From 19e509049113db48326e0b080f7ff177f93d517e Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sat, 10 Mar 2018 13:14:56 +0100 Subject: [PATCH 01/20] chore: Initial commit From d93d2a2d714728c627d29585d31148142ea2ded2 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sat, 10 Mar 2018 13:15:01 +0100 Subject: [PATCH 02/20] feat: Initial check-in --- notes.org | 56 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) create mode 100644 notes.org diff --git a/notes.org b/notes.org new file mode 100644 index 000000000..17550802d --- /dev/null +++ b/notes.org @@ -0,0 +1,56 @@ +#+TITLE: Bootstrapping, reproducibility, etc. +#+AUTHOR: Vincent Ambo +#+DATE: <2018-03-10 Sat> + +* Compiler bootstrapping + + This section contains notes about compiler bootstrapping, the + history thereof, which compilers need it - and so on: + +** C + +** Haskell + - self-hosted compiler (GHC) + +** Common Lisp + CL is fairly interesting in this space because it is a language + that is defined via an ANSI standard that compiler implementations + normally actually follow! + +** Python + +* A note on runtimes + Sometimes the compiler just isn't enough ... + +** LLVM +** JVM + +* Resources: + + http://bootstrappable.org/ + + +* Slide thoughts: + 1. Hardware trust has been discussed here a bunch, most recently + during the puri.sm talk. Hardware trust is important, as we see + with IME, but it's striking that people often take a leap to "I'm + now on my trusted Debian with free software". + + Unless you built it yourself from scratch (Spoiler: you haven't) + you're placing trust in what is basically foreign binary blobs. + + Agenda: Implications/attack vectors of this, state of the chicken + & egg, the topic of reproducibility, what can you do? (Nix!) + + 2. Chicken-and-egg issue + + It's an important milestone for a language to become self-hosted: + You begin doing a kind of dogfeeding, you begin to enforce + reliability & consistency guarantees to avoid having to redo your + own codebase constantly and so on. + + However, the implication is now that you need your own compiler + to compile itself. + + Common examples: + - gcc builds with gcc From 1bc0df787504bad7cd2916f09ca8caeeaf0bcf69 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Sat, 10 Mar 2018 15:10:10 +0100 Subject: [PATCH 03/20] docs: Add notes about C compilers --- notes.org | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/notes.org b/notes.org index 17550802d..1208b2fed 100644 --- a/notes.org +++ b/notes.org @@ -17,6 +17,11 @@ that is defined via an ANSI standard that compiler implementations normally actually follow! + CL has several ecosystem components that focus on making + abstracting away implementation-specific calls and if a self-hosted + compiler is written in CL using those components it can be + cross-bootstrapped. + ** Python * A note on runtimes @@ -53,4 +58,17 @@ to compile itself. Common examples: - - gcc builds with gcc + - C/C++ compilers needed to build C/C++ compilers: + + GCC 4.7 was the last version of GCC that could be built with a + standard C-compiler, nowadays it is mostly written in C++. + + Certain versions of GCC can be built with LLVM/Clang. + + Clang/LLVM can be compiled by itself and also GCC. + + - Rust was originally written in OCAML but moved to being + self-hosted in 2011. Currently rustc-releases are always built + with a copy of the previous release. + + It's relatively new so we can build the chain all the way. From fe9d8f03ab7cb93a78e424f85d76b5b7fd33222d Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 01:08:30 +0100 Subject: [PATCH 04/20] feat(notes): Add reference section --- notes.org | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/notes.org b/notes.org index 1208b2fed..7aa469539 100644 --- a/notes.org +++ b/notes.org @@ -3,7 +3,6 @@ #+DATE: <2018-03-10 Sat> * Compiler bootstrapping - This section contains notes about compiler bootstrapping, the history thereof, which compilers need it - and so on: @@ -30,10 +29,9 @@ ** LLVM ** JVM -* Resources: - - http://bootstrappable.org/ - +* References + https://github.com/mame/quine-relay + https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/ * Slide thoughts: 1. Hardware trust has been discussed here a bunch, most recently @@ -72,3 +70,7 @@ with a copy of the previous release. It's relatively new so we can build the chain all the way. + + Notable exceptions: Some popular languages are not self-hosted, + for example Clojure. Languages also have runtimes, which may be + written in something else (e.g. Haskell -> C runtime) From da53459e60d57045ef68c4b4608417027d803bf2 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 01:08:42 +0100 Subject: [PATCH 05/20] feat(build): Add Nix derivation for LaTeX build --- default.nix | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 default.nix diff --git a/default.nix b/default.nix new file mode 100644 index 000000000..c4ac8a472 --- /dev/null +++ b/default.nix @@ -0,0 +1,47 @@ +# This derivation builds the LaTeX presentation. + +{ pkgs ? import {} }: + +with pkgs; let tex = texlive.combine { + inherit (texlive) + beamer + beamertheme-metropolis + etoolbox + euenc + extsizes + fontspec + lualibs + luaotfload + luatex + luatex-def + minted + ms + pgfopts + scheme-basic; +}; +in stdenv.mkDerivation { + name = "nuug-reproducible-slides.pdf"; + src = ./.; + + FONTCONFIG_FILE = makeFontsConf { + fontDirectories = [ fira fira-code fira-mono ]; + }; + + buildInputs = [ tex fira fira-code fira-mono ]; + buildPhase = '' + # LaTeX needs a cache folder in /home/ ... + mkdir home + export HOME=$PWD/home + # ${tex}/bin/luaotfload-tool -ufv + + # As usual, TeX needs to be run twice ... + function run() { + ${tex}/bin/lualatex presentation.tex + } + run && run + ''; + + installPhase = '' + cp presentation.pdf $out + ''; +} From 6f4278537ea8380b21dd094dd537fa2d39c674b4 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 01:09:00 +0100 Subject: [PATCH 06/20] feat(slides): Add iniital presentation --- presentation.tex | 71 +++++++++++++++++++++++++++++++++++++++++++++++ quine-relay.png | Bin 0 -> 52350 bytes 2 files changed, 71 insertions(+) create mode 100644 presentation.tex create mode 100644 quine-relay.png diff --git a/presentation.tex b/presentation.tex new file mode 100644 index 000000000..579850f77 --- /dev/null +++ b/presentation.tex @@ -0,0 +1,71 @@ +\documentclass[12pt]{beamer} +\usetheme{metropolis} +\newenvironment{code}{\ttfamily}{\par} +\title{Where does \textit{your} compiler come from?} +\date{2018-03-13} +\author{Vincent Ambo} +\institute{Norwegian Unix User Group} +\begin{document} + \maketitle + + %% Slide 1: + \section{Introduction} + + + %% Slide 2: + \begin{frame}{Chicken and egg} + Self-hosted compilers are often built using themselves, for example: + + \begin{itemize} + \item C-family compilers bootstrap themselves \& each other + \item (Some!) Common Lisp compilers can bootstrap each other + \item \texttt{rustc} bootstraps itself with a previous version + \item ... same for many other languages! + \end{itemize} + \end{frame} + + %% Slide 3: + \begin{frame}{Trusting Trust} + \begin{center} + Could this be exploited? + \end{center} + \end{frame} + + %% Slide 4: + \begin{frame}{Short interlude: A quine} + \begin{center} + \begin{code} + ((lambda (x) (list x (list 'quote x))) + \newline\vspace*{6mm} '(lambda (x) (list x (list 'quote x)))) + \end{code} + \end{center} + \end{frame} + + %% Slide 5: + \begin{frame}{Short interlude: Quine Relay} + \begin{center} + \includegraphics[ + keepaspectratio=true, + height=\textheight + ]{quine-relay.png} + \end{center} + \end{frame} + + %% Slide 6: + \begin{frame}{Trusting Trust} + An attack described by Ken Thompson in 1984: + + \begin{enumerate} + \item Modify a compiler to detect when it's compiling itself. + \item Let the modification insert \textit{itself} into the new compiler. + \item Add arbitrary attack code to the modification. + \end{enumerate} + \end{frame} + + %% Slide 7: + \begin{frame}{Damage potential?} + \begin{center} + Let your imagination run wild! + \end{center} + \end{frame} +\end{document} diff --git a/quine-relay.png b/quine-relay.png new file mode 100644 index 0000000000000000000000000000000000000000..5644dc3900e355166ca079a5f224455598ae86a0 GIT binary patch literal 52350 zcmeAS@N?(olHy`uVBq!ia0y~yU`hgE4h9AW21nbERtyYhTs>VJLn>~)x#TFwz`)RC z@O%0-k$>AbWL}C!@N_2{ZjcZ=oRnaw({}VgQUs4q+tCdY2yvkVLmf7;!%4~0=P?W=X{nch)?|8|`@KJ=Mz#GPYY%@0B-F4RH z%f-1u-l|Wk#T{0QCWQ6pK4!Y@zve~gHYL?*UMIG$JkWgc!0dlH_VXD;^SyMYPMCYU zu{OK$GWX50_nM7Ml9E!6Nlkv>y1e0Q_04DDeb>bW--)VDb4qc{)Jwmoc6r;Uvi&ZS)jh}nGeHw4(8fMY$kIr%YDNk%=SX#~cIpoH_ zYwX|MgOWBKufKhF_X5L9Eq70s>v253FEH`L;$uBp^H)dSAE*s}0#~$3Vc7Kb9Pb}l-)$M;Y3?pX;Zn(Z~y5`e)OLUwfn9S@8$FFPZbZhlMPEUZsyMU|NoyeFgPHw``7IQmHT&@?^|Czuku_a zpXb-?T8+ei)6IL!wWfMkc!kX?)xP^!_}N*f%)=Qfok#OFowNF$8{%cp9{2j_3#Dmy zPrBa}fAcGwA<|UDC)@J8^fGg!Rvjna)kkZuoz*_@MAhS*sme0HPm30=xKhupBB}C1 z=^Jmw#xK@?xh9`Hqb(9Kvz}kebKmy=FKr*R&(s^>fFP2o3sD69a(DZ z{cUrhgx9-ZHqC@@8v7V`b*RS94)!(RR$1K=cl2)HNcfTxcpYYitFRxOMsY_kD+V;Au&TsEMMz41(Z22%N zB{I)dLo3cydavuz_Y=blZ00|D9+CIy%&)ZT0hams5t}X_Iak;)=dfwfOe@_z^G=vM zh;OWZ%X8LhO_#%Jk?GIc?0+b(41Q1^bo7sj$_(~}H8FobGVB-QaF~>^>r>*-jjCdk zwElhCGmVuG6u=)$W&Q-X%s#T*UF_THbiF6Vu0s2-?Ypy0Mdk18@7af*<<(rdJV|NN zJ?;r}vd;vwFN=3vStiinw5jntInDT8HXCBnMY4dJfayfkHP5wZ*}wYWddEy ze%CerPfL3LW5#bjE*0-OC!z3|ed|r%nkg5~zOU#hzA^vUKeg%S{MW9opP{oSHk>Cj zM&-EnvHj{=?Gtvp{MB15{*F2CtKjMVv*RO<9q;JlW~|A5w_u9H4&RGK7a3MA|0~_O ztD{!f$%>Aj8ugcv_ z`NsOK2hJLAZ~quN_sxUGvPHWBydJTc)gSox+QUq*{)y;0byl7YrhngQMCI81)wg~7 zT4~$;4L;w~mbw3U)z`o0+d`+6&wHOd7wdkTa=vT10%z6N2eV!u%+-GG>+`TVD5d6r z*6rOJ67Bz6?dq6oa*x?&bKR-yBL8d)U6)1MU5wI554CIwdObO0ulrnW53W})pXx_0 zO?;ilEc`>@{3G`U^K}dpoz3s`sQF&}ePCnJu8zOIL!$apzB24vX6#qNoAyxSZL86` zF6&8|t6x^NWj&v$Qn2?-t=+m;I)Xdq+-I+t?0#OQJ$CoY_Pq>GEJYkb7-Nt8D_vB4 zL~&=xc-d8U`j|3j_U}a>uQ9SF2XL;M_+CQ(^P(jkDQ9dN+_yFF^*i@E z=oY8v)Yt=!%XW4AeeELE?P0d%SvJ>}j(t{rt**of56Tx+sBnJ zMQe_nJf|W1rdwr4*=G$0mm;l-@D-Y=Kk_ekqsHU*9r(74*!t1SVkfQr*TzX_)pPk0s%0qA8neMvp zp1RyvOS8O0@b~f9Eq0pEt9~vkI{K?=_7A5;x6f!f{VQ;=sb^;DWw+d?()?rHOS73BG=_Vo9*Ghkf=JxY|h>FN?x+tm={+5XIOuSUQ#ij`?~kJYEgyPhRVqHsZT_o0Ws#Tp z8RHcXJndfPzF#zLtsYZ{dD~1&y^8Kht`bQC*r?!ueiRE zSB+2q^!GgP^6r|66095cH`q@)oGR+DLR_fz_`Sm3PcNUEd^mB%vB`3&j=QVE%nQ?n z^6#ukshM}v>0M@=k{0Wu8|hOUbha~{T*Ajyu-TL8N8-o3hGAR7++Qhu^REhWz0dlj z_uA*9_rz~C22JrTV2Ih-x+M8r(cbX;bJD6r1w60X2|i(d-R9n-RU@|GnS4l{&&umH zL0`lk9Ghac&FP+%v)K>ExwqGv-{xHYYN1Hju2*+9E^D7q@vLaZ^RxEe;)d_nzGV#C z^02!!k6D0?CH(wNuWv`LNguFheB%7Zc0x~qZUtxSKN5y!s)KYY)A2p^-&JF4f5>_oP{-v z)0-N1oL@UpTj<+$&x~C&XD$xxEMN6iZt1O``|5cwJT(6>aj_Ef^en-({QU2o#kL>g znYnG#btpt1+qLgsYc}b2YslC37B}MbalBM1c6_$AxmBmi$Bgebt?oNN zx{AH6xfUS4QUCL*kb8HgO|RHHhlREN=;}z(M~Pb!p1l!j4$3+CeV*^0>=oB%PuV6@ z=GvI@ujF2t)<5gpznoq=iAH^yxk+u71M7im$w=P0=ij&*_BLuik5gsliDWC-P;lJg z%C@QJ?fn|Nw#q+!*Iw?TdvNJ#{hEo)&nm@UD}8Gf$t#~Mv`qTz^v~jZ;)9LT&$%5q z`?~0oO`h$6fc3s6E9LyQ1TTG45dI+MC13UHhNd$*$|si`=Df8t=ydSb+yl!T-$y>} zSLl?<*(E!5?bbM+8yg;mPdWA5ZKlwR6Z0n?ao5$GQ$16rsYLMi>Yy+N_wLZ0XXlG= zUmvvW&Ajq+sKW6Wjyot+;^6)$Ap5zgij7jd9xi>ehV^d3U0bFZ7j3Uh35q_qi2{440qD zzN)zHm>xK8b-6NY&ytKE+Q+wrpPRShMtYaHR(M_S`5ie9A9Id>kZSv8zpl1%$+gb= z(GM?~d_DE3KjrJnyp?;c=TCaVSRpFhC?FY?yEd|}MgHCH;1a>#uSHHeSnplP&u%ht zVd$S(i>^&Bp65Q>L^dl2Cwl2B!)Lh}k)8^Id z*teY!;SK6|d&O>6n>j<=oL!G)o9h#fr84LCO8eM|_1tp3oMo?LvVY>kQ%)~KCOX#~ zQgu$(UvYDH^3s~EE?XjllRod8X0~tFv7^S;fB`s5N;f~Z&4viJl&+jVP`u>r` zbcRPY?)|gAGj5xvH^bS$AYyXiO@}t$d7cH^cRN4d9l2iT!0t~Wtn$zA9xr%sd+Jxd zd;IRZh4v|Id%v*zhIq7Tli=bRhVr_8p>``2&V7-{nz;JZi}QXCFE?H+-hWiIXlt4K zrcISEt3B?`?mDn>7DIo|gKd#U_HP&_ehK#wx4N#Kr}Ae4i^_z9FBdKI51h#UEe>SA z+v?q|jPkoSy?88gR=uLk{8a>_ZVX8qgbDw}PV8=rsc(bd`I zvQ~w9B3sqA8|g_0Y_4iMvUXCjO5{47PbM?B79GEMnqOV)%Tr~cS5v>WwELYs`Dm_B z;j{_wewy#GPO0}7->Com{w>Ej^5@&%=;-yw#oWj<&dgfJC8z%Vyi=8xYe?G8jsddcy zH3nbKZ_05HO4D%GOs)HP+2hgW^*VRXzUtEWI`gdinKw%srf8}xXl;+Qu8+wr?%{P2 z-?&~mwQlF4!%7#ObjpI1p8K+e(Qi=~va9~+^Z2RiqQ>*^?tv$`Q zBScc++0B=}mtTc2a;$i9a`)sqqXtdm>Rk5kc^lr^$Or!AnlRzL?k$h|8+wz@a6GQm z+|^Ml>zDd1?qzVSTbO!F%vS%72?zeZQ?S1lv;Vbrh}D`MA>8YoiW+Xj7~SJ4k_%~2 zIi z>*=b!&)CC!gEJ6tS+mrahm^TSOzZt}8^c@8GLZqnB^VsfP`KD9fy zvhV7sZ~LKVrqdi5F8)*q@K89^5ORHW zrq4dBFP~0-;L_xBIGytKXVBR_9_8PyW=;9r@$(hWO5^9YKaNd2X43S{{}JybhV7p= zq#3BrpK!DPY*@|u>xsSUTDNoW3O+Y?ULCYvG0lb3@}%+l7fRnu*Sz94NMXEX`}g94 z&&(=}nsYXpnv`|1WYo^!+#G*p!F}&5??f^_1z+0mj^X;- z{GH;uJNcJRyu4$j`1#$RJszFwJ!u_h`?G6TP+N(i$gHZAJ98FUM$X-HYtdI>6P}2L zmY-HlEA9Re_IQ<{k96m)w{tc#Tze{%vwW}P)3WM5^MuQsDjPpK9C&z|Ys*KCl+w=i zUg8^{6kYz)@boJ87v=8F$$viFEmYxJYS(>lhWfIIeXJH2C%sE&Jk<9v|LUPVyjpr& zizB~VvCh<5x+g|_d$@5(nPyLwp?pDOp)diB*&Gx&j4L(=&%Byls8%N3g znT5q(w^B+?7rvTg8vT98952VU?-e27w%n6m^p`;?C+q6T$jVP4 zb=8cijDMb0Y{*cb$jpHzjf4lZ@1mnmz4^(u6@6<`$o9f747eL9-Cg+*6^Tg z9`}dpi!2Q*9~Z9udLyc@>ygv_nx$!buT_ZZ*|2)tGXK6uCgGaIm9So>8OFwspH10v z^3}n+x9ab&2wQ4&^wEm6*p-pr1B=bYcFr$+V)}Tk#D^=qA7+N@r@y?IF2o?lcWCja zSw@p35(4tmr~xvgURwHWG7 z-#^EGsBz=$lPPyp8rYsQDtY<#>*v*pEq!hu`CO(<{cq?F$L{$&;tYGXoQ>S?^qS>C zO6`?(Q@z_d79BUv@w;dh`S-_}ccQ^;Wh=s;#U7g&{&j7{tc#lix@_*;uab4}58suu z+)!ZCmY%q?>?_XdhP=C;Vj}x;XQaw%fyvVw?w2NAaD8*SSI^*Js{dWSq6Np!d*q#W za${4xkZ-y`qm)tUF2~F#kAF!`y=oitYkG{_(mK(1Lc$?QT$5fIFFzw_tOFTb=Eck zAI;w<89s}B_2~17uEi66%sg@4{8?IP!=dwm-n)*7d+ZjC_Da$4Dr_@cvMZA9nf&Mct>Xri;m2~?i<$w^3*4- zE@dn`_2jirRJAJG!kTxUm^J#{U373z3;uG5V(&W&UY{AE`zX@Mu zw*AODY29_^jLoyxyZ!Yl?+z$Cuzvl6Akiz!dR4Ew)xNf7SnH-#TX^S&?~vHT zzT?xAO#i=rc^;F_2)r&@A~;EPYf3}MCH`mWNdc?&w^uEnmBaX<@6qeeH;uP6&8uvG z@7{K9ufEdCD!#2LtOqXsy0F%D-fo78-Ca{6#LrKf?y$Gn`7NWkajyEM5)f~*FQn#YNf*b>Bh&mXiQP!I#{mqgn5Ga z$Fls?s9bd~aktQG>n%$9&G+aOrp-F2@^874zkhbgk;O9?x~{KXxaa)jj$4ym8aTZp zt=k`ZGd@}JW?jy$qZ%CNLIf6m&EAq(!12VGd+Oani#nCo@d%x7uXK;U6J2Dxa*;p( z8PzvUOFop>{n35o->b1Od~>q&l_N_03}&G*m!b}SKhCh~YdxDd`x}-lnbzP?mn|LV zl_y;}S2nqr)y_Y<+JB0O;I58Lj}_ssmnl_Ep33iHVKINVk?#MJD^A_AD$S;$jIGiK zs*S%3|J70xd~Ub@XJz!!mx0dPjxgpvXVmw7s%+F+>bmuH5`({- zj-1p{&vuc95%65JbB zhzppmT;qC}c}`aFo_lPpCuaL9e>=A79^(qjymsNIZ-N>aA2YaqklFlA^YEKxrswZx zX82n3Z>VMKa68y=f5)VqQtLlFo4@eRab|-etpoq^4kUN)Uh(7qn($5P6SgcXSh>;k zLf+1K7c}|!>drrpN+@B7h%yQhH{?z2SEx+vy>)~sSnplV4Znkpdu&gMWtkLp%dcEF zOYP2z>GgRsA1){fG1Z-l{$Ji;$IH}^o0_ua9_t*PB@8vY-}gU}Uwr4d@uOKziBI_^ z#C%az*=^^Xd*qV3htM=Jt(QuRrk+neaQ~Uu{M`8$m11<_7I)8JGxk^c&OJG+|ERIU z#UxwK(|*4fuZ(`Ztu5L4;R~s4`A4!hB(8q#afiE2A+xNDec5S!y%XD~+iU;3`t@(N zxS!O;=j~}*Pl;-;SXj||>#WsxNxPTRueRq^sDAi4<#)xJ-P6LpsYgCD*;{z8NbbNa zdxpL?v=8BB5oJV z*siu$ZH>(*lg{%C?;KbDs$PENxR^|llFT9h&c~mw{PaEdBlW`SU)~OWSI&f`6kdwS z_#?4@llxDeiIv$m`2v@{aV-?zceCT@qO%LR1P`Pon+H9u>wXfMsPOplhZS=Eg5PgV z_h;h}(ObA}tGrk4^^ZGU?tgymwr#^@;ULNBEAE#*dE)xIY*);V&sWryVt0Ih94#JG zwl3Zzwd8r#H#a9O+u!fq*IK{V{*-y@U&_CQZ^Ia440ShKCNxg1bQP{&H@&MhI+gcW zSBhvt<*m=hV}fgb+Ss4(wY+h(=7g)IXU%58+hIRcZ~1JNGFcb(PI!grH^-ut)3+Ue zxLjNGrk4M{HTz6I-QTUxRFN&pIpKy%$N32b)w%ai9c!9YH}l(K@wfXv*i1Sv^6$-` zb*_u&dc9n(wz+8k*K(nsBB}M4yl&3#iI2WhlXzujX`Dfp>7Db&W$_ESQ?}-C$(2Q~ zZCRZ0_}-4Iye6!-RSowXZxVXe{xeN^o5J~u-wazS4N6aJYM7!NZ4)SE_pZ7Bu)Mj} z4vWA$+4p@IT~0*g2kdiQ7=7T(t?f^1+NPxMcDrsYqQbh`Qs3&$v=i|vpZ9I3EZO|X zvgQBu(-$kR_OjSH-kd*0gU>oDp8dt{Y175Lr@ZgjJgcB(*6$b3)ZMu+CO*noJX1;P zSWfgM70HiTkG4x07EXDYJ1xB9Df2w>t=V}-?4B);3${nR?LT~1&An*Xq{yx7wg*Y; zG*=bvi?G>n;|t?_fwGj8)Y?=ft$+WgtIt}m^z7WOeWFEL``bg8*L>@;I@-e|c;Mun zbFFHP5#JaOu=!uwJEi^j-c72jSfXrm`T5^Qxi3;;V%#RWXx~$|pd$0x;tt#HC5r!{Fspc#9E?!G9wcJ2Mid-Q&ZB;1+vip zJn3S?jujs33=(dL?0eX8)MT^nPq_#qfwy|%p$x@t3)PzMZcD!`*KRMU_|}@OWG>T% zeBIA&m)^+8i`M^o{_0Zsu^lJxye|B6{z%+zSFwA$-NI-4gcY{lTkdo6_7DCB-DmoY zV&PIZ59I8XnX2%5^@at1R-~vHop%X3x|ZpjxYj(L6aI`mc@^do4{{mz=bI;841MjU zvqH)_<)&{&`7XHw`jZtc@+7x4)kAB3;?a)PmbQV?mXku>TS@lvsxEny+3>ksS?PjT z-Ph%lf=Y9Co6e|jShROS7MJ|vtP*yYgtF*{Yjuu)SF^5PYxQcv{uf(hrrOUE3N5Y@ z-OIV;)5@UJ^RKEc^r+HxSouly?w%Q!Hn03vdhyxOKj}ZN>c2JNI5~BbU0`ePv}T^E zE1oamlKCN)5G8K+=%$XfqrjOt{Kr4=cdpf0@#gtrtF`Sv{q#SYMkyY@8pS41k(0$8 zy!%?4V8a`^RpH{6zu@}j?jtSUurKouu+K4iEh$~i zwv@d#*DFrFu0;IOkF|5RJhWYzH)HK1XQpXkA}kA^oHu{+r!G6Zyi-h@mFa{uXXQ1gTjo4Y-2UQ?ThEpRuTPYg zj(AqUfchqV)u&2uDgyo zY8-gDadq;K!%N=1lC6DPQzAG!Bt8C9*R7Ay?4KBIs~Jz+mUnpc%`S1x$1V4tPyOot zvhAbZgPB)_JEYPs9OhoT?)xca4!61fDxdWqXvI$5p)UVALxbbzuNc?a@rwh6>P<_- zGT!>CS?xG9@06|bgd9u0gS@Brvk6pRpB1*Vg2Qohw6$)}quG5C7kGnwbAlg+PV1}q z)ag3=&w<0ggz}X?uCNt7c{%9ne8$6V3$IidPMUgd!izr~xkBZkLM#h!tqS<3I*rRI zv*ASS*&+_7nV}nNTBd(}wr1~1g9B&vCWWm3_1{2zLhma!gPn;&n|=j5ez#Fsku&e~ zlB}DqR|UVT^hRG)y1Pp}icitg`}3?Eg;Q@t9Zm>IP6$a>nDk`MM320wkD258G!;0) zjB9_0OX{6*IGVj|s=|z(>a*==`lOMipUtuN`>95jTGmOr zy%*gI4{Ek6gxsEUVt?0~pTbw3sL$qXiraj+$Zo;QxO)=5UMDWh?y?R(&^ zd*X##FD8ZDy0w>KW9-_azw?jOoE8jL)0t^KP0r()ng834^&0ZMr%qh+(7VPImG{7_ z`DbNQeO;f+#yb@a{s%hv7()G(Id}MnUF`1Sbb9Cb?$7HZi(X!2NOsiNX(N@Zc5ULp zy!QmhG7Bbda%5d^wDs3{d$XL$AAH?)R^&WRNjOxZ z(l`BzY~gdw6;sMxA5EA3u;spdN^aTLvO0Mc*_?AsoQI4bY&y%kg?n~rfPj|{*JFEy ztf_kyo=D5Og#A`#Na5~jSJkMV9Qn&FNB_wLo*(O3CrRtJvbz2CZvC`Y{M3R?Uv=Lz zIjbpt3@tm-+<4Z0!J`7{lUJ1(CTf3`{!aXF<8=M!x1R~<<@z0KP$xiZ!! zqr!Zz@;~pX87aK!PC5?%TN%2<4o_I4ubv(!Jkez0-p}(}tNTLZRqy*N8Q;HntSR8V z(0|Q(i>CrSbN2pd_;Jg5%h%pH$C~4pUOD$HH)gQb&{OTxSiqM^H}vqVf#)cZ~F9hsrr*w zf1Ca;H|Mh`{`~gW!nJIZ+lpVuQ#SmSQ!wOo5a0OWWpVRI zjR*Z+EpaP8l|R)DaWN0~w^6sq_h9>Aye(_rAIX(Y9y9Z7tXp*s)f#23 z#0B<0Y$N{!sd3$yQSGv5SN@VGmmVthNb?FByWCvRv_E_{{~7rP7x9gHx$PpAbL#Fs zjS`!*`{q7}!<@}|-21Z?m_PV1Jc`-2-)Uv6WcenKxKyPlFCLw(pS6DTynq5vrI|9^ zZl4wvx#pMN_o#WoJ;C6zVb2q{$&IX*vzV&A+FmFv3wdp^f2w`zlhf5I`;0p?pS@^r zJHk}$kh5)S$oVz0yToR7FL@$n6fCn%yd{nQ$NB1et^zq`r!Q({E_f+Ce!a zEu3N9H?_&!Q&|_@(cIL^9m;a>qrt7-70p5K=RZB)9s1Fc(MP0jLCMu8#}Cyn=#E&` ze0FYe{sXsrzb>y+6bx7O$gT|UE7O{OJHx18uZhF-j}PMBuRc+rFFp z-?vR%xaE4xdXMINo6GNV2rxe3)1I*Y%=bykmCHK{c1fPsiC-`0Ju73gw1?0#X|6Qw zNhjPUna}3_wK(}?R$_WZ)RwEOFRsa%Ra12<(IWN;`*oYit}31{l$IrypXjZT_E6vF z<#hRVQ5x$Ty{^s0@(ditwFj@AI+`~rtua7Na7TpOiH9;yX2ND3{u|0wH;03KJBl#5PJX4l~C#UzE+vBYC-}1cX?y38yc(l~I?PvO7VbbN2 z>e?Cie*e#o+!NW`WggfGiT}Q7R()ZE&hv)J?z=*}nQOG4N^HLQ^iwiJ|IR$6mtx-e zit0~;r~l;Nh5dK*9#8ywtBQHf8DnOJMTyQ+)=j;8@6NGi{#!P$r8{PH zU)*`1D>%^Fa#s4Z!X-PWpB7#4zu<$x`|_-ejdpLP<Wq3J}LHpdUx`h;O?Y7@{7FUoibO%3G7>f=^fEm)(+2nzvQDLguA?-P7Qi#{XkN@G`hyb%>3na zvpS{pir~52Tctm)9G%VoPb2uB?8SKi<1!XYR%aA?EELd_s#VW}e8A*|;RAw(_~frwZ=f z79n9Xrxw3alsSC&6`R-UTMYYe?hDlo+;ds@M#7dRo=G_@TXR#2J0}-$iONm9n5y5m zXF9J|1+VJPjwd<#&;QOby4MzU_b|(}`O|iKor*T|^z=KqPVjLP&!W046SI`qr25K zIh*b_ZMV&OrSvE=f@d;cE7=<|ojpQrrYt>FqcmIBMKiB(`_1|DKn>OylN>ID(dl7TwLqcZTf7*UY^4ZnaUoa&-p%iwmtpSAE3~= z?#JTOTMpH)Sd~)N7ojqVZFgm=`6at~A?y5PMOQr6+oBhEb-;UKV9$;Pl_|c6$c@OVq<%k3Z zpO4LmU$mn5ew@MYxjk3zZ!kS7eot+W^SUI~GUc5qLD?0b1ute~JeqZ3r{|G2^P79z zC8PIc?|sL4;BufZub#o;$5*Q^UlQKt_*%$ScIyg1r@o7tx2COXpZ$YLgDLO$qDdv? zwZW&IzR8|nH06=kdO_1)%R82CsyuRp&s2EwZ}Vx)UtV*sTg7Ka^Hq zcS&4|ZNkNuHw%^;9a#BqMT>kb%Z{?AYqOPRi!-&e7h50i@7O$h(q3h=vsMf%ibW2X zFUsb!w@F#euk}6fruk*&+;>r;AD%>)pN-nE%bV>xm)`;7a*GeA8K&fklwJ8RIq#ZF zk@|PV8)kfE&(pgpU-~tDfwwc zh}=x(AM+hPEfP_&HhWjt#Um#!{AT_{x96#u3p=D|{qd5Ytb9{_i)Ui$Ut?aeg-_?mI>&u;~4s+!= z)vYJKT9tbKXJ)f_I`{j(cXMnd-<(nX;-SJk_sKq|bGj)8yE^!zbK^f8t1{5~^f^6< zWA{WJ`*WYBq`&U?DIUel-tDINach9e_tkb;D(BM|i)^WRw|UFK?$xTN&IT{Y4D6HP zzHl;W-GpS#Sx5G%rcL|87`LU4=D` zLN57d`D*{3E1TK6Z;zNDZrvK>aQBof6H|(B4*Qi?eA?DoJaHX+We;CekynwBanYXp z_m`8rq|~I@*SlObujTMAoa!MFeXTBlWq!c9zx(AjcC$@ypSn-h^oE+C=*7Q9Hp()| z3e&icUBASxKO^CF`?4qNoZel2QFGw^&Q`w8jE>c}RXCS!Zd=ZIY-RPAyw|su+zQ)# zX^)H1hkZ;v@jvDJXY6^R^kZ#Dz;{)tZ6YJkG!Bja6;_M z8r}J;kDocu>|)KM9=dB>&MA8@^kb1qQqW*k*q3r~!Q`d--`_Ib zRuNW7}Q7UB{1pEY~VFKj<~lH}8A8_#UZk=kACvbzpFveatB6r(29snQL%G z>cM}e@=HH2YYDKN!!zp(E7NNJ%vj?xmz#kf9SlAkTV!|Oh};rk-MlUHs#m()E@y9!uLvn&H59e()==F$gME3= zJceZU1&?akUToyAxNrG<(;Gpvlq2v-LrXLSBmRObJp^MQ-b!z=oRozz0bwxpYS_D#dyvp_apb7^&dUD z=~K`$9fpGb#i#jKyg7eYP3ptsiE96>7p~x+@A!P}-T-|uU+dPn9*Y zAwTEJo~y1`n4+dt|5?W~saox(a+1Y%zOX%oU6%P40B*P@WP^K%R2%*3NYtt1liH@-2_ zH#@3yKeS0_*W0=KqAsqnoiK?>#q4Z7TiMN{ll6A?CcHeDeyK85cZ-Kh^NpoRIt@-K zm-0_|HSPJxU!Yw2_OfC3#KXR72WPkKT*v(8gxc|1hbfCQZV4vDUF5jZr>AesrQ|vN zPS}QubLp2q>ga6oadLJ#`}4zwNWIA#Pg5mb?rr`jIxTWPd&;!!4^kUfFQ}N*>n7BH zX0qbUU>&9%c_rN;rynUEduAl{M3(jQ@)v(N`_H!MahbTBu*~18tTrX$!}`OAg|g?X zGYIc(`0dKz#&;_2bJD_RqO0r}51q|pPBiNd*j&%}X9EYXGOMt8$-gP>YKJn6Cftl; zUngRB=5$)LZvVu0O9NR9QVYIyMNCh7q<5Ox!9>Aot4JW1WkuE&W0sk6ig%d~{!p{3 zzhtVMC^;)noVD+E&bFGL2R2-K&GYiwMj2_>s+rIt2)Dc<+!&${b> zY+3$^&E>xGsX=|`AB#;g6_-=^8&(IbyE5a+5vPo*G^Iah;ujf*o%lba#5Y=v(atRJ zpvOH?zMs3#{j9G)!uRy^%`C&x+KCfeX638+&aB+@;oRPehPH-9PT{QeoqdZo2RxC@ zyeGQ8^u_X++< zwMtBFeg8B?$b50cJJvns_s>k9`}w^8pYQkIwa=I>%N7w4#b~fCG~v=4A+Afk;%jPt zGFjP)9a1ssT6^oWXM%yu`S+*A=YEcts`&d_`P$B#&0Voh6?r9rl{eSV2zA)MO#S6I z&R^GmDp{HH7RjhIbN*$xc_#2n{tAW;i<9wRlK0o=9tpa#ye>W{Ekb^crOw+;_Hw-M zcDDM~D9*j=G*3Na(@su9Q>zjy-`I8`#?R{bRgZ78$`r3Yko^;>t}|F!0ccRR%@QXjS@+6*ExJXs5 zPqJpdTc4r3=t>szmKWY>6aUqCd`LFi#w60Z&cRB=DZb~vq+u3vHaw}!Xp*A!Y^HlV*H3UP z_}w(s>7v%VuM1bL$>Itq<#%q`R#flZ0P)J7iqBjJ4>C^f%KaxvY$6>a~3_#Zr)oPz^UGy*yLTY8=FcjXNHpejP+6Sdov0c=^_!_ z4%_SECj9E~&&1@tR#!{7C87;y@~<|m^PVX8QR8djuDFbrt9*r5{pZL`e6Bld8ppH7 znpCTU(++7}^8G32xu>qUw72JVkb(bNixAVI#*J@pXiVvg>XG3pUB-AjXY%wXlD50g zTs7Rg&n78~OHF4L$MicVSNxV#;s3OU-L){>?!^XA7S40E2ZH@#EZ-N4Rzxh1>$luv zrd1@$%g<9Z=SlaAnqLjSO`caa_&%QVXCljm+C4g(ZhiP7wQ`$Bh7ec!r}pOg8@jlg zf8BdDoiE-n=_RXh>t8jyjB4eEWzveTvN#^>@9#-jD$XePbK!YIn^YCieXTq09%`Pd z+V7_l8xxsmV)dW-u<;+C_!;G~HIMoxVG^xWw?YXyx!kz>2dp2hz*f|S+56(8awd6a8MWBSj zy;l-*wn*6iPf~LH>AyI0M}VT>-2aV7x(-=fl3hLT^oQTqJ@~$4J!4NSohAG7n#~#A zy>3oH6SnS-s1q%?oNzPjct^$z%e)0oxgI11-VB%b%rO?4n*8=g*yHOgCY@W`e%r3P z9+Z-ut`x1e!T63Z+sA8jb=&q7Zl5n`=6p^+)K#J2YmWJgtBk(azw*pm@Y(*Ohy8O| zlO-oO=HFg$Fz=ABHPhcV=l@xYF9>9qW?IW^^I|ERQuvAGL+sXr@(y83>c9S2FKsw~ z&iO#AOIj0GsUMqO+puhgBkLNsBMu>ZwO#Jb2tD*lVpg4|a{rv9sEkE9HO7a0&nZF*Y}CSG-;HOK79XWh_g}kA0tcVTy@+ zk9^mX*-BGa7!3A6tFz zX+EJ~HnA%BS4Tx;Zbh2FkNuqy`^9x;J+9o}u8 zkzwB=ZkfAkOSj|fqfQ$mO8&J!debVpWM`&K^Ag|Oc{YwKeP;>_B<{7&jamNG;!aU|L^WlJ+=6n(#v|5s(E)TKYj`}s^0iTcX`9#HuetLV3qmB1#MIA zu4B{IHQ%-6%@T#VH+)`npZg!-zi?&8E!M@6g%wxte2jBk6=5uXAhUN{;oPd?=u;Cu znXc{RaK6>tWAFRGKck?1`chHT=yT--j;gICnta&}N1t_-mEK`?n>Kx+$bJ*n59Y`9 zub1l!?zi^Zb=PTOz`ibXVUd)HEqnr5dNN99o6~l#IkSCnVx8*8y4AZjrbt~El)vwF zE31HW#;qoXziQsQ#J)28J1%Jb;6w6PR{mF~A}yOYEDfG_xP^JiXB{)kzTV3B670-N z&%cdi5HON;2vm8vy~ta)jYTiUW0r+R}}@BJ*Z%!VzVw@ltv+y1th z^ylo?y+!}e)xMke*!_`un^Mi8hx_UsmlxkVT6Z(xLtw^1hA%((&jsmzUBtVUF+}lb z`*+DjYEd3PUKaiEJrPvGY&Ci5rmmLYwdXaroI55T z?l^z>8B=k3&d-*(UiHjrUhE9H?Grs{cj(N9v9KW2^UVmbh|?_d%eW=tcX4f_nZdf38M# zeoWLq^Jgv_KjW&c^TPjd%n!US@#gEP-c!Ylp&zG4iwit0{n_m;V;|fHMKkL-5%7~(I+j!5Ujm0u;$R}2`}cZuQyu7_&xkC zo8Z&+HeT5(%dXyOfB%hPV)D&9ku`b=6Ow1GJZ{9sU|rlI^8RM&3u~p7`SD!N&nNjt zr9VpCcJ}%Un>9KUjan8hycHb0$n=S^*ZK5te)*^Mle(MdxT`zObIv%;?0Ze{=<_Ly zZV3mRkS<;Ec#pYwn1AHk$%WP{vh{cGZ`bJheXVZajqaesQv0s-q(1)`Y4g%@eo$~a zm&4PYyNz=8S?lgTEzW)_WNNC~M}y!c;uojvUnx2|c%YNt=C ze_DO$|FX=Wz|Lt_e-)M1YAtbCeOh2a&GaO9bBh~KR$W&s-n?H%?cc?9RUDk^M<)OO z_j+Go^33wBck4s;crW>?=)#@(oK@zuL_nq7g^%t(-Z!TID!1ws zG7{rDKQd2L`WJb}bpDGeMGxykJnAC5{rcUq8kV)1Eh@cwaQf$$m*W^qThgkye=Sd6 zegCk>sUu0pHhpx}Uc2x1`P@q!;?pnHtU5R4aT()*IoDijsurBFZ+~;7=JeC}*%x=L z>{gG}IAv<-;_p{~W&5(axo%&set1@Yt?cBp_G`Oy{xS!g&n$VZV|DeJ;0KMnl8bV* zdX92%UcS@LHa+ft#Dds|lCN+3#PJlQthwhOdDrKC!F1b&JqTvjq~$hH2ZT z_}^SIUH=N-llq&fg}l9}fLfz4w&sO00m(Ca*WHA19WczgEvM zo1N*8*4~het#U`tuaw;^-`e{0f^k?>qS^PDMIU9FW_8I)8?H-Z_>rb*zwu}31y?n6{5&lFE1!S4k9prt?hlvutj@6Y`N?PVPE$eYd|A?tWm|Xl z?ws;frAyn+^r%ndzdyxK=ge>8lQFORbG~@m+ns;3TK*fF=U%FDxPNj@?6WViO}l=j zM7(_RXzH&InMYri{5z>65u6?3m_hd-60fDhHcI{bCG0 z^CK(n=%eMGLJSv*?5$5<*%|RtdA8c0j~^~Gr$#X^v3|y-rE@VTOwjw}c30O+0r#Sf z7bWI(hHk5J4!;|k6d0SrVHov~?aPa6$u7%e7p&XRc0@@cpy2OB$D8H}O-ZjG`W)MS zoPO%t-&H z8Mp9qCCh?mD=$YK&#d3NN;d225xE<`4;vuP?PaQm200-x(>bXJTGZ z+!=RCy!h@mVeZW@A9@K@>|2p3W!UVz`f2`#3I6{cUVr+D`NoW-lS}o^ife7iO4|I2 zDP`}2Vm@WJGA51P)3(3(xwWKRoqu06yZ>pI`!ToNdY+eQ-anH3{KBDAaYugLJF`;Z zV?b^r_p}d2t$(?T?^{0yzxxOyfU}bam!iz58~6G=Ki)*5OX)$xqjW`MXz+j zQdh^;pZ?3bx|TudlMREI&%ZpM_gq(%^Yy+q&w5c|eZ%IE&nclv7F~S5Zga1$_*Kj1 zDX{z@zvl`D(O+_T_nvxh5lCls)A@HQsB^9U%6*1wUt5LFIIK8@S1WhU{8H_# zx12+CO5WU4eO{OluP3^~dsoZ4n*vLA?tId;h{?)$iR!akN}b2IJ>p+JRb>iP< zZT@cA9-iHs-5id~Gd!I+W43oe4ntI;py?BiOwGNZsoMG6BX{EjF6$`~K?%og zYIi^Xnx4kX|Mi^7^&d_Nx56_@Jukl4mMRoo#@~C8dBJ-N1)sRh3m=}m$$mw`Y_*|J zKJSAP=Koj9?RM{UahUo%W9_t4GhXjd*|(-yZ<58i5J7IOU9r7SOWugEJe=@Z$6%Xk z{3>hy2Qj6y|3v?-U!DF?+M|;1z=Mqkl%w-+J(K)fy)C|=?07>^bV5wMg3VLYYtz}b z6wf^NJBs~c(DW(xhT+;9yB-zWB^CNxceYNo>{x2!^PKyKj`f^Rb{qC8#YaUk@0ghw z|6!p{{k|=qH)SL}{OtUoWSTh3)%T7w4$I95Touf`yzs@3%0+_zf)(bRdCI+CBs}1K zc+xYY-rn*HmI{?h2A4IhH%{78yDllvuKDfJPg1srjILc};Y(c;y#HHBf{*^bF9*Nb zewo3LqvN)-w6j3ECi2^QBhzn>3;axZw4a?~oz0*WR`#ZvGa^XZ)?Q5Nw$16#d$;#? z&pf>^#J%pg&vcoiUYp9J-ZrVqp3v<)RF}dqZNokmffw=<-}1M|=bbtKXOjQUN=DP^ zPH(Rs@SfcvS$e2H%Es`IpMB@N(;C|(W{=QV%0@=kfp+EdGV@*foH{Ry^t=Ka?C$eGmr%U|AG zz2p9Tu99D;BF+?>?~QPNC>?Q2%H7lFZjHwdxv6&?@9uVYwA-5ce6`NsYb);+eOeoZ?WnRx1Jlb&@~!hw@Yv0I979-fk( z7=Hav))pq2+YFfu0nq+g^OX+ms1Qu@D8M!ZdwBCy7cRb`dv(|g3SVQ!x z-yu;lVui~mI(O zYU%l=uVl-cmDd+nKB!q2F7Ra4nG(J^?`>q}U+tCnReW*o7eiz_K(cU7nbiSzQo&meSO28>V{9N<(GY6yMN{XfsM;+)LJ|mW#-ih z-ujb#@kjw{SbBcc-kHC0+*CCVFFc~A6l-~TSBiZ47nu`}IJ>nM6#E;sC-tSTJbH?2 zP1uBlduNY$U3!18rgzCUYr}6(b;EBL%I@iY@it|*jN4a+WhToi)*6Sux)%Ojq! zrq#03%x~-w_&0ABNBZ}_=k7Hb-am9@%F66{=W7KX{4y`yw({Hb&u-@z*i3G>KIfd? zQPXdE<$lLkQNItKH-57o$;w&2(lA_XqK)|lt66V#cKrHqD)W`d)xMH{F$G+Wb$#pA zYCbz}j(0LRGFK}2M;F#O;2p8FnidXi7!!(;O4 zZ|^M@o#ZH&)Mu~i8Di=0B;%=n?TRhWXN%MOgYs3QZt^nJg=>U6@h&x6q-Qs?S=X($ z+Speh{zI70y7GzZ<^3bLbFY1ScRN)rT3jtG$$S=1=#!c9tA6ZLJg|p#&52?T3jrp9 zDyF*CpXEZgZ+nq5WxYZBswEjq=KX%;Qnqo~H~o(7sbxvKwxr(XoxktT`dW4W`F52> z&zH3ZvzzPAi#ij0oPG0~sUBvJLtQ=zm2+gwGVD%r(@m)IwwQcv;Wq7n2l@Lxoc*r- zeQLt7N5*p#59%!NIO6d+-O%_>_N3i~Q{OYrs%e;9d3>Rs(T-b6A7Yrh-W!`~#l7LR z+M1&L?1#5W&NpW6qpO1YcopKVBp-3vX?4cxlN@u%`G50n+z9juf28|thF0LLpG-SC zj0-H5JUiL0S@WPytNuf=+NBwK8FyYqWd~{Ok+6MZW-R5r`F40z+jH)Rzi%mvf6a4U zU?eDH{h>wTwK(&Y4|_P|BIo@H{xjA8th3AqwhvZic06;BKN3lK7P0Cg>x1--n{28( z*#aD{Si-ZVBLA2A-(%~h;I(>junm1Gi)u7T-e`fQvYzxuA}DvrN#TDFMMAp{npKymu`6bl!T~+c7OTA zF!wWal>a}6CBM06Em^-;fa{IItq0L2RSfsPzNlQAqELN&L9ce9aJGeTh0eX^DK1)H z%?lndPn_l#F-iY;)v0W;Grzvyw2@!yX~eR*MtRu@;|KZvj~;DI58yKle)cu%j985S zqiMgY#UDKm-7k_9l4$N@y!w-pKHG_qeP4op$#5`8Tk;2 zG(RxMQ{qp6^W1N;8r<-X)tI49T9oib1F3(Si5+~1ucI@Nf_(nS)<;nm+_ zeHQGpQCU1=`8Ve?BDWkKrQH87`|<0p`EwrC{H*;YLs;a3^t^)041JMZ1` zl{ad;>TaRUA=4~U-|oCCJ-Ib+y<(cDp`u8!#x1WoQZ{OeawcNQuUe9gQq6Yy^Soz# zx!ID3FWn)&AntkV_P4={_N-lbXldooOUCjR!u~?*19g5}iD$e}CjF09k6(TfUwU9{ zQif7<!Zjd(tnOpdr2GOx(Db>_OV4T8l}_I19zQmdj@Sw1PCox4l0+2F3j z%qBmNn|AYNtvxf>vR(A_)z`csv0hv5w=>B%ciMM8*AUBmqr>L2;LCl7+wav)=L;QC z|Hk^Rve{42QvALByffE!Z#Z(|M&)Abk44L;&Ny6`#j;FFxp0G|gu@}${*9A&tUZ#V z{x$rR<<<~}tUbBMZB;HExyB+R5vay7qwM^z{tdT3_GoCc&s!((F7q|#t23hfaT=eQ zH||!noH9dw%Y=+4kz!uHok_ukk6cwhmhbGEvG`G~kFo!w3GZ2^ee^d}?*3g_9CoTY z<7yn!n-`Ow3WiQ!Sa|K>>yS|OdBI7HPJiaE34LT|?af>sy!+rCw}S1Z$GYkh4^&9@ z?R=LeI8nr&&8cJYA8qI5ym=}UvTDl=omZ)5`E0lxmUR6byEo?_zeiK<@&@xxI+-yw zl7G#eUvHJvwz(B%M*Z#haIn5QS<&gw-YNGJ3i~F%3tW8T#l1Zz3?9CnX(RpcjHq2` zm|yZX{`<>T{pLtmD)MH>2YJ?M5AHgjxp<0u@wz3Q%9oZ#T$0aJ)#D9WwtmXf3$IK% zJhY>Wu5B!B(-J(L}B?1#qW_l6*EJVrvA2?R;s@L$kTKmk#`xN8#9&%+cP+wwto4)YUex2 z`0Iv;pDpoulkt1a`i@2CYWSGm%ySK6(^rX^yYtVw?x}1GH;3I4;6KIetiC(BaGvi` zp0ePnM^ra#IkIY*_Oxd|w;nn8&PFXuRr*5IjMS5#CvRP5QsL0EOf_xpr+c#wDRT-} z@4eWXAt-(Lfrs9YGOZ0u4Za8MK6q%?i;@XbXZUVa+uw26UB}<{c-)x_C%SK}w3f8j z%LrWfR)vq1$?&Yv%cgUk&sz82^HI6J*WPs9g(`WUe7*^v<%PU9Oqs3y(CeA-tKys2 zHtx_fSY{s8#q)`)`0g65|F^srS!hHy%ByYseA&`fOU1aH`3( zkD1C7_wlK3WZ5PbTvGk{)z#JP=J{<27iOOk;=V1aBK0+(Gxnl@k5SAr!DP>Oyz=k9 zTMB-C%*wkgXw66Y^#$jO6mF_6v!DGkWYXgqPjdr1LrzRSvRFo8*^2KIZ?uL?iCA*S zQ7P#ArG-cRgW5K<<8@z+|u4~6%CD2v=?`Vd?_ExhqV zEuZ+L#3borvy+qRx6P7>USj!d$6Q~fo3g4CbvFtMFR^yendYSvB%?5qHEdc$=}{Hl zRO=|^-3+gzw!QXWzp!D^7oohH{p(&v{8l(=u<_yF2ZcL-9(ke9ZE)CL(k0ojGq2UN z_onWl1=TB$8vLHCvWwqR#mr3H@TiSs!?iy}F1y0po=$yG`}~ul#;!Aa1(;46Zk(mv z@HVwG(COd7lJlE8-Q3qCtX(@JX+e{I>onoRIop$1rw4oGWF>WF2TAEZ4{>KmyUliI zlYFdpt$nfZvU-3_gnD&Kz2ab@#KC#`O`Q?DbA=O;~C zC0CPHpHuj+rF6w?@0_fJuJunjtk|`dc-{SXSk}M9X=QCb#MK2@W5!?ce{lNROwIMS|@6ya|g_Gq4OQn7?^&veZfoPh$lcdHtj%l1Bd zBQyDLZIFst{fkG*?>mp4urt`kUA1qT^Ng&0E-RNDh`PdjL}jP^BKNBvJlP_RS7oN$ zsA=W==2^?5HRZADhp3u{X^$r>ZH$U_H#uhz((AZ&+QHjb^xCG?JYKh4g!lLCi2hAe zXQ(_@O*$ib*y~4<>s=MI>jvjeA9HlI0CF=nAGZKi*%;i^6qQ> z?~;97s-Zl3KGU2E_L5l*=S($QJO6NbO(~2BcBnM$JZ!k--7=A8qx}bF-7)sk@!?v$ z;*QhvRgAXrVG|=6DiiXzxeY(^?jW`Pgy6F$X9HvTC9EHx%vT1 z=i6L$F4cQw=CT?w2!EZV;p((OYkEvl*NojxU0z86UB(gDr8-@^zDrz>p0?<61&4!x zL5{tASEcj%X`6S6=Lq&$%1w1z{;unXTA6OIREGI1_NQ&7-sL?9XG-Nacjg+dS)6mg z#9j54;F>pSQih%1?tSwy%n=P+rlY=bMo;1DC(&E(-P*}~D&2hHpD%T$m%g;#-_&#e zPe(;?`P+@kA}pVCJh0xTADW zH&XP#rY(`XE1DAaos2*Ga`wK1wgr(^&yTE2s^~PgNSCnsq5OQC%@gB)W|>oFq)c(y zSl{urR{z)(j^2vGl9MNt7pzfZ3*|ieOUg^9FL{d6)?WLI>z4Acq*knG{`BEG!)ouA z{et#qJ}RDhYOwTsP*wIyN7Ev^)UVe+#%fsmH@)ONX!^M!(|42UgCaGBfH@!6$1d^S zHZg0v-z#nXi@Q{&8lJo?BD9p>)8VE|&rFXkmPrB2uB$X^b4vcuJ`uV|^V1rZim8u& zwk%{gl_!4H_nv_3OQ$&@%fsfkU$W*pyYObxtf`+GABI}avftMkdV{AV3nbo}J%hJs+oO87|ty_BTJ6`#L^f z_E^)G=5rs5t2b0Koyj-bWnYzb+S6yjI+ehj`4e5Hbr^CpG~Hk28Fs28@vY&j6<3to z9(}W4C^7Bdwc}5@Z4<)JJu@}7>CxlXC=ooQQ6aPFRnyw5H)maDp7tzs(&F12wsUYU zzqk7nukCT?x$_mb+*u@6+_~_a!n+v{Hn?Pa1_f>xR+hQHXmQc*;*7(WEGHl5{d4`n z$H&Ld$8CFi;_P?9h`U9GXB1hI?|F*}8^=YbCj9l;9{HYW?k~6LtR}B(UrcP;)2_Hm z&tm@M;+MC2|LeWAv$&Ev&AzGiPCeuIP5iMjJIf+2)*dOCwr0j7?as1UDvu|}_hc}- z*xa+-oxU~ZThfHs#$SKaa`!*${K~RK`0%&HkhDVQ^PgLT%~*xrI`26CsWg#4d&$cM ziz?&9C88yp{NK$AHQc46@aM;&gRXr18LWS*-qrX$h_$?$eY?STzrE6|1W!3`w)`NC zH}b-dCzu>zNmq%AoOI!;NYarLaj8KanntF7KK38?TC-@q#5M87`z8t>iI|pq<;=9o zI2ZnyrRLLQC#+51%+7E8Hthq$f!LUHDftFVe4oA8)Uj#B-tv!Z`?qO5`IR5*(zT)1 zndji6Dd9>ThS6@xO>RQDf}StUH)^!cayH+ic5$xI;ZMm|3?duOHQrg@@Hp`zbNJ?( z_m&#&i4Qo^%31zA$?WAVaQ(CR6q8!b{yfKdr7dfvHrq+ejd|XwsIqC^Cb`FPH@&8a z%u`Vft=+g|&fGBT$tyy39^DWwvDxd_g5YA!iCdVjFNhP+$bb0#SDvddqWVcc5aX>Mf~B z_X?#weRir@Bp2>K{=5I~zG=oUWX@bo@;Up<{*Q!dL1NEw(|9G;n9BU6M^3$Ip1$qi zi)igygI5hMn=Ac|3><`}=bm02aii2QN9@>_DZEEG?reLp#Y%(8_TjrDNmaYJ`c5|_ z&(untlQs8<(SPQ3kNWp{8u2b>^V)Jrh5g@8m5oveFy)N9$7Zpi;`!3+ zv8l?(Rumu2aaZR)o}+S6G+w%qwN{sH>cJWQ(`Nq6Ty65oCd2xo6Z6icR`dSO%f4d% z{MXK|l>JAZ$hS?`icy%5wz{FyIr0)qMBHtu&Xx05Hi)pGF>Oks6jSDNTx2P%} zdAKZNt!m{9^{{|~y-eMbYHUlx5|5}K{`6~=%g5b+#Aetm^FOJcx%ANdS^162%MS1G z(m7!^^Fz(;72DV&Lg&6`XEG0tRy16D;qUBub^o^QPgL7i^_cOGzRuLBpW)gYCWI!< zFm|gcI=O$jft2>;@Uu6xdsuf)Z`#}<{FT?vW>4PgJ2S$0?=CagB7R{T$NueX>y~aU zNZS8gGj#9Kth3W6U6tMzU1t2=+TrKn$S<-JGoCtic(Zp-^K&&SbXl|bg_x*Vp(l@Z zr(ohFr`~HfdHD5YZpai_9agSc_4mLrC5MI`!e8HpUcF=Lb^3Vi(uVi#4<=RKXsr8s zy5Rmv?zAl%3zCGR?Dy6!I3sd)x^()t_~azvgp$44^OuErn#jx-S{@^`R_LUg|HesN z%Qv?0C*8>E@l^kpad+yc(p%p?{`~w979<`1%^V)w>R!vJbZUKiaAJOL7MDp`$1$@`TaC)Wu5L$X z!)2T9IA}ZEWAa(eth4IG-w=jW_MBe}eu^0^@jCxJy}b5>Bwx7L0xi>zH~L$dg)__d zA5M92-ROd1?a3@&HwK@{&4w#8*NROvI;b|EJI=%ClG7UX$4RM5Z=<#xpK+{6ME18e z!#~$uGBci*wDDUWZiqGAwdY#R?>Vo(`?}XDOcctVv@m6>S8Ja0WY6>Yb9ZyFOgX(< zBsME5ap#eThHgEgYi(7O&-Ep_PR*NOkb87Nl*DD<`U#rVy&iS;rvKiVi76d99$q{z z_Vh>g4_CQNrkr)(bLv;f?5LidnX5AJxo0$FsT9;j%|0jH$2L|B6zSa zZk^mkc~0*&7wi`NG|-r`xMuA#+4H(u&$wT?UEaF#XmLQT%ci2^acfrptbUX`M`DU> z^0X5MTbhn)diU9|G9}g~F5fcO)-gQf+ZI2~OV2ee6l3Ncd_8A3L+L~@?uLTG9lUE+ zI-WIoxjAL}O^`ij%y|lKFFSJm=fkU$tK-_+nRfjBxZBLM_=(usb`^d5j;WSw)%K}% zI=(b~#{aS_EX7``_;ZZXi}pM7UWmFbW^IU)W1MWobUbRm-XfN*TTcFEGz(L_bni=@ zp}bU+YG!b7Vq4Fm(%DZ`HTFkDSNlIo-zAaKZ|J_%P-<7*gVI~O8EmUxio1Tk&ye$; zF?ko$TmOr>;tAE;ou4Lbo2DLgw(u4|xB4^HeMiEzF7EO&Dh^nqcU$gJ>LQ6LLdoY& zn!mUa_wi#9cj`HFmtB*zeAa73ooDeVy?Fey%d+GLVR|MXa&i@}uAT7e?Nw_p<~jaP z#XbwZKeDAe`k3W3&ogmb_$J=jBL4cdWWvEhd);F(Q>9)k@tUq${m!}Po!gS{kEDV{ zN@nmqn4q_L^549KX~FOQw94i;95%J#`m<%Vg+q5^hP}|N8+!5gPg|Nts%#Wlw6*cc zG1a*d@fUB;$X_7wq{VRi5+N(T{{oqjl}d99J32JEcKI-!D42I3X@BFc2fPVoHjS zCAQRKGuVTq=JHJMcrx{+#)7On_RBOD9It55S^jX^W8Xeeri%H$m?O_IEf0FaTvf*O zwp~>yI@DEv<1h2Q$5KD+n-j~pwJ)j9WRdB#6!%EaNlxkYXF~jWPPH1IU#ej>E2?3? z@%qBO_jfJw_X%{EZ^-b|pV51khLx|%rR}Fr)=MSS=2lF9B$i>XGhs&fPRXiHTQ;r# zemiaVoLqZECen4a_{sCU)}CBH*C)=KloSxzQ>p#)V%Iv>9ha5-Uuq^+xiT(ROE~hq zcZGnP)sFjd^i*(x|mB`E)(j^xn=`3A>Ai;^_6 z z4cjC>2O1?-PK(s&Pp#V9>ZKWRVru;?lT;RcAlewR`MX;1xOxPi?gmC9N5a(yKaCQ>>ah zk98%!HdJ#8T5$Q9xQSBQRNdd3nY?1Wt+@)-U$?%0c5C^$w{HKO zFKcZn+m@H)^?p15y1EC(rQA0cANTxY@T}p*6;;W~nQlr;|2w!u8m^L`Zxt1$b1+YJ zS-?`^!}k(;wx>8P?@OMiwDftQaW8vK$)4uRVgdY;ZK(#ljwipBX}*V>-0AC7r3YTO2bd&Titq+s`Ja_n-N#w|+({ zo7xWjwxt0HJ+q%UEdQl+{knh5V*Y0#_kC9VcG&;1;WC%Sw9~sf=bmJ;@h+d+k?`Oi z_nz0OCqjR2oGdc4)laVQ;EV!m&%SisvW{zx5?XE|kG$XC?wB_%&LuEjetzs31E1Ew zZqn*(PN>1ggUh0(L>Nrs)HT${4_mvK-+6#0ymkRHmC$-=z&$DgJ`(_{da*ivn zO6!TPA=gRm9xW}a{gYyTJQZ2{M=htX^xy>3OxM+ZEQU_krwCjw4L5@8Z6YXqNC<=v?&A@Hd?rjZ)r`7X>6NXSv4T4`f;?FSNMD#_Tm; zp7Nybg+j?XZ>H@KzS9+`Aym0c76JlHSs`paW z&rIFmO~thvasJ;oO`DO`Fl$GT(BYgt2Cr6yJTE?eYk|Inj+WVe_pp0gCbYLqk>|dC zY4w8SVlm(SRlB{tSMl8Y&$u?KNN{mYj_Y#klZP^XUJ;7WDm?wXJu&~(v2X4FPep1T zaXEbDh~M0J9_`M;=TD`#yqmiAe&vlVye#{BGj$KPRCpKj##y{o);PSyS~*&j@0Y=@ ztfv#>{={zksJun$glErc4Xc;V9&CEIPA$K*-#s+;(Y4tTEZamSTOGG|b$1>U+|4c2 z%_vbGBek&9*^|!mP7;;a9-p*D;brdx{kQG&Rq`TZI?v8u+S&R_UHb6(rmEe0mc7_)@21mq z$x|n;DYAam?`m6!HDSAO{(f4k15HHV(7ozjmKmz--w}7k_(GtMkWSAD{fsu5Im<2oc6JRSyod@bK>LjbJ`27PS8V z#Yok^Ro621tt*`QWOBqlV}~O*g&AMyOn7hTsN8ATt0ESmvCTYe?$(JrbXDxmS$Fzv z<@i$RUnn%UW}U<$JOcl1X`y1r(Z|M9Qp(u`2v z!wrjtW7Tepd1C>O zaW1Q6TiDvC85Vb#;(AxCKUFVt&$~cKAh|9__javi<+dc@sae!8NsRo|LqSg-aYFkZ{E}OS9ZpEnO=;F>iXU#Q5IXBV$DlRbt23~7$>u1Y6Hj}m)z@`K zzq)qLpuRmCn>Je55$()Zs0kRA(z6b2F`FwHMOg zKF1}6d*jC(ZK?eqIzKEDn*DEvl26h#nN5ETwx+M0GyP-%>uJG9x!rrDugcu0Qr)$B zxtX^<+n*aXo4z;C&Uh-4?z1uc%aouACQhe17@04c$Mj?@P>9o8DjMnj=GwA}^-JqI z_x%)FU7RuVSJNzqNA|f-I%}enKoN$<(juyIg{tsEL#?HK;#tDqIB1y zs=Z+o9lo%N3oGwaulu)cqUDi?eu+QBjlWndpL}CVz~a}_C!g(Kvf^A3=j?u)7d?SxF zYzedEHVLi`+$C*B{P9=B9nxvNr8{~cFPMWB<6&4qv~lOk@~9W&YbR3~cfvc(r)lsmoI zFZuEJy~z7c?{{9-`jPnbh?C8amRF|YZf8T!Xv|uw_;p&ts*7n`=6O5%n7DlL_2E;m zP&pdPb5rZs6%MtDKTIZUyk)9aCTkcdSJ@mkQ#V88wogY+l-07>R=Wpt7Or5w=J#g$ zxB2V39Lr|EI&f;&w)BmwQj<>Hso1}6)7D8Y zLWT-!%@5>BcTPQ<>m!_)zTV;WJaH-B&;PyN{%nxnpc5;zEtPl2$Q;6g^TZ&gx#0=?ai<&bmP189}d_t9plNl zEiX|SP`}o`z0+onOT4sc*k^^k5)*EB-?-zK`zxL|@}6vguENI6I~zOwJY%=$`Q7~K z(|Yar)XU#j+z7kTdbM}$gd2bEC@(jC&%=^4YnQ)l&gO-;?gY){xW2B7+1+Wz+u(@U z<7eLsXKeMJT-`zRy#%+=J4FwgGmcQ=VbNEE8Wy@^Mro&rTKWbX$aFDscOufst``qI6 zzMB4(hq}A%X5WoyPw%Xdne{@;jW=Ynhm*92OwitAA}Z)Wmg#SDtVLgC(icW5zY0fhA9GtTsoOf z$y!3L8N!{XGkn6L{T5Cw*T1-DlMlm=9apkCS7xVWSQZ?UJoHp_B3m!ZsvPItTKiTl zWxFoWq4S&;+YNa)r`Ge!{L->nZdCR33di2>*R*Df zSqHamd%r|&%~#2@hb$IzU%aPXz^i_1#=nKZS>Nhf&zTo7UH+>&U+cN=Bd#okwk7om z3%`eo)poY-44q(cH8^?G;Y$o_mzpw~i~g8i;W_zsmG<*%J)xgPtQp0Z|M?p-)uXeL zG3V5>FB-AAE-S?nXSH6mpP}*Uk^af5i5c}FGCw~rJZBkmK}zkjp|ktX5L0=f$?wCH zI{q5^EXdJ1mb$me^{%c$q1RWD%P-@5cqLq>IIdmCdNzu2-={7Q$CrMG=E>;K4A>Q1 zc>L6Ub+4qqUOX~)b$%NLyjt7yYnBd^NPW-GqmNhKfTHt4L+G}L?QWIAp0WyeQm+{Pu-zh;ESHy+#h$KLGZ+?DEc{Fkd;lHSQ$)3fi% zoXVsvigr$B zW!bwA%+9#2y=k{dMPB;{nf85=%sQ)D!y0_GSf9<%o`14-`jJBG`4V5|N(IMysj6vI z$aYsmy7m-QG)gK3-D3MVQ$A}2qpR2Y8B-_k4V{~|Qc2&^e@C>Y;r>suW^3R7W7uK1 zeIjvAnYOsWD&uWQnpRqRqE74DN-NlN+JuT(qr(R12r(jR4E%d~dV zjU}%hx_m0%;km?Wb>{XRAuBb;D&&_Z^$j_~(o6mG$49clt7y3ul&=ZdvEed8S0Sw?^-}q0UP` zPQx{e_|t;QL@qzMu|#Q}Qdp|^V;TA6d54O`*B<Y@bb0t^D}SUowCniK~;1r-_loGO$(0Bad)ZClK0rsvBfNIM&|alHRsY? zIHoO{HQkFx`@i7kR#PG2sW;cF$xWHf-N~8r@0g9;B)`tEn-AZ)SY7qqRGx9&_uz9S z@pGH_Qr8-GXRbZrKlPy2J1e`Ii-KPt-H*9A{jo+==@W%#QF+So8kNkaDl-+ z-twnhwR1Ct=YN*DoRxWe{)Jf@!Ung6n0s&XeNcEf<@04P9jz(>eR=QhlU!%Yj`Q%l zr3+pDaxljJl*yL96xY8QXRX!z&y@Ce1_vZ+I@Oe%xV@+DnclqvTPHWx=&eaQ{keY1 zipFb-KiNL(ZkniXd6rwf@m%PH8#Qm;ZFWu*y1X=JzcI_?9XhMjmaUTS+qrL2a)xhK z_pzzRSdFK7ZvJEIIcLVNbNhnrY7|rAmPTbKA#dFC^TsmH<2C!c69l zDw$f-0j&d1-U&N#1D|5)%ee@x}O$J{MHE$&HKUaTxo}YH5c$Mi%Rh#=80>saIlI ztaPqdTc>dK^G?+j$Gn18JoBxQnIiQ<=FBR#80L;I&tgA$_bd?iKlgOcpEX{`eB$k& zdrwX=`M6|OmU5v-Z2dRa_$1MiciX4+CAGX|VHMkC)fy4o%vz~|NqqiAlhD!OD<;`Pj1smknx2v1^zl}KL*K@j#>9plc$2B<) zEFXhi)-4LQ2>%v$d+*Ps&wthBiQJgZBb-~FbZB|3Yn-XqVh11U3Re81?t z?nU*DOAEiSl~|q7dgQKZPp<~7IsTI2<5r(ti#G3&nppETFZ=%UG)t#N z6?2Pg4=m0yj9fc)n@Wqfx2K5j{lvmkncI?7MdO9?*QO|2o!!O8@F&*ichB#+sm0}0 zb7F+67rxj$L;l#pJr``fB`(I~Txy-Hu$#N%=+mFGT?%bxM;tv6@JRR0#b?Y`*|V*$ z{(UP~>&|p=<-5bLx9bIOuKN6}#>huU7;-L&aXtI;Ni3T)3uhkro?hmuV`h8T zbH?K!nY9;6(ht<$bX#;M)81`jbz6J<`LMvp{~uW?E|r$O8}hJ!p68^9gob-h7e8Oo z#QJ7^K%p#~&yH&+x=yT2DE?=9 zb%H6sbobMzF)I}oibOtDjEa5xdR+ngj{bdrXP+n)QMwfS+K`oFf_s?1&WVS=H5K!v zu3n0>i#y4B{MN0z6&9?{UMDhjj+N%QcD8@n>#wnK)nU;io93jkPAoXSge6LmPo4kk zDH92~lyd7oGP-Yn)SGQy^`GNGK-_D&HTSM8Ip{Vkl%;0wIoEhQwy9e2>l_~}=16)Y z(RwaLvPE_8yztY0XD06aeP1zRZdG~Y#yLHc?UFeErdUN;7q3$Iqv~_=a#lp!&zffk zD*Tr2b}M+?*f~35g;4Edtv5TXT1BriX05*xXU8VL)05}wo;j`i&&o7jvpu=!z^0lq zJ`F83&&cdYuBx8STUWP5xUH*XjBs&D+Z(z**ng48e6H^9HS41uE6k6ax-{qYmug}2 zjenNg@2t?N;(V}ouC>b(3yI>NEAkyLrptKMGt8Y-#B{p&{_o_&YlPTuE6JwM<5u*H zeV3rl8CD!DAyyP}YJu_Yh>M=z8+NZ`PN;j8nOC)p&_eEUq*fpT3F*(_=j`KEtZ=5l5;gL^}9T(D!RIZ&-BxB!CFc0y357K zwq-M_u;(v(I=RKe{)yhS%hAggKR?%^bTr<0qwIwYshTO}=j^}Dc6YPWix66UGeNjh^BjkGKjd z3qLjV+3RF4y`t{6cV#}~q2;UxPjMY+XmnZi%{pd=$!}c;7m1H*ZfrGg=N?zv zJnuP2=g#jDJIg-)`K@rC@e7N;-h{v6PM6ACE}T(+xAgDJZ{MPfXD!$qne}16-lIob zqP`_*{noOd*L&cR*6H~#=9EfI-g|N#he_2Rt}dPB*Pfia^)&MA)1Gs7i90SYJYtnO z@&6U|a=Gc(Up%ykUAz1Hi}I(9LK1i66%?j;tV(O1C+AZ><6dp!!M!_fDFkm0S1(#1 zJSp(qCwV5nvpI8Pdrsb~c-843blCQ!NY}aTwVd}aE)a3v&g^nvV~(Qcx*cm*Cw%`h z=diTJl;E$MiXYE(Wau*RR=bw1@}pwm-p?>1nlvvj_O$a<| zF*B5L`XyH3m(!mekeqax^o?!EPCjN;{SB{H|Flo3ZjoABJxP(J_W#E{5QYL&t*V{3Dzy=ON?y7n#X`6(8#?eAq`=d>lpNZ;k7do}RL7_yXXZDHKH+c)#_UA2j-r{a#a%VHUy28fl zJ}#44DZI_=pJl$cv76B}@A%uxOU|^0U2S!_6*u|8#^BABHc>nVYvtYt?NL%`=eJtD zM9=e${rwYGCF_=bYx}&v*mkY_6q^@6Woq|7dlS7q`-ka|)yw{?yBjHaI3)Gw>T5XL zG$&R{CLAwaON|B^5ri3v=H3^c*NLJMS6vzcTHy zM1$Xby$qfgyyBPHf2W5qU38ZGkoDEf{(4My=#{&CC9-Z)esj(~%67Y>Be&Z@Jleb> z@wsgAbHii(%@-;Kd)og7A9!2w!hYV77Y0p_BM-e==j3lM={xDyd5xF;JsW4x@o6V$Kgs7xh0?c1Cm&*c2~uo*`)I-Be64A!eH$i z?tb?4_bWce1lgX?&9Jg8@J?>Gd(pD$;g;YDyIyR$6RFm+sQA9xTz$_M_WSyZ#BC2s zXFZ!Mwqqa5kEJ_V?f;dnIdI{Cg5B3oYveZ=Pv`2@Tzm0tvV^+CwI9=0F#dN`V5-sq*!`6cNHXQl3EQ7r6c|0`t4KX$Ycu3q%u?~<7Jl?JUhSX&Quo49uf znOtx6&|7(z@w?LOX7gpGiG`IlmtxxP%GzA8Qrdag)98Qa3FYHIFWu`=Ub%tk>ZLh+ zakCcoOq$*_wI-`<;~ZtZRi^Gni@q81J+IvN*|kP!bj?T7Fk=#r1W+ zvh(Cz3U|L@`6I)3_s!Mm{wq$OG@Ep$-ppIl)KE#OW6=k0>1XBZt2S@f<;!l{)V(tL zsYHw4nTb6%-)G*itCCOln)a>P_#Cb9^bOn7iWd}Z}t}asCC`$K}}!u9^aenU-ud`Ebwu^z9OU0Yc7lW?75Ee08A0c5g`{!S+c$0TidSy=ixpYUx?BV66Mc)k7mT)o5`kOY@ z{%Y?T@6Fx^uN*t@=9|smXA%Ca7nfaEJEnhWj>@O`YDUs?FPlx>uARBDzm+fc`S){$ zT)pnExU`kDyXTh4FU~h?*wwvuazskp#N8r${68|y`J8sLx=rF%AKVZ1MO--Ts%%(})l}VEr2pT))qke^x&O)cPZlK2(OUPYZoSC&(`QwKx~Dq$ zq`KYp`@QSOgM)ngC*0`FEI+99IVwgj&m!e+@42UcN~J~i9cvFMzgU?#|B>o{{hy(e zC9@bp-yii#dT#cUlXHohV2k+X>dtw;_TJxNU(Ua|(s_x4Y1+?~%J1y?t^JhLpDn!2 z+I>d5Xu6Z&DwU{!j`(xJ8!V^uGw%|5Z2huV@}B&YVtMOlHyRS3?>`;%Rk?F zgGX!kkw;HEuJj)EVEBJl_S3weHxIns)9MrymCh~H&q+FXC%9unwQG&YzuR2rw-l^X z;cZ%6e$b?{clw_7onk^!dH>HH+aopStGj&M5}VD=j$5{CzLiT}^&!>oap#wce{!sW z^PY)Me1GWYq0f@8Pvb9ph?Ki*6Uf~2=d>n+v!3||!AiG3tbeA&x#(@%xbv8}TUTtf zy^hC9mR0!*av}As>Sam&|3BrIe<|%;c`J6qi9L(TH5D{eRBoSHnWKH#_PGAO?duO4 ztbE*jP2pu%=D+^EyBYd^W!<-{%XMN|-l%@`Qb=L>_A2MSJ8Wu$=2R7GF3sB!T~Myc z`|jO4y~Z7<)pp(29M_NJekv*t)I_q1Qk*A(M|mImL5 z;h1ukd*u$#8A1N_KR#xu{qKpqH2HbMleS;Z@K=#&-RY?6w5*j*-Js~tfJbNC9l~{d$otPxbOPGYkj;u>*@mUe0e#^ z$?dA{f!vt9r{Anj{f(V<>ri~X1jn_2n<6)OkJv8m_09>tCfF=3`^jUfmPhr^sZ*CYU0>L0(k}dSiJrul2_e>tXO>K;K6M~-vgC<7CF?m{cJBWZFlo=)59^lr z?s#0JW;S`ruQy#K>z_%SJ*YAHmVxu7onWQU?@9%4mD;0b zlj|q#T>r*8e9!chU!D6_3A7(f@SOi?l1Sg-MaxdFWw;)1aptVJ|AP(dK3KPJoVjY! z;Y~k0M4#MBSSeD3Lq;%9OB6J~=vnRi@6Hp0+EvTQq>TrpyGtSFFzhnN=sbvOeQrt?`BQAv%BZhhYgQc*H2wyd(7?m>?QpM zAO|0gjK0EjveA2uvD6i*Nv{Hxzg0JIh2{orU@WZUJJ348CuUNkFYDu-PpZ#tY?S3? z@A#)P_3pmuh2{ZY*V;5NPpW&6?s;_4Bh^;M!cx_hwQ3G5Wg9bVlwY2x4hny8#W?83 z38kP;kz1a<=UF_Lt$5;f>5cZ>l=}V0@`C&`6nqVq^-eTcdFbu-r45_g`manjV~qE< zVpP18y_wrGGLt@6uN z8v|E)FNXN$B!^tiQh(9c4U>$`_un-*J=u-NsA2IguMCZMkGSVDXVvFhw@8{9guSe; zSS|Zbs5?`R|G|XEL8&V$OK&=~-pZ^=i&xtrzCiXMARyGjWSaL=<1n)Ec87 zu34N5gVdjSItDm*Jy~}};)TlBCaX(4$+skKYLqJID*UgDX%fvTmHXr8oV}9&cQI?s z;w@XI`dvD`!6WO?TboO~$)?LQ(sXU7&imPS>%kVsN#R!MD%EepHBYP!eB~M3qiwY9 zN5MKX?WnWaS99MlPSE_i+r4+j-DSrwSz5|3?wP#pWYg5fmD`+eTrAk6dotLd?XsOa zxCI+Zr{At-kgxHt(Rus%l<;^rO1}4`&#E^FPO7s z?rXK5>6?7A*ld@C9?SB(SP{SS{BFBX-NzJd*Dv9Xne;`Z!0FY)YZ_aZSRNCVjNW7J zEyHHG?Nn&+rA1u~>3Y@II^OQuv%362)Sa37Iow9_pZD@fO7#}uz&GtZmO!d$sa6m=%7 za`x8jw0N1iVD1;&kcnZEmyewYT={98)BZ$*_(sVCT=|~X3-_9^88voY(p#bS-XzRR z|4@|XnTWH7zm_ezAbN>oPLx;G{Ku0@WZs=Bxv@5ImDgz=ZKG`!`O>R&j;Y#hxa<3X zVfOq@Rd)*KA2D*x{?e~-d+Ue22aY9`zW(W_zQj7G=5GGp&jMnRubLwge!aH-lV5PS z-t|9IY~I67x2OEp`flocNh9anlkfK#HJ|BC5<4vNvUFY5$!DD+$EPkoHRqt7X?2E` zGxy8zG|%1zTclf=O?}x{>7;cI-V%0gKu&E^^-}e%WyuPQsqkE=Sng0#< zb*t^#S}%PTSlBT8SXSS~TD7ekFE~9dyrpsS_Ytv^uUqeK@P5D3+{^W4`Qa`e-FuhY zW?c%3v0MGo_kn?S!paY8P0zkbRDPzm$<^WREP>zx(VF06MQ8G#T>2EgE``C9p?44S z^Fv3bwX`_t@2wUyUwftP_bc^G9)~lV?N&GXAAau5Wx;v=`Tk?~f?rx36`eS5cT01m z(b3P{SH$j3+m|#eg!Pt3b*5@4tJ9L{@4ijBayZLFS~*+wYUc)rZL_C7xnMefNz?2K z&#W}I4kJ%r|NENp_j%@f+XYW@uWXfGZRwtQ$wt`E^LW83&6OqjrdG@sR(;_8?xv}& zYXT~$Y~N(6d1@=%w!9yEXT^WT18bjii@$k(P&sX#-3^`%D{Lmj2rNutkerJc`vRR)jNN<^xQhR z?8)oex)}!f*G)ZRb>%(w&0eYTlz+b7O8L;GLG$-Vdff6TQS|&Y^-1xG31)7`P9-Y% z)qXy??kl6`C+n(<(Lr~;53Jv$Ey(!ncd`Y&Hgj!i-NKl}{r<4pqeWMn-E)2$-#Dww`XR40=G9lm ziq)lA|C_e%cK*G+phL3r^z>C(5AVHuGRZ_RD1M4_;)Xx|X6vI2XXrG$a;v=jxMz%Mm)P>WmkoXKbHB#&cPjR;ZO^eTy3gYG z-0H|mHs^<@&fkdmmZO!)p*lT8;=7oZ=VZ?;t>w!aN*k7(`Y4eqJNw$&w)Jmr9hl?v zNp|ABnD|4poPPEv=Pfau@XvW7Q#$A5FV@fG{NJ`+DYrYQo7*#C>#wshjpYVWf+6aX zGvc1)HYA^~%sr%+R-ov6G%-}yR`_|`S<9+i7hcc(2`1|rV%(ae7Yo;TyGevkN$$4% zpPyZLO2=Ac_V%_%Kb4Oizqe2HR*C+tJePZni&w3ay3>+lxP4YR6Gts)^Nn4+yKSPa zm^Ymbo#^pS@t>lNJH@pwmf?@=`?zS%9TDc%M$E3VHiSba}<*Y~XfckW95 z{S^F@%VgHSt|c+r1^FfC1-FYny|XCLg?;jyLxoabU9=o}{x3MDd)T(_$cBi9rLK{e zU-fQvc`EsO%{Q%oX|nH)5Agm!yW>j+>&n!+15Z`AK8;&8@A$JD$AkqxzMS@C#pH+S zKecb!Ui)`>gR|&v`FtX?v8e@3?B%{9kY)}8&_@b#@!rr_!Ma?NL3SIb!^ zm0f$MTQK8`m)M;)OMkbd%&%q+>u>F_+0FLD_I>H$K*jlCpWaKV?l#~2FX&0UvGV>U zRj+?$*GJ;6e1_L8(-cJo}DEhRc%=1wbTPT71V)c>FEv>mIDi+#zK{kuSr zzu@z3E;Y-wkIuhXcPny(R)w_L@!ELJz1*{xZ!g|dv(m2M+U_4h{I=baDi5c846#jc z{%5>F|HLSE4)4zu?6`0tyt^##l1cV~;O!fW*WAoz|Ng<_%`MLRynph}d=i%Y z!?}BJjX#r$D|19vX`=7POorwxnUtgi8=h609^d_#c3#%-u&ee&_suh6O?ZDO)o<53 z+Mi^+v_dH0RmC6oqsyY#cK`A_mEbThY6nlyOB1=D?MtR#4Ty2O(WjcuJ%@3|r$e_{ z)edgG6FoE7%;?}|_cL`Dv;J*J_{U{9&1*kH&Ku(wMrGHc_BIsV?f%|#TB|*_YUaTm zOQv5=ko(#GCDirsvvSk-Mh*OIN$HveB2oL?y-q$@cD~J}`cubE{V4m_6DHkR!@HmL zNb+P0!S?350hPomY%e>oy(9J57jZ%pc;-)A57%O1&lGkGPm zG=Ki%{hG@@FeN-b(JFc4&d<~b3wu5}7kaK<@y_NG|BGcsn#asn)F?_O-1?vVUhl!G zUH^~w%jXefKW!;DInH)upeWRsP-oJWg+t z)#L5^cm4izZ1Hq`+xf?T3rn;&^eJ_&i*01Ltd+F;s_pAzo*{cT^ymz(T90MxOxEt> z5{o!>Em~GWbJCklPah=C+aYcDV6J=HA;olA6%*kYC7%8KT;~4n9=;iF4U5^|Z2IDI*6nm@;HZo~?!81Hn)~aO7qx+}+?S^XZq4MMTZ#=*mH9Iq85f7a{97w#ZIS% z2|-87PDF0*c`Ul=Lj>nN*D1}?E+0fy%k~w1x2}+$?=QJ!nOgZgcJ1PAs{?SGnm+ifD`6i&{h57B8cFnTG5qZKXE}Y%ALF(sEzh5toK1p8IzFVM_2+4f4qp ztR>y0+w>hh>^N{;uw9=DWH?6JZN`lEJo8tTb-K*j4 zJbBudsbun>$7+EJ+)A#F`YLgie$IO@AD+5I@V&v@6m4$SYLV!m{V_W4WsFYL&C+*z zU&GgIyTq(ODryzWzg(vOQyzV}?=NxfK&kQzwV$Qx6K7=@nkUr9TR;BS&3!J{zKcii z*)I1@eZ6)2`u5bB2hCKP@$&=gi=WXP!Jd!H7K$^h@>Fw5?O$)Y@$+ zWb&W(cS|-JZx2ZOGjV@!`P!UK9=>kMYKsM{bhoVVv|$mAI&b|d%;_l07rW@7(1k0z zw*1>LYfqY(a#w8U?aa4dOVyqw7K=W3@*|4jrTR~+kA)1q;S()Ig}zE`-ZpW2(L5GE zN!v$rJ=_KO(FJiwzD;k$3zjs%EzB+3DGzZ-+_G z+_7W}m*|Rdt-lIj)rNV?|B3ux@nMlJWxz&sFzn{0;hleGm8F_#RDBt`sh<_m+EhcgkcXeMEHj zUi{5t_v}zg(9TJZ)eg*HWKfRLo0A`+*{NGuH}B7bY;PVR#${y>Q$Ft7ShK2oab4%5 zP^CB8ryo}s1(=G@xxeW9$$M7Zx>uJNB`8cf{*2+#qfM^ITpmu%fAaOM+VlOpj;J`E zv;HAtEL%61TfpS}D=n!m)4l3@9?iYs<@A;1i(TNN?f|`6S6=112^mflIVI)XaLsxD zt|N=|U_UTlm*LR72}#Ap6HUX!J)W*yX&|!K-^fklfoGJp z)~N|GC2Q@z=}z+S=3g+|TVVUp&Y!pOaKWjEiG3429yP92YZRFNm+#YiRl|P*QOA|H%P)Tx zcuM)>>A#ZqHYeV;con0(_3llce@^cgzdbcAmw)A+*h~3eR712+KYu$bB18Q`rP={$ z%Zlf>xzFe3h4yZ8EVi6%zEF{E?b-T%lP9{Y(fTj{w|`WuTA$OZ=DEalyZy`7 zTW1@dmHe=3Yv^C*KUptDAG>LF^0NFEU(0&1 zlmEhJeXT2<>T_2tTJ5Tk^!UkPr6}L%&WwFitvx0h?F&$?5$}wh_eJ6TyI)>^a-TW8 zS+q0IVbS3!m-kDpOWCpXvqq5j3Uvvt|BsJXzht%G&?{UbRPn1%s75+6d|uuCWv@_%!=nsC7U^aFJqsS`|9bs z;gj5!%v88}=JyL$5%H|!pZt8}n=hqu&1Z<4%cW!Q<`P+}{9(y*qo2_`4_Ev=y78#e z#fitncPU@LUzT)A@admM$x7#j{ah{w^yn@l#BQ2`Jp^>J-Y<;-uK0v-v98(J+p!W4)!B{Tb~{f zR!LWWoNW^5G-;yx%N5n!QP-5JB6o#*6m%+0)x9>6;rA*A8yyyd8k3JxcXyn;f9m$N zz_n6svM(LE%N%kr_wbUTaWhTm+w5k znJJrLp5_DCS$~(z{jxm%i~dRL6*<2nR6ZWyeyp6aB}=Jpa_7rEWv~B5M71xyk!GK} zF8RD?F2Cjbhljr$ifP&7?(w#0oi)ScDn=HoFG2G)yH!}2a;tmvz8H}ycVzpV8^yB&Pm9bdjo75&%+FDlcW>XZG?nw`RToU(>dx1+);jZx ze5c9@0gr;BP{UG@Q{MK|#mXFxB*eC2ugexE-g!** z=WBXW^0#I@JyDZ>a?ZV7GEUQ7E@kc)>~#=|KF3~=x9v@3(BW5x4zoP%^SyceUw$(B z6MLcmi`#TB7p4E-?4~4|p7QBxJ~f*`KY60a-_!daRCZc>b~3zOzhU8p&ON@!iu+B$x%+<{o$8rC$8^sOvKES1x+nMZq-THscsiHlN}Q^X^Qb+T z!7tev`)dBq9!_^tJ=Uv(~n z_Q7XH{|l$*vb?rlBDi(I`5E2|;)1U}(_HVp)ziuQ>QzmNL*|xi+?IX5$WzR|J76&+7PFUomMs+_{b zBV~H8y?EY3eb)RUI)xJM%LfyJ~`9XQ} zJ?@4w+&ZRZ%koZYqR*U!D&{@2uG{k8$q{$XS|xe2#ZB=~`rcekiJq_tZS!B&C@efz z)UZ6v`Dz0buc+*S)D+;-LZ~fj8RO8zyU?vsoa%myE=oo@(_Ay$(8ic$?%mO%aYGSMxV7*?rRT z5=V(((HY^N`cc!pS3GmBy82zQQ)J5aYle$sSn|q#Gn+?ODBcYIqUc;K^GN@2@UHkp z<|kL2)L>N!TV=2@HeNw)ZN(JPM>kBQUhH}p?eS*m+4Jn|qFb7TLkDF2(2ia%uZueUe6 zu6o4eg;u)Td~X%&eLUNw<#r~$W98f@`7H75KbDLPGar>+WwoZOg8!2JZgc+pKH=DD zW%Ce&Iv%Owo-$?2c$tJc^MrFU3!WDAJ-eyf&r@@>n#DFg?uF@t>}~Txo~*5(G4cP# z@O_r^>SxaR`AT^6N6xh-QEyheq~}jQ=iRuUr~e1@{%@xY_@%G#3)EL+?&{uB6T{Lh z|M&-gr)-kKm5+*B7i_aUC8}LCZ^NP0R~Ebof1xJz@8=?i$W&IPi|ZRN=bx9j75#jJ ze(-CF_kwXBj3z{68qE1QRpiy&#eJHq`Psy-|9K_6de4F*?~lw{;aPS(Z&C6~i3jU% zGORE9y>xzirIdb{*0Pc(&l8s@uQL|vihE%Hc-P_y>GQg-Jkm1#+{S(F`^S~>8)95) zwXa9jKAym{w)|bm<4v6#d;JzZ%-=Kd?_0+6#epfhG7HLiCHJKTpHrE1D&-)zMe6^n z>f0h`cqDDVsPeho+AXJ9%J9V(iK$g`V)pBAv%KHz`dMNcU%~;MCf7?|_2mHdiRHa#s~ zYoC>$FLo=uAAB}+b5p%_tb***JuyxnSN~zZqo?_#VDeC{PLf_WADWJw7pWpFawpGvl3autSvc>3KO28kz zN!8C9vg8j4e}3w5W&MHe72&PRuX0RG5w+RV!xue2(VPFCx=a|C+yP7OLx0cYG4C)F zik#)X!SclQ*%7B^Gcjm>S6#YS*?}=;lT;mdMS@tr-|gOpTUVHE%3MAyi211%r*QfS zbI>1_`&&P&vNkJnrd;`zZ}P{p>|TnDl-BF)^4#_n?`Qca9qntWR^5?Zn-Z^o@BOU6 z&FlwOab3|h5jc6z+@WXtob_fK56DX17rAh6`V}*_j_GYPtj>N~d{(H$jfWxR+4&2T z)c?+?pT6po@}-?&VFEGnpYL+LQQ>%+KVc@f>z@l9m8~hs^Fmdu6X!iQchXH~iuvx~ z9ri(xKW9$ahd9Tu)8D^`eLnJw|JRfC(!X+L)|BZ>&Hm@hc(?YX_Rn{ddi~$7E2cG^Pc(d?8@uY&IhL?+2m+k z$yYv*xcvI;ZJ%#_VktPi_2HKYfzSgsh`7&M=Y?$(U(!V7_+t*gsX?~;a2<1mA@m_R}?PyzsmAq?*7IFQHA<*H}US~?K}|HEZAN> zwcmZy^*}aup6ks*Yj6Lp*8I`n%elaA(>ulMJo-%c9g?&jtnbUXFTybI`F!?@l+yU1 z#zUqJ#%hPBDtxbLIyQ&(z`h#8j61WxC~bb~^*&&q@x#BoEsxYa^J5e38|E2b$Vv@Q zYdtL_Qs}U!@cXOIFEjd&?eMzHF8!`;!Kdv%GZuz<|NJHFEhA8HGs#b;Xm`Td*-TQ~ zO?oGOtv&ho!0I60dy6(FoRMr`+CJfpp{$&DmFMNp9BSN?fApQ0E-F&AOLd}Sudl}) zZ-x%{tQ{dy=dx!re)DcLo+@!6^3HA1wGUJ)`7kHqB_a_8H1;@o?yb>O;a~t^kyh$54@Q0Y0FF(O>_S*EgvsG==7cb zHjl5fW=X>$+0gjvr2JF66hFSmFkQH#nArKs#QAh z(n)q++>kHy}yQU%&|Ulzs^1A zwYkz#awD@{LnsC(7|nT6ICN`6K$oUiVG(h-?F<&l`GuGGGRyN_rZ zDaWTPO6;im===F)p27^hNfYn2$(&W=H;ZprlX&{?zXNmQpK3KI1l(6`oh~k8^e?s6 zRj}8)VfF^IME8Zy??)yH`yV`b$Nl22?9OACm85sgywBV(w)*6uo|Vju*Pin;RqTxU z<>PiR^|si<7K`vtJ-M?t7yNTgQT+7W#%bNbxSGv1ZqLPvdi#``7gzc-DIPtyC?+bK zSs-}J5j~@=8t2nER9pkrMSin8BlmZ%>avaZURX(SM=O1tzghO#tb31b<-|AlvvRm^ zD$rsv*C`S{6#cH{#>dJu&Dy*pN|vVYuBWFwxNp9D!rte}`#k%1rHdDR`Km6wb-KdM zTTHrz6IW)6%naZ&+v_4_erm%x!yg&X-y0gH&9re85<0DF?{xN6?9=96R}-DTT`9$B z|9Dr_n|3qqh)vVJK6jOk)8prxPVW}?I`zf8$)?Hib#zU!+?R7|PhS0P;z{ujc*@~g zbf0nUhimJP<*Ny=O4Rq%HmMikK2(ZZ?yMjyjnglNbBEkA0JzLIo;6yMY}eOMtZHd@cV?vVe?(B5eJrB zz12G7+MPm`E%{TvJDN;dntUU~`%f<4pB-~~obG($JjCyQrA9fV{WYhP-Sz;ZU15hy zB9H$xx!vUQRZ8}5)|@T&61r6$Hf7fM*Cq?c5 zQg`!##on-m8BNgr^@VXN_ge4S zZTl778n)}|jd1@5_ZPi-vFO6wwI@!9zt}fD?{8+cWN(@_L!PSs5rq|5Q-7;i?piFE z99F7g&c*t8SHqd3x}_p4hZ*H+p4$9+F4!XEoqST`(ejve>N@uh-S~KC{j|4?Q7^-j ze;v{DaaTT9Cj4XaN{-115|)`|xt6K67Y%q=;-0H8b?R^^Y(|KZZ<+#9W0m4{f6hDBG-2&WInkMwbN-t2NU;7s#eC4{lHkP)>dzKh*IMp0 zkIb@{k$a*ovE<)b*0o9P4Eo$AdQqIBddgP4q0By;qFG*PFHgNtk(9jnS)g3qMC0XK=O5&fghPrg2}dv3~u=naw9JaVzIrq@_omc*-mF z@HAJf(z2r>DjTo0HyxMi;hUtqGhd!7rjln)aahr|u9u5cHYweX3KVG3I(_KJDVN;b z90d;5=|?BeykVKPbdDceG)q(VYNNwKUpi}7Y`mz&v2nN8wYKj}PyGK}d(Tboj@{lj@`ISWf{ly{*XG+fp1At2p=W*D8;9R9 zO%wM24>c0~J3I4Z>?>!}pKE<5^)EG-U*zB8e)P0{d{heKd%>s!lSNi>c^`N_shS~* z+w4MxWNn~1+lHRkrJ2L~E+ zh0Tfbb6HanbeOyN z)~+a7<-IkEvs`5(E3KS=P0xO{%e3vk|D$hT%|uxaeoOb?B(#e+>wRl->ZBua>pZ@R zmgn6sSZ%lQyyCr?aW^-FZmwD~F$6XJDSf1AGmz9 zXl+-+s{AjVwad(3-wK($Sg^>O@d)ovN4|MsjxpF>+^C^M&y5Bsr;c?INaC-@F-8pT2!Ccdfg0vj3L0^-uRaUiQawUeWD> zB$Y|sW}Mv1m^QBEjqTcTgz>x92fO_3yPgTNC{~MZ-`rWF$e7~#(r$fW-rM(c9aD6x z3IjKb%~d#KGO3+)b`sEzgkk?w;f0@hURX%3?fWkJ z&HTj-mO1Og3gVOkl4U<8`ot<9uDx6-*m>GhV7|SAH|O&Dl@px>TJC&Ji|cvHEfJd- zD&vc=RewTk{akFPcXbAk$VO(!%ef3h#nlF5U7UAgyDvx8ncGha< zihS7N<7?mWSFHC>S$KfM`==SUJ=XEu>!mW@6mE)KZu4LX%Z+zATNT7^YzSs#U*(@4 zb>ZKm_B@9jJD-UBJHG2{&*qOc^Nuzp%q+ZK+pfTI(~JM6@X_BZ{7cV@uiH?|l_#8- z6n{5o&7C|`q1CB}V?(@z>uZzZkMuT{u4C?O=2PY@KAT;}|1Q#<@zwoRVY4OcH{NKS z)h#fchh<9k+PN~{7+q!09)Oy1x5mC3omThF6! z3nzcIYWkJ&c}}jiulwULyMr4(J6gV9T(hTii?^I(Qqa-TV{+eJ?B=yEcv|H0WPW$Y z-3ayBv9BxEg(%!HnR1}$a)DpTe#f4K8Z*JjnM#r-m#9j+$Q*;YQPf)n$*lE?tv@~=SZCRGoOyNKW%X|_g~}NApTEcbM$>@l*#7G6x#cel9A4h$N=TG$ zh}?f5cyrzEt~|G*ckFuGg6FMbeh^tbo?%>J^kMVI{rFhH}|*8+04IX40g*M4G$M|$><6` znBn^|BjHX!gXiN98|Sm+8BcT(d-cazr`Vk#X{P9bf3_zW^8B7XJ}D;~W4O|PvXR;$ z`;?$vf%)8ylgh>aA9$>(T5Pt?#*we&4$teX{k2)!1rye<+_}}8VN%rVi5iS4%J-Gx zlP>ujU4B_zY;nWM?;f>L|KolZ$t@{b+jMxM`D$5aMT?gU3xzK~ba*>CgC(cq;N?H6 z4_dZOJkXD-nQSyMDOZ5^|_ z|E%p<_f6-kG;BNce@exXc9(b3OXKdXsx{Gh!6NgM@mz?;gthy*c7$%Y%kk{GAfumX zsK5p5{SS78ti9{1Rr_ai+2OC9ywNLm{+j!1i(S{sw#y5>S~3w;Mpn(A8j0JORXKY9`t zn*+5>rEg5XVvy~%P-`-O*XS(uzBOXW&3M2radc{y9r%NX}y1U zp$d1_n?>F4ghnRzceYVEY|M-Q}BGl*TO^p3dPmT`AYYJycLtIo@l%}VBPQ!{=% z?{wQ#QE@77$Na~swMp}JjyzfQ?p67#%~w>izne3fO5adf5LGGO7w#g|rgG6_n%(2u z)8-wQ|Cdwk`)1uy@rggAqWQR3J7&C}w0F&!yGCVPxse zYsy!3wX$z9yVR;l+~WKzCjKv1(U08`61KD4xM7p)Ilgq)Nv>n+QWBsbf6Ruu=d||@`Mmshx75?vb3X$7e%TEhMDF}K*eESi{U~@9w zvEbXcP2v-`#5bL@J^l075xb*LZ)-Wk)~Y%zOJDi0q0m*IiR}gF3m(VT(Ry?OA#Gl153*^C|OKCMY5z4#WK|Y!_zJEYm{b*>}FGqjSg92 z*T44Fm(qeS&W{Tl&%ItgJC5naM|N)aJ)1%n6fVr|GkczI(Rr_!qu@;q*MaS#0?v%n|wXa+qY)+2u^`tC(%J-Iq_w+b-UF_@`SnqxzLw+WgrJbF{_2 zHMJZ&-f-cc)9K51?|$j5W%_vWm7cK2w$lYplfLPczDlo1*(03$s{h#Jn!V!NPFD-| zDzBU;R-OHN-KKBSPuiF4FyE`U`b?AHQrkshM>o&D!d&s<&_TZ(S@szHl36P_mt9^} z_3840%zBw!vJ0LqE{XZmQ=WFl#^lh-AM-tO)=&TM%DA9v;j;^gDwX#cx^lD{tk;GH zuUojZhf(SI^lsue z_;hr=Qs?@d5OvK159J(AS|9j$XpgXx`|0`}g=gn_ndm+L|NH2cn$AUMvmNf_#eY*- zHGh)B{2R}M|IMm>BMEZrtoyDJ0d?(JS9~4jX}`FeRPQM=Y3kvZd#BCZJaNvJm7=Hj z_!aCt;gwM;IwNx5|5MT*RV<>dTp1p%J7l?iQdi8A-r7EH=AviYzcP5dNytuRT=R(;Yt$$4KMO}{1j z-kiVVoGkBzikAf*r;`5fJZii7ga>=MLe&nL9T~6LTTEYz=c}?amHX%9%-ZWS|7WaC zgRto8_&ph=(hrW_I$X{q`tYAY;uGQSsQjy+PjwwwVVISk#_RIfukq7dzitnu)1~^? z9(TwjT(SzOe-^_gkoRJX>`BGX%?yqQKB~q1Y&>kQF!Szwk)n3CXV+)g@pL{lx+nSB z`oj9wKv&iVp^lj;H$tzdf2(AABlVkEIdAdgKRo_wBK1~JV*H=64y|<~JMQWiUgEZGk zhp<I-0GmB&#%Ab3C9C7z>x)oB*_2B-he#dimAD4*diZv$xPz+Z2oyGcTLHs+mB9-pX z;U`SziM;-l_t^NQ@Z>n&XBC0ks~s7V^pkHlr+DsWtXmZq-_U-PL2SFTbKUo8Lb^*c zUtE2qwJS$CGGg;2y92iD4ZnF4Cw8|cM6CP#L|0qcGt5?E+VuA^YZsM2I)9bHO8>~r znXwnN>NdK6biL@|*0<``E4>Ljj_h)0kP1)D==dqrz`Sj9s0ZJ3sWOdeK02=#zq(=i zJ;+4w>bCQj|1+MfDckwkZ|zZ!ywzViYmMHnK6w7AJKrjSYW4#kZ2Ht4zo_oLBK@F~ zL2g=Bf}zZT$7!o_kM*mp4gYFY9y*!ma3MCK zc)D%MhEq2-9Di%>9dgTAee)rYTM_E>dXDw7?y-`-cTxSD=OU5!alC8+??puSxyR|A zy?^igVkXHY_ZZxHwVt0;+SDe^ptP1>>Hk$FmXjxQ1zvw~kG(WIq~PAfkH@YnxSh4W ztfq6bvS{W*?JZ3;S29kNoxP>%d`a2Ae|N@PqrA6$ZAn*Ep6JSMpBQz2ZOr+nR@wI# zq}ee9e(lizqIyloxj*_ zTaa(MxN||prn5HXtLHa0Z1&}RbG~iglJex1&gR<>toSEZd^>S9<$q(F@yRo@Y5z<^;q2;z1#6u)E`G2tUS;nE6X^%fxvL!C%>R6D!Nxu62Yy)Y*?exg&e1zJ z?bdp`CLesFx01zrUjOQlRWn~ksyt<;;wOUx zJ69cR@||q>T6_yrUU-~V^``66J03VaU^ur$b??```W+t@Wau1dRP<*^o#~yj=v&Q= zJIjtnZMECzKVijBL-$+Z&B61R<-PTF<2nv<)#X)M7b*{4-eaz~YKFDEQ0+gSlaKBe z_4_gj@bgD<8l*k!@cq!GL$;9HYez}Xae!`igHoJu< zB^#zouXAVqA=dgf&0Qqp=&Zf_%sX^fpLDu;cS%6_|G7RbhYvVi4hxZ6=>O(%<@JzB zCU)m_TtBToIKiNPm3qrJUF}I15BM?E?cyy6-CL+qtv4sxb6pwpTJ?{18>fqx>rY&K zgKbOMt!p1$7M0~*D16ZC`QfnYt5}9Pdltm)o%8kI@{eT=kIujNu5=`VMQZ-ysXapa z4c^;M%ZM6@tFG+$`Dn-8Chb!gz;Lr z1=}g!te~B0>;ZQ79$xcfE%^Oxx3^Mehxl)a(49TgvhrmQFLX@Fd*#uvZ#6^U{2Rx2 z=D*=o$*Mau@y2h7MX^lxazE>bPFi_cEO80Pu1za9zMSNta&+FdpRx~5`EFXW?w*3s zMW;r$D=X&MyG_bDlhn3$;s1CWv-vd(&Yf;qxYlF&&n^3Z7u{o3NOU->tx-r)(c-O)?58s=Kn_d?5ag99c))l zb8q>Y$x^WAhoq7D4&$h#+T_EZV$*c=@-1X{gh}RaW>|1EZqu?^!GA7wugZ`y(BBd7 zlKw2>mi(jk!w<|)9CA2u(Uht4`hqCYf9wweEssBs`M}~)^ZCW8hq~U&RsTw|+*ui3 zvs+235cP2reH><@>Uu=g4-Z6`49d3F7%kibfo5V`)VDN1Lu zwoBb>`#&W;VS?Sp{w1sI*ykR(VCPo0os~mG_+4HUX z>zU7TQ%>u0upL{f^<=)xd#eMNch9~nr5bhJ>wxR!7e_8_e|YuTLeb69Tjtf8O-u2A zd%}ay!tB@GXIxU%x;;hHYCYA~iN8~d<;(vyp?`tDj@-%3P5u{l-FG;rjwo>tM!T+SdgA2ZCUos3_I5GHw!HMv& zld|U>-Y;|9aDD25bw68$o~NkXz9D_hyeWRUQ~#@VKg%ZGnknO%@}Q)hnRXld zg$m0Y&6mq8t(MkzIDPj8+pfl=%QJ4=k2}kLQk{LF(Uis>kw?Mj6HFy5t`+zHl4m&E z=dfii$Aew00k6NcT=_n|REFb09A{N;Ygsm9((2yX8QWP;zFc*4j@vyI;csyXm7-if zK3^_+mCL$fl84)+rCy=$xm0u6R($EKU9w}f_Agnc3TZy=Za3y5pEKt@nQ_AY@l%HN zxfeM#Qzyip$TMygX^&@oa!${KA!l#HkvWA7-ZJqEWx{>jqFxDo{x0#hdFI6ipQtZ; zbAEC?xHz9NW!-bDf?M7(!4offN8IDQ5p?8Ezt7Pb)q>m3htI#UJnFVn%elKhWPZne zIxmyYC;n>T<|TP7f&S<3E4wakW_TFI;LE;J@OY@(qE~YlryP7F=fSk@k7;?v=}q|z z@1`343GBVLU|kji>-*Bp5id^1q;FY2F)XM%c=!3$X*PdYXZ~JmKHqu%j7{HcIyCpq ztUr9|;)XHJcHcCF?oJ=51W)h9*0 z%PF0@XXf)c`3bY9)%$MJ+GODIdr_?0MzQl>J8RhrukQ`NCVuen8`b|!3-6v|?~Cnd z<5>S%bz<1d+ZlJ?rvG4`^uu?u`LP9}=BqQ8duOa*jGNB=RCw>6d0Te7_Wg<$p5VX! zUe$cB?~7vHIE8=k{5ld>rj?zO60jg?`J~bx;vT_<2NzCG(+az~Dd@CR=;gbMw$w8z z+>TN{E@N+!5`9ds%T4*(&Xq4&c7NStTwyx@#l(^&=_#+<8CJ$``Mr#@X6}{qZ~7|a zVzx}KcRv-P^WfG!(fwa?qx_1yH^qNfe4M5e^}Bo@!-rCBnpI(A=#NlNx7 zF`bLA>?i&CnEgsAv#O^pd}Sf?gS>Vvv8D^r$DV5z8vN}p`*mcW#`kB7!{_q~%)B?R ze(L%8|6X*IUz>RCq1sckle!l-eLSq=H8Yy+LOt_bKJDCE#<+7g>u!Ee={{c5_kwfh z-^MHYw_XbW-t9!dR0nF>Tw4-GXy}n5O0)WA=H!Y#Z;NLJ6tg^8a$o>^jTk zq(7Yul7D$|Z^m-}H__#R1>8p$b4t}ek*@OFnqfBSMbP8qhg0r)-P?IZ(!tP6XVU(1 zo0CE=lUncJ-Cxp?>27zES#rU%YNZ9`2MTA^Jm)aU3(fo6^>OxuKewb$>Ka>0-mUER zyYpt5?D>U(#`QPFl*?EDklA&-b-y^%3)MeC8$TOuIkMk-*H+usB}X+)wC*a~-n_Pv zd(j2nV_9d*jiY;A&ZS?r)m!8L=J%&9j!!?UOx8Dk|C4LMT}P8sm6QA;PEM-Lj<$18 zj&c{AC*Hv(vTwTS>?sFptnNNO^y|nzbL%zI?h|y)+} zR)&c!Q^04n*xb#jr_=9NF1aklI^Xa6jtzDj-}{}J!4bs5+sPXF^qT*~{LL1ARc3Y# zHrshT|ED_an5mzx_w&d${?-$h8f$i4>F0he{QKTf-V@WzXJ7TZbot%O7Ri+pW6XE5 z3-4CA`H1bqV=lYUSI1lBb*`&_`^&wvz}?a9a@MJZ4;i-b*|%Tc=P`|kVa3jA=NHt* zSkzRi9-gOFn{BYXC zS!;UPYLo77cj%t`Wk&V2!WZ5~;n6HN;@3?m(OemDQsBXYwF)7%r=HKu&9wb^vpzw0 znRzA47Td1$LerPItAm$1WvVwHGAmkP`Qq2*gvg`q85(=z4r@(3UvN8NI+sbeA;|17 z^#{H-AzxH%PYYUqle0;yc{53BR}SM1!IrQ)lY?LP?lP@7tloXVN zW6D>Ry+Pj@q>eLJ?0-1-@inJ!he~y-*7ZHPd^fz#zuT~J%?sT;9i}5aU~GV%Cbm$`+^BjzXz2fjXjwzkJ@=kX;oY=snbI?u=V{ACxq z-2EzZ!u10`MP^z=ZOGZa>*n1FA^W_$B;xJnZ;|-jud?j>vpwxyJ~qbo95#BN*bkf! z_1jxf^Z7{MRXc`!_M10+d!BB-6aH_x&}HjCU0-hLyB8g2R7l*gb%JjF#4g@E22VfP zKKa~B5ialL)t6m=q44r1>w-W9F(z-m~}fIscFIW$SHymU)qO%6nV9-hR)~xGia0 zn;)kWWTcD|H6<@sFL?9kWF zmnXl)D;uZg@cIZ{__?LGpf;)M(NslN?-)hn^YJt7L@)lF0v0^K%tBP=_oOvEUCKv~ z=eN8TzI;1w>zhd*#I`fo?YZ;+2UyX%R(+?r$L06lskc6{??y|+moJ^Q7gowk-Cy;9 zzvfC&{Ie^2kL-Hq>k1OTG476faUoL%;ob%@JB+jI#*)RUyS6L?hen;|s{&lh!fA9D5(f{ycuh-`< zzaRWM@-KdOi4Fq;1B1bd`&DAQyA(y74FhG5>+b6Mw<&;$TEQD)o# literal 0 HcmV?d00001 From 82dd6c778ca88047a6f591d8046b30817750b91f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 01:53:26 +0100 Subject: [PATCH 07/20] feat(slides): Add slides about DDC --- presentation.tex | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/presentation.tex b/presentation.tex index 579850f77..09000a525 100644 --- a/presentation.tex +++ b/presentation.tex @@ -68,4 +68,36 @@ Let your imagination run wild! \end{center} \end{frame} + + %% Slide 8: + \section{Countermeasures} + + %% Slide 9: + \begin{frame}{Diverse Double-Compiling} + Assume we have: + + \begin{itemize} + \item Target language compilers $A$ and $T$ + \item The source code of $A$: $ S_{A} $ + \end{itemize} + \end{frame} + + %% Slide 10: + \begin{frame}{Diverse Double-Compiling} + Apply the first stage (functional equivalence): + + \begin{itemize} + \item $ X = A(S_{A})$ + \item $ Y = T(S_{A})$ + \end{itemize} + + Apply the second stage (bit-for-bit equivalence): + + \begin{itemize} + \item $ V = X(S_{A})$ + \item $ W = Y(S_{A})$ + \end{itemize} + + Now we have a new problem: Reproducibility! + \end{frame} \end{document} From f921e1095f27414c2ff4ab60c21a4d04acf9f906 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 02:21:56 +0100 Subject: [PATCH 08/20] feat(slides): Add slide about reproducibility --- presentation.tex | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/presentation.tex b/presentation.tex index 09000a525..75fe4a91d 100644 --- a/presentation.tex +++ b/presentation.tex @@ -100,4 +100,19 @@ Now we have a new problem: Reproducibility! \end{frame} + + %% Slide 11: + \begin{frame}{Reproducibility} + Bit-for-bit equivalent output is hard, for example: + + \begin{itemize} + \item Timestamps in output artifacts + \item Non-deterministic linking order in concurrent builds + \item Non-deterministic VM & memory states in outputs + \item Randomness in builds (sic!) + \end{itemize} + \end{frame} + + %% Slide 12: + \section{State of (some part of) the Union} \end{document} From 88a2e0927d2b186144fea9ec8085278739606f2f Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Mon, 12 Mar 2018 22:20:47 +0100 Subject: [PATCH 09/20] feat(slides): Add outline of remaining slides --- presentation.tex | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/presentation.tex b/presentation.tex index 75fe4a91d..79f005d58 100644 --- a/presentation.tex +++ b/presentation.tex @@ -108,11 +108,34 @@ \begin{itemize} \item Timestamps in output artifacts \item Non-deterministic linking order in concurrent builds - \item Non-deterministic VM & memory states in outputs + \item Non-deterministic VM \& memory states in outputs \item Randomness in builds (sic!) \end{itemize} \end{frame} %% Slide 12: - \section{State of (some part of) the Union} + \section{(Partial) State of the Union} + + \begin{frame}{Bootstrapping Debian} + + \end{frame} + + \begin{frame}{Bootstrapping NixOS} + + \end{frame} + + \section{The future of bootstrapping} + + \begin{frame}{MES} + \end{frame} + + \begin{frame}{The Nix project(s)} + \end{frame} + + \begin{frame}{Other platforms} + + \end{frame} + %% Next up: Debian, Fedora, NixOS + %% Next up: Relevant projects: Nix, MES + %% Next up: There's hope, but don't even think about phones ... \end{document} From 3bf976fe45bfdf3e1d24e4080de630cdb7d0bb6a Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 13 Mar 2018 00:18:32 +0100 Subject: [PATCH 10/20] feat(notes): "How to help" notes --- notes.org | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/notes.org b/notes.org index 7aa469539..363d75352 100644 --- a/notes.org +++ b/notes.org @@ -32,6 +32,7 @@ * References https://github.com/mame/quine-relay https://manishearth.github.io/blog/2016/12/02/reflections-on-rusting-trust/ + https://tests.reproducible-builds.org/debian/reproducible.html * Slide thoughts: 1. Hardware trust has been discussed here a bunch, most recently @@ -74,3 +75,15 @@ Notable exceptions: Some popular languages are not self-hosted, for example Clojure. Languages also have runtimes, which may be written in something else (e.g. Haskell -> C runtime) +* How to help: + Most of this advice is about reproducible builds, not bootstrapping, + as that is a much harder project. + + - fix reproducibility issues listed in Debian's issue tracker (focus + on non-Debian specific ones though) + - experiment with NixOS / GuixSD to get a better grasp on the + problem space of reproducibility + + If you want to contribute to bootstrapping, look at + bootstrappable.org and their wiki. Several initiatives such as MES + could need help! From 71e86f883aec5895d8b9cd85d0f18e739ee14968 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 13 Mar 2018 00:18:54 +0100 Subject: [PATCH 11/20] feat(slides): Highlight importance of reproducibility --- presentation.tex | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/presentation.tex b/presentation.tex index 79f005d58..48a1883c0 100644 --- a/presentation.tex +++ b/presentation.tex @@ -27,7 +27,7 @@ %% Slide 3: \begin{frame}{Trusting Trust} \begin{center} - Could this be exploited? + \large{Could this be exploited?} \end{center} \end{frame} @@ -59,6 +59,7 @@ \item Modify a compiler to detect when it's compiling itself. \item Let the modification insert \textit{itself} into the new compiler. \item Add arbitrary attack code to the modification. + \item \textit{Optional!} Remove the attack from the source after compilation. \end{enumerate} \end{frame} @@ -113,6 +114,13 @@ \end{itemize} \end{frame} + \begin{frame}{Reproducibility} + \begin{center} + Without reproducibility, we can never trust that any shipped + binary matches the source code! + \end{center} + \end{frame} + %% Slide 12: \section{(Partial) State of the Union} From ca9db1223960123a808d35adf0ca70412e0fed43 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 13 Mar 2018 00:19:18 +0100 Subject: [PATCH 12/20] feat(slides): Current & desired state of Debian --- presentation.tex | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/presentation.tex b/presentation.tex index 48a1883c0..27e57433c 100644 --- a/presentation.tex +++ b/presentation.tex @@ -124,8 +124,31 @@ %% Slide 12: \section{(Partial) State of the Union} - \begin{frame}{Bootstrapping Debian} + \begin{frame}{The Desired State} + \begin{center} + \begin{enumerate} + \item Full-source bootstrap! + \item All packages reproducible! + \end{enumerate} + \end{center} + \end{frame} + %% Slide 13: + \begin{frame}{Bootstrapping Debian} + \begin{itemize} + \item Sparse information on the Debian-wiki + \item Bootstrapping discussions mostly resolve around new architectures + \item GCC is compiled by depending on previous versions of gcc + \end{itemize} + \end{frame} + + \begin{frame}{Reproducing Debian} + Debian has a very active effort for reproducible builds: + + \begin{itemize} + \item Organised information about reproducibility status + \item Over 90\% reproducibility in Debian package base! + \end{itemize} \end{frame} \begin{frame}{Bootstrapping NixOS} From 71c900dbffda4e02f7c80355a543effe20cacb31 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Tue, 13 Mar 2018 00:19:42 +0100 Subject: [PATCH 13/20] feat(slides): Nix logo & drake meme --- drake-meme.png | Bin 0 -> 246872 bytes nixos-logo.png | Bin 0 -> 90542 bytes presentation.tex | 18 +++++++++++++++++- 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 drake-meme.png create mode 100644 nixos-logo.png diff --git a/drake-meme.png b/drake-meme.png new file mode 100644 index 0000000000000000000000000000000000000000..4b036754384f05791d02c71e7e571ca7530ddb87 GIT binary patch literal 246872 zcmeAS@N?(olHy`uVBq!ia0y~yVEh8Y983%h3@%$d?lLeiu%tWsIx;Y9?C1WI$jZRL zppfhl_Q_wpo4yIyj`pxplb?aPNdnt6`P*T)*>Ei;q-aOBYP+ ztl6Lcz|F&cw+%iQ1ao*bOtd&spkgimr|tjwYiIBKt2r60Pe?zV5OZtk-nBY=U60Sb z_j9vf!M?MPd- zQDeEH{B?)OU^Klyl$-QV_ia@QYT`O)A1>~N)(gN6DkhnTn; z$#++l#@_m0{4KTMo%qqJ%ibO?7Lw=v^55J%@wfZ;%WkLGInOoxkL`cl=flv$&@Oz! z(dAiP*1>{{Oi$1D{mePw?b61vTmJh0c_zj3=MLSKe|bSJeN)YkcNJH7O0<5-`ThCP z-yVCZ``xoI3um64zp~@&WA^2;JMxdt{PF9}wBuNApFirWi&dU$6yY5Y5wdZI3Ky4lUcbABf)?H8{sv-z_3Xfn%V@tZbjCQOfS zY@Yx6`}1ULX*NHNM&XKQHxGY}Df#z#vqj~Z<8!C^y_ImD`)8AUzS;f1g2(N@esxw` zxcTyjKmF|~7hgVFa`ew+?&a+DFMd643cb7Yapjic|3R0;rk7>@@4r3!v49PWZe@4F zxnRZ5M;2Fbq#RK{pSAC=GgFXUU;>wucTJsKTlG8F8OFuuwszmSRwI2_JiqwVg_{S@ z=*ym)-6n5zqJ7Q}=WUjzGd4%htNrB1`^oV9_e*+jFP+8F&=r_?E7Ue-*d&vhu{YO^bpxuIF`Kt#mg(*nmME+2P4XPp}4!`NWSXuvLLD12Ms-Nfb@ zseg1iwH`kakttw(AanTPk4$6sngwSVAODX`G3(Uu&~Rbl%3Ip5ZYe4L`LJ_rd3w5) z-yOMp1O91}8$Rw=ulw~fVOqtbL(M(Q6Zy*-(+YRVT=~>FzwVUy`MGv}XA&=W-f(qh zRZ#d;JYll1ao!)}Sjl$(9g@8M=T^?Q*u7?<7hZ=@5xf5?ActnOia+&gcvdYQV#fr%QTQh$`$ z*7GVXQ(}`;_}H9gWp5;C*xZpd_qy=OH$MHsYZI6rt#*%DT72{7bHDmvnOZ5KodstL z_uSNEGoQGl+K1gl?xB*%3lYE4w*C42@A=N3yC#12i}Sl*XPD#Pv1!@5*P8TW+WzUL&*0{*#-J^WRBYE96Yi z_8DG7N28z3=a)Gm>~2@QL74ra z@YSipb~!Eu0vvo-J~+C#=)5y9E>;&1p1i@~msM{;6z>k}h5F7PZ6yUQ_&lHKSoF=E zJF})>5+6_NVrNa2lZBis`0KK)T7PVO$u;lO?&W%)O*Z-lzYNH??5e;=VrezbFwGPa=d)K5!Rk&4%i-*ss zpykrL#bQ0z9^Yx$-M83uk<7nyv7Jp`i(L*K|G+9>?Dywre^*3fV4~^+<=J*Kt#4k| zbYXv(*x**6k@}CZ_h<9uXLX8U#rF;;JU@0?d};Lalh2P={E>?lHjkTs+$(g}EyC63^ZxYzKO;=;OOu~c!MlG2%=;*JZG53~O?407~hZcY6Z_QtP3 zk)yS|wCr)v*}JYTtFKBK{uTKZxg=)h!81pkx%y7boHUyazqq@tLxbtz$K{VdTQv2tA7NQzJ%z17mC3U$oqe`Yu~GBN)w@_uqvU$mrZQFzLgp3)OH5(&ZB9#xw-%(TGu+*|X*6mhx+F(QC zpXb-v=f3{3EL-TmV779T&$}-75Kg(`M&o5g%MIlXiVB(5B^^&bb}l{d<44=Q4?efQ z{g+mErQ^w)<^1~FcD-2cAM}K`psQ(%_wFs*SI?E->7VyPr~Vz&dB1e!H4m*fZ)RT@ znf39Ep4qW&Tr4}@D?WRg!r>b&Zo!!3*3Le6)wkHUyKd!fdF}Nwd##v`gSnJo6xW7U zp&3&v6Q&vj@A&mpDEGEWZql|XD`P#*b)E=LW?>H%*yygBEj8CdIYHCDFw)QIhWIMu zdEG|8U#zKgsjASqFJIqq`0b|TZB-2uIg{*EnxqS>L@xioV|r8h`49I+Pd=+0tlVw? zXv61rf#u@e#|3PBSKPH|KeyFD|Lr9`-Ab2PcJa!eMNDVAzbdLYcqXQ8#zzZocLDji zKW>W8t7Mu|xoELWy>0he8Bv7=Ja$_5LcJZ*HdHpMTR2XZoO&^N)8N()hOn+OR-Fx#`1eZi1s^Kf8I!m5wCc8P(dN@r zj<6cAZt{rX{O%Cav{!HO`IVVL&GR?$38ZhZCR*#itb22u z>F6`ZW$8sckjd{j;OW6MX?s#z7!hE;&Oyf?$IcGTD zxSivfu-R8zt7o~X^ACSfx4DaW&YsQLcXs2xk1M}u>dni4_Qa$3hC|>|&Buzg9 zW8vT;@wEY^hlB)-W#mfu-^t6pS^qoEH?V3&R?BlIqcidhhQ!N=YkyifkVh2+OA#Z?V9m!A3kc@v)hDnMENYeaBc z+SedZcAVyS>`mhGgJE3dj>21O#PZ@lSe-p&IP=HKx-y_Ri-%ek1<(=F=Gh$w&3dw$^6!zN3m zj5F&w8RYJK6xiLYspPwA@p`$)|7^XL(>hXiR3)W!#IRo7F+oOj^Ts6y80_cnxKjA| zTt+mX;70>lg~VgqW{Qb01kU0s)tmFlqReRNpA55euI!0Q@}EDRQJH@3?_PKART1{{D@-x2B~XJkvXEQc72xtjmXlf_e3(wm)WU&SzKiIa684>u$os z!0GR3?dE68=$vTF&F?p#vDj)~1Dn9iotsa`I3!IwRaP!%+F)6Vg}Hu!Z!*wM;Q|QryGEFJ&Z99>4ySto4nY zU)k5UuZzo{e(uQG6PMRWd`mRiBxyd;f1W{~