend [....

                                February 11, 2017 · 2 min · 287 words · Heiner

                                Fix Docker not using /etc/hosts on MacOS

                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner
                                © 2022 Heiner Beck. +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                August 28, 2016 · 1 min · 163 words · Heiner
                                \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml index 8071a44..f57cbde 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -7,7 +7,16 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 + + OpenRC Script for 'podman kube play' + https://virtualzone.de/posts/openrc-podman-kube-play/ + Wed, 26 Oct 2022 15:00:00 +0000 + + https://virtualzone.de/posts/openrc-podman-kube-play/ + In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. + + Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ diff --git a/tags/docker/page/2/index.html b/tags/docker/page/2/index.html new file mode 100644 index 0000000..2160424 --- /dev/null +++ b/tags/docker/page/2/index.html @@ -0,0 +1,5 @@ +docker | Virtualzone Blog
                                Home » Tags

                                docker +

                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                August 28, 2016 · 6 min · 1084 words · Heiner
                                \ No newline at end of file diff --git a/tags/index.html b/tags/index.html index 76685dd..dd2ff40 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,4 @@ -Tags | Virtualzone Blog

                                Tags

                                © 2022 Heiner Beck. +Tags | Virtualzone Blog

                                Tags

                                \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index fe7cd33..a416825 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -7,11 +7,11 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 docker https://virtualzone.de/tags/docker/ - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 https://virtualzone.de/tags/docker/ @@ -20,7 +20,7 @@ linux https://virtualzone.de/tags/linux/ - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 https://virtualzone.de/tags/linux/ diff --git a/tags/linux/index.html b/tags/linux/index.html index aacd460..6db2326 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -1,9 +1,9 @@ linux | Virtualzone Blog
                                Home » Tags

                                linux -

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 840 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +Podman was initially developed by RedHat and is available as an open source project....

                                June 25, 2022 · 4 min · 852 words · Heiner

                                Setting up Alpine Linux with Rootless Docker

                                As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                June 19, 2022 · 3 min · 479 words · Heiner

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: diff --git a/tags/linux/index.xml b/tags/linux/index.xml index 73614ab..20a4fc3 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -7,7 +7,16 @@ Hugo -- gohugo.io en-us &copy; 2022 Heiner Beck. - Sun, 16 Oct 2022 17:00:00 +0000 + Wed, 26 Oct 2022 15:00:00 +0000 + + OpenRC Script for 'podman kube play' + https://virtualzone.de/posts/openrc-podman-kube-play/ + Wed, 26 Oct 2022 15:00:00 +0000 + + https://virtualzone.de/posts/openrc-podman-kube-play/ + In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. + + Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ From abe538135c340d05aefefd65b7fff22fca6c0c5b Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sat, 12 Nov 2022 12:38:34 +0000 Subject: [PATCH 17/25] deploy: 64dc2e63ea451cf5648b1cf3171d5965c07c5095 --- index.html | 4 ++-- page/2/index.html | 2 +- page/3/index.html | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index f5ab26c..4617cff 100644 --- a/index.html +++ b/index.html @@ -1,8 +1,8 @@ -Virtualzone Blog

                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app +Virtualzone Blog
                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app

                                Compose Updater

                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                GitHub Project

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)

                                GitHub Project

                                USG Blacklist

                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                                GitHub Project -

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. diff --git a/page/2/index.html b/page/2/index.html index 5b5b908..bd36a85 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +Virtualzone Blog

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 1)

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                May 15, 2020 · 3 min · 502 words · Heiner

                                How to let Jenkins build Docker images

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                June 11, 2017 · 2 min · 370 words · Heiner

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. diff --git a/page/3/index.html b/page/3/index.html index f1bad2d..fb83fdf 100644 --- a/page/3/index.html +++ b/page/3/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +Virtualzone Blog

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: From 86715b802d8dafb38aa32c6357737436d7c9bfb2 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 13 Nov 2022 12:54:51 +0000 Subject: [PATCH 18/25] deploy: 98c89bf77d6e451df84d89d09bf053e8ed23fd7f --- index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.html b/index.html index 4617cff..918ecb7 100644 --- a/index.html +++ b/index.html @@ -1,6 +1,6 @@ Virtualzone Blog

                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app

                                Compose Updater

                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                GitHub Project -

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root)

                                GitHub Project +

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                GitHub Project

                                USG Blacklist

                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                                GitHub Project

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. From ad3f445b29946b86f9f22f833b596ec84236efb4 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Thu, 29 Dec 2022 12:39:37 +0000 Subject: [PATCH 19/25] deploy: 30d08d522409392ed2e32028ef9ea74dc94a17a3 --- index.html | 4 ++-- page/2/index.html | 2 +- page/3/index.html | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/index.html b/index.html index 918ecb7..9ae6003 100644 --- a/index.html +++ b/index.html @@ -1,8 +1,8 @@ -Virtualzone Blog

                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app +Virtualzone Blog
                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app

                                Compose Updater

                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                GitHub Project

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                GitHub Project

                                USG Blacklist

                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                                GitHub Project -

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. diff --git a/page/2/index.html b/page/2/index.html index bd36a85..13bf33f 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +Virtualzone Blog

                                Native USB boot for Raspberry Pi 4

                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                May 28, 2020 · 2 min · 404 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 2)

                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                May 16, 2020 · 3 min · 443 words · Heiner

                                Build Multi-Arch images on Docker Hub (Part 1)

                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                May 15, 2020 · 3 min · 502 words · Heiner

                                How to let Jenkins build Docker images

                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                June 11, 2017 · 2 min · 370 words · Heiner

                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. diff --git a/page/3/index.html b/page/3/index.html index fb83fdf..b70535d 100644 --- a/page/3/index.html +++ b/page/3/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +Virtualzone Blog

                                How to reduce PDF file size in Linux - Part 2

                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                August 15, 2015 · 1 min · 75 words · Heiner

                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                November 20, 2014 · 2 min · 372 words · Heiner

                                How to reduce PDF file size in Linux

                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                November 21, 2012 · 1 min · 98 words · Heiner

                                Determining a location’s federal state using Google Maps API

                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: From ff17ee3a83e04ff6617a85073a82f8a14ca68585 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Mon, 16 Jan 2023 05:50:02 +0000 Subject: [PATCH 20/25] deploy: 0125e914653e5ab08c77d180b8623dd8e037b4e2 --- index.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/index.html b/index.html index 9ae6003..09f8d60 100644 --- a/index.html +++ b/index.html @@ -1,8 +1,8 @@ Virtualzone Blog

                                Seatsurfing

                                Seatsurfing

                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                Visit seatsurfing.app

                                Compose Updater

                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                GitHub Project

                                OneDrive Uploader

                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                GitHub Project -

                                USG Blacklist

                                Sets up a dynamic IP blacklist on your UniFi Security Gateway (USG) as a lightweight replacement for the Intrusion Prevention System (IPS).

                                GitHub Project -

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +

                                Go-hole

                                Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.

                                GitHub Project +

                                OpenRC Script for 'podman kube play'

                                In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                October 26, 2022 · 3 min · 483 words · Heiner

                                Connecting multiple networks to a Podman container

                                I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                October 16, 2022 · 2 min · 274 words · Heiner

                                Setting up Alpine Linux with Podman

                                Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. From 71f1b0fd89058ba58908e5bf992f17f8a15e6cf7 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Sun, 5 Feb 2023 06:50:02 +0000 Subject: [PATCH 21/25] deploy: 3f0dbc2bd7485e41232a33074ff3cedb7ef00634 --- 404.html | 2 +- ...cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css | 7 +++++++ ...1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css | 7 ------- categories/index.html | 2 +- contact/index.html | 2 +- index.html | 2 +- page/2/index.html | 2 +- page/3/index.html | 2 +- posts/alpine-docker-rootless/index.html | 2 +- posts/alpine-podman/index.html | 2 +- .../index.html | 2 +- posts/encrypted-file-container-macos/index.html | 2 +- posts/endomono-export-gpx/index.html | 2 +- posts/fix-docker-not-using-etc-hosts-on-macos/index.html | 2 +- .../index.html | 2 +- posts/https-ssl-in-wordpress-behind-proxy/index.html | 2 +- posts/index.html | 2 +- posts/ipv6-on-a-sonicwall/index.html | 2 +- posts/jenkins-build-docker-images/index.html | 2 +- posts/k3s-glusterfs/index.html | 2 +- .../index.html | 2 +- posts/multi-arch-docker-images-1/index.html | 2 +- posts/multi-arch-docker-images-2/index.html | 2 +- posts/onedrive-upload-backup/index.html | 2 +- posts/openrc-podman-kube-play/index.html | 2 +- posts/page/2/index.html | 2 +- posts/page/3/index.html | 2 +- posts/podman-multiple-networks/index.html | 2 +- posts/raspberry-pi-os-remove-packages/index.html | 2 +- posts/reduce-pdf-file-size-2/index.html | 2 +- posts/reduce-pdf-file-size/index.html | 2 +- .../index.html | 2 +- posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html | 2 +- posts/uptime-robot-website-monitoring/index.html | 2 +- posts/usb-boot-raspberry-pi/index.html | 2 +- privacy-policy/index.html | 2 +- tags/api/index.html | 2 +- tags/docker/index.html | 2 +- tags/docker/page/2/index.html | 2 +- tags/endonomdo/index.html | 2 +- tags/fhem/index.html | 2 +- tags/firewall/index.html | 2 +- tags/github/index.html | 2 +- tags/google/index.html | 2 +- tags/homeautomation/index.html | 2 +- tags/index.html | 2 +- tags/ipv6/index.html | 2 +- tags/kubernetes/index.html | 2 +- tags/letsencrypt/index.html | 2 +- tags/linux/index.html | 2 +- tags/macos/index.html | 2 +- tags/nginx/index.html | 2 +- tags/onedrive/index.html | 2 +- tags/openhab/index.html | 2 +- tags/proxy/index.html | 2 +- tags/raspberrypi/index.html | 2 +- tags/sonicwall/index.html | 2 +- tags/tool/index.html | 2 +- tags/wordpress/index.html | 2 +- 59 files changed, 64 insertions(+), 64 deletions(-) create mode 100644 assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css delete mode 100644 assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css diff --git a/404.html b/404.html index 887e995..fa6ad5e 100644 --- a/404.html +++ b/404.html @@ -1,4 +1,4 @@ -404 Page not found | Virtualzone Blog

                                404
                                © 2022 Heiner Beck. +404 Page not found | Virtualzone Blog
                                404
                                \ No newline at end of file diff --git a/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css b/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css new file mode 100644 index 0000000..ff687d7 --- /dev/null +++ b/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css @@ -0,0 +1,7 @@ +/* + PaperMod v6 + License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE + Copyright (c) 2020 nanxiaobei and adityatelange + Copyright (c) 2021-2022 adityatelange +*/ +:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img,.logo a svg{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px;box-decoration-break:clone;-webkit-box-decoration-break:clone}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}img.in-text{display:inline;margin:auto}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}} \ No newline at end of file diff --git a/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css b/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css deleted file mode 100644 index d069614..0000000 --- a/assets/css/stylesheet.936f19e83ac8b1475cba2b2dc4221a816534b9a9ebea1cf0d548fd80fdfa0815.css +++ /dev/null @@ -1,7 +0,0 @@ -/* - PaperMod v6 - License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE - Copyright (c) 2020 nanxiaobei and adityatelange - Copyright (c) 2021-2022 adityatelange -*/ -:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img,.logo a svg{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}img.in-text{display:inline;margin:auto}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}} \ No newline at end of file diff --git a/categories/index.html b/categories/index.html index ff3be40..90328aa 100644 --- a/categories/index.html +++ b/categories/index.html @@ -1,4 +1,4 @@ -Categories | Virtualzone Blog

                                Categories

                                  © 2022 Heiner Beck. +Categories | Virtualzone Blog

                                  Categories

                                    \ No newline at end of file diff --git a/contact/index.html b/contact/index.html index 1c84179..52b8eb4 100644 --- a/contact/index.html +++ b/contact/index.html @@ -3,7 +3,7 @@ 60431 Frankfurt am Main Germany Email: mail@virtualzone.de -Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws."> +Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws."> Virtualzone Blog
                                    Seatsurfing

                                    Seatsurfing

                                    Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                    Visit seatsurfing.app +Virtualzone Blog
                                    Seatsurfing

                                    Seatsurfing

                                    Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                    Visit seatsurfing.app

                                    Compose Updater

                                    Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                    GitHub Project

                                    OneDrive Uploader

                                    Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                    GitHub Project

                                    Go-hole

                                    Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.

                                    GitHub Project diff --git a/page/2/index.html b/page/2/index.html index 13bf33f..ab20ca6 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                    Native USB boot for Raspberry Pi 4

                                    Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +Virtualzone Blog

                                    Native USB boot for Raspberry Pi 4

                                    Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                    May 28, 2020 · 2 min · 404 words · Heiner

                                    Build Multi-Arch images on Docker Hub (Part 2)

                                    Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                    May 16, 2020 · 3 min · 443 words · Heiner

                                    Build Multi-Arch images on Docker Hub (Part 1)

                                    Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                    May 15, 2020 · 3 min · 502 words · Heiner

                                    How to let Jenkins build Docker images

                                    If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                    June 11, 2017 · 2 min · 370 words · Heiner

                                    Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                    I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. diff --git a/page/3/index.html b/page/3/index.html index b70535d..39b5fe5 100644 --- a/page/3/index.html +++ b/page/3/index.html @@ -1,4 +1,4 @@ -Virtualzone Blog

                                    How to reduce PDF file size in Linux - Part 2

                                    Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +Virtualzone Blog

                                    How to reduce PDF file size in Linux - Part 2

                                    Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                    August 15, 2015 · 1 min · 75 words · Heiner

                                    How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                    IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                    November 20, 2014 · 2 min · 372 words · Heiner

                                    How to reduce PDF file size in Linux

                                    Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                    November 21, 2012 · 1 min · 98 words · Heiner

                                    Determining a location’s federal state using Google Maps API

                                    If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html index 2ee47a7..7f3e50d 100644 --- a/posts/alpine-docker-rootless/index.html +++ b/posts/alpine-docker-rootless/index.html @@ -1,5 +1,5 @@ Setting up Alpine Linux with Rootless Docker | Virtualzone Blog +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.">

                                    Home » Posts

                                    Setting up Alpine Linux with Rootless Docker

                                    June 19, 2022 · 3 min · 479 words · Heiner

                                    As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.

                                    However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.

                                    Download and install Alpine

                                    First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                                    1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                    2. Boot system from ISO and run:
                                      # setup-alpine
diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html
index 8e71baf..3145eaf 100644
--- a/posts/alpine-podman/index.html
+++ b/posts/alpine-podman/index.html
@@ -1,5 +1,5 @@
 Setting up Alpine Linux with Podman | Virtualzone Blog
+Podman was initially developed by RedHat and is available as an open source project.">
 
                                      Home » Posts
                                      Setting up Alpine Linux with Podman
                                      June 25, 2022 · 4 min · 852 words · Heiner
                                      Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                                      Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                                      In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                                      Download and install Alpine
                                      First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                      1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                      2. Boot system from ISO and run:
                                        # setup-alpine
diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html
index 02a8b81..ab004d4 100644
--- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html
+++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html
@@ -1,5 +1,5 @@
 Determining a location’s federal state using Google Maps API | Virtualzone Blog
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">
 
                                        Home » Posts
                                        Determining a location’s federal state using Google Maps API
                                        August 10, 2012 · 1 min · 162 words · Heiner
                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
                                        function log(s) {
diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html
index 1226c67..d459669 100644
--- a/posts/encrypted-file-container-macos/index.html
+++ b/posts/encrypted-file-container-macos/index.html
@@ -1,4 +1,4 @@
-Creating an encrypted file container on macOS | Virtualzone Blog
+Creating an encrypted file container on macOS | Virtualzone Blog
 
                                        Home » Posts
                                        Creating an encrypted file container on macOS
                                        December 6, 2016 · 2 min · 356 words · Heiner
                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).
                                        These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.
                                        To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).
                                        Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.
                                        Choose an appropriate name for your image and select the following settings:
                                        • Save as: The filename of your encrypted DMG file.
                                        • Name: A name shown when your DMG file is mounted.
                                        • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                                        • Format: Choose “Mac OS Extended (Journaled)”.
                                        • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                                        • Partitions: Choose “Single Partition – Apple Partition Map”.
                                        • Image Format: Choose “read/write disk image”.
                                        Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html
index 8c843fb..20998a3 100644
--- a/posts/endomono-export-gpx/index.html
+++ b/posts/endomono-export-gpx/index.html
@@ -1,4 +1,4 @@
-Export trainings from Endomondo as GPX files | Virtualzone Blog
+Export trainings from Endomondo as GPX files | Virtualzone Blog
 
                                        Home » Posts
                                        Export trainings from Endomondo as GPX files
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.
                                        There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.
                                        The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.
                                        The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.
                                        In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:
                                        await api.processWorkouts(filter, async (workout) => {
   if (workout.hasGPSData()) {
     let filename = getFilename(workout);
diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
index f117c57..c682b0d 100644
--- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
+++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html
@@ -1,6 +1,6 @@
 Fix Docker not using /etc/hosts on MacOS | Virtualzone Blog
+Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
 From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
+From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
 
                                        Home » Posts
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.
                                        If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.
                                        OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.
                                        To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.
                                        Option 1: Using Docker Compose
                                        There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.
                                        1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                                        2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                                        3. Create a directory for your OpenHAB setup, such as:
                                        mkdir -p /docker/containers/openhab
 
                                        1. Create a docker-compose.yml file in this directory with the following content:
                                        version: '2'
 services:
diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html
index 64b6411..f1fdac1 100644
--- a/posts/https-ssl-in-wordpress-behind-proxy/index.html
+++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html
@@ -1,5 +1,5 @@
 How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
 
                                        Home » Posts
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
                                        The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.
                                        This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:
                                        Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:
                                        proxy_set_header X-Forwarded-Host $host;
diff --git a/posts/index.html b/posts/index.html
index 81635d1..faf3640 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,4 +1,4 @@
-Posts | Virtualzone Blog
                                        Home
                                        Posts
+Posts | Virtualzone Blog
                                        Home
                                        Posts
 
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html
index 9a37509..80d8a77 100644
--- a/posts/ipv6-on-a-sonicwall/index.html
+++ b/posts/ipv6-on-a-sonicwall/index.html
@@ -1,4 +1,4 @@
-How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
+How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
 
                                        Home » Posts
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.
                                        The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.
                                        1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).
                                        2. Go to Network -> Interfaces and select to view IPv6.
                                        • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                                        • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                                        • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                                        • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.
                                        1. Go to Network -> Address Objects and select to view IPv6.
 Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.
                                        2. Go to Network -> NAT Policies and select to view IPv6.
                                        • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                                        • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                                        1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                                        © 2022 Heiner Beck.
diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html
index 2b0e428..02091e7 100644
--- a/posts/jenkins-build-docker-images/index.html
+++ b/posts/jenkins-build-docker-images/index.html
@@ -1,5 +1,5 @@
 How to let Jenkins build Docker images | Virtualzone Blog
+So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
 
                                        Home » Posts
                                        How to let Jenkins build Docker images
                                        June 11, 2017 · 2 min · 370 words · Heiner
                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
                                        So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.
                                        To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:
                                        FROM jenkins:alpine
diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html
index 07eb1cc..a123cd6 100644
--- a/posts/k3s-glusterfs/index.html
+++ b/posts/k3s-glusterfs/index.html
@@ -1,4 +1,4 @@
-Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
+Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
 
                                        Home » Posts
                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                                        September 3, 2021 · 1 min · 118 words · Heiner
                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.
                                        Read the tutorial in Hetzner’s Online Community.
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
index 5ca4ebd..f500161 100644
--- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
+++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html
@@ -1,6 +1,6 @@
 Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone Blog
+version: '2' services: webfrontend: container_name: webfrontend [.">
 Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
+Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
 
                                        Home » Posts
                                        Build Multi-Arch images on Docker Hub (Part 1)
                                        May 15, 2020 · 3 min · 502 words · Heiner
                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.
                                        Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:
                                        FROM amd64/alpine:3.11
 ...
 
                                        Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.
                                        Dockerfile.arm32v6 für ARM32V6:
                                        FROM alpine:3.11 AS qemu
diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html
index 23ecb83..48f47fc 100644
--- a/posts/multi-arch-docker-images-2/index.html
+++ b/posts/multi-arch-docker-images-2/index.html
@@ -1,5 +1,5 @@
 Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog
+Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">
 
                                        Home » Posts
                                        Build Multi-Arch images on Docker Hub (Part 2)
                                        May 16, 2020 · 3 min · 443 words · Heiner
                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
                                        Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:
                                        Einen automatisierten Build im Docker Hub konfigurieren.
diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html
index 219e0b2..45ef46c 100644
--- a/posts/onedrive-upload-backup/index.html
+++ b/posts/onedrive-upload-backup/index.html
@@ -1,4 +1,4 @@
-Back up server to OneDrive’s special App Folder | Virtualzone Blog
+Back up server to OneDrive’s special App Folder | Virtualzone Blog
 
                                        Home » Posts
                                        Back up server to OneDrive’s special App Folder
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.
                                        Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.
                                        I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.
                                        To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:
                                        1. Log in to the Microsoft Azure Portal.
                                        2. Navigate to “App registrations”.
                                        3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                                        4. Copy the Application (client) ID.
                                        5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                                        6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                                        • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                                        • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read
                                        Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.
                                        You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:
                                        curl -s -L https://git.io/JRie0 | bash
                                        Now create a configuration file named config.json. Replace and :
                                        {
     "client_id": "<client id from azure app>",
     "client_secret": "<client secret from azure app>",
diff --git a/posts/openrc-podman-kube-play/index.html b/posts/openrc-podman-kube-play/index.html
index dc1551c..ac10a85 100644
--- a/posts/openrc-podman-kube-play/index.html
+++ b/posts/openrc-podman-kube-play/index.html
@@ -1,4 +1,4 @@
-OpenRC Script for 'podman kube play' | Virtualzone Blog
+OpenRC Script for 'podman kube play' | Virtualzone Blog
 
                                        Home » Posts
                                        OpenRC Script for 'podman kube play'
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”. This is due to the fact that OpenRC is not able to identify the exact process spawned by Podman.
                                        I’ve therefore improved my OpenRC startup script to be used with podman kube play YAML files. In this post, I’m presenting my results. If you have further improvements, please let me know.
                                        What does not work
                                        The podman pod create command features the --infra-conmon-pidfile=file option. This option writes the PID of the infra container’s conmon process to a file.
                                        Using this option, it was easy to enable OpenRC identifying the status of a Pod and start the Pod in background:
                                        pidfile="/run/${RC_SVCNAME}.pid"
 command_background=true
 
                                        Unfortunately, the --infra-conmon-pidfile=file option is not (yet?) available when using the podman kube play command.
                                        I’ve tried to discover the infra container’s PID file using the podman inspect command and using this value dynamically in my OpenRC scripts:
                                        podman inspect --format '{{ .PidFile }}' somecontainer-infra
diff --git a/posts/page/2/index.html b/posts/page/2/index.html
index 141be01..f6a713a 100644
--- a/posts/page/2/index.html
+++ b/posts/page/2/index.html
@@ -1,4 +1,4 @@
-Posts | Virtualzone Blog
                                        Home
                                        Posts
+Posts | Virtualzone Blog
                                        Home
                                        Posts
 
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                        May 28, 2020 · 2 min · 404 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 2)
                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                        May 16, 2020 · 3 min · 443 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 1)
                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                        May 15, 2020 · 3 min · 502 words · Heiner
                                        How to let Jenkins build Docker images
                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
diff --git a/posts/page/3/index.html b/posts/page/3/index.html
index 64cb81a..8cce027 100644
--- a/posts/page/3/index.html
+++ b/posts/page/3/index.html
@@ -1,4 +1,4 @@
-Posts | Virtualzone Blog
                                        Home
                                        Posts
+Posts | Virtualzone Blog
                                        Home
                                        Posts
 
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                        August 15, 2015 · 1 min · 75 words · Heiner
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        How to reduce PDF file size in Linux
                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html
index 9b97944..ebdc380 100644
--- a/posts/podman-multiple-networks/index.html
+++ b/posts/podman-multiple-networks/index.html
@@ -1,7 +1,7 @@
 Connecting multiple networks to a Podman container | Virtualzone Blog
+$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:">
 Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
+Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
 
                                        Home » Posts
                                        Raspberry Pi OS: Remove unnecessary packages
                                        June 7, 2020 · 1 min · 161 words · Heiner
                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
                                        You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.
                                        Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:
                                        sudo apt-get remove --purge \
     x11-* \
     gnome-* \
diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html
index 1c102b3..9cda912 100644
--- a/posts/reduce-pdf-file-size-2/index.html
+++ b/posts/reduce-pdf-file-size-2/index.html
@@ -1,5 +1,5 @@
 How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
 
                                        Home » Posts
                                        How to reduce PDF file size in Linux - Part 2
                                        August 15, 2015 · 1 min · 75 words · Heiner
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
                                        gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html
index e55c636..0ce8a0b 100644
--- a/posts/reduce-pdf-file-size/index.html
+++ b/posts/reduce-pdf-file-size/index.html
@@ -1,6 +1,6 @@
 How to reduce PDF file size in Linux | Virtualzone Blog
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
 Analyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.">
 Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog
+By default, USG only allows for one IP address when dialing in via PPPoE.">
 
                                        Home » Posts
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
                                        By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.
                                        Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:
                                        1. Create (or extend) a config.gateway.json file
                                        Place a file named config.gateway.json in the following path of your Unifi Network controller:
                                        /unifi/data/sites/default/
                                        You might need to replace “default” with the correct label of the affected site.
                                        2. Add DNAT and SNAT rules to the config.gateway.json file
                                        In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.
                                        {
diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html
index 60ecd48..2a44c79 100644
--- a/posts/uptime-robot-website-monitoring/index.html
+++ b/posts/uptime-robot-website-monitoring/index.html
@@ -1,4 +1,4 @@
-UptimeRobot: A nice free website monitoring service | Virtualzone Blog
+UptimeRobot: A nice free website monitoring service | Virtualzone Blog
 
                                        Home » Posts
                                        UptimeRobot: A nice free website monitoring service
                                        September 5, 2016 · 1 min · 120 words · Heiner
                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).
                                        I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html
index 44a1178..e32f64e 100644
--- a/posts/usb-boot-raspberry-pi/index.html
+++ b/posts/usb-boot-raspberry-pi/index.html
@@ -1,5 +1,5 @@
 Native USB boot for Raspberry Pi 4 | Virtualzone Blog
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.">
 
                                        Home » Posts
                                        Native USB boot for Raspberry Pi 4
                                        May 28, 2020 · 2 min · 404 words · Heiner
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
                                        To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.
                                        Download Raspberry OS 64 bit
                                        You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:
                                        brew cask install raspberry-pi-imager
diff --git a/privacy-policy/index.html b/privacy-policy/index.html
index fbab859..679c011 100644
--- a/privacy-policy/index.html
+++ b/privacy-policy/index.html
@@ -1,6 +1,6 @@
 Privacy Policy | Virtualzone Blog
+Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
 api | Virtualzone Blog
                                        Home » Tags
                                        api
+api | Virtualzone Blog
                                        Home » Tags
                                        api
 
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        Determining a location’s federal state using Google Maps API
                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                        August 10, 2012 · 1 min · 162 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 03b8924..32c362d 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,4 +1,4 @@
-docker | Virtualzone Blog
                                        Home » Tags
                                        docker
+docker | Virtualzone Blog
                                        Home » Tags
                                        docker
 
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
diff --git a/tags/docker/page/2/index.html b/tags/docker/page/2/index.html
index 2160424..9cdf367 100644
--- a/tags/docker/page/2/index.html
+++ b/tags/docker/page/2/index.html
@@ -1,4 +1,4 @@
-docker | Virtualzone Blog
                                        Home » Tags
                                        docker
+docker | Virtualzone Blog
                                        Home » Tags
                                        docker
 
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html
index 107cf62..fbe278b 100644
--- a/tags/endonomdo/index.html
+++ b/tags/endonomdo/index.html
@@ -1,4 +1,4 @@
-endonomdo | Virtualzone Blog
                                        Home » Tags
                                        endonomdo
+endonomdo | Virtualzone Blog
                                        Home » Tags
                                        endonomdo
 
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/fhem/index.html b/tags/fhem/index.html
index 6bbd1e3..3c0cdf5 100644
--- a/tags/fhem/index.html
+++ b/tags/fhem/index.html
@@ -1,4 +1,4 @@
-fhem | Virtualzone Blog
                                        Home » Tags
                                        fhem
+fhem | Virtualzone Blog
                                        Home » Tags
                                        fhem
 
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/firewall/index.html b/tags/firewall/index.html
index d03db3d..a5f64f7 100644
--- a/tags/firewall/index.html
+++ b/tags/firewall/index.html
@@ -1,4 +1,4 @@
-firewall | Virtualzone Blog
                                        Home » Tags
                                        firewall
+firewall | Virtualzone Blog
                                        Home » Tags
                                        firewall
 
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/github/index.html b/tags/github/index.html
index 2affe96..be69e75 100644
--- a/tags/github/index.html
+++ b/tags/github/index.html
@@ -1,4 +1,4 @@
-github | Virtualzone Blog
                                        Home » Tags
                                        github
+github | Virtualzone Blog
                                        Home » Tags
                                        github
 
                                        Back up server to OneDrive’s special App Folder
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/google/index.html b/tags/google/index.html
index a541924..115bbd1 100644
--- a/tags/google/index.html
+++ b/tags/google/index.html
@@ -1,4 +1,4 @@
-google | Virtualzone Blog
                                        Home » Tags
                                        google
+google | Virtualzone Blog
                                        Home » Tags
                                        google
 
                                        Determining a location’s federal state using Google Maps API
                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
 function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                        August 10, 2012 · 1 min · 162 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html
index 92751a1..fc109af 100644
--- a/tags/homeautomation/index.html
+++ b/tags/homeautomation/index.html
@@ -1,4 +1,4 @@
-homeautomation | Virtualzone Blog
                                        Home » Tags
                                        homeautomation
+homeautomation | Virtualzone Blog
                                        Home » Tags
                                        homeautomation
 
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/index.html b/tags/index.html
index dd2ff40..4f84771 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
-Tags | Virtualzone Blog
                                        Tags
                                        © 2022 Heiner Beck.
+Tags | Virtualzone Blog
                                        Tags
                                        
\ No newline at end of file
diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html
index 8d988c5..c9384bb 100644
--- a/tags/ipv6/index.html
+++ b/tags/ipv6/index.html
@@ -1,4 +1,4 @@
-ipv6 | Virtualzone Blog
                                        Home » Tags
                                        ipv6
+ipv6 | Virtualzone Blog
                                        Home » Tags
                                        ipv6
 
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html
index 747b519..a8d696c 100644
--- a/tags/kubernetes/index.html
+++ b/tags/kubernetes/index.html
@@ -1,4 +1,4 @@
-kubernetes | Virtualzone Blog
                                        Home » Tags
                                        kubernetes
+kubernetes | Virtualzone Blog
                                        Home » Tags
                                        kubernetes
 
                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                                        September 3, 2021 · 1 min · 118 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html
index a848348..3aeaa17 100644
--- a/tags/letsencrypt/index.html
+++ b/tags/letsencrypt/index.html
@@ -1,4 +1,4 @@
-letsencrypt | Virtualzone Blog
                                        Home » Tags
                                        letsencrypt
+letsencrypt | Virtualzone Blog
                                        Home » Tags
                                        letsencrypt
 
                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        © 2022 Heiner Beck.
diff --git a/tags/linux/index.html b/tags/linux/index.html
index 6db2326..9bd07c3 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,4 +1,4 @@
-linux | Virtualzone Blog
                                        Home » Tags
                                        linux
+linux | Virtualzone Blog
                                        Home » Tags
                                        linux
 
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
diff --git a/tags/macos/index.html b/tags/macos/index.html
index c60bc1d..c4175a0 100644
--- a/tags/macos/index.html
+++ b/tags/macos/index.html
@@ -1,4 +1,4 @@
-macos | Virtualzone Blog
                                        Home » Tags
                                        macos
+macos | Virtualzone Blog
                                        Home » Tags
                                        macos
 
                                        Creating an encrypted file container on macOS
                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                                        December 6, 2016 · 2 min · 356 words · Heiner
                                        Fix Docker not using /etc/hosts on MacOS
                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
diff --git a/tags/nginx/index.html b/tags/nginx/index.html
index 9212645..c1ba02f 100644
--- a/tags/nginx/index.html
+++ b/tags/nginx/index.html
@@ -1,4 +1,4 @@
-nginx | Virtualzone Blog
                                        Home » Tags
                                        nginx
+nginx | Virtualzone Blog
                                        Home » Tags
                                        nginx
 
                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        © 2022 Heiner Beck.
diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html
index 646eb8d..8ee108a 100644
--- a/tags/onedrive/index.html
+++ b/tags/onedrive/index.html
@@ -1,4 +1,4 @@
-onedrive | Virtualzone Blog
                                        Home » Tags
                                        onedrive
+onedrive | Virtualzone Blog
                                        Home » Tags
                                        onedrive
 
                                        Back up server to OneDrive’s special App Folder
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/openhab/index.html b/tags/openhab/index.html
index 2bb1f7e..964c442 100644
--- a/tags/openhab/index.html
+++ b/tags/openhab/index.html
@@ -1,4 +1,4 @@
-openhab | Virtualzone Blog
                                        Home » Tags
                                        openhab
+openhab | Virtualzone Blog
                                        Home » Tags
                                        openhab
 
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/proxy/index.html b/tags/proxy/index.html
index ca658a5..1029225 100644
--- a/tags/proxy/index.html
+++ b/tags/proxy/index.html
@@ -1,4 +1,4 @@
-proxy | Virtualzone Blog
                                        Home » Tags
                                        proxy
+proxy | Virtualzone Blog
                                        Home » Tags
                                        proxy
 
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html
index a23395f..f86b800 100644
--- a/tags/raspberrypi/index.html
+++ b/tags/raspberrypi/index.html
@@ -1,4 +1,4 @@
-raspberrypi | Virtualzone Blog
                                        Home » Tags
                                        raspberrypi
+raspberrypi | Virtualzone Blog
                                        Home » Tags
                                        raspberrypi
 
                                        Raspberry Pi OS: Remove unnecessary packages
                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                                        June 7, 2020 · 1 min · 161 words · Heiner
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                        May 28, 2020 · 2 min · 404 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html
index 230457b..516edb2 100644
--- a/tags/sonicwall/index.html
+++ b/tags/sonicwall/index.html
@@ -1,4 +1,4 @@
-sonicwall | Virtualzone Blog
                                        Home » Tags
                                        sonicwall
+sonicwall | Virtualzone Blog
                                        Home » Tags
                                        sonicwall
 
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/tags/tool/index.html b/tags/tool/index.html
index dee7713..c731578 100644
--- a/tags/tool/index.html
+++ b/tags/tool/index.html
@@ -1,4 +1,4 @@
-tool | Virtualzone Blog
                                        Home » Tags
                                        tool
+tool | Virtualzone Blog
                                        Home » Tags
                                        tool
 
                                        Back up server to OneDrive’s special App Folder
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        UptimeRobot: A nice free website monitoring service
                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                                        September 5, 2016 · 1 min · 120 words · Heiner
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                        August 15, 2015 · 1 min · 75 words · Heiner
                                        How to reduce PDF file size in Linux
                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html
index 649608d..d3096fa 100644
--- a/tags/wordpress/index.html
+++ b/tags/wordpress/index.html
@@ -1,4 +1,4 @@
-wordpress | Virtualzone Blog
                                        Home » Tags
                                        wordpress
+wordpress | Virtualzone Blog
                                        Home » Tags
                                        wordpress
 
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by

From 69dad1ae0648287d40ccc685c121edf5e2ae6d48 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sun, 5 Feb 2023 09:16:20 +0000
Subject: [PATCH 22/25] deploy: f271123a57ec58ec0de4a74312839054a3725240

---
 index.html                                    |  6 ++--
 index.xml                                     | 13 +++++++-
 page/2/index.html                             |  5 ++-
 page/3/index.html                             |  3 +-
 .../dns-proxy-forwarder-blackhole/index.html  | 33 +++++++++++++++++++
 posts/index.html                              |  6 ++--
 posts/index.xml                               | 13 +++++++-
 posts/openrc-podman-kube-play/index.html      |  3 +-
 posts/page/2/index.html                       |  5 ++-
 posts/page/3/index.html                       |  3 +-
 sitemap.xml                                   | 17 ++++++----
 tags/docker/index.html                        |  8 ++---
 tags/docker/index.xml                         | 13 +++++++-
 tags/docker/page/2/index.html                 |  4 ++-
 tags/index.html                               |  2 +-
 tags/index.xml                                |  6 ++--
 tags/linux/index.html                         |  4 ++-
 tags/linux/index.xml                          | 13 +++++++-
 18 files changed, 123 insertions(+), 34 deletions(-)
 create mode 100644 posts/dns-proxy-forwarder-blackhole/index.html

diff --git a/index.html b/index.html
index 47e7660..15e3902 100644
--- a/index.html
+++ b/index.html
@@ -2,7 +2,9 @@
 
                                        Compose Updater
                                        Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                                        GitHub Project
 
                                        OneDrive Uploader
                                        Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).
                                        GitHub Project
 
                                        Go-hole
                                        Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.
                                        GitHub Project
-
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
@@ -10,7 +12,7 @@
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                                        June 19, 2022 · 3 min · 479 words · Heiner
                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                                        September 3, 2021 · 1 min · 118 words · Heiner
                                        Back up server to OneDrive’s special App Folder
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        Raspberry Pi OS: Remove unnecessary packages
                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                                        June 7, 2020 · 1 min · 161 words · Heiner
                                        Analyze Traefik access log using InfluxDB and Grafana
                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
-Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                        June 3, 2020 · 2 min · 373 words · Heiner
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        © 2022 Heiner Beck.
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                        June 3, 2020 · 2 min · 373 words · Heiner
                                        
\ No newline at end of file
diff --git a/index.xml b/index.xml
index e04f3d4..0e10e5f 100644
--- a/index.xml
+++ b/index.xml
@@ -7,7 +7,18 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 26 Oct 2022 15:00:00 +0000
+    Sun, 05 Feb 2023 06:00:00 +0000
+    
+      Go-hole: A minimalistic DNS proxy and and blocker
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      Sun, 05 Feb 2023 06:00:00 +0000
+      
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
+    
+    
     
       OpenRC Script for 'podman kube play'
       https://virtualzone.de/posts/openrc-podman-kube-play/
diff --git a/page/2/index.html b/page/2/index.html
index ab20ca6..ad834d4 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -1,12 +1,11 @@
-Virtualzone Blog
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+Virtualzone Blog
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                        May 28, 2020 · 2 min · 404 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 2)
                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                        May 16, 2020 · 3 min · 443 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 1)
                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                        May 15, 2020 · 3 min · 502 words · Heiner
                                        How to let Jenkins build Docker images
                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                                        June 11, 2017 · 2 min · 370 words · Heiner
                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        Creating an encrypted file container on macOS
                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                                        December 6, 2016 · 2 min · 356 words · Heiner
                                        UptimeRobot: A nice free website monitoring service
                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                                        September 5, 2016 · 1 min · 120 words · Heiner
                                        Fix Docker not using /etc/hosts on MacOS
                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
-Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
-The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/page/3/index.html b/page/3/index.html
index 39b5fe5..6b989f2 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -1,4 +1,5 @@
-Virtualzone Blog
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
+Virtualzone Blog
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                        August 15, 2015 · 1 min · 75 words · Heiner
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        How to reduce PDF file size in Linux
                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                                        November 21, 2012 · 1 min · 98 words · Heiner
                                        Determining a location’s federal state using Google Maps API
                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
diff --git a/posts/dns-proxy-forwarder-blackhole/index.html b/posts/dns-proxy-forwarder-blackhole/index.html
new file mode 100644
index 0000000..980dd01
--- /dev/null
+++ b/posts/dns-proxy-forwarder-blackhole/index.html
@@ -0,0 +1,33 @@
+Go-hole: A minimalistic DNS proxy and and blocker | Virtualzone Blog
+
                                        Home » Posts
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
                                        I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
                                        However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. DNS queries took longer and longer until they were answered. With this experience in mind and out of pure interest (how complicated would it be to create a DNS proxy on my own?) I’ve created Go-hole.
                                        What is Go-hole?
                                        Go-hole is written in Go and very minimalistic with an eye to the primary requirements. However, it has all the features I personally need on my home network:
                                        • Act as a network-wide central DNS server, handling all DNS queries from all queries
                                        • Forward incoming queries to one or more upstream DNS servers
                                        • Cache upstream query results for extremely fast recurring lookup handling
                                        • Block queries for well-known ad-serving and malicious domains by using definable block list URLs
                                        • Regularly update the black list source files
                                        • Whitelist certain domains which would be blocked in view of the set up black lists
                                        • Resolve local names
                                        How does it work?
                                        Go-hole serves as DNS server on your (home) network. Instead of having your clients sending DNS queries directly to the internet or to your router, they are resolved by your local Go-hole instance. Go-hole sends these queries to one or more upstream DNS servers and caches the upstream query results for maximum performance.
                                        Incoming queries from your clients are checked against a list of unwanted domain names (“blacklist”), such as well-known ad serving domains and trackers. If a requested name matches a name on the blacklist, Go-hole responds with error code NXDOMAIN (non-existing domain). This leads to clients not being able to load ads and tracker codes. In case you want to access a blacklisted domain, you can easily add it to a whitelist.
                                        As an additional feature, you can set a list of custom hostnames/domain names to be resolved to specific IP addresses. This is useful for accessing services on your local network by name instead of their IP addresses.
                                        How to use Go-hole?
                                        The simplest way of getting Go-hole up and running is by using the pre-built Docker images.
                                        First, create a configuration file named config.yaml. You can take a list at the example config file in the GitHub repository. On my home network, my config.yaml looks like this:
                                        listen: 0.0.0.0:53
+upstream:
+  - 8.8.8.8:53
+  - 8.8.4.4:53
+blacklist:
+  - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
+blacklistRenewal: 1440
+whitelist:
+  - raw.githubusercontent.com
+  - www.googletagservices.com
+local:
+  - name: ha
+    target:
+    - address: 192.168.40.31
+      type: A
+    - address: 2a01:170:1172:40:40::31
+      type: AAAA
+
                                        This config sets the following:
                                        • listen sets the listing address to 0.0.0.0 (any address) and the listing port to 53 (default DNS).
                                        • upstream sets the upstream DNS servers to Google’s DNS.
                                        • blacklist sets the black list source URL.
                                        • blacklistRenewal sets the automatic blacklist updating to a 1 day interval (1440 minutes).
                                        • whitelist whitelists two domains which would be blacklisted otherwise.
                                        • local sets a IPv4 (A record) and IPv6 (AAAA record) for the local name “ha”.
                                        After you’ve prepared your configuration file, you can start the Docker container like this:
                                        docker run \
+    --rm \
+    --mount type=bind,source=${PWD}/config.yaml,target=/app/config.yaml \
+    -p 53:53/udp \
+    ghcr.io/virtualzone/go-hole:latest
+
                                        If you don’t want to run Go-hole with Docker (or Podman, like I do), you can use the pre-built binaries or build Go-hole from source.
                                        Conclusion
                                        I’m using Go-hole for several weeks now as my home network’s DNS server. It has completely replaced Pi-hole for my use cases. I’ve not observed any crashes or instabilities yet. My home network’s DNS resolving times have greatly improved, making web browsing much faster than it has been before. Of course, Pi-hole has a lot more features than Go-hole. My implementation doesn’t feature a web interface and for sure lacks other things you might like. However, none of these features are relevant to me.
                                        I’d be happy to hear about your experience with this Pi-hole alternative.
                                        
\ No newline at end of file
diff --git a/posts/index.html b/posts/index.html
index faf3640..e4f9530 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,5 +1,7 @@
 Posts | Virtualzone Blog
                                        Home
                                        Posts
-
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
@@ -7,7 +9,7 @@
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                                        June 19, 2022 · 3 min · 479 words · Heiner
                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                                        September 3, 2021 · 1 min · 118 words · Heiner
                                        Back up server to OneDrive’s special App Folder
                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                        September 2, 2021 · 4 min · 682 words · Heiner
                                        Unifi USG: Multiple IP addresses on PPPoE
                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                        August 16, 2021 · 2 min · 353 words · Heiner
                                        Raspberry Pi OS: Remove unnecessary packages
                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                                        June 7, 2020 · 1 min · 161 words · Heiner
                                        Analyze Traefik access log using InfluxDB and Grafana
                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
-Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                        June 3, 2020 · 2 min · 373 words · Heiner
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        © 2022 Heiner Beck.
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                        June 3, 2020 · 2 min · 373 words · Heiner
                                        
\ No newline at end of file
diff --git a/posts/index.xml b/posts/index.xml
index a967dae..3d00497 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -7,7 +7,18 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 26 Oct 2022 15:00:00 +0000
+    Sun, 05 Feb 2023 06:00:00 +0000
+    
+      Go-hole: A minimalistic DNS proxy and and blocker
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      Sun, 05 Feb 2023 06:00:00 +0000
+      
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
+    
+    
     
       OpenRC Script for 'podman kube play'
       https://virtualzone.de/posts/openrc-podman-kube-play/
diff --git a/posts/openrc-podman-kube-play/index.html b/posts/openrc-podman-kube-play/index.html
index ac10a85..2d349b4 100644
--- a/posts/openrc-podman-kube-play/index.html
+++ b/posts/openrc-podman-kube-play/index.html
@@ -58,7 +58,8 @@
 ln -s /home/<user>/pods/pod-xyz
 rc-update add pod-xyz
 
                                        Use rc-service to start and stop your Pod:
                                        doas rc-service pod-xyz start
-
                                        © 2022 Heiner Beck.
+
                                        
\ No newline at end of file
diff --git a/posts/page/2/index.html b/posts/page/2/index.html
index f6a713a..6f6b879 100644
--- a/posts/page/2/index.html
+++ b/posts/page/2/index.html
@@ -1,13 +1,12 @@
 Posts | Virtualzone Blog
                                        Home
                                        Posts
-
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+
                                        Export trainings from Endomondo as GPX files
                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                        June 1, 2020 · 2 min · 341 words · Heiner
                                        Native USB boot for Raspberry Pi 4
                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                        May 28, 2020 · 2 min · 404 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 2)
                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                        May 16, 2020 · 3 min · 443 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 1)
                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                        May 15, 2020 · 3 min · 502 words · Heiner
                                        How to let Jenkins build Docker images
                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                                        June 11, 2017 · 2 min · 370 words · Heiner
                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
 version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        Creating an encrypted file container on macOS
                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                                        December 6, 2016 · 2 min · 356 words · Heiner
                                        UptimeRobot: A nice free website monitoring service
                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                                        September 5, 2016 · 1 min · 120 words · Heiner
                                        Fix Docker not using /etc/hosts on MacOS
                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
-Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
-The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
 Powered by
 Hugo &
diff --git a/posts/page/3/index.html b/posts/page/3/index.html
index 8cce027..4059ac7 100644
--- a/posts/page/3/index.html
+++ b/posts/page/3/index.html
@@ -1,5 +1,6 @@
 Posts | Virtualzone Blog
                                        Home
                                        Posts
-
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
+
                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                        August 27, 2016 · 2 min · 255 words · Heiner
                                        How to reduce PDF file size in Linux - Part 2
                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                        August 15, 2015 · 1 min · 75 words · Heiner
                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                        November 20, 2014 · 2 min · 372 words · Heiner
                                        How to reduce PDF file size in Linux
                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                                        November 21, 2012 · 1 min · 98 words · Heiner
                                        Determining a location’s federal state using Google Maps API
                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
diff --git a/sitemap.xml b/sitemap.xml
index 3b76011..e2e45a0 100644
--- a/sitemap.xml
+++ b/sitemap.xml
@@ -3,21 +3,24 @@
   xmlns:xhtml="http://www.w3.org/1999/xhtml">
   
     https://virtualzone.de/tags/docker/
-    2022-10-26T15:00:00+00:00
+    2023-02-05T06:00:00+00:00
   
-    https://virtualzone.de/tags/linux/
-    2022-10-26T15:00:00+00:00
+    https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+    2023-02-05T06:00:00+00:00
   
-    https://virtualzone.de/posts/openrc-podman-kube-play/
-    2022-10-26T15:00:00+00:00
+    https://virtualzone.de/tags/linux/
+    2023-02-05T06:00:00+00:00
   
     https://virtualzone.de/posts/
-    2022-10-26T15:00:00+00:00
+    2023-02-05T06:00:00+00:00
   
     https://virtualzone.de/tags/
-    2022-10-26T15:00:00+00:00
+    2023-02-05T06:00:00+00:00
   
     https://virtualzone.de/
+    2023-02-05T06:00:00+00:00
+  
+    https://virtualzone.de/posts/openrc-podman-kube-play/
     2022-10-26T15:00:00+00:00
   
     https://virtualzone.de/posts/podman-multiple-networks/
diff --git a/tags/docker/index.html b/tags/docker/index.html
index 32c362d..b468681 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,5 +1,7 @@
 docker | Virtualzone Blog
                                        Home » Tags
                                        docker
-
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
@@ -10,9 +12,7 @@
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                        May 16, 2020 · 3 min · 443 words · Heiner
                                        Build Multi-Arch images on Docker Hub (Part 1)
                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                        May 15, 2020 · 3 min · 502 words · Heiner
                                        How to let Jenkins build Docker images
                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                                        June 11, 2017 · 2 min · 370 words · Heiner
                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
 First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
-version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        Fix Docker not using /etc/hosts on MacOS
                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
-When I executed “docker push” for example, this resulted in “no such hosts” errors:
-Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        © 2022 Heiner Beck.
+version: '2' services: webfrontend: container_name: webfrontend [....
                                        February 11, 2017 · 2 min · 287 words · Heiner
                                        
\ No newline at end of file
diff --git a/tags/docker/index.xml b/tags/docker/index.xml
index f57cbde..e4ff208 100644
--- a/tags/docker/index.xml
+++ b/tags/docker/index.xml
@@ -7,7 +7,18 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 26 Oct 2022 15:00:00 +0000
+    Sun, 05 Feb 2023 06:00:00 +0000
+    
+      Go-hole: A minimalistic DNS proxy and and blocker
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      Sun, 05 Feb 2023 06:00:00 +0000
+      
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
+    
+    
     
       OpenRC Script for 'podman kube play'
       https://virtualzone.de/posts/openrc-podman-kube-play/
diff --git a/tags/docker/page/2/index.html b/tags/docker/page/2/index.html
index 9cdf367..3500584 100644
--- a/tags/docker/page/2/index.html
+++ b/tags/docker/page/2/index.html
@@ -1,5 +1,7 @@
 docker | Virtualzone Blog
                                        Home » Tags
                                        docker
-
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        © 2022 Heiner Beck.
+
                                        Fix Docker not using /etc/hosts on MacOS
                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
+When I executed “docker push” for example, this resulted in “no such hosts” errors:
+Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                        August 28, 2016 · 1 min · 163 words · Heiner
                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                        
\ No newline at end of file
diff --git a/tags/index.html b/tags/index.html
index 4f84771..bbd4574 100644
--- a/tags/index.html
+++ b/tags/index.html
@@ -1,4 +1,4 @@
-Tags | Virtualzone Blog
                                        Tags
                                        © 2022 Heiner Beck.
+Tags | Virtualzone Blog
                                        Tags
                                        
\ No newline at end of file
diff --git a/tags/index.xml b/tags/index.xml
index a416825..6ca68b0 100644
--- a/tags/index.xml
+++ b/tags/index.xml
@@ -7,11 +7,11 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 26 Oct 2022 15:00:00 +0000
+    Sun, 05 Feb 2023 06:00:00 +0000
     
       docker
       https://virtualzone.de/tags/docker/
-      Wed, 26 Oct 2022 15:00:00 +0000
+      Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/tags/docker/
       
@@ -20,7 +20,7 @@
     
       linux
       https://virtualzone.de/tags/linux/
-      Wed, 26 Oct 2022 15:00:00 +0000
+      Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/tags/linux/
       
diff --git a/tags/linux/index.html b/tags/linux/index.html
index 9bd07c3..cca344f 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,5 +1,7 @@
 linux | Virtualzone Blog
                                        Home » Tags
                                        linux
-
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
diff --git a/tags/linux/index.xml b/tags/linux/index.xml
index 20a4fc3..711d090 100644
--- a/tags/linux/index.xml
+++ b/tags/linux/index.xml
@@ -7,7 +7,18 @@
     Hugo -- gohugo.io
     en-us
     &copy; 2022 Heiner Beck.
-    Wed, 26 Oct 2022 15:00:00 +0000
+    Sun, 05 Feb 2023 06:00:00 +0000
+    
+      Go-hole: A minimalistic DNS proxy and and blocker
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      Sun, 05 Feb 2023 06:00:00 +0000
+      
+      https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
+      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
+    
+    
     
       OpenRC Script for 'podman kube play'
       https://virtualzone.de/posts/openrc-podman-kube-play/

From 404fa127e016832d1060492dd5d2faf7747aa548 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sun, 5 Feb 2023 13:06:29 +0000
Subject: [PATCH 23/25] deploy: 407b974fe686d1a69ddb165bc3be83f32f4f3f62

---
 index.html                                     |  4 ++--
 index.xml                                      |  2 +-
 posts/dns-proxy-forwarder-blackhole/index.html | 10 +++++-----
 posts/index.html                               |  4 ++--
 posts/index.xml                                |  2 +-
 tags/docker/index.html                         |  4 ++--
 tags/docker/index.xml                          |  2 +-
 tags/linux/index.html                          |  4 ++--
 tags/linux/index.xml                           |  2 +-
 9 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/index.html b/index.html
index 15e3902..f93cad1 100644
--- a/index.html
+++ b/index.html
@@ -2,9 +2,9 @@
 
                                        Compose Updater
                                        Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                                        GitHub Project
 
                                        OneDrive Uploader
                                        Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).
                                        GitHub Project
 
                                        Go-hole
                                        Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.
                                        GitHub Project
-
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
-However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 703 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
diff --git a/index.xml b/index.xml
index 0e10e5f..d498232 100644
--- a/index.xml
+++ b/index.xml
@@ -14,7 +14,7 @@
       Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
-      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+      You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
 However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
     
diff --git a/posts/dns-proxy-forwarder-blackhole/index.html b/posts/dns-proxy-forwarder-blackhole/index.html
index 980dd01..78a7111 100644
--- a/posts/dns-proxy-forwarder-blackhole/index.html
+++ b/posts/dns-proxy-forwarder-blackhole/index.html
@@ -1,11 +1,11 @@
-Go-hole: A minimalistic DNS proxy and and blocker | Virtualzone BlogGo-hole: A minimalistic DNS proxy and and blocker | Virtualzone Blog
-
                                        Home » Posts
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
                                        I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
                                        However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. DNS queries took longer and longer until they were answered. With this experience in mind and out of pure interest (how complicated would it be to create a DNS proxy on my own?) I’ve created Go-hole.
                                        What is Go-hole?
                                        Go-hole is written in Go and very minimalistic with an eye to the primary requirements. However, it has all the features I personally need on my home network:
                                        • Act as a network-wide central DNS server, handling all DNS queries from all queries
                                        • Forward incoming queries to one or more upstream DNS servers
                                        • Cache upstream query results for extremely fast recurring lookup handling
                                        • Block queries for well-known ad-serving and malicious domains by using definable block list URLs
                                        • Regularly update the black list source files
                                        • Whitelist certain domains which would be blocked in view of the set up black lists
                                        • Resolve local names
                                        How does it work?
                                        Go-hole serves as DNS server on your (home) network. Instead of having your clients sending DNS queries directly to the internet or to your router, they are resolved by your local Go-hole instance. Go-hole sends these queries to one or more upstream DNS servers and caches the upstream query results for maximum performance.
                                        Incoming queries from your clients are checked against a list of unwanted domain names (“blacklist”), such as well-known ad serving domains and trackers. If a requested name matches a name on the blacklist, Go-hole responds with error code NXDOMAIN (non-existing domain). This leads to clients not being able to load ads and tracker codes. In case you want to access a blacklisted domain, you can easily add it to a whitelist.
                                        As an additional feature, you can set a list of custom hostnames/domain names to be resolved to specific IP addresses. This is useful for accessing services on your local network by name instead of their IP addresses.
                                        How to use Go-hole?
                                        The simplest way of getting Go-hole up and running is by using the pre-built Docker images.
                                        First, create a configuration file named config.yaml. You can take a list at the example config file in the GitHub repository. On my home network, my config.yaml looks like this:
                                        listen: 0.0.0.0:53
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.">
                                        Home » Posts
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        February 5, 2023 · 4 min · 703 words · Heiner
                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
                                        I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
                                        However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. DNS queries took longer and longer until they were answered. With this experience in mind and out of pure interest (how complicated would it be to create a DNS proxy on my own?) I’ve created Go-hole.
                                        What is Go-hole?
                                        Go-hole is written in Go and very minimalistic with an eye to the primary requirements. However, it has all the features I personally need on my home network:
                                        • Act as a network-wide central DNS server, handling all DNS queries from all queries
                                        • Forward incoming queries to one or more upstream DNS servers
                                        • Cache upstream query results for extremely fast recurring lookup handling
                                        • Block queries for well-known ad-serving and malicious domains by using definable block list URLs
                                        • Regularly update the black list source files
                                        • Whitelist certain domains which would be blocked in view of the set up black lists
                                        • Resolve local names
                                        How does it work?
                                        Go-hole serves as DNS server on your (home) network. Instead of having your clients sending DNS queries directly to the internet or to your router, they are resolved by your local Go-hole instance. Go-hole sends these queries to one or more upstream DNS servers and caches the upstream query results for maximum performance.
                                        Incoming queries from your clients are checked against a list of unwanted domain names (“blacklist”), such as well-known ad serving domains and trackers. If a requested name matches a name on the blacklist, Go-hole responds with error code NXDOMAIN (non-existing domain). This leads to clients not being able to load ads and tracker codes. In case you want to access a blacklisted domain, you can easily add it to a whitelist.
                                        As an additional feature, you can set a list of custom host names/domain names to be resolved to specific IP addresses. This is useful for accessing services on your local network by name instead of their IP addresses.
                                        How to use Go-hole?
                                        The simplest way of getting Go-hole up and running is by using the pre-built Docker images.
                                        First, create a configuration file named config.yaml. You can take a list at the example config file in the GitHub repository. On my home network, my config.yaml looks like this:
                                        listen: 0.0.0.0:53
 upstream:
   - 8.8.8.8:53
   - 8.8.4.4:53
@@ -22,7 +22,7 @@
       type: A
     - address: 2a01:170:1172:40:40::31
       type: AAAA
-
                                        This config sets the following:
                                        • listen sets the listing address to 0.0.0.0 (any address) and the listing port to 53 (default DNS).
                                        • upstream sets the upstream DNS servers to Google’s DNS.
                                        • blacklist sets the black list source URL.
                                        • blacklistRenewal sets the automatic blacklist updating to a 1 day interval (1440 minutes).
                                        • whitelist whitelists two domains which would be blacklisted otherwise.
                                        • local sets a IPv4 (A record) and IPv6 (AAAA record) for the local name “ha”.
                                        After you’ve prepared your configuration file, you can start the Docker container like this:
                                        docker run \
+
                                        This config sets the following:
                                        • listen sets the listing address to 0.0.0.0 (any address) and the listing port to 53 (default DNS).
                                        • upstream sets the upstream DNS servers to Google’s DNS.
                                        • blacklist sets the black list source URL.
                                        • blacklistRenewal sets the automatic blacklist updating to a 1 day interval (1440 minutes).
                                        • whitelist whitelists two domains which would be blacklisted otherwise.
                                        • local sets an IPv4 (A record) and IPv6 (AAAA record) for the local name “ha”.
                                        After you’ve prepared your configuration file, you can start the Docker container like this:
                                        docker run \
     --rm \
     --mount type=bind,source=${PWD}/config.yaml,target=/app/config.yaml \
     -p 53:53/udp \
diff --git a/posts/index.html b/posts/index.html
index e4f9530..14583e0 100644
--- a/posts/index.html
+++ b/posts/index.html
@@ -1,7 +1,7 @@
 Posts | Virtualzone Blog
                                        Home
                                        Posts
-
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
-However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 703 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
diff --git a/posts/index.xml b/posts/index.xml
index 3d00497..39745df 100644
--- a/posts/index.xml
+++ b/posts/index.xml
@@ -14,7 +14,7 @@
       Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
-      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+      You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
 However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
     
diff --git a/tags/docker/index.html b/tags/docker/index.html
index b468681..a90949a 100644
--- a/tags/docker/index.html
+++ b/tags/docker/index.html
@@ -1,7 +1,7 @@
 docker | Virtualzone Blog
                                        Home » Tags
                                        docker
-
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
-However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 703 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
diff --git a/tags/docker/index.xml b/tags/docker/index.xml
index e4ff208..b8fb622 100644
--- a/tags/docker/index.xml
+++ b/tags/docker/index.xml
@@ -14,7 +14,7 @@
       Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
-      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+      You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
 However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
     
diff --git a/tags/linux/index.html b/tags/linux/index.html
index cca344f..6e6f962 100644
--- a/tags/linux/index.html
+++ b/tags/linux/index.html
@@ -1,7 +1,7 @@
 linux | Virtualzone Blog
                                        Home » Tags
                                        linux
-
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probaby know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+
                                        Go-hole: A minimalistic DNS proxy and and blocker
                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
-However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 702 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....
                                        February 5, 2023 · 4 min · 703 words · Heiner
                                        OpenRC Script for 'podman kube play'
                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....
                                        October 26, 2022 · 3 min · 483 words · Heiner
                                        Connecting multiple networks to a Podman container
                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
 When a container was connected to more than one network, outgoing connections were not working correctly.
 Consider a container connected to two bridge networks:
 $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...
                                        October 16, 2022 · 2 min · 274 words · Heiner
                                        Setting up Alpine Linux with Podman
                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
diff --git a/tags/linux/index.xml b/tags/linux/index.xml
index 711d090..2f93c95 100644
--- a/tags/linux/index.xml
+++ b/tags/linux/index.xml
@@ -14,7 +14,7 @@
       Sun, 05 Feb 2023 06:00:00 +0000
       
       https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/
-      You&rsquo;ll probaby know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
+      You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
 I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
 However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.
     

From 0dc0b52c28292b79c27633c7c2eaaebd98727599 Mon Sep 17 00:00:00 2001
From: virtualzone 
Date: Sat, 6 May 2023 16:19:29 +0000
Subject: [PATCH 24/25] deploy: de23379e1f0a864ed36fcc31beda18a372824f5f

---
 404.html                                                      | 2 +-
 categories/index.html                                         | 2 +-
 categories/index.xml                                          | 2 +-
 contact/index.html                                            | 2 +-
 index.html                                                    | 4 ++--
 index.xml                                                     | 2 +-
 page/2/index.html                                             | 4 ++--
 page/3/index.html                                             | 4 ++--
 posts/alpine-docker-rootless/index.html                       | 2 +-
 posts/alpine-podman/index.html                                | 2 +-
 .../index.html                                                | 2 +-
 posts/dns-proxy-forwarder-blackhole/index.html                | 2 +-
 posts/encrypted-file-container-macos/index.html               | 2 +-
 posts/endomono-export-gpx/index.html                          | 2 +-
 posts/fix-docker-not-using-etc-hosts-on-macos/index.html      | 2 +-
 .../index.html                                                | 2 +-
 posts/https-ssl-in-wordpress-behind-proxy/index.html          | 2 +-
 posts/index.html                                              | 2 +-
 posts/index.xml                                               | 2 +-
 posts/ipv6-on-a-sonicwall/index.html                          | 2 +-
 posts/jenkins-build-docker-images/index.html                  | 2 +-
 posts/k3s-glusterfs/index.html                                | 2 +-
 .../lets-encrypt-effs-certbot-with-nginx-in-docker/index.html | 2 +-
 posts/multi-arch-docker-images-1/index.html                   | 2 +-
 posts/multi-arch-docker-images-2/index.html                   | 2 +-
 posts/onedrive-upload-backup/index.html                       | 2 +-
 posts/openrc-podman-kube-play/index.html                      | 2 +-
 posts/page/2/index.html                                       | 2 +-
 posts/page/3/index.html                                       | 2 +-
 posts/podman-multiple-networks/index.html                     | 2 +-
 posts/raspberry-pi-os-remove-packages/index.html              | 2 +-
 posts/reduce-pdf-file-size-2/index.html                       | 2 +-
 posts/reduce-pdf-file-size/index.html                         | 2 +-
 posts/traefik-access-log-influxdb-grafana-telegraf/index.html | 2 +-
 posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html     | 2 +-
 posts/uptime-robot-website-monitoring/index.html              | 2 +-
 posts/usb-boot-raspberry-pi/index.html                        | 2 +-
 privacy-policy/index.html                                     | 2 +-
 tags/api/index.html                                           | 2 +-
 tags/api/index.xml                                            | 2 +-
 tags/docker/index.html                                        | 2 +-
 tags/docker/index.xml                                         | 2 +-
 tags/docker/page/2/index.html                                 | 2 +-
 tags/endonomdo/index.html                                     | 2 +-
 tags/endonomdo/index.xml                                      | 2 +-
 tags/fhem/index.html                                          | 2 +-
 tags/fhem/index.xml                                           | 2 +-
 tags/firewall/index.html                                      | 2 +-
 tags/firewall/index.xml                                       | 2 +-
 tags/github/index.html                                        | 2 +-
 tags/github/index.xml                                         | 2 +-
 tags/google/index.html                                        | 2 +-
 tags/google/index.xml                                         | 2 +-
 tags/homeautomation/index.html                                | 2 +-
 tags/homeautomation/index.xml                                 | 2 +-
 tags/index.html                                               | 2 +-
 tags/index.xml                                                | 2 +-
 tags/ipv6/index.html                                          | 2 +-
 tags/ipv6/index.xml                                           | 2 +-
 tags/kubernetes/index.html                                    | 2 +-
 tags/kubernetes/index.xml                                     | 2 +-
 tags/letsencrypt/index.html                                   | 2 +-
 tags/letsencrypt/index.xml                                    | 2 +-
 tags/linux/index.html                                         | 2 +-
 tags/linux/index.xml                                          | 2 +-
 tags/macos/index.html                                         | 2 +-
 tags/macos/index.xml                                          | 2 +-
 tags/nginx/index.html                                         | 2 +-
 tags/nginx/index.xml                                          | 2 +-
 tags/onedrive/index.html                                      | 2 +-
 tags/onedrive/index.xml                                       | 2 +-
 tags/openhab/index.html                                       | 2 +-
 tags/openhab/index.xml                                        | 2 +-
 tags/proxy/index.html                                         | 2 +-
 tags/proxy/index.xml                                          | 2 +-
 tags/raspberrypi/index.html                                   | 2 +-
 tags/raspberrypi/index.xml                                    | 2 +-
 tags/sonicwall/index.html                                     | 2 +-
 tags/sonicwall/index.xml                                      | 2 +-
 tags/tool/index.html                                          | 2 +-
 tags/tool/index.xml                                           | 2 +-
 tags/wordpress/index.html                                     | 2 +-
 tags/wordpress/index.xml                                      | 2 +-
 83 files changed, 86 insertions(+), 86 deletions(-)

diff --git a/404.html b/404.html
index fa6ad5e..5125613 100644
--- a/404.html
+++ b/404.html
@@ -1,4 +1,4 @@
-404 Page not found | Virtualzone Blog
                                        404
                                        © 2022 Heiner Beck.
+404 Page not found | Virtualzone Blog
                                        404
                                        
\ No newline at end of file
diff --git a/categories/index.html b/categories/index.html
index 90328aa..d16cf36 100644
--- a/categories/index.html
+++ b/categories/index.html
@@ -1,4 +1,4 @@
-Categories | Virtualzone Blog
                                        Categories
                                          © 2022 Heiner Beck.
+Categories | Virtualzone Blog
                                          Categories
                                            
\ No newline at end of file
diff --git a/categories/index.xml b/categories/index.xml
index bab9172..6b35c42 100644
--- a/categories/index.xml
+++ b/categories/index.xml
@@ -6,6 +6,6 @@
     Recent content in Categories on Virtualzone Blog
     Hugo -- gohugo.io
     en-us
-    &copy; 2022 Heiner Beck.
+    &copy; 2023 Heiner Beck.
   
 
diff --git a/contact/index.html b/contact/index.html
index 52b8eb4..f367ba2 100644
--- a/contact/index.html
+++ b/contact/index.html
@@ -17,7 +17,7 @@
 Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">
                                            Home
                                            Contact
                                            Heiner
                                            Heiner Beck
                                            Wilhelm-Busch-Str. 59
                                            60431 Frankfurt am Main
                                            Germany
                                            Email: mail@virtualzone.de
                                            Limitation of liability for internal content
                                            The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.
                                            Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.
                                            The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.
                                            Data protection
                                            Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval.
 Please note that communicating via the internet (such as communication by email) may be harmed by security flaws. A complete protection of data from the access through third parties is not possible.
 We contradict the usage of the contact information published on this website for promotional purposes.
-Please read our privacy policy for information about how we protect your personal information.
                                            Website Impressum erstellt durch impressum-generator.de von der Kanzlei Hasselbach.
                                                
\ No newline at end of file
diff --git a/index.html b/index.html
index f93cad1..8857eff 100644
--- a/index.html
+++ b/index.html
@@ -1,4 +1,4 @@
-Virtualzone Blog
                                                Seatsurfing
                                                Seatsurfing
                                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                                Visit seatsurfing.app
+Virtualzone Blog
                                                Seatsurfing
                                                Seatsurfing
                                                Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.
                                                Visit seatsurfing.app
 
                                                Compose Updater
                                                Automatically check for image updates and restart Docker containers automatically when using Docker Compose.
                                                GitHub Project
 
                                                OneDrive Uploader
                                                Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).
                                                GitHub Project
 
                                                Go-hole
                                                Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.
                                                GitHub Project
@@ -12,7 +12,7 @@
 However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....
                                                June 19, 2022 · 3 min · 479 words · Heiner
                                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing
                                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....
                                                September 3, 2021 · 1 min · 118 words · Heiner
                                                Back up server to OneDrive’s special App Folder
                                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....
                                                September 2, 2021 · 4 min · 682 words · Heiner
                                                Unifi USG: Multiple IP addresses on PPPoE
                                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
 By default, USG only allows for one IP address when dialing in via PPPoE....
                                                August 16, 2021 · 2 min · 353 words · Heiner
                                                Raspberry Pi OS: Remove unnecessary packages
                                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....
                                                June 7, 2020 · 1 min · 161 words · Heiner
                                                Analyze Traefik access log using InfluxDB and Grafana
                                                Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
 This setup contains the following elements:
-Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                                June 3, 2020 · 2 min · 373 words · Heiner
                                                © 2022 Heiner Beck.
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....
                                                June 3, 2020 · 2 min · 373 words · Heiner
                                                
\ No newline at end of file
diff --git a/index.xml b/index.xml
index d498232..2c33be4 100644
--- a/index.xml
+++ b/index.xml
@@ -6,7 +6,7 @@
     Recent content on Virtualzone Blog
     Hugo -- gohugo.io
     en-us
-    &copy; 2022 Heiner Beck.
+    &copy; 2023 Heiner Beck.
     Sun, 05 Feb 2023 06:00:00 +0000
     
       Go-hole: A minimalistic DNS proxy and and blocker
diff --git a/page/2/index.html b/page/2/index.html
index ad834d4..e2ad3be 100644
--- a/page/2/index.html
+++ b/page/2/index.html
@@ -1,4 +1,4 @@
-Virtualzone Blog
                                                Export trainings from Endomondo as GPX files
                                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                                June 1, 2020 · 2 min · 341 words · Heiner
                                                Native USB boot for Raspberry Pi 4
                                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
+Virtualzone Blog
                                                Export trainings from Endomondo as GPX files
                                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....
                                                June 1, 2020 · 2 min · 341 words · Heiner
                                                Native USB boot for Raspberry Pi 4
                                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
 To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....
                                                May 28, 2020 · 2 min · 404 words · Heiner
                                                Build Multi-Arch images on Docker Hub (Part 2)
                                                Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.
 Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....
                                                May 16, 2020 · 3 min · 443 words · Heiner
                                                Build Multi-Arch images on Docker Hub (Part 1)
                                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....
                                                May 15, 2020 · 3 min · 502 words · Heiner
                                                How to let Jenkins build Docker images
                                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
 So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....
                                                June 11, 2017 · 2 min · 370 words · Heiner
                                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
@@ -6,7 +6,7 @@
 version: '2' services: webfrontend: container_name: webfrontend [....
                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                Creating an encrypted file container on macOS
                                                Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....
                                                December 6, 2016 · 2 min · 356 words · Heiner
                                                UptimeRobot: A nice free website monitoring service
                                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....
                                                September 5, 2016 · 1 min · 120 words · Heiner
                                                Fix Docker not using /etc/hosts on MacOS
                                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
 When I executed “docker push” for example, this resulted in “no such hosts” errors:
 Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....
                                                August 28, 2016 · 1 min · 163 words · Heiner
                                                From FHEM to OpenHAB with Homegear: Installation/Docker container
                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....
                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                
\ No newline at end of file
diff --git a/page/3/index.html b/page/3/index.html
index 6b989f2..92b4356 100644
--- a/page/3/index.html
+++ b/page/3/index.html
@@ -1,9 +1,9 @@
-Virtualzone Blog
                                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
+Virtualzone Blog
                                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
 The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....
                                                August 27, 2016 · 2 min · 255 words · Heiner
                                                How to reduce PDF file size in Linux - Part 2
                                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...
                                                August 15, 2015 · 1 min · 75 words · Heiner
                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT
                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....
                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                How to reduce PDF file size in Linux
                                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
 gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen:
 /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....
                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                Determining a location’s federal state using Google Maps API
                                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
-function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                © 2022 Heiner Beck.
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....
                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                
\ No newline at end of file
diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html
index 7f3e50d..7398120 100644
--- a/posts/alpine-docker-rootless/index.html
+++ b/posts/alpine-docker-rootless/index.html
@@ -45,7 +45,7 @@
 $ docker run --rm hello-world
 
                                              Allow ports < 1024 (optional)
                                              By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                                              # echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
                                            \ No newline at end of file diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html index 3145eaf..114e924 100644 --- a/posts/alpine-podman/index.html +++ b/posts/alpine-podman/index.html @@ -64,7 +64,7 @@
                                          • Create a symlink in /etc/init.d/:
                                            # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
                                          • Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                                            # rc-update add pod-traefik

                                            • Update: I’ve improved the OpenRC scripts. Please read the corresponding blog post.

                                            \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index ab004d4..7d44ea5 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -63,7 +63,7 @@ new google.maps.places.Autocomplete(document.getElementById('location'), {}); $('#form').submit(searchLocation); }); -
                                            © 2022 Heiner Beck. +
                                            \ No newline at end of file diff --git a/posts/dns-proxy-forwarder-blackhole/index.html b/posts/dns-proxy-forwarder-blackhole/index.html index 78a7111..922aef1 100644 --- a/posts/dns-proxy-forwarder-blackhole/index.html +++ b/posts/dns-proxy-forwarder-blackhole/index.html @@ -27,7 +27,7 @@ --mount type=bind,source=${PWD}/config.yaml,target=/app/config.yaml \ -p 53:53/udp \ ghcr.io/virtualzone/go-hole:latest -

                                            If you don’t want to run Go-hole with Docker (or Podman, like I do), you can use the pre-built binaries or build Go-hole from source.

                                            Conclusion

                                            I’m using Go-hole for several weeks now as my home network’s DNS server. It has completely replaced Pi-hole for my use cases. I’ve not observed any crashes or instabilities yet. My home network’s DNS resolving times have greatly improved, making web browsing much faster than it has been before. Of course, Pi-hole has a lot more features than Go-hole. My implementation doesn’t feature a web interface and for sure lacks other things you might like. However, none of these features are relevant to me.

                                            I’d be happy to hear about your experience with this Pi-hole alternative.

                                            © 2022 Heiner Beck. +

                                            If you don’t want to run Go-hole with Docker (or Podman, like I do), you can use the pre-built binaries or build Go-hole from source.

                                            Conclusion

                                            I’m using Go-hole for several weeks now as my home network’s DNS server. It has completely replaced Pi-hole for my use cases. I’ve not observed any crashes or instabilities yet. My home network’s DNS resolving times have greatly improved, making web browsing much faster than it has been before. Of course, Pi-hole has a lot more features than Go-hole. My implementation doesn’t feature a web interface and for sure lacks other things you might like. However, none of these features are relevant to me.

                                            I’d be happy to hear about your experience with this Pi-hole alternative.

                                            \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html index d459669..f86a911 100644 --- a/posts/encrypted-file-container-macos/index.html +++ b/posts/encrypted-file-container-macos/index.html @@ -1,6 +1,6 @@ Creating an encrypted file container on macOS | Virtualzone Blog
                                            Home » Posts

                                            Creating an encrypted file container on macOS

                                            December 6, 2016 · 2 min · 356 words · Heiner

                                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

                                            These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

                                            To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

                                            Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

                                            Choose an appropriate name for your image and select the following settings:

                                            • Save as: The filename of your encrypted DMG file.
                                            • Name: A name shown when your DMG file is mounted.
                                            • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                                            • Format: Choose “Mac OS Extended (Journaled)”.
                                            • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                                            • Partitions: Choose “Single Partition – Apple Partition Map”.
                                            • Image Format: Choose “read/write disk image”.

                                            Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

                                            \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html index 20998a3..d4cee38 100644 --- a/posts/endomono-export-gpx/index.html +++ b/posts/endomono-export-gpx/index.html @@ -11,7 +11,7 @@ cd endomondo-exporter npm install

                                            Importing GPX files to Strava is quite easy: You can upload 25 training files at once. There seems to be some rate limiting. I’ve received server errors after several imports. Waiting a few minutes solved that.

                                            \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html index c682b0d..947e98c 100644 --- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -10,7 +10,7 @@

                                            This took a while on my machine, I needed to press Ctrl+C for the login prompt to show up. Log in with “root” (no password required).

                                            Edit the /etc/hosts file in the Docker Host using vi:

                                            vi /etc/hosts

                                            Note: Insert after pressing “i”, save by pressing Escape and then type “:wq” .

                                            Restart the Docker Daemon with:

                                            service docker restart

                                            Detach from the screen session by pressing Ctrl+A, then press D.

                                            Docker should now use the correct /etc/hosts entries.

                                            \ No newline at end of file diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html index baf4954..d497007 100644 --- a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html +++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -60,7 +60,7 @@ currentRFKeyIndex = 1 responseDelay = 60

                                            Some explanations:

                                            • id: The ID printed on the back side of your BidCoS I/O device.
                                            • deviceType: The device type of your BidCoS device (cul, cc1100, coc, cuno, hmcfglan, hmlgw).
                                            • host: The IP address of your I/O interface.
                                            • port: Usually 1000, you probably don’t need to change this.
                                            • lanKey: The AES key used for the communication between Homegear and your I/O interface (for securing the LAN connection). If you’ve been using FHEM before, you’ve probably disabled AES encryption using HomeMatic’s configuration utility, as FHEM doesn’t support encryption. You should add AES encryption later. For a quick start, comment out this line.
                                            • rfKey: A random key used for securing the connection between Homegear and the HomeMatic devices (sensors, actors, etc.). You should note it down somewhere, because if you lose it, you’ll have to re-pair all your devices.

                                            After saving the configuration file, you’ll have to restart the Homegear daemon or the Docker Container running Homegear. Take a look at the logs in /var/log/homegear/homegear.log to find out if Homegear successfully connects to the BidCoS device.

                                            Connecting OpenHAB to Homegear

                                            • Browse to OpenHAB’s web interface at port 8080 (such as http://localhost:8080).
                                            • Select the Paper UI (this one is new in OpenHAB 2).
                                            • Go to “Extensions” and install “HomeMatic Binding”.
                                            • Go to “Configuration” -> “Things”. Two new things should be detected automatically: “Homegear” and “GATEWAY-EXTRAS”. Add both of them. They should be indicated as “ONLINE” afterwards.

                                            That’s it – for now…

                                            Congratulations: You’ve mastered the essential steps of setting up OpenHAB for your HomeMatic based smart home! Next time, I’ll write about adding HomeMatic devices to OpenHAB using Homegear.

                                            \ No newline at end of file diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html index f1fdac1..9871be0 100644 --- a/posts/https-ssl-in-wordpress-behind-proxy/index.html +++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html @@ -8,7 +8,7 @@ proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;
                                            • Install and activate the SSL Insecure Content Fixer plugin in your WordPress installation’s admin panel.
                                            • Navigate to Settings -> SSL Insecure Content.
                                            • Set “HTTPS detection” to “HTTP_X_FORWARDED_PROTO (e.g. load balancer, reverse proxy, NginX)”.
                                            • Navigate to Settings -> General.
                                            • Set the “WordPress Address (URL)” and “Site Address (URL)” to your new HTTPS address.
                                            • Check if everything is working as expected.
                                            \ No newline at end of file diff --git a/posts/index.html b/posts/index.html index 14583e0..6d27914 100644 --- a/posts/index.html +++ b/posts/index.html @@ -9,7 +9,7 @@ However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                            June 19, 2022 · 3 min · 479 words · Heiner

                                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                            September 3, 2021 · 1 min · 118 words · Heiner

                                            Back up server to OneDrive’s special App Folder

                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                            September 2, 2021 · 4 min · 682 words · Heiner

                                            Unifi USG: Multiple IP addresses on PPPoE

                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE....

                                            August 16, 2021 · 2 min · 353 words · Heiner

                                            Raspberry Pi OS: Remove unnecessary packages

                                            Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                            June 7, 2020 · 1 min · 161 words · Heiner

                                            Analyze Traefik access log using InfluxDB and Grafana

                                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                            June 3, 2020 · 2 min · 373 words · Heiner
                                            © 2022 Heiner Beck. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                            June 3, 2020 · 2 min · 373 words · Heiner
                                            \ No newline at end of file diff --git a/posts/index.xml b/posts/index.xml index 39745df..f85d072 100644 --- a/posts/index.xml +++ b/posts/index.xml @@ -6,7 +6,7 @@ Recent content in Posts on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 05 Feb 2023 06:00:00 +0000 Go-hole: A minimalistic DNS proxy and and blocker diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html index 80d8a77..93a6271 100644 --- a/posts/ipv6-on-a-sonicwall/index.html +++ b/posts/ipv6-on-a-sonicwall/index.html @@ -1,7 +1,7 @@ How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog
                                            Home » Posts

                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                            November 20, 2014 · 2 min · 372 words · Heiner

                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.

                                            The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.

                                            1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).

                                            2. Go to Network -> Interfaces and select to view IPv6.

                                            • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                                            • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                                            • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                                            • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.

                                            1. Go to Network -> Address Objects and select to view IPv6. Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.

                                            2. Go to Network -> NAT Policies and select to view IPv6.

                                            • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                                            • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                                            1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                                            \ No newline at end of file diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html index 02091e7..f009343 100644 --- a/posts/jenkins-build-docker-images/index.html +++ b/posts/jenkins-build-docker-images/index.html @@ -21,7 +21,7 @@

                                            These lines build the Docker image, log in to Docker Hub and push the recently built image.

                                            Update:

                                            If you want to use docker-compose from your Jenkins Docker container as well, add these lines to your Dockerfile:

                                            RUN apk add py-pip
 RUN pip install docker-compose
                                            \ No newline at end of file diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html index a123cd6..0bae04c 100644 --- a/posts/k3s-glusterfs/index.html +++ b/posts/k3s-glusterfs/index.html @@ -1,6 +1,6 @@ Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog
                                            Home » Posts

                                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                            September 3, 2021 · 1 min · 118 words · Heiner

                                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

                                            Read the tutorial in Hetzner’s Online Community.

                                            \ No newline at end of file diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html index f500161..62a2d86 100644 --- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html +++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -47,7 +47,7 @@

                                            The script starts CertBot in a Docker Container for each requested certificate. Because the /etc/letsencrypt and the /var/www/.well-known directory is also used by my NGINX front-end Container (see above), these steps can be performed by the script:

                                            1. Using the webroot plugin, a random file is created under the /.well-known/acme-challenge/ directory.
                                            2. Let’s Encrypt can access and verify this file as the folder is aliased using the Location blocks in the NGINX config.
                                            3. The generated private key and public certificate is placed in /etc/letsencrypt/, which is in turn a volume for the NGINX web-frontend.

                                            You can use the generated certificates by adding these two lines to your NGINX vhost config:

                                            ssl_certificate     /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
                                            \ No newline at end of file diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html index e2405b2..e8c7bda 100644 --- a/posts/multi-arch-docker-images-1/index.html +++ b/posts/multi-arch-docker-images-1/index.html @@ -59,7 +59,7 @@ chmod +x manifest-tool ./manifest-tool push from-spec multi-arch-manifest.yaml

                                            Damit ist Euer Projekt vorbereitet und bereit für Multi-Arch-Builds.

                                            Im nächsten Teil zeige ich Euch, wie Ihr die “Automated Builds” im Docker Hub konfiguriert, um den Multi-Arch-Build auch tatsächlich durchzuführen.

                                            \ No newline at end of file diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html index 48f47fc..cb9acbf 100644 --- a/posts/multi-arch-docker-images-2/index.html +++ b/posts/multi-arch-docker-images-2/index.html @@ -8,7 +8,7 @@ Der Trick ist, dass das “ungetaggte” Image alle anderen Architektur-Images zugeordnet bekommt. Dadurch kann ein Anwender, der “docker run” oder “docker pull” auf Euer Image durchführt, das für seine Architektur passende Image automatisch laden, ohne explizit die Plattform nennen zu müssen. Ein Mac zieht somit das AMD64-Image, während ein Raspbian das ARM32V7-Image lädt und ein Raspberry Pi 4 mit 64bit-Ubuntu das ARM64V8 Image. Alles ohne weiteres zutun.

                                            Das war es dann auch schon mit der Konfiguration. Ein Klick auf “Save and Build” stellt die ausstehenden Builds (hier fünf an der Zahl) in die Warteschlange. Meiner Erfahrung nach kann es auf der Docker Hub Infrastruktur auch für einfache Images durchaus ein paar Stunden dauern, bis alle Images gebaut wurden. Was schon erledigt ist und was noch aussteht, könnt Ihr unter “Recent Builds” verfolgen.

                                            Die Recent Builds geben Auskunft über die noch ausstehenden und schon erfolgten Automated Builds. Ihr werdet sehen, dass die ersten Builds als fehlgeschlagen markiert werden. Das ist völlig normal! Ein Blick in die Build Logs zeigt den nachvollziehbaren Grund: Nach jedem Build wird das multi-arch-manifest.yaml Docker-Manifest angewandt. Bevor das letzte Ziel-Architektur.Image aber nicht fertig gebaut wurde, können nicht alle Architektur-Images dem “ungetaggten” Image hinzugefügt werden und das Build schlägt augenscheinlich fehl.

                                            Kein Grund zur Sorge: Der Fehler “failed with error: manifest unknown: manifest unknown”. Tatsächlich wurde das jeweilige Image aber (hoffentlich) erfolgreich gebaut und gepusht. Erst beim letzten Multi-Arch-Image kann das Manifest-Tool dann auch erfolgreich seine Arbeit verrichten und die Architekturen verknüpfen. Lasst Euch davon also nicht aus der Ruhe bringen und beobachtet die Build Logs aufmerksam.

                                            Ich wünsche Euch viel Spaß mit den Multi-Arch-Images im Docker Hub!

                                            \ No newline at end of file diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html index 45ef46c..397a92e 100644 --- a/posts/onedrive-upload-backup/index.html +++ b/posts/onedrive-upload-backup/index.html @@ -29,7 +29,7 @@ fi done

                                            This bash script uploads all files from the local directory $TARGET to its app folder in your OneDrive. It creates a sub-folder named YYYY-MM-DD (i.e. 2021-08-30). For each file, after having finished the upload, it checks she SHA256 hash so that you can be sure the upload is intact.

                                            \ No newline at end of file diff --git a/posts/openrc-podman-kube-play/index.html b/posts/openrc-podman-kube-play/index.html index 2d349b4..57718ec 100644 --- a/posts/openrc-podman-kube-play/index.html +++ b/posts/openrc-podman-kube-play/index.html @@ -59,7 +59,7 @@ rc-update add pod-xyz

                                            Use rc-service to start and stop your Pod:

                                            doas rc-service pod-xyz start
                                            \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html index 6f6b879..f721017 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -7,7 +7,7 @@ version: '2' services: webfrontend: container_name: webfrontend [....

                                            February 11, 2017 · 2 min · 287 words · Heiner

                                            Creating an encrypted file container on macOS

                                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                            December 6, 2016 · 2 min · 356 words · Heiner

                                            UptimeRobot: A nice free website monitoring service

                                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                            September 5, 2016 · 1 min · 120 words · Heiner

                                            Fix Docker not using /etc/hosts on MacOS

                                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                            August 28, 2016 · 1 min · 163 words · Heiner

                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                            \ No newline at end of file diff --git a/posts/page/3/index.html b/posts/page/3/index.html index 4059ac7..7ffdb2e 100644 --- a/posts/page/3/index.html +++ b/posts/page/3/index.html @@ -4,7 +4,7 @@ gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                            August 15, 2015 · 1 min · 75 words · Heiner

                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                            November 20, 2014 · 2 min · 372 words · Heiner

                                            How to reduce PDF file size in Linux

                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                            November 21, 2012 · 1 min · 98 words · Heiner

                                            Determining a location’s federal state using Google Maps API

                                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                            August 10, 2012 · 1 min · 162 words · Heiner
                                            © 2022 Heiner Beck. +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                            August 10, 2012 · 1 min · 162 words · Heiner
                                            \ No newline at end of file diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html index ebdc380..ba87beb 100644 --- a/posts/podman-multiple-networks/index.html +++ b/posts/podman-multiple-networks/index.html @@ -30,7 +30,7 @@

                                            The solution

                                            The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.

                                            On my Alpine system, rp_filter was set to 1 by default. The setting controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.

                                            You can try the solution temporarily by running:

                                            # sysctl -w net.ipv4.conf.all.rp_filter=2

                                            To survive the next reboot, persist the setting by adding it to /etc/sysctl.conf:

                                            # echo "net.ipv4.conf.all.rp_filter=2" >> /etc/sysctl.conf

                                            For more information, you can take a look at this article.

                                            \ No newline at end of file diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html index c1c8829..d52c508 100644 --- a/posts/raspberry-pi-os-remove-packages/index.html +++ b/posts/raspberry-pi-os-remove-packages/index.html @@ -11,7 +11,7 @@ xdg-* sudo apt-get autoremove --purge \ No newline at end of file diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html index 9cda912..674cdc3 100644 --- a/posts/reduce-pdf-file-size-2/index.html +++ b/posts/reduce-pdf-file-size-2/index.html @@ -12,7 +12,7 @@ -sOutputFile=output.pdf input.pdf

                                            Hint: This also works on MacOS. Just install GhostScript using Homebrew:

                                            brew install ghostscript
                                            \ No newline at end of file diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html index 0ce8a0b..6754888 100644 --- a/posts/reduce-pdf-file-size/index.html +++ b/posts/reduce-pdf-file-size/index.html @@ -8,7 +8,7 @@ /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
                                            Home » Posts

                                            How to reduce PDF file size in Linux

                                            November 21, 2012 · 1 min · 98 words · Heiner

                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:

                                            gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf

                                            You can also use the following parameters for -dPDFSETTINGS instead of /screen:

                                            • /screen – Lowest quality, lowest size
                                            • /ebook – Moderate quality
                                            • /printer – Good quality
                                            • /prepress – Best quality, highest size

                                            Update: Read Part 2 of this blog post for more detailled file size reduction settings.

                                            Hint: This also works on MacOS. Just install GhostScript using Homebrew:

                                            brew install ghostscript
                                            \ No newline at end of file diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html index 85f2f8b..5d49ff9 100644 --- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html +++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -48,7 +48,7 @@ username = "telegraf" password = "..."

                                            Important settings are:

                                            • container_name_include specifies from which container instance the logs are collected. It’s our Traefik instance.
                                            • parse_fields specifies which input field is to be processed. It’s the field “message”.
                                            • json_string_fields specifies which values from the read JSON object are to be written to InfluxDB as string fields. If not specified, all non-numeric fields are dropped.
                                            • json_time_key and the other json_time settings specify in which JSON keys and in which date-time format the timestamps for our log entries are contained.
                                            • The output plugin needs to be configured so that Telegraf can connect to the InfluxDB.

                                            This is just meant to be an example. Please mind applicable law when storing, processing and using the access logs – such as GDPR in the European Union.

                                            \ No newline at end of file diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html index b50dd53..57527fb 100644 --- a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html +++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -41,7 +41,7 @@ } }

                                            3. Trigger a provision of your new config to your USG

                                            Log in to your Unifi Network Controller. Navigate to “Devices” and choose your Unifi Security Gateway. Go to “Device”, select “Manage” and click “Trigger Provision”.

                                            img

                                            4. Test your configuration

                                            From a system outside your network, try to reach the configured port by using nmap, curl or a web browser.

                                            \ No newline at end of file diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html index 2a44c79..714e2a9 100644 --- a/posts/uptime-robot-website-monitoring/index.html +++ b/posts/uptime-robot-website-monitoring/index.html @@ -1,6 +1,6 @@ UptimeRobot: A nice free website monitoring service | Virtualzone Blog
                                            Home » Posts

                                            UptimeRobot: A nice free website monitoring service

                                            September 5, 2016 · 1 min · 120 words · Heiner

                                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).

                                            I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.

                                            \ No newline at end of file diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html index e32f64e..3f26476 100644 --- a/posts/usb-boot-raspberry-pi/index.html +++ b/posts/usb-boot-raspberry-pi/index.html @@ -12,7 +12,7 @@

                                            After the reboot, the following command should state that the new beta firmware has been installed:

                                            sudo rpi-eeprom-update

                                            Alternatively, you can flash the new EEPROM version by downloading it from the GitHub repository and run the following command:

                                            sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin

                                            Prepare an SSD for USB boot

                                            To make your Raspberry Pi boot from an USB drive (such as an SSD, an external hard drive or an USB thumb drive), use the Raspberry Pi Imager to write Raspberry Pi OS to your USB drive.

                                            Finally, connect the USB drive to your Raspberry Pi 4, remove the SD card, and connect the power cord. Watch your Pi boot from USB - without any SD Card workaround.

                                            \ No newline at end of file diff --git a/privacy-policy/index.html b/privacy-policy/index.html index 679c011..eb06450 100644 --- a/privacy-policy/index.html +++ b/privacy-policy/index.html @@ -5,7 +5,7 @@ Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible. Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
                                            Home

                                            Privacy Policy

                                            Heiner

                                            We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.

                                            Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

                                            Personal data stored

                                            The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

                                            Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

                                            If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

                                            The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

                                            Which personal data we store

                                            You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

                                            Where we store your data

                                            Our servers are located in Germany.

                                            Your rights according to General Data Protection Regulation (GDPR)

                                            According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

                                            • Right to have your data corrected (article 16 DSGVO)
                                            • Right to have your data deleted (article 17 DSGVO)
                                            • Right to limit the processing of your data (article 18 DSGVO)
                                            • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                                            • Right to data portability (article 20 DSGVO)
                                            • Right to refuse (article 21 DSGVO)
                                            • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

                                            If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

                                            Where we send your data

                                            We will not share your data with third parties.

                                            TLS encryption using HTTPS

                                            In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

                                            Web Analytics

                                            For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

                                            Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

                                              © 2022 Heiner Beck. +Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
                                              Home

                                              Privacy Policy

                                              Heiner

                                              We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.

                                              Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

                                              Personal data stored

                                              The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

                                              Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

                                              If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

                                              The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

                                              Which personal data we store

                                              You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

                                              Where we store your data

                                              Our servers are located in Germany.

                                              Your rights according to General Data Protection Regulation (GDPR)

                                              According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

                                              • Right to have your data corrected (article 16 DSGVO)
                                              • Right to have your data deleted (article 17 DSGVO)
                                              • Right to limit the processing of your data (article 18 DSGVO)
                                              • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                                              • Right to data portability (article 20 DSGVO)
                                              • Right to refuse (article 21 DSGVO)
                                              • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

                                              If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

                                              Where we send your data

                                              We will not share your data with third parties.

                                              TLS encryption using HTTPS

                                              In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

                                              Cloudflare

                                              We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

                                              Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

                                              The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

                                              Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/

                                              For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/

                                              Web Analytics

                                              For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

                                              Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

                                                \ No newline at end of file diff --git a/tags/api/index.html b/tags/api/index.html index d466b36..c405f3b 100644 --- a/tags/api/index.html +++ b/tags/api/index.html @@ -1,6 +1,6 @@ api | Virtualzone Blog
                                                Home » Tags

                                                api

                                                Export trainings from Endomondo as GPX files

                                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                June 1, 2020 · 2 min · 341 words · Heiner

                                                Determining a location’s federal state using Google Maps API

                                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                © 2022 Heiner Beck. +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                \ No newline at end of file diff --git a/tags/api/index.xml b/tags/api/index.xml index 4fb2e81..37cfc61 100644 --- a/tags/api/index.xml +++ b/tags/api/index.xml @@ -6,7 +6,7 @@ Recent content in api on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Mon, 01 Jun 2020 11:30:03 +0000 Export trainings from Endomondo as GPX files diff --git a/tags/docker/index.html b/tags/docker/index.html index a90949a..aede8ae 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -12,7 +12,7 @@ Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                May 16, 2020 · 3 min · 443 words · Heiner

                                                Build Multi-Arch images on Docker Hub (Part 1)

                                                Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                May 15, 2020 · 3 min · 502 words · Heiner

                                                How to let Jenkins build Docker images

                                                If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                June 11, 2017 · 2 min · 370 words · Heiner

                                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                © 2022 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml index b8fb622..fdd873f 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -6,7 +6,7 @@ Recent content in docker on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 05 Feb 2023 06:00:00 +0000 Go-hole: A minimalistic DNS proxy and and blocker diff --git a/tags/docker/page/2/index.html b/tags/docker/page/2/index.html index 3500584..d1f97fe 100644 --- a/tags/docker/page/2/index.html +++ b/tags/docker/page/2/index.html @@ -1,7 +1,7 @@ docker | Virtualzone Blog
                                                Home » Tags

                                                docker

                                                Fix Docker not using /etc/hosts on MacOS

                                                On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                August 28, 2016 · 1 min · 163 words · Heiner

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                © 2022 Heiner Beck. +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                August 28, 2016 · 1 min · 163 words · Heiner

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                \ No newline at end of file diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html index fbe278b..cadc4c5 100644 --- a/tags/endonomdo/index.html +++ b/tags/endonomdo/index.html @@ -1,5 +1,5 @@ endonomdo | Virtualzone Blog
                                                Home » Tags

                                                endonomdo -

                                                Export trainings from Endomondo as GPX files

                                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                June 1, 2020 · 2 min · 341 words · Heiner
                                                © 2022 Heiner Beck. +

                                                Export trainings from Endomondo as GPX files

                                                I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                June 1, 2020 · 2 min · 341 words · Heiner
                                                \ No newline at end of file diff --git a/tags/endonomdo/index.xml b/tags/endonomdo/index.xml index 49648ee..3bd56f5 100644 --- a/tags/endonomdo/index.xml +++ b/tags/endonomdo/index.xml @@ -6,7 +6,7 @@ Recent content in endonomdo on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Mon, 01 Jun 2020 11:30:03 +0000 Export trainings from Endomondo as GPX files diff --git a/tags/fhem/index.html b/tags/fhem/index.html index 3c0cdf5..d4b16e0 100644 --- a/tags/fhem/index.html +++ b/tags/fhem/index.html @@ -1,5 +1,5 @@ fhem | Virtualzone Blog
                                                Home » Tags

                                                fhem -

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                © 2022 Heiner Beck. +

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                \ No newline at end of file diff --git a/tags/fhem/index.xml b/tags/fhem/index.xml index e7be4ea..8c00fb2 100644 --- a/tags/fhem/index.xml +++ b/tags/fhem/index.xml @@ -6,7 +6,7 @@ Recent content in fhem on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 28 Aug 2016 11:30:03 +0000 From FHEM to OpenHAB with Homegear: Installation/Docker container diff --git a/tags/firewall/index.html b/tags/firewall/index.html index a5f64f7..b4b3440 100644 --- a/tags/firewall/index.html +++ b/tags/firewall/index.html @@ -1,5 +1,5 @@ firewall | Virtualzone Blog
                                                Home » Tags

                                                firewall -

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                © 2022 Heiner Beck. +

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                \ No newline at end of file diff --git a/tags/firewall/index.xml b/tags/firewall/index.xml index cbf2544..df96573 100644 --- a/tags/firewall/index.xml +++ b/tags/firewall/index.xml @@ -6,7 +6,7 @@ Recent content in firewall on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 20 Nov 2014 11:30:03 +0000 How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT diff --git a/tags/github/index.html b/tags/github/index.html index be69e75..4fb3f29 100644 --- a/tags/github/index.html +++ b/tags/github/index.html @@ -1,6 +1,6 @@ github | Virtualzone Blog
                                                Home » Tags

                                                github

                                                Back up server to OneDrive’s special App Folder

                                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                September 2, 2021 · 4 min · 682 words · Heiner

                                                Unifi USG: Multiple IP addresses on PPPoE

                                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                August 16, 2021 · 2 min · 353 words · Heiner
                                                © 2022 Heiner Beck. +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                August 16, 2021 · 2 min · 353 words · Heiner
                                                \ No newline at end of file diff --git a/tags/github/index.xml b/tags/github/index.xml index 84cf181..a7f1fd8 100644 --- a/tags/github/index.xml +++ b/tags/github/index.xml @@ -6,7 +6,7 @@ Recent content in github on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 02 Sep 2021 11:30:03 +0000 Back up server to OneDrive’s special App Folder diff --git a/tags/google/index.html b/tags/google/index.html index 115bbd1..4d9fe5c 100644 --- a/tags/google/index.html +++ b/tags/google/index.html @@ -1,6 +1,6 @@ google | Virtualzone Blog
                                                Home » Tags

                                                google

                                                Determining a location’s federal state using Google Maps API

                                                If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                © 2022 Heiner Beck. +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                August 10, 2012 · 1 min · 162 words · Heiner
                                                \ No newline at end of file diff --git a/tags/google/index.xml b/tags/google/index.xml index 7e0aaa7..f48d1ab 100644 --- a/tags/google/index.xml +++ b/tags/google/index.xml @@ -6,7 +6,7 @@ Recent content in google on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Fri, 10 Aug 2012 11:30:03 +0000 Determining a location’s federal state using Google Maps API diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html index fc109af..bcd920a 100644 --- a/tags/homeautomation/index.html +++ b/tags/homeautomation/index.html @@ -1,5 +1,5 @@ homeautomation | Virtualzone Blog
                                                Home » Tags

                                                homeautomation -

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                © 2022 Heiner Beck. +

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                \ No newline at end of file diff --git a/tags/homeautomation/index.xml b/tags/homeautomation/index.xml index 6f3a28b..af6c1f8 100644 --- a/tags/homeautomation/index.xml +++ b/tags/homeautomation/index.xml @@ -6,7 +6,7 @@ Recent content in homeautomation on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 28 Aug 2016 11:30:03 +0000 From FHEM to OpenHAB with Homegear: Installation/Docker container diff --git a/tags/index.html b/tags/index.html index bbd4574..7284df0 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,4 @@ -Tags | Virtualzone Blog

                                                Tags

                                                © 2022 Heiner Beck. +Tags | Virtualzone Blog

                                                Tags

                                                \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index 6ca68b0..baa98d1 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -6,7 +6,7 @@ Recent content in Tags on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 05 Feb 2023 06:00:00 +0000 docker diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html index c9384bb..a271e9b 100644 --- a/tags/ipv6/index.html +++ b/tags/ipv6/index.html @@ -1,5 +1,5 @@ ipv6 | Virtualzone Blog
                                                Home » Tags

                                                ipv6 -

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                © 2022 Heiner Beck. +

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                \ No newline at end of file diff --git a/tags/ipv6/index.xml b/tags/ipv6/index.xml index 7f14bdc..6efdab6 100644 --- a/tags/ipv6/index.xml +++ b/tags/ipv6/index.xml @@ -6,7 +6,7 @@ Recent content in ipv6 on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 20 Nov 2014 11:30:03 +0000 How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html index a8d696c..684b8f6 100644 --- a/tags/kubernetes/index.html +++ b/tags/kubernetes/index.html @@ -1,5 +1,5 @@ kubernetes | Virtualzone Blog
                                                Home » Tags

                                                kubernetes -

                                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                September 3, 2021 · 1 min · 118 words · Heiner
                                                © 2022 Heiner Beck. +

                                                Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                September 3, 2021 · 1 min · 118 words · Heiner
                                                \ No newline at end of file diff --git a/tags/kubernetes/index.xml b/tags/kubernetes/index.xml index cddef16..6748024 100644 --- a/tags/kubernetes/index.xml +++ b/tags/kubernetes/index.xml @@ -6,7 +6,7 @@ Recent content in kubernetes on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Fri, 03 Sep 2021 11:30:03 +0000 Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html index 3aeaa17..8f14bec 100644 --- a/tags/letsencrypt/index.html +++ b/tags/letsencrypt/index.html @@ -1,7 +1,7 @@ letsencrypt | Virtualzone Blog
                                                Home » Tags

                                                letsencrypt

                                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                © 2022 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                \ No newline at end of file diff --git a/tags/letsencrypt/index.xml b/tags/letsencrypt/index.xml index 3e39831..e0c62b4 100644 --- a/tags/letsencrypt/index.xml +++ b/tags/letsencrypt/index.xml @@ -6,7 +6,7 @@ Recent content in letsencrypt on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sat, 11 Feb 2017 11:30:03 +0000 Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker diff --git a/tags/linux/index.html b/tags/linux/index.html index 6e6f962..c4886ca 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -9,7 +9,7 @@ However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                June 19, 2022 · 3 min · 479 words · Heiner

                                                How to reduce PDF file size in Linux - Part 2

                                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                August 15, 2015 · 1 min · 75 words · Heiner

                                                How to reduce PDF file size in Linux

                                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                © 2022 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                \ No newline at end of file diff --git a/tags/linux/index.xml b/tags/linux/index.xml index 2f93c95..6e279eb 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -6,7 +6,7 @@ Recent content in linux on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 05 Feb 2023 06:00:00 +0000 Go-hole: A minimalistic DNS proxy and and blocker diff --git a/tags/macos/index.html b/tags/macos/index.html index c4175a0..3dac20b 100644 --- a/tags/macos/index.html +++ b/tags/macos/index.html @@ -4,7 +4,7 @@ Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                August 28, 2016 · 1 min · 163 words · Heiner

                                                How to reduce PDF file size in Linux - Part 2

                                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                August 15, 2015 · 1 min · 75 words · Heiner

                                                How to reduce PDF file size in Linux

                                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                © 2022 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                \ No newline at end of file diff --git a/tags/macos/index.xml b/tags/macos/index.xml index b9cc72a..55ae682 100644 --- a/tags/macos/index.xml +++ b/tags/macos/index.xml @@ -6,7 +6,7 @@ Recent content in macos on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Tue, 06 Dec 2016 11:30:03 +0000 Creating an encrypted file container on macOS diff --git a/tags/nginx/index.html b/tags/nginx/index.html index c1ba02f..fd5f43d 100644 --- a/tags/nginx/index.html +++ b/tags/nginx/index.html @@ -1,7 +1,7 @@ nginx | Virtualzone Blog
                                                Home » Tags

                                                nginx

                                                Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                © 2022 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                February 11, 2017 · 2 min · 287 words · Heiner
                                                \ No newline at end of file diff --git a/tags/nginx/index.xml b/tags/nginx/index.xml index adc42ae..aa5f415 100644 --- a/tags/nginx/index.xml +++ b/tags/nginx/index.xml @@ -6,7 +6,7 @@ Recent content in nginx on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sat, 11 Feb 2017 11:30:03 +0000 Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html index 8ee108a..9330b67 100644 --- a/tags/onedrive/index.html +++ b/tags/onedrive/index.html @@ -1,6 +1,6 @@ onedrive | Virtualzone Blog
                                                Home » Tags

                                                onedrive

                                                Back up server to OneDrive’s special App Folder

                                                I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                September 2, 2021 · 4 min · 682 words · Heiner

                                                Unifi USG: Multiple IP addresses on PPPoE

                                                My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                August 16, 2021 · 2 min · 353 words · Heiner
                                                © 2022 Heiner Beck. +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                August 16, 2021 · 2 min · 353 words · Heiner
                                                \ No newline at end of file diff --git a/tags/onedrive/index.xml b/tags/onedrive/index.xml index b075f92..67a65a4 100644 --- a/tags/onedrive/index.xml +++ b/tags/onedrive/index.xml @@ -6,7 +6,7 @@ Recent content in onedrive on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 02 Sep 2021 11:30:03 +0000 Back up server to OneDrive’s special App Folder diff --git a/tags/openhab/index.html b/tags/openhab/index.html index 964c442..5f7ad97 100644 --- a/tags/openhab/index.html +++ b/tags/openhab/index.html @@ -1,5 +1,5 @@ openhab | Virtualzone Blog
                                                Home » Tags

                                                openhab -

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                © 2022 Heiner Beck. +

                                                From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                August 28, 2016 · 6 min · 1084 words · Heiner
                                                \ No newline at end of file diff --git a/tags/openhab/index.xml b/tags/openhab/index.xml index eb88ad4..c1cfa88 100644 --- a/tags/openhab/index.xml +++ b/tags/openhab/index.xml @@ -6,7 +6,7 @@ Recent content in openhab on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 28 Aug 2016 11:30:03 +0000 From FHEM to OpenHAB with Homegear: Installation/Docker container diff --git a/tags/proxy/index.html b/tags/proxy/index.html index 1029225..107415a 100644 --- a/tags/proxy/index.html +++ b/tags/proxy/index.html @@ -1,6 +1,6 @@ proxy | Virtualzone Blog
                                                Home » Tags

                                                proxy

                                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                August 27, 2016 · 2 min · 255 words · Heiner
                                                © 2022 Heiner Beck. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                August 27, 2016 · 2 min · 255 words · Heiner
                                                \ No newline at end of file diff --git a/tags/proxy/index.xml b/tags/proxy/index.xml index 8739084..b39bbf6 100644 --- a/tags/proxy/index.xml +++ b/tags/proxy/index.xml @@ -6,7 +6,7 @@ Recent content in proxy on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sat, 27 Aug 2016 11:30:03 +0000 How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html index f86b800..d733299 100644 --- a/tags/raspberrypi/index.html +++ b/tags/raspberrypi/index.html @@ -1,6 +1,6 @@ raspberrypi | Virtualzone Blog
                                                Home » Tags

                                                raspberrypi

                                                Raspberry Pi OS: Remove unnecessary packages

                                                Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                June 7, 2020 · 1 min · 161 words · Heiner

                                                Native USB boot for Raspberry Pi 4

                                                Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                May 28, 2020 · 2 min · 404 words · Heiner
                                                © 2022 Heiner Beck. +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                May 28, 2020 · 2 min · 404 words · Heiner
                                                \ No newline at end of file diff --git a/tags/raspberrypi/index.xml b/tags/raspberrypi/index.xml index fa29a9f..ed7cfca 100644 --- a/tags/raspberrypi/index.xml +++ b/tags/raspberrypi/index.xml @@ -6,7 +6,7 @@ Recent content in raspberrypi on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sun, 07 Jun 2020 11:30:03 +0000 Raspberry Pi OS: Remove unnecessary packages diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html index 516edb2..e802755 100644 --- a/tags/sonicwall/index.html +++ b/tags/sonicwall/index.html @@ -1,5 +1,5 @@ sonicwall | Virtualzone Blog
                                                Home » Tags

                                                sonicwall -

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                © 2022 Heiner Beck. +

                                                How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                November 20, 2014 · 2 min · 372 words · Heiner
                                                \ No newline at end of file diff --git a/tags/sonicwall/index.xml b/tags/sonicwall/index.xml index 4764d95..471119c 100644 --- a/tags/sonicwall/index.xml +++ b/tags/sonicwall/index.xml @@ -6,7 +6,7 @@ Recent content in sonicwall on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 20 Nov 2014 11:30:03 +0000 How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT diff --git a/tags/tool/index.html b/tags/tool/index.html index c731578..700fae8 100644 --- a/tags/tool/index.html +++ b/tags/tool/index.html @@ -3,7 +3,7 @@ By default, USG only allows for one IP address when dialing in via PPPoE....

                                                August 16, 2021 · 2 min · 353 words · Heiner

                                                UptimeRobot: A nice free website monitoring service

                                                Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                September 5, 2016 · 1 min · 120 words · Heiner

                                                How to reduce PDF file size in Linux - Part 2

                                                Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                August 15, 2015 · 1 min · 75 words · Heiner

                                                How to reduce PDF file size in Linux

                                                Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                © 2022 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                November 21, 2012 · 1 min · 98 words · Heiner
                                                \ No newline at end of file diff --git a/tags/tool/index.xml b/tags/tool/index.xml index c3e1a92..15c0a3f 100644 --- a/tags/tool/index.xml +++ b/tags/tool/index.xml @@ -6,7 +6,7 @@ Recent content in tool on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Thu, 02 Sep 2021 11:30:03 +0000 Back up server to OneDrive’s special App Folder diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html index d3096fa..0eb6f46 100644 --- a/tags/wordpress/index.html +++ b/tags/wordpress/index.html @@ -1,6 +1,6 @@ wordpress | Virtualzone Blog
                                                Home » Tags

                                                wordpress

                                                How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                August 27, 2016 · 2 min · 255 words · Heiner
                                                © 2022 Heiner Beck. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                August 27, 2016 · 2 min · 255 words · Heiner
                                                \ No newline at end of file diff --git a/tags/wordpress/index.xml b/tags/wordpress/index.xml index b682e2a..585c45f 100644 --- a/tags/wordpress/index.xml +++ b/tags/wordpress/index.xml @@ -6,7 +6,7 @@ Recent content in wordpress on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2022 Heiner Beck. + &copy; 2023 Heiner Beck. Sat, 27 Aug 2016 11:30:03 +0000 How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) From ec1e9f6b25c2c22009a578f8864c308722ba8832 Mon Sep 17 00:00:00 2001 From: virtualzone Date: Tue, 26 Mar 2024 10:27:01 +0000 Subject: [PATCH 25/25] deploy: 002357e3cc3bed009ad6f94acffca4ba62bcc8d7 --- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- .../index.html | 3 +- 404.html | 6 +- ...b16251b777ddd288ea022ed111e17641315b10.css | 7 -- ...f5101a1dffdd888f59d5001629341f526dc65d.css | 7 ++ ...632408e58ac146fbdbe62747134bea2fa3415e0.js | 44 --------- categories/index.html | 6 +- categories/index.xml | 3 +- contact/index.html | 28 +++--- index.html | 27 +++--- index.xml | 66 ++------------ page/1/index.html | 3 +- page/2/index.html | 18 ++-- page/3/index.html | 14 +-- posts/alpine-docker-rootless/index.html | 15 ++-- posts/alpine-podman/index.html | 15 ++-- .../index.html | 13 +-- .../dns-proxy-forwarder-blackhole/index.html | 13 +-- .../encrypted-file-container-macos/index.html | 9 +- posts/endomono-export-gpx/index.html | 11 +-- .../index.html | 15 ++-- .../index.html | 11 +-- .../index.html | 15 ++-- posts/index.html | 20 +++-- posts/index.xml | 55 +----------- posts/ipv6-on-a-sonicwall/index.html | 11 +-- posts/jenkins-build-docker-images/index.html | 15 ++-- posts/k3s-glusterfs/index.html | 9 +- .../index.html | 15 ++-- posts/multi-arch-docker-images-1/index.html | 11 +-- posts/multi-arch-docker-images-2/index.html | 15 ++-- posts/onedrive-upload-backup/index.html | 11 +-- posts/openrc-podman-kube-play/index.html | 11 +-- posts/page/1/index.html | 3 +- posts/page/2/index.html | 20 +++-- posts/page/3/index.html | 16 ++-- posts/podman-multiple-networks/index.html | 15 ++-- .../index.html | 11 +-- posts/reduce-pdf-file-size-2/index.html | 15 ++-- posts/reduce-pdf-file-size/index.html | 15 ++-- .../index.html | 15 ++-- .../index.html | 15 ++-- .../index.html | 9 +- posts/usb-boot-raspberry-pi/index.html | 15 ++-- privacy-policy/index.html | 13 +-- tags/api/index.html | 10 ++- tags/api/index.xml | 13 ++- tags/api/page/1/index.html | 3 +- tags/docker/index.html | 24 ++--- tags/docker/index.xml | 33 ++----- tags/docker/page/1/index.html | 3 +- tags/docker/page/2/index.html | 10 ++- tags/endonomdo/index.html | 8 +- tags/endonomdo/index.xml | 11 ++- tags/endonomdo/page/1/index.html | 3 +- tags/fhem/index.html | 8 +- tags/fhem/index.xml | 11 ++- tags/fhem/page/1/index.html | 3 +- tags/firewall/index.html | 8 +- tags/firewall/index.xml | 11 ++- tags/firewall/page/1/index.html | 3 +- tags/github/index.html | 10 ++- tags/github/index.xml | 13 ++- tags/github/page/1/index.html | 3 +- tags/google/index.html | 10 ++- tags/google/index.xml | 11 ++- tags/google/page/1/index.html | 3 +- tags/homeautomation/index.html | 8 +- tags/homeautomation/index.xml | 11 ++- tags/homeautomation/page/1/index.html | 3 +- tags/index.html | 6 +- tags/index.xml | 89 +++++-------------- tags/ipv6/index.html | 8 +- tags/ipv6/index.xml | 11 ++- tags/ipv6/page/1/index.html | 3 +- tags/kubernetes/index.html | 8 +- tags/kubernetes/index.xml | 11 ++- tags/kubernetes/page/1/index.html | 3 +- tags/letsencrypt/index.html | 10 ++- tags/letsencrypt/index.xml | 11 ++- tags/letsencrypt/page/1/index.html | 3 +- tags/linux/index.html | 20 +++-- tags/linux/index.xml | 23 ++--- tags/linux/page/1/index.html | 3 +- tags/macos/index.html | 14 +-- tags/macos/index.xml | 17 ++-- tags/macos/page/1/index.html | 3 +- tags/nginx/index.html | 10 ++- tags/nginx/index.xml | 11 ++- tags/nginx/page/1/index.html | 3 +- tags/onedrive/index.html | 10 ++- tags/onedrive/index.xml | 13 ++- tags/onedrive/page/1/index.html | 3 +- tags/openhab/index.html | 8 +- tags/openhab/index.xml | 11 ++- tags/openhab/page/1/index.html | 3 +- tags/proxy/index.html | 10 ++- tags/proxy/index.xml | 11 ++- tags/proxy/page/1/index.html | 3 +- tags/raspberrypi/index.html | 10 ++- tags/raspberrypi/index.xml | 13 ++- tags/raspberrypi/page/1/index.html | 3 +- tags/sonicwall/index.html | 8 +- tags/sonicwall/index.xml | 11 ++- tags/sonicwall/page/1/index.html | 3 +- tags/tool/index.html | 14 +-- tags/tool/index.xml | 19 ++-- tags/tool/page/1/index.html | 3 +- tags/wordpress/index.html | 10 ++- tags/wordpress/index.xml | 11 ++- tags/wordpress/page/1/index.html | 3 +- 129 files changed, 644 insertions(+), 778 deletions(-) delete mode 100644 assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css create mode 100644 assets/css/stylesheet.c1721e45d1e5db247de8596056f5101a1dffdd888f59d5001629341f526dc65d.css delete mode 100644 assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js diff --git a/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html b/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html index bd0ea2d..d779fc8 100644 --- a/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/2012/08/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ \ No newline at end of file +https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ + \ No newline at end of file diff --git a/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html b/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html index ab784bc..66c582d 100644 --- a/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html +++ b/2012/11/how-to-reduce-pdf-file-size-in-linux/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/reduce-pdf-file-size/ \ No newline at end of file +https://virtualzone.de/posts/reduce-pdf-file-size/ + \ No newline at end of file diff --git a/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html b/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html index f19d7c2..56ccd65 100644 --- a/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html +++ b/2014/11/how-to-enable-ipv6-on-a-sonicwall-sonicos-5-9-using-nat/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/ipv6-on-a-sonicwall/ \ No newline at end of file +https://virtualzone.de/posts/ipv6-on-a-sonicwall/ + \ No newline at end of file diff --git a/2015/08/how-to-reduce-pdf-file-size-part-2/index.html b/2015/08/how-to-reduce-pdf-file-size-part-2/index.html index 3aa7dab..5c87acb 100644 --- a/2015/08/how-to-reduce-pdf-file-size-part-2/index.html +++ b/2015/08/how-to-reduce-pdf-file-size-part-2/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/reduce-pdf-file-size-2/ \ No newline at end of file +https://virtualzone.de/posts/reduce-pdf-file-size-2/ + \ No newline at end of file diff --git a/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html b/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html index 5522e3e..57df040 100644 --- a/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/2016/08/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ \ No newline at end of file +https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ + \ No newline at end of file diff --git a/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html index f5fe926..e0775ff 100644 --- a/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html +++ b/2016/08/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ \ No newline at end of file +https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ + \ No newline at end of file diff --git a/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html b/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html index d4d2ff3..e825bd3 100644 --- a/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html +++ b/2016/08/how-to-set-up-https-ssl-in-wordpress-behind-proxy-nginx-haproxy-apache-lighttpd/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ \ No newline at end of file +https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ + \ No newline at end of file diff --git a/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html b/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html index e1ef468..6519586 100644 --- a/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html +++ b/2016/09/uptimerobot-a-nice-free-website-monitoring-service/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/uptime-robot-website-monitoring/ \ No newline at end of file +https://virtualzone.de/posts/uptime-robot-website-monitoring/ + \ No newline at end of file diff --git a/2016/12/creating-an-encrypted-file-container-on-macos/index.html b/2016/12/creating-an-encrypted-file-container-on-macos/index.html index c34cc08..26b154d 100644 --- a/2016/12/creating-an-encrypted-file-container-on-macos/index.html +++ b/2016/12/creating-an-encrypted-file-container-on-macos/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/encrypted-file-container-macos/ \ No newline at end of file +https://virtualzone.de/posts/encrypted-file-container-macos/ + \ No newline at end of file diff --git a/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html index 44cba25..b0c3643 100644 --- a/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html +++ b/2017/02/using-lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ \ No newline at end of file +https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ + \ No newline at end of file diff --git a/2017/06/how-to-let-jenkins-build-docker-images/index.html b/2017/06/how-to-let-jenkins-build-docker-images/index.html index c710b64..7803fcb 100644 --- a/2017/06/how-to-let-jenkins-build-docker-images/index.html +++ b/2017/06/how-to-let-jenkins-build-docker-images/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/jenkins-build-docker-images/ \ No newline at end of file +https://virtualzone.de/posts/jenkins-build-docker-images/ + \ No newline at end of file diff --git a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html index 9f2c117..803fd35 100644 --- a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html +++ b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/multi-arch-docker-images-1/ \ No newline at end of file +https://virtualzone.de/posts/multi-arch-docker-images-1/ + \ No newline at end of file diff --git a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html index 494a7e2..7bcae50 100644 --- a/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html +++ b/2020/05/multi-arch-images-mit-docker-hub-bauen-teil-2/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/multi-arch-docker-images-2/ \ No newline at end of file +https://virtualzone.de/posts/multi-arch-docker-images-2/ + \ No newline at end of file diff --git a/2020/05/nativer-usb-boot-raspberry-pi-4/index.html b/2020/05/nativer-usb-boot-raspberry-pi-4/index.html index 11aa71d..8054ced 100644 --- a/2020/05/nativer-usb-boot-raspberry-pi-4/index.html +++ b/2020/05/nativer-usb-boot-raspberry-pi-4/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/usb-boot-raspberry-pi/ \ No newline at end of file +https://virtualzone.de/posts/usb-boot-raspberry-pi/ + \ No newline at end of file diff --git a/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html b/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html index 3241351..b238769 100644 --- a/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html +++ b/2020/06/raspberry-pi-os-64-bit-lite-desktop-pakete-entfernen/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ \ No newline at end of file +https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ + \ No newline at end of file diff --git a/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html b/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html index 55d2273..8428365 100644 --- a/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html +++ b/2020/06/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ \ No newline at end of file +https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ + \ No newline at end of file diff --git a/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html b/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html index 1ce55b3..c26ac4b 100644 --- a/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html +++ b/2020/06/trainings-gpx-datei-endomondo-exportieren/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/endomono-export-gpx/ \ No newline at end of file +https://virtualzone.de/posts/endomono-export-gpx/ + \ No newline at end of file diff --git a/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html index 6c04a0a..a5606f3 100644 --- a/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html +++ b/2021/08/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ \ No newline at end of file +https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ + \ No newline at end of file diff --git a/2021/09/back-up-server-to-onedrives-special-app-folder/index.html b/2021/09/back-up-server-to-onedrives-special-app-folder/index.html index bf57dd0..086f573 100644 --- a/2021/09/back-up-server-to-onedrives-special-app-folder/index.html +++ b/2021/09/back-up-server-to-onedrives-special-app-folder/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/onedrive-upload-backup/ \ No newline at end of file +https://virtualzone.de/posts/onedrive-upload-backup/ + \ No newline at end of file diff --git a/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html b/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html index 5183fdf..f86a2a8 100644 --- a/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html +++ b/2021/09/setting-up-a-kubernetes-cluster-with-k3s-glusterfs-and-load-balancing/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/k3s-glusterfs/ \ No newline at end of file +https://virtualzone.de/posts/k3s-glusterfs/ + \ No newline at end of file diff --git a/404.html b/404.html index 5125613..eeffd09 100644 --- a/404.html +++ b/404.html @@ -1,4 +1,6 @@ -404 Page not found | Virtualzone Blog
                                                404
                                                © 2023 Heiner Beck. +404 Page not found | Virtualzone Blog +
                                                404
                                                \ No newline at end of file + PaperMod
                                                + \ No newline at end of file diff --git a/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css b/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css deleted file mode 100644 index ff687d7..0000000 --- a/assets/css/stylesheet.8e75902acd077cca09ede8ff7ab16251b777ddd288ea022ed111e17641315b10.css +++ /dev/null @@ -1,7 +0,0 @@ -/* - PaperMod v6 - License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE - Copyright (c) 2020 nanxiaobei and adityatelange - Copyright (c) 2021-2022 adityatelange -*/ -:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--hljs-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--hljs-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img,.logo a svg{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons{padding:12px 0}.social-icons a:not(:last-of-type){margin-inline-end:12px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-cover,.entry-isdraft{font-size:14px;color:var(--secondary)}.entry-cover{margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px;box-decoration-break:clone;-webkit-box-decoration-break:clone}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:none;background:linear-gradient(to right,var(--primary) 100%,transparent 0)0/1px 1px repeat-x}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:32px}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:12px 8px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{font-size:14px;text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--hljs-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:block;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--hljs-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-tags li{display:inline-block;margin-inline-end:3px;margin-bottom:5px}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding-inline-start:14px;padding-inline-end:14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{margin:14px 0;padding-inline-start:var(--radius);display:flex;justify-content:center;overflow-x:auto}.share-buttons a{margin-top:10px}.share-buttons a:not(:last-of-type){margin-inline-end:12px}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{margin:10px 0;display:flex;line-height:30px;border-radius:var(--radius)}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}img.in-text{display:inline;margin:auto}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner h1{padding:12px 0}.profile img{display:inline-table;border-radius:50%}.buttons{flex-wrap:wrap;max-width:400px;margin:0 auto}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.hljs-comment,.hljs-quote{color:#b6b18b}.hljs-deletion,.hljs-name,.hljs-regexp,.hljs-selector-class,.hljs-selector-id,.hljs-tag,.hljs-template-variable,.hljs-variable{color:#eb3c54}.hljs-built_in,.hljs-builtin-name,.hljs-link,.hljs-literal,.hljs-meta,.hljs-number,.hljs-params,.hljs-type{color:#e7ce56}.hljs-attribute{color:#ee7c2b}.hljs-addition,.hljs-bullet,.hljs-string,.hljs-symbol{color:#4fb4d7}.hljs-section,.hljs-title{color:#78bb65}.hljs-keyword,.hljs-selector-tag{color:#b45ea4}.hljs{display:block;overflow-x:auto;background:#1c1d21;color:#c0c5ce;padding:.5em}.hljs-emphasis{font-style:italic}.hljs-strong{font-weight:700}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--hljs-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}} \ No newline at end of file diff --git a/assets/css/stylesheet.c1721e45d1e5db247de8596056f5101a1dffdd888f59d5001629341f526dc65d.css b/assets/css/stylesheet.c1721e45d1e5db247de8596056f5101a1dffdd888f59d5001629341f526dc65d.css new file mode 100644 index 0000000..e207fef --- /dev/null +++ b/assets/css/stylesheet.c1721e45d1e5db247de8596056f5101a1dffdd888f59d5001629341f526dc65d.css @@ -0,0 +1,7 @@ +/* + PaperMod v7 + License: MIT https://github.com/adityatelange/hugo-PaperMod/blob/master/LICENSE + Copyright (c) 2020 nanxiaobei and adityatelange + Copyright (c) 2021-2024 adityatelange +*/ +:root{--gap:24px;--content-gap:20px;--nav-width:1024px;--main-width:720px;--header-height:60px;--footer-height:60px;--radius:8px;--theme:rgb(255, 255, 255);--entry:rgb(255, 255, 255);--primary:rgb(30, 30, 30);--secondary:rgb(108, 108, 108);--tertiary:rgb(214, 214, 214);--content:rgb(31, 31, 31);--code-block-bg:rgb(28, 29, 33);--code-bg:rgb(245, 245, 245);--border:rgb(238, 238, 238)}.dark{--theme:rgb(29, 30, 32);--entry:rgb(46, 46, 51);--primary:rgb(218, 218, 219);--secondary:rgb(155, 156, 157);--tertiary:rgb(65, 66, 68);--content:rgb(196, 196, 197);--code-block-bg:rgb(46, 46, 51);--code-bg:rgb(55, 56, 62);--border:rgb(51, 51, 51)}.list{background:var(--code-bg)}.dark.list{background:var(--theme)}*,::after,::before{box-sizing:border-box}html{-webkit-tap-highlight-color:transparent;overflow-y:scroll;-webkit-text-size-adjust:100%;text-size-adjust:100%}a,button,body,h1,h2,h3,h4,h5,h6{color:var(--primary)}body{font-family:-apple-system,BlinkMacSystemFont,segoe ui,Roboto,Oxygen,Ubuntu,Cantarell,open sans,helvetica neue,sans-serif;font-size:18px;line-height:1.6;word-break:break-word;background:var(--theme)}article,aside,figcaption,figure,footer,header,hgroup,main,nav,section,table{display:block}h1,h2,h3,h4,h5,h6{line-height:1.2}h1,h2,h3,h4,h5,h6,p{margin-top:0;margin-bottom:0}ul{padding:0}a{text-decoration:none}body,figure,ul{margin:0}table{width:100%;border-collapse:collapse;border-spacing:0;overflow-x:auto;word-break:keep-all}button,input,textarea{padding:0;font:inherit;background:0 0;border:0}input,textarea{outline:0}button,input[type=button],input[type=submit]{cursor:pointer}input:-webkit-autofill,textarea:-webkit-autofill{box-shadow:0 0 0 50px var(--theme)inset}img{display:block;max-width:100%}.not-found{position:absolute;left:0;right:0;display:flex;align-items:center;justify-content:center;height:80%;font-size:160px;font-weight:700}.archive-posts{width:100%;font-size:16px}.archive-year{margin-top:40px}.archive-year:not(:last-of-type){border-bottom:2px solid var(--border)}.archive-month{display:flex;align-items:flex-start;padding:10px 0}.archive-month-header{margin:25px 0;width:200px}.archive-month:not(:last-of-type){border-bottom:1px solid var(--border)}.archive-entry{position:relative;padding:5px;margin:10px 0}.archive-entry-title{margin:5px 0;font-weight:400}.archive-count,.archive-meta{color:var(--secondary);font-size:14px}.footer,.top-link{font-size:12px;color:var(--secondary)}.footer{max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:calc((var(--footer-height) - var(--gap))/2)var(--gap);text-align:center;line-height:24px}.footer span{margin-inline-start:1px;margin-inline-end:1px}.footer span:last-child{white-space:nowrap}.footer a{color:inherit;border-bottom:1px solid var(--secondary)}.footer a:hover{border-bottom:1px solid var(--primary)}.top-link{visibility:hidden;position:fixed;bottom:60px;right:30px;z-index:99;background:var(--tertiary);width:42px;height:42px;padding:12px;border-radius:64px;transition:visibility .5s,opacity .8s linear}.top-link,.top-link svg{filter:drop-shadow(0 0 0 var(--theme))}.footer a:hover,.top-link:hover{color:var(--primary)}.top-link:focus,#theme-toggle:focus{outline:0}.nav{display:flex;flex-wrap:wrap;justify-content:space-between;max-width:calc(var(--nav-width) + var(--gap) * 2);margin-inline-start:auto;margin-inline-end:auto;line-height:var(--header-height)}.nav a{display:block}.logo,#menu{display:flex;margin:auto var(--gap)}.logo{flex-wrap:inherit}.logo a{font-size:24px;font-weight:700}.logo a img,.logo a svg{display:inline;vertical-align:middle;pointer-events:none;transform:translate(0,-10%);border-radius:6px;margin-inline-end:8px}button#theme-toggle{font-size:26px;margin:auto 4px}body.dark #moon{vertical-align:middle;display:none}body:not(.dark) #sun{display:none}#menu{list-style:none;word-break:keep-all;overflow-x:auto;white-space:nowrap}#menu li+li{margin-inline-start:var(--gap)}#menu a{font-size:16px}#menu .active{font-weight:500;border-bottom:2px solid}.lang-switch li,.lang-switch ul,.logo-switches{display:inline-flex;margin:auto 4px}.lang-switch{display:flex;flex-wrap:inherit}.lang-switch a{margin:auto 3px;font-size:16px;font-weight:500}.logo-switches{flex-wrap:inherit}.main{position:relative;min-height:calc(100vh - var(--header-height) - var(--footer-height));max-width:calc(var(--main-width) + var(--gap) * 2);margin:auto;padding:var(--gap)}.page-header h1{font-size:40px}.pagination{display:flex}.pagination a{color:var(--theme);font-size:13px;line-height:36px;background:var(--primary);border-radius:calc(36px/2);padding:0 16px}.pagination .next{margin-inline-start:auto}.social-icons a{display:inline-flex;padding:10px}.social-icons a svg{height:26px;width:26px}code{direction:ltr}div.highlight,pre{position:relative}.copy-code{display:none;position:absolute;top:4px;right:4px;color:rgba(255,255,255,.8);background:rgba(78,78,78,.8);border-radius:var(--radius);padding:0 5px;font-size:14px;user-select:none}div.highlight:hover .copy-code,pre:hover .copy-code{display:block}.first-entry{position:relative;display:flex;flex-direction:column;justify-content:center;min-height:320px;margin:var(--gap)0 calc(var(--gap) * 2)}.first-entry .entry-header{overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:3}.first-entry .entry-header h1{font-size:34px;line-height:1.3}.first-entry .entry-content{margin:14px 0;font-size:16px;-webkit-line-clamp:3}.first-entry .entry-footer{font-size:14px}.home-info .entry-content{-webkit-line-clamp:unset}.post-entry{position:relative;margin-bottom:var(--gap);padding:var(--gap);background:var(--entry);border-radius:var(--radius);transition:transform .1s;border:1px solid var(--border)}.post-entry:active{transform:scale(.96)}.tag-entry .entry-cover{display:none}.entry-header h2{font-size:24px;line-height:1.3}.entry-content{margin:8px 0;color:var(--secondary);font-size:14px;line-height:1.6;overflow:hidden;display:-webkit-box;-webkit-box-orient:vertical;-webkit-line-clamp:2}.entry-footer{color:var(--secondary);font-size:13px}.entry-link{position:absolute;left:0;right:0;top:0;bottom:0}.entry-hint{color:var(--secondary)}.entry-hint-parent{display:flex;justify-content:space-between}.entry-cover{font-size:14px;margin-bottom:var(--gap);text-align:center}.entry-cover img{border-radius:var(--radius);pointer-events:none;width:100%;height:auto}.entry-cover a{color:var(--secondary);box-shadow:0 1px 0 var(--primary)}.page-header,.post-header{margin:24px auto var(--content-gap)}.post-title{margin-bottom:2px;font-size:40px}.post-description{margin-top:10px;margin-bottom:5px}.post-meta,.breadcrumbs{color:var(--secondary);font-size:14px;display:flex;flex-wrap:wrap}.post-meta .i18n_list li{display:inline-flex;list-style:none;margin:auto 3px;box-shadow:0 1px 0 var(--secondary)}.breadcrumbs a{font-size:16px}.post-content{color:var(--content)}.post-content h3,.post-content h4,.post-content h5,.post-content h6{margin:24px 0 16px}.post-content h1{margin:40px auto 32px;font-size:40px}.post-content h2{margin:32px auto 24px;font-size:32px}.post-content h3{font-size:24px}.post-content h4{font-size:16px}.post-content h5{font-size:14px}.post-content h6{font-size:12px}.post-content a,.toc a:hover{box-shadow:0 1px;box-decoration-break:clone;-webkit-box-decoration-break:clone}.post-content a code{margin:auto 0;border-radius:0;box-shadow:0 -1px 0 var(--primary)inset}.post-content del{text-decoration:line-through}.post-content dl,.post-content ol,.post-content p,.post-content figure,.post-content ul{margin-bottom:var(--content-gap)}.post-content ol,.post-content ul{padding-inline-start:20px}.post-content li{margin-top:5px}.post-content li p{margin-bottom:0}.post-content dl{display:flex;flex-wrap:wrap;margin:0}.post-content dt{width:25%;font-weight:700}.post-content dd{width:75%;margin-inline-start:0;padding-inline-start:10px}.post-content dd~dd,.post-content dt~dt{margin-top:10px}.post-content table{margin-bottom:var(--content-gap)}.post-content table th,.post-content table:not(.highlighttable,.highlight table,.gist .highlight) td{min-width:80px;padding:8px 5px;line-height:1.5;border-bottom:1px solid var(--border)}.post-content table th{text-align:start}.post-content table:not(.highlighttable) td code:only-child{margin:auto 0}.post-content .highlight table{border-radius:var(--radius)}.post-content .highlight:not(table){margin:10px auto;background:var(--code-block-bg)!important;border-radius:var(--radius);direction:ltr}.post-content li>.highlight{margin-inline-end:0}.post-content ul pre{margin-inline-start:calc(var(--gap) * -2)}.post-content .highlight pre{margin:0}.post-content .highlighttable{table-layout:fixed}.post-content .highlighttable td:first-child{width:40px}.post-content .highlighttable td .linenodiv{padding-inline-end:0!important}.post-content .highlighttable td .highlight,.post-content .highlighttable td .linenodiv pre{margin-bottom:0}.post-content code{margin:auto 4px;padding:4px 6px;font-size:.78em;line-height:1.5;background:var(--code-bg);border-radius:2px}.post-content pre code{display:grid;margin:auto 0;padding:10px;color:#d5d5d6;background:var(--code-block-bg)!important;border-radius:var(--radius);overflow-x:auto;word-break:break-all}.post-content blockquote{margin:20px 0;padding:0 14px;border-inline-start:3px solid var(--primary)}.post-content hr{margin:30px 0;height:2px;background:var(--tertiary);border:0}.post-content iframe{max-width:100%}.post-content img{border-radius:4px;margin:1rem 0}.post-content img[src*="#center"]{margin:1rem auto}.post-content figure.align-center{text-align:center}.post-content figure>figcaption{color:var(--primary);font-size:16px;font-weight:700;margin:8px 0 16px}.post-content figure>figcaption>p{color:var(--secondary);font-size:14px;font-weight:400}.toc{margin:0 2px 40px;border:1px solid var(--border);background:var(--code-bg);border-radius:var(--radius);padding:.4em}.dark .toc{background:var(--entry)}.toc details summary{cursor:zoom-in;margin-inline-start:20px}.toc details[open] summary{cursor:zoom-out}.toc .details{display:inline;font-weight:500}.toc .inner{margin:0 20px;padding:10px 20px}.toc li ul{margin-inline-start:var(--gap)}.toc summary:focus{outline:0}.post-footer{margin-top:56px}.post-footer>*{margin-bottom:10px}.post-tags{display:flex;flex-wrap:wrap;gap:10px}.post-tags li{display:inline-block}.post-tags a,.share-buttons,.paginav{border-radius:var(--radius);background:var(--code-bg);border:1px solid var(--border)}.post-tags a{display:block;padding:0 14px;color:var(--secondary);font-size:14px;line-height:34px;background:var(--code-bg)}.post-tags a:hover,.paginav a:hover{background:var(--border)}.share-buttons{padding:10px;display:flex;justify-content:center;overflow-x:auto;gap:10px}.share-buttons li,.share-buttons a{display:inline-flex}.share-buttons a:not(:last-of-type){margin-inline-end:12px}h1:hover .anchor,h2:hover .anchor,h3:hover .anchor,h4:hover .anchor,h5:hover .anchor,h6:hover .anchor{display:inline-flex;color:var(--secondary);margin-inline-start:8px;font-weight:500;user-select:none}.paginav{display:flex;line-height:30px}.paginav a{padding-inline-start:14px;padding-inline-end:14px;border-radius:var(--radius)}.paginav .title{letter-spacing:1px;text-transform:uppercase;font-size:small;color:var(--secondary)}.paginav .prev,.paginav .next{width:50%}.paginav span:hover:not(.title){box-shadow:0 1px}.paginav .next{margin-inline-start:auto;text-align:right}[dir=rtl] .paginav .next{text-align:left}h1>a>svg{display:inline}img.in-text{display:inline;margin:auto}.buttons,.main .profile{display:flex;justify-content:center}.main .profile{align-items:center;min-height:calc(100vh - var(--header-height) - var(--footer-height) - (var(--gap) * 2));text-align:center}.profile .profile_inner{display:flex;flex-direction:column;align-items:center;gap:10px}.profile img{border-radius:50%}.buttons{flex-wrap:wrap;max-width:400px}.button{background:var(--tertiary);border-radius:var(--radius);margin:8px;padding:6px;transition:transform .1s}.button-inner{padding:0 8px}.button:active{transform:scale(.96)}#searchbox input{padding:4px 10px;width:100%;color:var(--primary);font-weight:700;border:2px solid var(--tertiary);border-radius:var(--radius)}#searchbox input:focus{border-color:var(--secondary)}#searchResults li{list-style:none;border-radius:var(--radius);padding:10px;margin:10px 0;position:relative;font-weight:500}#searchResults{margin:10px 0;width:100%}#searchResults li:active{transition:transform .1s;transform:scale(.98)}#searchResults a{position:absolute;width:100%;height:100%;top:0;left:0;outline:none}#searchResults .focus{transform:scale(.98);border:2px solid var(--tertiary)}.terms-tags li{display:inline-block;margin:10px;font-weight:500}.terms-tags a{display:block;padding:3px 10px;background:var(--tertiary);border-radius:6px;transition:transform .1s}.terms-tags a:active{background:var(--tertiary);transform:scale(.96)}.bg{color:#cad3f5;background-color:#24273a}.chroma{color:#cad3f5;background-color:#24273a}.chroma .x{}.chroma .err{color:#ed8796}.chroma .cl{}.chroma .lnlinks{outline:none;text-decoration:none;color:inherit}.chroma .lntd{vertical-align:top;padding:0;margin:0;border:0}.chroma .lntable{border-spacing:0;padding:0;margin:0;border:0}.chroma .hl{background-color:#474733}.chroma .lnt{white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#8087a2}.chroma .ln{white-space:pre;-webkit-user-select:none;user-select:none;margin-right:.4em;padding:0 .4em;color:#8087a2}.chroma .line{display:flex}.chroma .k{color:#c6a0f6}.chroma .kc{color:#f5a97f}.chroma .kd{color:#ed8796}.chroma .kn{color:#8bd5ca}.chroma .kp{color:#c6a0f6}.chroma .kr{color:#c6a0f6}.chroma .kt{color:#ed8796}.chroma .n{}.chroma .na{color:#8aadf4}.chroma .nb{color:#91d7e3}.chroma .bp{color:#91d7e3}.chroma .nc{color:#eed49f}.chroma .no{color:#eed49f}.chroma .nd{color:#8aadf4;font-weight:700}.chroma .ni{color:#8bd5ca}.chroma .ne{color:#f5a97f}.chroma .nf{color:#8aadf4}.chroma .fm{color:#8aadf4}.chroma .nl{color:#91d7e3}.chroma .nn{color:#f5a97f}.chroma .nx{}.chroma .py{color:#f5a97f}.chroma .nt{color:#c6a0f6}.chroma .nv{color:#f4dbd6}.chroma .vc{color:#f4dbd6}.chroma .vg{color:#f4dbd6}.chroma .vi{color:#f4dbd6}.chroma .vm{color:#f4dbd6}.chroma .l{}.chroma .ld{}.chroma .s{color:#a6da95}.chroma .sa{color:#ed8796}.chroma .sb{color:#a6da95}.chroma .sc{color:#a6da95}.chroma .dl{color:#8aadf4}.chroma .sd{color:#6e738d}.chroma .s2{color:#a6da95}.chroma .se{color:#8aadf4}.chroma .sh{color:#6e738d}.chroma .si{color:#a6da95}.chroma .sx{color:#a6da95}.chroma .sr{color:#8bd5ca}.chroma .s1{color:#a6da95}.chroma .ss{color:#a6da95}.chroma .m{color:#f5a97f}.chroma .mb{color:#f5a97f}.chroma .mf{color:#f5a97f}.chroma .mh{color:#f5a97f}.chroma .mi{color:#f5a97f}.chroma .il{color:#f5a97f}.chroma .mo{color:#f5a97f}.chroma .o{color:#91d7e3;font-weight:700}.chroma .ow{color:#91d7e3;font-weight:700}.chroma .p{}.chroma .c{color:#6e738d;font-style:italic}.chroma .ch{color:#6e738d;font-style:italic}.chroma .cm{color:#6e738d;font-style:italic}.chroma .c1{color:#6e738d;font-style:italic}.chroma .cs{color:#6e738d;font-style:italic}.chroma .cp{color:#6e738d;font-style:italic}.chroma .cpf{color:#6e738d;font-weight:700;font-style:italic}.chroma .g{}.chroma .gd{color:#ed8796;background-color:#363a4f}.chroma .ge{font-style:italic}.chroma .gr{color:#ed8796}.chroma .gh{color:#f5a97f;font-weight:700}.chroma .gi{color:#a6da95;background-color:#363a4f}.chroma .go{}.chroma .gp{}.chroma .gs{font-weight:700}.chroma .gu{color:#f5a97f;font-weight:700}.chroma .gt{color:#ed8796}.chroma .gl{text-decoration:underline}.chroma .w{}.chroma{background-color:unset!important}.chroma .hl{display:flex}.chroma .lnt{padding:0 0 0 12px}.highlight pre.chroma code{padding:8px 0}.highlight pre.chroma .line .cl,.chroma .ln{padding:0 10px}.chroma .lntd:last-of-type{width:100%}::-webkit-scrollbar-track{background:0 0}.list:not(.dark)::-webkit-scrollbar-track{background:var(--code-bg)}::-webkit-scrollbar-thumb{background:var(--tertiary);border:5px solid var(--theme);border-radius:var(--radius)}.list:not(.dark)::-webkit-scrollbar-thumb{border:5px solid var(--code-bg)}::-webkit-scrollbar-thumb:hover{background:var(--secondary)}::-webkit-scrollbar:not(.highlighttable,.highlight table,.gist .highlight){background:var(--theme)}.post-content .highlighttable td .highlight pre code::-webkit-scrollbar{display:none}.post-content :not(table) ::-webkit-scrollbar-thumb{border:2px solid var(--code-block-bg);background:#717175}.post-content :not(table) ::-webkit-scrollbar-thumb:hover{background:#a3a3a5}.gist table::-webkit-scrollbar-thumb{border:2px solid #fff;background:#adadad}.gist table::-webkit-scrollbar-thumb:hover{background:#707070}.post-content table::-webkit-scrollbar-thumb{border-width:2px}@media screen and (min-width:768px){::-webkit-scrollbar{width:19px;height:11px}}@media screen and (max-width:768px){:root{--gap:14px}.profile img{transform:scale(.85)}.first-entry{min-height:260px}.archive-month{flex-direction:column}.archive-year{margin-top:20px}.footer{padding:calc((var(--footer-height) - var(--gap) - 10px)/2)var(--gap)}}@media screen and (max-width:900px){.list .top-link{transform:translateY(-5rem)}}@media screen and (max-width:340px){.share-buttons{justify-content:unset}}@media(prefers-reduced-motion){.terms-tags a:active,.button:active,.post-entry:active,.top-link,#searchResults .focus,#searchResults li:active{transform:none}}.post-entry-multi-row{display:flex;flex-direction:row;justify-content:space-between;align-items:stretch;gap:15px}.post-entry-multi-row>article.post-entry{flex-grow:1;flex-basis:33%;display:flex;flex-direction:column;justify-content:space-between}.entry-footer>svg{width:12px;margin-right:3px}article.post-entry>.cover-img{float:right;margin-left:10px;margin-bottom:10px}article.post-entry>.cover-img img.seatsurfing{object-fit:cover;width:300px;height:200px;object-position:left top}@media(max-width:720px){.post-entry-multi-row{display:block}article.post-entry>.cover-img{display:none}} \ No newline at end of file diff --git a/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js b/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js deleted file mode 100644 index 93a6f86..0000000 --- a/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js +++ /dev/null @@ -1,44 +0,0 @@ -/* - Highlight.js 10.2.1 (32fb9a1d) - License: BSD-3-Clause - Copyright (c) 2006-2020, Ivan Sagalaev -*/ -var hljs=function(){"use strict";function e(n){Object.freeze(n);var t="function"==typeof n;return Object.getOwnPropertyNames(n).forEach((function(r){!Object.hasOwnProperty.call(n,r)||null===n[r]||"object"!=typeof n[r]&&"function"!=typeof n[r]||t&&("caller"===r||"callee"===r||"arguments"===r)||Object.isFrozen(n[r])||e(n[r])})),n}class n{constructor(e){void 0===e.data&&(e.data={}),this.data=e.data}ignoreMatch(){this.ignore=!0}}function t(e){return e.replace(/&/g,"&").replace(//g,">").replace(/"/g,""").replace(/'/g,"'")}function r(e,...n){var t={};for(const n in e)t[n]=e[n];return n.forEach((function(e){for(const n in e)t[n]=e[n]})),t}function a(e){return e.nodeName.toLowerCase()}var i=Object.freeze({__proto__:null,escapeHTML:t,inherit:r,nodeStream:function(e){var n=[];return function e(t,r){for(var i=t.firstChild;i;i=i.nextSibling)3===i.nodeType?r+=i.nodeValue.length:1===i.nodeType&&(n.push({event:"start",offset:r,node:i}),r=e(i,r),a(i).match(/br|hr|img|input/)||n.push({event:"stop",offset:r,node:i}));return r}(e,0),n},mergeStreams:function(e,n,r){var i=0,s="",o=[];function l(){return e.length&&n.length?e[0].offset!==n[0].offset?e[0].offset"}function u(e){s+=""}function g(e){("start"===e.event?c:u)(e.node)}for(;e.length||n.length;){var d=l();if(s+=t(r.substring(i,d[0].offset)),i=d[0].offset,d===e){o.reverse().forEach(u);do{g(d.splice(0,1)[0]),d=l()}while(d===e&&d.length&&d[0].offset===i);o.reverse().forEach(c)}else"start"===d[0].event?o.push(d[0].node):o.pop(),g(d.splice(0,1)[0])}return s+t(r.substr(i))}});const s="",o=e=>!!e.kind;class l{constructor(e,n){this.buffer="",this.classPrefix=n.classPrefix,e.walk(this)}addText(e){this.buffer+=t(e)}openNode(e){if(!o(e))return;let n=e.kind;e.sublanguage||(n=`${this.classPrefix}${n}`),this.span(n)}closeNode(e){o(e)&&(this.buffer+=s)}value(){return this.buffer}span(e){this.buffer+=``}}class c{constructor(){this.rootNode={children:[]},this.stack=[this.rootNode]}get top(){return this.stack[this.stack.length-1]}get root(){return this.rootNode}add(e){this.top.children.push(e)}openNode(e){const n={kind:e,children:[]};this.add(n),this.stack.push(n)}closeNode(){if(this.stack.length>1)return this.stack.pop()}closeAllNodes(){for(;this.closeNode(););}toJSON(){return JSON.stringify(this.rootNode,null,4)}walk(e){return this.constructor._walk(e,this.rootNode)}static _walk(e,n){return"string"==typeof n?e.addText(n):n.children&&(e.openNode(n),n.children.forEach(n=>this._walk(e,n)),e.closeNode(n)),e}static _collapse(e){"string"!=typeof e&&e.children&&(e.children.every(e=>"string"==typeof e)?e.children=[e.children.join("")]:e.children.forEach(e=>{c._collapse(e)}))}}class u extends c{constructor(e){super(),this.options=e}addKeyword(e,n){""!==e&&(this.openNode(n),this.addText(e),this.closeNode())}addText(e){""!==e&&this.add(e)}addSublanguage(e,n){const t=e.root;t.kind=n,t.sublanguage=!0,this.add(t)}toHTML(){return new l(this,this.options).value()}finalize(){return!0}}function g(e){return e?"string"==typeof e?e:e.source:null}const d="(-?)(\\b0[xX][a-fA-F0-9]+|(\\b\\d+(\\.\\d*)?|\\.\\d+)([eE][-+]?\\d+)?)",h={begin:"\\\\[\\s\\S]",relevance:0},f={className:"string",begin:"'",end:"'",illegal:"\\n",contains:[h]},p={className:"string",begin:'"',end:'"',illegal:"\\n",contains:[h]},m={begin:/\b(a|an|the|are|I'm|isn't|don't|doesn't|won't|but|just|should|pretty|simply|enough|gonna|going|wtf|so|such|will|you|your|they|like|more)\b/},b=function(e,n,t={}){var a=r({className:"comment",begin:e,end:n,contains:[]},t);return a.contains.push(m),a.contains.push({className:"doctag",begin:"(?:TODO|FIXME|NOTE|BUG|OPTIMIZE|HACK|XXX):",relevance:0}),a},v=b("//","$"),x=b("/\\*","\\*/"),E=b("#","$");var _=Object.freeze({__proto__:null,IDENT_RE:"[a-zA-Z]\\w*",UNDERSCORE_IDENT_RE:"[a-zA-Z_]\\w*",NUMBER_RE:"\\b\\d+(\\.\\d+)?",C_NUMBER_RE:d,BINARY_NUMBER_RE:"\\b(0b[01]+)",RE_STARTERS_RE:"!|!=|!==|%|%=|&|&&|&=|\\*|\\*=|\\+|\\+=|,|-|-=|/=|/|:|;|<<|<<=|<=|<|===|==|=|>>>=|>>=|>=|>>>|>>|>|\\?|\\[|\\{|\\(|\\^|\\^=|\\||\\|=|\\|\\||~",SHEBANG:(e={})=>{const n=/^#![ ]*\//;return e.binary&&(e.begin=function(...e){return e.map(e=>g(e)).join("")}(n,/.*\b/,e.binary,/\b.*/)),r({className:"meta",begin:n,end:/$/,relevance:0,"on:begin":(e,n)=>{0!==e.index&&n.ignoreMatch()}},e)},BACKSLASH_ESCAPE:h,APOS_STRING_MODE:f,QUOTE_STRING_MODE:p,PHRASAL_WORDS_MODE:m,COMMENT:b,C_LINE_COMMENT_MODE:v,C_BLOCK_COMMENT_MODE:x,HASH_COMMENT_MODE:E,NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?",relevance:0},C_NUMBER_MODE:{className:"number",begin:d,relevance:0},BINARY_NUMBER_MODE:{className:"number",begin:"\\b(0b[01]+)",relevance:0},CSS_NUMBER_MODE:{className:"number",begin:"\\b\\d+(\\.\\d+)?(%|em|ex|ch|rem|vw|vh|vmin|vmax|cm|mm|in|pt|pc|px|deg|grad|rad|turn|s|ms|Hz|kHz|dpi|dpcm|dppx)?",relevance:0},REGEXP_MODE:{begin:/(?=\/[^/\n]*\/)/,contains:[{className:"regexp",begin:/\//,end:/\/[gimuy]*/,illegal:/\n/,contains:[h,{begin:/\[/,end:/\]/,relevance:0,contains:[h]}]}]},TITLE_MODE:{className:"title",begin:"[a-zA-Z]\\w*",relevance:0},UNDERSCORE_TITLE_MODE:{className:"title",begin:"[a-zA-Z_]\\w*",relevance:0},METHOD_GUARD:{begin:"\\.\\s*[a-zA-Z_]\\w*",relevance:0},END_SAME_AS_BEGIN:function(e){return Object.assign(e,{"on:begin":(e,n)=>{n.data._beginMatch=e[1]},"on:end":(e,n)=>{n.data._beginMatch!==e[1]&&n.ignoreMatch()}})}}),w="of and for in not or if then".split(" ");function N(e,n){return n?+n:function(e){return w.includes(e.toLowerCase())}(e)?0:1}const y={props:["language","code","autodetect"],data:function(){return{detectedLanguage:"",unknownLanguage:!1}},computed:{className(){return this.unknownLanguage?"":"hljs "+this.detectedLanguage},highlighted(){if(!this.autoDetect&&!hljs.getLanguage(this.language))return console.warn(`The language "${this.language}" you specified could not be found.`),this.unknownLanguage=!0,t(this.code);let e;return this.autoDetect?(e=hljs.highlightAuto(this.code),this.detectedLanguage=e.language):(e=hljs.highlight(this.language,this.code,this.ignoreIllegals),this.detectectLanguage=this.language),e.value},autoDetect(){return!(this.language&&(e=this.autodetect,!e&&""!==e));var e},ignoreIllegals:()=>!0},render(e){return e("pre",{},[e("code",{class:this.className,domProps:{innerHTML:this.highlighted}})])}},R={install(e){e.component("highlightjs",y)}},k=t,M=r,{nodeStream:O,mergeStreams:L}=i,A=Symbol("nomatch");return function(t){var a=[],i=Object.create(null),s=Object.create(null),o=[],l=!0,c=/(^(<[^>]+>|\t|)+|\n)/gm,d="Could not find the language '{}', did you forget to load/include a language module?";const h={disableAutodetect:!0,name:"Plain text",contains:[]};var f={noHighlightRe:/^(no-?highlight)$/i,languageDetectRe:/\blang(?:uage)?-([\w-]+)\b/i,classPrefix:"hljs-",tabReplace:null,useBR:!1,languages:null,__emitter:u};function p(e){return f.noHighlightRe.test(e)}function m(e,n,t,r){var a={code:n,language:e};j("before:highlight",a);var i=a.result?a.result:b(a.language,a.code,t,r);return i.code=a.code,j("after:highlight",i),i}function b(e,t,a,s){var o=t;function c(e,n){var t=E.case_insensitive?n[0].toLowerCase():n[0];return Object.prototype.hasOwnProperty.call(e.keywords,t)&&e.keywords[t]}function u(){null!=R.subLanguage?function(){if(""!==L){var e=null;if("string"==typeof R.subLanguage){if(!i[R.subLanguage])return void O.addText(L);e=b(R.subLanguage,L,!0,M[R.subLanguage]),M[R.subLanguage]=e.top}else e=v(L,R.subLanguage.length?R.subLanguage:null);R.relevance>0&&(I+=e.relevance),O.addSublanguage(e.emitter,e.language)}}():function(){if(!R.keywords)return void O.addText(L);let e=0;R.keywordPatternRe.lastIndex=0;let n=R.keywordPatternRe.exec(L),t="";for(;n;){t+=L.substring(e,n.index);const r=c(R,n);if(r){const[e,a]=r;O.addText(t),t="",I+=a,O.addKeyword(n[0],e)}else t+=n[0];e=R.keywordPatternRe.lastIndex,n=R.keywordPatternRe.exec(L)}t+=L.substr(e),O.addText(t)}(),L=""}function h(e){return e.className&&O.openNode(e.className),R=Object.create(e,{parent:{value:R}})}function p(e){return 0===R.matcher.regexIndex?(L+=e[0],1):(S=!0,0)}var m={};function x(t,r){var i=r&&r[0];if(L+=t,null==i)return u(),0;if("begin"===m.type&&"end"===r.type&&m.index===r.index&&""===i){if(L+=o.slice(r.index,r.index+1),!l){const n=Error("0 width match regex");throw n.languageName=e,n.badRule=m.rule,n}return 1}if(m=r,"begin"===r.type)return function(e){var t=e[0],r=e.rule;const a=new n(r),i=[r.__beforeBegin,r["on:begin"]];for(const n of i)if(n&&(n(e,a),a.ignore))return p(t);return r&&r.endSameAsBegin&&(r.endRe=RegExp(t.replace(/[-/\\^$*+?.()|[\]{}]/g,"\\$&"),"m")),r.skip?L+=t:(r.excludeBegin&&(L+=t),u(),r.returnBegin||r.excludeBegin||(L=t)),h(r),r.returnBegin?0:t.length}(r);if("illegal"===r.type&&!a){const e=Error('Illegal lexeme "'+i+'" for mode "'+(R.className||"")+'"');throw e.mode=R,e}if("end"===r.type){var s=function(e){var t=e[0],r=o.substr(e.index),a=function e(t,r,a){let i=function(e,n){var t=e&&e.exec(n);return t&&0===t.index}(t.endRe,a);if(i){if(t["on:end"]){const e=new n(t);t["on:end"](r,e),e.ignore&&(i=!1)}if(i){for(;t.endsParent&&t.parent;)t=t.parent;return t}}if(t.endsWithParent)return e(t.parent,r,a)}(R,e,r);if(!a)return A;var i=R;i.skip?L+=t:(i.returnEnd||i.excludeEnd||(L+=t),u(),i.excludeEnd&&(L=t));do{R.className&&O.closeNode(),R.skip||R.subLanguage||(I+=R.relevance),R=R.parent}while(R!==a.parent);return a.starts&&(a.endSameAsBegin&&(a.starts.endRe=a.endRe),h(a.starts)),i.returnEnd?0:t.length}(r);if(s!==A)return s}if("illegal"===r.type&&""===i)return 1;if(j>1e5&&j>3*r.index)throw Error("potential infinite loop, way more iterations than matches");return L+=i,i.length}var E=y(e);if(!E)throw console.error(d.replace("{}",e)),Error('Unknown language: "'+e+'"');var _=function(e){function n(n,t){return RegExp(g(n),"m"+(e.case_insensitive?"i":"")+(t?"g":""))}class t{constructor(){this.matchIndexes={},this.regexes=[],this.matchAt=1,this.position=0}addRule(e,n){n.position=this.position++,this.matchIndexes[this.matchAt]=n,this.regexes.push([n,e]),this.matchAt+=function(e){return RegExp(e.toString()+"|").exec("").length-1}(e)+1}compile(){0===this.regexes.length&&(this.exec=()=>null);const e=this.regexes.map(e=>e[1]);this.matcherRe=n(function(e,n="|"){for(var t=/\[(?:[^\\\]]|\\.)*\]|\(\??|\\([1-9][0-9]*)|\\./,r=0,a="",i=0;i0&&(a+=n),a+="(";o.length>0;){var l=t.exec(o);if(null==l){a+=o;break}a+=o.substring(0,l.index),o=o.substring(l.index+l[0].length),"\\"===l[0][0]&&l[1]?a+="\\"+(+l[1]+s):(a+=l[0],"("===l[0]&&r++)}a+=")"}return a}(e),!0),this.lastIndex=0}exec(e){this.matcherRe.lastIndex=this.lastIndex;const n=this.matcherRe.exec(e);if(!n)return null;const t=n.findIndex((e,n)=>n>0&&void 0!==e),r=this.matchIndexes[t];return n.splice(0,t),Object.assign(n,r)}}class a{constructor(){this.rules=[],this.multiRegexes=[],this.count=0,this.lastIndex=0,this.regexIndex=0}getMatcher(e){if(this.multiRegexes[e])return this.multiRegexes[e];const n=new t;return this.rules.slice(e).forEach(([e,t])=>n.addRule(e,t)),n.compile(),this.multiRegexes[e]=n,n}resumingScanAtSamePosition(){return 0!==this.regexIndex}considerAll(){this.regexIndex=0}addRule(e,n){this.rules.push([e,n]),"begin"===n.type&&this.count++}exec(e){const n=this.getMatcher(this.regexIndex);n.lastIndex=this.lastIndex;let t=n.exec(e);if(this.resumingScanAtSamePosition())if(t&&t.index===this.lastIndex);else{const n=this.getMatcher(0);n.lastIndex=this.lastIndex+1,t=n.exec(e)}return t&&(this.regexIndex+=t.position+1,this.regexIndex===this.count&&this.considerAll()),t}}function i(e,n){const t=e.input[e.index-1],r=e.input[e.index+e[0].length];"."!==t&&"."!==r||n.ignoreMatch()}if(e.contains&&e.contains.includes("self"))throw Error("ERR: contains `self` is not supported at the top-level of a language. See documentation.");return function t(s,o){const l=s;if(s.compiled)return l;s.compiled=!0,s.__beforeBegin=null,s.keywords=s.keywords||s.beginKeywords;let c=null;if("object"==typeof s.keywords&&(c=s.keywords.$pattern,delete s.keywords.$pattern),s.keywords&&(s.keywords=function(e,n){var t={};return"string"==typeof e?r("keyword",e):Object.keys(e).forEach((function(n){r(n,e[n])})),t;function r(e,r){n&&(r=r.toLowerCase()),r.split(" ").forEach((function(n){var r=n.split("|");t[r[0]]=[e,N(r[0],r[1])]}))}}(s.keywords,e.case_insensitive)),s.lexemes&&c)throw Error("ERR: Prefer `keywords.$pattern` to `mode.lexemes`, BOTH are not allowed. (see mode reference) ");return l.keywordPatternRe=n(s.lexemes||c||/\w+/,!0),o&&(s.beginKeywords&&(s.begin="\\b("+s.beginKeywords.split(" ").join("|")+")(?=\\b|\\s)",s.__beforeBegin=i),s.begin||(s.begin=/\B|\b/),l.beginRe=n(s.begin),s.endSameAsBegin&&(s.end=s.begin),s.end||s.endsWithParent||(s.end=/\B|\b/),s.end&&(l.endRe=n(s.end)),l.terminator_end=g(s.end)||"",s.endsWithParent&&o.terminator_end&&(l.terminator_end+=(s.end?"|":"")+o.terminator_end)),s.illegal&&(l.illegalRe=n(s.illegal)),void 0===s.relevance&&(s.relevance=1),s.contains||(s.contains=[]),s.contains=[].concat(...s.contains.map((function(e){return function(e){return e.variants&&!e.cached_variants&&(e.cached_variants=e.variants.map((function(n){return r(e,{variants:null},n)}))),e.cached_variants?e.cached_variants:function e(n){return!!n&&(n.endsWithParent||e(n.starts))}(e)?r(e,{starts:e.starts?r(e.starts):null}):Object.isFrozen(e)?r(e):e}("self"===e?s:e)}))),s.contains.forEach((function(e){t(e,l)})),s.starts&&t(s.starts,o),l.matcher=function(e){const n=new a;return e.contains.forEach(e=>n.addRule(e.begin,{rule:e,type:"begin"})),e.terminator_end&&n.addRule(e.terminator_end,{type:"end"}),e.illegal&&n.addRule(e.illegal,{type:"illegal"}),n}(l),l}(e)}(E),w="",R=s||_,M={},O=new f.__emitter(f);!function(){for(var e=[],n=R;n!==E;n=n.parent)n.className&&e.unshift(n.className);e.forEach(e=>O.openNode(e))}();var L="",I=0,T=0,j=0,S=!1;try{for(R.matcher.considerAll();;){j++,S?S=!1:R.matcher.considerAll(),R.matcher.lastIndex=T;const e=R.matcher.exec(o);if(!e)break;const n=x(o.substring(T,e.index),e);T=e.index+n}return x(o.substr(T)),O.closeAllNodes(),O.finalize(),w=O.toHTML(),{relevance:I,value:w,language:e,illegal:!1,emitter:O,top:R}}catch(n){if(n.message&&n.message.includes("Illegal"))return{illegal:!0,illegalBy:{msg:n.message,context:o.slice(T-100,T+100),mode:n.mode},sofar:w,relevance:0,value:k(o),emitter:O};if(l)return{illegal:!1,relevance:0,value:k(o),emitter:O,language:e,top:R,errorRaised:n};throw n}}function v(e,n){n=n||f.languages||Object.keys(i);var t=function(e){const n={relevance:0,emitter:new f.__emitter(f),value:k(e),illegal:!1,top:h};return n.emitter.addText(e),n}(e),r=t;return n.filter(y).filter(T).forEach((function(n){var a=b(n,e,!1);a.language=n,a.relevance>r.relevance&&(r=a),a.relevance>t.relevance&&(r=t,t=a)})),r.language&&(t.second_best=r),t}function x(e){return f.tabReplace||f.useBR?e.replace(c,e=>"\n"===e?f.useBR?"
                                                ":e:f.tabReplace?e.replace(/\t/g,f.tabReplace):e):e}function E(e){let n=null;const t=function(e){var n=e.className+" ";n+=e.parentNode?e.parentNode.className:"";const t=f.languageDetectRe.exec(n);if(t){var r=y(t[1]);return r||(console.warn(d.replace("{}",t[1])),console.warn("Falling back to no-highlight mode for this block.",e)),r?t[1]:"no-highlight"}return n.split(/\s+/).find(e=>p(e)||y(e))}(e);if(p(t))return;j("before:highlightBlock",{block:e,language:t}),f.useBR?(n=document.createElement("div")).innerHTML=e.innerHTML.replace(/\n/g,"").replace(//g,"\n"):n=e;const r=n.textContent,a=t?m(t,r,!0):v(r),i=O(n);if(i.length){const e=document.createElement("div");e.innerHTML=a.value,a.value=L(i,O(e),r)}a.value=x(a.value),j("after:highlightBlock",{block:e,result:a}),e.innerHTML=a.value,e.className=function(e,n,t){var r=n?s[n]:t,a=[e.trim()];return e.match(/\bhljs\b/)||a.push("hljs"),e.includes(r)||a.push(r),a.join(" ").trim()}(e.className,t,a.language),e.result={language:a.language,re:a.relevance,relavance:a.relevance},a.second_best&&(e.second_best={language:a.second_best.language,re:a.second_best.relevance,relavance:a.second_best.relevance})}const w=()=>{if(!w.called){w.called=!0;var e=document.querySelectorAll("pre code");a.forEach.call(e,E)}};function y(e){return e=(e||"").toLowerCase(),i[e]||i[s[e]]}function I(e,{languageName:n}){"string"==typeof e&&(e=[e]),e.forEach(e=>{s[e]=n})}function T(e){var n=y(e);return n&&!n.disableAutodetect}function j(e,n){var t=e;o.forEach((function(e){e[t]&&e[t](n)}))}Object.assign(t,{highlight:m,highlightAuto:v,fixMarkup:function(e){return console.warn("fixMarkup is deprecated and will be removed entirely in v11.0"),console.warn("Please see https://github.com/highlightjs/highlight.js/issues/2534"),x(e)},highlightBlock:E,configure:function(e){f=M(f,e)},initHighlighting:w,initHighlightingOnLoad:function(){window.addEventListener("DOMContentLoaded",w,!1)},registerLanguage:function(e,n){var r=null;try{r=n(t)}catch(n){if(console.error("Language definition for '{}' could not be registered.".replace("{}",e)),!l)throw n;console.error(n),r=h}r.name||(r.name=e),i[e]=r,r.rawDefinition=n.bind(null,t),r.aliases&&I(r.aliases,{languageName:e})},listLanguages:function(){return Object.keys(i)},getLanguage:y,registerAliases:I,requireLanguage:function(e){var n=y(e);if(n)return n;throw Error("The '{}' language is required, but not loaded.".replace("{}",e))},autoDetection:T,inherit:M,addPlugin:function(e){o.push(e)},vuePlugin:R}),t.debugMode=function(){l=!1},t.safeMode=function(){l=!0},t.versionString="10.2.1";for(const n in _)"object"==typeof _[n]&&e(_[n]);return Object.assign(t,_),t}({})}();"object"==typeof exports&&"undefined"!=typeof module&&(module.exports=hljs); -hljs.registerLanguage("apache",function(){"use strict";return function(e){var n={className:"number",begin:"\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?"};return{name:"Apache config",aliases:["apacheconf"],case_insensitive:!0,contains:[e.HASH_COMMENT_MODE,{className:"section",begin:"",contains:[n,{className:"number",begin:":\\d{1,5}"},e.inherit(e.QUOTE_STRING_MODE,{relevance:0})]},{className:"attribute",begin:/\w+/,relevance:0,keywords:{nomarkup:"order deny allow setenv rewriterule rewriteengine rewritecond documentroot sethandler errordocument loadmodule options header listen serverroot servername"},starts:{end:/$/,relevance:0,keywords:{literal:"on off all deny allow"},contains:[{className:"meta",begin:"\\s\\[",end:"\\]$"},{className:"variable",begin:"[\\$%]\\{",end:"\\}",contains:["self",{className:"number",begin:"[\\$%]\\d+"}]},n,{className:"number",begin:"\\d+"},e.QUOTE_STRING_MODE]}}],illegal:/\S/}}}()); -hljs.registerLanguage("bash",function(){"use strict";return function(e){const s={};Object.assign(s,{className:"variable",variants:[{begin:/\$[\w\d#@][\w\d_]*/},{begin:/\$\{/,end:/\}/,contains:[{begin:/:-/,contains:[s]}]}]});const t={className:"subst",begin:/\$\(/,end:/\)/,contains:[e.BACKSLASH_ESCAPE]},n={className:"string",begin:/"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,t]};t.contains.push(n);const a={begin:/\$\(\(/,end:/\)\)/,contains:[{begin:/\d+#[0-9a-f]+/,className:"number"},e.NUMBER_MODE,s]},i=e.SHEBANG({binary:"(fish|bash|zsh|sh|csh|ksh|tcsh|dash|scsh)",relevance:10}),c={className:"function",begin:/\w[\w\d_]*\s*\(\s*\)\s*\{/,returnBegin:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/\w[\w\d_]*/})],relevance:0};return{name:"Bash",aliases:["sh","zsh"],keywords:{$pattern:/\b-?[a-z\._-]+\b/,keyword:"if then else elif fi for while in do done case esac function",literal:"true false",built_in:"break cd continue eval exec exit export getopts hash pwd readonly return shift test times trap umask unset alias bind builtin caller command declare echo enable help let local logout mapfile printf read readarray source type typeset ulimit unalias set shopt autoload bg bindkey bye cap chdir clone comparguments compcall compctl compdescribe compfiles compgroups compquote comptags comptry compvalues dirs disable disown echotc echoti emulate fc fg float functions getcap getln history integer jobs kill limit log noglob popd print pushd pushln rehash sched setcap setopt stat suspend ttyctl unfunction unhash unlimit unsetopt vared wait whence where which zcompile zformat zftp zle zmodload zparseopts zprof zpty zregexparse zsocket zstyle ztcp",_:"-ne -eq -lt -gt -f -d -e -s -l -a"},contains:[i,e.SHEBANG(),c,a,e.HASH_COMMENT_MODE,n,{className:"",begin:/\\"/},{className:"string",begin:/'/,end:/'/},s]}}}()); -hljs.registerLanguage("c-like",function(){"use strict";return function(e){function t(e){return"(?:"+e+")?"}var n="(decltype\\(auto\\)|"+t("[a-zA-Z_]\\w*::")+"[a-zA-Z_]\\w*"+t("<.*?>")+")",r={className:"keyword",begin:"\\b[a-z\\d_]*_t\\b"},a={className:"string",variants:[{begin:'(u8?|U|L)?"',end:'"',illegal:"\\n",contains:[e.BACKSLASH_ESCAPE]},{begin:"(u8?|U|L)?'(\\\\(x[0-9A-Fa-f]{2}|u[0-9A-Fa-f]{4,8}|[0-7]{3}|\\S)|.)",end:"'",illegal:"."},e.END_SAME_AS_BEGIN({begin:/(?:u8?|U|L)?R"([^()\\ ]{0,16})\(/,end:/\)([^()\\ ]{0,16})"/})]},i={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},s={className:"meta",begin:/#\s*[a-z]+\b/,end:/$/,keywords:{"meta-keyword":"if else elif endif define undef warning error line pragma _Pragma ifdef ifndef include"},contains:[{begin:/\\\n/,relevance:0},e.inherit(a,{className:"meta-string"}),{className:"meta-string",begin:/<.*?>/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},o={className:"title",begin:t("[a-zA-Z_]\\w*::")+e.IDENT_RE,relevance:0},c=t("[a-zA-Z_]\\w*::")+e.IDENT_RE+"\\s*\\(",l={keyword:"int float while private char char8_t char16_t char32_t catch import module export virtual operator sizeof dynamic_cast|10 typedef const_cast|10 const for static_cast|10 union namespace unsigned long volatile static protected bool template mutable if public friend do goto auto void enum else break extern using asm case typeid wchar_t short reinterpret_cast|10 default double register explicit signed typename try this switch continue inline delete alignas alignof constexpr consteval constinit decltype concept co_await co_return co_yield requires noexcept static_assert thread_local restrict final override atomic_bool atomic_char atomic_schar atomic_uchar atomic_short atomic_ushort atomic_int atomic_uint atomic_long atomic_ulong atomic_llong atomic_ullong new throw return and and_eq bitand bitor compl not not_eq or or_eq xor xor_eq",built_in:"std string wstring cin cout cerr clog stdin stdout stderr stringstream istringstream ostringstream auto_ptr deque list queue stack vector map set pair bitset multiset multimap unordered_set unordered_map unordered_multiset unordered_multimap priority_queue make_pair array shared_ptr abort terminate abs acos asin atan2 atan calloc ceil cosh cos exit exp fabs floor fmod fprintf fputs free frexp fscanf future isalnum isalpha iscntrl isdigit isgraph islower isprint ispunct isspace isupper isxdigit tolower toupper labs ldexp log10 log malloc realloc memchr memcmp memcpy memset modf pow printf putchar puts scanf sinh sin snprintf sprintf sqrt sscanf strcat strchr strcmp strcpy strcspn strlen strncat strncmp strncpy strpbrk strrchr strspn strstr tanh tan vfprintf vprintf vsprintf endl initializer_list unique_ptr _Bool complex _Complex imaginary _Imaginary",literal:"true false nullptr NULL"},d=[r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,i,a],_={variants:[{begin:/=/,end:/;/},{begin:/\(/,end:/\)/},{beginKeywords:"new throw return else",end:/;/}],keywords:l,contains:d.concat([{begin:/\(/,end:/\)/,keywords:l,contains:d.concat(["self"]),relevance:0}]),relevance:0},u={className:"function",begin:"("+n+"[\\*&\\s]+)+"+c,returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:l,illegal:/[^\w\s\*&:<>]/,contains:[{begin:"decltype\\(auto\\)",keywords:l,relevance:0},{begin:c,returnBegin:!0,contains:[o],relevance:0},{className:"params",begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,i,r,{begin:/\(/,end:/\)/,keywords:l,relevance:0,contains:["self",e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,a,i,r]}]},r,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,s]};return{aliases:["c","cc","h","c++","h++","hpp","hh","hxx","cxx"],keywords:l,disableAutodetect:!0,illegal:"",keywords:l,contains:["self",r]},{begin:e.IDENT_RE+"::",keywords:l},{className:"class",beginKeywords:"class struct",end:/[{;:]/,contains:[{begin://,contains:["self"]},e.TITLE_MODE]}]),exports:{preprocessor:s,strings:a,keywords:l}}}}()); -hljs.registerLanguage("c",function(){"use strict";return function(e){var n=e.requireLanguage("c-like").rawDefinition();return n.name="C",n.aliases=["c","h"],n}}()); -hljs.registerLanguage("coffeescript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);return function(r){var t={keyword:e.concat(["then","unless","until","loop","by","when","and","or","is","isnt","not"]).filter((e=>n=>!e.includes(n))(["var","const","let","function","static"])).join(" "),literal:n.concat(["yes","no","on","off"]).join(" "),built_in:a.concat(["npm","print"]).join(" ")},i="[A-Za-z$_][0-9A-Za-z$_]*",s={className:"subst",begin:/#\{/,end:/}/,keywords:t},o=[r.BINARY_NUMBER_MODE,r.inherit(r.C_NUMBER_MODE,{starts:{end:"(\\s*/)?",relevance:0}}),{className:"string",variants:[{begin:/'''/,end:/'''/,contains:[r.BACKSLASH_ESCAPE]},{begin:/'/,end:/'/,contains:[r.BACKSLASH_ESCAPE]},{begin:/"""/,end:/"""/,contains:[r.BACKSLASH_ESCAPE,s]},{begin:/"/,end:/"/,contains:[r.BACKSLASH_ESCAPE,s]}]},{className:"regexp",variants:[{begin:"///",end:"///",contains:[s,r.HASH_COMMENT_MODE]},{begin:"//[gim]{0,3}(?=\\W)",relevance:0},{begin:/\/(?![ *]).*?(?![\\]).\/[gim]{0,3}(?=\W)/}]},{begin:"@"+i},{subLanguage:"javascript",excludeBegin:!0,excludeEnd:!0,variants:[{begin:"```",end:"```"},{begin:"`",end:"`"}]}];s.contains=o;var c=r.inherit(r.TITLE_MODE,{begin:i}),l={className:"params",begin:"\\([^\\(]",returnBegin:!0,contains:[{begin:/\(/,end:/\)/,keywords:t,contains:["self"].concat(o)}]};return{name:"CoffeeScript",aliases:["coffee","cson","iced"],keywords:t,illegal:/\/\*/,contains:o.concat([r.COMMENT("###","###"),r.HASH_COMMENT_MODE,{className:"function",begin:"^\\s*"+i+"\\s*=\\s*(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[c,l]},{begin:/[:\(,=]\s*/,relevance:0,contains:[{className:"function",begin:"(\\(.*\\))?\\s*\\B[-=]>",end:"[-=]>",returnBegin:!0,contains:[l]}]},{className:"class",beginKeywords:"class",end:"$",illegal:/[:="\[\]]/,contains:[{beginKeywords:"extends",endsWithParent:!0,illegal:/[:="\[\]]/,contains:[c]},c]},{begin:i+":",end:":",returnBegin:!0,returnEnd:!0,relevance:0}])}}}()); -hljs.registerLanguage("cpp",function(){"use strict";return function(e){var i=e.requireLanguage("c-like").rawDefinition();return i.disableAutodetect=!1,i.name="C++",i.aliases=["cc","c++","h++","hpp","hh","hxx","cxx"],i}}()); -hljs.registerLanguage("csharp",function(){"use strict";return function(e){var n={keyword:"abstract as base bool break byte case catch char checked const continue decimal default delegate do double enum event explicit extern finally fixed float for foreach goto if implicit in init int interface internal is lock long object operator out override params private protected public readonly ref sbyte sealed short sizeof stackalloc static string struct switch this try typeof uint ulong unchecked unsafe ushort using virtual void volatile while add alias ascending async await by descending dynamic equals from get global group into join let nameof on orderby partial remove select set value var when where yield",literal:"null false true"},i=e.inherit(e.TITLE_MODE,{begin:"[a-zA-Z](\\.?\\w)*"}),a={className:"number",variants:[{begin:"\\b(0b[01']+)"},{begin:"(-?)\\b([\\d']+(\\.[\\d']*)?|\\.[\\d']+)(u|U|l|L|ul|UL|f|F|b|B)"},{begin:"(-?)(\\b0[xX][a-fA-F0-9']+|(\\b[\\d']+(\\.[\\d']*)?|\\.[\\d']+)([eE][-+]?[\\d']+)?)"}],relevance:0},s={className:"string",begin:'@"',end:'"',contains:[{begin:'""'}]},t=e.inherit(s,{illegal:/\n/}),l={className:"subst",begin:"{",end:"}",keywords:n},r=e.inherit(l,{illegal:/\n/}),c={className:"string",begin:/\$"/,end:'"',illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},e.BACKSLASH_ESCAPE,r]},o={className:"string",begin:/\$@"/,end:'"',contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},l]},g=e.inherit(o,{illegal:/\n/,contains:[{begin:"{{"},{begin:"}}"},{begin:'""'},r]});l.contains=[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.C_BLOCK_COMMENT_MODE],r.contains=[g,c,t,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,a,e.inherit(e.C_BLOCK_COMMENT_MODE,{illegal:/\n/})];var d={variants:[o,c,s,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},E={begin:"<",end:">",contains:[{beginKeywords:"in out"},i]},_=e.IDENT_RE+"(<"+e.IDENT_RE+"(\\s*,\\s*"+e.IDENT_RE+")*>)?(\\[\\])?",b={begin:"@"+e.IDENT_RE,relevance:0};return{name:"C#",aliases:["cs","c#"],keywords:n,illegal:/::/,contains:[e.COMMENT("///","$",{returnBegin:!0,contains:[{className:"doctag",variants:[{begin:"///",relevance:0},{begin:"\x3c!--|--\x3e"},{begin:""}]}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"meta",begin:"#",end:"$",keywords:{"meta-keyword":"if else elif endif define undef warning error line region endregion pragma checksum"}},d,a,{beginKeywords:"class interface",end:/[{;=]/,illegal:/[^\s:,]/,contains:[{beginKeywords:"where class"},i,E,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{beginKeywords:"namespace",end:/[{;=]/,illegal:/[^\s:]/,contains:[i,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{beginKeywords:"record",end:/[{;=]/,illegal:/[^\s:]/,contains:[i,E,e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"meta",begin:"^\\s*\\[",excludeBegin:!0,end:"\\]",excludeEnd:!0,contains:[{className:"meta-string",begin:/"/,end:/"/}]},{beginKeywords:"new return throw await else",relevance:0},{className:"function",begin:"("+_+"\\s+)+"+e.IDENT_RE+"\\s*(\\<.+\\>)?\\s*\\(",returnBegin:!0,end:/\s*[{;=]/,excludeEnd:!0,keywords:n,contains:[{begin:e.IDENT_RE+"\\s*(\\<.+\\>)?\\s*\\(",returnBegin:!0,contains:[e.TITLE_MODE,E],relevance:0},{className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:n,relevance:0,contains:[d,a,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},b]}}}()); -hljs.registerLanguage("css",function(){"use strict";return function(e){var n={begin:/(?:[A-Z\_\.\-]+|--[a-zA-Z0-9_-]+)\s*:/,returnBegin:!0,end:";",endsWithParent:!0,contains:[{className:"attribute",begin:/\S/,end:":",excludeEnd:!0,starts:{endsWithParent:!0,excludeEnd:!0,contains:[{begin:/[\w-]+\(/,returnBegin:!0,contains:[{className:"built_in",begin:/[\w-]+/},{begin:/\(/,end:/\)/,contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{className:"number",begin:"#[0-9A-Fa-f]+"},{className:"meta",begin:"!important"}]}}]};return{name:"CSS",case_insensitive:!0,illegal:/[=\/|'\$]/,contains:[e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:/#[A-Za-z0-9_-]+/},{className:"selector-class",begin:/\.[A-Za-z0-9_-]+/},{className:"selector-attr",begin:/\[/,end:/\]/,illegal:"$",contains:[e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",illegal:/:/,returnBegin:!0,contains:[{className:"keyword",begin:/@\-?\w[\w]*(\-\w+)*/},{begin:/\s/,endsWithParent:!0,excludeEnd:!0,relevance:0,keywords:"and or not only",contains:[{begin:/[a-z-]+:/,className:"attribute"},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.CSS_NUMBER_MODE]}]},{className:"selector-tag",begin:"[a-zA-Z-][a-zA-Z0-9_-]*",relevance:0},{begin:"{",end:"}",illegal:/\S/,contains:[e.C_BLOCK_COMMENT_MODE,n]}]}}}()); -hljs.registerLanguage("diff",function(){"use strict";return function(e){return{name:"Diff",aliases:["patch"],contains:[{className:"meta",relevance:10,variants:[{begin:/^@@ +\-\d+,\d+ +\+\d+,\d+ +@@$/},{begin:/^\*\*\* +\d+,\d+ +\*\*\*\*$/},{begin:/^\-\-\- +\d+,\d+ +\-\-\-\-$/}]},{className:"comment",variants:[{begin:/Index: /,end:/$/},{begin:/={3,}/,end:/$/},{begin:/^\-{3}/,end:/$/},{begin:/^\*{3} /,end:/$/},{begin:/^\+{3}/,end:/$/},{begin:/^\*{15}$/}]},{className:"addition",begin:"^\\+",end:"$"},{className:"deletion",begin:"^\\-",end:"$"},{className:"addition",begin:"^\\!",end:"$"}]}}}()); -hljs.registerLanguage("go",function(){"use strict";return function(e){var n={keyword:"break default func interface select case map struct chan else goto package switch const fallthrough if range type continue for import return var go defer bool byte complex64 complex128 float32 float64 int8 int16 int32 int64 string uint8 uint16 uint32 uint64 int uint uintptr rune",literal:"true false iota nil",built_in:"append cap close complex copy imag len make new panic print println real recover delete"};return{name:"Go",aliases:["golang"],keywords:n,illegal:"e(n)).join("")}return function(a){var s={className:"number",relevance:0,variants:[{begin:/([\+\-]+)?[\d]+_[\d_]+/},{begin:a.NUMBER_RE}]},i=a.COMMENT();i.variants=[{begin:/;/,end:/$/},{begin:/#/,end:/$/}];var t={className:"variable",variants:[{begin:/\$[\w\d"][\w\d_]*/},{begin:/\$\{(.*?)}/}]},r={className:"literal",begin:/\bon|off|true|false|yes|no\b/},l={className:"string",contains:[a.BACKSLASH_ESCAPE],variants:[{begin:"'''",end:"'''",relevance:10},{begin:'"""',end:'"""',relevance:10},{begin:'"',end:'"'},{begin:"'",end:"'"}]},c={begin:/\[/,end:/\]/,contains:[i,r,t,l,s,"self"],relevance:0},g="("+[/[A-Za-z0-9_-]+/,/"(\\"|[^"])*"/,/'[^']*'/].map(n=>e(n)).join("|")+")";return{name:"TOML, also INI",aliases:["toml"],case_insensitive:!0,illegal:/\S/,contains:[i,{className:"section",begin:/\[+/,end:/\]+/},{begin:n(g,"(\\s*\\.\\s*",g,")*",n("(?=",/\s*=\s*[^#\s]/,")")),className:"attr",starts:{end:/$/,contains:[i,c,r,t,l,s]}}]}}}()); -hljs.registerLanguage("java",function(){"use strict";function e(e){return e?"string"==typeof e?e:e.source:null}function n(e){return a("(",e,")?")}function a(...n){return n.map(n=>e(n)).join("")}function s(...n){return"("+n.map(n=>e(n)).join("|")+")"}return function(e){var t="false synchronized int abstract float private char boolean var static null if const for true while long strictfp finally protected import native final void enum else break transient catch instanceof byte super volatile case assert short package default double public try this switch continue throws protected public private module requires exports do",i={className:"meta",begin:"@[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*",contains:[{begin:/\(/,end:/\)/,contains:["self"]}]},r=e=>a("[",e,"]+([",e,"_]*[",e,"]+)?"),c={className:"number",variants:[{begin:`\\b(0[bB]${r("01")})[lL]?`},{begin:`\\b(0${r("0-7")})[dDfFlL]?`},{begin:a(/\b0[xX]/,s(a(r("a-fA-F0-9"),/\./,r("a-fA-F0-9")),a(r("a-fA-F0-9"),/\.?/),a(/\./,r("a-fA-F0-9"))),/([pP][+-]?(\d+))?/,/[fFdDlL]?/)},{begin:a(/\b/,s(a(/\d*\./,r("\\d")),r("\\d")),/[eE][+-]?[\d]+[dDfF]?/)},{begin:a(/\b/,r(/\d/),n(/\.?/),n(r(/\d/)),/[dDfFlL]?/)}],relevance:0};return{name:"Java",aliases:["jsp"],keywords:t,illegal:/<\/|#/,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{begin:/\w+@/,relevance:0},{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"class",beginKeywords:"class interface enum",end:/[{;=]/,excludeEnd:!0,keywords:"class interface enum",illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"new throw return else",relevance:0},{className:"function",begin:"([À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(<[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*(\\s*,\\s*[À-ʸa-zA-Z_$][À-ʸa-zA-Z_$0-9]*)*>)?\\s+)+"+e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,end:/[{;=]/,excludeEnd:!0,keywords:t,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"params",begin:/\(/,end:/\)/,keywords:t,relevance:0,contains:[i,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE]},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},c,i]}}}()); -hljs.registerLanguage("javascript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);function s(e){return r("(?=",e,")")}function r(...e){return e.map(e=>(function(e){return e?"string"==typeof e?e:e.source:null})(e)).join("")}return function(t){var i="[A-Za-z$_][0-9A-Za-z$_]*",c={begin:/<[A-Za-z0-9\\._:-]+/,end:/\/[A-Za-z0-9\\._:-]+>|\/>/},o={$pattern:"[A-Za-z$_][0-9A-Za-z$_]*",keyword:e.join(" "),literal:n.join(" "),built_in:a.join(" ")},l={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:t.C_NUMBER_RE+"n?"}],relevance:0},E={className:"subst",begin:"\\$\\{",end:"\\}",keywords:o,contains:[]},d={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[t.BACKSLASH_ESCAPE,E],subLanguage:"xml"}},g={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[t.BACKSLASH_ESCAPE,E],subLanguage:"css"}},u={className:"string",begin:"`",end:"`",contains:[t.BACKSLASH_ESCAPE,E]};E.contains=[t.APOS_STRING_MODE,t.QUOTE_STRING_MODE,d,g,u,l,t.REGEXP_MODE];var b=E.contains.concat([{begin:/\(/,end:/\)/,contains:["self"].concat(E.contains,[t.C_BLOCK_COMMENT_MODE,t.C_LINE_COMMENT_MODE])},t.C_BLOCK_COMMENT_MODE,t.C_LINE_COMMENT_MODE]),_={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:b};return{name:"JavaScript",aliases:["js","jsx","mjs","cjs"],keywords:o,contains:[t.SHEBANG({binary:"node",relevance:5}),{className:"meta",relevance:10,begin:/^\s*['"]use (strict|asm)['"]/},t.APOS_STRING_MODE,t.QUOTE_STRING_MODE,d,g,u,t.C_LINE_COMMENT_MODE,t.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+",contains:[{className:"type",begin:"\\{",end:"\\}",relevance:0},{className:"variable",begin:i+"(?=\\s*(-)|$)",endsParent:!0,relevance:0},{begin:/(?=[^\n])\s/,relevance:0}]}]}),t.C_BLOCK_COMMENT_MODE,l,{begin:r(/[{,\n]\s*/,s(r(/(((\/\/.*$)|(\/\*(.|\n)*\*\/))\s*)*/,i+"\\s*:"))),relevance:0,contains:[{className:"attr",begin:i+s("\\s*:"),relevance:0}]},{begin:"("+t.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[t.C_LINE_COMMENT_MODE,t.C_BLOCK_COMMENT_MODE,t.REGEXP_MODE,{className:"function",begin:"(\\([^(]*(\\([^(]*(\\([^(]*\\))?\\))?\\)|"+t.UNDERSCORE_IDENT_RE+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:t.UNDERSCORE_IDENT_RE},{className:null,begin:/\(\s*\)/,skip:!0},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:o,contains:b}]}]},{begin:/,/,relevance:0},{className:"",begin:/\s/,end:/\s*/,skip:!0},{variants:[{begin:"<>",end:""},{begin:c.begin,end:c.end}],subLanguage:"xml",contains:[{begin:c.begin,end:c.end,skip:!0,contains:["self"]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/\{/,excludeEnd:!0,contains:[t.inherit(t.TITLE_MODE,{begin:i}),_],illegal:/\[|%/},{begin:/\$[(.]/},t.METHOD_GUARD,{className:"class",beginKeywords:"class",end:/[{;=]/,excludeEnd:!0,illegal:/[:"\[\]]/,contains:[{beginKeywords:"extends"},t.UNDERSCORE_TITLE_MODE]},{beginKeywords:"constructor",end:/\{/,excludeEnd:!0},{begin:"(get|set)\\s+(?="+i+"\\()",end:/{/,keywords:"get set",contains:[t.inherit(t.TITLE_MODE,{begin:i}),{begin:/\(\)/},_]}],illegal:/#(?!!)/}}}()); -hljs.registerLanguage("json",function(){"use strict";return function(n){var e={literal:"true false null"},i=[n.C_LINE_COMMENT_MODE,n.C_BLOCK_COMMENT_MODE],t=[n.QUOTE_STRING_MODE,n.C_NUMBER_MODE],a={end:",",endsWithParent:!0,excludeEnd:!0,contains:t,keywords:e},l={begin:"{",end:"}",contains:[{className:"attr",begin:/"/,end:/"/,contains:[n.BACKSLASH_ESCAPE],illegal:"\\n"},n.inherit(a,{begin:/:/})].concat(i),illegal:"\\S"},s={begin:"\\[",end:"\\]",contains:[n.inherit(a)],illegal:"\\S"};return t.push(l,s),i.forEach((function(n){t.push(n)})),{name:"JSON",contains:t,keywords:e,illegal:"\\S"}}}()); -hljs.registerLanguage("kotlin",function(){"use strict";return function(e){var n={keyword:"abstract as val var vararg get set class object open private protected public noinline crossinline dynamic final enum if else do while for when throw try catch finally import package is in fun override companion reified inline lateinit init interface annotation data sealed internal infix operator out by constructor super tailrec where const inner suspend typealias external expect actual",built_in:"Byte Short Char Int Long Boolean Float Double Void Unit Nothing",literal:"true false null"},a={className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"@"},i={className:"subst",begin:"\\${",end:"}",contains:[e.C_NUMBER_MODE]},s={className:"variable",begin:"\\$"+e.UNDERSCORE_IDENT_RE},t={className:"string",variants:[{begin:'"""',end:'"""(?=[^"])',contains:[s,i]},{begin:"'",end:"'",illegal:/\n/,contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"',illegal:/\n/,contains:[e.BACKSLASH_ESCAPE,s,i]}]};i.contains.push(t);var r={className:"meta",begin:"@(?:file|property|field|get|set|receiver|param|setparam|delegate)\\s*:(?:\\s*"+e.UNDERSCORE_IDENT_RE+")?"},l={className:"meta",begin:"@"+e.UNDERSCORE_IDENT_RE,contains:[{begin:/\(/,end:/\)/,contains:[e.inherit(t,{className:"meta-string"})]}]},c=e.COMMENT("/\\*","\\*/",{contains:[e.C_BLOCK_COMMENT_MODE]}),o={variants:[{className:"type",begin:e.UNDERSCORE_IDENT_RE},{begin:/\(/,end:/\)/,contains:[]}]},d=o;return d.variants[1].contains=[o],o.variants[1].contains=[d],{name:"Kotlin",aliases:["kt"],keywords:n,contains:[e.COMMENT("/\\*\\*","\\*/",{relevance:0,contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.C_LINE_COMMENT_MODE,c,{className:"keyword",begin:/\b(break|continue|return|this)\b/,starts:{contains:[{className:"symbol",begin:/@\w+/}]}},a,r,l,{className:"function",beginKeywords:"fun",end:"[(]|$",returnBegin:!0,excludeEnd:!0,keywords:n,illegal:/fun\s+(<.*>)?[^\s\(]+(\s+[^\s\(]+)\s*=/,relevance:5,contains:[{begin:e.UNDERSCORE_IDENT_RE+"\\s*\\(",returnBegin:!0,relevance:0,contains:[e.UNDERSCORE_TITLE_MODE]},{className:"type",begin://,keywords:"reified",relevance:0},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:n,relevance:0,contains:[{begin:/:/,end:/[=,\/]/,endsWithParent:!0,contains:[o,e.C_LINE_COMMENT_MODE,c],relevance:0},e.C_LINE_COMMENT_MODE,c,r,l,t,e.C_NUMBER_MODE]},c]},{className:"class",beginKeywords:"class interface trait",end:/[:\{(]|$/,excludeEnd:!0,illegal:"extends implements",contains:[{beginKeywords:"public protected internal private constructor"},e.UNDERSCORE_TITLE_MODE,{className:"type",begin://,excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:/[,:]\s*/,end:/[<\(,]|$/,excludeBegin:!0,returnEnd:!0},r,l]},t,{className:"meta",begin:"^#!/usr/bin/env",end:"$",illegal:"\n"},{className:"number",begin:"\\b(0[bB]([01]+[01_]+[01]+|[01]+)|0[xX]([a-fA-F0-9]+[a-fA-F0-9_]+[a-fA-F0-9]+|[a-fA-F0-9]+)|(([\\d]+[\\d_]+[\\d]+|[\\d]+)(\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))?|\\.([\\d]+[\\d_]+[\\d]+|[\\d]+))([eE][-+]?\\d+)?)[lLfF]?",relevance:0}]}}}()); -hljs.registerLanguage("less",function(){"use strict";return function(e){var n="([\\w-]+|@{[\\w-]+})",a=[],s=[],t=function(e){return{className:"string",begin:"~?"+e+".*?"+e}},r=function(e,n,a){return{className:e,begin:n,relevance:a}},i={begin:"\\(",end:"\\)",contains:s,relevance:0};s.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,t("'"),t('"'),e.CSS_NUMBER_MODE,{begin:"(url|data-uri)\\(",starts:{className:"string",end:"[\\)\\n]",excludeEnd:!0}},r("number","#[0-9A-Fa-f]+\\b"),i,r("variable","@@?[\\w-]+",10),r("variable","@{[\\w-]+}"),r("built_in","~?`[^`]*?`"),{className:"attribute",begin:"[\\w-]+\\s*:",end:":",returnBegin:!0,excludeEnd:!0},{className:"meta",begin:"!important"});var c=s.concat({begin:"{",end:"}",contains:a}),l={beginKeywords:"when",endsWithParent:!0,contains:[{beginKeywords:"and not"}].concat(s)},o={begin:n+"\\s*:",returnBegin:!0,end:"[;}]",relevance:0,contains:[{className:"attribute",begin:n,end:":",excludeEnd:!0,starts:{endsWithParent:!0,illegal:"[<=$]",relevance:0,contains:s}}]},g={className:"keyword",begin:"@(import|media|charset|font-face|(-[a-z]+-)?keyframes|supports|document|namespace|page|viewport|host)\\b",starts:{end:"[;{}]",returnEnd:!0,contains:s,relevance:0}},d={className:"variable",variants:[{begin:"@[\\w-]+\\s*:",relevance:15},{begin:"@[\\w-]+"}],starts:{end:"[;}]",returnEnd:!0,contains:c}},b={variants:[{begin:"[\\.#:&\\[>]",end:"[;{}]"},{begin:n,end:"{"}],returnBegin:!0,returnEnd:!0,illegal:"[<='$\"]",relevance:0,contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,l,r("keyword","all\\b"),r("variable","@{[\\w-]+}"),r("selector-tag",n+"%?",0),r("selector-id","#"+n),r("selector-class","\\."+n,0),r("selector-tag","&",0),{className:"selector-attr",begin:"\\[",end:"\\]"},{className:"selector-pseudo",begin:/:(:)?[a-zA-Z0-9\_\-\+\(\)"'.]+/},{begin:"\\(",end:"\\)",contains:c},{begin:"!important"}]};return a.push(e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,g,d,o,b),{name:"Less",case_insensitive:!0,illegal:"[=>'/<($\"]",contains:a}}}()); -hljs.registerLanguage("lua",function(){"use strict";return function(e){var t={begin:"\\[=*\\[",end:"\\]=*\\]",contains:["self"]},a=[e.COMMENT("--(?!\\[=*\\[)","$"),e.COMMENT("--\\[=*\\[","\\]=*\\]",{contains:[t],relevance:10})];return{name:"Lua",keywords:{$pattern:e.UNDERSCORE_IDENT_RE,literal:"true false nil",keyword:"and break do else elseif end for goto if in local not or repeat return then until while",built_in:"_G _ENV _VERSION __index __newindex __mode __call __metatable __tostring __len __gc __add __sub __mul __div __mod __pow __concat __unm __eq __lt __le assert collectgarbage dofile error getfenv getmetatable ipairs load loadfile loadstring module next pairs pcall print rawequal rawget rawset require select setfenv setmetatable tonumber tostring type unpack xpcall arg self coroutine resume yield status wrap create running debug getupvalue debug sethook getmetatable gethook setmetatable setlocal traceback setfenv getinfo setupvalue getlocal getregistry getfenv io lines write close flush open output type read stderr stdin input stdout popen tmpfile math log max acos huge ldexp pi cos tanh pow deg tan cosh sinh random randomseed frexp ceil floor rad abs sqrt modf asin min mod fmod log10 atan2 exp sin atan os exit setlocale date getenv difftime remove time clock tmpname rename execute package preload loadlib loaded loaders cpath config path seeall string sub upper len gfind rep find match char dump gmatch reverse byte format gsub lower table setn insert getn foreachi maxn foreach concat sort remove"},contains:a.concat([{className:"function",beginKeywords:"function",end:"\\)",contains:[e.inherit(e.TITLE_MODE,{begin:"([_a-zA-Z]\\w*\\.)*([_a-zA-Z]\\w*:)?[_a-zA-Z]\\w*"}),{className:"params",begin:"\\(",endsWithParent:!0,contains:a}].concat(a)},e.C_NUMBER_MODE,e.APOS_STRING_MODE,e.QUOTE_STRING_MODE,{className:"string",begin:"\\[=*\\[",end:"\\]=*\\]",contains:[t],relevance:5}])}}}()); -hljs.registerLanguage("makefile",function(){"use strict";return function(e){var i={className:"variable",variants:[{begin:"\\$\\("+e.UNDERSCORE_IDENT_RE+"\\)",contains:[e.BACKSLASH_ESCAPE]},{begin:/\$[@%`]+/}]}]}]};return{name:"HTML, XML",aliases:["html","xhtml","rss","atom","xjb","xsd","xsl","plist","wsf","svg"],case_insensitive:!0,contains:[{className:"meta",begin:"",relevance:10,contains:[a,i,t,s,{begin:"\\[",end:"\\]",contains:[{className:"meta",begin:"",contains:[a,s,i,t]}]}]},e.COMMENT("\x3c!--","--\x3e",{relevance:10}),{begin:"<\\!\\[CDATA\\[",end:"\\]\\]>",relevance:10},n,{className:"meta",begin:/<\?xml/,end:/\?>/,relevance:10},{className:"tag",begin:")",end:">",keywords:{name:"style"},contains:[c],starts:{end:"",returnEnd:!0,subLanguage:["css","xml"]}},{className:"tag",begin:")",end:">",keywords:{name:"script"},contains:[c],starts:{end:"<\/script>",returnEnd:!0,subLanguage:["javascript","handlebars","xml"]}},{className:"tag",begin:"",contains:[{className:"name",begin:/[^\/><\s]+/,relevance:0},c]}]}}}()); -hljs.registerLanguage("markdown",function(){"use strict";return function(n){const e={begin:"<",end:">",subLanguage:"xml",relevance:0},a={begin:"\\[.+?\\][\\(\\[].*?[\\)\\]]",returnBegin:!0,contains:[{className:"string",begin:"\\[",end:"\\]",excludeBegin:!0,returnEnd:!0,relevance:0},{className:"link",begin:"\\]\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0},{className:"symbol",begin:"\\]\\[",end:"\\]",excludeBegin:!0,excludeEnd:!0}],relevance:10},i={className:"strong",contains:[],variants:[{begin:/_{2}/,end:/_{2}/},{begin:/\*{2}/,end:/\*{2}/}]},s={className:"emphasis",contains:[],variants:[{begin:/\*(?!\*)/,end:/\*/},{begin:/_(?!_)/,end:/_/,relevance:0}]};i.contains.push(s),s.contains.push(i);var c=[e,a];return i.contains=i.contains.concat(c),s.contains=s.contains.concat(c),{name:"Markdown",aliases:["md","mkdown","mkd"],contains:[{className:"section",variants:[{begin:"^#{1,6}",end:"$",contains:c=c.concat(i,s)},{begin:"(?=^.+?\\n[=-]{2,}$)",contains:[{begin:"^[=-]*$"},{begin:"^",end:"\\n",contains:c}]}]},e,{className:"bullet",begin:"^[ \t]*([*+-]|(\\d+\\.))(?=\\s+)",end:"\\s+",excludeEnd:!0},i,s,{className:"quote",begin:"^>\\s+",contains:c,end:"$"},{className:"code",variants:[{begin:"(`{3,})(.|\\n)*?\\1`*[ ]*"},{begin:"(~{3,})(.|\\n)*?\\1~*[ ]*"},{begin:"```",end:"```+[ ]*$"},{begin:"~~~",end:"~~~+[ ]*$"},{begin:"`.+?`"},{begin:"(?=^( {4}|\\t))",contains:[{begin:"^( {4}|\\t)",end:"(\\n)$"}],relevance:0}]},{begin:"^[-\\*]{3,}",end:"$"},a,{begin:/^\[[^\n]+\]:/,returnBegin:!0,contains:[{className:"symbol",begin:/\[/,end:/\]/,excludeBegin:!0,excludeEnd:!0},{className:"link",begin:/:\s*/,end:/$/,excludeBegin:!0}]}]}}}()); -hljs.registerLanguage("nginx",function(){"use strict";return function(e){var n={className:"variable",variants:[{begin:/\$\d+/},{begin:/\$\{/,end:/}/},{begin:"[\\$\\@]"+e.UNDERSCORE_IDENT_RE}]},a={endsWithParent:!0,keywords:{$pattern:"[a-z/_]+",literal:"on off yes no true false none blocked debug info notice warn error crit select break last permanent redirect kqueue rtsig epoll poll /dev/poll"},relevance:0,illegal:"=>",contains:[e.HASH_COMMENT_MODE,{className:"string",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:/"/,end:/"/},{begin:/'/,end:/'/}]},{begin:"([a-z]+):/",end:"\\s",endsWithParent:!0,excludeEnd:!0,contains:[n]},{className:"regexp",contains:[e.BACKSLASH_ESCAPE,n],variants:[{begin:"\\s\\^",end:"\\s|{|;",returnEnd:!0},{begin:"~\\*?\\s+",end:"\\s|{|;",returnEnd:!0},{begin:"\\*(\\.[a-z\\-]+)+"},{begin:"([a-z\\-]+\\.)+\\*"}]},{className:"number",begin:"\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}(:\\d{1,5})?\\b"},{className:"number",begin:"\\b\\d+[kKmMgGdshdwy]*\\b",relevance:0},n]};return{name:"Nginx config",aliases:["nginxconf"],contains:[e.HASH_COMMENT_MODE,{begin:e.UNDERSCORE_IDENT_RE+"\\s+{",returnBegin:!0,end:"{",contains:[{className:"section",begin:e.UNDERSCORE_IDENT_RE}],relevance:0},{begin:e.UNDERSCORE_IDENT_RE+"\\s",end:";|{",returnBegin:!0,contains:[{className:"attribute",begin:e.UNDERSCORE_IDENT_RE,starts:a}],relevance:0}],illegal:"[^\\s\\}]"}}}()); -hljs.registerLanguage("objectivec",function(){"use strict";return function(e){var n=/[a-zA-Z@][a-zA-Z0-9_]*/,_={$pattern:n,keyword:"@interface @class @protocol @implementation"};return{name:"Objective-C",aliases:["mm","objc","obj-c"],keywords:{$pattern:n,keyword:"int float while char export sizeof typedef const struct for union unsigned long volatile static bool mutable if do return goto void enum else break extern asm case short default double register explicit signed typename this switch continue wchar_t inline readonly assign readwrite self @synchronized id typeof nonatomic super unichar IBOutlet IBAction strong weak copy in out inout bycopy byref oneway __strong __weak __block __autoreleasing @private @protected @public @try @property @end @throw @catch @finally @autoreleasepool @synthesize @dynamic @selector @optional @required @encode @package @import @defs @compatibility_alias __bridge __bridge_transfer __bridge_retained __bridge_retain __covariant __contravariant __kindof _Nonnull _Nullable _Null_unspecified __FUNCTION__ __PRETTY_FUNCTION__ __attribute__ getter setter retain unsafe_unretained nonnull nullable null_unspecified null_resettable class instancetype NS_DESIGNATED_INITIALIZER NS_UNAVAILABLE NS_REQUIRES_SUPER NS_RETURNS_INNER_POINTER NS_INLINE NS_AVAILABLE NS_DEPRECATED NS_ENUM NS_OPTIONS NS_SWIFT_UNAVAILABLE NS_ASSUME_NONNULL_BEGIN NS_ASSUME_NONNULL_END NS_REFINED_FOR_SWIFT NS_SWIFT_NAME NS_SWIFT_NOTHROW NS_DURING NS_HANDLER NS_ENDHANDLER NS_VALUERETURN NS_VOIDRETURN",literal:"false true FALSE TRUE nil YES NO NULL",built_in:"BOOL dispatch_once_t dispatch_queue_t dispatch_sync dispatch_async dispatch_once"},illegal:"/,end:/$/,illegal:"\\n"},e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE]},{className:"class",begin:"("+_.keyword.split(" ").join("|")+")\\b",end:"({|$)",excludeEnd:!0,keywords:_,contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"\\."+e.UNDERSCORE_IDENT_RE,relevance:0}]}}}()); -hljs.registerLanguage("perl",function(){"use strict";return function(e){var n={$pattern:/[\w.]+/,keyword:"getpwent getservent quotemeta msgrcv scalar kill dbmclose undef lc ma syswrite tr send umask sysopen shmwrite vec qx utime local oct semctl localtime readpipe do return format read sprintf dbmopen pop getpgrp not getpwnam rewinddir qq fileno qw endprotoent wait sethostent bless s|0 opendir continue each sleep endgrent shutdown dump chomp connect getsockname die socketpair close flock exists index shmget sub for endpwent redo lstat msgctl setpgrp abs exit select print ref gethostbyaddr unshift fcntl syscall goto getnetbyaddr join gmtime symlink semget splice x|0 getpeername recv log setsockopt cos last reverse gethostbyname getgrnam study formline endhostent times chop length gethostent getnetent pack getprotoent getservbyname rand mkdir pos chmod y|0 substr endnetent printf next open msgsnd readdir use unlink getsockopt getpriority rindex wantarray hex system getservbyport endservent int chr untie rmdir prototype tell listen fork shmread ucfirst setprotoent else sysseek link getgrgid shmctl waitpid unpack getnetbyname reset chdir grep split require caller lcfirst until warn while values shift telldir getpwuid my getprotobynumber delete and sort uc defined srand accept package seekdir getprotobyname semop our rename seek if q|0 chroot sysread setpwent no crypt getc chown sqrt write setnetent setpriority foreach tie sin msgget map stat getlogin unless elsif truncate exec keys glob tied closedir ioctl socket readlink eval xor readline binmode setservent eof ord bind alarm pipe atan2 getgrent exp time push setgrent gt lt or ne m|0 break given say state when"},t={className:"subst",begin:"[$@]\\{",end:"\\}",keywords:n},s={begin:"->{",end:"}"},r={variants:[{begin:/\$\d/},{begin:/[\$%@](\^\w\b|#\w+(::\w+)*|{\w+}|\w+(::\w*)*)/},{begin:/[\$%@][^\s\w{]/,relevance:0}]},i=[e.BACKSLASH_ESCAPE,t,r],a=[r,e.HASH_COMMENT_MODE,e.COMMENT("^\\=\\w","\\=cut",{endsWithParent:!0}),s,{className:"string",contains:i,variants:[{begin:"q[qwxr]?\\s*\\(",end:"\\)",relevance:5},{begin:"q[qwxr]?\\s*\\[",end:"\\]",relevance:5},{begin:"q[qwxr]?\\s*\\{",end:"\\}",relevance:5},{begin:"q[qwxr]?\\s*\\|",end:"\\|",relevance:5},{begin:"q[qwxr]?\\s*\\<",end:"\\>",relevance:5},{begin:"qw\\s+q",end:"q",relevance:5},{begin:"'",end:"'",contains:[e.BACKSLASH_ESCAPE]},{begin:'"',end:'"'},{begin:"`",end:"`",contains:[e.BACKSLASH_ESCAPE]},{begin:"{\\w+}",contains:[],relevance:0},{begin:"-?\\w+\\s*\\=\\>",contains:[],relevance:0}]},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\/\\/|"+e.RE_STARTERS_RE+"|\\b(split|return|print|reverse|grep)\\b)\\s*",keywords:"split return print reverse grep",relevance:0,contains:[e.HASH_COMMENT_MODE,{className:"regexp",begin:"(s|tr|y)/(\\\\.|[^/])*/(\\\\.|[^/])*/[a-z]*",relevance:10},{className:"regexp",begin:"(m|qr)?/",end:"/[a-z]*",contains:[e.BACKSLASH_ESCAPE],relevance:0}]},{className:"function",beginKeywords:"sub",end:"(\\s*\\(.*?\\))?[;{]",excludeEnd:!0,relevance:5,contains:[e.TITLE_MODE]},{begin:"-\\w\\b",relevance:0},{begin:"^__DATA__$",end:"^__END__$",subLanguage:"mojolicious",contains:[{begin:"^@@.*",end:"$",className:"comment"}]}];return t.contains=a,s.contains=a,{name:"Perl",aliases:["pl","pm"],keywords:n,contains:a}}}()); -hljs.registerLanguage("php",function(){"use strict";return function(e){var r={begin:"\\$+[a-zA-Z_-ÿ][a-zA-Z0-9_-ÿ]*"},t={className:"meta",variants:[{begin:/<\?php/,relevance:10},{begin:/<\?[=]?/},{begin:/\?>/}]},a={className:"subst",variants:[{begin:/\$\w+/},{begin:/\{\$/,end:/\}/}]},n=e.inherit(e.APOS_STRING_MODE,{illegal:null}),i=e.inherit(e.QUOTE_STRING_MODE,{illegal:null,contains:e.QUOTE_STRING_MODE.contains.concat(a)}),o=e.END_SAME_AS_BEGIN({begin:/<<<[ \t]*(\w+)\n/,end:/[ \t]*(\w+)\b/,contains:e.QUOTE_STRING_MODE.contains.concat(a)}),l={className:"string",contains:[e.BACKSLASH_ESCAPE,t],variants:[e.inherit(n,{begin:"b'",end:"'"}),e.inherit(i,{begin:'b"',end:'"'}),i,n,o]},s={variants:[e.BINARY_NUMBER_MODE,e.C_NUMBER_MODE]},c={keyword:"__CLASS__ __DIR__ __FILE__ __FUNCTION__ __LINE__ __METHOD__ __NAMESPACE__ __TRAIT__ die echo exit include include_once print require require_once array abstract and as binary bool boolean break callable case catch class clone const continue declare default do double else elseif empty enddeclare endfor endforeach endif endswitch endwhile eval extends final finally float for foreach from global goto if implements instanceof insteadof int integer interface isset iterable list new object or private protected public real return string switch throw trait try unset use var void while xor yield",literal:"false null true",built_in:"Error|0 AppendIterator ArgumentCountError ArithmeticError ArrayIterator ArrayObject AssertionError BadFunctionCallException BadMethodCallException CachingIterator CallbackFilterIterator CompileError Countable DirectoryIterator DivisionByZeroError DomainException EmptyIterator ErrorException Exception FilesystemIterator FilterIterator GlobIterator InfiniteIterator InvalidArgumentException IteratorIterator LengthException LimitIterator LogicException MultipleIterator NoRewindIterator OutOfBoundsException OutOfRangeException OuterIterator OverflowException ParentIterator ParseError RangeException RecursiveArrayIterator RecursiveCachingIterator RecursiveCallbackFilterIterator RecursiveDirectoryIterator RecursiveFilterIterator RecursiveIterator RecursiveIteratorIterator RecursiveRegexIterator RecursiveTreeIterator RegexIterator RuntimeException SeekableIterator SplDoublyLinkedList SplFileInfo SplFileObject SplFixedArray SplHeap SplMaxHeap SplMinHeap SplObjectStorage SplObserver SplObserver SplPriorityQueue SplQueue SplStack SplSubject SplSubject SplTempFileObject TypeError UnderflowException UnexpectedValueException ArrayAccess Closure Generator Iterator IteratorAggregate Serializable Throwable Traversable WeakReference Directory __PHP_Incomplete_Class parent php_user_filter self static stdClass"};return{aliases:["php","php3","php4","php5","php6","php7"],case_insensitive:!0,keywords:c,contains:[e.HASH_COMMENT_MODE,e.COMMENT("//","$",{contains:[t]}),e.COMMENT("/\\*","\\*/",{contains:[{className:"doctag",begin:"@[A-Za-z]+"}]}),e.COMMENT("__halt_compiler.+?;",!1,{endsWithParent:!0,keywords:"__halt_compiler"}),t,{className:"keyword",begin:/\$this\b/},r,{begin:/(::|->)+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*/},{className:"function",beginKeywords:"fn function",end:/[;{]/,excludeEnd:!0,illegal:"[$%\\[]",contains:[e.UNDERSCORE_TITLE_MODE,{className:"params",begin:"\\(",end:"\\)",excludeBegin:!0,excludeEnd:!0,keywords:c,contains:["self",r,e.C_BLOCK_COMMENT_MODE,l,s]}]},{className:"class",beginKeywords:"class interface",end:"{",excludeEnd:!0,illegal:/[:\(\$"]/,contains:[{beginKeywords:"extends implements"},e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"namespace",end:";",illegal:/[\.']/,contains:[e.UNDERSCORE_TITLE_MODE]},{beginKeywords:"use",end:";",contains:[e.UNDERSCORE_TITLE_MODE]},{begin:"=>"},l,s]}}}()); -hljs.registerLanguage("php-template",function(){"use strict";return function(n){return{name:"PHP template",subLanguage:"xml",contains:[{begin:/<\?(php|=)?/,end:/\?>/,subLanguage:"php",contains:[{begin:"/\\*",end:"\\*/",skip:!0},{begin:'b"',end:'"',skip:!0},{begin:"b'",end:"'",skip:!0},n.inherit(n.APOS_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0}),n.inherit(n.QUOTE_STRING_MODE,{illegal:null,className:null,contains:null,skip:!0})]}]}}}()); -hljs.registerLanguage("plaintext",function(){"use strict";return function(t){return{name:"Plain text",aliases:["text","txt"],disableAutodetect:!0}}}()); -hljs.registerLanguage("properties",function(){"use strict";return function(e){var n="[ \\t\\f]*",t="("+n+"[:=]"+n+"|[ \\t\\f]+)",a="([^\\\\:= \\t\\f\\n]|\\\\.)+",s={end:t,relevance:0,starts:{className:"string",end:/$/,relevance:0,contains:[{begin:"\\\\\\n"}]}};return{name:".properties",case_insensitive:!0,illegal:/\S/,contains:[e.COMMENT("^\\s*[!#]","$"),{begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+"+t,returnBegin:!0,contains:[{className:"attr",begin:"([^\\\\\\W:= \\t\\f\\n]|\\\\.)+",endsParent:!0,relevance:0}],starts:s},{begin:a+t,returnBegin:!0,relevance:0,contains:[{className:"meta",begin:a,endsParent:!0,relevance:0}],starts:s},{className:"attr",relevance:0,begin:a+n+"$"}]}}}()); -hljs.registerLanguage("python",function(){"use strict";return function(e){var n={keyword:"and elif is global as in if from raise for except finally print import pass return exec else break not with class assert yield try while continue del or def lambda async await nonlocal|10",built_in:"Ellipsis NotImplemented",literal:"False None True"},a={className:"meta",begin:/^(>>>|\.\.\.) /},i={className:"subst",begin:/\{/,end:/\}/,keywords:n,illegal:/#/},s={begin:/\{\{/,relevance:0},r={className:"string",contains:[e.BACKSLASH_ESCAPE],variants:[{begin:/(u|b)?r?'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(u|b)?r?"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a],relevance:10},{begin:/(fr|rf|f)'''/,end:/'''/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(fr|rf|f)"""/,end:/"""/,contains:[e.BACKSLASH_ESCAPE,a,s,i]},{begin:/(u|r|ur)'/,end:/'/,relevance:10},{begin:/(u|r|ur)"/,end:/"/,relevance:10},{begin:/(b|br)'/,end:/'/},{begin:/(b|br)"/,end:/"/},{begin:/(fr|rf|f)'/,end:/'/,contains:[e.BACKSLASH_ESCAPE,s,i]},{begin:/(fr|rf|f)"/,end:/"/,contains:[e.BACKSLASH_ESCAPE,s,i]},e.APOS_STRING_MODE,e.QUOTE_STRING_MODE]},l={className:"number",relevance:0,variants:[{begin:e.BINARY_NUMBER_RE+"[lLjJ]?"},{begin:"\\b(0o[0-7]+)[lLjJ]?"},{begin:e.C_NUMBER_RE+"[lLjJ]?"}]},t={className:"params",variants:[{begin:/\(\s*\)/,skip:!0,className:null},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,contains:["self",a,l,r,e.HASH_COMMENT_MODE]}]};return i.contains=[r,l,a],{name:"Python",aliases:["py","gyp","ipython"],keywords:n,illegal:/(<\/|->|\?)|=>/,contains:[a,l,{beginKeywords:"if",relevance:0},r,e.HASH_COMMENT_MODE,{variants:[{className:"function",beginKeywords:"def"},{className:"class",beginKeywords:"class"}],end:/:/,illegal:/[${=;\n,]/,contains:[e.UNDERSCORE_TITLE_MODE,t,{begin:/->/,endsWithParent:!0,keywords:"None"}]},{className:"meta",begin:/^[\t ]*@/,end:/$/},{begin:/\b(print|exec)\(/}]}}}()); -hljs.registerLanguage("python-repl",function(){"use strict";return function(n){return{aliases:["pycon"],contains:[{className:"meta",starts:{end:/ |$/,starts:{end:"$",subLanguage:"python"}},variants:[{begin:/^>>>(?=[ ]|$)/},{begin:/^\.\.\.(?=[ ]|$)/}]}]}}}()); -hljs.registerLanguage("ruby",function(){"use strict";return function(e){var n="[a-zA-Z_]\\w*[!?=]?|[-+~]\\@|<<|>>|=~|===?|<=>|[<>]=?|\\*\\*|[-/+%^&*~`|]|\\[\\]=?",a={keyword:"and then defined module in return redo if BEGIN retry end for self when next until do begin unless END rescue else break undef not super class case require yield alias while ensure elsif or include attr_reader attr_writer attr_accessor",literal:"true false nil"},s={className:"doctag",begin:"@[A-Za-z]+"},i={begin:"#<",end:">"},r=[e.COMMENT("#","$",{contains:[s]}),e.COMMENT("^\\=begin","^\\=end",{contains:[s],relevance:10}),e.COMMENT("^__END__","\\n$")],c={className:"subst",begin:"#\\{",end:"}",keywords:a},t={className:"string",contains:[e.BACKSLASH_ESCAPE,c],variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/`/,end:/`/},{begin:"%[qQwWx]?\\(",end:"\\)"},{begin:"%[qQwWx]?\\[",end:"\\]"},{begin:"%[qQwWx]?{",end:"}"},{begin:"%[qQwWx]?<",end:">"},{begin:"%[qQwWx]?/",end:"/"},{begin:"%[qQwWx]?%",end:"%"},{begin:"%[qQwWx]?-",end:"-"},{begin:"%[qQwWx]?\\|",end:"\\|"},{begin:/\B\?(\\\d{1,3}|\\x[A-Fa-f0-9]{1,2}|\\u[A-Fa-f0-9]{4}|\\?\S)\b/},{begin:/<<[-~]?'?(\w+)(?:.|\n)*?\n\s*\1\b/,returnBegin:!0,contains:[{begin:/<<[-~]?'?/},e.END_SAME_AS_BEGIN({begin:/(\w+)/,end:/(\w+)/,contains:[e.BACKSLASH_ESCAPE,c]})]}]},b={className:"params",begin:"\\(",end:"\\)",endsParent:!0,keywords:a},d=[t,i,{className:"class",beginKeywords:"class module",end:"$|;",illegal:/=/,contains:[e.inherit(e.TITLE_MODE,{begin:"[A-Za-z_]\\w*(::\\w+)*(\\?|\\!)?"}),{begin:"<\\s*",contains:[{begin:"("+e.IDENT_RE+"::)?"+e.IDENT_RE}]}].concat(r)},{className:"function",beginKeywords:"def",end:"$|;",contains:[e.inherit(e.TITLE_MODE,{begin:n}),b].concat(r)},{begin:e.IDENT_RE+"::"},{className:"symbol",begin:e.UNDERSCORE_IDENT_RE+"(\\!|\\?)?:",relevance:0},{className:"symbol",begin:":(?!\\s)",contains:[t,{begin:n}],relevance:0},{className:"number",begin:"(\\b0[0-7_]+)|(\\b0x[0-9a-fA-F_]+)|(\\b[1-9][0-9_]*(\\.[0-9_]+)?)|[0_]\\b",relevance:0},{begin:"(\\$\\W)|((\\$|\\@\\@?)(\\w+))"},{className:"params",begin:/\|/,end:/\|/,keywords:a},{begin:"("+e.RE_STARTERS_RE+"|unless)\\s*",keywords:"unless",contains:[i,{className:"regexp",contains:[e.BACKSLASH_ESCAPE,c],illegal:/\n/,variants:[{begin:"/",end:"/[a-z]*"},{begin:"%r{",end:"}[a-z]*"},{begin:"%r\\(",end:"\\)[a-z]*"},{begin:"%r!",end:"![a-z]*"},{begin:"%r\\[",end:"\\][a-z]*"}]}].concat(r),relevance:0}].concat(r);c.contains=d,b.contains=d;var g=[{begin:/^\s*=>/,starts:{end:"$",contains:d}},{className:"meta",begin:"^([>?]>|[\\w#]+\\(\\w+\\):\\d+:\\d+>|(\\w+-)?\\d+\\.\\d+\\.\\d(p\\d+)?[^>]+>)",starts:{end:"$",contains:d}}];return{name:"Ruby",aliases:["rb","gemspec","podspec","thor","irb"],keywords:a,illegal:/\/\*/,contains:r.concat(g).concat(d)}}}()); -hljs.registerLanguage("rust",function(){"use strict";return function(e){var n="([ui](8|16|32|64|128|size)|f(32|64))?",t="drop i8 i16 i32 i64 i128 isize u8 u16 u32 u64 u128 usize f32 f64 str char bool Box Option Result String Vec Copy Send Sized Sync Drop Fn FnMut FnOnce ToOwned Clone Debug PartialEq PartialOrd Eq Ord AsRef AsMut Into From Default Iterator Extend IntoIterator DoubleEndedIterator ExactSizeIterator SliceConcatExt ToString assert! assert_eq! bitflags! bytes! cfg! col! concat! concat_idents! debug_assert! debug_assert_eq! env! panic! file! format! format_args! include_bin! include_str! line! local_data_key! module_path! option_env! print! println! select! stringify! try! unimplemented! unreachable! vec! write! writeln! macro_rules! assert_ne! debug_assert_ne!";return{name:"Rust",aliases:["rs"],keywords:{$pattern:e.IDENT_RE+"!?",keyword:"abstract as async await become box break const continue crate do dyn else enum extern false final fn for if impl in let loop macro match mod move mut override priv pub ref return self Self static struct super trait true try type typeof unsafe unsized use virtual where while yield",literal:"true false Some None Ok Err",built_in:t},illegal:""}]}}}()); -hljs.registerLanguage("scss",function(){"use strict";return function(e){var t={className:"variable",begin:"(\\$[a-zA-Z-][a-zA-Z0-9_-]*)\\b"},i={className:"number",begin:"#[0-9A-Fa-f]+"};return e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,e.C_BLOCK_COMMENT_MODE,{name:"SCSS",case_insensitive:!0,illegal:"[=/|']",contains:[e.C_LINE_COMMENT_MODE,e.C_BLOCK_COMMENT_MODE,{className:"selector-id",begin:"\\#[A-Za-z0-9_-]+",relevance:0},{className:"selector-class",begin:"\\.[A-Za-z0-9_-]+",relevance:0},{className:"selector-attr",begin:"\\[",end:"\\]",illegal:"$"},{className:"selector-tag",begin:"\\b(a|abbr|acronym|address|area|article|aside|audio|b|base|big|blockquote|body|br|button|canvas|caption|cite|code|col|colgroup|command|datalist|dd|del|details|dfn|div|dl|dt|em|embed|fieldset|figcaption|figure|footer|form|frame|frameset|(h[1-6])|head|header|hgroup|hr|html|i|iframe|img|input|ins|kbd|keygen|label|legend|li|link|map|mark|meta|meter|nav|noframes|noscript|object|ol|optgroup|option|output|p|param|pre|progress|q|rp|rt|ruby|samp|script|section|select|small|span|strike|strong|style|sub|sup|table|tbody|td|textarea|tfoot|th|thead|time|title|tr|tt|ul|var|video)\\b",relevance:0},{className:"selector-pseudo",begin:":(visited|valid|root|right|required|read-write|read-only|out-range|optional|only-of-type|only-child|nth-of-type|nth-last-of-type|nth-last-child|nth-child|not|link|left|last-of-type|last-child|lang|invalid|indeterminate|in-range|hover|focus|first-of-type|first-line|first-letter|first-child|first|enabled|empty|disabled|default|checked|before|after|active)"},{className:"selector-pseudo",begin:"::(after|before|choices|first-letter|first-line|repeat-index|repeat-item|selection|value)"},t,{className:"attribute",begin:"\\b(src|z-index|word-wrap|word-spacing|word-break|width|widows|white-space|visibility|vertical-align|unicode-bidi|transition-timing-function|transition-property|transition-duration|transition-delay|transition|transform-style|transform-origin|transform|top|text-underline-position|text-transform|text-shadow|text-rendering|text-overflow|text-indent|text-decoration-style|text-decoration-line|text-decoration-color|text-decoration|text-align-last|text-align|tab-size|table-layout|right|resize|quotes|position|pointer-events|perspective-origin|perspective|page-break-inside|page-break-before|page-break-after|padding-top|padding-right|padding-left|padding-bottom|padding|overflow-y|overflow-x|overflow-wrap|overflow|outline-width|outline-style|outline-offset|outline-color|outline|orphans|order|opacity|object-position|object-fit|normal|none|nav-up|nav-right|nav-left|nav-index|nav-down|min-width|min-height|max-width|max-height|mask|marks|margin-top|margin-right|margin-left|margin-bottom|margin|list-style-type|list-style-position|list-style-image|list-style|line-height|letter-spacing|left|justify-content|initial|inherit|ime-mode|image-orientation|image-resolution|image-rendering|icon|hyphens|height|font-weight|font-variant-ligatures|font-variant|font-style|font-stretch|font-size-adjust|font-size|font-language-override|font-kerning|font-feature-settings|font-family|font|float|flex-wrap|flex-shrink|flex-grow|flex-flow|flex-direction|flex-basis|flex|filter|empty-cells|display|direction|cursor|counter-reset|counter-increment|content|column-width|column-span|column-rule-width|column-rule-style|column-rule-color|column-rule|column-gap|column-fill|column-count|columns|color|clip-path|clip|clear|caption-side|break-inside|break-before|break-after|box-sizing|box-shadow|box-decoration-break|bottom|border-width|border-top-width|border-top-style|border-top-right-radius|border-top-left-radius|border-top-color|border-top|border-style|border-spacing|border-right-width|border-right-style|border-right-color|border-right|border-radius|border-left-width|border-left-style|border-left-color|border-left|border-image-width|border-image-source|border-image-slice|border-image-repeat|border-image-outset|border-image|border-color|border-collapse|border-bottom-width|border-bottom-style|border-bottom-right-radius|border-bottom-left-radius|border-bottom-color|border-bottom|border|background-size|background-repeat|background-position|background-origin|background-image|background-color|background-clip|background-attachment|background-blend-mode|background|backface-visibility|auto|animation-timing-function|animation-play-state|animation-name|animation-iteration-count|animation-fill-mode|animation-duration|animation-direction|animation-delay|animation|align-self|align-items|align-content)\\b",illegal:"[^\\s]"},{begin:"\\b(whitespace|wait|w-resize|visible|vertical-text|vertical-ideographic|uppercase|upper-roman|upper-alpha|underline|transparent|top|thin|thick|text|text-top|text-bottom|tb-rl|table-header-group|table-footer-group|sw-resize|super|strict|static|square|solid|small-caps|separate|se-resize|scroll|s-resize|rtl|row-resize|ridge|right|repeat|repeat-y|repeat-x|relative|progress|pointer|overline|outside|outset|oblique|nowrap|not-allowed|normal|none|nw-resize|no-repeat|no-drop|newspaper|ne-resize|n-resize|move|middle|medium|ltr|lr-tb|lowercase|lower-roman|lower-alpha|loose|list-item|line|line-through|line-edge|lighter|left|keep-all|justify|italic|inter-word|inter-ideograph|inside|inset|inline|inline-block|inherit|inactive|ideograph-space|ideograph-parenthesis|ideograph-numeric|ideograph-alpha|horizontal|hidden|help|hand|groove|fixed|ellipsis|e-resize|double|dotted|distribute|distribute-space|distribute-letter|distribute-all-lines|disc|disabled|default|decimal|dashed|crosshair|collapse|col-resize|circle|char|center|capitalize|break-word|break-all|bottom|both|bolder|bold|block|bidi-override|below|baseline|auto|always|all-scroll|absolute|table|table-cell)\\b"},{begin:":",end:";",contains:[t,i,e.CSS_NUMBER_MODE,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,{className:"meta",begin:"!important"}]},{begin:"@(page|font-face)",lexemes:"@[a-z-]+",keywords:"@page @font-face"},{begin:"@",end:"[{;]",returnBegin:!0,keywords:"and or not only",contains:[{begin:"@[a-z-]+",className:"keyword"},t,e.QUOTE_STRING_MODE,e.APOS_STRING_MODE,i,e.CSS_NUMBER_MODE]}]}}}()); -hljs.registerLanguage("shell",function(){"use strict";return function(s){return{name:"Shell Session",aliases:["console"],contains:[{className:"meta",begin:"^\\s{0,3}[/\\w\\d\\[\\]()@-]*[>%$#]",starts:{end:"$",subLanguage:"bash"}}]}}}()); -hljs.registerLanguage("sql",function(){"use strict";return function(e){var t=e.COMMENT("--","$");return{name:"SQL",case_insensitive:!0,illegal:/[<>{}*]/,contains:[{beginKeywords:"begin end start commit rollback savepoint lock alter create drop rename call delete do handler insert load replace select truncate update set show pragma grant merge describe use explain help declare prepare execute deallocate release unlock purge reset change stop analyze cache flush optimize repair kill install uninstall checksum restore check backup revoke comment values with",end:/;/,endsWithParent:!0,keywords:{$pattern:/[\w\.]+/,keyword:"as abort abs absolute acc acce accep accept access accessed accessible account acos action activate add addtime admin administer advanced advise aes_decrypt aes_encrypt after agent aggregate ali alia alias all allocate allow alter always analyze ancillary and anti any anydata anydataset anyschema anytype apply archive archived archivelog are as asc ascii asin assembly assertion associate asynchronous at atan atn2 attr attri attrib attribu attribut attribute attributes audit authenticated authentication authid authors auto autoallocate autodblink autoextend automatic availability avg backup badfile basicfile before begin beginning benchmark between bfile bfile_base big bigfile bin binary_double binary_float binlog bit_and bit_count bit_length bit_or bit_xor bitmap blob_base block blocksize body both bound bucket buffer_cache buffer_pool build bulk by byte byteordermark bytes cache caching call calling cancel capacity cascade cascaded case cast catalog category ceil ceiling chain change changed char_base char_length character_length characters characterset charindex charset charsetform charsetid check checksum checksum_agg child choose chr chunk class cleanup clear client clob clob_base clone close cluster_id cluster_probability cluster_set clustering coalesce coercibility col collate collation collect colu colum column column_value columns columns_updated comment commit compact compatibility compiled complete composite_limit compound compress compute concat concat_ws concurrent confirm conn connec connect connect_by_iscycle connect_by_isleaf connect_by_root connect_time connection consider consistent constant constraint constraints constructor container content contents context contributors controlfile conv convert convert_tz corr corr_k corr_s corresponding corruption cos cost count count_big counted covar_pop covar_samp cpu_per_call cpu_per_session crc32 create creation critical cross cube cume_dist curdate current current_date current_time current_timestamp current_user cursor curtime customdatum cycle data database databases datafile datafiles datalength date_add date_cache date_format date_sub dateadd datediff datefromparts datename datepart datetime2fromparts day day_to_second dayname dayofmonth dayofweek dayofyear days db_role_change dbtimezone ddl deallocate declare decode decompose decrement decrypt deduplicate def defa defau defaul default defaults deferred defi defin define degrees delayed delegate delete delete_all delimited demand dense_rank depth dequeue des_decrypt des_encrypt des_key_file desc descr descri describ describe descriptor deterministic diagnostics difference dimension direct_load directory disable disable_all disallow disassociate discardfile disconnect diskgroup distinct distinctrow distribute distributed div do document domain dotnet double downgrade drop dumpfile duplicate duration each edition editionable editions element ellipsis else elsif elt empty enable enable_all enclosed encode encoding encrypt end end-exec endian enforced engine engines enqueue enterprise entityescaping eomonth error errors escaped evalname evaluate event eventdata events except exception exceptions exchange exclude excluding execu execut execute exempt exists exit exp expire explain explode export export_set extended extent external external_1 external_2 externally extract failed failed_login_attempts failover failure far fast feature_set feature_value fetch field fields file file_name_convert filesystem_like_logging final finish first first_value fixed flash_cache flashback floor flush following follows for forall force foreign form forma format found found_rows freelist freelists freepools fresh from from_base64 from_days ftp full function general generated get get_format get_lock getdate getutcdate global global_name globally go goto grant grants greatest group group_concat group_id grouping grouping_id groups gtid_subtract guarantee guard handler hash hashkeys having hea head headi headin heading heap help hex hierarchy high high_priority hosts hour hours http id ident_current ident_incr ident_seed identified identity idle_time if ifnull ignore iif ilike ilm immediate import in include including increment index indexes indexing indextype indicator indices inet6_aton inet6_ntoa inet_aton inet_ntoa infile initial initialized initially initrans inmemory inner innodb input insert install instance instantiable instr interface interleaved intersect into invalidate invisible is is_free_lock is_ipv4 is_ipv4_compat is_not is_not_null is_used_lock isdate isnull isolation iterate java join json json_exists keep keep_duplicates key keys kill language large last last_day last_insert_id last_value lateral lax lcase lead leading least leaves left len lenght length less level levels library like like2 like4 likec limit lines link list listagg little ln load load_file lob lobs local localtime localtimestamp locate locator lock locked log log10 log2 logfile logfiles logging logical logical_reads_per_call logoff logon logs long loop low low_priority lower lpad lrtrim ltrim main make_set makedate maketime managed management manual map mapping mask master master_pos_wait match matched materialized max maxextents maximize maxinstances maxlen maxlogfiles maxloghistory maxlogmembers maxsize maxtrans md5 measures median medium member memcompress memory merge microsecond mid migration min minextents minimum mining minus minute minutes minvalue missing mod mode model modification modify module monitoring month months mount move movement multiset mutex name name_const names nan national native natural nav nchar nclob nested never new newline next nextval no no_write_to_binlog noarchivelog noaudit nobadfile nocheck nocompress nocopy nocycle nodelay nodiscardfile noentityescaping noguarantee nokeep nologfile nomapping nomaxvalue nominimize nominvalue nomonitoring none noneditionable nonschema noorder nopr nopro noprom nopromp noprompt norely noresetlogs noreverse normal norowdependencies noschemacheck noswitch not nothing notice notnull notrim novalidate now nowait nth_value nullif nulls num numb numbe nvarchar nvarchar2 object ocicoll ocidate ocidatetime ociduration ociinterval ociloblocator ocinumber ociref ocirefcursor ocirowid ocistring ocitype oct octet_length of off offline offset oid oidindex old on online only opaque open operations operator optimal optimize option optionally or oracle oracle_date oradata ord ordaudio orddicom orddoc order ordimage ordinality ordvideo organization orlany orlvary out outer outfile outline output over overflow overriding package pad parallel parallel_enable parameters parent parse partial partition partitions pascal passing password password_grace_time password_lock_time password_reuse_max password_reuse_time password_verify_function patch path patindex pctincrease pctthreshold pctused pctversion percent percent_rank percentile_cont percentile_disc performance period period_add period_diff permanent physical pi pipe pipelined pivot pluggable plugin policy position post_transaction pow power pragma prebuilt precedes preceding precision prediction prediction_cost prediction_details prediction_probability prediction_set prepare present preserve prior priority private private_sga privileges procedural procedure procedure_analyze processlist profiles project prompt protection public publishingservername purge quarter query quick quiesce quota quotename radians raise rand range rank raw read reads readsize rebuild record records recover recovery recursive recycle redo reduced ref reference referenced references referencing refresh regexp_like register regr_avgx regr_avgy regr_count regr_intercept regr_r2 regr_slope regr_sxx regr_sxy reject rekey relational relative relaylog release release_lock relies_on relocate rely rem remainder rename repair repeat replace replicate replication required reset resetlogs resize resource respect restore restricted result result_cache resumable resume retention return returning returns reuse reverse revoke right rlike role roles rollback rolling rollup round row row_count rowdependencies rowid rownum rows rtrim rules safe salt sample save savepoint sb1 sb2 sb4 scan schema schemacheck scn scope scroll sdo_georaster sdo_topo_geometry search sec_to_time second seconds section securefile security seed segment select self semi sequence sequential serializable server servererror session session_user sessions_per_user set sets settings sha sha1 sha2 share shared shared_pool short show shrink shutdown si_averagecolor si_colorhistogram si_featurelist si_positionalcolor si_stillimage si_texture siblings sid sign sin size size_t sizes skip slave sleep smalldatetimefromparts smallfile snapshot some soname sort soundex source space sparse spfile split sql sql_big_result sql_buffer_result sql_cache sql_calc_found_rows sql_small_result sql_variant_property sqlcode sqldata sqlerror sqlname sqlstate sqrt square standalone standby start starting startup statement static statistics stats_binomial_test stats_crosstab stats_ks_test stats_mode stats_mw_test stats_one_way_anova stats_t_test_ stats_t_test_indep stats_t_test_one stats_t_test_paired stats_wsr_test status std stddev stddev_pop stddev_samp stdev stop storage store stored str str_to_date straight_join strcmp strict string struct stuff style subdate subpartition subpartitions substitutable substr substring subtime subtring_index subtype success sum suspend switch switchoffset switchover sync synchronous synonym sys sys_xmlagg sysasm sysaux sysdate sysdatetimeoffset sysdba sysoper system system_user sysutcdatetime table tables tablespace tablesample tan tdo template temporary terminated tertiary_weights test than then thread through tier ties time time_format time_zone timediff timefromparts timeout timestamp timestampadd timestampdiff timezone_abbr timezone_minute timezone_region to to_base64 to_date to_days to_seconds todatetimeoffset trace tracking transaction transactional translate translation treat trigger trigger_nestlevel triggers trim truncate try_cast try_convert try_parse type ub1 ub2 ub4 ucase unarchived unbounded uncompress under undo unhex unicode uniform uninstall union unique unix_timestamp unknown unlimited unlock unnest unpivot unrecoverable unsafe unsigned until untrusted unusable unused update updated upgrade upped upper upsert url urowid usable usage use use_stored_outlines user user_data user_resources users using utc_date utc_timestamp uuid uuid_short validate validate_password_strength validation valist value values var var_samp varcharc vari varia variab variabl variable variables variance varp varraw varrawc varray verify version versions view virtual visible void wait wallet warning warnings week weekday weekofyear wellformed when whene whenev wheneve whenever where while whitespace window with within without work wrapped xdb xml xmlagg xmlattributes xmlcast xmlcolattval xmlelement xmlexists xmlforest xmlindex xmlnamespaces xmlpi xmlquery xmlroot xmlschema xmlserialize xmltable xmltype xor year year_to_month years yearweek",literal:"true false null unknown",built_in:"array bigint binary bit blob bool boolean char character date dec decimal float int int8 integer interval number numeric real record serial serial8 smallint text time timestamp tinyint varchar varchar2 varying void"},contains:[{className:"string",begin:"'",end:"'",contains:[{begin:"''"}]},{className:"string",begin:'"',end:'"',contains:[{begin:'""'}]},{className:"string",begin:"`",end:"`"},e.C_NUMBER_MODE,e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]},e.C_BLOCK_COMMENT_MODE,t,e.HASH_COMMENT_MODE]}}}()); -hljs.registerLanguage("swift",function(){"use strict";return function(e){var i={keyword:"#available #colorLiteral #column #else #elseif #endif #file #fileLiteral #function #if #imageLiteral #line #selector #sourceLocation _ __COLUMN__ __FILE__ __FUNCTION__ __LINE__ Any as as! as? associatedtype associativity break case catch class continue convenience default defer deinit didSet do dynamic dynamicType else enum extension fallthrough false fileprivate final for func get guard if import in indirect infix init inout internal is lazy left let mutating nil none nonmutating open operator optional override postfix precedence prefix private protocol Protocol public repeat required rethrows return right self Self set static struct subscript super switch throw throws true try try! try? Type typealias unowned var weak where while willSet",literal:"true false nil",built_in:"abs advance alignof alignofValue anyGenerator assert assertionFailure bridgeFromObjectiveC bridgeFromObjectiveCUnconditional bridgeToObjectiveC bridgeToObjectiveCUnconditional c compactMap contains count countElements countLeadingZeros debugPrint debugPrintln distance dropFirst dropLast dump encodeBitsAsWords enumerate equal fatalError filter find getBridgedObjectiveCType getVaList indices insertionSort isBridgedToObjectiveC isBridgedVerbatimToObjectiveC isUniquelyReferenced isUniquelyReferencedNonObjC join lazy lexicographicalCompare map max maxElement min minElement numericCast overlaps partition posix precondition preconditionFailure print println quickSort readLine reduce reflect reinterpretCast reverse roundUpToAlignment sizeof sizeofValue sort split startsWith stride strideof strideofValue swap toString transcode underestimateCount unsafeAddressOf unsafeBitCast unsafeDowncast unsafeUnwrap unsafeReflect withExtendedLifetime withObjectAtPlusZero withUnsafePointer withUnsafePointerToObject withUnsafeMutablePointer withUnsafeMutablePointers withUnsafePointer withUnsafePointers withVaList zip"},n=e.COMMENT("/\\*","\\*/",{contains:["self"]}),t={className:"subst",begin:/\\\(/,end:"\\)",keywords:i,contains:[]},a={className:"string",contains:[e.BACKSLASH_ESCAPE,t],variants:[{begin:/"""/,end:/"""/},{begin:/"/,end:/"/}]},r={className:"number",begin:"\\b([\\d_]+(\\.[\\deE_]+)?|0x[a-fA-F0-9_]+(\\.[a-fA-F0-9p_]+)?|0b[01_]+|0o[0-7_]+)\\b",relevance:0};return t.contains=[r],{name:"Swift",keywords:i,contains:[a,e.C_LINE_COMMENT_MODE,n,{className:"type",begin:"\\b[A-Z][\\wÀ-ʸ']*[!?]"},{className:"type",begin:"\\b[A-Z][\\wÀ-ʸ']*",relevance:0},r,{className:"function",beginKeywords:"func",end:"{",excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][0-9A-Za-z$_]*/}),{begin://},{className:"params",begin:/\(/,end:/\)/,endsParent:!0,keywords:i,contains:["self",r,a,e.C_BLOCK_COMMENT_MODE,{begin:":"}],illegal:/["']/}],illegal:/\[|%/},{className:"class",beginKeywords:"struct protocol class extension enum",keywords:i,end:"\\{",excludeEnd:!0,contains:[e.inherit(e.TITLE_MODE,{begin:/[A-Za-z$_][\u00C0-\u02B80-9A-Za-z$_]*/})]},{className:"meta",begin:"(@discardableResult|@warn_unused_result|@exported|@lazy|@noescape|@NSCopying|@NSManaged|@objc|@objcMembers|@convention|@required|@noreturn|@IBAction|@IBDesignable|@IBInspectable|@IBOutlet|@infix|@prefix|@postfix|@autoclosure|@testable|@available|@nonobjc|@NSApplicationMain|@UIApplicationMain|@dynamicMemberLookup|@propertyWrapper)\\b"},{beginKeywords:"import",end:/$/,contains:[e.C_LINE_COMMENT_MODE,n]}]}}}()); -hljs.registerLanguage("typescript",function(){"use strict";const e=["as","in","of","if","for","while","finally","var","new","function","do","return","void","else","break","catch","instanceof","with","throw","case","default","try","switch","continue","typeof","delete","let","yield","const","class","debugger","async","await","static","import","from","export","extends"],n=["true","false","null","undefined","NaN","Infinity"],a=[].concat(["setInterval","setTimeout","clearInterval","clearTimeout","require","exports","eval","isFinite","isNaN","parseFloat","parseInt","decodeURI","decodeURIComponent","encodeURI","encodeURIComponent","escape","unescape"],["arguments","this","super","console","window","document","localStorage","module","global"],["Intl","DataView","Number","Math","Date","String","RegExp","Object","Function","Boolean","Error","Symbol","Set","Map","WeakSet","WeakMap","Proxy","Reflect","JSON","Promise","Float64Array","Int16Array","Int32Array","Int8Array","Uint16Array","Uint32Array","Float32Array","Array","Uint8Array","Uint8ClampedArray","ArrayBuffer"],["EvalError","InternalError","RangeError","ReferenceError","SyntaxError","TypeError","URIError"]);return function(r){var t={$pattern:"[A-Za-z$_][0-9A-Za-z$_]*",keyword:e.concat(["type","namespace","typedef","interface","public","private","protected","implements","declare","abstract","readonly"]).join(" "),literal:n.join(" "),built_in:a.concat(["any","void","number","boolean","string","object","never","enum"]).join(" ")},s={className:"meta",begin:"@[A-Za-z$_][0-9A-Za-z$_]*"},i={className:"number",variants:[{begin:"\\b(0[bB][01]+)n?"},{begin:"\\b(0[oO][0-7]+)n?"},{begin:r.C_NUMBER_RE+"n?"}],relevance:0},o={className:"subst",begin:"\\$\\{",end:"\\}",keywords:t,contains:[]},c={begin:"html`",end:"",starts:{end:"`",returnEnd:!1,contains:[r.BACKSLASH_ESCAPE,o],subLanguage:"xml"}},l={begin:"css`",end:"",starts:{end:"`",returnEnd:!1,contains:[r.BACKSLASH_ESCAPE,o],subLanguage:"css"}},E={className:"string",begin:"`",end:"`",contains:[r.BACKSLASH_ESCAPE,o]};o.contains=[r.APOS_STRING_MODE,r.QUOTE_STRING_MODE,c,l,E,i,r.REGEXP_MODE];var d={begin:"\\(",end:/\)/,keywords:t,contains:["self",r.QUOTE_STRING_MODE,r.APOS_STRING_MODE,r.NUMBER_MODE]},u={className:"params",begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:t,contains:[r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,s,d]};return{name:"TypeScript",aliases:["ts"],keywords:t,contains:[r.SHEBANG(),{className:"meta",begin:/^\s*['"]use strict['"]/},r.APOS_STRING_MODE,r.QUOTE_STRING_MODE,c,l,E,r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,i,{begin:"("+r.RE_STARTERS_RE+"|\\b(case|return|throw)\\b)\\s*",keywords:"return throw case",contains:[r.C_LINE_COMMENT_MODE,r.C_BLOCK_COMMENT_MODE,r.REGEXP_MODE,{className:"function",begin:"(\\([^(]*(\\([^(]*(\\([^(]*\\))?\\))?\\)|"+r.UNDERSCORE_IDENT_RE+")\\s*=>",returnBegin:!0,end:"\\s*=>",contains:[{className:"params",variants:[{begin:r.UNDERSCORE_IDENT_RE},{className:null,begin:/\(\s*\)/,skip:!0},{begin:/\(/,end:/\)/,excludeBegin:!0,excludeEnd:!0,keywords:t,contains:d.contains}]}]}],relevance:0},{className:"function",beginKeywords:"function",end:/[\{;]/,excludeEnd:!0,keywords:t,contains:["self",r.inherit(r.TITLE_MODE,{begin:"[A-Za-z$_][0-9A-Za-z$_]*"}),u],illegal:/%/,relevance:0},{beginKeywords:"constructor",end:/[\{;]/,excludeEnd:!0,contains:["self",u]},{begin:/module\./,keywords:{built_in:"module"},relevance:0},{beginKeywords:"module",end:/\{/,excludeEnd:!0},{beginKeywords:"interface",end:/\{/,excludeEnd:!0,keywords:"interface extends"},{begin:/\$[(.]/},{begin:"\\."+r.IDENT_RE,relevance:0},s,d]}}}()); -hljs.registerLanguage("yaml",function(){"use strict";return function(e){var n="true false yes no null",a="[\\w#;/?:@&=+$,.~*\\'()[\\]]+",s={className:"string",relevance:0,variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/\S+/}],contains:[e.BACKSLASH_ESCAPE,{className:"template-variable",variants:[{begin:"{{",end:"}}"},{begin:"%{",end:"}"}]}]},i=e.inherit(s,{variants:[{begin:/'/,end:/'/},{begin:/"/,end:/"/},{begin:/[^\s,{}[\]]+/}]}),l={end:",",endsWithParent:!0,excludeEnd:!0,contains:[],keywords:n,relevance:0},t={begin:"{",end:"}",contains:[l],illegal:"\\n",relevance:0},g={begin:"\\[",end:"\\]",contains:[l],illegal:"\\n",relevance:0},b=[{className:"attr",variants:[{begin:"\\w[\\w :\\/.-]*:(?=[ \t]|$)"},{begin:'"\\w[\\w :\\/.-]*":(?=[ \t]|$)'},{begin:"'\\w[\\w :\\/.-]*':(?=[ \t]|$)"}]},{className:"meta",begin:"^---s*$",relevance:10},{className:"string",begin:"[\\|>]([0-9]?[+-])?[ ]*\\n( *)[\\S ]+\\n(\\2[\\S ]+\\n?)*"},{begin:"<%[%=-]?",end:"[%-]?%>",subLanguage:"ruby",excludeBegin:!0,excludeEnd:!0,relevance:0},{className:"type",begin:"!\\w+!"+a},{className:"type",begin:"!<"+a+">"},{className:"type",begin:"!"+a},{className:"type",begin:"!!"+a},{className:"meta",begin:"&"+e.UNDERSCORE_IDENT_RE+"$"},{className:"meta",begin:"\\*"+e.UNDERSCORE_IDENT_RE+"$"},{className:"bullet",begin:"\\-(?=[ ]|$)",relevance:0},e.HASH_COMMENT_MODE,{beginKeywords:n,keywords:{literal:n}},{className:"number",begin:"\\b[0-9]{4}(-[0-9][0-9]){0,2}([Tt \\t][0-9][0-9]?(:[0-9][0-9]){2})?(\\.[0-9]*)?([ \\t])*(Z|[-+][0-9][0-9]?(:[0-9][0-9])?)?\\b"},{className:"number",begin:e.C_NUMBER_RE+"\\b"},t,g,s],c=[...b];return c.pop(),c.push(i),l.contains=c,{name:"YAML",case_insensitive:!0,aliases:["yml","YAML"],contains:b}}}()); \ No newline at end of file diff --git a/categories/index.html b/categories/index.html index d16cf36..3b6e4f9 100644 --- a/categories/index.html +++ b/categories/index.html @@ -1,4 +1,6 @@ -Categories | Virtualzone Blog

                                                Categories

                                                  © 2023 Heiner Beck. +Categories | Virtualzone Blog +

                                                  Categories

                                                    \ No newline at end of file + PaperMod
                                                    + \ No newline at end of file diff --git a/categories/index.xml b/categories/index.xml index 6b35c42..955eaf0 100644 --- a/categories/index.xml +++ b/categories/index.xml @@ -6,6 +6,7 @@ Recent content in Categories on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. + &copy; 2024 Heiner Beck. + diff --git a/contact/index.html b/contact/index.html index f367ba2..31d75a2 100644 --- a/contact/index.html +++ b/contact/index.html @@ -1,23 +1,21 @@ -Contact | Virtualzone BlogContact | Virtualzone Blog + -
                                                    Home

                                                    Contact

                                                    Heiner

                                                    Heiner Beck
                                                    Wilhelm-Busch-Str. 59
                                                    60431 Frankfurt am Main
                                                    Germany

                                                    Email: mail@virtualzone.de

                                                    Limitation of liability for internal content

                                                    The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.

                                                    Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.

                                                    The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.

                                                    Data protection

                                                    Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval. +Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws.">

                                                    Home

                                                    Contact

                                                    Heiner

                                                    Heiner Beck
                                                    Karl-Herbert-Scheer-Str. 6
                                                    61381 Friedrichsdorf
                                                    Germany

                                                    Email: mail@virtualzone.de

                                                    Limitation of liability for internal content

                                                    The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. However, pursuant to sections 8 to 10 of the TMG, we as service providers are not under obligation to monitor external information provided or stored on our website. Once we have become aware of a specific infringement of the law, we will immediately remove the content in question. Any liability concerning this matter can only be assumed from the point in time at which the infringement becomes known to us.

                                                    Our website contains links to the websites of third parties (“external links”). As the content of these websites is not under our control, we cannot assume any liability for such external content. In all cases, the provider of information of the linked websites is liable for the content and accuracy of the information provided. At the point in time when the links were placed, no infringements of the law were recognisable to us. As soon as an infringement of the law becomes known to us, we will immediately remove the link in question.

                                                    The content and works published on this website are governed by the copyright laws of Germany. Any duplication, processing, distribution or any form of utilisation beyond the scope of copyright law shall require the prior written consent of the author or authors in question.

                                                    Data protection

                                                    Using our website is possible without entering any personal data in most cases. As far as your personal information are required (such as your name, address or email addresses), this is on a voluntary basis to the extend possible. These information will not be transferred to any third parties without your approval. Please note that communicating via the internet (such as communication by email) may be harmed by security flaws. A complete protection of data from the access through third parties is not possible. We contradict the usage of the contact information published on this website for promotional purposes. -Please read our privacy policy for information about how we protect your personal information.

                                                    Website Impressum erstellt durch impressum-generator.de von der Kanzlei Hasselbach.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/index.html b/index.html index 8857eff..8264566 100644 --- a/index.html +++ b/index.html @@ -1,18 +1,21 @@ -Virtualzone Blog
                                                        Seatsurfing

                                                        Seatsurfing

                                                        Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                                        Visit seatsurfing.app -

                                                        Compose Updater

                                                        Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                                        GitHub Project -

                                                        OneDrive Uploader

                                                        Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                                        GitHub Project -

                                                        Go-hole

                                                        Minimalistic DNS server which serves as an upstream proxy and ad blocker, optimized for high performance.

                                                        GitHub Project -

                                                        Go-hole: A minimalistic DNS proxy and and blocker

                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. +Virtualzone Blog +

                                                        Seatsurfing

                                                        Seatsurfing

                                                        Seatsurfing is an open source solution for free seating and co-working in your organisation. It features mobile apps for iOS and Android, an easy-to-use web booking interface and an App for Atlassian Confluence.

                                                        Visit seatsurfing.app +

                                                        Compose Updater

                                                        Automatically check for image updates and restart Docker containers automatically when using Docker Compose.

                                                        GitHub Project +

                                                        OneDrive Uploader

                                                        Command line interface (CLI) and SDK for uploading files to OneDrive. Supports "special folders" (such as App Folder / App Root).

                                                        GitHub Project +

                                                        chargebot.io

                                                        Charge your Tesla from solar power or when dynamic grid prices are low. It works with any wallbox and with any solar power inverter.

                                                        Visit chargebot.io +

                                                        Go-hole: A minimalistic DNS proxy and and blocker

                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. -However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                        February 5, 2023 · 4 min · 703 words · Heiner

                                                        OpenRC Script for 'podman kube play'

                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                        October 26, 2022 · 3 min · 483 words · Heiner

                                                        Connecting multiple networks to a Podman container

                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                        February 5, 2023 · 4 min · 703 words · Heiner

                                                        OpenRC Script for 'podman kube play'

                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                        October 26, 2022 · 3 min · 483 words · Heiner

                                                        Connecting multiple networks to a Podman container

                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: -$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                        October 16, 2022 · 2 min · 274 words · Heiner

                                                        Setting up Alpine Linux with Podman

                                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                                        June 25, 2022 · 4 min · 852 words · Heiner

                                                        Setting up Alpine Linux with Rootless Docker

                                                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. -However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                        June 19, 2022 · 3 min · 479 words · Heiner

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        Back up server to OneDrive’s special App Folder

                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                        September 2, 2021 · 4 min · 682 words · Heiner

                                                        Unifi USG: Multiple IP addresses on PPPoE

                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                        August 16, 2021 · 2 min · 353 words · Heiner

                                                        Raspberry Pi OS: Remove unnecessary packages

                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                        June 7, 2020 · 1 min · 161 words · Heiner

                                                        Analyze Traefik access log using InfluxDB and Grafana

                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                        October 16, 2022 · 2 min · 274 words · Heiner

                                                        Setting up Alpine Linux with Podman

                                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +Podman was initially developed by RedHat and is available as an open source project....

                                                        June 25, 2022 · 4 min · 852 words · Heiner

                                                        Setting up Alpine Linux with Rootless Docker

                                                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                        June 19, 2022 · 3 min · 479 words · Heiner

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        Back up server to OneDrive’s special App Folder

                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                        September 2, 2021 · 4 min · 682 words · Heiner

                                                        Unifi USG: Multiple IP addresses on PPPoE

                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                        August 16, 2021 · 2 min · 353 words · Heiner

                                                        Raspberry Pi OS: Remove unnecessary packages

                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                        June 7, 2020 · 1 min · 161 words · Heiner

                                                        Analyze Traefik access log using InfluxDB and Grafana

                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                        June 3, 2020 · 2 min · 373 words · Heiner
                                                        © 2023 Heiner Beck. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                        June 3, 2020 · 2 min · 373 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/index.xml b/index.xml index 2c33be4..f7c1cf0 100644 --- a/index.xml +++ b/index.xml @@ -6,279 +6,225 @@ Recent content on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 05 Feb 2023 06:00:00 +0000 + &copy; 2024 Heiner Beck. + Sun, 05 Feb 2023 06:00:00 +0000 + Go-hole: A minimalistic DNS proxy and and blocker https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. - OpenRC Script for 'podman kube play' https://virtualzone.de/posts/openrc-podman-kube-play/ Wed, 26 Oct 2022 15:00:00 +0000 - https://virtualzone.de/posts/openrc-podman-kube-play/ In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. - Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ Sun, 16 Oct 2022 17:00:00 +0000 - https://virtualzone.de/posts/podman-multiple-networks/ I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: - Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ Sat, 25 Jun 2022 18:00:00 +0000 - https://virtualzone.de/posts/alpine-podman/ Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project. - Setting up Alpine Linux with Rootless Docker https://virtualzone.de/posts/alpine-docker-rootless/ Sun, 19 Jun 2022 15:00:00 +0000 - https://virtualzone.de/posts/alpine-docker-rootless/ As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux. - Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing https://virtualzone.de/posts/k3s-glusterfs/ Fri, 03 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/k3s-glusterfs/ I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. - Back up server to OneDrive’s special App Folder https://virtualzone.de/posts/onedrive-upload-backup/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/onedrive-upload-backup/ I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. - Unifi USG: Multiple IP addresses on PPPoE https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ Mon, 16 Aug 2021 11:30:03 +0000 - https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE. - Raspberry Pi OS: Remove unnecessary packages https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Sun, 07 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands. - Analyze Traefik access log using InfluxDB and Grafana https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Wed, 03 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin. - Export trainings from Endomondo as GPX files https://virtualzone.de/posts/endomono-export-gpx/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/endomono-export-gpx/ I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost. - Native USB boot for Raspberry Pi 4 https://virtualzone.de/posts/usb-boot-raspberry-pi/ Thu, 28 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/usb-boot-raspberry-pi/ Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. - Build Multi-Arch images on Docker Hub (Part 2) https://virtualzone.de/posts/multi-arch-docker-images-2/ Sat, 16 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-2/ Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. - Build Multi-Arch images on Docker Hub (Part 1) https://virtualzone.de/posts/multi-arch-docker-images-1/ Fri, 15 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-1/ Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. - How to let Jenkins build Docker images https://virtualzone.de/posts/jenkins-build-docker-images/ Sun, 11 Jun 2017 11:30:03 +0000 - https://virtualzone.de/posts/jenkins-build-docker-images/ If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. - Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. - Creating an encrypted file container on macOS https://virtualzone.de/posts/encrypted-file-container-macos/ Tue, 06 Dec 2016 11:30:03 +0000 - https://virtualzone.de/posts/encrypted-file-container-macos/ Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. - UptimeRobot: A nice free website monitoring service https://virtualzone.de/posts/uptime-robot-website-monitoring/ Mon, 05 Sep 2016 11:30:03 +0000 - https://virtualzone.de/posts/uptime-robot-website-monitoring/ Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). - Fix Docker not using /etc/hosts on MacOS https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. - From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. - How to reduce PDF file size in Linux - Part 2 https://virtualzone.de/posts/reduce-pdf-file-size-2/ Sat, 15 Aug 2015 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size-2/ Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: - How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT https://virtualzone.de/posts/ipv6-on-a-sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/posts/ipv6-on-a-sonicwall/ IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. - How to reduce PDF file size in Linux https://virtualzone.de/posts/reduce-pdf-file-size/ Wed, 21 Nov 2012 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size/ Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. - Determining a location’s federal state using Google Maps API https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ Fri, 10 Aug 2012 11:30:03 +0000 - https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). - Contact https://virtualzone.de/contact/ Mon, 01 Jan 0001 00:00:00 +0000 - https://virtualzone.de/contact/ Heiner Beck -Wilhelm-Busch-Str. 59 -60431 Frankfurt am Main -Germany +Karl-Herbert-Scheer-Str. 6 +61381 Friedrichsdorf Germany Email: mail@virtualzone.de Limitation of liability for internal content The content of our website has been compiled with meticulous care and to the best of our knowledge. However, we cannot assume any liability for the up-to-dateness, completeness or accuracy of any of the pages. Pursuant to section 7, para. 1 of the TMG (Telemediengesetz – Tele Media Act by German law), we as service providers are liable for our own content on these pages in accordance with general laws. - Privacy Policy https://virtualzone.de/privacy-policy/ Mon, 01 Jan 0001 00:00:00 +0000 - https://virtualzone.de/privacy-policy/ - We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have. + We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of this website have. Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible. Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties. - diff --git a/page/1/index.html b/page/1/index.html index a59d8dc..e1dd332 100644 --- a/page/1/index.html +++ b/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/ \ No newline at end of file +https://virtualzone.de/ + \ No newline at end of file diff --git a/page/2/index.html b/page/2/index.html index e2ad3be..8e005df 100644 --- a/page/2/index.html +++ b/page/2/index.html @@ -1,12 +1,14 @@ -Virtualzone Blog

                                                        Export trainings from Endomondo as GPX files

                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                        June 1, 2020 · 2 min · 341 words · Heiner

                                                        Native USB boot for Raspberry Pi 4

                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                        May 28, 2020 · 2 min · 404 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. -Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 1)

                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                        May 15, 2020 · 3 min · 502 words · Heiner

                                                        How to let Jenkins build Docker images

                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. -So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                        June 11, 2017 · 2 min · 370 words · Heiner

                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Virtualzone Blog +

                                                        Export trainings from Endomondo as GPX files

                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                        June 1, 2020 · 2 min · 341 words · Heiner

                                                        Native USB boot for Raspberry Pi 4

                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                        May 28, 2020 · 2 min · 404 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 1)

                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                        May 15, 2020 · 3 min · 502 words · Heiner

                                                        How to let Jenkins build Docker images

                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                        June 11, 2017 · 2 min · 370 words · Heiner

                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                        February 11, 2017 · 2 min · 287 words · Heiner

                                                        Creating an encrypted file container on macOS

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        UptimeRobot: A nice free website monitoring service

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Fix Docker not using /etc/hosts on MacOS

                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                        February 11, 2017 · 2 min · 287 words · Heiner

                                                        Creating an encrypted file container on macOS

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        UptimeRobot: A nice free website monitoring service

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Fix Docker not using /etc/hosts on MacOS

                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                        August 28, 2016 · 1 min · 163 words · Heiner

                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                                        © 2023 Heiner Beck. +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                        August 28, 2016 · 1 min · 163 words · Heiner

                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/page/3/index.html b/page/3/index.html index 92b4356..e3c1b6b 100644 --- a/page/3/index.html +++ b/page/3/index.html @@ -1,9 +1,11 @@ -Virtualzone Blog

                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                        August 27, 2016 · 2 min · 255 words · Heiner

                                                        How to reduce PDF file size in Linux - Part 2

                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                        August 15, 2015 · 1 min · 75 words · Heiner

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        How to reduce PDF file size in Linux

                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +Virtualzone Blog +

                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                        August 27, 2016 · 2 min · 255 words · Heiner

                                                        How to reduce PDF file size in Linux - Part 2

                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                        August 15, 2015 · 1 min · 75 words · Heiner

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        How to reduce PDF file size in Linux

                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                        November 21, 2012 · 1 min · 98 words · Heiner

                                                        Determining a location’s federal state using Google Maps API

                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                        August 10, 2012 · 1 min · 162 words · Heiner
                                                        © 2023 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                        November 21, 2012 · 1 min · 98 words · Heiner

                                                        Determining a location’s federal state using Google Maps API

                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                        August 10, 2012 · 1 min · 162 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/alpine-docker-rootless/index.html b/posts/alpine-docker-rootless/index.html index 7398120..89a58b5 100644 --- a/posts/alpine-docker-rootless/index.html +++ b/posts/alpine-docker-rootless/index.html @@ -1,8 +1,8 @@ -Setting up Alpine Linux with Rootless Docker | Virtualzone Blog -Setting up Alpine Linux with Rootless Docker | Virtualzone Blog +
                                                        Home » Posts

                                                        Setting up Alpine Linux with Rootless Docker

                                                        June 19, 2022 · 3 min · 479 words · Heiner

                                                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.

                                                        However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.

                                                        Download and install Alpine

                                                        First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                                                        1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                                        2. Boot system from ISO and run:
                                                          # setup-alpine
+However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.">
                                                          Home » Posts
                                                          Setting up Alpine Linux with Rootless Docker
                                                          June 19, 2022 · 3 min · 479 words · Heiner
                                                          As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon.
                                                          However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux.
                                                          Download and install Alpine
                                                          First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                                          1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                                          2. Boot system from ISO and run:
                                                            # setup-alpine
 
                                                          3. Reboot and install the nano edit:
                                                            # apk add nano
 
                                                          4. Enable community repository in the following file:
                                                            # nano /etc/apk/repositories
 
                                                          5. Update the index of available package:
                                                            # apk update
@@ -44,8 +44,9 @@
 
                                                          6. Log out and log in again.
                                                          7. Check if Docker Rootless works:
                                                            $ docker ps
 $ docker run --rm hello-world
 
                                                          Allow ports < 1024 (optional)
                                                          By default, only ports >= 1024 can be exposed by non-root users. To change this, change the minimum unprivileged port in /etc/sysctl.conf:
                                                          # echo "net.ipv4.ip_unprivileged_port_start=80" >> /etc/sysctl.conf
-
                                                          © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/alpine-podman/index.html b/posts/alpine-podman/index.html index 114e924..0a845f5 100644 --- a/posts/alpine-podman/index.html +++ b/posts/alpine-podman/index.html @@ -1,8 +1,8 @@ -Setting up Alpine Linux with Podman | Virtualzone Blog -Setting up Alpine Linux with Podman | Virtualzone Blog +
                                                        Home » Posts

                                                        Setting up Alpine Linux with Podman

                                                        June 25, 2022 · 4 min · 852 words · Heiner

                                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.

                                                        Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.

                                                        In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.

                                                        Download and install Alpine

                                                        First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.

                                                        1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                                        2. Boot system from ISO and run:
                                                          # setup-alpine
+Podman was initially developed by RedHat and is available as an open source project.">
                                                          Home » Posts
                                                          Setting up Alpine Linux with Podman
                                                          June 25, 2022 · 4 min · 852 words · Heiner
                                                          Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman.
                                                          Podman was initially developed by RedHat and is available as an open source project. You can run your well known Docker images from Docker Hub and other registries without any changes. This is due to the fact that both Docker and Podman are compatible with Open Container Initiative (OCI) images.
                                                          In my tests, Podman had a signicantly smaller memory footprint. From my point of view, it seems perfectly suitable for low power machines. However, it comes without a daemon, so you’ll have to set up some init scripts in order to restart your containers when your system reboots. I’ll cover this at the end of this article.
                                                          Download and install Alpine
                                                          First, we’ll download the Alpine Linux ISO image and install the OS. We’ll then enable the community repository as it contains packages we’ll need to set up Docker in non-root mode.
                                                          1. Get Alpine Linux ISO from: https://www.alpinelinux.org/downloads/
                                                          2. Boot system from ISO and run:
                                                            # setup-alpine
 
                                                          3. Reboot and install the nano edit:
                                                            # apk add nano
 
                                                          4. Enable community repository in the following file:
                                                            # nano /etc/apk/repositories
 
                                                          5. Update the index of available package:
                                                            # apk update
@@ -63,8 +63,9 @@
 source "/home/${command_user}/pods/init.d/pod"
                                                        3. Create a symlink in /etc/init.d/:
                                                          # cd /etc/init.d && ln -s /home/<user>/pods/pod-traefik
                                                        4. Use rc-update to the add your OpenRC Pod init script to the default runlevel:
                                                          # rc-update add pod-traefik
-

                                                        Update: I’ve improved the OpenRC scripts. Please read the corresponding blog post.

                                                        © 2023 Heiner Beck. +

                                                        Update: I’ve improved the OpenRC scripts. Please read the corresponding blog post.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html index 7d44ea5..8edae20 100644 --- a/posts/determining-a-locations-federal-state-using-google-maps-api/index.html +++ b/posts/determining-a-locations-federal-state-using-google-maps-api/index.html @@ -1,8 +1,8 @@ -Determining a location’s federal state using Google Maps API | Virtualzone Blog -Determining a location’s federal state using Google Maps API | Virtualzone Blog +
                                                        Home » Posts

                                                        Determining a location’s federal state using Google Maps API

                                                        August 10, 2012 · 1 min · 162 words · Heiner

                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:

                                                        function log(s) {
+function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location').">
                                                        Home » Posts
                                                        Determining a location’s federal state using Google Maps API
                                                        August 10, 2012 · 1 min · 162 words · Heiner
                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet:
                                                        function log(s) {
     $('#sysout').append(document.createTextNode(s + 'n'));
 }
 
@@ -63,7 +63,8 @@
     new google.maps.places.Autocomplete(document.getElementById('location'), {});
     $('#form').submit(searchLocation);
 });
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/dns-proxy-forwarder-blackhole/index.html b/posts/dns-proxy-forwarder-blackhole/index.html index 922aef1..2f7106a 100644 --- a/posts/dns-proxy-forwarder-blackhole/index.html +++ b/posts/dns-proxy-forwarder-blackhole/index.html @@ -1,11 +1,11 @@ -Go-hole: A minimalistic DNS proxy and and blocker | Virtualzone BlogGo-hole: A minimalistic DNS proxy and and blocker | Virtualzone Blog + -
                                                        Home » Posts

                                                        Go-hole: A minimalistic DNS proxy and and blocker

                                                        February 5, 2023 · 4 min · 703 words · Heiner

                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.

                                                        I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.

                                                        However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. DNS queries took longer and longer until they were answered. With this experience in mind and out of pure interest (how complicated would it be to create a DNS proxy on my own?) I’ve created Go-hole.

                                                        What is Go-hole?

                                                        Go-hole is written in Go and very minimalistic with an eye to the primary requirements. However, it has all the features I personally need on my home network:

                                                        • Act as a network-wide central DNS server, handling all DNS queries from all queries
                                                        • Forward incoming queries to one or more upstream DNS servers
                                                        • Cache upstream query results for extremely fast recurring lookup handling
                                                        • Block queries for well-known ad-serving and malicious domains by using definable block list URLs
                                                        • Regularly update the black list source files
                                                        • Whitelist certain domains which would be blocked in view of the set up black lists
                                                        • Resolve local names

                                                        How does it work?

                                                        Go-hole serves as DNS server on your (home) network. Instead of having your clients sending DNS queries directly to the internet or to your router, they are resolved by your local Go-hole instance. Go-hole sends these queries to one or more upstream DNS servers and caches the upstream query results for maximum performance.

                                                        Incoming queries from your clients are checked against a list of unwanted domain names (“blacklist”), such as well-known ad serving domains and trackers. If a requested name matches a name on the blacklist, Go-hole responds with error code NXDOMAIN (non-existing domain). This leads to clients not being able to load ads and tracker codes. In case you want to access a blacklisted domain, you can easily add it to a whitelist.

                                                        As an additional feature, you can set a list of custom host names/domain names to be resolved to specific IP addresses. This is useful for accessing services on your local network by name instead of their IP addresses.

                                                        How to use Go-hole?

                                                        The simplest way of getting Go-hole up and running is by using the pre-built Docker images.

                                                        First, create a configuration file named config.yaml. You can take a list at the example config file in the GitHub repository. On my home network, my config.yaml looks like this:

                                                        listen: 0.0.0.0:53
+However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time.">
                                                        Home » Posts
                                                        Go-hole: A minimalistic DNS proxy and and blocker
                                                        February 5, 2023 · 4 min · 703 words · Heiner
                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network.
                                                        I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network.
                                                        However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. DNS queries took longer and longer until they were answered. With this experience in mind and out of pure interest (how complicated would it be to create a DNS proxy on my own?) I’ve created Go-hole.
                                                        What is Go-hole?
                                                        Go-hole is written in Go and very minimalistic with an eye to the primary requirements. However, it has all the features I personally need on my home network:
                                                        • Act as a network-wide central DNS server, handling all DNS queries from all queries
                                                        • Forward incoming queries to one or more upstream DNS servers
                                                        • Cache upstream query results for extremely fast recurring lookup handling
                                                        • Block queries for well-known ad-serving and malicious domains by using definable block list URLs
                                                        • Regularly update the black list source files
                                                        • Whitelist certain domains which would be blocked in view of the set up black lists
                                                        • Resolve local names
                                                        How does it work?
                                                        Go-hole serves as DNS server on your (home) network. Instead of having your clients sending DNS queries directly to the internet or to your router, they are resolved by your local Go-hole instance. Go-hole sends these queries to one or more upstream DNS servers and caches the upstream query results for maximum performance.
                                                        Incoming queries from your clients are checked against a list of unwanted domain names (“blacklist”), such as well-known ad serving domains and trackers. If a requested name matches a name on the blacklist, Go-hole responds with error code NXDOMAIN (non-existing domain). This leads to clients not being able to load ads and tracker codes. In case you want to access a blacklisted domain, you can easily add it to a whitelist.
                                                        As an additional feature, you can set a list of custom host names/domain names to be resolved to specific IP addresses. This is useful for accessing services on your local network by name instead of their IP addresses.
                                                        How to use Go-hole?
                                                        The simplest way of getting Go-hole up and running is by using the pre-built Docker images.
                                                        First, create a configuration file named config.yaml. You can take a list at the example config file in the GitHub repository. On my home network, my config.yaml looks like this:
                                                        listen: 0.0.0.0:53
 upstream:
   - 8.8.8.8:53
   - 8.8.4.4:53
@@ -27,7 +27,8 @@
     --mount type=bind,source=${PWD}/config.yaml,target=/app/config.yaml \
     -p 53:53/udp \
     ghcr.io/virtualzone/go-hole:latest
-
                                                        If you don’t want to run Go-hole with Docker (or Podman, like I do), you can use the pre-built binaries or build Go-hole from source.
                                                        Conclusion
                                                        I’m using Go-hole for several weeks now as my home network’s DNS server. It has completely replaced Pi-hole for my use cases. I’ve not observed any crashes or instabilities yet. My home network’s DNS resolving times have greatly improved, making web browsing much faster than it has been before. Of course, Pi-hole has a lot more features than Go-hole. My implementation doesn’t feature a web interface and for sure lacks other things you might like. However, none of these features are relevant to me.
                                                        I’d be happy to hear about your experience with this Pi-hole alternative.
                                                        © 2023 Heiner Beck.
+

                                                        If you don’t want to run Go-hole with Docker (or Podman, like I do), you can use the pre-built binaries or build Go-hole from source.

                                                        Conclusion

                                                        I’m using Go-hole for several weeks now as my home network’s DNS server. It has completely replaced Pi-hole for my use cases. I’ve not observed any crashes or instabilities yet. My home network’s DNS resolving times have greatly improved, making web browsing much faster than it has been before. Of course, Pi-hole has a lot more features than Go-hole. My implementation doesn’t feature a web interface and for sure lacks other things you might like. However, none of these features are relevant to me.

                                                        I’d be happy to hear about your experience with this Pi-hole alternative.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/encrypted-file-container-macos/index.html b/posts/encrypted-file-container-macos/index.html index f86a911..ce72a62 100644 --- a/posts/encrypted-file-container-macos/index.html +++ b/posts/encrypted-file-container-macos/index.html @@ -1,6 +1,7 @@ -Creating an encrypted file container on macOS | Virtualzone Blog -
                                                        Home » Posts

                                                        Creating an encrypted file container on macOS

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

                                                        These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

                                                        To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

                                                        Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

                                                        Choose an appropriate name for your image and select the following settings:

                                                        • Save as: The filename of your encrypted DMG file.
                                                        • Name: A name shown when your DMG file is mounted.
                                                        • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                                                        • Format: Choose “Mac OS Extended (Journaled)”.
                                                        • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                                                        • Partitions: Choose “Single Partition – Apple Partition Map”.
                                                        • Image Format: Choose “read/write disk image”.

                                                        Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

                                                        © 2023 Heiner Beck. +Creating an encrypted file container on macOS | Virtualzone Blog +
                                                        Home » Posts

                                                        Creating an encrypted file container on macOS

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10.11 (El Capitan) and Mac OS X 10.10 (Yosemite).

                                                        These containers are saved as DMG files. You probably know this file extension from installing downloaded software on your Mac. DMG files are Apple Disk Images, bundling a set of folders and files into a single file. Unlike installation images downloaded from the web, these DMG files can optionally be encrypted using an AES 128 bit or AES 256 bit encryption key.

                                                        To create an encrypted file container, open the Disk Utility using the Spotlight Search (press Cmd + Space).

                                                        Using the menu bar, navigate to “File” > “New Image” > “Blank Image…”.

                                                        Choose an appropriate name for your image and select the following settings:

                                                        • Save as: The filename of your encrypted DMG file.
                                                        • Name: A name shown when your DMG file is mounted.
                                                        • Size: The size of your container. The DMG file will take exactly the specified size and the amount of data you can store in the container is limited to this specified size. However, you can shrink and grow your DMG at a later time.
                                                        • Format: Choose “Mac OS Extended (Journaled)”.
                                                        • Encryption: Choose between 128 bit AES and 256 bit AES encryption (for sensitive information, I’d go for 256 bit, just in case…). You’ll be prompted to enter an encryption key. Be sure to remember this one really good. There will be no way to recover a lost encryption key!
                                                        • Partitions: Choose “Single Partition – Apple Partition Map”.
                                                        • Image Format: Choose “read/write disk image”.

                                                        Next, click “Create” to create your image. This may take a few minutes, depending on the size of your DMG and the speed of the device you’re creating the container on (i.e. a network share).

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/endomono-export-gpx/index.html b/posts/endomono-export-gpx/index.html index d4cee38..8b05f61 100644 --- a/posts/endomono-export-gpx/index.html +++ b/posts/endomono-export-gpx/index.html @@ -1,5 +1,5 @@ -Export trainings from Endomondo as GPX files | Virtualzone Blog -
                                                        Home » Posts

                                                        Export trainings from Endomondo as GPX files

                                                        June 1, 2020 · 2 min · 341 words · Heiner

                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.

                                                        There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.

                                                        The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.

                                                        The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.

                                                        In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:

                                                        await api.processWorkouts(filter, async (workout) => {
+Export trainings from Endomondo as GPX files | Virtualzone Blog
+
                                                        Home » Posts
                                                        Export trainings from Endomondo as GPX files
                                                        June 1, 2020 · 2 min · 341 words · Heiner
                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost.
                                                        There’s an article on Strava’s website on how to move from Endomondo to Strava. But the answer is a bit too easy: Using Endomondo’s website, you can only export a single training at a time in GPX file format.
                                                        The good: GPX (GPS Exchange Format) is an standard file format used to exchange GPS coordinates. Using the GPS waypoints and some meta data (i.e. date, type of training), each of your trainings is reconstructable.
                                                        The bad: I’ve done more than 1,000 trainings in Endonomdo and I’m not willing to export each of them one by one.
                                                        In Node.JS’ module respository, npmjs.com, there’s a module named endomondo-api-handler. Using this, it’s easy to search, select and download trainings from Endomondo’s servers:
                                                        await api.processWorkouts(filter, async (workout) => {
   if (workout.hasGPSData()) {
     let filename = getFilename(workout);
     let gpx = await api.getWorkoutGpx(workout.getId());
@@ -10,8 +10,9 @@
 
                                                        In order to use this tool, Node.JS must be installed on your computer. You can then check out the tool’s source code from my GitHub repository and run the following commands to make the tool ready to run:
                                                        git clone https://github.com/virtualzone/endomondo-exporter.git
 cd endomondo-exporter
 npm install
-
                                                        Importing GPX files to Strava is quite easy: You can upload 25 training files at once. There seems to be some rate limiting. I’ve received server errors after several imports. Waiting a few minutes solved that.
                                                        © 2023 Heiner Beck.
+

                                                        Importing GPX files to Strava is quite easy: You can upload 25 training files at once. There seems to be some rate limiting. I’ve received server errors after several imports. Waiting a few minutes solved that.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html index 947e98c..88bf338 100644 --- a/posts/fix-docker-not-using-etc-hosts-on-macos/index.html +++ b/posts/fix-docker-not-using-etc-hosts-on-macos/index.html @@ -1,16 +1,17 @@ -Fix Docker not using /etc/hosts on MacOS | Virtualzone BlogFix Docker not using /etc/hosts on MacOS | Virtualzone Blog + -
                                                        Home » Posts

                                                        Fix Docker not using /etc/hosts on MacOS

                                                        August 28, 2016 · 1 min · 163 words · Heiner

                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.

                                                        When I executed “docker push” for example, this resulted in “no such hosts” errors:

                                                        Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host
+Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file.">
                                                        Home » Posts
                                                        Fix Docker not using /etc/hosts on MacOS
                                                        August 28, 2016 · 1 min · 163 words · Heiner
                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file.
                                                        When I executed “docker push” for example, this resulted in “no such hosts” errors:
                                                        Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host
 
                                                        On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. To fix it, get into the running Docker Host:
                                                        screen ~/Library/Containers/com.docker.docker/Data/com.docker.driver.amd64-linux/tty
 
                                                        This took a while on my machine, I needed to press Ctrl+C for the login prompt to show up. Log in with “root” (no password required).
                                                        Edit the /etc/hosts file in the Docker Host using vi:
                                                        vi /etc/hosts
 
                                                        Note: Insert after pressing “i”, save by pressing Escape and then type “:wq” .
                                                        Restart the Docker Daemon with:
                                                        service docker restart
-
                                                        Detach from the screen session by pressing Ctrl+A, then press D.
                                                        Docker should now use the correct /etc/hosts entries.
                                                        © 2023 Heiner Beck.
+

                                                        Detach from the screen session by pressing Ctrl+A, then press D.

                                                        Docker should now use the correct /etc/hosts entries.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html index d497007..596900d 100644 --- a/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html +++ b/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/index.html @@ -1,5 +1,5 @@ -From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog -
                                                        Home » Posts

                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                        August 28, 2016 · 6 min · 1084 words · Heiner

                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.

                                                        If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.

                                                        OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.

                                                        To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.

                                                        Option 1: Using Docker Compose

                                                        There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.

                                                        1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                                                        2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                                                        3. Create a directory for your OpenHAB setup, such as:
                                                        mkdir -p /docker/containers/openhab
+From FHEM to OpenHAB with Homegear: Installation/Docker container | Virtualzone Blog
+
                                                        Home » Posts
                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container
                                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. More than a good reason to have a look at it. In this post, I’m going to show how to get started.
                                                        If you don’t know OpenHAB yet, here’s a short summary: OpenHAB is a vendor and technology agnostic open source automation software for smart homes. The software is developed in Java, has an extensible OSGI architecture and an actively growing community. It comes with a responsive web interface, allowing for being used on desktops and mobile devices equally. Last but not least, OpenHAB features a catchy programming syntax for rules, triggers, scripts and notifications.
                                                        OpenHAB has an integrated HomeMatic binding. If you’re using a CCU2, you can start with OpenHAB right out of the box. If you’re using another I/O interface like the HM-CFG-LAN Configuration Tool, you’ll need Homegear as an additional piece of software. Homegear communicates with your HomeMatic devices through the I/O interface. OpenHAB then connects to Homegear, which allows you to control all your HomeMatic sensors and actors using the OpenHAB software.
                                                        To get started, you should first choose if you’re going with Docker Containers (my preferred way of running server applications) or if you want to install OpenHAB and Homegear directly on your Linux System.
                                                        Option 1: Using Docker Compose
                                                        There are official Docker Images for OpenHAB. However, there was no working image for Homegear. So I created my own: You can use this Docker Image for Homegear if you want to.
                                                        1. Make sure that Docker is set up correctly and that the Docker Daemon is running. Read Docker’s official guide for your operating system if you’re unsure.
                                                        2. Make sure that Docker Compose is installed. I’m using Docker Compose instead of manually scoring the two containers because it’s much more convenient.
                                                        3. Create a directory for your OpenHAB setup, such as:
                                                        mkdir -p /docker/containers/openhab
 
                                                        1. Create a docker-compose.yml file in this directory with the following content:
                                                        version: '2'
 services:
   openhab:
@@ -59,8 +59,9 @@
 rfKey = xxxx
 currentRFKeyIndex = 1
 responseDelay = 60
-
                                                        Some explanations:
                                                        • id: The ID printed on the back side of your BidCoS I/O device.
                                                        • deviceType: The device type of your BidCoS device (cul, cc1100, coc, cuno, hmcfglan, hmlgw).
                                                        • host: The IP address of your I/O interface.
                                                        • port: Usually 1000, you probably don’t need to change this.
                                                        • lanKey: The AES key used for the communication between Homegear and your I/O interface (for securing the LAN connection). If you’ve been using FHEM before, you’ve probably disabled AES encryption using HomeMatic’s configuration utility, as FHEM doesn’t support encryption. You should add AES encryption later. For a quick start, comment out this line.
                                                        • rfKey: A random key used for securing the connection between Homegear and the HomeMatic devices (sensors, actors, etc.). You should note it down somewhere, because if you lose it, you’ll have to re-pair all your devices.
                                                        After saving the configuration file, you’ll have to restart the Homegear daemon or the Docker Container running Homegear. Take a look at the logs in /var/log/homegear/homegear.log to find out if Homegear successfully connects to the BidCoS device.
                                                        Connecting OpenHAB to Homegear
                                                        • Browse to OpenHAB’s web interface at port 8080 (such as http://localhost:8080).
                                                        • Select the Paper UI (this one is new in OpenHAB 2).
                                                        • Go to “Extensions” and install “HomeMatic Binding”.
                                                        • Go to “Configuration” -> “Things”. Two new things should be detected automatically: “Homegear” and “GATEWAY-EXTRAS”. Add both of them. They should be indicated as “ONLINE” afterwards.
                                                        That’s it – for now…
                                                        Congratulations: You’ve mastered the essential steps of setting up OpenHAB for your HomeMatic based smart home! Next time, I’ll write about adding HomeMatic devices to OpenHAB using Homegear.
                                                        © 2023 Heiner Beck.
+

                                                        Some explanations:

                                                        • id: The ID printed on the back side of your BidCoS I/O device.
                                                        • deviceType: The device type of your BidCoS device (cul, cc1100, coc, cuno, hmcfglan, hmlgw).
                                                        • host: The IP address of your I/O interface.
                                                        • port: Usually 1000, you probably don’t need to change this.
                                                        • lanKey: The AES key used for the communication between Homegear and your I/O interface (for securing the LAN connection). If you’ve been using FHEM before, you’ve probably disabled AES encryption using HomeMatic’s configuration utility, as FHEM doesn’t support encryption. You should add AES encryption later. For a quick start, comment out this line.
                                                        • rfKey: A random key used for securing the connection between Homegear and the HomeMatic devices (sensors, actors, etc.). You should note it down somewhere, because if you lose it, you’ll have to re-pair all your devices.

                                                        After saving the configuration file, you’ll have to restart the Homegear daemon or the Docker Container running Homegear. Take a look at the logs in /var/log/homegear/homegear.log to find out if Homegear successfully connects to the BidCoS device.

                                                        Connecting OpenHAB to Homegear

                                                        • Browse to OpenHAB’s web interface at port 8080 (such as http://localhost:8080).
                                                        • Select the Paper UI (this one is new in OpenHAB 2).
                                                        • Go to “Extensions” and install “HomeMatic Binding”.
                                                        • Go to “Configuration” -> “Things”. Two new things should be detected automatically: “Homegear” and “GATEWAY-EXTRAS”. Add both of them. They should be indicated as “ONLINE” afterwards.

                                                        That’s it – for now…

                                                        Congratulations: You’ve mastered the essential steps of setting up OpenHAB for your HomeMatic based smart home! Next time, I’ll write about adding HomeMatic devices to OpenHAB using Homegear.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/https-ssl-in-wordpress-behind-proxy/index.html b/posts/https-ssl-in-wordpress-behind-proxy/index.html index 9871be0..395266e 100644 --- a/posts/https-ssl-in-wordpress-behind-proxy/index.html +++ b/posts/https-ssl-in-wordpress-behind-proxy/index.html @@ -1,14 +1,15 @@ -How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog -How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) | Virtualzone Blog +
                                                        Home » Posts

                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                        August 27, 2016 · 2 min · 255 words · Heiner

                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.

                                                        The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.

                                                        This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:

                                                        Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:

                                                        proxy_set_header X-Forwarded-Host $host;
+The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy.">
                                                        Home » Posts
                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)
                                                        August 27, 2016 · 2 min · 255 words · Heiner
                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it.
                                                        The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. Thus, if the connection between your user’s browser and your proxy/loadbalancer is HTTPS, but the connection between your proxy server and WordPress is HTTP only, WordPress thinks that it’s running on HTTP instead of HTTPS. Therefore it places sets the absolute URLs incorrectly to HTTP.
                                                        This results in mixed content warnings. Modern browsers prevent loading resources from HTTP when the embedding page had been loaded from HTTPS. To fix this, taking the following steps worked for me:
                                                        Make sure that your proxy or load balancer adds the “X-Forwarded-*” HTTP request headers when proxying incoming requests to your WordPress backend server. My nginx configuration contains these lines:
                                                        proxy_set_header X-Forwarded-Host $host;
 proxy_set_header X-Forwarded-Server $host;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header Host $host;
-
                                                        • Install and activate the SSL Insecure Content Fixer plugin in your WordPress installation’s admin panel.
                                                        • Navigate to Settings -> SSL Insecure Content.
                                                        • Set “HTTPS detection” to “HTTP_X_FORWARDED_PROTO (e.g. load balancer, reverse proxy, NginX)”.
                                                        • Navigate to Settings -> General.
                                                        • Set the “WordPress Address (URL)” and “Site Address (URL)” to your new HTTPS address.
                                                        • Check if everything is working as expected.
                                                        © 2023 Heiner Beck.
+
                                                        • Install and activate the SSL Insecure Content Fixer plugin in your WordPress installation’s admin panel.
                                                        • Navigate to Settings -> SSL Insecure Content.
                                                        • Set “HTTPS detection” to “HTTP_X_FORWARDED_PROTO (e.g. load balancer, reverse proxy, NginX)”.
                                                        • Navigate to Settings -> General.
                                                        • Set the “WordPress Address (URL)” and “Site Address (URL)” to your new HTTPS address.
                                                        • Check if everything is working as expected.
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/index.html b/posts/index.html index 6d27914..e76c6fd 100644 --- a/posts/index.html +++ b/posts/index.html @@ -1,15 +1,17 @@ -Posts | Virtualzone Blog
                                                        Home

                                                        Posts -

                                                        Go-hole: A minimalistic DNS proxy and and blocker

                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. +Posts | Virtualzone Blog +

                                                        Home

                                                        Posts +

                                                        Go-hole: A minimalistic DNS proxy and and blocker

                                                        You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. -However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                        February 5, 2023 · 4 min · 703 words · Heiner

                                                        OpenRC Script for 'podman kube play'

                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                        October 26, 2022 · 3 min · 483 words · Heiner

                                                        Connecting multiple networks to a Podman container

                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                        February 5, 2023 · 4 min · 703 words · Heiner

                                                        OpenRC Script for 'podman kube play'

                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                        October 26, 2022 · 3 min · 483 words · Heiner

                                                        Connecting multiple networks to a Podman container

                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: -$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                        October 16, 2022 · 2 min · 274 words · Heiner

                                                        Setting up Alpine Linux with Podman

                                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                                        June 25, 2022 · 4 min · 852 words · Heiner

                                                        Setting up Alpine Linux with Rootless Docker

                                                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. -However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                        June 19, 2022 · 3 min · 479 words · Heiner

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        Back up server to OneDrive’s special App Folder

                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                        September 2, 2021 · 4 min · 682 words · Heiner

                                                        Unifi USG: Multiple IP addresses on PPPoE

                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                        August 16, 2021 · 2 min · 353 words · Heiner

                                                        Raspberry Pi OS: Remove unnecessary packages

                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                        June 7, 2020 · 1 min · 161 words · Heiner

                                                        Analyze Traefik access log using InfluxDB and Grafana

                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                        October 16, 2022 · 2 min · 274 words · Heiner

                                                        Setting up Alpine Linux with Podman

                                                        Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +Podman was initially developed by RedHat and is available as an open source project....

                                                        June 25, 2022 · 4 min · 852 words · Heiner

                                                        Setting up Alpine Linux with Rootless Docker

                                                        As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                        June 19, 2022 · 3 min · 479 words · Heiner

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        Back up server to OneDrive’s special App Folder

                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                        September 2, 2021 · 4 min · 682 words · Heiner

                                                        Unifi USG: Multiple IP addresses on PPPoE

                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                        August 16, 2021 · 2 min · 353 words · Heiner

                                                        Raspberry Pi OS: Remove unnecessary packages

                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                        June 7, 2020 · 1 min · 161 words · Heiner

                                                        Analyze Traefik access log using InfluxDB and Grafana

                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                        June 3, 2020 · 2 min · 373 words · Heiner
                                                        © 2023 Heiner Beck. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                        June 3, 2020 · 2 min · 373 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/index.xml b/posts/index.xml index f85d072..6955beb 100644 --- a/posts/index.xml +++ b/posts/index.xml @@ -6,254 +6,205 @@ Recent content in Posts on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 05 Feb 2023 06:00:00 +0000 + &copy; 2024 Heiner Beck. + Sun, 05 Feb 2023 06:00:00 +0000 + Go-hole: A minimalistic DNS proxy and and blocker https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. - OpenRC Script for 'podman kube play' https://virtualzone.de/posts/openrc-podman-kube-play/ Wed, 26 Oct 2022 15:00:00 +0000 - https://virtualzone.de/posts/openrc-podman-kube-play/ In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. - Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ Sun, 16 Oct 2022 17:00:00 +0000 - https://virtualzone.de/posts/podman-multiple-networks/ I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: - Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ Sat, 25 Jun 2022 18:00:00 +0000 - https://virtualzone.de/posts/alpine-podman/ Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project. - Setting up Alpine Linux with Rootless Docker https://virtualzone.de/posts/alpine-docker-rootless/ Sun, 19 Jun 2022 15:00:00 +0000 - https://virtualzone.de/posts/alpine-docker-rootless/ As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux. - Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing https://virtualzone.de/posts/k3s-glusterfs/ Fri, 03 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/k3s-glusterfs/ I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. - Back up server to OneDrive’s special App Folder https://virtualzone.de/posts/onedrive-upload-backup/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/onedrive-upload-backup/ I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. - Unifi USG: Multiple IP addresses on PPPoE https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ Mon, 16 Aug 2021 11:30:03 +0000 - https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE. - Raspberry Pi OS: Remove unnecessary packages https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Sun, 07 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands. - Analyze Traefik access log using InfluxDB and Grafana https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Wed, 03 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin. - Export trainings from Endomondo as GPX files https://virtualzone.de/posts/endomono-export-gpx/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/endomono-export-gpx/ I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost. - Native USB boot for Raspberry Pi 4 https://virtualzone.de/posts/usb-boot-raspberry-pi/ Thu, 28 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/usb-boot-raspberry-pi/ Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. - Build Multi-Arch images on Docker Hub (Part 2) https://virtualzone.de/posts/multi-arch-docker-images-2/ Sat, 16 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-2/ Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. - Build Multi-Arch images on Docker Hub (Part 1) https://virtualzone.de/posts/multi-arch-docker-images-1/ Fri, 15 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-1/ Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. - How to let Jenkins build Docker images https://virtualzone.de/posts/jenkins-build-docker-images/ Sun, 11 Jun 2017 11:30:03 +0000 - https://virtualzone.de/posts/jenkins-build-docker-images/ If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. - Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. - Creating an encrypted file container on macOS https://virtualzone.de/posts/encrypted-file-container-macos/ Tue, 06 Dec 2016 11:30:03 +0000 - https://virtualzone.de/posts/encrypted-file-container-macos/ Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. - UptimeRobot: A nice free website monitoring service https://virtualzone.de/posts/uptime-robot-website-monitoring/ Mon, 05 Sep 2016 11:30:03 +0000 - https://virtualzone.de/posts/uptime-robot-website-monitoring/ Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). - Fix Docker not using /etc/hosts on MacOS https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. - From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. - How to reduce PDF file size in Linux - Part 2 https://virtualzone.de/posts/reduce-pdf-file-size-2/ Sat, 15 Aug 2015 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size-2/ Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: - How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT https://virtualzone.de/posts/ipv6-on-a-sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/posts/ipv6-on-a-sonicwall/ IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. - How to reduce PDF file size in Linux https://virtualzone.de/posts/reduce-pdf-file-size/ Wed, 21 Nov 2012 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size/ Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. - Determining a location’s federal state using Google Maps API https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ Fri, 10 Aug 2012 11:30:03 +0000 - https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). - diff --git a/posts/ipv6-on-a-sonicwall/index.html b/posts/ipv6-on-a-sonicwall/index.html index 93a6271..729a8ec 100644 --- a/posts/ipv6-on-a-sonicwall/index.html +++ b/posts/ipv6-on-a-sonicwall/index.html @@ -1,7 +1,8 @@ -How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog -
                                                        Home » Posts

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.

                                                        The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.

                                                        1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).

                                                        2. Go to Network -> Interfaces and select to view IPv6.

                                                        • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                                                        • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                                                        • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                                                        • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.

                                                        1. Go to Network -> Address Objects and select to view IPv6. -Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.

                                                        2. Go to Network -> NAT Policies and select to view IPv6.

                                                        • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                                                        • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                                                        1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                                                        © 2023 Heiner Beck. +How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT | Virtualzone Blog +
                                                        Home » Posts

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address.

                                                        The following guide applies to Dell SonicWalls with SonicOS 5.9.0 (IPv6 is not supported in SonicOS 5.8 or below). A SonicWall TZ-215 is connected to an IPv6 capable router via the X1/WAN interface. There are devices connected to the SonicWall on the X0/LAN and W0/WLAN interfaces. There is also a virtual W0:V1 interface used for WLAN guests.

                                                        1. Log in to SonicWall’s administrative web interface (the default IP address on LAN is https://192.168.168.168).

                                                        2. Go to Network -> Interfaces and select to view IPv6.

                                                        • Determine SonicWall’s autonomous IPv6 address for the X1/WAN interface and note it down. You’ll need it later.
                                                        • Configure your X0/LAN interface: Check if it has a static IPv6 address starting with fd80::. Check “Enable Router Advertisement” and add a prefix fd80::, Lifetime = 1440 min.
                                                        • Configure your W0/WLAN interface: Check if it has a static IPv6 address starting with fd81::. Check “Enable Router Advertisement” and add a prefix fd81::, Lifetime = 1440 min.
                                                        • Do the same with other interfaces you want to enable for IPv6, such as W0:V1, X2, etc. Use fd82::, fd83::, etc. as prefixes.

                                                        1. Go to Network -> Address Objects and select to view IPv6. +Create/update the entry “WAN Primary IPv6” with the previously determined X1 IPv6 address. Set Zone = WAN, Type = Host.

                                                        2. Go to Network -> NAT Policies and select to view IPv6.

                                                        • Create a new NAT policy with the following settings: Original Source = Any Translated Source = WAN Primary IPv6 Original Destination = Any Translated Destination = Original Original Service = Any Translated Service = Original Inbound Interface = X0/LAN Outbound Interface = X1/WAN
                                                        • Create another new NAT policy with the same settings as before, but this time, select W0/WLAN as “Inbound Interface”.
                                                        1. On a client connected to the SonicWall, go to http://test-ipv6.com to check if your IPv6 configuration works.
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/jenkins-build-docker-images/index.html b/posts/jenkins-build-docker-images/index.html index f009343..3c7fe12 100644 --- a/posts/jenkins-build-docker-images/index.html +++ b/posts/jenkins-build-docker-images/index.html @@ -1,8 +1,8 @@ -How to let Jenkins build Docker images | Virtualzone Blog -How to let Jenkins build Docker images | Virtualzone Blog +
                                                        Home » Posts

                                                        How to let Jenkins build Docker images

                                                        June 11, 2017 · 2 min · 370 words · Heiner

                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.

                                                        So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.

                                                        To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:

                                                        FROM jenkins:alpine
+So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there.">
                                                        Home » Posts
                                                        How to let Jenkins build Docker images
                                                        June 11, 2017 · 2 min · 370 words · Heiner
                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself.
                                                        So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. None of them really convinced me as the setup was quite complicated. I’ve been looking for a simpler method.
                                                        To achieve this, I’ve created a custom Dockerfile which derives from the official jenkins:alpine image:
                                                        FROM jenkins:alpine
 USER root
 RUN apk update && \
     apk add docker sudo
@@ -20,8 +20,9 @@
 sudo docker push docker_hub_username/image_name:latest
 
                                                        These lines build the Docker image, log in to Docker Hub and push the recently built image.
                                                        Update:
                                                        If you want to use docker-compose from your Jenkins Docker container as well, add these lines to your Dockerfile:
                                                        RUN apk add py-pip
 RUN pip install docker-compose
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/k3s-glusterfs/index.html b/posts/k3s-glusterfs/index.html index 0bae04c..9f37aeb 100644 --- a/posts/k3s-glusterfs/index.html +++ b/posts/k3s-glusterfs/index.html @@ -1,6 +1,7 @@ -Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog -
                                                        Home » Posts

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

                                                        Read the tutorial in Hetzner’s Online Community.

                                                        © 2023 Heiner Beck. +Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing | Virtualzone Blog +
                                                        Home » Posts

                                                        Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                        September 3, 2021 · 1 min · 118 words · Heiner

                                                        I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. Optionally, you will learn how to set up a distributed, replicated file system using Kadalu, an opinionated storage system based on GlusterFS. This allows you to move pods between the nodes while still having access to the pods’ persistent data.

                                                        Read the tutorial in Hetzner’s Online Community.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html index 62a2d86..0206ba9 100644 --- a/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html +++ b/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/index.html @@ -1,11 +1,11 @@ -Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone BlogUsing Let’s Encrypt / EFF’s CertBot with NGINX in Docker | Virtualzone Blog + -
                                                        Home » Posts

                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                        February 11, 2017 · 2 min · 287 words · Heiner

                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.

                                                        First, I’ve added two new volumes to my web-front-end’s Docker Compose File:

                                                        version: '2'
+version: '2' services: webfrontend: container_name: webfrontend [.">
                                                        Home » Posts
                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker
                                                        February 11, 2017 · 2 min · 287 words · Heiner
                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it.
                                                        First, I’ve added two new volumes to my web-front-end’s Docker Compose File:
                                                        version: '2'
 services:
   webfrontend:
     container_name: webfrontend
@@ -46,8 +46,9 @@
 echo "Done"
 
                                                        The script starts CertBot in a Docker Container for each requested certificate. Because the /etc/letsencrypt and the /var/www/.well-known directory is also used by my NGINX front-end Container (see above), these steps can be performed by the script:
                                                        1. Using the webroot plugin, a random file is created under the /.well-known/acme-challenge/ directory.
                                                        2. Let’s Encrypt can access and verify this file as the folder is aliased using the Location blocks in the NGINX config.
                                                        3. The generated private key and public certificate is placed in /etc/letsencrypt/, which is in turn a volume for the NGINX web-frontend.
                                                        You can use the generated certificates by adding these two lines to your NGINX vhost config:
                                                        ssl_certificate     /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/multi-arch-docker-images-1/index.html b/posts/multi-arch-docker-images-1/index.html index e8c7bda..4b68410 100644 --- a/posts/multi-arch-docker-images-1/index.html +++ b/posts/multi-arch-docker-images-1/index.html @@ -1,5 +1,5 @@ -Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog -
                                                        Home » Posts

                                                        Build Multi-Arch images on Docker Hub (Part 1)

                                                        May 15, 2020 · 3 min · 502 words · Heiner

                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.

                                                        Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:

                                                        FROM amd64/alpine:3.11
+Build Multi-Arch images on Docker Hub (Part 1) | Virtualzone Blog
+
                                                        Home » Posts
                                                        Build Multi-Arch images on Docker Hub (Part 1)
                                                        May 15, 2020 · 3 min · 502 words · Heiner
                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. Ich möchte Euch in diesem Beitrag zeigen, wie es geht.
                                                        Zunächst legt Ihr wie gewohnt ein Dockerfile für die AMD64-Architektur an – hier am Beispiel eines Alpine-Basis-Image:
                                                        FROM amd64/alpine:3.11
 ...
 
                                                        Es folgt jeweils ein Dockerfile pro Zielarchitektur. In diesen wird zunächst die passende QEMU-Binary heruntergeladen und dann in das Ziel-Image hinein kopiert.
                                                        Dockerfile.arm32v6 für ARM32V6:
                                                        FROM alpine:3.11 AS qemu
 RUN apk --update add --no-cache curl
@@ -58,8 +58,9 @@
 curl -Lo manifest-tool https://github.com/estesp/manifest-tool/releases/download/v1.0.0/manifest-tool-linux-amd64
 chmod +x manifest-tool
 ./manifest-tool push from-spec multi-arch-manifest.yaml
-
                                                        Damit ist Euer Projekt vorbereitet und bereit für Multi-Arch-Builds.
                                                        Im nächsten Teil zeige ich Euch, wie Ihr die “Automated Builds” im Docker Hub konfiguriert, um den Multi-Arch-Build auch tatsächlich durchzuführen.
                                                        © 2023 Heiner Beck.
+

                                                        Damit ist Euer Projekt vorbereitet und bereit für Multi-Arch-Builds.

                                                        Im nächsten Teil zeige ich Euch, wie Ihr die “Automated Builds” im Docker Hub konfiguriert, um den Multi-Arch-Build auch tatsächlich durchzuführen.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/multi-arch-docker-images-2/index.html b/posts/multi-arch-docker-images-2/index.html index cb9acbf..60cadae 100644 --- a/posts/multi-arch-docker-images-2/index.html +++ b/posts/multi-arch-docker-images-2/index.html @@ -1,14 +1,15 @@ -Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog -Build Multi-Arch images on Docker Hub (Part 2) | Virtualzone Blog +
                                                        Home » Posts

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.

                                                        Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:

                                                        Einen automatisierten Build im Docker Hub konfigurieren. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub.">

                                                        Home » Posts

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt.

                                                        Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. Die entsprechenden Einstellungen findet Ihr im Reiter “Builds”:

                                                        Einen automatisierten Build im Docker Hub konfigurieren. Dort könnt Ihr dann die Build-Konfiguration vornehmen. Zunächst muss angegeben werden, aus Source-Repository gebaut werden soll:

                                                        Bei der Konfiguration muss zunächst das Sourcecode-Repository angegeben werden. Anschließend legt Ihr fünf Build Rules an, nämlich eine ohne Angabe eines Architektur-Tags (in meinem Fall “latest”) und vier weitere je Zielarchitektur. Vier deshalb, weil wir in diesem Beispiel für AMD64, ARM32V6, ARM32V7 und ARM64V8 bauen. Solltet Ihr für andere Zielarchitekturen bauen wollen, benötigt Ihr natürlich mehr oder weniger Build Rules:

                                                        Die passenden Build Rules für die vier Zielarchitekturen. Der Trick ist, dass das “ungetaggte” Image alle anderen Architektur-Images zugeordnet bekommt. Dadurch kann ein Anwender, der “docker run” oder “docker pull” auf Euer Image durchführt, das für seine Architektur passende Image automatisch laden, ohne explizit die Plattform nennen zu müssen. Ein Mac zieht somit das AMD64-Image, während ein Raspbian das ARM32V7-Image lädt und ein Raspberry Pi 4 mit 64bit-Ubuntu das ARM64V8 Image. Alles ohne weiteres zutun.

                                                        Das war es dann auch schon mit der Konfiguration. Ein Klick auf “Save and Build” stellt die ausstehenden Builds (hier fünf an der Zahl) in die Warteschlange. Meiner Erfahrung nach kann es auf der Docker Hub Infrastruktur auch für einfache Images durchaus ein paar Stunden dauern, bis alle Images gebaut wurden. Was schon erledigt ist und was noch aussteht, könnt Ihr unter “Recent Builds” verfolgen.

                                                        Die Recent Builds geben Auskunft über die noch ausstehenden und schon erfolgten Automated Builds. Ihr werdet sehen, dass die ersten Builds als fehlgeschlagen markiert werden. Das ist völlig normal! Ein Blick in die Build Logs zeigt den nachvollziehbaren Grund: Nach jedem Build wird das multi-arch-manifest.yaml Docker-Manifest angewandt. Bevor das letzte Ziel-Architektur.Image aber nicht fertig gebaut wurde, können nicht alle Architektur-Images dem “ungetaggten” Image hinzugefügt werden und das Build schlägt augenscheinlich fehl.

                                                        Kein Grund zur Sorge: Der Fehler “failed with error: manifest unknown: manifest unknown”. -Tatsächlich wurde das jeweilige Image aber (hoffentlich) erfolgreich gebaut und gepusht. Erst beim letzten Multi-Arch-Image kann das Manifest-Tool dann auch erfolgreich seine Arbeit verrichten und die Architekturen verknüpfen. Lasst Euch davon also nicht aus der Ruhe bringen und beobachtet die Build Logs aufmerksam.

                                                        Ich wünsche Euch viel Spaß mit den Multi-Arch-Images im Docker Hub!

                                                        © 2023 Heiner Beck. +Tatsächlich wurde das jeweilige Image aber (hoffentlich) erfolgreich gebaut und gepusht. Erst beim letzten Multi-Arch-Image kann das Manifest-Tool dann auch erfolgreich seine Arbeit verrichten und die Architekturen verknüpfen. Lasst Euch davon also nicht aus der Ruhe bringen und beobachtet die Build Logs aufmerksam.

                                                        Ich wünsche Euch viel Spaß mit den Multi-Arch-Images im Docker Hub!

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/onedrive-upload-backup/index.html b/posts/onedrive-upload-backup/index.html index 397a92e..2c34ed0 100644 --- a/posts/onedrive-upload-backup/index.html +++ b/posts/onedrive-upload-backup/index.html @@ -1,5 +1,5 @@ -Back up server to OneDrive’s special App Folder | Virtualzone Blog -
                                                        Home » Posts

                                                        Back up server to OneDrive’s special App Folder

                                                        September 2, 2021 · 4 min · 682 words · Heiner

                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.

                                                        Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.

                                                        I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.

                                                        To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:

                                                        1. Log in to the Microsoft Azure Portal.
                                                        2. Navigate to “App registrations”.
                                                        3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                                                        4. Copy the Application (client) ID.
                                                        5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                                                        6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                                                        • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                                                        • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read

                                                        Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.

                                                        You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:

                                                        curl -s -L https://git.io/JRie0 | bash

                                                        Now create a configuration file named config.json. Replace and :

                                                        {
+Back up server to OneDrive’s special App Folder | Virtualzone Blog
+
                                                        Home » Posts
                                                        Back up server to OneDrive’s special App Folder
                                                        September 2, 2021 · 4 min · 682 words · Heiner
                                                        I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. I couldn’t find any. This is why I developed OneDrive Uploader. Here is what it can do for you and how to use it.
                                                        Microsoft OneDrive supports so-called “special folders”, which includes the “App Folder” (App Root). This is a directory intended for applications to storage their own files, without being able to access other files in your OneDrive Folder. OneDrive Uploader supports these special folders, restricting the access of your backup script to its own files. However, you can also use OneDrive Uploader to upload and download files from other locations as long as you grant it access.
                                                        I’ve written OneDrive Uploader in Go, which is a great programming language that compiles natively to various operating systems and platforms. As a result, OneDrive Uploader is available for Linux, MacOS and Windows and supports AMD64, ARM and ARM64.
                                                        To get started with OneDrive Uploader, you’ll need to create an access token in Microsoft’s Azure Portal. To do this, follow these steps:
                                                        1. Log in to the Microsoft Azure Portal.
                                                        2. Navigate to “App registrations”.
                                                        3. Create a new application with supported account type “Accounts in any organizational directory (Any Azure AD directory – Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)” and the following Web redirect URL: http://localhost:53682/
                                                        4. Copy the Application (client) ID.
                                                        5. Navigate to “Certificates & secrets”, create a new Client secret and copy the Secret Value (not the ID).
                                                        6. Navigate to “API permissions”, click “Add permission”, choose “Microsoft Graph”, select “Delegated”. Then search and add the required permissions:
                                                        • Access to App Folder only: Files.ReadWrite.AppFolder, offline_access, User.Read
                                                        • Access to entire OneDrive: Files.Read, Files.ReadWrite, Files.Read.All, Files.ReadWrite.All, offline_access, User.Read
                                                        Great! You’ve now created an Azure App which you can use to grant OneDrive Uploader access to your OneDrive. Don’t worry, the App is not visible anywhere, nor can anyone access your OneDrive.
                                                        You can now download the OneDrive Uploader executable for your operating system and platform. You can either choose the matching binary from the GitHub releases page, or simply execute this command:
                                                        curl -s -L https://git.io/JRie0 | bash
                                                        Now create a configuration file named config.json. Replace and :
                                                        {
     "client_id": "<client id from azure app>",
     "client_secret": "<client secret from azure app>",
     "scopes": [
@@ -28,8 +28,9 @@
         echo "Hashes for '$i' do not match! Remote = $HASH_REMOTE vs. Local = $HASH_LOCAL"
     fi
 done
-
                                                        This bash script uploads all files from the local directory $TARGET to its app folder in your OneDrive. It creates a sub-folder named YYYY-MM-DD (i.e. 2021-08-30). For each file, after having finished the upload, it checks she SHA256 hash so that you can be sure the upload is intact.
                                                        © 2023 Heiner Beck.
+

                                                        This bash script uploads all files from the local directory $TARGET to its app folder in your OneDrive. It creates a sub-folder named YYYY-MM-DD (i.e. 2021-08-30). For each file, after having finished the upload, it checks she SHA256 hash so that you can be sure the upload is intact.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/openrc-podman-kube-play/index.html b/posts/openrc-podman-kube-play/index.html index 57718ec..25b2098 100644 --- a/posts/openrc-podman-kube-play/index.html +++ b/posts/openrc-podman-kube-play/index.html @@ -1,5 +1,5 @@ -OpenRC Script for 'podman kube play' | Virtualzone Blog -
                                                        Home » Posts

                                                        OpenRC Script for 'podman kube play'

                                                        October 26, 2022 · 3 min · 483 words · Heiner

                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”. This is due to the fact that OpenRC is not able to identify the exact process spawned by Podman.

                                                        I’ve therefore improved my OpenRC startup script to be used with podman kube play YAML files. In this post, I’m presenting my results. If you have further improvements, please let me know.

                                                        What does not work

                                                        The podman pod create command features the --infra-conmon-pidfile=file option. This option writes the PID of the infra container’s conmon process to a file.

                                                        Using this option, it was easy to enable OpenRC identifying the status of a Pod and start the Pod in background:

                                                        pidfile="/run/${RC_SVCNAME}.pid"
+OpenRC Script for 'podman kube play' | Virtualzone Blog
+
                                                        Home » Posts
                                                        OpenRC Script for 'podman kube play'
                                                        October 26, 2022 · 3 min · 483 words · Heiner
                                                        In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”. This is due to the fact that OpenRC is not able to identify the exact process spawned by Podman.
                                                        I’ve therefore improved my OpenRC startup script to be used with podman kube play YAML files. In this post, I’m presenting my results. If you have further improvements, please let me know.
                                                        What does not work
                                                        The podman pod create command features the --infra-conmon-pidfile=file option. This option writes the PID of the infra container’s conmon process to a file.
                                                        Using this option, it was easy to enable OpenRC identifying the status of a Pod and start the Pod in background:
                                                        pidfile="/run/${RC_SVCNAME}.pid"
 command_background=true
 
                                                        Unfortunately, the --infra-conmon-pidfile=file option is not (yet?) available when using the podman kube play command.
                                                        I’ve tried to discover the infra container’s PID file using the podman inspect command and using this value dynamically in my OpenRC scripts:
                                                        podman inspect --format '{{ .PidFile }}' somecontainer-infra
 
                                                        However, OpenRC doesn’t seem happy with PID files appearing and disapperaring dynamically.
                                                        What does work
                                                        I’ve created a pod script which is sourced by multiple pod-* scripts.
                                                        The pod script includes functions for getting the status of a Pod and stopping a Pod. The script assumes that your Pod’s Kubernetes YAML is located at /home/${command_user}/pods/${pod_name}/pod.yaml.
                                                        /home/your-user/pods/init.d/pod
                                                        #!/sbin/openrc-run
@@ -58,8 +58,9 @@
 ln -s /home/<user>/pods/pod-xyz
 rc-update add pod-xyz
 
                                                        Use rc-service to start and stop your Pod:
                                                        doas rc-service pod-xyz start
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/page/1/index.html b/posts/page/1/index.html index 1bca100..27c4113 100644 --- a/posts/page/1/index.html +++ b/posts/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/posts/ \ No newline at end of file +https://virtualzone.de/posts/ + \ No newline at end of file diff --git a/posts/page/2/index.html b/posts/page/2/index.html index f721017..23a2be1 100644 --- a/posts/page/2/index.html +++ b/posts/page/2/index.html @@ -1,13 +1,15 @@ -Posts | Virtualzone Blog
                                                        Home

                                                        Posts -

                                                        Export trainings from Endomondo as GPX files

                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                        June 1, 2020 · 2 min · 341 words · Heiner

                                                        Native USB boot for Raspberry Pi 4

                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                        May 28, 2020 · 2 min · 404 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. -Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 1)

                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                        May 15, 2020 · 3 min · 502 words · Heiner

                                                        How to let Jenkins build Docker images

                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. -So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                        June 11, 2017 · 2 min · 370 words · Heiner

                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Posts | Virtualzone Blog +

                                                        Home

                                                        Posts +

                                                        Export trainings from Endomondo as GPX files

                                                        I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                        June 1, 2020 · 2 min · 341 words · Heiner

                                                        Native USB boot for Raspberry Pi 4

                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                        May 28, 2020 · 2 min · 404 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 2)

                                                        Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                        May 16, 2020 · 3 min · 443 words · Heiner

                                                        Build Multi-Arch images on Docker Hub (Part 1)

                                                        Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                        May 15, 2020 · 3 min · 502 words · Heiner

                                                        How to let Jenkins build Docker images

                                                        If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                        June 11, 2017 · 2 min · 370 words · Heiner

                                                        Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                        I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                        February 11, 2017 · 2 min · 287 words · Heiner

                                                        Creating an encrypted file container on macOS

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        UptimeRobot: A nice free website monitoring service

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Fix Docker not using /etc/hosts on MacOS

                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                        February 11, 2017 · 2 min · 287 words · Heiner

                                                        Creating an encrypted file container on macOS

                                                        Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                        December 6, 2016 · 2 min · 356 words · Heiner

                                                        UptimeRobot: A nice free website monitoring service

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Fix Docker not using /etc/hosts on MacOS

                                                        On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                        August 28, 2016 · 1 min · 163 words · Heiner

                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                                        © 2023 Heiner Beck. +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                        August 28, 2016 · 1 min · 163 words · Heiner

                                                        From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                        For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                        August 28, 2016 · 6 min · 1084 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/page/3/index.html b/posts/page/3/index.html index 7ffdb2e..668109a 100644 --- a/posts/page/3/index.html +++ b/posts/page/3/index.html @@ -1,10 +1,12 @@ -Posts | Virtualzone Blog
                                                        Home

                                                        Posts -

                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                        August 27, 2016 · 2 min · 255 words · Heiner

                                                        How to reduce PDF file size in Linux - Part 2

                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                        August 15, 2015 · 1 min · 75 words · Heiner

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        How to reduce PDF file size in Linux

                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +Posts | Virtualzone Blog +

                                                        Home

                                                        Posts +

                                                        How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                        Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                        August 27, 2016 · 2 min · 255 words · Heiner

                                                        How to reduce PDF file size in Linux - Part 2

                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                        August 15, 2015 · 1 min · 75 words · Heiner

                                                        How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                        IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                        November 20, 2014 · 2 min · 372 words · Heiner

                                                        How to reduce PDF file size in Linux

                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                        November 21, 2012 · 1 min · 98 words · Heiner

                                                        Determining a location’s federal state using Google Maps API

                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                        August 10, 2012 · 1 min · 162 words · Heiner
                                                        © 2023 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                        November 21, 2012 · 1 min · 98 words · Heiner

                                                        Determining a location’s federal state using Google Maps API

                                                        If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                        August 10, 2012 · 1 min · 162 words · Heiner
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/podman-multiple-networks/index.html b/posts/podman-multiple-networks/index.html index ba87beb..575e546 100644 --- a/posts/podman-multiple-networks/index.html +++ b/posts/podman-multiple-networks/index.html @@ -1,14 +1,14 @@ -Connecting multiple networks to a Podman container | Virtualzone BlogConnecting multiple networks to a Podman container | Virtualzone Blog + -
                                                        Home » Posts

                                                        Connecting multiple networks to a Podman container

                                                        October 16, 2022 · 2 min · 274 words · Heiner

                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:

                                                        When a container was connected to more than one network, outgoing connections were not working correctly.

                                                        Consider a container connected to two bridge networks:

                                                        $ podman run --rm -it \
+$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:">
                                                        Home » Posts
                                                        Connecting multiple networks to a Podman container
                                                        October 16, 2022 · 2 min · 274 words · Heiner
                                                        I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since:
                                                        When a container was connected to more than one network, outgoing connections were not working correctly.
                                                        Consider a container connected to two bridge networks:
                                                        $ podman run --rm -it \
       --network net1 \
       --network net2 \
       alpine /bin/ash
@@ -29,8 +29,9 @@
 2 packets transmitted, 0 packets received, 100% packet loss
 
                                                        The solution
                                                        The solution is quite simple: You will need to set net.ipv4.conf.all.rp_filter to 2.
                                                        On my Alpine system, rp_filter was set to 1 by default. The setting controls the source path validation within the kernel’s IPv4 network stack. 1 means “strict”, whereas 2 means “loose”.
                                                        You can try the solution temporarily by running:
                                                        # sysctl -w net.ipv4.conf.all.rp_filter=2
 
                                                        To survive the next reboot, persist the setting by adding it to /etc/sysctl.conf:
                                                        # echo "net.ipv4.conf.all.rp_filter=2" >> /etc/sysctl.conf
-
                                                        For more information, you can take a look at this article.
                                                        © 2023 Heiner Beck.
+

                                                        For more information, you can take a look at this article.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/raspberry-pi-os-remove-packages/index.html b/posts/raspberry-pi-os-remove-packages/index.html index d52c508..eaf87d6 100644 --- a/posts/raspberry-pi-os-remove-packages/index.html +++ b/posts/raspberry-pi-os-remove-packages/index.html @@ -1,5 +1,5 @@ -Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog -
                                                        Home » Posts

                                                        Raspberry Pi OS: Remove unnecessary packages

                                                        June 7, 2020 · 1 min · 161 words · Heiner

                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.

                                                        You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.

                                                        Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:

                                                        sudo apt-get remove --purge \
+Raspberry Pi OS: Remove unnecessary packages | Virtualzone Blog
+
                                                        Home » Posts
                                                        Raspberry Pi OS: Remove unnecessary packages
                                                        June 7, 2020 · 1 min · 161 words · Heiner
                                                        Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands.
                                                        You can download Raspberry Pi OS’ 64 bit beta version from the download directory on Raspberry Pi’s website. The Raspberry Pi Imager makes it easy to burn the image to an SD card or external USB drive.
                                                        Enter the following commands (at your own risk!) to remove the Desktop packages after your Pi has started from the newly written card:
                                                        sudo apt-get remove --purge \
     x11-* \
     gnome-* \
     desktop-base \
@@ -10,8 +10,9 @@
     gtk2-* \
     xdg-*
 sudo apt-get autoremove --purge
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/reduce-pdf-file-size-2/index.html b/posts/reduce-pdf-file-size-2/index.html index 674cdc3..feb0c75 100644 --- a/posts/reduce-pdf-file-size-2/index.html +++ b/posts/reduce-pdf-file-size-2/index.html @@ -1,8 +1,8 @@ -How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog -How to reduce PDF file size in Linux - Part 2 | Virtualzone Blog +
                                                        Home » Posts

                                                        How to reduce PDF file size in Linux - Part 2

                                                        August 15, 2015 · 1 min · 75 words · Heiner

                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:

                                                        gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
+gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:">
                                                        Home » Posts
                                                        How to reduce PDF file size in Linux - Part 2
                                                        August 15, 2015 · 1 min · 75 words · Heiner
                                                        Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it:
                                                        gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \
 -dDownsampleColorImages=true \
 -dDownsampleGrayImages=true \
 -dDownsampleMonoImages=true \
@@ -11,8 +11,9 @@
 -dMonoImageResolution=120 \
 -sOutputFile=output.pdf input.pdf
 
                                                        Hint: This also works on MacOS. Just install GhostScript using Homebrew:
                                                        brew install ghostscript
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/reduce-pdf-file-size/index.html b/posts/reduce-pdf-file-size/index.html index 6754888..d6e0c00 100644 --- a/posts/reduce-pdf-file-size/index.html +++ b/posts/reduce-pdf-file-size/index.html @@ -1,14 +1,15 @@ -How to reduce PDF file size in Linux | Virtualzone BlogHow to reduce PDF file size in Linux | Virtualzone Blog + -
                                                        Home » Posts

                                                        How to reduce PDF file size in Linux

                                                        November 21, 2012 · 1 min · 98 words · Heiner

                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:

                                                        gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf
+/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings.">
                                                        Home » Posts
                                                        How to reduce PDF file size in Linux
                                                        November 21, 2012 · 1 min · 98 words · Heiner
                                                        Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB:
                                                        gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf
 
                                                        You can also use the following parameters for -dPDFSETTINGS instead of /screen:
                                                        • /screen – Lowest quality, lowest size
                                                        • /ebook – Moderate quality
                                                        • /printer – Good quality
                                                        • /prepress – Best quality, highest size
                                                        Update: Read Part 2 of this blog post for more detailled file size reduction settings.
                                                        Hint: This also works on MacOS. Just install GhostScript using Homebrew:
                                                        brew install ghostscript
-
                                                        © 2023 Heiner Beck.
+
                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html index 5d49ff9..6c899bb 100644 --- a/posts/traefik-access-log-influxdb-grafana-telegraf/index.html +++ b/posts/traefik-access-log-influxdb-grafana-telegraf/index.html @@ -1,11 +1,11 @@ -Analyze Traefik access log using InfluxDB and Grafana | Virtualzone BlogAnalyze Traefik access log using InfluxDB and Grafana | Virtualzone Blog + -
                                                        Home » Posts

                                                        Analyze Traefik access log using InfluxDB and Grafana

                                                        June 3, 2020 · 2 min · 373 words · Heiner

                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.

                                                        This setup contains the following elements:

                                                        • Traefik v2 runs as a Docker container on a Linux host.
                                                        • Traefik outputs access logs in JSON format to STDOUT.
                                                        • Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.
                                                        • To work with the JSON output in InfluxDB and Grafana, we need to convert them using Telegraf’s parser preprocessor plugin into distinct fields. Otherwise, only numeric fields are kept as metric values. String values are discarded by default.
                                                        • We’re using Telegraf’s output plugin “influxdb” to write them to InfluxDB.

                                                        Configure Traefik

                                                        traefik.yml contains the following settings:

                                                        accessLog:
+Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.">
                                                        Home » Posts
                                                        Analyze Traefik access log using InfluxDB and Grafana
                                                        June 3, 2020 · 2 min · 373 words · Heiner
                                                        Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana.
                                                        This setup contains the following elements:
                                                        • Traefik v2 runs as a Docker container on a Linux host.
                                                        • Traefik outputs access logs in JSON format to STDOUT.
                                                        • Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin.
                                                        • To work with the JSON output in InfluxDB and Grafana, we need to convert them using Telegraf’s parser preprocessor plugin into distinct fields. Otherwise, only numeric fields are kept as metric values. String values are discarded by default.
                                                        • We’re using Telegraf’s output plugin “influxdb” to write them to InfluxDB.
                                                        Configure Traefik
                                                        traefik.yml contains the following settings:
                                                        accessLog:
   format: json
   fields:
     headers:
@@ -47,8 +47,9 @@
     database = "telegraf"
     username = "telegraf"
     password = "..."
-
                                                        Important settings are:
                                                        • container_name_include specifies from which container instance the logs are collected. It’s our Traefik instance.
                                                        • parse_fields specifies which input field is to be processed. It’s the field “message”.
                                                        • json_string_fields specifies which values from the read JSON object are to be written to InfluxDB as string fields. If not specified, all non-numeric fields are dropped.
                                                        • json_time_key and the other json_time settings specify in which JSON keys and in which date-time format the timestamps for our log entries are contained.
                                                        • The output plugin needs to be configured so that Telegraf can connect to the InfluxDB.
                                                        This is just meant to be an example. Please mind applicable law when storing, processing and using the access logs – such as GDPR in the European Union.
                                                        © 2023 Heiner Beck.
+

                                                        Important settings are:

                                                        • container_name_include specifies from which container instance the logs are collected. It’s our Traefik instance.
                                                        • parse_fields specifies which input field is to be processed. It’s the field “message”.
                                                        • json_string_fields specifies which values from the read JSON object are to be written to InfluxDB as string fields. If not specified, all non-numeric fields are dropped.
                                                        • json_time_key and the other json_time settings specify in which JSON keys and in which date-time format the timestamps for our log entries are contained.
                                                        • The output plugin needs to be configured so that Telegraf can connect to the InfluxDB.

                                                        This is just meant to be an example. Please mind applicable law when storing, processing and using the access logs – such as GDPR in the European Union.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html index 57527fb..2ec3f15 100644 --- a/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html +++ b/posts/unifi-usg-multiple-ip-addresses-on-pppoe/index.html @@ -1,8 +1,8 @@ -Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog -Unifi USG: Multiple IP addresses on PPPoE | Virtualzone Blog +
                                                        Home » Posts

                                                        Unifi USG: Multiple IP addresses on PPPoE

                                                        August 16, 2021 · 2 min · 353 words · Heiner

                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).

                                                        By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.

                                                        Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:

                                                        1. Create (or extend) a config.gateway.json file

                                                        Place a file named config.gateway.json in the following path of your Unifi Network controller:

                                                        /unifi/data/sites/default/

                                                        You might need to replace “default” with the correct label of the affected site.

                                                        2. Add DNAT and SNAT rules to the config.gateway.json file

                                                        In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.

                                                        {
+By default, USG only allows for one IP address when dialing in via PPPoE.">
                                                        Home » Posts
                                                        Unifi USG: Multiple IP addresses on PPPoE
                                                        August 16, 2021 · 2 min · 353 words · Heiner
                                                        My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG).
                                                        By default, USG only allows for one IP address when dialing in via PPPoE. If you want to forward packets received on an additional IP address, you can’t use the Port Forwarding functionality provided in the Unifi Network Controller. If you do, such packets will still be dropped.
                                                        Instead, you have to set up SNAT and DNAT firewall rules using a config.gateway.json file. Here’s how to set up SNAT and DNAT firewall rules for your USG to get your second (third, fourth …) IP address working:
                                                        1. Create (or extend) a config.gateway.json file
                                                        Place a file named config.gateway.json in the following path of your Unifi Network controller:
                                                        /unifi/data/sites/default/
                                                        You might need to replace “default” with the correct label of the affected site.
                                                        2. Add DNAT and SNAT rules to the config.gateway.json file
                                                        In the following example, TCP packets received on port 443 of IP address public.static.ip.address will be forwarded to port 443 of IP address private.internal.ip.address. Replace the values to match your demands.
                                                        {
     "service": {
         "nat": {
             "rule": {
@@ -40,8 +40,9 @@
         }
     }
 }
-
                                                        3. Trigger a provision of your new config to your USG
                                                        Log in to your Unifi Network Controller. Navigate to “Devices” and choose your Unifi Security Gateway. Go to “Device”, select “Manage” and click “Trigger Provision”.
                                                        img
                                                        4. Test your configuration
                                                        From a system outside your network, try to reach the configured port by using nmap, curl or a web browser.
                                                        © 2023 Heiner Beck.
+

                                                        3. Trigger a provision of your new config to your USG

                                                        Log in to your Unifi Network Controller. Navigate to “Devices” and choose your Unifi Security Gateway. Go to “Device”, select “Manage” and click “Trigger Provision”.

                                                        img

                                                        4. Test your configuration

                                                        From a system outside your network, try to reach the configured port by using nmap, curl or a web browser.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/uptime-robot-website-monitoring/index.html b/posts/uptime-robot-website-monitoring/index.html index 714e2a9..2c4efd4 100644 --- a/posts/uptime-robot-website-monitoring/index.html +++ b/posts/uptime-robot-website-monitoring/index.html @@ -1,6 +1,7 @@ -UptimeRobot: A nice free website monitoring service | Virtualzone Blog -
                                                        Home » Posts

                                                        UptimeRobot: A nice free website monitoring service

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).

                                                        I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.

                                                        © 2023 Heiner Beck. +UptimeRobot: A nice free website monitoring service | Virtualzone Blog +
                                                        Home » Posts

                                                        UptimeRobot: A nice free website monitoring service

                                                        September 5, 2016 · 1 min · 120 words · Heiner

                                                        Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me).

                                                        I discovered UptimeRobot. The service fulfils all of my requirements and allows for checks every 5 minutes – for free. Not a bad offer. As far as I can tell, everything works fine and I’m quite happy with it.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/posts/usb-boot-raspberry-pi/index.html b/posts/usb-boot-raspberry-pi/index.html index 3f26476..4aaa950 100644 --- a/posts/usb-boot-raspberry-pi/index.html +++ b/posts/usb-boot-raspberry-pi/index.html @@ -1,8 +1,8 @@ -Native USB boot for Raspberry Pi 4 | Virtualzone Blog -Native USB boot for Raspberry Pi 4 | Virtualzone Blog +
                                                        Home » Posts

                                                        Native USB boot for Raspberry Pi 4

                                                        May 28, 2020 · 2 min · 404 words · Heiner

                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).

                                                        To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.

                                                        Download Raspberry OS 64 bit

                                                        You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:

                                                        brew cask install raspberry-pi-imager
+To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation.">
                                                        Home » Posts
                                                        Native USB boot for Raspberry Pi 4
                                                        May 28, 2020 · 2 min · 404 words · Heiner
                                                        Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian).
                                                        To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. This is required to upgrade the new beta firmware.
                                                        Download Raspberry OS 64 bit
                                                        You can find the new 64 bit beta version of Raspberry OS in a forum post. Download the ZIP file. Install Raspberry Pi Imager. I’ve installed the imager using Homebrew:
                                                        brew cask install raspberry-pi-imager
 
                                                        Prepare an SD card with Raspberry OS
                                                        Note: This step is only required if your Raspberry Pi is now running Raspbian or Raspberry OS! We need Raspberry OS to flash the new firmware.
                                                        Open Raspberry Pi Imager and flash the downloaded image to an SD card.
                                                        Afterwards, boot your Pi from this new SD card.
                                                        Flash EEPROM
                                                        EEPROM (electrically erasable programmable read-only memory) is your Raspberry Pi’s firmware – sort of a basic system.
                                                        You can find the changelog for the Raspberry Pi EEPROM on GitHub. The beta versions as of May 15th 2020 contain the required functionalities to boot from a USB drive – i.e. an SSD.
                                                        Install the required update tool on your Pi:
                                                        sudo apt update
 sudo apt upgrade
 sudo apt install rpi-eeprom
@@ -11,8 +11,9 @@
 
                                                        Upgrade the firmware and reboot:
                                                        sudo rpi-eeprom-update -a
 
                                                        After the reboot, the following command should state that the new beta firmware has been installed:
                                                        sudo rpi-eeprom-update
 
                                                        Alternatively, you can flash the new EEPROM version by downloading it from the GitHub repository and run the following command:
                                                        sudo rpi-eeprom-update -d -f /tmp/pieeprom-2020-05-27.bin
-
                                                        Prepare an SSD for USB boot
                                                        To make your Raspberry Pi boot from an USB drive (such as an SSD, an external hard drive or an USB thumb drive), use the Raspberry Pi Imager to write Raspberry Pi OS to your USB drive.
                                                        Finally, connect the USB drive to your Raspberry Pi 4, remove the SD card, and connect the power cord. Watch your Pi boot from USB - without any SD Card workaround.
                                                        © 2023 Heiner Beck.
+

                                                        Prepare an SSD for USB boot

                                                        To make your Raspberry Pi boot from an USB drive (such as an SSD, an external hard drive or an USB thumb drive), use the Raspberry Pi Imager to write Raspberry Pi OS to your USB drive.

                                                        Finally, connect the USB drive to your Raspberry Pi 4, remove the SD card, and connect the power cord. Watch your Pi boot from USB - without any SD Card workaround.

                                                        \ No newline at end of file + PaperMod
                                                        + \ No newline at end of file diff --git a/privacy-policy/index.html b/privacy-policy/index.html index eb06450..e6660de 100644 --- a/privacy-policy/index.html +++ b/privacy-policy/index.html @@ -1,11 +1,12 @@ -Privacy Policy | Virtualzone BlogPrivacy Policy | Virtualzone Blog + -
                                                        Home

                                                        Privacy Policy

                                                        Heiner

                                                        We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of the Seatsurfing website and the Seatsurfing app have.

                                                        Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

                                                        Personal data stored

                                                        The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

                                                        Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

                                                        If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

                                                        The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

                                                        Which personal data we store

                                                        You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

                                                        Where we store your data

                                                        Our servers are located in Germany.

                                                        Your rights according to General Data Protection Regulation (GDPR)

                                                        According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

                                                        • Right to have your data corrected (article 16 DSGVO)
                                                        • Right to have your data deleted (article 17 DSGVO)
                                                        • Right to limit the processing of your data (article 18 DSGVO)
                                                        • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                                                        • Right to data portability (article 20 DSGVO)
                                                        • Right to refuse (article 21 DSGVO)
                                                        • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

                                                        If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

                                                        Where we send your data

                                                        We will not share your data with third parties.

                                                        TLS encryption using HTTPS

                                                        In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

                                                        Cloudflare

                                                        We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

                                                        Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

                                                        The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

                                                        Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/

                                                        For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/

                                                        Web Analytics

                                                        For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

                                                        Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

                                                          © 2023 Heiner Beck. +Personal data stored The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.">
                                                          Home

                                                          Privacy Policy

                                                          Heiner

                                                          We created this privacy policy in order to inform you about the information we collect, how we use your data and which choices you as a visitor of this website have.

                                                          Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.

                                                          Personal data stored

                                                          The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.

                                                          Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.

                                                          If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.

                                                          The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.

                                                          Which personal data we store

                                                          You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.

                                                          Where we store your data

                                                          Our servers are located in Germany.

                                                          Your rights according to General Data Protection Regulation (GDPR)

                                                          According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:

                                                          • Right to have your data corrected (article 16 DSGVO)
                                                          • Right to have your data deleted (article 17 DSGVO)
                                                          • Right to limit the processing of your data (article 18 DSGVO)
                                                          • Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
                                                          • Right to data portability (article 20 DSGVO)
                                                          • Right to refuse (article 21 DSGVO)
                                                          • Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)

                                                          If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.

                                                          Where we send your data

                                                          We will not share your data with third parties.

                                                          TLS encryption using HTTPS

                                                          In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.

                                                          Cloudflare

                                                          We use the “Cloudflare” service provided by Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. (hereinafter referred to as “Cloudflare”).

                                                          Cloudflare offers a content delivery network with DNS that is available worldwide. As a result, the information transfer that occurs between your browser and our website is technically routed via Cloudflare’s network. This enables Cloudflare to analyze data transactions between your browser and our website and to work as a filter between our servers and potentially malicious data traffic from the Internet. In this context, Cloudflare may also use cookies or other technologies deployed to recognize Internet users, which shall, however, only be used for the herein described purpose.

                                                          The use of Cloudflare is based on our legitimate interest in a provision of our website offerings that is as error free and secure as possible (Art. 6(1)(f) GDPR).

                                                          Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.cloudflare.com/privacypolicy/

                                                          For more information on Cloudflare’s security precautions and data privacy policies, please follow this link: https://www.cloudflare.com/privacypolicy/

                                                          Web Analytics

                                                          For statistical purposes, this website uses Matomo, an open source web analysis tool. Matomo does not transfer any data to servers outside our control. All data is processed and stored anonymised. Matomo is provided by InnoCraft Ltd, 7 Waterloo Quay PO625, 6140 Wellington, New Zealand. You can find out more about the data being processed by Matomo in its privacy policy at https://matomo.org/privacy-policy/. If you have any questions regarding the protection of your web analytics data, please contact privacy@matomo.org.

                                                          Quelle: Erstellt mit dem Datenschutz-Generator von AdSimple

                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/api/index.html b/tags/api/index.html index c405f3b..66728d1 100644 --- a/tags/api/index.html +++ b/tags/api/index.html @@ -1,6 +1,8 @@ -api | Virtualzone Blog
                                                            Home » Tags

                                                            api -

                                                            Export trainings from Endomondo as GPX files

                                                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                            June 1, 2020 · 2 min · 341 words · Heiner

                                                            Determining a location’s federal state using Google Maps API

                                                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                            August 10, 2012 · 1 min · 162 words · Heiner
                                                            © 2023 Heiner Beck. +Api | Virtualzone Blog +
                                                            Home » Tags

                                                            Api +

                                                            Export trainings from Endomondo as GPX files

                                                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                            June 1, 2020 · 2 min · 341 words · Heiner

                                                            Determining a location’s federal state using Google Maps API

                                                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                            August 10, 2012 · 1 min · 162 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/api/index.xml b/tags/api/index.xml index 37cfc61..1c6b934 100644 --- a/tags/api/index.xml +++ b/tags/api/index.xml @@ -1,31 +1,28 @@ - api on Virtualzone Blog + Api on Virtualzone Blog https://virtualzone.de/tags/api/ - Recent content in api on Virtualzone Blog + Recent content in Api on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Mon, 01 Jun 2020 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Mon, 01 Jun 2020 11:30:03 +0000 + Export trainings from Endomondo as GPX files https://virtualzone.de/posts/endomono-export-gpx/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/endomono-export-gpx/ I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost. - Determining a location’s federal state using Google Maps API https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ Fri, 10 Aug 2012 11:30:03 +0000 - https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). - diff --git a/tags/api/page/1/index.html b/tags/api/page/1/index.html index ad10d59..dac95f6 100644 --- a/tags/api/page/1/index.html +++ b/tags/api/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/api/ \ No newline at end of file +https://virtualzone.de/tags/api/ + \ No newline at end of file diff --git a/tags/docker/index.html b/tags/docker/index.html index aede8ae..7ab9fdb 100644 --- a/tags/docker/index.html +++ b/tags/docker/index.html @@ -1,18 +1,20 @@ -docker | Virtualzone Blog
                                                            Home » Tags

                                                            docker -

                                                            Go-hole: A minimalistic DNS proxy and and blocker

                                                            You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. +Docker | Virtualzone Blog +

                                                            Home » Tags

                                                            Docker +

                                                            Go-hole: A minimalistic DNS proxy and and blocker

                                                            You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. -However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                            February 5, 2023 · 4 min · 703 words · Heiner

                                                            OpenRC Script for 'podman kube play'

                                                            In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                            October 26, 2022 · 3 min · 483 words · Heiner

                                                            Connecting multiple networks to a Podman container

                                                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                            February 5, 2023 · 4 min · 703 words · Heiner

                                                            OpenRC Script for 'podman kube play'

                                                            In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                            October 26, 2022 · 3 min · 483 words · Heiner

                                                            Connecting multiple networks to a Podman container

                                                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: -$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                            October 16, 2022 · 2 min · 274 words · Heiner

                                                            Setting up Alpine Linux with Podman

                                                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                                            June 25, 2022 · 4 min · 852 words · Heiner

                                                            Setting up Alpine Linux with Rootless Docker

                                                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. -However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                            June 19, 2022 · 3 min · 479 words · Heiner

                                                            Analyze Traefik access log using InfluxDB and Grafana

                                                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                            October 16, 2022 · 2 min · 274 words · Heiner

                                                            Setting up Alpine Linux with Podman

                                                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +Podman was initially developed by RedHat and is available as an open source project....

                                                            June 25, 2022 · 4 min · 852 words · Heiner

                                                            Setting up Alpine Linux with Rootless Docker

                                                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                            June 19, 2022 · 3 min · 479 words · Heiner

                                                            Analyze Traefik access log using InfluxDB and Grafana

                                                            Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik’s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: -Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                            June 3, 2020 · 2 min · 373 words · Heiner

                                                            Build Multi-Arch images on Docker Hub (Part 2)

                                                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. -Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                            May 16, 2020 · 3 min · 443 words · Heiner

                                                            Build Multi-Arch images on Docker Hub (Part 1)

                                                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                            May 15, 2020 · 3 min · 502 words · Heiner

                                                            How to let Jenkins build Docker images

                                                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. -So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                            June 11, 2017 · 2 min · 370 words · Heiner

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container’s JSON output using the docker_log input plugin....

                                                            June 3, 2020 · 2 min · 373 words · Heiner

                                                            Build Multi-Arch images on Docker Hub (Part 2)

                                                            Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. +Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub....

                                                            May 16, 2020 · 3 min · 443 words · Heiner

                                                            Build Multi-Arch images on Docker Hub (Part 1)

                                                            Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung....

                                                            May 15, 2020 · 3 min · 502 words · Heiner

                                                            How to let Jenkins build Docker images

                                                            If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. +So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there....

                                                            June 11, 2017 · 2 min · 370 words · Heiner

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            © 2023 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/docker/index.xml b/tags/docker/index.xml index fdd873f..e267931 100644 --- a/tags/docker/index.xml +++ b/tags/docker/index.xml @@ -1,135 +1,112 @@ - docker on Virtualzone Blog + Docker on Virtualzone Blog https://virtualzone.de/tags/docker/ - Recent content in docker on Virtualzone Blog + Recent content in Docker on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 05 Feb 2023 06:00:00 +0000 + &copy; 2024 Heiner Beck. + Sun, 05 Feb 2023 06:00:00 +0000 + Go-hole: A minimalistic DNS proxy and and blocker https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. - OpenRC Script for 'podman kube play' https://virtualzone.de/posts/openrc-podman-kube-play/ Wed, 26 Oct 2022 15:00:00 +0000 - https://virtualzone.de/posts/openrc-podman-kube-play/ In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. - Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ Sun, 16 Oct 2022 17:00:00 +0000 - https://virtualzone.de/posts/podman-multiple-networks/ I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: - Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ Sat, 25 Jun 2022 18:00:00 +0000 - https://virtualzone.de/posts/alpine-podman/ Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project. - Setting up Alpine Linux with Rootless Docker https://virtualzone.de/posts/alpine-docker-rootless/ Sun, 19 Jun 2022 15:00:00 +0000 - https://virtualzone.de/posts/alpine-docker-rootless/ As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux. - Analyze Traefik access log using InfluxDB and Grafana https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Wed, 03 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/traefik-access-log-influxdb-grafana-telegraf/ Traefik is a Cloud Native Edge Router, often deployed in Docker and Kubernetes environments. With little effort, you can use Telegraf to transport Traefik&rsquo;s access logs to an InfluxDB, where it can be analyzed using Grafana. This setup contains the following elements: Traefik v2 runs as a Docker container on a Linux host. Traefik outputs access logs in JSON format to STDOUT. Telegraf fetched the Traefik container&rsquo;s JSON output using the docker_log input plugin. - Build Multi-Arch images on Docker Hub (Part 2) https://virtualzone.de/posts/multi-arch-docker-images-2/ Sat, 16 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-2/ Im ersten Teil dieses Artikels habe ich Euch gezeigt, wie Ihr ein Multi-Arch-Docker-Projekt anlegt, das auf einer AMD64-Plattform auch für andere Zielarchitekturen wie bspw. ARM bauen kann. In diesem Teil zeige ich Euch, wie Ihr das Ganze im offiziellen Docker Hub zum Laufen bekommt. Zunächst solltet Ihr ein Projekt im Docker Hub anlegen und dieses mit Eurem Quellcode-Repository verknüpfen. In meinem Fall nutze ich GitHub als Sourcecode-Repository und nutze die Build-Infrastruktur von Docker Hub. - Build Multi-Arch images on Docker Hub (Part 1) https://virtualzone.de/posts/multi-arch-docker-images-1/ Fri, 15 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/multi-arch-docker-images-1/ Multi-Arch Docker Images sind eine tolle Sache: Benutzer Eurer Images ziehen automatisch die für Ihre Architektur passende Version Eures Image – ob AMD64, ARM64 oder ARM32. Normalerweise muss man Docker Images auf der Architektur bauen, auf der sie später auch verwendet werden. Durch die Verwendung des Emulators QEMU ist es jedoch möglich, auf einer AMD64-Architektur für alle anderen Zielplattformen mitzubauen. Kombiniert mit der Auto-Build-Funktion des Docker Hub ist das eine prima Arbeitserleichterung. - How to let Jenkins build Docker images https://virtualzone.de/posts/jenkins-build-docker-images/ Sun, 11 Jun 2017 11:30:03 +0000 - https://virtualzone.de/posts/jenkins-build-docker-images/ If you’re using Jenkins as your Continuous Integration (CI) tool and Docker to build self-contained images of your application, you may ask yourself how to automatically build Docker images during Jenkins’ build job. Here’s how I did it – with Jenkins running in a Docker container itself. So far, I’ve used the official Jenkins Docker image (the one based on Alpine). I’ve tried some of the Docker plugins for Jenkins available out there. - Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. - Fix Docker not using /etc/hosts on MacOS https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. - From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - diff --git a/tags/docker/page/1/index.html b/tags/docker/page/1/index.html index a9f3732..57b1622 100644 --- a/tags/docker/page/1/index.html +++ b/tags/docker/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/docker/ \ No newline at end of file +https://virtualzone.de/tags/docker/ + \ No newline at end of file diff --git a/tags/docker/page/2/index.html b/tags/docker/page/2/index.html index d1f97fe..94e3331 100644 --- a/tags/docker/page/2/index.html +++ b/tags/docker/page/2/index.html @@ -1,7 +1,9 @@ -docker | Virtualzone Blog
                                                            Home » Tags

                                                            docker -

                                                            Fix Docker not using /etc/hosts on MacOS

                                                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +Docker | Virtualzone Blog +

                                                            Home » Tags

                                                            Docker +

                                                            Fix Docker not using /etc/hosts on MacOS

                                                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                            August 28, 2016 · 1 min · 163 words · Heiner

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            © 2023 Heiner Beck. +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                            August 28, 2016 · 1 min · 163 words · Heiner

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/endonomdo/index.html b/tags/endonomdo/index.html index cadc4c5..15767c6 100644 --- a/tags/endonomdo/index.html +++ b/tags/endonomdo/index.html @@ -1,5 +1,7 @@ -endonomdo | Virtualzone Blog
                                                            Home » Tags

                                                            endonomdo -

                                                            Export trainings from Endomondo as GPX files

                                                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                            June 1, 2020 · 2 min · 341 words · Heiner
                                                            © 2023 Heiner Beck. +Endonomdo | Virtualzone Blog +
                                                            Home » Tags

                                                            Endonomdo +

                                                            Export trainings from Endomondo as GPX files

                                                            I’ve been using Endomondo for years to track my trainings. However, I’ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it’s not possible to log in. Other times, my trainings won’t get synced. So it’s time a new app. I’ve decided to give Strava a try. With a few lines of code, I’ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won’t get lost....

                                                            June 1, 2020 · 2 min · 341 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/endonomdo/index.xml b/tags/endonomdo/index.xml index 3bd56f5..544f509 100644 --- a/tags/endonomdo/index.xml +++ b/tags/endonomdo/index.xml @@ -1,21 +1,20 @@ - endonomdo on Virtualzone Blog + Endonomdo on Virtualzone Blog https://virtualzone.de/tags/endonomdo/ - Recent content in endonomdo on Virtualzone Blog + Recent content in Endonomdo on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Mon, 01 Jun 2020 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Mon, 01 Jun 2020 11:30:03 +0000 + Export trainings from Endomondo as GPX files https://virtualzone.de/posts/endomono-export-gpx/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/endomono-export-gpx/ I&rsquo;ve been using Endomondo for years to track my trainings. However, I&rsquo;ve been experiencing a lot of issues with Endomondo over the last months: Sometimes it&rsquo;s not possible to log in. Other times, my trainings won&rsquo;t get synced. So it&rsquo;s time a new app. I&rsquo;ve decided to give Strava a try. With a few lines of code, I&rsquo;ve managed to export all my training data as GPX files. These can be imported to Strava, so my training history won&rsquo;t get lost. - diff --git a/tags/endonomdo/page/1/index.html b/tags/endonomdo/page/1/index.html index 67084a4..71e06f6 100644 --- a/tags/endonomdo/page/1/index.html +++ b/tags/endonomdo/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/endonomdo/ \ No newline at end of file +https://virtualzone.de/tags/endonomdo/ + \ No newline at end of file diff --git a/tags/fhem/index.html b/tags/fhem/index.html index d4b16e0..feff389 100644 --- a/tags/fhem/index.html +++ b/tags/fhem/index.html @@ -1,5 +1,7 @@ -fhem | Virtualzone Blog
                                                            Home » Tags

                                                            fhem -

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            © 2023 Heiner Beck. +Fhem | Virtualzone Blog +
                                                            Home » Tags

                                                            Fhem +

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/fhem/index.xml b/tags/fhem/index.xml index 8c00fb2..eac0111 100644 --- a/tags/fhem/index.xml +++ b/tags/fhem/index.xml @@ -1,21 +1,20 @@ - fhem on Virtualzone Blog + Fhem on Virtualzone Blog https://virtualzone.de/tags/fhem/ - Recent content in fhem on Virtualzone Blog + Recent content in Fhem on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 28 Aug 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - diff --git a/tags/fhem/page/1/index.html b/tags/fhem/page/1/index.html index dd69fba..b1bf4ce 100644 --- a/tags/fhem/page/1/index.html +++ b/tags/fhem/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/fhem/ \ No newline at end of file +https://virtualzone.de/tags/fhem/ + \ No newline at end of file diff --git a/tags/firewall/index.html b/tags/firewall/index.html index b4b3440..4d0dea6 100644 --- a/tags/firewall/index.html +++ b/tags/firewall/index.html @@ -1,5 +1,7 @@ -firewall | Virtualzone Blog
                                                            Home » Tags

                                                            firewall -

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            © 2023 Heiner Beck. +Firewall | Virtualzone Blog +
                                                            Home » Tags

                                                            Firewall +

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/firewall/index.xml b/tags/firewall/index.xml index df96573..e1f9cac 100644 --- a/tags/firewall/index.xml +++ b/tags/firewall/index.xml @@ -1,21 +1,20 @@ - firewall on Virtualzone Blog + Firewall on Virtualzone Blog https://virtualzone.de/tags/firewall/ - Recent content in firewall on Virtualzone Blog + Recent content in Firewall on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 20 Nov 2014 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT https://virtualzone.de/posts/ipv6-on-a-sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/posts/ipv6-on-a-sonicwall/ IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. - diff --git a/tags/firewall/page/1/index.html b/tags/firewall/page/1/index.html index 60f97fd..8ce74a8 100644 --- a/tags/firewall/page/1/index.html +++ b/tags/firewall/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/firewall/ \ No newline at end of file +https://virtualzone.de/tags/firewall/ + \ No newline at end of file diff --git a/tags/github/index.html b/tags/github/index.html index 4fb3f29..fa044a6 100644 --- a/tags/github/index.html +++ b/tags/github/index.html @@ -1,6 +1,8 @@ -github | Virtualzone Blog
                                                            Home » Tags

                                                            github -

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner
                                                            © 2023 Heiner Beck. +Github | Virtualzone Blog +
                                                            Home » Tags

                                                            Github +

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/github/index.xml b/tags/github/index.xml index a7f1fd8..f5eb131 100644 --- a/tags/github/index.xml +++ b/tags/github/index.xml @@ -1,31 +1,28 @@ - github on Virtualzone Blog + Github on Virtualzone Blog https://virtualzone.de/tags/github/ - Recent content in github on Virtualzone Blog + Recent content in Github on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 02 Sep 2021 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + Back up server to OneDrive’s special App Folder https://virtualzone.de/posts/onedrive-upload-backup/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/onedrive-upload-backup/ I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. - Unifi USG: Multiple IP addresses on PPPoE https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ Mon, 16 Aug 2021 11:30:03 +0000 - https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE. - diff --git a/tags/github/page/1/index.html b/tags/github/page/1/index.html index 62fd514..cba6907 100644 --- a/tags/github/page/1/index.html +++ b/tags/github/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/github/ \ No newline at end of file +https://virtualzone.de/tags/github/ + \ No newline at end of file diff --git a/tags/google/index.html b/tags/google/index.html index 4d9fe5c..06ed971 100644 --- a/tags/google/index.html +++ b/tags/google/index.html @@ -1,6 +1,8 @@ -google | Virtualzone Blog
                                                            Home » Tags

                                                            google -

                                                            Determining a location’s federal state using Google Maps API

                                                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: -function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                            August 10, 2012 · 1 min · 162 words · Heiner
                                                            © 2023 Heiner Beck. +Google | Virtualzone Blog +
                                                            Home » Tags

                                                            Google +

                                                            Determining a location’s federal state using Google Maps API

                                                            If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: +function log(s) { $('#sysout').append(document.createTextNode(s + 'n')); } function getResult(results) { for (var i=0; i -1) { return result['address_components'][j]['short_name']; } } return ''; } function getCountry(result) { return extractFirst(result, 'country'); } function getFederalState(result) { return extractFirst(result, 'administrative_area_level_1'); } function searchLocation() { $('#sysout').empty(); var location = $('#location')....

                                                            August 10, 2012 · 1 min · 162 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/google/index.xml b/tags/google/index.xml index f48d1ab..2d4c076 100644 --- a/tags/google/index.xml +++ b/tags/google/index.xml @@ -1,22 +1,21 @@ - google on Virtualzone Blog + Google on Virtualzone Blog https://virtualzone.de/tags/google/ - Recent content in google on Virtualzone Blog + Recent content in Google on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Fri, 10 Aug 2012 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Fri, 10 Aug 2012 11:30:03 +0000 + Determining a location’s federal state using Google Maps API https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ Fri, 10 Aug 2012 11:30:03 +0000 - https://virtualzone.de/posts/determining-a-locations-federal-state-using-google-maps-api/ If you have to find out which federal state a city belongs to, you can use the Google Maps API v3. Here is a straightforward JavaScript code snippet: function log(s) { $(&#39;#sysout&#39;).append(document.createTextNode(s + &#39;n&#39;)); } function getResult(results) { for (var i=0; i -1) { return result[&#39;address_components&#39;][j][&#39;short_name&#39;]; } } return &#39;&#39;; } function getCountry(result) { return extractFirst(result, &#39;country&#39;); } function getFederalState(result) { return extractFirst(result, &#39;administrative_area_level_1&#39;); } function searchLocation() { $(&#39;#sysout&#39;).empty(); var location = $(&#39;#location&#39;). - diff --git a/tags/google/page/1/index.html b/tags/google/page/1/index.html index 0ff466e..e0589e6 100644 --- a/tags/google/page/1/index.html +++ b/tags/google/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/google/ \ No newline at end of file +https://virtualzone.de/tags/google/ + \ No newline at end of file diff --git a/tags/homeautomation/index.html b/tags/homeautomation/index.html index bcd920a..5a736f6 100644 --- a/tags/homeautomation/index.html +++ b/tags/homeautomation/index.html @@ -1,5 +1,7 @@ -homeautomation | Virtualzone Blog
                                                            Home » Tags

                                                            homeautomation -

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            © 2023 Heiner Beck. +Homeautomation | Virtualzone Blog +
                                                            Home » Tags

                                                            Homeautomation +

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/homeautomation/index.xml b/tags/homeautomation/index.xml index af6c1f8..e1bc4a2 100644 --- a/tags/homeautomation/index.xml +++ b/tags/homeautomation/index.xml @@ -1,21 +1,20 @@ - homeautomation on Virtualzone Blog + Homeautomation on Virtualzone Blog https://virtualzone.de/tags/homeautomation/ - Recent content in homeautomation on Virtualzone Blog + Recent content in Homeautomation on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 28 Aug 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - diff --git a/tags/homeautomation/page/1/index.html b/tags/homeautomation/page/1/index.html index 8f727ea..232bbc9 100644 --- a/tags/homeautomation/page/1/index.html +++ b/tags/homeautomation/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/homeautomation/ \ No newline at end of file +https://virtualzone.de/tags/homeautomation/ + \ No newline at end of file diff --git a/tags/index.html b/tags/index.html index 7284df0..d385fb0 100644 --- a/tags/index.html +++ b/tags/index.html @@ -1,4 +1,6 @@ -Tags | Virtualzone Blog

                                                            Tags

                                                            © 2023 Heiner Beck. +Tags | Virtualzone Blog +

                                                            Tags

                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/index.xml b/tags/index.xml index baa98d1..fff5002 100644 --- a/tags/index.xml +++ b/tags/index.xml @@ -6,196 +6,155 @@ Recent content in Tags on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 05 Feb 2023 06:00:00 +0000 + &copy; 2024 Heiner Beck. + Sun, 05 Feb 2023 06:00:00 +0000 + - docker + Docker https://virtualzone.de/tags/docker/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/tags/docker/ - - linux + Linux https://virtualzone.de/tags/linux/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/tags/linux/ - - kubernetes + Kubernetes https://virtualzone.de/tags/kubernetes/ Fri, 03 Sep 2021 11:30:03 +0000 - https://virtualzone.de/tags/kubernetes/ - - github + Github https://virtualzone.de/tags/github/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/tags/github/ - - onedrive + Onedrive https://virtualzone.de/tags/onedrive/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/tags/onedrive/ - - tool + Tool https://virtualzone.de/tags/tool/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/tags/tool/ - - raspberrypi + Raspberrypi https://virtualzone.de/tags/raspberrypi/ Sun, 07 Jun 2020 11:30:03 +0000 - https://virtualzone.de/tags/raspberrypi/ - - api + Api https://virtualzone.de/tags/api/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/tags/api/ - - endonomdo + Endonomdo https://virtualzone.de/tags/endonomdo/ Mon, 01 Jun 2020 11:30:03 +0000 - https://virtualzone.de/tags/endonomdo/ - - letsencrypt + Letsencrypt https://virtualzone.de/tags/letsencrypt/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/tags/letsencrypt/ - - nginx + Nginx https://virtualzone.de/tags/nginx/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/tags/nginx/ - - macos + Macos https://virtualzone.de/tags/macos/ Tue, 06 Dec 2016 11:30:03 +0000 - https://virtualzone.de/tags/macos/ - - fhem + Fhem https://virtualzone.de/tags/fhem/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/tags/fhem/ - - homeautomation + Homeautomation https://virtualzone.de/tags/homeautomation/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/tags/homeautomation/ - - openhab + Openhab https://virtualzone.de/tags/openhab/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/tags/openhab/ - - proxy + Proxy https://virtualzone.de/tags/proxy/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/tags/proxy/ - - wordpress + Wordpress https://virtualzone.de/tags/wordpress/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/tags/wordpress/ - - firewall + Firewall https://virtualzone.de/tags/firewall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/tags/firewall/ - - ipv6 + Ipv6 https://virtualzone.de/tags/ipv6/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/tags/ipv6/ - - sonicwall + Sonicwall https://virtualzone.de/tags/sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/tags/sonicwall/ - - google + Google https://virtualzone.de/tags/google/ Fri, 10 Aug 2012 11:30:03 +0000 - https://virtualzone.de/tags/google/ - diff --git a/tags/ipv6/index.html b/tags/ipv6/index.html index a271e9b..4b34e5f 100644 --- a/tags/ipv6/index.html +++ b/tags/ipv6/index.html @@ -1,5 +1,7 @@ -ipv6 | Virtualzone Blog
                                                            Home » Tags

                                                            ipv6 -

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            © 2023 Heiner Beck. +Ipv6 | Virtualzone Blog +
                                                            Home » Tags

                                                            Ipv6 +

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/ipv6/index.xml b/tags/ipv6/index.xml index 6efdab6..ad3485d 100644 --- a/tags/ipv6/index.xml +++ b/tags/ipv6/index.xml @@ -1,21 +1,20 @@ - ipv6 on Virtualzone Blog + Ipv6 on Virtualzone Blog https://virtualzone.de/tags/ipv6/ - Recent content in ipv6 on Virtualzone Blog + Recent content in Ipv6 on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 20 Nov 2014 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT https://virtualzone.de/posts/ipv6-on-a-sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/posts/ipv6-on-a-sonicwall/ IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. - diff --git a/tags/ipv6/page/1/index.html b/tags/ipv6/page/1/index.html index f481736..ac28fad 100644 --- a/tags/ipv6/page/1/index.html +++ b/tags/ipv6/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/ipv6/ \ No newline at end of file +https://virtualzone.de/tags/ipv6/ + \ No newline at end of file diff --git a/tags/kubernetes/index.html b/tags/kubernetes/index.html index 684b8f6..2a9903d 100644 --- a/tags/kubernetes/index.html +++ b/tags/kubernetes/index.html @@ -1,5 +1,7 @@ -kubernetes | Virtualzone Blog
                                                            Home » Tags

                                                            kubernetes -

                                                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                            September 3, 2021 · 1 min · 118 words · Heiner
                                                            © 2023 Heiner Beck. +Kubernetes | Virtualzone Blog +
                                                            Home » Tags

                                                            Kubernetes +

                                                            Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing

                                                            I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system....

                                                            September 3, 2021 · 1 min · 118 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/kubernetes/index.xml b/tags/kubernetes/index.xml index 6748024..bcaf5ff 100644 --- a/tags/kubernetes/index.xml +++ b/tags/kubernetes/index.xml @@ -1,21 +1,20 @@ - kubernetes on Virtualzone Blog + Kubernetes on Virtualzone Blog https://virtualzone.de/tags/kubernetes/ - Recent content in kubernetes on Virtualzone Blog + Recent content in Kubernetes on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Fri, 03 Sep 2021 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Fri, 03 Sep 2021 11:30:03 +0000 + Setting up a Kubernetes cluster with K3S, GlusterFS and Load Balancing https://virtualzone.de/posts/k3s-glusterfs/ Fri, 03 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/k3s-glusterfs/ I’ve recently written a tutorial which will guide you through setting up a Kubernetes cluster using K3S with virtual machines hosted at Hetzner, a German (Cloud) hosting provider. The tutorial uses K3S, a lightweight Kubernetes distribution which is perfectly suited for small VMs like Hetzner’s CX11. Additionally, the tutorial will show you how to set up Hetzner’s cloud load balancer which performs SSL offloading and forwards traffic to your Kubernetes system. - diff --git a/tags/kubernetes/page/1/index.html b/tags/kubernetes/page/1/index.html index 8b276e5..529f586 100644 --- a/tags/kubernetes/page/1/index.html +++ b/tags/kubernetes/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/kubernetes/ \ No newline at end of file +https://virtualzone.de/tags/kubernetes/ + \ No newline at end of file diff --git a/tags/letsencrypt/index.html b/tags/letsencrypt/index.html index 8f14bec..3f85df9 100644 --- a/tags/letsencrypt/index.html +++ b/tags/letsencrypt/index.html @@ -1,7 +1,9 @@ -letsencrypt | Virtualzone Blog
                                                            Home » Tags

                                                            letsencrypt -

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Letsencrypt | Virtualzone Blog +

                                                            Home » Tags

                                                            Letsencrypt +

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            © 2023 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/letsencrypt/index.xml b/tags/letsencrypt/index.xml index e0c62b4..9bc6db4 100644 --- a/tags/letsencrypt/index.xml +++ b/tags/letsencrypt/index.xml @@ -1,23 +1,22 @@ - letsencrypt on Virtualzone Blog + Letsencrypt on Virtualzone Blog https://virtualzone.de/tags/letsencrypt/ - Recent content in letsencrypt on Virtualzone Blog + Recent content in Letsencrypt on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sat, 11 Feb 2017 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sat, 11 Feb 2017 11:30:03 +0000 + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. - diff --git a/tags/letsencrypt/page/1/index.html b/tags/letsencrypt/page/1/index.html index eb73088..cf37852 100644 --- a/tags/letsencrypt/page/1/index.html +++ b/tags/letsencrypt/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/letsencrypt/ \ No newline at end of file +https://virtualzone.de/tags/letsencrypt/ + \ No newline at end of file diff --git a/tags/linux/index.html b/tags/linux/index.html index c4886ca..8c29355 100644 --- a/tags/linux/index.html +++ b/tags/linux/index.html @@ -1,15 +1,17 @@ -linux | Virtualzone Blog
                                                            Home » Tags

                                                            linux -

                                                            Go-hole: A minimalistic DNS proxy and and blocker

                                                            You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. +Linux | Virtualzone Blog +

                                                            Home » Tags

                                                            Linux +

                                                            Go-hole: A minimalistic DNS proxy and and blocker

                                                            You’ll probably know Pi-hole. It’s a popular “DNS sinkhole” – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I’ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. -However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                            February 5, 2023 · 4 min · 703 words · Heiner

                                                            OpenRC Script for 'podman kube play'

                                                            In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                            October 26, 2022 · 3 min · 483 words · Heiner

                                                            Connecting multiple networks to a Podman container

                                                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: +However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time....

                                                            February 5, 2023 · 4 min · 703 words · Heiner

                                                            OpenRC Script for 'podman kube play'

                                                            In June, I’ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated “crashed”....

                                                            October 26, 2022 · 3 min · 483 words · Heiner

                                                            Connecting multiple networks to a Podman container

                                                            I’m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: -$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                            October 16, 2022 · 2 min · 274 words · Heiner

                                                            Setting up Alpine Linux with Podman

                                                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. -Podman was initially developed by RedHat and is available as an open source project....

                                                            June 25, 2022 · 4 min · 852 words · Heiner

                                                            Setting up Alpine Linux with Rootless Docker

                                                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. -However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                            June 19, 2022 · 3 min · 479 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +$ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly:...

                                                            October 16, 2022 · 2 min · 274 words · Heiner

                                                            Setting up Alpine Linux with Podman

                                                            Recently, I’ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I’m showing you how to set up Podman. Podman has a rootless architecture built in. It’s an alternative to Docker, providing an almost identical command line interface. Thus, if you’re used to Docker CLI, you won’t have any issues working with Podman. +Podman was initially developed by RedHat and is available as an open source project....

                                                            June 25, 2022 · 4 min · 852 words · Heiner

                                                            Setting up Alpine Linux with Rootless Docker

                                                            As of Docker Engine v20.10, it’s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. +However, at the time of writing, setting up Docker in rootless mode is not straightforward if you’re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux....

                                                            June 19, 2022 · 3 min · 479 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            © 2023 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/linux/index.xml b/tags/linux/index.xml index 6e279eb..538060f 100644 --- a/tags/linux/index.xml +++ b/tags/linux/index.xml @@ -1,85 +1,72 @@ - linux on Virtualzone Blog + Linux on Virtualzone Blog https://virtualzone.de/tags/linux/ - Recent content in linux on Virtualzone Blog + Recent content in Linux on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 05 Feb 2023 06:00:00 +0000 + &copy; 2024 Heiner Beck. + Sun, 05 Feb 2023 06:00:00 +0000 + Go-hole: A minimalistic DNS proxy and and blocker https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ Sun, 05 Feb 2023 06:00:00 +0000 - https://virtualzone.de/posts/dns-proxy-forwarder-blackhole/ You&rsquo;ll probably know Pi-hole. It&rsquo;s a popular &ldquo;DNS sinkhole&rdquo; – a DNS proxy server which blocks certain requests, such a as those for well-known ad serving domains. The effect is a much less ad-cluttered web experience in your home network. I&rsquo;ve been using Pi-hole for several years as a Docker container on a Raspberry Pi. The Raspi is serving as a small home server on my home network. However, as much as I like Pi-hole, I felt it got loaded with new features over the years and performed slower over the time. - OpenRC Script for 'podman kube play' https://virtualzone.de/posts/openrc-podman-kube-play/ Wed, 26 Oct 2022 15:00:00 +0000 - https://virtualzone.de/posts/openrc-podman-kube-play/ In June, I&rsquo;ve written about my approach to starting and stopping Podman Pods using OpenRC scripts on Alpine Linux. However, that approach had two major drawbacks: First, the pods were started in the foreground, causing OpenRC to wait for all pod initialization tasks to complete. If an image needed to be pulled first, this could lead to longer delays, significantly increasing system startup times. Secondly, requesting the status of a previously started pod always stated &ldquo;crashed&rdquo;. - Connecting multiple networks to a Podman container https://virtualzone.de/posts/podman-multiple-networks/ Sun, 16 Oct 2022 17:00:00 +0000 - https://virtualzone.de/posts/podman-multiple-networks/ I&rsquo;m running my containers with Podman in Rootless Mode on Alpine for about four months now. However, an annoying problem has haunted me ever since: When a container was connected to more than one network, outgoing connections were not working correctly. Consider a container connected to two bridge networks: $ podman run --rm -it \ --network net1 \ --network net2 \ alpine /bin/ash Inside the container, the two networks are connected correctly: - Setting up Alpine Linux with Podman https://virtualzone.de/posts/alpine-podman/ Sat, 25 Jun 2022 18:00:00 +0000 - https://virtualzone.de/posts/alpine-podman/ Recently, I&rsquo;ve written a blog post on how to set up Rootless Docker on Alpine Linux. Today I&rsquo;m showing you how to set up Podman. Podman has a rootless architecture built in. It&rsquo;s an alternative to Docker, providing an almost identical command line interface. Thus, if you&rsquo;re used to Docker CLI, you won&rsquo;t have any issues working with Podman. Podman was initially developed by RedHat and is available as an open source project. - Setting up Alpine Linux with Rootless Docker https://virtualzone.de/posts/alpine-docker-rootless/ Sun, 19 Jun 2022 15:00:00 +0000 - https://virtualzone.de/posts/alpine-docker-rootless/ As of Docker Engine v20.10, it&rsquo;s possible to run the Docker daemon as a non-root user (Rooless mode). This is especially valuable in view of security aspects. Rootless mode mitigates potential vulnerabilities in the Docker daemon. However, at the time of writing, setting up Docker in rootless mode is not straightforward if you&rsquo;re using Alpine Linux as your host system. This is why I summarized the steps to get Docket Rootless up and running on Alpine Linux. - How to reduce PDF file size in Linux - Part 2 https://virtualzone.de/posts/reduce-pdf-file-size-2/ Sat, 15 Aug 2015 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size-2/ Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: - How to reduce PDF file size in Linux https://virtualzone.de/posts/reduce-pdf-file-size/ Wed, 21 Nov 2012 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size/ Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. - diff --git a/tags/linux/page/1/index.html b/tags/linux/page/1/index.html index 0ff8618..2a59ef6 100644 --- a/tags/linux/page/1/index.html +++ b/tags/linux/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/linux/ \ No newline at end of file +https://virtualzone.de/tags/linux/ + \ No newline at end of file diff --git a/tags/macos/index.html b/tags/macos/index.html index 3dac20b..a20d745 100644 --- a/tags/macos/index.html +++ b/tags/macos/index.html @@ -1,10 +1,12 @@ -macos | Virtualzone Blog
                                                            Home » Tags

                                                            macos -

                                                            Creating an encrypted file container on macOS

                                                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                            December 6, 2016 · 2 min · 356 words · Heiner

                                                            Fix Docker not using /etc/hosts on MacOS

                                                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. +Macos | Virtualzone Blog +

                                                            Home » Tags

                                                            Macos +

                                                            Creating an encrypted file container on macOS

                                                            Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10....

                                                            December 6, 2016 · 2 min · 356 words · Heiner

                                                            Fix Docker not using /etc/hosts on MacOS

                                                            On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: -Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                            August 28, 2016 · 1 min · 163 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file....

                                                            August 28, 2016 · 1 min · 163 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            © 2023 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/macos/index.xml b/tags/macos/index.xml index 55ae682..e37f594 100644 --- a/tags/macos/index.xml +++ b/tags/macos/index.xml @@ -1,53 +1,46 @@ - macos on Virtualzone Blog + Macos on Virtualzone Blog https://virtualzone.de/tags/macos/ - Recent content in macos on Virtualzone Blog + Recent content in Macos on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Tue, 06 Dec 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Tue, 06 Dec 2016 11:30:03 +0000 + Creating an encrypted file container on macOS https://virtualzone.de/posts/encrypted-file-container-macos/ Tue, 06 Dec 2016 11:30:03 +0000 - https://virtualzone.de/posts/encrypted-file-container-macos/ Some years ago, I’ve used TrueCrypt to create encrypted containers for storing sensitive files. However, TrueCrypt is nowadays considered insecure and I’m on macOS Sierra 10.12 now – time for another solution. Luckily, macOS has integrated means for creating encrypted containers and saving sensitive information in it. You don’t need any additional software for this. As far as I know, this solution also works for previous versions of Mac OS X, like Mac OS X 10. - Fix Docker not using /etc/hosts on MacOS https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/fix-docker-not-using-etc-hosts-on-macos/ On my MacBook with Mac OS X 10.11 (El Capitan) and Docker 1.12.0, Docker did not read manually set DNS entries from the /etc/hosts file. When I executed “docker push” for example, this resulted in “no such hosts” errors: Put http://shuttle:5000/v1/repositories/webfrontend/: dial tcp: lookup shuttle on 192.168.65.1:53: no such host On Mac OS, Docker is running in a host container itself. Thus, you’ll have to add DNS entries to the container’s /etc/hosts file. - How to reduce PDF file size in Linux - Part 2 https://virtualzone.de/posts/reduce-pdf-file-size-2/ Sat, 15 Aug 2015 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size-2/ Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: - How to reduce PDF file size in Linux https://virtualzone.de/posts/reduce-pdf-file-size/ Wed, 21 Nov 2012 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size/ Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. - diff --git a/tags/macos/page/1/index.html b/tags/macos/page/1/index.html index 91d260c..e025d43 100644 --- a/tags/macos/page/1/index.html +++ b/tags/macos/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/macos/ \ No newline at end of file +https://virtualzone.de/tags/macos/ + \ No newline at end of file diff --git a/tags/nginx/index.html b/tags/nginx/index.html index fd5f43d..4e427b8 100644 --- a/tags/nginx/index.html +++ b/tags/nginx/index.html @@ -1,7 +1,9 @@ -nginx | Virtualzone Blog
                                                            Home » Tags

                                                            nginx -

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. +Nginx | Virtualzone Blog +

                                                            Home » Tags

                                                            Nginx +

                                                            Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker

                                                            I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: -version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            © 2023 Heiner Beck. +version: '2' services: webfrontend: container_name: webfrontend [....

                                                            February 11, 2017 · 2 min · 287 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/nginx/index.xml b/tags/nginx/index.xml index aa5f415..8d2e639 100644 --- a/tags/nginx/index.xml +++ b/tags/nginx/index.xml @@ -1,23 +1,22 @@ - nginx on Virtualzone Blog + Nginx on Virtualzone Blog https://virtualzone.de/tags/nginx/ - Recent content in nginx on Virtualzone Blog + Recent content in Nginx on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sat, 11 Feb 2017 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sat, 11 Feb 2017 11:30:03 +0000 + Using Let’s Encrypt / EFF’s CertBot with NGINX in Docker https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ Sat, 11 Feb 2017 11:30:03 +0000 - https://virtualzone.de/posts/lets-encrypt-effs-certbot-with-nginx-in-docker/ I’m using NGINX in a Docker Container as a front-end HTTP(s) Webserver, performing SSL termination and proxying incoming requests to various other Docker Containers and VMs. Now that I’ve switched my certificates to Let’s Encrypt, I wondered how to integrate EFF’s CertBot (which is recommended by Let’s Encrypt) with my setup. Here’s how I did it. First, I’ve added two new volumes to my web-front-end’s Docker Compose File: version: &#39;2&#39; services: webfrontend: container_name: webfrontend [. - diff --git a/tags/nginx/page/1/index.html b/tags/nginx/page/1/index.html index e4f7b1c..d3a2b46 100644 --- a/tags/nginx/page/1/index.html +++ b/tags/nginx/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/nginx/ \ No newline at end of file +https://virtualzone.de/tags/nginx/ + \ No newline at end of file diff --git a/tags/onedrive/index.html b/tags/onedrive/index.html index 9330b67..1e6b725 100644 --- a/tags/onedrive/index.html +++ b/tags/onedrive/index.html @@ -1,6 +1,8 @@ -onedrive | Virtualzone Blog
                                                            Home » Tags

                                                            onedrive -

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner
                                                            © 2023 Heiner Beck. +Onedrive | Virtualzone Blog +
                                                            Home » Tags

                                                            Onedrive +

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/onedrive/index.xml b/tags/onedrive/index.xml index 67a65a4..8fa08b6 100644 --- a/tags/onedrive/index.xml +++ b/tags/onedrive/index.xml @@ -1,31 +1,28 @@ - onedrive on Virtualzone Blog + Onedrive on Virtualzone Blog https://virtualzone.de/tags/onedrive/ - Recent content in onedrive on Virtualzone Blog + Recent content in Onedrive on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 02 Sep 2021 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + Back up server to OneDrive’s special App Folder https://virtualzone.de/posts/onedrive-upload-backup/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/onedrive-upload-backup/ I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. - Unifi USG: Multiple IP addresses on PPPoE https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ Mon, 16 Aug 2021 11:30:03 +0000 - https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE. - diff --git a/tags/onedrive/page/1/index.html b/tags/onedrive/page/1/index.html index 7d60ad1..32c28fe 100644 --- a/tags/onedrive/page/1/index.html +++ b/tags/onedrive/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/onedrive/ \ No newline at end of file +https://virtualzone.de/tags/onedrive/ + \ No newline at end of file diff --git a/tags/openhab/index.html b/tags/openhab/index.html index 5f7ad97..199c846 100644 --- a/tags/openhab/index.html +++ b/tags/openhab/index.html @@ -1,5 +1,7 @@ -openhab | Virtualzone Blog
                                                            Home » Tags

                                                            openhab -

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            © 2023 Heiner Beck. +Openhab | Virtualzone Blog +
                                                            Home » Tags

                                                            Openhab +

                                                            From FHEM to OpenHAB with Homegear: Installation/Docker container

                                                            For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager....

                                                            August 28, 2016 · 6 min · 1084 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/openhab/index.xml b/tags/openhab/index.xml index c1cfa88..761519f 100644 --- a/tags/openhab/index.xml +++ b/tags/openhab/index.xml @@ -1,21 +1,20 @@ - openhab on Virtualzone Blog + Openhab on Virtualzone Blog https://virtualzone.de/tags/openhab/ - Recent content in openhab on Virtualzone Blog + Recent content in Openhab on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 28 Aug 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sun, 28 Aug 2016 11:30:03 +0000 + From FHEM to OpenHAB with Homegear: Installation/Docker container https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ Sun, 28 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/from-fhem-to-openhab-with-homegear-installation-docker-container/ For more than 2.5 years, I’ve now been running FHEM with several HomeMatic sensors and actors. Using the HM-CFG-LAN Configuration Tool as an I/O interface between FHEM and the HomeMatic devices, this setup has been running smoothly most of the time. The configuration was a bit tricky now and then, but it worked. However, OpenHAB seems to become a really good choice. Version 2 is currently available as Beta 3. It features a modern web interface and an easy-to-use extension manager. - diff --git a/tags/openhab/page/1/index.html b/tags/openhab/page/1/index.html index 89fa59d..b1bfb74 100644 --- a/tags/openhab/page/1/index.html +++ b/tags/openhab/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/openhab/ \ No newline at end of file +https://virtualzone.de/tags/openhab/ + \ No newline at end of file diff --git a/tags/proxy/index.html b/tags/proxy/index.html index 107415a..12baef0 100644 --- a/tags/proxy/index.html +++ b/tags/proxy/index.html @@ -1,6 +1,8 @@ -proxy | Virtualzone Blog
                                                            Home » Tags

                                                            proxy -

                                                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                            August 27, 2016 · 2 min · 255 words · Heiner
                                                            © 2023 Heiner Beck. +Proxy | Virtualzone Blog +
                                                            Home » Tags

                                                            Proxy +

                                                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                            August 27, 2016 · 2 min · 255 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/proxy/index.xml b/tags/proxy/index.xml index b39bbf6..7940389 100644 --- a/tags/proxy/index.xml +++ b/tags/proxy/index.xml @@ -1,22 +1,21 @@ - proxy on Virtualzone Blog + Proxy on Virtualzone Blog https://virtualzone.de/tags/proxy/ - Recent content in proxy on Virtualzone Blog + Recent content in Proxy on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sat, 27 Aug 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sat, 27 Aug 2016 11:30:03 +0000 + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. - diff --git a/tags/proxy/page/1/index.html b/tags/proxy/page/1/index.html index 4c5083b..2a78b5a 100644 --- a/tags/proxy/page/1/index.html +++ b/tags/proxy/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/proxy/ \ No newline at end of file +https://virtualzone.de/tags/proxy/ + \ No newline at end of file diff --git a/tags/raspberrypi/index.html b/tags/raspberrypi/index.html index d733299..c05ea3f 100644 --- a/tags/raspberrypi/index.html +++ b/tags/raspberrypi/index.html @@ -1,6 +1,8 @@ -raspberrypi | Virtualzone Blog
                                                            Home » Tags

                                                            raspberrypi -

                                                            Raspberry Pi OS: Remove unnecessary packages

                                                            Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                            June 7, 2020 · 1 min · 161 words · Heiner

                                                            Native USB boot for Raspberry Pi 4

                                                            Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). -To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                            May 28, 2020 · 2 min · 404 words · Heiner
                                                            © 2023 Heiner Beck. +Raspberrypi | Virtualzone Blog +
                                                            Home » Tags

                                                            Raspberrypi +

                                                            Raspberry Pi OS: Remove unnecessary packages

                                                            Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won’t need. There’s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands....

                                                            June 7, 2020 · 1 min · 161 words · Heiner

                                                            Native USB boot for Raspberry Pi 4

                                                            Here’s something that’s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). +To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation....

                                                            May 28, 2020 · 2 min · 404 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/raspberrypi/index.xml b/tags/raspberrypi/index.xml index ed7cfca..1aa3a23 100644 --- a/tags/raspberrypi/index.xml +++ b/tags/raspberrypi/index.xml @@ -1,31 +1,28 @@ - raspberrypi on Virtualzone Blog + Raspberrypi on Virtualzone Blog https://virtualzone.de/tags/raspberrypi/ - Recent content in raspberrypi on Virtualzone Blog + Recent content in Raspberrypi on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sun, 07 Jun 2020 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sun, 07 Jun 2020 11:30:03 +0000 + Raspberry Pi OS: Remove unnecessary packages https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Sun, 07 Jun 2020 11:30:03 +0000 - https://virtualzone.de/posts/raspberry-pi-os-remove-packages/ Recently, I wrote about the availability of the 64 bit beta version of Raspberry Pi OS (formerly known as Raspbian). Unfortunately, the new 64 bit beta is only available in the Desktop variant, containing lots of packages most lightweight server systems won&rsquo;t need. There&rsquo;s no lite variant of the 64 bit beta version available at the time of writing. However, you can easily remove the Desktop packages from a running installation with two easy commands. - Native USB boot for Raspberry Pi 4 https://virtualzone.de/posts/usb-boot-raspberry-pi/ Thu, 28 May 2020 11:30:03 +0000 - https://virtualzone.de/posts/usb-boot-raspberry-pi/ Here&rsquo;s something that&rsquo;s probably been eagerly-awaited not only by me: Finally, Raspberry Pi 4 can boot directly from USB devices. Without any of the widespread workarounds which require an SD card a primrary boot medium. This is made possible by a new firmware, the so-called EEPROM. Furthermore, a new 64 bit beta version of Raspberry OS is available, too (formerly known as Raspbian). To get started, boot your Raspberry Pi with a Raspbian or Raspberry OS installation. - diff --git a/tags/raspberrypi/page/1/index.html b/tags/raspberrypi/page/1/index.html index 97206de..b538057 100644 --- a/tags/raspberrypi/page/1/index.html +++ b/tags/raspberrypi/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/raspberrypi/ \ No newline at end of file +https://virtualzone.de/tags/raspberrypi/ + \ No newline at end of file diff --git a/tags/sonicwall/index.html b/tags/sonicwall/index.html index e802755..5c95e4c 100644 --- a/tags/sonicwall/index.html +++ b/tags/sonicwall/index.html @@ -1,5 +1,7 @@ -sonicwall | Virtualzone Blog
                                                            Home » Tags

                                                            sonicwall -

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            © 2023 Heiner Beck. +Sonicwall | Virtualzone Blog +
                                                            Home » Tags

                                                            Sonicwall +

                                                            How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT

                                                            IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address....

                                                            November 20, 2014 · 2 min · 372 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/sonicwall/index.xml b/tags/sonicwall/index.xml index 471119c..548d123 100644 --- a/tags/sonicwall/index.xml +++ b/tags/sonicwall/index.xml @@ -1,21 +1,20 @@ - sonicwall on Virtualzone Blog + Sonicwall on Virtualzone Blog https://virtualzone.de/tags/sonicwall/ - Recent content in sonicwall on Virtualzone Blog + Recent content in Sonicwall on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 20 Nov 2014 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 20 Nov 2014 11:30:03 +0000 + How to enable IPv6 on a SonicWall (SonicOS 5.9) using NAT https://virtualzone.de/posts/ipv6-on-a-sonicwall/ Thu, 20 Nov 2014 11:30:03 +0000 - https://virtualzone.de/posts/ipv6-on-a-sonicwall/ IPv6 aimed to make Network Address Translation (NAT) obselete as there are so many addresses available that every single device can have its own worldwide unique IPv6 address. However, even with IPv6, using NAT is a very simple way to get your devices behind a Dell SonicWall connected to IPv6 services on the internet. In contrast to going without NAT, all the devices behind your SonicWall will emerge under the SonicWall’s IPv6 address. - diff --git a/tags/sonicwall/page/1/index.html b/tags/sonicwall/page/1/index.html index 8eb9f2d..48a4544 100644 --- a/tags/sonicwall/page/1/index.html +++ b/tags/sonicwall/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/sonicwall/ \ No newline at end of file +https://virtualzone.de/tags/sonicwall/ + \ No newline at end of file diff --git a/tags/tool/index.html b/tags/tool/index.html index 700fae8..d319da7 100644 --- a/tags/tool/index.html +++ b/tags/tool/index.html @@ -1,9 +1,11 @@ -tool | Virtualzone Blog
                                                            Home » Tags

                                                            tool -

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). -By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner

                                                            UptimeRobot: A nice free website monitoring service

                                                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                            September 5, 2016 · 1 min · 120 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: -gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: +Tool | Virtualzone Blog +

                                                            Home » Tags

                                                            Tool +

                                                            Back up server to OneDrive’s special App Folder

                                                            I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry....

                                                            September 2, 2021 · 4 min · 682 words · Heiner

                                                            Unifi USG: Multiple IP addresses on PPPoE

                                                            My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). +By default, USG only allows for one IP address when dialing in via PPPoE....

                                                            August 16, 2021 · 2 min · 353 words · Heiner

                                                            UptimeRobot: A nice free website monitoring service

                                                            Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me)....

                                                            September 5, 2016 · 1 min · 120 words · Heiner

                                                            How to reduce PDF file size in Linux - Part 2

                                                            Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: +gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew:...

                                                            August 15, 2015 · 1 min · 75 words · Heiner

                                                            How to reduce PDF file size in Linux

                                                            Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: -/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            © 2023 Heiner Beck. +/screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings....

                                                            November 21, 2012 · 1 min · 98 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/tool/index.xml b/tags/tool/index.xml index 15c0a3f..dbc1fff 100644 --- a/tags/tool/index.xml +++ b/tags/tool/index.xml @@ -1,61 +1,52 @@ - tool on Virtualzone Blog + Tool on Virtualzone Blog https://virtualzone.de/tags/tool/ - Recent content in tool on Virtualzone Blog + Recent content in Tool on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Thu, 02 Sep 2021 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Thu, 02 Sep 2021 11:30:03 +0000 + Back up server to OneDrive’s special App Folder https://virtualzone.de/posts/onedrive-upload-backup/ Thu, 02 Sep 2021 11:30:03 +0000 - https://virtualzone.de/posts/onedrive-upload-backup/ I’m a convinced user of OneDrive Personal. Bundled with M365, it’s a cheap option to get 1 TB of cloud storage. Having plenty of cloud storage at hand, I’m also using my OneDrive to run automated backups of my servers. There are various solutions capable of uploading files to OneDrive, including rclone. However, I was looking for a solution which enables me to grant my backup script only access to one specific folder instead of my entire cloud drive – better safe than sorry. - Unifi USG: Multiple IP addresses on PPPoE https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ Mon, 16 Aug 2021 11:30:03 +0000 - https://virtualzone.de/posts/unifi-usg-multiple-ip-addresses-on-pppoe/ My DSL provider TAL.de offers to assign a static and a dynamic IP address on PPPoE dial in. The dynamic IP address is the primary one, used for accessing the internet. Packets to the static IP address are routed to the router as well. Here’s how to set up things up on a Unifi Security Gateway (USG). By default, USG only allows for one IP address when dialing in via PPPoE. - UptimeRobot: A nice free website monitoring service https://virtualzone.de/posts/uptime-robot-website-monitoring/ Mon, 05 Sep 2016 11:30:03 +0000 - https://virtualzone.de/posts/uptime-robot-website-monitoring/ Over the weekend I’ve been looking around for a free service which monitors my websites. My requirement was that I want to be able to monitor both HTTP and HTTPS sites, I need support for authentication and the monitoring service should be able to check if a specific keyword exists within the watched site (instead of just assuming that a HTTP Status Code 200 is okay). Furthermore, I needed notifications in case of downtimes (Email and Pushbullet is fine for me). - How to reduce PDF file size in Linux - Part 2 https://virtualzone.de/posts/reduce-pdf-file-size-2/ Sat, 15 Aug 2015 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size-2/ Several months ago, I wrote a blog post about reducing a PDF file’s size. Since then, I’ve used that technique many times. However, you may want to control the DPI (dots per inch) even more specific. Here’s how to do it: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.7 \ -dDownsampleColorImages=true \ -dDownsampleGrayImages=true \ -dDownsampleMonoImages=true \ -dColorImageResolution=120 \ -dGrayImageResolution=120 \ -dMonoImageResolution=120 \ -sOutputFile=output.pdf input.pdf Hint: This also works on MacOS. Just install GhostScript using Homebrew: - How to reduce PDF file size in Linux https://virtualzone.de/posts/reduce-pdf-file-size/ Wed, 21 Nov 2012 11:30:03 +0000 - https://virtualzone.de/posts/reduce-pdf-file-size/ Using a single line of GhostScript command on my Ubuntu’s terminal, I was able to reduce the size of a PDF file from 6 MB to approximately 1 MB: gs -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -dCompatibilityLevel=1.4 -dPDFSETTINGS=/screen -sOutputFile=output.pdf input.pdf You can also use the following parameters for -dPDFSETTINGS instead of /screen: /screen – Lowest quality, lowest size /ebook – Moderate quality /printer – Good quality /prepress – Best quality, highest size Update: Read Part 2 of this blog post for more detailled file size reduction settings. - diff --git a/tags/tool/page/1/index.html b/tags/tool/page/1/index.html index 520c663..2fc44ce 100644 --- a/tags/tool/page/1/index.html +++ b/tags/tool/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/tool/ \ No newline at end of file +https://virtualzone.de/tags/tool/ + \ No newline at end of file diff --git a/tags/wordpress/index.html b/tags/wordpress/index.html index 0eb6f46..2abe2dd 100644 --- a/tags/wordpress/index.html +++ b/tags/wordpress/index.html @@ -1,6 +1,8 @@ -wordpress | Virtualzone Blog
                                                            Home » Tags

                                                            wordpress -

                                                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. -The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                            August 27, 2016 · 2 min · 255 words · Heiner
                                                            © 2023 Heiner Beck. +Wordpress | Virtualzone Blog +
                                                            Home » Tags

                                                            Wordpress +

                                                            How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd)

                                                            Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. +The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy....

                                                            August 27, 2016 · 2 min · 255 words · Heiner
                                                            \ No newline at end of file + PaperMod
                                                            + \ No newline at end of file diff --git a/tags/wordpress/index.xml b/tags/wordpress/index.xml index 585c45f..72df9bf 100644 --- a/tags/wordpress/index.xml +++ b/tags/wordpress/index.xml @@ -1,22 +1,21 @@ - wordpress on Virtualzone Blog + Wordpress on Virtualzone Blog https://virtualzone.de/tags/wordpress/ - Recent content in wordpress on Virtualzone Blog + Recent content in Wordpress on Virtualzone Blog Hugo -- gohugo.io en-us - &copy; 2023 Heiner Beck. - Sat, 27 Aug 2016 11:30:03 +0000 + &copy; 2024 Heiner Beck. + Sat, 27 Aug 2016 11:30:03 +0000 + How to set up HTTPS/SSL in WordPress behind Proxy (nginx, HAProxy, Apache, lighttpd) https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Sat, 27 Aug 2016 11:30:03 +0000 - https://virtualzone.de/posts/https-ssl-in-wordpress-behind-proxy/ Today I changed the accessibility of my blog from HTTP (unencrypted) to HTTPS/SSL. My blog is running WordPress behind an nginx proxy server. However, while the pages themselves loaded successfully from HTTPS, the embedded static resources like JavaScripts, Images, CSS files etc. did not. Here’s how I fixed it. The cause of this issue is that WordPress doesn’t seem to detect the original protocol scheme (HTTPS) correctly when running behind a proxy. - diff --git a/tags/wordpress/page/1/index.html b/tags/wordpress/page/1/index.html index 359da1e..3a87be4 100644 --- a/tags/wordpress/page/1/index.html +++ b/tags/wordpress/page/1/index.html @@ -1 +1,2 @@ -https://virtualzone.de/tags/wordpress/ \ No newline at end of file +https://virtualzone.de/tags/wordpress/ + \ No newline at end of file