From 97a17b572e0ccc6c3b180a49a9292da5f0888fbb Mon Sep 17 00:00:00 2001 From: Valentin Brandl Date: Tue, 17 Dec 2019 11:04:27 +0100 Subject: [PATCH] Changes --- work/01paper.pdf | Bin 159684 -> 159923 bytes work/01paper.tex | 58 +++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 29 deletions(-) diff --git a/work/01paper.pdf b/work/01paper.pdf index 508b6a287ce2ad5fa4078e6790535bf129912afb..20c53fd34d63f4e8a13c70b0ddb98dd75cc25fb9 100644 GIT binary patch delta 20749 zcmV(+K;6H@-wCtf36LcMH8qn#zbJpT8rzcFw)H(uAlh45+jyXrtZsHrf&haN@hqFshdVR z!UZ=Jm6b{we3=Qj;Xu#QhUzOF8vrlcFPllm4e-er_;d< zK&|a$v`U=q6;J;)5Iw80!vmj=PFxkGGJ_oc9nx4x=B|laf9iU->34stc6M^NFf^N= zx``K^q5~9YziF3Y=(vo6ueIl?1P44~&o7=Q-XekhMFH(k;|3GhAn<6KXrA%uy6f94 z@0lQpnhfxP8&n8WQO6&(j&FA*vX=^+Lw2CE0{r{7Gy?4#2AQ7^OXXA1d&W39x@bE+t9^o|^zWt>}0dfd-H9j?Pk;7mD{CoJA07T(WA2fCd4I z*Tj|sL7R1D_8mjI-t6~fz2(}5+xK=@)5*YhfSrs0E=9CFMo6TgYc~CTX4lj~?A#4i zZQ5*I0)G=xbPzH7Vrx-$`OtCs&~#l1C~=p3D#0|Lbh|J6-OPW=B+(5`=BwCgYW~8O z%a)4$kW|Y_mYqSu-qSz3#iNjhqGjzG?SRZcj$~OtTN>-#%%@q z0|k71`k*H#O!kb~fJWXtI&b9tD{g#!LVtpod}vX% zJeF=hAiccO+D(50QJgQ9D-a=&q!5+MI4E}0*i$%2D^~>;w;MPT4SQKd3P(m7)M4y9 zPnR(Gmg)?>q5p4YHH_!GfrmOVf{8_@f7lr~zX%i+v1}A52ezx*uII|3ZMJQ;--ARE z&myeK>g|wikxj6AZ(74s6s9Y;wJEMxjO@9fW)l^>H~W941?3y)*x6+T7f^8VyEgm< z#(>$2u`*;;MPs6|>ppu&XCo8rjGY1T#uBiKWnIy%EXKe|VG=uC)rc{~+AeF0dz>$8 zjmscbHdty7z`g~RBVGuBMS~U&OB-7ll`+*=d@o@Tg(G2!st7P`3l`Vq%HM@fVFdCC z6B7{WgWrF`0705O>j^CYK;PNj_B$Nv#}NoAiCP@P>4sj>3?TihO=}EP)fM*veHnPx zVw44UKQtvOhmO1CJRctw0tz^LkQX$U#T*8>8k+~#^A?^P;vbaS?cxmbEtw2|Dl{(0 zyygFIzI*xd#Lk>?HyFPtRkpWa4XluOQyiZ#q^Ezw4dT?HFF?A!tST;M{DJd9r7hiR z2A&#RUjyRF8G|>l9QFp`9OVRwjG(|lX2B-rSO5qcFcdU#RWQ6YBpm?cA%Sxby2S`+ z=r6JsSh6)JbhI6zN=I16Rk3uVPlio+MrFN0h1{2@&9P%;vUjMmX}ULLiG9|p*)JvU^nk%BCl6Qd(!{a`zjD=_VB+^x%v*H;X={`~Vf zbjZGhVBVf1_Du^8NbNG@hh2$AF$ANyZ%~sUu-x#sZUm4ar(mIxmL8Pj&UA)r!Z@9D zo|nw7shD_Zox_9}Oo#EvJ_tL}5ZE~K(-nVr=y_2rPE<1XytJxtIcPf2kH}x1@HRkl z;IA^zDuy1iw(qzBw}~L;Su%qNZL2~$0Q0mNIC4YYLkMuiy$v`I;!k;}BCr-< zUsdQUHMMBskQNpSVdY4n5M5uU4~rqF7bP}u&&YoP6{E>brrwsdVPm1tsuJ;t&F3(HqXI{iMH`qK zgs7oKLUH&)T%#J$j|BTAEyNP|6%7y_6*Uci67P)SD;@yK&*+ljVE0BZZkKHF4b2C-&iiFOUVd4^1M z2GrQyz!Iu^?pq3k^(l=3x1QoAXl2XN+u`I$V)26hB4+I- z&t>sUQ5rjjY+4TRQtSUl6hdRu%^;)B4s!+rasZGQgVdTmIMRwKOTcPrwR83$9gin; zOlAPsatD@eG9?Gw!w{x3acn*im&~B^DBPrkilk83mV3xpofNafp#pzQnCWOeFdAUN zE;9WK><1Llo=VW91D~qkHw;5PtRZyc8cUH#1OikPh7o&R2!5mAN=IoY6OJusN(`D{ zTdRwraK7PabX(5U9jh5`xc>etsdqL!qAJHt=UVINOmVN)ROsltb4MT<5g!!g&N^UF zO$e(iZZSu-R5Jt}8t#8&NB0j0!zCgReAi3x@laxDfOHcKAEYa~syGib6+rGyRn4LK zu4d$F$y}BFZ!wS-mJz1}i?CNg7h{lG7^iQFOhg7JPhwZ2*R3Jkx0yYTrB5R2XLAv? zb^|}MLBdlCsjn%d{u_nOU(^4$1ivBpcM?wH|DWgbjLJ*hCney+bYL z1>}6=cgn4(lUNCQHmLD1cmYSS=5kgPE!zvIlme8V;QkD4OMV?fJ4!;&c#Pm)l24X~ zB={pgAqd4vnzVoRc?zm_dr&Wc8-N1|zySKje|yElx`rY5lmS5qVl|0X;ZL2$suuD% zR@J`mDm}8+w_n}9FIZjK?kD6fYxbe(WHB*UN)GSz;7NaQYLC-&87J>4Rb?}Jb>E_6 zSx8TN2Gd#hlXEO)Q@9Hq`L3seMUaB5*-R)z)(y@er-*-rGt7fy{EZbnvKO!T2(T`R zXK*QP4@pu^W@KA*oXWP(`qapnI<#TEMoTzu7}bpc&&kNGZ-Tcjmu@Ivq2keoYBG>{ zH4r|bH_QEV?gC>#(x=!1!!IY<6y?=&Qw)?jQ`)J@`W?jt)G4FfEEbV=uU?`Wxn%-c z;5d=A&f$N6Y><`YIjd-j(J`kQImJVr?NK*TLv$((uYx-p{8S&lm@mR zv(r)KaG)0q~%XDe1+tsAAwf}zdv>}tHgJs{!1Pd*xbLFGg@ zb>+XzKl=A=AW&`+_;v%8sXqXJqW2%pwm^SCFp@A8YY;h|Cm)g=KiQa|_$a6IzGK0c z0^?=ZCvZ4(oA+_lEI*BwA29F{A3b4V_+SivKX;mNlpisl!%68gT{D%^#VSnQI6f0O z6r%F&ufm4Jd@$J)dDLMa9!ysI&;Mxp7^d;gz1{wk)%cX3_jup`f79aU*uD>wtlfX+ zS0B5qAG%2t{p!XeIW-<<)KF<<)oNG?^8X`S>pi+{D-Po+|K#;?K*iysA-O+J{(i=)B(>n~mC5 zAxsb6f{xrU@Q;ojxTf8Z=MV#IhKhfEcL|rViLwU><1pz^HD%8&oCctqNo+q<89&~__xP>l%MXc=!!vO zMr1k}x$ig`fAEDxb?L?)scuswSU7s#UP#x%^pXY|DDi`Z+VnP6BSUN`L`gsx=DMy# zDxO5!SeT{;dwygwcWHJO*iepGi0uddnCwB|7UDgJ48Z<@8R~Xc<<}PH47-SzC zeeqnW6U_=jKdRwB${U_Z2L*raYE+o4?;oXGK#sli+@d~EHa(F0ASlFq1+i)98Ui!4 zV|EKFeC;BaQwZQpy~{v;M}y$AG~MMe@FNwS0t*q2I%!7FoxeRwK@9{)LpG*rD5stZ zJ4AB7i*fBw!~W1QjFUab)+n{Ie#L!dBcOCb*H7cKB)}vnA5*?bXm5WS5>7@TN|m01is|z z?M~huSQQFINmJrDzQD9-;oOqwd_NLF0AaMT@&jURjDSVlKxy%-IA|Y}Y`!Gfo=K9; zw<$I3W$~M2P&2rcFDfuHSJ0+2mw_w-G@4r`8^f_3f5-F< zcHwPlt4XWj;;St`l?1b&2F|lr4B%Zt;l(R%phcj57`mO2He!*~k}y4zBxSOVn}H_1 z78)EUpA3XmX0WrbQajU6AEE}who?uisDw49tz*&&%9dm=kwPhiagH{LZDaJyZV55(R@MXabRuhDNpfCT z6y8owBq0$=mVrzpmn$ze{LQ52h5NH#V$A67KpsD0foK(^ifDy^DTiQP=kicvGEAN2 z;IT;(jxs;*_TpKU_Q|CV-^B{qE~f6}fuiE%C4QT_daxyWJHq#&2{If8APJZyUD~e%G(y+lf(Rm-kCy6i2q|#z1bcoTP2yhmAyA+sImBca_HH z*Pm~wRb)H1tRzO72C_^pIV9)CZ-!h6#+hM?Gt0DMfjPwlXWlY_iWE#}{Go98L*bbS zilJRf-;e6&tzaqDw9JV-i1}9MFv5!gppJsy^>{|?+G%Y zApwo03bY9lGPr=wtOF~8tmsK$T*GpZAJ&5HXb^{0B;$!F1E()<`~Xnr!DBlVLf1yTU)=Q(v@Di1UEc6V7mWchE^amDfhd(gyD ze_K|wOzf~Qimt2@P9%p)6KG;KU*!)m&q-n)jH<& zHk=ou$Q~CL)uLrb&{uU{{_i$3UY^G;=lT1MQ1%1VbzapMx7(#-cu+Q@Mbq3hyIz^& z*V9vKg3fN$$(2#7asA=rqix9LWg)g1(An{5F>A~7$o9yI8@4}*qj$|6B6VvGf7_ys ztU6`wB(i?p-mWvV_T}l~MxDI|jB|Fx@`JKHA>!TLUY?vHe_ou$UXHOX{Hb%VMwkz+Q7SSOSe8PkNZ3#z+?IlB_?QRhZ{Bg$!EKsb!&;g;^GM zS-554Q*qL}!dRN9mk$?j+w}anf1JJR<$F~$B^c9F=X%_r5fq6Dt9D9-uV7k(1$h(M$k9lJk31e~p$hLwI7w z@XR76YZ)>N>lrJcDz%BBB{ss{zg9uCH`W}f01ha8+W`MT@+CyZDev+8R%4x(XNx*! zqhfw3eBBE-hC>gOSsItYlbI1fX38zC&yWv%V{Wtr7dmB6*keeOl+P&FL=KiIWj>pm zOUU&5AAd3p*Tjx>&SsSBf6f-u>B()RK9L&dU@W;6DKy8;R-{P1GKu}V4XJ{cAS>KN zs^CEZAg3+l^Vg<50P-fC9RL))?O+{P{S`SZFO4I|75)E^wM{5XDSucPj@a3Hw59uFuN{G5RB8xpvAf6BM7#s|NQ50t|$ zOVyS7YBT`XU3yHTKIJ~s>YPf<*&+Ff7X<% zh8`Nm?SvErHfi%+`rzb}zL!5%*=tlceVo$E5~m%TJmvbwrg)9gn+@}rWL0B7j?#%Q z5xVC<=NYZLC!HdD8fSI-Pk?@0y+D#)jU&{tbc&5uz<++(e+0v)FNXV1ubN=3&ciW$ zuWTRPTu8`Kh#35{1dz5O4rE(hSSS;^U^8Vp~TBuLnrEAbGPZEc-(~8lQ zNAav|+8V<5$JN^ish?3GA$vSn*<*)Ro6o25oaErd%_o~fcDd&(sEFfhIgn4elLQ4y z@U84~6U%qnNB@)NaVzskX?ofT+e7N%FA19vv`0bpf4DAY&7AOcbODZ73y8vk=o!TK z6gqDLQ_4;WJ{?_?rOT8xgsNb+1kojI zufdyul)#gqv;$Fh9ZsoS0ji~|9=!%t4Nj>27GPEC8v|>KFV}!ona=^%8-3)v23BSN zCBUlulSQf-f16Z_PtB|CkBE+IY&7YZ^A*@gwX4vi-8aTZ?LWmw9XSGwEY^IfG~-m^K3(TG1AX;&9*7UBhnw;i#94)~VDN(VCAcC^Z6 z@Utz6f2GNk-jY_RWX>sRX30BlQ&Vq$uD~qMK7z<-J)5tDlG3x(UsjDr0wn?t?o+Gm9{HgS9bH+ zZa&w|*WLQw)0-^eu}_4jtOk2P(l079Pq*$qV`PDwO(1bpj3wvd{_slBo|W|56!@v4 z=mCgFo`qnQNw*QOhAq9uUljFNgm8}#3Tpzi)S4x0GebWQxtpba`)&|V0it%r&i?@+ zbUK>~Wo~41baG{3Z3<;>WN%_>3NkP-kr5LEH!?AkLBA+})jQd8+{lsd`ic%ec)>6m zLg9uYHXIVAkvU5pOHyMyGzvvEy4Z~o8tB0xihsX(6&ekKGa6YNVLy z^1eJd`EdPzBYYQ+z6(M(ixL==KKc7e=s88VJz4sJ?{r(kKvT2?1x|g#m`m*V=B@NI z`L-&4?M-{i2%e7NeN#hwSJV~Px4Ok;ES4e6>@Su|!2)8Qeq{{w3ewDJxAlo1Ik!^n zYA#oX%c3$j*nWc}Bk=h|MUHW?HFeHA?zPjOPL$_=n3k)b`?4~PUKM506&AVG&Du1y zB2N|*@nUGsAaM*1{bgU)MaPKM9hNEV%p9h!x}w@}I~^MWySkN6Dm_}I^t#*A8ekwi zR7CCdU0LgOE7P3#p3`@8OQV%Up0ln^Tm9FGN*zJyyz6yY-f?ZRKt_(X(=z6!sdo%* z^?q-ED%glivm%uQG;+z%8acGecF~F>r4-KUI#duzJTmj;BV9-6K^-*M-$W zhL9T~+)XV2j7vmxSmJOvy6be#BVp&*gA36eL$d7HE*pSP6;qn+ii92k0p7Kp*`1ED zG48S6GY%4v9 zlA%PVA)uTqjG6!3C_gRr`^dyBHbc~0TdtShoFB53ywxtSSC~qR1h9eJ?nC?DI z5`rF|#CfOPV9dGN%TPX&Ahz z>u%Fm?TK<+##}?2VQ^P$wjF~jK^0X;a$>^+qz~U1_P*VkYHlgHF7v+BB9y&AgtF&5 zD1OEIG6$$f(2q3O8z2JNOXP(jn_8)Ky6McCE69Ra3RiRG42uA8YjfP|?fDA^ zK%+e*P1iuvAft3&BJDzUUP$gfVfIftEgkkLDDD)U4DkEIqG^CHQ(jqzHwS>{3hwi(7EnNb@AQVC? zky?8`WY}RVGt5J@GC9ztpCyh)R!2Zcf-7i3VR=Mdh(MWyC2L#&N}OF98&iS+lLl0& znJYFfBH)JStT@^vNUfKz-vJP3mNyzk=XF_H^Azhi?8~z=9u^Ty<%zH@4q%tWpYLGT zv#K8mE(${aECSQ{;sUmR>N!8XT7nq)#gNd3cASun3sfmOeyK%%JJD#Xw_q1)|yC z^bOs;%iXSRe_;dDfc~sH85k*J=G;WzA*BRf#1<5knu|DGu80kP0e)^)g{J1%$y}uv z%k09iwaku25>?XTmCvwS=&H>1*m5GFfz~yN6#y=Zs{g{ESeTV5UADrmZKoR`DOOTE zH=vMAG^-u1k#v5DT-oyKo7`9%ZEe`(863a~wa5@lSbFA*`?veFE`Z2mpt*YW3&J#j zn*gP_p$Gp|uxMa^xMR#E4IYjLPZA)K!LIsQ1>wW$CW_7&z*t0Ddyxx`8Zm<4`@gf$8GXz>U+1 zBv>w2eNoEce#M62lmDJ<$N7@RAAxC0WSr%u>c4e6D$Lw}F#PK6NcSVoUM{!jkpFw^ zCUC>p{{!3M{*&tg({E$`O?DJTZm5#4-;wm6>}XxIXeKOopjtp>t-g6VDsZDD{I2|~ z{K$>`uVP>@91V-!v96)uaFlZbyA-HLRbQ*(PO9ut+Y1ZN>{lOX;yXt!6o##!l z?|z4Hc>K(Njk55bUKq3YAD58ey$9<1N=P2^|5Yvg2kzPKXGB%cFD`z1_3_2)r_U~4 ze0+QP=EoOj*H{0NAjnJ2{>QhRi|;3{3e&IVeqTjkW(5=Z{QT_I)Bkz#@!7lci{~G& z|M~XCzqFxC@fN;Sg2c)Vvgqptn)E*wXfMapt6(~Ry~P}e_D}Ds;tOB$E4c0(uoK%q zJzyi0<>%eEZ!d9!B>27pGRfS)PrtW-R3vjJ0&;Z_kW9H>Eh3L5I=VoZ2~?~fx?v;_ zFKE->_sx6-#6C!YL7+?q^fNb22bMUU87GBdY`Zm0?hg`0gBgmx=*)6J?gay(9&Cci zP@!^vqr-fA-RPa^$jyslcD%79H_l}^(AG`#TtCQ;xfNUzI9q(RQ(ls>7<=rKqlWDd~#}--{-_tnllxqPid)}3?_;6Cm$?y0$&_SfZKk*uba;0 z+Weg>AP+ws_(iC8dRxl%Mpm8Y1)869mVN+#)TN?nbO0kYp~47SS+)$?Hz#SRx$Ij( z=(0pWIjPk70U5ka4TMi`yNJ%~#>jyDzDBr#Ib0DNij-!C9Gx+bA7SqE_~Z`e1@<2h zA-^NIr%(JL2rV`6RNfeTiorl$LJtJ#=#2;~{OFGCNmY3vTH0aeJ@0$sgkFCmei~|j zjj{q_AnP`HE()T5<`ToV?trCQK1U-#=pOXiyd+T=-Wg_+6PCG{ zUA+J#-h@JU%0uUem*6FC77lU%k2wya!}Z1XSrD=Ip@(~{@p0C+&ugvYoq!wVCH^9g z5;qEj;OIVEle_J9?zJ#;!B#meuEw|O5TDVL4-DDhd&^ZDB>`|s6Nn?4AmBKE>_rDD zlO2bws!1HAG7^Es3O?I6cTZ+FZ_5|gkA8iGTksZY5rlBzVX#QNlsw9O_vrlxZ?T5P zAJGoVlEp1`-7Qp#9vo_fa&h(Oem6WUh$9;91;=&B{o+O_y8FJ zZn#PEcKpG#T{C`?A`#4gh(YKjF;wq2!lwbqfP)bMl}^^BV&{Cw`iQ{sE2<9u$nbzV zhauuon2^vzqyykRaJ1gchvhl+De*o8MrMs450P(d*w%F`oirD_n#4Qw1BKEz!w5(5 z9!8>}Iivn1rACdW#TsU`U^&Y4!YTy-BVWSIh&kj4VQ({1VDU0BVxz=%eM;f$(o%V9ahtZGRUnTp=D?| zY^?m!6W>L#(=~U0jN;Qu=2FX&=~NW+x##ZGVdjhh&?#67JEYm zA7>Y3HXW-OH~`+9z^$Js zr&;L@p(1CkJI#&jUV2fQ2b7qe;m#ewHAl3S(^qTLly^i?A*Z=vo(nhbF;?0V@zZ|T zX^n?~xN;QIv0PaEO8C%(zHIEiht^!efk(*ZDo-pa4;gW1R zOn0#PjsfRBXohTN6#A#ST+T**hXlOF{Mr|dp-}mQa^?agLQl6Jrk3G=MqAPMDYGh; zD5$?6C~<7W9S)M+Vk%h*Af%4L`XHo- zzK3;xQ2&;(aJb#H zv2QBwC7E=AB*x9G0kjpSe)$R7RJ7t`oSKaIiT-FA%M^&c`P~9>LryYR$vE|GQX^tW zOU)@5e)>>gK^T^70FE>hr>6m~t+~YG!LqD>>rbtK#o;lIl9{<<1**o#9U%flb#C_E z?Bho*c7zpEWNQp!ic>vq*#6Z>#W+Tqxk(yOLSZaE=uam}h6$7rI&Fhje{f!W1;(~@ z>feB)0&WWYS7;>zd_n);5$1~EbNX+4-hUd~ZM>|1N+&p+xK?u)hjmv?fge3Qii=h2+sTXpJm?!>*?k@zmzhBS=3` zfD%dRl);KD{X=7B`7dQ%gXII6yVRwUF2`xIh-wR<>4yxQQN}NuwOAhIC58z*9U`xw zRu3De>ZY#O42^$9f%Wl`@wn?*aWG?lTcB;kIr6R8SFiNlN{l8k;WDd^Vo!3<$xz#w zQ^ws&3NL^?X7-XI!rCMWPnck^hhQCjg`B`}DN0O4E6s#>e)WzhCm74Nt3e2?xgv9u z{O%Z4$ag3c=5nMfQQhQkp`w7Bku2oUSE3~_BNUA)px}`113K9xO>7inbH`kN4~@g> zPv868<-)rt%%Y?oznL93gC`Ks)d694Q^aDr8)>`ti7zI*N>yH2xI1b)3Fjl0*)kL$Ub%)A590X zqv@dWEqGzId}qCAK#zXZ0S)3r0UlLqMZZx3^!aSIDp`ljdMICjD8TyWA1h&<JxxmYe$Yp;UgN6wGWq7`5tua3b7v^g9&! z#mQjqLhrR zqW*!DGsBkye5}|Rb9Fy|gg(;b8JH7Ue5}ads}Iw-yz)F)G)TM(gg{Q-ck21%D*2uY z<$)>%%a0t#)KkvijBYwOeU!~uf7WkKxy$=E6)SEuOp;0L814QKE<3JIPrw2g2QZ&7 ze%p0>xGq0&o?sC>kGUqrb~H2AT`oX=J!Y>Lm;JeD3;t~cAm+6cwDKRT=rQas8)A5K z;fDVMR&JIMlNP@x12Zu+lR&>Kf7^27HWGc$SLkI^RFy>$ynv*urc$=-@z@#9ct_q% zcAY#>6fAK~f?8heQNDh=(V#?91yYJ0{TzV&Q6^8(j+`Yh8#ieF6>9phr^yT&UTMM)a1 zQgKdZ+p5~Z0&Fid&Z(Jqf10Sb8NMtt6%utVIR0!Zggbz)&@DokUyt+f&|rNtsmW161UaTE^zgn!_qWa%%?!vyO}O`<|R(f2iES?$|sq9ugVX zCG{h@rp~1vyo_F^%z~Akp&S~&*tT;iaPj-Ru`R18e$m}5Dz}N;oRe6HSjg%WJbGo( znouBP1fJvhMk1+IZ}_@Pa{#5>kZv`F9j%}7iDyxuj(7I5sAYLJ1sA~@U3@1*QP7Ga z#<}S;AND}K{Pz0#f0`yf1O={h)|hoyDzzIPisUtl_eUo!AJ7l_b?u<_Et6Yb^R_d3 z;uXIkPfe0+t(Cb}xLRRbmfLr2Xqzl>yV3XL4!d@-jgkyK=Gn%5RK&RoE2iBGon<7e zywny~kxWF|v9OIrQU4~$f@zEBY}Atoi=Va;#Eu&V##N4Oe`x$P4FEc%`%!9~E9qjD z*A*FEwp@xsr4rh61Wea`^)w&Vku3s9DwpO{0)XIu$|CJ|ad$yp_p+YlS<| zRXMflB~@pt2T_!e6&f7(-rY~3dyL~F3c;Hmg8CGVzHRyeJAhGEqL2}ONtDu4clhmj zT^tnoGhu$Ye=n!Zs6_#h0`}B}ci`tIO|C(F z-`*{kqZnttV{#VsK#nQ0k6spfCJTE}_2do1_wn}gB^EKx4n<67JEc;?*u~1Urc^=V zb6$|i6(pW)B??mG^Jk+atW}-tkPTKRJG7`eozLf3e}ynt!#1si38iJOdXV_x)01XB zgPDIksoQhr{kf#h$09$e#TLUh^o_^g5_m|>97Vte zOxryGf6!(J8*YZa6QGT5TFYu+roiOBJ(;!4ZY6y#?7wXWf!#|wop=SvEOLoo zhJgn4jC5)Te8;$g1X3haz{vUPfoxan@&+P=^>B8>KpzObz_d9#i9G8BJx*wzlns9b zJlYEk^8!ri!g?1)Qtl%74j0&v!VYR5@@6J&364n}7-^tu|Oz0zXbKWMH3Z^^6%eg2M}pXg!)Y#6>A7M*M+K6S9u1& ze~PuZj&@bjTDj6vnNk6UBE1$m4}}=S5IrmD36Hs|mSEcoNhGgB5$S;jBN8%6Hz;vn zI4FJBWW0fbBfxySz;5 zY#@LFfFE;v0mQ=av~*c`>~ebfHy92fe*%Z{y$z@%29#(?IlRYA?9f);z;T`UNU8HQ zBoFZ{WGPCL(1SRvfHR(tS5c`>Z=u&CSndeH@_v`fpv{QCxoI6)z+Z5e939Cdq zYh2F2f}PU8DAlaBmxNKLb`09&hf0RjiaOyZEQvNBC@=ZJFvw?6JjSo`>2?)>r0YBy~5-Di} zp0Uv5C)q#X11Tzi^Ae?>gFp*Ye@loeaU&dp-c!Wn9Av#gfM zS9FNa!6C7EMgt9bH%a^=cIIGie}ziu;CC^<&F@^GhC}=g&7P~>bOu8pLdBk|KK*Xu zShXfevQ`!(!6&c)Aau0e)vJT#9G)HIgJqp%Nj1l{&ebk%aF@;9`uX=R0lv)_xe2@9 z1qidoO1@kt2z<=uccKv4p85(N9_-hLs3?Tg7WYt6x1v=Uv>B8LV7^6}f9py&u!Mg{ z@ir_Z34|Hy#{TcN%QApH)ceMBf86A(FWG?iE3z8S69zdX84Hv(ifTc-1ZE_p% z13|Fgsf#Yo2!g2pNZ_A+Y_Wuth5)vkA_7lgRzGG#czQ4!+7>r?a5(tub5%nn^x9V9p<;gvLYamN~U^R^z$z6P8w&yVNda0FVe1r(X}a!oA68k|?sbL!in zrO<;8bE_@&E~XAR`<{fje|`;*kkPN{tg=gc4j74ZRk}MUeCnIT+vUlHvs$1kbnSxE=`fwy$ z7nrC<64Y`RsqM3UNaK422<(4>9m=!hw@5Qcn_h)kN&i!VRxPfAVu!1AiRYG;3bN-fcCi%Vuja;YbBEMz-0~(<0(RkKPd4vX-Yq+ z-YHc<^%6*m0<~@YZ3xlc;`_GYyTWmukh_0?C2*le^njb4olz=aV;lvI~*jW++mGB z9a!x-HS~>o!wQvbJ^7`OV;P)s6ol1HzSZ$|UC-{+e@?dF z40Gc?e_u!IdQ)qgPp}lZE~1W=uj;{e@a%D=j!%vi9;pxXDgVNHzeRn(PUUMWY|_lE z$tR$q95U-{@nNfNq#4YeaMx3(FtwBe@Q$}OV}D3^w#nSXzhms%H>v#F*EVi*ir03B zLW6Jb7aG*5dnss-MaA>n);}8#II~xO{&JzQe*@FE`Dvj!;U>)UfK&JXyI>cxNXZ(t5UP4cSHjPWH=|4IWJ(YeRhxku@IlbLMho+}Y|2ou5)(EWdRfa~J@ zlnx%%d$_$;J=<9AwQ4OWQ0f#ZJgB^O4g%R7NYjJ5PW4b=Ro~ak9fAKbJ!p%NM$#ws;K1)b$_5{ zOXKfII=-bfk2<$w=XiHP!;7tmUm%Rk5>q5<+SMxHV?Y^Nk48(# z5G?` zU>}#UfdLk`mp}m;L6;$}0T#E%fdN`9m*2|)7PmL90jM39s2l<3NK7$ZfA68ATu~QF_S^RD1YT!TXWk+mVVc-z{^f0H6`@@w&l#M zE>>*E@;Z{8*pu=DNr4i^6sZuPWaroKcNzc*P$W&tTF*?SY^WQJ)7|HM=hCMeps*t0 ziLf#eno5;OPo++@q|zkDSd=!gA)s`L*B+%$LJ%m?CKM_T#L|g9;c%mcLW@a+q46BZ zxPMEC${LXEeoK|+*3W2i)N1tDls;V@1xiBb~G2Ae1i1SAJvR!9ho5(1l$D93pM z{*}`j1QHdRmZQZhnE(mpF_`2eij)Z$RDZ!b4C)ijF_sh%N^s)9K}x_W1u8~bk^=H7 zniwqs%t`JcIVT!GAU(QsR5TPJ(bHHH_M||?8)^}W<$}gR1?Zs#9BDu;rAn+NzQBPE z)B-xkAu0HBq-4P91OTVmoRoe~7>5eM?LewPPbfKMIcX+w8X^i<1%QC+y+DO<1%HnK z8pP0uGh{Uw)LBWy1{I5uJqC1y1xJfBBqv%t;Fhovs2wfn-~!P=p)L?iK*)vo2(yPM za7aAI6jE^*py7KG;04a39V9_2&?uDzE2ssA!O4WBg0i`SB}%e34)9N`H%fl5AOV)X-fh17=`KB3cYaLd^jk*qcxRa*~5+ z4isUWLX$bbT!n^V?LB$2$KHIt$r5%j9#6_Wc0TKu@&08#{?|9U$#393b!3b}q*@Y}JSDv=DN|)F=nj%6PZD;XupcLHCVvS#PQDxD zWtQ^)`Ef9ioU8AXzx{0w|G%CWK#^*oF0D#omn3YeVZPGo)M)cfd66chmh@z7%E@7! zNDZ`z(3Nr}H}P_u-GCSOc)WOs}wQkoARNoPAND77jS}j6*19> zZY~YlZ{p>k{CJ!V5g+a2v44Z;ky4a1CY4SlhU-+o1C6yQBIG7+o(_i?A-~PWSy6x~ z{g@bulnaw+!ivH^>?OcowKK43`^_9< zJUmO$LMc;;!~knEq1g?sLH_WQq-laOI4S;E=^rlqJDU!B@U|@R)1Hc1uV!R9YVBn2<`An zE;ic#ba3@Lhvkb$j8sB;u!AKH5{ z6%u^uXpdc`A(YJ0-cJjaV$b|FiS@e4MaxoPwKm2%i+^O%U`|0hX`32DQ`gc&Vc5Zw zCvkjsFd(I{bN2S^IbGjfmF3NUGj^5rrX|#tU8IA_HT%As0EDo80??tY7Ig=Gac#Du zwHROPuoW!~5W;RZE_T1EFkj%eS*0B*Fof-h;hu=__6uA68$bMnbwfrAtET{EI9LEZ|Elv4Ge6 z&YkzeojY?sKF^%bznOF9{3QKQNe0ewzBI^mqPpfJWoC(09t8`ENX%$hKZSI)F^4u~J{01Ou^}OKPssT| zr#+mBd=HLk-8V5_UQeE0a(u2+`B%}+@E#u4MvhUW?HFw(^r z&4fL-#b9AiZX&BH||R3%3ts;^#0F%75g&qH_FnVPciQsIT^fe4Rg0 zD+2L+pX8DLnHes${MS)5-wGLfMaL+zmZ*bi`Sp@#sef_=ILPM2E8X7gMPfh!INRe` z&c{y|`F_7`$fA-TVQA?W#R8pLQFWQS^5ajYvTmVw5`I6dG{2KzY~pp}l(edfth!gk zAZ{H&2qXMssru42C#s~O9*4~&HVw8n6+B&!+Ms(_+5W%g5BHP^=F#0#I)h`{H2GWZah=}a#x24?Z!4;f#T@{ zV(v9h&d&1b*}9}lYWiq2qy~#@vkhK#tHfMQwgDo$@sl($suRVCLnwRGLi%@Yo#JX? zNA?(xB^CxWzPSlirC!HT6ipvLxF?eyT|8sIB%o8jY~%WE&;LiXj%sC$jwv5w!pac$ z6|#D!7(-=2A+f-M`er>L!BIkJV;st^YLA)%4?e1KIh~vDD(`Y!iomqn9E0021r>)2 zc<_~E!%T?P&bdO_WY9{4>5{MBc?BeexAV)P*>3JbX)P2tr)?$dcFy;#ph>478!ID7 z{{6Zn`*8)^uE`OLL1^gh>2_>?4@XX}A`=^}X4g1mhH>zPLgU78_v^gVn0WqolBf3j z`OMQZUDWvsdus~g$K!&lf$yISSL7a01zvRG;*b0KE|94OWYjwjzBg3h#g|8WHkK53 zk#lH6RXmElBipe{935&~=ao_f4H43*xg$rYK7(}mpB>^ZgQ8wH>q914qx~;fqWz(X z)Nb1#ObdtrMeDcUTe9X3#Q(&uCDwpvE`wSuAum#H=#&TpoIBg9kf?J}_T4k_vt&;v z2QzR_tg=>5x4fbvVZY+KT}e=%Z!3ck`Eh0t#p1yKP%w0ugsH}6W4=9w-5La4Nzv)h zGz*Vywkr@ePdp1+R89;WWMr+SO0VPUu$N_Rpg`A$r@0R~zH~p0?R%9~XNA`Sl1};& z|8sp~04#+qgR>nn8lw=FkqUoN>NY?Se za_CYf0>OI`)Q`Zvx6g*omxFrk6;W+=@FI)8(7Y#OxI(3vcA@(HU{TPMp~?}ZI^CV~ zQ$ln|_fe#)!^76 zUzOU$3Mz~G2=45`rowp;h3lO-|GVcL%mMN(Tte-^(R=Mfw?080{u9z znuXr@D{ONbsH`bewL}`uB0LXz;vjy`l<4=Q(ZZ9cpE1jZG#`f2BIwFLT==ti*4^~IIfQlx*#@aWE^(aPFKJIj67 zd(Q<^X!gl4c{w~N%=z{l*>YCtgH%lOEY+2Y(RfzvW*fCl_8sWn*+GBEuv^H6R=nt8 zzfJO>#CA|naYEjZt@j{prv9G!sn$HG1(uOl0zRsRu_SxJ2(BH=fMFwqLI??eAg>|4pG?{c_3%xpd|XL9iH zAs-AR|3fPSOqcsVzTBl{GPE24Z-H@(h#6e9SJ3_$Ze!oOn7t`ZnDz z^QGQtlritkxit~@-K3;h4)?GQ!a*p3PTM(Jbe58y>lr^il=4|0ogjY-i?ot(v;E;Xa>VjEf1pSA7f#k5-QRTFz6*LJvTO(W5A78Tu{Lqr%up zWQpZP$N&;=#{rex`Cn>THSC~tGpoA2Od=rnUeHU^;;Q9aL3)!^2&LqgW)&WlyKZ!P zF}>*zj8!cw8}B7B1Mv*u0OBw;`^U(Rx>E;>&Je2!#Ge2$XWw=Ac6;B3j-%Bg#uR&e zw`=@d{?dYhpV^LI56WhKpI{xdRtZBN|GZeP^nD+Zo9SCuW!vsZb(!&W-z{ljr5UYc z3Kno=GU?%a&eYJe=WxEbjO*NuoGi4MM>7^0%Z_&V{fSuFL4UtoSh?GhXnm%z%{TIi zb68A;7aD%rL)TeuS|aRt;s|`LE=FjuX~ueP|LpbB?h(K&pl0WQ&%Pd93BNgWSa`I+ zx<5IiwmRH`!+ma#aruz?moa55eGYldF{zus)$w)< z!PbyWcxt3ii)xG*k@=JmK@GaFQ=rh)>QiMkU;fb76+0+yVpl*N$EiHzv6(4dJ5B!K zyraO|0O{_GrAPy=4p8rXDMqLs@ITrl*Frcuwz`xFjGE0sC6pfCE7!eviy7YD9L=X* zeSQ=m=Zs_!OwIjVJoV}{P@PSV3u3BPlFJx9jPl1?pps{f#FNIfkn8t9WXvu17F=Q~ zE!Z|*&o#@dE`##nobnBdTw1>ad6L5{iQ`EpD9yPyO?$iSp7~)&|M<3BE7;6^urEx= zAN!iu+YlRQ?N@}A9cd9;=_?6Y5B2vKjjg_=Nng~Q7mr_kl#>bk4N)n5U5Hl78Z>fy zkS{D;g<_Cx5s6k*b%>FZfYIqLJ$>~VEA-KE>jmkScNW2ACj>VxANEiDTzK&~n)lVW zjg4#*x?$H@o9phdcXbC@L(xBJjXW~Wr-p>O#tnJ)VgnlpVyz6(d+mTb%|(U3aQ?A&Q`e>Se79x!*jvjU$yMli1QZ8kAu;yvHL__j_9vI%rGYK)oig%&enI z*1{OpOy-N%%bHu{B<2k=qz*1E(}{snIS$v-UIJ|4>0h6^o#O!e+IEC8dn$x=k~Uab znb#weoTHMD%}Ob`N5-I)v&6=kqTU$5U?Nb*rXc`G4}M2-WEk%iNU{#|j{;I$E!`^6YRqm$%G}8E0sxF`o ztb*q!<{wbxF;-0liuqVuk5Ed0H{0%=*N|+hgN(?Lk7W*p=Jw5*>qBI;V3O1yK=^z|E|B}rAkUH2(K}t+j zR$5j=LRM2uQ%prvR!UY{T1HJ$LsCituBj=lrU?H3M=}=N0WzpIpTuVjAEw#{Qj$n1 z>fT@5>s3;O($ib03sFD_s-*Xa^2Id^zGKBL<>J0Q%mx)N-)#akp;UaFE^^IICfasZ zk3^0Fj+`9v@Jt?`APHA>Ak{B92#|se((=|BWKKi#(aOM>*fh)qxgTX3ZesW0x$unZ zQwq%J9G%HqDKZq`m+J>N;%9UY)KZxy;i`_vS$ij4xmrGESJyJSLl@NbTUKdUM$<-iujGmH1`$ZZDA+wCLy1MQvXV!3utlJy za)s4aX(82`9@zui3dW-R$w^nq)u}OciyYZrL`$Er7wY3GeIc0_yS9@YGwwmoCO6jp zn1PvO%MP$gbbx58Y24<e!?zT_%nEb;gLn{&%Yd3OWV=?!l zg^)HVfTER?>LeA35VRXOxV+C;jWl7`Mnc?E28>CT)R4z_!+C*gwC?m5Jfeo1wY`B{ z@*=ImkLCg9lH7df@f-$5a{^wwSdyDCEAp1R2v7tOQ{?kFKehG2IhH!IxCPXbA&@+e%WA)|RbA_NuJ4 z{h+8)ATT6hfdGSJ*PB%SJ$(%bkf0o`oCgv!Jy%ap-!sl)yKoj?f99NgpWlA=`HLuA zD9=t@$6MTP7Ov;napEr`<=9aeFK+Y2TkGa-=?0c=?h3tBfpx!Jd4V%Px%Pjo>(cB! zmw#Nku50P6tDBY~X_YVE-Trm4aw9ub?qa1PSSH}2d#j-3Q?LK_KuJM>^B&$YeSkWUe>;0kc43clMLRXnSZk`I?rrl2O z)2_$}zu^JjYpiXTu4Cz{T`!em_07_Y0A#j2LfCa-_rY{J zm;tD@9gTKlYkS4he+@)WE9~&Vr=w!q4HKC`4*w2mEF`nnM6JKHon3!-yHztgxt(j8 z%}eaq38&})1)A@gWe`|4qu?p!IBtvs&e-$w7qPR5VSk}d`%}2V7&Ztzn#77{e70`8 zCe1n~NbHUVc)$&A08>%Nzbh5p?h0ft*S8MofzAr>@0vmjw5u7Ue>p5&t4xVWu**(! zhg^4QQML?S>s>)d3k`ovfDLjfQPOwp7}#k=$HNHJc#L;+mcqPHyl>$w{6OK7WlaRs z2yl5#Y&j6LUYB~`GNkSFeqU5uu5Gw|Z-&*a415pR$q3+5M9X1>L>k(9)7__LP31?{ zU0+tZN!JDNHxWhoA+s;G=0%(JEtd~<+ZKQlcge;QO!G;%`=Wo_&8$okUDITq8(DS5 zU)XZda8Uy(v#vOjtkNx#3fti1cmm{J5;6c5`vYxp0t+s_##=OP2 ztw4XEKoX8Gt6cvAgFxVKmkAtDvu|gZ%#Umj^yG-io--TJ$eXkCM&7^T#y1oC6GUfy zgR13Rx;>xt@=AXxJMl$vzFe+Agg}x4R4&7y$W9{1#X-uoUEkn#14p7@FRReSk)Z;0 z7wVpT^7U0@?b4hJD7g4t zYyJXb!0h=@>C>{LG2zg4pT4KFkqLI%%z$`f30TFju4q;kW8kD9j;yw<#Ta63mp1u5 z&X+dYW)LeIEY$~K-yF*!FNDCnMhl0fjVTPum})G(moNx}fv`kX1n8y#i)(Y`TcJ}B zf_%cn1Vn%O;5XMmkUC2{LJI)UcXqek4u^VC2trDt7DaHnfs@xgNdIcnXbn~Oiu-`R z^c`a{ik!P2>H?KR%Uv>_kB>a*08Eh#C?rg1cAkdzf~=O6uATowX}3_#yj0=t_jn$ z(s^Dg+qz`pp=AzYVlEX#1M47cq8+et(7AtC+@a$|u{cu4*z?k=!r`FhKsTatb%d`0 zk^z4eSz0pmkTzY*4Y*ANv4$lRh|s3Yr2{ZelY$f1XC1izSKM2J;~>72GZl}u&eERD zy64fPtT8=LA!&_HrpB7V;2Ho$!GUFPquCf>8C?l-BRcLXL~E}u2#Dcf-}TTJ1fPGP zs0yG<#-Ik=pklAN0`6gotbbS3y$nHKW=`|LXRK<59&kUcOxnw6Kz;^=?Gkx*4M&A? z z06UCGQgCH}ylq{f6~bl;ggPKm%dLNdYevqe7))-`)wZZK8wwXKDiM#^d=3LRDsVzs zv?EfKH7yc|vlrkRWsg22*e+=ymcXxQfbgiKY2ZjLaWi}V(Db0wMuwPR_RLgraN!(- z3sBz0UVt21xNv0Psq&s(Lk@`X3OpFutu%4V7^hJHjy=|>$$4`0`pK~!Tv>kwuBh{O9*I+BQoj%C^=+8zO@?a%$SvBLBt#fCCMrfXY< zjC2On*ww%is(bER2!!=1jRBXQVkT&1%hH+QckQe>Lm_0bsk||5Ta%r@4`XC*T zCv;3?0N8K`mQ5lh1KYz8rZaJD))SY^pmP>#QZhx-Cv3|dWUN+->EVA+0w&CKv>q4@ zuwWON{w4MUiYUj8(WC>Py8iDNhI&{**v2)MB9RCLxM2{4s8AXFR=tys(oQBETTYZ1 zG{Lr37e(Q8!{OkzoTxiiGu&|f<5yB|O=v__j+sui*3p^bUX3o%$+zc@K(ZkoD9W92 zz@QovR#)7jk7}u62s(c>+{ujY9uAsIL?HOCm*C@}#LxigCKx_QS9Dcz9%d?l-0QNO zL-T#b$W@ZHD!Sie5G^btP6-xauYxYdAC)jpSLdmS3{D2!@Jq=-oyX^feMk)z>SEO73r7MtA$wZ)06kMJtic8!se%^c3 zVvbMFH-5+5iaLpvpyP@Dg&v>^d-P(loaTAM_5vz}0Hr6mKYi1XUx(0^63{aqBe<93 zlO+KO{=iQNLa~36CZ#-{f~xHv)C=GSV4qb1Lf?Atu6S5mGvuDK9|%FLMsX_qxzjk+ zK+fY-<$1QN2G;uitJ@C+sw>ldLhhnsADT`UlX8XR@1_S&`h(MYoT5uPaZhO~lg+ET z1|7>>dYUsB&$=I-V?LX{U8vBr9oJv@3CNnsf^qpWJn@=KW^&Lk%q4m~(ht}7LtQ(3^ zsQ1xq(i~M*_POTD9K+9f2#f>?oXbuZemT^4DUFutyr)E&tE{r9-cuMrol;80Vi7s~ z^()jIx6FUG1~^P4t#dfw$)^Q5%WgQv=$Jwct^A=%_o$92hynnjLj04P`npL;&%>xq zU(w07Vo#y{n2a7vsU%I-MMYyNrBa(@3)v$qqV*Z2SjJ0Z-K-{^B{hS%65rEEX`Jx= z1zH#>@FI6KwHNW!2<54{jC>59_7&I2mx)}-kMMt}>nBfy4A|j+;|n@B6}Z-&oHCa0 z+1XX*o&XESJR5;){*su(w_g7YfugaT2-$0h8gi+mX1cbk8{;qV<;BVcF^-bK>XFr@ zn3~JRUYPnde}>c)R`$hqXMDQ4mTSVYFd0~~(;$vtOcjY8CPsIvfEDQk!iv-%t42Xt z1$KYn2xHyV#fgG?gn~}&I3BY6xZ}x;(=_ErV?CWc+ojD3zCI2$e>CF+asl56j?Rw2 zyP#?RFvU0kw1AVVou?m@3!iLE zP&`ZHeCSy4VZd;=^$8r#+~z!vn#HHl@*@VG@zGNjhL6VJk8`I9NBM~PEY3rp=$f&V zE>=NeN70GMp%4}CeiJq%=7Y(e${P;z&S13Ke}1LuF-+r}I=I~@tMM^E@9}#7|E7P% zPqFmlbd>H&MWJL5~&_iUeBh>xp#65g(=I z-7_u!Nec0Vy(H@VMA}U?*Ni@4dG+iliD$)RKI991JN6VkpYlDS_={pIk7(R4%)6^7 zus-aK%?4_#0Hz0TL4|hUdq+nPT+@HH&oYPsHhsyyyF|#?L!RZpj{NB| z659`D%C9trhcp07AIdt-8Om}vIB#QSk$ZVHy7pI`N`P0}* z`CU@aS3n5iHvsB5`-nVq_mAkytC({b_{AOZy&6<-Srv1x8tbWiHD87oOp1 zh;JP>HQhV};qff7!Z$5)AB6x;&f5&+XEO*s$;@3210SjAT(A(qpp$0w-04%J1k`|k zG-N||hSKOJ{}P%E4#c%T_xnT3FwXBBTf@Z2`W5$;jeyb#Y%hsUk^q0BpnS;k#(}w9 zh&erjkkhP|&CQb2hSDhgi2dne72$-Qx$YS{a*FthnmLMS5cqx=iU{oj+B{PZR_|DRxg>y@8^TSB^K7`TQ$Pb9M)&drB1Es}};Gq4O zSMz;-SMgee+&4lFy$pYTzCR4Opcdbl;mRka>jBlwRYJw!LcXZL$Xr32N^J(R2+(M5 z8Ep*5w)`E^H`s-@rHm#m`-_jXyf`w499hp_^OtuCg-Oy80Y~D*{KV;{*iTv7F;kD)4S#6xC`(}r4F&2HwdMM?TeWMd(j&6SrM{*vi| z@8xT@W1G(=ZwY@J;440(2C)zMLjjWuzhkz*y2{K`I)0rqn-pZ5@|1ENCfmp2 z4CPFJqTIzCpFCW2Im?OPx+)(`iQbj)T`2+7G@lQgOAO54Qm2H{?`T?&(uUJ|pL5bTixI60FstSEoo zT3d75wi15VufW@hrxOzQOUKhWvQ;;p$!#nrX`A?gkzk9BENUn!jnA(?--1+RJGQJO zo;1zKGC**#*c-lGf)b1~!xU$hX~hC_iV4oVWda>3n9%q`1>Fy)yJ_zGr}>S@W04on+n92(0^khssR zbj(05h-DPB9*t%;KwJkY(Ref<6U@2LvyyoZGQ&LBTgyDiY+&AlnzO(;gZx2B<|H)q zCTS|^8X77LI>Uq!rstr$OVHS-mAu!)6ECOojQU~@Ck~$tXgFZrnt%fZHSURzdWs;JVt+fH0&;{A}cZ|iY1Js4%wAF<9tt$3k@k~EOlT_kdVU# zY-Sxq5#&Wr2ICr@gZ}Uqd`FWwydt4LOzDz*6t8fZfbvdR3<&ZkCJKbFgXZXfi>8>x zfJyu@*${tno+I;9Bn2`6{O38{0xJ(U_I7t!K4kfC)p5o00ei5Bqo#kXW|`Pwzx>jB z@T6+W_XUmY+)652(!FBz?yRnsv+)h2%eNn?SFDfYXfi8D#gq+VQMHHZG-BOC7~UEb7r@%UPX5M|=Bs5O#7sujBhTYjWs;TkP5USpQv@ zO*uPbN3mJfGu9uE>$rcoYhB$L=3*Y%@M6)#b2hA|OS*g4RMSrF)?veWF^cSQaZxQB zb_9D>=jH!ybK_+`w&nBp8=>q6nCrZ%FK+isC-9(LjFyYVUEKA`9lxHQ(hzKRt4*%V zTFvVZA0KT)E-x#w&4kX6N6T4Lo=3JvLA+r5lQ?>}xI?9GtzmytG?7)OteHgCubbO# zX4bJhUEXN3*MM=(j#z$BHYY^9yW7iCP~^{xv)Icqw?VuunAb$u%MstzvL3|+fpQvo z631n+SAAfwIR-3&Mvx~xFsLz;1>2JKXR``?UQ^1TC7o&;-8QCeY}>fD@u@lKT@frX z>gB`b+a_Hek7J!g5GVPg{4n3g1++UMnXy$~OKvh1D1pEaRwLoaOd+XB zV=|y3==$usB}ZiwGydO4*wW*-(-_B+i#8JPNhFtfptuM&GXQZZbmozXXdE!SNu>Sv z5wiIEl_en0c%3O^dlDr8&jXCcH%c-*FBTI3kmURxO{0H>&2&HxH9WJ($yx%m5HrRK zm`ZIDsKrKv`_~$X_QqNw6+&hyecOQeLGdL-#;NY{{8ne3mS@X4W}{+$DSh3KG>T`E zsw-_W34bXqGpVRdu$koFS{kEZ3)FO|p0LMIib9&U^x~OP=Ch@_giOEx@h8&=P3&0b zC?-6cEvJ9eliNsrA~nvzS#m2ZK0pP#`XZn zn{0LfFMHd;G^oAn`Y0TISoKkk^Hm>@9xGS}*PyyS>bjs;w6l?7J zqO2>1-0d>O-aMEz&3y55o~Plnx|mPO(ITtrvo||CP@#^gIvG$FeK7bLnmT{syn&j(xy1BmyvE@V-$;+{FJ|X{>R~d|EEFxt9ZE_#=1O(2g`cV>`#gs z&m(`m{BhA;U{AE(9mK_`F6T{Er-zngg4~QhWk&ix?pY2!!cs7Y%U%?!Zw8A<7`~a z8k$KarDsJfcvT1~ZWdzgx7LqO3lwrUM*!{~6zApi0+E((uyhAucrY!_7AY`@XfJIS z_Rygod59-nq+d>tvOGYf!={*)qyFq{8W}Y1lknI^(yugW*h8rdLc5qhisjj)Ni%<8 zE0pyw@etPb9;IFqshmc_W_hQP_YVg&LigldwgzqcByl)9tr)R9if84bsiAy-T)mCZ z`WYn>^2dXfKXz!f`FtABNe@oae6l%YS9`vKi8#KN1NoFYNl>5!-^xEXiF~Jj^grny zw{nk^rl*~-J(M2)lClXwdz4g<>tcVlm=nH^E+7$W08v;FcLwo&If_TW?R}T9`RK*V z{*%KmhfO8#12zr+IFe{Sh0dG6)M5V+d^$QNONS|I2vxys38F1*ufdyul)#gqv;$Fh z9ZsoT0ji~=9=!%t4M}MH7GPEC8v|>~FV}!ona=^%8)M|V23BSNCBUluCSa2!suzD- zREkgCtL=}7j%#c*=`rUku#tLKp-H=MjE~xXijO*c4nE!(CEqnZ8vZZAMgjzZm1C0I%sItmFd4m& z1?oHD{sDoE5t%eh2b=LA8L~$v@%(>dxXZY*n*=&85$cq9ZWZRX)y4YM6{}l8FGqc* zVTW|u3J1~Ir?Pa8*C~|r$@{yzX@$I>ERhfM7e|Nm{g^Hnqe(R_>g=ql5T@CvI?s2m z9P`mD-EGhLuF|&WYz}iY^3O)v)j^wudI9QfN3382z9q5Jf!wwot#TRSY)gM)X)>j^ zq!lU!@m9oANk}2KIdr67FNm8?7uTnegr2`Yd;1qf5zRk5N6POGClAl*=LD<1VqSdJ z$)o$^O_Xr*%U(s%%j$HtXj)N)U&Rb zvV_Mz5uU0V>;Xx?sK`8=qJ2)t0ympL;;0x)&c*%Vm7qN<>9;9}Q$^VW5RWlQ_QASLadNxwezbWGIr7c%eug zA94KeyDv~AO{cyzooPSVSS*&n0@xRTm9^L|ti{VGmXyzLo}B&=gp0_GeA{2#Y!+T< zMs~0W9LKbx#Z9_+Z`eOuo?5Ov%Q9|%ww3ke>GH$PkMNy;KlsjZ&BzO&Q~KoZOV={; zcDG#Fj%~ENjDb3D2y%>S!tHrT$wo)P%GRGyKU*cuuaEmQ5| zPfKMPS;N(T&s|Ywb-d1tyv;Ro7uRW46GxUX<1sTdrV|($cKzj0RC&vY^&OTW%q%+& zUAB3-<#t*&1ol-UpOo={OQE_u5D(B1E-Io9@m*2HX(PidZOiD|Io601&oa^~Ysxp3MEN0l&CZWlogjSW}ELb?x@0b<#n%jS)9r! zr2u&|CqprBc~b2Ud6BK8H^5W}R#t?Yip!zEF+}S}GSk%pwL+Yg@w$-CUjM@sqcb#C z$6X72#q2moV|AtH=0%S2yy{BS2rsgYvt5>dpul`;<}8`A1JidRZOV}N6X_&&LxO|A zaIJo}EQdE=28dbPR?2~{EPK3Q{gS(ZPkZkMf$r&!v9m^rn|evduM!Yn!tP>359wm2 z*mYY$9I_gi-^XQ=%}H3kKY-E$`vLD3mbuiCNi1ov5ZGjKlhfXKfdV7S*n!&OL=csK z#0?r#1TW;ETREmBnbbza6|$$*F!9~xls8==`l7_eP>22srl^e}(`r6emDgyfMJLnaT( z+d8LRhQ@7%K}Ny&iL(U^%@*nQupM>D$g1Dp875@6@4IA?w3{XPL*T=Om?1%<#~?`= z;kvpee~gs|#qnf90eX@(LQrRa1sDlwz(pHTzI^@eK}ivrLpw`;r6_dR=eZGiz?Wxd zV&#DV5s|55RG^@Z_OyN=p!vd9=zULijTLDwULz)L$GE(NO|y)jUadf1f634~A{qx| zbqk$=x`no>>`;3R6{>h0sce%(Gpgx(X5hJ+mRZNH<64H6HAuPEHKekCuFat|yB0Sv z!_fYUlG&jR{ghzp>}^+*aGHp9Sh}%U#44-7AC(+S2@}{V9s{|+Dh1xy&Q;%C&8^;= z!mYqHUS#VW-IE=7Mr10*SQbLY>Uf75sCOvEKsOxc1C?v4$h3rL!#Iwk0CAa@-IqBw zByKCS!ekqHqmAVT1d2_6KihPUUBEA<5|PmS5$GD6I)76Sqa0dG3LW}`)I=DBm6Z); zq>aF*G>2|{5UFbY3&PZa88{2ebS?O&oJ9@YjWJi$xjX1Q2+Y9hnH94+DRe?RHg!tXu&XGyms40OAAPt!}%(U*e#f1I>`ux^^Cph=q?^eFq* z2}GXhyXwISOqmNE(+~YIbF0<5%L`fDM@$$#`O{=N#+T6l2&!A4;;go1_pQ@WZe+Ud zqo*U}lj-d6VEex@8^?5g`!`I7=|>^-Y6T(GHv1o$k>{DN3LZZrp`Ywfnl~7Mt@hwj z@*-bVsVid;e_3 z?4;2LK=g6X8OSL&sq;hoZv=}1LI&dcW&IVGE&7By?_0d4GG%EzC{L~X|mt=`r324&Kr9l?RASBaCEev}3M^b)3nlj%c; zZQ6EEgon);hHQu|d$V+m3MO5-u$DbThq#XSSqn#>B?NyS-KvF-YdEnS_yX{t{$w+& z67T2(I2fiGE-hYu1-9H$AsWWUYkeG_>Ic{iJk)W2jm|YA`s3jnYxA?49JS^`gy~gO zXa@cM2t8dy!}RPG9T^dBy2GKWTa#<^d#yk$;1sGm6KS1pwKAXl{k?Tk)%vD;?htvrjIqb>BXnH# z@Y)l9zTYv(SHB?K4cGBBj3osmUL-g5h!G7Wu)o2BN~?RNJG}k^W)jEpJB}ORWs7Cw zV*|o?MG^8sU{&7`1(Ck}L~wEyMmWCI2=#q_%GmWCmuWV8jnLm?(1o01yldoEYa$LF zsBF|93%5xkMy%ozpX$sWOSNR~%HMI#qwSr4mwJU)`Ta<;!ZH?%mgShXGf_|;@<{wJ z3szu8ZZEUA%syCwe*1hd1+;yLZK|$LGEI@4(*ZtNI2Uz^M!%j_*_u7(Z#y!pUIcm&tN+$6aRfx`q|JlCAH5 zo<4MwdEM2AI!B2iz4jdty{g;pPPihkWn7{ATwm4}5%Smy(4jhXMO<^`j0gNcRhW72?SXEq1ZEe)2a-6Yv)xN9fnk3xeVWwps*^ zXIh>-FT5IZN*8pt@oe&jMX!Kmf0Fw15>B3=7hfYI_4zYRe11X>EWaOprwM`YcEku@ z%S!?9aE31hcf#yzRL(H85qOv@G#C(qPq=cU@LRaDLesVeZ|9z;eB+;VKaKu>1%k8a zSbdl$Fi~#ce;=Ow$TclTd%nL(S~| z;8|0j5v@o9Wo5}rGoqM(kh)AddC5Wwe$}y#Iaw5Ut3JV|;nrIakl80ulpIuJ2nw=# zj}N^WS98=BSKKrr!7 zt`g8MNe`lwC2wXe7!B&z=4GezlJc_2Q^`Rh8LHRuR_bZo#&a5fkaqN}#?R4q;M0S= z$tZp^1YB39SzX-8!(E_r8MyI)FLw=T1h#SfLp_3E@1%E0R%&Kb(%`s*DuvOaufs-f zpb1%Oa@&hH*9_!BjGGCg6!Iw-J$FP|a&Jw%$=W-{LG0D$usL6OF~ z_G_2d8NJ{>Xn!ujOmrjwZm81z!d?D{SmT1GjAQ+19hl4%F3ON!e*)$*&OR3Lt zbBD@4$aQTo=r$U3>jPtC5{xb?6aYliSWu>UljMgYFNK1Cm<2o?#|g0`_5d}?LYh5W z-eTU6$*u*(n%5p{d{kAA2ri;vgiTk7AKGxq>jJ>-t}5gUv{h?Pc;K&^Bkc?i{c*lVE6+p?}NUjra4z| z4a>acvZ$(0jexnnGr}4r=OJMU&LxvQLIjxVBs?Fij>-)ooR!3=Om8u|8Zf?l=8P zL^cX8T+f$W=!UZI0yvV~tut=8&Hk|T2AQXSfWov+rXwruaV{zphbpJ^F=)AES>PV# z^kAIO>V%%8?qjrH9T<|dCY?NqpFKJxXk*|~a478Yzo48|p2KXH1dO9F~ z#UN%c(9t_%6a=R}!IN8t^6W&)KmL&c-PaGeyj9)S@xKvBbafDnRJtM#5dBNjX-^0H zE*8%1jj5~iBoXWd{8 zVmBBW>n0aqzfSRcm)QQCH#w)ndz73yv*XG>Ro*GgFXH)))?_teUcPvLZ_lsXtBaef zbCdm{tXU{)M%nIo%a&s_h&71pz{yR1f`(td?bZ;;X;8EK2q5D<0QGUA$p-wnq-F2`CpGL!5o{r zb}ym%NO0(<8lvV(ohs`AQ5ihe{0r(DnFW(!%M+8^z7zy9IX5(uF{~(mtyx=h+qw~c zKfgjRJwwe{6hRUonVC$+mL11VoVbzOb6O`46a`DHc~N<>nT4+8QQ==`j!XKuvyi zadANdFJ)90arL6sIcv;lrChHRzt!QEaa+VsVe~@67mHiVTli&qy0#}g%M=!GW;>xb zp70y;#3aeq+AP-!S1WAGa?P&OW`S)o-|a5z-W_)BVjIROdW_q~O;|)Zx|cKUUT7@C ztjbGmaUN!|Oga{Swy`Mc?~*K-wg^v-J*gLhu=s5oR@0dq_{MpT&%pR?>H~C0_dd(f zbI&B5uJXDfqqCMvvFnp|=NHRz+OM3;N=7ra0;@ZD73bL-K%4`kozi1j7c`7QD(Ui! zo_B~58Ev!p-?hRW=&GEaYLcom)U7PaxU3o+_vZfl)Z<2fon*2IS8;+M65KeT5WL9| z)W>M_Y}51E9*kKfi!8)12@`tj8oxcSi@hR$Aj~gc$|*A{nU*A@%M^0;kev`)<`30# zSWF#^DTS>)+LhD-_SA(r@bhD}QySk_*URN7#+m1sg84m=+ZOZt=w$&nS5CWn1nQ>q~GAuq_}91>5uk_D;p{c-Hxf69_LlV368 z1q|Hoxd!E>I0;vY#9S6w#HyGFg)tXUm(&f6911Sbo^_J9GZ^V;cUoaV zDLYZ*3`Y?QT+?><0JPcOMwo%;_-Lc7CkRx%*0LHH$v1^(Pi8H%tBgJu_TM&r-|hxh zH(mjMGK)OJFT+5CdPX|61D<1?LjoycDq!S%^+LLd!VYS0^QJpYs=VKO6UK@#VEa78uhz+U zZ#D)aRWZV3mnRZGDR7Ky*x_m$W+YL%f(Gz^5<;~$yOm+pHvv@@HwMc};>YQQ4D2(l zo-yOH(5r{`X;{$Lv8LbBYuu<6V#h5~kB$v9{sAlA=>EUPxS2!g03vOPP`|9hVhsW3 zx=?lMDo+7ekrvnCu8LbLS6V7lD!@>rX`yjj$S#I7Sn1u2-r&qtwFIB7kOVKyh9Z)G zgGNOpq>@fhV#jb$dalVt15IxrBwaIrLWQx`MALR?9A;XspqSKle_LLBy!u@ewZH;K z)GI07>b87IcX=7t=|BMa06*sT0*D2{ap|&O2j}Lq5o?lqE^%LF`t4z!}fStFXj8;|9D(u-p-X#eYg=&}PKn!n6)7 z;KvTDVZ?~8#H<->UiSw*^Q22%Z_KwRR95cU|Z>fi^9kC4%S@#snBQg65< zd12}f1nRjQBv3mEOUv-IDQv(G1i{M=v#Bc>K@jyH2>i1TEtZf_7r=H?gy1R6>W6Fy zZx3ce+Y+Ym_XmG{u4<^H?(8gZQ{Z$o1Nrv@RFJxroXTFx0j@Yk3ta~3;g}X4=Mmu@ z^FqdkQF0lVaG0vpaLjmrXVUXVKlQSh@i_+Kmgq^ZOl^*?`IJ!`!J`@%x+XP zNII^ZZ9e2$_Anv@@CRRX@14+?IRll_;U;&zpO#8!IYWiADTX+I{(=1{G0$`nwS3rB zryHFgW%ZmFkL`-KN8=uLr@LJeQw=R!1#bCqaXMDkpkTw{>!_@`$7ft0$Xp+e_Ane3 z00lU1i#a7dAqjDIr|<;=B#Km4lx_rFod~=x$Z~ZfskCnsiKR&yWb{OQjsWj0&!|*5 zfVHYFvRRx}`7DWlR}pES<7!K{S|GfwvxcC91gE5=q$ciIqi$yF!R(taa68-Q-(Un< zt_2jC^>R%l8!F#d-fQKa#gxJ zC@DLn9Cu)`SdJpbGJ&Q3fedB?IkNas3LClYK9fmamvmo$41@ZvZ@kAl3s__o!pSHz zN!hz^Le&*=om9cbcRe_gtqV+4BXw@M3)S}79;ERX1qf_^h8@b&_4ej_=b26#&aY3gg;HKwL#+pj|#?&k}fvqAj3(D5PBBHR4){q}+3v z{mXcYP~sbZB|gPX=?B$or7Eai0!dMzwvE3Gt&%T(Z5zHW9M=hi`v+K#_203ak^AtA z^+ui6g=bvrKQ!=@#opbHb~jqQ$Av;JrTXs~q4u{DO7bo?6YX7W7ool^8d%lA?XUy^ z5!Z6Eu!BKDDje4M(}C5#qQ|`RNbozJGZIXCWU^|1Yz7W5r$rSHpXEGae1m!3Q ztIK?=HXmUr*}4cjR-UQ{+rhKPxjH^MR&by`(5Czg z>-`ab^#MDTudSd-GqWb2fQoX+U>?{b>~K9Z_Rj;iP3G?Z24iDarq0ig>&$fVFy6A; zR}`GRUr|t}E}-Cfs2-fVt-mlF@LI3X{NEMD_D#gfPy5JoobXJsY`dKMRWr zn4kyYE&ny0F%QjXoTD6uG5Oso79aOxXYe05~lFa~`nozb5H0d21YXY{$m0WQ(U#6kiWkx4;n|vm#Hp788+lEb$OTtH9$H z7m}|$VewG#)t~v7kT{N$dp2^de>bJe3*kd?OQfPY!ax3N4Z0Uw89hR9nI&dO)U=D0 zFUIgQv>pwjfFXtgApv0@muDdX7Ps?20UAM<-9P~rw8aF-mQm*-HUyL|@!F&GNeBWZo(YADLucv4mTjaEwPV3{DCXOW+sDMd8q9w4BSW8Q*w?L^@JS4$?qcmV7SX3~v6yQ=5 z$$&#!4{SL4c+e(=OAMFP1O%kO{K6+jb7}$=mWwU0o)|}nqS*uqvazfsoTLMD?qpn62KUT3W4iv;<&JonM1{pJbdB=CtNuyQ6d7B2)Rt0B-w#% zCmlLtQl}(!HmF#C>Wm3B(a!Ni8v}spNn{HQLQ^Fq-VqpzCq5{-B_V>K1U*qe8u}ZFFK(m(;qC6tBw5Jrj=FHlo} z93W`e6fA{QPFF0TqP*F9@??v>`FxorY-c*1m0Rq1F)ZW#%Y6EAi|x+lr`h}iC(}G( z&)9RehZ|Vx$rd}xMrHB=T%?ZFSBMmIC(`iLLXMy_Ro0^4PV(eQ!j2R6{p`&wVf)E9 zqrA*g{;%(UM;T#m6R zCpY0lYM{IDTq##_9WDFWC1`PvM~k;991m5{`W)@gf)MQcWTa}?I1FuU_m$EKZUFy0tv80r@Dy!!wj}+<<)evQk7Af*ZBuemq zTF7XPOs!cTVCJLq*EuXeJfg=E(t{j?78#(}F%1JfF`uTS=_}Af!ssL=o{|#Ei;=V; zXH}enP23OwpS%6UI6qs=vvf4LEc4kkRgXsvi1C!kYK@G@LDf=kXn4A=uhQ1GT49>klk zuE+}6tb|X}z{O*?L75wEcqs6AslFtOT(!99fB{9JZ5L@j34aI+^ZJCPf< z^W;fffbEP(OV}}cd-R;HZ_dl|^6!kDXM=e;oMhQ)I+|UuZy!z& zDRLEs75DcetN>-#*VpOjDm%@}K|U!WbythYG@B2G`6MqtZ%^`~WS>F*HpJ`M>~eOs zE!gZTn~x{6>-4<5m^_>vI7;l2WD;E5G_~A76_ru{uiPMS^(a)p77&|!I2je(AI=PA z2*GWhSoQi=$&!OLaBVi~Ycaon)*E#-9(yu`h)w!x?BnQ+YHi;p`Efd6V!v5ug#;E- zTTetZJ3973hUqt?LOAUC?1oeb6~p4ne65qCb#u3yd<}J-)Ctf7b2ll>a_&ZFSP#nG z=(w-SxvJca4*RP6P~SJtd0jToD|YCZuPW<%A=l(?zi*?$xD=#VIx5nCZ8Bn&LX6W7 zvr#k+vuK{Nww+H;vrk{(3E)H!{RiOKO7X5@B`-HUt-tN{~gussRH)`~%5`a?f-eIY)00^Y2eKdm`jJVF-ApDJG2kaX`u zC{bLLoyl_Z#Sp*<2eZX{f5G=hB-%bp_gVW%*0PWr88|TXlTLyA#K-U$WVs#!pK`D(0JVDB2Srck@k>tSHLgFQ+fdgwZM5XLS^TfNgT)JL3p7Y%LYXwPGP3P{NXIM_|x>LaeJ7m*q za8Cdp;`Mo}j~|cnz64-m40`4{I5E@r{a7(yW?U4f9Sp`i@_g753>E=ooI(wkQ5ycR z9G+dxrrMa7Z5 zk}rOS1u(8?nfmFQH>O{{2L9tyj*2hu>vLN5uup$85WhoduvDL;VPidCx!{o@T9$s6 zLNqzkUL9&R7tu&nbHX3Pm8m%u1(~_EuK&cj4^2s`iSxOe2@RZ@ z4|=ZGSitxp{2=%6cuDJC3?y-@W!dJs4Q&z}ccdY+f9BCq`*C6CziIjyM1Qd!6(E zs-qDq16SKxG@o}JUWqR1ELc6naorvozml+Gh;G;&JzSpO3izv*A&RkE2OTRvnVfzw zf?=8ep|ikPPiGatN?|=n>=l#uN`jSP+pAyCd~opK{SPmUi`N*rNj-|lQl~CZOrs%W zuo~-wq`g5Z%f7nr8(WWmOsY9Q@9 z(Q~X~7^cg0e4gT*Fl>Z+UijSSJcpys@%&Avvr^qfkB6@x887j7L$H8deaLY#)x57F zi*u@%l}VGFD4>$7p&o@y2%Qm+;}?x24J>)%-2IrCzK8SBMZxmxJS)ui?)NW+TvfX6 z+9a@aH(OJH>=t~S~%AYwmOq4Ji3#4!H)MLH&%#EVMtFW8R^@co)ubK_odLs>j#$t+F5m?l)TfN=dc0Ftt`MafHZ5oHhM( zWWv#pdRtED?fTDU4iB2JyTE0kP)3nl2Cx}f|? zWeynE1M&l+Wgs)d!KTKU3QvR5&u*WFD2_{-*o=E0M51nkqJ`T`u?h++^VhrIIQHrn zbaupoX%z+M0HZ=`=GvOhJI$%AW$8hx6|+KbnJUvt4YC(|H?21jCc-_J)LN^ug{v3m z=>f$$M}kT6JeS{h-GXx9onR?n52UI?eeNmOOYzEUr9`Sa) zE!GDKOQSr_J-dXwWA;c1>I@~A*5gd*(#7j-%=H_iHMD`qx5rWorVcZ2_xhZ;9L}JR zd`>=9xAFG|Y|$6MS5%qUPcO!eW`k3#0I1~X(d-gDJ_scdXx?=D{KP&tG7BNQKzVCyr_d` zg?BNZB#xpKxw|3G!iJY1%tm#WX7&^m(@xqpROn?r+orQ5+Gz}3kEKT3Nw{5idii8` z$y!z*!WPucEw$}}DGBC2I*;}*8{Fn&k^$gG!DE)jTN~Nx%}a;$SIACe)RH{olsUl^`2mJQH9_0A!PrA{Wzef8ig% zEh!`S?&s+AJo!iDq6rnFTtV6a$_Nvq92N{Tc7Yby0Xl-ywz~T{jEz^{v&j)q+f!9h=Rd3bXJs9PrmSae+yyow+;rD3rx_ zs9a3s_Ql5GVhn2Uq;7fI(kaZ8D<>nsGj70`$g#{H!n#4()4nWQR`Sw@w(54L{fVqu zwC=By$ZIr5j~2NxK8D_{yHzuTl^6J~LMPcd$|y9>h>!aRW&PaA$gP*3qpmxwu*f`z zI-8zbt+Ql|@6hp_el_rR#q17aqYoWOGu|evzT>g1TkUZ7JzL%wYDnZ)(Qo zT@{?!zg6m<8}qs5aAm6T0TC0kXEvok-6V&3}l@4jO&80X;N(% zfwzw%%TVDZiBSE^^3Wh(w=Rn#lNz7Jy@~wfdP`-SPM_ryIr+#B1?t3!#GI@T*kDfY z+}^F!R#?8&yYG_y%vs|};zR6DY;1D(z{YB3JWxI^KQf%Fl4Djnx38Oq#(QQ~$qqCy z{88^w3tamGPlPSJR3|($$@^@&l`&Wp^DH^@=?DrV75tFz{NtjUKx7eic(OQUdA5(` z$vg3Z>U8NpTtr3R?ebt-7<|54 zoaDl|6MDxkV7$>@j;HEZ$%5qBPS}#TGHQl&JoinG>O@xO425=_gBrns%`>iBk>XGld=oZ@uI9IjUYuG$E-iNq%nf#i(;`2@Q&ES(q}0{qB*1F2s_K$5U=L1L2Z7M5@R|SqI**NIMia!pzeSMvseXHv-va|w~nXV%Uk;kYI486$C?;{u%t|}2o(fDE{cNG>77Fahw2YAIxRU}ovmRy=8aMZ zu;vv<;Tx8C|0O$qta<{6T(t>B5d9;S#6=u_SgZ^n-t~|$usj|YrFW~u$%6t8QB3mNP@OTrQ2x>@WoIP+ChrXsvDn5z; zp?ssUWDGMi1g!(sSYc{9l3i)pz72D6qS9W<7?C{h8DT#s*3*Vf@E#wxKaYPLR%?Pt z5AEGjx`JKYoV{rZ))~dIyzq|m4^t_yyvWRwr5Hn>*x^yOQ)M^=4I_5o$*OCyy68Xx%!$(&g>J>=7zh{P}?ejuG4Of8oiPv(HW#O`;oA$o!b5HBn~)TC z?-8e&A-sjFk{d~Wx;}5Mre7mmC!8ezAFZ>$Mf)ie!v4re+O7$lqStyG%IWckZsbH6~l7P&0hhLaly-D7DzW|3#EWpeO9oZ7dr&{OhscbihK>{YeW_t`I8Fxi5x q|2bFyoITQkP$)YXK5BhVT diff --git a/work/01paper.tex b/work/01paper.tex index e7dd41b..8536b7b 100644 --- a/work/01paper.tex +++ b/work/01paper.tex @@ -81,7 +81,7 @@ When the first programming languages were designed, memory had to be managed manually to make the best use of slow hardware. This opened the door for many kinds of programming errors. Memory can be deallocated more than once (double-free), invalid pointers can be dereferenced (\mintinline{C}{NULL} -pointer dereference; this is still a problem in many modern languages), the +pointer dereference; this is still a problem in many modern languages) or the program could read or write out of bounds of a buffer (information leaks, \acp{bof}). Languages that are affected by this are e.g.\ C, C++ and Fortran. While most if not all of these problems are solved in modern programming @@ -110,13 +110,13 @@ type of bug is very old and well known, it's still relevant today. Code execution via \ac{bof} vulnerabilities almost always works by overwriting the return address in the current stack frame (known as \enquote{stack smashing})~\cite{Smashing2004}, so when the \mintinline{ASM}{RET} instruction is -executed, an attacker controlled address is moved into the instruction pointer -register and the code pointed to by this address is -executed~\cite{Detection2018}. Other ways include overwriting addresses in the -\ac{plt} (the \ac{plt} contains addresses of dynamically linked library -functions) of a binary so that, if a linked function is called, an attacker -controlled function is called instead, or (in C++) overwriting the vtable where -the pointers to an object's methods are stored. +executed, an attacker controlled address is moved into the \ac{ip} register and +the code pointed to by this address is executed~\cite{Detection2018}. Other ways +include overwriting addresses in the \ac{plt} (the \ac{plt} contains addresses +of dynamically linked library functions) of a binary so that, if a linked +function is called, an attacker controlled function is called instead, or (in +C++) overwriting the vtable where the pointers to an object's methods are +stored. A simple vulnerable C program might look like this: @@ -308,8 +308,6 @@ payload, that keeps the canary intact. This mitigation has a minimal performance impact~\cite{Gcc2003} and offers a good level of protection. It is a compiler extension so no modification of the code base is needed. -% \subsection{Restricting Language Features to a Secure Subset} -% \subsection{Static Analysis} \subsection{Type System Solutions} \citeauthor{Dep2007} propose an extension to the C type system that extends it @@ -405,11 +403,12 @@ default~\cite{ArchPie2017} and \ac{aslr} is enabled, too. Same goes for \ac{nx} and stack canaries~\cite{ArchPie2017}. The combination of these mitigations makes it hard to write general exploits for modern operating systems. -To check the current state, the latest release of the \ac{gcc} (9.2) and the -latest commit of the LLVM-project (\mintinline[breaklines]{shell}{181ab91efc9}) -are compiled using the default configuration. The experiments are performed on a -64-bit Debian 9.11 system running on version 4.19.0 of the Linux kernel. The -following commands are used for compilation: +To check the current state, the author investigates, which mitigations are +enabled by default in the latest release (9.2) of the \ac{gcc} and the latest +commit of the LLVM-project (\mintinline[breaklines]{shell}{181ab91efc9}) by +compiling both compilers using the default configuration. The experiments are +performed on a 64-bit Debian 9.11 system running on version 4.19.0 of the Linux +kernel. The following commands compile the source codes: \begin{figure}[h!] \begin{subfigure}[b]{.3\textwidth} @@ -435,15 +434,16 @@ following commands are used for compilation: -G "Unix Makefiles" ../llvm \ && make -j8 \end{minted} -\caption{clang compilation script} +\caption{clang compilation script}\label{lst:clang} \end{subfigure} \end{figure} The \mintinline{shell}{build}, \mintinline{shell}{host} and -\mintinline{shell}{target} parameters in~\ref{lst:gcc} only describe the target +\mintinline{shell}{target} parameters in~\cref{lst:gcc} describe the target platform for the compiler and \mintinline{shell}{disable-multilib} disables 32-bit support. The \mintinline{sh}{-j8} flag only tells make to use all 8 -available cores for compilation. +available cores for compilation. \mintinline{shell}{CMAKE_BUILD_TYPE=Release} +creates a release build of the clang compiler (see~\cref{lst:clang}). The fresh builds of \ac{gcc} and clang compile the code from~\cref{lst:vuln} to check which mitigations are enabled by default. Using @@ -454,7 +454,7 @@ mitigations are active in the new binary: \begin{table}[h!] \begin{center} -\begin{tabular}{lll} +\begin{tabular}{lrr} \toprule Mitigation & Active in \ac{gcc}? & Active in clang? \\ \toprule @@ -471,16 +471,16 @@ mitigations are active in the new binary: \end{table} Surprisingly enough, two of the most popular C compilers enable only one of the -described compile-time mitigations by default. Maintainer of operating system -packages of the compiler might choose a more secure configuration for the -compiler as shown in~\cite{ArchPie2017} but still, compiler vendors might want -to choose better defaults, too. +described compile-time mitigations by default (see~\cref{tab:mitigations}). +Maintainer of operating system packages of the compiler might choose a more +secure configuration for the compiler as shown in~\cite{ArchPie2017} but still, +compiler vendors might want to choose better defaults, too. -So far, all described mitigations don't change anything about the existence of +So far, all discussed mitigations don't change anything about the existence of \acp{bof} but just try to prevent the exploitation for code execution. The -vulnerable programs will still terminate if the stack canary is overwritten, a -call into \ac{nx} memory occurs or execution continues inside garbage data due -to \ac{aslr}. The underlying problem persists, only the worst results are +vulnerable programs terminate if the stack canary is overwritten, a call into +\ac{nx} memory occurs or execution continues inside garbage data due to +\ac{aslr}. The underlying problem persists, only the worst results are mitigated. \Ac{dos} is still a problem in safety critical systems (e.g.\ cars, planes, medical devices) or in any area with real-time requirements. @@ -496,8 +496,8 @@ critical software. While there are many techniques, that protect against different types of \acp{bof}, none of them is effective in every situation but in combination they -offer good protection against code execution attacks. Maybe we've come to a -point where we have to stop using memory unsafe languages where it is not +offer good protection against code execution attacks. Maybe the time has come, +where usage of memory unsafe languages has to be stopped where it is not inevitable. There are many modern programming languages, that aim for the same problem space as C, C++ or Fortran but without the issues coming from these languages. If it is feasible to use a garbage collector, languages like Go, Java