From a4c08687cc2d0e8c70632a849bffa0b653fb4e13 Mon Sep 17 00:00:00 2001 From: Xe Iaso Date: Tue, 22 Jul 2025 16:42:58 -0400 Subject: [PATCH] docs: add blogpost for announcing v1.21.1 (#886) * docs: add release announcement post for v1.21.1 Signed-off-by: Xe Iaso * docs(v1.21.1): small fixups Signed-off-by: Xe Iaso * docs(v1.21.1): spelling fixes Signed-off-by: Xe Iaso * docs(v1.21.1): clarify that Bell is trash Signed-off-by: Xe Iaso * chore: spelling check-spelling run (pull_request) for Xe/v1.21.1-blogpost Signed-off-by: check-spelling-bot on-behalf-of: @check-spelling --------- Signed-off-by: Xe Iaso Signed-off-by: check-spelling-bot --- .devcontainer/devcontainer.json | 3 +- .github/actions/spelling/expect.txt | 3 + .vscode/extensions.json | 3 +- docs/blog/2025-06-27-release-1.20.0/index.mdx | 4 +- .../anubis-i18n.webp | Bin 0 -> 63240 bytes docs/blog/2025-07-22-release-1.21.1/index.mdx | 369 ++++++++++++++++++ 6 files changed, 378 insertions(+), 4 deletions(-) create mode 100644 docs/blog/2025-07-22-release-1.21.1/anubis-i18n.webp create mode 100644 docs/blog/2025-07-22-release-1.21.1/index.mdx diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index b11a762..51d137c 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -21,7 +21,8 @@ "golang.go", "unifiedjs.vscode-mdx", "a-h.templ", - "redhat.vscode-yaml" + "redhat.vscode-yaml", + "streetsidesoftware.code-spell-checker" ] } } diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index cb53057..c976a66 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -149,6 +149,7 @@ inp internets IPTo iptoasn +isp iss isset ivh @@ -248,6 +249,7 @@ ruleset runlevels RUnlock runtimedir +runtimedirectory sas sasl searchbot @@ -317,6 +319,7 @@ websites Webzio wildbase withthothmock +wolfbeast wordpress Workaround workdir diff --git a/.vscode/extensions.json b/.vscode/extensions.json index c85abc8..6e2ae17 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -5,6 +5,7 @@ "golang.go", "unifiedjs.vscode-mdx", "a-h.templ", - "redhat.vscode-yaml" + "redhat.vscode-yaml", + "streetsidesoftware.code-spell-checker" ] } \ No newline at end of file diff --git a/docs/blog/2025-06-27-release-1.20.0/index.mdx b/docs/blog/2025-06-27-release-1.20.0/index.mdx index 4ddbf11..ad28cc5 100644 --- a/docs/blog/2025-06-27-release-1.20.0/index.mdx +++ b/docs/blog/2025-06-27-release-1.20.0/index.mdx @@ -20,9 +20,9 @@ If you rely on Anubis to keep your website safe, please consider sponsoring the I am waiting to hear back from NLNet on if Anubis was selected for funding or not. Let's hope it is! -## Deprecation warning: `DEFAULT_DIFFICULTY` +## Deprecation warning: `DIFFICULTY` -Anubis v1.20.0 is the last version to support the `DEFAULT_DIFFICULTY` flag in the exact way it currently does. In future versions, this will be ineffectual and you should use the [custom threshold system](/docs/admin/configuration/thresholds) instead. +Anubis v1.20.0 is the last version to support the `DIFFICULTY` flag in the exact way it currently does. In future versions, this will be ineffectual and you should use the [custom threshold system](/docs/admin/configuration/thresholds) instead. If this becomes an imposition in practice, this will be reverted. diff --git a/docs/blog/2025-07-22-release-1.21.1/anubis-i18n.webp b/docs/blog/2025-07-22-release-1.21.1/anubis-i18n.webp new file mode 100644 index 0000000000000000000000000000000000000000..351d6e3fa5c3fb2125372bde222e1b5040f73252 GIT binary patch literal 63240 zcmV(pK=8j(Nk&Eh_W%G_MM6+kP&gp;_5c9T>;s(vDgXpP0zQ#KoJu95sV1hA8%ZD% z31x0`y1S+PdI$ge)kCbXY(oi|DM~B$=~^3;(Q4~ zpSu4G{zvwcs*An;z5dyK&3=XSm!Usg{@4Fk`!Dn!%Kseui~6tazvn;f ze}?_W`=$LK{O|JLx}I(Rar{sHKk}dGJ;8q){&W7H`v3Uv`Cs2Zd;Zft=l;iXPY?ee z{y(TMz&~35dHxIh*X@_X*TVnO{}KL=*sV zx&QzE$HCv-U;qE_z8e2;KmY&ZGvt(byXLy&qejH)DU~9=d$Z5YD^}XEQREfw7S+ty zKs;N+ONfE5HRiWuaD&#u6~_Uw=dyGWtyucOM`;!k^>En- z#q0Yk?+GCbj@G@6Lhp1Z^f)YUPH7?}@Vj_KUGl&Hy-be@YQpAoeNp#mRs5A+-inLo z40IC(y>GLxPXMMQZ25glvn*fpB2sn=+zgB-V)u|eo>VHUG%&xRTOkjE1*p1Ezp za(=;QSN{PYmQe2qYKtg9hqf2W&2gf0L!lS;+qy zFx2h|s>!x-Wqq2zojmNDiEijC%!I!#{@W*?%85b#fLMiW1y4O)8p(gn*uKWnuQcuC z1TH?weyYUS(?3VrO0sbu%ApiXQUXnJug`xB<>FiDV7V(0W(vy$wl=E1qM6)VVL7W07u4tajnt*Sa0wJG!i z;i8X?f7lcY7BgHu-0KpmIELsdam}oYda#y%f`E*xZ{nl|Ws>&%rPa8%?cb{Lw_-v{g97AKgLx^CU-ns;V~_EM3dF>)_k?huf6*F78W)P6hv znoMzorPMT}2IKa^Zvye4DgzVmu(jnUyq;r_naWrbQ)Go#n)5X!k;Qx03YVo>C&`mI?w!-Zb0Q$bJwRIr* z>F{{$7%EgsWHuQK*~xKJkWbr4@M$~?73|*#@SMIljw%zA%IaD^1PxYu>`1r6)6QUQ zrWK#Tt2bUhq5INtls{8e3!!HS?62w*=LP1$gKXn3o^Ey1H8V*@$~jSa@#g!+wc(H5 zMG%1KH5bh7Z_#l~Z)D0ReWxlQ`Q6wh?5tsN&1r$xy3e%AAo2}_*rCh+rGj!KZm1cV z_`?PzF$a1bruO+-@$yyI_L4%n@U&rj+1Hc5uOVlt1Nc0?;8pBglSbrQ4H%++`|Ojl zgmI(9DYSO{Nk+L2M%>(yi`OCR-B>phcNB2#-3Q#xu-3P(k~QZaF#WfnZ8SANZ+b5# z?e|+SZ9^+eCoGUS(2I7%5k9C0lvz@YeT>v8@jy7(uE>X&WN^+L|Nj?wjE;Gfr(Szr zV-#Aab_>#GW$hDbL=C)?0T5oH)rb2O8J?Jy z&M&baG47kuM9(9Zfq^KRAu2Y@{P>7Tuh*#sF3?F;!8DyK5zIU4erBrDEK}#7JSpgL zIbb~*nzv2Y|O*qqR<}S$tIzoxQkE&vfFQo6pWJK^mZG1?OE$2Uwap9=d_W z5^S^C=PB3Ik|TfnZ*4Nv{2FZVO;hVGhMR8e&PmGh-JmbPQtN?d`+3Q1{O6(j_jJ}c z(#Uv)K45cs*6Zp=&*(2~bnm~2N&WjF?R`Yio~#?}JE%>xRY@}SIZKpM+Pknt4fQpH zo%}D&Ll(_@*tFoJ$+t6lQPFSyZxpauAcf~Y!m!S@yk9Z9&c5ONS!sHrSS99z^O_^} zfHF%(S^_5*z#`e`#raU2!YYi<3ilXRn-Tr?R)vC4)YFreIYRVqY#Z z0Zixc(JDR3k|fQ6_VU_99mP3Ek1}|ywp(3rOsPa{|Ci?%H7?kj>NYWEkN<$f4tF<; zjB6Hrcrc}RecLQHu{=?P5H-tS_rwUst7Y(xSmw7ae#AbO7YXC5pjyrkmOeKN)VeIW z{ezHi@9|DN+EP#lxPKO18rFaF;G9ey3(NuW%cP()^H57_;D#?~;HS^rYPWjkd1fN; zqB?h`<`)Y04s-=F!^iRh>#s^vn8DVCdg3zl%d@^HkI)q9dBk+ZtRC|d z1eNQnyoWOE*KxM?zQo2&lM7I!s~J~XgToBqZ$^}G0jRG)ns(!kAV+p8O7>wcf}qqg zZ;yh6f@vfQ^D52l{%Ti{7vGwCW3fXKY)STLSnt8acj1*wI5ud+$LVN_gmv!koE!*p zy&eTH?MA0ii;GX4&^Dz6_Ws@sn8v&RJi=R{&aH?}lQLS@$*^AGY>2DpKc=@=^@rQf z={&ct#oh5pC3Nw~TVadWcNeNDaexolN@8nv4F%tk_0G16yH+Wwk;)Pnm+z}CPseqY z-v*qXKRRMCD0S_>vbV?s^Z@9!`7*Q2cTtn=^44@edtnm@40t$RNsDRU$y7?br0u%# z-<8Fw{iBWZ!m|V$w=Ulplp+){bZZ>l0XK)+g3=cq)MCWpZEOPcWQP;LY_1}}`;FUu$Rx`17L-yPzK zg3A$W?n9$$60;5@VxT9|Qucm9?!T^4z97!sEDfOqst$R=#{9%gc`S`aB*gWnWe;&l ztVM8mEV6@kh$b(vv>6;J=Mbb8qE>Qm<`a^gEqD@(z2m^8VYL^Kcy4okU-Z|37&@#$ z&iwMH^kWgRdkB)Ze95Wq4fOu?@}nlMmDDVLV{|Q2MMy&{ebZTE`&dP z$O4fNwFF>fSlr*RTupf=w-+@NXeb1t-0X8HQZr4)DX7aZTWuh|z1wAoCu#wDGo8#z zFk9ssjK)_;5Xc^IJO4CX$ZV|4r6l@3s!3~!Dw&ERjy}jvzR5dgfjYNx9Wd%xvWy4} zm9JJtfTPz>hXp^Du~pE<(1a@>Ik>;!hs5Y-o=-v?nMSyo)tBPfpGETr@@@@nn&Ck> zES}U)|86|l%t>gJK^P!*U>Gxjp=)#y3XsPa}eVEsOVMNC(mg>ZSnB~uKgDr$d$;eWQ2tx3Q6wljvbGAvwHPfD^e}Kgal9sorTfy_$?_;WEzAT zaMmxhNw@a`@zk$ft!P2fy>*B3%d?*klqARhKBDc2TAn3!$NUp-UJm<>F0~oyq6?~H z+^b@iBQ2U!;k4TE=c!E25}Pw6SDq4usQ2^)zx7{~ktyk zDO0Jc0o>^SZ{XITo?&JynTNf`nG!yLQl((JC4C+R;Z@KL8>ZWQ1RA1jN=gVo6sJD~ z1&@9@$p=Ud*(f>3)|Tea+?_NXc&^5EknQ}$nZs_FbL#RFRUlq(dvkSqcs5~(vN#`J za_fH65vUzYmzz9>W&=Yq8dDHHs5u{pnS<1?`*=K46-~3Z$%I+?vY=O1#-Ax#`d2kz z&bJfIv!TR;?l&f}vjpwGh>pNH;yvD~Q1HZxy5(?Rl==NZQB$dN2Id*|Y=h(Ys- z-cTzbnE@)v*Cd3)*b8z?eFv=yY%6ys`VCY>OFxNJP-u-!I&|Jx5JhL*>I$nU{hE;? z{X#)d7#^ujtBVsEE8+sz^YdrxQd+baQAevn{kdqtggVxSJlXxihJfGN2YjrPxB~|z z&3u(RPr>8+xFnSPkNhmk!eNEVb)5;P7k|Li!A?1`EU0~nVKCD+$UK|FFomZxu;KDW zcFyC!_u8Im(RAK35`K2c2)OhfKdsTL;}@R6Zt-`vKshWm{phGx0zv3x3e0^hoeh3N zkR$B;4lBXTkmB?Q?xPh`;cKF3r~@>TSg6*(d6mJh&TqZ+mrU^e0HZ)&m++kI1xP#D zk(#LlJM(h9>K{*r@wV_FBptZ2-``{m^^D}hTd1_mxEBhkf|k$T7@n^;0~6D$q{u%S zEF2j7I`;EdjD=vZ$S?pIA!?R$-MfEWdOmR`MQEr)plRP7M@Yf}KgnKodir}Kra1@9 zajKYxr{q^$xE>K!fPOo9tmq)yR|{jLIx=jQycmj0*g+%|5ufsu*qTgu(}LNksKEsS zaw0AxVR|_hc7u5RGK96}My1g^OQyx5C$hR0oBdJ7J7J~pRrSKd&KZ(4Id*w7`?Xve z`gV|PAE4#hi^vKMy^cd9pvNJ_3arn*Z^B>~LQYrR=vPs0kwzM$PQ#{TLfVN)y+-b@jHa5CM8=Jm!2FOF?;v zf$ooGW`E;fajBpDizmg3+ML#z4x9FL(mbhK9l^OV47NMmTZR zQ&%C5Vm&Xb`vB>dR^+guwd=b$eP)>=;_A1(*wZ-XqxT411(dF`wXi}8j+ZtNg$zcw ze<6s;r+4XOkh=JG^!gjt%kN5N6;N^D!2;Q>(+m4B2X7l9;680Tsnue+Y3iKkP)W+M zS$b`(V}`fCeA~~Zf>D@JFd9;f4^-lsWL`Y5j7WZE#CL1Xw*<2G$^A9GaZYRrR$GN8 zdg2G$*8|;9j1S^210NOhGZ-sGu|`iARPlG2?=S_w@o9OfiIoIZahxm2W;qd z1MCIL7`W>y3o2CR9*!%pxxxw2a(gng{fsDH zJh!aeaz(NUatbJm9tp#I`V{T!qb@=%K05MLcu=#1FC+Q`NZsWZCWX4w{xA%*fw6$~ zc@UPzsQox7d%Pq0@}07;#284pt2q5V6AXmSc^8oFElaeBj(nkX?3F0;`l@;|X*RSz zF8PAaA7iEXHA5Xu{SHo)3Y7%;rKqQr4`Vm}c z|De?{AMOB~#JQ`$N`aU@mWMc;A52d#Wg%_#{^BFHzt@Ey+U^;k%deVaAYbJ-Y`kQI z^hzBoLS!~^J+DUjl%a7#K2?<|QhG(7j(vfY=`#2#8b$ zVU4UKWw;da2>5Edj{3O-FIGk&tGd@|x*w7iJ&{dXHqJ;L$O7y<8vRdyaT>S;gBqL%rY%L<{ z9O^b~wDkf3k;SqNrqrSKWZnZ3pZgj%4g@xsY8B_B_hm*66G@p?83mD&&7Zgr!bYsGH~*>lU#l>$dwu_cX2j_ z`|pI}8wU%Lxk-d{a@F;TfLO}*pTUG_&%Q)a%VOwS5gCgUip|4kfT>Tx25Bj1u_F^L zvq5{cS3O_}AiBRMjU}Bbwfk5m0l$&k#3m?~%Hs8Wl z^z7Ts+kx4exp@<^Nm=0Nu0vLOL%KpW+%9a)kpKeTV!yxnGv5T0Vz(U=EC)S_#v49A zm&t7EC<7@Aj*8`}`qqg5ZMM01)?e)qSO61$BuAbRPSK6QiyH<@7bjiuLtza%_uvQ7 zxFu#!%U9-w=J&pTR%NZ>xF;ju^j)|%$58@J%6d?3BUJC0Ept*wh!{{o2ZM(PGCV+* zSdzzH2+`}RcXaLHFtPxpj}qy6ZXZ!MDpo3r#S|@}TD_nNV-|t3@Zg?9QyU|1^b4gf zdWQ(wXo73^{RgV~+b;yMaA+XE5R?{pK~jtF-ikWI{KnoGzrHKZp<=c~4y?Tyov ziHODOT7AAaMoKeX!t{lpz3*b9Na--1itBl;bFKfq(gmpu00-CX+PquOn&ZZ444e(~ zh=k*Yi3O%iMbw;zy`SCb{T^WW)bm-z<2Zi1U3uL+Jfi9M=8Q28*4xTAn**mpb}LCk(ijg3dw&T& z`}^`|3B69dA^lh@<8zD+_+&@#6MCt6=l*#WAuTyoJMtmk=~GVkx^6kn=UTSQU_v+2 z2RZWTShc~CB}@s+8VSroDVpXm)tXOmSE{(oPKC)=sA9rnPy|dXh zp?+}Y&)Z3;%Xg`(TFS#o{ljsM@+{Bgl%a3qrg6?6$d63TuQ{>S-?Nvhl4IW-3pAq< zk>+Dr+yh~+;8~1yImaW?nvQ$N0JQ)#E$p|Bl(Vl-^Hwh{g9SW7VMd&;2bX+W-{@bw zqMiW^_i^A8=R4We{?0V1R6jg88f3?5aB>UQpcLJIjwAmX{xYU46_f6P0wWlF7-t%i z{KD_51k{4WVXLcPJ}?9Qq;EBfhecpnL%G#5TCDJpZHBf$!D8chFHUe|q%T9&tu&8j zf_eTDn32hxJ@ZD33~?jj^(9ubh7cMl!lnoIItV7BfvJUF+-U)n*V9{4N{RTCz*(Tg z8XvXde_y0fL8GT1iV{&P3lNt#r(0qN~aP8v2)>^k-WUoJ`9nHQ>v+(UhVf z=qv#8ch*Tod1+OL3+X*atZTA7JN!@0XR-Y)wY_u)4bB2(QZUMFWN~<77-?z6{7pBf zcFP`_eH80d&?^)b{61p;)aeOHii?)-gIXYZNy?w{1sI~BoX`9Zi$C$d0d6Mrr-v_9 zDGOo$G|6oTFctOkH^}frb?0GpT**7znrq;?K@+TIp;8ET9}f;+uE(~ivZ|&1tL^Tn z@9XzCOSru(RbR$rdX)J0k%QY{dKF6)D&J9}>NJSC^F3K?Jn|uv_)74d7xYURx=nD# zpDp3q%Z!^V4}2QCKto?_>1IwKdoU(9R?OL-gLu2)%Ok!TDkd0jI#yK?l;6a~OjTXzY=e zttZOv!Ku?pTD!qX(yiJcVQT?-|%vl-ekUcoEvNi8l zc9!F@+D4Ee0UO(T>^EY-^ku;(^XmU8>MTBf^|J_+v~BVG;;-m7O+)RBVmzwS@Ae;cW_-eMpf@1@4O~KYg69`aH_Gt_qP><9R-Riud zdLC#ijNI2|o3l0ssxkFQ20mqu_=FX($CQe+X+B+FmQ3PLFR_TW0r%Ao{eam{aYTN& zrv{dk^G!~$eG}u^p^&ch1W!t0sQy-Nq^HlJ7l9 z@2#NSqo+olO)uUv6glw|zH>5VK`-G_4b6ZG21U6jwT1JerBgWHRrYQ5C+QQcSunKaul`zi`WJ2v5NVuT%ev z3>g0J`hjtTp)D(+|1i%EOD7U|b2ntG#<)A_(%CX8g;%^MP+Ek( zyltJtgtk~|rQ5;e?h%Le@v=<7m=lN`EJzW8Y8{BZQvY>of_^^}Gp4{06XVxND4eFt z07xDkk_P@-)kdbuW>*?|V`x*_`hI90>a$pu!8qV==*j4I)ijMS{)|)Z=0_~kf6%jz z{svdo(hJfpMlfY?K@n~aOGY(LQ*xQ4?qOeJfO)~e39uA$EW;Lr%i=x=v}n+HnR5S9 zcFe4g^f5_R6q+9%@@{{X)}8E}_2fFP0y-<>ecO@{O&KnfLUWFkBane&ji7iA z7d~<^zxnZ=)_W1&e*UPW4oo!F^rib24rP5&Ru!ZbZ%* z&O+p#bi)>3;6j<1X(7eV<8AswRX1thxHI#LsV^IU-kYy-mj}@AIX-BD${;z^`??2# zgV{BNiRv1S!TE*1Y=&8bG?XwKg!|wHYuG0^^ah>bQehY-$Ho|PG4kwu+}Z1LW!b-v ztN}!=*n97^qt4DQ@f%E2z8!F7tgyD3Cm8Qup!&C5KK`axupz;_9C!Qm2CSX14f8)F zQx=S6@O9t$&U_qGJVFU3m?9%5j_kX}U&Le)G_Gc>8LD$Tiq(iXEM1W?M4&y$JLOGv z5B9`VYNCVd-hUTC0E&bt0S^FAwX6Argbw%t8X9gpEPj+c3pd@L~7`#yQu$bV-N z5!ONr$gR51>@i#zqu0)eO>nI@$FbGm#j->AaKgsZKeN+`8&W!lZ`0>{rgWYS1pBwMR}XL29mQXT zAM4^*%B*0HPB?{E45d2e99ucekkCB!v3v4-Wkn}IYH$y1ZjUwg!Pz6&1)MV zn5`0nR?eBecJmjli2AMuIRbx&DrKo5Cb>cz)Ju;T&N!efB~x zVvMWVA&pl3*XM%ukmnpyt{(*KofPQF+OKm=w0&rV3|_n2xOwpK$WBedqNfKZ(x~b< zhYZjtTftQfMe9veDTv$O90S2^O@vs4wWz{-^OeGlzZwX(a5}&1c@p_U*R6WgpCxqxBmvRDX~~^ zuCW=^ZYF^yxNmo8j~N0Rh4A_F@8_e|h-C*+_yZNYSUC!-5=&@4Lp99X$1CM$P9$jM zxImC+z5ofz!_Tc!WJJO+X3b7-uB7Hg_#a7sxAP?RvgxBwVPM=>r`}cP+=Z<=N8ke1 zafe2_j5fCy07W~2hCK2YO}zjGX28p!#N`?}C6LTdTq)JQ^C`URWiU4cQYoZHubHY- zdEr2%&w+-zmF?$9q0~F;Ki3Dk`>ANCvqZ~TDTbgz{X7a4g00Imhc2zfpScX6J-Rft z3;iAkAQRTcNl}HlZ+v~?UNsB$`aY4FOPCRUG1518H)Nm zTqN0C3Loi^i7%s*T^;Mi@9M(jo@q3!>#{dQk^CO<#w;~%Okb$s$}h{e6nddRZVF0% z#Ko`(sFQE5^VX|qxp5l807#d zjXEHa0F!j{^;C%D@G3=PVcnKSxGWcV{kFp$UbIn9xj)otF#MO06fzg-HAj1$aTU(# z2sOMtO*jHdEg;?DM2mIOhJ)lKzuE33_$=$4pq_fx{`cph zcR|DSECBTa0+(!xf4OWURWM_T2h**^wY^WNy};w_W3AgTv!G7F=!waQGu3{!hUG_1 zcG~DFBH%<&B&~|hRExx7i}3X_=8T)}7KrYI;;dy104KLGsv@nwE{S}h1^RR9n@^WL zO#~@8C}QE(I%Uoxp&#EDVA!_!??OoF{BHJfP@e>tPmC!OSgU0^4NLPJp940>s-kjL z@Lk3?p1|;C8?rt0yOI*}jyAuVjey5VTsfCKs`FS$%i<1QZH)V-Yg%#=)OcSQ5al=)}t&@)0 zJ5ZVJxl7Qt+@g?1MbGAL?<{9NWudbIugHN+SBJfJ2WZk+UZiAnHF6A)5VdNIVv9j5 z_N@Sol!Wy?2cP@u)@hUXsfs1UuCbpc8c1f31ix8Sh2f4?SJpTiwUvA}XSwXNC|8=_ z&Q@MmANMEtyL*Ev#7u`{E>ZA)41if#vh1ROj7K{@wCncTEf7|8*-R29{ldjd!&|`c zvg1eCo&b90mksQK?Q>$|kgcM2q4k9&XMs}s^(eJwShs}vv0D;cuaBQ7a~|HjHHI09 zu214yX~;;`yLp0sB~aD5#%JAF<-Mu|I5&CgEMt-9He62Tp;6#Q36;r_1_sfKcqx<_ zQlPctoo4UN?4!>4so@&}qOhvT^OuBVA=<&d<6V*^5VA`3|ah z`EJHg!!hL^Ju`p2iId8);KjZ5T`}ZW-kXCyd*>rjVf3LjJ@bI=?B^Q$XGE|?rCN!c z;6`&7vpP_79ra9DIQUE;=OPN;fGsDe5LT==<%Hap?YQj?{9Z4q*bw+b0O6ogCd+lD znykY@n+#s~D#BvyBSyJc8Chdp!?)G1qikG%dc44kB^M*-QMtHpI+NTtn6%#HEIs!Z ztfAY*;-k0XX+jih`*8zp+O_maw>kN{_xu-|9u8C8+sm)q0;maV{~VT^ly(49wkc-9 zR38sKthArFIWjj13?7=35aZ8d3jQhO@49-e=3$liPwu->^ds6bkZ1`+1tb0rCgoXQ z-sm)iLgHr8V_73ZXaUVvJ)X(FBBz)eLzL9&R}Zuo!OmScExQMcXK*QZ`z2{DTfG2s z?}ruOt?-5bH{u3=X}$lCc=SQSuFFZV_5k9$T4HY!xftS|eu&1ID{TCagtah^AJZxFhc#t>A^jagL&h&F~Bm zc56=h`?eiXi^-FGT^t!kSK-rcluPJNY?k&l!T$YI`9~uVBLI{!1#crycLJrNN$gMFrug_h;t57(+9NOzIYoonRfjYf_*R{DxG2GBEyk0TtOfI>c< zKy>rW))FYE8>;sWZ;Cpg>|VimvgcKaLnwUPI)`}(uwM&xqqzq}b{@=&L3|#Y%Q-3dG>|DRJs?M2y#0UvA)o?pra-?IT=QGt@=K;eDJDyrKM>Rc zyp;PNmpc-#OAS9k^u!swtU~@{WRAzt?U+sh+lHsaHn>ob;OO}3Gn4pU zsDZ#8{jVVi3qu#Jk#rOP!GgYxkv4$3f823SI&vbn6b}F>XmS{-iVJd%bCupPv053f z>mu`1L%n+a>x`~Thug~!nSrAM)unE2|;QjnjCB%de5u= ztruJG9jEXR%F`25JPc~SvppZ`^>vrq<9inu{C$!6LR->uP_y!r?awgJZ5LHQ_uR?v zDerxGX7<|OM$L^}cnu>+aAOlxh(gf^c%V_jMHKq%h;K9ZN7k_rf7?68ZT~dnqC%$Zxr^Vz~G&H|;Zw zWs9xqCn08jk1;>EIFsEbo~V`h&^X@4DoJ%(07%@)Yyid;f01#qGHn1pZ#8{*^z1MY z1BKFef$wV#$A5);%M2vReeD!atC6y`mAZaLj4ldi732^H?Nuxu!B)Eu$d&*)Dk z$KF1TOyUlz&#cTPrykW186f;bZ6~a{YtwYK?=W)~mBHq#g3UhCIIx6-g6PbGJzrdu z0Tj{uk3PvKsBY7NR}R7&B4QjS zB?NTbq4>w>&wcBzA!2zn+rV(`g(&qRh^6ri_rLzyWuX)FC1v%-tjMohG%+C@EWn$cu#x;m#I^8HuelV4%Mj+9vDI75&})` zn|2nM^q6|su*0O@BU)7m%F#~l-l#y5=Cc(K9c1jADAGxGWe#Oj2)QUS??Z8N+;&P6 zYUjD)vSsxL>r4fqpXWdGFho52UxNZ?;p7xiud9bcfs^SHV6zIDWsCt<2MSl}chU{6 zTmv=k!4^!$=7h>FI%>=GzQT6vEIhAYijNd4goDFK1!j#v5!q}WngPQ@&XfrBL+R^= zm#i-?AUZWB1|I#$Zs-cu?i4QZkl4z_gXwrm#2M{J@DJvZ^2=AVz&NopJ2?&+6B&?W$~sy8W*+de!#xfau7fV_%)o@M#=!e0yc5{0ism{ zyA&B{AT&WLb0ou&HN--k*y6;3n_sLm^9YDOW=aF#r?nLAs|;7DNT97g*c}p&OpaOO z6#ppCii&&nu^wbb!N*e6b3G{J+ij<2ers^CNMb(~bY`KmipRY{#Q=b~OR|&#(dSkX z!!-nkUb8Rq=SKaGNuab*xAY)C9%{y^U|Y`!&#A^0s;~w)JSlr|*;;&KGM}@s*G+(I z?=88p`ZIGY{!FnSz)wuQdI&d@A@$7&fB#(7!&X3Ieze+IVbDAugcA&FzPV8HEE;aU1$umkUWO~3-08au;F7`^q1PzO+8rX=G8oN%EiMTsOo+oSUs);ycpX}Pb zt|O}4cO??dXh$KdhEjPk+OW93rT&SkCNiN$e7LCdmV9KX3Pm^gmyQIX3+E2b5}k&y zz-E<(lpQd2Am(NI>cP*Eo_+XBJ@p~ou%)!BComVJ2OJ$VOSC&nJ2g zYRByk%81a;er2SjeB$^UkZ1 z7FNO$ZTaBE0>QWiQH+HFJP`zbov8?u30qF+yW9pqYR1mkXqkdMX2-|VZIg@m%Hz~! zC`j&+rVccOq-~&boaBy)#a3o1c=O2t+5c+d?NF6W^GeWhg7gNIoAfM=AW9vB3)}^P zhqKQ0pP)!8oKnBgR=&zIRAV+RV2?6Q@rCuln?> z;FT2W%D&**JiU4(dvEvLyOj!rjYUopd781 zA_EqGb2|-w9Y_9keYgt%lMHX!=!X=~Wq%-AB6MTvskroq<=OaH{^#zKZE4#A?0a|D zlpxdo4arD5o$j4oKOh@O2bRS))i#g(elty9_OKt8#bpm$UV0+&wR9n1|DGqTnUcDJ zl%>?_jEK_#JEHjkS1-T>P&bo?6>WZgh*GSk(uSq`yr3}T>n-uhlk8%Q%vT4h%lxb7LWKE1w%xthS1d^H=wx}Z3S6(OnRq>GXt8=sl% zdH6hxmnIZajJBi79QVmFtbzOd|E5=!DjrO;nv5n%QH1^4#HqTSy(HR>!FD z1PfyefR)TnFe(NG&K--qb%3=+@^dDdMIjQ`{^-kT&XE4msqFU8pn54Xp6=lqC>uqI zoC}6DHkFxxX!Ez;u3F*PDJ;W13_UY;g36^W`oAk{i$K0{=yNk~qnC`*{JNwejT zX9~#%FsU}SVzPh+iSc#)xM0?ng?fPg$t~J2&7UE48^ziT6{Oti+Zb~J!8i%`18L~T z#G$8pZYf6z^!nFALn0=k=IMJD{Lb8;3}M$T+)`+EY;y^$GJOji{->5 z-)13H#dcP5Zoe1eKHgwI$k1)|?_=}5v`H_9)Wl0A`a_BbLA zsUfc_N0oI}!hrs;So(y+k-hsS#hB8ve$M~=b@n+Sw3$2jxYMx#0u&o=nAnxuLdvxf}{UCnQ9A9!TA{% ztT$*u0`P}nye)3e^-3c`{pTD>AXFIWOb=5vrV-E)wj-jkL>t<`cD+9ked5{AO?KSWprWxN1IDrogj1rm%l~u`u;0~!i%xfMwp;joQS?o@ zJ(DE0pkWTVc!w4C!K~84(xt{Ol9z3q~ExG)>=a_ z*VGBI97gwqG@LPGdz6+rY9QiaQ9jqEMstiiKM0{RJ*vWdboaeAmcx*1U*SmC`Z2GF zPQ^N?)rnRd1TO zd>~kkjrxkvj`c_EY!5@Id>%$PU7?wsvQA?IyLAk_h2v0$J4nj~(Fsi+P0mv+GT9Dw z*LRuiRX#x0Nspuj1ck*{ zne2#1>5x|!+{h&G-gzl77lob$lD}b{K`(|kJHt8h%xb3qEF0B2V^V;E2|75>K^l?b zZ?Hb}pj2x;)fwDqtthk23 zWyj=xaJYT8Kx*F_8gJNQig)#)5#BtYf=%D?*aDp8=sDz#EN2wW5ovRI8$9mL0%;{< z3FjpxtYcU}z=N=IE^STKR@t3a{l@2F7*?zlW7Q&boiqZF{UiIEOz#qMI_(nSsShI} z%v&=c;7A(`(;vOHh}`3@O#XFH{aU;NsjlIRVLO!=bEugX1&gnP5=r0nr1iffn#bx~ z^}Ks=eWstLFHaMCF<3PH3(&p6*?>?XB4qW;4VHM`PyLL$?%|nPmG16~EWf*WvK;Qo z+;RxGrM5bJ{0d1QnCz`>?Hf*Bl5R#LzNwe?#|7v`6oh8mr%C67-M{S} z_MeR2z^zXKf~q->G8w%l&uT>G_W}C?z%tXa$p5Bhhkmn|RwokAPL9D=}3lV(hH@NSx@z7=Z28bES}?piP< ztCNB?o8n-KeC4}=cMLHl)TNp5}P(?>Jo{Z-2 z^(Kpu5qeuhVrr(qK8DwrN-ZgkUpW(gI%x8lwb8J#nVM8Huq|QEXh%dz&ElOd9|t9R75ba>6LD{}_%6_x zQNe9lhJRY`v@`j3|2%c-WLwRXvTUR*DRCih)PG2{yk0X4J~1aUkgOw0F}*Rc(FG+0 zW{R`hM($UV4HI%bEd*-FbI|0Z3?dNmBNy)p=90)UQDIRp`MweJ(Z35%O>p_q?RR^Li`Rju^L; z9_1u=MQ4cPE$_ujEl)0Go;4x*>N9yyDCe5Tc_Oq?QB%UgXNaVIe+O%)q%@Z>E7fh| zAY+i!N;RjnrYb>Z!%r)4SqKfqMm+h{?4GRY1j;&G zx_d@lseC6CKyWV@Rk%tC0Ac5oI=lM>(ibb;v=c5}w(-=h*R8R|Qv)|~2x{yF==5|j z1bpCZ&?#Krc%S%(@+c7Ct!KQ|!a7)+OKlmKhygSKMgPnimEbh2>FQyiq3lUI25~W=_7K*+x+^;*T1AVX1mN|0ajRxyuEww%rj#UCEyn;)Jx$R3O7$f0D+G| z7!TdWVz(6iuuC(r6JWpzE~0m{jt-Z_k;{^}17MN^+7A3Lzf~%i^b3}`ok}#*c3SFW zp#9p`qoJw8UD}f?qQX5~G6`Y&h{$WcAXT3BRDRZQJI=_VRcJDZ$Hq{XF7%9(Y;me5 z9*k(^#shdkqAS8*7J5yzE}rI!rcR`uIX<#1H!m~9RAHnBTAKt*rqh5)T zg}j*~$S%55d=+XNH{B8tL~Ymxx>r*URvXO+e|i@MGWo;fuqnUKl2OThlHFD)kkkF6 zz8X35Q+AqAl&{fp>_4yT1_~~BAA(U6uVF!iJ`Z?d0u*Y(S4Y#S=9a*~0JGvly8E_3 z(wP~bA)3M{c|w6&lN;HY-$9lY7iHtF6si$)MS8#iLG;Z7Jezp#od~PQk=2P`rgxU8 ziRqtI|5*Z)`xZVuYl(81VAW%r;B1A=d6AQF z6H5ME0U1M{>P(k3A|Xa@h}kpCRK7}szUEhS&wG#S4L`|YoNhkFv3irL{OT|~`s5Ay z^sTt;C5ZogaR5*r*%a+-&z8t`Hh4Q$r-zzSkovGCL1XwLWToKKCZTecpP-P__}|eR z@vCsO0_Ru`wBha^7w`L~bhCQ9_cRyk-2}|Hp8T*!+lpLrAM?VYIInykR2Tv%(rs#I z`e-F~o>Fp{O*ApG;BqXW0rW#ggMPlAQ3~yU#A^;ym6nwm0jhenb=?Cn1-Pg zo5d{fy04YE``dFCD_uY2Kdpy10w>->$Y0yC${`(^1*&7mDLOI#Hb!_NFB}};MFRse zGtBE8IUKmKYxC;s&Bl5^Tj@n>%E}dOPX!ht%_f5dHw=$V>ydQ0d;87K)A2ITGz9%- zA0k4qB%!5V0As|YMc5G7&+J7AT^p+X3Tfgf)5ts zBw>h zH~uVdNV7HPRqanqX<8G-Aof!~6NgCZI(BG@6T@!6BrFFLrAxT-gk!@9m3c}3S-;pk zsh!(nnvaA_B=ET(U~PKh+v@<3;ln&Eh?zq+oJ0OVn_rpXvB>o=K(K`hOLX6FW+p$b zh17zTlPDki$iw|<2nxqGSrMUlo*irpYhvbEu+szt0!$5amlBrg=a86_D3cf;RAgjv zM74vp`uMpC8P8mUdTJf{+suCjaS#0(JKu%w3RdDg`fDgXAXe(kA88u^{f~6$m|vYKw2CZ5U>APc_%&NWbm&Mzx1`8(bV?h`eNURJByiwTfE<5&)aV4lhW$R*5pAy6Gf$Ei}n{K7>uOdv<%mt32KrN;Rrc zw33eEfr1hwWp4lOIDC^c3hp1jkL{tcnDGB*QTy&?cI_UoJ>@AXsE{r2GHir7W@c_5 zJ>Xgj7n#xx8Wd=iQ+7WL*+r9SOx{h*HM!~Nq{AN@`Y#I1Y$91t<|@;0Hl2FY_{G{Y zb#~RY*=AxcM>d)cu#=N!sdKh0*2S*}s{USf=!BdKy!%n~b6MYiE<+*0h!jlEDz+o4 z6SuMCgy!AjTV0)hx_3oD5P7#okx={z_KziAbuhx2#F?fPb3|hn5KrPP>h~aAO9dv0 zQuQn}_`-cdDk^BM9Fnr_z}YXsxRis5kN{J!clxVd0g_c_){G(1stYVYB5ThSD^1xD zbR%%oFz)_78@~_^(a1ZJTmlF|fr|67LTUzc1x#Vs6zrEjb=b22003GwW6#L=IF2=J zh8hTIT8e&U2{SJM0Z;^bY4pRzK_CQ>CWoc3 zjA~!KT(8h7qNaffo0-+KADw1T{2x-W_q*DPg)bT6?|de#0jWBJ3}(9bR2UXvJ3dyg z>I6f7MysPdY^#I_ksu^n;vJq>OoKnfj|khaQLFe2;XxhMxrUZks@mtdv=?&H-)^onZ;; z-Ir7|khE-aPiAmuOV9+{(zB)Qx@QqJC1!eoS-6u$kQ@AKKzeOR-fHBI!U2Ub-39Cw zuFnb58ATl?BnecYB}*e$7t^a+&2Z~$H(|cKncEpQCns#FuYPtWq-O`M@9SDgqu6U7 z^VpoUk!IKj=dE`26~sZilWpac;;E!tIGjt&;{Lzjdk!JdK zX^#F!j)faKFU@W=mTVNW+ry2fuDLEtq>aO@mCr9xn5ws!l=Nz{7vZ+N-QinftEls* zIv$fwzZl69)XGzxeoZ|S=b_}8BgTuCld$-}J6eVfDfN^q8~_=!&sjSrNn489oz8by zcL-RU_cO~=$*mgIln^TTx9jOv7YX}JDuSk4hlM!msT*0`t;g|}6WE6ykSZmoMk%Uu z)vh~z{Zy5bnR9P@Dq^)GQz@^^7p}p@58fkWofAlEyY32{#|o|ed#-5{H{MlaXmYW` zpkS4f9Qz0lT@rSuyXWn8ILWu?QO(y!x33}MjeaNLB*)L&bDiln6Mr`adwdbZz?;gRqrOy#UAD2L$O zo#H`s#vO*AL+(Ics;PUZL|K3w%}1eM`;BW$jFy3>*#cj_2_g^|&5JDT@e2I*O_YXZ zK4>g_K@62|{Yl6S_~y*os7D3F4JjLy+H|%8LJH!C;!+w&Ry{Cd!#HM^>|5&Ulc-al z)rcJNxbD;V?!^Clya*0FPhf<~aJSjv?NGZZi~PIZ@N_U&(P;>g|1(XFIJM=r=DPko zj?maR802n@^mhgb+^bQtvh>Kglw}V6G3$U>b?g%%i8ZuT@tnY>4i9QrG~o!VH@bE> z>F_}!Mmf$Df68Pm;A%(2S(m6k(qY~;d2G_-5|kaI(=A1Ont+Gq?kx4?V&;Ab%*2sbKi_pYWm2FdI!g6Zy@Op$tT z5@8b4_l^FhWlBnO*L< zk`)XRa=~#DrkQG5eBGvY8b^2xXM%C+kl&xMeoo2*rk|^toZgO3OX=TErv2k3o%TQ9HL zTI;GzP%VHM7QigUe`1o?7#+nZ%u1>N7DQS$tOpR$);e!)iinx+i1T z_T2{A{2Vj}^-pTIDM;naS*1q`z4g&wFPdg-r;sKidyafX2z=||D+M=Fim&Y>rxGc= z%}nql?upptC-`-9)Ob$X=z80%VYq~S%B5btrJllPFa}07m&fIK#L#wppo;4dyU?Fu zEN7|NgtbshkZ3HEQhLksbJ$*6i=*+X7wW-uy*Zq+^T_g9*FaL13Nmpbj3EndI9-xO z<4Ub37sRx?yK-B&X#cD=laCL_GY5G|`I|qKjMV*Y0MvHdIpCJlgx?O$&DL z<2{Q!1*^Dj$-1%D-zUS%=9^cij=zN%_$=*J=~*4&{dzjpBY-gYxR<=F#_kouwYL3) zBPRw+$YnJQ>otCwaWGj}YthZuq~_%jku~H%c9+KLt#?6vup;OEp}}IAJ=izGEnbxa zjPS>guA2FNd^owW9vfEnyyOx-U;|4d6*F0?REi_+7shjEzqxA6?$(~}p*GBm(|5N| zN;Qd%&kC!VF2F@8mn60=Lm&3d3~PmY1@erw4qdtaUN8!bAZ3&<2B##N8&0RMR>WaV zLZ(r~0BhV>r(`I~Gb1)r;d1EI?l+oD>;{`O{N@eshG3dZN`yQd<|5dh?=-BTMCmX8 zDs-hONU}m<(i&8Lhp}sOcwfB$k00b^)%1K5EX1G7TF!pmXeZcF@`LtTcc8Zo;<-Jd z`=?Y*f_k)Ist_NKScowTGXPf$f7uIYrw3f|)w4s`Ls^D{v+6#{FUNB&(nD)jM0Bi&R ztCI}Q&j>}vl&GH zhs;77Od19+YQMcp}hTQpJANcmklFxaMU-xi^xs%K9sX)om9Nk_IEhlipqJ*}yK?Irv zvI1#Al`2C%ly_C|76b6*FvN zq50F^Evi785n|x$ZV6n=de^iZ{^)KDO~%hm!ATf%MKo%~h~q*QdKb5lw}AP&{$bw& z1;1cBRxM<@2hD&QKTkzfNspL$6);1h{H~Uj)#tk>fUEYc%xHR zemj}716PAwJ+#Ksg^5AAbf9KL!yl0lm089tm29qC{&QRrP&=_)>7zHJ389e$zF$A=I^wcjNG*_4w0he zcDI3AL=0>G&y&^Y1M8Xw)|l3>D8k_SF--k%2|}Hx(7P83`CsjR&#xSY;kpNsfI@po z+A`*$i%I5lUFPlBQck{oNXFZf-PC>heGL;*>dl=$_Z!#9$}k35QN4Y zAQjuuRDkR+4cBVM(ffZGTdG4?!;WXmuuD`R`;@vm`eUZ5opSMpMb6ChOkuGB5jHA^ z;foph^RA-O zUIf{mDCoVeiCg6OcB-Hr%OYci)fTr|R_UMYTlJJfVviBgCT>PN0*bV67e8&rUl+Id z?#TCxTA;ip(TaOv$QVQHfxZIbH^BVrt~PnBzH=%jbRGw?Couz5hu@jC7GGXpt-9 zu1ni1F-p9cM1a70+>88n6RFu^d?vqnQadJ2qfOJAU&@$-9tq*v5h-#0&kt}G^(FM- z*&$C*Krs6;4uWW3!Q{>C8t#T$6f{m*K7IDot@LyQ^1BX|pF2JeSd3!n+l>Dr>*&DP znqlj(^8ur>*b=>m{;%$|x zey)(*`QI09Z5)Fb=us$t9-r%0^}8wME$~5=)EVq$n2N8NIeMrGLT^)is?mU4^&!;l z4)W^`byL_CiwbX%XF&ELm{iDGb=Fz{2N@uxX&VQS3*$fXAp}s}?KX|zm)g1E=jTpR z-&2YARBEI(^xUswZYmPk&}T8;(t=+@6K3Dt}F+-5}t2p!j%g51PlH+K`}?LteoOK30N98K)e9W~Aw<)!+54G9i2! z63zL#lJlUE%rX=W)4-nmGQ$wk5pg4~dvAAXw&7oCa-H;=pTM&z&}w&SXWBKW!1#Yg zzPkwRjv^Z}r!6aeHNixz5oFpT)eaNBz3LY!KKVwYPYO7%QfSBrTQ^bB083szb(5eV z!Ie{Agu{!Nqj)uI&!s-A-B%a}-R4<--)Z}v=aFNNvS9wtoaxxd81S=LM{~n1!;RvetnkDSGGHuI*SVCBp(|>Z&<8n2&94 z59+sX#u)QRRGRM7`esA-&CS;Y+bPofz5g9{s#?2)63&yYx!S%Mi1mx7NRP}A6(c79 z@-(NcA3lZUSaV^>@YIex07idBIStipce~N_m2H9UWT;6q+{`Ok{n}{SdW6|5gtO8? z2|Uds@q)nsLsysgywUJtWO0Ex=u?&ddMj@aQz9R=O1Y?>;M{oX=i{mjBUSvlwhjZ| zLlGoE`v>D|LgPs4XUkabk|wlz@U`niQP-fOWv3M(-D`uC1Eys)=UQKMIznKR!7JaNk_H$nHd8 zN5VP!x@;E(^Ry*zd859%K$K=bYg9+HL5$DX{t&m2&Lxjd39`mg2>>y6RBn z8w1&L7a+{#fnfR0@SIEYPcnttGQ1(W0b_MzpWP??)bDcxFrM7=ZjB!Imyr)$RLS=Z z1mwiKLWYCxuyF2UvsR9=*;Pw`3}B$74=+hRPrLoJX@pAJ!6?3d%JfzT>g_kzy;;tA z(1`9_<$3%m0>cw@gHQ_nx5RnVs{NfL!1#$LXuOyIBLzez++ACe20*i)o$fRij%)>d zlmed@NKW0~<`>gvdCcPnnbc(rzkC4T39TZR&XQ6I)QpyvxFTIV=?_^ze{N>C`-!j_ zlsu(ON$eg`YDFpi`jXgUe_I1t(+gM*P|~cWB&qZ>+0X*S znS>x02*l6cjO*;4*{3&;*N4FJ!xu0h^$mf7)iTTpndJqsmSucvt+@P1Xzw1K9U4;a&s^L&>sI+h8Wg}sIuVRvoiuZ9?N}3pB+z%i(7+cA^CRX zjZH)NaO)k8MK*o3@@`;wqu?zA530^i$pkHPsy3S%mWIbOP9_=~o#<(fWN&C%b1{3? zS*6U0u8V?FRxge@l0NBdM=Nu_@x0I;(*=_>2cn zz?$zE4WAYbNE7EpFn+>unUxaJk;5=v)ALWllw>e9Fu8mUx&RzH6vo;lagan9B?Rxl z&F(8`+@spROJ#0WefmeFgQOiEAO{ZUpZWzkRqt+rTQge83l3MJZ z#sx=nF5L%6U55}ZdseA%333_dD)0%uP}@QQNW!FCW~K}^0P;rcTweUUSe{}X_p%23 z$1-jvI1y3x9Z)0>N?!Awm3y(h#VVr?Z{^xLU$FGpT?8fU9e)%)0v+)Xte0|DR zc4BhNM<}Y;ldRJ;9Qk@}On@k-MZNST4RNxsvEc01fjdB>6^@(C3l`b-+7HnkyYv?8 z3PTb3xJIjf3vng)Tc8u2fQf=ENJ9wZxKCqsRqY;95@QZaD?iInuz_r5fPeC|BkI1ak6*8}t)l{4 z%yf9gH{?fOWP1%R-zn?=9x5n;1ULWn^W!f8DVz?sgWk`7N0W0^&{`-gd&|f?);#%) zaq>PfMg%>eVFZQB00003@QdY^9bxvrdP_XUYp|^0D1^FdKg7_$-m*?#qv)`WtXy-F ztmUAUaYg&QR&LjS_^p78D~25tfn!aZ>c%%({)d`f3|q)F`6|M*`t9Br&)nP2ed|?+ zZJXt|9qQ_7XQUTfiSHkCaZqqbSB4aa?ltPrG%fWa9pO)^vVZ@hO`p&q!Z^JO!XBKA zhmFNFaE#?fR7Q-LV_9}qkE1<>ackO4(>=2SHc_oO3*DD!qsdlV);|ziuWGA%z~Us_ zZ8D>Zkqj)xdX6%ZRe-c{i#|tTBOClw+rd_Ml5uu^Bi^-(di=MaDf27X#BD{eIgc{x zaZxK+Ba0!y3d(c%XfiQm01)0|d;(3K4{W+iFjM(<-UF!s;^NrgR#BW!r4zZ47ufw5 z!QG}Yh1+#!@j-9X#E5e@+eDKXD(PZbW+pfKSpahd;b)@i=XfvMZi~gh)AD8tGHJj8 zS|KJ5;#D^|R?6g4Idt{zK7($umr0i~x6Zb%Y}^$9)AMo}z>1D)AZ~Y{Zgkut~!)5WA})>4^vR zEMA-m*{kBl-lgAw!flyuJ@fZx%JD*Lo6onPo>iLavhIa_J9=!sB3NHhhb~N{d1CGd zo$#vv44#L&1<|C&)u4b2;Q<1Wxd|o=<(-(AB~W&8G_(e(JlJLqu-=uEb++CrHQO-I z)xnCJrK)d z`(NgOhp8IA9JHa+Zk+2%ecDFuG&j1GAN`)Y!^%Rp0$(7TqyHhIO$-uAA?k`rCNEuj zoQE!-{wP)dhEXoM0fY+_0PZ)rKXSX)sFI4ORijKC#DV$0U*taFo-MRPgi_-fx!QM_ zutn!vHJ&ZtxGD^L`cjp!uq6;TVG!C9V1ZwNW4pKOkOGoIOIXOgqcyEgBAn4RS$DMX z-O%My4`I);3r=`G2l0E&5fOHfh14pntiw+W_`~E$?7)4jkUs9Y?&K2)w&$q1IdRpF zIEc_rX%NV0)%q!^J+VV^Q-4(VQejKd~2E0QJumjl?3;f-*{Eh7GTo}cE%Ya zmFL3;C~N?E-H|&K1PXd5Z=ey$};d`^XaS>@6SveRO_xna8!lYU+xRxO4mHD@GmjD!_w3_5$rgE0a>dUE2ibuo*q#04yoA12}0ps9U7chS;y6$+ACY8MJ3N~3V zupCrZI>S=!C?pNivLgHQDdik(5c{pF*3mS{SWjhV=_uK7Jt;&Gns=*@Q01err>Gly zw*o^vAY@;&5Ib0cbZvfxtYEbI80D#%&;Q$1dTCsy;-M7dMD@tv;ZHv2_naqbS#J%| zVKOwb2BJv$^`Eqgl>WH}SwJzsagy{C&QI=dgV%Ak50cv&vUiZKI#6ltJpXsdm8pCf z&>F@d!sue|m7!w*jN#VH@w=J^Vp)U>J=ycy+Yr?vE9uT}k3-T zKqQwJXgU0KASKx}NQCCJjjqwGKfX8>RZ`3QFwqbZ$JqG%h|WL8dN*1_2lfLt%oyr5 zf6g(lbb?+1>2_F=Xrk%6tb49RbpBudX0@p#BeW>JV+d`#Pa|VCrsWqKhwIg@SmK7Q z{SOfE`?A7Vv)8J{lXhlhiN7GZ+h0GXErc_XEMHvldz8;*u0RQ3uDE?eK=*vi+%Wih z&)L7Wv_L`x$PDWG!)o{p2q9vc@~9x@0>3G6h!rd?lTdRY`9B~$K_=(kh$I*7c?sF- z>gD(~~3;|LlVqPSG7 zE@kd?2E>+^Od=(wWa((VunG^4IuVI1X%t}q3*v#>4I9tRh0I#LhWtdM$F%^GsGiV@ zq2W`Zp@)`SIgt4R#Eg+I;p7l55T-djEa}9ptLV`c=6vFY0x4lP_zIY6X%>8wMT?^S zlLm?24wo2U)frUMnX88Ybff+lQROVgfb+4$WQb3?46f)$T?7}{tYI8}KP%QNrue<| z1Y`SGoO|m=)%5ICh4<^F#iNx=p>ukeNWz@JV4n97enrFTK^DUKori^cO90nHo^73& zwyApKv&Gxq6uOl??h`_|qBDjqQmFRQXqNzmnK1GpHcm|*3+U##GJNae{E8Ob5<-Q* zX7FrN+!IT}*iso3Qk^&h-k+#U@dSbnT^d=7_S{W-=h15hT@0}Np(1?vD;C_xsSm5#l17){kfiE7AR z@fTpYv}{)q;ATIK2<(P((*u7t&l{w+(q*@w^C1zNJLCmdwRo9tN+33~2X`c={0}}m zGeDO0A}6&`Eugfynki*(y9bdC*twnjzarF5NVn)bCwe7GmxPtIAAoc7SVeb8!W|78 zw%>wEM1Hdd5u-S2G$^seHxSvIz?I46Y_@naCW$Q0sj)ta;bac7=Vq5;D$US?GO0;v z6`3&?udFRc@S#)cP&Aon*}gY;YGvp}i5jPmFYn2p3=3ZtF>+pjaWYg*h-eJmQw6g> z-;3>1ve|wi?7r`m? zNqSUl0*={6>fvY>4Ta2<@#D7=lEVb}Kr>wx{=w8l#>gAIO=@-!XRz|{aDea97WEEJ zUlnoLc|nSVb%_fF&_8KRME$ji<{{sD>C1}q|8zW0{{n(48Ml=98-|wt2y*GZm*z^1*@Gb8^t!0zI|FZkh$0OQ_H!qz>dTgc$I+K4IiVQtA~fW22c@jZZ4(x3n z(x@lJPW7PT0o#D83;uV;<}Cno5twRNMj7k=1li4nFZkW3Jm%y{M#rtEhfqqUt*0n6 znj?}q9zN&$YKv2w(oF?PGQy!xe!I#_FBX(!e3{R9OINcrMOB0Se`d?_C3tdSluC%a zAT~M$?5O_;*9@jl13s1b!(aRjiKW>3E^3AAeyejo{7^GDO8jbTtAJhYVht?%i_Iu8 z;2TL1RPp)zBvEce{oePi(dI8y&3uk!23m8P3tCULQ;UQv-o)B&3P_c9NKXVjCe9@N8@Dkz~I4o;^ zqg11v<8r=!x{mzR+yaIZ#9EH> zmIArDhG07Z(;*Wvw^mz%At+Wv+03@@Hvw+(?;`U&%ROt_Q2k7Qy;%l2D9Dse9b*~2*5W05_TXH7ka!TqmNmZcU%IlaxW;dS;w(}NC=(;d|% zhbYi;baUl|3RSQ}77-W--P)HH8@*2}Uk;^J6UQjN{0Kh}#7ELFu>SdC6KtY4)Oc_Y zc!Y97q?jD+?+~;Vq_GAGLVjV6?Z%GJE>Qa&K@t;3+>r_15)J4nOa7GWbe|imIW`s zm@#~w_#8Rd>Y!^~sq1VQKP<3e>|aBVbs!B?B)vjfw)V#np~+?Jt;g7Z*_)>fLf6{5 z35wqX%%)bWKokQ=)%Kt-H39s*Rnfrb1I_id`h3))kJTZDzQ+f-!XYx#3J=X7iG8tAh z=Et8@%F!hZV-J{$ez#(P)1}{Fw-1LR8xFIT3fqO~yZZf+x+(`4r#g~pK%a&FFjQjZHg-}`-{5hYln($J)% zCQnqOrG&!GUW#_60IfVPopzCx-)N{}>2eui@Y1nJVVMI#^KM07A2yugn6nn>rJ>d8ht;vr!aw%P89^O_d3 zZn)*Gn50SoGx2PAt3GeM4fG0|m!vjGKfl;^&m18qe?h-9;)ZG1p9aWX$6aXa%BM^H z-Rof;O<$7KS3fS4sYsU)-&S%+Yc%6xsdw7A;${(lr|vOsJl#k=uh~VGHzBhJzuf0R)8#9I5(a2zlJ7?I2bHqcp#RIetP6hbS_5^N>_7U**8uC4&K}ZYC z&gpd`f_OBJ_DSdIpQF9U{4Ow)E(St_bJ?lGH$(;*)x+`178p+G1?%S>652}7ON*8p z6kpDAw>*e*t8c(o3R!rY-&uVK88*LhlzIq1UH%LhCw62S5n#t7VSk)q}f)j!@ndz)!Z zo6-i>6HLCBFlfM4W!bhaj%L{B)octv_(Wi0spvxz!@zKs=$1kW&FLEH!~RXz*|B7j zG$DT%1IVueqoL)XDN>%61IouyB%(YQfV`Kn^uzFD1qVRkP);gkdbUWB8UO_V~!@@yA{5Z!s~+*)g#T`c}=EnEyW zo?@fKVW&Dc!?8ViGu4Us2o3K@!0p!Yol`%4flTG5x_mYj;RR8F@E^s{6%7`1iN;v# zF%xBbBQ}jcO2M$=)|ggIeOx+S?yfB!7I`rd={Ry{gh|EKTR(*OnCyXS274iS&)>ON zgXaFsaydkkcvJfKxVl~ux=89O?Gpo%iVsR#yzllQ%mcT#wO-dSO=q83MtRl%PxH%u8se&k+7@A+PdC>ovb9oXdZ;sTLx%U^#yK9DlTX__#Nds!fI9_a=I)sS2zldCt)Pv2W~~48{CD8 zfvu1Xl>HKCsJPu0=MM%qEUzEd0(yWfMZyq-&j}ux^Toa^Pn`RCkVi})7hFY08!`)g z(;Xb~7G~&=ZBPlK22=ip7cg&1SjA1{kcjQDyoS}9-Qb7&8@_TTl4+)0)F!zENs5|j zEH&u1{g5EYPq(@&K@ty7{Pb z`A8rM>6miLZZ(T7XN4p@A!tm=$YWKPy=R6C=Q{hQJZE)_(}2f&x7U59R7dc90*oKD zKjH>M)dnXQrLB{`Lp_PvDP6soNhtRaZ2iD<7lxhpoUCY`2{;MrgukzHgR3c*x3KO| z|G^jt_QSAt&JLoqXZT2NHRYj$@S)QsKF>^@>{*hF4kphRa}Qab)PW2O z24APuHmUS$B8o0u=+_K#(Ti#?D;7n+W_ zEuQ7o!`g1Kg{xh(J5tDnSBMlh&If3OwYegY@qO~Ojwen1JF$1nv(Uz;`x3aFWDALN z%cyZ>VOGJs1Bx^3+&38Ej4vpW<0Pv#n?4UB7h-VX)BU+gqj0^Bx`26*{sbaFN3b4FpdY2S!|#BC$EqIaiSBxu-)k>e+pbgj72qtf`&LN_4!7VEv_PhmR+M#wNqRmau5BlQ3eDQhg~ zVLxWu!*lM7T|y%xdaNVq*^D-QzS1^)KAL7@S`Xt!xB`p6X(RiOKU)3TkcDUrnm^TK zBK9ES+&c(Qv4I8%mAVP4G~Rf?8&7@SZ@wle|0c&aWNcPF;H-bG3?VtEg62>~3HKpC z?PikvE;#2>W33>fuRzlPKnM?ULJ9|S87BNq@JdCk-QF3COy3jpRS?15jA%$&t}N0< z4hCd`2~*XEKE|+P5IY5*%EX7TNAq5u2?K@BWB@1qq_bDWl$7ySgmw;DtQS*21p9`O zA2B|Lx}{iBgs5^c5RGDXGzkQ=4Rkz-8XA2mu0e-wzm%wg8BWW?UeFZ>FoEqXs5UHj ztJGr}A245k9#S!qqPqfgZ_<=l&}2t}BZ*(HJB@KV?J~d^5i)#Z@V*&&TzdM@e4UD| zxib!6VRFEHvMBFuhH4WP>*mtxuAV@BJAQV~p;bk1;ZRXsi-OEw6c>N6WHA5%X$*nM z3;T167y5}=0HqWd1jYWP|GuH>I6;R;u3TEc0JBP0Fd15GAX)qQP(*88pGP!}{rimrkhK8|tdg%cV zr_jJfOk|uT(u**q@l4Jy*M+dp>e%m{dUaC(kemXrGi=cnG+e&?koWnRj9w>aanb1x z+=Wy^w+pxPWeU#w$1?=Ol29NjMw$Wuo;7;;3)S`~dnUa)S{ZMgR|`l345LI5i?Bgu zZVr)$3wY_81i3<;RXO?bEjPX77$-=v>wUTePz-burmU;G;0|7qv5`_+wxVy(A(xos~9;JeEGtQ!c$qXdCDu^v0k1YnX^SG}Wut^2OURJ?WnCg`+DYz9PK zEWv;$jFj@Vll#Eu;%fqkNJZfIwu?-3NUr>dL3(ID~yF`OK(_qe(GL zyb+illZoIOg~AoEmhM6gel2b>WR8C zj(Djr8#4M;7avULd+CKYe@s-5SeTe6bHhT%Qw(k2*nPSSx!2>lfcGZM4Tkd-P5`25 zua^bosd!qoNdZyjk&Zb}Tc+fR!xVOc)V<_A-cUwQLwW0V7-!ljvk;$Vr17b8T<>;j z2C0zNM#cz+bYmU#++yXD!A7pF7DTmjq$mc+h-v0jVyLv=L+MW6-X!Sc*|3A#7k3L) zcf+wAJbuuKoAKT(7ns^<#8#C-_Zh)Fv3mF8p#G%Jtqgrl>r#U8F_r5}jYzO*uL&*j zeO#&Q;&1=PilJ*tCPs;^EK)@&cMS7OiuHZ3(#d0(@r)uf>A6zl<4s&XB8~lUoc(|D zV$skbLW=$czKSep)bY!BffKwWP6Z1Pb3jO?S;L5s>^&@modir1$u9k!ju)BJyG{Af z6xS%ORT$ReXKBu3K*oO2#g0<73`2EWrI00$7ewWZHjM<=2olS3L6Ma>TujUk)VwvH zhLRX)tzg(T_7CIHr*YP$k_^t4wG3R48&F6c4Skc*+t;`MmK`ti#w_$6S_4S~N2wLo zUo!I{C!h$$9^Vw#EJg)2eYKYGFZvR{6+~Fs5){S<_OXvq*SGU;k$|W%`_I%iYc__t zYWRtYOVdIx)Ey@NP?W16Q!?{pdeh05vdY9fx@hc#A9H6*8?5Sk_FJ^yDN~j?rglew z9$hYE@Qvm?#1QIscwJNH@LKopfwl?(DoC3LDtndX4s=}8I(m%V&L)yE4o(sA zMDvacM!WH39Y+S&;(+Hpg{T9oEA9ziAFHw>pCpPfb-vC}5L@pX*uPs9FLsVn8y{&z zmdl^|KdtrN^ClhS_~IOBTUm%3PCHX9D6B2@wUPoF$yW5%mx{sKxbH#eK%ZSvWu}K?#>OA^ml6OtK*zsIJ$09qH7%v`a0VZ$Xjrqj>oe~&-pG8g` zKQIKjM^;orPh~h!B*d4QQld=7713gbUSiFoTb13o|Q zEr@u0OYoTO4q@s!T8JV>ALXI7kNky|le3HWoNa>ohgf~^MgeKeQL#go_}vmP6Q!N~ z)QFBL7XzBaIEc_gM6if03I)p3HiE|odl!T|#-q!SM81M}>O#M2kuNi+Cv5cFuXF^M z2kZqyGR*AtbQv0$^WI>H0jy*Vv(09katd!9q%}R*+Us-w;|qjp-CckYZaa>;==2II zoSfNrlnJ6AYV&S-Jdv%*L&N8F86EP~*0oevUuD%(J7RIvaYKrPsIxrvsQ80oJm?9q zVqY&t&?9ZrsE+ItKJ0S4^#&cgEse^iB|+cuiedp%xMCO`Y;g8APSjO@%97(;rmRPm zv|9z52s&?K2?m--WT~r?daX zMquRi^?P%LLeJ4X3u4fY0(*HjtaDd~Qc3|g2l&Wf53Xc@Y>(lcP+mE5r$@dR*Cu*7 zhuNMKfYCnFPcCnvH)c0fFEhdlm6%}o&+Q%tv{Svw*92E8y8Q-Yd`8V*qz=A~|6BQ^ z2W6stD)*XdgOC@#1Rm7|*$&e5?YtP^8x;RbHkPGehtN`LOo*HB70g{&&>8X%ogCtp z@0ehx@o(Sy=8*bm(2tUt4jGoT%|tyriCH^cEd$7!eqH2S!!HCB2od*Z?|Et^Uk8Mo zrZu6T-wlX@iG$g4SG0bKWE92)`{!!+Y461N#Tmz(bsW8B#wd9-A)u<6vXIhATLemw z0e+uk2zl8&IJbsc{INQ7_Zz4{fQ!dv4K|Oa>$pkUv-9Um(Oyha_qs_GOLq#v<*Ymo zEHl#4+50qf!oA$BYrD1_;xS)b)7Ks@6cp%;7KY2K0D1kXpn{f_I^c?rU9V`r^#Ocg zO#>YEuwD_Qp#qqluz?gLox#TM%jy1uuwi`U%;(r=7aUF7L zh+9d_V<$sQI%B*m502Uo^OXBKY?Zw`^~%QwI(Sg)_0Ar%5<42&i1%Yt$%4x&2i2S< zQSB!pt4MH=j!Ee0T|)otvyKztR#W0Jy>4Fx1~lNCmpo10q8tHqE?7;dRRf#wMBYMu zE{A=s;X>Qr8~Hd*;AD1M>P+&)+hi87US=Wag1@`LC8$sU5c^;}*s1%|qes7aXvO=> z@`XZ5fc#&_LODWV`~^N64L)5IXjK3Vbt&PA2{H@|@|Q(8)=b<%qEE1I6L^2LWVE;i z@oBmx`5*)YasUu)*f(iBoJtb3Vj(x;i2Vl7Jo2a9jhj@EHMph4T`H##P+<-epU!0r zxH73^y{3=$~`2rZXH_k5r}OD`QI6HJZf+fa+Ht`HKE4Z z$04$M{VB7rkrLjPVI;=ye%qdV-#R(U-+Ti^o}$weP>1s#4M0cR82{Unx~TCdat_lK z;%zUbO!J5jik*j4{_E<;0oPUYN4>@@R}|!nJ}-xF7{bW`yu?Q)(UVlhC(ze0fxhf7 zfWfb9!Zoc&_1K%jeANxmdV0vbq5^NP>W*QLar+upG~Mr@9SPIM1^f_h!oZ7Q>6p*f zNYH*5i9?yXbBMytj%tWasOUqX2P=z`(=xpjarS^RG6M6 zi$WsbP9irq8vt;tl{tmASrzKfQDUuy$gTZ`Ukum9N8y!+$d}H%JA2DR8f$MeH}Od^ z8ojOSc%BHScs*r>-H_jpH_L4bcN(be4dyL-cHM`gNL}aR%NPuSGq2gu`i|2BqNrH| zSdg$X?JFsc^}C#SHWgmu?DxQpzp*P!`_tD&5t15{d3N4-_p>gQvS%MD^k1_#eOS~j z|4j{8gPMJedJcUh}h>T>NLL;&ddc2We?O1Mhii%21ma1r;y6xD;|)J({AFqlaVKu1$Yho3DEsZZ=sAcLojA&vNWY^nY4^z}YieMHp1Dp)P`3 zI;o|ug8oH}gB^)1fPPKbz$IY5aXTYuU*V0-GF&*c?dtt9qr_L;Yp1FB2kA?StPwNU zoaR^UuIuT`_)wll&+mF92ghHZLN9oDxZ% z7rxHonXr9Q+-FpsUUsT* zS==d($ZFfo^Zr2gnNrs3Q9s8j$8bG|?==!L%FST8Hf>tB7?u%pDz4~uqYz;WG3+sx zo1e=@f%d{sdfEut6M1VV@RnfDP5;3gS7vSlYnIVA{cg`GeijrJW}PCey?fqlS1gHX zhtLfj`6lXej$f{f(;`Gm(<*g)Ih@Wl=s-DmMzs1l<&-GZ=+#IXq|ODjuAoY0!^7q= z%t9JQOE$!&jvpf)j5ML@UqrDyOg1c+osV*R*rWFbH+WZgBU$<1KGK1~LQ>^^6#|{Q z1xf(ce@pKPuH2J#dVrI3+6cv!CH$ORKcTvl8uZ6Iz2|PLSw)|L98W-6kzXuNB?87B zjR^7PN2f*BId0#=nvVA8dDCNJfOct1oYkBE$cB(EVbxG#2_5PzjQbL{ey=hzUT>({}k(#9JVht$6m-8Awv&s#*hE!)W;_)ucTf)ZrU-Uv2rhf5Td z5203;Z09eJ)JT$wZk2T_mWn5wa8i4R4xxT*UtDF<5N7(3dtI}|iW|72Cwegqxc?ea z6Bq;2;4#a^f45jw@2xW}Kx&tNo!IOWW&DTYI8eyb(UNWGmrl3O7V7trIJN z^4v=G+YJ!D0Rf#h!(lIYAnWL)P#SDsLrBD)MqDoyo|}VVSlCpm5gK?O@igOw8!(q{u&n)W)Ul|NZ2jb1iIt8=u`t!Z(Y>9g)<#t@q5DT*xHjqS~JB(0{# zxYgO?DHejdka4K49o(r9mFbvR!``^ePfIePo%+XyW;_7ZLy1Eei<8`*yT4xilJ?i{ z$i`@O?d0;h=1D%9E3YGF_0 zrXQ9hM=%C0A^R!a(GEo4XnzL}_)xzKlSt^x;6{z|d8>)`sQ`8}tK<S4vgoWqVP5|$Z3KjmTlK1y#| zET=nZ!`jaCc25EDAJms#Ya_@j8h#pz;nN8b3~|%ts|Z$^TEiAnSirPbrX8Gkf7a>Z zN#r@!KPTBbbd%E|uYf2&w>F{7fy8L3GfZgsAJ9ce$DJ!#$_mF=_hIUs~Wj3Wk!xY;4{ zhZX?``ci34$mhe4t zzG>zIZ_tyTB11q%xWfv%9Uhp zUA~|cLt1HZXgls9$u>42OUv-WL7^T9&N;@8uTEhaN3c-OjvU#lV!iji7e#`AK}0-8 zBq@^NcXqAG5uxNxOf4YhlR06*K)0HMnDKVGi|@l90@dHINXk#{ zUeYLr1|PTvP&8W%F^nyze$WMLIgFa%{wj`Kyc{|tslI5?Wt|nm0(MQBWvAAuXM0I( z;ZO?9n3?#E!V&Y$7!7Y~KH_;uDgC=3FUX;WFoh}M43|q3{Pq)bsWvD-WT8R+v!{ns z;#X6x3uLZN5|UptknfkRwL{n5)eY%I&=G15nMcEuVWKaQRt*iZ0xZpe1aPJ78fhckek z9zG4PdSFT9ZZl_%BfjXNs-Ygs7=KE>zPc$-CE{;4%0F;pv-%r3qbPc@~^X zMD8MqiRjnXZx0m~W}}-jl}HDY_7QaxWh6prt)N{Ct>)(_o(36KK>(=g|A*BDW0g|% z2)u0&0&v4&FHgycaw3~wuPLfoRUEQn(RQ`dI;|Y@E_J0Quo5p|H~USn$y%V}y?y1g z)8O+GIjG(HQIRcQ-eRxS+?d(P`it(i+Z#RTg|1{6BvQ(6`A=XLQDG~%QpQ@uG8|FS z86y%|byQlU$R8h;7Te zM7zMb@g_}Dk!Y&tLVZS4@Egccw(S~YGNhJk0uBj#_YB%_rdN+U?cwEzuCsyVOViGZA7~s6mlmHR{HROZrvb z&OZ-TWE}<~sQ6&q#wCJ?7@{URdVtxRzUQ_K2Wl3eqF>n7V4llk|Agz|<50GH4Vt0( zCAH8C)VQ8wOrO^x>oH2MbWvxPl<$p!q}Dwg7Ki{uJT$I9i^&Nz-)^F7_`U4((0kg1v~n-86!ln; zL&!?sR+Up~Ug+}xjJ;dl!QUjN0iy{!Zg>u+DqIk|g)bi?hY5!}RjmNRHhr?)7A}CR z!VYwehmz8*2CI&MB%e(NH-W_6tMZH$(y1gpDOgNCzrt-pe$xBcj?Rw;=y-R(Ifz~) zjKGSwvZK4zDbA4NuLI&wg4RSjkzOB>4GjF+9oU?|>6{{*x)UnS79>{JKe>>?xj73W zp*eW0*=}0&PaMPwlmz261ZpAKNNm?`p0KJf#EMj6h-bv&P{Sl|-XZawpXb9xay_G_ zhE06t@U}q8xRc}H8uO1+8tu5d)T5M6&l&Pjp!4|@xo$K-#wT;=0z8?8_kLjq1TQrA zBg)$@1d!RGC8f<4@^6)rLqi60$31G1(_@4_K_`M)jhFAYlV+%hg_Z~}Xw68J-i@s_=g zi7bP-RSx(+tERVvdqWW7GmCWOoXp&$xn}*meVKD{YlcOZB z50k3A+Byh<37SL9h-=jb2XQzUQl zaRb3*1=`ThOppl1cVs}H=%O)_sal_P-+=<+{_SJn)H9!K99Z1+Q^XCwem!-QPBN&N zaL|yJJ*R*Juf7_Ex3sY}bilSdUu;eP%2P((in*Lf`?`hIvmPr*mSNQuC&?@`4TZBFD->Xk+K#u1=rlkiu2G+{80k|^U zO~f96g(VD9KnXe;7AN4iY?0hJmovyqonRN4G-N5V-#|?m}KKQDc)Q>%nZJCE|M_H4HpxM zHpJwTbr!}*ikVGHMRUCBdg-O>3f=Vjb5r2$gNo3J6XXOA`(=Tk{%=!}!6G;)AcStp zg7);*KUOA0cR~lPo`Lf|a1sgLwe=#Vye$U)#8Zb18}ubWgj<>iuCeT5WrjiUkc*u{ zu+)*cr0w%H#;_#Ed=?f0!a>qt*Bd`LSypqJrTosfWt`}7EtV|WV_h(9l^gvs-kGI; zABaK(aPjou-Qr=ZAL-q0_|1~vq=@=}xJhx(8$NbVqDb(#3utvk#ut~x3HRi+6?N*9 z0TU@5>F_Lu{^k7kn~7bL3aL}V@Z9Tne5x%3A*w{ynWOAJ_SurAL0v+xw~+NA_G#!` zEG1*OSZ$RKJE-w)E~iqKuKM=rO?U-NsArJb2;P#$$1g$1-cN>JD!bp1aW*^p1E<@FlG-rJn_J;f_8f*Qu8lm)|Q;?&?@l=%yPle@W%Y(!`z z609|Qb6L)x0N4KZ*A=Z9JJ@o@Do7xesC(D;?WCBUB>b)AG1c|e4#CcGz-HX6xcges z{WP+pG3cm9Pb|rvSdL=?`LNE)`S#pV3^uhfTHxg`0V#C~xh#0oBgm95CGf!@rUp`| zr;rSjfTNYayLN}dHt#!Z>fG9NtYhCO8dTii#EK%CCa4$Qiw>N-lr#X^vj$$9ks%WJEO9a^8JHev=whu-l#uv-26p+wI*cdj#!MD;zS z0rLXfy^~E*do&#Je~K;FEGV+3)!qOsc`eFL--wM2?n$ny}$ zo*l+H;y+JT3Bk!Ka`chPSSPtX(C4T)?sApefqXHp0gnk)F_i7@TRSJgNwX_6-w2uZ z6!JcwwPbkLdfu0_wb z?bI~P84|lrb{3WvAf|Eon^CH$6J=+o*D098<G2tiq? zUQ)H5fFpXjiT*waWeR6RBWGecpx|7_-#XgeDk0xqJBcodl$AXuxDFvqx*uzQd-O%Q z*#Mm}Ch#WFabiy?4yU_O4RDyOdDn_a_Rv)SNko3-HzM44x45@%B^wmZcIbJ8eqrAa&l?hv9FRQ1U4HC zAU|TQZ8M-M7Phjiq!zI%mbf@h!+A@nXb!=Fx)A5M)70Vn`a#G6X5`0%w@2EIz^y#% zI?AQ2-_uzIhM;|Q-8KH3gQFJ9z!e(ob9NUn4%|DjHcW7EFKZJGMScruN-M4n%(r zt_tMNkrMXFsAC(%G$cr5&zdO=I{O23Gk@?#x$IgL-leV+2w`09`eM9ua#8ZhtTRQi zaD>Nb`?HmiAdEbqh;{Hi`fjY;zwxXNc$?dThcim>rS!|0S5BSi0Uoqvu@+Ju(0k52 zi1IPv3AyNCU*9!2%`C81Ht}RTr1-BiC|H%QXbwi8PN9(v^f~{-tpVf6=9Ro<0>GFW zU7ZO3otZ>aZ`3Q$f1E+w%*_}Rt_*URp#Ct=cv&iU?`~h6dv0x0(!$_l;J~X_;(Bd& z_#NrKGa2Bw#p_F4+SXRCEzkJ&(&rX&JKOMnfWy;3i~*lS>^e9G$6!FAQ|`~+&ve|f z1r>iQe-^ikj9DzksXc_6iOk|-ukHeBC8}Rh_3gaclHc~*d3VmIuWuYOI$K==7D&T8)@uv(_t`V_G*Er zswI{nEI*t^SrdXI;W+TuqWFlpLRQ;crTxPE+xF(W36d^qZP{&`(4;tWqRrckL+M%K zUS<%X?8w|i{8|~`p7#&sQ2WptFKAjP*_5;UkRDt~}@L>mI}r}F zPI>+mlyxC9+tc3LtQk@zykm|I=WxZ77u2AVbUfkmZ0P3hNE7)HAbm+JExlN8{kg?3 z@vA;};c>PuZEOxnW@o|q@6JE4nW>TP_Zg?v*0qfHUOD2BLM6?}ROjxn5`OZr&VvO~)F8LM zAt@(2x&++v7*)Wh&K$PUbf|PwZZ(!$qn2lTkhdIQ%3;c!uOZgJK{F#~;9X2jLrhMr z0K6*r&oDK8TCZEGSoXY!E1JwZL8ft3nJQdz`SaST+7nhM)(ppBC!MKb)o~sFS4%Fd zzPwqt-#Dm);Nz+wX+7UX7I%LgpDf~m@7$FTGVHPUSIm>0PjrgotBK?j2t>5imC4nI zf1>}xy{EerG~BR7f)#QS z<$5H_#xM`Jc`f+h`X!xZq^Gpsujh4pfM53*WLn6KzNSnHwdS$C2ZCy9t@Y%P2)YV` zP=Uv7h|$V7SgfI#X~FP(Yi$}{9pzo7&fxwEZ6>fq=wP*5N!9#tbAY$M70O3cFYRC6 z!{$w45)4s#t%Sat=?79S*ciydN`@GxybE>@upXhSe;b6+nXCp(JkD`B2R&SK3MZfE z#K-m+{Vm(6hja@?s&8Ms4VY|+7pla)HWvEC2tM>Hy3Tw31bu{;%^NN?v8`eFyc(uc zrFxl=3GR!4vtc@%$Y=%hJW_cex6km|pV59ZQ#k$o>2IZQ{~N7V49h%&(kaD*IZOdi z=6?V2xHX_7b5bpLcWjGUIii+dJIS!eRYdz9Ht~asGtFw4t+>y`coS+wql_zR+M_XG zq<-VF*mywpZL*6DNFWr+A+MS|rdHIS&f5%xMuS6UO0>~XMTGxXOq#p?Di`QgNB-~S z@fJk!KwnqCI*S?zDJ={96KR)KU9s@fzI|owdcK`ZZj5wCTlfv&&i%+clJ@0;VI|La zz^K<)@ z*58kLpARAlg++z*f7qw2)Ce0){n(?RFtytX{z-Xw6#{*VSQ=G~!TSM?s77&{dd~EK z3?czoNEW^|h8QKhlrjmx6wq!}+sl#qYqYYRcOW!lkr=V!TR6 zZ>I{f`SisNxwou^Q+i@TP0bL|&0K4$P^UEZq=+Oss|uq@93IxS(Dnv=6T^}o{8Gl< z5N(^LHERI1yk2ix;MtOmi;*SUxR#<$2Vu_q040VLS018DIRcN>z<)p}X8R;oUZ*aJ zp#4BUhySCA5x9&#AxNpo*jF=>QJvbeuli%3$&eQzF^TmT)elRu}y6}UKNr1YjnWiopuJ%Oa*flS5 zq7PCovtlsc8Qav(*N&12AS%70a$y7s9-{6OwV$>wI#kqsdnZ2Wz7qllS7*)PdjA`x z5nk&x>uajWsNKCvQ}Aba^ohR%+;xCTu>1Znq^!&kxJ?j^3nW(RUpkwFC#^keOt(o& zBA93n-(1$P6LIlJLS20ZCK?qr?<(N9DuA6BdKr3XO0;vP1&zu(EKDlpyWrJx{FB*!2Nn?E|^gYNk~`jY3SSRAJB2}r{M=bag{tbBBsBAASR-dTd6#7B3d0A zk#+_YUohlQ@iiRGn;qm+vR6Y~Ag<7VJHqi|13bu?e}<_)(oN4uvA^jlvbP8J$C&d$ z#hyes+YU*HfJEy+$;I${Q~?u701my<=;`7vH~V^@fNwkD1IJ}K0|ouMaDA5)V>NXX z2n$LfFiw}x1`aW>RJt1W)%oDWY#VjT z$KgW#*(k8$Q^G>az)XbZ3#;t5{7UTtd}Abb5XRSnpSL<1sZ7{crV4h0k(d)WWdD-8 zs7a5Nz6Q{e(`Tn9Gsl9Sp9*oAqxOP-Yrq2Rdic~)7Rj4L5XFoU_YFIYSP84*`*oU^daE#?OIU?&#+8@txDPwcR<0qg8| z!Hdp`<|&%7oqXZVGQ%m%&O_=#eD%0t4H(p^rxLWYsH=obrADyD1_n&s=dn~64(R`k z(s(iT<~DbBxrx_vu!;;~PTsJ%JZh0oX6r|PvgQvD=3+W@nXhp!Ly6NccKUr<#l;Ys zzq`luijtYP(nT>rHLg?xiAOVzh4n2S0N*%SNzB???kY*Qp7jRz+p^VeFWB%4AfgLj zy79%U^$3T3Cf<;(UEsw-!*gZIH(g!`C_C>FGvM!q@mBJ?2o+o@D?Cyf4XK{-Z^fR8 zUki(`DO9hb=W9p>uDVFSss$|{z?Rfn;DWe20m6F+c>~+i{!$CABZbrN$iFeH%~zN5 z$gsPGa#(%Bj8uGegDc7&;vVnzSO-7&vbqb!{R7T+)SOdNbJkD$)e)`8%frEfXpdg> zZbb{;_zjV)>HLLmr)OIg6Pg;_PGyfxcF2#BK~-MwS6;=1;YXZQvg(4nkTEXt_EDY- z#j!-<#bI&J0|bwsHIK_~T~o^LTff#9BwQP~u=xfGcrDs714P8*QX@ER7AcR)Cdf@( z>!VvK>iUH*6DdOTcQK}1CYrdGL+5lfZKNde2(}yY02pR^s2A_=JT!Ks>!=B{sG5v~ zb8GLis8^*->c4M4$nZP|DOq4`+0l1PF+hWErJ}m)9Tyw*ln5Jw)f^g=Pz7w8PPg6`m`iN#!fhe z`ba-%Q01f0n^AYut4|(nxwzFh4iYalps%g!%y3ri{G9tNJ&6`Sv4C_=b%$p@5{Q>` zC0=tPu)SbyhZ{-93o=Z47}hzNcX0?tbGQ$hOK3U|o$8Qz;+0o$3-1SNr`j>9W4s!7 zv#?xIv+$uaOcO@@+*pRsbd1Zb;%G^hD7wg>%+zuf7Ve79=43z$;THtW5o*buLwEmq za*Hv*S5W!=i@rs|V*v9d4DH^=yf}l*k%oySe#%zIgS#lZF@hJD-YiyHUQisdxq5uV zGtc8Ip>mO8bGt&Z08lb9nleqVD$J@MR3AFPZ!zigebh*`S%jCbZ?oi8DKBqq9CUvm7XvX3>xt%hWc5kGdx5oN27f$5Mbo#S9`)uOTyV7<*iH7)46*~(NWQg(GkC*n+bcRtG`>scQ!rkcKX01@i>TfLal(_?(F3#DZo3b9pRGMR5%nJ4lTO7GH!C@_LM8$%cZ z*xZ1DUeS-sfEC=#*A=5uzxoOb>rw4fbLi)8^Rl_;i;t;$iP0-4N#HhEZWGv$s-d?j zb^a7~ejjZ5l9u$#u3kv<1N`aE)N|bD5&*aj>E2RcI>|3CVJDE{npQ7!kqa4GmjwiGKFl&c=2T zfWC*iwGarSRLmfVR~gx7^1P0N^5tb(K-<6-$mj(pd=*IKGiRjEo=Z-^ZT&<7?p-nK zRE`ju`BXZ=!ULAGtW)!I*Zn`Ufw*YQcj1@d=itfJUOp74m5JCf}(L6p#L=%0OZ3Jhl^>ATyceD z(Ri*9xjw50RjZ+2T_c_L^uU1&BWAw^kw0E)dX`L^tXzZi!M0`xB#1i>nA?omok0Dc z88e42yY^-#B2!N72J@#r+wj_jD8)eiAUDvGuSjfP zVXOu)?iy|OIxKf+OQ~|09Re~8-sZH=P=S|OcHQS1%fn?vVt&6gOrpp`%gMxi`K68M zJu=DC=AOhyg1onz5C`2gxzz)%Hr+;hu{?~3muLJ(*OPLARL6bX(zWnLHXrUbl~eZe zPhUJ3j+>BKq2_kgd#DHKQ+xMgl0G3Uu%S!D7e~&ZObs6 zsX?+ymSLY*Y=kb73LkefIKJ6FkE+Jqhwj!-hb^a1JP`H;Vz~5TfkAOk;{{Ba8|4UI zB#L8;qr>c@hDtjmAUD{*6I-WCI0Z8-P<(f6@Z)Gae`7IC$qV{04IK@_JD^C~M8L&v zQ?25Kz@N|q-8GYDb}V^;rk6c<-viFUD?c^cZzf#0%v~F2;DS(Y)gPCUDGLh6I$e5( z+g-W5)N*!u6jxhYRtZiTknoi9%PIzHN%uCSh{!O`2tU`w<}dwhPL_rTFh$e|RcK=& z-|25yZQ}y9Oy$hR&FWkDIA3%_qz}v#rQ(*`4UiVXYl@h4NI+s$?m4Oz*m|M!`N@<5 zk;G+OK{2Z&c^R&d`QO&JcsH%7dVbr;(0}7%C|#P{i}?66dYk+(pW>v%_F;$XN~ZD< z3~eYc*EUW?F7RO{UKOmV{i!pzEv~LJy@oyGQo8J8KXCTxp~h<2li~>DJb*3QPX^$mPqK zwL&XutY?;IhO{=ztwH*5z1UA;L{*G+svp^M2YU>_mKv?7&mhGTe3oQ%q3WV!;#P5x z@y9SYFU-UXzn)gH_)sC)5c9F#j5HU{_PF3IJ#zc*81~K4?O*X$k_());^1NdvA+YGN;bCv?eOSX9714Nwm!AdeRi+5rBu%**)x{jw{L z?wT0S3?(1GnC8$&0Q`t9v$w_s6H1Vzi`wHlxAyO+=h_aBndhCRf8> z;otl*17CN~e$n?D9Wv-!RxLD9{&dDDWa@z{Ad>;u)H|nlOarC3aApaFyZ~84!HKRo z{FW5*yvAHiU{99rJu(4@EKn3`u{lv#{6Jr|iTgeiLM0sr>f0Iq~SZ-0MvdcV5Dtcvx&*zj=f9R$dg%oA|zJFt6(x%hj-D|`ujgRL4-EBS+IZ>r-~6~EZz4noFO z%3wMr)b7l6%b?-xtvRP`%E6m%#OY8LNp~nEQz-{hn5#t137Fap@}kVjd1fMXPE+{v zK@Fq?s26K8is}(TkoSTt98ZK{q=2e~J-lr7xZAAIVW<;5!boUd*wOv;&xNl1MZhuA zy*PdqBRTd?`GyNH8h2C~PI`Hx__*imJAwXp%$+E9I>61$W*BmCz#}I^~xG@c7#C8cW&ItiOp%-~z?w8-x%WaNN zpOgFHJn%7P{sDw6TU&MhLJEs5y)(7|gS(>oT%HLlQB{;RMjGinGV+KHX+MJt@c)IW z>fk9HPT9zjN?ikEz1ePY-MlEAIo{}8}Q6LouC3u{g zNcT(55SUzAjsvr3PYM8Dc8*}BaDHpS-K!`Y2qtZ84!wG?tkh{BYwGXiXq#6sd5;NN8j?fuq+8;mgnKR;`OEghc8IJa1 zIlCChY*C2(CC3*t4<|3ilz90o%ycF{_ld2(*G2c#9yW=k8fw3RPy46&ETx24sH>4u z1092k0$wBn1}d><*V}iX#DBA}TDbmtO_2o*5=VfMF5plj`%9}cQBYOIrCneQNkiiX zysvv(eVGM1Tk+ojqcF{E(+MrC3I@;ixI=10YV(S1Wobo9-y7!kE0bIVGcvOg*v=Sv zSRhK%X3}kD8QEI}z9Bq5G2?NHW)nX8Zt>v9T}GeB7F<)J_Ox_6PjGI_*^YEXpG@?D zQ4mp6;gkLG13^iz9Pb8NZb8i#^M z36z~?+%xub<2_1qy5{<+bI9=vE`}}GCvuEOV){A&6pYl=1({e+`DC8sML`%P=ZKS; zat{1xM8)1^p`#nBu@W~+VL5iX)W8iWZdqgEb?TFdyZ`SD2{6o|>UT)1X3<^_0p1+p zlQz00`4%N}h|7y3-loc>|2!98mVDNk%i$T1Br1EcQ}5&TL}28I$d>eBCXXn70NEMaWhOFcM9ta9fM96g)mOo+J_`pAjtgTxxy*gki3ExqJdXxba zMJIUxs8CGlXdi`6S`Fd!yuY-9lIAVC0nYKBpliE?8Ky#4br@0?Qyq0$efb(LDszFG zqT!8L?fh}F8Y_8u3;fJcBivV51n4#R|41x82Nqn z6XSdI@nKNTNA#^W-O9e-DAyB?Y%CM44M7fy_v<-&U^j1vz_{ecu@kScQ|SdQw)w{R z!bzb*GJvj_HR;eJ=bwLd`X-l?EX#LRA|>eyTo`H^fn@;a#j64y29uGiA;Q~?p$PZ^ ziZ*r0-U-^m;;V2BxlgRP`=rItd?}CLRX~3K?^o9eGP)F2@G89(7WQ~rgp}l(P;D?J z)iJAQCSrVYuiW@{zv>m)>$3INO4I)>E&j8OAIEs#s46r3j#a1qJhMRUKzN$$$FkZ$ z-JI-t0NNLH@4H;3-+or%3I^9-e1u8m2wI9^TlHQAP5t`DfSy6d#i%v8!L6|e6Vu=i z;HwVHvIKUiV6KXfn>p=JlIRt1g$oJ}#tV#MxR5S$)Q^`8hKycg-T}B1T+kccntUr; zqXdV{ibRpZli2ceYZfLn4?le09Xr4po!Bck;cAg|9(Q6`-H{WnLMb7;5PpJ#Ezw|w zYNgYOhS_K-X>5NY{+KFFd~vW>1dKu#Ap_jY9@()|Rn|0Btsz0Ik`}C0`Hc^~!;)uoID=c{1`;!C8!G#3pfB}LEkOJa<;3y;yX3CX3=NN-(wa#|W|e0jBe zuQuRj{kT@&D`^ek%*4s zrHDXxe5!dE7zCB998P9t($EN^YW}W?cTqJ|sy9c&Lp^`xzg^ISt?0tH6Clg$I|_v5 zOQMQ19Od7i)aGK6R06!0KdXW$Mz&>Lj(GQ*DDbjEWYwXff39V3l!S=)gegD#1%TBJ zlBnP2P83qmtTvGC;J zGJ}e#m5QZ(?I>Cl8tIb3X8z|>{U?Uwx&w&!eTie1$S%}H&ja<66(vK)q@##B(3R$4 zc7Rx!vZS{{h|OH9>t20VNB(>)JT~i`i zIEnsQWn&LR9$9NSk!z{0zi_Xj*&gic;0=ACV;+DD%KQo9!lev^i+U;y(b2rVBxnc4 z0Q5Q#1guBt0@Rsh22_K&UR@aJzov~TvwIr|Vmu4GBE6|4wAN*sTB|YI<<>qAa-+|^#Dc;uYXAe}J9ut@Q ztyQG<;{>GHZgk0SGM7!D!(?jl*c1Sc#8*Na;}Z3aWuG`ARYaJPy$2<|vs33s2gjD_ z$=w^571GWY*e&gabV1Uq)2Fi<%pV099WXn}&Ul{*tJyl%;84)nygA#g=A(psEor;Q zZ~(g702!P>cet z=B67Nt%la+xEd4~+?FO=vC~~LT%|e8Xc$1V0wpYWphah=o=CWgxX8EgN|H*d z-pUZOe2(h1{>MOj&8Ps}%@|)=5f9cA7OjCJeLoleQoSz;;tUw%0effsV$NEhtw??9 zJHcd&nXyi7B$7wfokndyV$S?2!1RpcN;GZQRNFNRNA5>614a4_8_OgP%tUEp&3vQ1 z?;$QsfrD%N-dO=iG4TN9tMCIIw^%vZA4MI71L`rD?@&tx0kG>ihis&~EpqBt*eH2Q zbm#i}yfkd03J6O8x?Zzr$|1Zn+Tgj;!+WM2qFC1>IuZ zB}bN9@9+ionDn&@<`OWvZx+~SS58Rvqrzkh7ZsA3fyrsu^qGVQ;Otg?s(PiZjpnfh z{+DWuQOMMw){m^@c*+*mqC48FQUCiZU0l>o;yt1ywN#uciBwbQ6@_1y!eO|DQy7D} z<;8Yl?g|x0&hr7NJ`E+pXpma^%ZeAGAwF7$XmI(iyArKhJaiQ%`g`^@=Kk0woNp_@ zVjkGjrl;&Cvi=nMJ;xT;a$|wAxrLZXvOdnXhlt=!&T%tplt#}*nf0v%bZiTHsQ-c$ zG*Ve>jUE`9XMg0JT9pUIXm6-aL@m|pI9%lFnFx;*)lfJ|8;y08D9GZLh%56h#?63C z$xj0Yqvk9eTN&%o;P)w3+6+IXNU{bQnjB`sKstWn@QTl!+C@$-$KX4J+OSC z(fknq%L=#jR zB?GUN`{gW``*7l#^%JdyiXnsel4SP>I2@sLhrxxKc5S&@o*-pPFZ$DYk(nl{z#n@o zAYwnQUvDJ}mcDM+2DK98_bVFshMGmX4FhYRTi)Dm^Y6h<+B|;2>&o8FHg0sLUJH*d zM^U7|9L_x@xx$V9pBP=-oI}Rys$lQ?AZJfNs3^q=l6$jSaIhZq$xXfGkI>B==(81Q zn-2N3zkk%nzpXqV2!wEtf?aI&?$ijM^eXQWjisqSDYF_1kU&ZIa|IEllBIAccIDQ? zq0lvG3Y3^mJzn`VOvnr)yy=EN#t0a+tl54fme66!7%ueB%OgYu4yYA~dlS-067Nw? zk{#xLsNlX6=g6Ix))Ys*p*@Iuy77@aw_{Q70NFuOZoF})3j3jh0$koxF~#8=Y&sgw z)ez}(z7g`dvQUPzy075Y{#TExw_^+BoaT1c;Px-DD~=os%CL_YV(ehnNRa1eJ`|f>brJC0Bz1C66o?)QGJL}LA4V@v86oz8wgj&O zAFnk+_-&w{1+_Y%xE1gEu5VVk5OeY)qX{LjcDhCPz1kwL!u11S{j4Z3Fd!&ZQeOuY z?UUa10#hfyVmA)^*r7E-15H)~dod0?Lh{`42oFz?qt^@|4m(WlZRnT&9sxg59c{tg za#sUpwgX$32YL6o-vsHXZ%pQ}x$DPee@FeZ@f{;i5|yhotzTj#O+q8x<(o_+-jFWT zZ%Jb>brlpD3f&OykSnU=7FzM#LKj()Z@Ps|>d z|FN9NdKDkd3X#wrd^eJh(Ie)kKfeO5EDOJ@<2jY{sJXv>j0qCe#aLfw;=HTW%9q8r z#_lsT*!zbz_P6PxDh^OU+|sN&{<>us;&Z!ZVF*=kJblH)jKk_czKJPnrLHb(U^%_i zp@_f}5-(MdK@7e7iB#Bq~I08l^@4x6Qjek8h?!91aa-eiCfWGu#60roox_NcP z#er%D`n<>M{4}Rs=n4=5#YG(|i(*8$qQi8JKOwPVi_dXKBF8x6E8G z;S`kz+684VYstzWt^%0nIV98{QlLqc2mLca(}9gb_aZRcnDvD1)Mf}y1T4EtpVx}i z39`reLKGaY%?l$?E#0;#lJ?BgI0>kMcNM*d(llSTY^7)Q(&LNWJuO}T?H9X{{fRt8WWp(U}bq_Mm`{DX0BMh@Jh#t}W za;KK0lvNch`_gfdAdG_cADB>)y zuhF4Wkm_$@V{%6$zwwIA8ATm*RZZ4R!0my8&iSi0QZE_DIld@iuqx4Wo*Qg9fz9f* z%ufUYU+wO#jdP_#5srFD_s(SOGtx+S4H=Wb)XZkah9$^@R#HIUucSiS(8NQ90Uqb} zuG&eUukhFv_9bS7qSBPjWhRqeibIJHXXxJI3(>rpTyL44tIw1gMjMr)#C|KOwMr9g z+FS(p!7+E zbKoiAsiv#0$jHhv8vII(rA1z;%P+TE;Ag7}cTJA5M!HW&7Borf$NK+(Q$tGWYh6&T zx0$}LjhPh#wMpFD-Ft>m5l0F0IZRQ^7zih&JJxt^a$b6Q5IhLDzA$g3O?@|CIBw5? z5~rye5r+(D@|((>9Psz*vO5zMKJVMX!fXrMN$(AREI1T+z3`1+6?CJbvU@!dbN0lO zLuKTg#Cgb=WzXLhJov2whmo|nZo<@zzRCxODu=CeTzrn2pbS>qidK8%i_}86 zne&}tmin7YIutGJQrZ?3%L2w;Osnnys|C>k5$A}yzUl+6!Y z&Q>}U{_$K}z9XkGc71)D<|==ZTSSC^s`VJUJ-#>mEPN_NqdVyFo@t|-kc4ja-<@5E z(Vp2}t|4Hix}bi1M|h<}fHu-=FBxOh&$I2Ialba~Fy zmS@C`)Zeei7=|IeN%jG9SHJJ0H%v!Zva0VK&XSBL;R8t0QLffhTpZU;+-KpObbI+_ z%kvgXeR~hPnmTx@e$-lcC)NK~$F59d%JqzgBBG4L4A5(t8m(!Uw|MG23!K6d?@K>Fev?5HB}0P@avc5;lpzOzUvh0 z0G5vVaqW`Rq0Ww&`T_w=s45q22V18&P!#!{xrk_+KF6uuuUo+_;YGUP_(Q_<(_y?P zP{KELhu5$-e_%vwC%S}nrX4}NrJqgr)Hi?L*!j%@v`WL@w5=-(?Vp#IF9&}+RUhWy z(a|$TRV+p%NT7Ws1F~lNr<+uqeI`J5o*C9Bem#;+)TgjQ)0Ju!B+Th^X3tPA% zY|v;38VX$-Gd!G=AYI0Gpk8(L_6?AP$>Eum8neOyXeuQe1?miPYY<|6f>F?2?^R;Y z>)0u_iCZ70Cnd(VY#FrIJkqYv*7PNFM#;vGZBn#_K52~IjUM#J;QJJT|2jD5zPK}X ziBFoedvjQN2JD)>*X5h`jIiST_o^5;ACwJ z@{5*(wl-<(N;r(?`c97sJfpBR_U7f_DGxxCGPbAy=(Gr2u1mjBZ;@SeuG_{jk9?X~ zpzygITy@ZxVAjk7TrivrbEVmxoG7mltoaL)1{Hn_moA8u?difvsk;{`GNXf88l z)cL#%1eQj{xwN~g|LE2W^@l=1|HXw;N-czRtR8^@b^GjXgx=OW_W;nfgddaudM1wqc`M=l|e`lf%N+YS@=MF?z|;lYa# zQEScA2!sb^E@}g#pxEppMJ*+^Ux1Q2wv@jnmV7dJcK)n%#>gRtot3BfDc+!xkc&uM zU-bo+&a@pj@@I$7lfP~eU}qBWu{t%%eoX+NBUGRy)k?v^WwqRwo+!Xq)A{s6#am8I+buk`cjNheMb$i)(av8(bWigTCcfPK|EHv^e&(RqWo3?Dm_MgN zuh_PNCXRzLT8oO1mn+mG)taXrMYD_F1H}FI*I5`vCsUkfTR1}e|Cd%i!kz#$;Q|>{ zPm5PVl}T$I3?DQN?ZE)Dmj+tr2#f!x*B!b@Gkg5Ec6<)vim>oQHBgDx1<8gP`}H8R zjLxnLdA)fM2sXz7CjKvB!S}9`Qa4>jp)^z3vHy9L+fa!=YZPilMvj0bj-n6rQfg7G zQ{p8ti6x|*idE51>7t)>_t&T~oZ8;=qS%kOEAV$bbDSoTjtI#2UKSL>kZ6ST??5k0@*)7Zsg?5}2JuGe-WofHEt+1D%ZbYr&#>4K^6QqM^qi8ZJyxWm3>n z0H*n6&ZCa)>ThW<|(mXX&%{|HZk*H;$oBAkFbAUuc?l??kBYqA3;bPi^yCKb9pcqn-Z(C13rG(hSBv za-s`Qtlg|Z)@rlFqX7H8vHOQm^PR5SV!Gu0F-g2x2eMn`I~Z5|g)wEOh|z-$&Ytvg z0J2}uD|4Iv$GJFKgHRP{i#u{^+!>Lm-vSMwIvVp%0a+N+6yEcYFx24}ajD){>BiRx z39a^Oj}`56Q~Q&PfBtf{pF=ZXYxlS-)CF_kKbN}LRrtJc6o7{x=d>U;9KYw|T>pgb z@8Kil71d|5a=}aO52_MK?F9C2x^WcT0-<3~;_wgtkt`IL3dCt+0!*7)Yg8Z{O&sNe zr>(Uh#GjNYt{^POEzXYnoZ}rBQ4`Uog2y+P*U1{WX+6FsKHUmfJc|s!*5W#R82!N# zMEaS?pSiYV>126X_=#RxQ|pX_oTYBL&9}mD|AU)!C^2bz(ye7b+Cya`B}Mkvcf6b-@h4uXqqJ(w~ommtD+oKEPEhZM4~iEayZj`38GfyC1*Lx>6Z_q z{?E1u`%8&X8|Je4XIW&EbG&`Qeg}b^qbyPf6pF9l#yv585~bky?L}xNEA|H3UCp-1 zP_Y5dSr2-4Ye>}Y!P-v>U;2AC&!_@^zUsr#V;4b5FAKaf5^)8z4U3ET{I8F)$Y7GF z;fpyPzoYx+KzQmQk&R|9^b+r0aeyB7Eo-+DL8MV{j(N&;3Uj)8c$M8A`*3q3+M)eA zVuYk*?|QvDfKV$5rqE=B+R;F))1@Ri<~sRT-Mcef4b_6Knh7o%dpg>ZnYN$aGjAsL z`!q7=Ni~#|4>Nbc^E66D!YoSab)_jgXAr}Ucp`4tg%y*BQUGt(gw@E~BIHSO$>>k< z!RbxWi$&-cm+aGdTY?N^E)Xf4)gCuZHSc6L&MmhQ0RDih9}}va$L*)!lxY_a1m`kb zV7cD~zhjO~a|SyvzAVJoy{`py)H4bkpD6$2N$nq%jf5#X0g1_S)0%nF?O+^G!F#<( ze<1}YzxbDG6i3j+Zo0MKgRe32)V|-fZ)gv7TC(vIM9Xgct9?oB6k}*Y?>c=`xd*~U zRU2uWDRG^vHw)DGAZ;yn$e|b^W=8&YCZ20lUyZ7h$f&ydXe9C_cA3l7I(am?vfO3qx{x;{1pz>egGvJh_Ml86*UkKL`G znOd%cg=nF3cya%+&lS}U2UiH9W3a()!mI;Sh$GT}q%X+HavTeXkHEYmvM;$Ve-%yx zrU#TWxJ6e87;$H8UNO77w>EgZbdD5zslmB`wNqdl?DoJi>ba45w1fCT%jE_zL=g*v zsyKtY`&6A^w;8br+1Je!%HtXS&+9&Mzr=gTFI5;})tBv_o}_fW^Ba!FB|fOSNR@SQYBR(cttDbQuTvXMWbd*${x7nq|ql&)|~b%G|M zKsQJOuxBe&pa77>^i`%4tPaKKthHuO^%{IWGVDt%HHZQu;WMp5g!7s3dR#OMd~&hq z=-=xCAEwOm3`&}Sm;p!Hr#v&I5yiztG^^ z4m%eh8xYHZ75sZ#8x{!R1yPVzs*06s>Ru|29BL8IBVM|pY#7u^r4?DLk8qPgU!%J# zDJkq)o5im($&rq4u0@39F-$$GYB?9(4?H2^vrj0xmtbg~epc8U6M$Rb5(jVr^->I7 zH6!|k5(8$93a+w{LE(N$CuA{bD#7Wtq2OJ)&11%2w0>dn9a>D{?#o~`Y7eMq}-4)`L zZ(x`O7p3@Lj4x#)H^-Bg@dGO15E7-?&HCgQq5`qN_!EQZcMuNxziq9Il#Pti6&lHh zj1~y&A73yEx*ady&PXt+Qa5gqTC@J?s`2Py{(4K*b4*{L~erR&QY60s+j(t^)T zktVJGw%A(z5RE=F7?$7D*uv_k=z) z*O(Gwq4EB9e1OahfJz*RvdRRi|MeK+4O>c5(cLTa>%)u?K>e3w(mWQ{>G5yfTXbqE z6(XCBvyAxS7%=ct{Bd)=lm5D1b^@f@QEMEx$NT2+i$aa2=jD`O={#AId%hVV0WnzZ zC4rv?^`^~%Tp~Nk8rPABCg#ANny=H9^ONDkkT#uap&36|V!t#k}{XTSHg&f0K=RdRgqQwsASS-u(3XkUG>QfJnCRH{5u$zav2(G`i8 z(G-E3xKE#k#y*MxwNl;IZND^-<)x+LApzA(GSZ&bFeiyo5Dk0oIi~%VCGCARKnI-q zeTw5iR$kRA2j{~${y_F_ilCEJ5EnX^|Lcz%Sx>hSaR7mO5>4t53fu)kRMfvT!vc}6 z;9}pUYLAWbK+9~(lt1DPl`aA2psUr*cXD?xDB9p%%ERo$MeqND&+lT+tX{k_i_CdMO#jR!D&DSfbZJHzKOAb ze9+Wb{yK*K;ya?rgOGpSPgT$7V%rG=RE$v3UHw<~ZLFL?zUjN0)F^$TmdSkk6(n^P zLGEd0caeHk#c>Pgq#Mz7)FANO2-ZL;p>5PM6Nsf(<)_ z$!o*>5iOB7m5No^RNCq^^%C=|7fMhK*TJadCeW75GCtIYDwPXsAHp`@#C9js>XQ6; zh~IHEmlg?Em5|a7c!gr^qP9*+%wU^@Sa=CoMlIX&Bt|M;&#(p4cWt2?@XW@}d35h}L_bC#a_W z#)uyjZgeZh3OjEm+sbvdvln~0!1eVJK)wj0cf<#*ruNR_=~%0wGe$}YW&Sn{H6hGz z#&K|G(Wf|t?dWsX3gQZG+nzfVh6qqoa0O0zS!=5ZT#jkGyh=c)RPeUvq`vE%>a@H# zY}~=`kY`VkXMPPKc!7X2H&`^H*g||l5(ao*)8!1j6C864_X{$)S_6F1YNv_t)dcEF zeqD-%k<0cqjgAT}kRE@MEmL1fuGZ1c?}R=E5#S7sX>Bljh~RJCgr7K62(H%95)iaL zN^b=DASx^}jbT`k2gT*+kfo9`3NwO|-yR zkIT$SJ}u|`gzF;9I@T$~K+0k4<9FSJ1fJk8WAJ~qW1DT&{NwV)&e~1w8xdW;RH+8O z)aDp^(J{w$Tl=v<1JYOziL&E@OPW_p9*UVNwbs5mVT`@6!~yE*07|s&&Sl8j)y@fr zn%|sknUOfaTz6lK+Wl9&zR-jESF0#3R%3}L5mKfA#*DFv6ZAZ&qV;omKsf&*HY33! zGrt34kWI1C`JNha8~q=_t1qdp3_jM>ZTMj(0U)p}yiMkVa^_(-Qg~(o4X2B^9Af^gK0dWF!z*ox-V@>%VFn{9P~w%Gw4AM^p3WHglDZ>0=z5zV8cy7 zA!6p(6fR}L-L)BH6fi&6sszk&czw}ARz4JP%s9(@xbaGmM=`Iqq;yC>=>osy=$RgZ z!iC4hyt|p4=5%CNWrbc4@O3 zi!M>Ggmo`jFt4Sben2u8JC9nh@{1Q6VN@K*m#l78)PG59DrINALcv7ode3!nqn@vb=Z1(x@} zUm03}_o9&K_WG2P>!-zzQIgbK6wRbB{vN{1x9We*#_V8~Jp3YmG@9&qn(ot%HL}1q zbqn~lOM^mo%O_806N??Bf^d4v`k^D`{6dCSB@+Fa@Rkunt z;hYbWk0XA!N%BUxiJY|ik|9>k1Tf`k)=c_L-lKj(Wq>6o!#3n>^H#(nwb4|gs8l2B z(*F$(@iFeb+DxbI$w2F|(8iQr-y=T36seLdWPz!9peA7c&%g^jtzA{{dXe<})b)1f z32@1?e0)zS>TYuUBMu@w<=A4WT&FbP59S+c6~~eYpQFkY>~Ju6Y0TXjz!fh^7S0~Z zv86;Uk%*zI|990#V(U5|et1e|(3$6wHBH+RGF`RK9;T(W4}CWgwK7*wgC8Z}VfN#K z)^F$Pg#otefp_?r%$%d7gBt|EqOS2HJUgVtu2gpy`jA?0A(BzVucY)9^xy`gh_|IJ z7!(Hi(vJs_Y-s=2EC?GY$%ccg}l4^elCYpCSsQ{;Xl|nIfDd`mB6{U7LJ#?57s{RH<{0op% z?wKnf1f6s3YaVen;PN1cd4C$^R!%CJt5*XPgGk59xpuIfe<;&6Hbt?oq5~WG?wXvD z!bsZv;ivLXH7cn1$v(d({u1s+9X!q zQpHHJ!XLln5AX9obZDtWqE)9?Im{S){SizVDV)At?AyOcbB`!&c9AC7q}we|r2xXk zFN%HhYudj_-{*1S8G+-pYi`};kfSrFEJcC-E_V`BSOGjzJ;-+vw36F#`&C(PIl@-| zxQHSN0^QNRFTu896G73t<-4#hQK8BM0ATD0?$JC-THxT6+P6rTzZ9 zyVq;@NpR&3V`-+X`TsQq^orW~@{ik>l&zsABA!-go2 z5Zk0V(ABzFSZH-2TshXP3Sgz(PS}j_0eovuglNx?tUEOC(@VLfQ&}pbcCxk~v4FJC zvU0m+^?PQ&EPM4&iaMd=+X}&C-=-^t*lRsKL8EOc>cn-}K-wg?N)l4fJ$jIkL=O$H z;=*31(eWfoceO5i6G)>mop&&re_wfS&X2VveTh9ywE{(ws0K6l6G~UZSBnnrAeoiO zlL<9$TskJiqw-We$gK5Bjl%#Y2j;VHaM9p}k&c$%MvAQeIPDU#Ltp<*p6(~+TsiOu zQh6nwf?ONJ!`VVXzoP(&2ufoB6$bv^>piXOTy@Z*O$Lb?sm2joaalXGYS+VvKt?Tx z6d3hIRHCA}jqvV3@5e4i1&u@>rgb)!UHF0exW-ROwH^an<#NU1eCi{|yUO$tKglAT zY?zfm_?9`_2Q`Z5{_7elK!?L@eXXJQi>X0uby#nT`bAq6WozZoEq3WAgd$ZxXiZN~ zx@VdT_nCG(#MAV%XwRJBl8H=z%&kRir$iXjX^uQ(!iIfF#C!WjeUTSNkaEHC6n9es z5+xocsVWENLK@1bJ|8CC5UrMBM2lsp13#fushlQR!d3m1)(^B%py9(^B9g=D`|~2X z*X9Z9#RA_L)y8&FZ4LhB{)q{A*#!3+AFL4G4lRnCguVc?qDqoL33I184=C7IO1kiu zmmM>p)i?yQ6u)xNnS*b|VEwB|A}wLU4kW`5dN!Xs z?yPW7@EmsYlQiJ#GC^(9c|$?zZwZ}*B279dwY*nP+|Q;9Wgc7NpP z;GwWfa7+j>@VZieFs(gt@Ie~28KjnbjtvIUAoL{vi9Qng;kV%cM2?)ZKY!4f$SfC7 z`fU$a)V@G8{x9T7rCuG+ZL--Iait`|-gleU2g?^I*Pr&Hw1dU@&8g0As@{S;p2u<; zQj)6FvRqwBn(M$z5z0Q(xh}Hj>!{WGjy+A`VQH?IJP{mh*RWsLpC0sS+K#hbMMLIB z8bUQ>!|Y>;T&_?QXu|SOkh$hF5}u3KvUjVxV@aoPsGR+(TPHKq{`ZJ`B3^>$In+_d z9PeK7{>RBZ&BKhDQyA+2qquCMwP?| z9d}!(H05Hz-C3A4ZdG_V#SPXG7hrCzj&9fiYS>LBk$Be?iY)kPk-G&p6V(8&M<`yT zCRx@@*S}?owo*Mnc? zQWgAalkd0_81hLA)6H~&F?mi6fW=SrNbGF~E2FCU1)!2BrOV>@30-OHU9KmF;%~J@ z&~{~tnI6qhMDi>vaPN)0B44j!F^Kp(i#VW`%WZKN2~988a_)ViJa}Lx1pQm0g(psZqvw%2TqydA&bX@Jw0BSq5HRjx~fBU3) zQ>Pm{?!K0zS5d)G2k#h_tZ6`ytgse5Y0x@2tQ3lVkisumlL|OV{R#}*7}n=9|v`%&t%Ph#6VOho7$LB*;(YBgs3Hj{XQLC4r*$zP7J*x(Yg zy6W;rZuAZpO|TY2JV?de`|05-KpFdpM`_z4I!&`a;3MV!5Mbh*-0Cr0APPx{F#J%V zP%t zzO?c*cp{^^H!C7jhA6CIC7m42r2%D`TFPOe#s$x}M!<2woSZbi{F1YRUmvBeVq#<{eaQQLjp-}NC7#j6q7=P{)>D z{af!QU!o^Bq574$c}z0QXFk6mW`FVc4jI{Hd1ko#o+oo5V4y`FJk*U=m@t6ng);UB zPu)RZe;h_jeV9)bzu7VoJAB2UQHle=Av+QgfcLXceq36=vv7}E zFG)ec(iL+KNC`&)SSt%&Jb{cdInSkKS`0Cw$2J}*oSg6*4QZzY30w6>7c@}A_uI12 zA4YpfO>7|jyKn;Ox9UP{fs>PPZo|{yifq|AaEC^(5Voq(Yzud|ERo7>r0Q1MfH(gz z|5VR67-Rg2PSs)`;DO6O9a2~z1OQcr`F+MM)YZ*qCg_$_4`(w}w9k+@9uZn=FPnl; z7iP#mftMpzrWZ5YQ=^RJ?(1jV0iLb`T24_<%R)=lDco=-&_^9M7$N-gPNHD~WDXn> z5N2G7dque(if)d7DNN6WR1gVPFanE7@-9in5nc~yVXE3JF0< z5ER(~8=)IVJRdL_Y@105iYL%uQw>c2LPaEm>`_iIgcTj+DV`0|_HEK)Ae&0E0^I>J zA9RF<^A|tsrAI)S=1k)uyLF9EfI7X8zIB(GshWON;%CFNsN@-G=Tln<8QxnT{+_L- zyr6Hp#UJ-}J(MK3+Wd)vB)|+C(+azDbX$_g|6u4at*Z$9uGDtKCFK3v5QP(GzL;n( zK&UfIH-K+q-&FS8kKC^}Xv>;?9>Pm%@_fRq-|7|KlY_T~R@U3o?t`^h;tY7jlST2tr2(JyIz>OqMq0-3hv>5bOOv=O7 z<%jaAgKZ^cHmiO^#l$QaBhRL4e75`}J}N%{2mL_ncn#s0SQFrvz*pg@L~`J>1GqNo z7pAHOIrQX@JaRJ~0S;+@*6>vg*`e4c(P&@zp?vTt@+FFj=LVFxHY+nzHis?t3ApY;CPHQ+3H^Y==EtX# zRG_*V@m)?nE6C!i;1S6=0>L*?Rk65beEu-g(>~}t@cO3f!p~^Uajo2mwQ>#lAuyQ( z!$9D6A};OF^xw*7D)C|})I`ay!dV>LCGWq-jd1<^hQsOc&lpqNr7lD>JKkpE{*EqD z&s(SA%lG{V)eocy4#0d19ydH&6Eb_^@c56X*RE_x2T@a^Zz^uqSvz;eixDL;J)j+C z=6bI+&pp+MXrAmX8XI)F}+(al|T!yVOkhf4VdsYHu{yxO5Tx;ig}1zC3lm_`b| zdU11L?2v=Mtr~&ZA^i~{{bET2V!0mMA#&lrHSu_JyM-SK5^z_{?vKy@;(oZTnsOOHd&t=4(W?|5KQJcMgg% z#!Z^;&&Eue=_Q$wTaiIBIlyo`-I?zmCN!DZcwqYQc}e!BQE#w3{K5XW@Y`8Wr^bGH zut)ZR_aA7v84P~Ms-KOsnP9W(5S97-!u0jC9 z;3kL=%`G%^QV}>Jxu6XG1Nfa!Y$G ze3bmJg7Pz0uK?CijuR8W3SO=7-|LyIt&~+P4e{-ZAc@8n(AJiKcBaUcbZ$=_Zwh{S h6&x;X)pyG3#{fK?v-OJ5_+QLs`X#SfB%Y}=@Bk oldNonce) | 1023 && // we've wrapped past 1024 + (nonce >> 10) % threads === threadId // and it's our turn +) { + postMessage(nonce); +} +``` + +The logic here looks fine but is subtly wrong as was reported in [#877](https://github.com/TecharoHQ/anubis/issues/877) by the main Pale Moon developer. + +For context, `nonce` is a counter that increments by the worker count every loop. This is intended to spread the load between CPU cores as such: + +| Iteration | Worker ID | Nonce | +| :-------- | :-------- | :---- | +| 1 | 0 | 0 | +| 1 | 1 | 1 | +| 2 | 0 | 2 | +| 2 | 1 | 3 | + +And so on. This makes the proof of work challenge as fast as it can possibly be so that Anubis quickly goes away and you can enjoy the service it is protecting. + +The incorrect part of this is the boolean logic, specifically the part with the bitwise or `|`. I think the intent was to use a logical or (`||`), but this had the effect of making the `postMessage` handler fire on every iteration. The intent of this snippet (as the comment clearly indicates) is to make sure that the main event loop is only updated with the worker status every 1024 iterations per worker. This had the opposite effect, causing a lot of messages to be sent from workers to the parent JavaScript context. + +This is bad for the event loop. + +Instead, I have ripped out that statement and replaced it with a much simpler increment only counter that fires every 1024 iterations. Additionally, only the first thread communicates back to the parent process. This does mean that in theory the other workers could be ahead of the first thread (posting a message out of a worker has a nonzero cost), but in practice I don't think this will be as much of an issue as the current behaviour is. + +The root cause of the stack exhaustion is likely the pressure caused by all of the postMessage futures piling up. Maybe the larger stack size in 64 bit environments is causing this to be fine there, maybe it's some combination of newer hardware in 64 bit systems making this not be as much of a problem due to it being able to handle events fast enough to keep up with the pressure. + +Either way, thanks much to [@wolfbeast](https://github.com/wolfbeast) and the Pale Moon community for finding this. This will make Anubis faster for everyone! + +### Fix potential memory leak when discovering a solution + +In some cases, the parallel solution finder in Anubis could cause all of the worker promises to leak due to the fact the promises were being improperly terminated. A recursion bomb happens in the following scenario: + +1. A worker sends a message indicating it found a solution to the proof of work challenge. +2. The `onmessage` handler for that worker calls `terminate()` +3. Inside `terminate()`, the parent process loops through all other workers and calls `w.terminate()` on them. +4. It's possible that terminating a worker could lead to the `onerror` event handler. +5. This would create a recursive loop of `onmessage` -> `terminate` -> `onerror` -> `terminate` -> `onerror` and so on. + +This infinite recursion quickly consumes all available stack space, but this has never been noticed in development because all of my computers have at least 64Gi of ram provisioned to them under the axiom paying for more ram is cheaper than paying in my time spent having to work around not having enough ram. Additionally, ia32 has a smaller base stack size, which means that they will run into this issue much sooner than users on other CPU architectures will. + +The fix adds a boolean `settled` flag to prevent termination from running more than once. + +## Expressions features + +Anubis v1.21.1 adds additional [expressions](/docs/admin/configuration/expressions) features so that you can make your request matching even more granular. + +### `missingHeader` function + +Anubis [expressions](/docs/admin/configuration/expressions) have [a few functions exposed](/docs/admin/configuration/expressions/#functions-exposed-to-anubis-expressions). Anubis v1.21.1 adds the `missingHeader` function, allowing you to assert the _absence_ of a header in requests. + +Let's say you're getting a lot of requests from clients that are pretending to be Google Chrome. Google Chrome sends a few signals to web servers, the main one of them is the [`Sec-Ch-Ua`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-CH-UA). Sec-CH-UA is part of Google's [User Agent Client Hints](https://wicg.github.io/ua-client-hints/#sec-ch-ua) proposal, but it being present is a sign that the client is more likely Google Chrome than not. With the `missingHeader` function, you can write a rule to [add weight](/docs/admin/policies/#request-weight) to requests without `Sec-Ch-Ua` that claim to be Google Chrome. + +```yaml +# Adds weight clients that claim to be Google Chrome without setting Sec-Ch-Ua +- name: old-chrome + action: WEIGH + weight: + adjust: 10 + expression: + all: + - userAgent.matches("Chrome/[1-9][0-9]?\\.0\\.0\\.0") + - missingHeader(headers, "Sec-Ch-Ua") +``` + +When combined with [weight thresholds](/docs/admin/configuration/thresholds), this allows you to make requests that don't match the signature of Google Chrome more suspicious, which will make them have a more difficult challenge. + +### Load average checks + +Anubis can dynamically take action [based on the system load average](/docs/admin/configuration/expressions/#using-the-system-load-average), allowing you to write rules like this: + +```yaml +## System load based checks. +# If the system is under high load for the last minute, add weight. +- name: high-load-average + action: WEIGH + expression: load_1m >= 10.0 # make sure to end the load comparison in a .0 + weight: + adjust: 20 + +# If it is not for the last 15 minutes, remove weight. +- name: low-load-average + action: WEIGH + expression: load_15m <= 4.0 # make sure to end the load comparison in a .0 + weight: + adjust: -10 +``` + +Something to keep in mind about system load average is that it is not aware of the number of cores the system has. If you have a 16 core system that has 16 processes running but none of them is hogging the CPU, then you will get a load average below 16. If you are in doubt, make your "high load" metric at least two times the number of CPU cores and your "low load" metric at least half of the number of CPU cores. For example: + +| Kind | Core count | Load threshold | +| --------: | :--------- | :------------- | +| high load | 4 | `8.0` | +| low load | 4 | `2.0` | +| high load | 16 | `32.0` | +| low load | 16 | `8` | + +Also keep in mind that this does not account for other kinds of latency like I/O latency or downstream API response latency. A system can have its web applications unresponsive due to high latency from a MySQL server but still have that web application server report a load near or at zero. + +:::note + +This does not work if you are using Kubernetes. + +::: + +When combined with [weight thresholds](/docs/admin/configuration/thresholds), this allows you to make incoming sessions "back off" while the server is under high load. + +## Challenge flow v2 + +The main goal of Anubis is to weigh the risks of incoming requests in order to protect upstream resources against abusive clients like badly written scrapers. In order to separate "good" clients (like users wanting to learn from a website's content) from "bad" clients, Anubis issues [challenges](/docs/category/challenges). + +Previously the Anubis challenge flow looked like this: + +```mermaid +--- +title: Old Anubis challenge flow +--- +flowchart LR + user(User Browser) + subgraph Anubis + mIC{Challenge?} + ic(Issue Challenge) + rp(Proxy to service) + mIC -->|User needs a challenge| ic + mIC -->|User does not need a challenge| rp + end + target(Target Service) + rp --> target + user --> mIC + ic -->|Pass a challenge| user + target -->|Site data| users +``` + +In order to issue a challenge, Anubis generated a challenge string based on request metadata that we assumed wouldn't drastically change between requests, including but not limited to: + +- The client's User-Agent string. +- The client [`Accept-Language` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Accept-Language) value. +- The client's IP address. + +Anubis also didn't store any information about challenges so that it can remain lightweight and handle the onslaught of requests from scrapers. The assumption was that the challenge string function was idempotent per client across time. What actually ended up happening was something like this: + +```mermaid +--- +title: Anubis challenge string idempotency +--- +sequenceDiagram + User->>+Anubis: GET /wiki/some-page + Anubis->>+Make Challenge: Generate a challenge string + Make Challenge->>-Anubis: Challenge string: taco salad + Anubis->>-User: HTTP 401 solve a challenge + User->>+Anubis: GET internal-api/pass-challenge + Anubis->>+Make Challenge: Generate a challenge string + Make Challenge->>-Anubis: Challenge string: burrito bar + Anubis->>+User: Error: invalid response +``` + +Various attempts were made to fix this. All of these ended up failing. Many difficulties were discovered including but not limited to: + +- Removing `Accept-Language` from consideration because [Chrome randomizes the contents of `Accept-Language` to reduce fingerprinting](https://github.com/explainers-by-googlers/reduce-accept-language), a behaviour which [causes a lot of confusion](https://www.reddit.com/r/chrome/comments/nhpnez/google_chrome_is_randomly_switching_languages_on/) for users with multiple system languages selected. +- [IPv6 privacy extensions](https://www.internetsociety.org/resources/deploy360/2014/privacy-extensions-for-ipv6-slaac/) mean that each request could be coming from a different IP address (at least one legitimate user in the wild has been observed to have a different IP address per TCP session across an entire `/48`). +- Some [US mobile phone carriers make it too easy for your IP address to drastically change](https://news.ycombinator.com/item?id=32038215) without user input. +- [Happy eyeballs](https://en.wikipedia.org/wiki/Happy_Eyeballs) means that some requests can come in over IPv4 and some requests can come in over IPv6. +- To make things worse, you can't even assert that users are from the same [BGP autonomous system]() because some users could have ISPs that are IPv4 only, forcing them to use a different IP address space to get IPv6 internet access. This sounds like it's rare enough, but I personally have to do this even though I pay for 8 gigabit fiber from my ISP and only get IPv4 service from them. + +Amusingly enough, the only part of this that has survived is the assertion that a user hasn't changed their `User-Agent` string. Maybe [that one guy that sets his Chrome version to `150`](https://github.com/TecharoHQ/anubis/issues/239) would have issues, but so far I've not seen any evidence that a client randomly changing their user agent between challenge issuance and solving can possibly be legitimate. + +As a result, the entire subsystem that generated challenges before had to be ripped out and rewritten from scratch. + +It was replaced with a new flow that stores data on the server side, compares that data against what the client responds with, and then checks pass/fail that way: + +```mermaid +--- +title: New challenge flow +--- +sequenceDiagram + User->>+Anubis: GET /wiki/some-page + Anubis->>+Make Challenge: Generate a challenge string + Make Challenge->>+Store: Store info for challenge 1234 + Make Challenge->>-Anubis: Challenge string: taco salad, ID 1234 + Anubis->>-User: HTTP 401 solve a challenge + User->>+Anubis: GET internal-api/pass-challenge, challenge 1234 + Anubis->>+Validate Challenge: verify challenge 1234 + Validate Challenge->>+Store: Get info for challenge 1234 + Store->>-Validate Challenge: Here you go! + Validate Challenge->>-Anubis: Valid ✅ + Anubis->>+User: Here's a cookie to get past Anubis +``` + +As a result, the [challenge format](#challenge-format-change) had to change. Old cookies will still be validated, but the next minor version (v1.22.0) will include validation to ensure that all challenges are accounted for on the server side. This data is stored in the active [storage backend](/docs/admin/policies/#storage-backends) for up to 30 minutes. This also fixes [#746](https://github.com/TecharoHQ/anubis/issues/746) and other similar instances of this issue. + +### Challenge format change + +Previously Anubis did no accounting for challenges that it issued. This means that if Anubis restarted during a client, the client would be able to proceed once Anubis came back online. + +During the upgrade to v1.21.0 and when v1.21.0 (or later) restarts with the [in-memory storage backend](/docs/admin/policies/#memory), you may see a higher rate of failed challenges than normal. If this persists beyond a few minutes, [open an issue](https://github.com/TecharoHQ/anubis/issues/new). + +If you are using the in-memory storage backend, please consider using [a different storage backend](/docs/admin/policies/#storage-backends). + +### Storage + +Anubis offers a few different storage backends depending on your needs: + +| Backend | Description | +| :--------------------------------------- | :------------------------------------------------------------------------------------------------------------- | +| [`memory`](/docs/admin/policies/#memory) | An in-memory hashmap that is cleared when Anubis is restarted. | +| [`bbolt`](/docs/admin/policies/#bbolt) | A memory-mapped key/value store that can persist between Anubis restarts. | +| [`valkey`](/docs/admin/policies/#valkey) | A networked key/value store that can persist between Anubis restarts and coordinate across multiple instances. | + +Please review the documentation for each storage method to figure out the one best for your needs. If you aren't sure, consult this diagram: + +```mermaid +--- +title: What storage backend do I need? +--- +flowchart TD + OneInstance{Do you only have +one instance of +Anubis?} + Persistence{Do you have +persistent disk +access in your +environment?} + bbolt[(bbolt)] + memory[(memory)] + valkey[(valkey)] + OneInstance -->|Yes| Persistence + OneInstance -->|No| valkey + Persistence -->|Yes| bbolt + Persistence -->|No| memory +``` + +## Breaking change: systemd `RuntimeDirectory` change + +The following potentially breaking change applies to native installs with systemd only: + +Each instance of systemd service template now has a unique `RuntimeDirectory`, as opposed to each instance of the service sharing a `RuntimeDirectory`. This change was made to avoid [the `RuntimeDirectory` getting nuked](https://github.com/TecharoHQ/anubis/issues/748) any time one of the Anubis instances restarts. + +If you configured Anubis' unix sockets to listen on `/run/anubis/foo.sock` for instance `anubis@foo`, you will need to configure Anubis to listen on `/run/anubis/foo/foo.sock` and additionally configure your HTTP load balancer as appropriate. + +If you need the legacy behaviour, install this [systemd unit dropin](https://www.flatcar.org/docs/latest/setup/systemd/drop-in-units/): + +```systemd +# /etc/systemd/system/anubis@.service.d/50-runtimedir.conf +[Service] +RuntimeDirectory=anubis +``` + +Just keep in mind that this will cause problems when Anubis restarts. + +## What's up next? + +The biggest things we want to do in the next release (in no particular order): + +- A rewrite of bot checking rule configuration syntax to make it less ambiguous. +- [JA4](https://blog.foxio.io/ja4+-network-fingerprinting) (and other forms of) fingerprinting and coordination with [Thoth](/docs/admin/thoth/) to allow clients with high aggregate pass rates through without seeing Anubis at all. +- Advanced heuristics for [users of the unbranded variant of Anubis](/docs/admin/botstopper/). +- Optimize the release flow so that releases can be triggered and executed by continuous integration tools. The ultimate goal is to make it possible to release Anubis in 15 minutes after pressing a single "mint release" button. +- Add "hot reloading" support to Anubis, allowing administrators to update the rules without restarting the service. +- Fix [multiple slash support](https://github.com/TecharoHQ/anubis/issues/754) for web applications that require optional path variables. +- Add weight to "brand new" clients. +- Implement a "maze" feature that tries to get crawlers ensnared in a maze of random links so that clients that are more than 20 links in can be reported to the home base. +- Open [Thoth-based advanced checks](/docs/admin/thoth/) to more users with an easier onboarding flow. +- More smoke tests including for browsers like [Pale Moon](https://www.palemoon.org/).